cvs commit: ports/mail/exim Makefile distinfo ports/mail/exim/files patch-exiqgrep.src

Eygene Ryabinkin rea at
Wed May 11 11:30:18 UTC 2011

rea         2011-05-11 11:30:17 UTC

  FreeBSD ports repository

  Modified files:
    mail/exim            Makefile distinfo 
  Added files:
    mail/exim/files      patch-exiqgrep.src 
  mail/exim: upgrade to 4.76
  4.76 is the security release that fixes CVE-2011-1764, format string
  attack and information leak, both inside the DKIM code.
  List of changes (
  PP/01 The new ldap_require_cert option would segfault if used.  Fixed.
  PP/02 Harmonised TLS library version reporting; only show if
        debugging.  Layout now matches that introduced for other
        libraries in 4.74 PP/03.
  PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
  PP/04 New "dns_use_edns0" global option.
  PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid.
        Bugzilla 1098.
  PP/06 Extra paranoia around buffer usage at the STARTTLS transition.
        nb: Exim is not vulnerable to
  TK/01 Updated PolarSSL code to 0.14.2.
        Bugzilla 1097. Patch from Andreas Metzler.
  PP/07 Catch divide-by-zero in ${eval:...}.
        Fixes bugzilla 1102.
  PP/08 Condition negation of bool{}/bool_lax{} did not negate.  Fixed.
        Bugzilla 1104.
  TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a
        format-string attack -- SECURITY: remote arbitrary code execution.
  TK/03 SECURITY - DKIM signature header parsing was double-expanded,
        second time unintentionally subject to list matching rules,
        letting the header cause arbitrary Exim lookups (of items which can
        occur in lists, *not* arbitrary string expansion). This allowed for
        information disclosure.
  PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related
        to INT_MIN/-1 -- value coerced to INT_MAX.
  New stuff (
   1. The global option "dns_use_edns0" may be set to coerce EDNS0 usage
      on or off in the resolver library.
  And I am also adding patch for exiqgrep that was taken from [1].
  PR: ports/156903 [2], ports/156872 [3]
  Reported-by: Oliver Brandmueller <ob at> [1], admin at [2], Alexander Wittig <alexander at> [3]
  Approved-by: erwin (mentor)
  Feature-safe: yes
  Revision  Changes    Path
  1.259     +1 -1      ports/mail/exim/Makefile
  1.104     +2 -2      ports/mail/exim/distinfo
  1.1       +15 -0     ports/mail/exim/files/patch-exiqgrep.src (new)

More information about the cvs-all mailing list