Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
396c3e8719 |
25
exim-4.76-CVE-2012-5671.patch
Normal file
25
exim-4.76-CVE-2012-5671.patch
Normal file
@ -0,0 +1,25 @@
|
||||
--- a/src/dkim.c
|
||||
+++ a/src/dkim.c
|
||||
@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
|
||||
"%.*s", (int)len, (char *)((rr->data)+rr_offset));
|
||||
rr_offset+=len;
|
||||
answer_offset+=len;
|
||||
+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
|
||||
+ return PDKIM_FAIL;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
else return PDKIM_FAIL;
|
||||
--- a/src/pdkim/pdkim.h
|
||||
+++ a/src/pdkim/pdkim.h
|
||||
@@ -27,8 +27,8 @@
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* Length of the preallocated buffer for the "answer" from the dns/txt
|
||||
- callback function. */
|
||||
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
|
||||
+ callback function. This should match the maximum RDLENGTH from DNS. */
|
||||
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
|
||||
|
||||
/* -------------------------------------------------------------------------- */
|
||||
/* Function success / error codes */
|
||||
@ -14,7 +14,7 @@
|
||||
Summary: The exim mail transfer agent
|
||||
Name: exim
|
||||
Version: 4.76
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: GPLv2+
|
||||
Url: http://www.exim.org/
|
||||
Group: System Environment/Daemons
|
||||
@ -63,6 +63,7 @@ Patch22: exim-4.66-greylist-conf.patch
|
||||
Patch23: exim-4.67-smarthost-config.patch
|
||||
Patch25: exim-4.69-dynlookup-config.patch
|
||||
Patch26: exim-4.69-strictaliasing.patch
|
||||
Patch27: exim-4.76-CVE-2012-5671.patch
|
||||
|
||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||
Requires: /etc/aliases
|
||||
@ -217,6 +218,7 @@ greylisting unconditional.
|
||||
%patch23 -p1 -b .smarthost
|
||||
%patch25 -p1 -b .dynconfig
|
||||
%patch26 -p1 -b .strictaliasing
|
||||
%patch27 -p1 -b .CVE-2012-5671
|
||||
|
||||
cp src/EDITME Local/Makefile
|
||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||
@ -606,6 +608,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||
|
||||
%changelog
|
||||
* Fri Oct 26 2012 Jaroslav Škarvada <jskarvad@redhat.com> - 4.76-9
|
||||
- Backported fix for CVE-2012-5671
|
||||
Resolves: CVE-2012-5671
|
||||
|
||||
* Mon Feb 6 2012 Jaroslav Škarvada <jskarvad@redhat.com> - 4.76-8
|
||||
- Workarounded wrong SELinux context of /var/log/clamd.exim
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user