Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
396c3e8719 |
25
exim-4.76-CVE-2012-5671.patch
Normal file
25
exim-4.76-CVE-2012-5671.patch
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
--- a/src/dkim.c
|
||||||
|
+++ a/src/dkim.c
|
||||||
|
@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
|
||||||
|
"%.*s", (int)len, (char *)((rr->data)+rr_offset));
|
||||||
|
rr_offset+=len;
|
||||||
|
answer_offset+=len;
|
||||||
|
+ if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
|
||||||
|
+ return PDKIM_FAIL;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else return PDKIM_FAIL;
|
||||||
|
--- a/src/pdkim/pdkim.h
|
||||||
|
+++ a/src/pdkim/pdkim.h
|
||||||
|
@@ -27,8 +27,8 @@
|
||||||
|
|
||||||
|
/* -------------------------------------------------------------------------- */
|
||||||
|
/* Length of the preallocated buffer for the "answer" from the dns/txt
|
||||||
|
- callback function. */
|
||||||
|
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
|
||||||
|
+ callback function. This should match the maximum RDLENGTH from DNS. */
|
||||||
|
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
|
||||||
|
|
||||||
|
/* -------------------------------------------------------------------------- */
|
||||||
|
/* Function success / error codes */
|
@ -14,7 +14,7 @@
|
|||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.76
|
Version: 4.76
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: http://www.exim.org/
|
Url: http://www.exim.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
@ -63,6 +63,7 @@ Patch22: exim-4.66-greylist-conf.patch
|
|||||||
Patch23: exim-4.67-smarthost-config.patch
|
Patch23: exim-4.67-smarthost-config.patch
|
||||||
Patch25: exim-4.69-dynlookup-config.patch
|
Patch25: exim-4.69-dynlookup-config.patch
|
||||||
Patch26: exim-4.69-strictaliasing.patch
|
Patch26: exim-4.69-strictaliasing.patch
|
||||||
|
Patch27: exim-4.76-CVE-2012-5671.patch
|
||||||
|
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
@ -217,6 +218,7 @@ greylisting unconditional.
|
|||||||
%patch23 -p1 -b .smarthost
|
%patch23 -p1 -b .smarthost
|
||||||
%patch25 -p1 -b .dynconfig
|
%patch25 -p1 -b .dynconfig
|
||||||
%patch26 -p1 -b .strictaliasing
|
%patch26 -p1 -b .strictaliasing
|
||||||
|
%patch27 -p1 -b .CVE-2012-5671
|
||||||
|
|
||||||
cp src/EDITME Local/Makefile
|
cp src/EDITME Local/Makefile
|
||||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||||
@ -606,6 +608,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
|||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Oct 26 2012 Jaroslav Škarvada <jskarvad@redhat.com> - 4.76-9
|
||||||
|
- Backported fix for CVE-2012-5671
|
||||||
|
Resolves: CVE-2012-5671
|
||||||
|
|
||||||
* Mon Feb 6 2012 Jaroslav Škarvada <jskarvad@redhat.com> - 4.76-8
|
* Mon Feb 6 2012 Jaroslav Škarvada <jskarvad@redhat.com> - 4.76-8
|
||||||
- Workarounded wrong SELinux context of /var/log/clamd.exim
|
- Workarounded wrong SELinux context of /var/log/clamd.exim
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user