Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2012-10-27 07:38:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2012-08-26 11:31:04.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-10-27 07:38:45.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Oct 25 10:36:19 UTC 2012 - [email protected] + +- update to 4.80.1 + - SECURITY: protect DKIM DNS decoding from remote exploit; CVE-2012-5671; + (bnc#786652). + +------------------------------------------------------------------- Old: ---- exim-4.80.tar.bz2 New: ---- exim-4.80.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.uE45Dz/_old 2012-10-27 07:38:47.000000000 +0200 +++ /var/tmp/diff_new_pack.uE45Dz/_new 2012-10-27 07:38:47.000000000 +0200 @@ -43,7 +43,7 @@ Requires: logrotate PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif -Version: 4.80 +Version: 4.80.1 Release: 0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel ++++++ exim-4.80.tar.bz2 -> exim-4.80.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/doc/ChangeLog new/exim-4.80.1/doc/ChangeLog --- old/exim-4.80/doc/ChangeLog 2012-05-31 02:40:15.000000000 +0200 +++ new/exim-4.80.1/doc/ChangeLog 2012-10-25 05:37:38.000000000 +0200 @@ -1,6 +1,14 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.80.1 +------------------- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.81. + + Exim version 4.80 ----------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/doc/spec.txt new/exim-4.80.1/doc/spec.txt --- old/exim-4.80/doc/spec.txt 2012-05-31 11:35:23.000000000 +0200 +++ new/exim-4.80.1/doc/spec.txt 2012-10-25 05:46:58.000000000 +0200 @@ -5,9 +5,9 @@ Copyright (c) 2012 University of Cambridge +-----------------------------------------------------------------------------+ -+-------------------------------------+--------------------------------+------+ -|Revision 4.80 |17 May 2012 |EM | -+-------------------------------------+--------------------------------+------+ ++----------------------------------------+------------------------------+-----+ +|Revision 4.80.1 |24 Oct 2012 |EM | ++----------------------------------------+------------------------------+-----+ ------------------------------------------------------------------------------- TABLE OF CONTENTS @@ -653,7 +653,7 @@ 1.1 Exim documentation ---------------------- -This edition of the Exim specification applies to version 4.80 of Exim. +This edition of the Exim specification applies to version 4.80.1 of Exim. Substantive changes from the 4.75 edition are marked in some renditions of the document; this paragraph is so marked if the rendition is capable of showing a change indicator. @@ -1738,7 +1738,7 @@ Exim is distributed as a gzipped or bzipped tar file which, when unpacked, creates a directory with the name of the current release (for example, -exim-4.80) into which the following files are placed: +exim-4.80.1) into which the following files are placed: ACKNOWLEDGMENTS contains some acknowledgments CHANGES contains a reference to where changes are documented @@ -2348,7 +2348,7 @@ For the utility programs, old versions are renamed by adding the suffix .O to their names. The Exim binary itself, however, is handled differently. It is installed under a name that includes the version number and the compile number, -for example exim-4.80-1. The script then arranges for a symbolic link called +for example exim-4.80.1-1. The script then arranges for a symbolic link called exim to point to the binary. If you are updating a previous version of Exim, the script takes care to ensure that the name exim is never absent from the directory (as seen by other processes). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/scripts/reversion new/exim-4.80.1/scripts/reversion --- old/exim-4.80/scripts/reversion 2012-05-31 02:40:15.000000000 +0200 +++ new/exim-4.80.1/scripts/reversion 2012-10-25 05:37:38.000000000 +0200 @@ -32,21 +32,23 @@ # If this tree is a git working directory, use that to get version information. -if [ -d ../../.git ] || [ "$1" = "release" ] -then - # Modify the output of git describe into separate parts for - # the name "exim" and the release and variant versions. - # Put a dot in the version number and remove a spurious g. - set $(git describe --dirty=-XX --match 'exim-4*' | - sed 's|-| |;s|_|.|;s|[-_]| _|;s|-g|-|') - # Only update if we need to - if [ "$2 $3" != "$EXIM_RELEASE_VERSION $EXIM_VARIANT_VERSION" ] - then - EXIM_RELEASE_VERSION="$2" - EXIM_VARIANT_VERSION="$3" - rm -f version.h - fi -fi +#if [ -d ../../.git ] || [ "$1" = "release" ] +#then +# # Modify the output of git describe into separate parts for +# # the name "exim" and the release and variant versions. +# # Put a dot in the version number and remove a spurious g. +# set $(git describe --dirty=-XX --match 'exim-4*' | +# sed 's|-| |;s|_|.|;s|[-_]| _|;s|-g|-|') +# # Only update if we need to +# if [ "$2 $3" != "$EXIM_RELEASE_VERSION $EXIM_VARIANT_VERSION" ] +# then +# EXIM_RELEASE_VERSION="$2" +# EXIM_VARIANT_VERSION="$3" +# rm -f version.h +# fi +#fi +EXIM_RELEASE_VERSION="4.80.1" +EXIM_VARIANT_VERSION="" # If you are maintaining a patched version of Exim, you can either # create your own version.sh as part of your release process, or you diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/src/dkim.c new/exim-4.80.1/src/dkim.c --- old/exim-4.80/src/dkim.c 2012-05-31 02:40:15.000000000 +0200 +++ new/exim-4.80.1/src/dkim.c 2012-10-25 05:37:38.000000000 +0200 @@ -42,6 +42,9 @@ "%.*s", (int)len, (char *)((rr->data)+rr_offset)); rr_offset+=len; answer_offset+=len; + if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) { + return PDKIM_FAIL; + } } } else return PDKIM_FAIL; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/src/pdkim/pdkim.h new/exim-4.80.1/src/pdkim/pdkim.h --- old/exim-4.80/src/pdkim/pdkim.h 2012-05-31 02:40:15.000000000 +0200 +++ new/exim-4.80.1/src/pdkim/pdkim.h 2012-10-25 05:37:38.000000000 +0200 @@ -27,8 +27,8 @@ /* -------------------------------------------------------------------------- */ /* Length of the preallocated buffer for the "answer" from the dns/txt - callback function. */ -#define PDKIM_DNS_TXT_MAX_RECLEN 4096 + callback function. This should match the maximum RDLENGTH from DNS. */ +#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16) /* -------------------------------------------------------------------------- */ /* Function success / error codes */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/src/version.sh new/exim-4.80.1/src/version.sh --- old/exim-4.80/src/version.sh 2012-05-31 11:33:43.000000000 +0200 +++ new/exim-4.80.1/src/version.sh 2012-10-25 05:45:13.000000000 +0200 @@ -1,4 +1,4 @@ # automatically generated file - see ../scripts/reversion -EXIM_RELEASE_VERSION="4.80" +EXIM_RELEASE_VERSION="4.80.1" EXIM_VARIANT_VERSION="" EXIM_COMPILE_NUMBER="1" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
