From 0a5e0db6270505921c9a8c820ac1519dd4ed8d8e Mon Sep 17 00:00:00 2001 From: Juergen Daubert Date: Tue, 4 May 2021 16:34:35 +0200 Subject: [PATCH] [notify] exim: update to 4.94.2 several security fixes, see https://www.exim.org/static/doc/security/CVE-2020-qualys/00-drafts.txt --- exim/.signature | 8 +++---- exim/Pkgfile | 48 +++++++++++++++++++++--------------------- exim/exim-config.patch | 46 ++++++++++++++++++++-------------------- 3 files changed, 51 insertions(+), 51 deletions(-) diff --git a/exim/.signature b/exim/.signature index ff154957..74e3b118 100644 --- a/exim/.signature +++ b/exim/.signature @@ -1,7 +1,7 @@ untrusted comment: verify with /etc/ports/core.pub -RWRJc1FUaeVeqlBqOYN/tNLqraG8AjqVHqRxwnnlFetgZWwdt4MqyPOCkN9g1KeUqudhZz4QC2/DTnrajszBIvcZckc2sNaV8w8= -SHA256 (Pkgfile) = 833a244123839981656be1c0b2457d7dc58539e01d6980dedcb7f7e5db34104c +RWRJc1FUaeVeqoBnv6w1rvDMlqGgvgYji7AE7QuwLS0A/E6Nzdr6RqwNGXUx4lS3BB5QzY8t1Y7inQzQDJ6I7UbkihKCP0KkTwM= +SHA256 (Pkgfile) = 6139d496007f9fbc5d56d72fb505acc8df94a50d3af9560f3f886a35e6f2026b SHA256 (.footprint) = 3e5fe8471a7a9057c0c7486c016ea2ed1dc5ebd72adc13c23f432ef468d2fc5d -SHA256 (exim-4.94.tar.xz) = f77ee8faf04f5db793243c3ae81c1f4e452cd6ad7dd515a80edf755c4b144bdb +SHA256 (exim-4.94.2.tar.xz) = 051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274 SHA256 (exim) = 850f72cb4d069dc8d15ce138623e6b6a7fe33f5daebe37fbf93c7801fa2d6134 -SHA256 (exim-config.patch) = 3e4371b27625223496c17cec91194c4ab1e39181c3b939cc3554f484f9a88bc9 +SHA256 (exim-config.patch) = 9b634234d24679b689a1fb664ddaab98d8f80f9563244dbebbf8a81eeedd541e diff --git a/exim/Pkgfile b/exim/Pkgfile index 437d003b..e081aab9 100644 --- a/exim/Pkgfile +++ b/exim/Pkgfile @@ -1,40 +1,40 @@ # Description: Mail transfer agent -# URL: http://www.exim.org -# Maintainer: CRUX System Team, core-ports at crux dot nu -# Depends on: db openssl libpcre +# URL: http://www.exim.org +# Maintainer: CRUX System Team, core-ports at crux dot nu +# Depends on: db openssl libpcre name=exim -version=4.94 +version=4.94.2 release=1 source=(https://ftp.exim.org/pub/exim/exim4/$name-$version.tar.xz \ - $name $name-config.patch) + $name $name-config.patch) build() { - cd $name-$version + cd $name-$version - sed "s/#CFLAGS#/$CFLAGS/" $SRC/$name-config.patch | patch -p1 - cp src/EDITME Local/Makefile + sed "s/#CFLAGS#/$CFLAGS/" $SRC/$name-config.patch | patch -p1 + cp src/EDITME Local/Makefile - make - make DESTDIR=$PKG install + make + make DESTDIR=$PKG install - mv $PKG/usr/sbin/{$(readlink $PKG/usr/sbin/$name),$name} + mv $PKG/usr/sbin/{$(readlink $PKG/usr/sbin/$name),$name} - install -D -m 755 $SRC/exim $PKG/etc/rc.d/exim - install -D -m 644 doc/exim.8 $PKG/usr/share/man/man8/exim.8 + install -D -m 755 $SRC/exim $PKG/etc/rc.d/exim + install -D -m 644 doc/exim.8 $PKG/usr/share/man/man8/exim.8 - install -d $PKG/var/{log,spool} $PKG/usr/bin - install -d -m 0750 -o mail -g mail $PKG/var/{log,spool}/exim + install -d $PKG/var/{log,spool} $PKG/usr/bin + install -d -m 0750 -o mail -g mail $PKG/var/{log,spool}/exim - touch $PKG/var/log/exim/exim_{mainlog,paniclog,rejectlog} - chown mail:mail $PKG/var/log/exim/* - chmod 640 $PKG/var/log/exim/* + touch $PKG/var/log/exim/exim_{mainlog,paniclog,rejectlog} + chown mail:mail $PKG/var/log/exim/* + chmod 640 $PKG/var/log/exim/* - ln -sf $name $PKG/usr/sbin/sendmail - ln -sf ../sbin/$name $PKG/usr/bin/mailq + ln -sf $name $PKG/usr/sbin/sendmail + ln -sf ../sbin/$name $PKG/usr/bin/mailq - install -d $PKG/etc/ssl/{certs,keys} - touch $PKG/etc/ssl/certs/exim.crt - touch $PKG/etc/ssl/keys/exim.key - chmod 0600 $PKG/etc/ssl/{keys/exim.key,certs/exim.crt} + install -d $PKG/etc/ssl/{certs,keys} + touch $PKG/etc/ssl/certs/exim.crt + touch $PKG/etc/ssl/keys/exim.key + chmod 0600 $PKG/etc/ssl/{keys/exim.key,certs/exim.crt} } diff --git a/exim/exim-config.patch b/exim/exim-config.patch index c4550d52..69c5797d 100644 --- a/exim/exim-config.patch +++ b/exim/exim-config.patch @@ -1,7 +1,7 @@ -diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME ---- exim-4.93-RC0.orig/src/EDITME 2019-10-21 14:33:29.143422982 +0200 -+++ exim-4.93-RC0/src/EDITME 2019-10-21 14:42:38.369851167 +0200 -@@ -74,7 +74,7 @@ +diff -Nru exim-4.94.2.orig/src/EDITME exim-4.94.2/src/EDITME +--- exim-4.94.2.orig/src/EDITME 2021-05-04 16:32:05.898523722 +0200 ++++ exim-4.94.2/src/EDITME 2021-05-04 16:32:29.351949411 +0200 +@@ -73,7 +73,7 @@ # this would be wanted. ############################################################################### @@ -10,7 +10,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME ############################################################################### # THESE ARE THINGS YOU MUST SPECIFY # -@@ -100,7 +100,7 @@ +@@ -99,7 +99,7 @@ # /usr/local/sbin. The installation script will try to create this directory, # and any superior directories, if they do not exist. @@ -19,7 +19,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME #------------------------------------------------------------------------------ -@@ -116,7 +116,7 @@ +@@ -115,7 +115,7 @@ # don't exist. It will also install a default runtime configuration if this # file does not exist. @@ -28,7 +28,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. # In this case, Exim will use the first of them that exists when it is run. -@@ -133,7 +133,7 @@ +@@ -132,7 +132,7 @@ # deliveries. (Local deliveries run as various non-root users, typically as the # owner of a local mailbox.) Specifying these values as root is not supported. @@ -37,7 +37,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # If you specify EXIM_USER as a name, this is looked up at build time, and the # uid number is built into the binary. However, you can specify that this -@@ -211,10 +211,10 @@ +@@ -210,10 +210,10 @@ # If you are buliding with TLS, the library configuration must be done: # Uncomment this if you are using OpenSSL @@ -50,7 +50,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # TLS_LIBS=-lssl -lcrypto # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto -@@ -347,7 +347,7 @@ +@@ -346,7 +346,7 @@ # MBX, is included only when requested. If you do not know what this is about, # leave these settings commented out. @@ -59,7 +59,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # SUPPORT_MAILSTORE=yes # SUPPORT_MBX=yes -@@ -407,8 +407,8 @@ +@@ -406,8 +406,8 @@ LOOKUP_LSEARCH=yes LOOKUP_DNSDB=yes @@ -70,7 +70,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # LOOKUP_IBASE=yes # LOOKUP_JSON=yes # LOOKUP_LDAP=yes -@@ -752,7 +752,7 @@ +@@ -758,7 +758,7 @@ # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -79,7 +79,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # AUTH_CYRUS_SASL=yes # AUTH_DOVECOT=yes # AUTH_EXTERNAL=yes -@@ -761,7 +761,7 @@ +@@ -767,7 +767,7 @@ # AUTH_HEIMDAL_GSSAPI=yes # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 @@ -88,7 +88,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # AUTH_SPA=yes # AUTH_TLS=yes -@@ -896,7 +896,7 @@ +@@ -905,7 +905,7 @@ # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: @@ -97,7 +97,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -945,7 +945,7 @@ +@@ -954,7 +954,7 @@ # files. Both the name of the command and the suffix that it adds to files # need to be defined here. See also the EXICYCLOG_MAX configuration. @@ -106,7 +106,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME COMPRESS_SUFFIX=gz -@@ -960,7 +960,7 @@ +@@ -969,7 +969,7 @@ # ZCAT_COMMAND=zcat # # Or specify the full pathname: @@ -115,7 +115,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME #------------------------------------------------------------------------------ # Compiling in support for embedded Perl: If you want to be able to -@@ -1111,7 +1111,7 @@ +@@ -1120,7 +1120,7 @@ # # USE_TCP_WRAPPERS=yes # CFLAGS=-O -I/usr/local/include @@ -124,7 +124,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. -@@ -1144,7 +1144,7 @@ +@@ -1153,7 +1153,7 @@ # aliases). The following setting can be changed to specify a different # location for the system alias file. @@ -133,7 +133,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME #------------------------------------------------------------------------------ -@@ -1180,7 +1180,7 @@ +@@ -1189,7 +1189,7 @@ #------------------------------------------------------------------------------ # Uncomment this setting to include IPv6 support. @@ -142,7 +142,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME ############################################################################### # THINGS YOU ALMOST NEVER NEED TO MENTION # -@@ -1201,13 +1201,13 @@ +@@ -1210,13 +1210,13 @@ # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. @@ -163,7 +163,7 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME #------------------------------------------------------------------------------ -@@ -1409,7 +1409,7 @@ +@@ -1418,7 +1418,7 @@ # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: @@ -172,9 +172,9 @@ diff -Nru exim-4.93-RC0.orig/src/EDITME exim-4.93-RC0/src/EDITME # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". -diff -Nru exim-4.93-RC0.orig/src/configure.default exim-4.93-RC0/src/configure.default ---- exim-4.93-RC0.orig/src/configure.default 2019-10-21 14:33:29.143422982 +0200 -+++ exim-4.93-RC0/src/configure.default 2019-10-21 14:33:52.689508627 +0200 +diff -Nru exim-4.94.2.orig/src/configure.default exim-4.94.2/src/configure.default +--- exim-4.94.2.orig/src/configure.default 2021-05-04 16:32:05.898523722 +0200 ++++ exim-4.94.2/src/configure.default 2021-05-04 16:32:29.351949411 +0200 @@ -67,7 +67,7 @@ # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They # are all colon-separated lists: