CVS commit: pkgsrc/mail/exim3

["Maya Rashish" <maya%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   maya
Date:           Thu Mar  8 15:14:54 UTC 2018

Modified Files:
        pkgsrc/mail/exim3: Makefile distinfo
Added Files:
        pkgsrc/mail/exim3/patches: patch-src_auths_b64decode.c

Log Message:
exim3: attempt to patch CVE-2018-6789

I'm not an exim user, so this might not work, but the file hasn't
changed very much between exim4 and exim3.

PKGREVISION++


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 pkgsrc/mail/exim3/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/mail/exim3/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/mail/exim3/patches/patch-src_auths_b64decode.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/exim3/Makefile
diff -u pkgsrc/mail/exim3/Makefile:1.50 pkgsrc/mail/exim3/Makefile:1.51
--- pkgsrc/mail/exim3/Makefile:1.50     Thu Jan 19 18:52:16 2017
+++ pkgsrc/mail/exim3/Makefile  Thu Mar  8 15:14:54 2018
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.50 2017/01/19 18:52:16 agc Exp $
+# $NetBSD: Makefile,v 1.51 2018/03/08 15:14:54 maya Exp $
 
 DISTNAME=      exim-3.36
-PKGREVISION=   17
+PKGREVISION=   18
 CATEGORIES=    mail net
 MASTER_SITES=  ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim3/
 MASTER_SITES+= http://public.planetmirror.com.au/pub/exim/exim3/

Index: pkgsrc/mail/exim3/distinfo
diff -u pkgsrc/mail/exim3/distinfo:1.10 pkgsrc/mail/exim3/distinfo:1.11
--- pkgsrc/mail/exim3/distinfo:1.10     Tue Nov  3 23:27:05 2015
+++ pkgsrc/mail/exim3/distinfo  Thu Mar  8 15:14:54 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.10 2015/11/03 23:27:05 agc Exp $
+$NetBSD: distinfo,v 1.11 2018/03/08 15:14:54 maya Exp $
 
 SHA1 (exim-3.36.tar.bz2) = 2a06a2858ebf8cdedf2e41fa3f258b5e468e270d
 RMD160 (exim-3.36.tar.bz2) = 2654601eaf54fc15c1ebeabfee53c828f2fd22dd
@@ -20,3 +20,4 @@ SHA1 (patch-am) = 26f66062bb133340ed2b33
 SHA1 (patch-an) = 7d40d720613b88772bb69993ffbfc754c9310acb
 SHA1 (patch-ao) = b96e99cf56f205a7273759a2f090c1eed188cc36
 SHA1 (patch-ap) = bba7a0412976e7c022a48ed47207e9d9b42f073f
+SHA1 (patch-src_auths_b64decode.c) = 88b05f32655806580a179ea151644d2ebdb34803

Added files:

Index: pkgsrc/mail/exim3/patches/patch-src_auths_b64decode.c
diff -u /dev/null pkgsrc/mail/exim3/patches/patch-src_auths_b64decode.c:1.1
--- /dev/null   Thu Mar  8 15:14:54 2018
+++ pkgsrc/mail/exim3/patches/patch-src_auths_b64decode.c       Thu Mar  8 15:14:54 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-src_auths_b64decode.c,v 1.1 2018/03/08 15:14:54 maya Exp $
+
+CVE-2018-6789 off by one
+From https://github.com/Exim/exim/commit/062990cc1b2f9e5d82a413b53c8f0569075de700
+
+--- src/auths/b64decode.c.orig 2002-04-04 12:56:16.000000000 +0000
++++ src/auths/b64decode.c
+@@ -43,9 +43,12 @@ int
+ auth_b64decode(char *code, char **ptr)
+ {
+ register int x, y;
+-char *result = store_get(3*((int)strlen(code)/4) + 1);
++char *result;
+ 
+-*ptr = result;
++{
++  int l = strlen(code);
++  *ptr = result = store_get(1 + l/4 * 3 + l%4);
++}
+ 
+ /* Each cycle of the loop handles a quantum of 4 input bytes. For the last
+ quantum this may decode to 1, 2, or 3 output bytes. */