security update to exim-4.88, changelog includes

JH/27 Fix a possible security hole, wherein a process operating with the Exim UID can gain a root shell. Credit to http://www.halfdog.net/ for discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim itself :( JH/34 SECURITY: Use proper copy of DATA command in error message. Could leak key material. Remotely explaoitable. CVE-2016-9963. whoever decided to have an embargo period ending on 25 December: this was not a particularly good idea
2016-12-25 21:13:35 +00:00 · 2016-12-25 21:13:35 +00:00 · 9b9f3cc2c4
commit 9b9f3cc2c4
parent e12b20d4e7
4 changed files with 10 additions and 27 deletions
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@ -1,12 +1,11 @@
-# $OpenBSD: Makefile,v 1.111 2016/12/24 16:02:10 sthen Exp $
+# $OpenBSD: Makefile,v 1.112 2016/12/25 21:13:35 sthen Exp $

 COMMENT-main =		flexible mail transfer agent
 COMMENT-eximon =	X11 monitor tool for Exim MTA

-VERSION =		4.87
+VERSION =		4.88
 DISTNAME =		exim-${VERSION}
 PKGNAME-main =		exim-${VERSION}
-REVISION-main =		1
 FULLPKGNAME-eximon =	exim-eximon-${VERSION}
 FULLPKGPATH-eximon =	${PKGPATH},-eximon

@ -18,7 +17,7 @@ HOMEPAGE =		http://www.exim.org/
 PERMIT_PACKAGE_CDROM =   Yes

 cWANTLIB =		c m
-WANTLIB-main =		${cWANTLIB} crypto iconv perl pthread pcre ssl
+WANTLIB-main =		${cWANTLIB} crypto iconv perl pcre ssl
 WANTLIB-eximon =	${cWANTLIB} X11 Xaw Xext Xmu Xt pcre

 MASTER_SITES =		http://ftp.exim.org/pub/exim/exim4/ \
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@ -1,2 +1,2 @@
-SHA256 (exim-4.87.tar.gz) = leJzBuyQ9Zi5RiXv4DaOijFvZik2nwUcDmxaNF7ux/E=
-SIZE (exim-4.87.tar.gz) = 2303330
+SHA256 (exim-4.88.tar.gz) = gk6RWO+pnKU6si6pFfmbHc5rkLH3PHjqwyA1pa8+5fk=
+SIZE (exim-4.88.tar.gz) = 2330969
--- a/mail/exim/patches/patch-scripts_exim_install
+++ b/mail/exim/patches/patch-scripts_exim_install
@ -1,12 +1,12 @@
-$OpenBSD: patch-scripts_exim_install,v 1.11 2013/08/24 09:22:26 sthen Exp $
--- scripts/exim_install.orig	Thu Oct 25 04:37:38 2012
-+++ scripts/exim_install	Thu Aug 22 18:09:11 2013
+$OpenBSD: patch-scripts_exim_install,v 1.12 2016/12/25 21:13:35 sthen Exp $
+--- scripts/exim_install.orig	Sun Dec 18 14:02:28 2016
+++ scripts/exim_install	Sun Dec 25 14:42:25 2016
@@ -216,7 +216,7 @@ while [ $# -gt 0 ]; do
 
   # The exim binary is handled specially
 
 -  if [ $name = exim${EXE} ]; then
 +  if false; then
-     version=exim-`./exim -bV -C /dev/null | \
+     exim="./exim -bV -C /dev/null"
+     version=exim-`$exim 2>/dev/null | \
       awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE}
- 
--- a/mail/exim/patches/patch-src_tls-openssl_c
+++ b/mail/exim/patches/patch-src_tls-openssl_c
@ -1,16 +0,0 @@
-$OpenBSD: patch-src_tls-openssl_c,v 1.2 2016/12/24 16:02:10 sthen Exp $
-
-https://bugs.exim.org/show_bug.cgi?id=1806
-
--- src/tls-openssl.c.orig	Sat Apr  2 20:24:15 2016
-+++ src/tls-openssl.c	Sat Dec 24 16:00:49 2016
-@@ -74,7 +74,9 @@ functions from the OpenSSL library. */
-     && (OPENSSL_VERSION_NUMBER & 0x0000ff000L) >= 0x000002000L
- #  define EXIM_HAVE_OPENSSL_CHECKHOST
- # endif
-+#endif
- 
-+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x20010000L
- # if !defined(OPENSSL_NO_ECDH)
- #  if OPENSSL_VERSION_NUMBER >= 0x0090800fL
- #   define EXIM_HAVE_ECDH