mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-20 00:21:35 +00:00
0a629bd710
* New upstream security release.
+ Release based on +fixes branch.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Incorporate debian patches to turn taint failures into warnings.
133 lines
4.1 KiB
Plaintext
133 lines
4.1 KiB
Plaintext
OPTIONS_DEFINE+= ALT_CONFIG_PREFIX \
|
|
CONTENT_SCAN \
|
|
DAEMON \
|
|
DANE \
|
|
DEBUG \
|
|
DISABLE_D_OPT \
|
|
DKIM \
|
|
SPF \
|
|
DNSSEC \
|
|
DOCS \
|
|
EMBEDDED_PERL \
|
|
EXIMON \
|
|
ICONV \
|
|
IPV6 \
|
|
LISTMATCH_RHS \
|
|
LMTP \
|
|
OCSP \
|
|
PRDR \
|
|
READLINE \
|
|
SUID \
|
|
TAINTWARN \
|
|
TCP_WRAPPERS \
|
|
WISHLIST \
|
|
EVENT \
|
|
PROXY \
|
|
SOCKS \
|
|
INTERNATIONAL
|
|
|
|
OPTIONS_DEFAULT+= AUTH_CRAM_MD5 \
|
|
AUTH_DOVECOT \
|
|
AUTH_PLAINTEXT \
|
|
AUTH_SPA \
|
|
CDB \
|
|
CONTENT_SCAN \
|
|
DAEMON \
|
|
DISABLE_D_OPT \
|
|
DKIM \
|
|
DNSDB \
|
|
DNSSEC \
|
|
DSEARCH \
|
|
EMBEDDED_PERL \
|
|
EVENT \
|
|
ICONV \
|
|
INTERNATIONAL \
|
|
LMTP \
|
|
LSEARCH \
|
|
MAILDIR \
|
|
MAILSTORE \
|
|
MBX \
|
|
OCSP \
|
|
PAM \
|
|
PASSWD \
|
|
PRDR \
|
|
SPF \
|
|
SUID \
|
|
TLS
|
|
|
|
OPTIONS_RADIO_TLS= TLS GNUTLS
|
|
TLS_DESC= TLS support
|
|
OPTIONS_RADIO_LS= SA_EXIM
|
|
LS_DESC= Local scan patch
|
|
OPTIONS_RADIO_SRSR= SRS
|
|
SRSR_DESC= Sender Rewriting Scheme
|
|
OPTIONS_RADIO= TLS LS SRSR
|
|
|
|
OPTIONS_GROUP_AUTH= AUTH_CRAM_MD5 AUTH_DOVECOT AUTH_PLAINTEXT AUTH_RADIUS AUTH_SASL AUTH_SPA SASLAUTHD PAM PASSWD
|
|
AUTH_DESC= SMTP Authorization
|
|
OPTIONS_GROUP_LOOKUP= CDB BDB DNSDB DSEARCH LSEARCH MYSQL NIS OPENLDAP PGSQL REDIS SQLITE
|
|
LOOKUP_DESC= Lookup support
|
|
OPTIONS_GROUP_STORAGE= MAILDIR MAILSTORE MBX
|
|
STORAGE_DESC= Supported storage formats
|
|
OPTIONS_GROUP_EXPERIMENTAL= CERTNAMES DCC DMARC DSN ARC LMDB QUEUEFILE
|
|
EXPERIMENTAL_DESC= Experimental options
|
|
OPTIONS_GROUP= AUTH LOOKUP STORAGE EXPERIMENTAL
|
|
|
|
ALT_CONFIG_PREFIX_DESC= Restrict the set of configuration files
|
|
ARC_DESC= Enable experimental ARC support
|
|
AUTH_CRAM_MD5_DESC= Enable CRAM-MD5 authentication mechanisms
|
|
AUTH_DOVECOT_DESC= Enable Dovecot authentication mechanisms
|
|
AUTH_PLAINTEXT_DESC= Enable plaintext authentication
|
|
AUTH_RADIUS_DESC= Enable radius (RFC 2865) authentication
|
|
AUTH_SASL_DESC= Enable use of Cyrus SASL auth library
|
|
AUTH_SPA_DESC= Enable Secure Password Authentication
|
|
CERTNAMES_DESC= Check certiticates ownership
|
|
BDB_DESC= Enable Berkeley DB lookups
|
|
CDB_DESC= Enable CDB-style lookups
|
|
CONTENT_SCAN_DESC= Enable exiscan email content scanner
|
|
DAEMON_DESC= Install scripts to run as a daemon
|
|
DANE_DESC= Enable experimental DANE support
|
|
DCC_DESC= Enable DCC at ACL support via dccifd
|
|
DISABLE_D_OPT_DESC= Disable macros overrides using option -D
|
|
DKIM_DESC= Enable support for DKIM
|
|
DMARC_DESC= Enable DMARC support
|
|
DNSDB_DESC= Enable DNS-style lookups
|
|
DNSSEC_DESC= Enable DNSSEC validation
|
|
DSEARCH_DESC= Enable directory-list lookups
|
|
DSN_DESC= Enable Delivery Status Notifications
|
|
EMBEDDED_PERL_DESC= Enable embedded Perl interpreter
|
|
EVENT_DESC= Messages events support (TPDA namely)
|
|
EXIMON_DESC= Build eximon monitor (requires X libraries)
|
|
ICONV_DESC= Enable header charset conversion
|
|
INTERNATIONAL_DESC= Enable support for the transmission of UTF-8 envelope addresses
|
|
LISTMATCH_RHS_DESC= Enable pre-4.77 behaviour for match_*
|
|
LMDB_DESC= Enable LMDB lookups
|
|
LMTP_DESC= RFC2033 SMTP over command pipe transport
|
|
LSEARCH_DESC= Enable wildcarded-file lookups
|
|
MAILDIR_DESC= Enable Maildir mailbox format
|
|
MAILSTORE_DESC= Enable Mailstore mailbox format
|
|
MBX_DESC= Enable MBX mailbox format
|
|
MYSQL_DESC= Enable mysql lookups
|
|
NIS_DESC= Enable NIS-style lookups
|
|
OPENLDAP_DESC= Enable LDAP lookups
|
|
OCSP_DESC= Enable OCSP stapling
|
|
QUEUEFILE_DESC= Enable queuefile transport
|
|
PAM_DESC= Enable PAM authentication mechanisms
|
|
PASSWD_DESC= Enable /etc/passwd lookups
|
|
PGSQL_DESC= Enable postgresql lookups
|
|
PRDR_DESC= Enable Per-Recipient-Data-Response support
|
|
PROXY_DESC= Enable Experimental Proxy Protocol
|
|
READLINE_DESC= Enable readline(3) library
|
|
REDIS_DESC= Enable redis lookups
|
|
SASLAUTHD_DESC= Enable use of Cyrus SASL auth daemon
|
|
SA_EXIM_DESC= Build with Spamassassin local scan
|
|
SOCKS_DESC= Enable smtp transport via socks5 proxies
|
|
SPF_DESC= Enable Sender Policy Framework checking
|
|
SQLITE_DESC= Enable SQLite lookups
|
|
SRS_DESC= Enable Sender Rewriting Scheme
|
|
SUID_DESC= Install the exim binary suid root
|
|
TAINTWARN_DESC= Allow insecure tainted data (pre-4.93 config style, deprecated)
|
|
TCP_WRAPPERS_DESC= Enable /etc/hosts.allow access control
|
|
GNUTLS_DESC= Use GnuTLS instead of OpenSSL for TLS
|
|
WISHLIST_DESC= Include the unsupported patches
|