Merge branch 'debian'

[hcoop/debian/exim4.git] / debian / patches / 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch

diff --git a/debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch b/debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
similarity index 78%
rename from debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
rename to debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
index 7494dd0..38ba939 100644 (file)
--- a/debian/patches/85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
+++ b/debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
@@ -16,11 +16,11 @@ Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
 +HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
 +
  
- Exim version 4.89
- -----------------
+ Since version 4.92
+ ------------------
 --- a/src/string.c
 +++ b/src/string.c
-@@ -220,6 +220,8 @@ interpreted in strings.
+@@ -224,6 +224,8 @@ interpreted in strings.
  Arguments:
    pp       points a pointer to the initiating "\" in the string;
             the pointer gets updated to point to the final character
@@ -29,7 +29,7 @@ Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
  Returns:   the value of the character escape
  */
  
-@@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789
+@@ -236,6 +238,7 @@ const uschar *hex_digits= CUS"0123456789
  int ch;
  const uschar *p = *pp;
  ch = *(++p);
@@ -37,3 +37,14 @@ Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
  if (isdigit(ch) && ch != '8' && ch != '9')
    {
    ch -= '0';
+@@ -1210,8 +1213,8 @@ memcpy(g->s + p, s, count);
+ g->ptr = p + count;
+ return g;
+ }
+- 
+- 
++
++
+ gstring *
+ string_cat(gstring *string, const uschar *s)
+ {