From 4f052de71e5ccd43e499cb827ec8339ec9132f2c28e3dab0e991627391bd75cf Mon Sep 17 00:00:00 2001 From: Peter Poeml Date: Mon, 30 Sep 2019 15:41:24 +0000 Subject: [PATCH 1/5] - update to exim 4.92.3 * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat, remote code execution seems to be possible OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=217 --- exim-4.92.2.tar.bz2 | 3 --- exim-4.92.2.tar.bz2.asc | 11 ----------- exim-4.92.3.tar.bz2 | 3 +++ exim-4.92.3.tar.bz2.asc | 11 +++++++++++ exim.changes | 7 +++++++ exim.spec | 6 +++--- 6 files changed, 24 insertions(+), 17 deletions(-) delete mode 100644 exim-4.92.2.tar.bz2 delete mode 100644 exim-4.92.2.tar.bz2.asc create mode 100644 exim-4.92.3.tar.bz2 create mode 100644 exim-4.92.3.tar.bz2.asc diff --git a/exim-4.92.2.tar.bz2 b/exim-4.92.2.tar.bz2 deleted file mode 100644 index f2433aa..0000000 --- a/exim-4.92.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:557f97c3f75c19a2e7da8511a8b94c28b39a5d5206948be5ceac96c75a2eccf6 -size 1933063 diff --git a/exim-4.92.2.tar.bz2.asc b/exim-4.92.2.tar.bz2.asc deleted file mode 100644 index d9b5a8e..0000000 --- a/exim-4.92.2.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAl1uO6cACgkQr0zGdqa2 -wUJnoAgAzQvg1QmtCxAO/Qva1Coc8K9wTQDIYRhYDPSRX6b6jJsIzXSzgK5cqj3E -Mfly/uvPKFBshKi2YxcXl5p1ILfHGP+XYEK+M7X+XEBRBW8odSgMCI9yh79acx3z -dctuTHbTja+6vUToDaKl76v2ZDP9Dfp9yfY8d1OPDTsyAc8QdTcQbzWRl1CIo+cI -QgDZ0LTPoPLu/cGZ+3MKhfPoyYXzUVhAWTHRZgdNKnSgTksmgS05o7Lulyjrcggz -Pis4SyqleyqpnT5yfVYP/W48qMlnQmvWywjWQ5vD3sxodCjh89HEU/2ge2N+qAjz -iC1ytDM0+K+jMbtnPqsFY96dYjP00w== -=BWrd ------END PGP SIGNATURE----- diff --git a/exim-4.92.3.tar.bz2 b/exim-4.92.3.tar.bz2 new file mode 100644 index 0000000..c0be02f --- /dev/null +++ b/exim-4.92.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:29966aab50523cd7b7f90a0788c79a16b75181513115a61302ce0f7a93041034 +size 1933605 diff --git a/exim-4.92.3.tar.bz2.asc b/exim-4.92.3.tar.bz2.asc new file mode 100644 index 0000000..75f6aa8 --- /dev/null +++ b/exim-4.92.3.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAl2P4GMACgkQr0zGdqa2 +wUJlLAgAyPIQP/rZAp/BH6MAvITmmcSFtNEBwHOGYOmvnnr9/GVQcG8zG0OTu0Jl +wzJvvpKcW7ADf7boMEPWlbk7HV08Ek/T7PRpgE8AcikpuIvBMeZ1FTGUOZqUW7D2 +1dH1UxYF8mqKnmK0Q63v8X3y1ujZPwMwODc0QGo+nQRwxq7A+qaTOAryy3Tcxnh1 +SWI/zay4Dn2PSdbzmgHhhrPR3yha4b0gTXvkm1DUKmWT24UcMQMEsd2JMq1Bx9j2 +4r4LzkxewYkVztLw6QRozxN3KIHmZewCNNTnhZhD/Sq5fQPDE5uN52CoOljpWrhQ ++ChJP8PSfXVtGREGxRqpOxBY+xnG7Q== +=CvIA +-----END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index f1a5d13..3ac3825 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 30 15:39:54 UTC 2019 - poeml@cmdline.net + +- update to exim 4.92.3 + * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat, + remote code execution seems to be possible + ------------------------------------------------------------------- Sat Sep 7 18:22:08 UTC 2019 - poeml@cmdline.net diff --git a/exim.spec b/exim.spec index 176f889..533e7d3 100644 --- a/exim.spec +++ b/exim.spec @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -72,7 +72,7 @@ Requires(pre): group(mail) %endif Requires(pre): fileutils textutils %endif -Version: 4.92.2 +Version: 4.92.3 Release: 0 %if %{with_mysql} BuildRequires: mysql-devel From 3d30250926729fb9e284272788a90d438b34bacc65df9d74c1262efc75ad2c58 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 1 Oct 2019 10:49:51 +0000 Subject: [PATCH 2/5] Accepting request 734049 from home:pwcau:branches:server:mail - update to exim 4.92.3 * CVE-2019-16928 Heap-based buffer overflow in string_vformat, remote code execution seems to be possible OBS-URL: https://build.opensuse.org/request/show/734049 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=218 --- exim.changes | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/exim.changes b/exim.changes index 3ac3825..b6b5a69 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,9 @@ +Mon Sep 30 12:39:41 CEST 2019 - wullinger@rz.uni-kiel.de + +- update to exim 4.92.3 + * CVE-2019-16928 Heap-based buffer overflow in string_vformat, + remote code execution seems to be possible + ------------------------------------------------------------------- Mon Sep 30 15:39:54 UTC 2019 - poeml@cmdline.net From c3c45b850865c8db80dbc0a2c713b62a2e6248dd71015707be5fae0d4934c972 Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Tue, 17 Dec 2019 21:25:57 +0000 Subject: [PATCH 3/5] Accepting request 756081 from home:pwcau:branches:server:mail - update to exim 4.93 * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC * DISABLE_TLS replaces SUPPORT_TLS * Bump the version for the local_scan API. * smtp transport option hosts_try_fastopen defaults to "*". * DNSSec is requested (not required) for all queries. (This seemes to ask for trouble if your resolver is a systemd-resolved.) * Generic router option retry_use_local_part defaults to "true" under specific pre-conditions. * Introduce a tainting mechanism for values read from untrusted sources. * Use longer file names for temporary spool files (this avoids name conflicts with spool on a shared file system). * Use dsn_from main config option (was ignored previously). OBS-URL: https://build.opensuse.org/request/show/756081 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=219 --- exim-4.92.3.tar.bz2 | 3 --- exim-4.92.3.tar.bz2.asc | 11 ----------- exim-4.93.tar.bz2 | 3 +++ exim-4.93.tar.bz2.asc | 11 +++++++++++ exim.changes | 16 ++++++++++++++++ exim.spec | 9 +++++---- 6 files changed, 35 insertions(+), 18 deletions(-) delete mode 100644 exim-4.92.3.tar.bz2 delete mode 100644 exim-4.92.3.tar.bz2.asc create mode 100644 exim-4.93.tar.bz2 create mode 100644 exim-4.93.tar.bz2.asc diff --git a/exim-4.92.3.tar.bz2 b/exim-4.92.3.tar.bz2 deleted file mode 100644 index c0be02f..0000000 --- a/exim-4.92.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:29966aab50523cd7b7f90a0788c79a16b75181513115a61302ce0f7a93041034 -size 1933605 diff --git a/exim-4.92.3.tar.bz2.asc b/exim-4.92.3.tar.bz2.asc deleted file mode 100644 index 75f6aa8..0000000 --- a/exim-4.92.3.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAl2P4GMACgkQr0zGdqa2 -wUJlLAgAyPIQP/rZAp/BH6MAvITmmcSFtNEBwHOGYOmvnnr9/GVQcG8zG0OTu0Jl -wzJvvpKcW7ADf7boMEPWlbk7HV08Ek/T7PRpgE8AcikpuIvBMeZ1FTGUOZqUW7D2 -1dH1UxYF8mqKnmK0Q63v8X3y1ujZPwMwODc0QGo+nQRwxq7A+qaTOAryy3Tcxnh1 -SWI/zay4Dn2PSdbzmgHhhrPR3yha4b0gTXvkm1DUKmWT24UcMQMEsd2JMq1Bx9j2 -4r4LzkxewYkVztLw6QRozxN3KIHmZewCNNTnhZhD/Sq5fQPDE5uN52CoOljpWrhQ -+ChJP8PSfXVtGREGxRqpOxBY+xnG7Q== -=CvIA ------END PGP SIGNATURE----- diff --git a/exim-4.93.tar.bz2 b/exim-4.93.tar.bz2 new file mode 100644 index 0000000..17cede0 --- /dev/null +++ b/exim-4.93.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:22c432c0585ef605c52bc796042c4823e961f58a7e6ad1486252e203bf4c9276 +size 1972841 diff --git a/exim-4.93.tar.bz2.asc b/exim-4.93.tar.bz2.asc new file mode 100644 index 0000000..8dec843 --- /dev/null +++ b/exim-4.93.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAl3tO+IACgkQr0zGdqa2 +wUKtHAgA1PnCXAoftGZA/XQW0+q3OyEHUNPfPMUWYdU1drdquuUDS1S08WIb90M0 +ShYxjixUMWVoQd4Fru7CZXDeljXnIdN25Ahm0wi9zeery/vP8NXhahvMvV0585lU +PLmYl2nfwceNbVXdtqlt6L5x1hM7vDOerh+0UZGITmlY49v41TGySHf16qiBkoJW +GCL9mhHULzW+8rDFxOoZEongst0XVUtrfDSUUz878ouXkXmoBHpYS0WOxpku7/x/ +/+f/eKQ9MzutYQTE37hBjPpqjDuYGKZYnVNGW2i60DtcOsC0bi/wsIOadTkq0iQc +oBg2pGOGGBs/zwSFKa3wLlMqU7ML9Q== +=28mJ +-----END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index b6b5a69..f1a5eeb 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,19 @@ +Mon Dec 9 10:08:02 UTC 2019 - wullinger@rz.uni-kiel.de + +- update to exim 4.93 + * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC + * DISABLE_TLS replaces SUPPORT_TLS + * Bump the version for the local_scan API. + * smtp transport option hosts_try_fastopen defaults to "*". + * DNSSec is requested (not required) for all queries. (This seemes to + ask for trouble if your resolver is a systemd-resolved.) + * Generic router option retry_use_local_part defaults to "true" under specific + pre-conditions. + * Introduce a tainting mechanism for values read from untrusted sources. + * Use longer file names for temporary spool files (this avoids + name conflicts with spool on a shared file system). + * Use dsn_from main config option (was ignored previously). + Mon Sep 30 12:39:41 CEST 2019 - wullinger@rz.uni-kiel.de - update to exim 4.92.3 diff --git a/exim.spec b/exim.spec index 533e7d3..da93e7e 100644 --- a/exim.spec +++ b/exim.spec @@ -72,7 +72,7 @@ Requires(pre): group(mail) %endif Requires(pre): fileutils textutils %endif -Version: 4.92.3 +Version: 4.93 Release: 0 %if %{with_mysql} BuildRequires: mysql-devel @@ -197,7 +197,7 @@ cat <<-EOF > Local/Makefile LOOKUP_PASSWD=yes # LOOKUP_WHOSON=yes CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux - LOOKUP_LIBS=-llber + LOOKUP_LIBS=-llber -lnsl %if %{with_ldap} LDAP_LIB_TYPE=OPENLDAP2 LOOKUP_LIBS+=-lldap @@ -224,6 +224,7 @@ cat <<-EOF > Local/Makefile AUTH_DOVECOT=yes AUTH_TLS=yes AUTH_LIBS=-lsasl2 + USE_OPENSSL=yes SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto INFO_DIRECTORY=%{_infodir} @@ -273,7 +274,7 @@ cat <<-EOF > Local/Makefile HAVE_IPV6=YES SUPPORT_SPF=yes LOOKUP_LIBS+=-lspf2 - #EXPERIMENTAL_DMARC=yes + #SUPPORT_DMARC=yes #CFLAGS += -I/usr/local/include #LDFLAGS += -lopendmarc EXPERIMENTAL_EVENT=yes @@ -289,7 +290,7 @@ cat <<-EOF > Local/Makefile EXPERIMENTAL_INTERNATIONAL=yes %endif LDFLAGS += -lidn - CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE + CFLAGS=$RPM_OPT_FLAGS -std=gnu99 -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf From 5c6c74edd19979d6c2f8a381ea25a75311af62adeb0b9d5cd37234bdcea754d1 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Wed, 18 Dec 2019 07:03:11 +0000 Subject: [PATCH 4/5] remove duplicate changelog entry OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=220 --- exim.changes | 6 ------ 1 file changed, 6 deletions(-) diff --git a/exim.changes b/exim.changes index f1a5eeb..78e6491 100644 --- a/exim.changes +++ b/exim.changes @@ -14,12 +14,6 @@ Mon Dec 9 10:08:02 UTC 2019 - wullinger@rz.uni-kiel.de name conflicts with spool on a shared file system). * Use dsn_from main config option (was ignored previously). -Mon Sep 30 12:39:41 CEST 2019 - wullinger@rz.uni-kiel.de - -- update to exim 4.92.3 - * CVE-2019-16928 Heap-based buffer overflow in string_vformat, - remote code execution seems to be possible - ------------------------------------------------------------------- Mon Sep 30 15:39:54 UTC 2019 - poeml@cmdline.net From 8edd6a36f1a40a921947bb80975d8fd114801bb0699736bfda5d6f654a55d9f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Sun, 29 Dec 2019 15:43:33 +0000 Subject: [PATCH 5/5] Accepting request 759172 from home:namtrac:branches:server:mail Fix changes file (missing header), run format_spec_file Since the changes are minimal and non-functional I didn't add extra changelog OBS-URL: https://build.opensuse.org/request/show/759172 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=221 --- exim.changes | 1 + exim.spec | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/exim.changes b/exim.changes index 78e6491..10ffa11 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,4 @@ +------------------------------------------------------------------- Mon Dec 9 10:08:02 UTC 2019 - wullinger@rz.uni-kiel.de - update to exim 4.93 diff --git a/exim.spec b/exim.spec index da93e7e..7c73fdb 100644 --- a/exim.spec +++ b/exim.spec @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -52,7 +52,7 @@ BuildRequires: pkgconfig(libssl) BuildRequires: pkgconfig(xaw7) BuildRequires: pkgconfig(xmu) BuildRequires: pkgconfig(xt) -Url: http://www.exim.org/ +URL: http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix Provides: smtp_daemon %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800