Accepting request 507377 from server:mail

1 OBS-URL: https://build.opensuse.org/request/show/507377 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=42
2017-07-01 12:06:08 +00:00 · 2017-07-01 12:06:08 +00:00 · ae0349678e
commit ae0349678e
parent 06a7eb3f31 45d7c59c3b
5 changed files with 1593 additions and 8 deletions
--- a/exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
+++ b/exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
--- a/exim-CVE-2017-1000369.patch
+++ b/exim-CVE-2017-1000369.patch
@ -0,0 +1,43 @@
+commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
+Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
+Date:   Wed May 31 23:08:56 2017 +0200
+
+    Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
+
+diff --git a/src/exim.c b/src/src/exim.c
+index 67583e58..88e11977 100644
+--- a/src/exim.c
+++ b/src/exim.c
+@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
+ 
+       /* -oMr: Received protocol */
+ 
+-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
+      else if (Ustrcmp(argrest, "Mr") == 0)
+
+        if (received_protocol)
+          {
+          fprintf(stderr, "received_protocol is set already\n");
+          exit(EXIT_FAILURE);
+          }
+        else received_protocol = argv[++i];
+ 
+       /* -oMs: Set sender host name */
+ 
+@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
+ 
+     if (*argrest != 0)
+       {
+-      uschar *hn = Ustrchr(argrest, ':');
+      uschar *hn;
+
+      if (received_protocol)
+        {
+        fprintf(stderr, "received_protocol is set already\n");
+        exit(EXIT_FAILURE);
+        }
+
+      hn = Ustrchr(argrest, ':');
+       if (hn == NULL)
+         {
+         received_protocol = argrest;
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Mon Jun 19 16:27:45 UTC 2017 - meissner@suse.com
+
+- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be
+  exploited to "stack crash" local privilege escalation (bsc#1044692)
+
+- Require user(mail) group(mail) to meet new users handling in TW.
+
+- Prerequire permissions (fixes rpmlint).
+
+-------------------------------------------------------------------
+Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de
+
+- conditionally disable DANE on SuSE versions with OpenSSL < 1.0
+
+- exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch:
+  import exim-4_86_2+fixes branch
+    + fix CVE-2016-1531 
+      when installed setuid root, allows local users to gain privileges via the perl_startup
+      argument. 
+    + fix Bug 1805: store the initial working directory, expand $initial_cwd
+    + fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671)
+    + Don't issue env warning if env is empty
+
+- fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch:
+  DKIM information leakage
+  
+
 -------------------------------------------------------------------
 Mon Apr  4 15:55:31 UTC 2016 - e.istomin@edss.ee

--- a/exim.spec
+++ b/exim.spec
@ -1,7 +1,7 @@
 #
 # spec file for package exim
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -20,6 +20,14 @@
 %bcond_without  pgsql
 %bcond_without  sqlite
 %bcond_without  ldap
+%if 0%{?suse_version} < 1199 || 0%{?centos_version} < 599 || 0%{?rhel_version} < 599
+%bcond_with    dane
+%else
+%bcond_without dane
+%endif
+# disable for now,
+# since utf8_downconvert currently crashes
+%bcond_without i18n

 Name:           exim
 BuildRequires:  cyrus-sasl-devel
@ -53,8 +61,13 @@ BuildRequires:  pkgconfig(systemd)
 %else
 Requires(pre):  %insserv_prereq
 %endif
-Requires(pre):  %fillup_prereq
-Requires(pre):  /usr/sbin/useradd
+Requires(pre):  %fillup_prereq permissions
+%if 0%{?suse_version} >= 1330
+BuildRequires:  group(mail)
+BuildRequires:  user(mail)
+Requires(pre):  user(mail)
+Requires(pre):  group(mail)
+%endif
 Requires(pre):  fileutils textutils
 %endif
 Version:        4.86.2
@ -72,8 +85,8 @@ Summary:        The Exim Mail Transfer Agent, a Replacement for sendmail
 License:        GPL-2.0+
 Group:          Productivity/Networking/Email/Servers
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source:         http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
-Source3:        http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
+Source:         http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
+Source3:        http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
 # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
 Source4:        exim.keyring
 Source1:        sysconfig.exim
@ -86,7 +99,10 @@ Source30:       eximstats-html-update.py
 Source31:       eximstats.conf
 Source32:       eximstats.conf-2.2
 Source40:       exim.service
-Patch:          exim-tail.patch
+Patch0:         exim-tail.patch
+Patch1:         exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
+Patch2:         fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
+Patch3:         exim-CVE-2017-1000369.patch

 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@ -128,7 +144,10 @@ once, if at all. The rest is done by logrotate / cron.)

 %prep
 %setup -q -n exim-%{version}
-%patch
+%patch0
+%patch1 -p 1
+%patch2 -p 1
+%patch3 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
@ -264,9 +283,13 @@ cat <<-EOF > Local/Makefile
 	EXPERIMENTAL_PROXY=yes
 	EXPERIMENTAL_CERTNAMES=yes
 	EXPERIMENTAL_DSN=yes
+%if %{with dane}
 	EXPERIMENTAL_DANE=yes
+%endif
 	EXPERIMENTAL_SOCKS=yes
+%if %{with i18n}
 	EXPERIMENTAL_INTERNATIONAL=yes
+%endif
 	LDFLAGS += -lidn    
 	CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
 	EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie
@ -465,7 +488,7 @@ exit 0
 %attr(0750,root,www) /srv/www/eximstats
 %dir /etc/apache2
 %dir /etc/apache2/conf.d
-/etc/apache2/conf.d/eximstats.conf
+%config /etc/apache2/conf.d/eximstats.conf
 %{_sbindir}/eximstats-html-update.py

 %changelog
--- a/fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
+++ b/fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
@ -0,0 +1,66 @@
+From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh@wizmail.org>
+Date: Fri, 16 Dec 2016 20:36:39 +0000
+Subject: [PATCH 1/3] Fix DKIM information leakage
+
+Cherry picked from exim-4_87 .. exim-4_87_1
+---
+ doc/doc-txt/ChangeLog                   |  7 +++
+ doc/doc-txt/cve-2016-9663               | 86 +++++++++++++++++++++++++++++++++
+ src/src/dkim.c                          |  1 +
+ src/src/transports/smtp.c               |  4 +-
+ test/confs/4510                         | 71 +++++++++++++++++++++++++++
+ test/log/4510                           | 20 ++++++++
+ test/mail/4510.store                    | 58 ++++++++++++++++++++++
+ test/runtest                            |  8 +++
+ test/scripts/4510-DKIM-Bounces/4510     | 15 ++++++
+ test/scripts/4510-DKIM-Bounces/REQUIRES |  2 +
+ 10 files changed, 271 insertions(+), 1 deletion(-)
+ create mode 100644 doc/doc-txt/cve-2016-9663
+ create mode 100644 test/confs/4510
+ create mode 100644 test/log/4510
+ create mode 100644 test/mail/4510.store
+ create mode 100644 test/scripts/4510-DKIM-Bounces/4510
+ create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES
+
+diff --git a/src/dkim.c b/src/dkim.c
+index 3e71545..8e93566 100644
+--- a/src/dkim.c
+++ b/src/dkim.c
+@@ -519,6 +519,7 @@ dkim_exim_sign(int dkim_fd, uschar *dkim_private_key,
+                           (char *)dkim_signing_selector,
+                           (char *)dkim_private_key_expanded
+                          );
+    dkim_private_key_expanded[0] = '\0';
+ 
+     pdkim_set_debug_stream(ctx,debug_file);
+ 
+diff --git a/src/transports/smtp.c b/src/transports/smtp.c
+index a952413..cc8f025 100644
+--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
+@@ -293,6 +293,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
+ static uschar *smtp_command;   /* Points to last cmd for error messages */
+ static uschar *mail_command;   /* Points to MAIL cmd for error messages */
+ static BOOL    update_waiting; /* TRUE to update the "wait" database */
+static uschar *data_command = US"";	/* Points to DATA cmd for error messages */
+ 
+ 
+ /*************************************************
+@@ -2244,6 +2245,7 @@ if (ok || (smtp_use_pipelining && !mua_wrapper))
+     case -1: goto END_OFF;               /* Timeout on RCPT */
+     default: goto RESPONSE_FAILED;       /* I/O error, or any MAIL/DATA error */
+     }
+  data_command = string_copy(big_buffer);  /* Save for later error message */
+   }
+ 
+ /* Save the first address of the next batch. */
+@@ -2418,7 +2420,7 @@ if (!ok) ok = TRUE; else
+ #else
+ 	    "LMTP error after %s: %s",
+ #endif
+-            big_buffer, string_printing(buffer));
+            data_command, string_printing(buffer));
+           setflag(addr, af_pass_message);   /* Allow message to go to user */
+           if (buffer[0] == '5')
+             addr->transport_return = FAIL;