pool/exim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 507377 from server:mail

Browse Source 
1

OBS-URL: https://build.opensuse.org/request/show/507377
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2017-07-01 12:06:08 +00:00 committed by Git OBS Bridge
commit ae0349678e
5 changed files with 1593 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1425
exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch Normal file
View File

File diff suppressed because it is too large Load Diff

43
exim-CVE-2017-1000369.patch Normal file
View File

@ -0,0 +1,43 @@
commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date: Wed May 31 23:08:56 2017 +0200
Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
diff --git a/src/exim.c b/src/src/exim.c
index 67583e58..88e11977 100644
--- a/src/exim.c
+++ b/src/exim.c
@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
/* -oMr: Received protocol */
- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
+ else if (Ustrcmp(argrest, "Mr") == 0)
+
+ if (received_protocol)
+ {
+ fprintf(stderr, "received_protocol is set already\n");
+ exit(EXIT_FAILURE);
+ }
+ else received_protocol = argv[++i];
/* -oMs: Set sender host name */
@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
if (*argrest != 0)
{
- uschar *hn = Ustrchr(argrest, ':');
+ uschar *hn;
+
+ if (received_protocol)
+ {
+ fprintf(stderr, "received_protocol is set already\n");
+ exit(EXIT_FAILURE);
+ }
+
+ hn = Ustrchr(argrest, ':');
if (hn == NULL)
{
received_protocol = argrest;

28
exim.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Mon Jun 19 16:27:45 UTC 2017 - meissner@suse.com
- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be
exploited to "stack crash" local privilege escalation (bsc#1044692)
- Require user(mail) group(mail) to meet new users handling in TW.
- Prerequire permissions (fixes rpmlint).
-------------------------------------------------------------------
Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de
- conditionally disable DANE on SuSE versions with OpenSSL < 1.0
- exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch:
import exim-4_86_2+fixes branch
+ fix CVE-2016-1531
when installed setuid root, allows local users to gain privileges via the perl_startup
argument.
+ fix Bug 1805: store the initial working directory, expand $initial_cwd
+ fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671)
+ Don't issue env warning if env is empty
- fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch:
DKIM information leakage
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 4 15:55:31 UTC 2016 - e.istomin@edss.ee Mon Apr 4 15:55:31 UTC 2016 - e.istomin@edss.ee

39
exim.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package exim # spec file for package exim
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -20,6 +20,14 @@
%bcond_without pgsql %bcond_without pgsql
%bcond_without sqlite %bcond_without sqlite
%bcond_without ldap %bcond_without ldap
%if 0%{?suse_version} < 1199 || 0%{?centos_version} < 599 || 0%{?rhel_version} < 599
%bcond_with dane
%else
%bcond_without dane
%endif
# disable for now,
# since utf8_downconvert currently crashes
%bcond_without i18n
Name: exim Name: exim
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
@ -53,8 +61,13 @@ BuildRequires: pkgconfig(systemd)
%else %else
Requires(pre): %insserv_prereq Requires(pre): %insserv_prereq
%endif %endif
Requires(pre): %fillup_prereq Requires(pre): %fillup_prereq permissions
Requires(pre): /usr/sbin/useradd %if 0%{?suse_version} >= 1330
BuildRequires: group(mail)
BuildRequires: user(mail)
Requires(pre): user(mail)
Requires(pre): group(mail)
%endif
Requires(pre): fileutils textutils Requires(pre): fileutils textutils
%endif %endif
Version: 4.86.2 Version: 4.86.2
@ -72,8 +85,8 @@ Summary: The Exim Mail Transfer Agent, a Replacement for sendmail
License: GPL-2.0+ License: GPL-2.0+
Group: Productivity/Networking/Email/Servers Group: Productivity/Networking/Email/Servers
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc Source3: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
# http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
Source4: exim.keyring Source4: exim.keyring
Source1: sysconfig.exim Source1: sysconfig.exim
@ -86,7 +99,10 @@ Source30: eximstats-html-update.py
Source31: eximstats.conf Source31: eximstats.conf
Source32: eximstats.conf-2.2 Source32: eximstats.conf-2.2
Source40: exim.service Source40: exim.service
Patch: exim-tail.patch Patch0: exim-tail.patch
Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
Patch3: exim-CVE-2017-1000369.patch
%package -n eximon %package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue Summary: Eximon, an graphical frontend to administer Exim's mail queue
@ -128,7 +144,10 @@ once, if at all. The rest is done by logrotate / cron.)
%prep %prep
%setup -q -n exim-%{version} %setup -q -n exim-%{version}
%patch %patch0
%patch1 -p 1
%patch2 -p 1
%patch3 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE" fPIE="-fPIE"
@ -264,9 +283,13 @@ cat <<-EOF > Local/Makefile
EXPERIMENTAL_PROXY=yes EXPERIMENTAL_PROXY=yes
EXPERIMENTAL_CERTNAMES=yes EXPERIMENTAL_CERTNAMES=yes
EXPERIMENTAL_DSN=yes EXPERIMENTAL_DSN=yes
%if %{with dane}
EXPERIMENTAL_DANE=yes EXPERIMENTAL_DANE=yes
%endif
EXPERIMENTAL_SOCKS=yes EXPERIMENTAL_SOCKS=yes
%if %{with i18n}
EXPERIMENTAL_INTERNATIONAL=yes EXPERIMENTAL_INTERNATIONAL=yes
%endif
LDFLAGS += -lidn LDFLAGS += -lidn
CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie
@ -465,7 +488,7 @@ exit 0
%attr(0750,root,www) /srv/www/eximstats %attr(0750,root,www) /srv/www/eximstats
%dir /etc/apache2 %dir /etc/apache2
%dir /etc/apache2/conf.d %dir /etc/apache2/conf.d
/etc/apache2/conf.d/eximstats.conf %config /etc/apache2/conf.d/eximstats.conf
%{_sbindir}/eximstats-html-update.py %{_sbindir}/eximstats-html-update.py
%changelog %changelog

66
fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch Normal file
View File

@ -0,0 +1,66 @@
From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh@wizmail.org>
Date: Fri, 16 Dec 2016 20:36:39 +0000
Subject: [PATCH 1/3] Fix DKIM information leakage
Cherry picked from exim-4_87 .. exim-4_87_1
---
doc/doc-txt/ChangeLog | 7 +++
doc/doc-txt/cve-2016-9663 | 86 +++++++++++++++++++++++++++++++++
src/src/dkim.c | 1 +
src/src/transports/smtp.c | 4 +-
test/confs/4510 | 71 +++++++++++++++++++++++++++
test/log/4510 | 20 ++++++++
test/mail/4510.store | 58 ++++++++++++++++++++++
test/runtest | 8 +++
test/scripts/4510-DKIM-Bounces/4510 | 15 ++++++
test/scripts/4510-DKIM-Bounces/REQUIRES | 2 +
10 files changed, 271 insertions(+), 1 deletion(-)
create mode 100644 doc/doc-txt/cve-2016-9663
create mode 100644 test/confs/4510
create mode 100644 test/log/4510
create mode 100644 test/mail/4510.store
create mode 100644 test/scripts/4510-DKIM-Bounces/4510
create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES
diff --git a/src/dkim.c b/src/dkim.c
index 3e71545..8e93566 100644
--- a/src/dkim.c
+++ b/src/dkim.c
@@ -519,6 +519,7 @@ dkim_exim_sign(int dkim_fd, uschar *dkim_private_key,
(char *)dkim_signing_selector,
(char *)dkim_private_key_expanded
);
+ dkim_private_key_expanded[0] = '\0';
pdkim_set_debug_stream(ctx,debug_file);
diff --git a/src/transports/smtp.c b/src/transports/smtp.c
index a952413..cc8f025 100644
--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
@@ -293,6 +293,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
static uschar *smtp_command; /* Points to last cmd for error messages */
static uschar *mail_command; /* Points to MAIL cmd for error messages */
static BOOL update_waiting; /* TRUE to update the "wait" database */
+static uschar *data_command = US""; /* Points to DATA cmd for error messages */
/*************************************************
@@ -2244,6 +2245,7 @@ if (ok || (smtp_use_pipelining && !mua_wrapper))
case -1: goto END_OFF; /* Timeout on RCPT */
default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
}
+ data_command = string_copy(big_buffer); /* Save for later error message */
}
/* Save the first address of the next batch. */
@@ -2418,7 +2420,7 @@ if (!ok) ok = TRUE; else
#else
"LMTP error after %s: %s",
#endif
- big_buffer, string_printing(buffer));
+ data_command, string_printing(buffer));
setflag(addr, af_pass_message); /* Allow message to go to user */
if (buffer[0] == '5')
addr->transport_return = FAIL;