Accepting request 890644 from server:mail

OBS-URL: https://build.opensuse.org/request/show/890644 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=65
2021-05-05 18:40:00 +00:00 · 2021-05-05 18:40:00 +00:00 · c2dc05e40b
commit c2dc05e40b
parent a210c873fc 5d0e28acb2
7 changed files with 69 additions and 130 deletions
--- a/exim-4.94.2.tar.bz2
+++ b/exim-4.94.2.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:902e611486400608691dff31e1d8725eb9e23602399ad75670ec18878643bc4f
+size 2007178
--- a/exim-4.94.2.tar.bz2.asc
+++ b/exim-4.94.2.tar.bz2.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmCL9CUACgkQr0zGdqa2
+wULhwAgAy1T60wVzeey/1mJKkq5kugAMF3CeGYW63RHUHOKlw/U1dm5kHd7bakgF
+y0t4zcE+6bdBiVaLz+kllq6lclaFRKtR79Qv2c5Mw1T2bMNRgyK38dvTwpnxAJLe
+9eLfnxAJx6kxKNpGhkkujRwXTl9AfIFXz4ZGQdsYs/22EOHE3cS1idpl7pyyKwVd
+NGAQimod9FzBXRiddDQ1C5z4wIx/XuqXVxpJm7KYqmiwRUQRdBd2pAIoR0sZK/qB
+vTfkC3NGSABJvnbsVdpmTUUt+0SMhQx81okJdSIVCf9UUUcBjd2FERHdy3RIUN3I
+Vmpqq87TL+3RLPc+HIS+PAw0cqlOqg==
+=dNau
+-----END PGP SIGNATURE-----
--- a/exim-4.94.tar.bz2
+++ b/exim-4.94.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:73feeaa5ddb43363782db0c307b593aacb49542dd7e4b795a2880779595affe5
-size 1997217
--- a/exim-4.94.tar.bz2.asc
+++ b/exim-4.94.tar.bz2.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAl7VFJAQHGpnaEB3aXpt
-YWlsLm9yZwAKCRC85YyM5B8y3y45CADBlbw+sH3fhIhhwWdremJFiED5xr/4bPjd
-jnU/qOWKTg9Iv9F1gBbjpacwBZa+dc49DgeSkLWgx5z3AKke1BzFpA9/mPpVCGvZ
-Q934OZ47jixuP38PSoKpEbh1peRf1o+z9tqc/SEty8q+lyH7J2IhQKx8komUI0Y7
-6we1gx1Nm7J6Z2vy0owkU6vx/iuqVE79/lV4avAIqMGBEsLfDNS+tTqe0f6lkPqM
-CT+ya0/fUppQfxqSKNrVYU2reGM6H0yEtFAeD2FbFSAGUhH+MecBl/xLbRfKCoCn
-WrYvgwrB8eHO3ZS9MSZJIbr9fr02xZF1k2et1oCCJ66/DZSl0BQV
-=cjE1
-----END PGP SIGNATURE-----
--- a/exim.changes
+++ b/exim.changes
@ -1,8 +1,56 @@
+-------------------------------------------------------------------
+Tue May  4 16:45:17 CEST 2021 - wullinger@rz.uni-kiel.de
+
+- update to exim-4.94.2
+  security update (bsc#1185631)
+  * CVE-2020-28007: Link attack in Exim's log directory
+  * CVE-2020-28008: Assorted attacks in Exim's spool directory
+  * CVE-2020-28014: Arbitrary PID file creation
+  * CVE-2020-28011: Heap buffer overflow in queue_run()
+  * CVE-2020-28010: Heap out-of-bounds write in main()
+  * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
+  * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
+  * CVE-2020-28015: New-line injection into spool header file (local)
+  * CVE-2020-28012: Missing close-on-exec flag for privileged pipe
+  * CVE-2020-28009: Integer overflow in get_stdinput()
+  * CVE-2020-28017: Integer overflow in receive_add_recipient()
+  * CVE-2020-28020: Integer overflow in receive_msg()
+  * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
+  * CVE-2020-28021: New-line injection into spool header file (remote)
+  * CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
+  * CVE-2020-28026: Line truncation and injection in spool_read_header()
+  * CVE-2020-28019: Failure to reset function pointer after BDAT error
+  * CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
+  * CVE-2020-28018: Use-after-free in tls-openssl.c
+  * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
+
+-------------------------------------------------------------------
+Wed Apr 28 13:55:29 CEST 2021 - wullinger@rz.uni-kiel.de
+
+- update to exim-4.94.1
+  * Fix security issue in BDAT state confusion.
+    Ensure we reset known-good where we know we need to not be reading BDAT
+    data, as a general case fix, and move the places where we switch to BDAT
+    mode until after various protocol state checks.
+    Fixes CVE-2020-BDATA reported by Qualys.
+  * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
+  * Fix security issue with too many recipients on a message (to remove a
+    known security problem if someone does set recipients_max to unlimited,
+    or if local additions add to the recipient list).
+    Fixes CVE-2020-RCPTL reported by Qualys.
+  * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+  * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
+    providing a particularly obnoxious sender full name.
+  * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
+    better.
+
+-------------------------------------------------------------------
 Mon Aug 24 11:13:55 CEST 2020 - wullinger@rz.uni-kiel.de

 - bring back missing exim_db.8 manual page
  (fixes bsc#1173693)

+-------------------------------------------------------------------
 Mon Jun  8 11:24:08 CEST 2020 - wullinger@rz.uni-kiel.de

 - bring in changes from current +fixes (lots of taint check fixes)
@ -24,6 +72,7 @@ Mon Jun  8 11:24:08 CEST 2020 - wullinger@rz.uni-kiel.de
    broken the (no-op) support for this sendmail command.  Restore it
    to doing nothing, silently, and returning good status.

+-------------------------------------------------------------------
 Tue Jun  2 07:12:55 CEST 2020 - wullinger@rz.uni-kiel.de

 - update to exim 4.94
@ -39,11 +88,13 @@ Tue Jun  2 07:12:55 CEST 2020 - wullinger@rz.uni-kiel.de

 -------------------------------------------------------------------
 Tue May 19 13:47:05 CEST 2020 - wullinger@rz.uni-kiel.de
+
 - switch pretrans to use lua
  (fixes bsc#1171877)
  
 -------------------------------------------------------------------
 Tue May 12 08:19:17 UTC 2020 - wullinger@rz.uni-kiel.de
+
 - bring changes from current in +fixes branch
  (patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
  * fixes CVE-2020-12783 (bsc#1171490)
@ -74,11 +125,13 @@ Tue May 12 08:19:17 UTC 2020 - wullinger@rz.uni-kiel.de

 -------------------------------------------------------------------
 Wed Apr  1 12:52:10 UTC 2020 - wullinger@rz.uni-kiel.de
+
 - don't create logfiles during install
  * fixes CVE-2020-8015 (bsc#1154183)

 -------------------------------------------------------------------
 Mon Jan 13 08:48:53 CET 2020 - wullinger@rz.uni-kiel.de
+
 - add a spec-file workaround for bsc#1160726

 -------------------------------------------------------------------
--- a/exim.spec
+++ b/exim.spec
@ -72,8 +72,8 @@ Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.94
-Release:        2
+Version:        4.94.2
+Release:        1
 %if %{with_mysql}
 BuildRequires:  mysql-devel
 %endif
@ -103,7 +103,6 @@ Source40:       exim.service
 Source41:       exim_db.8.gz
 Patch0:         exim-tail.patch
 Patch1:         gnu_printf.patch
-Patch2:         patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99

 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@ -147,7 +146,6 @@ once, if at all. The rest is done by logrotate / cron.)
 %setup -q -n exim-%{version}
 %patch0
 %patch1 -p1
-%patch2 -p1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
--- a/patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99
+++ b/patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99
@ -1,112 +0,0 @@
-diff -ru a/README.UPDATING b/README.UPDATING
--- a/README.UPDATING	2020-05-30 22:35:38.000000000 +0200
-+++ b/README.UPDATING	2020-06-08 10:36:12.136106000 +0200
-@@ -31,9 +31,9 @@
- 
- Some Transports now refuse to use tainted data in constructing their delivery
- location; this WILL BREAK configurations which are not updated accordingly.
-In particular: any Transport use of $local_user which has been relying upon
-+In particular: any Transport use of $local_part which has been relying upon
- check_local_user far away in the Router to make it safe, should be updated to
-replace $local_user with $local_part_data.
-+replace $local_part with $local_part_data.
- 
- Attempting to remove, in router or transport, a header name that ends with
- an asterisk (which is a standards-legal name) will now result in all headers
-diff -ru a/src/acl.c b/src/acl.c
--- a/src/acl.c	2020-05-30 22:35:38.000000000 +0200
-+++ b/src/acl.c	2020-06-08 10:36:13.865973000 +0200
-@@ -3349,11 +3349,11 @@
-       {
-       /* Separate the regular expression and any optional parameters. */
-       const uschar * list = arg;
-      uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
-+      uschar *ss = string_nextinlist(&list, &sep, NULL, 0);
-       /* Run the dcc backend. */
-       rc = dcc_process(&ss);
-       /* Modify return code based upon the existence of options. */
-      while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
-+      while ((ss = string_nextinlist(&list, &sep, NULL, 0)))
-         if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
-           rc = FAIL;   /* FAIL so that the message is passed to the next ACL */
-       }
-@@ -3514,7 +3514,7 @@
-       int sep = 0;
-       const uschar *s = arg;
-       uschar * ss;
-      while ((ss = string_nextinlist(&s, &sep, big_buffer, big_buffer_size)))
-+      while ((ss = string_nextinlist(&s, &sep, NULL, 0)))
-         {
-         if (Ustrcmp(ss, "main") == 0) logbits |= LOG_MAIN;
-         else if (Ustrcmp(ss, "panic") == 0) logbits |= LOG_PANIC;
-@@ -3567,7 +3567,7 @@
-       {
-       /* Separate the regular expression and any optional parameters. */
-       const uschar * list = arg;
-      uschar * ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
-+      uschar * ss = string_nextinlist(&list, &sep, NULL, 0);
-       uschar * opt;
-       BOOL defer_ok = FALSE;
-       int timeout = 0;
-@@ -3672,11 +3672,11 @@
-       {
-       /* Separate the regular expression and any optional parameters. */
-       const uschar * list = arg;
-      uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
-+      uschar *ss = string_nextinlist(&list, &sep, NULL, 0);
- 
-       rc = spam(CUSS &ss);
-       /* Modify return code based upon the existence of options. */
-      while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
-+      while ((ss = string_nextinlist(&list, &sep, NULL, 0)))
-         if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
-           rc = FAIL;	/* FAIL so that the message is passed to the next ACL */
-       }
-diff -ru a/src/auths/call_pam.c b/src/auths/call_pam.c
--- a/src/auths/call_pam.c	2020-05-30 22:35:38.000000000 +0200
-+++ b/src/auths/call_pam.c	2020-06-08 10:36:12.138178000 +0200
-@@ -83,8 +83,7 @@
-     {
-     case PAM_PROMPT_ECHO_ON:
-     case PAM_PROMPT_ECHO_OFF:
-      arg = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
-      if (!arg)
-+      if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0)))
- 	{
- 	arg = US"";
- 	pam_arg_ended = TRUE;
-@@ -155,7 +154,7 @@
- fail. PAM doesn't support authentication with an empty user (it prompts for it,
- causing a potential mis-interpretation). */
- 
-user = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
-+user = string_nextinlist(&pam_args, &sep, NULL, 0);
- if (user == NULL || user[0] == 0) return FAIL;
- 
- /* Start off PAM interaction */
-diff -ru a/src/exim.c b/src/exim.c
--- a/src/exim.c	2020-05-30 22:35:38.000000000 +0200
-+++ b/src/exim.c	2020-06-08 10:36:13.871593000 +0200
-@@ -2148,7 +2148,7 @@
- 	concept of *the* alias file, but since Sun's YP make script calls
- 	sendmail this way, some support must be provided. */
- 	case 'i':
-	  if (!*++argrest) bi_option = TRUE;
-+	  if (!*argrest) bi_option = TRUE;
- 	  else badarg = TRUE;
- 	  break;
- 
-diff -ru a/src/expand.c b/src/expand.c
--- a/src/expand.c	2020-05-30 22:35:38.000000000 +0200
-+++ b/src/expand.c	2020-06-08 10:36:13.873752000 +0200
-@@ -7208,9 +7208,8 @@
-         {
- 	int cnt = 0;
- 	int sep = 0;
-	uschar buffer[256];
- 
-	while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer))) cnt++;
-+	while (string_nextinlist(CUSS &sub, &sep, NULL, 0)) cnt++;
- 	yield = string_fmt_append(yield, "%d", cnt);
-         continue;
-         }