Accepting request 1114826 from server:mail

- security update to exim 4.96.1 * fixes CVE-2023-42114 (bsc#1215784) * fixes CVE-2023-42115 (bsc#1215785) * fixes CVE-2023-42116 (bsc#1215786) OBS-URL: https://build.opensuse.org/request/show/1114826 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=76
2023-10-02 18:05:12 +00:00 · 2023-10-02 18:05:12 +00:00 · e4e0b4acd2
commit e4e0b4acd2
parent 016ffaa458 ed51ffdd94
7 changed files with 24 additions and 145 deletions
--- a/exim-4.96.1.tar.bz2
+++ b/exim-4.96.1.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:26bbcd4f45483c7138912b4bd31022aee8abf8ac7cdff55839d7e2a9e4c60692
+size 2048927
--- a/exim-4.96.1.tar.bz2.asc
+++ b/exim-4.96.1.tar.bz2.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmUam7sACgkQr0zGdqa2
+wULqbwgAy75Q48zosNGHOApHAUzEiJpFaujZCQEFxiXqiJlWmFN+sDs7xnx+gOTD
+jChIjsbM2PYlNE2DQ4XhuZSFwfufrJfB7GhzyWcYekX78s73sMFdTtsr+8MytNgH
+vZp2qe7kgPPU8veckdXPiwrtJVgDNGmwhWLBUQaZMK0qum/Gk6PC7doOm7/e8jbj
+X6SKli1Mz/xzxeaTsDEmr9/Z+Nuh+HCXmFK2wLQYP9+AJPE7y1jjup9dCyUzvuNX
+rtFPStWzaVUWE4/QO0fpVAnvcb73fdnUSJfqQH7tqvGQhi/rScGLj+tcIdmbTZ68
+TQ1ZXv/5jmWbiNKPB6kV+NEduqzzFw==
+=Mmdf
+-----END PGP SIGNATURE-----
--- a/exim-4.96.tar.bz2
+++ b/exim-4.96.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91
-size 2047632
--- a/exim-4.96.tar.bz2.asc
+++ b/exim-4.96.tar.bz2.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmK3D24QHGpnaEB3aXpt
-YWlsLm9yZwAKCRC85YyM5B8y3/p6B/4kKhljnbyvsjc/4HTLpPgRXAdSxQTibZKI
-cRSnO5HXyLGqFCj+7WYFfHPWuSmmPhahfQ7mMuNUxcvJkQ32yTDYH4zjam9HpspU
-k6rdGNR3SurJ/3pxG4Adcyg3uZ2MSK0fbCmNd6N1MVa0riXxb0PT2pvniaRFKzrD
-H3UQ8Yy//R9CGzoUKKs6g063gTc4L+1y+hZJYKodZ7TvKODVp9X024Qvp0gKaF0K
-dnDdRNxqqNgUClig13Q4f/KNuGeeChP67AuG/kX+0qZBaduYgmCPoYJQ87jIMLgz
-ps6DUyiVVWLVz4N+mSZX6TPbeZ8OqHH6B1crbbhqpdurg4VcBT7A
-=HSmJ
-----END PGP SIGNATURE-----
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Oct  2 05:53:32 UTC 2023 - Peter Wullinger <wullinger@rz.uni-kiel.de>
+
+- security update to exim 4.96.1
+  * fixes CVE-2023-42114 (bsc#1215784)
+  * fixes CVE-2023-42115 (bsc#1215785)
+  * fixes CVE-2023-42116 (bsc#1215786)
+
 -------------------------------------------------------------------
 Tue Mar 28 13:46:34 UTC 2023 - Peter Wullinger <wullinger@rz.uni-kiel.de>

--- a/exim.spec
+++ b/exim.spec
@ -74,8 +74,8 @@ Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.96
-Release:        1
+Version:        4.96.1
+Release:        0
 %if %{with_mysql}
 BuildRequires:  mysql-devel
 %endif
@ -106,7 +106,6 @@ Source41:       exim_db.8.gz
 Patch0:         exim-tail.patch
 Patch1:         gnu_printf.patch
 Patch2:         patch-no-exit-on-rewrite-malformed-address.patch
-Patch3:         patch-cve-2022-3559

 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@ -151,7 +150,6 @@ once, if at all. The rest is done by logrotate / cron.)
 %patch0
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
--- a/127
+++ b/127
@ -1,127 +0,0 @@
-diff -ru a/src/exim.c b/src/exim.c
--- a/src/exim.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/exim.c	2022-10-18 13:38:30.366261000 +0200
-@@ -2001,8 +2001,6 @@
-   regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
- 
-for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-@@ -6084,7 +6082,7 @@
-   deliver_localpart_data = deliver_domain_data =
-   recipient_data = sender_data = NULL;
-   acl_var_m = NULL;
-  for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+  regex_vars_clear();
- 
-   store_reset(reset_point);
-   }
-diff -ru a/src/expand.c b/src/expand.c
--- a/src/expand.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/expand.c	2022-10-18 13:38:30.368690000 +0200
-@@ -1873,7 +1873,7 @@
-   return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
-   }
- 
-/* Handle $auth<n> variables. */
-+/* Handle $auth<n>, $regex<n> variables. */
- 
- if (Ustrncmp(name, "auth", 4) == 0)
-   {
-diff -ru a/src/functions.h b/src/functions.h
--- a/src/functions.h	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/functions.h	2022-10-18 13:39:21.953979000 +0200
-@@ -438,6 +438,7 @@
- extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void    regex_vars_clear(void);
- extern void    retry_add_item(address_item *, uschar *, int);
- extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
-                  uschar **, uschar **);
-Only in b/src: functions.h.rej
-diff -ru a/src/globals.c b/src/globals.c
--- a/src/globals.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/globals.c	2022-10-18 13:46:22.093392000 +0200
-@@ -1315,7 +1315,7 @@
- #endif
- const pcre2_code *regex_ismsgid      = NULL;
- const pcre2_code *regex_smtp_code    = NULL;
-const uschar *regex_vars[REGEX_VARS];
-+const uschar *regex_vars[REGEX_VARS] = { 0 };
- #ifdef WHITELIST_D_MACROS
- const pcre2_code *regex_whitelisted_macro = NULL;
- #endif
-Only in b/src: globals.c.rej
-diff -ru a/src/regex.c b/src/regex.c
--- a/src/regex.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/regex.c	2022-10-18 13:43:13.041903000 +0200
-@@ -96,18 +96,26 @@
- return FAIL;
- }
- 
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
- int
-regex(const uschar **listptr)
-+regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
-FILE *mbox_file;
-pcre_list *re_list_head;
-uschar *linebuffer;
-+FILE * mbox_file;
-+pcre_list * re_list_head;
-+uschar * linebuffer;
- long f_pos = 0;
- int ret = FAIL;
- 
-/* reset expansion variable */
-regex_match_string = NULL;
-+regex_vars_clear();
- 
- if (!mime_stream)				/* We are in the DATA ACL */
-   {
-@@ -169,14 +177,13 @@
- int
- mime_regex(const uschar **listptr)
- {
-pcre_list *re_list_head = NULL;
-FILE *f;
-uschar *mime_subject = NULL;
-+pcre_list * re_list_head = NULL;
-+FILE * f;
-+uschar * mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
- 
-/* reset expansion variable */
-regex_match_string = NULL;
-+regex_vars_clear();
- 
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-diff -ru a/src/smtp_in.c b/src/smtp_in.c
--- a/src/smtp_in.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/smtp_in.c	2022-10-18 13:38:30.372819000 +0200
-@@ -2157,8 +2157,10 @@
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
- 
-+lookup_value = NULL;                           /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
-                    /* Note that ratelimiters_conn persists across resets. */