diff --git a/exim-4.96.1.tar.bz2 b/exim-4.96.1.tar.bz2 new file mode 100644 index 0000000..586913c --- /dev/null +++ b/exim-4.96.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:26bbcd4f45483c7138912b4bd31022aee8abf8ac7cdff55839d7e2a9e4c60692 +size 2048927 diff --git a/exim-4.96.1.tar.bz2.asc b/exim-4.96.1.tar.bz2.asc new file mode 100644 index 0000000..c330d21 --- /dev/null +++ b/exim-4.96.1.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmUam7sACgkQr0zGdqa2 +wULqbwgAy75Q48zosNGHOApHAUzEiJpFaujZCQEFxiXqiJlWmFN+sDs7xnx+gOTD +jChIjsbM2PYlNE2DQ4XhuZSFwfufrJfB7GhzyWcYekX78s73sMFdTtsr+8MytNgH +vZp2qe7kgPPU8veckdXPiwrtJVgDNGmwhWLBUQaZMK0qum/Gk6PC7doOm7/e8jbj +X6SKli1Mz/xzxeaTsDEmr9/Z+Nuh+HCXmFK2wLQYP9+AJPE7y1jjup9dCyUzvuNX +rtFPStWzaVUWE4/QO0fpVAnvcb73fdnUSJfqQH7tqvGQhi/rScGLj+tcIdmbTZ68 +TQ1ZXv/5jmWbiNKPB6kV+NEduqzzFw== +=Mmdf +-----END PGP SIGNATURE----- diff --git a/exim-4.96.tar.bz2 b/exim-4.96.tar.bz2 deleted file mode 100644 index 0581e0c..0000000 --- a/exim-4.96.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91 -size 2047632 diff --git a/exim-4.96.tar.bz2.asc b/exim-4.96.tar.bz2.asc deleted file mode 100644 index 80d7b60..0000000 --- a/exim-4.96.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmK3D24QHGpnaEB3aXpt -YWlsLm9yZwAKCRC85YyM5B8y3/p6B/4kKhljnbyvsjc/4HTLpPgRXAdSxQTibZKI -cRSnO5HXyLGqFCj+7WYFfHPWuSmmPhahfQ7mMuNUxcvJkQ32yTDYH4zjam9HpspU -k6rdGNR3SurJ/3pxG4Adcyg3uZ2MSK0fbCmNd6N1MVa0riXxb0PT2pvniaRFKzrD -H3UQ8Yy//R9CGzoUKKs6g063gTc4L+1y+hZJYKodZ7TvKODVp9X024Qvp0gKaF0K -dnDdRNxqqNgUClig13Q4f/KNuGeeChP67AuG/kX+0qZBaduYgmCPoYJQ87jIMLgz -ps6DUyiVVWLVz4N+mSZX6TPbeZ8OqHH6B1crbbhqpdurg4VcBT7A -=HSmJ ------END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index 6fcf7e5..228fb32 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Oct 2 05:53:32 UTC 2023 - Peter Wullinger + +- security update to exim 4.96.1 + * fixes CVE-2023-42114 (bsc#1215784) + * fixes CVE-2023-42115 (bsc#1215785) + * fixes CVE-2023-42116 (bsc#1215786) + ------------------------------------------------------------------- Tue Mar 28 13:46:34 UTC 2023 - Peter Wullinger diff --git a/exim.spec b/exim.spec index 1aa0ce3..c1d8fb8 100644 --- a/exim.spec +++ b/exim.spec @@ -74,8 +74,8 @@ Requires(pre): group(mail) %endif Requires(pre): fileutils textutils %endif -Version: 4.96 -Release: 1 +Version: 4.96.1 +Release: 0 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -106,7 +106,6 @@ Source41: exim_db.8.gz Patch0: exim-tail.patch Patch1: gnu_printf.patch Patch2: patch-no-exit-on-rewrite-malformed-address.patch -Patch3: patch-cve-2022-3559 %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -151,7 +150,6 @@ once, if at all. The rest is done by logrotate / cron.) %patch0 %patch1 -p1 %patch2 -p1 -%patch3 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" diff --git a/patch-cve-2022-3559 b/patch-cve-2022-3559 deleted file mode 100644 index 45f2cf5..0000000 --- a/patch-cve-2022-3559 +++ /dev/null @@ -1,127 +0,0 @@ -diff -ru a/src/exim.c b/src/exim.c ---- a/src/exim.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/exim.c 2022-10-18 13:38:30.366261000 +0200 -@@ -2001,8 +2001,6 @@ - regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE); - #endif - --for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -- - /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; - this seems to be a generally accepted convention, since one finds symbolic - links called "mailq" in standard OS configurations. */ -@@ -6084,7 +6082,7 @@ - deliver_localpart_data = deliver_domain_data = - recipient_data = sender_data = NULL; - acl_var_m = NULL; -- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+ regex_vars_clear(); - - store_reset(reset_point); - } -diff -ru a/src/expand.c b/src/expand.c ---- a/src/expand.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/expand.c 2022-10-18 13:38:30.368690000 +0200 -@@ -1873,7 +1873,7 @@ - return node ? node->data.ptr : strict_acl_vars ? NULL : US""; - } - --/* Handle $auth variables. */ -+/* Handle $auth, $regex variables. */ - - if (Ustrncmp(name, "auth", 4) == 0) - { -diff -ru a/src/functions.h b/src/functions.h ---- a/src/functions.h 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/functions.h 2022-10-18 13:39:21.953979000 +0200 -@@ -438,6 +438,7 @@ - extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **); - extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int); - extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL); -+extern void regex_vars_clear(void); - extern void retry_add_item(address_item *, uschar *, int); - extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL, - uschar **, uschar **); -Only in b/src: functions.h.rej -diff -ru a/src/globals.c b/src/globals.c ---- a/src/globals.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/globals.c 2022-10-18 13:46:22.093392000 +0200 -@@ -1315,7 +1315,7 @@ - #endif - const pcre2_code *regex_ismsgid = NULL; - const pcre2_code *regex_smtp_code = NULL; --const uschar *regex_vars[REGEX_VARS]; -+const uschar *regex_vars[REGEX_VARS] = { 0 }; - #ifdef WHITELIST_D_MACROS - const pcre2_code *regex_whitelisted_macro = NULL; - #endif -Only in b/src: globals.c.rej -diff -ru a/src/regex.c b/src/regex.c ---- a/src/regex.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/regex.c 2022-10-18 13:43:13.041903000 +0200 -@@ -96,18 +96,26 @@ - return FAIL; - } - -+/* reset expansion variables */ -+void -+regex_vars_clear(void) -+{ -+regex_match_string = NULL; -+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+} -+ -+ - int --regex(const uschar **listptr) -+regex(const uschar ** listptr) - { - unsigned long mbox_size; --FILE *mbox_file; --pcre_list *re_list_head; --uschar *linebuffer; -+FILE * mbox_file; -+pcre_list * re_list_head; -+uschar * linebuffer; - long f_pos = 0; - int ret = FAIL; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - if (!mime_stream) /* We are in the DATA ACL */ - { -@@ -169,14 +177,13 @@ - int - mime_regex(const uschar **listptr) - { --pcre_list *re_list_head = NULL; --FILE *f; --uschar *mime_subject = NULL; -+pcre_list * re_list_head = NULL; -+FILE * f; -+uschar * mime_subject = NULL; - int mime_subject_len = 0; - int ret; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - /* precompile our regexes */ - if (!(re_list_head = compile(*listptr))) -diff -ru a/src/smtp_in.c b/src/smtp_in.c ---- a/src/smtp_in.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/smtp_in.c 2022-10-18 13:38:30.372819000 +0200 -@@ -2157,8 +2157,10 @@ - #ifdef SUPPORT_I18N - message_smtputf8 = FALSE; - #endif -+regex_vars_clear(); - body_linecount = body_zerocount = 0; - -+lookup_value = NULL; /* Can be set by ACL */ - sender_rate = sender_rate_limit = sender_rate_period = NULL; - ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */ - /* Note that ratelimiters_conn persists across resets. */