From d4072b44a4a7491850dc1ec019f90975e890ffa888f49eec0d232c72c3927e41 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Mon, 2 Oct 2023 06:36:36 +0000 Subject: [PATCH 1/4] Accepting request 1114683 from home:pwcau:branches:server:mail - add patch for * CVE-2023-42114 (bsc#1215784) * CVE-2023-42115 (bsc#1215785) * CVE-2023-42116 (bsc#1215786) OBS-URL: https://build.opensuse.org/request/show/1114683 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=274 --- exim.changes | 7 + exim.spec | 2 + ...-42115-CVE-2023-42116-CVE-2023-42114.patch | 294 ++++++++++++++++++ 3 files changed, 303 insertions(+) create mode 100644 patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch diff --git a/exim.changes b/exim.changes index 6fcf7e5..de74afb 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,10 @@ +Mon Oct 2 05:53:32 UTC 2023 - Peter Wullinger + +- add patch for + * CVE-2023-42114 (bsc#1215784) + * CVE-2023-42115 (bsc#1215785) + * CVE-2023-42116 (bsc#1215786) + ------------------------------------------------------------------- Tue Mar 28 13:46:34 UTC 2023 - Peter Wullinger diff --git a/exim.spec b/exim.spec index 1aa0ce3..ea7c7b2 100644 --- a/exim.spec +++ b/exim.spec @@ -107,6 +107,7 @@ Patch0: exim-tail.patch Patch1: gnu_printf.patch Patch2: patch-no-exit-on-rewrite-malformed-address.patch Patch3: patch-cve-2022-3559 +Patch4: patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -152,6 +153,7 @@ once, if at all. The rest is done by logrotate / cron.) %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" diff --git a/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch b/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch new file mode 100644 index 0000000..7fc5cf8 --- /dev/null +++ b/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch @@ -0,0 +1,294 @@ +diff --git a/src/auths/auth-spa.c b/src/auths/auth-spa.c +index 8d886b6b6..bb3d327d1 100644 +--- a/src/auths/auth-spa.c ++++ b/src/auths/auth-spa.c +@@ -155,6 +155,9 @@ int main (int argc, char ** argv) + up with a different answer to the one above) + */ + ++#ifndef MACRO_PREDEF ++ ++ + #define DEBUG_X(a,b) ; + + extern int DEBUGLEVEL; +@@ -1211,7 +1214,9 @@ char versionString[] = "libntlm version 0.21"; + + #define spa_bytes_add(ptr, header, buf, count) \ + { \ +-if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \ ++if ( buf && (count) != 0 /* we hate -Wint-in-bool-contex */ \ ++ && ptr->bufIndex + count < sizeof(ptr->buffer) \ ++ ) \ + { \ + SSVAL(&ptr->header.len,0,count); \ + SSVAL(&ptr->header.maxlen,0,count); \ +@@ -1229,35 +1234,30 @@ else \ + + #define spa_string_add(ptr, header, string) \ + { \ +-char *p = string; \ ++uschar * p = string; \ + int len = 0; \ +-if (p) len = strlen(p); \ +-spa_bytes_add(ptr, header, (US p), len); \ ++if (p) len = Ustrlen(p); \ ++spa_bytes_add(ptr, header, p, len); \ + } + + #define spa_unicode_add_string(ptr, header, string) \ + { \ +-char *p = string; \ +-uschar *b = NULL; \ ++uschar * p = string; \ ++uschar * b = NULL; \ + int len = 0; \ + if (p) \ + { \ +- len = strlen(p); \ +- b = strToUnicode(p); \ ++ len = Ustrlen(p); \ ++ b = US strToUnicode(CS p); \ + } \ + spa_bytes_add(ptr, header, b, len*2); \ + } + + +-#define GetUnicodeString(structPtr, header) \ +-unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) +-#define GetString(structPtr, header) \ +-toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) +- + #ifdef notdef + + #define DumpBuffer(fp, structPtr, header) \ +-dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) ++ dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) + + + static void +@@ -1321,8 +1321,33 @@ buf[len] = 0; + return buf; + } + ++static inline uschar * ++get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr) ++{ ++int off = IVAL(&hdr->offset, 0); ++int len = SVAL(&hdr->len, 0); ++return off + len < sizeof(SPAAuthChallenge) ++ ? US unicodeToString(CS challenge + off, len/2) : US""; ++} ++ ++static inline uschar * ++get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr) ++{ ++int off = IVAL(&hdr->offset, 0); ++int len = SVAL(&hdr->len, 0); ++return off + len < sizeof(SPAAuthChallenge) ++ ? US toString(CS challenge + off, len) : US""; ++} ++ + #ifdef notdef + ++#define GetUnicodeString(structPtr, header) \ ++ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) ++ ++#define GetString(structPtr, header) \ ++ toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) ++ ++ + void + dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request) + { +@@ -1366,15 +1391,15 @@ fprintf (fp, " Flags = %08x\n", IVAL (&response->flags, 0)); + #endif + + void +-spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain) ++spa_build_auth_request (SPAAuthRequest * request, uschar * user, uschar * domain) + { +-char *u = strdup (user); +-char *p = strchr (u, '@'); ++uschar * u = string_copy(user); ++uschar * p = Ustrchr(u, '@'); + + if (p) + { + if (!domain) +- domain = p + 1; ++ domain = p + 1; + *p = '\0'; + } + +@@ -1384,7 +1409,6 @@ SIVAL (&request->msgType, 0, 1); + SIVAL (&request->flags, 0, 0x0000b207); /* have to figure out what these mean */ + spa_string_add (request, user, u); + spa_string_add (request, domain, domain); +-free (u); + } + + +@@ -1475,16 +1499,16 @@ free (u); + + void + spa_build_auth_response (SPAAuthChallenge * challenge, +- SPAAuthResponse * response, char *user, +- char *password) ++ SPAAuthResponse * response, uschar * user, ++ uschar * password) + { + uint8x lmRespData[24]; + uint8x ntRespData[24]; + uint32x cf = IVAL(&challenge->flags, 0); +-char *u = strdup (user); +-char *p = strchr (u, '@'); +-char *d = NULL; +-char *domain; ++uschar * u = string_copy(user); ++uschar * p = Ustrchr(u, '@'); ++uschar * d = NULL; ++uschar * domain; + + if (p) + { +@@ -1492,33 +1516,33 @@ if (p) + *p = '\0'; + } + +-else domain = d = strdup((cf & 0x1)? +- CCS GetUnicodeString(challenge, uDomain) : +- CCS GetString(challenge, uDomain)); ++else domain = d = string_copy(cf & 0x1 ++ ? CUS get_challenge_unistr(challenge, &challenge->uDomain) ++ : CUS get_challenge_str(challenge, &challenge->uDomain)); + +-spa_smb_encrypt (US password, challenge->challengeData, lmRespData); +-spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData); ++spa_smb_encrypt(password, challenge->challengeData, lmRespData); ++spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData); + + response->bufIndex = 0; + memcpy (response->ident, "NTLMSSP\0\0\0", 8); + SIVAL (&response->msgType, 0, 3); + +-spa_bytes_add (response, lmResponse, lmRespData, (cf & 0x200) ? 24 : 0); +-spa_bytes_add (response, ntResponse, ntRespData, (cf & 0x8000) ? 24 : 0); ++spa_bytes_add(response, lmResponse, lmRespData, cf & 0x200 ? 24 : 0); ++spa_bytes_add(response, ntResponse, ntRespData, cf & 0x8000 ? 24 : 0); + + if (cf & 0x1) { /* Unicode Text */ +- spa_unicode_add_string (response, uDomain, domain); +- spa_unicode_add_string (response, uUser, u); +- spa_unicode_add_string (response, uWks, u); ++ spa_unicode_add_string(response, uDomain, domain); ++ spa_unicode_add_string(response, uUser, u); ++ spa_unicode_add_string(response, uWks, u); + } else { /* OEM Text */ +- spa_string_add (response, uDomain, domain); +- spa_string_add (response, uUser, u); +- spa_string_add (response, uWks, u); ++ spa_string_add(response, uDomain, domain); ++ spa_string_add(response, uUser, u); ++ spa_string_add(response, uWks, u); + } + +-spa_string_add (response, sessionKey, NULL); ++spa_string_add(response, sessionKey, NULL); + response->flags = challenge->flags; +- +-if (d != NULL) free (d); +-free (u); + } ++ ++ ++#endif /*!MACRO_PREDEF*/ +diff --git a/src/auths/auth-spa.h b/src/auths/auth-spa.h +index cfe1b086d..3b0b3a9e3 100644 +--- a/src/auths/auth-spa.h ++++ b/src/auths/auth-spa.h +@@ -79,10 +79,10 @@ typedef struct + + void spa_bits_to_base64 (unsigned char *, const unsigned char *, int); + int spa_base64_to_bits(char *, int, const char *); +-void spa_build_auth_response (SPAAuthChallenge *challenge, +- SPAAuthResponse *response, char *user, char *password); +-void spa_build_auth_request (SPAAuthRequest *request, char *user, +- char *domain); ++void spa_build_auth_response (SPAAuthChallenge * challenge, ++ SPAAuthResponse * response, uschar * user, uschar * password); ++void spa_build_auth_request (SPAAuthRequest * request, uschar * user, ++ uschar * domain); + extern void spa_smb_encrypt (unsigned char * passwd, unsigned char * c8, + unsigned char * p24); + extern void spa_smb_nt_encrypt (unsigned char * passwd, unsigned char * c8, +diff --git a/src/auths/external.c b/src/auths/external.c +index 7e7fca841..790b98159 100644 +--- a/src/auths/external.c ++++ b/src/auths/external.c +@@ -103,7 +103,7 @@ if (expand_nmax == 0) /* skip if rxd data */ + if (ob->server_param2) + { + uschar * s = expand_string(ob->server_param2); +- auth_vars[expand_nmax] = s; ++ auth_vars[expand_nmax = 1] = s; + expand_nstring[++expand_nmax] = s; + expand_nlength[expand_nmax] = Ustrlen(s); + if (ob->server_param3) +diff --git a/src/auths/spa.c b/src/auths/spa.c +index ff90d33a3..bfaccefda 100644 +--- a/src/auths/spa.c ++++ b/src/auths/spa.c +@@ -284,14 +284,13 @@ SPAAuthRequest request; + SPAAuthChallenge challenge; + SPAAuthResponse response; + char msgbuf[2048]; +-char *domain = NULL; +-char *username, *password; ++uschar * domain = NULL, * username, * password; + + /* Code added by PH to expand the options */ + + *buffer = 0; /* Default no message when cancelled */ + +-if (!(username = CS expand_string(ob->spa_username))) ++if (!(username = expand_string(ob->spa_username))) + { + if (f.expand_string_forcedfail) return CANCELLED; + string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " +@@ -300,7 +299,7 @@ if (!(username = CS expand_string(ob->spa_username))) + return ERROR; + } + +-if (!(password = CS expand_string(ob->spa_password))) ++if (!(password = expand_string(ob->spa_password))) + { + if (f.expand_string_forcedfail) return CANCELLED; + string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " +@@ -310,7 +309,7 @@ if (!(password = CS expand_string(ob->spa_password))) + } + + if (ob->spa_domain) +- if (!(domain = CS expand_string(ob->spa_domain))) ++ if (!(domain = expand_string(ob->spa_domain))) + { + if (f.expand_string_forcedfail) return CANCELLED; + string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " +@@ -330,7 +329,7 @@ if (!smtp_read_response(sx, US buffer, buffsize, '3', timeout)) + + DSPA("\n\n%s authenticator: using domain %s\n\n", ablock->name, domain); + +-spa_build_auth_request(&request, CS username, domain); ++spa_build_auth_request(&request, username, domain); + spa_bits_to_base64(US msgbuf, US &request, spa_request_length(&request)); + + DSPA("\n\n%s authenticator: sending request (%s)\n\n", ablock->name, msgbuf); +@@ -347,7 +346,7 @@ if (!smtp_read_response(sx, US buffer, buffsize, '3', timeout)) + DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4); + spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4)); + +-spa_build_auth_response(&challenge, &response, CS username, CS password); ++spa_build_auth_response(&challenge, &response, username, password); + spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response)); + DSPA("\n\n%s authenticator: challenge response (%s)\n\n", ablock->name, msgbuf); + From d358e67d5df8af2fb0ce38239d72065e73c0441c06bb77df3ccc8ddf8a9f4e33 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Mon, 2 Oct 2023 06:44:29 +0000 Subject: [PATCH 2/4] Accepting request 1114687 from home:pwcau:branches:server:mail - add patch (patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch) for * CVE-2023-42114 (bsc#1215784) * CVE-2023-42115 (bsc#1215785) * CVE-2023-42116 (bsc#1215786) OBS-URL: https://build.opensuse.org/request/show/1114687 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=275 --- exim.changes | 2 +- exim.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/exim.changes b/exim.changes index de74afb..ec1dd0f 100644 --- a/exim.changes +++ b/exim.changes @@ -1,6 +1,6 @@ Mon Oct 2 05:53:32 UTC 2023 - Peter Wullinger -- add patch for +- add patch (patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch) for * CVE-2023-42114 (bsc#1215784) * CVE-2023-42115 (bsc#1215785) * CVE-2023-42116 (bsc#1215786) diff --git a/exim.spec b/exim.spec index ea7c7b2..e5e5799 100644 --- a/exim.spec +++ b/exim.spec @@ -75,7 +75,7 @@ Requires(pre): group(mail) Requires(pre): fileutils textutils %endif Version: 4.96 -Release: 1 +Release: 2 %if %{with_mysql} BuildRequires: mysql-devel %endif From 1b126813a8b12a85af9a738124414e8b6997676af7d7f1a3ded811198b653786 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Mon, 2 Oct 2023 13:23:30 +0000 Subject: [PATCH 3/4] Accepting request 1114822 from home:pwcau:branches:server:mail - security update to exim 4.96.1 * fixes CVE-2023-42114 (bsc#1215784) * fixes CVE-2023-42115 (bsc#1215785) * fixes CVE-2023-42116 (bsc#1215786) OBS-URL: https://build.opensuse.org/request/show/1114822 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=276 --- exim-4.96.1.tar.gz | 3 + exim-4.96.1.tar.gz.asc | 11 + exim-4.96.tar.bz2 | 3 - exim-4.96.tar.bz2.asc | 11 - exim.changes | 8 +- exim.spec | 8 +- ...-42115-CVE-2023-42116-CVE-2023-42114.patch | 294 ------------------ patch-cve-2022-3559 | 127 -------- 8 files changed, 20 insertions(+), 445 deletions(-) create mode 100644 exim-4.96.1.tar.gz create mode 100644 exim-4.96.1.tar.gz.asc delete mode 100644 exim-4.96.tar.bz2 delete mode 100644 exim-4.96.tar.bz2.asc delete mode 100644 patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch delete mode 100644 patch-cve-2022-3559 diff --git a/exim-4.96.1.tar.gz b/exim-4.96.1.tar.gz new file mode 100644 index 0000000..7819ae7 --- /dev/null +++ b/exim-4.96.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d06845e07c699e7dabbe1ca1edf23fe8b17083dc9fe0736f0b4a90351ac708e +size 2587066 diff --git a/exim-4.96.1.tar.gz.asc b/exim-4.96.1.tar.gz.asc new file mode 100644 index 0000000..d7cbe38 --- /dev/null +++ b/exim-4.96.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmUam7wACgkQr0zGdqa2 +wUJTWAf/ThDZFIOGAB4rTFJF2dZjZnlNPWAYB//ZGG4ZbeCPBPeLlQcNtRA7KX2B +vaWo3iGneYqn6Zf2DHjeeGsqtRE62hh9S8d0wkSkGA9VnRSK6kh8eFEotWA/pXAp +ZsYhBlOHxqzaDy9l0S3o+AXXG+Ag/Qg+ZjhkBHRZg+rq0xDwzF+3KxVhbRrUTtKL +Tl7Z+uvepeXmfN0TU2nAnbHtp7+IOVaZlMGPC3J0xL6vdQt5N+peccg3lDn09OPw +pcrDbG/IFYqB4d/ae9Y4kYV/S5o1c8reNC7u6ovPqBCNusSEmdS6aXCVHQWGeZoa +nYCzFqFTB3yqOUq2Yae3NzG2CmzMTg== +=c4Fg +-----END PGP SIGNATURE----- diff --git a/exim-4.96.tar.bz2 b/exim-4.96.tar.bz2 deleted file mode 100644 index 0581e0c..0000000 --- a/exim-4.96.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91 -size 2047632 diff --git a/exim-4.96.tar.bz2.asc b/exim-4.96.tar.bz2.asc deleted file mode 100644 index 80d7b60..0000000 --- a/exim-4.96.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmK3D24QHGpnaEB3aXpt -YWlsLm9yZwAKCRC85YyM5B8y3/p6B/4kKhljnbyvsjc/4HTLpPgRXAdSxQTibZKI -cRSnO5HXyLGqFCj+7WYFfHPWuSmmPhahfQ7mMuNUxcvJkQ32yTDYH4zjam9HpspU -k6rdGNR3SurJ/3pxG4Adcyg3uZ2MSK0fbCmNd6N1MVa0riXxb0PT2pvniaRFKzrD -H3UQ8Yy//R9CGzoUKKs6g063gTc4L+1y+hZJYKodZ7TvKODVp9X024Qvp0gKaF0K -dnDdRNxqqNgUClig13Q4f/KNuGeeChP67AuG/kX+0qZBaduYgmCPoYJQ87jIMLgz -ps6DUyiVVWLVz4N+mSZX6TPbeZ8OqHH6B1crbbhqpdurg4VcBT7A -=HSmJ ------END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index ec1dd0f..26ff9de 100644 --- a/exim.changes +++ b/exim.changes @@ -1,9 +1,9 @@ Mon Oct 2 05:53:32 UTC 2023 - Peter Wullinger -- add patch (patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch) for - * CVE-2023-42114 (bsc#1215784) - * CVE-2023-42115 (bsc#1215785) - * CVE-2023-42116 (bsc#1215786) +- security update to exim 4.96.1 + * fixes CVE-2023-42114 (bsc#1215784) + * fixes CVE-2023-42115 (bsc#1215785) + * fixes CVE-2023-42116 (bsc#1215786) ------------------------------------------------------------------- Tue Mar 28 13:46:34 UTC 2023 - Peter Wullinger diff --git a/exim.spec b/exim.spec index e5e5799..c1d8fb8 100644 --- a/exim.spec +++ b/exim.spec @@ -74,8 +74,8 @@ Requires(pre): group(mail) %endif Requires(pre): fileutils textutils %endif -Version: 4.96 -Release: 2 +Version: 4.96.1 +Release: 0 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -106,8 +106,6 @@ Source41: exim_db.8.gz Patch0: exim-tail.patch Patch1: gnu_printf.patch Patch2: patch-no-exit-on-rewrite-malformed-address.patch -Patch3: patch-cve-2022-3559 -Patch4: patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -152,8 +150,6 @@ once, if at all. The rest is done by logrotate / cron.) %patch0 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" diff --git a/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch b/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch deleted file mode 100644 index 7fc5cf8..0000000 --- a/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch +++ /dev/null @@ -1,294 +0,0 @@ -diff --git a/src/auths/auth-spa.c b/src/auths/auth-spa.c -index 8d886b6b6..bb3d327d1 100644 ---- a/src/auths/auth-spa.c -+++ b/src/auths/auth-spa.c -@@ -155,6 +155,9 @@ int main (int argc, char ** argv) - up with a different answer to the one above) - */ - -+#ifndef MACRO_PREDEF -+ -+ - #define DEBUG_X(a,b) ; - - extern int DEBUGLEVEL; -@@ -1211,7 +1214,9 @@ char versionString[] = "libntlm version 0.21"; - - #define spa_bytes_add(ptr, header, buf, count) \ - { \ --if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \ -+if ( buf && (count) != 0 /* we hate -Wint-in-bool-contex */ \ -+ && ptr->bufIndex + count < sizeof(ptr->buffer) \ -+ ) \ - { \ - SSVAL(&ptr->header.len,0,count); \ - SSVAL(&ptr->header.maxlen,0,count); \ -@@ -1229,35 +1234,30 @@ else \ - - #define spa_string_add(ptr, header, string) \ - { \ --char *p = string; \ -+uschar * p = string; \ - int len = 0; \ --if (p) len = strlen(p); \ --spa_bytes_add(ptr, header, (US p), len); \ -+if (p) len = Ustrlen(p); \ -+spa_bytes_add(ptr, header, p, len); \ - } - - #define spa_unicode_add_string(ptr, header, string) \ - { \ --char *p = string; \ --uschar *b = NULL; \ -+uschar * p = string; \ -+uschar * b = NULL; \ - int len = 0; \ - if (p) \ - { \ -- len = strlen(p); \ -- b = strToUnicode(p); \ -+ len = Ustrlen(p); \ -+ b = US strToUnicode(CS p); \ - } \ - spa_bytes_add(ptr, header, b, len*2); \ - } - - --#define GetUnicodeString(structPtr, header) \ --unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) --#define GetString(structPtr, header) \ --toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) -- - #ifdef notdef - - #define DumpBuffer(fp, structPtr, header) \ --dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) -+ dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0)) - - - static void -@@ -1321,8 +1321,33 @@ buf[len] = 0; - return buf; - } - -+static inline uschar * -+get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr) -+{ -+int off = IVAL(&hdr->offset, 0); -+int len = SVAL(&hdr->len, 0); -+return off + len < sizeof(SPAAuthChallenge) -+ ? US unicodeToString(CS challenge + off, len/2) : US""; -+} -+ -+static inline uschar * -+get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr) -+{ -+int off = IVAL(&hdr->offset, 0); -+int len = SVAL(&hdr->len, 0); -+return off + len < sizeof(SPAAuthChallenge) -+ ? US toString(CS challenge + off, len) : US""; -+} -+ - #ifdef notdef - -+#define GetUnicodeString(structPtr, header) \ -+ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2) -+ -+#define GetString(structPtr, header) \ -+ toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0)) -+ -+ - void - dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request) - { -@@ -1366,15 +1391,15 @@ fprintf (fp, " Flags = %08x\n", IVAL (&response->flags, 0)); - #endif - - void --spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain) -+spa_build_auth_request (SPAAuthRequest * request, uschar * user, uschar * domain) - { --char *u = strdup (user); --char *p = strchr (u, '@'); -+uschar * u = string_copy(user); -+uschar * p = Ustrchr(u, '@'); - - if (p) - { - if (!domain) -- domain = p + 1; -+ domain = p + 1; - *p = '\0'; - } - -@@ -1384,7 +1409,6 @@ SIVAL (&request->msgType, 0, 1); - SIVAL (&request->flags, 0, 0x0000b207); /* have to figure out what these mean */ - spa_string_add (request, user, u); - spa_string_add (request, domain, domain); --free (u); - } - - -@@ -1475,16 +1499,16 @@ free (u); - - void - spa_build_auth_response (SPAAuthChallenge * challenge, -- SPAAuthResponse * response, char *user, -- char *password) -+ SPAAuthResponse * response, uschar * user, -+ uschar * password) - { - uint8x lmRespData[24]; - uint8x ntRespData[24]; - uint32x cf = IVAL(&challenge->flags, 0); --char *u = strdup (user); --char *p = strchr (u, '@'); --char *d = NULL; --char *domain; -+uschar * u = string_copy(user); -+uschar * p = Ustrchr(u, '@'); -+uschar * d = NULL; -+uschar * domain; - - if (p) - { -@@ -1492,33 +1516,33 @@ if (p) - *p = '\0'; - } - --else domain = d = strdup((cf & 0x1)? -- CCS GetUnicodeString(challenge, uDomain) : -- CCS GetString(challenge, uDomain)); -+else domain = d = string_copy(cf & 0x1 -+ ? CUS get_challenge_unistr(challenge, &challenge->uDomain) -+ : CUS get_challenge_str(challenge, &challenge->uDomain)); - --spa_smb_encrypt (US password, challenge->challengeData, lmRespData); --spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData); -+spa_smb_encrypt(password, challenge->challengeData, lmRespData); -+spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData); - - response->bufIndex = 0; - memcpy (response->ident, "NTLMSSP\0\0\0", 8); - SIVAL (&response->msgType, 0, 3); - --spa_bytes_add (response, lmResponse, lmRespData, (cf & 0x200) ? 24 : 0); --spa_bytes_add (response, ntResponse, ntRespData, (cf & 0x8000) ? 24 : 0); -+spa_bytes_add(response, lmResponse, lmRespData, cf & 0x200 ? 24 : 0); -+spa_bytes_add(response, ntResponse, ntRespData, cf & 0x8000 ? 24 : 0); - - if (cf & 0x1) { /* Unicode Text */ -- spa_unicode_add_string (response, uDomain, domain); -- spa_unicode_add_string (response, uUser, u); -- spa_unicode_add_string (response, uWks, u); -+ spa_unicode_add_string(response, uDomain, domain); -+ spa_unicode_add_string(response, uUser, u); -+ spa_unicode_add_string(response, uWks, u); - } else { /* OEM Text */ -- spa_string_add (response, uDomain, domain); -- spa_string_add (response, uUser, u); -- spa_string_add (response, uWks, u); -+ spa_string_add(response, uDomain, domain); -+ spa_string_add(response, uUser, u); -+ spa_string_add(response, uWks, u); - } - --spa_string_add (response, sessionKey, NULL); -+spa_string_add(response, sessionKey, NULL); - response->flags = challenge->flags; -- --if (d != NULL) free (d); --free (u); - } -+ -+ -+#endif /*!MACRO_PREDEF*/ -diff --git a/src/auths/auth-spa.h b/src/auths/auth-spa.h -index cfe1b086d..3b0b3a9e3 100644 ---- a/src/auths/auth-spa.h -+++ b/src/auths/auth-spa.h -@@ -79,10 +79,10 @@ typedef struct - - void spa_bits_to_base64 (unsigned char *, const unsigned char *, int); - int spa_base64_to_bits(char *, int, const char *); --void spa_build_auth_response (SPAAuthChallenge *challenge, -- SPAAuthResponse *response, char *user, char *password); --void spa_build_auth_request (SPAAuthRequest *request, char *user, -- char *domain); -+void spa_build_auth_response (SPAAuthChallenge * challenge, -+ SPAAuthResponse * response, uschar * user, uschar * password); -+void spa_build_auth_request (SPAAuthRequest * request, uschar * user, -+ uschar * domain); - extern void spa_smb_encrypt (unsigned char * passwd, unsigned char * c8, - unsigned char * p24); - extern void spa_smb_nt_encrypt (unsigned char * passwd, unsigned char * c8, -diff --git a/src/auths/external.c b/src/auths/external.c -index 7e7fca841..790b98159 100644 ---- a/src/auths/external.c -+++ b/src/auths/external.c -@@ -103,7 +103,7 @@ if (expand_nmax == 0) /* skip if rxd data */ - if (ob->server_param2) - { - uschar * s = expand_string(ob->server_param2); -- auth_vars[expand_nmax] = s; -+ auth_vars[expand_nmax = 1] = s; - expand_nstring[++expand_nmax] = s; - expand_nlength[expand_nmax] = Ustrlen(s); - if (ob->server_param3) -diff --git a/src/auths/spa.c b/src/auths/spa.c -index ff90d33a3..bfaccefda 100644 ---- a/src/auths/spa.c -+++ b/src/auths/spa.c -@@ -284,14 +284,13 @@ SPAAuthRequest request; - SPAAuthChallenge challenge; - SPAAuthResponse response; - char msgbuf[2048]; --char *domain = NULL; --char *username, *password; -+uschar * domain = NULL, * username, * password; - - /* Code added by PH to expand the options */ - - *buffer = 0; /* Default no message when cancelled */ - --if (!(username = CS expand_string(ob->spa_username))) -+if (!(username = expand_string(ob->spa_username))) - { - if (f.expand_string_forcedfail) return CANCELLED; - string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " -@@ -300,7 +299,7 @@ if (!(username = CS expand_string(ob->spa_username))) - return ERROR; - } - --if (!(password = CS expand_string(ob->spa_password))) -+if (!(password = expand_string(ob->spa_password))) - { - if (f.expand_string_forcedfail) return CANCELLED; - string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " -@@ -310,7 +309,7 @@ if (!(password = CS expand_string(ob->spa_password))) - } - - if (ob->spa_domain) -- if (!(domain = CS expand_string(ob->spa_domain))) -+ if (!(domain = expand_string(ob->spa_domain))) - { - if (f.expand_string_forcedfail) return CANCELLED; - string_format(buffer, buffsize, "expansion of \"%s\" failed in %s " -@@ -330,7 +329,7 @@ if (!smtp_read_response(sx, US buffer, buffsize, '3', timeout)) - - DSPA("\n\n%s authenticator: using domain %s\n\n", ablock->name, domain); - --spa_build_auth_request(&request, CS username, domain); -+spa_build_auth_request(&request, username, domain); - spa_bits_to_base64(US msgbuf, US &request, spa_request_length(&request)); - - DSPA("\n\n%s authenticator: sending request (%s)\n\n", ablock->name, msgbuf); -@@ -347,7 +346,7 @@ if (!smtp_read_response(sx, US buffer, buffsize, '3', timeout)) - DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4); - spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4)); - --spa_build_auth_response(&challenge, &response, CS username, CS password); -+spa_build_auth_response(&challenge, &response, username, password); - spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response)); - DSPA("\n\n%s authenticator: challenge response (%s)\n\n", ablock->name, msgbuf); - diff --git a/patch-cve-2022-3559 b/patch-cve-2022-3559 deleted file mode 100644 index 45f2cf5..0000000 --- a/patch-cve-2022-3559 +++ /dev/null @@ -1,127 +0,0 @@ -diff -ru a/src/exim.c b/src/exim.c ---- a/src/exim.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/exim.c 2022-10-18 13:38:30.366261000 +0200 -@@ -2001,8 +2001,6 @@ - regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE); - #endif - --for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -- - /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; - this seems to be a generally accepted convention, since one finds symbolic - links called "mailq" in standard OS configurations. */ -@@ -6084,7 +6082,7 @@ - deliver_localpart_data = deliver_domain_data = - recipient_data = sender_data = NULL; - acl_var_m = NULL; -- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+ regex_vars_clear(); - - store_reset(reset_point); - } -diff -ru a/src/expand.c b/src/expand.c ---- a/src/expand.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/expand.c 2022-10-18 13:38:30.368690000 +0200 -@@ -1873,7 +1873,7 @@ - return node ? node->data.ptr : strict_acl_vars ? NULL : US""; - } - --/* Handle $auth variables. */ -+/* Handle $auth, $regex variables. */ - - if (Ustrncmp(name, "auth", 4) == 0) - { -diff -ru a/src/functions.h b/src/functions.h ---- a/src/functions.h 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/functions.h 2022-10-18 13:39:21.953979000 +0200 -@@ -438,6 +438,7 @@ - extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **); - extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int); - extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL); -+extern void regex_vars_clear(void); - extern void retry_add_item(address_item *, uschar *, int); - extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL, - uschar **, uschar **); -Only in b/src: functions.h.rej -diff -ru a/src/globals.c b/src/globals.c ---- a/src/globals.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/globals.c 2022-10-18 13:46:22.093392000 +0200 -@@ -1315,7 +1315,7 @@ - #endif - const pcre2_code *regex_ismsgid = NULL; - const pcre2_code *regex_smtp_code = NULL; --const uschar *regex_vars[REGEX_VARS]; -+const uschar *regex_vars[REGEX_VARS] = { 0 }; - #ifdef WHITELIST_D_MACROS - const pcre2_code *regex_whitelisted_macro = NULL; - #endif -Only in b/src: globals.c.rej -diff -ru a/src/regex.c b/src/regex.c ---- a/src/regex.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/regex.c 2022-10-18 13:43:13.041903000 +0200 -@@ -96,18 +96,26 @@ - return FAIL; - } - -+/* reset expansion variables */ -+void -+regex_vars_clear(void) -+{ -+regex_match_string = NULL; -+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+} -+ -+ - int --regex(const uschar **listptr) -+regex(const uschar ** listptr) - { - unsigned long mbox_size; --FILE *mbox_file; --pcre_list *re_list_head; --uschar *linebuffer; -+FILE * mbox_file; -+pcre_list * re_list_head; -+uschar * linebuffer; - long f_pos = 0; - int ret = FAIL; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - if (!mime_stream) /* We are in the DATA ACL */ - { -@@ -169,14 +177,13 @@ - int - mime_regex(const uschar **listptr) - { --pcre_list *re_list_head = NULL; --FILE *f; --uschar *mime_subject = NULL; -+pcre_list * re_list_head = NULL; -+FILE * f; -+uschar * mime_subject = NULL; - int mime_subject_len = 0; - int ret; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - /* precompile our regexes */ - if (!(re_list_head = compile(*listptr))) -diff -ru a/src/smtp_in.c b/src/smtp_in.c ---- a/src/smtp_in.c 2022-06-23 15:41:10.000000000 +0200 -+++ b/src/smtp_in.c 2022-10-18 13:38:30.372819000 +0200 -@@ -2157,8 +2157,10 @@ - #ifdef SUPPORT_I18N - message_smtputf8 = FALSE; - #endif -+regex_vars_clear(); - body_linecount = body_zerocount = 0; - -+lookup_value = NULL; /* Can be set by ACL */ - sender_rate = sender_rate_limit = sender_rate_period = NULL; - ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */ - /* Note that ratelimiters_conn persists across resets. */ From ed51ffdd94f0e343f1ba20f44caf550240f3adcb9536cd4ca4472fab154cfdfd Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Mon, 2 Oct 2023 13:30:56 +0000 Subject: [PATCH 4/4] add proper source files OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=277 --- exim-4.96.1.tar.bz2 | 3 +++ exim-4.96.1.tar.bz2.asc | 11 +++++++++++ exim-4.96.1.tar.gz | 3 --- exim-4.96.1.tar.gz.asc | 11 ----------- exim.changes | 1 + 5 files changed, 15 insertions(+), 14 deletions(-) create mode 100644 exim-4.96.1.tar.bz2 create mode 100644 exim-4.96.1.tar.bz2.asc delete mode 100644 exim-4.96.1.tar.gz delete mode 100644 exim-4.96.1.tar.gz.asc diff --git a/exim-4.96.1.tar.bz2 b/exim-4.96.1.tar.bz2 new file mode 100644 index 0000000..586913c --- /dev/null +++ b/exim-4.96.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:26bbcd4f45483c7138912b4bd31022aee8abf8ac7cdff55839d7e2a9e4c60692 +size 2048927 diff --git a/exim-4.96.1.tar.bz2.asc b/exim-4.96.1.tar.bz2.asc new file mode 100644 index 0000000..c330d21 --- /dev/null +++ b/exim-4.96.1.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmUam7sACgkQr0zGdqa2 +wULqbwgAy75Q48zosNGHOApHAUzEiJpFaujZCQEFxiXqiJlWmFN+sDs7xnx+gOTD +jChIjsbM2PYlNE2DQ4XhuZSFwfufrJfB7GhzyWcYekX78s73sMFdTtsr+8MytNgH +vZp2qe7kgPPU8veckdXPiwrtJVgDNGmwhWLBUQaZMK0qum/Gk6PC7doOm7/e8jbj +X6SKli1Mz/xzxeaTsDEmr9/Z+Nuh+HCXmFK2wLQYP9+AJPE7y1jjup9dCyUzvuNX +rtFPStWzaVUWE4/QO0fpVAnvcb73fdnUSJfqQH7tqvGQhi/rScGLj+tcIdmbTZ68 +TQ1ZXv/5jmWbiNKPB6kV+NEduqzzFw== +=Mmdf +-----END PGP SIGNATURE----- diff --git a/exim-4.96.1.tar.gz b/exim-4.96.1.tar.gz deleted file mode 100644 index 7819ae7..0000000 --- a/exim-4.96.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6d06845e07c699e7dabbe1ca1edf23fe8b17083dc9fe0736f0b4a90351ac708e -size 2587066 diff --git a/exim-4.96.1.tar.gz.asc b/exim-4.96.1.tar.gz.asc deleted file mode 100644 index d7cbe38..0000000 --- a/exim-4.96.1.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmUam7wACgkQr0zGdqa2 -wUJTWAf/ThDZFIOGAB4rTFJF2dZjZnlNPWAYB//ZGG4ZbeCPBPeLlQcNtRA7KX2B -vaWo3iGneYqn6Zf2DHjeeGsqtRE62hh9S8d0wkSkGA9VnRSK6kh8eFEotWA/pXAp -ZsYhBlOHxqzaDy9l0S3o+AXXG+Ag/Qg+ZjhkBHRZg+rq0xDwzF+3KxVhbRrUTtKL -Tl7Z+uvepeXmfN0TU2nAnbHtp7+IOVaZlMGPC3J0xL6vdQt5N+peccg3lDn09OPw -pcrDbG/IFYqB4d/ae9Y4kYV/S5o1c8reNC7u6ovPqBCNusSEmdS6aXCVHQWGeZoa -nYCzFqFTB3yqOUq2Yae3NzG2CmzMTg== -=c4Fg ------END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index 26ff9de..228fb32 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,4 @@ +------------------------------------------------------------------- Mon Oct 2 05:53:32 UTC 2023 - Peter Wullinger - security update to exim 4.96.1