- update to exim-4.94.2
security update
* CVE-2020-28007: Link attack in Exim's log directory
* CVE-2020-28008: Assorted attacks in Exim's spool directory
* CVE-2020-28014: Arbitrary PID file creation
* CVE-2020-28011: Heap buffer overflow in queue_run()
* CVE-2020-28010: Heap out-of-bounds write in main()
* CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
* CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
* CVE-2020-28015: New-line injection into spool header file (local)
* CVE-2020-28012: Missing close-on-exec flag for privileged pipe
* CVE-2020-28009: Integer overflow in get_stdinput()
* CVE-2020-28017: Integer overflow in receive_add_recipient()
* CVE-2020-28020: Integer overflow in receive_msg()
* CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
* CVE-2020-28021: New-line injection into spool header file (remote)
* CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
* CVE-2020-28026: Line truncation and injection in spool_read_header()
* CVE-2020-28019: Failure to reset function pointer after BDAT error
* CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
* CVE-2020-28018: Use-after-free in tls-openssl.c
* CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
- update to exim-4.94.1
* Fix security issue in BDAT state confusion.
Ensure we reset known-good where we know we need to not be reading BDAT
data, as a general case fix, and move the places where we switch to BDAT
mode until after various protocol state checks.
Fixes CVE-2020-BDATA reported by Qualys.
* Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
* Fix security issue with too many recipients on a message (to remove a
known security problem if someone does set recipients_max to unlimited,
or if local additions add to the recipient list).
Fixes CVE-2020-RCPTL reported by Qualys.
* Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
* Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
providing a particularly obnoxious sender full name.
* Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better.
OBS-URL: https://build.opensuse.org/request/show/890519
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=248
- bring in changes from current +fixes (lots of taint check fixes)
* Bug 1329: Fix format of Maildir-format filenames to match other mail-
related applications. Previously an "H" was used where available info
says that "M" should be, so change to match.
* Bug 2587: Fix pam expansion condition. Tainted values are commonly used
as arguments, so an implementation trying to copy these into a local
buffer was taking a taint-enforcement trap. Fix by using dynamically
created buffers.
* Bug 2586: Fix listcount expansion operator. Using tainted arguments is
reasonable, eg. to count headers. Fix by using dynamically created
buffers rather than a local. Do similar fixes for ACL actions "dcc",
"log_reject_target", "malware" and "spam"; the arguments are expanded
so could be handling tainted values.
* Bug 2590: Fix -bi (newaliases). A previous code rearrangement had
broken the (no-op) support for this sendmail command. Restore it
to doing nothing, silently, and returning good status.
OBS-URL: https://build.opensuse.org/request/show/812518
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=243
- update to exim 4.94
* some transports now refuse to use tainted data in constructing their delivery
location
this WILL BREAK configurations which are not updated accordingly.
In particular: any Transport use of $local_user which has been relying upon
check_local_user far away in the Router to make it safe, should be updated to
replace $local_user with $local_part_data.
* Attempting to remove, in router or transport, a header name that ends with
an asterisk (which is a standards-legal name) will now result in all headers
named starting with the string before the asterisk being removed.
OBS-URL: https://build.opensuse.org/request/show/810991
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=62
- update to exim 4.94
* some transports now refuse to use tainted data in constructing their delivery
location
this WILL BREAK configurations which are not updated accordingly.
In particular: any Transport use of $local_user which has been relying upon
check_local_user far away in the Router to make it safe, should be updated to
replace $local_user with $local_part_data.
* Attempting to remove, in router or transport, a header name that ends with
an asterisk (which is a standards-legal name) will now result in all headers
named starting with the string before the asterisk being removed.
OBS-URL: https://build.opensuse.org/request/show/810989
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=240
- bring changes from current in +fixes branch
(patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
* fixes CVE-2020-12783 (bsc#1171490)
* Regard command-line recipients as tainted.
* Bug 2489: Fix crash in the "pam" expansion condition.
* Use tainted buffers for the transport smtp context.
* Bug 2493: Harden ARC verify against Outlook, which has been seen to mix
the ordering of its ARC headers. This caused a crash.
* Bug 2492: Use tainted memory for retry record when needed. Previously when
a new record was being constructed with information from the peer, a trap
was taken.
* Bug 2494: Unset the default for dmarc_tld_file.
* Fix an uninitialised flag in early-pipelining. Previously connections
could, depending on the platform, hang at the STARTTLS response.
* Bug 2498: Reset a counter used for ARC verify before handling another
message on a connection. Previously if one message had ARC headers and
the following one did not, a crash could result when adding an
Authentication-Results: header.
* Bug 2500: Rewind some of the common-coding in string handling between the
Exim main code and Exim-related utities.
* Fix the variables set by the gsasl authenticator.
* Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
only retrieve the errormessage once.
* Bug 2501: Fix init call in the heimdal authenticator. Previously it
adjusted the size of a major service buffer; this failed because the
buffer was in use at the time. Change to a compile-time increase in the
buffer size, when this authenticator is compiled into exim.
OBS-URL: https://build.opensuse.org/request/show/802873
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=234
- update to exim 4.93.0.4 (+fixes release)
* Avoid costly startup code when not strictly needed. This reduces time
for some exim process initialisations. It does mean that the logging
of TLS configuration problems is only done for the daemon startup.
* Early-pipelining support code is now included unless disabled in Makefile.
* DKIM verification defaults no long accept sha1 hashes, to conform to
RFC 8301. They can still be enabled, using the dkim_verify_hashes main
option.
* Support CHUNKING from an smtp transport using a transport_filter, when
DKIM signing is being done. Previously a transport_filter would always
disable CHUNKING, falling back to traditional DATA.
* Regard command-line receipients as tainted.
* Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.
* Bug 2489: Fix crash in the "pam" expansion condition. It seems that the
PAM library frees one of the arguments given to it, despite the
documentation. Therefore a plain malloc must be used.
* Bug 2491: Use tainted buffers for the transport smtp context. Previously
on-stack buffers were used, resulting in a taint trap when DSN information
copied from a received message was written into the buffer.
* Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix
the ordering of its ARC headers. This caused a crash.
* Bug 2492: Use tainted memory for retry record when needed. Previously when
a new record was being constructed with information from the peer, a trap
was taken.
* Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive
installation would get error messages from DMARC verify, when it hit the
nonexistent file indicated by the default. Distros wanting DMARC enabled
should both provide the file and set the option.
Also enforce no DMARC verification for command-line sourced messages.
* Fix an uninitialised flag in early-pipelining. Previously connections
could, depending on the platform, hang at the STARTTLS response.
* Bug 2498: Reset a counter used for ARC verify before handling another
message on a connection. Previously if one message had ARC headers and
the following one did not, a crash could result when adding an
Authentication-Results: header.
* Bug 2500: Rewind some of the common-coding in string handling between the
Exim main code and Exim-related utities. The introduction of taint
tracking also did many adjustments to string handling. Since then, eximon
frequently terminated with an assert failure.
* When PIPELINING, synch after every hundred or so RCPT commands sent and
check for 452 responses. This slightly helps the inefficieny of doing
a large alias-expansion into a recipient-limited target. The max_rcpt
transport option still applies (and at the current default, will override
the new feature). The check is done for either cause of synch, and forces
a fast-retry of all 452'd recipients using a new MAIL FROM on the same
connection. The new facility is not tunable at this time.
* Fix the variables set by the gsasl authenticator. Previously a pointer to
library live data was being used, so the results became garbage. Make
copies while it is still usable.
* Logging: when the deliver_time selector ise set, include the DT= field
on delivery deferred (==) and failed (**) lines (if a delivery was
attemtped). Previously it was only on completion (=>) lines.
* Authentication: the gsasl driver not provides the $authN variables in time
for the expansion of the server_scram_iter and server_scram_salt options.
OBS-URL: https://build.opensuse.org/request/show/761343
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=225
- update to exim 4.93
* SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
* DISABLE_TLS replaces SUPPORT_TLS
* Bump the version for the local_scan API.
* smtp transport option hosts_try_fastopen defaults to "*".
* DNSSec is requested (not required) for all queries. (This seemes to
ask for trouble if your resolver is a systemd-resolved.)
* Generic router option retry_use_local_part defaults to "true" under specific
pre-conditions.
* Introduce a tainting mechanism for values read from untrusted sources.
* Use longer file names for temporary spool files (this avoids
name conflicts with spool on a shared file system).
* Use dsn_from main config option (was ignored previously).
OBS-URL: https://build.opensuse.org/request/show/756081
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=219
- update to exim 4.92
* ${l_header:<name>} expansion
* ${readsocket} now supports TLS
* "utf8_downconvert" option (if built with SUPPORT_I18N)
* "pipelining" log_selector
* JSON variants for ${extract } expansion
* "noutf8" debug option
* TCP Fast Open support on MacOS
- add workaround patch for compile time error on missing printf
format annotation (gnu_printf.patch)
OBS-URL: https://build.opensuse.org/request/show/675339
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=205
- update to 4.90.1
* Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
during configuration. Wildcards are allowed and expanded.
* Shorten the log line for daemon startup by collapsing adjacent sets of
identical IP addresses on different listening ports. Will also affect
"exiwhat" output.
* Tighten up the checking in isip4 (et al): dotted-quad components larger
than 255 are no longer allowed.
* Default openssl_options to include +no_ticket, to reduce load on peers.
Disable the session-cache too, which might reduce our load. Since we
currrectly use a new context for every connection, both as server and
client, there is no benefit for these.
* Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
<https://reproducible-builds.org/specs/source-date-epoch/>.
* Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
the check for any unsuccessful recipients did not notice the limit, and
erroneously found still-pending ones.
* Pipeline CHUNKING command and data together, on kernels that support
MSG_MORE. Only in-clear (not on TLS connections).
* Avoid using a temporary file during transport using dkim. Unless a
transport-filter is involved we can buffer the headers in memory for
creating the signature, and read the spool data file once for the
signature and again for transmission.
* Enable use of sendfile in Linux builds as default. It was disabled in
4.77 as the kernel support then wasn't solid, having issues in 64bit
mode. Now, it's been long enough. Add support for FreeBSD also.
* Add commandline_checks_require_admin option.
* Do pipelining under TLS.
* For the "sock" variant of the malware scanner interface, accept an empty
cmdline element to get the documented default one. Previously it was
inaccessible.
* Prevent repeated use of -p/-oMr
* DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
if present.
* DKIM: when a message has multiple signatures matching an identity given
in dkim_verify_signers, run the dkim acl once for each.
* Support IDNA2008.
* The path option on a pipe transport is now expanded before use
* Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
- Several bug fixes
- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
- removed patches (included upstream now):
* exim-CVE-2017-1000369.patch
* exim-CVE-2017-16943.patch
* exim-CVE-2017-16944.patch
* exim-4.86.2-mariadb_102_compile_fix.patch
old: server:mail/exim
new: home:kbabioch:branches:server:mail/exim rev None
Index: exim.changes
===================================================================
--- exim.changes (revision 200)
+++ exim.changes (revision 4)
@@ -1,4 +1,54 @@
-------------------------------------------------------------------
+Tue Feb 13 13:39:34 UTC 2018 - kbabioch@suse.com
+
+- update to 4.90.1
+ * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+ during configuration. Wildcards are allowed and expanded.
+ * Shorten the log line for daemon startup by collapsing adjacent sets of
+ identical IP addresses on different listening ports. Will also affect
+ "exiwhat" output.
+ * Tighten up the checking in isip4 (et al): dotted-quad components larger
+ than 255 are no longer allowed.
+ * Default openssl_options to include +no_ticket, to reduce load on peers.
+ Disable the session-cache too, which might reduce our load. Since we
+ currrectly use a new context for every connection, both as server and
+ client, there is no benefit for these.
+ * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
+ <https://reproducible-builds.org/specs/source-date-epoch/>.
+ * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
+ the check for any unsuccessful recipients did not notice the limit, and
+ erroneously found still-pending ones.
+ * Pipeline CHUNKING command and data together, on kernels that support
+ MSG_MORE. Only in-clear (not on TLS connections).
+ * Avoid using a temporary file during transport using dkim. Unless a
+ transport-filter is involved we can buffer the headers in memory for
+ creating the signature, and read the spool data file once for the
+ signature and again for transmission.
+ * Enable use of sendfile in Linux builds as default. It was disabled in
+ 4.77 as the kernel support then wasn't solid, having issues in 64bit
+ mode. Now, it's been long enough. Add support for FreeBSD also.
+ * Add commandline_checks_require_admin option.
+ * Do pipelining under TLS.
+ * For the "sock" variant of the malware scanner interface, accept an empty
+ cmdline element to get the documented default one. Previously it was
+ inaccessible.
+ * Prevent repeated use of -p/-oMr
+ * DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
+ if present.
+ * DKIM: when a message has multiple signatures matching an identity given
+ in dkim_verify_signers, run the dkim acl once for each.
+ * Support IDNA2008.
+ * The path option on a pipe transport is now expanded before use
+ * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+- Several bug fixes
+- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
+- removed patches (included upstream now):
+ * exim-CVE-2017-1000369.patch
+ * exim-CVE-2017-16943.patch
+ * exim-CVE-2017-16944.patch
+ * exim-4.86.2-mariadb_102_compile_fix.patch
+
+-------------------------------------------------------------------
Thu Nov 30 08:32:50 UTC 2017 - wullinger@rz.uni-kiel.de
- add exim-CVE-2017-16944.patch:
Index: exim.spec
===================================================================
--- exim.spec (revision 200)
+++ exim.spec (revision 4)
@@ -1,7 +1,7 @@
#
# spec file for package exim
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -78,7 +78,7 @@
%endif
Requires(pre): fileutils textutils
%endif
-Version: 4.88
+Version: 4.90.1
Release: 0
%if %{with_mysql}
BuildRequires: mysql-devel
@@ -93,8 +93,8 @@
License: GPL-2.0+
Group: Productivity/Networking/Email/Servers
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
-Source3: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
+Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
+Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
# http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
Source4: exim.keyring
Source1: sysconfig.exim
@@ -107,10 +107,6 @@
Source32: eximstats.conf-2.2
Source40: exim.service
Patch0: exim-tail.patch
-Patch3: exim-CVE-2017-1000369.patch
-Patch4: exim-CVE-2017-16943.patch
-Patch5: exim-CVE-2017-16944.patch
-Patch6: exim-4.86.2-mariadb_102_compile_fix.patch
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -153,10 +149,6 @@
%prep
%setup -q -n exim-%{version}
%patch0
-%patch3 -p 1
-%patch4 -p 1
-%patch5 -p 1
-%patch6 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
@@ -328,7 +320,7 @@
inst_info=$RPM_BUILD_ROOT/%{_infodir} \
INSTALL_ARG=-no_chown install
#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
-mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim
+mv $RPM_BUILD_ROOT/usr/sbin/exim-4.9* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done
%if 0%{?suse_version} > 1220
install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
Index: exim-4.90.1.tar.bz2
===================================================================
Binary file exim-4.90.1.tar.bz2 (revision 4) added
Index: exim-4.90.1.tar.bz2.asc
===================================================================
--- exim-4.90.1.tar.bz2.asc (added)
+++ exim-4.90.1.tar.bz2.asc (revision 4)
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAlp8U0MACgkQr0zGdqa2
+wUKEiwf9GmNYK5sbmpi/c2TdfPqsqU1o76l3PoTt+kxSQi5t4j30dsqZdWvzvkuj
+k+/x1SsDRg44+wv19ynnYH4tSCZ3QSwTevyfXvR7bSGpSTCN0tTnaWm/AuBXNC8D
+9lukQckwdZckVNciRriVCLi9VTymV/tdnIxowQu/WfdEzFTXDeYzu3KoioG+jKAV
+MWhnyUDfhPYPYs+u8IKdFDE3Z9bO/I/EbgTHiR6PetLWusSugrp/MyJjICp8HsvI
+f/pMj+rytJo2hOnI9x/wpUiXb7XnnQnph3mic5BQU4DF+tI6dK1zTS66PyTYAoNI
+p6Po3uLY/umKYT+W6jxURPfC2TH1+A==
+=k4cD
+-----END PGP SIGNATURE-----
Index: exim-4.86.2-mariadb_102_compile_fix.patch
===================================================================
--- exim-4.86.2-mariadb_102_compile_fix.patch (revision 200)
+++ exim-4.86.2-mariadb_102_compile_fix.patch (deleted)
@@ -1,94 +0,0 @@
-Index: exim-4.86.2/src/lookups/mysql.c
-===================================================================
---- exim-4.86.2.orig/src/lookups/mysql.c
-+++ exim-4.86.2/src/lookups/mysql.c
-@@ -14,6 +14,53 @@ functions. */
-
- #include <mysql.h> /* The system header */
-
-+/* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
-+and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
-+with versions before 10.2, as they do not define there there specific symbols.
-+*/
-+
-+// Newer (>= 10.2) MariaDB
-+#if defined MARIADB_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
-+
-+// MySQL defines MYSQL_VERSION_ID, and MariaDB does so
-+// https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html
-+#elif defined LIBMYSQL_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
-+#elif defined MYSQL_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
-+
-+#else
-+#define EXIM_MYSQL_VERSION_ID 0
-+#endif
-+
-+// Newer (>= 10.2) MariaDB
-+#ifdef MARIADB_CLIENT_VERSION_STR
-+#define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
-+
-+// Mysql uses MYSQL_SERVER_VERSION
-+#elif defined LIBMYSQL_VERSION
-+#define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
-+#elif defined MYSQL_SERVER_VERSION
-+#define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
-+
-+#else
-+#define EXIM_MxSQL_VERSION_STR "N.A."
-+#endif
-+
-+#if defined MARIADB_BASE_VERSION
-+#define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
-+
-+#elif defined MARIADB_PACKAGE_VERSION
-+#define EXIM_MxSQL_BASE_STR "mariadb"
-+
-+#elif defined MYSQL_BASE_VERSION
-+#define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
-+
-+#else
-+#define EXIM_MxSQL_BASE_STR "n.A."
-+#endif
-+
-
- /* Structure and anchor for caching connections. */
-
-@@ -423,10 +470,10 @@ return quoted;
- void
- mysql_version_report(FILE *f)
- {
--fprintf(f, "Library version: MySQL: Compile: %s [%s]\n"
-- " Runtime: %s\n",
-- MYSQL_SERVER_VERSION, MYSQL_COMPILATION_COMMENT,
-- mysql_get_client_info());
-+fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
-+ " Runtime: %lu %s\n",
-+ (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
-+ mysql_get_client_version(), mysql_get_client_info());
- #ifdef DYNLOOKUP
- fprintf(f, " Exim version %s\n", EXIM_VERSION_STR);
- #endif
-Index: exim-4.86.2/src/EDITME
-===================================================================
---- exim-4.86.2.orig/src/EDITME
-+++ exim-4.86.2/src/EDITME
-@@ -253,7 +253,7 @@ TRANSPORT_SMTP=yes
- # you perform upgrades and revert them. You should consider the benefit of
- # embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
- # maintain two concurrent sets of modules.
--#
-+#
- # *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
- # the ability to modify the Exim binary, which is often setuid root! The Exim
- # developers only intend this functionality be used by OS software packagers
-@@ -301,6 +301,7 @@ LOOKUP_DNSDB=yes
- # LOOKUP_IBASE=yes
- # LOOKUP_LDAP=yes
- # LOOKUP_MYSQL=yes
-+# LOOKUP_MYSQL_PC=mariadb
- # LOOKUP_NIS=yes
- # LOOKUP_NISPLUS=yes
- # LOOKUP_ORACLE=yes
Index: exim-4.88.tar.bz2
===================================================================
Binary file exim-4.88.tar.bz2 (revision 200) deleted
Index: exim-4.88.tar.bz2.asc
===================================================================
--- exim-4.88.tar.bz2.asc (revision 200)
+++ exim-4.88.tar.bz2.asc (deleted)
@@ -1,10 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEcBAABAgAGBQJYVqBoAAoJELzljIzkHzLf5vIH/R4gcGqdEwGkFDRwQA5ImNif
-USPeSli63U2tL2YRpf8E/sMWlf2ywZl9vGkVWhvYFvMWI4gn+hNAh0jUj2BakCdI
-aEjUk0KSA0nXHzIGmNyf0lAcC1VONRq0KLxfQvlGF8RrKnBL7urg46EVFagmU8g9
-m3KVHPjv1cUIICZdJVWICUChjjm23pBvtqr1M9TgUAhWQU0FaG9dmgY2Kh4s2pnG
-0o+llbQdU1hvtk0lTMzZYmYTtS3totoyR3aKYdws/epOnE1MgVOIlnp2q5R9FMO1
-RE5bHa2Qg5UCf5wwAKSOxIDLPEVUoX6qkbP7inByuGKZ5dSvBQwUGPAt+b2Lb38=
-=jgHZ
------END PGP SIGNATURE-----
Index: exim-CVE-2017-1000369.patch
===================================================================
--- exim-CVE-2017-1000369.patch (revision 200)
+++ exim-CVE-2017-1000369.patch (deleted)
@@ -1,43 +0,0 @@
-commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
-Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
-Date: Wed May 31 23:08:56 2017 +0200
-
- Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
-
-diff --git a/src/exim.c b/src/src/exim.c
-index 67583e58..88e11977 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
-
- /* -oMr: Received protocol */
-
-- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
-+ else if (Ustrcmp(argrest, "Mr") == 0)
-+
-+ if (received_protocol)
-+ {
-+ fprintf(stderr, "received_protocol is set already\n");
-+ exit(EXIT_FAILURE);
-+ }
-+ else received_protocol = argv[++i];
-
- /* -oMs: Set sender host name */
-
-@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
-
- if (*argrest != 0)
- {
-- uschar *hn = Ustrchr(argrest, ':');
-+ uschar *hn;
-+
-+ if (received_protocol)
-+ {
-+ fprintf(stderr, "received_protocol is set already\n");
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ hn = Ustrchr(argrest, ':');
- if (hn == NULL)
- {
- received_protocol = argrest;
Index: exim-CVE-2017-16943.patch
===================================================================
--- exim-CVE-2017-16943.patch (revision 200)
+++ exim-CVE-2017-16943.patch (deleted)
@@ -1,40 +0,0 @@
-From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 24 Nov 2017 20:22:33 +0000
-Subject: [PATCH] Avoid release of store if there have been later allocations.
- Bug 2199
-
----
- src/src/receive.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/src/receive.c b/src/src/receive.c
-index e7e518a..d9b5001 100644
---- a/src/receive.c
-+++ b/src/receive.c
-@@ -1810,8 +1810,8 @@ for (;;)
- (and sometimes lunatic messages can have ones that are 100s of K long) we
- call store_release() for strings that have been copied - if the string is at
- the start of a block (and therefore the only thing in it, because we aren't
-- doing any other gets), the block gets freed. We can only do this because we
-- know there are no other calls to store_get() going on. */
-+ doing any other gets), the block gets freed. We can only do this release if
-+ there were no allocations since the once that we want to free. */
-
- if (ptr >= header_size - 4)
- {
-@@ -1820,9 +1820,10 @@ for (;;)
- header_size *= 2;
- if (!store_extend(next->text, oldsize, header_size))
- {
-+ BOOL release_ok = store_last_get[store_pool] == next->text;
- uschar *newtext = store_get(header_size);
- memcpy(newtext, next->text, ptr);
-- store_release(next->text);
-+ if (release_ok) store_release(next->text);
- next->text = newtext;
- }
- }
---
-1.9.1
-
Index: exim-CVE-2017-16944.patch
===================================================================
--- exim-CVE-2017-16944.patch (revision 200)
+++ exim-CVE-2017-16944.patch (deleted)
@@ -1,41 +0,0 @@
-diff -ru a/src/receive.c b/src/receive.c
---- a/src/receive.c 2017-11-30 09:15:29.593364805 +0100
-+++ b/src/receive.c 2017-11-30 09:17:32.026970431 +0100
-@@ -1759,7 +1759,7 @@
- prevent further reading), and break out of the loop, having freed the
- empty header, and set next = NULL to indicate no data line. */
-
-- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
-+ if (ptr == 0 && ch == '.' && dot_ends)
- {
- ch = (receive_getc)();
- if (ch == '\r')
-diff -ru a/src/smtp_in.c b/src/smtp_in.c
---- a/src/smtp_in.c 2017-11-30 09:15:29.593364805 +0100
-+++ b/src/smtp_in.c 2017-11-30 09:41:47.270055566 +0100
-@@ -4751,11 +4751,17 @@
- ? CHUNKING_LAST : CHUNKING_ACTIVE;
- chunking_data_left = chunking_datasize;
-
-+ /* push the current receive_* function on the "stack", and
-+ replace them by bdat_getc(), which in turn will use the lwr_receive_*
-+ functions to do the dirty work. */
- lwr_receive_getc = receive_getc;
- lwr_receive_ungetc = receive_ungetc;
-+
- receive_getc = bdat_getc;
- receive_ungetc = bdat_ungetc;
-
-+ dot_ends = FALSE;
-+
- DEBUG(D_any)
- debug_printf("chunking state %d\n", (int)chunking_state);
- goto DATA_BDAT;
-@@ -4763,6 +4769,7 @@
-
- case DATA_CMD:
- HAD(SCH_DATA);
-+ dot_ends = TRUE;
-
- DATA_BDAT: /* Common code for DATA and BDAT */
- if (!discarded && recipients_count <= 0)
OBS-URL: https://build.opensuse.org/request/show/576288
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=201
