Accepting request 504846 from home:msmeissn:branches:server:mail

- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be exploited to "stack crash" local privilege escalation (bsc#1044692) - Require user(mail) group(mail) to meet new users handling in TW. - Prerequire permissions (fixes rpmlint). CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch OBS-URL: https://build.opensuse.org/request/show/504846 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=184
2017-06-22 14:02:16 +00:00 · 2017-06-22 14:02:16 +00:00 · 048e707927
commit 048e707927
parent 557870d382
3 changed files with 63 additions and 2 deletions
--- a/exim-CVE-2017-1000369.patch
+++ b/exim-CVE-2017-1000369.patch
@ -0,0 +1,43 @@
 commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
 Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
 Date:   Wed May 31 23:08:56 2017 +0200
    Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
 diff --git a/src/exim.c b/src/src/exim.c
 index 67583e58..88e11977 100644
 --- a/src/exim.c
 +++ b/src/exim.c
@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
       /* -oMr: Received protocol */
 -      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
 +      else if (Ustrcmp(argrest, "Mr") == 0)
 +
 +        if (received_protocol)
 +          {
 +          fprintf(stderr, "received_protocol is set already\n");
 +          exit(EXIT_FAILURE);
 +          }
 +        else received_protocol = argv[++i];
       /* -oMs: Set sender host name */
@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
     if (*argrest != 0)
       {
 -      uschar *hn = Ustrchr(argrest, ':');
 +      uschar *hn;
 +
 +      if (received_protocol)
 +        {
 +        fprintf(stderr, "received_protocol is set already\n");
 +        exit(EXIT_FAILURE);
 +        }
 +
 +      hn = Ustrchr(argrest, ':');
       if (hn == NULL)
         {
         received_protocol = argrest;
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,13 @@
 -------------------------------------------------------------------
 Mon Jun 19 16:27:45 UTC 2017 - meissner@suse.com
 - exim-CVE-2017-1000369.patch: Fixed memory leaks that could be
  exploited to "stack crash" local privilege escalation (bsc#1044692)
 - Require user(mail) group(mail) to meet new users handling in TW.
 - Prerequire permissions (fixes rpmlint).
 -------------------------------------------------------------------
 Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de
@ -12,6 +22,7 @@ Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de
    + Don't issue env warning if env is empty
 - fix CVE-2016-9963: DKIM information leakage
  CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
 -------------------------------------------------------------------
 Mon Apr  4 15:55:31 UTC 2016 - e.istomin@edss.ee
--- a/exim.spec
+++ b/exim.spec
@ -61,8 +61,13 @@ BuildRequires:  pkgconfig(systemd)
 %else
 Requires(pre):  %insserv_prereq
 %endif
-Requires(pre):  %fillup_prereq
+Requires(pre):  %fillup_prereq permissions
-Requires(pre):  /usr/sbin/useradd
+%if 0%{?suse_version} >= 1330
 BuildRequires:  group(mail)
 BuildRequires:  user(mail)
 Requires(pre):  user(mail)
 Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
 Version:        4.86.2
@ -97,6 +102,7 @@ Source40:       exim.service
 Patch0:         exim-tail.patch
 Patch1:         exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
 Patch2:         fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
 Patch3:         exim-CVE-2017-1000369.patch
 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@ -141,6 +147,7 @@ once, if at all. The rest is done by logrotate / cron.)
 %patch0
 %patch1 -p 1
 %patch2 -p 1
 %patch3 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"