Accepting request 504846 from home:msmeissn:branches:server:mail

- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be exploited to "stack crash" local privilege escalation (bsc#1044692) - Require user(mail) group(mail) to meet new users handling in TW. - Prerequire permissions (fixes rpmlint). CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch OBS-URL: https://build.opensuse.org/request/show/504846 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=184
2017-06-22 14:02:16 +00:00 · 2017-06-22 14:02:16 +00:00 · 048e707927
commit 048e707927
parent 557870d382
3 changed files with 63 additions and 2 deletions
--- a/exim-CVE-2017-1000369.patch
+++ b/exim-CVE-2017-1000369.patch
@ -0,0 +1,43 @@
+commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
+Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
+Date:   Wed May 31 23:08:56 2017 +0200
+
+    Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
+
+diff --git a/src/exim.c b/src/src/exim.c
+index 67583e58..88e11977 100644
+--- a/src/exim.c
+++ b/src/exim.c
+@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
+ 
+       /* -oMr: Received protocol */
+ 
+-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
+      else if (Ustrcmp(argrest, "Mr") == 0)
+
+        if (received_protocol)
+          {
+          fprintf(stderr, "received_protocol is set already\n");
+          exit(EXIT_FAILURE);
+          }
+        else received_protocol = argv[++i];
+ 
+       /* -oMs: Set sender host name */
+ 
+@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
+ 
+     if (*argrest != 0)
+       {
+-      uschar *hn = Ustrchr(argrest, ':');
+      uschar *hn;
+
+      if (received_protocol)
+        {
+        fprintf(stderr, "received_protocol is set already\n");
+        exit(EXIT_FAILURE);
+        }
+
+      hn = Ustrchr(argrest, ':');
+       if (hn == NULL)
+         {
+         received_protocol = argrest;
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jun 19 16:27:45 UTC 2017 - meissner@suse.com
+
+- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be
+  exploited to "stack crash" local privilege escalation (bsc#1044692)
+
+- Require user(mail) group(mail) to meet new users handling in TW.
+
+- Prerequire permissions (fixes rpmlint).
+
 -------------------------------------------------------------------
 Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de

@ -12,6 +22,7 @@ Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de
    + Don't issue env warning if env is empty

 - fix CVE-2016-9963: DKIM information leakage
+  CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch

 -------------------------------------------------------------------
 Mon Apr  4 15:55:31 UTC 2016 - e.istomin@edss.ee
--- a/exim.spec
+++ b/exim.spec
@ -61,8 +61,13 @@ BuildRequires:  pkgconfig(systemd)
 %else
 Requires(pre):  %insserv_prereq
 %endif
-Requires(pre):  %fillup_prereq
-Requires(pre):  /usr/sbin/useradd
+Requires(pre):  %fillup_prereq permissions
+%if 0%{?suse_version} >= 1330
+BuildRequires:  group(mail)
+BuildRequires:  user(mail)
+Requires(pre):  user(mail)
+Requires(pre):  group(mail)
+%endif
 Requires(pre):  fileutils textutils
 %endif
 Version:        4.86.2
@ -97,6 +102,7 @@ Source40:       exim.service
 Patch0:         exim-tail.patch
 Patch1:         exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
 Patch2:         fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
+Patch3:         exim-CVE-2017-1000369.patch

 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@ -141,6 +147,7 @@ once, if at all. The rest is done by logrotate / cron.)
 %patch0
 %patch1 -p 1
 %patch2 -p 1
+%patch3 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"