Accepting request 1114822 from home:pwcau:branches:server:mail

- security update to exim 4.96.1 * fixes CVE-2023-42114 (bsc#1215784) * fixes CVE-2023-42115 (bsc#1215785) * fixes CVE-2023-42116 (bsc#1215786) OBS-URL: https://build.opensuse.org/request/show/1114822 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=276
2023-10-02 13:23:30 +00:00 · 2023-10-02 13:23:30 +00:00 · 1b126813a8
commit 1b126813a8
parent d358e67d5d
8 changed files with 20 additions and 445 deletions
--- a/exim-4.96.1.tar.gz
+++ b/exim-4.96.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6d06845e07c699e7dabbe1ca1edf23fe8b17083dc9fe0736f0b4a90351ac708e
+size 2587066
--- a/exim-4.96.1.tar.gz.asc
+++ b/exim-4.96.1.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmUam7wACgkQr0zGdqa2
+wUJTWAf/ThDZFIOGAB4rTFJF2dZjZnlNPWAYB//ZGG4ZbeCPBPeLlQcNtRA7KX2B
+vaWo3iGneYqn6Zf2DHjeeGsqtRE62hh9S8d0wkSkGA9VnRSK6kh8eFEotWA/pXAp
+ZsYhBlOHxqzaDy9l0S3o+AXXG+Ag/Qg+ZjhkBHRZg+rq0xDwzF+3KxVhbRrUTtKL
+Tl7Z+uvepeXmfN0TU2nAnbHtp7+IOVaZlMGPC3J0xL6vdQt5N+peccg3lDn09OPw
+pcrDbG/IFYqB4d/ae9Y4kYV/S5o1c8reNC7u6ovPqBCNusSEmdS6aXCVHQWGeZoa
+nYCzFqFTB3yqOUq2Yae3NzG2CmzMTg==
+=c4Fg
+-----END PGP SIGNATURE-----
--- a/exim-4.96.tar.bz2
+++ b/exim-4.96.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91
-size 2047632
--- a/exim-4.96.tar.bz2.asc
+++ b/exim-4.96.tar.bz2.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmK3D24QHGpnaEB3aXpt
-YWlsLm9yZwAKCRC85YyM5B8y3/p6B/4kKhljnbyvsjc/4HTLpPgRXAdSxQTibZKI
-cRSnO5HXyLGqFCj+7WYFfHPWuSmmPhahfQ7mMuNUxcvJkQ32yTDYH4zjam9HpspU
-k6rdGNR3SurJ/3pxG4Adcyg3uZ2MSK0fbCmNd6N1MVa0riXxb0PT2pvniaRFKzrD
-H3UQ8Yy//R9CGzoUKKs6g063gTc4L+1y+hZJYKodZ7TvKODVp9X024Qvp0gKaF0K
-dnDdRNxqqNgUClig13Q4f/KNuGeeChP67AuG/kX+0qZBaduYgmCPoYJQ87jIMLgz
-ps6DUyiVVWLVz4N+mSZX6TPbeZ8OqHH6B1crbbhqpdurg4VcBT7A
-=HSmJ
-----END PGP SIGNATURE-----
--- a/exim.changes
+++ b/exim.changes
@ -1,9 +1,9 @@
 Mon Oct  2 05:53:32 UTC 2023 - Peter Wullinger <wullinger@rz.uni-kiel.de>

- add patch (patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch) for
-  * CVE-2023-42114 (bsc#1215784)
-  * CVE-2023-42115 (bsc#1215785)
-  * CVE-2023-42116 (bsc#1215786)
+- security update to exim 4.96.1
+  * fixes CVE-2023-42114 (bsc#1215784)
+  * fixes CVE-2023-42115 (bsc#1215785)
+  * fixes CVE-2023-42116 (bsc#1215786)

 -------------------------------------------------------------------
 Tue Mar 28 13:46:34 UTC 2023 - Peter Wullinger <wullinger@rz.uni-kiel.de>
--- a/exim.spec
+++ b/exim.spec
@ -74,8 +74,8 @@ Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.96
-Release:        2
+Version:        4.96.1
+Release:        0
 %if %{with_mysql}
 BuildRequires:  mysql-devel
 %endif
@ -106,8 +106,6 @@ Source41:       exim_db.8.gz
 Patch0:         exim-tail.patch
 Patch1:         gnu_printf.patch
 Patch2:         patch-no-exit-on-rewrite-malformed-address.patch
-Patch3:         patch-cve-2022-3559
-Patch4:         patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch

 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@ -152,8 +150,6 @@ once, if at all. The rest is done by logrotate / cron.)
 %patch0
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
-%patch4 -p1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
--- a/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch
+++ b/patch-CVE-2023-42115-CVE-2023-42116-CVE-2023-42114.patch
@ -1,294 +0,0 @@
-diff --git a/src/auths/auth-spa.c b/src/auths/auth-spa.c
-index 8d886b6b6..bb3d327d1 100644
--- a/src/auths/auth-spa.c
-+++ b/src/auths/auth-spa.c
-@@ -155,6 +155,9 @@ int main (int argc, char ** argv)
-    up with a different answer to the one above)
- */
- 
-+#ifndef MACRO_PREDEF
-+
-+
- #define DEBUG_X(a,b) ;
- 
- extern int DEBUGLEVEL;
-@@ -1211,7 +1214,9 @@ char versionString[] = "libntlm version 0.21";
- 
- #define spa_bytes_add(ptr, header, buf, count) \
- { \
-if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \
-+if (  buf && (count) != 0	/* we hate -Wint-in-bool-contex */ \
-+   && ptr->bufIndex + count < sizeof(ptr->buffer)		\
-+   ) \
-   { \
-   SSVAL(&ptr->header.len,0,count); \
-   SSVAL(&ptr->header.maxlen,0,count); \
-@@ -1229,35 +1234,30 @@ else \
- 
- #define spa_string_add(ptr, header, string) \
- { \
-char *p = string; \
-+uschar * p = string; \
- int len = 0; \
-if (p) len = strlen(p); \
-spa_bytes_add(ptr, header, (US p), len); \
-+if (p) len = Ustrlen(p); \
-+spa_bytes_add(ptr, header, p, len); \
- }
- 
- #define spa_unicode_add_string(ptr, header, string) \
- { \
-char *p = string; \
-uschar *b = NULL; \
-+uschar * p = string; \
-+uschar * b = NULL; \
- int len = 0; \
- if (p) \
-   { \
-  len = strlen(p); \
-  b = strToUnicode(p); \
-+  len = Ustrlen(p); \
-+  b = US strToUnicode(CS p); \
-   } \
- spa_bytes_add(ptr, header, b, len*2); \
- }
- 
- 
-#define GetUnicodeString(structPtr, header) \
-unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2)
-#define GetString(structPtr, header) \
-toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0))
-
- #ifdef notdef
- 
- #define DumpBuffer(fp, structPtr, header) \
-dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0))
-+ dumpRaw(fp,(US structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0))
- 
- 
- static void
-@@ -1321,8 +1321,33 @@ buf[len] = 0;
- return buf;
- }
- 
-+static inline uschar *
-+get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr)
-+{
-+int off = IVAL(&hdr->offset, 0);
-+int len = SVAL(&hdr->len, 0);
-+return off + len < sizeof(SPAAuthChallenge)
-+  ? US unicodeToString(CS challenge + off, len/2) : US"";
-+}
-+
-+static inline uschar *
-+get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr)
-+{
-+int off = IVAL(&hdr->offset, 0);
-+int len = SVAL(&hdr->len, 0);
-+return off + len < sizeof(SPAAuthChallenge)
-+  ? US toString(CS challenge + off, len) : US"";
-+}
-+
- #ifdef notdef
- 
-+#define GetUnicodeString(structPtr, header) \
-+ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) , SVAL(&structPtr->header.len,0)/2)
-+
-+#define GetString(structPtr, header) \
-+ toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)), SVAL(&structPtr->header.len,0))
-+
-+
- void
- dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request)
- {
-@@ -1366,15 +1391,15 @@ fprintf (fp, "      Flags = %08x\n", IVAL (&response->flags, 0));
- #endif
- 
- void
-spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain)
-+spa_build_auth_request (SPAAuthRequest * request, uschar * user, uschar * domain)
- {
-char *u = strdup (user);
-char *p = strchr (u, '@');
-+uschar * u = string_copy(user);
-+uschar * p = Ustrchr(u, '@');
- 
- if (p)
-   {
-   if (!domain)
-   domain = p + 1;
-+    domain = p + 1;
-   *p = '\0';
-   }
- 
-@@ -1384,7 +1409,6 @@ SIVAL (&request->msgType, 0, 1);
- SIVAL (&request->flags, 0, 0x0000b207);      /* have to figure out what these mean */
- spa_string_add (request, user, u);
- spa_string_add (request, domain, domain);
-free (u);
- }
- 
- 
-@@ -1475,16 +1499,16 @@ free (u);
- 
- void
- spa_build_auth_response (SPAAuthChallenge * challenge,
-                        SPAAuthResponse * response, char *user,
-                        char *password)
-+                        SPAAuthResponse * response, uschar * user,
-+                        uschar * password)
- {
- uint8x lmRespData[24];
- uint8x ntRespData[24];
- uint32x cf = IVAL(&challenge->flags, 0);
-char *u = strdup (user);
-char *p = strchr (u, '@');
-char *d = NULL;
-char *domain;
-+uschar * u = string_copy(user);
-+uschar * p = Ustrchr(u, '@');
-+uschar * d = NULL;
-+uschar * domain;
- 
- if (p)
-   {
-@@ -1492,33 +1516,33 @@ if (p)
-   *p = '\0';
-   }
- 
-else domain = d = strdup((cf & 0x1)?
-  CCS GetUnicodeString(challenge, uDomain) :
-  CCS GetString(challenge, uDomain));
-+else domain = d = string_copy(cf & 0x1
-+  ? CUS get_challenge_unistr(challenge, &challenge->uDomain)
-+  : CUS get_challenge_str(challenge, &challenge->uDomain));
- 
-spa_smb_encrypt (US password, challenge->challengeData, lmRespData);
-spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData);
-+spa_smb_encrypt(password, challenge->challengeData, lmRespData);
-+spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData);
- 
- response->bufIndex = 0;
- memcpy (response->ident, "NTLMSSP\0\0\0", 8);
- SIVAL (&response->msgType, 0, 3);
- 
-spa_bytes_add (response, lmResponse, lmRespData, (cf & 0x200) ? 24 : 0);
-spa_bytes_add (response, ntResponse, ntRespData, (cf & 0x8000) ? 24 : 0);
-+spa_bytes_add(response, lmResponse, lmRespData, cf & 0x200 ? 24 : 0);
-+spa_bytes_add(response, ntResponse, ntRespData, cf & 0x8000 ? 24 : 0);
- 
- if (cf & 0x1) {      /* Unicode Text */
-     spa_unicode_add_string (response, uDomain, domain);
-     spa_unicode_add_string (response, uUser, u);
-     spa_unicode_add_string (response, uWks, u);
-+     spa_unicode_add_string(response, uDomain, domain);
-+     spa_unicode_add_string(response, uUser, u);
-+     spa_unicode_add_string(response, uWks, u);
- } else {             /* OEM Text */
-     spa_string_add (response, uDomain, domain);
-     spa_string_add (response, uUser, u);
-     spa_string_add (response, uWks, u);
-+     spa_string_add(response, uDomain, domain);
-+     spa_string_add(response, uUser, u);
-+     spa_string_add(response, uWks, u);
- }
- 
-spa_string_add (response, sessionKey, NULL);
-+spa_string_add(response, sessionKey, NULL);
- response->flags = challenge->flags;
-
-if (d != NULL) free (d);
-free (u);
- }
-+
-+
-+#endif   /*!MACRO_PREDEF*/
-diff --git a/src/auths/auth-spa.h b/src/auths/auth-spa.h
-index cfe1b086d..3b0b3a9e3 100644
--- a/src/auths/auth-spa.h
-+++ b/src/auths/auth-spa.h
-@@ -79,10 +79,10 @@ typedef struct
- 
- void spa_bits_to_base64 (unsigned char *, const unsigned char *, int);
- int spa_base64_to_bits(char *, int, const char *);
-void spa_build_auth_response (SPAAuthChallenge *challenge,
-       SPAAuthResponse *response, char *user, char *password);
-void spa_build_auth_request (SPAAuthRequest *request, char *user,
-       char *domain);
-+void spa_build_auth_response (SPAAuthChallenge * challenge,
-+       SPAAuthResponse * response, uschar * user, uschar * password);
-+void spa_build_auth_request (SPAAuthRequest * request, uschar * user,
-+       uschar * domain);
- extern void spa_smb_encrypt (unsigned char * passwd, unsigned char * c8,
-                              unsigned char * p24);
- extern void spa_smb_nt_encrypt (unsigned char * passwd, unsigned char * c8,
-diff --git a/src/auths/external.c b/src/auths/external.c
-index 7e7fca841..790b98159 100644
--- a/src/auths/external.c
-+++ b/src/auths/external.c
-@@ -103,7 +103,7 @@ if (expand_nmax == 0) 	/* skip if rxd data */
- if (ob->server_param2)
-   {
-   uschar * s = expand_string(ob->server_param2);
-  auth_vars[expand_nmax] = s;
-+  auth_vars[expand_nmax = 1] = s;
-   expand_nstring[++expand_nmax] = s;
-   expand_nlength[expand_nmax] = Ustrlen(s);
-   if (ob->server_param3)
-diff --git a/src/auths/spa.c b/src/auths/spa.c
-index ff90d33a3..bfaccefda 100644
--- a/src/auths/spa.c
-+++ b/src/auths/spa.c
-@@ -284,14 +284,13 @@ SPAAuthRequest   request;
- SPAAuthChallenge challenge;
- SPAAuthResponse  response;
- char msgbuf[2048];
-char *domain = NULL;
-char *username, *password;
-+uschar * domain = NULL, * username, * password;
- 
- /* Code added by PH to expand the options */
- 
- *buffer = 0;    /* Default no message when cancelled */
- 
-if (!(username = CS expand_string(ob->spa_username)))
-+if (!(username = expand_string(ob->spa_username)))
-   {
-   if (f.expand_string_forcedfail) return CANCELLED;
-   string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
-@@ -300,7 +299,7 @@ if (!(username = CS expand_string(ob->spa_username)))
-   return ERROR;
-   }
- 
-if (!(password = CS expand_string(ob->spa_password)))
-+if (!(password = expand_string(ob->spa_password)))
-   {
-   if (f.expand_string_forcedfail) return CANCELLED;
-   string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
-@@ -310,7 +309,7 @@ if (!(password = CS expand_string(ob->spa_password)))
-   }
- 
- if (ob->spa_domain)
-  if (!(domain = CS expand_string(ob->spa_domain)))
-+  if (!(domain = expand_string(ob->spa_domain)))
-     {
-     if (f.expand_string_forcedfail) return CANCELLED;
-     string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
-@@ -330,7 +329,7 @@ if (!smtp_read_response(sx, US buffer, buffsize, '3', timeout))
- 
- DSPA("\n\n%s authenticator: using domain %s\n\n", ablock->name, domain);
- 
-spa_build_auth_request(&request, CS username, domain);
-+spa_build_auth_request(&request, username, domain);
- spa_bits_to_base64(US msgbuf, US &request, spa_request_length(&request));
- 
- DSPA("\n\n%s authenticator: sending request (%s)\n\n", ablock->name, msgbuf);
-@@ -347,7 +346,7 @@ if (!smtp_read_response(sx, US buffer, buffsize, '3', timeout))
- DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4);
- spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4));
- 
-spa_build_auth_response(&challenge, &response, CS username, CS password);
-+spa_build_auth_response(&challenge, &response, username, password);
- spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response));
- DSPA("\n\n%s authenticator: challenge response (%s)\n\n", ablock->name, msgbuf);
- 
--- a/127
+++ b/127
@ -1,127 +0,0 @@
-diff -ru a/src/exim.c b/src/exim.c
--- a/src/exim.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/exim.c	2022-10-18 13:38:30.366261000 +0200
-@@ -2001,8 +2001,6 @@
-   regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
- #endif
- 
-for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-
- /* If the program is called as "mailq" treat it as equivalent to "exim -bp";
- this seems to be a generally accepted convention, since one finds symbolic
- links called "mailq" in standard OS configurations. */
-@@ -6084,7 +6082,7 @@
-   deliver_localpart_data = deliver_domain_data =
-   recipient_data = sender_data = NULL;
-   acl_var_m = NULL;
-  for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+  regex_vars_clear();
- 
-   store_reset(reset_point);
-   }
-diff -ru a/src/expand.c b/src/expand.c
--- a/src/expand.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/expand.c	2022-10-18 13:38:30.368690000 +0200
-@@ -1873,7 +1873,7 @@
-   return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
-   }
- 
-/* Handle $auth<n> variables. */
-+/* Handle $auth<n>, $regex<n> variables. */
- 
- if (Ustrncmp(name, "auth", 4) == 0)
-   {
-diff -ru a/src/functions.h b/src/functions.h
--- a/src/functions.h	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/functions.h	2022-10-18 13:39:21.953979000 +0200
-@@ -438,6 +438,7 @@
- extern BOOL    regex_match(const pcre2_code *, const uschar *, int, uschar **);
- extern BOOL    regex_match_and_setup(const pcre2_code *, const uschar *, int, int);
- extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
-+extern void    regex_vars_clear(void);
- extern void    retry_add_item(address_item *, uschar *, int);
- extern BOOL    retry_check_address(const uschar *, host_item *, uschar *, BOOL,
-                  uschar **, uschar **);
-Only in b/src: functions.h.rej
-diff -ru a/src/globals.c b/src/globals.c
--- a/src/globals.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/globals.c	2022-10-18 13:46:22.093392000 +0200
-@@ -1315,7 +1315,7 @@
- #endif
- const pcre2_code *regex_ismsgid      = NULL;
- const pcre2_code *regex_smtp_code    = NULL;
-const uschar *regex_vars[REGEX_VARS];
-+const uschar *regex_vars[REGEX_VARS] = { 0 };
- #ifdef WHITELIST_D_MACROS
- const pcre2_code *regex_whitelisted_macro = NULL;
- #endif
-Only in b/src: globals.c.rej
-diff -ru a/src/regex.c b/src/regex.c
--- a/src/regex.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/regex.c	2022-10-18 13:43:13.041903000 +0200
-@@ -96,18 +96,26 @@
- return FAIL;
- }
- 
-+/* reset expansion variables */
-+void
-+regex_vars_clear(void)
-+{
-+regex_match_string = NULL;
-+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-+}
-+
-+
- int
-regex(const uschar **listptr)
-+regex(const uschar ** listptr)
- {
- unsigned long mbox_size;
-FILE *mbox_file;
-pcre_list *re_list_head;
-uschar *linebuffer;
-+FILE * mbox_file;
-+pcre_list * re_list_head;
-+uschar * linebuffer;
- long f_pos = 0;
- int ret = FAIL;
- 
-/* reset expansion variable */
-regex_match_string = NULL;
-+regex_vars_clear();
- 
- if (!mime_stream)				/* We are in the DATA ACL */
-   {
-@@ -169,14 +177,13 @@
- int
- mime_regex(const uschar **listptr)
- {
-pcre_list *re_list_head = NULL;
-FILE *f;
-uschar *mime_subject = NULL;
-+pcre_list * re_list_head = NULL;
-+FILE * f;
-+uschar * mime_subject = NULL;
- int mime_subject_len = 0;
- int ret;
- 
-/* reset expansion variable */
-regex_match_string = NULL;
-+regex_vars_clear();
- 
- /* precompile our regexes */
- if (!(re_list_head = compile(*listptr)))
-diff -ru a/src/smtp_in.c b/src/smtp_in.c
--- a/src/smtp_in.c	2022-06-23 15:41:10.000000000 +0200
-+++ b/src/smtp_in.c	2022-10-18 13:38:30.372819000 +0200
-@@ -2157,8 +2157,10 @@
- #ifdef SUPPORT_I18N
- message_smtputf8 = FALSE;
- #endif
-+regex_vars_clear();
- body_linecount = body_zerocount = 0;
- 
-+lookup_value = NULL;                           /* Can be set by ACL */
- sender_rate = sender_rate_limit = sender_rate_period = NULL;
- ratelimiters_mail = NULL;           /* Updated by ratelimit ACL condition */
-                    /* Note that ratelimiters_conn persists across resets. */