rpm/exim
SHA256
1
0
Fork 0
forked from pool/exim
Code Pull Requests Activity

Accepting request 545933 from server:mail

Browse Source 
- update to 4.88:
  drops fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch,
     exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
- remove exim4-manpages.tar.bz2: upstream does not exist anymore
- update keyring

- add exim-4.86.2-mariadb_102_compile_fix.patch to fix compilation
   with the mariadb 10.2 (in our case the build with libmariadb
   library from the mariadb-connector-c package)
   * upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and
   31beb7972466a33a88770eacbce13490f2ddadc2

- exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 bsc#1069857)

OBS-URL: https://build.opensuse.org/request/show/545933
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=46
This commit is contained in:
Dominique Leuenberger 2017-11-28 13:04:27 +00:00 committed by Git OBS Bridge
commit abb0220d10
12 changed files with 6380 additions and 2148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1425
exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
View File

File diff suppressed because it is too large Load Diff

94
exim-4.86.2-mariadb_102_compile_fix.patch Normal file
View File

@ -0,0 +1,94 @@
Index: exim-4.86.2/src/lookups/mysql.c
===================================================================
--- exim-4.86.2.orig/src/lookups/mysql.c
+++ exim-4.86.2/src/lookups/mysql.c
@@ -14,6 +14,53 @@ functions. */
#include <mysql.h> /* The system header */
+/* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
+and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
+with versions before 10.2, as they do not define there there specific symbols.
+*/
+
+// Newer (>= 10.2) MariaDB
+#if defined MARIADB_VERSION_ID
+#define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
+
+// MySQL defines MYSQL_VERSION_ID, and MariaDB does so
+// https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html
+#elif defined LIBMYSQL_VERSION_ID
+#define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
+#elif defined MYSQL_VERSION_ID
+#define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
+
+#else
+#define EXIM_MYSQL_VERSION_ID 0
+#endif
+
+// Newer (>= 10.2) MariaDB
+#ifdef MARIADB_CLIENT_VERSION_STR
+#define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
+
+// Mysql uses MYSQL_SERVER_VERSION
+#elif defined LIBMYSQL_VERSION
+#define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
+#elif defined MYSQL_SERVER_VERSION
+#define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
+
+#else
+#define EXIM_MxSQL_VERSION_STR "N.A."
+#endif
+
+#if defined MARIADB_BASE_VERSION
+#define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
+
+#elif defined MARIADB_PACKAGE_VERSION
+#define EXIM_MxSQL_BASE_STR "mariadb"
+
+#elif defined MYSQL_BASE_VERSION
+#define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
+
+#else
+#define EXIM_MxSQL_BASE_STR "n.A."
+#endif
+
/* Structure and anchor for caching connections. */
@@ -423,10 +470,10 @@ return quoted;
void
mysql_version_report(FILE *f)
{
-fprintf(f, "Library version: MySQL: Compile: %s [%s]\n"
- " Runtime: %s\n",
- MYSQL_SERVER_VERSION, MYSQL_COMPILATION_COMMENT,
- mysql_get_client_info());
+fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
+ " Runtime: %lu %s\n",
+ (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
+ mysql_get_client_version(), mysql_get_client_info());
#ifdef DYNLOOKUP
fprintf(f, " Exim version %s\n", EXIM_VERSION_STR);
#endif
Index: exim-4.86.2/src/EDITME
===================================================================
--- exim-4.86.2.orig/src/EDITME
+++ exim-4.86.2/src/EDITME
@@ -253,7 +253,7 @@ TRANSPORT_SMTP=yes
# you perform upgrades and revert them. You should consider the benefit of
# embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
# maintain two concurrent sets of modules.
-#
+#
# *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
# the ability to modify the Exim binary, which is often setuid root! The Exim
# developers only intend this functionality be used by OS software packagers
@@ -301,6 +301,7 @@ LOOKUP_DNSDB=yes
# LOOKUP_IBASE=yes
# LOOKUP_LDAP=yes
# LOOKUP_MYSQL=yes
+# LOOKUP_MYSQL_PC=mariadb
# LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes

3
exim-4.86.2.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7756deafd0583776e091f2efcba9b36203e668cf420d8876f314980803636eb3
size 1799316

11
exim-4.86.2.tar.bz2.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCgAGBQJW1yh1AAoJEGoXY4qgRQz1nU8H/2mFC/HsFxrJ9vZsHD/TZdW3
RHITiCLEGHYlVNVL3LAEfPIANLALqKl9lyWXhWZc4FxKKPkp6TNGpy9L4Yp+5jiJ
UkEkiS3aqIA1vyLvWxJ8s5CybBq/WaAq3e396S3ShCkXFPreetxvJc98Q0gD2rCd
zZISbTnceuX0pHrhBtjeJXqShuTUrUW6G6HNvebncHK0yPSI5CJHgoTvmeYpwt/3
zSFzBB9juvKni5jbZcOk6lOuj0P0jXJqICMJ53tEpu+NksCgABaAI6XdVV/e6X/D
RFVn2bUPGssdi8UO801IhPLpNbvgIIxIXNil9kQFo3Y1Rbotc+LLLnXhLmVK1to=
=f02h
-----END PGP SIGNATURE-----

3
exim-4.88.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:119d5fd7e31fc224e84dfa458fe182f200856bae7adf852a8287c242161f8a2d
size 1824610

10
exim-4.88.tar.bz2.asc Normal file
View File

@ -0,0 +1,10 @@
-----BEGIN PGP SIGNATURE-----
iQEcBAABAgAGBQJYVqBoAAoJELzljIzkHzLf5vIH/R4gcGqdEwGkFDRwQA5ImNif
USPeSli63U2tL2YRpf8E/sMWlf2ywZl9vGkVWhvYFvMWI4gn+hNAh0jUj2BakCdI
aEjUk0KSA0nXHzIGmNyf0lAcC1VONRq0KLxfQvlGF8RrKnBL7urg46EVFagmU8g9
m3KVHPjv1cUIICZdJVWICUChjjm23pBvtqr1M9TgUAhWQU0FaG9dmgY2Kh4s2pnG
0o+llbQdU1hvtk0lTMzZYmYTtS3totoyR3aKYdws/epOnE1MgVOIlnp2q5R9FMO1
RE5bHa2Qg5UCf5wwAKSOxIDLPEVUoX6qkbP7inByuGKZ5dSvBQwUGPAt+b2Lb38=
=jgHZ
-----END PGP SIGNATURE-----

40
exim-CVE-2017-16943.patch Normal file
View File

@ -0,0 +1,40 @@
From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Fri, 24 Nov 2017 20:22:33 +0000
Subject: [PATCH] Avoid release of store if there have been later allocations.
Bug 2199
---
src/src/receive.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/src/receive.c b/src/src/receive.c
index e7e518a..d9b5001 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -1810,8 +1810,8 @@ for (;;)
(and sometimes lunatic messages can have ones that are 100s of K long) we
call store_release() for strings that have been copied - if the string is at
the start of a block (and therefore the only thing in it, because we aren't
- doing any other gets), the block gets freed. We can only do this because we
- know there are no other calls to store_get() going on. */
+ doing any other gets), the block gets freed. We can only do this release if
+ there were no allocations since the once that we want to free. */
if (ptr >= header_size - 4)
{
@@ -1820,9 +1820,10 @@ for (;;)
header_size *= 2;
if (!store_extend(next->text, oldsize, header_size))
{
+ BOOL release_ok = store_last_get[store_pool] == next->text;
uschar *newtext = store_get(header_size);
memcpy(newtext, next->text, ptr);
- store_release(next->text);
+ if (release_ok) store_release(next->text);
next->text = newtext;
}
}
--
1.9.1

23
exim.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Mon Nov 27 10:36:17 UTC 2017 - dmueller@suse.com
- update to 4.88:
drops fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch,
exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
- remove exim4-manpages.tar.bz2: upstream does not exist anymore
- update keyring
-------------------------------------------------------------------
Mon Nov 27 08:52:33 UTC 2017 - kstreitova@suse.com
- add exim-4.86.2-mariadb_102_compile_fix.patch to fix compilation
with the mariadb 10.2 (in our case the build with libmariadb
library from the mariadb-connector-c package)
* upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and
31beb7972466a33a88770eacbce13490f2ddadc2
-------------------------------------------------------------------
Mon Nov 27 06:45:14 UTC 2017 - meissner@suse.com
- exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 bsc#1069857)
-------------------------------------------------------------------
Thu Nov 23 13:43:04 UTC 2017 - rbrown@suse.com

6832
exim.keyring
View File

File diff suppressed because it is too large Load Diff

18
exim.spec
View File

@ -78,7 +78,7 @@ Requires(pre): group(mail)
%endif
Requires(pre): fileutils textutils
%endif
Version: 4.86.2
Version: 4.88
Release: 0
%if %{with_mysql}
BuildRequires: mysql-devel
@ -102,15 +102,14 @@ Source2: exim.logrotate
Source11: exim.rc
Source12: permissions.exim
Source13: apparmor.usr.sbin.exim
Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2
Source30: eximstats-html-update.py
Source31: eximstats.conf
Source32: eximstats.conf-2.2
Source40: exim.service
Patch0: exim-tail.patch
Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
Patch3: exim-CVE-2017-1000369.patch
Patch4: exim-CVE-2017-16943.patch
Patch5: exim-4.86.2-mariadb_102_compile_fix.patch
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@ -153,9 +152,9 @@ once, if at all. The rest is done by logrotate / cron.)
%prep
%setup -q -n exim-%{version}
%patch0
%patch1 -p 1
%patch2 -p 1
%patch3 -p 1
%patch4 -p 1
%patch5 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
@ -291,6 +290,7 @@ cat <<-EOF > Local/Makefile
EXPERIMENTAL_PROXY=yes
EXPERIMENTAL_CERTNAMES=yes
EXPERIMENTAL_DSN=yes
SYSTEM_ALIASES_FILE=/etc/aliases
%if %{with dane}
EXPERIMENTAL_DANE=yes
%endif
@ -298,7 +298,7 @@ cat <<-EOF > Local/Makefile
%if %{with i18n}
EXPERIMENTAL_INTERNATIONAL=yes
%endif
LDFLAGS += -lidn
LDFLAGS += -lidn
CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie
EOF
@ -326,7 +326,7 @@ make inst_dest=$RPM_BUILD_ROOT/usr/sbin \
inst_info=$RPM_BUILD_ROOT/%{_infodir} \
INSTALL_ARG=-no_chown install
#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/usr/sbin/exim-4.86* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done
%if 0%{?suse_version} > 1220
install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
@ -355,8 +355,6 @@ install -m 0644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim
# man pages
mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8
tar xvjf %{S:20}
cp -p exim4-manpages/* $RPM_BUILD_ROOT/%{_mandir}/man8/
for i in \
sendmail \
runq \

3
exim4-manpages.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f12e569711973eff4a92625a3dee70edb02d1e8d41c29e238f4cbec16f242a60
size 8392

66
fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
View File

@ -1,66 +0,0 @@
From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh@wizmail.org>
Date: Fri, 16 Dec 2016 20:36:39 +0000
Subject: [PATCH 1/3] Fix DKIM information leakage
Cherry picked from exim-4_87 .. exim-4_87_1
---
doc/doc-txt/ChangeLog | 7 +++
doc/doc-txt/cve-2016-9663 | 86 +++++++++++++++++++++++++++++++++
src/src/dkim.c | 1 +
src/src/transports/smtp.c | 4 +-
test/confs/4510 | 71 +++++++++++++++++++++++++++
test/log/4510 | 20 ++++++++
test/mail/4510.store | 58 ++++++++++++++++++++++
test/runtest | 8 +++
test/scripts/4510-DKIM-Bounces/4510 | 15 ++++++
test/scripts/4510-DKIM-Bounces/REQUIRES | 2 +
10 files changed, 271 insertions(+), 1 deletion(-)
create mode 100644 doc/doc-txt/cve-2016-9663
create mode 100644 test/confs/4510
create mode 100644 test/log/4510
create mode 100644 test/mail/4510.store
create mode 100644 test/scripts/4510-DKIM-Bounces/4510
create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES
diff --git a/src/dkim.c b/src/dkim.c
index 3e71545..8e93566 100644
--- a/src/dkim.c
+++ b/src/dkim.c
@@ -519,6 +519,7 @@ dkim_exim_sign(int dkim_fd, uschar *dkim_private_key,
(char *)dkim_signing_selector,
(char *)dkim_private_key_expanded
);
+ dkim_private_key_expanded[0] = '\0';
pdkim_set_debug_stream(ctx,debug_file);
diff --git a/src/transports/smtp.c b/src/transports/smtp.c
index a952413..cc8f025 100644
--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
@@ -293,6 +293,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
static uschar *smtp_command; /* Points to last cmd for error messages */
static uschar *mail_command; /* Points to MAIL cmd for error messages */
static BOOL update_waiting; /* TRUE to update the "wait" database */
+static uschar *data_command = US""; /* Points to DATA cmd for error messages */
/*************************************************
@@ -2244,6 +2245,7 @@ if (ok || (smtp_use_pipelining && !mua_wrapper))
case -1: goto END_OFF; /* Timeout on RCPT */
default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
}
+ data_command = string_copy(big_buffer); /* Save for later error message */
}
/* Save the first address of the next batch. */
@@ -2418,7 +2420,7 @@ if (!ok) ok = TRUE; else
#else
"LMTP error after %s: %s",
#endif
- big_buffer, string_printing(buffer));
+ data_command, string_printing(buffer));
setflag(addr, af_pass_message); /* Allow message to go to user */
if (buffer[0] == '5')
addr->transport_return = FAIL;