commit exim for openSUSE:Factory

1 Jul 2017

Hello community,

here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-07-01 14:06:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
 and      /work/SRC/openSUSE:Factory/.exim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "exim"

Sat Jul  1 14:06:08 2017 rev:42 rq:507377 version:4.86.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes	2016-10-04 16:00:03.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes	2017-07-01 14:06:34.195441613 +0200
@@ -1,0 +2,28 @@
+Mon Jun 19 16:27:45 UTC 2017 - meissner@suse.com
+
+- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be
+  exploited to "stack crash" local privilege escalation (bsc#1044692)
+
+- Require user(mail) group(mail) to meet new users handling in TW.
+
+- Prerequire permissions (fixes rpmlint).
+
+-------------------------------------------------------------------
+Mon Apr 24 07:45:00 UTC 2017 - wullinger@rz.uni-kiel.de
+
+- conditionally disable DANE on SuSE versions with OpenSSL < 1.0
+
+- exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch:
+  import exim-4_86_2+fixes branch
+    + fix CVE-2016-1531 
+      when installed setuid root, allows local users to gain privileges via the perl_startup
+      argument. 
+    + fix Bug 1805: store the initial working directory, expand $initial_cwd
+    + fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671)
+    + Don't issue env warning if env is empty
+
+- fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch:
+  DKIM information leakage
+  
+
+-------------------------------------------------------------------

New:
----
  exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
  exim-CVE-2017-1000369.patch
  fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.VVFUrR/_old	2017-07-01 14:06:34.815354379 +0200
+++ /var/tmp/diff_new_pack.VVFUrR/_new	2017-07-01 14:06:34.815354379 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package exim
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,6 +20,14 @@
 %bcond_without  pgsql
 %bcond_without  sqlite
 %bcond_without  ldap
+%if 0%{?suse_version} < 1199 || 0%{?centos_version} < 599 || 0%{?rhel_version} < 599
+%bcond_with    dane
+%else
+%bcond_without dane
+%endif
+# disable for now,
+# since utf8_downconvert currently crashes
+%bcond_without i18n
 
 Name:           exim
 BuildRequires:  cyrus-sasl-devel
@@ -53,8 +61,13 @@
 %else
 Requires(pre):  %insserv_prereq
 %endif
-Requires(pre):  %fillup_prereq
-Requires(pre):  /usr/sbin/useradd
+Requires(pre):  %fillup_prereq permissions
+%if 0%{?suse_version} >= 1330
+BuildRequires:  group(mail)
+BuildRequires:  user(mail)
+Requires(pre):  user(mail)
+Requires(pre):  group(mail)
+%endif
 Requires(pre):  fileutils textutils
 %endif
 Version:        4.86.2
@@ -72,8 +85,8 @@
 License:        GPL-2.0+
 Group:          Productivity/Networking/Email/Servers
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source:         http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
-Source3:        http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
+Source:         http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
+Source3:        http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
 # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
 Source4:        exim.keyring
 Source1:        sysconfig.exim
@@ -86,7 +99,10 @@
 Source31:       eximstats.conf
 Source32:       eximstats.conf-2.2
 Source40:       exim.service
-Patch:          exim-tail.patch
+Patch0:         exim-tail.patch
+Patch1:         exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
+Patch2:         fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
+Patch3:         exim-CVE-2017-1000369.patch
 
 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@@ -128,7 +144,10 @@
 
 %prep
 %setup -q -n exim-%{version}
-%patch
+%patch0
+%patch1 -p 1
+%patch2 -p 1
+%patch3 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
@@ -264,9 +283,13 @@
 	EXPERIMENTAL_PROXY=yes
 	EXPERIMENTAL_CERTNAMES=yes
 	EXPERIMENTAL_DSN=yes
+%if %{with dane}
 	EXPERIMENTAL_DANE=yes
+%endif
 	EXPERIMENTAL_SOCKS=yes
+%if %{with i18n}
 	EXPERIMENTAL_INTERNATIONAL=yes
+%endif
 	LDFLAGS += -lidn    
 	CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
 	EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie
@@ -465,7 +488,7 @@
 %attr(0750,root,www) /srv/www/eximstats
 %dir /etc/apache2
 %dir /etc/apache2/conf.d
-/etc/apache2/conf.d/eximstats.conf
+%config /etc/apache2/conf.d/eximstats.conf
 %{_sbindir}/eximstats-html-update.py
 
 %changelog

++++++ exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch ++++++
++++ 1425 lines (skipped)


++++++ exim-CVE-2017-1000369.patch ++++++
commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Date:   Wed May 31 23:08:56 2017 +0200

    Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)

diff --git a/src/exim.c b/src/src/exim.c
index 67583e58..88e11977 100644
--- a/src/exim.c
+++ b/src/exim.c
@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
 
       /* -oMr: Received protocol */
 
-      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
+      else if (Ustrcmp(argrest, "Mr") == 0)
+
+        if (received_protocol)
+          {
+          fprintf(stderr, "received_protocol is set already\n");
+          exit(EXIT_FAILURE);
+          }
+        else received_protocol = argv[++i];
 
       /* -oMs: Set sender host name */
 
@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
 
     if (*argrest != 0)
       {
-      uschar *hn = Ustrchr(argrest, ':');
+      uschar *hn;
+
+      if (received_protocol)
+        {
+        fprintf(stderr, "received_protocol is set already\n");
+        exit(EXIT_FAILURE);
+        }
+
+      hn = Ustrchr(argrest, ':');
       if (hn == NULL)
         {
         received_protocol = argrest;

++++++ fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch ++++++
...
From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh@wizmail.org>
Date: Fri, 16 Dec 2016 20:36:39 +0000
Subject: [PATCH 1/3] Fix DKIM information leakage
Cherry picked from exim-4_87 .. exim-4_87_1
---
 doc/doc-txt/ChangeLog                   |  7 +++
 doc/doc-txt/cve-2016-9663               | 86 +++++++++++++++++++++++++++++++++
 src/src/dkim.c                          |  1 +
 src/src/transports/smtp.c               |  4 +-
 test/confs/4510                         | 71 +++++++++++++++++++++++++++
 test/log/4510                           | 20 ++++++++
 test/mail/4510.store                    | 58 ++++++++++++++++++++++
 test/runtest                            |  8 +++
 test/scripts/4510-DKIM-Bounces/4510     | 15 ++++++
 test/scripts/4510-DKIM-Bounces/REQUIRES |  2 +
 10 files changed, 271 insertions(+), 1 deletion(-)
 create mode 100644 doc/doc-txt/cve-2016-9663
 create mode 100644 test/confs/4510
 create mode 100644 test/log/4510
 create mode 100644 test/mail/4510.store
 create mode 100644 test/scripts/4510-DKIM-Bounces/4510
 create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES

diff --git a/src/dkim.c b/src/dkim.c
index 3e71545..8e93566 100644
--- a/src/dkim.c
+++ b/src/dkim.c
@@ -519,6 +519,7 @@ dkim_exim_sign(int dkim_fd, uschar *dkim_private_key,
                           (char *)dkim_signing_selector,
                           (char *)dkim_private_key_expanded
                          );
+    dkim_private_key_expanded[0] = '\0';
 
     pdkim_set_debug_stream(ctx,debug_file);
 
diff --git a/src/transports/smtp.c b/src/transports/smtp.c
index a952413..cc8f025 100644
--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
@@ -293,6 +293,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" };
 static uschar *smtp_command;   /* Points to last cmd for error messages */
 static uschar *mail_command;   /* Points to MAIL cmd for error messages */
 static BOOL    update_waiting; /* TRUE to update the "wait" database */
+static uschar *data_command = US"";	/* Points to DATA cmd for error messages */
 
 
 /*************************************************
@@ -2244,6 +2245,7 @@ if (ok || (smtp_use_pipelining && !mua_wrapper))
     case -1: goto END_OFF;               /* Timeout on RCPT */
     default: goto RESPONSE_FAILED;       /* I/O error, or any MAIL/DATA error */
     }
+  data_command = string_copy(big_buffer);  /* Save for later error message */
   }
 
 /* Save the first address of the next batch. */
@@ -2418,7 +2420,7 @@ if (!ok) ok = TRUE; else
 #else
 	    "LMTP error after %s: %s",
 #endif
-            big_buffer, string_printing(buffer));
+            data_command, string_printing(buffer));
           setflag(addr, af_pass_message);   /* Allow message to go to user */
           if (buffer[0] == '5')
             addr->transport_return = FAIL;

    

root＠hilbert.suse.de

tags

participants (1)