Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2021-05-05 20:40:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new.2988 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Wed May 5 20:40:00 2021 rev:65 rq:890644 version:4.94.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2020-08-25
09:34:25.816059300 +0200
+++ /work/SRC/openSUSE:Factory/.exim.new.2988/exim.changes 2021-05-05
20:40:03.718900541 +0200
@@ -0,0 +1,47 @@
+-------------------------------------------------------------------
+Tue May 4 16:45:17 CEST 2021 - wullin...@rz.uni-kiel.de
+
+- update to exim-4.94.2
+ security update (bsc#1185631)
+ * CVE-2020-28007: Link attack in Exim's log directory
+ * CVE-2020-28008: Assorted attacks in Exim's spool directory
+ * CVE-2020-28014: Arbitrary PID file creation
+ * CVE-2020-28011: Heap buffer overflow in queue_run()
+ * CVE-2020-28010: Heap out-of-bounds write in main()
+ * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
+ * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
+ * CVE-2020-28015: New-line injection into spool header file (local)
+ * CVE-2020-28012: Missing close-on-exec flag for privileged pipe
+ * CVE-2020-28009: Integer overflow in get_stdinput()
+ * CVE-2020-28017: Integer overflow in receive_add_recipient()
+ * CVE-2020-28020: Integer overflow in receive_msg()
+ * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
+ * CVE-2020-28021: New-line injection into spool header file (remote)
+ * CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
+ * CVE-2020-28026: Line truncation and injection in spool_read_header()
+ * CVE-2020-28019: Failure to reset function pointer after BDAT error
+ * CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
+ * CVE-2020-28018: Use-after-free in tls-openssl.c
+ * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
+
+-------------------------------------------------------------------
+Wed Apr 28 13:55:29 CEST 2021 - wullin...@rz.uni-kiel.de
+
+- update to exim-4.94.1
+ * Fix security issue in BDAT state confusion.
+ Ensure we reset known-good where we know we need to not be reading BDAT
+ data, as a general case fix, and move the places where we switch to BDAT
+ mode until after various protocol state checks.
+ Fixes CVE-2020-BDATA reported by Qualys.
+ * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
+ * Fix security issue with too many recipients on a message (to remove a
+ known security problem if someone does set recipients_max to unlimited,
+ or if local additions add to the recipient list).
+ Fixes CVE-2020-RCPTL reported by Qualys.
+ * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
+ * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
+ providing a particularly obnoxious sender full name.
+ * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
+ better.
+
+-------------------------------------------------------------------
@@ -5,0 +53 @@
+-------------------------------------------------------------------
@@ -26,0 +75 @@
+-------------------------------------------------------------------
@@ -41,0 +91 @@
+
@@ -46,0 +97 @@
+
@@ -76,0 +128 @@
+
@@ -81,0 +134 @@
+
Old:
----
exim-4.94.tar.bz2
exim-4.94.tar.bz2.asc
patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99
New:
----
exim-4.94.2.tar.bz2
exim-4.94.2.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.WMKECP/_old 2021-05-05 20:40:04.446897417 +0200
+++ /var/tmp/diff_new_pack.WMKECP/_new 2021-05-05 20:40:04.450897400 +0200
@@ -72,8 +72,8 @@
%endif
Requires(pre): fileutils textutils
%endif
-Version: 4.94
-Release: 2
+Version: 4.94.2
+Release: 1
%if %{with_mysql}
BuildRequires: mysql-devel
%endif
@@ -103,7 +103,6 @@
Source41: exim_db.8.gz
Patch0: exim-tail.patch
Patch1: gnu_printf.patch
-Patch2: patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -147,7 +146,6 @@
%setup -q -n exim-%{version}
%patch0
%patch1 -p1
-%patch2 -p1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ exim-4.94.tar.bz2 -> exim-4.94.2.tar.bz2 ++++++
++++ 7421 lines of diff (skipped)
