Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: ex...@packages.debian.org, Adrian Bunk <b...@debian.org>
Please unblock package exim4 This is release fixes a single bug by pulling the respective fix from upstream's +fixes branch. When control=fakereject is used with a custom error message the respective non-safe data was expanded. With allow_insecure_tainted_data not set this only causes a entry in paniclog, otherwise the actual expansion might happen. Debian's default exim configuration does not use control=fakereject but still I would consider this an important bug that I would like to see fixed. unblock exim4/4.94.2-7 Thanks, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru exim4-4.94.2/debian/changelog exim4-4.94.2/debian/changelog --- exim4-4.94.2/debian/changelog 2021-05-26 18:49:44.000000000 +0200 +++ exim4-4.94.2/debian/changelog 2021-07-13 18:04:57.000000000 +0200 @@ -1,3 +1,10 @@ +exim4 (4.94.2-7) unstable; urgency=medium + + * 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes + branch: Fix re-expansion of custom message with control=fakereject. + + -- Andreas Metzler <ametz...@debian.org> Tue, 13 Jul 2021 18:04:57 +0200 + exim4 (4.94.2-6) unstable; urgency=medium * Cherrypick diff -Nru exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch --- exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch 2021-07-13 18:03:04.000000000 +0200 @@ -0,0 +1,44 @@ +From c819f3bcad02bcb06004ae2ad135b68fab0ae888 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146...@wizmail.org> +Date: Wed, 7 Jul 2021 22:19:07 +0100 +Subject: [PATCH 5/5] Fix tainted message for fakereject + +(cherry picked from commit a9ac2d7fc219e41a353abf1f599258b9b9d21b7e) +--- + doc/ChangeLog | 4 ++++ + src/acl.c | 4 +++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/doc/ChangeLog b/doc/ChangeLog +index e60c1cad5..3e93f653f 100644 +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -227,6 +227,10 @@ JH/53 Bug 2743: fix immediate-delivery via named queue. Previously this would + fail with a taint-check on the spoolfile name, and leave the message + queued. + ++JH/57 Fix control=fakreject for a custom message containing tainted data. ++ Previously this resulted in a log complaint, due to a re-expansion present ++ since fakereject was originally introduced. ++ + + Exim version 4.94 + ----------------- +diff --git a/src/acl.c b/src/acl.c +index 7061230b4..65324405c 100644 +--- a/src/acl.c ++++ b/src/acl.c +@@ -3137,7 +3137,9 @@ for (; cb; cb = cb->next) + { + const uschar *pp = p + 1; + while (*pp) pp++; +- fake_response_text = expand_string(string_copyn(p+1, pp-p-1)); ++ /* The entire control= line was expanded at top so no need to expand ++ the part after the / */ ++ fake_response_text = string_copyn(p+1, pp-p-1); + p = pp; + } + else /* Explicitly reset to default string */ +-- +2.30.2 + diff -Nru exim4-4.94.2/debian/patches/series exim4-4.94.2/debian/patches/series --- exim4-4.94.2/debian/patches/series 2021-05-22 13:27:33.000000000 +0200 +++ exim4-4.94.2/debian/patches/series 2021-07-13 18:03:23.000000000 +0200 @@ -10,6 +10,7 @@ 73_02-Fix-ipv6norm.patch 73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch 73_04-Fix-host_name_lookup-Close-2747.patch +73_05-Fix-tainted-message-for-fakereject.patch 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch 75_02-search.patch 75_03-dbstuff.patch
signature.asc
Description: PGP signature