Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-07-01 14:06:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim" Sat Jul 1 14:06:08 2017 rev:42 rq:507377 version:4.86.2 Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2016-10-04 16:00:03.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-07-01 14:06:34.195441613 +0200 @@ -1,0 +2,28 @@ +Mon Jun 19 16:27:45 UTC 2017 - [email protected] + +- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be + exploited to "stack crash" local privilege escalation (bsc#1044692) + +- Require user(mail) group(mail) to meet new users handling in TW. + +- Prerequire permissions (fixes rpmlint). + +------------------------------------------------------------------- +Mon Apr 24 07:45:00 UTC 2017 - [email protected] + +- conditionally disable DANE on SuSE versions with OpenSSL < 1.0 + +- exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch: + import exim-4_86_2+fixes branch + + fix CVE-2016-1531 + when installed setuid root, allows local users to gain privileges via the perl_startup + argument. + + fix Bug 1805: store the initial working directory, expand $initial_cwd + + fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671) + + Don't issue env warning if env is empty + +- fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch: + DKIM information leakage + + +------------------------------------------------------------------- New: ---- exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch exim-CVE-2017-1000369.patch fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.VVFUrR/_old 2017-07-01 14:06:34.815354379 +0200 +++ /var/tmp/diff_new_pack.VVFUrR/_new 2017-07-01 14:06:34.815354379 +0200 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,6 +20,14 @@ %bcond_without pgsql %bcond_without sqlite %bcond_without ldap +%if 0%{?suse_version} < 1199 || 0%{?centos_version} < 599 || 0%{?rhel_version} < 599 +%bcond_with dane +%else +%bcond_without dane +%endif +# disable for now, +# since utf8_downconvert currently crashes +%bcond_without i18n Name: exim BuildRequires: cyrus-sasl-devel @@ -53,8 +61,13 @@ %else Requires(pre): %insserv_prereq %endif -Requires(pre): %fillup_prereq -Requires(pre): /usr/sbin/useradd +Requires(pre): %fillup_prereq permissions +%if 0%{?suse_version} >= 1330 +BuildRequires: group(mail) +BuildRequires: user(mail) +Requires(pre): user(mail) +Requires(pre): group(mail) +%endif Requires(pre): fileutils textutils %endif Version: 4.86.2 @@ -72,8 +85,8 @@ License: GPL-2.0+ Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 -Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc +Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2 +Source3: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc Source4: exim.keyring Source1: sysconfig.exim @@ -86,7 +99,10 @@ Source31: eximstats.conf Source32: eximstats.conf-2.2 Source40: exim.service -Patch: exim-tail.patch +Patch0: exim-tail.patch +Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch +Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch +Patch3: exim-CVE-2017-1000369.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -128,7 +144,10 @@ %prep %setup -q -n exim-%{version} -%patch +%patch0 +%patch1 -p 1 +%patch2 -p 1 +%patch3 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" @@ -264,9 +283,13 @@ EXPERIMENTAL_PROXY=yes EXPERIMENTAL_CERTNAMES=yes EXPERIMENTAL_DSN=yes +%if %{with dane} EXPERIMENTAL_DANE=yes +%endif EXPERIMENTAL_SOCKS=yes +%if %{with i18n} EXPERIMENTAL_INTERNATIONAL=yes +%endif LDFLAGS += -lidn CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie @@ -465,7 +488,7 @@ %attr(0750,root,www) /srv/www/eximstats %dir /etc/apache2 %dir /etc/apache2/conf.d -/etc/apache2/conf.d/eximstats.conf +%config /etc/apache2/conf.d/eximstats.conf %{_sbindir}/eximstats-html-update.py %changelog ++++++ exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch ++++++ ++++ 1425 lines (skipped) ++++++ exim-CVE-2017-1000369.patch ++++++ commit 65e061b76867a9ea7aeeb535341b790b90ae6c21 Author: Heiko Schlittermann (HS12-RIPE) <[email protected]> Date: Wed May 31 23:08:56 2017 +0200 Cleanup (prevent repeated use of -p/-oMr to avoid mem leak) diff --git a/src/exim.c b/src/src/exim.c index 67583e58..88e11977 100644 --- a/src/exim.c +++ b/src/exim.c @@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++) /* -oMr: Received protocol */ - else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; + else if (Ustrcmp(argrest, "Mr") == 0) + + if (received_protocol) + { + fprintf(stderr, "received_protocol is set already\n"); + exit(EXIT_FAILURE); + } + else received_protocol = argv[++i]; /* -oMs: Set sender host name */ @@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++) if (*argrest != 0) { - uschar *hn = Ustrchr(argrest, ':'); + uschar *hn; + + if (received_protocol) + { + fprintf(stderr, "received_protocol is set already\n"); + exit(EXIT_FAILURE); + } + + hn = Ustrchr(argrest, ':'); if (hn == NULL) { received_protocol = argrest; ++++++ fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch ++++++ >From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001 From: Jeremy Harris <[email protected]> Date: Fri, 16 Dec 2016 20:36:39 +0000 Subject: [PATCH 1/3] Fix DKIM information leakage Cherry picked from exim-4_87 .. exim-4_87_1 --- doc/doc-txt/ChangeLog | 7 +++ doc/doc-txt/cve-2016-9663 | 86 +++++++++++++++++++++++++++++++++ src/src/dkim.c | 1 + src/src/transports/smtp.c | 4 +- test/confs/4510 | 71 +++++++++++++++++++++++++++ test/log/4510 | 20 ++++++++ test/mail/4510.store | 58 ++++++++++++++++++++++ test/runtest | 8 +++ test/scripts/4510-DKIM-Bounces/4510 | 15 ++++++ test/scripts/4510-DKIM-Bounces/REQUIRES | 2 + 10 files changed, 271 insertions(+), 1 deletion(-) create mode 100644 doc/doc-txt/cve-2016-9663 create mode 100644 test/confs/4510 create mode 100644 test/log/4510 create mode 100644 test/mail/4510.store create mode 100644 test/scripts/4510-DKIM-Bounces/4510 create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES diff --git a/src/dkim.c b/src/dkim.c index 3e71545..8e93566 100644 --- a/src/dkim.c +++ b/src/dkim.c @@ -519,6 +519,7 @@ dkim_exim_sign(int dkim_fd, uschar *dkim_private_key, (char *)dkim_signing_selector, (char *)dkim_private_key_expanded ); + dkim_private_key_expanded[0] = '\0'; pdkim_set_debug_stream(ctx,debug_file); diff --git a/src/transports/smtp.c b/src/transports/smtp.c index a952413..cc8f025 100644 --- a/src/transports/smtp.c +++ b/src/transports/smtp.c @@ -293,6 +293,7 @@ static uschar *rf_names[] = { US"NEVER", US"SUCCESS", US"FAILURE", US"DELAY" }; static uschar *smtp_command; /* Points to last cmd for error messages */ static uschar *mail_command; /* Points to MAIL cmd for error messages */ static BOOL update_waiting; /* TRUE to update the "wait" database */ +static uschar *data_command = US""; /* Points to DATA cmd for error messages */ /************************************************* @@ -2244,6 +2245,7 @@ if (ok || (smtp_use_pipelining && !mua_wrapper)) case -1: goto END_OFF; /* Timeout on RCPT */ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ } + data_command = string_copy(big_buffer); /* Save for later error message */ } /* Save the first address of the next batch. */ @@ -2418,7 +2420,7 @@ if (!ok) ok = TRUE; else #else "LMTP error after %s: %s", #endif - big_buffer, string_printing(buffer)); + data_command, string_printing(buffer)); setflag(addr, af_pass_message); /* Allow message to go to user */ if (buffer[0] == '5') addr->transport_return = FAIL;
