commit exim for openSUSE:Factory

Tue, 28 Nov 2017 05:05:10 -0800 

Hello community,

here is the log from the commit of package exim for openSUSE:Factory checked in 
at 2017-11-28 14:04:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
 and      /work/SRC/openSUSE:Factory/.exim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "exim"

Tue Nov 28 14:04:27 2017 rev:46 rq:545933 version:4.88

Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes        2017-11-25 
08:43:02.597417626 +0100
+++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes   2017-11-28 
14:04:30.132621560 +0100
@@ -1,0 +2,23 @@
+Mon Nov 27 10:36:17 UTC 2017 - dmuel...@suse.com
+
+- update to 4.88:
+  drops fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch,
+     exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
+- remove exim4-manpages.tar.bz2: upstream does not exist anymore
+- update keyring
+
+-------------------------------------------------------------------
+Mon Nov 27 08:52:33 UTC 2017 - kstreit...@suse.com
+
+- add exim-4.86.2-mariadb_102_compile_fix.patch to fix compilation
+   with the mariadb 10.2 (in our case the build with libmariadb
+   library from the mariadb-connector-c package)
+   * upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and
+   31beb7972466a33a88770eacbce13490f2ddadc2
+
+-------------------------------------------------------------------
+Mon Nov 27 06:45:14 UTC 2017 - meiss...@suse.com
+
+- exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 
bsc#1069857)
+
+-------------------------------------------------------------------

Old:
----
  exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
  exim-4.86.2.tar.bz2
  exim-4.86.2.tar.bz2.asc
  exim4-manpages.tar.bz2
  fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch

New:
----
  exim-4.86.2-mariadb_102_compile_fix.patch
  exim-4.88.tar.bz2
  exim-4.88.tar.bz2.asc
  exim-CVE-2017-16943.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.FXdMoQ/_old  2017-11-28 14:04:31.164584041 +0100
+++ /var/tmp/diff_new_pack.FXdMoQ/_new  2017-11-28 14:04:31.168583895 +0100
@@ -78,7 +78,7 @@
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.86.2
+Version:        4.88
 Release:        0
 %if %{with_mysql}
 BuildRequires:  mysql-devel
@@ -102,15 +102,14 @@
 Source11:       exim.rc
 Source12:       permissions.exim
 Source13:       apparmor.usr.sbin.exim
-Source20:       
http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2
 Source30:       eximstats-html-update.py
 Source31:       eximstats.conf
 Source32:       eximstats.conf-2.2
 Source40:       exim.service
 Patch0:         exim-tail.patch
-Patch1:         
exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
-Patch2:         
fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch
 Patch3:         exim-CVE-2017-1000369.patch
+Patch4:         exim-CVE-2017-16943.patch
+Patch5:         exim-4.86.2-mariadb_102_compile_fix.patch
 
 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@@ -153,9 +152,9 @@
 %prep
 %setup -q -n exim-%{version}
 %patch0
-%patch1 -p 1
-%patch2 -p 1
 %patch3 -p 1
+%patch4 -p 1
+%patch5 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
@@ -291,6 +290,7 @@
        EXPERIMENTAL_PROXY=yes
        EXPERIMENTAL_CERTNAMES=yes
        EXPERIMENTAL_DSN=yes
+       SYSTEM_ALIASES_FILE=/etc/aliases
 %if %{with dane}
        EXPERIMENTAL_DANE=yes
 %endif
@@ -326,7 +326,7 @@
        inst_info=$RPM_BUILD_ROOT/%{_infodir} \
        INSTALL_ARG=-no_chown   install
 #mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
-mv $RPM_BUILD_ROOT/usr/sbin/exim-4.86* $RPM_BUILD_ROOT/usr/sbin/exim
+mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim
 mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all 
substitutions done
 %if 0%{?suse_version} > 1220
 install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
@@ -355,8 +355,6 @@
 # man pages
 mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
 pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > 
$RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8
-tar xvjf %{S:20}
-cp -p exim4-manpages/* $RPM_BUILD_ROOT/%{_mandir}/man8/
 for i in \
        sendmail \
        runq \

++++++ exim-4.86.2-mariadb_102_compile_fix.patch ++++++
Index: exim-4.86.2/src/lookups/mysql.c
===================================================================
--- exim-4.86.2.orig/src/lookups/mysql.c
+++ exim-4.86.2/src/lookups/mysql.c
@@ -14,6 +14,53 @@ functions. */
 
 #include <mysql.h>       /* The system header */
 
+/* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
+and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
+with versions before 10.2, as they do not define there there specific symbols.
+*/
+
+// Newer (>= 10.2) MariaDB
+#if defined                   MARIADB_VERSION_ID
+#define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
+
+// MySQL defines MYSQL_VERSION_ID, and MariaDB does so
+// https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html
+#elif defined                 LIBMYSQL_VERSION_ID
+#define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
+#elif defined                 MYSQL_VERSION_ID
+#define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
+
+#else
+#define EXIM_MYSQL_VERSION_ID  0
+#endif
+
+// Newer (>= 10.2) MariaDB
+#ifdef                         MARIADB_CLIENT_VERSION_STR
+#define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
+
+// Mysql uses MYSQL_SERVER_VERSION
+#elif defined                  LIBMYSQL_VERSION
+#define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
+#elif defined                  MYSQL_SERVER_VERSION
+#define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
+
+#else
+#define EXIM_MxSQL_VERSION_STR  "N.A."
+#endif
+
+#if defined                 MARIADB_BASE_VERSION
+#define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
+
+#elif defined               MARIADB_PACKAGE_VERSION
+#define EXIM_MxSQL_BASE_STR "mariadb"
+
+#elif defined               MYSQL_BASE_VERSION
+#define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
+
+#else
+#define EXIM_MxSQL_BASE_STR  "n.A."
+#endif
+
 
 /* Structure and anchor for caching connections. */
 
@@ -423,10 +470,10 @@ return quoted;
 void
 mysql_version_report(FILE *f)
 {
-fprintf(f, "Library version: MySQL: Compile: %s [%s]\n"
-           "                        Runtime: %s\n",
-        MYSQL_SERVER_VERSION, MYSQL_COMPILATION_COMMENT,
-        mysql_get_client_info());
+fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
+           "                        Runtime: %lu %s\n",
+        (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, 
EXIM_MxSQL_BASE_STR,
+        mysql_get_client_version(), mysql_get_client_info());
 #ifdef DYNLOOKUP
 fprintf(f, "                        Exim version %s\n", EXIM_VERSION_STR);
 #endif
Index: exim-4.86.2/src/EDITME
===================================================================
--- exim-4.86.2.orig/src/EDITME
+++ exim-4.86.2/src/EDITME
@@ -253,7 +253,7 @@ TRANSPORT_SMTP=yes
 # you perform upgrades and revert them. You should consider the benefit of
 # embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
 # maintain two concurrent sets of modules.
-# 
+#
 # *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
 # the ability to modify the Exim binary, which is often setuid root!  The Exim
 # developers only intend this functionality be used by OS software packagers
@@ -301,6 +301,7 @@ LOOKUP_DNSDB=yes
 # LOOKUP_IBASE=yes
 # LOOKUP_LDAP=yes
 # LOOKUP_MYSQL=yes
+# LOOKUP_MYSQL_PC=mariadb
 # LOOKUP_NIS=yes
 # LOOKUP_NISPLUS=yes
 # LOOKUP_ORACLE=yes
++++++ exim-4.86.2.tar.bz2 -> exim-4.88.tar.bz2 ++++++
++++ 66032 lines of diff (skipped)

++++++ exim-CVE-2017-16943.patch ++++++
>From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146...@wizmail.org>
Date: Fri, 24 Nov 2017 20:22:33 +0000
Subject: [PATCH] Avoid release of store if there have been later allocations. 
 Bug 2199

---
 src/src/receive.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/src/receive.c b/src/src/receive.c
index e7e518a..d9b5001 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -1810,8 +1810,8 @@ for (;;)
   (and sometimes lunatic messages can have ones that are 100s of K long) we
   call store_release() for strings that have been copied - if the string is at
   the start of a block (and therefore the only thing in it, because we aren't
-  doing any other gets), the block gets freed. We can only do this because we
-  know there are no other calls to store_get() going on. */
+  doing any other gets), the block gets freed. We can only do this release if
+  there were no allocations since the once that we want to free. */
 
   if (ptr >= header_size - 4)
     {
@@ -1820,9 +1820,10 @@ for (;;)
     header_size *= 2;
     if (!store_extend(next->text, oldsize, header_size))
       {
+      BOOL release_ok = store_last_get[store_pool] == next->text;
       uschar *newtext = store_get(header_size);
       memcpy(newtext, next->text, ptr);
-      store_release(next->text);
+      if (release_ok) store_release(next->text);
       next->text = newtext;
       }
     }
-- 
1.9.1

++++++ exim.keyring ++++++
++++ 6838 lines (skipped)
++++ between exim.keyring
++++ and /work/SRC/openSUSE:Factory/.exim.new/exim.keyring

Reply via email to