parent
8bdd6e1817
commit
62c96cdc52
|
@ -0,0 +1,41 @@
|
||||||
|
diff --git a/src/receive.c b/src/receive.c
|
||||||
|
index 3246621..f19c8b9 100644
|
||||||
|
--- a/src/receive.c
|
||||||
|
+++ b/src/receive.c
|
||||||
|
@@ -1827,7 +1827,7 @@ for (;;)
|
||||||
|
prevent further reading), and break out of the loop, having freed the
|
||||||
|
empty header, and set next = NULL to indicate no data line. */
|
||||||
|
|
||||||
|
- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
|
||||||
|
+ if (ptr == 0 && ch == '.' && dot_ends)
|
||||||
|
{
|
||||||
|
ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
|
||||||
|
if (ch == '\r')
|
||||||
|
diff --git a/src/smtp_in.c b/src/smtp_in.c
|
||||||
|
index 1b45f84..0207540 100644
|
||||||
|
--- a/src/smtp_in.c
|
||||||
|
+++ b/src/smtp_in.c
|
||||||
|
@@ -4955,16 +4955,23 @@ while (done <= 0)
|
||||||
|
DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
|
||||||
|
(int)chunking_state, chunking_data_left);
|
||||||
|
|
||||||
|
+ /* push the current receive_* function on the "stack", and
|
||||||
|
+ replace them by bdat_getc(), which in turn will use the lwr_receive_*
|
||||||
|
+ functions to do the dirty work. */
|
||||||
|
lwr_receive_getc = receive_getc;
|
||||||
|
lwr_receive_ungetc = receive_ungetc;
|
||||||
|
+
|
||||||
|
receive_getc = bdat_getc;
|
||||||
|
receive_ungetc = bdat_ungetc;
|
||||||
|
|
||||||
|
+ dot_ends = FALSE;
|
||||||
|
+
|
||||||
|
goto DATA_BDAT;
|
||||||
|
}
|
||||||
|
|
||||||
|
case DATA_CMD:
|
||||||
|
HAD(SCH_DATA);
|
||||||
|
+ dot_ends = TRUE;
|
||||||
|
|
||||||
|
DATA_BDAT: /* Common code for DATA and BDAT */
|
||||||
|
if (!discarded && recipients_count <= 0)
|
10
exim.spec
10
exim.spec
|
@ -15,7 +15,7 @@
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.89
|
Version: 4.89
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: http://www.exim.org/
|
Url: http://www.exim.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -76,7 +76,10 @@ Patch29: exim-4.89-CVE-2017-1000369.patch
|
||||||
# Backported from upstream:
|
# Backported from upstream:
|
||||||
# https://git.exim.org/exim.git/commitdiff/14de8063d82edc5bf003ed50abdea55ac542679b
|
# https://git.exim.org/exim.git/commitdiff/14de8063d82edc5bf003ed50abdea55ac542679b
|
||||||
Patch30: exim-4.89-calloutsize.patch
|
Patch30: exim-4.89-calloutsize.patch
|
||||||
|
# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=2199
|
||||||
Patch31: exim-4.89-CVE-2017-16943.patch
|
Patch31: exim-4.89-CVE-2017-16943.patch
|
||||||
|
# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=2201
|
||||||
|
Patch32: exim-4.89-CVE-2017-16944.patch
|
||||||
|
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
|
@ -239,6 +242,7 @@ greylisting unconditional.
|
||||||
%patch29 -p1 -b .CVE-2017-1000369
|
%patch29 -p1 -b .CVE-2017-1000369
|
||||||
%patch30 -p1 -b .calloutsize
|
%patch30 -p1 -b .calloutsize
|
||||||
%patch31 -p1 -b .CVE-2017-16943
|
%patch31 -p1 -b .CVE-2017-16943
|
||||||
|
%patch32 -p1 -b .CVE-2017-16944
|
||||||
|
|
||||||
cp src/EDITME Local/Makefile
|
cp src/EDITME Local/Makefile
|
||||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||||
|
@ -631,6 +635,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Dec 1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-4
|
||||||
|
- Fixed denial of service
|
||||||
|
Resolves: CVE-2017-16944
|
||||||
|
|
||||||
* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-3
|
* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-3
|
||||||
- Fixed use-after-free
|
- Fixed use-after-free
|
||||||
Resolves: CVE-2017-16943
|
Resolves: CVE-2017-16943
|
||||||
|
|
Loading…
Reference in New Issue