New version
Resolves: CVE-2014-2972 - De-fuzzified patches
This commit is contained in:
parent
6795df81d8
commit
84967cdd47
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
||||||
index 5e8a726..31a5aad 100755
|
index eeb26ee..9cb6385 100755
|
||||||
--- a/scripts/Configure-Makefile
|
--- a/scripts/Configure-Makefile
|
||||||
+++ b/scripts/Configure-Makefile
|
+++ b/scripts/Configure-Makefile
|
||||||
@@ -233,7 +233,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
@@ -249,7 +249,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||||
|
|
||||||
mv $mft $mftt
|
mv $mft $mftt
|
||||||
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
|
||||||
|
@ -12,7 +12,7 @@ index 5e8a726..31a5aad 100755
|
||||||
echo "" >>$mft
|
echo "" >>$mft
|
||||||
cat $mftt >> $mft
|
cat $mftt >> $mft
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index 3f818f3..6cc58a8 100644
|
index d576fd7..a3ffd48 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -98,7 +98,7 @@
|
@@ -98,7 +98,7 @@
|
||||||
|
@ -121,7 +121,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
# If you're using ClamAV and are backporting fixes to an old version, instead
|
# If you're using ClamAV and are backporting fixes to an old version, instead
|
||||||
# of staying current (which is the more usual approach) then you may need to
|
# of staying current (which is the more usual approach) then you may need to
|
||||||
@@ -560,7 +562,7 @@ FIXED_NEVER_USERS=root
|
@@ -573,7 +575,7 @@ FIXED_NEVER_USERS=root
|
||||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||||
|
|
||||||
|
@ -130,7 +130,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -605,15 +607,13 @@ FIXED_NEVER_USERS=root
|
@@ -618,15 +620,13 @@ FIXED_NEVER_USERS=root
|
||||||
# included in the Exim binary. You will then need to set up the run time
|
# included in the Exim binary. You will then need to set up the run time
|
||||||
# configuration to make use of the mechanism(s) selected.
|
# configuration to make use of the mechanism(s) selected.
|
||||||
|
|
||||||
|
@ -153,7 +153,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -634,7 +634,7 @@ FIXED_NEVER_USERS=root
|
@@ -647,7 +647,7 @@ FIXED_NEVER_USERS=root
|
||||||
# one that is set in the headers_charset option. The default setting is
|
# one that is set in the headers_charset option. The default setting is
|
||||||
# defined by this setting:
|
# defined by this setting:
|
||||||
|
|
||||||
|
@ -162,7 +162,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
# If you are going to make use of $header_xxx expansions in your configuration
|
# If you are going to make use of $header_xxx expansions in your configuration
|
||||||
# file, or if your users are going to use them in filter files, and the normal
|
# file, or if your users are going to use them in filter files, and the normal
|
||||||
@@ -654,7 +654,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -667,7 +667,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||||
# as standard, the file in OS/Makefile-xxxx contains
|
# as standard, the file in OS/Makefile-xxxx contains
|
||||||
#
|
#
|
||||||
|
@ -171,7 +171,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
#
|
#
|
||||||
# If you are not using one of those systems, but have installed iconv(), you
|
# If you are not using one of those systems, but have installed iconv(), you
|
||||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||||
@@ -716,11 +716,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -729,11 +729,11 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# leave these settings commented out.
|
# leave these settings commented out.
|
||||||
|
|
||||||
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
|
||||||
|
@ -186,7 +186,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
# Uncomment the first and either the second or the third of these if you
|
# Uncomment the first and either the second or the third of these if you
|
||||||
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
# are using GnuTLS. If you have pkg-config, then the second, else the third.
|
||||||
@@ -785,7 +785,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# Once you have done this, "make install" will build the info files and
|
# Once you have done this, "make install" will build the info files and
|
||||||
# install them in the directory you have defined.
|
# install them in the directory you have defined.
|
||||||
|
|
||||||
|
@ -195,7 +195,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -811,7 +811,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||||
# to form the final file names. Some installations may want something like this:
|
# to form the final file names. Some installations may want something like this:
|
||||||
|
|
||||||
|
@ -204,7 +204,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||||
# in which the log files are placed must exist; Exim does not try to create
|
# in which the log files are placed must exist; Exim does not try to create
|
||||||
@@ -864,7 +864,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -877,7 +877,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||||
|
|
||||||
|
@ -213,7 +213,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -874,7 +874,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -887,7 +887,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# that the local_scan API is made available by the linker. You may also need
|
# that the local_scan API is made available by the linker. You may also need
|
||||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||||
|
|
||||||
|
@ -222,7 +222,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -884,7 +884,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -897,7 +897,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||||
# facilities, is included only when requested by the following setting:
|
# facilities, is included only when requested by the following setting:
|
||||||
|
|
||||||
|
@ -231,7 +231,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||||
# GNU/Linux -ldl is also needed.
|
# GNU/Linux -ldl is also needed.
|
||||||
@@ -952,7 +952,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -965,7 +965,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||||
# started by root at boot time.
|
# started by root at boot time.
|
||||||
|
|
||||||
|
@ -240,7 +240,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -965,9 +965,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -978,9 +978,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# You may well also have to specify a local "include" file and an additional
|
# You may well also have to specify a local "include" file and an additional
|
||||||
# library for TCP wrappers, so you probably need something like this:
|
# library for TCP wrappers, so you probably need something like this:
|
||||||
#
|
#
|
||||||
|
@ -253,7 +253,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
#
|
#
|
||||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||||
# as well.
|
# as well.
|
||||||
@@ -1019,7 +1019,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1032,7 +1032,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||||
# current run is maintained.
|
# current run is maintained.
|
||||||
|
|
||||||
|
@ -262,7 +262,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||||
# Note that this option adds to the size of the Exim binary, because the
|
# Note that this option adds to the size of the Exim binary, because the
|
||||||
@@ -1029,7 +1029,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1042,7 +1042,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# Uncomment this setting to include IPv6 support.
|
# Uncomment this setting to include IPv6 support.
|
||||||
|
|
||||||
|
@ -271,7 +271,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||||
@@ -1050,13 +1050,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1063,13 +1063,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||||
# use those utilities.
|
# use those utilities.
|
||||||
|
|
||||||
|
@ -292,7 +292,7 @@ index 3f818f3..6cc58a8 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -1256,7 +1256,7 @@ TMPDIR="/tmp"
|
@@ -1269,7 +1269,7 @@ TMPDIR="/tmp"
|
||||||
# (process id) to a file so that it can easily be identified. The path of the
|
# (process id) to a file so that it can easily be identified. The path of the
|
||||||
# file can be specified here. Some installations may want something like this:
|
# file can be specified here. Some installations may want something like this:
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index 6cc58a8..07f8211 100644
|
index a3ffd48..c186529 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -770,6 +770,20 @@ TLS_LIBS=-lssl -lcrypto
|
@@ -783,6 +783,20 @@ TLS_LIBS=-lssl -lcrypto
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
|
@ -24,7 +24,7 @@ index 6cc58a8..07f8211 100644
|
||||||
# documentation. Other forms are available separately. If you want to install
|
# documentation. Other forms are available separately. If you want to install
|
||||||
# the documentation in "info" format, first fetch the Texinfo documentation
|
# the documentation in "info" format, first fetch the Texinfo documentation
|
||||||
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
||||||
index 8c1e799..d5f9e55 100644
|
index ba4615c..878e687 100644
|
||||||
--- a/src/config.h.defaults
|
--- a/src/config.h.defaults
|
||||||
+++ b/src/config.h.defaults
|
+++ b/src/config.h.defaults
|
||||||
@@ -27,6 +27,8 @@ it's a default value. */
|
@@ -27,6 +27,8 @@ it's a default value. */
|
||||||
|
@ -37,10 +37,10 @@ index 8c1e799..d5f9e55 100644
|
||||||
|
|
||||||
#define CONFIGURE_FILE
|
#define CONFIGURE_FILE
|
||||||
diff --git a/src/globals.c b/src/globals.c
|
diff --git a/src/globals.c b/src/globals.c
|
||||||
index 133a7bf..4423f07 100644
|
index d3f9987..c01d430 100644
|
||||||
--- a/src/globals.c
|
--- a/src/globals.c
|
||||||
+++ b/src/globals.c
|
+++ b/src/globals.c
|
||||||
@@ -149,6 +149,10 @@ uschar *tls_verify_certificates= NULL;
|
@@ -162,6 +162,10 @@ uschar *tls_verify_certificates= NULL;
|
||||||
uschar *tls_verify_hosts = NULL;
|
uschar *tls_verify_hosts = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -48,23 +48,24 @@ index 133a7bf..4423f07 100644
|
||||||
+uschar *local_scan_path = NULL;
|
+uschar *local_scan_path = NULL;
|
||||||
+#endif
|
+#endif
|
||||||
+
|
+
|
||||||
#ifdef EXPERIMENTAL_PRDR
|
#ifndef DISABLE_PRDR
|
||||||
/* Per Recipient Data Response variables */
|
/* Per Recipient Data Response variables */
|
||||||
BOOL prdr_enable = FALSE;
|
BOOL prdr_enable = FALSE;
|
||||||
diff --git a/src/globals.h b/src/globals.h
|
diff --git a/src/globals.h b/src/globals.h
|
||||||
index 265f94e..fde0f47 100644
|
index 265f94e..fde0f47 100644
|
||||||
--- a/src/globals.h
|
--- a/src/globals.h
|
||||||
+++ b/src/globals.h
|
+++ b/src/globals.h
|
||||||
@@ -117,6 +117,9 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
@@ -117,6 +117,10 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
||||||
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
+extern uschar *local_scan_path; /* Path to local_scan() library */
|
||||||
+#endif
|
+#endif
|
||||||
|
+
|
||||||
/* Input-reading functions for messages, so we can use special ones for
|
#ifdef EXPERIMENTAL_DSN
|
||||||
incoming TCP/IP. */
|
extern uschar *dsn_envid; /* DSN envid string */
|
||||||
|
extern int dsn_ret; /* DSN ret type*/
|
||||||
diff --git a/src/local_scan.c b/src/local_scan.c
|
diff --git a/src/local_scan.c b/src/local_scan.c
|
||||||
index 3500047..8599172 100644
|
index 3500047..8599172 100644
|
||||||
--- a/src/local_scan.c
|
--- a/src/local_scan.c
|
||||||
|
@ -249,10 +250,10 @@ index 3500047..8599172 100644
|
||||||
+
|
+
|
||||||
/* End of local_scan.c */
|
/* End of local_scan.c */
|
||||||
diff --git a/src/readconf.c b/src/readconf.c
|
diff --git a/src/readconf.c b/src/readconf.c
|
||||||
index 77c7984..da9d582 100644
|
index adb538c..d378b3a 100644
|
||||||
--- a/src/readconf.c
|
--- a/src/readconf.c
|
||||||
+++ b/src/readconf.c
|
+++ b/src/readconf.c
|
||||||
@@ -286,6 +286,9 @@ static optionlist optionlist_config[] = {
|
@@ -290,6 +290,9 @@ static optionlist optionlist_config[] = {
|
||||||
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
||||||
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
||||||
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
|
@ -72,7 +72,7 @@ index 38f0f56..8b599d2 100644
|
||||||
- # X-Spam_score_int: $spam_score_int\n\
|
- # X-Spam_score_int: $spam_score_int\n\
|
||||||
- # X-Spam_bar: $spam_bar\n\
|
- # X-Spam_bar: $spam_bar\n\
|
||||||
- # X-Spam_report: $spam_report
|
- # X-Spam_report: $spam_report
|
||||||
+
|
+
|
||||||
+ # Unconditionally add score and report headers
|
+ # Unconditionally add score and report headers
|
||||||
+ #
|
+ #
|
||||||
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
+ # warn add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
|
15
exim.spec
15
exim.spec
|
@ -14,8 +14,8 @@
|
||||||
|
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.82.1
|
Version: 4.83
|
||||||
Release: 4%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: http://www.exim.org/
|
Url: http://www.exim.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -53,12 +53,12 @@ Source26: clamd.exim.service
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Patch4: exim-rhl.patch
|
Patch4: exim-rhl.patch
|
||||||
Patch6: exim-4.82-config.patch
|
Patch6: exim-4.83-config.patch
|
||||||
Patch8: exim-4.82-libdir.patch
|
Patch8: exim-4.82-libdir.patch
|
||||||
Patch12: exim-4.82-cyrus.patch
|
Patch12: exim-4.82-cyrus.patch
|
||||||
Patch13: exim-4.82-pamconfig.patch
|
Patch13: exim-4.82-pamconfig.patch
|
||||||
Patch14: exim-4.82-spamdconf.patch
|
Patch14: exim-4.83-spamdconf.patch
|
||||||
Patch18: exim-4.82-dlopen-localscan.patch
|
Patch18: exim-4.83-dlopen-localscan.patch
|
||||||
Patch19: exim-4.82-procmail.patch
|
Patch19: exim-4.82-procmail.patch
|
||||||
Patch20: exim-4.82-allow-filter.patch
|
Patch20: exim-4.82-allow-filter.patch
|
||||||
Patch21: exim-4.82-localhost-is-local.patch
|
Patch21: exim-4.82-localhost-is-local.patch
|
||||||
|
@ -611,6 +611,11 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jul 23 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.83-1
|
||||||
|
- New version
|
||||||
|
Resolves: CVE-2014-2972
|
||||||
|
- De-fuzzified patches
|
||||||
|
|
||||||
* Wed Jul 9 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.82.1-4
|
* Wed Jul 9 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.82.1-4
|
||||||
- Do not build clamav on RHEL
|
- Do not build clamav on RHEL
|
||||||
- Fixed build without clamav
|
- Fixed build without clamav
|
||||||
|
|
Loading…
Reference in New Issue