New version

Resolves: CVE-2014-2972 - De-fuzzified patches
2014-07-23 17:44:25 +02:00 · 2014-07-23 17:44:25 +02:00 · 84967cdd47
parent 6795df81d8
commit 84967cdd47
4 changed files with 43 additions and 37 deletions
--- a/exim-4.83-config.patch
+++ b/exim-4.83-config.patch
@ -1,8 +1,8 @@
 diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
-index 5e8a726..31a5aad 100755
+index eeb26ee..9cb6385 100755
 --- a/scripts/Configure-Makefile
 +++ b/scripts/Configure-Makefile
-@@ -233,7 +233,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
+@@ -249,7 +249,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
   mv $mft $mftt
   echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
@ -12,7 +12,7 @@ index 5e8a726..31a5aad 100755
   echo "" >>$mft
   cat $mftt >> $mft
 diff --git a/src/EDITME b/src/EDITME
-index 3f818f3..6cc58a8 100644
+index d576fd7..a3ffd48 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -98,7 +98,7 @@
@ -121,7 +121,7 @@ index 3f818f3..6cc58a8 100644
 # If you're using ClamAV and are backporting fixes to an old version, instead
 # of staying current (which is the more usual approach) then you may need to
-@@ -560,7 +562,7 @@ FIXED_NEVER_USERS=root
+@@ -573,7 +575,7 @@ FIXED_NEVER_USERS=root
 # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
 # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
@ -130,7 +130,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -605,15 +607,13 @@ FIXED_NEVER_USERS=root
+@@ -618,15 +620,13 @@ FIXED_NEVER_USERS=root
 # included in the Exim binary. You will then need to set up the run time
 # configuration to make use of the mechanism(s) selected.
@ -153,7 +153,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -634,7 +634,7 @@ FIXED_NEVER_USERS=root
+@@ -647,7 +647,7 @@ FIXED_NEVER_USERS=root
 # one that is set in the headers_charset option. The default setting is
 # defined by this setting:
@ -162,7 +162,7 @@ index 3f818f3..6cc58a8 100644
 # If you are going to make use of $header_xxx expansions in your configuration
 # file, or if your users are going to use them in filter files, and the normal
-@@ -654,7 +654,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -667,7 +667,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # the Sieve filter support. For those OS where iconv() is known to be installed
 # as standard, the file in OS/Makefile-xxxx contains
 #
@ -171,7 +171,7 @@ index 3f818f3..6cc58a8 100644
 #
 # If you are not using one of those systems, but have installed iconv(), you
 # need to uncomment that line above. In some cases, you may find that iconv()
-@@ -716,11 +716,11 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -729,11 +729,11 @@ HEADERS_CHARSET="ISO-8859-1"
 # leave these settings commented out.
 # This setting is required for any TLS support (either OpenSSL or GnuTLS)
@ -186,7 +186,7 @@ index 3f818f3..6cc58a8 100644
 # Uncomment the first and either the second or the third of these if you
 # are using GnuTLS.  If you have pkg-config, then the second, else the third.
-@@ -785,7 +785,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # Once you have done this, "make install" will build the info files and
 # install them in the directory you have defined.
@ -195,7 +195,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -811,7 +811,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # %s. This will be replaced by one of the strings "main", "panic", or "reject"
 # to form the final file names. Some installations may want something like this:
@ -204,7 +204,7 @@ index 3f818f3..6cc58a8 100644
 # which results in files with names /var/log/exim_mainlog, etc. The directory
 # in which the log files are placed must exist; Exim does not try to create
-@@ -864,7 +864,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -877,7 +877,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
 # Perl costs quite a lot of resources. Only do this if you really need it.
@ -213,7 +213,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -874,7 +874,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -887,7 +887,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # that the local_scan API is made available by the linker. You may also need
 # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
@ -222,7 +222,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -884,7 +884,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -897,7 +897,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # support, which is intended for use in conjunction with the SMTP AUTH
 # facilities, is included only when requested by the following setting:
@ -231,7 +231,7 @@ index 3f818f3..6cc58a8 100644
 # You probably need to add -lpam to EXTRALIBS, and in some releases of
 # GNU/Linux -ldl is also needed.
-@@ -952,7 +952,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -965,7 +965,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # group. Once you have installed saslauthd, you should arrange for it to be
 # started by root at boot time.
@ -240,7 +240,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -965,9 +965,9 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -978,9 +978,9 @@ ZCAT_COMMAND=/usr/bin/zcat
 # You may well also have to specify a local "include" file and an additional
 # library for TCP wrappers, so you probably need something like this:
 #
@ -253,7 +253,7 @@ index 3f818f3..6cc58a8 100644
 #
 # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
 # as well.
-@@ -1019,7 +1019,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1032,7 +1032,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # is "yes", as well as supporting line editing, a history of input lines in the
 # current run is maintained.
@ -262,7 +262,7 @@ index 3f818f3..6cc58a8 100644
 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
 # Note that this option adds to the size of the Exim binary, because the
-@@ -1029,7 +1029,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1042,7 +1042,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 #------------------------------------------------------------------------------
 # Uncomment this setting to include IPv6 support.
@ -271,7 +271,7 @@ index 3f818f3..6cc58a8 100644
 ###############################################################################
 #              THINGS YOU ALMOST NEVER NEED TO MENTION                        #
-@@ -1050,13 +1050,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1063,13 +1063,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # haven't got Perl, Exim will still build and run; you just won't be able to
 # use those utilities.
@ -292,7 +292,7 @@ index 3f818f3..6cc58a8 100644
 #------------------------------------------------------------------------------
-@@ -1256,7 +1256,7 @@ TMPDIR="/tmp"
+@@ -1269,7 +1269,7 @@ TMPDIR="/tmp"
 # (process id) to a file so that it can easily be identified. The path of the
 # file can be specified here. Some installations may want something like this:
--- a/exim-4.83-dlopen-localscan.patch
+++ b/exim-4.83-dlopen-localscan.patch
@ -1,8 +1,8 @@
 diff --git a/src/EDITME b/src/EDITME
-index 6cc58a8..07f8211 100644
+index a3ffd48..c186529 100644
 --- a/src/EDITME
 +++ b/src/EDITME
-@@ -770,6 +770,20 @@ TLS_LIBS=-lssl -lcrypto
+@@ -783,6 +783,20 @@ TLS_LIBS=-lssl -lcrypto
 #------------------------------------------------------------------------------
@ -24,7 +24,7 @@ index 6cc58a8..07f8211 100644
 # documentation. Other forms are available separately. If you want to install
 # the documentation in "info" format, first fetch the Texinfo documentation
 diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 8c1e799..d5f9e55 100644
+index ba4615c..878e687 100644
 --- a/src/config.h.defaults
 +++ b/src/config.h.defaults
@@ -27,6 +27,8 @@ it's a default value. */
@ -37,10 +37,10 @@ index 8c1e799..d5f9e55 100644
 #define CONFIGURE_FILE
 diff --git a/src/globals.c b/src/globals.c
-index 133a7bf..4423f07 100644
+index d3f9987..c01d430 100644
 --- a/src/globals.c
 +++ b/src/globals.c
-@@ -149,6 +149,10 @@ uschar *tls_verify_certificates= NULL;
+@@ -162,6 +162,10 @@ uschar *tls_verify_certificates= NULL;
 uschar *tls_verify_hosts       = NULL;
 #endif
@ -48,23 +48,24 @@ index 133a7bf..4423f07 100644
 +uschar *local_scan_path        = NULL;
 +#endif
 +
- #ifdef EXPERIMENTAL_PRDR
+ #ifndef DISABLE_PRDR
 /* Per Recipient Data Response variables */
 BOOL    prdr_enable            = FALSE;
 diff --git a/src/globals.h b/src/globals.h
 index 265f94e..fde0f47 100644
 --- a/src/globals.h
 +++ b/src/globals.h
-@@ -117,6 +117,9 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
+@@ -117,6 +117,10 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
 extern uschar *tls_verify_hosts;       /* Mandatory client verification */
 #endif
 +#ifdef DLOPEN_LOCAL_SCAN
 +extern uschar *local_scan_path;        /* Path to local_scan() library */
 +#endif
- 
+
- /* Input-reading functions for messages, so we can use special ones for
+ #ifdef EXPERIMENTAL_DSN
- incoming TCP/IP. */
+ extern uschar  *dsn_envid;             /* DSN envid string */
 extern int      dsn_ret;               /* DSN ret type*/
 diff --git a/src/local_scan.c b/src/local_scan.c
 index 3500047..8599172 100644
 --- a/src/local_scan.c
@ -249,10 +250,10 @@ index 3500047..8599172 100644
 +
 /* End of local_scan.c */
 diff --git a/src/readconf.c b/src/readconf.c
-index 77c7984..da9d582 100644
+index adb538c..d378b3a 100644
 --- a/src/readconf.c
 +++ b/src/readconf.c
-@@ -286,6 +286,9 @@ static optionlist optionlist_config[] = {
+@@ -290,6 +290,9 @@ static optionlist optionlist_config[] = {
   { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
   { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
   { "local_interfaces",         opt_stringptr,   &local_interfaces },
--- a/exim-4.83-spamdconf.patch
+++ b/exim-4.83-spamdconf.patch
@ -72,7 +72,7 @@ index 38f0f56..8b599d2 100644
 -  #                      X-Spam_score_int: $spam_score_int\n\
 -  #                      X-Spam_bar: $spam_bar\n\
 -  #                      X-Spam_report: $spam_report
-+  
+
 +  # Unconditionally add score and report headers
 +  #
 +  # warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\
--- a/exim.spec
+++ b/exim.spec
@ -14,8 +14,8 @@
 Summary: The exim mail transfer agent
 Name: exim
-Version: 4.82.1
+Version: 4.83
-Release: 4%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@ -53,12 +53,12 @@ Source26: clamd.exim.service
 %endif
 Patch4: exim-rhl.patch
-Patch6: exim-4.82-config.patch
+Patch6: exim-4.83-config.patch
 Patch8: exim-4.82-libdir.patch
 Patch12: exim-4.82-cyrus.patch
 Patch13: exim-4.82-pamconfig.patch
-Patch14: exim-4.82-spamdconf.patch
+Patch14: exim-4.83-spamdconf.patch
-Patch18: exim-4.82-dlopen-localscan.patch
+Patch18: exim-4.83-dlopen-localscan.patch
 Patch19: exim-4.82-procmail.patch
 Patch20: exim-4.82-allow-filter.patch
 Patch21: exim-4.82-localhost-is-local.patch
@ -611,6 +611,11 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 %changelog
 * Wed Jul 23 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.83-1
 - New version
  Resolves: CVE-2014-2972
 - De-fuzzified patches
 * Wed Jul  9 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.82.1-4
 - Do not build clamav on RHEL
 - Fixed build without clamav