diff options
author | Vlad Glagolev | 2019-06-06 19:46:29 +0000 |
---|---|---|
committer | Vlad Glagolev | 2019-06-06 19:46:29 +0000 |
commit | 1cc1eebcb0e27178353c89503e430f75271d0ff8 (patch) | |
tree | 9a8f9bf9b7d3c56a07df09e68e6dbff79889f8fb /mail | |
parent | 22882420c94515bddfc947859e4ff427f3e010da (diff) |
exim: security update
Diffstat (limited to 'mail')
-rwxr-xr-x | mail/exim/DETAILS | 2 | ||||
-rw-r--r-- | mail/exim/HISTORY | 5 | ||||
-rwxr-xr-x | mail/exim/PRE_BUILD | 5 | ||||
-rw-r--r-- | mail/exim/cve-2019-10149.patch | 106 |
4 files changed, 115 insertions, 3 deletions
diff --git a/mail/exim/DETAILS b/mail/exim/DETAILS index 214bd9a443..d491271b37 100755 --- a/mail/exim/DETAILS +++ b/mail/exim/DETAILS @@ -1,6 +1,6 @@ SPELL=exim VERSION=4.91 - SECURITY_PATCH=11 + SECURITY_PATCH=12 SOURCE=$SPELL-$VERSION.tar.bz2 SOURCE2=$SOURCE.asc SOURCE_GPG="exim.gpg:$SOURCE2:VERIFIED_UPSTREAM_KEY" diff --git a/mail/exim/HISTORY b/mail/exim/HISTORY index d3a56b511c..d09cad5946 100644 --- a/mail/exim/HISTORY +++ b/mail/exim/HISTORY @@ -1,3 +1,8 @@ +2019-06-06 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS: SECURITY_PATCH++ + * PRE_BUILD: apply patch + * cve-2019-10149.patch: added, to fix CVE-2019-10149 + 2019-03-02 Vlad Glagolev <stealth@sourcemage.org> * DETAILS: temporarily downgrade to 4.91 due to TLS connection issues diff --git a/mail/exim/PRE_BUILD b/mail/exim/PRE_BUILD index 40f865c14c..94ee24d52f 100755 --- a/mail/exim/PRE_BUILD +++ b/mail/exim/PRE_BUILD @@ -1,7 +1,8 @@ default_pre_build && -cd "$SOURCE_DIRECTORY" && +cd "${SOURCE_DIRECTORY}" && -patch -p0 < "$SPELL_DIRECTORY/config.patch" && +patch -p0 < "${SPELL_DIRECTORY}/config.patch" && +patch -p1 < "${SPELL_DIRECTORY}/cve-2019-10149.patch" && sed -i "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'" \ src/configure.default diff --git a/mail/exim/cve-2019-10149.patch b/mail/exim/cve-2019-10149.patch new file mode 100644 index 0000000000..d958e29178 --- /dev/null +++ b/mail/exim/cve-2019-10149.patch @@ -0,0 +1,106 @@ +From d740d2111f189760593a303124ff6b9b1f83453d Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Mon, 27 May 2019 21:57:31 +0100 +Subject: [PATCH] Fix CVE-2019-10149 + +--- + doc/ChangeLog | 2 ++ + doc/cve-2019-10149 | 36 ++++++++++++++++++++++++++++++++++++ + src/deliver.c | 22 ++++++++++++++-------- + 3 files changed, 52 insertions(+), 8 deletions(-) + create mode 100644 doc/doc-txt/cve-2019-10149 + +diff --git a/doc/ChangeLog b/doc/ChangeLog +index 751b1d5..d9b8969 100644 +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -85,6 +85,8 @@ JH/41 Fix the loop reading a message header line to check for integer overflow, + JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option. It had + been totally disabled for all of 4.91. Discovery and fix by "Mad Alex". + ++JH/43 Fix CVE-2019-10149 ++ + + Exim version 4.91 + ----------------- +diff --git a/doc/cve-2019-10149 b/doc/cve-2019-10149 +new file mode 100644 +index 0000000..4a9d3fb +--- /dev/null ++++ b/doc/cve-2019-10149 +@@ -0,0 +1,36 @@ ++CVE-2019-10149 Exim 4.87 to 4.91 ++================================ ++ ++We received a report of a possible remote exploit. Currently there is no ++evidence of an active use of this exploit. ++ ++A patch exists already, is being tested, and backported to all ++versions we released since (and including) 4.87. ++ ++The severity depends on your configuration. It depends on how close to ++the standard configuration your Exim runtime configuration is. The ++closer the better. ++ ++Exim 4.92 is not vulnerable. ++ ++Next steps: ++ ++* t0: Distros will get access to our non-public security Git repo ++ (access is granted based on the SSH keys that are known to us) ++ ++* t0+7d: Coordinated Release Date: Distros should push the patched ++ version to their repos. The Exim maintainers will publish ++ the fixed source to the official and public Git repo. ++ ++t0 is expected to be 2019-06-04, 10:00 UTC ++t0+7d is expected to be 2019-06-11, 10:00 UTC ++ ++ ++Timeline ++-------- ++ ++* 2019-05-27 Report from Qualys to exim-security list ++* 2019-05-27 Patch provided by Jeremy Harris ++* 2019-05-29 CVE-2019-10149 assigned from Qualys via RedHat ++* 2019-06-03 This announcement ++* 2019-06-04 10:00 UTC Grant access to the non-public security Git repo +diff --git a/src/deliver.c b/src/deliver.c +index 59256ac..45cc072 100644 +--- a/src/deliver.c ++++ b/src/deliver.c +@@ -6227,17 +6227,23 @@ if (process_recipients != RECIP_IGNORE) + { + uschar * save_local = deliver_localpart; + const uschar * save_domain = deliver_domain; ++ uschar * addr = new->address, * errmsg = NULL; ++ int start, end, dom; + +- deliver_localpart = expand_string( +- string_sprintf("${local_part:%s}", new->address)); +- deliver_domain = expand_string( +- string_sprintf("${domain:%s}", new->address)); ++ if (!parse_extract_address(addr, &errmsg, &start, &end, &dom, TRUE)) ++ log_write(0, LOG_MAIN|LOG_PANIC, ++ "failed to parse address '%.100s': %s\n", addr, errmsg); ++ else ++ { ++ deliver_localpart = ++ string_copyn(addr+start, dom ? (dom-1) - start : end - start); ++ deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS""; + +- (void) event_raise(event_action, +- US"msg:fail:internal", new->message); ++ event_raise(event_action, US"msg:fail:internal", new->message); + +- deliver_localpart = save_local; +- deliver_domain = save_domain; ++ deliver_localpart = save_local; ++ deliver_domain = save_domain; ++ } + } + #endif + } +-- +1.9.1 + |