Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2022-10-19 13:17:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Wed Oct 19 13:17:29 2022 rev:73 rq:1029728 version:4.96
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2022-09-29
18:15:25.979499015 +0200
+++ /work/SRC/openSUSE:Factory/.exim.new.2275/exim.changes 2022-10-19
13:17:54.917251733 +0200
@@ -0,0 +1,4 @@
+Tue Oct 18 10:00:39 UTC 2022 - Peter Wullinger <wullin...@rz.uni-kiel.de>
+
+- add patch-cve-2022-3559 (fixes CVE-2022-3559, bsc#1204427, Bug 2915)
+
New:
----
patch-cve-2022-3559
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.uZYiVa/_old 2022-10-19 13:17:56.641255306 +0200
+++ /var/tmp/diff_new_pack.uZYiVa/_new 2022-10-19 13:17:56.649255323 +0200
@@ -75,7 +75,7 @@
Requires(pre): fileutils textutils
%endif
Version: 4.96
-Release: 1
+Release: 2
%if %{with_mysql}
BuildRequires: mysql-devel
%endif
@@ -106,6 +106,7 @@
Patch0: exim-tail.patch
Patch1: gnu_printf.patch
Patch2: patch-no-exit-on-rewrite-malformed-address.patch
+Patch3: patch-cve-2022-3559
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -150,6 +151,7 @@
%patch0
%patch1 -p1
%patch2 -p1
+%patch3 -p1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ patch-cve-2022-3559 ++++++
diff -ru a/src/exim.c b/src/exim.c
--- a/src/exim.c 2022-06-23 15:41:10.000000000 +0200
+++ b/src/exim.c 2022-10-18 13:38:30.366261000 +0200
@@ -2001,8 +2001,6 @@
regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
#endif
-for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-
/* If the program is called as "mailq" treat it as equivalent to "exim -bp";
this seems to be a generally accepted convention, since one finds symbolic
links called "mailq" in standard OS configurations. */
@@ -6084,7 +6082,7 @@
deliver_localpart_data = deliver_domain_data =
recipient_data = sender_data = NULL;
acl_var_m = NULL;
- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+ regex_vars_clear();
store_reset(reset_point);
}
diff -ru a/src/expand.c b/src/expand.c
--- a/src/expand.c 2022-06-23 15:41:10.000000000 +0200
+++ b/src/expand.c 2022-10-18 13:38:30.368690000 +0200
@@ -1873,7 +1873,7 @@
return node ? node->data.ptr : strict_acl_vars ? NULL : US"";
}
-/* Handle $auth<n> variables. */
+/* Handle $auth<n>, $regex<n> variables. */
if (Ustrncmp(name, "auth", 4) == 0)
{
diff -ru a/src/functions.h b/src/functions.h
--- a/src/functions.h 2022-06-23 15:41:10.000000000 +0200
+++ b/src/functions.h 2022-10-18 13:39:21.953979000 +0200
@@ -438,6 +438,7 @@
extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **);
extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int,
int);
extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL);
+extern void regex_vars_clear(void);
extern void retry_add_item(address_item *, uschar *, int);
extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL,
uschar **, uschar **);
Only in b/src: functions.h.rej
diff -ru a/src/globals.c b/src/globals.c
--- a/src/globals.c 2022-06-23 15:41:10.000000000 +0200
+++ b/src/globals.c 2022-10-18 13:46:22.093392000 +0200
@@ -1315,7 +1315,7 @@
#endif
const pcre2_code *regex_ismsgid = NULL;
const pcre2_code *regex_smtp_code = NULL;
-const uschar *regex_vars[REGEX_VARS];
+const uschar *regex_vars[REGEX_VARS] = { 0 };
#ifdef WHITELIST_D_MACROS
const pcre2_code *regex_whitelisted_macro = NULL;
#endif
Only in b/src: globals.c.rej
diff -ru a/src/regex.c b/src/regex.c
--- a/src/regex.c 2022-06-23 15:41:10.000000000 +0200
+++ b/src/regex.c 2022-10-18 13:43:13.041903000 +0200
@@ -96,18 +96,26 @@
return FAIL;
}
+/* reset expansion variables */
+void
+regex_vars_clear(void)
+{
+regex_match_string = NULL;
+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
+}
+
+
int
-regex(const uschar **listptr)
+regex(const uschar ** listptr)
{
unsigned long mbox_size;
-FILE *mbox_file;
-pcre_list *re_list_head;
-uschar *linebuffer;
+FILE * mbox_file;
+pcre_list * re_list_head;
+uschar * linebuffer;
long f_pos = 0;
int ret = FAIL;
-/* reset expansion variable */
-regex_match_string = NULL;
+regex_vars_clear();
if (!mime_stream) /* We are in the DATA ACL */
{
@@ -169,14 +177,13 @@
int
mime_regex(const uschar **listptr)
{
-pcre_list *re_list_head = NULL;
-FILE *f;
-uschar *mime_subject = NULL;
+pcre_list * re_list_head = NULL;
+FILE * f;
+uschar * mime_subject = NULL;
int mime_subject_len = 0;
int ret;
-/* reset expansion variable */
-regex_match_string = NULL;
+regex_vars_clear();
/* precompile our regexes */
if (!(re_list_head = compile(*listptr)))
diff -ru a/src/smtp_in.c b/src/smtp_in.c
--- a/src/smtp_in.c 2022-06-23 15:41:10.000000000 +0200
+++ b/src/smtp_in.c 2022-10-18 13:38:30.372819000 +0200
@@ -2157,8 +2157,10 @@
#ifdef SUPPORT_I18N
message_smtputf8 = FALSE;
#endif
+regex_vars_clear();
body_linecount = body_zerocount = 0;
+lookup_value = NULL; /* Can be set by ACL */
sender_rate = sender_rate_limit = sender_rate_period = NULL;
ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */
/* Note that ratelimiters_conn persists across resets. */
