Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2023-10-02 20:05:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new.28202 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Mon Oct 2 20:05:12 2023 rev:76 rq:1114826 version:4.96.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2023-04-04
21:27:42.783676901 +0200
+++ /work/SRC/openSUSE:Factory/.exim.new.28202/exim.changes 2023-10-02
20:06:45.559436481 +0200
@@ -1,0 +2,8 @@
+Mon Oct 2 05:53:32 UTC 2023 - Peter Wullinger <wullin...@rz.uni-kiel.de>
+
+- security update to exim 4.96.1
+ * fixes CVE-2023-42114 (bsc#1215784)
+ * fixes CVE-2023-42115 (bsc#1215785)
+ * fixes CVE-2023-42116 (bsc#1215786)
+
+-------------------------------------------------------------------
Old:
----
exim-4.96.tar.bz2
exim-4.96.tar.bz2.asc
patch-cve-2022-3559
New:
----
exim-4.96.1.tar.bz2
exim-4.96.1.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.IlUvlA/_old 2023-10-02 20:06:47.571508841 +0200
+++ /var/tmp/diff_new_pack.IlUvlA/_new 2023-10-02 20:06:47.575508985 +0200
@@ -74,8 +74,8 @@
%endif
Requires(pre): fileutils textutils
%endif
-Version: 4.96
-Release: 1
+Version: 4.96.1
+Release: 0
%if %{with_mysql}
BuildRequires: mysql-devel
%endif
@@ -106,7 +106,6 @@
Patch0: exim-tail.patch
Patch1: gnu_printf.patch
Patch2: patch-no-exit-on-rewrite-malformed-address.patch
-Patch3: patch-cve-2022-3559
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -151,7 +150,6 @@
%patch0
%patch1 -p1
%patch2 -p1
-%patch3 -p1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ exim-4.96.tar.bz2 -> exim-4.96.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/doc/ChangeLog new/exim-4.96.1/doc/ChangeLog
--- old/exim-4.96/doc/ChangeLog 2022-06-23 15:41:10.000000000 +0200
+++ new/exim-4.96.1/doc/ChangeLog 2023-09-30 22:52:59.000000000 +0200
@@ -2,6 +2,24 @@
affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
+Exim version 4.96.1
+-------------------
+
+This is a security release.
+
+JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
+ could be triggered by externally-supplied input. Found by Trend Micro.
+ CVE-2023-42115
+
+JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42116
+
+JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
+ be triggered by externally-controlled input. Found by Trend Micro.
+ CVE-2023-42114
+
+
Exim version 4.96
-----------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/doc/filter.txt
new/exim-4.96.1/doc/filter.txt
--- old/exim-4.96/doc/filter.txt 2022-06-25 15:36:30.000000000 +0200
+++ new/exim-4.96.1/doc/filter.txt 2023-10-02 12:25:25.000000000 +0200
@@ -4,7 +4,7 @@
Copyright (c) 2021 The Exim Maintainers
-Revision 4.96 25 Jun 2022 PH
+Revision 4.96.1 02 Oct 2023 PH
-------------------------------------------------------------------------------
@@ -72,7 +72,7 @@
This document describes the user interfaces to Exim's in-built mail filtering
facilities, and is copyright (c) The Exim Maintainers 2021. It corresponds to
-Exim version 4.96.
+Exim version 4.96.1.
1.1 Introduction
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/doc/spec.txt new/exim-4.96.1/doc/spec.txt
--- old/exim-4.96/doc/spec.txt 2022-06-25 15:36:30.000000000 +0200
+++ new/exim-4.96.1/doc/spec.txt 2023-10-02 12:25:25.000000000 +0200
@@ -4,7 +4,7 @@
Copyright (c) 2022 The Exim Maintainers
-Revision 4.96 25 Jun 2022 EM
+Revision 4.96.1 02 Oct 2023 EM
-------------------------------------------------------------------------------
@@ -596,7 +596,7 @@
1.1 Exim documentation
----------------------
-This edition of the Exim specification applies to version 4.96 of Exim.
+This edition of the Exim specification applies to version 4.96.1 of Exim.
Substantive changes from the 4.95 edition are marked in some renditions of this
document; this paragraph is so marked if the rendition is capable of showing a
change indicator.
@@ -1723,7 +1723,7 @@
Exim is distributed as a gzipped or bzipped tar file which, when unpacked,
creates a directory with the name of the current release (for example,
-exim-4.96) into which the following files are placed:
+exim-4.96.1) into which the following files are placed:
ACKNOWLEDGMENTS contains some acknowledgments
CHANGES contains a reference to where changes are documented
@@ -2345,7 +2345,7 @@
For the utility programs, old versions are renamed by adding the suffix .O to
their names. The Exim binary itself, however, is handled differently. It is
installed under a name that includes the version number and the compile number,
-for example, exim-4.96-1. The script then arranges for a symbolic link called
+for example, exim-4.96.1-1. The script then arranges for a symbolic link called
exim to point to the binary. If you are updating a previous version of Exim,
the script takes care to ensure that the name exim is never absent from the
directory (as seen by other processes).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/src/auths/auth-spa.c
new/exim-4.96.1/src/auths/auth-spa.c
--- old/exim-4.96/src/auths/auth-spa.c 2022-06-23 15:41:10.000000000 +0200
+++ new/exim-4.96.1/src/auths/auth-spa.c 2023-09-30 22:52:59.000000000
+0200
@@ -155,6 +155,9 @@
up with a different answer to the one above)
*/
+#ifndef MACRO_PREDEF
+
+
#define DEBUG_X(a,b) ;
extern int DEBUGLEVEL;
@@ -1211,7 +1214,9 @@
#define spa_bytes_add(ptr, header, buf, count) \
{ \
-if (buf && (count) != 0) /* we hate -Wint-in-bool-contex */ \
+if ( buf && (count) != 0 /* we hate -Wint-in-bool-contex */ \
+ && ptr->bufIndex + count < sizeof(ptr->buffer) \
+ ) \
{ \
SSVAL(&ptr->header.len,0,count); \
SSVAL(&ptr->header.maxlen,0,count); \
@@ -1229,35 +1234,30 @@
#define spa_string_add(ptr, header, string) \
{ \
-char *p = string; \
+uschar * p = string; \
int len = 0; \
-if (p) len = strlen(p); \
-spa_bytes_add(ptr, header, (US p), len); \
+if (p) len = Ustrlen(p); \
+spa_bytes_add(ptr, header, p, len); \
}
#define spa_unicode_add_string(ptr, header, string) \
{ \
-char *p = string; \
-uschar *b = NULL; \
+uschar * p = string; \
+uschar * b = NULL; \
int len = 0; \
if (p) \
{ \
- len = strlen(p); \
- b = strToUnicode(p); \
+ len = Ustrlen(p); \
+ b = US strToUnicode(CS p); \
} \
spa_bytes_add(ptr, header, b, len*2); \
}
-#define GetUnicodeString(structPtr, header) \
-unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) ,
SVAL(&structPtr->header.len,0)/2)
-#define GetString(structPtr, header) \
-toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)),
SVAL(&structPtr->header.len,0))
-
#ifdef notdef
#define DumpBuffer(fp, structPtr, header) \
-dumpRaw(fp,(US
structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0))
+ dumpRaw(fp,(US
structPtr)+IVAL(&structPtr->header.offset,0),SVAL(&structPtr->header.len,0))
static void
@@ -1321,8 +1321,33 @@
return buf;
}
+static inline uschar *
+get_challenge_unistr(SPAAuthChallenge * challenge, SPAStrHeader * hdr)
+{
+int off = IVAL(&hdr->offset, 0);
+int len = SVAL(&hdr->len, 0);
+return off + len < sizeof(SPAAuthChallenge)
+ ? US unicodeToString(CS challenge + off, len/2) : US"";
+}
+
+static inline uschar *
+get_challenge_str(SPAAuthChallenge * challenge, SPAStrHeader * hdr)
+{
+int off = IVAL(&hdr->offset, 0);
+int len = SVAL(&hdr->len, 0);
+return off + len < sizeof(SPAAuthChallenge)
+ ? US toString(CS challenge + off, len) : US"";
+}
+
#ifdef notdef
+#define GetUnicodeString(structPtr, header) \
+ unicodeToString(((char*)structPtr) + IVAL(&structPtr->header.offset,0) ,
SVAL(&structPtr->header.len,0)/2)
+
+#define GetString(structPtr, header) \
+ toString(((CS structPtr) + IVAL(&structPtr->header.offset,0)),
SVAL(&structPtr->header.len,0))
+
+
void
dumpSmbNtlmAuthRequest (FILE * fp, SPAAuthRequest * request)
{
@@ -1366,15 +1391,15 @@
#endif
void
-spa_build_auth_request (SPAAuthRequest * request, char *user, char *domain)
+spa_build_auth_request (SPAAuthRequest * request, uschar * user, uschar *
domain)
{
-char *u = strdup (user);
-char *p = strchr (u, '@');
+uschar * u = string_copy(user);
+uschar * p = Ustrchr(u, '@');
if (p)
{
if (!domain)
- domain = p + 1;
+ domain = p + 1;
*p = '\0';
}
@@ -1384,7 +1409,6 @@
SIVAL (&request->flags, 0, 0x0000b207); /* have to figure out what these
mean */
spa_string_add (request, user, u);
spa_string_add (request, domain, domain);
-free (u);
}
@@ -1475,16 +1499,16 @@
void
spa_build_auth_response (SPAAuthChallenge * challenge,
- SPAAuthResponse * response, char *user,
- char *password)
+ SPAAuthResponse * response, uschar * user,
+ uschar * password)
{
uint8x lmRespData[24];
uint8x ntRespData[24];
uint32x cf = IVAL(&challenge->flags, 0);
-char *u = strdup (user);
-char *p = strchr (u, '@');
-char *d = NULL;
-char *domain;
+uschar * u = string_copy(user);
+uschar * p = Ustrchr(u, '@');
+uschar * d = NULL;
+uschar * domain;
if (p)
{
@@ -1492,33 +1516,33 @@
*p = '\0';
}
-else domain = d = strdup((cf & 0x1)?
- CCS GetUnicodeString(challenge, uDomain) :
- CCS GetString(challenge, uDomain));
+else domain = d = string_copy(cf & 0x1
+ ? CUS get_challenge_unistr(challenge, &challenge->uDomain)
+ : CUS get_challenge_str(challenge, &challenge->uDomain));
-spa_smb_encrypt (US password, challenge->challengeData, lmRespData);
-spa_smb_nt_encrypt (US password, challenge->challengeData, ntRespData);
+spa_smb_encrypt(password, challenge->challengeData, lmRespData);
+spa_smb_nt_encrypt(password, challenge->challengeData, ntRespData);
response->bufIndex = 0;
memcpy (response->ident, "NTLMSSP\0\0\0", 8);
SIVAL (&response->msgType, 0, 3);
-spa_bytes_add (response, lmResponse, lmRespData, (cf & 0x200) ? 24 : 0);
-spa_bytes_add (response, ntResponse, ntRespData, (cf & 0x8000) ? 24 : 0);
+spa_bytes_add(response, lmResponse, lmRespData, cf & 0x200 ? 24 : 0);
+spa_bytes_add(response, ntResponse, ntRespData, cf & 0x8000 ? 24 : 0);
if (cf & 0x1) { /* Unicode Text */
- spa_unicode_add_string (response, uDomain, domain);
- spa_unicode_add_string (response, uUser, u);
- spa_unicode_add_string (response, uWks, u);
+ spa_unicode_add_string(response, uDomain, domain);
+ spa_unicode_add_string(response, uUser, u);
+ spa_unicode_add_string(response, uWks, u);
} else { /* OEM Text */
- spa_string_add (response, uDomain, domain);
- spa_string_add (response, uUser, u);
- spa_string_add (response, uWks, u);
+ spa_string_add(response, uDomain, domain);
+ spa_string_add(response, uUser, u);
+ spa_string_add(response, uWks, u);
}
-spa_string_add (response, sessionKey, NULL);
+spa_string_add(response, sessionKey, NULL);
response->flags = challenge->flags;
-
-if (d != NULL) free (d);
-free (u);
}
+
+
+#endif /*!MACRO_PREDEF*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/src/auths/auth-spa.h
new/exim-4.96.1/src/auths/auth-spa.h
--- old/exim-4.96/src/auths/auth-spa.h 2022-06-23 15:41:10.000000000 +0200
+++ new/exim-4.96.1/src/auths/auth-spa.h 2023-09-30 22:52:59.000000000
+0200
@@ -79,10 +79,10 @@
void spa_bits_to_base64 (unsigned char *, const unsigned char *, int);
int spa_base64_to_bits(char *, int, const char *);
-void spa_build_auth_response (SPAAuthChallenge *challenge,
- SPAAuthResponse *response, char *user, char *password);
-void spa_build_auth_request (SPAAuthRequest *request, char *user,
- char *domain);
+void spa_build_auth_response (SPAAuthChallenge * challenge,
+ SPAAuthResponse * response, uschar * user, uschar * password);
+void spa_build_auth_request (SPAAuthRequest * request, uschar * user,
+ uschar * domain);
extern void spa_smb_encrypt (unsigned char * passwd, unsigned char * c8,
unsigned char * p24);
extern void spa_smb_nt_encrypt (unsigned char * passwd, unsigned char * c8,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/src/auths/external.c
new/exim-4.96.1/src/auths/external.c
--- old/exim-4.96/src/auths/external.c 2022-06-23 15:41:10.000000000 +0200
+++ new/exim-4.96.1/src/auths/external.c 2023-09-30 22:52:59.000000000
+0200
@@ -103,7 +103,7 @@
if (ob->server_param2)
{
uschar * s = expand_string(ob->server_param2);
- auth_vars[expand_nmax] = s;
+ auth_vars[expand_nmax = 1] = s;
expand_nstring[++expand_nmax] = s;
expand_nlength[expand_nmax] = Ustrlen(s);
if (ob->server_param3)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/src/auths/spa.c
new/exim-4.96.1/src/auths/spa.c
--- old/exim-4.96/src/auths/spa.c 2022-06-23 15:41:10.000000000 +0200
+++ new/exim-4.96.1/src/auths/spa.c 2023-09-30 22:52:59.000000000 +0200
@@ -284,14 +284,13 @@
SPAAuthChallenge challenge;
SPAAuthResponse response;
char msgbuf[2048];
-char *domain = NULL;
-char *username, *password;
+uschar * domain = NULL, * username, * password;
/* Code added by PH to expand the options */
*buffer = 0; /* Default no message when cancelled */
-if (!(username = CS expand_string(ob->spa_username)))
+if (!(username = expand_string(ob->spa_username)))
{
if (f.expand_string_forcedfail) return CANCELLED;
string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
@@ -300,7 +299,7 @@
return ERROR;
}
-if (!(password = CS expand_string(ob->spa_password)))
+if (!(password = expand_string(ob->spa_password)))
{
if (f.expand_string_forcedfail) return CANCELLED;
string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
@@ -310,7 +309,7 @@
}
if (ob->spa_domain)
- if (!(domain = CS expand_string(ob->spa_domain)))
+ if (!(domain = expand_string(ob->spa_domain)))
{
if (f.expand_string_forcedfail) return CANCELLED;
string_format(buffer, buffsize, "expansion of \"%s\" failed in %s "
@@ -330,7 +329,7 @@
DSPA("\n\n%s authenticator: using domain %s\n\n", ablock->name, domain);
-spa_build_auth_request(&request, CS username, domain);
+spa_build_auth_request(&request, username, domain);
spa_bits_to_base64(US msgbuf, US &request, spa_request_length(&request));
DSPA("\n\n%s authenticator: sending request (%s)\n\n", ablock->name, msgbuf);
@@ -347,7 +346,7 @@
DSPA("\n\n%s authenticator: challenge (%s)\n\n", ablock->name, buffer + 4);
spa_base64_to_bits(CS (&challenge), sizeof(challenge), CCS (buffer + 4));
-spa_build_auth_response(&challenge, &response, CS username, CS password);
+spa_build_auth_response(&challenge, &response, username, password);
spa_bits_to_base64(US msgbuf, US &response, spa_request_length(&response));
DSPA("\n\n%s authenticator: challenge response (%s)\n\n", ablock->name,
msgbuf);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/src/version.h new/exim-4.96.1/src/version.h
--- old/exim-4.96/src/version.h 2022-06-25 15:36:07.000000000 +0200
+++ new/exim-4.96.1/src/version.h 2023-10-02 12:24:59.000000000 +0200
@@ -1,5 +1,5 @@
/* automatically generated file - see ../scripts/reversion */
-#define EXIM_RELEASE_VERSION "4.96"
+#define EXIM_RELEASE_VERSION "4.96.1"
#ifdef EXIM_VARIANT_VERSION
#define EXIM_VERSION_STR EXIM_RELEASE_VERSION "-" EXIM_VARIANT_VERSION
#else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.96/src/version.sh
new/exim-4.96.1/src/version.sh
--- old/exim-4.96/src/version.sh 2022-06-25 15:36:07.000000000 +0200
+++ new/exim-4.96.1/src/version.sh 2023-10-02 12:24:59.000000000 +0200
@@ -1,3 +1,3 @@
# automatically generated file - see ../scripts/reversion
-EXIM_RELEASE_VERSION="4.96"
+EXIM_RELEASE_VERSION="4.96.1"
EXIM_COMPILE_NUMBER="1"
