Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-12-08 13:02:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim" Fri Dec 8 13:02:42 2017 rev:47 rq:555178 version:4.88 Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2017-11-28 14:04:30.132621560 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-12-08 13:03:33.996296609 +0100 @@ -1,0 +2,7 @@ +Thu Nov 30 08:32:50 UTC 2017 - wullin...@rz.uni-kiel.de + +- add exim-CVE-2017-16944.patch: + backport of commit 178ecb70987f024f0e775d87c2f8b2cf587dd542 + fix for CVE-2017-16944 (#bsc1069859) + +------------------------------------------------------------------- New: ---- exim-CVE-2017-16944.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.h5xbuv/_old 2017-12-08 13:03:35.048258617 +0100 +++ /var/tmp/diff_new_pack.h5xbuv/_new 2017-12-08 13:03:35.048258617 +0100 @@ -109,7 +109,8 @@ Patch0: exim-tail.patch Patch3: exim-CVE-2017-1000369.patch Patch4: exim-CVE-2017-16943.patch -Patch5: exim-4.86.2-mariadb_102_compile_fix.patch +Patch5: exim-CVE-2017-16944.patch +Patch6: exim-4.86.2-mariadb_102_compile_fix.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -155,6 +156,7 @@ %patch3 -p 1 %patch4 -p 1 %patch5 -p 1 +%patch6 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" ++++++ exim-CVE-2017-16944.patch ++++++ diff -ru a/src/receive.c b/src/receive.c --- a/src/receive.c 2017-11-30 09:15:29.593364805 +0100 +++ b/src/receive.c 2017-11-30 09:17:32.026970431 +0100 @@ -1759,7 +1759,7 @@ prevent further reading), and break out of the loop, having freed the empty header, and set next = NULL to indicate no data line. */ - if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) + if (ptr == 0 && ch == '.' && dot_ends) { ch = (receive_getc)(); if (ch == '\r') diff -ru a/src/smtp_in.c b/src/smtp_in.c --- a/src/smtp_in.c 2017-11-30 09:15:29.593364805 +0100 +++ b/src/smtp_in.c 2017-11-30 09:41:47.270055566 +0100 @@ -4751,11 +4751,17 @@ ? CHUNKING_LAST : CHUNKING_ACTIVE; chunking_data_left = chunking_datasize; + /* push the current receive_* function on the "stack", and + replace them by bdat_getc(), which in turn will use the lwr_receive_* + functions to do the dirty work. */ lwr_receive_getc = receive_getc; lwr_receive_ungetc = receive_ungetc; + receive_getc = bdat_getc; receive_ungetc = bdat_ungetc; + dot_ends = FALSE; + DEBUG(D_any) debug_printf("chunking state %d\n", (int)chunking_state); goto DATA_BDAT; @@ -4763,6 +4769,7 @@ case DATA_CMD: HAD(SCH_DATA); + dot_ends = TRUE; DATA_BDAT: /* Common code for DATA and BDAT */ if (!discarded && recipients_count <= 0)