Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2017-12-08 13:02:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Fri Dec 8 13:02:42 2017 rev:47 rq:555178 version:4.88
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2017-11-28
14:04:30.132621560 +0100
+++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-12-08
13:03:33.996296609 +0100
@@ -1,0 +2,7 @@
+Thu Nov 30 08:32:50 UTC 2017 - wullin...@rz.uni-kiel.de
+
+- add exim-CVE-2017-16944.patch:
+ backport of commit 178ecb70987f024f0e775d87c2f8b2cf587dd542
+ fix for CVE-2017-16944 (#bsc1069859)
+
+-------------------------------------------------------------------
New:
----
exim-CVE-2017-16944.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.h5xbuv/_old 2017-12-08 13:03:35.048258617 +0100
+++ /var/tmp/diff_new_pack.h5xbuv/_new 2017-12-08 13:03:35.048258617 +0100
@@ -109,7 +109,8 @@
Patch0: exim-tail.patch
Patch3: exim-CVE-2017-1000369.patch
Patch4: exim-CVE-2017-16943.patch
-Patch5: exim-4.86.2-mariadb_102_compile_fix.patch
+Patch5: exim-CVE-2017-16944.patch
+Patch6: exim-4.86.2-mariadb_102_compile_fix.patch
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -155,6 +156,7 @@
%patch3 -p 1
%patch4 -p 1
%patch5 -p 1
+%patch6 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ exim-CVE-2017-16944.patch ++++++
diff -ru a/src/receive.c b/src/receive.c
--- a/src/receive.c 2017-11-30 09:15:29.593364805 +0100
+++ b/src/receive.c 2017-11-30 09:17:32.026970431 +0100
@@ -1759,7 +1759,7 @@
prevent further reading), and break out of the loop, having freed the
empty header, and set next = NULL to indicate no data line. */
- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
+ if (ptr == 0 && ch == '.' && dot_ends)
{
ch = (receive_getc)();
if (ch == '\r')
diff -ru a/src/smtp_in.c b/src/smtp_in.c
--- a/src/smtp_in.c 2017-11-30 09:15:29.593364805 +0100
+++ b/src/smtp_in.c 2017-11-30 09:41:47.270055566 +0100
@@ -4751,11 +4751,17 @@
? CHUNKING_LAST : CHUNKING_ACTIVE;
chunking_data_left = chunking_datasize;
+ /* push the current receive_* function on the "stack", and
+ replace them by bdat_getc(), which in turn will use the lwr_receive_*
+ functions to do the dirty work. */
lwr_receive_getc = receive_getc;
lwr_receive_ungetc = receive_ungetc;
+
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
+ dot_ends = FALSE;
+
DEBUG(D_any)
debug_printf("chunking state %d\n", (int)chunking_state);
goto DATA_BDAT;
@@ -4763,6 +4769,7 @@
case DATA_CMD:
HAD(SCH_DATA);
+ dot_ends = TRUE;
DATA_BDAT: /* Common code for DATA and BDAT */
if (!discarded && recipients_count <= 0)
