diffstat for exim4-4.86.2 exim4-4.86.2 changelog | 415 ++++++++++++++++++++++++++++++++++++++ control | 5 patches/93_CVE-2017-1000368.patch | 56 +++++ patches/CVE-2016-9963.patch | 66 ++++++ patches/CVE-2018-6789.patch | 59 +++++ patches/fix_smtp_banner.patch | 59 +++++ patches/series | 4 7 files changed, 662 insertions(+), 2 deletions(-) diff -Nru exim4-4.86.2/debian/changelog exim4-4.86.2/debian/changelog --- exim4-4.86.2/debian/changelog 2016-03-05 12:07:43.000000000 +0000 +++ exim4-4.86.2/debian/changelog 2018-02-10 19:19:06.000000000 +0000 @@ -1,3 +1,45 @@ +exim4 (4.86.2-2ubuntu2.3) xenial-security; urgency=medium + + * SECURITY UPDATE: Buffer overflow in base64d() + - debian/patches/CVE-2018-6789.patch: fix overflow in + src/auths/b64decode.c. + - CVE-2018-6789 + + -- Marc Deslauriers Sat, 10 Feb 2018 14:18:40 -0500 + +exim4 (4.86.2-2ubuntu2.2) xenial-security; urgency=medium + + * SECURITY UPDATE: memory leak + - debian/patches/93_CVE-2017-1000368.patch: free -p argument if + allocation was required. + - CVE-2017-1000368 + + -- Steve Beattie Fri, 02 Jun 2017 22:07:28 -0700 + +exim4 (4.86.2-2ubuntu2.1) xenial-security; urgency=medium + + * SECURITY UPDATE: DKIM information leakage + - debian/patches/CVE-2016-9963.patch: fix information leakage in + src/dkim.c, src/transports/smtp.c. + - CVE-2016-9963 + + -- Marc Deslauriers Thu, 05 Jan 2017 08:29:10 -0500 + +exim4 (4.86.2-2ubuntu2) xenial; urgency=medium + + * Rebuild against libmysqlclient20. + + -- Robie Basak Tue, 05 Apr 2016 12:21:41 +0000 + +exim4 (4.86.2-2ubuntu1) xenial; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian.control, debian/patches/fix_smtp_banner.patch + + Show Ubuntu distribution in SMTP banner. + + Build-Depends on lsb-release. + + -- Marc Deslauriers Tue, 15 Mar 2016 11:56:18 -0400 + exim4 (4.86.2-2) unstable; urgency=high * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 @@ -19,6 +61,27 @@ -- Andreas Metzler Tue, 01 Mar 2016 19:34:39 +0100 +exim4 (4.86-7ubuntu3) xenial; urgency=medium + + * No-change rebuild for gnutls transition. + + -- Matthias Klose Wed, 17 Feb 2016 22:40:56 +0000 + +exim4 (4.86-7ubuntu2) xenial; urgency=medium + + * Rebuild for Perl 5.22.1. + + -- Colin Watson Fri, 18 Dec 2015 10:30:54 +0000 + +exim4 (4.86-7ubuntu1) xenial; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian.control, debian/patches/fix_smtp_banner.patch + + Show Ubuntu distribution in SMTP banner. + + Build-Depends on lsb-release. + + -- Pierre-André MOREY Mon, 14 Dec 2015 14:23:51 +0100 + exim4 (4.86-7) unstable; urgency=medium * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 @@ -69,6 +132,15 @@ -- Andreas Metzler Sat, 17 Oct 2015 15:01:01 +0200 +exim4 (4.86-3ubuntu1) wily; urgency=medium + + * Merge from Debian unstable. (LP: #1485369) Remaining changes: + - debian/control, debian/patches/fix_smtp_banner.patch: + + Show Ubuntu distribution in SMTP banner. + + Build-Depends on lsb-release. + + -- Artur Rona Thu, 17 Sep 2015 13:18:20 +0100 + exim4 (4.86-3) unstable; urgency=medium * Pull three patches from upstream git: @@ -109,6 +181,15 @@ -- Andreas Metzler Sat, 18 Jul 2015 11:46:11 +0200 +exim4 (4.86~RC4-2ubuntu1) wily; urgency=low + + * Merge from Debian unstable. (LP: #1166671) Remaining changes: + - debian/control, debian/patches/fix_smtp_banner.patch: + + Show Ubuntu distribution in SMTP banner. + + Build-Depends on lsb-release. + + -- Artur Rona Mon, 06 Jul 2015 12:09:36 +0200 + exim4 (4.86~RC4-2) unstable; urgency=medium * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 @@ -273,6 +354,18 @@ -- Andreas Metzler Tue, 18 Nov 2014 19:28:20 +0100 +exim4 (4.84-8ubuntu1) vivid; urgency=low + + * Merge from Debian unstable. (LP: #1434300) Remaining changes: + - debian/control, debian/patches/fix_smtp_banner.patch: + + Show Ubuntu distribution in SMTP banner. + + Build-Depends on lsb-release. + - debian/control: + + Don't provide default-mta; in Ubuntu, + we want postfix to be the default. + + -- Artur Rona Thu, 19 Mar 2015 00:15:40 +0100 + exim4 (4.84-8) unstable; urgency=medium * Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and @@ -290,6 +383,15 @@ -- Andreas Metzler Sat, 07 Feb 2015 15:12:33 +0100 +exim4 (4.84-6ubuntu1) vivid; urgency=medium + + * Resynchronise with Debian. Remaining changes: + - Show Ubuntu distribution in SMTP banner. + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Colin Watson Wed, 14 Jan 2015 11:26:29 +0000 + exim4 (4.84-6) unstable; urgency=medium * Revert init script's restart order change in 4.84-4 for the time being. @@ -298,6 +400,15 @@ -- Andreas Metzler Sun, 21 Dec 2014 14:07:12 +0100 +exim4 (4.84-5ubuntu1) vivid; urgency=medium + + * Resynchronise with Debian. Remaining changes: + - Show Ubuntu distribution in SMTP banner. + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Colin Watson Thu, 18 Dec 2014 15:26:17 +0000 + exim4 (4.84-5) unstable; urgency=medium * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans @@ -305,6 +416,15 @@ -- Andreas Metzler Wed, 17 Dec 2014 19:03:39 +0100 +exim4 (4.84-4ubuntu1) vivid; urgency=medium + + * Resynchronise with Debian. Remaining changes: + - Show Ubuntu distribution in SMTP banner. + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Colin Watson Tue, 02 Dec 2014 15:28:46 +0000 + exim4 (4.84-4) unstable; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop @@ -319,6 +439,15 @@ -- Andreas Metzler Sun, 30 Nov 2014 08:24:04 +0100 +exim4 (4.84-3ubuntu1) vivid; urgency=medium + + * Resynchronise with Debian. Remaining changes: + - Show Ubuntu distribution in SMTP banner. + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Colin Watson Tue, 11 Nov 2014 13:43:35 +0000 + exim4 (4.84-3) unstable; urgency=medium * Apply patch to Italian (it) debconf template translation, thanks to @@ -348,6 +477,24 @@ -- Andreas Metzler Sat, 09 Aug 2014 07:42:00 +0200 +exim4 (4.84~RC1-3ubuntu2) utopic; urgency=medium + + * Rebuild for Perl 5.20.0. + + -- Colin Watson Thu, 21 Aug 2014 12:18:13 +0100 + +exim4 (4.84~RC1-3ubuntu1) utopic; urgency=low + + * Merge from Debian unstable (LP: #1351470). Remaining changes: + - Show Ubuntu distribution on smtp: + + debian/patches/fix_smtp_banner.patch: updated SMTP banner + with Ubuntu distribution + + debian/control: added lsb-release build dependency + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Corey Bryant Mon, 04 Aug 2014 11:48:39 -0400 + exim4 (4.84~RC1-3) unstable; urgency=medium * Third try. Simply comment *custom* in debian/control. @@ -416,6 +563,18 @@ -- Andreas Metzler Thu, 29 May 2014 13:09:04 +0200 +exim4 (4.82.1-2ubuntu1) utopic; urgency=low + + * Merge from Debian unstable (LP: #1348074). Remaining changes: + - Show Ubuntu distribution on smtp: + + debian/patches/fix_smtp_banner.patch: updated SMTP banner + with Ubuntu distribution + + debian/control: added lsb-release build dependency + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Robie Basak Fri, 25 Jul 2014 15:53:09 +0000 + exim4 (4.82.1-2) unstable; urgency=high * [87_double_expansion.diff] from upstream. Stop unwanted double expansion @@ -433,6 +592,18 @@ -- Andreas Metzler Wed, 28 May 2014 19:01:43 +0200 +exim4 (4.82-8ubuntu1) utopic; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - Show Ubuntu distribution on smtp: + + debian/patches/fix_smtp_banner.patch: updated SMTP banner + with Ubuntu distribution + + debian/control: added lsb-release build dependency + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + + -- Dimitri John Ledkov Sat, 17 May 2014 01:50:20 +0100 + exim4 (4.82-8) unstable; urgency=medium * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against @@ -496,6 +667,26 @@ -- Andreas Metzler Sun, 09 Feb 2014 19:41:34 +0100 +exim4 (4.82-3ubuntu2) trusty; urgency=medium + + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. + + -- Martin Pitt Tue, 25 Feb 2014 17:33:13 +0100 + +exim4 (4.82-3ubuntu1) trusty; urgency=low + + * Merge from Debian unstable (LP: #1259620). Remaining changes: + - Show Ubuntu distribution on smtp: + + debian/patches/fix_smtp_banner.patch: updated SMTP banner + with Ubuntu distribution + + debian/control: added lsb-release build dependency + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + - Build-depend on db5.3. + + -- Yolanda Robla Tue, 10 Dec 2013 17:07:20 +0000 + exim4 (4.82-3) unstable; urgency=low * Upload to unstable. @@ -576,6 +767,21 @@ -- Andreas Metzler Sun, 29 Sep 2013 14:43:25 +0200 +exim4 (4.80-9ubuntu2) trusty; urgency=low + + * Build-depend on libdb5.3-dev, instead of libdb5.1-dev. + + -- Dmitrijs Ledkovs Mon, 04 Nov 2013 12:14:54 +0000 + +exim4 (4.80-9ubuntu1) trusty; urgency=low + + * Resynchronise with Debian. Remaining changes: + - Don't provide default-mta; in Ubuntu, we want postfix to be the + default. + - Add "Ubuntu" to SMTP banner. + + -- Colin Watson Mon, 28 Oct 2013 11:55:21 -0700 + exim4 (4.80-9) unstable; urgency=low * Upload to unstable. @@ -622,6 +828,34 @@ -- Andreas Metzler Sun, 01 Sep 2013 15:58:49 +0200 +exim4 (4.80-7ubuntu4) trusty; urgency=low + + * Rebuild for Perl 5.18. + + -- Colin Watson Wed, 23 Oct 2013 10:24:08 +0100 + +exim4 (4.80-7ubuntu3) saucy; urgency=low + + * debian/patches/fix_smtp_banner.patch: updated SMTP banner + with Ubuntu distribution + * debian/control: added lsb-release build dependency + + -- Yolanda Robla Tue, 18 Jun 2013 19:17:43 +0200 + +exim4 (4.80-7ubuntu2) saucy; urgency=low + + * debian/tests: Add autopkgtest. + + -- Yolanda Mon, 27 May 2013 11:31:35 +0200 + +exim4 (4.80-7ubuntu1) raring; urgency=low + + * Merge from Debian unstable (LP: #1166383). Remaining changes: + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Robie Basak Mon, 08 Apr 2013 18:13:15 +0100 + exim4 (4.80-7) unstable; urgency=low * Use exim's ${quote:xxx} operator when invoking spfquery to disallow @@ -641,6 +875,14 @@ -- Andreas Metzler Wed, 21 Nov 2012 19:08:53 +0100 +exim4 (4.80-5.1ubuntu1) raring; urgency=low + + * Merge from Debian. Remaining changes: + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Oussama Bounaim Sun, 11 Nov 2012 07:11:06 +0100 + exim4 (4.80-5.1) unstable; urgency=high * Non-maintainer upload by the Security Team. @@ -668,6 +910,23 @@ -- Andreas Metzler Sat, 23 Jun 2012 18:35:03 +0200 +exim4 (4.80-3ubuntu1.1) quantal-security; urgency=low + + * SECURITY UPDATE: arbitrary code execution via dns decode logic + - debian/patches/CVE-2012-5671.patch: adjust max length and validate + against it in src/pdkim/pdkim.h, src/dkim.c. + - CVE-2012-5671 + + -- Marc Deslauriers Thu, 25 Oct 2012 08:22:46 -0400 + +exim4 (4.80-3ubuntu1) quantal; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Clint Byrum Thu, 14 Jun 2012 15:28:08 -0700 + exim4 (4.80-3) unstable; urgency=low * Pull 75_openssl_sni.diff from upstream. - Segfault caused by NULL @@ -815,6 +1074,26 @@ -- Andreas Metzler Sat, 24 Sep 2011 18:36:08 +0200 +exim4 (4.76-3ubuntu3) precise; urgency=low + + * Rebuild for libmysqlclient transition + + -- Clint Byrum Wed, 23 Nov 2011 23:29:35 -0800 + +exim4 (4.76-3ubuntu2) precise; urgency=low + + * Rebuild for Perl 5.14. + + -- Colin Watson Wed, 16 Nov 2011 01:22:39 +0000 + +exim4 (4.76-3ubuntu1) precise; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Stéphane Graber Thu, 20 Oct 2011 11:29:07 -0400 + exim4 (4.76-3) unstable; urgency=low * [exim4-base.cron.daily] Correct invocation of mail(1), options need to be @@ -835,6 +1114,14 @@ -- Andreas Metzler Sun, 18 Sep 2011 11:49:13 +0200 +exim4 (4.76-2ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Stéphane Graber Mon, 30 May 2011 17:48:56 -0400 + exim4 (4.76-2) unstable; urgency=low * debian/rules: Remove test/ and test-stamp on clean. @@ -847,6 +1134,14 @@ -- Andreas Metzler Sun, 29 May 2011 18:21:03 +0200 +exim4 (4.76-1ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes (LP: #779391): + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Stéphane Graber Mon, 23 May 2011 12:37:30 -0400 + exim4 (4.76-1) unstable; urgency=low * New upstream version. @@ -893,6 +1188,14 @@ -- Andreas Metzler Fri, 06 May 2011 20:08:51 +0200 +exim4 (4.75-2ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + + -- Stéphane Graber Fri, 06 May 2011 14:51:28 -0400 + exim4 (4.75-2) unstable; urgency=low * clamav socket on Debian is clamd:/var/run/clamav/clamd.ctl, fix @@ -935,6 +1238,24 @@ -- Andreas Metzler Thu, 24 Feb 2011 19:02:07 +0100 +exim4 (4.74-1ubuntu1) natty; urgency=low + + * Merge from debian experimental. Remaining changes: (LP: #713855) + - debian/patches/71_exiq_grep_error_on_messages_without_size.patch: + + Improve handling of broken messages when "exim4 -bp" (mailq) + reports lines without size info. (Closes: #528625) + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + - debian/{control,rules}: Add and enable hardened build for PIE. + (Closes: #542726) + * Update 71_exiq_grep_error_on_messages_without_size.patch to get way + which upstream has fixed it. Probably it can be dropped with next + upstream release. + * This upload fixes CVE: (LP: #708023) + - CVE-2011-0017 + + -- Artur Rona Wed, 09 Feb 2011 21:31:35 +0100 + exim4 (4.74-1) experimental; urgency=low * 4.74 release, should build on hurd again. @@ -960,6 +1281,20 @@ -- Andreas Metzler Sun, 23 Jan 2011 14:02:36 +0100 +exim4 (4.73~rc1-1ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: (LP: #697934) + - debian/patches/71_exiq_grep_error_on_messages_without_size.patch: + + Improve handling of broken messages when "exim4 -bp" (mailq) + reports lines without size info. + - debian/control: Don't declare a Provides: default-mta; in Ubuntu, + we want postfix to be the default. + - debian/{control,rules}: Add and enable hardened build for PIE. + (Closes: #542726) + * Drop B-D on libmysqlclient15-dev, resolved in Debian. + + -- Artur Rona Tue, 28 Dec 2010 22:20:17 +0100 + exim4 (4.73~rc1-1) experimental; urgency=low * New upstream release candidate. @@ -1055,6 +1390,20 @@ -- Andreas Metzler Sun, 26 Dec 2010 15:13:08 +0100 +exim4 (4.72-2ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: (LP: #671615) + - debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch: + Improve handling of broken messages when "exim4 -bp" (mailq) reports + lines without size info. + - Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be + the default. + - debian/control: Change build dependencies to MySQL 5.1. + - debian/{control,rules}: add and enable hardened build for PIE + (Closes: #542726). + + -- Artur Rona Fri, 05 Nov 2010 21:05:47 +0100 + exim4 (4.72-2) unstable; urgency=low [ Marc Haber ] @@ -1078,6 +1427,20 @@ -- Andreas Metzler Sat, 30 Oct 2010 13:38:26 +0200 +exim4 (4.72-1ubuntu1) maverick; urgency=low + + * Merge with Debian unstable (LP: #609620). Remaining changes: + + debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch: + Improve handling of broken messages when "exim4 -bp" (mailq) reports + lines without size info. + + Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be + the default. + + debian/control: Change build dependencies to MySQL 5.1. + + debian/{control,rules}: add and enable hardened build for PIE + (Closes: #542726). + + -- Artur Rona Sun, 25 Jul 2010 02:00:42 +0200 + exim4 (4.72-1) unstable; urgency=low * New upstream release. (Identical to the git snapshot previously @@ -1129,6 +1492,20 @@ -- Andreas Metzler Thu, 25 Mar 2010 17:34:30 +0100 +exim4 (4.71-3ubuntu1) lucid; urgency=low + + * Merge with Debian unstable (lp: #501657). Remaining changes: + + debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch: + Improve handling of broken messages when "exim4 -bp" (mailq) reports + lines without size info. + + Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be + the default. + + debian/control: Change build dependencies to MySQL 5.1. + + debian/{control,rules}: add and enable hardened build for PIE + (Debian bug 542726). + + -- Michael Bienia Fri, 01 Jan 2010 16:28:19 +0100 + exim4 (4.71-3) unstable; urgency=low * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles. @@ -1243,6 +1620,35 @@ -- Andreas Metzler Sat, 17 Oct 2009 14:26:54 +0200 +exim4 (4.69-11ubuntu4) karmic; urgency=low + + * debian/{control,rules}: add and enable hardened build for PIE + (Debian bug 542726). + + -- Kees Cook Thu, 20 Aug 2009 17:33:26 -0700 + +exim4 (4.69-11ubuntu3) karmic; urgency=low + + * debian/control: Change build dependencies to MySQL 5.1. + + -- Mathias Gug Mon, 17 Aug 2009 17:57:26 -0400 + +exim4 (4.69-11ubuntu2) karmic; urgency=low + + * Don't declare a Provides: default-mta; in Ubuntu, we want postfix to be + the default. + + -- Steve Langasek Wed, 03 Jun 2009 15:39:14 +0000 + +exim4 (4.69-11ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #375923), remaining changes: + - debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch: + Improve handling of broken messages when "exim4 -bp" (mailq) reports + lines without size info + + -- Thierry Carrez Wed, 13 May 2009 12:15:29 +0200 + exim4 (4.69-11) unstable; urgency=medium * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy @@ -1300,6 +1706,15 @@ -- Andreas Metzler Sat, 02 May 2009 09:05:56 +0200 +exim4 (4.69-9ubuntu1) jaunty; urgency=low + + [ Daniel van Eeden ] + * debian/patches/71_exiq_grep_error_on_messages_without_size.dpatch: + Improve handling of broken messages when "exim4 -bp" (mailq) reports lines + w/o size info, LP: #18194 + + -- Dustin Kirkland Wed, 11 Feb 2009 06:43:52 -0600 + exim4 (4.69-9) unstable; urgency=medium * [update-exim4.conf]: Use POSIX character classes [:alnum:] or explicit diff -Nru exim4-4.86.2/debian/control exim4-4.86.2/debian/control --- exim4-4.86.2/debian/control 2016-03-05 12:06:17.000000000 +0000 +++ exim4-4.86.2/debian/control 2016-03-15 15:56:40.000000000 +0000 @@ -1,7 +1,8 @@ Source: exim4 Section: mail Priority: standard -Maintainer: Exim4 Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Exim4 Maintainers Uploaders: Andreas Metzler ,Marc Haber Homepage: http://www.exim.org/ Standards-Version: 3.9.6 @@ -13,7 +14,7 @@ lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, libident-dev, libdb5.3-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, libxaw7-dev, libpq-dev, libmysqlclient-dev, - libsqlite3-dev, libperl-dev, libgnutls28-dev, libsasl2-dev + libsqlite3-dev, libperl-dev, libgnutls28-dev, libsasl2-dev, lsb-release Package: exim4-base Architecture: any diff -Nru exim4-4.86.2/debian/patches/93_CVE-2017-1000368.patch exim4-4.86.2/debian/patches/93_CVE-2017-1000368.patch --- exim4-4.86.2/debian/patches/93_CVE-2017-1000368.patch 1970-01-01 00:00:00.000000000 +0000 +++ exim4-4.86.2/debian/patches/93_CVE-2017-1000368.patch 2017-06-03 05:07:15.000000000 +0000 @@ -0,0 +1,56 @@ +Description: Do not leak memory if multiple -p arguments are given +Author: Steve Beattie + +This approach of keeping track of when allocations occurred and freeing +them on multiple occurrances of the -p argument was chosen over +reporting an error on argument re-use to retain existing behavior (lats +argument given is the one used). This differs from the approach Exim +upstream intends to take. + +CVE-2017-1000368 +--- + src/exim.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +Index: b/src/exim.c +=================================================================== +--- a/src/exim.c ++++ b/src/exim.c +@@ -1506,6 +1506,7 @@ int sender_address_domain = 0; + int test_retry_arg = -1; + int test_rewrite_arg = -1; + BOOL arg_queue_only = FALSE; ++BOOL allocated_received_protocol = FALSE; + BOOL bi_option = FALSE; + BOOL checking = FALSE; + BOOL count_queue = FALSE; +@@ -3092,7 +3093,12 @@ for (i = 1; i < argc; i++) + + /* -oMr: Received protocol */ + +- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; ++ else if (Ustrcmp(argrest, "Mr") == 0) ++ { ++ if (allocated_received_protocol) store_free(received_protocol); ++ received_protocol = argv[++i]; ++ allocated_received_protocol = FALSE; ++ } + + /* -oMs: Set sender host name */ + +@@ -3191,11 +3197,15 @@ for (i = 1; i < argc; i++) + uschar *hn = Ustrchr(argrest, ':'); + if (hn == NULL) + { ++ if (allocated_received_protocol) store_free(received_protocol); + received_protocol = argrest; ++ allocated_received_protocol = FALSE; + } + else + { ++ if (allocated_received_protocol) store_free(received_protocol); + received_protocol = string_copyn(argrest, hn - argrest); ++ allocated_received_protocol = TRUE; + sender_host_name = hn + 1; + } + } diff -Nru exim4-4.86.2/debian/patches/CVE-2016-9963.patch exim4-4.86.2/debian/patches/CVE-2016-9963.patch --- exim4-4.86.2/debian/patches/CVE-2016-9963.patch 1970-01-01 00:00:00.000000000 +0000 +++ exim4-4.86.2/debian/patches/CVE-2016-9963.patch 2017-01-05 13:29:07.000000000 +0000 @@ -0,0 +1,66 @@ +From 31c02defdc5118834e801d4fe8f11c1d9b5ebadf Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Fri, 16 Dec 2016 20:36:39 +0000 +Subject: [PATCH] Fix DKIM information leakage + +Cherry picked from exim-4_87 .. exim-4_87_1 +--- + doc/doc-txt/ChangeLog | 7 +++ + doc/doc-txt/cve-2016-9663 | 86 +++++++++++++++++++++++++++++++++ + src/src/dkim.c | 1 + + src/src/transports/smtp.c | 4 +- + test/confs/4510 | 71 +++++++++++++++++++++++++++ + test/log/4510 | 20 ++++++++ + test/mail/4510.store | 58 ++++++++++++++++++++++ + test/runtest | 8 +++ + test/scripts/4510-DKIM-Bounces/4510 | 15 ++++++ + test/scripts/4510-DKIM-Bounces/REQUIRES | 2 + + 10 files changed, 271 insertions(+), 1 deletion(-) + create mode 100644 doc/doc-txt/cve-2016-9663 + create mode 100644 test/confs/4510 + create mode 100644 test/log/4510 + create mode 100644 test/mail/4510.store + create mode 100644 test/scripts/4510-DKIM-Bounces/4510 + create mode 100644 test/scripts/4510-DKIM-Bounces/REQUIRES + +Index: exim4-4.86.2/src/dkim.c +=================================================================== +--- exim4-4.86.2.orig/src/dkim.c 2017-01-05 08:29:05.520202865 -0500 ++++ exim4-4.86.2/src/dkim.c 2017-01-05 08:29:05.520202865 -0500 +@@ -519,6 +519,7 @@ + (char *)dkim_signing_selector, + (char *)dkim_private_key_expanded + ); ++ dkim_private_key_expanded[0] = '\0'; + + pdkim_set_debug_stream(ctx,debug_file); + +Index: exim4-4.86.2/src/transports/smtp.c +=================================================================== +--- exim4-4.86.2.orig/src/transports/smtp.c 2017-01-05 08:29:05.520202865 -0500 ++++ exim4-4.86.2/src/transports/smtp.c 2017-01-05 08:29:05.520202865 -0500 +@@ -293,6 +293,7 @@ + static uschar *smtp_command; /* Points to last cmd for error messages */ + static uschar *mail_command; /* Points to MAIL cmd for error messages */ + static BOOL update_waiting; /* TRUE to update the "wait" database */ ++static uschar *data_command = US""; /* Points to DATA cmd for error messages */ + + + /************************************************* +@@ -2249,6 +2250,7 @@ + case -1: goto END_OFF; /* Timeout on RCPT */ + default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ + } ++ data_command = string_copy(big_buffer); /* Save for later error message */ + } + + /* Save the first address of the next batch. */ +@@ -2423,7 +2425,7 @@ + #else + "LMTP error after %s: %s", + #endif +- big_buffer, string_printing(buffer)); ++ data_command, string_printing(buffer)); + setflag(addr, af_pass_message); /* Allow message to go to user */ + if (buffer[0] == '5') + addr->transport_return = FAIL; diff -Nru exim4-4.86.2/debian/patches/CVE-2018-6789.patch exim4-4.86.2/debian/patches/CVE-2018-6789.patch --- exim4-4.86.2/debian/patches/CVE-2018-6789.patch 1970-01-01 00:00:00.000000000 +0000 +++ exim4-4.86.2/debian/patches/CVE-2018-6789.patch 2018-02-10 19:18:07.000000000 +0000 @@ -0,0 +1,59 @@ +Backport of: + +From 062990cc1b2f9e5d82a413b53c8f0569075de700 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" +Date: Mon, 5 Feb 2018 22:23:32 +0100 +Subject: [PATCH] Fix base64d() buffer size (CVE-2018-6789) + +Credits for discovering this bug: Meh Chang +--- + doc/doc-txt/ChangeLog | 6 ++++-- + src/src/base64.c | 8 ++++++-- + 2 files changed, 10 insertions(+), 4 deletions(-) + +#diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog +#index 6e71f1fbb..970ec0732 100644 +#--- a/doc/doc-txt/ChangeLog +#+++ b/doc/doc-txt/ChangeLog +#@@ -5,8 +5,8 @@ affect Exim's operation, with an unchanged configuration file. For new +# options, and new features, see the NewStuff file next to this ChangeLog. +# +# +#-Since Exim version 4.90 +#------------------ +#+Exim version 4.90.1 +#+------------------- +# +# JH/03 Fix pgsql lookup for multiple result-tuples with a single column. +# Previously only the last row was returned. +#@@ -58,6 +58,8 @@ JH/14 Bug 2174: A timeout on connect for a callout was also erroneously seen as +# was marked defer_ok. Fix to keep the two timeout-detection methods +# separate. +# +#+HS/01 Fix Buffer overflow in base64d() (CVE-2018-6789) +#+ +# JH/16 Fix bug in DKIM verify: a buffer overflow could corrupt the malloc +# metadata, resulting in a crash in free(). +# +Index: exim4-4.86.2/src/auths/b64decode.c +=================================================================== +--- exim4-4.86.2.orig/src/auths/b64decode.c 2018-02-10 14:16:38.950220902 -0500 ++++ exim4-4.86.2/src/auths/b64decode.c 2018-02-10 14:17:48.542303370 -0500 +@@ -42,10 +42,14 @@ static uschar dec64table[] = { + int + auth_b64decode(uschar *code, uschar **ptr) + { +-register int x, y; +-uschar *result = store_get(3*(Ustrlen(code)/4) + 1); + +-*ptr = result; ++int x, y; ++uschar *result; ++ ++{ ++ int l = Ustrlen(code); ++ *ptr = result = store_get(1 + l/4 * 3 + l%4); ++} + + /* Each cycle of the loop handles a quantum of 4 input bytes. For the last + quantum this may decode to 1, 2, or 3 output bytes. */ diff -Nru exim4-4.86.2/debian/patches/fix_smtp_banner.patch exim4-4.86.2/debian/patches/fix_smtp_banner.patch --- exim4-4.86.2/debian/patches/fix_smtp_banner.patch 1970-01-01 00:00:00.000000000 +0000 +++ exim4-4.86.2/debian/patches/fix_smtp_banner.patch 2016-03-15 15:57:47.000000000 +0000 @@ -0,0 +1,59 @@ +Description: Add EXIM_DISTRIBUTION var to display it on the SMTP banner +Origin: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-server-app-banner-updates +Author: Yolanda Robla +Last-Update: 2015-07-06 + +Index: exim4-4.86.2/src/globals.c +=================================================================== +--- exim4-4.86.2.orig/src/globals.c 2016-03-15 11:57:43.886243698 -0400 ++++ exim4-4.86.2/src/globals.c 2016-03-15 11:57:43.882243649 -0400 +@@ -1253,7 +1253,7 @@ + uschar *smtp_active_hostname = NULL; + BOOL smtp_authenticated = FALSE; + uschar *smtp_banner = US"$smtp_active_hostname ESMTP " +- "Exim $version_number $tod_full" ++ "Exim $version_number " EXIM_DISTRIBUTION " $tod_full" + "\0<---------------Space to patch smtp_banner->"; + BOOL smtp_batched_input = FALSE; + BOOL smtp_check_spool_space = TRUE; +Index: exim4-4.86.2/src/config.h.defaults +=================================================================== +--- exim4-4.86.2.orig/src/config.h.defaults 2016-03-15 11:57:43.886243698 -0400 ++++ exim4-4.86.2/src/config.h.defaults 2016-03-15 11:57:43.882243649 -0400 +@@ -201,4 +201,6 @@ + #define SC_EXIM_ARITH "%" SCNi64 /* scanf incl. 0x prefix */ + #define SC_EXIM_DEC "%" SCNd64 /* scanf decimal */ + ++#define EXIM_DISTRIBUTION ++ + /* End of config.h.defaults */ +Index: exim4-4.86.2/scripts/Configure-config.h +=================================================================== +--- exim4-4.86.2.orig/scripts/Configure-config.h 2016-03-15 11:57:43.886243698 -0400 ++++ exim4-4.86.2/scripts/Configure-config.h 2016-03-15 11:57:43.882243649 -0400 +@@ -23,6 +23,12 @@ + if [ "$1" != "" ] ; then MAKE=$1 ; fi + if [ "$MAKE" = "" ] ; then MAKE=make ; fi + ++# exporting distribution to use it in smtp banner ++if test -x /usr/bin/lsb_release && lsb_release -si; then ++ export EXIM_DISTRIBUTION=\"$(lsb_release -si)\" ++else ++ export EXIM_DISTRIBUTION=\"\" ++fi + $MAKE buildconfig || exit 1 + + # BEWARE: tab characters needed in the following sed command. They have had +Index: exim4-4.86.2/src/exim.h +=================================================================== +--- exim4-4.86.2.orig/src/exim.h 2016-03-15 11:57:43.886243698 -0400 ++++ exim4-4.86.2/src/exim.h 2016-03-15 11:57:43.882243649 -0400 +@@ -596,4 +596,8 @@ + #undef DISABLE_DNSSEC + #endif + ++#ifndef EXIM_DISTRIBUTION ++ #define EXIM_DISTRIBUTION "" ++#endif ++ + /* End of exim.h */ diff -Nru exim4-4.86.2/debian/patches/series exim4-4.86.2/debian/patches/series --- exim4-4.86.2/debian/patches/series 2016-03-05 12:06:05.000000000 +0000 +++ exim4-4.86.2/debian/patches/series 2018-02-10 19:13:39.000000000 +0000 @@ -19,3 +19,7 @@ 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch +93_CVE-2017-1000368.patch +fix_smtp_banner.patch +CVE-2016-9963.patch +CVE-2018-6789.patch