--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package exim4.
unblock exim4/4.84-5
This is a bugfix only upload, featuring two fixes of important
priority:
* 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans
testsuite), extends the fix in 4.84-2.
This can fixes a crash in the MIME ACL.
<http://bugs.exim.org/show_bug.cgi?id=1558>
* 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer
overrun with control characters in argument of spam= acl condition.
<http://bugs.exim.org/show_bug.cgi?id=1552>
Thanks, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru exim4-4.84/debian/changelog exim4-4.84/debian/changelog
--- exim4-4.84/debian/changelog 2014-10-19 13:36:07.000000000 +0200
+++ exim4-4.84/debian/changelog 2014-12-17 19:03:45.000000000 +0100
@@ -1,3 +1,24 @@
+exim4 (4.84-5) unstable; urgency=medium
+
+ * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans
+ testsuite), extends the fix in 4.84-2.
+
+ -- Andreas Metzler <ametz...@debian.org> Wed, 17 Dec 2014 19:03:39 +0100
+
+exim4 (4.84-4) unstable; urgency=medium
+
+ * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
+ neither expects a mbox-style From nor an empty line add the end. (Thanks,
+ Edward Betts) Closes: #769396
+ * Change the init script's restart order from { regenerate_config; stop;
+ start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
+ Closes: #768874
+ * 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer overrun
+ with control characters in argument of spam= acl condition.
+ <http://bugs.exim.org/show_bug.cgi?id=1552>
+
+ -- Andreas Metzler <ametz...@debian.org> Sun, 30 Nov 2014 08:24:04 +0100
+
exim4 (4.84-3) unstable; urgency=medium
* Apply patch to Italian (it) debconf template translation, thanks to
diff -Nru exim4-4.84/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe exim4-4.84/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe
--- exim4-4.84/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe 2012-09-23 12:07:23.000000000 +0200
+++ exim4-4.84/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe 2014-11-18 18:58:37.000000000 +0100
@@ -4,6 +4,8 @@
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
command = "/usr/bin/maildrop"
+ message_prefix =
+ message_suffix =
return_path_add
delivery_date_add
envelope_to_add
diff -Nru exim4-4.84/debian/exim4-base.exim4.init exim4-4.84/debian/exim4-base.exim4.init
--- exim4-4.84/debian/exim4-base.exim4.init 2014-07-22 19:16:03.000000000 +0200
+++ exim4-4.84/debian/exim4-base.exim4.init 2014-11-18 18:58:37.000000000 +0100
@@ -239,10 +239,10 @@
;;
restart)
log_daemon_msg "Stopping MTA for restart"
+ stop_exim
# regenerate exim4.conf
upex4conf
isconfigvalid
- stop_exim
log_end_msg 0
sleep 2
log_daemon_msg "Restarting MTA"
diff -Nru exim4-4.84/debian/patches/81_buffer-overrun-in-spam-acl.diff exim4-4.84/debian/patches/81_buffer-overrun-in-spam-acl.diff
--- exim4-4.84/debian/patches/81_buffer-overrun-in-spam-acl.diff 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.84/debian/patches/81_buffer-overrun-in-spam-acl.diff 2014-12-17 18:55:57.000000000 +0100
@@ -0,0 +1,26 @@
+From e252eb8c71ea3bddb32bf73bddc8b22cfde2bc3a Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146...@wizmail.org>
+Date: Thu, 27 Nov 2014 16:26:44 +0000
+Subject: [PATCH] Fix buffer overrun in spam= acl condition. Bug 1552
+
+---
+ src/spam.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/spam.c b/src/spam.c
+index 7eb6fbf..76bf7d6 100644
+--- a/src/spam.c
++++ b/src/spam.c
+@@ -129,7 +129,8 @@ spam(uschar **listptr)
+ (spamd_address_container *)store_get(sizeof(spamd_address_container));
+
+ /* grok spamd address and port */
+- if( sscanf(CS address, "%s %u", this_spamd->tcp_addr, &(this_spamd->tcp_port)) != 2 ) {
++ if (sscanf(CS address, "%23s %u", this_spamd->tcp_addr, &(this_spamd->tcp_port)) != 2)
++ {
+ log_write(0, LOG_MAIN,
+ "spam acl condition: warning - invalid spamd address: '%s'", address);
+ continue;
+--
+2.1.3
+
diff -Nru exim4-4.84/debian/patches/82_quoted-or-r-2047-encoded.diff exim4-4.84/debian/patches/82_quoted-or-r-2047-encoded.diff
--- exim4-4.84/debian/patches/82_quoted-or-r-2047-encoded.diff 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.84/debian/patches/82_quoted-or-r-2047-encoded.diff 2014-12-17 19:01:38.000000000 +0100
@@ -0,0 +1,194 @@
+From 5c6cf6a0d5cb7da39e7fde01dca1ff862c1fa1c8 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146...@wizmail.org>
+Date: Sun, 14 Dec 2014 15:15:34 +0000
+Subject: [PATCH] Account properly for quoted or 2047-encoded MIME parameters
+ while walking headers. Bug 1558
+
+---
+ src/mime.c | 103 ++++++++++++++++++++++------------------
+ test/log/4000 | 3 ++
+ test/mail/4000.userx | 38 +++++++++++++++
+ test/scripts/4000-scanning/4000 | 29 +++++++++++
+ test/stdout/4000 | 11 +++++
+ 5 files changed, 137 insertions(+), 47 deletions(-)
+
+diff --git a/src/mime.c b/src/mime.c
+index ab701f2..a61e9f2 100644
+--- a/src/mime.c
++++ b/src/mime.c
+@@ -528,26 +528,24 @@ while(1)
+ */
+ if (context != NULL)
+ {
+- while(fgets(CS header, MIME_MAX_HEADER_SIZE, f) != NULL)
++ while(fgets(CS header, MIME_MAX_HEADER_SIZE, f))
+ {
+ /* boundary line must start with 2 dashes */
+- if (Ustrncmp(header,"--",2) == 0)
+- {
+- if (Ustrncmp((header+2),context->boundary,Ustrlen(context->boundary)) == 0)
++ if ( Ustrncmp(header, "--", 2) == 0
++ && Ustrncmp(header+2, context->boundary, Ustrlen(context->boundary)) == 0)
++ {
++ /* found boundary */
++ if (Ustrncmp((header+2+Ustrlen(context->boundary)), "--", 2) == 0)
+ {
+- /* found boundary */
+- if (Ustrncmp((header+2+Ustrlen(context->boundary)),"--",2) == 0)
+- {
+- /* END boundary found */
+- debug_printf("End boundary found %s\n", context->boundary);
+- return rc;
+- }
+- else
+- debug_printf("Next part with boundary %s\n", context->boundary);
+-
+- /* can't use break here */
+- goto DECODE_HEADERS;
++ /* END boundary found */
++ debug_printf("End boundary found %s\n", context->boundary);
++ return rc;
+ }
++ else
++ debug_printf("Next part with boundary %s\n", context->boundary);
++
++ /* can't use break here */
++ goto DECODE_HEADERS;
+ }
+ }
+ /* Hit EOF or read error. Ugh. */
+@@ -557,92 +555,103 @@ while(1)
+
+ DECODE_HEADERS:
+ /* parse headers, set up expansion variables */
+- while (mime_get_header(f,header))
++ while (mime_get_header(f, header))
+ {
+ int i;
+ /* loop through header list */
+ for (i = 0; i < mime_header_list_size; i++)
+- {
+- uschar *header_value = NULL;
+- int header_value_len = 0;
+-
+- /* found an interesting header? */
+- if (strncmpic(mime_header_list[i].name,header,mime_header_list[i].namelen) == 0)
+- {
+- uschar *p = header + mime_header_list[i].namelen;
+- /* yes, grab the value (normalize to lower case)
+- and copy to its corresponding expansion variable */
++ if (strncmpic(mime_header_list[i].name,
++ header, mime_header_list[i].namelen) == 0)
++ { /* found an interesting header */
++ uschar * header_value;
++ int header_value_len;
++ uschar * p = header + mime_header_list[i].namelen;
++
++ /* grab the value (normalize to lower case)
++ and copy to its corresponding expansion variable */
+ while(*p != ';')
+ {
+ *p = tolower(*p);
+ p++;
+ }
+- header_value_len = (p - (header + mime_header_list[i].namelen));
+- header_value = (uschar *)malloc(header_value_len+1);
+- memset(header_value,0,header_value_len+1);
++ header_value_len = p - (header + mime_header_list[i].namelen);
+ p = header + mime_header_list[i].namelen;
+- Ustrncpy(header_value, p, header_value_len);
+- debug_printf("Found %s MIME header, value is '%s'\n", mime_header_list[i].name, header_value);
++ header_value = string_copyn(p, header_value_len);
++ debug_printf("Found %s MIME header, value is '%s'\n",
++ mime_header_list[i].name, header_value);
+ *((uschar **)(mime_header_list[i].value)) = header_value;
+
+ /* make p point to the next character after the closing ';' */
+- p += (header_value_len+1);
++ p += header_value_len+1;
+
+- /* grab all param=value tags on the remaining line, check if they are interesting */
++ /* grab all param=value tags on the remaining line,
++ check if they are interesting */
+ NEXT_PARAM_SEARCH:
+- while (*p != 0)
++ while (*p)
+ {
+ mime_parameter * mp;
+ for (mp = mime_parameter_list;
+ mp < &mime_parameter_list[mime_parameter_list_size];
+ mp++)
+ {
+- uschar *param_value = NULL;
+- int param_value_len = 0;
++ uschar * param_value = NULL;
+
+ /* found an interesting parameter? */
+ if (strncmpic(mp->name, p, mp->namelen) == 0)
+ {
+- uschar *q = p + mp->namelen;
++ uschar * q = p + mp->namelen;
++ int plen = 0;
+ int size = 0;
+ int ptr = 0;
+
+ /* yes, grab the value and copy to its corresponding expansion variable */
+ while(*q && *q != ';') /* ; terminates */
+- {
+ if (*q == '"')
+ {
+ q++; /* skip leading " */
+- while(*q && *q != '"') /* which protects ; */
++ plen++; /* and account for the skip */
++ while(*q && *q != '"') /* " protects ; */
++ {
+ param_value = string_cat(param_value, &size, &ptr, q++, 1);
+- if (*q) q++; /* skip trailing " */
++ plen++;
++ }
++ if (*q)
++ {
++ q++; /* skip trailing " */
++ plen++;
++ }
+ }
+ else
++ {
+ param_value = string_cat(param_value, &size, &ptr, q++, 1);
+- }
++ plen++;
++ }
++
+ if (param_value)
+ {
+ param_value[ptr++] = '\0';
+- param_value_len = ptr;
+
+ param_value = rfc2047_decode(param_value,
+- check_rfc2047_length, NULL, 32, ¶m_value_len, &q);
++ check_rfc2047_length, NULL, 32, NULL, &q);
+ debug_printf("Found %s MIME parameter in %s header, "
+ "value is '%s'\n", mp->name, mime_header_list[i].name,
+ param_value);
+ }
+ *mp->value = param_value;
+- p += (mp->namelen + param_value_len + 1);
++ p += mp->namelen + plen + 1; /* name=, content, ; */
+ goto NEXT_PARAM_SEARCH;
+ }
+ }
+ /* There is something, but not one of our interesting parameters.
+ Advance to the next semicolon */
+- while(*p != ';') p++;
++ while(*p != ';')
++ {
++ if (*p == '"') while(*++p && *p != '"') ;
++ p++;
++ }
+ p++;
+ }
+ }
+- }
+ }
+
+ /* set additional flag variables (easier access) */
diff -Nru exim4-4.84/debian/patches/series exim4-4.84/debian/patches/series
--- exim4-4.84/debian/patches/series 2014-08-29 20:04:26.000000000 +0200
+++ exim4-4.84/debian/patches/series 2014-12-17 18:59:00.000000000 +0100
@@ -9,3 +9,5 @@
67_unnecessaryCopt.diff
70_remove_exim-users_references.dpatch
80_mime_empty_charset.diff
+81_buffer-overrun-in-spam-acl.diff
+82_quoted-or-r-2047-encoded.diff
signature.asc
Description: Digital signature
--- End Message ---
