--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
Hello,
I would like to update exim4 in jessie with the following changes:
1 The upload for DSA-3517-1 introduced a new expansion item
($initial_cwd). - Exim now changes to / at start and therefore cwd did
not show the original working directory anymore. However in the upload
$initial_cwd did not work because of a missing patch.
2 Fix a upstream issue which might cause duplicate mails.
3 Fix a crash on exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'
4 Improve NEWS file, adding more helpful info on add_environment.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru exim4-4.84.2/debian/changelog exim4-4.84.2/debian/changelog
--- exim4-4.84.2/debian/changelog 2016-03-13 18:45:53.000000000 +0100
+++ exim4-4.84.2/debian/changelog 2016-06-12 13:56:36.000000000 +0200
@@ -1,3 +1,25 @@
+exim4 (4.84.2-2) jessie; urgency=medium
+
+ * 90_Cutthrough-Fix-bug-with-dot-only-line.patch: JH/38 Fix cutthrough bug
+ with body lines having a single dot. The dot was incorrectly not doubled
+ on cutthrough transmission, hence seen as a body-termination at the
+ receiving system - resulting in truncated mails. Commonly the sender saw
+ a TCP-level error, and retransmitted the nessage via the normal
+ store-and-forward channel. This could result in duplicates received - but
+ deduplicating mailstores were liable to retain only the initial truncated
+ version.
+ * 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch: Fix crash
+ on "exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'". Closes: #812585
+ * Improve on NEWS file. Closes: #81834
+ * Add 89_01_p_Delay-chdir-until-we-opened-the-main-config.patch. Backport
+ 3de973a29de6852d61ba9bf1845835d08ca5a5ab (Delay chdir(/) until we opened
+ the main config) to actually make $initial_cwd expansion work. Also unfuzz
+ 89_02_Store-the-initial-working-directory.diff.
+ (Thanks, Серж ИвановЪ for bugreport and pointer to missing patch) Closes:
+ #818897, #826646
+
+ -- Andreas Metzler <ametz...@debian.org> Sun, 12 Jun 2016 13:56:30 +0200
+
exim4 (4.84.2-1) jessie-security; urgency=high
* New upstream security release.
diff -Nru exim4-4.84.2/debian/exim4-config.NEWS exim4-4.84.2/debian/exim4-config.NEWS
--- exim4-4.84.2/debian/exim4-config.NEWS 2016-03-13 18:46:04.000000000 +0100
+++ exim4-4.84.2/debian/exim4-config.NEWS 2016-06-12 13:26:52.000000000 +0200
@@ -1,14 +1,26 @@
-exim4 (4.84.2-1) jessie-security; urgency=high
+exim4 (4.84.2-2) jessie; urgency=medium
As part of the fix for CVE-2016-1531 updated Exim versions clean
the complete execution environment by default, affecting Exim and
- subprocesses such as transports calling other programs, and thus may break
+ subprocesses such as routers calling other programs, and thus may break
existing installations. New configuration options (keep_environment,
- add_environment) were introduced to adjust this behavior. The
- debian configuration adds the macros MAIN_KEEP_ENVIRONMENT and
- MAIN_ADD_ENVIRONMENT to easily set these options.
+ add_environment) were introduced to adjust this behavior. Because of the
+ possible breakage Exim will show a runtime warning if keep_environment is
+ not set.
- -- Andreas Metzler <ametz...@debian.org> Sat, 12 Mar 2016 08:17:40 +0100
+ The Debian exim4 configuration does not rely on specific environment
+ variables and therefore sets 'keep_environment =' (i.e confirm empty
+ environment).
+
+ Users of custom Exim configurations will need to check whether their setup
+ continues to work with the abovementioned upstream change and modify the
+ Exim environment as needed otherwise. If the setup works fine with empty
+ environment it is still necessary to set the main configuration option
+ "keep_environment =" to quiet the runtime warning.
+
+ See <https://exim.org/static/doc/CVE-2016-1531.txt> for details.
+
+ -- Andreas Metzler <ametz...@debian.org> Mon, 28 Mar 2016 17:58:09 +0200
exim4 (4.68-1) unstable; urgency=low
diff -Nru exim4-4.84.2/debian/patches/89_01_p_Delay-chdir-until-we-opened-the-main-config.patch exim4-4.84.2/debian/patches/89_01_p_Delay-chdir-until-we-opened-the-main-config.patch
--- exim4-4.84.2/debian/patches/89_01_p_Delay-chdir-until-we-opened-the-main-config.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.84.2/debian/patches/89_01_p_Delay-chdir-until-we-opened-the-main-config.patch 2016-06-12 13:42:19.000000000 +0200
@@ -0,0 +1,76 @@
+Backport of 3de973a29de6852d61ba9bf1845835d08ca5a5ab
+
+From: "Heiko Schlittermann (HS12-RIPE)" <h...@schlittermann.de>
+Date: Wed, 2 Mar 2016 22:07:45 +0100
+Subject: [PATCH] Delay chdir(/) until we opened the main config
+
+--- a/doc/spec.txt
++++ b/doc/spec.txt
+@@ -3361,8 +3361,6 @@ brief message about itself and exits.
+ first file that exists is used. Failure to open an existing file stops Exim
+ from proceeding any further along the list, and an error is generated.
+
+- The file names need to be absolute names.
+-
+ When this option is used by a caller other than root, and the list is
+ different from the compiled-in list, Exim gives up its root privilege
+ immediately, and runs with the real and effective uid and gid set to those
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3683,17 +3683,16 @@ init_lookup_list();
+
+ /* Read the main runtime configuration data; this gives up if there
+ is a failure. It leaves the configuration file open so that the subsequent
+-configuration data for delivery can be read if needed. */
++configuration data for delivery can be read if needed.
+
+-/* To be safe: change the working directory to /. */
+-if (Uchdir("/") < 0)
+- {
+- perror("exim: chdir `/': ");
+- exit(EXIT_FAILURE);
+- }
++NOTE: immediatly after opening the configuration file we change the working
++directory to "/"! Later we change to $spool_directory. We do it there, because
++during readconf_main() some expansion takes place already. */
+
+ readconf_main();
+
++/* Now in directory "/" */
++
+ if (cleanup_environment() == FALSE)
+ log_write(0, LOG_PANIC_DIE, "Can't cleanup environment");
+
+--- a/src/readconf.c
++++ b/src/readconf.c
+@@ -2969,14 +2969,6 @@ while((filename = string_nextinlist(&lis
+ != NULL)
+ {
+
+- /* To avoid confusion: Exim changes to / at the very beginning and
+- * and to $spool_directory later. */
+- if (filename[0] != '/')
+- {
+- fprintf(stderr, "-C %s: only absolute names are allowed\n", filename);
+- exit(EXIT_FAILURE);
+- }
+-
+ /* Cut out all the fancy processing unless specifically wanted */
+
+ #if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID)
+@@ -3030,6 +3022,15 @@ while((filename = string_nextinlist(&lis
+ if (config_file != NULL || errno != ENOENT) break;
+ }
+
++/* Now, once we found and opened our configuration file, we change the directory
++to a safe place. Later we change to $spool_directory. */
++
++if (Uchdir("/") < 0)
++ {
++ perror("exim: chdir `/': ");
++ exit(EXIT_FAILURE);
++ }
++
+ /* On success, save the name for verification; config_filename is used when
+ logging configuration errors (it changes for .included files) whereas
+ config_main_filename is the name shown by -bP. Failure to open a configuration
diff -Nru exim4-4.84.2/debian/patches/89_02_Store-the-initial-working-directory.diff exim4-4.84.2/debian/patches/89_02_Store-the-initial-working-directory.diff
--- exim4-4.84.2/debian/patches/89_02_Store-the-initial-working-directory.diff 2016-03-13 18:45:53.000000000 +0100
+++ exim4-4.84.2/debian/patches/89_02_Store-the-initial-working-directory.diff 2016-06-12 13:36:46.000000000 +0200
@@ -2,8 +2,8 @@
Bug 1805 https://bugs.exim.org/show_bug.cgi?id=1805
Origin: upstream
---- exim4-4.84.2.orig/src/globals.c
-+++ exim4-4.84.2/src/globals.c
+--- a/src/globals.c
++++ b/src/globals.c
@@ -759,6 +759,7 @@ BOOL ignore_fromline_local = FALSE;
uschar *ignore_fromline_hosts = NULL;
BOOL inetd_wait_mode = FALSE;
@@ -12,11 +12,11 @@
uschar *interface_address = NULL;
int interface_port = -1;
BOOL is_inetd = FALSE;
---- exim4-4.84.2.orig/src/exim.c
-+++ exim4-4.84.2/src/exim.c
-@@ -3692,6 +3692,13 @@ if (Uchdir("/") < 0)
- exit(EXIT_FAILURE);
- }
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -3689,6 +3689,13 @@ NOTE: immediatly after opening the confi
+ directory to "/"! Later we change to $spool_directory. We do it there, because
+ during readconf_main() some expansion takes place already. */
+/* Store the initial cwd before we change directories */
+if ((initial_cwd = getcwd(NULL, 0)) == NULL)
@@ -27,8 +27,8 @@
+
readconf_main();
- if (cleanup_environment() == FALSE)
-@@ -3968,9 +3975,10 @@ if (((debug_selector & D_any) != 0 || (l
+ /* Now in directory "/" */
+@@ -3967,9 +3974,10 @@ if (((debug_selector & D_any) != 0 || (l
{
int i;
uschar *p = big_buffer;
@@ -41,8 +41,8 @@
while (*p) p++;
(void)string_format(p, big_buffer_size - (p - big_buffer), " %d args:", argc);
while (*p) p++;
---- exim4-4.84.2.orig/src/globals.h
-+++ exim4-4.84.2/src/globals.h
+--- a/src/globals.h
++++ b/src/globals.h
@@ -486,6 +486,7 @@ extern BOOL ignore_fromline_local; /
extern uschar *ignore_fromline_hosts; /* Hosts permitted to send "From " */
extern BOOL inetd_wait_mode; /* Whether running in inetd wait mode */
@@ -51,8 +51,8 @@
extern BOOL is_inetd; /* True for inetd calls */
extern uschar *iterate_item; /* Item from iterate list */
---- exim4-4.84.2.orig/src/expand.c
-+++ exim4-4.84.2/src/expand.c
+--- a/src/expand.c
++++ b/src/expand.c
@@ -501,6 +501,7 @@ static var_entry var_table[] = {
{ "host_data", vtype_stringptr, &host_data },
{ "host_lookup_deferred",vtype_int, &host_lookup_deferred },
@@ -61,9 +61,9 @@
{ "inode", vtype_ino, &deliver_inode },
{ "interface_address", vtype_stringptr, &interface_address },
{ "interface_port", vtype_int, &interface_port },
---- exim4-4.84.2.orig/doc/spec.txt
-+++ exim4-4.84.2/doc/spec.txt
-@@ -10428,6 +10428,13 @@ $host_lookup_failed
+--- a/doc/spec.txt
++++ b/doc/spec.txt
+@@ -10426,6 +10426,13 @@ $host_lookup_failed
See $host_lookup_deferred.
diff -Nru exim4-4.84.2/debian/patches/90_Cutthrough-Fix-bug-with-dot-only-line.patch exim4-4.84.2/debian/patches/90_Cutthrough-Fix-bug-with-dot-only-line.patch
--- exim4-4.84.2/debian/patches/90_Cutthrough-Fix-bug-with-dot-only-line.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.84.2/debian/patches/90_Cutthrough-Fix-bug-with-dot-only-line.patch 2016-06-12 13:26:52.000000000 +0200
@@ -0,0 +1,32 @@
+From 2d51a06458d4fb771dca34966cf2d19c6820ce61 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146...@wizmail.org>
+Date: Thu, 21 Jan 2016 15:37:08 +0000
+Subject: [PATCH] Cutthrough: Fix bug with dot-only line
+ JH/38 Fix cutthrough bug with body lines having a single dot. The dot was
+ incorrectly not doubled on cutthrough transmission, hence seen as a
+ body-termination at the receiving system - resulting in truncated mails.
+ Commonly the sender saw a TCP-level error, and retransmitted the nessage
+ via the normal store-and-forward channel. This could result in duplicates
+ received - but deduplicating mailstores were liable to retain only the
+ initial truncated version.
+ (cherry picked from commit 1bc460a64a0de0766d21f4f8660c6597bc410cbc)
+
+--- exim4-4.84.2.orig/src/receive.c
++++ exim4-4.84.2/src/receive.c
+@@ -838,7 +838,15 @@ while ((ch = (receive_getc)()) != EOF)
+ ch_state = 4;
+ continue;
+ }
+- ch_state = 1; /* The dot itself is removed */
++ /* The dot was removed at state 3. For a doubled dot, here, reinstate
++ it to cutthrough. The current ch, dot or not, is passed both to cutthrough
++ and to file below. */
++ if (ch == '.')
++ {
++ uschar c= ch;
++ (void) cutthrough_puts(&c, 1);
++ }
++ ch_state = 1;
+ break;
+
+ case 4: /* After [CR] LF . CR */
diff -Nru exim4-4.84.2/debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch exim4-4.84.2/debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch
--- exim4-4.84.2/debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.84.2/debian/patches/91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch 2016-06-12 13:26:52.000000000 +0200
@@ -0,0 +1,45 @@
+From 9dc2b215e83a63efa242f6acd3ab7af8b608e5a1 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146...@wizmail.org>
+Date: Mon, 11 Jan 2016 15:50:22 +0000
+Subject: [PATCH] Expansions: Fix crash in crypteq: On OpenBSD a bad second-arg
+ results in an error-return from crypt(). Errorcheck that return.
+
+---
+ src/expand.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/expand.c b/src/expand.c
+index f144a75..2966c22 100644
+--- a/src/expand.c
++++ b/src/expand.c
+@@ -2791,7 +2791,7 @@ switch(cond_type)
+ #define XSTR(s) STR(s)
+ DEBUG(D_auth) debug_printf("crypteq: using %s()\n"
+ " subject=%s\n crypted=%s\n",
+- (which == 0)? XSTR(DEFAULT_CRYPT) : (which == 1)? "crypt" : "crypt16",
++ which == 0 ? XSTR(DEFAULT_CRYPT) : which == 1 ? "crypt" : "crypt16",
+ coded, sub[1]);
+ #undef STR
+ #undef XSTR
+@@ -2800,8 +2800,16 @@ switch(cond_type)
+ salt), force failure. Otherwise we get false positives: with an empty
+ string the yield of crypt() is an empty string! */
+
+- tempcond = (Ustrlen(sub[1]) < 2)? FALSE :
+- (Ustrcmp(coded, sub[1]) == 0);
++ if (coded)
++ tempcond = Ustrlen(sub[1]) < 2 ? FALSE : Ustrcmp(coded, sub[1]) == 0;
++ else if (errno == EINVAL)
++ tempcond = FALSE;
++ else
++ {
++ expand_string_message = string_sprintf("crypt error: %s\n",
++ US strerror(errno));
++ return NULL;
++ }
+ }
+ break;
+ #endif /* SUPPORT_CRYPTEQ */
+--
+2.8.0.rc3
+
diff -Nru exim4-4.84.2/debian/patches/series exim4-4.84.2/debian/patches/series
--- exim4-4.84.2/debian/patches/series 2016-03-13 18:45:53.000000000 +0100
+++ exim4-4.84.2/debian/patches/series 2016-06-12 13:36:50.000000000 +0200
@@ -17,4 +17,7 @@
86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch
87_Fix-transport-results-pipe-for-multiple-recipients-c.patch
89_01_only_warn_on_nonempty_environment.diff
+89_01_p_Delay-chdir-until-we-opened-the-main-config.patch
89_02_Store-the-initial-working-directory.diff
+90_Cutthrough-Fix-bug-with-dot-only-line.patch
+91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch
--- End Message ---
