diff options
author | Fabian Groffen <grobian@gentoo.org> | 2017-11-29 09:50:07 +0100 |
---|---|---|
committer | Fabian Groffen <grobian@gentoo.org> | 2017-11-29 09:50:07 +0100 |
commit | e7434ec7eeb4b4be5cd53cebba9576f940b076e9 (patch) | |
tree | 6bf1ddb20e6f66d72926f811b5cc547413ea37fb | |
parent | profiles/cygwin/p.mask: use current date (bug#638816) (diff) | |
download | gentoo-e7434ec7eeb4b4be5cd53cebba9576f940b076e9.tar.gz gentoo-e7434ec7eeb4b4be5cd53cebba9576f940b076e9.tar.bz2 gentoo-e7434ec7eeb4b4be5cd53cebba9576f940b076e9.zip |
mail-mta/exim: add patch for CVE-2017-16944, bug #638772
Original patch is slightly adjusted to the 4.98 codebase in order to
apply.
Bug: https://bugs.gentoo.org/638772
Package-Manager: Portage-2.3.13, Repoman-2.3.3
-rw-r--r-- | mail-mta/exim/exim-4.89-r5.ebuild (renamed from mail-mta/exim/exim-4.89-r4.ebuild) | 1 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch | 57 |
2 files changed, 58 insertions, 0 deletions
diff --git a/mail-mta/exim/exim-4.89-r4.ebuild b/mail-mta/exim/exim-4.89-r5.ebuild index 14b6181d4cb4..c6da0e48afc0 100644 --- a/mail-mta/exim/exim-4.89-r4.ebuild +++ b/mail-mta/exim/exim-4.89-r5.ebuild @@ -98,6 +98,7 @@ src_prepare() { epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release epatch "${FILESDIR}"/${P}-address-expando-crash.patch # from git/in next release epatch "${FILESDIR}"/${P}-CVE-2017-16943.patch # from git/in next release + epatch "${FILESDIR}"/${P}-CVE-2017-16944.patch # from git/in next release if use maildir ; then epatch "${FILESDIR}"/exim-4.20-maildir.patch diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch new file mode 100644 index 000000000000..285a6170aa82 --- /dev/null +++ b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch @@ -0,0 +1,57 @@ +From 178ecb70987f024f0e775d87c2f8b2cf587dd542 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> +Date: Mon, 27 Nov 2017 22:42:33 +0100 +Subject: [PATCH] Chunking: do not treat the first lonely dot special. + CVE-2017-16944, Bug 2201 + +Modified to apply on 4.89-gentoo + +--- + src/src/receive.c | 2 +- + src/src/smtp_in.c | 7 +++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/src/receive.c b/src/src/receive.c +index 541eba1..417e975 100644 +--- a/src/src/receive.c ++++ b/src/src/receive.c +@@ -1865,7 +1865,7 @@ for (;;) + prevent further reading), and break out of the loop, having freed the + empty header, and set next = NULL to indicate no data line. */ + +- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) ++ if (ptr == 0 && ch == '.' && dot_ends) + { + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); + if (ch == '\r') +diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c +index 1fdb705..0aabc53 100644 +--- a/src/src/smtp_in.c ++++ b/src/src/smtp_in.c +@@ -5094,16 +5094,23 @@ while (done <= 0) + DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", + (int)chunking_state, chunking_data_left); + ++ /* push the current receive_* function on the "stack", and ++ replace them by bdat_getc(), which in turn will use the lwr_receive_* ++ functions to do the dirty work. */ + lwr_receive_getc = receive_getc; + lwr_receive_ungetc = receive_ungetc; ++ + receive_getc = bdat_getc; + receive_ungetc = bdat_ungetc; + ++ dot_ends = FALSE; ++ + goto DATA_BDAT; + } + + case DATA_CMD: + HAD(SCH_DATA); ++ dot_ends = TRUE; + + DATA_BDAT: /* Common code for DATA and BDAT */ + if (!discarded && recipients_count <= 0) +-- +1.9.1 + |