summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFabian Groffen <grobian@gentoo.org>2017-11-29 09:50:07 +0100
committerFabian Groffen <grobian@gentoo.org>2017-11-29 09:50:07 +0100
commite7434ec7eeb4b4be5cd53cebba9576f940b076e9 (patch)
tree6bf1ddb20e6f66d72926f811b5cc547413ea37fb /mail-mta
parentprofiles/cygwin/p.mask: use current date (bug#638816) (diff)
downloadgentoo-e7434ec7eeb4b4be5cd53cebba9576f940b076e9.tar.gz
gentoo-e7434ec7eeb4b4be5cd53cebba9576f940b076e9.tar.bz2
gentoo-e7434ec7eeb4b4be5cd53cebba9576f940b076e9.zip
mail-mta/exim: add patch for CVE-2017-16944, bug #638772
Original patch is slightly adjusted to the 4.98 codebase in order to apply. Bug: https://bugs.gentoo.org/638772 Package-Manager: Portage-2.3.13, Repoman-2.3.3
Diffstat (limited to 'mail-mta')
-rw-r--r--mail-mta/exim/exim-4.89-r5.ebuild (renamed from mail-mta/exim/exim-4.89-r4.ebuild)1
-rw-r--r--mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch57
2 files changed, 58 insertions, 0 deletions
diff --git a/mail-mta/exim/exim-4.89-r4.ebuild b/mail-mta/exim/exim-4.89-r5.ebuild
index 14b6181d4cb..c6da0e48afc 100644
--- a/mail-mta/exim/exim-4.89-r4.ebuild
+++ b/mail-mta/exim/exim-4.89-r5.ebuild
@@ -98,6 +98,7 @@ src_prepare() {
epatch "${FILESDIR}"/${P}-transport-crash.patch # from git/in next release
epatch "${FILESDIR}"/${P}-address-expando-crash.patch # from git/in next release
epatch "${FILESDIR}"/${P}-CVE-2017-16943.patch # from git/in next release
+ epatch "${FILESDIR}"/${P}-CVE-2017-16944.patch # from git/in next release
if use maildir ; then
epatch "${FILESDIR}"/exim-4.20-maildir.patch
diff --git a/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch
new file mode 100644
index 00000000000..285a6170aa8
--- /dev/null
+++ b/mail-mta/exim/files/exim-4.89-CVE-2017-16944.patch
@@ -0,0 +1,57 @@
+From 178ecb70987f024f0e775d87c2f8b2cf587dd542 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Mon, 27 Nov 2017 22:42:33 +0100
+Subject: [PATCH] Chunking: do not treat the first lonely dot special.
+ CVE-2017-16944, Bug 2201
+
+Modified to apply on 4.89-gentoo
+
+---
+ src/src/receive.c | 2 +-
+ src/src/smtp_in.c | 7 +++++++
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/src/receive.c b/src/src/receive.c
+index 541eba1..417e975 100644
+--- a/src/src/receive.c
++++ b/src/src/receive.c
+@@ -1865,7 +1865,7 @@ for (;;)
+ prevent further reading), and break out of the loop, having freed the
+ empty header, and set next = NULL to indicate no data line. */
+
+- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
++ if (ptr == 0 && ch == '.' && dot_ends)
+ {
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
+ if (ch == '\r')
+diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
+index 1fdb705..0aabc53 100644
+--- a/src/src/smtp_in.c
++++ b/src/src/smtp_in.c
+@@ -5094,16 +5094,23 @@ while (done <= 0)
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ (int)chunking_state, chunking_data_left);
+
++ /* push the current receive_* function on the "stack", and
++ replace them by bdat_getc(), which in turn will use the lwr_receive_*
++ functions to do the dirty work. */
+ lwr_receive_getc = receive_getc;
+ lwr_receive_ungetc = receive_ungetc;
++
+ receive_getc = bdat_getc;
+ receive_ungetc = bdat_ungetc;
+
++ dot_ends = FALSE;
++
+ goto DATA_BDAT;
+ }
+
+ case DATA_CMD:
+ HAD(SCH_DATA);
++ dot_ends = TRUE;
+
+ DATA_BDAT: /* Common code for DATA and BDAT */
+ if (!discarded && recipients_count <= 0)
+--
+1.9.1
+