From 4dd8d280857607d1ee41ae03c62c5e629ad75c37 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 19 Jun 2017 18:34:57 -0400 Subject: gnu: exim: Fix CVE-2017-1000369. * gnu/packages/patches/exim-CVE-2017-1000369.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/mail.scm (exim)[source]: Use it. --- gnu/packages/mail.scm | 1 + gnu/packages/patches/exim-CVE-2017-1000369.patch | 59 ++++++++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 gnu/packages/patches/exim-CVE-2017-1000369.patch (limited to 'gnu/packages') diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm index f4003d7391..7fde203593 100644 --- a/gnu/packages/mail.scm +++ b/gnu/packages/mail.scm @@ -1004,6 +1004,7 @@ (define-public exim version ".tar.bz2") (string-append "ftp://ftp.exim.org/pub/exim/exim4/old/exim-" version ".tar.bz2"))) + (patches (search-patches "exim-CVE-2017-1000369.patch")) (sha256 (base32 "050m2gjzpc6vyik458h1j0vi8bxplkzjsyndkyd2y394i569kdyl")))) diff --git a/gnu/packages/patches/exim-CVE-2017-1000369.patch b/gnu/packages/patches/exim-CVE-2017-1000369.patch new file mode 100644 index 0000000000..a67a8afb0e --- /dev/null +++ b/gnu/packages/patches/exim-CVE-2017-1000369.patch @@ -0,0 +1,59 @@ +Fix CVE-2017-1000369: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369 +https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + +Patch adapted from upstream source repository: + +https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 + +From 65e061b76867a9ea7aeeb535341b790b90ae6c21 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" +Date: Wed, 31 May 2017 23:08:56 +0200 +Subject: [PATCH] Cleanup (prevent repeated use of -p/-oMr to avoid mem leak) + +--- + doc/doc-docbook/spec.xfpt | 3 ++- + src/src/exim.c | 19 +++++++++++++++++-- + 2 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/src/src/exim.c b/src/src/exim.c +index 67583e58..88e11977 100644 +--- a/src/exim.c ++++ b/src/exim.c +@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++) + + /* -oMr: Received protocol */ + +- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; ++ else if (Ustrcmp(argrest, "Mr") == 0) ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ else received_protocol = argv[++i]; + + /* -oMs: Set sender host name */ + +@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++) + + if (*argrest != 0) + { +- uschar *hn = Ustrchr(argrest, ':'); ++ uschar *hn; ++ ++ if (received_protocol) ++ { ++ fprintf(stderr, "received_protocol is set already\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ hn = Ustrchr(argrest, ':'); + if (hn == NULL) + { + received_protocol = argrest; +-- +2.13.1 + -- cgit v1.2.3