Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-Cc: exim4@packages.debian.org, Adrian Bunk <bunk@debian.org> Please unblock package exim4 This is release fixes a single bug by pulling the respective fix from upstream's +fixes branch. When control=fakereject is used with a custom error message the respective non-safe data was expanded. With allow_insecure_tainted_data not set this only causes a entry in paniclog, otherwise the actual expansion might happen. Debian's default exim configuration does not use control=fakereject but still I would consider this an important bug that I would like to see fixed. unblock exim4/4.94.2-7 Thanks, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru exim4-4.94.2/debian/changelog exim4-4.94.2/debian/changelog
--- exim4-4.94.2/debian/changelog 2021-05-26 18:49:44.000000000 +0200
+++ exim4-4.94.2/debian/changelog 2021-07-13 18:04:57.000000000 +0200
@@ -1,3 +1,10 @@
+exim4 (4.94.2-7) unstable; urgency=medium
+
+ * 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes
+ branch: Fix re-expansion of custom message with control=fakereject.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 13 Jul 2021 18:04:57 +0200
+
exim4 (4.94.2-6) unstable; urgency=medium
* Cherrypick
diff -Nru exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch
--- exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch 2021-07-13 18:03:04.000000000 +0200
@@ -0,0 +1,44 @@
+From c819f3bcad02bcb06004ae2ad135b68fab0ae888 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 7 Jul 2021 22:19:07 +0100
+Subject: [PATCH 5/5] Fix tainted message for fakereject
+
+(cherry picked from commit a9ac2d7fc219e41a353abf1f599258b9b9d21b7e)
+---
+ doc/ChangeLog | 4 ++++
+ src/acl.c | 4 +++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/doc/ChangeLog b/doc/ChangeLog
+index e60c1cad5..3e93f653f 100644
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -227,6 +227,10 @@ JH/53 Bug 2743: fix immediate-delivery via named queue. Previously this would
+ fail with a taint-check on the spoolfile name, and leave the message
+ queued.
+
++JH/57 Fix control=fakreject for a custom message containing tainted data.
++ Previously this resulted in a log complaint, due to a re-expansion present
++ since fakereject was originally introduced.
++
+
+ Exim version 4.94
+ -----------------
+diff --git a/src/acl.c b/src/acl.c
+index 7061230b4..65324405c 100644
+--- a/src/acl.c
++++ b/src/acl.c
+@@ -3137,7 +3137,9 @@ for (; cb; cb = cb->next)
+ {
+ const uschar *pp = p + 1;
+ while (*pp) pp++;
+- fake_response_text = expand_string(string_copyn(p+1, pp-p-1));
++ /* The entire control= line was expanded at top so no need to expand
++ the part after the / */
++ fake_response_text = string_copyn(p+1, pp-p-1);
+ p = pp;
+ }
+ else /* Explicitly reset to default string */
+--
+2.30.2
+
diff -Nru exim4-4.94.2/debian/patches/series exim4-4.94.2/debian/patches/series
--- exim4-4.94.2/debian/patches/series 2021-05-22 13:27:33.000000000 +0200
+++ exim4-4.94.2/debian/patches/series 2021-07-13 18:03:23.000000000 +0200
@@ -10,6 +10,7 @@
73_02-Fix-ipv6norm.patch
73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch
73_04-Fix-host_name_lookup-Close-2747.patch
+73_05-Fix-tainted-message-for-fakereject.patch
75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
75_02-search.patch
75_03-dbstuff.patch
Attachment:
signature.asc
Description: PGP signature