Your message dated Fri, 23 Jul 2021 22:28:26 +0000 with message-id <E1m73ec-0007GW-S8@respighi.debian.org> and subject line unblock exim4 has caused the Debian Bug report #991397, regarding unblock: exim4/4.94.2-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 991397: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991397 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: exim4/4.94.2-7
- From: Andreas Metzler <ametzler@bebt.de>
- Date: Thu, 22 Jul 2021 18:13:56 +0200
- Message-id: <[🔎] YPmZRB5rhEUuAPEI@argenau.bebt.de>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock X-Debbugs-Cc: exim4@packages.debian.org, Adrian Bunk <bunk@debian.org> Please unblock package exim4 This is release fixes a single bug by pulling the respective fix from upstream's +fixes branch. When control=fakereject is used with a custom error message the respective non-safe data was expanded. With allow_insecure_tainted_data not set this only causes a entry in paniclog, otherwise the actual expansion might happen. Debian's default exim configuration does not use control=fakereject but still I would consider this an important bug that I would like to see fixed. unblock exim4/4.94.2-7 Thanks, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'diff -Nru exim4-4.94.2/debian/changelog exim4-4.94.2/debian/changelog --- exim4-4.94.2/debian/changelog 2021-05-26 18:49:44.000000000 +0200 +++ exim4-4.94.2/debian/changelog 2021-07-13 18:04:57.000000000 +0200 @@ -1,3 +1,10 @@ +exim4 (4.94.2-7) unstable; urgency=medium + + * 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes + branch: Fix re-expansion of custom message with control=fakereject. + + -- Andreas Metzler <ametzler@debian.org> Tue, 13 Jul 2021 18:04:57 +0200 + exim4 (4.94.2-6) unstable; urgency=medium * Cherrypick diff -Nru exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch --- exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch 2021-07-13 18:03:04.000000000 +0200 @@ -0,0 +1,44 @@ +From c819f3bcad02bcb06004ae2ad135b68fab0ae888 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Wed, 7 Jul 2021 22:19:07 +0100 +Subject: [PATCH 5/5] Fix tainted message for fakereject + +(cherry picked from commit a9ac2d7fc219e41a353abf1f599258b9b9d21b7e) +--- + doc/ChangeLog | 4 ++++ + src/acl.c | 4 +++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/doc/ChangeLog b/doc/ChangeLog +index e60c1cad5..3e93f653f 100644 +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -227,6 +227,10 @@ JH/53 Bug 2743: fix immediate-delivery via named queue. Previously this would + fail with a taint-check on the spoolfile name, and leave the message + queued. + ++JH/57 Fix control=fakreject for a custom message containing tainted data. ++ Previously this resulted in a log complaint, due to a re-expansion present ++ since fakereject was originally introduced. ++ + + Exim version 4.94 + ----------------- +diff --git a/src/acl.c b/src/acl.c +index 7061230b4..65324405c 100644 +--- a/src/acl.c ++++ b/src/acl.c +@@ -3137,7 +3137,9 @@ for (; cb; cb = cb->next) + { + const uschar *pp = p + 1; + while (*pp) pp++; +- fake_response_text = expand_string(string_copyn(p+1, pp-p-1)); ++ /* The entire control= line was expanded at top so no need to expand ++ the part after the / */ ++ fake_response_text = string_copyn(p+1, pp-p-1); + p = pp; + } + else /* Explicitly reset to default string */ +-- +2.30.2 + diff -Nru exim4-4.94.2/debian/patches/series exim4-4.94.2/debian/patches/series --- exim4-4.94.2/debian/patches/series 2021-05-22 13:27:33.000000000 +0200 +++ exim4-4.94.2/debian/patches/series 2021-07-13 18:03:23.000000000 +0200 @@ -10,6 +10,7 @@ 73_02-Fix-ipv6norm.patch 73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch 73_04-Fix-host_name_lookup-Close-2747.patch +73_05-Fix-tainted-message-for-fakereject.patch 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch 75_02-search.patch 75_03-dbstuff.patchAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 991397-done@bugs.debian.org
- Subject: unblock exim4
- From: Sebastian Ramacher <sramacher@respighi.debian.org>
- Date: Fri, 23 Jul 2021 22:28:26 +0000
- Message-id: <E1m73ec-0007GW-S8@respighi.debian.org>
Unblocked.
--- End Message ---