Bug#991397: marked as done (unblock: exim4/4.94.2-7)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Fri, 23 Jul 2021 22:28:26 +0000
with message-id <E1m73ec-0007GW-S8@respighi.debian.org>
and subject line unblock exim4
has caused the Debian Bug report #991397,
regarding unblock: exim4/4.94.2-7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991397: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991397
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: exim4/4.94.2-7
• From: Andreas Metzler <ametzler@bebt.de>
• Date: Thu, 22 Jul 2021 18:13:56 +0200
• Message-id: <[🔎] YPmZRB5rhEUuAPEI@argenau.bebt.de>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: exim4@packages.debian.org, Adrian Bunk <bunk@debian.org>

Please unblock package exim4

This is release fixes a single bug by pulling the respective fix from
upstream's +fixes branch.

When control=fakereject is used with a custom error message the
respective non-safe data was expanded. With allow_insecure_tainted_data
not set this only causes a entry in paniclog, otherwise the actual
expansion might happen.

Debian's default exim configuration does not use control=fakereject but
still I would consider this an important bug that I would like to see
fixed.

unblock exim4/4.94.2-7

Thanks, cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru exim4-4.94.2/debian/changelog exim4-4.94.2/debian/changelog
--- exim4-4.94.2/debian/changelog	2021-05-26 18:49:44.000000000 +0200
+++ exim4-4.94.2/debian/changelog	2021-07-13 18:04:57.000000000 +0200
@@ -1,3 +1,10 @@
+exim4 (4.94.2-7) unstable; urgency=medium
+
+  * 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes
+    branch: Fix re-expansion of custom message with control=fakereject.
+
+ -- Andreas Metzler <ametzler@debian.org>  Tue, 13 Jul 2021 18:04:57 +0200
+
 exim4 (4.94.2-6) unstable; urgency=medium
 
   * Cherrypick
diff -Nru exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch
--- exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch	1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.94.2/debian/patches/73_05-Fix-tainted-message-for-fakereject.patch	2021-07-13 18:03:04.000000000 +0200
@@ -0,0 +1,44 @@
+From c819f3bcad02bcb06004ae2ad135b68fab0ae888 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Wed, 7 Jul 2021 22:19:07 +0100
+Subject: [PATCH 5/5] Fix tainted message for fakereject
+
+(cherry picked from commit a9ac2d7fc219e41a353abf1f599258b9b9d21b7e)
+---
+ doc/ChangeLog | 4 ++++
+ src/acl.c         | 4 +++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/doc/ChangeLog b/doc/ChangeLog
+index e60c1cad5..3e93f653f 100644
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -227,6 +227,10 @@ JH/53 Bug 2743: fix immediate-delivery via named queue.  Previously this would
+       fail with a taint-check on the spoolfile name, and leave the message
+       queued.
+ 
++JH/57 Fix control=fakreject for a custom message containing tainted data.
++      Previously this resulted in a log complaint, due to a re-expansion present
++      since fakereject was originally introduced.
++
+ 
+ Exim version 4.94
+ -----------------
+diff --git a/src/acl.c b/src/acl.c
+index 7061230b4..65324405c 100644
+--- a/src/acl.c
++++ b/src/acl.c
+@@ -3137,7 +3137,9 @@ for (; cb; cb = cb->next)
+ 	    {
+ 	    const uschar *pp = p + 1;
+ 	    while (*pp) pp++;
+-	    fake_response_text = expand_string(string_copyn(p+1, pp-p-1));
++	    /* The entire control= line was expanded at top so no need to expand
++	    the part after the / */
++	    fake_response_text = string_copyn(p+1, pp-p-1);
+ 	    p = pp;
+ 	    }
+ 	   else /* Explicitly reset to default string */
+-- 
+2.30.2
+
diff -Nru exim4-4.94.2/debian/patches/series exim4-4.94.2/debian/patches/series
--- exim4-4.94.2/debian/patches/series	2021-05-22 13:27:33.000000000 +0200
+++ exim4-4.94.2/debian/patches/series	2021-07-13 18:03:23.000000000 +0200
@@ -10,6 +10,7 @@
 73_02-Fix-ipv6norm.patch
 73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch
 73_04-Fix-host_name_lookup-Close-2747.patch
+73_05-Fix-tainted-message-for-fakereject.patch
 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
 75_02-search.patch
 75_03-dbstuff.patch

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

• To: 991397-done@bugs.debian.org
• Subject: unblock exim4
• From: Sebastian Ramacher <sramacher@respighi.debian.org>
• Date: Fri, 23 Jul 2021 22:28:26 +0000
• Message-id: <E1m73ec-0007GW-S8@respighi.debian.org>

Unblocked.

--- End Message ---