Package: exim4-daemon-heavy
Version: 4.92-8+deb10u3.1
Severity: important
File: exim4-heavy
Tags: patch upstream
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
gssapi support is broken since somewhere after stretch due to a
buffer-resizing error
* What exactly did you do (or not do) that was effective (or
ineffective)?
Applyed upstream patch
https://bugs.exim.org/show_bug.cgi?id=2501
* What was the outcome of this action?
GSSAPI works again
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
-- Package-specific info:
Exim version 4.92 #3 built 15-Jan-2020 15:20:39
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR PROXY
SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz
dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is
/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /etc/exim4/exim4.conf
-- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages exim4-daemon-heavy depends on:
ii debconf [debconf-2.0] 1.5.71
ii exim4-base 4.92-8+deb10u3.1
ii libc6 2.28-10
ii libdb5.3 5.3.28+dfsg1-0.5
ii libgnutls-dane0 3.6.7-4
ii libgnutls30 3.6.7-4
ii libldap-2.4-2 2.4.47+dfsg-3+deb10u1
ii libmariadb3 1:10.3.18-0+deb10u1
ii libpam0g 1.3.1-5
ii libpcre3 2:8.39-12
ii libperl5.28 5.28.1-6
ii libpq5 11.5-1+deb10u1
ii libsasl2-2 2.1.27+dfsg-1+deb10u1
ii libsqlite3-0 3.27.2-3
exim4-daemon-heavy recommends no packages.
exim4-daemon-heavy suggests no packages.
-- debconf information excluded
diff -Nru exim4-4.92/debian/changelog exim4-4.92/debian/changelog
--- exim4-4.92/debian/changelog 2019-09-27 18:09:35.000000000 +0200
+++ exim4-4.92/debian/changelog 2020-01-15 16:20:39.000000000 +0100
@@ -1,3 +1,10 @@
+exim4 (4.92-8+deb10u3.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * GSSAPI FIX - https://bugs.exim.org/show_bug.cgi?id=2501
+
+ -- Sebastian Langenhorst <schl...@mail.uni-paderborn.de> Wed, 15 Jan 2020
16:20:39 +0100
+
exim4 (4.92-8+deb10u3) buster-security; urgency=high
* 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch:
diff -Nru exim4-4.92/debian/patches/98-gssapi.patch
exim4-4.92/debian/patches/98-gssapi.patch
--- exim4-4.92/debian/patches/98-gssapi.patch 1970-01-01 01:00:00.000000000
+0100
+++ exim4-4.92/debian/patches/98-gssapi.patch 2020-01-15 16:20:39.000000000
+0100
@@ -0,0 +1,84 @@
+Index: exim4-4.92/doc/ChangeLog
+===================================================================
+--- exim4-4.92.orig/doc/ChangeLog
++++ exim4-4.92/doc/ChangeLog
+@@ -9,6 +9,11 @@ Exim version 4.92.2
+
+ HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
+
++JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it
++ adjusted the size of a major service buffer; this failed because the
++ buffer was in use at the time. Change to a compile-time increase in the
++ buffer size, when this authenticator is compiled into exim.
++
+
+ Since version 4.92
+ ------------------
+Index: exim4-4.92/src/auths/heimdal_gssapi.c
+===================================================================
+--- exim4-4.92.orig/src/auths/heimdal_gssapi.c
++++ exim4-4.92/src/auths/heimdal_gssapi.c
+@@ -190,15 +190,6 @@ auth_heimdal_gssapi_init(auth_instance *
+
+ krb5_free_context(context);
+
+- /* RFC 4121 section 5.2, SHOULD support 64K input buffers */
+- if (big_buffer_size < (64 * 1024)) {
+- uschar *newbuf;
+- big_buffer_size = 64 * 1024;
+- newbuf = store_malloc(big_buffer_size);
+- store_free(big_buffer);
+- big_buffer = newbuf;
+- }
+-
+ ablock->server = TRUE;
+ }
+
+Index: exim4-4.92/src/macros.h
+===================================================================
+--- exim4-4.92.orig/src/macros.h
++++ exim4-4.92/src/macros.h
+@@ -159,12 +159,19 @@ enough to hold all the headers from a no
+ into big_buffer_size and in some circumstances increased. It should be at
least
+ as long as the maximum path length. */
+
+-#if defined PATH_MAX && PATH_MAX > 16384
++#ifdef AUTH_HEIMDAL_GSSAPI
++ /* RFC 4121 section 5.2, SHOULD support 64K input buffers */
++# define __BIG_BUFFER_SIZE 65536
++#else
++# define __BIG_BUFFER_SIZE 16384
++#endif
++
++#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE
+ # define BIG_BUFFER_SIZE PATH_MAX
+-#elif defined MAXPATHLEN && MAXPATHLEN > 16384
++#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE
+ # define BIG_BUFFER_SIZE MAXPATHLEN
+ #else
+-# define BIG_BUFFER_SIZE 16384
++# define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE
+ #endif
+
+ /* header size of pipe content
+Index: exim4-4.92/src/readconf.c
+===================================================================
+--- exim4-4.92.orig/src/readconf.c
++++ exim4-4.92/src/readconf.c
+@@ -3755,7 +3755,7 @@ driver_instance **p = anchor;
+ driver_instance *d = NULL;
+ uschar *buffer;
+
+-while ((buffer = get_config_line()) != NULL)
++while ((buffer = get_config_line()))
+ {
+ uschar name[64];
+ uschar *s;
+@@ -3776,6 +3776,7 @@ while ((buffer = get_config_line()) != N
+ if (!d->driver_name)
+ log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
+ "no driver defined for %s \"%s\"", class, d->name);
++ /* s is using big_buffer, so this call had better not */
+ (d->info->init)(d);
+ d = NULL;
+ }
diff -Nru exim4-4.92/debian/patches/series exim4-4.92/debian/patches/series
--- exim4-4.92/debian/patches/series 2019-09-27 18:09:04.000000000 +0200
+++ exim4-4.92/debian/patches/series 2020-01-15 16:20:39.000000000 +0100
@@ -25,3 +25,4 @@
78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch
90_localscan_dlopen.dpatch
+98-gssapi.patch
