Updates for CVE-2016-1531.

  * Leave the environment clear, but do this explicitly because
    otherwise Exim moans constantly.  I think that we don't need
    environment variables propagated from anywhere, so this is OK.

  * Use absolute paths when checking configuration files during the
    build.

diff --git a/Makefile b/Makefile
index 9ccbeee..844b31a 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -82,7 +82,7 @@ CONFIGS                        = $(foreach m, $(MODES), exim4-$m.conf)
 TARGETS                        += $(CONFIGS)
 $(CONFIGS): exim4-%.conf: $(EARLY) $$(HOOKS_$$*) $(MAIN) $$(OPTIONS_$$*)
        $(V_GEN)m4 -P -DMODE=$* $^ >$@.new
-       $(V_AT)$(CHECK_$*)exim4 -C$@.new -bV >/dev/null
+       $(V_AT)$(CHECK_$*)exim4 -C$$(pwd)/$@.new -bV >/dev/null
        $(V_AT)mv $@.new $@
 
 all: $(TARGETS)

diff --git a/base.m4 b/base.m4
index 63d001c..a00757e 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -81,6 +81,9 @@ SECTION(global, smtp)m4_dnl
 smtp_return_error_details = true
 accept_8bitmime = true
 
+SECTION(global, env)m4_dnl
+keep_environment =
+
 SECTION(global, process)m4_dnl
 extract_addresses_remove_arguments = false
 headers_charset = utf-8

diff --git a/divmap.m4 b/divmap.m4
index 7866052..d601850 100644 (file)
--- a/divmap.m4
+++ b/divmap.m4
@@ -64,27 +64,28 @@ DEFDIVERSION(global/lists,           104)
 
 DEFDIVERSION(global/misc,               106, Miscellaneous.)
 DEFDIVERSION(global/param,              108, Exim parameters.)
-DEFDIVERSION(global/priv,               110, Privilege controls.)
-DEFDIVERSION(global/frozen,             112, Frozen messages.)
-DEFDIVERSION(global/lookups,            114, Data lookups.)
-DEFDIVERSION(global/msgid,              116, Message ids.)
-DEFDIVERSION(global/perl,               118, Embedded Perl startup.)
-DEFDIVERSION(global/daemon,             120, Daemon.)
-DEFDIVERSION(global/resource,           122, Resource control.)
-DEFDIVERSION(global/policy,             124, Policy controls.)
-DEFDIVERSION(global/callout,            126, Callout cache.)
-DEFDIVERSION(global/tls,                128, TLS.)
-DEFDIVERSION(global/users,              130, Local user handling.)
-DEFDIVERSION(global/incoming,           132,
+DEFDIVERSION(global/env,                110, Environment variables.)
+DEFDIVERSION(global/priv,               112, Privilege controls.)
+DEFDIVERSION(global/frozen,             114, Frozen messages.)
+DEFDIVERSION(global/lookups,            116, Data lookups.)
+DEFDIVERSION(global/msgid,              118, Message ids.)
+DEFDIVERSION(global/perl,               120, Embedded Perl startup.)
+DEFDIVERSION(global/daemon,             122, Daemon.)
+DEFDIVERSION(global/resource,           124, Resource control.)
+DEFDIVERSION(global/policy,             126, Policy controls.)
+DEFDIVERSION(global/callout,            128, Callout cache.)
+DEFDIVERSION(global/tls,                130, TLS.)
+DEFDIVERSION(global/users,              132, Local user handling.)
+DEFDIVERSION(global/incoming,           134,
        All incoming messages (SMTP and non-SMTP).)
-DEFDIVERSION(global/non-smtp,           134, Non-SMTP incoming messages.)
-DEFDIVERSION(global/smtp,               136, Incoming SMTP messages.)
-DEFDIVERSION(global/process,            138, Processing messages.)
-DEFDIVERSION(global/filter,             140, System filter.)
-DEFDIVERSION(global/routing,            142, Routing and delivery.)
-DEFDIVERSION(global/bounce,             144, Bounce and warning messages.)
-DEFDIVERSION(global/acl,                146, Access control lists.)
-DEFDIVERSION(global/acl-after,          148)
+DEFDIVERSION(global/non-smtp,           136, Non-SMTP incoming messages.)
+DEFDIVERSION(global/smtp,               138, Incoming SMTP messages.)
+DEFDIVERSION(global/process,            140, Processing messages.)
+DEFDIVERSION(global/filter,             142, System filter.)
+DEFDIVERSION(global/routing,            144, Routing and delivery.)
+DEFDIVERSION(global/bounce,             146, Bounce and warning messages.)
+DEFDIVERSION(global/acl,                148, Access control lists.)
+DEFDIVERSION(global/acl-after,          150)
 
 DEFDIVERSION(acl,                       200)
 DEFDIVERSION(acl/connect,               202)