From 5918499b6e7746f49aa8ba9ae1f058d2b48bda47 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Wed, 16 Mar 2016 23:00:24 +0000 Subject: [PATCH] Updates for CVE-2016-1531. * Leave the environment clear, but do this explicitly because otherwise Exim moans constantly. I think that we don't need environment variables propagated from anywhere, so this is OK. * Use absolute paths when checking configuration files during the build. --- Makefile | 2 +- base.m4 | 3 +++ divmap.m4 | 41 +++++++++++++++++++++-------------------- 3 files changed, 25 insertions(+), 21 deletions(-) diff --git a/Makefile b/Makefile index 9ccbeee..844b31a 100644 --- a/Makefile +++ b/Makefile @@ -82,7 +82,7 @@ CONFIGS = $(foreach m, $(MODES), exim4-$m.conf) TARGETS += $(CONFIGS) $(CONFIGS): exim4-%.conf: $(EARLY) $$(HOOKS_$$*) $(MAIN) $$(OPTIONS_$$*) $(V_GEN)m4 -P -DMODE=$* $^ >$@.new - $(V_AT)$(CHECK_$*)exim4 -C$@.new -bV >/dev/null + $(V_AT)$(CHECK_$*)exim4 -C$$(pwd)/$@.new -bV >/dev/null $(V_AT)mv $@.new $@ all: $(TARGETS) diff --git a/base.m4 b/base.m4 index 63d001c..a00757e 100644 --- a/base.m4 +++ b/base.m4 @@ -81,6 +81,9 @@ SECTION(global, smtp)m4_dnl smtp_return_error_details = true accept_8bitmime = true +SECTION(global, env)m4_dnl +keep_environment = + SECTION(global, process)m4_dnl extract_addresses_remove_arguments = false headers_charset = utf-8 diff --git a/divmap.m4 b/divmap.m4 index 7866052..d601850 100644 --- a/divmap.m4 +++ b/divmap.m4 @@ -64,27 +64,28 @@ DEFDIVERSION(global/lists, 104) DEFDIVERSION(global/misc, 106, Miscellaneous.) DEFDIVERSION(global/param, 108, Exim parameters.) -DEFDIVERSION(global/priv, 110, Privilege controls.) -DEFDIVERSION(global/frozen, 112, Frozen messages.) -DEFDIVERSION(global/lookups, 114, Data lookups.) -DEFDIVERSION(global/msgid, 116, Message ids.) -DEFDIVERSION(global/perl, 118, Embedded Perl startup.) -DEFDIVERSION(global/daemon, 120, Daemon.) -DEFDIVERSION(global/resource, 122, Resource control.) -DEFDIVERSION(global/policy, 124, Policy controls.) -DEFDIVERSION(global/callout, 126, Callout cache.) -DEFDIVERSION(global/tls, 128, TLS.) -DEFDIVERSION(global/users, 130, Local user handling.) -DEFDIVERSION(global/incoming, 132, +DEFDIVERSION(global/env, 110, Environment variables.) +DEFDIVERSION(global/priv, 112, Privilege controls.) +DEFDIVERSION(global/frozen, 114, Frozen messages.) +DEFDIVERSION(global/lookups, 116, Data lookups.) +DEFDIVERSION(global/msgid, 118, Message ids.) +DEFDIVERSION(global/perl, 120, Embedded Perl startup.) +DEFDIVERSION(global/daemon, 122, Daemon.) +DEFDIVERSION(global/resource, 124, Resource control.) +DEFDIVERSION(global/policy, 126, Policy controls.) +DEFDIVERSION(global/callout, 128, Callout cache.) +DEFDIVERSION(global/tls, 130, TLS.) +DEFDIVERSION(global/users, 132, Local user handling.) +DEFDIVERSION(global/incoming, 134, All incoming messages (SMTP and non-SMTP).) -DEFDIVERSION(global/non-smtp, 134, Non-SMTP incoming messages.) -DEFDIVERSION(global/smtp, 136, Incoming SMTP messages.) -DEFDIVERSION(global/process, 138, Processing messages.) -DEFDIVERSION(global/filter, 140, System filter.) -DEFDIVERSION(global/routing, 142, Routing and delivery.) -DEFDIVERSION(global/bounce, 144, Bounce and warning messages.) -DEFDIVERSION(global/acl, 146, Access control lists.) -DEFDIVERSION(global/acl-after, 148) +DEFDIVERSION(global/non-smtp, 136, Non-SMTP incoming messages.) +DEFDIVERSION(global/smtp, 138, Incoming SMTP messages.) +DEFDIVERSION(global/process, 140, Processing messages.) +DEFDIVERSION(global/filter, 142, System filter.) +DEFDIVERSION(global/routing, 144, Routing and delivery.) +DEFDIVERSION(global/bounce, 146, Bounce and warning messages.) +DEFDIVERSION(global/acl, 148, Access control lists.) +DEFDIVERSION(global/acl-after, 150) DEFDIVERSION(acl, 200) DEFDIVERSION(acl/connect, 202) -- 2.11.0