Bug#949034: exim4-heavy: GSSAPI auth broken since buster

Sebastian Langenhorst sebastian.langenhorst at uni-paderborn.de
Thu Jan 16 10:07:08 GMT 2020 

Package: exim4-daemon-heavy
Version: 4.92-8+deb10u3.1
Severity: important
File: exim4-heavy
Tags: patch upstream

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
     gssapi support is broken since somewhere after stretch due to a
     buffer-resizing error
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
     Applyed upstream patch
     https://bugs.exim.org/show_bug.cgi?id=2501
   * What was the outcome of this action?
     GSSAPI works again
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- Package-specific info:
Exim version 4.92 #3 built 15-Jan-2020 15:20:39
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC Event OCSP PRDR PROXY SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /etc/exim4/exim4.conf

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4-daemon-heavy depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  exim4-base             4.92-8+deb10u3.1
ii  libc6                  2.28-10
ii  libdb5.3               5.3.28+dfsg1-0.5
ii  libgnutls-dane0        3.6.7-4
ii  libgnutls30            3.6.7-4
ii  libldap-2.4-2          2.4.47+dfsg-3+deb10u1
ii  libmariadb3            1:10.3.18-0+deb10u1
ii  libpam0g               1.3.1-5
ii  libpcre3               2:8.39-12
ii  libperl5.28            5.28.1-6
ii  libpq5                 11.5-1+deb10u1
ii  libsasl2-2             2.1.27+dfsg-1+deb10u1
ii  libsqlite3-0           3.27.2-3

exim4-daemon-heavy recommends no packages.

exim4-daemon-heavy suggests no packages.

-- debconf information excluded
-------------- next part --------------
diff -Nru exim4-4.92/debian/changelog exim4-4.92/debian/changelog
--- exim4-4.92/debian/changelog	2019-09-27 18:09:35.000000000 +0200
+++ exim4-4.92/debian/changelog	2020-01-15 16:20:39.000000000 +0100
@@ -1,3 +1,10 @@
+exim4 (4.92-8+deb10u3.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * GSSAPI FIX - https://bugs.exim.org/show_bug.cgi?id=2501
+
+ -- Sebastian Langenhorst <schlupp at mail.uni-paderborn.de>  Wed, 15 Jan 2020 16:20:39 +0100
+
 exim4 (4.92-8+deb10u3) buster-security; urgency=high
 
   * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch:
diff -Nru exim4-4.92/debian/patches/98-gssapi.patch exim4-4.92/debian/patches/98-gssapi.patch
--- exim4-4.92/debian/patches/98-gssapi.patch	1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.92/debian/patches/98-gssapi.patch	2020-01-15 16:20:39.000000000 +0100
@@ -0,0 +1,84 @@
+Index: exim4-4.92/doc/ChangeLog
+===================================================================
+--- exim4-4.92.orig/doc/ChangeLog
++++ exim4-4.92/doc/ChangeLog
+@@ -9,6 +9,11 @@ Exim version 4.92.2
+ 
+ HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
+ 
++JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
++      adjusted the size of a major service buffer; this failed because the
++      buffer was in use at the time.  Change to a compile-time increase in the
++      buffer size, when this authenticator is compiled into exim.
++
+ 
+ Since version 4.92
+ ------------------
+Index: exim4-4.92/src/auths/heimdal_gssapi.c
+===================================================================
+--- exim4-4.92.orig/src/auths/heimdal_gssapi.c
++++ exim4-4.92/src/auths/heimdal_gssapi.c
+@@ -190,15 +190,6 @@ auth_heimdal_gssapi_init(auth_instance *
+ 
+   krb5_free_context(context);
+ 
+-  /* RFC 4121 section 5.2, SHOULD support 64K input buffers */
+-  if (big_buffer_size < (64 * 1024)) {
+-    uschar *newbuf;
+-    big_buffer_size = 64 * 1024;
+-    newbuf = store_malloc(big_buffer_size);
+-    store_free(big_buffer);
+-    big_buffer = newbuf;
+-  }
+-
+   ablock->server = TRUE;
+ }
+ 
+Index: exim4-4.92/src/macros.h
+===================================================================
+--- exim4-4.92.orig/src/macros.h
++++ exim4-4.92/src/macros.h
+@@ -159,12 +159,19 @@ enough to hold all the headers from a no
+ into big_buffer_size and in some circumstances increased. It should be at least
+ as long as the maximum path length. */
+ 
+-#if defined PATH_MAX && PATH_MAX > 16384
++#ifdef AUTH_HEIMDAL_GSSAPI
++		/* RFC 4121 section 5.2, SHOULD support 64K input buffers */
++# define __BIG_BUFFER_SIZE 65536
++#else
++# define __BIG_BUFFER_SIZE 16384
++#endif
++
++#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE
+ # define BIG_BUFFER_SIZE PATH_MAX
+-#elif defined MAXPATHLEN && MAXPATHLEN > 16384
++#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE
+ # define BIG_BUFFER_SIZE MAXPATHLEN
+ #else
+-# define BIG_BUFFER_SIZE 16384
++# define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE
+ #endif
+ 
+ /* header size of pipe content
+Index: exim4-4.92/src/readconf.c
+===================================================================
+--- exim4-4.92.orig/src/readconf.c
++++ exim4-4.92/src/readconf.c
+@@ -3755,7 +3755,7 @@ driver_instance **p = anchor;
+ driver_instance *d = NULL;
+ uschar *buffer;
+ 
+-while ((buffer = get_config_line()) != NULL)
++while ((buffer = get_config_line()))
+   {
+   uschar name[64];
+   uschar *s;
+@@ -3776,6 +3776,7 @@ while ((buffer = get_config_line()) != N
+       if (!d->driver_name)
+         log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
+           "no driver defined for %s \"%s\"", class, d->name);
++      /* s is using big_buffer, so this call had better not */
+       (d->info->init)(d);
+       d = NULL;
+       }
diff -Nru exim4-4.92/debian/patches/series exim4-4.92/debian/patches/series
--- exim4-4.92/debian/patches/series	2019-09-27 18:09:04.000000000 +0200
+++ exim4-4.92/debian/patches/series	2020-01-15 16:20:39.000000000 +0100
@@ -25,3 +25,4 @@
 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch
 90_localscan_dlopen.dpatch
+98-gssapi.patch

More information about the Pkg-exim4-maintainers mailing list