[Slackbuilds-users] Exim CVE-2016-1531

Sat Mar 5 21:59:30 UTC 2016

Dear Exim-users and SBo-admins,

A new version of Exim has been released, fixing a vulnerability that 
allows a local privilege escalation. While the Exim from SBo doesn't 
include the vulnerable feature and thus *should* not be affected, the 
download link in the .info file needs editing and an upgrade to the 
current Exim 4.86.2 seems desirable.

If you're still okay with Exim 4.86 you can find the archive at:

  ftp://ftp.exim.org/pub/exim/exim4/old/exim-4.86.tar.bz2

If you prefer to upgrade to Exim 4.86.2, simply replace exim.SlackBuild 
and exim.info with the attached files and build. Please note that the new 
version contains changes that might break your existing config. See...

  http://article.gmane.org/gmane.mail.exim.announce/168

...for more information.

-- 
-------------- next part --------------
#!/bin/sh

# Slackware build script for Exim

# Copyright 2012-2016 Thomas Morper, Augsburg, Germany
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=exim
VERSION=${VERSION:-4.86.2}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}

if [ -z "$ARCH" ]; then
  case "$( uname -m )" in
    i?86) ARCH=i486 ;;
    arm*) ARCH=arm ;;
       *) ARCH=$( uname -m ) ;;
  esac
fi

CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

if [ "$ARCH" = "i486" ]; then
  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
else
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
fi

set -e

# Check if the exim user and group exist. If not, then bail.
if [ "$(id -g exim 2> /dev/null)" != "222" -o "$(id -u exim 2> /dev/null)" != "222" ]; then
  echo "  You must have an 'exim' user and group to run this script."
  echo "    # groupadd -g 222 exim"
  echo "    # useradd -d /var/spool/exim -g exim -s /bin/false -u 222 exim"
  exit 1
fi

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2
cd $PRGNAM-$VERSION
chown -R root:root .
find -L . \
  \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
  -o -perm 511 \) -exec chmod 755 {} \; -o \
  \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;

# This is our custom config for an all-purpose Exim daemon.
# The SQL- and LDAP-lookups will not be built by default,
# but you can enable them easily by passing the directives
# on the command line when calling this script, e.g.
#
#   LOOKUP_LDAP=yes LOOKUP_SQLITE=yes \
#   LOOKUP_MYSQL=yes LOOKUP_PGSQL=yes \
#   sh exim.SlackBuild
#
cat $CWD/exim.Makefile > Local/Makefile

# Use a stock config for the Exim Monitor (not built by default).
cat exim_monitor/EDITME > Local/eximon.conf

# Use the Exim build system to set the architecture-specific CFLAGS.
# This requires "make" to run twice, in case you wonder. If you want
# to use your own CFLAGS in exim.Makefile, you should put a '#' in
# front of the next 3 lines.
echo "CFLAGS=$SLKCFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" > Local/Makefile-Linux
FULLECHO="" LIBDIRSUFFIX=$LIBDIRSUFFIX DESTDIR=$PKG make -e || true
FULLECHO="" LIBDIRSUFFIX=$LIBDIRSUFFIX DESTDIR=$PKG make -e makefile

# build & install
FULLECHO="" LIBDIRSUFFIX=$LIBDIRSUFFIX DESTDIR=$PKG make -e
FULLECHO="" LIBDIRSUFFIX=$LIBDIRSUFFIX DESTDIR=$PKG make -e install

find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

# Rename the version specific binary to simply 'exim'.
mv $PKG/usr/sbin/exim-$VERSION-* $PKG/usr/sbin/exim

# Additional symlinks provide compatibility with sendmail
mkdir -p $PKG/usr/lib     # no LIBDIRSUFFIX here!
( cd $PKG/usr/lib;  ln -s /usr/sbin/exim sendmail )
( cd $PKG/usr/sbin; ln -s /usr/sbin/exim sendmail )

# Install accompanying scripts and configs.
mkdir -p $PKG/etc/{cron.daily,logrotate.d,rc.d}
install -m 0755 $CWD/contrib/rc.exim.new    $PKG/etc/rc.d/rc.exim.new
install -m 0755 $CWD/contrib/exim.cron      $PKG/etc/cron.daily/exim.new
install -m 0644 $CWD/contrib/exim.logrotate $PKG/etc/logrotate.d/exim.new

# Prepare log- and spool-directories.
mkdir -p $PKG/var/log/exim
mkdir -p -m 0750 $PKG/var/spool/exim/
mkdir -p -m 0750 $PKG/var/spool/exim/{db,input,msglog}
chown -R exim.exim $PKG/var/{log,spool}/exim

mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a ABOUT ACKNOWLEDGMENTS CHANGES CONTRIBUTING LICENCE* NOTICE README* doc \
  $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild

# Don't use the default config - make it part of the documentation
mv $PKG/etc/exim/exim.conf $PKG/usr/doc/$PRGNAM-$VERSION/example-exim.conf
mv $PKG/etc/exim/aliases $PKG/usr/doc/$PRGNAM-$VERSION/example-aliases

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
-------------- next part --------------
PRGNAM="exim"
VERSION="4.86.2"
HOMEPAGE="http://www.exim.org/"
DOWNLOAD="ftp://ftp.exim.org/pub/exim/exim4/exim-4.86.2.tar.bz2"
MD5SUM="1443a4a88d6b78ad9b6a681c51437b55"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="%README%"
MAINTAINER="Thomas Morper"
EMAIL="thomas at beingboiled.info"