MFH: r556289
mail/exim: import exim-4.94+fixes branch as state of 2020.11.25 Used git diffs: [38/42] GnuTLS: clear errno before any data i/o op, so error logging does not see stale values [39/42] Fix non-TLS build [40/42] eximon: fix FreeBSD build [41/42] LDAP: fix taint-check in server list walk. Bug 2646 [42/42] Pass authenticator pubname through spool. Bug 2648 Also patch files/150.exim-tidydb to prevent its output when daily_show_success=NO. [1] Submitted by: Dmitry Selivanov <sd@rlan.ru> via email [1] Approved by: ports-secteam (with hat on)
This commit is contained in:
parent
1eccc841ac
commit
a2162f9837
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2020Q4/; revision=556290
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= exim
|
||||
PORTVERSION?= ${EXIM_VERSION}
|
||||
PORTREVISION?= 2
|
||||
PORTREVISION?= 3
|
||||
CATEGORIES= mail
|
||||
MASTER_SITES= EXIM:exim
|
||||
MASTER_SITE_SUBDIR= /exim4/:exim \
|
||||
|
@ -38,7 +38,12 @@ case "$exim_tidydb_enable" in
|
||||
echo ""
|
||||
echo "Tidying Exim hints databases:"
|
||||
eval tidy "$exim_tidydb_filter"
|
||||
rc=1;;
|
||||
if [ $? = 0 ]; then
|
||||
rc=0
|
||||
else
|
||||
rc=1
|
||||
fi
|
||||
;;
|
||||
|
||||
*) rc=0;;
|
||||
esac
|
||||
|
@ -0,0 +1,41 @@
|
||||
From 49d173f4e4c05bbc9e6f256f8914979dad85e9d3 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Harris <jgh146exb@wizmail.org>
|
||||
Date: Sun, 6 Sep 2020 12:15:10 +0100
|
||||
Subject: [PATCH 38/42] GnuTLS: clear errno before any data i/o op, so error
|
||||
logging does not see stale values
|
||||
|
||||
(cherry picked from commit d52a8ce8499fbb88f4670623df9f52d3e790292b)
|
||||
---
|
||||
src/tls-gnu.c | 3 +++
|
||||
|
||||
diff --git src/tls-gnu.c src/tls-gnu.c
|
||||
index dafe1be0c..6ee603595 100644
|
||||
--- src/tls-gnu.c
|
||||
+++ src/tls-gnu.c
|
||||
@@ -3162,6 +3162,7 @@ DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, buf
|
||||
sigalrm_seen = FALSE;
|
||||
if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout);
|
||||
|
||||
+errno = 0;
|
||||
do
|
||||
inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
|
||||
MIN(ssl_xfer_buffer_size, lim));
|
||||
@@ -3322,6 +3323,7 @@ DEBUG(D_tls)
|
||||
debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, len=" SIZE_T_FMT ")\n",
|
||||
state->session, buff, len);
|
||||
|
||||
+errno = 0;
|
||||
do
|
||||
inbytes = gnutls_record_recv(state->session, buff, len);
|
||||
while (inbytes == GNUTLS_E_AGAIN);
|
||||
@@ -3385,6 +3387,7 @@ while (left > 0)
|
||||
DEBUG(D_tls) debug_printf("gnutls_record_send(session=%p, buffer=%p, left=" SIZE_T_FMT ")\n",
|
||||
state->session, buff, left);
|
||||
|
||||
+ errno = 0;
|
||||
do
|
||||
outbytes = gnutls_record_send(state->session, buff, left);
|
||||
while (outbytes == GNUTLS_E_AGAIN);
|
||||
--
|
||||
2.29.2
|
||||
|
83
mail/exim/files/patch-z0039-Fix-non-TLS-build
Normal file
83
mail/exim/files/patch-z0039-Fix-non-TLS-build
Normal file
@ -0,0 +1,83 @@
|
||||
From 7a534c812646a7a6f680827352d6209c6ff7be96 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Harris <jgh146exb@wizmail.org>
|
||||
Date: Thu, 27 Aug 2020 21:15:19 +0100
|
||||
Subject: [PATCH 39/42] Fix non-TLS build
|
||||
|
||||
(cherry picked from commit b38a477da0a5248ed1d2b7590922c89c6337ec3b)
|
||||
---
|
||||
src/transports/smtp.c | 18 +++++++++---------
|
||||
|
||||
diff --git src/transports/smtp.c src/transports/smtp.c
|
||||
index 77335af09..b0dedfa8c 100644
|
||||
--- src/transports/smtp.c
|
||||
+++ src/transports/smtp.c
|
||||
@@ -1989,7 +1989,7 @@ if (sx->smtps)
|
||||
DEFER, FALSE, &sx->delivery_start);
|
||||
return ERROR;
|
||||
}
|
||||
-#endif
|
||||
+#else
|
||||
|
||||
/* If we have a proxied TLS connection, check usability for this message */
|
||||
|
||||
@@ -1998,7 +1998,7 @@ if (continue_hostname && continue_proxy_cipher)
|
||||
int rc;
|
||||
const uschar * sni = US"";
|
||||
|
||||
-#ifdef SUPPORT_DANE
|
||||
+# ifdef SUPPORT_DANE
|
||||
/* Check if the message will be DANE-verified; if so force its SNI */
|
||||
|
||||
tls_out.dane_verified = FALSE;
|
||||
@@ -2018,14 +2018,14 @@ if (continue_hostname && continue_proxy_cipher)
|
||||
string_sprintf("DANE error: tlsa lookup %s",
|
||||
rc_to_string(rc)),
|
||||
rc, FALSE, &sx->delivery_start);
|
||||
-# ifndef DISABLE_EVENT
|
||||
+# ifndef DISABLE_EVENT
|
||||
(void) event_raise(sx->conn_args.tblock->event_action,
|
||||
US"dane:fail", sx->dane_required
|
||||
? US"dane-required" : US"dnssec-invalid");
|
||||
-# endif
|
||||
+# endif
|
||||
return rc;
|
||||
}
|
||||
-#endif
|
||||
+# endif
|
||||
|
||||
/* If the SNI or the DANE status required for the new message differs from the
|
||||
existing conn drop the connection to force a new one. */
|
||||
@@ -2035,7 +2035,7 @@ if (continue_hostname && continue_proxy_cipher)
|
||||
"<%s>: failed to expand transport's tls_sni value: %s",
|
||||
sx->addrlist->address, expand_string_message);
|
||||
|
||||
-#ifdef SUPPORT_DANE
|
||||
+# ifdef SUPPORT_DANE
|
||||
if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)
|
||||
&& continue_proxy_dane == sx->conn_args.dane)
|
||||
{
|
||||
@@ -2043,10 +2043,10 @@ if (continue_hostname && continue_proxy_cipher)
|
||||
if ((tls_out.dane_verified = continue_proxy_dane))
|
||||
sx->conn_args.host->dnssec = DS_YES;
|
||||
}
|
||||
-#else
|
||||
+# else
|
||||
if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni))
|
||||
tls_out.sni = US sni;
|
||||
-#endif
|
||||
+# endif
|
||||
else
|
||||
{
|
||||
DEBUG(D_transport)
|
||||
@@ -2062,7 +2062,7 @@ if (continue_hostname && continue_proxy_cipher)
|
||||
back through reporting pipe. */
|
||||
}
|
||||
}
|
||||
-
|
||||
+#endif /*!DISABLE_TLS*/
|
||||
|
||||
/* Make a connection to the host if this isn't a continued delivery, and handle
|
||||
the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled
|
||||
--
|
||||
2.29.2
|
||||
|
25
mail/exim/files/patch-z0040-eximon-fix-FreeBSD-build
Normal file
25
mail/exim/files/patch-z0040-eximon-fix-FreeBSD-build
Normal file
@ -0,0 +1,25 @@
|
||||
From f521f0d2120be2ccfb93306cc05790b9b0f162c1 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Clayton <richard@highwayman.com>
|
||||
Date: Sat, 12 Sep 2020 22:10:04 +0100
|
||||
Subject: [PATCH 40/42] eximon: fix FreeBSD build
|
||||
|
||||
(cherry picked from commit ba00bdd4609501dd3ffe187074ff7f8197a9059f)
|
||||
---
|
||||
exim_monitor/em_menu.c | 2 +-
|
||||
|
||||
diff --git exim_monitor/em_menu.c exim_monitor/em_menu.c
|
||||
index 33b3e0c94..2a70a1831 100644
|
||||
--- exim_monitor/em_menu.c
|
||||
+++ exim_monitor/em_menu.c
|
||||
@@ -670,7 +670,7 @@ if (spool_read_header(buffer, TRUE, FALSE) != spool_read_OK)
|
||||
sprintf(CS big_buffer, "%s/input/%s", spool_directory, buffer);
|
||||
if (Ustat(big_buffer, &statbuf) == 0)
|
||||
text_showf(text, "Format error in spool file %s: size=%lu\n", buffer,
|
||||
- (ulong)statbuf.st_size);
|
||||
+ (unsigned long)statbuf.st_size);
|
||||
else text_showf(text, "Format error in spool file %s\n", buffer);
|
||||
}
|
||||
else text_showf(text, "Read error for spool file %s\n", buffer);
|
||||
--
|
||||
2.29.2
|
||||
|
@ -0,0 +1,51 @@
|
||||
From e12d2e7bc2e9f0c30a1029602e57e5ae8df1b9db Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Harris <jgh146exb@wizmail.org>
|
||||
Date: Fri, 30 Oct 2020 13:58:01 +0000
|
||||
Subject: [PATCH 41/42] LDAP: fix taint-check in server list walk. Bug
|
||||
2646
|
||||
|
||||
(cherry picked from commit 51b611aa81d7ee01243b196abc34a0e2eabd293c)
|
||||
---
|
||||
doc/ChangeLog | 5 +++++
|
||||
src/lookups/ldap.c | 3 +--
|
||||
|
||||
diff --git doc/ChangeLog doc/ChangeLog
|
||||
index ec1b03304..9924fca5c 100644
|
||||
--- doc/ChangeLog
|
||||
+++ doc/ChangeLog
|
||||
@@ -102,6 +102,11 @@ JH/22 Bug 2265: Force SNI usage for smtp transport DANE'd connections, to be
|
||||
JH/23 Logging: with the +tls_sni log_selector, do not wrap the received SNI
|
||||
in quotes.
|
||||
|
||||
+JH/26 Bug 2646: fix a memory usage issue in ldap lookups. Previously, when more
|
||||
+ than one server was defined and depending on the platform memory layout
|
||||
+ details, an internal consistency trap could be hit while walking the list
|
||||
+ of servers.
|
||||
+
|
||||
|
||||
Exim version 4.94
|
||||
-----------------
|
||||
diff --git src/lookups/ldap.c src/lookups/ldap.c
|
||||
index ef550a08d..34908a351 100644
|
||||
--- src/lookups/ldap.c
|
||||
+++ src/lookups/ldap.c
|
||||
@@ -1093,7 +1093,6 @@ uschar *password = NULL;
|
||||
uschar *local_servers = NULL;
|
||||
uschar *server;
|
||||
const uschar *list;
|
||||
-uschar buffer[512];
|
||||
|
||||
while (isspace(*url)) url++;
|
||||
|
||||
@@ -1254,7 +1253,7 @@ if (!eldap_default_servers && !local_servers || p[3] != '/')
|
||||
/* Loop through the default servers until OK or FAIL. Use local_servers list
|
||||
* if defined in the lookup, otherwise use the global default list */
|
||||
list = !local_servers ? eldap_default_servers : local_servers;
|
||||
-while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
|
||||
+while ((server = string_nextinlist(&list, &sep, NULL, 0)))
|
||||
{
|
||||
int rc;
|
||||
int port = 0;
|
||||
--
|
||||
2.29.2
|
||||
|
@ -0,0 +1,107 @@
|
||||
From a3ab48f23ee4a83f796440ef67d7ac7b43aad4b5 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Harris <jgh146exb@wizmail.org>
|
||||
Date: Sat, 31 Oct 2020 23:58:11 +0000
|
||||
Subject: [PATCH 42/42] Pass authenticator pubname through spool. Bug 2648
|
||||
|
||||
(cherry picked from commit a75ebe0dcc5faeb915cacb0d9db66d2475789116)
|
||||
---
|
||||
doc/ChangeLog | 4 ++++
|
||||
exim_monitor/em_globals.c | 1 +
|
||||
src/smtp_in.c | 12 +++++++-----
|
||||
src/spool_in.c | 4 +++-
|
||||
src/spool_out.c | 6 ++++--
|
||||
|
||||
diff --git doc/ChangeLog doc/ChangeLog
|
||||
index 9924fca5c..4759e018e 100644
|
||||
--- doc/ChangeLog
|
||||
+++ doc/ChangeLog
|
||||
@@ -107,6 +107,10 @@ JH/26 Bug 2646: fix a memory usage issue in ldap lookups. Previously, when more
|
||||
details, an internal consistency trap could be hit while walking the list
|
||||
of servers.
|
||||
|
||||
+JH/27 Bug 2648: fix the passing of an authenticator public-name through spool
|
||||
+ files. The value is used by the authresults expansion item. Previously
|
||||
+ if this was used in a router or transport, a crash could result.
|
||||
+
|
||||
|
||||
Exim version 4.94
|
||||
-----------------
|
||||
diff --git exim_monitor/em_globals.c exim_monitor/em_globals.c
|
||||
index 925e88e05..30d22b5eb 100644
|
||||
--- exim_monitor/em_globals.c
|
||||
+++ exim_monitor/em_globals.c
|
||||
@@ -205,6 +205,7 @@ uschar *sender_address = NULL;
|
||||
uschar *sender_fullhost = NULL;
|
||||
uschar *sender_helo_name = NULL;
|
||||
uschar *sender_host_address = NULL;
|
||||
+uschar *sender_host_auth_pubname = NULL;
|
||||
uschar *sender_host_authenticated = NULL;
|
||||
uschar *sender_host_name = NULL;
|
||||
int sender_host_port = 0;
|
||||
diff --git src/smtp_in.c src/smtp_in.c
|
||||
index a13f0ed63..f53c3cf65 100644
|
||||
--- src/smtp_in.c
|
||||
+++ src/smtp_in.c
|
||||
@@ -5935,12 +5935,14 @@ if (!sender_host_authenticated)
|
||||
|
||||
g = string_append(g, 2, US";\n\tauth=pass (", sender_host_auth_pubname);
|
||||
|
||||
-if (Ustrcmp(sender_host_auth_pubname, "tls") != 0)
|
||||
- g = string_append(g, 2, US") smtp.auth=", authenticated_id);
|
||||
-else if (authenticated_id)
|
||||
- g = string_append(g, 2, US") x509.auth=", authenticated_id);
|
||||
+if (Ustrcmp(sender_host_auth_pubname, "tls") == 0)
|
||||
+ g = authenticated_id
|
||||
+ ? string_append(g, 2, US") x509.auth=", authenticated_id)
|
||||
+ : string_cat(g, US") reason=x509.auth");
|
||||
else
|
||||
- g = string_catn(g, US") reason=x509.auth", 17);
|
||||
+ g = authenticated_id
|
||||
+ ? string_append(g, 2, US") smtp.auth=", authenticated_id)
|
||||
+ : string_cat(g, US", no id saved)");
|
||||
|
||||
if (authenticated_sender)
|
||||
g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender);
|
||||
diff --git src/spool_in.c src/spool_in.c
|
||||
index 1b4cefdb2..35e44df26 100644
|
||||
--- src/spool_in.c
|
||||
+++ src/spool_in.c
|
||||
@@ -253,7 +253,7 @@ sender_helo_name = NULL;
|
||||
sender_host_address = NULL;
|
||||
sender_host_name = NULL;
|
||||
sender_host_port = 0;
|
||||
-sender_host_authenticated = NULL;
|
||||
+sender_host_authenticated = sender_host_auth_pubname = NULL;
|
||||
sender_ident = NULL;
|
||||
f.sender_local = FALSE;
|
||||
f.sender_set_untrusted = FALSE;
|
||||
@@ -580,6 +580,8 @@ for (;;)
|
||||
host_lookup_deferred = TRUE;
|
||||
else if (Ustrcmp(p, "ost_lookup_failed") == 0)
|
||||
host_lookup_failed = TRUE;
|
||||
+ else if (Ustrncmp(p, "ost_auth_pubname", 16) == 0)
|
||||
+ sender_host_auth_pubname = string_copy_taint(var + 18, tainted);
|
||||
else if (Ustrncmp(p, "ost_auth", 8) == 0)
|
||||
sender_host_authenticated = string_copy_taint(var + 10, tainted);
|
||||
else if (Ustrncmp(p, "ost_name", 8) == 0)
|
||||
diff --git src/spool_out.c src/spool_out.c
|
||||
index 4b6539ecd..0851ce956 100644
|
||||
--- src/spool_out.c
|
||||
+++ src/spool_out.c
|
||||
@@ -174,9 +174,11 @@ if (sender_host_address)
|
||||
fprintf(fp, "-host_address %s.%d\n", sender_host_address, sender_host_port);
|
||||
if (sender_host_name)
|
||||
spool_var_write(fp, US"host_name", sender_host_name);
|
||||
- if (sender_host_authenticated)
|
||||
- spool_var_write(fp, US"host_auth", sender_host_authenticated);
|
||||
}
|
||||
+if (sender_host_authenticated)
|
||||
+ spool_var_write(fp, US"host_auth", sender_host_authenticated);
|
||||
+if (sender_host_auth_pubname)
|
||||
+ spool_var_write(fp, US"host_auth_pubname", sender_host_auth_pubname);
|
||||
|
||||
/* Also about the interface a message came in on */
|
||||
|
||||
--
|
||||
2.29.2
|
||||
|
Loading…
Reference in New Issue
Block a user