From owner-svn-ports-all@freebsd.org Wed Nov 25 12:36:07 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B5B846837D; Wed, 25 Nov 2020 12:36:07 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ch0jz13Dfz3F4Y; Wed, 25 Nov 2020 12:36:07 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 121F311984; Wed, 25 Nov 2020 12:36:07 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0APCa69W028053; Wed, 25 Nov 2020 12:36:06 GMT (envelope-from fluffy@FreeBSD.org) Received: (from fluffy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0APCa54i028046; Wed, 25 Nov 2020 12:36:05 GMT (envelope-from fluffy@FreeBSD.org) Message-Id: <202011251236.0APCa54i028046@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: fluffy set sender to fluffy@FreeBSD.org using -f From: Dima Panov Date: Wed, 25 Nov 2020 12:36:05 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r556289 - in head/mail/exim: . files X-SVN-Group: ports-head X-SVN-Commit-Author: fluffy X-SVN-Commit-Paths: in head/mail/exim: . files X-SVN-Commit-Revision: 556289 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2020 12:36:07 -0000 Author: fluffy Date: Wed Nov 25 12:36:05 2020 New Revision: 556289 URL: https://svnweb.freebsd.org/changeset/ports/556289 Log: mail/exim: import exim-4.94+fixes branch as state of 2020.11.25 Used git diffs: [38/42] GnuTLS: clear errno before any data i/o op, so error logging does not see stale values [39/42] Fix non-TLS build [40/42] eximon: fix FreeBSD build [41/42] LDAP: fix taint-check in server list walk. Bug 2646 [42/42] Pass authenticator pubname through spool. Bug 2648 Also patch files/150.exim-tidydb to prevent its output when daily_show_success=NO. [1] Submitted by: Dmitry Selivanov via email [1] MFH: 2020Q3 Added: head/mail/exim/files/patch-z0038-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-logging (contents, props changed) head/mail/exim/files/patch-z0039-Fix-non-TLS-build (contents, props changed) head/mail/exim/files/patch-z0040-eximon-fix-FreeBSD-build (contents, props changed) head/mail/exim/files/patch-z0041-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646 (contents, props changed) head/mail/exim/files/patch-z0042-Pass-authenticator-pubname-through-spool.-Bug-2648 (contents, props changed) Modified: head/mail/exim/Makefile head/mail/exim/files/150.exim-tidydb.sh Modified: head/mail/exim/Makefile ============================================================================== --- head/mail/exim/Makefile Wed Nov 25 12:34:09 2020 (r556288) +++ head/mail/exim/Makefile Wed Nov 25 12:36:05 2020 (r556289) @@ -3,7 +3,7 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION?= 3 +PORTREVISION?= 4 CATEGORIES= mail MASTER_SITES= EXIM:exim MASTER_SITE_SUBDIR= /exim4/:exim \ Modified: head/mail/exim/files/150.exim-tidydb.sh ============================================================================== --- head/mail/exim/files/150.exim-tidydb.sh Wed Nov 25 12:34:09 2020 (r556288) +++ head/mail/exim/files/150.exim-tidydb.sh Wed Nov 25 12:36:05 2020 (r556289) @@ -38,7 +38,12 @@ case "$exim_tidydb_enable" in echo "" echo "Tidying Exim hints databases:" eval tidy "$exim_tidydb_filter" - rc=1;; + if [ $? = 0 ]; then + rc=0 + else + rc=1 + fi + ;; *) rc=0;; esac Added: head/mail/exim/files/patch-z0038-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-logging ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/exim/files/patch-z0038-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-logging Wed Nov 25 12:36:05 2020 (r556289) @@ -0,0 +1,41 @@ +From 49d173f4e4c05bbc9e6f256f8914979dad85e9d3 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Sun, 6 Sep 2020 12:15:10 +0100 +Subject: [PATCH 38/42] GnuTLS: clear errno before any data i/o op, so error + logging does not see stale values + +(cherry picked from commit d52a8ce8499fbb88f4670623df9f52d3e790292b) +--- + src/tls-gnu.c | 3 +++ + +diff --git src/tls-gnu.c src/tls-gnu.c +index dafe1be0c..6ee603595 100644 +--- src/tls-gnu.c ++++ src/tls-gnu.c +@@ -3162,6 +3162,7 @@ DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, buf + sigalrm_seen = FALSE; + if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout); + ++errno = 0; + do + inbytes = gnutls_record_recv(state->session, state->xfer_buffer, + MIN(ssl_xfer_buffer_size, lim)); +@@ -3322,6 +3323,7 @@ DEBUG(D_tls) + debug_printf("Calling gnutls_record_recv(session=%p, buffer=%p, len=" SIZE_T_FMT ")\n", + state->session, buff, len); + ++errno = 0; + do + inbytes = gnutls_record_recv(state->session, buff, len); + while (inbytes == GNUTLS_E_AGAIN); +@@ -3385,6 +3387,7 @@ while (left > 0) + DEBUG(D_tls) debug_printf("gnutls_record_send(session=%p, buffer=%p, left=" SIZE_T_FMT ")\n", + state->session, buff, left); + ++ errno = 0; + do + outbytes = gnutls_record_send(state->session, buff, left); + while (outbytes == GNUTLS_E_AGAIN); +-- +2.29.2 + Added: head/mail/exim/files/patch-z0039-Fix-non-TLS-build ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/exim/files/patch-z0039-Fix-non-TLS-build Wed Nov 25 12:36:05 2020 (r556289) @@ -0,0 +1,83 @@ +From 7a534c812646a7a6f680827352d6209c6ff7be96 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Thu, 27 Aug 2020 21:15:19 +0100 +Subject: [PATCH 39/42] Fix non-TLS build + +(cherry picked from commit b38a477da0a5248ed1d2b7590922c89c6337ec3b) +--- + src/transports/smtp.c | 18 +++++++++--------- + +diff --git src/transports/smtp.c src/transports/smtp.c +index 77335af09..b0dedfa8c 100644 +--- src/transports/smtp.c ++++ src/transports/smtp.c +@@ -1989,7 +1989,7 @@ if (sx->smtps) + DEFER, FALSE, &sx->delivery_start); + return ERROR; + } +-#endif ++#else + + /* If we have a proxied TLS connection, check usability for this message */ + +@@ -1998,7 +1998,7 @@ if (continue_hostname && continue_proxy_cipher) + int rc; + const uschar * sni = US""; + +-#ifdef SUPPORT_DANE ++# ifdef SUPPORT_DANE + /* Check if the message will be DANE-verified; if so force its SNI */ + + tls_out.dane_verified = FALSE; +@@ -2018,14 +2018,14 @@ if (continue_hostname && continue_proxy_cipher) + string_sprintf("DANE error: tlsa lookup %s", + rc_to_string(rc)), + rc, FALSE, &sx->delivery_start); +-# ifndef DISABLE_EVENT ++# ifndef DISABLE_EVENT + (void) event_raise(sx->conn_args.tblock->event_action, + US"dane:fail", sx->dane_required + ? US"dane-required" : US"dnssec-invalid"); +-# endif ++# endif + return rc; + } +-#endif ++# endif + + /* If the SNI or the DANE status required for the new message differs from the + existing conn drop the connection to force a new one. */ +@@ -2035,7 +2035,7 @@ if (continue_hostname && continue_proxy_cipher) + "<%s>: failed to expand transport's tls_sni value: %s", + sx->addrlist->address, expand_string_message); + +-#ifdef SUPPORT_DANE ++# ifdef SUPPORT_DANE + if ( (continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni) + && continue_proxy_dane == sx->conn_args.dane) + { +@@ -2043,10 +2043,10 @@ if (continue_hostname && continue_proxy_cipher) + if ((tls_out.dane_verified = continue_proxy_dane)) + sx->conn_args.host->dnssec = DS_YES; + } +-#else ++# else + if ((continue_proxy_sni ? (Ustrcmp(continue_proxy_sni, sni) == 0) : !*sni)) + tls_out.sni = US sni; +-#endif ++# endif + else + { + DEBUG(D_transport) +@@ -2062,7 +2062,7 @@ if (continue_hostname && continue_proxy_cipher) + back through reporting pipe. */ + } + } +- ++#endif /*!DISABLE_TLS*/ + + /* Make a connection to the host if this isn't a continued delivery, and handle + the initial interaction and HELO/EHLO/LHLO. Connect timeout errors are handled +-- +2.29.2 + Added: head/mail/exim/files/patch-z0040-eximon-fix-FreeBSD-build ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/exim/files/patch-z0040-eximon-fix-FreeBSD-build Wed Nov 25 12:36:05 2020 (r556289) @@ -0,0 +1,25 @@ +From f521f0d2120be2ccfb93306cc05790b9b0f162c1 Mon Sep 17 00:00:00 2001 +From: Richard Clayton +Date: Sat, 12 Sep 2020 22:10:04 +0100 +Subject: [PATCH 40/42] eximon: fix FreeBSD build + +(cherry picked from commit ba00bdd4609501dd3ffe187074ff7f8197a9059f) +--- + exim_monitor/em_menu.c | 2 +- + +diff --git exim_monitor/em_menu.c exim_monitor/em_menu.c +index 33b3e0c94..2a70a1831 100644 +--- exim_monitor/em_menu.c ++++ exim_monitor/em_menu.c +@@ -670,7 +670,7 @@ if (spool_read_header(buffer, TRUE, FALSE) != spool_read_OK) + sprintf(CS big_buffer, "%s/input/%s", spool_directory, buffer); + if (Ustat(big_buffer, &statbuf) == 0) + text_showf(text, "Format error in spool file %s: size=%lu\n", buffer, +- (ulong)statbuf.st_size); ++ (unsigned long)statbuf.st_size); + else text_showf(text, "Format error in spool file %s\n", buffer); + } + else text_showf(text, "Read error for spool file %s\n", buffer); +-- +2.29.2 + Added: head/mail/exim/files/patch-z0041-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/exim/files/patch-z0041-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646 Wed Nov 25 12:36:05 2020 (r556289) @@ -0,0 +1,51 @@ +From e12d2e7bc2e9f0c30a1029602e57e5ae8df1b9db Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Fri, 30 Oct 2020 13:58:01 +0000 +Subject: [PATCH 41/42] LDAP: fix taint-check in server list walk. Bug + 2646 + + (cherry picked from commit 51b611aa81d7ee01243b196abc34a0e2eabd293c) +--- + doc/ChangeLog | 5 +++++ + src/lookups/ldap.c | 3 +-- + +diff --git doc/ChangeLog doc/ChangeLog +index ec1b03304..9924fca5c 100644 +--- doc/ChangeLog ++++ doc/ChangeLog +@@ -102,6 +102,11 @@ JH/22 Bug 2265: Force SNI usage for smtp transport DANE'd connections, to be + JH/23 Logging: with the +tls_sni log_selector, do not wrap the received SNI + in quotes. + ++JH/26 Bug 2646: fix a memory usage issue in ldap lookups. Previously, when more ++ than one server was defined and depending on the platform memory layout ++ details, an internal consistency trap could be hit while walking the list ++ of servers. ++ + + Exim version 4.94 + ----------------- +diff --git src/lookups/ldap.c src/lookups/ldap.c +index ef550a08d..34908a351 100644 +--- src/lookups/ldap.c ++++ src/lookups/ldap.c +@@ -1093,7 +1093,6 @@ uschar *password = NULL; + uschar *local_servers = NULL; + uschar *server; + const uschar *list; +-uschar buffer[512]; + + while (isspace(*url)) url++; + +@@ -1254,7 +1253,7 @@ if (!eldap_default_servers && !local_servers || p[3] != '/') + /* Loop through the default servers until OK or FAIL. Use local_servers list + * if defined in the lookup, otherwise use the global default list */ + list = !local_servers ? eldap_default_servers : local_servers; +-while ((server = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))) ++while ((server = string_nextinlist(&list, &sep, NULL, 0))) + { + int rc; + int port = 0; +-- +2.29.2 + Added: head/mail/exim/files/patch-z0042-Pass-authenticator-pubname-through-spool.-Bug-2648 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/mail/exim/files/patch-z0042-Pass-authenticator-pubname-through-spool.-Bug-2648 Wed Nov 25 12:36:05 2020 (r556289) @@ -0,0 +1,107 @@ +From a3ab48f23ee4a83f796440ef67d7ac7b43aad4b5 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Sat, 31 Oct 2020 23:58:11 +0000 +Subject: [PATCH 42/42] Pass authenticator pubname through spool. Bug 2648 + +(cherry picked from commit a75ebe0dcc5faeb915cacb0d9db66d2475789116) +--- + doc/ChangeLog | 4 ++++ + exim_monitor/em_globals.c | 1 + + src/smtp_in.c | 12 +++++++----- + src/spool_in.c | 4 +++- + src/spool_out.c | 6 ++++-- + +diff --git doc/ChangeLog doc/ChangeLog +index 9924fca5c..4759e018e 100644 +--- doc/ChangeLog ++++ doc/ChangeLog +@@ -107,6 +107,10 @@ JH/26 Bug 2646: fix a memory usage issue in ldap lookups. Previously, when more + details, an internal consistency trap could be hit while walking the list + of servers. + ++JH/27 Bug 2648: fix the passing of an authenticator public-name through spool ++ files. The value is used by the authresults expansion item. Previously ++ if this was used in a router or transport, a crash could result. ++ + + Exim version 4.94 + ----------------- +diff --git exim_monitor/em_globals.c exim_monitor/em_globals.c +index 925e88e05..30d22b5eb 100644 +--- exim_monitor/em_globals.c ++++ exim_monitor/em_globals.c +@@ -205,6 +205,7 @@ uschar *sender_address = NULL; + uschar *sender_fullhost = NULL; + uschar *sender_helo_name = NULL; + uschar *sender_host_address = NULL; ++uschar *sender_host_auth_pubname = NULL; + uschar *sender_host_authenticated = NULL; + uschar *sender_host_name = NULL; + int sender_host_port = 0; +diff --git src/smtp_in.c src/smtp_in.c +index a13f0ed63..f53c3cf65 100644 +--- src/smtp_in.c ++++ src/smtp_in.c +@@ -5935,12 +5935,14 @@ if (!sender_host_authenticated) + + g = string_append(g, 2, US";\n\tauth=pass (", sender_host_auth_pubname); + +-if (Ustrcmp(sender_host_auth_pubname, "tls") != 0) +- g = string_append(g, 2, US") smtp.auth=", authenticated_id); +-else if (authenticated_id) +- g = string_append(g, 2, US") x509.auth=", authenticated_id); ++if (Ustrcmp(sender_host_auth_pubname, "tls") == 0) ++ g = authenticated_id ++ ? string_append(g, 2, US") x509.auth=", authenticated_id) ++ : string_cat(g, US") reason=x509.auth"); + else +- g = string_catn(g, US") reason=x509.auth", 17); ++ g = authenticated_id ++ ? string_append(g, 2, US") smtp.auth=", authenticated_id) ++ : string_cat(g, US", no id saved)"); + + if (authenticated_sender) + g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender); +diff --git src/spool_in.c src/spool_in.c +index 1b4cefdb2..35e44df26 100644 +--- src/spool_in.c ++++ src/spool_in.c +@@ -253,7 +253,7 @@ sender_helo_name = NULL; + sender_host_address = NULL; + sender_host_name = NULL; + sender_host_port = 0; +-sender_host_authenticated = NULL; ++sender_host_authenticated = sender_host_auth_pubname = NULL; + sender_ident = NULL; + f.sender_local = FALSE; + f.sender_set_untrusted = FALSE; +@@ -580,6 +580,8 @@ for (;;) + host_lookup_deferred = TRUE; + else if (Ustrcmp(p, "ost_lookup_failed") == 0) + host_lookup_failed = TRUE; ++ else if (Ustrncmp(p, "ost_auth_pubname", 16) == 0) ++ sender_host_auth_pubname = string_copy_taint(var + 18, tainted); + else if (Ustrncmp(p, "ost_auth", 8) == 0) + sender_host_authenticated = string_copy_taint(var + 10, tainted); + else if (Ustrncmp(p, "ost_name", 8) == 0) +diff --git src/spool_out.c src/spool_out.c +index 4b6539ecd..0851ce956 100644 +--- src/spool_out.c ++++ src/spool_out.c +@@ -174,9 +174,11 @@ if (sender_host_address) + fprintf(fp, "-host_address %s.%d\n", sender_host_address, sender_host_port); + if (sender_host_name) + spool_var_write(fp, US"host_name", sender_host_name); +- if (sender_host_authenticated) +- spool_var_write(fp, US"host_auth", sender_host_authenticated); + } ++if (sender_host_authenticated) ++ spool_var_write(fp, US"host_auth", sender_host_authenticated); ++if (sender_host_auth_pubname) ++ spool_var_write(fp, US"host_auth_pubname", sender_host_auth_pubname); + + /* Also about the interface a message came in on */ + +-- +2.29.2 +