Date: Wed, 8 Nov 2023 15:15:43 GMT From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 0c138bb78cfa - main - mail/exim: update 4.96.2 -> 4.97 Message-ID: <202311081515.3A8FFhP4025544@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by pi: URL: https://cgit.FreeBSD.org/ports/commit/?id=0c138bb78cfaf00bc66ca21a645b471460c0609f commit 0c138bb78cfaf00bc66ca21a645b471460c0609f Author: Kurt Jaeger <pi@FreeBSD.org> AuthorDate: 2023-11-08 15:10:54 +0000 Commit: Kurt Jaeger <pi@FreeBSD.org> CommitDate: 2023-11-08 15:10:54 +0000 mail/exim: update 4.96.2 -> 4.97 Notable changes: - The internal (but exposed in logs, Received: headers and Message-ID: headers) identifier used for messages is longer than in the previous release PR: 274909 Changes: https://lists.exim.org/lurker/message/20231104.135832.37148bbd.en.html Reported-by: doctor@doctor.nl2k.ab.ca Approved-by: fluffy (maintainer) Reviewed-by: Igor Zabelin <igorz@yandex.ru> --- mail/exim/Makefile | 34 +-- mail/exim/distinfo | 6 +- ...-attempt-to-rewrite-a-malformed-address.-.patch | 39 ---- ...-SPF-fix-memory-accounting-for-error-case.patch | 25 --- ...5_08-Fix-regex-n-use-after-free.-Bug-2915.patch | 167 --------------- .../75_09-Fix-non-WITH_CONTENT_SCAN-build.patch | 58 ------ .../75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch | 135 ------------ .../75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch | 45 ---- ...ix-for-clients-offering-no-TLS-extensions.patch | 96 --------- ...-Build-with-libopendmarc-1.4.x-fixes-2728.patch | 71 ------- ...RC-fix-use-after-free-in-dmarc_dns_lookup.patch | 39 ---- .../75_22-Fix-daemon-startup.-Bug-2930.patch | 50 ----- ..._23-Fix-reccipients-after-run.-.-Bug-2929.patch | 28 --- ...substring-capture-variables-for-null-matc.patch | 60 ------ ...ubstring-capture-variables-for-null-match.patch | 94 --------- ...ex-substring-capture-commentary.-Bug-2933.patch | 48 ----- ...n-preloading-creds-do-the-server-certs-be.patch | 232 --------------------- ...-double-expansion-of-tls_verify_certifica.patch | 217 ------------------- .../75_50-Fix-logging-of-max-size-log-line.patch | 63 ------ ...ion-on-dns_again_means_nonexist.-Bug-2911.patch | 54 ----- ...r-smtp-socket-explicitly-on-connect-ACL-d.patch | 50 ----- ...-tls_eccurve-setting-explicit-curve-group.patch | 166 --------------- ...-tls_eccurve-on-earlier-versions-than-3.0.patch | 42 ---- ...-conns-rejected-for-bad-ALPN-with-the-off.patch | 99 --------- ...-check-dns_again_means_nonexist-for-TLSA-.patch | 78 ------- .../debian/75_66-Fix-crash-in-expansions.patch | 66 ------ mail/exim/files/patch-src_tls-openssl.c | 11 + mail/exim/pkg-plist | 2 + 28 files changed, 23 insertions(+), 2052 deletions(-) diff --git a/mail/exim/Makefile b/mail/exim/Makefile index f3045963d649..6f6cdcdcb702 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -47,6 +47,8 @@ AUTH_SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 BDB_USES= bdb DMARC_LIB_DEPENDS= libopendmarc.so:mail/opendmarc EMBEDDED_PERL_USE= perl5=run,build +EMBEDDED_PERL_BUILD_DEPENDS= p5-File-FcntlLock>0:devel/p5-File-FcntlLock +EMBEDDED_PERL_RUN_DEPENDS= p5-File-FcntlLock>0:devel/p5-File-FcntlLock EXIMON_USES= xorg EXIMON_USE= xorg=x11,xaw,xext,xmu,xt GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls @@ -64,32 +66,10 @@ SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 SQLITE_LIB_DEPENDS= libicudata.so:devel/icu SQLITE_USES= pkgconfig sqlite -DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75 -EXTRA_PATCHES= \ - ${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_08-Fix-regex-n-use-after-free.-Bug-2915.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_09-Fix-non-WITH_CONTENT_SCAN-build.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_22-Fix-daemon-startup.-Bug-2930.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_23-Fix-reccipients-after-run.-.-Bug-2929.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_31-Fix-regext-substring-capture-variables-for-null-matc.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_32-Fix-regex-substring-capture-variables-for-null-match.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_37-OpenSSL-when-preloading-creds-do-the-server-certs-be.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_38-OpenSSL-fix-double-expansion-of-tls_verify_certifica.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_50-Fix-logging-of-max-size-log-line.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_60-OpenSSL-fix-tls_eccurve-setting-explicit-curve-group.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_66-Fix-crash-in-expansions.patch:-p1 +#DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75 +#EXTRA_PATCHES= \ +# ${DEBIAN_PATCHES_PREFIX}_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:-p1 \ +# ${DEBIAN_PATCHES_PREFIX}_05-SPF-fix-memory-accounting-for-error-case.patch:-p1 .include <bsd.port.options.mk> @@ -130,7 +110,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf .endif -EXIM_VERSION= 4.96.2 +EXIM_VERSION= 4.97 SA_EXIM_VERSION=4.2.1 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h` diff --git a/mail/exim/distinfo b/mail/exim/distinfo index c8414ae70062..9cbaf2901ea2 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1697388290 -SHA256 (exim/exim-4.96.2.tar.bz2) = a7b9c247a8dcdf72b37ef4a6db0a744f6d34f65b40ef376265ddeb35610bb432 -SIZE (exim/exim-4.96.2.tar.bz2) = 2047572 +TIMESTAMP = 1699107695 +SHA256 (exim/exim-4.97.tar.bz2) = f0f6141b126a929e431d6ac8af3d6a1e310621ffe1f628b7b0de1e9b05488bfd +SIZE (exim/exim-4.97.tar.bz2) = 2077471 SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1 SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933 diff --git a/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch b/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch deleted file mode 100644 index 42a2c237aa82..000000000000 --- a/mail/exim/files/debian/75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e7ec503729970a03d4509921342bc81313976126 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Tue, 12 Jul 2022 22:14:04 +0100 -Subject: [PATCH] Fix exit on attempt to rewrite a malformed address. Bug 2903 - ---- - src/rewrite.c | 9 +- - test/confs/0471 | 7 + - test/log/0471 | 5 + - test/scripts/0000-Basic/0471 | 4 +- - test/stderr/0471 | 245 ++++++++++++++++++++++++++++++++++- - 6 files changed, 267 insertions(+), 8 deletions(-) - ---- a/src/rewrite.c -+++ b/src/rewrite.c -@@ -493,19 +493,18 @@ - empty address, overlong addres. Sometimes the result matters, sometimes not. - It seems this function is called for *any* header we see. */ - - if (!recipient) - { -- /* Handle unparesable addresses in the header. Slightly ugly because a -+ /* Log unparesable addresses in the header. Slightly ugly because a - null output from the extract can also result from a header without an -- address, "To: undisclosed recpients:;" being the classic case. */ -+ address, "To: undisclosed recpients:;" being the classic case. Ignore -+ this one and carry on. */ - - if ((rewrite_rules || routed_old) && Ustrcmp(errmess, "empty address") != 0) -- { - log_write(0, LOG_MAIN, "rewrite: %s", errmess); -- exim_exit(EXIT_FAILURE); -- } -+ - loop_reset_point = store_reset(loop_reset_point); - continue; - } - - /* If routed_old is not NULL, this is a rewrite caused by a router, diff --git a/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch b/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch deleted file mode 100644 index e474acf6f54d..000000000000 --- a/mail/exim/files/debian/75_05-SPF-fix-memory-accounting-for-error-case.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 93c722ce0549360af68269f088f4e59ed8fc130e Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Sun, 7 Aug 2022 17:00:27 +0100 -Subject: [PATCH] SPF: fix memory accounting for error case - ---- - src/spf.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/spf.c b/src/spf.c -index db6eea3a8..a8c0f75c4 100644 ---- a/src/spf.c -+++ b/src/spf.c -@@ -204,7 +204,7 @@ spf_nxdomain = SPF_dns_rr_new_init(spf_dns_server, - "", ns_t_any, 24 * 60 * 60, HOST_NOT_FOUND); - if (!spf_nxdomain) - { -- free(spf_dns_server); -+ store_free(spf_dns_server); - return NULL; - } - --- -2.35.1 - diff --git a/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch b/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch deleted file mode 100644 index 6dd55c1fe806..000000000000 --- a/mail/exim/files/debian/75_08-Fix-regex-n-use-after-free.-Bug-2915.patch +++ /dev/null @@ -1,167 +0,0 @@ -From 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Wed, 31 Aug 2022 15:37:40 +0100 -Subject: [PATCH] Fix $regex<n> use-after-free. Bug 2915 - ---- - src/exim.c | 4 +--- - src/expand.c | 2 +- - src/functions.h | 1 + - src/globals.c | 2 +- - src/regex.c | 29 ++++++++++++++++++----------- - src/smtp_in.c | 2 ++ - 7 files changed, 55 insertions(+), 17 deletions(-) - ---- a/src/exim.c -+++ b/src/exim.c -@@ -1999,12 +1999,10 @@ - - regex_whitelisted_macro = - regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE); - #endif - --for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -- - /* If the program is called as "mailq" treat it as equivalent to "exim -bp"; - this seems to be a generally accepted convention, since one finds symbolic - links called "mailq" in standard OS configurations. */ - - if ((namelen == 5 && Ustrcmp(argv[0], "mailq") == 0) || -@@ -6082,11 +6080,11 @@ - callout_address = NULL; - sending_ip_address = NULL; - deliver_localpart_data = deliver_domain_data = - recipient_data = sender_data = NULL; - acl_var_m = NULL; -- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+ regex_vars_clear(); - - store_reset(reset_point); - } - - exim_exit(EXIT_SUCCESS); /* Never returns */ ---- a/src/expand.c -+++ b/src/expand.c -@@ -1871,11 +1871,11 @@ - { - tree_node * node = tree_search(router_var, name + 2); - return node ? node->data.ptr : strict_acl_vars ? NULL : US""; - } - --/* Handle $auth<n> variables. */ -+/* Handle $auth<n>, $regex<n> variables. */ - - if (Ustrncmp(name, "auth", 4) == 0) - { - uschar *endptr; - int n = Ustrtoul(name + 4, &endptr, 10); ---- a/src/functions.h -+++ b/src/functions.h -@@ -436,10 +436,11 @@ - extern int regex(const uschar **); - #endif - extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **); - extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int); - extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL); -+extern void regex_vars_clear(void); - extern void retry_add_item(address_item *, uschar *, int); - extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL, - uschar **, uschar **); - extern retry_config *retry_find_config(const uschar *, const uschar *, int, int); - extern BOOL retry_ultimate_address_timeout(uschar *, const uschar *, ---- a/src/globals.c -+++ b/src/globals.c -@@ -1313,11 +1313,11 @@ - #ifndef DISABLE_PIPE_CONNECT - const pcre2_code *regex_EARLY_PIPE = NULL; - #endif - const pcre2_code *regex_ismsgid = NULL; - const pcre2_code *regex_smtp_code = NULL; --const uschar *regex_vars[REGEX_VARS]; -+const uschar *regex_vars[REGEX_VARS] = { 0 };; - #ifdef WHITELIST_D_MACROS - const pcre2_code *regex_whitelisted_macro = NULL; - #endif - #ifdef WITH_CONTENT_SCAN - uschar *regex_match_string = NULL; ---- a/src/regex.c -+++ b/src/regex.c -@@ -94,22 +94,32 @@ - } - pcre2_match_data_free(md); - return FAIL; - } - -+ -+/* reset expansion variables */ -+void -+regex_vars_clear(void) -+{ -+regex_match_string = NULL; -+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+} -+ -+ -+ - int --regex(const uschar **listptr) -+regex(const uschar ** listptr) - { - unsigned long mbox_size; --FILE *mbox_file; --pcre_list *re_list_head; --uschar *linebuffer; -+FILE * mbox_file; -+pcre_list * re_list_head; -+uschar * linebuffer; - long f_pos = 0; - int ret = FAIL; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - if (!mime_stream) /* We are in the DATA ACL */ - { - if (!(mbox_file = spool_mbox(&mbox_size, NULL, NULL))) - { /* error while spooling */ -@@ -167,18 +177,17 @@ - - - int - mime_regex(const uschar **listptr) - { --pcre_list *re_list_head = NULL; --FILE *f; --uschar *mime_subject = NULL; -+pcre_list * re_list_head = NULL; -+FILE * f; -+uschar * mime_subject = NULL; - int mime_subject_len = 0; - int ret; - --/* reset expansion variable */ --regex_match_string = NULL; -+regex_vars_clear(); - - /* precompile our regexes */ - if (!(re_list_head = compile(*listptr))) - return FAIL; /* no regexes -> nothing to do */ - ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -2155,12 +2155,14 @@ - prdr_requested = FALSE; - #endif - #ifdef SUPPORT_I18N - message_smtputf8 = FALSE; - #endif -+regex_vars_clear(); - body_linecount = body_zerocount = 0; - -+lookup_value = NULL; /* Can be set by ACL */ - sender_rate = sender_rate_limit = sender_rate_period = NULL; - ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */ - /* Note that ratelimiters_conn persists across resets. */ - - /* Reset message ACL variables */ diff --git a/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch b/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch deleted file mode 100644 index 6071fa7c5bf4..000000000000 --- a/mail/exim/files/debian/75_09-Fix-non-WITH_CONTENT_SCAN-build.patch +++ /dev/null @@ -1,58 +0,0 @@ -From d8ecc7bf97934a1e2244788c610c958cacd740bd Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Wed, 31 Aug 2022 17:03:37 +0100 -Subject: [PATCH 1/3] Fix non-WITH_CONTENT_SCAN build. - -Broken-by: 4e9ed49f8f ---- - src/exim.c | 11 +++++++++++ - src/regex.c | 10 ---------- - 2 files changed, 11 insertions(+), 10 deletions(-) - ---- a/src/exim.c -+++ b/src/exim.c -@@ -1677,10 +1677,21 @@ - if ((s = expand_string(big_buffer))) printf("%s\n", CS s); - else printf("Failed: %s\n", expand_string_message); - } - - -+/* reset regex expansion variables */ -+void -+regex_vars_clear(void) -+{ -+regex_match_string = NULL; -+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+} -+ -+ -+ -+ - - /************************************************* - * Entry point and high-level code * - *************************************************/ - ---- a/src/regex.c -+++ b/src/regex.c -@@ -95,20 +95,10 @@ - pcre2_match_data_free(md); - return FAIL; - } - - --/* reset expansion variables */ --void --regex_vars_clear(void) --{ --regex_match_string = NULL; --for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; --} -- -- -- - int - regex(const uschar ** listptr) - { - unsigned long mbox_size; - FILE * mbox_file; diff --git a/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch b/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch deleted file mode 100644 index 0a8ed514ffe8..000000000000 --- a/mail/exim/files/debian/75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch +++ /dev/null @@ -1,135 +0,0 @@ -From 158dff9936e36a2d31d037d3988b9353458d6471 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Wed, 31 Aug 2022 17:17:59 +0100 -Subject: [PATCH 2/3] Fix non-WITH_CONTENT_SCAN build (2) - -Broken-by: d8ecc7bf97 ---- - src/exim.c | 13 +------------ - src/functions.h | 2 +- - src/globals.h | 2 +- - src/regex.c | 10 ++++++++++ - src/smtp_in.c | 2 ++ - 5 files changed, 15 insertions(+), 14 deletions(-) - ---- a/src/exim.c -+++ b/src/exim.c -@@ -1677,21 +1677,10 @@ - if ((s = expand_string(big_buffer))) printf("%s\n", CS s); - else printf("Failed: %s\n", expand_string_message); - } - - --/* reset regex expansion variables */ --void --regex_vars_clear(void) --{ --regex_match_string = NULL; --for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; --} -- -- -- -- - - /************************************************* - * Entry point and high-level code * - *************************************************/ - -@@ -6085,17 +6074,17 @@ - deliver_domain_orig = NULL; - deliver_host = deliver_host_address = NULL; - dnslist_domain = dnslist_matched = NULL; - #ifdef WITH_CONTENT_SCAN - malware_name = NULL; -+ regex_vars_clear(); - #endif - callout_address = NULL; - sending_ip_address = NULL; - deliver_localpart_data = deliver_domain_data = - recipient_data = sender_data = NULL; - acl_var_m = NULL; -- regex_vars_clear(); - - store_reset(reset_point); - } - - exim_exit(EXIT_SUCCESS); /* Never returns */ ---- a/src/functions.h -+++ b/src/functions.h -@@ -432,15 +432,15 @@ - extern BOOL receive_msg(BOOL); - extern int_eximarith_t receive_statvfs(BOOL, int *); - extern void receive_swallow_smtp(void); - #ifdef WITH_CONTENT_SCAN - extern int regex(const uschar **); -+extern void regex_vars_clear(void); - #endif - extern BOOL regex_match(const pcre2_code *, const uschar *, int, uschar **); - extern BOOL regex_match_and_setup(const pcre2_code *, const uschar *, int, int); - extern const pcre2_code *regex_must_compile(const uschar *, BOOL, BOOL); --extern void regex_vars_clear(void); - extern void retry_add_item(address_item *, uschar *, int); - extern BOOL retry_check_address(const uschar *, host_item *, uschar *, BOOL, - uschar **, uschar **); - extern retry_config *retry_find_config(const uschar *, const uschar *, int, int); - extern BOOL retry_ultimate_address_timeout(uschar *, const uschar *, ---- a/src/globals.h -+++ b/src/globals.h -@@ -895,16 +895,16 @@ - #ifndef DISABLE_PIPE_CONNECT - extern const pcre2_code *regex_EARLY_PIPE; /* For recognizing PIPE_CONNCT */ - #endif - extern const pcre2_code *regex_ismsgid; /* Compiled r.e. for message ID */ - extern const pcre2_code *regex_smtp_code; /* For recognizing SMTP codes */ --extern const uschar *regex_vars[]; /* $regexN variables */ - #ifdef WHITELIST_D_MACROS - extern const pcre2_code *regex_whitelisted_macro; /* For -D macro values */ - #endif - #ifdef WITH_CONTENT_SCAN - extern uschar *regex_match_string; /* regex that matched a line (regex ACL condition) */ -+extern const uschar *regex_vars[]; - #endif - extern int remote_delivery_count; /* Number of remote addresses */ - extern int remote_max_parallel; /* Maximum parallel delivery */ - extern uschar *remote_sort_domains; /* Remote domain sorting order */ - extern retry_config *retries; /* Chain of retry config information */ ---- a/src/regex.c -+++ b/src/regex.c -@@ -95,10 +95,20 @@ - pcre2_match_data_free(md); - return FAIL; - } - - -+/* reset expansion variables */ -+void -+regex_vars_clear(void) -+{ -+regex_match_string = NULL; -+for (int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL; -+} -+ -+ -+ - int - regex(const uschar ** listptr) - { - unsigned long mbox_size; - FILE * mbox_file; ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -2155,11 +2155,13 @@ - prdr_requested = FALSE; - #endif - #ifdef SUPPORT_I18N - message_smtputf8 = FALSE; - #endif -+#ifdef WITH_CONTENT_SCAN - regex_vars_clear(); -+#endif - body_linecount = body_zerocount = 0; - - lookup_value = NULL; /* Can be set by ACL */ - sender_rate = sender_rate_limit = sender_rate_period = NULL; - ratelimiters_mail = NULL; /* Updated by ratelimit ACL condition */ diff --git a/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch b/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch deleted file mode 100644 index b06d89679b7e..000000000000 --- a/mail/exim/files/debian/75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 32da6327e434e986a18b75a84f2d8c687ba14619 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Thu, 1 Sep 2022 15:54:35 +0100 -Subject: [PATCH 3/3] Fix non-WITH_CONTENT_SCAN build (3) - -Broken-by: d8ecc7bf97 ---- - src/expand.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/expand.c b/src/expand.c -index 89de56255..831ca2b75 100644 ---- a/src/expand.c -+++ b/src/expand.c -@@ -1869,6 +1869,7 @@ if (Ustrncmp(name, "auth", 4) == 0) - if (!*endptr && n != 0 && n <= AUTH_VARS) - return auth_vars[n-1] ? auth_vars[n-1] : US""; - } -+#ifdef WITH_CONTENT_SCAN - else if (Ustrncmp(name, "regex", 5) == 0) - { - uschar *endptr; -@@ -1876,6 +1877,7 @@ else if (Ustrncmp(name, "regex", 5) == 0) - if (!*endptr && n != 0 && n <= REGEX_VARS) - return regex_vars[n-1] ? regex_vars[n-1] : US""; - } -+#endif - - /* For all other variables, search the table */ - -@@ -8715,9 +8717,11 @@ assert_variable_notin() treats as const, so deconst is safe. */ - for (int i = 0; i < AUTH_VARS; i++) if (auth_vars[i]) - assert_variable_notin(US"auth<n>", US auth_vars[i], &e); - -+#ifdef WITH_CONTENT_SCAN - /* check regex<n> variables. assert_variable_notin() treats as const. */ - for (int i = 0; i < REGEX_VARS; i++) if (regex_vars[i]) - assert_variable_notin(US"regex<n>", US regex_vars[i], &e); -+#endif - - /* check known-name variables */ - for (var_entry * v = var_table; v < var_table + var_table_size; v++) --- -2.35.1 - diff --git a/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch b/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch deleted file mode 100644 index 73b584dbef4d..000000000000 --- a/mail/exim/files/debian/75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch +++ /dev/null @@ -1,96 +0,0 @@ -From ece23f05d6a430a461a75639197271c23f6858ec Mon Sep 17 00:00:00 2001 -From: Jasen Betts <jasen@xnet.co.nz> -Date: Fri, 30 Sep 2022 13:49:41 +0100 -Subject: [PATCH] GnuTLS: fix for clients offering no TLS extensions - ---- - src/tls-gnu.c | 3 ++- - src/tls-openssl.c | 39 +++++++++++++++--------------- - test/confs/2091 | 1 + - test/log/2091 | 3 +++ - test/scripts/2090-GnuTLS-ALPN/2091 | 19 +++++++++++++++ - test/stdout/2091 | 21 ++++++++++++++++ - 7 files changed, 68 insertions(+), 21 deletions(-) - create mode 120000 test/confs/2091 - create mode 100644 test/log/2091 - create mode 100644 test/scripts/2090-GnuTLS-ALPN/2091 - create mode 100644 test/stdout/2091 - ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -1130,12 +1130,13 @@ - static int - tls_server_clienthello_cb(gnutls_session_t session, unsigned int htype, - unsigned when, unsigned int incoming, const gnutls_datum_t * msg) - { - /* Call fn for each extension seen. 3.6.3 onwards */ --return gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg, -+int rc = gnutls_ext_raw_parse(NULL, tls_server_clienthello_ext, msg, - GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); -+return rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE ? 0 : rc; - } - - - # ifdef notdef_crashes - /* Make a note that we saw a status-response */ ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -940,40 +940,39 @@ - - Returns: nothing - */ - - static void --info_callback(SSL *s, int where, int ret) -+info_callback(SSL * s, int where, int ret) - { - DEBUG(D_tls) - { -- const uschar * str; -+ gstring * g = NULL; - -- if (where & SSL_ST_CONNECT) -- str = US"SSL_connect"; -- else if (where & SSL_ST_ACCEPT) -- str = US"SSL_accept"; -- else -- str = US"SSL info (undefined)"; -+ if (where & SSL_ST_CONNECT) g = string_append_listele(g, ',', US"SSL_connect"); -+ if (where & SSL_ST_ACCEPT) g = string_append_listele(g, ',', US"SSL_accept"); -+ if (where & SSL_CB_LOOP) g = string_append_listele(g, ',', US"state_chg"); -+ if (where & SSL_CB_EXIT) g = string_append_listele(g, ',', US"hshake_exit"); -+ if (where & SSL_CB_READ) g = string_append_listele(g, ',', US"read"); -+ if (where & SSL_CB_WRITE) g = string_append_listele(g, ',', US"write"); -+ if (where & SSL_CB_ALERT) g = string_append_listele(g, ',', US"alert"); -+ if (where & SSL_CB_HANDSHAKE_START) g = string_append_listele(g, ',', US"hshake_start"); -+ if (where & SSL_CB_HANDSHAKE_DONE) g = string_append_listele(g, ',', US"hshake_done"); - - if (where & SSL_CB_LOOP) -- debug_printf("%s: %s\n", str, SSL_state_string_long(s)); -+ debug_printf("SSL %s: %s\n", g->s, SSL_state_string_long(s)); - else if (where & SSL_CB_ALERT) -- debug_printf("SSL3 alert %s:%s:%s\n", -- str = where & SSL_CB_READ ? US"read" : US"write", -+ debug_printf("SSL %s %s:%s\n", g->s, - SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); - else if (where & SSL_CB_EXIT) - { -- if (ret == 0) -- debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s)); -- else if (ret < 0) -- debug_printf("%s: error in %s\n", str, SSL_state_string_long(s)); -+ if (ret <= 0) -+ debug_printf("SSL %s: %s in %s\n", g->s, -+ ret == 0 ? "failed" : "error", SSL_state_string_long(s)); - } -- else if (where & SSL_CB_HANDSHAKE_START) -- debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s)); -- else if (where & SSL_CB_HANDSHAKE_DONE) -- debug_printf("%s: hshake done: %s\n", str, SSL_state_string_long(s)); -+ else if (where & (SSL_CB_HANDSHAKE_START | SSL_CB_HANDSHAKE_DONE)) -+ debug_printf("SSL %s: %s\n", g->s, SSL_state_string_long(s)); - } - } - - #ifdef OPENSSL_HAVE_KEYLOG_CB - static void diff --git a/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch b/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch deleted file mode 100644 index 456f315236b1..000000000000 --- a/mail/exim/files/debian/75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sat, 15 Oct 2022 19:30:58 +0200 -Subject: [PATCH 1/2] Fix: Build with libopendmarc 1.4.x (fixes 2728) - ---- - src/EDITME | 7 +++++-- - src/config.h.defaults | 1 + - src/dmarc.c | 7 ++++++- - 4 files changed, 15 insertions(+), 3 deletions(-) - ---- a/src/EDITME -+++ b/src/EDITME -@@ -600,18 +600,21 @@ - - # EXPERIMENTAL_DCC=yes - - # Uncomment the following line to add DMARC checking capability, implemented - # using libopendmarc libraries. You must have SPF and DKIM support enabled also. --# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; --# 1.3.2-3 works. I seems that the OpenDMARC project broke their API. - # SUPPORT_DMARC=yes - # CFLAGS += -I/usr/local/include - # LDFLAGS += -lopendmarc - # Uncomment the following if you need to change the default. You can - # override it at runtime (main config option dmarc_tld_file) - # DMARC_TLD_FILE=/etc/exim/opendmarc.tlds -+# -+# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; -+# 1.3.2-3 works. It seems that the OpenDMARC project broke their API. -+# Use this option if you need to build with an old library (1.3.x) -+# DMARC_API=100300 - - # Uncomment the following line to add ARC (Authenticated Received Chain) - # support. You must have SPF and DKIM support enabled also. - # EXPERIMENTAL_ARC=yes - ---- a/src/config.h.defaults -+++ b/src/config.h.defaults -@@ -148,10 +148,11 @@ - #define STRING_SPRINTF_BUFFER_SIZE (8192 * 4) - - #define SUPPORT_CRYPTEQ - #define SUPPORT_DANE - #define SUPPORT_DMARC -+#define DMARC_API 100400 - #define DMARC_TLD_FILE "/etc/exim/opendmarc.tlds" - #define SUPPORT_I18N - #define SUPPORT_I18N_2008 - #define SUPPORT_MAILDIR - #define SUPPORT_MAILSTORE ---- a/src/dmarc.c -+++ b/src/dmarc.c -@@ -457,11 +457,16 @@ - dkim_result = vs == PDKIM_VERIFY_PASS ? DMARC_POLICY_DKIM_OUTCOME_PASS : - vs == PDKIM_VERIFY_FAIL ? DMARC_POLICY_DKIM_OUTCOME_FAIL : - vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : - DMARC_POLICY_DKIM_OUTCOME_NONE; - libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain, -- dkim_result, US""); -+/* The opendmarc project broke its API in a way we can't detect * easily. -+ * The EDITME provides a DMARC_API variable */ -+#if DMARC_API >= 100400 -+ sig->selector, -+#endif -+ dkim_result, US""); - DEBUG(D_receive) - debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); - if (libdm_status != DMARC_PARSE_OKAY) - log_write(0, LOG_MAIN|LOG_PANIC, - "failure to store dkim (%s) for DMARC: %s", diff --git a/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch b/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch deleted file mode 100644 index e8bda9e07b35..000000000000 --- a/mail/exim/files/debian/75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 Mon Sep 17 00:00:00 2001 -From: Lorenz Brun <lorenz@brun.one> -Date: Fri, 14 Oct 2022 21:02:51 +0200 -Subject: [PATCH 2/2] DMARC: fix use-after-free in dmarc_dns_lookup - -This fixes a use-after-free in dmarc_dns_lookup where the result -of dns_lookup in dnsa is freed before the required data is copied out. - -Fixes: 9258363 ("DNS: explicit alloc/free of workspace") ---- - src/dmarc.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/dmarc.c b/src/dmarc.c -index ad0c26c91..53c2752ac 100644 ---- a/src/dmarc.c -+++ b/src/dmarc.c -@@ -226,16 +226,17 @@ dns_scan dnss; - int rc = dns_lookup(dnsa, string_sprintf("_dmarc.%s", dom), T_TXT, NULL); - - if (rc == DNS_SUCCEED) - for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; - rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) - if (rr->type == T_TXT && rr->size > 3) - { -+ uschar *record = string_copyn_taint(US rr->data, rr->size, GET_TAINTED); - store_free_dns_answer(dnsa); -- return string_copyn_taint(US rr->data, rr->size, GET_TAINTED); -+ return record; - } - store_free_dns_answer(dnsa); - return NULL; - } - - - static int --- -2.35.1 - diff --git a/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch b/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch deleted file mode 100644 index 412c39be28d7..000000000000 --- a/mail/exim/files/debian/75_22-Fix-daemon-startup.-Bug-2930.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 221321d2c51b83d1feced80ecd6c2fe33ec5456c Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Thu, 3 Nov 2022 20:08:25 +0000 -Subject: [PATCH 1/2] Fix daemon startup. Bug 2930 - -Broken-by: 7d5055276a ---- - src/daemon.c | 8 ++++++-- - 2 files changed, 10 insertions(+), 2 deletions(-) - ---- a/src/daemon.c -+++ b/src/daemon.c -@@ -1744,19 +1744,23 @@ - { - /* If the parent process of this one has pid == 1, we are re-initializing the - daemon as the result of a SIGHUP. In this case, there is no need to do - anything, because the controlling terminal has long gone. Otherwise, fork, in - case current process is a process group leader (see 'man setsid' for an -- explanation) before calling setsid(). */ -+ explanation) before calling setsid(). -+ All other forks want daemon_listen cleared. Rather than blow a register, jsut -+ restore it here. */ - - if (getppid() != 1) - { -+ BOOL daemon_listen = f.daemon_listen; - pid_t pid = exim_fork(US"daemon"); - if (pid < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, - "fork() failed when starting daemon: %s", strerror(errno)); - if (pid > 0) exit(EXIT_SUCCESS); /* in parent process, just exit */ - (void)setsid(); /* release controlling terminal */ -+ f.daemon_listen = daemon_listen; - } - } - - /* We are now in the disconnected, daemon process (unless debugging). Set up - the listening sockets if required. */ -@@ -2090,11 +2094,11 @@ - { /* found; append port to list */ - for (p = i2->log; *p; ) p++; /* end of existing string */ - if (*--p == '}') *p = '\0'; /* drop EOL */ - while (isdigit(*--p)) ; /* char before port */ - -- i2->log = *p == ':' /* no list yet? */ -+ i2->log = *p == ':' /* no list yet? { */ - ? string_sprintf("%.*s{%s,%d}", - (int)(p - i2->log + 1), i2->log, p+1, ipa->port) - : string_sprintf("%s,%d}", i2->log, ipa->port); - ipa->log = NULL; - break; diff --git a/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch b/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch deleted file mode 100644 index 1db2ad0c9c99..000000000000 --- a/mail/exim/files/debian/75_23-Fix-reccipients-after-run.-.-Bug-2929.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6b331d5834d12bdda21857cd6fffac17038ce3c7 Mon Sep 17 00:00:00 2001 -From: Ruben Jenster <r.jenster@drachenfels.de> -Date: Thu, 3 Nov 2022 21:38:15 +0000 -Subject: [PATCH 2/2] Fix $reccipients after ${run...}. Bug 2929 - -Broken-by: cfe6acff2d ---- - src/transport.c | 3 ++- - 2 files changed, 5 insertions(+), 1 deletion(-) - ---- a/src/transport.c -+++ b/src/transport.c -@@ -2342,13 +2342,14 @@ - /* Handle normal expansion string */ - - else - { - const uschar *expanded_arg; -+ BOOL enable_dollar_recipients_g = f.enable_dollar_recipients; - f.enable_dollar_recipients = allow_dollar_recipients; - expanded_arg = expand_cstring(argv[i]); -- f.enable_dollar_recipients = FALSE; -+ f.enable_dollar_recipients = enable_dollar_recipients_g; - - if (!expanded_arg) - { - uschar *msg = string_sprintf("Expansion of \"%s\" " - "from command \"%s\" in %s failed: %s", diff --git a/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch b/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch deleted file mode 100644 index d12b1b246631..000000000000 --- a/mail/exim/files/debian/75_31-Fix-regext-substring-capture-variables-for-null-matc.patch +++ /dev/null @@ -1,60 +0,0 @@ -From e63825824cc406c160ccbf2b154c5d81b168604a Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Fri, 11 Nov 2022 00:05:59 +0000 -Subject: [PATCH 1/2] Fix regext substring capture variables for null matches. - Bug 2933 - -broken-by: 59d66fdc13f0 ---- - src/exim.c | 2 ++ - src/malware.c | 3 +++ - src/regex.c | 2 +- - 4 files changed, 11 insertions(+), 1 deletion(-) - ---- a/src/exim.c -+++ b/src/exim.c -@@ -167,10 +167,12 @@ - for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++) - { - PCRE2_SIZE len; - pcre2_substring_get_bynumber(md, matchnum, - (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len); -+ if (!expand_nstring[expand_nmax]) -+ { expand_nstring[expand_nmax] = US""; len = 0; } - expand_nlength[expand_nmax++] = (int)len; - } - expand_nmax--; - } - else if (res != PCRE2_ERROR_NOMATCH) DEBUG(D_any) ---- a/src/malware.c -+++ b/src/malware.c -@@ -323,11 +323,14 @@ - int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx); - PCRE2_UCHAR * substr = NULL; - PCRE2_SIZE slen; - - if (i >= 2) /* Got it */ -+ { *** 1335 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202311081515.3A8FFhP4025544>