git: e349c3b2cd7f - main - mail/exim: port some critical upstream patches (+)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 28 Mar 2022 12:02:11 UTC
The branch main has been updated by fluffy: URL: https://cgit.FreeBSD.org/ports/commit/?id=e349c3b2cd7fce688d393af4d5685266083d6b17 commit e349c3b2cd7fce688d393af4d5685266083d6b17 Author: Dima Panov <fluffy@FreeBSD.org> AuthorDate: 2022-03-28 11:58:07 +0000 Commit: Dima Panov <fluffy@FreeBSD.org> CommitDate: 2022-03-28 12:02:07 +0000 mail/exim: port some critical upstream patches (+) 32-Fix-PAM-auth.-Bug-2813 35-Exiqgrep-check-arg-parsing.-Bug-2821 43-BSD-fix-resource-leak 45-Fix-bogus-error-message-copy.-Bug-2857 50-Fix-include_directory-in-redirect-routers.-Bug-2715 55-Specific-check-for-null-pointer Thanks to: ler (for runtime testing) --- mail/exim/Makefile | 12 +++- .../debian/75_32-Fix-PAM-auth.-Bug-2813.patch | 25 ++++++++ ...5_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch | 25 ++++++++ .../files/debian/75_43-BSD-fix-resource-leak.patch | 61 ++++++++++++++++++++ ...45-Fix-bogus-error-message-copy.-Bug-2857.patch | 38 ++++++++++++ ...e_directory-in-redirect-routers.-Bug-2715.patch | 62 ++++++++++++++++++++ .../75_55-Specific-check-for-null-pointer.patch | 67 ++++++++++++++++++++++ 7 files changed, 287 insertions(+), 3 deletions(-) diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 83bfb5aec983..9cd6deadcc29 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -2,7 +2,7 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= mail MASTER_SITES= EXIM:exim MASTER_SITE_SUBDIR= /exim4/:exim \ @@ -68,8 +68,14 @@ SQLITE_USES= pkgconfig sqlite DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75 EXTRA_PATCHES= \ ${DEBIAN_PATCHES_PREFIX}_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_32-Fix-PAM-auth.-Bug-2813.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch:-p1 \ ${DEBIAN_PATCHES_PREFIX}_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch:-p1 \ - ${DEBIAN_PATCHES_PREFIX}_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch:-p1 + ${DEBIAN_PATCHES_PREFIX}_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_43-BSD-fix-resource-leak.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_45-Fix-bogus-error-message-copy.-Bug-2857.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_55-Specific-check-for-null-pointer.patch:-p1 .include <bsd.port.options.mk> @@ -327,7 +333,7 @@ SEDLIST+= -e 's,XX_LDAP_[^ ]*_XX,,' \ .endif .if ${PORT_OPTIONS:MBDB} -INVALID_BDB_VER= 2 3 +INVALID_BDB_VER= 2 3 6 18 DB_LIBS= -L${BDB_LIB_DIR} -l${BDB_LIB_NAME} DB_INCLUDES= -I${BDB_INCLUDE_DIR} .else diff --git a/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch b/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch new file mode 100644 index 000000000000..537bfed558d7 --- /dev/null +++ b/mail/exim/files/debian/75_32-Fix-PAM-auth.-Bug-2813.patch @@ -0,0 +1,25 @@ +From 51be321b27825c01829dffd90f11bfff256f7e42 Mon Sep 17 00:00:00 2001 +From: Adam Lackorzynski <adam@l4re.org> +Date: Sat, 16 Oct 2021 16:30:07 +0100 +Subject: [PATCH] Fix PAM auth. Bug 2813 + +--- + src/auths/call_pam.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/auths/call_pam.c b/src/auths/call_pam.c +index 80bb23ec3..03b9be1a8 100644 +--- a/src/auths/call_pam.c ++++ b/src/auths/call_pam.c +@@ -88,7 +88,7 @@ for (int i = 0; i < num_msg; i++) + arg = US""; + pam_arg_ended = TRUE; + } +- reply[i].resp = CS string_copy_malloc(arg); /* PAM frees resp */ ++ reply[i].resp = strdup(CCS arg); /* Use libc malloc, PAM frees resp directly*/ + reply[i].resp_retcode = PAM_SUCCESS; + break; + +-- +2.34.1 + diff --git a/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch b/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch new file mode 100644 index 000000000000..ec056eec9b79 --- /dev/null +++ b/mail/exim/files/debian/75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch @@ -0,0 +1,25 @@ +From df618101a5ea15dc90c4a2968798ef2be9dba16f Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Mon, 18 Oct 2021 11:01:47 +0100 +Subject: [PATCH] Exiqgrep: check arg parsing. Bug 2821 + +--- + src/exiqgrep.src | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/exiqgrep.src b/src/exiqgrep.src +index c8762df47..04602da68 100644 +--- a/src/exiqgrep.src ++++ b/src/exiqgrep.src +@@ -53,7 +53,7 @@ if ($ARGV[0] eq '--version') { + exit 0; + } + +-getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt); ++if (!getopts('hf:r:y:o:s:C:zxlibRcaG:',\%opt) { &help; exit;} + if ($ARGV[0]) { &help; exit;} + if ($opt{h}) { &help; exit;} + if ($opt{a}) { $eargs = '-bp'; } +-- +2.34.1 + diff --git a/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch b/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch new file mode 100644 index 000000000000..0a624c30875c --- /dev/null +++ b/mail/exim/files/debian/75_43-BSD-fix-resource-leak.patch @@ -0,0 +1,61 @@ +From c57309a50444d858c0a2dc1581846a850d78a9ad Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Tue, 11 Jan 2022 11:21:45 +0000 +Subject: [PATCH 077/151] BSD: fix resource leak + +--- + doc/ChangeLog | 4 ++++ + src/tls.c | 9 +++++---- + +diff --git a/doc/ChangeLog b/doc/ChangeLog +index e7c7085f8..567399483 100644 +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -65,6 +65,10 @@ JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value + + JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. + ++JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon ++ failing to close the certificates directory, every hour or any time it ++ was touched. ++ + + Exim version 4.95 + ----------------- +diff --git a/src/tls.c b/src/tls.c +index d5d11bcea..e6b1bf7a7 100644 +--- a/src/tls.c ++++ b/src/tls.c +@@ -185,8 +185,8 @@ for (;;) + { + if ((fd1 = open(CCS filename, O_RDONLY | O_NOFOLLOW)) < 0) + { s = US"open file"; goto bad; } +- DEBUG(D_tls) debug_printf("watch file '%s'\n", filename); +- EV_SET(&kev[++kev_used], ++ DEBUG(D_tls) debug_printf("watch file '%s':\t%d\n", filename, fd1); ++ EV_SET(&kev[kev_used++], + (uintptr_t)fd1, + EVFILT_VNODE, + EV_ADD | EV_ENABLE | EV_ONESHOT, +@@ -196,8 +196,8 @@ for (;;) + NULL); + cnt++; + } +- DEBUG(D_tls) debug_printf("watch dir '%s'\n", s); +- EV_SET(&kev[++kev_used], ++ DEBUG(D_tls) debug_printf("watch dir '%s':\t%d\n", s, fd2); ++ EV_SET(&kev[kev_used++], + (uintptr_t)fd2, + EVFILT_VNODE, + EV_ADD | EV_ENABLE | EV_ONESHOT, +@@ -320,6 +320,7 @@ if (tls_watch_fd < 0) return; + /* Close the files we had open for kevent */ + for (int i = 0; i < kev_used; i++) + { ++ DEBUG(D_tls) debug_printf("closing watch fd: %d\n", (int) kev[i].ident); + (void) close((int) kev[i].ident); + kev[i].ident = (uintptr_t)-1; + } +-- +2.35.1 + diff --git a/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch b/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch new file mode 100644 index 000000000000..7a582781136d --- /dev/null +++ b/mail/exim/files/debian/75_45-Fix-bogus-error-message-copy.-Bug-2857.patch @@ -0,0 +1,38 @@ +From 7ad863f3819407559cd654639c25dcae427c190f Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Sun, 6 Feb 2022 19:00:26 +0000 +Subject: [PATCH] Fix bogus error message copy. Bug 2857 + +Broken-by: bb43acbd98 +--- + src/parse.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/parse.c b/src/parse.c +index 5bf97eab9..edbee2646 100644 +--- a/src/parse.c ++++ b/src/parse.c +@@ -1354,15 +1354,16 @@ for (;;) + + if (special) + { +- uschar *ss = Ustrchr(s+1, ':') + 1; ++ uschar * ss = Ustrchr(s+1, ':') + 1; /* line after the special... */ + if ((options & specopt) == specbit) + { + *error = string_sprintf("\"%.*s\" is not permitted", len, s); + return FF_ERROR; + } +- while (*ss && isspace(*ss)) ss++; +- while (s[len] && s[len] != '\n') len++; +- *error = string_copyn(ss, s + len - ss); ++ while (*ss && isspace(*ss)) ss++; /* skip leading whitespace */ ++ if ((len = Ustrlen(ss)) > 0) /* ignore trailing newlines */ ++ for (const uschar * t = ss + len - 1; t >= ss && *t == '\n'; t--) len--; ++ *error = string_copyn(ss, len); /* becomes the error */ + return special; + } + +-- +2.34.1 + diff --git a/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch b/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch new file mode 100644 index 000000000000..0344630e70b3 --- /dev/null +++ b/mail/exim/files/debian/75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch @@ -0,0 +1,62 @@ +From 7f8394e7c983b1c199866fc6b1c14feb857b651d Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Sun, 13 Feb 2022 12:00:55 +0000 +Subject: [PATCH] Fix include_directory in redirect routers. Bug 2715 + +Broken-by: 10c50704c1 +--- + doc/ChangeLog | 5 +++++ + src/parse.c | 9 ++++++--- + test/confs/0313 | 4 +++- + test/log/0313 | 2 ++ + test/scripts/0000-Basic/0313 | 2 ++ + 5 files changed, 18 insertions(+), 4 deletions(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -23,6 +23,11 @@ JH/15 Fix a resource leak in *BSD. An off-by-one erro + failing to close the certificates directory, every hour or any time it + was touched. + ++JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a ++ bad comparison between the option value and the name of the file to ++ be included was done, and a mismatch was wrongly identified. ++ 4.88 to 4.95 are affected. ++ + + Exim version 4.95 + ----------------- +--- a/src/parse.c ++++ b/src/parse.c +@@ -1422,11 +1422,13 @@ + /* Check file name if required */ + + if (directory) + { + int len = Ustrlen(directory); +- uschar *p = filename + len; ++ uschar * p; ++ while (len > 0 && directory[len-1] == '/') len--; /* ignore trailing '/' */ ++ p = filename + len; + + if (Ustrncmp(filename, directory, len) != 0 || *p != '/') + { + *error = string_sprintf("included file %s is not in directory %s", + filename, directory); +@@ -1448,13 +1450,14 @@ + } + while (*p) + { + uschar temp; + int fd2; +- uschar * q = p; ++ uschar * q = p + 1; /* skip dividing '/' */ + +- while (*++p && *p != '/') ; ++ while (*q == '/') q++; /* skip extra '/' */ ++ while (*++p && *p != '/') ; /* end of component */ + temp = *p; + *p = '\0'; + + fd2 = exim_openat(fd, CS q, O_RDONLY|O_NOFOLLOW); + close(fd); diff --git a/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch b/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch new file mode 100644 index 000000000000..0d52bf5091a0 --- /dev/null +++ b/mail/exim/files/debian/75_55-Specific-check-for-null-pointer.patch @@ -0,0 +1,67 @@ +From b249717db8ced250a586385f06e61cf7107d5222 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Fri, 18 Feb 2022 15:45:37 +0000 +Subject: [PATCH] Specific check for null pointer + +--- + src/smtp_out.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/smtp_out.c b/src/smtp_out.c +index 608a781eb..fc1e6cecd 100644 +--- a/src/smtp_out.c ++++ b/src/smtp_out.c +@@ -524,13 +524,21 @@ flush_buffer(smtp_outblock * outblock, int mode) + int rc; + int n = outblock->ptr - outblock->buffer; + BOOL more = mode == SCMD_MORE; ++client_conn_ctx * cctx; + + HDEBUG(D_transport|D_acl) debug_printf_indent("cmd buf flush %d bytes%s\n", n, + more ? " (more expected)" : ""); + ++if (!(cctx = outblock->cctx)) ++ { ++ log_write(0, LOG_MAIN|LOG_PANIC, "null conn-context pointer"); ++ errno = 0; ++ return FALSE; ++ } ++ + #ifndef DISABLE_TLS +-if (outblock->cctx->tls_ctx) +- rc = tls_write(outblock->cctx->tls_ctx, outblock->buffer, n, more); ++if (cctx->tls_ctx) /*XXX have seen a null cctx here, rvfy sending QUIT, hence check above */ ++ rc = tls_write(cctx->tls_ctx, outblock->buffer, n, more); + else + #endif + +@@ -544,7 +552,7 @@ else + requirement: TFO with data can, in rare cases, replay the data to the + receiver. */ + +- if ( (outblock->cctx->sock = smtp_connect(outblock->conn_args, &early_data)) ++ if ( (cctx->sock = smtp_connect(outblock->conn_args, &early_data)) + < 0) + return FALSE; + outblock->conn_args = NULL; +@@ -552,7 +560,7 @@ else + } + else + { +- rc = send(outblock->cctx->sock, outblock->buffer, n, ++ rc = send(cctx->sock, outblock->buffer, n, + #ifdef MSG_MORE + more ? MSG_MORE : 0 + #else +@@ -567,7 +575,7 @@ else + https://bugzilla.redhat.com/show_bug.cgi?id=1803806 */ + + if (!more) +- setsockopt(outblock->cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off)); ++ setsockopt(cctx->sock, IPPROTO_TCP, TCP_CORK, &off, sizeof(off)); + #endif + } + } +-- +2.34.1 +