git: 99c5dc1049a2 - main - mail/exim: update to 4.95 release (+)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 28 Dec 2021 19:32:55 UTC
The branch main has been updated by fluffy: URL: https://cgit.FreeBSD.org/ports/commit/?id=99c5dc1049a23570016dcb5ac44882e408800622 commit 99c5dc1049a23570016dcb5ac44882e408800622 Author: Dima Panov <fluffy@FreeBSD.org> AuthorDate: 2021-12-28 19:23:16 +0000 Commit: Dima Panov <fluffy@FreeBSD.org> CommitDate: 2021-12-28 19:23:16 +0000 mail/exim: update to 4.95 release (+) Finally, Exim will be pushed to 4.95 release. Long wait was caused by some criticals errors in vanilla release, upstream fixes got a some time to come. * Apply sendfile patch, fixes SIGSEGV using clamd via TCP [1] * Convert select() to poll(), fixes crashes (SIGSEV) on FreeBSD 12.2 [2] PR: 258848 [1], 259822 [2] Sponsored by: Netzkommune GmbH --- mail/exim/Makefile | 35 +- mail/exim/distinfo | 6 +- ...ain-config-option-allow_insecure_tainted_.patch | 230 ----- mail/exim/files/debian/75_02-search.patch | 39 - mail/exim/files/debian/75_03-dbstuff.patch | 30 - mail/exim/files/debian/75_04-acl.patch | 67 -- mail/exim/files/debian/75_05-parse.patch | 30 - mail/exim/files/debian/75_06-rda.patch | 28 - mail/exim/files/debian/75_07-appendfile.patch | 34 - mail/exim/files/debian/75_08-autoreply.patch | 70 -- mail/exim/files/debian/75_09-pipe.patch | 36 - mail/exim/files/debian/75_10-deliver.patch | 49 -- mail/exim/files/debian/75_11-directory.patch | 26 - mail/exim/files/debian/75_12-expand.patch | 34 - mail/exim/files/debian/75_13-lf_sqlperform.patch | 49 -- .../exim/files/debian/75_14-rf_get_transport.patch | 28 - mail/exim/files/debian/75_15-deliver.patch | 31 - mail/exim/files/debian/75_16-smtp_out.patch | 38 - mail/exim/files/debian/75_17-smtp.patch | 29 - mail/exim/files/debian/75_18-update-doc.patch | 154 ---- ...g_name-and-rejectlog_name-unconditionally.patch | 42 - mail/exim/files/debian/75_21-tidy-log.c.patch | 124 --- .../exim/files/debian/75_22-Silence-compiler.patch | 222 ----- ...e-the-main-_log-if-we-do-not-see-a-chance.patch | 166 ---- .../files/debian/75_24-Silence-the-compiler.patch | 57 -- ...ntchecks-for-mkdir-this-isn-t-part-of-4.9.patch | 27 - ...ng-gettimeofday-select-per-char-for-cmdli.patch | 616 ++++++++++++++ ...vert-all-uses-of-select-to-poll.-Bug-2831.patch | 931 +++++++++++++++++++++ ...-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch | 140 ++++ mail/exim/files/patch-OS_os.c-FreeBSD | 15 + mail/exim/files/patch-OS_os.h-FreeBSD | 17 - mail/exim/files/patch-src__EDITME | 46 +- mail/exim/options | 1 - 33 files changed, 1736 insertions(+), 1711 deletions(-) diff --git a/mail/exim/Makefile b/mail/exim/Makefile index 874f352e5ae3..efb374f816e3 100644 --- a/mail/exim/Makefile +++ b/mail/exim/Makefile @@ -2,7 +2,7 @@ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION?= 2 +PORTREVISION?= 0 CATEGORIES= mail MASTER_SITES= EXIM:exim MASTER_SITE_SUBDIR= /exim4/:exim \ @@ -65,32 +65,11 @@ SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 SQLITE_LIB_DEPENDS= libicudata.so:devel/icu SQLITE_USES= pkgconfig sqlite -TAINTWARN_PATCHES_PREFIX= ${FILESDIR}/debian/75 -TAINTWARN_EXTRA_PATCHES= \ - ${TAINTWARN_PATCHES_PREFIX}_01-Introduce-main-config-option-allow_insecure_tainted_.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_02-search.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_03-dbstuff.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_04-acl.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_05-parse.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_06-rda.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_07-appendfile.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_08-autoreply.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_09-pipe.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_10-deliver.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_11-directory.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_12-expand.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_13-lf_sqlperform.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_14-rf_get_transport.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_15-deliver.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_16-smtp_out.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_17-smtp.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_18-update-doc.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_21-tidy-log.c.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_22-Silence-compiler.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_24-Silence-the-compiler.patch:-p1 \ - ${TAINTWARN_PATCHES_PREFIX}_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch:-p1 +DEBIAN_PATCHES_PREFIX= ${FILESDIR}/debian/75 +EXTRA_PATCHES= \ + ${DEBIAN_PATCHES_PREFIX}_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_38-Convert-all-uses-of-select-to-poll.-Bug-2831.patch:-p1 \ + ${DEBIAN_PATCHES_PREFIX}_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch:-p1 .include <bsd.port.options.mk> @@ -131,7 +110,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf .endif -EXIM_VERSION= 4.94.2 +EXIM_VERSION= 4.95 SA_EXIM_VERSION=4.2.1 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h` diff --git a/mail/exim/distinfo b/mail/exim/distinfo index cf1ae320eaa8..c007834ea4bb 100644 --- a/mail/exim/distinfo +++ b/mail/exim/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1620141511 -SHA256 (exim/exim-4.94.2.tar.bz2) = 902e611486400608691dff31e1d8725eb9e23602399ad75670ec18878643bc4f -SIZE (exim/exim-4.94.2.tar.bz2) = 2007178 +TIMESTAMP = 1632918983 +SHA256 (exim/exim-4.95.tar.bz2) = 7f4716cc1b3fee66930d83b249f1c7b119fa1957f6f46e3f4372805cbc97ea63 +SIZE (exim/exim-4.95.tar.bz2) = 2035738 SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1 SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933 diff --git a/mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch b/mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch deleted file mode 100644 index 0295ec18fa6e..000000000000 --- a/mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch +++ /dev/null @@ -1,230 +0,0 @@ -From ec06d64532e4952fc36429f73e0222d26997ef7c Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Thu, 1 Apr 2021 22:44:31 +0200 -Subject: [PATCH 01/23] Introduce main config option - allow_insecure_tainted_data - -This option is deprecated already now. ---- - src/EDITME | 7 +++++ - src/config.h.defaults | 2 ++ - src/functions.h | 54 ++++++++++++++++++++++++++++++--------- - src/globals.c | 10 ++++++++ - src/globals.h | 4 +++ - src/macros.h | 3 +++ - src/readconf.c | 3 +++ - 7 files changed, 71 insertions(+), 12 deletions(-) - -diff --git a/src/EDITME b/src/EDITME -index 8da36a353..cebb8e2ec 100644 ---- a/src/EDITME -+++ b/src/EDITME -@@ -749,6 +749,13 @@ FIXED_NEVER_USERS=root - - # WHITELIST_D_MACROS=TLS:SPOOL - -+# The next setting enables a main config option -+# "allow_insecure_tainted_data" to turn taint failures into warnings. -+# Though this option is new, it is deprecated already now, and will be -+# ignored in future releases of Exim. It is meant as mitigation for -+# upgrading old (possibly insecure) configurations to more secure ones. -+ALLOW_INSECURE_TAINTED_DATA=yes -+ - #------------------------------------------------------------------------------ - # Exim has support for the AUTH (authentication) extension of the SMTP - # protocol, as defined by RFC 2554. If you don't know what SMTP authentication -diff --git a/src/config.h.defaults b/src/config.h.defaults -index e17f015f9..4e8b18904 100644 ---- a/src/config.h.defaults -+++ b/src/config.h.defaults -@@ -17,6 +17,8 @@ Do not put spaces between # and the 'define'. - #define ALT_CONFIG_PREFIX - #define TRUSTED_CONFIG_LIST - -+#define ALLOW_INSECURE_TAINTED_DATA -+ - #define APPENDFILE_MODE 0600 - #define APPENDFILE_DIRECTORY_MODE 0700 - #define APPENDFILE_LOCKFILE_MODE 0600 -diff --git a/src/functions.h b/src/functions.h -index 51bb17a09..1e8083673 100644 ---- a/src/functions.h -+++ b/src/functions.h -@@ -1083,36 +1083,66 @@ if (f.running_in_test_harness && f.testsuite_delays) millisleep(millisec); - - /******************************************************************************/ - /* Taint-checked file opens */ -+static inline uschar * -+is_tainted2(const void *p, int lflags, const uschar* fmt, ...) -+{ -+va_list ap; -+uschar *msg; -+rmark mark; -+ -+if (!is_tainted(p)) -+ return NULL; -+ -+mark = store_mark(); -+va_start(ap, fmt); -+msg = string_from_gstring(string_vformat(NULL, SVFMT_TAINT_NOCHK|SVFMT_EXTEND, fmt, ap)); -+va_end(ap); -+ -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+if (allow_insecure_tainted_data) -+ { -+ if LOGGING(tainted) log_write(0, LOG_MAIN, "Warning: %s", msg); -+ store_reset(mark); -+ return NULL; -+ } -+#endif -+ -+if (lflags) log_write(0, lflags, "%s", msg); -+return msg; /* no store_reset(), as the message might be used afterwards and Exim -+ is expected to exit anyway, so we do not care about the leaked -+ storage */ -+} - - static inline int - exim_open2(const char *pathname, int flags) - { --if (!is_tainted(pathname)) return open(pathname, flags); --log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); -+if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) -+ return open(pathname, flags); - errno = EACCES; - return -1; - } -+ - static inline int - exim_open(const char *pathname, int flags, mode_t mode) - { --if (!is_tainted(pathname)) return open(pathname, flags, mode); --log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); -+if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) -+ return open(pathname, flags, mode); - errno = EACCES; - return -1; - } - static inline int - exim_openat(int dirfd, const char *pathname, int flags) - { --if (!is_tainted(pathname)) return openat(dirfd, pathname, flags); --log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); -+if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) -+ return openat(dirfd, pathname, flags); - errno = EACCES; - return -1; - } - static inline int - exim_openat4(int dirfd, const char *pathname, int flags, mode_t mode) - { --if (!is_tainted(pathname)) return openat(dirfd, pathname, flags, mode); --log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); -+if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) -+ return openat(dirfd, pathname, flags, mode); - errno = EACCES; - return -1; - } -@@ -1120,8 +1150,8 @@ return -1; - static inline FILE * - exim_fopen(const char *pathname, const char *mode) - { --if (!is_tainted(pathname)) return fopen(pathname, mode); --log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname); -+if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname)) -+ return fopen(pathname, mode); - errno = EACCES; - return NULL; - } -@@ -1129,8 +1159,8 @@ return NULL; - static inline DIR * - exim_opendir(const uschar * name) - { --if (!is_tainted(name)) return opendir(CCS name); --log_write(0, LOG_MAIN|LOG_PANIC, "Tainted dirname '%s'", name); -+if (!is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted dirname '%s'", name)) -+ return opendir(CCS name); - errno = EACCES; - return NULL; - } -diff --git a/src/globals.c b/src/globals.c -index c34ac9ddd..ff660c352 100644 ---- a/src/globals.c -+++ b/src/globals.c -@@ -98,6 +98,10 @@ int sqlite_lock_timeout = 5; - BOOL move_frozen_messages = FALSE; - #endif - -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+BOOL allow_insecure_tainted_data = FALSE; -+#endif -+ - /* These variables are outside the #ifdef because it keeps the code less - cluttered in several places (e.g. during logging) if we can always refer to - them. Also, the tls_ variables are now always visible. Note that these are -@@ -1033,6 +1037,9 @@ int log_default[] = { /* for initializing log_selector */ - Li_size_reject, - Li_skip_delivery, - Li_smtp_confirmation, -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+ Li_tainted, -+#endif - Li_tls_certificate_verified, - Li_tls_cipher, - -1 -@@ -1100,6 +1107,9 @@ bit_table log_options[] = { /* must be in alphabetical order, - BIT_TABLE(L, smtp_protocol_error), - BIT_TABLE(L, smtp_syntax_error), - BIT_TABLE(L, subject), -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+ BIT_TABLE(L, tainted), -+#endif - BIT_TABLE(L, tls_certificate_verified), - BIT_TABLE(L, tls_cipher), - BIT_TABLE(L, tls_peerdn), -diff --git a/src/globals.h b/src/globals.h -index a4c1143b7..8d72577e0 100644 ---- a/src/globals.h -+++ b/src/globals.h -@@ -77,6 +77,10 @@ extern int sqlite_lock_timeout; /* Internal lock waiting timeout */ - extern BOOL move_frozen_messages; /* Get them out of the normal directory */ - #endif - -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+extern BOOL allow_insecure_tainted_data; -+#endif -+ - /* These variables are outside the #ifdef because it keeps the code less - cluttered in several places (e.g. during logging) if we can always refer to - them. Also, the tls_ variables are now always visible. */ -diff --git a/src/macros.h b/src/macros.h -index f78ae2e3d..322ddbf56 100644 ---- a/src/macros.h -+++ b/src/macros.h -@@ -498,6 +498,9 @@ enum logbit { - Li_smtp_mailauth, - Li_smtp_no_mail, - Li_subject, -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+ Li_tainted, -+#endif - Li_tls_certificate_verified, - Li_tls_cipher, - Li_tls_peerdn, -diff --git a/src/readconf.c b/src/readconf.c -index 948fa2403..133135f8f 100644 ---- a/src/readconf.c -+++ b/src/readconf.c -@@ -68,6 +68,9 @@ static optionlist optionlist_config[] = { - { "add_environment", opt_stringptr, {&add_environment} }, - { "admin_groups", opt_gidlist, {&admin_groups} }, - { "allow_domain_literals", opt_bool, {&allow_domain_literals} }, -+#ifdef ALLOW_INSECURE_TAINTED_DATA -+ { "allow_insecure_tainted_data", opt_bool, {&allow_insecure_tainted_data} }, -+#endif - { "allow_mx_to_ip", opt_bool, {&allow_mx_to_ip} }, - { "allow_utf8_domains", opt_bool, {&allow_utf8_domains} }, - { "auth_advertise_hosts", opt_stringptr, {&auth_advertise_hosts} }, --- -2.30.2 - diff --git a/mail/exim/files/debian/75_02-search.patch b/mail/exim/files/debian/75_02-search.patch deleted file mode 100644 index 226a350af10d..000000000000 --- a/mail/exim/files/debian/75_02-search.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b71d675f695c2cf17357b190476129535d5f446c Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Thu, 1 Apr 2021 22:45:03 +0200 -Subject: [PATCH 02/23] search - ---- - src/search.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/src/search.c b/src/search.c -index f8aaacb04..f6e4d1f5b 100644 ---- a/src/search.c -+++ b/src/search.c -@@ -343,12 +343,8 @@ lookup_info *lk = lookup_list[search_type]; - uschar keybuffer[256]; - int old_pool = store_pool; - --if (filename && is_tainted(filename)) -- { -- log_write(0, LOG_MAIN|LOG_PANIC, -- "Tainted filename for search: '%s'", filename); -+if (filename && is_tainted2(filename, LOG_MAIN|LOG_PANIC, "Tainted filename for search '%s'", filename)) - return NULL; -- } - - /* Change to the search store pool and remember our reset point */ - -@@ -639,7 +635,7 @@ DEBUG(D_lookup) - /* Arrange to put this database at the top of the LRU chain if it is a type - that opens real files. */ - --if ( open_top != (tree_node *)handle -+if ( open_top != (tree_node *)handle - && lookup_list[t->name[0]-'0']->type == lookup_absfile) - { - search_cache *c = (search_cache *)(t->data.ptr); --- -2.30.2 - diff --git a/mail/exim/files/debian/75_03-dbstuff.patch b/mail/exim/files/debian/75_03-dbstuff.patch deleted file mode 100644 index dc9da8e44c54..000000000000 --- a/mail/exim/files/debian/75_03-dbstuff.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 35b11dd0e52b5ac176849f807cca8898bcaf0c3d Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 28 Mar 2021 10:49:49 +0200 -Subject: [PATCH 03/23] dbstuff - ---- - src/dbstuff.h | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/dbstuff.h b/src/dbstuff.h -index c1fb54346..dcee78696 100644 ---- a/src/dbstuff.h -+++ b/src/dbstuff.h -@@ -643,11 +643,9 @@ after reading data. */ - : (flags) == O_RDWR ? "O_RDWR" \ - : (flags) == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT" \ - : "??"); \ -- if (is_tainted(name) || is_tainted(dirname)) \ -- { \ -- log_write(0, LOG_MAIN|LOG_PANIC, "Tainted name for DB file not permitted"); \ -+ if (is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted name '%s' for DB file not permitted", name) \ -+ || is_tainted2(dirname, LOG_MAIN|LOG_PANIC, "Tainted name '%s' for DB directory not permitted", dirname)) \ - *dbpp = NULL; \ -- } \ - else \ - { EXIM_DBOPEN__(name, dirname, flags, mode, dbpp); } \ - DEBUG(D_hints_lookup) debug_printf_indent("returned from EXIM_DBOPEN: %p\n", *dbpp); \ --- -2.30.2 - diff --git a/mail/exim/files/debian/75_04-acl.patch b/mail/exim/files/debian/75_04-acl.patch deleted file mode 100644 index 810b2e591675..000000000000 --- a/mail/exim/files/debian/75_04-acl.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 44fd80ad8abcd885fc1c8dbb294fc2140e4ef481 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 28 Mar 2021 10:50:14 +0200 -Subject: [PATCH 04/23] acl -Last-Update: 2021-05-01 - ---- - src/acl.c | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - ---- a/src/acl.c -+++ b/src/acl.c -@@ -3596,24 +3596,26 @@ - rc = mime_regex(&arg); - break; - #endif - - case ACLC_QUEUE: -- if (is_tainted(arg)) - { -- *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted", -- arg); -- return ERROR; -+ uschar *m; -+ if (m = is_tainted2(arg, 0, "Tainted name '%s' for queue not permitted", arg)) -+ { -+ *log_msgptr = m; -+ return ERROR; -+ } -+ if (Ustrchr(arg, '/')) -+ { -+ *log_msgptr = string_sprintf( -+ "Directory separator not permitted in queue name: '%s'", arg); -+ return ERROR; -+ } -+ queue_name = string_copy_perm(arg, FALSE); -+ break; - } -- if (Ustrchr(arg, '/')) -- { -- *log_msgptr = string_sprintf( -- "Directory separator not permitted in queue name: '%s'", arg); -- return ERROR; -- } -- queue_name = string_copy_perm(arg, FALSE); -- break; - - case ACLC_RATELIMIT: - rc = acl_ratelimit(arg, where, log_msgptr); - break; - -@@ -4005,14 +4007,12 @@ - } - - else if (*ss == '/') - { - struct stat statbuf; -- if (is_tainted(ss)) -+ if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted ACL file name '%s'", ss)) - { -- log_write(0, LOG_MAIN|LOG_PANIC, -- "attempt to open tainted ACL file name \"%s\"", ss); - /* Avoid leaking info to an attacker */ - *log_msgptr = US"internal configuration error"; - return ERROR; - } - if ((fd = Uopen(ss, O_RDONLY, 0)) < 0) diff --git a/mail/exim/files/debian/75_05-parse.patch b/mail/exim/files/debian/75_05-parse.patch deleted file mode 100644 index f9dab900f88e..000000000000 --- a/mail/exim/files/debian/75_05-parse.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7eeeb6f26af05322814ecc77c87f09c72ab2216a Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 28 Mar 2021 10:58:46 +0200 -Subject: [PATCH 05/23] parse - ---- - src/parse.c | 6 +----- - 1 file changed, 1 insertion(+), 5 deletions(-) - -diff --git a/src/parse.c b/src/parse.c -index 3ea758ac9..d1bc79039 100644 ---- a/src/parse.c -+++ b/src/parse.c -@@ -1402,12 +1402,8 @@ for (;;) - return FF_ERROR; - } - -- if (is_tainted(filename)) -- { -- *error = string_sprintf("Tainted name '%s' for included file not permitted\n", -- filename); -+ if (*error = is_tainted2(filename, 0, "Tainted name '%s' for included file not permitted\n", filename)) - return FF_ERROR; -- } - - /* Check file name if required */ - --- -2.30.2 - diff --git a/mail/exim/files/debian/75_06-rda.patch b/mail/exim/files/debian/75_06-rda.patch deleted file mode 100644 index f4ca2afc13f1..000000000000 --- a/mail/exim/files/debian/75_06-rda.patch +++ /dev/null @@ -1,28 +0,0 @@ -From a6da9c67acaee699616516be141d600cc178a633 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 28 Mar 2021 10:59:46 +0200 -Subject: [PATCH 06/23] rda - ---- - src/rda.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/rda.c b/src/rda.c -index aed8abc24..6ad7dd8bd 100644 ---- a/src/rda.c -+++ b/src/rda.c -@@ -179,10 +179,8 @@ struct stat statbuf; - /* Reading a file is a form of expansion; we wish to deny attackers the - capability to specify the file name. */ - --if (is_tainted(filename)) -+if (*error = is_tainted2(filename, 0, "Tainted name '%s' for file read not permitted\n", filename)) - { -- *error = string_sprintf("Tainted name '%s' for file read not permitted\n", -- filename); - *yield = FF_ERROR; - return NULL; - } --- -2.30.2 - diff --git a/mail/exim/files/debian/75_07-appendfile.patch b/mail/exim/files/debian/75_07-appendfile.patch deleted file mode 100644 index 5a9e37861d7f..000000000000 --- a/mail/exim/files/debian/75_07-appendfile.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c29b50d2fe17cc108d751175ed4f4113c25c1768 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 28 Mar 2021 11:00:06 +0200 -Subject: [PATCH 07/23] appendfile - ---- - src/transports/appendfile.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/transports/appendfile.c b/src/transports/appendfile.c -index 8ab8b6016..7dbbaa2f9 100644 ---- a/src/transports/appendfile.c -+++ b/src/transports/appendfile.c -@@ -1286,12 +1286,14 @@ if (!(path = expand_string(fdname))) - expand_string_message); - goto ret_panic; - } --if (is_tainted(path)) -+{ uschar *m; -+if (m = is_tainted2(path, 0, "Tainted '%s' (file or directory " -+ "name for %s transport) not permitted", path, tblock->name)) - { -- addr->message = string_sprintf("Tainted '%s' (file or directory " -- "name for %s transport) not permitted", path, tblock->name); -+ addr->message = m; - goto ret_panic; - } -+} - - if (path[0] != '/') - { --- -2.30.2 - diff --git a/mail/exim/files/debian/75_08-autoreply.patch b/mail/exim/files/debian/75_08-autoreply.patch deleted file mode 100644 index de5eb1dd3c20..000000000000 --- a/mail/exim/files/debian/75_08-autoreply.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 26de37d8960da80473866fb59b9dfd10a5761538 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sun, 28 Mar 2021 11:06:27 +0200 -Subject: [PATCH 08/23] autoreply - ---- - src/transports/autoreply.c | 21 ++++++++++++--------- - 1 file changed, 12 insertions(+), 9 deletions(-) - -diff --git a/src/transports/autoreply.c b/src/transports/autoreply.c -index 865abbf4f..ed99de4c6 100644 ---- a/src/transports/autoreply.c -+++ b/src/transports/autoreply.c -@@ -404,14 +404,15 @@ recipient cache. */ - - if (oncelog && *oncelog && to) - { -+ uschar *m; - time_t then = 0; - -- if (is_tainted(oncelog)) -+ if (m = is_tainted2(oncelog, 0, "Tainted '%s' (once file for %s transport)" -+ " not permitted", oncelog, tblock->name)) - { - addr->transport_return = DEFER; - addr->basic_errno = EACCES; -- addr->message = string_sprintf("Tainted '%s' (once file for %s transport)" -- " not permitted", oncelog, tblock->name); -+ addr->message = m; - goto END_OFF; - } - -@@ -515,13 +516,14 @@ if (oncelog && *oncelog && to) - - if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec)) - { -+ uschar *m; - int log_fd; -- if (is_tainted(logfile)) -+ if (m = is_tainted2(logfile, 0, "Tainted '%s' (logfile for %s transport)" -+ " not permitted", logfile, tblock->name)) - { - addr->transport_return = DEFER; - addr->basic_errno = EACCES; -- addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)" -- " not permitted", logfile, tblock->name); -+ addr->message = m; - goto END_OFF; - } - -@@ -548,12 +550,13 @@ if (oncelog && *oncelog && to) - /* We are going to send a message. Ensure any requested file is available. */ - if (file) - { -- if (is_tainted(file)) -+ uschar *m; -+ if (m = is_tainted2(file, 0, "Tainted '%s' (file for %s transport)" -+ " not permitted", file, tblock->name)) - { - addr->transport_return = DEFER; - addr->basic_errno = EACCES; -- addr->message = string_sprintf("Tainted '%s' (file for %s transport)" -- " not permitted", file, tblock->name); -+ addr->message = m; - return FALSE; - } - if (!(ff = Ufopen(file, "rb")) && !ob->file_optional) --- -2.30.2 - diff --git a/mail/exim/files/debian/75_09-pipe.patch b/mail/exim/files/debian/75_09-pipe.patch deleted file mode 100644 index 0ec9bcfaed19..000000000000 --- a/mail/exim/files/debian/75_09-pipe.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f9628406706112be459adb3f121db8e6cf282c2d Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Fri, 2 Apr 2021 17:30:27 +0200 -Subject: [PATCH 09/23] pipe - ---- - src/transports/pipe.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/transports/pipe.c b/src/transports/pipe.c -index 27422bd42..4c9e68beb 100644 ---- a/src/transports/pipe.c -+++ b/src/transports/pipe.c -@@ -599,13 +599,16 @@ if (!cmd || !*cmd) - tblock->name); - return FALSE; - } --if (is_tainted(cmd)) -+ -+{ uschar *m; -+if (m = is_tainted2(cmd, 0, "Tainted '%s' (command " -+ "for %s transport) not permitted", cmd, tblock->name)) - { -- addr->message = string_sprintf("Tainted '%s' (command " -- "for %s transport) not permitted", cmd, tblock->name); - addr->transport_return = PANIC; -+ addr->message = m; - return FALSE; - } -+} - - /* When a pipe is set up by a filter file, there may be values for $thisaddress - and numerical the variables in existence. These are passed in --- -2.30.2 - diff --git a/mail/exim/files/debian/75_10-deliver.patch b/mail/exim/files/debian/75_10-deliver.patch deleted file mode 100644 index ea4a54239e31..000000000000 --- a/mail/exim/files/debian/75_10-deliver.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 2fee91ae42e974c21202e0b5e17185f6a87bf8af Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Wed, 31 Mar 2021 23:12:44 +0200 -Subject: [PATCH 10/23] deliver - ---- - src/deliver.c | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/deliver.c b/src/deliver.c -index d85edd70e..8b7998f37 100644 ---- a/src/deliver.c -+++ b/src/deliver.c -@@ -5538,10 +5538,11 @@ FILE * fp = NULL; - if (!s || !*s) - log_write(0, LOG_MAIN|LOG_PANIC, - "Failed to expand %s: '%s'\n", varname, filename); --else if (*s != '/' || is_tainted(s)) -- log_write(0, LOG_MAIN|LOG_PANIC, -- "%s is not %s after expansion: '%s'\n", -- varname, *s == '/' ? "untainted" : "absolute", s); -+else if (*s != '/') -+ log_write(0, LOG_MAIN|LOG_PANIC, "%s is not absolute after expansion: '%s'\n", -+ varname, s); -+else if (is_tainted2(s, LOG_MAIN|LOG_PANIC, "Tainted %s after expansion: '%s'\n", varname, s)) -+ ; - else if (!(fp = Ufopen(s, "rb"))) - log_write(0, LOG_MAIN|LOG_PANIC, "Failed to open %s for %s " - "message texts: %s", s, reason, strerror(errno)); -@@ -6148,12 +6149,13 @@ else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT) - { - uschar *tmp = expand_string(tpname); - address_file = address_pipe = NULL; -+ uschar *m; - if (!tmp) - p->message = string_sprintf("failed to expand \"%s\" as a " - "system filter transport name", tpname); -- if (is_tainted(tmp)) -- p->message = string_sprintf("attempt to used tainted value '%s' for" -- "transport '%s' as a system filter", tmp, tpname); -+ if (is_tainted2(tmp, 0, m = string_sprintf("Tainted values '%s' " -+ "for transport '%s' as a system filter", tmp, tpname))) -+ p->message = m; - tpname = tmp; - } - else --- -2.30.2 - diff --git a/mail/exim/files/debian/75_11-directory.patch b/mail/exim/files/debian/75_11-directory.patch deleted file mode 100644 index 4c3a68418c0b..000000000000 --- a/mail/exim/files/debian/75_11-directory.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 5f41e800ce9cc7ad154047298914df955e905bf4 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Thu, 1 Apr 2021 21:28:59 +0200 -Subject: [PATCH 11/23] directory - ---- - src/directory.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/directory.c b/src/directory.c -index 2d4d565f4..9f88f4141 100644 ---- a/src/directory.c -+++ b/src/directory.c -@@ -44,6 +44,9 @@ uschar c = 1; - struct stat statbuf; - uschar * path; - -+if (is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted path '%s' for new directory", name)) -+ { p = US"create"; path = US name; errno = EACCES; goto bad; } -+ - if (parent) - { - path = string_sprintf("%s%s%s", parent, US"/", name); --- -2.30.2 - diff --git a/mail/exim/files/debian/75_12-expand.patch b/mail/exim/files/debian/75_12-expand.patch deleted file mode 100644 index ebb099d284f2..000000000000 --- a/mail/exim/files/debian/75_12-expand.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c02ea85f525ff256d78e084d6f76fe3032fd52e1 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Thu, 1 Apr 2021 21:33:50 +0200 -Subject: [PATCH 12/23] expand - ---- - src/expand.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/expand.c b/src/expand.c -index 05de94c49..21b86ebf5 100644 ---- a/src/expand.c -+++ b/src/expand.c -@@ -4383,13 +4383,13 @@ DEBUG(D_expand) - f.expand_string_forcedfail = FALSE; - expand_string_message = US""; - --if (is_tainted(string)) -+{ uschar *m; -+if (m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansion", s)) - { -- expand_string_message = -- string_sprintf("attempt to expand tainted string '%s'", s); -- log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message); -+ expand_string_message = m; - goto EXPAND_FAILED; - } -+} - - while (*s != 0) - { --- -2.30.2 - diff --git a/mail/exim/files/debian/75_13-lf_sqlperform.patch b/mail/exim/files/debian/75_13-lf_sqlperform.patch deleted file mode 100644 index 67283a02676e..000000000000 --- a/mail/exim/files/debian/75_13-lf_sqlperform.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9810dfc25d8b9687b46e57963a3ac30bf5c9b2c9 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Thu, 1 Apr 2021 21:36:12 +0200 -Subject: [PATCH 13/23] lf_sqlperform - ---- - src/lookups/lf_sqlperform.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/src/lookups/lf_sqlperform.c b/src/lookups/lf_sqlperform.c -index ad1df29d1..eda3089e2 100644 ---- a/src/lookups/lf_sqlperform.c -+++ b/src/lookups/lf_sqlperform.c -@@ -102,11 +102,13 @@ if (Ustrncmp(query, "servers", 7) == 0) - } - } - -- if (is_tainted(server)) -- { -- *errmsg = string_sprintf("%s server \"%s\" is tainted", name, server); -+ { uschar *m; -+ if (m = is_tainted2(server, 0, "Tainted %s server '%s'", name, server)) -+ { -+ *errmsg = m; - return DEFER; - } -+ } - - rc = (*fn)(ss+1, server, result, errmsg, &defer_break, do_cache, opts); - if (rc != DEFER || defer_break) return rc; -@@ -158,11 +160,13 @@ else - server = ele; - } - -- if (is_tainted(server)) -+ { uschar *m; -+ if (is_tainted2(server, 0, "Tainted %s server '%s'", name, server)) - { -- *errmsg = string_sprintf("%s server \"%s\" is tainted", name, server); -+ *errmsg = m; - return DEFER; - } -+ } - - rc = (*fn)(query, server, result, errmsg, &defer_break, do_cache, opts); - if (rc != DEFER || defer_break) return rc; --- -2.30.2 - diff --git a/mail/exim/files/debian/75_14-rf_get_transport.patch b/mail/exim/files/debian/75_14-rf_get_transport.patch deleted file mode 100644 index 9e8b69d3ad6a..000000000000 --- a/mail/exim/files/debian/75_14-rf_get_transport.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 015fff57c854184f8bce61476c46a2830a97daf8 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Fri, 2 Apr 2021 08:36:24 +0200 -Subject: [PATCH 14/23] rf_get_transport - ---- - src/routers/rf_get_transport.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/routers/rf_get_transport.c b/src/routers/rf_get_transport.c -index 4a43818ff..32bde9ec3 100644 ---- a/src/routers/rf_get_transport.c -+++ b/src/routers/rf_get_transport.c -@@ -66,10 +66,8 @@ if (expandable) - "\"%s\" in %s router: %s", tpname, router_name, expand_string_message); - return FALSE; - } -- if (is_tainted(ss)) -+ if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted tainted value '%s' from '%s' for transport", ss, tpname)) - { -- log_write(0, LOG_MAIN|LOG_PANIC, -- "attempt to use tainted value '%s' from '%s' for transport", ss, tpname); - addr->basic_errno = ERRNO_BADTRANSPORT; - /* Avoid leaking info to an attacker */ - addr->message = US"internal configuration error"; --- -2.30.2 - diff --git a/mail/exim/files/debian/75_15-deliver.patch b/mail/exim/files/debian/75_15-deliver.patch deleted file mode 100644 index 0c2ca2772d10..000000000000 --- a/mail/exim/files/debian/75_15-deliver.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2bafe3fc82cf62f0c21f939f5891b8d067f3abc7 Mon Sep 17 00:00:00 2001 -From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de> -Date: Sat, 3 Apr 2021 10:54:22 +0200 -Subject: [PATCH 15/23] deliver - ---- - src/deliver.c | 5 +++-- - test/paniclog/0622 | 2 +- - test/stderr/0622 | 2 +- - 3 files changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/deliver.c b/src/deliver.c -index 8b7998f37..87e944b03 100644 ---- a/src/deliver.c -+++ b/src/deliver.c -@@ -6153,9 +6153,10 @@ else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT) - if (!tmp) *** 2847 LINES SKIPPED ***