OpenWRT
/
packages
mirror of https://github.com/openwrt/packages.git
1
0
Fork 0
Code Issues Releases Wiki Activity
32,954 Commits
10 Branches
1 Tag
197 MiB
Commit Graph

14 Commits (28545bc22cdbca4d05cbbd9fc3efd7d87cd9aa3a)

Author SHA1 Message Date
Daniel Golle 00c4a7f9c3 exim: update to 4.98 
Remove upstreamed patch 300-avoid-time-printf.patch
Exim/exim@9ae8613607

Exim version 4.98
-----------------

JH/01 Support list of dkim results in the dkim_status ACL condition, making
      it more usable in the data ACL.

JH/02 Bug 3040: Handle error on close of the spool data file during reception.
      Previously This was only logged, on the assumption that errors would be
      seen for a previous fflush().  However, a fuse filesystem has been
      reported as showing this an error for the fclose().  The spool is now in
      an uncertain state, and we have logged and responded acceptance.  Change
      this to respond with a temp-reject, wipe spoolfiles, and log the error
      detail.

JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA.  When hit
      during a recipient verify callout, a QUIT command was attempted on the
      now-closed callout channel, causing a paniclog entry.

JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
      a connection_reject log_selector, under tls_on_connect.  Previously
      with this combination, when the connect ACL rejected, a spurious
      paniclog entry was made.

JH/05 Fix TLS resumption for TLS-on-connect.  This was broken by the advent
      of loadbalancer-detection for resumption, in 4.96 - which tries to
      use the EHLO response. SMTPS does not have one at the time it is starting
      TLS.  Change the default for the smtp transport host_name_extract option
      to be a static string, for TLS-on-connect cases; meaning that resumption
      will always be attempted (unless deliberately overriden).

JH/06 Bug 3054: Fix dnsdb lookup for a TXT record with multiple chunks, with a
      chunk-separator specification.  This was broken by hardening introduced
      for Bug 3031.

JH/07 Bug 3050: Fix -bp for old message_id format spoolfiles.  Previously it
      included the -H with the id; this also messed up exiqgrep.

JH/08 Bug 3056: Tighten up parsing of DKIM DNS records.  Previously, whitespace
      was not properly skipped and empty elements would cause mis-parsing.
      Tighten parsing of DKIM header records.  Previously, all but lowercase
      alpha chars would be ignored in potential tag names.

JH/09 Bug 3057: Add heuristic for spotting mistyped IPv6 addresses in lists
      being searched.  Previously we only had one for IPv4 addresses. Per the
      documentation, the error results by default in a no-match result for the
      list.  It is logged if the unknown_in_list log_selector is used.

JH/10 Bug 3058: Ensure that a failing expansion in a router "set" option defers
      the routing operation.  Previously it would silently stop routing the
      message.

JH/11 Bug 3046: Fix queue-runs.  Previously, the arrivel of a notification or
      info-request event close in time to a scheduled run timer could result in
      the latter being missed, and no further queue scheduled runs being
      initiated.  This ouwld be more likely on high-load systems.

JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
      LF-only mode (as detected from the first header line).  Previously we did
      accept that in (normal) CRLF mode; this has been raised as a possible
      attack scenario (under the name "smtp smuggling").

JH/13 Add an fdatasync call for the received message data file in spool, before
      loggging reception and sending the SMTP ack.  Previously we only flushed
      the stdio buffer so there was still the possibility of a disk error.

JH/14 Bug 3061: Avoid a split log line when trying to rewrite a malformed
      address.  Previously, for the last address in a header line (commonly
      there is only one) the terminating newline was part of the logged
      information.

JH/15 Bug 3061: Ensure a log line is written for a malformed address in a
      header, when parsing for address-qualification.  Previously one was only
      written if there were rewrite rules.

JH/16 Two-phase queue runs are now reported in the daemon startup log line and
      in exiwhat output.

JH/17 Bug 3064: Fix combination of "-q<period> -R <recipients>". Introduction of
      the multiple-queue-runners facility for 4.97 broke this, giving only a
      one-time run of the queue.

JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style
      lookups.

JH/19 Fix TLS startup. When the last expansion done before the initiation of a
      TLS session resulted in a forced-fail, a misleading error was logged for
      the expansino of tls_certificates.  This would affect the common case of
      that option being set (main-section options) but not having any variable
      parts.  It could also potentially affect tls_privatekeys.  The underlyding
      coding errors go back to 4.90 but were only exposed in 4.97.

JH/20 Bug 3047: A recent (somewhere between 10.34 and 10.42) version of the
      pcre2 library starting allocating 20kB rather than 112 bytes per match
      call, which broke the 2GB total limitation on Exim's memory management
      when a user had over 104207 messages stored and the appendfile
      maildir_quota_directory_regex option is in use.  Release the allocated
      memory every thosand files to avoid this.
      The same issue arises with the ACL regex condition, which is applied
      to every line of a received message.

JH/21 Bug 3059: Fix crash in smtp transport. When running for a message for
      which all recipients had been handled (itself an issue) a null-pointer
      deref was done on trying to write a retry record. Fix that by counting
      the outstanding recipients before trying to transmit the message.
      The situation arose for a second MX try within a transport run, when the
      first had perm-rejected a recipient (the only one for the connection, in
      the case seen) during pipelining, and then closed the TCP connection.
      The transport classified that as an I/O error, leaving the message
      outstanding but having marked up the recipient as dealt-with. It then
      tried another MX because of the I/O error. Fix this by converting the
      message-level status to ok if there was a close but all recipients were
      dealt with.  Thanks to Wolfgand Breyha for debug runs.

JH/22 The ESMTP_LIMITS facility (RFC 9422) is promoted from experimental status
      and is now controlled by the build-time option DISABLE_ESMTP_LIMITS.

JH/23 Bug 3066: Avoid leaking lookup database credentials to log.

JH/24 Bug 3081: Fix a delivery process crash.  When the router "errors_to"
      option specified a fixed address, later rewriting on that address would
      trip on the configuration data being readonly.  Instead of modifying
      in-place, copy data.  Found and fixed by Peter Benie.

JH/25 Bug 3079: Fix crash in dbmnz.  When a key was present for zero-length
      data a null pointer was followed.  Find and testcase by Sebastian Bugge.

JH/26 Fix encoding for an AUTH parameter on a MAIL FROM command.  Previously
      decimal 127 chars were not encoded, and lowercase hex was used for
      encoded values.  Outstanding since at least 1999.

JH/27 Fix crash in logging.  When a message with a large number of recipients
      had been received, and logging of recipients is enabled, the buffer used
      for logging could reach limit.  A read using a null pointer would then
      be done, resulting in a crash of the receiving process before an SMTP
      ACK for the message was returned to the sending system.  Duplicate
      messages were created as a result.
      Find and debug help by Mateusz Krawczyk

JH/28 Bug 3086: Fix exinext for ipv6.  Change the format of keys in the retry
      DB, wrapping transport record bare-ip "host names" and ipv6
      "host addresses" in square-brackets.  This makes the parsing that
      exinext does more reliable.

JH/29 Bug 3087: Fix SRS encode.  A zero-length quoted element in the local-part
      would cause a crash.

JH/30 Bug 3029: Avoid feeding Resent-From: to DMARC.

JH/31 Bug 3027: For -bh / -bhc tests change to using the compressed form of
      ipv6 addresses for the sender.  Previously the uncompressed form was used,
      and if used in textual form this would result in behavior difference
      versus non-bh.

JH/32 Bug 3096: MAIL before HELO/EHLO, where required by hosts_require_helo, is
      now classed as a protocol error and subject to smtp_max_synprot_errors.

JH/33 Bug 2994: A subdir dsearch lookup should permit a directory name that starts
      ".." and has following characters.

JH/34 Fix delivery ordering for 2-phase queue run combined with
      queue_run_in_order.

JH/35 Bug 3099: fix parsing of MIME filename= split over multiple paramemters.
      Previously the $mime_filename variable would have an incorrect value.
      While in the code, extend coverage to name= which previously was only
      supported for single parameters, despite also filling in $mime_filename.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2024-07-17 14:52:00 +01:00
Daniel Golle e8600462c7 exim: update to 4.97.1 
IPv6 has accidentally been disabled in all Exim builds since the
package was introduced in OpenWrt due to a faulty `sed` script. This
has now been fixed, so beware that IPv6 is now enabled when updating
from previous releases.

Upstream changes since version 4.96.2 (bottom up):

JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
      LF-only mode (as detected from the first header line).  Previously we did
      accept that in (normal) CRLF mode; this has been raised as a possible
      attack scenario (under the name "smtp smuggling", CVE-2023-51766).

JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
      SMTP connection" log lines.

JH/02 Option default value updates:
        - queue_fast_ramp (main)        true (was false)
        - remote_max_parallel (main)    4 (was 2)

JH/03 Cache static regex pattern compilations, for use by ACLs.

JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

JH/05 Follow symlinks for placing a watch on TLS creds files.  This means
      (under Linux) we watch the dir containing the final file; previously
      it would be the dir with the first symlink.  We still do not monitor
      the entire path.

JH/06 Check for bad chars in rDNS for sender_host_name.  The OpenBSD (at least)
      dn_expand() is happy to pass them through.

JH/07 OpenSSL Fix auto-reload of changed server OCSP proof.  Previously, if
      the file with the proof had an unchanged name, the new proof(s) were
      loaded on top of the old ones (and nover used; the old ones were stapled).

JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
      more than one message arrived in a single connection a reference from
      the earlier message could be re-used.  Often a sigsegv resulted.
      These variables were introduced in Exim 4.87.
      Debug help from Graeme Fowler.

JH/09 Fix ${filter } for conditions that modify $value.  Previously the
      modified version would be used in construction the result, and a memory
      error would occur.

JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
      Find and fix by Jasen Betts.

JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
      than TLSv1,2,  Previously, more-recent versions of OpenSSL were permitting
      the systemwide configuration to override the Exim config.

HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
      API changes in libopendmarc.

JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
      pid 1, in the normal "background daemon" mode, having to drop process-
      group leadership also lost track of needing to create listener sockets.

JH/13 Bug 2929: Fix using $recipients after ${run...}.  A change made for 4.96
      resulted in the variable appearing empty.  Find and fix by Ruben Jenster.

JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
      a capture group which obtained no text (eg. "(abc)*" matching zero
      occurrences) could cause a segfault if the corresponding $<n> was
      expanded.

JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
      included a close-brace character (eg. it itself used an expansion) an
      error occurred.

JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
      starting TLS.  Previously it was after, meaning that attackers on such
      ports had to be screened using the host_reject_connection main config
      option. The new sequence aligns better with the STARTTLS behaviour, and
      permits defences against crypto-processing load attacks, even though it
      is strictly an incompatible change.
      Also, avoid sending any SMTP fail response for either the connect ACL
      or host_reject_connection, for TLS-on-connect ports.

JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
      Previously this was not permitted, but it makes reasonable sense.
      While there, restore a restriction on using it from a connect ACL; given
      the change JH/16 it could only return false (and before 4.91 was not
      permitted).

JH/18 Fix a fencepost error in logging.  Previously (since 4.92) when a log line
      was exactly sized compared to the log buffer, a crash occurred with the
      misleading message "bad memory reference; pool not found".
      Found and traced by Jasen Betts.

JH/19 Bug 2911: Fix a recursion in DNS lookups.  Previously, if the main option
      dns_again_means_nonexist included an element causing a DNS lookup which
      itself returned DNS_AGAIN, unbounded recursion occurred.  Possible results
      included (though probably not limited to) a process crash from stack
      memory limit, or from excessive open files.  Replace this with a paniclog
      whine (as this is likely a configuration error), and returning
      DNS_NOMATCH.

JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group.  Previously
      this always failed, probably leading to the usual downgrade to in-clear
      connections.

JH/21 Fix TLSA lookups.  Previously dns_again_means_nonexist would affect
      SERVFAIL results, which breaks the downgrade resistance of DANE.  Change
      to not checking that list for these lookups.

JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
      closure log lines.

JH/23 Fix crash in string expansions. Previously, if an empty variable was
      immediately followed by an expansion operator, a null-indirection read
      was done, killing the process.

JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
      include an SMTP response string which is longer than that supported
      by the delivering transport.  Alleviate by wrapping such lines before
      column 80.

JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
      chars (RFC limit).  Previously a limit of 12 items was made, which with
      a not-impossible References: in the message being bounced could still
      be over-large and get stopped in the transport.

JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
      close.  Previously a bare socket close was done.

JH/27 Fix ${srs_encode ..}.  Previously it would give a bad result for one day
      every 1024 days.

JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
      message being considered for delivery was already being handled by
      another process, and having an SMTP connection already open, the function
      to close it tried to use an uninitialized variable.  This would afftect
      high-volume sites more, especially when running mailing-list-style loads.
      Pollution of logs was the major effect, as the other process delivered
      the message.  Found and partly investigated by Graeme Fowler.

JH/29 Change format of the internal ID used for message identification. The old
      version only supported 31 bits for a PID element; the new 64 (on systems
      which can use Base-62 encoding, which is all currently supported ones
      but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
      and must use Base-36).  The new ID is 23 characters rather than 16, and is
      visible in various places - notably logs, message headers, and spool file
      names.  Various of the ancillary utilities also have to know the format.
        As well as the expanded PID portion, the sub-second part of the time
      recorded in the ID is expanded to support finer precision.  Theoretically
      this permits a receive rate from a single comms channel of better than the
      previous 2000/sec.
        The major timestamp part of the ID is not changed; at 6 characters it is
      usable until about year 3700.
        Updating from previously releases is fully supported: old-format spool
      files are still usable, and the utilities support both formats.  New
      message will use the new format.  The one hints-DB file type which uses
      message-IDs (the transport wait- DB) will be discarded if an old-format ID
      is seen; new ones will be built with only new-format IDs.
      Optionally, a utility can be used to convert spool files from old to new,
      but this is only an efficiency measure not a requirement for operation
        Downgrading from new to old requires running a provided utility, having
      first stopped all operations.  This will convert any spool files from new
      back to old (losing time-precision and PID information) and remove any
      wait- hints databases.

JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
      we treated them as item separators when parsing for a list item, but they
      need to be protected by the doublequotes.  While there, add handling for
      backslashes.

JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
      Found and fixed by Jasen Betts. No testcase for this as my usual text
      editor insists on emitting only valid UTF-8.

JH/32 Fix "tls_dhparam = none" under GnuTLS.  At least with 3.7.9 this gave
      a null-indirection SIGSEGV for the receive process.

JH/33 Fix free for live variable $value created by a ${run ...} expansion during
      -bh use.  Internal checking would spot this and take a panic.

JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
      In 4.96 this would expand to empty.

JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
      certificate.  Find and fix by Andreas Metzler.

JH/36 Add ARC info to DMARC hostory records.

JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
      or fakedefer.  Previously the sender could discover that the message
      had in fact been accepted.

JH/38 Taint-track intermediate values from the peer in multi-stage authentation
      sequences.  Previously the input was not noted as being tainted; notably
      this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
      bad coding of authenticators.

JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
      and ${tr...}.  Found and diagnosed by Heiko Schlichting.

JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
      CVE-2023-42115

JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
      CVE-2023-42219
      could be triggered by externally-supplied input.  Found by Trend Micro.
      CVE-2023-42115

JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2024-04-08 02:30:07 +01:00
Daniel Golle 86ec7b19bc exim: update to version 4.96.2 
Fixes vulnerabilities:
 - Improper Neutralization of Special Elements (CVE-2023-42117)
 - dnsdb Out-Of-Bounds Read (CVE-2023-42119)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2023-10-24 13:45:26 +01:00
Daniel Golle 7c8f4a2a1c exim: update to version 4.96.1 
This is a security release.

JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which
      could be triggered by externally-supplied input.  Found by Trend Micro.
      CVE-2023-42115

JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2023-10-08 03:28:35 +02:00
Daniel Golle db85d9ead6 exim: apply hotfix for some ZDI reported vulnerabilities 
Apply preliminary hotfix for some (three?) of the 0-day
vulnerabilities reported by ZDI.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2023-10-01 21:31:49 +01:00
Paul Fertser 0c10c224be treewide: remove AUTORELEASE 
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.

The following temporary change was made to the core:

diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
 abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))

 COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))

 all:
 FORCE: ;

And this command used to fix affected packages:

for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
                              sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
  make package/$i/download
done

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
 2023-04-21 22:46:58 +02:00
Daniel Golle f2763b95af
exim: update to version 4.96 
Exim version 4.96
-----------------

JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
      after reception to before a subsequent reception.  This should
      mean slightly faster delivery, and also confirmation of reception
      to senders.

JH/02 Move from using the pcre library to pcre2.  The former is no longer
      being developed or supported (by the original developer).

JH/03 Constification work in the filters module required a major version
      bump for the local-scan API.  Specifically, the "headers_charset"
      global which is visible via the API is now const and may therefore
      not be modified by local-scan code.

JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for
      sendfile() didi not account for the way the ClamAV driver code called it.

JH/05 Bug 2819: speed up command-line messages being read in.  Previously a
      time check was being done for every character; replace that with one
      per buffer.

JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL.  Previously the string
      sent was prefixed with a length byte.

JH/07 Change the SMTP feature name for pipelining connect to be compliant with
      RFC 5321.  Previously Dovecot (at least) would log errors during
      submission.

JH/08 Remove stripping of the binaries from the FreeBSD build.  This was added
      in 4.61 without a reason logged. Binaries will be bigger, which might
      matter on diskspace-constrained systems, but debug is easier.

JH/09 Fix macro-definition during "-be" expansion testing.  The move to
      write-protected store for macros had not accounted for these runtime
      additions; fix by removing this protection for "-be" mode.

JH/10 Convert all uses of select() to poll().  FreeBSD 12.2 was found to be
      handing out large-numbered file descriptors, violating the usual Unix
      assumption (and required by Posix) that the lowest possible number will be
      allocated by the kernel when a new one is needed.  In the daemon, and any
      child procesees, values higher than 1024 (being bigger than FD_SETSIZE)
      are not useable for FD_SET() [and hence select()] and overwrite the stack.
      Assorted crashes happen.

JH/11 Fix use of $sender_host_name in daemon process.  When used in certain
      main-section options or in a connect ACL, the value from the first ever
      connection was never replaced for subsequent connections.  Found by
      Wakko Warner.

JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux,
      though only once PCRE2 was introduced: the memory accounting used under
      debug offset allocations by an int, giving a hard trap in early startup.
      Change to using a size_t.  Debug and fix by John Paul Adrian Glaubitz.

JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
      with underbars is given.  The write-protection of configuration introduced
      in 4.95 trapped when normalisation was applied to an option not needing
      expansion action.

JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.

JH/15 Fix a resource leak in *BSD.  An off-by-one error resulted in the daemon
      failing to close the certificates directory, every hour or any time it
      was touched.

JH/16 Debugging initiated by an ACL control now continues through into routing
      and transport processes.  Previously debugging stopped any time Exim
      re-execs, or for processing a queued message.

JH/17 The "expand" debug selector now gives more detail, specifically on the
      result of expansion operators and items.

JH/18 Bug 2751: Fix include_directory in redirect routers.  Previously a
      bad comparison between the option value and the name of the file to
      be included was done, and a mismatch was wrongly identified.
      4.88 to 4.95 are affected.

JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn.

JH/20 When built with NDBM for hints DB's check for nonexistence of a name
      supplied as the db file-pair basename.  Previously, if a directory
      path was given, for example via the autoreply "once" option, the DB
      file.pag and file.dir files would be created in that directory's
      parent.

JH/21 Remove the "allow_insecure_tainted_data" main config option and the
      "taint" log_selector.  These were previously deprecated.

JH/22 Fix static address-list lookups to properly return the matched item.
      Previously only the domain part was returned.

JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously
      the call into OpenSSL to send a TLS Close was being repeated; this
      resulted in the library waiting for the peer's Close.  If that was never
      sent we waited forever.  Fix by tracking send calls.

JH/24 The ${run} expansion item now expands its command string elements after
      splitting.  Previously it was before; the new ordering makes handling
      zero-length arguments simpler.  The old ordering can be obtained by
      appending a new option "preexpand", after a comma, to the "run".

JH/25 Taint-check exec arguments for transport-initiated external processes.
      Previously, tainted values could be used.  This affects "pipe", "lmtp" and
      "queryprogram" transport, transport-filter, and ETRN commands.
      The ${run} expansion is also affected: in "preexpand" mode no part of
      the command line may be tainted, in default mode the executable name
      may not be tainted.

JH/26 Fix CHUNKING on a continued-transport.  Previously the usabliility of
      the the facility was not passed across execs, and only the first message
      passed over a connection could use BDAT; any further ones using DATA.

JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data
      uses $sending_ip_address and an interface is specified.
      Previously any use of the local address in the EHLO name disabled
      PIPECONNECT, the common case being to use the rDNS of it.

JH/28 OpenSSL: fix transport-required OCSP stapling verification under session
      resumption. Previously verify failed because no certificate status is
      passed on the wire for the restarted session. Fix by using the recorded
      ocsp status of the stored session for the new connection.

JH/29 TLS resumption: the key for session lookup in the client now includes
      more info that a server could potentially use in configuring a TLS
      session, avoiding oferring mismatching sessions to such a server.
      Previously only the server IP was used.

JH/30 Fix string_copyn() for limit greater than actual string length.
      Previously the copied amount was the limit, which could result in a
      overlapping memcpy for newly allocated destination soon after a
      source string shorter than the limit.  Found/investigated  by KM.

JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection
      close; it may be needed for a subsequent connection.  This caused a
      SEGV on primary-MX defer.  Found/investigated by Gedalya & Andreas.

JH/32 Fix CHUNKING for a second message on a connection when the first was
      rejected.  Previously we did not reset the chunking-offered state, and
      erroneously rejected the BDAT command.  Investigation help from
      Jesse Hathaway.

JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning
      an empty address.  Previously the expansion returned an error.

HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending
      proxy.  Previously these were misparsed, leading to paniclog entries.

Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing
CVE-2022-37451.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-09-07 22:56:26 +01:00
Daniel Golle 40c71110f0
exim: update to version 4.95 
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2021-10-09 17:02:48 +01:00
Daniel Golle 66a62e2fcf
exim: some clean ups 
* use username/group 'exim' instead of mail
 * register configuration file
 * make sure /usr/lib/exim/lookups exists

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2021-08-13 04:51:38 +01:00
Daniel Golle 31d12ead78
exim: add default config and init script, enable lmtp 
Ship default configuration /etc/exim/exim.conf as well as
a simple procd init script. Enable building with LMTP for better
integration with dovecot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2021-08-12 03:11:40 +01:00
Daniel Golle c241cb12bb
exim: update to version 4.94.2 
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2021-05-10 04:20:47 +01:00
Rosen Penev de9c527e9a exim: fix compilation without deprecated OpenSSL APIs 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-03-26 13:14:18 -07:00
Rosen Penev 89b6174691
exim: fix compilation with CentOS 7 
CentOS 7 has an old GCC that does not default to c11.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2021-01-11 14:04:31 -08:00
Daniel Golle cd587f3767 exim: add package 
Add Exim MTA variants:
 * exim
   plain variant without any TLS library which hence comes
   without TLS, DANE and DKIM.
 * exim-openssl
   linked against libopenssl
 * exim-gnutls
   linked against libgnutls
 * exim-ldap
   linked against libopenssl, libopenldap and libsasl2

Provide packages for lookup modules
 * cdb
 * dbmdb
 * dnsdb
 * json (depends on jansson)
 * mysql (depends on libmariadb)
 * passwd
 * pgsql (depends on libpq)
 * redis (depends on libhiredis)
 * sqlite (depends on libsqlite3)

Note:
As gnutls requires libunbound which depends on libopenssl to provide
libgnutls-dane, disable DANE by default when building with gnutls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2021-01-03 00:18:29 +00:00