git: 1cb912fd52ce - 2021Q2 - mail/exim: update to 4.94.2 security release
Dima Panov
fluffy at FreeBSD.org
Tue May 4 16:03:39 UTC 2021
The branch 2021Q2 has been updated by fluffy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=1cb912fd52ce82aecfe55a3a9cca88daddf6208d
commit 1cb912fd52ce82aecfe55a3a9cca88daddf6208d
Author: Dima Panov <fluffy at FreeBSD.org>
AuthorDate: 2021-05-04 15:57:17 +0000
Commit: Dima Panov <fluffy at FreeBSD.org>
CommitDate: 2021-05-04 16:03:24 +0000
mail/exim: update to 4.94.2 security release
* New upstream security release.
+ Release based on +fixes branch.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Incorporate debian patches to turn taint failures into warnings.
(cherry picked from commit 0a629bd71087f75c3b334edb53b01ec68709ab60)
---
mail/exim/Makefile | 31 +-
mail/exim/distinfo | 6 +-
...ain-config-option-allow_insecure_tainted_.patch | 230 +++++++++
mail/exim/files/debian/75_02-search.patch | 39 ++
mail/exim/files/debian/75_03-dbstuff.patch | 30 ++
mail/exim/files/debian/75_04-acl.patch | 67 +++
mail/exim/files/debian/75_05-parse.patch | 30 ++
mail/exim/files/debian/75_06-rda.patch | 28 ++
mail/exim/files/debian/75_07-appendfile.patch | 34 ++
mail/exim/files/debian/75_08-autoreply.patch | 70 +++
mail/exim/files/debian/75_09-pipe.patch | 36 ++
mail/exim/files/debian/75_10-deliver.patch | 49 ++
mail/exim/files/debian/75_11-directory.patch | 26 +
mail/exim/files/debian/75_12-expand.patch | 34 ++
mail/exim/files/debian/75_13-lf_sqlperform.patch | 49 ++
.../exim/files/debian/75_14-rf_get_transport.patch | 28 ++
mail/exim/files/debian/75_15-deliver.patch | 31 ++
mail/exim/files/debian/75_16-smtp_out.patch | 38 ++
mail/exim/files/debian/75_17-smtp.patch | 29 ++
mail/exim/files/debian/75_18-update-doc.patch | 154 ++++++
...g_name-and-rejectlog_name-unconditionally.patch | 42 ++
mail/exim/files/debian/75_21-tidy-log.c.patch | 124 +++++
.../exim/files/debian/75_22-Silence-compiler.patch | 222 +++++++++
...e-the-main-_log-if-we-do-not-see-a-chance.patch | 166 +++++++
.../files/debian/75_24-Silence-the-compiler.patch | 57 +++
...ntchecks-for-mkdir-this-isn-t-part-of-4.9.patch | 27 ++
...002-Taint-fix-pam-expansion-condition.-Bug-2587 | 56 ---
...aint-fix-listcount-expansion-operator.-Bug-2586 | 43 --
.../patch-z0004-Docs-fix-mistaken-variable-name | 28 --
mail/exim/files/patch-z0006-Docs-typoes | 25 -
...ultiple-ACL-actions-to-properly-manage-tainted- | 79 ----
mail/exim/files/patch-z0008-Fix-bi.-Bug-2590 | 44 --
...9-Filters-fix-vacation-in-Exim-filter.-Bug-2593 | 48 --
...-6125-rules-for-certifucate-name-checks-when-CN | 180 -------
...atch-z0011-Taint-fix-radius-expansion-condition | 40 --
..._map_per_host-call-search_tidyup-in-fail-path.- | 42 --
.../files/patch-z0013-Taint-fix-verify.-Bug-2598 | 50 --
..._copy-macro-to-not-multiple-eval-args.-Bug-2603 | 48 --
...handle-request-when-a-callout-hold-is-active.-B | 118 -----
...ch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch | 53 ---
...segfault-on-bad-missing-sqlite_dbfile.-Bug-2606 | 59 ---
...CL-spam-condition-to-permit-tainted-name-argume | 52 --
...020-Fix-message-reception-clock-usage.-Bug-2615 | 158 -------
mail/exim/files/patch-z0021-typoes | 24 -
...-Fix-DKIM-signing-to-always-terminate.-Bug-2295 | 193 --------
...3-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617 | 366 --------------
...CL-spam-condition-to-permit-tainted-name-argume | 74 ---
mail/exim/files/patch-z0025-Fix-debug_print_socket | 79 ----
...atch-z0026-debug_print_socket-output-formatting | 51 --
...ing-of-local_part_data-in-docs-and-debug-output | 54 ---
...-z0028-Fix-readsocket-eol-replacement.-Bug-2630 | 216 ---------
...9-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634 | 51 --
...30-Build-ifdef-guard-for-EXPERIMENTAL_QUEUEFILE | 32 --
...1-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634 | 28 --
...ch-z0032-DANE-force-SNI-to-use-domain.-Bug-2265 | 102 ----
...E-Fix-2-rcpt-message-diff-domins-case.-Bug-2265 | 217 ---------
mail/exim/files/patch-z0034-Fix-non-DANE-build | 92 ----
...patch-z0035-DANE-Fix-2-messages-from-queue-case | 525 ---------------------
mail/exim/files/patch-z0036-Fix-non-DANE-build | 114 -----
...r-errno-before-any-data-i-o-op-so-error-logging | 41 --
mail/exim/files/patch-z0039-Fix-non-TLS-build | 83 ----
.../files/patch-z0040-eximon-fix-FreeBSD-build | 25 -
...P-fix-taint-check-in-server-list-walk.-Bug-2646 | 51 --
...s-authenticator-pubname-through-spool.-Bug-2648 | 107 -----
mail/exim/options | 2 +
65 files changed, 1674 insertions(+), 3653 deletions(-)
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index a8c99db8c762..b66114db3c6b 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -2,7 +2,7 @@
PORTNAME= exim
PORTVERSION?= ${EXIM_VERSION}
-PORTREVISION?= 4
+PORTREVISION?= 0
CATEGORIES= mail
MASTER_SITES= EXIM:exim
MASTER_SITE_SUBDIR= /exim4/:exim \
@@ -65,6 +65,33 @@ SPF_LIB_DEPENDS= libspf2.so:mail/libspf2
SQLITE_LIB_DEPENDS= libicudata.so:devel/icu
SQLITE_USES= pkgconfig sqlite
+TAINTWARN_PATCHES_PREFIX= ${FILESDIR}/debian/75
+TAINTWARN_EXTRA_PATCHES= \
+ ${TAINTWARN_PATCHES_PREFIX}_01-Introduce-main-config-option-allow_insecure_tainted_.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_02-search.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_03-dbstuff.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_04-acl.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_05-parse.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_06-rda.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_07-appendfile.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_08-autoreply.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_09-pipe.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_10-deliver.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_11-directory.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_12-expand.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_13-lf_sqlperform.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_14-rf_get_transport.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_15-deliver.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_16-smtp_out.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_17-smtp.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_18-update-doc.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_21-tidy-log.c.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_22-Silence-compiler.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_24-Silence-the-compiler.patch:-p1 \
+ ${TAINTWARN_PATCHES_PREFIX}_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch:-p1
+
.include <bsd.port.options.mk>
# OCSP is supported for openssl only
@@ -104,7 +131,7 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf
.endif
-EXIM_VERSION= 4.94
+EXIM_VERSION= 4.94.2
SA_EXIM_VERSION=4.2.1
EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink"
EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h`
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index 64c610468f1b..cf1ae320eaa8 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1591032067
-SHA256 (exim/exim-4.94.tar.bz2) = 73feeaa5ddb43363782db0c307b593aacb49542dd7e4b795a2880779595affe5
-SIZE (exim/exim-4.94.tar.bz2) = 1997217
+TIMESTAMP = 1620141511
+SHA256 (exim/exim-4.94.2.tar.bz2) = 902e611486400608691dff31e1d8725eb9e23602399ad75670ec18878643bc4f
+SIZE (exim/exim-4.94.2.tar.bz2) = 2007178
SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1
SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933
diff --git a/mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch b/mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
new file mode 100644
index 000000000000..0295ec18fa6e
--- /dev/null
+++ b/mail/exim/files/debian/75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
@@ -0,0 +1,230 @@
+From ec06d64532e4952fc36429f73e0222d26997ef7c Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Thu, 1 Apr 2021 22:44:31 +0200
+Subject: [PATCH 01/23] Introduce main config option
+ allow_insecure_tainted_data
+
+This option is deprecated already now.
+---
+ src/EDITME | 7 +++++
+ src/config.h.defaults | 2 ++
+ src/functions.h | 54 ++++++++++++++++++++++++++++++---------
+ src/globals.c | 10 ++++++++
+ src/globals.h | 4 +++
+ src/macros.h | 3 +++
+ src/readconf.c | 3 +++
+ 7 files changed, 71 insertions(+), 12 deletions(-)
+
+diff --git a/src/EDITME b/src/EDITME
+index 8da36a353..cebb8e2ec 100644
+--- a/src/EDITME
++++ b/src/EDITME
+@@ -749,6 +749,13 @@ FIXED_NEVER_USERS=root
+
+ # WHITELIST_D_MACROS=TLS:SPOOL
+
++# The next setting enables a main config option
++# "allow_insecure_tainted_data" to turn taint failures into warnings.
++# Though this option is new, it is deprecated already now, and will be
++# ignored in future releases of Exim. It is meant as mitigation for
++# upgrading old (possibly insecure) configurations to more secure ones.
++ALLOW_INSECURE_TAINTED_DATA=yes
++
+ #------------------------------------------------------------------------------
+ # Exim has support for the AUTH (authentication) extension of the SMTP
+ # protocol, as defined by RFC 2554. If you don't know what SMTP authentication
+diff --git a/src/config.h.defaults b/src/config.h.defaults
+index e17f015f9..4e8b18904 100644
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
+@@ -17,6 +17,8 @@ Do not put spaces between # and the 'define'.
+ #define ALT_CONFIG_PREFIX
+ #define TRUSTED_CONFIG_LIST
+
++#define ALLOW_INSECURE_TAINTED_DATA
++
+ #define APPENDFILE_MODE 0600
+ #define APPENDFILE_DIRECTORY_MODE 0700
+ #define APPENDFILE_LOCKFILE_MODE 0600
+diff --git a/src/functions.h b/src/functions.h
+index 51bb17a09..1e8083673 100644
+--- a/src/functions.h
++++ b/src/functions.h
+@@ -1083,36 +1083,66 @@ if (f.running_in_test_harness && f.testsuite_delays) millisleep(millisec);
+
+ /******************************************************************************/
+ /* Taint-checked file opens */
++static inline uschar *
++is_tainted2(const void *p, int lflags, const uschar* fmt, ...)
++{
++va_list ap;
++uschar *msg;
++rmark mark;
++
++if (!is_tainted(p))
++ return NULL;
++
++mark = store_mark();
++va_start(ap, fmt);
++msg = string_from_gstring(string_vformat(NULL, SVFMT_TAINT_NOCHK|SVFMT_EXTEND, fmt, ap));
++va_end(ap);
++
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++if (allow_insecure_tainted_data)
++ {
++ if LOGGING(tainted) log_write(0, LOG_MAIN, "Warning: %s", msg);
++ store_reset(mark);
++ return NULL;
++ }
++#endif
++
++if (lflags) log_write(0, lflags, "%s", msg);
++return msg; /* no store_reset(), as the message might be used afterwards and Exim
++ is expected to exit anyway, so we do not care about the leaked
++ storage */
++}
+
+ static inline int
+ exim_open2(const char *pathname, int flags)
+ {
+-if (!is_tainted(pathname)) return open(pathname, flags);
+-log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname);
++if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname))
++ return open(pathname, flags);
+ errno = EACCES;
+ return -1;
+ }
++
+ static inline int
+ exim_open(const char *pathname, int flags, mode_t mode)
+ {
+-if (!is_tainted(pathname)) return open(pathname, flags, mode);
+-log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname);
++if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname))
++ return open(pathname, flags, mode);
+ errno = EACCES;
+ return -1;
+ }
+ static inline int
+ exim_openat(int dirfd, const char *pathname, int flags)
+ {
+-if (!is_tainted(pathname)) return openat(dirfd, pathname, flags);
+-log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname);
++if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname))
++ return openat(dirfd, pathname, flags);
+ errno = EACCES;
+ return -1;
+ }
+ static inline int
+ exim_openat4(int dirfd, const char *pathname, int flags, mode_t mode)
+ {
+-if (!is_tainted(pathname)) return openat(dirfd, pathname, flags, mode);
+-log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname);
++if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname))
++ return openat(dirfd, pathname, flags, mode);
+ errno = EACCES;
+ return -1;
+ }
+@@ -1120,8 +1150,8 @@ return -1;
+ static inline FILE *
+ exim_fopen(const char *pathname, const char *mode)
+ {
+-if (!is_tainted(pathname)) return fopen(pathname, mode);
+-log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname);
++if (!is_tainted2(pathname, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'", pathname))
++ return fopen(pathname, mode);
+ errno = EACCES;
+ return NULL;
+ }
+@@ -1129,8 +1159,8 @@ return NULL;
+ static inline DIR *
+ exim_opendir(const uschar * name)
+ {
+-if (!is_tainted(name)) return opendir(CCS name);
+-log_write(0, LOG_MAIN|LOG_PANIC, "Tainted dirname '%s'", name);
++if (!is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted dirname '%s'", name))
++ return opendir(CCS name);
+ errno = EACCES;
+ return NULL;
+ }
+diff --git a/src/globals.c b/src/globals.c
+index c34ac9ddd..ff660c352 100644
+--- a/src/globals.c
++++ b/src/globals.c
+@@ -98,6 +98,10 @@ int sqlite_lock_timeout = 5;
+ BOOL move_frozen_messages = FALSE;
+ #endif
+
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++BOOL allow_insecure_tainted_data = FALSE;
++#endif
++
+ /* These variables are outside the #ifdef because it keeps the code less
+ cluttered in several places (e.g. during logging) if we can always refer to
+ them. Also, the tls_ variables are now always visible. Note that these are
+@@ -1033,6 +1037,9 @@ int log_default[] = { /* for initializing log_selector */
+ Li_size_reject,
+ Li_skip_delivery,
+ Li_smtp_confirmation,
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++ Li_tainted,
++#endif
+ Li_tls_certificate_verified,
+ Li_tls_cipher,
+ -1
+@@ -1100,6 +1107,9 @@ bit_table log_options[] = { /* must be in alphabetical order,
+ BIT_TABLE(L, smtp_protocol_error),
+ BIT_TABLE(L, smtp_syntax_error),
+ BIT_TABLE(L, subject),
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++ BIT_TABLE(L, tainted),
++#endif
+ BIT_TABLE(L, tls_certificate_verified),
+ BIT_TABLE(L, tls_cipher),
+ BIT_TABLE(L, tls_peerdn),
+diff --git a/src/globals.h b/src/globals.h
+index a4c1143b7..8d72577e0 100644
+--- a/src/globals.h
++++ b/src/globals.h
+@@ -77,6 +77,10 @@ extern int sqlite_lock_timeout; /* Internal lock waiting timeout */
+ extern BOOL move_frozen_messages; /* Get them out of the normal directory */
+ #endif
+
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++extern BOOL allow_insecure_tainted_data;
++#endif
++
+ /* These variables are outside the #ifdef because it keeps the code less
+ cluttered in several places (e.g. during logging) if we can always refer to
+ them. Also, the tls_ variables are now always visible. */
+diff --git a/src/macros.h b/src/macros.h
+index f78ae2e3d..322ddbf56 100644
+--- a/src/macros.h
++++ b/src/macros.h
+@@ -498,6 +498,9 @@ enum logbit {
+ Li_smtp_mailauth,
+ Li_smtp_no_mail,
+ Li_subject,
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++ Li_tainted,
++#endif
+ Li_tls_certificate_verified,
+ Li_tls_cipher,
+ Li_tls_peerdn,
+diff --git a/src/readconf.c b/src/readconf.c
+index 948fa2403..133135f8f 100644
+--- a/src/readconf.c
++++ b/src/readconf.c
+@@ -68,6 +68,9 @@ static optionlist optionlist_config[] = {
+ { "add_environment", opt_stringptr, {&add_environment} },
+ { "admin_groups", opt_gidlist, {&admin_groups} },
+ { "allow_domain_literals", opt_bool, {&allow_domain_literals} },
++#ifdef ALLOW_INSECURE_TAINTED_DATA
++ { "allow_insecure_tainted_data", opt_bool, {&allow_insecure_tainted_data} },
++#endif
+ { "allow_mx_to_ip", opt_bool, {&allow_mx_to_ip} },
+ { "allow_utf8_domains", opt_bool, {&allow_utf8_domains} },
+ { "auth_advertise_hosts", opt_stringptr, {&auth_advertise_hosts} },
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_02-search.patch b/mail/exim/files/debian/75_02-search.patch
new file mode 100644
index 000000000000..226a350af10d
--- /dev/null
+++ b/mail/exim/files/debian/75_02-search.patch
@@ -0,0 +1,39 @@
+From b71d675f695c2cf17357b190476129535d5f446c Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Thu, 1 Apr 2021 22:45:03 +0200
+Subject: [PATCH 02/23] search
+
+---
+ src/search.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/search.c b/src/search.c
+index f8aaacb04..f6e4d1f5b 100644
+--- a/src/search.c
++++ b/src/search.c
+@@ -343,12 +343,8 @@ lookup_info *lk = lookup_list[search_type];
+ uschar keybuffer[256];
+ int old_pool = store_pool;
+
+-if (filename && is_tainted(filename))
+- {
+- log_write(0, LOG_MAIN|LOG_PANIC,
+- "Tainted filename for search: '%s'", filename);
++if (filename && is_tainted2(filename, LOG_MAIN|LOG_PANIC, "Tainted filename for search '%s'", filename))
+ return NULL;
+- }
+
+ /* Change to the search store pool and remember our reset point */
+
+@@ -639,7 +635,7 @@ DEBUG(D_lookup)
+ /* Arrange to put this database at the top of the LRU chain if it is a type
+ that opens real files. */
+
+-if ( open_top != (tree_node *)handle
++if ( open_top != (tree_node *)handle
+ && lookup_list[t->name[0]-'0']->type == lookup_absfile)
+ {
+ search_cache *c = (search_cache *)(t->data.ptr);
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_03-dbstuff.patch b/mail/exim/files/debian/75_03-dbstuff.patch
new file mode 100644
index 000000000000..dc9da8e44c54
--- /dev/null
+++ b/mail/exim/files/debian/75_03-dbstuff.patch
@@ -0,0 +1,30 @@
+From 35b11dd0e52b5ac176849f807cca8898bcaf0c3d Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Sun, 28 Mar 2021 10:49:49 +0200
+Subject: [PATCH 03/23] dbstuff
+
+---
+ src/dbstuff.h | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/dbstuff.h b/src/dbstuff.h
+index c1fb54346..dcee78696 100644
+--- a/src/dbstuff.h
++++ b/src/dbstuff.h
+@@ -643,11 +643,9 @@ after reading data. */
+ : (flags) == O_RDWR ? "O_RDWR" \
+ : (flags) == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT" \
+ : "??"); \
+- if (is_tainted(name) || is_tainted(dirname)) \
+- { \
+- log_write(0, LOG_MAIN|LOG_PANIC, "Tainted name for DB file not permitted"); \
++ if (is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted name '%s' for DB file not permitted", name) \
++ || is_tainted2(dirname, LOG_MAIN|LOG_PANIC, "Tainted name '%s' for DB directory not permitted", dirname)) \
+ *dbpp = NULL; \
+- } \
+ else \
+ { EXIM_DBOPEN__(name, dirname, flags, mode, dbpp); } \
+ DEBUG(D_hints_lookup) debug_printf_indent("returned from EXIM_DBOPEN: %p\n", *dbpp); \
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_04-acl.patch b/mail/exim/files/debian/75_04-acl.patch
new file mode 100644
index 000000000000..810b2e591675
--- /dev/null
+++ b/mail/exim/files/debian/75_04-acl.patch
@@ -0,0 +1,67 @@
+From 44fd80ad8abcd885fc1c8dbb294fc2140e4ef481 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Sun, 28 Mar 2021 10:50:14 +0200
+Subject: [PATCH 04/23] acl
+Last-Update: 2021-05-01
+
+---
+ src/acl.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+--- a/src/acl.c
++++ b/src/acl.c
+@@ -3596,24 +3596,26 @@
+ rc = mime_regex(&arg);
+ break;
+ #endif
+
+ case ACLC_QUEUE:
+- if (is_tainted(arg))
+ {
+- *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
+- arg);
+- return ERROR;
++ uschar *m;
++ if (m = is_tainted2(arg, 0, "Tainted name '%s' for queue not permitted", arg))
++ {
++ *log_msgptr = m;
++ return ERROR;
++ }
++ if (Ustrchr(arg, '/'))
++ {
++ *log_msgptr = string_sprintf(
++ "Directory separator not permitted in queue name: '%s'", arg);
++ return ERROR;
++ }
++ queue_name = string_copy_perm(arg, FALSE);
++ break;
+ }
+- if (Ustrchr(arg, '/'))
+- {
+- *log_msgptr = string_sprintf(
+- "Directory separator not permitted in queue name: '%s'", arg);
+- return ERROR;
+- }
+- queue_name = string_copy_perm(arg, FALSE);
+- break;
+
+ case ACLC_RATELIMIT:
+ rc = acl_ratelimit(arg, where, log_msgptr);
+ break;
+
+@@ -4005,14 +4007,12 @@
+ }
+
+ else if (*ss == '/')
+ {
+ struct stat statbuf;
+- if (is_tainted(ss))
++ if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted ACL file name '%s'", ss))
+ {
+- log_write(0, LOG_MAIN|LOG_PANIC,
+- "attempt to open tainted ACL file name \"%s\"", ss);
+ /* Avoid leaking info to an attacker */
+ *log_msgptr = US"internal configuration error";
+ return ERROR;
+ }
+ if ((fd = Uopen(ss, O_RDONLY, 0)) < 0)
diff --git a/mail/exim/files/debian/75_05-parse.patch b/mail/exim/files/debian/75_05-parse.patch
new file mode 100644
index 000000000000..f9dab900f88e
--- /dev/null
+++ b/mail/exim/files/debian/75_05-parse.patch
@@ -0,0 +1,30 @@
+From 7eeeb6f26af05322814ecc77c87f09c72ab2216a Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Sun, 28 Mar 2021 10:58:46 +0200
+Subject: [PATCH 05/23] parse
+
+---
+ src/parse.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/src/parse.c b/src/parse.c
+index 3ea758ac9..d1bc79039 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -1402,12 +1402,8 @@ for (;;)
+ return FF_ERROR;
+ }
+
+- if (is_tainted(filename))
+- {
+- *error = string_sprintf("Tainted name '%s' for included file not permitted\n",
+- filename);
++ if (*error = is_tainted2(filename, 0, "Tainted name '%s' for included file not permitted\n", filename))
+ return FF_ERROR;
+- }
+
+ /* Check file name if required */
+
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_06-rda.patch b/mail/exim/files/debian/75_06-rda.patch
new file mode 100644
index 000000000000..f4ca2afc13f1
--- /dev/null
+++ b/mail/exim/files/debian/75_06-rda.patch
@@ -0,0 +1,28 @@
+From a6da9c67acaee699616516be141d600cc178a633 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Sun, 28 Mar 2021 10:59:46 +0200
+Subject: [PATCH 06/23] rda
+
+---
+ src/rda.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/rda.c b/src/rda.c
+index aed8abc24..6ad7dd8bd 100644
+--- a/src/rda.c
++++ b/src/rda.c
+@@ -179,10 +179,8 @@ struct stat statbuf;
+ /* Reading a file is a form of expansion; we wish to deny attackers the
+ capability to specify the file name. */
+
+-if (is_tainted(filename))
++if (*error = is_tainted2(filename, 0, "Tainted name '%s' for file read not permitted\n", filename))
+ {
+- *error = string_sprintf("Tainted name '%s' for file read not permitted\n",
+- filename);
+ *yield = FF_ERROR;
+ return NULL;
+ }
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_07-appendfile.patch b/mail/exim/files/debian/75_07-appendfile.patch
new file mode 100644
index 000000000000..5a9e37861d7f
--- /dev/null
+++ b/mail/exim/files/debian/75_07-appendfile.patch
@@ -0,0 +1,34 @@
+From c29b50d2fe17cc108d751175ed4f4113c25c1768 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Sun, 28 Mar 2021 11:00:06 +0200
+Subject: [PATCH 07/23] appendfile
+
+---
+ src/transports/appendfile.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/src/transports/appendfile.c b/src/transports/appendfile.c
+index 8ab8b6016..7dbbaa2f9 100644
+--- a/src/transports/appendfile.c
++++ b/src/transports/appendfile.c
+@@ -1286,12 +1286,14 @@ if (!(path = expand_string(fdname)))
+ expand_string_message);
+ goto ret_panic;
+ }
+-if (is_tainted(path))
++{ uschar *m;
++if (m = is_tainted2(path, 0, "Tainted '%s' (file or directory "
++ "name for %s transport) not permitted", path, tblock->name))
+ {
+- addr->message = string_sprintf("Tainted '%s' (file or directory "
+- "name for %s transport) not permitted", path, tblock->name);
++ addr->message = m;
+ goto ret_panic;
+ }
++}
+
+ if (path[0] != '/')
+ {
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_08-autoreply.patch b/mail/exim/files/debian/75_08-autoreply.patch
new file mode 100644
index 000000000000..de5eb1dd3c20
--- /dev/null
+++ b/mail/exim/files/debian/75_08-autoreply.patch
@@ -0,0 +1,70 @@
+From 26de37d8960da80473866fb59b9dfd10a5761538 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Sun, 28 Mar 2021 11:06:27 +0200
+Subject: [PATCH 08/23] autoreply
+
+---
+ src/transports/autoreply.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/src/transports/autoreply.c b/src/transports/autoreply.c
+index 865abbf4f..ed99de4c6 100644
+--- a/src/transports/autoreply.c
++++ b/src/transports/autoreply.c
+@@ -404,14 +404,15 @@ recipient cache. */
+
+ if (oncelog && *oncelog && to)
+ {
++ uschar *m;
+ time_t then = 0;
+
+- if (is_tainted(oncelog))
++ if (m = is_tainted2(oncelog, 0, "Tainted '%s' (once file for %s transport)"
++ " not permitted", oncelog, tblock->name))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+- addr->message = string_sprintf("Tainted '%s' (once file for %s transport)"
+- " not permitted", oncelog, tblock->name);
++ addr->message = m;
+ goto END_OFF;
+ }
+
+@@ -515,13 +516,14 @@ if (oncelog && *oncelog && to)
+
+ if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
+ {
++ uschar *m;
+ int log_fd;
+- if (is_tainted(logfile))
++ if (m = is_tainted2(logfile, 0, "Tainted '%s' (logfile for %s transport)"
++ " not permitted", logfile, tblock->name))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+- addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)"
+- " not permitted", logfile, tblock->name);
++ addr->message = m;
+ goto END_OFF;
+ }
+
+@@ -548,12 +550,13 @@ if (oncelog && *oncelog && to)
+ /* We are going to send a message. Ensure any requested file is available. */
+ if (file)
+ {
+- if (is_tainted(file))
++ uschar *m;
++ if (m = is_tainted2(file, 0, "Tainted '%s' (file for %s transport)"
++ " not permitted", file, tblock->name))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+- addr->message = string_sprintf("Tainted '%s' (file for %s transport)"
+- " not permitted", file, tblock->name);
++ addr->message = m;
+ return FALSE;
+ }
+ if (!(ff = Ufopen(file, "rb")) && !ob->file_optional)
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_09-pipe.patch b/mail/exim/files/debian/75_09-pipe.patch
new file mode 100644
index 000000000000..0ec9bcfaed19
--- /dev/null
+++ b/mail/exim/files/debian/75_09-pipe.patch
@@ -0,0 +1,36 @@
+From f9628406706112be459adb3f121db8e6cf282c2d Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Fri, 2 Apr 2021 17:30:27 +0200
+Subject: [PATCH 09/23] pipe
+
+---
+ src/transports/pipe.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/transports/pipe.c b/src/transports/pipe.c
+index 27422bd42..4c9e68beb 100644
+--- a/src/transports/pipe.c
++++ b/src/transports/pipe.c
+@@ -599,13 +599,16 @@ if (!cmd || !*cmd)
+ tblock->name);
+ return FALSE;
+ }
+-if (is_tainted(cmd))
++
++{ uschar *m;
++if (m = is_tainted2(cmd, 0, "Tainted '%s' (command "
++ "for %s transport) not permitted", cmd, tblock->name))
+ {
+- addr->message = string_sprintf("Tainted '%s' (command "
+- "for %s transport) not permitted", cmd, tblock->name);
+ addr->transport_return = PANIC;
++ addr->message = m;
+ return FALSE;
+ }
++}
+
+ /* When a pipe is set up by a filter file, there may be values for $thisaddress
+ and numerical the variables in existence. These are passed in
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_10-deliver.patch b/mail/exim/files/debian/75_10-deliver.patch
new file mode 100644
index 000000000000..ea4a54239e31
--- /dev/null
+++ b/mail/exim/files/debian/75_10-deliver.patch
@@ -0,0 +1,49 @@
+From 2fee91ae42e974c21202e0b5e17185f6a87bf8af Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Wed, 31 Mar 2021 23:12:44 +0200
+Subject: [PATCH 10/23] deliver
+
+---
+ src/deliver.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/deliver.c b/src/deliver.c
+index d85edd70e..8b7998f37 100644
+--- a/src/deliver.c
++++ b/src/deliver.c
+@@ -5538,10 +5538,11 @@ FILE * fp = NULL;
+ if (!s || !*s)
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "Failed to expand %s: '%s'\n", varname, filename);
+-else if (*s != '/' || is_tainted(s))
+- log_write(0, LOG_MAIN|LOG_PANIC,
+- "%s is not %s after expansion: '%s'\n",
+- varname, *s == '/' ? "untainted" : "absolute", s);
++else if (*s != '/')
++ log_write(0, LOG_MAIN|LOG_PANIC, "%s is not absolute after expansion: '%s'\n",
++ varname, s);
++else if (is_tainted2(s, LOG_MAIN|LOG_PANIC, "Tainted %s after expansion: '%s'\n", varname, s))
++ ;
+ else if (!(fp = Ufopen(s, "rb")))
+ log_write(0, LOG_MAIN|LOG_PANIC, "Failed to open %s for %s "
+ "message texts: %s", s, reason, strerror(errno));
+@@ -6148,12 +6149,13 @@ else if (system_filter && process_recipients != RECIP_FAIL_TIMEOUT)
+ {
+ uschar *tmp = expand_string(tpname);
+ address_file = address_pipe = NULL;
++ uschar *m;
+ if (!tmp)
+ p->message = string_sprintf("failed to expand \"%s\" as a "
+ "system filter transport name", tpname);
+- if (is_tainted(tmp))
+- p->message = string_sprintf("attempt to used tainted value '%s' for"
+- "transport '%s' as a system filter", tmp, tpname);
++ if (is_tainted2(tmp, 0, m = string_sprintf("Tainted values '%s' "
++ "for transport '%s' as a system filter", tmp, tpname)))
++ p->message = m;
+ tpname = tmp;
+ }
+ else
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_11-directory.patch b/mail/exim/files/debian/75_11-directory.patch
new file mode 100644
index 000000000000..4c3a68418c0b
--- /dev/null
+++ b/mail/exim/files/debian/75_11-directory.patch
@@ -0,0 +1,26 @@
+From 5f41e800ce9cc7ad154047298914df955e905bf4 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Thu, 1 Apr 2021 21:28:59 +0200
+Subject: [PATCH 11/23] directory
+
+---
+ src/directory.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/directory.c b/src/directory.c
+index 2d4d565f4..9f88f4141 100644
+--- a/src/directory.c
++++ b/src/directory.c
+@@ -44,6 +44,9 @@ uschar c = 1;
+ struct stat statbuf;
+ uschar * path;
+
++if (is_tainted2(name, LOG_MAIN|LOG_PANIC, "Tainted path '%s' for new directory", name))
++ { p = US"create"; path = US name; errno = EACCES; goto bad; }
++
+ if (parent)
+ {
+ path = string_sprintf("%s%s%s", parent, US"/", name);
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_12-expand.patch b/mail/exim/files/debian/75_12-expand.patch
new file mode 100644
index 000000000000..ebb099d284f2
--- /dev/null
+++ b/mail/exim/files/debian/75_12-expand.patch
@@ -0,0 +1,34 @@
+From c02ea85f525ff256d78e084d6f76fe3032fd52e1 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Thu, 1 Apr 2021 21:33:50 +0200
+Subject: [PATCH 12/23] expand
+
+---
+ src/expand.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/expand.c b/src/expand.c
+index 05de94c49..21b86ebf5 100644
+--- a/src/expand.c
++++ b/src/expand.c
+@@ -4383,13 +4383,13 @@ DEBUG(D_expand)
+ f.expand_string_forcedfail = FALSE;
+ expand_string_message = US"";
+
+-if (is_tainted(string))
++{ uschar *m;
++if (m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansion", s))
+ {
+- expand_string_message =
+- string_sprintf("attempt to expand tainted string '%s'", s);
+- log_write(0, LOG_MAIN|LOG_PANIC, "%s", expand_string_message);
++ expand_string_message = m;
+ goto EXPAND_FAILED;
+ }
++}
+
+ while (*s != 0)
+ {
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_13-lf_sqlperform.patch b/mail/exim/files/debian/75_13-lf_sqlperform.patch
new file mode 100644
index 000000000000..67283a02676e
--- /dev/null
+++ b/mail/exim/files/debian/75_13-lf_sqlperform.patch
@@ -0,0 +1,49 @@
+From 9810dfc25d8b9687b46e57963a3ac30bf5c9b2c9 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Thu, 1 Apr 2021 21:36:12 +0200
+Subject: [PATCH 13/23] lf_sqlperform
+
+---
+ src/lookups/lf_sqlperform.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/src/lookups/lf_sqlperform.c b/src/lookups/lf_sqlperform.c
+index ad1df29d1..eda3089e2 100644
+--- a/src/lookups/lf_sqlperform.c
++++ b/src/lookups/lf_sqlperform.c
+@@ -102,11 +102,13 @@ if (Ustrncmp(query, "servers", 7) == 0)
+ }
+ }
+
+- if (is_tainted(server))
+- {
+- *errmsg = string_sprintf("%s server \"%s\" is tainted", name, server);
++ { uschar *m;
++ if (m = is_tainted2(server, 0, "Tainted %s server '%s'", name, server))
++ {
++ *errmsg = m;
+ return DEFER;
+ }
++ }
+
+ rc = (*fn)(ss+1, server, result, errmsg, &defer_break, do_cache, opts);
+ if (rc != DEFER || defer_break) return rc;
+@@ -158,11 +160,13 @@ else
+ server = ele;
+ }
+
+- if (is_tainted(server))
++ { uschar *m;
++ if (is_tainted2(server, 0, "Tainted %s server '%s'", name, server))
+ {
+- *errmsg = string_sprintf("%s server \"%s\" is tainted", name, server);
++ *errmsg = m;
+ return DEFER;
+ }
++ }
+
+ rc = (*fn)(query, server, result, errmsg, &defer_break, do_cache, opts);
+ if (rc != DEFER || defer_break) return rc;
+--
+2.30.2
+
diff --git a/mail/exim/files/debian/75_14-rf_get_transport.patch b/mail/exim/files/debian/75_14-rf_get_transport.patch
new file mode 100644
index 000000000000..9e8b69d3ad6a
--- /dev/null
+++ b/mail/exim/files/debian/75_14-rf_get_transport.patch
@@ -0,0 +1,28 @@
+From 015fff57c854184f8bce61476c46a2830a97daf8 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs at schlittermann.de>
+Date: Fri, 2 Apr 2021 08:36:24 +0200
+Subject: [PATCH 14/23] rf_get_transport
+
+---
+ src/routers/rf_get_transport.c | 4 +---
*** 4867 LINES SKIPPED ***
More information about the dev-commits-ports-all
mailing list