svn commit: r542486 - in branches/2020Q3/mail/exim: . files
Dima Panov
fluffy at FreeBSD.org
Sat Jul 18 09:54:53 UTC 2020
Author: fluffy
Date: Sat Jul 18 09:54:49 2020
New Revision: 542486
URL: https://svnweb.freebsd.org/changeset/ports/542486
Log:
MFH: r542419
mail/exim: import exim-4.94+fixes branch as state of 2020.07.17
Used git diffs:
[02/26] Taint: fix pam expansion condition. Bug 2587
[03/26] Taint: fix listcount expansion operator. Bug 2586
[04/26] Docs: fix mistaken variable name
[06/26] Docs: typoes
[07/26] Taint: fix multiple ACL actions to properly manage tainted argument data
[08/26] Fix -bi. Bug 2590
[09/26] Filters: fix "vacation" in Exim filter. Bug 2593
[10/26] TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug 2594
[11/26] Taint: fix radius expansion condition
[13/26] Taint: fix verify. Bug 2598
[14/26] Fix string_copy() macro to not multiple-eval args. Bug 2603
[15/26] Cutthrough: handle request when a callout-hold is active. Bug 2604
[16/26] Lookups: Fix "subdir" filter on a dsearch.
[18/26] Sqlite: fix segfault on bad/missing sqlite_dbfile. Bug 2606
[19/26] Taint: fix ACL "spam" condition, to permit tainted name arguments.
[20/26] Fix message-reception clock usage. Bug 2615
[21/26] typoes
[22/26] Fix DKIM signing to always ;-terminate. Bug 2295
[23/26] Fix taint trap in parse_fix_phrase(). Bug 2617
[24/26] Taint: fix ACL "spam" condition, to permit tainted name arguments
[25/26] Fix debug_print_socket()
[26/26] debug_print_socket(): output formatting
Approved by: ports-secteam (joneum)
Added:
branches/2020Q3/mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587
- copied unchanged from r542419, head/mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587
branches/2020Q3/mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586
- copied unchanged from r542419, head/mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586
branches/2020Q3/mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name
- copied unchanged from r542419, head/mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name
branches/2020Q3/mail/exim/files/patch-z0006-Docs-typoes
- copied unchanged from r542419, head/mail/exim/files/patch-z0006-Docs-typoes
branches/2020Q3/mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted-
- copied unchanged from r542419, head/mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted-
branches/2020Q3/mail/exim/files/patch-z0008-Fix-bi.-Bug-2590
- copied unchanged from r542419, head/mail/exim/files/patch-z0008-Fix-bi.-Bug-2590
branches/2020Q3/mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593
- copied unchanged from r542419, head/mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593
branches/2020Q3/mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN
- copied unchanged from r542419, head/mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN
branches/2020Q3/mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition
- copied unchanged from r542419, head/mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition
branches/2020Q3/mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.-
- copied unchanged from r542419, head/mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.-
branches/2020Q3/mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598
- copied unchanged from r542419, head/mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598
branches/2020Q3/mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603
- copied unchanged from r542419, head/mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603
branches/2020Q3/mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B
- copied unchanged from r542419, head/mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B
branches/2020Q3/mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch
- copied unchanged from r542419, head/mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch
branches/2020Q3/mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606
- copied unchanged from r542419, head/mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606
branches/2020Q3/mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume
- copied unchanged from r542419, head/mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume
branches/2020Q3/mail/exim/files/patch-z0020-Fix-message-reception-clock-usage.-Bug-2615
- copied unchanged from r542419, head/mail/exim/files/patch-z0020-Fix-message-reception-clock-usage.-Bug-2615
branches/2020Q3/mail/exim/files/patch-z0021-typoes
- copied unchanged from r542419, head/mail/exim/files/patch-z0021-typoes
branches/2020Q3/mail/exim/files/patch-z0022-Fix-DKIM-signing-to-always-terminate.-Bug-2295
- copied unchanged from r542419, head/mail/exim/files/patch-z0022-Fix-DKIM-signing-to-always-terminate.-Bug-2295
branches/2020Q3/mail/exim/files/patch-z0023-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617
- copied unchanged from r542419, head/mail/exim/files/patch-z0023-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617
branches/2020Q3/mail/exim/files/patch-z0024-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume
- copied unchanged from r542419, head/mail/exim/files/patch-z0024-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume
branches/2020Q3/mail/exim/files/patch-z0025-Fix-debug_print_socket
- copied unchanged from r542419, head/mail/exim/files/patch-z0025-Fix-debug_print_socket
branches/2020Q3/mail/exim/files/patch-z0026-debug_print_socket-output-formatting
- copied unchanged from r542419, head/mail/exim/files/patch-z0026-debug_print_socket-output-formatting
Modified:
branches/2020Q3/mail/exim/Makefile
Directory Properties:
branches/2020Q3/ (props changed)
Modified: branches/2020Q3/mail/exim/Makefile
==============================================================================
--- branches/2020Q3/mail/exim/Makefile Sat Jul 18 09:36:03 2020 (r542485)
+++ branches/2020Q3/mail/exim/Makefile Sat Jul 18 09:54:49 2020 (r542486)
@@ -3,7 +3,7 @@
PORTNAME= exim
PORTVERSION?= ${EXIM_VERSION}
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES= mail
MASTER_SITES= EXIM:exim
MASTER_SITE_SUBDIR= /exim4/:exim \
Copied: branches/2020Q3/mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587 (from r542419, head/mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0002-Taint-fix-pam-expansion-condition.-Bug-2587)
@@ -0,0 +1,56 @@
+From 173bd1c8f9cf83ad8c0e61a9e32678e7e371d41d Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Tue, 2 Jun 2020 14:50:31 +0100
+Subject: [PATCH 02/26] Taint: fix pam expansion condition. Bug 2587
+
+(cherry picked from commit f7f933a199be8bb7362c715e0040545b514cddca)
+---
+ doc/ChangeLog | 9 +++++++++
+ src/auths/call_pam.c | 5 ++---
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 585deb042..dbdc22117 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -3,6 +3,15 @@ affect Exim's operation, with an unchanged configuration file. For new
+ options, and new features, see the NewStuff file next to this ChangeLog.
+
+
++Since Exim version 4.94
++-----------------------
++
++JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used
++ as arguments, so an implementation trying to copy these into a local
++ buffer was taking a taint-enformance trap. Fix by using dynamically
++ created buffers.
++
++
+ Exim version 4.94
+ -----------------
+
+diff --git src/auths/call_pam.c src/auths/call_pam.c
+index 2959cbbf3..80bb23ec3 100644
+--- src/auths/call_pam.c
++++ src/auths/call_pam.c
+@@ -83,8 +83,7 @@ for (int i = 0; i < num_msg; i++)
+ {
+ case PAM_PROMPT_ECHO_ON:
+ case PAM_PROMPT_ECHO_OFF:
+- arg = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
+- if (!arg)
++ if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0)))
+ {
+ arg = US"";
+ pam_arg_ended = TRUE;
+@@ -155,7 +154,7 @@ pam_arg_ended = FALSE;
+ fail. PAM doesn't support authentication with an empty user (it prompts for it,
+ causing a potential mis-interpretation). */
+
+-user = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size);
++user = string_nextinlist(&pam_args, &sep, NULL, 0);
+ if (user == NULL || user[0] == 0) return FAIL;
+
+ /* Start off PAM interaction */
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586 (from r542419, head/mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0003-Taint-fix-listcount-expansion-operator.-Bug-2586)
@@ -0,0 +1,43 @@
+From 63652bbaf66c4bdb388b08fdf3eb8ab1e4d91475 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Tue, 2 Jun 2020 15:03:36 +0100
+Subject: [PATCH 03/26] Taint: fix listcount expansion operator. Bug 2586
+
+(cherry picked from commit 44644c2e404a3ea0191db0b0458e86924fb240bb)
+---
+ doc/ChangeLog | 4 ++++
+ src/expand.c | 3 +--
+
+diff --git doc/ChangeLog doc/ChangeLog
+index dbdc22117..94bcea29b 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -11,6 +11,10 @@ JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used
+ buffer was taking a taint-enformance trap. Fix by using dynamically
+ created buffers.
+
++JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
++ reasonable, eg. to count headers. Fix by using dynamically created
++ buffers rather than a local,
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/expand.c src/expand.c
+index 26f7f10ac..6ed22c14d 100644
+--- src/expand.c
++++ src/expand.c
+@@ -7208,9 +7208,8 @@ while (*s != 0)
+ {
+ int cnt = 0;
+ int sep = 0;
+- uschar buffer[256];
+
+- while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer))) cnt++;
++ while (string_nextinlist(CUSS &sub, &sep, NULL, 0)) cnt++;
+ yield = string_fmt_append(yield, "%d", cnt);
+ continue;
+ }
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name (from r542419, head/mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0004-Docs-fix-mistaken-variable-name)
@@ -0,0 +1,28 @@
+From aabe0ebe82297d7dec3abdfff9c3b1edc34fd8ab Mon Sep 17 00:00:00 2001
+From: Patrick Boutilier <boutilpj at ednet.ns.ca>
+Date: Tue, 2 Jun 2020 15:16:10 +0100
+Subject: [PATCH 04/26] Docs: fix mistaken variable name
+
+(cherry picked from commit eb55cb1d2c5552209e24345e9d21f83ec1eaccf6)
+---
+ README.UPDATING | 4 ++--
+
+diff --git README.UPDATING README.UPDATING
+index a0afa8df0..708027f2c 100644
+--- README.UPDATING
++++ README.UPDATING
+@@ -31,9 +31,9 @@ Exim version 4.94
+
+ Some Transports now refuse to use tainted data in constructing their delivery
+ location; this WILL BREAK configurations which are not updated accordingly.
+-In particular: any Transport use of $local_user which has been relying upon
++In particular: any Transport use of $local_part which has been relying upon
+ check_local_user far away in the Router to make it safe, should be updated to
+-replace $local_user with $local_part_data.
++replace $local_part with $local_part_data.
+
+ Attempting to remove, in router or transport, a header name that ends with
+ an asterisk (which is a standards-legal name) will now result in all headers
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0006-Docs-typoes (from r542419, head/mail/exim/files/patch-z0006-Docs-typoes)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0006-Docs-typoes Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0006-Docs-typoes)
@@ -0,0 +1,25 @@
+From de498d230862bcc49acbc6d5e76c71b1e15596c3 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Tue, 2 Jun 2020 16:34:42 +0100
+Subject: [PATCH 06/26] Docs: typoes
+
+Cherry-picked from: 1195f8f2a4
+---
+ doc/ChangeLog | 2 +-
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 94bcea29b..f858c9121 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -8,7 +8,7 @@ Since Exim version 4.94
+
+ JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used
+ as arguments, so an implementation trying to copy these into a local
+- buffer was taking a taint-enformance trap. Fix by using dynamically
++ buffer was taking a taint-enforcement trap. Fix by using dynamically
+ created buffers.
+
+ JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted- (from r542419, head/mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted-)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted- Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0007-Taint-fix-multiple-ACL-actions-to-properly-manage-tainted-)
@@ -0,0 +1,79 @@
+From 623f07cfdcaca96274ca765d0fcf0761bdf7151b Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Wed, 3 Jun 2020 11:40:17 +0100
+Subject: [PATCH 07/26] Taint: fix multiple ACL actions to properly manage
+ tainted argument data
+
+(cherry picked from commit 12b7f811de4a540d0724585aecfa33b5881e2a30)
+---
+ doc/ChangeLog | 4 +++-
+ src/acl.c | 12 ++++++------
+
+diff --git doc/ChangeLog doc/ChangeLog
+index f858c9121..015959cb6 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -13,7 +13,9 @@ JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used
+
+ JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
+ reasonable, eg. to count headers. Fix by using dynamically created
+- buffers rather than a local,
++ buffers rather than a local. Do similar fixes for ACL actions "dcc",
++ "log_reject_target", "malware" and "spam"; the arguments are expanded
++ so could be handling tainted values.
+
+
+ Exim version 4.94
+diff --git src/acl.c src/acl.c
+index c1d60bbd9..8619cd5ef 100644
+--- src/acl.c
++++ src/acl.c
+@@ -3349,11 +3349,11 @@ for (; cb; cb = cb->next)
+ {
+ /* Separate the regular expression and any optional parameters. */
+ const uschar * list = arg;
+- uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
++ uschar *ss = string_nextinlist(&list, &sep, NULL, 0);
+ /* Run the dcc backend. */
+ rc = dcc_process(&ss);
+ /* Modify return code based upon the existence of options. */
+- while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
++ while ((ss = string_nextinlist(&list, &sep, NULL, 0)))
+ if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
+ rc = FAIL; /* FAIL so that the message is passed to the next ACL */
+ }
+@@ -3514,7 +3514,7 @@ for (; cb; cb = cb->next)
+ int sep = 0;
+ const uschar *s = arg;
+ uschar * ss;
+- while ((ss = string_nextinlist(&s, &sep, big_buffer, big_buffer_size)))
++ while ((ss = string_nextinlist(&s, &sep, NULL, 0)))
+ {
+ if (Ustrcmp(ss, "main") == 0) logbits |= LOG_MAIN;
+ else if (Ustrcmp(ss, "panic") == 0) logbits |= LOG_PANIC;
+@@ -3567,7 +3567,7 @@ for (; cb; cb = cb->next)
+ {
+ /* Separate the regular expression and any optional parameters. */
+ const uschar * list = arg;
+- uschar * ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
++ uschar * ss = string_nextinlist(&list, &sep, NULL, 0);
+ uschar * opt;
+ BOOL defer_ok = FALSE;
+ int timeout = 0;
+@@ -3672,11 +3672,11 @@ for (; cb; cb = cb->next)
+ {
+ /* Separate the regular expression and any optional parameters. */
+ const uschar * list = arg;
+- uschar *ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size);
++ uschar *ss = string_nextinlist(&list, &sep, NULL, 0);
+
+ rc = spam(CUSS &ss);
+ /* Modify return code based upon the existence of options. */
+- while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
++ while ((ss = string_nextinlist(&list, &sep, NULL, 0)))
+ if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER)
+ rc = FAIL; /* FAIL so that the message is passed to the next ACL */
+ }
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0008-Fix-bi.-Bug-2590 (from r542419, head/mail/exim/files/patch-z0008-Fix-bi.-Bug-2590)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0008-Fix-bi.-Bug-2590 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0008-Fix-bi.-Bug-2590)
@@ -0,0 +1,44 @@
+From 0e8319c3edebfec2158fbaa4898af27cb3225c99 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Thu, 4 Jun 2020 15:28:15 +0100
+Subject: [PATCH 08/26] Fix -bi. Bug 2590
+
+ Actual fix from pierre.labastie at neuf.fr ; additional coding and testcase bu jgh
+ Broken-by: bdcc6f2bd5
+
+ (Cherry-picked from: 0e0e171628)
+---
+ doc/ChangeLog | 4 ++++
+ src/exim.c | 2 +-
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 015959cb6..621d5b1b5 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -17,6 +17,10 @@ JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
+ "log_reject_target", "malware" and "spam"; the arguments are expanded
+ so could be handling tainted values.
+
++JH/04 Bug 2590: Fix -bi (newaliases). A previous code rearrangement had
++ broken the (no-op) support for this sendmail command. Restore it
++ to doing nothing, silently, and returning good status.
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/exim.c src/exim.c
+index a60488e95..6143fe989 100644
+--- src/exim.c
++++ src/exim.c
+@@ -2148,7 +2148,7 @@ on the second character (the one after '-'), to save some effort. */
+ concept of *the* alias file, but since Sun's YP make script calls
+ sendmail this way, some support must be provided. */
+ case 'i':
+- if (!*++argrest) bi_option = TRUE;
++ if (!*argrest) bi_option = TRUE;
+ else badarg = TRUE;
+ break;
+
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593 (from r542419, head/mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0009-Filters-fix-vacation-in-Exim-filter.-Bug-2593)
@@ -0,0 +1,48 @@
+From 701af1005a6effaac5ce249f1c2086dc6c0c2a7f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Mon, 8 Jun 2020 13:00:55 +0100
+Subject: [PATCH 09/26] Filters: fix "vacation" in Exim filter. Bug 2593
+
+Broken-by: cfb9cf20cb (4.90)
+(cherry picked from commit 59eee1bc902f106d20f507ba16f37cb8ab5a5e8d)
+---
+ doc/ChangeLog | 5 ++
+ src/transports/autoreply.c | 6 +--
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 621d5b1b5..b9c1ec29e 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -21,6 +21,11 @@ JH/04 Bug 2590: Fix -bi (newaliases). A previous code rearrangement had
+ broken the (no-op) support for this sendmail command. Restore it
+ to doing nothing, silently, and returning good status.
+
++JH/05 Bug 2593: Fix "vacation" in Exim filter. Previously, when a "once"
++ record path was given (or the default used) without a leading directory
++ path, an error occurred on trying to open it. Use the transport's working
++ directory.
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/transports/autoreply.c src/transports/autoreply.c
+index 4c2c08b70..865abbf4f 100644
+--- src/transports/autoreply.c
++++ src/transports/autoreply.c
+@@ -474,10 +474,10 @@ if (oncelog && *oncelog && to)
+ else
+ {
+ EXIM_DATUM key_datum, result_datum;
+- uschar * dirname = string_copy(oncelog);
+- uschar * s;
++ uschar * dirname, * s;
+
+- if ((s = Ustrrchr(dirname, '/'))) *s = '\0';
++ dirname = (s = Ustrrchr(oncelog, '/'))
++ ? string_copyn(oncelog, s - oncelog) : NULL;
+ EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file);
+ if (!dbm_file)
+ {
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN (from r542419, head/mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0010-TLS-use-RFC-6125-rules-for-certifucate-name-checks-when-CN)
@@ -0,0 +1,180 @@
+From 3fe5ec41e81831028c992f77a15292872fbbac75 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Thu, 11 Jun 2020 20:45:05 +0100
+Subject: [PATCH 10/26] TLS: use RFC 6125 rules for certifucate name
+ checks when CNAMES are present. Bug 2594
+
+ (cherry picked from commit 0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6)
+---
+ doc/ChangeLog | 7 ++-
+ src/host.c | 17 +++++++
+ src/structs.h | 19 ++++----
+ src/tls-gnu.c | 4 +-
+ src/tls-openssl.c | 20 ++++-----
+
+diff --git doc/ChangeLog doc/ChangeLog
+index b9c1ec29e..612005803 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -26,6 +26,11 @@ JH/05 Bug 2593: Fix "vacation" in Exim filter. Previously, when a "once"
+ path, an error occurred on trying to open it. Use the transport's working
+ directory.
+
++JH/06 Bug 2594: Change the name used for certificate name checks in the smtp
++ transport. Previously it was the name on the DNS A-record; use instead
++ the head of the CNAME chain leading there (if there is one). This seems
++ to align better with RFC 6125.
++
+
+ Exim version 4.94
+ -----------------
+@@ -331,7 +336,7 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
+
+ JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.
+ A single TCP connection by a client will now hold a TLS connection open
+- for multiple message deliveries, by default. Previoud the default was to
++ for multiple message deliveries, by default. Previously the default was to
+ not do so.
+
+ JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by
+diff --git src/host.c src/host.c
+index 0e0e0130b..817d4446c 100644
+--- src/host.c
++++ src/host.c
+@@ -1950,6 +1950,13 @@ BOOL temp_error = FALSE;
+ int af;
+ #endif
+
++#ifndef DISABLE_TLS
++/* Copy the host name at this point to the value which is used for
++TLS certificate name checking, before anything modifies it. */
++
++host->certname = host->name;
++#endif
++
+ /* Make sure DNS options are set as required. This appears to be necessary in
+ some circumstances when the get..byname() function actually calls the DNS. */
+
+@@ -2117,6 +2124,9 @@ for (int i = 1; i <= times;
+ {
+ host_item *next = store_get(sizeof(host_item), FALSE);
+ next->name = host->name;
++#ifndef DISABLE_TLS
++ next->certname = host->certname;
++#endif
+ next->mx = host->mx;
+ next->address = text_address;
+ next->port = PORT_NONE;
+@@ -2260,6 +2270,13 @@ BOOL v6_find_again = FALSE;
+ BOOL dnssec_fail = FALSE;
+ int i;
+
++#ifndef DISABLE_TLS
++/* Copy the host name at this point to the value which is used for
++TLS certificate name checking, before any CNAME-following modifies it. */
++
++host->certname = host->name;
++#endif
++
+ /* If allow_ip is set, a name which is an IP address returns that value
+ as its address. This is used for MX records when allow_mx_to_ip is set, for
+ those sites that feel they have to flaunt the RFC rules. */
+diff --git src/structs.h src/structs.h
+index c6700d513..206237f04 100644
+--- src/structs.h
++++ src/structs.h
+@@ -80,14 +80,17 @@ typedef enum {DS_UNK=-1, DS_NO, DS_YES} dnssec_status_t;
+
+ typedef struct host_item {
+ struct host_item *next;
+- const uschar *name; /* Host name */
+- const uschar *address; /* IP address in text form */
+- int port; /* port value in host order (if SRV lookup) */
+- int mx; /* MX value if found via MX records */
+- int sort_key; /* MX*1000 plus random "fraction" */
+- int status; /* Usable, unusable, or unknown */
+- int why; /* Why host is unusable */
+- int last_try; /* Time of last try if known */
++ const uschar *name; /* Host name */
++#ifndef DISABLE_TLS
++ const uschar *certname; /* Name used for certificate checks */
++#endif
++ const uschar *address; /* IP address in text form */
++ int port; /* port value in host order (if SRV lookup) */
++ int mx; /* MX value if found via MX records */
++ int sort_key; /* MX*1000 plus random "fraction" */
++ int status; /* Usable, unusable, or unknown */
++ int why; /* Why host is unusable */
++ int last_try; /* Time of last try if known */
+ dnssec_status_t dnssec;
+ } host_item;
+
+diff --git src/tls-gnu.c src/tls-gnu.c
+index 24114f05e..875c82efa 100644
+--- src/tls-gnu.c
++++ src/tls-gnu.c
+@@ -2601,9 +2601,9 @@ if (verify_check_given_host(CUSS &ob->tls_verify_cert_hostnames, host) == OK)
+ {
+ state->exp_tls_verify_cert_hostnames =
+ #ifdef SUPPORT_I18N
+- string_domain_utf8_to_alabel(host->name, NULL);
++ string_domain_utf8_to_alabel(host->certname, NULL);
+ #else
+- host->name;
++ host->certname;
+ #endif
+ DEBUG(D_tls)
+ debug_printf("TLS: server cert verification includes hostname: \"%s\".\n",
+diff --git src/tls-openssl.c src/tls-openssl.c
+index 8c9d8aa69..a62322928 100644
+--- src/tls-openssl.c
++++ src/tls-openssl.c
+@@ -372,10 +372,10 @@ typedef struct ocsp_resp {
+ } ocsp_resplist;
+
+ typedef struct tls_ext_ctx_cb {
+- tls_support * tlsp;
+- uschar *certificate;
+- uschar *privatekey;
+- BOOL is_server;
++ tls_support * tlsp;
++ uschar * certificate;
++ uschar * privatekey;
++ BOOL is_server;
+ #ifndef DISABLE_OCSP
+ STACK_OF(X509) *verify_stack; /* chain for verifying the proof */
+ union {
+@@ -390,14 +390,14 @@ typedef struct tls_ext_ctx_cb {
+ } client;
+ } u_ocsp;
+ #endif
+- uschar *dhparam;
++ uschar * dhparam;
+ /* these are cached from first expand */
+- uschar *server_cipher_list;
++ uschar * server_cipher_list;
+ /* only passed down to tls_error: */
+- host_item *host;
++ host_item * host;
+ const uschar * verify_cert_hostnames;
+ #ifndef DISABLE_EVENT
+- uschar * event_action;
++ uschar * event_action;
+ #endif
+ } tls_ext_ctx_cb;
+
+@@ -2915,9 +2915,9 @@ if (verify_check_given_host(CUSS &ob->tls_verify_cert_hostnames, host) == OK)
+ {
+ cbinfo->verify_cert_hostnames =
+ #ifdef SUPPORT_I18N
+- string_domain_utf8_to_alabel(host->name, NULL);
++ string_domain_utf8_to_alabel(host->certname, NULL);
+ #else
+- host->name;
++ host->certname;
+ #endif
+ DEBUG(D_tls) debug_printf("Cert hostname to check: \"%s\"\n",
+ cbinfo->verify_cert_hostnames);
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition (from r542419, head/mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0011-Taint-fix-radius-expansion-condition)
@@ -0,0 +1,40 @@
+From 94d719d803caf2c0c902dceeb787795eac11a63b Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Fri, 12 Jun 2020 00:46:34 +0100
+Subject: [PATCH 11/26] Taint: fix radius expansion condition
+
+(cherry picked from commit f91219c114a3d95792d052555664a5a7a3984a8d)
+---
+ doc/ChangeLog | 2 +-
+ src/auths/call_radius.c | 3 +--
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 612005803..41d8c6276 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -9,7 +9,7 @@ Since Exim version 4.94
+ JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used
+ as arguments, so an implementation trying to copy these into a local
+ buffer was taking a taint-enforcement trap. Fix by using dynamically
+- created buffers.
++ created buffers. Similar fix for radius expansion condition.
+
+ JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is
+ reasonable, eg. to count headers. Fix by using dynamically created
+diff --git src/auths/call_radius.c src/auths/call_radius.c
+index cc269dcd5..9d10b34c6 100644
+--- src/auths/call_radius.c
++++ src/auths/call_radius.c
+@@ -96,8 +96,7 @@ int sep = 0;
+ #endif
+
+
+-user = string_nextinlist(&radius_args, &sep, big_buffer, big_buffer_size);
+-if (!user) user = US"";
++if (!(user = string_nextinlist(&radius_args, &sep, NULL, 0))) user = US"";
+
+ DEBUG(D_auth) debug_printf("Running RADIUS authentication for user \"%s\" "
+ "and \"%s\"\n", user, radius_args);
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.- (from r542419, head/mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.-)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.- Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0012-smtp_accept_map_per_host-call-search_tidyup-in-fail-path.-)
@@ -0,0 +1,42 @@
+From c165e95889471bc1a644104dd9a6129c47c56c09 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Fri, 12 Jun 2020 20:43:43 +0100
+Subject: [PATCH 12/26] smtp_accept_map_per_host: call search_tidyup in fail
+ path. Bug 2597
+
+(cherry-picked from: d3a538c8fe)
+---
+ doc/ChangeLog | 5 +++++
+ src/daemon.c | 1 +
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 41d8c6276..92298e7fc 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -31,6 +31,11 @@ JH/06 Bug 2594: Change the name used for certificate name checks in the smtp
+ the head of the CNAME chain leading there (if there is one). This seems
+ to align better with RFC 6125.
+
++JH/07 Bug 2597: Fix a resource leak. Using a lookup in obtaining a value for
++ smtp_accept_max_per_host allocated resources which were not released
++ when the limit was exceeded. This eventually crashed the daemon. Fix
++ by adding a relase action in that path.
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/daemon.c src/daemon.c
+index 2bed143a1..9d491593f 100644
+--- src/daemon.c
++++ src/daemon.c
+@@ -336,6 +336,7 @@ if ((max_for_this_host > 0) &&
+ log_write(L_connection_reject,
+ LOG_MAIN, "Connection from %s refused: too many connections "
+ "from that IP address", whofrom->s);
++ search_tidyup();
+ goto ERROR_RETURN;
+ }
+ }
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598 (from r542419, head/mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0013-Taint-fix-verify.-Bug-2598)
@@ -0,0 +1,50 @@
+From ecf1e77accda6355ebb745a0a03e97ba7eb298b2 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Sun, 14 Jun 2020 22:14:11 +0100
+Subject: [PATCH 13/26] Taint: fix verify. Bug 2598
+
+(cherry-picked from 2b60ac1021 and 9eed571fd7)
+---
+ doc/ChangeLog | 4 +++
+ src/acl.c | 4 +--
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 92298e7fc..859e87b00 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -36,6 +36,10 @@ JH/07 Bug 2597: Fix a resource leak. Using a lookup in obtaining a value for
+ when the limit was exceeded. This eventually crashed the daemon. Fix
+ by adding a relase action in that path.
+
++JH/08 Bug 2598: Fix verify ACL condition. The options for the condition are
++ expanded; previously using tainted values was rejected. Fix by using
++ dynamically-created buffers.
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/acl.c src/acl.c
+index 8619cd5ef..11d1fd028 100644
+--- src/acl.c
++++ src/acl.c
+@@ -1767,7 +1767,7 @@ switch(vp->value)
+ /* Remaining items are optional; they apply to sender and recipient
+ verification, including "header sender" verification. */
+
+-while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
++while ((ss = string_nextinlist(&list, &sep, NULL, 0)))
+ {
+ if (strcmpic(ss, US"defer_ok") == 0) defer_ok = TRUE;
+ else if (strcmpic(ss, US"no_details") == 0) no_details = TRUE;
+@@ -1804,7 +1804,7 @@ while ((ss = string_nextinlist(&list, &sep, big_buffer, big_buffer_size)))
+ uschar * opt;
+
+ while (isspace(*sublist)) sublist++;
+- while ((opt = string_nextinlist(&sublist, &optsep, buffer, sizeof(buffer))))
++ while ((opt = string_nextinlist(&sublist, &optsep, NULL, 0)))
+ {
+ callout_opt_t * op;
+ double period = 1.0F;
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603 (from r542419, head/mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0014-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug-2603)
@@ -0,0 +1,48 @@
+From 5c608b75d5bd734ddca41e4468fb22544ef96265 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Sat, 20 Jun 2020 00:54:05 +0100
+Subject: [PATCH 14/26] Fix string_copy() macro to not multiple-eval args. Bug
+ 2603
+
+Broken-by: a76d120aed
+(cherry picked from commit 80c2ec2e47c556daff00c79ee068ce68f25fd264)
+---
+ doc/ChangeLog | 6 ++++++
+ src/functions.h | 4 ++--
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 859e87b00..1173b3651 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -40,6 +40,12 @@ JH/08 Bug 2598: Fix verify ACL condition. The options for the condition are
+ expanded; previously using tainted values was rejected. Fix by using
+ dynamically-created buffers.
+
++JH/10 Bug 2603: Fix coding of string copying to only evaluate arguments once.
++ Previously a macro used one argument twice; when called with the
++ argument as an expression having side-effects, incorrect operation
++ resulted. Use an inlineable function.
++
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/functions.h src/functions.h
+index 0028deb0d..0050cdeeb 100644
+--- src/functions.h
++++ src/functions.h
+@@ -767,9 +767,9 @@ string_copy_trc(const uschar * s, const char * func, int line)
+ /* Simple string-copy functions maintaining the taint */
+
+ #define string_copyn(s, len) \
+- string_copyn_taint_trc((s), (len), is_tainted(s), __FUNCTION__, __LINE__)
++ string_copyn_trc((s), (len), __FUNCTION__, __LINE__)
+ #define string_copy(s) \
+- string_copy_taint_trc((s), is_tainted(s), __FUNCTION__, __LINE__)
++ string_copy_trc((s), __FUNCTION__, __LINE__)
+
+
+ /*************************************************
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B (from r542419, head/mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0015-Cutthrough-handle-request-when-a-callout-hold-is-active.-B)
@@ -0,0 +1,118 @@
+From cdee8a5f76cc013de5622112cd04e42d0dcf333b Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Mon, 22 Jun 2020 17:27:18 +0100
+Subject: [PATCH 15/26] Cutthrough: handle request when a callout-hold is
+ active. Bug 2604
+
+(cherry picked from commit 99bfcf2b678e7bd8125a7eb44409e46549bfc111)
+---
+ doc/ChangeLog | 4 +++
+ src/acl.c | 50 +++++++++++++++++--------------
+ src/verify.c | 4 +--
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 1173b3651..de11b4f09 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -45,6 +45,10 @@ JH/10 Bug 2603: Fix coding of string copying to only evaluate arguments once.
+ argument as an expression having side-effects, incorrect operation
+ resulted. Use an inlineable function.
+
++JH/11 Bug 2604: Fix request to cutthrough-deliver when a connection is already
++ held open for a verify callout. Previously this wan not accounted for
++ and a corrupt onward SMTP conversation resulted.
++
+
+
+ Exim version 4.94
+diff --git src/acl.c src/acl.c
+index 11d1fd028..62cb68561 100644
+--- src/acl.c
++++ src/acl.c
+@@ -3264,37 +3264,41 @@ for (; cb; cb = cb->next)
+ the case where both sides handle prdr and this-node prdr acl
+ is "accept" */
+ ignored = US"PRDR active";
++ else if (f.deliver_freeze)
++ ignored = US"frozen";
++ else if (f.queue_only_policy)
++ ignored = US"queue-only";
++ else if (fake_response == FAIL)
++ ignored = US"fakereject";
++ else if (rcpt_count != 1)
++ ignored = US"nonfirst rcpt";
++ else if (cutthrough.delivery)
++ ignored = US"repeated";
++ else if (cutthrough.callout_hold_only)
++ {
++ DEBUG(D_acl)
++ debug_printf_indent(" cutthrough request upgrades callout hold\n");
++ cutthrough.callout_hold_only = FALSE;
++ cutthrough.delivery = TRUE; /* control accepted */
++ }
+ else
+ {
+- if (f.deliver_freeze)
+- ignored = US"frozen";
+- else if (f.queue_only_policy)
+- ignored = US"queue-only";
+- else if (fake_response == FAIL)
+- ignored = US"fakereject";
+- else
++ cutthrough.delivery = TRUE; /* control accepted */
++ while (*p == '/')
+ {
+- if (rcpt_count == 1)
++ const uschar * pp = p+1;
++ if (Ustrncmp(pp, "defer=", 6) == 0)
+ {
+- cutthrough.delivery = TRUE; /* control accepted */
+- while (*p == '/')
+- {
+- const uschar * pp = p+1;
+- if (Ustrncmp(pp, "defer=", 6) == 0)
+- {
+- pp += 6;
+- if (Ustrncmp(pp, "pass", 4) == 0) cutthrough.defer_pass = TRUE;
+- /* else if (Ustrncmp(pp, "spool") == 0) ; default */
+- }
+- else
+- while (*pp && *pp != '/') pp++;
+- p = pp;
+- }
++ pp += 6;
++ if (Ustrncmp(pp, "pass", 4) == 0) cutthrough.defer_pass = TRUE;
++ /* else if (Ustrncmp(pp, "spool") == 0) ; default */
+ }
+ else
+- ignored = US"nonfirst rcpt";
++ while (*pp && *pp != '/') pp++;
++ p = pp;
+ }
+ }
++
+ DEBUG(D_acl) if (ignored)
+ debug_printf(" cutthrough request ignored on %s item\n", ignored);
+ }
+diff --git src/verify.c src/verify.c
+index fba1f6e9e..5f4181de9 100644
+--- src/verify.c
++++ src/verify.c
+@@ -875,12 +875,12 @@ tls_retry_connection:
+ case PENDING_OK: done = TRUE;
+ new_address_record.result = ccache_accept;
+ break;
+- case FAIL: done = TRUE;
++ case FAIL: done = TRUE;
+ yield = FAIL;
+ *failure_ptr = US"recipient";
+ new_address_record.result = ccache_reject;
+ break;
+- default: break;
++ default: break;
+ }
+ break;
+
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch (from r542419, head/mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0016-Lookups-Fix-subdir-filter-on-a-dsearch)
@@ -0,0 +1,53 @@
+From 777ee8ae75277c05fb72cc94f568ba4d2bfe15a6 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Thu, 25 Jun 2020 11:16:54 +0100
+Subject: [PATCH 16/26] Lookups: Fix "subdir" filter on a dsearch.
+
+(cherry picked from commit e0e21929b7426b9b5bbf5e3747797043801b1151)
+---
+ doc/ChangeLog | 2 ++
+ src/lookups/dsearch.c | 7 +++----
+
+diff --git doc/ChangeLog doc/ChangeLog
+index de11b4f09..bae9abb85 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -49,6 +49,8 @@ JH/11 Bug 2604: Fix request to cutthrough-deliver when a connection is already
+ held open for a verify callout. Previously this wan not accounted for
+ and a corrupt onward SMTP conversation resulted.
+
++JH/13 Fix dsearch "subdir" filter to ignore ".". Previously only ".." was
++ excluded, not matching the documentation.
+
+
+ Exim version 4.94
+diff --git src/lookups/dsearch.c src/lookups/dsearch.c
+index 455273fb1..501293ac0 100644
+--- src/lookups/dsearch.c
++++ src/lookups/dsearch.c
+@@ -125,8 +125,7 @@ if ( Ulstat(filename, &statbuf) >= 0
+ && S_ISDIR(statbuf.st_mode)
+ && ( flags & FILTER_DIR
+ || keystring[0] != '.'
+- || keystring[1] != '.'
+- || keystring[1] && keystring[2]
++ || keystring[1] && keystring[1] != '.'
+ ) ) ) )
+ {
+ /* Since the filename exists in the filesystem, we can return a
+@@ -135,10 +134,10 @@ if ( Ulstat(filename, &statbuf) >= 0
+ return OK;
+ }
+
+-if (errno == ENOENT) return FAIL;
++if (errno == ENOENT || errno == 0) return FAIL;
+
+ save_errno = errno;
+-*errmsg = string_sprintf("%s: lstat failed", filename);
++*errmsg = string_sprintf("%s: lstat: %s", filename, strerror(errno));
+ errno = save_errno;
+ return DEFER;
+ }
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606 (from r542419, head/mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606 Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0018-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bug-2606)
@@ -0,0 +1,59 @@
+From 2be77199fc9009ab796ad2d67eed20d8da4773c7 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Sun, 28 Jun 2020 15:24:21 +0100
+Subject: [PATCH 18/26] Sqlite: fix segfault on bad/missing sqlite_dbfile.
+ Bug 2606
+
+(cherry picked from commit 3d0472791a0928963a3f8184fe28479e80d1a47d)
+---
+ doc/ChangeLog | 3 +++
+ src/lookups/sqlite.c | 13 ++++++++++---
+
+diff --git doc/ChangeLog doc/ChangeLog
+index bae9abb85..8a13bda87 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -52,6 +52,9 @@ JH/11 Bug 2604: Fix request to cutthrough-deliver when a connection is already
+ JH/13 Fix dsearch "subdir" filter to ignore ".". Previously only ".." was
+ excluded, not matching the documentation.
+
++JH/14 Bug 2606: Fix a segfault in sqlite lookups. When no, or a bad, filename
++ was given for the sqlite_dbfile a trap resulted.
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/lookups/sqlite.c src/lookups/sqlite.c
+index dc4439153..1638ea401 100644
+--- src/lookups/sqlite.c
++++ src/lookups/sqlite.c
+@@ -24,16 +24,23 @@ sqlite_open(const uschar * filename, uschar ** errmsg)
+ sqlite3 *db = NULL;
+ int ret;
+
+-if (!filename || !*filename) filename = sqlite_dbfile;
+-if (*filename != '/')
++if (!filename || !*filename)
++ {
++ DEBUG(D_lookup) debug_printf_indent("Using sqlite_dbfile: %s\n", sqlite_dbfile);
++ filename = sqlite_dbfile;
++ }
++if (!filename || *filename != '/')
+ *errmsg = US"absolute file name expected for \"sqlite\" lookup";
+ else if ((ret = sqlite3_open(CCS filename, &db)) != 0)
+ {
+ *errmsg = (void *)sqlite3_errmsg(db);
++ sqlite3_close(db);
++ db = NULL;
+ DEBUG(D_lookup) debug_printf_indent("Error opening database: %s\n", *errmsg);
+ }
+
+-sqlite3_busy_timeout(db, 1000 * sqlite_lock_timeout);
++if (db)
++ sqlite3_busy_timeout(db, 1000 * sqlite_lock_timeout);
+ return db;
+ }
+
+--
+2.24.3 (Apple Git-128)
+
Copied: branches/2020Q3/mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume (from r542419, head/mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2020Q3/mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume Sat Jul 18 09:54:49 2020 (r542486, copy of r542419, head/mail/exim/files/patch-z0019-Taint-fix-ACL-spam-condition-to-permit-tainted-name-argume)
@@ -0,0 +1,52 @@
+From 5f3e2ac9f39db5c8ef5a408929c8a5aba957b20f Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb at wizmail.org>
+Date: Mon, 29 Jun 2020 17:26:36 +0100
+Subject: [PATCH 19/26] Taint: fix ACL "spam" condition, to permit tainted
+ name arguments.
+
+Cherry-picked from: 62b2ccce05
+---
+ doc/ChangeLog | 4 ++++
+ src/spam.c | 5 +----
+
+diff --git doc/ChangeLog doc/ChangeLog
+index 8a13bda87..6a867c716 100644
+--- doc/ChangeLog
++++ doc/ChangeLog
+@@ -55,6 +55,10 @@ JH/13 Fix dsearch "subdir" filter to ignore ".". Previously only ".." was
+ JH/14 Bug 2606: Fix a segfault in sqlite lookups. When no, or a bad, filename
+ was given for the sqlite_dbfile a trap resulted.
+
++JH/15 Fix "spam" ACL condition. Previously, tainted values for the "name"
++ argument resulted in a trap. There is no reason to disallow such; this
++ was a coding error.
++
+
+ Exim version 4.94
+ -----------------
+diff --git src/spam.c src/spam.c
+index 5eff1ad5c..63ced4f65 100644
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-all
mailing list