diff options
Diffstat (limited to 'mail-mta/exim/files')
| -rw-r--r-- | mail-mta/exim/files/exim-4.20-maildir.patch | 14 | ||||
| -rw-r--r-- | mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch | 83 | ||||
| -rw-r--r-- | mail-mta/exim/files/exim-4.93-fno-common.patch | 16 | ||||
| -rw-r--r-- | mail-mta/exim/files/exim-4.93-localscan_dlopen.patch | 269 | ||||
| -rw-r--r-- | mail-mta/exim/files/exim-4.93-radius.patch | 66 | ||||
| -rw-r--r-- | mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch | 35 |
6 files changed, 0 insertions, 483 deletions
diff --git a/mail-mta/exim/files/exim-4.20-maildir.patch b/mail-mta/exim/files/exim-4.20-maildir.patch deleted file mode 100644 index 3cb198d545c1..000000000000 --- a/mail-mta/exim/files/exim-4.20-maildir.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -urN ./exim-4.20.orig/src/configure.default exim-4.20/src/configure.default ---- ./exim-4.20.orig/src/configure.default 2003-06-27 16:48:22.000000000 -0700 -+++ exim-4.20/src/configure.default 2003-06-27 16:52:20.000000000 -0700 -@@ -451,7 +451,9 @@ - - local_delivery: - driver = appendfile -- file = /var/mail/$local_part -+# file = /var/mail/$local_part -+ directory = /home/$local_part/.maildir -+ maildir_format - delivery_date_add - envelope_to_add - return_path_add diff --git a/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch b/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch deleted file mode 100644 index c957d5541e47..000000000000 --- a/mail-mta/exim/files/exim-4.93-CVE-2020-12783.patch +++ /dev/null @@ -1,83 +0,0 @@ -auths/spa: fix for CVE-2020-12783 - -This is a combined patch of git commits: - -57aa14b216432be381b6295c312065b2fd034f86 -a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 - -leaving out whitespace noise for a smaller patch -and made it apply to the 4.93 release - -modified paths because Exim dists differ in layout from the git repo - -Fix SPA authenticator, checking client-supplied data before using it. Bug 2571 -Rework SPA fix to avoid overflows. Bug 2571 - - ---- a/src/auths/auth-spa.c -+++ b/src/auths/auth-spa.c -@@ -405,7 +405,7 @@ int - /* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */ - { - int len = 0; -- register uschar digit1, digit2, digit3, digit4; -+ uschar digit1, digit2, digit3, digit4; - - if (in[0] == '+' && in[1] == ' ') - in += 2; ---- a/src/auths/spa.c -+++ b/src/auths/spa.c -@@ -139,7 +139,8 @@ SPAAuthChallenge challenge; - SPAAuthResponse response; - SPAAuthResponse *responseptr = &response; - uschar msgbuf[2048]; --uschar *clearpass; -+uschar *clearpass, *s; -+unsigned off; - - /* send a 334, MS Exchange style, and grab the client's request, - unless we already have it via an initial response. */ -@@ -194,9 +195,19 @@ that causes failure if the size of msgbuf is exceeded. ****/ - - { - int i; -- char *p = ((char*)responseptr) + IVAL(&responseptr->uUser.offset,0); -+ char * p; - int len = SVAL(&responseptr->uUser.len,0)/2; - -+ if ( (off = IVAL(&responseptr->uUser.offset,0)) >= sizeof(SPAAuthResponse) -+ || len >= sizeof(responseptr->buffer)/2 -+ || (p = (CS responseptr) + off) + len*2 >= CS (responseptr+1) -+ ) -+ { -+ DEBUG(D_auth) -+ debug_printf("auth_spa_server(): bad uUser spec in response\n"); -+ return FAIL; -+ } -+ - if (len + 1 >= sizeof(msgbuf)) return FAIL; - for (i = 0; i < len; ++i) - { -@@ -245,12 +256,16 @@ spa_smb_nt_encrypt(clearpass, challenge.challengeData, ntRespData); - - /* compare NT hash (LM may not be available) */ - --if (memcmp(ntRespData, -- ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0), -- 24) == 0) -- /* success. we have a winner. */ -- { -+off = IVAL(&responseptr->ntResponse.offset,0); -+if (off >= sizeof(SPAAuthResponse) - 24) -+ { -+ DEBUG(D_auth) -+ debug_printf("auth_spa_server(): bad ntRespData spec in response\n"); -+ return FAIL; -+ } -+s = (US responseptr) + off; -+ -+if (memcmp(ntRespData, s, 24) == 0) - return auth_check_serv_cond(ablock); -- } - - /* Expand server_condition as an authorization check (PH) */ diff --git a/mail-mta/exim/files/exim-4.93-fno-common.patch b/mail-mta/exim/files/exim-4.93-fno-common.patch deleted file mode 100644 index c5fff1c6720c..000000000000 --- a/mail-mta/exim/files/exim-4.93-fno-common.patch +++ /dev/null @@ -1,16 +0,0 @@ -Fix -fno-common linking - -Bug: https://bugs.gentoo.org/723430 -Bug: https://bugs.exim.org/show_bug.cgi?id=2577 - ---- exim-4.93.0.4/src/globals.h -+++ exim-4.93.0.4/src/globals.h -@@ -342,7 +342,7 @@ - extern BOOL allow_domain_literals; /* As it says */ - extern BOOL allow_mx_to_ip; /* Allow MX records to -> ip address */ - #ifdef EXPERIMENTAL_ARC --struct arc_set *arc_received; /* highest ARC instance evaluation struct */ -+extern struct arc_set *arc_received; /* highest ARC instance evaluation struct */ - extern int arc_received_instance; /* highest ARC instance number in headers */ - extern int arc_oldest_pass; /* lowest passing instance number in headers */ - extern const uschar *arc_state; /* verification state */ diff --git a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch deleted file mode 100644 index 0d016dbeb26d..000000000000 --- a/mail-mta/exim/files/exim-4.93-localscan_dlopen.patch +++ /dev/null @@ -1,269 +0,0 @@ -diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults ---- exim-4.92.orig/src/config.h.defaults 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/config.h.defaults 2019-02-16 18:17:24.547216157 +0100 -@@ -32,6 +32,8 @@ - - #define AUTH_VARS 3 - -+#define DLOPEN_LOCAL_SCAN -+ - #define BIN_DIRECTORY - - #define CONFIGURE_FILE -Only in exim-4.92/src: config.h.defaults.orig -diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME ---- exim-4.92.orig/src/EDITME 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/EDITME 2019-02-16 18:17:24.547216157 +0100 -@@ -824,6 +824,24 @@ - - - #------------------------------------------------------------------------------ -+# On systems which support dynamic loading of shared libraries, Exim can -+# load a local_scan function specified in its config file instead of having -+# to be recompiled with the desired local_scan function. For a full -+# description of the API to this function, see the Exim specification. -+ -+#DLOPEN_LOCAL_SCAN=yes -+ -+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the -+# linker flags. Without it, the loaded .so won't be able to access any -+# functions from exim. -+ -+LFLAGS = -rdynamic -+ifeq ($(OSTYPE),Linux) -+LFLAGS += -ldl -+endif -+ -+ -+#------------------------------------------------------------------------------ - # The default distribution of Exim contains only the plain text form of the - # documentation. Other forms are available separately. If you want to install - # the documentation in "info" format, first fetch the Texinfo documentation -Only in exim-4.92/src: EDITME.orig -diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c ---- exim-4.92.orig/src/globals.c 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/globals.c 2019-02-16 18:17:24.549216150 +0100 -@@ -41,6 +41,10 @@ - - uschar *no_aliases = NULL; - -+#ifdef DLOPEN_LOCAL_SCAN -+uschar *local_scan_path = NULL; -+#endif -+ - - /* For comments on these variables, see globals.h. I'm too idle to - duplicate them here... */ -Only in exim-4.92/src: globals.c.orig -diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h ---- exim-4.92.orig/src/globals.h 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/globals.h 2019-02-16 18:17:24.549216150 +0100 -@@ -152,6 +152,9 @@ - extern int (*receive_ferror)(void); - extern BOOL (*receive_smtp_buffered)(void); - -+#ifdef DLOPEN_LOCAL_SCAN -+extern uschar *local_scan_path; /* Path to local_scan() library */ -+#endif - - /* For clearing, saving, restoring address expansion variables. We have to have - the size of this vector set explicitly, because it is referenced from more than -Only in exim-4.92/src: globals.h.orig -diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c ---- exim-4.92.orig/src/local_scan.c 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/local_scan.c 2019-02-16 18:29:56.832732592 +0100 -@@ -5,61 +5,133 @@ - /* Copyright (c) University of Cambridge 1995 - 2009 */ - /* See the file NOTICE for conditions of use and distribution. */ - -+#include "local_scan.h" - --/****************************************************************************** --This file contains a template local_scan() function that just returns ACCEPT. --If you want to implement your own version, you should copy this file to, say --Local/local_scan.c, and edit the copy. To use your version instead of the --default, you must set -- --HAVE_LOCAL_SCAN=yes --LOCAL_SCAN_SOURCE=Local/local_scan.c -- --in your Local/Makefile. This makes it easy to copy your version for use with --subsequent Exim releases. -- --For a full description of the API to this function, see the Exim specification. --******************************************************************************/ -- -- --/* This is the only Exim header that you should include. The effect of --including any other Exim header is not defined, and may change from release to --release. Use only the documented interface! */ -- --#include "local_scan.h" -- -- --/* This is a "do-nothing" version of a local_scan() function. The arguments --are: -- -- fd The file descriptor of the open -D file, which contains the -- body of the message. The file is open for reading and -- writing, but modifying it is dangerous and not recommended. -- -- return_text A pointer to an unsigned char* variable which you can set in -- order to return a text string. It is initialized to NULL. -- --The return values of this function are: -- -- LOCAL_SCAN_ACCEPT -- The message is to be accepted. The return_text argument is -- saved in $local_scan_data. -- -- LOCAL_SCAN_REJECT -- The message is to be rejected. The returned text is used -- in the rejection message. -- -- LOCAL_SCAN_TEMPREJECT -- This specifies a temporary rejection. The returned text -- is used in the rejection message. --*/ -+#ifdef DLOPEN_LOCAL_SCAN -+#include <stdlib.h> -+#include <dlfcn.h> -+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; -+static int load_local_scan_library(void); -+extern uschar *local_scan_path; /* Path to local_scan() library */ -+#endif - - int - local_scan(int fd, uschar **return_text) - { - fd = fd; /* Keep picky compilers happy */ - return_text = return_text; --return LOCAL_SCAN_ACCEPT; -+#ifdef DLOPEN_LOCAL_SCAN -+/* local_scan_path is defined AND not the empty string */ -+if (local_scan_path && *local_scan_path) -+ { -+ if (!local_scan_fn) -+ { -+ if (!load_local_scan_library()) -+ { -+ char *base_msg , *error_msg , *final_msg ; -+ int final_length = -1 ; -+ -+ base_msg=US"Local configuration error - local_scan() library failure\n"; -+ error_msg = dlerror() ; -+ -+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ; -+ final_msg = (char*)malloc( final_length*sizeof(char) ) ; -+ *final_msg = '\0' ; -+ -+ strcat( final_msg , base_msg ) ; -+ strcat( final_msg , error_msg ) ; -+ -+ *return_text = final_msg ; -+ return LOCAL_SCAN_TEMPREJECT; -+ } -+ } -+ return local_scan_fn(fd, return_text); -+ } -+else -+#endif -+ return LOCAL_SCAN_ACCEPT; -+} -+ -+#ifdef DLOPEN_LOCAL_SCAN -+ -+static int load_local_scan_library(void) -+{ -+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */ -+void *local_scan_lib = NULL; -+int (*local_scan_version_fn)(void); -+int vers_maj; -+int vers_min; -+ -+local_scan_lib = dlopen(local_scan_path, RTLD_NOW); -+if (!local_scan_lib) -+ { -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - " -+ "message temporarily rejected"); -+ return FALSE; -+ } -+ -+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major"); -+if (!local_scan_version_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan_version_major() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+/* The major number is increased when the ABI is changed in a non -+ backward compatible way. */ -+vers_maj = local_scan_version_fn(); -+ -+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor"); -+if (!local_scan_version_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan_version_minor() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+/* The minor number is increased each time a new feature is added (in a -+ way that doesn't break backward compatibility) -- Marc */ -+vers_min = local_scan_version_fn(); -+ -+ -+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR) -+ { -+ dlclose(local_scan_lib); -+ local_scan_lib = NULL; -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major" -+ "version number, you need to recompile your module for this version" -+ "of exim (The module was compiled for version %d.%d and this exim provides" -+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, -+ LOCAL_SCAN_ABI_VERSION_MINOR); -+ return FALSE; -+ } -+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR) -+ { -+ dlclose(local_scan_lib); -+ local_scan_lib = NULL; -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor" -+ "version number, you need to recompile your module for this version" -+ "of exim (The module was compiled for version %d.%d and this exim provides" -+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, -+ LOCAL_SCAN_ABI_VERSION_MINOR); -+ return FALSE; -+ } -+ -+local_scan_fn = dlsym(local_scan_lib, "local_scan"); -+if (!local_scan_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+return TRUE; - } - -+#endif /* DLOPEN_LOCAL_SCAN */ -+ - /* End of local_scan.c */ -diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c ---- exim-4.92.orig/src/readconf.c 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/readconf.c 2019-02-16 18:18:46.013947455 +0100 -@@ -199,6 +199,9 @@ - { "local_from_prefix", opt_stringptr, &local_from_prefix }, - { "local_from_suffix", opt_stringptr, &local_from_suffix }, - { "local_interfaces", opt_stringptr, &local_interfaces }, -+#ifdef DLOPEN_LOCAL_SCAN -+ { "local_scan_path", opt_stringptr, &local_scan_path }, -+#endif - #ifdef HAVE_LOCAL_SCAN - { "local_scan_timeout", opt_time, &local_scan_timeout }, - #endif diff --git a/mail-mta/exim/files/exim-4.93-radius.patch b/mail-mta/exim/files/exim-4.93-radius.patch deleted file mode 100644 index 55c52bee561f..000000000000 --- a/mail-mta/exim/files/exim-4.93-radius.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 70b28b113e21d21a528876c3abe88ccb5f7cc77d Mon Sep 17 00:00:00 2001 -From: Fabian Groffen <grobian@gentoo.org> -Date: Sat, 9 May 2020 11:35:12 +0200 -Subject: [PATCH] call_radius: fix compilation due to incorrect usage of - string_sprintf - -Since f3ebb786e451da973560f1c9d8cdb151d25108b5, string_sprintf cannot be -used without arguments any more, so use US directly. - -While at it, also make newline usage consistent to not return a newline -in errptr, when it is debug-printed, a newline is added. - -https://bugs.gentoo.org/720364 - -Signed-off-by: Fabian Groffen <grobian@gentoo.org> ---- - src/src/auths/call_radius.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/src/auths/call_radius.c b/src/src/auths/call_radius.c -index c3637436d..253fd75cd 100644 ---- a/src/src/auths/call_radius.c -+++ b/src/src/auths/call_radius.c -@@ -115,16 +115,16 @@ if (rc_read_config(RADIUS_CONFIG_FILE) != 0) - *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE); - - else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) -- *errptr = string_sprintf("RADIUS: can't read dictionary"); -+ *errptr = US("RADIUS: can't read dictionary"); - - else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add user name failed\n"); -+ *errptr = US("RADIUS: add user name failed"); - - else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add password failed\n"); -+ *errptr = US("RADIUS: add password failed"); - - else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add service type failed\n"); -+ *errptr = US("RADIUS: add service type failed"); - - #else /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */ - -@@ -132,17 +132,17 @@ if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL) - *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE); - - else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0) -- *errptr = string_sprintf("RADIUS: can't read dictionary"); -+ *errptr = US("RADIUS: can't read dictionary"); - - else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL) -- *errptr = string_sprintf("RADIUS: add user name failed\n"); -+ *errptr = US("RADIUS: add user name failed"); - - else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args, - Ustrlen(radius_args), 0) == NULL) -- *errptr = string_sprintf("RADIUS: add password failed\n"); -+ *errptr = US("RADIUS: add password failed"); - - else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add service type failed\n"); -+ *errptr = US("RADIUS: add service type failed"); - - #endif /* RADIUS_LIB_RADIUSCLIENT */ - diff --git a/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch b/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch deleted file mode 100644 index 81863d340edb..000000000000 --- a/mail-mta/exim/files/exim-4.94-taint-pam-expansion.patch +++ /dev/null @@ -1,35 +0,0 @@ -From f7f933a199be8bb7362c715e0040545b514cddca Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146exb@wizmail.org> -Date: Tue, 2 Jun 2020 14:50:31 +0100 -Subject: [PATCH] Taint: fix pam expansion condition. Bug 2587 - ---- - doc/doc-txt/ChangeLog | 5 +++++ - src/src/auths/call_pam.c | 5 ++--- - 2 files changed, 7 insertions(+), 3 deletions(-) - -modified for gentoo so the patch applies by dropping Changelog part - -diff --git a/src/src/auths/call_pam.c b/src/src/auths/call_pam.c -index 2959cbbf3..80bb23ec3 100644 ---- a/src/src/auths/call_pam.c -+++ b/src/src/auths/call_pam.c -@@ -83,8 +83,7 @@ for (int i = 0; i < num_msg; i++) - { - case PAM_PROMPT_ECHO_ON: - case PAM_PROMPT_ECHO_OFF: -- arg = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size); -- if (!arg) -+ if (!(arg = string_nextinlist(&pam_args, &sep, NULL, 0))) - { - arg = US""; - pam_arg_ended = TRUE; -@@ -155,7 +154,7 @@ pam_arg_ended = FALSE; - fail. PAM doesn't support authentication with an empty user (it prompts for it, - causing a potential mis-interpretation). */ - --user = string_nextinlist(&pam_args, &sep, big_buffer, big_buffer_size); -+user = string_nextinlist(&pam_args, &sep, NULL, 0); - if (user == NULL || user[0] == 0) return FAIL; - - /* Start off PAM interaction */ |