commit: ebbb267cd03106c7b1ddd9e9203545c62159438a Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> AuthorDate: Sat Oct 18 12:57:00 2025 +0000 Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> CommitDate: Sat Oct 18 12:57:40 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebbb267c
mail-mta/exim: revbump 4.98.2-r2 for USE=gsasl drop old 4.97.1 Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> mail-mta/exim/Manifest | 2 - ...exim-4.97.1-r6.ebuild => exim-4.98.2-r2.ebuild} | 112 ++++---- mail-mta/exim/files/auth_conf.sub | 36 +-- .../files/exim-4.97.1-CVE-2024-39929-part1.patch | 111 -------- .../files/exim-4.97.1-CVE-2024-39929-part2.patch | 247 ------------------ .../files/exim-4.97.1-memory-usage-bug-3047.patch | 288 --------------------- mail-mta/exim/metadata.xml | 1 + 7 files changed, 71 insertions(+), 726 deletions(-) diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest index bd959e148fff..36e1a105769f 100644 --- a/mail-mta/exim/Manifest +++ b/mail-mta/exim/Manifest @@ -1,5 +1,3 @@ -DIST exim-4.97.1.tar.xz 1919308 BLAKE2B ea41bf851185c7330e648c7757f2bf0b0aea3133e399630a40d220f5f542e9055e3ed0cd67c9ee5dcede281ccc17919a4ac328abd8f05d4d828e0381f10df0b8 SHA512 eab7ca28b37f1635c48f5e963ab69fcbad539b2c35a84286ecaad7d7ff5210bbefce86452302e08099afdc0710f9cb7ca6d9b152b0ba88a19292f7c5541e0cfc DIST exim-4.98.2.tar.xz 1929020 BLAKE2B 7e8b11de364735a0d3d1d1d269ec0a8030530daca141163fb5a57c6f2a93dbd6298cbb0fc422d9e9f4ca363e675923fe952ba52080767a6f9c21ace9d01821ab SHA512 aaa4cfc8aee90818c6d1c2fd0cf64b82668d1a343f462f678b38b2b79e10a467240f2e81786eec7705eec3598d23686a74437c50b68502f29ff67788393c812a -DIST exim-pdf-4.97.1.tar.xz 2139688 BLAKE2B baadbb6ca7b88b11ea88f6b5ce0c96d9d713a1f5b358e4dfb52647ccc2bb1a9a6f74e75341839a8ee7df327f2f5645dbf223e4e5923631b02aa53a777701b436 SHA512 6aa733b1d48b6237f458939ff53e484e702f47a0c10ba781ba101db404d39667bd2ddc876af4f597deda1991e534d5b8b874c549e6a86b5325ebd624a6713183 DIST exim-pdf-4.98.2.tar.xz 2139176 BLAKE2B 7ac5a0e4107ce3928417bcc39fef6ad6ab817ad415290dc2be913f5df56ee24ee89b26ed7be07b10580b14690b89548ef9c14ed98ddaa57133ec4d6940e2014d SHA512 ca33c47911e44f1d3918180389259e9f2e7256a2186130667dfbe71d244eb3d8df5d56136fe48b564cc756c776678780d444afc99f3163e2852f9e067739fd34 DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 diff --git a/mail-mta/exim/exim-4.97.1-r6.ebuild b/mail-mta/exim/exim-4.98.2-r2.ebuild similarity index 89% rename from mail-mta/exim/exim-4.97.1-r6.ebuild rename to mail-mta/exim/exim-4.98.2-r2.ebuild index b1b36f3c2a22..2cdf311f0ef3 100644 --- a/mail-mta/exim/exim-4.97.1-r6.ebuild +++ b/mail-mta/exim/exim-4.98.2-r2.ebuild @@ -1,14 +1,32 @@ # Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="7" +EAPI="8" inherit db-use flag-o-matic toolchain-funcs pam systemd +DESCRIPTION="A highly configurable, drop-in replacement for sendmail" +HOMEPAGE="https://www.exim.org/"; + +SDIR=$( + [[ ${PV} == *_rc* ]] && echo /test + [[ ${PV} == *.*.*.* ]] && echo /fixes +) +COMM_URI="https://downloads.exim.org/exim4${SDIR}"; + +SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz + mirror://gentoo/system_filter.exim.gz + doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" +S=${WORKDIR}/${P//_rc/-RC} + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" + IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl -dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx -mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux -socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" + dsn gdbm gnutls gsasl idn ipv6 ldap lmtp maildir mbx + mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl + selinux socks5 spf sqlite srs +ssl syslog +tdb tcpd +tpda" REQUIRED_USE=" arc? ( dkim spf ) dane? ( ssl !gnutls ) @@ -17,7 +35,7 @@ REQUIRED_USE=" dkim? ( ssl !gnutls ) gnutls? ( ssl ) pkcs11? ( ssl ) - || ( berkdb gdbm tdb ) + || ( berkdb gdbm tdb sqlite ) " # NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked # for x86 and amd64 only (probably due to unbound dep) @@ -31,21 +49,6 @@ REQUIRED_USE=" # We cannot express a required use for berkdb/gdbm/tdb correctly because # berkdb and gdbm are both enabled in base profile -SDIR=$([[ ${PV} == *_rc* ]] && echo /test - [[ ${PV} == *.*.*.* ]] && echo /fixes) -COMM_URI="https://downloads.exim.org/exim4${SDIR}"; - -GPV="r0" -DESCRIPTION="A highly configurable, drop-in replacement for sendmail" -SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz - mirror://gentoo/system_filter.exim.gz - doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" -HOMEPAGE="https://www.exim.org/"; - -SLOT="0" -LICENSE="GPL-2" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ppc ppc64 ~sparc x86" - COMMON_DEPEND=">=sys-apps/sed-4.0.5 dev-libs/libpcre2:= tdb? ( sys-libs/tdb:= ) @@ -75,21 +78,15 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5 mysql? ( dev-db/mysql-connector-c:= ) postgres? ( dev-db/postgresql:= ) sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) + gsasl? ( net-misc/gsasl ) redis? ( dev-libs/hiredis:= ) spf? ( >=mail-filter/libspf2-1.2.5-r1 ) dmarc? ( mail-filter/opendmarc:= ) - X? ( - x11-libs/libX11 - x11-libs/libXmu - x11-libs/libXt - x11-libs/libXaw - ) - sqlite? ( dev-db/sqlite ) + sqlite? ( dev-db/sqlite:= ) radius? ( net-dialup/freeradius-client ) virtual/libcrypt:= virtual/libiconv " - # added X check for #57206 BDEPEND="virtual/pkgconfig" DEPEND="${COMMON_DEPEND}" RDEPEND="${COMMON_DEPEND} @@ -108,8 +105,6 @@ RDEPEND="${COMMON_DEPEND} selinux? ( sec-policy/selinux-exim ) " -S=${WORKDIR}/${P//_rc/-RC} - src_prepare() { # Legacy patches which need a respin for -p1 eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch @@ -119,10 +114,7 @@ src_prepare() { eapply "${FILESDIR}"/exim-4.69-r1.27021.patch eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch - eapply "${FILESDIR}"/exim-4.97.1-memory-usage-bug-3047.patch # 922780 - - eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part1.patch - eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part2.patch + eapply "${FILESDIR}"/exim-4.98-tidydb-crash.patch # upstream #3144 # oddity, they disable berkdb as hack, and then throw an error when # berkdb isn't enabled @@ -170,6 +162,7 @@ src_configure() { -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ + -e "s:^LOOKUP_DBM = yes:# LOOKUP_DBM = yes:" \ src/EDITME > Local/Makefile || die # work on Local/Makefile from now on @@ -184,34 +177,40 @@ src_configure() { EOC # configure db implementation, Exim always needs one for its hints - # database, we prefer tdb and gdbm, since bdb is kind of getting - # less and less support - if use tdb ; then + # database, we prefer sqlite, tdb and gdbm, since bdb is kind of + # getting less and less support + sed -i \ + -e 's:^USE_DB=yes:# USE_DB=yes:' \ + -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' \ + -e 's:^USE_TDB=yes:# USE_TDB=yes:' \ + -e 's:^USE_SQLITE=yes:# USE_SQLITE=yes:' \ + Makefile || die + if use sqlite ; then + cat >> Makefile <<- EOC + USE_SQLITE=yes + DBMLIB = -lsqlite3 + EOC + elif use tdb ; then cat >> Makefile <<- EOC USE_TDB=yes DBMLIB = -ltdb EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die elif use gdbm ; then cat >> Makefile <<- EOC USE_GDBM=yes DBMLIB = -lgdbm EOC - sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die else # must be berkdb via required_use # use the "native" interfaces to the DBM and CDB libraries, support # passwd and directory lookups by default local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" cat >> Makefile <<- EOC USE_DB=yes + LOOKUP_DBM = yes # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h CFLAGS += -I$(db_includedir ${DB_VERS}) DBMLIB = -l$(db_libname ${DB_VERS}) EOC - sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die - sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die fi # if we use libiconv, now is the time to tell so @@ -328,15 +327,6 @@ src_configure() { EOC fi - # Exim monitor, enabled by default, controlled via X USE-flag, - # disable if not requested, bug #46778 - if use X; then - cp ../exim_monitor/EDITME eximon.conf || die - cat >> Makefile <<- EOC - EXIM_MONITOR=eximon.bin - EOC - fi - # # features # @@ -519,6 +509,14 @@ src_configure() { EOC fi + # GNU SASL + if use gsasl; then + cat >> Makefile <<- EOC + AUTH_GSASL=yes + AUTH_GSASL_PC=libgsasl + EOC + fi + # Pluggable Authentication Modules if use pam; then cat >> Makefile <<- EOC @@ -545,10 +543,6 @@ src_compile() { src_install() { cd "${S}"/build-exim-gentoo || die dosbin exim - if use X; then - dosbin eximon.bin - dosbin eximon - fi fperms 4755 /usr/sbin/exim dosym exim /usr/sbin/sendmail @@ -630,8 +624,6 @@ pkg_postinst() { fi use dsn && einfo "extra information in fail DSN message is experimental" einfo - elog "Note that this release contains a tainted variable check that" - elog "is likely to break your configuration used with Exim 4.93 and before." - elog "Please check your transports for occurences of \$local_part, and" - elog "use a replacement like \$local_part_data where possible." + elog "Support for eximon via USE=X was dropped in this ebuild." + elog "The eximon code no longer compiles using recent compilers." } diff --git a/mail-mta/exim/files/auth_conf.sub b/mail-mta/exim/files/auth_conf.sub index 24434a7164a1..f843314d6e67 100644 --- a/mail-mta/exim/files/auth_conf.sub +++ b/mail-mta/exim/files/auth_conf.sub @@ -1,25 +1,25 @@ ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### -# If you're using PAM to authenticate, lifes real simple. -# This plain directive works for nearly everything except windows MUA's the -# login directive will allow you to authenticate your Outlook 2000 and -# outlook express clients. - +# Using PAM with Exim on Gentoo is non-ideal from security perspective, see: +# https://bugs.gentoo.org/964377 +# Suggestion is to use Dovecot's SASL +# https://doc.dovecot.org/2.4.1/howto/sasl/exim.html#exim-and-dovecot-sasl +# or GNU SASL +# https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_gsasl_authenticator.html +# The "plain" directive works for nearly everything except windows MUA's. +# The "login" directive will allow you to authenticate your Outlook 2000 and +# outlook express clients. -plain: - driver = plaintext - public_name = PLAIN - server_condition = "${if pam{$2:$3}{1}{0}}" - server_set_id = $2 -login: - driver = plaintext - public_name = LOGIN - server_prompts = "Username:: : Password::" - server_condition = "${if pam{$1:${sg{$2}{:}{::}}}{1}{0}}" - server_set_id = $1 +# below an example of how to use GNU SASL +#plain: +# driver = gsasl +# public_name = PLAIN +# server_set_id = $auth1 # -# FIXME -# Need to add authenticator for SPA!! +#login: +# driver = gsasl +# public_name = LOGIN +# server_set_id = $auth1 diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch deleted file mode 100644 index e83a44abc986..000000000000 --- a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch +++ /dev/null @@ -1,111 +0,0 @@ -patch reduced to code only - -From: Jeremy Harris <[email protected]> -Date: Mon, 1 Jul 2024 18:35:12 +0000 (+0100) -Subject: Fix MIME parsing of filenames specified using multiple parameters. Bug 3099 -X-Git-Tag: exim-4.98-RC3~2 -X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6ce5c70cff89 - -Fix MIME parsing of filenames specified using multiple parameters. Bug 3099 ---- - -diff --git a/src/src/mime.c b/src/src/mime.c -index 975ddca85..5f9e1ade7 100644 ---- a/src/src/mime.c -+++ b/src/src/mime.c -@@ -587,10 +587,10 @@ while(1) - - while (*p) - { -- DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: considering paramlist '%s'\n", p); - -- if ( !mime_filename -- && strncmpic(CUS"content-disposition:", header, 20) == 0 -+ if ( strncmpic(CUS"content-disposition:", header, 20) == 0 - && strncmpic(CUS"filename*", p, 9) == 0 - ) - { /* RFC 2231 filename */ -@@ -604,11 +604,12 @@ while(1) - - if (q && *q) - { -- uschar * temp_string, * err_msg; -+ uschar * temp_string, * err_msg, * fname = q; - int slen; - - /* build up an un-decoded filename over successive - filename*= parameters (for use when 2047 decode fails) */ -+/*XXX could grow a gstring here */ - - mime_fname_rfc2231 = string_sprintf("%#s%s", - mime_fname_rfc2231, q); -@@ -623,26 +624,32 @@ while(1) - /* look for a ' in the "filename" */ - while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ - -- if ((size = s-q) > 0) -- mime_filename_charset = string_copyn(q, size); -+ if (*s) /* there was a ' */ -+ { -+ if ((size = s-q) > 0) -+ mime_filename_charset = string_copyn(q, size); - -- if (*(p = s)) p++; -- while(*p == '\'') p++; /* p is after 2nd ' */ -+ if (*(fname = s)) fname++; -+ while(*fname == '\'') fname++; /* fname is after 2nd ' */ -+ } - } -- else -- p = q; - -- DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n", -- mime_filename_charset ? mime_filename_charset : US"<NULL>", p); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: charset %s fname '%s'\n", -+ mime_filename_charset ? mime_filename_charset : US"<NULL>", -+ fname); - -- temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen); -- DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string); -+ temp_string = rfc2231_to_2047(fname, mime_filename_charset, -+ &slen); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: 2047-name %s\n", temp_string); - - temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', -- NULL, &err_msg); -- DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string); -+ NULL, &err_msg); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: plain-name %s\n", temp_string); - -- if (!temp_string || (size = Ustrlen(temp_string)) == slen) -+ if (!temp_string || (size = Ustrlen(temp_string)) == slen) - decoding_failed = TRUE; - else - /* build up a decoded filename over successive -@@ -651,9 +658,9 @@ while(1) - mime_filename = mime_fname = mime_fname - ? string_sprintf("%s%s", mime_fname, temp_string) - : temp_string; -- } -- } -- } -+ } /*!decoding_failed*/ -+ } /*q*/ -+ } /*2231 filename*/ - - else - /* look for interesting parameters */ -@@ -682,7 +689,7 @@ while(1) - - - /* There is something, but not one of our interesting parameters. -- Advance past the next semicolon */ -+ Advance past the next semicolon */ - p = mime_next_semicolon(p); - if (*p) p++; - } /* param scan on line */ diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch deleted file mode 100644 index f33e33598379..000000000000 --- a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch +++ /dev/null @@ -1,247 +0,0 @@ -patch reduced to code only - -From: Jeremy Harris <[email protected]> -Date: Tue, 2 Jul 2024 13:41:19 +0000 (+0100) -Subject: MIME: support RFC 2331 for name=. Bug 3099 -X-Git-Tag: exim-4.98-RC3~1 -X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1b3209b0577a - -MIME: support RFC 2331 for name=. Bug 3099 ---- - -diff --git a/src/src/mime.c b/src/src/mime.c -index 5f9e1ade7..8044bb3fd 100644 ---- a/src/src/mime.c -+++ b/src/src/mime.c -@@ -30,10 +30,10 @@ static int mime_header_list_size = nelem(mime_header_list); - - static mime_parameter mime_parameter_list[] = { - /* name namelen value */ -- { US"name=", 5, &mime_filename }, -- { US"filename=", 9, &mime_filename }, -- { US"charset=", 8, &mime_charset }, -- { US"boundary=", 9, &mime_boundary } -+ { US"name", 4, &mime_filename }, -+ { US"filename", 8, &mime_filename }, -+ { US"charset", 7, &mime_charset }, -+ { US"boundary", 8, &mime_boundary } - }; - - -@@ -577,8 +577,8 @@ while(1) - if (*(p = q)) p++; /* jump past the ; */ - - { -- uschar * mime_fname = NULL; -- uschar * mime_fname_rfc2231 = NULL; -+ gstring * mime_fname = NULL; -+ gstring * mime_fname_rfc2231 = NULL; - uschar * mime_filename_charset = NULL; - BOOL decoding_failed = FALSE; - -@@ -590,90 +590,92 @@ while(1) - DEBUG(D_acl) - debug_printf_indent("MIME: considering paramlist '%s'\n", p); - -- if ( strncmpic(CUS"content-disposition:", header, 20) == 0 -- && strncmpic(CUS"filename*", p, 9) == 0 -- ) -- { /* RFC 2231 filename */ -- uschar * q; -- -- /* find value of the filename */ -- p += 9; -- while(*p != '=' && *p) p++; -- if (*p) p++; /* p is filename or NUL */ -- q = mime_param_val(&p); /* p now trailing ; or NUL */ -- -- if (q && *q) -+ /* look for interesting parameters */ -+ for (mime_parameter * mp = mime_parameter_list; -+ mp < mime_parameter_list + nelem(mime_parameter_list); -+ mp++ -+ ) if (strncmpic(mp->name, p, mp->namelen) == 0) -+ { -+ p += mp->namelen; -+ if (*p == '*') /* RFC 2231 */ - { -- uschar * temp_string, * err_msg, * fname = q; -- int slen; -- -- /* build up an un-decoded filename over successive -- filename*= parameters (for use when 2047 decode fails) */ --/*XXX could grow a gstring here */ -- -- mime_fname_rfc2231 = string_sprintf("%#s%s", -- mime_fname_rfc2231, q); -- -- if (!decoding_failed) -+ while (isdigit(*++p)) ; /* ignore cont-cnt values */ -+ if (*p == '*') p++; /* step over sep chset mark */ -+ if (*p == '=') - { -- int size; -- if (!mime_filename_charset) -+ uschar * q; -+ p++; /* step over = */ -+ q = mime_param_val(&p); /* p now trailing ; or NUL */ -+ -+ if (q && *q) /* q is the dequoted value */ - { -- uschar * s = q; -+ uschar * err_msg, * fname = q; -+ int slen; -+ -+ /* build up an un-decoded filename over successive -+ filename*= parameters (for use when 2047 decode fails) */ - -- /* look for a ' in the "filename" */ -- while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ -+ mime_fname_rfc2231 = string_cat(mime_fname_rfc2231, q); - -- if (*s) /* there was a ' */ -+ if (!decoding_failed) - { -- if ((size = s-q) > 0) -- mime_filename_charset = string_copyn(q, size); -- -- if (*(fname = s)) fname++; -- while(*fname == '\'') fname++; /* fname is after 2nd ' */ -- } -- } -- -- DEBUG(D_acl) -- debug_printf_indent("MIME: charset %s fname '%s'\n", -- mime_filename_charset ? mime_filename_charset : US"<NULL>", -- fname); -- -- temp_string = rfc2231_to_2047(fname, mime_filename_charset, -- &slen); -- DEBUG(D_acl) -- debug_printf_indent("MIME: 2047-name %s\n", temp_string); -- -- temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', -- NULL, &err_msg); -- DEBUG(D_acl) -- debug_printf_indent("MIME: plain-name %s\n", temp_string); -- -- if (!temp_string || (size = Ustrlen(temp_string)) == slen) -- decoding_failed = TRUE; -- else -- /* build up a decoded filename over successive -- filename*= parameters */ -- -- mime_filename = mime_fname = mime_fname -- ? string_sprintf("%s%s", mime_fname, temp_string) -- : temp_string; -- } /*!decoding_failed*/ -- } /*q*/ -- } /*2231 filename*/ -- -- else -- /* look for interesting parameters */ -- for (mime_parameter * mp = mime_parameter_list; -- mp < mime_parameter_list + nelem(mime_parameter_list); -- mp++ -- ) if (strncmpic(mp->name, p, mp->namelen) == 0) -- { -- uschar * q; -- uschar * dummy_errstr; -+ if (!mime_filename_charset) -+ { /* try for RFC 2231 chset/lang */ -+ uschar * s = q; -+ -+ /* look for a ' in the raw paramval */ -+ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ -+ -+ if (*s) /* there was a ' */ -+ { -+ int size; -+ if ((size = s-q) > 0) -+ mime_filename_charset = string_copyn(q, size); -+ -+ if (*(fname = s)) fname++; -+ while(*fname == '\'') fname++; /*fname is after 2nd '*/ -+ } -+ } -+ -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: charset %s fname '%s'\n", -+ mime_filename_charset ? mime_filename_charset : US"<NULL>", -+ fname); -+ -+ fname = rfc2231_to_2047(fname, mime_filename_charset, -+ &slen); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: 2047-name %s\n", fname); -+ -+ fname = rfc2047_decode(fname, FALSE, NULL, ' ', -+ NULL, &err_msg); -+ DEBUG(D_acl) debug_printf_indent( -+ "MIME: plain-name %s\n", fname); -+ -+ if (!fname || Ustrlen(fname) == slen) -+ decoding_failed = TRUE; -+ else if (mp->value == &mime_filename) -+ { -+ /* build up a decoded filename over successive -+ filename*= parameters */ -+ -+ mime_fname = string_cat(mime_fname, fname); -+ mime_filename = string_from_gstring(mime_fname); -+ } -+ } /*!decoding_failed*/ -+ } /*q*/ -+ -+ if (*p) p++; /* p is past ; */ -+ goto param_done; /* done matching param names */ -+ } /*2231 param coding extension*/ -+ } -+ else if (*p == '=') -+ { /* non-2231 param */ -+ uschar * q, * dummy_errstr; - - /* grab the value and copy to its expansion variable */ -- p += mp->namelen; -+ -+ if (*p) p++; /* step over = */ - q = mime_param_val(&p); /* p now trailing ; or NUL */ - - *mp->value = q && *q -@@ -684,26 +686,31 @@ while(1) - "MIME: found %s parameter in %s header, value '%s'\n", - mp->name, mh->name, *mp->value); - -- break; /* done matching param names */ -+ if (*p) p++; /* p is past ; */ -+ goto param_done; /* done matching param names */ - } -- -+ } /* interesting parameters */ - - /* There is something, but not one of our interesting parameters. - Advance past the next semicolon */ -+ - p = mime_next_semicolon(p); - if (*p) p++; -- } /* param scan on line */ -+ param_done: -+ } /* param scan on line */ - - if (strncmpic(CUS"content-disposition:", header, 20) == 0) - { -- if (decoding_failed) mime_filename = mime_fname_rfc2231; -+ if (decoding_failed) -+ mime_filename = string_from_gstring(mime_fname_rfc2231); - - DEBUG(D_acl) debug_printf_indent( - "MIME: found %s parameter in %s header, value is '%s'\n", - "filename", mh->name, mime_filename); - } - } -- } -+ break; -+ } /* interesting headers */ - - /* set additional flag variables (easier access) */ - if ( mime_content_type diff --git a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch b/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch deleted file mode 100644 index c9b52f2aebfe..000000000000 --- a/mail-mta/exim/files/exim-4.97.1-memory-usage-bug-3047.patch +++ /dev/null @@ -1,288 +0,0 @@ -From b4e7527561f1c68b821d5cf25efe29ae63d1d434 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <[email protected]> -Date: Thu, 25 Jan 2024 17:48:43 +0000 -Subject: [PATCH] Appendfile: release regex-match store every thousand files. - Bug 3047 - -From 35aacb69f5c839a4b77158464e401d86eb422ed6 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <[email protected]> -Date: Fri, 26 Jan 2024 21:58:59 +0000 -Subject: [PATCH] ACL: in "regex" condition, release store every thousand - lines. Bug 3047 - -From: Jeremy Harris <[email protected]> -Date: Sun, 11 Feb 2024 13:57:18 +0000 (+0000) -Subject: Use non-releaseable memory for regex match strings. Bug 3047 -Broken-by: 35aacb69f5c8 - -From 6fcb3173d64ef8a9d70f8adf19f134a0cd9cf6e8 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <[email protected]> -Date: Sun, 11 Feb 2024 15:04:58 +0000 -Subject: [PATCH] use dynamic mem for regex_match_string - -From a173a4376d168edbf3fe2494dff998c4060bf425 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <[email protected]> -Date: Tue, 13 Feb 2024 17:34:19 +0000 -Subject: [PATCH] Use non-releasable memory for regex line-buffer -Broken-by: 5aacb69f5c8 - -From 44b3172e369435c2c1baa4e9c837252f729d2905 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <[email protected]> -Date: Thu, 15 Feb 2024 19:56:40 +0000 -Subject: [PATCH] regex: avoid releasing built RE midloop - -diff --git a/src/src/exim.c b/src/src/exim.c ---- a/src/exim.c -+++ b/src/exim.c -@@ -49,6 +49,8 @@ optimize out the tail recursion and so not make them too expensive. */ - static void * - function_store_malloc(PCRE2_SIZE size, void * tag) - { -+if (size > INT_MAX) -+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "excessive memory alloc request"); - return store_malloc((int)size); - } - -@@ -63,12 +65,15 @@ if (block) store_free(block); - static void * - function_store_get(PCRE2_SIZE size, void * tag) - { -+if (size > INT_MAX) -+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "excessive memory alloc request"); - return store_get((int)size, GET_UNTAINTED); /* loses track of taint */ - } - - static void - function_store_nullfree(void * block, void * tag) - { -+/* We cannot free memory allocated using store_get() */ - } - - -diff --git a/src/src/transports/appendfile.c b/src/src/transports/appendfile.c ---- a/src/transports/appendfile.c -+++ b/src/transports/appendfile.c -@@ -661,13 +665,14 @@ Returns: the sum of the sizes of the stattable files - off_t - check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re) - { - DIR *dir; - off_t sum = 0; --int count = *countptr; -+int count = *countptr, lcount = REGEX_LOOPCOUNT_STORE_RESET; -+rmark reset_point = store_mark(); - - if (!(dir = exim_opendir(dirname))) return 0; - - for (struct dirent *ent; ent = readdir(dir); ) - { - uschar * path, * name = US ent->d_name; - struct stat statbuf; -@@ -675,6 +680,11 @@ for (struct dirent *ent; ent = readdir(dir); ) - if (Ustrcmp(name, ".") == 0 || Ustrcmp(name, "..") == 0) continue; - - count++; -+ if (--lcount == 0) -+ { -+ store_reset(reset_point); reset_point = store_mark(); -+ lcount = REGEX_LOOPCOUNT_STORE_RESET; -+ } - - /* If there's a regex, try to find the size using it */ - -@@ -726,6 +736,7 @@ DEBUG(D_transport) - debug_printf("check_dir_size: dir=%s sum=" OFF_T_FMT " count=%d\n", dirname, - sum, count); - -+store_reset(reset_point); - *countptr = count; - return sum; - } -diff --git a/src/src/macros.h b/src/src/macros.h ---- a/src/macros.h -+++ b/src/macros.h -@@ -1185,4 +1185,9 @@ typedef enum { - sw_mrc_tx_fail, /* transmit failed */ - } sw_mrc_t; - -+/* Recent versions of PCRE2 are allocating 20kB per match, rather than the previous 112 B. -+When doing en extended loop of matching, release store periodically. */ -+ -+#define REGEX_LOOPCOUNT_STORE_RESET 1000 -+ - /* End of macros.h */ -diff --git a/src/src/regex.c b/src/src/regex.c ---- a/src/regex.c -+++ b/src/regex.c -@@ -24,8 +24,6 @@ typedef struct pcre_list { - struct pcre_list * next; - } pcre_list; - --uschar regex_match_string_buffer[1024]; -- - extern FILE *mime_stream; - extern uschar *mime_current_boundary; - -@@ -31,12 +31,11 @@ extern uschar *mime_current_boundary; - - - static pcre_list * --compile(const uschar * list, BOOL cacheable) -+compile(const uschar * list, BOOL cacheable, int * cntp) - { --int sep = 0; -+int sep = 0, cnt = 0; - uschar * regex_string; --pcre_list * re_list_head = NULL; --pcre_list * ri; -+pcre_list * re_list_head = NULL, * ri; - - /* precompile our regexes */ - while ((regex_string = string_nextinlist(&list, &sep, NULL, 0))) -@@ -58,10 +57,19 @@ while ((regex_string = string_nextinlist(&list, &sep, NULL, 0))) - ri->pcre_text = regex_string; - ri->next = re_list_head; - re_list_head = ri; -+ cnt++; - } -+if (cntp) *cntp = cnt; - return re_list_head; - } - -+ -+/* Check list of REs against buffer, returning OK for (first) match, -+else FAIL. On match return allocated result strings in regex_vars[]. -+ -+We use the perm-pool for that, so that our caller can release -+other allocations. -+*/ - static int - matcher(pcre_list * re_list_head, uschar * linebuffer, int len) - { -@@ -75,9 +82,10 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next) - /* try matcher on the line */ - if ((n = pcre2_match(ri->re, (PCRE2_SPTR)linebuffer, len, 0, 0, md, pcre_gen_mtc_ctx)) > 0) - { -+ int save_pool = store_pool; -+ store_pool = POOL_PERM; -+ -- Ustrncpy(regex_match_string_buffer, ri->pcre_text, -- sizeof(regex_match_string_buffer)-1); -- regex_match_string = regex_match_string_buffer; -+ regex_match_string = string_copy(ri->pcre_text); - - for (int nn = 1; nn < n; nn++) - { -@@ -87,6 +97,7 @@ for (pcre_list * ri = re_list_head; ri; ri = ri->next) - regex_vars[nn-1] = string_copyn(linebuffer + ovec[off], len); - } - -+ store_pool = save_pool; - return OK; - } - } -@@ -110,9 +111,8 @@ FILE * mbox_file; - unsigned long mbox_size; - FILE * mbox_file; - pcre_list * re_list_head; --uschar * linebuffer; - long f_pos = 0; --int ret = FAIL; -+int ret = FAIL, cnt, lcount = REGEX_LOOPCOUNT_STORE_RESET; - - regex_vars_clear(); - -@@ -136,26 +138,32 @@ else - mbox_file = mime_stream; - } - --/* precompile our regexes */ --if (!(re_list_head = compile(*listptr, cacheable))) -- return FAIL; /* no regexes -> nothing to do */ -- --/* match each line against all regexes */ --linebuffer = store_get(32767, GET_TAINTED); --while (fgets(CS linebuffer, 32767, mbox_file)) -- { -- if ( mime_stream && mime_current_boundary /* check boundary */ -- && Ustrncmp(linebuffer, "--", 2) == 0 -- && Ustrncmp((linebuffer+2), mime_current_boundary, -- Ustrlen(mime_current_boundary)) == 0) -- break; /* found boundary */ -- -- if ((ret = matcher(re_list_head, linebuffer, (int)Ustrlen(linebuffer))) == OK) -- goto done; -+ /* precompile our regexes */ -+ if ((re_list_head = compile(*listptr, cacheable, &cnt))) -+ { -+ rmark reset_point = store_mark(); -+ -+ while (fgets(CS big_buffer, big_buffer_size, mbox_file)) -+ { -+ if ( mime_stream && mime_current_boundary /* check boundary */ -+ && Ustrncmp(big_buffer, "--", 2) == 0 -+ && Ustrncmp((big_buffer+2), mime_current_boundary, -+ Ustrlen(mime_current_boundary)) == 0) -+ break; /* found boundary */ -+ -+ if ((ret = matcher(re_list_head, big_buffer, (int)Ustrlen(big_buffer))) == OK) -+ break; -+ -+ if ((lcount -= cnt) <= 0) -+ { -+ store_reset(reset_point); reset_point = store_mark(); -+ lcount = REGEX_LOOPCOUNT_STORE_RESET; -+ } -+ } -+ -+ store_reset(reset_point); -+ } -- } --/* no matches ... */ - --done: - if (!mime_stream) - (void)fclose(mbox_file); - else -@@ -180,14 +190,11 @@ pcre_list * re_list_head = NULL; - FILE * f; - uschar * mime_subject = NULL; - int mime_subject_len = 0; --int ret; -+int ret = FAIL; -+rmark reset_point; - - regex_vars_clear(); - --/* precompile our regexes */ --if (!(re_list_head = compile(*listptr, cacheable))) -- return FAIL; /* no regexes -> nothing to do */ -- - /* check if the file is already decoded */ - if (!mime_decoded_filename) - { /* no, decode it first */ -@@ -210,12 +217,20 @@ if (!(f = fopen(CS mime_decoded_filename, "rb"))) - return DEFER; - } - --/* get 32k memory, tainted */ --mime_subject = store_get(32767, GET_TAINTED); -+reset_point = store_mark(); -+ { -+ /* precompile our regexes */ -+ if ((re_list_head = compile(*listptr, cacheable, NULL))) -+ { -+ /* get 32k memory, tainted */ -+ mime_subject = store_get(32767, GET_TAINTED); - --mime_subject_len = fread(mime_subject, 1, 32766, f); -+ mime_subject_len = fread(mime_subject, 1, 32766, f); - --ret = matcher(re_list_head, mime_subject, mime_subject_len); -+ ret = matcher(re_list_head, mime_subject, mime_subject_len); -+ } -+ } -+store_reset(reset_point); - (void)fclose(f); - return ret; - } diff --git a/mail-mta/exim/metadata.xml b/mail-mta/exim/metadata.xml index 536bdc48deb3..e34e0ec914ac 100644 --- a/mail-mta/exim/metadata.xml +++ b/mail-mta/exim/metadata.xml @@ -31,6 +31,7 @@ <flag name="dmarc">Adds support for DMARC</flag> <flag name="dsn">Adds support for Delivery Status Notifications (DSN)</flag> + <flag name="gsasl">Adds support for GNU SASL authentiction</flag> <flag name="lmtp">Adds support for lmtp</flag> <flag name="mbx">Adds support for UW's mbx format</flag> <flag name="spf">Adds support for Sender Policy Framework</flag>
