diff options
Diffstat (limited to 'mail-mta/exim')
-rw-r--r-- | mail-mta/exim/Manifest | 12 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.96-r4.ebuild | 2 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.96.2-r1.ebuild (renamed from mail-mta/exim/exim-4.94.2-r7.ebuild) | 162 | ||||
-rw-r--r-- | mail-mta/exim/exim-4.97-r2.ebuild (renamed from mail-mta/exim/exim-4.97-r1.ebuild) | 5 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.94-localscan_dlopen.patch | 269 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch | 265 | ||||
-rw-r--r-- | mail-mta/exim/metadata.xml | 6 |
7 files changed, 372 insertions, 349 deletions
diff --git a/mail-mta/exim/Manifest b/mail-mta/exim/Manifest index 579c6128e608..f1102d41896e 100644 --- a/mail-mta/exim/Manifest +++ b/mail-mta/exim/Manifest @@ -5,10 +5,10 @@ AUX exim-4.74-radius-db-ENV-clash.patch 667 BLAKE2B 3cc03dd925333774c08484efbb5d AUX exim-4.76-crosscompile.patch 462 BLAKE2B de78322f93760cef0d5a768b8be6c723f00d5c7557da6189ffa6ee34215c41ebe8896a2457b2e6a704d05a1730eab09c8cc73e3ba3140954f9ac32423210b612 SHA512 d4fd4417c1ce727f139999c399795312cdbbb9735d0793d68f8e3150240bc53b31277cb26f9946ba549b34c661fc0a61147d376bda09aa6763cab55d80d62343 AUX exim-4.80-spool-mail-group.patch 946 BLAKE2B a3b6783b77823c5a8373623d16b85e2ba209b419b6724f307c46bf961bc5195690453208cdd40e45bc36e5a070892414c7737a97fa04e653e78050c153c59079 SHA512 24f30e9a9d90dc0f1fe8b3db26f8bc2649182b4e78110dc28a9c0f3a3feb7589f923144a4f1c54a1c46ff8cfe40826a1f2212787753be752f4d15a72d54a143b AUX exim-4.93-as-needed-ldflags.patch 6013 BLAKE2B 2de473f089a36cabd5481020524dcb2efb7a5681b224608a8454aebc70e07f7776fe812f02fa5d81fb80b25bc2cc154924953d173d65664b1e576176a01191b9 SHA512 df6c18a7d092d9069dd6d4177154681197de86ab41dbd399055ad663cbd0c7da149f8bbcb7c888965851475ee2cf891dc934f1d5ad7a4ea3dc46a54ece582418 -AUX exim-4.94-localscan_dlopen.patch 9595 BLAKE2B c48eaaf486585890dc4028beaca7a39d5b1d965323468c4c317d099ccf0e2e983e9366cb923e0b34546a66ac718ee15e8f682a65cdcd771de8164f76b86c0aa2 SHA512 bd7872473ad1ab9eca41757ca6ee7dd8628bddfa145191aea6a5ac4b62b0e4e3539803cf75fcb22b8bfdcca33a7d2f71ff58ca1862f456960e6b7e4d262ba6ef AUX exim-4.94-maildir.patch 316 BLAKE2B fe0b27712e77eba83244434c33372cec47fa317026d159de7a0ac37f2563999a6470df2dc203c1fcda8e7074c949133a0311c2b94c4b48bbc46d64c7c486202c SHA512 13863226883f79dcc781fe8eb3b50ad3c5511af130cf6e41ce40e8543d46832668bd7d746a2cc67842748cdf26144bef4aece49397d3168819215eac93ca1e6e AUX exim-4.94-opendmarc-1.4.patch 506 BLAKE2B d8ba66e1165dffb9ba367b997d69090fa8b31aa6ce3cb17d6ade4bd3b3dabf2a2d93223106eeb7f39754397eb17979e66d52de8dc2d524de9019c9598cd89af6 SHA512 6145f07c0b5b4234160fd3480329759a06500b658643523f32bcfa9158258a9b708095725f2e56d5538567f888c5e0e954c4ac51c8f2d16921dc4950241cd2fc AUX exim-4.95-localscan_dlopen.patch 7621 BLAKE2B 6df3c1acb585dc87759e056f7bb44e50219812c3ca41364fff77942cc2d6f7452d8f4c158f17295bc586eeacc8048e24f767bab0464d300a7cb7d357c63bedd9 SHA512 1cf52ac9637a753ff7257c274bc09591a8c761fc6599cbb2cceb213272573c371dbc5db6b028c2f745989013c21af54c45facf5f2bf5c87742e299c12a9b8a1b +AUX exim-4.97-CVE-2023-51766.patch 7723 BLAKE2B e1d542e54b32dec25a85280460f60a8315150be7ca67ea748f04be0d5b173f6c46e0a58c5a98254056188760315c0d5592a404d62544e5727e58aa5f894f275e SHA512 fc5b64f6a6ef848764d5c10589cfda99b1dc984d6f2e57730a747cc34f40f6e10d5edb197a121475251266c3e0c8f40cc6fed0988f4461a8a73393fd3d047e59 AUX exim-4.97-as-needed-ldflags.patch 6032 BLAKE2B ba3e78e49435581eba3fa238c4e660acf9e4bc91c47110f6932675eb0c33568c03ee00a91cef6de93f5acb4611ad6ac1bf465a90f4bc055ac2528d77b588822c SHA512 b7f1e84e3c788d1a9c56339c5dc7eb14eff39b8efaf90d32fd66ddd589f60d4bfab5f36cae51cb84646c1f0b0f7523e56d6a898116b72dc108e89f33d8919333 AUX exim-4.97-localscan_dlopen.patch 6429 BLAKE2B 166c44c93730ef4a0cecd9c8cc556ce2c53dcc21d85b2cb7663fc01d445eab3ecba20f3525b1206238e2b6508a58fe79c72ad86c1722b7c4e1164a6bf9534d6d SHA512 f1d29829f4d7159227476bed377a01a4db6d9aad021bda476d9c1ad1dc4fe7a621260a9e1e4ff9b2686c46575a553a96af7f75f625cb99a5941aa4562f01646a AUX exim-4.97-no-exim_id_update.patch 402 BLAKE2B 0c2f7ec1fe995f8ee58c6907e149367082c5ce837d1508b9e61f10681825fdcc78a52316184629aa6a80021fbfa21aa0ee90eee6b8fae5a1b05efb77337dd2c5 SHA512 07c062f042176b108444b9a163a309b3186fc19f2953dbb7ad066874189417684b0934fe1300933d04231cc59eeeacfb22ad42b0f328212585908c2e9eae5a8b @@ -20,18 +20,16 @@ AUX exim.rc10 1135 BLAKE2B abc7247ee8171069f30f954d9e4275fa85f09f5488a372f9c4f7f AUX exim.service 229 BLAKE2B 6d6396ef98b8e7c4fcfa28e24223bd58393387abedfb960284dfd1a297d1612deea6b77e2affeca8c5ff6f7db3eb32717893ed0dc1eaf3525e6969520e8589a3 SHA512 a071e9fb74b5fc2fdf0c73ad64ddfbc3954d8f7095d6a363dacf8c75d72a479fbf6821822ec5c8f3846d7687342e1bd447b97f91ca7b0582e5c98008aac30cca AUX exim.socket 139 BLAKE2B bb8281a98fdac1b52031d5250fd1e658bf5a2c32e24b49ed0daa857d0d32285abf6db23c3d717992c43443ab4bcd97a19ec3811f182200a2d99a48ced6cfb6bc SHA512 db621116907ceb573e6f34581f47c91f751bff593054d7ddc32397b34c7f2405bec184bdb0589d2ac457fa3a61bcba072761e3a6293a99c9c764d2d9fd6069ae AUX exim_at.service 140 BLAKE2B 8624f4a555e2acdc7aaf917952c4152ad00dc063a51076aefa1d023d47d5f7fe8b268f3308734f363ed9628cd8551ccac7fc369657e0fdf65507d2e6419f704c SHA512 11c8133ee15b3e5193c9b1c59aed66c81b6e045dd23310bede9fcde6c88905db5ef08afdb798b53b75a7465915ea1247e980edf95db07a7f9b7bb58ce95fbb5a -DIST exim-4.94.2.tar.xz 1838076 BLAKE2B 684e115a7af3efdab15451f8e11f9b53455c9166d8c078216d7a95223d77569cec8a882ed99b9180acbd8a9e747a0bca03d56993d011de15dc35143a989ab046 SHA512 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc DIST exim-4.96-gentoo-patches-r0.tar.xz 13308 BLAKE2B e01cd8b90593329d858cced27bea9da4860e80500c0b0b3f86418931a77616ac1e4a532cfffc551de5844bfcbcd115c1591b28577c234beb551458dc0877e764 SHA512 0a8d7b5903c8cd7c2cc07e4ea3ed62200ee0116fe0b5513ec97ba7f3ab1dd5cd0dc181eb93c3c1c7f767be7df3546ac07b622a8f4352eb883323c3a005a1c7db DIST exim-4.96.2.tar.xz 1879896 BLAKE2B f172340e5f896dc1996e4e3cf46515c2336c47d3390524ca91cb9ef7258a62b83426592de582aa792584cbeaace519b4edea5e62b3ebeb8e5f599379255e04a5 SHA512 dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed DIST exim-4.96.tar.xz 1879152 BLAKE2B 4b424f2ebc661bd0db35d7f6da86300c6d5cb5b9a52cddd24fdd452daa76c84e471d4f8f278cf951d1503b01fd46fc3e6858d6feded09f34253d2cf2ae99b45a SHA512 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e DIST exim-4.97.tar.xz 1909536 BLAKE2B b0f09d5f162853996976c222786de14e2104acdf01fd61da486f59f4cf8af1182cdfb7ea31fd55ccfd9c57256e7f442dc1b46727e08fe2eca82a296ac4ae7899 SHA512 b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968 -DIST exim-pdf-4.94.2.tar.xz 2092248 BLAKE2B 973ab4f117fdb58afa017bc41b4496fac1277e707a9926d67317c455b0bd617021c17cba6c8d793d8962aacef12c0790d5add7174017512b7b1ea070f8e8533d SHA512 3a661f69d81a992798d4b7e5b7def7cfffa297a7b3c02a6631be426cefff5a6e8783fa322a1bd105d01f7b06968d01e77963e6ab7be3157f63eb62eb6ff172b0 DIST exim-pdf-4.96.2.tar.xz 2132268 BLAKE2B 9104d42d742e7152d166b6158a6f060d0a29143b11e5064ecda177ead59ac66a9bb6ab3575e5bcaf7af5b49964d29b841285e67184592a8b64bab6099f4c8ac9 SHA512 c35eea4ab5510bba50d22813b28c9d2f5e4e2fed76993693b997f2090024dde674d58dffe044cb64642bf57b83fcae3bfc3dbcae43288fae11692ee49374df74 DIST exim-pdf-4.96.tar.xz 2137468 BLAKE2B 7f61767f91864c43a3b7b6ca36ec7f41da6ad7029687a38cfa9307c444c2ffbd3eb61d45645ffd20ec16ba64a37e1ff08c02e7e4e36499c7783679af9a399081 SHA512 05e94579631656330d95d237c58bc9fd52229a067c5846e7c3409b4c83040c9216819bcb0090673d9991fd59e2c2025340592b31b241b557c6775782106854d1 DIST exim-pdf-4.97.tar.xz 2136852 BLAKE2B df188e658e9e86d1b651d12b29e8a440677d75cc0384bab829323582a3a89b62f34e504b759ef2824b7735056696aed6ac33a4ca10a74fc5bc036f150caaac12 SHA512 defd1e7d823f4eadd2afe426d9105a395421824a1b1941b97bfda408905bdd105b5c219b713e15506d25d98fa48e965228f8daab286dc1be14a387f567c0b58b DIST system_filter.exim.gz 3075 BLAKE2B d05e872b5cef377d29126cda03fc0a74c8777b2119b76ff43da6e8de808035eb9bfcb034a85d81824f135d484e864bfc0629fc1af2c228a7277d5ee7cf9cde79 SHA512 cb358d3ce2499a0bb5920d962a06f2af8486e55ec90c8c928bd8e3aefb279aa57f5f960d5adfcef68bd94110b405eaa144e9629cfe6014a529c79c544600bbf3 -EBUILD exim-4.94.2-r7.ebuild 14776 BLAKE2B a0fb91597d669703f7c97874ff0989c90f6989d836bb12c2a24be64efecde184149374a7319495117d94a0fa75d6d94b612a63306dff3d17fb7f717ab97d5d6f SHA512 c9ff4091c66c7b3d60e17f95a542bc870edae5111e2690fae9f507081a6f9903a7dc587e9705c6adbad01fc9badad69f58ba8c24add3fc01a1e223387ebd6078 -EBUILD exim-4.96-r4.ebuild 16589 BLAKE2B dd4a8fafb95891d3a4ec779360cc0603b27d365a3bceed9ec977371c30b953f7fec8d3e132dda1d4da9611374082447d233cdbadc3e6f8cf01576465e459262f SHA512 64eda6530c502540669fc7934db59e16939cf44c90974a84d5c7fa5e5e1bc61b1b10d69c4d07351fc4f3966c3473fa8813e5c35feaa48999eb183ad26e4a0f0c +EBUILD exim-4.96-r4.ebuild 16535 BLAKE2B a88defab588c1cecdd1aadac7e8e18f45432ee32573ca8990c34881668fbb48344cb658a7b5c261e08a86fee2355c6e17a7c48235bd394a6c8f9ff4844d93bc7 SHA512 d62a1ea6ef9f623239464de735060b7427f54f0af10d46791260df844d910e4451a0957cacae22155ee6f3a073f5ef8a69bba710c1cdefe4dcf11082470e0601 +EBUILD exim-4.96.2-r1.ebuild 16669 BLAKE2B d4ff8e4fcaf41e90b477c336156f4f2cfaea1b091790816b809aa0d1df884f4634e898f28300bb9c14b48e4d029cfc68071b0c1daa72f55432a288ec557e4155 SHA512 0e028a4abac5e5869676d543190cb2e9d2a151aa50ee8bb8d07e2b642c06c8a30bc1d9017fdb98a83ffea7d1cd846e8b0bdc71135e446ba8d377457e001b67bf EBUILD exim-4.96.2.ebuild 16601 BLAKE2B 155c746de2ca0ba5a9dcf5da82d29ccca43ac41622deef127accd09f2fd296ea214cc745cc3bb620b9790b320476baed5ba438a8d3915e0c8c91cee33d26f9e5 SHA512 a716435140e193eb1a9fcea37b976475c11ea9f46cf483a3ff54b46e2aada4f4e72cb0c35d1b35ce48dd77e481701c4f7ad24e43328d28f591c6e257263f5a2a -EBUILD exim-4.97-r1.ebuild 15359 BLAKE2B d1e7b0c9a8d387a1e5564a05c1d72a4acdbe5b836f867cb98c9cde8cf24ac89cb9c2ccbb11b46a307486f8c724d929092aaa7649a31dc2cc711ee4069539dfdf SHA512 efce57763ea6b6aee956d7a975417943088f8a3fa0213094ee8a49a5782ade81bded74f57cb26b42e245f1106c33d05f404d9ce6e5e483065d02e268189f3eb0 -MISC metadata.xml 2759 BLAKE2B 4f5d0d9fbd244b0836de4bd0d3b84f45376628a12e019c89e49e6dbd7128c19f16281fdfb401d852f57f27f547184351000382cc7333a524f7be280e0799d8d8 SHA512 85a2eaef07eb68d51a1307c6d76bef6620e7311ffda593750ebee5fe84affac2e026c971818500004c0ab9722a8e84c8eb0394fb66bb2ba6cd3465cf7e1f1a73 +EBUILD exim-4.97-r2.ebuild 15267 BLAKE2B fd990f3dd11266bc969c0f25f038ff991b871baa3b41e356043cfb949a9110cd72df57e116a231dae6c9bd4e875469d8c0972ce8b1990c41715beeb75d2af2cd SHA512 2a345958acbdb3f0434f157199d864c9b833647168468110fba80efe1edec26b26bd17b56d628644df95d8bb5c00a4e6edd17ba97d97474a16f54ab7f3ea6ca0 +MISC metadata.xml 2488 BLAKE2B 2b6eee3c45210da4bb79ed1a01801cabbdf2be353652602b60cb7c512426197eb14defb2382dd71bcbf0101685a8e5d2f58d52fbee402894f2d86e51329d2165 SHA512 1b3f9fe9cbff738595101b32179f5c8230b5afefcce5266e06db97a3a07a73ad842f0a8be44f421a71e120cdff11e262ba1893f1c7117a0a4c42cf5f37a44d7b diff --git a/mail-mta/exim/exim-4.96-r4.ebuild b/mail-mta/exim/exim-4.96-r4.ebuild index 503519b18ac5..c3bb1a1d477e 100644 --- a/mail-mta/exim/exim-4.96-r4.ebuild +++ b/mail-mta/exim/exim-4.96-r4.ebuild @@ -42,7 +42,7 @@ HOMEPAGE="https://www.exim.org/" SLOT="0" LICENSE="GPL-2" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~ppc ppc64 ~sparc x86" +KEYWORDS="x86" COMMON_DEPEND=">=sys-apps/sed-4.0.5 dev-libs/libpcre2:= diff --git a/mail-mta/exim/exim-4.94.2-r7.ebuild b/mail-mta/exim/exim-4.96.2-r1.ebuild index 8f5367aecfb8..f31266dbaa83 100644 --- a/mail-mta/exim/exim-4.94.2-r7.ebuild +++ b/mail-mta/exim/exim-4.96.2-r1.ebuild @@ -1,11 +1,14 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" inherit db-use toolchain-funcs pam systemd -IUSE="arc +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl dsn exiscan-acl gnutls idn ipv6 ldap lmtp maildir mbx mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux spf sqlite srs +srs-alt srs-native +ssl syslog tcpd +tpda X" +IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl +dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx +mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux +socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" REQUIRED_USE=" arc? ( dkim spf ) dane? ( ssl !gnutls ) @@ -13,11 +16,7 @@ REQUIRED_USE=" dkim? ( ssl !gnutls ) gnutls? ( ssl ) pkcs11? ( ssl ) - spf? ( exiscan-acl ) - srs? ( - exiscan-acl - ^^ ( srs-alt srs-native ) - ) + || ( berkdb gdbm tdb ) " # NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked # for x86 and amd64 only, due to this, repoman won't allow depending on @@ -26,24 +25,30 @@ REQUIRED_USE=" # have left is to a) ignore the dependency (but that results in bug # #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are # incorrect, but b) is the only "correct" view from repoman. +# We cannot express a required use for berkdb/gdbm/tdb correctly because +# berkdb and gdbm are both enabled in base profile SDIR=$([[ ${PV} == *_rc* ]] && echo /test [[ ${PV} == *.*.*.* ]] && echo /fixes) COMM_URI="https://downloads.exim.org/exim4${SDIR}" +GPV="r0" DESCRIPTION="A highly configurable, drop-in replacement for sendmail" SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz + https://dev.gentoo.org/~grobian/distfiles/${PN}-4.96-gentoo-patches-${GPV}.tar.xz mirror://gentoo/system_filter.exim.gz doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" HOMEPAGE="https://www.exim.org/" SLOT="0" LICENSE="GPL-2" -KEYWORDS="sparc" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" COMMON_DEPEND=">=sys-apps/sed-4.0.5 - ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) - dev-libs/libpcre + dev-libs/libpcre2:= + tdb? ( sys-libs/tdb:= ) + !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) + !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) idn? ( net-dns/libidn:= net-dns/libidn2:= ) perl? ( dev-lang/perl:= ) pam? ( sys-libs/pam ) @@ -58,8 +63,9 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5 ) ) ldap? ( >=net-nds/openldap-2.0.7:= ) - nis? ( - elibc_glibc? ( + elibc_glibc? ( + net-libs/libnsl:= + nis? ( net-libs/libtirpc:= >=net-libs/libnsl-1:= ) @@ -70,7 +76,6 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5 redis? ( dev-libs/hiredis:= ) spf? ( >=mail-filter/libspf2-1.2.5-r1 ) dmarc? ( mail-filter/opendmarc:= ) - srs? ( srs-alt? ( mail-filter/libsrs_alt ) ) X? ( x11-libs/libX11 x11-libs/libXmu @@ -81,7 +86,6 @@ COMMON_DEPEND=">=sys-apps/sed-4.0.5 radius? ( net-dialup/freeradius-client ) virtual/libcrypt:= virtual/libiconv - elibc_glibc? ( net-libs/libnsl ) " # added X check for #57206 BDEPEND="virtual/pkgconfig" @@ -111,13 +115,37 @@ src_prepare() { eapply "${FILESDIR}"/exim-4.93-as-needed-ldflags.patch # 352265, 391279 eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 eapply "${FILESDIR}"/exim-4.69-r1.27021.patch - eapply "${FILESDIR}"/exim-4.94-localscan_dlopen.patch + eapply "${FILESDIR}"/exim-4.95-localscan_dlopen.patch + eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063 + + # Upstream post-release fixes :( + local GPVDIR=${WORKDIR}/${PN}-4.96-gentoo-patches-${GPV} + eapply "${GPVDIR}"/exim-4.96-rewrite-malformed-addr-fix.patch # upstr + eapply "${GPVDIR}"/exim-4.96-spf-memory-error-fix.patch # upstr + eapply "${GPVDIR}"/exim-4.96-regex-use-after-free.patch # upstr + eapply -p2 "${GPVDIR}"/exim-4.96-dmarc_use_after_free.patch # upstr + eapply "${GPVDIR}"/exim-4.96-deamon-startup-fix.patch # upstr + eapply "${GPVDIR}"/exim-4.96-openssl-verify-ocsp.patch # upstr + eapply "${GPVDIR}"/exim-4.96-openssl-double-expansion.patch # upstr + eapply "${GPVDIR}"/exim-4.96-recursion-dns_again.patch # upstr + eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-setting.patch # upstr + eapply "${GPVDIR}"/exim-4.96-openssl-tls_eccurve-lt-3.patch # upstr + eapply "${GPVDIR}"/exim-4.96-openssl-bad-alpn.patch # upstr + eapply "${GPVDIR}"/exim-4.96-dane-dns_again.patch # upstr + eapply "${GPVDIR}"/exim-4.96-expansion-crash.patch # upstr + eapply "${GPVDIR}"/exim-4.96-transport-crash.patch # upstr + + # oddity, they disable berkdb as hack, and then throw an error when + # berkdb isn't enabled + sed -i \ + -e 's/_DB_/_DONTMESS_/' \ + -e 's/define DB void/define DONTMESS void/' \ + src/auths/call_radius.c || die - # for this reason we have a := dep on opendmarc, they changed their - # API in a minor release - if use dmarc && has_version ">=mail-filter/opendmarc-1.4" ; then - eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch - fi + # API changed from 1.3 to 1.4, upstream doesn't think 1.4 should be + # used, but 1.3 has a CVE and Gentoo (like most downstreams) only + # has 1.4 available + eapply "${FILESDIR}"/exim-4.94-opendmarc-1.4.patch if use maildir ; then eapply "${FILESDIR}"/exim-4.94-maildir.patch @@ -167,8 +195,40 @@ src_configure() { PID_FILE_PATH=${EPREFIX}/run/exim.pid SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim HAVE_ICONV=yes + WITH_CONTENT_SCAN=yes EOC + # configure db implementation, Exim always needs one for its hints + # database, we prefer tdb and gdbm, since bdb is kind of getting + # less and less support + if use tdb ; then + cat >> Makefile <<- EOC + USE_TDB=yes + DBMLIB = -ltdb + EOC + sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die + sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die + elif use gdbm ; then + cat >> Makefile <<- EOC + USE_GDBM=yes + DBMLIB = -lgdbm + EOC + sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die + sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die + else # must be berkdb via required_use + # use the "native" interfaces to the DBM and CDB libraries, support + # passwd and directory lookups by default + local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" + cat >> Makefile <<- EOC + USE_DB=yes + # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h + CFLAGS += -I$(db_includedir ${DB_VERS}) + DBMLIB = -l$(db_libname ${DB_VERS}) + EOC + sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die + sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die + fi + # if we use libiconv, now is the time to tell so if use !elibc_glibc && use !elibc_musl ; then cat >> Makefile <<- EOC @@ -217,18 +277,13 @@ src_configure() { # # lookup methods + # - # use the "native" interfaces to the DBM and CDB libraries, support - # passwd and directory lookups by default - local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" + # support passwd and directory lookups by default cat >> Makefile <<- EOC - USE_DB=yes LOOKUP_CDB=yes LOOKUP_PASSWD=yes LOOKUP_DSEARCH=yes - # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h - CFLAGS += -I$(db_includedir ${DB_VERS}) - DBMLIB = -l$(db_libname ${DB_VERS}) EOC if ! use dnsdb; then @@ -301,13 +356,6 @@ src_configure() { # features # - # content scanning support - if use exiscan-acl; then - cat >> Makefile <<- EOC - WITH_CONTENT_SCAN=yes - EOC - fi - # DomainKeys Identified Mail, RFC4871 if ! use dkim; then # DKIM is enabled by default @@ -400,6 +448,13 @@ src_configure() { EOC fi + # SOCKS5 (outbound) proxy support + if use socks5; then + cat >> Makefile <<- EOC + SUPPORT_SOCKS=yes + EOC + fi + # DANE if use !dane; then # DANE is enabled by default @@ -438,23 +493,11 @@ src_configure() { # Sender Rewriting Scheme if use srs; then - # NOTE: we currently USE-default to srs-alt, because this is - # what USE=srs used to be. Eventually we want to rid ourselves - # of this external implementation. - if use srs-alt; then - # historical default, from 4.95 this becomes - # EXPERIMENTAL_SRS_ALT - cat >> Makefile <<- EOC - EXPERIMENTAL_SRS=yes - EXTRALIBS_EXIM += -lsrs_alt - EOC - fi - if use srs-native; then - # this one becomes SUPPORT_SRS in 4.95 - cat >> Makefile <<- EOC - EXPERIMENTAL_SRS_NATIVE=yes - EOC - fi + # this one is the default/supported variant since 4.95, and the + # only variant available since 4.96 + cat >> Makefile <<- EOC + SUPPORT_SRS=yes + EOC fi # Delivery Sender Notifications extra information in fail message @@ -545,9 +588,6 @@ src_install() { # conf files insinto /etc/exim newins "${S}"/src/configure.default exim.conf.dist - if use exiscan-acl; then - newins "${S}"/src/configure.default exim.conf.exiscan-acl - fi doins "${WORKDIR}"/system_filter.exim doins "${FILESDIR}"/auth_conf.sub @@ -590,6 +630,9 @@ pkg_postinst() { einfo "Please create ${EROOT}/etc/exim/exim.conf from" einfo " ${EROOT}/etc/exim/exim.conf.dist." fi + if use berkdb && ( use gdbm || use tdb ) ; then + ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" + fi if use dmarc ; then einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" einfo "you can populate this file with the contents downloaded from" @@ -600,14 +643,9 @@ pkg_postinst() { einfo "documentation at the bottom of this prerelease message:" einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" fi - if use srs ; then - einfo "SRS support is experimental in this release of Exim" - if use srs-alt; then - elog "You are using libsrs_alt to implement SRS support." - elog "In future release of Exim, the native SRS implementation" - elog "(USE=srs-native) will become the default. Please prepare" - elog "your package.use or switch to USE=srs-native now." - fi + if use srs; then + einfo "SRS support using libsrs_alt was dropped in this" + einfo "release of Exim, you are now using the native SRS implementation" fi use dsn && einfo "extra information in fail DSN message is experimental" einfo diff --git a/mail-mta/exim/exim-4.97-r1.ebuild b/mail-mta/exim/exim-4.97-r2.ebuild index 3dbed307e7e4..ada81a9a2399 100644 --- a/mail-mta/exim/exim-4.97-r1.ebuild +++ b/mail-mta/exim/exim-4.97-r2.ebuild @@ -116,6 +116,7 @@ src_prepare() { eapply "${FILESDIR}"/exim-4.69-r1.27021.patch eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch + eapply -p2 "${FILESDIR}"/exim-4.97-CVE-2023-51766.patch # 3063 # oddity, they disable berkdb as hack, and then throw an error when # berkdb isn't enabled @@ -621,10 +622,6 @@ pkg_postinst() { einfo "documentation at the bottom of this prerelease message:" einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" fi - if use srs; then - einfo "SRS support using libsrs_alt was dropped in this" - einfo "release of Exim, you are now using the native SRS implementation" - fi use dsn && einfo "extra information in fail DSN message is experimental" einfo elog "Note that this release contains a tainted variable check that" diff --git a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch b/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch deleted file mode 100644 index 68ff48ac2a33..000000000000 --- a/mail-mta/exim/files/exim-4.94-localscan_dlopen.patch +++ /dev/null @@ -1,269 +0,0 @@ -diff -ur exim-4.92.orig/src/config.h.defaults exim-4.92/src/config.h.defaults ---- exim-4.92.orig/src/config.h.defaults 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/config.h.defaults 2019-02-16 18:17:24.547216157 +0100 -@@ -32,6 +32,8 @@ - - #define AUTH_VARS 3 - -+#define DLOPEN_LOCAL_SCAN -+ - #define BIN_DIRECTORY - - #define CONFIGURE_FILE -Only in exim-4.92/src: config.h.defaults.orig -diff -ur exim-4.92.orig/src/EDITME exim-4.92/src/EDITME ---- exim-4.92.orig/src/EDITME 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/EDITME 2019-02-16 18:17:24.547216157 +0100 -@@ -824,6 +824,24 @@ - - - #------------------------------------------------------------------------------ -+# On systems which support dynamic loading of shared libraries, Exim can -+# load a local_scan function specified in its config file instead of having -+# to be recompiled with the desired local_scan function. For a full -+# description of the API to this function, see the Exim specification. -+ -+#DLOPEN_LOCAL_SCAN=yes -+ -+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the -+# linker flags. Without it, the loaded .so won't be able to access any -+# functions from exim. -+ -+LFLAGS = -rdynamic -+ifeq ($(OSTYPE),Linux) -+LFLAGS += -ldl -+endif -+ -+ -+#------------------------------------------------------------------------------ - # The default distribution of Exim contains only the plain text form of the - # documentation. Other forms are available separately. If you want to install - # the documentation in "info" format, first fetch the Texinfo documentation -Only in exim-4.92/src: EDITME.orig -diff -ur exim-4.92.orig/src/globals.c exim-4.92/src/globals.c ---- exim-4.92.orig/src/globals.c 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/globals.c 2019-02-16 18:17:24.549216150 +0100 -@@ -41,6 +41,10 @@ - - uschar *no_aliases = NULL; - -+#ifdef DLOPEN_LOCAL_SCAN -+uschar *local_scan_path = NULL; -+#endif -+ - - /* For comments on these variables, see globals.h. I'm too idle to - duplicate them here... */ -Only in exim-4.92/src: globals.c.orig -diff -ur exim-4.92.orig/src/globals.h exim-4.92/src/globals.h ---- exim-4.92.orig/src/globals.h 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/globals.h 2019-02-16 18:17:24.549216150 +0100 -@@ -152,6 +152,9 @@ - extern int (*receive_ferror)(void); - extern BOOL (*receive_smtp_buffered)(void); - -+#ifdef DLOPEN_LOCAL_SCAN -+extern uschar *local_scan_path; /* Path to local_scan() library */ -+#endif - - /* For clearing, saving, restoring address expansion variables. We have to have - the size of this vector set explicitly, because it is referenced from more than -Only in exim-4.92/src: globals.h.orig -diff -ur exim-4.92.orig/src/local_scan.c exim-4.92/src/local_scan.c ---- exim-4.92.orig/src/local_scan.c 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/local_scan.c 2019-02-16 18:29:56.832732592 +0100 -@@ -5,61 +5,133 @@ - /* Copyright (c) University of Cambridge 1995 - 2009 */ - /* See the file NOTICE for conditions of use and distribution. */ - -+#include "local_scan.h" - --/****************************************************************************** --This file contains a template local_scan() function that just returns ACCEPT. --If you want to implement your own version, you should copy this file to, say --Local/local_scan.c, and edit the copy. To use your version instead of the --default, you must set -- --HAVE_LOCAL_SCAN=yes --LOCAL_SCAN_SOURCE=Local/local_scan.c -- --in your Local/Makefile. This makes it easy to copy your version for use with --subsequent Exim releases. -- --For a full description of the API to this function, see the Exim specification. --******************************************************************************/ -- -- --/* This is the only Exim header that you should include. The effect of --including any other Exim header is not defined, and may change from release to --release. Use only the documented interface! */ -- --#include "local_scan.h" -- -- --/* This is a "do-nothing" version of a local_scan() function. The arguments --are: -- -- fd The file descriptor of the open -D file, which contains the -- body of the message. The file is open for reading and -- writing, but modifying it is dangerous and not recommended. -- -- return_text A pointer to an unsigned char* variable which you can set in -- order to return a text string. It is initialized to NULL. -- --The return values of this function are: -- -- LOCAL_SCAN_ACCEPT -- The message is to be accepted. The return_text argument is -- saved in $local_scan_data. -- -- LOCAL_SCAN_REJECT -- The message is to be rejected. The returned text is used -- in the rejection message. -- -- LOCAL_SCAN_TEMPREJECT -- This specifies a temporary rejection. The returned text -- is used in the rejection message. --*/ -+#ifdef DLOPEN_LOCAL_SCAN -+#include <stdlib.h> -+#include <dlfcn.h> -+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; -+static int load_local_scan_library(void); -+extern uschar *local_scan_path; /* Path to local_scan() library */ -+#endif - - int - local_scan(int fd, uschar **return_text) - { - fd = fd; /* Keep picky compilers happy */ - return_text = return_text; --return LOCAL_SCAN_ACCEPT; -+#ifdef DLOPEN_LOCAL_SCAN -+/* local_scan_path is defined AND not the empty string */ -+if (local_scan_path && *local_scan_path) -+ { -+ if (!local_scan_fn) -+ { -+ if (!load_local_scan_library()) -+ { -+ char *base_msg , *error_msg , *final_msg ; -+ int final_length = -1 ; -+ -+ base_msg=US"Local configuration error - local_scan() library failure\n"; -+ error_msg = dlerror() ; -+ -+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ; -+ final_msg = (char*)malloc( final_length*sizeof(char) ) ; -+ *final_msg = '\0' ; -+ -+ strcat( final_msg , base_msg ) ; -+ strcat( final_msg , error_msg ) ; -+ -+ *return_text = final_msg ; -+ return LOCAL_SCAN_TEMPREJECT; -+ } -+ } -+ return local_scan_fn(fd, return_text); -+ } -+else -+#endif -+ return LOCAL_SCAN_ACCEPT; -+} -+ -+#ifdef DLOPEN_LOCAL_SCAN -+ -+static int load_local_scan_library(void) -+{ -+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */ -+void *local_scan_lib = NULL; -+int (*local_scan_version_fn)(void); -+int vers_maj; -+int vers_min; -+ -+local_scan_lib = dlopen(local_scan_path, RTLD_NOW); -+if (!local_scan_lib) -+ { -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - " -+ "message temporarily rejected"); -+ return FALSE; -+ } -+ -+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major"); -+if (!local_scan_version_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan_version_major() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+/* The major number is increased when the ABI is changed in a non -+ backward compatible way. */ -+vers_maj = local_scan_version_fn(); -+ -+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor"); -+if (!local_scan_version_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan_version_minor() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+/* The minor number is increased each time a new feature is added (in a -+ way that doesn't break backward compatibility) -- Marc */ -+vers_min = local_scan_version_fn(); -+ -+ -+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR) -+ { -+ dlclose(local_scan_lib); -+ local_scan_lib = NULL; -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major" -+ "version number, you need to recompile your module for this version" -+ "of exim (The module was compiled for version %d.%d and this exim provides" -+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, -+ LOCAL_SCAN_ABI_VERSION_MINOR); -+ return FALSE; -+ } -+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR) -+ { -+ dlclose(local_scan_lib); -+ local_scan_lib = NULL; -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor" -+ "version number, you need to recompile your module for this version" -+ "of exim (The module was compiled for version %d.%d and this exim provides" -+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, -+ LOCAL_SCAN_ABI_VERSION_MINOR); -+ return FALSE; -+ } -+ -+local_scan_fn = dlsym(local_scan_lib, "local_scan"); -+if (!local_scan_fn) -+ { -+ dlclose(local_scan_lib); -+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " -+ "local_scan() function - message temporarily rejected"); -+ return FALSE; -+ } -+ -+return TRUE; - } - -+#endif /* DLOPEN_LOCAL_SCAN */ -+ - /* End of local_scan.c */ -diff -ur exim-4.92.orig/src/readconf.c exim-4.92/src/readconf.c ---- exim-4.92.orig/src/readconf.c 2019-01-30 14:59:52.000000000 +0100 -+++ exim-4.92/src/readconf.c 2019-02-16 18:18:46.013947455 +0100 -@@ -205,6 +205,9 @@ - { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, - { "local_from_suffix", opt_stringptr, {&local_from_suffix} }, - { "local_interfaces", opt_stringptr, {&local_interfaces} }, -+#ifdef DLOPEN_LOCAL_SCAN -+ { "local_scan_path", opt_stringptr, {&local_scan_path} }, -+#endif - #ifdef HAVE_LOCAL_SCAN - { "local_scan_timeout", opt_time, {&local_scan_timeout} }, - #endif diff --git a/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch new file mode 100644 index 000000000000..7eed4eb1855f --- /dev/null +++ b/mail-mta/exim/files/exim-4.97-CVE-2023-51766.patch @@ -0,0 +1,265 @@ +https://nvd.nist.gov/vuln/detail/CVE-2023-51766 + + +From cf1376206284f2a4f11e32d931d4aade34c206c5 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Fri, 22 Dec 2023 23:57:05 +0000 +Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063 + +From 5bb786d5ad568a88d50d15452aacc8404047e5ca Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Sat, 23 Dec 2023 17:42:57 +0000 +Subject: [PATCH] Reject "dot, LF" as ending data phase (pt. 2). Bug 3063 + +reduced to source changes only for Gentoo + + + +diff --git a/src/src/receive.c b/src/src/receive.c +index e35400aec..c6f612832 100644 +--- a/src/src/receive.c ++++ b/src/src/receive.c +@@ -836,93 +842,101 @@ + */ + + static int +-read_message_data_smtp(FILE *fout) ++read_message_data_smtp(FILE * fout, BOOL strict_crlf) + { +-int ch_state = 0; +-int ch; +-int linelength = 0; ++enum { s_linestart, s_normal, s_had_cr, s_had_nl_dot, s_had_dot_cr } ch_state = ++ s_linestart; ++int linelength = 0, ch; + + while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) + { + if (ch == 0) body_zerocount++; + switch (ch_state) + { +- case 0: /* After LF or CRLF */ +- if (ch == '.') +- { +- ch_state = 3; +- continue; /* Don't ever write . after LF */ +- } +- ch_state = 1; ++ case s_linestart: /* After LF or CRLF */ ++ if (ch == '.') ++ { ++ ch_state = s_had_nl_dot; ++ continue; /* Don't ever write . after LF */ ++ } ++ ch_state = s_normal; + +- /* Else fall through to handle as normal uschar. */ ++ /* Else fall through to handle as normal uschar. */ + +- case 1: /* Normal state */ +- if (ch == '\n') +- { +- ch_state = 0; +- body_linecount++; ++ case s_normal: /* Normal state */ ++ if (ch == '\r') ++ { ++ ch_state = s_had_cr; ++ continue; /* Don't write the CR */ ++ } ++ if (ch == '\n') /* Bare LF at end of line */ ++ if (strict_crlf) ++ ch = ' '; /* replace LF with space */ ++ else ++ { /* treat as line ending */ ++ ch_state = s_linestart; ++ body_linecount++; ++ if (linelength > max_received_linelength) ++ max_received_linelength = linelength; ++ linelength = -1; ++ } ++ break; ++ ++ case s_had_cr: /* After (unwritten) CR */ ++ body_linecount++; /* Any char ends line */ + if (linelength > max_received_linelength) +- max_received_linelength = linelength; ++ max_received_linelength = linelength; + linelength = -1; +- } +- else if (ch == '\r') +- { +- ch_state = 2; +- continue; +- } +- break; ++ if (ch == '\n') /* proper CRLF */ ++ ch_state = s_linestart; ++ else ++ { ++ message_size++; /* convert the dropped CR to a stored NL */ ++ if (fout && fputc('\n', fout) == EOF) return END_WERROR; ++ cutthrough_data_put_nl(); ++ if (ch == '\r') /* CR; do not write */ ++ continue; ++ ch_state = s_normal; /* not LF or CR; process as standard */ ++ } ++ break; + +- case 2: /* After (unwritten) CR */ +- body_linecount++; +- if (linelength > max_received_linelength) +- max_received_linelength = linelength; +- linelength = -1; +- if (ch == '\n') +- { +- ch_state = 0; +- } +- else +- { +- message_size++; +- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR; +- cutthrough_data_put_nl(); +- if (ch != '\r') ch_state = 1; else continue; +- } +- break; ++ case s_had_nl_dot: /* After [CR] LF . */ ++ if (ch == '\n') /* [CR] LF . LF */ ++ if (strict_crlf) ++ ch = ' '; /* replace LF with space */ ++ else ++ return END_DOT; ++ else if (ch == '\r') /* [CR] LF . CR */ ++ { ++ ch_state = s_had_dot_cr; ++ continue; /* Don't write the CR */ ++ } ++ /* The dot was removed on reaching s_had_nl_dot. For a doubled dot, here, ++ reinstate it to cutthrough. The current ch, dot or not, is passed both to ++ cutthrough and to file below. */ ++ else if (ch == '.') ++ { ++ uschar c = ch; ++ cutthrough_data_puts(&c, 1); ++ } ++ ch_state = s_normal; ++ break; + +- case 3: /* After [CR] LF . */ +- if (ch == '\n') +- return END_DOT; +- if (ch == '\r') +- { +- ch_state = 4; +- continue; +- } +- /* The dot was removed at state 3. For a doubled dot, here, reinstate +- it to cutthrough. The current ch, dot or not, is passed both to cutthrough +- and to file below. */ +- if (ch == '.') +- { +- uschar c= ch; +- cutthrough_data_puts(&c, 1); +- } +- ch_state = 1; +- break; ++ case s_had_dot_cr: /* After [CR] LF . CR */ ++ if (ch == '\n') ++ return END_DOT; /* Preferred termination */ + +- case 4: /* After [CR] LF . CR */ +- if (ch == '\n') return END_DOT; +- message_size++; +- body_linecount++; +- if (fout != NULL && fputc('\n', fout) == EOF) return END_WERROR; +- cutthrough_data_put_nl(); +- if (ch == '\r') +- { +- ch_state = 2; +- continue; +- } +- ch_state = 1; +- break; ++ message_size++; /* convert the dropped CR to a stored NL */ ++ body_linecount++; ++ if (fout && fputc('\n', fout) == EOF) return END_WERROR; ++ cutthrough_data_put_nl(); ++ if (ch == '\r') ++ { ++ ch_state = s_had_cr; ++ continue; /* CR; do not write */ ++ } ++ ch_state = s_normal; ++ break; + } + + /* Add the character to the spool file, unless skipping; then loop for the +@@ -1140,7 +1152,7 @@ receive_swallow_smtp(void) + { + if (message_ended >= END_NOTENDED) + message_ended = chunking_state <= CHUNKING_OFFERED +- ? read_message_data_smtp(NULL) ++ ? read_message_data_smtp(NULL, FALSE) + : read_message_bdat_smtp_wire(NULL); + } + +@@ -1960,8 +1960,10 @@ for (;;) + + if (ch == '\n') + { +- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = FALSE; +- else if (first_line_ended_crlf) receive_ungetc(' '); ++ if (first_line_ended_crlf == TRUE_UNSET) ++ first_line_ended_crlf = FALSE; ++ else if (first_line_ended_crlf) ++ receive_ungetc(' '); + goto EOL; + } + +@@ -1977,7 +1980,11 @@ for (;;) + if (f.dot_ends && ptr == 0 && ch == '.') + { + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); +- if (ch == '\r') ++ if (ch == '\n' && first_line_ended_crlf == TRUE /* and not TRUE_UNSET */ ) ++ /* dot, LF but we are in CRLF mode. Attack? */ ++ ch = ' '; /* replace the LF with a space */ ++ ++ else if (ch == '\r') + { + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); + if (ch != '\n') +@@ -2013,7 +2020,8 @@ for (;;) + ch = (receive_getc)(GETC_BUFFER_UNLIMITED); + if (ch == '\n') + { +- if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE; ++ if (first_line_ended_crlf == TRUE_UNSET) ++ first_line_ended_crlf = TRUE; + goto EOL; + } + +@@ -3241,7 +3253,7 @@ if (!ferror(spool_data_file) && !(receive_feof)() && message_ended != END_DOT) + if (smtp_input) + { + message_ended = chunking_state <= CHUNKING_OFFERED +- ? read_message_data_smtp(spool_data_file) ++ ? read_message_data_smtp(spool_data_file, first_line_ended_crlf) + : spool_wireformat + ? read_message_bdat_smtp_wire(spool_data_file) + : read_message_bdat_smtp(spool_data_file); +diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c +index e19c86ff8..aeaffeb37 100644 +--- a/src/src/smtp_in.c ++++ b/src/src/smtp_in.c +@@ -5112,7 +5112,10 @@ while (done <= 0) + to get the DATA command sent. */ + + if (!acl_smtp_predata && cutthrough.cctx.sock < 0) ++ { ++ if (!check_sync()) goto SYNC_FAILURE; + rc = OK; ++ } + else + { + uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept"; diff --git a/mail-mta/exim/metadata.xml b/mail-mta/exim/metadata.xml index d74398a75cc0..536bdc48deb3 100644 --- a/mail-mta/exim/metadata.xml +++ b/mail-mta/exim/metadata.xml @@ -31,16 +31,10 @@ <flag name="dmarc">Adds support for DMARC</flag> <flag name="dsn">Adds support for Delivery Status Notifications (DSN)</flag> - <flag name="exiscan-acl">Patch providing support for content - scanning</flag> <flag name="lmtp">Adds support for lmtp</flag> <flag name="mbx">Adds support for UW's mbx format</flag> <flag name="spf">Adds support for Sender Policy Framework</flag> <flag name="srs">Adds support for Sender Rewriting Scheme</flag> - <flag name="srs-alt">Use <pkg>mail-filter/libsrs_alt</pkg> to - implement SRS support</flag> - <flag name="srs-native">Use Exim's built-in SRS support to - implement SRS support</flag> <flag name="proxy">Add support for being behind a proxy, such as HAProxy</flag> <flag name="pkcs11">Require pkcs11 support in <pkg>net-libs/gnutls</pkg> with USE=gnutls</flag> <flag name="redis">Adds support for querying <pkg>dev-db/redis</pkg></flag> |