packages/mail/exim/patches/100-localscan_dlopen.patch

306 lines
10 KiB
Diff
Raw Normal View History

Description: Allow one to use and switch between different local_scan functions
without recompiling exim.
http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from
David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc
MERLIN for SA-Exim and minor/major API version tracking
Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN
Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/
Forwarded: https://bugs.exim.org/show_bug.cgi?id=2671
Last-Update: 2021-07-28
--- a/src/EDITME
+++ b/src/EDITME
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -873,6 +873,21 @@ HEADERS_CHARSET="ISO-8859-1"
#------------------------------------------------------------------------------
+# On systems which support dynamic loading of shared libraries, Exim can
+# load a local_scan function specified in its config file instead of having
+# to be recompiled with the desired local_scan function. For a full
+# description of the API to this function, see the Exim specification.
+
+DLOPEN_LOCAL_SCAN=yes
+
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
+# linker flags. Without it, the loaded .so won't be able to access any
+# functions from exim.
+
+LDFLAGS += -rdynamic
+CFLAGS += -fvisibility=hidden
+
+#------------------------------------------------------------------------------
# The default distribution of Exim contains only the plain text form of the
# documentation. Other forms are available separately. If you want to install
# the documentation in "info" format, first fetch the Texinfo documentation
--- a/src/config.h.defaults
+++ b/src/config.h.defaults
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'def
#define AUTH_VARS 4
+#define DLOPEN_LOCAL_SCAN
+
#define BIN_DIRECTORY
#define CONFIGURE_FILE
--- a/src/globals.c
+++ b/src/globals.c
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -117,6 +117,10 @@ int dsn_ret = 0;
const pcre2_code *regex_DSN = NULL;
uschar *dsn_advertise_hosts = NULL;
+#ifdef DLOPEN_LOCAL_SCAN
+uschar *local_scan_path = NULL;
+#endif
+
#ifndef DISABLE_TLS
BOOL gnutls_compat_mode = FALSE;
BOOL gnutls_allow_auto_pkcs11 = FALSE;
--- a/src/globals.h
+++ b/src/globals.h
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -155,6 +155,9 @@ extern int dsn_ret; /
extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */
extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path; /* Path to local_scan() library */
+#endif
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. */
--- a/src/local_scan.c
+++ b/src/local_scan.c
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -7,58 +7,133 @@
/* See the file NOTICE for conditions of use and distribution. */
-/******************************************************************************
-This file contains a template local_scan() function that just returns ACCEPT.
-If you want to implement your own version, you should copy this file to, say
-Local/local_scan.c, and edit the copy. To use your version instead of the
-default, you must set
-
-HAVE_LOCAL_SCAN=yes
-LOCAL_SCAN_SOURCE=Local/local_scan.c
-
-in your Local/Makefile. This makes it easy to copy your version for use with
-subsequent Exim releases.
-
-For a full description of the API to this function, see the Exim specification.
-******************************************************************************/
-
-
/* This is the only Exim header that you should include. The effect of
including any other Exim header is not defined, and may change from release to
release. Use only the documented interface! */
#include "local_scan.h"
-
-/* This is a "do-nothing" version of a local_scan() function. The arguments
-are:
-
- fd The file descriptor of the open -D file, which contains the
- body of the message. The file is open for reading and
- writing, but modifying it is dangerous and not recommended.
-
- return_text A pointer to an unsigned char* variable which you can set in
- order to return a text string. It is initialized to NULL.
-
-The return values of this function are:
-
- LOCAL_SCAN_ACCEPT
- The message is to be accepted. The return_text argument is
- saved in $local_scan_data.
-
- LOCAL_SCAN_REJECT
- The message is to be rejected. The returned text is used
- in the rejection message.
-
- LOCAL_SCAN_TEMPREJECT
- This specifies a temporary rejection. The returned text
- is used in the rejection message.
-*/
+#ifdef DLOPEN_LOCAL_SCAN
+#include <dlfcn.h>
+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
+static int load_local_scan_library(void);
+#endif
int
local_scan(int fd, uschar **return_text)
{
-return LOCAL_SCAN_ACCEPT;
+
+#ifdef DLOPEN_LOCAL_SCAN
+/* local_scan_path is defined AND not the empty string */
+if (local_scan_path && *local_scan_path)
+ {
+ if (!local_scan_fn)
+ {
+ if (!load_local_scan_library())
+ {
+ char *base_msg , *error_msg , *final_msg ;
+ int final_length = -1 ;
+
+ base_msg=US"Local configuration error - local_scan() library failure\n";
+ error_msg = dlerror() ;
+
+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
+ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
+ *final_msg = '\0' ;
+
+ strcat( final_msg , base_msg ) ;
+ strcat( final_msg , error_msg ) ;
+
+ *return_text = final_msg ;
+ return LOCAL_SCAN_TEMPREJECT;
+ }
+ }
+ return local_scan_fn(fd, return_text);
+ }
+else
+#endif
+ return LOCAL_SCAN_ACCEPT;
+}
+
+#ifdef DLOPEN_LOCAL_SCAN
+
+static int load_local_scan_library(void)
+{
+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
+void *local_scan_lib = NULL;
+int (*local_scan_version_fn)(void);
+int vers_maj;
+int vers_min;
+
+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
+if (!local_scan_lib)
+ {
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
+ "message temporarily rejected");
+ return FALSE;
+ }
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
+if (!local_scan_version_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan_version_major() function - message temporarily rejected");
+ return FALSE;
+ }
+
+/* The major number is increased when the ABI is changed in a non
+ backward compatible way. */
+vers_maj = local_scan_version_fn();
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
+if (!local_scan_version_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan_version_minor() function - message temporarily rejected");
+ return FALSE;
+ }
+
+/* The minor number is increased each time a new feature is added (in a
+ way that doesn't break backward compatibility) -- Marc */
+vers_min = local_scan_version_fn();
+
+
+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
+ {
+ dlclose(local_scan_lib);
+ local_scan_lib = NULL;
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
+ "version number, you need to recompile your module for this version"
+ "of exim (The module was compiled for version %d.%d and this exim provides"
+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+ LOCAL_SCAN_ABI_VERSION_MINOR);
+ return FALSE;
+ }
+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
+ {
+ dlclose(local_scan_lib);
+ local_scan_lib = NULL;
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
+ "version number, you need to recompile your module for this version"
+ "of exim (The module was compiled for version %d.%d and this exim provides"
+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+ LOCAL_SCAN_ABI_VERSION_MINOR);
+ return FALSE;
+ }
+
+local_scan_fn = dlsym(local_scan_lib, "local_scan");
+if (!local_scan_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan() function - message temporarily rejected");
+ return FALSE;
+ }
+return TRUE;
}
+#endif /* DLOPEN_LOCAL_SCAN */
+
/* End of local_scan.c */
--- a/src/local_scan.h
+++ b/src/local_scan.h
@@ -27,6 +27,7 @@ settings, and the store functions. */
#include <stdarg.h>
#include <sys/types.h>
+#pragma GCC visibility push(default)
#include "config.h"
#include "mytypes.h"
#include "store.h"
@@ -166,6 +167,9 @@ extern header_line *header_list; /
extern BOOL host_checking; /* Set when checking a host */
extern uschar *interface_address; /* Interface for incoming call */
extern int interface_port; /* Port number for incoming call */
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path;
+#endif
extern uschar *message_id; /* Internal id of message being handled */
extern uschar *received_protocol; /* Name of incoming protocol */
extern int recipients_count; /* Number of recipients */
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -236,4 +240,6 @@ extern pid_t child_open_exim2_functio
extern pid_t child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *);
#endif
+#pragma GCC visibility pop
+
/* End of local_scan.h */
--- a/src/readconf.c
+++ b/src/readconf.c
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -212,6 +212,9 @@ static optionlist optionlist_config[] =
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
+#ifdef DLOPEN_LOCAL_SCAN
+ { "local_scan_path", opt_stringptr, &local_scan_path },
+#endif
#ifdef HAVE_LOCAL_SCAN
{ "local_scan_timeout", opt_time, {&local_scan_timeout} },
#endif
--- a/src/string.c
+++ b/src/string.c
@@ -418,6 +418,7 @@ return ss;
#if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
&& !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
+#pragma GCC visibility push(default)
/*************************************************
* Copy and save string *
*************************************************/
exim: update to version 4.96 Exim version 4.96 ----------------- JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders. JH/02 Move from using the pcre library to pcre2. The former is no longer being developed or supported (by the original developer). JH/03 Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for sendfile() didi not account for the way the ClamAV driver code called it. JH/05 Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. JH/06 Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. JH/07 Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. JH/08 Remove stripping of the binaries from the FreeBSD build. This was added in 4.61 without a reason logged. Binaries will be bigger, which might matter on diskspace-constrained systems, but debug is easier. JH/09 Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. JH/10 Convert all uses of select() to poll(). FreeBSD 12.2 was found to be handing out large-numbered file descriptors, violating the usual Unix assumption (and required by Posix) that the lowest possible number will be allocated by the kernel when a new one is needed. In the daemon, and any child procesees, values higher than 1024 (being bigger than FD_SETSIZE) are not useable for FD_SET() [and hence select()] and overwrite the stack. Assorted crashes happen. JH/11 Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. Found by Wakko Warner. JH/12 Bug 2838: Fix for i32lp64 hard-align platforms. Found for SPARC Linux, though only once PCRE2 was introduced: the memory accounting used under debug offset allocations by an int, giving a hard trap in early startup. Change to using a size_t. Debug and fix by John Paul Adrian Glaubitz. JH/13 Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. The write-protection of configuration introduced in 4.95 trapped when normalisation was applied to an option not needing expansion action. JH/14 Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. JH/15 Fix a resource leak in *BSD. An off-by-one error resulted in the daemon failing to close the certificates directory, every hour or any time it was touched. JH/16 Debugging initiated by an ACL control now continues through into routing and transport processes. Previously debugging stopped any time Exim re-execs, or for processing a queued message. JH/17 The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. 4.88 to 4.95 are affected. JH/19 Support for Berkeley DB versions 1 and 2 is withdrawn. JH/20 When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. Previously, if a directory path was given, for example via the autoreply "once" option, the DB file.pag and file.dir files would be created in that directory's parent. JH/21 Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. These were previously deprecated. JH/22 Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously the call into OpenSSL to send a TLS Close was being repeated; this resulted in the library waiting for the peer's Close. If that was never sent we waited forever. Fix by tracking send calls. JH/24 The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. The old ordering can be obtained by appending a new option "preexpand", after a comma, to the "run". JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. JH/26 Fix CHUNKING on a continued-transport. Previously the usabliility of the the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. JH/27 Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. Previously any use of the local address in the EHLO name disabled PIPECONNECT, the common case being to use the rDNS of it. JH/28 OpenSSL: fix transport-required OCSP stapling verification under session resumption. Previously verify failed because no certificate status is passed on the wire for the restarted session. Fix by using the recorded ocsp status of the stored session for the new connection. JH/29 TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. Previously only the server IP was used. JH/30 Fix string_copyn() for limit greater than actual string length. Previously the copied amount was the limit, which could result in a overlapping memcpy for newly allocated destination soon after a source string shorter than the limit. Found/investigated by KM. JH/31 Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. This caused a SEGV on primary-MX defer. Found/investigated by Gedalya & Andreas. JH/32 Fix CHUNKING for a second message on a connection when the first was rejected. Previously we did not reset the chunking-offered state, and erroneously rejected the BDAT command. Investigation help from Jesse Hathaway. JH/33 Fis ${srs_encode ...} to handle an empty sender address, now returning an empty address. Previously the expansion returned an error. HS/01 Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. Previously these were misparsed, leading to paniclog entries. Also contains commit 51be321b27 "Fix PAM auth. Bug 2813" addressing CVE-2022-37451. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f2763b95afc57b88dc9d494b3fbf3841ba38a314)
2022-09-07 17:24:22 +00:00
@@ -463,6 +464,7 @@ string_copyn_function(const uschar * s,
{
return string_copyn(s, n);
}
+#pragma GCC visibility pop
#endif