* use username/group 'exim' instead of mail
* register configuration file
* make sure /usr/lib/exim/lookups exists
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ship default configuration /etc/exim/exim.conf as well as
a simple procd init script. Enable building with LMTP for better
integration with dovecot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use configure --with-mailpath=/var/mail instead of letting it guess the
value base on the host path. If configure can't find it, the package
will fail to build. The path was taken from the current bot build.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
ChangeLog:
- IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as script
name argument.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Add Exim MTA variants:
* exim
plain variant without any TLS library which hence comes
without TLS, DANE and DKIM.
* exim-openssl
linked against libopenssl
* exim-gnutls
linked against libgnutls
* exim-ldap
linked against libopenssl, libopenldap and libsasl2
Provide packages for lookup modules
* cdb
* dbmdb
* dnsdb
* json (depends on jansson)
* mysql (depends on libmariadb)
* passwd
* pgsql (depends on libpq)
* redis (depends on libhiredis)
* sqlite (depends on libsqlite3)
Note:
As gnutls requires libunbound which depends on libopenssl to provide
libgnutls-dane, disable DANE by default when building with gnutls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Pass TARGET_[C/LD]FLAGS to reduce filesize.
Fix glibc compilation by adding lresolv.
Remove uClibc-ng patch as that's now gone.
Refreshed other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Refreshed patches and removed upstreamed ones.
Switched main URL and removed others. None of them have the proper
file. The first actually has a bad one. The changed URL is from the
official website.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This fixes an error in the previous package when building against recent
OpenWrt releases:
In file included from /builder/shared-workdir/build/sdk/staging_dir/target-x86_64_musl/usr/include/dovecot/lib.h:50,
from ext-variables-common.c:4:
ext-variables-common.c: In function 'ext_variables_load':
ext-variables-common.c:91:14: error: expected ')' before 'PRIuSIZE_T'
"(>= %"PRIuSIZE_T" bytes)",
Signed-off-by: W. Michael Petullo <mike@flyn.org>
The package Makefile contains a PKG_BUILD_DEPENDS=libiconv
line, which apart from being incorrect if libiconv-full is
specified in the build configuration, is also unnecessary,
since the package Makefile already includes nls.mk which
sets PKG_BUILD_DEPENDS appropriately.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
This version of mailman will cease to function once Python 2 is removed
from the feed. There does not appear to be any interest in updating this
package to a current version that uses Python 3.
This package will be added to the abandoned packages feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Switch to standard tarballs. Remove autoreconf as a result.
Simplify NLS and IPv6 handling. Removed options are default.
Remove upstreamed patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
I am upstream for msmtp-scripts and have decided to abandon the project. Therefore
remove msmtp-scripts from OpenWrt -- there is already msmtp-queue which is 'good enough'
for the use cases where msmtp-scripts had any relevance.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
tinycdb now installs a shared lib alongside the static archive. postfix
will use the shared lib, hence this commit updates the dependency.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Remove uClibc++ reference. This requires C++11 features not provided by
uClibc++.
Added size optimizations as this package is huge.
Cleaned up Makefile for consistency between packages.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
There is a wrinkle in terms of sending mail immediately when using
msmtpq-ng-mta instead of a typical mail server. We document that
in the package description.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
If the spool or lock dir exist before msmtp's initscript runs we
need to modify the permisions to be appropriate instead of just
bailing, otherwise non-root can't send mail.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
On OpenWrt nc (netcat) connectivity test makes more sense than
ping because a) for non-root users ping is not permitted, and
b) nc is a default binary included with OpenWrt.
We do, however, have to change the upstream default from using
`nc -vz` to `printf "<http head request>"|nc` (with openwrt
nc if text is sent then nc closes after a response and fails
if no connection is made; the response is already thrown away
(to /dev/null) by the existing code).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
- Add dovenull user, otherwise, dovecot doesn't start
- Build docs to have configuration files for dovecot
- Remove init script as conffile
- Move build options from Makefile to Config.in
- Install section to be more readable
- Refresh patches
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The project has been revived upstream and a user has convinced me
there is a valid use case for this package in openwrt, so remove
deprecation notice, adjust links to upstream (it's moved) and
update to latest version. Sync behavior with that expected upstream.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Use the PROVIDES mechanism so that msmtp and msmtp-nossl can be be
+depended-on and avoid generating a file level conflict. Also use
alternatives for msmtp-mta and msmtpq-ng-mta with msmtp-mta since
we can only have one sendmail at a time.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
res_nsend and res_send are both not available in uClibc-ng as configured
in OpenWrt. Having this function return an error is the only sensible way
to fix.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
