pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/mail



Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Nov 16 08:55:38 UTC 2023

Modified Files:
        pkgsrc/mail/exim: Makefile PLIST distinfo
        pkgsrc/mail/exim-html: Makefile distinfo

Log Message:
exim exim-html: updated to 4.97

Exim version 4.97
-----------------

JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
      SMTP connection" log lines.

JH/02 Option default value updates:
        - queue_fast_ramp (main)        true (was false)
        - remote_max_parallel (main)    4 (was 2)

JH/03 Cache static regex pattern compilations, for use by ACLs.

JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

JH/05 Follow symlinks for placing a watch on TLS creds files.  This means
      (under Linux) we watch the dir containing the final file; previously
      it would be the dir with the first symlink.  We still do not monitor
      the entire path.

JH/06 Check for bad chars in rDNS for sender_host_name.  The OpenBSD (at least)
      dn_expand() is happy to pass them through.

JH/07 OpenSSL Fix auto-reload of changed server OCSP proof.  Previously, if
      the file with the proof had an unchanged name, the new proof(s) were
      loaded on top of the old ones (and nover used; the old ones were stapled).

JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
      more than one message arrived in a single connection a reference from
      the earlier message could be re-used.  Often a sigsegv resulted.
      These variables were introduced in Exim 4.87.
      Debug help from Graeme Fowler.

JH/09 Fix ${filter } for conditions that modify $value.  Previously the
      modified version would be used in construction the result, and a memory
      error would occur.

JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
      Find and fix by Jasen Betts.

JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
      than TLSv1,2,  Previously, more-recent versions of OpenSSL were permitting
      the systemwide configuration to override the Exim config.

HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
      API changes in libopendmarc.

JH/12 Bug 2930: Fix daemon startup.  When started from any process apart from
      pid 1, in the normal "background daemon" mode, having to drop process-
      group leadership also lost track of needing to create listener sockets.

JH/13 Bug 2929: Fix using $recipients after ${run...}.  A change made for 4.96
      resulted in the variable appearing empty.  Find and fix by Ruben Jenster.

JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
      a capture group which obtained no text (eg. "(abc)*" matching zero
      occurrences) could cause a segfault if the corresponding $<n> was
      expanded.

JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
      included a close-brace character (eg. it itself used an expansion) an
      error occurred.

JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
      starting TLS.  Previously it was after, meaning that attackers on such
      ports had to be screened using the host_reject_connection main config
      option. The new sequence aligns better with the STARTTLS behaviour, and
      permits defences against crypto-processing load attacks, even though it
      is strictly an incompatible change.
      Also, avoid sending any SMTP fail response for either the connect ACL
      or host_reject_connection, for TLS-on-connect ports.

JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
      Previously this was not permitted, but it makes reasonable sense.
      While there, restore a restriction on using it from a connect ACL; given
      the change JH/16 it could only return false (and before 4.91 was not
      permitted).

JH/18 Fix a fencepost error in logging.  Previously (since 4.92) when a log line
      was exactly sized compared to the log buffer, a crash occurred with the
      misleading message "bad memory reference; pool not found".
      Found and traced by Jasen Betts.

JH/19 Bug 2911: Fix a recursion in DNS lookups.  Previously, if the main option
      dns_again_means_nonexist included an element causing a DNS lookup which
      itself returned DNS_AGAIN, unbounded recursion occurred.  Possible results
      included (though probably not limited to) a process crash from stack
      memory limit, or from excessive open files.  Replace this with a paniclog
      whine (as this is likely a configuration error), and returning
      DNS_NOMATCH.

JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group.  Previously
      this always failed, probably leading to the usual downgrade to in-clear
      connections.

JH/21 Fix TLSA lookups.  Previously dns_again_means_nonexist would affect
      SERVFAIL results, which breaks the downgrade resistance of DANE.  Change
      to not checking that list for these lookups.

JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
      closure log lines.

JH/23 Fix crash in string expansions. Previously, if an empty variable was
      immediately followed by an expansion operator, a null-indirection read
      was done, killing the process.

JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
      include an SMTP response string which is longer than that supported
      by the delivering transport.  Alleviate by wrapping such lines before
      column 80.

JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
      chars (RFC limit).  Previously a limit of 12 items was made, which with
      a not-impossible References: in the message being bounced could still
      be over-large and get stopped in the transport.

JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
      close.  Previously a bare socket close was done.

JH/27 Fix ${srs_encode ..}.  Previously it would give a bad result for one day
      every 1024 days.

JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
      message being considered for delivery was already being handled by
      another process, and having an SMTP connection already open, the function
      to close it tried to use an uninitialized variable.  This would afftect
      high-volume sites more, especially when running mailing-list-style loads.
      Pollution of logs was the major effect, as the other process delivered
      the message.  Found and partly investigated by Graeme Fowler.

JH/29 Change format of the internal ID used for message identification. The old
      version only supported 31 bits for a PID element; the new 64 (on systems
      which can use Base-62 encoding, which is all currently supported ones
      but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
      and must use Base-36).  The new ID is 23 characters rather than 16, and is
      visible in various places - notably logs, message headers, and spool file
      names.  Various of the ancillary utilities also have to know the format.
        As well as the expanded PID portion, the sub-second part of the time
      recorded in the ID is expanded to support finer precision.  Theoretically
      this permits a receive rate from a single comms channel of better than the
      previous 2000/sec.
        The major timestamp part of the ID is not changed; at 6 characters it is
      usable until about year 3700.
        Updating from previously releases is fully supported: old-format spool
      files are still usable, and the utilities support both formats.  New
      message will use the new format.  The one hints-DB file type which uses
      message-IDs (the transport wait- DB) will be discarded if an old-format ID
      is seen; new ones will be built with only new-format IDs.
      Optionally, a utility can be used to convert spool files from old to new,
      but this is only an efficiency measure not a requirement for operation
        Downgrading from new to old requires running a provided utility, having
      first stopped all operations.  This will convert any spool files from new
      back to old (losing time-precision and PID information) and remove any
      wait- hints databases.

JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
      we treated them as item separators when parsing for a list item, but they
      need to be protected by the doublequotes.  While there, add handling for
      backslashes.

JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
      Found and fixed by Jasen Betts. No testcase for this as my usual text
      editor insists on emitting only valid UTF-8.

JH/32 Fix "tls_dhparam = none" under GnuTLS.  At least with 3.7.9 this gave
      a null-indirection SIGSEGV for the receive process.

JH/33 Fix free for live variable $value created by a ${run ...} expansion during
      -bh use.  Internal checking would spot this and take a panic.

JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
      In 4.96 this would expand to empty.

JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
      certificate.  Find and fix by Andreas Metzler.

JH/36 Add ARC info to DMARC hostory records.

JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
      or fakedefer.  Previously the sender could discover that the message
      had in fact been accepted.

JH/38 Taint-track intermediate values from the peer in multi-stage authentation
      sequences.  Previously the input was not noted as being tainted; notably
      this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
      bad coding of authenticators.

JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
      and ${tr...}.  Found and diagnosed by Heiko Schlichting.

JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
      could be triggered by externally-supplied input.  Found by Trend Micro.
      CVE-2023-42115

JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42116

JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
      be triggered by externally-controlled input.  Found by Trend Micro.
      CVE-2023-42114

JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
      Make the rewrite never match and keep the logging.  Trust the
      admin to be using verify=header-syntax (to actually reject the message).

JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
      CVE-2023-42219


To generate a diff of this commit:
cvs rdiff -u -r1.200 -r1.201 pkgsrc/mail/exim/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/exim/PLIST
cvs rdiff -u -r1.85 -r1.86 pkgsrc/mail/exim/distinfo
cvs rdiff -u -r1.46 -r1.47 pkgsrc/mail/exim-html/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/mail/exim-html/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/mail/exim/Makefile
diff -u pkgsrc/mail/exim/Makefile:1.200 pkgsrc/mail/exim/Makefile:1.201
--- pkgsrc/mail/exim/Makefile:1.200     Wed Nov  8 13:19:55 2023
+++ pkgsrc/mail/exim/Makefile   Thu Nov 16 08:55:38 2023
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.200 2023/11/08 13:19:55 wiz Exp $
+# $NetBSD: Makefile,v 1.201 2023/11/16 08:55:38 adam Exp $
 
-DISTNAME=      exim-4.96.2
-PKGREVISION=   2
+DISTNAME=      exim-4.97
 CATEGORIES=    mail net
 MASTER_SITES=  https://ftp.exim.org/pub/exim/exim4/
 MASTER_SITES+= https://ftp.exim.org/pub/exim/exim4/fixes/
@@ -16,6 +15,8 @@ LICENSE=      gnu-gpl-v2
 
 CONFLICTS+=    exim-exiscan-[0-9]*
 
+DEPENDS+=      p5-File-FcntlLock>=0.22:../../sysutils/p5-File-FcntlLock
+
 USE_TOOLS+=    perl:run
 USE_LANGUAGES= c99
 
@@ -58,6 +59,7 @@ SPECIAL_PERMS+=               sbin/${PKGSRC_EXIM_VERS
 
 # pay attention to CPPFLAGS as well
 CFLAGS+=               ${CPPFLAGS}
+LDFLAGS.NetBSD+=       -lexecinfo
 
 PKGSRC_EXIM_VERSION=   ${DISTNAME}-1
 SUBST_CLASSES+=                exim
@@ -86,7 +88,7 @@ post-extract:
        cp ${WRKSRC}/exim_monitor/EDITME ${WRKSRC}/Local/eximon.conf.pkgsrc
 
 pre-configure:
-       sed     -e 's:@PREFIX@:${PREFIX}:' \
+       ${SED}  -e 's:@PREFIX@:${PREFIX}:' \
                -e 's:@PKG_SYSCONFDIR@:${PKG_SYSCONFDIR}:' \
                -e 's:@EXIM_USER@:${EXIM_USER}:' \
                -e 's:@EXIM_GROUP@:${EXIM_GROUP}:' \
@@ -110,13 +112,13 @@ pre-configure:
 .if !empty(EXIM_MAX_INCLUDE_SIZE)
        ${ECHO} MAX_INCLUDE_SIZE=${EXIM_MAX_INCLUDE_SIZE} >> ${WRKSRC}/Local/Makefile
 .endif
-       sed     -e 's:@PREFIX@:${PREFIX}:' \
+       ${SED}  -e 's:@PREFIX@:${PREFIX}:' \
                -e 's:@PKG_SYSCONFDIR@:${PKG_SYSCONFDIR}:' \
            < ${WRKSRC}/Local/eximon.conf.pkgsrc \
            > ${WRKSRC}/Local/eximon.conf
 
 post-build:
-       sed -e 's:@PREFIX@:${PREFIX}:' \
+       ${SED}  -e 's:@PREFIX@:${PREFIX}:' \
            ${FILESDIR}/mailer.conf.exim \
            > ${WRKDIR}/mailer.conf
 

Index: pkgsrc/mail/exim/PLIST
diff -u pkgsrc/mail/exim/PLIST:1.14 pkgsrc/mail/exim/PLIST:1.15
--- pkgsrc/mail/exim/PLIST:1.14 Tue Mar 11 14:05:03 2014
+++ pkgsrc/mail/exim/PLIST      Thu Nov 16 08:55:38 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.14 2014/03/11 14:05:03 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.15 2023/11/16 08:55:38 adam Exp $
 man/man8/exim.8
 sbin/${DISTNAME}-1
 sbin/exicyclog
@@ -8,7 +8,9 @@ sbin/exim_checkaccess
 sbin/exim_dbmbuild
 sbin/exim_dumpdb
 sbin/exim_fixdb
+sbin/exim_id_update
 sbin/exim_lock
+sbin/exim_msgdate
 sbin/exim_tidydb
 sbin/eximstats
 sbin/exinext

Index: pkgsrc/mail/exim/distinfo
diff -u pkgsrc/mail/exim/distinfo:1.85 pkgsrc/mail/exim/distinfo:1.86
--- pkgsrc/mail/exim/distinfo:1.85      Mon Oct 16 14:59:26 2023
+++ pkgsrc/mail/exim/distinfo   Thu Nov 16 08:55:38 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.85 2023/10/16 14:59:26 prlw1 Exp $
+$NetBSD: distinfo,v 1.86 2023/11/16 08:55:38 adam Exp $
 
-BLAKE2s (exim-4.96.2.tar.xz) = 1f5c360e56f8ff079a246659aacbaa84cf14524ae6654175ae3b5f70e42faecb
-SHA512 (exim-4.96.2.tar.xz) = dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed
-Size (exim-4.96.2.tar.xz) = 1879896 bytes
+BLAKE2s (exim-4.97.tar.xz) = 74022eea9d317e6c1bcbf2807cb2f12e5ff06a735e9628cabde05ccea07381cf
+SHA512 (exim-4.97.tar.xz) = b28cbb49fa7e143dfcc94e004d57cf98a1945013e676cd103c1ee4cf52933d49d378baa13bea2663353dba97745d6b2ab8b7b66cde870788a2d85d7abd716968
+Size (exim-4.97.tar.xz) = 1909536 bytes
 SHA1 (patch-Local_Makefile.pkgsrc) = 7d6971cfe6f6fecf854926e90460b1a8bcd6a79d
 SHA1 (patch-OS_Makefile-Default) = 6af17f036ed02a3bc37c1f303269eea447fcb691
 SHA1 (patch-lookups_Makefile) = cfc40dba3f75ef37b9887f7767139ad50cf9d4e5

Index: pkgsrc/mail/exim-html/Makefile
diff -u pkgsrc/mail/exim-html/Makefile:1.46 pkgsrc/mail/exim-html/Makefile:1.47
--- pkgsrc/mail/exim-html/Makefile:1.46 Sat Jul  2 09:24:34 2022
+++ pkgsrc/mail/exim-html/Makefile      Thu Nov 16 08:55:38 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.46 2022/07/02 09:24:34 adam Exp $
+# $NetBSD: Makefile,v 1.47 2023/11/16 08:55:38 adam Exp $
 
-DISTNAME=      exim-html-4.96
+DISTNAME=      exim-html-4.97
 CATEGORIES=    mail net
 MASTER_SITES=  ftp://ftp.exim.org/pub/exim/exim4/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/mail/exim-html/distinfo
diff -u pkgsrc/mail/exim-html/distinfo:1.39 pkgsrc/mail/exim-html/distinfo:1.40
--- pkgsrc/mail/exim-html/distinfo:1.39 Sat Jul  2 09:24:34 2022
+++ pkgsrc/mail/exim-html/distinfo      Thu Nov 16 08:55:38 2023
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.39 2022/07/02 09:24:34 adam Exp $
+$NetBSD: distinfo,v 1.40 2023/11/16 08:55:38 adam Exp $
 
-BLAKE2s (exim-html-4.96.tar.xz) = 477081b74c044acbc0e9f30db73d0e588d82e03adb4b50907e0540133fc1958b
-SHA512 (exim-html-4.96.tar.xz) = 60afb7318e18f38e6386c803e806a6d8f6cdc4ae2de6314083f78e6910d7fb3d2daddcb3055099b3be4bffad7c9816a9b3457d0e9537559d5dadca029b697b55
-Size (exim-html-4.96.tar.xz) = 566748 bytes
+BLAKE2s (exim-html-4.97.tar.xz) = 60c691b7ee190ba66c020e6194781884861f8e55d56cf7fa41bd6e6e1d7ee28f
+SHA512 (exim-html-4.97.tar.xz) = abd9c32c1b4817793ca8146cab9c873e64a445d35a3be9daa3f1ee9712917f09fb97ca2608899cb9578ba21473eabfe3bafd6152aba877f1a71e68295f23c8f0
+Size (exim-html-4.97.tar.xz) = 574384 bytes



Home | Main Index | Thread Index | Old Index