FreeBSD Bugzilla – Attachment 215147 Details for
Bug 246922
mail/exim: update 4.93.0.4 -> 4.94
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
exim.diff (text/plain), 46.75 KB, created by
Kurt Jaeger
on 2020-06-01 21:17:33 UTC
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Kurt Jaeger
Created:
2020-06-01 21:17:33 UTC
Size:
46.75 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 537457) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= exim > PORTVERSION?= ${EXIM_VERSION} >-PORTREVISION?= 3 >+PORTREVISION?= 0 > CATEGORIES= mail > MASTER_SITES= EXIM:exim > MASTER_SITE_SUBDIR= /exim4/:exim \ >@@ -103,7 +103,7 @@ > EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf > .endif > >-EXIM_VERSION= 4.93.0.4 >+EXIM_VERSION= 4.94 > SA_EXIM_VERSION=4.2.1 > EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" > EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h` >Index: distinfo >=================================================================== >--- distinfo (revision 537457) >+++ distinfo (working copy) >@@ -1,5 +1,5 @@ >-TIMESTAMP = 1582564322 >-SHA256 (exim/exim-4.93.0.4.tar.bz2) = b67336ba06f8d8233060de073d6082d75a378faaafad660c5f124bb13d75e4d9 >-SIZE (exim/exim-4.93.0.4.tar.bz2) = 1974190 >+TIMESTAMP = 1591032067 >+SHA256 (exim/exim-4.94.tar.bz2) = 73feeaa5ddb43363782db0c307b593aacb49542dd7e4b795a2880779595affe5 >+SIZE (exim/exim-4.94.tar.bz2) = 1997217 > SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1 > SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933 >Index: files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch >=================================================================== >--- files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch (revision 537457) >+++ files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch (nonexistent) >@@ -1,34 +0,0 @@ >-From dfb8f72b2237627b26767d1e803e8ed95ad659d2 Mon Sep 17 00:00:00 2001 >-From: Wolfgang Breyha <wbreyha@gmx.net> >-Date: Tue, 7 Jan 2020 13:03:18 +0000 >-Subject: [PATCH 19/21] SPF: fix result for case of only non-spf TXT RRs. Bug >- 2499 >- >-(cherry picked from commit 67794d2b830fc580f87b0635718d95e32b467be1) >---- >- src/spf.c | 7 ++++++- >- test/scripts/4600-SPF/4601 | 17 ++++++++--------- >- test/stdout/4601 | 11 ++++++----- >- 3 files changed, 20 insertions(+), 15 deletions(-) >- >-diff --git src/spf.c src/spf.c >-index 8ead817b9..12b756b46 100644 >---- src/spf.c >-+++ src/spf.c >-@@ -139,7 +139,12 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; >- srr.rr[found++] = (void *) s; >- } >- >--srr.num_rr = found; >-+/* Did we filter out all TXT RRs? Return NO_DATA instead of SUCCESS with >-+empty ANSWER section. */ >-+ >-+if (!(srr.num_rr = found)) >-+ srr.herrno = NO_DATA; >-+ >- /* spfrr->rr must have been malloc()d for this */ >- SPF_dns_rr_dup(&spfrr, &srr); >- return spfrr; >--- >-2.24.1 >- > >Property changes on: files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch >=================================================================== >--- files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch (revision 537457) >+++ files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch (nonexistent) >@@ -1,70 +0,0 @@ >-From 338f36842f10ef84e684dddf59819837fd7792a3 Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Wed, 15 Jan 2020 10:40:20 +0000 >-Subject: [PATCH 20/21] Fix error logging for dynamically-loaded modules. Bug >- 2507 >- >-(cherry picked from commits b1c673ddfa, 3fc07bd570) >---- >- doc/ChangeLog | 5 +++++ >- src/drtables.c | 13 +++++++------ >- 2 files changed, 12 insertions(+), 6 deletions(-) >- >-diff --git doc/ChangeLog doc/ChangeLog >-index 32febe1f3..6e26e2f11 100644 >---- doc/ChangeLog >-+++ doc/ChangeLog >-@@ -49,6 +49,11 @@ JH/16 Fix the variables set by the gsasl authenticator. Previously a pointer to >- library live data was being used, so the results became garbage. Make >- copies while it is still usable. >- >-+JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, >-+ only retrieve the errormessage once. Previously two calls to dlerror() >-+ were used, and the second one (for mainlog/paniclog) retrieved null >-+ information. >-+ >- >- Exim version 4.93 >- ----------------- >-diff --git src/drtables.c src/drtables.c >-index 059756284..ca051bd20 100644 >---- src/drtables.c >-+++ src/drtables.c >-@@ -740,10 +740,11 @@ init_lookup_list(void) >- >- dl = dlopen(CS big_buffer, RTLD_NOW);// TJ was LAZY >- if (dl == NULL) { >-- fprintf(stderr, "Error loading %s: %s\n", name, dlerror()); >-- moduleerrors++; >-- log_write(0, LOG_MAIN|LOG_PANIC, "Error loading lookup module %s: %s\n", name, dlerror()); >-- continue; >-+ errormessage = dlerror(); >-+ fprintf(stderr, "Error loading %s: %s\n", name, errormessage); >-+ log_write(0, LOG_MAIN|LOG_PANIC, "Error loading lookup module %s: %s\n", name, errormessage); >-+ moduleerrors++; >-+ continue; >- } >- >- /* FreeBSD nsdispatch() can trigger dlerror() errors about >-@@ -756,16 +757,16 @@ init_lookup_list(void) >- info = (struct lookup_module_info*) dlsym(dl, "_lookup_module_info"); >- if ((errormsg = dlerror()) != NULL) { >- fprintf(stderr, "%s does not appear to be a lookup module (%s)\n", name, errormsg); >-+ log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be a lookup module (%s)\n", name, errormsg); >- dlclose(dl); >- moduleerrors++; >-- log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be a lookup module (%s)\n", name, errormsg); >- continue; >- } >- if (info->magic != LOOKUP_MODULE_INFO_MAGIC) { >- fprintf(stderr, "Lookup module %s is not compatible with this version of Exim\n", name); >-+ log_write(0, LOG_MAIN|LOG_PANIC, "Lookup module %s is not compatible with this version of Exim\n", name); >- dlclose(dl); >- moduleerrors++; >-- log_write(0, LOG_MAIN|LOG_PANIC, "Lookup module %s is not compatible with this version of Exim\n", name); >- continue; >- } >- >--- >-2.24.1 >- > >Property changes on: files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch >=================================================================== >--- files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch (revision 537457) >+++ files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch (nonexistent) >@@ -1,116 +0,0 @@ >-From bbeab68df3b3c2d5507b1fdca07509fdbb3ec5a1 Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Tue, 14 Jan 2020 17:48:57 +0000 >-Subject: [PATCH 21/21] heimdal auth: fix the increase of big_buffer size. Bug >- 2501 >- >-(cherry picked from commit 7a66b3afa11a70021297c176acf56831692be89a) >---- >- doc/ChangeLog | 7 ++++++- >- src/auths/README | 2 +- >- src/auths/heimdal_gssapi.c | 10 ---------- >- src/macros.h | 13 ++++++++++--- >- src/readconf.c | 1 + >- 5 files changed, 18 insertions(+), 15 deletions(-) >- >-diff --git doc/ChangeLog doc/ChangeLog >-index 6e26e2f11..f112fc9bf 100644 >---- doc/ChangeLog >-+++ doc/ChangeLog >-@@ -9,7 +9,7 @@ This is not an official release. It is just a branch, collecting >- proposed bugfixes. Depending on your environment the fixes may be >- necessary to build and/or run Exim successfully. >- >--JH/05 Regard command-line receipients as tainted. >-+JH/05 Regard command-line recipients as tainted. >- >- JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the >- PAM library frees one of the arguments given to it, despite the >-@@ -54,6 +54,11 @@ JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, >- were used, and the second one (for mainlog/paniclog) retrieved null >- information. >- >-+JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it >-+ adjusted the size of a major service buffer; this failed because the >-+ buffer was in use at the time. Change to a compile-time increase in the >-+ buffer size, when this authenticator is compiled into exim. >-+ >- >- Exim version 4.93 >- ----------------- >-diff --git src/auths/README src/auths/README >-index d4f125c30..66bdcdcf8 100644 >---- src/auths/README >-+++ src/auths/README >-@@ -34,7 +34,7 @@ instance block for this configured mechanism. It must set the flags called >- the server and/or client functions are available for this authenticator. >- Typically this depends on whether server or client configuration options have >- been set, but it is also possible to have an authenticator that has only one of >--the server or client functions. >-+the server or client functions. The function may not touch big_buffer. >- >- SERVER AUTHENTICATION >- >-diff --git src/auths/heimdal_gssapi.c src/auths/heimdal_gssapi.c >-index 3dfcb8c6a..523f7c69a 100644 >---- src/auths/heimdal_gssapi.c >-+++ src/auths/heimdal_gssapi.c >-@@ -200,16 +200,6 @@ if (krc) >- >- krb5_free_context(context); >- >--/* RFC 4121 section 5.2, SHOULD support 64K input buffers */ >--if (big_buffer_size < (64 * 1024)) >-- { >-- uschar *newbuf; >-- big_buffer_size = 64 * 1024; >-- newbuf = store_malloc(big_buffer_size); >-- store_free(big_buffer); >-- big_buffer = newbuf; >-- } >-- >- ablock->server = TRUE; >- } >- >-diff --git src/macros.h src/macros.h >-index 76913d64e..4e6b1b8a9 100644 >---- src/macros.h >-+++ src/macros.h >-@@ -152,12 +152,19 @@ enough to hold all the headers from a normal kind of message. */ >- into big_buffer_size and in some circumstances increased. It should be at least >- as long as the maximum path length. */ >- >--#if defined PATH_MAX && PATH_MAX > 16384 >-+#ifdef AUTH_HEIMDAL_GSSAPI >-+ /* RFC 4121 section 5.2, SHOULD support 64K input buffers */ >-+# define __BIG_BUFFER_SIZE 65536 >-+#else >-+# define __BIG_BUFFER_SIZE 16384 >-+#endif >-+ >-+#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE >- # define BIG_BUFFER_SIZE PATH_MAX >--#elif defined MAXPATHLEN && MAXPATHLEN > 16384 >-+#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE >- # define BIG_BUFFER_SIZE MAXPATHLEN >- #else >--# define BIG_BUFFER_SIZE 16384 >-+# define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE >- #endif >- >- /* header size of pipe content >-diff --git src/readconf.c src/readconf.c >-index 0233019cf..62cfcfbf9 100644 >---- src/readconf.c >-+++ src/readconf.c >-@@ -3788,6 +3788,7 @@ while ((buffer = get_config_line()) != NULL) >- if (!d->driver_name) >- log_write(0, LOG_PANIC_DIE|LOG_CONFIG, >- "no driver defined for %s \"%s\"", class, d->name); >-+ /* s is using big_buffer, so this call had better not */ >- (d->info->init)(d); >- d = NULL; >- } >--- >-2.24.1 >- > >Property changes on: files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_22-Taint-hybrid-checking-mode.patch >=================================================================== >--- files/74_22-Taint-hybrid-checking-mode.patch (revision 537457) >+++ files/74_22-Taint-hybrid-checking-mode.patch (nonexistent) >@@ -1,330 +0,0 @@ >-From 1ccd26e24267ffa0c40b70c2c3282481fe4977c7 Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Thu, 16 Jan 2020 14:12:56 +0000 >-Subject: [PATCH 22/22] Taint: hybrid checking mode >- >-(cherry picked from commit 36eb5d3d77426d8cbf4243ea752f8d8cd1d5c682) >---- >- doc/ChangeLog | 8 +++++ >- exim_monitor/em_version.c | 2 ++ >- src/functions.h | 58 +++++++++++++++++++++++++++++++- >- src/globals.c | 1 + >- src/globals.h | 1 + >- src/mytypes.h | 62 +++++------------------------------ >- src/store.c | 40 +++++++++++++++------- >- 7 files changed, 107 insertions(+), 65 deletions(-) >- >-diff --git doc/ChangeLog doc/ChangeLog >-index f112fc9bf..508b8fa49 100644 >---- doc/ChangeLog >-+++ doc/ChangeLog >-@@ -59,6 +59,14 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it >- buffer was in use at the time. Change to a compile-time increase in the >- buffer size, when this authenticator is compiled into exim. >- >-+JH/22 Taint checking: move to a hybrid approach for checking. Previously, one >-+ of two ways was used, depending on a build-time flag. The fast method >-+ relied on assumptions about the OS and libc malloc, which were known to >-+ not hold for the BSD-derived platforms, and discovered to not hold for >-+ 32-bit Linux either. In fact the glibc documentation describes cases >-+ where these assumptions do not hold. The new implementation tests for >-+ the situation arising and actively switches over from fast to safe mode. >-+ >- >- Exim version 4.93 >- ----------------- >-diff --git exim_monitor/em_version.c exim_monitor/em_version.c >-index 52c55a4a3..9b9c7d417 100644 >---- exim_monitor/em_version.c >-+++ exim_monitor/em_version.c >-@@ -5,6 +5,8 @@ >- /* Copyright (c) University of Cambridge 1995 - 2018 */ >- /* See the file NOTICE for conditions of use and distribution. */ >- >-+#define EM_VERSION_C >-+ >- #include "mytypes.h" >- #include "store.h" >- #include "macros.h" >-diff --git src/functions.h src/functions.h >-index 87d1a04d8..0b5905562 100644 >---- src/functions.h >-+++ src/functions.h >-@@ -187,6 +187,7 @@ extern void deliver_succeeded(address_item *); >- extern uschar *deliver_get_sender_address (uschar *id); >- extern void delivery_re_exec(int); >- >-+extern void die_tainted(const uschar *, const uschar *, int); >- extern BOOL directory_make(const uschar *, const uschar *, int, BOOL); >- #ifndef DISABLE_DKIM >- extern uschar *dkim_exim_query_dns_txt(const uschar *); >-@@ -602,6 +603,61 @@ extern BOOL write_chunk(transport_ctx *, uschar *, int); >- extern ssize_t write_to_fd_buf(int, const uschar *, size_t); >- >- >-+/******************************************************************************/ >-+/* Predicate: if an address is in a tainted pool. >-+By extension, a variable pointing to this address is tainted. >-+*/ >-+ >-+static inline BOOL >-+is_tainted(const void * p) >-+{ >-+#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) || defined(EM_VERSION_C) >-+return FALSE; >-+ >-+#else >-+extern BOOL is_tainted_fn(const void *); >-+extern void * tainted_base, * tainted_top; >-+ >-+return f.taint_check_slow >-+ ? is_tainted_fn(p) : p >= tainted_base && p < tainted_top; >-+#endif >-+} >-+ >-+/******************************************************************************/ >-+/* String functions */ >-+static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line) >-+{ >-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line); >-+#endif >-+return US strcat(CS dst, CCS src); >-+} >-+static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line) >-+{ >-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line); >-+#endif >-+return US strcpy(CS dst, CCS src); >-+} >-+static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line) >-+{ >-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line); >-+#endif >-+return US strncat(CS dst, CCS src, n); >-+} >-+static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line) >-+{ >-+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >-+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line); >-+#endif >-+return US strncpy(CS dst, CCS src, n); >-+} >-+/*XXX will likely need unchecked copy also */ >-+ >-+ >-+/******************************************************************************/ >-+ >- #if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY) >- /* exim_chown - in some NFSv4 setups *seemes* to be an issue with >- chown(<exim-uid>, <exim-gid>). >-@@ -634,8 +690,8 @@ exim_chown(const uschar *name, uid_t owner, gid_t group) >- return chown(CCS name, owner, group) >- ? exim_chown_failure(-1, name, owner, group) : 0; >- } >-- >- #endif /* !MACRO_PREDEF && !COMPILE_UTILITY */ >-+ >- /******************************************************************************/ >- /* String functions */ >- >-diff --git src/globals.c src/globals.c >-index 85a25a7f2..72449229e 100644 >---- src/globals.c >-+++ src/globals.c >-@@ -311,6 +311,7 @@ struct global_flags f = >- .synchronous_delivery = FALSE, >- .system_filtering = FALSE, >- >-+ .taint_check_slow = FALSE, >- .tcp_fastopen_ok = FALSE, >- .tcp_in_fastopen = FALSE, >- .tcp_in_fastopen_data = FALSE, >-diff --git src/globals.h src/globals.h >-index ca342acc2..ac7bb8ef3 100644 >---- src/globals.h >-+++ src/globals.h >-@@ -272,6 +272,7 @@ extern struct global_flags { >- BOOL synchronous_delivery :1; /* TRUE if -odi is set */ >- BOOL system_filtering :1; /* TRUE when running system filter */ >- >-+ BOOL taint_check_slow :1; /* malloc/mmap are not returning distinct ranges */ >- BOOL tcp_fastopen_ok :1; /* appears to be supported by kernel */ >- BOOL tcp_in_fastopen :1; /* conn usefully used fastopen */ >- BOOL tcp_in_fastopen_data :1; /* fastopen carried data */ >-diff --git src/mytypes.h src/mytypes.h >-index ceb9f1b55..e31ee8c1a 100644 >---- src/mytypes.h >-+++ src/mytypes.h >-@@ -100,19 +100,15 @@ functions that are called quite often; for other calls to external libraries >- #define Uread(f,b,l) read(f,CS(b),l) >- #define Urename(s,t) rename(CCS(s),CCS(t)) >- #define Ustat(s,t) stat(CCS(s),t) >--#define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__) >- #define Ustrchr(s,n) US strchr(CCS(s),n) >- #define CUstrchr(s,n) CUS strchr(CCS(s),n) >- #define CUstrerror(n) CUS strerror(n) >- #define Ustrcmp(s,t) strcmp(CCS(s),CCS(t)) >--#define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__) >- #define Ustrcpy_nt(s,t) strcpy(CS s, CCS t) /* no taint check */ >- #define Ustrcspn(s,t) strcspn(CCS(s),CCS(t)) >- #define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t) >- #define Ustrlen(s) (int)strlen(CCS(s)) >--#define Ustrncat(s,t,n) __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__) >- #define Ustrncmp(s,t,n) strncmp(CCS(s),CCS(t),n) >--#define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__) >- #define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n) /* no taint check */ >- #define Ustrpbrk(s,t) strpbrk(CCS(s),CCS(t)) >- #define Ustrrchr(s,n) US strrchr(CCS(s),n) >-@@ -125,57 +121,17 @@ functions that are called quite often; for other calls to external libraries >- #define Ustrtoul(s,t,b) strtoul(CCS(s),CSS(t),b) >- #define Uunlink(s) unlink(CCS(s)) >- >--extern void die_tainted(const uschar *, const uschar *, int); >-- >--/* Predicate: if an address is in a tainted pool. >--By extension, a variable pointing to this address is tainted. >--*/ >-- >--static inline BOOL >--is_tainted(const void * p) >--{ >--#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) >--return FALSE; >-- >--#elif defined(TAINT_CHECK_SLOW) >--extern BOOL is_tainted_fn(const void *); >--return is_tainted_fn(p); >-- >-+#ifdef EM_VERSION_C >-+# define Ustrcat(s,t) strcat(CS(s), CCS(t)) >-+# define Ustrcpy(s,t) strcpy(CS(s), CCS(t)) >-+# define Ustrncat(s,t,n) strncat(CS(s), CCS(t), n) >-+# define Ustrncpy(s,t,n) strncpy(CS(s), CCS(t), n) >- #else >--extern void * tainted_base, * tainted_top; >--return p >= tainted_base && p < tainted_top; >--#endif >--} >-- >--static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line) >--{ >--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line); >--#endif >--return US strcat(CS dst, CCS src); >--} >--static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line) >--{ >--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line); >--#endif >--return US strcpy(CS dst, CCS src); >--} >--static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line) >--{ >--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line); >--#endif >--return US strncat(CS dst, CCS src, n); >--} >--static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line) >--{ >--#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) >--if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line); >-+# define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__) >-+# define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__) >-+# define Ustrncat(s,t,n) __Ustrncat(s, CUS(t), n, __FUNCTION__, __LINE__) >-+# define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t), n, __FUNCTION__, __LINE__) >- #endif >--return US strncpy(CS dst, CCS src, n); >--} >--/*XXX will likely need unchecked copy also */ >- >- #endif >- /* End of mytypes.h */ >-diff --git src/store.c src/store.c >-index a06e1c19a..692a993e9 100644 >---- src/store.c >-+++ src/store.c >-@@ -162,8 +162,14 @@ static void internal_tainted_free(storeblock *, const char *, int linenumber); >- >- /******************************************************************************/ >- >--/* Slower version check, for use when platform intermixes malloc and mmap area >--addresses. */ >-+/* Test if a pointer refers to tainted memory. >-+ >-+Slower version check, for use when platform intermixes malloc and mmap area >-+addresses. Test against the current-block of all tainted pools first, then all >-+blocks of all tainted pools. >-+ >-+Return: TRUE iff tainted >-+*/ >- >- BOOL >- is_tainted_fn(const void * p) >-@@ -171,23 +177,20 @@ is_tainted_fn(const void * p) >- storeblock * b; >- int pool; >- >--for (pool = 0; pool < nelem(chainbase); pool++) >-+for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) >- if ((b = current_block[pool])) >- { >-- char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; >-- if (CS p >= bc && CS p <= bc + b->length) goto hit; >-+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; >-+ if (US p >= bc && US p <= bc + b->length) return TRUE; >- } >- >--for (pool = 0; pool < nelem(chainbase); pool++) >-+for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) >- for (b = chainbase[pool]; b; b = b->next) >- { >-- char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; >-- if (CS p >= bc && CS p <= bc + b->length) goto hit; >-+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; >-+ if (US p >= bc && US p <= bc + b->length) return TRUE; >- } >- return FALSE; >-- >--hit: >--return pool >= POOL_TAINT_BASE; >- } >- >- >-@@ -198,6 +201,13 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n", >- msg, func, line); >- } >- >-+static void >-+use_slow_taint_check(void) >-+{ >-+DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n"); >-+f.taint_check_slow = TRUE; >-+} >-+ >- >- /************************************************* >- * Get a block from the current pool * >-@@ -820,6 +830,14 @@ if (!(yield = malloc((size_t)size))) >- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " >- "called from line %d in %s", size, linenumber, func); >- >-+/* If malloc ever returns apparently tainted memory, which glibc >-+malloc will as it uses mmap for larger requests, we must switch to >-+the slower checking for tainting (checking an address against all >-+the tainted pool block spans, rather than just the mmap span) */ >-+ >-+if (!f.taint_check_slow && is_tainted(yield)) >-+ use_slow_taint_check(); >-+ >- return store_alloc_tail(yield, size, func, linenumber, US"Malloc"); >- } >- >--- >-2.24.1 >- > >Property changes on: files/74_22-Taint-hybrid-checking-mode.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_23-Fix-taint-hybrid-checking-on-BSD.patch >=================================================================== >--- files/74_23-Fix-taint-hybrid-checking-on-BSD.patch (revision 537457) >+++ files/74_23-Fix-taint-hybrid-checking-on-BSD.patch (nonexistent) >@@ -1,83 +0,0 @@ >-From ccf4e2396b27b519174aa79552e61d11aafbdc36 Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Fri, 17 Jan 2020 21:55:11 +0000 >-Subject: [PATCH 23/23] Fix taint hybrid-checking on BSD >- >-(cherry-picked from commit 677481d4fc) >-Broken-by: 1ccd26e242 >---- >- src/store.c | 26 ++++++++++++++++++++++---- >- 1 file changed, 22 insertions(+), 4 deletions(-) >- >-diff --git src/store.c src/store.c >-index 692a993e9..6118ef28d 100644 >---- src/store.c >-+++ src/store.c >-@@ -175,16 +175,15 @@ BOOL >- is_tainted_fn(const void * p) >- { >- storeblock * b; >--int pool; >- >--for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) >-+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) >- if ((b = current_block[pool])) >- { >- uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; >- if (US p >= bc && US p <= bc + b->length) return TRUE; >- } >- >--for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) >-+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) >- for (b = chainbase[pool]; b; b = b->next) >- { >- uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; >-@@ -204,10 +203,28 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n", >- static void >- use_slow_taint_check(void) >- { >-+#ifndef COMPILE_UTILITY >- DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n"); >-+#endif >- f.taint_check_slow = TRUE; >- } >- >-+static void >-+verify_all_untainted(void) >-+{ >-+for (int pool = 0; pool < POOL_TAINT_BASE; pool++) >-+ for (storeblock * b = chainbase[pool]; b; b = b->next) >-+ { >-+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; >-+ if (is_tainted(bc)) >-+ { >-+ use_slow_taint_check(); >-+ return; >-+ } >-+ } >-+} >-+ >-+ >- >- /************************************************* >- * Get a block from the current pool * >-@@ -740,7 +757,7 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool; >- BOOL release_ok = !tainted && store_last_get[pool] == block; >- uschar * newtext; >- >--#ifndef MACRO_PREDEF >-+#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY) >- if (is_tainted(block) != tainted) >- die_tainted(US"store_newblock", CUS func, linenumber); >- #endif >-@@ -799,6 +816,7 @@ if (!(yield = mmap(NULL, (size_t)size, >- >- if (yield < tainted_base) tainted_base = yield; >- if ((top = US yield + size) > tainted_top) tainted_top = top; >-+if (!f.taint_check_slow) use_slow_taint_check(); >- >- return store_alloc_tail(yield, size, func, line, US"Mmap"); >- } >--- >-2.24.1 >- > >Property changes on: files/74_23-Fix-taint-hybrid-checking-on-BSD.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch >=================================================================== >--- files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch (revision 537457) >+++ files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch (nonexistent) >@@ -1,70 +0,0 @@ >-From 4ce411ffa737df738e18e1e7b008ad3d3ac5c398 Mon Sep 17 00:00:00 2001 >-From: Brian Foley <bpfoley@google.com> >-Date: Sat, 25 Jan 2020 15:27:49 +0000 >-Subject: [PATCH 24/25] TFO: even in binary built for modern Linux, handle >- error returned by old Linux kernel. Bug 2518 >- >-(cherry picked from commit c3da38a12a2372a7f6a48be97ebfd80aeceda828) >---- >- src/ip.c | 40 +++++++++++++++++++++++----------------- >- 1 file changed, 23 insertions(+), 17 deletions(-) >- >-diff --git src/ip.c src/ip.c >-index 70e3e2064..43ca6a1c9 100644 >---- src/ip.c >-+++ src/ip.c >-@@ -269,28 +269,34 @@ if (fastopen_blob && f.tcp_fastopen_ok) >- /*XXX also seen on successful TFO, sigh */ >- tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; >- } >-- else if (errno == EINPROGRESS) /* expected if we had no cookie for peer */ >-+ else switch (errno) >-+ { >-+ case EINPROGRESS: /* expected if we had no cookie for peer */ >- /* seen for no-data, proper TFO option, both cookie-request and with-cookie cases */ >- /* apparently no visibility of the diffference at this point */ >- /* seen for with-data, proper TFO opt, cookie-req */ >- /* with netwk delay, post-conn tcp_info sees unacked 1 for R, 2 for C; code in smtp_out.c */ >- /* ? older Experimental TFO option behaviour ? */ >-- { /* queue unsent data */ >-- DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n", >-- fastopen_blob->len > 0 ? "with" : "no"); >-- if (!fastopen_blob->data) >-- { >-- tcp_out_fastopen = TFO_ATTEMPTED_NODATA; /* we tried; unknown if useful yet */ >-- rc = 0; >-- } >-- else >-- rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0); >-- } >-- else if(errno == EOPNOTSUPP) >-- { >-- DEBUG(D_transport) >-- debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); >-- goto legacy_connect; >-+ DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n", >-+ fastopen_blob->len > 0 ? "with" : "no"); >-+ if (!fastopen_blob->data) >-+ { >-+ tcp_out_fastopen = TFO_ATTEMPTED_NODATA; /* we tried; unknown if useful yet */ >-+ rc = 0; >-+ } >-+ else /* queue unsent data */ >-+ rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0); >-+ break; >-+ >-+ case EOPNOTSUPP: >-+ DEBUG(D_transport) >-+ debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); >-+ goto legacy_connect; >-+ >-+ case EPIPE: >-+ DEBUG(D_transport) >-+ debug_printf("Tried TCP Fast Open but kernel too old to support it\n"); >-+ goto legacy_connect; >- } >- # endif >- # ifdef EXIM_TFO_CONNECTX >--- >-2.24.1 >- > >Property changes on: files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_25-Taint-slow-mode-checking-only.patch >=================================================================== >--- files/74_25-Taint-slow-mode-checking-only.patch (revision 537457) >+++ files/74_25-Taint-slow-mode-checking-only.patch (nonexistent) >@@ -1,127 +0,0 @@ >-From 69b2f92c0b5da548eaafe4813319f4647fa9c19a Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Thu, 30 Jan 2020 11:38:30 +0000 >-Subject: [PATCH 25/25] Taint: slow-mode checking only >- >-(cherry-picked from 4381d60bc9) >---- >- doc/ChangeLog | 10 +++------- >- src/functions.h | 5 +---- >- src/store.c | 43 ------------------------------------------- >- 3 files changed, 4 insertions(+), 54 deletions(-) >- >-diff --git doc/ChangeLog doc/ChangeLog >-index 508b8fa49..be7ec2a8e 100644 >---- doc/ChangeLog >-+++ doc/ChangeLog >-@@ -59,13 +59,9 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it >- buffer was in use at the time. Change to a compile-time increase in the >- buffer size, when this authenticator is compiled into exim. >- >--JH/22 Taint checking: move to a hybrid approach for checking. Previously, one >-- of two ways was used, depending on a build-time flag. The fast method >-- relied on assumptions about the OS and libc malloc, which were known to >-- not hold for the BSD-derived platforms, and discovered to not hold for >-- 32-bit Linux either. In fact the glibc documentation describes cases >-- where these assumptions do not hold. The new implementation tests for >-- the situation arising and actively switches over from fast to safe mode. >-+JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The >-+ previous fast-mode was untenable in the face of glibs using mmap to >-+ support larger malloc requests. >- >- >- Exim version 4.93 >-diff --git src/functions.h src/functions.h >-index 0b5905562..af633851b 100644 >---- src/functions.h >-+++ src/functions.h >-@@ -616,10 +616,7 @@ return FALSE; >- >- #else >- extern BOOL is_tainted_fn(const void *); >--extern void * tainted_base, * tainted_top; >-- >--return f.taint_check_slow >-- ? is_tainted_fn(p) : p >= tainted_base && p < tainted_top; >-+return is_tainted_fn(p); >- #endif >- } >- >-diff --git src/store.c src/store.c >-index 6118ef28d..c81744a7b 100644 >---- src/store.c >-+++ src/store.c >-@@ -102,13 +102,6 @@ static storeblock *current_block[NPOOLS]; >- static void *next_yield[NPOOLS]; >- static int yield_length[NPOOLS] = { -1, -1, -1, -1, -1, -1 }; >- >--/* The limits of the tainted pools. Tracking these on new allocations enables >--a fast is_tainted implementation. We assume the kernel only allocates mmaps using >--one side or the other of data+heap, not both. */ >-- >--void * tainted_base = (void *)-1; >--void * tainted_top = (void *)0; >-- >- /* pool_malloc holds the amount of memory used by the store pools; this goes up >- and down as store is reset or released. nonpool_malloc is the total got by >- malloc from other calls; this doesn't go down because it is just freed by >-@@ -200,30 +193,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n", >- msg, func, line); >- } >- >--static void >--use_slow_taint_check(void) >--{ >--#ifndef COMPILE_UTILITY >--DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n"); >--#endif >--f.taint_check_slow = TRUE; >--} >-- >--static void >--verify_all_untainted(void) >--{ >--for (int pool = 0; pool < POOL_TAINT_BASE; pool++) >-- for (storeblock * b = chainbase[pool]; b; b = b->next) >-- { >-- uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; >-- if (is_tainted(bc)) >-- { >-- use_slow_taint_check(); >-- return; >-- } >-- } >--} >-- >- >- >- /************************************************* >-@@ -814,10 +783,6 @@ if (!(yield = mmap(NULL, (size_t)size, >- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to mmap %d bytes of memory: " >- "called from line %d of %s", size, line, func); >- >--if (yield < tainted_base) tainted_base = yield; >--if ((top = US yield + size) > tainted_top) tainted_top = top; >--if (!f.taint_check_slow) use_slow_taint_check(); >-- >- return store_alloc_tail(yield, size, func, line, US"Mmap"); >- } >- >-@@ -848,14 +813,6 @@ if (!(yield = malloc((size_t)size))) >- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " >- "called from line %d in %s", size, linenumber, func); >- >--/* If malloc ever returns apparently tainted memory, which glibc >--malloc will as it uses mmap for larger requests, we must switch to >--the slower checking for tainting (checking an address against all >--the tainted pool block spans, rather than just the mmap span) */ >-- >--if (!f.taint_check_slow && is_tainted(yield)) >-- use_slow_taint_check(); >-- >- return store_alloc_tail(yield, size, func, linenumber, US"Malloc"); >- } >- >--- >-2.24.1 >- > >Property changes on: files/74_25-Taint-slow-mode-checking-only.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch >=================================================================== >--- files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch (revision 537457) >+++ files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch (nonexistent) >@@ -1,50 +0,0 @@ >-From 59bcc75f56ffeb9fa220f1eb53d45bf254258ac7 Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Thu, 13 Feb 2020 14:08:31 +0000 >-Subject: [PATCH 26/27] Auths: fix cyrus-sasl driver for gssapi use. Bug 2524 >- >-Broken-by: c0fb53b74e >-Cherry-picked from: 5c329a4388 >---- >- doc/ChangeLog | 6 ++++++ >- src/auths/cyrus_sasl.c | 6 +++--- >- 2 files changed, 9 insertions(+), 3 deletions(-) >- >-diff --git doc/ChangeLog doc/ChangeLog >-index be7ec2a8e..97fe878dc 100644 >---- doc/ChangeLog >-+++ doc/ChangeLog >-@@ -63,6 +63,12 @@ JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The >- previous fast-mode was untenable in the face of glibs using mmap to >- support larger malloc requests. >- >-+JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix >-+ had introduced a string-copy (for ensuring NUL-termination) which was not >-+ appropriate for that case, which can include embedded NUL bytes in the >-+ block of data. Investigation showed the copy to actually be needless, the >-+ data being length-specified. >-+ >- >- Exim version 4.93 >- ----------------- >-diff --git src/auths/cyrus_sasl.c src/auths/cyrus_sasl.c >-index 480010bab..19416a1bb 100644 >---- src/auths/cyrus_sasl.c >-+++ src/auths/cyrus_sasl.c >-@@ -347,10 +347,10 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) >- } >- else >- { >-- /* make sure that we have a null-terminated string */ >-- out2 = string_copyn(output, outlen); >-+ /* auth_get_data() takes a length-specfied block of binary >-+ which can include zeroes; no terminating NUL is needed */ >- >-- if ((rc = auth_get_data(&input, out2, outlen)) != OK) >-+ if ((rc = auth_get_data(&input, output, outlen)) != OK) >- { >- /* we couldn't get the data, so free up the library before >- * returning whatever error we get */ >--- >-2.24.1 >- > >Property changes on: files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/74_27-GnuTLS-fix-hanging-callout-connections.patch >=================================================================== >--- files/74_27-GnuTLS-fix-hanging-callout-connections.patch (revision 537457) >+++ files/74_27-GnuTLS-fix-hanging-callout-connections.patch (nonexistent) >@@ -1,70 +0,0 @@ >-From 26b045604bd574a6d93868ed437c08503c67d289 Mon Sep 17 00:00:00 2001 >-From: Jeremy Harris <jgh146exb@wizmail.org> >-Date: Thu, 13 Feb 2020 16:52:52 +0000 >-Subject: [PATCH 27/27] GnuTLS: fix hanging callout connections >- >-Broken-by: 925ac8e4f1 >-Cherry-picked from: bd95ffc2ba >---- >- doc/ChangeLog | 5 +++++ >- src/tls-gnu.c | 11 +++++++---- >- 2 files changed, 12 insertions(+), 4 deletions(-) >- >-diff --git doc/ChangeLog doc/ChangeLog >-index 97fe878dc..d9833c8e1 100644 >---- doc/ChangeLog >-+++ doc/ChangeLog >-@@ -69,6 +69,11 @@ JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix >- block of data. Investigation showed the copy to actually be needless, the >- data being length-specified. >- >-+JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was >-+ done during a receiving connection, and both used TLS, global info was >-+ used rather than per-connection info for tracking the state of data >-+ queued for transmission. This could result in a connection hang. >-+ >- >- Exim version 4.93 >- ----------------- >-diff --git src/tls-gnu.c src/tls-gnu.c >-index fc426a251..574dcafd9 100644 >---- src/tls-gnu.c >-+++ src/tls-gnu.c >-@@ -181,6 +181,10 @@ typedef struct exim_gnutls_state { >- BOOL peer_dane_verified; >- BOOL trigger_sni_changes; >- BOOL have_set_peerdn; >-+#ifdef SUPPORT_CORK >-+ BOOL corked:1; >-+#endif >-+ >- const struct host_item *host; /* NULL if server */ >- gnutls_x509_crt_t peercert; >- uschar *peerdn; >-@@ -3309,9 +3313,8 @@ ssize_t outbytes; >- size_t left = len; >- exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server; >- #ifdef SUPPORT_CORK >--static BOOL corked = FALSE; >- >--if (more && !corked) gnutls_record_cork(state->session); >-+if (more && !state->corked) gnutls_record_cork(state->session); >- #endif >- >- DEBUG(D_tls) debug_printf("%s(%p, " SIZE_T_FMT "%s)\n", __FUNCTION__, >-@@ -3352,10 +3355,10 @@ if (len > INT_MAX) >- } >- >- #ifdef SUPPORT_CORK >--if (more != corked) >-+if (more != state->corked) >- { >- if (!more) (void) gnutls_record_uncork(state->session, 0); >-- corked = more; >-+ state->corked = more; >- } >- #endif >- >--- >-2.24.1 >- > >Property changes on: files/74_27-GnuTLS-fix-hanging-callout-connections.patch >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/patch-src-auths-call_radius.c >=================================================================== >--- files/patch-src-auths-call_radius.c (revision 537457) >+++ files/patch-src-auths-call_radius.c (working copy) >@@ -1,6 +1,6 @@ >---- src/auths/call_radius.c.orig 2019-12-08 12:53:48 UTC >-+++ src/auths/call_radius.c >-@@ -112,37 +112,37 @@ rc_openlog("exim"); >+--- src/auths/call_radius.c.orig 2020-05-30 22:35:38.000000000 +0200 >++++ src/auths/call_radius.c 2020-06-01 19:54:14.402105000 +0200 >+@@ -113,37 +113,37 @@ > > #ifdef RADIUS_LIB_RADIUSCLIENT > if (rc_read_config(RADIUS_CONFIG_FILE) != 0) >@@ -8,58 +8,58 @@ > + *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE); > > else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) >-- *errptr = string_sprintf("RADIUS: can't read dictionary"); >+- *errptr = US"RADIUS: can't read dictionary"; > + *errptr = string_sprintf("%s", "RADIUS: can't read dictionary"); > >- else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL) >-- *errptr = string_sprintf("RADIUS: add user name failed\n"); >+ else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0)) >+- *errptr = US"RADIUS: add user name failed"; > + *errptr = string_sprintf("%s", "RADIUS: add user name failed\n"); > >- else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL) >-- *errptr = string_sprintf("RADIUS: add password failed\n"); >+ else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0)) >+- *errptr = US"RADIUS: add password failed"); > + *errptr = string_sprintf("%s", "RADIUS: add password failed\n"); > >- else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL) >-- *errptr = string_sprintf("RADIUS: add service type failed\n"); >+ else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) >+- *errptr = US"RADIUS: add service type failed"; > + *errptr = string_sprintf("%s", "RADIUS: add service type failed\n"); > > #else /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */ > >- if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL) >+ if (!(h = rc_read_config(RADIUS_CONFIG_FILE))) > - *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE); > + *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE); > > else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0) >-- *errptr = string_sprintf("RADIUS: can't read dictionary"); >+- *errptr = US"RADIUS: can't read dictionary"; > + *errptr = string_sprintf("%s", "RADIUS: can't read dictionary"); > >- else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL) >-- *errptr = string_sprintf("RADIUS: add user name failed\n"); >+ else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0)) >+- *errptr = US"RADIUS: add user name failed"; > + *errptr = string_sprintf("%s", "RADIUS: add user name failed\n"); > >- else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args, >- Ustrlen(radius_args), 0) == NULL) >-- *errptr = string_sprintf("RADIUS: add password failed\n"); >+ else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args, >+ Ustrlen(radius_args), 0)) >+- *errptr = US"RADIUS: add password failed"; > + *errptr = string_sprintf("%s", "RADIUS: add password failed\n"); > >- else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL) >-- *errptr = string_sprintf("RADIUS: add service type failed\n"); >+ else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0)) >+- *errptr = US"RADIUS: add service type failed"; > + *errptr = string_sprintf("%s", "RADIUS: add service type failed\n"); > > #endif /* RADIUS_LIB_RADIUSCLIENT */ > >-@@ -175,7 +175,7 @@ switch (result) >+@@ -176,7 +176,7 @@ > >+ case BADRESP_RC: > default: >- case BADRESP_RC: >-- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); >-+ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); >- return ERROR; >+- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); >++ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); >+ return ERROR; > } > >-@@ -186,7 +186,7 @@ switch (result) >- h = rad_auth_open(); >- if (h == NULL) >+@@ -186,7 +186,7 @@ >+ >+ if (!(h = rad_auth_open())) > { > - *errptr = string_sprintf("RADIUS: can't initialise libradius"); > + *errptr = string_sprintf("%s", "RADIUS: can't initialise libradius"); >@@ -66,7 +66,7 @@ > return ERROR; > } > if (rad_config(h, RADIUS_CONFIG_FILE) != 0 || >-@@ -196,7 +196,7 @@ if (rad_config(h, RADIUS_CONFIG_FILE) != 0 || >+@@ -196,7 +196,7 @@ > rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 || > rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0) > { >@@ -75,18 +75,18 @@ > result = ERROR; > } > else >-@@ -214,12 +214,12 @@ else >- break; >+@@ -211,12 +211,12 @@ >+ break; > > case -1: >-- *errptr = string_sprintf("RADIUS: %s", rad_strerror(h)); >-+ *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h)); >- result = ERROR; >- break; >+- *errptr = string_sprintf("RADIUS: %s", rad_strerror(h)); >++ *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h)); >+ result = ERROR; >+ break; > > default: >-- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); >-+ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); >- result= ERROR; >- break; >+- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); >++ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); >+ result= ERROR; >+ break; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=215147">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 246922
: 215147