Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: ex...@packages.debian.org Control: affects -1 + src:exim4
Hello, I would like to get most of the changes from 4.96-16 (unstable/testing) into bookworm: * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion. Previously, when an argument included a close-brace character (eg. it itself used an expansion) an error occurred. Closes: #1025420 * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT master: Fix ${srs_encode ..}. Previously it would give a bad result for one day every 1024 days. The former is something has already popped up a couple of times on the upstream user support mailing list. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff --git a/debian/changelog b/debian/changelog index fbbb8c20..0231dc69 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +exim4 (4.96-15+deb12u1) bookworm; urgency=medium + + * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by + Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion. + Previously, when an argument included a close-brace character (eg. it + itself used an expansion) an error occurred. Closes: #1025420 + * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT + master: Fix ${srs_encode ..}. Previously it would give a bad result for + one day every 1024 days. + + -- Andreas Metzler <ametz...@debian.org> Sun, 02 Jul 2023 14:56:17 +0200 + exim4 (4.96-15) unstable; urgency=medium * Pull from upstream GIT master: diff --git a/debian/patches/75_42-Fix-run-arg-parsing.patch b/debian/patches/75_42-Fix-run-arg-parsing.patch new file mode 100644 index 00000000..79e55d61 --- /dev/null +++ b/debian/patches/75_42-Fix-run-arg-parsing.patch @@ -0,0 +1,100 @@ +From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146...@wizmail.org> +Date: Sat, 3 Dec 2022 23:13:53 +0000 +Subject: [PATCH] Fix ${run } arg parsing + . + Backported by Bryce Harrington for Ubuntu + +Broken-by: cfe6acff2ddc +--- + doc/ChangeLog | 4 ++++ + src/expand.c | 13 ++++++++++--- + src/transport.c | 4 +++- + test/scripts/0000-Basic/0002 | 2 ++ + test/stdout/0002 | 2 ++ + 5 files changed, 21 insertions(+), 4 deletions(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -28,10 +28,14 @@ JH/13 Bug 2929: Fix using $recipients af + JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96 + a capture group which obtained no text (eg. "(abc)*" matching zero + occurrences) could cause a segfault if the corresponding $<n> was + expanded. + ++JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument ++ included a close-brace character (eg. it itself used an expansion) an ++ error occurred. ++ + + + Exim version 4.96 + ----------------- + +--- a/src/expand.c ++++ b/src/expand.c +@@ -5529,11 +5529,11 @@ while (*s) + { + FILE * f; + const uschar * arg, ** argv; + BOOL late_expand = TRUE; + +- if ((expand_forbid & RDO_RUN) != 0) ++ if (expand_forbid & RDO_RUN) + { + expand_string_message = US"running a command is not permitted"; + goto EXPAND_FAILED; + } + +@@ -5561,16 +5561,22 @@ while (*s) + } + s++; + + if (late_expand) /* this is the default case */ + { +- int n = Ustrcspn(s, "}"); ++ int n; ++ const uschar * t; ++ /* Locate the end of the args */ ++ (void) expand_string_internal(s, TRUE, &t, TRUE, TRUE, NULL); ++ n = t - s; + arg = skipping ? NULL : string_copyn(s, n); + s += n; + } + else + { ++ DEBUG(D_expand) ++ debug_printf_indent("args string for ${run} expand before split\n"); + if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok))) + goto EXPAND_FAILED; + Uskip_whitespace(&s); + } + /*{*/ +--- a/src/transport.c ++++ b/src/transport.c +@@ -2187,10 +2187,12 @@ if (expand_arguments) + BOOL allow_dollar_recipients = addr && addr->parent + && Ustrcmp(addr->parent->address, "system-filter") == 0; + + for (int i = 0; argv[i]; i++) + { ++ DEBUG(D_expand) debug_printf_indent("arg %d\n", i); ++ + /* Handle special fudge for passing an address list */ + + if (addr && + (Ustrcmp(argv[i], "$pipe_addresses") == 0 || + Ustrcmp(argv[i], "${pipe_addresses}") == 0)) +@@ -2361,11 +2363,11 @@ if (expand_arguments) + } + else *errptr = msg; + return FALSE; + } + +- if ( f.running_in_test_harness && is_tainted(expanded_arg) ++ if ( f.running_in_test_harness && is_tainted(expanded_arg) + && Ustrcmp(etext, "queryprogram router") == 0) + { /* hack, would be good to not need it */ + DEBUG(D_transport) + debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n", + expanded_arg); diff --git a/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch b/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch index 5992faca..55c983e4 100644 --- a/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch +++ b/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch @@ -19,11 +19,11 @@ Broken-by: d12746bc15d8 --- a/doc/ChangeLog +++ b/doc/ChangeLog -@@ -28,10 +28,15 @@ JH/13 Bug 2929: Fix using $recipients af - JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96 - a capture group which obtained no text (eg. "(abc)*" matching zero - occurrences) could cause a segfault if the corresponding $<n> was - expanded. +@@ -32,10 +32,15 @@ JH/14 Bug 2933: Fix regex substring matc + + JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument + included a close-brace character (eg. it itself used an expansion) an + error occurred. +JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line + was exactly sized compared to the log buffer, a crash occurred with the diff --git a/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch b/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch new file mode 100644 index 00000000..dddd5e9a --- /dev/null +++ b/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch @@ -0,0 +1,62 @@ +From 51f9c07cd341c9c1a09b3816df988c6f44477c99 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146...@wizmail.org> +Date: Tue, 11 Apr 2023 11:59:08 +0100 +Subject: [PATCH] Fix ${srs_encode ..} for mod-1024 day zero + +--- + doc/ChangeLog | 3 +++ + src/expand.c | 10 ++++------ + 2 files changed, 7 insertions(+), 6 deletions(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -54,10 +54,13 @@ JH/20 Fix TLSA lookups. Previously dns_ + + JH/23 Fix crash in string expansions. Previously, if an empty variable was + immediately followed by an expansion operator, a null-indirection read + was done, killing the process. + ++JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day ++ every 1024 days. ++ + + Exim version 4.96 + ----------------- + + JH/01 Move the wait-for-next-tick (needed for unique message IDs) from +--- a/src/expand.c ++++ b/src/expand.c +@@ -3440,11 +3440,11 @@ switch(cond_type = identify_operator(&s, + case 3: return NULL; + } + + /* Match the given local_part against the SRS-encoded pattern */ + +- re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$", ++ re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]{2})=([^=]*)=(.*)$", + TRUE, FALSE); + md = pcre2_match_data_create(4+1, pcre_gen_ctx); + if (pcre2_match(re, sub[0], PCRE2_ZERO_TERMINATED, 0, PCRE_EOPT, + md, pcre_mtc_ctx) < 0) + { +@@ -6957,17 +6957,15 @@ while (*s) + + /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */ + { + struct timeval now; + unsigned long i; +- gstring * h = NULL; + + gettimeofday(&now, NULL); +- for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5) +- h = string_catn(h, &base32_chars[i & 0x1f], 1); +- if (h) while (h->ptr > 0) +- g = string_catn(g, &h->s[--h->ptr], 1); ++ i = (now.tv_sec / 86400) & 0x3ff; ++ g = string_catn(g, &base32_chars[i >> 5], 1); ++ g = string_catn(g, &base32_chars[i & 0x1f], 1); + } + g = string_catn(g, US"=", 1); + + /* ${domain:$return_path}=${local_part:$return_path} */ + { diff --git a/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch b/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch index 16b7d6fe..4a2e3b54 100644 --- a/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch +++ b/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch @@ -10,12 +10,12 @@ Subject: [PATCH 1/3] Fix variable initialisation in smtp transport. Bug 2996 --- a/doc/ChangeLog +++ b/doc/ChangeLog -@@ -54,10 +54,18 @@ JH/20 Fix TLSA lookups. Previously dns_ - - JH/23 Fix crash in string expansions. Previously, if an empty variable was - immediately followed by an expansion operator, a null-indirection read +@@ -61,10 +61,18 @@ JH/23 Fix crash in string expansions. Pr was done, killing the process. + JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day + every 1024 days. + +JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the + message being considered for delivery was already being handled by + another process, and having an SMTP connection already open, the function diff --git a/debian/patches/series b/debian/patches/series index 62ab922b..2c94584d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -22,6 +22,7 @@ 75_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch 75_37-OpenSSL-when-preloading-creds-do-the-server-certs-be.patch 75_38-OpenSSL-fix-double-expansion-of-tls_verify_certifica.patch +75_42-Fix-run-arg-parsing.patch 75_50-Fix-logging-of-max-size-log-line.patch 75_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch 75_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch @@ -30,5 +31,6 @@ 75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch 75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch 75_66-Fix-crash-in-expansions.patch +75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch 90_localscan_dlopen.dpatch
signature.asc
Description: PGP signature