rpms
/
exim
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New version 

Resolves: rhbz#1428141
Switched to xz archive
Dropped DKIM-fix patch (already upstream)
This commit is contained in:
Jaroslav Škarvada 2017-03-10 13:29:26 +01:00
parent 1332a1979d
commit 69bc0d0ccf
5 changed files with 42 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

630
exim-4.88-DKIM-fix.patch
View File

@ -1,630 +0,0 @@
diff --git a/src/auths/get_data.c b/src/auths/get_data.c
index f839a01..11bc581 100644
--- a/src/auths/get_data.c
+++ b/src/auths/get_data.c
@@ -31,7 +31,7 @@ auth_get_data(uschar **aptr, uschar *challenge, int challen)
int c;
int p = 0;
smtp_printf("334 %s\r\n", b64encode(challenge, challen));
-while ((c = receive_getc()) != '\n' && c != EOF)
+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
{
if (p >= big_buffer_size - 1) return BAD64;
big_buffer[p++] = c;
diff --git a/src/auths/get_no64_data.c b/src/auths/get_no64_data.c
index d3ffe08..71e7139 100644
--- a/src/auths/get_no64_data.c
+++ b/src/auths/get_no64_data.c
@@ -32,7 +32,7 @@ auth_get_no64_data(uschar **aptr, uschar *challenge)
int c;
int p = 0;
smtp_printf("334 %s\r\n", challenge);
-while ((c = receive_getc()) != '\n' && c != EOF)
+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF)
{
if (p >= big_buffer_size - 1) return BAD64;
big_buffer[p++] = c;
diff --git a/src/dkim.c b/src/dkim.c
index 70c9547..445d246 100644
--- a/src/dkim.c
+++ b/src/dkim.c
@@ -18,6 +18,7 @@ int dkim_verify_oldpool;
pdkim_ctx *dkim_verify_ctx = NULL;
pdkim_signature *dkim_signatures = NULL;
pdkim_signature *dkim_cur_sig = NULL;
+static BOOL dkim_collect_error = FALSE;
static int
dkim_exim_query_dns_txt(char *name, char *answer)
@@ -87,6 +88,7 @@ if (dkim_verify_ctx)
dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
dkim_collect_input = !!dkim_verify_ctx;
+dkim_collect_error = FALSE;
/* Start feed up with any cached data */
receive_get_cache();
@@ -106,6 +108,7 @@ if ( dkim_collect_input
{
log_write(0, LOG_MAIN,
"DKIM: validation error: %.100s", pdkim_errstr(rc));
+ dkim_collect_error = TRUE;
dkim_collect_input = FALSE;
}
store_pool = dkim_verify_oldpool;
@@ -127,11 +130,7 @@ store_pool = POOL_PERM;
dkim_signatures = NULL;
-/* If we have arrived here with dkim_collect_input == FALSE, it
-means there was a processing error somewhere along the way.
-Log the incident and disable futher verification. */
-
-if (!dkim_collect_input)
+if (dkim_collect_error)
{
log_write(0, LOG_MAIN,
"DKIM: Error while running this message through validation,"
diff --git a/src/functions.h b/src/functions.h
index 04d9410..9c60090 100644
--- a/src/functions.h
+++ b/src/functions.h
@@ -55,7 +55,7 @@ extern int tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
extern int tls_ferror(void);
extern void tls_free_cert(void **);
-extern int tls_getc(void);
+extern int tls_getc(unsigned);
extern void tls_get_cache(void);
extern int tls_import_cert(const uschar *, void **);
extern int tls_read(BOOL, uschar *, size_t);
@@ -101,7 +101,7 @@ extern int auth_xtextdecode(uschar *, uschar **);
extern uschar *b64encode(uschar *, int);
extern int b64decode(uschar *, uschar **);
-extern int bdat_getc(void);
+extern int bdat_getc(unsigned);
extern void bits_clear(unsigned int *, size_t, int *);
extern void bits_set(unsigned int *, size_t, int *);
@@ -395,7 +395,7 @@ extern uschar *smtp_get_connection_info(void);
extern BOOL smtp_get_interface(uschar *, int, address_item *,
uschar **, uschar *);
extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *);
-extern int smtp_getc(void);
+extern int smtp_getc(unsigned);
extern void smtp_get_cache(void);
extern int smtp_handle_acl_fail(int, int, uschar *, uschar *);
extern void smtp_log_no_mail(void);
@@ -421,7 +421,7 @@ extern int spool_open_datafile(uschar *);
extern int spool_open_temp(uschar *);
extern int spool_read_header(uschar *, BOOL, BOOL);
extern int spool_write_header(uschar *, int, uschar **);
-extern int stdin_getc(void);
+extern int stdin_getc(unsigned);
extern int stdin_feof(void);
extern int stdin_ferror(void);
extern int stdin_ungetc(int);
diff --git a/src/globals.c b/src/globals.c
index c722059..649335f 100644
--- a/src/globals.c
+++ b/src/globals.c
@@ -187,9 +187,9 @@ incoming TCP/IP. The defaults use stdin. We never need these for any
stand-alone tests. */
#ifndef STAND_ALONE
-int (*lwr_receive_getc)(void) = stdin_getc;
+int (*lwr_receive_getc)(unsigned) = stdin_getc;
int (*lwr_receive_ungetc)(int) = stdin_ungetc;
-int (*receive_getc)(void) = stdin_getc;
+int (*receive_getc)(unsigned) = stdin_getc;
void (*receive_get_cache)(void)= NULL;
int (*receive_ungetc)(int) = stdin_ungetc;
int (*receive_feof)(void) = stdin_feof;
diff --git a/src/globals.h b/src/globals.h
index e3dd507..344f8ef 100644
--- a/src/globals.h
+++ b/src/globals.h
@@ -141,9 +141,9 @@ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. */
-extern int (*lwr_receive_getc)(void);
+extern int (*lwr_receive_getc)(unsigned);
extern int (*lwr_receive_ungetc)(int);
-extern int (*receive_getc)(void);
+extern int (*receive_getc)(unsigned);
extern void (*receive_get_cache)(void);
extern int (*receive_ungetc)(int);
extern int (*receive_feof)(void);
diff --git a/src/macros.h b/src/macros.h
index 1b7cf4a..c8957d8 100644
--- a/src/macros.h
+++ b/src/macros.h
@@ -968,5 +968,9 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE };
#define PEER_OFFERED_SIZE BIT(6)
#define PEER_OFFERED_CHUNKING BIT(7)
+/* Argument for *_getc */
+
+#define GETC_BUFFER_UNLIMITED UINT_MAX
+
/* End of macros.h */
diff --git a/src/pdkim/pdkim.c b/src/pdkim/pdkim.c
index 7bfcdf4..bcc3f09 100644
--- a/src/pdkim/pdkim.c
+++ b/src/pdkim/pdkim.c
@@ -962,6 +962,11 @@ if (ctx->flags & PDKIM_MODE_SIGN)
/* DKIM-Signature: headers are added to the verification list */
else
{
+ DEBUG(D_acl)
+ {
+ debug_printf("PDKIM >> raw hdr: ");
+ pdkim_quoteprint(CUS ctx->cur_header, Ustrlen(ctx->cur_header));
+ }
if (strncasecmp(CCS ctx->cur_header,
DKIM_SIGNATURE_HEADERNAME,
Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0)
diff --git a/src/receive.c b/src/receive.c
index e535876..9155cf1 100644
--- a/src/receive.c
+++ b/src/receive.c
@@ -37,7 +37,7 @@ the file. (When SMTP input is occurring, different functions are used by
changing the pointer variables.) */
int
-stdin_getc(void)
+stdin_getc(unsigned lim)
{
return getc(stdin);
}
@@ -626,7 +626,7 @@ if (!dot_ends)
{
register int last_ch = '\n';
- for (; (ch = (receive_getc)()) != EOF; last_ch = ch)
+ for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch)
{
if (ch == 0) body_zerocount++;
if (last_ch == '\r' && ch != '\n')
@@ -668,7 +668,7 @@ if (!dot_ends)
ch_state = 1;
-while ((ch = (receive_getc)()) != EOF)
+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
{
if (ch == 0) body_zerocount++;
switch (ch_state)
@@ -786,7 +786,7 @@ int ch_state = 0;
int ch;
int linelength = 0;
-while ((ch = (receive_getc)()) != EOF)
+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF)
{
if (ch == 0) body_zerocount++;
switch (ch_state)
@@ -913,7 +913,7 @@ read_message_bdat_smtp(FILE *fout)
int ch;
int linelength = 0;
-for (;;) switch (ch = bdat_getc())
+for (;;) switch (ch = bdat_getc(GETC_BUFFER_UNLIMITED))
{
case EOF: return END_EOF;
case EOD: return END_DOT;
@@ -1682,7 +1682,7 @@ next->text. */
for (;;)
{
- int ch = (receive_getc)();
+ int ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
/* If we hit EOF on a SMTP connection, it's an error, since incoming
SMTP must have a correct "." terminator. */
@@ -1761,10 +1761,10 @@ for (;;)
if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
{
- ch = (receive_getc)();
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch == '\r')
{
- ch = (receive_getc)();
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch != '\n')
{
receive_ungetc(ch);
@@ -1795,7 +1795,7 @@ for (;;)
if (ch == '\r')
{
- ch = (receive_getc)();
+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (ch == '\n')
{
if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE;
@@ -1890,7 +1890,7 @@ for (;;)
if (ch != EOF)
{
- int nextch = (receive_getc)();
+ int nextch = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (nextch == ' ' || nextch == '\t')
{
next->text[ptr++] = nextch;
@@ -4024,7 +4024,7 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket &&
if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
{
- int c = (receive_getc)();
+ int c = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (c != EOF) (receive_ungetc)(c); else
{
smtp_notquit_exit(US"connection-lost", NULL, NULL);
diff --git a/src/smtp_in.c b/src/smtp_in.c
index 1484861..82900d9 100644
--- a/src/smtp_in.c
+++ b/src/smtp_in.c
@@ -44,11 +44,11 @@ The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and
we need room to handle large base64-encoded AUTHs for GSSAPI.
*/
-#define smtp_cmd_buffer_size 16384
+#define SMTP_CMD_BUFFER_SIZE 16384
/* Size of buffer for reading SMTP incoming packets */
-#define in_buffer_size 8192
+#define IN_BUFFER_SIZE 8192
/* Structure for SMTP command list */
@@ -301,7 +301,7 @@ static int smtp_had_error;
/* forward declarations */
int bdat_ungetc(int ch);
-static int smtp_read_command(BOOL check_sync);
+static int smtp_read_command(BOOL check_sync, unsigned buffer_lim);
static int synprot_error(int type, int code, uschar *data, uschar *errmess);
static void smtp_quit_handler(uschar **, uschar **);
static void smtp_rset_handler(void);
@@ -315,12 +315,12 @@ it flushes the output, and refills the buffer, with a timeout. The signal
handler is set appropriately by the calling function. This function is not used
after a connection has negotated itself into an TLS/SSL state.
-Arguments: none
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
*/
int
-smtp_getc(void)
+smtp_getc(unsigned lim)
{
if (smtp_inptr >= smtp_inend)
{
@@ -328,7 +328,10 @@ if (smtp_inptr >= smtp_inend)
if (!smtp_out) return EOF;
fflush(smtp_out);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size);
+
+ /* Limit amount read, so non-message data is not fed to DKIM */
+
+ rc = read(fileno(smtp_in), smtp_inbuffer, MIN(IN_BUFFER_SIZE, lim));
save_errno = errno;
alarm(0);
if (rc <= 0)
@@ -376,23 +379,26 @@ to handle the BDAT command/response.
Placed here due to the correlation with the above smtp_getc(), which it wraps,
and also by the need to do smtp command/response handling.
-Arguments: none
+Arguments: lim (ignored)
Returns: the next character or ERR, EOD or EOF
*/
int
-bdat_getc(void)
+bdat_getc(unsigned lim)
{
uschar * user_msg = NULL;
uschar * log_msg;
for(;;)
{
- if (chunking_data_left-- > 0)
- return lwr_receive_getc();
+ if (chunking_data_left > 0)
+ return lwr_receive_getc(chunking_data_left--);
receive_getc = lwr_receive_getc;
receive_ungetc = lwr_receive_ungetc;
+#ifndef DISABLE_DKIM
+ dkim_collect_input = FALSE;
+#endif
/* If not the last, ack the received chunk. The last response is delayed
until after the data ACL decides on it */
@@ -405,21 +411,22 @@ for(;;)
return EOD;
}
- chunking_state = CHUNKING_OFFERED;
smtp_printf("250 %u byte chunk received\r\n", chunking_datasize);
+ chunking_state = CHUNKING_OFFERED;
+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
/* Expect another BDAT cmd from input. RFC 3030 says nothing about
QUIT, RSET or NOOP but handling them seems obvious */
next_cmd:
- switch(smtp_read_command(TRUE))
+ switch(smtp_read_command(TRUE, 1))
{
default:
(void) synprot_error(L_smtp_protocol_error, 503, NULL,
US"only BDAT permissible after non-LAST BDAT");
repeat_until_rset:
- switch(smtp_read_command(TRUE))
+ switch(smtp_read_command(TRUE, 1))
{
case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */
case EOF_CMD: return EOF;
@@ -458,6 +465,8 @@ next_cmd:
chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
? CHUNKING_LAST : CHUNKING_ACTIVE;
chunking_data_left = chunking_datasize;
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ (int)chunking_state, chunking_data_left);
if (chunking_datasize == 0)
if (chunking_state == CHUNKING_LAST)
@@ -471,6 +480,9 @@ next_cmd:
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
+#ifndef DISABLE_DKIM
+ dkim_collect_input = TRUE;
+#endif
break; /* to top of main loop */
}
}
@@ -480,15 +492,18 @@ next_cmd:
static void
bdat_flush_data(void)
{
-while (chunking_data_left-- > 0)
- if (lwr_receive_getc() < 0)
+while (chunking_data_left > 0)
+ if (lwr_receive_getc(chunking_data_left--) < 0)
break;
receive_getc = lwr_receive_getc;
receive_ungetc = lwr_receive_ungetc;
if (chunking_state != CHUNKING_LAST)
+ {
chunking_state = CHUNKING_OFFERED;
+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state);
+ }
}
@@ -1126,13 +1141,14 @@ signal handler that closes down the session on a timeout. Control does not
return when it runs.
Arguments:
- check_sync if TRUE, check synchronization rules if global option is TRUE
+ check_sync if TRUE, check synchronization rules if global option is TRUE
+ buffer_lim maximum to buffer in lower layer
Returns: a code identifying the command (enumerated above)
*/
static int
-smtp_read_command(BOOL check_sync)
+smtp_read_command(BOOL check_sync, unsigned buffer_lim)
{
int c;
int ptr = 0;
@@ -1141,9 +1157,9 @@ BOOL hadnull = FALSE;
os_non_restarting_signal(SIGALRM, command_timeout_handler);
-while ((c = (receive_getc)()) != '\n' && c != EOF)
+while ((c = (receive_getc)(buffer_lim)) != '\n' && c != EOF)
{
- if (ptr >= smtp_cmd_buffer_size)
+ if (ptr >= SMTP_CMD_BUFFER_SIZE)
{
os_non_restarting_signal(SIGALRM, sigalrm_handler);
return OTHER_CMD;
@@ -1301,7 +1317,7 @@ tzero.tv_usec = 0;
rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero);
if (rc <= 0) return TRUE; /* Not ready to read */
-rc = smtp_getc();
+rc = smtp_getc(GETC_BUFFER_UNLIMITED);
if (rc < 0) return TRUE; /* End of file or error */
smtp_ungetc(rc);
@@ -1337,7 +1353,7 @@ if (smtp_in == NULL || smtp_batched_input) return;
receive_swallow_smtp();
smtp_printf("421 %s\r\n", message);
-for (;;) switch(smtp_read_command(FALSE))
+for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case EOF_CMD:
return;
@@ -1781,7 +1797,7 @@ while (done <= 0)
uschar *recipient = NULL;
int start, end, sender_domain, recipient_domain;
- switch(smtp_read_command(FALSE))
+ switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
/* The HELO/EHLO commands set sender_address_helo if they have
valid data; otherwise they are ignored, except that they do
@@ -2040,12 +2056,12 @@ acl_var_c = NULL;
/* Allow for trailing 0 in the command and data buffers. */
-if (!(smtp_cmd_buffer = US malloc(2*smtp_cmd_buffer_size + 2)))
+if (!(smtp_cmd_buffer = US malloc(2*SMTP_CMD_BUFFER_SIZE + 2)))
log_write(0, LOG_MAIN|LOG_PANIC_DIE,
"malloc() failed for SMTP command buffer");
smtp_cmd_buffer[0] = 0;
-smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1;
+smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1;
/* For batched input, the protocol setting can be overridden from the
command line by a trusted caller. */
@@ -2065,7 +2081,7 @@ else
/* Set up the buffer for inputting using direct read() calls, and arrange to
call the local functions instead of the standard C ones. */
-if (!(smtp_inbuffer = (uschar *)malloc(in_buffer_size)))
+if (!(smtp_inbuffer = (uschar *)malloc(IN_BUFFER_SIZE)))
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer");
receive_getc = smtp_getc;
@@ -3550,7 +3566,7 @@ while (done <= 0)
US &off, sizeof(off));
#endif
- switch(smtp_read_command(TRUE))
+ switch(smtp_read_command(TRUE, GETC_BUFFER_UNLIMITED))
{
/* The AUTH command is not permitted to occur inside a transaction, and may
occur successfully only once per connection. Actually, that isn't quite
@@ -4750,14 +4766,14 @@ while (done <= 0)
chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0
? CHUNKING_LAST : CHUNKING_ACTIVE;
chunking_data_left = chunking_datasize;
+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n",
+ (int)chunking_state, chunking_data_left);
lwr_receive_getc = receive_getc;
lwr_receive_ungetc = receive_ungetc;
receive_getc = bdat_getc;
receive_ungetc = bdat_ungetc;
- DEBUG(D_any)
- debug_printf("chunking state %d\n", (int)chunking_state);
goto DATA_BDAT;
}
@@ -4973,7 +4989,7 @@ while (done <= 0)
It seems safest to just wipe away the content rather than leave it as a
target to jump to. */
- memset(smtp_inbuffer, 0, in_buffer_size);
+ memset(smtp_inbuffer, 0, IN_BUFFER_SIZE);
/* Attempt to start up a TLS session, and if successful, discard all
knowledge that was obtained previously. At least, that's what the RFC says,
@@ -5027,7 +5043,7 @@ while (done <= 0)
set, but we must still reject all incoming commands. */
DEBUG(D_tls) debug_printf("TLS failed to start\n");
- while (done <= 0) switch(smtp_read_command(FALSE))
+ while (done <= 0) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED))
{
case EOF_CMD:
log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF",
@@ -5315,8 +5331,8 @@ while (done <= 0)
case BADSYN_CMD:
SYNC_FAILURE:
- if (smtp_inend >= smtp_inbuffer + in_buffer_size)
- smtp_inend = smtp_inbuffer + in_buffer_size - 1;
+ if (smtp_inend >= smtp_inbuffer + IN_BUFFER_SIZE)
+ smtp_inend = smtp_inbuffer + IN_BUFFER_SIZE - 1;
c = smtp_inend - smtp_inptr;
if (c > 150) c = 150;
smtp_inptr[c] = 0;
diff --git a/src/tls-gnu.c b/src/tls-gnu.c
index 10bfaca..181dde4 100644
--- a/src/tls-gnu.c
+++ b/src/tls-gnu.c
@@ -2158,12 +2158,12 @@ Only used by the server-side TLS.
This feeds DKIM and should be used for all message-body reads.
-Arguments: none
+Arguments: lim Maximum amount to read/bufffer
Returns: the next character or EOF
*/
int
-tls_getc(void)
+tls_getc(unsigned lim)
{
exim_gnutls_state_st *state = &state_server;
if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
@@ -2175,7 +2175,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
inbytes = gnutls_record_recv(state->session, state->xfer_buffer,
- ssl_xfer_buffer_size);
+ MIN(ssl_xfer_buffer_size, lim));
alarm(0);
/* Timeouts do not get this far; see command_timeout_handler().
@@ -2213,7 +2213,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm)
state->tlsp->peercert = NULL;
state->tlsp->peerdn = NULL;
- return smtp_getc();
+ return smtp_getc(lim);
}
/* Handle genuine errors */
diff --git a/src/tls-openssl.c b/src/tls-openssl.c
index d9426ac..0ac7d03 100644
--- a/src/tls-openssl.c
+++ b/src/tls-openssl.c
@@ -2360,14 +2360,14 @@ return OK;
/* This gets the next byte from the TLS input buffer. If the buffer is empty,
it refills the buffer via the SSL reading function.
-Arguments: none
+Arguments: lim Maximum amount to read/buffer
Returns: the next character or EOF
Only used by the server-side TLS.
*/
int
-tls_getc(void)
+tls_getc(unsigned lim)
{
if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
{
@@ -2378,7 +2378,8 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
ssl_xfer_buffer, ssl_xfer_buffer_size);
if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout);
- inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size);
+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer,
+ MIN(ssl_xfer_buffer_size, lim));
error = SSL_get_error(server_ssl, inbytes);
alarm(0);
@@ -2405,7 +2406,7 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm)
tls_in.peerdn = NULL;
tls_in.sni = NULL;
- return smtp_getc();
+ return smtp_getc(lim);
}
/* Handle genuine errors */

41
exim-4.88-config.patch → exim-4.89-config.patch
View File

@ -1,4 +1,4 @@
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
index 3e486a6..6c4afec 100755
--- a/scripts/Configure-Makefile
+++ b/scripts/Configure-Makefile
@ -11,8 +11,8 @@ index 3e486a6..6c4afec 100755
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
echo "" >>$mft
cat $mftt >> $mft
diff --git a/src/src/EDITME b/src/src/EDITME
index 6929346..5a08197 100644
diff --git a/src/EDITME b/src/EDITME
index df74aac..0caf02d 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -98,7 +98,7 @@
@ -123,7 +123,7 @@ index 6929346..5a08197 100644
#------------------------------------------------------------------------------
@@ -622,16 +624,14 @@ FIXED_NEVER_USERS=root
@@ -622,17 +624,14 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
@ -134,6 +134,7 @@ index 6929346..5a08197 100644
-# AUTH_GSASL_PC=libgsasl
-# AUTH_HEIMDAL_GSSAPI=yes
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
-# AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
-# AUTH_TLS=yes
@ -146,9 +147,9 @@ index 6929346..5a08197 100644
+AUTH_SPA=yes
+AUTH_TLS=yes
#------------------------------------------------------------------------------
@@ -652,7 +652,7 @@ FIXED_NEVER_USERS=root
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
# requires multiple pkg-config files to work with Exim, so the second example
@@ -656,7 +655,7 @@ FIXED_NEVER_USERS=root
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
@ -157,7 +158,7 @@ index 6929346..5a08197 100644
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -672,7 +672,7 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -676,7 +675,7 @@ HEADERS_CHARSET="ISO-8859-1"
# the Sieve filter support. For those OS where iconv() is known to be installed
# as standard, the file in OS/Makefile-xxxx contains
#
@ -166,7 +167,7 @@ index 6929346..5a08197 100644
#
# If you are not using one of those systems, but have installed iconv(), you
# need to uncomment that line above. In some cases, you may find that iconv()
@@ -734,11 +734,11 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -745,11 +744,11 @@ HEADERS_CHARSET="ISO-8859-1"
# leave these settings commented out.
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
@ -181,7 +182,7 @@ index 6929346..5a08197 100644
# Uncomment the first and either the second or the third of these if you
# are using GnuTLS. If you have pkg-config, then the second, else the third.
@@ -807,7 +807,7 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -818,7 +817,7 @@ HEADERS_CHARSET="ISO-8859-1"
# Once you have done this, "make install" will build the info files and
# install them in the directory you have defined.
@ -190,7 +191,7 @@ index 6929346..5a08197 100644
#------------------------------------------------------------------------------
@@ -820,7 +820,7 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -831,7 +830,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
@ -199,7 +200,7 @@ index 6929346..5a08197 100644
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -892,7 +892,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -903,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
@ -208,7 +209,7 @@ index 6929346..5a08197 100644
#------------------------------------------------------------------------------
@@ -902,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -913,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
@ -217,7 +218,7 @@ index 6929346..5a08197 100644
#------------------------------------------------------------------------------
@@ -912,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -923,7 +922,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
@ -226,7 +227,7 @@ index 6929346..5a08197 100644
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
@@ -1006,7 +1006,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -1021,7 +1020,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# group. Once you have installed saslauthd, you should arrange for it to be
# started by root at boot time.
@ -235,7 +236,7 @@ index 6929346..5a08197 100644
#------------------------------------------------------------------------------
@@ -1019,9 +1019,9 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -1034,9 +1033,9 @@ ZCAT_COMMAND=/usr/bin/zcat
# You may well also have to specify a local "include" file and an additional
# library for TCP wrappers, so you probably need something like this:
#
@ -248,7 +249,7 @@ index 6929346..5a08197 100644
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
@@ -1073,7 +1073,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
@@ -1088,7 +1087,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# is "yes", as well as supporting line editing, a history of input lines in the
# current run is maintained.
@ -257,7 +258,7 @@ index 6929346..5a08197 100644
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
# Note that this option adds to the size of the Exim binary, because the
@@ -1083,7 +1083,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
@@ -1098,7 +1097,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
@ -266,7 +267,7 @@ index 6929346..5a08197 100644
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION #
@@ -1104,13 +1104,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
@@ -1119,13 +1118,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
@ -287,7 +288,7 @@ index 6929346..5a08197 100644
#------------------------------------------------------------------------------
@@ -1312,7 +1312,7 @@ EXIM_TMPDIR="/tmp"
@@ -1327,7 +1326,7 @@ EXIM_TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:

14
exim-4.88-dlopen-localscan.patch → exim-4.89-dlopen-localscan.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/EDITME b/src/EDITME
index 5a08197..3921db6 100644
index 0caf02d..6957546 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -792,6 +792,20 @@ TLS_LIBS=-lssl -lcrypto
@@ -802,6 +802,20 @@ TLS_LIBS=-lssl -lcrypto
#------------------------------------------------------------------------------
@ -24,7 +24,7 @@ index 5a08197..3921db6 100644
# documentation. Other forms are available separately. If you want to install
# the documentation in "info" format, first fetch the Texinfo documentation
diff --git a/src/config.h.defaults b/src/config.h.defaults
index bafdc1b..c6ba256 100644
index 58e1813..9b18f98 100644
--- a/src/config.h.defaults
+++ b/src/config.h.defaults
@@ -28,6 +28,8 @@ it's a default value. */
@ -37,7 +37,7 @@ index bafdc1b..c6ba256 100644
#define CONFIGURE_FILE
diff --git a/src/globals.c b/src/globals.c
index f83d850..c722059 100644
index 79ac37f..b7d690f 100644
--- a/src/globals.c
+++ b/src/globals.c
@@ -167,6 +167,10 @@ uschar *tls_verify_hosts = NULL;
@ -52,7 +52,7 @@ index f83d850..c722059 100644
/* Per Recipient Data Response variables */
BOOL prdr_enable = FALSE;
diff --git a/src/globals.h b/src/globals.h
index b3747a8..e3dd507 100644
index 340f1ae..4b65781 100644
--- a/src/globals.h
+++ b/src/globals.h
@@ -126,6 +126,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
@ -251,10 +251,10 @@ index 3500047..8599172 100644
+
/* End of local_scan.c */
diff --git a/src/readconf.c b/src/readconf.c
index b2a3c73..6f2efa0 100644
index 790f073..6e88bcd 100644
--- a/src/readconf.c
+++ b/src/readconf.c
@@ -314,6 +314,9 @@ static optionlist optionlist_config[] = {
@@ -318,6 +318,9 @@ static optionlist optionlist_config[] = {
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
{ "local_interfaces", opt_stringptr, &local_interfaces },

2
exim-4.87-environment.patch → exim-4.89-environment.patch
View File

@ -2,7 +2,7 @@ diff --git a/src/configure.default b/src/configure.default
--- a/src/configure.default
+++ b/src/configure.default
@@ -357,8 +357,8 @@ timeout_frozen_after = 7d
# Note that TZ is handled separateley by the timezone runtime option
# Note that TZ is handled separately by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option.
-# keep_environment = ^LDAP

24
exim.spec
View File

@ -14,8 +14,8 @@
Summary: The exim mail transfer agent
Name: exim
Version: 4.88
Release: 3%{?dist}
Version: 4.89
Release: 1%{?dist}
License: GPLv2+
Url: http://www.exim.org/
Group: System Environment/Daemons
@ -29,7 +29,7 @@ Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
Requires: initscripts
BuildRequires: clamav-devel
%endif
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
Source2: exim.init
Source3: exim.sysconfig
Source4: exim.logrotate
@ -53,12 +53,12 @@ Source26: clamd.exim.service
%endif
Patch4: exim-4.88-rhl.patch
Patch6: exim-4.88-config.patch
Patch6: exim-4.89-config.patch
Patch8: exim-4.82-libdir.patch
Patch12: exim-4.88-cyrus.patch
Patch13: exim-4.88-pamconfig.patch
Patch14: exim-4.87-spamdconf.patch
Patch18: exim-4.88-dlopen-localscan.patch
Patch18: exim-4.89-dlopen-localscan.patch
Patch19: exim-4.88-procmail.patch
Patch20: exim-4.88-allow-filter.patch
Patch21: exim-4.87-localhost-is-local.patch
@ -67,10 +67,7 @@ Patch23: exim-4.88-smarthost-config.patch
Patch25: exim-4.87-dynlookup-config.patch
# Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584
Patch26: exim-4.85-pic.patch
Patch27: exim-4.87-environment.patch
# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=2016
# Upsream patch: https://git.exim.org/exim.git/patch/bd8fbe3606d80e5a3fc02fe71b521146c6938448
Patch28: exim-4.88-DKIM-fix.patch
Patch27: exim-4.89-environment.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: /etc/aliases
@ -229,7 +226,6 @@ greylisting unconditional.
%patch25 -p1 -b .dynconfig
%patch26 -p1 -b .fpic
%patch27 -p1 -b .environment
%patch28 -p1 -b .DKIM-fix
cp src/EDITME Local/Makefile
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@ -514,7 +510,7 @@ fi
%config(noreplace) %{_sysconfdir}/pam.d/exim
%{_sysconfdir}/cron.daily/exim-tidydb
%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README
%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README
%doc doc util/unknownuser.sh
%attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/certs/exim.pem
@ -622,6 +618,12 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
%{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog
* Wed Mar 8 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-1
- New version
Resolves: rhbz#1428141
- Switched to xz archive
- Dropped DKIM-fix patch (already upstream)
* Mon Jan 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-3
- Fixed DKIM
- Defuzzified patches and fixed some whitespaces