Merge updates from debian/bookworm

6177c1d7 · Dylan Aïssi · e1694291 · efe1a5c7 · 6177c1d7 · 6177c1d7
Commit 6177c1d7 authored 1 year ago by Dylan Aïssi
--- a/debian/changelog
+++ b/debian/changelog
+exim4 (4.96-15+deb12u1) bookworm; urgency=medium
+
+  * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
+    Bryce Harrington for Ubuntu):  Fix argument parsing for ${run } expansion.
+    Previously, when an argument included a close-brace character (eg. it
+    itself used an expansion) an error occurred. Closes: #1025420
+  * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
+    master:  Fix ${srs_encode ..}. Previously it would give a bad result for
+    one day every 1024 days.
+
+ -- Andreas Metzler <ametzler@debian.org>  Sun, 02 Jul 2023 14:56:17 +0200
+
+exim4 (4.96-15) unstable; urgency=medium
+
+  * Pull from upstream GIT master:
+    + 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+      Fix a crash in the smtp transport.
+      https://bugs.exim.org/show_bug.cgi?id=2996
+
+ -- Andreas Metzler <ametzler@debian.org>  Wed, 10 May 2023 18:30:35 +0200
+
 exim4 (4.96-14+apertis1) apertis; urgency=medium

  * Add license configuration

--- a/debian/patches/75_42-Fix-run-arg-parsing.patch
+++ b/debian/patches/75_42-Fix-run-arg-parsing.patch
@@ -2,6 +2,8 @@ From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001
 From: Jeremy Harris <jgh146exb@wizmail.org>
 Date: Sat, 3 Dec 2022 23:13:53 +0000
 Subject: [PATCH] Fix ${run } arg parsing
+ .
+  Backported by Bryce Harrington for Ubuntu

 Broken-by: cfe6acff2ddc
 ---
@@ -14,7 +16,7 @@ Broken-by: cfe6acff2ddc

 --- a/doc/ChangeLog
 +++ b/doc/ChangeLog
-@@ -28,10 +28,14 @@
+@@ -28,10 +28,14 @@ JH/13 Bug 2929: Fix using $recipients af
 JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
       a capture group which obtained no text (eg. "(abc)*" matching zero
       occurrences) could cause a segfault if the corresponding $<n> was
@@ -31,7 +33,7 @@ Broken-by: cfe6acff2ddc
 
 --- a/src/expand.c
 +++ b/src/expand.c
-@@ -5529,11 +5529,11 @@
+@@ -5529,11 +5529,11 @@ while (*s)
       {
       FILE * f;
       const uschar * arg, ** argv;
@@ -44,7 +46,7 @@ Broken-by: cfe6acff2ddc
         goto EXPAND_FAILED;
         }
 
-@@ -5561,16 +5561,23 @@
+@@ -5561,16 +5561,22 @@ while (*s)
 	}
       s++;
 
@@ -54,8 +56,7 @@ Broken-by: cfe6acff2ddc
 +	int n;
 +	const uschar * t;
 +	/* Locate the end of the args */
-+	(void) expand_string_internal(s,
-+	  ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, &t, NULL, NULL);
+	(void) expand_string_internal(s, TRUE, &t, TRUE, TRUE, NULL);
 +	n = t - s;
 	arg = skipping ? NULL : string_copyn(s, n);
 	s += n;
@@ -71,7 +72,7 @@ Broken-by: cfe6acff2ddc
 							/*{*/
 --- a/src/transport.c
 +++ b/src/transport.c
-@@ -2187,10 +2187,12 @@
+@@ -2187,10 +2187,12 @@ if (expand_arguments)
   BOOL allow_dollar_recipients = addr && addr->parent
     && Ustrcmp(addr->parent->address, "system-filter") == 0;
 
@@ -84,7 +85,7 @@ Broken-by: cfe6acff2ddc
     if (addr &&
         (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
          Ustrcmp(argv[i], "${pipe_addresses}") == 0))
-@@ -2361,11 +2363,11 @@
+@@ -2361,11 +2363,11 @@ if (expand_arguments)
           }
         else *errptr = msg;
         return FALSE;

--- a/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch
+++ b/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch
@@ -19,11 +19,11 @@ Broken-by: d12746bc15d8

 --- a/doc/ChangeLog
 +++ b/doc/ChangeLog
-@@ -28,10 +28,15 @@ JH/13 Bug 2929: Fix using $recipients af
- JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
-       a capture group which obtained no text (eg. "(abc)*" matching zero
-       occurrences) could cause a segfault if the corresponding $<n> was
-       expanded.
+@@ -32,10 +32,15 @@ JH/14 Bug 2933: Fix regex substring matc
+ 
+ JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
+       included a close-brace character (eg. it itself used an expansion) an
+       error occurred.
 
 +JH/18 Fix a fencepost error in logging.  Previously (since 4.92) when a log line
 +      was exactly sized compared to the log buffer, a crash occurred with the

--- a/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch
+++ b/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch
+From 51f9c07cd341c9c1a09b3816df988c6f44477c99 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 11 Apr 2023 11:59:08 +0100
+Subject: [PATCH] Fix ${srs_encode ..} for mod-1024 day zero
+
+---
+ doc/ChangeLog |  3 +++
+ src/expand.c      | 10 ++++------
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+--- a/doc/ChangeLog
+++ b/doc/ChangeLog
+@@ -54,10 +54,13 @@ JH/20 Fix TLSA lookups.  Previously dns_
+ 
+ JH/23 Fix crash in string expansions. Previously, if an empty variable was
+       immediately followed by an expansion operator, a null-indirection read
+       was done, killing the process.
+ 
+JH/27 Fix ${srs_encode ..}.  Previously it would give a bad result for one day
+      every 1024 days.
+
+ 
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+--- a/src/expand.c
+++ b/src/expand.c
+@@ -3440,11 +3440,11 @@ switch(cond_type = identify_operator(&s,
+       case 3: return NULL;
+       }
+ 
+     /* Match the given local_part against the SRS-encoded pattern */
+ 
+-    re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$",
+    re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]{2})=([^=]*)=(.*)$",
+ 			    TRUE, FALSE);
+     md = pcre2_match_data_create(4+1, pcre_gen_ctx);
+     if (pcre2_match(re, sub[0], PCRE2_ZERO_TERMINATED, 0, PCRE_EOPT,
+ 		    md, pcre_mtc_ctx) < 0)
+       {
+@@ -6957,17 +6957,15 @@ while (*s)
+ 
+ 	/* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */
+ 	  {
+ 	  struct timeval now;
+ 	  unsigned long i;
+-	  gstring * h = NULL;
+ 
+ 	  gettimeofday(&now, NULL);
+-	  for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5)
+-	    h = string_catn(h, &base32_chars[i & 0x1f], 1);
+-	  if (h) while (h->ptr > 0)
+-	    g = string_catn(g, &h->s[--h->ptr], 1);
+	  i = (now.tv_sec / 86400) & 0x3ff;
+	  g = string_catn(g, &base32_chars[i >> 5], 1);
+	  g = string_catn(g, &base32_chars[i & 0x1f], 1);
+ 	  }
+ 	g = string_catn(g, US"=", 1);
+ 
+ 	/* ${domain:$return_path}=${local_part:$return_path} */
+ 	  {
--- a/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+++ b/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+From a8786a66feb3c003c74551399b345b1634cc6739 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 4 May 2023 15:41:46 +0100
+Subject: [PATCH 1/3] Fix variable initialisation in smtp transport.  Bug 2996
+
+---
+ doc/ChangeLog     | 8 ++++++++
+ src/transports/smtp.c | 2 +-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/doc/ChangeLog
+++ b/doc/ChangeLog
+@@ -61,10 +61,18 @@ JH/23 Fix crash in string expansions. Pr
+       was done, killing the process.
+ 
+ JH/27 Fix ${srs_encode ..}.  Previously it would give a bad result for one day
+       every 1024 days.
+ 
+JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
+      message being considered for delivery was already being handled by
+      another process, and having an SMTP connection already open, the function
+      to close it tried to use an uninitialized variable.  This would afftect
+      high-volume sites more, especially when running mailing-list-style loads.
+      Pollution of logs was the major effect, as the other process delivered
+      the message.  Found and partly investigated by Graeme Fowler.
+
+ 
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+--- a/src/transports/smtp.c
+++ b/src/transports/smtp.c
+@@ -4950,11 +4950,11 @@ Returns:    nothing
+ void
+ smtp_transport_closedown(transport_instance *tblock)
+ {
+ smtp_transport_options_block * ob = SOB tblock->options_block;
+ client_conn_ctx cctx;
+-smtp_context sx;
+smtp_context sx = {0};
+ uschar buffer[256];
+ uschar inbuffer[4096];
+ uschar outbuffer[16];
+ 
+ /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,6 +22,7 @@
 75_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch
 75_37-OpenSSL-when-preloading-creds-do-the-server-certs-be.patch
 75_38-OpenSSL-fix-double-expansion-of-tls_verify_certifica.patch
+75_42-Fix-run-arg-parsing.patch
 75_50-Fix-logging-of-max-size-log-line.patch
 75_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch
 75_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch
@@ -30,4 +31,6 @@
 75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch
 75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch
 75_66-Fix-crash-in-expansions.patch
+75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch
+75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
 90_localscan_dlopen.dpatch