forgot the diff ...
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files only in first set of .debs, found in package exim4-daemon-heavy-dbgsym
----------------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/34/a72aedf4830a64e9961936f0a93b3622cea618.debug
Files only in first set of .debs, found in package exim4-daemon-light-dbgsym
----------------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/16/688cb8a676f11335e1024842d2a40f8a46c0e3.debug
Files only in first set of .debs, found in package eximon4-dbgsym
-----------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/fa/ceba3b71bca811aa3fbfb78e57ab48cdbf8f82.debug
New files in second set of .debs, found in package exim4-daemon-heavy-dbgsym
----------------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/d5/aaad5b8de78f401c35c3c4bf1df0aa93e70bcc.debug
New files in second set of .debs, found in package exim4-daemon-light-dbgsym
----------------------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/0c/787f2ab182ef325414f50a2410be0d7d032c29.debug
New files in second set of .debs, found in package eximon4-dbgsym
-----------------------------------------------------------------
-rw-r--r-- root/root /usr/lib/debug/.build-id/6c/8920f1a04a04ae113141c38137cca0ad2fe624.debug
Control files of package exim4: lines which differ (wdiff format)
-----------------------------------------------------------------
Depends: debconf (>= 1.4.69) | cdebconf (>= 0.39), exim4-base (<< [-4.92-7.1),-] {+4.92-8.1),+} exim4-base (>= [-4.92-7),-] {+4.92-8),+} exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom, debconf (>= 0.5) | debconf-2.0
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-base: lines which differ (wdiff format)
----------------------------------------------------------------------
Installed-Size: [-1623-] {+1624+}
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-base-dbgsym: lines which differ (wdiff format)
-----------------------------------------------------------------------------
Depends: exim4-base (= [-4.92-7)-] {+4.92-8)+}
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-config: lines which differ (wdiff format)
------------------------------------------------------------------------
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-daemon-heavy: lines which differ (wdiff format)
------------------------------------------------------------------------------
Installed-Size: [-1477-] {+1473+}
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-daemon-heavy-dbgsym: lines which differ (wdiff format)
-------------------------------------------------------------------------------------
Build-Ids: [-34a72aedf4830a64e9961936f0a93b3622cea618-] {+d5aaad5b8de78f401c35c3c4bf1df0aa93e70bcc+}
Depends: exim4-daemon-heavy (= [-4.92-7)-] {+4.92-8)+}
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-daemon-light: lines which differ (wdiff format)
------------------------------------------------------------------------------
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-daemon-light-dbgsym: lines which differ (wdiff format)
-------------------------------------------------------------------------------------
Build-Ids: [-16688cb8a676f11335e1024842d2a40f8a46c0e3-] {+0c787f2ab182ef325414f50a2410be0d7d032c29+}
Depends: exim4-daemon-light (= [-4.92-7)-] {+4.92-8)+}
Version: [-4.92-7-] {+4.92-8+}
Control files of package exim4-dev: lines which differ (wdiff format)
---------------------------------------------------------------------
Version: [-4.92-7-] {+4.92-8+}
Control files of package eximon4: lines which differ (wdiff format)
-------------------------------------------------------------------
Version: [-4.92-7-] {+4.92-8+}
Control files of package eximon4-dbgsym: lines which differ (wdiff format)
--------------------------------------------------------------------------
Build-Ids: [-faceba3b71bca811aa3fbfb78e57ab48cdbf8f82-] {+6c8920f1a04a04ae113141c38137cca0ad2fe624+}
Depends: eximon4 (= [-4.92-7)-] {+4.92-8)+}
Version: [-4.92-7-] {+4.92-8+}
diff -Nru exim4-4.92/debian/changelog exim4-4.92/debian/changelog
--- exim4-4.92/debian/changelog 2019-05-07 19:44:23.000000000 +0200
+++ exim4-4.92/debian/changelog 2019-06-08 17:37:43.000000000 +0200
@@ -1,3 +1,24 @@
+exim4 (4.92-8) unstable; urgency=low
+
+ * Pulled from exim-4.92+fixes branch:
+ + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
+ Fix expansion of $tls_out_ocsp under hosts_request_ocsp.
+ + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
+ When tls_verify_certificates was set to a directory instead of a file
+ exim/GnuTLS would still send out the list of accepted certificates,
+ This did not match documented behavior.
+ + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
+ The dsn_from option was not used for DSN success messages.
+ * Pulled from upstream GIT master:
+ + 75_14-Fix-smtp-response-timeout.patch
+ Fix the timeout on smtp response to apply to the whole response instead
+ of resetting for every byte received.
+ + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
+ https://bugs.exim.org/show_bug.cgi?id=2405
+ ${eval } was broken on 32bit archs.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jun 2019 17:37:43 +0200
+
exim4 (4.92-7) unstable; urgency=medium
* Upload to unstable.
diff -Nru exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
--- exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch 2019-06-08 13:49:59.000000000 +0200
@@ -0,0 +1,54 @@
+From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 7 May 2019 22:55:41 +0100
+Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
+
+(cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941)
+---
+ doc/ChangeLog | 3 +++
+ src/tls-gnu.c | 12 ++++++++----
+ test/log/5651 | 2 +-
+ test/log/5730 | 8 ++++----
+ 4 files changed, 16 insertions(+), 9 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga
+ library routine (usually a crash). Found by "zerons".
+
+
++JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
++ verification result was not updated unless hosts_require_ocsp applied.
++
+
+ Exim version 4.92
+ -----------------
+--- a/src/tls-gnu.c
++++ b/src/tls-gnu.c
+@@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr))
+ }
+
+ #ifndef DISABLE_OCSP
+-if (require_ocsp)
++if (request_ocsp)
+ {
+ DEBUG(D_tls)
+ {
+@@ -2474,10 +2474,14 @@ if (require_ocsp)
+ {
+ tlsp->ocsp = OCSP_FAILED;
+ tls_error(US"certificate status check failed", NULL, state->host, errstr);
+- return NULL;
++ if (require_ocsp)
++ return FALSE;
++ }
++ else
++ {
++ DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
++ tlsp->ocsp = OCSP_VFIED;
+ }
+- DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
+- tlsp->ocsp = OCSP_VFIED;
+ }
+ #endif
+
diff -Nru exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
--- exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch 2019-06-08 13:50:55.000000000 +0200
@@ -0,0 +1,42 @@
+From 44893ba5249c6c6d5a0d62a1cc57ba3fbf7185b4 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun, 19 May 2019 12:12:36 +0100
+Subject: [PATCH 1/2] GnuTLS: fix the advertising of acceptable certs by the
+ server. Bug 2389
+
+(cherry picked from commit 12d95aa62042377fc9f603245a17a43142972447)
+---
+ doc/ChangeLog | 4 ++++
+ src/tls-gnu.c | 8 ++++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -42,6 +42,10 @@ JH/11 Harden plaintext authenticator aga
+ JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
+ verification result was not updated unless hosts_require_ocsp applied.
+
++JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
++ directory-of-certs mode. Previously they were advertised despite the
++ documentation.
++
+
+ Exim version 4.92
+ -----------------
+--- a/src/tls-gnu.c
++++ b/src/tls-gnu.c
+@@ -1133,6 +1133,14 @@ else
+ #endif
+ gnutls_certificate_set_x509_trust_file(state->x509_cred,
+ CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);
++
++#ifdef SUPPORT_CA_DIR
++ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
++ when using the directory-of-certs config model. */
++
++ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
++ gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
++#endif
+ }
+
+ if (cert_count < 0)
diff -Nru exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
--- exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch 2019-06-08 13:37:40.000000000 +0200
@@ -0,0 +1,52 @@
+From 454bab46ae6812e29652d10c390451c962a6f806 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 4 Jun 2019 18:13:21 +0100
+Subject: [PATCH 2/2] Use dsn_from for success-DSN messages. Bug 2404
+
+(cherry picked from commit 87abcb247b4444bab5fd0bcb212ddb26d5fd9191)
+---
+ doc/ChangeLog | 4 ++++
+ src/deliver.c | 4 ++--
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/doc/ChangeLog b/doc/ChangeLog
+index 5a3e453d..1a12c014 100644
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -65,6 +65,10 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
+ directory-of-certs mode. Previously they were advertised despite the
+ documentation.
+
++JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for
++ success-DSN messages. Previously the From: header was always the default
++ one for these; the option was ignored.
++
+
+ Exim version 4.92
+ -----------------
+diff --git a/src/deliver.c b/src/deliver.c
+index e1799411..4720f596 100644
+--- a/src/deliver.c
++++ b/src/deliver.c
+@@ -7365,8 +7365,8 @@ if (addr_senddsn)
+ if (errors_reply_to)
+ fprintf(f, "Reply-To: %s\n", errors_reply_to);
+
++ moan_write_from(f);
+ fprintf(f, "Auto-Submitted: auto-generated\n"
+- "From: Mail Delivery System <Mailer-Daemon@%s>\n"
+ "To: %s\n"
+ "Subject: Delivery Status Notification\n"
+ "Content-Type: multipart/report; report-type=delivery-status; boundary=%s\n"
+@@ -7377,7 +7377,7 @@ if (addr_senddsn)
+
+ "This message was created automatically by mail delivery software.\n"
+ " ----- The following addresses had successful delivery notifications -----\n",
+- qualify_domain_sender, sender_address, bound, bound);
++ sender_address, bound, bound);
+
+ for (addr_dsntmp = addr_senddsn; addr_dsntmp;
+ addr_dsntmp = addr_dsntmp->next)
+--
+2.20.1
+
diff -Nru exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch
--- exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch 2019-06-08 13:48:32.000000000 +0200
@@ -0,0 +1,325 @@
+From 0a5441fcd93ae4145c07b3ed138dfe0e107174e0 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Mon, 27 May 2019 23:44:31 +0100
+Subject: [PATCH 1/2] Fix smtp response timeout
+
+---
+ doc/ChangeLog | 6 ++++++
+ src/functions.h | 4 ++--
+ src/ip.c | 16 +++++++---------
+ src/malware.c | 26 +++++++++++++-------------
+ src/routers/iplookup.c | 2 +-
+ src/smtp_out.c | 9 +++++----
+ src/spam.c | 2 +-
+ src/transports/smtp_socks.c | 6 +++---
+ src/verify.c | 2 +-
+ 9 files changed, 39 insertions(+), 34 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -50,6 +50,13 @@ JH/27 Bug 2404: Use the main-section con
+ success-DSN messages. Previously the From: header was always the default
+ one for these; the option was ignored.
+
++JH/28 Fix the timeout on smtp response to apply to the whole response.
++ Previously it was reset for every read, so a teergrubing peer sending
++ single bytes within the time limit could extend the connection for a
++ long time. Credit to Qualsys Security Advisory Team for the discovery.
++[from GIT master]
++
++
+
+ Exim version 4.92
+ -----------------
+--- a/src/functions.h
++++ b/src/functions.h
+@@ -225,7 +225,7 @@ extern uschar *expand_string_copy(const
+ extern int_eximarith_t expand_string_integer(uschar *, BOOL);
+ extern void modify_variable(uschar *, void *);
+
+-extern BOOL fd_ready(int, int);
++extern BOOL fd_ready(int, time_t);
+
+ extern int filter_interpret(uschar *, int, address_item **, uschar **);
+ extern BOOL filter_personal(string_item *, BOOL);
+@@ -271,7 +271,7 @@ extern int ip_connectedsocket(int, c
+ int, host_item *, uschar **, const blob *);
+ extern int ip_get_address_family(int);
+ extern void ip_keepalive(int, const uschar *, BOOL);
+-extern int ip_recv(client_conn_ctx *, uschar *, int, int);
++extern int ip_recv(client_conn_ctx *, uschar *, int, time_t);
+ extern int ip_socket(int, int);
+
+ extern int ip_tcpsocket(const uschar *, uschar **, int);
+--- a/src/ip.c
++++ b/src/ip.c
+@@ -566,16 +566,15 @@ if (setsockopt(sock, SOL_SOCKET, SO_KEEP
+ /*
+ Arguments:
+ fd the file descriptor
+- timeout the timeout, seconds
++ timelimit the timeout endpoint, seconds-since-epoch
+ Returns: TRUE => ready for i/o
+ FALSE => timed out, or other error
+ */
+ BOOL
+-fd_ready(int fd, int timeout)
++fd_ready(int fd, time_t timelimit)
+ {
+ fd_set select_inset;
+-time_t start_recv = time(NULL);
+-int time_left = timeout;
++int time_left = timelimit - time(NULL);
+ int rc;
+
+ if (time_left <= 0)
+@@ -609,8 +608,7 @@ do
+ DEBUG(D_transport) debug_printf("EINTR while waiting for socket data\n");
+
+ /* Watch out, 'continue' jumps to the condition, not to the loops top */
+- time_left = timeout - (time(NULL) - start_recv);
+- if (time_left > 0) continue;
++ if ((time_left = timelimit - time(NULL)) > 0) continue;
+ }
+
+ if (rc <= 0)
+@@ -634,18 +632,18 @@ Arguments:
+ cctx the connection context (socket fd, possibly TLS context)
+ buffer to read into
+ bufsize the buffer size
+- timeout the timeout
++ timelimit the timeout endpoint, seconds-since-epoch
+
+ Returns: > 0 => that much data read
+ <= 0 on error or EOF; errno set - zero for EOF
+ */
+
+ int
+-ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, int timeout)
++ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, time_t timelimit)
+ {
+ int rc;
+
+-if (!fd_ready(cctx->sock, timeout))
++if (!fd_ready(cctx->sock, timelimit))
+ return -1;
+
+ /* The socket is ready, read from it (via TLS if it's active). On EOF (i.e.
+--- a/src/malware.c
++++ b/src/malware.c
+@@ -349,13 +349,13 @@ return cre;
+ -2 on timeout or error
+ */
+ static int
+-recv_line(int fd, uschar * buffer, int bsize, int tmo)
++recv_line(int fd, uschar * buffer, int bsize, time_t tmo)
+ {
+ uschar * p = buffer;
+ ssize_t rcv;
+ BOOL ok = FALSE;
+
+-if (!fd_ready(fd, tmo-time(NULL)))
++if (!fd_ready(fd, tmo))
+ return -2;
+
+ /*XXX tmo handling assumes we always get a whole line */
+@@ -382,9 +382,9 @@ return p - buffer;
+
+ /* return TRUE iff size as requested */
+ static BOOL
+-recv_len(int sock, void * buf, int size, int tmo)
++recv_len(int sock, void * buf, int size, time_t tmo)
+ {
+-return fd_ready(sock, tmo-time(NULL))
++return fd_ready(sock, tmo)
+ ? recv(sock, buf, size, 0) == size
+ : FALSE;
+ }
+@@ -430,7 +430,7 @@ for (;;)
+ }
+
+ static inline int
+-mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, int tmo)
++mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, time_t tmo)
+ {
+ client_conn_ctx cctx = {.sock = sock};
+ int offset = 0;
+@@ -438,7 +438,7 @@ int i;
+
+ do
+ {
+- i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo-time(NULL));
++ i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo);
+ if (i <= 0)
+ {
+ (void) malware_panic_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)");
+@@ -497,7 +497,7 @@ switch (*line)
+
+ static int
+ mksd_scan_packed(struct scan * scanent, int sock, const uschar * scan_filename,
+- int tmo)
++ time_t tmo)
+ {
+ struct iovec iov[3];
+ const char *cmd = "MSQ\n";
+@@ -746,7 +746,7 @@ if (!malware_ok)
+ if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0)
+ return m_panic_defer(scanent, CUS callout_address, errstr);
+
+- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
+
+ if (bread <= 0)
+ return m_panic_defer_3(scanent, CUS callout_address,
+@@ -1064,7 +1064,7 @@ badseek: err = errno;
+ if (m_sock_send(malware_daemon_ctx.sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0)
+ return m_panic_defer(scanent, CUS callout_address, errstr);
+
+- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
+ if (bread > 0) av_buffer[bread]='\0';
+ if (bread < 0)
+ return m_panic_defer_3(scanent, CUS callout_address,
+@@ -1096,7 +1096,7 @@ badseek: err = errno;
+ {
+ errno = ETIMEDOUT;
+ i = av_buffer+sizeof(av_buffer)-p;
+- if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo-time(NULL))) < 0)
++ if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo)) < 0)
+ return m_panic_defer_3(scanent, CUS callout_address,
+ string_sprintf("unable to read result (%s)", strerror(errno)),
+ malware_daemon_ctx.sock);
+@@ -1401,7 +1401,7 @@ badseek: err = errno;
+
+ /* wait for result */
+ memset(av_buffer, 0, sizeof(av_buffer));
+- if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL))) <= 0)
++ if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo)) <= 0)
+ return m_panic_defer_3(scanent, CUS callout_address,
+ string_sprintf("unable to read from UNIX socket (%s)", scanner_options),
+ malware_daemon_ctx.sock);
+@@ -1737,7 +1737,7 @@ b_seek: err = errno;
+
+ /* Read the result */
+ memset(av_buffer, 0, sizeof(av_buffer));
+- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
+ (void)close(malware_daemon_ctx.sock);
+ malware_daemon_ctx.sock = -1;
+ malware_daemon_ctx.tls_ctx = NULL;
+@@ -1895,7 +1895,7 @@ b_seek: err = errno;
+ return m_panic_defer(scanent, CUS callout_address, errstr);
+
+ /* Read the result */
+- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
+
+ if (bread <= 0)
+ return m_panic_defer_3(scanent, CUS callout_address,
+--- a/src/routers/iplookup.c
++++ b/src/routers/iplookup.c
+@@ -279,7 +279,7 @@ while ((hostname = string_nextinlist(&li
+ /* Read the response and close the socket. If the read fails, try the
+ next IP address. */
+
+- count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, ob->timeout);
++ count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, time(NULL) + ob->timeout);
+ (void)close(query_cctx.sock);
+ if (count <= 0)
+ {
+--- a/src/smtp_out.c
++++ b/src/smtp_out.c
+@@ -587,14 +587,14 @@ Arguments:
+ inblock the SMTP input block (contains holding buffer, socket, etc.)
+ buffer where to put the line
+ size space available for the line
+- timeout the timeout to use when reading a packet
++ timelimit deadline for reading the lime, seconds past epoch
+
+ Returns: length of a line that has been put in the buffer
+ -1 otherwise, with errno set
+ */
+
+ static int
+-read_response_line(smtp_inblock *inblock, uschar *buffer, int size, int timeout)
++read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
+ {
+ uschar *p = buffer;
+ uschar *ptr = inblock->ptr;
+@@ -637,7 +637,7 @@ for (;;)
+
+ /* Need to read a new input packet. */
+
+- if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timeout)) <= 0)
++ if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
+ {
+ DEBUG(D_deliver|D_transport|D_acl)
+ debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
+@@ -694,6 +694,7 @@ smtp_read_response(void * sx0, uschar *
+ smtp_context * sx = sx0;
+ uschar * ptr = buffer;
+ int count = 0, rc;
++time_t timelimit = time(NULL) + timeout;
+
+ errno = 0; /* Ensure errno starts out zero */
+
+@@ -713,7 +714,7 @@ response. */
+
+ for (;;)
+ {
+- if ((count = read_response_line(&sx->inblock, ptr, size, timeout)) < 0)
++ if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
+ return FALSE;
+
+ HDEBUG(D_transport|D_acl|D_v)
+--- a/src/spam.c
++++ b/src/spam.c
+@@ -503,7 +503,7 @@ offset = 0;
+ while ((i = ip_recv(&spamd_cctx,
+ spamd_buffer + offset,
+ sizeof(spamd_buffer) - offset - 1,
+- sd->timeout - time(NULL) + start)) > 0)
++ sd->timeout + start)) > 0)
+ offset += i;
+ spamd_buffer[offset] = '\0'; /* guard byte */
+
+--- a/src/transports/smtp_socks.c
++++ b/src/transports/smtp_socks.c
+@@ -129,7 +129,7 @@ switch(method)
+ #ifdef TCP_QUICKACK
+ (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+ #endif
+- if (!fd_ready(fd, tmo-time(NULL)) || read(fd, s, 2) != 2)
++ if (!fd_ready(fd, tmo) || read(fd, s, 2) != 2)
+ return FAIL;
+ HDEBUG(D_transport|D_acl|D_v)
+ debug_printf_indent(" SOCKS<< %02x %02x\n", s[0], s[1]);
+@@ -320,7 +320,7 @@ HDEBUG(D_transport|D_acl|D_v) debug_prin
+ (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
+ #endif
+
+-if ( !fd_ready(fd, tmo-time(NULL))
++if ( !fd_ready(fd, tmo)
+ || read(fd, buf, 2) != 2
+ )
+ goto rcv_err;
+@@ -370,7 +370,7 @@ if (send(fd, buf, size, 0) < 0)
+ /* expect conn-reply (success, local(ipver, addr, port))
+ of same length as conn-request, or non-success fail code */
+
+-if ( !fd_ready(fd, tmo-time(NULL))
++if ( !fd_ready(fd, tmo)
+ || (size = read(fd, buf, size)) < 2
+ )
+ goto rcv_err;
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -2770,7 +2770,7 @@ for (;;)
+ int size = sizeof(buffer) - (p - buffer);
+
+ if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
+- count = ip_recv(&ident_conn_ctx, p, size, rfc1413_query_timeout);
++ count = ip_recv(&ident_conn_ctx, p, size, time(NULL) + rfc1413_query_timeout);
+ if (count <= 0) goto END_OFF; /* Read error or EOF */
+
+ /* Scan what we just read, to see if we have reached the terminating \r\n. Be
diff -Nru exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
--- exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch 1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch 2019-06-08 13:37:40.000000000 +0200
@@ -0,0 +1,48 @@
+From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 7 Jun 2019 11:54:10 +0100
+Subject: [PATCH 2/2] Fix detection of 32b platform at build time. Bug 2405
+
+---
+ src/buildconfig.c | 12 +++---
+ test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++-----------------
+ test/stdout/0002 | 72 +++++++++++++++++++-----------------
+ 3 files changed, 83 insertions(+), 73 deletions(-)
+
+diff --git a/src/buildconfig.c b/src/buildconfig.c
+index 71cf97b1..a680b344 100644
+--- a/src/buildconfig.c
++++ b/src/buildconfig.c
+@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L;
+ unsigned int test_uint_t = 0;
+ #endif
+ long test_long_t = 0;
++long long test_longlong_t = 0;
+ int test_int_t = 0;
+ FILE *base;
+ FILE *new;
+@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */
+
+ fprintf(new, "#ifndef OFF_T_FMT\n");
+ if (sizeof(test_off_t) > sizeof(test_long_t))
+- {
+ fprintf(new, "# define OFF_T_FMT \"%%lld\"\n");
+- fprintf(new, "# define LONGLONG_T long long int\n");
+- }
+ else
+- {
+ fprintf(new, "# define OFF_T_FMT \"%%ld\"\n");
++fprintf(new, "#endif\n\n");
++
++fprintf(new, "#ifndef LONGLONG_T\n");
++if (sizeof(test_longlong_t) > sizeof(test_long_t))
++ fprintf(new, "# define LONGLONG_T long long int\n");
++else
+ fprintf(new, "# define LONGLONG_T long int\n");
+- }
+ fprintf(new, "#endif\n\n");
+
+ /* Now do the same thing for time_t variables. If the length is greater than
+--
+2.20.1
+
diff -Nru exim4-4.92/debian/patches/series exim4-4.92/debian/patches/series
--- exim4-4.92/debian/patches/series 2019-05-07 19:42:27.000000000 +0200
+++ exim4-4.92/debian/patches/series 2019-06-08 13:37:43.000000000 +0200
@@ -16,4 +16,9 @@
75_08-Logging-fix-initial-listening-on-log-line.patch
75_09-OpenSSL-Fix-aggregation-of-messages.patch
75_10-Harden-plaintext-authenticator.patch
+75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
+75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
+75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
+75_14-Fix-smtp-response-timeout.patch
+75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
90_localscan_dlopen.dpatch
Attachment:
signature.asc
Description: PGP signature