forgot the diff ...
[The following lists of changes regard files as different if they have different names, permissions or owners.] Files only in first set of .debs, found in package exim4-daemon-heavy-dbgsym ---------------------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/34/a72aedf4830a64e9961936f0a93b3622cea618.debug Files only in first set of .debs, found in package exim4-daemon-light-dbgsym ---------------------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/16/688cb8a676f11335e1024842d2a40f8a46c0e3.debug Files only in first set of .debs, found in package eximon4-dbgsym ----------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/fa/ceba3b71bca811aa3fbfb78e57ab48cdbf8f82.debug New files in second set of .debs, found in package exim4-daemon-heavy-dbgsym ---------------------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/d5/aaad5b8de78f401c35c3c4bf1df0aa93e70bcc.debug New files in second set of .debs, found in package exim4-daemon-light-dbgsym ---------------------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/0c/787f2ab182ef325414f50a2410be0d7d032c29.debug New files in second set of .debs, found in package eximon4-dbgsym ----------------------------------------------------------------- -rw-r--r-- root/root /usr/lib/debug/.build-id/6c/8920f1a04a04ae113141c38137cca0ad2fe624.debug Control files of package exim4: lines which differ (wdiff format) ----------------------------------------------------------------- Depends: debconf (>= 1.4.69) | cdebconf (>= 0.39), exim4-base (<< [-4.92-7.1),-] {+4.92-8.1),+} exim4-base (>= [-4.92-7),-] {+4.92-8),+} exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom, debconf (>= 0.5) | debconf-2.0 Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-base: lines which differ (wdiff format) ---------------------------------------------------------------------- Installed-Size: [-1623-] {+1624+} Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-base-dbgsym: lines which differ (wdiff format) ----------------------------------------------------------------------------- Depends: exim4-base (= [-4.92-7)-] {+4.92-8)+} Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-config: lines which differ (wdiff format) ------------------------------------------------------------------------ Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-daemon-heavy: lines which differ (wdiff format) ------------------------------------------------------------------------------ Installed-Size: [-1477-] {+1473+} Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-daemon-heavy-dbgsym: lines which differ (wdiff format) ------------------------------------------------------------------------------------- Build-Ids: [-34a72aedf4830a64e9961936f0a93b3622cea618-] {+d5aaad5b8de78f401c35c3c4bf1df0aa93e70bcc+} Depends: exim4-daemon-heavy (= [-4.92-7)-] {+4.92-8)+} Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-daemon-light: lines which differ (wdiff format) ------------------------------------------------------------------------------ Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-daemon-light-dbgsym: lines which differ (wdiff format) ------------------------------------------------------------------------------------- Build-Ids: [-16688cb8a676f11335e1024842d2a40f8a46c0e3-] {+0c787f2ab182ef325414f50a2410be0d7d032c29+} Depends: exim4-daemon-light (= [-4.92-7)-] {+4.92-8)+} Version: [-4.92-7-] {+4.92-8+} Control files of package exim4-dev: lines which differ (wdiff format) --------------------------------------------------------------------- Version: [-4.92-7-] {+4.92-8+} Control files of package eximon4: lines which differ (wdiff format) ------------------------------------------------------------------- Version: [-4.92-7-] {+4.92-8+} Control files of package eximon4-dbgsym: lines which differ (wdiff format) -------------------------------------------------------------------------- Build-Ids: [-faceba3b71bca811aa3fbfb78e57ab48cdbf8f82-] {+6c8920f1a04a04ae113141c38137cca0ad2fe624+} Depends: eximon4 (= [-4.92-7)-] {+4.92-8)+} Version: [-4.92-7-] {+4.92-8+} diff -Nru exim4-4.92/debian/changelog exim4-4.92/debian/changelog --- exim4-4.92/debian/changelog 2019-05-07 19:44:23.000000000 +0200 +++ exim4-4.92/debian/changelog 2019-06-08 17:37:43.000000000 +0200 @@ -1,3 +1,24 @@ +exim4 (4.92-8) unstable; urgency=low + + * Pulled from exim-4.92+fixes branch: + + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch + Fix expansion of $tls_out_ocsp under hosts_request_ocsp. + + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch + When tls_verify_certificates was set to a directory instead of a file + exim/GnuTLS would still send out the list of accepted certificates, + This did not match documented behavior. + + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch + The dsn_from option was not used for DSN success messages. + * Pulled from upstream GIT master: + + 75_14-Fix-smtp-response-timeout.patch + Fix the timeout on smtp response to apply to the whole response instead + of resetting for every byte received. + + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch + https://bugs.exim.org/show_bug.cgi?id=2405 + ${eval } was broken on 32bit archs. + + -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jun 2019 17:37:43 +0200 + exim4 (4.92-7) unstable; urgency=medium * Upload to unstable. diff -Nru exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch --- exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.92/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch 2019-06-08 13:49:59.000000000 +0200 @@ -0,0 +1,54 @@ +From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Tue, 7 May 2019 22:55:41 +0100 +Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp + +(cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941) +--- + doc/ChangeLog | 3 +++ + src/tls-gnu.c | 12 ++++++++---- + test/log/5651 | 2 +- + test/log/5730 | 8 ++++---- + 4 files changed, 16 insertions(+), 9 deletions(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga + library routine (usually a crash). Found by "zerons". + + ++JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the ++ verification result was not updated unless hosts_require_ocsp applied. ++ + + Exim version 4.92 + ----------------- +--- a/src/tls-gnu.c ++++ b/src/tls-gnu.c +@@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr)) + } + + #ifndef DISABLE_OCSP +-if (require_ocsp) ++if (request_ocsp) + { + DEBUG(D_tls) + { +@@ -2474,10 +2474,14 @@ if (require_ocsp) + { + tlsp->ocsp = OCSP_FAILED; + tls_error(US"certificate status check failed", NULL, state->host, errstr); +- return NULL; ++ if (require_ocsp) ++ return FALSE; ++ } ++ else ++ { ++ DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); ++ tlsp->ocsp = OCSP_VFIED; + } +- DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); +- tlsp->ocsp = OCSP_VFIED; + } + #endif + diff -Nru exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch --- exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.92/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch 2019-06-08 13:50:55.000000000 +0200 @@ -0,0 +1,42 @@ +From 44893ba5249c6c6d5a0d62a1cc57ba3fbf7185b4 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Sun, 19 May 2019 12:12:36 +0100 +Subject: [PATCH 1/2] GnuTLS: fix the advertising of acceptable certs by the + server. Bug 2389 + +(cherry picked from commit 12d95aa62042377fc9f603245a17a43142972447) +--- + doc/ChangeLog | 4 ++++ + src/tls-gnu.c | 8 ++++++++ + 2 files changed, 12 insertions(+) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -42,6 +42,10 @@ JH/11 Harden plaintext authenticator aga + JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the + verification result was not updated unless hosts_require_ocsp applied. + ++JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in ++ directory-of-certs mode. Previously they were advertised despite the ++ documentation. ++ + + Exim version 4.92 + ----------------- +--- a/src/tls-gnu.c ++++ b/src/tls-gnu.c +@@ -1133,6 +1133,14 @@ else + #endif + gnutls_certificate_set_x509_trust_file(state->x509_cred, + CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM); ++ ++#ifdef SUPPORT_CA_DIR ++ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list ++ when using the directory-of-certs config model. */ ++ ++ if ((statbuf.st_mode & S_IFMT) == S_IFDIR) ++ gnutls_certificate_send_x509_rdn_sequence(state->session, 1); ++#endif + } + + if (cert_count < 0) diff -Nru exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch --- exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.92/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch 2019-06-08 13:37:40.000000000 +0200 @@ -0,0 +1,52 @@ +From 454bab46ae6812e29652d10c390451c962a6f806 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Tue, 4 Jun 2019 18:13:21 +0100 +Subject: [PATCH 2/2] Use dsn_from for success-DSN messages. Bug 2404 + +(cherry picked from commit 87abcb247b4444bab5fd0bcb212ddb26d5fd9191) +--- + doc/ChangeLog | 4 ++++ + src/deliver.c | 4 ++-- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/doc/ChangeLog b/doc/ChangeLog +index 5a3e453d..1a12c014 100644 +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -65,6 +65,10 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in + directory-of-certs mode. Previously they were advertised despite the + documentation. + ++JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for ++ success-DSN messages. Previously the From: header was always the default ++ one for these; the option was ignored. ++ + + Exim version 4.92 + ----------------- +diff --git a/src/deliver.c b/src/deliver.c +index e1799411..4720f596 100644 +--- a/src/deliver.c ++++ b/src/deliver.c +@@ -7365,8 +7365,8 @@ if (addr_senddsn) + if (errors_reply_to) + fprintf(f, "Reply-To: %s\n", errors_reply_to); + ++ moan_write_from(f); + fprintf(f, "Auto-Submitted: auto-generated\n" +- "From: Mail Delivery System <Mailer-Daemon@%s>\n" + "To: %s\n" + "Subject: Delivery Status Notification\n" + "Content-Type: multipart/report; report-type=delivery-status; boundary=%s\n" +@@ -7377,7 +7377,7 @@ if (addr_senddsn) + + "This message was created automatically by mail delivery software.\n" + " ----- The following addresses had successful delivery notifications -----\n", +- qualify_domain_sender, sender_address, bound, bound); ++ sender_address, bound, bound); + + for (addr_dsntmp = addr_senddsn; addr_dsntmp; + addr_dsntmp = addr_dsntmp->next) +-- +2.20.1 + diff -Nru exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch --- exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.92/debian/patches/75_14-Fix-smtp-response-timeout.patch 2019-06-08 13:48:32.000000000 +0200 @@ -0,0 +1,325 @@ +From 0a5441fcd93ae4145c07b3ed138dfe0e107174e0 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Mon, 27 May 2019 23:44:31 +0100 +Subject: [PATCH 1/2] Fix smtp response timeout + +--- + doc/ChangeLog | 6 ++++++ + src/functions.h | 4 ++-- + src/ip.c | 16 +++++++--------- + src/malware.c | 26 +++++++++++++------------- + src/routers/iplookup.c | 2 +- + src/smtp_out.c | 9 +++++---- + src/spam.c | 2 +- + src/transports/smtp_socks.c | 6 +++--- + src/verify.c | 2 +- + 9 files changed, 39 insertions(+), 34 deletions(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -50,6 +50,13 @@ JH/27 Bug 2404: Use the main-section con + success-DSN messages. Previously the From: header was always the default + one for these; the option was ignored. + ++JH/28 Fix the timeout on smtp response to apply to the whole response. ++ Previously it was reset for every read, so a teergrubing peer sending ++ single bytes within the time limit could extend the connection for a ++ long time. Credit to Qualsys Security Advisory Team for the discovery. ++[from GIT master] ++ ++ + + Exim version 4.92 + ----------------- +--- a/src/functions.h ++++ b/src/functions.h +@@ -225,7 +225,7 @@ extern uschar *expand_string_copy(const + extern int_eximarith_t expand_string_integer(uschar *, BOOL); + extern void modify_variable(uschar *, void *); + +-extern BOOL fd_ready(int, int); ++extern BOOL fd_ready(int, time_t); + + extern int filter_interpret(uschar *, int, address_item **, uschar **); + extern BOOL filter_personal(string_item *, BOOL); +@@ -271,7 +271,7 @@ extern int ip_connectedsocket(int, c + int, host_item *, uschar **, const blob *); + extern int ip_get_address_family(int); + extern void ip_keepalive(int, const uschar *, BOOL); +-extern int ip_recv(client_conn_ctx *, uschar *, int, int); ++extern int ip_recv(client_conn_ctx *, uschar *, int, time_t); + extern int ip_socket(int, int); + + extern int ip_tcpsocket(const uschar *, uschar **, int); +--- a/src/ip.c ++++ b/src/ip.c +@@ -566,16 +566,15 @@ if (setsockopt(sock, SOL_SOCKET, SO_KEEP + /* + Arguments: + fd the file descriptor +- timeout the timeout, seconds ++ timelimit the timeout endpoint, seconds-since-epoch + Returns: TRUE => ready for i/o + FALSE => timed out, or other error + */ + BOOL +-fd_ready(int fd, int timeout) ++fd_ready(int fd, time_t timelimit) + { + fd_set select_inset; +-time_t start_recv = time(NULL); +-int time_left = timeout; ++int time_left = timelimit - time(NULL); + int rc; + + if (time_left <= 0) +@@ -609,8 +608,7 @@ do + DEBUG(D_transport) debug_printf("EINTR while waiting for socket data\n"); + + /* Watch out, 'continue' jumps to the condition, not to the loops top */ +- time_left = timeout - (time(NULL) - start_recv); +- if (time_left > 0) continue; ++ if ((time_left = timelimit - time(NULL)) > 0) continue; + } + + if (rc <= 0) +@@ -634,18 +632,18 @@ Arguments: + cctx the connection context (socket fd, possibly TLS context) + buffer to read into + bufsize the buffer size +- timeout the timeout ++ timelimit the timeout endpoint, seconds-since-epoch + + Returns: > 0 => that much data read + <= 0 on error or EOF; errno set - zero for EOF + */ + + int +-ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, int timeout) ++ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, time_t timelimit) + { + int rc; + +-if (!fd_ready(cctx->sock, timeout)) ++if (!fd_ready(cctx->sock, timelimit)) + return -1; + + /* The socket is ready, read from it (via TLS if it's active). On EOF (i.e. +--- a/src/malware.c ++++ b/src/malware.c +@@ -349,13 +349,13 @@ return cre; + -2 on timeout or error + */ + static int +-recv_line(int fd, uschar * buffer, int bsize, int tmo) ++recv_line(int fd, uschar * buffer, int bsize, time_t tmo) + { + uschar * p = buffer; + ssize_t rcv; + BOOL ok = FALSE; + +-if (!fd_ready(fd, tmo-time(NULL))) ++if (!fd_ready(fd, tmo)) + return -2; + + /*XXX tmo handling assumes we always get a whole line */ +@@ -382,9 +382,9 @@ return p - buffer; + + /* return TRUE iff size as requested */ + static BOOL +-recv_len(int sock, void * buf, int size, int tmo) ++recv_len(int sock, void * buf, int size, time_t tmo) + { +-return fd_ready(sock, tmo-time(NULL)) ++return fd_ready(sock, tmo) + ? recv(sock, buf, size, 0) == size + : FALSE; + } +@@ -430,7 +430,7 @@ for (;;) + } + + static inline int +-mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, int tmo) ++mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, time_t tmo) + { + client_conn_ctx cctx = {.sock = sock}; + int offset = 0; +@@ -438,7 +438,7 @@ int i; + + do + { +- i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo-time(NULL)); ++ i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo); + if (i <= 0) + { + (void) malware_panic_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)"); +@@ -497,7 +497,7 @@ switch (*line) + + static int + mksd_scan_packed(struct scan * scanent, int sock, const uschar * scan_filename, +- int tmo) ++ time_t tmo) + { + struct iovec iov[3]; + const char *cmd = "MSQ\n"; +@@ -746,7 +746,7 @@ if (!malware_ok) + if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0) + return m_panic_defer(scanent, CUS callout_address, errstr); + +- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); ++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); + + if (bread <= 0) + return m_panic_defer_3(scanent, CUS callout_address, +@@ -1064,7 +1064,7 @@ badseek: err = errno; + if (m_sock_send(malware_daemon_ctx.sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0) + return m_panic_defer(scanent, CUS callout_address, errstr); + +- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); ++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); + if (bread > 0) av_buffer[bread]='\0'; + if (bread < 0) + return m_panic_defer_3(scanent, CUS callout_address, +@@ -1096,7 +1096,7 @@ badseek: err = errno; + { + errno = ETIMEDOUT; + i = av_buffer+sizeof(av_buffer)-p; +- if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo-time(NULL))) < 0) ++ if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo)) < 0) + return m_panic_defer_3(scanent, CUS callout_address, + string_sprintf("unable to read result (%s)", strerror(errno)), + malware_daemon_ctx.sock); +@@ -1401,7 +1401,7 @@ badseek: err = errno; + + /* wait for result */ + memset(av_buffer, 0, sizeof(av_buffer)); +- if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL))) <= 0) ++ if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo)) <= 0) + return m_panic_defer_3(scanent, CUS callout_address, + string_sprintf("unable to read from UNIX socket (%s)", scanner_options), + malware_daemon_ctx.sock); +@@ -1737,7 +1737,7 @@ b_seek: err = errno; + + /* Read the result */ + memset(av_buffer, 0, sizeof(av_buffer)); +- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); ++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); + (void)close(malware_daemon_ctx.sock); + malware_daemon_ctx.sock = -1; + malware_daemon_ctx.tls_ctx = NULL; +@@ -1895,7 +1895,7 @@ b_seek: err = errno; + return m_panic_defer(scanent, CUS callout_address, errstr); + + /* Read the result */ +- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); ++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); + + if (bread <= 0) + return m_panic_defer_3(scanent, CUS callout_address, +--- a/src/routers/iplookup.c ++++ b/src/routers/iplookup.c +@@ -279,7 +279,7 @@ while ((hostname = string_nextinlist(&li + /* Read the response and close the socket. If the read fails, try the + next IP address. */ + +- count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, ob->timeout); ++ count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, time(NULL) + ob->timeout); + (void)close(query_cctx.sock); + if (count <= 0) + { +--- a/src/smtp_out.c ++++ b/src/smtp_out.c +@@ -587,14 +587,14 @@ Arguments: + inblock the SMTP input block (contains holding buffer, socket, etc.) + buffer where to put the line + size space available for the line +- timeout the timeout to use when reading a packet ++ timelimit deadline for reading the lime, seconds past epoch + + Returns: length of a line that has been put in the buffer + -1 otherwise, with errno set + */ + + static int +-read_response_line(smtp_inblock *inblock, uschar *buffer, int size, int timeout) ++read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit) + { + uschar *p = buffer; + uschar *ptr = inblock->ptr; +@@ -637,7 +637,7 @@ for (;;) + + /* Need to read a new input packet. */ + +- if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timeout)) <= 0) ++ if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0) + { + DEBUG(D_deliver|D_transport|D_acl) + debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n", +@@ -694,6 +694,7 @@ smtp_read_response(void * sx0, uschar * + smtp_context * sx = sx0; + uschar * ptr = buffer; + int count = 0, rc; ++time_t timelimit = time(NULL) + timeout; + + errno = 0; /* Ensure errno starts out zero */ + +@@ -713,7 +714,7 @@ response. */ + + for (;;) + { +- if ((count = read_response_line(&sx->inblock, ptr, size, timeout)) < 0) ++ if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0) + return FALSE; + + HDEBUG(D_transport|D_acl|D_v) +--- a/src/spam.c ++++ b/src/spam.c +@@ -503,7 +503,7 @@ offset = 0; + while ((i = ip_recv(&spamd_cctx, + spamd_buffer + offset, + sizeof(spamd_buffer) - offset - 1, +- sd->timeout - time(NULL) + start)) > 0) ++ sd->timeout + start)) > 0) + offset += i; + spamd_buffer[offset] = '\0'; /* guard byte */ + +--- a/src/transports/smtp_socks.c ++++ b/src/transports/smtp_socks.c +@@ -129,7 +129,7 @@ switch(method) + #ifdef TCP_QUICKACK + (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); + #endif +- if (!fd_ready(fd, tmo-time(NULL)) || read(fd, s, 2) != 2) ++ if (!fd_ready(fd, tmo) || read(fd, s, 2) != 2) + return FAIL; + HDEBUG(D_transport|D_acl|D_v) + debug_printf_indent(" SOCKS<< %02x %02x\n", s[0], s[1]); +@@ -320,7 +320,7 @@ HDEBUG(D_transport|D_acl|D_v) debug_prin + (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); + #endif + +-if ( !fd_ready(fd, tmo-time(NULL)) ++if ( !fd_ready(fd, tmo) + || read(fd, buf, 2) != 2 + ) + goto rcv_err; +@@ -370,7 +370,7 @@ if (send(fd, buf, size, 0) < 0) + /* expect conn-reply (success, local(ipver, addr, port)) + of same length as conn-request, or non-success fail code */ + +-if ( !fd_ready(fd, tmo-time(NULL)) ++if ( !fd_ready(fd, tmo) + || (size = read(fd, buf, size)) < 2 + ) + goto rcv_err; +--- a/src/verify.c ++++ b/src/verify.c +@@ -2770,7 +2770,7 @@ for (;;) + int size = sizeof(buffer) - (p - buffer); + + if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */ +- count = ip_recv(&ident_conn_ctx, p, size, rfc1413_query_timeout); ++ count = ip_recv(&ident_conn_ctx, p, size, time(NULL) + rfc1413_query_timeout); + if (count <= 0) goto END_OFF; /* Read error or EOF */ + + /* Scan what we just read, to see if we have reached the terminating \r\n. Be diff -Nru exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch --- exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.92/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch 2019-06-08 13:37:40.000000000 +0200 @@ -0,0 +1,48 @@ +From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Fri, 7 Jun 2019 11:54:10 +0100 +Subject: [PATCH 2/2] Fix detection of 32b platform at build time. Bug 2405 + +--- + src/buildconfig.c | 12 +++--- + test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++----------------- + test/stdout/0002 | 72 +++++++++++++++++++----------------- + 3 files changed, 83 insertions(+), 73 deletions(-) + +diff --git a/src/buildconfig.c b/src/buildconfig.c +index 71cf97b1..a680b344 100644 +--- a/src/buildconfig.c ++++ b/src/buildconfig.c +@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L; + unsigned int test_uint_t = 0; + #endif + long test_long_t = 0; ++long long test_longlong_t = 0; + int test_int_t = 0; + FILE *base; + FILE *new; +@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */ + + fprintf(new, "#ifndef OFF_T_FMT\n"); + if (sizeof(test_off_t) > sizeof(test_long_t)) +- { + fprintf(new, "# define OFF_T_FMT \"%%lld\"\n"); +- fprintf(new, "# define LONGLONG_T long long int\n"); +- } + else +- { + fprintf(new, "# define OFF_T_FMT \"%%ld\"\n"); ++fprintf(new, "#endif\n\n"); ++ ++fprintf(new, "#ifndef LONGLONG_T\n"); ++if (sizeof(test_longlong_t) > sizeof(test_long_t)) ++ fprintf(new, "# define LONGLONG_T long long int\n"); ++else + fprintf(new, "# define LONGLONG_T long int\n"); +- } + fprintf(new, "#endif\n\n"); + + /* Now do the same thing for time_t variables. If the length is greater than +-- +2.20.1 + diff -Nru exim4-4.92/debian/patches/series exim4-4.92/debian/patches/series --- exim4-4.92/debian/patches/series 2019-05-07 19:42:27.000000000 +0200 +++ exim4-4.92/debian/patches/series 2019-06-08 13:37:43.000000000 +0200 @@ -16,4 +16,9 @@ 75_08-Logging-fix-initial-listening-on-log-line.patch 75_09-OpenSSL-Fix-aggregation-of-messages.patch 75_10-Harden-plaintext-authenticator.patch +75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch +75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch +75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch +75_14-Fix-smtp-response-timeout.patch +75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch 90_localscan_dlopen.dpatch
Attachment:
signature.asc
Description: PGP signature