[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036025: unblock: exim4/4.96-15

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: exim4@packages.debian.org
Control: affects -1 + src:exim4

Please unblock package exim4

This fixes an initialzation error which caused a crash in the smtp
transport. See https://bugs.exim.org/show_bug.cgi?id=2996

It is a one-line change, I have also removed garbage (unapplied patch)
from debian/patches.

cu Andreas

unblock exim4/4.96-15

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru exim4-4.96/debian/changelog exim4-4.96/debian/changelog
--- exim4-4.96/debian/changelog	2023-02-04 13:33:50.000000000 +0100
+++ exim4-4.96/debian/changelog	2023-05-10 18:30:35.000000000 +0200
@@ -1,3 +1,12 @@
+exim4 (4.96-15) unstable; urgency=medium
+
+  * Pull from upstream GIT master:
+    + 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+      Fix a crash in the smtp transport.
+      https://bugs.exim.org/show_bug.cgi?id=2996
+
+ -- Andreas Metzler <ametzler@debian.org>  Wed, 10 May 2023 18:30:35 +0200
+
 exim4 (4.96-14) unstable; urgency=medium
 
   * Pull from upstream GIT master:
diff -Nru exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch
--- exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch	2022-12-04 08:02:50.000000000 +0100
+++ exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,99 +0,0 @@
-From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sat, 3 Dec 2022 23:13:53 +0000
-Subject: [PATCH] Fix ${run } arg parsing
-
-Broken-by: cfe6acff2ddc
----
- doc/ChangeLog        |  4 ++++
- src/expand.c             | 13 ++++++++++---
- src/transport.c          |  4 +++-
- test/scripts/0000-Basic/0002 |  2 ++
- test/stdout/0002             |  2 ++
- 5 files changed, 21 insertions(+), 4 deletions(-)
-
---- a/doc/ChangeLog
-+++ b/doc/ChangeLog
-@@ -28,10 +28,14 @@
- JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
-       a capture group which obtained no text (eg. "(abc)*" matching zero
-       occurrences) could cause a segfault if the corresponding $<n> was
-       expanded.
- 
-+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
-+      included a close-brace character (eg. it itself used an expansion) an
-+      error occurred.
-+
- 
- 
- Exim version 4.96
- -----------------
- 
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -5529,11 +5529,11 @@
-       {
-       FILE * f;
-       const uschar * arg, ** argv;
-       BOOL late_expand = TRUE;
- 
--      if ((expand_forbid & RDO_RUN) != 0)
-+      if (expand_forbid & RDO_RUN)
-         {
-         expand_string_message = US"running a command is not permitted";
-         goto EXPAND_FAILED;
-         }
- 
-@@ -5561,16 +5561,23 @@
- 	}
-       s++;
- 
-       if (late_expand)		/* this is the default case */
- 	{
--	int n = Ustrcspn(s, "}");
-+	int n;
-+	const uschar * t;
-+	/* Locate the end of the args */
-+	(void) expand_string_internal(s,
-+	  ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, &t, NULL, NULL);
-+	n = t - s;
- 	arg = skipping ? NULL : string_copyn(s, n);
- 	s += n;
- 	}
-       else
- 	{
-+	DEBUG(D_expand)
-+	  debug_printf_indent("args string for ${run} expand before split\n");
- 	if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok)))
- 	  goto EXPAND_FAILED;
- 	Uskip_whitespace(&s);
- 	}
- 							/*{*/
---- a/src/transport.c
-+++ b/src/transport.c
-@@ -2187,10 +2187,12 @@
-   BOOL allow_dollar_recipients = addr && addr->parent
-     && Ustrcmp(addr->parent->address, "system-filter") == 0;
- 
-   for (int i = 0; argv[i]; i++)
-     {
-+    DEBUG(D_expand) debug_printf_indent("arg %d\n", i);
-+
-     /* Handle special fudge for passing an address list */
- 
-     if (addr &&
-         (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
-          Ustrcmp(argv[i], "${pipe_addresses}") == 0))
-@@ -2361,11 +2363,11 @@
-           }
-         else *errptr = msg;
-         return FALSE;
-         }
- 
--      if ( f.running_in_test_harness && is_tainted(expanded_arg)
-+      if (  f.running_in_test_harness && is_tainted(expanded_arg)
- 	 && Ustrcmp(etext, "queryprogram router") == 0)
- 	{			/* hack, would be good to not need it */
- 	DEBUG(D_transport)
- 	  debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n",
- 		      expanded_arg);
diff -Nru exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
--- exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch	1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch	2023-05-10 18:30:35.000000000 +0200
@@ -0,0 +1,46 @@
+From a8786a66feb3c003c74551399b345b1634cc6739 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 4 May 2023 15:41:46 +0100
+Subject: [PATCH 1/3] Fix variable initialisation in smtp transport.  Bug 2996
+
+---
+ doc/ChangeLog     | 8 ++++++++
+ src/transports/smtp.c | 2 +-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -54,10 +54,18 @@ JH/20 Fix TLSA lookups.  Previously dns_
+ 
+ JH/23 Fix crash in string expansions. Previously, if an empty variable was
+       immediately followed by an expansion operator, a null-indirection read
+       was done, killing the process.
+ 
++JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
++      message being considered for delivery was already being handled by
++      another process, and having an SMTP connection already open, the function
++      to close it tried to use an uninitialized variable.  This would afftect
++      high-volume sites more, especially when running mailing-list-style loads.
++      Pollution of logs was the major effect, as the other process delivered
++      the message.  Found and partly investigated by Graeme Fowler.
++
+ 
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+--- a/src/transports/smtp.c
++++ b/src/transports/smtp.c
+@@ -4950,11 +4950,11 @@ Returns:    nothing
+ void
+ smtp_transport_closedown(transport_instance *tblock)
+ {
+ smtp_transport_options_block * ob = SOB tblock->options_block;
+ client_conn_ctx cctx;
+-smtp_context sx;
++smtp_context sx = {0};
+ uschar buffer[256];
+ uschar inbuffer[4096];
+ uschar outbuffer[16];
+ 
+ /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
diff -Nru exim4-4.96/debian/patches/series exim4-4.96/debian/patches/series
--- exim4-4.96/debian/patches/series	2023-02-04 13:30:26.000000000 +0100
+++ exim4-4.96/debian/patches/series	2023-05-10 18:30:35.000000000 +0200
@@ -30,4 +30,5 @@
 75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch
 75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch
 75_66-Fix-crash-in-expansions.patch
+75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
 90_localscan_dlopen.dpatch

Attachment: signature.asc
Description: PGP signature

Reply to: