Bug#1036025: marked as done (unblock: exim4/4.96-15)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#1036025: marked as done (unblock: exim4/4.96-15)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 14 May 2023 18:33:05 +0000
Message-id: <[🔎] handler.1036025.D1036025.1684088917691258.ackdone@bugs.debian.org>
Reply-to: 1036025@bugs.debian.org
References: <E1pyGSQ-001GMI-8S@respighi.debian.org> <[🔎] ZF+ObucSr8wZSdrY@argenau.bebt.de>

Your message dated Sun, 14 May 2023 18:28:34 +0000
with message-id <E1pyGSQ-001GMI-8S@respighi.debian.org>
and subject line unblock exim4
has caused the Debian Bug report #1036025,
regarding unblock: exim4/4.96-15
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036025: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036025
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: exim4/4.96-15
From: Andreas Metzler <ametzler@bebt.de>
Date: Sat, 13 May 2023 15:19:42 +0200
Message-id: <[🔎] ZF+ObucSr8wZSdrY@argenau.bebt.de>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: exim4@packages.debian.org
Control: affects -1 + src:exim4

Please unblock package exim4

This fixes an initialzation error which caused a crash in the smtp
transport. See https://bugs.exim.org/show_bug.cgi?id=2996

It is a one-line change, I have also removed garbage (unapplied patch)
from debian/patches.

cu Andreas

unblock exim4/4.96-15

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru exim4-4.96/debian/changelog exim4-4.96/debian/changelog
--- exim4-4.96/debian/changelog	2023-02-04 13:33:50.000000000 +0100
+++ exim4-4.96/debian/changelog	2023-05-10 18:30:35.000000000 +0200
@@ -1,3 +1,12 @@
+exim4 (4.96-15) unstable; urgency=medium
+
+  * Pull from upstream GIT master:
+    + 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+      Fix a crash in the smtp transport.
+      https://bugs.exim.org/show_bug.cgi?id=2996
+
+ -- Andreas Metzler <ametzler@debian.org>  Wed, 10 May 2023 18:30:35 +0200
+
 exim4 (4.96-14) unstable; urgency=medium
 
   * Pull from upstream GIT master:
diff -Nru exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch
--- exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch	2022-12-04 08:02:50.000000000 +0100
+++ exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,99 +0,0 @@
-From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Sat, 3 Dec 2022 23:13:53 +0000
-Subject: [PATCH] Fix ${run } arg parsing
-
-Broken-by: cfe6acff2ddc
----
- doc/ChangeLog        |  4 ++++
- src/expand.c             | 13 ++++++++++---
- src/transport.c          |  4 +++-
- test/scripts/0000-Basic/0002 |  2 ++
- test/stdout/0002             |  2 ++
- 5 files changed, 21 insertions(+), 4 deletions(-)
-
---- a/doc/ChangeLog
-+++ b/doc/ChangeLog
-@@ -28,10 +28,14 @@
- JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
-       a capture group which obtained no text (eg. "(abc)*" matching zero
-       occurrences) could cause a segfault if the corresponding $<n> was
-       expanded.
- 
-+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
-+      included a close-brace character (eg. it itself used an expansion) an
-+      error occurred.
-+
- 
- 
- Exim version 4.96
- -----------------
- 
---- a/src/expand.c
-+++ b/src/expand.c
-@@ -5529,11 +5529,11 @@
-       {
-       FILE * f;
-       const uschar * arg, ** argv;
-       BOOL late_expand = TRUE;
- 
--      if ((expand_forbid & RDO_RUN) != 0)
-+      if (expand_forbid & RDO_RUN)
-         {
-         expand_string_message = US"running a command is not permitted";
-         goto EXPAND_FAILED;
-         }
- 
-@@ -5561,16 +5561,23 @@
- 	}
-       s++;
- 
-       if (late_expand)		/* this is the default case */
- 	{
--	int n = Ustrcspn(s, "}");
-+	int n;
-+	const uschar * t;
-+	/* Locate the end of the args */
-+	(void) expand_string_internal(s,
-+	  ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, &t, NULL, NULL);
-+	n = t - s;
- 	arg = skipping ? NULL : string_copyn(s, n);
- 	s += n;
- 	}
-       else
- 	{
-+	DEBUG(D_expand)
-+	  debug_printf_indent("args string for ${run} expand before split\n");
- 	if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok)))
- 	  goto EXPAND_FAILED;
- 	Uskip_whitespace(&s);
- 	}
- 							/*{*/
---- a/src/transport.c
-+++ b/src/transport.c
-@@ -2187,10 +2187,12 @@
-   BOOL allow_dollar_recipients = addr && addr->parent
-     && Ustrcmp(addr->parent->address, "system-filter") == 0;
- 
-   for (int i = 0; argv[i]; i++)
-     {
-+    DEBUG(D_expand) debug_printf_indent("arg %d\n", i);
-+
-     /* Handle special fudge for passing an address list */
- 
-     if (addr &&
-         (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
-          Ustrcmp(argv[i], "${pipe_addresses}") == 0))
-@@ -2361,11 +2363,11 @@
-           }
-         else *errptr = msg;
-         return FALSE;
-         }
- 
--      if ( f.running_in_test_harness && is_tainted(expanded_arg)
-+      if (  f.running_in_test_harness && is_tainted(expanded_arg)
- 	 && Ustrcmp(etext, "queryprogram router") == 0)
- 	{			/* hack, would be good to not need it */
- 	DEBUG(D_transport)
- 	  debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n",
- 		      expanded_arg);
diff -Nru exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
--- exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch	1970-01-01 01:00:00.000000000 +0100
+++ exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch	2023-05-10 18:30:35.000000000 +0200
@@ -0,0 +1,46 @@
+From a8786a66feb3c003c74551399b345b1634cc6739 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Thu, 4 May 2023 15:41:46 +0100
+Subject: [PATCH 1/3] Fix variable initialisation in smtp transport.  Bug 2996
+
+---
+ doc/ChangeLog     | 8 ++++++++
+ src/transports/smtp.c | 2 +-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -54,10 +54,18 @@ JH/20 Fix TLSA lookups.  Previously dns_
+ 
+ JH/23 Fix crash in string expansions. Previously, if an empty variable was
+       immediately followed by an expansion operator, a null-indirection read
+       was done, killing the process.
+ 
++JH/28 Bug 2996: Fix a crash in the smtp transport.  When finding that the
++      message being considered for delivery was already being handled by
++      another process, and having an SMTP connection already open, the function
++      to close it tried to use an uninitialized variable.  This would afftect
++      high-volume sites more, especially when running mailing-list-style loads.
++      Pollution of logs was the major effect, as the other process delivered
++      the message.  Found and partly investigated by Graeme Fowler.
++
+ 
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+--- a/src/transports/smtp.c
++++ b/src/transports/smtp.c
+@@ -4950,11 +4950,11 @@ Returns:    nothing
+ void
+ smtp_transport_closedown(transport_instance *tblock)
+ {
+ smtp_transport_options_block * ob = SOB tblock->options_block;
+ client_conn_ctx cctx;
+-smtp_context sx;
++smtp_context sx = {0};
+ uschar buffer[256];
+ uschar inbuffer[4096];
+ uschar outbuffer[16];
+ 
+ /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */
diff -Nru exim4-4.96/debian/patches/series exim4-4.96/debian/patches/series
--- exim4-4.96/debian/patches/series	2023-02-04 13:30:26.000000000 +0100
+++ exim4-4.96/debian/patches/series	2023-05-10 18:30:35.000000000 +0200
@@ -30,4 +30,5 @@
 75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch
 75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch
 75_66-Fix-crash-in-expansions.patch
+75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
 90_localscan_dlopen.dpatch

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 1036025-done@bugs.debian.org

Subject: unblock exim4

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Sun, 14 May 2023 18:28:34 +0000

Message-id: <E1pyGSQ-001GMI-8S@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#1036025: unblock: exim4/4.96-15
  - From: Andreas Metzler <ametzler@bebt.de>

Prev by Date: Bug#1036003: marked as done (unblock: adacgi/1.6-32 and 20 Ada libraries)
Next by Date: Bug#1036031: marked as done (unblock: python-mitogen/0.3.3-9)
Previous by thread: Processed: unblock: exim4/4.96-15
Next by thread: Bug#1036026: unblock: libssh/0.10.5-1
Index(es):
- Date
- Thread