Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: exim4@packages.debian.org
Control: affects -1 + src:exim4
Hello,
I would like to get most of the changes from 4.96-16 (unstable/testing)
into bookworm:
* 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion.
Previously, when an argument included a close-brace character (eg. it
itself used an expansion) an error occurred. Closes: #1025420
* 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
master: Fix ${srs_encode ..}. Previously it would give a bad result for
one day every 1024 days.
The former is something has already popped up a couple of times on the
upstream user support mailing list.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff --git a/debian/changelog b/debian/changelog
index fbbb8c20..0231dc69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+exim4 (4.96-15+deb12u1) bookworm; urgency=medium
+
+ * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
+ Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion.
+ Previously, when an argument included a close-brace character (eg. it
+ itself used an expansion) an error occurred. Closes: #1025420
+ * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
+ master: Fix ${srs_encode ..}. Previously it would give a bad result for
+ one day every 1024 days.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 02 Jul 2023 14:56:17 +0200
+
exim4 (4.96-15) unstable; urgency=medium
* Pull from upstream GIT master:
diff --git a/debian/patches/75_42-Fix-run-arg-parsing.patch b/debian/patches/75_42-Fix-run-arg-parsing.patch
new file mode 100644
index 00000000..79e55d61
--- /dev/null
+++ b/debian/patches/75_42-Fix-run-arg-parsing.patch
@@ -0,0 +1,100 @@
+From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sat, 3 Dec 2022 23:13:53 +0000
+Subject: [PATCH] Fix ${run } arg parsing
+ .
+ Backported by Bryce Harrington for Ubuntu
+
+Broken-by: cfe6acff2ddc
+---
+ doc/ChangeLog | 4 ++++
+ src/expand.c | 13 ++++++++++---
+ src/transport.c | 4 +++-
+ test/scripts/0000-Basic/0002 | 2 ++
+ test/stdout/0002 | 2 ++
+ 5 files changed, 21 insertions(+), 4 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -28,10 +28,14 @@ JH/13 Bug 2929: Fix using $recipients af
+ JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+ a capture group which obtained no text (eg. "(abc)*" matching zero
+ occurrences) could cause a segfault if the corresponding $<n> was
+ expanded.
+
++JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
++ included a close-brace character (eg. it itself used an expansion) an
++ error occurred.
++
+
+
+ Exim version 4.96
+ -----------------
+
+--- a/src/expand.c
++++ b/src/expand.c
+@@ -5529,11 +5529,11 @@ while (*s)
+ {
+ FILE * f;
+ const uschar * arg, ** argv;
+ BOOL late_expand = TRUE;
+
+- if ((expand_forbid & RDO_RUN) != 0)
++ if (expand_forbid & RDO_RUN)
+ {
+ expand_string_message = US"running a command is not permitted";
+ goto EXPAND_FAILED;
+ }
+
+@@ -5561,16 +5561,22 @@ while (*s)
+ }
+ s++;
+
+ if (late_expand) /* this is the default case */
+ {
+- int n = Ustrcspn(s, "}");
++ int n;
++ const uschar * t;
++ /* Locate the end of the args */
++ (void) expand_string_internal(s, TRUE, &t, TRUE, TRUE, NULL);
++ n = t - s;
+ arg = skipping ? NULL : string_copyn(s, n);
+ s += n;
+ }
+ else
+ {
++ DEBUG(D_expand)
++ debug_printf_indent("args string for ${run} expand before split\n");
+ if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok)))
+ goto EXPAND_FAILED;
+ Uskip_whitespace(&s);
+ }
+ /*{*/
+--- a/src/transport.c
++++ b/src/transport.c
+@@ -2187,10 +2187,12 @@ if (expand_arguments)
+ BOOL allow_dollar_recipients = addr && addr->parent
+ && Ustrcmp(addr->parent->address, "system-filter") == 0;
+
+ for (int i = 0; argv[i]; i++)
+ {
++ DEBUG(D_expand) debug_printf_indent("arg %d\n", i);
++
+ /* Handle special fudge for passing an address list */
+
+ if (addr &&
+ (Ustrcmp(argv[i], "$pipe_addresses") == 0 ||
+ Ustrcmp(argv[i], "${pipe_addresses}") == 0))
+@@ -2361,11 +2363,11 @@ if (expand_arguments)
+ }
+ else *errptr = msg;
+ return FALSE;
+ }
+
+- if ( f.running_in_test_harness && is_tainted(expanded_arg)
++ if ( f.running_in_test_harness && is_tainted(expanded_arg)
+ && Ustrcmp(etext, "queryprogram router") == 0)
+ { /* hack, would be good to not need it */
+ DEBUG(D_transport)
+ debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n",
+ expanded_arg);
diff --git a/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch b/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch
index 5992faca..55c983e4 100644
--- a/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch
+++ b/debian/patches/75_50-Fix-logging-of-max-size-log-line.patch
@@ -19,11 +19,11 @@ Broken-by: d12746bc15d8
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
-@@ -28,10 +28,15 @@ JH/13 Bug 2929: Fix using $recipients af
- JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
- a capture group which obtained no text (eg. "(abc)*" matching zero
- occurrences) could cause a segfault if the corresponding $<n> was
- expanded.
+@@ -32,10 +32,15 @@ JH/14 Bug 2933: Fix regex substring matc
+
+ JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
+ included a close-brace character (eg. it itself used an expansion) an
+ error occurred.
+JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line
+ was exactly sized compared to the log buffer, a crash occurred with the
diff --git a/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch b/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch
new file mode 100644
index 00000000..dddd5e9a
--- /dev/null
+++ b/debian/patches/75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch
@@ -0,0 +1,62 @@
+From 51f9c07cd341c9c1a09b3816df988c6f44477c99 Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Tue, 11 Apr 2023 11:59:08 +0100
+Subject: [PATCH] Fix ${srs_encode ..} for mod-1024 day zero
+
+---
+ doc/ChangeLog | 3 +++
+ src/expand.c | 10 ++++------
+ 2 files changed, 7 insertions(+), 6 deletions(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -54,10 +54,13 @@ JH/20 Fix TLSA lookups. Previously dns_
+
+ JH/23 Fix crash in string expansions. Previously, if an empty variable was
+ immediately followed by an expansion operator, a null-indirection read
+ was done, killing the process.
+
++JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day
++ every 1024 days.
++
+
+ Exim version 4.96
+ -----------------
+
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+--- a/src/expand.c
++++ b/src/expand.c
+@@ -3440,11 +3440,11 @@ switch(cond_type = identify_operator(&s,
+ case 3: return NULL;
+ }
+
+ /* Match the given local_part against the SRS-encoded pattern */
+
+- re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)$",
++ re = regex_must_compile(US"^(?i)SRS0=([^=]+)=([A-Z2-7]{2})=([^=]*)=(.*)$",
+ TRUE, FALSE);
+ md = pcre2_match_data_create(4+1, pcre_gen_ctx);
+ if (pcre2_match(re, sub[0], PCRE2_ZERO_TERMINATED, 0, PCRE_EOPT,
+ md, pcre_mtc_ctx) < 0)
+ {
+@@ -6957,17 +6957,15 @@ while (*s)
+
+ /* ${base32:${eval:$tod_epoch/86400&0x3ff}}= */
+ {
+ struct timeval now;
+ unsigned long i;
+- gstring * h = NULL;
+
+ gettimeofday(&now, NULL);
+- for (unsigned long i = (now.tv_sec / 86400) & 0x3ff; i; i >>= 5)
+- h = string_catn(h, &base32_chars[i & 0x1f], 1);
+- if (h) while (h->ptr > 0)
+- g = string_catn(g, &h->s[--h->ptr], 1);
++ i = (now.tv_sec / 86400) & 0x3ff;
++ g = string_catn(g, &base32_chars[i >> 5], 1);
++ g = string_catn(g, &base32_chars[i & 0x1f], 1);
+ }
+ g = string_catn(g, US"=", 1);
+
+ /* ${domain:$return_path}=${local_part:$return_path} */
+ {
diff --git a/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch b/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
index 16b7d6fe..4a2e3b54 100644
--- a/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
+++ b/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
@@ -10,12 +10,12 @@ Subject: [PATCH 1/3] Fix variable initialisation in smtp transport. Bug 2996
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
-@@ -54,10 +54,18 @@ JH/20 Fix TLSA lookups. Previously dns_
-
- JH/23 Fix crash in string expansions. Previously, if an empty variable was
- immediately followed by an expansion operator, a null-indirection read
+@@ -61,10 +61,18 @@ JH/23 Fix crash in string expansions. Pr
was done, killing the process.
+ JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day
+ every 1024 days.
+
+JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the
+ message being considered for delivery was already being handled by
+ another process, and having an SMTP connection already open, the function
diff --git a/debian/patches/series b/debian/patches/series
index 62ab922b..2c94584d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,6 +22,7 @@
75_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch
75_37-OpenSSL-when-preloading-creds-do-the-server-certs-be.patch
75_38-OpenSSL-fix-double-expansion-of-tls_verify_certifica.patch
+75_42-Fix-run-arg-parsing.patch
75_50-Fix-logging-of-max-size-log-line.patch
75_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch
75_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch
@@ -30,5 +31,6 @@
75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch
75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch
75_66-Fix-crash-in-expansions.patch
+75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch
75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
90_localscan_dlopen.dpatch
Attachment:
signature.asc
Description: PGP signature