openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-21 19:14:30 +04:00
Code Issues Packages Projects Releases Wiki Activity
Files
6c55fe0c4345980fa6fac2782ae4bfc7d6b4a264
packages/mail/exim/patches/100-localscan_dlopen.patch
Daniel Golle 00c4a7f9c3 exim: update to 4.98 
Remove upstreamed patch 300-avoid-time-printf.patch
Exim/exim@9ae8613607

Exim version 4.98
-----------------

JH/01 Support list of dkim results in the dkim_status ACL condition, making
      it more usable in the data ACL.

JH/02 Bug 3040: Handle error on close of the spool data file during reception.
      Previously This was only logged, on the assumption that errors would be
      seen for a previous fflush().  However, a fuse filesystem has been
      reported as showing this an error for the fclose().  The spool is now in
      an uncertain state, and we have logged and responded acceptance.  Change
      this to respond with a temp-reject, wipe spoolfiles, and log the error
      detail.

JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA.  When hit
      during a recipient verify callout, a QUIT command was attempted on the
      now-closed callout channel, causing a paniclog entry.

JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
      a connection_reject log_selector, under tls_on_connect.  Previously
      with this combination, when the connect ACL rejected, a spurious
      paniclog entry was made.

JH/05 Fix TLS resumption for TLS-on-connect.  This was broken by the advent
      of loadbalancer-detection for resumption, in 4.96 - which tries to
      use the EHLO response. SMTPS does not have one at the time it is starting
      TLS.  Change the default for the smtp transport host_name_extract option
      to be a static string, for TLS-on-connect cases; meaning that resumption
      will always be attempted (unless deliberately overriden).

JH/06 Bug 3054: Fix dnsdb lookup for a TXT record with multiple chunks, with a
      chunk-separator specification.  This was broken by hardening introduced
      for Bug 3031.

JH/07 Bug 3050: Fix -bp for old message_id format spoolfiles.  Previously it
      included the -H with the id; this also messed up exiqgrep.

JH/08 Bug 3056: Tighten up parsing of DKIM DNS records.  Previously, whitespace
      was not properly skipped and empty elements would cause mis-parsing.
      Tighten parsing of DKIM header records.  Previously, all but lowercase
      alpha chars would be ignored in potential tag names.

JH/09 Bug 3057: Add heuristic for spotting mistyped IPv6 addresses in lists
      being searched.  Previously we only had one for IPv4 addresses. Per the
      documentation, the error results by default in a no-match result for the
      list.  It is logged if the unknown_in_list log_selector is used.

JH/10 Bug 3058: Ensure that a failing expansion in a router "set" option defers
      the routing operation.  Previously it would silently stop routing the
      message.

JH/11 Bug 3046: Fix queue-runs.  Previously, the arrivel of a notification or
      info-request event close in time to a scheduled run timer could result in
      the latter being missed, and no further queue scheduled runs being
      initiated.  This ouwld be more likely on high-load systems.

JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
      LF-only mode (as detected from the first header line).  Previously we did
      accept that in (normal) CRLF mode; this has been raised as a possible
      attack scenario (under the name "smtp smuggling").

JH/13 Add an fdatasync call for the received message data file in spool, before
      loggging reception and sending the SMTP ack.  Previously we only flushed
      the stdio buffer so there was still the possibility of a disk error.

JH/14 Bug 3061: Avoid a split log line when trying to rewrite a malformed
      address.  Previously, for the last address in a header line (commonly
      there is only one) the terminating newline was part of the logged
      information.

JH/15 Bug 3061: Ensure a log line is written for a malformed address in a
      header, when parsing for address-qualification.  Previously one was only
      written if there were rewrite rules.

JH/16 Two-phase queue runs are now reported in the daemon startup log line and
      in exiwhat output.

JH/17 Bug 3064: Fix combination of "-q<period> -R <recipients>". Introduction of
      the multiple-queue-runners facility for 4.97 broke this, giving only a
      one-time run of the queue.

JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style
      lookups.

JH/19 Fix TLS startup. When the last expansion done before the initiation of a
      TLS session resulted in a forced-fail, a misleading error was logged for
      the expansino of tls_certificates.  This would affect the common case of
      that option being set (main-section options) but not having any variable
      parts.  It could also potentially affect tls_privatekeys.  The underlyding
      coding errors go back to 4.90 but were only exposed in 4.97.

JH/20 Bug 3047: A recent (somewhere between 10.34 and 10.42) version of the
      pcre2 library starting allocating 20kB rather than 112 bytes per match
      call, which broke the 2GB total limitation on Exim's memory management
      when a user had over 104207 messages stored and the appendfile
      maildir_quota_directory_regex option is in use.  Release the allocated
      memory every thosand files to avoid this.
      The same issue arises with the ACL regex condition, which is applied
      to every line of a received message.

JH/21 Bug 3059: Fix crash in smtp transport. When running for a message for
      which all recipients had been handled (itself an issue) a null-pointer
      deref was done on trying to write a retry record. Fix that by counting
      the outstanding recipients before trying to transmit the message.
      The situation arose for a second MX try within a transport run, when the
      first had perm-rejected a recipient (the only one for the connection, in
      the case seen) during pipelining, and then closed the TCP connection.
      The transport classified that as an I/O error, leaving the message
      outstanding but having marked up the recipient as dealt-with. It then
      tried another MX because of the I/O error. Fix this by converting the
      message-level status to ok if there was a close but all recipients were
      dealt with.  Thanks to Wolfgand Breyha for debug runs.

JH/22 The ESMTP_LIMITS facility (RFC 9422) is promoted from experimental status
      and is now controlled by the build-time option DISABLE_ESMTP_LIMITS.

JH/23 Bug 3066: Avoid leaking lookup database credentials to log.

JH/24 Bug 3081: Fix a delivery process crash.  When the router "errors_to"
      option specified a fixed address, later rewriting on that address would
      trip on the configuration data being readonly.  Instead of modifying
      in-place, copy data.  Found and fixed by Peter Benie.

JH/25 Bug 3079: Fix crash in dbmnz.  When a key was present for zero-length
      data a null pointer was followed.  Find and testcase by Sebastian Bugge.

JH/26 Fix encoding for an AUTH parameter on a MAIL FROM command.  Previously
      decimal 127 chars were not encoded, and lowercase hex was used for
      encoded values.  Outstanding since at least 1999.

JH/27 Fix crash in logging.  When a message with a large number of recipients
      had been received, and logging of recipients is enabled, the buffer used
      for logging could reach limit.  A read using a null pointer would then
      be done, resulting in a crash of the receiving process before an SMTP
      ACK for the message was returned to the sending system.  Duplicate
      messages were created as a result.
      Find and debug help by Mateusz Krawczyk

JH/28 Bug 3086: Fix exinext for ipv6.  Change the format of keys in the retry
      DB, wrapping transport record bare-ip "host names" and ipv6
      "host addresses" in square-brackets.  This makes the parsing that
      exinext does more reliable.

JH/29 Bug 3087: Fix SRS encode.  A zero-length quoted element in the local-part
      would cause a crash.

JH/30 Bug 3029: Avoid feeding Resent-From: to DMARC.

JH/31 Bug 3027: For -bh / -bhc tests change to using the compressed form of
      ipv6 addresses for the sender.  Previously the uncompressed form was used,
      and if used in textual form this would result in behavior difference
      versus non-bh.

JH/32 Bug 3096: MAIL before HELO/EHLO, where required by hosts_require_helo, is
      now classed as a protocol error and subject to smtp_max_synprot_errors.

JH/33 Bug 2994: A subdir dsearch lookup should permit a directory name that starts
      ".." and has following characters.

JH/34 Fix delivery ordering for 2-phase queue run combined with
      queue_run_in_order.

JH/35 Bug 3099: fix parsing of MIME filename= split over multiple paramemters.
      Previously the $mime_filename variable would have an incorrect value.
      While in the code, extend coverage to name= which previously was only
      supported for single parameters, despite also filling in $mime_filename.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-07-17 14:52:00 +01:00

306 lines
10 KiB
Diff
Raw Blame History

Description: Allow one to use and switch between different local_scan functions
without recompiling exim.
http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from
David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc
MERLIN for SA-Exim and minor/major API version tracking
Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN
Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/
Forwarded: https://bugs.exim.org/show_bug.cgi?id=2671
Last-Update: 2021-07-28
--- a/src/EDITME
+++ b/src/EDITME
@@ -913,6 +913,21 @@ HEADERS_CHARSET="ISO-8859-1"
#------------------------------------------------------------------------------
+# On systems which support dynamic loading of shared libraries, Exim can
+# load a local_scan function specified in its config file instead of having
+# to be recompiled with the desired local_scan function. For a full
+# description of the API to this function, see the Exim specification.
+
+DLOPEN_LOCAL_SCAN=yes
+
+# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
+# linker flags. Without it, the loaded .so won't be able to access any
+# functions from exim.
+
+LDFLAGS += -rdynamic
+CFLAGS += -fvisibility=hidden
+
+#------------------------------------------------------------------------------
# The default distribution of Exim contains only the plain text form of the
# documentation. Other forms are available separately. If you want to install
# the documentation in "info" format, first fetch the Texinfo documentation
--- a/src/config.h.defaults
+++ b/src/config.h.defaults
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'def
#define AUTH_VARS 4
+#define DLOPEN_LOCAL_SCAN
+
#define BIN_DIRECTORY
#define CONFIGURE_FILE
--- a/src/globals.c
+++ b/src/globals.c
@@ -118,6 +118,10 @@ int dsn_ret = 0;
const pcre2_code *regex_DSN = NULL;
uschar *dsn_advertise_hosts = NULL;
+#ifdef DLOPEN_LOCAL_SCAN
+uschar *local_scan_path = NULL;
+#endif
+
#ifndef DISABLE_TLS
BOOL gnutls_compat_mode = FALSE;
BOOL gnutls_allow_auto_pkcs11 = FALSE;
--- a/src/globals.h
+++ b/src/globals.h
@@ -157,6 +157,9 @@ extern int dsn_ret; /
extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */
extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path; /* Path to local_scan() library */
+#endif
/* Input-reading functions for messages, so we can use special ones for
incoming TCP/IP. */
--- a/src/local_scan.c
+++ b/src/local_scan.c
@@ -8,58 +8,133 @@
/* SPDX-License-Identifier: GPL-2.0-or-later */
-/******************************************************************************
-This file contains a template local_scan() function that just returns ACCEPT.
-If you want to implement your own version, you should copy this file to, say
-Local/local_scan.c, and edit the copy. To use your version instead of the
-default, you must set
-
-HAVE_LOCAL_SCAN=yes
-LOCAL_SCAN_SOURCE=Local/local_scan.c
-
-in your Local/Makefile. This makes it easy to copy your version for use with
-subsequent Exim releases.
-
-For a full description of the API to this function, see the Exim specification.
-******************************************************************************/
-
-
/* This is the only Exim header that you should include. The effect of
including any other Exim header is not defined, and may change from release to
release. Use only the documented interface! */
#include "local_scan.h"
-
-/* This is a "do-nothing" version of a local_scan() function. The arguments
-are:
-
- fd The file descriptor of the open -D file, which contains the
- body of the message. The file is open for reading and
- writing, but modifying it is dangerous and not recommended.
-
- return_text A pointer to an unsigned char* variable which you can set in
- order to return a text string. It is initialized to NULL.
-
-The return values of this function are:
-
- LOCAL_SCAN_ACCEPT
- The message is to be accepted. The return_text argument is
- saved in $local_scan_data.
-
- LOCAL_SCAN_REJECT
- The message is to be rejected. The returned text is used
- in the rejection message.
-
- LOCAL_SCAN_TEMPREJECT
- This specifies a temporary rejection. The returned text
- is used in the rejection message.
-*/
+#ifdef DLOPEN_LOCAL_SCAN
+#include <dlfcn.h>
+static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
+static int load_local_scan_library(void);
+#endif
int
local_scan(int fd, uschar **return_text)
{
-return LOCAL_SCAN_ACCEPT;
+
+#ifdef DLOPEN_LOCAL_SCAN
+/* local_scan_path is defined AND not the empty string */
+if (local_scan_path && *local_scan_path)
+ {
+ if (!local_scan_fn)
+ {
+ if (!load_local_scan_library())
+ {
+ char *base_msg , *error_msg , *final_msg ;
+ int final_length = -1 ;
+
+ base_msg=US"Local configuration error - local_scan() library failure\n";
+ error_msg = dlerror() ;
+
+ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
+ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
+ *final_msg = '\0' ;
+
+ strcat( final_msg , base_msg ) ;
+ strcat( final_msg , error_msg ) ;
+
+ *return_text = final_msg ;
+ return LOCAL_SCAN_TEMPREJECT;
+ }
+ }
+ return local_scan_fn(fd, return_text);
+ }
+else
+#endif
+ return LOCAL_SCAN_ACCEPT;
+}
+
+#ifdef DLOPEN_LOCAL_SCAN
+
+static int load_local_scan_library(void)
+{
+/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
+void *local_scan_lib = NULL;
+int (*local_scan_version_fn)(void);
+int vers_maj;
+int vers_min;
+
+local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
+if (!local_scan_lib)
+ {
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
+ "message temporarily rejected");
+ return FALSE;
+ }
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
+if (!local_scan_version_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan_version_major() function - message temporarily rejected");
+ return FALSE;
+ }
+
+/* The major number is increased when the ABI is changed in a non
+ backward compatible way. */
+vers_maj = local_scan_version_fn();
+
+local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
+if (!local_scan_version_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan_version_minor() function - message temporarily rejected");
+ return FALSE;
+ }
+
+/* The minor number is increased each time a new feature is added (in a
+ way that doesn't break backward compatibility) -- Marc */
+vers_min = local_scan_version_fn();
+
+
+if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
+ {
+ dlclose(local_scan_lib);
+ local_scan_lib = NULL;
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
+ "version number, you need to recompile your module for this version"
+ "of exim (The module was compiled for version %d.%d and this exim provides"
+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+ LOCAL_SCAN_ABI_VERSION_MINOR);
+ return FALSE;
+ }
+else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
+ {
+ dlclose(local_scan_lib);
+ local_scan_lib = NULL;
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
+ "version number, you need to recompile your module for this version"
+ "of exim (The module was compiled for version %d.%d and this exim provides"
+ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
+ LOCAL_SCAN_ABI_VERSION_MINOR);
+ return FALSE;
+ }
+
+local_scan_fn = dlsym(local_scan_lib, "local_scan");
+if (!local_scan_fn)
+ {
+ dlclose(local_scan_lib);
+ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
+ "local_scan() function - message temporarily rejected");
+ return FALSE;
+ }
+return TRUE;
}
+#endif /* DLOPEN_LOCAL_SCAN */
+
/* End of local_scan.c */
--- a/src/local_scan.h
+++ b/src/local_scan.h
@@ -28,6 +28,7 @@ settings, and the store functions. */
#include <stdarg.h>
#include <sys/types.h>
+#pragma GCC visibility push(default)
#include "config.h"
#include "mytypes.h"
#include "store.h"
@@ -177,6 +178,9 @@ extern header_line *header_list; /
extern BOOL host_checking; /* Set when checking a host */
extern uschar *interface_address; /* Interface for incoming call */
extern int interface_port; /* Port number for incoming call */
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path;
+#endif
extern uschar *message_id; /* Internal id of message being handled */
extern uschar *received_protocol; /* Name of incoming protocol */
extern int recipients_count; /* Number of recipients */
@@ -247,4 +251,6 @@ extern pid_t child_open_exim2_functio
extern pid_t child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *);
#endif
+#pragma GCC visibility pop
+
/* End of local_scan.h */
--- a/src/readconf.c
+++ b/src/readconf.c
@@ -219,6 +219,9 @@ static optionlist optionlist_config[] =
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
+#ifdef DLOPEN_LOCAL_SCAN
+ { "local_scan_path", opt_stringptr, &local_scan_path },
+#endif
#ifdef HAVE_LOCAL_SCAN
{ "local_scan_timeout", opt_time, {&local_scan_timeout} },
#endif
--- a/src/string.c
+++ b/src/string.c
@@ -455,6 +455,7 @@ return ss;
#if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
&& !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
+#pragma GCC visibility push(default)
/*************************************************
* Copy and save string *
*************************************************/
@@ -500,6 +501,7 @@ string_copyn_function(const uschar * s,
{
return string_copyn(s, n);
}
+#pragma GCC visibility pop
#endif
Reference in New Issue View Git Blame Copy Permalink