Index: head/mail/exim/Makefile =================================================================== --- head/mail/exim/Makefile (revision 537519) +++ head/mail/exim/Makefile (revision 537520) @@ -1,644 +1,646 @@ # Created by: markm@FreeBSD.org # $FreeBSD$ PORTNAME= exim PORTVERSION?= ${EXIM_VERSION} -PORTREVISION?= 3 +PORTREVISION?= 0 CATEGORIES= mail MASTER_SITES= EXIM:exim MASTER_SITE_SUBDIR= /exim4/:exim \ /exim4/fixes/:exim \ /exim4/old/:exim DISTNAME= ${PORTNAME}-${EXIM_VERSION} DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:exim DIST_SUBDIR= exim EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= fluffy@FreeBSD.org COMMENT?= High performance MTA for Unix systems on the Internet LICENSE= GPLv2 USES= compiler cpe tar:bzip2 perl5 USE_CSTD= c99 USE_PERL5= run # Exim build system is job unsafe atm MAKE_JOBS_UNSAFE= yes # One can tune the following "hidden" knobs: # - EXIM_USER: user exim is running as; # - EXIM_GROUP: ditto for the group; # - LOGDIR: where Exim logs will be put; # - LOG_FILE_PATH: path where '%s' will be substituted with # the target name (main, reject, etc); # - CONFIG_FILE_PATH: path to the default configuration file; # - ALT_CONFIG_PREFIX: path to the default prefix for all # configuration files, excluding the main one; # will be effective only when WITH_ALT_CONFIG_PREFIX # will be set via OPTIONS. .if make(makesum) && !defined(FETCH_ALL) .error "You forgot to define FETCH_ALL to create the sane distinfo" .endif .include "options" OPTIONS_SUB= yes AUTH_SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 BDB_USES= bdb DMARC_LIB_DEPENDS= libopendmarc.so:mail/opendmarc EMBEDDED_PERL_USE= perl5=run,build EXIMON_USES= xorg EXIMON_USE= xorg=x11,xaw,xext,xmu,xt GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls ICONV_USES= iconv:lib,build INTERNATIONAL_LIB_DEPENDS= libidn.so:dns/libidn LMDB_LIB_DEPENDS= liblmdb.so:databases/lmdb MYSQL_USES= mysql OPENLDAP_USE= openldap=yes -PGSQL_USES= pgsql +PGSQL_LIB_DEPENDS= libicudata.so:devel/icu +PGSQL_USES= pgsql pkgconfig REDIS_LIB_DEPENDS= libhiredis.so:databases/hiredis SASLAUTHD_RUN_DEPENDS= ${LOCALBASE}/sbin/saslauthd:security/cyrus-sasl2-saslauthd SA_EXIM_RUN_DEPENDS= ${LOCALBASE}/bin/spamc:mail/spamassassin SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 +SQLITE_LIB_DEPENDS= libicudata.so:devel/icu SQLITE_USES= pkgconfig sqlite .include # OCSP is supported for openssl only .if ${PORT_OPTIONS:MOCSP} .if ! ${PORT_OPTIONS:MTLS} IGNORE= you cannot enable OCSP stapling without TLS support .elif ${PORT_OPTIONS:MGNUTLS} IGNORE= you cannot enable OCSP stapling with gnutls .endif .endif # DMARC implies SPF and DKIM .if ${PORT_OPTIONS:MDMARC} .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM} IGNORE= you cannot enable DMARC without SPF and DKIM support .endif .endif # ARC implies SPF and DKIM .if ${PORT_OPTIONS:MARC} .if ! ${PORT_OPTIONS:MSPF} || ! ${PORT_OPTIONS:MDKIM} IGNORE= you cannot enable ARC without SPF and DKIM support .endif .endif # DANE implies DNSSEC .if ${PORT_OPTIONS:MDANE} .if ! ${PORT_OPTIONS:MDNSSEC} || ! ${PORT_OPTIONS:MTLS} IGNORE= you cannot enable DANE without DNSSEC support or without TLS support .endif .endif .if ${PORT_OPTIONS:MSA_EXIM} || defined(FETCH_ALL) MASTER_SITES+= http://marc.merlins.org/linux/exim/files/:sa_exim \ SF/sa-exim/sa-exim/${SA_EXIM_VERSION}:sa_exim DISTFILES+= sa-exim-${SA_EXIM_VERSION}.tar.gz:sa_exim EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-Local-sa-exim.conf .endif -EXIM_VERSION= 4.93.0.4 +EXIM_VERSION= 4.94 SA_EXIM_VERSION=4.2.1 EXIM_INSTALL_ARG+= "-no_chown" "-no_symlink" EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name '74_*.patch'|${SORT} -h` .if !defined(EXIMON_ONLY) PLIST_SUB+= EXIM="" .if defined(PKGNAMESUFFIX) CONFLICTS+= ${PKGNAMEPREFIX}${PORTNAME}-4.* .endif .for suffix in -ldap2 -mysql -postgresql -sa-exim -sqlite .if !defined(PKGNAMESUFFIX) || ${PKGNAMESUFFIX} != ${suffix} CONFLICTS+= ${PKGNAMEPREFIX}${PORTNAME}${suffix}-4.* .endif .endfor .if ${PORT_OPTIONS:MEXIMON} CONFLICTS+= ${PKGNAMEPREFIX}${PORTNAME}-monitor-4.* .endif PKGMESSAGE= ${WRKDIR}/POST-INSTALL-NOTES .else # !EXIMON_ONLY PLIST_SUB+= EXIM="@comment " PORT_OPTIONS+= EXIMON PKGMESSAGE= ${WRKDIR}/pkg-message EXIM_INSTALL_ARG+= "eximon" "eximon.bin" .endif # !EXIMON_ONLY PORTDOC_BASE= ACKNOWLEDGMENTS NOTICE README.UPDATING PORTDOC_FILES= ChangeLog Exim3.upgrade Exim4.upgrade NewStuff \ OptionLists.txt README README.SIEVE dbm.discuss.txt \ experimental-spec.txt filter.txt spec.txt PORT_EXAMPLES= convert4r3 convert4r4 transport-filter.pl DAILY_SCRIPTS= 150.exim-tidydb 460.exim-mail-rejects MAKE_ENV+= OSTYPE="${OPSYS}" ARCHTYPE="${ARCH}" DUMMY_LDFLAGS="${DUMMY_LDFLAGS}" STRIP_COMMAND="${STRIP_CMD}" EXIM_USER?= mailnull EXIM_GROUP?= mail # Default user/group are system ones, so we don't want to check them .if ${EXIM_USER} != "mailnull" USERS= ${EXIM_USER} .endif .if ${EXIM_GROUP} != "mail" GROUPS= ${EXIM_GROUP} .endif LOGDIR?= /var/log/exim LOG_FILE_PATH?= ${LOGDIR}/%slog CONFIG_FILE_PATH?= ${PREFIX}/etc/exim/configure ALT_CONFIG_PREFIX?= ${PREFIX}/etc/exim/ EXIM_DYNAMIC_LDFLAGS= -fPIC -rdynamic -Wl,--export-dynamic SED_SCRIPT= -e 's,%%PREFIX%%,${PREFIX},g' \ -e 's,%%DOCSDIR%%,${DOCSDIR},g' \ -e 's,%%EXAMPLESDIR%%,${EXAMPLESDIR},g' \ -e 's,%%EXIM_USER%%,${EXIM_USER},g' \ -e 's,%%EXIM_GROUP%%,${EXIM_GROUP},g' \ -e 's,%%LOGDIR%%,${LOGDIR},g' SEDLIST+= -e 's,XX_CFLAGS_XX,${CFLAGS:S/,/\\,/g},' \ -e 's,XX_PREFIX_XX,${PREFIX:S/,/\\,/g},' \ -e 's,XX_LOCALBASE_XX,${LOCALBASE:S/,/\\,/g},' \ -e 's,XX_LOG_FILE_PATH_XX,${LOG_FILE_PATH:S/,/\\,/g},' \ -e 's,XX_CONFIG_FILE_PATH_XX,${CONFIG_FILE_PATH:S/,/\\,/g},' \ -e 's,XX_ALT_CONFIG_PREFIX_XX,${ALT_CONFIG_PREFIX:S/,/\\,/g},' \ -e 's,XX_EXIM_USER_XX,${EXIM_USER:S/,/\\,/g},' \ -e 's,XX_EXIM_GROUP_XX,${EXIM_GROUP:S/,/\\,/g},' \ -e 's,XX_DEFAULT_CHARSET_XX,${WITH_DEFAULT_CHARSET:S/,/\\,/g},' \ -e 's,XX_DYNAMIC_LDFLAGS_XX,${EXIM_DYNAMIC_LDFLAGS:S/,/\\,/g},' PLIST_SUB+= EXIM_VERSION="${EXIM_VERSION}-${PORTREVISION}" \ EXIM_USER=${EXIM_USER} \ EXIM_GROUP=${EXIM_GROUP} \ LOGDIR="${LOGDIR:S/^\///}" # Exim refuses to run local deliveries as root by default. You can # add other users to this colon-separated list that cannot be # overridden at runtime below, but are advised not to remove "root". #WITH_FIXED_NEVER_USERS= root:daemon:bin # When Exim is decoding MIME "words" in header lines it converts any foreign # character sets to the one that is set in the headers_charset option. # The default setting is defined by this setting: WITH_DEFAULT_CHARSET?= ISO-8859-1 # You should not need to fiddle with anything below this point. LIB_DEPENDS+= libpcre.so:devel/pcre .if ! ${PORT_OPTIONS:MDKIM} SEDLIST+= -e 's,^\# (DISABLE_DKIM=),\1,' .endif .if ${PORT_OPTIONS:MLISTMATCH_RHS} SEDLIST+= -e 's,^\# (EXPAND_LISTMATCH_RHS=),\1,' .endif .if ${PORT_OPTIONS:MDCC} SEDLIST+= -e 's,^\# (EXPERIMENTAL_DCC=),\1,' .endif .if ${PORT_OPTIONS:MPROXY} SEDLIST+= -e 's,^\# (SUPPORT_PROXY=),\1,' .endif .if ${PORT_OPTIONS:MCERTNAMES} SEDLIST+= -e 's,^\# (EXPERIMENTAL_CERTNAMES=),\1,' .endif .if ${PORT_OPTIONS:MDSN} SEDLIST+= -e 's,^\# (EXPERIMENTAL_DSN=),\1,' .endif .if !${PORT_OPTIONS:MDANE} SEDLIST+= -e 's,^(SUPPORT_DANE=),\#\1,' .endif .if ${PORT_OPTIONS:MARC} SEDLIST+= -e 's,^\# (EXPERIMENTAL_ARC=),\1,' .endif .if !${PORT_OPTIONS:MEVENT} SEDLIST+= -e 's,^\# (DISABLE_EVENT=),\1,' .endif .if ${PORT_OPTIONS:MINTERNATIONAL} SEDLIST+= -e 's,^\# (SUPPORT_I18N=),\1,' \ -e 's,XX_IDN_LIBS_XX,-L${LOCALBASE}/lib -lidn,' .else SEDLIST+= -e 's,XX_IDN_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MSOCKS} SEDLIST+= -e 's,^\# (SUPPORT_SOCKS=),\1,' .endif .if !${PORT_OPTIONS:MPRDR} SEDLIST+= -e 's,^\# (DISABLE_PRDR=),\1,' .endif .if !${PORT_OPTIONS:MOCSP} SEDLIST+= -e 's,^\# (DISABLE_OCSP=),\1,' .endif .if !${PORT_OPTIONS:MDNSSEC} SEDLIST+= -e 's,^\# (DISABLE_DNSSEC=),\1,' .endif .if ${PORT_OPTIONS:MDMARC} SEDLIST+= -e 's,XX_DMARC_LIBS_XX,-L${LOCALBASE}/lib -lopendmarc,' \ -e 's,^\# (SUPPORT_DMARC=),\1,' .else SEDLIST+= -e 's,XX_DMARC_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MWISHLIST} EXTRA_PATCHES+= `${FIND} ${PATCHDIR} -name 'wishlist-*.patch'` .endif .if ${PORT_OPTIONS:MFIXED_NEVER_USERS} SEDLIST+= -e 's,^(FIXED_NEVER_USERS=).*,\1${WITH_FIXED_NEVER_USERS:S/,/\\,/g},' .endif .if ${PORT_OPTIONS:MEXIMON} SEDLIST+= -e 's,^\# (EXIM_MONITOR=),\1,' .endif .if ${PORT_OPTIONS:MTLS} .if ! ${PORT_OPTIONS:MGNUTLS} USES+= ssl SEDLIST+= -e 's,^\# (USE_OPENSSL=),\1,' SEDLIST+= -e 's,^\# (TLS_LIBS=.*-lssl[[:space:]]),\1,' .else SEDLIST+= -e 's,^\# (USE_GNUTLS=),\1,' SEDLIST+= -e 's,^\# (TLS_LIBS=.*-lgnutls[[:space:]]),\1,' .endif .else # TLS support SEDLIST+= -e 's,^\# (DISABLE_TLS=),\1,' .endif .if ${PORT_OPTIONS:MEMBEDDED_PERL} SEDLIST+= -e 's,^\# (EXIM_PERL=),\1,' .endif .if ${PORT_OPTIONS:MTCP_WRAPPERS} SEDLIST+= -e 's,XX_TCP_WRAPPERS_LIBS_XX,-lwrap,' \ -e 's,^\# (USE_TCP_WRAPPERS=),\1,' .else SEDLIST+= -e 's,XX_TCP_WRAPPERS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MICONV} SEDLIST+= -e 's,XX_ICONV_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib ${ICONV_LIB},' \ -e 's,^\# (HAVE_ICONV=),\1,' .else SEDLIST+= -e 's,XX_ICONV_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MOPENLDAP_VER} && ${WITH_OPENLDAP_VER:tl} != "auto" WANT_OPENLDAP_VER= ${WITH_OPENLDAP_VER} .endif .if ${PORT_OPTIONS:MOPENLDAP} LDAP_LIB_TYPE= OPENLDAP2 SEDLIST+= -e 's,XX_LDAP_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -llber -lldap,' \ -e 's,XX_LDAP_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include,' \ -e 's,XX_LDAP_TYPE_XX,${LDAP_LIB_TYPE:S/,/\\,/g},' \ -e 's,^\# (LOOKUP_LDAP=),\1,' .else SEDLIST+= -e 's,XX_LDAP_[^ ]*_XX,,' \ -e 's,^(LDAP_LIB_TYPE=),\# \1,' .endif .if ${PORT_OPTIONS:MBDB} INVALID_BDB_VER= 2 3 DB_LIBS= -L${BDB_LIB_DIR} -l${BDB_LIB_NAME} DB_INCLUDES= -I${BDB_INCLUDE_DIR} .else DB_LIBS= DB_INCLUDES= SEDLIST+= -e 's,^(DBMLIB=),\# \1,' .endif SEDLIST+= -e 's,XX_DB_LIBS_XX,${DB_LIBS:S/,/\\,/g},' \ -e 's,XX_DB_INCLUDES_XX,${DB_INCLUDES:S/,/\\,/g},' .if ${PORT_OPTIONS:MLMDB} _LMDB_LIBS= -L${LOCALBASE}/lib -llmdb _LMDB_INCLUDES= -I${LOCALBASE}/include SEDLIST+= -e 's,^\# (EXPERIMENTAL_LMDB=),\1,' .else _LMDB_LIBS= _LMDB_INCLUDES= .endif SEDLIST+= -e 's,XX_LMDB_LIBS_XX,${_LMDB_LIBS:S/,/\\,/g},' \ -e 's,XX_LMDB_INCLUDES_XX,${_LMDB_INCLUDES:S/,/\\,/g},' .if ${PORT_OPTIONS:MMYSQL} SEDLIST+= -e 's,XX_MYSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib/mysql -l${_MYSQL_SHLIB:S/lib//},' \ -e 's,XX_MYSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/mysql,' \ -e 's,^\# (LOOKUP_MYSQL=),\1,' .else SEDLIST+= -e 's,XX_MYSQL_[^ ]*_XX,,' .endif .if ${PORT_OPTIONS:MSASLAUTHD} SASLAUTHD_SOCKET?= /var/run/saslauthd/mux SEDLIST+= -e 's,^\# (CYRUS_SASLAUTHD_SOCKET=).*,\1${SASLAUTHD_SOCKET:S/,/\\,/g},' .endif .if ${PORT_OPTIONS:MPAM} SEDLIST+= -e 's,XX_PAM_LIBS_XX,-lpam,' \ -e 's,^\# (SUPPORT_PAM=),\1,' .else SEDLIST+= -e 's,XX_PAM_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MAUTH_CRAM_MD5} SEDLIST+= -e 's,^\# (AUTH_CRAM_MD5=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_PLAINTEXT} SEDLIST+= -e 's,^\# (AUTH_PLAINTEXT=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_DOVECOT} SEDLIST+= -e 's,^\# (AUTH_DOVECOT=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_SPA} SEDLIST+= -e 's,^\# (AUTH_SPA=),\1,' .endif .if ${PORT_OPTIONS:MAUTH_SASL} SEDLIST+= -e 's,^\# (AUTH_CYRUS_SASL=),\1,' \ -e 's,^\# (AUTH_LIBS=.*-lsasl2),\1,' .endif .if ${PORT_OPTIONS:MAUTH_RADIUS} WITH_RADIUS_TYPE?= RADLIB .if ${WITH_RADIUS_TYPE:tl} == radlib SEDLIST+= -e 's,XX_RADIUS_LIBS_XX,-lradius,' \ -e 's,^\# (RADIUS_CONFIG_FILE=).*,\1/etc/radius.conf,' \ -e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADLIB,' .elif ${WITH_RADIUS_TYPE:tl} == radiusclient LIB_DEPENDS+= libfreeradius-client.so:net/freeradius-client SEDLIST+= -e 's,XX_RADIUS_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lfreeradius-client,' \ -e 's,^\# (RADIUS_CONFIG_FILE=).*,\1${LOCALBASE:S/,/\\,/g}/etc/radiusclient/radiusclient.conf,' \ -e 's,^\# (RADIUS_LIB_TYPE=).*,\1RADIUSCLIENTNEW,' .else IGNORE= the variable WITH_RADIUS_TYPE must be either RADLIB or RADIUSCLIENT .endif .else SEDLIST+= -e 's,XX_RADIUS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MPGSQL} SEDLIST+= -e 's,XX_PGSQL_LIBS_XX,-L${LOCALBASE:S/,/\\,/g}/lib -lpq,' \ -e 's,XX_PGSQL_INCLUDE_XX,-I${LOCALBASE:S/,/\\,/g}/include/pgsql,' \ -e 's,^\# (LOOKUP_PGSQL=),\1,' .else SEDLIST+= -e 's,XX_PGSQL_[^ ]*_XX,,' .endif .if ! ${PORT_OPTIONS:MPGSQL} && ! ${PORT_OPTIONS:MMYSQL} && !defined(LDAP_LIB_TYPE) && \ ! ${PORT_OPTIONS:MBDB} && ! ${PORT_OPTIONS:MLMDB} SEDLIST+= -e 's,^(LOOKUP_LIBS=),\# \1,' \ -e 's,^(LOOKUP_INCLUDE=),\# \1,' .endif .if ! ${PORT_OPTIONS:MDNSDB} SEDLIST+= -e 's,^(LOOKUP_DNSDB=),\# \1,' .endif .if ${PORT_OPTIONS:MMAILDIR} SEDLIST+= -e 's,^\# (SUPPORT_MAILDIR=),\1,' .endif .if ${PORT_OPTIONS:MMAILSTORE} SEDLIST+= -e 's,^\# (SUPPORT_MAILSTORE=),\1,' .endif .if ${PORT_OPTIONS:MMBX} SEDLIST+= -e 's,^\# (SUPPORT_MBX=),\1,' .endif .if ${PORT_OPTIONS:MCDB} SEDLIST+= -e 's,^\# (LOOKUP_CDB=),\1,' .endif .if ${PORT_OPTIONS:MDSEARCH} SEDLIST+= -e 's,^\# (LOOKUP_DSEARCH=),\1,' .endif .if ! ${PORT_OPTIONS:MLSEARCH} SEDLIST+= -e 's,^(LOOKUP_LSEARCH=),\# \1,' .endif .if ${PORT_OPTIONS:MNIS} SEDLIST+= -e 's,^\# (LOOKUP_NIS=),\1,' .endif .if ${PORT_OPTIONS:MPASSWD} SEDLIST+= -e 's,^\# (LOOKUP_PASSWD=),\1,' .endif .if ${PORT_OPTIONS:MSQLITE} SEDLIST+= -e 's,XX_SQLITE_LIBS_XX,`pkg-config --static --libs sqlite3`,' \ -e 's,XX_SQLITE_FLAGS_XX,`pkg-config --cflags sqlite3`,' \ -e 's,^\# (LOOKUP_SQLITE=),\1,' .else SEDLIST+= -e 's,XX_SQLITE_LIBS_XX,,' \ -e 's,XX_SQLITE_FLAGS_XX,,' .endif .if ${PORT_OPTIONS:MREDIS} SEDLIST+= -e 's,XX_REDIS_LIBS_XX,-L${LOCALBASE}/lib -lhiredis,' \ -e 's,^\# (LOOKUP_REDIS=),\1,' \ -e 's,^\# (REDIS=),\1,' .else SEDLIST+= -e 's,XX_REDIS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MLMTP} SEDLIST+= -e 's,^\# (TRANSPORT_LMTP=),\1,' .endif .if ! ${PORT_OPTIONS:MALT_CONFIG_PREFIX} SEDLIST+= -e 's,^(ALT_CONFIG_PREFIX=),\# \1,' .endif .if ${PORT_OPTIONS:MSPF} SEDLIST+= -e 's,XX_SPF_FLAGS_XX,-DSPF,' \ -e 's,XX_SPF_LIBS_XX,-L${LOCALBASE}/lib -lspf2 -lpthread,' \ -e 's,^\# (SUPPORT_SPF=),\1,' .else SEDLIST+= -e 's,XX_SPF_FLAGS_XX,,' \ -e 's,XX_SPF_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MSRS} LIB_DEPENDS+= libsrs_alt.so:mail/libsrs_alt SEDLIST+= -e 's,XX_SRS_FLAGS_XX,-DEXPERIMENTAL_SRS,' \ -e 's,XX_SRS_LIBS_XX,-L${LOCALBASE}/lib -lsrs_alt,' .else SEDLIST+= -e 's,XX_SRS_FLAGS_XX,,' \ -e 's,XX_SRS_LIBS_XX,,' .endif .if ${PORT_OPTIONS:MREADLINE} SEDLIST+= -e 's,^\# (USE_READLINE=),\1,' .endif .if ${PORT_OPTIONS:MCONTENT_SCAN} SEDLIST+= -e 's,^\# (WITH_CONTENT_SCAN=),\1,' .endif .if !defined(EXIMON_ONLY) && ${PORT_OPTIONS:MDAEMON} USE_RC_SUBR= exim PLIST_SUB+= EXIMDAEMON="" SUB_LIST+= LOGDIR="${LOGDIR}" .else PLIST_SUB+= EXIMDAEMON="@comment " .endif .if ${PORT_OPTIONS:MIPV6} SEDLIST+= -e 's,^\# (HAVE_IPV6=),\1,' .endif .if ${PORT_OPTIONS:MDISABLE_D_OPT} SEDLIST+= -e 's,^\# (DISABLE_D_OPTION=),\1,' .else .if defined(WHITELIST_D_MACROS) SEDLIST+= -e 's,^\# (WHITELIST_D_MACROS=).*$$,\1${WHITELIST_D_MACROS:S/,/\\,/g},' .endif .endif .if defined(TRUSTED_CONFIG_LIST) SEDLIST+= -e 's,^\# (TRUSTED_CONFIG_LIST=).*$$,\1${TRUSTED_CONFIG_LIST:S/,/\\,/g},' .endif .if ${PORT_OPTIONS:MQUEUEFILE} SEDLIST+= -e 's,^\# (EXPERIMENTAL_QUEUEFILE=),\1,' .endif MAKE_ENV+= INSTALL_ARG="${EXIM_INSTALL_ARG}" DUMMY_LDFLAGS!= ${ECHO_CMD} ${LDFLAGS} | ${SED} -e 's|-Wl,-rpath|-Wl,-DUMMYrpath|g; s|-rpath|-Wl,-rpath|g; s|-DUMMYrpath|-rpath|g' pre-everything:: @${ECHO} 'Exim now drops privileges when alternate configuration' @${ECHO} 'files are used. You can set make variable TRUSTED_CONFIG_LIST' @${ECHO} 'to specify the list of configuration files for which' @${ECHO} 'root privileges will be retained.' @${ECHO} '' @${ECHO} 'You can whitelist some macros using the make variable' @${ECHO} 'WHITELIST_D_MACROS. This is useful if you are running' @${ECHO} 'with DISABLE_D_OPT set, but macros whitelisting will be' @${ECHO} 'removed in some future Exim release, so it is better' @${ECHO} 'to use TRUSTED_CONFIG_LIST to set the list of trusted' @${ECHO} 'configuration files.' .if empty(.MAKEFLAGS:M-s) && ${PORT_OPTIONS:MWISHLIST} @${ECHO} '' @${ECHO} 'Included extra patches:' @${FIND} ${PATCHDIR} -name 'wishlist-*.patch' \ -exec ${SED} -ne 's,^# , ,p' {} \; @${ECHO} '' .endif post-extract: .if ${PORT_OPTIONS:MSA_EXIM} @cd ${WRKDIR} && ${TAR} ${EXTRACT_BEFORE_ARGS} ${_DISTDIR}/sa-exim-${SA_EXIM_VERSION}.tar.gz ${EXTRACT_AFTER_ARGS} @@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.c ${WRKSRC}/Local @@${CP} ${WRKDIR}/sa-exim-${SA_EXIM_VERSION}/sa-exim.conf ${WRKSRC}/Local .endif do-configure: @${MKDIR} ${WRKSRC}/Local @${SED} -E ${SEDLIST} ${WRKSRC}/src/EDITME > ${WRKSRC}/Local/Makefile .if ${PORT_OPTIONS:MEXIMON} @${CP} ${WRKSRC}/exim_monitor/EDITME ${WRKSRC}/Local/eximon.conf .endif @${REINPLACE_CMD} -E ${SEDLIST} ${WRKSRC}/src/configure.default @${REINPLACE_CMD} -e 's!$$(LDFLAGS)!$$(DUMMY_LDFLAGS) -L$${LOCALBASE}/lib!' ${WRKSRC}/OS/Makefile-Base @${REINPLACE_CMD} -e 's/"(Exim $$version_number)\\n\\t"/"(Exim $$version_number (${OPSYS}))\\n\\t"/' \ ${WRKSRC}/src/globals.c @${REINPLACE_CMD} -e 's/Exim version %s \(#%s \)\{0,1\}/&(${OPSYS} ${OSREL}) /' ${WRKSRC}/src/exim.c @${REINPLACE_CMD} -e 's/^#include "cnumber\.h"$$/${PORTREVISION}/' ${WRKSRC}/src/version.c @${REINPLACE_CMD} -E -e 's/^(PERL_COMMAND=).*/\1${PERL:S,/,\/,g}/' \ -e 's/^(CC=).*/\1${CC:S,/,\/,g}/' ${WRKSRC}/OS/Makefile-Default .if ${PORT_OPTIONS:MSA_EXIM} @${REINPLACE_CMD} -E -e 's/^\# (HAVE_LOCAL_SCAN=).*/\1yes/' \ ${WRKSRC}/OS/Makefile-Default @${REINPLACE_CMD} -E -e 's/^(LOCAL_SCAN_SOURCE=).*/\1Local\/sa-exim.c/' \ ${WRKSRC}/OS/Makefile-Default @{ \ ${ECHO_CMD} "char *version=\"${SA_EXIM_VERSION}\";"; \ ${ECHO_CMD} "#define SPAMC_LOCATION \"${LOCALBASE}/bin/spamc\""; \ ${ECHO_CMD} "#define SPAMASSASSIN_CONF \"${PREFIX}/etc/exim/sa-exim.conf\""; \ } > ${WRKSRC}/Local/sa-exim.h @${REINPLACE_CMD} -e 's,/usr/bin/spamc,${LOCALBASE}/bin/spamc,' \ ${WRKSRC}/Local/sa-exim.conf .endif @${REINPLACE_CMD} -E -e 's/XX_STRIPCMD_XX/${STRIP_CMD:S,/,\/,g}/' \ ${WRKSRC}/OS/Makefile-FreeBSD @(cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} configure) post-build: .for script in ${DAILY_SCRIPTS} @${SED} ${SED_SCRIPT} ${FILESDIR}/${script}.sh > ${WRKDIR}/${script}.sh .endfor @${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > \ ${WRKDIR}/POST-INSTALL-NOTES @${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES.clamd > ${WRKDIR}/POST-INSTALL-NOTES.clamd @${SED} ${SED_SCRIPT} ${FILESDIR}/POST-INSTALL-NOTES > ${WRKDIR}/POST-INSTALL-NOTES @[ ! -f ${PKGDIR}/pkg-message ] || ${SED} ${SED_SCRIPT} ${PKGDIR}/pkg-message > ${WRKDIR}/pkg-message .if !defined(EXIMON_ONLY) post-install: .if ${PORT_OPTIONS:MDAEMON} ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/daily .for script in ${DAILY_SCRIPTS} ${INSTALL_SCRIPT} ${WRKDIR}/${script}.sh ${STAGEDIR}${PREFIX}/etc/periodic/daily/${script} .endfor .endif @${MKDIR} -m 750 ${STAGEDIR}${LOGDIR} ${INSTALL_MAN} ${WRKSRC}/doc/exim.8 ${STAGEDIR}${MAN8PREFIX}/man/man8 .if ${PORT_OPTIONS:MDOCS} @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKDIR}/POST-INSTALL-NOTES.clamd ${STAGEDIR}${DOCSDIR} .for docfile in ${PORTDOC_BASE} ${INSTALL_DATA} ${WRKSRC}/${docfile} ${STAGEDIR}${DOCSDIR} .endfor .for docfile in ${PORTDOC_FILES} ${INSTALL_DATA} ${WRKSRC}/doc/${docfile} ${STAGEDIR}${DOCSDIR} .endfor @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} .for example in ${PORT_EXAMPLES} ${INSTALL_SCRIPT} ${WRKSRC}/build-${OPSYS}-${ARCH}/${example} ${STAGEDIR}${EXAMPLESDIR} .endfor .endif .if ${PORT_OPTIONS:MSA_EXIM} ${INSTALL_DATA} ${WRKSRC}/Local/sa-exim.conf \ ${STAGEDIR}${PREFIX}/etc/exim/sa-exim.conf.sample .endif .endif # ! defined(EXIMON_ONLY) .include # If using clang, avoid too many warnings due to Exim code style .if ${CHOSEN_COMPILER_TYPE} == "clang" EXIM_WARN_FLAGS?= -Wno-logical-op-parentheses -Wno-macro-redefined -Wno-parentheses -Wno-dangling-else .endif CFLAGS+= ${EXIM_WARN_FLAGS} .include Index: head/mail/exim/distinfo =================================================================== --- head/mail/exim/distinfo (revision 537519) +++ head/mail/exim/distinfo (revision 537520) @@ -1,5 +1,5 @@ -TIMESTAMP = 1582564322 -SHA256 (exim/exim-4.93.0.4.tar.bz2) = b67336ba06f8d8233060de073d6082d75a378faaafad660c5f124bb13d75e4d9 -SIZE (exim/exim-4.93.0.4.tar.bz2) = 1974190 +TIMESTAMP = 1591032067 +SHA256 (exim/exim-4.94.tar.bz2) = 73feeaa5ddb43363782db0c307b593aacb49542dd7e4b795a2880779595affe5 +SIZE (exim/exim-4.94.tar.bz2) = 1997217 SHA256 (exim/sa-exim-4.2.1.tar.gz) = 24d4bf7b0fdddaea11f132981cebb6a86a4ab20ef54111a8ebd481b421c6e2c1 SIZE (exim/sa-exim-4.2.1.tar.gz) = 68933 Index: head/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch =================================================================== --- head/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch (revision 537519) +++ head/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch (nonexistent) @@ -1,70 +0,0 @@ -From 26b045604bd574a6d93868ed437c08503c67d289 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Thu, 13 Feb 2020 16:52:52 +0000 -Subject: [PATCH 27/27] GnuTLS: fix hanging callout connections - -Broken-by: 925ac8e4f1 -Cherry-picked from: bd95ffc2ba ---- - doc/ChangeLog | 5 +++++ - src/tls-gnu.c | 11 +++++++---- - 2 files changed, 12 insertions(+), 4 deletions(-) - -diff --git doc/ChangeLog doc/ChangeLog -index 97fe878dc..d9833c8e1 100644 ---- doc/ChangeLog -+++ doc/ChangeLog -@@ -69,6 +69,11 @@ JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix - block of data. Investigation showed the copy to actually be needless, the - data being length-specified. - -+JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was -+ done during a receiving connection, and both used TLS, global info was -+ used rather than per-connection info for tracking the state of data -+ queued for transmission. This could result in a connection hang. -+ - - Exim version 4.93 - ----------------- -diff --git src/tls-gnu.c src/tls-gnu.c -index fc426a251..574dcafd9 100644 ---- src/tls-gnu.c -+++ src/tls-gnu.c -@@ -181,6 +181,10 @@ typedef struct exim_gnutls_state { - BOOL peer_dane_verified; - BOOL trigger_sni_changes; - BOOL have_set_peerdn; -+#ifdef SUPPORT_CORK -+ BOOL corked:1; -+#endif -+ - const struct host_item *host; /* NULL if server */ - gnutls_x509_crt_t peercert; - uschar *peerdn; -@@ -3309,9 +3313,8 @@ ssize_t outbytes; - size_t left = len; - exim_gnutls_state_st * state = ct_ctx ? ct_ctx : &state_server; - #ifdef SUPPORT_CORK --static BOOL corked = FALSE; - --if (more && !corked) gnutls_record_cork(state->session); -+if (more && !state->corked) gnutls_record_cork(state->session); - #endif - - DEBUG(D_tls) debug_printf("%s(%p, " SIZE_T_FMT "%s)\n", __FUNCTION__, -@@ -3352,10 +3355,10 @@ if (len > INT_MAX) - } - - #ifdef SUPPORT_CORK --if (more != corked) -+if (more != state->corked) - { - if (!more) (void) gnutls_record_uncork(state->session, 0); -- corked = more; -+ state->corked = more; - } - #endif - --- -2.24.1 - Property changes on: head/mail/exim/files/74_27-GnuTLS-fix-hanging-callout-connections.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch =================================================================== --- head/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch (revision 537519) +++ head/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch (nonexistent) @@ -1,127 +0,0 @@ -From 69b2f92c0b5da548eaafe4813319f4647fa9c19a Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Thu, 30 Jan 2020 11:38:30 +0000 -Subject: [PATCH 25/25] Taint: slow-mode checking only - -(cherry-picked from 4381d60bc9) ---- - doc/ChangeLog | 10 +++------- - src/functions.h | 5 +---- - src/store.c | 43 ------------------------------------------- - 3 files changed, 4 insertions(+), 54 deletions(-) - -diff --git doc/ChangeLog doc/ChangeLog -index 508b8fa49..be7ec2a8e 100644 ---- doc/ChangeLog -+++ doc/ChangeLog -@@ -59,13 +59,9 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it - buffer was in use at the time. Change to a compile-time increase in the - buffer size, when this authenticator is compiled into exim. - --JH/22 Taint checking: move to a hybrid approach for checking. Previously, one -- of two ways was used, depending on a build-time flag. The fast method -- relied on assumptions about the OS and libc malloc, which were known to -- not hold for the BSD-derived platforms, and discovered to not hold for -- 32-bit Linux either. In fact the glibc documentation describes cases -- where these assumptions do not hold. The new implementation tests for -- the situation arising and actively switches over from fast to safe mode. -+JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The -+ previous fast-mode was untenable in the face of glibs using mmap to -+ support larger malloc requests. - - - Exim version 4.93 -diff --git src/functions.h src/functions.h -index 0b5905562..af633851b 100644 ---- src/functions.h -+++ src/functions.h -@@ -616,10 +616,7 @@ return FALSE; - - #else - extern BOOL is_tainted_fn(const void *); --extern void * tainted_base, * tainted_top; -- --return f.taint_check_slow -- ? is_tainted_fn(p) : p >= tainted_base && p < tainted_top; -+return is_tainted_fn(p); - #endif - } - -diff --git src/store.c src/store.c -index 6118ef28d..c81744a7b 100644 ---- src/store.c -+++ src/store.c -@@ -102,13 +102,6 @@ static storeblock *current_block[NPOOLS]; - static void *next_yield[NPOOLS]; - static int yield_length[NPOOLS] = { -1, -1, -1, -1, -1, -1 }; - --/* The limits of the tainted pools. Tracking these on new allocations enables --a fast is_tainted implementation. We assume the kernel only allocates mmaps using --one side or the other of data+heap, not both. */ -- --void * tainted_base = (void *)-1; --void * tainted_top = (void *)0; -- - /* pool_malloc holds the amount of memory used by the store pools; this goes up - and down as store is reset or released. nonpool_malloc is the total got by - malloc from other calls; this doesn't go down because it is just freed by -@@ -200,30 +193,6 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n", - msg, func, line); - } - --static void --use_slow_taint_check(void) --{ --#ifndef COMPILE_UTILITY --DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n"); --#endif --f.taint_check_slow = TRUE; --} -- --static void --verify_all_untainted(void) --{ --for (int pool = 0; pool < POOL_TAINT_BASE; pool++) -- for (storeblock * b = chainbase[pool]; b; b = b->next) -- { -- uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; -- if (is_tainted(bc)) -- { -- use_slow_taint_check(); -- return; -- } -- } --} -- - - - /************************************************* -@@ -814,10 +783,6 @@ if (!(yield = mmap(NULL, (size_t)size, - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to mmap %d bytes of memory: " - "called from line %d of %s", size, line, func); - --if (yield < tainted_base) tainted_base = yield; --if ((top = US yield + size) > tainted_top) tainted_top = top; --if (!f.taint_check_slow) use_slow_taint_check(); -- - return store_alloc_tail(yield, size, func, line, US"Mmap"); - } - -@@ -848,14 +813,6 @@ if (!(yield = malloc((size_t)size))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " - "called from line %d in %s", size, linenumber, func); - --/* If malloc ever returns apparently tainted memory, which glibc --malloc will as it uses mmap for larger requests, we must switch to --the slower checking for tainting (checking an address against all --the tainted pool block spans, rather than just the mmap span) */ -- --if (!f.taint_check_slow && is_tainted(yield)) -- use_slow_taint_check(); -- - return store_alloc_tail(yield, size, func, linenumber, US"Malloc"); - } - --- -2.24.1 - Property changes on: head/mail/exim/files/74_25-Taint-slow-mode-checking-only.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch =================================================================== --- head/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch (revision 537519) +++ head/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch (nonexistent) @@ -1,34 +0,0 @@ -From dfb8f72b2237627b26767d1e803e8ed95ad659d2 Mon Sep 17 00:00:00 2001 -From: Wolfgang Breyha -Date: Tue, 7 Jan 2020 13:03:18 +0000 -Subject: [PATCH 19/21] SPF: fix result for case of only non-spf TXT RRs. Bug - 2499 - -(cherry picked from commit 67794d2b830fc580f87b0635718d95e32b467be1) ---- - src/spf.c | 7 ++++++- - test/scripts/4600-SPF/4601 | 17 ++++++++--------- - test/stdout/4601 | 11 ++++++----- - 3 files changed, 20 insertions(+), 15 deletions(-) - -diff --git src/spf.c src/spf.c -index 8ead817b9..12b756b46 100644 ---- src/spf.c -+++ src/spf.c -@@ -139,7 +139,12 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; - srr.rr[found++] = (void *) s; - } - --srr.num_rr = found; -+/* Did we filter out all TXT RRs? Return NO_DATA instead of SUCCESS with -+empty ANSWER section. */ -+ -+if (!(srr.num_rr = found)) -+ srr.herrno = NO_DATA; -+ - /* spfrr->rr must have been malloc()d for this */ - SPF_dns_rr_dup(&spfrr, &srr); - return spfrr; --- -2.24.1 - Property changes on: head/mail/exim/files/74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch =================================================================== --- head/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch (revision 537519) +++ head/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch (nonexistent) @@ -1,50 +0,0 @@ -From 59bcc75f56ffeb9fa220f1eb53d45bf254258ac7 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Thu, 13 Feb 2020 14:08:31 +0000 -Subject: [PATCH 26/27] Auths: fix cyrus-sasl driver for gssapi use. Bug 2524 - -Broken-by: c0fb53b74e -Cherry-picked from: 5c329a4388 ---- - doc/ChangeLog | 6 ++++++ - src/auths/cyrus_sasl.c | 6 +++--- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git doc/ChangeLog doc/ChangeLog -index be7ec2a8e..97fe878dc 100644 ---- doc/ChangeLog -+++ doc/ChangeLog -@@ -63,6 +63,12 @@ JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The - previous fast-mode was untenable in the face of glibs using mmap to - support larger malloc requests. - -+JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix -+ had introduced a string-copy (for ensuring NUL-termination) which was not -+ appropriate for that case, which can include embedded NUL bytes in the -+ block of data. Investigation showed the copy to actually be needless, the -+ data being length-specified. -+ - - Exim version 4.93 - ----------------- -diff --git src/auths/cyrus_sasl.c src/auths/cyrus_sasl.c -index 480010bab..19416a1bb 100644 ---- src/auths/cyrus_sasl.c -+++ src/auths/cyrus_sasl.c -@@ -347,10 +347,10 @@ for (rc = SASL_CONTINUE; rc == SASL_CONTINUE; ) - } - else - { -- /* make sure that we have a null-terminated string */ -- out2 = string_copyn(output, outlen); -+ /* auth_get_data() takes a length-specfied block of binary -+ which can include zeroes; no terminating NUL is needed */ - -- if ((rc = auth_get_data(&input, out2, outlen)) != OK) -+ if ((rc = auth_get_data(&input, output, outlen)) != OK) - { - /* we couldn't get the data, so free up the library before - * returning whatever error we get */ --- -2.24.1 - Property changes on: head/mail/exim/files/74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch =================================================================== --- head/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch (revision 537519) +++ head/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch (nonexistent) @@ -1,70 +0,0 @@ -From 4ce411ffa737df738e18e1e7b008ad3d3ac5c398 Mon Sep 17 00:00:00 2001 -From: Brian Foley -Date: Sat, 25 Jan 2020 15:27:49 +0000 -Subject: [PATCH 24/25] TFO: even in binary built for modern Linux, handle - error returned by old Linux kernel. Bug 2518 - -(cherry picked from commit c3da38a12a2372a7f6a48be97ebfd80aeceda828) ---- - src/ip.c | 40 +++++++++++++++++++++++----------------- - 1 file changed, 23 insertions(+), 17 deletions(-) - -diff --git src/ip.c src/ip.c -index 70e3e2064..43ca6a1c9 100644 ---- src/ip.c -+++ src/ip.c -@@ -269,28 +269,34 @@ if (fastopen_blob && f.tcp_fastopen_ok) - /*XXX also seen on successful TFO, sigh */ - tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; - } -- else if (errno == EINPROGRESS) /* expected if we had no cookie for peer */ -+ else switch (errno) -+ { -+ case EINPROGRESS: /* expected if we had no cookie for peer */ - /* seen for no-data, proper TFO option, both cookie-request and with-cookie cases */ - /* apparently no visibility of the diffference at this point */ - /* seen for with-data, proper TFO opt, cookie-req */ - /* with netwk delay, post-conn tcp_info sees unacked 1 for R, 2 for C; code in smtp_out.c */ - /* ? older Experimental TFO option behaviour ? */ -- { /* queue unsent data */ -- DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n", -- fastopen_blob->len > 0 ? "with" : "no"); -- if (!fastopen_blob->data) -- { -- tcp_out_fastopen = TFO_ATTEMPTED_NODATA; /* we tried; unknown if useful yet */ -- rc = 0; -- } -- else -- rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0); -- } -- else if(errno == EOPNOTSUPP) -- { -- DEBUG(D_transport) -- debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); -- goto legacy_connect; -+ DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n", -+ fastopen_blob->len > 0 ? "with" : "no"); -+ if (!fastopen_blob->data) -+ { -+ tcp_out_fastopen = TFO_ATTEMPTED_NODATA; /* we tried; unknown if useful yet */ -+ rc = 0; -+ } -+ else /* queue unsent data */ -+ rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0); -+ break; -+ -+ case EOPNOTSUPP: -+ DEBUG(D_transport) -+ debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); -+ goto legacy_connect; -+ -+ case EPIPE: -+ DEBUG(D_transport) -+ debug_printf("Tried TCP Fast Open but kernel too old to support it\n"); -+ goto legacy_connect; - } - # endif - # ifdef EXIM_TFO_CONNECTX --- -2.24.1 - Property changes on: head/mail/exim/files/74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch =================================================================== --- head/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch (revision 537519) +++ head/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch (nonexistent) @@ -1,116 +0,0 @@ -From bbeab68df3b3c2d5507b1fdca07509fdbb3ec5a1 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Tue, 14 Jan 2020 17:48:57 +0000 -Subject: [PATCH 21/21] heimdal auth: fix the increase of big_buffer size. Bug - 2501 - -(cherry picked from commit 7a66b3afa11a70021297c176acf56831692be89a) ---- - doc/ChangeLog | 7 ++++++- - src/auths/README | 2 +- - src/auths/heimdal_gssapi.c | 10 ---------- - src/macros.h | 13 ++++++++++--- - src/readconf.c | 1 + - 5 files changed, 18 insertions(+), 15 deletions(-) - -diff --git doc/ChangeLog doc/ChangeLog -index 6e26e2f11..f112fc9bf 100644 ---- doc/ChangeLog -+++ doc/ChangeLog -@@ -9,7 +9,7 @@ This is not an official release. It is just a branch, collecting - proposed bugfixes. Depending on your environment the fixes may be - necessary to build and/or run Exim successfully. - --JH/05 Regard command-line receipients as tainted. -+JH/05 Regard command-line recipients as tainted. - - JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the - PAM library frees one of the arguments given to it, despite the -@@ -54,6 +54,11 @@ JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, - were used, and the second one (for mainlog/paniclog) retrieved null - information. - -+JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it -+ adjusted the size of a major service buffer; this failed because the -+ buffer was in use at the time. Change to a compile-time increase in the -+ buffer size, when this authenticator is compiled into exim. -+ - - Exim version 4.93 - ----------------- -diff --git src/auths/README src/auths/README -index d4f125c30..66bdcdcf8 100644 ---- src/auths/README -+++ src/auths/README -@@ -34,7 +34,7 @@ instance block for this configured mechanism. It must set the flags called - the server and/or client functions are available for this authenticator. - Typically this depends on whether server or client configuration options have - been set, but it is also possible to have an authenticator that has only one of --the server or client functions. -+the server or client functions. The function may not touch big_buffer. - - SERVER AUTHENTICATION - -diff --git src/auths/heimdal_gssapi.c src/auths/heimdal_gssapi.c -index 3dfcb8c6a..523f7c69a 100644 ---- src/auths/heimdal_gssapi.c -+++ src/auths/heimdal_gssapi.c -@@ -200,16 +200,6 @@ if (krc) - - krb5_free_context(context); - --/* RFC 4121 section 5.2, SHOULD support 64K input buffers */ --if (big_buffer_size < (64 * 1024)) -- { -- uschar *newbuf; -- big_buffer_size = 64 * 1024; -- newbuf = store_malloc(big_buffer_size); -- store_free(big_buffer); -- big_buffer = newbuf; -- } -- - ablock->server = TRUE; - } - -diff --git src/macros.h src/macros.h -index 76913d64e..4e6b1b8a9 100644 ---- src/macros.h -+++ src/macros.h -@@ -152,12 +152,19 @@ enough to hold all the headers from a normal kind of message. */ - into big_buffer_size and in some circumstances increased. It should be at least - as long as the maximum path length. */ - --#if defined PATH_MAX && PATH_MAX > 16384 -+#ifdef AUTH_HEIMDAL_GSSAPI -+ /* RFC 4121 section 5.2, SHOULD support 64K input buffers */ -+# define __BIG_BUFFER_SIZE 65536 -+#else -+# define __BIG_BUFFER_SIZE 16384 -+#endif -+ -+#if defined PATH_MAX && PATH_MAX > __BIG_BUFFER_SIZE - # define BIG_BUFFER_SIZE PATH_MAX --#elif defined MAXPATHLEN && MAXPATHLEN > 16384 -+#elif defined MAXPATHLEN && MAXPATHLEN > __BIG_BUFFER_SIZE - # define BIG_BUFFER_SIZE MAXPATHLEN - #else --# define BIG_BUFFER_SIZE 16384 -+# define BIG_BUFFER_SIZE __BIG_BUFFER_SIZE - #endif - - /* header size of pipe content -diff --git src/readconf.c src/readconf.c -index 0233019cf..62cfcfbf9 100644 ---- src/readconf.c -+++ src/readconf.c -@@ -3788,6 +3788,7 @@ while ((buffer = get_config_line()) != NULL) - if (!d->driver_name) - log_write(0, LOG_PANIC_DIE|LOG_CONFIG, - "no driver defined for %s \"%s\"", class, d->name); -+ /* s is using big_buffer, so this call had better not */ - (d->info->init)(d); - d = NULL; - } --- -2.24.1 - Property changes on: head/mail/exim/files/74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch =================================================================== --- head/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch (revision 537519) +++ head/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch (nonexistent) @@ -1,70 +0,0 @@ -From 338f36842f10ef84e684dddf59819837fd7792a3 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Wed, 15 Jan 2020 10:40:20 +0000 -Subject: [PATCH 20/21] Fix error logging for dynamically-loaded modules. Bug - 2507 - -(cherry picked from commits b1c673ddfa, 3fc07bd570) ---- - doc/ChangeLog | 5 +++++ - src/drtables.c | 13 +++++++------ - 2 files changed, 12 insertions(+), 6 deletions(-) - -diff --git doc/ChangeLog doc/ChangeLog -index 32febe1f3..6e26e2f11 100644 ---- doc/ChangeLog -+++ doc/ChangeLog -@@ -49,6 +49,11 @@ JH/16 Fix the variables set by the gsasl authenticator. Previously a pointer to - library live data was being used, so the results became garbage. Make - copies while it is still usable. - -+JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, -+ only retrieve the errormessage once. Previously two calls to dlerror() -+ were used, and the second one (for mainlog/paniclog) retrieved null -+ information. -+ - - Exim version 4.93 - ----------------- -diff --git src/drtables.c src/drtables.c -index 059756284..ca051bd20 100644 ---- src/drtables.c -+++ src/drtables.c -@@ -740,10 +740,11 @@ init_lookup_list(void) - - dl = dlopen(CS big_buffer, RTLD_NOW);// TJ was LAZY - if (dl == NULL) { -- fprintf(stderr, "Error loading %s: %s\n", name, dlerror()); -- moduleerrors++; -- log_write(0, LOG_MAIN|LOG_PANIC, "Error loading lookup module %s: %s\n", name, dlerror()); -- continue; -+ errormessage = dlerror(); -+ fprintf(stderr, "Error loading %s: %s\n", name, errormessage); -+ log_write(0, LOG_MAIN|LOG_PANIC, "Error loading lookup module %s: %s\n", name, errormessage); -+ moduleerrors++; -+ continue; - } - - /* FreeBSD nsdispatch() can trigger dlerror() errors about -@@ -756,16 +757,16 @@ init_lookup_list(void) - info = (struct lookup_module_info*) dlsym(dl, "_lookup_module_info"); - if ((errormsg = dlerror()) != NULL) { - fprintf(stderr, "%s does not appear to be a lookup module (%s)\n", name, errormsg); -+ log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be a lookup module (%s)\n", name, errormsg); - dlclose(dl); - moduleerrors++; -- log_write(0, LOG_MAIN|LOG_PANIC, "%s does not appear to be a lookup module (%s)\n", name, errormsg); - continue; - } - if (info->magic != LOOKUP_MODULE_INFO_MAGIC) { - fprintf(stderr, "Lookup module %s is not compatible with this version of Exim\n", name); -+ log_write(0, LOG_MAIN|LOG_PANIC, "Lookup module %s is not compatible with this version of Exim\n", name); - dlclose(dl); - moduleerrors++; -- log_write(0, LOG_MAIN|LOG_PANIC, "Lookup module %s is not compatible with this version of Exim\n", name); - continue; - } - --- -2.24.1 - Property changes on: head/mail/exim/files/74_20-Fix-error-logging-for-dynamically-loaded-modules.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch =================================================================== --- head/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch (revision 537519) +++ head/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch (nonexistent) @@ -1,330 +0,0 @@ -From 1ccd26e24267ffa0c40b70c2c3282481fe4977c7 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Thu, 16 Jan 2020 14:12:56 +0000 -Subject: [PATCH 22/22] Taint: hybrid checking mode - -(cherry picked from commit 36eb5d3d77426d8cbf4243ea752f8d8cd1d5c682) ---- - doc/ChangeLog | 8 +++++ - exim_monitor/em_version.c | 2 ++ - src/functions.h | 58 +++++++++++++++++++++++++++++++- - src/globals.c | 1 + - src/globals.h | 1 + - src/mytypes.h | 62 +++++------------------------------ - src/store.c | 40 +++++++++++++++------- - 7 files changed, 107 insertions(+), 65 deletions(-) - -diff --git doc/ChangeLog doc/ChangeLog -index f112fc9bf..508b8fa49 100644 ---- doc/ChangeLog -+++ doc/ChangeLog -@@ -59,6 +59,14 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it - buffer was in use at the time. Change to a compile-time increase in the - buffer size, when this authenticator is compiled into exim. - -+JH/22 Taint checking: move to a hybrid approach for checking. Previously, one -+ of two ways was used, depending on a build-time flag. The fast method -+ relied on assumptions about the OS and libc malloc, which were known to -+ not hold for the BSD-derived platforms, and discovered to not hold for -+ 32-bit Linux either. In fact the glibc documentation describes cases -+ where these assumptions do not hold. The new implementation tests for -+ the situation arising and actively switches over from fast to safe mode. -+ - - Exim version 4.93 - ----------------- -diff --git exim_monitor/em_version.c exim_monitor/em_version.c -index 52c55a4a3..9b9c7d417 100644 ---- exim_monitor/em_version.c -+++ exim_monitor/em_version.c -@@ -5,6 +5,8 @@ - /* Copyright (c) University of Cambridge 1995 - 2018 */ - /* See the file NOTICE for conditions of use and distribution. */ - -+#define EM_VERSION_C -+ - #include "mytypes.h" - #include "store.h" - #include "macros.h" -diff --git src/functions.h src/functions.h -index 87d1a04d8..0b5905562 100644 ---- src/functions.h -+++ src/functions.h -@@ -187,6 +187,7 @@ extern void deliver_succeeded(address_item *); - extern uschar *deliver_get_sender_address (uschar *id); - extern void delivery_re_exec(int); - -+extern void die_tainted(const uschar *, const uschar *, int); - extern BOOL directory_make(const uschar *, const uschar *, int, BOOL); - #ifndef DISABLE_DKIM - extern uschar *dkim_exim_query_dns_txt(const uschar *); -@@ -602,6 +603,61 @@ extern BOOL write_chunk(transport_ctx *, uschar *, int); - extern ssize_t write_to_fd_buf(int, const uschar *, size_t); - - -+/******************************************************************************/ -+/* Predicate: if an address is in a tainted pool. -+By extension, a variable pointing to this address is tainted. -+*/ -+ -+static inline BOOL -+is_tainted(const void * p) -+{ -+#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) || defined(EM_VERSION_C) -+return FALSE; -+ -+#else -+extern BOOL is_tainted_fn(const void *); -+extern void * tainted_base, * tainted_top; -+ -+return f.taint_check_slow -+ ? is_tainted_fn(p) : p >= tainted_base && p < tainted_top; -+#endif -+} -+ -+/******************************************************************************/ -+/* String functions */ -+static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line) -+{ -+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) -+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line); -+#endif -+return US strcat(CS dst, CCS src); -+} -+static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line) -+{ -+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) -+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line); -+#endif -+return US strcpy(CS dst, CCS src); -+} -+static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line) -+{ -+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) -+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line); -+#endif -+return US strncat(CS dst, CCS src, n); -+} -+static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line) -+{ -+#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) -+if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line); -+#endif -+return US strncpy(CS dst, CCS src, n); -+} -+/*XXX will likely need unchecked copy also */ -+ -+ -+/******************************************************************************/ -+ - #if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY) - /* exim_chown - in some NFSv4 setups *seemes* to be an issue with - chown(, ). -@@ -634,8 +690,8 @@ exim_chown(const uschar *name, uid_t owner, gid_t group) - return chown(CCS name, owner, group) - ? exim_chown_failure(-1, name, owner, group) : 0; - } -- - #endif /* !MACRO_PREDEF && !COMPILE_UTILITY */ -+ - /******************************************************************************/ - /* String functions */ - -diff --git src/globals.c src/globals.c -index 85a25a7f2..72449229e 100644 ---- src/globals.c -+++ src/globals.c -@@ -311,6 +311,7 @@ struct global_flags f = - .synchronous_delivery = FALSE, - .system_filtering = FALSE, - -+ .taint_check_slow = FALSE, - .tcp_fastopen_ok = FALSE, - .tcp_in_fastopen = FALSE, - .tcp_in_fastopen_data = FALSE, -diff --git src/globals.h src/globals.h -index ca342acc2..ac7bb8ef3 100644 ---- src/globals.h -+++ src/globals.h -@@ -272,6 +272,7 @@ extern struct global_flags { - BOOL synchronous_delivery :1; /* TRUE if -odi is set */ - BOOL system_filtering :1; /* TRUE when running system filter */ - -+ BOOL taint_check_slow :1; /* malloc/mmap are not returning distinct ranges */ - BOOL tcp_fastopen_ok :1; /* appears to be supported by kernel */ - BOOL tcp_in_fastopen :1; /* conn usefully used fastopen */ - BOOL tcp_in_fastopen_data :1; /* fastopen carried data */ -diff --git src/mytypes.h src/mytypes.h -index ceb9f1b55..e31ee8c1a 100644 ---- src/mytypes.h -+++ src/mytypes.h -@@ -100,19 +100,15 @@ functions that are called quite often; for other calls to external libraries - #define Uread(f,b,l) read(f,CS(b),l) - #define Urename(s,t) rename(CCS(s),CCS(t)) - #define Ustat(s,t) stat(CCS(s),t) --#define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__) - #define Ustrchr(s,n) US strchr(CCS(s),n) - #define CUstrchr(s,n) CUS strchr(CCS(s),n) - #define CUstrerror(n) CUS strerror(n) - #define Ustrcmp(s,t) strcmp(CCS(s),CCS(t)) --#define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__) - #define Ustrcpy_nt(s,t) strcpy(CS s, CCS t) /* no taint check */ - #define Ustrcspn(s,t) strcspn(CCS(s),CCS(t)) - #define Ustrftime(s,m,f,t) strftime(CS(s),m,f,t) - #define Ustrlen(s) (int)strlen(CCS(s)) --#define Ustrncat(s,t,n) __Ustrncat(s, CUS(t),n, __FUNCTION__, __LINE__) - #define Ustrncmp(s,t,n) strncmp(CCS(s),CCS(t),n) --#define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t),n, __FUNCTION__, __LINE__) - #define Ustrncpy_nt(s,t,n) strncpy(CS s, CCS t, n) /* no taint check */ - #define Ustrpbrk(s,t) strpbrk(CCS(s),CCS(t)) - #define Ustrrchr(s,n) US strrchr(CCS(s),n) -@@ -125,57 +121,17 @@ functions that are called quite often; for other calls to external libraries - #define Ustrtoul(s,t,b) strtoul(CCS(s),CSS(t),b) - #define Uunlink(s) unlink(CCS(s)) - --extern void die_tainted(const uschar *, const uschar *, int); -- --/* Predicate: if an address is in a tainted pool. --By extension, a variable pointing to this address is tainted. --*/ -- --static inline BOOL --is_tainted(const void * p) --{ --#if defined(COMPILE_UTILITY) || defined(MACRO_PREDEF) --return FALSE; -- --#elif defined(TAINT_CHECK_SLOW) --extern BOOL is_tainted_fn(const void *); --return is_tainted_fn(p); -- -+#ifdef EM_VERSION_C -+# define Ustrcat(s,t) strcat(CS(s), CCS(t)) -+# define Ustrcpy(s,t) strcpy(CS(s), CCS(t)) -+# define Ustrncat(s,t,n) strncat(CS(s), CCS(t), n) -+# define Ustrncpy(s,t,n) strncpy(CS(s), CCS(t), n) - #else --extern void * tainted_base, * tainted_top; --return p >= tainted_base && p < tainted_top; --#endif --} -- --static inline uschar * __Ustrcat(uschar * dst, const uschar * src, const char * func, int line) --{ --#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) --if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcat", CUS func, line); --#endif --return US strcat(CS dst, CCS src); --} --static inline uschar * __Ustrcpy(uschar * dst, const uschar * src, const char * func, int line) --{ --#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) --if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrcpy", CUS func, line); --#endif --return US strcpy(CS dst, CCS src); --} --static inline uschar * __Ustrncat(uschar * dst, const uschar * src, size_t n, const char * func, int line) --{ --#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) --if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncat", CUS func, line); --#endif --return US strncat(CS dst, CCS src, n); --} --static inline uschar * __Ustrncpy(uschar * dst, const uschar * src, size_t n, const char * func, int line) --{ --#if !defined(COMPILE_UTILITY) && !defined(MACRO_PREDEF) --if (!is_tainted(dst) && is_tainted(src)) die_tainted(US"Ustrncpy", CUS func, line); -+# define Ustrcat(s,t) __Ustrcat(s, CUS(t), __FUNCTION__, __LINE__) -+# define Ustrcpy(s,t) __Ustrcpy(s, CUS(t), __FUNCTION__, __LINE__) -+# define Ustrncat(s,t,n) __Ustrncat(s, CUS(t), n, __FUNCTION__, __LINE__) -+# define Ustrncpy(s,t,n) __Ustrncpy(s, CUS(t), n, __FUNCTION__, __LINE__) - #endif --return US strncpy(CS dst, CCS src, n); --} --/*XXX will likely need unchecked copy also */ - - #endif - /* End of mytypes.h */ -diff --git src/store.c src/store.c -index a06e1c19a..692a993e9 100644 ---- src/store.c -+++ src/store.c -@@ -162,8 +162,14 @@ static void internal_tainted_free(storeblock *, const char *, int linenumber); - - /******************************************************************************/ - --/* Slower version check, for use when platform intermixes malloc and mmap area --addresses. */ -+/* Test if a pointer refers to tainted memory. -+ -+Slower version check, for use when platform intermixes malloc and mmap area -+addresses. Test against the current-block of all tainted pools first, then all -+blocks of all tainted pools. -+ -+Return: TRUE iff tainted -+*/ - - BOOL - is_tainted_fn(const void * p) -@@ -171,23 +177,20 @@ is_tainted_fn(const void * p) - storeblock * b; - int pool; - --for (pool = 0; pool < nelem(chainbase); pool++) -+for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) - if ((b = current_block[pool])) - { -- char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; -- if (CS p >= bc && CS p <= bc + b->length) goto hit; -+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; -+ if (US p >= bc && US p <= bc + b->length) return TRUE; - } - --for (pool = 0; pool < nelem(chainbase); pool++) -+for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) - for (b = chainbase[pool]; b; b = b->next) - { -- char * bc = CS b + ALIGNED_SIZEOF_STOREBLOCK; -- if (CS p >= bc && CS p <= bc + b->length) goto hit; -+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; -+ if (US p >= bc && US p <= bc + b->length) return TRUE; - } - return FALSE; -- --hit: --return pool >= POOL_TAINT_BASE; - } - - -@@ -198,6 +201,13 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n", - msg, func, line); - } - -+static void -+use_slow_taint_check(void) -+{ -+DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n"); -+f.taint_check_slow = TRUE; -+} -+ - - /************************************************* - * Get a block from the current pool * -@@ -820,6 +830,14 @@ if (!(yield = malloc((size_t)size))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "failed to malloc %d bytes of memory: " - "called from line %d in %s", size, linenumber, func); - -+/* If malloc ever returns apparently tainted memory, which glibc -+malloc will as it uses mmap for larger requests, we must switch to -+the slower checking for tainting (checking an address against all -+the tainted pool block spans, rather than just the mmap span) */ -+ -+if (!f.taint_check_slow && is_tainted(yield)) -+ use_slow_taint_check(); -+ - return store_alloc_tail(yield, size, func, linenumber, US"Malloc"); - } - --- -2.24.1 - Property changes on: head/mail/exim/files/74_22-Taint-hybrid-checking-mode.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch =================================================================== --- head/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch (revision 537519) +++ head/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch (nonexistent) @@ -1,83 +0,0 @@ -From ccf4e2396b27b519174aa79552e61d11aafbdc36 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Fri, 17 Jan 2020 21:55:11 +0000 -Subject: [PATCH 23/23] Fix taint hybrid-checking on BSD - -(cherry-picked from commit 677481d4fc) -Broken-by: 1ccd26e242 ---- - src/store.c | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git src/store.c src/store.c -index 692a993e9..6118ef28d 100644 ---- src/store.c -+++ src/store.c -@@ -175,16 +175,15 @@ BOOL - is_tainted_fn(const void * p) - { - storeblock * b; --int pool; - --for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) -+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) - if ((b = current_block[pool])) - { - uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; - if (US p >= bc && US p <= bc + b->length) return TRUE; - } - --for (pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) -+for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++) - for (b = chainbase[pool]; b; b = b->next) - { - uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; -@@ -204,10 +203,28 @@ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Taint mismatch, %s: %s %d\n", - static void - use_slow_taint_check(void) - { -+#ifndef COMPILE_UTILITY - DEBUG(D_any) debug_printf("switching to slow-mode taint checking\n"); -+#endif - f.taint_check_slow = TRUE; - } - -+static void -+verify_all_untainted(void) -+{ -+for (int pool = 0; pool < POOL_TAINT_BASE; pool++) -+ for (storeblock * b = chainbase[pool]; b; b = b->next) -+ { -+ uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK; -+ if (is_tainted(bc)) -+ { -+ use_slow_taint_check(); -+ return; -+ } -+ } -+} -+ -+ - - /************************************************* - * Get a block from the current pool * -@@ -740,7 +757,7 @@ int pool = tainted ? store_pool + POOL_TAINT_BASE : store_pool; - BOOL release_ok = !tainted && store_last_get[pool] == block; - uschar * newtext; - --#ifndef MACRO_PREDEF -+#if !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY) - if (is_tainted(block) != tainted) - die_tainted(US"store_newblock", CUS func, linenumber); - #endif -@@ -799,6 +816,7 @@ if (!(yield = mmap(NULL, (size_t)size, - - if (yield < tainted_base) tainted_base = yield; - if ((top = US yield + size) > tainted_top) tainted_top = top; -+if (!f.taint_check_slow) use_slow_taint_check(); - - return store_alloc_tail(yield, size, func, line, US"Mmap"); - } --- -2.24.1 - Property changes on: head/mail/exim/files/74_23-Fix-taint-hybrid-checking-on-BSD.patch ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/mail/exim/files/POST-INSTALL-NOTES =================================================================== --- head/mail/exim/files/POST-INSTALL-NOTES (revision 537519) +++ head/mail/exim/files/POST-INSTALL-NOTES (revision 537520) @@ -1,42 +1,48 @@ +[ +{ type: install + message: < Exim options (command line) %%DOCSDIR%%/spec.txt -> Exim Specification (User Guide) %%DOCSDIR%%/filter.txt -> Exim Filter Specification (for end-users) Postscript, PDF, HTML and texinfo versions of these documents can be installed via one of the mail/exim-doc-* ports. An online version as well as a comprehensive FAQ and a mailing list archive is available at: http://www.exim.org/ Descriptions of new features not available it the manual, and a listing of all changes, including bug fixes are documented in: %%DOCSDIR%%/NewStuff %%DOCSDIR%%/ChangeLog To use Exim instead of sendmail on startup: *) Clear the sendmail queue and stop the sendmail daemon. *) Adjust mailer.conf(5) as appropriate. *) Set the 'sendmail_enable' rc.conf(5) variable to 'NONE'. *) Set the 'daily_status_include_submit_mailq' and 'daily_clean_hoststat_enable' periodic.conf(5) variables to 'NO'. *) Consider setting 'daily_queuerun_enable' and 'daily_submit_queuerun' to "NO" in periodic.conf(5), if you intend to manage queue runners / deliveries closely. *) Set the 'exim_enable' rc.conf(5) variable to 'YES'. *) Start exim with '%%PREFIX%%/etc/rc.d/exim start'. You may also want to configure newsyslog(8) to rotate Exim log files: %%LOGDIR%%/mainlog mailnull:mail 640 7 * @T00 ZN %%LOGDIR%%/rejectlog mailnull:mail 640 7 * @T00 ZN Additional scripts to help upgrading are installed in: %%EXAMPLESDIR%% +EOM +} +] Index: head/mail/exim/files/POST-INSTALL-NOTES.clamd =================================================================== --- head/mail/exim/files/POST-INSTALL-NOTES.clamd (revision 537519) +++ head/mail/exim/files/POST-INSTALL-NOTES.clamd (revision 537520) @@ -1,46 +1,52 @@ +[ +{ type: install + message: < +EOM +} +] Index: head/mail/exim/files/patch-src-auths-call_radius.c =================================================================== --- head/mail/exim/files/patch-src-auths-call_radius.c (revision 537519) +++ head/mail/exim/files/patch-src-auths-call_radius.c (revision 537520) @@ -1,92 +1,92 @@ ---- src/auths/call_radius.c.orig 2019-12-08 12:53:48 UTC -+++ src/auths/call_radius.c -@@ -112,37 +112,37 @@ rc_openlog("exim"); +--- src/auths/call_radius.c.orig 2020-05-30 22:35:38.000000000 +0200 ++++ src/auths/call_radius.c 2020-06-01 19:54:14.402105000 +0200 +@@ -113,37 +113,37 @@ #ifdef RADIUS_LIB_RADIUSCLIENT if (rc_read_config(RADIUS_CONFIG_FILE) != 0) - *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE); + *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE); else if (rc_read_dictionary(rc_conf_str("dictionary")) != 0) -- *errptr = string_sprintf("RADIUS: can't read dictionary"); +- *errptr = US"RADIUS: can't read dictionary"; + *errptr = string_sprintf("%s", "RADIUS: can't read dictionary"); - else if (rc_avpair_add(&send, PW_USER_NAME, user, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add user name failed\n"); + else if (!rc_avpair_add(&send, PW_USER_NAME, user, 0)) +- *errptr = US"RADIUS: add user name failed"; + *errptr = string_sprintf("%s", "RADIUS: add user name failed\n"); - else if (rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add password failed\n"); + else if (!rc_avpair_add(&send, PW_USER_PASSWORD, CS radius_args, 0)) +- *errptr = US"RADIUS: add password failed"); + *errptr = string_sprintf("%s", "RADIUS: add password failed\n"); - else if (rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add service type failed\n"); + else if (!rc_avpair_add(&send, PW_SERVICE_TYPE, &service, 0)) +- *errptr = US"RADIUS: add service type failed"; + *errptr = string_sprintf("%s", "RADIUS: add service type failed\n"); #else /* RADIUS_LIB_RADIUSCLIENT unset => RADIUS_LIB_RADIUSCLIENT2 */ - if ((h = rc_read_config(RADIUS_CONFIG_FILE)) == NULL) + if (!(h = rc_read_config(RADIUS_CONFIG_FILE))) - *errptr = string_sprintf("RADIUS: can't open %s", RADIUS_CONFIG_FILE); + *errptr = string_sprintf("%s", "RADIUS: can't open %s", RADIUS_CONFIG_FILE); else if (rc_read_dictionary(h, rc_conf_str(h, "dictionary")) != 0) -- *errptr = string_sprintf("RADIUS: can't read dictionary"); +- *errptr = US"RADIUS: can't read dictionary"; + *errptr = string_sprintf("%s", "RADIUS: can't read dictionary"); - else if (rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0) == NULL) -- *errptr = string_sprintf("RADIUS: add user name failed\n"); + else if (!rc_avpair_add(h, &send, PW_USER_NAME, user, Ustrlen(user), 0)) +- *errptr = US"RADIUS: add user name failed"; + *errptr = string_sprintf("%s", "RADIUS: add user name failed\n"); - else if (rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args, - Ustrlen(radius_args), 0) == NULL) -- *errptr = string_sprintf("RADIUS: add password failed\n"); + else if (!rc_avpair_add(h, &send, PW_USER_PASSWORD, CS radius_args, + Ustrlen(radius_args), 0)) +- *errptr = US"RADIUS: add password failed"; + *errptr = string_sprintf("%s", "RADIUS: add password failed\n"); - else if (rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0) == NULL) -- *errptr = string_sprintf("RADIUS: add service type failed\n"); + else if (!rc_avpair_add(h, &send, PW_SERVICE_TYPE, &service, 0, 0)) +- *errptr = US"RADIUS: add service type failed"; + *errptr = string_sprintf("%s", "RADIUS: add service type failed\n"); #endif /* RADIUS_LIB_RADIUSCLIENT */ -@@ -175,7 +175,7 @@ switch (result) +@@ -176,7 +176,7 @@ - default: case BADRESP_RC: -- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); -+ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); - return ERROR; + default: +- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); ++ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); + return ERROR; } -@@ -186,7 +186,7 @@ switch (result) - h = rad_auth_open(); - if (h == NULL) +@@ -186,7 +186,7 @@ + + if (!(h = rad_auth_open())) { - *errptr = string_sprintf("RADIUS: can't initialise libradius"); + *errptr = string_sprintf("%s", "RADIUS: can't initialise libradius"); return ERROR; } if (rad_config(h, RADIUS_CONFIG_FILE) != 0 || -@@ -196,7 +196,7 @@ if (rad_config(h, RADIUS_CONFIG_FILE) != 0 || +@@ -196,7 +196,7 @@ rad_put_int(h, RAD_SERVICE_TYPE, RAD_AUTHENTICATE_ONLY) != 0 || rad_put_string(h, RAD_NAS_IDENTIFIER, CS primary_hostname) != 0) { - *errptr = string_sprintf("RADIUS: %s", rad_strerror(h)); + *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h)); result = ERROR; } else -@@ -214,12 +214,12 @@ else - break; +@@ -211,12 +211,12 @@ + break; case -1: -- *errptr = string_sprintf("RADIUS: %s", rad_strerror(h)); -+ *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h)); - result = ERROR; - break; +- *errptr = string_sprintf("RADIUS: %s", rad_strerror(h)); ++ *errptr = string_sprintf("%s", "RADIUS: %s", rad_strerror(h)); + result = ERROR; + break; default: -- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); -+ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); - result= ERROR; - break; +- *errptr = string_sprintf("RADIUS: unexpected response (%d)", result); ++ *errptr = string_sprintf("%s", "RADIUS: unexpected response (%d)", result); + result= ERROR; + break; }