Pullup ticket #6455 - requested by abs

mail/exim: security fix

Revisions pulled up:
- mail/exim/Makefile                                            1.185
- mail/exim/distinfo                                            1.79
- mail/exim/patches/patch-src_store.c                           deleted

---
   Module Name:    pkgsrc
   Committed By:   abs
   Date:           Tue May  4 20:29:39 UTC 2021

   Modified Files:
           pkgsrc/mail/exim: Makefile distinfo

   Log Message:
   Updated mail/exim to 4.94.2

   This includes a number of serious security fixes (one of which was
   included in a now obsoleted pkgsrc patch)

       CVE-2020-28016
       CVE-2020-BDATA
       CVE-2020-EXOPT
       CVE-2020-PFPSN
       CVE-2020-RCPTL
       CVE-2020-SLCWD
       CVE-2020-SPRSS

   Since Exim version 4.94
   -----------------------

   JH/02 Bug 2587: Fix pam expansion condition.  Tainted values are commonly used
         as arguments, so an implementation trying to copy these into a local
         buffer was taking a taint-enforcement trap.  Fix by using dynamically
         created buffers.  Similar fix for radius expansion condition.

   JH/03 Bug 2586: Fix listcount expansion operator.  Using tainted arguments is
         reasonable, eg. to count headers.  Fix by using dynamically created
         buffers rather than a local.  Do similar fixes for ACL actions "dcc",
         "log_reject_target", "malware" and "spam"; the arguments are expanded
         so could be handling tainted values.

   JH/04 Bug 2590: Fix -bi (newaliases).  A previous code rearrangement had
         broken the (no-op) support for this sendmail command.  Restore it
         to doing nothing, silently, and returning good status.

   JH/05 Bug 2593: Fix "vacation" in Exim filter.  Previously, when a "once"
         record path was given (or the default used) without a leading directory
         path, an error occurred on trying to open it.  Use the transport's working
         directory.

   JH/06 Bug 2594: Change the name used for certificate name checks in the smtp
         transport.  Previously it was the name on the DNS A-record; use instead
         the head of the CNAME chain leading there (if there is one).  This seems
         to align better with RFC 6125.

   JH/07 Bug 2597: Fix a resource leak.  Using a lookup in obtaining a value for
         smtp_accept_max_per_host allocated resources which were not released
         when the limit was exceeded.  This eventually crashed the daemon.  Fix
         by adding a relase action in that path.

   JH/08 Bug 2598: Fix verify ACL condition.  The options for the condition are
         expanded; previously using tainted values was rejected.  Fix by using
         dynamically-created buffers.

   JH/10 Bug 2603: Fix coding of string copying to only evaluate arguments once.
         Previously a macro used one argument twice; when called with the
         argument as an expression having side-effects, incorrect operation
         resulted.  Use an inlineable function.

   JH/11 Bug 2604: Fix request to cutthrough-deliver when a connection is already
         held open for a verify callout.  Previously this wan not accounted for
         and a corrupt onward SMTP conversation resulted.

   JH/13 Fix dsearch "subdir" filter to ignore ".".  Previously only ".." was
         excluded, not matching the documentation.

   JH/14 Bug 2606: Fix a segfault in sqlite lookups.  When no, or a bad, filename
         was given for the sqlite_dbfile a trap resulted.

   JH/15 Bug 2620: Fix "spam" ACL condition.  Previously, tainted values for the
         "name" argument resulted in a trap.  There is no reason to disallow such;
         this was a coding error.

   JH/16 Bug 2615: Fix pause during message reception, on systems that have been
         suspended/resumed.  The Linux CLOCK_MONOTONIC does not account for time
         spent suspended, ignoring the Posix definition.  Previously we assumed
         it did and a constant offset from real time could be used as a correction.
         Change to using the same clock source for the start-of-message and the
         post-message next-tick-wait.  Also change to using CLOCK_BOOTTIME if it
         exists, just to get a clock slightly more aligned to reality.

   JH/17 Bug 2295: Fix DKIM signing to always semicolon-terminate.  Although the
         RFC says it is optional some validators care.  The missing char was not
         intended but triggered by a line-wrap alignement.  Discovery and fix by
         Guillaume Outters, hacked on by JH.

   JH/18 Bug 2617: Fix a taint trap in parse_fix_phrase().  Previously when the
         name being quoted was tainted a trap would be taken.  Fix by using
         dynamicaly created buffers.  The routine could have been called by a
         rewrite with the "h" flag, by using the "-F" command-line option, or
         by using a "name=" option on a control=submission ACL modifier.

   JH/21 Bug 2630: Fix eol-replacement string for the ${readsocket } expansion.
         Previously when a whitespace character was specified it was not inserted
         after removing the newline.

   JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
         is_tainted() had an off-by-one error in the overenthusiastic direction.
         Find and fix by Gavan.  Although NetBSD is not a supported platform for
         4.94 this bug could affect other platforms.

   JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for
         is_tainted() had an off-by-one error in the overenthusiastic direction.
         Find and fix by Gavan.  Although NetBSD is not a supported platform for
         4.94 this bug could affect other platforms.
   JH/21 Bug 2630: Fix eol-replacement string for the ${readsocket } expansion.
         Previously when a whitespace character was specified it was not inserted
         after removing the newline.

   JH/22 Bug 2265: Force SNI usage for smtp transport DANE'd connections, to be
         the domain part of the recipient address.  This overrides any tls_sni
         option set, which was previously used.

   JH/23 Logging: with the +tls_sni log_selector, do not wrap the received SNI
         in quotes.

   JH/26 Bug 2646: fix a memory usage issue in ldap lookups.  Previously, when more
         than one server was defined and depending on the platform memory layout
         details, an internal consistency trap could be hit while walking the list
         of servers.

   JH/27 Bug 2648: fix the passing of an authenticator public-name through spool
         files.  The value is used by the authresults expansion item.  Previously
         if this was used in a router or transport, a crash could result.

   JH/30 Bug 2677: fix matching of long addresses. Since 4.93 a limit of 256 was
         applied. This resulted, if any header-line rewrite rules were configured,
         in a panic-log trigerrable by sending a message with a long address in
         a header. Fix by increaing the arbitrary limit to larger than a single
         (dewrapped) 5322 header line maximum size.

   JH/31 The ESMTP option name advertised for the SUPPORT_EARLY_PIPE build option
         is changed from X_PIPE_CONNECT to PIPE_CONNECT. This is in line with
         RFC 6648 which deprecates X- options in protocols as a general practice.
         Changeover between the implementations is handled by the mechanisms
         alrready coded.

   JH/32 Bug 2599: fix delay of delivery to a local address where there is also
         a remote which uses callout/hold.  Previously the local was queued.

   JH/33 Fix a taint trap in the ${listextract } expansion when the source data
         was tainted.

   JH/35 Bug 2343: Harden exim_tidydb against corrupt wait- files.

   JH/36 Bug 2687: Fix interpretation of multiple ^ chars in a plaintext
         authenticator client_send option.  Previously the next char, after a pair
         was collapsed, was taken verbatim (so ^^^foo became ^^foo; ^^^^foo became
         ^^\x00foo). Fixed to get ^\x00foo and ^^foo respectively to match the
         documentation.  There is still no way to get a leading ^ immediately
         after a NUL (ie. for the password of a PLAIN method authenticator.

   JH/39 Bug 2691: fix $local_part_data.  When the matching list element
         referred to a file, bad data was returned.  This likely also affected
         $domain_part_data.

   JH/41 Fix daemon SIGHUP on FreeBSD.  Previously, a named socket for IPC was
         left undeleted; the attempt to re-create it then failed - resulting in
         the usual "SIGHUP tp have daemon reload configuration" to not work.
         This affected any platform not supporting "abstract" Unix-domain
         sockets (i.e. not Linux).

   JH/42 Bug 2692: Harden against a peer which reneges on a 452 "too many
         recipients" response to RCPT in a later response, with a 250.  The
         previous coding assumed this would not happen, and under PIPELINING
         would result in both lost and duplicate recipients for a message.

   JH/43 Bug 2694: Fix weighted distribution of work to multiple spamd servers.
         Previously the weighting was incorrectly applied.  Similar fix for socks
         proxies.  Found and fixed by Heiko Schlichting.

   JH/44 Bug 2701: Fix list-expansion of dns_ipv4_lookup.  Previously, it did
         not handle sub-lists included using the +namedlist syntax.  While
         investigating, the same found for dns_trust_aa, dns_again_means_nonexist,
         dnssec_require_domains, dnssec_request_domains, srv_fail_domains,
         mx_fail_domains.

   HS/01 Enforce absolute PID file path name.

   HS/02 Handle SIGINT as we handle SIGTERM: terminate the Exim process.

   PP/01 Add a too-many-bad-recipients guard to the default config's RCPT ACL.

   PP/02 Bug 2643: Correct TLS DH constants.
         A missing NUL termination in our code-generation tool had led to some
         incorrect Diffie-Hellman constants in the Exim source.
         Reported by kylon94, code-gen tool fix by Simon Arlott.

   PP/03 Impose security length checks on various command-line options.
         Fixes CVE-2020-SPRSS reported by Qualys.

   PP/04 Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
         better.  Reported by Qualys.

   PP/05 Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
         providing a particularly obnoxious sender full name.
         Reported by Qualys.

   PP/06 Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()

   PP/07 Refuse to allocate too little memory, block negative/zero allocations.
         Security guard.

   PP/08 Change default for recipients_max from unlimited to 50,000.

   PP/09 Fix security issue with too many recipients on a message (to remove a
         known security problem if someone does set recipients_max to unlimited,
         or if local additions add to the recipient list).
         Fixes CVE-2020-RCPTL reported by Qualys.

   PP/10 Fix security issue in SMTP verb option parsing
         Fixes CVE-2020-EXOPT reported by Qualys.

   PP/11 Fix security issue in BDAT state confusion.
         Ensure we reset known-good where we know we need to not be reading BDAT
         data, as a general case fix, and move the places where we switch to BDAT
         mode until after various protocol state checks.
         Fixes CVE-2020-BDATA reported by Qualys.

   HS/03 Die on "/../" in msglog file names

   QS/01 Creation of (database) files in $spool_dir: only uid=0 or the uid of
         the Exim runtime user are allowed to create files.

   QS/02 PID file creation/deletion: only possible if uid=0 or uid is the Exim
         runtime user.

   QS/03 When reading the output from interpreted forward files we do not
         pass the pipe between the parent and the interpreting process to
         executed child processes (if any).

   QS/04 Always die if requested from internal logging, even is logging is
         disabled.

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Thu May  6 07:08:54 UTC 2021

   Removed Files:
           pkgsrc/mail/exim/patches: patch-src_store.c

   Log Message:
   exim: remove patch from distinfo that was removed from repository during update

3 files changed, 10 insertions, 33 deletions

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 4114a88af75..f60c39ec6cd 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.183 2020/11/05 09:08:35 ryoon Exp $
+# $NetBSD: Makefile,v 1.183.4.1 2021/05/07 19:05:18 bsiegert Exp $
 
-DISTNAME=	exim-4.94
-PKGREVISION=	4
+DISTNAME=	exim-4.94.2
 CATEGORIES=	mail net
-MASTER_SITES=	ftp://ftp.exim.org/pub/exim/exim4/
-MASTER_SITES+=	https://ftp.exim.org/pub/exim/exim4/
-MASTER_SITES+=	ftp://ftp.exim.org/pub/exim/exim4/fixes/
+MASTER_SITES=	https://ftp.exim.org/pub/exim/exim4/
 MASTER_SITES+=	https://ftp.exim.org/pub/exim/exim4/fixes/
+MASTER_SITES+=	ftp://ftp.exim.org/pub/exim/exim4/
+MASTER_SITES+=	ftp://ftp.exim.org/pub/exim/exim4/fixes/
 EXTRACT_SUFX=	.tar.xz
 
 MAINTAINER=	abs@NetBSD.org
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index b45efa9b780..06eaa00a6d2 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.78 2020/08/20 16:40:57 gavan Exp $
+$NetBSD: distinfo,v 1.78.6.1 2021/05/07 19:05:18 bsiegert Exp $
 
-SHA1 (exim-4.94.tar.xz) = 60323c206be7d9f535c4bd369b470a514e489cd5
-RMD160 (exim-4.94.tar.xz) = 6b51d059d9667c732df9ccb87f0de9b341c35281
-SHA512 (exim-4.94.tar.xz) = 3bf95ade30902327403e7308089a3e423761da5b0745397dace7c7fd15ba3838d93e0ee418f1fed57606f79e57b793c7c7407e5c0d526146f0036126d5d95316
-Size (exim-4.94.tar.xz) = 1828824 bytes
+SHA1 (exim-4.94.2.tar.xz) = 4854541833583d82c6e667d3dde566d41162eec3
+RMD160 (exim-4.94.2.tar.xz) = 4de1b7cca08ccbcaf3987332d15cd1fbc6135c9b
+SHA512 (exim-4.94.2.tar.xz) = 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc
+Size (exim-4.94.2.tar.xz) = 1838076 bytes
 SHA1 (patch-Local_Makefile.pkgsrc) = 7d6971cfe6f6fecf854926e90460b1a8bcd6a79d
 SHA1 (patch-OS_Makefile-Default) = 6af17f036ed02a3bc37c1f303269eea447fcb691
 SHA1 (patch-lookups_Makefile) = cfc40dba3f75ef37b9887f7767139ad50cf9d4e5
 SHA1 (patch-scripts_exim__install) = aa0a31e77d5f76e33bc92140c14d39c79f710b95
 SHA1 (patch-src_exicyclog.src) = cea5f04f52c9264fd7d279c046686dac2dc57a65
-SHA1 (patch-src_store.c) = db12aefb50c2741cb525b7363c4bafbe353dfc5f
diff --git a/mail/exim/patches/patch-src_store.c b/mail/exim/patches/patch-src_store.c
deleted file mode 100644
index 29f9cd12807..00000000000
--- a/mail/exim/patches/patch-src_store.c
+++ /dev/null
@@ -1,21 +0,0 @@
-$NetBSD: patch-src_store.c,v 1.1 2020/08/20 16:40:57 gavan Exp $
-
---- src/store.c.orig	2020-05-30 20:35:38.000000000 +0000
-+++ src/store.c
-@@ -188,14 +188,14 @@ for (int pool = POOL_TAINT_BASE; pool < 
-   if ((b = current_block[pool]))
-     {
-     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
--    if (US p >= bc && US p <= bc + b->length) return TRUE;
-+    if (US p >= bc && US p < bc + b->length) return TRUE;
-     }
- 
- for (int pool = POOL_TAINT_BASE; pool < nelem(chainbase); pool++)
-   for (b = chainbase[pool]; b; b = b->next)
-     {
-     uschar * bc = US b + ALIGNED_SIZEOF_STOREBLOCK;
--    if (US p >= bc && US p <= bc + b->length) return TRUE;
-+    if (US p >= bc && US p < bc + b->length) return TRUE;
-     }
- return FALSE;
- }