# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Contributor: Ćukasz Jendrysik <scadu@yandex.com>
# Contributor: Jesse Young <jlyo@jlyo.org>
-# Maintainer: Jesse Young <jlyo@jlyo.org>
+# Contributor: Celeste <cielesti@protonmail.com>
+# Maintainer: sev <sev+alpine@sev.monster>
pkgname=exim-openldap
_pkgname=exim
provides=$_pkgname
-pkgver=4.95
-pkgrel=1
+pkgver=4.97.1
+pkgrel=0
pkgdesc="Replacement package for exim with built-in OpenLDAP support"
url="https://www.exim.org/"
arch="all"
pkggroups="$_pkgname mail"
depends="ca-certificates exim-openrc"
makedepends="bash tdb-dev gawk libidn-dev libspf2-dev linux-headers
- mariadb-connector-c-dev openssl1.1-compat-dev pcre-dev perl libpq-dev sqlite-dev
+ mariadb-connector-c-dev openssl-dev>3 pcre2-dev perl
+ perl-file-fcntllock libpq-dev sqlite-dev
openldap-dev
"
install="$pkgname.pre-install"
source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
bounce-charset.patch
+ dnsdb-multi-chunk.patch
exim.Makefile
exim.logrotate
"
builddir="$srcdir/$_pkgname-$pkgver"
# secfixes:
+# 4.97.1-r0:
+# - CVE-2023-51766
+# 4.96.2-r0:
+# - CVE-2023-42117
+# - CVE-2023-42119
+# 4.96.1-r0:
+# - CVE-2023-42114
+# - CVE-2023-42115
+# - CVE-2023-42116
# 4.94.2-r0:
# - CVE-2021-27216
# - CVE-2020-28007
}
build() {
+ export CFLAGS="$CFLAGS -DNO_EXECINFO"
make makefile
make
}
}
sha512sums="
-93d09c20d99f27da5edbe3e6dc7d25aa4548faa2b67ca26f2cc0b4aeaf58398dd468e0263714fcf0df97531f05d16fcd3f1f0e9d0656ead7858a66b248a44a65 exim-4.95.tar.xz
+dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed exim-4.96.2.tar.xz
691df92954f015711398350963ea321d143127bc731a985bcacc5364c71b6df84b6c21a2e8dc3cc2048fcd3dd02def3dc8015f4d84dd672f23d5a41348e72dc7 bounce-charset.patch
-4d2a33d2d9399c2d9485155585a180f1314fdc6f0ea164f3ebd74dbafa0b968f0edfbdd6d6ed7cdb4bc63696073b66f25e03317cc304192457e40fa30a12e207 exim.Makefile
+c1d430ab5175ba24eacd1b0c2586eb543045ff0bb71f73425ed290320463daa7cb710d1c61610a4c4c21591ed7204392c9cb4f69271e0b83082da59fa6a1352e exim.Makefile
28e748693a6a72d9943fa9c342ff041fe650fa6977f468dee127e845e6c2a91872ce33fb6f5698838906bde3ed92de7a91cdb0349cedc40b806261867e8c06cb exim.logrotate
"
--- a/src/deliver.c
+++ b/src/deliver.c
-@@ -7373,7 +7373,7 @@
+@@ -5696,7 +5696,7 @@
+
+ /* output human readable part as text/plain section */
+ fprintf(fp, "--%s\n"
+- "Content-type: text/plain; charset=us-ascii\n\n",
++ "Content-type: text/plain; charset=utf-8\n\n",
+ bound);
+
+ if ((emf_text = next_emf(emf, US"intro")))
+@@ -6066,7 +6066,7 @@
+
+ /* output human readable part as text/plain section */
+ fprintf(f, "--%s\n"
+- "Content-type: text/plain; charset=us-ascii\n\n",
++ "Content-type: text/plain; charset=utf-8\n\n",
+ bound);
+
+ if ((wmf_text = next_emf(wmf, US"intro")))
+@@ -6281,7 +6281,7 @@
"MIME-Version: 1.0\n\n"
"--%s\n"
"This message was created automatically by mail delivery software.\n"
" ----- The following addresses had successful delivery notifications -----\n",
-@@ -7644,7 +7644,7 @@
-
- /* output human readable part as text/plain section */
- fprintf(fp, "--%s\n"
-- "Content-type: text/plain; charset=us-ascii\n\n",
-+ "Content-type: text/plain; charset=utf-8\n\n",
- bound);
-
- if ((emf_text = next_emf(emf, US"intro")))
-@@ -8252,7 +8252,7 @@
-
- /* output human readable part as text/plain section */
- fprintf(f, "--%s\n"
-- "Content-type: text/plain; charset=us-ascii\n\n",
-+ "Content-type: text/plain; charset=utf-8\n\n",
- bound);
-
- if ((wmf_text = next_emf(wmf, US"intro")))
--- /dev/null
+Adapted from https://git.exim.org/exim.git/patch/79670d3c32ccb37fe06f25d8192943b58606a32a
+
+Reference: https://bugs.exim.org/show_bug.cgi?id=3054
+--
+From 79670d3c32ccb37fe06f25d8192943b58606a32a Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 17 Nov 2023 16:55:17 +0000
+Subject: [PATCH] Lookups: Fix dnsdb lookup of multi-chunk TXT. Bug 3054
+
+Broken=by: f6b1f8e7d642
+
+--- a/src/lookups/dnsdb.c
++++ b/src/lookups/dnsdb.c
+@@ -387,38 +387,31 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0)))
+ }
+
+ /* Other kinds of record just have one piece of data each, but there may be
+- several of them, of course. */
++ several of them, of course. TXT & SPF can have data in multiple chunks. */
+
+ if (yield->ptr) yield = string_catn(yield, outsep, 1);
+
+ if (type == T_TXT || type == T_SPF)
+- {
+- if (!outsep2) /* output only the first item of data */
++ for (unsigned data_offset = 0; data_offset + 1 < rr->size; )
+ {
+- uschar n = (rr->data)[0];
+- /* size byte + data bytes must not excced the RRs length */
+- if (n + 1 <= rr->size)
+- yield = string_catn(yield, US (rr->data+1), n);
++ uschar chunk_len = (rr->data)[data_offset];
++ int remain;
++
++ if (outsep2 && *outsep2 && data_offset != 0)
++ yield = string_catn(yield, outsep2, 1);
++
++ /* Apparently there are resolvers that do not check RRs before passing
++ them on, and glibc fails to do so. So every application must...
++ Check for chunk len exceeding RR */
++
++ remain = rr->size - ++data_offset;
++ if (chunk_len > remain)
++ chunk_len = remain;
++ yield = string_catn(yield, US ((rr->data) + data_offset), chunk_len);
++ data_offset += chunk_len;
++
++ if (!outsep2) break; /* output only the first chunk of the RR */
+ }
+- else
+- for (unsigned data_offset = 0; data_offset < rr->size; )
+- {
+- uschar chunk_len = (rr->data)[data_offset];
+- int remain = rr->size - data_offset;
+-
+- /* Apparently there are resolvers that do not check RRs before passing
+- them on, and glibc fails to do so. So every application must...
+- Check for chunk len exceeding RR */
+-
+- if (chunk_len > remain)
+- chunk_len = remain;
+-
+- if (*outsep2 && data_offset != 0)
+- yield = string_catn(yield, outsep2, 1);
+- yield = string_catn(yield, US ((rr->data) + ++data_offset), --chunk_len);
+- data_offset += chunk_len;
+- }
+- }
+ else if (type == T_TLSA)
+ if (rr->size < 3)
+ continue;
projects / aports.git / commitdiff