testing/exim-openldap: upgrade to 4.97.1

diff --git a/testing/exim-openldap/APKBUILD b/testing/exim-openldap/APKBUILD
index d955122d8bdc9665a3b326c113dba285391c53fb..5eb40872b852bacd8d0d194b3ef0b98f54db7d4c 100644 (file)
--- a/testing/exim-openldap/APKBUILD
+++ b/testing/exim-openldap/APKBUILD
@@ -3,12 +3,13 @@
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Contributor: Jesse Young <jlyo@jlyo.org>
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 # Contributor: Łukasz Jendrysik <scadu@yandex.com>
 # Contributor: Jesse Young <jlyo@jlyo.org>

-# Maintainer: Jesse Young <jlyo@jlyo.org>
+# Contributor: Celeste <cielesti@protonmail.com>
+# Maintainer: sev <sev+alpine@sev.monster>

 pkgname=exim-openldap
 _pkgname=exim
 provides=$_pkgname
 pkgname=exim-openldap
 _pkgname=exim
 provides=$_pkgname

-pkgver=4.95
-pkgrel=1
+pkgver=4.97.1
+pkgrel=0

 pkgdesc="Replacement package for exim with built-in OpenLDAP support"
 url="https://www.exim.org/"
 arch="all"
 pkgdesc="Replacement package for exim with built-in OpenLDAP support"
 url="https://www.exim.org/"
 arch="all"


@@ -18,18 +19,29 @@ pkgusers="$_pkgname"
 pkggroups="$_pkgname mail"
 depends="ca-certificates exim-openrc"
 makedepends="bash tdb-dev gawk libidn-dev libspf2-dev linux-headers
 pkggroups="$_pkgname mail"
 depends="ca-certificates exim-openrc"
 makedepends="bash tdb-dev gawk libidn-dev libspf2-dev linux-headers

-       mariadb-connector-c-dev openssl1.1-compat-dev pcre-dev perl libpq-dev sqlite-dev
+       mariadb-connector-c-dev openssl-dev>3 pcre2-dev perl
+       perl-file-fcntllock libpq-dev sqlite-dev

        openldap-dev
        "
 install="$pkgname.pre-install"
 source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
        bounce-charset.patch
        openldap-dev
        "
 install="$pkgname.pre-install"
 source="https://ftp.exim.org/pub/exim/exim4/exim-$pkgver.tar.xz
        bounce-charset.patch

+       dnsdb-multi-chunk.patch

        exim.Makefile
        exim.logrotate
        "
 builddir="$srcdir/$_pkgname-$pkgver"
 
 # secfixes:
        exim.Makefile
        exim.logrotate
        "
 builddir="$srcdir/$_pkgname-$pkgver"
 
 # secfixes:

+#   4.97.1-r0:
+#     - CVE-2023-51766
+#   4.96.2-r0:
+#     - CVE-2023-42117
+#     - CVE-2023-42119
+#   4.96.1-r0:
+#     - CVE-2023-42114
+#     - CVE-2023-42115
+#     - CVE-2023-42116

 #   4.94.2-r0:
 #     - CVE-2021-27216
 #     - CVE-2020-28007
 #   4.94.2-r0:
 #     - CVE-2021-27216
 #     - CVE-2020-28007


@@ -82,6 +94,7 @@ prepare() {
 }
 
 build() {
 }
 
 build() {

+       export CFLAGS="$CFLAGS -DNO_EXECINFO"

        make makefile
        make
 }
        make makefile
        make
 }


@@ -107,8 +120,8 @@ package() {
 }
 
 sha512sums="
 }
 
 sha512sums="

-93d09c20d99f27da5edbe3e6dc7d25aa4548faa2b67ca26f2cc0b4aeaf58398dd468e0263714fcf0df97531f05d16fcd3f1f0e9d0656ead7858a66b248a44a65  exim-4.95.tar.xz
+dc9f6a114e64ac826489edff88d50a24195b64714428e691c10a7bfb119b3ebb6455bf80cbb34dfd0a4e2e44cbde72effb009357a8e0a6065e512fe32092e3ed  exim-4.96.2.tar.xz

 691df92954f015711398350963ea321d143127bc731a985bcacc5364c71b6df84b6c21a2e8dc3cc2048fcd3dd02def3dc8015f4d84dd672f23d5a41348e72dc7  bounce-charset.patch
 691df92954f015711398350963ea321d143127bc731a985bcacc5364c71b6df84b6c21a2e8dc3cc2048fcd3dd02def3dc8015f4d84dd672f23d5a41348e72dc7  bounce-charset.patch

-4d2a33d2d9399c2d9485155585a180f1314fdc6f0ea164f3ebd74dbafa0b968f0edfbdd6d6ed7cdb4bc63696073b66f25e03317cc304192457e40fa30a12e207  exim.Makefile
+c1d430ab5175ba24eacd1b0c2586eb543045ff0bb71f73425ed290320463daa7cb710d1c61610a4c4c21591ed7204392c9cb4f69271e0b83082da59fa6a1352e  exim.Makefile

 28e748693a6a72d9943fa9c342ff041fe650fa6977f468dee127e845e6c2a91872ce33fb6f5698838906bde3ed92de7a91cdb0349cedc40b806261867e8c06cb  exim.logrotate
 "
 28e748693a6a72d9943fa9c342ff041fe650fa6977f468dee127e845e6c2a91872ce33fb6f5698838906bde3ed92de7a91cdb0349cedc40b806261867e8c06cb  exim.logrotate
 "

diff --git a/testing/exim-openldap/bounce-charset.patch b/testing/exim-openldap/bounce-charset.patch
index 5143328c288bea5e4ec74cde4ba5d5deb2e6a290..5ddc8416df1cc5a73f3fb5a3a41187c602f55769 100644 (file)
--- a/testing/exim-openldap/bounce-charset.patch
+++ b/testing/exim-openldap/bounce-charset.patch
@@ -1,6 +1,24 @@
 --- a/src/deliver.c
 +++ b/src/deliver.c
 --- a/src/deliver.c
 +++ b/src/deliver.c

-@@ -7373,7 +7373,7 @@
+@@ -5696,7 +5696,7 @@
+ 
+   /* output human readable part as text/plain section */
+   fprintf(fp, "--%s\n"
+-      "Content-type: text/plain; charset=us-ascii\n\n",
++      "Content-type: text/plain; charset=utf-8\n\n",
+     bound);
+ 
+   if ((emf_text = next_emf(emf, US"intro")))
+@@ -6066,7 +6066,7 @@
+ 
+ /* output human readable part as text/plain section */
+ fprintf(f, "--%s\n"
+-    "Content-type: text/plain; charset=us-ascii\n\n",
++    "Content-type: text/plain; charset=utf-8\n\n",
+   bound);
+ 
+ if ((wmf_text = next_emf(wmf, US"intro")))
+@@ -6281,7 +6281,7 @@

        "MIME-Version: 1.0\n\n"
  
        "--%s\n"
        "MIME-Version: 1.0\n\n"
  
        "--%s\n"


@@ -9,21 +27,3 @@
  
        "This message was created automatically by mail delivery software.\n"
        " ----- The following addresses had successful delivery notifications -----\n",
  
        "This message was created automatically by mail delivery software.\n"
        " ----- The following addresses had successful delivery notifications -----\n",

-@@ -7644,7 +7644,7 @@
- 
-       /* output human readable part as text/plain section */
-       fprintf(fp, "--%s\n"
--        "Content-type: text/plain; charset=us-ascii\n\n",
-+        "Content-type: text/plain; charset=utf-8\n\n",
-       bound);
- 
-       if ((emf_text = next_emf(emf, US"intro")))
-@@ -8252,7 +8252,7 @@
- 
-         /* output human readable part as text/plain section */
-         fprintf(f, "--%s\n"
--          "Content-type: text/plain; charset=us-ascii\n\n",
-+          "Content-type: text/plain; charset=utf-8\n\n",
-         bound);
- 
-         if ((wmf_text = next_emf(wmf, US"intro")))

diff --git a/testing/exim-openldap/dnsdb-multi-chunk.patch b/testing/exim-openldap/dnsdb-multi-chunk.patch
new file mode 100644 (file)
index 0000000..9b65a65
--- /dev/null
+++ b/testing/exim-openldap/dnsdb-multi-chunk.patch
@@ -0,0 +1,71 @@
+Adapted from https://git.exim.org/exim.git/patch/79670d3c32ccb37fe06f25d8192943b58606a32a
+
+Reference: https://bugs.exim.org/show_bug.cgi?id=3054
+--
+From 79670d3c32ccb37fe06f25d8192943b58606a32a Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 17 Nov 2023 16:55:17 +0000
+Subject: [PATCH] Lookups: Fix dnsdb lookup of multi-chunk TXT.  Bug 3054
+
+Broken=by: f6b1f8e7d642
+
+--- a/src/lookups/dnsdb.c
++++ b/src/lookups/dnsdb.c
+@@ -387,38 +387,31 @@ while ((domain = string_nextinlist(&keystring, &sep, NULL, 0)))
+         }
+ 
+       /* Other kinds of record just have one piece of data each, but there may be
+-      several of them, of course. */
++      several of them, of course.  TXT & SPF can have data in multiple chunks. */
+ 
+       if (yield->ptr) yield = string_catn(yield, outsep, 1);
+ 
+       if (type == T_TXT || type == T_SPF)
+-        {
+-        if (!outsep2)                 /* output only the first item of data */
++      for (unsigned data_offset = 0; data_offset + 1 < rr->size; )
+         {
+-        uschar n = (rr->data)[0];
+-        /* size byte + data bytes must not excced the RRs length */
+-        if (n + 1 <= rr->size)
+-          yield = string_catn(yield, US (rr->data+1), n);
++        uschar chunk_len = (rr->data)[data_offset];
++        int remain;
++
++        if (outsep2 && *outsep2 && data_offset != 0)
++          yield = string_catn(yield, outsep2, 1);
++
++        /* Apparently there are resolvers that do not check RRs before passing
++        them on, and glibc fails to do so.  So every application must...
++        Check for chunk len exceeding RR */
++
++        remain = rr->size - ++data_offset;
++        if (chunk_len > remain)
++          chunk_len = remain;
++        yield = string_catn(yield, US ((rr->data) + data_offset), chunk_len);
++        data_offset += chunk_len;
++
++        if (!outsep2) break;          /* output only the first chunk of the RR */
+         }
+-        else
+-          for (unsigned data_offset = 0; data_offset < rr->size; )
+-            {
+-            uschar chunk_len = (rr->data)[data_offset];
+-          int remain = rr->size - data_offset;
+-
+-          /* Apparently there are resolvers that do not check RRs before passing
+-          them on, and glibc fails to do so.  So every application must...
+-          Check for chunk len exceeding RR */
+-
+-          if (chunk_len > remain)
+-            chunk_len = remain;
+-
+-            if (*outsep2  && data_offset != 0)
+-              yield = string_catn(yield, outsep2, 1);
+-            yield = string_catn(yield, US ((rr->data) + ++data_offset), --chunk_len);
+-            data_offset += chunk_len;
+-            }
+-        }
+       else if (type == T_TLSA)
+       if (rr->size < 3)
+         continue;

diff --git a/testing/exim-openldap/exim.Makefile b/testing/exim-openldap/exim.Makefile
index 5ae8863cf15a4d4582a405ddb966ecb85370d294..a6368f2c85b1dce34c2e879241742b872ef46ed4 100644 (file)
--- a/testing/exim-openldap/exim.Makefile
+++ b/testing/exim-openldap/exim.Makefile
@@ -41,8 +41,7 @@ LOOKUP_SQLITE=2
 LOOKUP_SQLITE_LIBS=-Wl,--no-as-needed -lsqlite3
 MAKE_SHELL=/bin/bash
 NO_SYMLINK=yes
 LOOKUP_SQLITE_LIBS=-Wl,--no-as-needed -lsqlite3
 MAKE_SHELL=/bin/bash
 NO_SYMLINK=yes

-PCRE_CONFIG=yes
-PCRE_LIBS=-lpcre
+PCRE2_CONFIG=yes

 PID_FILE_PATH=/run/exim.pid
 ROUTER_ACCEPT=yes
 ROUTER_DNSLOOKUP=yes
 PID_FILE_PATH=/run/exim.pid
 ROUTER_ACCEPT=yes
 ROUTER_DNSLOOKUP=yes