diff options
author | Fabian Groffen <grobian@gentoo.org> | 2024-08-21 09:39:00 +0200 |
---|---|---|
committer | Fabian Groffen <grobian@gentoo.org> | 2024-08-21 09:39:47 +0200 |
commit | 1097635d14eeaaa52eeda75da3257a08c27bcf30 (patch) | |
tree | b06c1412b512249c72fd0c302c1637ffa4a2040f /mail-mta | |
parent | app-editors/helix: remove unused patch(es) (diff) | |
download | gentoo-1097635d14eeaaa52eeda75da3257a08c27bcf30.tar.gz gentoo-1097635d14eeaaa52eeda75da3257a08c27bcf30.tar.bz2 gentoo-1097635d14eeaaa52eeda75da3257a08c27bcf30.zip |
mail-mta/exim-4.97.1-r6: CVE-2024-39929
Bug: https://bugs.gentoo.org/938214
Signed-off-by: Fabian Groffen <grobian@gentoo.org>
Diffstat (limited to 'mail-mta')
-rw-r--r-- | mail-mta/exim/exim-4.97.1-r6.ebuild | 637 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch | 111 | ||||
-rw-r--r-- | mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch | 247 |
3 files changed, 995 insertions, 0 deletions
diff --git a/mail-mta/exim/exim-4.97.1-r6.ebuild b/mail-mta/exim/exim-4.97.1-r6.ebuild new file mode 100644 index 000000000000..fbc02d2e7b6f --- /dev/null +++ b/mail-mta/exim/exim-4.97.1-r6.ebuild @@ -0,0 +1,637 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +inherit db-use flag-o-matic toolchain-funcs pam systemd + +IUSE="arc berkdb +dane dcc +dkim dlfunc dmarc +dnsdb doc dovecot-sasl +dsn gdbm gnutls idn ipv6 ldap lmtp maildir mbx +mysql nis pam perl pkcs11 postgres +prdr proxy radius redis sasl selinux +socks5 spf sqlite srs +ssl syslog tdb tcpd +tpda X" +REQUIRED_USE=" + arc? ( dkim spf ) + dane? ( ssl !gnutls ) + !dane? ( ssl? ( gnutls ) ) + dmarc? ( dkim spf ) + dkim? ( ssl !gnutls ) + gnutls? ( ssl ) + pkcs11? ( ssl ) + || ( berkdb gdbm tdb ) +" +# NOTE on USE="gnutls dane", gnutls[dane] is masked in base, unmasked +# for x86 and amd64 only (probably due to unbound dep) +# Exim supports it but we cannot express the dep USE=dane when +# USE=gnutls is in effect only in package.use.mask, the only option we +# have left is to a) ignore the dependency (but that results in bug +# #661164) or b) mask the usage of USE=dane with USE=gnutls. Both are +# incorrect, but b) is the only "correct" view from dep-pointofview. +# Bug #925108 showed that DANE is basically non-optional with OpenSSL, +# so we make -dane mandatory to use gnutls. Bleh. +# We cannot express a required use for berkdb/gdbm/tdb correctly because +# berkdb and gdbm are both enabled in base profile + +SDIR=$([[ ${PV} == *_rc* ]] && echo /test + [[ ${PV} == *.*.*.* ]] && echo /fixes) +COMM_URI="https://downloads.exim.org/exim4${SDIR}" + +GPV="r0" +DESCRIPTION="A highly configurable, drop-in replacement for sendmail" +SRC_URI="${COMM_URI}/${P//_rc/-RC}.tar.xz + mirror://gentoo/system_filter.exim.gz + doc? ( ${COMM_URI}/${PN}-pdf-${PV//_rc/-RC}.tar.xz )" +HOMEPAGE="https://www.exim.org/" + +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +COMMON_DEPEND=">=sys-apps/sed-4.0.5 + dev-libs/libpcre2:= + tdb? ( sys-libs/tdb:= ) + !tdb? ( berkdb? ( >=sys-libs/db-3.2:= <sys-libs/db-6:= ) ) + !tdb? ( !berkdb? ( sys-libs/gdbm:= ) ) + idn? ( net-dns/libidn:= net-dns/libidn2:= ) + perl? ( dev-lang/perl:= ) + pam? ( sys-libs/pam ) + tcpd? ( sys-apps/tcp-wrappers ) + ssl? ( + gnutls? ( + net-libs/gnutls:0=[pkcs11?] + dev-libs/libtasn1 + ) + !gnutls? ( + dev-libs/openssl:0= + ) + ) + ldap? ( >=net-nds/openldap-2.0.7:= ) + elibc_glibc? ( + net-libs/libnsl:= + nis? ( + net-libs/libtirpc:= + >=net-libs/libnsl-1:= + ) + ) + mysql? ( dev-db/mysql-connector-c:= ) + postgres? ( dev-db/postgresql:= ) + sasl? ( >=dev-libs/cyrus-sasl-2.1.26-r2 ) + redis? ( dev-libs/hiredis:= ) + spf? ( >=mail-filter/libspf2-1.2.5-r1 ) + dmarc? ( mail-filter/opendmarc:= ) + X? ( + x11-libs/libX11 + x11-libs/libXmu + x11-libs/libXt + x11-libs/libXaw + ) + sqlite? ( dev-db/sqlite ) + radius? ( net-dialup/freeradius-client ) + virtual/libcrypt:= + virtual/libiconv + " + # added X check for #57206 +BDEPEND="virtual/pkgconfig" +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND} + !mail-mta/courier + !mail-mta/esmtp + !mail-mta/msmtp[mta] + !mail-mta/netqmail + !mail-mta/nullmailer + !mail-mta/postfix + !mail-mta/sendmail + !mail-mta/opensmtpd + !mail-mta/ssmtp[mta] + >=net-mail/mailbase-0.00-r5 + virtual/logger + dcc? ( mail-filter/dcc ) + selinux? ( sec-policy/selinux-exim ) + " + +S=${WORKDIR}/${P//_rc/-RC} + +src_prepare() { + # Legacy patches which need a respin for -p1 + eapply -p0 "${FILESDIR}"/exim-4.14-tail.patch + eapply -p0 "${FILESDIR}"/exim-4.74-radius-db-ENV-clash.patch # 287426 + eapply "${FILESDIR}"/exim-4.97-as-needed-ldflags.patch # 352265, 391279 + eapply -p0 "${FILESDIR}"/exim-4.76-crosscompile.patch # 266591 + eapply "${FILESDIR}"/exim-4.69-r1.27021.patch + eapply "${FILESDIR}"/exim-4.97-localscan_dlopen.patch + eapply "${FILESDIR}"/exim-4.97-no-exim_id_update.patch + eapply "${FILESDIR}"/exim-4.97.1-memory-usage-bug-3047.patch # 922780 + + eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part1.patch + eapply -p2 "${FILESDIR}"/exim-4.97.1-CVE-2024-39929-part2.patch + + # oddity, they disable berkdb as hack, and then throw an error when + # berkdb isn't enabled + sed -i \ + -e 's/_DB_/_DONTMESS_/' \ + -e 's/define DB void/define DONTMESS void/' \ + src/auths/call_radius.c || die + + if use maildir ; then + eapply "${FILESDIR}"/exim-4.94-maildir.patch + else + eapply -p0 "${FILESDIR}"/exim-4.80-spool-mail-group.patch # 438606 + fi + + eapply_user + + # user Exim believes it should be + MAILUSER=mail + MAILGROUP=mail + if use prefix && [[ ${EUID} != 0 ]] ; then + MAILUSER=$(id -un) + MAILGROUP=$(id -gn) + fi +} + +src_configure() { + # general config and paths + + local aliases="${EPREFIX}/etc/mail/aliases" + sed -i \ + -e "/SYSTEM_ALIASES_FILE/s'SYSTEM_ALIASES_FILE'${aliases}'" \ + src/configure.default || die + + sed -i -e 's/^buildname=.*/buildname=exim-gentoo/' Makefile || die + + if use elibc_musl; then + sed -i -e 's/^LIBS = -lnsl/LIBS =/g' OS/Makefile-Linux || die + append-cflags -DNO_EXECINFO + fi + + local conffile="${EPREFIX}/etc/exim/exim.conf" + sed -e "48i\CFLAGS=${CFLAGS}" \ + -e "s:BIN_DIRECTORY=/usr/exim/bin:BIN_DIRECTORY=${EPREFIX}/usr/sbin:" \ + -e "s;EXIM_USER=;EXIM_USER=ref:${MAILUSER};" \ + -e "s:CONFIGURE_FILE=.*$:CONFIGURE_FILE=${conffile}:" \ + -e "s:ZCAT_COMMAND=.*$:ZCAT_COMMAND=${EPREFIX}/bin/zcat:" \ + -e "s:COMPRESS_COMMAND=.*$:COMPRESS_COMMAND=${EPREFIX}/bin/gzip:" \ + src/EDITME > Local/Makefile || die + + # work on Local/Makefile from now on + cd Local + + cat >> Makefile <<- EOC + INFO_DIRECTORY=${EPREFIX}/usr/share/info + PID_FILE_PATH=${EPREFIX}/run/exim.pid + SPOOL_DIRECTORY=${EPREFIX}/var/spool/exim + HAVE_ICONV=yes + WITH_CONTENT_SCAN=yes + EOC + + # configure db implementation, Exim always needs one for its hints + # database, we prefer tdb and gdbm, since bdb is kind of getting + # less and less support + if use tdb ; then + cat >> Makefile <<- EOC + USE_TDB=yes + DBMLIB = -ltdb + EOC + sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die + sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die + elif use gdbm ; then + cat >> Makefile <<- EOC + USE_GDBM=yes + DBMLIB = -lgdbm + EOC + sed -i -e 's:^USE_DB=yes:# USE_DB=yes:' Makefile || die + sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die + else # must be berkdb via required_use + # use the "native" interfaces to the DBM and CDB libraries, support + # passwd and directory lookups by default + local DB_VERS="5.3 5.1 4.8 4.7 4.6 4.5 4.4 4.3 4.2 3.2" + cat >> Makefile <<- EOC + USE_DB=yes + # keep include in CFLAGS because exim.h -> dbstuff.h -> db.h + CFLAGS += -I$(db_includedir ${DB_VERS}) + DBMLIB = -l$(db_libname ${DB_VERS}) + EOC + sed -i -e 's:^USE_GDBM=yes:# USE_GDBM=yes:' Makefile || die + sed -i -e 's:^USE_TDB=yes:# USE_TDB=yes:' Makefile || die + fi + + # if we use libiconv, now is the time to tell so + if use !elibc_glibc && use !elibc_musl ; then + cat >> Makefile <<- EOC + EXTRALIBS_EXIM=-liconv + EOC + fi + + # support for IPv6 + if use ipv6; then + cat >> Makefile <<- EOC + HAVE_IPV6=YES + EOC + fi + + # support i18n/IDNA + if use idn; then + cat >> Makefile <<- EOC + SUPPORT_I18N=yes + SUPPORT_I18N_2008=yes + EXTRALIBS_EXIM += -lidn -lidn2 + EOC + fi + + # + # mail storage formats + # + + # mailstore is Exim's traditional storage format + cat >> Makefile <<- EOC + SUPPORT_MAILSTORE=yes + EOC + + # mbox + if use mbx; then + cat >> Makefile <<- EOC + SUPPORT_MBX=yes + EOC + fi + + # maildir + if use maildir; then + cat >> Makefile <<- EOC + SUPPORT_MAILDIR=yes + EOC + fi + + # + # lookup methods + # + + # support passwd and directory lookups by default + cat >> Makefile <<- EOC + LOOKUP_CDB=yes + LOOKUP_PASSWD=yes + LOOKUP_DSEARCH=yes + EOC + + if ! use dnsdb; then + # DNSDB lookup is enabled by default + sed -i -e 's:^LOOKUP_DNSDB=yes:# LOOKUP_DNSDB=yes:' Makefile || die + fi + + if use ldap; then + cat >> Makefile <<- EOC + LOOKUP_LDAP=yes + LDAP_LIB_TYPE=OPENLDAP2 + LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/ldap + LOOKUP_LIBS += -lldap -llber + EOC + fi + + if use mysql; then + cat >> Makefile <<- EOC + LOOKUP_MYSQL=yes + LOOKUP_INCLUDE += $(mysql_config --include) + LOOKUP_LIBS += $(mysql_config --libs) + EOC + fi + + if use nis; then + cat >> Makefile <<- EOC + LOOKUP_NIS=yes + LOOKUP_NISPLUS=yes + EOC + if use elibc_glibc ; then + cat >> Makefile <<- EOC + LOOKUP_INCLUDE += -I"${EPREFIX}"/usr/include/tirpc + LOOKUP_LIBS += -lnsl + EOC + fi + fi + + if use postgres; then + cat >> Makefile <<- EOC + LOOKUP_PGSQL=yes + LOOKUP_INCLUDE += -I$(pg_config --includedir) + LOOKUP_LIBS += -L$(pg_config --libdir) -lpq + EOC + fi + + if use sqlite; then + cat >> Makefile <<- EOC + LOOKUP_SQLITE=yes + LOOKUP_SQLITE_PC=sqlite3 + EOC + fi + + if use redis; then + cat >> Makefile <<- EOC + LOOKUP_REDIS=yes + LOOKUP_LIBS += -lhiredis + EOC + fi + + # Exim monitor, enabled by default, controlled via X USE-flag, + # disable if not requested, bug #46778 + if use X; then + cp ../exim_monitor/EDITME eximon.conf || die + cat >> Makefile <<- EOC + EXIM_MONITOR=eximon.bin + EOC + fi + + # + # features + # + + # DomainKeys Identified Mail, RFC4871 + if ! use dkim; then + # DKIM is enabled by default + cat >> Makefile <<- EOC + DISABLE_DKIM=yes + EOC + fi + + # Per-Recipient-Data-Response + if ! use prdr; then + # PRDR is enabled by default + cat >> Makefile <<- EOC + DISABLE_PRDR=yes + EOC + fi + + # Transport post-delivery actions + if use !tpda && use !dane; then + # EVENT is enabled by default + cat >> Makefile <<- EOC + DISABLE_EVENT=yes + EOC + fi + + # log to syslog + if use syslog; then + local eximlog="${EPREFIX}/var/log/exim/exim_%s.log" + sed -i \ + -e "s:LOG_FILE_PATH=${eximlog}:LOG_FILE_PATH=syslog:" \ + Makefile || die + cat >> Makefile <<- EOC + LOG_FILE_PATH=syslog + EOC + else + cat >> Makefile <<- EOC + LOG_FILE_PATH=${EPREFIX}/var/log/exim/exim_%s.log + EOC + fi + + # starttls support (ssl) + if use ssl; then + if use gnutls; then + echo "USE_GNUTLS=yes" >> Makefile + echo "USE_GNUTLS_PC=gnutls $(use dane && echo gnutls-dane)" \ + >> Makefile + use pkcs11 || echo "AVOID_GNUTLS_PKCS11=yes" >> Makefile + else + echo "USE_OPENSSL=yes" >> Makefile + echo "USE_OPENSSL_PC=openssl" >> Makefile + fi + else + echo "DISABLE_TLS=yes" >> Makefile + fi + + # TCP wrappers + if use tcpd; then + cat >> Makefile <<- EOC + USE_TCP_WRAPPERS=yes + EXTRALIBS_EXIM += -lwrap + EOC + fi + + # Light Mail Transport Protocol + if use lmtp; then + cat >> Makefile <<- EOC + TRANSPORT_LMTP=yes + EOC + fi + + # embedded Perl + if use perl; then + cat >> Makefile <<- EOC + EXIM_PERL=perl.o + EOC + fi + + # dlfunc + if use dlfunc; then + cat >> Makefile <<- EOC + EXPAND_DLFUNC=yes + HAVE_LOCAL_SCAN=yes + DLOPEN_LOCAL_SCAN=yes + EOC + fi + + # Proxy Protocol + if use proxy; then + cat >> Makefile <<- EOC + SUPPORT_PROXY=yes + EOC + fi + + # SOCKS5 (outbound) proxy support + if use socks5; then + cat >> Makefile <<- EOC + SUPPORT_SOCKS=yes + EOC + fi + + # DANE + if use !dane; then + # DANE is enabled by default + sed -i -e 's:^SUPPORT_DANE=yes:# SUPPORT_DANE=yes:' Makefile || die + fi + + # DMARC + if use dmarc; then + cat >> Makefile <<- EOC + SUPPORT_DMARC=yes + EXTRALIBS_EXIM += -lopendmarc + EOC + fi + + # Sender Policy Framework + if use spf; then + cat >> Makefile <<- EOC + SUPPORT_SPF=yes + EXTRALIBS_EXIM += -lspf2 + EOC + fi + + # + # experimental features + # + + # Authenticated Receive Chain + if use arc; then + echo "EXPERIMENTAL_ARC=yes">> Makefile + fi + + # Distributed Checksum Clearinghouse + if use dcc; then + echo "EXPERIMENTAL_DCC=yes">> Makefile + fi + + # Sender Rewriting Scheme + if use srs; then + # this one is the default/supported variant since 4.95, and the + # only variant available since 4.96 + cat >> Makefile <<- EOC + SUPPORT_SRS=yes + EOC + fi + + # Delivery Sender Notifications extra information in fail message + if use dsn; then + cat >> Makefile <<- EOC + EXPERIMENTAL_DSN_INFO=yes + EOC + fi + + # + # authentication (SMTP AUTH) + # + + # standard bits + cat >> Makefile <<- EOC + AUTH_SPA=yes + AUTH_CRAM_MD5=yes + AUTH_PLAINTEXT=yes + EOC + + # Cyrus SASL + if use sasl; then + cat >> Makefile <<- EOC + CYRUS_SASLAUTHD_SOCKET=${EPREFIX}/run/saslauthd/mux + AUTH_CYRUS_SASL=yes + AUTH_LIBS += -lsasl2 + EOC + fi + + # Dovecot + if use dovecot-sasl; then + cat >> Makefile <<- EOC + AUTH_DOVECOT=yes + EOC + fi + + # Pluggable Authentication Modules + if use pam; then + cat >> Makefile <<- EOC + SUPPORT_PAM=yes + AUTH_LIBS += -lpam + EOC + fi + + # Radius + if use radius; then + cat >> Makefile <<- EOC + RADIUS_CONFIG_FILE=${EPREFIX}/etc/radiusclient/radiusclient.conf + RADIUS_LIB_TYPE=RADIUSCLIENTNEW + AUTH_LIBS += -lfreeradius-client + EOC + fi +} + +src_compile() { + emake CC="$(tc-getCC)" HOSTCC="$(tc-getBUILD_CC)" \ + AR="$(tc-getAR) cq" RANLIB="$(tc-getRANLIB)" FULLECHO='' +} + +src_install() { + cd "${S}"/build-exim-gentoo || die + dosbin exim + if use X; then + dosbin eximon.bin + dosbin eximon + fi + fperms 4755 /usr/sbin/exim + + dosym exim /usr/sbin/sendmail + dosym exim /usr/sbin/rsmtp + dosym exim /usr/sbin/rmail + dosym ../sbin/exim /usr/bin/mailq + dosym ../sbin/exim /usr/bin/newaliases + dosym ../sbin/sendmail /usr/lib/sendmail + + for i in exicyclog exim_dbmbuild exim_dumpdb exim_fixdb exim_lock \ + exim_tidydb exinext exiwhat exigrep eximstats exiqsumm exiqgrep \ + convert4r3 convert4r4 exipick + do + dosbin $i + done + + dodoc -r "${S}"/doc/. + doman "${S}"/doc/exim.8 + use dsn && dodoc "${S}"/README.DSN + use doc && dodoc "${WORKDIR}"/${PN}-pdf-${PV//rc/RC}/doc/*.pdf + + # conf files + insinto /etc/exim + newins "${S}"/src/configure.default exim.conf.dist + doins "${WORKDIR}"/system_filter.exim + doins "${FILESDIR}"/auth_conf.sub + + if use pam; then + pamd_mimic system-auth exim auth account + fi + + # headers, #436406 + if use dlfunc ; then + # fixup includes so they actually can be found when including + sed -i \ + -e '/#include "\(config\|store\|mytypes\).h"/s:"\(.\+\)":<exim/\1>:' \ + local_scan.h || die + insinto /usr/include/exim + doins {config,local_scan}.h ../src/{mytypes,store}.h + fi + + insinto /etc/logrotate.d + newins "${FILESDIR}/exim.logrotate" exim + + newinitd "${FILESDIR}"/exim.rc10 exim + newconfd "${FILESDIR}"/exim.confd exim + + systemd_dounit \ + "${FILESDIR}"/{exim.service,exim.socket,exim-submission.socket} + systemd_newunit \ + "${FILESDIR}"/exim_at.service 'exim@.service' + systemd_newunit \ + "${FILESDIR}"/exim-submission_at.service 'exim-submission@.service' + + diropts -m 0750 -o ${MAILUSER} -g ${MAILGROUP} + keepdir /var/log/${PN} +} + +pkg_postinst() { + if [[ ! -f ${EROOT}/etc/exim/exim.conf ]] ; then + einfo "${EROOT}/etc/exim/system_filter.exim is a sample system_filter." + einfo "${EROOT}/etc/exim/auth_conf.sub contains the configuration sub" + einfo "for using smtp auth." + einfo "Please create ${EROOT}/etc/exim/exim.conf from" + einfo " ${EROOT}/etc/exim/exim.conf.dist." + fi + if use berkdb && ( use gdbm || use tdb ) ; then + ewarn "USE=berkdb is ignored because USE=gdbm or USE=tdb is enabled!" + fi + if use dmarc ; then + einfo "DMARC support requires ${EROOT}/etc/exim/opendmarc.tlds" + einfo "you can populate this file with the contents downloaded from" + einfo " https://publicsuffix.org/list/public_suffix_list.dat" + fi + if use dcc ; then + einfo "DCC support is experimental, you can find some limited" + einfo "documentation at the bottom of this prerelease message:" + einfo " http://article.gmane.org/gmane.mail.exim.devel/3579" + fi + use dsn && einfo "extra information in fail DSN message is experimental" + einfo + elog "Note that this release contains a tainted variable check that" + elog "is likely to break your configuration used with Exim 4.93 and before." + elog "Please check your transports for occurences of \$local_part, and" + elog "use a replacement like \$local_part_data where possible." +} diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch new file mode 100644 index 000000000000..e83a44abc986 --- /dev/null +++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part1.patch @@ -0,0 +1,111 @@ +patch reduced to code only + +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Mon, 1 Jul 2024 18:35:12 +0000 (+0100) +Subject: Fix MIME parsing of filenames specified using multiple parameters. Bug 3099 +X-Git-Tag: exim-4.98-RC3~2 +X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/6ce5c70cff89 + +Fix MIME parsing of filenames specified using multiple parameters. Bug 3099 +--- + +diff --git a/src/src/mime.c b/src/src/mime.c +index 975ddca85..5f9e1ade7 100644 +--- a/src/src/mime.c ++++ b/src/src/mime.c +@@ -587,10 +587,10 @@ while(1) + + while (*p) + { +- DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p); ++ DEBUG(D_acl) ++ debug_printf_indent("MIME: considering paramlist '%s'\n", p); + +- if ( !mime_filename +- && strncmpic(CUS"content-disposition:", header, 20) == 0 ++ if ( strncmpic(CUS"content-disposition:", header, 20) == 0 + && strncmpic(CUS"filename*", p, 9) == 0 + ) + { /* RFC 2231 filename */ +@@ -604,11 +604,12 @@ while(1) + + if (q && *q) + { +- uschar * temp_string, * err_msg; ++ uschar * temp_string, * err_msg, * fname = q; + int slen; + + /* build up an un-decoded filename over successive + filename*= parameters (for use when 2047 decode fails) */ ++/*XXX could grow a gstring here */ + + mime_fname_rfc2231 = string_sprintf("%#s%s", + mime_fname_rfc2231, q); +@@ -623,26 +624,32 @@ while(1) + /* look for a ' in the "filename" */ + while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ + +- if ((size = s-q) > 0) +- mime_filename_charset = string_copyn(q, size); ++ if (*s) /* there was a ' */ ++ { ++ if ((size = s-q) > 0) ++ mime_filename_charset = string_copyn(q, size); + +- if (*(p = s)) p++; +- while(*p == '\'') p++; /* p is after 2nd ' */ ++ if (*(fname = s)) fname++; ++ while(*fname == '\'') fname++; /* fname is after 2nd ' */ ++ } + } +- else +- p = q; + +- DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n", +- mime_filename_charset ? mime_filename_charset : US"<NULL>", p); ++ DEBUG(D_acl) ++ debug_printf_indent("MIME: charset %s fname '%s'\n", ++ mime_filename_charset ? mime_filename_charset : US"<NULL>", ++ fname); + +- temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen); +- DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string); ++ temp_string = rfc2231_to_2047(fname, mime_filename_charset, ++ &slen); ++ DEBUG(D_acl) ++ debug_printf_indent("MIME: 2047-name %s\n", temp_string); + + temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', +- NULL, &err_msg); +- DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string); ++ NULL, &err_msg); ++ DEBUG(D_acl) ++ debug_printf_indent("MIME: plain-name %s\n", temp_string); + +- if (!temp_string || (size = Ustrlen(temp_string)) == slen) ++ if (!temp_string || (size = Ustrlen(temp_string)) == slen) + decoding_failed = TRUE; + else + /* build up a decoded filename over successive +@@ -651,9 +658,9 @@ while(1) + mime_filename = mime_fname = mime_fname + ? string_sprintf("%s%s", mime_fname, temp_string) + : temp_string; +- } +- } +- } ++ } /*!decoding_failed*/ ++ } /*q*/ ++ } /*2231 filename*/ + + else + /* look for interesting parameters */ +@@ -682,7 +689,7 @@ while(1) + + + /* There is something, but not one of our interesting parameters. +- Advance past the next semicolon */ ++ Advance past the next semicolon */ + p = mime_next_semicolon(p); + if (*p) p++; + } /* param scan on line */ diff --git a/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch new file mode 100644 index 000000000000..f33e33598379 --- /dev/null +++ b/mail-mta/exim/files/exim-4.97.1-CVE-2024-39929-part2.patch @@ -0,0 +1,247 @@ +patch reduced to code only + +From: Jeremy Harris <jgh146exb@wizmail.org> +Date: Tue, 2 Jul 2024 13:41:19 +0000 (+0100) +Subject: MIME: support RFC 2331 for name=. Bug 3099 +X-Git-Tag: exim-4.98-RC3~1 +X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1b3209b0577a + +MIME: support RFC 2331 for name=. Bug 3099 +--- + +diff --git a/src/src/mime.c b/src/src/mime.c +index 5f9e1ade7..8044bb3fd 100644 +--- a/src/src/mime.c ++++ b/src/src/mime.c +@@ -30,10 +30,10 @@ static int mime_header_list_size = nelem(mime_header_list); + + static mime_parameter mime_parameter_list[] = { + /* name namelen value */ +- { US"name=", 5, &mime_filename }, +- { US"filename=", 9, &mime_filename }, +- { US"charset=", 8, &mime_charset }, +- { US"boundary=", 9, &mime_boundary } ++ { US"name", 4, &mime_filename }, ++ { US"filename", 8, &mime_filename }, ++ { US"charset", 7, &mime_charset }, ++ { US"boundary", 8, &mime_boundary } + }; + + +@@ -577,8 +577,8 @@ while(1) + if (*(p = q)) p++; /* jump past the ; */ + + { +- uschar * mime_fname = NULL; +- uschar * mime_fname_rfc2231 = NULL; ++ gstring * mime_fname = NULL; ++ gstring * mime_fname_rfc2231 = NULL; + uschar * mime_filename_charset = NULL; + BOOL decoding_failed = FALSE; + +@@ -590,90 +590,92 @@ while(1) + DEBUG(D_acl) + debug_printf_indent("MIME: considering paramlist '%s'\n", p); + +- if ( strncmpic(CUS"content-disposition:", header, 20) == 0 +- && strncmpic(CUS"filename*", p, 9) == 0 +- ) +- { /* RFC 2231 filename */ +- uschar * q; +- +- /* find value of the filename */ +- p += 9; +- while(*p != '=' && *p) p++; +- if (*p) p++; /* p is filename or NUL */ +- q = mime_param_val(&p); /* p now trailing ; or NUL */ +- +- if (q && *q) ++ /* look for interesting parameters */ ++ for (mime_parameter * mp = mime_parameter_list; ++ mp < mime_parameter_list + nelem(mime_parameter_list); ++ mp++ ++ ) if (strncmpic(mp->name, p, mp->namelen) == 0) ++ { ++ p += mp->namelen; ++ if (*p == '*') /* RFC 2231 */ + { +- uschar * temp_string, * err_msg, * fname = q; +- int slen; +- +- /* build up an un-decoded filename over successive +- filename*= parameters (for use when 2047 decode fails) */ +-/*XXX could grow a gstring here */ +- +- mime_fname_rfc2231 = string_sprintf("%#s%s", +- mime_fname_rfc2231, q); +- +- if (!decoding_failed) ++ while (isdigit(*++p)) ; /* ignore cont-cnt values */ ++ if (*p == '*') p++; /* step over sep chset mark */ ++ if (*p == '=') + { +- int size; +- if (!mime_filename_charset) ++ uschar * q; ++ p++; /* step over = */ ++ q = mime_param_val(&p); /* p now trailing ; or NUL */ ++ ++ if (q && *q) /* q is the dequoted value */ + { +- uschar * s = q; ++ uschar * err_msg, * fname = q; ++ int slen; ++ ++ /* build up an un-decoded filename over successive ++ filename*= parameters (for use when 2047 decode fails) */ + +- /* look for a ' in the "filename" */ +- while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ ++ mime_fname_rfc2231 = string_cat(mime_fname_rfc2231, q); + +- if (*s) /* there was a ' */ ++ if (!decoding_failed) + { +- if ((size = s-q) > 0) +- mime_filename_charset = string_copyn(q, size); +- +- if (*(fname = s)) fname++; +- while(*fname == '\'') fname++; /* fname is after 2nd ' */ +- } +- } +- +- DEBUG(D_acl) +- debug_printf_indent("MIME: charset %s fname '%s'\n", +- mime_filename_charset ? mime_filename_charset : US"<NULL>", +- fname); +- +- temp_string = rfc2231_to_2047(fname, mime_filename_charset, +- &slen); +- DEBUG(D_acl) +- debug_printf_indent("MIME: 2047-name %s\n", temp_string); +- +- temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', +- NULL, &err_msg); +- DEBUG(D_acl) +- debug_printf_indent("MIME: plain-name %s\n", temp_string); +- +- if (!temp_string || (size = Ustrlen(temp_string)) == slen) +- decoding_failed = TRUE; +- else +- /* build up a decoded filename over successive +- filename*= parameters */ +- +- mime_filename = mime_fname = mime_fname +- ? string_sprintf("%s%s", mime_fname, temp_string) +- : temp_string; +- } /*!decoding_failed*/ +- } /*q*/ +- } /*2231 filename*/ +- +- else +- /* look for interesting parameters */ +- for (mime_parameter * mp = mime_parameter_list; +- mp < mime_parameter_list + nelem(mime_parameter_list); +- mp++ +- ) if (strncmpic(mp->name, p, mp->namelen) == 0) +- { +- uschar * q; +- uschar * dummy_errstr; ++ if (!mime_filename_charset) ++ { /* try for RFC 2231 chset/lang */ ++ uschar * s = q; ++ ++ /* look for a ' in the raw paramval */ ++ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ ++ ++ if (*s) /* there was a ' */ ++ { ++ int size; ++ if ((size = s-q) > 0) ++ mime_filename_charset = string_copyn(q, size); ++ ++ if (*(fname = s)) fname++; ++ while(*fname == '\'') fname++; /*fname is after 2nd '*/ ++ } ++ } ++ ++ DEBUG(D_acl) ++ debug_printf_indent("MIME: charset %s fname '%s'\n", ++ mime_filename_charset ? mime_filename_charset : US"<NULL>", ++ fname); ++ ++ fname = rfc2231_to_2047(fname, mime_filename_charset, ++ &slen); ++ DEBUG(D_acl) ++ debug_printf_indent("MIME: 2047-name %s\n", fname); ++ ++ fname = rfc2047_decode(fname, FALSE, NULL, ' ', ++ NULL, &err_msg); ++ DEBUG(D_acl) debug_printf_indent( ++ "MIME: plain-name %s\n", fname); ++ ++ if (!fname || Ustrlen(fname) == slen) ++ decoding_failed = TRUE; ++ else if (mp->value == &mime_filename) ++ { ++ /* build up a decoded filename over successive ++ filename*= parameters */ ++ ++ mime_fname = string_cat(mime_fname, fname); ++ mime_filename = string_from_gstring(mime_fname); ++ } ++ } /*!decoding_failed*/ ++ } /*q*/ ++ ++ if (*p) p++; /* p is past ; */ ++ goto param_done; /* done matching param names */ ++ } /*2231 param coding extension*/ ++ } ++ else if (*p == '=') ++ { /* non-2231 param */ ++ uschar * q, * dummy_errstr; + + /* grab the value and copy to its expansion variable */ +- p += mp->namelen; ++ ++ if (*p) p++; /* step over = */ + q = mime_param_val(&p); /* p now trailing ; or NUL */ + + *mp->value = q && *q +@@ -684,26 +686,31 @@ while(1) + "MIME: found %s parameter in %s header, value '%s'\n", + mp->name, mh->name, *mp->value); + +- break; /* done matching param names */ ++ if (*p) p++; /* p is past ; */ ++ goto param_done; /* done matching param names */ + } +- ++ } /* interesting parameters */ + + /* There is something, but not one of our interesting parameters. + Advance past the next semicolon */ ++ + p = mime_next_semicolon(p); + if (*p) p++; +- } /* param scan on line */ ++ param_done: ++ } /* param scan on line */ + + if (strncmpic(CUS"content-disposition:", header, 20) == 0) + { +- if (decoding_failed) mime_filename = mime_fname_rfc2231; ++ if (decoding_failed) ++ mime_filename = string_from_gstring(mime_fname_rfc2231); + + DEBUG(D_acl) debug_printf_indent( + "MIME: found %s parameter in %s header, value is '%s'\n", + "filename", mh->name, mime_filename); + } + } +- } ++ break; ++ } /* interesting headers */ + + /* set additional flag variables (easier access) */ + if ( mime_content_type |