Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: ex...@packages.debian.org Control: affects -1 + src:exim4
Please unblock package exim4 This fixes an initialzation error which caused a crash in the smtp transport. See https://bugs.exim.org/show_bug.cgi?id=2996 It is a one-line change, I have also removed garbage (unapplied patch) from debian/patches. cu Andreas unblock exim4/4.96-15 cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
diff -Nru exim4-4.96/debian/changelog exim4-4.96/debian/changelog --- exim4-4.96/debian/changelog 2023-02-04 13:33:50.000000000 +0100 +++ exim4-4.96/debian/changelog 2023-05-10 18:30:35.000000000 +0200 @@ -1,3 +1,12 @@ +exim4 (4.96-15) unstable; urgency=medium + + * Pull from upstream GIT master: + + 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch + Fix a crash in the smtp transport. + https://bugs.exim.org/show_bug.cgi?id=2996 + + -- Andreas Metzler <ametz...@debian.org> Wed, 10 May 2023 18:30:35 +0200 + exim4 (4.96-14) unstable; urgency=medium * Pull from upstream GIT master: diff -Nru exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch --- exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch 2022-12-04 08:02:50.000000000 +0100 +++ exim4-4.96/debian/patches/75_42-Fix-run-arg-parsing.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,99 +0,0 @@ -From 44b6e099b76f403a55e77650821f8a69e9d2682e Mon Sep 17 00:00:00 2001 -From: Jeremy Harris <jgh146...@wizmail.org> -Date: Sat, 3 Dec 2022 23:13:53 +0000 -Subject: [PATCH] Fix ${run } arg parsing - -Broken-by: cfe6acff2ddc ---- - doc/ChangeLog | 4 ++++ - src/expand.c | 13 ++++++++++--- - src/transport.c | 4 +++- - test/scripts/0000-Basic/0002 | 2 ++ - test/stdout/0002 | 2 ++ - 5 files changed, 21 insertions(+), 4 deletions(-) - ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -28,10 +28,14 @@ - JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96 - a capture group which obtained no text (eg. "(abc)*" matching zero - occurrences) could cause a segfault if the corresponding $<n> was - expanded. - -+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument -+ included a close-brace character (eg. it itself used an expansion) an -+ error occurred. -+ - - - Exim version 4.96 - ----------------- - ---- a/src/expand.c -+++ b/src/expand.c -@@ -5529,11 +5529,11 @@ - { - FILE * f; - const uschar * arg, ** argv; - BOOL late_expand = TRUE; - -- if ((expand_forbid & RDO_RUN) != 0) -+ if (expand_forbid & RDO_RUN) - { - expand_string_message = US"running a command is not permitted"; - goto EXPAND_FAILED; - } - -@@ -5561,16 +5561,23 @@ - } - s++; - - if (late_expand) /* this is the default case */ - { -- int n = Ustrcspn(s, "}"); -+ int n; -+ const uschar * t; -+ /* Locate the end of the args */ -+ (void) expand_string_internal(s, -+ ESI_BRACE_ENDS | ESI_HONOR_DOLLAR | ESI_SKIPPING, &t, NULL, NULL); -+ n = t - s; - arg = skipping ? NULL : string_copyn(s, n); - s += n; - } - else - { -+ DEBUG(D_expand) -+ debug_printf_indent("args string for ${run} expand before split\n"); - if (!(arg = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok))) - goto EXPAND_FAILED; - Uskip_whitespace(&s); - } - /*{*/ ---- a/src/transport.c -+++ b/src/transport.c -@@ -2187,10 +2187,12 @@ - BOOL allow_dollar_recipients = addr && addr->parent - && Ustrcmp(addr->parent->address, "system-filter") == 0; - - for (int i = 0; argv[i]; i++) - { -+ DEBUG(D_expand) debug_printf_indent("arg %d\n", i); -+ - /* Handle special fudge for passing an address list */ - - if (addr && - (Ustrcmp(argv[i], "$pipe_addresses") == 0 || - Ustrcmp(argv[i], "${pipe_addresses}") == 0)) -@@ -2361,11 +2363,11 @@ - } - else *errptr = msg; - return FALSE; - } - -- if ( f.running_in_test_harness && is_tainted(expanded_arg) -+ if ( f.running_in_test_harness && is_tainted(expanded_arg) - && Ustrcmp(etext, "queryprogram router") == 0) - { /* hack, would be good to not need it */ - DEBUG(D_transport) - debug_printf("SPECIFIC TESTSUITE EXEMPTION: tainted arg '%s'\n", - expanded_arg); diff -Nru exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch --- exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch 1970-01-01 01:00:00.000000000 +0100 +++ exim4-4.96/debian/patches/75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch 2023-05-10 18:30:35.000000000 +0200 @@ -0,0 +1,46 @@ +From a8786a66feb3c003c74551399b345b1634cc6739 Mon Sep 17 00:00:00 2001 +From: Jeremy Harris <jgh146...@wizmail.org> +Date: Thu, 4 May 2023 15:41:46 +0100 +Subject: [PATCH 1/3] Fix variable initialisation in smtp transport. Bug 2996 + +--- + doc/ChangeLog | 8 ++++++++ + src/transports/smtp.c | 2 +- + 2 files changed, 9 insertions(+), 1 deletion(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -54,10 +54,18 @@ JH/20 Fix TLSA lookups. Previously dns_ + + JH/23 Fix crash in string expansions. Previously, if an empty variable was + immediately followed by an expansion operator, a null-indirection read + was done, killing the process. + ++JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the ++ message being considered for delivery was already being handled by ++ another process, and having an SMTP connection already open, the function ++ to close it tried to use an uninitialized variable. This would afftect ++ high-volume sites more, especially when running mailing-list-style loads. ++ Pollution of logs was the major effect, as the other process delivered ++ the message. Found and partly investigated by Graeme Fowler. ++ + + Exim version 4.96 + ----------------- + + JH/01 Move the wait-for-next-tick (needed for unique message IDs) from +--- a/src/transports/smtp.c ++++ b/src/transports/smtp.c +@@ -4950,11 +4950,11 @@ Returns: nothing + void + smtp_transport_closedown(transport_instance *tblock) + { + smtp_transport_options_block * ob = SOB tblock->options_block; + client_conn_ctx cctx; +-smtp_context sx; ++smtp_context sx = {0}; + uschar buffer[256]; + uschar inbuffer[4096]; + uschar outbuffer[16]; + + /*XXX really we need an active-smtp-client ctx, rather than assuming stdout */ diff -Nru exim4-4.96/debian/patches/series exim4-4.96/debian/patches/series --- exim4-4.96/debian/patches/series 2023-02-04 13:30:26.000000000 +0100 +++ exim4-4.96/debian/patches/series 2023-05-10 18:30:35.000000000 +0200 @@ -30,4 +30,5 @@ 75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch 75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch 75_66-Fix-crash-in-expansions.patch +75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch 90_localscan_dlopen.dpatch
signature.asc
Description: PGP signature
