[packages/exim] Up to 4.99
arekm
arekm at pld-linux.org
Tue Oct 28 15:18:05 CET 2025
commit a8f4d988dce5dc26b14b7f34dd969a3a2cfc648a
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Tue Oct 28 15:17:51 2025 +0100
Up to 4.99
90_localscan_dlopen.dpatch | 5 +-
autoreply-return-path.patch | 17 +--
branch.sh | 4 +-
exim-spam-timeout.patch | 9 +-
exim.spec | 27 +++--
exim4-EDITME.patch | 20 ++--
gcc15.patch | 254 --------------------------------------------
linelength-show.patch | 15 ---
unofficial-hotfix.patch | 115 --------------------
9 files changed, 39 insertions(+), 427 deletions(-)
---
diff --git a/exim.spec b/exim.spec
index 19d3af2..d5d2e2d 100644
--- a/exim.spec
+++ b/exim.spec
@@ -21,15 +21,15 @@ Summary: University of Cambridge Mail Transfer Agent
Summary(pl.UTF-8): Agent Transferu Poczty Uniwersytetu w Cambridge
Summary(pt_BR.UTF-8): Servidor de correio eletrônico exim
Name: exim
-Version: 4.98.2
-Release: 3
+Version: 4.99
+Release: 1
Epoch: 2
License: GPL v2+
Group: Networking/Daemons/SMTP
-Source0: ftp://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.bz2
-# Source0-md5: d77f25be77fed6296fa5792d0cea425e
-Source1: ftp://ftp.exim.org/pub/exim/exim4/%{name}-html-%{version}.tar.bz2
-# Source1-md5: f5f5e1115f595f73d312e2d77e271055
+Source0: https://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.bz2
+# Source0-md5: 66b3c16e64bb62bc372369f201ea5c40
+Source1: https://ftp.exim.org/pub/exim/exim4/%{name}-html-%{version}.tar.bz2
+# Source1-md5: 1347946146a59c7e871d8bd49889b98d
Source2: %{name}.init
Source3: %{name}.cron.db
Source4: %{name}4.conf
@@ -48,7 +48,7 @@ Source15: %{name}4-smtp.pamd
Source16: %{name}on.png
# sh branch.sh
Patch100: %{name}-git.patch
-# Patch100-md5: 7fef441251ecbc00567ae8ba75d9c96c
+# Patch100-md5: d41d8cd98f00b204e9800998ecf8427e
Patch0: %{name}4-EDITME.patch
Patch1: %{name}4-monitor-EDITME.patch
Patch2: %{name}4-cflags.patch
@@ -58,11 +58,9 @@ Patch4: %{name}4-Makefile-Default.patch
Patch5: 90_localscan_dlopen.dpatch
# local fixes for debian patch
Patch6: 90_localscan_dlopen-fixes.dpatch
-Patch7: linelength-show.patch
+
Patch8: %{name}-spam-timeout.patch
Patch9: autoreply-return-path.patch
-Patch10: unofficial-hotfix.patch
-Patch11: gcc15.patch
URL: http://www.exim.org/
%{?with_sasl:BuildRequires: cyrus-sasl-devel >= 2.1.0}
BuildRequires: db-devel
@@ -184,11 +182,9 @@ Pliki nagłówkowe dla Exima.
%patch -P4 -p1
%patch -P5 -p1
%patch -P6 -p1
-%patch -P7 -p1
+
%patch -P8 -p1
%patch -P9 -p2
-%patch -P10 -p2
-%patch -P11 -p2
install %{SOURCE4} exim4.conf
install %{SOURCE14} doc/config.samples.tar.bz2
@@ -205,7 +201,9 @@ EXPERIMENTAL_ARC=yes
EXPERIMENTAL_DCC=yes
EXPERIMENTAL_PRDR=yes
EXPERIMENTAL_DSN_INFO=yes
+EXPERIMENTAL_NMH=yes
EXPERIMENTAL_QUEUEFILE=yes
+#EXPERIMENTAL_SPF_PERL=yes
EXPERIMENTAL_XCLIENT=yes
SUPPORT_DANE=yes
SUPPORT_I18N=yes
@@ -295,7 +293,7 @@ install -d $RPM_BUILD_ROOT%{_libdir}/%{name}/modules
install build-Linux-*/exim{,_fixdb,_tidydb,_dbmbuild,on.bin,_dumpdb,_lock} \
build-Linux-*/exi{cyclog,next,what} %{SOURCE10} \
- build-Linux-*/{exigrep,exiqgrep,exipick,eximstats,exim_msgdate,exiqsumm,convert4r4} \
+ build-Linux-*/{exigrep,exiqgrep,exipick,eximstats,exim_msgdate,exiqsumm} \
util/unknownuser.sh \
$RPM_BUILD_ROOT%{_bindir}
install build-Linux-*/eximon.bin $RPM_BUILD_ROOT%{_bindir}
@@ -388,7 +386,6 @@ fi
%attr(755,root,root) %{_bindir}/exiqsumm
%attr(755,root,root) %{_bindir}/unknownuser.sh
%attr(755,root,root) %{_bindir}/newaliases
-%attr(755,root,root) %{_bindir}/convert4r4
%attr(755,root,root) %{_sbindir}/mailq
%attr(755,root,root) %{_sbindir}/rmail
%attr(755,root,root) %{_sbindir}/rsmtp
diff --git a/90_localscan_dlopen.dpatch b/90_localscan_dlopen.dpatch
index 83d5f82..01eb96a 100644
--- a/90_localscan_dlopen.dpatch
+++ b/90_localscan_dlopen.dpatch
@@ -294,14 +294,13 @@ Last-Update: 2023-09-09
extern int recipients_count; /* Number of recipients */
extern recipient_item *recipients_list;/* List of recipient addresses */
extern const unsigned char *sender_address; /* Sender address */
-@@ -245,6 +249,8 @@ extern uschar * string_copy_taint_functi
- extern pid_t child_open_exim_function(int *, const uschar *);
- extern pid_t child_open_exim2_function(int *, uschar *, uschar *, const uschar *);
+@@ -253,5 +253,7 @@ extern pid_t child_open_exim2_functio
extern pid_t child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *);
#endif
+#pragma GCC visibility pop
+
+ #endif /* whole file */
/* End of local_scan.h */
--- a/src/readconf.c
+++ b/src/readconf.c
diff --git a/autoreply-return-path.patch b/autoreply-return-path.patch
index 4b18c7d..b4265fc 100644
--- a/autoreply-return-path.patch
+++ b/autoreply-return-path.patch
@@ -2,14 +2,15 @@ diff --git a/src/src/transports/autoreply.c b/src/src/transports/autoreply.c
index 211e32810..ddf241c7b 100644
--- a/src/src/transports/autoreply.c
+++ b/src/src/transports/autoreply.c
-@@ -271,6 +271,7 @@ uschar *logfile, *oncelog;
- uschar *cache_buff = NULL;
- uschar *cache_time = NULL;
- uschar *message_id = NULL;
-+uschar *ar_return_path = NULL;
- header_line *h;
- time_t now = time(NULL);
- time_t once_repeat_sec = 0;
+@@ -274,7 +274,7 @@ EXIM_DB * dbm_file = NULL;
+ BOOL file_expand, return_message;
+ const uschar * from, * reply_to, * to, * cc, * bcc, * subject, * headers;
+ const uschar * text, * file, * logfile, * oncelog;
+-uschar * cache_buff = NULL, * cache_time = NULL, * message_id = NULL;
++uschar * cache_buff = NULL, * cache_time = NULL, * message_id = NULL, * ar_return_path = NULL;
+ header_line * h;
+ time_t now = time(NULL), once_repeat_sec = 0;
+ FILE * ff = NULL, * fp;
@@ -564,8 +565,11 @@ if (file)
}
diff --git a/branch.sh b/branch.sh
index e15b242..e559860 100755
--- a/branch.sh
+++ b/branch.sh
@@ -1,8 +1,8 @@
#!/bin/sh
set -e
-url=git://git.exim.org/exim.git
+url=https://code.exim.org/exim/exim.git
package=exim
-tag=exim-4.98
+tag=exim-4.99
#branch=exim-4.97+fixes
branch=master
out=$package-git.patch
diff --git a/exim-spam-timeout.patch b/exim-spam-timeout.patch
index 67eb22a..937ccc4 100644
--- a/exim-spam-timeout.patch
+++ b/exim-spam-timeout.patch
@@ -1,12 +1,11 @@
---- exim-4.86/src/spam.c~ 2015-07-23 23:20:37.000000000 +0200
-+++ exim-4.86/src/spam.c 2015-07-29 10:41:57.918864020 +0200
-@@ -344,7 +344,7 @@ start = time(NULL);
+--- exim-4.99/src/spam.c~ 2025-10-27 14:16:13.000000000 +0100
++++ exim-4.99/src/spam.c 2025-10-28 15:09:54.413387339 +0100
+@@ -315,7 +315,7 @@ start = time(NULL);
for (;;)
{
/*XXX could potentially use TFO early-data here */
- if ( (spamd_cctx.sock = ip_streamsocket(sd->hostspec, &errstr, 5, NULL)) >= 0
+ if ( (spamd_cctx.sock = ip_streamsocket(sd->hostspec, &errstr, 15, NULL)) >= 0
- || sd->retry <= 0
+ || sd->retry == 0
)
break;
-
diff --git a/exim4-EDITME.patch b/exim4-EDITME.patch
index 9f69c6d..63c2d05 100644
--- a/exim4-EDITME.patch
+++ b/exim4-EDITME.patch
@@ -130,9 +130,9 @@
#------------------------------------------------------------------------------
# Uncommenting this option disables the use of the -D command line option,
-@@ -752,18 +753,18 @@ FIXED_NEVER_USERS=root
- # included in the Exim binary. You will then need to set up the run time
- # configuration to make use of the mechanism(s) selected.
+@@ -880,18 +880,18 @@ TRUSTED_CONFIG_LIST=/etc/exim/trusted_co
+ # core exim build. This gets them linked with the module instead.
+ # The heimdal does build but we have no test coverage so it is not know to work.
-# AUTH_CRAM_MD5=yes
+AUTH_CRAM_MD5=yes
@@ -199,15 +199,15 @@
#------------------------------------------------------------------------------
# Compiling in support for embedded Perl: If you want to be able to
-@@ -968,7 +983,7 @@ ZCAT_COMMAND=/usr/bin/zcat
- # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
+@@ -1100,7 +1100,7 @@ ZCAT_COMMAND=/bin/zcat
# Perl costs quite a lot of resources. Only do this if you really need it.
+ #
-# EXIM_PERL=perl.o
+EXIM_PERL=perl.o
-
- #------------------------------------------------------------------------------
+ # For a dynamic module build add also SUPPORT_PERL=2 and SUPPORT_PAM_(INCLUED,LIBS)
+ #SUPPORT_PERL=2
@@ -978,7 +993,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
@@ -217,9 +217,9 @@
#------------------------------------------------------------------------------
-@@ -988,11 +1003,12 @@ ZCAT_COMMAND=/usr/bin/zcat
- # support, which is intended for use in conjunction with the SMTP AUTH
- # facilities, is included only when requested by the following setting:
+@@ -1127,11 +1127,12 @@ EXPAND_DLFUNC=yes
+ #
+ # For a dynamic module build add SUPPORT_PAM=2 and SUPPORT_PAM_LIBS=-lpam
-# SUPPORT_PAM=yes
+SUPPORT_PAM=yes
diff --git a/gcc15.patch b/gcc15.patch
deleted file mode 100644
index 3eb67f2..0000000
--- a/gcc15.patch
+++ /dev/null
@@ -1,254 +0,0 @@
-@@ -, +, @@
----
- src/exim_monitor/em_StripChart.c | 86 ++++++++++++++++++++------------
- src/exim_monitor/em_TextPop.c | 17 ++++---
- 2 files changed, 66 insertions(+), 37 deletions(-)
---- a/src/exim_monitor/em_StripChart.c
-+++ a/src/exim_monitor/em_StripChart.c
-@@ -71,18 +71,25 @@ static XtResource resources[] = {
-
- #undef offset
-
- /* Added argument types to these to shut picky compilers up. PH */
-
--static void CreateGC(StripChartWidget, unsigned int);
--static void DestroyGC(StripChartWidget, unsigned int);
--static void Initialize(), Destroy(), Redisplay();
-+static void CreateGC(StripChartWidget w, unsigned int which);
-+static void DestroyGC(StripChartWidget w, unsigned int which);
-+
-+static void Initialize (Widget greq, Widget gnew, ArgList unused_Arglist,
-+ Cardinal* unused_Cardinal);
-+static void Destroy (Widget gw);
-+static void Redisplay( Widget w, XEvent *event, Region region);
- static void MoveChart(StripChartWidget, Boolean);
--static void SetPoints(StripChartWidget);
--static Boolean SetValues();
-+static void SetPoints(StripChartWidget w);
-+static Boolean SetValues (Widget current, Widget request, Widget new,
-+ ArgList unused_Arglist,
-+ Cardinal* unused_Cardinal
-+ );
-
--int repaint_window(StripChartWidget, int, int); /* PH hack */
-+int repaint_window(StripChartWidget w, int left, int width); /* PH hack */
- /* static int repaint_window(); */
-
- StripChartClassRec stripChartClassRec = {
- { /* core fields */
- /* superclass */ (WidgetClass) &simpleClassRec,
-@@ -130,23 +137,27 @@ WidgetClass mystripChartWidgetClass = (WidgetClass) &stripChartClassRec;
- *
- * Private Procedures
- *
- ****************************************************************/
-
--static void draw_it();
-+static void
-+draw_it(XtPointer client_data,
-+XtIntervalId *id /* unused */
-+);
-
- /* Function Name: CreateGC
- * Description: Creates the GC's
- * Arguments: w - the strip chart widget.
- * which - which GC's to create.
- * Returns: none
- */
-
- static void
--CreateGC(w, which)
--StripChartWidget w;
--unsigned int which;
-+CreateGC(
-+StripChartWidget w,
-+unsigned int which
-+)
- {
- XGCValues myXGCV;
-
- if (which & FOREGROUND) {
- myXGCV.foreground = w->strip_chart.fgpixel;
-@@ -165,24 +176,29 @@ unsigned int which;
- * which - which GC's to destroy.
- * Returns: none
- */
-
- static void
--DestroyGC(w, which)
--StripChartWidget w;
--unsigned int which;
-+DestroyGC(
-+StripChartWidget w,
-+unsigned int which
-+)
- {
- if (which & FOREGROUND)
- XtReleaseGC((Widget) w, w->strip_chart.fgGC);
-
- if (which & HIGHLIGHT)
- XtReleaseGC((Widget) w, w->strip_chart.hiGC);
- }
-
- /* ARGSUSED */
--static void Initialize (greq, gnew)
-- Widget greq, gnew;
-+static void Initialize (
-+ Widget greq,
-+ Widget gnew,
-+ ArgList unused_Arglist,
-+ Cardinal* unused_Cardinal
-+ )
- {
- StripChartWidget w = (StripChartWidget)gnew;
-
- if (w->strip_chart.update > 0)
- w->strip_chart.interval_id = XtAppAddTimeOut(
-@@ -196,12 +212,13 @@ static void Initialize (greq, gnew)
- w->strip_chart.max_value = 0.0;
- w->strip_chart.points = NULL;
- SetPoints(w);
- }
-
--static void Destroy (gw)
-- Widget gw;
-+static void Destroy (
-+ Widget gw
-+ )
- {
- StripChartWidget w = (StripChartWidget)gw;
-
- if (w->strip_chart.update > 0)
- XtRemoveTimeOut (w->strip_chart.interval_id);
-@@ -215,14 +232,15 @@ static void Destroy (gw)
- * events, but since this is not easily supported until R4 I am
- * going to hold off until then.
- */
-
- /* ARGSUSED */
--static void Redisplay(w, event, region)
-- Widget w;
-- XEvent *event;
-- Region region;
-+static void Redisplay(
-+ Widget w,
-+ XEvent *event,
-+ Region region
-+ )
- {
- if (event->type == GraphicsExpose)
- (void) repaint_window ((StripChartWidget)w, event->xgraphicsexpose.x,
- event->xgraphicsexpose.width);
- else
-@@ -230,13 +248,13 @@ static void Redisplay(w, event, region)
- event->xexpose.width);
- }
-
- /* ARGSUSED */
- static void
--draw_it(client_data, id)
--XtPointer client_data;
--XtIntervalId *id; /* unused */
-+draw_it(XtPointer client_data,
-+XtIntervalId *id /* unused */
-+)
- {
- StripChartWidget w = (StripChartWidget)client_data;
- double value;
-
- if (w->strip_chart.update > 0)
-@@ -301,13 +319,15 @@ XtIntervalId *id; /* unused */
- * largest data point.
- */
-
- /* static int */
- int /* PH hack */
--repaint_window(w, left, width)
--StripChartWidget w;
--int left, width;
-+repaint_window(
-+StripChartWidget w,
-+int left,
-+int width
-+)
- {
- register int i, j;
- register int next = w->strip_chart.interval;
- int scale = w->strip_chart.scale;
- int scalewidth = 0;
-@@ -429,12 +449,15 @@ MoveChart(StripChartWidget w, Boolean blit)
- }
- return;
- }
-
- /* ARGSUSED */
--static Boolean SetValues (current, request, new)
-- Widget current, request, new;
-+static Boolean SetValues (
-+ Widget current, Widget request, Widget new,
-+ ArgList unused_Arglist,
-+ Cardinal* unused_Cardinal
-+ )
- {
- StripChartWidget old = (StripChartWidget)current;
- StripChartWidget w = (StripChartWidget)new;
- Boolean ret_val = FALSE;
- unsigned int new_gc = NO_GCS;
-@@ -476,12 +499,13 @@ static Boolean SetValues (current, request, new)
- */
-
- #define HEIGHT ( (unsigned int) w->core.height)
-
- static void
--SetPoints(w)
--StripChartWidget w;
-+SetPoints(
-+StripChartWidget w
-+)
- {
- XPoint * points;
- Cardinal size;
- int i;
-
---- a/src/exim_monitor/em_TextPop.c
-+++ a/src/exim_monitor/em_TextPop.c
-@@ -92,12 +92,16 @@ static void PopdownSearch(Widget, XtPointer, XtPointer);
- static void InitializeSearchWidget(struct SearchAndReplace *,
- XawTextScanDirection, Boolean);
- static void SetResource(Widget, char *, XtArgVal);
- static void SetSearchLabels(struct SearchAndReplace *, String, String,
- Boolean);
--static Widget CreateDialog(Widget, String, String,
-- void (*)(Widget, char *, Widget));
-+static Widget
-+CreateDialog(
-+ Widget parent,
-+ String ptr, String name,
-+ void (*func)(Widget form, String ptr, Widget parent)
-+ );
- static Widget GetShell(Widget);
- static void SetWMProtocolTranslations(Widget w);
- static Boolean DoSearch(struct SearchAndReplace *);
- static String GetString(Widget);
-
-@@ -635,14 +639,15 @@ XEvent *event;
- * ptr - the initial string for the dialog's text widget.
- * parent - the parent of the dialog - the main text widget.
- */
-
- static Widget
--CreateDialog(parent, ptr, name, func)
--Widget parent;
--String ptr, name;
--void (*func)();
-+CreateDialog(
-+ Widget parent,
-+ String ptr, String name,
-+ void (*func)(Widget form, String ptr, Widget parent)
-+ )
- {
- Widget popup, form;
- Arg args[5];
- Cardinal num_args;
-
---
diff --git a/linelength-show.patch b/linelength-show.patch
deleted file mode 100644
index 19b8765..0000000
--- a/linelength-show.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/src/transports/smtp.c b/src/transports/smtp.c
-index 59abb9ef8..ad648755f 100644
---- a/src/transports/smtp.c
-+++ b/src/transports/smtp.c
-@@ -5059,7 +5053,8 @@ if (max_received_linelength > ob->message_linelength_limit)
- addr->transport_return = PENDING_DEFER;
-
- set_errno_nohost(addrlist, ERRNO_SMTPFORMAT,
-- US"message has lines too long for transport", FAIL, TRUE, &now);
-+ string_sprintf("message has lines too long for transport (received line length %d while limit is %d)",
-+ max_received_linelength, ob->message_linelength_limit), FAIL, TRUE, &now);
- goto END_TRANSPORT;
- }
-
-
diff --git a/unofficial-hotfix.patch b/unofficial-hotfix.patch
deleted file mode 100644
index b8eab75..0000000
--- a/unofficial-hotfix.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-Date: Sun, 1 Oct 2023 11:33:26 +0200
-To: exim-dev at lists.exim.org
-From: Florian Zumbiehl via Exim-dev <exim-dev at lists.exim.org>
-
-Hi,
-
-below you find a patch that fixes some (probably three?) of what I guess are
-the vulnerabilities reported by ZDI.
-
-Please note that the patch is only mildly tested, it is developed based on
-the git master branch, but can be applied to older versions with minor
-massaging. If you go back far enough, proxy.c was part of smtp_in.c, but if
-you adjust for that, the patch can be made to apply there, too.
-
-Obviously, I have no idea whether this actually addresses what ZDI has
-reported, but if not, these probably should be fixed, too, and if so, given
-the fact that I managed to rather easily find these vulnerabilities based
-on the information that's publicly available, I don't think there is much
-point to trying to keep this secret any longer--if anything, it's
-counterproductive.
-
-Also mind you that this is a hot fix, it's neither elegant, nor does it do
-any useful error reporting, the goal was simply to prevent out of bounds
-accesses.
-
-Florian
-
----
-
-diff --git a/src/src/auths/external.c b/src/src/auths/external.c
-index 078aad0..54966e6 100644
---- a/src/src/auths/external.c
-+++ b/src/src/auths/external.c
-@@ -101,6 +101,9 @@ if (expand_nmax == 0) /* skip if rxd data */
- if ((rc = auth_prompt(CUS"")) != OK)
- return rc;
-
-+if (expand_nmax != 1)
-+ return FAIL;
-+
- if (ob->server_param2)
- {
- uschar * s = expand_string(ob->server_param2);
-diff --git a/src/src/proxy.c b/src/src/proxy.c
-index fbce111..8dd7034 100644
---- a/src/src/proxy.c
-+++ b/src/src/proxy.c
-@@ -93,6 +93,8 @@ while (capacity > 0)
- do { ret = read(fd, to, 1); } while (ret == -1 && errno == EINTR && !had_command_timeout);
- if (ret == -1)
- return -1;
-+ if (!ret)
-+ break;
- have++;
- if (last)
- return have;
-@@ -254,6 +256,8 @@ if ((ret == PROXY_INITIAL_READ) && (memcmp(&hdr.v2, v2sig, sizeof(v2sig)) == 0))
- goto proxyfail;
- }
-
-+ if (ret < 16)
-+ goto proxyfail;
- /* The v2 header will always be 16 bytes per the spec. */
- size = 16 + ntohs(hdr.v2.len);
- DEBUG(D_receive) debug_printf("Detected PROXYv2 header, size %d (limit %d)\n",
-@@ -274,7 +278,7 @@ if ((ret == PROXY_INITIAL_READ) && (memcmp(&hdr.v2, v2sig, sizeof(v2sig)) == 0))
- {
- retmore = read(fd, (uschar*)&hdr + ret, size-ret);
- } while (retmore == -1 && errno == EINTR && !had_command_timeout);
-- if (retmore == -1)
-+ if (retmore < 1)
- goto proxyfail;
- DEBUG(D_receive) proxy_debug(US &hdr, ret, ret + retmore);
- ret += retmore;
-@@ -297,6 +301,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig, 12) == 0)
- switch (hdr.v2.fam)
- {
- case 0x11: /* TCPv4 address type */
-+ if (ret < 28)
-+ goto proxyfail;
- iptype = US"IPv4";
- tmpaddr.sin_addr.s_addr = hdr.v2.addr.ip4.src_addr;
- inet_ntop(AF_INET, &tmpaddr.sin_addr, CS &tmpip, sizeof(tmpip));
-@@ -323,6 +329,8 @@ if (ret >= 16 && memcmp(&hdr.v2, v2sig, 12) == 0)
- proxy_external_port = tmpport;
- goto done;
- case 0x21: /* TCPv6 address type */
-+ if (ret < 52)
-+ goto proxyfail;
- iptype = US"IPv6";
- memmove(tmpaddr6.sin6_addr.s6_addr, hdr.v2.addr.ip6.src_addr, 16);
- inet_ntop(AF_INET6, &tmpaddr6.sin6_addr, CS &tmpip6, sizeof(tmpip6));
-@@ -381,10 +389,13 @@ else if (ret >= 8 && memcmp(hdr.v1.line, "PROXY", 5) == 0)
- goto proxyfail;
- ret += r2;
-
-+ if(ret > 107)
-+ goto proxyfail;
-+ hdr.v1.line[ret] = 0;
- p = string_copy(hdr.v1.line);
- end = memchr(p, '\r', ret - 1);
-
-- if (!end || (end == (uschar*)&hdr + ret) || end[1] != '\n')
-+ if (!end || end[1] != '\n')
- {
- DEBUG(D_receive) debug_printf("Partial or invalid PROXY header\n");
- goto proxyfail;
-
---
-## subscription configuration (requires account):
-## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
-## unsubscribe (doesn't require an account):
-## exim-dev-unsubscribe at lists.exim.org
-## Exim details at http://www.exim.org/
-## Please use the Wiki with this list - http://wiki.exim.org/
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/exim.git/commitdiff/a8f4d988dce5dc26b14b7f34dd969a3a2cfc648a
More information about the pld-cvs-commit
mailing list