Commit Graph

38 Commits

Author SHA1 Message Date
Peter Korsgaard
8343069e2c exim: add upstream security fix
Fixes the following security issue:

CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent.  A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.

Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-02-20 09:04:53 +01:00
Jerzy Grzegorek
7c42b5f381 package/exim: change tarball compression to xz
Signed-off-by: Jerzy Grzegorek <jerzy.m.grzegorek@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-12-08 23:49:18 +01:00
Bernd Kuhls
06473084f4 package/exim: security bump to version 4.89.1
Fixes CVE-2017-16943 & CVE-2017-16944:
https://lists.exim.org/lurker/message/20171128.215505.79ea8efa.en.html

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-29 21:42:06 +01:00
Luca Ceresoli
54fd9482e9 exim: fix help text format
Warning reported by check-package.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-30 23:20:02 +02:00
Rahul Bedarkar
af31c309e7 boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.

This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:16:38 +02:00
Bernd Kuhls
d791e9101c package/exim: bump version to 4.89
Rebased patch #0003, added uClibc compatibility patch.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-12 14:19:50 +01:00
Peter Korsgaard
62f0195119 exim: security bump to 4.87.1
No features are added or removed. This release contains
just a fix for CVE-2016-9963

    - Fix CVE-2016-9963 - Info leak from DKIM.  When signing DKIM, if
      either LMTP or PRDR was used for delivery, the key could appear in
      logs.  Additionally, if the experimental feature "DSN_INFO" was used,
      it could appear in DSN messages (and be sent offsite).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-27 10:34:36 +01:00
Thomas Petazzoni
416fd9cd13 Replace (e)glibc by glibc
Following the removal of eglibc support, this commit replaces all
occurences of "(e)glibc" by just "glibc". Most of the occurences are in
package Config.in comments.

In addition, when the form "an (e)glibc ..." was used, it is replaced by
"a glibc ...".

[Peter: add new efi* packages, s/uclibc/uClibc as suggested by Romain,
        systemd / liquid-dsp tweaks as suggested by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-06-28 22:19:22 +02:00
Bernd Kuhls
eb5e6738ef package/exim: bump version to 4.87
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-04-08 22:09:03 +02:00
Gustavo Zacarias
42a499664d exim: security bump to version 4.86.2
Fixes:
CVE-2016-1531 - All installations having Exim set-uid root and using
'perl_startup' are vulnerable to a local privilege escalation. Any user
who can start an instance of Exim (and this is normally *any* user) can
gain root privileges. If you do not use 'perl_startup' you *should* be
safe.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-03 15:06:37 +01:00
Maxime Hadjinlian
0f75b2635e package: Replace 'echo -n' by 'printf'
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.

This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-04 00:56:41 +02:00
Bernd Kuhls
14c4100f44 package/exim: bump version to 4.86
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-08-01 10:16:06 +02:00
Bernd Kuhls
20f2627c4c package/exim: Fix compilation error with musl
Fixes
smtp_in.c: In function ‘smtp_start_session’:
smtp_in.c:1976:36: error: invalid application of ‘sizeof’ to incomplete type ‘struct options’
     EXIM_SOCKLEN_T optlen = sizeof(struct ip_options) + MAX_IPOPTLEN;

smtp_in.c misdetects the needed style for ip_options, only OPTSTYLE == 2 works.
Since musl does not provide any macro[1] to detect it we need to pretend to be
darwin in order to fix the compile bug.

[1] http://wiki.musl-libc.org/wiki/FAQ#Q:_why_is_there_no_MUSL_macro_.3F

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Luca: simplify by using only one sed invocation]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-26 15:09:08 +02:00
Maxime Hadjinlian
03663adb82 package: Fix source path for systemd's service
Otherwise the link would appear broken in output/target it's not that
big a deal but at least it's coherent with what we already have.

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-13 22:27:39 +02:00
Alex Suykov
b52d96ab4e exim: systemd support
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-13 19:05:23 +02:00
Bernd Kuhls
00e98e69b4 package/exim: use libnsl only with glibc
Only (e)glibc provides libnsl, uclibc provides only a stub, and musl
doesn't implement it at all.

Fixes compilation using this defconfig

    BR2_arm=y
    BR2_cortex_a7=y
    BR2_STATIC_LIBS=y
    BR2_TOOLCHAIN_EXTERNAL=y
    BR2_PACKAGE_OPENSSL=y
    BR2_PACKAGE_EXIM=y

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-30 23:07:15 +02:00
Mirko Langisch
41793eabfd exim: enable plaintext and cram-md5 authenticators
Fixes #8126

Signed-off-by: Mirko Langisch <pud@nerdpunx.net>
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-21 23:22:53 +02:00
Thomas Petazzoni
cd3c00fbc0 toolchain-external: mark Synopsys toolchain as broken
This uClibc toolchain does not provide an appropriate uClibc
configuration for Buildroot: missing IPv6, missing nsl stub, missing
program invocation, etc. Therefore, we mark it as broken, waiting for
a new upstream release of a new toolchain.

We keep around the toolchain-external Synopsys code anyway, since it
will most likely be identical for the new toolchain version. However,
we remove all the quirks that were introduced to start work around
issues related to this toolchain.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-05-01 11:13:54 +02:00
Bernd Kuhls
ea501c3b3c package/exim: Add optional OpenSSL support
Also add TARGET_MAKE_ENV to EXIM_BUILD_CMDS to enable access to our pkg-config.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-12 19:38:49 +02:00
Bernd Kuhls
c6cf848cab package/exim: fix build error with external arc toolchain due to missing libnsl
Fixes
http://autobuild.buildroot.net/results/331/331ed781b422448205fb9e7c9730ec0c438d6306/
http://autobuild.buildroot.net/results/402/402d64965ac7ac6e1d4e1990080394958802fe8c/
http://autobuild.buildroot.net/results/960/9605bac2972d3e3d3fb91947ae6921e89210247b/
http://autobuild.buildroot.net/results/6b6/6b61ea80a3a6dcead233c4b408eba8b8d647e841/

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-29 14:14:05 +02:00
Peter Korsgaard
298cd8eaa2 package/*: rename patches according to the new policy
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-03 14:52:56 +01:00
Bernd Kuhls
469b7765d2 package/exim: bump version to 4.85, add hash
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-01-14 22:16:24 +01:00
Thomas Petazzoni
665e13c85e Rename BR2_PREFER_STATIC_LIB to BR2_STATIC_LIBS
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.

As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.

This also helps preparing the addition of other options to select
shared, shared+static or just static.

Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
2014-12-11 22:48:13 +01:00
Maxime Hadjinlian
dd44b94312 package/*/*.mk: Fix indent
Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS  as per the manual example.

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-08 23:03:45 +01:00
Bernd Kuhls
af96cc2e32 package/exim: Add ClamAV support
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-11-01 15:54:34 +01:00
Bernd Kuhls
ee6789f0cd package/exim: Add support for SMTP AUTH through Dovecot
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-30 22:30:06 +01:00
Peter Korsgaard
5aedb8be68 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-01 15:22:07 +02:00
Thomas Petazzoni
c1ef53ed7e exim: requires thread support
Fixes:

  http://autobuild.buildroot.net/results/98a1acb58665e6cd2df354fc63afef1d4606c6e0/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-08-29 09:59:32 +02:00
Bernd Kuhls
e723b8313f package/exim: Bump version to 4.84
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-08-11 22:52:50 +02:00
Gustavo Zacarias
80cfab8fde exim: security bump to version 4.83
Fixes CVE-2014-2972 - prevent double expansion in math comparison
functions (can expand unsanitized data).
Also rename patches according to patch naming policy.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-04 21:38:27 +02:00
Luca Ceresoli
50f8fbbf05 exim: get rid of the convert the custom config file boolean knob
The current implementation causes troubles with the autobuilders when they
set BR2_PACKAGE_EXIM_CUSTOM_CONFIG=y, because in these cases
BR2_PACKAGE_EXIM_CUSTOM_CONFIG_FILE is empty, and this is a configuration
error.

Solve the problem by entirely reomving the BR2_PACKAGE_EXIM_CUSTOM_CONFIG
boolean knob. Activation of the custon configuration file is now detected by
the fact that BR2_PACKAGE_EXIM_CUSTOM_CONFIG_FILE is non-empty.

Fixes:
  http://autobuild.buildroot.org/results/0db/0db54c555f6c7e635ebf99f86b3f91dc31e441f0/

[Thomas: slightly improve commit log.]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: bernd.kuhls@t-online.de
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-16 19:47:56 +02:00
Luca Ceresoli
a27c0117a4 exim: allow using a custom configuration file
exim has lots of options configurable before the build process. It's not
useful to have all of them exposed in Buildroot, yet users may need to tweak
them.

Allow the user to pass an entire configuration file to make exim totally
reconfigurable without bloating the Buildroot menus.

[Thomas: remove "for exim" from Config.in options prompts.]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-15 21:29:13 +02:00
Yann E. MORIN
413174e6fb package/exim: security bump
Bump exim to get an urgent security fix.

We should not be impacted, since we're not building with DMARC (where
the flaw is), but better safe than sorry.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-28 23:28:57 +02:00
Yann E. MORIN
bf22cea53f package/exim: fix static linking
Fixes http://autobuild.buildroot.net/results/0a3/0a392087878f80a70435981856455a30152b684d/

When building static, we need to tell exim that it needs to link
statically (obviously), and that it should link against pthreads.

Yet, exim is still not happy with that, as it still wants to build
something (a version-related program) at install time, so we need
to replicate the ld flags at install time.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-28 09:59:32 +02:00
Thomas De Schampheleire
9f8399c32a package .mk files: use 80 # signs in header
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-01 22:32:37 +02:00
Luca Ceresoli
8956779d5d exim: use a more standard build-time configuration
Buildroot currently ships a very minimal build configuration file for exim,
which disables most optional features. This is not coherent with the runtime
configuration file, taken verbatim from the exim distribution, which enables
some of these features.

The visible symptom is an error during boot that prevents exim from starting:

  Exim configuration error in line 541 of /etc/exim/configure:
    router dnslookup: cannot find router driver "dnslookup"

In order to fix this problem, we change the way exim is configured at build
time. Instead of blindly copying a minimal Buildroot-provided configuration
file, we now copy the exim-provided one and then tweak it to change the needed
options. This actually makes the configuration closer to standard exim.
As the amount of tweaking is remarkable, we also define a few macros to make
it easier and more readable.

This new approach was suggested by Bernd Kuhls.

Reported-By: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-12 17:42:10 +02:00
Yann E. MORIN
9ee5c166b8 package/exim: uses fork(), needs an MMU
Fixes:
    http://autobuild.buildroot.net/results/95d/95ddd8e9be96f3808612db02642d72cfe77b3c26/

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Romain Naour<romain.naour@openwide.fr>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-04-08 00:55:15 +02:00
Luca Ceresoli
7439694833 exim: new package
[Thomas:
 - use $(INSTALL) instead of install
 - add AR and RANLIB variables in the local makefiles, so that the
   cross toolchain ar and ranlib utilities are used instead of the
   native ones.
 - move the init script initialization to the EXIM_INSTALL_INIT_SYSV
   variable.
 - Use parenthesis instead of curly braces to reference TARGET_DIR.]

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-05 18:31:51 +02:00