Fixes CVE-2019-15846: Local or remote attacker can execute programs with
root privileges
For details, see the advisory:
https://exim.org/static/doc/security/CVE-2019-15846.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2019-13917:
http://www.exim.org/static/doc/security/CVE-2019-13917.txtd185889f47
added new code to "Prebuild the data structure for builtin macros".
This function needs a host-built binary called macro_predef, it depends
on host-berkeleydb, host-pcre and optionally on host-openssl.
With an openssl-enabled exim the host build of macro_predef will fail
if host-openssl is missing:
/usr/bin/gcc -DMACRO_PREDEF macro_predef.c
In file included from hash.h:14,
from exim.h:485,
from macro_predef.c:11:
sha_ver.h:37:12: fatal error: openssl/ssl.h: No such file or directory
because macro_predef also has the an optional dependency on openssl:
https://github.com/Exim/exim/blob/exim-4.92%2Bfixes/src/src/macro_predef.c#L130
Removed patches applied upstream:
0004: 98913c8ea2
0005: cf3cd30606
0007: 7ea1237c78 (diff-58af16fe62ea674adf1730edc078d175R6243)
Added patch to fix uClibc build.
Added license hash, switched _SITE to https.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper
validation of recipient address in deliver_message() function in
src/deliver.c may lead to remote command execution.
For more details, see the advisory:
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the exim package was added, it included a template for the
build-time configuration file Local/Makefile in the package directory.
In commit 8956779d5d (exim: use a more standard build-time
configuration), this template file was replaced with the EDITME
template file included in the exim sources. However, that commit did
not remove Buildroot's Local-Makefile.
Since this file is no longer used, remove it.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
glibc now considers its built-in libnsl as being obsolete, and requires
passing --enable-obsolete-libnsl to have it built and installed. libnsl
is now provided as a separate project [1], but it isn't packaged yet in
Buildroot.
In preparation for dropping --enable-obsolete-libnsl from the glibc
package, this commit ensures that exim doesn't use libnsl. It was
already the case for uclibc and musl toolchains, so this commit simply
extends that to make sure libnsl is also not used with glibc toolchains.
Only Exim's nis.so and nisplus.so lookup modules require libnsl,
but they are not build by default. So we can safely remove -lnsl
from the Makefile-Linux. If someone want these modules, a new libnsl
package must be added first to provide nsl library.
Since we remove -lnsl unconditionally, use a patch instead of a sed command.
[1] https://github.com/thkukuk/libnsl.git
[2] https://fedoraproject.org/wiki/Changes/NISIPv6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The existing patch 0001-Build-buildconfig-for-the-host.patch changes
the exim build system to use the host compiler to build the
"buildconfig" program instead of the cross-compiler.
However, it still uses $(LIBS) which lists the target libraries to
link with, which shouldn't be used. Since buildconfig doesn't use any
library beyond the C library, we can simply drop using $(LIBS).
This will fix build failures of exim on Fedora 28, where libnsl is no
longer provided by the C library, causing build failures such as:
/usr/bin/gcc buildconfig.c
/usr/bin/ld: cannot find -lnsl
Fixes:
http://autobuild.buildroot.net/results/ac78fe18657558b3c12c03c08bf1081d7c06ca85/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent. A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.
Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No features are added or removed. This release contains
just a fix for CVE-2016-9963
- Fix CVE-2016-9963 - Info leak from DKIM. When signing DKIM, if
either LMTP or PRDR was used for delivery, the key could appear in
logs. Additionally, if the experimental feature "DSN_INFO" was used,
it could appear in DSN messages (and be sent offsite).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following the removal of eglibc support, this commit replaces all
occurences of "(e)glibc" by just "glibc". Most of the occurences are in
package Config.in comments.
In addition, when the form "an (e)glibc ..." was used, it is replaced by
"a glibc ...".
[Peter: add new efi* packages, s/uclibc/uClibc as suggested by Romain,
systemd / liquid-dsp tweaks as suggested by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-1531 - All installations having Exim set-uid root and using
'perl_startup' are vulnerable to a local privilege escalation. Any user
who can start an instance of Exim (and this is normally *any* user) can
gain root privileges. If you do not use 'perl_startup' you *should* be
safe.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
smtp_in.c: In function ‘smtp_start_session’:
smtp_in.c:1976:36: error: invalid application of ‘sizeof’ to incomplete type ‘struct options’
EXIM_SOCKLEN_T optlen = sizeof(struct ip_options) + MAX_IPOPTLEN;
smtp_in.c misdetects the needed style for ip_options, only OPTSTYLE == 2 works.
Since musl does not provide any macro[1] to detect it we need to pretend to be
darwin in order to fix the compile bug.
[1] http://wiki.musl-libc.org/wiki/FAQ#Q:_why_is_there_no_MUSL_macro_.3F
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Luca: simplify by using only one sed invocation]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Otherwise the link would appear broken in output/target it's not that
big a deal but at least it's coherent with what we already have.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Only (e)glibc provides libnsl, uclibc provides only a stub, and musl
doesn't implement it at all.
Fixes compilation using this defconfig
BR2_arm=y
BR2_cortex_a7=y
BR2_STATIC_LIBS=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_OPENSSL=y
BR2_PACKAGE_EXIM=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This uClibc toolchain does not provide an appropriate uClibc
configuration for Buildroot: missing IPv6, missing nsl stub, missing
program invocation, etc. Therefore, we mark it as broken, waiting for
a new upstream release of a new toolchain.
We keep around the toolchain-external Synopsys code anyway, since it
will most likely be identical for the new toolchain version. However,
we remove all the quirks that were introduced to start work around
issues related to this toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also add TARGET_MAKE_ENV to EXIM_BUILD_CMDS to enable access to our pkg-config.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Since a while, the semantic of BR2_PREFER_STATIC_LIB has been changed
from "prefer static libraries when possible" to "use only static
libraries". The former semantic didn't make much sense, since the user
had absolutely no control/idea of which package would use static
libraries, and which packages would not. Therefore, for quite some
time, we have been starting to enforce that BR2_PREFER_STATIC_LIB
should really build everything with static libraries.
As a consequence, this patch renames BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS, and adjust the Config.in option accordingly.
This also helps preparing the addition of other options to select
shared, shared+static or just static.
Note that we have verified that this commit can be reproduced by
simply doing a global rename of BR2_PREFER_STATIC_LIB to
BR2_STATIC_LIBS plus adding BR2_PREFER_STATIC_LIB to Config.in.legacy.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS as per the manual example.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2014-2972 - prevent double expansion in math comparison
functions (can expand unsanitized data).
Also rename patches according to patch naming policy.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The current implementation causes troubles with the autobuilders when they
set BR2_PACKAGE_EXIM_CUSTOM_CONFIG=y, because in these cases
BR2_PACKAGE_EXIM_CUSTOM_CONFIG_FILE is empty, and this is a configuration
error.
Solve the problem by entirely reomving the BR2_PACKAGE_EXIM_CUSTOM_CONFIG
boolean knob. Activation of the custon configuration file is now detected by
the fact that BR2_PACKAGE_EXIM_CUSTOM_CONFIG_FILE is non-empty.
Fixes:
http://autobuild.buildroot.org/results/0db/0db54c555f6c7e635ebf99f86b3f91dc31e441f0/
[Thomas: slightly improve commit log.]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: bernd.kuhls@t-online.de
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
exim has lots of options configurable before the build process. It's not
useful to have all of them exposed in Buildroot, yet users may need to tweak
them.
Allow the user to pass an entire configuration file to make exim totally
reconfigurable without bloating the Buildroot menus.
[Thomas: remove "for exim" from Config.in options prompts.]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump exim to get an urgent security fix.
We should not be impacted, since we're not building with DMARC (where
the flaw is), but better safe than sorry.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Luca Ceresoli <luca@lucaceresoli.net>
Acked-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes http://autobuild.buildroot.net/results/0a3/0a392087878f80a70435981856455a30152b684d/
When building static, we need to tell exim that it needs to link
statically (obviously), and that it should link against pthreads.
Yet, exim is still not happy with that, as it still wants to build
something (a version-related program) at install time, so we need
to replicate the ld flags at install time.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Buildroot currently ships a very minimal build configuration file for exim,
which disables most optional features. This is not coherent with the runtime
configuration file, taken verbatim from the exim distribution, which enables
some of these features.
The visible symptom is an error during boot that prevents exim from starting:
Exim configuration error in line 541 of /etc/exim/configure:
router dnslookup: cannot find router driver "dnslookup"
In order to fix this problem, we change the way exim is configured at build
time. Instead of blindly copying a minimal Buildroot-provided configuration
file, we now copy the exim-provided one and then tweak it to change the needed
options. This actually makes the configuration closer to standard exim.
As the amount of tweaking is remarkable, we also define a few macros to make
it easier and more readable.
This new approach was suggested by Bernd Kuhls.
Reported-By: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Thomas:
- use $(INSTALL) instead of install
- add AR and RANLIB variables in the local makefiles, so that the
cross toolchain ar and ranlib utilities are used instead of the
native ones.
- move the init script initialization to the EXIM_INSTALL_INIT_SYSV
variable.
- Use parenthesis instead of curly braces to reference TARGET_DIR.]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>