From c241cb12bb292e894e45f063f1a8ddb8a627371d Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Mon, 10 May 2021 03:17:25 +0100
Subject: [PATCH] exim: update to version 4.94.2

Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()

The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 mail/exim/Makefile                            |  6 ++---
 ...use-correct-printf-format-for-size-t.patch | 22 -------------------
 .../exim/patches/030-openssl-deprecated.patch |  4 ++--
 3 files changed, 5 insertions(+), 27 deletions(-)
 delete mode 100644 mail/exim/patches/020-use-correct-printf-format-for-size-t.patch

diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index c66d7d5c9..013d8a140 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=exim
-PKG_VERSION:=4.94
-PKG_RELEASE:=2
+PKG_VERSION:=4.94.2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://ftp.exim.org/pub/exim/exim4/
-PKG_HASH:=f77ee8faf04f5db793243c3ae81c1f4e452cd6ad7dd515a80edf755c4b144bdb
+PKG_HASH:=051861fc89f06205162f12129fb7ebfe473383bb6194bf8642952bfd50329274
 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 
 PKG_LICENSE:=GPL-2.0-or-later
diff --git a/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch b/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch
deleted file mode 100644
index 6dc3c1bf7..000000000
--- a/mail/exim/patches/020-use-correct-printf-format-for-size-t.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From: Daniel Golle <daniel@makrotopia.org>
-Date: Sun, 27 Dec 2020 15:03:22 +0000
-Subject: [PATCH] use correct printf format for size_t
-
-pdkim.c: In function 'check_bare_ed25519_pubkey':
-pdkim.c:1355:60: warning: format '%lu' expects argument of type 'long unsigned int', but argument 2 has type 'size_t' {aka 'unsigned int'} [-Wformat=]
-   DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len);
-                                                             ~~^     ~~~~~~~~~~
-                                                                                                                       %u
-Signed-off-by: Daniel Golle <daniel@makrotopia.org>
----
---- a/src/pdkim/pdkim.c
-+++ b/src/pdkim/pdkim.c
-@@ -1352,7 +1352,7 @@ check_bare_ed25519_pubkey(pdkim_pubkey *
- int excess = p->key.len - 32;
- if (excess > 0)
-   {
--  DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %lu\n", p->key.len);
-+  DEBUG(D_acl) debug_printf("DKIM: unexpected pubkey len %zu\n", p->key.len);
-   p->key.data += excess; p->key.len = 32;
-   }
- }
diff --git a/mail/exim/patches/030-openssl-deprecated.patch b/mail/exim/patches/030-openssl-deprecated.patch
index 38d2b0dd0..e890af2db 100644
--- a/mail/exim/patches/030-openssl-deprecated.patch
+++ b/mail/exim/patches/030-openssl-deprecated.patch
@@ -45,7 +45,7 @@
  X509_set_pubkey(x509, pkey);
  
  name = X509_get_subject_name(x509);
-@@ -3900,8 +3903,8 @@ fprintf(f, "Library version: OpenSSL: Co
+@@ -3897,8 +3900,8 @@ fprintf(f, "Library version: OpenSSL: Co
             "                          Runtime: %s\n"
             "                                 : %s\n",
             OPENSSL_VERSION_TEXT,
@@ -56,7 +56,7 @@
  /* third line is 38 characters for the %s and the line is 73 chars long;
  the OpenSSL output includes a "built on: " prefix already. */
  }
-@@ -3943,8 +3946,6 @@ if (pidnow != pidlast)
+@@ -3940,8 +3943,6 @@ if (pidnow != pidlast)
    is unique for each thread", this doesn't apparently apply across processes,
    so our own warning from vaguely_random_number_fallback() applies here too.
    Fix per PostgreSQL. */