* use username/group 'exim' instead of mail
* register configuration file
* make sure /usr/lib/exim/lookups exists
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ship default configuration /etc/exim/exim.conf as well as
a simple procd init script. Enable building with LMTP for better
integration with dovecot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use configure --with-mailpath=/var/mail instead of letting it guess the
value base on the host path. If configure can't find it, the package
will fail to build. The path was taken from the current bot build.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
ChangeLog:
- IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as script
name argument.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Add Exim MTA variants:
* exim
plain variant without any TLS library which hence comes
without TLS, DANE and DKIM.
* exim-openssl
linked against libopenssl
* exim-gnutls
linked against libgnutls
* exim-ldap
linked against libopenssl, libopenldap and libsasl2
Provide packages for lookup modules
* cdb
* dbmdb
* dnsdb
* json (depends on jansson)
* mysql (depends on libmariadb)
* passwd
* pgsql (depends on libpq)
* redis (depends on libhiredis)
* sqlite (depends on libsqlite3)
Note:
As gnutls requires libunbound which depends on libopenssl to provide
libgnutls-dane, disable DANE by default when building with gnutls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Pass TARGET_[C/LD]FLAGS to reduce filesize.
Fix glibc compilation by adding lresolv.
Remove uClibc-ng patch as that's now gone.
Refreshed other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Refreshed patches and removed upstreamed ones.
Switched main URL and removed others. None of them have the proper
file. The first actually has a bad one. The changed URL is from the
official website.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This fixes an error in the previous package when building against recent
OpenWrt releases:
In file included from /builder/shared-workdir/build/sdk/staging_dir/target-x86_64_musl/usr/include/dovecot/lib.h:50,
from ext-variables-common.c:4:
ext-variables-common.c: In function 'ext_variables_load':
ext-variables-common.c:91:14: error: expected ')' before 'PRIuSIZE_T'
"(>= %"PRIuSIZE_T" bytes)",
Signed-off-by: W. Michael Petullo <mike@flyn.org>
The package Makefile contains a PKG_BUILD_DEPENDS=libiconv
line, which apart from being incorrect if libiconv-full is
specified in the build configuration, is also unnecessary,
since the package Makefile already includes nls.mk which
sets PKG_BUILD_DEPENDS appropriately.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
This version of mailman will cease to function once Python 2 is removed
from the feed. There does not appear to be any interest in updating this
package to a current version that uses Python 3.
This package will be added to the abandoned packages feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Switch to standard tarballs. Remove autoreconf as a result.
Simplify NLS and IPv6 handling. Removed options are default.
Remove upstreamed patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
I am upstream for msmtp-scripts and have decided to abandon the project. Therefore
remove msmtp-scripts from OpenWrt -- there is already msmtp-queue which is 'good enough'
for the use cases where msmtp-scripts had any relevance.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
tinycdb now installs a shared lib alongside the static archive. postfix
will use the shared lib, hence this commit updates the dependency.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Daniel Golle
Rosen Penev
Josef Schlehofer
Eneas U de Queiroz
Alexander Ryzhov
Ilya Lipnitskiy
Florian Eckert
Phil Eichinger
W. Michael Petullo
Jan Pavlinec
Dirk Brenken
Ian Cooper
Lucian Cristian
Jeffery To
Daniel F. Dickinson
Sebastian Kemper