Support for exim is added by the services/exim module in the SELinux
refpolicy.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When using ccache to build the exim package, the HOSTCC value contains
spaces, that are incorrectly interpreted by exim's Makefilei, which uses
the first word of ${CC} to test compiler options. This breaks the build
with "unrecognized option" ccache errors.
Fix that by wrapping the HOSTCC variable in double quotes, as it is done
for other variables that follow.
Signed-off-by: Alejandro González <alejandro.gonzalez.correo@gmail.com>
[yann.morin.1998@free.fr: slight rewording of commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Parallel make used to be broken in exim, as reported in its docs. Now that
line has disappeared from the docs, and parallel make is actually working.
Tested with 'make exim-dirclean ; time make BR2_JLEVEL=999 exim': builds
still succeed and the build time decreases from 34 to 11 seconds on my
host.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
By default, exim stores its PID file in /var/spool/exim, and its log
file in /var/spool/exim/log, but it makes a lot more sense to have the
logs in /var/log/exim and the PID file in /var/run/exim.
Using binary name subdirectory in both cases allows for the use of
systemd's LogsDirectory and RuntimeDirectory statements
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
modern versions of exim are installed into sbin not bin
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
exim builds some files during the 'make install' step, and these fail with
an error:
lookups/lf_quote.c:49:3: error: 'for' loop initial declarations are only allowed in C99 mode
for (int j = 0; j < vlength; j++)
^
Fix by passing the -std=c99 here, as it is already passed in the build
step.
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Building with the Sourcery CodeBench ARM 2014.05 the build fails with this
error:
>>> exim_dbmbuild utility built
.../buildroot/output/host/bin/arm-none-linux-gnueabi-gcc -DEXIM_DUMPDB exim_dbutil.c
exim_dbutil.c: In function 'main':
exim_dbutil.c:568:1: error: 'for' loop initial declarations are only allowed in C99 mode
for (uschar * key = dbfn_scan(dbm, TRUE, &cursor);
^
exim_dbutil.c:568:1: note: use option -std=c99 or -std=gnu99 to compile your code
exim_dbutil.c:630:2: error: 'for' loop initial declarations are only allowed in C99 mode
for (int i = 1; i <= wait->count; i++)
^
exim_dbutil.c:642:6: error: 'for' loop initial declarations are only allowed in C99 mode
for (int j = 0; j < MESSAGE_ID_LENGTH; j++)
^
Fix by enforcing C99. This completes commit
2c692e81a8 ("package/exim: fix host build")
to also fix target builds.
Fixes: http://autobuild.buildroot.net/results/6b7e08090f5f0f2627cc3e89b349c2052b6e3116/
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
[Install] section of the unit does
The fix removes the soflinking in the .mk file
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Fixes CVE-2019-15846: Local or remote attacker can execute programs with
root privileges
For details, see the advisory:
https://exim.org/static/doc/security/CVE-2019-15846.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2019-13917:
http://www.exim.org/static/doc/security/CVE-2019-13917.txtd185889f47
added new code to "Prebuild the data structure for builtin macros".
This function needs a host-built binary called macro_predef, it depends
on host-berkeleydb, host-pcre and optionally on host-openssl.
With an openssl-enabled exim the host build of macro_predef will fail
if host-openssl is missing:
/usr/bin/gcc -DMACRO_PREDEF macro_predef.c
In file included from hash.h:14,
from exim.h:485,
from macro_predef.c:11:
sha_ver.h:37:12: fatal error: openssl/ssl.h: No such file or directory
because macro_predef also has the an optional dependency on openssl:
https://github.com/Exim/exim/blob/exim-4.92%2Bfixes/src/src/macro_predef.c#L130
Removed patches applied upstream:
0004: 98913c8ea2
0005: cf3cd30606
0007: 7ea1237c78 (diff-58af16fe62ea674adf1730edc078d175R6243)
Added patch to fix uClibc build.
Added license hash, switched _SITE to https.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper
validation of recipient address in deliver_message() function in
src/deliver.c may lead to remote command execution.
For more details, see the advisory:
https://www.exim.org/static/doc/security/CVE-2019-10149.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the exim package was added, it included a template for the
build-time configuration file Local/Makefile in the package directory.
In commit 8956779d5d (exim: use a more standard build-time
configuration), this template file was replaced with the EDITME
template file included in the exim sources. However, that commit did
not remove Buildroot's Local-Makefile.
Since this file is no longer used, remove it.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
glibc now considers its built-in libnsl as being obsolete, and requires
passing --enable-obsolete-libnsl to have it built and installed. libnsl
is now provided as a separate project [1], but it isn't packaged yet in
Buildroot.
In preparation for dropping --enable-obsolete-libnsl from the glibc
package, this commit ensures that exim doesn't use libnsl. It was
already the case for uclibc and musl toolchains, so this commit simply
extends that to make sure libnsl is also not used with glibc toolchains.
Only Exim's nis.so and nisplus.so lookup modules require libnsl,
but they are not build by default. So we can safely remove -lnsl
from the Makefile-Linux. If someone want these modules, a new libnsl
package must be added first to provide nsl library.
Since we remove -lnsl unconditionally, use a patch instead of a sed command.
[1] https://github.com/thkukuk/libnsl.git
[2] https://fedoraproject.org/wiki/Changes/NISIPv6
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The existing patch 0001-Build-buildconfig-for-the-host.patch changes
the exim build system to use the host compiler to build the
"buildconfig" program instead of the cross-compiler.
However, it still uses $(LIBS) which lists the target libraries to
link with, which shouldn't be used. Since buildconfig doesn't use any
library beyond the C library, we can simply drop using $(LIBS).
This will fix build failures of exim on Fedora 28, where libnsl is no
longer provided by the C library, causing build failures such as:
/usr/bin/gcc buildconfig.c
/usr/bin/ld: cannot find -lnsl
Fixes:
http://autobuild.buildroot.net/results/ac78fe18657558b3c12c03c08bf1081d7c06ca85/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes the following security issue:
CVE-2018-6789: Meh Chang discovered a buffer overflow flaw in a utility
function used in the SMTP listener of Exim, a mail transport agent. A
remote attacker can take advantage of this flaw to cause a denial of
service, or potentially the execution of arbitrary code via a specially
crafted message.
Dropped ChangeLog hunk and adjusted file path of upstream commit so it
applies to tarball.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.
This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
No features are added or removed. This release contains
just a fix for CVE-2016-9963
- Fix CVE-2016-9963 - Info leak from DKIM. When signing DKIM, if
either LMTP or PRDR was used for delivery, the key could appear in
logs. Additionally, if the experimental feature "DSN_INFO" was used,
it could appear in DSN messages (and be sent offsite).
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Following the removal of eglibc support, this commit replaces all
occurences of "(e)glibc" by just "glibc". Most of the occurences are in
package Config.in comments.
In addition, when the form "an (e)glibc ..." was used, it is replaced by
"a glibc ...".
[Peter: add new efi* packages, s/uclibc/uClibc as suggested by Romain,
systemd / liquid-dsp tweaks as suggested by Yann]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-1531 - All installations having Exim set-uid root and using
'perl_startup' are vulnerable to a local privilege escalation. Any user
who can start an instance of Exim (and this is normally *any* user) can
gain root privileges. If you do not use 'perl_startup' you *should* be
safe.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes
smtp_in.c: In function ‘smtp_start_session’:
smtp_in.c:1976:36: error: invalid application of ‘sizeof’ to incomplete type ‘struct options’
EXIM_SOCKLEN_T optlen = sizeof(struct ip_options) + MAX_IPOPTLEN;
smtp_in.c misdetects the needed style for ip_options, only OPTSTYLE == 2 works.
Since musl does not provide any macro[1] to detect it we need to pretend to be
darwin in order to fix the compile bug.
[1] http://wiki.musl-libc.org/wiki/FAQ#Q:_why_is_there_no_MUSL_macro_.3F
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Luca: simplify by using only one sed invocation]
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Otherwise the link would appear broken in output/target it's not that
big a deal but at least it's coherent with what we already have.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Only (e)glibc provides libnsl, uclibc provides only a stub, and musl
doesn't implement it at all.
Fixes compilation using this defconfig
BR2_arm=y
BR2_cortex_a7=y
BR2_STATIC_LIBS=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_PACKAGE_OPENSSL=y
BR2_PACKAGE_EXIM=y
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This uClibc toolchain does not provide an appropriate uClibc
configuration for Buildroot: missing IPv6, missing nsl stub, missing
program invocation, etc. Therefore, we mark it as broken, waiting for
a new upstream release of a new toolchain.
We keep around the toolchain-external Synopsys code anyway, since it
will most likely be identical for the new toolchain version. However,
we remove all the quirks that were introduced to start work around
issues related to this toolchain.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also add TARGET_MAKE_ENV to EXIM_BUILD_CMDS to enable access to our pkg-config.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Tested-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)
Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
