cdn.postfix.johnriley.me serves a certificate for a different domain
name.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit d4feef97e6)
* use username/group 'exim' instead of mail
* register configuration file
* make sure /usr/lib/exim/lookups exists
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 66a62e2fcf)
Ship default configuration /etc/exim/exim.conf as well as
a simple procd init script. Enable building with LMTP for better
integration with dovecot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 31d12ead78)
Several exploitable vulnerabilities in Exim were reported to us and are
fixed.
Local vulnerabilities
- CVE-2020-28007: Link attack in Exim's log directory
- CVE-2020-28008: Assorted attacks in Exim's spool directory
- CVE-2020-28014: Arbitrary PID file creation
- CVE-2020-28011: Heap buffer overflow in queue_run()
- CVE-2020-28010: Heap out-of-bounds write in main()
- CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
- CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
- CVE-2020-28015: New-line injection into spool header file (local)
- CVE-2020-28012: Missing close-on-exec flag for privileged pipe
- CVE-2020-28009: Integer overflow in get_stdinput()
Remote vulnerabilities
- CVE-2020-28017: Integer overflow in receive_add_recipient()
- CVE-2020-28020: Integer overflow in receive_msg()
- CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
- CVE-2020-28021: New-line injection into spool header file (remote)
- CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
- CVE-2020-28026: Line truncation and injection in spool_read_header()
- CVE-2020-28019: Failure to reset function pointer after BDAT error
- CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
- CVE-2020-28018: Use-after-free in tls-openssl.c
- CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
The update to 4.94.2 also integrates a fix for a printf format issue
previously addressed by a local patch which is removed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c241cb12bb)
- Use AUTORELEASE fce
It helps when someone forgets to bump PKG_RELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 18261fcd31)
ChangeLog:
- IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as script
name argument.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit e40776d264)
Fixed and refreshed patches.
Switched to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6baf7dd125)
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 5d8d4fbbcb)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add Exim MTA variants:
* exim
plain variant without any TLS library which hence comes
without TLS, DANE and DKIM.
* exim-openssl
linked against libopenssl
* exim-gnutls
linked against libgnutls
* exim-ldap
linked against libopenssl, libopenldap and libsasl2
Provide packages for lookup modules
* cdb
* dbmdb
* dnsdb
* json (depends on jansson)
* mysql (depends on libmariadb)
* passwd
* pgsql (depends on libpq)
* redis (depends on libhiredis)
* sqlite (depends on libsqlite3)
Note:
As gnutls requires libunbound which depends on libopenssl to provide
libgnutls-dane, disable DANE by default when building with gnutls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Pass TARGET_[C/LD]FLAGS to reduce filesize.
Fix glibc compilation by adding lresolv.
Remove uClibc-ng patch as that's now gone.
Refreshed other patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Refreshed patches and removed upstreamed ones.
Switched main URL and removed others. None of them have the proper
file. The first actually has a bad one. The changed URL is from the
official website.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This fixes an error in the previous package when building against recent
OpenWrt releases:
In file included from /builder/shared-workdir/build/sdk/staging_dir/target-x86_64_musl/usr/include/dovecot/lib.h:50,
from ext-variables-common.c:4:
ext-variables-common.c: In function 'ext_variables_load':
ext-variables-common.c:91:14: error: expected ')' before 'PRIuSIZE_T'
"(>= %"PRIuSIZE_T" bytes)",
Signed-off-by: W. Michael Petullo <mike@flyn.org>
The package Makefile contains a PKG_BUILD_DEPENDS=libiconv
line, which apart from being incorrect if libiconv-full is
specified in the build configuration, is also unnecessary,
since the package Makefile already includes nls.mk which
sets PKG_BUILD_DEPENDS appropriately.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
This version of mailman will cease to function once Python 2 is removed
from the feed. There does not appear to be any interest in updating this
package to a current version that uses Python 3.
This package will be added to the abandoned packages feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Switch to standard tarballs. Remove autoreconf as a result.
Simplify NLS and IPv6 handling. Removed options are default.
Remove upstreamed patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Michal Vasilek