RFH exim localscan dlopen patch stopped working with exim 4.93 (RC0)

Andreas Metzler ametzler at bebt.de
Sun Oct 20 13:12:50 BST 2019


I have just uploaded exim4 4.93~RC0-1 to experimental.

Due to 

| JH/32 Introduce a general tainting mechanism for values read from the
|     input channel, and values derived from them. Refuse to expand any
|     tainted values, to catch one form of exploit.

the localscan dlopen patch does not work anynmore with exim 4.93 RC0.

I have managed to change it insofar that exim again. However the
resulting binary does not work with the current sa-exim binary package

<~* 451-Local configuration error - local_scan() library failure
<~* 451 /usr/lib/exim4/local_scan/sa-exim.so: undefined symbol: string_sprintf

and sa-exim cannot be built successfully against exim4-dev 4.93~RC0-1:

sa-exim.c: In function 'get_header':
sa-exim.c:162:12: warning: implicit declaration of function 'string_copyn' [-Wimplicit-function-declaration]
/usr/include/exim4/local_scan.h:197:64: error: expected expression before ')' token
  197 |  string_sprintf_trc(fmt, US __FUNCTION__, __LINE__, __VA_ARGS__)
      |                                                                ^
sa-exim.c:101:15: note: in definition of macro 'CHECKERR'
  101 |         where=mwhere; \
      |               ^~~~~~
sa-exim.c:1264:21: note: in expansion of macro 'string_sprintf'
 1264 |      CHECKERR(stret,string_sprintf("SA body write to msg"),__LINE__);

I think sa-exim.c needs to be built with -DLOCAL_SCAN but that does
improve things significantly.

For the time being I have removed exim4-localscanapi-2.0 from Provides.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-exim4-maintainers mailing list