Ubuntu
exim4 package

Merge ~sergiodj/ubuntu/+source/exim4:bug1974214-segfault-smtp-delivery-JAMMY into ubuntu/+source/exim4:ubuntu/jammy-devel

  1. Git
  2. lp:~sergiodj/ubuntu/+source/exim4
  3. bug1974214-segfault-smtp-delivery-JAMMY
  4. Merge into ubuntu/jammy-devel
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: Sergio Durigan Junior
Merged at revision: 2947e0629f93371ad06fb72b1c44611e8d3b4c33
Proposed branch: ~sergiodj/ubuntu/+source/exim4:bug1974214-segfault-smtp-delivery-JAMMY
Merge into: ubuntu/+source/exim4:ubuntu/jammy-devel
Diff against target: 247 lines (+219/-0)
4 files modified
debian/changelog (+7/-0)
debian/patches/lp1974214-segfault-smtp-delivery-01.patch (+186/-0)
debian/patches/lp1974214-segfault-smtp-delivery-02.patch (+24/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Pending
Review via email: mp+423963@code.launchpad.net

Description of the change

This MP fixes bug #1974214 in Jammy, which is about exim4 segfaulting while connecting to the secondary MX after the primary MX has deferred the email delivery.

This has been reported and fixed upstream, and the Ubuntu bug reporter already tried these patches and confirmed that they work. It took me a bit of time to come up with a reproducer, but after some failed attempts I was finally able to write step-by-step instructions. You can find them in the bug description, which is an SRU template (since this bug also affects Jammy).

There are two patches required to fix the bug, but they are not complex and shouldn't require too much review time. The annoying part is really reproducing the bug.

You can also find a PPA with the proposed package here:

https://launchpad.net/~sergiodj/+archive/ubuntu/exim4

The build is still running; when it finishes I'll trigger autopkgtests and post the results here.

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

autopkgtest is OK:

autopkgtest [23:36:21]: @@@@@@@@@@@@@@@@@@@@ summary
basic PASS

https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-exim4/?format=plain

Revision history for this message
Bryce Harrington (bryce) wrote :

See the kinetic MP for comments.

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Friday, June 03 2022, Bryce Harrington wrote:

> Review: Approve
>
> See the kinetic MP for comments.

Thanks, Bryce.

Uploaded:

$ dput exim4_4.95-4ubuntu2.1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/exim4/exim4_4.95-4ubuntu2.1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/exim4/exim4_4.95-4ubuntu2.1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading exim4_4.95-4ubuntu2.1.dsc: done.
  Uploading exim4_4.95-4ubuntu2.1.debian.tar.xz: done.
  Uploading exim4_4.95-4ubuntu2.1_source.buildinfo: done.
  Uploading exim4_4.95-4ubuntu2.1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, bryce
Uploaders: sergiodj, bryce
MP auto-approved

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index be86696..7592419 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+exim4 (4.95-4ubuntu2.1) jammy; urgency=medium
7+
8+ * d/p/lp1974214-segfault-smtp-delivery-0{1,2}.patch: Fix segfault when
9+ there's an SMTP delivery attempt following a deferral. (LP: #1974214)
10+
11+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Fri, 03 Jun 2022 17:51:15 -0400
12+
13 exim4 (4.95-4ubuntu2) jammy; urgency=medium
14
15 * d/p/lp1966923-exiqgrep-syntax-error.patch: Fix exiqgrep syntax error,
16diff --git a/debian/patches/lp1974214-segfault-smtp-delivery-01.patch b/debian/patches/lp1974214-segfault-smtp-delivery-01.patch
17new file mode 100644
18index 0000000..1342ae6
19--- /dev/null
20+++ b/debian/patches/lp1974214-segfault-smtp-delivery-01.patch
21@@ -0,0 +1,186 @@
22+From: Jeremy Harris <jgh146exb@wizmail.org>
23+Date: Thu, 19 May 2022 14:23:02 +0100
24+Subject: GnuTLS: Do not free the cached creds on transport connection close.
25+ Bug 2886
26+
27+Origin: upstream, https://git.exim.org/exim.git/commitdiff/8c74b00980bc7e3e479e8dfcd7c0008b2ac3f543
28+Bug: https://bugs.exim.org/show_bug.cgi?id=2886
29+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214
30+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004740
31+---
32+ confs/2011 | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
33+ log/2011 | 13 +++++++++
34+ rejectlog/2011 | 3 ++
35+ scripts/2000-GnuTLS/2011 | 20 ++++++++++++++
36+ src/tls-gnu.c | 8 ++----
37+ 5 files changed, 111 insertions(+), 5 deletions(-)
38+ create mode 100644 confs/2011
39+ create mode 100644 log/2011
40+ create mode 100644 rejectlog/2011
41+ create mode 100644 scripts/2000-GnuTLS/2011
42+
43+diff --git a/confs/2011 b/confs/2011
44+new file mode 100644
45+index 0000000..eac8ccd
46+--- /dev/null
47++++ b/confs/2011
48+@@ -0,0 +1,72 @@
49++# Exim test configuration 2011
50++
51++SERVER=
52++
53++keep_environment = PATH:EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK
54++add_environment = SSLKEYLOGFILE=DIR/spool/sslkeys
55++exim_path = EXIM_PATH
56++host_lookup_order = bydns
57++spool_directory = DIR/spool
58++
59++.ifdef SERVER
60++log_file_path = DIR/spool/log/SERVER%slog
61++.else
62++log_file_path = DIR/spool/log/%slog
63++.endif
64++
65++gecos_pattern = ""
66++gecos_name = CALLER_NAME
67++dns_cname_loops = 9
68++chunking_advertise_hosts = *
69++
70++.ifdef _HAVE_PIPE_CONNECT
71++pipelining_connect_advertise_hosts = :
72++.endif
73++.ifdef _HAVE_DMARC
74++dmarc_tld_file =
75++.endif
76++.ifdef _EXP_LIMITS
77++limits_advertise_hosts = !*
78++.endif
79++
80++primary_hostname = test.ex
81++
82++# ----- Main settings -----
83++
84++acl_smtp_rcpt = check_rcpt
85++
86++log_selector = +received_recipients +dkim_verbose
87++queue_only
88++queue_run_in_order
89++
90++# ----- ACL -----
91++begin acl
92++
93++check_rcpt:
94++ defer hosts = HOSTIPV4
95++ accept
96++
97++# ----- Routers -----
98++
99++begin routers
100++
101++d0:
102++ driver = manualroute
103++ route_list = * "HOSTIPV4::PORT_D : 127.0.0.1::PORT_D"
104++ self = send
105++ transport = gsmtp
106++
107++# ----- Transports -----
108++
109++begin transports
110++
111++gsmtp:
112++ driver = smtp
113++ allow_localhost
114++ tls_verify_certificates = system
115++ hosts_require_tls = *
116++
117++begin retry
118++* * F,5d,10s
119++
120++# End
121+diff --git a/log/2011 b/log/2011
122+new file mode 100644
123+index 0000000..f0fad26
124+--- /dev/null
125++++ b/log/2011
126+@@ -0,0 +1,13 @@
127++1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@test.ex U=CALLER P=local S=sss for fred@test.net
128++1999-03-02 09:44:33 Start queue run: pid=pppp
129++1999-03-02 09:44:33 10HmaX-0005vi-00 H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: SMTP error from remote mail server after RCPT TO:<fred@test.net>: 451 Temporary local problem - please try later
130++1999-03-02 09:44:33 10HmaX-0005vi-00 => fred@test.net R=d0 T=gsmtp H=127.0.0.1 [127.0.0.1] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K C="250- 3nn byte chunk, total 3nn\\n250 OK id=10HmaY-0005vi-00"
131++1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
132++1999-03-02 09:44:33 End queue run: pid=pppp
133++
134++******** SERVER ********
135++1999-03-02 09:44:33 Warning: No server certificate defined; will use a selfsigned one.
136++ Suggested action: either install a certificate or change tls_advertise_hosts option
137++1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
138++1999-03-02 09:44:33 H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no F=<CALLER@test.ex> temporarily rejected RCPT <fred@test.net>
139++1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@test.ex H=localhost (test.ex) [127.0.0.1] P=esmtps X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no K S=sss id=E10HmaX-0005vi-00@test.ex for fred@test.net
140+diff --git a/rejectlog/2011 b/rejectlog/2011
141+new file mode 100644
142+index 0000000..b8ae22a
143+--- /dev/null
144++++ b/rejectlog/2011
145+@@ -0,0 +1,3 @@
146++
147++******** SERVER ********
148++1999-03-02 09:44:33 H=the.local.host.name (test.ex) [ip4.ip4.ip4.ip4] X=TLS1.x:ke-RSA-AES256-SHAnnn:xxx CV=no F=<CALLER@test.ex> temporarily rejected RCPT <fred@test.net>
149+diff --git a/scripts/2000-GnuTLS/2011 b/scripts/2000-GnuTLS/2011
150+new file mode 100644
151+index 0000000..c5504c3
152+--- /dev/null
153++++ b/scripts/2000-GnuTLS/2011
154+@@ -0,0 +1,20 @@
155++# Cached CA bundle re-use
156++#
157++# Preload a message into spool
158++exim -odq fred@test.net
159++Subject: test
160++
161++this is a test
162++
163++****
164++#
165++# Server to work against
166++exim -DSERVER=server -bd -oX PORT_D
167++****
168++#
169++# Send message from spool
170++exim -q
171++****
172++#
173++killdaemon
174++no_msglog_check
175+diff --git a/src/tls-gnu.c b/src/tls-gnu.c
176+index 31327c8..01a04be 100644
177+--- a/src/tls-gnu.c
178++++ b/src/tls-gnu.c
179+@@ -1586,6 +1586,9 @@ return lifetime;
180+ /* Preload whatever creds are static, onto a transport. The client can then
181+ just copy the pointer as it starts up. */
182+
183++/*XXX this is not called for a cmdline send. But one needing to use >1 conn would benefit,
184++and there seems little downside. */
185++
186+ static void
187+ tls_client_creds_init(transport_instance * t, BOOL watch)
188+ {
189+@@ -3061,8 +3064,6 @@ if (rc != GNUTLS_E_SUCCESS)
190+ tls_error_gnu(state, US"gnutls_handshake", rc, errstr);
191+ (void) gnutls_alert_send_appropriate(state->session, rc);
192+ gnutls_deinit(state->session);
193+- gnutls_certificate_free_credentials(state->lib_state.x509_cred);
194+- state->lib_state = null_tls_preload;
195+ millisleep(500);
196+ shutdown(state->fd_out, SHUT_WR);
197+ for (int i = 1024; fgetc(smtp_in) != EOF && i > 0; ) i--; /* drain skt */
198+@@ -3749,9 +3750,6 @@ if (!ct_ctx) /* server */
199+ }
200+
201+ gnutls_deinit(state->session);
202+-gnutls_certificate_free_credentials(state->lib_state.x509_cred);
203+-state->lib_state = null_tls_preload;
204+-
205+ tlsp->active.sock = -1;
206+ tlsp->active.tls_ctx = NULL;
207+ /* Leave bits, peercert, cipher, peerdn, certificate_verified set, for logging */
208diff --git a/debian/patches/lp1974214-segfault-smtp-delivery-02.patch b/debian/patches/lp1974214-segfault-smtp-delivery-02.patch
209new file mode 100644
210index 0000000..d99e3aa
211--- /dev/null
212+++ b/debian/patches/lp1974214-segfault-smtp-delivery-02.patch
213@@ -0,0 +1,24 @@
214+From: Jeremy Harris <jgh146exb@wizmail.org>
215+Date: Thu, 19 May 2022 14:24:48 +0100
216+Subject: ARC: reset headers before signing for secondary MX. Bug 2886
217+
218+Origin: upstream, https://git.exim.org/exim.git/commitdiff/5a8015582376ff3cc0c0d034d9237008b10d2164
219+Bug: https://bugs.exim.org/show_bug.cgi?id=2886
220+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1974214
221+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004740
222+---
223+ src/arc.c | 1 +
224+ 1 file changed, 1 insertion(+)
225+
226+diff --git a/src/arc.c b/src/arc.c
227+index a68ab6e..b150d3a 100644
228+--- a/src/arc.c
229++++ b/src/arc.c
230+@@ -1531,6 +1531,7 @@ void
231+ arc_sign_init(void)
232+ {
233+ memset(&arc_sign_ctx, 0, sizeof(arc_sign_ctx));
234++headers_rlist = NULL;
235+ }
236+
237+
238diff --git a/debian/patches/series b/debian/patches/series
239index 5103fb5..1461ff3 100644
240--- a/debian/patches/series
241+++ b/debian/patches/series
242@@ -16,3 +16,5 @@
243 90_localscan_dlopen.dpatch
244 fix_smtp_banner.patch
245 lp1966923-exiqgrep-syntax-error.patch
246+lp1974214-segfault-smtp-delivery-01.patch
247+lp1974214-segfault-smtp-delivery-02.patch

Subscribers

People subscribed via source and target branches