Date: Sat, 22 Feb 2020 20:25:40 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 244322] mail/exim: 4.93 causes taint issues Message-ID: <bug-244322-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D244322 Bug ID: 244322 Summary: mail/exim: 4.93 causes taint issues Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: vsevolod@FreeBSD.org Reporter: ler@FreeBSD.org Assignee: vsevolod@FreeBSD.org Flags: maintainer-feedback?(vsevolod@FreeBSD.org) I tried to upgrade to 4.93 today, and had to roll back to 4.92.3. I get: [I] =E2=9E=9C grep -i taint /var/log/maillog <17>1 2020-02-20T10:38:44.854525-06:00 thebighonker.lerctr.org exim 59285 -= - [1\2] 1j4oqa-000FQD-Nw Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:44.889621-06:00 thebighonker.lerctr.org exim 59224 -= - 1j4oqa-000FPE-Nw attempt to expand tainted string '$1' <21>1 2020-02-20T10:38:44.890149-06:00 thebighonker.lerctr.org exim 59224 -= - [1\52] 1j4oqa-000FPE-Nw H=3Dmalur.postgresql.org [2a02:16a8:dc51::56]:50652 I=3D[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SH= A:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T10:38:44.973850-06:00 thebighonker.lerctr.org exim 59226 -= - [1\2] 1j4oqa-000FPG-Nw Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:47.929854-06:00 thebighonker.lerctr.org exim 59345 -= - [1\2] 1j4oqd-000FRB-R2 Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:48.027188-06:00 thebighonker.lerctr.org exim 59346 -= - [1\2] 1j4oqd-000FRC-R2 Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:54.276084-06:00 thebighonker.lerctr.org exim 59437 -= - [1\2] 1j4oqk-000FSf-5I Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:55.233514-06:00 thebighonker.lerctr.org exim 59440 -= - [1\2] 1j4oql-000FSi-1N Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:56.331072-06:00 thebighonker.lerctr.org exim 59482 -= - [1\2] 1j4oqm-000FTO-7i Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:57.252803-06:00 thebighonker.lerctr.org exim 59525 -= - [1\2] 1j4oqn-000FU5-4V Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:38:57.583361-06:00 thebighonker.lerctr.org exim 59347 -= - 1j4oqn-000FRD-EY attempt to expand tainted string '$1' <21>1 2020-02-20T10:38:57.583848-06:00 thebighonker.lerctr.org exim 59347 -= - [1\52] 1j4oqn-000FRD-EY H=3Dmalur.postgresql.org [217.196.149.56]:53230 I=3D[192.147.25.65]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SHA:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T10:40:02.858804-06:00 thebighonker.lerctr.org exim 59708 -= - [1\2] 1j4orq-000FX2-FA Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:40:04.243293-06:00 thebighonker.lerctr.org exim 59794 -= - [1\2] 1j4ors-000FYQ-1m Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:40:05.443663-06:00 thebighonker.lerctr.org exim 59796 -= - [1\2] 1j4ort-000FYS-7D Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:40:05.521456-06:00 thebighonker.lerctr.org exim 59797 -= - [1\2] 1j4ort-000FYT-DD Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:40:06.318268-06:00 thebighonker.lerctr.org exim 59807 -= - [1\2] 1j4oru-000FYd-7N Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:50:25.379393-06:00 thebighonker.lerctr.org exim 61381 -= - [1\2] 1j4p1t-000Fy1-6l Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:50:54.614045-06:00 thebighonker.lerctr.org exim 61469 -= - [1\2] 1j4p2M-000FzR-D7 Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T10:51:23.429945-06:00 thebighonker.lerctr.org exim 61481 -= - [1\2] 1j4p2p-000Fzd-5G Taint mismatch, Ustrncpy: ip_unixsocket 518 <17>1 2020-02-20T11:03:16.207210-06:00 thebighonker.lerctr.org exim 64926 -= - 1j4pEH-000GtC-Sf attempt to expand tainted string '$1' <21>1 2020-02-20T11:03:16.207829-06:00 thebighonker.lerctr.org exim 64926 -= - [1\115] 1j4pEH-000GtC-Sf H=3Dmail-qv1-xf2f.google.com [2607:f8b0:4864:20::f2f]:44553 I=3D[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25 X=3DTLS1.3:TLS_AES_128_GCM_SHA256:128 CV=3Dyes DN=3D"/C=3DUS/ST=3DCaliforni= a/L=3DMountain View/O=3DGoogle LLC/CN=3Dsmtp.gmail.com" SNI=3D"thebighonker.lerctr.org" F=3D<m.ray.mullins+caf_=3Dmrm=3Dlerctr.org@gmail.com> temporarily rejected = during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:08:23.275666-06:00 thebighonker.lerctr.org exim 66252 -= - 1j4pJH-000HEa-3y attempt to expand tainted string '$1' <21>1 2020-02-20T11:08:23.276207-06:00 thebighonker.lerctr.org exim 66252 -= - [1\52] 1j4pJH-000HEa-3y H=3Dmalur.postgresql.org [2a02:16a8:dc51::56]:39768 I=3D[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SH= A:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:08:35.318122-06:00 thebighonker.lerctr.org exim 66262 -= - 1j4pJT-000HEk-5v attempt to expand tainted string '$1' <21>1 2020-02-20T11:08:35.318634-06:00 thebighonker.lerctr.org exim 66262 -= - [1\52] 1j4pJT-000HEk-5v H=3Dmalur.postgresql.org [217.196.149.56]:40944 I=3D[192.147.25.65]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SHA:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:16:52.674144-06:00 thebighonker.lerctr.org exim 66815 -= - 1j4pRU-000HNf-Gt attempt to expand tainted string '$1' <21>1 2020-02-20T11:16:52.674696-06:00 thebighonker.lerctr.org exim 66815 -= - [1\52] 1j4pRU-000HNf-Gt H=3Dmalur.postgresql.org [2a02:16a8:dc51::56]:39884 I=3D[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SH= A:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:17:04.489395-06:00 thebighonker.lerctr.org exim 66820 -= - 1j4pRg-000HNk-BU attempt to expand tainted string '$1' <21>1 2020-02-20T11:17:04.489774-06:00 thebighonker.lerctr.org exim 66820 -= - [1\52] 1j4pRg-000HNk-BU H=3Dmalur.postgresql.org [217.196.149.56]:41062 I=3D[192.147.25.65]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SHA:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:21:27.395015-06:00 thebighonker.lerctr.org exim 67063 -= - 1j4pVu-000HRf-Oh attempt to expand tainted string '$1' <21>1 2020-02-20T11:21:27.395754-06:00 thebighonker.lerctr.org exim 67063 -= - [1\113] 1j4pVu-000HRf-Oh H=3Dmail-vk1-xa30.google.com [2607:f8b0:4864:20::a30]:32875 I=3D[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25 X=3DTLS1.3:TLS_AES_128_GCM_SHA256:128 CV=3Dyes DN=3D"/C=3DUS/ST=3DCaliforni= a/L=3DMountain View/O=3DGoogle LLC/CN=3Dsmtp.gmail.com" SNI=3D"thebighonker.lerctr.org" F=3D<m.ray.mullins+caf_=3Dmrm=3Dlerctr.org@gmail.com> temporarily rejected = during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:25:22.416483-06:00 thebighonker.lerctr.org exim 68209 -= - 1j4pZi-000Hk9-8c attempt to expand tainted string '$1' <21>1 2020-02-20T11:25:22.416966-06:00 thebighonker.lerctr.org exim 68209 -= - [1\52] 1j4pZi-000Hk9-8c H=3Dmalur.postgresql.org [2a02:16a8:dc51::56]:47754 I=3D[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SH= A:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' <17>1 2020-02-20T11:25:34.407034-06:00 thebighonker.lerctr.org exim 68417 -= - 1j4pZu-000HnV-8o attempt to expand tainted string '$1' <21>1 2020-02-20T11:25:34.407583-06:00 thebighonker.lerctr.org exim 68417 -= - [1\52] 1j4pZu-000HnV-8o H=3Dmalur.postgresql.org [217.196.149.56]:48932 I=3D[192.147.25.65]:25 X=3DTLS1.2:ECDHE-RSA-AES256-SHA:256 CV=3Dyes DN=3D"/CN=3Dlists.postgresql.org" F=3D<pgsql-hackers-owner+M2386-214291@lists.postgresql.org> temporarily rej= ected during MIME ACL checks: failed to expand ACL string "${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{= /usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}": attempt to expand tainted string '$1' ler in exim =EE=82=A2 at thebighonker on =EE=82=A0 master [!] [I] =E2=9E=9C the unix socket was for clamd: in the ACL, and the others I'm not sure how = to fix. A reply on the Exim list suggested the 4.93+fixes branch. Can we get the p= ort to pull it's sources from that branch? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-244322-7788>