ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/mail/exim/patches/010-allow-json-dynamic-lookup.patch b/external/subpack/mail/exim/patches/010-allow-json-dynamic-lookup.patch
new file mode 100644
index 0000000..39b6ae9
--- /dev/null
+++ b/external/subpack/mail/exim/patches/010-allow-json-dynamic-lookup.patch
@@ -0,0 +1,11 @@
+--- a/src/drtables.c
++++ b/src/drtables.c
+@@ -662,7 +662,7 @@ addlookupmodule(NULL, &ibase_lookup_modu
+ addlookupmodule(NULL, &ldap_lookup_module_info);
+ #endif
+
+-#ifdef LOOKUP_JSON
++#if defined(LOOKUP_JSON) && LOOKUP_JSON!=2
+ addlookupmodule(NULL, &json_lookup_module_info);
+ #endif
+
diff --git a/external/subpack/mail/exim/patches/030-openssl-deprecated.patch b/external/subpack/mail/exim/patches/030-openssl-deprecated.patch
new file mode 100644
index 0000000..2561de7
--- /dev/null
+++ b/external/subpack/mail/exim/patches/030-openssl-deprecated.patch
@@ -0,0 +1,86 @@
+--- a/src/dane-openssl.c
++++ b/src/dane-openssl.c
+@@ -1098,8 +1098,8 @@ if (dane->selectors[DANESSL_USAGE_DANE_T
+ * Check that setting the untrusted chain updates the expected
+ * structure member at the expected offset.
+ */
+- X509_STORE_CTX_trusted_stack(ctx, dane->roots);
+- X509_STORE_CTX_set_chain(ctx, dane->chain);
++ X509_STORE_CTX_set0_trusted_stack(ctx, dane->roots);
++ X509_STORE_CTX_set0_untrusted(ctx, dane->chain);
+ OPENSSL_assert(dane->chain == X509_STORE_CTX_get0_untrusted(ctx));
+ }
+ }
+--- a/src/pdkim/signing.c
++++ b/src/pdkim/signing.c
+@@ -703,7 +703,6 @@ return NULL;
+ void
+ exim_dkim_init(void)
+ {
+-ERR_load_crypto_strings();
+ }
+
+
+--- a/src/tls-openssl.c
++++ b/src/tls-openssl.c
+@@ -22,7 +22,10 @@ functions from the OpenSSL library. */
+ #include <openssl/lhash.h>
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/dh.h>
+ #include <openssl/rand.h>
++#include <openssl/rsa.h>
+ #ifndef OPENSSL_NO_ECDH
+ # include <openssl/ec.h>
+ #endif
+@@ -885,8 +888,9 @@ pkey = EVP_RSA_gen(2048);
+
+ X509_set_version(x509, 2); /* N+1 - version 3 */
+ ASN1_INTEGER_set(X509_get_serialNumber(x509), 1);
+-X509_gmtime_adj(X509_get_notBefore(x509), 0);
+-X509_gmtime_adj(X509_get_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */
++X509_gmtime_adj(X509_getm_notBefore(x509), 0);
++X509_gmtime_adj(X509_getm_notAfter(x509), (long)2 * 60 * 60); /* 2 hour */
++
+ X509_set_pubkey(x509, pkey);
+
+ name = X509_get_subject_name(x509);
+@@ -4670,8 +4674,8 @@ return string_fmt_append(g,
+ " Runtime: %s\n"
+ " : %s\n",
+ OPENSSL_VERSION_TEXT,
+- SSLeay_version(SSLEAY_VERSION),
+- SSLeay_version(SSLEAY_BUILT_ON));
++ OpenSSL_version(OPENSSL_VERSION),
++ OpenSSL_version(OPENSSL_BUILT_ON));
+ /* third line is 38 characters for the %s and the line is 73 chars long;
+ the OpenSSL output includes a "built on: " prefix already. */
+ }
+@@ -4713,8 +4717,6 @@ if (pidnow != pidlast)
+ is unique for each thread", this doesn't apparently apply across processes,
+ so our own warning from vaguely_random_number_fallback() applies here too.
+ Fix per PostgreSQL. */
+- if (pidlast != 0)
+- RAND_cleanup();
+ pidlast = pidnow;
+ }
+
+--- a/src/tlscert-openssl.c
++++ b/src/tlscert-openssl.c
+@@ -218,13 +218,13 @@ return mod ? tls_field_from_dn(cp, mod)
+ uschar *
+ tls_cert_not_before(void * cert, uschar * mod)
+ {
+-return asn1_time_copy(X509_get_notBefore((X509 *)cert), mod);
++return asn1_time_copy(X509_getm_notBefore((X509 *)cert), mod);
+ }
+
+ uschar *
+ tls_cert_not_after(void * cert, uschar * mod)
+ {
+-return asn1_time_copy(X509_get_notAfter((X509 *)cert), mod);
++return asn1_time_copy(X509_getm_notAfter((X509 *)cert), mod);
+ }
+
+ uschar *
diff --git a/external/subpack/mail/exim/patches/100-localscan_dlopen.patch b/external/subpack/mail/exim/patches/100-localscan_dlopen.patch
new file mode 100644
index 0000000..e5efd5e
--- /dev/null
+++ b/external/subpack/mail/exim/patches/100-localscan_dlopen.patch
@@ -0,0 +1,305 @@
+Description: Allow one to use and switch between different local_scan functions
+ without recompiling exim.
+ http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from
+ David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc
+ MERLIN for SA-Exim and minor/major API version tracking
+Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN
+Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/
+Forwarded: https://bugs.exim.org/show_bug.cgi?id=2671
+Last-Update: 2021-07-28
+
+--- a/src/EDITME
++++ b/src/EDITME
+@@ -873,6 +873,21 @@ HEADERS_CHARSET="ISO-8859-1"
+
+
+ #------------------------------------------------------------------------------
++# On systems which support dynamic loading of shared libraries, Exim can
++# load a local_scan function specified in its config file instead of having
++# to be recompiled with the desired local_scan function. For a full
++# description of the API to this function, see the Exim specification.
++
++DLOPEN_LOCAL_SCAN=yes
++
++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
++# linker flags. Without it, the loaded .so won't be able to access any
++# functions from exim.
++
++LDFLAGS += -rdynamic
++CFLAGS += -fvisibility=hidden
++
++#------------------------------------------------------------------------------
+ # The default distribution of Exim contains only the plain text form of the
+ # documentation. Other forms are available separately. If you want to install
+ # the documentation in "info" format, first fetch the Texinfo documentation
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
+@@ -33,6 +33,8 @@ Do not put spaces between # and the 'def
+
+ #define AUTH_VARS 4
+
++#define DLOPEN_LOCAL_SCAN
++
+ #define BIN_DIRECTORY
+
+ #define CONFIGURE_FILE
+--- a/src/globals.c
++++ b/src/globals.c
+@@ -117,6 +117,10 @@ int dsn_ret = 0;
+ const pcre2_code *regex_DSN = NULL;
+ uschar *dsn_advertise_hosts = NULL;
+
++#ifdef DLOPEN_LOCAL_SCAN
++uschar *local_scan_path = NULL;
++#endif
++
+ #ifndef DISABLE_TLS
+ BOOL gnutls_compat_mode = FALSE;
+ BOOL gnutls_allow_auto_pkcs11 = FALSE;
+--- a/src/globals.h
++++ b/src/globals.h
+@@ -155,6 +155,9 @@ extern int dsn_ret; /
+ extern const pcre2_code *regex_DSN; /* For recognizing DSN settings */
+ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
+
++#ifdef DLOPEN_LOCAL_SCAN
++extern uschar *local_scan_path; /* Path to local_scan() library */
++#endif
+ /* Input-reading functions for messages, so we can use special ones for
+ incoming TCP/IP. */
+
+--- a/src/local_scan.c
++++ b/src/local_scan.c
+@@ -7,58 +7,133 @@
+ /* See the file NOTICE for conditions of use and distribution. */
+
+
+-/******************************************************************************
+-This file contains a template local_scan() function that just returns ACCEPT.
+-If you want to implement your own version, you should copy this file to, say
+-Local/local_scan.c, and edit the copy. To use your version instead of the
+-default, you must set
+-
+-HAVE_LOCAL_SCAN=yes
+-LOCAL_SCAN_SOURCE=Local/local_scan.c
+-
+-in your Local/Makefile. This makes it easy to copy your version for use with
+-subsequent Exim releases.
+-
+-For a full description of the API to this function, see the Exim specification.
+-******************************************************************************/
+-
+-
+ /* This is the only Exim header that you should include. The effect of
+ including any other Exim header is not defined, and may change from release to
+ release. Use only the documented interface! */
+
+ #include "local_scan.h"
+
+-
+-/* This is a "do-nothing" version of a local_scan() function. The arguments
+-are:
+-
+- fd The file descriptor of the open -D file, which contains the
+- body of the message. The file is open for reading and
+- writing, but modifying it is dangerous and not recommended.
+-
+- return_text A pointer to an unsigned char* variable which you can set in
+- order to return a text string. It is initialized to NULL.
+-
+-The return values of this function are:
+-
+- LOCAL_SCAN_ACCEPT
+- The message is to be accepted. The return_text argument is
+- saved in $local_scan_data.
+-
+- LOCAL_SCAN_REJECT
+- The message is to be rejected. The returned text is used
+- in the rejection message.
+-
+- LOCAL_SCAN_TEMPREJECT
+- This specifies a temporary rejection. The returned text
+- is used in the rejection message.
+-*/
++#ifdef DLOPEN_LOCAL_SCAN
++#include <dlfcn.h>
++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
++static int load_local_scan_library(void);
++#endif
+
+ int
+ local_scan(int fd, uschar **return_text)
+ {
+-return LOCAL_SCAN_ACCEPT;
++
++#ifdef DLOPEN_LOCAL_SCAN
++/* local_scan_path is defined AND not the empty string */
++if (local_scan_path && *local_scan_path)
++ {
++ if (!local_scan_fn)
++ {
++ if (!load_local_scan_library())
++ {
++ char *base_msg , *error_msg , *final_msg ;
++ int final_length = -1 ;
++
++ base_msg=US"Local configuration error - local_scan() library failure\n";
++ error_msg = dlerror() ;
++
++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
++ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
++ *final_msg = '\0' ;
++
++ strcat( final_msg , base_msg ) ;
++ strcat( final_msg , error_msg ) ;
++
++ *return_text = final_msg ;
++ return LOCAL_SCAN_TEMPREJECT;
++ }
++ }
++ return local_scan_fn(fd, return_text);
++ }
++else
++#endif
++ return LOCAL_SCAN_ACCEPT;
++}
++
++#ifdef DLOPEN_LOCAL_SCAN
++
++static int load_local_scan_library(void)
++{
++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
++void *local_scan_lib = NULL;
++int (*local_scan_version_fn)(void);
++int vers_maj;
++int vers_min;
++
++local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
++if (!local_scan_lib)
++ {
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
++ "message temporarily rejected");
++ return FALSE;
++ }
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_major() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The major number is increased when the ABI is changed in a non
++ backward compatible way. */
++vers_maj = local_scan_version_fn();
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_minor() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The minor number is increased each time a new feature is added (in a
++ way that doesn't break backward compatibility) -- Marc */
++vers_min = local_scan_version_fn();
++
++
++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++
++local_scan_fn = dlsym(local_scan_lib, "local_scan");
++if (!local_scan_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan() function - message temporarily rejected");
++ return FALSE;
++ }
++return TRUE;
+ }
+
++#endif /* DLOPEN_LOCAL_SCAN */
++
+ /* End of local_scan.c */
+--- a/src/local_scan.h
++++ b/src/local_scan.h
+@@ -27,6 +27,7 @@ settings, and the store functions. */
+
+ #include <stdarg.h>
+ #include <sys/types.h>
++#pragma GCC visibility push(default)
+ #include "config.h"
+ #include "mytypes.h"
+ #include "store.h"
+@@ -166,6 +167,9 @@ extern header_line *header_list; /
+ extern BOOL host_checking; /* Set when checking a host */
+ extern uschar *interface_address; /* Interface for incoming call */
+ extern int interface_port; /* Port number for incoming call */
++#ifdef DLOPEN_LOCAL_SCAN
++extern uschar *local_scan_path;
++#endif
+ extern uschar *message_id; /* Internal id of message being handled */
+ extern uschar *received_protocol; /* Name of incoming protocol */
+ extern int recipients_count; /* Number of recipients */
+@@ -236,4 +240,6 @@ extern pid_t child_open_exim2_functio
+ extern pid_t child_open_function(uschar **, uschar **, int, int *, int *, BOOL, const uschar *);
+ #endif
+
++#pragma GCC visibility pop
++
+ /* End of local_scan.h */
+--- a/src/readconf.c
++++ b/src/readconf.c
+@@ -212,6 +212,9 @@ static optionlist optionlist_config[] =
+ { "local_from_prefix", opt_stringptr, {&local_from_prefix} },
+ { "local_from_suffix", opt_stringptr, {&local_from_suffix} },
+ { "local_interfaces", opt_stringptr, {&local_interfaces} },
++#ifdef DLOPEN_LOCAL_SCAN
++ { "local_scan_path", opt_stringptr, &local_scan_path },
++#endif
+ #ifdef HAVE_LOCAL_SCAN
+ { "local_scan_timeout", opt_time, {&local_scan_timeout} },
+ #endif
+--- a/src/string.c
++++ b/src/string.c
+@@ -418,6 +418,7 @@ return ss;
+
+ #if (defined(HAVE_LOCAL_SCAN) || defined(EXPAND_DLFUNC)) \
+ && !defined(MACRO_PREDEF) && !defined(COMPILE_UTILITY)
++#pragma GCC visibility push(default)
+ /*************************************************
+ * Copy and save string *
+ *************************************************/
+@@ -463,6 +464,7 @@ string_copyn_function(const uschar * s,
+ {
+ return string_copyn(s, n);
+ }
++#pragma GCC visibility pop
+ #endif
+
+
diff --git a/external/subpack/mail/exim/patches/200-fix-build.patch b/external/subpack/mail/exim/patches/200-fix-build.patch
new file mode 100644
index 0000000..a53bc8f
--- /dev/null
+++ b/external/subpack/mail/exim/patches/200-fix-build.patch
@@ -0,0 +1,41 @@
+--- a/src/drtables.c
++++ b/src/drtables.c
+@@ -736,7 +736,7 @@ else
+ {
+ char * name = ent->d_name;
+ int len = (int)strlen(name);
+- if (regex_match(regex_islookupmod, US name, len, NUL))
++ if (regex_match(regex_islookupmod, US name, len, NULL))
+ {
+ int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2;
+ void *dl;
+--- a/src/exim.c
++++ b/src/exim.c
+@@ -636,13 +636,15 @@ exim_nullstd(void)
+ {
+ int devnull = -1;
+ struct stat statbuf;
++const char devnullpath[] = "/dev/null";
++
+ for (int i = 0; i <= 2; i++)
+ {
+ if (fstat(i, &statbuf) < 0 && errno == EBADF)
+ {
+- if (devnull < 0) devnull = open("/dev/null", O_RDWR);
++ if (devnull < 0) devnull = open(devnullpath, O_RDWR);
+ if (devnull < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
+- string_open_failed("/dev/null", NULL));
++ string_open_failed("%s", devnullpath));
+ if (devnull != i) (void)dup2(devnull, i);
+ }
+ }
+--- a/src/local_scan.h
++++ b/src/local_scan.h
+@@ -26,6 +26,7 @@ store.c
+ settings, and the store functions. */
+
+ #include <stdarg.h>
++#include <stdlib.h>
+ #include <sys/types.h>
+ #pragma GCC visibility push(default)
+ #include "config.h"