FS#66894 - [exim] Exim 4.94 needs patch to work with PAM
Attached to Project:
Community Packages
Opened by Caleb Maclennan (alerque) - Thursday, 04 June 2020, 11:10 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 14 June 2020, 10:32 GMT
Opened by Caleb Maclennan (alerque) - Thursday, 04 June 2020, 11:10 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 14 June 2020, 10:32 GMT
|
Details
The recent update to Exim 4.94 brought with it a nasty
upstream bug:
https://bugs.exim.org/show_bug.cgi?id=2587
The short version is that PLAIN authentication can no longer use PAM authentication at all. A normal use case (copied from Arch's default config plus the exim documented method of using PAM: ``` PLAIN: driver = plaintext server_set_id = $auth2 server_prompts = : server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}} server_advertise_condition = ${if def:tls_in_cipher } ``` This will fail to authenticate anybody. The syslog will just have entries like this: > Jun 04 11:08:45 iguana exim[434535]: 2020-06-04 11:08:45 Taint mismatch, string_nextinlist: auth_call_pam 158 A partial mitigation is that LOGIN authentication works (with the adjusted variable numbering of course). The upstream bug report has a patch, but exim is not quick to get releases out. I suggest applying this patch to the arch packaging right away. |
This task depends upon
Closed by Felix Yan (felixonmars)
Sunday, 14 June 2020, 10:32 GMT
Reason for closing: Implemented
Additional comments about closing: 4.94-2
Sunday, 14 June 2020, 10:32 GMT
Reason for closing: Implemented
Additional comments about closing: 4.94-2
Comment by
Caleb Maclennan (alerque) -
Thursday, 04 June 2020, 11:30 GMT
Here is a direct link to the patch that is needed:
https://github.com/Exim/exim/commit/f7f933a199be8bb7362c715e0040545b514cddca.patch