FS#66894 - [exim] Exim 4.94 needs patch to work with PAM

Attached to Project: Community Packages
Opened by Caleb Maclennan (alerque) - Thursday, 04 June 2020, 11:10 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 14 June 2020, 10:32 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

The recent update to Exim 4.94 brought with it a nasty upstream bug: https://bugs.exim.org/show_bug.cgi?id=2587

The short version is that PLAIN authentication can no longer use PAM authentication at all. A normal use case (copied from Arch's default config plus the exim documented method of using PAM:

```
PLAIN:
driver = plaintext
server_set_id = $auth2
server_prompts = :
server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}}
server_advertise_condition = ${if def:tls_in_cipher }
```

This will fail to authenticate anybody. The syslog will just have entries like this:

> Jun 04 11:08:45 iguana exim[434535]: 2020-06-04 11:08:45 Taint mismatch, string_nextinlist: auth_call_pam 158

A partial mitigation is that LOGIN authentication works (with the adjusted variable numbering of course).

The upstream bug report has a patch, but exim is not quick to get releases out. I suggest applying this patch to the arch packaging right away.
This task depends upon

Closed by  Felix Yan (felixonmars)
Sunday, 14 June 2020, 10:32 GMT
Reason for closing:  Implemented
Additional comments about closing:  4.94-2
Comment by Caleb Maclennan (alerque) - Thursday, 04 June 2020, 11:30 GMT

Loading...