From 94261c874e2cffac89d8eb4cf0f898786b75b46f Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 28 Mar 2018 12:34:17 +0100
Subject: [PATCH] Rebuild exim from patch

---
 src/freedombone-app-xmpp     |  1 +
 src/freedombone-base-email   | 67 +++++++++++++++++++++++++++++++++---
 src/freedombone-utils-nodejs |  1 +
 3 files changed, 65 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 2d9dde41..89c15b3d 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -619,6 +619,7 @@ function remove_xmpp {
     remove_onion_service xmpp 5222 5223 5269
     sed -i '/HiddenServiceVersion 2/d' /etc/tor/torrc
 
+    apt-mark -q unhold prosody
     apt-get -yq remove --purge prosody
     rm /etc/cron.daily/prosody
     if [ -f "$INSTALL_DIR/$prosody_modules_filename" ]; then
diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index 72ca2eae..8d0ac56d 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -83,10 +83,67 @@ function rebuild_exim_with_socks {
     apt-get source exim4-daemon-heavy
     apt-get -qy build-dep exim4-daemon-heavy
     cd "${INSTALL_DIR}/exim4/exim4-*" || exit 356835685
-    cp src/EDITME Local/Makefile
-    sed -i 's|# SUPPORT_SOCKS|SUPPORT_SOCKS|g' Local/Makefile
-    # TODO how to make this non-interactive
-    EDITOR=nano echo '\C-x' | dpkg-source --commit . SOCKS
+
+    { echo 'Description: Socks proxying';
+      echo ' Support for socks proxying of outgoing mail';
+      echo ' This is to support onion email addresses, which require support for SOCKS5';
+      echo ' .';
+      echo " exim4 (${exim_version}-2+deb9u3) stretch-security; urgency=high";
+      echo ' .';
+      echo '   * Non-maintainer upload by the Security Team.';
+      echo '   * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)';
+      echo 'Author: Salvatore Bonaccorso <carnil@debian.org>';
+      echo 'Bug-Debian: https://bugs.debian.org/890000';
+      echo '';
+      echo '---';
+      echo 'The information above should follow the Patch Tagging Guidelines, please';
+      echo 'checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here';
+      echo 'are templates for supplementary fields that you might want to add:';
+      echo '';
+      echo 'Origin: <vendor|upstream|other>, <url of original patch>';
+      echo 'Bug: <url in upstream bugtracker>';
+      echo 'Bug-Debian: https://bugs.debian.org/<bugnumber>';
+      echo 'Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>';
+      echo 'Forwarded: <no|not-needed|url proving that it has been forwarded>';
+      echo 'Reviewed-By: <name and email of someone who approved the patch>';
+      echo "Last-Update: $(date +%Y-%m-%d)";
+      echo '';
+      echo '--- /dev/null';
+      echo "+++ exim4-${exim_version}/Local/Makefile";
+      echo '@@ -0,0 +1,32 @@';
+      echo '+BIN_DIRECTORY=/usr/exim/bin';
+      echo '+CONFIGURE_FILE=/usr/exim/configure';
+      echo '+EXIM_USER=';
+      echo '+SPOOL_DIRECTORY=/var/spool/exim';
+      echo '+ROUTER_ACCEPT=yes';
+      echo '+ROUTER_DNSLOOKUP=yes';
+      echo '+ROUTER_IPLITERAL=yes';
+      echo '+ROUTER_MANUALROUTE=yes';
+      echo '+ROUTER_QUERYPROGRAM=yes';
+      echo '+ROUTER_REDIRECT=yes';
+      echo '+TRANSPORT_APPENDFILE=yes';
+      echo '+TRANSPORT_AUTOREPLY=yes';
+      echo '+TRANSPORT_PIPE=yes';
+      echo '+TRANSPORT_SMTP=yes';
+      echo '+LOOKUP_DBM=yes';
+      echo '+LOOKUP_LSEARCH=yes';
+      echo '+LOOKUP_DNSDB=yes';
+      echo '+PCRE_CONFIG=yes';
+      echo '+EXIM_MONITOR=eximon.bin';
+      echo '+FIXED_NEVER_USERS=root';
+      echo '+HEADERS_CHARSET="ISO-8859-1"';
+      echo '+DLOPEN_LOCAL_SCAN=yes';
+      echo '+LDFLAGS += -rdynamic';
+      echo '+CFLAGS += -fvisibility=hidden';
+      echo '+SYSLOG_LOG_PID=yes';
+      echo '+EXICYCLOG_MAX=10';
+      echo '+COMPRESS_COMMAND=/usr/bin/gzip';
+      echo '+COMPRESS_SUFFIX=gz';
+      echo '+ZCAT_COMMAND=/usr/bin/zcat';
+      echo '+SUPPORT_SOCKS=yes';
+      echo '+SYSTEM_ALIASES_FILE=/etc/aliases';
+      echo '+EXIM_TMPDIR="/tmp"'; } > debian/patches/SOCKS
+
     debuild -us -uc
     cd "$INSTALL_DIR/exim4" || exit 3468356
     mv exim4_${exim_version}-*.deb exim4_${exim_version}_all.deb
@@ -95,7 +152,9 @@ function rebuild_exim_with_socks {
         echo "exim4_${exim_version}_all.deb not found"
         exit 63857368
     fi
+    apt-mark -q unhold exim4
     dpkg -i exim4_${exim_version}_all.deb
+    apt-mark -q hold exim4
     apt-get -yq remove --purge at
 }
 
diff --git a/src/freedombone-utils-nodejs b/src/freedombone-utils-nodejs
index 96846900..ddc31c29 100755
--- a/src/freedombone-utils-nodejs
+++ b/src/freedombone-utils-nodejs
@@ -78,6 +78,7 @@ function mesh_install_nodejs {
     echo "deb https://deb.nodesource.com/node_6.x stretch main" > "$rootdir/etc/apt/sources.list.d/nodesource.list"
     echo "deb-src https://deb.nodesource.com/node_6.x stretch main" >> "$rootdir/etc/apt/sources.list.d/nodesource.list"
 
+    $mesh_install_nodejs_prefix apt-mark -q unhold nodejs
     $mesh_install_nodejs_prefix apt-get update
     $mesh_install_nodejs_prefix apt-get -yq remove --purge nodejs