Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2012-03-20 11:26:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2011-09-23 01:57:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-03-20 11:26:48.000000000 +0100 @@ -1,0 +2,94 @@ +Sat Mar 17 19:42:30 UTC 2012 - [email protected] + +- Disable format-security and missing-format-attribute warnings via CFLAGS on + pre-11.2 systems. + +------------------------------------------------------------------- +Wed Mar 7 16:13:51 UTC 2012 - [email protected] + +- Remove obsoleted Authors lines from spec file. + +------------------------------------------------------------------- +Wed Mar 7 15:33:12 UTC 2012 - [email protected] + +- update to 4.77 + - DKIM Verification: Fix relaxed canon for empty headers w/o + whitespace trailer + - Fix a couple more cases where we did not log the error message + when unlink() failed. See also change 4.74-TF/03. + - Make the exiwhat support code safe for signals. Previously Exim might + lock up or crash if it happened to be inside a call to libc when it + got a SIGUSR1 from exiwhat. + - The SIGUSR1 handler appends the current process status to the process + log which is later printed by exiwhat. It used to use the general + purpose logging code to do this, but several functions it calls are + not safe for signals. + - The new output code in the SIGUSR1 handler is specific to the process + log, and simple enough that it's easy to inspect for signal safety. + Removing some special cases also simplifies the general logging code. + Removing the spurious timestamps from the process log simplifies + exiwhat. + - Improved ratelimit ACL condition. + - Removed obsolete $Cambridge$ CVS revision strings. + - Removed a few PCRE remnants. + - Automatically extract Exim's version number from tags in the git + repository when doing development or release builds. + - Raise smtp_cmd_buffer_size to 16kB. + Bugzilla 879. Patch from Paul Fisher. + - Implement SSL-on-connect outbound with protocol=smtps on smtp transport. + Heavily based on revision 40f9a89a from Simon Arlott's tree. + Bugzilla 97. + - Use .dylib instead of .so for dynamic library loading on MacOS. + - Variable $av_failed, true if the AV scanner deferred. + Bugzilla 1078. Patch from John Horne. + - Stop make process more reliably on build failure. + Bugzilla 1087. Patch from Heiko Schlittermann. + - Make maildir_use_size_file an _expandable_ boolean. + Bugzilla 1089. Patch from Heiko Schlittermann. + - Handle ${run} returning more data than OS pipe buffer size. + Bugzilla 1131. Patch from Holger Weiß. + - Handle IPv6 addresses with SPF. + Bugzilla 860. Patch from Wolfgang Breyha. + - GnuTLS: support TLS 1.2 & 1.1. + Bugzilla 1156. + Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler]. + Bugzilla 1095. + - match_* no longer expand right-hand-side by default. + New compile-time build option, EXPAND_LISTMATCH_RHS. + New expansion conditions, "inlist", "inlisti". + - fix uninitialised greeting string from PP/03 (smtps client support). + - shell and compiler warnings fixes for RC1-RC4 changes. + - fix log_write() format string regression from TF/03. + Bugzilla 1152. Patch from Dmitry Isaikin. + +- update to 4.77 + - The new ldap_require_cert option would segfault if used. Fixed. + - Harmonised TLS library version reporting; only show if debugging. + Layout now matches that introduced for other libraries in 4.74 PP/03. + - New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 + - New "dns_use_edns0" global option. + - Don't segfault on misconfiguration of ref:name exim-user as uid. + Bugzilla 1098. + - Extra paranoia around buffer usage at the STARTTLS transition. + nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 + - Updated PolarSSL code to 0.14.2. + Bugzilla 1097. Patch from Andreas Metzler. + - Catch divide-by-zero in ${eval:...}. + Fixes bugzilla 1102. + - Condition negation of bool{}/bool_lax{} did not negate. Fixed. + Bugzilla 1104. + - Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a + format-string attack -- SECURITY: remote arbitrary code execution. + - SECURITY - DKIM signature header parsing was double-expanded, second + time unintentionally subject to list matching rules, letting the header + cause arbitrary Exim lookups (of items which can occur in lists, *not* + arbitrary string expansion). This allowed for information disclosure. + - Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to + INT_MIN/-1 -- value coerced to INT_MAX. + +------------------------------------------------------------------- +Wed Mar 7 14:58:55 UTC 2012 - [email protected] + +- Package /var/log/exim owned by user and group mail; (bnc#670711). + +------------------------------------------------------------------- Old: ---- 109066729a54f6ba5c4e8bc174133da33242e930.diff exim-4.75.tar.bz2 New: ---- exim-4.77.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.2qedqg/_old 2012-03-20 11:26:50.000000000 +0100 +++ /var/tmp/diff_new_pack.2qedqg/_new 2012-03-20 11:26:50.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,33 +15,36 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: exim -BuildRequires: db-devel openldap2-devel pcre-devel +BuildRequires: db-devel +BuildRequires: openldap2-devel +BuildRequires: pcre-devel %if %{?suse_version:1}%{?!suse_version:0} BuildRequires: tcpd-devel %if %suse_version > 910 BuildRequires: xorg-x11-devel %else -BuildRequires: XFree86-devel XFree86-libs +BuildRequires: XFree86-devel +BuildRequires: XFree86-libs %endif %else -BuildRequires: libXaw-devel libXext-devel libXt-devel openssl-devel tcp_wrappers xorg-x11-server-sdk +BuildRequires: libXaw-devel +BuildRequires: libXext-devel +BuildRequires: libXt-devel +BuildRequires: openssl-devel +BuildRequires: tcp_wrappers +BuildRequires: xorg-x11-server-sdk %endif Url: http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix -License: GPL-2.0+ -Group: Productivity/Networking/Email/Servers -AutoReqProv: on Provides: smtp_daemon %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800 Requires: logrotate PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif -Version: 4.75 -Release: 3 +Version: 4.77 +Release: 0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel Provides: exim = %version @@ -51,6 +54,8 @@ Provides: exim = %version %endif Summary: The Exim Mail Transfer Agent, a Replacement for sendmail +License: GPL-2.0+ +Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: exim-%{version}.tar.bz2 Source1: sysconfig.exim @@ -62,20 +67,19 @@ Source30: eximstats-html-update.py Source31: eximstats.conf Patch: exim-4.12-tail.patch -Patch1: 109066729a54f6ba5c4e8bc174133da33242e930.diff Patch2: format-security.diff %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %package -n eximon -License: GPL-2.0+ Summary: Eximon, an graphical frontend to administer Exim's mail queue Group: Productivity/Networking/Email/Servers %package -n eximstats-html -License: GPL-2.0+ Summary: Create HTML reports of exim logs Group: Productivity/Networking/Email/Servers -Requires: perl-GD perl-GDGraph perl-GDTextUtil +Requires: perl-GD +Requires: perl-GDGraph +Requires: perl-GDTextUtil %endif %description @@ -88,11 +92,6 @@ or senders, and for controlling mail relaying. - -Authors: --------- - Philip Hazel <[email protected]> - %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %description -n eximon @@ -102,11 +101,6 @@ header of mails. - -Authors: --------- - Philip Hazel <[email protected]> - %description -n eximstats-html If this package is installed alongside the exim MTA, and you enable EXIM_REPORT_WEEKLY_HTML in /etc/sysconfig/exim, logrotate/cron will @@ -120,23 +114,20 @@ once, if at all. The rest is done by logrotate / cron.) - -Authors: --------- - Philip Hazel <[email protected]> - %endif %prep %setup -q -n exim-%{version} %patch -%patch1 -p2 %patch2 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" pie="-pie" %endif +%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 1100 +CFLAGS_OPT_WERROR="-Werror=format-security -Werror=missing-format-attribute" +%endif cat <<-EOF > Local/Makefile # see src/EDITME for comments. BIN_DIRECTORY=/usr/sbin @@ -243,7 +234,7 @@ # SPOOL_MODE=0640 SUPPORT_MOVE_FROZEN_MESSAGES=yes HAVE_IPV6=YES - CFLAGS=$RPM_OPT_FLAGS -Wall -Werror=format-security -Werror=missing-format-attribute -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE + CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf @@ -398,7 +389,7 @@ /usr/sbin/sendmail /usr/lib/sendmail /var/adm/fillup-templates/sysconfig.exim -%dir %attr(750,root,mail) /var/log/exim +%dir %attr(750,mail,mail) /var/log/exim %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %files -n eximon ++++++ exim-4.12-tail.patch ++++++ --- /var/tmp/diff_new_pack.2qedqg/_old 2012-03-20 11:26:50.000000000 +0100 +++ /var/tmp/diff_new_pack.2qedqg/_new 2012-03-20 11:26:50.000000000 +0100 @@ -7,7 +7,7 @@ =================================================================== --- scripts/Configure-config.h.orig +++ scripts/Configure-config.h -@@ -48,7 +48,7 @@ fi +@@ -47,7 +47,7 @@ fi # Double-check that config.h is complete. ++++++ exim-4.75.tar.bz2 -> exim-4.77.tar.bz2 ++++++ ++++ 12565 lines of diff (skipped) ++++++ format-security.diff ++++++ --- /var/tmp/diff_new_pack.2qedqg/_old 2012-03-20 11:26:51.000000000 +0100 +++ /var/tmp/diff_new_pack.2qedqg/_new 2012-03-20 11:26:51.000000000 +0100 @@ -1,6 +1,8 @@ ---- exim_monitor/em_log.c +Index: exim_monitor/em_log.c +=================================================================== +--- exim_monitor/em_log.c.orig +++ exim_monitor/em_log.c -@@ -58,6 +58,8 @@ +@@ -56,6 +56,8 @@ static int scrolled = FALSE; static int size = 0; static int top = 0; @@ -9,7 +11,7 @@ static void show_log(char *s, ...) { int length, newtop; -@@ -364,7 +366,7 @@ +@@ -362,7 +364,7 @@ link count of zero on the currently open if (log_datestamping) { uschar log_file_wanted[256]; @@ -18,9 +20,11 @@ if (Ustrcmp(log_file_wanted, log_file_open) != 0) { if (LOG != NULL) ---- exim_monitor/em_main.c +Index: exim_monitor/em_main.c +=================================================================== +--- exim_monitor/em_main.c.orig +++ exim_monitor/em_main.c -@@ -656,7 +656,7 @@ +@@ -654,7 +654,7 @@ today.) */ if (log_file[0] != 0) { @@ -29,9 +33,11 @@ log_datestamping = string_datestamp_offset >= 0; LOG = fopen(CS log_file_open, "r"); ---- exim_monitor/em_text.c +Index: exim_monitor/em_text.c +=================================================================== +--- exim_monitor/em_text.c.orig +++ exim_monitor/em_text.c -@@ -60,6 +60,8 @@ +@@ -58,6 +58,8 @@ XawTextSetInsertionPoint(w, text_count); * Display text from format * *************************************************/ @@ -40,9 +46,11 @@ void text_showf(Widget w, char *s, ...) { va_list ap; ---- src/demime.c +Index: src/demime.c +=================================================================== +--- src/demime.c.orig +++ src/demime.c -@@ -823,7 +823,7 @@ +@@ -821,7 +821,7 @@ void mime_trigger_error(int level, uscha (void)string_vformat(US f, 16383,(char *)format, ap); va_end(ap); f-=22; @@ -51,30 +59,11 @@ /* then copy to demime_reason_buffer if new level is greater than old level */ if (level > demime_errorlevel) { ---- src/dkim.c -+++ src/dkim.c -@@ -176,7 +176,7 @@ - } - - logmsg[ptr] = '\0'; -- log_write(0, LOG_MAIN, (char *)logmsg); -+ log_write(0, LOG_MAIN, "%s", (char *)logmsg); - - /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ - dkim_signers = string_append(dkim_signers, ---- src/exim_dbutil.c -+++ src/exim_dbutil.c -@@ -59,6 +59,7 @@ - #include "dbstuff.h" - #include "osfunctions.h" - #include "store.h" -+#include "local_scan.h" - - - /* Identifiers for the different database types. */ ---- src/functions.h +Index: src/functions.h +=================================================================== +--- src/functions.h.orig +++ src/functions.h -@@ -82,7 +82,7 @@ +@@ -80,7 +80,7 @@ extern void decode_bits(unsigned int int, int, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); extern int deliver_message(uschar *, BOOL, BOOL); @@ -83,68 +72,70 @@ extern void deliver_set_expansions(address_item *); extern int deliver_split_address(address_item *); extern void deliver_succeeded(address_item *); -@@ -181,9 +181,9 @@ +@@ -180,9 +180,9 @@ extern int mime_regex(uschar **); extern uschar *moan_check_errorcopy(uschar *); extern BOOL moan_skipped_syntax_errors(uschar *, error_block *, uschar *, BOOL, uschar *); --extern void moan_smtp_batch(uschar *, char *, ...); -+extern void moan_smtp_batch(uschar *, char *, ...) PRINTF_FUNCTION(2,3); - extern void moan_tell_someone(uschar *, address_item *, uschar *, char *, -- ...); -+ ...) PRINTF_FUNCTION(4,5); +-extern void moan_smtp_batch(uschar *, const char *, ...); ++extern void moan_smtp_batch(uschar *, const char *, ...) PRINTF_FUNCTION(2,3); + extern void moan_tell_someone(uschar *, address_item *, +- const uschar *, const char *, ...); ++ const uschar *, const char *, ...) PRINTF_FUNCTION(4,5); extern BOOL moan_to_sender(int, error_block *, header_line *, FILE *, BOOL); extern void moan_write_from(FILE *); - extern FILE *modefopen(uschar *, char *, mode_t); -@@ -271,7 +271,7 @@ + extern FILE *modefopen(const uschar *, const char *, mode_t); +@@ -270,7 +270,7 @@ extern int search_findtype_partial(u int *); extern void *search_open(uschar *, int, int, uid_t *, gid_t *); extern void search_tidyup(void); --extern void set_process_info(char *, ...); -+extern void set_process_info(char *, ...) PRINTF_FUNCTION(1,2); +-extern void set_process_info(const char *, ...); ++extern void set_process_info(const char *, ...) PRINTF_FUNCTION(1,2); extern void sha1_end(sha1 *, const uschar *, int, uschar *); extern void sha1_mid(sha1 *, const uschar *); extern void sha1_start(sha1 *); -@@ -299,7 +299,7 @@ +@@ -298,7 +298,7 @@ extern int smtp_setup_msg(void); extern BOOL smtp_start_session(void); extern int smtp_ungetc(int); extern BOOL smtp_verify_helo(void); --extern int smtp_write_command(smtp_outblock *, BOOL, char *, ...); -+extern int smtp_write_command(smtp_outblock *, BOOL, char *, ...) PRINTF_FUNCTION(3,4); +-extern int smtp_write_command(smtp_outblock *, BOOL, const char *, ...); ++extern int smtp_write_command(smtp_outblock *, BOOL, const char *, ...) PRINTF_FUNCTION(3,4); #ifdef WITH_CONTENT_SCAN extern int spam(uschar **); extern FILE *spool_mbox(unsigned long *, uschar *); -@@ -321,13 +321,13 @@ +@@ -320,13 +320,13 @@ extern uschar *string_copy_malloc(uschar extern uschar *string_copylc(uschar *); extern uschar *string_copynlc(uschar *, int); extern uschar *string_dequote(uschar **); --extern BOOL string_format(uschar *, int, char *, ...); -+extern BOOL string_format(uschar *, int, char *, ...) PRINTF_FUNCTION(3,4); +-extern BOOL string_format(uschar *, int, const char *, ...); ++extern BOOL string_format(uschar *, int, const char *, ...) PRINTF_FUNCTION(3,4); extern uschar *string_format_size(int, uschar *); extern int string_interpret_escape(uschar **); extern int string_is_ip_address(uschar *, int *); extern uschar *string_log_address(address_item *, BOOL, BOOL); extern uschar *string_nextinlist(uschar **, int *, uschar *, int); --extern uschar *string_open_failed(int, char *, ...); -+extern uschar *string_open_failed(int, char *, ...) PRINTF_FUNCTION(2,3); +-extern uschar *string_open_failed(int, const char *, ...); ++extern uschar *string_open_failed(int, const char *, ...) PRINTF_FUNCTION(2,3); extern uschar *string_printing2(uschar *, BOOL); extern uschar *string_split_message(uschar *); - extern BOOL string_vformat(uschar *, int, char *, va_list); ---- src/local_scan.h + extern BOOL string_vformat(uschar *, int, const char *, va_list); +Index: src/local_scan.h +=================================================================== +--- src/local_scan.h.orig +++ src/local_scan.h -@@ -175,7 +175,7 @@ - extern void header_remove(int, uschar *); - extern BOOL header_testname(header_line *, uschar *, int, BOOL); - extern BOOL header_testname_incomplete(header_line *, uschar *, int, BOOL); --extern void log_write(unsigned int, int, char *format, ...); -+extern void log_write(unsigned int, int, char *format, ...) PRINTF_FUNCTION(3,4); +@@ -173,7 +173,7 @@ extern void header_add_at_position(BO + extern void header_remove(int, const uschar *); + extern BOOL header_testname(header_line *, const uschar *, int, BOOL); + extern BOOL header_testname_incomplete(header_line *, const uschar *, int, BOOL); +-extern void log_write(unsigned int, int, const char *format, ...); ++extern void log_write(unsigned int, int, const char *format, ...) PRINTF_FUNCTION(3,4); extern int lss_b64decode(uschar *, uschar **); extern uschar *lss_b64encode(uschar *, int); extern int lss_match_domain(uschar *, uschar *); -@@ -190,6 +190,6 @@ - extern void smtp_vprintf(char *, va_list); +@@ -188,6 +188,6 @@ extern void smtp_printf(const char *, + extern void smtp_vprintf(const char *, va_list); extern uschar *string_copy(uschar *); extern uschar *string_copyn(uschar *, int); --extern uschar *string_sprintf(char *, ...); -+extern uschar *string_sprintf(char *, ...) PRINTF_FUNCTION(1,2); +-extern uschar *string_sprintf(const char *, ...); ++extern uschar *string_sprintf(const char *, ...) PRINTF_FUNCTION(1,2); /* End of local_scan.h */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
