Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2020-05-15 23:51:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Fri May 15 23:51:19 2020 rev:60 rq:802874 version:4.93.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2020-04-02
17:42:56.505376807 +0200
+++ /work/SRC/openSUSE:Factory/.exim.new.2738/exim.changes 2020-05-15
23:51:25.033440153 +0200
@@ -0,0 +1,30 @@
+Tue May 12 08:19:17 UTC 2020 - wullin...@rz.uni-kiel.de
+- bring changes from current in +fixes branch
+ (patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
+ * fixes CVE-2020-12783 (bsc#1171490)
+ * Regard command-line recipients as tainted.
+ * Bug 2489: Fix crash in the "pam" expansion condition.
+ * Use tainted buffers for the transport smtp context.
+ * Bug 2493: Harden ARC verify against Outlook, which has been seen to mix
+ the ordering of its ARC headers. This caused a crash.
+ * Bug 2492: Use tainted memory for retry record when needed. Previously when
+ a new record was being constructed with information from the peer, a trap
+ was taken.
+ * Bug 2494: Unset the default for dmarc_tld_file.
+ * Fix an uninitialised flag in early-pipelining. Previously connections
+ could, depending on the platform, hang at the STARTTLS response.
+ * Bug 2498: Reset a counter used for ARC verify before handling another
+ message on a connection. Previously if one message had ARC headers and
+ the following one did not, a crash could result when adding an
+ Authentication-Results: header.
+ * Bug 2500: Rewind some of the common-coding in string handling between the
+ Exim main code and Exim-related utities.
+ * Fix the variables set by the gsasl authenticator.
+ * Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
+ only retrieve the errormessage once.
+ * Bug 2501: Fix init call in the heimdal authenticator. Previously it
+ adjusted the size of a major service buffer; this failed because the
+ buffer was in use at the time. Change to a compile-time increase in the
+ buffer size, when this authenticator is compiled into exim.
+
+-------------------------------------------------------------------
New:
----
patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.gH5tDR/_old 2020-05-15 23:51:26.933443815 +0200
+++ /var/tmp/diff_new_pack.gH5tDR/_new 2020-05-15 23:51:26.937443822 +0200
@@ -73,7 +73,7 @@
Requires(pre): fileutils textutils
%endif
Version: 4.93.0.4
-Release: 2
+Release: 3
%if %{with_mysql}
BuildRequires: mysql-devel
%endif
@@ -102,6 +102,7 @@
Source40: exim.service
Patch0: exim-tail.patch
Patch1: gnu_printf.patch
+Patch2: patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -145,6 +146,7 @@
%setup -q -n exim-%{version}
%patch0
%patch1 -p1
+%patch2 -p1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 ++++++
++++ 1184 lines (skipped)
