Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-05-15 23:51:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim" Fri May 15 23:51:19 2020 rev:60 rq:802874 version:4.93.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2020-04-02 17:42:56.505376807 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.2738/exim.changes 2020-05-15 23:51:25.033440153 +0200 @@ -0,0 +1,30 @@ +Tue May 12 08:19:17 UTC 2020 - wullin...@rz.uni-kiel.de +- bring changes from current in +fixes branch + (patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94) + * fixes CVE-2020-12783 (bsc#1171490) + * Regard command-line recipients as tainted. + * Bug 2489: Fix crash in the "pam" expansion condition. + * Use tainted buffers for the transport smtp context. + * Bug 2493: Harden ARC verify against Outlook, which has been seen to mix + the ordering of its ARC headers. This caused a crash. + * Bug 2492: Use tainted memory for retry record when needed. Previously when + a new record was being constructed with information from the peer, a trap + was taken. + * Bug 2494: Unset the default for dmarc_tld_file. + * Fix an uninitialised flag in early-pipelining. Previously connections + could, depending on the platform, hang at the STARTTLS response. + * Bug 2498: Reset a counter used for ARC verify before handling another + message on a connection. Previously if one message had ARC headers and + the following one did not, a crash could result when adding an + Authentication-Results: header. + * Bug 2500: Rewind some of the common-coding in string handling between the + Exim main code and Exim-related utities. + * Fix the variables set by the gsasl authenticator. + * Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, + only retrieve the errormessage once. + * Bug 2501: Fix init call in the heimdal authenticator. Previously it + adjusted the size of a major service buffer; this failed because the + buffer was in use at the time. Change to a compile-time increase in the + buffer size, when this authenticator is compiled into exim. + +------------------------------------------------------------------- New: ---- patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.gH5tDR/_old 2020-05-15 23:51:26.933443815 +0200 +++ /var/tmp/diff_new_pack.gH5tDR/_new 2020-05-15 23:51:26.937443822 +0200 @@ -73,7 +73,7 @@ Requires(pre): fileutils textutils %endif Version: 4.93.0.4 -Release: 2 +Release: 3 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -102,6 +102,7 @@ Source40: exim.service Patch0: exim-tail.patch Patch1: gnu_printf.patch +Patch2: patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -145,6 +146,7 @@ %setup -q -n exim-%{version} %patch0 %patch1 -p1 +%patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" ++++++ patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 ++++++ ++++ 1184 lines (skipped)