Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2012-08-26 11:31:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim", Maintainer is "po...@novell.com" Changes: -------- --- /work/SRC/openSUSE:Factory/exim/exim.changes 2012-03-20 11:26:48.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-08-26 11:31:04.000000000 +0200 @@ -1,0 +2,97 @@ +Sun Aug 19 13:36:59 UTC 2012 - l...@samba.org + +- update to 4.80 + - Bugzilla 949 - Documentation tweak. + - Bugzilla 1093 - eximstats DATA reject detection regexps improved. + - Bugzilla 1169 - primary_hostname spelling was incorrect in docs. + - Implemented gsasl authenticator. + - Implemented heimdal_gssapi authenticator with "server_keytab" option. + - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use + `pkg-config foo` for cflags/libs. + - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent + with rest of GSASL and with heimdal_gssapi. + - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use + `pkg-config foo` for cflags/libs for the TLS implementation. + - New expansion variable $tls_bits; Cyrus SASL server connection + properties get this fed in as external SSF. A number of robustness + and debugging improvements to the cyrus_sasl authenticator. + - cyrus_sasl server now expands the server_realm option. + - Bugzilla 1214 - Log authentication information in reject log. + - Added dbmjz lookup type. + - Let heimdal_gssapi authenticator take a SASL message without an authzid. + - MAIL args handles TAB as well as SP, for better interop with + non-compliant senders. + - Bugzilla 1237 - fix cases where printf format usage not indicated. + - tls_peerdn now print-escaped for spool files. + Observed some $tls_peerdn in wild which contained \n, which resulted + in spool file corruption. + - TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" + values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read + or write after TLS renegotiation, which otherwise led to messages + "Got SSL error 2". + - Bugzilla 1239 - fix DKIM verification when signature was not inserted + as a tracking header (ie: a signed header comes before the signature). + - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a + comma-sep list; embedded commas doubled. + - Refactored ACL "verify =" logic to table-driven dispatch. + - LDAP: Check for errors of TLS initialisation, to give correct diagnostics. + - Removed "dont_insert_empty_fragments" fron "openssl_options". + Removed SSL_clear() after SSL_new() which led to protocol negotiation + failures. We appear to now support TLS1.1+ with Exim. + - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate + lets Exim select keys and certificates based upon TLS SNI from client. + Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly + before an outbound SMTP session. New log_selector, +tls_sni. + - Bugzilla 1122 - check localhost_number expansion for failure, avoid + NULL dereference. + - Revert part of NM/04, it broke log_path containing %D expansions. + Left warnings. Added "eximon gdb" invocation mode. + - Defaulting "accept_8bitmime" to true, not false. + - Added -bw for inetd wait mode support. + - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to + locate the relevant includes and libraries. Made this the default. + - Fixed headers_only on smtp transports (was not sending trailing dot). + Bugzilla 1246, report and most of solution from Tomasz Kusy. + - ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). + This may cause build issues on older platforms. + - Revamped GnuTLS support, passing tls_require_ciphers to + gnutls_priority_init, ignoring Exim options gnutls_require_kx, + gnutls_require_mac & gnutls_require_protocols (no longer supported). + Added SNI support via GnuTLS too. + Made ${randint:..} supplier available, if using not-too-old GnuTLS. + - Added EXPERIMENTAL_OCSP for OpenSSL. + - Applied dnsdb SPF support patch from Janne Snabb. + Applied second patch from Janne, implementing suggestion to default + multiple-strings-in-record handling to match SPF spec. + - Added expansion variable $tod_epoch_l for a higher-precision time. + - Fix DCC dcc_header content corruption (stack memory referenced, + read-only, out of scope). + Patch from Wolfgang Breyha, report from Stuart Northfield. + - Fix three issues highlighted by clang analyser static analysis. + Only crash-plausible issue would require the Cambridge-specific + iplookup router and a misconfiguration. + Report from Marcin Mirosław. + - Another attempt to deal with PCRE_PRERELEASE, this one less buggy. + - %D in printf continues to cause issues (-Wformat=security), so for + now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. + As part of this, removing so much warning spew let me fix some minor + real issues in debug logging. + - GnuTLS was always using default tls_require_ciphers, due to a missing + assignment on my part. Fixed. + - Added tls_dh_max_bits option, defaulting to current hard-coded limit + of NSS, for GnuTLS/NSS interop. + - Validate tls_require_ciphers on startup, since debugging an invalid + string otherwise requires a connection and a bunch more work and it's + relatively easy to get wrong. Should also expose TLS library linkage + problems. + - Pull in <features.h> on Linux, for some portability edge-cases of + 64-bit ${eval} (JH/03). + - Define _GNU_SOURCE in exim.h; it's needed for some releases of + protection layer was required, which is not implemented. Bugzilla 1254 + - Overhaul DH prime handling, supply RFC-specified DH primes as built + into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make + tls_dhparam take prime identifiers. Also unbreak combination of + OpenSSL+DH_params+TLSSNI. + - Disable SSLv2 by default in OpenSSL support. + +------------------------------------------------------------------- Old: ---- exim-4.12-tail.patch exim-4.77.tar.bz2 format-security.diff New: ---- exim-4.80.tar.bz2 exim-tail.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ --- /var/tmp/diff_new_pack.eDC56s/_old 2012-08-26 11:31:06.000000000 +0200 +++ /var/tmp/diff_new_pack.eDC56s/_new 2012-08-26 11:31:06.000000000 +0200 @@ -43,7 +43,7 @@ Requires: logrotate PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif -Version: 4.77 +Version: 4.80 Release: 0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel @@ -66,8 +66,7 @@ Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2 Source30: eximstats-html-update.py Source31: eximstats.conf -Patch: exim-4.12-tail.patch -Patch2: format-security.diff +Patch: exim-tail.patch %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %package -n eximon @@ -119,7 +118,6 @@ %prep %setup -q -n exim-%{version} %patch -%patch2 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" ++++++ exim-4.77.tar.bz2 -> exim-4.80.tar.bz2 ++++++ ++++ 18371 lines of diff (skipped) ++++++ exim-tail.patch ++++++ From: Ruediger Oertel <ro at suse dot de> Subject: fix deprecated tail call syntax (-1) Reported-Upstream: Yes Bugtracker: bugs.exim.org 1080 Index: scripts/Configure-config.h =================================================================== --- scripts/Configure-config.h.orig +++ scripts/Configure-config.h @@ -47,7 +47,7 @@ fi # Double-check that config.h is complete. -if [ "`tail -1 config.h`" != "/* End of config.h */" ] ; then +if [ "`tail -n 1 config.h`" != "/* End of config.h */" ] ; then echo "*** config.h appears to be incomplete" echo "*** unexpected failure in buildconfig program" exit 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org