Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2012-08-26 11:31:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim", Maintainer is "po...@novell.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2012-03-20
11:26:48.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-08-26
11:31:04.000000000 +0200
@@ -1,0 +2,97 @@
+Sun Aug 19 13:36:59 UTC 2012 - l...@samba.org
+
+- update to 4.80
+ - Bugzilla 949 - Documentation tweak.
+ - Bugzilla 1093 - eximstats DATA reject detection regexps improved.
+ - Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
+ - Implemented gsasl authenticator.
+ - Implemented heimdal_gssapi authenticator with "server_keytab" option.
+ - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
+ `pkg-config foo` for cflags/libs.
+ - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
+ with rest of GSASL and with heimdal_gssapi.
+ - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
+ `pkg-config foo` for cflags/libs for the TLS implementation.
+ - New expansion variable $tls_bits; Cyrus SASL server connection
+ properties get this fed in as external SSF. A number of robustness
+ and debugging improvements to the cyrus_sasl authenticator.
+ - cyrus_sasl server now expands the server_realm option.
+ - Bugzilla 1214 - Log authentication information in reject log.
+ - Added dbmjz lookup type.
+ - Let heimdal_gssapi authenticator take a SASL message without an authzid.
+ - MAIL args handles TAB as well as SP, for better interop with
+ non-compliant senders.
+ - Bugzilla 1237 - fix cases where printf format usage not indicated.
+ - tls_peerdn now print-escaped for spool files.
+ Observed some $tls_peerdn in wild which contained \n, which resulted
+ in spool file corruption.
+ - TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
+ values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
+ or write after TLS renegotiation, which otherwise led to messages
+ "Got SSL error 2".
+ - Bugzilla 1239 - fix DKIM verification when signature was not inserted
+ as a tracking header (ie: a signed header comes before the signature).
+ - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
+ comma-sep list; embedded commas doubled.
+ - Refactored ACL "verify =" logic to table-driven dispatch.
+ - LDAP: Check for errors of TLS initialisation, to give correct diagnostics.
+ - Removed "dont_insert_empty_fragments" fron "openssl_options".
+ Removed SSL_clear() after SSL_new() which led to protocol negotiation
+ failures. We appear to now support TLS1.1+ with Exim.
+ - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
+ lets Exim select keys and certificates based upon TLS SNI from client.
+ Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly
+ before an outbound SMTP session. New log_selector, +tls_sni.
+ - Bugzilla 1122 - check localhost_number expansion for failure, avoid
+ NULL dereference.
+ - Revert part of NM/04, it broke log_path containing %D expansions.
+ Left warnings. Added "eximon gdb" invocation mode.
+ - Defaulting "accept_8bitmime" to true, not false.
+ - Added -bw for inetd wait mode support.
+ - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
+ locate the relevant includes and libraries. Made this the default.
+ - Fixed headers_only on smtp transports (was not sending trailing dot).
+ Bugzilla 1246, report and most of solution from Tomasz Kusy.
+ - ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
+ This may cause build issues on older platforms.
+ - Revamped GnuTLS support, passing tls_require_ciphers to
+ gnutls_priority_init, ignoring Exim options gnutls_require_kx,
+ gnutls_require_mac & gnutls_require_protocols (no longer supported).
+ Added SNI support via GnuTLS too.
+ Made ${randint:..} supplier available, if using not-too-old GnuTLS.
+ - Added EXPERIMENTAL_OCSP for OpenSSL.
+ - Applied dnsdb SPF support patch from Janne Snabb.
+ Applied second patch from Janne, implementing suggestion to default
+ multiple-strings-in-record handling to match SPF spec.
+ - Added expansion variable $tod_epoch_l for a higher-precision time.
+ - Fix DCC dcc_header content corruption (stack memory referenced,
+ read-only, out of scope).
+ Patch from Wolfgang Breyha, report from Stuart Northfield.
+ - Fix three issues highlighted by clang analyser static analysis.
+ Only crash-plausible issue would require the Cambridge-specific
+ iplookup router and a misconfiguration.
+ Report from Marcin Mirosław.
+ - Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
+ - %D in printf continues to cause issues (-Wformat=security), so for
+ now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
+ As part of this, removing so much warning spew let me fix some minor
+ real issues in debug logging.
+ - GnuTLS was always using default tls_require_ciphers, due to a missing
+ assignment on my part. Fixed.
+ - Added tls_dh_max_bits option, defaulting to current hard-coded limit
+ of NSS, for GnuTLS/NSS interop.
+ - Validate tls_require_ciphers on startup, since debugging an invalid
+ string otherwise requires a connection and a bunch more work and it's
+ relatively easy to get wrong. Should also expose TLS library linkage
+ problems.
+ - Pull in <features.h> on Linux, for some portability edge-cases of
+ 64-bit ${eval} (JH/03).
+ - Define _GNU_SOURCE in exim.h; it's needed for some releases of
+ protection layer was required, which is not implemented. Bugzilla 1254
+ - Overhaul DH prime handling, supply RFC-specified DH primes as built
+ into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make
+ tls_dhparam take prime identifiers. Also unbreak combination of
+ OpenSSL+DH_params+TLSSNI.
+ - Disable SSLv2 by default in OpenSSL support.
+
+-------------------------------------------------------------------
Old:
----
exim-4.12-tail.patch
exim-4.77.tar.bz2
format-security.diff
New:
----
exim-4.80.tar.bz2
exim-tail.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.eDC56s/_old 2012-08-26 11:31:06.000000000 +0200
+++ /var/tmp/diff_new_pack.eDC56s/_new 2012-08-26 11:31:06.000000000 +0200
@@ -43,7 +43,7 @@
Requires: logrotate
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils
textutils
%endif
-Version: 4.77
+Version: 4.80
Release: 0
%if %{?build_with_mysql:1}0
BuildRequires: mysql-devel
@@ -66,8 +66,7 @@
Source20:
http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2
Source30: eximstats-html-update.py
Source31: eximstats.conf
-Patch: exim-4.12-tail.patch
-Patch2: format-security.diff
+Patch: exim-tail.patch
%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0
%package -n eximon
@@ -119,7 +118,6 @@
%prep
%setup -q -n exim-%{version}
%patch
-%patch2
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ exim-4.77.tar.bz2 -> exim-4.80.tar.bz2 ++++++
++++ 18371 lines of diff (skipped)
++++++ exim-tail.patch ++++++
From: Ruediger Oertel <ro at suse dot de>
Subject: fix deprecated tail call syntax (-1)
Reported-Upstream: Yes
Bugtracker: bugs.exim.org 1080
Index: scripts/Configure-config.h
===================================================================
--- scripts/Configure-config.h.orig
+++ scripts/Configure-config.h
@@ -47,7 +47,7 @@ fi
# Double-check that config.h is complete.
-if [ "`tail -1 config.h`" != "/* End of config.h */" ] ; then
+if [ "`tail -n 1 config.h`" != "/* End of config.h */" ] ; then
echo "*** config.h appears to be incomplete"
echo "*** unexpected failure in buildconfig program"
exit 1
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
