Hello community,
here is the log from the commit of package exim for openSUSE:Factory checked in
at 2016-03-07 13:26:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/exim (Old)
and /work/SRC/openSUSE:Factory/.exim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim"
Changes:
--------
--- /work/SRC/openSUSE:Factory/exim/exim.changes 2016-02-08
09:47:36.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2016-03-07
13:27:42.000000000 +0100
@@ -1,0 +2,13 @@
+Wed Mar 2 21:05:04 UTC 2016 - lmue...@suse.com
+
+- Update to 4.86.2
+ + Fix minor portability issues for *BSD and OS/X.
+
+-------------------------------------------------------------------
+Mon Feb 29 17:26:20 UTC 2016 - lmue...@suse.com
+
+- Update to 4.86.1
+ + Add support for keep_environment and add_environment options;
+ CVE-2016-1531; (boo#968844).
+
+-------------------------------------------------------------------
Old:
----
exim-4.86.tar.bz2
exim-4.86.tar.bz2.asc
New:
----
exim-4.86.2.tar.bz2
exim-4.86.2.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.s4fjPm/_old 2016-03-07 13:27:43.000000000 +0100
+++ /var/tmp/diff_new_pack.s4fjPm/_new 2016-03-07 13:27:43.000000000 +0100
@@ -54,7 +54,7 @@
Requires(pre): /usr/sbin/useradd
Requires(pre): fileutils textutils
%endif
-Version: 4.86
+Version: 4.86.2
Release: 0
%if %{with_mysql}
BuildRequires: mysql-devel
@@ -270,7 +270,8 @@
inst_conf=$RPM_BUILD_ROOT/etc/exim/exim.conf \
inst_info=$RPM_BUILD_ROOT/%{_infodir} \
INSTALL_ARG=-no_chown install
-mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
+#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
+mv $RPM_BUILD_ROOT/usr/sbin/exim-4.86* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all
substitutions done
%if 0%{?suse_version} > 1220
install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
++++++ exim-4.86.tar.bz2 -> exim-4.86.2.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/OS/Makefile-Base
new/exim-4.86.2/OS/Makefile-Base
--- old/exim-4.86/OS/Makefile-Base 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/OS/Makefile-Base 2016-03-02 18:27:51.000000000 +0100
@@ -317,6 +317,7 @@
rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \
route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \
std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \
+ environment.o \
$(OBJ_LOOKUPS) \
local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \
$(OBJ_WITH_OLD_DEMIME) $(OBJ_EXPERIMENTAL)
@@ -573,6 +574,7 @@
enq.o: $(HDRS) enq.c
exim.o: $(HDRS) exim.c
expand.o: $(HDRS) expand.c
+environment.o: $(HDRS) environment.c
filter.o: $(HDRS) filter.c
filtertest.o: $(HDRS) filtertest.c
globals.o: $(HDRS) globals.c
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/doc/ChangeLog new/exim-4.86.2/doc/ChangeLog
--- old/exim-4.86/doc/ChangeLog 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/doc/ChangeLog 2016-03-02 18:27:51.000000000 +0100
@@ -1,6 +1,14 @@
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.86.2
+-------------------
+Portability relase of 4.86.1
+
+Exim version 4.86.1
+-------------------
+HS/04 Add support for keep_environment and add_environment options.
+ This fixes CVE-2016-1531.
Exim version 4.86
-----------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/doc/exim.8 new/exim-4.86.2/doc/exim.8
--- old/exim-4.86/doc/exim.8 2015-07-26 14:42:05.000000000 +0200
+++ new/exim-4.86.2/doc/exim.8 2016-03-02 18:42:38.000000000 +0100
@@ -453,6 +453,10 @@
settings can be obtained by using \fBrouters\fP, \fBtransports\fP, or
\fBauthenticators\fP.
.sp
+If \fBenvironment\fP is given as an argument, the set of environment
+variables is output, line by line. Using the \fB\-n\fP flag supresses the
value of the
+variables.
+.sp
If invoked by an admin user, then \fBmacro\fP, \fBmacro_list\fP and
\fBmacros\fP
are available, similarly to the drivers. Because macros are sometimes used
for storing passwords, this option is restricted.
@@ -724,6 +728,8 @@
file that exists is used. Failure to open an existing file stops Exim from
proceeding any further along the list, and an error is generated.
.sp
+The file names need to be absolute names.
+.sp
When this option is used by a caller other than root, and the list is different
from the compiled\-in list, Exim gives up its root privilege immediately, and
runs with the real and effective uid and gid set to those of the caller.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/doc/filter.txt
new/exim-4.86.2/doc/filter.txt
--- old/exim-4.86/doc/filter.txt 2015-07-26 14:42:04.000000000 +0200
+++ new/exim-4.86.2/doc/filter.txt 2016-03-02 18:42:38.000000000 +0100
@@ -4,7 +4,7 @@
Copyright (c) 2014 University of Cambridge
-Revision 4.86 26 Jul 2015 PH
+Revision 4.86.2 02 Mar 2016 PH
-------------------------------------------------------------------------------
@@ -77,7 +77,7 @@
This document describes the user interfaces to Exim's in-built mail filtering
facilities, and is copyright (c) University of Cambridge 2014. It corresponds
-to Exim version 4.86.
+to Exim version 4.86.2.
1.1 Introduction
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/doc/spec.txt new/exim-4.86.2/doc/spec.txt
--- old/exim-4.86/doc/spec.txt 2015-07-26 14:42:04.000000000 +0200
+++ new/exim-4.86.2/doc/spec.txt 2016-03-02 18:42:37.000000000 +0100
@@ -4,7 +4,7 @@
Copyright (c) 2015 University of Cambridge
-Revision 4.86 26 Jul 2015 EM
+Revision 4.86.2 02 Mar 2016 EM
-------------------------------------------------------------------------------
@@ -657,7 +657,7 @@
1.1 Exim documentation
----------------------
-This edition of the Exim specification applies to version 4.86 of Exim.
+This edition of the Exim specification applies to version 4.86.2 of Exim.
Substantive changes from the 4.85 edition are marked in some renditions of the
document; this paragraph is so marked if the rendition is capable of showing a
change indicator.
@@ -1766,7 +1766,7 @@
Exim is distributed as a gzipped or bzipped tar file which, when unpacked,
creates a directory with the name of the current release (for example,
-exim-4.86) into which the following files are placed:
+exim-4.86.2) into which the following files are placed:
ACKNOWLEDGMENTS contains some acknowledgments
CHANGES contains a reference to where changes are documented
@@ -2373,7 +2373,7 @@
For the utility programs, old versions are renamed by adding the suffix .O to
their names. The Exim binary itself, however, is handled differently. It is
installed under a name that includes the version number and the compile number,
-for example exim-4.86-1. The script then arranges for a symbolic link called
+for example exim-4.86.2-1. The script then arranges for a symbolic link called
exim to point to the binary. If you are updating a previous version of Exim,
the script takes care to ensure that the name exim is never absent from the
directory (as seen by other processes).
@@ -3068,6 +3068,10 @@
authenticator_list, and a complete list of all drivers with their option
settings can be obtained by using routers, transports, or authenticators.
+ If environment is given as an argument, the set of environment variables is
+ output, line by line. Using the -n flag supresses the value of the
+ variables.
+
If invoked by an admin user, then macro, macro_list and macros are
available, similarly to the drivers. Because macros are sometimes used for
storing passwords, this option is restricted. The output format is one item
@@ -3356,6 +3360,8 @@
first file that exists is used. Failure to open an existing file stops Exim
from proceeding any further along the list, and an error is generated.
+ The file names need to be absolute names.
+
When this option is used by a caller other than root, and the list is
different from the compiled-in list, Exim gives up its root privilege
immediately, and runs with the real and effective uid and gid set to those
@@ -12625,6 +12631,14 @@
This option defines the ACL that is run when an SMTP VRFY command is received.
See chapter 43 for further details.
++----------------------------------------------------------+
+|add_environment|Use: main|Type: string list|Default: empty|
++----------------------------------------------------------+
+
+This option allows to set individual environment variables that the currently
+linked libraries and programs in child processes use. The default list is
+empty,
+
+--------------------------------------------------------+
|admin_groups|Use: main|Type: string list*|Default: unset|
+--------------------------------------------------------+
@@ -13702,6 +13716,29 @@
See ignore_fromline_hosts above.
++-----------------------------------------------------------+
+|keep_environment|Use: main|Type: string list|Default: unset|
++-----------------------------------------------------------+
+
+This option contains a string list of environment variables to keep. You have
+to trust these variables or you have to be sure that these variables do not
+impose any security risk. Keep in mind that during the startup phase Exim is
+running with an effective UID 0 in most installations. As the default value is
+an empty list, the default environment for using libraries, running embedded
+Perl code, or running external binaries is empty, and does not not even contain
+PATH or HOME.
+
+Actually the list is interpreted as a list of patterns (10.1), except that it
+is not expanded first.
+
+WARNING: Macro substitution is still done first, so having a macro FOO and
+having FOO_HOME in your keep_environment option may have unexpected results.
+You may work around this using a regular expression that does not match the
+macro name: ^[F]OO_HOME$.
+
+Current versions of Exim issue a warning during startupif you do not mention
+keep_environment or add_environment in your runtime configuration file.
+
+-----------------------------------------------+
|keep_malformed|Use: main|Type: time|Default: 4d|
+-----------------------------------------------+
@@ -14733,6 +14770,14 @@
sender_unqualified_hosts, or if the message was submitted locally (not using
TCP/IP), and the -bnq option was not set.
++----------------------------------------------------------+
+|set_environment|Use: main|Type: string list|Default: empty|
++----------------------------------------------------------+
+
+This option allows to set individual environment variables that the currently
+linked libraries and programs in child processes use. The default list is
+empty,
+
+--------------------------------------------------+
|slow_lookup_log|Use: main|Type: integer|Default: 0|
+--------------------------------------------------+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/scripts/MakeLinks
new/exim-4.86.2/scripts/MakeLinks
--- old/exim-4.86/scripts/MakeLinks 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/scripts/MakeLinks 2016-03-02 18:27:51.000000000 +0100
@@ -101,6 +101,7 @@
exim_dbutil.c exim_lock.c expand.c filter.c filtertest.c globals.c \
header.c host.c ip.c log.c lss.c match.c moan.c parse.c perl.c queue.c \
rda.c readconf.c receive.c retry.c rewrite.c rfc2047.c route.c search.c \
+ setenv.c environment.c \
sieve.c smtp_in.c smtp_out.c spool_in.c spool_out.c std-crypto.c store.c \
string.c tls.c tlscert-gnu.c tlscert-openssl.c tls-gnu.c tls-openssl.c \
tod.c transport.c tree.c verify.c version.c dkim.c dkim.h dmarc.c dmarc.h \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/cnumber.h new/exim-4.86.2/src/cnumber.h
--- old/exim-4.86/src/cnumber.h 2015-07-26 14:41:36.000000000 +0200
+++ new/exim-4.86.2/src/cnumber.h 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/environment.c
new/exim-4.86.2/src/environment.c
--- old/exim-4.86/src/environment.c 1970-01-01 01:00:00.000000000 +0100
+++ new/exim-4.86.2/src/environment.c 2016-03-02 18:27:51.000000000 +0100
@@ -0,0 +1,71 @@
+/*************************************************
+* Exim - an Internet mail transport agent *
+*************************************************/
+
+/* Copyright (c) Heiko Schlittermann 2016
+ * h...@schlittermann.de
+ * See the file NOTICE for conditions of use and distribution.
+ */
+
+#include "exim.h"
+
+extern char **environ;
+
+/* The cleanup_environment() function is used during the startup phase
+of the Exim process, right after reading the configurations main
+part, before any expansions take place. It retains the environment
+variables we trust (via the keep_environment option) and allows to
+set additional variables (via add_environment).
+
+Returns: TRUE if successful
+ FALSE otherwise
+*/
+
+BOOL
+cleanup_environment()
+{
+if (!keep_environment || *keep_environment == '\0')
+ {
+ /* From: https://github.com/dovecot/core/blob/master/src/lib/env-util.c#L55
+ Try to clear the environment.
+ a) environ = NULL crashes on OS X.
+ b) *environ = NULL doesn't work on FreeBSD 7.0.
+ c) environ = emptyenv doesn't work on Haiku OS
+ d) environ = calloc() should work everywhere */
+
+ if (environ) *environ = NULL;
+
+ }
+else if (Ustrcmp(keep_environment, "*") != 0)
+ {
+ uschar **p;
+ if (environ) for (p = USS environ; *p; /* see below */)
+ {
+ /* It's considered broken if we do not find the '=', according to
+ Florian Weimer. For now we ignore such strings. unsetenv() would complain,
+ getenv() would complain. */
+ uschar *eqp = Ustrchr(*p, '=');
+
+ if (eqp)
+ {
+ uschar *name = string_copyn(*p, eqp - *p);
+ if (OK != match_isinlist(name, CUSS &keep_environment,
+ 0, NULL, NULL, MCL_NOEXPAND, FALSE, NULL))
+ if (unsetenv(CS name) < 0) return FALSE;
+ else p = USS environ; /* RESTART from the beginning */
+ else p++;
+ store_reset(name);
+ }
+ }
+ }
+if (add_environment)
+ {
+ uschar *p;
+ int sep = 0;
+ const uschar* envlist = add_environment;
+ while ((p = string_nextinlist(&envlist, &sep, NULL, 0)))
+ putenv(CS p);
+ }
+
+ return TRUE;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/exim.c new/exim-4.86.2/src/exim.c
--- old/exim-4.86/src/exim.c 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/exim.c 2016-03-02 18:27:51.000000000 +0100
@@ -3723,8 +3723,19 @@
is a failure. It leaves the configuration file open so that the subsequent
configuration data for delivery can be read if needed. */
+/* To be safe: change the working directory to /. */
+if (Uchdir("/") < 0)
+ {
+ perror("exim: chdir `/': ");
+ exit(EXIT_FAILURE);
+ }
+
readconf_main();
+if (cleanup_environment() == FALSE)
+ log_write(0, LOG_PANIC_DIE, "Can't cleanup environment");
+
+
/* If an action on specific messages is requested, or if a daemon or queue
runner is being started, we need to know if Exim was called by an admin user.
This is the case if the real user is root or exim, or if the real group is
@@ -3881,7 +3892,7 @@
#ifdef TMPDIR
{
uschar **p;
- for (p = USS environ; *p != NULL; p++)
+ if (environ) for (p = USS environ; *p != NULL; p++)
{
if (Ustrncmp(*p, "TMPDIR=", 7) == 0 &&
Ustrcmp(*p+7, TMPDIR) != 0)
@@ -3921,10 +3932,10 @@
uschar **new;
uschar **newp;
int count = 0;
- while (*p++ != NULL) count++;
+ if (environ) while (*p++ != NULL) count++;
if (envtz == NULL) count++;
newp = new = malloc(sizeof(uschar *) * (count + 1));
- for (p = USS environ; *p != NULL; p++)
+ if (environ) for (p = USS environ; *p != NULL; p++)
{
if (Ustrncmp(*p, "TZ=", 3) == 0) continue;
*newp++ = *p;
@@ -4514,7 +4525,8 @@
(Ustrcmp(argv[i], "router") == 0 ||
Ustrcmp(argv[i], "transport") == 0 ||
Ustrcmp(argv[i], "authenticator") == 0 ||
- Ustrcmp(argv[i], "macro") == 0))
+ Ustrcmp(argv[i], "macro") == 0 ||
+ Ustrcmp(argv[i], "environment") == 0))
{
readconf_print(argv[i+1], argv[i], flag_n);
i++;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/functions.h
new/exim-4.86.2/src/functions.h
--- old/exim-4.86/src/functions.h 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/functions.h 2016-03-02 18:27:51.000000000 +0100
@@ -104,6 +104,7 @@
extern uschar **child_exec_exim(int, BOOL, int *, BOOL, int, ...);
extern pid_t child_open_uid(const uschar **, const uschar **, int,
uid_t *, gid_t *, int *, int *, uschar *, BOOL);
+extern BOOL cleanup_environment(void);
extern uschar *cutthrough_finaldot(void);
extern BOOL cutthrough_flush_send(void);
extern BOOL cutthrough_headers_send(void);
@@ -408,6 +409,7 @@
extern uschar *string_append_listele_n(uschar *, uschar, const uschar *,
unsigned);
extern uschar *string_base62(unsigned long int);
extern uschar *string_cat(uschar *, int *, int *, const uschar *, int);
+extern int string_compare_by_pointer(const void *, const void *);
extern uschar *string_copy_dnsdomain(uschar *);
extern uschar *string_copy_malloc(const uschar *);
extern uschar *string_copylc(const uschar *);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/globals.c new/exim-4.86.2/src/globals.c
--- old/exim-4.86/src/globals.c 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/globals.c 2016-03-02 18:27:51.000000000 +0100
@@ -320,6 +320,7 @@
BOOL active_local_sender_retain = FALSE;
int body_8bitmime = 0;
BOOL accept_8bitmime = TRUE; /* deliberately not RFC compliant */
+uschar *add_environment = NULL;
address_item *addr_duplicate = NULL;
address_item address_defaults = {
@@ -789,6 +790,8 @@
int journal_fd = -1;
+uschar *keep_environment = NULL;
+
int keep_malformed = 4*24*60*60; /* 4 days */
uschar *eldap_dn = NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/globals.h new/exim-4.86.2/src/globals.h
--- old/exim-4.86/src/globals.h 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/globals.h 2016-03-02 18:27:51.000000000 +0100
@@ -156,6 +156,7 @@
/* General global variables */
extern BOOL accept_8bitmime; /* Allow *BITMIME incoming */
+extern uschar *add_environment; /* List of environment variables to add
*/
extern int body_8bitmime; /* sender declared BODY= ; 7=7BIT,
8=8BITMIME */
extern header_line *acl_added_headers; /* Headers added by an ACL */
extern tree_node *acl_anchor; /* Tree of named ACLs */
@@ -512,6 +513,7 @@
extern int journal_fd; /* Fd for journal file */
+extern uschar *keep_environment; /* Whitelist for environment variables
*/
extern int keep_malformed; /* Time to keep malformed messages */
extern uschar *eldap_dn; /* Where LDAP DNs are left */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/readconf.c
new/exim-4.86.2/src/readconf.c
--- old/exim-4.86/src/readconf.c 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/readconf.c 2016-03-02 18:27:51.000000000 +0100
@@ -11,9 +11,12 @@
#include "exim.h"
+extern char **environ;
+
static void fn_smtp_receive_timeout(const uschar * name, const uschar * str);
+
#define CSTATE_STACK_SIZE 10
@@ -165,6 +168,7 @@
{ "acl_smtp_starttls", opt_stringptr, &acl_smtp_starttls },
#endif
{ "acl_smtp_vrfy", opt_stringptr, &acl_smtp_vrfy },
+ { "add_environment", opt_stringptr, &add_environment },
{ "admin_groups", opt_gidlist, &admin_groups },
{ "allow_domain_literals", opt_bool, &allow_domain_literals },
{ "allow_mx_to_ip", opt_bool, &allow_mx_to_ip },
@@ -279,6 +283,7 @@
{ "ignore_bounce_errors_after", opt_time, &ignore_bounce_errors_after },
{ "ignore_fromline_hosts", opt_stringptr, &ignore_fromline_hosts },
{ "ignore_fromline_local", opt_bool, &ignore_fromline_local },
+ { "keep_environment", opt_stringptr, &keep_environment },
{ "keep_malformed", opt_time, &keep_malformed },
#ifdef LOOKUP_LDAP
{ "ldap_ca_cert_dir", opt_stringptr, &eldap_ca_cert_dir },
@@ -2522,6 +2527,7 @@
macro_list print a list of macro names
+name print a named list item
local_scan print the local_scan options
+ environment print the used execution environment
If the second argument is not NULL, it must be one of "router", "transport",
"authenticator" or "macro" in which case the first argument identifies the
@@ -2663,6 +2669,25 @@
names_only = TRUE;
}
+ else if (Ustrcmp(name, "environment") == 0)
+ {
+ if (environ)
+ {
+ uschar **p;
+ size_t n;
+ for (p = USS environ; *p; p++) ;
+ n = p - USS environ;
+ qsort(environ, p - USS environ, sizeof(*p), string_compare_by_pointer);
+
+ for (p = USS environ; *p; p++)
+ {
+ if (no_labels) *(Ustrchr(*p, '=')) = '\0';
+ puts(*p);
+ }
+ }
+ return;
+ }
+
else
{
print_ol(find_option(name, optionlist_config, optionlist_config_size),
@@ -2976,6 +3001,15 @@
while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
!= NULL)
{
+
+ /* To avoid confusion: Exim changes to / at the very beginning and
+ * and to $spool_directory later. */
+ if (filename[0] != '/')
+ {
+ fprintf(stderr, "-C %s: only absolute names are allowed\n", filename);
+ exit(EXIT_FAILURE);
+ }
+
/* Cut out all the fancy processing unless specifically wanted */
#if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID)
@@ -3421,6 +3455,11 @@
" gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols"
" are obsolete\n");
#endif /*SUPPORT_TLS*/
+
+if ((!add_environment || *add_environment == '\0') && !keep_environment)
+ log_write(0, LOG_MAIN,
+ "WARNING: purging the environment.\n"
+ " Suggested action: use keep_environment and add_environment.\n");
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/string.c new/exim-4.86.2/src/string.c
--- old/exim-4.86/src/string.c 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/string.c 2016-03-02 18:27:51.000000000 +0100
@@ -1706,6 +1706,17 @@
#endif /* COMPILE_UTILITY */
+#ifndef COMPILE_UTILITY
+/* qsort(3), currently used to sort the environment variables
+for -bP environment output, needs a function to compare two pointers to string
+pointers. Here it is. */
+
+int
+string_compare_by_pointer(const void *a, const void *b)
+{
+return Ustrcmp(* CUSS a, * CUSS b);
+}
+#endif /* COMPILE_UTILITY */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/tls-openssl.c
new/exim-4.86.2/src/tls-openssl.c
--- old/exim-4.86/src/tls-openssl.c 2015-07-23 23:20:37.000000000 +0200
+++ new/exim-4.86.2/src/tls-openssl.c 2016-03-02 18:27:51.000000000 +0100
@@ -855,7 +855,7 @@
{
extern char ** environ;
uschar ** p;
- for (p = USS environ; *p != NULL; p++)
+ if (environ) for (p = USS environ; *p != NULL; p++)
if (Ustrncmp(*p, "EXIM_TESTHARNESS_DISABLE_OCSPVALIDITYCHECK", 42) == 0)
{
DEBUG(D_tls) debug_printf("Supplying known bad OCSP response\n");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/exim-4.86/src/version.sh
new/exim-4.86.2/src/version.sh
--- old/exim-4.86/src/version.sh 2015-07-26 14:41:36.000000000 +0200
+++ new/exim-4.86.2/src/version.sh 2016-03-02 18:42:00.000000000 +0100
@@ -1,4 +1,4 @@
-# automatically generated file - see ../scripts/reversion
-EXIM_RELEASE_VERSION="4.86"
-EXIM_VARIANT_VERSION=""
-EXIM_COMPILE_NUMBER="1"
+# initial version automatically generated from
release-process/scripts/mk_exim_release.pl
+EXIM_RELEASE_VERSION=4.86
+EXIM_VARIANT_VERSION=_2
+EXIM_COMPILE_NUMBER=0
++++++ exim.keyring ++++++
++++ 5899 lines (skipped)
++++ between exim.keyring
++++ and /work/SRC/openSUSE:Factory/.exim.new/exim.keyring
