commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-08-25 09:32:40 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.3399 (New) Package is "exim" Tue Aug 25 09:32:40 2020 rev:64 rq:828909 version:4.94 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-06-09 00:09:28.802314148 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.3399/exim.changes 2020-08-25 09:34:25.816059300 +0200 @@ -0,0 +1,5 @@ +Mon Aug 24 11:13:55 CEST 2020 - wullin...@rz.uni-kiel.de + +- bring back missing exim_db.8 manual page + (fixes bsc#1173693) + New: exim_db.8.gz Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.SRI0hj/_old 2020-08-25 09:34:34.532064386 +0200 +++ /var/tmp/diff_new_pack.SRI0hj/_new 2020-08-25 09:34:34.540064390 +0200 @@ -100,6 +100,7 @@ Source31: eximstats.conf Source32: eximstats.conf-2.2 Source40: exim.service +Source41: exim_db.8.gz Patch0: exim-tail.patch Patch1: gnu_printf.patch Patch2: patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99 @@ -346,6 +347,8 @@ install -m 0644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim # man pages mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ +cp $RPM_SOURCE_DIR/exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8 +gunzip $RPM_BUILD_ROOT/%{_mandir}/man8/exim_db.8.gz pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8 for i in \ sendmail \
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-06-09 00:07:17 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.3606 (New) Package is "exim" Tue Jun 9 00:07:17 2020 rev:63 rq:812519 version:4.94 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-06-03 20:35:19.437699474 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.3606/exim.changes 2020-06-09 00:09:28.802314148 +0200 @@ -0,0 +1,21 @@ +Mon Jun 8 11:24:08 CEST 2020 - wullin...@rz.uni-kiel.de + +- bring in changes from current +fixes (lots of taint check fixes) + * Bug 1329: Fix format of Maildir-format filenames to match other mail- +related applications. Previously an "H" was used where available info +says that "M" should be, so change to match. + + * Bug 2587: Fix pam expansion condition. Tainted values are commonly used +as arguments, so an implementation trying to copy these into a local +buffer was taking a taint-enforcement trap. Fix by using dynamically +created buffers. + + * Bug 2586: Fix listcount expansion operator. Using tainted arguments is +reasonable, eg. to count headers. Fix by using dynamically created +buffers rather than a local. Do similar fixes for ACL actions "dcc", +"log_reject_target", "malware" and "spam"; the arguments are expanded +so could be handling tainted values. + * Bug 2590: Fix -bi (newaliases). A previous code rearrangement had +broken the (no-op) support for this sendmail command. Restore it +to doing nothing, silently, and returning good status. + New: patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99 Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.rR5tPX/_old 2020-06-09 00:09:31.474322348 +0200 +++ /var/tmp/diff_new_pack.rR5tPX/_new 2020-06-09 00:09:31.478322361 +0200 @@ -73,7 +73,7 @@ Requires(pre): fileutils textutils %endif Version:4.94 -Release:1 +Release:2 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -102,6 +102,7 @@ Source40: exim.service Patch0: exim-tail.patch Patch1: gnu_printf.patch +Patch2: patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99 %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -145,6 +146,7 @@ %setup -q -n exim-%{version} %patch0 %patch1 -p1 +%patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" ++ patch-exim-4.94+fixes-0e8319c3edebfec2158fbaa4898af27cb3225c99 ++ diff -ru a/README.UPDATING b/README.UPDATING --- a/README.UPDATING 2020-05-30 22:35:38.0 +0200 +++ b/README.UPDATING 2020-06-08 10:36:12.136106000 +0200 @@ -31,9 +31,9 @@ Some Transports now refuse to use tainted data in constructing their delivery location; this WILL BREAK configurations which are not updated accordingly. -In particular: any Transport use of $local_user which has been relying upon +In particular: any Transport use of $local_part which has been relying upon check_local_user far away in the Router to make it safe, should be updated to -replace $local_user with $local_part_data. +replace $local_part with $local_part_data. Attempting to remove, in router or transport, a header name that ends with an asterisk (which is a standards-legal name) will now result in all headers diff -ru a/src/acl.c b/src/acl.c --- a/src/acl.c 2020-05-30 22:35:38.0 +0200 +++ b/src/acl.c 2020-06-08 10:36:13.865973000 +0200 @@ -3349,11 +3349,11 @@ { /* Separate the regular expression and any optional parameters. */ const uschar * list = arg; - uschar *ss = string_nextinlist(, , big_buffer, big_buffer_size); + uschar *ss = string_nextinlist(, , NULL, 0); /* Run the dcc backend. */ rc = dcc_process(); /* Modify return code based upon the existence of options. */ - while ((ss = string_nextinlist(, , big_buffer, big_buffer_size))) + while ((ss = string_nextinlist(, , NULL, 0))) if (strcmpic(ss, US"defer_ok") == 0 && rc == DEFER) rc = FAIL; /* FAIL so that the message is passed to the next ACL */ } @@ -3514,7 +3514,7 @@ int sep = 0; const uschar *s = arg; uschar * ss; - while ((ss = string_nextinlist(, , big_buffer, big_buffer_size))) + while ((ss = string_nextinlist(, , NULL, 0))) { if (Ustrcmp(ss, "main") == 0) logbits |= LOG_MAIN; else if (Ustrcmp(ss, "panic") == 0) logbits |= LOG_PANIC; @@ -3567,7 +3567,7 @@ { /* Separate
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-06-03 20:34:42 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.3606 (New) Package is "exim" Wed Jun 3 20:34:42 2020 rev:62 rq:810991 version:4.94 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-05-20 18:45:33.121294421 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.3606/exim.changes 2020-06-03 20:35:19.437699474 +0200 @@ -0,0 +1,14 @@ +Tue Jun 2 07:12:55 CEST 2020 - wullin...@rz.uni-kiel.de + +- update to exim 4.94 + * some transports now refuse to use tainted data in constructing their delivery +location +this WILL BREAK configurations which are not updated accordingly. +In particular: any Transport use of $local_user which has been relying upon +check_local_user far away in the Router to make it safe, should be updated to +replace $local_user with $local_part_data. + * Attempting to remove, in router or transport, a header name that ends with +an asterisk (which is a standards-legal name) will now result in all headers +named starting with the string before the asterisk being removed. + +--- Old: exim-4.93.0.4.tar.bz2 exim-4.93.0.4.tar.bz2.asc patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 New: exim-4.94.tar.bz2 exim-4.94.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.V6BqyU/_old 2020-06-03 20:35:21.557706120 +0200 +++ /var/tmp/diff_new_pack.V6BqyU/_new 2020-06-03 20:35:21.561706132 +0200 @@ -72,8 +72,8 @@ %endif Requires(pre): fileutils textutils %endif -Version:4.93.0.4 -Release:4 +Version:4.94 +Release:1 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -87,8 +87,8 @@ License:GPL-2.0-or-later Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source: http://ftp.exim.org/pub/exim/exim4/fixes/exim-%{version}.tar.bz2 -Source3: http://ftp.exim.org/pub/exim/exim4/fixes/exim-%{version}.tar.bz2.asc +Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 +Source3:http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc Source4:exim.keyring Source1:sysconfig.exim @@ -102,7 +102,6 @@ Source40: exim.service Patch0: exim-tail.patch Patch1: gnu_printf.patch -Patch2: patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -146,7 +145,6 @@ %setup -q -n exim-%{version} %patch0 %patch1 -p1 -%patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" @@ -227,7 +225,6 @@ AUTH_TLS=yes AUTH_LIBS=-lsasl2 USE_OPENSSL=yes - SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto INFO_DIRECTORY=%{_infodir} LOG_FILE_PATH=/var/log/exim/%%s.log ++ exim-4.93.0.4.tar.bz2 -> exim-4.94.tar.bz2 ++ 30964 lines of diff (skipped)
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-05-20 18:44:42 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.2738 (New) Package is "exim" Wed May 20 18:44:42 2020 rev:61 rq:807583 version:4.93.0.4 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-05-15 23:51:25.033440153 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.2738/exim.changes 2020-05-20 18:45:33.121294421 +0200 @@ -0,0 +1,5 @@ +Tue May 19 13:47:05 CEST 2020 - wullin...@rz.uni-kiel.de +- switch pretrans to use lua + (fixes bsc#1171877) + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.KTZxQv/_old 2020-05-20 18:45:34.113296650 +0200 +++ /var/tmp/diff_new_pack.KTZxQv/_new 2020-05-20 18:45:34.117296659 +0200 @@ -73,7 +73,7 @@ Requires(pre): fileutils textutils %endif Version:4.93.0.4 -Release:3 +Release:4 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -382,20 +382,22 @@ # apparmor profile install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/usr/share/apparmor/extra-profiles/usr.sbin.exim -%pretrans -if [ -d "%{_docdir}/%{name}/doc/cve-2019-13917" ]; then -moved_suffix="" -moved_index="" -while [ -d "%{_docdir}/%{name}/doc/cve-2019-13917.rpmmoved${moved_suffix}${moved_index}" ]; do -if [ -z "${moved_suffix}" ]; then -moved_suffix="." -moved_index="0" -else -moved_index=$((${moved_index} + 1)) -fi -done - mv "%{_docdir}/%{name}/doc/cve-2019-13917" "%{_docdir}/%{name}/doc/cve-2019-13917.rpmmoved${moved_suffix}${moved_index}" -fi +%pretrans -p +docdir = rpm.expand('%{_docdir}') +pkgname = rpm.expand('%{name}') +path = docdir .. '/' .. pkgname .. '/doc/cve-2019-13917' +st = posix.stat(path) +if st and st.type == "directory" then + status = os.rename(path, path .. ".rpmmoved") + if not status then +suffix = 0 +while not status do + suffix = suffix + 1 + status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix) +end +os.rename(path, path .. ".rpmmoved") + end +end %pre %if 0%{?suse_version} > 1220
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-05-15 23:51:19 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.2738 (New) Package is "exim" Fri May 15 23:51:19 2020 rev:60 rq:802874 version:4.93.0.4 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-04-02 17:42:56.505376807 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.2738/exim.changes 2020-05-15 23:51:25.033440153 +0200 @@ -0,0 +1,30 @@ +Tue May 12 08:19:17 UTC 2020 - wullin...@rz.uni-kiel.de +- bring changes from current in +fixes branch + (patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94) + * fixes CVE-2020-12783 (bsc#1171490) + * Regard command-line recipients as tainted. + * Bug 2489: Fix crash in the "pam" expansion condition. + * Use tainted buffers for the transport smtp context. + * Bug 2493: Harden ARC verify against Outlook, which has been seen to mix +the ordering of its ARC headers. This caused a crash. + * Bug 2492: Use tainted memory for retry record when needed. Previously when +a new record was being constructed with information from the peer, a trap +was taken. + * Bug 2494: Unset the default for dmarc_tld_file. + * Fix an uninitialised flag in early-pipelining. Previously connections +could, depending on the platform, hang at the STARTTLS response. + * Bug 2498: Reset a counter used for ARC verify before handling another +message on a connection. Previously if one message had ARC headers and +the following one did not, a crash could result when adding an +Authentication-Results: header. + * Bug 2500: Rewind some of the common-coding in string handling between the +Exim main code and Exim-related utities. + * Fix the variables set by the gsasl authenticator. + * Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, +only retrieve the errormessage once. + * Bug 2501: Fix init call in the heimdal authenticator. Previously it +adjusted the size of a major service buffer; this failed because the +buffer was in use at the time. Change to a compile-time increase in the +buffer size, when this authenticator is compiled into exim. + +--- New: patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.gH5tDR/_old 2020-05-15 23:51:26.933443815 +0200 +++ /var/tmp/diff_new_pack.gH5tDR/_new 2020-05-15 23:51:26.937443822 +0200 @@ -73,7 +73,7 @@ Requires(pre): fileutils textutils %endif Version:4.93.0.4 -Release:2 +Release:3 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -102,6 +102,7 @@ Source40: exim.service Patch0: exim-tail.patch Patch1: gnu_printf.patch +Patch2: patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -145,6 +146,7 @@ %setup -q -n exim-%{version} %patch0 %patch1 -p1 +%patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" ++ patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94 ++ 1184 lines (skipped)
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-04-02 17:42:55 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.3248 (New) Package is "exim" Thu Apr 2 17:42:55 2020 rev:59 rq:790806 version:4.93.0.4 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-04-01 19:20:24.607587044 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.3248/exim.changes 2020-04-02 17:42:56.505376807 +0200 @@ -2,0 +3,2 @@ + * fixes CVE-2020-8015 (bsc#1154183) + Other differences: --
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-04-01 19:20:17 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.3248 (New) Package is "exim" Wed Apr 1 19:20:17 2020 rev:58 rq:790598 version:4.93.0.4 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-01-13 22:21:21.138513440 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new.3248/exim.changes 2020-04-01 19:20:24.607587044 +0200 @@ -0,0 +1,2 @@ +Wed Apr 1 12:52:10 UTC 2020 - wullin...@rz.uni-kiel.de +- don't create logfiles during install Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.khQHat/_old 2020-04-01 19:20:26.199587761 +0200 +++ /var/tmp/diff_new_pack.khQHat/_new 2020-04-01 19:20:26.203587762 +0200 @@ -73,7 +73,7 @@ Requires(pre): fileutils textutils %endif Version:4.93.0.4 -Release:1 +Release:2 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -415,10 +415,6 @@ echo copying default config file to /etc/exim/exim.conf fi fi -# create logfiles if missing -for i in var/log/exim/main.log var/log/exim/panic.log var/log/exim/reject.log; do - if ! test -e $i; then touch $i; chown mail:mail $i; chmod 640 $i ; fi -done %if 0%{?suse_version} > 1220 %{fillup_only} %service_add_post exim.service
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-01-13 22:21:13 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.6675 (New) Package is "exim" Mon Jan 13 22:21:13 2020 rev:57 rq:763789 version:4.93.0.4 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-01-07 23:53:57.256050023 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new.6675/exim.changes 2020-01-13 22:21:21.138513440 +0100 @@ -1,0 +2,4 @@ +Mon Jan 13 08:48:53 CET 2020 - wullin...@rz.uni-kiel.de +- add a spec-file workaround for bsc#1160726 + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.XxKroM/_old 2020-01-13 22:21:21.978513830 +0100 +++ /var/tmp/diff_new_pack.XxKroM/_new 2020-01-13 22:21:21.978513830 +0100 @@ -73,7 +73,7 @@ Requires(pre): fileutils textutils %endif Version:4.93.0.4 -Release:0 +Release:1 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -300,7 +300,6 @@ make %install -mkdir -p "$RPM_BUILD_ROOT/%{_docdir}/%{name}" %if 0%{?suse_version} > 1220 mkdir -p $RPM_BUILD_ROOT/%{_unitdir} %else @@ -381,6 +380,21 @@ # apparmor profile install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/usr/share/apparmor/extra-profiles/usr.sbin.exim +%pretrans +if [ -d "%{_docdir}/%{name}/doc/cve-2019-13917" ]; then +moved_suffix="" +moved_index="" +while [ -d "%{_docdir}/%{name}/doc/cve-2019-13917.rpmmoved${moved_suffix}${moved_index}" ]; do +if [ -z "${moved_suffix}" ]; then +moved_suffix="." +moved_index="0" +else +moved_index=$((${moved_index} + 1)) +fi +done + mv "%{_docdir}/%{name}/doc/cve-2019-13917" "%{_docdir}/%{name}/doc/cve-2019-13917.rpmmoved${moved_suffix}${moved_index}" +fi + %pre %if 0%{?suse_version} > 1220 %service_add_pre exim.service @@ -437,6 +451,7 @@ %files %defattr(-,root,root) +%ghost %{_docdir}/%{name}/doc/cve-2019-13917.rpmmoved %doc ACKNOWLEDGMENTS CHANGES LICENCE NOTICE README.UPDATING README %doc doc %doc src/configure.default @@ -475,7 +490,6 @@ /usr/lib/sendmail %{_fillupdir}/sysconfig.exim %dir %attr(750,mail,mail) /var/log/exim -%dir %{_docdir}/%{name} %files -n eximon %defattr(-,root,root)
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-01-07 23:53:26 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.6675 (New) Package is "exim" Tue Jan 7 23:53:26 2020 rev:56 rq:761361 version:4.93.0.4 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2020-01-02 14:43:02.472952099 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new.6675/exim.changes 2020-01-07 23:53:57.256050023 +0100 @@ -1,0 +2,58 @@ +Tue Jan 7 07:50:35 CET 2020 - wullin...@rz.uni-kiel.de + +- update to exim 4.93.0.4 (+fixes release) + * Avoid costly startup code when not strictly needed. This reduces time +for some exim process initialisations. It does mean that the logging +of TLS configuration problems is only done for the daemon startup. + * Early-pipelining support code is now included unless disabled in Makefile. + * DKIM verification defaults no long accept sha1 hashes, to conform to +RFC 8301. They can still be enabled, using the dkim_verify_hashes main +option. + * Support CHUNKING from an smtp transport using a transport_filter, when +DKIM signing is being done. Previously a transport_filter would always +disable CHUNKING, falling back to traditional DATA. + * Regard command-line receipients as tainted. + * Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. + * Bug 2489: Fix crash in the "pam" expansion condition. It seems that the +PAM library frees one of the arguments given to it, despite the +documentation. Therefore a plain malloc must be used. + * Bug 2491: Use tainted buffers for the transport smtp context. Previously +on-stack buffers were used, resulting in a taint trap when DSN information +copied from a received message was written into the buffer. + * Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix +the ordering of its ARC headers. This caused a crash. + * Bug 2492: Use tainted memory for retry record when needed. Previously when +a new record was being constructed with information from the peer, a trap +was taken. + * Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive +installation would get error messages from DMARC verify, when it hit the +nonexistent file indicated by the default. Distros wanting DMARC enabled +should both provide the file and set the option. +Also enforce no DMARC verification for command-line sourced messages. + * Fix an uninitialised flag in early-pipelining. Previously connections +could, depending on the platform, hang at the STARTTLS response. + * Bug 2498: Reset a counter used for ARC verify before handling another +message on a connection. Previously if one message had ARC headers and +the following one did not, a crash could result when adding an +Authentication-Results: header. + * Bug 2500: Rewind some of the common-coding in string handling between the +Exim main code and Exim-related utities. The introduction of taint +tracking also did many adjustments to string handling. Since then, eximon +frequently terminated with an assert failure. + * When PIPELINING, synch after every hundred or so RCPT commands sent and +check for 452 responses. This slightly helps the inefficieny of doing +a large alias-expansion into a recipient-limited target. The max_rcpt +transport option still applies (and at the current default, will override +the new feature). The check is done for either cause of synch, and forces +a fast-retry of all 452'd recipients using a new MAIL FROM on the same +connection. The new facility is not tunable at this time. + * Fix the variables set by the gsasl authenticator. Previously a pointer to +library live data was being used, so the results became garbage. Make +copies while it is still usable. + * Logging: when the deliver_time selector ise set, include the DT= field +on delivery deferred (==) and failed (**) lines (if a delivery was +attemtped). Previously it was only on completion (=>) lines. + * Authentication: the gsasl driver not provides the $authN variables in time +for the expansion of the server_scram_iter and server_scram_salt options. + +--- Old: exim-4.93.tar.bz2 exim-4.93.tar.bz2.asc New: exim-4.93.0.4.tar.bz2 exim-4.93.0.4.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.nbQeqj/_old 2020-01-07 23:53:58.132050478 +0100 +++ /var/tmp/diff_new_pack.nbQeqj/_new 2020-01-07 23:53:58.136050479 +0100 @@ -72,7 +72,7 @@ %endif Requires(pre): fileutils
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2020-01-02 14:42:37 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.6675 (New) Package is "exim" Thu Jan 2 14:42:37 2020 rev:55 rq:760356 version:4.93 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2019-12-30 12:34:37.611797948 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new.6675/exim.changes 2020-01-02 14:43:02.472952099 +0100 @@ -1,0 +2,6 @@ +Thu Jan 2 08:40:29 CET 2020 - wullin...@rz.uni-kiel.de + +spec file cleanup to make update work +- add docdir to spec + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.144L9l/_old 2020-01-02 14:43:03.868952651 +0100 +++ /var/tmp/diff_new_pack.144L9l/_new 2020-01-02 14:43:03.876952654 +0100 @@ -300,6 +300,7 @@ make %install +mkdir -p "$RPM_BUILD_ROOT/%{_docdir}/%{name}" %if 0%{?suse_version} > 1220 mkdir -p $RPM_BUILD_ROOT/%{_unitdir} %else @@ -474,6 +475,7 @@ /usr/lib/sendmail %{_fillupdir}/sysconfig.exim %dir %attr(750,mail,mail) /var/log/exim +%dir %{_docdir}/%{name} %files -n eximon %defattr(-,root,root)
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2019-12-30 12:34:32 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.6675 (New) Package is "exim" Mon Dec 30 12:34:32 2019 rev:54 rq:759896 version:4.93 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2019-09-13 14:59:30.289280252 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.6675/exim.changes 2019-12-30 12:34:37.611797948 +0100 @@ -1,0 +2,24 @@ +Mon Dec 9 10:08:02 UTC 2019 - wullin...@rz.uni-kiel.de + +- update to exim 4.93 + * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC + * DISABLE_TLS replaces SUPPORT_TLS + * Bump the version for the local_scan API. + * smtp transport option hosts_try_fastopen defaults to "*". + * DNSSec is requested (not required) for all queries. (This seemes to +ask for trouble if your resolver is a systemd-resolved.) + * Generic router option retry_use_local_part defaults to "true" under specific +pre-conditions. + * Introduce a tainting mechanism for values read from untrusted sources. + * Use longer file names for temporary spool files (this avoids +name conflicts with spool on a shared file system). + * Use dsn_from main config option (was ignored previously). + +--- +Mon Sep 30 15:39:54 UTC 2019 - po...@cmdline.net + +- update to exim 4.92.3 + * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat, +remote code execution seems to be possible + +--- Old: exim-4.92.2.tar.bz2 exim-4.92.2.tar.bz2.asc New: exim-4.93.tar.bz2 exim-4.93.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.8pkH6J/_old 2019-12-30 12:34:38.279798307 +0100 +++ /var/tmp/diff_new_pack.8pkH6J/_new 2019-12-30 12:34:38.279798307 +0100 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,7 +52,7 @@ BuildRequires: pkgconfig(xaw7) BuildRequires: pkgconfig(xmu) BuildRequires: pkgconfig(xt) -Url:http://www.exim.org/ +URL:http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix Provides: smtp_daemon %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800 @@ -72,7 +72,7 @@ %endif Requires(pre): fileutils textutils %endif -Version:4.92.2 +Version:4.93 Release:0 %if %{with_mysql} BuildRequires: mysql-devel @@ -197,7 +197,7 @@ LOOKUP_PASSWD=yes # LOOKUP_WHOSON=yes CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux - LOOKUP_LIBS=-llber + LOOKUP_LIBS=-llber -lnsl %if %{with_ldap} LDAP_LIB_TYPE=OPENLDAP2 LOOKUP_LIBS+=-lldap @@ -224,6 +224,7 @@ AUTH_DOVECOT=yes AUTH_TLS=yes AUTH_LIBS=-lsasl2 +USE_OPENSSL=yes SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto INFO_DIRECTORY=%{_infodir} @@ -273,7 +274,7 @@ HAVE_IPV6=YES SUPPORT_SPF=yes LOOKUP_LIBS+=-lspf2 -#EXPERIMENTAL_DMARC=yes +#SUPPORT_DMARC=yes #CFLAGS += -I/usr/local/include #LDFLAGS += -lopendmarc EXPERIMENTAL_EVENT=yes @@ -289,7 +290,7 @@ EXPERIMENTAL_INTERNATIONAL=yes %endif LDFLAGS += -lidn - CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE + CFLAGS=$RPM_OPT_FLAGS -std=gnu99 -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf ++ exim-4.92.2.tar.bz2 -> exim-4.93.tar.bz2 ++ 51972 lines of diff (skipped)
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2019-09-13 14:59:26 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.7948 (New) Package is "exim" Fri Sep 13 14:59:26 2019 rev:53 rq:730177 version:4.92.2 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2019-07-26 12:42:39.673848205 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.7948/exim.changes 2019-09-13 14:59:30.289280252 +0200 @@ -0,0 +1,8 @@ +--- +Sat Sep 7 18:22:08 UTC 2019 - po...@cmdline.net + +- update to exim 4.92.2 + * CVE-2019-15846: fix against remote attackers executing arbitrary code as +root via a trailing backslash + +--- Old: exim-4.92.1.tar.bz2 exim-4.92.1.tar.bz2.asc New: exim-4.92.2.tar.bz2 exim-4.92.2.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.Qopg5T/_old 2019-09-13 14:59:31.229280292 +0200 +++ /var/tmp/diff_new_pack.Qopg5T/_new 2019-09-13 14:59:31.229280292 +0200 @@ -72,7 +72,7 @@ %endif Requires(pre): fileutils textutils %endif -Version:4.92.1 +Version:4.92.2 Release:0 %if %{with_mysql} BuildRequires: mysql-devel ++ exim-4.92.1.tar.bz2 -> exim-4.92.2.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92.1/doc/ChangeLog new/exim-4.92.2/doc/ChangeLog --- old/exim-4.92.1/doc/ChangeLog 2019-07-18 20:55:56.0 +0200 +++ new/exim-4.92.2/doc/ChangeLog 2019-09-02 23:57:27.0 +0200 @@ -4,6 +4,11 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.92.2 +--- + +HS/01 Handle trailing backslash gracefully. (CVE-2019-15846) + Exim version 4.92.1 --- File old/exim-4.92.1/doc/cve-2019-13917 is a regular file while file new/exim-4.92.2/doc/cve-2019-13917 is a directory diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92.1/doc/cve-2019-15846/cve.txt new/exim-4.92.2/doc/cve-2019-15846/cve.txt --- old/exim-4.92.1/doc/cve-2019-15846/cve.txt 1970-01-01 01:00:00.0 +0100 +++ new/exim-4.92.2/doc/cve-2019-15846/cve.txt 2019-09-02 23:57:27.0 +0200 @@ -0,0 +1,45 @@ +CVE ID: CVE-2019-15846 +Date: 2019-09-02 (CVE assigned) +Credits:Zerons for the initial report +Qualys https://www.qualys.com/ for the analysis +Version(s): all versions up to and including 4.92.1 +Issue: A local or remote attacker can execute programs with root +privileges. + +Conditions to be vulnerable +=== + +If your Exim server accepts TLS connections, it is vulnerable. This does +not depend on the TLS libray, so both, GnuTLS and OpenSSL are affected. + +Details +=== + +The vulnerability is exploitable by sending a SNI ending in a +backslash-null sequence during the initial TLS handshake. The exploit +exists as a POC. For more details see the document qualys.mbx + +Mitigation +== + +Do not offer TLS. (This mitigation is not recommended.) + +Fix +=== + +Download and build a fixed version: + +Tarballs: https://ftp.exim.org/pub/exim/exim4/ +Git: https://github.com/Exim/exim.git + - tagexim-4.92.2 + - branch exim-4.92.2+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains the security fix *and* useful +fixes. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +the Exim project officially doesn't support versions prior the current +stable version.) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92.1/doc/cve-2019-15846/mitre.mbx new/exim-4.92.2/doc/cve-2019-15846/mitre.mbx --- old/exim-4.92.1/doc/cve-2019-15846/mitre.mbx1970-01-01 01:00:00.0 +0100 +++ new/exim-4.92.2/doc/cve-2019-15846/mitre.mbx2019-09-02 23:57:27.0 +0200 @@ -0,0 +1,84 @@ +From cve-requ...@mitre.org Mon Sep 2 18:12:21 2019 +Return-Path: +Authentication-Results: mx.net.schlittermann.de; iprev=pass + (smtpvbsrv1.mitre.org) smtp.remote-ip=198.49.146.234; spf=pass + smtp.mailfrom=mitre.org; dkim=pass header.d=mitre.org header.s=selector1 + header.a=rsa-sha256; dmarc=pass
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2019-07-26 12:42:36 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.4126 (New) Package is "exim" Fri Jul 26 12:42:36 2019 rev:52 rq:718600 version:4.92.1 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2019-06-12 13:14:16.816817868 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.4126/exim.changes 2019-07-26 12:42:39.673848205 +0200 @@ -0,0 +1,8 @@ +Thu Jul 25 13:43:52 UTC 2019 - alex + +- update to exim 4.92.1 + * CVE-2019-13917: Fixed an issue with ${sort} expansion which could + allow remote attackers to execute other programs with root privileges + (boo#1142207) + +--- Old: exim-4.92.tar.bz2 exim-4.92.tar.bz2.asc New: exim-4.92.1.tar.bz2 exim-4.92.1.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.ii7R12/_old 2019-07-26 12:42:40.873847691 +0200 +++ /var/tmp/diff_new_pack.ii7R12/_new 2019-07-26 12:42:40.873847691 +0200 @@ -72,7 +72,7 @@ %endif Requires(pre): fileutils textutils %endif -Version:4.92 +Version:4.92.1 Release:0 %if %{with_mysql} BuildRequires: mysql-devel ++ exim-4.92.tar.bz2 -> exim-4.92.1.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92/doc/ChangeLog new/exim-4.92.1/doc/ChangeLog --- old/exim-4.92/doc/ChangeLog 2019-01-30 14:59:52.0 +0100 +++ new/exim-4.92.1/doc/ChangeLog 2019-07-18 20:55:56.0 +0200 @@ -5,6 +5,12 @@ options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.92.1 +--- + +JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917, OVE-20190718-0006) + + Exim version 4.92 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92/doc/cve-2019-13917 new/exim-4.92.1/doc/cve-2019-13917 --- old/exim-4.92/doc/cve-2019-139171970-01-01 01:00:00.0 +0100 +++ new/exim-4.92.1/doc/cve-2019-13917 2019-07-18 20:55:56.0 +0200 @@ -0,0 +1,46 @@ +CVE ID: CVE-2019-13917 +OVE ID: OVE-20190718-0006 +Date: 2019-07-18 +Credits:Jeremy Harris +Version(s): 4.85 up to and including 4.92 +Issue: A local or remote attacker can execute programs with root +privileges - if you've an unusual configuration. See below. + +Conditions to be vulnerable +=== + +If your configuration uses the ${sort } expansion for items that can be +controlled by an attacker (e.g. $local_part, $domain). The default +config, as shipped by the Exim developers, does not contain ${sort }. + +Details +=== + +The vulnerability is exploitable either remotely or locally and could +be used to execute other programs with root privilege. The ${sort } +expansion re-evaluates its items. + +Mitigation +== + +Do not use ${sort } in your configuration. + +Fix +=== + +Download and build a fixed version: + +Tarballs: http://ftp.exim.org/pub/exim/exim4/ +Git: https://github.com/Exim/exim.git + - tagexim-4.92.1 + - branch exim-4.92+fixes + +The tagged commit is the officially released version. The +fixes branch +isn't officially maintained, but contains useful patches *and* the +security fix. + +If you can't install the above versions, ask your package maintainer for +a version containing the backported fix. On request and depending on our +resources we will support you in backporting the fix. (Please note, +that Exim project officially doesn't support versions prior the current +stable version.) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92/doc/filter.txt new/exim-4.92.1/doc/filter.txt --- old/exim-4.92/doc/filter.txt2019-02-10 19:23:07.0 +0100 +++ new/exim-4.92.1/doc/filter.txt 2019-07-18 21:15:43.0 +0200 @@ -4,7 +4,7 @@ Copyright (c) 2014 University of Cambridge -Revision 4.92 10 Feb 2019 PH +Revision 4.92.1 18 Jul 2019 PH --- @@ -77,7 +77,7 @@ This document describes the user interfaces to Exim's in-built mail filtering facilities, and is copyright (c) University of Cambridge 2014. It corresponds -to Exim version 4.92. +to Exim version 4.92.1. 1.1 Introduction diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.92/doc/spec.txt new/exim-4.92.1/doc/spec.txt --- old/exim-4.92/doc/spec.txt
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2019-06-12 13:14:15 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.4811 (New) Package is "exim" Wed Jun 12 13:14:15 2019 rev:51 rq:708768 version:4.92 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2019-06-06 18:18:26.188666453 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.4811/exim.changes 2019-06-12 13:14:16.816817868 +0200 @@ -0,0 +1,8 @@ +Wed Jun 5 07:14:44 CEST 2019 - wullin...@rz.uni-kiel.de + +- spec file cleanup + * fix DANE inclusion guard condition + * re-enable i18n and remove misleading comment + * EXPERIMENTAL_SPF is now SUPPORT_SPF + * DANE is now SUPPORT_DANE + Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.Sqzfrd/_old 2019-06-12 13:14:17.740816899 +0200 +++ /var/tmp/diff_new_pack.Sqzfrd/_new 2019-06-12 13:14:17.744816895 +0200 @@ -25,14 +25,13 @@ %bcond_without pgsql %bcond_without sqlite %bcond_without ldap -%if 0%{?suse_version} < 1199 || 0%{?centos_version} < 599 || 0%{?rhel_version} < 599 -%bcond_withdane -%else +%bcond_without i18n + +%if 0%{?suse_version} > 1199 || 0%{?centos_version} > 599 || 0%{?rhel_version} > 599 %bcond_without dane +%else +%bcond_with dane %endif -# disable for now, -# since utf8_downconvert currently crashes -%bcond_without i18n Name: exim BuildRequires: cyrus-sasl-devel @@ -272,7 +271,7 @@ # SPOOL_MODE=0640 SUPPORT_MOVE_FROZEN_MESSAGES=yes HAVE_IPV6=YES - EXPERIMENTAL_SPF=yes +SUPPORT_SPF=yes LOOKUP_LIBS+=-lspf2 #EXPERIMENTAL_DMARC=yes #CFLAGS += -I/usr/local/include @@ -283,7 +282,7 @@ EXPERIMENTAL_DSN=yes SYSTEM_ALIASES_FILE=/etc/aliases %if %{with dane} - DANE=yes +SUPPORT_DANE=yes %endif EXPERIMENTAL_SOCKS=yes %if %{with i18n}
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2019-06-06 18:18:24 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.4811 (New) Package is "exim" Thu Jun 6 18:18:24 2019 rev:50 rq:707946 version:4.92 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2019-03-24 15:01:55.747164469 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new.4811/exim.changes 2019-06-06 18:18:26.188666453 +0200 @@ -11,0 +12 @@ + * CVE-2019-10149: Fixed a Remote Command Execution (bsc#1136587) Other differences: --
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2019-03-24 15:01:52 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new.25356 (New) Package is "exim" Sun Mar 24 15:01:52 2019 rev:49 rq:687929 version:4.92 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2018-05-15 10:30:59.673493531 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new.25356/exim.changes 2019-03-24 15:01:55.747164469 +0100 @@ -1,0 +2,14 @@ +Sat Mar 23 05:03:11 UTC 2019 - sean...@opensuse.org + +- update to exim 4.92 + * ${l_header:} expansion + * ${readsocket} now supports TLS + * "utf8_downconvert" option (if built with SUPPORT_I18N) + * "pipelining" log_selector + * JSON variants for ${extract } expansion + * "noutf8" debug option + * TCP Fast Open support on MacOS +- add workaround patch for compile time error on missing printf + format annotation (gnu_printf.patch) + +--- Old: exim-4.91.tar.bz2 exim-4.91.tar.bz2.asc New: exim-4.92.tar.bz2 exim-4.92.tar.bz2.asc gnu_printf.patch Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.bkGFRw/_old 2019-03-24 15:01:56.951164315 +0100 +++ /var/tmp/diff_new_pack.bkGFRw/_new 2019-03-24 15:01:56.955164315 +0100 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -73,7 +73,7 @@ %endif Requires(pre): fileutils textutils %endif -Version:4.91 +Version:4.92 Release:0 %if %{with_mysql} BuildRequires: mysql-devel @@ -102,6 +102,7 @@ Source32: eximstats.conf-2.2 Source40: exim.service Patch0: exim-tail.patch +Patch1: gnu_printf.patch %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -144,6 +145,7 @@ %prep %setup -q -n exim-%{version} %patch0 +%patch1 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" ++ exim-4.91.tar.bz2 -> exim-4.92.tar.bz2 ++ 36360 lines of diff (skipped) ++ exim.keyring ++ 7025 lines (skipped) between exim.keyring and /work/SRC/openSUSE:Factory/.exim.new.25356/exim.keyring ++ gnu_printf.patch ++ diff -ru exim-4.92.orig/src/exim.c exim-4.92/src/exim.c --- exim-4.92.orig/src/exim.c 2019-02-11 13:17:06.489418000 +0100 +++ exim-4.92/src/exim.c2019-02-11 13:34:50.663777000 +0100 @@ -683,6 +683,9 @@ /* Print error string, then die */ +#ifdef __GNUC__ +static void exim_fail(const char * fmt, ...) __attribute__((format (printf, 1, 2))); +#endif static void exim_fail(const char * fmt, ...) {
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2018-05-15 10:04:24 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Tue May 15 10:04:24 2018 rev:48 rq:603159 version:4.91 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2017-12-08 13:03:33.996296609 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2018-05-15 10:30:59.673493531 +0200 @@ -1,0 +2,149 @@ +Mon Apr 16 13:57:17 UTC 2018 - wullin...@rz.uni-kiel.de + +- update to 4.91 + * DEFER rather than ERROR on redis cluster MOVED response. + * Catch and remove uninitialized value warning in exiqsumm + * Disallow '/' characters in queue names specified for the "queue=" ACL +modifier. This matches the restriction on the commandline. + * Fix pgsql lookup for multiple result-tuples with a single column. +Previously only the last row was returned. + * Bug 2217: Tighten up the parsing of DKIM signature headers. + * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. + * Fix issue with continued-connections when the DNS shifts unreliably. + * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL. + * The "support for" informational output now, which built with Content + Scanning support, has a line for the malware scanner interfaces compiled + in. Interface can be individually included or not at build time. + * The "aveserver", "kavdaemon" and "mksd" interfaces are now not included + by the template makefile "src/EDITME". The "STREAM" support for an older + ClamAV interface method is removed. + * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of + rows affected is given instead). + * The runtime Berkeley DB library version is now additionally output by + "exim -d -bV". Previously only the compile-time version was shown. + * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating + SMTP connection. + * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by + routers. + * Bug 2174: A timeout on connect for a callout was also erroneously seen as + a timeout on read on a GnuTLS initiating connection, resulting in the + initiating connection being dropped. + * Relax results from ACL control request to enable cutthrough, in + unsupported situations, from error to silently (except under debug) + ignoring. + * Fix Buffer overflow in base64d() (CVE-2018-6789) + * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc + metadata, resulting in a crash in free(). + * Fix broken Heimdal GSSAPI authenticator integration. + * Bug 2113: Fix conversation closedown with the Avast malware scanner. + * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL. + * Speed up macro lookups during configuration file read, by skipping non- + macro text after a replacement (previously it was only once per line) and + by skipping builtin macros when searching for an uppercase lead character. + * DANE support moved from Experimental to mainline. The Makefile control + for the build is renamed. + * Fix memory leak during multi-message connections using STARTTLS. + * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC + reported the original. Fix to report (as far as possible) the ACL + result replacing the original. + * Fix memory leak during multi-message connections using STARTTLS under + OpenSSL + * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames. + * Fix utf8_downconvert propagation through a redirect router. + * Bug 2253: For logging delivery lines under PRDR, append the overall + DATA response info to the (existing) per-recipient response info for + the "C=" log element. + * Bug 2251: Fix ldap lookups that return a single attribute having zero- + length value. + * Support Avast multiline protocol, this allows passing flags to + newer versions of the scanner. + * Ensure that variables possibly set during message acceptance are marked +dead before release of memory in the daemon loop. + * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such + as a multi-recipient message from a mailinglist manager). + * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being + replaced by the ${authresults } expansion. + * Bug 2257: Fix pipe transport to not use a socket-only syscall. + * Set a handler for SIGTERM and call exit(3) if running as PID 1. This + allows proper process termination in container environments. + * Bug 2258: Fix spool_wireformat in combination with LMTP transport. + Previously the "final dot" had a newline after it; ensure it is CR,LF. + * SPF: remove support for the "spf" ACL condition outcome values "err_temp" +
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-12-08 13:02:42 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Fri Dec 8 13:02:42 2017 rev:47 rq:555178 version:4.88 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2017-11-28 14:04:30.132621560 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-12-08 13:03:33.996296609 +0100 @@ -1,0 +2,7 @@ +Thu Nov 30 08:32:50 UTC 2017 - wullin...@rz.uni-kiel.de + +- add exim-CVE-2017-16944.patch: + backport of commit 178ecb70987f024f0e775d87c2f8b2cf587dd542 + fix for CVE-2017-16944 (#bsc1069859) + +--- New: exim-CVE-2017-16944.patch Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.h5xbuv/_old 2017-12-08 13:03:35.048258617 +0100 +++ /var/tmp/diff_new_pack.h5xbuv/_new 2017-12-08 13:03:35.048258617 +0100 @@ -109,7 +109,8 @@ Patch0: exim-tail.patch Patch3: exim-CVE-2017-1000369.patch Patch4: exim-CVE-2017-16943.patch -Patch5: exim-4.86.2-mariadb_102_compile_fix.patch +Patch5: exim-CVE-2017-16944.patch +Patch6: exim-4.86.2-mariadb_102_compile_fix.patch %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -155,6 +156,7 @@ %patch3 -p 1 %patch4 -p 1 %patch5 -p 1 +%patch6 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" ++ exim-CVE-2017-16944.patch ++ diff -ru a/src/receive.c b/src/receive.c --- a/src/receive.c 2017-11-30 09:15:29.593364805 +0100 +++ b/src/receive.c 2017-11-30 09:17:32.026970431 +0100 @@ -1759,7 +1759,7 @@ prevent further reading), and break out of the loop, having freed the empty header, and set next = NULL to indicate no data line. */ - if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) + if (ptr == 0 && ch == '.' && dot_ends) { ch = (receive_getc)(); if (ch == '\r') diff -ru a/src/smtp_in.c b/src/smtp_in.c --- a/src/smtp_in.c 2017-11-30 09:15:29.593364805 +0100 +++ b/src/smtp_in.c 2017-11-30 09:41:47.270055566 +0100 @@ -4751,11 +4751,17 @@ ? CHUNKING_LAST : CHUNKING_ACTIVE; chunking_data_left = chunking_datasize; + /* push the current receive_* function on the "stack", and + replace them by bdat_getc(), which in turn will use the lwr_receive_* + functions to do the dirty work. */ lwr_receive_getc = receive_getc; lwr_receive_ungetc = receive_ungetc; + receive_getc = bdat_getc; receive_ungetc = bdat_ungetc; + dot_ends = FALSE; + DEBUG(D_any) debug_printf("chunking state %d\n", (int)chunking_state); goto DATA_BDAT; @@ -4763,6 +4769,7 @@ case DATA_CMD: HAD(SCH_DATA); +dot_ends = TRUE; DATA_BDAT: /* Common code for DATA and BDAT */ if (!discarded && recipients_count <= 0)
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-11-28 14:04:27 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Tue Nov 28 14:04:27 2017 rev:46 rq:545933 version:4.88 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2017-11-25 08:43:02.597417626 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-11-28 14:04:30.132621560 +0100 @@ -1,0 +2,23 @@ +Mon Nov 27 10:36:17 UTC 2017 - dmuel...@suse.com + +- update to 4.88: + drops fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch, + exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch +- remove exim4-manpages.tar.bz2: upstream does not exist anymore +- update keyring + +--- +Mon Nov 27 08:52:33 UTC 2017 - kstreit...@suse.com + +- add exim-4.86.2-mariadb_102_compile_fix.patch to fix compilation + with the mariadb 10.2 (in our case the build with libmariadb + library from the mariadb-connector-c package) + * upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and + 31beb7972466a33a88770eacbce13490f2ddadc2 + +--- +Mon Nov 27 06:45:14 UTC 2017 - meiss...@suse.com + +- exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 bsc#1069857) + +--- Old: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch exim-4.86.2.tar.bz2 exim-4.86.2.tar.bz2.asc exim4-manpages.tar.bz2 fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch New: exim-4.86.2-mariadb_102_compile_fix.patch exim-4.88.tar.bz2 exim-4.88.tar.bz2.asc exim-CVE-2017-16943.patch Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.FXdMoQ/_old 2017-11-28 14:04:31.164584041 +0100 +++ /var/tmp/diff_new_pack.FXdMoQ/_new 2017-11-28 14:04:31.168583895 +0100 @@ -78,7 +78,7 @@ %endif Requires(pre): fileutils textutils %endif -Version:4.86.2 +Version:4.88 Release:0 %if %{with_mysql} BuildRequires: mysql-devel @@ -102,15 +102,14 @@ Source11: exim.rc Source12: permissions.exim Source13: apparmor.usr.sbin.exim -Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2 Source30: eximstats-html-update.py Source31: eximstats.conf Source32: eximstats.conf-2.2 Source40: exim.service Patch0: exim-tail.patch -Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch -Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch Patch3: exim-CVE-2017-1000369.patch +Patch4: exim-CVE-2017-16943.patch +Patch5: exim-4.86.2-mariadb_102_compile_fix.patch %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -153,9 +152,9 @@ %prep %setup -q -n exim-%{version} %patch0 -%patch1 -p 1 -%patch2 -p 1 %patch3 -p 1 +%patch4 -p 1 +%patch5 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" @@ -291,6 +290,7 @@ EXPERIMENTAL_PROXY=yes EXPERIMENTAL_CERTNAMES=yes EXPERIMENTAL_DSN=yes + SYSTEM_ALIASES_FILE=/etc/aliases %if %{with dane} EXPERIMENTAL_DANE=yes %endif @@ -326,7 +326,7 @@ inst_info=$RPM_BUILD_ROOT/%{_infodir} \ INSTALL_ARG=-no_chown install #mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim -mv $RPM_BUILD_ROOT/usr/sbin/exim-4.86* $RPM_BUILD_ROOT/usr/sbin/exim +mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done %if 0%{?suse_version} > 1220 install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service @@ -355,8 +355,6 @@ # man pages mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8 -tar xvjf %{S:20} -cp -p exim4-manpages/* $RPM_BUILD_ROOT/%{_mandir}/man8/ for i in \ sendmail \ runq \ ++ exim-4.86.2-mariadb_102_compile_fix.patch ++ Index: exim-4.86.2/src/lookups/mysql.c === --- exim-4.86.2.orig/src/lookups/mysql.c +++ exim-4.86.2/src/lookups/mysql.c @@ -14,6 +14,53 @@ functions. */ #include/* The system header */ +/* We define symbols for *_VERSION_ID (numeric),
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-11-25 08:43:01 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Sat Nov 25 08:43:01 2017 rev:45 rq:545097 version:4.86.2 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2017-10-17 01:53:07.432731800 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-11-25 08:43:02.597417626 +0100 @@ -1,0 +2,6 @@ +Thu Nov 23 13:43:04 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.Jasale/_old 2017-11-25 08:43:03.685377988 +0100 +++ /var/tmp/diff_new_pack.Jasale/_new 2017-11-25 08:43:03.689377842 +0100 @@ -16,6 +16,11 @@ # +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + %bcond_without mysql %bcond_without pgsql %bcond_without sqlite @@ -313,7 +318,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin,lib} mkdir -p $RPM_BUILD_ROOT/var/log/exim mkdir -p $RPM_BUILD_ROOT/var/spool/mail/ -mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates +mkdir -p $RPM_BUILD_ROOT%{_fillupdir} mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 mkdir -p $RPM_BUILD_ROOT/usr/bin make inst_dest=$RPM_BUILD_ROOT/usr/sbin \ @@ -345,7 +350,7 @@ ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim %endif mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/ -cp -p %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.exim +cp -p %{S:1} $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.exim install -m 0644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim # man pages mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ @@ -478,7 +483,7 @@ /usr/bin/newaliases /usr/sbin/sendmail /usr/lib/sendmail -/var/adm/fillup-templates/sysconfig.exim +%{_fillupdir}/sysconfig.exim %dir %attr(750,mail,mail) /var/log/exim %files -n eximon
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-10-17 01:53:02 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Tue Oct 17 01:53:02 2017 rev:44 rq:534147 version:4.86.2 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2017-07-07 10:16:56.858746658 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-10-17 01:53:07.432731800 +0200 @@ -1,0 +2,8 @@ +Mon Oct 9 11:36:38 UTC 2017 - dims...@opensuse.org + +- Explicitly buildrequire libnsl-devel on suse_version >= 1330: + libnsl used to be an integrated part of glibc. Since the build + system / makefiles explicitly reference libnsl, it is our own + duty to ensure we have our deps in place. + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.dn6WV4/_old 2017-10-17 01:53:08.644675033 +0200 +++ /var/tmp/diff_new_pack.dn6WV4/_new 2017-10-17 01:53:08.648674846 +0200 @@ -33,6 +33,9 @@ BuildRequires: cyrus-sasl-devel BuildRequires: db-devel BuildRequires: libidn-devel +%if 0%{?suse_version} >= 1330 +BuildRequires: libnsl-devel +%endif BuildRequires: libspf2-devel BuildRequires: pam-devel %if %{with_ldap}
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-07-07 10:16:56 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Fri Jul 7 10:16:56 2017 rev:43 rq:508334 version:4.86.2 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2017-07-01 14:06:34.195441613 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-07-07 10:16:56.858746658 +0200 @@ -1,0 +2,5 @@ +Tue Jul 4 11:15:20 UTC 2017 - meiss...@suse.com + +- specify users with ref:mail, to make them dynamic. bsc#1046971 + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.fU9Dxs/_old 2017-07-07 10:16:58.138565570 +0200 +++ /var/tmp/diff_new_pack.fU9Dxs/_new 2017-07-07 10:16:58.142565004 +0200 @@ -160,8 +160,8 @@ # see src/EDITME for comments. BIN_DIRECTORY=/usr/sbin CONFIGURE_FILE=/etc/exim/exim.conf - EXIM_USER=mail - EXIM_GROUP=mail + EXIM_USER=ref:mail + EXIM_GROUP=ref:mail SPOOL_DIRECTORY=/var/spool/exim ROUTER_ACCEPT=yes ROUTER_DNSLOOKUP=yes
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2017-07-01 14:06:08 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Sat Jul 1 14:06:08 2017 rev:42 rq:507377 version:4.86.2 Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2016-10-04 16:00:03.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2017-07-01 14:06:34.195441613 +0200 @@ -1,0 +2,28 @@ +Mon Jun 19 16:27:45 UTC 2017 - meiss...@suse.com + +- exim-CVE-2017-1000369.patch: Fixed memory leaks that could be + exploited to "stack crash" local privilege escalation (bsc#1044692) + +- Require user(mail) group(mail) to meet new users handling in TW. + +- Prerequire permissions (fixes rpmlint). + +--- +Mon Apr 24 07:45:00 UTC 2017 - wullin...@rz.uni-kiel.de + +- conditionally disable DANE on SuSE versions with OpenSSL < 1.0 + +- exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch: + import exim-4_86_2+fixes branch ++ fix CVE-2016-1531 + when installed setuid root, allows local users to gain privileges via the perl_startup + argument. ++ fix Bug 1805: store the initial working directory, expand $initial_cwd ++ fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671) ++ Don't issue env warning if env is empty + +- fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch: + DKIM information leakage + + +--- New: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch exim-CVE-2017-1000369.patch fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.VVFUrR/_old 2017-07-01 14:06:34.815354379 +0200 +++ /var/tmp/diff_new_pack.VVFUrR/_new 2017-07-01 14:06:34.815354379 +0200 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,6 +20,14 @@ %bcond_without pgsql %bcond_without sqlite %bcond_without ldap +%if 0%{?suse_version} < 1199 || 0%{?centos_version} < 599 || 0%{?rhel_version} < 599 +%bcond_withdane +%else +%bcond_without dane +%endif +# disable for now, +# since utf8_downconvert currently crashes +%bcond_without i18n Name: exim BuildRequires: cyrus-sasl-devel @@ -53,8 +61,13 @@ %else Requires(pre): %insserv_prereq %endif -Requires(pre): %fillup_prereq -Requires(pre): /usr/sbin/useradd +Requires(pre): %fillup_prereq permissions +%if 0%{?suse_version} >= 1330 +BuildRequires: group(mail) +BuildRequires: user(mail) +Requires(pre): user(mail) +Requires(pre): group(mail) +%endif Requires(pre): fileutils textutils %endif Version:4.86.2 @@ -72,8 +85,8 @@ License:GPL-2.0+ Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 -Source3:http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc +Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2 +Source3: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc Source4:exim.keyring Source1:sysconfig.exim @@ -86,7 +99,10 @@ Source31: eximstats.conf Source32: eximstats.conf-2.2 Source40: exim.service -Patch: exim-tail.patch +Patch0: exim-tail.patch +Patch1: exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch +Patch2: fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch +Patch3: exim-CVE-2017-1000369.patch %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -128,7 +144,10 @@ %prep %setup -q -n exim-%{version} -%patch +%patch0 +%patch1 -p 1 +%patch2 -p 1 +%patch3 -p 1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" @@ -264,9 +283,13 @@ EXPERIMENTAL_PROXY=yes EXPERIMENTAL_CERTNAMES=yes EXPERIMENTAL_DSN=yes +%if %{with dane} EXPERIMENTAL_DANE=yes +%endif EXPERIMENTAL_SOCKS=yes +%if %{with i18n} EXPERIMENTAL_INTERNATIONAL=yes +%endif
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2016-10-04 16:00:25 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2016-03-07 13:27:42.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2016-10-04 16:00:03.0 +0200 @@ -1,0 +2,20 @@ +Mon Apr 4 15:55:31 UTC 2016 - e.isto...@edss.ee + +- Makefile tuning: + + add sqlite support ++ disable WITH_OLD_DEMIME ++ enable AUTH_CYRUS_SASL ++ enable AUTH_TLS ++ enable SYSLOG_LONG_LINES ++ enable SUPPORT_PAM ++ MAX_NAMED_LIST=64 ++ enable EXPERIMENTAL_DMARC ++ enable EXPERIMENTAL_EVENT ++ enable EXPERIMENTAL_PROXY ++ enable EXPERIMENTAL_CERTNAMES ++ enable EXPERIMENTAL_DSN ++ enable EXPERIMENTAL_DANE ++ enable EXPERIMENTAL_SOCKS ++ enable EXPERIMENTAL_INTERNATIONAL + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.jp6VgL/_old 2016-10-04 16:00:05.0 +0200 +++ /var/tmp/diff_new_pack.jp6VgL/_new 2016-10-04 16:00:05.0 +0200 @@ -18,12 +18,15 @@ %bcond_without mysql %bcond_without pgsql +%bcond_without sqlite %bcond_without ldap Name: exim BuildRequires: cyrus-sasl-devel BuildRequires: db-devel +BuildRequires: libidn-devel BuildRequires: libspf2-devel +BuildRequires: pam-devel %if %{with_ldap} BuildRequires: openldap2-devel %endif @@ -62,6 +65,9 @@ %if %{with_pgsql} BuildRequires: postgresql-devel %endif +%if %{with_sqlite} +BuildRequires: sqlite3-devel +%endif Summary:The Exim Mail Transfer Agent, a Replacement for sendmail License:GPL-2.0+ Group: Productivity/Networking/Email/Servers @@ -167,15 +173,14 @@ %if %{with_pgsql} LOOKUP_PGSQL=yes %endif +%if %{with_sqlite} + LOOKUP_SQLITE=yes +%endif LOOKUP_NIS=yes # LOOKUP_NISPLUS=yes - # LOOKUP_ORACLE=yes LOOKUP_PASSWD=yes - # LOOKUP_PGSQL=yes # LOOKUP_WHOSON=yes CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux - # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include - # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq LOOKUP_LIBS=-llber %if %{with_ldap} LDAP_LIB_TYPE=OPENLDAP2 @@ -189,23 +194,31 @@ LOOKUP_INCLUDE+=-I /usr/include/pgsql LOOKUP_LIBS+=-lpq %endif +%if %{with_sqlite} + LOOKUP_INCLUDE+=-I /usr/include/sqlite3 + LOOKUP_LIBS+=-lsqlite3 +%endif EXIM_MONITOR=eximon.bin WITH_CONTENT_SCAN=yes - WITH_OLD_DEMIME=yes + #WITH_OLD_DEMIME=yes AUTH_CRAM_MD5=yes +AUTH_CYRUS_SASL=yes AUTH_PLAINTEXT=yes AUTH_SPA=yes AUTH_DOVECOT=yes +AUTH_TLS=yes + AUTH_LIBS=-lsasl2 SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto INFO_DIRECTORY=%{_infodir} LOG_FILE_PATH=/var/log/exim/%%s.log EXICYCLOG_MAX=10 SYSLOG_LOG_PID=yes +SYSLOG_LONG_LINES=yes COMPRESS_COMMAND=/bin/gzip COMPRESS_SUFFIX=gz ZCAT_COMMAND=/usr/bin/zcat - # SUPPORT_PAM=yes + SUPPORT_PAM=yes # You probably need to add -lpam to EXTRALIBS # RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf # CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck @@ -231,7 +244,7 @@ # LOG_MODE=0640 # LOOKUP_TESTDB=yes MAKE_SHELL=/bin/bash - # MAX_NAMED_LIST=16 + MAX_NAMED_LIST=64 # MAXINTERFACES=250 # MSGLOG_DIRECTORY_MODE=0750 # PERL_CC= @@ -244,8 +257,19 @@ HAVE_IPV6=YES EXPERIMENTAL_SPF=yes LOOKUP_LIBS+=-lspf2 +#EXPERIMENTAL_DMARC=yes + #CFLAGS += -I/usr/local/include + #LDFLAGS += -lopendmarc + EXPERIMENTAL_EVENT=yes + EXPERIMENTAL_PROXY=yes + EXPERIMENTAL_CERTNAMES=yes + EXPERIMENTAL_DSN=yes + EXPERIMENTAL_DANE=yes + EXPERIMENTAL_SOCKS=yes + EXPERIMENTAL_INTERNATIONAL=yes + LDFLAGS += -lidn CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE - EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie + EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf rm -f doc/*.{orig,txt~}
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2016-03-07 13:26:55 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2016-02-08 09:47:36.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2016-03-07 13:27:42.0 +0100 @@ -1,0 +2,13 @@ +Wed Mar 2 21:05:04 UTC 2016 - lmue...@suse.com + +- Update to 4.86.2 + + Fix minor portability issues for *BSD and OS/X. + +--- +Mon Feb 29 17:26:20 UTC 2016 - lmue...@suse.com + +- Update to 4.86.1 + + Add support for keep_environment and add_environment options; +CVE-2016-1531; (boo#968844). + +--- Old: exim-4.86.tar.bz2 exim-4.86.tar.bz2.asc New: exim-4.86.2.tar.bz2 exim-4.86.2.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.s4fjPm/_old 2016-03-07 13:27:43.0 +0100 +++ /var/tmp/diff_new_pack.s4fjPm/_new 2016-03-07 13:27:43.0 +0100 @@ -54,7 +54,7 @@ Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version:4.86 +Version:4.86.2 Release:0 %if %{with_mysql} BuildRequires: mysql-devel @@ -270,7 +270,8 @@ inst_conf=$RPM_BUILD_ROOT/etc/exim/exim.conf \ inst_info=$RPM_BUILD_ROOT/%{_infodir} \ INSTALL_ARG=-no_chown install -mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim +#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim +mv $RPM_BUILD_ROOT/usr/sbin/exim-4.86* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done %if 0%{?suse_version} > 1220 install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service ++ exim-4.86.tar.bz2 -> exim-4.86.2.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.86/OS/Makefile-Base new/exim-4.86.2/OS/Makefile-Base --- old/exim-4.86/OS/Makefile-Base 2015-07-23 23:20:37.0 +0200 +++ new/exim-4.86.2/OS/Makefile-Base2016-03-02 18:27:51.0 +0100 @@ -317,6 +317,7 @@ rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \ route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \ std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \ +environment.o \ $(OBJ_LOOKUPS) \ local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \ $(OBJ_WITH_OLD_DEMIME) $(OBJ_EXPERIMENTAL) @@ -573,6 +574,7 @@ enq.o: $(HDRS) enq.c exim.o: $(HDRS) exim.c expand.o:$(HDRS) expand.c +environment.o: $(HDRS) environment.c filter.o:$(HDRS) filter.c filtertest.o:$(HDRS) filtertest.c globals.o: $(HDRS) globals.c diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.86/doc/ChangeLog new/exim-4.86.2/doc/ChangeLog --- old/exim-4.86/doc/ChangeLog 2015-07-23 23:20:37.0 +0200 +++ new/exim-4.86.2/doc/ChangeLog 2016-03-02 18:27:51.0 +0100 @@ -1,6 +1,14 @@ Change log file for Exim from version 4.21 --- +Exim version 4.86.2 +--- +Portability relase of 4.86.1 + +Exim version 4.86.1 +--- +HS/04 Add support for keep_environment and add_environment options. + This fixes CVE-2016-1531. Exim version 4.86 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.86/doc/exim.8 new/exim-4.86.2/doc/exim.8 --- old/exim-4.86/doc/exim.82015-07-26 14:42:05.0 +0200 +++ new/exim-4.86.2/doc/exim.8 2016-03-02 18:42:38.0 +0100 @@ -453,6 +453,10 @@ settings can be obtained by using \fBrouters\fP, \fBtransports\fP, or \fBauthenticators\fP. .sp +If \fBenvironment\fP is given as an argument, the set of environment +variables is output, line by line. Using the \fB\-n\fP flag supresses the value of the +variables. +.sp If invoked by an admin user, then \fBmacro\fP, \fBmacro_list\fP and \fBmacros\fP are available, similarly to the drivers. Because macros are sometimes used for storing passwords, this option is restricted. @@ -724,6 +728,8 @@ file that exists is used. Failure to open an existing file stops Exim from proceeding any further along the list, and an error is generated. .sp +The file names need to be absolute names. +.sp When this option is used by a caller other than root, and
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2016-02-08 09:47:35 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2015-12-16 17:42:35.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2016-02-08 09:47:36.0 +0100 @@ -1,0 +2,6 @@ +Wed Feb 3 19:07:16 UTC 2016 - opens...@cboltz.de + +- Move AppArmor profile to /usr/share/apparmor/extra-profiles/, which is + the directory for inactive profiles since AppArmor 2.9 + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.kC7FZV/_old 2016-02-08 09:47:37.0 +0100 +++ /var/tmp/diff_new_pack.kC7FZV/_new 2016-02-08 09:47:37.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -333,7 +333,7 @@ %endif install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbindir} # apparmor profile -install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim +install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/usr/share/apparmor/extra-profiles/usr.sbin.exim %pre %if 0%{?suse_version} > 1220 @@ -417,10 +417,9 @@ %if %{?suse_version:%suse_version}%{?!suse_version:9} < 1000 %config(noreplace) /etc/permissions.d/exim %endif -%dir /etc/apparmor -%dir /etc/apparmor/profiles -%dir /etc/apparmor/profiles/extras -%config(noreplace) /etc/apparmor/profiles/extras/usr.sbin.exim +%dir /usr/share/apparmor +%dir /usr/share/apparmor/extra-profiles +%config(noreplace) /usr/share/apparmor/extra-profiles/usr.sbin.exim /usr/sbin/rcexim /usr/bin/mailq /usr/bin/runq
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2015-12-16 17:42:34 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is "exim" Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2015-07-03 00:03:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2015-12-16 17:42:35.0 +0100 @@ -1,0 +2,32 @@ +Fri Dec 11 10:44:26 UTC 2015 - lmue...@suse.com + +- Update the Exim Maintainers Keyring file 'exim.keyring'. +- Use URL for the source line of the main tar ball. + +--- +Fri Oct 2 21:56:18 UTC 2015 - michal.hruse...@opensuse.org + +- Update to 4.86 + * Support for using the system standard CA bundle. + * New expansion items $config_file, $config_dir, containing the file +and directory name of the main configuration file. Also $exim_version. + * New "malware=" support for Avast. + * New "spam=" variant option for Rspamd. + * Assorted options on malware= and spam= scanners. + * A commandline option to write a comment into the logfile. + * If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can +be configured to make connections via socks5 proxies. + * If built with EXPERIMENTAL_INTERNATIONAL, support is included for +the transmission of UTF-8 envelope addresses. + * If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly +used encoding of Maildir folder names. + * A logging option for slow DNS lookups. + * New ${env {}} expansion. + * A non-SMTP authenticator using information from TLS client certificates. + * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. +Patch originally by Wolfgang Breyha. + * Main option "dns_trust_aa" for trusting your local nameserver at the +same level as DNSSEC. +- Dropped exim-enable_ecdh_openssl.patch as included in upstream + +--- Old: exim-4.85.tar.bz2 exim-4.85.tar.bz2.asc exim-enable_ecdh_openssl.patch New: exim-4.86.tar.bz2 exim-4.86.tar.bz2.asc Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.m13To2/_old 2015-12-16 17:42:36.0 +0100 +++ /var/tmp/diff_new_pack.m13To2/_new 2015-12-16 17:42:36.0 +0100 @@ -54,7 +54,7 @@ Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version:4.85 +Version:4.86 Release:0 %if %{with_mysql} BuildRequires: mysql-devel @@ -66,8 +66,9 @@ License:GPL-2.0+ Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source: exim-%{version}.tar.bz2 -Source3:exim-%{version}.tar.bz2.asc +Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 +Source3:http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc +# http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc Source4:exim.keyring Source1:sysconfig.exim Source2:exim.logrotate @@ -80,7 +81,6 @@ Source32: eximstats.conf-2.2 Source40: exim.service Patch: exim-tail.patch -Patch1: exim-enable_ecdh_openssl.patch %package -n eximon Summary:Eximon, an graphical frontend to administer Exim's mail queue @@ -123,7 +123,6 @@ %prep %setup -q -n exim-%{version} %patch -%patch1 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} > 930 fPIE="-fPIE" ++ exim-4.85.tar.bz2 -> exim-4.86.tar.bz2 ++ 38777 lines of diff (skipped) ++ exim.keyring ++ 5457 lines (skipped) between exim.keyring and /work/SRC/openSUSE:Factory/.exim.new/exim.keyring
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2015-07-02 22:49:42 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2015-05-07 09:22:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2015-07-03 00:03:46.0 +0200 @@ -111 +111 @@ -- Fix service file +- Fix service file; (boo#935601) @@ -118 +118 @@ -- Removed executable permission bits from exim.service file. +- Removed executable permission bits from exim.service file; (boo#935601). Other differences: --
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2015-05-07 09:22:14 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2015-04-23 08:04:31.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2015-05-07 09:22:15.0 +0200 @@ -1,0 +2,6 @@ +Wed May 6 21:25:49 UTC 2015 - lmue...@suse.com + +- Fix the systemd service file by not passing EXIM_ARGS as one single + argument by removing the curly brackets (shell syntax). + +--- Other differences: -- ++ exim.service ++ --- /var/tmp/diff_new_pack.HueWwI/_old 2015-05-07 09:22:16.0 +0200 +++ /var/tmp/diff_new_pack.HueWwI/_new 2015-05-07 09:22:16.0 +0200 @@ -7,7 +7,7 @@ PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim -ExecStart=/usr/sbin/exim ${EXIM_ARGS} +ExecStart=/usr/sbin/exim $EXIM_ARGS [Install] WantedBy=multi-user.target
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2015-04-23 08:04:30 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2015-03-23 12:17:45.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2015-04-23 08:04:31.0 +0200 @@ -1,0 +2,6 @@ +Fri Apr 17 15:53:24 UTC 2015 - lmue...@suse.com + +- Install fitting eximstats.conf depending on SUSE version; (bsc#926861). +- Add attribute dir to /etc/apache2 and /etc/apache2/conf.d in the file list. + +--- New: eximstats.conf-2.2 Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.IJlR2q/_old 2015-04-23 08:04:32.0 +0200 +++ /var/tmp/diff_new_pack.IJlR2q/_new 2015-04-23 08:04:32.0 +0200 @@ -77,7 +77,8 @@ Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2 Source30: eximstats-html-update.py Source31: eximstats.conf -Source32: exim.service +Source32: eximstats.conf-2.2 +Source40: exim.service Patch: exim-tail.patch Patch1: exim-enable_ecdh_openssl.patch @@ -273,7 +274,7 @@ mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done %if 0%{?suse_version} 1220 -install -m 0644 %{S:32} $RPM_BUILD_ROOT/%{_unitdir}/exim.service +install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service %else install -m 0755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim %endif @@ -326,7 +327,11 @@ # eximstats-html files mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats mkdir -p $RPM_BUILD_ROOT/etc/apache2/conf.d/ -cp -p $RPM_SOURCE_DIR/eximstats.conf $RPM_BUILD_ROOT/etc/apache2/conf.d/ +%if 0%{?suse_version} == 0 || 0%{?suse_version} 1310 + cp -p %{S:31} $RPM_BUILD_ROOT/etc/apache2/conf.d/ +%else + cp -p %{S:32} $RPM_BUILD_ROOT/etc/apache2/conf.d/eximstats.conf +%endif install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbindir} # apparmor profile install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim @@ -435,8 +440,8 @@ %files -n eximstats-html %defattr(-,root,root) %attr(0750,root,www) /srv/www/eximstats -/etc/apache2 -/etc/apache2/conf.d +%dir /etc/apache2 +%dir /etc/apache2/conf.d /etc/apache2/conf.d/eximstats.conf %{_sbindir}/eximstats-html-update.py ++ eximstats.conf ++ --- /var/tmp/diff_new_pack.IJlR2q/_old 2015-04-23 08:04:32.0 +0200 +++ /var/tmp/diff_new_pack.IJlR2q/_new 2015-04-23 08:04:32.0 +0200 @@ -1,6 +1,6 @@ Alias /eximstats /srv/www/eximstats Directory /srv/www/eximstats -Order allow,deny -Allow from all +Require all granted Options +Indexes +AllowOverride None /Directory ++ eximstats.conf-2.2 ++ Alias /eximstats /srv/www/eximstats Directory /srv/www/eximstats Order allow,deny Allow from all Options +Indexes /Directory
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2015-03-23 12:17:44 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2015-01-30 17:43:55.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2015-03-23 12:17:45.0 +0100 @@ -1,0 +2,6 @@ +Fri Mar 13 12:26:23 UTC 2015 - lmue...@suse.com + +- Replace the fixed ExecStart arguments by ${EXIM_ARGS} as defined in + /etc/sysconfig/exim; (bsc#922145). + +--- Other differences: -- ++ exim.service ++ --- /var/tmp/diff_new_pack.rNCcGf/_old 2015-03-23 12:17:46.0 +0100 +++ /var/tmp/diff_new_pack.rNCcGf/_new 2015-03-23 12:17:46.0 +0100 @@ -7,7 +7,7 @@ PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim -ExecStart=/usr/sbin/exim -bd -q${QUEUE} +ExecStart=/usr/sbin/exim ${EXIM_ARGS} [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2015-01-30 17:43:44 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2014-12-06 13:45:42.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2015-01-30 17:43:55.0 +0100 @@ -1,0 +2,96 @@ +Sat Jan 24 23:04:19 UTC 2015 - lmue...@suse.com + +- Set CFLAGS_OPT_WERROR only on post-5 CentOS and RHEL systems. + +--- +Sat Jan 24 22:33:59 UTC 2015 - lmue...@suse.com + +- Drop BuildRequires xorg-x11-server-sdk for non SUSE systems in particular to + build on RHEL 6 again. + +--- +Sat Jan 24 22:16:09 UTC 2015 - lmue...@suse.com + +- Let ld know the path to mysqlclient. + +--- +Sat Jan 24 19:33:39 UTC 2015 - lmue...@suse.com + +- update to 4.85 + + When running the test suite, the README says that variables such as +no_msglog_check are global and can be placed anywhere in a specific +test's script, however it was observed that placement needed to be near +the beginning for it to behave that way. Changed the runtest perl +script to read through the entire script once to detect and set these +variables, reset to the beginning of the script, and then run through +the script parsing/test process like normal. + + Expand the EXPERIMENTAL_TPDA feature. Several different events now +cause callback expansion. + + Bugzilla 1518: Clarify condition processing in routers; that +syntax errors in an expansion can be treated as a string instead of +logging or causing an error, due to the internal use of bool_lax +instead of bool when processing it. + + Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for +server certificates when making smtp deliveries. + + Support secondary-separator specifier for MX, SRV, TLSA lookups. + + Add ${sort {list}{condition}{extractor}} expansion item. + + Bugzilla 1216: Add -M (related messages) option to exigrep. + + GitHub Issue 18: Adjust logic testing for true/false in redis lookups. +Merged patch from Sebastian Wiedenroth. + + Fix results-pipe from transport process. Several recipients, combined +with certificate use, exposed issues where response data items split +over buffer boundaries were not parsed properly. This eventually +resulted in duplicates being sent. This issue only became common enough +to notice due to the introduction of conection certificate information, +the item size being so much larger. Found and fixed by Wolfgang Breyha. + + Bug 1533: Fix truncation of items in headers_remove lists. A fixed +size buffer was used, resulting in syntax errors when an expansion +exceeded it. + + Add support for directories of certificates when compiled with a GnuTLS +version 3.3.6 or later. + + Rename the TPDA expermimental facility to Event Actions. The #ifdef +is EXPERIMENTAL_EVENT, the main-configuration and transport options +both become event_action, the variables become $event_name, $event_data +and $event_defer_errno. There is a new variable $verify_mode, usable in +routers, transports and related events. The tls:cert event is now also +raised for inbound connections, if the main configuration event_action +option is defined. + + In test suite, disable OCSP for old versions of openssl which contained +early OCSP support, but no stapling (appears to be less than 1.0.0). + + When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on +server certificate names available under the smtp transport option +tls_verify_cert_hostname now do not permit multi-component wildcard +matches. + + Time-related extraction expansions from certificates now use the main +option timezone setting for output formatting, and are consistent +between OpenSSL and GnuTLS compilations. Bug 1541. + + Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047- +encoded parameter in the incoming message. Bug 1558. + + Bug 1527: Autogrow buffer used in reading spool files. Since they now +include certificate info, eximon was claiming there were spoolfile +syntax errors. + + Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return. + + Log delivery-related information more consistently, using the sequence +H=name [ip] wherever possible. + + Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which +are problematic for Debian distribution, omit them from the release +tarball. + +
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2014-12-06 13:45:52 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2014-11-26 22:55:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2014-12-06 13:45:42.0 +0100 @@ -1,0 +2,5 @@ +Fri Dec 5 12:47:28 UTC 2014 - lmue...@suse.com + +- Removed executable permission bits from exim.service file. + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.ApYeIo/_old 2014-12-06 13:45:43.0 +0100 +++ /var/tmp/diff_new_pack.ApYeIo/_new 2014-12-06 13:45:43.0 +0100 @@ -271,9 +271,9 @@ mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done %if 0%{?suse_version} 1220 -install -m 755 %{S:32} $RPM_BUILD_ROOT/%{_unitdir}/exim.service +install -m 0644 %{S:32} $RPM_BUILD_ROOT/%{_unitdir}/exim.service %else -install -m 755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim +install -m 0755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim %endif # aka... for i in \ @@ -297,7 +297,7 @@ rm $RPM_BUILD_ROOT/usr/sbin/eximon* %endif cp -p %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.exim -install -m 644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim +install -m 0644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim # man pages mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2014-11-26 20:55:48 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2014-08-13 08:49:32.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2014-11-26 22:55:29.0 +0100 @@ -1,0 +2,19 @@ +Wed Nov 26 14:38:41 UTC 2014 - lmue...@suse.com + +- Remove dependency on gpg-offline as signature checking is implemented in the + source validator. + +--- +Wed Nov 26 13:13:38 UTC 2014 - lmue...@suse.com + +- update to 4.84 + + Re-add a 'return NULL' to silence complaints from static checkers that +were complaining about end of non-void function with no return; +(beo#1506); obsoletes silence-static-checkers.patch. + + Fix parsing of quoted parameter values in MIME headers. +This was a regression intruduced in 4.83 by another bugfix; (beo#1513). + + Fix broken compilation when EXPERIMENTAL_DSN is enabled. + + Fix exipick for enhanced spoolfile specification used when +EXPERIMENTAL_DNS is enabled; (beo#1509). + +--- Old: exim-4.83.tar.bz2 exim-4.83.tar.bz2.asc exim-pubkey_04d29eba.asc silence-static-checkers.patch New: exim-4.84.tar.bz2 exim-4.84.tar.bz2.asc exim.keyring Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.x26H0d/_old 2014-11-26 22:55:30.0 +0100 +++ /var/tmp/diff_new_pack.x26H0d/_new 2014-11-26 22:55:30.0 +0100 @@ -39,7 +39,6 @@ %if %{?suse_version:%suse_version}%{?!suse_version:0} 800 Requires: logrotate %if 0%{?suse_version} 1220 -BuildRequires: gpg-offline BuildRequires: pkgconfig(systemd) %{?systemd_requires} %else @@ -49,7 +48,7 @@ Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version:4.83 +Version:4.84 Release:0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel @@ -65,7 +64,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: exim-%{version}.tar.bz2 Source3:exim-%{version}.tar.bz2.asc -Source4:exim-pubkey_04d29eba.asc +Source4:exim.keyring Source1:sysconfig.exim Source2:exim.logrotate Source11: exim.rc @@ -77,7 +76,6 @@ Source32: exim.service Patch: exim-tail.patch Patch1: exim-enable_ecdh_openssl.patch -Patch2: silence-static-checkers.patch %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon @@ -127,11 +125,9 @@ %endif %prep -%{?gpg_verify: %gpg_verify --keyring %{SOURCE4} %{SOURCE3}} %setup -q -n exim-%{version} %patch %patch1 -p1 -%patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} 930 fPIE=-fPIE ++ exim-4.83.tar.bz2 - exim-4.84.tar.bz2 ++ 3576 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2014-08-13 08:49:19 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2014-07-26 09:42:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2014-08-13 08:49:32.0 +0200 @@ -1,0 +2,5 @@ +Tue Aug 12 13:46:29 UTC 2014 - p.drou...@gmail.com + +- Use %insserv_cleanup only for openSUSE 12.2 + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.K6mV0j/_old 2014-08-13 08:49:33.0 +0200 +++ /var/tmp/diff_new_pack.K6mV0j/_new 2014-08-13 08:49:33.0 +0200 @@ -386,9 +386,10 @@ %service_del_postun exim.service %else %restart_on_update exim +%insserv_cleanup %endif %endif -%insserv_cleanup + %verifyscript %verify_permissions -e /usr/sbin/exim -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2014-07-26 09:42:13 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2014-01-30 14:54:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2014-07-26 09:42:27.0 +0200 @@ -1,0 +2,38 @@ +Wed Jul 23 13:09:41 UTC 2014 - lmue...@suse.com + +- Add silence-static-checkers.patch; (beo#1506). + +--- +Wed Jul 23 10:08:04 UTC 2014 - lmue...@suse.com + +- update to 4.83 + This release of Exim includes one incompatible fix: + + the behavior of expansion of arguments to math comparison functions +(, =, =, =, ) was unexpected, expanding the values twice; +CVE-2014-2972; (bnc#888520) + This release contains the following enhancements and bugfixes: + + PRDR was promoted from Experimental to mainline + + OCSP Stapling was promoted from Experimental to mainline + + new Experimental feature Proxy Protocol + + new Experimental feature DSN (Delivery Status Notifications) + + TLS session improvements + + TLS SNI fixes + + LDAP enhancements + + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + + several new operations (listextract, utf8clean, md5, sha1) + + enforce header formatting with verify=header_names_ascii + + new commandline option -oMm + + new TLSA dns lookup + + new malware sock type + + cutthrough routing enhancements + + logging enhancements + + DNSSEC enhancements + + exiqgrep enhancements + + deprecating non-standard SPF results + + build and portability fixes + + documentation fixes and enhancements +- Verify source tar ball gpg signature. +- Refresh exim-enable_ecdh_openssl.patch and strip version number from the + patch filename. + +--- @@ -419,0 +458,6 @@ + +--- +Fri May 20 17:05:34 CEST 2011 - meiss...@suse.de + +- Fixed another remote code execution issue (CVE-2011-1407 / bnc#694798) +- Fixed STARTTLS command injection (bnc#695144) Old: exim-4.82.tar.bz2 exim482-enable_ecdh_openssl.patch New: exim-4.83.tar.bz2 exim-4.83.tar.bz2.asc exim-enable_ecdh_openssl.patch exim-pubkey_04d29eba.asc silence-static-checkers.patch Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.CjRPoI/_old 2014-07-26 09:42:28.0 +0200 +++ /var/tmp/diff_new_pack.CjRPoI/_new 2014-07-26 09:42:28.0 +0200 @@ -39,6 +39,7 @@ %if %{?suse_version:%suse_version}%{?!suse_version:0} 800 Requires: logrotate %if 0%{?suse_version} 1220 +BuildRequires: gpg-offline BuildRequires: pkgconfig(systemd) %{?systemd_requires} %else @@ -48,7 +49,7 @@ Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version:4.82 +Version:4.83 Release:0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel @@ -63,6 +64,8 @@ Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: exim-%{version}.tar.bz2 +Source3:exim-%{version}.tar.bz2.asc +Source4:exim-pubkey_04d29eba.asc Source1:sysconfig.exim Source2:exim.logrotate Source11: exim.rc @@ -73,7 +76,8 @@ Source31: eximstats.conf Source32: exim.service Patch: exim-tail.patch -Patch1: exim482-enable_ecdh_openssl.patch +Patch1: exim-enable_ecdh_openssl.patch +Patch2: silence-static-checkers.patch %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon @@ -123,9 +127,11 @@ %endif %prep +%{?gpg_verify: %gpg_verify --keyring %{SOURCE4} %{SOURCE3}} %setup -q -n exim-%{version} %patch %patch1 -p1 +%patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} 930 fPIE=-fPIE ++ exim-4.82.tar.bz2 - exim-4.83.tar.bz2 ++ 19368 lines of diff (skipped) ++ exim-enable_ecdh_openssl.patch ++ # Taken from: # http://bugs.exim.org/show_bug.cgi?id=1397 # http://bugs.exim.org/attachment.cgi?id=661 Index: exim-4.83/src/globals.c === --- exim-4.83.orig/src/globals.c +++ exim-4.83/src/globals.c @@ -150,6 +150,7 @@ that's the interop problem which has bee bit-count as NORMAL (2432) and Thunderbird dropping connection. */ int tls_dh_max_bits= 2236; uschar *tls_dhparam= NULL; +uschar *tls_eccurve
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2014-01-30 14:54:31 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2013-12-08 19:26:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2014-01-30 14:54:32.0 +0100 @@ -1,0 +2,6 @@ +Thu Jan 23 09:25:36 UTC 2014 - meiss...@suse.com + +- exim482-enable_ecdh_openssl.patch: Enable ECDH (elliptic curve diffie + hellman) support, taken from http://bugs.exim.org/show_bug.cgi?id=1397 + +--- New: exim482-enable_ecdh_openssl.patch Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.16uUNk/_old 2014-01-30 14:54:33.0 +0100 +++ /var/tmp/diff_new_pack.16uUNk/_new 2014-01-30 14:54:33.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -73,6 +73,7 @@ Source31: eximstats.conf Source32: exim.service Patch: exim-tail.patch +Patch1: exim482-enable_ecdh_openssl.patch %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon @@ -124,6 +125,7 @@ %prep %setup -q -n exim-%{version} %patch +%patch1 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} 930 fPIE=-fPIE ++ exim482-enable_ecdh_openssl.patch ++ # Taken from: # http://bugs.exim.org/show_bug.cgi?id=1397 # http://bugs.exim.org/attachment.cgi?id=661 diff -urN exim-4.82_RC3.orig/src/globals.c exim-4.82_RC3.ecdh/src/globals.c --- exim-4.82_RC3.orig/src/globals.c2013-10-09 22:47:52.0 +0200 +++ exim-4.82_RC3.ecdh/src/globals.c2013-10-15 00:53:16.0 +0200 @@ -137,6 +137,7 @@ bit-count as NORMAL (2432) and Thunderbird dropping connection. */ int tls_dh_max_bits= 2236; uschar *tls_dhparam= NULL; +uschar *tls_eccurve= NULL; #if defined(EXPERIMENTAL_OCSP) !defined(USE_GNUTLS) uschar *tls_ocsp_file = NULL; #endif diff -urN exim-4.82_RC3.orig/src/globals.h exim-4.82_RC3.ecdh/src/globals.h --- exim-4.82_RC3.orig/src/globals.h2013-10-09 22:47:52.0 +0200 +++ exim-4.82_RC3.ecdh/src/globals.h2013-10-15 00:52:25.0 +0200 @@ -105,6 +105,7 @@ extern uschar *tls_crl;/* CRL File */ extern int tls_dh_max_bits;/* don't accept higher lib suggestions */ extern uschar *tls_dhparam;/* DH param file */ +extern uschar *tls_eccurve;/* EC curve */ #if defined(EXPERIMENTAL_OCSP) !defined(USE_GNUTLS) extern uschar *tls_ocsp_file; /* OCSP stapling proof file */ #endif diff -urN exim-4.82_RC3.orig/src/readconf.c exim-4.82_RC3.ecdh/src/readconf.c --- exim-4.82_RC3.orig/src/readconf.c 2013-10-09 22:47:52.0 +0200 +++ exim-4.82_RC3.ecdh/src/readconf.c 2013-10-15 00:53:58.0 +0200 @@ -433,6 +433,7 @@ { tls_crl, opt_stringptr, tls_crl }, { tls_dh_max_bits, opt_int, tls_dh_max_bits }, { tls_dhparam, opt_stringptr, tls_dhparam }, + { tls_eccurve, opt_stringptr, tls_eccurve }, # if defined(EXPERIMENTAL_OCSP) !defined(USE_GNUTLS) { tls_ocsp_file,opt_stringptr, tls_ocsp_file }, # endif diff -urN exim-4.82_RC3.orig/src/tls-openssl.c exim-4.82_RC3.ecdh/src/tls-openssl.c --- exim-4.82_RC3.orig/src/tls-openssl.c2013-10-09 22:47:52.0 +0200 +++ exim-4.82_RC3.ecdh/src/tls-openssl.c2013-10-15 00:51:20.0 +0200 @@ -446,7 +446,57 @@ return TRUE; } +#if !defined(OPENSSL_NO_ECDH) +static BOOL +init_ecdh(SSL_CTX *sctx, host_item *host) +{ +EC_KEY *ecdh; +int nid; +# if !defined(OPENSSL_NO_ECDH) OPENSSL_VERSION_NUMBER = 0x10002000L +/* check if OpenSSL = 1.0.2 auto ECDH temp key parameter selection should be used */ +if (Ustrcmp(tls_eccurve, auto) == 0) + { + DEBUG(D_tls) debug_printf(ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n); + SSL_CTX_set_ecdh_auto(sctx, 1); + return TRUE; + } +# endif + +if (tls_eccurve == NULL) + { + DEBUG(D_tls) +debug_printf(ECDH curve (default): prime256v1\n, tls_eccurve); + nid = NID_X9_62_prime256v1; + } +else + { + /* search curve name */ + DEBUG(D_tls) +debug_printf(ECDH curve: %s\n,
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2013-12-08 19:26:29 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2013-11-07 08:39:42.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2013-12-08 19:26:30.0 +0100 @@ -1,0 +2,197 @@ +Fri Dec 6 18:44:42 UTC 2013 - l...@smaba.org + +- BuildRequire libopenssl-devel only on SUSE systems. +- Fix suse_version condition of the pre- and postun scriptlets. + +--- +Fri Dec 6 17:52:27 UTC 2013 - l...@smaba.org + +- Call service_add_pre from pre scriptlet on post-12.2 systems. + +--- +Fri Dec 6 17:37:11 UTC 2013 - lmue...@suse.com + +- update to 4.82 + - Add -bI: framework, and -bI:sieve for querying sieve capabilities. + - Make -n do something, by making it not do something. +When combined with -bP, the name of an option is not output. + - Added tls_dh_min_bits SMTP transport driver option, only honoured +by GnuTLS. + - First step towards DNSSEC, provide $sender_host_dnssec for +$sender_host_name and config options to manage this, and basic check +routines. + - DSCP support for outbound connections and control modifier for inbound. + - Cyrus SASL: set local and remote IP;port properties for driver. +(Only plugin which currently uses this is kerberos4, which nobody should +be using, but we should make it available and other future plugins might +conceivably use it, even though it would break NAT; stuff *should* be +using channel bindings instead). + - Handle exim -L tag to indicate to use syslog with tag as the process +name; added for Sendmail compatibility; requires admin caller. +Handle -G as equivalent to control = suppress_local_fixups (we used to +just ignore it); requires trusted caller. +Also parse but ignore: -Ac -Am -Xlogfile +Bugzilla 1117. + - Bugzilla 1258 - Refactor MAIL FROM optional args processing. + - Add +smtp_confirmation as a default logging option. + - Bugzilla 198 - Implement remove_header ACL modifier. + - Bugzilla 1197, 1281, 1283 - Spec typo. + - Bugzilla 1290 - Spec grammar fixes. + - Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation. + - Add Experimental DMARC support using libopendmarc libraries. + - Fix an out of order global option causing a segfault. Reported to dev +mailing list by by Dmitry Isaikin. + - Bugzilla 1201 304 - New cutthrough-delivery feature, with TLS support. + - Support G suffix to numbers in ${if comparisons. + - Handle smtp transport tls_sni option forced-fail for OpenSSL. + - Bugzilla 1196 - Spec examples corrections + - Add expansion operators ${listnamed:name} and ${listcount:string} + - Add gnutls_allow_auto_pkcs11 option (was originally called +gnutls_enable_pkcs11, but renamed to more accurately indicate its +function. + - Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. +Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. + - Add expansion item ${acl {name}{arg}...}, expansion condition +acl {{name}{arg}...}, and optional args on acl condition +acl = name arg... + - Permit multiple router/transport headers_add/remove lines. + - Add dnsdb pseudo-lookup a+ to do an + a combination. + - Avoid using a waiting database for a single-message-only transport. +Performance patch from Paul Fisher. Bugzilla 1262. + - Strip leading/trailing newlines from add_header ACL modifier data. +Bugzilla 884. + - Add $headers_added variable, with content from use of ACL modifier +add_header (but not yet added to the message). Bugzilla 199. + - Add 8bitmime log_selector, for 8bitmime status on the received line. +Pulled from Bugzilla 817 by Wolfgang Breyha. + - SECURITY: protect DKIM DNS decoding from remote exploit. +CVE-2012-5671 +(nb: this is the same fix as in Exim 4.80.1) + - Add A= logging on delivery lines, and a client_set_id option on +authenticators. + - Add optional authenticated_sender logging to A= and a log_selector +for control. + - Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. + - Dovecot auth: log better reason to rejectlog if Dovecot did not +advertise SMTP AUTH mechanism to us, instead of a generic +protocol violation error. Also, make Exim more robust to bad +data from the Dovecot auth socket. + - Fix ultimate retry timeouts for intermittently deliverable recipients. + - When a queue runner is handling a message, Exim first routes the +recipient addresses, during which it prunes them based on the
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2013-11-07 08:39:41 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2013-06-17 10:04:47.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2013-11-07 08:39:42.0 +0100 @@ -1,0 +2,6 @@ +Sun Oct 27 17:35:43 UTC 2013 - p.drou...@gmail.com + +- Add systemd support for openSUSE 12.2 +- Remove some obsolete conditionnal macros + +--- New: exim.service Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.qEiXek/_old 2013-11-07 08:39:43.0 +0100 +++ /var/tmp/diff_new_pack.qEiXek/_new 2013-11-07 08:39:43.0 +0100 @@ -24,13 +24,8 @@ BuildRequires: pcre-devel %if %{?suse_version:1}%{?!suse_version:0} BuildRequires: tcpd-devel -%if %suse_version 910 BuildRequires: xorg-x11-devel %else -BuildRequires: XFree86-devel -BuildRequires: XFree86-libs -%endif -%else BuildRequires: libXaw-devel BuildRequires: libXext-devel BuildRequires: libXt-devel @@ -43,7 +38,15 @@ Provides: smtp_daemon %if %{?suse_version:%suse_version}%{?!suse_version:0} 800 Requires: logrotate -PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils +%if 0%{?suse_version} 1220 +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%else +Requires(pre): %insserv_prereq +%endif +Requires(pre): %fillup_prereq +Requires(pre): /usr/sbin/useradd +Requires(pre): fileutils textutils %endif Version:4.80.1 Release:0 @@ -68,6 +71,7 @@ Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2 Source30: eximstats-html-update.py Source31: eximstats.conf +Source32: exim.service Patch: exim-tail.patch %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 @@ -244,7 +248,11 @@ make %install +%if 0%{?suse_version} 1220 +mkdir -p $RPM_BUILD_ROOT/%{_unitdir} +%else mkdir -p $RPM_BUILD_ROOT/etc/init.d +%endif mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin,lib} mkdir -p $RPM_BUILD_ROOT/var/log/exim @@ -258,7 +266,11 @@ INSTALL_ARG=-no_chown install mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done +%if 0%{?suse_version} 1220 +install -m 755 %{S:32} $RPM_BUILD_ROOT/%{_unitdir}/exim.service +%else install -m 755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim +%endif # aka... for i in \ /usr/lib/sendmail \ @@ -270,7 +282,11 @@ ln -sf ../sbin/exim $RPM_BUILD_ROOT$i done ln -sf exim $RPM_BUILD_ROOT/usr/sbin/sendmail +%if 0%{?suse_version} 1220 +ln -sv ../../%{_unitdir}/exim.service $RPM_BUILD_ROOT/usr/sbin/rcexim +%else ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim +%endif %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/ %else @@ -305,11 +321,6 @@ # package the utilities without executable permissions, to silence rpmlint warnings chmod 644 util/*.{pl,sh} src/convert4r* # -# since 10.0, the permissions file is packaged in the 'permissions' package -%if %{?suse_version:%suse_version}%{?!suse_version:9} 1000 -install -m 0755 -d $RPM_BUILD_ROOT/etc/permissions.d -install -m 0644 $RPM_SOURCE_DIR/permissions.exim $RPM_BUILD_ROOT/etc/permissions.d/exim -%endif # eximstats-html files %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats @@ -339,24 +350,35 @@ for i in var/log/exim/main.log var/log/exim/panic.log var/log/exim/reject.log; do if ! test -e $i; then touch $i; chown mail:mail $i; chmod 640 $i ; fi done +%if 0%{?suse_version} 1220 +%{fillup_only} +%service_add_post exim.service +%else %{fillup_and_insserv exim} +%endif exit 0 -%if %{?suse_version:%suse_version}%{?!suse_version:0} 820 +%if %{?suse_version:%suse_version} %preun +%if 0%{?suse_version} 1220 +%service_del_preun exim.service +%else %stop_on_removal exim %endif +%endif %postun -%if %{?suse_version:%suse_version}%{?!suse_version:0} 820 +%if %{?suse_version:%suse_version} +%if 0%{?suse_version} 1220 +%service_del_postun exim.service +%else %restart_on_update exim %endif +%endif %insserv_cleanup %verifyscript %verify_permissions -e /usr/sbin/exim -%clean - %files %defattr(-,root,root) %doc ACKNOWLEDGMENTS CHANGES LICENCE NOTICE README.UPDATING README @@ -376,7 +398,11 @@
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2013-06-17 10:04:45 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2013-01-10 13:02:23.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2013-06-17 10:04:47.0 +0200 @@ -1,0 +2,7 @@ +Sun Jun 16 02:13:52 UTC 2013 - jeng...@inai.de + +- exim.spec forces the use of SSL libraries, + so make sure the BuildRequires are there. + Also add previously implicit cyrus-sasl back. + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.uFOoIf/_old 2013-06-17 10:04:47.0 +0200 +++ /var/tmp/diff_new_pack.uFOoIf/_new 2013-06-17 10:04:47.0 +0200 @@ -17,7 +17,9 @@ Name: exim +BuildRequires: cyrus-sasl-devel BuildRequires: db-devel +BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pcre-devel %if %{?suse_version:1}%{?!suse_version:0} -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2013-01-10 13:02:21 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim, Maintainer is po...@novell.com Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2012-10-27 07:38:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2013-01-10 13:02:23.0 +0100 @@ -1,0 +2,6 @@ +Wed Jan 9 19:02:27 UTC 2013 - l...@samba.org + +- Execute the run_permissions macro on pre-11.4 systems and else the + set_permission one if available; (bnc#764120). + +--- Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.nz5ZB4/_old 2013-01-10 13:02:24.0 +0100 +++ /var/tmp/diff_new_pack.nz5ZB4/_new 2013-01-10 13:02:24.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -319,7 +319,11 @@ install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim %post +%if 0%{?suse_version} 1131 %run_permissions +%else +%set_permissions /usr/sbin/exim +%endif if ! test -s etc/exim/exim.conf; then if test -s etc/exim.conf; then mv etc/exim.conf etc/exim/ -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2012-10-27 07:38:43 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim, Maintainer is po...@novell.com Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2012-08-26 11:31:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-10-27 07:38:45.0 +0200 @@ -1,0 +2,7 @@ +Thu Oct 25 10:36:19 UTC 2012 - l...@samba.org + +- update to 4.80.1 + - SECURITY: protect DKIM DNS decoding from remote exploit; CVE-2012-5671; +(bnc#786652). + +--- Old: exim-4.80.tar.bz2 New: exim-4.80.1.tar.bz2 Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.uE45Dz/_old 2012-10-27 07:38:47.0 +0200 +++ /var/tmp/diff_new_pack.uE45Dz/_new 2012-10-27 07:38:47.0 +0200 @@ -43,7 +43,7 @@ Requires: logrotate PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif -Version:4.80 +Version:4.80.1 Release:0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel ++ exim-4.80.tar.bz2 - exim-4.80.1.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/doc/ChangeLog new/exim-4.80.1/doc/ChangeLog --- old/exim-4.80/doc/ChangeLog 2012-05-31 02:40:15.0 +0200 +++ new/exim-4.80.1/doc/ChangeLog 2012-10-25 05:37:38.0 +0200 @@ -1,6 +1,14 @@ Change log file for Exim from version 4.21 --- +Exim version 4.80.1 +--- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.81. + + Exim version 4.80 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/doc/spec.txt new/exim-4.80.1/doc/spec.txt --- old/exim-4.80/doc/spec.txt 2012-05-31 11:35:23.0 +0200 +++ new/exim-4.80.1/doc/spec.txt2012-10-25 05:46:58.0 +0200 @@ -5,9 +5,9 @@ Copyright (c) 2012 University of Cambridge +-+ -+-++--+ -|Revision 4.80|17 May 2012 |EM| -+-++--+ +++--+-+ +|Revision 4.80.1 |24 Oct 2012 |EM | +++--+-+ --- TABLE OF CONTENTS @@ -653,7 +653,7 @@ 1.1 Exim documentation -- -This edition of the Exim specification applies to version 4.80 of Exim. +This edition of the Exim specification applies to version 4.80.1 of Exim. Substantive changes from the 4.75 edition are marked in some renditions of the document; this paragraph is so marked if the rendition is capable of showing a change indicator. @@ -1738,7 +1738,7 @@ Exim is distributed as a gzipped or bzipped tar file which, when unpacked, creates a directory with the name of the current release (for example, -exim-4.80) into which the following files are placed: +exim-4.80.1) into which the following files are placed: ACKNOWLEDGMENTS contains some acknowledgments CHANGES contains a reference to where changes are documented @@ -2348,7 +2348,7 @@ For the utility programs, old versions are renamed by adding the suffix .O to their names. The Exim binary itself, however, is handled differently. It is installed under a name that includes the version number and the compile number, -for example exim-4.80-1. The script then arranges for a symbolic link called +for example exim-4.80.1-1. The script then arranges for a symbolic link called exim to point to the binary. If you are updating a previous version of Exim, the script takes care to ensure that the name exim is never absent from the directory (as seen by other processes). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/exim-4.80/scripts/reversion new/exim-4.80.1/scripts/reversion --- old/exim-4.80/scripts/reversion 2012-05-31 02:40:15.0 +0200 +++ new/exim-4.80.1/scripts/reversion 2012-10-25 05:37:38.0 +0200 @@ -32,21 +32,23 @@ # If this tree is a git working
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2012-08-26 11:31:02 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim, Maintainer is po...@novell.com Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2012-03-20 11:26:48.0 +0100 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-08-26 11:31:04.0 +0200 @@ -1,0 +2,97 @@ +Sun Aug 19 13:36:59 UTC 2012 - l...@samba.org + +- update to 4.80 + - Bugzilla 949 - Documentation tweak. + - Bugzilla 1093 - eximstats DATA reject detection regexps improved. + - Bugzilla 1169 - primary_hostname spelling was incorrect in docs. + - Implemented gsasl authenticator. + - Implemented heimdal_gssapi authenticator with server_keytab option. + - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use +`pkg-config foo` for cflags/libs. + - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent +with rest of GSASL and with heimdal_gssapi. + - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use +`pkg-config foo` for cflags/libs for the TLS implementation. + - New expansion variable $tls_bits; Cyrus SASL server connection +properties get this fed in as external SSF. A number of robustness +and debugging improvements to the cyrus_sasl authenticator. + - cyrus_sasl server now expands the server_realm option. + - Bugzilla 1214 - Log authentication information in reject log. + - Added dbmjz lookup type. + - Let heimdal_gssapi authenticator take a SASL message without an authzid. + - MAIL args handles TAB as well as SP, for better interop with +non-compliant senders. + - Bugzilla 1237 - fix cases where printf format usage not indicated. + - tls_peerdn now print-escaped for spool files. +Observed some $tls_peerdn in wild which contained \n, which resulted +in spool file corruption. + - TLS fixes for OpenSSL: support TLS 1.1 1.2; new openssl_options +values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read +or write after TLS renegotiation, which otherwise led to messages +Got SSL error 2. + - Bugzilla 1239 - fix DKIM verification when signature was not inserted +as a tracking header (ie: a signed header comes before the signature). + - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a +comma-sep list; embedded commas doubled. + - Refactored ACL verify = logic to table-driven dispatch. + - LDAP: Check for errors of TLS initialisation, to give correct diagnostics. + - Removed dont_insert_empty_fragments fron openssl_options. +Removed SSL_clear() after SSL_new() which led to protocol negotiation +failures. We appear to now support TLS1.1+ with Exim. + - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate +lets Exim select keys and certificates based upon TLS SNI from client. +Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly +before an outbound SMTP session. New log_selector, +tls_sni. + - Bugzilla 1122 - check localhost_number expansion for failure, avoid +NULL dereference. + - Revert part of NM/04, it broke log_path containing %D expansions. +Left warnings. Added eximon gdb invocation mode. + - Defaulting accept_8bitmime to true, not false. + - Added -bw for inetd wait mode support. + - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to +locate the relevant includes and libraries. Made this the default. + - Fixed headers_only on smtp transports (was not sending trailing dot). +Bugzilla 1246, report and most of solution from Tomasz Kusy. + - ${eval } now uses 64-bit and supports a g suffix (like to k and m). +This may cause build issues on older platforms. + - Revamped GnuTLS support, passing tls_require_ciphers to +gnutls_priority_init, ignoring Exim options gnutls_require_kx, +gnutls_require_mac gnutls_require_protocols (no longer supported). +Added SNI support via GnuTLS too. +Made ${randint:..} supplier available, if using not-too-old GnuTLS. + - Added EXPERIMENTAL_OCSP for OpenSSL. + - Applied dnsdb SPF support patch from Janne Snabb. +Applied second patch from Janne, implementing suggestion to default +multiple-strings-in-record handling to match SPF spec. + - Added expansion variable $tod_epoch_l for a higher-precision time. + - Fix DCC dcc_header content corruption (stack memory referenced, +read-only, out of scope). +Patch from Wolfgang Breyha, report from Stuart Northfield. + - Fix three issues highlighted by clang analyser static analysis. +Only crash-plausible issue would require the Cambridge-specific +iplookup router and a misconfiguration. +Report from Marcin Mirosław. + -
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2012-03-20 11:26:45 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim, Maintainer is po...@novell.com Changes: --- /work/SRC/openSUSE:Factory/exim/exim.changes2011-09-23 01:57:06.0 +0200 +++ /work/SRC/openSUSE:Factory/.exim.new/exim.changes 2012-03-20 11:26:48.0 +0100 @@ -1,0 +2,94 @@ +Sat Mar 17 19:42:30 UTC 2012 - l...@samba.org + +- Disable format-security and missing-format-attribute warnings via CFLAGS on + pre-11.2 systems. + +--- +Wed Mar 7 16:13:51 UTC 2012 - l...@samba.org + +- Remove obsoleted Authors lines from spec file. + +--- +Wed Mar 7 15:33:12 UTC 2012 - l...@samba.org + +- update to 4.77 + - DKIM Verification: Fix relaxed canon for empty headers w/o +whitespace trailer + - Fix a couple more cases where we did not log the error message +when unlink() failed. See also change 4.74-TF/03. + - Make the exiwhat support code safe for signals. Previously Exim might +lock up or crash if it happened to be inside a call to libc when it +got a SIGUSR1 from exiwhat. + - The SIGUSR1 handler appends the current process status to the process +log which is later printed by exiwhat. It used to use the general +purpose logging code to do this, but several functions it calls are +not safe for signals. + - The new output code in the SIGUSR1 handler is specific to the process +log, and simple enough that it's easy to inspect for signal safety. +Removing some special cases also simplifies the general logging code. +Removing the spurious timestamps from the process log simplifies +exiwhat. + - Improved ratelimit ACL condition. + - Removed obsolete $Cambridge$ CVS revision strings. + - Removed a few PCRE remnants. + - Automatically extract Exim's version number from tags in the git +repository when doing development or release builds. + - Raise smtp_cmd_buffer_size to 16kB. +Bugzilla 879. Patch from Paul Fisher. + - Implement SSL-on-connect outbound with protocol=smtps on smtp transport. +Heavily based on revision 40f9a89a from Simon Arlott's tree. +Bugzilla 97. + - Use .dylib instead of .so for dynamic library loading on MacOS. + - Variable $av_failed, true if the AV scanner deferred. +Bugzilla 1078. Patch from John Horne. + - Stop make process more reliably on build failure. +Bugzilla 1087. Patch from Heiko Schlittermann. + - Make maildir_use_size_file an _expandable_ boolean. +Bugzilla 1089. Patch from Heiko Schlittermann. + - Handle ${run} returning more data than OS pipe buffer size. +Bugzilla 1131. Patch from Holger Weiß. + - Handle IPv6 addresses with SPF. +Bugzilla 860. Patch from Wolfgang Breyha. + - GnuTLS: support TLS 1.2 1.1. +Bugzilla 1156. +Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler]. +Bugzilla 1095. + - match_* no longer expand right-hand-side by default. +New compile-time build option, EXPAND_LISTMATCH_RHS. +New expansion conditions, inlist, inlisti. + - fix uninitialised greeting string from PP/03 (smtps client support). + - shell and compiler warnings fixes for RC1-RC4 changes. + - fix log_write() format string regression from TF/03. +Bugzilla 1152. Patch from Dmitry Isaikin. + +- update to 4.77 + - The new ldap_require_cert option would segfault if used. Fixed. + - Harmonised TLS library version reporting; only show if debugging. +Layout now matches that introduced for other libraries in 4.74 PP/03. + - New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 + - New dns_use_edns0 global option. + - Don't segfault on misconfiguration of ref:name exim-user as uid. +Bugzilla 1098. + - Extra paranoia around buffer usage at the STARTTLS transition. +nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 + - Updated PolarSSL code to 0.14.2. +Bugzilla 1097. Patch from Andreas Metzler. + - Catch divide-by-zero in ${eval:...}. +Fixes bugzilla 1102. + - Condition negation of bool{}/bool_lax{} did not negate. Fixed. +Bugzilla 1104. + - Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a +format-string attack -- SECURITY: remote arbitrary code execution. + - SECURITY - DKIM signature header parsing was double-expanded, second +time unintentionally subject to list matching rules, letting the header +cause arbitrary Exim lookups (of items which can occur in lists, *not* +arbitrary string expansion). This allowed for information disclosure. + - Fix another SIGFPE (x86) in ${eval:...} expansion,
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at 2011-12-06 18:08:47 Comparing /work/SRC/openSUSE:Factory/exim (Old) and /work/SRC/openSUSE:Factory/.exim.new (New) Package is exim, Maintainer is po...@novell.com Changes: Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.YHZCRZ/_old 2011-12-06 18:14:10.0 +0100 +++ /var/tmp/diff_new_pack.YHZCRZ/_new 2011-12-06 18:14:10.0 +0100 @@ -32,7 +32,7 @@ %endif Url:http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Networking/Email/Servers AutoReqProv:on Provides: smtp_daemon @@ -67,12 +67,12 @@ %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon -License:GPLv2+ +License:GPL-2.0+ Summary:Eximon, an graphical frontend to administer Exim's mail queue Group: Productivity/Networking/Email/Servers %package -n eximstats-html -License:GPLv2+ +License:GPL-2.0+ Summary:Create HTML reports of exim logs Group: Productivity/Networking/Email/Servers Requires: perl-GD perl-GDGraph perl-GDTextUtil -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at Tue May 10 09:16:06 CEST 2011. --- exim/exim.changes 2011-05-07 15:33:18.0 +0200 +++ /mounts/work_src_done/STABLE/exim/exim.changes 2011-05-09 13:33:14.0 +0200 @@ -1,0 +2,5 @@ +Mon May 9 13:32:55 CEST 2011 - dmuel...@suse.de + +- check format strings + +--- calling whatdependson for head-i586 New: format-security.diff Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.gM2RXA/_old 2011-05-10 09:15:14.0 +0200 +++ /var/tmp/diff_new_pack.gM2RXA/_new 2011-05-10 09:15:14.0 +0200 @@ -41,7 +41,7 @@ PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif Version:4.75 -Release:1 +Release:3 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel Provides: exim = %version @@ -63,6 +63,7 @@ Source31: eximstats.conf Patch: exim-4.12-tail.patch Patch1: 109066729a54f6ba5c4e8bc174133da33242e930.diff +Patch2: format-security.diff %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon @@ -130,6 +131,7 @@ %setup -q -n exim-%{version} %patch %patch1 -p2 +%patch2 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} 930 fPIE=-fPIE @@ -241,7 +243,7 @@ # SPOOL_MODE=0640 SUPPORT_MOVE_FROZEN_MESSAGES=yes HAVE_IPV6=YES - CFLAGS=$RPM_OPT_FLAGS -Wall -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE + CFLAGS=$RPM_OPT_FLAGS -Wall -Werror=format-security -Werror=missing-format-attribute -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf ++ format-security.diff ++ --- exim_monitor/em_log.c +++ exim_monitor/em_log.c @@ -58,6 +58,8 @@ static int size = 0; static int top = 0; +static void show_log(char *s, ...) PRINTF_FUNCTION(1,2); + static void show_log(char *s, ...) { int length, newtop; @@ -364,7 +366,7 @@ if (log_datestamping) { uschar log_file_wanted[256]; - string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file); + string_format(log_file_wanted, sizeof(log_file_wanted), %s, CS log_file); if (Ustrcmp(log_file_wanted, log_file_open) != 0) { if (LOG != NULL) --- exim_monitor/em_main.c +++ exim_monitor/em_main.c @@ -656,7 +656,7 @@ if (log_file[0] != 0) { - (void)string_format(log_file_open, sizeof(log_file_open), CS log_file); + (void)string_format(log_file_open, sizeof(log_file_open), %s, CS log_file); log_datestamping = string_datestamp_offset = 0; LOG = fopen(CS log_file_open, r); --- exim_monitor/em_text.c +++ exim_monitor/em_text.c @@ -60,6 +60,8 @@ * Display text from format * */ +void text_showf(Widget w, char *s, ...) PRINTF_FUNCTION(2,3); + void text_showf(Widget w, char *s, ...) { va_list ap; --- src/demime.c +++ src/demime.c @@ -823,7 +823,7 @@ (void)string_vformat(US f, 16383,(char *)format, ap); va_end(ap); f-=22; -log_write(0, LOG_MAIN, f); +log_write(0, LOG_MAIN, %s, f); /* then copy to demime_reason_buffer if new level is greater than old level */ if (level demime_errorlevel) { --- src/dkim.c +++ src/dkim.c @@ -176,7 +176,7 @@ } logmsg[ptr] = '\0'; -log_write(0, LOG_MAIN, (char *)logmsg); +log_write(0, LOG_MAIN, %s, (char *)logmsg); /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ dkim_signers = string_append(dkim_signers, --- src/exim_dbutil.c +++ src/exim_dbutil.c @@ -59,6 +59,7 @@ #include dbstuff.h #include osfunctions.h #include store.h +#include local_scan.h /* Identifiers for the different database types. */ --- src/functions.h +++ src/functions.h @@ -82,7 +82,7 @@ int, int, uschar *, bit_table *, int, uschar *, int); extern address_item *deliver_make_addr(uschar *, BOOL); extern int deliver_message(uschar *, BOOL, BOOL); -extern voiddeliver_msglog(const char *, ...); +extern voiddeliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); extern voiddeliver_set_expansions(address_item *); extern int deliver_split_address(address_item *); extern voiddeliver_succeeded(address_item *); @@ -181,9 +181,9 @@ extern uschar *moan_check_errorcopy(uschar *); extern BOOLmoan_skipped_syntax_errors(uschar *, error_block *, uschar *, BOOL, uschar *); -extern voidmoan_smtp_batch(uschar *, char *, ...); +extern voidmoan_smtp_batch(uschar *, char *,
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at Mon May 9 10:26:25 CEST 2011. --- exim/exim.changes 2011-03-10 19:42:25.0 +0100 +++ /mounts/work_src_done/STABLE/exim/exim.changes 2011-05-07 15:33:18.0 +0200 @@ -1,0 +2,53 @@ +Sat May 7 13:12:08 UTC 2011 - l...@samba.org + +- The new ldap_require_cert option would segfault if used; use upstream patch + to address the ldap_set_option() issue; (beo#230); (beo#1108). + +--- +Fri May 6 20:00:38 UTC 2011 - l...@samba.org + +- Cast third arg to void * when calling ldap_set_option(). + +--- +Fri May 6 19:14:37 UTC 2011 - l...@samba.org + +- update to 4.75 + - Workround for PCRE version dependency in version reporting +Bugzilla 1073 + - Permit LOOKUP_foo enabling on the make command-line. +Also via indented variable definition in the Makefile. + - Restore caching of spamd results with expanded spamd_address. + - Build issue: lookups-Makefile now exports LC_ALL=C +Improves build reliability. + - Fix wide character breakage in the rfc2047 coding; Fixes bug 1064. + - Allow underscore in dnslist lookups; Fixes bug 1026. + - Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps). + - Fixed exiqgrep to cope with mailq missing size issue +Fixes bug 943. + - Bugzilla 1083: when lookup expansion defers, escape the output which +is logged, to avoid truncation. + - Bugzilla 1042: implement freeze_signal on pipe transports. + - Bugzilla 1061: restrict error messages sent over SMTP to not reveal +SQL string expansion failure details. + - Bugzilla 486: implement %M datestamping in log filenames. + - New lookups functionality failed to compile on old gcc which rejects +extern declarations in function scope. + - Use sig_atomic_t for flags set from signal handlers. +Check getgroups() return and improve debugging. +Fixed developed for diagnosis in bug 927 (which turned out to be +a kernel bug). + - Bugzilla 1055: Update $message_linecount for maildir_tag. + - Bugzilla 1056: Improved spamd server selection. + - Bugzilla 1086: Deal with maildir quota file races. + - Bugzilla 1019: DKIM multiple signature generation fix. + - Fix to spam.c to accommodate older gcc versions which dislike +variable declaration deep within a block. + - Make DISABLE_DKIM build knob functional. + - Bugzilla 968: child_open_uid: restore default SIGPIPE handler + +--- +Fri May 6 18:18:00 UTC 2011 - l...@samba.org + +- Don't pass DKIM compound log line as format string; (beo#1106); (bnc#692227). + +--- calling whatdependson for head-i586 Old: aa097c4c00f62487128d74f65c521f9e877b184f.diff exim-4.74.tar.bz2 New: 109066729a54f6ba5c4e8bc174133da33242e930.diff exim-4.75.tar.bz2 Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.EfrW12/_old 2011-05-09 10:24:53.0 +0200 +++ /var/tmp/diff_new_pack.EfrW12/_new 2011-05-09 10:24:53.0 +0200 @@ -40,8 +40,8 @@ Requires: logrotate PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif -Version:4.74 -Release:8 +Version:4.75 +Release:1 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel Provides: exim = %version @@ -62,7 +62,7 @@ Source30: eximstats-html-update.py Source31: eximstats.conf Patch: exim-4.12-tail.patch -Patch1: aa097c4c00f62487128d74f65c521f9e877b184f.diff +Patch1: 109066729a54f6ba5c4e8bc174133da33242e930.diff %if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon @@ -129,7 +129,7 @@ %prep %setup -q -n exim-%{version} %patch -%patch1 -p1 +%patch1 -p2 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:9} 930 fPIE=-fPIE ++ 109066729a54f6ba5c4e8bc174133da33242e930.diff ++ From 109066729a54f6ba5c4e8bc174133da33242e930 Mon Sep 17 00:00:00 2001 From: Phil Pennock p...@exim.org Date: Tue, 22 Mar 2011 06:43:34 -0400 Subject: [PATCH] Make ldap_require_cert work (not segfault). The clang complaint, which also triggered a gcc complaint, was legitimate. My first test, which suggested no problem, was flawed. This: ldap_start_tls ldap_require_cert = demand would cause a segfault on LDAP lookup. fixes bug 230 --- doc/doc-txt/ChangeLog |6 ++ src/src/lookups/ldap.c |2 +- 2 files changed, 7 insertions(+), 1 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 853f3a5..94952af 100644 --- a/doc/doc/ChangeLog +++
commit exim for openSUSE:Factory
Hello community, here is the log from the commit of package exim for openSUSE:Factory checked in at Thu Apr 21 13:25:17 CEST 2011. --- exim/exim.changes 2011-02-04 23:21:53.0 +0100 +++ /mounts/work_src_done/STABLE/exim/exim.changes 2011-03-10 19:42:25.0 +0100 @@ -1,0 +2,6 @@ +Thu Mar 10 18:30:11 UTC 2011 - po...@cmdline.net + +- postgresql-enabled build when build_with_pgsql is defined (which is done in a + linked package named server:mail/exim-postgresql) + +--- calling whatdependson for head-i586 Other differences: -- ++ exim.spec ++ --- /var/tmp/diff_new_pack.vNkVTj/_old 2011-04-21 13:24:15.0 +0200 +++ /var/tmp/diff_new_pack.vNkVTj/_new 2011-04-21 13:24:15.0 +0200 @@ -41,11 +41,15 @@ PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif Version:4.74 -Release:1 +Release:8 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel Provides: exim = %version %endif +%if %{?build_with_pgsql:1}0 +BuildRequires: postgresql-devel +Provides: exim = %version +%endif Summary:The Exim Mail Transfer Agent, a Replacement for sendmail BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: exim-%{version}.tar.bz2 @@ -59,7 +63,7 @@ Source31: eximstats.conf Patch: exim-4.12-tail.patch Patch1: aa097c4c00f62487128d74f65c521f9e877b184f.diff -%if !%{?build_with_mysql:1}0 +%if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %package -n eximon License:GPLv2+ @@ -88,7 +92,7 @@ Philip Hazel p...@cus.cam.ac.uk -%if !%{?build_with_mysql:1}0 +%if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %description -n eximon This allows administrators to view the exim agent's mail queue and @@ -162,6 +166,9 @@ %if %{?build_with_mysql:1}0 LOOKUP_MYSQL=yes %endif +%if %{?build_with_pgsql:1}0 + LOOKUP_PGSQL=yes +%endif LOOKUP_NIS=yes # LOOKUP_NISPLUS=yes # LOOKUP_ORACLE=yes @@ -177,6 +184,10 @@ LOOKUP_INCLUDE=-I /usr/include/mysql LOOKUP_LIBS=-lldap -llber -lmysqlclient %endif +%if %{?build_with_pgsql:1}0 + LOOKUP_INCLUDE=-I /usr/include/pgsql + LOOKUP_LIBS=-lldap -llber -lpq +%endif EXIM_MONITOR=eximon.bin WITH_CONTENT_SCAN=yes WITH_OLD_DEMIME=yes @@ -267,7 +278,7 @@ done ln -sf exim $RPM_BUILD_ROOT/usr/sbin/sendmail ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim -%if !%{?build_with_mysql:1}0 +%if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/ %else rm $RPM_BUILD_ROOT/usr/sbin/eximon* @@ -307,7 +318,7 @@ install -m 0644 $RPM_SOURCE_DIR/permissions.exim $RPM_BUILD_ROOT/etc/permissions.d/exim %endif # eximstats-html files -%if !%{?build_with_mysql:1}0 +%if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats mkdir -p $RPM_BUILD_ROOT/etc/apache2/conf.d/ cp -p $RPM_SOURCE_DIR/eximstats.conf $RPM_BUILD_ROOT/etc/apache2/conf.d/ @@ -386,7 +397,7 @@ /usr/lib/sendmail /var/adm/fillup-templates/sysconfig.exim %dir %attr(750,root,mail) /var/log/exim -%if !%{?build_with_mysql:1}0 +%if !%{?build_with_mysql:1}0 !%{?build_with_pgsql:1}0 %files -n eximon %defattr(-,root,root) ++ exim-4.12-tail.patch ++ --- /var/tmp/diff_new_pack.vNkVTj/_old 2011-04-21 13:24:15.0 +0200 +++ /var/tmp/diff_new_pack.vNkVTj/_new 2011-04-21 13:24:15.0 +0200 @@ -1,3 +1,8 @@ +From: Ruediger Oertel ro at suse dot de +Subject: fix deprecated tail call syntax (-1) +Reported-Upstream: Yes +Bugtracker: bugs.exim.org 1080 + Index: scripts/Configure-config.h === --- scripts/Configure-config.h.orig Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org