Hello community,

here is the log from the commit of package exim.2924 for openSUSE:13.1:Update 
checked in at 2014-08-11 09:43:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/exim.2924 (Old)
 and      /work/SRC/openSUSE:13.1:Update/.exim.2924.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "exim.2924"

Changes:
--------
New Changes file:

--- /dev/null   2014-07-24 01:57:42.080040256 +0200
+++ /work/SRC/openSUSE:13.1:Update/.exim.2924.new/exim.changes  2014-08-11 
09:43:12.000000000 +0200
@@ -0,0 +1,1895 @@
+-------------------------------------------------------------------
+Wed Jul 23 13:09:41 UTC 2014 - lmue...@suse.com
+
+- Silence static checkers; (beo#1506).
+
+-------------------------------------------------------------------
+Wed Jul 23 10:08:04 UTC 2014 - lmue...@suse.com
+
+- update to 4.83
+  This release of Exim includes one incompatible fix:
+  + the behavior of expansion of arguments to math comparison functions
+    (<, <=, =, =>, >) was unexpected, expanding the values twice;
+    CVE-2014-2972; (bnc#888520)
+  This release contains the following enhancements and bugfixes:
+  + PRDR was promoted from Experimental to mainline
+  + OCSP Stapling was promoted from Experimental to mainline
+  + new Experimental feature Proxy Protocol
+  + new Experimental feature DSN (Delivery Status Notifications)
+  + TLS session improvements
+  + TLS SNI fixes
+  + LDAP enhancements
+  + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy
+  + several new operations (listextract, utf8clean, md5, sha1)
+  + enforce header formatting with verify=header_names_ascii
+  + new commandline option -oMm
+  + new TLSA dns lookup
+  + new malware "sock" type
+  + cutthrough routing enhancements
+  + logging enhancements
+  + DNSSEC enhancements
+  + exiqgrep enhancements
+  + deprecating non-standard SPF results
+  + build and portability fixes
+  + documentation fixes and enhancements
+- Verify source tar ball gpg signature.
+- Refresh exim-enable_ecdh_openssl.patch and strip version number from the
+  patch filename.
+
+-------------------------------------------------------------------
+Thu Jan 23 09:25:36 UTC 2014 - meiss...@suse.com
+
+- exim482-enable_ecdh_openssl.patch: Enable ECDH (elliptic curve diffie
+  hellman) support, taken from http://bugs.exim.org/show_bug.cgi?id=1397
+
+-------------------------------------------------------------------
+Fri Dec  6 18:44:42 UTC 2013 - l...@smaba.org
+
+- BuildRequire libopenssl-devel only on SUSE systems.
+- Fix suse_version condition of the pre- and postun scriptlets.
+
+-------------------------------------------------------------------
+Fri Dec  6 17:52:27 UTC 2013 - l...@smaba.org
+
+- Call service_add_pre from pre scriptlet on post-12.2 systems.
+
+-------------------------------------------------------------------
+Fri Dec  6 17:37:11 UTC 2013 - lmue...@suse.com
+
+- update to 4.82
+  - Add -bI: framework, and -bI:sieve for querying sieve capabilities.
+  - Make -n do something, by making it not do something.
+    When combined with -bP, the name of an option is not output.
+  - Added tls_dh_min_bits SMTP transport driver option, only honoured
+    by GnuTLS.
+  - First step towards DNSSEC, provide $sender_host_dnssec for
+    $sender_host_name and config options to manage this, and basic check
+    routines.
+  - DSCP support for outbound connections and control modifier for inbound.
+  - Cyrus SASL: set local and remote IP;port properties for driver.
+    (Only plugin which currently uses this is kerberos4, which nobody should
+    be using, but we should make it available and other future plugins might
+    conceivably use it, even though it would break NAT; stuff *should* be
+    using channel bindings instead).
+  - Handle "exim -L <tag>" to indicate to use syslog with tag as the process
+    name; added for Sendmail compatibility; requires admin caller.
+    Handle -G as equivalent to "control = suppress_local_fixups" (we used to
+    just ignore it); requires trusted caller.
+    Also parse but ignore: -Ac -Am -X<logfile>
+    Bugzilla 1117.
+  - Bugzilla 1258 - Refactor MAIL FROM optional args processing.
+  - Add +smtp_confirmation as a default logging option.
+  - Bugzilla 198 - Implement remove_header ACL modifier.
+  - Bugzilla 1197, 1281, 1283 - Spec typo.
+  - Bugzilla 1290 - Spec grammar fixes.
+  - Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
+  - Add Experimental DMARC support using libopendmarc libraries.
+  - Fix an out of order global option causing a segfault.  Reported to dev
+    mailing list by by Dmitry Isaikin.
+  - Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
+  - Support "G" suffix to numbers in ${if comparisons.
+  - Handle smtp transport tls_sni option forced-fail for OpenSSL.
+  - Bugzilla 1196 - Spec examples corrections
+  - Add expansion operators ${listnamed:name} and ${listcount:string}
+  - Add gnutls_allow_auto_pkcs11 option (was originally called
+    gnutls_enable_pkcs11, but renamed to more accurately indicate its
+    function.
+  - Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
+    Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
+  - Add expansion item ${acl {name}{arg}...}, expansion condition
+    "acl {{name}{arg}...}", and optional args on acl condition
+    "acl = name arg..."
+  - Permit multiple router/transport headers_add/remove lines.
+  - Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
+  - Avoid using a waiting database for a single-message-only transport.
+    Performance patch from Paul Fisher.  Bugzilla 1262.
+  - Strip leading/trailing newlines from add_header ACL modifier data.
+    Bugzilla 884.
+  - Add $headers_added variable, with content from use of ACL modifier
+    add_header (but not yet added to the message).  Bugzilla 199.
+  - Add 8bitmime log_selector, for 8bitmime status on the received line.
+    Pulled from Bugzilla 817 by Wolfgang Breyha.
+  - SECURITY: protect DKIM DNS decoding from remote exploit.
+    CVE-2012-5671
+    (nb: this is the same fix as in Exim 4.80.1)
+  - Add A= logging on delivery lines, and a client_set_id option on
+    authenticators.
+  - Add optional authenticated_sender logging to A= and a log_selector
+    for control.
+  - Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
+  - Dovecot auth: log better reason to rejectlog if Dovecot did not
+    advertise SMTP AUTH mechanism to us, instead of a generic
+    protocol violation error.  Also, make Exim more robust to bad
+    data from the Dovecot auth socket.
+  - Fix ultimate retry timeouts for intermittently deliverable recipients.
+  - When a queue runner is handling a message, Exim first routes the
+    recipient addresses, during which it prunes them based on the retry
+    hints database. After that it attempts to deliver the message to
+    any remaining recipients. It then updates the hints database using
+    the retry rules.
+  - So if a recipient address works intermittently, it can get repeatedly
+    deferred at routing time. The retry hints record remains fresh so the
+    address never reaches the final cutoff time.
+  - This is a fairly common occurrence when a user is bumping up against
+    their storage quota. Exim had some logic in its local delivery code
+    to deal with this. However it did not apply to per-recipient defers
+    in remote deliveries, e.g. over LMTP to a separate IMAP message store.
+  - This change adds a proper retry rule check during routing so that the
+    final cutoff time is checked against the message's age. We only do
+    this check if there is an address retry record and there is not a
+    domain retry record; this implies that previous attempts to handle
+    the address had the retry_use_local_parts option turned on. We use
+    this as an approximation for the destination being like a local
+    delivery, as in LMTP.
+  - I suspect this new check makes the old local delivery cutoff check
+    redundant, but I have not verified this so I left the code in place.
+  - Correct gecos expansion when From: is a prefix of the username.
+  - Test 0254 submits a message to Exim with the header
+        Resent-From: f
+  - When I ran the test suite under the user fanf2, Exim expanded
+    the header to contain my full name, whereas it should have added
+    a Resent-Sender: header. It erroneously treats any prefix of the
+    username as equal to the username.
+    This change corrects that bug.
+  - DCC debug and logging tidyup
+    Error conditions log to paniclog rather than rejectlog.
+    Debug lines prefixed by "DCC: " to remove any ambiguity.
+  - Avoid unnecessary rebuilds of lookup-related code.
+  - Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+    Bug spotted by Jeremy Harris; was flawed since initial commit.
+    Would have resulted in OCSP responses post-SNI triggering an Exim
+    NULL dereference and crash.
+  - Add $router_name and $transport_name variables.  Bugzilla 308.
+  - Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
+    Bug detection, analysis and fix by Samuel Thibault.
+    Bugzilla 1331, Debian bug #698092.
+  - Update eximstats to watch out for senders sending 'HELO [IpAddr]'
+  - SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
+    Server implementation by Todd Lyons, client by JH.
+    Only enabled when compiled with EXPERIMENTAL_PRDR.  A new
+    config variable "prdr_enable" controls whether the server
+    advertises the facility.  If the client requests PRDR a new
+    acl_data_smtp_prdr ACL is called once for each recipient, after
+    the body content is received and before the acl_smtp_data ACL.
+    The client is controlled by bolth of: a hosts_try_prdr option
+    on the smtp transport, and the server advertisement.
+    Default client logging of deliveries and rejections involving
+    PRDR are flagged with the string "PRDR".
+  - Fix problems caused by timeouts during quit ACLs trying to double
+    fclose().  Diagnosis by Todd Lyons.
+    Update configure.default to handle IPv6 localhost better.
+    Patch by Alain Williams (plus minor tweaks).
+    Bugzilla 880.
+  - OpenSSL made graceful with empty tls_verify_certificates setting.
+    This is now consistent with GnuTLS, and is now documented: the
+    previous undocumented portable approach to treating the option as
+    unset was to force an expansion failure.  That still works, and
+    an empty string is now equivalent.
+  - Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+    clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+    not performing validation itself.
+  - Added force_command boolean option to pipe transport.
+    Patch from Nick Koston, of cPanel Inc.
+  - AUTH support on callouts (and hence cutthrough-deliveries).
+    Bugzilla 321, 823.
+  - Added udpsend ACL modifer and hexquote expansion operator
+  - Fix eximon continuous updating with timestamped log-files.
+    Broken in a format-string cleanup in 4.80, missed when I repaired the
++++ 1698 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.exim.2924.new/exim.changes

New:
----
  apparmor.usr.sbin.exim
  exim-4.83.tar.bz2
  exim-4.83.tar.bz2.asc
  exim-enable_ecdh_openssl.patch
  exim-pubkey_04d29eba.asc
  exim-tail.patch
  exim.changes
  exim.logrotate
  exim.rc
  exim.service
  exim.spec
  exim4-manpages.tar.bz2
  eximstats-html-update.py
  eximstats.conf
  permissions.exim
  silence-static-checkers_beo1506.patch
  sysconfig.exim

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ exim.spec ++++++
#
# spec file for package exim
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           exim
BuildRequires:  cyrus-sasl-devel
BuildRequires:  db-devel
BuildRequires:  openldap2-devel
BuildRequires:  pcre-devel
%if %{?suse_version:1}%{?!suse_version:0}
BuildRequires:  libopenssl-devel
BuildRequires:  tcpd-devel
BuildRequires:  xorg-x11-devel
%else
BuildRequires:  libXaw-devel
BuildRequires:  libXext-devel
BuildRequires:  libXt-devel
BuildRequires:  openssl-devel
BuildRequires:  tcp_wrappers
BuildRequires:  xorg-x11-server-sdk
%endif
Url:            http://www.exim.org/
Conflicts:      sendmail sendmail-tls postfix
Provides:       smtp_daemon
%if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
Requires:       logrotate
%if 0%{?suse_version} > 1220
BuildRequires:  gpg-offline
BuildRequires:  pkgconfig(systemd)
%{?systemd_requires}
%else
Requires(pre):  %insserv_prereq
%endif
Requires(pre):  %fillup_prereq
Requires(pre):  /usr/sbin/useradd
Requires(pre):  fileutils textutils
%endif
Version:        4.83
Release:        0
%if %{?build_with_mysql:1}0
BuildRequires:  mysql-devel
Provides:       exim = %version
%endif
%if %{?build_with_pgsql:1}0
BuildRequires:  postgresql-devel
Provides:       exim = %version
%endif
Summary:        The Exim Mail Transfer Agent, a Replacement for sendmail
License:        GPL-2.0+
Group:          Productivity/Networking/Email/Servers
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
Source:         exim-%{version}.tar.bz2
Source3:        exim-%{version}.tar.bz2.asc
Source4:        exim-pubkey_04d29eba.asc
Source1:        sysconfig.exim
Source2:        exim.logrotate
Source11:       exim.rc
Source12:       permissions.exim
Source13:       apparmor.usr.sbin.exim
Source20:       
http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2
Source30:       eximstats-html-update.py
Source31:       eximstats.conf
Source32:       exim.service
Patch:          exim-tail.patch
Patch1:         exim-enable_ecdh_openssl.patch
Patch2:         silence-static-checkers_beo1506.patch
%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0

%package -n eximon
Summary:        Eximon, an graphical frontend to administer Exim's mail queue
Group:          Productivity/Networking/Email/Servers

%package -n eximstats-html
Summary:        Create HTML reports of exim logs
Group:          Productivity/Networking/Email/Servers
Requires:       perl-GD
Requires:       perl-GDGraph
Requires:       perl-GDTextUtil
%endif

%description
Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. It is
freely available under the terms of the GNU General Public Licence. In
style, it is similar to Smail 3, but its facilities are more extensive.
In particular, it has options for verifying incoming sender and
recipient addresses, for refusing mail from specified hosts, networks,
or senders, and for controlling mail relaying.


%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0

%description -n eximon
This allows administrators to view the exim agent's mail queue and
logs, and perform a variety of actions on queued messages, such as
freezing, bouncing and thawing messages, and even editing body and
header of mails.


%description -n eximstats-html
If this package is installed alongside the exim MTA, and you enable
EXIM_REPORT_WEEKLY_HTML in /etc/sysconfig/exim, logrotate/cron will
create HTML reports in /srv/www/eximstats.

You can edit /etc/apache2/conf.d/eximstats.conf to configure your
webserver for the reports.

The script /usr/sbin/eximstats-html-update.py can create the reports
for log files that were rotated in the past. (You would only run this
once, if at all. The rest is done by logrotate / cron.)


%endif

%prep
%{?gpg_verify: %gpg_verify --keyring %{SOURCE4} %{SOURCE3}}
%setup -q -n exim-%{version}
%patch
%patch1 -p1
%patch2 -p1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
pie="-pie"
%endif
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 1100
CFLAGS_OPT_WERROR="-Werror=format-security -Werror=missing-format-attribute"
%endif
cat <<-EOF > Local/Makefile
        # see src/EDITME for comments.
        BIN_DIRECTORY=/usr/sbin
        CONFIGURE_FILE=/etc/exim/exim.conf
        EXIM_USER=mail
        EXIM_GROUP=mail
        SPOOL_DIRECTORY=/var/spool/exim
        ROUTER_ACCEPT=yes
        ROUTER_DNSLOOKUP=yes
        ROUTER_IPLITERAL=yes
        ROUTER_MANUALROUTE=yes
        ROUTER_QUERYPROGRAM=yes
        ROUTER_REDIRECT=yes
        # ROUTER_IPLOOKUP=yes
        TRANSPORT_APPENDFILE=yes
        TRANSPORT_AUTOREPLY=yes
        TRANSPORT_PIPE=yes
        TRANSPORT_SMTP=yes
        TRANSPORT_LMTP=yes
        SUPPORT_MAILDIR=yes
        SUPPORT_MAILSTORE=yes
        SUPPORT_MBX=yes
        LOOKUP_DBM=yes
        LOOKUP_LSEARCH=yes
        LOOKUP_CDB=yes
        LOOKUP_DNSDB=yes
        LOOKUP_DSEARCH=yes
        LOOKUP_LDAP=yes
%if %{?build_with_mysql:1}0
        LOOKUP_MYSQL=yes
%endif
%if %{?build_with_pgsql:1}0
        LOOKUP_PGSQL=yes
%endif
        LOOKUP_NIS=yes
        # LOOKUP_NISPLUS=yes
        # LOOKUP_ORACLE=yes
        LOOKUP_PASSWD=yes
        # LOOKUP_PGSQL=yes
        # LOOKUP_WHOSON=yes
        CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux
         LDAP_LIB_TYPE=OPENLDAP2
        # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include 
-I /usr/local/pgsql/include
        # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq
        LOOKUP_LIBS=-lldap -llber
%if %{?build_with_mysql:1}0
        LOOKUP_INCLUDE=-I /usr/include/mysql
        LOOKUP_LIBS=-lldap -llber -lmysqlclient
%endif
%if %{?build_with_pgsql:1}0
        LOOKUP_INCLUDE=-I /usr/include/pgsql
        LOOKUP_LIBS=-lldap -llber -lpq
%endif
        EXIM_MONITOR=eximon.bin
        WITH_CONTENT_SCAN=yes
        WITH_OLD_DEMIME=yes
        AUTH_CRAM_MD5=yes
        AUTH_PLAINTEXT=yes
        #  AUTH_SPA=yes
        AUTH_DOVECOT=yes
        SUPPORT_TLS=yes
        TLS_LIBS=-lssl -lcrypto
        INFO_DIRECTORY=%{_infodir}
        LOG_FILE_PATH=/var/log/exim/%%s.log
        EXICYCLOG_MAX=10
        SYSLOG_LOG_PID=yes
        COMPRESS_COMMAND=/bin/gzip
        COMPRESS_SUFFIX=gz
        ZCAT_COMMAND=/usr/bin/zcat
        # SUPPORT_PAM=yes
        # You probably need to add -lpam to EXTRALIBS
        # RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
        # CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck
        # USE_TCP_WRAPPERS=yes
        NO_SYMLINK=yes
        CHOWN_COMMAND=/bin/chown
        CHGRP_COMMAND=/bin/chgrp
        MV_COMMAND=/bin/mv
        RM_COMMAND=/bin/rm
        PERL_COMMAND=/usr/bin/perl
        # APPENDFILE_MODE=0600
        # APPENDFILE_DIRECTORY_MODE=0700
        # APPENDFILE_LOCKFILE_MODE=0600
        # CONFIGURE_FILE_USE_NODE=yes
        # CONFIGURE_FILE_USE_EUID=yes
        # DELIVER_BUFFER_SIZE=8192
        # EXIMDB_DIRECTORY_MODE=0750
        # EXIMDB_MODE=0640
        # EXIMDB_LOCKFILE_MODE=0640
        # HEADER_MAXSIZE="(1024*1024)"
        # INPUT_DIRECTORY_MODE=0750
        # LOG_DIRECTORY_MODE=0750
        # LOG_MODE=0640
        # LOOKUP_TESTDB=yes
        MAKE_SHELL=/bin/bash
        # MAX_NAMED_LIST=16
        # MAXINTERFACES=250
        # MSGLOG_DIRECTORY_MODE=0750
        # PERL_CC=
        # PERL_CCOPTS=
        # PERL_LIBS=
        PID_FILE_PATH=/var/run/exim.pid
        # SPOOL_DIRECTORY_MODE=0750
        # SPOOL_MODE=0640
        SUPPORT_MOVE_FROZEN_MESSAGES=yes
        HAVE_IPV6=YES
        CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing 
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
        EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie
EOF
touch Local/eximon.conf
rm -f doc/*.{orig,txt~}

%build
make

%install
%if 0%{?suse_version} > 1220
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
%else
mkdir -p $RPM_BUILD_ROOT/etc/init.d
%endif
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin,lib}
mkdir -p $RPM_BUILD_ROOT/var/log/exim
mkdir -p $RPM_BUILD_ROOT/var/spool/mail/
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
mkdir -p $RPM_BUILD_ROOT/usr/bin
make    inst_dest=$RPM_BUILD_ROOT/usr/sbin \
        inst_conf=$RPM_BUILD_ROOT/etc/exim/exim.conf \
        inst_info=$RPM_BUILD_ROOT/%{_infodir} \
        INSTALL_ARG=-no_chown   install
mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all 
substitutions done
%if 0%{?suse_version} > 1220
install -m 755 %{S:32} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
%else
install -m 755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim
%endif
# aka...
for i in \
        /usr/lib/sendmail \
        /usr/bin/runq \
        /usr/bin/rsmtp \
        /usr/bin/mailq \
        /usr/bin/newaliases
do
        ln -sf ../sbin/exim $RPM_BUILD_ROOT$i
done
ln -sf exim $RPM_BUILD_ROOT/usr/sbin/sendmail
%if 0%{?suse_version} > 1220
ln -sv ../../%{_unitdir}/exim.service $RPM_BUILD_ROOT/usr/sbin/rcexim
%else
ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim
%endif
%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0
mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/
%else
rm $RPM_BUILD_ROOT/usr/sbin/eximon*
%endif
cp -p %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.exim
install -m 644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim
# man pages
mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > 
$RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8
tar xvjf %{S:20}
cp -p exim4-manpages/* $RPM_BUILD_ROOT/%{_mandir}/man8/
for i in \
        sendmail \
        runq \
        rsmtp \
        mailq \
        newaliases
do
        ln -sf exim.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz
done
for i in \
        exim_dumpdb \
        exim_fixdb \
        exim_tidydb
do
        ln -sf exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz
done
perl -pi -e 's%/usr/share/doc/exim4%/usr/share/doc/packages/exim%g' `find 
$RPM_BUILD_ROOT/%{_mandir}/man8 -name "*.8"`
gzip -9 doc/*.txt
#
# package the utilities without executable permissions, to silence rpmlint 
warnings
chmod 644 util/*.{pl,sh} src/convert4r*
#
# eximstats-html files
%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0
mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats
mkdir -p $RPM_BUILD_ROOT/etc/apache2/conf.d/
cp -p $RPM_SOURCE_DIR/eximstats.conf $RPM_BUILD_ROOT/etc/apache2/conf.d/
install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py 
$RPM_BUILD_ROOT/%{_sbindir}
%endif
# apparmor profile
install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim 
$RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim

%pre
%if 0%{?suse_version} > 1220
%service_add_pre exim.service
%endif

%post
%if 0%{?suse_version} < 1131
%run_permissions
%else
%set_permissions /usr/sbin/exim
%endif
if ! test -s etc/exim/exim.conf; then
        if test -s etc/exim.conf; then
                mv etc/exim.conf etc/exim/
                echo moving exim.conf to /etc/exim/
        else
                cp -p usr/share/doc/packages/%{name}/configure.default 
etc/exim/exim.conf
                echo copying default config file to /etc/exim/exim.conf
        fi
fi
# create logfiles if missing
for i in var/log/exim/main.log var/log/exim/panic.log var/log/exim/reject.log; 
do
        if ! test -e $i; then touch $i; chown mail:mail $i; chmod 640 $i ; fi
done
%if 0%{?suse_version} > 1220
%{fillup_only}
%service_add_post exim.service
%else
%{fillup_and_insserv exim}
%endif
exit 0
%if %{?suse_version:1}%{?!suse_version:0}

%preun
%if 0%{?suse_version} > 1220
%service_del_preun exim.service
%else
%stop_on_removal exim
%endif
%endif

%postun
%if %{?suse_version:1}%{?!suse_version:0}
%if 0%{?suse_version} > 1220
%service_del_postun exim.service
%else
%restart_on_update exim
%endif
%endif
%insserv_cleanup
%verifyscript
%verify_permissions -e /usr/sbin/exim

%files
%defattr(-,root,root)
%doc ACKNOWLEDGMENTS CHANGES LICENCE NOTICE README.UPDATING README
%doc doc
%doc src/configure.default
%doc build-Linux-*/convert4r{3,4}
%doc util
%doc %{_mandir}/man8/*
/usr/sbin/exicyclog
/usr/sbin/exigrep
/usr/sbin/exiqgrep
%verify(not mode) %attr(4755,root,root) /usr/sbin/exim
/usr/sbin/exim_*
/usr/sbin/eximstats
/usr/sbin/exinext
/usr/sbin/exipick
/usr/sbin/exiqsumm
/usr/sbin/exiwhat
%dir /etc/exim
%if 0%{?suse_version} > 1220
%{_unitdir}/exim.service
%else
%config /etc/init.d/exim
%endif
%config(noreplace) /etc/logrotate.d/exim
%if %{?suse_version:%suse_version}%{?!suse_version:99999} < 1000
%config(noreplace) /etc/permissions.d/exim
%endif
%dir /etc/apparmor
%dir /etc/apparmor/profiles
%dir /etc/apparmor/profiles/extras
%config(noreplace) /etc/apparmor/profiles/extras/usr.sbin.exim
/usr/sbin/rcexim
/usr/bin/mailq
/usr/bin/runq
/usr/bin/rsmtp
/usr/bin/newaliases
/usr/sbin/sendmail
/usr/lib/sendmail
/var/adm/fillup-templates/sysconfig.exim
%dir %attr(750,mail,mail) /var/log/exim
%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0

%files -n eximon
%defattr(-,root,root)
/usr/bin/eximon
/usr/bin/eximon.bin

%files -n eximstats-html
%defattr(-,root,root)
%attr(0750,root,www) /srv/www/eximstats
/etc/apache2
/etc/apache2/conf.d
/etc/apache2/conf.d/eximstats.conf
%{_sbindir}/eximstats-html-update.py
%endif

%changelog
++++++ apparmor.usr.sbin.exim ++++++
# vim:syntax=apparmor
# Last Modified: Wed May 30 17:00:04 2007
#include <tunables/global>

/usr/sbin/exim {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/consoles>
  #include <abstractions/user-mail>

  capability chown,
  capability dac_override,
  capability fowner,
  capability setgid,
  capability setuid,

  /etc/aliases r,
  /etc/exim/** r,
  /etc/greylistd/whitelist-hosts r,
  /proc/*/mounts r,
  /proc/loadavg r,
  /proc/net/if_inet6 r,
  /usr/bin/procmail Px,
  /usr/lib/cyrus/bin/deliver Px,
  /usr/lib/majordomo/wrapper px,
  /usr/sbin/exim ixr,
  /var/lib/greylistd/whitelist-hosts r,
  /var/lib/majordomo/lists/* r,
  /var/log/exim/*.log w,
  /var/run/exim.pid w,
  /var/run/greylistd/socket w,
  /var/spool/exim/** rw,
}
++++++ exim-enable_ecdh_openssl.patch ++++++
# Taken from:
# http://bugs.exim.org/show_bug.cgi?id=1397
# http://bugs.exim.org/attachment.cgi?id=661

Index: exim-4.83/src/globals.c
===================================================================
--- exim-4.83.orig/src/globals.c
+++ exim-4.83/src/globals.c
@@ -150,6 +150,7 @@ that's the interop problem which has bee
 bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
 int     tls_dh_max_bits        = 2236;
 uschar *tls_dhparam            = NULL;
+uschar *tls_eccurve            = NULL;
 #ifndef DISABLE_OCSP
 uschar *tls_ocsp_file          = NULL;
 #endif
Index: exim-4.83/src/globals.h
===================================================================
--- exim-4.83.orig/src/globals.h
+++ exim-4.83/src/globals.h
@@ -114,6 +114,7 @@ extern uschar *tls_channelbinding_b64; /
 extern uschar *tls_crl;                /* CRL File */
 extern int     tls_dh_max_bits;        /* don't accept higher lib suggestions 
*/
 extern uschar *tls_dhparam;            /* DH param file */
+extern uschar *tls_eccurve;            /* EC curve */
 #ifndef DISABLE_OCSP
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 #endif
Index: exim-4.83/src/readconf.c
===================================================================
--- exim-4.83.orig/src/readconf.c
+++ exim-4.83/src/readconf.c
@@ -440,6 +440,7 @@ static optionlist optionlist_config[] =
   { "tls_crl",                  opt_stringptr,   &tls_crl },
   { "tls_dh_max_bits",          opt_int,         &tls_dh_max_bits },
   { "tls_dhparam",              opt_stringptr,   &tls_dhparam },
+  { "tls_eccurve",              opt_stringptr,   &tls_eccurve },
 # ifndef DISABLE_OCSP
   { "tls_ocsp_file",            opt_stringptr,   &tls_ocsp_file },
 # endif
Index: exim-4.83/src/tls-openssl.c
===================================================================
--- exim-4.83.orig/src/tls-openssl.c
+++ exim-4.83/src/tls-openssl.c
@@ -497,6 +497,59 @@ return TRUE;
 
 
 
+#if !defined(OPENSSL_NO_ECDH)
+static BOOL
+init_ecdh(SSL_CTX *sctx, host_item *host)
+{
+EC_KEY *ecdh;
+int nid;
+
+# if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
+/* check if OpenSSL >= 1.0.2 auto ECDH temp key parameter selection should be 
used */
+if (Ustrcmp(tls_eccurve, "auto") == 0)
+  {
+  DEBUG(D_tls) debug_printf("ECDH temp key parameter settings: OpenSSL 1.2+ 
autoselection\n");
+  SSL_CTX_set_ecdh_auto(sctx, 1);
+  return TRUE;
+  }
+# endif
+
+if (tls_eccurve == NULL)
+  {
+  DEBUG(D_tls)
+    debug_printf("ECDH curve (default): prime256v1\n", tls_eccurve);
+  nid = NID_X9_62_prime256v1;
+  }
+else
+  {
+  /* search curve name */
+  DEBUG(D_tls)
+    debug_printf("ECDH curve: %s\n", tls_eccurve);
+  nid = OBJ_sn2nid((uschar *)tls_eccurve);
+  if (nid == 0)
+    {
+    tls_error(string_sprintf("Unkown curve name tls_eccurve \"%s\"", 
tls_eccurve),
+      host, NULL);
+    return FALSE;
+    }
+  }
+
+ecdh = EC_KEY_new_by_curve_name(nid);
+if (ecdh == NULL)
+  {
+  tls_error("Unable to create ec curve",
+    host, NULL);
+  return FALSE;
+  }
+
+SSL_CTX_set_tmp_ecdh(sctx, ecdh);
+EC_KEY_free(ecdh);
+
+return TRUE;
+}
+#endif
+
+
 
 #ifndef DISABLE_OCSP
 /*************************************************
@@ -1134,6 +1187,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu
 rc = tls_expand_session_files(*ctxp, cbinfo);
 if (rc != OK) return rc;
 
+#if !defined(OPENSSL_NO_ECDH)
+/* Initialize ECDH temp key parameter selection */
+if (!init_ecdh(*ctxp, host)) return DEFER;
+#endif
+
 /* If we need to handle SNI, do so */
 #ifdef EXIM_HAVE_OPENSSL_TLSEXT
 if (host == NULL)              /* server */
++++++ exim-tail.patch ++++++
From: Ruediger Oertel <ro at suse dot de>
Subject: fix deprecated tail call syntax (-1)
Reported-Upstream: Yes
Bugtracker: bugs.exim.org 1080

Index: scripts/Configure-config.h
===================================================================
--- scripts/Configure-config.h.orig
+++ scripts/Configure-config.h
@@ -47,7 +47,7 @@ fi
 
 # Double-check that config.h is complete.
 
-if [ "`tail -1 config.h`" != "/* End of config.h */" ] ; then
+if [ "`tail -n 1 config.h`" != "/* End of config.h */" ] ; then
   echo "*** config.h appears to be incomplete"
   echo "*** unexpected failure in buildconfig program"
   exit 1
++++++ exim.logrotate ++++++
/var/log/exim/main.log {
        compress
        dateext
        notifempty
        missingok
        create 640 mail mail
        rotate 99
        weekly
        #maxage 365
        prerotate
                cd /var/log/exim
                test -f /etc/sysconfig/exim && source /etc/sysconfig/exim
                if test "$EXIM_REPORT_WEEKLY" = yes; then
                        day=`date +%Y%m%d`
                        report=weekly_report-$day
                        eximstatsdir=/srv/www/eximstats/$day
                        touch $report; chmod 640 $report; chown :mail $report
                        eximstats main.log > $report
                        if test "$EXIM_REPORT_WEEKLY_HTML" = yes; then
                                mkdir $eximstatsdir
                                eximstats -html -charts -chartdir $eximstatsdir 
main.log > $eximstatsdir/index.html
                        fi
                        if ! test -e no_report_mail && test 
"$EXIM_REPORT_WEEKLY_SEND" = yes; then mail -s "$(sed -n '2{p;q;}' < $report) 
($(hostname))" postmaster < $report; fi
                        if test -f $report.gz; then old $report.gz; fi
                        gzip -f -9 $report
                fi
        endscript
}

/var/log/exim/reject.log {
        compress
        dateext
        notifempty
        missingok
        create 640 mail mail
        rotate 99
        size 4M
        #maxage 365
}

/var/log/exim/panic.log {
        compress
        dateext
        notifempty
        missingok
        create 640 mail mail
        rotate 99
        size 1M
        #maxage 365
}

++++++ exim.rc ++++++
#! /bin/sh
# Copyright (c) 2002-2003 SuSE Linux AG, Nuernberg, Germany.
# Copyright (c) 2004-2008 SUSE Linux Products GmbH, Nuernberg, Germany.
# All rights reserved.
#
# Author: Peter Poeml <po...@suse.de>
#
### BEGIN INIT INFO
# Provides:                     exim sendmail
# Required-Start:               $local_fs $remote_fs $network
# Required-Stop:                $local_fs $remote_fs $network
# Should-Start:                 $named $time greylistd amavis spamd postgresql 
mysql
# Should-Stop:                  $named greylistd amavis spamd postgresql mysql
# Default-Start:                3 5
# Default-Stop:                 0 1 2 6
# Short-Description:            exim MTA
# Description:                  Start the exim MTA (mail transfer agent)
### END INIT INFO

EXIM_PID=/var/run/exim.pid
EXIM_BIN=/usr/sbin/exim

if [ -s /etc/sysconfig/exim ]; then 

        . /etc/sysconfig/exim

else 
        # pre 8.0

        # Source SuSE config
        . /etc/rc.config

        # Determine the base and follow a runlevel link name.
        base=${0##*/}
        link=${base#*[SK][0-9][0-9]}

        # Force execution if not called by a runlevel directory.
        test $link = $base && START_EXIM=yes
        test "$START_EXIM" = yes || exit 0

fi

. /etc/rc.status
rc_reset

case "$1" in
    start)
        echo -n "Initializing SMTP port (exim)"
        if [ -e $EXIM_PID ]; then
                startproc -p $EXIM_PID $EXIM_BIN $EXIM_ARGS
        else
                $EXIM_BIN $EXIM_ARGS
        fi
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down SMTP port"
        killproc -p $EXIM_PID -TERM $EXIM_BIN
        rc_status -v
        ;;
    test)
        echo -n "Testing exim configuration"
        $EXIM_BIN -bV
        ;;
    try-restart)
        ## Do a restart only if the service was active before.
        ## Note: try-restart is now part of LSB (as of 1.9).
        ## RH has a similar command named condrestart.
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        $0 stop
        $0 start
        rc_status
        ;;
    reload|force-reload)
        echo -n "Reload service exim"
        kill -HUP `cat $EXIM_PID* 2>/dev/null` 2> /dev/null || true
        rc_status -v
        ;;
    status)
        echo -n "Checking for service exim: "
        checkproc -p $EXIM_PID $EXIM_BIN
        rc_status -v
        ;;
    probe)
        test /etc/exim.conf -nt $EXIM_PID \
        && echo reload
        ;;
    *)
        echo "Usage: $0 
{start|stop|status|try-restart|restart|force-reload|reload|probe}"
        exit 1
esac
rc_exit
++++++ exim.service ++++++
[Unit]
Description=Exim Mail Transport Agent
After=network.target
Conflicts=sendmail.service postfix.service

[Service]
PrivateTmp=true
Environment=QUEUE=1h
EnvironmentFile=-/etc/sysconfig/exim
ExecStartPre=-/usr/libexec/exim-gen-cert
ExecStart=/usr/sbin/exim -bd -q${QUEUE}

[Install]
WantedBy=multi-user.target
++++++ eximstats-html-update.py ++++++
#!/usr/bin/python

import os, os.path, glob

outdir_base = '/srv/www/eximstats'

def main():
    os.chdir('/var/log/exim')
    reports = glob.glob('main.log-*.gz') + glob.glob('main.log-*.bz2')

    for report in reports:
        (base, ext) = os.path.splitext(report)
        daystr = base[-8:]

        outdir = os.path.join(outdir_base, daystr)

        if os.path.exists(outdir):
            continue
        print 'processing', daystr
        os.mkdir(outdir)

        if ext == '.gz':
            catprg = 'zcat'
        elif ext == '.bz2':
            catprg = 'bzcat'



        os.system('%s %s | eximstats -html -charts -chartdir %s > 
%s/index.html' \
            % (catprg, report, outdir, outdir))






if __name__ == '__main__':
        main()

++++++ eximstats.conf ++++++
Alias /eximstats /srv/www/eximstats
<Directory /srv/www/eximstats>
    Order allow,deny
    Allow from all
    Options +Indexes
</Directory>
++++++ permissions.exim ++++++
/usr/sbin/exim                  root:root       4755

++++++ silence-static-checkers_beo1506.patch ++++++
Author: Lars Mueller <lmue...@suse.com>
Date:   Wed Jul 23 07:22:52 2014 -0700

    Bug 1506: Silence static checkers.
ยทยทยทยท
    Re-adds a return NULL which was removed because it was redundant. Static
      checkers don't parse the logic, so adding it back to make them happy.

Index: exim-4.83/src/expand.c
===================================================================
--- exim-4.83.orig/src/expand.c
+++ exim-4.83/src/expand.c
@@ -1879,6 +1879,8 @@ switch (vp->type)
   #endif
 
   }
+
+return NULL;  /* Unknown variable. Silences static checkers. */
 }
 
 
++++++ sysconfig.exim ++++++
## Path:        Network/Mail/Exim
## Description: Exim mailserver configuration
## Type:        string
## Default:     "-bd -q30m"
## ServiceRestart: exim
#
# Command line arguments to hand over to exim
# Normally: -bd -q30m   (run as background daemon)
#
EXIM_ARGS="-bd -q30m"

## Type:        yesno
## Default:     "no"
# 
# Create weekly reports (see man 8 eximstats)?
# The reports are saved in the same directory as the log files.
#
# To see an example of the reports, you can use this command:
# eximstats < /var/log/exim/main.log |less
#
EXIM_REPORT_WEEKLY="no"

## Type:        yesno
## Default:     "no"
# 
# Create HTML reports (see the EXIM_REPORT_WEEKLY setting) in 
# /srv/www/eximstats?
# needs the eximstats-html package to be installed
#
EXIM_REPORT_WEEKLY_HTML="no"

## Type:        yesno
## Default:     "no"
# 
# Send the reports (see the EXIM_REPORT_WEEKLY setting) via mail to 
# postmaster?
#
EXIM_REPORT_WEEKLY_SEND="no"
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to