Hello community, here is the log from the commit of package exim.2924 for openSUSE:13.1:Update checked in at 2014-08-11 09:43:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/exim.2924 (Old) and /work/SRC/openSUSE:13.1:Update/.exim.2924.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exim.2924" Changes: -------- New Changes file: --- /dev/null 2014-07-24 01:57:42.080040256 +0200 +++ /work/SRC/openSUSE:13.1:Update/.exim.2924.new/exim.changes 2014-08-11 09:43:12.000000000 +0200 @@ -0,0 +1,1895 @@ +------------------------------------------------------------------- +Wed Jul 23 13:09:41 UTC 2014 - lmue...@suse.com + +- Silence static checkers; (beo#1506). + +------------------------------------------------------------------- +Wed Jul 23 10:08:04 UTC 2014 - lmue...@suse.com + +- update to 4.83 + This release of Exim includes one incompatible fix: + + the behavior of expansion of arguments to math comparison functions + (<, <=, =, =>, >) was unexpected, expanding the values twice; + CVE-2014-2972; (bnc#888520) + This release contains the following enhancements and bugfixes: + + PRDR was promoted from Experimental to mainline + + OCSP Stapling was promoted from Experimental to mainline + + new Experimental feature Proxy Protocol + + new Experimental feature DSN (Delivery Status Notifications) + + TLS session improvements + + TLS SNI fixes + + LDAP enhancements + + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + + several new operations (listextract, utf8clean, md5, sha1) + + enforce header formatting with verify=header_names_ascii + + new commandline option -oMm + + new TLSA dns lookup + + new malware "sock" type + + cutthrough routing enhancements + + logging enhancements + + DNSSEC enhancements + + exiqgrep enhancements + + deprecating non-standard SPF results + + build and portability fixes + + documentation fixes and enhancements +- Verify source tar ball gpg signature. +- Refresh exim-enable_ecdh_openssl.patch and strip version number from the + patch filename. + +------------------------------------------------------------------- +Thu Jan 23 09:25:36 UTC 2014 - meiss...@suse.com + +- exim482-enable_ecdh_openssl.patch: Enable ECDH (elliptic curve diffie + hellman) support, taken from http://bugs.exim.org/show_bug.cgi?id=1397 + +------------------------------------------------------------------- +Fri Dec 6 18:44:42 UTC 2013 - l...@smaba.org + +- BuildRequire libopenssl-devel only on SUSE systems. +- Fix suse_version condition of the pre- and postun scriptlets. + +------------------------------------------------------------------- +Fri Dec 6 17:52:27 UTC 2013 - l...@smaba.org + +- Call service_add_pre from pre scriptlet on post-12.2 systems. + +------------------------------------------------------------------- +Fri Dec 6 17:37:11 UTC 2013 - lmue...@suse.com + +- update to 4.82 + - Add -bI: framework, and -bI:sieve for querying sieve capabilities. + - Make -n do something, by making it not do something. + When combined with -bP, the name of an option is not output. + - Added tls_dh_min_bits SMTP transport driver option, only honoured + by GnuTLS. + - First step towards DNSSEC, provide $sender_host_dnssec for + $sender_host_name and config options to manage this, and basic check + routines. + - DSCP support for outbound connections and control modifier for inbound. + - Cyrus SASL: set local and remote IP;port properties for driver. + (Only plugin which currently uses this is kerberos4, which nobody should + be using, but we should make it available and other future plugins might + conceivably use it, even though it would break NAT; stuff *should* be + using channel bindings instead). + - Handle "exim -L <tag>" to indicate to use syslog with tag as the process + name; added for Sendmail compatibility; requires admin caller. + Handle -G as equivalent to "control = suppress_local_fixups" (we used to + just ignore it); requires trusted caller. + Also parse but ignore: -Ac -Am -X<logfile> + Bugzilla 1117. + - Bugzilla 1258 - Refactor MAIL FROM optional args processing. + - Add +smtp_confirmation as a default logging option. + - Bugzilla 198 - Implement remove_header ACL modifier. + - Bugzilla 1197, 1281, 1283 - Spec typo. + - Bugzilla 1290 - Spec grammar fixes. + - Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation. + - Add Experimental DMARC support using libopendmarc libraries. + - Fix an out of order global option causing a segfault. Reported to dev + mailing list by by Dmitry Isaikin. + - Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support. + - Support "G" suffix to numbers in ${if comparisons. + - Handle smtp transport tls_sni option forced-fail for OpenSSL. + - Bugzilla 1196 - Spec examples corrections + - Add expansion operators ${listnamed:name} and ${listcount:string} + - Add gnutls_allow_auto_pkcs11 option (was originally called + gnutls_enable_pkcs11, but renamed to more accurately indicate its + function. + - Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. + Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. + - Add expansion item ${acl {name}{arg}...}, expansion condition + "acl {{name}{arg}...}", and optional args on acl condition + "acl = name arg..." + - Permit multiple router/transport headers_add/remove lines. + - Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination. + - Avoid using a waiting database for a single-message-only transport. + Performance patch from Paul Fisher. Bugzilla 1262. + - Strip leading/trailing newlines from add_header ACL modifier data. + Bugzilla 884. + - Add $headers_added variable, with content from use of ACL modifier + add_header (but not yet added to the message). Bugzilla 199. + - Add 8bitmime log_selector, for 8bitmime status on the received line. + Pulled from Bugzilla 817 by Wolfgang Breyha. + - SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + (nb: this is the same fix as in Exim 4.80.1) + - Add A= logging on delivery lines, and a client_set_id option on + authenticators. + - Add optional authenticated_sender logging to A= and a log_selector + for control. + - Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. + - Dovecot auth: log better reason to rejectlog if Dovecot did not + advertise SMTP AUTH mechanism to us, instead of a generic + protocol violation error. Also, make Exim more robust to bad + data from the Dovecot auth socket. + - Fix ultimate retry timeouts for intermittently deliverable recipients. + - When a queue runner is handling a message, Exim first routes the + recipient addresses, during which it prunes them based on the retry + hints database. After that it attempts to deliver the message to + any remaining recipients. It then updates the hints database using + the retry rules. + - So if a recipient address works intermittently, it can get repeatedly + deferred at routing time. The retry hints record remains fresh so the + address never reaches the final cutoff time. + - This is a fairly common occurrence when a user is bumping up against + their storage quota. Exim had some logic in its local delivery code + to deal with this. However it did not apply to per-recipient defers + in remote deliveries, e.g. over LMTP to a separate IMAP message store. + - This change adds a proper retry rule check during routing so that the + final cutoff time is checked against the message's age. We only do + this check if there is an address retry record and there is not a + domain retry record; this implies that previous attempts to handle + the address had the retry_use_local_parts option turned on. We use + this as an approximation for the destination being like a local + delivery, as in LMTP. + - I suspect this new check makes the old local delivery cutoff check + redundant, but I have not verified this so I left the code in place. + - Correct gecos expansion when From: is a prefix of the username. + - Test 0254 submits a message to Exim with the header + Resent-From: f + - When I ran the test suite under the user fanf2, Exim expanded + the header to contain my full name, whereas it should have added + a Resent-Sender: header. It erroneously treats any prefix of the + username as equal to the username. + This change corrects that bug. + - DCC debug and logging tidyup + Error conditions log to paniclog rather than rejectlog. + Debug lines prefixed by "DCC: " to remove any ambiguity. + - Avoid unnecessary rebuilds of lookup-related code. + - Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. + Bug spotted by Jeremy Harris; was flawed since initial commit. + Would have resulted in OCSP responses post-SNI triggering an Exim + NULL dereference and crash. + - Add $router_name and $transport_name variables. Bugzilla 308. + - Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd. + Bug detection, analysis and fix by Samuel Thibault. + Bugzilla 1331, Debian bug #698092. + - Update eximstats to watch out for senders sending 'HELO [IpAddr]' + - SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). + Server implementation by Todd Lyons, client by JH. + Only enabled when compiled with EXPERIMENTAL_PRDR. A new + config variable "prdr_enable" controls whether the server + advertises the facility. If the client requests PRDR a new + acl_data_smtp_prdr ACL is called once for each recipient, after + the body content is received and before the acl_smtp_data ACL. + The client is controlled by bolth of: a hosts_try_prdr option + on the smtp transport, and the server advertisement. + Default client logging of deliveries and rejections involving + PRDR are flagged with the string "PRDR". + - Fix problems caused by timeouts during quit ACLs trying to double + fclose(). Diagnosis by Todd Lyons. + Update configure.default to handle IPv6 localhost better. + Patch by Alain Williams (plus minor tweaks). + Bugzilla 880. + - OpenSSL made graceful with empty tls_verify_certificates setting. + This is now consistent with GnuTLS, and is now documented: the + previous undocumented portable approach to treating the option as + unset was to force an expansion failure. That still works, and + an empty string is now equivalent. + - Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it + clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag, + not performing validation itself. + - Added force_command boolean option to pipe transport. + Patch from Nick Koston, of cPanel Inc. + - AUTH support on callouts (and hence cutthrough-deliveries). + Bugzilla 321, 823. + - Added udpsend ACL modifer and hexquote expansion operator + - Fix eximon continuous updating with timestamped log-files. + Broken in a format-string cleanup in 4.80, missed when I repaired the ++++ 1698 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.exim.2924.new/exim.changes New: ---- apparmor.usr.sbin.exim exim-4.83.tar.bz2 exim-4.83.tar.bz2.asc exim-enable_ecdh_openssl.patch exim-pubkey_04d29eba.asc exim-tail.patch exim.changes exim.logrotate exim.rc exim.service exim.spec exim4-manpages.tar.bz2 eximstats-html-update.py eximstats.conf permissions.exim silence-static-checkers_beo1506.patch sysconfig.exim ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exim.spec ++++++ # # spec file for package exim # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: exim BuildRequires: cyrus-sasl-devel BuildRequires: db-devel BuildRequires: openldap2-devel BuildRequires: pcre-devel %if %{?suse_version:1}%{?!suse_version:0} BuildRequires: libopenssl-devel BuildRequires: tcpd-devel BuildRequires: xorg-x11-devel %else BuildRequires: libXaw-devel BuildRequires: libXext-devel BuildRequires: libXt-devel BuildRequires: openssl-devel BuildRequires: tcp_wrappers BuildRequires: xorg-x11-server-sdk %endif Url: http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix Provides: smtp_daemon %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800 Requires: logrotate %if 0%{?suse_version} > 1220 BuildRequires: gpg-offline BuildRequires: pkgconfig(systemd) %{?systemd_requires} %else Requires(pre): %insserv_prereq %endif Requires(pre): %fillup_prereq Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif Version: 4.83 Release: 0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel Provides: exim = %version %endif %if %{?build_with_pgsql:1}0 BuildRequires: postgresql-devel Provides: exim = %version %endif Summary: The Exim Mail Transfer Agent, a Replacement for sendmail License: GPL-2.0+ Group: Productivity/Networking/Email/Servers BuildRoot: %{_tmppath}/%{name}-%{version}-build Source: exim-%{version}.tar.bz2 Source3: exim-%{version}.tar.bz2.asc Source4: exim-pubkey_04d29eba.asc Source1: sysconfig.exim Source2: exim.logrotate Source11: exim.rc Source12: permissions.exim Source13: apparmor.usr.sbin.exim Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2 Source30: eximstats-html-update.py Source31: eximstats.conf Source32: exim.service Patch: exim-tail.patch Patch1: exim-enable_ecdh_openssl.patch Patch2: silence-static-checkers_beo1506.patch %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue Group: Productivity/Networking/Email/Servers %package -n eximstats-html Summary: Create HTML reports of exim logs Group: Productivity/Networking/Email/Servers Requires: perl-GD Requires: perl-GDGraph Requires: perl-GDTextUtil %endif %description Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style, it is similar to Smail 3, but its facilities are more extensive. In particular, it has options for verifying incoming sender and recipient addresses, for refusing mail from specified hosts, networks, or senders, and for controlling mail relaying. %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %description -n eximon This allows administrators to view the exim agent's mail queue and logs, and perform a variety of actions on queued messages, such as freezing, bouncing and thawing messages, and even editing body and header of mails. %description -n eximstats-html If this package is installed alongside the exim MTA, and you enable EXIM_REPORT_WEEKLY_HTML in /etc/sysconfig/exim, logrotate/cron will create HTML reports in /srv/www/eximstats. You can edit /etc/apache2/conf.d/eximstats.conf to configure your webserver for the reports. The script /usr/sbin/eximstats-html-update.py can create the reports for log files that were rotated in the past. (You would only run this once, if at all. The rest is done by logrotate / cron.) %endif %prep %{?gpg_verify: %gpg_verify --keyring %{SOURCE4} %{SOURCE3}} %setup -q -n exim-%{version} %patch %patch1 -p1 %patch2 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" pie="-pie" %endif %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 1100 CFLAGS_OPT_WERROR="-Werror=format-security -Werror=missing-format-attribute" %endif cat <<-EOF > Local/Makefile # see src/EDITME for comments. BIN_DIRECTORY=/usr/sbin CONFIGURE_FILE=/etc/exim/exim.conf EXIM_USER=mail EXIM_GROUP=mail SPOOL_DIRECTORY=/var/spool/exim ROUTER_ACCEPT=yes ROUTER_DNSLOOKUP=yes ROUTER_IPLITERAL=yes ROUTER_MANUALROUTE=yes ROUTER_QUERYPROGRAM=yes ROUTER_REDIRECT=yes # ROUTER_IPLOOKUP=yes TRANSPORT_APPENDFILE=yes TRANSPORT_AUTOREPLY=yes TRANSPORT_PIPE=yes TRANSPORT_SMTP=yes TRANSPORT_LMTP=yes SUPPORT_MAILDIR=yes SUPPORT_MAILSTORE=yes SUPPORT_MBX=yes LOOKUP_DBM=yes LOOKUP_LSEARCH=yes LOOKUP_CDB=yes LOOKUP_DNSDB=yes LOOKUP_DSEARCH=yes LOOKUP_LDAP=yes %if %{?build_with_mysql:1}0 LOOKUP_MYSQL=yes %endif %if %{?build_with_pgsql:1}0 LOOKUP_PGSQL=yes %endif LOOKUP_NIS=yes # LOOKUP_NISPLUS=yes # LOOKUP_ORACLE=yes LOOKUP_PASSWD=yes # LOOKUP_PGSQL=yes # LOOKUP_WHOSON=yes CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux LDAP_LIB_TYPE=OPENLDAP2 # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq LOOKUP_LIBS=-lldap -llber %if %{?build_with_mysql:1}0 LOOKUP_INCLUDE=-I /usr/include/mysql LOOKUP_LIBS=-lldap -llber -lmysqlclient %endif %if %{?build_with_pgsql:1}0 LOOKUP_INCLUDE=-I /usr/include/pgsql LOOKUP_LIBS=-lldap -llber -lpq %endif EXIM_MONITOR=eximon.bin WITH_CONTENT_SCAN=yes WITH_OLD_DEMIME=yes AUTH_CRAM_MD5=yes AUTH_PLAINTEXT=yes # AUTH_SPA=yes AUTH_DOVECOT=yes SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto INFO_DIRECTORY=%{_infodir} LOG_FILE_PATH=/var/log/exim/%%s.log EXICYCLOG_MAX=10 SYSLOG_LOG_PID=yes COMPRESS_COMMAND=/bin/gzip COMPRESS_SUFFIX=gz ZCAT_COMMAND=/usr/bin/zcat # SUPPORT_PAM=yes # You probably need to add -lpam to EXTRALIBS # RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf # CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck # USE_TCP_WRAPPERS=yes NO_SYMLINK=yes CHOWN_COMMAND=/bin/chown CHGRP_COMMAND=/bin/chgrp MV_COMMAND=/bin/mv RM_COMMAND=/bin/rm PERL_COMMAND=/usr/bin/perl # APPENDFILE_MODE=0600 # APPENDFILE_DIRECTORY_MODE=0700 # APPENDFILE_LOCKFILE_MODE=0600 # CONFIGURE_FILE_USE_NODE=yes # CONFIGURE_FILE_USE_EUID=yes # DELIVER_BUFFER_SIZE=8192 # EXIMDB_DIRECTORY_MODE=0750 # EXIMDB_MODE=0640 # EXIMDB_LOCKFILE_MODE=0640 # HEADER_MAXSIZE="(1024*1024)" # INPUT_DIRECTORY_MODE=0750 # LOG_DIRECTORY_MODE=0750 # LOG_MODE=0640 # LOOKUP_TESTDB=yes MAKE_SHELL=/bin/bash # MAX_NAMED_LIST=16 # MAXINTERFACES=250 # MSGLOG_DIRECTORY_MODE=0750 # PERL_CC= # PERL_CCOPTS= # PERL_LIBS= PID_FILE_PATH=/var/run/exim.pid # SPOOL_DIRECTORY_MODE=0750 # SPOOL_MODE=0640 SUPPORT_MOVE_FROZEN_MESSAGES=yes HAVE_IPV6=YES CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie EOF touch Local/eximon.conf rm -f doc/*.{orig,txt~} %build make %install %if 0%{?suse_version} > 1220 mkdir -p $RPM_BUILD_ROOT/%{_unitdir} %else mkdir -p $RPM_BUILD_ROOT/etc/init.d %endif mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin,lib} mkdir -p $RPM_BUILD_ROOT/var/log/exim mkdir -p $RPM_BUILD_ROOT/var/spool/mail/ mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8 mkdir -p $RPM_BUILD_ROOT/usr/bin make inst_dest=$RPM_BUILD_ROOT/usr/sbin \ inst_conf=$RPM_BUILD_ROOT/etc/exim/exim.conf \ inst_info=$RPM_BUILD_ROOT/%{_infodir} \ INSTALL_ARG=-no_chown install mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done %if 0%{?suse_version} > 1220 install -m 755 %{S:32} $RPM_BUILD_ROOT/%{_unitdir}/exim.service %else install -m 755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim %endif # aka... for i in \ /usr/lib/sendmail \ /usr/bin/runq \ /usr/bin/rsmtp \ /usr/bin/mailq \ /usr/bin/newaliases do ln -sf ../sbin/exim $RPM_BUILD_ROOT$i done ln -sf exim $RPM_BUILD_ROOT/usr/sbin/sendmail %if 0%{?suse_version} > 1220 ln -sv ../../%{_unitdir}/exim.service $RPM_BUILD_ROOT/usr/sbin/rcexim %else ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim %endif %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/ %else rm $RPM_BUILD_ROOT/usr/sbin/eximon* %endif cp -p %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.exim install -m 644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim # man pages mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8 tar xvjf %{S:20} cp -p exim4-manpages/* $RPM_BUILD_ROOT/%{_mandir}/man8/ for i in \ sendmail \ runq \ rsmtp \ mailq \ newaliases do ln -sf exim.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz done for i in \ exim_dumpdb \ exim_fixdb \ exim_tidydb do ln -sf exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz done perl -pi -e 's%/usr/share/doc/exim4%/usr/share/doc/packages/exim%g' `find $RPM_BUILD_ROOT/%{_mandir}/man8 -name "*.8"` gzip -9 doc/*.txt # # package the utilities without executable permissions, to silence rpmlint warnings chmod 644 util/*.{pl,sh} src/convert4r* # # eximstats-html files %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats mkdir -p $RPM_BUILD_ROOT/etc/apache2/conf.d/ cp -p $RPM_SOURCE_DIR/eximstats.conf $RPM_BUILD_ROOT/etc/apache2/conf.d/ install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbindir} %endif # apparmor profile install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim %pre %if 0%{?suse_version} > 1220 %service_add_pre exim.service %endif %post %if 0%{?suse_version} < 1131 %run_permissions %else %set_permissions /usr/sbin/exim %endif if ! test -s etc/exim/exim.conf; then if test -s etc/exim.conf; then mv etc/exim.conf etc/exim/ echo moving exim.conf to /etc/exim/ else cp -p usr/share/doc/packages/%{name}/configure.default etc/exim/exim.conf echo copying default config file to /etc/exim/exim.conf fi fi # create logfiles if missing for i in var/log/exim/main.log var/log/exim/panic.log var/log/exim/reject.log; do if ! test -e $i; then touch $i; chown mail:mail $i; chmod 640 $i ; fi done %if 0%{?suse_version} > 1220 %{fillup_only} %service_add_post exim.service %else %{fillup_and_insserv exim} %endif exit 0 %if %{?suse_version:1}%{?!suse_version:0} %preun %if 0%{?suse_version} > 1220 %service_del_preun exim.service %else %stop_on_removal exim %endif %endif %postun %if %{?suse_version:1}%{?!suse_version:0} %if 0%{?suse_version} > 1220 %service_del_postun exim.service %else %restart_on_update exim %endif %endif %insserv_cleanup %verifyscript %verify_permissions -e /usr/sbin/exim %files %defattr(-,root,root) %doc ACKNOWLEDGMENTS CHANGES LICENCE NOTICE README.UPDATING README %doc doc %doc src/configure.default %doc build-Linux-*/convert4r{3,4} %doc util %doc %{_mandir}/man8/* /usr/sbin/exicyclog /usr/sbin/exigrep /usr/sbin/exiqgrep %verify(not mode) %attr(4755,root,root) /usr/sbin/exim /usr/sbin/exim_* /usr/sbin/eximstats /usr/sbin/exinext /usr/sbin/exipick /usr/sbin/exiqsumm /usr/sbin/exiwhat %dir /etc/exim %if 0%{?suse_version} > 1220 %{_unitdir}/exim.service %else %config /etc/init.d/exim %endif %config(noreplace) /etc/logrotate.d/exim %if %{?suse_version:%suse_version}%{?!suse_version:99999} < 1000 %config(noreplace) /etc/permissions.d/exim %endif %dir /etc/apparmor %dir /etc/apparmor/profiles %dir /etc/apparmor/profiles/extras %config(noreplace) /etc/apparmor/profiles/extras/usr.sbin.exim /usr/sbin/rcexim /usr/bin/mailq /usr/bin/runq /usr/bin/rsmtp /usr/bin/newaliases /usr/sbin/sendmail /usr/lib/sendmail /var/adm/fillup-templates/sysconfig.exim %dir %attr(750,mail,mail) /var/log/exim %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %files -n eximon %defattr(-,root,root) /usr/bin/eximon /usr/bin/eximon.bin %files -n eximstats-html %defattr(-,root,root) %attr(0750,root,www) /srv/www/eximstats /etc/apache2 /etc/apache2/conf.d /etc/apache2/conf.d/eximstats.conf %{_sbindir}/eximstats-html-update.py %endif %changelog ++++++ apparmor.usr.sbin.exim ++++++ # vim:syntax=apparmor # Last Modified: Wed May 30 17:00:04 2007 #include <tunables/global> /usr/sbin/exim { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/consoles> #include <abstractions/user-mail> capability chown, capability dac_override, capability fowner, capability setgid, capability setuid, /etc/aliases r, /etc/exim/** r, /etc/greylistd/whitelist-hosts r, /proc/*/mounts r, /proc/loadavg r, /proc/net/if_inet6 r, /usr/bin/procmail Px, /usr/lib/cyrus/bin/deliver Px, /usr/lib/majordomo/wrapper px, /usr/sbin/exim ixr, /var/lib/greylistd/whitelist-hosts r, /var/lib/majordomo/lists/* r, /var/log/exim/*.log w, /var/run/exim.pid w, /var/run/greylistd/socket w, /var/spool/exim/** rw, } ++++++ exim-enable_ecdh_openssl.patch ++++++ # Taken from: # http://bugs.exim.org/show_bug.cgi?id=1397 # http://bugs.exim.org/attachment.cgi?id=661 Index: exim-4.83/src/globals.c =================================================================== --- exim-4.83.orig/src/globals.c +++ exim-4.83/src/globals.c @@ -150,6 +150,7 @@ that's the interop problem which has bee bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */ int tls_dh_max_bits = 2236; uschar *tls_dhparam = NULL; +uschar *tls_eccurve = NULL; #ifndef DISABLE_OCSP uschar *tls_ocsp_file = NULL; #endif Index: exim-4.83/src/globals.h =================================================================== --- exim-4.83.orig/src/globals.h +++ exim-4.83/src/globals.h @@ -114,6 +114,7 @@ extern uschar *tls_channelbinding_b64; / extern uschar *tls_crl; /* CRL File */ extern int tls_dh_max_bits; /* don't accept higher lib suggestions */ extern uschar *tls_dhparam; /* DH param file */ +extern uschar *tls_eccurve; /* EC curve */ #ifndef DISABLE_OCSP extern uschar *tls_ocsp_file; /* OCSP stapling proof file */ #endif Index: exim-4.83/src/readconf.c =================================================================== --- exim-4.83.orig/src/readconf.c +++ exim-4.83/src/readconf.c @@ -440,6 +440,7 @@ static optionlist optionlist_config[] = { "tls_crl", opt_stringptr, &tls_crl }, { "tls_dh_max_bits", opt_int, &tls_dh_max_bits }, { "tls_dhparam", opt_stringptr, &tls_dhparam }, + { "tls_eccurve", opt_stringptr, &tls_eccurve }, # ifndef DISABLE_OCSP { "tls_ocsp_file", opt_stringptr, &tls_ocsp_file }, # endif Index: exim-4.83/src/tls-openssl.c =================================================================== --- exim-4.83.orig/src/tls-openssl.c +++ exim-4.83/src/tls-openssl.c @@ -497,6 +497,59 @@ return TRUE; +#if !defined(OPENSSL_NO_ECDH) +static BOOL +init_ecdh(SSL_CTX *sctx, host_item *host) +{ +EC_KEY *ecdh; +int nid; + +# if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L +/* check if OpenSSL >= 1.0.2 auto ECDH temp key parameter selection should be used */ +if (Ustrcmp(tls_eccurve, "auto") == 0) + { + DEBUG(D_tls) debug_printf("ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n"); + SSL_CTX_set_ecdh_auto(sctx, 1); + return TRUE; + } +# endif + +if (tls_eccurve == NULL) + { + DEBUG(D_tls) + debug_printf("ECDH curve (default): prime256v1\n", tls_eccurve); + nid = NID_X9_62_prime256v1; + } +else + { + /* search curve name */ + DEBUG(D_tls) + debug_printf("ECDH curve: %s\n", tls_eccurve); + nid = OBJ_sn2nid((uschar *)tls_eccurve); + if (nid == 0) + { + tls_error(string_sprintf("Unkown curve name tls_eccurve \"%s\"", tls_eccurve), + host, NULL); + return FALSE; + } + } + +ecdh = EC_KEY_new_by_curve_name(nid); +if (ecdh == NULL) + { + tls_error("Unable to create ec curve", + host, NULL); + return FALSE; + } + +SSL_CTX_set_tmp_ecdh(sctx, ecdh); +EC_KEY_free(ecdh); + +return TRUE; +} +#endif + + #ifndef DISABLE_OCSP /************************************************* @@ -1134,6 +1187,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu rc = tls_expand_session_files(*ctxp, cbinfo); if (rc != OK) return rc; +#if !defined(OPENSSL_NO_ECDH) +/* Initialize ECDH temp key parameter selection */ +if (!init_ecdh(*ctxp, host)) return DEFER; +#endif + /* If we need to handle SNI, do so */ #ifdef EXIM_HAVE_OPENSSL_TLSEXT if (host == NULL) /* server */ ++++++ exim-tail.patch ++++++ From: Ruediger Oertel <ro at suse dot de> Subject: fix deprecated tail call syntax (-1) Reported-Upstream: Yes Bugtracker: bugs.exim.org 1080 Index: scripts/Configure-config.h =================================================================== --- scripts/Configure-config.h.orig +++ scripts/Configure-config.h @@ -47,7 +47,7 @@ fi # Double-check that config.h is complete. -if [ "`tail -1 config.h`" != "/* End of config.h */" ] ; then +if [ "`tail -n 1 config.h`" != "/* End of config.h */" ] ; then echo "*** config.h appears to be incomplete" echo "*** unexpected failure in buildconfig program" exit 1 ++++++ exim.logrotate ++++++ /var/log/exim/main.log { compress dateext notifempty missingok create 640 mail mail rotate 99 weekly #maxage 365 prerotate cd /var/log/exim test -f /etc/sysconfig/exim && source /etc/sysconfig/exim if test "$EXIM_REPORT_WEEKLY" = yes; then day=`date +%Y%m%d` report=weekly_report-$day eximstatsdir=/srv/www/eximstats/$day touch $report; chmod 640 $report; chown :mail $report eximstats main.log > $report if test "$EXIM_REPORT_WEEKLY_HTML" = yes; then mkdir $eximstatsdir eximstats -html -charts -chartdir $eximstatsdir main.log > $eximstatsdir/index.html fi if ! test -e no_report_mail && test "$EXIM_REPORT_WEEKLY_SEND" = yes; then mail -s "$(sed -n '2{p;q;}' < $report) ($(hostname))" postmaster < $report; fi if test -f $report.gz; then old $report.gz; fi gzip -f -9 $report fi endscript } /var/log/exim/reject.log { compress dateext notifempty missingok create 640 mail mail rotate 99 size 4M #maxage 365 } /var/log/exim/panic.log { compress dateext notifempty missingok create 640 mail mail rotate 99 size 1M #maxage 365 } ++++++ exim.rc ++++++ #! /bin/sh # Copyright (c) 2002-2003 SuSE Linux AG, Nuernberg, Germany. # Copyright (c) 2004-2008 SUSE Linux Products GmbH, Nuernberg, Germany. # All rights reserved. # # Author: Peter Poeml <po...@suse.de> # ### BEGIN INIT INFO # Provides: exim sendmail # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs $remote_fs $network # Should-Start: $named $time greylistd amavis spamd postgresql mysql # Should-Stop: $named greylistd amavis spamd postgresql mysql # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: exim MTA # Description: Start the exim MTA (mail transfer agent) ### END INIT INFO EXIM_PID=/var/run/exim.pid EXIM_BIN=/usr/sbin/exim if [ -s /etc/sysconfig/exim ]; then . /etc/sysconfig/exim else # pre 8.0 # Source SuSE config . /etc/rc.config # Determine the base and follow a runlevel link name. base=${0##*/} link=${base#*[SK][0-9][0-9]} # Force execution if not called by a runlevel directory. test $link = $base && START_EXIM=yes test "$START_EXIM" = yes || exit 0 fi . /etc/rc.status rc_reset case "$1" in start) echo -n "Initializing SMTP port (exim)" if [ -e $EXIM_PID ]; then startproc -p $EXIM_PID $EXIM_BIN $EXIM_ARGS else $EXIM_BIN $EXIM_ARGS fi rc_status -v ;; stop) echo -n "Shutting down SMTP port" killproc -p $EXIM_PID -TERM $EXIM_BIN rc_status -v ;; test) echo -n "Testing exim configuration" $EXIM_BIN -bV ;; try-restart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) $0 stop $0 start rc_status ;; reload|force-reload) echo -n "Reload service exim" kill -HUP `cat $EXIM_PID* 2>/dev/null` 2> /dev/null || true rc_status -v ;; status) echo -n "Checking for service exim: " checkproc -p $EXIM_PID $EXIM_BIN rc_status -v ;; probe) test /etc/exim.conf -nt $EXIM_PID \ && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 esac rc_exit ++++++ exim.service ++++++ [Unit] Description=Exim Mail Transport Agent After=network.target Conflicts=sendmail.service postfix.service [Service] PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} [Install] WantedBy=multi-user.target ++++++ eximstats-html-update.py ++++++ #!/usr/bin/python import os, os.path, glob outdir_base = '/srv/www/eximstats' def main(): os.chdir('/var/log/exim') reports = glob.glob('main.log-*.gz') + glob.glob('main.log-*.bz2') for report in reports: (base, ext) = os.path.splitext(report) daystr = base[-8:] outdir = os.path.join(outdir_base, daystr) if os.path.exists(outdir): continue print 'processing', daystr os.mkdir(outdir) if ext == '.gz': catprg = 'zcat' elif ext == '.bz2': catprg = 'bzcat' os.system('%s %s | eximstats -html -charts -chartdir %s > %s/index.html' \ % (catprg, report, outdir, outdir)) if __name__ == '__main__': main() ++++++ eximstats.conf ++++++ Alias /eximstats /srv/www/eximstats <Directory /srv/www/eximstats> Order allow,deny Allow from all Options +Indexes </Directory> ++++++ permissions.exim ++++++ /usr/sbin/exim root:root 4755 ++++++ silence-static-checkers_beo1506.patch ++++++ Author: Lars Mueller <lmue...@suse.com> Date: Wed Jul 23 07:22:52 2014 -0700 Bug 1506: Silence static checkers. ยทยทยทยท Re-adds a return NULL which was removed because it was redundant. Static checkers don't parse the logic, so adding it back to make them happy. Index: exim-4.83/src/expand.c =================================================================== --- exim-4.83.orig/src/expand.c +++ exim-4.83/src/expand.c @@ -1879,6 +1879,8 @@ switch (vp->type) #endif } + +return NULL; /* Unknown variable. Silences static checkers. */ } ++++++ sysconfig.exim ++++++ ## Path: Network/Mail/Exim ## Description: Exim mailserver configuration ## Type: string ## Default: "-bd -q30m" ## ServiceRestart: exim # # Command line arguments to hand over to exim # Normally: -bd -q30m (run as background daemon) # EXIM_ARGS="-bd -q30m" ## Type: yesno ## Default: "no" # # Create weekly reports (see man 8 eximstats)? # The reports are saved in the same directory as the log files. # # To see an example of the reports, you can use this command: # eximstats < /var/log/exim/main.log |less # EXIM_REPORT_WEEKLY="no" ## Type: yesno ## Default: "no" # # Create HTML reports (see the EXIM_REPORT_WEEKLY setting) in # /srv/www/eximstats? # needs the eximstats-html package to be installed # EXIM_REPORT_WEEKLY_HTML="no" ## Type: yesno ## Default: "no" # # Send the reports (see the EXIM_REPORT_WEEKLY setting) via mail to # postmaster? # EXIM_REPORT_WEEKLY_SEND="no" -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org