2006-06-03 19:23:03 +00:00
|
|
|
#
|
2011-02-04 18:40:19 +00:00
|
|
|
# spec file for package exim
|
2006-06-03 19:23:03 +00:00
|
|
|
#
|
2022-06-29 14:37:00 +00:00
|
|
|
# Copyright (c) 2022 SUSE LLC
|
2006-06-03 19:23:03 +00:00
|
|
|
#
|
2010-07-27 15:57:48 +00:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2019-12-29 15:43:33 +00:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2006-06-03 19:23:03 +00:00
|
|
|
#
|
|
|
|
|
|
2008-07-11 09:58:23 +00:00
|
|
|
|
2017-11-24 09:59:37 +00:00
|
|
|
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
|
|
|
|
%if ! %{defined _fillupdir}
|
|
|
|
|
%define _fillupdir /var/adm/fillup-templates
|
|
|
|
|
%endif
|
|
|
|
|
|
2015-01-12 16:44:39 +00:00
|
|
|
%bcond_without mysql
|
|
|
|
|
%bcond_without pgsql
|
2016-10-03 16:20:54 +00:00
|
|
|
%bcond_without sqlite
|
2015-01-12 16:44:39 +00:00
|
|
|
%bcond_without ldap
|
2019-06-08 17:03:13 +00:00
|
|
|
%bcond_without i18n
|
|
|
|
|
|
|
|
|
|
%if 0%{?suse_version} > 1199 || 0%{?centos_version} > 599 || 0%{?rhel_version} > 599
|
|
|
|
|
%bcond_without dane
|
2017-04-25 09:33:40 +00:00
|
|
|
%else
|
2019-06-08 17:03:13 +00:00
|
|
|
%bcond_with dane
|
2017-04-25 09:33:40 +00:00
|
|
|
%endif
|
2015-01-12 16:44:39 +00:00
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
Name: exim
|
2013-06-16 13:24:21 +00:00
|
|
|
BuildRequires: cyrus-sasl-devel
|
2012-03-17 18:09:44 +00:00
|
|
|
BuildRequires: db-devel
|
2016-10-03 16:20:54 +00:00
|
|
|
BuildRequires: libidn-devel
|
2017-10-16 08:31:15 +00:00
|
|
|
%if 0%{?suse_version} >= 1330
|
|
|
|
|
BuildRequires: libnsl-devel
|
|
|
|
|
%endif
|
2015-01-12 16:44:39 +00:00
|
|
|
BuildRequires: libspf2-devel
|
2016-10-03 16:20:54 +00:00
|
|
|
BuildRequires: pam-devel
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_ldap}
|
2012-03-17 18:09:44 +00:00
|
|
|
BuildRequires: openldap2-devel
|
2015-01-12 16:44:39 +00:00
|
|
|
%endif
|
Accepting request 985275 from home:pwcau:branches:server:mail
- update to exim 4.96
* Move from using the pcre library to pcre2.
* Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the "headers_charset"
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
* Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
* Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
* Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
* Fix macro-definition during "-be" expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for "-be" mode.
* Convert all uses of select() to poll().
* Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections.
* Bug 2838: Fix for i32lp64 hard-align platforms
* Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given.
* Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
* Debugging initiated by an ACL control now continues through into routing
and transport processes.
* The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
* Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
* Support for Berkeley DB versions 1 and 2 is withdrawn.
* When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename.
* Remove the "allow_insecure_tainted_data" main config option and the
"taint" log_selector.
* Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
* The ${run} expansion item now expands its command string elements after
splitting. Previously it was before; the new ordering makes handling
zero-length arguments simpler.
* Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
* Fix CHUNKING on a continued-transport. Previously the usabilility of
the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
* Support the PIPECONNECT facility in the smtp transport when the helo_data
uses $sending_ip_address and an interface is specified.
* OpenSSL: fix transport-required OCSP stapling verification under session
resumption.
* TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
* Fix string_copyn() for limit greater than actual string length.
* Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection.
* Fix CHUNKING for a second message on a connection when the first was
rejected.
* Fix ${srs_encode ...} to handle an empty sender address, now returning
an empty address.
* Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy.
OBS-URL: https://build.opensuse.org/request/show/985275
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=260
2022-06-27 09:57:54 +00:00
|
|
|
BuildRequires: pcre2-devel
|
2006-06-07 21:58:55 +00:00
|
|
|
BuildRequires: tcpd-devel
|
2018-03-20 10:29:00 +00:00
|
|
|
BuildRequires: pkgconfig(libcrypto)
|
|
|
|
|
BuildRequires: pkgconfig(libssl)
|
|
|
|
|
BuildRequires: pkgconfig(xaw7)
|
|
|
|
|
BuildRequires: pkgconfig(xmu)
|
|
|
|
|
BuildRequires: pkgconfig(xt)
|
2019-12-29 15:43:33 +00:00
|
|
|
URL: http://www.exim.org/
|
2021-07-15 10:29:19 +00:00
|
|
|
Conflicts: postfix
|
|
|
|
|
Conflicts: sendmail
|
|
|
|
|
Conflicts: sendmail-tls
|
2008-07-11 09:58:23 +00:00
|
|
|
Provides: smtp_daemon
|
2006-06-03 19:23:03 +00:00
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
|
|
|
|
|
Requires: logrotate
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2013-11-06 14:19:55 +00:00
|
|
|
BuildRequires: pkgconfig(systemd)
|
|
|
|
|
%{?systemd_requires}
|
|
|
|
|
%else
|
2013-11-06 14:26:33 +00:00
|
|
|
Requires(pre): %insserv_prereq
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2017-06-22 14:02:16 +00:00
|
|
|
Requires(pre): %fillup_prereq permissions
|
|
|
|
|
%if 0%{?suse_version} >= 1330
|
|
|
|
|
BuildRequires: group(mail)
|
|
|
|
|
BuildRequires: user(mail)
|
|
|
|
|
Requires(pre): user(mail)
|
|
|
|
|
Requires(pre): group(mail)
|
|
|
|
|
%endif
|
2013-11-06 14:19:55 +00:00
|
|
|
Requires(pre): fileutils textutils
|
2006-06-03 19:23:03 +00:00
|
|
|
%endif
|
Accepting request 985275 from home:pwcau:branches:server:mail
- update to exim 4.96
* Move from using the pcre library to pcre2.
* Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the "headers_charset"
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
* Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
* Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
* Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
* Fix macro-definition during "-be" expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for "-be" mode.
* Convert all uses of select() to poll().
* Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections.
* Bug 2838: Fix for i32lp64 hard-align platforms
* Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given.
* Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
* Debugging initiated by an ACL control now continues through into routing
and transport processes.
* The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
* Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
* Support for Berkeley DB versions 1 and 2 is withdrawn.
* When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename.
* Remove the "allow_insecure_tainted_data" main config option and the
"taint" log_selector.
* Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
* The ${run} expansion item now expands its command string elements after
splitting. Previously it was before; the new ordering makes handling
zero-length arguments simpler.
* Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
* Fix CHUNKING on a continued-transport. Previously the usabilility of
the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
* Support the PIPECONNECT facility in the smtp transport when the helo_data
uses $sending_ip_address and an interface is specified.
* OpenSSL: fix transport-required OCSP stapling verification under session
resumption.
* TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
* Fix string_copyn() for limit greater than actual string length.
* Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection.
* Fix CHUNKING for a second message on a connection when the first was
rejected.
* Fix ${srs_encode ...} to handle an empty sender address, now returning
an empty address.
* Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy.
OBS-URL: https://build.opensuse.org/request/show/985275
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=260
2022-06-27 09:57:54 +00:00
|
|
|
Version: 4.96
|
2022-10-18 11:52:11 +00:00
|
|
|
Release: 2
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_mysql}
|
2010-07-27 15:57:48 +00:00
|
|
|
BuildRequires: mysql-devel
|
|
|
|
|
%endif
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_pgsql}
|
2011-03-10 18:42:26 +00:00
|
|
|
BuildRequires: postgresql-devel
|
|
|
|
|
%endif
|
2016-10-03 16:20:54 +00:00
|
|
|
%if %{with_sqlite}
|
|
|
|
|
BuildRequires: sqlite3-devel
|
|
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
Summary: The Exim Mail Transfer Agent, a Replacement for sendmail
|
2018-03-20 10:29:00 +00:00
|
|
|
License: GPL-2.0-or-later
|
2012-03-17 18:09:44 +00:00
|
|
|
Group: Productivity/Networking/Email/Servers
|
2006-06-03 19:23:03 +00:00
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
2020-06-03 05:53:11 +00:00
|
|
|
Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
|
|
|
|
|
Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
|
2015-12-11 10:54:04 +00:00
|
|
|
# http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
|
2014-11-26 14:42:09 +00:00
|
|
|
Source4: exim.keyring
|
2006-06-03 19:23:03 +00:00
|
|
|
Source1: sysconfig.exim
|
|
|
|
|
Source2: exim.logrotate
|
|
|
|
|
Source11: exim.rc
|
|
|
|
|
Source12: permissions.exim
|
2007-05-24 09:55:38 +00:00
|
|
|
Source13: apparmor.usr.sbin.exim
|
2006-06-03 19:23:03 +00:00
|
|
|
Source30: eximstats-html-update.py
|
|
|
|
|
Source31: eximstats.conf
|
2015-04-17 16:29:46 +00:00
|
|
|
Source32: eximstats.conf-2.2
|
|
|
|
|
Source40: exim.service
|
2020-08-24 10:42:42 +00:00
|
|
|
Source41: exim_db.8.gz
|
2017-04-25 09:33:40 +00:00
|
|
|
Patch0: exim-tail.patch
|
2019-02-18 09:04:39 +00:00
|
|
|
Patch1: gnu_printf.patch
|
2022-09-29 14:00:47 +00:00
|
|
|
Patch2: patch-no-exit-on-rewrite-malformed-address.patch
|
2022-10-18 11:52:11 +00:00
|
|
|
Patch3: patch-cve-2022-3559
|
2019-02-18 09:04:39 +00:00
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
%package -n eximon
|
|
|
|
|
Summary: Eximon, an graphical frontend to administer Exim's mail queue
|
|
|
|
|
Group: Productivity/Networking/Email/Servers
|
2008-07-11 09:58:23 +00:00
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
%package -n eximstats-html
|
2006-08-03 14:27:50 +00:00
|
|
|
Summary: Create HTML reports of exim logs
|
2006-06-03 19:23:03 +00:00
|
|
|
Group: Productivity/Networking/Email/Servers
|
2012-03-17 18:09:44 +00:00
|
|
|
Requires: perl-GD
|
|
|
|
|
Requires: perl-GDGraph
|
|
|
|
|
Requires: perl-GDTextUtil
|
2006-06-03 19:23:03 +00:00
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
Exim is a mail transport agent (MTA) developed at the University of
|
|
|
|
|
Cambridge for use on Unix systems connected to the Internet. It is
|
|
|
|
|
freely available under the terms of the GNU General Public Licence. In
|
|
|
|
|
style, it is similar to Smail 3, but its facilities are more extensive.
|
|
|
|
|
In particular, it has options for verifying incoming sender and
|
|
|
|
|
recipient addresses, for refusing mail from specified hosts, networks,
|
|
|
|
|
or senders, and for controlling mail relaying.
|
|
|
|
|
|
|
|
|
|
%description -n eximon
|
|
|
|
|
This allows administrators to view the exim agent's mail queue and
|
|
|
|
|
logs, and perform a variety of actions on queued messages, such as
|
|
|
|
|
freezing, bouncing and thawing messages, and even editing body and
|
|
|
|
|
header of mails.
|
|
|
|
|
|
|
|
|
|
%description -n eximstats-html
|
2006-08-03 14:27:50 +00:00
|
|
|
If this package is installed alongside the exim MTA, and you enable
|
|
|
|
|
EXIM_REPORT_WEEKLY_HTML in /etc/sysconfig/exim, logrotate/cron will
|
|
|
|
|
create HTML reports in /srv/www/eximstats.
|
|
|
|
|
|
|
|
|
|
You can edit /etc/apache2/conf.d/eximstats.conf to configure your
|
|
|
|
|
webserver for the reports.
|
|
|
|
|
|
|
|
|
|
The script /usr/sbin/eximstats-html-update.py can create the reports
|
|
|
|
|
for log files that were rotated in the past. (You would only run this
|
|
|
|
|
once, if at all. The rest is done by logrotate / cron.)
|
|
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
%prep
|
2006-08-04 13:16:50 +00:00
|
|
|
%setup -q -n exim-%{version}
|
2017-04-25 09:33:40 +00:00
|
|
|
%patch0
|
2019-02-18 09:04:39 +00:00
|
|
|
%patch1 -p1
|
2022-09-29 14:05:12 +00:00
|
|
|
%patch2 -p1
|
2022-10-18 11:52:11 +00:00
|
|
|
%patch3 -p1
|
2006-06-03 19:23:03 +00:00
|
|
|
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
|
|
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
|
|
|
|
|
fPIE="-fPIE"
|
|
|
|
|
pie="-pie"
|
|
|
|
|
%endif
|
2015-01-24 23:07:35 +00:00
|
|
|
%if 0%{?suse_version} > 1100 || 0%{?centos_version} > 599 || 0%{?rhel_version} > 599
|
2012-03-17 20:16:14 +00:00
|
|
|
CFLAGS_OPT_WERROR="-Werror=format-security -Werror=missing-format-attribute"
|
2012-03-17 20:08:07 +00:00
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
cat <<-EOF > Local/Makefile
|
|
|
|
|
# see src/EDITME for comments.
|
|
|
|
|
BIN_DIRECTORY=/usr/sbin
|
|
|
|
|
CONFIGURE_FILE=/etc/exim/exim.conf
|
2017-07-05 11:40:31 +00:00
|
|
|
EXIM_USER=ref:mail
|
|
|
|
|
EXIM_GROUP=ref:mail
|
2006-06-03 19:23:03 +00:00
|
|
|
SPOOL_DIRECTORY=/var/spool/exim
|
|
|
|
|
ROUTER_ACCEPT=yes
|
|
|
|
|
ROUTER_DNSLOOKUP=yes
|
|
|
|
|
ROUTER_IPLITERAL=yes
|
|
|
|
|
ROUTER_MANUALROUTE=yes
|
|
|
|
|
ROUTER_QUERYPROGRAM=yes
|
|
|
|
|
ROUTER_REDIRECT=yes
|
|
|
|
|
# ROUTER_IPLOOKUP=yes
|
|
|
|
|
TRANSPORT_APPENDFILE=yes
|
|
|
|
|
TRANSPORT_AUTOREPLY=yes
|
|
|
|
|
TRANSPORT_PIPE=yes
|
|
|
|
|
TRANSPORT_SMTP=yes
|
|
|
|
|
TRANSPORT_LMTP=yes
|
|
|
|
|
SUPPORT_MAILDIR=yes
|
|
|
|
|
SUPPORT_MAILSTORE=yes
|
|
|
|
|
SUPPORT_MBX=yes
|
|
|
|
|
LOOKUP_DBM=yes
|
|
|
|
|
LOOKUP_LSEARCH=yes
|
|
|
|
|
LOOKUP_CDB=yes
|
|
|
|
|
LOOKUP_DNSDB=yes
|
|
|
|
|
LOOKUP_DSEARCH=yes
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_ldap}
|
2006-06-03 19:23:03 +00:00
|
|
|
LOOKUP_LDAP=yes
|
2015-01-12 16:44:39 +00:00
|
|
|
%endif
|
|
|
|
|
%if %{with_mysql}
|
2006-08-04 12:32:06 +00:00
|
|
|
LOOKUP_MYSQL=yes
|
2011-03-10 18:42:26 +00:00
|
|
|
%endif
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_pgsql}
|
2011-03-10 18:42:26 +00:00
|
|
|
LOOKUP_PGSQL=yes
|
2016-10-03 16:20:54 +00:00
|
|
|
%endif
|
|
|
|
|
%if %{with_sqlite}
|
|
|
|
|
LOOKUP_SQLITE=yes
|
2006-08-04 12:32:06 +00:00
|
|
|
%endif
|
2006-12-20 13:03:17 +00:00
|
|
|
LOOKUP_NIS=yes
|
2006-06-03 19:23:03 +00:00
|
|
|
# LOOKUP_NISPLUS=yes
|
|
|
|
|
LOOKUP_PASSWD=yes
|
|
|
|
|
# LOOKUP_WHOSON=yes
|
|
|
|
|
CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux
|
2019-12-17 21:25:57 +00:00
|
|
|
LOOKUP_LIBS=-llber -lnsl
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_ldap}
|
|
|
|
|
LDAP_LIB_TYPE=OPENLDAP2
|
|
|
|
|
LOOKUP_LIBS+=-lldap
|
2011-03-10 18:42:26 +00:00
|
|
|
%endif
|
2015-01-12 16:44:39 +00:00
|
|
|
%if %{with_mysql}
|
|
|
|
|
LOOKUP_INCLUDE+=-I /usr/include/mysql
|
2015-01-24 22:17:02 +00:00
|
|
|
LOOKUP_LIBS+=-L %{_libdir}/mysql -lmysqlclient
|
2015-01-12 16:44:39 +00:00
|
|
|
%endif
|
|
|
|
|
%if %{with_pgsql}
|
|
|
|
|
LOOKUP_INCLUDE+=-I /usr/include/pgsql
|
|
|
|
|
LOOKUP_LIBS+=-lpq
|
2016-10-03 16:20:54 +00:00
|
|
|
%endif
|
|
|
|
|
%if %{with_sqlite}
|
|
|
|
|
LOOKUP_INCLUDE+=-I /usr/include/sqlite3
|
|
|
|
|
LOOKUP_LIBS+=-lsqlite3
|
2006-08-04 12:32:06 +00:00
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
EXIM_MONITOR=eximon.bin
|
|
|
|
|
WITH_CONTENT_SCAN=yes
|
2016-10-03 16:20:54 +00:00
|
|
|
#WITH_OLD_DEMIME=yes
|
2006-06-03 19:23:03 +00:00
|
|
|
AUTH_CRAM_MD5=yes
|
2016-10-03 16:20:54 +00:00
|
|
|
AUTH_CYRUS_SASL=yes
|
2006-06-03 19:23:03 +00:00
|
|
|
AUTH_PLAINTEXT=yes
|
2015-01-12 16:44:39 +00:00
|
|
|
AUTH_SPA=yes
|
2006-12-20 13:03:17 +00:00
|
|
|
AUTH_DOVECOT=yes
|
2016-10-03 16:20:54 +00:00
|
|
|
AUTH_TLS=yes
|
|
|
|
|
AUTH_LIBS=-lsasl2
|
2019-12-17 21:25:57 +00:00
|
|
|
USE_OPENSSL=yes
|
2006-06-03 19:23:03 +00:00
|
|
|
TLS_LIBS=-lssl -lcrypto
|
|
|
|
|
INFO_DIRECTORY=%{_infodir}
|
|
|
|
|
LOG_FILE_PATH=/var/log/exim/%%s.log
|
|
|
|
|
EXICYCLOG_MAX=10
|
2006-10-02 11:37:05 +00:00
|
|
|
SYSLOG_LOG_PID=yes
|
2016-10-03 16:20:54 +00:00
|
|
|
SYSLOG_LONG_LINES=yes
|
2006-06-03 19:23:03 +00:00
|
|
|
COMPRESS_COMMAND=/bin/gzip
|
|
|
|
|
COMPRESS_SUFFIX=gz
|
|
|
|
|
ZCAT_COMMAND=/usr/bin/zcat
|
2016-10-03 16:20:54 +00:00
|
|
|
SUPPORT_PAM=yes
|
2006-06-03 19:23:03 +00:00
|
|
|
# You probably need to add -lpam to EXTRALIBS
|
|
|
|
|
# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
|
|
|
|
|
# CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck
|
|
|
|
|
# USE_TCP_WRAPPERS=yes
|
|
|
|
|
NO_SYMLINK=yes
|
|
|
|
|
CHOWN_COMMAND=/bin/chown
|
|
|
|
|
CHGRP_COMMAND=/bin/chgrp
|
|
|
|
|
MV_COMMAND=/bin/mv
|
|
|
|
|
RM_COMMAND=/bin/rm
|
|
|
|
|
PERL_COMMAND=/usr/bin/perl
|
|
|
|
|
# APPENDFILE_MODE=0600
|
|
|
|
|
# APPENDFILE_DIRECTORY_MODE=0700
|
|
|
|
|
# APPENDFILE_LOCKFILE_MODE=0600
|
|
|
|
|
# CONFIGURE_FILE_USE_NODE=yes
|
|
|
|
|
# CONFIGURE_FILE_USE_EUID=yes
|
|
|
|
|
# DELIVER_BUFFER_SIZE=8192
|
|
|
|
|
# EXIMDB_DIRECTORY_MODE=0750
|
|
|
|
|
# EXIMDB_MODE=0640
|
|
|
|
|
# EXIMDB_LOCKFILE_MODE=0640
|
|
|
|
|
# HEADER_MAXSIZE="(1024*1024)"
|
|
|
|
|
# INPUT_DIRECTORY_MODE=0750
|
|
|
|
|
# LOG_DIRECTORY_MODE=0750
|
|
|
|
|
# LOG_MODE=0640
|
|
|
|
|
# LOOKUP_TESTDB=yes
|
|
|
|
|
MAKE_SHELL=/bin/bash
|
2016-10-03 16:20:54 +00:00
|
|
|
MAX_NAMED_LIST=64
|
2006-06-03 19:23:03 +00:00
|
|
|
# MAXINTERFACES=250
|
|
|
|
|
# MSGLOG_DIRECTORY_MODE=0750
|
|
|
|
|
# PERL_CC=
|
|
|
|
|
# PERL_CCOPTS=
|
|
|
|
|
# PERL_LIBS=
|
|
|
|
|
PID_FILE_PATH=/var/run/exim.pid
|
|
|
|
|
# SPOOL_DIRECTORY_MODE=0750
|
|
|
|
|
# SPOOL_MODE=0640
|
|
|
|
|
SUPPORT_MOVE_FROZEN_MESSAGES=yes
|
|
|
|
|
HAVE_IPV6=YES
|
2019-06-08 17:03:13 +00:00
|
|
|
SUPPORT_SPF=yes
|
2015-01-12 16:44:39 +00:00
|
|
|
LOOKUP_LIBS+=-lspf2
|
2019-12-17 21:25:57 +00:00
|
|
|
#SUPPORT_DMARC=yes
|
2016-10-03 16:20:54 +00:00
|
|
|
#CFLAGS += -I/usr/local/include
|
|
|
|
|
#LDFLAGS += -lopendmarc
|
|
|
|
|
EXPERIMENTAL_EVENT=yes
|
|
|
|
|
EXPERIMENTAL_PROXY=yes
|
|
|
|
|
EXPERIMENTAL_CERTNAMES=yes
|
|
|
|
|
EXPERIMENTAL_DSN=yes
|
2017-11-27 10:36:58 +00:00
|
|
|
SYSTEM_ALIASES_FILE=/etc/aliases
|
2017-04-25 09:33:40 +00:00
|
|
|
%if %{with dane}
|
2019-06-08 17:03:13 +00:00
|
|
|
SUPPORT_DANE=yes
|
2017-04-25 09:33:40 +00:00
|
|
|
%endif
|
2016-10-03 16:20:54 +00:00
|
|
|
EXPERIMENTAL_SOCKS=yes
|
2017-04-25 09:33:40 +00:00
|
|
|
%if %{with i18n}
|
2016-10-03 16:20:54 +00:00
|
|
|
EXPERIMENTAL_INTERNATIONAL=yes
|
2017-04-25 09:33:40 +00:00
|
|
|
%endif
|
2017-11-27 10:01:58 +00:00
|
|
|
LDFLAGS += -lidn
|
2019-12-17 21:25:57 +00:00
|
|
|
CFLAGS=$RPM_OPT_FLAGS -std=gnu99 -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
|
2016-10-03 16:20:54 +00:00
|
|
|
EXTRALIBS=-ldl -lpam -L/usr/X11R6/%{_lib} $pie
|
2006-06-03 19:23:03 +00:00
|
|
|
EOF
|
|
|
|
|
touch Local/eximon.conf
|
|
|
|
|
rm -f doc/*.{orig,txt~}
|
|
|
|
|
|
|
|
|
|
%build
|
2008-07-11 09:58:23 +00:00
|
|
|
make
|
2006-06-03 19:23:03 +00:00
|
|
|
|
|
|
|
|
%install
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2013-11-06 14:19:55 +00:00
|
|
|
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
|
|
|
|
|
%else
|
2006-06-03 19:23:03 +00:00
|
|
|
mkdir -p $RPM_BUILD_ROOT/etc/init.d
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2022-06-29 14:37:00 +00:00
|
|
|
%if 0%{?suse_version} > 1500
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_distconfdir}/logrotate.d
|
|
|
|
|
%else
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
|
|
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin,lib}
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/var/log/exim
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/var/spool/mail/
|
2022-09-07 06:58:15 +00:00
|
|
|
ln -s spool/mail $RPM_BUILD_ROOT/var
|
2017-11-24 09:59:37 +00:00
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
|
2006-06-03 19:23:03 +00:00
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8
|
2007-03-09 10:08:02 +00:00
|
|
|
mkdir -p $RPM_BUILD_ROOT/usr/bin
|
2006-06-03 19:23:03 +00:00
|
|
|
make inst_dest=$RPM_BUILD_ROOT/usr/sbin \
|
|
|
|
|
inst_conf=$RPM_BUILD_ROOT/etc/exim/exim.conf \
|
|
|
|
|
inst_info=$RPM_BUILD_ROOT/%{_infodir} \
|
|
|
|
|
INSTALL_ARG=-no_chown install
|
2016-03-02 21:22:07 +00:00
|
|
|
#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
|
Accepting request 576288 from home:kbabioch:branches:server:mail
- update to 4.90.1
* Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
during configuration. Wildcards are allowed and expanded.
* Shorten the log line for daemon startup by collapsing adjacent sets of
identical IP addresses on different listening ports. Will also affect
"exiwhat" output.
* Tighten up the checking in isip4 (et al): dotted-quad components larger
than 255 are no longer allowed.
* Default openssl_options to include +no_ticket, to reduce load on peers.
Disable the session-cache too, which might reduce our load. Since we
currrectly use a new context for every connection, both as server and
client, there is no benefit for these.
* Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
<https://reproducible-builds.org/specs/source-date-epoch/>.
* Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
the check for any unsuccessful recipients did not notice the limit, and
erroneously found still-pending ones.
* Pipeline CHUNKING command and data together, on kernels that support
MSG_MORE. Only in-clear (not on TLS connections).
* Avoid using a temporary file during transport using dkim. Unless a
transport-filter is involved we can buffer the headers in memory for
creating the signature, and read the spool data file once for the
signature and again for transmission.
* Enable use of sendfile in Linux builds as default. It was disabled in
4.77 as the kernel support then wasn't solid, having issues in 64bit
mode. Now, it's been long enough. Add support for FreeBSD also.
* Add commandline_checks_require_admin option.
* Do pipelining under TLS.
* For the "sock" variant of the malware scanner interface, accept an empty
cmdline element to get the documented default one. Previously it was
inaccessible.
* Prevent repeated use of -p/-oMr
* DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
if present.
* DKIM: when a message has multiple signatures matching an identity given
in dkim_verify_signers, run the dkim acl once for each.
* Support IDNA2008.
* The path option on a pipe transport is now expanded before use
* Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
- Several bug fixes
- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
- removed patches (included upstream now):
* exim-CVE-2017-1000369.patch
* exim-CVE-2017-16943.patch
* exim-CVE-2017-16944.patch
* exim-4.86.2-mariadb_102_compile_fix.patch
old: server:mail/exim
new: home:kbabioch:branches:server:mail/exim rev None
Index: exim.changes
===================================================================
--- exim.changes (revision 200)
+++ exim.changes (revision 4)
@@ -1,4 +1,54 @@
-------------------------------------------------------------------
+Tue Feb 13 13:39:34 UTC 2018 - kbabioch@suse.com
+
+- update to 4.90.1
+ * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+ during configuration. Wildcards are allowed and expanded.
+ * Shorten the log line for daemon startup by collapsing adjacent sets of
+ identical IP addresses on different listening ports. Will also affect
+ "exiwhat" output.
+ * Tighten up the checking in isip4 (et al): dotted-quad components larger
+ than 255 are no longer allowed.
+ * Default openssl_options to include +no_ticket, to reduce load on peers.
+ Disable the session-cache too, which might reduce our load. Since we
+ currrectly use a new context for every connection, both as server and
+ client, there is no benefit for these.
+ * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
+ <https://reproducible-builds.org/specs/source-date-epoch/>.
+ * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
+ the check for any unsuccessful recipients did not notice the limit, and
+ erroneously found still-pending ones.
+ * Pipeline CHUNKING command and data together, on kernels that support
+ MSG_MORE. Only in-clear (not on TLS connections).
+ * Avoid using a temporary file during transport using dkim. Unless a
+ transport-filter is involved we can buffer the headers in memory for
+ creating the signature, and read the spool data file once for the
+ signature and again for transmission.
+ * Enable use of sendfile in Linux builds as default. It was disabled in
+ 4.77 as the kernel support then wasn't solid, having issues in 64bit
+ mode. Now, it's been long enough. Add support for FreeBSD also.
+ * Add commandline_checks_require_admin option.
+ * Do pipelining under TLS.
+ * For the "sock" variant of the malware scanner interface, accept an empty
+ cmdline element to get the documented default one. Previously it was
+ inaccessible.
+ * Prevent repeated use of -p/-oMr
+ * DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
+ if present.
+ * DKIM: when a message has multiple signatures matching an identity given
+ in dkim_verify_signers, run the dkim acl once for each.
+ * Support IDNA2008.
+ * The path option on a pipe transport is now expanded before use
+ * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+- Several bug fixes
+- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
+- removed patches (included upstream now):
+ * exim-CVE-2017-1000369.patch
+ * exim-CVE-2017-16943.patch
+ * exim-CVE-2017-16944.patch
+ * exim-4.86.2-mariadb_102_compile_fix.patch
+
+-------------------------------------------------------------------
Thu Nov 30 08:32:50 UTC 2017 - wullinger@rz.uni-kiel.de
- add exim-CVE-2017-16944.patch:
Index: exim.spec
===================================================================
--- exim.spec (revision 200)
+++ exim.spec (revision 4)
@@ -1,7 +1,7 @@
#
# spec file for package exim
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -78,7 +78,7 @@
%endif
Requires(pre): fileutils textutils
%endif
-Version: 4.88
+Version: 4.90.1
Release: 0
%if %{with_mysql}
BuildRequires: mysql-devel
@@ -93,8 +93,8 @@
License: GPL-2.0+
Group: Productivity/Networking/Email/Servers
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
-Source3: http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
+Source: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
+Source3: http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
# http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
Source4: exim.keyring
Source1: sysconfig.exim
@@ -107,10 +107,6 @@
Source32: eximstats.conf-2.2
Source40: exim.service
Patch0: exim-tail.patch
-Patch3: exim-CVE-2017-1000369.patch
-Patch4: exim-CVE-2017-16943.patch
-Patch5: exim-CVE-2017-16944.patch
-Patch6: exim-4.86.2-mariadb_102_compile_fix.patch
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
@@ -153,10 +149,6 @@
%prep
%setup -q -n exim-%{version}
%patch0
-%patch3 -p 1
-%patch4 -p 1
-%patch5 -p 1
-%patch6 -p 1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
@@ -328,7 +320,7 @@
inst_info=$RPM_BUILD_ROOT/%{_infodir} \
INSTALL_ARG=-no_chown install
#mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
-mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim
+mv $RPM_BUILD_ROOT/usr/sbin/exim-4.9* $RPM_BUILD_ROOT/usr/sbin/exim
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done
%if 0%{?suse_version} > 1220
install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
Index: exim-4.90.1.tar.bz2
===================================================================
Binary file exim-4.90.1.tar.bz2 (revision 4) added
Index: exim-4.90.1.tar.bz2.asc
===================================================================
--- exim-4.90.1.tar.bz2.asc (added)
+++ exim-4.90.1.tar.bz2.asc (revision 4)
@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAlp8U0MACgkQr0zGdqa2
+wUKEiwf9GmNYK5sbmpi/c2TdfPqsqU1o76l3PoTt+kxSQi5t4j30dsqZdWvzvkuj
+k+/x1SsDRg44+wv19ynnYH4tSCZ3QSwTevyfXvR7bSGpSTCN0tTnaWm/AuBXNC8D
+9lukQckwdZckVNciRriVCLi9VTymV/tdnIxowQu/WfdEzFTXDeYzu3KoioG+jKAV
+MWhnyUDfhPYPYs+u8IKdFDE3Z9bO/I/EbgTHiR6PetLWusSugrp/MyJjICp8HsvI
+f/pMj+rytJo2hOnI9x/wpUiXb7XnnQnph3mic5BQU4DF+tI6dK1zTS66PyTYAoNI
+p6Po3uLY/umKYT+W6jxURPfC2TH1+A==
+=k4cD
+-----END PGP SIGNATURE-----
Index: exim-4.86.2-mariadb_102_compile_fix.patch
===================================================================
--- exim-4.86.2-mariadb_102_compile_fix.patch (revision 200)
+++ exim-4.86.2-mariadb_102_compile_fix.patch (deleted)
@@ -1,94 +0,0 @@
-Index: exim-4.86.2/src/lookups/mysql.c
-===================================================================
---- exim-4.86.2.orig/src/lookups/mysql.c
-+++ exim-4.86.2/src/lookups/mysql.c
-@@ -14,6 +14,53 @@ functions. */
-
- #include <mysql.h> /* The system header */
-
-+/* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
-+and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
-+with versions before 10.2, as they do not define there there specific symbols.
-+*/
-+
-+// Newer (>= 10.2) MariaDB
-+#if defined MARIADB_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
-+
-+// MySQL defines MYSQL_VERSION_ID, and MariaDB does so
-+// https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html
-+#elif defined LIBMYSQL_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
-+#elif defined MYSQL_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
-+
-+#else
-+#define EXIM_MYSQL_VERSION_ID 0
-+#endif
-+
-+// Newer (>= 10.2) MariaDB
-+#ifdef MARIADB_CLIENT_VERSION_STR
-+#define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
-+
-+// Mysql uses MYSQL_SERVER_VERSION
-+#elif defined LIBMYSQL_VERSION
-+#define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
-+#elif defined MYSQL_SERVER_VERSION
-+#define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
-+
-+#else
-+#define EXIM_MxSQL_VERSION_STR "N.A."
-+#endif
-+
-+#if defined MARIADB_BASE_VERSION
-+#define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
-+
-+#elif defined MARIADB_PACKAGE_VERSION
-+#define EXIM_MxSQL_BASE_STR "mariadb"
-+
-+#elif defined MYSQL_BASE_VERSION
-+#define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
-+
-+#else
-+#define EXIM_MxSQL_BASE_STR "n.A."
-+#endif
-+
-
- /* Structure and anchor for caching connections. */
-
-@@ -423,10 +470,10 @@ return quoted;
- void
- mysql_version_report(FILE *f)
- {
--fprintf(f, "Library version: MySQL: Compile: %s [%s]\n"
-- " Runtime: %s\n",
-- MYSQL_SERVER_VERSION, MYSQL_COMPILATION_COMMENT,
-- mysql_get_client_info());
-+fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
-+ " Runtime: %lu %s\n",
-+ (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
-+ mysql_get_client_version(), mysql_get_client_info());
- #ifdef DYNLOOKUP
- fprintf(f, " Exim version %s\n", EXIM_VERSION_STR);
- #endif
-Index: exim-4.86.2/src/EDITME
-===================================================================
---- exim-4.86.2.orig/src/EDITME
-+++ exim-4.86.2/src/EDITME
-@@ -253,7 +253,7 @@ TRANSPORT_SMTP=yes
- # you perform upgrades and revert them. You should consider the benefit of
- # embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
- # maintain two concurrent sets of modules.
--#
-+#
- # *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
- # the ability to modify the Exim binary, which is often setuid root! The Exim
- # developers only intend this functionality be used by OS software packagers
-@@ -301,6 +301,7 @@ LOOKUP_DNSDB=yes
- # LOOKUP_IBASE=yes
- # LOOKUP_LDAP=yes
- # LOOKUP_MYSQL=yes
-+# LOOKUP_MYSQL_PC=mariadb
- # LOOKUP_NIS=yes
- # LOOKUP_NISPLUS=yes
- # LOOKUP_ORACLE=yes
Index: exim-4.88.tar.bz2
===================================================================
Binary file exim-4.88.tar.bz2 (revision 200) deleted
Index: exim-4.88.tar.bz2.asc
===================================================================
--- exim-4.88.tar.bz2.asc (revision 200)
+++ exim-4.88.tar.bz2.asc (deleted)
@@ -1,10 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEcBAABAgAGBQJYVqBoAAoJELzljIzkHzLf5vIH/R4gcGqdEwGkFDRwQA5ImNif
-USPeSli63U2tL2YRpf8E/sMWlf2ywZl9vGkVWhvYFvMWI4gn+hNAh0jUj2BakCdI
-aEjUk0KSA0nXHzIGmNyf0lAcC1VONRq0KLxfQvlGF8RrKnBL7urg46EVFagmU8g9
-m3KVHPjv1cUIICZdJVWICUChjjm23pBvtqr1M9TgUAhWQU0FaG9dmgY2Kh4s2pnG
-0o+llbQdU1hvtk0lTMzZYmYTtS3totoyR3aKYdws/epOnE1MgVOIlnp2q5R9FMO1
-RE5bHa2Qg5UCf5wwAKSOxIDLPEVUoX6qkbP7inByuGKZ5dSvBQwUGPAt+b2Lb38=
-=jgHZ
------END PGP SIGNATURE-----
Index: exim-CVE-2017-1000369.patch
===================================================================
--- exim-CVE-2017-1000369.patch (revision 200)
+++ exim-CVE-2017-1000369.patch (deleted)
@@ -1,43 +0,0 @@
-commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
-Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
-Date: Wed May 31 23:08:56 2017 +0200
-
- Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
-
-diff --git a/src/exim.c b/src/src/exim.c
-index 67583e58..88e11977 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
-
- /* -oMr: Received protocol */
-
-- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
-+ else if (Ustrcmp(argrest, "Mr") == 0)
-+
-+ if (received_protocol)
-+ {
-+ fprintf(stderr, "received_protocol is set already\n");
-+ exit(EXIT_FAILURE);
-+ }
-+ else received_protocol = argv[++i];
-
- /* -oMs: Set sender host name */
-
-@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
-
- if (*argrest != 0)
- {
-- uschar *hn = Ustrchr(argrest, ':');
-+ uschar *hn;
-+
-+ if (received_protocol)
-+ {
-+ fprintf(stderr, "received_protocol is set already\n");
-+ exit(EXIT_FAILURE);
-+ }
-+
-+ hn = Ustrchr(argrest, ':');
- if (hn == NULL)
- {
- received_protocol = argrest;
Index: exim-CVE-2017-16943.patch
===================================================================
--- exim-CVE-2017-16943.patch (revision 200)
+++ exim-CVE-2017-16943.patch (deleted)
@@ -1,40 +0,0 @@
-From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 24 Nov 2017 20:22:33 +0000
-Subject: [PATCH] Avoid release of store if there have been later allocations.
- Bug 2199
-
----
- src/src/receive.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/src/receive.c b/src/src/receive.c
-index e7e518a..d9b5001 100644
---- a/src/receive.c
-+++ b/src/receive.c
-@@ -1810,8 +1810,8 @@ for (;;)
- (and sometimes lunatic messages can have ones that are 100s of K long) we
- call store_release() for strings that have been copied - if the string is at
- the start of a block (and therefore the only thing in it, because we aren't
-- doing any other gets), the block gets freed. We can only do this because we
-- know there are no other calls to store_get() going on. */
-+ doing any other gets), the block gets freed. We can only do this release if
-+ there were no allocations since the once that we want to free. */
-
- if (ptr >= header_size - 4)
- {
-@@ -1820,9 +1820,10 @@ for (;;)
- header_size *= 2;
- if (!store_extend(next->text, oldsize, header_size))
- {
-+ BOOL release_ok = store_last_get[store_pool] == next->text;
- uschar *newtext = store_get(header_size);
- memcpy(newtext, next->text, ptr);
-- store_release(next->text);
-+ if (release_ok) store_release(next->text);
- next->text = newtext;
- }
- }
---
-1.9.1
-
Index: exim-CVE-2017-16944.patch
===================================================================
--- exim-CVE-2017-16944.patch (revision 200)
+++ exim-CVE-2017-16944.patch (deleted)
@@ -1,41 +0,0 @@
-diff -ru a/src/receive.c b/src/receive.c
---- a/src/receive.c 2017-11-30 09:15:29.593364805 +0100
-+++ b/src/receive.c 2017-11-30 09:17:32.026970431 +0100
-@@ -1759,7 +1759,7 @@
- prevent further reading), and break out of the loop, having freed the
- empty header, and set next = NULL to indicate no data line. */
-
-- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
-+ if (ptr == 0 && ch == '.' && dot_ends)
- {
- ch = (receive_getc)();
- if (ch == '\r')
-diff -ru a/src/smtp_in.c b/src/smtp_in.c
---- a/src/smtp_in.c 2017-11-30 09:15:29.593364805 +0100
-+++ b/src/smtp_in.c 2017-11-30 09:41:47.270055566 +0100
-@@ -4751,11 +4751,17 @@
- ? CHUNKING_LAST : CHUNKING_ACTIVE;
- chunking_data_left = chunking_datasize;
-
-+ /* push the current receive_* function on the "stack", and
-+ replace them by bdat_getc(), which in turn will use the lwr_receive_*
-+ functions to do the dirty work. */
- lwr_receive_getc = receive_getc;
- lwr_receive_ungetc = receive_ungetc;
-+
- receive_getc = bdat_getc;
- receive_ungetc = bdat_ungetc;
-
-+ dot_ends = FALSE;
-+
- DEBUG(D_any)
- debug_printf("chunking state %d\n", (int)chunking_state);
- goto DATA_BDAT;
-@@ -4763,6 +4769,7 @@
-
- case DATA_CMD:
- HAD(SCH_DATA);
-+ dot_ends = TRUE;
-
- DATA_BDAT: /* Common code for DATA and BDAT */
- if (!discarded && recipients_count <= 0)
OBS-URL: https://build.opensuse.org/request/show/576288
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=201
2018-02-15 11:52:20 +00:00
|
|
|
mv $RPM_BUILD_ROOT/usr/sbin/exim-4.9* $RPM_BUILD_ROOT/usr/sbin/exim
|
2006-06-03 19:23:03 +00:00
|
|
|
mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2015-04-17 16:29:46 +00:00
|
|
|
install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service
|
2013-11-06 14:19:55 +00:00
|
|
|
%else
|
2014-12-05 12:49:45 +00:00
|
|
|
install -m 0755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/exim
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
# aka...
|
|
|
|
|
for i in \
|
|
|
|
|
/usr/lib/sendmail \
|
|
|
|
|
/usr/bin/runq \
|
|
|
|
|
/usr/bin/rsmtp \
|
|
|
|
|
/usr/bin/mailq \
|
|
|
|
|
/usr/bin/newaliases
|
|
|
|
|
do
|
|
|
|
|
ln -sf ../sbin/exim $RPM_BUILD_ROOT$i
|
|
|
|
|
done
|
|
|
|
|
ln -sf exim $RPM_BUILD_ROOT/usr/sbin/sendmail
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2015-01-12 16:44:39 +00:00
|
|
|
ln -sv service $RPM_BUILD_ROOT/usr/sbin/rcexim
|
2013-11-06 14:19:55 +00:00
|
|
|
%else
|
2006-06-03 19:23:03 +00:00
|
|
|
ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2007-03-09 10:08:02 +00:00
|
|
|
mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/
|
2017-11-24 09:59:37 +00:00
|
|
|
cp -p %{S:1} $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.exim
|
2022-06-29 14:37:00 +00:00
|
|
|
%if 0%{?suse_version} > 1500
|
|
|
|
|
install -m 0644 %{S:2} $RPM_BUILD_ROOT%{_distconfdir}/logrotate.d/exim
|
|
|
|
|
%else
|
|
|
|
|
install -m 0644 %{S:2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
|
|
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
# man pages
|
|
|
|
|
mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
|
2020-08-24 10:42:42 +00:00
|
|
|
cp $RPM_SOURCE_DIR/exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8
|
|
|
|
|
gunzip $RPM_BUILD_ROOT/%{_mandir}/man8/exim_db.8.gz
|
2006-06-03 19:23:03 +00:00
|
|
|
pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8
|
|
|
|
|
for i in \
|
|
|
|
|
sendmail \
|
|
|
|
|
runq \
|
|
|
|
|
rsmtp \
|
|
|
|
|
mailq \
|
|
|
|
|
newaliases
|
2012-03-07 16:07:13 +00:00
|
|
|
do
|
2006-06-03 19:23:03 +00:00
|
|
|
ln -sf exim.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz
|
|
|
|
|
done
|
|
|
|
|
for i in \
|
|
|
|
|
exim_dumpdb \
|
|
|
|
|
exim_fixdb \
|
2012-03-07 16:07:13 +00:00
|
|
|
exim_tidydb
|
|
|
|
|
do
|
2006-06-03 19:23:03 +00:00
|
|
|
ln -sf exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz
|
|
|
|
|
done
|
|
|
|
|
perl -pi -e 's%/usr/share/doc/exim4%/usr/share/doc/packages/exim%g' `find $RPM_BUILD_ROOT/%{_mandir}/man8 -name "*.8"`
|
|
|
|
|
gzip -9 doc/*.txt
|
2009-06-09 15:29:34 +00:00
|
|
|
#
|
|
|
|
|
# package the utilities without executable permissions, to silence rpmlint warnings
|
|
|
|
|
chmod 644 util/*.{pl,sh} src/convert4r*
|
|
|
|
|
#
|
2006-06-03 19:23:03 +00:00
|
|
|
# eximstats-html files
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT/etc/apache2/conf.d/
|
2015-04-17 16:29:46 +00:00
|
|
|
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1310
|
|
|
|
|
cp -p %{S:31} $RPM_BUILD_ROOT/etc/apache2/conf.d/
|
|
|
|
|
%else
|
|
|
|
|
cp -p %{S:32} $RPM_BUILD_ROOT/etc/apache2/conf.d/eximstats.conf
|
|
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbindir}
|
2007-05-24 09:55:38 +00:00
|
|
|
# apparmor profile
|
2016-02-03 21:09:03 +00:00
|
|
|
install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/usr/share/apparmor/extra-profiles/usr.sbin.exim
|
2010-07-27 15:57:48 +00:00
|
|
|
|
2020-05-19 12:51:17 +00:00
|
|
|
%pretrans -p <lua>
|
|
|
|
|
docdir = rpm.expand('%{_docdir}')
|
|
|
|
|
pkgname = rpm.expand('%{name}')
|
|
|
|
|
path = docdir .. '/' .. pkgname .. '/doc/cve-2019-13917'
|
2020-05-20 11:08:36 +00:00
|
|
|
st = posix.stat(path)
|
|
|
|
|
if st and st.type == "directory" then
|
|
|
|
|
status = os.rename(path, path .. ".rpmmoved")
|
|
|
|
|
if not status then
|
|
|
|
|
suffix = 0
|
|
|
|
|
while not status do
|
|
|
|
|
suffix = suffix + 1
|
|
|
|
|
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
|
2020-05-19 12:51:17 +00:00
|
|
|
end
|
2020-05-20 11:08:36 +00:00
|
|
|
os.rename(path, path .. ".rpmmoved")
|
|
|
|
|
end
|
2020-05-19 12:51:17 +00:00
|
|
|
end
|
2020-01-13 07:55:09 +00:00
|
|
|
|
2013-12-06 18:10:24 +00:00
|
|
|
%pre
|
|
|
|
|
%if 0%{?suse_version} > 1220
|
|
|
|
|
%service_add_pre exim.service
|
|
|
|
|
%endif
|
2022-09-07 06:59:43 +00:00
|
|
|
%if 0%{?suse_version} > 1500
|
|
|
|
|
# Prepare for migration to /usr/etc; save any old .rpmsave
|
|
|
|
|
for i in logrotate.d/exim ; do
|
|
|
|
|
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
|
|
|
|
done
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if 0%{?suse_version} > 1500
|
|
|
|
|
%posttrans
|
|
|
|
|
# Migration to /usr/etc, restore just created .rpmsave
|
|
|
|
|
for i in logrotate.d/exim ; do
|
|
|
|
|
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
|
|
|
|
done
|
|
|
|
|
%endif
|
2013-12-06 18:10:24 +00:00
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
%post
|
2013-01-09 19:55:32 +00:00
|
|
|
%if 0%{?suse_version} < 1131
|
2006-06-03 19:23:03 +00:00
|
|
|
%run_permissions
|
2013-01-09 19:55:32 +00:00
|
|
|
%else
|
|
|
|
|
%set_permissions /usr/sbin/exim
|
|
|
|
|
%endif
|
2012-03-07 16:07:13 +00:00
|
|
|
if ! test -s etc/exim/exim.conf; then
|
2006-06-03 19:23:03 +00:00
|
|
|
if test -s etc/exim.conf; then
|
|
|
|
|
mv etc/exim.conf etc/exim/
|
2012-03-07 16:07:13 +00:00
|
|
|
echo moving exim.conf to /etc/exim/
|
2006-06-03 19:23:03 +00:00
|
|
|
else
|
2012-03-07 16:07:13 +00:00
|
|
|
cp -p usr/share/doc/packages/%{name}/configure.default etc/exim/exim.conf
|
2006-06-03 19:23:03 +00:00
|
|
|
echo copying default config file to /etc/exim/exim.conf
|
|
|
|
|
fi
|
|
|
|
|
fi
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2013-11-06 14:19:55 +00:00
|
|
|
%{fillup_only}
|
|
|
|
|
%service_add_post exim.service
|
|
|
|
|
%else
|
2007-05-24 10:14:36 +00:00
|
|
|
%{fillup_and_insserv exim}
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
exit 0
|
2013-12-06 18:47:11 +00:00
|
|
|
%if %{?suse_version:1}%{?!suse_version:0}
|
2006-06-03 19:23:03 +00:00
|
|
|
|
|
|
|
|
%preun
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2013-11-06 14:19:55 +00:00
|
|
|
%service_del_preun exim.service
|
|
|
|
|
%else
|
2006-06-03 19:23:03 +00:00
|
|
|
%stop_on_removal exim
|
|
|
|
|
%endif
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
|
|
|
|
|
%postun
|
2013-12-06 18:47:11 +00:00
|
|
|
%if %{?suse_version:1}%{?!suse_version:0}
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2013-11-06 14:19:55 +00:00
|
|
|
%service_del_postun exim.service
|
|
|
|
|
%else
|
2006-06-03 19:23:03 +00:00
|
|
|
%restart_on_update exim
|
2014-08-12 14:24:43 +00:00
|
|
|
%insserv_cleanup
|
2006-06-03 19:23:03 +00:00
|
|
|
%endif
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2014-08-12 14:45:40 +00:00
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
%verifyscript
|
|
|
|
|
%verify_permissions -e /usr/sbin/exim
|
|
|
|
|
|
|
|
|
|
%files
|
|
|
|
|
%defattr(-,root,root)
|
2020-01-13 07:55:09 +00:00
|
|
|
%ghost %{_docdir}/%{name}/doc/cve-2019-13917.rpmmoved
|
2006-06-03 19:23:03 +00:00
|
|
|
%doc ACKNOWLEDGMENTS CHANGES LICENCE NOTICE README.UPDATING README
|
|
|
|
|
%doc doc
|
|
|
|
|
%doc src/configure.default
|
|
|
|
|
%doc build-Linux-*/convert4r{3,4}
|
|
|
|
|
%doc util
|
|
|
|
|
%doc %{_mandir}/man8/*
|
|
|
|
|
/usr/sbin/exicyclog
|
|
|
|
|
/usr/sbin/exigrep
|
|
|
|
|
/usr/sbin/exiqgrep
|
|
|
|
|
%verify(not mode) %attr(4755,root,root) /usr/sbin/exim
|
|
|
|
|
/usr/sbin/exim_*
|
|
|
|
|
/usr/sbin/eximstats
|
|
|
|
|
/usr/sbin/exinext
|
|
|
|
|
/usr/sbin/exipick
|
|
|
|
|
/usr/sbin/exiqsumm
|
|
|
|
|
/usr/sbin/exiwhat
|
|
|
|
|
%dir /etc/exim
|
2013-11-06 14:26:33 +00:00
|
|
|
%if 0%{?suse_version} > 1220
|
2013-11-06 14:19:55 +00:00
|
|
|
%{_unitdir}/exim.service
|
|
|
|
|
%else
|
2006-06-03 19:23:03 +00:00
|
|
|
%config /etc/init.d/exim
|
2013-11-06 14:19:55 +00:00
|
|
|
%endif
|
2022-06-29 14:37:00 +00:00
|
|
|
%if 0%{?suse_version} > 1500
|
|
|
|
|
%{_distconfdir}/logrotate.d/exim
|
|
|
|
|
%else
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/logrotate.d/exim
|
|
|
|
|
%endif
|
2006-06-03 19:23:03 +00:00
|
|
|
%if %{?suse_version:%suse_version}%{?!suse_version:99999} < 1000
|
|
|
|
|
%config(noreplace) /etc/permissions.d/exim
|
|
|
|
|
%endif
|
2016-02-03 21:09:03 +00:00
|
|
|
%dir /usr/share/apparmor
|
|
|
|
|
%dir /usr/share/apparmor/extra-profiles
|
|
|
|
|
%config(noreplace) /usr/share/apparmor/extra-profiles/usr.sbin.exim
|
2006-06-03 19:23:03 +00:00
|
|
|
/usr/sbin/rcexim
|
|
|
|
|
/usr/bin/mailq
|
|
|
|
|
/usr/bin/runq
|
|
|
|
|
/usr/bin/rsmtp
|
|
|
|
|
/usr/bin/newaliases
|
|
|
|
|
/usr/sbin/sendmail
|
|
|
|
|
/usr/lib/sendmail
|
2017-11-24 09:59:37 +00:00
|
|
|
%{_fillupdir}/sysconfig.exim
|
2012-03-07 16:07:13 +00:00
|
|
|
%dir %attr(750,mail,mail) /var/log/exim
|
2022-09-07 06:58:15 +00:00
|
|
|
%dir %attr(1777,root,root) /var/spool/mail
|
|
|
|
|
/var/mail
|
2006-10-02 11:37:05 +00:00
|
|
|
|
2006-06-03 19:23:03 +00:00
|
|
|
%files -n eximon
|
|
|
|
|
%defattr(-,root,root)
|
2007-03-09 10:08:02 +00:00
|
|
|
/usr/bin/eximon
|
|
|
|
|
/usr/bin/eximon.bin
|
2006-06-03 19:23:03 +00:00
|
|
|
|
|
|
|
|
%files -n eximstats-html
|
|
|
|
|
%defattr(-,root,root)
|
|
|
|
|
%attr(0750,root,www) /srv/www/eximstats
|
2015-04-17 16:29:46 +00:00
|
|
|
%dir /etc/apache2
|
|
|
|
|
%dir /etc/apache2/conf.d
|
2017-04-25 09:33:40 +00:00
|
|
|
%config /etc/apache2/conf.d/eximstats.conf
|
2006-06-03 19:23:03 +00:00
|
|
|
%{_sbindir}/eximstats-html-update.py
|
|
|
|
|
|
2007-05-24 09:55:38 +00:00
|
|
|
%changelog
|
