Accepting request 209689 from server:mail

- BuildRequire libopenssl-devel only on SUSE systems. - Fix suse_version condition of the pre- and postun scriptlets. - Call service_add_pre from pre scriptlet on post-12.2 systems. - update to 4.82 (cf the package change log for all details) OBS-URL: https://build.opensuse.org/request/show/209689 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=26
2013-12-08 18:26:29 +00:00 · 2013-12-08 18:26:29 +00:00 · 035f5303bc
commit 035f5303bc
parent 40b5ffc990 b4c21cb41a
4 changed files with 209 additions and 7 deletions
--- a/exim-4.80.1.tar.bz2
+++ b/exim-4.80.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9565b10f06be224fd03adafae2e07e6fdbb479f8873e3894ddb13f98eeebe78f
-size 1650082
--- a/exim-4.82.tar.bz2
+++ b/exim-4.82.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:46dedfb6ced2aa4a1eddc5d8ce46a790a961508bd389faa2e215302ae80d91cf
+size 1722771
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,200 @@
+-------------------------------------------------------------------
+Fri Dec  6 18:44:42 UTC 2013 - lars@smaba.org
+
+- BuildRequire libopenssl-devel only on SUSE systems.
+- Fix suse_version condition of the pre- and postun scriptlets.
+
+-------------------------------------------------------------------
+Fri Dec  6 17:52:27 UTC 2013 - lars@smaba.org
+
+- Call service_add_pre from pre scriptlet on post-12.2 systems.
+
+-------------------------------------------------------------------
+Fri Dec  6 17:37:11 UTC 2013 - lmuelle@suse.com
+
+- update to 4.82
+  - Add -bI: framework, and -bI:sieve for querying sieve capabilities.
+  - Make -n do something, by making it not do something.
+    When combined with -bP, the name of an option is not output.
+  - Added tls_dh_min_bits SMTP transport driver option, only honoured
+    by GnuTLS.
+  - First step towards DNSSEC, provide $sender_host_dnssec for
+    $sender_host_name and config options to manage this, and basic check
+    routines.
+  - DSCP support for outbound connections and control modifier for inbound.
+  - Cyrus SASL: set local and remote IP;port properties for driver.
+    (Only plugin which currently uses this is kerberos4, which nobody should
+    be using, but we should make it available and other future plugins might
+    conceivably use it, even though it would break NAT; stuff *should* be
+    using channel bindings instead).
+  - Handle "exim -L <tag>" to indicate to use syslog with tag as the process
+    name; added for Sendmail compatibility; requires admin caller.
+    Handle -G as equivalent to "control = suppress_local_fixups" (we used to
+    just ignore it); requires trusted caller.
+    Also parse but ignore: -Ac -Am -X<logfile>
+    Bugzilla 1117.
+  - Bugzilla 1258 - Refactor MAIL FROM optional args processing.
+  - Add +smtp_confirmation as a default logging option.
+  - Bugzilla 198 - Implement remove_header ACL modifier.
+  - Bugzilla 1197, 1281, 1283 - Spec typo.
+  - Bugzilla 1290 - Spec grammar fixes.
+  - Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
+  - Add Experimental DMARC support using libopendmarc libraries.
+  - Fix an out of order global option causing a segfault.  Reported to dev
+    mailing list by by Dmitry Isaikin.
+  - Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
+  - Support "G" suffix to numbers in ${if comparisons.
+  - Handle smtp transport tls_sni option forced-fail for OpenSSL.
+  - Bugzilla 1196 - Spec examples corrections
+  - Add expansion operators ${listnamed:name} and ${listcount:string}
+  - Add gnutls_allow_auto_pkcs11 option (was originally called
+    gnutls_enable_pkcs11, but renamed to more accurately indicate its
+    function.
+  - Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
+    Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
+  - Add expansion item ${acl {name}{arg}...}, expansion condition
+    "acl {{name}{arg}...}", and optional args on acl condition
+    "acl = name arg..."
+  - Permit multiple router/transport headers_add/remove lines.
+  - Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination.
+  - Avoid using a waiting database for a single-message-only transport.
+    Performance patch from Paul Fisher.  Bugzilla 1262.
+  - Strip leading/trailing newlines from add_header ACL modifier data.
+    Bugzilla 884.
+  - Add $headers_added variable, with content from use of ACL modifier
+    add_header (but not yet added to the message).  Bugzilla 199.
+  - Add 8bitmime log_selector, for 8bitmime status on the received line.
+    Pulled from Bugzilla 817 by Wolfgang Breyha.
+  - SECURITY: protect DKIM DNS decoding from remote exploit.
+    CVE-2012-5671
+    (nb: this is the same fix as in Exim 4.80.1)
+  - Add A= logging on delivery lines, and a client_set_id option on
+    authenticators.
+  - Add optional authenticated_sender logging to A= and a log_selector
+    for control.
+  - Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29.
+  - Dovecot auth: log better reason to rejectlog if Dovecot did not
+    advertise SMTP AUTH mechanism to us, instead of a generic
+    protocol violation error.  Also, make Exim more robust to bad
+    data from the Dovecot auth socket.
+  - Fix ultimate retry timeouts for intermittently deliverable recipients.
+  - When a queue runner is handling a message, Exim first routes the
+    recipient addresses, during which it prunes them based on the retry
+    hints database. After that it attempts to deliver the message to
+    any remaining recipients. It then updates the hints database using
+    the retry rules.
+  - So if a recipient address works intermittently, it can get repeatedly
+    deferred at routing time. The retry hints record remains fresh so the
+    address never reaches the final cutoff time.
+  - This is a fairly common occurrence when a user is bumping up against
+    their storage quota. Exim had some logic in its local delivery code
+    to deal with this. However it did not apply to per-recipient defers
+    in remote deliveries, e.g. over LMTP to a separate IMAP message store.
+  - This change adds a proper retry rule check during routing so that the
+    final cutoff time is checked against the message's age. We only do
+    this check if there is an address retry record and there is not a
+    domain retry record; this implies that previous attempts to handle
+    the address had the retry_use_local_parts option turned on. We use
+    this as an approximation for the destination being like a local
+    delivery, as in LMTP.
+  - I suspect this new check makes the old local delivery cutoff check
+    redundant, but I have not verified this so I left the code in place.
+  - Correct gecos expansion when From: is a prefix of the username.
+  - Test 0254 submits a message to Exim with the header
+  	 Resent-From: f
+  - When I ran the test suite under the user fanf2, Exim expanded
+    the header to contain my full name, whereas it should have added
+    a Resent-Sender: header. It erroneously treats any prefix of the
+    username as equal to the username.
+    This change corrects that bug.
+  - DCC debug and logging tidyup
+    Error conditions log to paniclog rather than rejectlog.
+    Debug lines prefixed by "DCC: " to remove any ambiguity.
+  - Avoid unnecessary rebuilds of lookup-related code.
+  - Fix OCSP reinitialisation in SNI handling for Exim/TLS as server.
+    Bug spotted by Jeremy Harris; was flawed since initial commit.
+    Would have resulted in OCSP responses post-SNI triggering an Exim
+    NULL dereference and crash.
+  - Add $router_name and $transport_name variables.  Bugzilla 308.
+  - Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd.
+    Bug detection, analysis and fix by Samuel Thibault.
+    Bugzilla 1331, Debian bug #698092.
+  - Update eximstats to watch out for senders sending 'HELO [IpAddr]'
+  - SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt).
+    Server implementation by Todd Lyons, client by JH.
+    Only enabled when compiled with EXPERIMENTAL_PRDR.  A new
+    config variable "prdr_enable" controls whether the server
+    advertises the facility.  If the client requests PRDR a new
+    acl_data_smtp_prdr ACL is called once for each recipient, after
+    the body content is received and before the acl_smtp_data ACL.
+    The client is controlled by bolth of: a hosts_try_prdr option
+    on the smtp transport, and the server advertisement.
+    Default client logging of deliveries and rejections involving
+    PRDR are flagged with the string "PRDR".
+  - Fix problems caused by timeouts during quit ACLs trying to double
+    fclose().  Diagnosis by Todd Lyons.
+    Update configure.default to handle IPv6 localhost better.
+    Patch by Alain Williams (plus minor tweaks).
+    Bugzilla 880.
+  - OpenSSL made graceful with empty tls_verify_certificates setting.
+    This is now consistent with GnuTLS, and is now documented: the
+    previous undocumented portable approach to treating the option as
+    unset was to force an expansion failure.  That still works, and
+    an empty string is now equivalent.
+  - Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+    clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+    not performing validation itself.
+  - Added force_command boolean option to pipe transport.
+    Patch from Nick Koston, of cPanel Inc.
+  - AUTH support on callouts (and hence cutthrough-deliveries).
+    Bugzilla 321, 823.
+  - Added udpsend ACL modifer and hexquote expansion operator
+  - Fix eximon continuous updating with timestamped log-files.
+    Broken in a format-string cleanup in 4.80, missed when I repaired the
+    other false fix of the same issue.
+    Report and fix from Heiko Schlichting.
+    Bugzilla 1363.
+  - Guard LDAP TLS usage against Solaris LDAP variant.
+    Report from Prashanth Katuri.
+  - Support safari_ecdhe_ecdsa_bug for openssl_options.
+    It's SecureTransport, so affects any MacOS clients which use the
+    system-integrated TLS libraries, including email clients.
+  - Fix segfault from trying to fprintf() to a NULL stdio FILE* if
+    using a MIME ACL for non-SMTP local injection.
+    Report and assistance in diagnosis by Warren Baker.
+  - Adjust exiqgrep to be case-insensitive for sender/receiver.
+  - Fix comparisons for 64b.  Bugzilla 1385.
+  - Add expansion variable $authenticated_fail_id to keep track of
+    last id that failed so it may be referenced in subsequent ACL's.
+  - Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
+    Alexander Miroch.
+  - Bugzilla 1382 - Option ldap_require_cert overrides start_tls
+    ldap library initialization, allowing self-signed CA's to be
+    used. Also properly sets require_cert option later in code by
+    using NULL (global ldap config) instead of ldap handle (per
+    session). Bug diagnosis and testing by alxgomz.
+  - Enhanced documentation in the ratelimit.pl script provided in
+    the src/util/ subdirectory.
+  - Bug 1301 - Imported transport SQL logging patch from Axel Rau
+    renamed to Transport Post Delivery Action by Jeremy Harris, as
+    EXPERIMENTAL_TPDA.
+  - Bugzilla 1217 - Redis lookup support has been added. It is only enabled
+    when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
+    redis_servers = needs to be configured which will be used by the redis
+    lookup.  Patch from Warren Baker, of The Packet Hub.
+  - Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
+  - Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
+    hostname or reverse DNS when processing a host list. Used suggestions
+    from multiple comments on this bug.
+  - Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
+  - Had previously added a -CONTINUE option to runtest in the test suite.
+    Missed a few lines, added it to make the runtest require no keyboard
+    interaction.
+  - Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
+    contains upper case chars. Make router use caseful_local_part.
+  - Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
+    support when GnuTLS has been built with p11-kit.
+
 -------------------------------------------------------------------
 Sun Oct 27 17:35:43 UTC 2013 - p.drouand@gmail.com

--- a/exim.spec
+++ b/exim.spec
@ -19,10 +19,10 @@
 Name:           exim
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  db-devel
-BuildRequires:  libopenssl-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pcre-devel
 %if %{?suse_version:1}%{?!suse_version:0}
+BuildRequires:  libopenssl-devel
 BuildRequires:  tcpd-devel
 BuildRequires:  xorg-x11-devel
 %else
@ -48,7 +48,7 @@ Requires(pre):  %fillup_prereq
 Requires(pre):  /usr/sbin/useradd
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.80.1
+Version:        4.82
 Release:        0
 %if %{?build_with_mysql:1}0
 BuildRequires:  mysql-devel
@ -331,6 +331,11 @@ install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbin
 # apparmor profile
 install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim

+%pre
+%if 0%{?suse_version} > 1220
+%service_add_pre exim.service
+%endif
+
 %post
 %if 0%{?suse_version} < 1131
 %run_permissions
@ -357,7 +362,7 @@ done
 %{fillup_and_insserv exim}
 %endif
 exit 0
-%if %{?suse_version:%suse_version}
+%if %{?suse_version:1}%{?!suse_version:0}

 %preun
 %if 0%{?suse_version} > 1220
@ -368,7 +373,7 @@ exit 0
 %endif

 %postun
-%if %{?suse_version:%suse_version}
+%if %{?suse_version:1}%{?!suse_version:0}
 %if 0%{?suse_version} > 1220
 %service_del_postun exim.service
 %else