From a00d96c7bcc2b03a0ede985d0203e4b67cec3646e6d5bf967ea2ef9833cc82bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20M=C3=BCller?= Date: Fri, 6 Dec 2013 17:51:14 +0000 Subject: [PATCH 1/4] update to 4.82 See the package change log for all the details. OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=133 --- exim-4.80.1.tar.bz2 | 3 - exim-4.82.tar.bz2 | 3 + exim.changes | 186 ++++++++++++++++++++++++++++++++++++++++++++ exim.spec | 2 +- 4 files changed, 190 insertions(+), 4 deletions(-) delete mode 100644 exim-4.80.1.tar.bz2 create mode 100644 exim-4.82.tar.bz2 diff --git a/exim-4.80.1.tar.bz2 b/exim-4.80.1.tar.bz2 deleted file mode 100644 index 771f31c..0000000 --- a/exim-4.80.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9565b10f06be224fd03adafae2e07e6fdbb479f8873e3894ddb13f98eeebe78f -size 1650082 diff --git a/exim-4.82.tar.bz2 b/exim-4.82.tar.bz2 new file mode 100644 index 0000000..562616b --- /dev/null +++ b/exim-4.82.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:46dedfb6ced2aa4a1eddc5d8ce46a790a961508bd389faa2e215302ae80d91cf +size 1722771 diff --git a/exim.changes b/exim.changes index bc8ef3b..87e6a55 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,189 @@ +------------------------------------------------------------------- +Fri Dec 6 17:37:11 UTC 2013 - lmuelle@suse.com + +- update to 4.82 + - Add -bI: framework, and -bI:sieve for querying sieve capabilities. + - Make -n do something, by making it not do something. + When combined with -bP, the name of an option is not output. + - Added tls_dh_min_bits SMTP transport driver option, only honoured + by GnuTLS. + - First step towards DNSSEC, provide $sender_host_dnssec for + $sender_host_name and config options to manage this, and basic check + routines. + - DSCP support for outbound connections and control modifier for inbound. + - Cyrus SASL: set local and remote IP;port properties for driver. + (Only plugin which currently uses this is kerberos4, which nobody should + be using, but we should make it available and other future plugins might + conceivably use it, even though it would break NAT; stuff *should* be + using channel bindings instead). + - Handle "exim -L " to indicate to use syslog with tag as the process + name; added for Sendmail compatibility; requires admin caller. + Handle -G as equivalent to "control = suppress_local_fixups" (we used to + just ignore it); requires trusted caller. + Also parse but ignore: -Ac -Am -X + Bugzilla 1117. + - Bugzilla 1258 - Refactor MAIL FROM optional args processing. + - Add +smtp_confirmation as a default logging option. + - Bugzilla 198 - Implement remove_header ACL modifier. + - Bugzilla 1197, 1281, 1283 - Spec typo. + - Bugzilla 1290 - Spec grammar fixes. + - Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation. + - Add Experimental DMARC support using libopendmarc libraries. + - Fix an out of order global option causing a segfault. Reported to dev + mailing list by by Dmitry Isaikin. + - Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support. + - Support "G" suffix to numbers in ${if comparisons. + - Handle smtp transport tls_sni option forced-fail for OpenSSL. + - Bugzilla 1196 - Spec examples corrections + - Add expansion operators ${listnamed:name} and ${listcount:string} + - Add gnutls_allow_auto_pkcs11 option (was originally called + gnutls_enable_pkcs11, but renamed to more accurately indicate its + function. + - Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. + Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. + - Add expansion item ${acl {name}{arg}...}, expansion condition + "acl {{name}{arg}...}", and optional args on acl condition + "acl = name arg..." + - Permit multiple router/transport headers_add/remove lines. + - Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination. + - Avoid using a waiting database for a single-message-only transport. + Performance patch from Paul Fisher. Bugzilla 1262. + - Strip leading/trailing newlines from add_header ACL modifier data. + Bugzilla 884. + - Add $headers_added variable, with content from use of ACL modifier + add_header (but not yet added to the message). Bugzilla 199. + - Add 8bitmime log_selector, for 8bitmime status on the received line. + Pulled from Bugzilla 817 by Wolfgang Breyha. + - SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + (nb: this is the same fix as in Exim 4.80.1) + - Add A= logging on delivery lines, and a client_set_id option on + authenticators. + - Add optional authenticated_sender logging to A= and a log_selector + for control. + - Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. + - Dovecot auth: log better reason to rejectlog if Dovecot did not + advertise SMTP AUTH mechanism to us, instead of a generic + protocol violation error. Also, make Exim more robust to bad + data from the Dovecot auth socket. + - Fix ultimate retry timeouts for intermittently deliverable recipients. + - When a queue runner is handling a message, Exim first routes the + recipient addresses, during which it prunes them based on the retry + hints database. After that it attempts to deliver the message to + any remaining recipients. It then updates the hints database using + the retry rules. + - So if a recipient address works intermittently, it can get repeatedly + deferred at routing time. The retry hints record remains fresh so the + address never reaches the final cutoff time. + - This is a fairly common occurrence when a user is bumping up against + their storage quota. Exim had some logic in its local delivery code + to deal with this. However it did not apply to per-recipient defers + in remote deliveries, e.g. over LMTP to a separate IMAP message store. + - This change adds a proper retry rule check during routing so that the + final cutoff time is checked against the message's age. We only do + this check if there is an address retry record and there is not a + domain retry record; this implies that previous attempts to handle + the address had the retry_use_local_parts option turned on. We use + this as an approximation for the destination being like a local + delivery, as in LMTP. + - I suspect this new check makes the old local delivery cutoff check + redundant, but I have not verified this so I left the code in place. + - Correct gecos expansion when From: is a prefix of the username. + - Test 0254 submits a message to Exim with the header + Resent-From: f + - When I ran the test suite under the user fanf2, Exim expanded + the header to contain my full name, whereas it should have added + a Resent-Sender: header. It erroneously treats any prefix of the + username as equal to the username. + This change corrects that bug. + - DCC debug and logging tidyup + Error conditions log to paniclog rather than rejectlog. + Debug lines prefixed by "DCC: " to remove any ambiguity. + - Avoid unnecessary rebuilds of lookup-related code. + - Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. + Bug spotted by Jeremy Harris; was flawed since initial commit. + Would have resulted in OCSP responses post-SNI triggering an Exim + NULL dereference and crash. + - Add $router_name and $transport_name variables. Bugzilla 308. + - Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd. + Bug detection, analysis and fix by Samuel Thibault. + Bugzilla 1331, Debian bug #698092. + - Update eximstats to watch out for senders sending 'HELO [IpAddr]' + - SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). + Server implementation by Todd Lyons, client by JH. + Only enabled when compiled with EXPERIMENTAL_PRDR. A new + config variable "prdr_enable" controls whether the server + advertises the facility. If the client requests PRDR a new + acl_data_smtp_prdr ACL is called once for each recipient, after + the body content is received and before the acl_smtp_data ACL. + The client is controlled by bolth of: a hosts_try_prdr option + on the smtp transport, and the server advertisement. + Default client logging of deliveries and rejections involving + PRDR are flagged with the string "PRDR". + - Fix problems caused by timeouts during quit ACLs trying to double + fclose(). Diagnosis by Todd Lyons. + Update configure.default to handle IPv6 localhost better. + Patch by Alain Williams (plus minor tweaks). + Bugzilla 880. + - OpenSSL made graceful with empty tls_verify_certificates setting. + This is now consistent with GnuTLS, and is now documented: the + previous undocumented portable approach to treating the option as + unset was to force an expansion failure. That still works, and + an empty string is now equivalent. + - Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it + clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag, + not performing validation itself. + - Added force_command boolean option to pipe transport. + Patch from Nick Koston, of cPanel Inc. + - AUTH support on callouts (and hence cutthrough-deliveries). + Bugzilla 321, 823. + - Added udpsend ACL modifer and hexquote expansion operator + - Fix eximon continuous updating with timestamped log-files. + Broken in a format-string cleanup in 4.80, missed when I repaired the + other false fix of the same issue. + Report and fix from Heiko Schlichting. + Bugzilla 1363. + - Guard LDAP TLS usage against Solaris LDAP variant. + Report from Prashanth Katuri. + - Support safari_ecdhe_ecdsa_bug for openssl_options. + It's SecureTransport, so affects any MacOS clients which use the + system-integrated TLS libraries, including email clients. + - Fix segfault from trying to fprintf() to a NULL stdio FILE* if + using a MIME ACL for non-SMTP local injection. + Report and assistance in diagnosis by Warren Baker. + - Adjust exiqgrep to be case-insensitive for sender/receiver. + - Fix comparisons for 64b. Bugzilla 1385. + - Add expansion variable $authenticated_fail_id to keep track of + last id that failed so it may be referenced in subsequent ACL's. + - Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by + Alexander Miroch. + - Bugzilla 1382 - Option ldap_require_cert overrides start_tls + ldap library initialization, allowing self-signed CA's to be + used. Also properly sets require_cert option later in code by + using NULL (global ldap config) instead of ldap handle (per + session). Bug diagnosis and testing by alxgomz. + - Enhanced documentation in the ratelimit.pl script provided in + the src/util/ subdirectory. + - Bug 1301 - Imported transport SQL logging patch from Axel Rau + renamed to Transport Post Delivery Action by Jeremy Harris, as + EXPERIMENTAL_TPDA. + - Bugzilla 1217 - Redis lookup support has been added. It is only enabled + when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable + redis_servers = needs to be configured which will be used by the redis + lookup. Patch from Warren Baker, of The Packet Hub. + - Fix exiqsumm summary for corner case. Patch provided by Richard Hall. + - Bugzilla 1289 - Clarify host/ip processing when have errors looking up a + hostname or reverse DNS when processing a host list. Used suggestions + from multiple comments on this bug. + - Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. + - Had previously added a -CONTINUE option to runtest in the test suite. + Missed a few lines, added it to make the runtest require no keyboard + interaction. + - Bugzilla 1402 - Test 533 fails if any part of the path to the test suite + contains upper case chars. Make router use caseful_local_part. + - Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS + support when GnuTLS has been built with p11-kit. + ------------------------------------------------------------------- Sun Oct 27 17:35:43 UTC 2013 - p.drouand@gmail.com diff --git a/exim.spec b/exim.spec index ac237c4..d723d90 100644 --- a/exim.spec +++ b/exim.spec @@ -48,7 +48,7 @@ Requires(pre): %fillup_prereq Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version: 4.80.1 +Version: 4.82 Release: 0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel From 04212f027811e9f96213c301a840cf0b50d34d8189890f60a5ffd17a89de450e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20M=C3=BCller?= Date: Fri, 6 Dec 2013 18:10:24 +0000 Subject: [PATCH 2/4] Call service_add_pre from pre scriptlet on post-12.2 systems. OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=134 --- exim.changes | 5 +++++ exim.spec | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/exim.changes b/exim.changes index 87e6a55..20bebf7 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Dec 6 17:52:27 UTC 2013 - lars@smaba.org + +- Call service_add_pre from pre scriptlet on post-12.2 systems. + ------------------------------------------------------------------- Fri Dec 6 17:37:11 UTC 2013 - lmuelle@suse.com diff --git a/exim.spec b/exim.spec index d723d90..a522372 100644 --- a/exim.spec +++ b/exim.spec @@ -331,6 +331,11 @@ install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbin # apparmor profile install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim +%pre +%if 0%{?suse_version} > 1220 +%service_add_pre exim.service +%endif + %post %if 0%{?suse_version} < 1131 %run_permissions From 9bbc6546a2ba9342ec0884dfa9034322b0e9e2795b0dd637b47dcf956f1bffc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20M=C3=BCller?= Date: Fri, 6 Dec 2013 18:47:11 +0000 Subject: [PATCH 3/4] - BuildRequire libopenssl-devel only on SUSE systems. - Fix suse_version condition of the pre- and postun and scriptlet. OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=135 --- exim.changes | 6 ++++++ exim.spec | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/exim.changes b/exim.changes index 20bebf7..bdf36f8 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Dec 6 18:44:42 UTC 2013 - lars@smaba.org + +- BuildRequire libopenssl-devel only on SUSE systems. +- Fix suse_version condition of the pre- and postun and scriptlet. + ------------------------------------------------------------------- Fri Dec 6 17:52:27 UTC 2013 - lars@smaba.org diff --git a/exim.spec b/exim.spec index a522372..de87ccc 100644 --- a/exim.spec +++ b/exim.spec @@ -19,10 +19,10 @@ Name: exim BuildRequires: cyrus-sasl-devel BuildRequires: db-devel -BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pcre-devel %if %{?suse_version:1}%{?!suse_version:0} +BuildRequires: libopenssl-devel BuildRequires: tcpd-devel BuildRequires: xorg-x11-devel %else @@ -362,7 +362,7 @@ done %{fillup_and_insserv exim} %endif exit 0 -%if %{?suse_version:%suse_version} +%if %{?suse_version:1}%{?!suse_version:0} %preun %if 0%{?suse_version} > 1220 @@ -373,7 +373,7 @@ exit 0 %endif %postun -%if %{?suse_version:%suse_version} +%if %{?suse_version:1}%{?!suse_version:0} %if 0%{?suse_version} > 1220 %service_del_postun exim.service %else From b4c21cb41a0128bdac7554bd23a8f995d6ac749dbfd7a046d8c224e78f87997b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20M=C3=BCller?= Date: Fri, 6 Dec 2013 21:38:28 +0000 Subject: [PATCH 4/4] Fix spelling of the last change log. OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=136 --- exim.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exim.changes b/exim.changes index bdf36f8..b83f193 100644 --- a/exim.changes +++ b/exim.changes @@ -2,7 +2,7 @@ Fri Dec 6 18:44:42 UTC 2013 - lars@smaba.org - BuildRequire libopenssl-devel only on SUSE systems. -- Fix suse_version condition of the pre- and postun and scriptlet. +- Fix suse_version condition of the pre- and postun scriptlets. ------------------------------------------------------------------- Fri Dec 6 17:52:27 UTC 2013 - lars@smaba.org