From f60227c0596380452cd0dc49b775ee7d51b276e5eda8628a990a769f95c75065 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Mon, 27 Jun 2022 09:57:54 +0000 Subject: [PATCH 1/2] Accepting request 985275 from home:pwcau:branches:server:mail - update to exim 4.96 * Move from using the pcre library to pcre2. * Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. * Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. * Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. * Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. * Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. * Convert all uses of select() to poll(). * Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. * Bug 2838: Fix for i32lp64 hard-align platforms * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. * Debugging initiated by an ACL control now continues through into routing and transport processes. * The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. * Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. * Support for Berkeley DB versions 1 and 2 is withdrawn. * When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. * Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. * Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. * The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. * Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. * Fix CHUNKING on a continued-transport. Previously the usabilility of the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. * Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. * OpenSSL: fix transport-required OCSP stapling verification under session resumption. * TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. * Fix string_copyn() for limit greater than actual string length. * Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. * Fix CHUNKING for a second message on a connection when the first was rejected. * Fix ${srs_encode ...} to handle an empty sender address, now returning an empty address. * Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. OBS-URL: https://build.opensuse.org/request/show/985275 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=260 --- exim-4.95.tar.bz2 | 3 -- exim-4.95.tar.bz2.asc | 11 ------- exim-4.96.tar.bz2 | 3 ++ exim-4.96.tar.bz2.asc | 11 +++++++ exim.changes | 70 +++++++++++++++++++++++++++++++++++++++++++ exim.spec | 4 +-- 6 files changed, 86 insertions(+), 16 deletions(-) delete mode 100644 exim-4.95.tar.bz2 delete mode 100644 exim-4.95.tar.bz2.asc create mode 100644 exim-4.96.tar.bz2 create mode 100644 exim-4.96.tar.bz2.asc diff --git a/exim-4.95.tar.bz2 b/exim-4.95.tar.bz2 deleted file mode 100644 index 5edb514..0000000 --- a/exim-4.95.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7f4716cc1b3fee66930d83b249f1c7b119fa1957f6f46e3f4372805cbc97ea63 -size 2035738 diff --git a/exim-4.95.tar.bz2.asc b/exim-4.95.tar.bz2.asc deleted file mode 100644 index 476f3fc..0000000 --- a/exim-4.95.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmFS1G4ACgkQr0zGdqa2 -wUKHcAgApLHqXMO+Z3em3BGQqqRz2Slo/gPAuy3iC3mwnP4v3QOxt9lPfFyyMstn -0HDFhhELYrWsHQ+W6J0HDYkfh4sj6H6YE8kb+ZxCrY8/H0Iw+6156To4SNCPQ1hN -vbkFBMI41q02LklcbB9ICYW3UpynG0lLaTDg2x0LcTRqU4NUhGSEXyK3mWR5Mju4 -iH1g3chBnjC3ydPQewPxxmp3Jv0a6RL/G1JYRZGsvdsU0HtxX2/3VRVQKBLeKCRg -SHllvJHl5E1nk737ccZxPC3TcAYQVplLvaF8SIEyhnVZMGW9UgmzUPyuMzf5LYVH -zgB53WIuIP5vjPKoYFPLnpoJu3lTyg== -=PAKu ------END PGP SIGNATURE----- diff --git a/exim-4.96.tar.bz2 b/exim-4.96.tar.bz2 new file mode 100644 index 0000000..0581e0c --- /dev/null +++ b/exim-4.96.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91 +size 2047632 diff --git a/exim-4.96.tar.bz2.asc b/exim-4.96.tar.bz2.asc new file mode 100644 index 0000000..80d7b60 --- /dev/null +++ b/exim-4.96.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmK3D24QHGpnaEB3aXpt +YWlsLm9yZwAKCRC85YyM5B8y3/p6B/4kKhljnbyvsjc/4HTLpPgRXAdSxQTibZKI +cRSnO5HXyLGqFCj+7WYFfHPWuSmmPhahfQ7mMuNUxcvJkQ32yTDYH4zjam9HpspU +k6rdGNR3SurJ/3pxG4Adcyg3uZ2MSK0fbCmNd6N1MVa0riXxb0PT2pvniaRFKzrD +H3UQ8Yy//R9CGzoUKKs6g063gTc4L+1y+hZJYKodZ7TvKODVp9X024Qvp0gKaF0K +dnDdRNxqqNgUClig13Q4f/KNuGeeChP67AuG/kX+0qZBaduYgmCPoYJQ87jIMLgz +ps6DUyiVVWLVz4N+mSZX6TPbeZ8OqHH6B1crbbhqpdurg4VcBT7A +=HSmJ +-----END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index 24cfda9..22014ad 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,73 @@ +Mon Jun 27 08:33:59 UTC 2022 - Peter Wullinger + +- update to exim 4.96 + * Move from using the pcre library to pcre2. + * Constification work in the filters module required a major version + bump for the local-scan API. Specifically, the "headers_charset" + global which is visible via the API is now const and may therefore + not be modified by local-scan code. + * Bug 2819: speed up command-line messages being read in. Previously a + time check was being done for every character; replace that with one + per buffer. + * Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string + sent was prefixed with a length byte. + * Change the SMTP feature name for pipelining connect to be compliant with + RFC 5321. Previously Dovecot (at least) would log errors during + submission. + * Fix macro-definition during "-be" expansion testing. The move to + write-protected store for macros had not accounted for these runtime + additions; fix by removing this protection for "-be" mode. + * Convert all uses of select() to poll(). + * Fix use of $sender_host_name in daemon process. When used in certain + main-section options or in a connect ACL, the value from the first ever + connection was never replaced for subsequent connections. + * Bug 2838: Fix for i32lp64 hard-align platforms + * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value + with underbars is given. + * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. + * Debugging initiated by an ACL control now continues through into routing + and transport processes. + * The "expand" debug selector now gives more detail, specifically on the + result of expansion operators and items. + * Bug 2751: Fix include_directory in redirect routers. Previously a + bad comparison between the option value and the name of the file to + be included was done, and a mismatch was wrongly identified. + * Support for Berkeley DB versions 1 and 2 is withdrawn. + * When built with NDBM for hints DB's check for nonexistence of a name + supplied as the db file-pair basename. + * Remove the "allow_insecure_tainted_data" main config option and the + "taint" log_selector. + * Fix static address-list lookups to properly return the matched item. + Previously only the domain part was returned. + * The ${run} expansion item now expands its command string elements after + splitting. Previously it was before; the new ordering makes handling + zero-length arguments simpler. + * Taint-check exec arguments for transport-initiated external processes. + Previously, tainted values could be used. This affects "pipe", "lmtp" and + "queryprogram" transport, transport-filter, and ETRN commands. + The ${run} expansion is also affected: in "preexpand" mode no part of + the command line may be tainted, in default mode the executable name + may not be tainted. + * Fix CHUNKING on a continued-transport. Previously the usabilility of + the facility was not passed across execs, and only the first message + passed over a connection could use BDAT; any further ones using DATA. + * Support the PIPECONNECT facility in the smtp transport when the helo_data + uses $sending_ip_address and an interface is specified. + * OpenSSL: fix transport-required OCSP stapling verification under session + resumption. + * TLS resumption: the key for session lookup in the client now includes + more info that a server could potentially use in configuring a TLS + session, avoiding oferring mismatching sessions to such a server. + * Fix string_copyn() for limit greater than actual string length. + * Bug 2886: GnuTLS: Do not free the cached creds on transport connection + close; it may be needed for a subsequent connection. + * Fix CHUNKING for a second message on a connection when the first was + rejected. + * Fix ${srs_encode ...} to handle an empty sender address, now returning + an empty address. + * Bug 2855: Handle a v4mapped sender address given us by a frontending + proxy. + Wed Jan 19 11:41:15 UTC 2022 - Peter Wullinger - disable ProtectHome=, it prevents local delivery (bsc#1194810) diff --git a/exim.spec b/exim.spec index b968c33..72c648a 100644 --- a/exim.spec +++ b/exim.spec @@ -45,7 +45,7 @@ BuildRequires: pam-devel %if %{with_ldap} BuildRequires: openldap2-devel %endif -BuildRequires: pcre-devel +BuildRequires: pcre2-devel BuildRequires: tcpd-devel BuildRequires: pkgconfig(libcrypto) BuildRequires: pkgconfig(libssl) @@ -74,7 +74,7 @@ Requires(pre): group(mail) %endif Requires(pre): fileutils textutils %endif -Version: 4.95 +Version: 4.96 Release: 1 %if %{with_mysql} BuildRequires: mysql-devel From bdb9594915319ab389c94dfb49a4ea3a7bef1387f9e57dd4c454fc704dc5f455 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Wed, 29 Jun 2022 14:37:00 +0000 Subject: [PATCH 2/2] Accepting request 985853 from home:schubi2 - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. OBS-URL: https://build.opensuse.org/request/show/985853 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=261 --- exim.changes | 6 ++++++ exim.spec | 22 +++++++++++++++++----- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/exim.changes b/exim.changes index 22014ad..8594063 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 29 14:20:50 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + Mon Jun 27 08:33:59 UTC 2022 - Peter Wullinger - update to exim 4.96 diff --git a/exim.spec b/exim.spec index 72c648a..7b0e10a 100644 --- a/exim.spec +++ b/exim.spec @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -75,7 +75,7 @@ Requires(pre): group(mail) Requires(pre): fileutils textutils %endif Version: 4.96 -Release: 1 +Release: 0 %if %{with_mysql} BuildRequires: mysql-devel %endif @@ -307,7 +307,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_unitdir} %else mkdir -p $RPM_BUILD_ROOT/etc/init.d %endif -mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d +%if 0%{?suse_version} > 1500 +mkdir -p $RPM_BUILD_ROOT%{_distconfdir}/logrotate.d +%else +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +%endif mkdir -p $RPM_BUILD_ROOT/usr/{bin,sbin,lib} mkdir -p $RPM_BUILD_ROOT/var/log/exim mkdir -p $RPM_BUILD_ROOT/var/spool/mail/ @@ -344,7 +348,11 @@ ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim %endif mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/ cp -p %{S:1} $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.exim -install -m 0644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim +%if 0%{?suse_version} > 1500 +install -m 0644 %{S:2} $RPM_BUILD_ROOT%{_distconfdir}/logrotate.d/exim +%else +install -m 0644 %{S:2} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim +%endif # man pages mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/ cp $RPM_SOURCE_DIR/exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8 @@ -476,7 +484,11 @@ exit 0 %else %config /etc/init.d/exim %endif -%config(noreplace) /etc/logrotate.d/exim +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/exim +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/exim +%endif %if %{?suse_version:%suse_version}%{?!suse_version:99999} < 1000 %config(noreplace) /etc/permissions.d/exim %endif