diff --git a/exim-4.77.tar.bz2 b/exim-4.77.tar.bz2 deleted file mode 100644 index 9494c8e..0000000 --- a/exim-4.77.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0ccc13cf2f052b1163fcdf71c55a3578765050848ba413a6473d3ab5d20b1475 -size 1576148 diff --git a/exim-4.80.tar.bz2 b/exim-4.80.tar.bz2 new file mode 100644 index 0000000..3c252a6 --- /dev/null +++ b/exim-4.80.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:787b6defd37fa75311737bcfc42e9e2b2cc62c5d027eed35bb7d800b2d9a0984 +size 1649827 diff --git a/exim-4.12-tail.patch b/exim-tail.patch similarity index 100% rename from exim-4.12-tail.patch rename to exim-tail.patch diff --git a/exim.changes b/exim.changes index 2aaae29..08e7332 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,100 @@ +------------------------------------------------------------------- +Sun Aug 19 13:36:59 UTC 2012 - lars@samba.org + +- update to 4.80 + - Bugzilla 949 - Documentation tweak. + - Bugzilla 1093 - eximstats DATA reject detection regexps improved. + - Bugzilla 1169 - primary_hostname spelling was incorrect in docs. + - Implemented gsasl authenticator. + - Implemented heimdal_gssapi authenticator with "server_keytab" option. + - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use + `pkg-config foo` for cflags/libs. + - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent + with rest of GSASL and with heimdal_gssapi. + - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use + `pkg-config foo` for cflags/libs for the TLS implementation. + - New expansion variable $tls_bits; Cyrus SASL server connection + properties get this fed in as external SSF. A number of robustness + and debugging improvements to the cyrus_sasl authenticator. + - cyrus_sasl server now expands the server_realm option. + - Bugzilla 1214 - Log authentication information in reject log. + - Added dbmjz lookup type. + - Let heimdal_gssapi authenticator take a SASL message without an authzid. + - MAIL args handles TAB as well as SP, for better interop with + non-compliant senders. + - Bugzilla 1237 - fix cases where printf format usage not indicated. + - tls_peerdn now print-escaped for spool files. + Observed some $tls_peerdn in wild which contained \n, which resulted + in spool file corruption. + - TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" + values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read + or write after TLS renegotiation, which otherwise led to messages + "Got SSL error 2". + - Bugzilla 1239 - fix DKIM verification when signature was not inserted + as a tracking header (ie: a signed header comes before the signature). + - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a + comma-sep list; embedded commas doubled. + - Refactored ACL "verify =" logic to table-driven dispatch. + - LDAP: Check for errors of TLS initialisation, to give correct diagnostics. + - Removed "dont_insert_empty_fragments" fron "openssl_options". + Removed SSL_clear() after SSL_new() which led to protocol negotiation + failures. We appear to now support TLS1.1+ with Exim. + - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate + lets Exim select keys and certificates based upon TLS SNI from client. + Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly + before an outbound SMTP session. New log_selector, +tls_sni. + - Bugzilla 1122 - check localhost_number expansion for failure, avoid + NULL dereference. + - Revert part of NM/04, it broke log_path containing %D expansions. + Left warnings. Added "eximon gdb" invocation mode. + - Defaulting "accept_8bitmime" to true, not false. + - Added -bw for inetd wait mode support. + - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to + locate the relevant includes and libraries. Made this the default. + - Fixed headers_only on smtp transports (was not sending trailing dot). + Bugzilla 1246, report and most of solution from Tomasz Kusy. + - ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). + This may cause build issues on older platforms. + - Revamped GnuTLS support, passing tls_require_ciphers to + gnutls_priority_init, ignoring Exim options gnutls_require_kx, + gnutls_require_mac & gnutls_require_protocols (no longer supported). + Added SNI support via GnuTLS too. + Made ${randint:..} supplier available, if using not-too-old GnuTLS. + - Added EXPERIMENTAL_OCSP for OpenSSL. + - Applied dnsdb SPF support patch from Janne Snabb. + Applied second patch from Janne, implementing suggestion to default + multiple-strings-in-record handling to match SPF spec. + - Added expansion variable $tod_epoch_l for a higher-precision time. + - Fix DCC dcc_header content corruption (stack memory referenced, + read-only, out of scope). + Patch from Wolfgang Breyha, report from Stuart Northfield. + - Fix three issues highlighted by clang analyser static analysis. + Only crash-plausible issue would require the Cambridge-specific + iplookup router and a misconfiguration. + Report from Marcin Mirosław. + - Another attempt to deal with PCRE_PRERELEASE, this one less buggy. + - %D in printf continues to cause issues (-Wformat=security), so for + now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. + As part of this, removing so much warning spew let me fix some minor + real issues in debug logging. + - GnuTLS was always using default tls_require_ciphers, due to a missing + assignment on my part. Fixed. + - Added tls_dh_max_bits option, defaulting to current hard-coded limit + of NSS, for GnuTLS/NSS interop. + - Validate tls_require_ciphers on startup, since debugging an invalid + string otherwise requires a connection and a bunch more work and it's + relatively easy to get wrong. Should also expose TLS library linkage + problems. + - Pull in on Linux, for some portability edge-cases of + 64-bit ${eval} (JH/03). + - Define _GNU_SOURCE in exim.h; it's needed for some releases of + protection layer was required, which is not implemented. Bugzilla 1254 + - Overhaul DH prime handling, supply RFC-specified DH primes as built + into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make + tls_dhparam take prime identifiers. Also unbreak combination of + OpenSSL+DH_params+TLSSNI. + - Disable SSLv2 by default in OpenSSL support. + ------------------------------------------------------------------- Sat Mar 17 19:42:30 UTC 2012 - lars@samba.org diff --git a/exim.spec b/exim.spec index b16b0cb..3242922 100644 --- a/exim.spec +++ b/exim.spec @@ -43,7 +43,7 @@ Provides: smtp_daemon Requires: logrotate PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils %endif -Version: 4.77 +Version: 4.80 Release: 0 %if %{?build_with_mysql:1}0 BuildRequires: mysql-devel @@ -66,8 +66,7 @@ Source13: apparmor.usr.sbin.exim Source20: http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2 Source30: eximstats-html-update.py Source31: eximstats.conf -Patch: exim-4.12-tail.patch -Patch2: format-security.diff +Patch: exim-tail.patch %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %package -n eximon @@ -119,7 +118,6 @@ once, if at all. The rest is done by logrotate / cron.) %prep %setup -q -n exim-%{version} %patch -%patch2 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE" diff --git a/format-security.diff b/format-security.diff deleted file mode 100644 index 83179f9..0000000 --- a/format-security.diff +++ /dev/null @@ -1,146 +0,0 @@ -From: Dirk Mueller -Subject: check format strings -Reported-Upstream: Yes -Bugtracker: http://bugs.exim.org/show_bug.cgi?id=1237 - -Index: exim_monitor/em_log.c -=================================================================== ---- exim_monitor/em_log.c.orig -+++ exim_monitor/em_log.c -@@ -56,6 +56,8 @@ static int scrolled = FALSE; - static int size = 0; - static int top = 0; - -+static void show_log(char *s, ...) PRINTF_FUNCTION(1,2); -+ - static void show_log(char *s, ...) - { - int length, newtop; -@@ -362,7 +364,7 @@ link count of zero on the currently open - if (log_datestamping) - { - uschar log_file_wanted[256]; -- string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file); -+ string_format(log_file_wanted, sizeof(log_file_wanted), "%s", CS log_file); - if (Ustrcmp(log_file_wanted, log_file_open) != 0) - { - if (LOG != NULL) -Index: exim_monitor/em_main.c -=================================================================== ---- exim_monitor/em_main.c.orig -+++ exim_monitor/em_main.c -@@ -654,7 +654,7 @@ today.) */ - - if (log_file[0] != 0) - { -- (void)string_format(log_file_open, sizeof(log_file_open), CS log_file); -+ (void)string_format(log_file_open, sizeof(log_file_open), "%s", CS log_file); - log_datestamping = string_datestamp_offset >= 0; - - LOG = fopen(CS log_file_open, "r"); -Index: exim_monitor/em_text.c -=================================================================== ---- exim_monitor/em_text.c.orig -+++ exim_monitor/em_text.c -@@ -58,6 +58,8 @@ XawTextSetInsertionPoint(w, text_count); - * Display text from format * - *************************************************/ - -+void text_showf(Widget w, char *s, ...) PRINTF_FUNCTION(2,3); -+ - void text_showf(Widget w, char *s, ...) - { - va_list ap; -Index: src/demime.c -=================================================================== ---- src/demime.c.orig -+++ src/demime.c -@@ -821,7 +821,7 @@ void mime_trigger_error(int level, uscha - (void)string_vformat(US f, 16383,(char *)format, ap); - va_end(ap); - f-=22; -- log_write(0, LOG_MAIN, f); -+ log_write(0, LOG_MAIN, "%s", f); - /* then copy to demime_reason_buffer if new - level is greater than old level */ - if (level > demime_errorlevel) { -Index: src/functions.h -=================================================================== ---- src/functions.h.orig -+++ src/functions.h -@@ -80,7 +80,7 @@ extern void decode_bits(unsigned int - int, int, uschar *, bit_table *, int, uschar *, int); - extern address_item *deliver_make_addr(uschar *, BOOL); - extern int deliver_message(uschar *, BOOL, BOOL); --extern void deliver_msglog(const char *, ...); -+extern void deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2); - extern void deliver_set_expansions(address_item *); - extern int deliver_split_address(address_item *); - extern void deliver_succeeded(address_item *); -@@ -180,9 +180,9 @@ extern int mime_regex(uschar **); - extern uschar *moan_check_errorcopy(uschar *); - extern BOOL moan_skipped_syntax_errors(uschar *, error_block *, uschar *, - BOOL, uschar *); --extern void moan_smtp_batch(uschar *, const char *, ...); -+extern void moan_smtp_batch(uschar *, const char *, ...) PRINTF_FUNCTION(2,3); - extern void moan_tell_someone(uschar *, address_item *, -- const uschar *, const char *, ...); -+ const uschar *, const char *, ...) PRINTF_FUNCTION(4,5); - extern BOOL moan_to_sender(int, error_block *, header_line *, FILE *, BOOL); - extern void moan_write_from(FILE *); - extern FILE *modefopen(const uschar *, const char *, mode_t); -@@ -270,7 +270,7 @@ extern int search_findtype_partial(u - int *); - extern void *search_open(uschar *, int, int, uid_t *, gid_t *); - extern void search_tidyup(void); --extern void set_process_info(const char *, ...); -+extern void set_process_info(const char *, ...) PRINTF_FUNCTION(1,2); - extern void sha1_end(sha1 *, const uschar *, int, uschar *); - extern void sha1_mid(sha1 *, const uschar *); - extern void sha1_start(sha1 *); -@@ -298,7 +298,7 @@ extern int smtp_setup_msg(void); - extern BOOL smtp_start_session(void); - extern int smtp_ungetc(int); - extern BOOL smtp_verify_helo(void); --extern int smtp_write_command(smtp_outblock *, BOOL, const char *, ...); -+extern int smtp_write_command(smtp_outblock *, BOOL, const char *, ...) PRINTF_FUNCTION(3,4); - #ifdef WITH_CONTENT_SCAN - extern int spam(uschar **); - extern FILE *spool_mbox(unsigned long *, uschar *); -@@ -320,13 +320,13 @@ extern uschar *string_copy_malloc(uschar - extern uschar *string_copylc(uschar *); - extern uschar *string_copynlc(uschar *, int); - extern uschar *string_dequote(uschar **); --extern BOOL string_format(uschar *, int, const char *, ...); -+extern BOOL string_format(uschar *, int, const char *, ...) PRINTF_FUNCTION(3,4); - extern uschar *string_format_size(int, uschar *); - extern int string_interpret_escape(uschar **); - extern int string_is_ip_address(uschar *, int *); - extern uschar *string_log_address(address_item *, BOOL, BOOL); - extern uschar *string_nextinlist(uschar **, int *, uschar *, int); --extern uschar *string_open_failed(int, const char *, ...); -+extern uschar *string_open_failed(int, const char *, ...) PRINTF_FUNCTION(2,3); - extern uschar *string_printing2(uschar *, BOOL); - extern uschar *string_split_message(uschar *); - extern BOOL string_vformat(uschar *, int, const char *, va_list); -Index: src/local_scan.h -=================================================================== ---- src/local_scan.h.orig -+++ src/local_scan.h -@@ -173,7 +173,7 @@ extern void header_add_at_position(BO - extern void header_remove(int, const uschar *); - extern BOOL header_testname(header_line *, const uschar *, int, BOOL); - extern BOOL header_testname_incomplete(header_line *, const uschar *, int, BOOL); --extern void log_write(unsigned int, int, const char *format, ...); -+extern void log_write(unsigned int, int, const char *format, ...) PRINTF_FUNCTION(3,4); - extern int lss_b64decode(uschar *, uschar **); - extern uschar *lss_b64encode(uschar *, int); - extern int lss_match_domain(uschar *, uschar *); -@@ -188,6 +188,6 @@ extern void smtp_printf(const char *, - extern void smtp_vprintf(const char *, va_list); - extern uschar *string_copy(uschar *); - extern uschar *string_copyn(uschar *, int); --extern uschar *string_sprintf(const char *, ...); -+extern uschar *string_sprintf(const char *, ...) PRINTF_FUNCTION(1,2); - - /* End of local_scan.h */