From 5861db2a3218e09618dbb0d9555adc7ed56b62a58eb0992821b142a8ed4a24dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lars=20M=C3=BCller?= <lmuelle@suse.com>
Date: Sun, 19 Aug 2012 14:12:43 +0000
Subject: [PATCH] =?UTF-8?q?-=20update=20to=204.80=20=20=20-=20Bugzilla=209?=
 =?UTF-8?q?49=20-=20Documentation=20tweak.=20=20=20-=20Bugzilla=201093=20-?=
 =?UTF-8?q?=20eximstats=20DATA=20reject=20detection=20regexps=20improved.?=
 =?UTF-8?q?=20=20=20-=20Bugzilla=201169=20-=20primary=5Fhostname=20spellin?=
 =?UTF-8?q?g=20was=20incorrect=20in=20docs.=20=20=20-=20Implemented=20gsas?=
 =?UTF-8?q?l=20authenticator.=20=20=20-=20Implemented=20heimdal=5Fgssapi?=
 =?UTF-8?q?=20authenticator=20with=20"server=5Fkeytab"=20option.=20=20=20-?=
 =?UTF-8?q?=20Local/Makefile=20support=20for=20(AUTH|LOOKUP)=5F*=5FPC=3Dfo?=
 =?UTF-8?q?o=20to=20use=20=20=20=20=20`pkg-config=20foo`=20for=20cflags/li?=
 =?UTF-8?q?bs.=20=20=20-=20Swapped=20$auth1/$auth2=20for=20gsasl=20GSSAPI?=
 =?UTF-8?q?=20mechanism,=20to=20be=20more=20consistent=20=20=20=20=20with?=
 =?UTF-8?q?=20rest=20of=20GSASL=20and=20with=20heimdal=5Fgssapi.=20=20=20-?=
 =?UTF-8?q?=20Local/Makefile=20support=20for=20USE=5F(GNUTLS|OPENSSL)=5FPC?=
 =?UTF-8?q?=3Dfoo=20to=20use=20=20=20=20=20`pkg-config=20foo`=20for=20cfla?=
 =?UTF-8?q?gs/libs=20for=20the=20TLS=20implementation.=20=20=20-=20New=20e?=
 =?UTF-8?q?xpansion=20variable=20$tls=5Fbits;=20Cyrus=20SASL=20server=20co?=
 =?UTF-8?q?nnection=20=20=20=20=20properties=20get=20this=20fed=20in=20as?=
 =?UTF-8?q?=20external=20SSF.=20=20A=20number=20of=20robustness=20=20=20?=
 =?UTF-8?q?=20=20and=20debugging=20improvements=20to=20the=20cyrus=5Fsasl?=
 =?UTF-8?q?=20authenticator.=20=20=20-=20cyrus=5Fsasl=20server=20now=20exp?=
 =?UTF-8?q?ands=20the=20server=5Frealm=20option.=20=20=20-=20Bugzilla=2012?=
 =?UTF-8?q?14=20-=20Log=20authentication=20information=20in=20reject=20log?=
 =?UTF-8?q?.=20=20=20-=20Added=20dbmjz=20lookup=20type.=20=20=20-=20Let=20?=
 =?UTF-8?q?heimdal=5Fgssapi=20authenticator=20take=20a=20SASL=20message=20?=
 =?UTF-8?q?without=20an=20authzid.=20=20=20-=20MAIL=20args=20handles=20TAB?=
 =?UTF-8?q?=20as=20well=20as=20SP,=20for=20better=20interop=20with=20=20?=
 =?UTF-8?q?=20=20=20non-compliant=20senders.=20=20=20-=20Bugzilla=201237?=
 =?UTF-8?q?=20-=20fix=20cases=20where=20printf=20format=20usage=20not=20in?=
 =?UTF-8?q?dicated.=20=20=20-=20tls=5Fpeerdn=20now=20print-escaped=20for?=
 =?UTF-8?q?=20spool=20files.=20=20=20=20=20Observed=20some=20$tls=5Fpeerdn?=
 =?UTF-8?q?=20in=20wild=20which=20contained=20\n,=20which=20resulted=20=20?=
 =?UTF-8?q?=20=20=20in=20spool=20file=20corruption.=20=20=20-=20TLS=20fixe?=
 =?UTF-8?q?s=20for=20OpenSSL:=20support=20TLS=201.1=20&=201.2;=20new=20"op?=
 =?UTF-8?q?enssl=5Foptions"=20=20=20=20=20values;=20set=20SSL=5FMODE=5FAUT?=
 =?UTF-8?q?O=5FRETRY=20so=20that=20OpenSSL=20will=20retry=20a=20read=20=20?=
 =?UTF-8?q?=20=20=20or=20write=20after=20TLS=20renegotiation,=20which=20ot?=
 =?UTF-8?q?herwise=20led=20to=20messages=20=20=20=20=20"Got=20SSL=20error?=
 =?UTF-8?q?=202".=20=20=20-=20Bugzilla=201239=20-=20fix=20DKIM=20verificat?=
 =?UTF-8?q?ion=20when=20signature=20was=20not=20inserted=20=20=20=20=20as?=
 =?UTF-8?q?=20a=20tracking=20header=20(ie:=20a=20signed=20header=20comes?=
 =?UTF-8?q?=20before=20the=20signature).=20=20=20-=20Bugzilla=20660=20-=20?=
 =?UTF-8?q?Multi-valued=20attributes=20from=20ldap=20now=20parseable=20as?=
 =?UTF-8?q?=20a=20=20=20=20=20comma-sep=20list;=20embedded=20commas=20doub?=
 =?UTF-8?q?led.=20=20=20-=20Refactored=20ACL=20"verify=20=3D"=20logic=20to?=
 =?UTF-8?q?=20table-driven=20dispatch.=20=20=20-=20LDAP:=20Check=20for=20e?=
 =?UTF-8?q?rrors=20of=20TLS=20initialisation,=20to=20give=20correct=20diag?=
 =?UTF-8?q?nostics.=20=20=20-=20Removed=20"dont=5Finsert=5Fempty=5Ffragmen?=
 =?UTF-8?q?ts"=20fron=20"openssl=5Foptions".=20=20=20=20=20Removed=20SSL?=
 =?UTF-8?q?=5Fclear()=20after=20SSL=5Fnew()=20which=20led=20to=20protocol?=
 =?UTF-8?q?=20negotiation=20=20=20=20=20failures.=20=20We=20appear=20to=20?=
 =?UTF-8?q?now=20support=20TLS1.1+=20with=20Exim.=20=20=20-=20OpenSSL:=20n?=
 =?UTF-8?q?ew=20expansion=20var=20$tls=5Fsni,=20which=20if=20used=20in=20t?=
 =?UTF-8?q?ls=5Fcertificate=20=20=20=20=20lets=20Exim=20select=20keys=20an?=
 =?UTF-8?q?d=20certificates=20based=20upon=20TLS=20SNI=20from=20client.=20?=
 =?UTF-8?q?=20=20=20=20Also=20option=20tls=5Fsni=20on=20SMTP=20Transports.?=
 =?UTF-8?q?=20=20Also=20clear=20$tls=5Fbits=20correctly=20=20=20=20=20befo?=
 =?UTF-8?q?re=20an=20outbound=20SMTP=20session.=20=20New=20log=5Fselector,?=
 =?UTF-8?q?=20+tls=5Fsni.=20=20=20-=20Bugzilla=201122=20-=20check=20localh?=
 =?UTF-8?q?ost=5Fnumber=20expansion=20for=20failure,=20avoid=20=20=20=20?=
 =?UTF-8?q?=20NULL=20dereference.=20=20=20-=20Revert=20part=20of=20NM/04,?=
 =?UTF-8?q?=20it=20broke=20log=5Fpath=20containing=20%D=20expansions.=20?=
 =?UTF-8?q?=20=20=20=20Left=20warnings.=20=20Added=20"eximon=20gdb"=20invo?=
 =?UTF-8?q?cation=20mode.=20=20=20-=20Defaulting=20"accept=5F8bitmime"=20t?=
 =?UTF-8?q?o=20true,=20not=20false.=20=20=20-=20Added=20-bw=20for=20inetd?=
 =?UTF-8?q?=20wait=20mode=20support.=20=20=20-=20Added=20PCRE=5FCONFIG=3Dy?=
 =?UTF-8?q?es=20support=20to=20Makefile=20for=20using=20pcre-config=20to?=
 =?UTF-8?q?=20=20=20=20=20locate=20the=20relevant=20includes=20and=20libra?=
 =?UTF-8?q?ries.=20=20Made=20this=20the=20default.=20=20=20-=20Fixed=20hea?=
 =?UTF-8?q?ders=5Fonly=20on=20smtp=20transports=20(was=20not=20sending=20t?=
 =?UTF-8?q?railing=20dot).=20=20=20=20=20Bugzilla=201246,=20report=20and?=
 =?UTF-8?q?=20most=20of=20solution=20from=20Tomasz=20Kusy.=20=20=20-=20${e?=
 =?UTF-8?q?val=20}=20now=20uses=2064-bit=20and=20supports=20a=20"g"=20suff?=
 =?UTF-8?q?ix=20(like=20to=20"k"=20and=20"m").=20=20=20=20=20This=20may=20?=
 =?UTF-8?q?cause=20build=20issues=20on=20older=20platforms.=20=20=20-=20Re?=
 =?UTF-8?q?vamped=20GnuTLS=20support,=20passing=20tls=5Frequire=5Fciphers?=
 =?UTF-8?q?=20to=20=20=20=20=20gnutls=5Fpriority=5Finit,=20ignoring=20Exim?=
 =?UTF-8?q?=20options=20gnutls=5Frequire=5Fkx,=20=20=20=20=20gnutls=5Frequ?=
 =?UTF-8?q?ire=5Fmac=20&=20gnutls=5Frequire=5Fprotocols=20(no=20longer=20s?=
 =?UTF-8?q?upported).=20=20=20=20=20Added=20SNI=20support=20via=20GnuTLS?=
 =?UTF-8?q?=20too.=20=20=20=20=20Made=20${randint:..}=20supplier=20availab?=
 =?UTF-8?q?le,=20if=20using=20not-too-old=20GnuTLS.=20=20=20-=20Added=20EX?=
 =?UTF-8?q?PERIMENTAL=5FOCSP=20for=20OpenSSL.=20=20=20-=20Applied=20dnsdb?=
 =?UTF-8?q?=20SPF=20support=20patch=20from=20Janne=20Snabb.=20=20=20=20=20?=
 =?UTF-8?q?Applied=20second=20patch=20from=20Janne,=20implementing=20sugge?=
 =?UTF-8?q?stion=20to=20default=20=20=20=20=20multiple-strings-in-record?=
 =?UTF-8?q?=20handling=20to=20match=20SPF=20spec.=20=20=20-=20Added=20expa?=
 =?UTF-8?q?nsion=20variable=20$tod=5Fepoch=5Fl=20for=20a=20higher-precisio?=
 =?UTF-8?q?n=20time.=20=20=20-=20Fix=20DCC=20dcc=5Fheader=20content=20corr?=
 =?UTF-8?q?uption=20(stack=20memory=20referenced,=20=20=20=20=20read-only,?=
 =?UTF-8?q?=20out=20of=20scope).=20=20=20=20=20Patch=20from=20Wolfgang=20B?=
 =?UTF-8?q?reyha,=20report=20from=20Stuart=20Northfield.=20=20=20-=20Fix?=
 =?UTF-8?q?=20three=20issues=20highlighted=20by=20clang=20analyser=20stati?=
 =?UTF-8?q?c=20analysis.=20=20=20=20=20Only=20crash-plausible=20issue=20wo?=
 =?UTF-8?q?uld=20require=20the=20Cambridge-specific=20=20=20=20=20iplookup?=
 =?UTF-8?q?=20router=20and=20a=20misconfiguration.=20=20=20=20=20Report=20?=
 =?UTF-8?q?from=20Marcin=20Miros=C5=82aw.=20=20=20-=20Another=20attempt=20?=
 =?UTF-8?q?to=20deal=20with=20PCRE=5FPRERELEASE,=20this=20one=20less=20bug?=
 =?UTF-8?q?gy.=20=20=20-=20%D=20in=20printf=20continues=20to=20cause=20iss?=
 =?UTF-8?q?ues=20(-Wformat=3Dsecurity),=20so=20for=20=20=20=20=20now=20gua?=
 =?UTF-8?q?rd=20some=20of=20the=20printf=20checks=20behind=20WANT=5FDEEPER?=
 =?UTF-8?q?=5FPRINTF=5FCHECKS.=20=20=20=20=20As=20part=20of=20this,=20remo?=
 =?UTF-8?q?ving=20so=20much=20warning=20spew=20let=20me=20fix=20some=20min?=
 =?UTF-8?q?or=20=20=20=20=20real=20issues=20in=20debug=20logging.=20=20=20?=
 =?UTF-8?q?-=20GnuTLS=20was=20always=20using=20default=20tls=5Frequire=5Fc?=
 =?UTF-8?q?iphers,=20due=20to=20a=20missing=20=20=20=20=20assignment=20on?=
 =?UTF-8?q?=20my=20part.=20=20Fixed.=20=20=20-=20Added=20tls=5Fdh=5Fmax=5F?=
 =?UTF-8?q?bits=20option,=20defaulting=20to=20current=20hard-coded=20limit?=
 =?UTF-8?q?=20=20=20=20=20of=20NSS,=20for=20GnuTLS/NSS=20interop.=20=20=20?=
 =?UTF-8?q?-=20Validate=20tls=5Frequire=5Fciphers=20on=20startup,=20since?=
 =?UTF-8?q?=20debugging=20an=20invalid=20=20=20=20=20string=20otherwise=20?=
 =?UTF-8?q?requires=20a=20connection=20and=20a=20bunch=20more=20work=20and?=
 =?UTF-8?q?=20it's=20=20=20=20=20relatively=20easy=20to=20get=20wrong.=20?=
 =?UTF-8?q?=20Should=20also=20expose=20TLS=20library=20linkage=20=20=20=20?=
 =?UTF-8?q?=20problems.=20=20=20-=20Pull=20in=20<features.h>=20on=20Linux,?=
 =?UTF-8?q?=20for=20some=20portability=20edge-cases=20of=20=20=20=20=2064-?=
 =?UTF-8?q?bit=20${eval}=20(JH/03).=20=20=20-=20Define=20=5FGNU=5FSOURCE?=
 =?UTF-8?q?=20in=20exim.h;=20it's=20needed=20for=20some=20releases=20of=20?=
 =?UTF-8?q?=20=20=20=20protection=20layer=20was=20required,=20which=20is?=
 =?UTF-8?q?=20not=20implemented.=20=20Bugzilla=201254=20=20=20-=20Overhaul?=
 =?UTF-8?q?=20DH=20prime=20handling,=20supply=20RFC-specified=20DH=20prime?=
 =?UTF-8?q?s=20as=20built=20=20=20=20=20into=20Exim,=20default=20to=20IKE?=
 =?UTF-8?q?=20id=2023=20from=20RFC=205114=20(2048=20bit).=20=20Make=20=20?=
 =?UTF-8?q?=20=20=20tls=5Fdhparam=20take=20prime=20identifiers.=20=20Also?=
 =?UTF-8?q?=20unbreak=20combination=20of=20=20=20=20=20OpenSSL+DH=5Fparams?=
 =?UTF-8?q?+TLSSNI.=20=20=20-=20Disable=20SSLv2=20by=20default=20in=20Open?=
 =?UTF-8?q?SSL=20support.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=122
---
 exim-4.77.tar.bz2                       |   3 -
 exim-4.80.tar.bz2                       |   3 +
 exim-4.12-tail.patch => exim-tail.patch |   0
 exim.changes                            |  97 ++++++++++++++++
 exim.spec                               |   6 +-
 format-security.diff                    | 146 ------------------------
 6 files changed, 102 insertions(+), 153 deletions(-)
 delete mode 100644 exim-4.77.tar.bz2
 create mode 100644 exim-4.80.tar.bz2
 rename exim-4.12-tail.patch => exim-tail.patch (100%)
 delete mode 100644 format-security.diff

diff --git a/exim-4.77.tar.bz2 b/exim-4.77.tar.bz2
deleted file mode 100644
index 9494c8e..0000000
--- a/exim-4.77.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0ccc13cf2f052b1163fcdf71c55a3578765050848ba413a6473d3ab5d20b1475
-size 1576148
diff --git a/exim-4.80.tar.bz2 b/exim-4.80.tar.bz2
new file mode 100644
index 0000000..3c252a6
--- /dev/null
+++ b/exim-4.80.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:787b6defd37fa75311737bcfc42e9e2b2cc62c5d027eed35bb7d800b2d9a0984
+size 1649827
diff --git a/exim-4.12-tail.patch b/exim-tail.patch
similarity index 100%
rename from exim-4.12-tail.patch
rename to exim-tail.patch
diff --git a/exim.changes b/exim.changes
index 2aaae29..08e7332 100644
--- a/exim.changes
+++ b/exim.changes
@@ -1,3 +1,100 @@
+-------------------------------------------------------------------
+Sun Aug 19 13:36:59 UTC 2012 - lars@samba.org
+
+- update to 4.80
+  - Bugzilla 949 - Documentation tweak.
+  - Bugzilla 1093 - eximstats DATA reject detection regexps improved.
+  - Bugzilla 1169 - primary_hostname spelling was incorrect in docs.
+  - Implemented gsasl authenticator.
+  - Implemented heimdal_gssapi authenticator with "server_keytab" option.
+  - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use
+    `pkg-config foo` for cflags/libs.
+  - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent
+    with rest of GSASL and with heimdal_gssapi.
+  - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use
+    `pkg-config foo` for cflags/libs for the TLS implementation.
+  - New expansion variable $tls_bits; Cyrus SASL server connection
+    properties get this fed in as external SSF.  A number of robustness
+    and debugging improvements to the cyrus_sasl authenticator.
+  - cyrus_sasl server now expands the server_realm option.
+  - Bugzilla 1214 - Log authentication information in reject log.
+  - Added dbmjz lookup type.
+  - Let heimdal_gssapi authenticator take a SASL message without an authzid.
+  - MAIL args handles TAB as well as SP, for better interop with
+    non-compliant senders.
+  - Bugzilla 1237 - fix cases where printf format usage not indicated.
+  - tls_peerdn now print-escaped for spool files.
+    Observed some $tls_peerdn in wild which contained \n, which resulted
+    in spool file corruption.
+  - TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options"
+    values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read
+    or write after TLS renegotiation, which otherwise led to messages
+    "Got SSL error 2".
+  - Bugzilla 1239 - fix DKIM verification when signature was not inserted
+    as a tracking header (ie: a signed header comes before the signature).
+  - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a
+    comma-sep list; embedded commas doubled.
+  - Refactored ACL "verify =" logic to table-driven dispatch.
+  - LDAP: Check for errors of TLS initialisation, to give correct diagnostics.
+  - Removed "dont_insert_empty_fragments" fron "openssl_options".
+    Removed SSL_clear() after SSL_new() which led to protocol negotiation
+    failures.  We appear to now support TLS1.1+ with Exim.
+  - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate
+    lets Exim select keys and certificates based upon TLS SNI from client.
+    Also option tls_sni on SMTP Transports.  Also clear $tls_bits correctly
+    before an outbound SMTP session.  New log_selector, +tls_sni.
+  - Bugzilla 1122 - check localhost_number expansion for failure, avoid
+    NULL dereference.
+  - Revert part of NM/04, it broke log_path containing %D expansions.
+    Left warnings.  Added "eximon gdb" invocation mode.
+  - Defaulting "accept_8bitmime" to true, not false.
+  - Added -bw for inetd wait mode support.
+  - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to
+    locate the relevant includes and libraries.  Made this the default.
+  - Fixed headers_only on smtp transports (was not sending trailing dot).
+    Bugzilla 1246, report and most of solution from Tomasz Kusy.
+  - ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m").
+    This may cause build issues on older platforms.
+  - Revamped GnuTLS support, passing tls_require_ciphers to
+    gnutls_priority_init, ignoring Exim options gnutls_require_kx,
+    gnutls_require_mac & gnutls_require_protocols (no longer supported).
+    Added SNI support via GnuTLS too.
+    Made ${randint:..} supplier available, if using not-too-old GnuTLS.
+  - Added EXPERIMENTAL_OCSP for OpenSSL.
+  - Applied dnsdb SPF support patch from Janne Snabb.
+    Applied second patch from Janne, implementing suggestion to default
+    multiple-strings-in-record handling to match SPF spec.
+  - Added expansion variable $tod_epoch_l for a higher-precision time.
+  - Fix DCC dcc_header content corruption (stack memory referenced,
+    read-only, out of scope).
+    Patch from Wolfgang Breyha, report from Stuart Northfield.
+  - Fix three issues highlighted by clang analyser static analysis.
+    Only crash-plausible issue would require the Cambridge-specific
+    iplookup router and a misconfiguration.
+    Report from Marcin Mirosław.
+  - Another attempt to deal with PCRE_PRERELEASE, this one less buggy.
+  - %D in printf continues to cause issues (-Wformat=security), so for
+    now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS.
+    As part of this, removing so much warning spew let me fix some minor
+    real issues in debug logging.
+  - GnuTLS was always using default tls_require_ciphers, due to a missing
+    assignment on my part.  Fixed.
+  - Added tls_dh_max_bits option, defaulting to current hard-coded limit
+    of NSS, for GnuTLS/NSS interop.
+  - Validate tls_require_ciphers on startup, since debugging an invalid
+    string otherwise requires a connection and a bunch more work and it's
+    relatively easy to get wrong.  Should also expose TLS library linkage
+    problems.
+  - Pull in <features.h> on Linux, for some portability edge-cases of
+    64-bit ${eval} (JH/03).
+  - Define _GNU_SOURCE in exim.h; it's needed for some releases of
+    protection layer was required, which is not implemented.  Bugzilla 1254
+  - Overhaul DH prime handling, supply RFC-specified DH primes as built
+    into Exim, default to IKE id 23 from RFC 5114 (2048 bit).  Make
+    tls_dhparam take prime identifiers.  Also unbreak combination of
+    OpenSSL+DH_params+TLSSNI.
+  - Disable SSLv2 by default in OpenSSL support.
+
 -------------------------------------------------------------------
 Sat Mar 17 19:42:30 UTC 2012 - lars@samba.org
 
diff --git a/exim.spec b/exim.spec
index b16b0cb..3242922 100644
--- a/exim.spec
+++ b/exim.spec
@@ -43,7 +43,7 @@ Provides:       smtp_daemon
 Requires:       logrotate
 PreReq:         %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils
 %endif
-Version:        4.77
+Version:        4.80
 Release:        0
 %if %{?build_with_mysql:1}0
 BuildRequires:  mysql-devel
@@ -66,8 +66,7 @@ Source13:       apparmor.usr.sbin.exim
 Source20:       http://www.logic.univie.ac.at/~ametzler/debian/exim4manpages/exim4-manpages.tar.bz2
 Source30:       eximstats-html-update.py
 Source31:       eximstats.conf
-Patch:          exim-4.12-tail.patch
-Patch2:         format-security.diff
+Patch:          exim-tail.patch
 %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0
 
 %package -n eximon
@@ -119,7 +118,6 @@ once, if at all. The rest is done by logrotate / cron.)
 %prep
 %setup -q -n exim-%{version}
 %patch
-%patch2
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
diff --git a/format-security.diff b/format-security.diff
deleted file mode 100644
index 83179f9..0000000
--- a/format-security.diff
+++ /dev/null
@@ -1,146 +0,0 @@
-From: Dirk Mueller <dmueller@suse.com>
-Subject: check format strings
-Reported-Upstream: Yes
-Bugtracker: http://bugs.exim.org/show_bug.cgi?id=1237
-
-Index: exim_monitor/em_log.c
-===================================================================
---- exim_monitor/em_log.c.orig
-+++ exim_monitor/em_log.c
-@@ -56,6 +56,8 @@ static int scrolled = FALSE;
- static int size = 0;
- static int top = 0;
- 
-+static void show_log(char *s, ...) PRINTF_FUNCTION(1,2);
-+
- static void show_log(char *s, ...)
- {
- int length, newtop;
-@@ -362,7 +364,7 @@ link count of zero on the currently open
- if (log_datestamping)
-   {
-   uschar log_file_wanted[256];
--  string_format(log_file_wanted, sizeof(log_file_wanted), CS log_file);
-+  string_format(log_file_wanted, sizeof(log_file_wanted), "%s", CS log_file);
-   if (Ustrcmp(log_file_wanted, log_file_open) != 0)
-     {
-     if (LOG != NULL)
-Index: exim_monitor/em_main.c
-===================================================================
---- exim_monitor/em_main.c.orig
-+++ exim_monitor/em_main.c
-@@ -654,7 +654,7 @@ today.) */
- 
- if (log_file[0] != 0)
-   {
--  (void)string_format(log_file_open, sizeof(log_file_open), CS log_file);
-+  (void)string_format(log_file_open, sizeof(log_file_open), "%s", CS log_file);
-   log_datestamping = string_datestamp_offset >= 0;
- 
-   LOG = fopen(CS log_file_open, "r");
-Index: exim_monitor/em_text.c
-===================================================================
---- exim_monitor/em_text.c.orig
-+++ exim_monitor/em_text.c
-@@ -58,6 +58,8 @@ XawTextSetInsertionPoint(w, text_count);
- *           Display text from format             *
- *************************************************/
- 
-+void text_showf(Widget w, char *s, ...) PRINTF_FUNCTION(2,3);
-+
- void text_showf(Widget w, char *s, ...)
- {
- va_list ap;
-Index: src/demime.c
-===================================================================
---- src/demime.c.orig
-+++ src/demime.c
-@@ -821,7 +821,7 @@ void mime_trigger_error(int level, uscha
-     (void)string_vformat(US f, 16383,(char *)format, ap);
-     va_end(ap);
-     f-=22;
--    log_write(0, LOG_MAIN, f);
-+    log_write(0, LOG_MAIN, "%s", f);
-     /* then copy to demime_reason_buffer if new
-     level is greater than old level */
-     if (level > demime_errorlevel) {
-Index: src/functions.h
-===================================================================
---- src/functions.h.orig
-+++ src/functions.h
-@@ -80,7 +80,7 @@ extern void    decode_bits(unsigned int
-                   int, int, uschar *, bit_table *, int, uschar *, int);
- extern address_item *deliver_make_addr(uschar *, BOOL);
- extern int     deliver_message(uschar *, BOOL, BOOL);
--extern void    deliver_msglog(const char *, ...);
-+extern void    deliver_msglog(const char *, ...) PRINTF_FUNCTION(1,2);
- extern void    deliver_set_expansions(address_item *);
- extern int     deliver_split_address(address_item *);
- extern void    deliver_succeeded(address_item *);
-@@ -180,9 +180,9 @@ extern int     mime_regex(uschar **);
- extern uschar *moan_check_errorcopy(uschar *);
- extern BOOL    moan_skipped_syntax_errors(uschar *, error_block *, uschar *,
-                  BOOL, uschar *);
--extern void    moan_smtp_batch(uschar *, const char *, ...);
-+extern void    moan_smtp_batch(uschar *, const char *, ...) PRINTF_FUNCTION(2,3);
- extern void    moan_tell_someone(uschar *, address_item *,
--                 const uschar *, const char *, ...);
-+                 const uschar *, const char *, ...) PRINTF_FUNCTION(4,5);
- extern BOOL    moan_to_sender(int, error_block *, header_line *, FILE *, BOOL);
- extern void    moan_write_from(FILE *);
- extern FILE   *modefopen(const uschar *, const char *, mode_t);
-@@ -270,7 +270,7 @@ extern int     search_findtype_partial(u
-                  int *);
- extern void   *search_open(uschar *, int, int, uid_t *, gid_t *);
- extern void    search_tidyup(void);
--extern void    set_process_info(const char *, ...);
-+extern void    set_process_info(const char *, ...) PRINTF_FUNCTION(1,2);
- extern void    sha1_end(sha1 *, const uschar *, int, uschar *);
- extern void    sha1_mid(sha1 *, const uschar *);
- extern void    sha1_start(sha1 *);
-@@ -298,7 +298,7 @@ extern int     smtp_setup_msg(void);
- extern BOOL    smtp_start_session(void);
- extern int     smtp_ungetc(int);
- extern BOOL    smtp_verify_helo(void);
--extern int     smtp_write_command(smtp_outblock *, BOOL, const char *, ...);
-+extern int     smtp_write_command(smtp_outblock *, BOOL, const char *, ...) PRINTF_FUNCTION(3,4);
- #ifdef WITH_CONTENT_SCAN
- extern int     spam(uschar **);
- extern FILE   *spool_mbox(unsigned long *, uschar *);
-@@ -320,13 +320,13 @@ extern uschar *string_copy_malloc(uschar
- extern uschar *string_copylc(uschar *);
- extern uschar *string_copynlc(uschar *, int);
- extern uschar *string_dequote(uschar **);
--extern BOOL    string_format(uschar *, int, const char *, ...);
-+extern BOOL    string_format(uschar *, int, const char *, ...) PRINTF_FUNCTION(3,4);
- extern uschar *string_format_size(int, uschar *);
- extern int     string_interpret_escape(uschar **);
- extern int     string_is_ip_address(uschar *, int *);
- extern uschar *string_log_address(address_item *, BOOL, BOOL);
- extern uschar *string_nextinlist(uschar **, int *, uschar *, int);
--extern uschar *string_open_failed(int, const char *, ...);
-+extern uschar *string_open_failed(int, const char *, ...) PRINTF_FUNCTION(2,3);
- extern uschar *string_printing2(uschar *, BOOL);
- extern uschar *string_split_message(uschar *);
- extern BOOL    string_vformat(uschar *, int, const char *, va_list);
-Index: src/local_scan.h
-===================================================================
---- src/local_scan.h.orig
-+++ src/local_scan.h
-@@ -173,7 +173,7 @@ extern void    header_add_at_position(BO
- extern void    header_remove(int, const uschar *);
- extern BOOL    header_testname(header_line *, const uschar *, int, BOOL);
- extern BOOL    header_testname_incomplete(header_line *, const uschar *, int, BOOL);
--extern void    log_write(unsigned int, int, const char *format, ...);
-+extern void    log_write(unsigned int, int, const char *format, ...) PRINTF_FUNCTION(3,4);
- extern int     lss_b64decode(uschar *, uschar **);
- extern uschar *lss_b64encode(uschar *, int);
- extern int     lss_match_domain(uschar *, uschar *);
-@@ -188,6 +188,6 @@ extern void    smtp_printf(const char *,
- extern void    smtp_vprintf(const char *, va_list);
- extern uschar *string_copy(uschar *);
- extern uschar *string_copyn(uschar *, int);
--extern uschar *string_sprintf(const char *, ...);
-+extern uschar *string_sprintf(const char *, ...) PRINTF_FUNCTION(1,2);
- 
- /* End of local_scan.h */