Accepting request 603159 from server:mail

OBS-URL: https://build.opensuse.org/request/show/603159
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=48

exim-4.86.2-mariadb_102_compile_fix.patch

@@ -1,94 +0,0 @@
-Index: exim-4.86.2/src/lookups/mysql.c
-===================================================================
---- exim-4.86.2.orig/src/lookups/mysql.c
-+++ exim-4.86.2/src/lookups/mysql.c
-@@ -14,6 +14,53 @@ functions. */
- 
- #include <mysql.h>       /* The system header */
- 
-+/* We define symbols for *_VERSION_ID (numeric), *_VERSION_STR (char*)
-+and *_BASE_STR (char*). It's a bit of guesswork. Especially for mariadb
-+with versions before 10.2, as they do not define there there specific symbols.
-+*/
-+
-+// Newer (>= 10.2) MariaDB
-+#if defined                   MARIADB_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID MARIADB_VERSION_ID
-+
-+// MySQL defines MYSQL_VERSION_ID, and MariaDB does so
-+// https://dev.mysql.com/doc/refman/5.7/en/c-api-server-client-versions.html
-+#elif defined                 LIBMYSQL_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID LIBMYSQL_VERSION_ID
-+#elif defined                 MYSQL_VERSION_ID
-+#define EXIM_MxSQL_VERSION_ID MYSQL_VERSION_ID
-+
-+#else
-+#define EXIM_MYSQL_VERSION_ID  0
-+#endif
-+
-+// Newer (>= 10.2) MariaDB
-+#ifdef                         MARIADB_CLIENT_VERSION_STR
-+#define EXIM_MxSQL_VERSION_STR MARIADB_CLIENT_VERSION_STR
-+
-+// Mysql uses MYSQL_SERVER_VERSION
-+#elif defined                  LIBMYSQL_VERSION
-+#define EXIM_MxSQL_VERSION_STR LIBMYSQL_VERSION
-+#elif defined                  MYSQL_SERVER_VERSION
-+#define EXIM_MxSQL_VERSION_STR MYSQL_SERVER_VERSION
-+
-+#else
-+#define EXIM_MxSQL_VERSION_STR  "N.A."
-+#endif
-+
-+#if defined                 MARIADB_BASE_VERSION
-+#define EXIM_MxSQL_BASE_STR MARIADB_BASE_VERSION
-+
-+#elif defined               MARIADB_PACKAGE_VERSION
-+#define EXIM_MxSQL_BASE_STR "mariadb"
-+
-+#elif defined               MYSQL_BASE_VERSION
-+#define EXIM_MxSQL_BASE_STR MYSQL_BASE_VERSION
-+
-+#else
-+#define EXIM_MxSQL_BASE_STR  "n.A."
-+#endif
-+
- 
- /* Structure and anchor for caching connections. */
- 
-@@ -423,10 +470,10 @@ return quoted;
- void
- mysql_version_report(FILE *f)
- {
--fprintf(f, "Library version: MySQL: Compile: %s [%s]\n"
--           "                        Runtime: %s\n",
--        MYSQL_SERVER_VERSION, MYSQL_COMPILATION_COMMENT,
--        mysql_get_client_info());
-+fprintf(f, "Library version: MySQL: Compile: %lu %s [%s]\n"
-+           "                        Runtime: %lu %s\n",
-+        (long)EXIM_MxSQL_VERSION_ID, EXIM_MxSQL_VERSION_STR, EXIM_MxSQL_BASE_STR,
-+        mysql_get_client_version(), mysql_get_client_info());
- #ifdef DYNLOOKUP
- fprintf(f, "                        Exim version %s\n", EXIM_VERSION_STR);
- #endif
-Index: exim-4.86.2/src/EDITME
-===================================================================
---- exim-4.86.2.orig/src/EDITME
-+++ exim-4.86.2/src/EDITME
-@@ -253,7 +253,7 @@ TRANSPORT_SMTP=yes
- # you perform upgrades and revert them. You should consider the benefit of
- # embedding the Exim version number into LOOKUP_MODULE_DIR, so that you can
- # maintain two concurrent sets of modules.
--# 
-+#
- # *BEWARE*: ability to modify the files in LOOKUP_MODULE_DIR is equivalent to
- # the ability to modify the Exim binary, which is often setuid root!  The Exim
- # developers only intend this functionality be used by OS software packagers
-@@ -301,6 +301,7 @@ LOOKUP_DNSDB=yes
- # LOOKUP_IBASE=yes
- # LOOKUP_LDAP=yes
- # LOOKUP_MYSQL=yes
-+# LOOKUP_MYSQL_PC=mariadb
- # LOOKUP_NIS=yes
- # LOOKUP_NISPLUS=yes
- # LOOKUP_ORACLE=yes

exim-4.88.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:119d5fd7e31fc224e84dfa458fe182f200856bae7adf852a8287c242161f8a2d
-size 1824610

exim-4.88.tar.bz2.asc

@@ -1,10 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEcBAABAgAGBQJYVqBoAAoJELzljIzkHzLf5vIH/R4gcGqdEwGkFDRwQA5ImNif
-USPeSli63U2tL2YRpf8E/sMWlf2ywZl9vGkVWhvYFvMWI4gn+hNAh0jUj2BakCdI
-aEjUk0KSA0nXHzIGmNyf0lAcC1VONRq0KLxfQvlGF8RrKnBL7urg46EVFagmU8g9
-m3KVHPjv1cUIICZdJVWICUChjjm23pBvtqr1M9TgUAhWQU0FaG9dmgY2Kh4s2pnG
-0o+llbQdU1hvtk0lTMzZYmYTtS3totoyR3aKYdws/epOnE1MgVOIlnp2q5R9FMO1
-RE5bHa2Qg5UCf5wwAKSOxIDLPEVUoX6qkbP7inByuGKZ5dSvBQwUGPAt+b2Lb38=
-=jgHZ
------END PGP SIGNATURE-----

exim-4.91.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eff5b41276a0039e89af4b447da13aaa61c5823d4ec2c37353dc23577cfb02d3
+size 1912811

exim-4.91.tar.bz2.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABAgAGBQJa01I+AAoJELzljIzkHzLfBRAH/R4DJhI01BTVIl6/7gQOVfST
+fmhBh3rTRXhkSR7XfzxWgNR2jJnDJReitBdjDvkgLdYZ7+S3G7+WIJeSuoP2+PPO
+VfSEWQdaeYYyvz6C81xPHo+UARnQcGTygPQpLk9XDiVYZ7X9TYUuomNX4MsK1EXb
+2ZJUJ1Sm1DoZx9MbPXJfUSPXeBJGMJwjSjh9KRssFg5VddjBc/oNHf3oL/ThodzU
+SmMyPc29r8ZZe+EC5lVumN6G8UalDFPROa/0VEYkJsj7zFG6JgIlRhWgYaIq3nGn
+m6ghRaRNQFSktjzISD+mf3ttiqyoJAPRc4x2fbvDAnUjpNQ3VuxOP8uz758cPTw=
+=I/a+
+-----END PGP SIGNATURE-----

exim-CVE-2017-1000369.patch

@@ -1,43 +0,0 @@
-commit 65e061b76867a9ea7aeeb535341b790b90ae6c21
-Author: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
-Date:   Wed May 31 23:08:56 2017 +0200
-
-    Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
-
-diff --git a/src/exim.c b/src/src/exim.c
-index 67583e58..88e11977 100644
---- a/src/exim.c
-+++ b/src/exim.c
-@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++)
- 
-       /* -oMr: Received protocol */
- 
--      else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i];
-+      else if (Ustrcmp(argrest, "Mr") == 0)
-+
-+        if (received_protocol)
-+          {
-+          fprintf(stderr, "received_protocol is set already\n");
-+          exit(EXIT_FAILURE);
-+          }
-+        else received_protocol = argv[++i];
- 
-       /* -oMs: Set sender host name */
- 
-@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++)
- 
-     if (*argrest != 0)
-       {
--      uschar *hn = Ustrchr(argrest, ':');
-+      uschar *hn;
-+
-+      if (received_protocol)
-+        {
-+        fprintf(stderr, "received_protocol is set already\n");
-+        exit(EXIT_FAILURE);
-+        }
-+
-+      hn = Ustrchr(argrest, ':');
-       if (hn == NULL)
-         {
-         received_protocol = argrest;

exim-CVE-2017-16943.patch

@@ -1,40 +0,0 @@
-From 4e6ae6235c68de243b1c2419027472d7659aa2b4 Mon Sep 17 00:00:00 2001
-From: Jeremy Harris <jgh146exb@wizmail.org>
-Date: Fri, 24 Nov 2017 20:22:33 +0000
-Subject: [PATCH] Avoid release of store if there have been later allocations. 
- Bug 2199
-
----
- src/src/receive.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/src/receive.c b/src/src/receive.c
-index e7e518a..d9b5001 100644
---- a/src/receive.c
-+++ b/src/receive.c
-@@ -1810,8 +1810,8 @@ for (;;)
-   (and sometimes lunatic messages can have ones that are 100s of K long) we
-   call store_release() for strings that have been copied - if the string is at
-   the start of a block (and therefore the only thing in it, because we aren't
--  doing any other gets), the block gets freed. We can only do this because we
--  know there are no other calls to store_get() going on. */
-+  doing any other gets), the block gets freed. We can only do this release if
-+  there were no allocations since the once that we want to free. */
- 
-   if (ptr >= header_size - 4)
-     {
-@@ -1820,9 +1820,10 @@ for (;;)
-     header_size *= 2;
-     if (!store_extend(next->text, oldsize, header_size))
-       {
-+      BOOL release_ok = store_last_get[store_pool] == next->text;
-       uschar *newtext = store_get(header_size);
-       memcpy(newtext, next->text, ptr);
--      store_release(next->text);
-+      if (release_ok) store_release(next->text);
-       next->text = newtext;
-       }
-     }
--- 
-1.9.1
-

exim-CVE-2017-16944.patch

@@ -1,41 +0,0 @@
-diff -ru a/src/receive.c b/src/receive.c
---- a/src/receive.c	2017-11-30 09:15:29.593364805 +0100
-+++ b/src/receive.c	2017-11-30 09:17:32.026970431 +0100
-@@ -1759,7 +1759,7 @@
-   prevent further reading), and break out of the loop, having freed the
-   empty header, and set next = NULL to indicate no data line. */
- 
--  if (ptr == 0 && ch == '.' && (smtp_input || dot_ends))
-+  if (ptr == 0 && ch == '.' && dot_ends)
-     {
-     ch = (receive_getc)();
-     if (ch == '\r')
-diff -ru a/src/smtp_in.c b/src/smtp_in.c
---- a/src/smtp_in.c	2017-11-30 09:15:29.593364805 +0100
-+++ b/src/smtp_in.c	2017-11-30 09:41:47.270055566 +0100
-@@ -4751,11 +4751,17 @@
- 	? CHUNKING_LAST : CHUNKING_ACTIVE;
-       chunking_data_left = chunking_datasize;
- 
-+      /* push the current receive_* function on the "stack", and
-+      replace them by bdat_getc(), which in turn will use the lwr_receive_*
-+      functions to do the dirty work. */
-       lwr_receive_getc = receive_getc;
-       lwr_receive_ungetc = receive_ungetc;
-+
-       receive_getc = bdat_getc;
-       receive_ungetc = bdat_ungetc;
- 
-+      dot_ends = FALSE;
-+
-       DEBUG(D_any)
-         debug_printf("chunking state %d\n", (int)chunking_state);
-       goto DATA_BDAT;
-@@ -4763,6 +4769,7 @@
- 
-     case DATA_CMD:
-     HAD(SCH_DATA);
-+    dot_ends = TRUE;
- 
-     DATA_BDAT:		/* Common code for DATA and BDAT */
-     if (!discarded && recipients_count <= 0)

exim.changes

@@ -1,3 +1,152 @@
+-------------------------------------------------------------------
+Mon Apr 16 13:57:17 UTC 2018 - wullinger@rz.uni-kiel.de
+
+- update to 4.91
+ * DEFER rather than ERROR on redis cluster MOVED response.
+ * Catch and remove uninitialized value warning in exiqsumm
+ * Disallow '/' characters in queue names specified for the "queue=" ACL
+    modifier.  This matches the restriction on the commandline.
+ * Fix pgsql lookup for multiple result-tuples with a single column.
+    Previously only the last row was returned.
+ * Bug 2217: Tighten up the parsing of DKIM signature headers.
+ * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
+ * Fix issue with continued-connections when the DNS shifts unreliably.
+ * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
+ * The "support for" informational output now, which built with Content
+   Scanning support, has a line for the malware scanner interfaces compiled
+   in.  Interface can be individually included or not at build time.
+ * The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
+   by the template makefile "src/EDITME".  The "STREAM" support for an older
+   ClamAV interface method is removed.
+ * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
+   rows affected is given instead).
+ * The runtime Berkeley DB library version is now additionally output by
+   "exim -d -bV".  Previously only the compile-time version was shown.
+ * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
+   SMTP connection.
+ * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
+   routers.
+ * Bug 2174: A timeout on connect for a callout was also erroneously seen as
+   a timeout on read on a GnuTLS initiating connection, resulting in the
+   initiating connection being dropped.
+ * Relax results from ACL control request to enable cutthrough, in
+   unsupported situations, from error to silently (except under debug)
+   ignoring.
+ * Fix Buffer overflow in base64d() (CVE-2018-6789)
+ * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
+   metadata, resulting in a crash in free().
+ * Fix broken Heimdal GSSAPI authenticator integration.
+ * Bug 2113: Fix conversation closedown with the Avast malware scanner.
+ * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL.
+ * Speed up macro lookups during configuration file read, by skipping non-
+   macro text after a replacement (previously it was only once per line) and
+   by skipping builtin macros when searching for an uppercase lead character.
+ * DANE support moved from Experimental to mainline.  The Makefile control
+   for the build is renamed.
+ * Fix memory leak during multi-message connections using STARTTLS.
+ * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
+   reported the original.  Fix to report (as far as possible) the ACL
+   result replacing the original.
+ * Fix memory leak during multi-message connections using STARTTLS under
+   OpenSSL
+ * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
+ * Fix utf8_downconvert propagation through a redirect router.
+ * Bug 2253: For logging delivery lines under PRDR, append the overall
+   DATA response info to the (existing) per-recipient response info for
+   the "C=" log element.
+ * Bug 2251: Fix ldap lookups that return a single attribute having zero-
+   length value.
+ * Support Avast multiline protocol, this allows passing flags to
+   newer versions of the scanner.
+ *  Ensure that variables possibly set during message acceptance are marked
+    dead before release of memory in the daemon loop.
+ * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
+   as a multi-recipient message from a mailinglist manager).
+ * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+   replaced by the ${authresults } expansion.
+ * Bug 2257: Fix pipe transport to not use a socket-only syscall.
+ * Set a handler for SIGTERM and call exit(3) if running as PID 1. This
+   allows proper process termination in container environments.
+ * Bug 2258: Fix spool_wireformat in combination with LMTP transport.
+   Previously the "final dot" had a newline after it; ensure it is CR,LF.
+ * SPF: remove support for the "spf" ACL condition outcome values "err_temp"
+   and "err_perm", deprecated since 4.83 when the RFC-defined words
+   " temperror" and "permerror" were introduced.
+ * Re-introduce enforcement of no cutthrough delivery on transports having
+   transport-filters or DKIM-signing.
+ * Cutthrough: for a final-dot response timeout (and nonunderstood responses)
+   in defer=pass mode supply a 450 to the initiator.  Previously the message
+      would be spooled.
+ * DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+      tls_require_ciphers is used as before.
+ * Malware Avast: Better match the Avast multiline protocol.
+ * Fix reinitialisation of DKIM logging variable between messages.
+ * Bug 2255: Revert the disable of the OpenSSL session caching.
+ * Add util/renew-opendmarc-tlds.sh script for safe renewal of public
+   suffix list.
+ * DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
+   since the IETF WG has not yet settled on that versus the original
+   "bare" representation.
+ * Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
+   Previously the millisecond value corrupted the output.
+   Fix also for syslog_pid=no and log_selector +pid, for which the pid
+   corrupted the output.
+
+-------------------------------------------------------------------
+Thu Mar 15 20:22:09 UTC 2018 - crrodriguez@opensuse.org
+
+- Replace xorg-x11-devel by individual pkgconfig() buildrequires. 
+
+-------------------------------------------------------------------
+Tue Feb 13 13:39:34 UTC 2018 - kbabioch@suse.com
+
+- update to 4.90.1
+  * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
+    during configuration.  Wildcards are allowed and expanded.
+  * Shorten the log line for daemon startup by collapsing adjacent sets of
+    identical IP addresses on different listening ports.  Will also affect
+    "exiwhat" output.
+  * Tighten up the checking in isip4 (et al): dotted-quad components larger
+    than 255 are no longer allowed.
+  * Default openssl_options to include +no_ticket, to reduce load on peers.
+    Disable the session-cache too, which might reduce our load.  Since we
+    currrectly use a new context for every connection, both as server and
+    client, there is no benefit for these.
+  * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
+    <https://reproducible-builds.org/specs/source-date-epoch/>.
+  * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
+    the check for any unsuccessful recipients did not notice the limit, and
+    erroneously found still-pending ones.
+  * Pipeline CHUNKING command and data together, on kernels that support
+    MSG_MORE.  Only in-clear (not on TLS connections).
+  * Avoid using a temporary file during transport using dkim.  Unless a
+    transport-filter is involved we can buffer the headers in memory for
+    creating the signature, and read the spool data file once for the
+    signature and again for transmission.
+  * Enable use of sendfile in Linux builds as default.  It was disabled in
+    4.77 as the kernel support then wasn't solid, having issues in 64bit
+    mode.  Now, it's been long enough.  Add support for FreeBSD also.
+  * Add commandline_checks_require_admin option.
+  * Do pipelining under TLS.
+  * For the "sock" variant of the malware scanner interface, accept an empty
+    cmdline element to get the documented default one.  Previously it was
+    inaccessible.
+  * Prevent repeated use of -p/-oMr
+  * DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
+    if present.
+  * DKIM: when a message has multiple signatures matching an identity given
+    in dkim_verify_signers, run the dkim acl once for each.
+  * Support IDNA2008.
+  * The path option on a pipe transport is now expanded before use
+  * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
+- Several bug fixes
+- Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
+- removed patches (included upstream now):
+  * exim-CVE-2017-1000369.patch
+  * exim-CVE-2017-16943.patch
+  * exim-CVE-2017-16944.patch
+  * exim-4.86.2-mariadb_102_compile_fix.patch
+
 -------------------------------------------------------------------
 Thu Nov 30 08:32:50 UTC 2017 - wullinger@rz.uni-kiel.de
 

exim.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package exim
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -47,17 +47,12 @@ BuildRequires:  pam-devel
 BuildRequires:  openldap2-devel
 %endif
 BuildRequires:  pcre-devel
-%if %{?suse_version:1}%{?!suse_version:0}
-BuildRequires:  libopenssl-devel
 BuildRequires:  tcpd-devel
-BuildRequires:  xorg-x11-devel
+BuildRequires:  pkgconfig(libcrypto)
-%else
+BuildRequires:  pkgconfig(libssl)
-BuildRequires:  libXaw-devel
+BuildRequires:  pkgconfig(xaw7)
-BuildRequires:  libXext-devel
+BuildRequires:  pkgconfig(xmu)
-BuildRequires:  libXt-devel
+BuildRequires:  pkgconfig(xt)
-BuildRequires:  openssl-devel
-BuildRequires:  tcp_wrappers
-%endif
 Url:            http://www.exim.org/
 Conflicts:      sendmail sendmail-tls postfix
 Provides:       smtp_daemon
@@ -78,7 +73,7 @@ Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.88
+Version:        4.91
 Release:        0
 %if %{with_mysql}
 BuildRequires:  mysql-devel
@@ -90,11 +85,11 @@ BuildRequires:  postgresql-devel
 BuildRequires:  sqlite3-devel
 %endif
 Summary:        The Exim Mail Transfer Agent, a Replacement for sendmail
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Email/Servers
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Source:         http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2
+Source:         http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2
-Source3:        http://ftp.exim.org/pub/exim/exim4/old/exim-%{version}.tar.bz2.asc
+Source3:        http://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2.asc
 # http://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc
 Source4:        exim.keyring
 Source1:        sysconfig.exim
@@ -107,10 +102,6 @@ Source31:       eximstats.conf
 Source32:       eximstats.conf-2.2
 Source40:       exim.service
 Patch0:         exim-tail.patch
-Patch3:         exim-CVE-2017-1000369.patch
-Patch4:         exim-CVE-2017-16943.patch
-Patch5:         exim-CVE-2017-16944.patch
-Patch6:         exim-4.86.2-mariadb_102_compile_fix.patch
 
 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@@ -153,10 +144,6 @@ once, if at all. The rest is done by logrotate / cron.)
 %prep
 %setup -q -n exim-%{version}
 %patch0
-%patch3 -p 1
-%patch4 -p 1
-%patch5 -p 1
-%patch6 -p 1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
@@ -294,7 +281,7 @@ cat <<-EOF > Local/Makefile
 	EXPERIMENTAL_DSN=yes
 	SYSTEM_ALIASES_FILE=/etc/aliases
 %if %{with dane}
-	EXPERIMENTAL_DANE=yes
+	DANE=yes
 %endif
 	EXPERIMENTAL_SOCKS=yes
 %if %{with i18n}
@@ -328,7 +315,7 @@ make 	inst_dest=$RPM_BUILD_ROOT/usr/sbin \
 	inst_info=$RPM_BUILD_ROOT/%{_infodir} \
 	INSTALL_ARG=-no_chown 	install
 #mv $RPM_BUILD_ROOT/usr/sbin/exim-%{version}* $RPM_BUILD_ROOT/usr/sbin/exim
-mv $RPM_BUILD_ROOT/usr/sbin/exim-4.8* $RPM_BUILD_ROOT/usr/sbin/exim
+mv $RPM_BUILD_ROOT/usr/sbin/exim-4.9* $RPM_BUILD_ROOT/usr/sbin/exim
 mv $RPM_BUILD_ROOT/etc/exim/exim.conf src/configure.default # with all substitutions done
 %if 0%{?suse_version} > 1220
 install -m 0644 %{S:40} $RPM_BUILD_ROOT/%{_unitdir}/exim.service