Accepting request 335998 from home:-miska-:arm

- Update to 4.86
  * Support for using the system standard CA bundle.
  * New expansion items $config_file, $config_dir, containing the file
    and directory name of the main configuration file. Also $exim_version.
  * New "malware=" support for Avast.
  * New "spam=" variant option for Rspamd.
  * Assorted options on malware= and spam= scanners.
  * A commandline option to write a comment into the logfile.
  * If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can
    be configured to make connections via socks5 proxies.
  * If built with EXPERIMENTAL_INTERNATIONAL, support is included for
    the transmission of UTF-8 envelope addresses.
  * If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly
    used encoding of Maildir folder names.
  * A logging option for slow DNS lookups.
  * New ${env {<variable>}} expansion.
  * A non-SMTP authenticator using information from TLS client certificates.
  * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS.
    Patch originally by Wolfgang Breyha.
  * Main option "dns_trust_aa" for trusting your local nameserver at the
    same level as DNSSEC.
- Dropped exim-enable_ecdh_openssl.patch as included in upstream

OBS-URL: https://build.opensuse.org/request/show/335998
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=171

exim-4.85.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4
-size 1784150

exim-4.85.tar.bz2.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iEYEABECAAYFAlSz5VAACgkQxPT5SATSnrq5/wCfaTbnPwDv6K9PvZvmAAYhlY/t
-pawAnRUXHZrpQPPxIL1vIOC4BDreTCHW
-=cFBh
------END PGP SIGNATURE-----

exim-4.86.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f1ccf2ce2ea51b7fbbf160e7e0e41d24ca401cf44a185128ad99ea04635fc456
+size 1804807

exim-4.86.tar.bz2.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJVtNnIAAoJELzljIzkHzLfqeQH/AnmWsQkyVFc55TaSdRZ/dQl
+/ocXi0lfWHfVQLG2ku0lNK1CFmj8Vq7stp4aU8ryIX7D1ANhjEUn5VHhYvhvB/s/
+bMRAMoE9Y14KrGaZM5RIOcBc3p8G/2Sj5k9+AV31VqLDlvYhxstC5oWdd/JTU8N+
+ENPFhzPJiJEiSzYkFM1eTeiHKQ9sjlpXYBfnAYRxAID+QRL4Q+QLT3gaP0oVXgHw
+shp98y4cQY4dIau7BnpWgcby1OQ7zH4omieW3yy7LP3tIZXChHC8oAeB+8TN7O2+
+BdkYCdhVr9zzg7FcjDxTSGMp/LVaivJZsa1jel3Zle+xFpCHB4fyduQ0KzxJw2o=
+=JB+6
+-----END PGP SIGNATURE-----

exim-enable_ecdh_openssl.patch

@@ -1,116 +0,0 @@
-# Taken from:
-# http://bugs.exim.org/show_bug.cgi?id=1397
-# http://bugs.exim.org/attachment.cgi?id=661
-
-Index: exim-4.83/src/globals.c
-===================================================================
---- exim-4.83.orig/src/globals.c
-+++ exim-4.83/src/globals.c
-@@ -158,6 +158,7 @@ that's the interop problem which has bee
- bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
- int     tls_dh_max_bits        = 2236;
- uschar *tls_dhparam            = NULL;
-+uschar *tls_eccurve            = NULL;
- #ifndef DISABLE_OCSP
- uschar *tls_ocsp_file          = NULL;
- #endif
-Index: exim-4.83/src/globals.h
-===================================================================
---- exim-4.83.orig/src/globals.h
-+++ exim-4.83/src/globals.h
-@@ -118,6 +118,7 @@ extern uschar *tls_channelbinding_b64; /
- extern uschar *tls_crl;                /* CRL File */
- extern int     tls_dh_max_bits;        /* don't accept higher lib suggestions */
- extern uschar *tls_dhparam;            /* DH param file */
-+extern uschar *tls_eccurve;            /* EC curve */
- #ifndef DISABLE_OCSP
- extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
- #endif
-Index: exim-4.83/src/readconf.c
-===================================================================
---- exim-4.83.orig/src/readconf.c
-+++ exim-4.83/src/readconf.c
-@@ -443,6 +443,7 @@ static optionlist optionlist_config[] =
-   { "tls_crl",                  opt_stringptr,   &tls_crl },
-   { "tls_dh_max_bits",          opt_int,         &tls_dh_max_bits },
-   { "tls_dhparam",              opt_stringptr,   &tls_dhparam },
-+  { "tls_eccurve",              opt_stringptr,   &tls_eccurve },
- # ifndef DISABLE_OCSP
-   { "tls_ocsp_file",            opt_stringptr,   &tls_ocsp_file },
- # endif
-Index: exim-4.83/src/tls-openssl.c
-===================================================================
---- exim-4.83.orig/src/tls-openssl.c
-+++ exim-4.83/src/tls-openssl.c
-@@ -612,6 +612,59 @@ return TRUE;
- 
- 
- 
-+#if !defined(OPENSSL_NO_ECDH)
-+static BOOL
-+init_ecdh(SSL_CTX *sctx, host_item *host)
-+{
-+EC_KEY *ecdh;
-+int nid;
-+
-+# if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
-+/* check if OpenSSL >= 1.0.2 auto ECDH temp key parameter selection should be used */
-+if (Ustrcmp(tls_eccurve, "auto") == 0)
-+  {
-+  DEBUG(D_tls) debug_printf("ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n");
-+  SSL_CTX_set_ecdh_auto(sctx, 1);
-+  return TRUE;
-+  }
-+# endif
-+
-+if (tls_eccurve == NULL)
-+  {
-+  DEBUG(D_tls)
-+    debug_printf("ECDH curve (default): prime256v1\n", tls_eccurve);
-+  nid = NID_X9_62_prime256v1;
-+  }
-+else
-+  {
-+  /* search curve name */
-+  DEBUG(D_tls)
-+    debug_printf("ECDH curve: %s\n", tls_eccurve);
-+  nid = OBJ_sn2nid((uschar *)tls_eccurve);
-+  if (nid == 0)
-+    {
-+    tls_error(string_sprintf("Unkown curve name tls_eccurve \"%s\"", tls_eccurve),
-+      host, NULL);
-+    return FALSE;
-+    }
-+  }
-+
-+ecdh = EC_KEY_new_by_curve_name(nid);
-+if (ecdh == NULL)
-+  {
-+  tls_error("Unable to create ec curve",
-+    host, NULL);
-+  return FALSE;
-+  }
-+
-+SSL_CTX_set_tmp_ecdh(sctx, ecdh);
-+EC_KEY_free(ecdh);
-+
-+return TRUE;
-+}
-+#endif
-+
-+
- 
- #ifndef DISABLE_OCSP
- /*************************************************
-@@ -1254,6 +1307,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu
- rc = tls_expand_session_files(*ctxp, cbinfo);
- if (rc != OK) return rc;
- 
-+#if !defined(OPENSSL_NO_ECDH)
-+/* Initialize ECDH temp key parameter selection */
-+if (!init_ecdh(*ctxp, host)) return DEFER;
-+#endif
-+
- /* If we need to handle SNI, do so */
- #ifdef EXIM_HAVE_OPENSSL_TLSEXT
- if (host == NULL)		/* server */

exim.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Fri Oct  2 21:56:18 UTC 2015 - michal.hrusecky@opensuse.org
+
+- Update to 4.86
+  * Support for using the system standard CA bundle.
+  * New expansion items $config_file, $config_dir, containing the file
+    and directory name of the main configuration file. Also $exim_version.
+  * New "malware=" support for Avast.
+  * New "spam=" variant option for Rspamd.
+  * Assorted options on malware= and spam= scanners.
+  * A commandline option to write a comment into the logfile.
+  * If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can
+    be configured to make connections via socks5 proxies.
+  * If built with EXPERIMENTAL_INTERNATIONAL, support is included for
+    the transmission of UTF-8 envelope addresses.
+  * If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly
+    used encoding of Maildir folder names.
+  * A logging option for slow DNS lookups.
+  * New ${env {<variable>}} expansion.
+  * A non-SMTP authenticator using information from TLS client certificates.
+  * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS.
+    Patch originally by Wolfgang Breyha.
+  * Main option "dns_trust_aa" for trusting your local nameserver at the
+    same level as DNSSEC.
+- Dropped exim-enable_ecdh_openssl.patch as included in upstream
+
 -------------------------------------------------------------------
 Wed May  6 21:25:49 UTC 2015 - lmuelle@suse.com
 

exim.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package exim
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -54,7 +54,7 @@ Requires(pre):  %fillup_prereq
 Requires(pre):  /usr/sbin/useradd
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.85
+Version:        4.86
 Release:        0
 %if %{with_mysql}
 BuildRequires:  mysql-devel
@@ -80,7 +80,6 @@ Source31:       eximstats.conf
 Source32:       eximstats.conf-2.2
 Source40:       exim.service
 Patch:          exim-tail.patch
-Patch1:         exim-enable_ecdh_openssl.patch
 
 %package -n eximon
 Summary:        Eximon, an graphical frontend to administer Exim's mail queue
@@ -123,7 +122,6 @@ once, if at all. The rest is done by logrotate / cron.)
 %prep
 %setup -q -n exim-%{version}
 %patch
-%patch1 -p1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"