From d81193c3173bd0f487a9fad474a7d45fb9316a8892610aec30e081d34ce94ed5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lars=20M=C3=BCller?= Date: Mon, 12 Oct 2015 20:32:07 +0000 Subject: [PATCH] Accepting request 335998 from home:-miska-:arm - Update to 4.86 * Support for using the system standard CA bundle. * New expansion items $config_file, $config_dir, containing the file and directory name of the main configuration file. Also $exim_version. * New "malware=" support for Avast. * New "spam=" variant option for Rspamd. * Assorted options on malware= and spam= scanners. * A commandline option to write a comment into the logfile. * If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can be configured to make connections via socks5 proxies. * If built with EXPERIMENTAL_INTERNATIONAL, support is included for the transmission of UTF-8 envelope addresses. * If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly used encoding of Maildir folder names. * A logging option for slow DNS lookups. * New ${env {}} expansion. * A non-SMTP authenticator using information from TLS client certificates. * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. Patch originally by Wolfgang Breyha. * Main option "dns_trust_aa" for trusting your local nameserver at the same level as DNSSEC. - Dropped exim-enable_ecdh_openssl.patch as included in upstream OBS-URL: https://build.opensuse.org/request/show/335998 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=171 --- exim-4.85.tar.bz2 | 3 - exim-4.85.tar.bz2.asc | 7 -- exim-4.86.tar.bz2 | 3 + exim-4.86.tar.bz2.asc | 11 ++++ exim-enable_ecdh_openssl.patch | 116 --------------------------------- exim.changes | 26 ++++++++ exim.spec | 6 +- 7 files changed, 42 insertions(+), 130 deletions(-) delete mode 100644 exim-4.85.tar.bz2 delete mode 100644 exim-4.85.tar.bz2.asc create mode 100644 exim-4.86.tar.bz2 create mode 100644 exim-4.86.tar.bz2.asc delete mode 100644 exim-enable_ecdh_openssl.patch diff --git a/exim-4.85.tar.bz2 b/exim-4.85.tar.bz2 deleted file mode 100644 index 761589a..0000000 --- a/exim-4.85.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4 -size 1784150 diff --git a/exim-4.85.tar.bz2.asc b/exim-4.85.tar.bz2.asc deleted file mode 100644 index df3b248..0000000 --- a/exim-4.85.tar.bz2.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAlSz5VAACgkQxPT5SATSnrq5/wCfaTbnPwDv6K9PvZvmAAYhlY/t -pawAnRUXHZrpQPPxIL1vIOC4BDreTCHW -=cFBh ------END PGP SIGNATURE----- diff --git a/exim-4.86.tar.bz2 b/exim-4.86.tar.bz2 new file mode 100644 index 0000000..0f3e3c0 --- /dev/null +++ b/exim-4.86.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f1ccf2ce2ea51b7fbbf160e7e0e41d24ca401cf44a185128ad99ea04635fc456 +size 1804807 diff --git a/exim-4.86.tar.bz2.asc b/exim-4.86.tar.bz2.asc new file mode 100644 index 0000000..ffd3a8a --- /dev/null +++ b/exim-4.86.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAABAgAGBQJVtNnIAAoJELzljIzkHzLfqeQH/AnmWsQkyVFc55TaSdRZ/dQl +/ocXi0lfWHfVQLG2ku0lNK1CFmj8Vq7stp4aU8ryIX7D1ANhjEUn5VHhYvhvB/s/ +bMRAMoE9Y14KrGaZM5RIOcBc3p8G/2Sj5k9+AV31VqLDlvYhxstC5oWdd/JTU8N+ +ENPFhzPJiJEiSzYkFM1eTeiHKQ9sjlpXYBfnAYRxAID+QRL4Q+QLT3gaP0oVXgHw +shp98y4cQY4dIau7BnpWgcby1OQ7zH4omieW3yy7LP3tIZXChHC8oAeB+8TN7O2+ +BdkYCdhVr9zzg7FcjDxTSGMp/LVaivJZsa1jel3Zle+xFpCHB4fyduQ0KzxJw2o= +=JB+6 +-----END PGP SIGNATURE----- diff --git a/exim-enable_ecdh_openssl.patch b/exim-enable_ecdh_openssl.patch deleted file mode 100644 index 70389df..0000000 --- a/exim-enable_ecdh_openssl.patch +++ /dev/null @@ -1,116 +0,0 @@ -# Taken from: -# http://bugs.exim.org/show_bug.cgi?id=1397 -# http://bugs.exim.org/attachment.cgi?id=661 - -Index: exim-4.83/src/globals.c -=================================================================== ---- exim-4.83.orig/src/globals.c -+++ exim-4.83/src/globals.c -@@ -158,6 +158,7 @@ that's the interop problem which has bee - bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */ - int tls_dh_max_bits = 2236; - uschar *tls_dhparam = NULL; -+uschar *tls_eccurve = NULL; - #ifndef DISABLE_OCSP - uschar *tls_ocsp_file = NULL; - #endif -Index: exim-4.83/src/globals.h -=================================================================== ---- exim-4.83.orig/src/globals.h -+++ exim-4.83/src/globals.h -@@ -118,6 +118,7 @@ extern uschar *tls_channelbinding_b64; / - extern uschar *tls_crl; /* CRL File */ - extern int tls_dh_max_bits; /* don't accept higher lib suggestions */ - extern uschar *tls_dhparam; /* DH param file */ -+extern uschar *tls_eccurve; /* EC curve */ - #ifndef DISABLE_OCSP - extern uschar *tls_ocsp_file; /* OCSP stapling proof file */ - #endif -Index: exim-4.83/src/readconf.c -=================================================================== ---- exim-4.83.orig/src/readconf.c -+++ exim-4.83/src/readconf.c -@@ -443,6 +443,7 @@ static optionlist optionlist_config[] = - { "tls_crl", opt_stringptr, &tls_crl }, - { "tls_dh_max_bits", opt_int, &tls_dh_max_bits }, - { "tls_dhparam", opt_stringptr, &tls_dhparam }, -+ { "tls_eccurve", opt_stringptr, &tls_eccurve }, - # ifndef DISABLE_OCSP - { "tls_ocsp_file", opt_stringptr, &tls_ocsp_file }, - # endif -Index: exim-4.83/src/tls-openssl.c -=================================================================== ---- exim-4.83.orig/src/tls-openssl.c -+++ exim-4.83/src/tls-openssl.c -@@ -612,6 +612,59 @@ return TRUE; - - - -+#if !defined(OPENSSL_NO_ECDH) -+static BOOL -+init_ecdh(SSL_CTX *sctx, host_item *host) -+{ -+EC_KEY *ecdh; -+int nid; -+ -+# if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L -+/* check if OpenSSL >= 1.0.2 auto ECDH temp key parameter selection should be used */ -+if (Ustrcmp(tls_eccurve, "auto") == 0) -+ { -+ DEBUG(D_tls) debug_printf("ECDH temp key parameter settings: OpenSSL 1.2+ autoselection\n"); -+ SSL_CTX_set_ecdh_auto(sctx, 1); -+ return TRUE; -+ } -+# endif -+ -+if (tls_eccurve == NULL) -+ { -+ DEBUG(D_tls) -+ debug_printf("ECDH curve (default): prime256v1\n", tls_eccurve); -+ nid = NID_X9_62_prime256v1; -+ } -+else -+ { -+ /* search curve name */ -+ DEBUG(D_tls) -+ debug_printf("ECDH curve: %s\n", tls_eccurve); -+ nid = OBJ_sn2nid((uschar *)tls_eccurve); -+ if (nid == 0) -+ { -+ tls_error(string_sprintf("Unkown curve name tls_eccurve \"%s\"", tls_eccurve), -+ host, NULL); -+ return FALSE; -+ } -+ } -+ -+ecdh = EC_KEY_new_by_curve_name(nid); -+if (ecdh == NULL) -+ { -+ tls_error("Unable to create ec curve", -+ host, NULL); -+ return FALSE; -+ } -+ -+SSL_CTX_set_tmp_ecdh(sctx, ecdh); -+EC_KEY_free(ecdh); -+ -+return TRUE; -+} -+#endif -+ -+ - - #ifndef DISABLE_OCSP - /************************************************* -@@ -1254,6 +1307,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu - rc = tls_expand_session_files(*ctxp, cbinfo); - if (rc != OK) return rc; - -+#if !defined(OPENSSL_NO_ECDH) -+/* Initialize ECDH temp key parameter selection */ -+if (!init_ecdh(*ctxp, host)) return DEFER; -+#endif -+ - /* If we need to handle SNI, do so */ - #ifdef EXIM_HAVE_OPENSSL_TLSEXT - if (host == NULL) /* server */ diff --git a/exim.changes b/exim.changes index 2bd1c09..cd7c03b 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Fri Oct 2 21:56:18 UTC 2015 - michal.hrusecky@opensuse.org + +- Update to 4.86 + * Support for using the system standard CA bundle. + * New expansion items $config_file, $config_dir, containing the file + and directory name of the main configuration file. Also $exim_version. + * New "malware=" support for Avast. + * New "spam=" variant option for Rspamd. + * Assorted options on malware= and spam= scanners. + * A commandline option to write a comment into the logfile. + * If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can + be configured to make connections via socks5 proxies. + * If built with EXPERIMENTAL_INTERNATIONAL, support is included for + the transmission of UTF-8 envelope addresses. + * If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly + used encoding of Maildir folder names. + * A logging option for slow DNS lookups. + * New ${env {}} expansion. + * A non-SMTP authenticator using information from TLS client certificates. + * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. + Patch originally by Wolfgang Breyha. + * Main option "dns_trust_aa" for trusting your local nameserver at the + same level as DNSSEC. +- Dropped exim-enable_ecdh_openssl.patch as included in upstream + ------------------------------------------------------------------- Wed May 6 21:25:49 UTC 2015 - lmuelle@suse.com diff --git a/exim.spec b/exim.spec index 45215b4..46da244 100644 --- a/exim.spec +++ b/exim.spec @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -54,7 +54,7 @@ Requires(pre): %fillup_prereq Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version: 4.85 +Version: 4.86 Release: 0 %if %{with_mysql} BuildRequires: mysql-devel @@ -80,7 +80,6 @@ Source31: eximstats.conf Source32: eximstats.conf-2.2 Source40: exim.service Patch: exim-tail.patch -Patch1: exim-enable_ecdh_openssl.patch %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -123,7 +122,6 @@ once, if at all. The rest is done by logrotate / cron.) %prep %setup -q -n exim-%{version} %patch -%patch1 -p1 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 fPIE="-fPIE"