Accepting request 242388 from server:mail

- Add silence-static-checkers.patch; (beo#1506). - update to 4.83 This release of Exim includes one incompatible fix: + the behavior of expansion of arguments to math comparison functions (<, <=, =, =>, >) was unexpected, expanding the values twice; CVE-2014-2972; (bnc#888520) This release contains the following enhancements and bugfixes: + PRDR was promoted from Experimental to mainline + OCSP Stapling was promoted from Experimental to mainline + new Experimental feature Proxy Protocol + new Experimental feature DSN (Delivery Status Notifications) + TLS session improvements + TLS SNI fixes + LDAP enhancements + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + several new operations (listextract, utf8clean, md5, sha1) + enforce header formatting with verify=header_names_ascii + new commandline option -oMm + new TLSA dns lookup + new malware "sock" type + cutthrough routing enhancements + logging enhancements + DNSSEC enhancements + exiqgrep enhancements + deprecating non-standard SPF results + build and portability fixes + documentation fixes and enhancements - Verify source tar ball gpg signature. - Refresh exim-enable_ecdh_openssl.patch and strip version number from the patch filename. The next two are a change log merge only. These two references got somehow lost in the past. - Fixed another remote code execution issue (CVE-2011-1407 / bnc#694798) - Fixed STARTTLS command injection (bnc#695144) OBS-URL: https://build.opensuse.org/request/show/242388 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/exim?expand=0&rev=28
2014-07-26 07:42:13 +00:00 · 2014-07-26 07:42:13 +00:00 · f25148eaa8
commit f25148eaa8
parent 11549b84fe 2c1ef50fea
8 changed files with 305 additions and 30 deletions
--- a/exim-4.82.tar.bz2
+++ b/exim-4.82.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:46dedfb6ced2aa4a1eddc5d8ce46a790a961508bd389faa2e215302ae80d91cf
-size 1722771
--- a/exim-4.83.tar.bz2
+++ b/exim-4.83.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:efa031b89ffb2ab844a4bf9d3a5d7ca4d587d82b62ae233d68c4f26e079a6a02
+size 1761169
--- a/exim-4.83.tar.bz2.asc
+++ b/exim-4.83.tar.bz2.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iEYEABECAAYFAlPNLg4ACgkQxPT5SATSnrpiSQCfVelBsGwYu5MrHF6F9JK77Vx0
+d20AmwbNDqDWF+exEH7ARQOxJWPWlFjJ
+=fdcr
+-----END PGP SIGNATURE-----
--- a/exim482-enable_ecdh_openssl.patch
+++ b/exim482-enable_ecdh_openssl.patch
@ -2,45 +2,49 @@
 # http://bugs.exim.org/show_bug.cgi?id=1397
 # http://bugs.exim.org/attachment.cgi?id=661

-diff -urN exim-4.82_RC3.orig/src/globals.c exim-4.82_RC3.ecdh/src/globals.c
--- exim-4.82_RC3.orig/src/globals.c	2013-10-09 22:47:52.000000000 +0200
-+++ exim-4.82_RC3.ecdh/src/globals.c	2013-10-15 00:53:16.000000000 +0200
-@@ -137,6 +137,7 @@
+Index: exim-4.83/src/globals.c
+===================================================================
+--- exim-4.83.orig/src/globals.c
+++ exim-4.83/src/globals.c
+@@ -150,6 +150,7 @@ that's the interop problem which has bee
 bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */
 int     tls_dh_max_bits        = 2236;
 uschar *tls_dhparam            = NULL;
 +uschar *tls_eccurve            = NULL;
- #if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+ #ifndef DISABLE_OCSP
 uschar *tls_ocsp_file          = NULL;
 #endif
-diff -urN exim-4.82_RC3.orig/src/globals.h exim-4.82_RC3.ecdh/src/globals.h
--- exim-4.82_RC3.orig/src/globals.h	2013-10-09 22:47:52.000000000 +0200
-+++ exim-4.82_RC3.ecdh/src/globals.h	2013-10-15 00:52:25.000000000 +0200
-@@ -105,6 +105,7 @@
+Index: exim-4.83/src/globals.h
+===================================================================
+--- exim-4.83.orig/src/globals.h
+++ exim-4.83/src/globals.h
+@@ -114,6 +114,7 @@ extern uschar *tls_channelbinding_b64; /
 extern uschar *tls_crl;                /* CRL File */
 extern int     tls_dh_max_bits;        /* don't accept higher lib suggestions */
 extern uschar *tls_dhparam;            /* DH param file */
 +extern uschar *tls_eccurve;            /* EC curve */
- #if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+ #ifndef DISABLE_OCSP
 extern uschar *tls_ocsp_file;          /* OCSP stapling proof file */
 #endif
-diff -urN exim-4.82_RC3.orig/src/readconf.c exim-4.82_RC3.ecdh/src/readconf.c
--- exim-4.82_RC3.orig/src/readconf.c	2013-10-09 22:47:52.000000000 +0200
-+++ exim-4.82_RC3.ecdh/src/readconf.c	2013-10-15 00:53:58.000000000 +0200
-@@ -433,6 +433,7 @@
+Index: exim-4.83/src/readconf.c
+===================================================================
+--- exim-4.83.orig/src/readconf.c
+++ exim-4.83/src/readconf.c
+@@ -440,6 +440,7 @@ static optionlist optionlist_config[] =
   { "tls_crl",                  opt_stringptr,   &tls_crl },
   { "tls_dh_max_bits",          opt_int,         &tls_dh_max_bits },
   { "tls_dhparam",              opt_stringptr,   &tls_dhparam },
 +  { "tls_eccurve",              opt_stringptr,   &tls_eccurve },
- # if defined(EXPERIMENTAL_OCSP) && !defined(USE_GNUTLS)
+ # ifndef DISABLE_OCSP
   { "tls_ocsp_file",            opt_stringptr,   &tls_ocsp_file },
 # endif
-diff -urN exim-4.82_RC3.orig/src/tls-openssl.c exim-4.82_RC3.ecdh/src/tls-openssl.c
--- exim-4.82_RC3.orig/src/tls-openssl.c	2013-10-09 22:47:52.000000000 +0200
-+++ exim-4.82_RC3.ecdh/src/tls-openssl.c	2013-10-15 00:51:20.000000000 +0200
-@@ -446,7 +446,57 @@
- return TRUE;
- }
+Index: exim-4.83/src/tls-openssl.c
+===================================================================
+--- exim-4.83.orig/src/tls-openssl.c
+++ exim-4.83/src/tls-openssl.c
+@@ -497,6 +497,59 @@ return TRUE;
+ 
+ 
 
 +#if !defined(OPENSSL_NO_ECDH)
 +static BOOL
@ -48,7 +52,7 @@ diff -urN exim-4.82_RC3.orig/src/tls-openssl.c exim-4.82_RC3.ecdh/src/tls-openss
 +{
 +EC_KEY *ecdh;
 +int nid;
- 
+
 +# if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10002000L
 +/* check if OpenSSL >= 1.0.2 auto ECDH temp key parameter selection should be used */
 +if (Ustrcmp(tls_eccurve, "auto") == 0)
@ -93,10 +97,12 @@ diff -urN exim-4.82_RC3.orig/src/tls-openssl.c exim-4.82_RC3.ecdh/src/tls-openss
 +return TRUE;
 +}
 +#endif
+
+
 
- 
- #ifdef EXPERIMENTAL_OCSP
-@@ -1066,6 +1116,11 @@
+ #ifndef DISABLE_OCSP
+ /*************************************************
+@@ -1134,6 +1187,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu
 rc = tls_expand_session_files(*ctxp, cbinfo);
 if (rc != OK) return rc;
 
--- a/exim-pubkey_04d29eba.asc
+++ b/exim-pubkey_04d29eba.asc
@ -0,0 +1,191 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQGiBFEeNMoRBADs2P/EuO10f7fhcFbNVG6koAQDbt3kiScBW3I8r/hqIZnaZAc9
+fuppU44ccUdV+P7fwQ3BkbZ2jzvHmgmBoB/9YCpBGnSbzWvthncMZZnF4O4JgRLB
+nESQn1J87CZDro2se5eONps6hASjG1B3FzJoYMFZu+kNpdLh8bWgrLHVPwCg4aX7
+bnEpXADkYpT8MupsE6jI6LsD/3Xi+FRbVt3xNwqTmjAjv+oWhIiOTX+XHEMVfrTS
+CKuLUWsQ034RGDSNogEUWeQkXh3HobnEi4QAcsnRjYF1cIWYk8nDtnOC1OZZIpbS
+QOFtHH47O+nBrWynHKOBACDcHV9VQGQaVXr5sNk4eYwMrxvtGhF1bjj7KBsT5YdL
+n+iJBACJm0VjXhZxKLhuqGlMMrlgVmHaXKFDaydh86JBYH+Ast8oNMMnqlXKC1rI
+8qXHiNe5qnI0TrZCFTnOAIqv0Omwzu/tSc99OA9ix7kepRYg86I4T6BrROllPh6C
+rNbqY8ZFhD9mNWIv4kYxrYBO+tKhHUEkJ3wEWaamUOzaK3Y2Z7QuVG9kZCBMeW9u
+cyAoRXhpbSBNYWludGFpbmVyKSA8dGx5b25zQGV4aW0ub3JnPohGBBARAgAGBQJR
+JVHbAAoJEGNlQRsSAzC88jQAn1HT5vTtl/9o2sKN9LBRAs01H0WRAJ9dr6ckRcQz
+nXOMIpBKMfAUX3epNohGBBARAgAGBQJRJVMMAAoJECAU9duuEnAVIXAAn3Mlt/0V
+gem34mmQVWE9rsJ7tck/AJ9WZPX4pDzcOtupOd2YxF7oXLe0pIhGBBARAgAGBQJR
+LP86AAoJEC/U7wtSai1aj0sAnA9SliHm1MxiDC+g126lo8SofaQoAKCa6g0ZaF5E
+aMFEGjZkalBqLS/PyYhGBBARAgAGBQJRMjJgAAoJELYXl6mrvqb/tmEAni6+PYxM
+NnAeDBpM5QtGoSzqG6gNAJ9PvprHoLBPfp+ldKo3v/nERHfx4IhGBBIRAgAGBQJR
+Pl1vAAoJEHf7WYoRZwdD2RwAn3dJNVyxLbZu6qWN97g5xHSAJmQsAJ4k4gLO2q01
+XNbFwmj5ErHv5diEohGBBMRAgAGBQJRLoozAAoJEMiGpCvVsvD75fcAnj5qodpT
+ku6OzColCuO+ZZzyqt5AKClcmZXiRmDrFxoGoZKi9o1IqRtxYhGBBMRAgAGBQJR
+LtLTAAoJEELSVvZa1vJ02IEAmwW6G1xVE4zT2K1GjNYqIrowa9KPAJ40rYQ7y2TU
+nPnK99ZKFsx1OQ/sqYhGBBMRAgAGBQJRMBgPAAoJEPXvyebVBonFq58AnRLAGPpE
+DQHCN0Uyq0yQtuUg3iCxAJ9nDJDf0hkq8dHxGC0iDsf8BXf2pYhGBBMRAgAGBQJR
+Omc3AAoJEDeV6MWh5zK7aukAnjJ37ulRGXw4uTHBpBIpvIwlDQOZAKChjCqdROTn
+lEEpkfrsCusJmqe58IheBBMRCAAGBQJRLxCRAAoJENPenmBWyCPu77wA/2Iq0ewD
+KyFWaZKl0p4dqm7u0qU3bk5z9rQXtPEl1scEAQCJVQTlUyb2jnV7lTx9kwwVBsIJ
+x1I1y1yBozrAdpmfzohmBBMRAgAmBQJRHjTKAhsDBQkJZgGABgsJCAcDAgQVAggD
+BBYCAwECHgECF4AACgkQxPT5SATSnrowPACdFbVVaN9QPnIaF51zGIewSDUDy+cA
+n03F+g7A8/nSxZN/a/JwrSYYQJhyiQEcBBABAgAGBQJRKo8EAAoJEJea6avcP6H1
+ISEIAJkWwUuxjvSPm9HWHHqmeuH2VMN0RLY/Afes+kMaaINh5pSReQ6j3TmpWUm2
+1q/Ho0eMLUK8SGZPhgfGhc0SVAsSstX8eUWExdwXzo5hnTQYRcTWewWZd0dIG/hv
+2+4AtYmbUyn8amVXtM+jOS+8svAXbdgDVliuUDDbjuLpWO7tJUvw6UG0U9HZ/wIs
+IzW2kt3YoQk7BoKJX29nV3QLFeVfb1Bd9htsK331x9XYy08nm7Y63k3/pec2iZg
+XbB/5eq3G1fiOAG/r1lsNX2HltQ2cuiRPP8kCNm3CEqVuKi25c55YvUGM7rJrTdV
+GZ/CEgq7F7aychoOhkuNw1eldN2JARwEEgEIAAYFAlEwI64ACgkQJOOBo2a/rYe4
+igf+NwD9qi1YRcuo5my29oGHBnPhP6FR6n0U8PI6qAkbzFQiK0GKUpcEuKePPICH
+8yjsNEIiUF79NCCpbEngYfH6JFAaR2GoqTSeXfEaCQqQyu/bLwT+g0OttYY7SxrN
+u3jzzolGKhOy05zkM8Fo2GL1FOpriv/0XK+9pqhF38pbfGlNbvJ3rM3DhqpYr+x1
+XvkpjR8yBdQ1tx1gHd2VSGTfRsmOPfq1oIKTBSfBALNVpYtIXWRKqLOLxa95AZM9
+pk01jGwQUaRK4giIV8Ix1IiT1svBB9uu24UmNlAyootU/6wUNOWDhQh9F0QNEwZr
+gE76LqTO7W4CGYp9D+uXzGW9YkBHAQTAQIABgUCUS6KFAAKCRBcxobxGhq8hL1Y
+CAC3dYcE9e0lcrmnbNzxX+7Cawis3iilqsc5pLi3q3BGjAO/RNddtWGv9NP41I62
+JFJEIAmYrLAwl63CFBet6z9CKqlYJz4grl3xdAGMjGP8Pfc4IqSsoedKJWy5hKbg
+zzUvKDTgQ4v2BWa3jB4DvbgbmR6D3VEmN6DLcl6mzvENBUI8cQnrmpnL7hNjocMn
+Gpnf9CNJpe11grRX4DFp6fildkHJYo5A8oMbvjXJSYmi4UmAfLT+FloBDuWsV/zd
+qWI0eWs13ipOV+X8Fd5aNtjeEIMrx0ffDHwAawlYiXvCeKzQY5RZhRFRGtpxL+CG
+bWAPESv8IABTBDZ/TZkpE/n8iQEcBBMBAgAGBQJRLydEAAoJEFyzEAqshV+EkBoI
+ALsra4agZf1hHCTs15hJyvFLuAPL0yjmtVFBMsvKkv0VHF+f283KV2/htWGNzEXU
+ZfWr5agEn/bUn0L1Jqs4m5Bys+Mj8mjRag/dVNvitJi1Pawo+7AAC0qB6sjMCt6f
+H83hNNm2aim+6HguoCfdRzAziYnJzVG2hh3fWhvvL3K/HoPt+I/Mam2zvM8Rchpp
+uj2j7LcZf2soupAc9d50ZfCr80aBhU4EBRaCQuKWWV2vcoIVE98H8THSS2uMI4kI
+6YsfzsTQToBmu5EfuXk9gnJRsKLIF2oyQXcTV4t5tbjvpMgyxGPL23VZ0ZK/YdcJ
+zXBjW1jMQFFiObe3DbeTQXaJARwEEwECAAYFAlEwL8MACgkQ+ZJLzzXqIF63RAf9
+FGIyi/Ppm4hqVtsY2Y8G/xUq6hgHIpY0K2weeRuLX82W/re6KkH5UK+vropcgmxD
+LfosHb9xzGaTx8PhbFeMHykBZDkajk/5hN6YG1kcK1PnDINhvXUMOLVsdKkCVsEN
+XoDmoolVb6btKHnju/uggM9JGGdCYwKHGhg7tYX87dU6BEheYTRkkkJvO+mfbvbC
+mGHtos8IrD52e5hIZR6SiEquNiRfj4Mz66g2OltCxJq4uCFN9GZatTYB3nkPygIg
+jhn5Yv3sBpt3nhQ+uUM2IFdNAp8NblZ0CKFR/KrzgRxb7+FV9Z7RdzTD3Gh+8GB2
+MVoG3Lt14mSZDnggufVGE4kBHAQTAQIABgUCUTBOcgAKCRCXmumr3D+h9bcIB/4l
+01ECmdGbj332KHN7fVmtHVFS1NCGtkLupYjstFx36PchzY+CwL0iL3mt50yzHb2d
+d1z/XH2uF8vKKVYlBSnhwds5dNAmPP7qjOJ6oNP0Pc67Uh+2I4LcKI8S8yC/gzrG
+jf/i5oARZqpDvdvQXPuM61UlOXy+aoyKuICvzESjuCNRxy1nOquk0oVzqhevHXE7
+fcE/iwWWvni6F5usBgfvVNSsobN7vTejif0rWmp5WFPCzQxSlYb5W/mNl1wxLvdd
+LLIvOrpxPxoObHUSGK6g5sBamvtJH69Hs654mYnjx1xws4tOnxPUhw/fzzFIQcdh
+0ML2qFQLac972vxSkg+wiQEcBBMBAgAGBQJRMF2+AAoJEMBB/i4EJuKiSNAH/0X9
+wXezMjmGYeIGDBOZmyikPc0HH1hKCZz29h8IfIKYqp2jPt3oTHXVq+YFhwP19jkH
+1kKdkpawj59pu4CDJzFK+6SHDJ9uumIGvIUD9BSHTf8wOJfvK+4pvbTofQpTeHTv
+8SvGOaHIqCLJWCwbVnIJ8kKSy9a2sH3jV9FHo+lph9Hwa1/vlejGwrkScPPsVrFL
+1zE42Vp76T9WCNX121yCiJzfFDzcxJJCipT7QUfrak3aHDgjRQD9bWzKsZ/43lAA
+lPrlykkHCh035C3cNHcBm9wb1iy32ex1La0TqPfA2Z34gXzfVTwMfc6h1DUtlku8
+3wczaudmY5Yr0icWiFKJARwEEwECAAYFAlEwaycACgkQCshk2qWC5Sb3/QgAl6T3
+z9Mi72zGDQQGzTtAQufEu+1zhSMZD7/8Y2hEsplx2TIFl9W3WNtUVDBV66vkRysm
+SyXg5eJvGCbYVZGLbun5qg1Bam8DHLklmncsU4+Hk36EFVwOi+ENDMCZ+31Eogho
+Iico8fYGzA2rwBma5Z7p36BaTd+phLtToairbggWOwr4Z7O7rfKZ3gNnM5eCOzjI
+BXhzN0+E5GI+XdCMPWt/4GqQTLi9hMEJUlnVLCx4mGO/bfk9cUoSbOTAuS6bxSzM
+wG+KOrhJEeuzQzzZLqrgbn8CopRCjbiCC6kjplQOChi97fF2VHaKl1rv97bLHV3H
+l6zMAfpe+/EXg6hXNIkBHAQTAQIABgUCUTJ+YgAKCRDtiRn5bSY5dLT0B/0Ry4M0
+OLisnkhgpdAB0w2Og00dY7tYZJOV01DWToN+iB+uSvzqpZfLiAzzgD5C05O/edKh
+AKzOagu9eyr4pu2TMH4n9i3e4b+HVvlg4+03WLWVAVXBl/zLUPhRcjsIPJGV9m43
+vZeeOD1BfQ+EaPpdumptTaB1wV9mtHasi0YhOmHFS5GGAuFZ3mIiC77Jc3uiohDX
+aiLUlS0ReW/qH2kMtTzI05CcEXEoN/Kap7lJRsa3i4pVx/uEBHJ/VdiXxtGxxutR
+VN4VnRyI/BVwWgdYcK/kJo80X29mt+EHtMrgqaiieRMAktS+XbEizDIIn02+gW8V
+AxgmY++hk4Er1Z3oiQEcBBMBAgAGBQJRPXGSAAoJEPVY+FVZdjgU/ZcIALTPiiXX
+e4D0oJClZfPI5vFgg/gCKxa0EnDRySkrtx0rn50+bCNy2DcNYkHSj+Lrt9VL7N0/
+wmdFUNgQV/te/oyEDKzvGrzC0+QpzqfgI7NVzUtvIwrAZC42rAqjkFAAP+4yAWbT
+U5tOpUi4hcipl7GKOqJDMtBMZ2s+jpO9hH3Jw19xhVduvGsrszD4DBhzpSA63w0i
+3/AIuizGjFDSWOjaQiboliIGLVwCA/7E+KSCKslxE6WIb9ibTnVoVOXALdj1HLx6
+T2yPUVTucXL3EuiKaZg/ntd3ohQS5L362FVBAxmREilr+j8M8qI+AJiWfecoLGy
+V6S1YUG69KpE5h6JARwEEwECAAYFAlFRJC0ACgkQRdSz+yA+q/pIMgf9EhbEHiDe
+ZB+wOUO4IWRGcQ8izJXFeBMNdvzrhjZ9wMSLaA/cBNR7zMgPoHzOEdK3MBf4+t+v
+IXARKgoALCtVRyg2bo6BkId3V7ubC0dNI88LPsMcibWDdaS+U2vSOlA3E65Dypr+
+kjcBiGqwLAVKrujUoBOQPm6X1/Teyn4tx5M9G6s5JmDH/KdfiBKTub+VWI+62Wfg
+0DwqUI52UiEtZK6z89HKrQNT0Wx/XxujFmwq9bbdAg5tl/ACgGqS1RD9fl5LAJNx
+BxcRiYMWVSe9B8F5osaTLWILqY0lhZHz9G0EGUrdmxnSGvK2MSkc8gMkkN3/reiU
+/B5CC2HsGUOTQYkCHAQSAQIABgUCUS/FTAAKCRB2PCF4qSyPtHrND/9SfkQAt81o
+21G6HTBuL9b5iampC5zfGEURsMpgtniqe1IDLDtrIwCH+y/MR1Ycqm6amhPlVBud
+nQg0dUUL7vcocX18N7iOGz+8k7iRyJMlPefNb/EgvGpAT/V4T0wjWluaogMAeDn9
+GN+6uK6JlXaNtJeJu9Wb1gz4s53IrwL6NDjEuwAy2/4iIe029S8XWuSt7A4KDpnq
+0yz4eh77oRiekyYYxl9i3W2b3iBz1RC7oGIxgBCz9+LJllqmDKfq8SA3oymsjHIc
+EHkX2GH6p9TI9QLrLFI3oDTtlbHkVJIML3s8msyAP7N5Wigy3B3Ek/DZ8BYvqaM6
+X0jBF3PxKkE4kZEnQAip4QW84ylXl8ZZprT+SRsPk7OwZa5LGapvRMc3l//6wnlT
+nZyActjLwEn6B/tRI85A5BK+8emymhKzcAmqQLh10erE2ZgYFx0LCpfPe9mVmXdV
+eC1KGPh5Fg96usY5EzrhZp/qwyC2hJTZvq6QuTmr7y7Sjha19HqKeuEYz6FN+baz
+ng12SlLieSe5mn0pU+tfkzWUIc3YxsdtwE+bkc+i7ArQwZUwaPwp3W3zZUELiUu1
+qzTSbK669hTKE9inXeR7nBMuTaSIdcLTMKWKUj2YcDYOfXKZKT4Lpik13AMYApV0
+4oUg7TsWgY6jHctFTkcwwf3A4vP+9+36P4kCHAQSAQgABgUCUTBiqgAKCRBJi5WH
+pBl4rSvnD/9n4LWNJJcmUkT91ptlVTWGyDOLDHeFTFmtNziMwP1o12WGCpNq/T3a
+rSyxyhKqs82LxctLc1i0N8EyRNI5S+zI7Wq8kF4prJnDsPT4hnTmYbXjArk2Vq2Y
+zY0VeQTYe6uy+T0nMohxSzgHhVEZ90LVsVb6XR7Uol+tCybCqZouz4bdlGsARvtq
+LDToiKZpv1eBgsHzxRzR04oXHWpigq1BuwMSl4cMIYEkssB9+OCpMLCsaHJCXZVE
+ZcNFpm24UDj1YvithF+aB2RVvP+Bx+mTfp0pLKDZYvZ3aFUngiPxOwMXOAtA6rj3
+SVJIoVpNWvtvuUoOSWM6DwHh0OdQ+w+7uLbLIQjpkOkhge2JsGWj8FS66Lxfr9/a
+uPAZXEWtF4uE/awTSb664HjG/vdxxwQ9YWt+0ZDba4ck6w8LaOGvE/K2C0hriIwu
+WSI2SWOpcGMtWHinLoeYz4RTFsMYndC1xCLcEHW3tM6+kzAd+otfpHZfDQkvSMQd
+Gm0fNE4+xvDSHmKn4IowJMCIvoqp2EYYT6ueK3JxVSaH2HCEz++ATpugOCkcwJtF
+0Dj1A5sFwrKPu1/iScjAbn8efTP1OUOj2WRqwzT0DLkyvjHBpLq+EPUIolrCiaNv
+9V6l6CiKJy9JjREkjJ75UGbZsnbmT0tYGIys51iSbgDDddKnOeX28YkCHAQTAQIA
+BgUCUS/chwAKCRDem5vsUzUyCm38D/4tvsH3I0yUzgCINBUBG42G+81GAdUVd3Kf
+ESDmN+wuxCVvnxcjn3oG+dwkqJ0cEJVqPAkxnPgCvvisKlCEbtcA1p861zdeJLgA
+4TzLwzf6NniVxKmmM2h3I3y0ljGkmFT0g4PHJt5dPiOgpOAAE6qy87s/wFFGGA/i
+OkoTPwTuZHHKtiOTAVKlWiEUOl5MZfRmYnbKxoMnWlQMijaikkr8W1G/I78IuRH3
+AIT0MmvEMWmvZTHfJPqQ0klkhSUh+BTOfa9/5aJaC12s2IauEPHQqK/DD1LP3A2s
+0Z6qsdkxP6qdwcdbVBXe66ujQWh1IFbfL0khQHE87/jQaWDEyAJT/JetOL2g3JRg
+PbAXdGxj/adLm69gJAffptRIEznjewtFtFkW4DapDTFJNkfyyH5YcOD4FUC6ZUzq
+At+9I/9OssJNuAQF3Y8DX7DhYkE/qEnPJ2JrlipCVU5p1KtmXeKUIoXGm2b0PGum
+nof73BPMTqFujL9haGYKUXUBAEnvT3YFfi0Kh+BxYT+Ait9aU+qVxO6+yzcIqPS/
+8VAXOCsklDFqGqYXVW8YOoqU96+GTGj/LtcYs7HOQp+d85gY0T8/LBvPLVOHt/li
+PY8XyMjI0ST2yW4gnvqSbky3hKNTLZTf9fQRCwsX8EdD9eg5954Xir7NbI+WiMKY
+m4zOPMj164kCHAQTAQIABgUCUTBCMQAKCRCnJhiduVcD+MZJEAC1EMBNOkbjxbX3
+jbPXioXLHczJMPxSZ2DDuAKS+cM+l5eCbDlmdFe66LGGn9QWC9jelE53AU9GaKEs
+cgjHDZHqiOYK7nKs2T3T2PzVYyb/PIpUss/Ol44tVa33836gBcmPrpX1zzb7F6vc
+g3q6vv79cXSJblKmSlm7OfI8Kfp59DVPpJrC/NwVx4WraKHAs5nzb0Sp16iHEI4A
+pXp2qb3AbOQzJaP8E+4WjJrVrNWutbuSGLp486rMNOwicElQcTqGo07GCMncERyZ
+BEB//J+GVIuHTTsNTowtDzC03+sfmGWaIJM37b98TctosKjKPoNMITFL7g/zUaNi
+Fq+9VoVWJ3aSwPMhFh6ZDapW6BnMlRkXAZL5RpY7VrN0g5cJBEls2LlEA2u9GW/L
+fs8VRvH8H4a82kKmg/Gm+Gne7xZ5CnwzYMpvYmrk7ISx4Z82BrK6mYfddmRO+2QO
+lJp6C9/x/I/vTlD/5B4RAr7yAhpJt/OauXjqTdd3lTL5Ugu5thB1CynEd1V0/ymF
+aNlUgn96wRF5LfyQAJjACn8cWXO1ie11Afit2EsfvKvMQMZ+tqByIjpXCx6n4GRl
+uVA7MoYCwvYLWVl4G+0TD1Wg33qAEuOt+zgAUWlujLnq99/FSmvhauEu6Z1t6rjM
+b+zRasIPA7L8f4nKjCc+cIJk5PpySYkCHAQTAQIABgUCUTWDYgAKCRDt43QP/wLu
+afQsEACOzWjyRYrN+1kwZ4jGyjp2wAYskV9RijDSSWR3AN8DmkEJ9S0OAT4Zaooe
+tElLJF/YUOa0kqwykqQSiDWcWq2pwsb1LYqkai8cSMVhTGhqF8ICzaZqqYbfpBPP
+zKeX25+flZS0dzfpPIqEypRLfTyDPZ6sJxL2gFmIpzFLu5MXQEFNAGgGxjT6TfL9
+UTDgSeXzSmAm2ZXVBw6aU5oDexpKiXH4tLVFHx0q2bxgBueWs5jryMXvYjHBTQGn
+18s3pgxlxt/OM0s4Ch8aytaY/eo4YxdEtU6afuAKvdqXh6G12MJH3rs8B4jI1ji0
+AlixWqjQITCEx2fFGma0o2XAadofMTz4duDbe9kg4MFoPuosGFTaSFRjphR1OofF
+vaTq00U+0bmDJjjycUqlUtCpvTdoI9Dg7M51xuD9p33xUWXeIaLVkWnxMwaSSCdF
+FS1JIcN8fbmOPb5RW6r7vYOcmp/+XuLCOn0V1S5ZGRgI+nMnfJVJ4lcAApYkVN0t
+XA3fyBKmnQLyHDwwlKlVYBWhhHtL0A4unjVo3p+4m0YhiWgNtBgMPys7dieLKN1
+hKqEn5plU6WTZkMkCFimjzPzovOGyjVG3iLTmKxhedJRYzpR49zFwlTXSZoD4PGT
+AC+3Bj/JSd+MKSn9Dud0ypPFKGgVPd19PnMWBRvQzlI77rmccYkCHAQTAQIABgUC
+UTpp3gAKCRDalBBIg4QoJjAMD/49550Mno/FSshnawArVgsp7dsf0Odv9wSJMkOF
+lylaQbjXNcUVQIxm48KVECWOxhqBqaBdVyCAnXzJ+JVgh3TLqOktvoozONwL297d
+5J1MZmo5Gl/epjYnHO2W4/vk7Mm7uL/63jRqxwnN0dqgsz0hxxnyyOrb07vGbKJP
+qlddi2qmBKJ3kYwaZ7XpYEATNqxxnAgU8XkxF83EEedyaATp92S5HgddotDGrTcO
+z1jCylP5pjbstS9InlVHb4wVVPb/6M0+tejD6YwX4gXSX/EFrG9hukkuZYbz4U2B
+dhVXEphfd1qU7tU334F3pF+Q7/ojzXHac5Zev53/icCfAicb+YpwpGIJ8BMDz8U8
+J0S0SnluvBCI6QJSETrZ6fc3VLhnaoGJVwWPF9+YEHWkT9jOLzmSkWdY4Q8N3kiM
+ngRFeFvP9afI4Ebuupsmu52B1DAfgi6lblZCj+dtWq9BKFZs6/+8EHUwCQ37feK6
+MlAdu15ouigD9DwSQKr+gUdyvOV4a4oLsng1M68JzliPzk+EqzLXv5aCRw3el0mU
+lq+L8l+UVzp/OXi390WuXYvuIfmn2bXmSp8NezbkxK+qfMOaGA+C/8uJLLjMDVQa
+vbLxwhOWdm0zLGApBzqJ5eDyEZnf5WIy1kYpwZ/cjDfH0AhmLPtxhecYPIfjLt54
+HMAQNYkCHAQTAQIABgUCUU+2xAAKCRC/ScmPtU9uXWHCD/4/YgWxUQyxVuo+bmKo
+Z65fqdID50qaAW6mXTz59EMoo1g+Z63G3urR6aIjES1Jh2u9NuxdCbBj6+pmq8fs
+lAKLU+6Y8dX7EnfYs6yW0gSmkqHQP1nNM8gxKDVHjRQd9jloVXAjoHu1qBmyF84c
+faEBG89//A8Udb3xTIw7Wb8Mv7U42IO9H7YZfvRYJ+edikZqg1EfqWE9Hz7IK/k/
+TLmSPxw3/GplEm4Zrm1AKm0JlNYLDLGEsBLXaHKhU2sFoyQQU3rRiMRC1iJJpyV5
+HmGADosOeKPmQ2dazI0L71pqrKSGfGILit1KH8lyEW9Yil+k9BMxGwfH3NRFYzjy
+HqSnKduWuH5qXy+Fa+/8tmDXWE+kVUrBA5smdnT20fOzYp5mmDa/QYedfeFIeeU+
+LZlHX2wFC44xbc35TWdU+y58f/UizVjnHR7M8mqeWJ3ipooVlKflkqYUMl2kEjPQ
+F3SfgtTSlaEbiYELl8kl2jLd5vIhfw7RkGAMi8y4qssnTK+vMfngF1TooYLifN0/
+OMNoCbA3gBecFcygEQ2PWvb9AgD51u3JjKA9MS38qZrpdOOVsOUriXAoFnXyCV2S
+h4pSCOukrEW6fIJBZ093NzJ0YF3Mu4Dut9QmrV0e3zfgczHXFSOEtLZrv6Xh2AS7
+GFPLMF8IjTjJ6iApC9cV2eX3+7kCDQRRHjTREAgAlhjQZt1+uSQ3puq7p9o/AqRr
+VsZxxbi/C0cSeAvr/iN4tkKk/4esSMevwLIMPw0ByuwCDdZusdLAI6TdDe3nwDBQ
+VRbMlmmQM1fx1wsJHbiEO+WDENULU0SxqU7lwq3YCqL7oKVtZsJ0MkmEAbZlWuzB
+E1RzNTgdoMSBGmSeDu5f5q1a+BMH1gcZWQkW7Y1e1kgHDgnz6vh+cBulWCwEzrwG
+aEvmJJ+w2HPEcD9q4IvTjXxZbli7WHrSctqCdgF433iWOa+NjUCfl98z4D7KjKMq
+vXKqD88NYbqGwrvupQZMOeNjybWMnkouAXHJdA8fiTy5hV9P7nat1OMq6h+YRwAE
+DQf9Gl43A+H4xJJ34RrCp9il8/Ef7VHEn9ZnaoMNuwCjYU9OaTHAjd7V5N23ZF15
+XMvO0Szx/toqQ14ev385VgBD/FWGy1r+UBK1/gA3pArQhpd4mtzRsjg8e2yl0D5
+v3v4K1EjEtDn37IBwAmWjwbMU12SP0NM+KQXtO0WCQF+ggRhD8hhUPV20ejYqnis
+mX5b7LYX+8NBOCleryW4pz4ZQT6MTolyjeojyCyaHE9G554ECKX+fKG/WMQmjjwj
+ngkrPk0s3HN/uU8UvQv+uucP62iHcPRKwIk6jrlR7KODR00IzSXaRNYtJoDC8oFS
+0xyhrG1vMiGvOQTBfKpgyxoIBIhPBBgRAgAPBQJRHjTRAhsMBQkJZgGAAAoJEMT0
+UgE0p66lx4An2JHiU9h4ElPNbDSfqjQoshYKIb3AJ9RjvMg0AdlIPi6k2PWTTBA
+KsoB+A==
+=rZY0
+-----END PGP PUBLIC KEY BLOCK-----
--- a/exim.changes
+++ b/exim.changes
@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Wed Jul 23 13:09:41 UTC 2014 - lmuelle@suse.com
+
+- Add silence-static-checkers.patch; (beo#1506).
+
+-------------------------------------------------------------------
+Wed Jul 23 10:08:04 UTC 2014 - lmuelle@suse.com
+
+- update to 4.83
+  This release of Exim includes one incompatible fix:
+  + the behavior of expansion of arguments to math comparison functions
+    (<, <=, =, =>, >) was unexpected, expanding the values twice;
+    CVE-2014-2972; (bnc#888520)
+  This release contains the following enhancements and bugfixes:
+  + PRDR was promoted from Experimental to mainline
+  + OCSP Stapling was promoted from Experimental to mainline
+  + new Experimental feature Proxy Protocol
+  + new Experimental feature DSN (Delivery Status Notifications)
+  + TLS session improvements
+  + TLS SNI fixes
+  + LDAP enhancements
+  + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy
+  + several new operations (listextract, utf8clean, md5, sha1)
+  + enforce header formatting with verify=header_names_ascii
+  + new commandline option -oMm
+  + new TLSA dns lookup
+  + new malware "sock" type
+  + cutthrough routing enhancements
+  + logging enhancements
+  + DNSSEC enhancements
+  + exiqgrep enhancements
+  + deprecating non-standard SPF results
+  + build and portability fixes
+  + documentation fixes and enhancements
+- Verify source tar ball gpg signature.
+- Refresh exim-enable_ecdh_openssl.patch and strip version number from the
+  patch filename.
+
 -------------------------------------------------------------------
 Thu Jan 23 09:25:36 UTC 2014 - meissner@suse.com

@ -418,6 +456,12 @@ Wed Mar  7 14:58:55 UTC 2012 - lars@samba.org

 - Package /var/log/exim owned by user and group mail; (bnc#670711).

+-------------------------------------------------------------------
+Fri May 20 17:05:34 CEST 2011 - meissner@suse.de
+
+- Fixed another remote code execution issue (CVE-2011-1407 / bnc#694798)
+- Fixed STARTTLS command injection (bnc#695144)
+
 -------------------------------------------------------------------
 Mon May  9 13:32:55 CEST 2011 - dmueller@suse.de

--- a/exim.spec
+++ b/exim.spec
@ -39,6 +39,7 @@ Provides:       smtp_daemon
 %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
 Requires:       logrotate
 %if 0%{?suse_version} > 1220
+BuildRequires:  gpg-offline
 BuildRequires:  pkgconfig(systemd)
 %{?systemd_requires}
 %else
@ -48,7 +49,7 @@ Requires(pre):  %fillup_prereq
 Requires(pre):  /usr/sbin/useradd
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.82
+Version:        4.83
 Release:        0
 %if %{?build_with_mysql:1}0
 BuildRequires:  mysql-devel
@ -63,6 +64,8 @@ License:        GPL-2.0+
 Group:          Productivity/Networking/Email/Servers
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source:         exim-%{version}.tar.bz2
+Source3:        exim-%{version}.tar.bz2.asc
+Source4:        exim-pubkey_04d29eba.asc
 Source1:        sysconfig.exim
 Source2:        exim.logrotate
 Source11:       exim.rc
@ -73,7 +76,8 @@ Source30:       eximstats-html-update.py
 Source31:       eximstats.conf
 Source32:       exim.service
 Patch:          exim-tail.patch
-Patch1:         exim482-enable_ecdh_openssl.patch
+Patch1:         exim-enable_ecdh_openssl.patch
+Patch2:         silence-static-checkers.patch
 %if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0

 %package -n eximon
@ -123,9 +127,11 @@ once, if at all. The rest is done by logrotate / cron.)
 %endif

 %prep
+%{?gpg_verify: %gpg_verify --keyring %{SOURCE4} %{SOURCE3}}
 %setup -q -n exim-%{version}
 %patch
 %patch1 -p1
+%patch2 -p1
 # build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
 %if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
 fPIE="-fPIE"
--- a/silence-static-checkers.patch
+++ b/silence-static-checkers.patch
@ -0,0 +1,21 @@
+Author: Lars Mueller <lmuelle@suse.com>
+Date:   Wed Jul 23 07:22:52 2014 -0700
+
+    Bug 1506: Silence static checkers.
+····
+    Re-adds a return NULL which was removed because it was redundant. Static
+      checkers don't parse the logic, so adding it back to make them happy.
+
+Index: exim-4.83/src/expand.c
+===================================================================
+--- exim-4.83.orig/src/expand.c
+++ exim-4.83/src/expand.c
+@@ -1879,6 +1879,8 @@ switch (vp->type)
+   #endif
+ 
+   }
+
+return NULL;  /* Unknown variable. Silences static checkers. */
+ }
+ 
+