From f7b0df8b35eabab09e4f3b49843ac0dd6ab0b681b37cac284cbe55cd02de9189 Mon Sep 17 00:00:00 2001 From: Peter Wullinger Date: Tue, 7 Jan 2020 08:00:23 +0000 Subject: [PATCH] Accepting request 761343 from home:pwcau:branches:server:mail - update to exim 4.93.0.4 (+fixes release) * Avoid costly startup code when not strictly needed. This reduces time for some exim process initialisations. It does mean that the logging of TLS configuration problems is only done for the daemon startup. * Early-pipelining support code is now included unless disabled in Makefile. * DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. * Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. * Regard command-line receipients as tainted. * Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. * Bug 2489: Fix crash in the "pam" expansion condition. It seems that the PAM library frees one of the arguments given to it, despite the documentation. Therefore a plain malloc must be used. * Bug 2491: Use tainted buffers for the transport smtp context. Previously on-stack buffers were used, resulting in a taint trap when DSN information copied from a received message was written into the buffer. * Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix the ordering of its ARC headers. This caused a crash. * Bug 2492: Use tainted memory for retry record when needed. Previously when a new record was being constructed with information from the peer, a trap was taken. * Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive installation would get error messages from DMARC verify, when it hit the nonexistent file indicated by the default. Distros wanting DMARC enabled should both provide the file and set the option. Also enforce no DMARC verification for command-line sourced messages. * Fix an uninitialised flag in early-pipelining. Previously connections could, depending on the platform, hang at the STARTTLS response. * Bug 2498: Reset a counter used for ARC verify before handling another message on a connection. Previously if one message had ARC headers and the following one did not, a crash could result when adding an Authentication-Results: header. * Bug 2500: Rewind some of the common-coding in string handling between the Exim main code and Exim-related utities. The introduction of taint tracking also did many adjustments to string handling. Since then, eximon frequently terminated with an assert failure. * When PIPELINING, synch after every hundred or so RCPT commands sent and check for 452 responses. This slightly helps the inefficieny of doing a large alias-expansion into a recipient-limited target. The max_rcpt transport option still applies (and at the current default, will override the new feature). The check is done for either cause of synch, and forces a fast-retry of all 452'd recipients using a new MAIL FROM on the same connection. The new facility is not tunable at this time. * Fix the variables set by the gsasl authenticator. Previously a pointer to library live data was being used, so the results became garbage. Make copies while it is still usable. * Logging: when the deliver_time selector ise set, include the DT= field on delivery deferred (==) and failed (**) lines (if a delivery was attemtped). Previously it was only on completion (=>) lines. * Authentication: the gsasl driver not provides the $authN variables in time for the expansion of the server_scram_iter and server_scram_salt options. OBS-URL: https://build.opensuse.org/request/show/761343 OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=225 --- exim-4.93.0.4.tar.bz2 | 3 ++ exim-4.93.0.4.tar.bz2.asc | 11 ++++++++ exim-4.93.tar.bz2 | 3 -- exim-4.93.tar.bz2.asc | 11 -------- exim.changes | 58 +++++++++++++++++++++++++++++++++++++++ exim.spec | 2 +- 6 files changed, 73 insertions(+), 15 deletions(-) create mode 100644 exim-4.93.0.4.tar.bz2 create mode 100644 exim-4.93.0.4.tar.bz2.asc delete mode 100644 exim-4.93.tar.bz2 delete mode 100644 exim-4.93.tar.bz2.asc diff --git a/exim-4.93.0.4.tar.bz2 b/exim-4.93.0.4.tar.bz2 new file mode 100644 index 0000000..8b0c07d --- /dev/null +++ b/exim-4.93.0.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b67336ba06f8d8233060de073d6082d75a378faaafad660c5f124bb13d75e4d9 +size 1974190 diff --git a/exim-4.93.0.4.tar.bz2.asc b/exim-4.93.0.4.tar.bz2.asc new file mode 100644 index 0000000..9edb63d --- /dev/null +++ b/exim-4.93.0.4.tar.bz2.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAl4TxucACgkQr0zGdqa2 +wUIh/AgA0MlOgoyXxi1pOYW2TSlFd3t3sYsLjLPgwR4QT/IZ+csdj3di/SNrcruh +YnbdPSKgCpekUYiSkFjEW6rpXTgUCYg7wFLY/gwcQ8DNkCQbNppiJKPvtvCo9ZBj +RXL/jN7A7EHv+v1QWtdHcoI1pK/uB+G4V8EibslRt/lzlkFPoRBca6KqB6XgFv27 ++n6SXKQySjyQjjqNKTOVKtPiBH9+MepG0zmntvktLnGrKeMvfO8YxeFQfxn8hRai +sRUoG0+m5d5Xmyd+hvLaLKaE7zWJNMnz59rny7kHuu5flAHqS87/XPXeesC/Sneg +hQPMEge/srGzTebgstpO8bUjO4rCIg== +=IvoV +-----END PGP SIGNATURE----- diff --git a/exim-4.93.tar.bz2 b/exim-4.93.tar.bz2 deleted file mode 100644 index 17cede0..0000000 --- a/exim-4.93.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:22c432c0585ef605c52bc796042c4823e961f58a7e6ad1486252e203bf4c9276 -size 1972841 diff --git a/exim-4.93.tar.bz2.asc b/exim-4.93.tar.bz2.asc deleted file mode 100644 index 8dec843..0000000 --- a/exim-4.93.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAl3tO+IACgkQr0zGdqa2 -wUKtHAgA1PnCXAoftGZA/XQW0+q3OyEHUNPfPMUWYdU1drdquuUDS1S08WIb90M0 -ShYxjixUMWVoQd4Fru7CZXDeljXnIdN25Ahm0wi9zeery/vP8NXhahvMvV0585lU -PLmYl2nfwceNbVXdtqlt6L5x1hM7vDOerh+0UZGITmlY49v41TGySHf16qiBkoJW -GCL9mhHULzW+8rDFxOoZEongst0XVUtrfDSUUz878ouXkXmoBHpYS0WOxpku7/x/ -/+f/eKQ9MzutYQTE37hBjPpqjDuYGKZYnVNGW2i60DtcOsC0bi/wsIOadTkq0iQc -oBg2pGOGGBs/zwSFKa3wLlMqU7ML9Q== -=28mJ ------END PGP SIGNATURE----- diff --git a/exim.changes b/exim.changes index 1fb1952..e215dcd 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Tue Jan 7 07:50:35 CET 2020 - wullinger@rz.uni-kiel.de + +- update to exim 4.93.0.4 (+fixes release) + * Avoid costly startup code when not strictly needed. This reduces time + for some exim process initialisations. It does mean that the logging + of TLS configuration problems is only done for the daemon startup. + * Early-pipelining support code is now included unless disabled in Makefile. + * DKIM verification defaults no long accept sha1 hashes, to conform to + RFC 8301. They can still be enabled, using the dkim_verify_hashes main + option. + * Support CHUNKING from an smtp transport using a transport_filter, when + DKIM signing is being done. Previously a transport_filter would always + disable CHUNKING, falling back to traditional DATA. + * Regard command-line receipients as tainted. + * Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. + * Bug 2489: Fix crash in the "pam" expansion condition. It seems that the + PAM library frees one of the arguments given to it, despite the + documentation. Therefore a plain malloc must be used. + * Bug 2491: Use tainted buffers for the transport smtp context. Previously + on-stack buffers were used, resulting in a taint trap when DSN information + copied from a received message was written into the buffer. + * Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix + the ordering of its ARC headers. This caused a crash. + * Bug 2492: Use tainted memory for retry record when needed. Previously when + a new record was being constructed with information from the peer, a trap + was taken. + * Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive + installation would get error messages from DMARC verify, when it hit the + nonexistent file indicated by the default. Distros wanting DMARC enabled + should both provide the file and set the option. + Also enforce no DMARC verification for command-line sourced messages. + * Fix an uninitialised flag in early-pipelining. Previously connections + could, depending on the platform, hang at the STARTTLS response. + * Bug 2498: Reset a counter used for ARC verify before handling another + message on a connection. Previously if one message had ARC headers and + the following one did not, a crash could result when adding an + Authentication-Results: header. + * Bug 2500: Rewind some of the common-coding in string handling between the + Exim main code and Exim-related utities. The introduction of taint + tracking also did many adjustments to string handling. Since then, eximon + frequently terminated with an assert failure. + * When PIPELINING, synch after every hundred or so RCPT commands sent and + check for 452 responses. This slightly helps the inefficieny of doing + a large alias-expansion into a recipient-limited target. The max_rcpt + transport option still applies (and at the current default, will override + the new feature). The check is done for either cause of synch, and forces + a fast-retry of all 452'd recipients using a new MAIL FROM on the same + connection. The new facility is not tunable at this time. + * Fix the variables set by the gsasl authenticator. Previously a pointer to + library live data was being used, so the results became garbage. Make + copies while it is still usable. + * Logging: when the deliver_time selector ise set, include the DT= field + on delivery deferred (==) and failed (**) lines (if a delivery was + attemtped). Previously it was only on completion (=>) lines. + * Authentication: the gsasl driver not provides the $authN variables in time + for the expansion of the server_scram_iter and server_scram_salt options. + ------------------------------------------------------------------- Thu Jan 2 08:40:29 CET 2020 - wullinger@rz.uni-kiel.de diff --git a/exim.spec b/exim.spec index 24e697b..1df4d43 100644 --- a/exim.spec +++ b/exim.spec @@ -72,7 +72,7 @@ Requires(pre): group(mail) %endif Requires(pre): fileutils textutils %endif -Version: 4.93 +Version: 4.93.0.4 Release: 0 %if %{with_mysql} BuildRequires: mysql-devel