24fce1537d
Remove dependency on gpg-offline as signature checking is implemented in the source validator.
Lars Müller
2014-11-26 14:42:09 +00:00
ba0024da3a
Remove dependency on gpg-offline as signature checking is implemented in the source validator.
Lars Müller
2014-11-26 14:42:09 +00:00
3ea93c0198
- update to 4.84 + Re-add a 'return NULL' to silence complaints from static checkers that were complaining about end of non-void function with no return; (beo#1506); obsoletes silence-static-checkers.patch. + Fix parsing of quoted parameter values in MIME headers. This was a regression intruduced in 4.83 by another bugfix; (beo#1513). + Fix broken compilation when EXPERIMENTAL_DSN is enabled. + Fix exipick for enhanced spoolfile specification used when EXPERIMENTAL_DNS is enabled; (beo#1509).
Lars Müller
2014-11-26 14:16:35 +00:00
4029445955
- update to 4.84 + Re-add a 'return NULL' to silence complaints from static checkers that were complaining about end of non-void function with no return; (beo#1506); obsoletes silence-static-checkers.patch. + Fix parsing of quoted parameter values in MIME headers. This was a regression intruduced in 4.83 by another bugfix; (beo#1513). + Fix broken compilation when EXPERIMENTAL_DSN is enabled. + Fix exipick for enhanced spoolfile specification used when EXPERIMENTAL_DNS is enabled; (beo#1509).
Lars Müller
2014-11-26 14:16:35 +00:00
5c582566b8
Accepting request 244358 from server:mail
Ludwig Nussel2014-08-13 06:49:19 +00:00
9976186f9d
Accepting request 244358 from server:mail
Ludwig Nussel2014-08-13 06:49:19 +00:00
82520164c3
Add an empty line to better visually separate %postun from %verifyscript.
Lars Müller
2014-08-12 14:45:40 +00:00
ff1c93e649
Add an empty line to better visually separate %postun from %verifyscript.
Lars Müller
2014-08-12 14:45:40 +00:00
8c38ff3f3b
Accepting request 244338 from home:posophe:branches:server:mail
Lars Müller
2014-08-12 14:24:43 +00:00
9cfe82e2e1
Accepting request 244338 from home:posophe:branches:server:mail
Lars Müller
2014-08-12 14:24:43 +00:00
a2a7ee5c07
Accepting request 242388 from server:mail
Stephan Kulow
2014-07-26 07:42:13 +00:00
f25148eaa8
Accepting request 242388 from server:mail
Stephan Kulow
2014-07-26 07:42:13 +00:00
331658f487
Remove duplicate _beo1506 from the patch filename.
Lars Müller
2014-07-25 13:32:59 +00:00
2c1ef50fea
Remove duplicate _beo1506 from the patch filename.
Lars Müller
2014-07-25 13:32:59 +00:00
ae1b57a696
Reduce the silence-static-checkers_beo1506.patch change log entry to one line.
Lars Müller
2014-07-25 13:28:47 +00:00
4d1e7f3bb4
Reduce the silence-static-checkers_beo1506.patch change log entry to one line.
Lars Müller
2014-07-25 13:28:47 +00:00
e187df0f6f
Add patch file name to peace the adminsitration.
Lars Müller
2014-07-25 11:58:15 +00:00
5dbc2fc4cc
Add patch file name to peace the adminsitration.
Lars Müller
2014-07-25 11:58:15 +00:00
6da76922d0
Merge lost package change log hunks.
Lars Müller
2014-07-24 10:06:05 +00:00
8e2f8090b1
Merge lost package change log hunks.
Lars Müller
2014-07-24 10:06:05 +00:00
4c4c71371a
Merge feedback from upstream and modify the package change log to:
Lars Müller
2014-07-23 18:20:48 +00:00
0ec4735cff
Merge feedback from upstream and modify the package change log to:
Lars Müller
2014-07-23 18:20:48 +00:00
86d9211ba5
Add no-return-in-find_variable.patch; (beo#1506).
Lars Müller
2014-07-23 13:19:52 +00:00
72254c2535
Add no-return-in-find_variable.patch; (beo#1506).
Lars Müller
2014-07-23 13:19:52 +00:00
47889de3ad
- update to 4.83 This release of Exim includes one incompatible fix: + the behavior of expansion of arguments to math comparison functions (<, <=, =, =>, >) was unexpected, expanding the values twice; CVE-2014-2972; (bnc#888520) This release contains the following enhancements and bugfixes: + PRDR was promoted from Experimental to mainline + OCSP Stapling was promoted from Experimental to mainline + new Experimental feature Proxy Protocol + new Experimental feature DSN (Delivery Status Notifications) + TLS session improvements + TLS SNI fixes + LDAP enhancements + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + several new operations (listextract, utf8clean, md5, sha1) + enforce header formatting with verify=header_names_ascii + new commandline option -oMm + new TLSA dns lookup + new malware "sock" type + cutthrough routing enhancements + logging enhancements + DNSSEC enhancements + exiqgrep enhancements + deprecating non-standard SPF results + build and portability fixes + documentation fixes and enhancements - Verify source tar ball gpg signature. - Refresh exim-enable_ecdh_openssl.patch and strip version number from the patch filename.
Lars Müller
2014-07-23 12:09:00 +00:00
399233b85e
- update to 4.83 This release of Exim includes one incompatible fix: + the behavior of expansion of arguments to math comparison functions (<, <=, =, =>, >) was unexpected, expanding the values twice; CVE-2014-2972; (bnc#888520) This release contains the following enhancements and bugfixes: + PRDR was promoted from Experimental to mainline + OCSP Stapling was promoted from Experimental to mainline + new Experimental feature Proxy Protocol + new Experimental feature DSN (Delivery Status Notifications) + TLS session improvements + TLS SNI fixes + LDAP enhancements + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + several new operations (listextract, utf8clean, md5, sha1) + enforce header formatting with verify=header_names_ascii + new commandline option -oMm + new TLSA dns lookup + new malware "sock" type + cutthrough routing enhancements + logging enhancements + DNSSEC enhancements + exiqgrep enhancements + deprecating non-standard SPF results + build and portability fixes + documentation fixes and enhancements - Verify source tar ball gpg signature. - Refresh exim-enable_ecdh_openssl.patch and strip version number from the patch filename.
Lars Müller
2014-07-23 12:09:00 +00:00
c82aab2d56
Accepting request 215028 from server:mail
Stephan Kulow
2014-01-30 13:54:31 +00:00
11549b84fe
Accepting request 215028 from server:mail
Stephan Kulow
2014-01-30 13:54:31 +00:00
50935af6df
Accepting request 215000 from home:msmeissn:branches:server:mail
Lars Müller
2014-01-24 12:22:44 +00:00
59830b8282
Accepting request 215000 from home:msmeissn:branches:server:mail
Lars Müller
2014-01-24 12:22:44 +00:00
a09e4edb08
Accepting request 209689 from server:mail
Stephan Kulow
2013-12-08 18:26:29 +00:00
035f5303bc
Accepting request 209689 from server:mail
Stephan Kulow
2013-12-08 18:26:29 +00:00
95fb02b383
Fix spelling of the last change log.
Lars Müller
2013-12-06 21:38:28 +00:00
b4c21cb41a
Fix spelling of the last change log.
Lars Müller
2013-12-06 21:38:28 +00:00
da5d997dd7
- BuildRequire libopenssl-devel only on SUSE systems. - Fix suse_version condition of the pre- and postun and scriptlet.
Lars Müller
2013-12-06 18:47:11 +00:00
9bbc6546a2
- BuildRequire libopenssl-devel only on SUSE systems. - Fix suse_version condition of the pre- and postun and scriptlet.
Lars Müller
2013-12-06 18:47:11 +00:00
cf7d7dc390
Call service_add_pre from pre scriptlet on post-12.2 systems.
Lars Müller
2013-12-06 18:10:24 +00:00
04212f0278
Call service_add_pre from pre scriptlet on post-12.2 systems.
Lars Müller
2013-12-06 18:10:24 +00:00
260cbaf3c1
update to 4.82
Lars Müller
2013-12-06 17:51:14 +00:00
a00d96c7bc
update to 4.82
Lars Müller
2013-12-06 17:51:14 +00:00
4c0e63e485
Accepting request 205977 from server:mail
Stephan Kulow
2013-11-07 07:39:41 +00:00
40b5ffc990
Accepting request 205977 from server:mail
Stephan Kulow
2013-11-07 07:39:41 +00:00
2d8da7996f
- Replace >= 1230 by > 1220 as this type of condition is used anywhere else in the exim spec file. - Remove a trailing while space from the spec file.
Lars Müller
2013-11-06 14:26:33 +00:00
bfff3f2a71
- Replace >= 1230 by > 1220 as this type of condition is used anywhere else in the exim spec file. - Remove a trailing while space from the spec file.
Lars Müller
2013-11-06 14:26:33 +00:00
48e659c02f
Accepting request 204919 from home:posophe:branches:server:mail
Lars Müller
2013-11-06 14:19:55 +00:00
47d42dea31
Accepting request 204919 from home:posophe:branches:server:mail
Lars Müller
2013-11-06 14:19:55 +00:00
12113847ef
Accepting request 179159 from server:mail
Stephan Kulow
2013-06-17 08:04:45 +00:00
2d3e9eb73b
Accepting request 179159 from server:mail
Stephan Kulow
2013-06-17 08:04:45 +00:00
27ff2c092c
Accepting request 147838 from server:mail
Stephan Kulow
2013-01-10 12:02:21 +00:00
a2709c87cf
Accepting request 147838 from server:mail
Stephan Kulow
2013-01-10 12:02:21 +00:00
44521a78f3
Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available; (bnc#764120).
Lars Müller
2013-01-09 19:55:32 +00:00
3cd32e0e68
Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available; (bnc#764120).
Lars Müller
2013-01-09 19:55:32 +00:00
d1640b3e86
Accepting request 139402 from server:mail
Stephan Kulow
2012-10-27 05:38:43 +00:00
25575d5269
Accepting request 139402 from server:mail
Stephan Kulow
2012-10-27 05:38:43 +00:00
750ee8db9f
- update to 4.80.1 - SECURITY: protect DKIM DNS decoding from remote exploit; CVE-2012-5671; (bnc#786652).
Lars Müller
2012-10-26 09:29:39 +00:00
9569f69bfe
- update to 4.80.1 - SECURITY: protect DKIM DNS decoding from remote exploit; CVE-2012-5671; (bnc#786652).
Lars Müller
2012-10-26 09:29:39 +00:00
c77b4f3efe
- update to 4.80 - Bugzilla 949 - Documentation tweak. - Bugzilla 1093 - eximstats DATA reject detection regexps improved. - Bugzilla 1169 - primary_hostname spelling was incorrect in docs. - Implemented gsasl authenticator. - Implemented heimdal_gssapi authenticator with "server_keytab" option. - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use pkg-config foo for cflags/libs. - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent with rest of GSASL and with heimdal_gssapi. - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use pkg-config foo for cflags/libs for the TLS implementation. - New expansion variable $tls_bits; Cyrus SASL server connection properties get this fed in as external SSF. A number of robustness and debugging improvements to the cyrus_sasl authenticator. - cyrus_sasl server now expands the server_realm option. - Bugzilla 1214 - Log authentication information in reject log. - Added dbmjz lookup type. - Let heimdal_gssapi authenticator take a SASL message without an authzid. - MAIL args handles TAB as well as SP, for better interop with non-compliant senders. - Bugzilla 1237 - fix cases where printf format usage not indicated. - tls_peerdn now print-escaped for spool files. Observed some $tls_peerdn in wild which contained \n, which resulted in spool file corruption. - TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after TLS renegotiation, which otherwise led to messages "Got SSL error 2". - Bugzilla 1239 - fix DKIM verification when signature was not inserted as a tracking header (ie: a signed header comes before the signature). - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a comma-sep list; embedded commas doubled. - Refactored ACL "verify =" logic to table-driven dispatch. - LDAP: Check for errors of TLS initialisation, to give correct diagnostics. - Removed "dont_insert_empty_fragments" fron "openssl_options". Removed SSL_clear() after SSL_new() which led to protocol negotiation failures. We appear to now support TLS1.1+ with Exim. - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate lets Exim select keys and certificates based upon TLS SNI from client. Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly before an outbound SMTP session. New log_selector, +tls_sni. - Bugzilla 1122 - check localhost_number expansion for failure, avoid NULL dereference. - Revert part of NM/04, it broke log_path containing %D expansions. Left warnings. Added "eximon gdb" invocation mode. - Defaulting "accept_8bitmime" to true, not false. - Added -bw for inetd wait mode support. - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to locate the relevant includes and libraries. Made this the default. - Fixed headers_only on smtp transports (was not sending trailing dot). Bugzilla 1246, report and most of solution from Tomasz Kusy. - ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). This may cause build issues on older platforms. - Revamped GnuTLS support, passing tls_require_ciphers to gnutls_priority_init, ignoring Exim options gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols (no longer supported). Added SNI support via GnuTLS too. Made ${randint:..} supplier available, if using not-too-old GnuTLS. - Added EXPERIMENTAL_OCSP for OpenSSL. - Applied dnsdb SPF support patch from Janne Snabb. Applied second patch from Janne, implementing suggestion to default multiple-strings-in-record handling to match SPF spec. - Added expansion variable $tod_epoch_l for a higher-precision time. - Fix DCC dcc_header content corruption (stack memory referenced, read-only, out of scope). Patch from Wolfgang Breyha, report from Stuart Northfield. - Fix three issues highlighted by clang analyser static analysis. Only crash-plausible issue would require the Cambridge-specific iplookup router and a misconfiguration. Report from Marcin Mirosław. - Another attempt to deal with PCRE_PRERELEASE, this one less buggy. - %D in printf continues to cause issues (-Wformat=security), so for now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. As part of this, removing so much warning spew let me fix some minor real issues in debug logging. - GnuTLS was always using default tls_require_ciphers, due to a missing assignment on my part. Fixed. - Added tls_dh_max_bits option, defaulting to current hard-coded limit of NSS, for GnuTLS/NSS interop. - Validate tls_require_ciphers on startup, since debugging an invalid string otherwise requires a connection and a bunch more work and it's relatively easy to get wrong. Should also expose TLS library linkage problems. - Pull in <features.h> on Linux, for some portability edge-cases of 64-bit ${eval} (JH/03). - Define _GNU_SOURCE in exim.h; it's needed for some releases of protection layer was required, which is not implemented. Bugzilla 1254 - Overhaul DH prime handling, supply RFC-specified DH primes as built into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make tls_dhparam take prime identifiers. Also unbreak combination of OpenSSL+DH_params+TLSSNI. - Disable SSLv2 by default in OpenSSL support.
Lars Müller
2012-08-19 14:12:43 +00:00
5861db2a32
- update to 4.80 - Bugzilla 949 - Documentation tweak. - Bugzilla 1093 - eximstats DATA reject detection regexps improved. - Bugzilla 1169 - primary_hostname spelling was incorrect in docs. - Implemented gsasl authenticator. - Implemented heimdal_gssapi authenticator with "server_keytab" option. - Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use pkg-config foo for cflags/libs. - Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent with rest of GSASL and with heimdal_gssapi. - Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use pkg-config foo for cflags/libs for the TLS implementation. - New expansion variable $tls_bits; Cyrus SASL server connection properties get this fed in as external SSF. A number of robustness and debugging improvements to the cyrus_sasl authenticator. - cyrus_sasl server now expands the server_realm option. - Bugzilla 1214 - Log authentication information in reject log. - Added dbmjz lookup type. - Let heimdal_gssapi authenticator take a SASL message without an authzid. - MAIL args handles TAB as well as SP, for better interop with non-compliant senders. - Bugzilla 1237 - fix cases where printf format usage not indicated. - tls_peerdn now print-escaped for spool files. Observed some $tls_peerdn in wild which contained \n, which resulted in spool file corruption. - TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after TLS renegotiation, which otherwise led to messages "Got SSL error 2". - Bugzilla 1239 - fix DKIM verification when signature was not inserted as a tracking header (ie: a signed header comes before the signature). - Bugzilla 660 - Multi-valued attributes from ldap now parseable as a comma-sep list; embedded commas doubled. - Refactored ACL "verify =" logic to table-driven dispatch. - LDAP: Check for errors of TLS initialisation, to give correct diagnostics. - Removed "dont_insert_empty_fragments" fron "openssl_options". Removed SSL_clear() after SSL_new() which led to protocol negotiation failures. We appear to now support TLS1.1+ with Exim. - OpenSSL: new expansion var $tls_sni, which if used in tls_certificate lets Exim select keys and certificates based upon TLS SNI from client. Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly before an outbound SMTP session. New log_selector, +tls_sni. - Bugzilla 1122 - check localhost_number expansion for failure, avoid NULL dereference. - Revert part of NM/04, it broke log_path containing %D expansions. Left warnings. Added "eximon gdb" invocation mode. - Defaulting "accept_8bitmime" to true, not false. - Added -bw for inetd wait mode support. - Added PCRE_CONFIG=yes support to Makefile for using pcre-config to locate the relevant includes and libraries. Made this the default. - Fixed headers_only on smtp transports (was not sending trailing dot). Bugzilla 1246, report and most of solution from Tomasz Kusy. - ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). This may cause build issues on older platforms. - Revamped GnuTLS support, passing tls_require_ciphers to gnutls_priority_init, ignoring Exim options gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols (no longer supported). Added SNI support via GnuTLS too. Made ${randint:..} supplier available, if using not-too-old GnuTLS. - Added EXPERIMENTAL_OCSP for OpenSSL. - Applied dnsdb SPF support patch from Janne Snabb. Applied second patch from Janne, implementing suggestion to default multiple-strings-in-record handling to match SPF spec. - Added expansion variable $tod_epoch_l for a higher-precision time. - Fix DCC dcc_header content corruption (stack memory referenced, read-only, out of scope). Patch from Wolfgang Breyha, report from Stuart Northfield. - Fix three issues highlighted by clang analyser static analysis. Only crash-plausible issue would require the Cambridge-specific iplookup router and a misconfiguration. Report from Marcin Mirosław. - Another attempt to deal with PCRE_PRERELEASE, this one less buggy. - %D in printf continues to cause issues (-Wformat=security), so for now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. As part of this, removing so much warning spew let me fix some minor real issues in debug logging. - GnuTLS was always using default tls_require_ciphers, due to a missing assignment on my part. Fixed. - Added tls_dh_max_bits option, defaulting to current hard-coded limit of NSS, for GnuTLS/NSS interop. - Validate tls_require_ciphers on startup, since debugging an invalid string otherwise requires a connection and a bunch more work and it's relatively easy to get wrong. Should also expose TLS library linkage problems. - Pull in <features.h> on Linux, for some portability edge-cases of 64-bit ${eval} (JH/03). - Define _GNU_SOURCE in exim.h; it's needed for some releases of protection layer was required, which is not implemented. Bugzilla 1254 - Overhaul DH prime handling, supply RFC-specified DH primes as built into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make tls_dhparam take prime identifiers. Also unbreak combination of OpenSSL+DH_params+TLSSNI. - Disable SSLv2 by default in OpenSSL support.
Lars Müller
2012-08-19 14:12:43 +00:00
8f0c74c76b
Added missing patch header.
Lars Müller
2012-04-22 14:30:08 +00:00
a65dd7b580
Added missing patch header.
Lars Müller
2012-04-22 14:30:08 +00:00
7282c7e509
Accepting request 109834 from server:mail
Stephan Kulow
2012-03-20 10:26:45 +00:00
acbd53ce0b
Accepting request 109834 from server:mail
Stephan Kulow
2012-03-20 10:26:45 +00:00
f95332d7bc
Fix typo in CFLAGS_OPT_WERROR variable name.
Lars Müller
2012-03-17 20:16:14 +00:00
f6dea5e9e9
Fix typo in CFLAGS_OPT_WERROR variable name.
Lars Müller
2012-03-17 20:16:14 +00:00
c1a865c03f
Disable format-security and missing-format-attribute warnings via CFLAGS on pre-11.2 systems.
Lars Müller
2012-03-17 20:08:07 +00:00
bedf5a3bc8
Disable format-security and missing-format-attribute warnings via CFLAGS on pre-11.2 systems.
Lars Müller
2012-03-17 20:08:07 +00:00
7b2cd1254f
Use same mail address as with previous changes.
Lars Müller
2012-03-17 18:09:44 +00:00
4019175057
Use same mail address as with previous changes.
Lars Müller
2012-03-17 18:09:44 +00:00
de16aeb68c
Remove obsoleted Authors lines from spec file.
Lars Müller
2012-03-07 16:18:18 +00:00
9609c635fa
Remove obsoleted Authors lines from spec file.
Lars Müller
2012-03-07 16:18:18 +00:00
4307b30b51
Accepting request 108391 from home:lmuelle:branches:server:mail
Lars Müller
2012-03-07 16:07:13 +00:00
4c73601dcb
Accepting request 108391 from home:lmuelle:branches:server:mail
Lars Müller
2012-03-07 16:07:13 +00:00
7cf4535025
Update year up copyright line.
Lars Müller
2012-03-07 16:02:42 +00:00
ae50c719aa
Update year up copyright line.
Lars Müller
2012-03-07 16:02:42 +00:00
fb066ebb30
replace license with spdx.org variant
Stephan Kulow
2011-12-06 17:08:47 +00:00
d356aee7e9
replace license with spdx.org variant
Stephan Kulow
2011-12-06 17:08:47 +00:00
6f98d1fe1e
Autobuild autoformatter for 69936
Sascha Peilicke
2011-05-10 07:16:11 +00:00
368f4f1f89
Autobuild autoformatter for 69936
Sascha Peilicke
2011-05-10 07:16:11 +00:00
Lars Müller
Tomáš Chvátal
Dominique Leuenberger
Ludwig Nussel
Stephan Kulow
Dr. Werner Fink
Ismail Dönmez
Sascha Peilicke