diff --git a/exim-4.84.tar.bz2 b/exim-4.84.tar.bz2 deleted file mode 100644 index 1dfcd32..0000000 --- a/exim-4.84.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:78ea22be87fb6df880e7fd482f3bec9ef6ceca0c9dedd50f8a26cae0b38b9e9c -size 1761790 diff --git a/exim-4.84.tar.bz2.asc b/exim-4.84.tar.bz2.asc deleted file mode 100644 index 53a76e9..0000000 --- a/exim-4.84.tar.bz2.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.11 (GNU/Linux) - -iEYEABECAAYFAlPowoIACgkQxPT5SATSnrpzGwCdEBRSfY/KxYzH2rGJHJ1wROZx -BQcAn1u16GyO8NsysIbwmKKyEMbSOQgo -=S0E2 ------END PGP SIGNATURE----- diff --git a/exim-4.85.tar.bz2 b/exim-4.85.tar.bz2 new file mode 100644 index 0000000..761589a --- /dev/null +++ b/exim-4.85.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:13211f2bbc5400d095a9b4be075eb1347e0d98676fdfe4be8a3b4d56281daaa4 +size 1784150 diff --git a/exim-4.85.tar.bz2.asc b/exim-4.85.tar.bz2.asc new file mode 100644 index 0000000..df3b248 --- /dev/null +++ b/exim-4.85.tar.bz2.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (GNU/Linux) + +iEYEABECAAYFAlSz5VAACgkQxPT5SATSnrq5/wCfaTbnPwDv6K9PvZvmAAYhlY/t +pawAnRUXHZrpQPPxIL1vIOC4BDreTCHW +=cFBh +-----END PGP SIGNATURE----- diff --git a/exim-enable_ecdh_openssl.patch b/exim-enable_ecdh_openssl.patch index 19c4a9f..70389df 100644 --- a/exim-enable_ecdh_openssl.patch +++ b/exim-enable_ecdh_openssl.patch @@ -6,7 +6,7 @@ Index: exim-4.83/src/globals.c =================================================================== --- exim-4.83.orig/src/globals.c +++ exim-4.83/src/globals.c -@@ -150,6 +150,7 @@ that's the interop problem which has bee +@@ -158,6 +158,7 @@ that's the interop problem which has bee bit-count as "NORMAL" (2432) and Thunderbird dropping connection. */ int tls_dh_max_bits = 2236; uschar *tls_dhparam = NULL; @@ -18,7 +18,7 @@ Index: exim-4.83/src/globals.h =================================================================== --- exim-4.83.orig/src/globals.h +++ exim-4.83/src/globals.h -@@ -114,6 +114,7 @@ extern uschar *tls_channelbinding_b64; / +@@ -118,6 +118,7 @@ extern uschar *tls_channelbinding_b64; / extern uschar *tls_crl; /* CRL File */ extern int tls_dh_max_bits; /* don't accept higher lib suggestions */ extern uschar *tls_dhparam; /* DH param file */ @@ -30,7 +30,7 @@ Index: exim-4.83/src/readconf.c =================================================================== --- exim-4.83.orig/src/readconf.c +++ exim-4.83/src/readconf.c -@@ -440,6 +440,7 @@ static optionlist optionlist_config[] = +@@ -443,6 +443,7 @@ static optionlist optionlist_config[] = { "tls_crl", opt_stringptr, &tls_crl }, { "tls_dh_max_bits", opt_int, &tls_dh_max_bits }, { "tls_dhparam", opt_stringptr, &tls_dhparam }, @@ -42,7 +42,7 @@ Index: exim-4.83/src/tls-openssl.c =================================================================== --- exim-4.83.orig/src/tls-openssl.c +++ exim-4.83/src/tls-openssl.c -@@ -497,6 +497,59 @@ return TRUE; +@@ -612,6 +612,59 @@ return TRUE; @@ -102,7 +102,7 @@ Index: exim-4.83/src/tls-openssl.c #ifndef DISABLE_OCSP /************************************************* -@@ -1134,6 +1187,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu +@@ -1254,6 +1307,11 @@ if (!init_dh(*ctxp, dhparam, host)) retu rc = tls_expand_session_files(*ctxp, cbinfo); if (rc != OK) return rc; diff --git a/exim.changes b/exim.changes index a19388c..92d00c0 100644 --- a/exim.changes +++ b/exim.changes @@ -1,3 +1,99 @@ +------------------------------------------------------------------- +Sat Jan 24 23:04:19 UTC 2015 - lmuelle@suse.com + +- Set CFLAGS_OPT_WERROR only on post-5 CentOS and RHEL systems. + +------------------------------------------------------------------- +Sat Jan 24 22:33:59 UTC 2015 - lmuelle@suse.com + +- Drop BuildRequires xorg-x11-server-sdk for non SUSE systems in particular to + build on RHEL 6 again. + +------------------------------------------------------------------- +Sat Jan 24 22:16:09 UTC 2015 - lmuelle@suse.com + +- Let ld know the path to mysqlclient. + +------------------------------------------------------------------- +Sat Jan 24 19:33:39 UTC 2015 - lmuelle@suse.com + +- update to 4.85 + + When running the test suite, the README says that variables such as + no_msglog_check are global and can be placed anywhere in a specific + test's script, however it was observed that placement needed to be near + the beginning for it to behave that way. Changed the runtest perl + script to read through the entire script once to detect and set these + variables, reset to the beginning of the script, and then run through + the script parsing/test process like normal. + + Expand the EXPERIMENTAL_TPDA feature. Several different events now + cause callback expansion. + + Bugzilla 1518: Clarify "condition" processing in routers; that + syntax errors in an expansion can be treated as a string instead of + logging or causing an error, due to the internal use of bool_lax + instead of bool when processing it. + + Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for + server certificates when making smtp deliveries. + + Support secondary-separator specifier for MX, SRV, TLSA lookups. + + Add ${sort {list}{condition}{extractor}} expansion item. + + Bugzilla 1216: Add -M (related messages) option to exigrep. + + GitHub Issue 18: Adjust logic testing for true/false in redis lookups. + Merged patch from Sebastian Wiedenroth. + + Fix results-pipe from transport process. Several recipients, combined + with certificate use, exposed issues where response data items split + over buffer boundaries were not parsed properly. This eventually + resulted in duplicates being sent. This issue only became common enough + to notice due to the introduction of conection certificate information, + the item size being so much larger. Found and fixed by Wolfgang Breyha. + + Bug 1533: Fix truncation of items in headers_remove lists. A fixed + size buffer was used, resulting in syntax errors when an expansion + exceeded it. + + Add support for directories of certificates when compiled with a GnuTLS + version 3.3.6 or later. + + Rename the TPDA expermimental facility to Event Actions. The #ifdef + is EXPERIMENTAL_EVENT, the main-configuration and transport options + both become "event_action", the variables become $event_name, $event_data + and $event_defer_errno. There is a new variable $verify_mode, usable in + routers, transports and related events. The tls:cert event is now also + raised for inbound connections, if the main configuration event_action + option is defined. + + In test suite, disable OCSP for old versions of openssl which contained + early OCSP support, but no stapling (appears to be less than 1.0.0). + + When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on + server certificate names available under the smtp transport option + "tls_verify_cert_hostname" now do not permit multi-component wildcard + matches. + + Time-related extraction expansions from certificates now use the main + option "timezone" setting for output formatting, and are consistent + between OpenSSL and GnuTLS compilations. Bug 1541. + + Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047- + encoded parameter in the incoming message. Bug 1558. + + Bug 1527: Autogrow buffer used in reading spool files. Since they now + include certificate info, eximon was claiming there were spoolfile + syntax errors. + + Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return. + + Log delivery-related information more consistently, using the sequence + "H= []" wherever possible. + + Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which + are problematic for Debian distribution, omit them from the release + tarball. + + Updates and fixes to the EXPERIMENTAL_DSN feature. + + Fix string representation of time values on 64bit time_t anchitectures. + Bug 1561. + + Fix a null-indirection in certextract expansions when a nondefault + output list separator was used. + +------------------------------------------------------------------- +Sun Dec 21 10:25:47 UTC 2014 - michal.hrusecky@opensuse.org + +- Enable SPF + +------------------------------------------------------------------- +Sun Dec 21 09:48:18 UTC 2014 - michal.hrusecky@opensuse.org + +- Fix service file +- Using bcond for mysql, pgsql and ldap +- mysql, pgsql and ldap enabled by default + ------------------------------------------------------------------- Fri Dec 5 12:47:28 UTC 2014 - lmuelle@suse.com @@ -15,7 +111,7 @@ Wed Nov 26 13:13:38 UTC 2014 - lmuelle@suse.com - update to 4.84 + Re-add a 'return NULL' to silence complaints from static checkers that were complaining about end of non-void function with no return; - (beo#1506); obsoletes silence-static-checkers.patch. + (beo#1506); obsoletes silence-static-checkers.patch. + Fix parsing of quoted parameter values in MIME headers. This was a regression intruduced in 4.83 by another bugfix; (beo#1513). + Fix broken compilation when EXPERIMENTAL_DSN is enabled. @@ -174,7 +270,7 @@ Fri Dec 6 17:37:11 UTC 2013 - lmuelle@suse.com redundant, but I have not verified this so I left the code in place. - Correct gecos expansion when From: is a prefix of the username. - Test 0254 submits a message to Exim with the header - Resent-From: f + Resent-From: f - When I ran the test suite under the user fanf2, Exim expanded the header to contain my full name, whereas it should have added a Resent-Sender: header. It erroneously treats any prefix of the diff --git a/exim.service b/exim.service index 392a899..4da57f2 100644 --- a/exim.service +++ b/exim.service @@ -7,7 +7,6 @@ Conflicts=sendmail.service postfix.service PrivateTmp=true Environment=QUEUE=1h EnvironmentFile=-/etc/sysconfig/exim -ExecStartPre=-/usr/libexec/exim-gen-cert ExecStart=/usr/sbin/exim -bd -q${QUEUE} [Install] diff --git a/exim.spec b/exim.spec index d262e9c..818dff4 100644 --- a/exim.spec +++ b/exim.spec @@ -1,7 +1,7 @@ # # spec file for package exim # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,10 +16,17 @@ # +%bcond_without mysql +%bcond_without pgsql +%bcond_without ldap + Name: exim BuildRequires: cyrus-sasl-devel BuildRequires: db-devel +BuildRequires: libspf2-devel +%if %{with_ldap} BuildRequires: openldap2-devel +%endif BuildRequires: pcre-devel %if %{?suse_version:1}%{?!suse_version:0} BuildRequires: libopenssl-devel @@ -31,7 +38,6 @@ BuildRequires: libXext-devel BuildRequires: libXt-devel BuildRequires: openssl-devel BuildRequires: tcp_wrappers -BuildRequires: xorg-x11-server-sdk %endif Url: http://www.exim.org/ Conflicts: sendmail sendmail-tls postfix @@ -48,15 +54,13 @@ Requires(pre): %fillup_prereq Requires(pre): /usr/sbin/useradd Requires(pre): fileutils textutils %endif -Version: 4.84 +Version: 4.85 Release: 0 -%if %{?build_with_mysql:1}0 +%if %{with_mysql} BuildRequires: mysql-devel -Provides: exim = %version %endif -%if %{?build_with_pgsql:1}0 +%if %{with_pgsql} BuildRequires: postgresql-devel -Provides: exim = %version %endif Summary: The Exim Mail Transfer Agent, a Replacement for sendmail License: GPL-2.0+ @@ -76,7 +80,6 @@ Source31: eximstats.conf Source32: exim.service Patch: exim-tail.patch Patch1: exim-enable_ecdh_openssl.patch -%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %package -n eximon Summary: Eximon, an graphical frontend to administer Exim's mail queue @@ -88,7 +91,6 @@ Group: Productivity/Networking/Email/Servers Requires: perl-GD Requires: perl-GDGraph Requires: perl-GDTextUtil -%endif %description Exim is a mail transport agent (MTA) developed at the University of @@ -99,16 +101,12 @@ In particular, it has options for verifying incoming sender and recipient addresses, for refusing mail from specified hosts, networks, or senders, and for controlling mail relaying. - -%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 - %description -n eximon This allows administrators to view the exim agent's mail queue and logs, and perform a variety of actions on queued messages, such as freezing, bouncing and thawing messages, and even editing body and header of mails. - %description -n eximstats-html If this package is installed alongside the exim MTA, and you enable EXIM_REPORT_WEEKLY_HTML in /etc/sysconfig/exim, logrotate/cron will @@ -121,9 +119,6 @@ The script /usr/sbin/eximstats-html-update.py can create the reports for log files that were rotated in the past. (You would only run this once, if at all. The rest is done by logrotate / cron.) - -%endif - %prep %setup -q -n exim-%{version} %patch @@ -133,7 +128,7 @@ once, if at all. The rest is done by logrotate / cron.) fPIE="-fPIE" pie="-pie" %endif -%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 1100 +%if 0%{?suse_version} > 1100 || 0%{?centos_version} > 599 || 0%{?rhel_version} > 599 CFLAGS_OPT_WERROR="-Werror=format-security -Werror=missing-format-attribute" %endif cat <<-EOF > Local/Makefile @@ -163,11 +158,13 @@ cat <<-EOF > Local/Makefile LOOKUP_CDB=yes LOOKUP_DNSDB=yes LOOKUP_DSEARCH=yes +%if %{with_ldap} LOOKUP_LDAP=yes -%if %{?build_with_mysql:1}0 +%endif +%if %{with_mysql} LOOKUP_MYSQL=yes %endif -%if %{?build_with_pgsql:1}0 +%if %{with_pgsql} LOOKUP_PGSQL=yes %endif LOOKUP_NIS=yes @@ -177,24 +174,27 @@ cat <<-EOF > Local/Makefile # LOOKUP_PGSQL=yes # LOOKUP_WHOSON=yes CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux - LDAP_LIB_TYPE=OPENLDAP2 # LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq - LOOKUP_LIBS=-lldap -llber -%if %{?build_with_mysql:1}0 - LOOKUP_INCLUDE=-I /usr/include/mysql - LOOKUP_LIBS=-lldap -llber -lmysqlclient + LOOKUP_LIBS=-llber +%if %{with_ldap} + LDAP_LIB_TYPE=OPENLDAP2 + LOOKUP_LIBS+=-lldap %endif -%if %{?build_with_pgsql:1}0 - LOOKUP_INCLUDE=-I /usr/include/pgsql - LOOKUP_LIBS=-lldap -llber -lpq +%if %{with_mysql} + LOOKUP_INCLUDE+=-I /usr/include/mysql + LOOKUP_LIBS+=-L %{_libdir}/mysql -lmysqlclient +%endif +%if %{with_pgsql} + LOOKUP_INCLUDE+=-I /usr/include/pgsql + LOOKUP_LIBS+=-lpq %endif EXIM_MONITOR=eximon.bin WITH_CONTENT_SCAN=yes WITH_OLD_DEMIME=yes AUTH_CRAM_MD5=yes AUTH_PLAINTEXT=yes - # AUTH_SPA=yes + AUTH_SPA=yes AUTH_DOVECOT=yes SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto @@ -242,6 +242,8 @@ cat <<-EOF > Local/Makefile # SPOOL_MODE=0640 SUPPORT_MOVE_FROZEN_MESSAGES=yes HAVE_IPV6=YES + EXPERIMENTAL_SPF=yes + LOOKUP_LIBS+=-lspf2 CFLAGS=$RPM_OPT_FLAGS -Wall $CFLAGS_OPT_WERROR -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie EOF @@ -287,15 +289,11 @@ do done ln -sf exim $RPM_BUILD_ROOT/usr/sbin/sendmail %if 0%{?suse_version} > 1220 -ln -sv ../../%{_unitdir}/exim.service $RPM_BUILD_ROOT/usr/sbin/rcexim +ln -sv service $RPM_BUILD_ROOT/usr/sbin/rcexim %else ln -sv ../../etc/init.d/exim $RPM_BUILD_ROOT/usr/sbin/rcexim %endif -%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 mv $RPM_BUILD_ROOT/usr/sbin/eximon* $RPM_BUILD_ROOT/usr/bin/ -%else -rm $RPM_BUILD_ROOT/usr/sbin/eximon* -%endif cp -p %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.exim install -m 0644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim # man pages @@ -326,12 +324,10 @@ gzip -9 doc/*.txt chmod 644 util/*.{pl,sh} src/convert4r* # # eximstats-html files -%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 mkdir -p $RPM_BUILD_ROOT/srv/www/eximstats mkdir -p $RPM_BUILD_ROOT/etc/apache2/conf.d/ cp -p $RPM_SOURCE_DIR/eximstats.conf $RPM_BUILD_ROOT/etc/apache2/conf.d/ install -m 0755 $RPM_SOURCE_DIR/eximstats-html-update.py $RPM_BUILD_ROOT/%{_sbindir} -%endif # apparmor profile install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim @@ -430,7 +426,6 @@ exit 0 /usr/lib/sendmail /var/adm/fillup-templates/sysconfig.exim %dir %attr(750,mail,mail) /var/log/exim -%if !%{?build_with_mysql:1}0 && !%{?build_with_pgsql:1}0 %files -n eximon %defattr(-,root,root) @@ -444,6 +439,5 @@ exit 0 /etc/apache2/conf.d /etc/apache2/conf.d/eximstats.conf %{_sbindir}/eximstats-html-update.py -%endif %changelog