Accepting request 597094 from home:pwcau:branches:server:mail

update to 4.91.

Note that this removes two, previously deprecated SPF ACL conditions (err_temp and err_perm).

OBS-URL: https://build.opensuse.org/request/show/597094
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=203

exim-4.90.1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d8f510056c85fd8565242cad06560c5cb44a0678ea76241331eca096f7a6cbf0
-size 1854894

exim-4.90.1.tar.bz2.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAlp8U0MACgkQr0zGdqa2
-wUKEiwf9GmNYK5sbmpi/c2TdfPqsqU1o76l3PoTt+kxSQi5t4j30dsqZdWvzvkuj
-k+/x1SsDRg44+wv19ynnYH4tSCZ3QSwTevyfXvR7bSGpSTCN0tTnaWm/AuBXNC8D
-9lukQckwdZckVNciRriVCLi9VTymV/tdnIxowQu/WfdEzFTXDeYzu3KoioG+jKAV
-MWhnyUDfhPYPYs+u8IKdFDE3Z9bO/I/EbgTHiR6PetLWusSugrp/MyJjICp8HsvI
-f/pMj+rytJo2hOnI9x/wpUiXb7XnnQnph3mic5BQU4DF+tI6dK1zTS66PyTYAoNI
-p6Po3uLY/umKYT+W6jxURPfC2TH1+A==
-=k4cD
------END PGP SIGNATURE-----

exim-4.91.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eff5b41276a0039e89af4b447da13aaa61c5823d4ec2c37353dc23577cfb02d3
+size 1912811

exim-4.91.tar.bz2.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABAgAGBQJa01I+AAoJELzljIzkHzLfBRAH/R4DJhI01BTVIl6/7gQOVfST
+fmhBh3rTRXhkSR7XfzxWgNR2jJnDJReitBdjDvkgLdYZ7+S3G7+WIJeSuoP2+PPO
+VfSEWQdaeYYyvz6C81xPHo+UARnQcGTygPQpLk9XDiVYZ7X9TYUuomNX4MsK1EXb
+2ZJUJ1Sm1DoZx9MbPXJfUSPXeBJGMJwjSjh9KRssFg5VddjBc/oNHf3oL/ThodzU
+SmMyPc29r8ZZe+EC5lVumN6G8UalDFPROa/0VEYkJsj7zFG6JgIlRhWgYaIq3nGn
+m6ghRaRNQFSktjzISD+mf3ttiqyoJAPRc4x2fbvDAnUjpNQ3VuxOP8uz758cPTw=
+=I/a+
+-----END PGP SIGNATURE-----

exim.changes

@@ -1,3 +1,97 @@
+-------------------------------------------------------------------
+Mon Apr 16 13:57:17 UTC 2018 - wullinger@rz.uni-kiel.de
+
+- update to 4.91
+ * DEFER rather than ERROR on redis cluster MOVED response.
+ * Catch and remove uninitialized value warning in exiqsumm
+ * Disallow '/' characters in queue names specified for the "queue=" ACL
+    modifier.  This matches the restriction on the commandline.
+ * Fix pgsql lookup for multiple result-tuples with a single column.
+    Previously only the last row was returned.
+ * Bug 2217: Tighten up the parsing of DKIM signature headers.
+ * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
+ * Fix issue with continued-connections when the DNS shifts unreliably.
+ * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
+ * The "support for" informational output now, which built with Content
+   Scanning support, has a line for the malware scanner interfaces compiled
+   in.  Interface can be individually included or not at build time.
+ * The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
+   by the template makefile "src/EDITME".  The "STREAM" support for an older
+   ClamAV interface method is removed.
+ * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
+   rows affected is given instead).
+ * The runtime Berkeley DB library version is now additionally output by
+   "exim -d -bV".  Previously only the compile-time version was shown.
+ * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
+   SMTP connection.
+ * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
+   routers.
+ * Bug 2174: A timeout on connect for a callout was also erroneously seen as
+   a timeout on read on a GnuTLS initiating connection, resulting in the
+   initiating connection being dropped.
+ * Relax results from ACL control request to enable cutthrough, in
+   unsupported situations, from error to silently (except under debug)
+   ignoring.
+ * Fix Buffer overflow in base64d() (CVE-2018-6789)
+ * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
+   metadata, resulting in a crash in free().
+ * Fix broken Heimdal GSSAPI authenticator integration.
+ * Bug 2113: Fix conversation closedown with the Avast malware scanner.
+ * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL.
+ * Speed up macro lookups during configuration file read, by skipping non-
+   macro text after a replacement (previously it was only once per line) and
+   by skipping builtin macros when searching for an uppercase lead character.
+ * DANE support moved from Experimental to mainline.  The Makefile control
+   for the build is renamed.
+ * Fix memory leak during multi-message connections using STARTTLS.
+ * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
+   reported the original.  Fix to report (as far as possible) the ACL
+   result replacing the original.
+ * Fix memory leak during multi-message connections using STARTTLS under
+   OpenSSL
+ * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
+ * Fix utf8_downconvert propagation through a redirect router.
+ * Bug 2253: For logging delivery lines under PRDR, append the overall
+   DATA response info to the (existing) per-recipient response info for
+   the "C=" log element.
+ * Bug 2251: Fix ldap lookups that return a single attribute having zero-
+   length value.
+ * Support Avast multiline protocol, this allows passing flags to
+   newer versions of the scanner.
+ *  Ensure that variables possibly set during message acceptance are marked
+    dead before release of memory in the daemon loop.
+ * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
+   as a multi-recipient message from a mailinglist manager).
+ * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
+   replaced by the ${authresults } expansion.
+ * Bug 2257: Fix pipe transport to not use a socket-only syscall.
+ * Set a handler for SIGTERM and call exit(3) if running as PID 1. This
+   allows proper process termination in container environments.
+ * Bug 2258: Fix spool_wireformat in combination with LMTP transport.
+   Previously the "final dot" had a newline after it; ensure it is CR,LF.
+ * SPF: remove support for the "spf" ACL condition outcome values "err_temp"
+   and "err_perm", deprecated since 4.83 when the RFC-defined words
+   " temperror" and "permerror" were introduced.
+ * Re-introduce enforcement of no cutthrough delivery on transports having
+   transport-filters or DKIM-signing.
+ * Cutthrough: for a final-dot response timeout (and nonunderstood responses)
+   in defer=pass mode supply a 450 to the initiator.  Previously the message
+      would be spooled.
+ * DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
+      tls_require_ciphers is used as before.
+ * Malware Avast: Better match the Avast multiline protocol.
+ * Fix reinitialisation of DKIM logging variable between messages.
+ * Bug 2255: Revert the disable of the OpenSSL session caching.
+ * Add util/renew-opendmarc-tlds.sh script for safe renewal of public
+   suffix list.
+ * DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
+   since the IETF WG has not yet settled on that versus the original
+   "bare" representation.
+ * Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
+   Previously the millisecond value corrupted the output.
+   Fix also for syslog_pid=no and log_selector +pid, for which the pid
+   corrupted the output.
+
 -------------------------------------------------------------------
 Thu Mar 15 20:22:09 UTC 2018 - crrodriguez@opensuse.org
 

exim.spec

@@ -73,7 +73,7 @@ Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.90.1
+Version:        4.91
 Release:        0
 %if %{with_mysql}
 BuildRequires:  mysql-devel
@@ -281,7 +281,7 @@ cat <<-EOF > Local/Makefile
 	EXPERIMENTAL_DSN=yes
 	SYSTEM_ALIASES_FILE=/etc/aliases
 %if %{with dane}
-	EXPERIMENTAL_DANE=yes
+	DANE=yes
 %endif
 	EXPERIMENTAL_SOCKS=yes
 %if %{with i18n}