Accepting request 985275 from home:pwcau:branches:server:mail

- update to exim 4.96
  * Move from using the pcre library to pcre2.
  * Constification work in the filters module required a major version
    bump for the local-scan API.  Specifically, the "headers_charset"
    global which is visible via the API is now const and may therefore
    not be modified by local-scan code.
  * Bug 2819: speed up command-line messages being read in.  Previously a
    time check was being done for every character; replace that with one
    per buffer.
  * Bug 2815: Fix ALPN sent by server under OpenSSL.  Previously the string
    sent was prefixed with a length byte.
  * Change the SMTP feature name for pipelining connect to be compliant with
    RFC 5321.  Previously Dovecot (at least) would log errors during
    submission.
  * Fix macro-definition during "-be" expansion testing.  The move to
    write-protected store for macros had not accounted for these runtime
    additions; fix by removing this protection for "-be" mode.
  * Convert all uses of select() to poll().
  * Fix use of $sender_host_name in daemon process.  When used in certain
    main-section options or in a connect ACL, the value from the first ever
    connection was never replaced for subsequent connections.
  * Bug 2838: Fix for i32lp64 hard-align platforms
  * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
    with underbars is given.
  * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
  * Debugging initiated by an ACL control now continues through into routing
    and transport processes.
  * The "expand" debug selector now gives more detail, specifically on the
    result of expansion operators and items.
  * Bug 2751: Fix include_directory in redirect routers.  Previously a
    bad comparison between the option value and the name of the file to
    be included was done, and a mismatch was wrongly identified.
  * Support for Berkeley DB versions 1 and 2 is withdrawn.
  * When built with NDBM for hints DB's check for nonexistence of a name
    supplied as the db file-pair basename.
  * Remove the "allow_insecure_tainted_data" main config option and the
    "taint" log_selector.
  * Fix static address-list lookups to properly return the matched item.
    Previously only the domain part was returned.
  * The ${run} expansion item now expands its command string elements after
    splitting.  Previously it was before; the new ordering makes handling
    zero-length arguments simpler.
  * Taint-check exec arguments for transport-initiated external processes.
    Previously, tainted values could be used.  This affects "pipe", "lmtp" and
    "queryprogram" transport, transport-filter, and ETRN commands.
    The ${run} expansion is also affected: in "preexpand" mode no part of
    the command line may be tainted, in default mode the executable name
    may not be tainted.
  * Fix CHUNKING on a continued-transport.  Previously the usabilility of
    the facility was not passed across execs, and only the first message
    passed over a connection could use BDAT; any further ones using DATA. 
  * Support the PIPECONNECT facility in the smtp transport when the helo_data
    uses $sending_ip_address and an interface is specified.
  * OpenSSL: fix transport-required OCSP stapling verification under session
    resumption.
  * TLS resumption: the key for session lookup in the client now includes
    more info that a server could potentially use in configuring a TLS
    session, avoiding oferring mismatching sessions to such a server.
  * Fix string_copyn() for limit greater than actual string length.
  * Bug 2886: GnuTLS: Do not free the cached creds on transport connection
    close; it may be needed for a subsequent connection.
  * Fix CHUNKING for a second message on a connection when the first was
    rejected.
  * Fix ${srs_encode ...} to handle an empty sender address, now returning
    an empty address.
  * Bug 2855: Handle a v4mapped sender address given us by a frontending
    proxy.

OBS-URL: https://build.opensuse.org/request/show/985275
OBS-URL: https://build.opensuse.org/package/show/server:mail/exim?expand=0&rev=260

exim-4.95.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7f4716cc1b3fee66930d83b249f1c7b119fa1957f6f46e3f4372805cbc97ea63
-size 2035738

exim-4.95.tar.bz2.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEE0L/WueylaUpvFJ3Or0zGdqa2wUIFAmFS1G4ACgkQr0zGdqa2
-wUKHcAgApLHqXMO+Z3em3BGQqqRz2Slo/gPAuy3iC3mwnP4v3QOxt9lPfFyyMstn
-0HDFhhELYrWsHQ+W6J0HDYkfh4sj6H6YE8kb+ZxCrY8/H0Iw+6156To4SNCPQ1hN
-vbkFBMI41q02LklcbB9ICYW3UpynG0lLaTDg2x0LcTRqU4NUhGSEXyK3mWR5Mju4
-iH1g3chBnjC3ydPQewPxxmp3Jv0a6RL/G1JYRZGsvdsU0HtxX2/3VRVQKBLeKCRg
-SHllvJHl5E1nk737ccZxPC3TcAYQVplLvaF8SIEyhnVZMGW9UgmzUPyuMzf5LYVH
-zgB53WIuIP5vjPKoYFPLnpoJu3lTyg==
-=PAKu
------END PGP SIGNATURE-----

exim-4.96.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c7a413fec601cc44a8f5fe9e5b64cb24a7d133f3a4a976f33741d98ff0ec6b91
+size 2047632

exim-4.96.tar.bz2.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQFEBAABCAAuFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmK3D24QHGpnaEB3aXpt
+YWlsLm9yZwAKCRC85YyM5B8y3/p6B/4kKhljnbyvsjc/4HTLpPgRXAdSxQTibZKI
+cRSnO5HXyLGqFCj+7WYFfHPWuSmmPhahfQ7mMuNUxcvJkQ32yTDYH4zjam9HpspU
+k6rdGNR3SurJ/3pxG4Adcyg3uZ2MSK0fbCmNd6N1MVa0riXxb0PT2pvniaRFKzrD
+H3UQ8Yy//R9CGzoUKKs6g063gTc4L+1y+hZJYKodZ7TvKODVp9X024Qvp0gKaF0K
+dnDdRNxqqNgUClig13Q4f/KNuGeeChP67AuG/kX+0qZBaduYgmCPoYJQ87jIMLgz
+ps6DUyiVVWLVz4N+mSZX6TPbeZ8OqHH6B1crbbhqpdurg4VcBT7A
+=HSmJ
+-----END PGP SIGNATURE-----

exim.changes

@@ -1,3 +1,73 @@
+Mon Jun 27 08:33:59 UTC 2022 - Peter Wullinger <wullinger@rz.uni-kiel.de>
+
+- update to exim 4.96
+  * Move from using the pcre library to pcre2.
+  * Constification work in the filters module required a major version
+    bump for the local-scan API.  Specifically, the "headers_charset"
+    global which is visible via the API is now const and may therefore
+    not be modified by local-scan code.
+  * Bug 2819: speed up command-line messages being read in.  Previously a
+    time check was being done for every character; replace that with one
+    per buffer.
+  * Bug 2815: Fix ALPN sent by server under OpenSSL.  Previously the string
+    sent was prefixed with a length byte.
+  * Change the SMTP feature name for pipelining connect to be compliant with
+    RFC 5321.  Previously Dovecot (at least) would log errors during
+    submission.
+  * Fix macro-definition during "-be" expansion testing.  The move to
+    write-protected store for macros had not accounted for these runtime
+    additions; fix by removing this protection for "-be" mode.
+  * Convert all uses of select() to poll().
+  * Fix use of $sender_host_name in daemon process.  When used in certain
+    main-section options or in a connect ACL, the value from the first ever
+    connection was never replaced for subsequent connections.
+  * Bug 2838: Fix for i32lp64 hard-align platforms
+  * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
+    with underbars is given.
+  * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
+  * Debugging initiated by an ACL control now continues through into routing
+    and transport processes.
+  * The "expand" debug selector now gives more detail, specifically on the
+    result of expansion operators and items.
+  * Bug 2751: Fix include_directory in redirect routers.  Previously a
+    bad comparison between the option value and the name of the file to
+    be included was done, and a mismatch was wrongly identified.
+  * Support for Berkeley DB versions 1 and 2 is withdrawn.
+  * When built with NDBM for hints DB's check for nonexistence of a name
+    supplied as the db file-pair basename.
+  * Remove the "allow_insecure_tainted_data" main config option and the
+    "taint" log_selector.
+  * Fix static address-list lookups to properly return the matched item.
+    Previously only the domain part was returned.
+  * The ${run} expansion item now expands its command string elements after
+    splitting.  Previously it was before; the new ordering makes handling
+    zero-length arguments simpler.
+  * Taint-check exec arguments for transport-initiated external processes.
+    Previously, tainted values could be used.  This affects "pipe", "lmtp" and
+    "queryprogram" transport, transport-filter, and ETRN commands.
+    The ${run} expansion is also affected: in "preexpand" mode no part of
+    the command line may be tainted, in default mode the executable name
+    may not be tainted.
+  * Fix CHUNKING on a continued-transport.  Previously the usabilility of
+    the facility was not passed across execs, and only the first message
+    passed over a connection could use BDAT; any further ones using DATA. 
+  * Support the PIPECONNECT facility in the smtp transport when the helo_data
+    uses $sending_ip_address and an interface is specified.
+  * OpenSSL: fix transport-required OCSP stapling verification under session
+    resumption.
+  * TLS resumption: the key for session lookup in the client now includes
+    more info that a server could potentially use in configuring a TLS
+    session, avoiding oferring mismatching sessions to such a server.
+  * Fix string_copyn() for limit greater than actual string length.
+  * Bug 2886: GnuTLS: Do not free the cached creds on transport connection
+    close; it may be needed for a subsequent connection.
+  * Fix CHUNKING for a second message on a connection when the first was
+    rejected.
+  * Fix ${srs_encode ...} to handle an empty sender address, now returning
+    an empty address.
+  * Bug 2855: Handle a v4mapped sender address given us by a frontending
+    proxy. 
+
 Wed Jan 19 11:41:15 UTC 2022 - Peter Wullinger <wullinger@rz.uni-kiel.de>
 
 - disable ProtectHome=, it prevents local delivery (bsc#1194810)

exim.spec

@@ -45,7 +45,7 @@ BuildRequires:  pam-devel
 %if %{with_ldap}
 BuildRequires:  openldap2-devel
 %endif
-BuildRequires:  pcre-devel
+BuildRequires:  pcre2-devel
 BuildRequires:  tcpd-devel
 BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:  pkgconfig(libssl)
@@ -74,7 +74,7 @@ Requires(pre):  group(mail)
 %endif
 Requires(pre):  fileutils textutils
 %endif
-Version:        4.95
+Version:        4.96
 Release:        1
 %if %{with_mysql}
 BuildRequires:  mysql-devel