Mailinglist Archive: opensuse-commit (1778 mails)
| < Previous | Next > |
commit exim for openSUSE:Factory
- From: root@xxxxxxxxxxxxxxx (h_root)
- Date: Mon, 07 Feb 2011 23:57:15 +0100
- Message-id: <20110207225715.74EB52023E@hilbert.suse.de>
Hello community,
here is the log from the commit of package exim for openSUSE:Factory
checked in at Mon Feb 7 23:57:15 CET 2011.
--------
--- exim/exim.changes 2011-02-04 16:54:35.000000000 +0100
+++ /mounts/work_src_done/STABLE/exim/exim.changes 2011-02-04
23:21:53.000000000 +0100
@@ -1,0 +2,105 @@
+Fri Feb 4 22:13:39 UTC 2011 - lars@xxxxxxxxx
+
+- Workround for PCRE version dependancy in version reporting; (beo#1073).
+
+-------------------------------------------------------------------
+Fri Feb 4 19:33:40 UTC 2011 - lars@xxxxxxxxx
+
+- update to 4.74
+ - Failure to get a lock on a hints database can have serious
+ consequences so log it to the panic log.
+ - Log LMTP confirmation messages in the same way as SMTP,
+ controlled using the smtp_confirmation log selector.
+ - Include the error message when we fail to unlink a spool file.
+ - Bugzilla 139: Support dynamically loaded lookups as modules.
+ - Bugzilla 139: Documentation and portability issues.
+ Avoid GNU Makefile-isms, let Exim continue to build on BSD.
+ Handle per-OS dynamic-module compilation flags.
+ - Let /dev/null have normal permissions.
+ The 4.73 fixes were a little too stringent and complained about the
+ permissions on /dev/null. Exempt it from some checks.
+ - Report version information for many libraries, including
+ Exim version information for dynamically loaded libraries. Created
+ version.h, now support a version extension string for distributors
+ who patch heavily. Dynamic module ABI change.
+ - CVE-2011-0017 - check return value of setuid/setgid. This is a
+ privilege escalation vulnerability whereby the Exim run-time user
+ can cause root to append content of the attacker's choosing to
+ arbitrary files.
+ - Bugzilla 1041: merged DCC maintainer's fixes for return code.
+ - Bugzilla 1071: fix delivery logging with untrusted macros.
+ If dropping privileges for untrusted macros, we disabled normal logging
+ on the basis that it would fail; for the Exim run-time user, this is not
+ the case, and it resulted in successful deliveries going unlogged.
+- update to 4.73
+ - Date: & Message-Id: revert to normally being appended to a message,
+ only prepend for the Resent-* case. Fixes regression introduced in
+ Exim 4.70 by NM/22 for Bugzilla 607.
+ - Include check_rfc2047_length in configure.default because we're seeing
+ increasing numbers of administrators be bitten by this.
+ - Added DISABLE_DKIM and comment to src/EDITME
+ - Bugzilla 994: added openssl_options main configuration option.
+ - Bugzilla 995: provide better SSL diagnostics on failed reads.
+ - Bugzilla 834: provide a permit_coredump option for pipe transports.
+ - Adjust NTLM authentication to handle SASL Initial Response.
+ - If TLS negotiated an anonymous cipher, we could end up with SSL but
+ without a peer certificate, leading to a segfault because of an
+ assumption that peers always have certificates. Be a little more
+ paranoid. Problem reported by Martin Tscholak.
+ - Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content
+ filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes
+ NB: ClamAV planning to remove STREAM in "middle of 2010".
+ CL also introduces -bmalware, various -d+acl logging additions and
+ more caution in buffer sizes.
+ - Implemented reverse_ip expansion operator.
+ - Bugzilla 937: provide a "debug" ACL control.
+ - Bugzilla 922: Documentation dusting, patch provided by John Horne.
+ - Bugzilla 973: Implement --version.
+ - Bugzilla 752: Refuse to build/run if Exim user is root/0.
+ - Build without WITH_CONTENT_SCAN. Path from Andreas Metzler.
+ - Bugzilla 816: support multiple condition rules on Routers.
+ - Add bool_lax{} expansion operator and use that for combining multiple
+ condition rules, instead of bool{}. Make both bool{} and bool_lax{}
+ ignore trailing whitespace.
+ - prevent non-panic DKIM error from being sent to paniclog
+ - added tcp_wrappers_daemon_name to allow host entries other than
+ "exim" to be used
+ - Fix malware regression for cmdline scanner introduced in PP/08.
+ Notification from Dr Andrew Aitchison.
+ - Change ClamAV response parsing to be more robust and to handle ClamAV's
+ ExtendedDetectionInfo response format.
+ Notification from John Horne.
+ - OpenSSL 1.0.0a compatibility const-ness change, should be backwards
+ compatible.
+ - Added a CONTRIBUTING file. Fixed the documentation build to use http:
+ XSL and documented dependency on system catalogs, with examples of how
+ it normally works.
+ - Added Valgrind hooks in store.c to help it capture out-of-bounds store
+ access.
+ - Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
+ of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
+ configuration file which is writeable by the Exim user or group.
+ - Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
+ of configuration files to cover files specified with the -C option if
+ they are going to be used with root privileges, not just the default
+ configuration file.
+ - Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
+ option (effectively making it always true).
+ - Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
+ files to be used while preserving root privileges.
+ - Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+ that rogue child processes cannot use them.
+ - Bugzilla 1047: change the default for system_filter_user to be the Exim
+ run-time user, instead of root.
+ - Add WHITELIST_D_MACROS option to let some macros be overriden by the
+ Exim run-time user without dropping privileges.
+ - Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
+ result string, instead of calling string_vformat() twice with the same
+ arguments.
+ - Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
+ for other users. Others should always drop root privileges if they use
+ -C on the command line, even for a whitelisted configure file.
+ - Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
+ - Fixed bug #1002 - Message loss when using multiple deliveries
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
CVE-2010-4345.diff
CVE-2011-0017.diff
exim-4.72.tar.bz2
New:
----
aa097c4c00f62487128d74f65c521f9e877b184f.diff
exim-4.74.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.ZRKuwQ/_old 2011-02-07 23:56:44.000000000 +0100
+++ /var/tmp/diff_new_pack.ZRKuwQ/_new 2011-02-07 23:56:44.000000000 +0100
@@ -40,8 +40,8 @@
Requires: logrotate
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils
textutils
%endif
-Version: 4.72
-Release: 3
+Version: 4.74
+Release: 1
%if %{?build_with_mysql:1}0
BuildRequires: mysql-devel
Provides: exim = %version
@@ -58,8 +58,7 @@
Source30: eximstats-html-update.py
Source31: eximstats.conf
Patch: exim-4.12-tail.patch
-Patch6: CVE-2010-4345.diff
-Patch7: CVE-2011-0017.diff
+Patch1: aa097c4c00f62487128d74f65c521f9e877b184f.diff
%if !%{?build_with_mysql:1}0
%package -n eximon
@@ -126,8 +125,7 @@
%prep
%setup -q -n exim-%{version}
%patch
-%patch6 -p1
-%patch7 -p1
+%patch1 -p1
# build with fPIE/pie on SUSE 10.0 or newer, or on any other platform
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
++++++ aa097c4c00f62487128d74f65c521f9e877b184f.diff ++++++
commit aa097c4c00f62487128d74f65c521f9e877b184f
Author: Nigel Metheringham <nigel@xxxxxxxx>
Date: Wed Jan 26 11:04:32 2011 +0000
Workround compile error with old PCRE versions
Fixes bug #1073
Index: exim-4.74/doc/ChangeLog
===================================================================
--- exim-4.74.orig/doc/ChangeLog
+++ exim-4.74/doc/ChangeLog
@@ -3,6 +3,13 @@ $Cambridge: exim/doc/doc-txt/ChangeLog,v
Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.75
+-----------------
+
+NM/01 Workround for PCRE version dependancy in version reporting
+ Bugzilla 1073
+
+
Exim version 4.74
-----------------
Index: exim-4.74/src/exim.c
===================================================================
--- exim-4.74.orig/src/exim.c
+++ exim-4.74/src/exim.c
@@ -931,8 +931,13 @@ DEBUG(D_any) do {
" Runtime: %s\n",
PCRE_MAJOR, PCRE_MINOR,
/* PRE_PRERELEASE is either defined and empty or a string.
- * This should work: */
+ * unless its an ancient version of PCRE in which case it
+ * is not defined */
+#ifdef PCRE_PRERELEASE
PCRE_PRERELEASE "",
+#else
+ "",
+#endif
pcre_version());
init_lookup_list();
++++++ exim-4.72.tar.bz2 -> exim-4.74.tar.bz2 ++++++
++++ 32181 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx
| < Previous | Next > |