Hello community,
here is the log from the commit of package exim
checked in at Sat Jan 12 03:08:45 CET 2008.
--------
--- exim/exim.changes 2007-08-24 08:47:40.000000000 +0200
+++ /mounts/work_src_done/STABLE/exim/exim.changes 2008-01-10 19:29:29.000000000 +0100
@@ -1,0 +2,105 @@
+Thu Jan 10 19:25:40 CET 2008 - poeml@suse.de
+
+- update to 4.69, which is mainly a bug fix release (although there
+ is also preliminary DKIM support available if compiled with
+ appropriate flags, which we don't do). The major change is an
+ update to the embedded PCRE library in response to security
+ issues, which are not relevant here, since we link against the
+ system pcre library, assuming that it has been fixed already.
+ TK/01 Add preliminary DKIM support. Currently requires a forked version of
+ ALT-N's libdkim that I have put here:
+ http://duncanthrax.net/exim-experimental/
+ Note to Michael Haardt: I had to rename some vars in sieve.c. They
+ were called 'true' and it seems that C99 defines that as a reserved
+ keyword to be used with 'bool' variable types. That means you could
+ not include C99-style headers which use bools without triggering
+ build errors in sieve.c.
+ NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
+ as mailq or other aliases. Changed the --help handling significantly
+ to do whats expected. exim_usage() emits usage/help information.
+ SC/01 Added the -bylocaldomain option to eximstats.
+ NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr
+ NM/03 Bugzilla 613: Documentation fix for acl_not_smtp
+ NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall)
+
+-------------------------------------------------------------------
+Fri Sep 28 01:55:04 CEST 2007 - poeml@suse.de
+
+- add #include to apparmor profile, to
+ allow for interactive usage (mailq, exim -M, ...)
+
+-------------------------------------------------------------------
+Thu Aug 30 17:37:17 CEST 2007 - poeml@suse.de
+
+- update to 4.68
+ PH/01 Another patch from the Sieve maintainer.
+ PH/02 When an IPv6 address is converted to a string for single-key lookup
+ in an address list (e.g. for an item such as "net24-dbm;/net/works"),
+ dots are used instead of colons so that keys in lsearch files need not
+ contain colons. This was done some time before quoting was made available
+ in lsearch files. However, iplsearch files do require colons in IPv6 keys
+ (notated using the quote facility) so as to distinguish them from IPv4
+ keys. This meant that lookups for IP addresses in host lists did not work
+ for iplsearch lookups.
+ This has been fixed by arranging for IPv6 addresses to be expressed with
+ colons if the lookup type is iplsearch. This is not incompatible, because
+ previously such lookups could never work.
+ The situation is now rather anomolous, since one *can* have colons in
+ ordinary lsearch keys. However, making the change in all cases is
+ incompatible and would probably break a number of configurations.
+ TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
+ version.
+ MH/01 The "spam" ACL condition code contained a sscanf() call with a %s
+ conversion specification without a maximum field width, thereby enabling
+ a rogue spamd server to cause a buffer overflow. While nobody in their
+ right mind would setup Exim to query an untrusted spamd server, an
+ attacker that gains access to a server running spamd could potentially
+ exploit this vulnerability to run arbitrary code as the Exim user.
+ TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
+ $primary_hostname instead of what libspf2 thinks the hosts name is.
+ MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
+ a directory entry by the name of the lookup key. Previously, if a
+ symlink pointed to a non-existing file or a file in a directory that
+ Exim lacked permissions to read, a lookup for a key matching that
+ symlink would fail. Now it is enough that a matching directory entry
+ exists, symlink or not. (Bugzilla 503.)
+ PH/03 The body_linecount and body_zerocount variables are now exported in the
+ local_scan API.
+ PH/04 Added the $dnslist_matched variable.
+ PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
+ This means they are set thereafter only if the connection becomes
+ encrypted.
+ PH/06 Added the client_condition to authenticators so that some can be skipped
+ by clients under certain conditions.
+ PH/07 The error message for a badly-placed control=no_multiline_responses left
+ "_responses" off the end of the name.
+ PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
+ PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
+ (without spaces) instead of just copying the configuration text.
+ PH/10 Added the /noupdate option to the ratelimit ACL condition.
+ PH/11 Added $max_received_linelength.
+ PH/12 Added +ignore_defer and +include_defer to host lists.
+ PH/13 Installed PCRE version 7.2. This needed some changes because of the new
+ way in which PCRE > 7.0 is built.
+ PH/14 Implemented queue_only_load_latch.
+ PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
+ MAIL command. The effect was to mangle the value on 64-bit systems.
+ PH/16 Another patch from the Sieve maintainer.
+ PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
+ PH/18 If a system quota error occurred while trying to create the file for
+ a maildir delivery, the message "Mailbox is full" was not appended to the
+ bounce if the delivery eventually timed out. Change 4.67/27 below applied
+ only to a quota excession during the actual writing of the file.
+ PH/19 It seems that peer DN values may contain newlines (and other non-printing
+ characters?) which causes problems in log lines. The DN values are now
+ passed through string_printing() before being added to log lines.
+ PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
+ and InterBase are left for another time.)
+ PH/21 Added message_body_newlines option.
+ PH/22 Guard against possible overflow in moan_check_errorcopy().
+ PH/23 POSIX allows open() to be a macro; guard against that.
+ PH/24 If the recipient of an error message contained an @ in the local part
+ (suitably quoted, of course), incorrect values were put in $domain and
+ $local_part during the evaluation of errors_copy.
+
+-------------------------------------------------------------------
Old:
----
exim-4.67.tar.bz2
New:
----
exim-4.69.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ exim.spec ++++++
--- /var/tmp/diff_new_pack.E23067/_old 2008-01-12 03:04:51.000000000 +0100
+++ /var/tmp/diff_new_pack.E23067/_new 2008-01-12 03:04:51.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package exim (Version 4.67)
+# spec file for package exim (Version 4.69)
#
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -26,18 +26,18 @@
BuildRequires: mysql-devel
Provides: exim = %{version}-%{release}
%endif
-URL: http://www.exim.org/
+Url: http://www.exim.org/
Conflicts: sendmail sendmail-tls postfix
License: GPL v2 or later
Group: Productivity/Networking/Email/Servers
-Autoreqprov: on
-provides: smtp_daemon
+AutoReqProv: on
+Provides: smtp_daemon
%if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
Requires: logrotate
PreReq: %insserv_prereq %fillup_prereq /usr/sbin/useradd fileutils textutils
%endif
-Version: 4.67
-Release: 39
+Version: 4.69
+Release: 1
Summary: The Exim Mail Transfer Agent, a Replacement for sendmail
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source: exim-%{version}.tar.bz2
@@ -52,9 +52,11 @@
Patch: exim-4.12-tail.patch
Patch2: exim-4.60-external-pcre.diff
%if !%{?build_with_mysql:1}0
+
%package -n eximon
Summary: Eximon, an graphical frontend to administer Exim's mail queue
Group: Productivity/Networking/Email/Servers
+
%package -n eximstats-html
Summary: Create HTML reports of exim logs
Group: Productivity/Networking/Email/Servers
@@ -90,7 +92,6 @@
--------
Philip Hazel
-
%description -n eximstats-html
If this package is installed alongside the exim MTA, and you enable
EXIM_REPORT_WEEKLY_HTML in /etc/sysconfig/exim, logrotate/cron will
@@ -110,6 +111,7 @@
Philip Hazel
%endif
+
%prep
%setup -q -n exim-%{version}
%patch
@@ -126,7 +128,6 @@
EXIM_USER=mail
EXIM_GROUP=mail
SPOOL_DIRECTORY=/var/spool/exim
-
ROUTER_ACCEPT=yes
ROUTER_DNSLOOKUP=yes
ROUTER_IPLITERAL=yes
@@ -159,7 +160,6 @@
# LOOKUP_WHOSON=yes
CYRUS_SASLAUTHD_SOCKET=/var/run/sasl2/mux
LDAP_LIB_TYPE=OPENLDAP2
-
# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I /usr/local/pgsql/include
# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq
LOOKUP_LIBS=-lldap -llber
@@ -167,19 +167,15 @@
LOOKUP_INCLUDE=-I /usr/include/mysql
LOOKUP_LIBS=-lldap -llber -lmysqlclient
%endif
-
EXIM_MONITOR=eximon.bin
-
WITH_CONTENT_SCAN=yes
WITH_OLD_DEMIME=yes
-
AUTH_CRAM_MD5=yes
AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
AUTH_DOVECOT=yes
SUPPORT_TLS=yes
TLS_LIBS=-lssl -lcrypto
-
INFO_DIRECTORY=%{_infodir}
LOG_FILE_PATH=/var/log/exim/%%s.log
EXICYCLOG_MAX=10
@@ -192,7 +188,6 @@
# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
# CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck
# USE_TCP_WRAPPERS=yes
-
NO_SYMLINK=yes
CHOWN_COMMAND=/bin/chown
CHGRP_COMMAND=/bin/chgrp
@@ -225,7 +220,6 @@
# SPOOL_MODE=0640
SUPPORT_MOVE_FROZEN_MESSAGES=yes
HAVE_IPV6=YES
-
CFLAGS=$RPM_OPT_FLAGS -Wall -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED $fPIE
EXTRALIBS=-ldl -L/usr/X11R6/%{_lib} $pie
EOF
@@ -271,7 +265,6 @@
%endif
cp -p %{S:1} $RPM_BUILD_ROOT/var/adm/fillup-templates/sysconfig.exim
install -m 644 %{S:2} $RPM_BUILD_ROOT/etc/logrotate.d/exim
-
# man pages
mv doc/exim.8 $RPM_BUILD_ROOT/%{_mandir}/man8/
pod2man --center=EXIM --section=8 $RPM_BUILD_ROOT/usr/sbin/eximstats > $RPM_BUILD_ROOT/%{_mandir}/man8/eximstats.8
@@ -294,7 +287,6 @@
ln -sf exim_db.8.gz $RPM_BUILD_ROOT/%{_mandir}/man8/$i.8.gz
done
perl -pi -e 's%/usr/share/doc/exim4%/usr/share/doc/packages/exim%g' `find $RPM_BUILD_ROOT/%{_mandir}/man8 -name "*.8"`
-
gzip -9 doc/*.txt
# since 10.0, the permissions file is packaged in the 'permissions' package
%if %{?suse_version:%suse_version}%{?!suse_version:99999} < 1000
@@ -311,7 +303,6 @@
# apparmor profile
install -D -m 0644 $RPM_SOURCE_DIR/apparmor.usr.sbin.exim $RPM_BUILD_ROOT/etc/apparmor/profiles/extras/usr.sbin.exim
-
%post
%run_permissions
if ! test -s etc/exim/exim.conf; then
@@ -340,7 +331,6 @@
%restart_on_update exim
%endif
%insserv_cleanup
-
%verifyscript
%verify_permissions -e /usr/sbin/exim
@@ -400,6 +390,102 @@
%endif
%changelog
+* Thu Jan 10 2008 - poeml@suse.de
+- update to 4.69, which is mainly a bug fix release (although there
+ is also preliminary DKIM support available if compiled with
+ appropriate flags, which we don't do). The major change is an
+ update to the embedded PCRE library in response to security
+ issues, which are not relevant here, since we link against the
+ system pcre library, assuming that it has been fixed already.
+ TK/01 Add preliminary DKIM support. Currently requires a forked version of
+ ALT-N's libdkim that I have put here:
+ http://duncanthrax.net/exim-experimental/
+ Note to Michael Haardt: I had to rename some vars in sieve.c. They
+ were called 'true' and it seems that C99 defines that as a reserved
+ keyword to be used with 'bool' variable types. That means you could
+ not include C99-style headers which use bools without triggering
+ build errors in sieve.c.
+ NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked
+ as mailq or other aliases. Changed the --help handling significantly
+ to do whats expected. exim_usage() emits usage/help information.
+ SC/01 Added the -bylocaldomain option to eximstats.
+ NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr
+ NM/03 Bugzilla 613: Documentation fix for acl_not_smtp
+ NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall)
+* Fri Sep 28 2007 - poeml@suse.de
+- add #include to apparmor profile, to
+ allow for interactive usage (mailq, exim -M, ...)
+* Thu Aug 30 2007 - poeml@suse.de
+- update to 4.68
+ PH/01 Another patch from the Sieve maintainer.
+ PH/02 When an IPv6 address is converted to a string for single-key lookup
+ in an address list (e.g. for an item such as "net24-dbm;/net/works"),
+ dots are used instead of colons so that keys in lsearch files need not
+ contain colons. This was done some time before quoting was made available
+ in lsearch files. However, iplsearch files do require colons in IPv6 keys
+ (notated using the quote facility) so as to distinguish them from IPv4
+ keys. This meant that lookups for IP addresses in host lists did not work
+ for iplsearch lookups.
+ This has been fixed by arranging for IPv6 addresses to be expressed with
+ colons if the lookup type is iplsearch. This is not incompatible, because
+ previously such lookups could never work.
+ The situation is now rather anomolous, since one *can* have colons in
+ ordinary lsearch keys. However, making the change in all cases is
+ incompatible and would probably break a number of configurations.
+ TK/01 Change PRVS address formatting scheme to reflect latests BATV draft
+ version.
+ MH/01 The "spam" ACL condition code contained a sscanf() call with a %%s
+ conversion specification without a maximum field width, thereby enabling
+ a rogue spamd server to cause a buffer overflow. While nobody in their
+ right mind would setup Exim to query an untrusted spamd server, an
+ attacker that gains access to a server running spamd could potentially
+ exploit this vulnerability to run arbitrary code as the Exim user.
+ TK/02 Bugzilla 502: Apply patch to make the SPF-Received: header use
+ $primary_hostname instead of what libspf2 thinks the hosts name is.
+ MH/02 The dsearch lookup now uses lstat(2) instead of stat(2) to look for
+ a directory entry by the name of the lookup key. Previously, if a
+ symlink pointed to a non-existing file or a file in a directory that
+ Exim lacked permissions to read, a lookup for a key matching that
+ symlink would fail. Now it is enough that a matching directory entry
+ exists, symlink or not. (Bugzilla 503.)
+ PH/03 The body_linecount and body_zerocount variables are now exported in the
+ local_scan API.
+ PH/04 Added the $dnslist_matched variable.
+ PH/05 Unset $tls_cipher and $tls_peerdn before making a connection as a client.
+ This means they are set thereafter only if the connection becomes
+ encrypted.
+ PH/06 Added the client_condition to authenticators so that some can be skipped
+ by clients under certain conditions.
+ PH/07 The error message for a badly-placed control=no_multiline_responses left
+ "_responses" off the end of the name.
+ PH/08 Added -Mvc to output a copy of a message in RFC 2822 format.
+ PH/09 Tidied the code for creating ratelimiting keys, creating them explicitly
+ (without spaces) instead of just copying the configuration text.
+ PH/10 Added the /noupdate option to the ratelimit ACL condition.
+ PH/11 Added $max_received_linelength.
+ PH/12 Added +ignore_defer and +include_defer to host lists.
+ PH/13 Installed PCRE version 7.2. This needed some changes because of the new
+ way in which PCRE > 7.0 is built.
+ PH/14 Implemented queue_only_load_latch.
+ PH/15 Removed an incorrect (int) cast when reading the value of SIZE in a
+ MAIL command. The effect was to mangle the value on 64-bit systems.
+ PH/16 Another patch from the Sieve maintainer.
+ PH/17 Added the NOTQUIT ACL, based on a patch from Ted Cooper.
+ PH/18 If a system quota error occurred while trying to create the file for
+ a maildir delivery, the message "Mailbox is full" was not appended to the
+ bounce if the delivery eventually timed out. Change 4.67/27 below applied
+ only to a quota excession during the actual writing of the file.
+ PH/19 It seems that peer DN values may contain newlines (and other non-printing
+ characters?) which causes problems in log lines. The DN values are now
+ passed through string_printing() before being added to log lines.
+ PH/20 Added the "servers=" facility to MySQL and PostgreSQL lookups. (Oracle
+ and InterBase are left for another time.)
+ PH/21 Added message_body_newlines option.
+ PH/22 Guard against possible overflow in moan_check_errorcopy().
+ PH/23 POSIX allows open() to be a macro; guard against that.
+ PH/24 If the recipient of an error message contained an @ in the local part
+ (suitably quoted, of course), incorrect values were put in $domain and
+ $local_part during the evaluation of errors_copy.
* Fri Aug 24 2007 - poeml@suse.de
- "Novell apparmor" doesn't own /etc/apparmor and
/etc/apparmor/profiles... fix build in autobuild
++++++ apparmor.usr.sbin.exim ++++++
--- exim/apparmor.usr.sbin.exim 2007-08-23 12:33:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/exim/apparmor.usr.sbin.exim 2007-09-28 01:55:03.000000000 +0200
@@ -5,6 +5,7 @@
/usr/sbin/exim {
#include
#include
+ #include
#include
capability chown,
++++++ exim-4.67.tar.bz2 -> exim-4.69.tar.bz2 ++++++
++++ 22569 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org