rpms
/
exim
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New version 

Resolves: rhbz#2100385
This commit is contained in:
Jaroslav Škarvada 2022-06-23 14:03:49 +02:00
parent 1aba7be61c
commit 05b4f9b763
7 changed files with 106 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
exim-4.94.2-config.patch → exim-4.95-config.patch
View File

@ -12,7 +12,7 @@ index 61368ec..e8fe9ef 100755
echo "" >>$mft echo "" >>$mft
cat $mftt >> $mft cat $mftt >> $mft
diff --git a/src/EDITME b/src/EDITME diff --git a/src/EDITME b/src/EDITME
index 8da36a3..9b7682c 100644 index f4329fa..b0643e0 100644
--- a/src/EDITME --- a/src/EDITME
+++ b/src/EDITME +++ b/src/EDITME
@@ -99,7 +99,7 @@ @@ -99,7 +99,7 @@
@ -52,7 +52,7 @@ index 8da36a3..9b7682c 100644
# Many sites define a user called "exim", with an appropriate default group, # Many sites define a user called "exim", with an appropriate default group,
# and use # and use
@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim @@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim
# If you are buliding with TLS, the library configuration must be done: # If you are building with TLS, the library configuration must be done:
# Uncomment this if you are using OpenSSL # Uncomment this if you are using OpenSSL
-# USE_OPENSSL=yes -# USE_OPENSSL=yes
@ -64,7 +64,7 @@ index 8da36a3..9b7682c 100644
# TLS_LIBS=-lssl -lcrypto # TLS_LIBS=-lssl -lcrypto
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
@@ -337,7 +337,7 @@ TRANSPORT_SMTP=yes @@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes
# This one is special-purpose, and commonly not required, so it is not # This one is special-purpose, and commonly not required, so it is not
# included by default. # included by default.
@ -73,7 +73,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -346,9 +346,9 @@ TRANSPORT_SMTP=yes @@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes
# MBX, is included only when requested. If you do not know what this is about, # MBX, is included only when requested. If you do not know what this is about,
# leave these settings commented out. # leave these settings commented out.
@ -86,7 +86,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -406,20 +406,26 @@ LOOKUP_DBM=yes @@ -409,22 +409,28 @@ LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes LOOKUP_DNSDB=yes
@ -97,13 +97,15 @@ index 8da36a3..9b7682c 100644
# LOOKUP_IBASE=yes # LOOKUP_IBASE=yes
# LOOKUP_JSON=yes # LOOKUP_JSON=yes
-# LOOKUP_LDAP=yes -# LOOKUP_LDAP=yes
+LOOKUP_LDAP=yes
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_LIBS=-lldap -llber -lsqlite3
# LOOKUP_LMDB=yes
-# LOOKUP_MYSQL=yes -# LOOKUP_MYSQL=yes
-# LOOKUP_MYSQL_PC=mariadb -# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes -# LOOKUP_NIS=yes
-# LOOKUP_NISPLUS=yes -# LOOKUP_NISPLUS=yes
+LOOKUP_LDAP=yes
+LDAP_LIB_TYPE=OPENLDAP2
+LOOKUP_LIBS=-lldap -llber -lsqlite3
+LOOKUP_MYSQL=2 +LOOKUP_MYSQL=2
+LOOKUP_MYSQL_PC=mariadb +LOOKUP_MYSQL_PC=mariadb
+LOOKUP_NIS=yes +LOOKUP_NIS=yes
@ -123,7 +125,7 @@ index 8da36a3..9b7682c 100644
# LOOKUP_SQLITE_PC=sqlite3 # LOOKUP_SQLITE_PC=sqlite3
# LOOKUP_WHOSON=yes # LOOKUP_WHOSON=yes
@@ -432,7 +438,7 @@ LOOKUP_DNSDB=yes @@ -437,7 +443,7 @@ LOOKUP_DNSDB=yes
# Some platforms may need this for LOOKUP_NIS: # Some platforms may need this for LOOKUP_NIS:
@ -132,7 +134,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
@@ -498,7 +504,7 @@ SUPPORT_DANE=yes @@ -504,7 +510,7 @@ SUPPORT_DANE=yes
# files are defaulted in the OS/Makefile-Default file, but can be overridden in # files are defaulted in the OS/Makefile-Default file, but can be overridden in
# local OS-specific make files. # local OS-specific make files.
@ -141,7 +143,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -508,7 +514,7 @@ SUPPORT_DANE=yes @@ -514,7 +520,7 @@ SUPPORT_DANE=yes
# and the MIME ACL. Please read the documentation to learn more about these # and the MIME ACL. Please read the documentation to learn more about these
# features. # features.
@ -150,10 +152,10 @@ index 8da36a3..9b7682c 100644
# If you have content scanning you may wish to only include some of the scanner # If you have content scanning you may wish to only include some of the scanner
# interfaces. Uncomment any of these lines to remove that code. # interfaces. Uncomment any of these lines to remove that code.
@@ -595,12 +601,12 @@ DISABLE_MAL_MKS=yes @@ -607,12 +613,12 @@ DISABLE_MAL_MKS=yes
# Uncomment the following line to add DMARC checking capability, implemented
# using libopendmarc libraries. You must have SPF and DKIM support enabled also. # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
# Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken;
# 1.3.2-3 works. I seems that the OpenDMARC project broke their API.
-# SUPPORT_DMARC=yes -# SUPPORT_DMARC=yes
+SUPPORT_DMARC=yes +SUPPORT_DMARC=yes
# CFLAGS += -I/usr/local/include # CFLAGS += -I/usr/local/include
@ -166,7 +168,7 @@ index 8da36a3..9b7682c 100644
# Uncomment the following line to add ARC (Authenticated Received Chain) # Uncomment the following line to add ARC (Authenticated Received Chain)
# support. You must have SPF and DKIM support enabled also. # support. You must have SPF and DKIM support enabled also.
@@ -713,7 +719,7 @@ FIXED_NEVER_USERS=root @@ -712,7 +718,7 @@ FIXED_NEVER_USERS=root
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
@ -175,7 +177,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -758,18 +764,18 @@ FIXED_NEVER_USERS=root @@ -764,18 +770,18 @@ ALLOW_INSECURE_TAINTED_DATA=yes
# included in the Exim binary. You will then need to set up the run time # included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected. # configuration to make use of the mechanism(s) selected.
@ -202,7 +204,7 @@ index 8da36a3..9b7682c 100644
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
# requires multiple pkg-config files to work with Exim, so the second example # requires multiple pkg-config files to work with Exim, so the second example
@@ -796,7 +802,7 @@ FIXED_NEVER_USERS=root @@ -802,7 +808,7 @@ ALLOW_INSECURE_TAINTED_DATA=yes
# one that is set in the headers_charset option. The default setting is # one that is set in the headers_charset option. The default setting is
# defined by this setting: # defined by this setting:
@ -211,7 +213,7 @@ index 8da36a3..9b7682c 100644
# If you are going to make use of $header_xxx expansions in your configuration # If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal # file, or if your users are going to use them in filter files, and the normal
@@ -816,7 +822,7 @@ HEADERS_CHARSET="ISO-8859-1" @@ -822,7 +828,7 @@ HEADERS_CHARSET="ISO-8859-1"
# the Sieve filter support. For those OS where iconv() is known to be installed # the Sieve filter support. For those OS where iconv() is known to be installed
# as standard, the file in OS/Makefile-xxxx contains # as standard, the file in OS/Makefile-xxxx contains
# #
@ -220,7 +222,7 @@ index 8da36a3..9b7682c 100644
# #
# If you are not using one of those systems, but have installed iconv(), you # If you are not using one of those systems, but have installed iconv(), you
# need to uncomment that line above. In some cases, you may find that iconv() # need to uncomment that line above. In some cases, you may find that iconv()
@@ -892,7 +898,7 @@ HEADERS_CHARSET="ISO-8859-1" @@ -898,7 +904,7 @@ HEADERS_CHARSET="ISO-8859-1"
# Once you have done this, "make install" will build the info files and # Once you have done this, "make install" will build the info files and
# install them in the directory you have defined. # install them in the directory you have defined.
@ -229,7 +231,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -905,7 +911,7 @@ HEADERS_CHARSET="ISO-8859-1" @@ -911,7 +917,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject" # %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this: # to form the final file names. Some installations may want something like this:
@ -238,7 +240,7 @@ index 8da36a3..9b7682c 100644
# which results in files with names /var/log/exim_mainlog, etc. The directory # which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create # in which the log files are placed must exist; Exim does not try to create
@@ -977,7 +983,7 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -983,7 +989,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it. # Perl costs quite a lot of resources. Only do this if you really need it.
@ -247,7 +249,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -987,7 +993,7 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -993,7 +999,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# that the local_scan API is made available by the linker. You may also need # that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim. # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
@ -256,7 +258,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -997,7 +1003,7 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -1003,7 +1009,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# support, which is intended for use in conjunction with the SMTP AUTH # support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting: # facilities, is included only when requested by the following setting:
@ -265,7 +267,7 @@ index 8da36a3..9b7682c 100644
# You probably need to add -lpam to EXTRALIBS, and in some releases of # You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed. # GNU/Linux -ldl is also needed.
@@ -1009,12 +1015,12 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -1015,12 +1021,12 @@ ZCAT_COMMAND=/usr/bin/zcat
# If you may want to use outbound (client-side) proxying, using Socks5, # If you may want to use outbound (client-side) proxying, using Socks5,
# uncomment the line below. # uncomment the line below.
@ -280,7 +282,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -1038,9 +1044,9 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -1044,9 +1050,9 @@ ZCAT_COMMAND=/usr/bin/zcat
# installed on your system (www.libspf2.org). Depending on where it is installed # installed on your system (www.libspf2.org). Depending on where it is installed
# you may have to edit the CFLAGS and LDFLAGS lines. # you may have to edit the CFLAGS and LDFLAGS lines.
@ -292,7 +294,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -1105,7 +1111,7 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -1111,7 +1117,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# group. Once you have installed saslauthd, you should arrange for it to be # group. Once you have installed saslauthd, you should arrange for it to be
# started by root at boot time. # started by root at boot time.
@ -301,7 +303,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -1119,8 +1125,8 @@ ZCAT_COMMAND=/usr/bin/zcat @@ -1125,8 +1131,8 @@ ZCAT_COMMAND=/usr/bin/zcat
# library for TCP wrappers, so you probably need something like this: # library for TCP wrappers, so you probably need something like this:
# #
# USE_TCP_WRAPPERS=yes # USE_TCP_WRAPPERS=yes
@ -312,7 +314,7 @@ index 8da36a3..9b7682c 100644
# #
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well. # as well.
@@ -1172,7 +1178,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases @@ -1178,7 +1184,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# is "yes", as well as supporting line editing, a history of input lines in the # is "yes", as well as supporting line editing, a history of input lines in the
# current run is maintained. # current run is maintained.
@ -321,7 +323,7 @@ index 8da36a3..9b7682c 100644
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
# Note that this option adds to the size of the Exim binary, because the # Note that this option adds to the size of the Exim binary, because the
@@ -1189,7 +1195,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases @@ -1195,7 +1201,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support. # Uncomment this setting to include IPv6 support.
@ -330,7 +332,7 @@ index 8da36a3..9b7682c 100644
############################################################################### ###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION # # THINGS YOU ALMOST NEVER NEED TO MENTION #
@@ -1210,13 +1216,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases @@ -1216,13 +1222,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to # haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities. # use those utilities.
@ -351,7 +353,7 @@ index 8da36a3..9b7682c 100644
#------------------------------------------------------------------------------ #------------------------------------------------------------------------------
@@ -1418,7 +1424,7 @@ EXIM_TMPDIR="/tmp" @@ -1424,7 +1430,7 @@ EXIM_TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the # (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this: # file can be specified here. Some installations may want something like this:
@ -361,7 +363,7 @@ index 8da36a3..9b7682c 100644
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid". # using the name "exim-daemon.pid".
diff --git a/src/configure.default b/src/configure.default diff --git a/src/configure.default b/src/configure.default
index d94c148..1f6afd4 100644 index 3761daf..a5d3718 100644
--- a/src/configure.default --- a/src/configure.default
+++ b/src/configure.default +++ b/src/configure.default
@@ -67,7 +67,7 @@ @@ -67,7 +67,7 @@
@ -406,12 +408,12 @@ index d94c148..1f6afd4 100644
+# sqlite_dbfile = /var/spool/exim/db/greylist.db +# sqlite_dbfile = /var/spool/exim/db/greylist.db
+ +
+ +
# If Exim is compiled with support for TLS, you may want to enable the # If Exim is compiled with support for TLS, you may want to change the
# following options so that Exim allows clients to make encrypted # following option so that Exim disallows certain clients from makeing encrypted
# connections. In the authenticators section below, there are template # connections. The default is to allow all.
@@ -157,7 +165,7 @@ acl_smtp_data = acl_check_data @@ -157,7 +165,7 @@ acl_smtp_data = acl_check_data
# Allow any client to use TLS. # This is equivalent to the default.
-# tls_advertise_hosts = * -# tls_advertise_hosts = *
+tls_advertise_hosts = * +tls_advertise_hosts = *
@ -428,8 +430,8 @@ index d94c148..1f6afd4 100644
+tls_privatekey = /etc/pki/tls/private/exim.pem +tls_privatekey = /etc/pki/tls/private/exim.pem
# For OpenSSL, prefer EC- over RSA-authenticated ciphers # For OpenSSL, prefer EC- over RSA-authenticated ciphers
# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT .ifdef _HAVE_OPENSSL
@@ -180,8 +188,8 @@ acl_smtp_data = acl_check_data @@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}}
# them you should also allow TLS-on-connect on the traditional but # them you should also allow TLS-on-connect on the traditional but
# non-standard port 465. # non-standard port 465.
@ -440,7 +442,7 @@ index d94c148..1f6afd4 100644
# Specify the domain you want to be added to all unqualified addresses # Specify the domain you want to be added to all unqualified addresses
@@ -239,6 +247,24 @@ never_users = root @@ -248,6 +256,24 @@ never_users = root
host_lookup = * host_lookup = *
@ -465,7 +467,7 @@ index d94c148..1f6afd4 100644
# The setting below causes Exim to try to initialize the system resolver # The setting below causes Exim to try to initialize the system resolver
# library with DNSSEC support. It has no effect if your library lacks # library with DNSSEC support. It has no effect if your library lacks
@@ -369,8 +395,8 @@ timeout_frozen_after = 7d @@ -378,8 +404,8 @@ timeout_frozen_after = 7d
# Note that TZ is handled separately by the timezone runtime option # Note that TZ is handled separately by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option. # and TIMEZONE_DEFAULT buildtime option.
@ -476,7 +478,7 @@ index d94c148..1f6afd4 100644
@@ -381,6 +407,29 @@ timeout_frozen_after = 7d @@ -390,6 +416,29 @@ timeout_frozen_after = 7d
begin acl begin acl
@ -506,7 +508,7 @@ index d94c148..1f6afd4 100644
# This access control list is used for every RCPT command in an incoming # This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either # SMTP message. The tests are run in order until the address is either
# accepted or denied. # accepted or denied.
@@ -392,6 +441,7 @@ acl_check_rcpt: @@ -401,6 +450,7 @@ acl_check_rcpt:
accept hosts = : accept hosts = :
control = dkim_disable_verify control = dkim_disable_verify
@ -514,7 +516,7 @@ index d94c148..1f6afd4 100644
############################################################################# #############################################################################
# The following section of the ACL is concerned with local parts that contain # The following section of the ACL is concerned with local parts that contain
@@ -445,7 +495,8 @@ acl_check_rcpt: @@ -454,7 +504,8 @@ acl_check_rcpt:
accept local_parts = postmaster accept local_parts = postmaster
domains = +local_domains domains = +local_domains
@ -524,7 +526,7 @@ index d94c148..1f6afd4 100644
require verify = sender require verify = sender
@@ -485,6 +536,7 @@ acl_check_rcpt: @@ -494,6 +545,7 @@ acl_check_rcpt:
accept hosts = +relay_from_hosts accept hosts = +relay_from_hosts
control = submission control = submission
control = dkim_disable_verify control = dkim_disable_verify
@ -532,15 +534,15 @@ index d94c148..1f6afd4 100644
# Accept if the message arrived over an authenticated connection, from # Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient # any host. Again, these messages are usually from MUAs, so recipient
@@ -494,6 +546,7 @@ acl_check_rcpt: @@ -503,6 +555,7 @@ acl_check_rcpt:
accept authenticated = * accept authenticated = *
control = submission control = submission
control = dkim_disable_verify control = dkim_disable_verify
+ control = dmarc_disable_verify + control = dmarc_disable_verify
# Insist that a HELO/EHLO was accepted. # Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
@@ -519,7 +572,8 @@ acl_check_rcpt: @@ -523,7 +576,8 @@ acl_check_rcpt:
# There are no default checks on DNS black lists because the domains that # There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two # contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this # examples of how you can get Exim to perform a DNS black list lookup at this
@ -550,7 +552,7 @@ index d94c148..1f6afd4 100644
# #
# deny dnslists = black.list.example # deny dnslists = black.list.example
# message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text # message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
@@ -527,6 +581,10 @@ acl_check_rcpt: @@ -531,6 +585,10 @@ acl_check_rcpt:
# warn dnslists = black.list.example # warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain # log_message = found in $dnslist_domain
@ -561,7 +563,7 @@ index d94c148..1f6afd4 100644
############################################################################# #############################################################################
############################################################################# #############################################################################
@@ -553,6 +611,10 @@ acl_check_rcpt: @@ -557,6 +615,10 @@ acl_check_rcpt:
# set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER}
############################################################################# #############################################################################
@ -572,7 +574,7 @@ index d94c148..1f6afd4 100644
# At this point, the address has passed all the checks that have been # At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally. # configured, so we accept it unconditionally.
@@ -602,21 +664,32 @@ acl_check_data: @@ -606,21 +668,32 @@ acl_check_data:
message = header syntax message = header syntax
log_message = header syntax ($acl_verify_message) log_message = header syntax ($acl_verify_message)
@ -613,7 +615,7 @@ index d94c148..1f6afd4 100644
############################################################################# #############################################################################
# No more tests if PRDR was actively used. # No more tests if PRDR was actively used.
@@ -630,11 +703,63 @@ acl_check_data: @@ -634,11 +707,63 @@ acl_check_data:
# condition = ... # condition = ...
############################################################################# #############################################################################
@ -678,7 +680,7 @@ index d94c148..1f6afd4 100644
###################################################################### ######################################################################
@@ -736,7 +861,7 @@ system_aliases: @@ -740,7 +865,7 @@ system_aliases:
driver = redirect driver = redirect
allow_fail allow_fail
allow_defer allow_defer
@ -687,7 +689,7 @@ index d94c148..1f6afd4 100644
# user = exim # user = exim
file_transport = address_file file_transport = address_file
pipe_transport = address_pipe pipe_transport = address_pipe
@@ -774,7 +899,7 @@ userforward: @@ -778,7 +903,7 @@ userforward:
# local_part_suffix = +* : -* # local_part_suffix = +* : -*
# local_part_suffix_optional # local_part_suffix_optional
file = $home/.forward file = $home/.forward
@ -696,7 +698,7 @@ index d94c148..1f6afd4 100644
no_verify no_verify
no_expn no_expn
check_ancestor check_ancestor
@@ -782,6 +907,12 @@ userforward: @@ -786,6 +911,12 @@ userforward:
pipe_transport = address_pipe pipe_transport = address_pipe
reply_transport = address_reply reply_transport = address_reply
@ -709,9 +711,9 @@ index d94c148..1f6afd4 100644
# This router matches local user mailboxes. If the router fails, the error # This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user". # message is "Unknown user".
@@ -823,6 +954,25 @@ remote_smtp: @@ -826,6 +957,25 @@ remote_smtp:
driver = smtp tls_resumption_hosts = *
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} .endif
+# This transport is used for delivering messages over SMTP using the +# This transport is used for delivering messages over SMTP using the
+# "message submission" port (RFC4409). +# "message submission" port (RFC4409).
@ -735,7 +737,7 @@ index d94c148..1f6afd4 100644
# This transport is used for delivering messages to a smarthost, if the # This transport is used for delivering messages to a smarthost, if the
# smarthost router is enabled. This starts from the same basis as # smarthost router is enabled. This starts from the same basis as
@@ -875,8 +1025,8 @@ local_delivery: @@ -880,8 +1030,8 @@ local_delivery:
delivery_date_add delivery_date_add
envelope_to_add envelope_to_add
return_path_add return_path_add
@ -746,7 +748,7 @@ index d94c148..1f6afd4 100644
# This transport is used for handling pipe deliveries generated by alias or # This transport is used for handling pipe deliveries generated by alias or
@@ -909,6 +1059,16 @@ address_reply: @@ -914,6 +1064,16 @@ address_reply:
driver = autoreply driver = autoreply
@ -763,7 +765,7 @@ index d94c148..1f6afd4 100644
###################################################################### ######################################################################
# RETRY CONFIGURATION # # RETRY CONFIGURATION #
@@ -949,6 +1109,21 @@ begin rewrite @@ -954,6 +1114,21 @@ begin rewrite
# AUTHENTICATION CONFIGURATION # # AUTHENTICATION CONFIGURATION #
###################################################################### ######################################################################
@ -785,7 +787,7 @@ index d94c148..1f6afd4 100644
# The following authenticators support plaintext username/password # The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional # authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server. # but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -964,7 +1139,7 @@ begin rewrite @@ -969,7 +1144,7 @@ begin rewrite
# The default RCPT ACL checks for successful authentication, and will accept # The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet. # messages from authenticated users from anywhere on the Internet.
@ -794,7 +796,7 @@ index d94c148..1f6afd4 100644
# PLAIN authentication has no server prompts. The client sends its # PLAIN authentication has no server prompts. The client sends its
# credentials in one lump, containing an authorization ID (which we do not # credentials in one lump, containing an authorization ID (which we do not
@@ -978,7 +1153,7 @@ begin authenticators @@ -983,7 +1158,7 @@ begin authenticators
# driver = plaintext # driver = plaintext
# server_set_id = $auth2 # server_set_id = $auth2
# server_prompts = : # server_prompts = :
@ -803,7 +805,7 @@ index d94c148..1f6afd4 100644
# server_advertise_condition = ${if def:tls_in_cipher } # server_advertise_condition = ${if def:tls_in_cipher }
# LOGIN authentication has traditional prompts and responses. There is no # LOGIN authentication has traditional prompts and responses. There is no
@@ -990,7 +1165,7 @@ begin authenticators @@ -995,7 +1170,7 @@ begin authenticators
# driver = plaintext # driver = plaintext
# server_set_id = $auth1 # server_set_id = $auth1
# server_prompts = <| Username: | Password: # server_prompts = <| Username: | Password:

40
exim-4.94-dlopen-localscan.patch → exim-4.95-dlopen-localscan.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/EDITME b/src/EDITME diff --git a/src/EDITME b/src/EDITME
index 65082b5..757a1a3 100644 index b0643e0..31366ae 100644
--- a/src/EDITME --- a/src/EDITME
+++ b/src/EDITME +++ b/src/EDITME
@@ -882,6 +882,21 @@ HAVE_ICONV=yes @@ -888,6 +888,21 @@ HAVE_ICONV=yes
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
@ -25,12 +25,12 @@ index 65082b5..757a1a3 100644
# The default distribution of Exim contains only the plain text form of the # The default distribution of Exim contains only the plain text form of the
# documentation. Other forms are available separately. If you want to install # documentation. Other forms are available separately. If you want to install
diff --git a/src/config.h.defaults b/src/config.h.defaults diff --git a/src/config.h.defaults b/src/config.h.defaults
index e17f015..008b97b 100644 index 877cc7b..94abf58 100644
--- a/src/config.h.defaults --- a/src/config.h.defaults
+++ b/src/config.h.defaults +++ b/src/config.h.defaults
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'. @@ -35,6 +35,8 @@ Do not put spaces between # and the 'define'.
#define AUTH_VARS 3 #define AUTH_VARS 4
+#define DLOPEN_LOCAL_SCAN +#define DLOPEN_LOCAL_SCAN
+ +
@ -38,10 +38,10 @@ index e17f015..008b97b 100644
#define CONFIGURE_FILE #define CONFIGURE_FILE
diff --git a/src/globals.c b/src/globals.c diff --git a/src/globals.c b/src/globals.c
index fc3086f..aa11a9b 100644 index 5d9f7f8..6f11de5 100644
--- a/src/globals.c --- a/src/globals.c
+++ b/src/globals.c +++ b/src/globals.c
@@ -147,6 +147,10 @@ uschar *tls_verify_hosts = NULL; @@ -155,6 +155,10 @@ time_t tls_watch_trigger_time = (time_t)0;
uschar *tls_advertise_hosts = NULL; uschar *tls_advertise_hosts = NULL;
#endif #endif
@ -53,12 +53,12 @@ index fc3086f..aa11a9b 100644
/* Per Recipient Data Response variables */ /* Per Recipient Data Response variables */
BOOL prdr_enable = FALSE; BOOL prdr_enable = FALSE;
diff --git a/src/globals.h b/src/globals.h diff --git a/src/globals.h b/src/globals.h
index c80c853..333455c 100644 index b610ac0..3b97a5d 100644
--- a/src/globals.h --- a/src/globals.h
+++ b/src/globals.h +++ b/src/globals.h
@@ -141,6 +141,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */ @@ -149,6 +149,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */
extern uschar *tls_verify_certificates;/* Path for certificates to check */ extern int tls_watch_fd; /* for inotify of creds files */
extern uschar *tls_verify_hosts; /* Mandatory client verification */ extern time_t tls_watch_trigger_time; /* non-0: triggered */
#endif #endif
+ +
+#ifdef DLOPEN_LOCAL_SCAN +#ifdef DLOPEN_LOCAL_SCAN
@ -69,10 +69,10 @@ index c80c853..333455c 100644
extern uschar *dsn_envid; /* DSN envid string */ extern uschar *dsn_envid; /* DSN envid string */
diff --git a/src/local_scan.c b/src/local_scan.c diff --git a/src/local_scan.c b/src/local_scan.c
index 4dd0b2b..72e0033 100644 index 2032ae7..43dfe99 100644
--- a/src/local_scan.c --- a/src/local_scan.c
+++ b/src/local_scan.c +++ b/src/local_scan.c
@@ -5,61 +5,135 @@ @@ -5,59 +5,133 @@
/* Copyright (c) University of Cambridge 1995 - 2009 */ /* Copyright (c) University of Cambridge 1995 - 2009 */
/* See the file NOTICE for conditions of use and distribution. */ /* See the file NOTICE for conditions of use and distribution. */
@ -137,8 +137,6 @@ index 4dd0b2b..72e0033 100644
int int
local_scan(int fd, uschar **return_text) local_scan(int fd, uschar **return_text)
{ {
fd = fd; /* Keep picky compilers happy */
return_text = return_text;
-return LOCAL_SCAN_ACCEPT; -return LOCAL_SCAN_ACCEPT;
+#ifdef DLOPEN_LOCAL_SCAN +#ifdef DLOPEN_LOCAL_SCAN
+/* local_scan_path is defined AND not the empty string */ +/* local_scan_path is defined AND not the empty string */
@ -170,8 +168,8 @@ index 4dd0b2b..72e0033 100644
+else +else
+#endif +#endif
+ return LOCAL_SCAN_ACCEPT; + return LOCAL_SCAN_ACCEPT;
} + }
+
+#ifdef DLOPEN_LOCAL_SCAN +#ifdef DLOPEN_LOCAL_SCAN
+ +
+static int load_local_scan_library(void) +static int load_local_scan_library(void)
@ -250,16 +248,16 @@ index 4dd0b2b..72e0033 100644
+ } + }
+ +
+return TRUE; +return TRUE;
+} }
+
+#endif /* DLOPEN_LOCAL_SCAN */ +#endif /* DLOPEN_LOCAL_SCAN */
+ +
/* End of local_scan.c */ /* End of local_scan.c */
diff --git a/src/readconf.c b/src/readconf.c diff --git a/src/readconf.c b/src/readconf.c
index 0d0769c..f1bb0ef 100644 index 987f9fa..b05896f 100644
--- a/src/readconf.c --- a/src/readconf.c
+++ b/src/readconf.c +++ b/src/readconf.c
@@ -205,6 +205,9 @@ static optionlist optionlist_config[] = { @@ -215,6 +215,9 @@ static optionlist optionlist_config[] = {
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} }, { "local_from_prefix", opt_stringptr, {&local_from_prefix} },
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} }, { "local_from_suffix", opt_stringptr, {&local_from_suffix} },
{ "local_interfaces", opt_stringptr, {&local_interfaces} }, { "local_interfaces", opt_stringptr, {&local_interfaces} },

4
exim-4.94-no-gsasl.patch → exim-4.95-no-gsasl.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/EDITME b/src/EDITME diff --git a/src/EDITME b/src/EDITME
index 757a1a3..cb759c8 100644 index 31366ae..6037976 100644
--- a/src/EDITME --- a/src/EDITME
+++ b/src/EDITME +++ b/src/EDITME
@@ -768,8 +768,8 @@ AUTH_CRAM_MD5=yes @@ -774,8 +774,8 @@ AUTH_CRAM_MD5=yes
AUTH_CYRUS_SASL=yes AUTH_CYRUS_SASL=yes
AUTH_DOVECOT=yes AUTH_DOVECOT=yes
# AUTH_EXTERNAL=yes # AUTH_EXTERNAL=yes

4
exim-4.94.2-opendmarc-1.4-build-fix.patch → exim-4.95-opendmarc-1.4-build-fix.patch
View File

@ -1,6 +1,8 @@
diff --git a/src/dmarc.c b/src/dmarc.c
index 8a9cdce..9e70cc1 100644
--- a/src/dmarc.c --- a/src/dmarc.c
+++ b/src/dmarc.c +++ b/src/dmarc.c
@@ -446,7 +446,7 @@ if (!dmarc_abort && !sender_host_authenticated) @@ -461,7 +461,7 @@ if (!dmarc_abort && !sender_host_authenticated)
vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL :
DMARC_POLICY_DKIM_OUTCOME_NONE; DMARC_POLICY_DKIM_OUTCOME_NONE;
libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain, libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain,

6
exim-4.85-pic.patch → exim-4.95-pic.patch
View File

@ -1,5 +1,5 @@
diff --git a/src/lookups/Makefile b/src/lookups/Makefile diff --git a/src/lookups/Makefile b/src/lookups/Makefile
index 6ba0cb1..21a7ad7 100644 index 1fd1394..a24ea2a 100644
--- a/src/lookups/Makefile --- a/src/lookups/Makefile
+++ b/src/lookups/Makefile +++ b/src/lookups/Makefile
@@ -22,7 +22,7 @@ lookups.a: $(OBJ) @@ -22,7 +22,7 @@ lookups.a: $(OBJ)
@ -9,5 +9,5 @@ index 6ba0cb1..21a7ad7 100644
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@ - $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@ + $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h lf_check_file.o: $(HDRS) lf_check_file.c lf_functions.h
lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h lf_quote.o: $(HDRS) lf_quote.c lf_functions.h

18
exim.spec
View File

@ -11,8 +11,8 @@
Summary: The exim mail transfer agent Summary: The exim mail transfer agent
Name: exim Name: exim
Version: 4.94.2 Version: 4.95
Release: 2%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Url: https://www.exim.org/ Url: https://www.exim.org/
@ -42,13 +42,13 @@ Source24: exim.service
Source25: exim-gen-cert Source25: exim-gen-cert
Source26: clamd.exim.service Source26: clamd.exim.service
Patch0: exim-4.94.2-config.patch Patch0: exim-4.95-config.patch
Patch1: exim-4.94-libdir.patch Patch1: exim-4.94-libdir.patch
Patch2: exim-4.94-dlopen-localscan.patch Patch2: exim-4.95-dlopen-localscan.patch
Patch3: exim-4.85-pic.patch Patch3: exim-4.95-pic.patch
Patch4: exim-4.94-no-gsasl.patch Patch4: exim-4.95-no-gsasl.patch
# https://bugs.exim.org/show_bug.cgi?id=2728 # https://bugs.exim.org/show_bug.cgi?id=2728
Patch5: exim-4.94.2-opendmarc-1.4-build-fix.patch Patch5: exim-4.95-opendmarc-1.4-build-fix.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: /etc/aliases Requires: /etc/aliases
@ -480,6 +480,10 @@ fi
%{_sysconfdir}/cron.daily/greylist-tidy.sh %{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog %changelog
* Thu Jun 23 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
- New version
Resolves: rhbz#2100385
* Mon Aug 2 2021 Marcel Härry <mh+fedora@scrit.ch> - 4.94.2-2 * Mon Aug 2 2021 Marcel Härry <mh+fedora@scrit.ch> - 4.94.2-2
- Fix dmarc checks - fixes bz#1989089 - Fix dmarc checks - fixes bz#1989089

4
sources
View File

@ -1,2 +1,2 @@
SHA512 (exim-4.94.2.tar.xz) = 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc SHA512 (exim-4.95.tar.xz) = 93d09c20d99f27da5edbe3e6dc7d25aa4548faa2b67ca26f2cc0b4aeaf58398dd468e0263714fcf0df97531f05d16fcd3f1f0e9d0656ead7858a66b248a44a65
SHA512 (exim-4.94.2.tar.xz.asc) = 982c93530b8c8e13e6d8ea6032c8db27ede6692bc584ea5507b39bba6b4c3082285fb453affdc06e8d962c894c04ee9fc039523c5f329f785f918f831d9803a3 SHA512 (exim-4.95.tar.xz.asc) = 3f975f0d1da4642a89a0c0f07b0c64a021c31fa47a252734710fff1bab46011d174a28986f4743b83a42418537afe41c1e7ded1c324bcf6025e5e46d5f94f1f9