From 504eb7c5e89fca9dabcaaca267c080a4ee401b83 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 26 Aug 2006 09:30:05 +0000 Subject: [PATCH] update to 4.63, disable sa-exim --- .cvsignore | 1 + exim-4.62-dlopen-localscan.patch | 268 +++++++++++++++++++++++++++++++ exim.spec | 27 +++- sources | 1 + 4 files changed, 292 insertions(+), 5 deletions(-) create mode 100644 exim-4.62-dlopen-localscan.patch diff --git a/.cvsignore b/.cvsignore index e97e64e..d3e3c63 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,3 @@ sa-exim-4.2.tar.gz exim-4.62.tar.bz2 +exim-4.63.tar.bz2 diff --git a/exim-4.62-dlopen-localscan.patch b/exim-4.62-dlopen-localscan.patch new file mode 100644 index 0000000..03010eb --- /dev/null +++ b/exim-4.62-dlopen-localscan.patch @@ -0,0 +1,268 @@ +The initial version of this patch was originally posted David Woodhouse, and +dman gets the credit for first integrating it with SA-Exim. + +I have since then maintained it by first making a few minor changes, and +later switching it to a major/minor number scheme to support upgrades in +the exim API that don't affect backward compatibility (you can rely on +a feature denoted by the minor number and be compatible with future versions +of exim until Philip has to break the API and increase the major number) + +Marc MERLIN + +diff -urN exim-4.14-0/src/EDITME exim-4.14-1/src/EDITME +--- exim-4.14-0/src/EDITME Tue Mar 11 04:20:18 2003 ++++ exim-4.14-1/src/EDITME Sun Mar 23 15:34:15 2003 +@@ -388,6 +388,20 @@ + + + #------------------------------------------------------------------------------ ++# On systems which support dynamic loading of shared libraries, Exim can ++# load a local_scan function specified in its config file instead of having ++# to be recompiled with the desired local_scan function. For a full ++# description of the API to this function, see the Exim specification. ++ ++DLOPEN_LOCAL_SCAN=yes ++ ++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the ++# linker flags. Without it, the loaded .so won't be able to access any ++# functions from exim. ++ ++LFLAGS=-rdynamic -ldl ++ ++#------------------------------------------------------------------------------ + # The default distribution of Exim contains only the plain text form of the + # documentation. Other forms are available separately. If you want to install + # the documentation in "info" format, first fetch the Texinfo documentation +diff -urNad 50_localscan_dlopen.tmp/src/config.h.defaults 50_localscan_dlopen/src/config.h.defaults +--- 50_localscan_dlopen.tmp/src/config.h.defaults Sun Dec 29 11:55:42 2002 ++++ 50_localscan_dlopen/src/config.h.defaults Sun Dec 29 11:56:44 2002 +@@ -17,6 +17,8 @@ + #define AUTH_PLAINTEXT + #define AUTH_SPA + ++#define DLOPEN_LOCAL_SCAN ++ + #define BIN_DIRECTORY + + #define CONFIGURE_FILE +diff -urN exim-4.14-0/src/globals.c exim-4.14-1/src/globals.c +--- exim-4.14-0/src/globals.c Tue Mar 11 04:20:20 2003 ++++ exim-4.14-1/src/globals.c Sun Mar 23 15:34:15 2003 +@@ -103,6 +103,9 @@ + uschar *tls_verify_hosts = NULL; + #endif + ++#ifdef DLOPEN_LOCAL_SCAN ++uschar *local_scan_path = NULL; ++#endif + + /* Input-reading functions for messages, so we can use special ones for + incoming TCP/IP. The defaults use stdin. We never need these for any +diff -urN exim-4.14-0/src/globals.h exim-4.14-1/src/globals.h +--- exim-4.14-0/src/globals.h Tue Mar 11 04:20:20 2003 ++++ exim-4.14-1/src/globals.h Sun Mar 23 15:34:15 2003 +@@ -67,6 +67,9 @@ + extern uschar *tls_verify_hosts; /* Mandatory client verification */ + #endif + ++#ifdef DLOPEN_LOCAL_SCAN ++extern uschar *local_scan_path; /* Path to local_scan() library */ ++#endif + + /* Input-reading functions for messages, so we can use special ones for + incoming TCP/IP. */ +diff -urN exim-4.14-0/src/local_scan.c exim-4.14-1/src/local_scan.c +--- exim-4.14-0/src/local_scan.c Tue Mar 11 04:20:20 2003 ++++ exim-4.14-1/src/local_scan.c Sun Mar 23 15:34:15 2003 +@@ -5,60 +5,131 @@ + /* Copyright (c) University of Cambridge 1995 - 2003 */ + /* See the file NOTICE for conditions of use and distribution. */ + ++#include "exim.h" + +-/****************************************************************************** +-This file contains a template local_scan() function that just returns ACCEPT. +-If you want to implement your own version, you should copy this file to, say +-Local/local_scan.c, and edit the copy. To use your version instead of the +-default, you must set +- +-LOCAL_SCAN_SOURCE=Local/local_scan.c +- +-in your Local/Makefile. This makes it easy to copy your version for use with +-subsequent Exim releases. +- +-For a full description of the API to this function, see the Exim specification. +-******************************************************************************/ +- +- +-/* This is the only Exim header that you should include. The effect of +-including any other Exim header is not defined, and may change from release to +-release. Use only the documented interface! */ +- +-#include "local_scan.h" +- +- +-/* This is a "do-nothing" version of a local_scan() function. The arguments +-are: +- +- fd The file descriptor of the open -D file, which contains the +- body of the message. The file is open for reading and +- writing, but modifying it is dangerous and not recommended. +- +- return_text A pointer to an unsigned char* variable which you can set in +- order to return a text string. It is initialized to NULL. +- +-The return values of this function are: +- +- LOCAL_SCAN_ACCEPT +- The message is to be accepted. The return_text argument is +- saved in $local_scan_data. +- +- LOCAL_SCAN_REJECT +- The message is to be rejected. The returned text is used +- in the rejection message. +- +- LOCAL_SCAN_TEMPREJECT +- This specifies a temporary rejection. The returned text +- is used in the rejection message. +-*/ ++#ifdef DLOPEN_LOCAL_SCAN ++#include ++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; ++static int load_local_scan_library(void); ++#endif + + int + local_scan(int fd, uschar **return_text) + { + fd = fd; /* Keep picky compilers happy */ + return_text = return_text; +-return LOCAL_SCAN_ACCEPT; ++#ifdef DLOPEN_LOCAL_SCAN ++/* local_scan_path is defined AND not the empty string */ ++if (local_scan_path && *local_scan_path) ++ { ++ if (!local_scan_fn) ++ { ++ if (!load_local_scan_library()) ++ { ++ char *base_msg , *error_msg , *final_msg ; ++ int final_length = -1 ; ++ ++ base_msg=US"Local configuration error - local_scan() library failure\n"; ++ error_msg = dlerror() ; ++ ++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ; ++ final_msg = (char*)malloc( final_length*sizeof(char) ) ; ++ *final_msg = '\0' ; ++ ++ strcat( final_msg , base_msg ) ; ++ strcat( final_msg , error_msg ) ; ++ ++ *return_text = final_msg ; ++ return LOCAL_SCAN_TEMPREJECT; ++ } ++ } ++ return local_scan_fn(fd, return_text); ++ } ++else ++#endif ++ return LOCAL_SCAN_ACCEPT; ++} ++ ++#ifdef DLOPEN_LOCAL_SCAN ++ ++static int load_local_scan_library(void) ++{ ++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */ ++void *local_scan_lib = NULL; ++int (*local_scan_version_fn)(void); ++int vers_maj; ++int vers_min; ++ ++local_scan_lib = dlopen(local_scan_path, RTLD_NOW); ++if (!local_scan_lib) ++ { ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - " ++ "message temporarily rejected"); ++ return FALSE; ++ } ++ ++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major"); ++if (!local_scan_version_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan_version_major() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++/* The major number is increased when the ABI is changed in a non ++ backward compatible way. */ ++vers_maj = local_scan_version_fn(); ++ ++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor"); ++if (!local_scan_version_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan_version_minor() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++/* The minor number is increased each time a new feature is added (in a ++ way that doesn't break backward compatibility) -- Marc */ ++vers_min = local_scan_version_fn(); ++ ++ ++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR) ++ { ++ dlclose(local_scan_lib); ++ local_scan_lib = NULL; ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major" ++ "version number, you need to recompile your module for this version" ++ "of exim (The module was compiled for version %d.%d and this exim provides" ++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, ++ LOCAL_SCAN_ABI_VERSION_MINOR); ++ return FALSE; ++ } ++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR) ++ { ++ dlclose(local_scan_lib); ++ local_scan_lib = NULL; ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor" ++ "version number, you need to recompile your module for this version" ++ "of exim (The module was compiled for version %d.%d and this exim provides" ++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, ++ LOCAL_SCAN_ABI_VERSION_MINOR); ++ return FALSE; ++ } ++ ++local_scan_fn = dlsym(local_scan_lib, "local_scan"); ++if (!local_scan_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++return TRUE; + } ++ ++#endif /* DLOPEN_LOCAL_SCAN */ + + /* End of local_scan.c */ +diff -urN exim-4.14-0/src/readconf.c exim-4.14-1/src/readconf.c +--- exim-4.14-0/src/readconf.c Tue Mar 11 04:20:22 2003 ++++ exim-4.14-1/src/readconf.c Sun Mar 23 15:34:15 2003 +@@ -182,6 +182,9 @@ + { "local_from_prefix", opt_stringptr, &local_from_prefix }, + { "local_from_suffix", opt_stringptr, &local_from_suffix }, + { "local_interfaces", opt_stringptr, &local_interfaces }, ++#ifdef DLOPEN_LOCAL_SCAN ++ { "local_scan_path", opt_stringptr, &local_scan_path }, ++#endif + { "local_scan_timeout", opt_time, &local_scan_timeout }, + { "local_sender_retain", opt_bool, &local_sender_retain }, + { "localhost_number", opt_stringptr, &host_number_string }, diff --git a/exim.spec b/exim.spec index 7a4ac0a..3e060be 100644 --- a/exim.spec +++ b/exim.spec @@ -1,7 +1,11 @@ +# SA-Exim has long since been obsoleted by the proper built-in ACL support +# from exiscan. Disable it for FC6 unless people scream. +# %define buildsa 1 + Summary: The exim mail transfer agent Name: exim -Version: 4.62 -Release: 6%{?dist} +Version: 4.63 +Release: 1%{?dist} License: GPL Url: http://www.exim.org/ Group: System Environment/Daemons @@ -16,7 +20,9 @@ Source2: exim.init Source3: exim.sysconfig Source4: exim.logrotate Source11: exim.pam +%if 0%{?buildsa} Source13: http://marc.merlins.org/linux/exim/files/sa-exim-4.2.tar.gz +%endif Patch4: exim-rhl.patch Patch6: exim-4.50-config.patch Patch8: exim-4.24-libdir.patch @@ -25,6 +31,7 @@ Patch13: exim-4.43-pamconfig.patch Patch14: exim-4.50-spamdconf.patch Patch15: exim-4.52-dynamic-pcre.patch Patch17: exim-4.61-ldap-deprecated.patch +Patch18: exim-4.62-dlopen-localscan.patch Requires: /etc/aliases BuildRequires: db4-devel openssl-devel openldap-devel pam-devel @@ -65,9 +72,9 @@ well as other nasty things like teergrubing. %prep %setup -q +%if 0%{?buildsa} %setup -q -T -D -a 13 -# patch sa -cat sa-exim*/localscan_dlopen_exim_4.20_or_better.patch | patch -p1 +%endif cp src/EDITME Local/Makefile cp exim_monitor/EDITME Local/eximon.conf @@ -79,6 +86,7 @@ cp exim_monitor/EDITME Local/eximon.conf %patch14 -p1 -b .spamd %patch15 -p1 -b .pcre %patch17 -p1 -b .ldap +%patch18 -p1 -b .dl %build %ifnarch s390 s390x @@ -87,11 +95,12 @@ cp exim_monitor/EDITME Local/eximon.conf make CFLAGS="$RPM_OPT_FLAGS -fPIE" LFLAGS=-pie _lib=%{_lib} %endif +%if 0%{?buildsa} # build sa-exim cd sa-exim* perl -pi -e 's|\@lynx|HOME=/ /usr/bin/lynx|g;' Makefile make SACONF=%{_sysconfdir}/exim/sa-exim.conf CFLAGS="$RPM_OPT_FLAGS -fPIC" - +%endif %install rm -rf $RPM_BUILD_ROOT @@ -156,12 +165,14 @@ install %SOURCE2 $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d/exim mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d install -m 0644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim +%if 0%{?buildsa} # install sa cd sa-exim* mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/exim install *.so $RPM_BUILD_ROOT%{_libexecdir}/exim install -m 644 *.conf $RPM_BUILD_ROOT%{_sysconfdir}/exim ln -s sa-exim*.so $RPM_BUILD_ROOT%{_libexecdir}/exim/sa-exim.so +%endif # generate ghost .pem file mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/{certs,private} @@ -281,14 +292,20 @@ fi %{_sbindir}/eximon %{_sbindir}/eximon.bin +%if 0%{?buildsa} %files sa %defattr(-,root,root) %{_libexecdir}/exim %config(noreplace) %{_sysconfdir}/exim/sa-*.conf %doc sa-exim*/*.html %doc sa-exim*/{ACKNOWLEDGEMENTS,INSTALL,LICENSE,TODO} +%endif %changelog +* Sat Aug 26 2006 David Woodhouse - 4.63-1 +- Update to 4.63 +- Disable sa-exim, but leave the dlopen patch in + * Wed Jul 19 2006 Thomas Woerner - 4.62-6 - final version - changed permissions of /etc/pki/tls/*/exim.pem to 0600 diff --git a/sources b/sources index 6c5d80f..116aac6 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ ad76f73c6b3d01caa88078e3e622745a sa-exim-4.2.tar.gz a8efc92427192fd3b7b5e71decc8cc31 exim-4.62.tar.bz2 +dde2d5f7106d51607409af94174db46c exim-4.63.tar.bz2