New version
Resolves: rhbz#1842590 Used Exim maintainers keyring for GPG verification Dropped CVE-2020-12783 patch (upstreamed) Used better workaround for rhbz#1791878 Resolves: rhbz#1842633
This commit is contained in:
parent
8b2730e97c
commit
5787faece7
|
@ -1,200 +0,0 @@
|
||||||
diff --git a/src/auths/auth-spa.c b/src/auths/auth-spa.c
|
|
||||||
index fc363df..44c99e9 100644
|
|
||||||
--- a/src/auths/auth-spa.c
|
|
||||||
+++ b/src/auths/auth-spa.c
|
|
||||||
@@ -374,27 +374,27 @@ void
|
|
||||||
spa_bits_to_base64 (uschar *out, const uschar *in, int inlen)
|
|
||||||
/* raw bytes in quasi-big-endian order to base 64 string (NUL-terminated) */
|
|
||||||
{
|
|
||||||
- for (; inlen >= 3; inlen -= 3)
|
|
||||||
- {
|
|
||||||
- *out++ = base64digits[in[0] >> 2];
|
|
||||||
- *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)];
|
|
||||||
- *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)];
|
|
||||||
- *out++ = base64digits[in[2] & 0x3f];
|
|
||||||
- in += 3;
|
|
||||||
- }
|
|
||||||
- if (inlen > 0)
|
|
||||||
- {
|
|
||||||
- uschar fragment;
|
|
||||||
-
|
|
||||||
- *out++ = base64digits[in[0] >> 2];
|
|
||||||
- fragment = (in[0] << 4) & 0x30;
|
|
||||||
- if (inlen > 1)
|
|
||||||
- fragment |= in[1] >> 4;
|
|
||||||
- *out++ = base64digits[fragment];
|
|
||||||
- *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c];
|
|
||||||
- *out++ = '=';
|
|
||||||
- }
|
|
||||||
- *out = '\0';
|
|
||||||
+for (; inlen >= 3; inlen -= 3)
|
|
||||||
+ {
|
|
||||||
+ *out++ = base64digits[in[0] >> 2];
|
|
||||||
+ *out++ = base64digits[((in[0] << 4) & 0x30) | (in[1] >> 4)];
|
|
||||||
+ *out++ = base64digits[((in[1] << 2) & 0x3c) | (in[2] >> 6)];
|
|
||||||
+ *out++ = base64digits[in[2] & 0x3f];
|
|
||||||
+ in += 3;
|
|
||||||
+ }
|
|
||||||
+if (inlen > 0)
|
|
||||||
+ {
|
|
||||||
+ uschar fragment;
|
|
||||||
+
|
|
||||||
+ *out++ = base64digits[in[0] >> 2];
|
|
||||||
+ fragment = (in[0] << 4) & 0x30;
|
|
||||||
+ if (inlen > 1)
|
|
||||||
+ fragment |= in[1] >> 4;
|
|
||||||
+ *out++ = base64digits[fragment];
|
|
||||||
+ *out++ = (inlen < 2) ? '=' : base64digits[(in[1] << 2) & 0x3c];
|
|
||||||
+ *out++ = '=';
|
|
||||||
+ }
|
|
||||||
+*out = '\0';
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -404,52 +404,52 @@ int
|
|
||||||
spa_base64_to_bits (char *out, int outlength, const char *in)
|
|
||||||
/* base 64 to raw bytes in quasi-big-endian order, returning count of bytes */
|
|
||||||
{
|
|
||||||
- int len = 0;
|
|
||||||
- register uschar digit1, digit2, digit3, digit4;
|
|
||||||
+int len = 0;
|
|
||||||
+uschar digit1, digit2, digit3, digit4;
|
|
||||||
|
|
||||||
- if (in[0] == '+' && in[1] == ' ')
|
|
||||||
- in += 2;
|
|
||||||
- if (*in == '\r')
|
|
||||||
- return (0);
|
|
||||||
+if (in[0] == '+' && in[1] == ' ')
|
|
||||||
+ in += 2;
|
|
||||||
+if (*in == '\r')
|
|
||||||
+ return (0);
|
|
||||||
|
|
||||||
- do
|
|
||||||
+do
|
|
||||||
+ {
|
|
||||||
+ if (len >= outlength) /* Added by PH */
|
|
||||||
+ return -1; /* Added by PH */
|
|
||||||
+ digit1 = in[0];
|
|
||||||
+ if (DECODE64 (digit1) == BAD)
|
|
||||||
+ return -1;
|
|
||||||
+ digit2 = in[1];
|
|
||||||
+ if (DECODE64 (digit2) == BAD)
|
|
||||||
+ return -1;
|
|
||||||
+ digit3 = in[2];
|
|
||||||
+ if (digit3 != '=' && DECODE64 (digit3) == BAD)
|
|
||||||
+ return -1;
|
|
||||||
+ digit4 = in[3];
|
|
||||||
+ if (digit4 != '=' && DECODE64 (digit4) == BAD)
|
|
||||||
+ return -1;
|
|
||||||
+ in += 4;
|
|
||||||
+ *out++ = (DECODE64 (digit1) << 2) | (DECODE64 (digit2) >> 4);
|
|
||||||
+ ++len;
|
|
||||||
+ if (digit3 != '=')
|
|
||||||
{
|
|
||||||
+ if (len >= outlength) /* Added by PH */
|
|
||||||
+ return -1; /* Added by PH */
|
|
||||||
+ *out++ =
|
|
||||||
+ ((DECODE64 (digit2) << 4) & 0xf0) | (DECODE64 (digit3) >> 2);
|
|
||||||
+ ++len;
|
|
||||||
+ if (digit4 != '=')
|
|
||||||
+ {
|
|
||||||
if (len >= outlength) /* Added by PH */
|
|
||||||
- return (-1); /* Added by PH */
|
|
||||||
- digit1 = in[0];
|
|
||||||
- if (DECODE64 (digit1) == BAD)
|
|
||||||
- return (-1);
|
|
||||||
- digit2 = in[1];
|
|
||||||
- if (DECODE64 (digit2) == BAD)
|
|
||||||
- return (-1);
|
|
||||||
- digit3 = in[2];
|
|
||||||
- if (digit3 != '=' && DECODE64 (digit3) == BAD)
|
|
||||||
- return (-1);
|
|
||||||
- digit4 = in[3];
|
|
||||||
- if (digit4 != '=' && DECODE64 (digit4) == BAD)
|
|
||||||
- return (-1);
|
|
||||||
- in += 4;
|
|
||||||
- *out++ = (DECODE64 (digit1) << 2) | (DECODE64 (digit2) >> 4);
|
|
||||||
+ return -1; /* Added by PH */
|
|
||||||
+ *out++ = ((DECODE64 (digit3) << 6) & 0xc0) | DECODE64 (digit4);
|
|
||||||
++len;
|
|
||||||
- if (digit3 != '=')
|
|
||||||
- {
|
|
||||||
- if (len >= outlength) /* Added by PH */
|
|
||||||
- return (-1); /* Added by PH */
|
|
||||||
- *out++ =
|
|
||||||
- ((DECODE64 (digit2) << 4) & 0xf0) | (DECODE64 (digit3) >> 2);
|
|
||||||
- ++len;
|
|
||||||
- if (digit4 != '=')
|
|
||||||
- {
|
|
||||||
- if (len >= outlength) /* Added by PH */
|
|
||||||
- return (-1); /* Added by PH */
|
|
||||||
- *out++ = ((DECODE64 (digit3) << 6) & 0xc0) | DECODE64 (digit4);
|
|
||||||
- ++len;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
- while (*in && *in != '\r' && digit4 != '=');
|
|
||||||
+ }
|
|
||||||
+while (*in && *in != '\r' && digit4 != '=');
|
|
||||||
|
|
||||||
- return (len);
|
|
||||||
+return len;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
diff --git a/src/auths/spa.c b/src/auths/spa.c
|
|
||||||
index 97e3b10..5bffdfb 100644
|
|
||||||
--- a/src/auths/spa.c
|
|
||||||
+++ b/src/auths/spa.c
|
|
||||||
@@ -139,7 +139,8 @@ SPAAuthChallenge challenge;
|
|
||||||
SPAAuthResponse response;
|
|
||||||
SPAAuthResponse *responseptr = &response;
|
|
||||||
uschar msgbuf[2048];
|
|
||||||
-uschar *clearpass;
|
|
||||||
+uschar *clearpass, *s;
|
|
||||||
+unsigned off;
|
|
||||||
|
|
||||||
/* send a 334, MS Exchange style, and grab the client's request,
|
|
||||||
unless we already have it via an initial response. */
|
|
||||||
@@ -194,9 +195,19 @@ that causes failure if the size of msgbuf is exceeded. ****/
|
|
||||||
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
- char *p = ((char*)responseptr) + IVAL(&responseptr->uUser.offset,0);
|
|
||||||
+ char * p;
|
|
||||||
int len = SVAL(&responseptr->uUser.len,0)/2;
|
|
||||||
|
|
||||||
+ if ( (off = IVAL(&responseptr->uUser.offset,0)) >= sizeof(SPAAuthResponse)
|
|
||||||
+ || len >= sizeof(responseptr->buffer)/2
|
|
||||||
+ || (p = (CS responseptr) + off) + len*2 >= CS (responseptr+1)
|
|
||||||
+ )
|
|
||||||
+ {
|
|
||||||
+ DEBUG(D_auth)
|
|
||||||
+ debug_printf("auth_spa_server(): bad uUser spec in response\n");
|
|
||||||
+ return FAIL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (len + 1 >= sizeof(msgbuf)) return FAIL;
|
|
||||||
for (i = 0; i < len; ++i)
|
|
||||||
{
|
|
||||||
@@ -245,9 +256,16 @@ spa_smb_nt_encrypt (clearpass, challenge.challengeData, ntRespData);
|
|
||||||
|
|
||||||
/* compare NT hash (LM may not be available) */
|
|
||||||
|
|
||||||
-if (memcmp(ntRespData,
|
|
||||||
- ((unsigned char*)responseptr)+IVAL(&responseptr->ntResponse.offset,0),
|
|
||||||
- 24) == 0)
|
|
||||||
+off = IVAL(&responseptr->ntResponse.offset,0);
|
|
||||||
+if (off >= sizeof(SPAAuthResponse) - 24)
|
|
||||||
+ {
|
|
||||||
+ DEBUG(D_auth)
|
|
||||||
+ debug_printf("auth_spa_server(): bad ntRespData spec in response\n");
|
|
||||||
+ return FAIL;
|
|
||||||
+ }
|
|
||||||
+s = (US responseptr) + off;
|
|
||||||
+
|
|
||||||
+if (memcmp(ntRespData, s, 24) == 0)
|
|
||||||
/* success. we have a winner. */
|
|
||||||
{
|
|
||||||
return auth_check_serv_cond(ablock);
|
|
|
@ -1,5 +1,5 @@
|
||||||
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
|
||||||
index ecd2083..cf1eeb2 100755
|
index 61368ec..e8fe9ef 100755
|
||||||
--- a/scripts/Configure-Makefile
|
--- a/scripts/Configure-Makefile
|
||||||
+++ b/scripts/Configure-Makefile
|
+++ b/scripts/Configure-Makefile
|
||||||
@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
@@ -297,7 +297,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
|
||||||
|
@ -12,10 +12,10 @@ index ecd2083..cf1eeb2 100755
|
||||||
echo "" >>$mft
|
echo "" >>$mft
|
||||||
cat $mftt >> $mft
|
cat $mftt >> $mft
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index 83325ab..968ef81 100644
|
index e568bdb..9e82528 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -100,7 +100,7 @@
|
@@ -99,7 +99,7 @@
|
||||||
# /usr/local/sbin. The installation script will try to create this directory,
|
# /usr/local/sbin. The installation script will try to create this directory,
|
||||||
# and any superior directories, if they do not exist.
|
# and any superior directories, if they do not exist.
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -116,7 +116,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
@@ -115,7 +115,7 @@ BIN_DIRECTORY=/usr/exim/bin
|
||||||
# don't exist. It will also install a default runtime configuration if this
|
# don't exist. It will also install a default runtime configuration if this
|
||||||
# file does not exist.
|
# file does not exist.
|
||||||
|
|
||||||
|
@ -33,7 +33,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
# It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
|
||||||
# In this case, Exim will use the first of them that exists when it is run.
|
# In this case, Exim will use the first of them that exists when it is run.
|
||||||
@@ -133,7 +133,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
@@ -132,7 +132,7 @@ CONFIGURE_FILE=/usr/exim/configure
|
||||||
# deliveries. (Local deliveries run as various non-root users, typically as the
|
# deliveries. (Local deliveries run as various non-root users, typically as the
|
||||||
# owner of a local mailbox.) Specifying these values as root is not supported.
|
# owner of a local mailbox.) Specifying these values as root is not supported.
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
# If you specify EXIM_USER as a name, this is looked up at build time, and the
|
||||||
# uid number is built into the binary. However, you can specify that this
|
# uid number is built into the binary. However, you can specify that this
|
||||||
@@ -154,7 +154,7 @@ EXIM_USER=
|
@@ -153,7 +153,7 @@ EXIM_USER=
|
||||||
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless
|
||||||
# you want to use a group other than the default group for the given user.
|
# you want to use a group other than the default group for the given user.
|
||||||
|
|
||||||
|
@ -51,7 +51,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# Many sites define a user called "exim", with an appropriate default group,
|
# Many sites define a user called "exim", with an appropriate default group,
|
||||||
# and use
|
# and use
|
||||||
@@ -211,10 +211,10 @@ SPOOL_DIRECTORY=/var/spool/exim
|
@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim
|
||||||
# If you are buliding with TLS, the library configuration must be done:
|
# If you are buliding with TLS, the library configuration must be done:
|
||||||
|
|
||||||
# Uncomment this if you are using OpenSSL
|
# Uncomment this if you are using OpenSSL
|
||||||
|
@ -64,7 +64,7 @@ index 83325ab..968ef81 100644
|
||||||
# TLS_LIBS=-lssl -lcrypto
|
# TLS_LIBS=-lssl -lcrypto
|
||||||
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
|
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
|
||||||
|
|
||||||
@@ -338,7 +338,7 @@ TRANSPORT_SMTP=yes
|
@@ -337,7 +337,7 @@ TRANSPORT_SMTP=yes
|
||||||
# This one is special-purpose, and commonly not required, so it is not
|
# This one is special-purpose, and commonly not required, so it is not
|
||||||
# included by default.
|
# included by default.
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -347,9 +347,9 @@ TRANSPORT_SMTP=yes
|
@@ -346,9 +346,9 @@ TRANSPORT_SMTP=yes
|
||||||
# MBX, is included only when requested. If you do not know what this is about,
|
# MBX, is included only when requested. If you do not know what this is about,
|
||||||
# leave these settings commented out.
|
# leave these settings commented out.
|
||||||
|
|
||||||
|
@ -86,7 +86,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -407,20 +407,25 @@ LOOKUP_DBM=yes
|
@@ -406,20 +406,25 @@ LOOKUP_DBM=yes
|
||||||
LOOKUP_LSEARCH=yes
|
LOOKUP_LSEARCH=yes
|
||||||
LOOKUP_DNSDB=yes
|
LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
@ -122,7 +122,7 @@ index 83325ab..968ef81 100644
|
||||||
# LOOKUP_SQLITE_PC=sqlite3
|
# LOOKUP_SQLITE_PC=sqlite3
|
||||||
# LOOKUP_WHOSON=yes
|
# LOOKUP_WHOSON=yes
|
||||||
|
|
||||||
@@ -433,7 +438,7 @@ LOOKUP_DNSDB=yes
|
@@ -432,7 +437,7 @@ LOOKUP_DNSDB=yes
|
||||||
|
|
||||||
|
|
||||||
# Some platforms may need this for LOOKUP_NIS:
|
# Some platforms may need this for LOOKUP_NIS:
|
||||||
|
@ -131,7 +131,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
|
# If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
|
||||||
@@ -499,7 +504,7 @@ SUPPORT_DANE=yes
|
@@ -498,7 +503,7 @@ SUPPORT_DANE=yes
|
||||||
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
|
# files are defaulted in the OS/Makefile-Default file, but can be overridden in
|
||||||
# local OS-specific make files.
|
# local OS-specific make files.
|
||||||
|
|
||||||
|
@ -140,7 +140,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -509,7 +514,7 @@ SUPPORT_DANE=yes
|
@@ -508,7 +513,7 @@ SUPPORT_DANE=yes
|
||||||
# and the MIME ACL. Please read the documentation to learn more about these
|
# and the MIME ACL. Please read the documentation to learn more about these
|
||||||
# features.
|
# features.
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# If you have content scanning you may wish to only include some of the scanner
|
# If you have content scanning you may wish to only include some of the scanner
|
||||||
# interfaces. Uncomment any of these lines to remove that code.
|
# interfaces. Uncomment any of these lines to remove that code.
|
||||||
@@ -592,12 +598,12 @@
|
@@ -595,12 +600,12 @@ DISABLE_MAL_MKS=yes
|
||||||
|
|
||||||
# Uncomment the following line to add DMARC checking capability, implemented
|
# Uncomment the following line to add DMARC checking capability, implemented
|
||||||
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
|
# using libopendmarc libraries. You must have SPF and DKIM support enabled also.
|
||||||
|
@ -165,7 +165,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# Uncomment the following line to add ARC (Authenticated Received Chain)
|
# Uncomment the following line to add ARC (Authenticated Received Chain)
|
||||||
# support. You must have SPF and DKIM support enabled also.
|
# support. You must have SPF and DKIM support enabled also.
|
||||||
@@ -707,7 +712,7 @@ FIXED_NEVER_USERS=root
|
@@ -713,7 +718,7 @@ FIXED_NEVER_USERS=root
|
||||||
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
|
||||||
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
|
||||||
|
|
||||||
|
@ -174,7 +174,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -752,18 +757,18 @@ FIXED_NEVER_USERS=root
|
@@ -758,18 +763,18 @@ FIXED_NEVER_USERS=root
|
||||||
# included in the Exim binary. You will then need to set up the run time
|
# included in the Exim binary. You will then need to set up the run time
|
||||||
# configuration to make use of the mechanism(s) selected.
|
# configuration to make use of the mechanism(s) selected.
|
||||||
|
|
||||||
|
@ -201,7 +201,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
# Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
|
||||||
# requires multiple pkg-config files to work with Exim, so the second example
|
# requires multiple pkg-config files to work with Exim, so the second example
|
||||||
@@ -787,7 +792,7 @@ FIXED_NEVER_USERS=root
|
@@ -796,7 +801,7 @@ FIXED_NEVER_USERS=root
|
||||||
# one that is set in the headers_charset option. The default setting is
|
# one that is set in the headers_charset option. The default setting is
|
||||||
# defined by this setting:
|
# defined by this setting:
|
||||||
|
|
||||||
|
@ -210,7 +210,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# If you are going to make use of $header_xxx expansions in your configuration
|
# If you are going to make use of $header_xxx expansions in your configuration
|
||||||
# file, or if your users are going to use them in filter files, and the normal
|
# file, or if your users are going to use them in filter files, and the normal
|
||||||
@@ -807,7 +812,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -816,7 +821,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# the Sieve filter support. For those OS where iconv() is known to be installed
|
# the Sieve filter support. For those OS where iconv() is known to be installed
|
||||||
# as standard, the file in OS/Makefile-xxxx contains
|
# as standard, the file in OS/Makefile-xxxx contains
|
||||||
#
|
#
|
||||||
|
@ -219,7 +219,7 @@ index 83325ab..968ef81 100644
|
||||||
#
|
#
|
||||||
# If you are not using one of those systems, but have installed iconv(), you
|
# If you are not using one of those systems, but have installed iconv(), you
|
||||||
# need to uncomment that line above. In some cases, you may find that iconv()
|
# need to uncomment that line above. In some cases, you may find that iconv()
|
||||||
@@ -883,7 +888,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -892,7 +897,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# Once you have done this, "make install" will build the info files and
|
# Once you have done this, "make install" will build the info files and
|
||||||
# install them in the directory you have defined.
|
# install them in the directory you have defined.
|
||||||
|
|
||||||
|
@ -228,7 +228,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -896,7 +901,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
@@ -905,7 +910,7 @@ HEADERS_CHARSET="ISO-8859-1"
|
||||||
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
|
||||||
# to form the final file names. Some installations may want something like this:
|
# to form the final file names. Some installations may want something like this:
|
||||||
|
|
||||||
|
@ -237,7 +237,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
# which results in files with names /var/log/exim_mainlog, etc. The directory
|
||||||
# in which the log files are placed must exist; Exim does not try to create
|
# in which the log files are placed must exist; Exim does not try to create
|
||||||
@@ -968,7 +973,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -977,7 +982,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
|
||||||
# Perl costs quite a lot of resources. Only do this if you really need it.
|
# Perl costs quite a lot of resources. Only do this if you really need it.
|
||||||
|
|
||||||
|
@ -246,7 +246,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -978,7 +983,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -987,7 +992,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# that the local_scan API is made available by the linker. You may also need
|
# that the local_scan API is made available by the linker. You may also need
|
||||||
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
|
||||||
|
|
||||||
|
@ -255,7 +255,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -988,7 +993,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -997,7 +1002,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# support, which is intended for use in conjunction with the SMTP AUTH
|
# support, which is intended for use in conjunction with the SMTP AUTH
|
||||||
# facilities, is included only when requested by the following setting:
|
# facilities, is included only when requested by the following setting:
|
||||||
|
|
||||||
|
@ -264,7 +264,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
# You probably need to add -lpam to EXTRALIBS, and in some releases of
|
||||||
# GNU/Linux -ldl is also needed.
|
# GNU/Linux -ldl is also needed.
|
||||||
@@ -1000,12 +1005,12 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -1009,12 +1014,12 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# If you may want to use outbound (client-side) proxying, using Socks5,
|
# If you may want to use outbound (client-side) proxying, using Socks5,
|
||||||
# uncomment the line below.
|
# uncomment the line below.
|
||||||
|
|
||||||
|
@ -279,7 +279,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -1029,9 +1050,9 @@
|
@@ -1038,9 +1043,9 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# installed on your system (www.libspf2.org). Depending on where it is installed
|
# installed on your system (www.libspf2.org). Depending on where it is installed
|
||||||
# you may have to edit the CFLAGS and LDFLAGS lines.
|
# you may have to edit the CFLAGS and LDFLAGS lines.
|
||||||
|
|
||||||
|
@ -291,7 +291,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -1096,7 +1102,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -1105,7 +1110,7 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# group. Once you have installed saslauthd, you should arrange for it to be
|
# group. Once you have installed saslauthd, you should arrange for it to be
|
||||||
# started by root at boot time.
|
# started by root at boot time.
|
||||||
|
|
||||||
|
@ -300,7 +300,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -1110,8 +1115,8 @@ ZCAT_COMMAND=/usr/bin/zcat
|
@@ -1119,8 +1124,8 @@ ZCAT_COMMAND=/usr/bin/zcat
|
||||||
# library for TCP wrappers, so you probably need something like this:
|
# library for TCP wrappers, so you probably need something like this:
|
||||||
#
|
#
|
||||||
# USE_TCP_WRAPPERS=yes
|
# USE_TCP_WRAPPERS=yes
|
||||||
|
@ -311,7 +311,7 @@ index 83325ab..968ef81 100644
|
||||||
#
|
#
|
||||||
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
|
||||||
# as well.
|
# as well.
|
||||||
@@ -1163,7 +1168,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1172,7 +1177,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
# is "yes", as well as supporting line editing, a history of input lines in the
|
# is "yes", as well as supporting line editing, a history of input lines in the
|
||||||
# current run is maintained.
|
# current run is maintained.
|
||||||
|
|
||||||
|
@ -320,7 +320,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
|
||||||
# Note that this option adds to the size of the Exim binary, because the
|
# Note that this option adds to the size of the Exim binary, because the
|
||||||
@@ -1180,7 +1185,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1189,7 +1194,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
# Uncomment this setting to include IPv6 support.
|
# Uncomment this setting to include IPv6 support.
|
||||||
|
|
||||||
|
@ -329,7 +329,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
# THINGS YOU ALMOST NEVER NEED TO MENTION #
|
||||||
@@ -1201,13 +1206,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
@@ -1210,13 +1215,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
|
||||||
# haven't got Perl, Exim will still build and run; you just won't be able to
|
# haven't got Perl, Exim will still build and run; you just won't be able to
|
||||||
# use those utilities.
|
# use those utilities.
|
||||||
|
|
||||||
|
@ -350,7 +350,7 @@ index 83325ab..968ef81 100644
|
||||||
|
|
||||||
|
|
||||||
#------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------
|
||||||
@@ -1409,7 +1414,7 @@ EXIM_TMPDIR="/tmp"
|
@@ -1418,7 +1423,7 @@ EXIM_TMPDIR="/tmp"
|
||||||
# (process id) to a file so that it can easily be identified. The path of the
|
# (process id) to a file so that it can easily be identified. The path of the
|
||||||
# file can be specified here. Some installations may want something like this:
|
# file can be specified here. Some installations may want something like this:
|
||||||
|
|
||||||
|
@ -360,7 +360,7 @@ index 83325ab..968ef81 100644
|
||||||
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
|
||||||
# using the name "exim-daemon.pid".
|
# using the name "exim-daemon.pid".
|
||||||
diff --git a/src/configure.default b/src/configure.default
|
diff --git a/src/configure.default b/src/configure.default
|
||||||
index cf38305..8ddabfe 100644
|
index 3423ee0..7d1e552 100644
|
||||||
--- a/src/configure.default
|
--- a/src/configure.default
|
||||||
+++ b/src/configure.default
|
+++ b/src/configure.default
|
||||||
@@ -67,7 +67,7 @@
|
@@ -67,7 +67,7 @@
|
||||||
|
@ -534,8 +534,8 @@ index cf38305..8ddabfe 100644
|
||||||
+ # point. The first one denies, whereas the second just warns. The third
|
+ # point. The first one denies, whereas the second just warns. The third
|
||||||
+ # triggers greylisting for any host in the blacklist.
|
+ # triggers greylisting for any host in the blacklist.
|
||||||
#
|
#
|
||||||
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
# deny dnslists = black.list.example
|
||||||
# dnslists = black.list.example
|
# message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
|
||||||
@@ -513,6 +561,10 @@ acl_check_rcpt:
|
@@ -513,6 +561,10 @@ acl_check_rcpt:
|
||||||
# warn dnslists = black.list.example
|
# warn dnslists = black.list.example
|
||||||
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
|
||||||
|
@ -695,9 +695,9 @@ index cf38305..8ddabfe 100644
|
||||||
|
|
||||||
# This router matches local user mailboxes. If the router fails, the error
|
# This router matches local user mailboxes. If the router fails, the error
|
||||||
# message is "Unknown user".
|
# message is "Unknown user".
|
||||||
@@ -812,6 +937,25 @@ remote_smtp:
|
@@ -809,6 +934,25 @@ remote_smtp:
|
||||||
hosts_try_prdr = *
|
driver = smtp
|
||||||
.endif
|
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
|
||||||
|
|
||||||
+# This transport is used for delivering messages over SMTP using the
|
+# This transport is used for delivering messages over SMTP using the
|
||||||
+# "message submission" port (RFC4409).
|
+# "message submission" port (RFC4409).
|
||||||
|
@ -721,7 +721,7 @@ index cf38305..8ddabfe 100644
|
||||||
|
|
||||||
# This transport is used for delivering messages to a smarthost, if the
|
# This transport is used for delivering messages to a smarthost, if the
|
||||||
# smarthost router is enabled. This starts from the same basis as
|
# smarthost router is enabled. This starts from the same basis as
|
||||||
@@ -867,8 +1011,8 @@ local_delivery:
|
@@ -861,8 +1005,8 @@ local_delivery:
|
||||||
delivery_date_add
|
delivery_date_add
|
||||||
envelope_to_add
|
envelope_to_add
|
||||||
return_path_add
|
return_path_add
|
||||||
|
@ -732,7 +732,7 @@ index cf38305..8ddabfe 100644
|
||||||
|
|
||||||
|
|
||||||
# This transport is used for handling pipe deliveries generated by alias or
|
# This transport is used for handling pipe deliveries generated by alias or
|
||||||
@@ -901,6 +1045,16 @@ address_reply:
|
@@ -895,6 +1039,16 @@ address_reply:
|
||||||
driver = autoreply
|
driver = autoreply
|
||||||
|
|
||||||
|
|
||||||
|
@ -749,7 +749,7 @@ index cf38305..8ddabfe 100644
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
# RETRY CONFIGURATION #
|
# RETRY CONFIGURATION #
|
||||||
@@ -941,6 +1095,21 @@ begin rewrite
|
@@ -935,6 +1089,21 @@ begin rewrite
|
||||||
# AUTHENTICATION CONFIGURATION #
|
# AUTHENTICATION CONFIGURATION #
|
||||||
######################################################################
|
######################################################################
|
||||||
|
|
||||||
|
@ -771,7 +771,7 @@ index cf38305..8ddabfe 100644
|
||||||
# The following authenticators support plaintext username/password
|
# The following authenticators support plaintext username/password
|
||||||
# authentication using the standard PLAIN mechanism and the traditional
|
# authentication using the standard PLAIN mechanism and the traditional
|
||||||
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
# but non-standard LOGIN mechanism, with Exim acting as the server.
|
||||||
@@ -956,7 +1125,7 @@ begin rewrite
|
@@ -950,7 +1119,7 @@ begin rewrite
|
||||||
# The default RCPT ACL checks for successful authentication, and will accept
|
# The default RCPT ACL checks for successful authentication, and will accept
|
||||||
# messages from authenticated users from anywhere on the Internet.
|
# messages from authenticated users from anywhere on the Internet.
|
||||||
|
|
||||||
|
@ -780,7 +780,7 @@ index cf38305..8ddabfe 100644
|
||||||
|
|
||||||
# PLAIN authentication has no server prompts. The client sends its
|
# PLAIN authentication has no server prompts. The client sends its
|
||||||
# credentials in one lump, containing an authorization ID (which we do not
|
# credentials in one lump, containing an authorization ID (which we do not
|
||||||
@@ -970,7 +1139,7 @@ begin authenticators
|
@@ -964,7 +1133,7 @@ begin authenticators
|
||||||
# driver = plaintext
|
# driver = plaintext
|
||||||
# server_set_id = $auth2
|
# server_set_id = $auth2
|
||||||
# server_prompts = :
|
# server_prompts = :
|
||||||
|
@ -789,7 +789,7 @@ index cf38305..8ddabfe 100644
|
||||||
# server_advertise_condition = ${if def:tls_in_cipher }
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
||||||
|
|
||||||
# LOGIN authentication has traditional prompts and responses. There is no
|
# LOGIN authentication has traditional prompts and responses. There is no
|
||||||
@@ -982,7 +1151,7 @@ begin authenticators
|
@@ -976,7 +1145,7 @@ begin authenticators
|
||||||
# driver = plaintext
|
# driver = plaintext
|
||||||
# server_set_id = $auth1
|
# server_set_id = $auth1
|
||||||
# server_prompts = <| Username: | Password:
|
# server_prompts = <| Username: | Password:
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/src/EDITME b/src/EDITME
|
diff --git a/src/EDITME b/src/EDITME
|
||||||
index 968ef81..477f088 100644
|
index 9e82528..0ae84b1 100644
|
||||||
--- a/src/EDITME
|
--- a/src/EDITME
|
||||||
+++ b/src/EDITME
|
+++ b/src/EDITME
|
||||||
@@ -872,6 +872,21 @@ HAVE_ICONV=yes
|
@@ -881,6 +881,21 @@ HAVE_ICONV=yes
|
||||||
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
|
# *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING ***
|
||||||
|
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ index 968ef81..477f088 100644
|
||||||
# The default distribution of Exim contains only the plain text form of the
|
# The default distribution of Exim contains only the plain text form of the
|
||||||
# documentation. Other forms are available separately. If you want to install
|
# documentation. Other forms are available separately. If you want to install
|
||||||
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
diff --git a/src/config.h.defaults b/src/config.h.defaults
|
||||||
index b94b368..89b39e8 100644
|
index e17f015..008b97b 100644
|
||||||
--- a/src/config.h.defaults
|
--- a/src/config.h.defaults
|
||||||
+++ b/src/config.h.defaults
|
+++ b/src/config.h.defaults
|
||||||
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
|
@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'.
|
||||||
|
@ -38,10 +38,10 @@ index b94b368..89b39e8 100644
|
||||||
|
|
||||||
#define CONFIGURE_FILE
|
#define CONFIGURE_FILE
|
||||||
diff --git a/src/globals.c b/src/globals.c
|
diff --git a/src/globals.c b/src/globals.c
|
||||||
index 358c380..590ac63 100644
|
index fc3086f..aa11a9b 100644
|
||||||
--- a/src/globals.c
|
--- a/src/globals.c
|
||||||
+++ b/src/globals.c
|
+++ b/src/globals.c
|
||||||
@@ -145,6 +145,10 @@ uschar *tls_verify_hosts = NULL;
|
@@ -147,6 +147,10 @@ uschar *tls_verify_hosts = NULL;
|
||||||
uschar *tls_advertise_hosts = NULL;
|
uschar *tls_advertise_hosts = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -53,10 +53,10 @@ index 358c380..590ac63 100644
|
||||||
/* Per Recipient Data Response variables */
|
/* Per Recipient Data Response variables */
|
||||||
BOOL prdr_enable = FALSE;
|
BOOL prdr_enable = FALSE;
|
||||||
diff --git a/src/globals.h b/src/globals.h
|
diff --git a/src/globals.h b/src/globals.h
|
||||||
index ca342ac..82a8661 100644
|
index c80c853..333455c 100644
|
||||||
--- a/src/globals.h
|
--- a/src/globals.h
|
||||||
+++ b/src/globals.h
|
+++ b/src/globals.h
|
||||||
@@ -138,6 +138,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
@@ -141,6 +141,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
|
||||||
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
extern uschar *tls_verify_certificates;/* Path for certificates to check */
|
||||||
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
extern uschar *tls_verify_hosts; /* Mandatory client verification */
|
||||||
#endif
|
#endif
|
||||||
|
@ -256,16 +256,16 @@ index 4dd0b2b..72e0033 100644
|
||||||
+
|
+
|
||||||
/* End of local_scan.c */
|
/* End of local_scan.c */
|
||||||
diff --git a/src/readconf.c b/src/readconf.c
|
diff --git a/src/readconf.c b/src/readconf.c
|
||||||
index 0233019..186ba39 100644
|
index 0d0769c..f1bb0ef 100644
|
||||||
--- a/src/readconf.c
|
--- a/src/readconf.c
|
||||||
+++ b/src/readconf.c
|
+++ b/src/readconf.c
|
||||||
@@ -203,6 +203,9 @@ static optionlist optionlist_config[] = {
|
@@ -205,6 +205,9 @@ static optionlist optionlist_config[] = {
|
||||||
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
|
{ "local_from_prefix", opt_stringptr, {&local_from_prefix} },
|
||||||
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
|
{ "local_from_suffix", opt_stringptr, {&local_from_suffix} },
|
||||||
{ "local_interfaces", opt_stringptr, &local_interfaces },
|
{ "local_interfaces", opt_stringptr, {&local_interfaces} },
|
||||||
+#ifdef DLOPEN_LOCAL_SCAN
|
+#ifdef DLOPEN_LOCAL_SCAN
|
||||||
+ { "local_scan_path", opt_stringptr, &local_scan_path },
|
+ { "local_scan_path", opt_stringptr, &local_scan_path },
|
||||||
+#endif
|
+#endif
|
||||||
#ifdef HAVE_LOCAL_SCAN
|
#ifdef HAVE_LOCAL_SCAN
|
||||||
{ "local_scan_timeout", opt_time, &local_scan_timeout },
|
{ "local_scan_timeout", opt_time, {&local_scan_timeout} },
|
||||||
#endif
|
#endif
|
|
@ -1,8 +1,8 @@
|
||||||
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
diff --git a/OS/Makefile-Linux b/OS/Makefile-Linux
|
||||||
index ae9f249..060658a 100644
|
index dfb2fa8..58c30f7 100644
|
||||||
--- a/OS/Makefile-Linux
|
--- a/OS/Makefile-Linux
|
||||||
+++ b/OS/Makefile-Linux
|
+++ b/OS/Makefile-Linux
|
||||||
@@ -26,8 +26,8 @@ LIBRESOLV = -lresolv
|
@@ -27,8 +27,8 @@ LIBRESOLV = -lresolv
|
||||||
|
|
||||||
X11=/usr/X11R6
|
X11=/usr/X11R6
|
||||||
XINCLUDE=-I$(X11)/include
|
XINCLUDE=-I$(X11)/include
|
37
exim.spec
37
exim.spec
|
@ -14,8 +14,8 @@
|
||||||
|
|
||||||
Summary: The exim mail transfer agent
|
Summary: The exim mail transfer agent
|
||||||
Name: exim
|
Name: exim
|
||||||
Version: 4.93
|
Version: 4.94
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Url: https://www.exim.org/
|
Url: https://www.exim.org/
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
|
@ -52,11 +52,10 @@ Source25: exim-gen-cert
|
||||||
Source26: clamd.exim.service
|
Source26: clamd.exim.service
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Patch0: exim-4.93-config.patch
|
Patch0: exim-4.94-config.patch
|
||||||
Patch1: exim-4.93-libdir.patch
|
Patch1: exim-4.94-libdir.patch
|
||||||
Patch2: exim-4.93-dlopen-localscan.patch
|
Patch2: exim-4.94-dlopen-localscan.patch
|
||||||
Patch3: exim-4.85-pic.patch
|
Patch3: exim-4.85-pic.patch
|
||||||
Patch4: exim-4.93-CVE-2020-12783.patch
|
|
||||||
|
|
||||||
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
Requires: /etc/pki/tls/certs /etc/pki/tls/private
|
||||||
Requires: /etc/aliases
|
Requires: /etc/aliases
|
||||||
|
@ -70,7 +69,7 @@ BuildRequires: libspf2-devel libopendmarc-devel
|
||||||
BuildRequires: openldap-devel openssl-devel mysql-devel postgresql-devel
|
BuildRequires: openldap-devel openssl-devel mysql-devel postgresql-devel
|
||||||
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
|
||||||
BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
|
BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
|
||||||
BuildRequires: systemd-units libgsasl-devel
|
BuildRequires: systemd-units libgsasl-devel grep
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Exim is a message transfer agent (MTA) developed at the University of
|
Exim is a message transfer agent (MTA) developed at the University of
|
||||||
|
@ -205,13 +204,18 @@ greylisting unconditional.
|
||||||
%patch1 -p1 -b .libdir
|
%patch1 -p1 -b .libdir
|
||||||
%patch2 -p1 -b .dl
|
%patch2 -p1 -b .dl
|
||||||
%patch3 -p1 -b .fpic
|
%patch3 -p1 -b .fpic
|
||||||
%patch4 -p1 -b .CVE-2020-12783
|
|
||||||
|
|
||||||
cp src/EDITME Local/Makefile
|
cp src/EDITME Local/Makefile
|
||||||
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
|
||||||
sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
|
sed -i 's@^# AUTH_LIBS=-lsasl2@AUTH_LIBS=-lsasl2@' Local/Makefile
|
||||||
cp exim_monitor/EDITME Local/eximon.conf
|
cp exim_monitor/EDITME Local/eximon.conf
|
||||||
|
|
||||||
|
# Workaround for rhbz#1791878
|
||||||
|
pushd doc
|
||||||
|
for f in $(ls -dp cve-* | grep -v '/\|\(\.txt\)$'); do
|
||||||
|
mv "$f" "$f.txt"
|
||||||
|
done
|
||||||
|
popd
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
|
||||||
|
@ -376,15 +380,6 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
%check
|
%check
|
||||||
build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV
|
build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV
|
||||||
|
|
||||||
%pretrans
|
|
||||||
# Workaround for rhbz#1791878
|
|
||||||
if [ -d %{_docdir}/exim/doc/cve-2019-13917 ]; then
|
|
||||||
rm -f %{_docdir}/exim/doc/cve-2019-13917/*
|
|
||||||
rmdir %{_docdir}/exim/doc/cve-2019-13917
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
%{_sbindir}/groupadd -g 93 exim 2>/dev/null
|
%{_sbindir}/groupadd -g 93 exim 2>/dev/null
|
||||||
%{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 -g exim exim 2>/dev/null
|
%{_sbindir}/useradd -d %{_var}/spool/exim -s /sbin/nologin -G mail -M -r -u 93 -g exim exim 2>/dev/null
|
||||||
|
@ -610,6 +605,14 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
|
||||||
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
%{_sysconfdir}/cron.daily/greylist-tidy.sh
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 1 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-1
|
||||||
|
- New version
|
||||||
|
Resolves: rhbz#1842590
|
||||||
|
- Used Exim maintainers keyring for GPG verification
|
||||||
|
- Dropped CVE-2020-12783 patch (upstreamed)
|
||||||
|
- Used better workaround for rhbz#1791878
|
||||||
|
Resolves: rhbz#1842633
|
||||||
|
|
||||||
* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-3
|
* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-3
|
||||||
- Fixed out-of-bounds read in the SPA authenticator
|
- Fixed out-of-bounds read in the SPA authenticator
|
||||||
Resolves: CVE-2020-12783
|
Resolves: CVE-2020-12783
|
||||||
|
|
2
sources
2
sources
|
@ -1,2 +1,2 @@
|
||||||
SHA512 (sa-exim-4.2.tar.gz) = 2c1839c4d897bf65d19c754bbc9dc0674276ccad4a564c639591396afc23f1456decceec94817f62ee9b688f5d6d90436d3d47c869e04a69c955b1376c9fbd7b
|
SHA512 (sa-exim-4.2.tar.gz) = 2c1839c4d897bf65d19c754bbc9dc0674276ccad4a564c639591396afc23f1456decceec94817f62ee9b688f5d6d90436d3d47c869e04a69c955b1376c9fbd7b
|
||||||
SHA512 (exim-4.93.tar.xz) = 556c7fe75042739c3e92346b96c40960680fe2838589add5fad1f69f18600dd9ed128f367627c812051b3a3a1a64e740488d5ce8c198bf87b59fa84ab8a0eb5b
|
SHA512 (exim-4.94.tar.xz) = 3bf95ade30902327403e7308089a3e423761da5b0745397dace7c7fd15ba3838d93e0ee418f1fed57606f79e57b793c7c7407e5c0d526146f0036126d5d95316
|
||||||
|
|
Loading…
Reference in New Issue