From 69bc0d0ccf382d45bf07a6b68b4b661e1bbdac45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= Date: Fri, 10 Mar 2017 13:29:26 +0100 Subject: [PATCH] New version Resolves: rhbz#1428141 Switched to xz archive Dropped DKIM-fix patch (already upstream) --- exim-4.88-DKIM-fix.patch | 630 ------------------ ....88-config.patch => exim-4.89-config.patch | 41 +- ....patch => exim-4.89-dlopen-localscan.patch | 14 +- ...nment.patch => exim-4.89-environment.patch | 2 +- exim.spec | 24 +- 5 files changed, 42 insertions(+), 669 deletions(-) delete mode 100644 exim-4.88-DKIM-fix.patch rename exim-4.88-config.patch => exim-4.89-config.patch (89%) rename exim-4.88-dlopen-localscan.patch => exim-4.89-dlopen-localscan.patch (97%) rename exim-4.87-environment.patch => exim-4.89-environment.patch (83%) diff --git a/exim-4.88-DKIM-fix.patch b/exim-4.88-DKIM-fix.patch deleted file mode 100644 index 088e318..0000000 --- a/exim-4.88-DKIM-fix.patch +++ /dev/null @@ -1,630 +0,0 @@ -diff --git a/src/auths/get_data.c b/src/auths/get_data.c -index f839a01..11bc581 100644 ---- a/src/auths/get_data.c -+++ b/src/auths/get_data.c -@@ -31,7 +31,7 @@ auth_get_data(uschar **aptr, uschar *challenge, int challen) - int c; - int p = 0; - smtp_printf("334 %s\r\n", b64encode(challenge, challen)); --while ((c = receive_getc()) != '\n' && c != EOF) -+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF) - { - if (p >= big_buffer_size - 1) return BAD64; - big_buffer[p++] = c; -diff --git a/src/auths/get_no64_data.c b/src/auths/get_no64_data.c -index d3ffe08..71e7139 100644 ---- a/src/auths/get_no64_data.c -+++ b/src/auths/get_no64_data.c -@@ -32,7 +32,7 @@ auth_get_no64_data(uschar **aptr, uschar *challenge) - int c; - int p = 0; - smtp_printf("334 %s\r\n", challenge); --while ((c = receive_getc()) != '\n' && c != EOF) -+while ((c = receive_getc(GETC_BUFFER_UNLIMITED)) != '\n' && c != EOF) - { - if (p >= big_buffer_size - 1) return BAD64; - big_buffer[p++] = c; -diff --git a/src/dkim.c b/src/dkim.c -index 70c9547..445d246 100644 ---- a/src/dkim.c -+++ b/src/dkim.c -@@ -18,6 +18,7 @@ int dkim_verify_oldpool; - pdkim_ctx *dkim_verify_ctx = NULL; - pdkim_signature *dkim_signatures = NULL; - pdkim_signature *dkim_cur_sig = NULL; -+static BOOL dkim_collect_error = FALSE; - - static int - dkim_exim_query_dns_txt(char *name, char *answer) -@@ -87,6 +88,7 @@ if (dkim_verify_ctx) - - dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing); - dkim_collect_input = !!dkim_verify_ctx; -+dkim_collect_error = FALSE; - - /* Start feed up with any cached data */ - receive_get_cache(); -@@ -106,6 +108,7 @@ if ( dkim_collect_input - { - log_write(0, LOG_MAIN, - "DKIM: validation error: %.100s", pdkim_errstr(rc)); -+ dkim_collect_error = TRUE; - dkim_collect_input = FALSE; - } - store_pool = dkim_verify_oldpool; -@@ -127,11 +130,7 @@ store_pool = POOL_PERM; - - dkim_signatures = NULL; - --/* If we have arrived here with dkim_collect_input == FALSE, it --means there was a processing error somewhere along the way. --Log the incident and disable futher verification. */ -- --if (!dkim_collect_input) -+if (dkim_collect_error) - { - log_write(0, LOG_MAIN, - "DKIM: Error while running this message through validation," -diff --git a/src/functions.h b/src/functions.h -index 04d9410..9c60090 100644 ---- a/src/functions.h -+++ b/src/functions.h -@@ -55,7 +55,7 @@ extern int tls_export_cert(uschar *, size_t, void *); - extern int tls_feof(void); - extern int tls_ferror(void); - extern void tls_free_cert(void **); --extern int tls_getc(void); -+extern int tls_getc(unsigned); - extern void tls_get_cache(void); - extern int tls_import_cert(const uschar *, void **); - extern int tls_read(BOOL, uschar *, size_t); -@@ -101,7 +101,7 @@ extern int auth_xtextdecode(uschar *, uschar **); - - extern uschar *b64encode(uschar *, int); - extern int b64decode(uschar *, uschar **); --extern int bdat_getc(void); -+extern int bdat_getc(unsigned); - extern void bits_clear(unsigned int *, size_t, int *); - extern void bits_set(unsigned int *, size_t, int *); - -@@ -395,7 +395,7 @@ extern uschar *smtp_get_connection_info(void); - extern BOOL smtp_get_interface(uschar *, int, address_item *, - uschar **, uschar *); - extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *); --extern int smtp_getc(void); -+extern int smtp_getc(unsigned); - extern void smtp_get_cache(void); - extern int smtp_handle_acl_fail(int, int, uschar *, uschar *); - extern void smtp_log_no_mail(void); -@@ -421,7 +421,7 @@ extern int spool_open_datafile(uschar *); - extern int spool_open_temp(uschar *); - extern int spool_read_header(uschar *, BOOL, BOOL); - extern int spool_write_header(uschar *, int, uschar **); --extern int stdin_getc(void); -+extern int stdin_getc(unsigned); - extern int stdin_feof(void); - extern int stdin_ferror(void); - extern int stdin_ungetc(int); -diff --git a/src/globals.c b/src/globals.c -index c722059..649335f 100644 ---- a/src/globals.c -+++ b/src/globals.c -@@ -187,9 +187,9 @@ incoming TCP/IP. The defaults use stdin. We never need these for any - stand-alone tests. */ - - #ifndef STAND_ALONE --int (*lwr_receive_getc)(void) = stdin_getc; -+int (*lwr_receive_getc)(unsigned) = stdin_getc; - int (*lwr_receive_ungetc)(int) = stdin_ungetc; --int (*receive_getc)(void) = stdin_getc; -+int (*receive_getc)(unsigned) = stdin_getc; - void (*receive_get_cache)(void)= NULL; - int (*receive_ungetc)(int) = stdin_ungetc; - int (*receive_feof)(void) = stdin_feof; -diff --git a/src/globals.h b/src/globals.h -index e3dd507..344f8ef 100644 ---- a/src/globals.h -+++ b/src/globals.h -@@ -141,9 +141,9 @@ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ - /* Input-reading functions for messages, so we can use special ones for - incoming TCP/IP. */ - --extern int (*lwr_receive_getc)(void); -+extern int (*lwr_receive_getc)(unsigned); - extern int (*lwr_receive_ungetc)(int); --extern int (*receive_getc)(void); -+extern int (*receive_getc)(unsigned); - extern void (*receive_get_cache)(void); - extern int (*receive_ungetc)(int); - extern int (*receive_feof)(void); -diff --git a/src/macros.h b/src/macros.h -index 1b7cf4a..c8957d8 100644 ---- a/src/macros.h -+++ b/src/macros.h -@@ -968,5 +968,9 @@ enum { FILTER_UNSET, FILTER_FORWARD, FILTER_EXIM, FILTER_SIEVE }; - #define PEER_OFFERED_SIZE BIT(6) - #define PEER_OFFERED_CHUNKING BIT(7) - -+/* Argument for *_getc */ -+ -+#define GETC_BUFFER_UNLIMITED UINT_MAX -+ - - /* End of macros.h */ -diff --git a/src/pdkim/pdkim.c b/src/pdkim/pdkim.c -index 7bfcdf4..bcc3f09 100644 ---- a/src/pdkim/pdkim.c -+++ b/src/pdkim/pdkim.c -@@ -962,6 +962,11 @@ if (ctx->flags & PDKIM_MODE_SIGN) - /* DKIM-Signature: headers are added to the verification list */ - else - { -+ DEBUG(D_acl) -+ { -+ debug_printf("PDKIM >> raw hdr: "); -+ pdkim_quoteprint(CUS ctx->cur_header, Ustrlen(ctx->cur_header)); -+ } - if (strncasecmp(CCS ctx->cur_header, - DKIM_SIGNATURE_HEADERNAME, - Ustrlen(DKIM_SIGNATURE_HEADERNAME)) == 0) -diff --git a/src/receive.c b/src/receive.c -index e535876..9155cf1 100644 ---- a/src/receive.c -+++ b/src/receive.c -@@ -37,7 +37,7 @@ the file. (When SMTP input is occurring, different functions are used by - changing the pointer variables.) */ - - int --stdin_getc(void) -+stdin_getc(unsigned lim) - { - return getc(stdin); - } -@@ -626,7 +626,7 @@ if (!dot_ends) - { - register int last_ch = '\n'; - -- for (; (ch = (receive_getc)()) != EOF; last_ch = ch) -+ for (; (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF; last_ch = ch) - { - if (ch == 0) body_zerocount++; - if (last_ch == '\r' && ch != '\n') -@@ -668,7 +668,7 @@ if (!dot_ends) - - ch_state = 1; - --while ((ch = (receive_getc)()) != EOF) -+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - switch (ch_state) -@@ -786,7 +786,7 @@ int ch_state = 0; - int ch; - int linelength = 0; - --while ((ch = (receive_getc)()) != EOF) -+while ((ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF) - { - if (ch == 0) body_zerocount++; - switch (ch_state) -@@ -913,7 +913,7 @@ read_message_bdat_smtp(FILE *fout) - int ch; - int linelength = 0; - --for (;;) switch (ch = bdat_getc()) -+for (;;) switch (ch = bdat_getc(GETC_BUFFER_UNLIMITED)) - { - case EOF: return END_EOF; - case EOD: return END_DOT; -@@ -1682,7 +1682,7 @@ next->text. */ - - for (;;) - { -- int ch = (receive_getc)(); -+ int ch = (receive_getc)(GETC_BUFFER_UNLIMITED); - - /* If we hit EOF on a SMTP connection, it's an error, since incoming - SMTP must have a correct "." terminator. */ -@@ -1761,10 +1761,10 @@ for (;;) - - if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) - { -- ch = (receive_getc)(); -+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (ch == '\r') - { -- ch = (receive_getc)(); -+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (ch != '\n') - { - receive_ungetc(ch); -@@ -1795,7 +1795,7 @@ for (;;) - - if (ch == '\r') - { -- ch = (receive_getc)(); -+ ch = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (ch == '\n') - { - if (first_line_ended_crlf == TRUE_UNSET) first_line_ended_crlf = TRUE; -@@ -1890,7 +1890,7 @@ for (;;) - - if (ch != EOF) - { -- int nextch = (receive_getc)(); -+ int nextch = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (nextch == ' ' || nextch == '\t') - { - next->text[ptr++] = nextch; -@@ -4024,7 +4024,7 @@ if (smtp_input && sender_host_address != NULL && !sender_host_notsocket && - - if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0) - { -- int c = (receive_getc)(); -+ int c = (receive_getc)(GETC_BUFFER_UNLIMITED); - if (c != EOF) (receive_ungetc)(c); else - { - smtp_notquit_exit(US"connection-lost", NULL, NULL); -diff --git a/src/smtp_in.c b/src/smtp_in.c -index 1484861..82900d9 100644 ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -44,11 +44,11 @@ The maximum size of a Kerberos ticket under Windows 2003 is 12000 bytes, and - we need room to handle large base64-encoded AUTHs for GSSAPI. - */ - --#define smtp_cmd_buffer_size 16384 -+#define SMTP_CMD_BUFFER_SIZE 16384 - - /* Size of buffer for reading SMTP incoming packets */ - --#define in_buffer_size 8192 -+#define IN_BUFFER_SIZE 8192 - - /* Structure for SMTP command list */ - -@@ -301,7 +301,7 @@ static int smtp_had_error; - - /* forward declarations */ - int bdat_ungetc(int ch); --static int smtp_read_command(BOOL check_sync); -+static int smtp_read_command(BOOL check_sync, unsigned buffer_lim); - static int synprot_error(int type, int code, uschar *data, uschar *errmess); - static void smtp_quit_handler(uschar **, uschar **); - static void smtp_rset_handler(void); -@@ -315,12 +315,12 @@ it flushes the output, and refills the buffer, with a timeout. The signal - handler is set appropriately by the calling function. This function is not used - after a connection has negotated itself into an TLS/SSL state. - --Arguments: none -+Arguments: lim Maximum amount to read/buffer - Returns: the next character or EOF - */ - - int --smtp_getc(void) -+smtp_getc(unsigned lim) - { - if (smtp_inptr >= smtp_inend) - { -@@ -328,7 +328,10 @@ if (smtp_inptr >= smtp_inend) - if (!smtp_out) return EOF; - fflush(smtp_out); - if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); -- rc = read(fileno(smtp_in), smtp_inbuffer, in_buffer_size); -+ -+ /* Limit amount read, so non-message data is not fed to DKIM */ -+ -+ rc = read(fileno(smtp_in), smtp_inbuffer, MIN(IN_BUFFER_SIZE, lim)); - save_errno = errno; - alarm(0); - if (rc <= 0) -@@ -376,23 +379,26 @@ to handle the BDAT command/response. - Placed here due to the correlation with the above smtp_getc(), which it wraps, - and also by the need to do smtp command/response handling. - --Arguments: none -+Arguments: lim (ignored) - Returns: the next character or ERR, EOD or EOF - */ - - int --bdat_getc(void) -+bdat_getc(unsigned lim) - { - uschar * user_msg = NULL; - uschar * log_msg; - - for(;;) - { -- if (chunking_data_left-- > 0) -- return lwr_receive_getc(); -+ if (chunking_data_left > 0) -+ return lwr_receive_getc(chunking_data_left--); - - receive_getc = lwr_receive_getc; - receive_ungetc = lwr_receive_ungetc; -+#ifndef DISABLE_DKIM -+ dkim_collect_input = FALSE; -+#endif - - /* If not the last, ack the received chunk. The last response is delayed - until after the data ACL decides on it */ -@@ -405,21 +411,22 @@ for(;;) - return EOD; - } - -- chunking_state = CHUNKING_OFFERED; - smtp_printf("250 %u byte chunk received\r\n", chunking_datasize); -+ chunking_state = CHUNKING_OFFERED; -+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state); - - /* Expect another BDAT cmd from input. RFC 3030 says nothing about - QUIT, RSET or NOOP but handling them seems obvious */ - - next_cmd: -- switch(smtp_read_command(TRUE)) -+ switch(smtp_read_command(TRUE, 1)) - { - default: - (void) synprot_error(L_smtp_protocol_error, 503, NULL, - US"only BDAT permissible after non-LAST BDAT"); - - repeat_until_rset: -- switch(smtp_read_command(TRUE)) -+ switch(smtp_read_command(TRUE, 1)) - { - case QUIT_CMD: smtp_quit_handler(&user_msg, &log_msg); /*FALLTHROUGH */ - case EOF_CMD: return EOF; -@@ -458,6 +465,8 @@ next_cmd: - chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0 - ? CHUNKING_LAST : CHUNKING_ACTIVE; - chunking_data_left = chunking_datasize; -+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", -+ (int)chunking_state, chunking_data_left); - - if (chunking_datasize == 0) - if (chunking_state == CHUNKING_LAST) -@@ -471,6 +480,9 @@ next_cmd: - - receive_getc = bdat_getc; - receive_ungetc = bdat_ungetc; -+#ifndef DISABLE_DKIM -+ dkim_collect_input = TRUE; -+#endif - break; /* to top of main loop */ - } - } -@@ -480,15 +492,18 @@ next_cmd: - static void - bdat_flush_data(void) - { --while (chunking_data_left-- > 0) -- if (lwr_receive_getc() < 0) -+while (chunking_data_left > 0) -+ if (lwr_receive_getc(chunking_data_left--) < 0) - break; - - receive_getc = lwr_receive_getc; - receive_ungetc = lwr_receive_ungetc; - - if (chunking_state != CHUNKING_LAST) -+ { - chunking_state = CHUNKING_OFFERED; -+ DEBUG(D_receive) debug_printf("chunking state %d\n", (int)chunking_state); -+ } - } - - -@@ -1126,13 +1141,14 @@ signal handler that closes down the session on a timeout. Control does not - return when it runs. - - Arguments: -- check_sync if TRUE, check synchronization rules if global option is TRUE -+ check_sync if TRUE, check synchronization rules if global option is TRUE -+ buffer_lim maximum to buffer in lower layer - - Returns: a code identifying the command (enumerated above) - */ - - static int --smtp_read_command(BOOL check_sync) -+smtp_read_command(BOOL check_sync, unsigned buffer_lim) - { - int c; - int ptr = 0; -@@ -1141,9 +1157,9 @@ BOOL hadnull = FALSE; - - os_non_restarting_signal(SIGALRM, command_timeout_handler); - --while ((c = (receive_getc)()) != '\n' && c != EOF) -+while ((c = (receive_getc)(buffer_lim)) != '\n' && c != EOF) - { -- if (ptr >= smtp_cmd_buffer_size) -+ if (ptr >= SMTP_CMD_BUFFER_SIZE) - { - os_non_restarting_signal(SIGALRM, sigalrm_handler); - return OTHER_CMD; -@@ -1301,7 +1317,7 @@ tzero.tv_usec = 0; - rc = select(fd + 1, (SELECT_ARG2_TYPE *)&fds, NULL, NULL, &tzero); - - if (rc <= 0) return TRUE; /* Not ready to read */ --rc = smtp_getc(); -+rc = smtp_getc(GETC_BUFFER_UNLIMITED); - if (rc < 0) return TRUE; /* End of file or error */ - - smtp_ungetc(rc); -@@ -1337,7 +1353,7 @@ if (smtp_in == NULL || smtp_batched_input) return; - receive_swallow_smtp(); - smtp_printf("421 %s\r\n", message); - --for (;;) switch(smtp_read_command(FALSE)) -+for (;;) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED)) - { - case EOF_CMD: - return; -@@ -1781,7 +1797,7 @@ while (done <= 0) - uschar *recipient = NULL; - int start, end, sender_domain, recipient_domain; - -- switch(smtp_read_command(FALSE)) -+ switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED)) - { - /* The HELO/EHLO commands set sender_address_helo if they have - valid data; otherwise they are ignored, except that they do -@@ -2040,12 +2056,12 @@ acl_var_c = NULL; - - /* Allow for trailing 0 in the command and data buffers. */ - --if (!(smtp_cmd_buffer = US malloc(2*smtp_cmd_buffer_size + 2))) -+if (!(smtp_cmd_buffer = US malloc(2*SMTP_CMD_BUFFER_SIZE + 2))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, - "malloc() failed for SMTP command buffer"); - - smtp_cmd_buffer[0] = 0; --smtp_data_buffer = smtp_cmd_buffer + smtp_cmd_buffer_size + 1; -+smtp_data_buffer = smtp_cmd_buffer + SMTP_CMD_BUFFER_SIZE + 1; - - /* For batched input, the protocol setting can be overridden from the - command line by a trusted caller. */ -@@ -2065,7 +2081,7 @@ else - /* Set up the buffer for inputting using direct read() calls, and arrange to - call the local functions instead of the standard C ones. */ - --if (!(smtp_inbuffer = (uschar *)malloc(in_buffer_size))) -+if (!(smtp_inbuffer = (uschar *)malloc(IN_BUFFER_SIZE))) - log_write(0, LOG_MAIN|LOG_PANIC_DIE, "malloc() failed for SMTP input buffer"); - - receive_getc = smtp_getc; -@@ -3550,7 +3566,7 @@ while (done <= 0) - US &off, sizeof(off)); - #endif - -- switch(smtp_read_command(TRUE)) -+ switch(smtp_read_command(TRUE, GETC_BUFFER_UNLIMITED)) - { - /* The AUTH command is not permitted to occur inside a transaction, and may - occur successfully only once per connection. Actually, that isn't quite -@@ -4750,14 +4766,14 @@ while (done <= 0) - chunking_state = strcmpic(smtp_cmd_data+n, US"LAST") == 0 - ? CHUNKING_LAST : CHUNKING_ACTIVE; - chunking_data_left = chunking_datasize; -+ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", -+ (int)chunking_state, chunking_data_left); - - lwr_receive_getc = receive_getc; - lwr_receive_ungetc = receive_ungetc; - receive_getc = bdat_getc; - receive_ungetc = bdat_ungetc; - -- DEBUG(D_any) -- debug_printf("chunking state %d\n", (int)chunking_state); - goto DATA_BDAT; - } - -@@ -4973,7 +4989,7 @@ while (done <= 0) - It seems safest to just wipe away the content rather than leave it as a - target to jump to. */ - -- memset(smtp_inbuffer, 0, in_buffer_size); -+ memset(smtp_inbuffer, 0, IN_BUFFER_SIZE); - - /* Attempt to start up a TLS session, and if successful, discard all - knowledge that was obtained previously. At least, that's what the RFC says, -@@ -5027,7 +5043,7 @@ while (done <= 0) - set, but we must still reject all incoming commands. */ - - DEBUG(D_tls) debug_printf("TLS failed to start\n"); -- while (done <= 0) switch(smtp_read_command(FALSE)) -+ while (done <= 0) switch(smtp_read_command(FALSE, GETC_BUFFER_UNLIMITED)) - { - case EOF_CMD: - log_write(L_smtp_connection, LOG_MAIN, "%s closed by EOF", -@@ -5315,8 +5331,8 @@ while (done <= 0) - - case BADSYN_CMD: - SYNC_FAILURE: -- if (smtp_inend >= smtp_inbuffer + in_buffer_size) -- smtp_inend = smtp_inbuffer + in_buffer_size - 1; -+ if (smtp_inend >= smtp_inbuffer + IN_BUFFER_SIZE) -+ smtp_inend = smtp_inbuffer + IN_BUFFER_SIZE - 1; - c = smtp_inend - smtp_inptr; - if (c > 150) c = 150; - smtp_inptr[c] = 0; -diff --git a/src/tls-gnu.c b/src/tls-gnu.c -index 10bfaca..181dde4 100644 ---- a/src/tls-gnu.c -+++ b/src/tls-gnu.c -@@ -2158,12 +2158,12 @@ Only used by the server-side TLS. - - This feeds DKIM and should be used for all message-body reads. - --Arguments: none -+Arguments: lim Maximum amount to read/bufffer - Returns: the next character or EOF - */ - - int --tls_getc(void) -+tls_getc(unsigned lim) - { - exim_gnutls_state_st *state = &state_server; - if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) -@@ -2175,7 +2175,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) - - if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); - inbytes = gnutls_record_recv(state->session, state->xfer_buffer, -- ssl_xfer_buffer_size); -+ MIN(ssl_xfer_buffer_size, lim)); - alarm(0); - - /* Timeouts do not get this far; see command_timeout_handler(). -@@ -2213,7 +2213,7 @@ if (state->xfer_buffer_lwm >= state->xfer_buffer_hwm) - state->tlsp->peercert = NULL; - state->tlsp->peerdn = NULL; - -- return smtp_getc(); -+ return smtp_getc(lim); - } - - /* Handle genuine errors */ -diff --git a/src/tls-openssl.c b/src/tls-openssl.c -index d9426ac..0ac7d03 100644 ---- a/src/tls-openssl.c -+++ b/src/tls-openssl.c -@@ -2360,14 +2360,14 @@ return OK; - /* This gets the next byte from the TLS input buffer. If the buffer is empty, - it refills the buffer via the SSL reading function. - --Arguments: none -+Arguments: lim Maximum amount to read/buffer - Returns: the next character or EOF - - Only used by the server-side TLS. - */ - - int --tls_getc(void) -+tls_getc(unsigned lim) - { - if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) - { -@@ -2378,7 +2378,8 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) - ssl_xfer_buffer, ssl_xfer_buffer_size); - - if (smtp_receive_timeout > 0) alarm(smtp_receive_timeout); -- inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, ssl_xfer_buffer_size); -+ inbytes = SSL_read(server_ssl, CS ssl_xfer_buffer, -+ MIN(ssl_xfer_buffer_size, lim)); - error = SSL_get_error(server_ssl, inbytes); - alarm(0); - -@@ -2405,7 +2406,7 @@ if (ssl_xfer_buffer_lwm >= ssl_xfer_buffer_hwm) - tls_in.peerdn = NULL; - tls_in.sni = NULL; - -- return smtp_getc(); -+ return smtp_getc(lim); - } - - /* Handle genuine errors */ diff --git a/exim-4.88-config.patch b/exim-4.89-config.patch similarity index 89% rename from exim-4.88-config.patch rename to exim-4.89-config.patch index 40baabd..3976531 100644 --- a/exim-4.88-config.patch +++ b/exim-4.89-config.patch @@ -1,4 +1,4 @@ -diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile +diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile index 3e486a6..6c4afec 100755 --- a/scripts/Configure-Makefile +++ b/scripts/Configure-Makefile @@ -11,8 +11,8 @@ index 3e486a6..6c4afec 100755 echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft echo "" >>$mft cat $mftt >> $mft -diff --git a/src/src/EDITME b/src/src/EDITME -index 6929346..5a08197 100644 +diff --git a/src/EDITME b/src/EDITME +index df74aac..0caf02d 100644 --- a/src/EDITME +++ b/src/EDITME @@ -98,7 +98,7 @@ @@ -123,7 +123,7 @@ index 6929346..5a08197 100644 #------------------------------------------------------------------------------ -@@ -622,16 +624,14 @@ FIXED_NEVER_USERS=root +@@ -622,17 +624,14 @@ FIXED_NEVER_USERS=root # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -134,6 +134,7 @@ index 6929346..5a08197 100644 -# AUTH_GSASL_PC=libgsasl -# AUTH_HEIMDAL_GSSAPI=yes -# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi +-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 -# AUTH_PLAINTEXT=yes -# AUTH_SPA=yes -# AUTH_TLS=yes @@ -146,9 +147,9 @@ index 6929346..5a08197 100644 +AUTH_SPA=yes +AUTH_TLS=yes - - #------------------------------------------------------------------------------ -@@ -652,7 +652,7 @@ FIXED_NEVER_USERS=root + # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 + # requires multiple pkg-config files to work with Exim, so the second example +@@ -656,7 +655,7 @@ FIXED_NEVER_USERS=root # one that is set in the headers_charset option. The default setting is # defined by this setting: @@ -157,7 +158,7 @@ index 6929346..5a08197 100644 # If you are going to make use of $header_xxx expansions in your configuration # file, or if your users are going to use them in filter files, and the normal -@@ -672,7 +672,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -676,7 +675,7 @@ HEADERS_CHARSET="ISO-8859-1" # the Sieve filter support. For those OS where iconv() is known to be installed # as standard, the file in OS/Makefile-xxxx contains # @@ -166,7 +167,7 @@ index 6929346..5a08197 100644 # # If you are not using one of those systems, but have installed iconv(), you # need to uncomment that line above. In some cases, you may find that iconv() -@@ -734,11 +734,11 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -745,11 +744,11 @@ HEADERS_CHARSET="ISO-8859-1" # leave these settings commented out. # This setting is required for any TLS support (either OpenSSL or GnuTLS) @@ -181,7 +182,7 @@ index 6929346..5a08197 100644 # Uncomment the first and either the second or the third of these if you # are using GnuTLS. If you have pkg-config, then the second, else the third. -@@ -807,7 +807,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -818,7 +817,7 @@ HEADERS_CHARSET="ISO-8859-1" # Once you have done this, "make install" will build the info files and # install them in the directory you have defined. @@ -190,7 +191,7 @@ index 6929346..5a08197 100644 #------------------------------------------------------------------------------ -@@ -820,7 +820,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -831,7 +830,7 @@ HEADERS_CHARSET="ISO-8859-1" # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: @@ -199,7 +200,7 @@ index 6929346..5a08197 100644 # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -892,7 +892,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -903,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # Perl costs quite a lot of resources. Only do this if you really need it. @@ -208,7 +209,7 @@ index 6929346..5a08197 100644 #------------------------------------------------------------------------------ -@@ -902,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -913,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat # that the local_scan API is made available by the linker. You may also need # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. @@ -217,7 +218,7 @@ index 6929346..5a08197 100644 #------------------------------------------------------------------------------ -@@ -912,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -923,7 +922,7 @@ ZCAT_COMMAND=/usr/bin/zcat # support, which is intended for use in conjunction with the SMTP AUTH # facilities, is included only when requested by the following setting: @@ -226,7 +227,7 @@ index 6929346..5a08197 100644 # You probably need to add -lpam to EXTRALIBS, and in some releases of # GNU/Linux -ldl is also needed. -@@ -1006,7 +1006,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1021,7 +1020,7 @@ ZCAT_COMMAND=/usr/bin/zcat # group. Once you have installed saslauthd, you should arrange for it to be # started by root at boot time. @@ -235,7 +236,7 @@ index 6929346..5a08197 100644 #------------------------------------------------------------------------------ -@@ -1019,9 +1019,9 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1034,9 +1033,9 @@ ZCAT_COMMAND=/usr/bin/zcat # You may well also have to specify a local "include" file and an additional # library for TCP wrappers, so you probably need something like this: # @@ -248,7 +249,7 @@ index 6929346..5a08197 100644 # # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. -@@ -1073,7 +1073,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1088,7 +1087,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases # is "yes", as well as supporting line editing, a history of input lines in the # current run is maintained. @@ -257,7 +258,7 @@ index 6929346..5a08197 100644 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. # Note that this option adds to the size of the Exim binary, because the -@@ -1083,7 +1083,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1098,7 +1097,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases #------------------------------------------------------------------------------ # Uncomment this setting to include IPv6 support. @@ -266,7 +267,7 @@ index 6929346..5a08197 100644 ############################################################################### # THINGS YOU ALMOST NEVER NEED TO MENTION # -@@ -1104,13 +1104,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1119,13 +1118,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. @@ -287,7 +288,7 @@ index 6929346..5a08197 100644 #------------------------------------------------------------------------------ -@@ -1312,7 +1312,7 @@ EXIM_TMPDIR="/tmp" +@@ -1327,7 +1326,7 @@ EXIM_TMPDIR="/tmp" # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: diff --git a/exim-4.88-dlopen-localscan.patch b/exim-4.89-dlopen-localscan.patch similarity index 97% rename from exim-4.88-dlopen-localscan.patch rename to exim-4.89-dlopen-localscan.patch index d641f09..3e94d2e 100644 --- a/exim-4.88-dlopen-localscan.patch +++ b/exim-4.89-dlopen-localscan.patch @@ -1,8 +1,8 @@ diff --git a/src/EDITME b/src/EDITME -index 5a08197..3921db6 100644 +index 0caf02d..6957546 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -792,6 +792,20 @@ TLS_LIBS=-lssl -lcrypto +@@ -802,6 +802,20 @@ TLS_LIBS=-lssl -lcrypto #------------------------------------------------------------------------------ @@ -24,7 +24,7 @@ index 5a08197..3921db6 100644 # documentation. Other forms are available separately. If you want to install # the documentation in "info" format, first fetch the Texinfo documentation diff --git a/src/config.h.defaults b/src/config.h.defaults -index bafdc1b..c6ba256 100644 +index 58e1813..9b18f98 100644 --- a/src/config.h.defaults +++ b/src/config.h.defaults @@ -28,6 +28,8 @@ it's a default value. */ @@ -37,7 +37,7 @@ index bafdc1b..c6ba256 100644 #define CONFIGURE_FILE diff --git a/src/globals.c b/src/globals.c -index f83d850..c722059 100644 +index 79ac37f..b7d690f 100644 --- a/src/globals.c +++ b/src/globals.c @@ -167,6 +167,10 @@ uschar *tls_verify_hosts = NULL; @@ -52,7 +52,7 @@ index f83d850..c722059 100644 /* Per Recipient Data Response variables */ BOOL prdr_enable = FALSE; diff --git a/src/globals.h b/src/globals.h -index b3747a8..e3dd507 100644 +index 340f1ae..4b65781 100644 --- a/src/globals.h +++ b/src/globals.h @@ -126,6 +126,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */ @@ -251,10 +251,10 @@ index 3500047..8599172 100644 + /* End of local_scan.c */ diff --git a/src/readconf.c b/src/readconf.c -index b2a3c73..6f2efa0 100644 +index 790f073..6e88bcd 100644 --- a/src/readconf.c +++ b/src/readconf.c -@@ -314,6 +314,9 @@ static optionlist optionlist_config[] = { +@@ -318,6 +318,9 @@ static optionlist optionlist_config[] = { { "local_from_prefix", opt_stringptr, &local_from_prefix }, { "local_from_suffix", opt_stringptr, &local_from_suffix }, { "local_interfaces", opt_stringptr, &local_interfaces }, diff --git a/exim-4.87-environment.patch b/exim-4.89-environment.patch similarity index 83% rename from exim-4.87-environment.patch rename to exim-4.89-environment.patch index e0ea3ed..c579b72 100644 --- a/exim-4.87-environment.patch +++ b/exim-4.89-environment.patch @@ -2,7 +2,7 @@ diff --git a/src/configure.default b/src/configure.default --- a/src/configure.default +++ b/src/configure.default @@ -357,8 +357,8 @@ timeout_frozen_after = 7d - # Note that TZ is handled separateley by the timezone runtime option + # Note that TZ is handled separately by the timezone runtime option # and TIMEZONE_DEFAULT buildtime option. -# keep_environment = ^LDAP diff --git a/exim.spec b/exim.spec index ef6a8bc..7b573b1 100644 --- a/exim.spec +++ b/exim.spec @@ -14,8 +14,8 @@ Summary: The exim mail transfer agent Name: exim -Version: 4.88 -Release: 3%{?dist} +Version: 4.89 +Release: 1%{?dist} License: GPLv2+ Url: http://www.exim.org/ Group: System Environment/Daemons @@ -29,7 +29,7 @@ Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd Requires: initscripts BuildRequires: clamav-devel %endif -Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.bz2 +Source: ftp://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz Source2: exim.init Source3: exim.sysconfig Source4: exim.logrotate @@ -53,12 +53,12 @@ Source26: clamd.exim.service %endif Patch4: exim-4.88-rhl.patch -Patch6: exim-4.88-config.patch +Patch6: exim-4.89-config.patch Patch8: exim-4.82-libdir.patch Patch12: exim-4.88-cyrus.patch Patch13: exim-4.88-pamconfig.patch Patch14: exim-4.87-spamdconf.patch -Patch18: exim-4.88-dlopen-localscan.patch +Patch18: exim-4.89-dlopen-localscan.patch Patch19: exim-4.88-procmail.patch Patch20: exim-4.88-allow-filter.patch Patch21: exim-4.87-localhost-is-local.patch @@ -67,10 +67,7 @@ Patch23: exim-4.88-smarthost-config.patch Patch25: exim-4.87-dynlookup-config.patch # Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584 Patch26: exim-4.85-pic.patch -Patch27: exim-4.87-environment.patch -# Upstream ticket: https://bugs.exim.org/show_bug.cgi?id=2016 -# Upsream patch: https://git.exim.org/exim.git/patch/bd8fbe3606d80e5a3fc02fe71b521146c6938448 -Patch28: exim-4.88-DKIM-fix.patch +Patch27: exim-4.89-environment.patch Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: /etc/aliases @@ -229,7 +226,6 @@ greylisting unconditional. %patch25 -p1 -b .dynconfig %patch26 -p1 -b .fpic %patch27 -p1 -b .environment -%patch28 -p1 -b .DKIM-fix cp src/EDITME Local/Makefile sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile @@ -514,7 +510,7 @@ fi %config(noreplace) %{_sysconfdir}/pam.d/exim %{_sysconfdir}/cron.daily/exim-tidydb -%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README +%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README %doc doc util/unknownuser.sh %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/certs/exim.pem @@ -622,6 +618,12 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || : %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Wed Mar 8 2017 Jaroslav Škarvada - 4.89-1 +- New version + Resolves: rhbz#1428141 +- Switched to xz archive +- Dropped DKIM-fix patch (already upstream) + * Mon Jan 23 2017 Jaroslav Škarvada - 4.88-3 - Fixed DKIM - Defuzzified patches and fixed some whitespaces