New version

Resolves: CVE-2014-2972
- De-fuzzified patches

exim-4.83-config.patch

@@ -1,8 +1,8 @@
 diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
-index 5e8a726..31a5aad 100755
+index eeb26ee..9cb6385 100755
 --- a/scripts/Configure-Makefile
 +++ b/scripts/Configure-Makefile
-@@ -233,7 +233,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
+@@ -249,7 +249,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
  
    mv $mft $mftt
    echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
@@ -12,7 +12,7 @@ index 5e8a726..31a5aad 100755
    echo "" >>$mft
    cat $mftt >> $mft
 diff --git a/src/EDITME b/src/EDITME
-index 3f818f3..6cc58a8 100644
+index d576fd7..a3ffd48 100644
 --- a/src/EDITME
 +++ b/src/EDITME
 @@ -98,7 +98,7 @@
@@ -121,7 +121,7 @@ index 3f818f3..6cc58a8 100644
  
  # If you're using ClamAV and are backporting fixes to an old version, instead
  # of staying current (which is the more usual approach) then you may need to
-@@ -560,7 +562,7 @@ FIXED_NEVER_USERS=root
+@@ -573,7 +575,7 @@ FIXED_NEVER_USERS=root
  # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
  # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
  
@@ -130,7 +130,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -605,15 +607,13 @@ FIXED_NEVER_USERS=root
+@@ -618,15 +620,13 @@ FIXED_NEVER_USERS=root
  # included in the Exim binary. You will then need to set up the run time
  # configuration to make use of the mechanism(s) selected.
  
@@ -153,7 +153,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -634,7 +634,7 @@ FIXED_NEVER_USERS=root
+@@ -647,7 +647,7 @@ FIXED_NEVER_USERS=root
  # one that is set in the headers_charset option. The default setting is
  # defined by this setting:
  
@@ -162,7 +162,7 @@ index 3f818f3..6cc58a8 100644
  
  # If you are going to make use of $header_xxx expansions in your configuration
  # file, or if your users are going to use them in filter files, and the normal
-@@ -654,7 +654,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -667,7 +667,7 @@ HEADERS_CHARSET="ISO-8859-1"
  # the Sieve filter support. For those OS where iconv() is known to be installed
  # as standard, the file in OS/Makefile-xxxx contains
  #
@@ -171,7 +171,7 @@ index 3f818f3..6cc58a8 100644
  #
  # If you are not using one of those systems, but have installed iconv(), you
  # need to uncomment that line above. In some cases, you may find that iconv()
-@@ -716,11 +716,11 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -729,11 +729,11 @@ HEADERS_CHARSET="ISO-8859-1"
  # leave these settings commented out.
  
  # This setting is required for any TLS support (either OpenSSL or GnuTLS)
@@ -186,7 +186,7 @@ index 3f818f3..6cc58a8 100644
  
  # Uncomment the first and either the second or the third of these if you
  # are using GnuTLS.  If you have pkg-config, then the second, else the third.
-@@ -785,7 +785,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
  # Once you have done this, "make install" will build the info files and
  # install them in the directory you have defined.
  
@@ -195,7 +195,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -811,7 +811,7 @@ HEADERS_CHARSET="ISO-8859-1"
  # %s. This will be replaced by one of the strings "main", "panic", or "reject"
  # to form the final file names. Some installations may want something like this:
  
@@ -204,7 +204,7 @@ index 3f818f3..6cc58a8 100644
  
  # which results in files with names /var/log/exim_mainlog, etc. The directory
  # in which the log files are placed must exist; Exim does not try to create
-@@ -864,7 +864,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -877,7 +877,7 @@ ZCAT_COMMAND=/usr/bin/zcat
  # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
  # Perl costs quite a lot of resources. Only do this if you really need it.
  
@@ -213,7 +213,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -874,7 +874,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -887,7 +887,7 @@ ZCAT_COMMAND=/usr/bin/zcat
  # that the local_scan API is made available by the linker. You may also need
  # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
  
@@ -222,7 +222,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -884,7 +884,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -897,7 +897,7 @@ ZCAT_COMMAND=/usr/bin/zcat
  # support, which is intended for use in conjunction with the SMTP AUTH
  # facilities, is included only when requested by the following setting:
  
@@ -231,7 +231,7 @@ index 3f818f3..6cc58a8 100644
  
  # You probably need to add -lpam to EXTRALIBS, and in some releases of
  # GNU/Linux -ldl is also needed.
-@@ -952,7 +952,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -965,7 +965,7 @@ ZCAT_COMMAND=/usr/bin/zcat
  # group. Once you have installed saslauthd, you should arrange for it to be
  # started by root at boot time.
  
@@ -240,7 +240,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -965,9 +965,9 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -978,9 +978,9 @@ ZCAT_COMMAND=/usr/bin/zcat
  # You may well also have to specify a local "include" file and an additional
  # library for TCP wrappers, so you probably need something like this:
  #
@@ -253,7 +253,7 @@ index 3f818f3..6cc58a8 100644
  #
  # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
  # as well.
-@@ -1019,7 +1019,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1032,7 +1032,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
  # is "yes", as well as supporting line editing, a history of input lines in the
  # current run is maintained.
  
@@ -262,7 +262,7 @@ index 3f818f3..6cc58a8 100644
  
  # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
  # Note that this option adds to the size of the Exim binary, because the
-@@ -1029,7 +1029,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1042,7 +1042,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
  #------------------------------------------------------------------------------
  # Uncomment this setting to include IPv6 support.
  
@@ -271,7 +271,7 @@ index 3f818f3..6cc58a8 100644
  
  ###############################################################################
  #              THINGS YOU ALMOST NEVER NEED TO MENTION                        #
-@@ -1050,13 +1050,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1063,13 +1063,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
  # haven't got Perl, Exim will still build and run; you just won't be able to
  # use those utilities.
  
@@ -292,7 +292,7 @@ index 3f818f3..6cc58a8 100644
  
  
  #------------------------------------------------------------------------------
-@@ -1256,7 +1256,7 @@ TMPDIR="/tmp"
+@@ -1269,7 +1269,7 @@ TMPDIR="/tmp"
  # (process id) to a file so that it can easily be identified. The path of the
  # file can be specified here. Some installations may want something like this:
  

exim-4.83-dlopen-localscan.patch

@@ -1,8 +1,8 @@
 diff --git a/src/EDITME b/src/EDITME
-index 6cc58a8..07f8211 100644
+index a3ffd48..c186529 100644
 --- a/src/EDITME
 +++ b/src/EDITME
-@@ -770,6 +770,20 @@ TLS_LIBS=-lssl -lcrypto
+@@ -783,6 +783,20 @@ TLS_LIBS=-lssl -lcrypto
  
  
  #------------------------------------------------------------------------------
@@ -24,7 +24,7 @@ index 6cc58a8..07f8211 100644
  # documentation. Other forms are available separately. If you want to install
  # the documentation in "info" format, first fetch the Texinfo documentation
 diff --git a/src/config.h.defaults b/src/config.h.defaults
-index 8c1e799..d5f9e55 100644
+index ba4615c..878e687 100644
 --- a/src/config.h.defaults
 +++ b/src/config.h.defaults
 @@ -27,6 +27,8 @@ it's a default value. */
@@ -37,10 +37,10 @@ index 8c1e799..d5f9e55 100644
  
  #define CONFIGURE_FILE
 diff --git a/src/globals.c b/src/globals.c
-index 133a7bf..4423f07 100644
+index d3f9987..c01d430 100644
 --- a/src/globals.c
 +++ b/src/globals.c
-@@ -149,6 +149,10 @@ uschar *tls_verify_certificates= NULL;
+@@ -162,6 +162,10 @@ uschar *tls_verify_certificates= NULL;
  uschar *tls_verify_hosts       = NULL;
  #endif
  
@@ -48,23 +48,24 @@ index 133a7bf..4423f07 100644
 +uschar *local_scan_path        = NULL;
 +#endif
 +
- #ifdef EXPERIMENTAL_PRDR
+ #ifndef DISABLE_PRDR
  /* Per Recipient Data Response variables */
  BOOL    prdr_enable            = FALSE;
 diff --git a/src/globals.h b/src/globals.h
 index 265f94e..fde0f47 100644
 --- a/src/globals.h
 +++ b/src/globals.h
-@@ -117,6 +117,9 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
+@@ -117,6 +117,10 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
  extern uschar *tls_verify_hosts;       /* Mandatory client verification */
  #endif
  
 +#ifdef DLOPEN_LOCAL_SCAN
 +extern uschar *local_scan_path;        /* Path to local_scan() library */
 +#endif
- 
- /* Input-reading functions for messages, so we can use special ones for
- incoming TCP/IP. */
++
+ #ifdef EXPERIMENTAL_DSN
+ extern uschar  *dsn_envid;             /* DSN envid string */
+ extern int      dsn_ret;               /* DSN ret type*/
 diff --git a/src/local_scan.c b/src/local_scan.c
 index 3500047..8599172 100644
 --- a/src/local_scan.c
@@ -249,10 +250,10 @@ index 3500047..8599172 100644
 +
  /* End of local_scan.c */
 diff --git a/src/readconf.c b/src/readconf.c
-index 77c7984..da9d582 100644
+index adb538c..d378b3a 100644
 --- a/src/readconf.c
 +++ b/src/readconf.c
-@@ -286,6 +286,9 @@ static optionlist optionlist_config[] = {
+@@ -290,6 +290,9 @@ static optionlist optionlist_config[] = {
    { "local_from_prefix",        opt_stringptr,   &local_from_prefix },
    { "local_from_suffix",        opt_stringptr,   &local_from_suffix },
    { "local_interfaces",         opt_stringptr,   &local_interfaces },

exim-4.83-spamdconf.patch

@@ -72,7 +72,7 @@ index 38f0f56..8b599d2 100644
 -  #                      X-Spam_score_int: $spam_score_int\n\
 -  #                      X-Spam_bar: $spam_bar\n\
 -  #                      X-Spam_report: $spam_report
-+  
++
 +  # Unconditionally add score and report headers
 +  #
 +  # warn    add_header = X-Spam-Score: $spam_score ($spam_bar)\n\

exim.spec

@@ -14,8 +14,8 @@
 
 Summary: The exim mail transfer agent
 Name: exim
-Version: 4.82.1
-Release: 4%{?dist}
+Version: 4.83
+Release: 1%{?dist}
 License: GPLv2+
 Url: http://www.exim.org/
 Group: System Environment/Daemons
@@ -53,12 +53,12 @@ Source26: clamd.exim.service
 %endif
 
 Patch4: exim-rhl.patch
-Patch6: exim-4.82-config.patch
+Patch6: exim-4.83-config.patch
 Patch8: exim-4.82-libdir.patch
 Patch12: exim-4.82-cyrus.patch
 Patch13: exim-4.82-pamconfig.patch
-Patch14: exim-4.82-spamdconf.patch
-Patch18: exim-4.82-dlopen-localscan.patch
+Patch14: exim-4.83-spamdconf.patch
+Patch18: exim-4.83-dlopen-localscan.patch
 Patch19: exim-4.82-procmail.patch
 Patch20: exim-4.82-allow-filter.patch
 Patch21: exim-4.82-localhost-is-local.patch
@@ -611,6 +611,11 @@ test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
 %{_sysconfdir}/cron.daily/greylist-tidy.sh
 
 %changelog
+* Wed Jul 23 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.83-1
+- New version
+  Resolves: CVE-2014-2972
+- De-fuzzified patches
+
 * Wed Jul  9 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.82.1-4
 - Do not build clamav on RHEL
 - Fixed build without clamav