rpms
/
exim
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into epel7 

Resolves: CVE-2016-9963

Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
This commit is contained in:
Jaroslav Škarvada 2017-01-02 13:00:58 +01:00
parent df4a02e56c 296d145db8
commit c81d281a9d
19 changed files with 167 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
exim-4.85-pic.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/src/lookups/Makefile b/src/lookups/Makefile
index 6ba0cb1..21a7ad7 100644
--- a/src/lookups/Makefile
+++ b/src/lookups/Makefile
@@ -22,7 +22,7 @@ lookups.a: $(OBJ)
$(FE)$(CC) -c $(CFLAGS) $(INCLUDE) $*.c
.c.so:; @echo "$(CC) -shared $*.c"
- $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@
+ $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@
lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h
lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h

4
exim-4.82-allow-filter.patch → exim-4.87-allow-filter.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index 37a6a00..52e0536 100644
index e4ca5b9..d1ce2f1 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -684,7 +684,7 @@ userforward:
@@ -722,7 +722,7 @@ userforward:
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward

4
exim-4.82-cyrus.patch → exim-4.87-cyrus.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index b631a4d..153c77b 100644
index 12ed1e0..0af6fb8 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -721,6 +721,16 @@ address_reply:
@@ -763,6 +763,16 @@ address_reply:
driver = autoreply

29
exim-4.84.2-dlopen-localscan.patch → exim-4.87-dlopen-localscan.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/EDITME b/src/EDITME
index a3ffd48..19027ac 100644
index bbb7527..df3dcc8 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -783,6 +783,20 @@ TLS_LIBS=-lssl -lcrypto
@@ -784,6 +784,20 @@ TLS_LIBS=-lssl -lcrypto
#------------------------------------------------------------------------------
@ -24,10 +24,10 @@ index a3ffd48..19027ac 100644
# documentation. Other forms are available separately. If you want to install
# the documentation in "info" format, first fetch the Texinfo documentation
diff --git a/src/config.h.defaults b/src/config.h.defaults
index ba4615c..878e687 100644
index 266c268..6a4a1f8 100644
--- a/src/config.h.defaults
+++ b/src/config.h.defaults
@@ -27,6 +27,8 @@ it's a default value. */
@@ -28,6 +28,8 @@ it's a default value. */
#define AUTH_VARS 3
@ -37,11 +37,11 @@ index ba4615c..878e687 100644
#define CONFIGURE_FILE
diff --git a/src/globals.c b/src/globals.c
index 08e6e8d..c78e731 100644
index ec2685b..f8375bf 100644
--- a/src/globals.c
+++ b/src/globals.c
@@ -162,6 +162,10 @@ uschar *tls_verify_certificates= NULL;
uschar *tls_verify_hosts = NULL;
@@ -171,6 +171,10 @@ uschar *tls_verify_hosts = NULL;
uschar *tls_advertise_hosts = NULL;
#endif
+#ifdef DLOPEN_LOCAL_SCAN
@ -52,20 +52,21 @@ index 08e6e8d..c78e731 100644
/* Per Recipient Data Response variables */
BOOL prdr_enable = FALSE;
diff --git a/src/globals.h b/src/globals.h
index b3ad4b2..30d00f0 100644
index 57a5695..0a60902 100644
--- a/src/globals.h
+++ b/src/globals.h
@@ -126,6 +126,10 @@ extern uschar *tls_verify_certificates;/* Path for certificates to check */
@@ -129,6 +129,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */
extern uschar *tls_verify_certificates;/* Path for certificates to check */
extern uschar *tls_verify_hosts; /* Mandatory client verification */
#endif
+
+#ifdef DLOPEN_LOCAL_SCAN
+extern uschar *local_scan_path; /* Path to local_scan() library */
+#endif
+
#ifdef EXPERIMENTAL_DSN
extern uschar *tls_advertise_hosts; /* host for which TLS is advertised */
extern uschar *dsn_envid; /* DSN envid string */
extern int dsn_ret; /* DSN ret type*/
diff --git a/src/local_scan.c b/src/local_scan.c
index 3500047..8599172 100644
--- a/src/local_scan.c
@ -250,10 +251,10 @@ index 3500047..8599172 100644
+
/* End of local_scan.c */
diff --git a/src/readconf.c b/src/readconf.c
index 6e33034..4688383 100644
index 5ca6a84..f1ec503 100644
--- a/src/readconf.c
+++ b/src/readconf.c
@@ -295,6 +295,9 @@ static optionlist optionlist_config[] = {
@@ -317,6 +317,9 @@ static optionlist optionlist_config[] = {
{ "local_from_prefix", opt_stringptr, &local_from_prefix },
{ "local_from_suffix", opt_stringptr, &local_from_suffix },
{ "local_interfaces", opt_stringptr, &local_interfaces },

6
exim-4.82-dynlookup-config.patch → exim-4.87-dynlookup-config.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/EDITME b/src/EDITME
index 07f8211..7d7a4a4 100644
index df3dcc8..de01565 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -301,14 +301,16 @@ LOOKUP_DSEARCH=yes
@@ -306,14 +306,16 @@ LOOKUP_DSEARCH=yes
# LOOKUP_IBASE=yes
LOOKUP_LDAP=yes
LDAP_LIB_TYPE=OPENLDAP2
@ -20,6 +20,6 @@ index 07f8211..7d7a4a4 100644
LOOKUP_PASSWD=yes
-LOOKUP_PGSQL=yes
+LOOKUP_PGSQL=2
# LOOKUP_REDIS=yes
LOOKUP_SQLITE=yes
# LOOKUP_WHOSON=yes

14
exim-4.87-environment.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/src/configure.default b/src/configure.default
--- a/src/configure.default
+++ b/src/configure.default
@@ -357,8 +357,8 @@ timeout_frozen_after = 7d
# Note that TZ is handled separateley by the timezone runtime option
# and TIMEZONE_DEFAULT buildtime option.
-# keep_environment = ^LDAP
-# add_environment = PATH=/usr/bin::/bin
+keep_environment = ^LDAP
+add_environment = PATH=/usr/bin::/bin

16
exim-4.82-greylist-conf.patch → exim-4.87-greylist-conf.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index 3728043..0126880 100644
index 1f10008..40b3bb2 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -106,6 +106,7 @@ hostlist relay_from_hosts = localhost
@@ -107,6 +107,7 @@ hostlist relay_from_hosts = localhost
# manual for details. The lists above are used in the access control lists for
# checking incoming messages. The names of these ACLs are defined here:
@ -10,7 +10,7 @@ index 3728043..0126880 100644
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
acl_smtp_mime = acl_check_mime
@@ -340,6 +341,29 @@ timeout_frozen_after = 7d
@@ -368,6 +369,29 @@ timeout_frozen_after = 7d
begin acl
@ -40,7 +40,7 @@ index 3728043..0126880 100644
# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.
@@ -460,7 +484,8 @@ acl_check_rcpt:
@@ -493,7 +517,8 @@ acl_check_rcpt:
# There are no default checks on DNS black lists because the domains that
# contain these lists are changing all the time. However, here are two
# examples of how you can get Exim to perform a DNS black list lookup at this
@ -50,7 +50,7 @@ index 3728043..0126880 100644
#
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
# dnslists = black.list.example
@@ -468,6 +493,10 @@ acl_check_rcpt:
@@ -501,6 +526,10 @@ acl_check_rcpt:
# warn dnslists = black.list.example
# add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain
# log_message = found in $dnslist_domain
@ -61,7 +61,7 @@ index 3728043..0126880 100644
#############################################################################
#############################################################################
@@ -481,6 +510,10 @@ acl_check_rcpt:
@@ -514,6 +543,10 @@ acl_check_rcpt:
# require verify = csa
#############################################################################
@ -72,7 +72,7 @@ index 3728043..0126880 100644
# At this point, the address has passed all the checks that have been
# configured, so we accept it unconditionally.
@@ -506,6 +539,12 @@ acl_check_data:
@@ -544,6 +577,12 @@ acl_check_data:
# deny condition = ${if !def:h_Message-ID: {1}}
# message = RFC2822 says that all mail SHOULD have a Message-ID header.\n\
# Most messages without it are spam, so your mail has been rejected.
@ -85,7 +85,7 @@ index 3728043..0126880 100644
# Deny if the message contains a virus. Before enabling this check, you
# must install a virus scanner and set the av_scanner option above.
@@ -540,8 +579,30 @@ acl_check_data:
@@ -578,8 +617,30 @@ acl_check_data:
# message = Your message scored $spam_score SpamAssassin point. Report follows:\n\
# $spam_report

4
exim-4.82-localhost-is-local.patch → exim-4.87-localhost-is-local.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index 52e0536..3728043 100644
index d1ce2f1..1f10008 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -54,7 +54,7 @@
@@ -55,7 +55,7 @@
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:

18
exim-4.82-pamconfig.patch → exim-4.87-pamconfig.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index 153c77b..38f0f56 100644
index 0af6fb8..531435b 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -141,7 +141,7 @@ acl_smtp_data = acl_check_data
@@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data
# Allow any client to use TLS.
@ -11,7 +11,7 @@ index 153c77b..38f0f56 100644
# Specify the location of the Exim server's TLS certificate and private key.
# The private key must not be encrypted (password protected). You can put
@@ -149,8 +149,8 @@ acl_smtp_data = acl_check_data
@@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data
# need the first setting, or in separate files, in which case you need both
# options.
@ -22,7 +22,7 @@ index 153c77b..38f0f56 100644
# In order to support roaming users who wish to send email from anywhere,
# you may want to make Exim listen on other ports as well as port 25, in
@@ -161,8 +161,8 @@ acl_smtp_data = acl_check_data
@@ -162,8 +162,8 @@ acl_smtp_data = acl_check_data
# them you should also allow TLS-on-connect on the traditional but
# non-standard port 465.
@ -33,7 +33,7 @@ index 153c77b..38f0f56 100644
# Specify the domain you want to be added to all unqualified addresses
@@ -220,6 +220,24 @@ never_users = root
@@ -221,6 +221,24 @@ never_users = root
host_lookup = *
@ -56,9 +56,9 @@ index 153c77b..38f0f56 100644
+#
+auth_advertise_hosts =
# The settings below, which are actually the same as the defaults in the
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
@@ -800,7 +818,7 @@ begin authenticators
# The settings below cause Exim to make RFC 1413 (ident) callbacks
# for all incoming SMTP calls. You can limit the hosts to which these
@@ -842,7 +860,7 @@ begin authenticators
# driver = plaintext
# server_set_id = $auth2
# server_prompts = :
@ -67,7 +67,7 @@ index 153c77b..38f0f56 100644
# server_advertise_condition = ${if def:tls_in_cipher }
# LOGIN authentication has traditional prompts and responses. There is no
@@ -812,7 +830,7 @@ begin authenticators
@@ -854,7 +872,7 @@ begin authenticators
# driver = plaintext
# server_set_id = $auth1
# server_prompts = <| Username: | Password:

8
exim-4.82-procmail.patch → exim-4.87-procmail.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index 8b599d2..37a6a00 100644
index 374c51d..e4ca5b9 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -692,6 +692,12 @@ userforward:
@@ -730,6 +730,12 @@ userforward:
pipe_transport = address_pipe
reply_transport = address_reply
@ -15,9 +15,9 @@ index 8b599d2..37a6a00 100644
# This router matches local user mailboxes. If the router fails, the error
# message is "Unknown user".
@@ -729,6 +735,16 @@ begin transports
remote_smtp:
@@ -771,6 +777,16 @@ remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+# This transport invokes procmail to deliver mail
+procmail:

6
exim-rhl.patch → exim-4.87-rhl.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/configure.default b/src/configure.default
index 1274349..b631a4d 100644
index 3c8cf97..12ed1e0 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -590,7 +590,7 @@ system_aliases:
@@ -628,7 +628,7 @@ system_aliases:
driver = redirect
allow_fail
allow_defer
@ -11,7 +11,7 @@ index 1274349..b631a4d 100644
# user = exim
file_transport = address_file
pipe_transport = address_pipe
@@ -687,8 +687,8 @@ local_delivery:
@@ -729,8 +729,8 @@ local_delivery:
delivery_date_add
envelope_to_add
return_path_add

10
exim-4.82-smarthost-config.patch → exim-4.87-smarthost-config.patch
View File

@ -1,10 +1,10 @@
diff --git a/src/configure.default b/src/configure.default
index 0126880..b7c30ac 100644
index 40b3bb2..9acae90 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -796,6 +796,15 @@ begin transports
remote_smtp:
@@ -838,6 +838,15 @@ remote_smtp:
driver = smtp
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+# This transport is used for delivering messages over SMTP using the
+# "message submission" port (RFC4409).
@ -18,7 +18,7 @@ index 0126880..b7c30ac 100644
# This transport invokes procmail to deliver mail
procmail:
driver = pipe
@@ -904,6 +913,21 @@ begin rewrite
@@ -946,6 +955,21 @@ begin rewrite
# AUTHENTICATION CONFIGURATION #
######################################################################
@ -40,7 +40,7 @@ index 0126880..b7c30ac 100644
# The following authenticators support plaintext username/password
# authentication using the standard PLAIN mechanism and the traditional
# but non-standard LOGIN mechanism, with Exim acting as the server.
@@ -919,7 +943,7 @@ begin rewrite
@@ -961,7 +985,7 @@ begin rewrite
# The default RCPT ACL checks for successful authentication, and will accept
# messages from authenticated users from anywhere on the Internet.

31
exim-4.83-spamdconf.patch → exim-4.87-spamdconf.patch
View File

@ -1,8 +1,6 @@
diff --git a/src/configure.default b/src/configure.default
index 38f0f56..8b599d2 100644
--- a/src/configure.default
+++ b/src/configure.default
@@ -108,6 +108,7 @@ hostlist relay_from_hosts = localhost
--- a/src/configure.default.spamd 2016-12-25 21:06:57.453758443 +0000
+++ b/src/configure.default 2016-12-25 21:07:49.940188407 +0000
@@ -109,6 +109,7 @@ hostlist relay_from_hosts = localhost
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data
@ -10,7 +8,7 @@ index 38f0f56..8b599d2 100644
# You should not change those settings until you understand how ACLs work.
@@ -120,7 +121,7 @@ acl_smtp_data = acl_check_data
@@ -121,7 +122,7 @@ acl_smtp_data = acl_check_data
# of what to set for other virus scanners. The second modification is in the
# acl_check_data access control list (see below).
@ -19,7 +17,7 @@ index 38f0f56..8b599d2 100644
# For spam scanning, there is a similar option that defines the interface to
@@ -403,7 +404,8 @@ acl_check_rcpt:
@@ -431,7 +432,8 @@ acl_check_rcpt:
accept local_parts = postmaster
domains = +local_domains
@ -29,9 +27,9 @@ index 38f0f56..8b599d2 100644
require verify = sender
@@ -495,27 +497,63 @@ acl_check_rcpt:
acl_check_data:
@@ -535,27 +537,63 @@ acl_check_data:
got $max_received_linelength
condition = ${if > {$max_received_linelength}{998}}
+ # Put simple tests first. A good one is to check for the presence of a
+ # Message-Id: header, which RFC2822 says SHOULD be present. Some broken
@ -52,6 +50,12 @@ index 38f0f56..8b599d2 100644
- # Add headers to a message if it is judged to be spam. Before enabling this,
- # you must install SpamAssassin. You may also need to set the spamd_address
- # option above.
- #
- # warn spam = nobody
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
+ # Bypass SpamAssassin checks if the message is too large.
+ #
+ # accept condition = ${if >={$message_size}{100000} {1}}
@ -66,12 +70,7 @@ index 38f0f56..8b599d2 100644
+ #
+ # accept condition = ${if !def:spam_score_int {1}}
+ # add_header = X-Spam-Note: SpamAssassin invocation failed
#
- # warn spam = nobody
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
+ #
+
+ # Unconditionally add score and report headers
+ #

63
exim-4.83-config.patch → exim-4.88-config.patch
View File

@ -1,8 +1,8 @@
diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile
index eeb26ee..9cb6385 100755
diff --git a/src/scripts/Configure-Makefile b/src/scripts/Configure-Makefile
index 3e486a6..6c4afec 100755
--- a/scripts/Configure-Makefile
+++ b/scripts/Configure-Makefile
@@ -249,7 +249,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
@@ -269,7 +269,7 @@ if [ "${EXIM_PERL}" != "" ] ; then
mv $mft $mftt
echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft
@ -11,8 +11,8 @@ index eeb26ee..9cb6385 100755
echo "PERL_LIBS=`$PERL_COMMAND -MExtUtils::Embed -e ldopts`" >>$mft
echo "" >>$mft
cat $mftt >> $mft
diff --git a/src/EDITME b/src/EDITME
index d576fd7..a3ffd48 100644
diff --git a/src/src/EDITME b/src/src/EDITME
index 6929346..5a08197 100644
--- a/src/EDITME
+++ b/src/EDITME
@@ -98,7 +98,7 @@
@ -73,7 +73,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -296,18 +296,20 @@ LOOKUP_DBM=yes
@@ -301,19 +301,21 @@ LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_DNSDB=yes
@ -96,32 +96,25 @@ index d576fd7..a3ffd48 100644
# LOOKUP_ORACLE=yes
-# LOOKUP_PASSWD=yes
-# LOOKUP_PGSQL=yes
-# LOOKUP_SQLITE=yes
-# LOOKUP_SQLITE_PC=sqlite3
+LOOKUP_PASSWD=yes
+LOOKUP_PGSQL=yes
# LOOKUP_REDIS=yes
-# LOOKUP_SQLITE=yes
-# LOOKUP_SQLITE_PC=sqlite3
+LOOKUP_SQLITE=yes
# LOOKUP_WHOSON=yes
# These two settings are obsolete; all three lookups are compiled when
@@ -383,14 +385,14 @@ EXIM_MONITOR=eximon.bin
@@ -390,7 +392,7 @@ EXIM_MONITOR=eximon.bin
# and the MIME ACL. Please read the documentation to learn more about these
# features.
-# WITH_CONTENT_SCAN=yes
+WITH_CONTENT_SCAN=yes
# If you want to use the deprecated "demime" condition in the DATA ACL,
# uncomment the line below. Doing so will also explicitly turn on the
# WITH_CONTENT_SCAN option. If possible, use the MIME ACL instead of
# the "demime" condition.
-# WITH_OLD_DEMIME=yes
+WITH_OLD_DEMIME=yes
#------------------------------------------------------------------------------
# If you're using ClamAV and are backporting fixes to an old version, instead
# of staying current (which is the more usual approach) then you may need to
@@ -573,7 +575,7 @@ FIXED_NEVER_USERS=root
@@ -577,7 +579,7 @@ FIXED_NEVER_USERS=root
# CONFIGURE_OWNER setting, to specify a configuration file which is listed in
# the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
@ -130,7 +123,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -618,15 +620,13 @@ FIXED_NEVER_USERS=root
@@ -622,16 +624,14 @@ FIXED_NEVER_USERS=root
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
@ -143,6 +136,7 @@ index d576fd7..a3ffd48 100644
-# AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
-# AUTH_PLAINTEXT=yes
-# AUTH_SPA=yes
-# AUTH_TLS=yes
+AUTH_CRAM_MD5=yes
+AUTH_CYRUS_SASL=yes
+AUTH_DOVECOT=yes
@ -150,10 +144,11 @@ index d576fd7..a3ffd48 100644
+AUTH_GSASL_PC=libgsasl
+AUTH_PLAINTEXT=yes
+AUTH_SPA=yes
+AUTH_TLS=yes
#------------------------------------------------------------------------------
@@ -647,7 +647,7 @@ FIXED_NEVER_USERS=root
@@ -652,7 +652,7 @@ FIXED_NEVER_USERS=root
# one that is set in the headers_charset option. The default setting is
# defined by this setting:
@ -162,7 +157,7 @@ index d576fd7..a3ffd48 100644
# If you are going to make use of $header_xxx expansions in your configuration
# file, or if your users are going to use them in filter files, and the normal
@@ -667,7 +667,7 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -672,7 +672,7 @@ HEADERS_CHARSET="ISO-8859-1"
# the Sieve filter support. For those OS where iconv() is known to be installed
# as standard, the file in OS/Makefile-xxxx contains
#
@ -171,7 +166,7 @@ index d576fd7..a3ffd48 100644
#
# If you are not using one of those systems, but have installed iconv(), you
# need to uncomment that line above. In some cases, you may find that iconv()
@@ -729,11 +729,11 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -734,11 +734,11 @@ HEADERS_CHARSET="ISO-8859-1"
# leave these settings commented out.
# This setting is required for any TLS support (either OpenSSL or GnuTLS)
@ -186,7 +181,7 @@ index d576fd7..a3ffd48 100644
# Uncomment the first and either the second or the third of these if you
# are using GnuTLS. If you have pkg-config, then the second, else the third.
@@ -798,7 +798,7 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -807,7 +807,7 @@ HEADERS_CHARSET="ISO-8859-1"
# Once you have done this, "make install" will build the info files and
# install them in the directory you have defined.
@ -195,7 +190,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -811,7 +811,7 @@ HEADERS_CHARSET="ISO-8859-1"
@@ -820,7 +820,7 @@ HEADERS_CHARSET="ISO-8859-1"
# %s. This will be replaced by one of the strings "main", "panic", or "reject"
# to form the final file names. Some installations may want something like this:
@ -204,7 +199,7 @@ index d576fd7..a3ffd48 100644
# which results in files with names /var/log/exim_mainlog, etc. The directory
# in which the log files are placed must exist; Exim does not try to create
@@ -877,7 +877,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -892,7 +892,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
@ -213,7 +208,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -887,7 +887,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -902,7 +902,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# that the local_scan API is made available by the linker. You may also need
# to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
@ -222,7 +217,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -897,7 +897,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -912,7 +912,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
@ -231,7 +226,7 @@ index d576fd7..a3ffd48 100644
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
@@ -965,7 +965,7 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -1006,7 +1006,7 @@ ZCAT_COMMAND=/usr/bin/zcat
# group. Once you have installed saslauthd, you should arrange for it to be
# started by root at boot time.
@ -240,7 +235,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -978,9 +978,9 @@ ZCAT_COMMAND=/usr/bin/zcat
@@ -1019,9 +1019,9 @@ ZCAT_COMMAND=/usr/bin/zcat
# You may well also have to specify a local "include" file and an additional
# library for TCP wrappers, so you probably need something like this:
#
@ -253,7 +248,7 @@ index d576fd7..a3ffd48 100644
#
# but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
# as well.
@@ -1032,7 +1032,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
@@ -1073,7 +1073,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# is "yes", as well as supporting line editing, a history of input lines in the
# current run is maintained.
@ -262,7 +257,7 @@ index d576fd7..a3ffd48 100644
# You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
# Note that this option adds to the size of the Exim binary, because the
@@ -1042,7 +1042,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
@@ -1083,7 +1083,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
#------------------------------------------------------------------------------
# Uncomment this setting to include IPv6 support.
@ -271,7 +266,7 @@ index d576fd7..a3ffd48 100644
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION #
@@ -1063,13 +1063,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
@@ -1104,13 +1104,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
@ -292,7 +287,7 @@ index d576fd7..a3ffd48 100644
#------------------------------------------------------------------------------
@@ -1269,7 +1269,7 @@ TMPDIR="/tmp"
@@ -1312,7 +1312,7 @@ EXIM_TMPDIR="/tmp"
# (process id) to a file so that it can easily be identified. The path of the
# file can be specified here. Some installations may want something like this:

14
exim-gen-cert
View File

@ -2,6 +2,14 @@
. /etc/sysconfig/network
# Source exim configureation.
if [ -f /etc/sysconfig/exim ] ; then
. /etc/sysconfig/exim
fi
USER=${USER:=exim}
GROUP=${GROUP:=exim}
gen_cert() {
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
umask 077
@ -22,11 +30,11 @@ ${FQDN}
root@${FQDN}
EOF
if [ $? -eq 0 ]; then
success
chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
echo success
chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
else
failure
echo failure
fi
echo
fi

7
exim.init
View File

@ -23,6 +23,9 @@ else
QUEUE=1h
fi
USER=${USER:=exim}
GROUP=${GROUP:=exim}
gen_cert() {
if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
umask 077
@ -44,7 +47,7 @@ root@${FQDN}
EOF
if [ $? -eq 0 ]; then
success
chown exim.exim /etc/pki/tls/{private,certs}/exim.pem
chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
chmod 600 /etc/pki/tls/{private,certs}/exim.pem
else
failure
@ -65,7 +68,7 @@ start() {
then
if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
then
chown -R exim:exim /var/log/exim /var/spool/exim
chown -R $USER:$GROUP /var/log/exim /var/spool/exim
fi
fi

55
exim.spec
View File

@ -14,8 +14,8 @@
Summary: The exim mail transfer agent
Name: exim
Version: 4.84.2
Release: 2%{?dist}
Version: 4.88
Release: 1%{?dist}
License: GPLv2+
Url: http://www.exim.org/
Group: System Environment/Daemons
@ -52,21 +52,22 @@ Source25: exim-gen-cert
Source26: clamd.exim.service
%endif
Patch4: exim-rhl.patch
Patch6: exim-4.83-config.patch
Patch4: exim-4.87-rhl.patch
Patch6: exim-4.88-config.patch
Patch8: exim-4.82-libdir.patch
Patch12: exim-4.82-cyrus.patch
Patch13: exim-4.82-pamconfig.patch
Patch14: exim-4.83-spamdconf.patch
Patch18: exim-4.84.2-dlopen-localscan.patch
Patch19: exim-4.82-procmail.patch
Patch20: exim-4.82-allow-filter.patch
Patch21: exim-4.82-localhost-is-local.patch
Patch22: exim-4.82-greylist-conf.patch
Patch23: exim-4.82-smarthost-config.patch
Patch25: exim-4.82-dynlookup-config.patch
Patch26: exim-4.84-mime-fix.patch
Patch27: exim-4.84.2-environment.patch
Patch12: exim-4.87-cyrus.patch
Patch13: exim-4.87-pamconfig.patch
Patch14: exim-4.87-spamdconf.patch
Patch18: exim-4.87-dlopen-localscan.patch
Patch19: exim-4.87-procmail.patch
Patch20: exim-4.87-allow-filter.patch
Patch21: exim-4.87-localhost-is-local.patch
Patch22: exim-4.87-greylist-conf.patch
Patch23: exim-4.87-smarthost-config.patch
Patch25: exim-4.87-dynlookup-config.patch
# Upstream ticket: http://bugs.exim.org/show_bug.cgi?id=1584
Patch26: exim-4.85-pic.patch
Patch27: exim-4.87-environment.patch
Requires: /etc/pki/tls/certs /etc/pki/tls/private
Requires: /etc/aliases
@ -223,7 +224,7 @@ greylisting unconditional.
%patch22 -p1 -b .grey
%patch23 -p1 -b .smarthost
%patch25 -p1 -b .dynconfig
%patch26 -p1 -b .mime-fix
%patch26 -p1 -b .fpic
%patch27 -p1 -b .environment
cp src/EDITME Local/Makefile
@ -235,8 +236,10 @@ cp exim_monitor/EDITME Local/eximon.conf
%build
%ifnarch s390 s390x sparc sparcv9 sparcv9v sparc64 sparc64v
export PIE=-fpie
export PIC=-fpic
%else
export PIE=-fPIE
export PIC=-fPIC
%endif
make _lib=%{_lib} FULLECHO=
@ -615,20 +618,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
%{_sysconfdir}/cron.daily/greylist-tidy.sh
%changelog
* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-2
- Used sane environment defaults in default configuration
Resolves: rhbz#1323775
* Thu Mar 3 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-1
- New version (security bug fix release)
Resolves: rhbz#1314118
- Fixed local privilege escalation for set-uid root when using perl_startup
Resolves: CVE-2016-1531
- Defuzzified patches
* Mon Dec 7 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-5
- MIME crash fix (by mime-fix patch)
Resolves: rhbz#1289056
* Mon Jan 2 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-1
- New version
- Fixed DKIM private key leakage
Resolves: CVE-2016-9963
* Fri Oct 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-4
- Do not override LFLAGS (problem reported by Todd Lyons)

2
exim.sysconfig
View File

@ -1,2 +1,4 @@
DAEMON=yes
QUEUE=1h
USER=exim
GROUP=exim

2
sources
View File

@ -1 +1 @@
3c3ff9edbc82c8ffe7a4cfff23f6d904 exim-4.84.2.tar.bz2
SHA512 (exim-4.88.tar.bz2) = ea094bf703628c201de119fc5f09539475e52158e935f8f2a9e4138c4a1bfe885017145c3cc5e22aa9087b195091955c69385ebf1ea0baec64ed5c1b8e3b1caf