From cbbdc517759e4616bd6bb59df0f00bb93e4a473c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= Date: Thu, 23 Jun 2022 18:52:14 +0200 Subject: [PATCH] New version Resolves: rhbz#2100385 --- ...4.2-config.patch => exim-4.95-config.patch | 133 +++++++++--------- ....patch => exim-4.95-dlopen-localscan.patch | 40 +++--- exim-4.95-opendmarc-1.4-build-fix.patch | 13 ++ exim-4.85-pic.patch => exim-4.95-pic.patch | 6 +- exim.spec | 15 +- sources | 2 +- 6 files changed, 114 insertions(+), 95 deletions(-) rename exim-4.94.2-config.patch => exim-4.95-config.patch (90%) rename exim-4.94-dlopen-localscan.patch => exim-4.95-dlopen-localscan.patch (91%) create mode 100644 exim-4.95-opendmarc-1.4-build-fix.patch rename exim-4.85-pic.patch => exim-4.95-pic.patch (77%) diff --git a/exim-4.94.2-config.patch b/exim-4.95-config.patch similarity index 90% rename from exim-4.94.2-config.patch rename to exim-4.95-config.patch index 4e017a4..507a535 100644 --- a/exim-4.94.2-config.patch +++ b/exim-4.95-config.patch @@ -12,7 +12,7 @@ index 61368ec..e8fe9ef 100755 echo "" >>$mft cat $mftt >> $mft diff --git a/src/EDITME b/src/EDITME -index 8da36a3..088cf75 100644 +index f4329fa..9a9c92d 100644 --- a/src/EDITME +++ b/src/EDITME @@ -99,7 +99,7 @@ @@ -52,7 +52,7 @@ index 8da36a3..088cf75 100644 # Many sites define a user called "exim", with an appropriate default group, # and use @@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim - # If you are buliding with TLS, the library configuration must be done: + # If you are building with TLS, the library configuration must be done: # Uncomment this if you are using OpenSSL -# USE_OPENSSL=yes @@ -64,7 +64,7 @@ index 8da36a3..088cf75 100644 # TLS_LIBS=-lssl -lcrypto # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto -@@ -337,7 +337,7 @@ TRANSPORT_SMTP=yes +@@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes # This one is special-purpose, and commonly not required, so it is not # included by default. @@ -73,7 +73,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -346,9 +346,9 @@ TRANSPORT_SMTP=yes +@@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes # MBX, is included only when requested. If you do not know what this is about, # leave these settings commented out. @@ -86,7 +86,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -406,20 +406,25 @@ LOOKUP_DBM=yes +@@ -409,22 +409,27 @@ LOOKUP_DBM=yes LOOKUP_LSEARCH=yes LOOKUP_DNSDB=yes @@ -97,16 +97,17 @@ index 8da36a3..088cf75 100644 # LOOKUP_IBASE=yes # LOOKUP_JSON=yes -# LOOKUP_LDAP=yes --# LOOKUP_MYSQL=yes --# LOOKUP_MYSQL_PC=mariadb --# LOOKUP_NIS=yes --# LOOKUP_NISPLUS=yes +LOOKUP_LDAP=yes +LDAP_LIB_TYPE=OPENLDAP2 +LOOKUP_INCLUDE=-I/usr/include/mysql +LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient + # LOOKUP_LMDB=yes + +-# LOOKUP_MYSQL=yes +LOOKUP_MYSQL=2 -+#LOOKUP_MYSQL_PC=mariadb + # LOOKUP_MYSQL_PC=mariadb +-# LOOKUP_NIS=yes +-# LOOKUP_NISPLUS=yes +LOOKUP_NIS=yes +LOOKUP_NISPLUS=yes + @@ -122,7 +123,7 @@ index 8da36a3..088cf75 100644 # LOOKUP_SQLITE_PC=sqlite3 # LOOKUP_WHOSON=yes -@@ -432,7 +437,7 @@ LOOKUP_DNSDB=yes +@@ -437,7 +442,7 @@ LOOKUP_DNSDB=yes # Some platforms may need this for LOOKUP_NIS: @@ -131,7 +132,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate -@@ -498,7 +503,7 @@ SUPPORT_DANE=yes +@@ -504,7 +509,7 @@ SUPPORT_DANE=yes # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. @@ -140,7 +141,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -508,7 +513,7 @@ SUPPORT_DANE=yes +@@ -514,7 +519,7 @@ SUPPORT_DANE=yes # and the MIME ACL. Please read the documentation to learn more about these # features. @@ -149,10 +150,10 @@ index 8da36a3..088cf75 100644 # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. -@@ -595,12 +600,12 @@ DISABLE_MAL_MKS=yes - - # Uncomment the following line to add DMARC checking capability, implemented +@@ -607,12 +612,12 @@ DISABLE_MAL_MKS=yes # using libopendmarc libraries. You must have SPF and DKIM support enabled also. + # Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; + # 1.3.2-3 works. I seems that the OpenDMARC project broke their API. -# SUPPORT_DMARC=yes +SUPPORT_DMARC=yes # CFLAGS += -I/usr/local/include @@ -165,7 +166,7 @@ index 8da36a3..088cf75 100644 # Uncomment the following line to add ARC (Authenticated Received Chain) # support. You must have SPF and DKIM support enabled also. -@@ -713,7 +718,7 @@ FIXED_NEVER_USERS=root +@@ -712,7 +717,7 @@ FIXED_NEVER_USERS=root # CONFIGURE_OWNER setting, to specify a configuration file which is listed in # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. @@ -174,7 +175,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -758,18 +763,18 @@ FIXED_NEVER_USERS=root +@@ -764,18 +769,18 @@ ALLOW_INSECURE_TAINTED_DATA=yes # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -201,7 +202,7 @@ index 8da36a3..088cf75 100644 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 # requires multiple pkg-config files to work with Exim, so the second example -@@ -796,7 +801,7 @@ FIXED_NEVER_USERS=root +@@ -802,7 +807,7 @@ ALLOW_INSECURE_TAINTED_DATA=yes # one that is set in the headers_charset option. The default setting is # defined by this setting: @@ -210,7 +211,7 @@ index 8da36a3..088cf75 100644 # If you are going to make use of $header_xxx expansions in your configuration # file, or if your users are going to use them in filter files, and the normal -@@ -816,7 +821,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -822,7 +827,7 @@ HEADERS_CHARSET="ISO-8859-1" # the Sieve filter support. For those OS where iconv() is known to be installed # as standard, the file in OS/Makefile-xxxx contains # @@ -219,7 +220,7 @@ index 8da36a3..088cf75 100644 # # If you are not using one of those systems, but have installed iconv(), you # need to uncomment that line above. In some cases, you may find that iconv() -@@ -892,7 +897,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -898,7 +903,7 @@ HEADERS_CHARSET="ISO-8859-1" # Once you have done this, "make install" will build the info files and # install them in the directory you have defined. @@ -228,7 +229,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -905,7 +910,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -911,7 +916,7 @@ HEADERS_CHARSET="ISO-8859-1" # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: @@ -237,7 +238,7 @@ index 8da36a3..088cf75 100644 # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -977,7 +982,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -983,7 +988,7 @@ ZCAT_COMMAND=/usr/bin/zcat # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # Perl costs quite a lot of resources. Only do this if you really need it. @@ -246,7 +247,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -987,7 +992,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -993,7 +998,7 @@ ZCAT_COMMAND=/usr/bin/zcat # that the local_scan API is made available by the linker. You may also need # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. @@ -255,7 +256,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -997,7 +1002,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1003,7 +1008,7 @@ ZCAT_COMMAND=/usr/bin/zcat # support, which is intended for use in conjunction with the SMTP AUTH # facilities, is included only when requested by the following setting: @@ -264,7 +265,7 @@ index 8da36a3..088cf75 100644 # You probably need to add -lpam to EXTRALIBS, and in some releases of # GNU/Linux -ldl is also needed. -@@ -1009,12 +1014,12 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1015,12 +1020,12 @@ ZCAT_COMMAND=/usr/bin/zcat # If you may want to use outbound (client-side) proxying, using Socks5, # uncomment the line below. @@ -279,7 +280,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -1038,9 +1043,9 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1044,9 +1049,9 @@ ZCAT_COMMAND=/usr/bin/zcat # installed on your system (www.libspf2.org). Depending on where it is installed # you may have to edit the CFLAGS and LDFLAGS lines. @@ -291,7 +292,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -1105,7 +1110,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1111,7 +1116,7 @@ ZCAT_COMMAND=/usr/bin/zcat # group. Once you have installed saslauthd, you should arrange for it to be # started by root at boot time. @@ -300,7 +301,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -1119,8 +1124,8 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1125,8 +1130,8 @@ ZCAT_COMMAND=/usr/bin/zcat # library for TCP wrappers, so you probably need something like this: # # USE_TCP_WRAPPERS=yes @@ -311,7 +312,7 @@ index 8da36a3..088cf75 100644 # # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. -@@ -1172,7 +1177,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1178,7 +1183,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases # is "yes", as well as supporting line editing, a history of input lines in the # current run is maintained. @@ -320,7 +321,7 @@ index 8da36a3..088cf75 100644 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. # Note that this option adds to the size of the Exim binary, because the -@@ -1189,7 +1194,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1195,7 +1200,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases #------------------------------------------------------------------------------ # Uncomment this setting to include IPv6 support. @@ -329,7 +330,7 @@ index 8da36a3..088cf75 100644 ############################################################################### # THINGS YOU ALMOST NEVER NEED TO MENTION # -@@ -1210,13 +1215,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1216,13 +1221,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. @@ -350,7 +351,7 @@ index 8da36a3..088cf75 100644 #------------------------------------------------------------------------------ -@@ -1418,7 +1423,7 @@ EXIM_TMPDIR="/tmp" +@@ -1424,7 +1429,7 @@ EXIM_TMPDIR="/tmp" # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: @@ -360,7 +361,7 @@ index 8da36a3..088cf75 100644 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". diff --git a/src/configure.default b/src/configure.default -index d94c148..1f6afd4 100644 +index 3761daf..a5d3718 100644 --- a/src/configure.default +++ b/src/configure.default @@ -67,7 +67,7 @@ @@ -405,12 +406,12 @@ index d94c148..1f6afd4 100644 +# sqlite_dbfile = /var/spool/exim/db/greylist.db + + - # If Exim is compiled with support for TLS, you may want to enable the - # following options so that Exim allows clients to make encrypted - # connections. In the authenticators section below, there are template + # If Exim is compiled with support for TLS, you may want to change the + # following option so that Exim disallows certain clients from makeing encrypted + # connections. The default is to allow all. @@ -157,7 +165,7 @@ acl_smtp_data = acl_check_data - # Allow any client to use TLS. + # This is equivalent to the default. -# tls_advertise_hosts = * +tls_advertise_hosts = * @@ -427,8 +428,8 @@ index d94c148..1f6afd4 100644 +tls_privatekey = /etc/pki/tls/private/exim.pem # For OpenSSL, prefer EC- over RSA-authenticated ciphers - # tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT -@@ -180,8 +188,8 @@ acl_smtp_data = acl_check_data + .ifdef _HAVE_OPENSSL +@@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}} # them you should also allow TLS-on-connect on the traditional but # non-standard port 465. @@ -439,7 +440,7 @@ index d94c148..1f6afd4 100644 # Specify the domain you want to be added to all unqualified addresses -@@ -239,6 +247,24 @@ never_users = root +@@ -248,6 +256,24 @@ never_users = root host_lookup = * @@ -464,7 +465,7 @@ index d94c148..1f6afd4 100644 # The setting below causes Exim to try to initialize the system resolver # library with DNSSEC support. It has no effect if your library lacks -@@ -369,8 +395,8 @@ timeout_frozen_after = 7d +@@ -378,8 +404,8 @@ timeout_frozen_after = 7d # Note that TZ is handled separately by the timezone runtime option # and TIMEZONE_DEFAULT buildtime option. @@ -475,7 +476,7 @@ index d94c148..1f6afd4 100644 -@@ -381,6 +407,29 @@ timeout_frozen_after = 7d +@@ -390,6 +416,29 @@ timeout_frozen_after = 7d begin acl @@ -505,7 +506,7 @@ index d94c148..1f6afd4 100644 # This access control list is used for every RCPT command in an incoming # SMTP message. The tests are run in order until the address is either # accepted or denied. -@@ -392,6 +441,7 @@ acl_check_rcpt: +@@ -401,6 +450,7 @@ acl_check_rcpt: accept hosts = : control = dkim_disable_verify @@ -513,7 +514,7 @@ index d94c148..1f6afd4 100644 ############################################################################# # The following section of the ACL is concerned with local parts that contain -@@ -445,7 +495,8 @@ acl_check_rcpt: +@@ -454,7 +504,8 @@ acl_check_rcpt: accept local_parts = postmaster domains = +local_domains @@ -523,7 +524,7 @@ index d94c148..1f6afd4 100644 require verify = sender -@@ -485,6 +536,7 @@ acl_check_rcpt: +@@ -494,6 +545,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission control = dkim_disable_verify @@ -531,15 +532,15 @@ index d94c148..1f6afd4 100644 # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient -@@ -494,6 +546,7 @@ acl_check_rcpt: +@@ -503,6 +555,7 @@ acl_check_rcpt: accept authenticated = * control = submission control = dkim_disable_verify + control = dmarc_disable_verify - # Insist that a HELO/EHLO was accepted. - -@@ -519,7 +572,8 @@ acl_check_rcpt: + # Insist that any other recipient address that we accept is either in one of + # our local domains, or is in a domain for which we explicitly allow +@@ -523,7 +576,8 @@ acl_check_rcpt: # There are no default checks on DNS black lists because the domains that # contain these lists are changing all the time. However, here are two # examples of how you can get Exim to perform a DNS black list lookup at this @@ -549,7 +550,7 @@ index d94c148..1f6afd4 100644 # # deny dnslists = black.list.example # message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text -@@ -527,6 +581,10 @@ acl_check_rcpt: +@@ -531,6 +585,10 @@ acl_check_rcpt: # warn dnslists = black.list.example # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain # log_message = found in $dnslist_domain @@ -560,7 +561,7 @@ index d94c148..1f6afd4 100644 ############################################################################# ############################################################################# -@@ -553,6 +611,10 @@ acl_check_rcpt: +@@ -557,6 +615,10 @@ acl_check_rcpt: # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} ############################################################################# @@ -571,7 +572,7 @@ index d94c148..1f6afd4 100644 # At this point, the address has passed all the checks that have been # configured, so we accept it unconditionally. -@@ -602,21 +664,32 @@ acl_check_data: +@@ -606,21 +668,32 @@ acl_check_data: message = header syntax log_message = header syntax ($acl_verify_message) @@ -612,7 +613,7 @@ index d94c148..1f6afd4 100644 ############################################################################# # No more tests if PRDR was actively used. -@@ -630,11 +703,63 @@ acl_check_data: +@@ -634,11 +707,63 @@ acl_check_data: # condition = ... ############################################################################# @@ -677,7 +678,7 @@ index d94c148..1f6afd4 100644 ###################################################################### -@@ -736,7 +861,7 @@ system_aliases: +@@ -740,7 +865,7 @@ system_aliases: driver = redirect allow_fail allow_defer @@ -686,7 +687,7 @@ index d94c148..1f6afd4 100644 # user = exim file_transport = address_file pipe_transport = address_pipe -@@ -774,7 +899,7 @@ userforward: +@@ -778,7 +903,7 @@ userforward: # local_part_suffix = +* : -* # local_part_suffix_optional file = $home/.forward @@ -695,7 +696,7 @@ index d94c148..1f6afd4 100644 no_verify no_expn check_ancestor -@@ -782,6 +907,12 @@ userforward: +@@ -786,6 +911,12 @@ userforward: pipe_transport = address_pipe reply_transport = address_reply @@ -708,9 +709,9 @@ index d94c148..1f6afd4 100644 # This router matches local user mailboxes. If the router fails, the error # message is "Unknown user". -@@ -823,6 +954,25 @@ remote_smtp: - driver = smtp - message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} +@@ -826,6 +957,25 @@ remote_smtp: + tls_resumption_hosts = * + .endif +# This transport is used for delivering messages over SMTP using the +# "message submission" port (RFC4409). @@ -734,7 +735,7 @@ index d94c148..1f6afd4 100644 # This transport is used for delivering messages to a smarthost, if the # smarthost router is enabled. This starts from the same basis as -@@ -875,8 +1025,8 @@ local_delivery: +@@ -880,8 +1030,8 @@ local_delivery: delivery_date_add envelope_to_add return_path_add @@ -745,7 +746,7 @@ index d94c148..1f6afd4 100644 # This transport is used for handling pipe deliveries generated by alias or -@@ -909,6 +1059,16 @@ address_reply: +@@ -914,6 +1064,16 @@ address_reply: driver = autoreply @@ -762,7 +763,7 @@ index d94c148..1f6afd4 100644 ###################################################################### # RETRY CONFIGURATION # -@@ -949,6 +1109,21 @@ begin rewrite +@@ -954,6 +1114,21 @@ begin rewrite # AUTHENTICATION CONFIGURATION # ###################################################################### @@ -784,7 +785,7 @@ index d94c148..1f6afd4 100644 # The following authenticators support plaintext username/password # authentication using the standard PLAIN mechanism and the traditional # but non-standard LOGIN mechanism, with Exim acting as the server. -@@ -964,7 +1139,7 @@ begin rewrite +@@ -969,7 +1144,7 @@ begin rewrite # The default RCPT ACL checks for successful authentication, and will accept # messages from authenticated users from anywhere on the Internet. @@ -793,7 +794,7 @@ index d94c148..1f6afd4 100644 # PLAIN authentication has no server prompts. The client sends its # credentials in one lump, containing an authorization ID (which we do not -@@ -978,7 +1153,7 @@ begin authenticators +@@ -983,7 +1158,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth2 # server_prompts = : @@ -802,7 +803,7 @@ index d94c148..1f6afd4 100644 # server_advertise_condition = ${if def:tls_in_cipher } # LOGIN authentication has traditional prompts and responses. There is no -@@ -990,7 +1165,7 @@ begin authenticators +@@ -995,7 +1170,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth1 # server_prompts = <| Username: | Password: diff --git a/exim-4.94-dlopen-localscan.patch b/exim-4.95-dlopen-localscan.patch similarity index 91% rename from exim-4.94-dlopen-localscan.patch rename to exim-4.95-dlopen-localscan.patch index a44a04e..0d0e360 100644 --- a/exim-4.94-dlopen-localscan.patch +++ b/exim-4.95-dlopen-localscan.patch @@ -1,8 +1,8 @@ diff --git a/src/EDITME b/src/EDITME -index 9e82528..0ae84b1 100644 +index 9a9c92d..3f87919 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -881,6 +881,21 @@ HAVE_ICONV=yes +@@ -887,6 +887,21 @@ HAVE_ICONV=yes # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** @@ -25,12 +25,12 @@ index 9e82528..0ae84b1 100644 # The default distribution of Exim contains only the plain text form of the # documentation. Other forms are available separately. If you want to install diff --git a/src/config.h.defaults b/src/config.h.defaults -index e17f015..008b97b 100644 +index 877cc7b..94abf58 100644 --- a/src/config.h.defaults +++ b/src/config.h.defaults -@@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'. +@@ -35,6 +35,8 @@ Do not put spaces between # and the 'define'. - #define AUTH_VARS 3 + #define AUTH_VARS 4 +#define DLOPEN_LOCAL_SCAN + @@ -38,10 +38,10 @@ index e17f015..008b97b 100644 #define CONFIGURE_FILE diff --git a/src/globals.c b/src/globals.c -index fc3086f..aa11a9b 100644 +index 5d9f7f8..6f11de5 100644 --- a/src/globals.c +++ b/src/globals.c -@@ -147,6 +147,10 @@ uschar *tls_verify_hosts = NULL; +@@ -155,6 +155,10 @@ time_t tls_watch_trigger_time = (time_t)0; uschar *tls_advertise_hosts = NULL; #endif @@ -53,12 +53,12 @@ index fc3086f..aa11a9b 100644 /* Per Recipient Data Response variables */ BOOL prdr_enable = FALSE; diff --git a/src/globals.h b/src/globals.h -index c80c853..333455c 100644 +index b610ac0..3b97a5d 100644 --- a/src/globals.h +++ b/src/globals.h -@@ -141,6 +141,11 @@ extern uschar *tls_try_verify_hosts; /* Optional client verification */ - extern uschar *tls_verify_certificates;/* Path for certificates to check */ - extern uschar *tls_verify_hosts; /* Mandatory client verification */ +@@ -149,6 +149,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */ + extern int tls_watch_fd; /* for inotify of creds files */ + extern time_t tls_watch_trigger_time; /* non-0: triggered */ #endif + +#ifdef DLOPEN_LOCAL_SCAN @@ -69,10 +69,10 @@ index c80c853..333455c 100644 extern uschar *dsn_envid; /* DSN envid string */ diff --git a/src/local_scan.c b/src/local_scan.c -index 4dd0b2b..72e0033 100644 +index 2032ae7..43dfe99 100644 --- a/src/local_scan.c +++ b/src/local_scan.c -@@ -5,61 +5,135 @@ +@@ -5,59 +5,133 @@ /* Copyright (c) University of Cambridge 1995 - 2009 */ /* See the file NOTICE for conditions of use and distribution. */ @@ -137,8 +137,6 @@ index 4dd0b2b..72e0033 100644 int local_scan(int fd, uschar **return_text) { - fd = fd; /* Keep picky compilers happy */ - return_text = return_text; -return LOCAL_SCAN_ACCEPT; +#ifdef DLOPEN_LOCAL_SCAN +/* local_scan_path is defined AND not the empty string */ @@ -170,8 +168,8 @@ index 4dd0b2b..72e0033 100644 +else +#endif + return LOCAL_SCAN_ACCEPT; - } - ++ } ++ +#ifdef DLOPEN_LOCAL_SCAN + +static int load_local_scan_library(void) @@ -250,16 +248,16 @@ index 4dd0b2b..72e0033 100644 + } + +return TRUE; -+} -+ + } + +#endif /* DLOPEN_LOCAL_SCAN */ + /* End of local_scan.c */ diff --git a/src/readconf.c b/src/readconf.c -index 0d0769c..f1bb0ef 100644 +index 987f9fa..b05896f 100644 --- a/src/readconf.c +++ b/src/readconf.c -@@ -205,6 +205,9 @@ static optionlist optionlist_config[] = { +@@ -215,6 +215,9 @@ static optionlist optionlist_config[] = { { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, { "local_from_suffix", opt_stringptr, {&local_from_suffix} }, { "local_interfaces", opt_stringptr, {&local_interfaces} }, diff --git a/exim-4.95-opendmarc-1.4-build-fix.patch b/exim-4.95-opendmarc-1.4-build-fix.patch new file mode 100644 index 0000000..8924638 --- /dev/null +++ b/exim-4.95-opendmarc-1.4-build-fix.patch @@ -0,0 +1,13 @@ +diff --git a/src/dmarc.c b/src/dmarc.c +index 8a9cdce..9e70cc1 100644 +--- a/src/dmarc.c ++++ b/src/dmarc.c +@@ -461,7 +461,7 @@ if (!dmarc_abort && !sender_host_authenticated) + vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : + DMARC_POLICY_DKIM_OUTCOME_NONE; + libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain, +- dkim_result, US""); ++ sig->selector, dkim_result, US""); + DEBUG(D_receive) + debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); + if (libdm_status != DMARC_PARSE_OKAY) diff --git a/exim-4.85-pic.patch b/exim-4.95-pic.patch similarity index 77% rename from exim-4.85-pic.patch rename to exim-4.95-pic.patch index d61edba..49ea919 100644 --- a/exim-4.85-pic.patch +++ b/exim-4.95-pic.patch @@ -1,5 +1,5 @@ diff --git a/src/lookups/Makefile b/src/lookups/Makefile -index 6ba0cb1..21a7ad7 100644 +index 1fd1394..a24ea2a 100644 --- a/src/lookups/Makefile +++ b/src/lookups/Makefile @@ -22,7 +22,7 @@ lookups.a: $(OBJ) @@ -9,5 +9,5 @@ index 6ba0cb1..21a7ad7 100644 - $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $*.c -o $@ + $(FE)$(CC) $(LOOKUP_$*_INCLUDE) $(LOOKUP_$*_LIBS) -DDYNLOOKUP $(CFLAGS_DYNAMIC) $(CFLAGS) $(INCLUDE) $(DLFLAGS) $(PIC) $*.c -o $@ - lf_check_file.o: $(PHDRS) lf_check_file.c lf_functions.h - lf_quote.o: $(PHDRS) lf_quote.c lf_functions.h + lf_check_file.o: $(HDRS) lf_check_file.c lf_functions.h + lf_quote.o: $(HDRS) lf_quote.c lf_functions.h diff --git a/exim.spec b/exim.spec index 25251e3..0c0728d 100644 --- a/exim.spec +++ b/exim.spec @@ -14,7 +14,7 @@ Summary: The exim mail transfer agent Name: exim -Version: 4.94.2 +Version: 4.95 Release: 1%{?dist} License: GPLv2+ Url: https://www.exim.org/ @@ -52,10 +52,12 @@ Source25: exim-gen-cert Source26: clamd.exim.service %endif -Patch0: exim-4.94.2-config.patch +Patch0: exim-4.95-config.patch Patch1: exim-4.94-libdir.patch -Patch2: exim-4.94-dlopen-localscan.patch -Patch3: exim-4.85-pic.patch +Patch2: exim-4.95-dlopen-localscan.patch +Patch3: exim-4.95-pic.patch +# https://bugs.exim.org/show_bug.cgi?id=2728 +Patch4: exim-4.95-opendmarc-1.4-build-fix.patch Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: /etc/aliases @@ -204,6 +206,7 @@ greylisting unconditional. %patch1 -p1 -b .libdir %patch2 -p1 -b .dl %patch3 -p1 -b .fpic +%patch4 -p1 -b .opendmarc-1.4-build-fix cp src/EDITME Local/Makefile sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile @@ -605,6 +608,10 @@ test "$1" = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || : %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Thu Jun 23 2022 Jaroslav Škarvada - 4.95-1 +- New version + Resolves: rhbz#2100385 + * Tue May 4 2021 Jaroslav Škarvada - 4.94.2-1 - New version diff --git a/sources b/sources index a9db6bd..651c4cd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (sa-exim-4.2.tar.gz) = 2c1839c4d897bf65d19c754bbc9dc0674276ccad4a564c639591396afc23f1456decceec94817f62ee9b688f5d6d90436d3d47c869e04a69c955b1376c9fbd7b -SHA512 (exim-4.94.2.tar.xz) = 5334c236221ed4e03dbc33e6a79d939b06037fa2f4b71971607a360b67af5c85a89681ee13a5eeaf0184382c55a160cf2e89ed7afb2949f025a54f1e88f9e3fc +SHA512 (exim-4.95.tar.xz) = 93d09c20d99f27da5edbe3e6dc7d25aa4548faa2b67ca26f2cc0b4aeaf58398dd468e0263714fcf0df97531f05d16fcd3f1f0e9d0656ead7858a66b248a44a65