New version

Resolves: rhbz#2119687
New version
2022-08-19 21:58:13 +02:00 · 2022-06-23 18:52:14 +02:00 · 2021-05-04 20:34:33 +02:00 · 2021-04-13 00:00:01 +02:00 · 2021-04-12 14:27:32 +02:00 · 2021-03-25 15:42:00 +01:00
8 changed files with 384 additions and 1349 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 /exim-*.tar.xz
-/exim-*.tar.xz.asc
+/sa-exim-*.tar.gz
--- a/Exim-Maintainers-Keyring.asc
+++ b/Exim-Maintainers-Keyring.asc
--- a/exim-4.96-config.patch
+++ b/exim-4.96-config.patch
@ -12,7 +12,7 @@ index ed77b6a..b9eb64d 100755
   echo "" >>$mft
   cat $mftt >> $mft
 diff --git a/src/EDITME b/src/EDITME
-index 53022e5..cf0b33e 100644
+index 53022e5..b7ae2cc 100644
 --- a/src/EDITME
 +++ b/src/EDITME
@@ -99,7 +99,7 @@
@ -86,7 +86,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -409,22 +409,28 @@ LOOKUP_DBM=yes
+@@ -409,22 +409,27 @@ LOOKUP_DBM=yes
 LOOKUP_LSEARCH=yes
 LOOKUP_DNSDB=yes
 
@ -99,18 +99,17 @@ index 53022e5..cf0b33e 100644
 -# LOOKUP_LDAP=yes
 +LOOKUP_LDAP=yes
 +LDAP_LIB_TYPE=OPENLDAP2
-+LOOKUP_LIBS=-lldap -llber -lsqlite3
+LOOKUP_INCLUDE=-I/usr/include/mysql
+LOOKUP_LIBS=-lldap -llber -lsqlite3 -L/usr/$(_lib)/mysql -lmysqlclient
 # LOOKUP_LMDB=yes
 
 -# LOOKUP_MYSQL=yes
-# LOOKUP_MYSQL_PC=mariadb
-# LOOKUP_NIS=yes
 +LOOKUP_MYSQL=2
-+LOOKUP_MYSQL_PC=mariadb
+ # LOOKUP_MYSQL_PC=mariadb
+-# LOOKUP_NIS=yes
+-# LOOKUP_NISPLUS=yes
 +LOOKUP_NIS=yes
- # LOOKUP_NISPLUS=yes
-+CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc
-+LIBS+=-L/usr/$(_lib)/nsl
+LOOKUP_NISPLUS=yes
 +
 # LOOKUP_ORACLE=yes
 -# LOOKUP_PASSWD=yes
@ -124,7 +123,7 @@ index 53022e5..cf0b33e 100644
 # LOOKUP_SQLITE_PC=sqlite3
 # LOOKUP_WHOSON=yes
 
-@@ -437,7 +443,7 @@ LOOKUP_DNSDB=yes
+@@ -437,7 +442,7 @@ LOOKUP_DNSDB=yes
 
 
 # Some platforms may need this for LOOKUP_NIS:
@ -133,7 +132,7 @@ index 53022e5..cf0b33e 100644
 
 #------------------------------------------------------------------------------
 # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate
-@@ -511,7 +517,7 @@ SUPPORT_DANE=yes
+@@ -511,7 +516,7 @@ SUPPORT_DANE=yes
 # files are defaulted in the OS/Makefile-Default file, but can be overridden in
 # local OS-specific make files.
 
@ -142,7 +141,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -521,7 +527,7 @@ SUPPORT_DANE=yes
+@@ -521,7 +526,7 @@ SUPPORT_DANE=yes
 # and the MIME ACL. Please read the documentation to learn more about these
 # features.
 
@ -151,7 +150,7 @@ index 53022e5..cf0b33e 100644
 
 # If you have content scanning you may wish to only include some of the scanner
 # interfaces.  Uncomment any of these lines to remove that code.
-@@ -604,12 +610,12 @@ DISABLE_MAL_MKS=yes
+@@ -604,12 +609,12 @@ DISABLE_MAL_MKS=yes
 # using libopendmarc libraries. You must have SPF and DKIM support enabled also.
 # Library version libopendmarc-1.4.1-1.fc33.x86_64  (on Fedora 33) is known broken;
 # 1.3.2-3 works.  I seems that the OpenDMARC project broke their API.
@ -167,7 +166,7 @@ index 53022e5..cf0b33e 100644
 
 # Uncomment the following line to add ARC (Authenticated Received Chain)
 # support.  You must have SPF and DKIM support enabled also.
-@@ -709,7 +715,7 @@ FIXED_NEVER_USERS=root
+@@ -709,7 +714,7 @@ FIXED_NEVER_USERS=root
 # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
 # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
 
@ -176,7 +175,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -754,18 +760,18 @@ FIXED_NEVER_USERS=root
+@@ -754,18 +759,18 @@ FIXED_NEVER_USERS=root
 # included in the Exim binary. You will then need to set up the run time
 # configuration to make use of the mechanism(s) selected.
 
@ -203,7 +202,7 @@ index 53022e5..cf0b33e 100644
 
 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
 # requires multiple pkg-config files to work with Exim, so the second example
-@@ -792,7 +798,7 @@ FIXED_NEVER_USERS=root
+@@ -792,7 +797,7 @@ FIXED_NEVER_USERS=root
 # one that is set in the headers_charset option. The default setting is
 # defined by this setting:
 
@ -212,7 +211,7 @@ index 53022e5..cf0b33e 100644
 
 # If you are going to make use of $header_xxx expansions in your configuration
 # file, or if your users are going to use them in filter files, and the normal
-@@ -812,7 +818,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -812,7 +817,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # the Sieve filter support. For those OS where iconv() is known to be installed
 # as standard, the file in OS/Makefile-xxxx contains
 #
@ -221,7 +220,7 @@ index 53022e5..cf0b33e 100644
 #
 # If you are not using one of those systems, but have installed iconv(), you
 # need to uncomment that line above. In some cases, you may find that iconv()
-@@ -888,7 +894,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -888,7 +893,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # Once you have done this, "make install" will build the info files and
 # install them in the directory you have defined.
 
@ -230,7 +229,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -901,7 +907,7 @@ HEADERS_CHARSET="ISO-8859-1"
+@@ -901,7 +906,7 @@ HEADERS_CHARSET="ISO-8859-1"
 # %s. This will be replaced by one of the strings "main", "panic", or "reject"
 # to form the final file names. Some installations may want something like this:
 
@ -239,7 +238,7 @@ index 53022e5..cf0b33e 100644
 
 # which results in files with names /var/log/exim_mainlog, etc. The directory
 # in which the log files are placed must exist; Exim does not try to create
-@@ -973,7 +979,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -973,7 +978,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
 # Perl costs quite a lot of resources. Only do this if you really need it.
 
@ -248,7 +247,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -983,7 +989,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -983,7 +988,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # that the local_scan API is made available by the linker. You may also need
 # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
 
@ -257,7 +256,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -993,7 +999,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -993,7 +998,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # support, which is intended for use in conjunction with the SMTP AUTH
 # facilities, is included only when requested by the following setting:
 
@ -266,7 +265,7 @@ index 53022e5..cf0b33e 100644
 
 # You probably need to add -lpam to EXTRALIBS, and in some releases of
 # GNU/Linux -ldl is also needed.
-@@ -1005,12 +1011,12 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -1005,12 +1010,12 @@ ZCAT_COMMAND=/usr/bin/zcat
 # If you may want to use outbound (client-side) proxying, using Socks5,
 # uncomment the line below.
 
@ -281,7 +280,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -1034,9 +1040,9 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -1034,9 +1039,9 @@ ZCAT_COMMAND=/usr/bin/zcat
 # installed on your system (www.libspf2.org). Depending on where it is installed
 # you may have to edit the CFLAGS and LDFLAGS lines.
 
@ -293,7 +292,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -1101,7 +1107,7 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -1101,7 +1106,7 @@ ZCAT_COMMAND=/usr/bin/zcat
 # group. Once you have installed saslauthd, you should arrange for it to be
 # started by root at boot time.
 
@ -302,18 +301,18 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -1115,8 +1121,8 @@ ZCAT_COMMAND=/usr/bin/zcat
+@@ -1115,8 +1120,8 @@ ZCAT_COMMAND=/usr/bin/zcat
 # library for TCP wrappers, so you probably need something like this:
 #
 # USE_TCP_WRAPPERS=yes
 -# CFLAGS=-O -I/usr/local/include
 -# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
-+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE)
+CFLAGS+=$(RPM_OPT_FLAGS) $(PIE) -std=gnu99
 +EXTRALIBS_EXIM=-lpam -ldl -export-dynamic -rdynamic
 #
 # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM
 # as well.
-@@ -1168,7 +1174,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1168,7 +1173,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # is "yes", as well as supporting line editing, a history of input lines in the
 # current run is maintained.
 
@ -322,7 +321,7 @@ index 53022e5..cf0b33e 100644
 
 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes.
 # Note that this option adds to the size of the Exim binary, because the
-@@ -1185,7 +1191,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1185,7 +1190,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 #------------------------------------------------------------------------------
 # Uncomment this setting to include IPv6 support.
 
@ -331,7 +330,7 @@ index 53022e5..cf0b33e 100644
 
 ###############################################################################
 #              THINGS YOU ALMOST NEVER NEED TO MENTION                        #
-@@ -1206,13 +1212,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
+@@ -1206,13 +1211,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases
 # haven't got Perl, Exim will still build and run; you just won't be able to
 # use those utilities.
 
@ -352,7 +351,7 @@ index 53022e5..cf0b33e 100644
 
 
 #------------------------------------------------------------------------------
-@@ -1414,7 +1420,7 @@ EXIM_TMPDIR="/tmp"
+@@ -1414,7 +1419,7 @@ EXIM_TMPDIR="/tmp"
 # (process id) to a file so that it can easily be identified. The path of the
 # file can be specified here. Some installations may want something like this:
 
--- a/exim-clamav-tmpfiles.conf
+++ b/exim-clamav-tmpfiles.conf
@ -1 +1 @@
-D /run/clamd.exim 0750 exim exim -
+D /var/run/clamd.exim 0750 exim exim -
--- a/exim.init
+++ b/exim.init
@ -0,0 +1,132 @@
+#!/bin/bash
+#
+# exim    This shell script takes care of starting and stopping exim
+#
+# chkconfig: 2345 80 30
+# description: Exim is a Mail Transport Agent, which is the program \
+#              that moves mail from one machine to another.
+# processname: exim
+# config: /etc/exim/exim.conf
+# pidfile: /var/run/exim.pid
+
+# Source function library.
+. /etc/init.d/functions
+
+# Source networking configuration.
+[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network
+
+# Source exim configureation.
+if [ -f /etc/sysconfig/exim ] ; then
+	. /etc/sysconfig/exim
+else
+	DAEMON=yes
+	QUEUE=1h
+fi
+
+USER=${USER:=exim}
+GROUP=${GROUP:=exim}
+
+gen_cert() {
+	if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then
+		umask 077
+		FQDN=`hostname`
+		if [ "x${FQDN}" = "x" ]; then
+			FQDN=localhost.localdomain
+		fi
+		echo -n $"Generating exim certificate: "
+		cat << EOF | openssl req -new -x509 -days 365 -nodes \
+			-out /etc/pki/tls/certs/exim.pem \
+			-keyout /etc/pki/tls/private/exim.pem &>/dev/null
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+${FQDN}
+root@${FQDN}
+EOF
+		if [ $? -eq 0 ]; then
+			success
+			chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem
+			chmod 600 /etc/pki/tls/{private,certs}/exim.pem
+		else
+			failure
+		fi
+		echo
+	fi
+}
+
+start() {
+	[ "$EUID" != "0" ] && exit 4
+	[ "${NETWORKING}" = "no" ] && exit 1
+	[ -f /usr/sbin/exim ] || exit 5
+
+	# check ownerships
+	# do this by seeing if /var/log/exim/main.log exists and is
+	# owned by exim - if owned by someone else we fix it up
+	if [ -f /var/log/exim/main.log ]
+	then
+	    if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ]
+	    then
+		chown -R $USER:$GROUP /var/log/exim /var/spool/exim
+	    fi
+	fi
+
+	# generate certificate if doesn't exist
+	gen_cert
+
+        # Start daemons.
+        echo -n $"Starting exim: "
+        daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \
+                              $([ -n "$QUEUE" ] && echo -q$QUEUE)
+        RETVAL=$?
+        echo
+        [ $RETVAL = 0 ] && touch /var/lock/subsys/exim
+}
+
+stop() {
+	[ "$EUID" != "0" ] && exit 4
+        # Stop daemons.
+        echo -n $"Shutting down exim: "
+        killproc exim
+	RETVAL=$?
+        echo
+        [ $RETVAL = 0 ] && rm -f /var/lock/subsys/exim
+}
+
+restart() {
+	stop
+	start
+}
+
+# See how we were called.
+case "$1" in
+  start)
+	start
+	;;
+  stop)
+	stop
+	;;
+  restart)
+	restart
+	;;
+  reload|force-reload)
+	status exim > /dev/null || exit 7
+	echo -n $"Reloading exim:"
+	killproc exim -HUP
+	echo
+	;;
+  condrestart|try-restart)
+	status exim > /dev/null || exit 0
+	restart
+	;;
+  status)
+	status exim
+	;;
+  *)
+	echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart|try-restart}"
+	exit 2
+esac
+
+exit $RETVAL
+
--- a/exim.spec
+++ b/exim.spec
@ -1,3 +1,7 @@
+# SA-Exim has long since been obsoleted by the proper built-in ACL support
+# from exiscan. Disable it by default
+%bcond_with sa
+
 # By default build clamav subpackage on Fedora,
 # do not build on RHEL
 %if 0%{?rhel}
@ -6,41 +10,47 @@
 %bcond_without clamav
 %endif

-# hardened build if not overridden
-%{!?_hardened_build:%global _hardened_build 1}
+%global sysv2systemdnvr 4.76-6

 Summary: The exim mail transfer agent
 Name: exim
 Version: 4.96
-Release: 2%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Url: https://www.exim.org/
-
+Group: System Environment/Daemons
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Provides: MTA smtpd smtpdaemon server(smtp)
-Requires(post): /sbin/restorecon %{_sbindir}/alternatives systemd
+Requires(post): /sbin/chkconfig /sbin/service /sbin/restorecon %{_sbindir}/alternatives systemd systemd-sysv
 Requires(preun): %{_sbindir}/alternatives systemd
 Requires(postun): %{_sbindir}/alternatives systemd
 Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd
 %if %{with clamav}
-BuildRequires: clamd
+Requires: initscripts
+BuildRequires: clamav-devel
 %endif
 Source: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz
-Source1: https://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.xz.asc
-Source2: https://downloads.exim.org/Exim-Maintainers-Keyring.asc
-
+Source2: exim.init
 Source3: exim.sysconfig
 Source4: exim.logrotate
 Source5: exim-tidydb.sh
 Source11: exim.pam
+%if %{with clamav}
 Source12: exim-clamav-tmpfiles.conf
+%endif

+%if %{with sa}
+Source13: http://marc.merlins.org/linux/exim/files/sa-exim-4.2.tar.gz
+%endif
 Source20: exim-greylist.conf.inc
 Source21: mk-greylist-db.sql
 Source22: greylist-tidy.sh
 Source23: trusted-configs
 Source24: exim.service
 Source25: exim-gen-cert
+%if %{with clamav}
 Source26: clamd.exim.service
+%endif

 Patch0: exim-4.96-config.patch
 Patch1: exim-4.94-libdir.patch
@ -54,45 +64,16 @@ Patch5: exim-4.96-build-fix.patch
 Requires: /etc/pki/tls/certs /etc/pki/tls/private
 Requires: /etc/aliases
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
-Recommends: publicsuffix-list
-BuildRequires: gcc
-BuildRequires: libdb-devel
-BuildRequires: openssl-devel
-BuildRequires: openldap-devel
-BuildRequires: pam-devel
-BuildRequires: pcre2-devel
-BuildRequires: sqlite-devel
-BuildRequires: cyrus-sasl-devel
-BuildRequires: libspf2-devel
-BuildRequires: libopendmarc-devel
-BuildRequires: openldap-devel
-BuildRequires: openssl-devel
-BuildRequires: mariadb-connector-c-devel
-BuildRequires: libpq-devel
-BuildRequires: libXaw-devel
-BuildRequires: libXmu-devel
-BuildRequires: libXext-devel
-BuildRequires: libX11-devel
-BuildRequires: libSM-devel
-BuildRequires: perl-devel
-BuildRequires: perl-generators
-BuildRequires: libICE-devel
-BuildRequires: libXpm-devel
-BuildRequires: libXt-devel
-BuildRequires: perl(ExtUtils::Embed)
-# mariadb-devel for mariadb pkgconfig
-BuildRequires: systemd-units
-BuildRequires: libgsasl-devel
-BuildRequires: mariadb-devel
-# Workaround for NIS removal from glibc, bug 1534920
-BuildRequires: libnsl2-devel
-BuildRequires: libtirpc-devel
-BuildRequires: gnupg2
-BuildRequires: grep
-%if 0%{?rhel} == 8
-BuildRequires:  epel-rpm-macros >= 8-5
+BuildRequires: libdb-devel openssl-devel openldap-devel pam-devel
+%if %{with sa}
+BuildRequires: lynx
 %endif
-BuildRequires: make
+BuildRequires: pcre2-devel sqlite-devel tcp_wrappers-devel cyrus-sasl-devel
+BuildRequires: libspf2-devel libopendmarc-devel
+BuildRequires: openldap-devel openssl-devel mysql-devel postgresql-devel
+BuildRequires: libXaw-devel libXmu-devel libXext-devel libX11-devel libSM-devel
+BuildRequires: libICE-devel libXpm-devel libXt-devel perl(ExtUtils::Embed)
+BuildRequires: systemd-units libgsasl-devel grep

 %description
 Exim is a message transfer agent (MTA) developed at the University of
@ -104,8 +85,20 @@ routed, and there are extensive facilities for checking incoming
 mail. Exim can be installed in place of sendmail, although the
 configuration of exim is quite different to that of sendmail.

+%package sysvinit
+Summary: SysV initscript for Exim
+Group: System Environment/Daemons
+BuildArch: noarch
+Requires: %{name} = %{version}-%{release}
+Requires(preun): chkconfig
+Requires(post): chkconfig
+
+%description sysvinit
+This package contains the SysV initscript for Exim.
+
 %package mysql
 Summary: MySQL lookup support for Exim
+Group: System Environment/Daemons
 Requires: exim = %{version}-%{release}

 %description mysql
@ -113,6 +106,7 @@ This package contains the MySQL lookup module for Exim

 %package pgsql
 Summary: PostgreSQL lookup support for Exim
+Group: System Environment/Daemons
 Requires: exim = %{version}-%{release}

 %description pgsql
@ -120,6 +114,7 @@ This package contains the PostgreSQL lookup module for Exim

 %package mon
 Summary: X11 monitor application for Exim
+Group: Applications/System

 %description mon
 The Exim Monitor is an optional supplement to the Exim package. It
@ -127,11 +122,26 @@ displays information about Exim's processing in an X window, and an
 administrator can perform a number of control actions from the window
 interface.

+%if %{with sa}
+%package sa
+Summary: Exim SpamAssassin at SMTP time - d/l plugin
+Group: System Environment/Daemons
+Requires: exim = %{version}-%{release}
+
+%description sa
+The exim-sa package is an old method for allowing SpamAssassin to be run on
+incoming mail at SMTP time. It is deprecated in favour of the built-in ACL
+support for content scanning.
+%endif
+
 %if %{with clamav}
 %package clamav
 Summary: Clam Antivirus scanner dæmon configuration for use with Exim
-Requires: clamd exim
+Group: System Environment/Daemons
+Requires: clamav-server exim
 Obsoletes: clamav-exim <= 0.86.2
+Requires(post): /sbin/chkconfig /sbin/service
+Requires(preun): /sbin/chkconfig /sbin/service

 %description clamav
 This package contains configuration files which invoke a copy of the
@ -150,10 +160,21 @@ For further details of Exim content scanning, see chapter 41 of the Exim
 specification:
 http://www.exim.org/exim-html-%{version}/doc/html/spec_html/ch41.html

+%package clamav-sysvinit
+Summary: SysV initscript for Clam Antivirus scanner for Exim
+Group: System Environment/Daemons
+BuildArch: noarch
+Requires: exim-clamav = %{version}-%{release}
+Requires(preun): chkconfig
+Requires(post): chkconfig
+
+%description clamav-sysvinit
+This package contains the SysV initscript.
 %endif

 %package greylist
 Summary: Example configuration for greylisting using Exim
+Group: System Environment/Daemons
 Requires: sqlite exim
 Requires: crontabs

@ -178,8 +199,17 @@ greylisting for whatever 'offences' you can dream of, or even to make
 greylisting unconditional.

 %prep
-%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
-%autosetup -p1
+%setup -q
+%if %{with sa}
+%setup -q -T -D -a 13
+%endif
+
+%patch0 -p1 -b .config
+%patch1 -p1 -b .libdir
+%patch2 -p1 -b .dl
+%patch3 -p1 -b .fpic
+%patch4 -p1 -b .opendmarc-1.4-build-fix
+%patch5 -p1 -b .build-fix

 cp src/EDITME Local/Makefile
 sed -i 's@^# LOOKUP_MODULE_DIR=.*@LOOKUP_MODULE_DIR=%{_libdir}/exim/%{version}-%{release}/lookups@' Local/Makefile
@ -201,11 +231,18 @@ popd
 	export PIE=-fPIE
 	export PIC=-fPIC
 %endif
-
-export LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-pie -Wl,-z,relro,-z,now}"
 make _lib=%{_lib} FULLECHO=

+%if %{with sa}
+# build sa-exim
+cd sa-exim*
+perl -pi -e 's|\@lynx|HOME=/ /usr/bin/lynx|g;' Makefile
+make SACONF=%{_sysconfdir}/exim/sa-exim.conf CFLAGS="$RPM_OPT_FLAGS -fPIC"
+%endif
+
 %install
+rm -rf $RPM_BUILD_ROOT
+
 mkdir -p $RPM_BUILD_ROOT%{_sbindir}
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
 mkdir -p $RPM_BUILD_ROOT%{_libdir}
@ -267,6 +304,9 @@ pod2man --center=EXIM --section=8 \
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
 install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/exim

+mkdir -p $RPM_BUILD_ROOT%{_initrddir}
+install %SOURCE2 $RPM_BUILD_ROOT%{_initrddir}/exim
+
 # Systemd
 mkdir -p %{buildroot}%{_unitdir}
 mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
@ -283,6 +323,15 @@ install -m 0644 %SOURCE4 $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/exim
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily
 install -m 0755 %SOURCE5 $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/exim-tidydb

+%if %{with sa}
+# install sa
+cd sa-exim*
+mkdir -p $RPM_BUILD_ROOT%{_libexecdir}/exim
+install *.so  $RPM_BUILD_ROOT%{_libexecdir}/exim
+install -m 644 *.conf $RPM_BUILD_ROOT%{_sysconfdir}/exim
+ln -s sa-exim*.so $RPM_BUILD_ROOT%{_libexecdir}/exim/sa-exim.so
+%endif
+
 # generate ghost .pem file
 mkdir -p $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}
 touch $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
@ -291,23 +340,23 @@ chmod 600 $RPM_BUILD_ROOT/etc/pki/tls/{certs,private}/exim.pem
 # generate alternatives ghosts
 mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
 for i in %{_sbindir}/sendmail %{_bindir}/{mailq,runq,rsmtp,rmail,newaliases} \
-	/usr/lib/sendmail %{_sysconfdir}/pam.d/smtp
+	/usr/lib/sendmail %{_sysconfdir}/pam.d/smtp %{_mandir}/man1/mailq.1.gz
 do
 	touch $RPM_BUILD_ROOT$i
 done
-gzip < /dev/null > $RPM_BUILD_ROOT%{_mandir}/man1/mailq.1.gz

 %if %{with clamav}
 # Munge the clamav init and config files from clamav-devel. This really ought
 # to be a subpackage of clamav, but this hack will have to do for now.
 function clamsubst() {
-	 sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_docdir}/clamd/"$1" >"$RPM_BUILD_ROOT$2"
+	 sed -e "s!<SERVICE>!$3!g;s!<USER>!$4!g;""$5" %{_datadir}/clamav/template/"$1" >"$RPM_BUILD_ROOT$2"
 }

 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/clamd.d
 clamsubst clamd.conf %{_sysconfdir}/clamd.d/exim.conf exim exim \
       's!^##*\(\(LogFile\|LocalSocket\|PidFile\|User\)\s\|\(StreamSaveToDisk\|ScanMail\|LogTime\|ScanArchive\)$\)!\1!;s!^Example!#Example!;'

+clamsubst clamd.init %{_initrddir}/clamd.exim exim exim ''
 clamsubst clamd.logrotate %{_sysconfdir}/logrotate.d/clamd.exim exim exim ''
 cat <<EOF > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/clamd.exim
 CLAMD_CONFIG='%_sysconfdir/clamd.d/exim.conf'
@ -315,8 +364,8 @@ CLAMD_SOCKET=%{_var}/run/clamd.exim/clamd.sock
 EOF
 ln -sf clamd $RPM_BUILD_ROOT/usr/sbin/clamd.exim

-mkdir -p %{buildroot}%{_tmpfilesdir}
-install -m 0644 %{SOURCE12} %{buildroot}%{_tmpfilesdir}/exim-clamav.conf
+mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
+install -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/tmpfiles.d/exim-clamav.conf
 mkdir -p $RPM_BUILD_ROOT%{_var}/run/clamd.exim
 mkdir -p $RPM_BUILD_ROOT%{_var}/log
 touch $RPM_BUILD_ROOT%{_var}/log/clamd.exim
@ -331,6 +380,9 @@ install -m755 %{SOURCE22} $RPM_BUILD_ROOT/%_sysconfdir/cron.daily/greylist-tidy.
 install -m644 %{SOURCE23} $RPM_BUILD_ROOT/%_sysconfdir/exim/trusted-configs
 touch $RPM_BUILD_ROOT/%_var/spool/exim/db/greylist.db

+%clean
+rm -rf $RPM_BUILD_ROOT
+
 %check
 build-`scripts/os-type`-`scripts/arch-type`/exim -C src/configure.default -bV

@ -375,6 +427,27 @@ if [ $1 -ge 1 ]; then
 	fi
 fi

+%triggerun -- exim < %{sysv2systemdnvr}
+%{_bindir}/systemd-sysv-convert --save exim >/dev/null 2>&1 ||:
+/bin/systemctl enable exim.service >/dev/null 2>&1
+/sbin/chkconfig --del exim >/dev/null 2>&1 || :
+/bin/systemctl try-restart exim.service >/dev/null 2>&1 || :
+
+%triggerpostun -n exim-sysvinit -- exim < %{sysv2systemdnvr}
+/sbin/chkconfig --add exim >/dev/null 2>&1 || :
+
+%post sysvinit
+/sbin/chkconfig --add exim >/dev/null 2>&1 ||:
+
+%preun sysvinit
+if [ "$1" = 0 ]; then
+	%{_initrddir}/exim stop >/dev/null 2>&1 ||:
+	/sbin/chkconfig --del exim >/dev/null 2>&1 ||:
+fi
+
+%postun sysvinit
+[ "$1" -ge "1" ] && %{_initrddir}/exim condrestart >/dev/null 2>&1 ||:
+
 %post greylist
 if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
   sqlite3 %{_var}/spool/exim/db/greylist.db < %{_sysconfdir}/exim/mk-greylist-db.sql
@ -383,6 +456,7 @@ if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then
 fi

 %files
+%defattr(-,root,root)
 %attr(4755,root,root) %{_sbindir}/exim
 %{_sbindir}/exim_dumpdb
 %{_sbindir}/exim_fixdb
@ -429,8 +503,7 @@ fi
 %config(noreplace) %{_sysconfdir}/pam.d/exim
 %{_sysconfdir}/cron.daily/exim-tidydb

-%license LICENCE NOTICE
-%doc ACKNOWLEDGMENTS README.UPDATING README
+%doc ACKNOWLEDGMENTS LICENCE NOTICE README.UPDATING README
 %doc doc util/unknownuser.sh

 %attr(0600,root,root) %ghost %config(missingok,noreplace) %verify(not md5 size mtime) /etc/pki/tls/certs/exim.pem
@ -446,16 +519,32 @@ fi
 %ghost %{_sysconfdir}/pam.d/smtp
 %ghost %{_mandir}/man1/mailq.1.gz

+%files sysvinit
+%defattr(-,root,root,-)
+%{_initrddir}/exim
+
 %files mysql
+%defattr(-,root,root,-)
 %{_libdir}/exim/%{version}-%{release}/lookups/mysql.so

 %files pgsql
+%defattr(-,root,root,-)
 %{_libdir}/exim/%{version}-%{release}/lookups/pgsql.so

 %files mon
+%defattr(-,root,root)
 %{_sbindir}/eximon
 %{_sbindir}/eximon.bin

+%if %{with sa}
+%files sa
+%defattr(-,root,root)
+%{_libexecdir}/exim
+%config(noreplace) %{_sysconfdir}/exim/sa-*.conf
+%doc sa-exim*/*.html
+%doc sa-exim*/{ACKNOWLEDGEMENTS,INSTALL,LICENSE,TODO}
+%endif
+
 %if %{with clamav}
 %post clamav
 /bin/mkdir -pm 0750 %{_var}/run/clamd.exim
@ -479,77 +568,66 @@ if [ $1 -ge 1 ] ; then
    /bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
 fi

+%triggerun -- clamav < %{sysv2systemdnvr}
+%{_bindir}/systemd-sysv-convert --save clamd.exim >/dev/null 2>&1 ||:
+/bin/systemctl enable clamd.exim.service >/dev/null 2>&1
+/sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
+/bin/systemctl try-restart clamd.exim.service >/dev/null 2>&1 || :
+
+%triggerpostun -n exim-clamav-sysvinit -- exim < %{sysv2systemdnvr}
+/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
+
+%post clamav-sysvinit
+/sbin/chkconfig --add clamd.exim >/dev/null 2>&1 ||:
+
+%preun clamav-sysvinit
+test "$1" != 0 || %{_initrddir}/clamd.exim stop >/dev/null 2>&1 || :
+test "$1" != 0 || /sbin/chkconfig --del clamd.exim >/dev/null 2>&1 || :
+
+%postun clamav-sysvinit
+test "$1"  = 0 || %{_initrddir}/clamd.exim condrestart >/dev/null 2>&1 || :
+
 %files clamav
+%defattr(-,root,root,-)
 %{_sbindir}/clamd.exim
 %{_unitdir}/clamd.exim.service
 %config(noreplace) %verify(not mtime) %{_sysconfdir}/clamd.d/exim.conf
 %config(noreplace) %verify(not mtime) %{_sysconfdir}/sysconfig/clamd.exim
 %config(noreplace) %verify(not mtime) %{_sysconfdir}/logrotate.d/clamd.exim
-%{_tmpfilesdir}/exim-clamav.conf
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/exim-clamav.conf
 %ghost %attr(0750,exim,exim) %dir %{_var}/run/clamd.exim
 %ghost %attr(0644,exim,exim) %{_var}/log/clamd.exim
+
+%files clamav-sysvinit
+%defattr(-,root,root,-)
+%attr(0755,root,root) %config %{_initrddir}/clamd.exim
 %endif

 %files greylist
+%defattr(-,root,root,-)
 %config %{_sysconfdir}/exim/exim-greylist.conf.inc
 %ghost %{_var}/spool/exim/db/greylist.db
 %{_sysconfdir}/exim/mk-greylist-db.sql
 %{_sysconfdir}/cron.daily/greylist-tidy.sh

 %changelog
-* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.96-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Tue Jun 28 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.96-1
+* Fri Aug 19 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.96-1
 - New version
-  Resolves: rhbz#2101104
+  Resolves: rhbz#2119687

-* Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 4.95-4
- Perl 5.36 rebuild
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.95-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Fri Nov 12 2021 Björn Esser <besser82@fedoraproject.org> - 4.95-2
- Rebuild(libnsl2)
- Drop support for NISPLUS, as libnsl2 >= 2.0.0 does not support it anymore
-
-* Mon Oct  4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
+* Thu Jun 23 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 4.95-1
 - New version
-  Resolves: rhbz#2008452
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 4.94.2-4
- Rebuilt with OpenSSL 3.0.0
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.94.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 4.94.2-2
- Perl 5.34 rebuild
+  Resolves: rhbz#2100385

 * Tue May  4 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94.2-1
 - New version
-  Resolves: rhbz#1956859

-* Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-7
+* Mon Apr 12 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-3
+- Release bump to fix greylisting
+
+* Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-2
 - Fixed cname handling in TLS certificate verification
-  Resolves: rhbz#1942582
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.94-6
- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 4.94-5
- rebuild for libpq ABI fix rhbz#1908268
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.94-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.94-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jun 22 2020 Jitka Plesnikova <jplesnik@redhat.com> - 4.94-2
- Perl 5.32 rebuild
+  Resolves: rhbz#1942583

 * Mon Jun  1 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.94-1
 - New version
@ -559,49 +637,17 @@ fi
 - Used better workaround for rhbz#1791878
  Resolves: rhbz#1842633

-* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-8
+* Fri May 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-3
 - Fixed out-of-bounds read in the SPA authenticator
  Resolves: CVE-2020-12783

-* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-7
- Improved the spec file not to override LDFLAGS
+* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-2
+- Enabled spf2 and opendmarc support
+  Resolves: rhbz#1829076

-* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-6
- Updated config to explictly link with spf2 and opendmarc
- Fixed bogus date in changelog
-
-* Wed Apr 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-5
- Bump for rebuild with the fixed clamd requirement
-  Resolves: rhbz#1801329
-
-* Fri Mar 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-4
- Workaround for upgrade conflict
-  Resolves: rhbz#1791878
-
-* Thu Feb 20 2020 Tom Hughes <tom@compton.nu> - 4.93-3
- Enable SPF and DMARC support
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.93-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Sun Jan 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
- New version
-  Resolves: rhbz#1782320
- Consolidated and simplified patches
- Dropped dane-enable patch (not needed)
-
-* Thu Jan  2 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-5
- Fixed FTBFS due to changes in clamav package
-  Resolves: rhbz#1787285
-
-* Fri Nov 22 2019 Felix Schwarz <fschwarz@fedoraproject.org> - 4.92.3-4
- enable GPG-based source file verification
-
-* Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-3
- Enabled local_scan
-
-* Thu Oct 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-2
- Dropped sysvinit artifacts
+* Fri Mar 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 4.93-1
+- Rebased to 4.93
+  Resolves: rhbz#1827425

 * Mon Sep 30 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92.3-1
 - New version
@ -616,70 +662,30 @@ fi
 - New version
  Resolves: rhbz#1742312

-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.92-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+* Tue Jun  4 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-1
+- New version
+- De-fuzzified patches

-* Thu May 30 2019 Jitka Plesnikova <jplesnik@redhat.com> - 4.92-8
- Perl 5.30 rebuild
-
-* Wed Mar 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-7
+* Wed Mar 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-3
 - Enabled DANE support
  Resolves: rhbz#1693202
+- De-fuzzified support-proxies patch

-* Wed Mar 20 2019 Peter Robinson <pbrobinson@fedoraproject.org> 4.92-6
- Drop F-23 conditionals, and related obsolete bits
+* Wed Feb 20 2019 Marcel Härry <mh+fedora@scrit.ch> - 4.91-2
+- Enable proxy and socks support Resolves: rhbz#1542870

-* Tue Mar 19 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-5
- Processed greylist.db by cron job only if it has non zero size
-  Resolves: rhbz#1689211
-
-* Mon Mar  4 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-4
- Fixed greylist-conf patch
-  Related: rhbz#1679274
-
-* Sat Mar  2 2019 Tim Landscheidt <tim@tim-landscheidt.de> - 4.92-3
- Fix syntax error in exim.conf (#1679274)
- Use properly compressed empty mailq.1.gz as ghost file
- Add basic check that configuration file is valid
-
-* Wed Feb 20 2019 Marcel Härry <mh+fedora@scrit.ch> - 4.92-2
- Enable proxy and socks support
-  Resolves: rhbz#1542870
-
-* Mon Feb 11 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 4.92-1
+* Mon Aug 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-1
 - New version
-  Resolves: rhbz#1674282
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.91-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.91-5
- Rebuilt for libcrypt.so.2 (#1666033)
-
-* Fri Jul 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-4
- Fixed FTBFS by adding gcc requirement
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.91-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Jun 27 2018 Jitka Plesnikova <jplesnik@redhat.com> - 4.91-2
- Perl 5.28 rebuild
-
-* Thu Apr 19 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.91-1
- New version
-  Resolves: rhbz#1567670
+  Resolves: rhbz#1615158
+- Dropped dynlookup-config patch (merged into config patch)
 - Dropped dec64table-read-fix patch (already upstream)
 - De-fuzzified patches

-* Wed Mar 14 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-4
+* Wed Mar 14 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-3
 - Fixed dec64table OOB read in b64decode
- De-fuzzified nsl-fix patch
-
-* Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-3
- Dropped dynlookup-config patch (merged into config patch)

 * Fri Feb 16 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-2
- Fixed mysql module
+- Fixed undefined symbols in mysql module

 * Tue Feb 13 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.90.1-1
 - New version
@ -691,33 +697,15 @@ fi
 - Dropped CVE-2017-1000369, calloutsize, CVE-2017-16943,
  CVE-2017-16944 patches (all upstreamed)

-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.89-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.89-11
- Rebuilt for switch to libxcrypt
-
-* Wed Jan 17 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-10
- Fixed FTBFS due to NIS removal from glibc
-  Resolves: rhbz#1534920
-
-* Fri Dec  1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-9
+* Fri Dec  1 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-4
 - Fixed denial of service
  Resolves: CVE-2017-16944

-* Thu Nov 30 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-8
- Dropped tcp_wrappers support
-  Resolves: rhbz#1518763
-
-* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-7
+* Mon Nov 27 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-3
 - Fixed use-after-free
  Resolves: CVE-2017-16943

-* Fri Nov 10 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-6
- Used mariadb-connector-c-devel instead of mysql-devel
-  Resolves: rhbz#1494094
-
-* Fri Aug 18 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-5
+* Fri Aug 18 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-2
 - Fixed compilation with the mariadb-10.2
  Resolves: rhbz#1467312
 - Fixed multiple memory leaks
@ -729,95 +717,38 @@ fi
  Resolves: rhbz#1482217
 - Fixed some minor whitespace problems in the spec

-* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.89-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
-
-* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.89-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
-
-* Sun Jun 04 2017 Jitka Plesnikova <jplesnik@redhat.com> - 4.89-2
- Perl 5.26 rebuild
-
 * Wed Mar  8 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.89-1
 - New version
-  Resolves: rhbz#1430156
+  Resolves: rhbz#1428141
 - Switched to xz archive
 - Dropped DKIM-fix patch (already upstream)

-* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.88-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
-
 * Mon Jan 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-3
 - Fixed DKIM
 - Defuzzified patches and fixed some whitespaces

-* Sat Jan 14 2017 Ville Skyttä <ville.skytta@iki.fi> - 4.88-2
- Move tmpfiles.d config to %%{_tmpfilesdir}
- Install license files as %%license
+* Mon Jan  2 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-2
+- Fixed changelog and sources

-* Sun Dec 25 2016 David Woodhouse <dwmw2@infradead.org> - 4.88-1
- Update to 4.88 (CVE-2016-9963 / rhbz#1405323)
+* Mon Jan  2 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 4.88-1
+- New version
+- Fixed DKIM private key leakage
+  Resolves: CVE-2016-9963

-* Thu Jun  9 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-5
- Allow configuration of user:group through sysconfig
-  Resolves: rhbz#1344250
-
-* Sat May 14 2016 Jitka Plesnikova <jplesnik@redhat.com> - 4.87-4
- Perl 5.24 rebuild
-
-* Wed May  4 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-3
- Dropped sa-exim which has been obsoleted long time ago by the proper
-  built-in ACL support
- Unconditionalized sources
-  Resolves: rhbz#1332211
-
-* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-2
+* Mon Apr 18 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-2
 - Used sane environment defaults in default configuration
  Resolves: rhbz#1323775

-* Sun Apr 10 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.87-1
- New version
-  Resolves: rhbz#1325557
-
-* Thu Mar  3 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86.2-1
- New version
+* Thu Mar  3 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84.2-1
+- New version (security bug fix release)
  Resolves: rhbz#1314118
 - Fixed local privilege escalation for set-uid root when using perl_startup
  Resolves: CVE-2016-1531
 - Defuzzified patches

-* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.86-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Mon Nov  2 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86-3
- Fixed exim-gen-cert not to output error on success
-
-* Fri Sep 18 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86-2
- Hardened build, rebuilt with the full RELRO (only the daemon)
-
-* Mon Jul 27 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.86-1
- New version
-  Resolves: rhbz#1246923
- Updated and defuzzified patches
-
-* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.85-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-
-* Wed Jun 03 2015 Jitka Plesnikova <jplesnik@redhat.com> - 4.85-4
- Perl 5.22 rebuild
-
-* Tue Mar 10 2015 Adam Jackson <ajax@redhat.com> 4.85-3
- Drop sysvinit subpackages for F23+
-
-* Tue Feb 10 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.85-2
- Shared objects are now compiled with PIC, not PIE, which is needed for gcc-5,
-  (by pic patch)
-  Resolves: rhbz#1190784
-
-* Tue Jan 13 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.85-1
- New version
-  Resolves: rhbz#1181479
- De-fuzzified config and dlopen-localscan patches
+* Mon Dec  7 2015 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-5
+- MIME crash fix (by mime-fix patch)
+  Resolves: rhbz#1289056

 * Fri Oct 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 4.84-4
 - Do not override LFLAGS (problem reported by Todd Lyons)
--- a/greylist-tidy.sh
+++ b/greylist-tidy.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-if [ -s /var/spool/exim/db/greylist.db ]; then
+if [ -r /var/spool/exim/db/greylist.db ]; then
    sqlite3 /var/spool/exim/db/greylist.db <<EOF
 .timeout 5000
 DELETE FROM greylist WHERE expire < $((`date +%s` - 604800));
--- a/2
+++ b/2
@ -1,2 +1,2 @@
+SHA512 (sa-exim-4.2.tar.gz) = 2c1839c4d897bf65d19c754bbc9dc0674276ccad4a564c639591396afc23f1456decceec94817f62ee9b688f5d6d90436d3d47c869e04a69c955b1376c9fbd7b
 SHA512 (exim-4.96.tar.xz) = 6b863661465a0b9897c1b71875c5196a1903cf560dd85de45b08242b9731edb2bc10eb56945d62e477e5d15cc7a8d493915bff2ca81689673a8091c66f62c89e
-SHA512 (exim-4.96.tar.xz.asc) = a231c97e44a7365ac5961f2827b89d8cdf6ad94964633814f31e44d94ada9900f76664c45c2f55e378245e44739a0ef323786ca29b4093e44ce2b008eca4ad64
Author	SHA1	Message	Date
Jaroslav Škarvada	11c2200b24	New version Resolves: rhbz#2119687	2022-08-19 21:58:13 +02:00
Jaroslav Škarvada	cbbdc51775	New version Resolves: rhbz#2100385	2022-06-23 18:52:14 +02:00
Jaroslav Škarvada	4845899c4e	New version	2021-05-04 20:34:33 +02:00
Jaroslav Škarvada	4753ea0351	Release bump to fix greylisting	2021-04-13 00:00:01 +02:00
David Woodhouse	aa3062fa1a	Fix greylisting for Exim 4.94	2021-04-12 14:27:32 +02:00
Jaroslav Škarvada	b08df76248	Fixed cname handling in TLS certificate verification Resolves: rhbz#1942583	2021-03-25 15:42:00 +01:00
Jaroslav Škarvada	5787faece7	New version Resolves: rhbz#1842590 Used Exim maintainers keyring for GPG verification Dropped CVE-2020-12783 patch (upstreamed) Used better workaround for rhbz#1791878 Resolves: rhbz#1842633	2020-06-01 21:48:09 +02:00
Jaroslav Škarvada	8b2730e97c	Fixed out-of-bounds read in the SPA authenticator Resolves: CVE-2020-12783	2020-05-15 21:05:28 +02:00
Jaroslav Škarvada	780569af31	Fixed FTBFS with spf2 and opendmarc Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2020-04-29 19:42:24 +02:00
Jaroslav Škarvada	6783664c90	Enabled spf2 and opendmarc support Resolves: rhbz#1829076	2020-04-29 18:18:06 +02:00
Jaroslav Škarvada	935e9a27e4	Rebased to 4.93 Resolves: rhbz#1827425	2020-04-27 23:59:52 +02:00
Jaroslav Škarvada	68f78d8d08	New version Resolves: rhbz#1756656 Resolves: CVE-2019-16928	2019-09-30 13:46:23 +02:00
Jaroslav Škarvada	3722b366f7	New version Resolves: CVE-2019-15846	2019-09-06 17:51:25 +02:00
Jaroslav Škarvada	9fe0f130b8	New version Resolves: rhbz#1742312	2019-08-20 17:44:10 +02:00
Jaroslav Škarvada	8656a01853	New version De-fuzzified patches	2019-06-05 11:16:58 +02:00
Jaroslav Škarvada	89cc74b43d	Enabled DANE support Resolves: rhbz#1693202 De-fuzzified support-proxies patch	2019-03-27 13:23:20 +01:00
mh	6a241632d3	enable proxy support bz#1542870	2019-02-20 07:55:13 +01:00
Jaroslav Škarvada	c1b340c76c	Removed unused patches and de-fuzzified dlopen-localscan patch Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2018-08-22 16:34:47 +02:00
Jaroslav Škarvada	3afb1c1273	New version Resolves: rhbz#1615158 Dropped dynlookup-config patch (merged into config patch) Dropped dec64table-read-fix patch (already upstream) De-fuzzified patches	2018-08-22 16:11:00 +02:00
Jaroslav Škarvada	3206e7c0eb	Fixed dec64table OOB read in b64decode	2018-03-14 09:29:23 +01:00
Jaroslav Škarvada	c4f7bb88e5	Fixed undefined symbols in mysql module	2018-02-16 17:43:17 +01:00
Jaroslav Škarvada	91496a8099	Removed unused patch Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2018-02-14 16:51:22 +01:00
Jaroslav Škarvada	53057966f8	New version Resolves: rhbz#1527710 Fixed buffer overflow in utility function Resolves: CVE-2018-6789 Updated and defuzzified patches Dropped mariadb-macro-fix patch (not needed) Dropped CVE-2017-1000369, calloutsize, CVE-2017-16943, CVE-2017-16944 patches (all upstreamed)	2018-02-14 16:43:42 +01:00
Jaroslav Škarvada	62c96cdc52	Fixed denial of service Resolves: CVE-2017-16944	2017-12-01 14:21:49 +01:00
Jaroslav Škarvada	8bdd6e1817	Fixed use-after-free Resolves: CVE-2017-16943	2017-11-27 15:34:56 +01:00
Jaroslav Škarvada	ea73ae82d0	Fixed compilation with the mariadb-10.2 Resolves: rhbz#1467312 Fixed multiple memory leaks Resolves: CVE-2017-1000369 Fixed typo causing exim-clamav to create /0750 directory Resolves: rhbz#1412028 On callout avoid SIZE option when doing recipient verification with caching enabled Resolves: rhbz#1482217 Fixed some minor whitespace problems in the spec	2017-08-18 17:17:28 +02:00
Jaroslav Škarvada	64e26a2068	Added new sources Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2017-03-10 13:33:50 +01:00
Jaroslav Škarvada	69bc0d0ccf	New version Resolves: rhbz#1428141 Switched to xz archive Dropped DKIM-fix patch (already upstream)	2017-03-10 13:29:26 +01:00
Jaroslav Škarvada	1332a1979d	Merge remote-tracking branch 'origin/master' into epel7 Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2017-01-23 16:44:57 +01:00
Jaroslav Škarvada	91489a1640	Fixed changelog and sources Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2017-01-02 14:16:54 +01:00
Jaroslav Škarvada	c81d281a9d	Merge remote-tracking branch 'origin/master' into epel7 Resolves: CVE-2016-9963 Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2017-01-02 13:00:58 +01:00
Jaroslav Škarvada	df4a02e56c	Used sane environment defaults in default configuration Resolves: rhbz#1323775	2016-04-18 16:32:47 +02:00
Jaroslav Škarvada	ab9aafa16a	Added sources: Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>	2016-03-03 15:11:32 +01:00
Jaroslav Škarvada	56f8aaa827	New version (security bug fix release) Resolves: rhbz#1314118 - Fixed local privilege escalation for set-uid root when using perl_startup Resolves: CVE-2016-1531 - Defuzzified patches	2016-03-03 15:03:36 +01:00
Jaroslav Škarvada	f8f76cd111	MIME crash fix (by mime-fix patch) Resolves: rhbz#1289056	2015-12-07 14:24:24 +01:00