diff --git a/exim-4.96-build-fix.patch b/exim-4.96-build-fix.patch deleted file mode 100644 index 65dbd53e3b06eb005edd22acaba89bbbc6aac689..0000000000000000000000000000000000000000 --- a/exim-4.96-build-fix.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/drtables.c b/src/drtables.c -index 513ef6c..3fa5c92 100644 ---- a/src/drtables.c -+++ b/src/drtables.c -@@ -736,7 +736,7 @@ else - { - char * name = ent->d_name; - int len = (int)strlen(name); -- if (regex_match(regex_islookupmod, US name, len, NUL)) -+ if (regex_match(regex_islookupmod, US name, len, NULL)) - { - int pathnamelen = len + (int)strlen(LOOKUP_MODULE_DIR) + 2; - void *dl; diff --git a/exim-4.96-opendmarc-1.4-build-fix.patch b/exim-4.96-opendmarc-1.4-build-fix.patch deleted file mode 100644 index b70a361a73b70e0ce89c24fd0c5af0dc7c7a7a5c..0000000000000000000000000000000000000000 --- a/exim-4.96-opendmarc-1.4-build-fix.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/dmarc.c b/src/dmarc.c -index 17bba9d..a218380 100644 ---- a/src/dmarc.c -+++ b/src/dmarc.c -@@ -459,7 +459,7 @@ if (!dmarc_abort && !sender_host_authenticated) - vs == PDKIM_VERIFY_INVALID ? DMARC_POLICY_DKIM_OUTCOME_TMPFAIL : - DMARC_POLICY_DKIM_OUTCOME_NONE; - libdm_status = opendmarc_policy_store_dkim(dmarc_pctx, US sig->domain, -- dkim_result, US""); -+ sig->selector, dkim_result, US""); - DEBUG(D_receive) - debug_printf("DMARC adding DKIM sender domain = %s\n", sig->domain); - if (libdm_status != DMARC_PARSE_OKAY) diff --git a/exim-4.96.tar.xz b/exim-4.96.tar.xz deleted file mode 100644 index 61256a075e97a5470f2ddca119f5d823b2d5a909..0000000000000000000000000000000000000000 Binary files a/exim-4.96.tar.xz and /dev/null differ diff --git a/exim-4.96-config.patch b/exim-4.97-config.patch similarity index 91% rename from exim-4.96-config.patch rename to exim-4.97-config.patch index 7b489f885021b9199fb0d80fc783b8eacd6a21e9..178d0af900b150e41371685bb89a06f95bf850d0 100644 --- a/exim-4.96-config.patch +++ b/exim-4.97-config.patch @@ -1,8 +1,8 @@ diff --git a/scripts/Configure-Makefile b/scripts/Configure-Makefile -index ed77b6a..b9eb64d 100755 +index dc5015f..07f8c23 100755 --- a/scripts/Configure-Makefile +++ b/scripts/Configure-Makefile -@@ -317,7 +317,7 @@ if [ "${EXIM_PERL}" != "" ] ; then +@@ -319,7 +319,7 @@ if [ "${EXIM_PERL}" != "" ] ; then mv $mft $mftt echo "PERL_CC=`$PERL_COMMAND -MConfig -e 'print $Config{cc}'`" >>$mft @@ -12,10 +12,10 @@ index ed77b6a..b9eb64d 100755 echo "" >>$mft cat $mftt >> $mft diff --git a/src/EDITME b/src/EDITME -index 53022e5..cf0b33e 100644 +index f68b3f1..a0b37b2 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -99,7 +99,7 @@ +@@ -101,7 +101,7 @@ # /usr/local/sbin. The installation script will try to create this directory, # and any superior directories, if they do not exist. @@ -24,7 +24,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -115,7 +115,7 @@ BIN_DIRECTORY=/usr/exim/bin +@@ -117,7 +117,7 @@ BIN_DIRECTORY=/usr/exim/bin # don't exist. It will also install a default runtime configuration if this # file does not exist. @@ -33,7 +33,7 @@ index 53022e5..cf0b33e 100644 # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. # In this case, Exim will use the first of them that exists when it is run. -@@ -132,7 +132,7 @@ CONFIGURE_FILE=/usr/exim/configure +@@ -134,7 +134,7 @@ CONFIGURE_FILE=/usr/exim/configure # deliveries. (Local deliveries run as various non-root users, typically as the # owner of a local mailbox.) Specifying these values as root is not supported. @@ -42,7 +42,7 @@ index 53022e5..cf0b33e 100644 # If you specify EXIM_USER as a name, this is looked up at build time, and the # uid number is built into the binary. However, you can specify that this -@@ -153,7 +153,7 @@ EXIM_USER= +@@ -155,7 +155,7 @@ EXIM_USER= # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless # you want to use a group other than the default group for the given user. @@ -51,7 +51,7 @@ index 53022e5..cf0b33e 100644 # Many sites define a user called "exim", with an appropriate default group, # and use -@@ -210,10 +210,10 @@ SPOOL_DIRECTORY=/var/spool/exim +@@ -212,10 +212,10 @@ SPOOL_DIRECTORY=/var/spool/exim # If you are building with TLS, the library configuration must be done: # Uncomment this if you are using OpenSSL @@ -64,7 +64,7 @@ index 53022e5..cf0b33e 100644 # TLS_LIBS=-lssl -lcrypto # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto -@@ -340,7 +340,7 @@ TRANSPORT_SMTP=yes +@@ -342,7 +342,7 @@ TRANSPORT_SMTP=yes # This one is special-purpose, and commonly not required, so it is not # included by default. @@ -73,7 +73,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -349,9 +349,9 @@ TRANSPORT_SMTP=yes +@@ -351,9 +351,9 @@ TRANSPORT_SMTP=yes # MBX, is included only when requested. If you do not know what this is about, # leave these settings commented out. @@ -86,7 +86,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -409,22 +409,28 @@ LOOKUP_DBM=yes +@@ -411,22 +411,28 @@ LOOKUP_DBM=yes LOOKUP_LSEARCH=yes LOOKUP_DNSDB=yes @@ -106,7 +106,7 @@ index 53022e5..cf0b33e 100644 -# LOOKUP_MYSQL_PC=mariadb -# LOOKUP_NIS=yes +LOOKUP_MYSQL=2 -+LOOKUP_MYSQL_PC=mariadb ++LOOKUP_MYSQL_PC=libmariadb +LOOKUP_NIS=yes # LOOKUP_NISPLUS=yes +CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc @@ -124,7 +124,7 @@ index 53022e5..cf0b33e 100644 # LOOKUP_SQLITE_PC=sqlite3 # LOOKUP_WHOSON=yes -@@ -437,7 +443,7 @@ LOOKUP_DNSDB=yes +@@ -439,7 +445,7 @@ LOOKUP_DNSDB=yes # Some platforms may need this for LOOKUP_NIS: @@ -133,7 +133,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate -@@ -511,7 +517,7 @@ SUPPORT_DANE=yes +@@ -513,7 +519,7 @@ SUPPORT_DANE=yes # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. @@ -142,7 +142,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -521,7 +527,7 @@ SUPPORT_DANE=yes +@@ -523,7 +529,7 @@ SUPPORT_DANE=yes # and the MIME ACL. Please read the documentation to learn more about these # features. @@ -152,9 +152,9 @@ index 53022e5..cf0b33e 100644 # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. @@ -604,12 +610,12 @@ DISABLE_MAL_MKS=yes + + # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. - # Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; - # 1.3.2-3 works. I seems that the OpenDMARC project broke their API. -# SUPPORT_DMARC=yes +SUPPORT_DMARC=yes # CFLAGS += -I/usr/local/include @@ -164,10 +164,10 @@ index 53022e5..cf0b33e 100644 # override it at runtime (main config option dmarc_tld_file) -# DMARC_TLD_FILE=/etc/exim/opendmarc.tlds +DMARC_TLD_FILE=/usr/share/publicsuffix/public_suffix_list.dat - - # Uncomment the following line to add ARC (Authenticated Received Chain) - # support. You must have SPF and DKIM support enabled also. -@@ -709,7 +715,7 @@ FIXED_NEVER_USERS=root + # + # Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; + # 1.3.2-3 works. It seems that the OpenDMARC project broke their API. +@@ -740,7 +746,7 @@ FIXED_NEVER_USERS=root # CONFIGURE_OWNER setting, to specify a configuration file which is listed in # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. @@ -176,7 +176,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -754,18 +760,18 @@ FIXED_NEVER_USERS=root +@@ -785,18 +791,18 @@ FIXED_NEVER_USERS=root # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -203,7 +203,7 @@ index 53022e5..cf0b33e 100644 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 # requires multiple pkg-config files to work with Exim, so the second example -@@ -792,7 +798,7 @@ FIXED_NEVER_USERS=root +@@ -823,7 +829,7 @@ FIXED_NEVER_USERS=root # one that is set in the headers_charset option. The default setting is # defined by this setting: @@ -212,7 +212,7 @@ index 53022e5..cf0b33e 100644 # If you are going to make use of $header_xxx expansions in your configuration # file, or if your users are going to use them in filter files, and the normal -@@ -812,7 +818,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -843,7 +849,7 @@ HEADERS_CHARSET="ISO-8859-1" # the Sieve filter support. For those OS where iconv() is known to be installed # as standard, the file in OS/Makefile-xxxx contains # @@ -221,7 +221,7 @@ index 53022e5..cf0b33e 100644 # # If you are not using one of those systems, but have installed iconv(), you # need to uncomment that line above. In some cases, you may find that iconv() -@@ -888,7 +894,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -919,7 +925,7 @@ HEADERS_CHARSET="ISO-8859-1" # Once you have done this, "make install" will build the info files and # install them in the directory you have defined. @@ -230,7 +230,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -901,7 +907,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -932,7 +938,7 @@ HEADERS_CHARSET="ISO-8859-1" # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: @@ -239,7 +239,7 @@ index 53022e5..cf0b33e 100644 # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -973,7 +979,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1004,7 +1010,7 @@ ZCAT_COMMAND=/usr/bin/zcat # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # Perl costs quite a lot of resources. Only do this if you really need it. @@ -248,7 +248,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -983,7 +989,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1014,7 +1020,7 @@ ZCAT_COMMAND=/usr/bin/zcat # that the local_scan API is made available by the linker. You may also need # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. @@ -257,7 +257,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -993,7 +999,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1024,7 +1030,7 @@ ZCAT_COMMAND=/usr/bin/zcat # support, which is intended for use in conjunction with the SMTP AUTH # facilities, is included only when requested by the following setting: @@ -266,7 +266,7 @@ index 53022e5..cf0b33e 100644 # You probably need to add -lpam to EXTRALIBS, and in some releases of # GNU/Linux -ldl is also needed. -@@ -1005,12 +1011,12 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1036,12 +1042,12 @@ ZCAT_COMMAND=/usr/bin/zcat # If you may want to use outbound (client-side) proxying, using Socks5, # uncomment the line below. @@ -281,7 +281,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -1034,9 +1040,9 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1065,9 +1071,9 @@ ZCAT_COMMAND=/usr/bin/zcat # installed on your system (www.libspf2.org). Depending on where it is installed # you may have to edit the CFLAGS and LDFLAGS lines. @@ -293,7 +293,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -1101,7 +1107,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1132,7 +1138,7 @@ ZCAT_COMMAND=/usr/bin/zcat # group. Once you have installed saslauthd, you should arrange for it to be # started by root at boot time. @@ -302,7 +302,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -1115,8 +1121,8 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1146,8 +1152,8 @@ ZCAT_COMMAND=/usr/bin/zcat # library for TCP wrappers, so you probably need something like this: # # USE_TCP_WRAPPERS=yes @@ -313,7 +313,7 @@ index 53022e5..cf0b33e 100644 # # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. -@@ -1168,7 +1174,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1199,7 +1205,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases # is "yes", as well as supporting line editing, a history of input lines in the # current run is maintained. @@ -322,7 +322,7 @@ index 53022e5..cf0b33e 100644 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. # Note that this option adds to the size of the Exim binary, because the -@@ -1185,7 +1191,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1216,7 +1222,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases #------------------------------------------------------------------------------ # Uncomment this setting to include IPv6 support. @@ -331,7 +331,7 @@ index 53022e5..cf0b33e 100644 ############################################################################### # THINGS YOU ALMOST NEVER NEED TO MENTION # -@@ -1206,13 +1212,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1237,13 +1243,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. @@ -352,7 +352,7 @@ index 53022e5..cf0b33e 100644 #------------------------------------------------------------------------------ -@@ -1414,7 +1420,7 @@ EXIM_TMPDIR="/tmp" +@@ -1445,7 +1451,7 @@ EXIM_TMPDIR="/tmp" # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: @@ -362,7 +362,7 @@ index 53022e5..cf0b33e 100644 # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory # using the name "exim-daemon.pid". diff --git a/src/configure.default b/src/configure.default -index 3761daf..a5d3718 100644 +index 633c653..6379927 100644 --- a/src/configure.default +++ b/src/configure.default @@ -67,7 +67,7 @@ @@ -430,9 +430,9 @@ index 3761daf..a5d3718 100644 # For OpenSSL, prefer EC- over RSA-authenticated ciphers .ifdef _HAVE_OPENSSL -@@ -189,8 +197,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}} - # them you should also allow TLS-on-connect on the traditional but - # non-standard port 465. +@@ -193,8 +201,8 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}} + # them you should also allow TLS-on-connect on the traditional (and now + # standard) port 465. -# daemon_smtp_ports = 25 : 465 : 587 -# tls_on_connect_ports = 465 @@ -441,7 +441,7 @@ index 3761daf..a5d3718 100644 # Specify the domain you want to be added to all unqualified addresses -@@ -248,6 +256,24 @@ never_users = root +@@ -252,6 +260,24 @@ never_users = root host_lookup = * @@ -466,7 +466,7 @@ index 3761daf..a5d3718 100644 # The setting below causes Exim to try to initialize the system resolver # library with DNSSEC support. It has no effect if your library lacks -@@ -378,8 +404,8 @@ timeout_frozen_after = 7d +@@ -382,8 +408,8 @@ timeout_frozen_after = 7d # Note that TZ is handled separately by the timezone runtime option # and TIMEZONE_DEFAULT buildtime option. @@ -477,7 +477,7 @@ index 3761daf..a5d3718 100644 -@@ -390,6 +416,29 @@ timeout_frozen_after = 7d +@@ -394,6 +420,29 @@ timeout_frozen_after = 7d begin acl @@ -507,7 +507,7 @@ index 3761daf..a5d3718 100644 # This access control list is used for every RCPT command in an incoming # SMTP message. The tests are run in order until the address is either # accepted or denied. -@@ -401,6 +450,7 @@ acl_check_rcpt: +@@ -405,6 +454,7 @@ acl_check_rcpt: accept hosts = : control = dkim_disable_verify @@ -515,7 +515,7 @@ index 3761daf..a5d3718 100644 ############################################################################# # The following section of the ACL is concerned with local parts that contain -@@ -454,7 +504,8 @@ acl_check_rcpt: +@@ -458,7 +508,8 @@ acl_check_rcpt: accept local_parts = postmaster domains = +local_domains @@ -525,7 +525,7 @@ index 3761daf..a5d3718 100644 require verify = sender -@@ -494,6 +545,7 @@ acl_check_rcpt: +@@ -498,6 +549,7 @@ acl_check_rcpt: accept hosts = +relay_from_hosts control = submission control = dkim_disable_verify @@ -533,7 +533,7 @@ index 3761daf..a5d3718 100644 # Accept if the message arrived over an authenticated connection, from # any host. Again, these messages are usually from MUAs, so recipient -@@ -503,6 +555,7 @@ acl_check_rcpt: +@@ -507,6 +559,7 @@ acl_check_rcpt: accept authenticated = * control = submission control = dkim_disable_verify @@ -541,7 +541,7 @@ index 3761daf..a5d3718 100644 # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow -@@ -523,7 +576,8 @@ acl_check_rcpt: +@@ -527,7 +580,8 @@ acl_check_rcpt: # There are no default checks on DNS black lists because the domains that # contain these lists are changing all the time. However, here are two # examples of how you can get Exim to perform a DNS black list lookup at this @@ -551,7 +551,7 @@ index 3761daf..a5d3718 100644 # # deny dnslists = black.list.example # message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text -@@ -531,6 +585,10 @@ acl_check_rcpt: +@@ -535,6 +589,10 @@ acl_check_rcpt: # warn dnslists = black.list.example # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain # log_message = found in $dnslist_domain @@ -562,7 +562,7 @@ index 3761daf..a5d3718 100644 ############################################################################# ############################################################################# -@@ -557,6 +615,10 @@ acl_check_rcpt: +@@ -561,6 +619,10 @@ acl_check_rcpt: # set acl_m_content_filter = ${lookup PER_RCPT_CONTENT_FILTER} ############################################################################# @@ -573,7 +573,7 @@ index 3761daf..a5d3718 100644 # At this point, the address has passed all the checks that have been # configured, so we accept it unconditionally. -@@ -606,21 +668,32 @@ acl_check_data: +@@ -610,21 +672,32 @@ acl_check_data: message = header syntax log_message = header syntax ($acl_verify_message) @@ -614,7 +614,7 @@ index 3761daf..a5d3718 100644 ############################################################################# # No more tests if PRDR was actively used. -@@ -634,11 +707,63 @@ acl_check_data: +@@ -638,11 +711,63 @@ acl_check_data: # condition = ... ############################################################################# @@ -679,7 +679,7 @@ index 3761daf..a5d3718 100644 ###################################################################### -@@ -740,7 +865,7 @@ system_aliases: +@@ -744,7 +869,7 @@ system_aliases: driver = redirect allow_fail allow_defer @@ -688,7 +688,7 @@ index 3761daf..a5d3718 100644 # user = exim file_transport = address_file pipe_transport = address_pipe -@@ -778,7 +903,7 @@ userforward: +@@ -782,7 +907,7 @@ userforward: # local_part_suffix = +* : -* # local_part_suffix_optional file = $home/.forward @@ -697,7 +697,7 @@ index 3761daf..a5d3718 100644 no_verify no_expn check_ancestor -@@ -786,6 +911,12 @@ userforward: +@@ -790,6 +915,12 @@ userforward: pipe_transport = address_pipe reply_transport = address_reply @@ -710,7 +710,7 @@ index 3761daf..a5d3718 100644 # This router matches local user mailboxes. If the router fails, the error # message is "Unknown user". -@@ -826,6 +957,25 @@ remote_smtp: +@@ -830,6 +961,25 @@ remote_smtp: tls_resumption_hosts = * .endif @@ -736,7 +736,7 @@ index 3761daf..a5d3718 100644 # This transport is used for delivering messages to a smarthost, if the # smarthost router is enabled. This starts from the same basis as -@@ -880,8 +1030,8 @@ local_delivery: +@@ -884,8 +1034,8 @@ local_delivery: delivery_date_add envelope_to_add return_path_add @@ -747,7 +747,7 @@ index 3761daf..a5d3718 100644 # This transport is used for handling pipe deliveries generated by alias or -@@ -914,6 +1064,16 @@ address_reply: +@@ -918,6 +1068,16 @@ address_reply: driver = autoreply @@ -764,7 +764,7 @@ index 3761daf..a5d3718 100644 ###################################################################### # RETRY CONFIGURATION # -@@ -954,6 +1114,21 @@ begin rewrite +@@ -958,6 +1118,21 @@ begin rewrite # AUTHENTICATION CONFIGURATION # ###################################################################### @@ -786,7 +786,7 @@ index 3761daf..a5d3718 100644 # The following authenticators support plaintext username/password # authentication using the standard PLAIN mechanism and the traditional # but non-standard LOGIN mechanism, with Exim acting as the server. -@@ -969,7 +1144,7 @@ begin rewrite +@@ -973,7 +1148,7 @@ begin rewrite # The default RCPT ACL checks for successful authentication, and will accept # messages from authenticated users from anywhere on the Internet. @@ -795,7 +795,7 @@ index 3761daf..a5d3718 100644 # PLAIN authentication has no server prompts. The client sends its # credentials in one lump, containing an authorization ID (which we do not -@@ -983,7 +1158,7 @@ begin authenticators +@@ -987,7 +1162,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth2 # server_prompts = : @@ -804,7 +804,7 @@ index 3761daf..a5d3718 100644 # server_advertise_condition = ${if def:tls_in_cipher } # LOGIN authentication has traditional prompts and responses. There is no -@@ -995,7 +1170,7 @@ begin authenticators +@@ -999,7 +1174,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth1 # server_prompts = <| Username: | Password: diff --git a/exim-4.96-dlopen-localscan.patch b/exim-4.97-dlopen-localscan.patch similarity index 94% rename from exim-4.96-dlopen-localscan.patch rename to exim-4.97-dlopen-localscan.patch index 16d1988f58bf351de327834a65e91a28e32111b5..3ee096b206fc58a3697c612162b30bc594ba3b3e 100644 --- a/exim-4.96-dlopen-localscan.patch +++ b/exim-4.97-dlopen-localscan.patch @@ -1,8 +1,8 @@ diff --git a/src/EDITME b/src/EDITME -index cf0b33e..7d4cbf3 100644 +index a0b37b2..dbf009f 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -878,6 +878,21 @@ HAVE_ICONV=yes +@@ -909,6 +909,21 @@ HAVE_ICONV=yes # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** @@ -25,7 +25,7 @@ index cf0b33e..7d4cbf3 100644 # The default distribution of Exim contains only the plain text form of the # documentation. Other forms are available separately. If you want to install diff --git a/src/config.h.defaults b/src/config.h.defaults -index 25ab755..e27a51d 100644 +index 28d4f13..460169a 100644 --- a/src/config.h.defaults +++ b/src/config.h.defaults @@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'. @@ -38,10 +38,10 @@ index 25ab755..e27a51d 100644 #define CONFIGURE_FILE diff --git a/src/globals.c b/src/globals.c -index ff246fe..b9dfbbb 100644 +index e94bef7..801b88f 100644 --- a/src/globals.c +++ b/src/globals.c -@@ -151,6 +151,10 @@ time_t tls_watch_trigger_time = (time_t)0; +@@ -152,6 +152,10 @@ time_t tls_watch_trigger_time = (time_t)0; uschar *tls_advertise_hosts = NULL; #endif @@ -53,10 +53,10 @@ index ff246fe..b9dfbbb 100644 /* Per Recipient Data Response variables */ BOOL prdr_enable = FALSE; diff --git a/src/globals.h b/src/globals.h -index fe099e4..7530a76 100644 +index 6ec4e61..620b700 100644 --- a/src/globals.h +++ b/src/globals.h -@@ -148,6 +148,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */ +@@ -150,6 +150,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */ extern int tls_watch_fd; /* for inotify of creds files */ extern time_t tls_watch_trigger_time; /* non-0: triggered */ #endif @@ -69,12 +69,12 @@ index fe099e4..7530a76 100644 extern uschar *dsn_envid; /* DSN envid string */ diff --git a/src/local_scan.c b/src/local_scan.c -index 7a3bae7..6ea5d2d 100644 +index da44cb7..d19af58 100644 --- a/src/local_scan.c +++ b/src/local_scan.c -@@ -6,59 +6,133 @@ - /* Copyright (c) The Exim Maintainers 2021 */ +@@ -7,59 +7,134 @@ /* See the file NOTICE for conditions of use and distribution. */ + /* SPDX-License-Identifier: GPL-2.0-or-later */ +#include @@ -130,6 +130,7 @@ index 7a3bae7..6ea5d2d 100644 -*/ +#ifdef DLOPEN_LOCAL_SCAN +#include ++#include +static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; +static int load_local_scan_library(void); +#endif @@ -254,10 +255,10 @@ index 7a3bae7..6ea5d2d 100644 + /* End of local_scan.c */ diff --git a/src/readconf.c b/src/readconf.c -index 06bc50f..6ecb0af 100644 +index e77458d..137250d 100644 --- a/src/readconf.c +++ b/src/readconf.c -@@ -212,6 +212,9 @@ static optionlist optionlist_config[] = { +@@ -216,6 +216,9 @@ static optionlist optionlist_config[] = { { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, { "local_from_suffix", opt_stringptr, {&local_from_suffix} }, { "local_interfaces", opt_stringptr, {&local_interfaces} }, diff --git a/exim-4.97.1.tar.xz b/exim-4.97.1.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..641081f08417624f47755b2d4627b688d4df619d Binary files /dev/null and b/exim-4.97.1.tar.xz differ diff --git a/exim.spec b/exim.spec index 57707b0d2a18960d111daeb75533b3d5e131ef81..09b0b1f5ff7ee4e4d62e9d16ebb64f1ededcbcf8 100644 --- a/exim.spec +++ b/exim.spec @@ -3,7 +3,7 @@ Summary: The exim mail transfer agent Name: exim -Version: 4.96 +Version: 4.97.1 Release: 1 License: GPLv2+ Url: https://www.exim.org/ @@ -35,14 +35,11 @@ Source10: exim.service Source11: exim-gen-cert Source12: clamd.exim.service -Patch0: exim-4.96-config.patch +Patch0: exim-4.97-config.patch Patch1: exim-4.94-libdir.patch -Patch2: exim-4.96-dlopen-localscan.patch +Patch2: exim-4.97-dlopen-localscan.patch Patch3: exim-4.96-pic.patch -# https://bugs.exim.org/show_bug.cgi?id=2728 -Patch4: exim-4.96-opendmarc-1.4-build-fix.patch -# https://bugs.exim.org/show_bug.cgi?id=2899 -Patch5: exim-4.96-build-fix.patch + Requires: /etc/pki/tls/certs /etc/pki/tls/private Requires: setup @@ -51,6 +48,7 @@ Recommends: publicsuffix-list BuildRequires: gcc BuildRequires: libdb-devel BuildRequires: openssl-devel +BuildRequires: zlib-devel BuildRequires: openldap-devel BuildRequires: pam-devel BuildRequires: pcre2-devel @@ -59,7 +57,6 @@ BuildRequires: cyrus-sasl-devel BuildRequires: libspf2-devel BuildRequires: libopendmarc-devel BuildRequires: openldap-devel -BuildRequires: openssl-devel BuildRequires: mariadb-connector-c-devel BuildRequires: libpq-devel BuildRequires: libXaw-devel @@ -69,6 +66,7 @@ BuildRequires: libX11-devel BuildRequires: libSM-devel BuildRequires: perl-devel BuildRequires: perl-generators +BuildRequires: perl-File-FcntlLock BuildRequires: libICE-devel BuildRequires: libXpm-devel BuildRequires: libXt-devel @@ -365,7 +363,7 @@ fi %post greylist if [ ! -r %{_var}/spool/exim/db/greylist.db ]; then sqlite3 %{_var}/spool/exim/db/greylist.db < %{_sysconfdir}/exim/mk-greylist-db.sql - chown exim.exim %{_var}/spool/exim/db/greylist.db + chown exim:exim %{_var}/spool/exim/db/greylist.db chmod 0660 %{_var}/spool/exim/db/greylist.db fi @@ -446,7 +444,7 @@ fi /bin/mkdir -pm 0750 %{_var}/run/clamd.exim /bin/chown exim:exim %{_var}/run/clamd.exim /bin/touch %{_var}/log/clamd.exim -/bin/chown exim.exim %{_var}/log/clamd.exim +/bin/chown exim:exim %{_var}/log/clamd.exim /sbin/restorecon %{_var}/log/clamd.exim if [ $1 -eq 1 ] ; then /bin/systemctl daemon-reload >/dev/null 2>&1 || : @@ -482,5 +480,17 @@ fi %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Sun Feb 4 2024 zhuchao - 4.97.1-1 +- DESC:upgrade to 4.97.1 to resolve the CVE-2023-51766 + +* Sat Dec 16 2023 zhuchao - 4.97-1 +- DESC:upgrade to 4.97 to resolve the CVE-2023-42114 to CVE-2023-42119 + +* Tue Aug 29 2023 zhuchao - 4.96-3 +- DESC:fix bug about print error message in install exim-clamav and exim-greylist + +* Thur Feb 16 2023 zhuchao - 4.96-2 +- DESC:add build requirement init + * Tue Oct 18 2022 zhuchao - 4.96-1 - DESC:Package init \ No newline at end of file