diff --git a/CVE-2023-51766.patch b/CVE-2023-51766.patch deleted file mode 100644 index 78563b5a472ea60323307c50e3457ece4ecf1406..0000000000000000000000000000000000000000 --- a/CVE-2023-51766.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 06a6f188c5fd423e787146f992e5a97f2476de91 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Tue, 9 Jul 2024 11:23:21 +0800 -Subject: [PATCH] Reject "dot, LF" as ending data phase. Bug 3063 - ---- - src/smtp_in.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/smtp_in.c b/src/smtp_in.c -index eb9c7e6..215a4c7 100644 ---- a/src/smtp_in.c -+++ b/src/smtp_in.c -@@ -5110,7 +5110,10 @@ while (done <= 0) - dummy call to get the DATA command sent. */ - - if (!acl_smtp_predata && cutthrough.cctx.sock < 0) -- rc = OK; -+ { -+ if (!check_sync()) goto SYNC_FAILURE; -+ rc = OK; -+ } - else - { - uschar * acl = acl_smtp_predata ? acl_smtp_predata : US"accept"; --- -2.27.0 - diff --git a/README.en.md b/README.en.md index 112fad8cbb825b6c46ed2cb15f9989cbbf58966a..b95e2ab6851fe0c408ddd906e7dc0e050f2dd5a1 100644 --- a/README.en.md +++ b/README.en.md @@ -1,36 +1,36 @@ -# exim - -#### Description -Exim is an MTA (Message Transfer Agent) - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +# exim + +#### Description +Exim is an MTA (Message Transfer Agent) + +#### Software Architecture +Software architecture description + +#### Installation + +1. xxxx +2. xxxx +3. xxxx + +#### Instructions + +1. xxxx +2. xxxx +3. xxxx + +#### Contribution + +1. Fork the repository +2. Create Feat_xxx branch +3. Commit your code +4. Create Pull Request + + +#### Gitee Feature + +1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md +2. Gitee blog [blog.gitee.com](https://blog.gitee.com) +3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) +4. The most valuable open source project [GVP](https://gitee.com/gvp) +5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) +6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md index 3b2cb87bdd4c3b896051971b0a8615d22619528e..64b6131de9c4de1b320069c4de06f528a5f27557 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,37 @@ -# exim - -#### 介绍 -Exim is an MTA (Message Transfer Agent) - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 -5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) +# exim + +#### 介绍 +Exim is an MTA (Message Transfer Agent) + +#### 软件架构 +软件架构说明 + + +#### 安装教程 + +1. xxxx +2. xxxx +3. xxxx + +#### 使用说明 + +1. xxxx +2. xxxx +3. xxxx + +#### 参与贡献 + +1. Fork 本仓库 +2. 新建 Feat_xxx 分支 +3. 提交代码 +4. 新建 Pull Request + + +#### 特技 + +1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md +2. Gitee 官方博客 [blog.gitee.com](https://blog.gitee.com) +3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解 Gitee 上的优秀开源项目 +4. [GVP](https://gitee.com/gvp) 全称是 Gitee 最有价值开源项目,是综合评定出的优秀开源项目 +5. Gitee 官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) +6. Gitee 封面人物是一档用来展示 Gitee 会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/backport-bug3099-Fix-MIME-parsing-of-filenames-specified-using-multiple-parameters.patch b/backport-bug3099-Fix-MIME-parsing-of-filenames-specified-using-multiple-parameters.patch deleted file mode 100644 index df31bcc406c95cc9d03dc2794215d14f771e34c8..0000000000000000000000000000000000000000 --- a/backport-bug3099-Fix-MIME-parsing-of-filenames-specified-using-multiple-parameters.patch +++ /dev/null @@ -1,172 +0,0 @@ -From 6ce5c70cff8989418e05d01fd2a57703007a6357 Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Mon, 1 Jul 2024 19:35:12 +0100 -Subject: [PATCH] Fix MIME parsing of filenames specified using multiple - parameters. Bug 3099 - ---- - doc/ChangeLog | 3 +++ - doc/spec.txt | 10 +++++----- - src/mime.c | 51 +++++++++++++++++++++++++++++---------------------- - src/string.c | 1 + - 4 files changed, 38 insertions(+), 27 deletions(-) - -diff --git a/doc/ChangeLog b/doc/ChangeLog -index c88454c..635f408 100644 ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -221,6 +221,9 @@ JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address. - JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses. - CVE-2023-42219 - -+JH/45 Bug 3099: fix parsing of MIME filenames split over multiple paramemters. -+ Previously the $mime_filename variable would have an incorrect value. -+ - HS/02 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031) - - Exim version 4.96 -diff --git a/doc/spec.txt b/doc/spec.txt -index 6bb656e..8f598e7 100644 ---- a/doc/spec.txt -+++ b/doc/spec.txt -@@ -32280,13 +32280,13 @@ The right hand side is expanded before use. After expansion, the value can be: - the default path is then used. - - The decode condition normally succeeds. It is only false for syntax errors or --unusual circumstances such as memory shortages. You can easily decode a file --with its original, proposed filename using -+errors or unusual circumstances such as memory shortages. - --decode = $mime_filename -+The variable &$mime_filename$& will have the suggested name for the file. -+Note however that this might contain anything, and is very difficult -+to safely use as all or even part of the filename. - --However, you should keep in mind that $mime_filename might contain anything. If --you place files outside of the default path, they are not automatically -+If you place files outside of the default path, they are not - unlinked. - - For RFC822 attachments (these are messages attached to messages, with a -diff --git a/src/mime.c b/src/mime.c -index 975ddca..5f9e1ad 100644 ---- a/src/mime.c -+++ b/src/mime.c -@@ -587,10 +587,10 @@ while(1) - - while (*p) - { -- DEBUG(D_acl) debug_printf_indent("MIME: considering paramlist '%s'\n", p); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: considering paramlist '%s'\n", p); - -- if ( !mime_filename -- && strncmpic(CUS"content-disposition:", header, 20) == 0 -+ if ( strncmpic(CUS"content-disposition:", header, 20) == 0 - && strncmpic(CUS"filename*", p, 9) == 0 - ) - { /* RFC 2231 filename */ -@@ -604,11 +604,12 @@ while(1) - - if (q && *q) - { -- uschar * temp_string, * err_msg; -+ uschar * temp_string, * err_msg, * fname = q; - int slen; - - /* build up an un-decoded filename over successive - filename*= parameters (for use when 2047 decode fails) */ -+/*XXX could grow a gstring here */ - - mime_fname_rfc2231 = string_sprintf("%#s%s", - mime_fname_rfc2231, q); -@@ -623,26 +624,32 @@ while(1) - /* look for a ' in the "filename" */ - while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ - -- if ((size = s-q) > 0) -- mime_filename_charset = string_copyn(q, size); -+ if (*s) /* there was a ' */ -+ { -+ if ((size = s-q) > 0) -+ mime_filename_charset = string_copyn(q, size); - -- if (*(p = s)) p++; -- while(*p == '\'') p++; /* p is after 2nd ' */ -+ if (*(fname = s)) fname++; -+ while(*fname == '\'') fname++; /* fname is after 2nd ' */ -+ } - } -- else -- p = q; - -- DEBUG(D_acl) debug_printf_indent("MIME: charset %s fname '%s'\n", -- mime_filename_charset ? mime_filename_charset : US"", p); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: charset %s fname '%s'\n", -+ mime_filename_charset ? mime_filename_charset : US"", -+ fname); - -- temp_string = rfc2231_to_2047(p, mime_filename_charset, &slen); -- DEBUG(D_acl) debug_printf_indent("MIME: 2047-name %s\n", temp_string); -+ temp_string = rfc2231_to_2047(fname, mime_filename_charset, -+ &slen); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: 2047-name %s\n", temp_string); - - temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', -- NULL, &err_msg); -- DEBUG(D_acl) debug_printf_indent("MIME: plain-name %s\n", temp_string); -+ NULL, &err_msg); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: plain-name %s\n", temp_string); - -- if (!temp_string || (size = Ustrlen(temp_string)) == slen) -+ if (!temp_string || (size = Ustrlen(temp_string)) == slen) - decoding_failed = TRUE; - else - /* build up a decoded filename over successive -@@ -651,9 +658,9 @@ while(1) - mime_filename = mime_fname = mime_fname - ? string_sprintf("%s%s", mime_fname, temp_string) - : temp_string; -- } -- } -- } -+ } /*!decoding_failed*/ -+ } /*q*/ -+ } /*2231 filename*/ - - else - /* look for interesting parameters */ -@@ -682,7 +689,7 @@ while(1) - - - /* There is something, but not one of our interesting parameters. -- Advance past the next semicolon */ -+ Advance past the next semicolon */ - p = mime_next_semicolon(p); - if (*p) p++; - } /* param scan on line */ -@@ -800,5 +807,5 @@ return rc; - - #endif /*WITH_CONTENT_SCAN*/ - --/* vi: sw ai sw=2 -+/* vi: aw ai sw=2 - */ -diff --git a/src/string.c b/src/string.c -index dfe0f24..2f77cc7 100644 ---- a/src/string.c -+++ b/src/string.c -@@ -1347,6 +1347,7 @@ Field width: decimal digits, or * - Precision: dot, followed by decimal digits or * - Length modifiers: h L l ll z - Conversion specifiers: n d o u x X p f e E g G % c s S T Y D M -+Alternate-form: %#s is silent about a null string - - Returns the possibly-new (if copy for growth or taint-handling was needed) - string, not nul-terminated. --- -2.33.0 - diff --git a/backport-bug3099-MIME-support-RFC-2331-for-name.patch b/backport-bug3099-MIME-support-RFC-2331-for-name.patch deleted file mode 100644 index 380cfd5826c7a877304249eb2e1afcc77c1e00e2..0000000000000000000000000000000000000000 --- a/backport-bug3099-MIME-support-RFC-2331-for-name.patch +++ /dev/null @@ -1,262 +0,0 @@ -From 1b3209b0577a9327ebb076f3b32b8a159c253f7b Mon Sep 17 00:00:00 2001 -From: Jeremy Harris -Date: Tue, 2 Jul 2024 14:41:19 +0100 -Subject: [PATCH] MIME: support RFC 2331 for name=. Bug 3099 - ---- - doc/ChangeLog | 2 + - src/mime.c | 181 ++++++++++++++++++++++++++------------------------ - 2 files changed, 96 insertions(+), 87 deletions(-) - -diff --git a/doc/ChangeLog b/doc/ChangeLog -index 635f408..5d8b2a1 100644 ---- a/doc/ChangeLog -+++ b/doc/ChangeLog -@@ -223,6 +223,8 @@ JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses. - - JH/45 Bug 3099: fix parsing of MIME filenames split over multiple paramemters. - Previously the $mime_filename variable would have an incorrect value. -+ While in the code, extend coverage to name= which previously was only -+ supported for single parameters, despite also filling in $mime_filename. - - HS/02 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031) - -diff --git a/src/mime.c b/src/mime.c -index 5f9e1ad..8044bb3 100644 ---- a/src/mime.c -+++ b/src/mime.c -@@ -30,10 +30,10 @@ static int mime_header_list_size = nelem(mime_header_list); - - static mime_parameter mime_parameter_list[] = { - /* name namelen value */ -- { US"name=", 5, &mime_filename }, -- { US"filename=", 9, &mime_filename }, -- { US"charset=", 8, &mime_charset }, -- { US"boundary=", 9, &mime_boundary } -+ { US"name", 4, &mime_filename }, -+ { US"filename", 8, &mime_filename }, -+ { US"charset", 7, &mime_charset }, -+ { US"boundary", 8, &mime_boundary } - }; - - -@@ -577,8 +577,8 @@ while(1) - if (*(p = q)) p++; /* jump past the ; */ - - { -- uschar * mime_fname = NULL; -- uschar * mime_fname_rfc2231 = NULL; -+ gstring * mime_fname = NULL; -+ gstring * mime_fname_rfc2231 = NULL; - uschar * mime_filename_charset = NULL; - BOOL decoding_failed = FALSE; - -@@ -590,90 +590,92 @@ while(1) - DEBUG(D_acl) - debug_printf_indent("MIME: considering paramlist '%s'\n", p); - -- if ( strncmpic(CUS"content-disposition:", header, 20) == 0 -- && strncmpic(CUS"filename*", p, 9) == 0 -- ) -- { /* RFC 2231 filename */ -- uschar * q; -- -- /* find value of the filename */ -- p += 9; -- while(*p != '=' && *p) p++; -- if (*p) p++; /* p is filename or NUL */ -- q = mime_param_val(&p); /* p now trailing ; or NUL */ -- -- if (q && *q) -+ /* look for interesting parameters */ -+ for (mime_parameter * mp = mime_parameter_list; -+ mp < mime_parameter_list + nelem(mime_parameter_list); -+ mp++ -+ ) if (strncmpic(mp->name, p, mp->namelen) == 0) -+ { -+ p += mp->namelen; -+ if (*p == '*') /* RFC 2231 */ - { -- uschar * temp_string, * err_msg, * fname = q; -- int slen; -- -- /* build up an un-decoded filename over successive -- filename*= parameters (for use when 2047 decode fails) */ --/*XXX could grow a gstring here */ -- -- mime_fname_rfc2231 = string_sprintf("%#s%s", -- mime_fname_rfc2231, q); -- -- if (!decoding_failed) -+ while (isdigit(*++p)) ; /* ignore cont-cnt values */ -+ if (*p == '*') p++; /* step over sep chset mark */ -+ if (*p == '=') - { -- int size; -- if (!mime_filename_charset) -+ uschar * q; -+ p++; /* step over = */ -+ q = mime_param_val(&p); /* p now trailing ; or NUL */ -+ -+ if (q && *q) /* q is the dequoted value */ - { -- uschar * s = q; -+ uschar * err_msg, * fname = q; -+ int slen; -+ -+ /* build up an un-decoded filename over successive -+ filename*= parameters (for use when 2047 decode fails) */ - -- /* look for a ' in the "filename" */ -- while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ -+ mime_fname_rfc2231 = string_cat(mime_fname_rfc2231, q); - -- if (*s) /* there was a ' */ -+ if (!decoding_failed) - { -- if ((size = s-q) > 0) -- mime_filename_charset = string_copyn(q, size); -- -- if (*(fname = s)) fname++; -- while(*fname == '\'') fname++; /* fname is after 2nd ' */ -- } -- } -- -- DEBUG(D_acl) -- debug_printf_indent("MIME: charset %s fname '%s'\n", -- mime_filename_charset ? mime_filename_charset : US"", -- fname); -- -- temp_string = rfc2231_to_2047(fname, mime_filename_charset, -- &slen); -- DEBUG(D_acl) -- debug_printf_indent("MIME: 2047-name %s\n", temp_string); -- -- temp_string = rfc2047_decode(temp_string, FALSE, NULL, ' ', -- NULL, &err_msg); -- DEBUG(D_acl) -- debug_printf_indent("MIME: plain-name %s\n", temp_string); -- -- if (!temp_string || (size = Ustrlen(temp_string)) == slen) -- decoding_failed = TRUE; -- else -- /* build up a decoded filename over successive -- filename*= parameters */ -- -- mime_filename = mime_fname = mime_fname -- ? string_sprintf("%s%s", mime_fname, temp_string) -- : temp_string; -- } /*!decoding_failed*/ -- } /*q*/ -- } /*2231 filename*/ -- -- else -- /* look for interesting parameters */ -- for (mime_parameter * mp = mime_parameter_list; -- mp < mime_parameter_list + nelem(mime_parameter_list); -- mp++ -- ) if (strncmpic(mp->name, p, mp->namelen) == 0) -- { -- uschar * q; -- uschar * dummy_errstr; -+ if (!mime_filename_charset) -+ { /* try for RFC 2231 chset/lang */ -+ uschar * s = q; -+ -+ /* look for a ' in the raw paramval */ -+ while(*s != '\'' && *s) s++; /* s is 1st ' or NUL */ -+ -+ if (*s) /* there was a ' */ -+ { -+ int size; -+ if ((size = s-q) > 0) -+ mime_filename_charset = string_copyn(q, size); -+ -+ if (*(fname = s)) fname++; -+ while(*fname == '\'') fname++; /*fname is after 2nd '*/ -+ } -+ } -+ -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: charset %s fname '%s'\n", -+ mime_filename_charset ? mime_filename_charset : US"", -+ fname); -+ -+ fname = rfc2231_to_2047(fname, mime_filename_charset, -+ &slen); -+ DEBUG(D_acl) -+ debug_printf_indent("MIME: 2047-name %s\n", fname); -+ -+ fname = rfc2047_decode(fname, FALSE, NULL, ' ', -+ NULL, &err_msg); -+ DEBUG(D_acl) debug_printf_indent( -+ "MIME: plain-name %s\n", fname); -+ -+ if (!fname || Ustrlen(fname) == slen) -+ decoding_failed = TRUE; -+ else if (mp->value == &mime_filename) -+ { -+ /* build up a decoded filename over successive -+ filename*= parameters */ -+ -+ mime_fname = string_cat(mime_fname, fname); -+ mime_filename = string_from_gstring(mime_fname); -+ } -+ } /*!decoding_failed*/ -+ } /*q*/ -+ -+ if (*p) p++; /* p is past ; */ -+ goto param_done; /* done matching param names */ -+ } /*2231 param coding extension*/ -+ } -+ else if (*p == '=') -+ { /* non-2231 param */ -+ uschar * q, * dummy_errstr; - - /* grab the value and copy to its expansion variable */ -- p += mp->namelen; -+ -+ if (*p) p++; /* step over = */ - q = mime_param_val(&p); /* p now trailing ; or NUL */ - - *mp->value = q && *q -@@ -684,26 +686,31 @@ while(1) - "MIME: found %s parameter in %s header, value '%s'\n", - mp->name, mh->name, *mp->value); - -- break; /* done matching param names */ -+ if (*p) p++; /* p is past ; */ -+ goto param_done; /* done matching param names */ - } -- -+ } /* interesting parameters */ - - /* There is something, but not one of our interesting parameters. - Advance past the next semicolon */ -+ - p = mime_next_semicolon(p); - if (*p) p++; -- } /* param scan on line */ -+ param_done: -+ } /* param scan on line */ - - if (strncmpic(CUS"content-disposition:", header, 20) == 0) - { -- if (decoding_failed) mime_filename = mime_fname_rfc2231; -+ if (decoding_failed) -+ mime_filename = string_from_gstring(mime_fname_rfc2231); - - DEBUG(D_acl) debug_printf_indent( - "MIME: found %s parameter in %s header, value is '%s'\n", - "filename", mh->name, mime_filename); - } - } -- } -+ break; -+ } /* interesting headers */ - - /* set additional flag variables (easier access) */ - if ( mime_content_type --- -2.33.0 - diff --git a/exim-4.97.1.tar.xz b/exim-4.97.1.tar.xz deleted file mode 100644 index 641081f08417624f47755b2d4627b688d4df619d..0000000000000000000000000000000000000000 Binary files a/exim-4.97.1.tar.xz and /dev/null differ diff --git a/exim-4.97-config.patch b/exim-4.98.2-config.patch similarity index 94% rename from exim-4.97-config.patch rename to exim-4.98.2-config.patch index 178d0af900b150e41371685bb89a06f95bf850d0..86618822508dc80c37621e7c03cd7f25ff8346b5 100644 --- a/exim-4.97-config.patch +++ b/exim-4.98.2-config.patch @@ -12,10 +12,10 @@ index dc5015f..07f8c23 100755 echo "" >>$mft cat $mftt >> $mft diff --git a/src/EDITME b/src/EDITME -index f68b3f1..a0b37b2 100644 +index ebfaf64..9e4e818 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -101,7 +101,7 @@ +@@ -103,7 +103,7 @@ # /usr/local/sbin. The installation script will try to create this directory, # and any superior directories, if they do not exist. @@ -24,7 +24,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -117,7 +117,7 @@ BIN_DIRECTORY=/usr/exim/bin +@@ -119,7 +119,7 @@ BIN_DIRECTORY=/usr/exim/bin # don't exist. It will also install a default runtime configuration if this # file does not exist. @@ -33,7 +33,7 @@ index f68b3f1..a0b37b2 100644 # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. # In this case, Exim will use the first of them that exists when it is run. -@@ -134,7 +134,7 @@ CONFIGURE_FILE=/usr/exim/configure +@@ -136,7 +136,7 @@ CONFIGURE_FILE=/usr/exim/configure # deliveries. (Local deliveries run as various non-root users, typically as the # owner of a local mailbox.) Specifying these values as root is not supported. @@ -42,7 +42,7 @@ index f68b3f1..a0b37b2 100644 # If you specify EXIM_USER as a name, this is looked up at build time, and the # uid number is built into the binary. However, you can specify that this -@@ -155,7 +155,7 @@ EXIM_USER= +@@ -157,7 +157,7 @@ EXIM_USER= # for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP unless # you want to use a group other than the default group for the given user. @@ -51,7 +51,7 @@ index f68b3f1..a0b37b2 100644 # Many sites define a user called "exim", with an appropriate default group, # and use -@@ -212,10 +212,10 @@ SPOOL_DIRECTORY=/var/spool/exim +@@ -214,10 +214,10 @@ SPOOL_DIRECTORY=/var/spool/exim # If you are building with TLS, the library configuration must be done: # Uncomment this if you are using OpenSSL @@ -64,7 +64,7 @@ index f68b3f1..a0b37b2 100644 # TLS_LIBS=-lssl -lcrypto # TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto -@@ -342,7 +342,7 @@ TRANSPORT_SMTP=yes +@@ -344,7 +344,7 @@ TRANSPORT_SMTP=yes # This one is special-purpose, and commonly not required, so it is not # included by default. @@ -73,7 +73,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -351,9 +351,9 @@ TRANSPORT_SMTP=yes +@@ -353,9 +353,9 @@ TRANSPORT_SMTP=yes # MBX, is included only when requested. If you do not know what this is about, # leave these settings commented out. @@ -86,7 +86,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -411,22 +411,28 @@ LOOKUP_DBM=yes +@@ -413,22 +413,28 @@ LOOKUP_DBM=yes LOOKUP_LSEARCH=yes LOOKUP_DNSDB=yes @@ -105,26 +105,27 @@ index f68b3f1..a0b37b2 100644 -# LOOKUP_MYSQL=yes -# LOOKUP_MYSQL_PC=mariadb -# LOOKUP_NIS=yes -+LOOKUP_MYSQL=2 -+LOOKUP_MYSQL_PC=libmariadb -+LOOKUP_NIS=yes - # LOOKUP_NISPLUS=yes +-# LOOKUP_NISPLUS=yes ++# LOOKUP_MYSQL=2 ++# LOOKUP_MYSQL_PC=mariadb ++# LOOKUP_NIS=yes ++# LOOKUP_NISPLUS=yes +CFLAGS+=-I/usr/include/nsl -I/usr/include/tirpc +LIBS+=-L/usr/$(_lib)/nsl + # LOOKUP_ORACLE=yes -# LOOKUP_PASSWD=yes -# LOOKUP_PGSQL=yes -+LOOKUP_PASSWD=yes -+LOOKUP_PGSQL=2 -+LOOKUP_PGSQL_LIBS=-lpq ++# LOOKUP_PASSWD=yes ++# LOOKUP_PGSQL=2 ++# LOOKUP_PGSQL_LIBS=-lpq # LOOKUP_REDIS=yes -# LOOKUP_SQLITE=yes +LOOKUP_SQLITE=yes # LOOKUP_SQLITE_PC=sqlite3 # LOOKUP_WHOSON=yes -@@ -439,7 +445,7 @@ LOOKUP_DNSDB=yes +@@ -441,7 +447,7 @@ LOOKUP_DNSDB=yes # Some platforms may need this for LOOKUP_NIS: @@ -133,7 +134,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ # If you have set LOOKUP_LDAP=yes, you should set LDAP_LIB_TYPE to indicate -@@ -513,7 +519,7 @@ SUPPORT_DANE=yes +@@ -515,7 +521,7 @@ SUPPORT_DANE=yes # files are defaulted in the OS/Makefile-Default file, but can be overridden in # local OS-specific make files. @@ -142,7 +143,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -523,7 +529,7 @@ SUPPORT_DANE=yes +@@ -525,7 +531,7 @@ SUPPORT_DANE=yes # and the MIME ACL. Please read the documentation to learn more about these # features. @@ -151,7 +152,7 @@ index f68b3f1..a0b37b2 100644 # If you have content scanning you may wish to only include some of the scanner # interfaces. Uncomment any of these lines to remove that code. -@@ -604,12 +610,12 @@ DISABLE_MAL_MKS=yes +@@ -609,12 +615,12 @@ DISABLE_MAL_MKS=yes # Uncomment the following line to add DMARC checking capability, implemented # using libopendmarc libraries. You must have SPF and DKIM support enabled also. @@ -167,7 +168,7 @@ index f68b3f1..a0b37b2 100644 # # Library version libopendmarc-1.4.1-1.fc33.x86_64 (on Fedora 33) is known broken; # 1.3.2-3 works. It seems that the OpenDMARC project broke their API. -@@ -740,7 +746,7 @@ FIXED_NEVER_USERS=root +@@ -749,7 +755,7 @@ FIXED_NEVER_USERS=root # CONFIGURE_OWNER setting, to specify a configuration file which is listed in # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. @@ -176,7 +177,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -785,18 +791,18 @@ FIXED_NEVER_USERS=root +@@ -794,18 +800,18 @@ FIXED_NEVER_USERS=root # included in the Exim binary. You will then need to set up the run time # configuration to make use of the mechanism(s) selected. @@ -203,7 +204,7 @@ index f68b3f1..a0b37b2 100644 # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 # requires multiple pkg-config files to work with Exim, so the second example -@@ -823,7 +829,7 @@ FIXED_NEVER_USERS=root +@@ -832,7 +838,7 @@ FIXED_NEVER_USERS=root # one that is set in the headers_charset option. The default setting is # defined by this setting: @@ -212,7 +213,7 @@ index f68b3f1..a0b37b2 100644 # If you are going to make use of $header_xxx expansions in your configuration # file, or if your users are going to use them in filter files, and the normal -@@ -843,7 +849,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -852,7 +858,7 @@ HEADERS_CHARSET="ISO-8859-1" # the Sieve filter support. For those OS where iconv() is known to be installed # as standard, the file in OS/Makefile-xxxx contains # @@ -221,7 +222,7 @@ index f68b3f1..a0b37b2 100644 # # If you are not using one of those systems, but have installed iconv(), you # need to uncomment that line above. In some cases, you may find that iconv() -@@ -919,7 +925,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -928,7 +934,7 @@ HEADERS_CHARSET="ISO-8859-1" # Once you have done this, "make install" will build the info files and # install them in the directory you have defined. @@ -230,7 +231,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -932,7 +938,7 @@ HEADERS_CHARSET="ISO-8859-1" +@@ -941,7 +947,7 @@ HEADERS_CHARSET="ISO-8859-1" # %s. This will be replaced by one of the strings "main", "panic", or "reject" # to form the final file names. Some installations may want something like this: @@ -239,7 +240,7 @@ index f68b3f1..a0b37b2 100644 # which results in files with names /var/log/exim_mainlog, etc. The directory # in which the log files are placed must exist; Exim does not try to create -@@ -1004,7 +1010,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1013,7 +1019,7 @@ ZCAT_COMMAND=/usr/bin/zcat # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded # Perl costs quite a lot of resources. Only do this if you really need it. @@ -248,7 +249,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -1014,7 +1020,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1023,7 +1029,7 @@ ZCAT_COMMAND=/usr/bin/zcat # that the local_scan API is made available by the linker. You may also need # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. @@ -257,7 +258,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -1024,7 +1030,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1033,7 +1039,7 @@ ZCAT_COMMAND=/usr/bin/zcat # support, which is intended for use in conjunction with the SMTP AUTH # facilities, is included only when requested by the following setting: @@ -266,7 +267,7 @@ index f68b3f1..a0b37b2 100644 # You probably need to add -lpam to EXTRALIBS, and in some releases of # GNU/Linux -ldl is also needed. -@@ -1036,12 +1042,12 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1045,12 +1051,12 @@ ZCAT_COMMAND=/usr/bin/zcat # If you may want to use outbound (client-side) proxying, using Socks5, # uncomment the line below. @@ -281,7 +282,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -1065,9 +1071,9 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1074,9 +1080,9 @@ ZCAT_COMMAND=/usr/bin/zcat # installed on your system (www.libspf2.org). Depending on where it is installed # you may have to edit the CFLAGS and LDFLAGS lines. @@ -293,7 +294,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -1132,7 +1138,7 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1141,7 +1147,7 @@ ZCAT_COMMAND=/usr/bin/zcat # group. Once you have installed saslauthd, you should arrange for it to be # started by root at boot time. @@ -302,7 +303,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -1146,8 +1152,8 @@ ZCAT_COMMAND=/usr/bin/zcat +@@ -1155,8 +1161,8 @@ ZCAT_COMMAND=/usr/bin/zcat # library for TCP wrappers, so you probably need something like this: # # USE_TCP_WRAPPERS=yes @@ -313,7 +314,7 @@ index f68b3f1..a0b37b2 100644 # # but of course there may need to be other things in CFLAGS and EXTRALIBS_EXIM # as well. -@@ -1199,7 +1205,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1208,7 +1214,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases # is "yes", as well as supporting line editing, a history of input lines in the # current run is maintained. @@ -322,7 +323,7 @@ index f68b3f1..a0b37b2 100644 # You may need to add -ldl to EXTRALIBS when you set USE_READLINE=yes. # Note that this option adds to the size of the Exim binary, because the -@@ -1216,7 +1222,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1225,7 +1231,7 @@ SYSTEM_ALIASES_FILE=/etc/aliases #------------------------------------------------------------------------------ # Uncomment this setting to include IPv6 support. @@ -331,7 +332,7 @@ index f68b3f1..a0b37b2 100644 ############################################################################### # THINGS YOU ALMOST NEVER NEED TO MENTION # -@@ -1237,13 +1243,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases +@@ -1246,13 +1252,13 @@ SYSTEM_ALIASES_FILE=/etc/aliases # haven't got Perl, Exim will still build and run; you just won't be able to # use those utilities. @@ -352,7 +353,7 @@ index f68b3f1..a0b37b2 100644 #------------------------------------------------------------------------------ -@@ -1445,7 +1451,7 @@ EXIM_TMPDIR="/tmp" +@@ -1454,7 +1460,7 @@ EXIM_TMPDIR="/tmp" # (process id) to a file so that it can easily be identified. The path of the # file can be specified here. Some installations may want something like this: diff --git a/exim-4.97-dlopen-localscan.patch b/exim-4.98.2-dlopen-localscan.patch similarity index 96% rename from exim-4.97-dlopen-localscan.patch rename to exim-4.98.2-dlopen-localscan.patch index 3ee096b206fc58a3697c612162b30bc594ba3b3e..21ca340dfa15d4b7c254f3a145b32a76807eaefd 100644 --- a/exim-4.97-dlopen-localscan.patch +++ b/exim-4.98.2-dlopen-localscan.patch @@ -1,8 +1,8 @@ diff --git a/src/EDITME b/src/EDITME -index a0b37b2..dbf009f 100644 +index 9e4e818..473010b 100644 --- a/src/EDITME +++ b/src/EDITME -@@ -909,6 +909,21 @@ HAVE_ICONV=yes +@@ -918,6 +918,21 @@ HAVE_ICONV=yes # *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** @@ -25,7 +25,7 @@ index a0b37b2..dbf009f 100644 # The default distribution of Exim contains only the plain text form of the # documentation. Other forms are available separately. If you want to install diff --git a/src/config.h.defaults b/src/config.h.defaults -index 28d4f13..460169a 100644 +index 13b203e..70be51d 100644 --- a/src/config.h.defaults +++ b/src/config.h.defaults @@ -33,6 +33,8 @@ Do not put spaces between # and the 'define'. @@ -38,7 +38,7 @@ index 28d4f13..460169a 100644 #define CONFIGURE_FILE diff --git a/src/globals.c b/src/globals.c -index e94bef7..801b88f 100644 +index c50b7a4..50d1d13 100644 --- a/src/globals.c +++ b/src/globals.c @@ -152,6 +152,10 @@ time_t tls_watch_trigger_time = (time_t)0; @@ -53,7 +53,7 @@ index e94bef7..801b88f 100644 /* Per Recipient Data Response variables */ BOOL prdr_enable = FALSE; diff --git a/src/globals.h b/src/globals.h -index 6ec4e61..620b700 100644 +index dc9d384..d4eba50 100644 --- a/src/globals.h +++ b/src/globals.h @@ -150,6 +150,11 @@ extern uschar *tls_verify_hosts; /* Mandatory client verification */ @@ -69,7 +69,7 @@ index 6ec4e61..620b700 100644 extern uschar *dsn_envid; /* DSN envid string */ diff --git a/src/local_scan.c b/src/local_scan.c -index da44cb7..d19af58 100644 +index da44cb7..5af46c6 100644 --- a/src/local_scan.c +++ b/src/local_scan.c @@ -7,59 +7,134 @@ @@ -255,10 +255,10 @@ index da44cb7..d19af58 100644 + /* End of local_scan.c */ diff --git a/src/readconf.c b/src/readconf.c -index e77458d..137250d 100644 +index 940c5d4..c2ddcf2 100644 --- a/src/readconf.c +++ b/src/readconf.c -@@ -216,6 +216,9 @@ static optionlist optionlist_config[] = { +@@ -219,6 +219,9 @@ static optionlist optionlist_config[] = { { "local_from_prefix", opt_stringptr, {&local_from_prefix} }, { "local_from_suffix", opt_stringptr, {&local_from_suffix} }, { "local_interfaces", opt_stringptr, {&local_interfaces} }, diff --git a/exim-4.98.2-no-gsasl.patch b/exim-4.98.2-no-gsasl.patch new file mode 100644 index 0000000000000000000000000000000000000000..8ba9e1e54389867ddc23af37c7078befe94713a9 --- /dev/null +++ b/exim-4.98.2-no-gsasl.patch @@ -0,0 +1,15 @@ +diff --git a/src/EDITME b/src/EDITME +index 473010b..1976437 100644 +--- a/src/EDITME ++++ b/src/EDITME +@@ -804,8 +804,8 @@ AUTH_CRAM_MD5=yes + AUTH_CYRUS_SASL=yes + AUTH_DOVECOT=yes + # AUTH_EXTERNAL=yes +-AUTH_GSASL=yes +-AUTH_GSASL_PC=libgsasl ++# AUTH_GSASL=yes ++# AUTH_GSASL_PC=libgsasl + # AUTH_HEIMDAL_GSSAPI=yes + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 diff --git a/exim-4.98.2.tar.xz b/exim-4.98.2.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..70414af0da5e78718ddb6371f8a3092478366492 Binary files /dev/null and b/exim-4.98.2.tar.xz differ diff --git a/exim-4.98.2.tar.xz.asc b/exim-4.98.2.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..b4b9d5ab4be12749207e1c5fcbc800f8166ef05f --- /dev/null +++ b/exim-4.98.2.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEqYbzpr1jd9hzCVjevOWMjOQfMt8FAmfigfYACgkQvOWMjOQf +Mt+YCAf/QhseAiP/h2CtnE1dmxvdPmMWTA5F6jpE6WvgLs/uiOeFW2IyReOR2Qjm ++fSGWkl5sDblOMSx/BCWnjXV7dkIGTBknQXln0/zU2yn8Yru6KIwoDa0mGfIbsny +JyQCqyLZJYYcj+msF9ZUjPFS9pv6HNBHwgXM5pqv1dIZfD273K8dccO91IVB4fI3 +ODztfHRcPEWU4RrxMVfSiR67+X9Ej0haVlW5GbvRa75wzLMOF/DyU1nXwVkMOyML +C2WfwmIYdQcoTq/WujxZrpAC9LnAKcbK+eqaGB7iz0mtNu3wWCKfBTp0/FF6N9V1 +dfOUDOarLh5yRVTv+c5B3J/ogdQS+Q== +=VmfJ +-----END PGP SIGNATURE----- diff --git a/exim-clamav-tmpfiles.conf b/exim-clamav-tmpfiles.conf index b222009dc5eeb0922f70519fc577936c121a03a3..df456870c6522011e0d24ed752d02987f25444b0 100644 --- a/exim-clamav-tmpfiles.conf +++ b/exim-clamav-tmpfiles.conf @@ -1 +1 @@ -D /run/clamd.exim 0750 exim exim - +D /var/run/clamd.exim 0750 exim exim - diff --git a/exim-greylist.conf.inc b/exim-greylist.conf.inc index b73ea5e9880d36055965df3ea134702bad201fbc..15ca61f0b3659e046c3febae2787426a249e752e 100644 --- a/exim-greylist.conf.inc +++ b/exim-greylist.conf.inc @@ -115,7 +115,7 @@ greylist_mail: # to change it. warn condition = ${if eq {$acl_m_greyexpiry}{} {1}} set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \ - VALUES ( '$acl_m_greyident', \ + VALUES ( '${quote_sqlite:$acl_m_greyident}', \ '${eval10:$tod_epoch+300}', \ '$sender_host_address', \ '${quote_sqlite:$sender_helo_name}' );}} diff --git a/exim.init b/exim.init new file mode 100644 index 0000000000000000000000000000000000000000..275fae23416c3bcece18fed5ae95182829084183 --- /dev/null +++ b/exim.init @@ -0,0 +1,132 @@ +#!/bin/bash +# +# exim This shell script takes care of starting and stopping exim +# +# chkconfig: 2345 80 30 +# description: Exim is a Mail Transport Agent, which is the program \ +# that moves mail from one machine to another. +# processname: exim +# config: /etc/exim/exim.conf +# pidfile: /var/run/exim.pid + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network + +# Source exim configureation. +if [ -f /etc/sysconfig/exim ] ; then + . /etc/sysconfig/exim +else + DAEMON=yes + QUEUE=1h +fi + +USER=${USER:=exim} +GROUP=${GROUP:=exim} + +gen_cert() { + if [ ! -f /etc/pki/tls/certs/exim.pem ] ; then + umask 077 + FQDN=`hostname` + if [ "x${FQDN}" = "x" ]; then + FQDN=localhost.localdomain + fi + echo -n $"Generating exim certificate: " + cat << EOF | openssl req -new -x509 -days 365 -nodes \ + -out /etc/pki/tls/certs/exim.pem \ + -keyout /etc/pki/tls/private/exim.pem &>/dev/null +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +${FQDN} +root@${FQDN} +EOF + if [ $? -eq 0 ]; then + success + chown $USER:$GROUP /etc/pki/tls/{private,certs}/exim.pem + chmod 600 /etc/pki/tls/{private,certs}/exim.pem + else + failure + fi + echo + fi +} + +start() { + [ "$EUID" != "0" ] && exit 4 + [ "${NETWORKING}" = "no" ] && exit 1 + [ -f /usr/sbin/exim ] || exit 5 + + # check ownerships + # do this by seeing if /var/log/exim/main.log exists and is + # owned by exim - if owned by someone else we fix it up + if [ -f /var/log/exim/main.log ] + then + if [ "exim" != "`ls -l /var/log/exim/main.log | awk '{print $4}'`" ] + then + chown -R $USER:$GROUP /var/log/exim /var/spool/exim + fi + fi + + # generate certificate if doesn't exist + gen_cert + + # Start daemons. + echo -n $"Starting exim: " + daemon /usr/sbin/exim $([ "$DAEMON" = yes ] && echo -bd) \ + $([ -n "$QUEUE" ] && echo -q$QUEUE) + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/exim +} + +stop() { + [ "$EUID" != "0" ] && exit 4 + # Stop daemons. + echo -n $"Shutting down exim: " + killproc exim + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/exim +} + +restart() { + stop + start +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload|force-reload) + status exim > /dev/null || exit 7 + echo -n $"Reloading exim:" + killproc exim -HUP + echo + ;; + condrestart|try-restart) + status exim > /dev/null || exit 0 + restart + ;; + status) + status exim + ;; + *) + echo $"Usage: $0 {start|stop|restart|reload|force-reload|status|condrestart|try-restart}" + exit 2 +esac + +exit $RETVAL + diff --git a/exim.spec b/exim.spec index cbc3e732c50408601520415236f241c6e83d74c6..894ea2e3624482132e6ee97382b515c8cd3c4742 100644 --- a/exim.spec +++ b/exim.spec @@ -3,8 +3,8 @@ Summary: The exim mail transfer agent Name: exim -Version: 4.97.1 -Release: 3 +Version: 4.98.2 +Release: 1 License: GPLv2+ Url: https://www.exim.org/ @@ -18,7 +18,7 @@ Requires(pre): %{_sbindir}/groupadd, %{_sbindir}/useradd BuildRequires: clamd %endif -Source0: https://ftp.exim.org/pub/exim/exim4/exim-%{version}.tar.xz +Source0: https://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.xz Source1: exim.sysconfig Source2: exim.logrotate # The exim-tidydb.sh is used to tidy up the contents of a hints database. @@ -35,14 +35,11 @@ Source10: exim.service Source11: exim-gen-cert Source12: clamd.exim.service -Patch0: exim-4.97-config.patch +Patch0: exim-4.98.2-config.patch Patch1: exim-4.94-libdir.patch -Patch2: exim-4.97-dlopen-localscan.patch +Patch2: exim-4.98.2-dlopen-localscan.patch Patch3: exim-4.96-pic.patch -Patch4: CVE-2023-51766.patch -# CVE-2024-39929 -Patch5: backport-bug3099-Fix-MIME-parsing-of-filenames-specified-using-multiple-parameters.patch -Patch6: backport-bug3099-MIME-support-RFC-2331-for-name.patch +Patch4: exim-4.98.2-no-gsasl.patch Requires: /etc/pki/tls/certs /etc/pki/tls/private @@ -60,7 +57,6 @@ BuildRequires: sqlite-devel BuildRequires: cyrus-sasl-devel BuildRequires: libspf2-devel BuildRequires: libopendmarc-devel -BuildRequires: openldap-devel BuildRequires: mariadb-connector-c-devel BuildRequires: libpq-devel BuildRequires: libXaw-devel @@ -213,11 +209,7 @@ do done mkdir -p $RPM_BUILD_ROOT%{_libdir}/exim/%{version}-%{release}/lookups -for i in mysql.so pgsql.so -do - install -m755 lookups/$i \ - $RPM_BUILD_ROOT%{_libdir}/exim/%{version}-%{release}/lookups -done + cd .. @@ -433,12 +425,6 @@ fi %ghost %{_sysconfdir}/pam.d/smtp %ghost %{_mandir}/man1/mailq.1.gz -%files mysql -%{_libdir}/exim/%{version}-%{release}/lookups/mysql.so - -%files pgsql -%{_libdir}/exim/%{version}-%{release}/lookups/pgsql.so - %files mon %{_sbindir}/eximon %{_sbindir}/eximon.bin @@ -484,6 +470,9 @@ fi %{_sysconfdir}/cron.daily/greylist-tidy.sh %changelog +* Sun May 25 2025 zhuchao - 4.98.2-1 +- DESC: upgrade to 4.98.2 to resolve the to CVE-2025-26794 to CVE-2025-30232 + * Tue Jul 9 2024 zhangxianting - 4.97.1-3 - fix CVE-2024-39929 @@ -499,7 +488,7 @@ fi * Tue Aug 29 2023 zhuchao - 4.96-3 - DESC:fix bug about print error message in install exim-clamav and exim-greylist -* Thur Feb 16 2023 zhuchao - 4.96-2 +* Thu Feb 16 2023 zhuchao - 4.96-2 - DESC:add build requirement init * Tue Oct 18 2022 zhuchao - 4.96-1 diff --git a/exim.yaml b/exim.yaml deleted file mode 100644 index e757fbf70b4950a2d0558b0610a20556c9844689..0000000000000000000000000000000000000000 --- a/exim.yaml +++ /dev/null @@ -1,4 +0,0 @@ -version_control: github -src_repo: Exim/exim -tag_prefix: ^exim -separator: . \ No newline at end of file