Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

eximon-4.97.1-lp156.1.4 RPM for ppc64le

From OpenSuSE Leap 15.6 for ppc64le

Name: eximon Distribution: openSUSE Leap 15.6
Version: 4.97.1 Vendor: openSUSE
Release: lp156.1.4 Build date: Tue May 28 09:08:30 2024
Group: Productivity/Networking/Email/Servers Build host: obs-power8-05
Size: 144891 Source RPM: exim-4.97.1-lp156.1.4.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.exim.org/
Summary: Eximon, an graphical frontend to administer Exim's mail queue
This allows administrators to view the exim agent's mail queue and
logs, and perform a variety of actions on queued messages, such as
freezing, bouncing and thawing messages, and even editing body and
header of mails.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Thu Feb 22 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Sat Dec 30 2023 Dirk Müller <dmueller@suse.com>
  - update to 4.97.1 (bsc#1218387, CVE-2023-51766):
    * Fixes for the smtp protocol smuggling (CVE-2023-51766)
* Tue Nov 07 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - update to exim 4.97
    * remove patch-no-exit-on-rewrite-malformed-address.patch (upstreamed)
* Mon Oct 16 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - security update to exim 4.96.2
    * fixes CVE-2023-42117 (bsc#1215787)
    * fixes CVE-2023-42119 (bsc#1215789)
* Mon Oct 02 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - security update to exim 4.96.1
    * fixes CVE-2023-42114 (bsc#1215784)
    * fixes CVE-2023-42115 (bsc#1215785)
    * fixes CVE-2023-42116 (bsc#1215786)
* Tue Mar 28 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - enable sender rewriting support (SUPPORT_SRS)
* Wed Jan 25 2023 Thorsten Kukuk <kukuk@suse.com>
  - Don't build the NIS module anymore, libnsl/NIS are deprecated
* Tue Oct 18 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - add patch-cve-2022-3559 (fixes CVE-2022-3559, bsc#1204427, Bug 2915)
* Thu Sep 29 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - add (patch-no-exit-on-rewrite-malformed-address.patch)
    Fix exit on attempt to rewrite a malformed address (Bug 2903)
* Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de>
  - Own /var/spool/mail (boo#1179574)
* Thu Sep 01 2022 Stefan Schubert <schubi@suse.com>
  - Migration to /usr/etc: Saving user changed configuration files
    in /etc and restoring them while an RPM update.
* Wed Jun 29 2022 Stefan Schubert <schubi@suse.com>
  - Moved logrotate files from user specific directory /etc/logrotate.d
    to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 27 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - update to exim 4.96
    * Move from using the pcre library to pcre2.
    * Constification work in the filters module required a major version
      bump for the local-scan API.  Specifically, the "headers_charset"
      global which is visible via the API is now const and may therefore
      not be modified by local-scan code.
    * Bug 2819: speed up command-line messages being read in.  Previously a
      time check was being done for every character; replace that with one
      per buffer.
    * Bug 2815: Fix ALPN sent by server under OpenSSL.  Previously the string
      sent was prefixed with a length byte.
    * Change the SMTP feature name for pipelining connect to be compliant with
      RFC 5321.  Previously Dovecot (at least) would log errors during
      submission.
    * Fix macro-definition during "-be" expansion testing.  The move to
      write-protected store for macros had not accounted for these runtime
      additions; fix by removing this protection for "-be" mode.
    * Convert all uses of select() to poll().
    * Fix use of $sender_host_name in daemon process.  When used in certain
      main-section options or in a connect ACL, the value from the first ever
      connection was never replaced for subsequent connections.
    * Bug 2838: Fix for i32lp64 hard-align platforms
    * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
      with underbars is given.
    * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
    * Debugging initiated by an ACL control now continues through into routing
      and transport processes.
    * The "expand" debug selector now gives more detail, specifically on the
      result of expansion operators and items.
    * Bug 2751: Fix include_directory in redirect routers.  Previously a
      bad comparison between the option value and the name of the file to
      be included was done, and a mismatch was wrongly identified.
    * Support for Berkeley DB versions 1 and 2 is withdrawn.
    * When built with NDBM for hints DB's check for nonexistence of a name
      supplied as the db file-pair basename.
    * Remove the "allow_insecure_tainted_data" main config option and the
      "taint" log_selector.
    * Fix static address-list lookups to properly return the matched item.
      Previously only the domain part was returned.
    * The ${run} expansion item now expands its command string elements after
      splitting.  Previously it was before; the new ordering makes handling
      zero-length arguments simpler.
    * Taint-check exec arguments for transport-initiated external processes.
      Previously, tainted values could be used.  This affects "pipe", "lmtp" and
      "queryprogram" transport, transport-filter, and ETRN commands.
      The ${run} expansion is also affected: in "preexpand" mode no part of
      the command line may be tainted, in default mode the executable name
      may not be tainted.
    * Fix CHUNKING on a continued-transport.  Previously the usabilility of
      the facility was not passed across execs, and only the first message
      passed over a connection could use BDAT; any further ones using DATA.
    * Support the PIPECONNECT facility in the smtp transport when the helo_data
      uses $sending_ip_address and an interface is specified.
    * OpenSSL: fix transport-required OCSP stapling verification under session
      resumption.
    * TLS resumption: the key for session lookup in the client now includes
      more info that a server could potentially use in configuring a TLS
      session, avoiding oferring mismatching sessions to such a server.
    * Fix string_copyn() for limit greater than actual string length.
    * Bug 2886: GnuTLS: Do not free the cached creds on transport connection
      close; it may be needed for a subsequent connection.
    * Fix CHUNKING for a second message on a connection when the first was
      rejected.
    * Fix ${srs_encode ...} to handle an empty sender address, now returning
      an empty address.
    * Bug 2855: Handle a v4mapped sender address given us by a frontending
      proxy.
* Wed Jan 19 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - disable ProtectHome=, it prevents local delivery (bsc#1194810)
* Wed Sep 29 2021 Peter Wullinger <wullinger@rz.uni-kiel.de>
  - update to exim 4.95
    * includes taintwarn (taintwarn.patch)
    * fast-ramp queue run
    * native SRS
    * TLS resumption
    * LMDB lookups with single key
    * smtp transport option "message_linelength_limit"
    * optionally ignore lookup caches
    * quota checking for appendfile transport during message reception
    * sqlite lookups allow a "file=<path>" option
    * lsearch lookups allow a "ret=full" option
    * command line option for the notifier socket
    * faster TLS startup
    * new main config option "proxy_protocol_timeout"
    * expand "smtp_accept_max_per_connection"
    * log selector "queue_size_exclusive"
    * main config option "smtp_backlog_monitor"
    * main config option "hosts_require_helo"
    * main config option "allow_insecure_tainted_data"
* Tue Sep 14 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * exim.service
* Thu Jul 08 2021 Steve Kowalik <steven.kowalik@suse.com>
  - Update eximstats-html-update.py to run under Python 3.
* Mon May 17 2021 wullinger@rz.uni-kiel.de
  - add exim-4.94.2+fixes and taintwarn patches (taintwarn.patch)
* Tue May 04 2021 wullinger@rz.uni-kiel.de
  - update to exim-4.94.2
    security update (bsc#1185631)
    * CVE-2020-28007: Link attack in Exim's log directory
    * CVE-2020-28008: Assorted attacks in Exim's spool directory
    * CVE-2020-28014: Arbitrary PID file creation
    * CVE-2020-28011: Heap buffer overflow in queue_run()
    * CVE-2020-28010: Heap out-of-bounds write in main()
    * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
    * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
    * CVE-2020-28015: New-line injection into spool header file (local)
    * CVE-2020-28012: Missing close-on-exec flag for privileged pipe
    * CVE-2020-28009: Integer overflow in get_stdinput()
    * CVE-2020-28017: Integer overflow in receive_add_recipient()
    * CVE-2020-28020: Integer overflow in receive_msg()
    * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
    * CVE-2020-28021: New-line injection into spool header file (remote)
    * CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
    * CVE-2020-28026: Line truncation and injection in spool_read_header()
    * CVE-2020-28019: Failure to reset function pointer after BDAT error
    * CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
    * CVE-2020-28018: Use-after-free in tls-openssl.c
    * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
* Wed Apr 28 2021 wullinger@rz.uni-kiel.de
  - update to exim-4.94.1
    * Fix security issue in BDAT state confusion.
      Ensure we reset known-good where we know we need to not be reading BDAT
      data, as a general case fix, and move the places where we switch to BDAT
      mode until after various protocol state checks.
      Fixes CVE-2020-BDATA reported by Qualys.
    * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
    * Fix security issue with too many recipients on a message (to remove a
      known security problem if someone does set recipients_max to unlimited,
      or if local additions add to the recipient list).
      Fixes CVE-2020-RCPTL reported by Qualys.
    * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
    * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
      providing a particularly obnoxious sender full name.
    * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
      better.
* Mon Aug 24 2020 wullinger@rz.uni-kiel.de
  - bring back missing exim_db.8 manual page
    (fixes bsc#1173693)
* Mon Jun 08 2020 wullinger@rz.uni-kiel.de
  - bring in changes from current +fixes (lots of taint check fixes)
    * Bug 1329: Fix format of Maildir-format filenames to match other mail-
      related applications.  Previously an "H" was used where available info
      says that "M" should be, so change to match.
    * Bug 2587: Fix pam expansion condition.  Tainted values are commonly used
      as arguments, so an implementation trying to copy these into a local
      buffer was taking a taint-enforcement trap.  Fix by using dynamically
      created buffers.
    * Bug 2586: Fix listcount expansion operator.  Using tainted arguments is
      reasonable, eg. to count headers.  Fix by using dynamically created
      buffers rather than a local.  Do similar fixes for ACL actions "dcc",
      "log_reject_target", "malware" and "spam"; the arguments are expanded
      so could be handling tainted values.
    * Bug 2590: Fix -bi (newaliases).  A previous code rearrangement had
      broken the (no-op) support for this sendmail command.  Restore it
      to doing nothing, silently, and returning good status.
* Tue Jun 02 2020 wullinger@rz.uni-kiel.de
  - update to exim 4.94
    * some transports now refuse to use tainted data in constructing their delivery
      location
      this WILL BREAK configurations which are not updated accordingly.
      In particular: any Transport use of $local_user which has been relying upon
      check_local_user far away in the Router to make it safe, should be updated to
      replace $local_user with $local_part_data.
    * Attempting to remove, in router or transport, a header name that ends with
      an asterisk (which is a standards-legal name) will now result in all headers
      named starting with the string before the asterisk being removed.
* Tue May 19 2020 wullinger@rz.uni-kiel.de
  - switch pretrans to use lua
    (fixes bsc#1171877)
* Tue May 12 2020 wullinger@rz.uni-kiel.de
  - bring changes from current in +fixes branch
    (patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
    * fixes CVE-2020-12783 (bsc#1171490)
    * Regard command-line recipients as tainted.
    * Bug 2489: Fix crash in the "pam" expansion condition.
    * Use tainted buffers for the transport smtp context.
    * Bug 2493: Harden ARC verify against Outlook, which has been seen to mix
      the ordering of its ARC headers.  This caused a crash.
    * Bug 2492: Use tainted memory for retry record when needed.  Previously when
      a new record was being constructed with information from the peer, a trap
      was taken.
    * Bug 2494: Unset the default for dmarc_tld_file.
    * Fix an uninitialised flag in early-pipelining.  Previously connections
      could, depending on the platform, hang at the STARTTLS response.
    * Bug 2498: Reset a counter used for ARC verify before handling another
      message on a connection.  Previously if one message had ARC headers and
      the following one did not, a crash could result when adding an
      Authentication-Results: header.
    * Bug 2500: Rewind some of the common-coding in string handling between the
      Exim main code and Exim-related utities.
    * Fix the variables set by the gsasl authenticator.
    * Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
      only retrieve the errormessage once.
    * Bug 2501: Fix init call in the heimdal authenticator.  Previously it
      adjusted the size of a major service buffer; this failed because the
      buffer was in use at the time.  Change to a compile-time increase in the
      buffer size, when this authenticator is compiled into exim.
* Wed Apr 01 2020 wullinger@rz.uni-kiel.de
  - don't create logfiles during install
    * fixes CVE-2020-8015 (bsc#1154183)
* Mon Jan 13 2020 wullinger@rz.uni-kiel.de
  - add a spec-file workaround for bsc#1160726
* Tue Jan 07 2020 wullinger@rz.uni-kiel.de
  - update to exim 4.93.0.4 (+fixes release)
    * Avoid costly startup code when not strictly needed.  This reduces time
      for some exim process initialisations.  It does mean that the logging
      of TLS configuration problems is only done for the daemon startup.
    * Early-pipelining support code is now included unless disabled in Makefile.
    * DKIM verification defaults no long accept sha1 hashes, to conform to
      RFC 8301.  They can still be enabled, using the dkim_verify_hashes main
      option.
    * Support CHUNKING from an smtp transport using a transport_filter, when
      DKIM signing is being done.  Previously a transport_filter would always
      disable CHUNKING, falling back to traditional DATA.
    * Regard command-line receipients as tainted.
    * Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.
    * Bug 2489: Fix crash in the "pam" expansion condition.  It seems that the
      PAM library frees one of the arguments given to it, despite the
      documentation.  Therefore a plain malloc must be used.
    * Bug 2491: Use tainted buffers for the transport smtp context.  Previously
      on-stack buffers were used, resulting in a taint trap when DSN information
      copied from a received message was written into the buffer.
    * Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix
      the ordering of its ARC headers.  This caused a crash.
    * Bug 2492: Use tainted memory for retry record when needed.  Previously when
      a new record was being constructed with information from the peer, a trap
      was taken.
    * Bug 2494: Unset the default for dmarc_tld_file.  Previously a naiive
      installation would get error messages from DMARC verify, when it hit the
      nonexistent file indicated by the default.  Distros wanting DMARC enabled
      should both provide the file and set the option.
      Also enforce no DMARC verification for command-line sourced messages.
    * Fix an uninitialised flag in early-pipelining.  Previously connections
      could, depending on the platform, hang at the STARTTLS response.
    * Bug 2498: Reset a counter used for ARC verify before handling another
      message on a connection.  Previously if one message had ARC headers and
      the following one did not, a crash could result when adding an
      Authentication-Results: header.
    * Bug 2500: Rewind some of the common-coding in string handling between the
      Exim main code and Exim-related utities.  The introduction of taint
      tracking also did many adjustments to string handling.  Since then, eximon
      frequently terminated with an assert failure.
    * When PIPELINING, synch after every hundred or so RCPT commands sent and
      check for 452 responses.  This slightly helps the inefficieny of doing
      a large alias-expansion into a recipient-limited target.  The max_rcpt
      transport option still applies (and at the current default, will override
      the new feature).  The check is done for either cause of synch, and forces
      a fast-retry of all 452'd recipients using a new MAIL FROM on the same
      connection.  The new facility is not tunable at this time.
    * Fix the variables set by the gsasl authenticator.  Previously a pointer to
      library live data was being used, so the results became garbage.  Make
      copies while it is still usable.
    * Logging: when the deliver_time selector ise set, include the DT= field
      on delivery deferred (==) and failed (**) lines (if a delivery was
      attemtped).  Previously it was only on completion (=>) lines.
    * Authentication: the gsasl driver not provides the $authN variables in time
      for the expansion of the server_scram_iter and server_scram_salt options.
* Thu Jan 02 2020 wullinger@rz.uni-kiel.de
  spec file cleanup to make update work
  - add docdir to spec
* Mon Dec 09 2019 wullinger@rz.uni-kiel.de
  - update to exim 4.93
    * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
    * DISABLE_TLS replaces SUPPORT_TLS
    * Bump the version for the local_scan API.
    * smtp transport option hosts_try_fastopen defaults to "*".
    * DNSSec is requested (not required) for all queries. (This seemes to
      ask for trouble if your resolver is a systemd-resolved.)
    * Generic router option retry_use_local_part defaults to "true" under specific
      pre-conditions.
    * Introduce a tainting mechanism for values read from untrusted sources.
    * Use longer file names for temporary spool files (this avoids
      name conflicts with spool on a shared file system).
    * Use dsn_from main config option (was ignored previously).
* Mon Sep 30 2019 poeml@cmdline.net
  - update to exim 4.92.3
    * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat,
      remote code execution seems to be possible
* Sat Sep 07 2019 poeml@cmdline.net
  - update to exim 4.92.2
    * CVE-2019-15846: fix against remote attackers executing arbitrary code as
      root via a trailing backslash
* Thu Jul 25 2019 alex <atoptsoglou@suse.com>
  - update to exim 4.92.1
    * CVE-2019-13917: Fixed an issue with ${sort} expansion which could
    allow remote attackers to execute other programs with root privileges
    (boo#1142207)
* Wed Jun 05 2019 wullinger@rz.uni-kiel.de
  - spec file cleanup
    * fix DANE inclusion guard condition
    * re-enable i18n and remove misleading comment
    * EXPERIMENTAL_SPF is now SUPPORT_SPF
    * DANE is now SUPPORT_DANE
* Sat Mar 23 2019 seanlew@opensuse.org
  - update to exim 4.92
    * ${l_header:<name>} expansion
    * ${readsocket} now supports TLS
    * "utf8_downconvert" option (if built with SUPPORT_I18N)
    * "pipelining" log_selector
    * JSON variants for ${extract } expansion
    * "noutf8" debug option
    * TCP Fast Open support on MacOS
    * CVE-2019-10149: Fixed a Remote Command Execution (bsc#1136587)
  - add workaround patch for compile time error on missing printf
    format annotation (gnu_printf.patch)
* Mon Apr 16 2018 wullinger@rz.uni-kiel.de
  - update to 4.91
    * DEFER rather than ERROR on redis cluster MOVED response.
    * Catch and remove uninitialized value warning in exiqsumm
    * Disallow '/' characters in queue names specified for the "queue=" ACL
      modifier.  This matches the restriction on the commandline.
    * Fix pgsql lookup for multiple result-tuples with a single column.
      Previously only the last row was returned.
    * Bug 2217: Tighten up the parsing of DKIM signature headers.
    * Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
    * Fix issue with continued-connections when the DNS shifts unreliably.
    * Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
    * The "support for" informational output now, which built with Content
    Scanning support, has a line for the malware scanner interfaces compiled
    in.  Interface can be individually included or not at build time.
    * The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
    by the template makefile "src/EDITME".  The "STREAM" support for an older
    ClamAV interface method is removed.
    * Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
    rows affected is given instead).
    * The runtime Berkeley DB library version is now additionally output by
    "exim -d -bV".  Previously only the compile-time version was shown.
    * Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
    SMTP connection.
    * Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
    routers.
    * Bug 2174: A timeout on connect for a callout was also erroneously seen as
    a timeout on read on a GnuTLS initiating connection, resulting in the
    initiating connection being dropped.
    * Relax results from ACL control request to enable cutthrough, in
    unsupported situations, from error to silently (except under debug)
    ignoring.
    * Fix Buffer overflow in base64d() (CVE-2018-6789)
    * Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
    metadata, resulting in a crash in free().
    * Fix broken Heimdal GSSAPI authenticator integration.
    * Bug 2113: Fix conversation closedown with the Avast malware scanner.
    * Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail ACL.
    * Speed up macro lookups during configuration file read, by skipping non-
    macro text after a replacement (previously it was only once per line) and
    by skipping builtin macros when searching for an uppercase lead character.
    * DANE support moved from Experimental to mainline.  The Makefile control
    for the build is renamed.
    * Fix memory leak during multi-message connections using STARTTLS.
    * Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
    reported the original.  Fix to report (as far as possible) the ACL
    result replacing the original.
    * Fix memory leak during multi-message connections using STARTTLS under
    OpenSSL
    * Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
    * Fix utf8_downconvert propagation through a redirect router.
    * Bug 2253: For logging delivery lines under PRDR, append the overall
    DATA response info to the (existing) per-recipient response info for
    the "C=" log element.
    * Bug 2251: Fix ldap lookups that return a single attribute having zero-
    length value.
    * Support Avast multiline protocol, this allows passing flags to
    newer versions of the scanner.
    * Ensure that variables possibly set during message acceptance are marked
      dead before release of memory in the daemon loop.
    * Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
    as a multi-recipient message from a mailinglist manager).
    * The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
    replaced by the ${authresults } expansion.
    * Bug 2257: Fix pipe transport to not use a socket-only syscall.
    * Set a handler for SIGTERM and call exit(3) if running as PID 1. This
    allows proper process termination in container environments.
    * Bug 2258: Fix spool_wireformat in combination with LMTP transport.
    Previously the "final dot" had a newline after it; ensure it is CR,LF.
    * SPF: remove support for the "spf" ACL condition outcome values "err_temp"
    and "err_perm", deprecated since 4.83 when the RFC-defined words
    " temperror" and "permerror" were introduced.
    * Re-introduce enforcement of no cutthrough delivery on transports having
    transport-filters or DKIM-signing.
    * Cutthrough: for a final-dot response timeout (and nonunderstood responses)
    in defer=pass mode supply a 450 to the initiator.  Previously the message
      would be spooled.
    * DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
      tls_require_ciphers is used as before.
    * Malware Avast: Better match the Avast multiline protocol.
    * Fix reinitialisation of DKIM logging variable between messages.
    * Bug 2255: Revert the disable of the OpenSSL session caching.
    * Add util/renew-opendmarc-tlds.sh script for safe renewal of public
    suffix list.
    * DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
    since the IETF WG has not yet settled on that versus the original
    "bare" representation.
    * Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
    Previously the millisecond value corrupted the output.
    Fix also for syslog_pid=no and log_selector +pid, for which the pid
    corrupted the output.
* Thu Mar 15 2018 crrodriguez@opensuse.org
  - Replace xorg-x11-devel by individual pkgconfig() buildrequires.
* Tue Feb 13 2018 kbabioch@suse.com
  - update to 4.90.1
    * Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
      during configuration.  Wildcards are allowed and expanded.
    * Shorten the log line for daemon startup by collapsing adjacent sets of
      identical IP addresses on different listening ports.  Will also affect
      "exiwhat" output.
    * Tighten up the checking in isip4 (et al): dotted-quad components larger
      than 255 are no longer allowed.
    * Default openssl_options to include +no_ticket, to reduce load on peers.
      Disable the session-cache too, which might reduce our load.  Since we
      currrectly use a new context for every connection, both as server and
      client, there is no benefit for these.
    * Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
      <https://reproducible-builds.org/specs/source-date-epoch/>.
    * Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously
      the check for any unsuccessful recipients did not notice the limit, and
      erroneously found still-pending ones.
    * Pipeline CHUNKING command and data together, on kernels that support
      MSG_MORE.  Only in-clear (not on TLS connections).
    * Avoid using a temporary file during transport using dkim.  Unless a
      transport-filter is involved we can buffer the headers in memory for
      creating the signature, and read the spool data file once for the
      signature and again for transmission.
    * Enable use of sendfile in Linux builds as default.  It was disabled in
      4.77 as the kernel support then wasn't solid, having issues in 64bit
      mode.  Now, it's been long enough.  Add support for FreeBSD also.
    * Add commandline_checks_require_admin option.
    * Do pipelining under TLS.
    * For the "sock" variant of the malware scanner interface, accept an empty
      cmdline element to get the documented default one.  Previously it was
      inaccessible.
    * Prevent repeated use of -p/-oMr
    * DKIM: enforce the DNS pubkey record "h" permitted-hashes optional field,
      if present.
    * DKIM: when a message has multiple signatures matching an identity given
      in dkim_verify_signers, run the dkim acl once for each.
    * Support IDNA2008.
    * The path option on a pipe transport is now expanded before use
    * Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
  - Several bug fixes
  - Fix for buffer overflow in base64decode() (bsc#1079832 CVE-2018-6789)
  - removed patches (included upstream now):
    * exim-CVE-2017-1000369.patch
    * exim-CVE-2017-16943.patch
    * exim-CVE-2017-16944.patch
    * exim-4.86.2-mariadb_102_compile_fix.patch
* Thu Nov 30 2017 wullinger@rz.uni-kiel.de
  - add exim-CVE-2017-16944.patch:
    backport of commit 178ecb70987f024f0e775d87c2f8b2cf587dd542
    fix for CVE-2017-16944 (#bsc1069859)
* Mon Nov 27 2017 dmueller@suse.com
  - update to 4.88:
    drops fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch,
      exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch
  - remove exim4-manpages.tar.bz2: upstream does not exist anymore
  - update keyring
* Mon Nov 27 2017 kstreitova@suse.com
  - add exim-4.86.2-mariadb_102_compile_fix.patch to fix compilation
    with the mariadb 10.2 (in our case the build with libmariadb
    library from the mariadb-connector-c package)
    * upstream commits: a12400fd4493b676e71613ab429e731f777ebd1e and
    31beb7972466a33a88770eacbce13490f2ddadc2
* Mon Nov 27 2017 meissner@suse.com
  - exim-CVE-2017-16943.patch: fixed possible code execution (CVE-2017-16943 bsc#1069857)
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Mon Oct 09 2017 dimstar@opensuse.org
  - Explicitly buildrequire libnsl-devel on suse_version >= 1330:
    libnsl used to be an integrated part of glibc. Since the build
    system / makefiles explicitly reference libnsl, it is our own
    duty to ensure we have our deps in place.
* Tue Jul 04 2017 meissner@suse.com
  - specify users with ref:mail, to make them dynamic. bsc#1046971
* Mon Jun 19 2017 meissner@suse.com
  - exim-CVE-2017-1000369.patch: Fixed memory leaks that could be
    exploited to "stack crash" local privilege escalation (bsc#1044692)
  - Require user(mail) group(mail) to meet new users handling in TW.
  - Prerequire permissions (fixes rpmlint).
* Mon Apr 24 2017 wullinger@rz.uni-kiel.de
  - conditionally disable DANE on SuSE versions with OpenSSL < 1.0
  - exim-4.86.2+fixes-867e8fe25dbfb1e31493488ad695bde55b890397.patch:
    import exim-4_86_2+fixes branch
      + fix CVE-2016-1531
      when installed setuid root, allows local users to gain privileges via the perl_startup
      argument.
      + fix Bug 1805: store the initial working directory, expand $initial_cwd
      + fix Bug 1671: segfault after delivery (https://bugs.exim.org/show_bug.cgi?id=1671)
      + Don't issue env warning if env is empty
  - fix-CVE-2016-9963-31c02defdc5118834e801d4fe8f11c1d9b5ebadf.patch:
    DKIM information leakage
* Mon Apr 04 2016 e.istomin@edss.ee
  - Makefile tuning:
    + add sqlite support
      + disable WITH_OLD_DEMIME
      + enable AUTH_CYRUS_SASL
      + enable AUTH_TLS
      + enable SYSLOG_LONG_LINES
      + enable SUPPORT_PAM
      + MAX_NAMED_LIST=64
      + enable EXPERIMENTAL_DMARC
      + enable EXPERIMENTAL_EVENT
      + enable EXPERIMENTAL_PROXY
      + enable EXPERIMENTAL_CERTNAMES
      + enable EXPERIMENTAL_DSN
      + enable EXPERIMENTAL_DANE
      + enable EXPERIMENTAL_SOCKS
      + enable EXPERIMENTAL_INTERNATIONAL
* Wed Mar 02 2016 lmuelle@suse.com
  - Update to 4.86.2
    + Fix minor portability issues for *BSD and OS/X.
* Mon Feb 29 2016 lmuelle@suse.com
  - Update to 4.86.1
    + Add support for keep_environment and add_environment options;
      CVE-2016-1531; (boo#968844).
* Wed Feb 03 2016 opensuse@cboltz.de
  - Move AppArmor profile to /usr/share/apparmor/extra-profiles/, which is
    the directory for inactive profiles since AppArmor 2.9
* Fri Dec 11 2015 lmuelle@suse.com
  - Update the Exim Maintainers Keyring file 'exim.keyring'.
  - Use URL for the source line of the main tar ball.
* Fri Oct 02 2015 michal.hrusecky@opensuse.org
  - Update to 4.86
    * Support for using the system standard CA bundle.
    * New expansion items $config_file, $config_dir, containing the file
      and directory name of the main configuration file. Also $exim_version.
    * New "malware=" support for Avast.
    * New "spam=" variant option for Rspamd.
    * Assorted options on malware= and spam= scanners.
    * A commandline option to write a comment into the logfile.
    * If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can
      be configured to make connections via socks5 proxies.
    * If built with EXPERIMENTAL_INTERNATIONAL, support is included for
      the transmission of UTF-8 envelope addresses.
    * If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly
      used encoding of Maildir folder names.
    * A logging option for slow DNS lookups.
    * New ${env {<variable>}} expansion.
    * A non-SMTP authenticator using information from TLS client certificates.
    * Main option "tls_eccurve" for selecting an Elliptic Curve for TLS.
      Patch originally by Wolfgang Breyha.
    * Main option "dns_trust_aa" for trusting your local nameserver at the
      same level as DNSSEC.
  - Dropped exim-enable_ecdh_openssl.patch as included in upstream
* Wed May 06 2015 lmuelle@suse.com
  - Fix the systemd service file by not passing EXIM_ARGS as one single
    argument by removing the curly brackets (shell syntax).
* Fri Apr 17 2015 lmuelle@suse.com
  - Install fitting eximstats.conf depending on SUSE version; (bsc#926861).
  - Add attribute dir to /etc/apache2 and /etc/apache2/conf.d in the file list.
* Fri Mar 13 2015 lmuelle@suse.com
  - Replace the fixed ExecStart arguments by ${EXIM_ARGS} as defined in
    /etc/sysconfig/exim; (bsc#922145).
* Sat Jan 24 2015 lmuelle@suse.com
  - Set CFLAGS_OPT_WERROR only on post-5 CentOS and RHEL systems.
* Sat Jan 24 2015 lmuelle@suse.com
  - Drop BuildRequires xorg-x11-server-sdk for non SUSE systems in particular to
    build on RHEL 6 again.
* Sat Jan 24 2015 lmuelle@suse.com
  - Let ld know the path to mysqlclient.
* Sat Jan 24 2015 lmuelle@suse.com
  - update to 4.85
    + When running the test suite, the README says that variables such as
      no_msglog_check are global and can be placed anywhere in a specific
      test's script, however it was observed that placement needed to be near
      the beginning for it to behave that way. Changed the runtest perl
      script to read through the entire script once to detect and set these
      variables, reset to the beginning of the script, and then run through
      the script parsing/test process like normal.
    + Expand the EXPERIMENTAL_TPDA feature.  Several different events now
      cause callback expansion.
    + Bugzilla 1518: Clarify "condition" processing in routers; that
      syntax errors in an expansion can be treated as a string instead of
      logging or causing an error, due to the internal use of bool_lax
      instead of bool when processing it.
    + Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
      server certificates when making smtp deliveries.
    + Support secondary-separator specifier for MX, SRV, TLSA lookups.
    + Add ${sort {list}{condition}{extractor}} expansion item.
    + Bugzilla 1216: Add -M (related messages) option to exigrep.
    + GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
      Merged patch from Sebastian Wiedenroth.
    + Fix results-pipe from transport process.  Several recipients, combined
      with certificate use, exposed issues where response data items split
      over buffer boundaries were not parsed properly.  This eventually
      resulted in duplicates being sent.  This issue only became common enough
      to notice due to the introduction of conection certificate information,
      the item size being so much larger.  Found and fixed by Wolfgang Breyha.
    + Bug 1533: Fix truncation of items in headers_remove lists.  A fixed
      size buffer was used, resulting in syntax errors when an expansion
      exceeded it.
    + Add support for directories of certificates when compiled with a GnuTLS
      version 3.3.6 or later.
    + Rename the TPDA expermimental facility to Event Actions.  The #ifdef
      is EXPERIMENTAL_EVENT, the main-configuration and transport options
      both become "event_action", the variables become $event_name, $event_data
      and $event_defer_errno.  There is a new variable $verify_mode, usable in
      routers, transports and related events.  The tls:cert event is now also
      raised for inbound connections, if the main configuration event_action
      option is defined.
    + In test suite, disable OCSP for old versions of openssl which contained
      early OCSP support, but no stapling (appears to be less than 1.0.0).
    + When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
      server certificate names available under the smtp transport option
      "tls_verify_cert_hostname" now do not permit multi-component wildcard
      matches.
    + Time-related extraction expansions from certificates now use the main
      option "timezone" setting for output formatting, and are consistent
      between OpenSSL and GnuTLS compilations.  Bug 1541.
    + Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
      encoded parameter in the incoming message.  Bug 1558.
    + Bug 1527: Autogrow buffer used in reading spool files.  Since they now
      include certificate info, eximon was claiming there were spoolfile
      syntax errors.
    + Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
    + Log delivery-related information more consistently, using the sequence
      "H=<name> [<ip>]" wherever possible.
    + Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
      are problematic for Debian distribution, omit them from the release
      tarball.
    + Updates and fixes to the EXPERIMENTAL_DSN feature.
    + Fix string representation of time values on 64bit time_t anchitectures.
      Bug 1561.
    + Fix a null-indirection in certextract expansions when a nondefault
      output list separator was used.
* Sun Dec 21 2014 michal.hrusecky@opensuse.org
  - Enable SPF
* Sun Dec 21 2014 michal.hrusecky@opensuse.org
  - Fix service file; (boo#935601)
  - Using bcond for mysql, pgsql and ldap
  - mysql, pgsql and ldap enabled by default
* Fri Dec 05 2014 lmuelle@suse.com
  - Removed executable permission bits from exim.service file; (boo#935601).
* Wed Nov 26 2014 lmuelle@suse.com
  - Remove dependency on gpg-offline as signature checking is implemented in the
    source validator.
* Wed Nov 26 2014 lmuelle@suse.com
  - update to 4.84
    + Re-add a 'return NULL' to silence complaints from static checkers that
      were complaining about end of non-void function with no return;
      (beo#1506); obsoletes silence-static-checkers.patch.
    + Fix parsing of quoted parameter values in MIME headers.
      This was a regression intruduced in 4.83 by another bugfix; (beo#1513).
    + Fix broken compilation when EXPERIMENTAL_DSN is enabled.
    + Fix exipick for enhanced spoolfile specification used when
      EXPERIMENTAL_DNS is enabled; (beo#1509).

Files

/usr/bin/eximon
/usr/bin/eximon.bin


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 19:51:39 2024