Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: exim | Distribution: openSUSE Tumbleweed |
Version: 4.98 | Vendor: openSUSE |
Release: 1.1 | Build date: Mon Jul 15 18:26:58 2024 |
Group: Productivity/Networking/Email/Servers | Build host: reproducible |
Size: 3417281 | Source RPM: exim-4.98-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://www.exim.org/ | |
Summary: The Exim Mail Transfer Agent, a Replacement for sendmail |
Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style, it is similar to Smail 3, but its facilities are more extensive. In particular, it has options for verifying incoming sender and recipient addresses, for refusing mail from specified hosts, networks, or senders, and for controlling mail relaying.
GPL-2.0-or-later
* Mon Jul 15 2024 Dirk Müller <dmueller@suse.com> - update to 4.98 (bsc#1227423, CVE-2024-39929): * The dkim_status ACL condition may now be used in data ACLs * The dkim_verbose logging control also enables logging of signing * The dkim_timestamps signing option now accepts zero to include a current timestamp but no expiry timestamp. * The recipients_max main option is now expanded. * Setting variables for "exim -be" can set a tainted value. * A dns:fail event. * The dsearch lookup supports search for a sub-path. * Include mailtest utility for simple connection checking. * Add SMTP WELLKNOWN extension. * Thu Feb 22 2024 Dominique Leuenberger <dimstar@opensuse.org> - Use %patch -P N instead of deprecated %patchN. * Sat Dec 30 2023 Dirk Müller <dmueller@suse.com> - update to 4.97.1 (bsc#1218387, CVE-2023-51766): * Fixes for the smtp protocol smuggling (CVE-2023-51766) * Tue Nov 07 2023 Peter Wullinger <wullinger@rz.uni-kiel.de> - update to exim 4.97 * remove patch-no-exit-on-rewrite-malformed-address.patch (upstreamed) * Mon Oct 16 2023 Peter Wullinger <wullinger@rz.uni-kiel.de> - security update to exim 4.96.2 * fixes CVE-2023-42117 (bsc#1215787) * fixes CVE-2023-42119 (bsc#1215789) * Mon Oct 02 2023 Peter Wullinger <wullinger@rz.uni-kiel.de> - security update to exim 4.96.1 * fixes CVE-2023-42114 (bsc#1215784) * fixes CVE-2023-42115 (bsc#1215785) * fixes CVE-2023-42116 (bsc#1215786) * Tue Mar 28 2023 Peter Wullinger <wullinger@rz.uni-kiel.de> - enable sender rewriting support (SUPPORT_SRS) * Wed Jan 25 2023 Thorsten Kukuk <kukuk@suse.com> - Don't build the NIS module anymore, libnsl/NIS are deprecated * Tue Oct 18 2022 Peter Wullinger <wullinger@rz.uni-kiel.de> - add patch-cve-2022-3559 (fixes CVE-2022-3559, bsc#1204427, Bug 2915) * Thu Sep 29 2022 Peter Wullinger <wullinger@rz.uni-kiel.de> - add (patch-no-exit-on-rewrite-malformed-address.patch) Fix exit on attempt to rewrite a malformed address (Bug 2903) * Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de> - Own /var/spool/mail (boo#1179574) * Thu Sep 01 2022 Stefan Schubert <schubi@suse.com> - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. * Wed Jun 29 2022 Stefan Schubert <schubi@suse.com> - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. * Mon Jun 27 2022 Peter Wullinger <wullinger@rz.uni-kiel.de> - update to exim 4.96 * Move from using the pcre library to pcre2. * Constification work in the filters module required a major version bump for the local-scan API. Specifically, the "headers_charset" global which is visible via the API is now const and may therefore not be modified by local-scan code. * Bug 2819: speed up command-line messages being read in. Previously a time check was being done for every character; replace that with one per buffer. * Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string sent was prefixed with a length byte. * Change the SMTP feature name for pipelining connect to be compliant with RFC 5321. Previously Dovecot (at least) would log errors during submission. * Fix macro-definition during "-be" expansion testing. The move to write-protected store for macros had not accounted for these runtime additions; fix by removing this protection for "-be" mode. * Convert all uses of select() to poll(). * Fix use of $sender_host_name in daemon process. When used in certain main-section options or in a connect ACL, the value from the first ever connection was never replaced for subsequent connections. * Bug 2838: Fix for i32lp64 hard-align platforms * Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value with underbars is given. * Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters. * Debugging initiated by an ACL control now continues through into routing and transport processes. * The "expand" debug selector now gives more detail, specifically on the result of expansion operators and items. * Bug 2751: Fix include_directory in redirect routers. Previously a bad comparison between the option value and the name of the file to be included was done, and a mismatch was wrongly identified. * Support for Berkeley DB versions 1 and 2 is withdrawn. * When built with NDBM for hints DB's check for nonexistence of a name supplied as the db file-pair basename. * Remove the "allow_insecure_tainted_data" main config option and the "taint" log_selector. * Fix static address-list lookups to properly return the matched item. Previously only the domain part was returned. * The ${run} expansion item now expands its command string elements after splitting. Previously it was before; the new ordering makes handling zero-length arguments simpler. * Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted. * Fix CHUNKING on a continued-transport. Previously the usabilility of the facility was not passed across execs, and only the first message passed over a connection could use BDAT; any further ones using DATA. * Support the PIPECONNECT facility in the smtp transport when the helo_data uses $sending_ip_address and an interface is specified. * OpenSSL: fix transport-required OCSP stapling verification under session resumption. * TLS resumption: the key for session lookup in the client now includes more info that a server could potentially use in configuring a TLS session, avoiding oferring mismatching sessions to such a server. * Fix string_copyn() for limit greater than actual string length. * Bug 2886: GnuTLS: Do not free the cached creds on transport connection close; it may be needed for a subsequent connection. * Fix CHUNKING for a second message on a connection when the first was rejected. * Fix ${srs_encode ...} to handle an empty sender address, now returning an empty address. * Bug 2855: Handle a v4mapped sender address given us by a frontending proxy. * Wed Jan 19 2022 Peter Wullinger <wullinger@rz.uni-kiel.de> - disable ProtectHome=, it prevents local delivery (bsc#1194810) * Wed Sep 29 2021 Peter Wullinger <wullinger@rz.uni-kiel.de> - update to exim 4.95 * includes taintwarn (taintwarn.patch) * fast-ramp queue run * native SRS * TLS resumption * LMDB lookups with single key * smtp transport option "message_linelength_limit" * optionally ignore lookup caches * quota checking for appendfile transport during message reception * sqlite lookups allow a "file=<path>" option * lsearch lookups allow a "ret=full" option * command line option for the notifier socket * faster TLS startup * new main config option "proxy_protocol_timeout" * expand "smtp_accept_max_per_connection" * log selector "queue_size_exclusive" * main config option "smtp_backlog_monitor" * main config option "hosts_require_helo" * main config option "allow_insecure_tainted_data" * Tue Sep 14 2021 Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Modified: * exim.service * Thu Jul 08 2021 Steve Kowalik <steven.kowalik@suse.com> - Update eximstats-html-update.py to run under Python 3. * Mon May 17 2021 wullinger@rz.uni-kiel.de - add exim-4.94.2+fixes and taintwarn patches (taintwarn.patch) * Tue May 04 2021 wullinger@rz.uni-kiel.de - update to exim-4.94.2 security update (bsc#1185631) * CVE-2020-28007: Link attack in Exim's log directory * CVE-2020-28008: Assorted attacks in Exim's spool directory * CVE-2020-28014: Arbitrary PID file creation * CVE-2020-28011: Heap buffer overflow in queue_run() * CVE-2020-28010: Heap out-of-bounds write in main() * CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() * CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() * CVE-2020-28015: New-line injection into spool header file (local) * CVE-2020-28012: Missing close-on-exec flag for privileged pipe * CVE-2020-28009: Integer overflow in get_stdinput() * CVE-2020-28017: Integer overflow in receive_add_recipient() * CVE-2020-28020: Integer overflow in receive_msg() * CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() * CVE-2020-28021: New-line injection into spool header file (remote) * CVE-2020-28022: Heap out-of-bounds read and write in extract_option() * CVE-2020-28026: Line truncation and injection in spool_read_header() * CVE-2020-28019: Failure to reset function pointer after BDAT error * CVE-2020-28024: Heap buffer underflow in smtp_ungetc() * CVE-2020-28018: Use-after-free in tls-openssl.c * CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() * Wed Apr 28 2021 wullinger@rz.uni-kiel.de - update to exim-4.94.1 * Fix security issue in BDAT state confusion. Ensure we reset known-good where we know we need to not be reading BDAT data, as a general case fix, and move the places where we switch to BDAT mode until after various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys. * Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT) * Fix security issue with too many recipients on a message (to remove a known security problem if someone does set recipients_max to unlimited, or if local additions add to the recipient list). Fixes CVE-2020-RCPTL reported by Qualys. * Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase() * Fix security issue CVE-2020-PFPSN and guard against cmdline invoker providing a particularly obnoxious sender full name. * Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX better.
/etc/exim /usr/bin/mailq /usr/bin/newaliases /usr/bin/rsmtp /usr/bin/runq /usr/etc/logrotate.d/exim /usr/lib/sendmail /usr/lib/systemd/system/exim.service /usr/sbin/exicyclog /usr/sbin/exigrep /usr/sbin/exim /usr/sbin/exim_checkaccess /usr/sbin/exim_dbmbuild /usr/sbin/exim_dumpdb /usr/sbin/exim_fixdb /usr/sbin/exim_id_update /usr/sbin/exim_lock /usr/sbin/exim_msgdate /usr/sbin/exim_tidydb /usr/sbin/eximstats /usr/sbin/exinext /usr/sbin/exipick /usr/sbin/exiqgrep /usr/sbin/exiqsumm /usr/sbin/exiwhat /usr/sbin/rcexim /usr/sbin/sendmail /usr/share/apparmor /usr/share/apparmor/extra-profiles /usr/share/apparmor/extra-profiles/usr.sbin.exim /usr/share/doc/packages/exim /usr/share/doc/packages/exim/ACKNOWLEDGMENTS /usr/share/doc/packages/exim/CHANGES /usr/share/doc/packages/exim/NOTICE /usr/share/doc/packages/exim/README /usr/share/doc/packages/exim/README.UPDATING /usr/share/doc/packages/exim/configure.default /usr/share/doc/packages/exim/convert4r3 /usr/share/doc/packages/exim/convert4r4 /usr/share/doc/packages/exim/doc /usr/share/doc/packages/exim/doc/ChangeLog /usr/share/doc/packages/exim/doc/DANE-draft-notes /usr/share/doc/packages/exim/doc/Exim3.upgrade /usr/share/doc/packages/exim/doc/Exim4.upgrade /usr/share/doc/packages/exim/doc/GnuTLS-FAQ.txt.gz /usr/share/doc/packages/exim/doc/NewStuff /usr/share/doc/packages/exim/doc/OptionLists.txt.gz /usr/share/doc/packages/exim/doc/README /usr/share/doc/packages/exim/doc/README.SIEVE /usr/share/doc/packages/exim/doc/cve-2016-9663 /usr/share/doc/packages/exim/doc/cve-2019-13917 /usr/share/doc/packages/exim/doc/cve-2019-13917.rpmmoved /usr/share/doc/packages/exim/doc/cve-2019-15846 /usr/share/doc/packages/exim/doc/cve-2019-15846/cve.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/mitre.mbx /usr/share/doc/packages/exim/doc/cve-2019-15846/posting-0.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/posting-1.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/posting-2.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/qualys.mbx /usr/share/doc/packages/exim/doc/cve-2020-qualys /usr/share/doc/packages/exim/doc/cve-2023-51766 /usr/share/doc/packages/exim/doc/dbm.discuss.txt.gz /usr/share/doc/packages/exim/doc/experimental-spec.txt.gz /usr/share/doc/packages/exim/doc/filter.txt.gz /usr/share/doc/packages/exim/doc/id-wellknown.txt.gz /usr/share/doc/packages/exim/doc/openssl.txt.gz /usr/share/doc/packages/exim/doc/spec.txt.gz /usr/share/doc/packages/exim/util /usr/share/doc/packages/exim/util/.gitignore /usr/share/doc/packages/exim/util/README /usr/share/doc/packages/exim/util/chunking_fixqueue_finalnewlines.pl /usr/share/doc/packages/exim/util/cramtest.pl /usr/share/doc/packages/exim/util/gen_pkcs3.c /usr/share/doc/packages/exim/util/logargs.sh /usr/share/doc/packages/exim/util/mailtest /usr/share/doc/packages/exim/util/mkcdb.pl /usr/share/doc/packages/exim/util/ocsp_fetch.pl /usr/share/doc/packages/exim/util/proxy_protocol_client.pl /usr/share/doc/packages/exim/util/ratelimit.pl /usr/share/doc/packages/exim/util/renew-opendmarc-tlds.sh /usr/share/doc/packages/exim/util/unknownuser.sh /usr/share/fillup-templates/sysconfig.exim /usr/share/licenses/exim /usr/share/licenses/exim/LICENCE /usr/share/man/man8/exim.8.gz /usr/share/man/man8/exim_db.8.gz /usr/share/man/man8/exim_dumpdb.8.gz /usr/share/man/man8/exim_fixdb.8.gz /usr/share/man/man8/exim_tidydb.8.gz /usr/share/man/man8/eximstats.8.gz /usr/share/man/man8/mailq.8.gz /usr/share/man/man8/newaliases.8.gz /usr/share/man/man8/rsmtp.8.gz /usr/share/man/man8/runq.8.gz /usr/share/man/man8/sendmail.8.gz /var/log/exim /var/mail /var/spool/mail
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 00:41:02 2024