From 7575719702427ca5550b840dfdf3abfca7e208d1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Wed, 23 Jul 2014 07:09:55 +0200 Subject: [PATCH] - up to 4.83; enable dsn, proxy; fixes CVE-2014-2957, CVE-2014-2972 --- exim-bug-659.patch | 87 ---------------------------------------------- exim.spec | 20 +++++------ 2 files changed, 10 insertions(+), 97 deletions(-) delete mode 100644 exim-bug-659.patch diff --git a/exim-bug-659.patch b/exim-bug-659.patch deleted file mode 100644 index 5bd0e49..0000000 --- a/exim-bug-659.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 83befcbcee0756af0c43f2a5f7dbed3bb5a4cd6e Mon Sep 17 00:00:00 2001 -From: Todd Lyons -Date: Sat, 12 Oct 2013 09:42:31 -0700 -Subject: [PATCH] Bug 1334: AutoDetect compression type in exigrep - -Does not use any extra perl modules. -Attempts hard coded types first, so no extra code for the standard - case. -Easy to add more compression types. ---- - src/src/exigrep.src | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 53 insertions(+) - -diff --git a/src/src/exigrep.src b/src/src/exigrep.src -index 0950b58..d22d362 100644 ---- a/src/src/exigrep.src -+++ b/src/src/exigrep.src -@@ -124,6 +124,54 @@ elsif ( ($invert && (($insensitive && !/$pattern/io) || !/$pattern/o)) || - { print "$_\n"; } - } - -+# Rotated log files are frequently compressed and there are a variety of -+# formats it could be compressed with. Rather than use just one that is -+# detected and hardcoded at Exim compile time, detect and use what the -+# logfile is compressed with on the fly. -+# -+# List of known compression extensions and their associated commands: -+my $compressors = { -+ gz => { cmd => 'zcat', args => '' }, -+ bz2 => { cmd => 'bzcat', args => '' }, -+ xz => { cmd => 'xzcat', args => '' }, -+ lzma => { cmd => 'lzma', args => '-dc' } -+}; -+my $csearch = 0; -+ -+sub detect_compressor_bin -+ { -+ my $ext = shift(); -+ my $c = $compressors->{$ext}->{cmd}; -+ $compressors->{$ext}->{bin} = `which $c 2>/dev/null`; -+ chomp($compressors->{$ext}->{bin}); -+ } -+ -+sub detect_compressor_capable -+ { -+ my $filename = shift(); -+ map { &detect_compressor_bin($_) } keys %$compressors -+ if (!$csearch); -+ $csearch = 1; -+ return undef -+ unless (grep {$filename =~ /\.(?:$_)$/} keys %$compressors); -+ # Loop through them, figure out which one it detected, -+ # and build the commandline. -+ my $cmdline = undef; -+ foreach my $ext (keys %$compressors) -+ { -+ if ($filename =~ /\.(?:$ext)$/) -+ { -+ # Just die if compressor not found; if this occurrs in the middle of -+ # two valid files with a lot of matches, error could easily be missed. -+ die("Didn't find $ext decompressor for $filename\n") -+ if ($compressors->{$ext}->{bin} eq ''); -+ $cmdline = $compressors->{$ext}->{bin} ." ". -+ $compressors->{$ext}->{args}; -+ last; -+ } -+ } -+ return $cmdline; -+ } - - # The main program. Extract the pattern and make sure any relevant characters - # are quoted if the -l flag is given. The -t flag gives a time-on-queue value -@@ -154,6 +202,11 @@ if (@ARGV) - open(LOG, "ZCAT_COMMAND $filename |") || - die "Unable to zcat $filename: $!\n"; - } -+ elsif (my $cmdline = &detect_compressor_capable($filename)) -+ { -+ open(LOG, "$cmdline $filename |") || -+ die "Unable to decompress $filename: $!\n"; -+ } - else - { - open(LOG, "<$filename") || die "Unable to open $filename: $!\n"; --- -1.7.9.5 - diff --git a/exim.spec b/exim.spec index 6b6dd1d..cf15054 100644 --- a/exim.spec +++ b/exim.spec @@ -11,7 +11,7 @@ %bcond_without dynamic # dynamic modules %bcond_without hiredis # without redis %bcond_without ocsp # without experimental OCSP -%bcond_with dsn # DSN +%bcond_without dsn # DSN %if "%{pld_release}" == "ac" # requires openssl SNI @@ -24,15 +24,15 @@ Summary: University of Cambridge Mail Transfer Agent Summary(pl.UTF-8): Agent Transferu Poczty Uniwersytetu w Cambridge Summary(pt_BR.UTF-8): Servidor de correio eletrônico exim Name: exim -Version: 4.82.1 -Release: 2 +Version: 4.83 +Release: 1 Epoch: 2 License: GPL Group: Networking/Daemons/SMTP Source0: ftp://ftp.exim.org/pub/exim/exim4/%{name}-%{version}.tar.bz2 -# Source0-md5: 4544696ce6689ba9141a0697f25a74cb +# Source0-md5: fc6790f346a50a3c87be96b335b9c8ae Source1: ftp://ftp.exim.org/pub/exim/exim4/%{name}-html-%{version}.tar.bz2 -# Source1-md5: a4aa8645868e54944c6540b3f8b798ea +# Source1-md5: f128a7f04e65ea80bb3f76e6fa3d0747 Source2: %{name}.init Source3: %{name}.cron.db Source4: %{name}4.conf @@ -58,10 +58,8 @@ Patch4: %{name}4-Makefile-Default.patch # http://marc.merlins.org/linux/exim/files/sa-exim-cvs/localscan_dlopen_exim_4.20_or_better.patch Patch5: localscan_dlopen_%{name}_4.20_or_better.patch -# http://sourceforge.net/projects/eximdsn/ -Patch7: %{name}_463_dsn_1_3.patch Patch8: %{name}-spam-timeout.patch -Patch9: exim-bug-659.patch + Patch10: %{name}-force-sigalrm.patch URL: http://www.exim.org/ %{?with_sasl:BuildRequires: cyrus-sasl-devel >= 2.1.0} @@ -178,9 +176,8 @@ Pliki nagłówkowe dla Exima. %patch4 -p1 %patch5 -p1 -%{?with_dsn:%patch7 -p1} %patch8 -p1 -%patch9 -p2 + %patch10 -p1 install %{SOURCE14} doc/config.samples.tar.bz2 @@ -198,6 +195,9 @@ SUPPORT_DSN=yes EXPERIMENTAL_DCC=yes EXPERIMENTAL_PRDR=yes EXPERIMENTAL_TPDA=yes +EXPERIMENTAL_PROXY=yes +EXPERIMENTAL_CERTNAMES=yes +%{?with_dsn:EXPERIMENTAL_DSN=yes} %{?with_ocsp:EXPERIMENTAL_OCSP=yes} %if %{with spf} EXPERIMENTAL_SPF=yes -- 2.43.0