| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: exim | Distribution: openSUSE:Factory:zSystems |
| Version: 4.97.1 | Vendor: openSUSE |
| Release: 2.2 | Build date: Thu Feb 22 12:32:13 2024 |
| Group: Productivity/Networking/Email/Servers | Build host: reproducible |
| Size: 3595087 | Source RPM: exim-4.97.1-2.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.exim.org/ | |
| Summary: The Exim Mail Transfer Agent, a Replacement for sendmail | |
Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style, it is similar to Smail 3, but its facilities are more extensive. In particular, it has options for verifying incoming sender and recipient addresses, for refusing mail from specified hosts, networks, or senders, and for controlling mail relaying.
GPL-2.0-or-later
* Thu Feb 22 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Sat Dec 30 2023 Dirk Müller <dmueller@suse.com>
- update to 4.97.1 (bsc#1218387, CVE-2023-51766):
* Fixes for the smtp protocol smuggling (CVE-2023-51766)
* Tue Nov 07 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
- update to exim 4.97
* remove patch-no-exit-on-rewrite-malformed-address.patch (upstreamed)
* Mon Oct 16 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
- security update to exim 4.96.2
* fixes CVE-2023-42117 (bsc#1215787)
* fixes CVE-2023-42119 (bsc#1215789)
* Mon Oct 02 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
- security update to exim 4.96.1
* fixes CVE-2023-42114 (bsc#1215784)
* fixes CVE-2023-42115 (bsc#1215785)
* fixes CVE-2023-42116 (bsc#1215786)
* Tue Mar 28 2023 Peter Wullinger <wullinger@rz.uni-kiel.de>
- enable sender rewriting support (SUPPORT_SRS)
* Wed Jan 25 2023 Thorsten Kukuk <kukuk@suse.com>
- Don't build the NIS module anymore, libnsl/NIS are deprecated
* Tue Oct 18 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
- add patch-cve-2022-3559 (fixes CVE-2022-3559, bsc#1204427, Bug 2915)
* Thu Sep 29 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
- add (patch-no-exit-on-rewrite-malformed-address.patch)
Fix exit on attempt to rewrite a malformed address (Bug 2903)
* Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de>
- Own /var/spool/mail (boo#1179574)
* Thu Sep 01 2022 Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
* Wed Jun 29 2022 Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
* Mon Jun 27 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
- update to exim 4.96
* Move from using the pcre library to pcre2.
* Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the "headers_charset"
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
* Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
* Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
* Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
* Fix macro-definition during "-be" expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for "-be" mode.
* Convert all uses of select() to poll().
* Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections.
* Bug 2838: Fix for i32lp64 hard-align platforms
* Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given.
* Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
* Debugging initiated by an ACL control now continues through into routing
and transport processes.
* The "expand" debug selector now gives more detail, specifically on the
result of expansion operators and items.
* Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
* Support for Berkeley DB versions 1 and 2 is withdrawn.
* When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename.
* Remove the "allow_insecure_tainted_data" main config option and the
"taint" log_selector.
* Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
* The ${run} expansion item now expands its command string elements after
splitting. Previously it was before; the new ordering makes handling
zero-length arguments simpler.
* Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
* Fix CHUNKING on a continued-transport. Previously the usabilility of
the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
* Support the PIPECONNECT facility in the smtp transport when the helo_data
uses $sending_ip_address and an interface is specified.
* OpenSSL: fix transport-required OCSP stapling verification under session
resumption.
* TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
* Fix string_copyn() for limit greater than actual string length.
* Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection.
* Fix CHUNKING for a second message on a connection when the first was
rejected.
* Fix ${srs_encode ...} to handle an empty sender address, now returning
an empty address.
* Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy.
* Wed Jan 19 2022 Peter Wullinger <wullinger@rz.uni-kiel.de>
- disable ProtectHome=, it prevents local delivery (bsc#1194810)
* Wed Sep 29 2021 Peter Wullinger <wullinger@rz.uni-kiel.de>
- update to exim 4.95
* includes taintwarn (taintwarn.patch)
* fast-ramp queue run
* native SRS
* TLS resumption
* LMDB lookups with single key
* smtp transport option "message_linelength_limit"
* optionally ignore lookup caches
* quota checking for appendfile transport during message reception
* sqlite lookups allow a "file=<path>" option
* lsearch lookups allow a "ret=full" option
* command line option for the notifier socket
* faster TLS startup
* new main config option "proxy_protocol_timeout"
* expand "smtp_accept_max_per_connection"
* log selector "queue_size_exclusive"
* main config option "smtp_backlog_monitor"
* main config option "hosts_require_helo"
* main config option "allow_insecure_tainted_data"
* Tue Sep 14 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* exim.service
* Thu Jul 08 2021 Steve Kowalik <steven.kowalik@suse.com>
- Update eximstats-html-update.py to run under Python 3.
* Mon May 17 2021 wullinger@rz.uni-kiel.de
- add exim-4.94.2+fixes and taintwarn patches (taintwarn.patch)
* Tue May 04 2021 wullinger@rz.uni-kiel.de
- update to exim-4.94.2
security update (bsc#1185631)
* CVE-2020-28007: Link attack in Exim's log directory
* CVE-2020-28008: Assorted attacks in Exim's spool directory
* CVE-2020-28014: Arbitrary PID file creation
* CVE-2020-28011: Heap buffer overflow in queue_run()
* CVE-2020-28010: Heap out-of-bounds write in main()
* CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
* CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
* CVE-2020-28015: New-line injection into spool header file (local)
* CVE-2020-28012: Missing close-on-exec flag for privileged pipe
* CVE-2020-28009: Integer overflow in get_stdinput()
* CVE-2020-28017: Integer overflow in receive_add_recipient()
* CVE-2020-28020: Integer overflow in receive_msg()
* CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
* CVE-2020-28021: New-line injection into spool header file (remote)
* CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
* CVE-2020-28026: Line truncation and injection in spool_read_header()
* CVE-2020-28019: Failure to reset function pointer after BDAT error
* CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
* CVE-2020-28018: Use-after-free in tls-openssl.c
* CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
* Wed Apr 28 2021 wullinger@rz.uni-kiel.de
- update to exim-4.94.1
* Fix security issue in BDAT state confusion.
Ensure we reset known-good where we know we need to not be reading BDAT
data, as a general case fix, and move the places where we switch to BDAT
mode until after various protocol state checks.
Fixes CVE-2020-BDATA reported by Qualys.
* Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
* Fix security issue with too many recipients on a message (to remove a
known security problem if someone does set recipients_max to unlimited,
or if local additions add to the recipient list).
Fixes CVE-2020-RCPTL reported by Qualys.
* Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in parse_fix_phrase()
* Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
providing a particularly obnoxious sender full name.
* Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better.
/etc/exim /usr/bin/mailq /usr/bin/newaliases /usr/bin/rsmtp /usr/bin/runq /usr/etc/logrotate.d/exim /usr/lib/sendmail /usr/lib/systemd/system/exim.service /usr/sbin/exicyclog /usr/sbin/exigrep /usr/sbin/exim /usr/sbin/exim_checkaccess /usr/sbin/exim_dbmbuild /usr/sbin/exim_dumpdb /usr/sbin/exim_fixdb /usr/sbin/exim_id_update /usr/sbin/exim_lock /usr/sbin/exim_msgdate /usr/sbin/exim_tidydb /usr/sbin/eximstats /usr/sbin/exinext /usr/sbin/exipick /usr/sbin/exiqgrep /usr/sbin/exiqsumm /usr/sbin/exiwhat /usr/sbin/rcexim /usr/sbin/sendmail /usr/share/apparmor /usr/share/apparmor/extra-profiles /usr/share/apparmor/extra-profiles/usr.sbin.exim /usr/share/doc/packages/exim /usr/share/doc/packages/exim/ACKNOWLEDGMENTS /usr/share/doc/packages/exim/CHANGES /usr/share/doc/packages/exim/NOTICE /usr/share/doc/packages/exim/README /usr/share/doc/packages/exim/README.UPDATING /usr/share/doc/packages/exim/configure.default /usr/share/doc/packages/exim/convert4r3 /usr/share/doc/packages/exim/convert4r4 /usr/share/doc/packages/exim/doc /usr/share/doc/packages/exim/doc/ChangeLog /usr/share/doc/packages/exim/doc/DANE-draft-notes /usr/share/doc/packages/exim/doc/Exim3.upgrade /usr/share/doc/packages/exim/doc/Exim4.upgrade /usr/share/doc/packages/exim/doc/GnuTLS-FAQ.txt.gz /usr/share/doc/packages/exim/doc/NewStuff /usr/share/doc/packages/exim/doc/OptionLists.txt.gz /usr/share/doc/packages/exim/doc/README /usr/share/doc/packages/exim/doc/README.SIEVE /usr/share/doc/packages/exim/doc/cve-2016-9663 /usr/share/doc/packages/exim/doc/cve-2019-13917 /usr/share/doc/packages/exim/doc/cve-2019-13917.rpmmoved /usr/share/doc/packages/exim/doc/cve-2019-15846 /usr/share/doc/packages/exim/doc/cve-2019-15846/cve.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/mitre.mbx /usr/share/doc/packages/exim/doc/cve-2019-15846/posting-0.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/posting-1.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/posting-2.txt /usr/share/doc/packages/exim/doc/cve-2019-15846/qualys.mbx /usr/share/doc/packages/exim/doc/cve-2020-qualys /usr/share/doc/packages/exim/doc/cve-2023-51766 /usr/share/doc/packages/exim/doc/dbm.discuss.txt.gz /usr/share/doc/packages/exim/doc/experimental-spec.txt.gz /usr/share/doc/packages/exim/doc/filter.txt.gz /usr/share/doc/packages/exim/doc/openssl.txt.gz /usr/share/doc/packages/exim/doc/spec.txt.gz /usr/share/doc/packages/exim/util /usr/share/doc/packages/exim/util/.gitignore /usr/share/doc/packages/exim/util/README /usr/share/doc/packages/exim/util/chunking_fixqueue_finalnewlines.pl /usr/share/doc/packages/exim/util/cramtest.pl /usr/share/doc/packages/exim/util/gen_pkcs3.c /usr/share/doc/packages/exim/util/logargs.sh /usr/share/doc/packages/exim/util/mkcdb.pl /usr/share/doc/packages/exim/util/ocsp_fetch.pl /usr/share/doc/packages/exim/util/proxy_protocol_client.pl /usr/share/doc/packages/exim/util/ratelimit.pl /usr/share/doc/packages/exim/util/renew-opendmarc-tlds.sh /usr/share/doc/packages/exim/util/unknownuser.sh /usr/share/fillup-templates/sysconfig.exim /usr/share/licenses/exim /usr/share/licenses/exim/LICENCE /usr/share/man/man8/exim.8.gz /usr/share/man/man8/exim_db.8.gz /usr/share/man/man8/exim_dumpdb.8.gz /usr/share/man/man8/exim_fixdb.8.gz /usr/share/man/man8/exim_tidydb.8.gz /usr/share/man/man8/eximstats.8.gz /usr/share/man/man8/mailq.8.gz /usr/share/man/man8/newaliases.8.gz /usr/share/man/man8/rsmtp.8.gz /usr/share/man/man8/runq.8.gz /usr/share/man/man8/sendmail.8.gz /var/log/exim /var/mail /var/spool/mail
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Apr 29 23:50:01 2024