Import Debian changes 4.89-2+deb9u3~bpo8+1 exim4 (4.89-2+deb9u3~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. * b-d on libmysqlclient-dev | libmysqlclient15-dev instead of default-libmysqlclient-dev. exim4 (4.89-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000) exim4 (4.89-2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Avoid release of store if there have been later allocations (CVE-2017-16943) (Closes: #882648) * Chunking: do not treat the first lonely dot special (CVE-2017-16944) (Closes: #882671) exim4 (4.89-2+deb9u1) stretch-security; urgency=medium * CVE-2017-100369 exim4 (4.89-2) unstable; urgency=medium * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to initscript (#844178). It breaks when the initscript does not start a daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). Closes: #860317 * When reporting bugs also attach /etc/default/exim4 by default. exim4 (4.89-1) unstable; urgency=medium * Enable inbound (server-side) proxying for -heavy. Closes: #856712 * New upstream release, source identical to RC7. exim4 (4.89~RC7-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC6-1) unstable; urgency=medium * Document E4BCD_PANICLOG_LINES in README.Debian. * New upstream version. exim4 (4.89~RC5-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC4-1) unstable; urgency=medium * New upstream version. + Drop 92_CVE-2016-1238.diff. * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile while we are changing the init script. exim4 (4.89~RC3-1) unstable; urgency=medium * New upstream version. + Unfuzz 92_CVE-2016-1238.diff. * init file: + Source /etc/default/exim4 *before* defining the shell variables holding the pidfilenames. Overriding these via /etc/default/exim4 is not supported. + Add missing support for reload when QUEUERUNNER='queueonly'. + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way $PIDFILE is used for the main exim process for all available QUEUERUNNER choices. + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd interaction. systemd-sysv-generator uses this pseudoheader to set PIDFile in the generated service file and it also sets RemainAfterExit=no instead of yes if it is present. Thanks, Michael Biebl for suggestion and explanation. Closes: #844178 exim4 (4.89~RC2-1) unstable; urgency=medium * New upstream version. + Drop 75_add_bak_spec.txt.diff. exim4 (4.89~RC1-1) unstable; urgency=low * Refresh debian/upstream/signing-key.asc. * New upstream bugfix release. + Drop superfluous patches. 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + Unfuzz 31_eximmanpage.dpatch and 78_Disable-chunking-BDAT-by-default.patch. + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc tarball. + Unfuzz debian/EDITME.exim4-*. + Update debian/example.conf.md5. - Upstream typo fix. exim4 (4.88-5) unstable; urgency=medium * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty. This is a Debian specific change, we are right before the freeze and BDAT needs a little time. exim4 (4.88-4) unstable; urgency=medium * Upload to unstable. exim4 (4.88-3) experimental; urgency=medium * Pull multiple patches from upstream GIT: + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch (Thanks, Bart Noordervliet for the pointer) Closes: #850175 exim4 (4.88-2) unstable; urgency=medium * Upload to unstable. exim4 (4.88-1) experimental; urgency=medium * New upstream version. * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to testing. * Drop 75_Fix-DKIM-information-leakage.patch. exim4 (4.88~RC6-2) unstable; urgency=high * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA physical line limit check for both for SMTP DATA ACL and remote_smtp* transports. Closes: #828801 Also update corresponding NEWS entry. * [lintian] debian/changelog: s/lenght/length/ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM information leakage issue CVE-2016-9963. exim4 (4.88~RC6-1) unstable; urgency=low * New upstream version. exim4 (4.88~RC5-1) unstable; urgency=low * New upstream version. + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. exim4 (4.88~RC4-2) unstable; urgency=low * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream GIT to fix exim bug 1914 (exim doesn't close connection after quit. * Upload to unstable. exim4 (4.88~RC4-1) experimental; urgency=low * New upstream version. exim4 (4.88~RC3-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-check-for-commandline-macro-definition.patch 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. exim4 (4.88~RC2-3) experimental; urgency=medium * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on every upgrade. * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix longstanding bug with aborted TLS server connection handling. Under GnuTLS, when a session startup failed (eg because the client disconnected) Exim did stdio operations after fclose. This was exposed by a recent change which nulled out the file handle after the fclose. exim4 (4.88~RC2-2) experimental; urgency=medium * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission problems on commandline mail submission. Closes: #840355 exim4 (4.88~RC2-1) experimental; urgency=low * New upstream version. + Changed default Diffie-Hellman parameters to be Exim-specific, created by Phil Pennock. Added RFC7919 DH primes as an alternative. Closes: #839978 * Set tls_dhparam = historic to use site-specific DH parameters. * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in -daemon postinst. * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either by running certtool or by installing /usr/share/exim4/gnutls-params-2048. Do not try to use openssl dhparam, it takes too long. exim4 (4.88~RC1-1) experimental; urgency=low * Drop reference to removed (in 4.80-7) "what"-option in init script usage message. (Thanks, Calum Mackay!) Closes: #823855 * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] Closes: #832442 * [lintian] update-exim4.conf.8 - fix typo. * [lintian] Drop unused override binaries-have-file-conflict. * B-d on default-libmysqlclient-dev. * New upstream version. + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch 50_localscan_dlopen.dpatch + Drop superfluous patches. 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + Fix crash in VRFY handling when handed an unqualified name (lacking @domain). Apply the same qualification processing as RCPT. Closes: #834699 + Fix a possible security hole, wherein a process operating with the Exim UID can gain a root shell. Credit to http://www.halfdog.net/ for discovery and writeup. LP: #1580454 * [lintian] exim4-config_files.5 - fix typo. exim4 (4.87-3) unstable; urgency=medium * Pull multiple patches from upstream GIT: + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch Improved message on overlong lines in example config. + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch Fix race condition related to connection reuse. https://bugs.exim.org/show_bug.cgi?id=1810 + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch Avoid exposing passwords in log on failing ldap lookup expansion. https://bugs.exim.org/show_bug.cgi?id=165 * Copy information message on rejecting overlong lines in data ACL from upstream example configuration. Closes: #823418 * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. Closes: 821830 exim4 (4.87-2) unstable; urgency=medium * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. (Thanks, L. Guruprasad!) Closes: #821416 * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS connections (hosts_require_tls option) in remote_smtp_smarthost transport. Closes: #822174 * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It is deprecated and will be removed in 4.88. * README.Debian*: Fix minor issues found by lintian. * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 * Drop exim4-base Recommends on perl-modules. This had been unnecessary since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. exim4 (4.87-1) unstable; urgency=medium * Fix comment in conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, Jörg-Volker Peetz!) Closes: #819780 * New upstream release. exim4 (4.87~RC7-1) unstable; urgency=low * Enable SOCKS support in both -light and -heavy. Closes: #818091 * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 * New upstream version. + Drop 74_Store-the-initial-working-directory.diff, 75_String-expansions-fix-extract.patch, 76_only_warn_on_nonempty_environment.diff. + Update debian/example.conf.md5. exim4 (4.87~RC6-3) unstable; urgency=medium * Merge changelog entries for 4.86.2-1 and -2. * Upload to unstable. * Add link to CVE details to latest NEWS entry and bump its version and date to match this upload. Closes: #818349, #817244 exim4 (4.87~RC6-2) experimental; urgency=medium * 74_Store-the-initial-working-directory.diff, 76_only_warn_on_nonempty_environment.diff: Upstream followups on the CVE fix (Thanks, Heiko Schlittermann!): + Runtime warning is only generated if (and only if) keep_environment is unset and environment is nonempty. + Store the initial working directory and make it available in the new expansion variable $initial_cwd. * Merge all NEWS.Debian files into a single one, identical for all binary packages. - Different NEWS files built from a single source package is not and has not ever been supported by apt-listchanges which is the most important frontend. * Add a NEWS entry about the environment related runtime warning. exim4 (4.87~RC6-1) experimental; urgency=medium * New upstream version. * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing ${extract } string expansion for the numeric/3-string case. (Bug was introduced in 4.85.) * Set keep_environment to empty value instead of setting a minimal PATH in add_environment. exim4 (4.87~RC5-2) experimental; urgency=medium * Update debian/upstream/signing-key.asc, using the keys listed in ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds Heiko Schlittermann's key. * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 exim4 (4.87~RC5-1) experimental; urgency=medium * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying to grep in it. Closes: #814998 * New upstream version, includes the patch for CVE-2016-1531. (Local root exploit). * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.87~RC3-2) experimental; urgency=medium * README.Debian: Refer to Exim specification by chapter name instead of chapter number. Closes: #813351 * Fix some spelling errors found by lintian. * Minor debian/rules cleanup: + Restore originally intended behavior, upstream changelog is only shipped in exim4-base, symlinks to it elsewhere. + Drop workaround for #347577, fixed in debhelper 5.0.15. + Use "dh binary-arch" and "dh binary-indep" and a bunch of override targets instead of listing all dh-commands. While this is uglier and slows things down a bit it shortens debian/rules by 40 lines and has the huge benefit that we automatically use all suggested helpers in correct order. + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. + Delete unused, commented code. + Drop (exported) variable MTACONFLICTS, used only once. * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. exim4 (4.87~RC3-1) experimental; urgency=medium * Move Vcs-* from git/http to https. * [lintian] README.Debian: s/desireable/desirable/. * [lintian] README.Debian: Fix grammar error "allow + infinitive". * [lintian] exim4-config.postinst: Use which foo > /dev/null instead of [ -x /path/to/foo ]. * Update list of patches in debian/README.Debian.xml * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. * New upstream version. + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, merge this change and drop CHECK_MAIL_HELO_ISSUED macro. exim4 (4.87~RC2-1) experimental; urgency=medium * New upstream version. exim4 (4.87~RC1-1) experimental; urgency=medium * New upstream version. + Refresh patches. + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. + Sync with upstream default configuration: Check maximum (physical, i.e. before unfolding) line length in default spec file data ACL and smtp transport. Bug 1684 Closes: #797919 + HS/02 Add the Exim version string to the process info. This way exiwhat gives some more detail about the running daemon. Closes: #240883 * Override upstream's new default of tls_advertise_hosts = * if MAIN_TLS_ENABLE is not set. exim4 (4.86.2-2) unstable; urgency=high * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 exim4 (4.86.2-1) unstable; urgency=high * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream 4.86+fixes branch. * New upstream security release for CVE-2016-1531. + New options keep_environment/add_environment which are empty by default, i.e. any subprocesses start in a clean (empty) environment. + -C requires an absolute path. + Exim changes it's working directory to / right after startup. * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.86-7) unstable; urgency=medium * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from exim-4_86+fixes branch fixes another MIME ACL related crash. https://bugs.exim.org/show_bug.cgi?id=1730 exim4 (4.86-6) unstable; urgency=medium * Cleanup (actual patch is identical): Use 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from exim-4_86+fixes branch instad of 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 exim4 (4.86-5) unstable; urgency=high * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT head to avoid misaligned access in cached lookup. Closes: #803255 exim4 (4.86-4) unstable; urgency=medium * Fix documentation of lowuid_aliases router, exceptions are in CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) Closes: #799672 * fcron has been removed from Debian in 2011, stop listing it as an alternative dependency of exim4-base (Thanks, Alexandre Detiste). Closes: #798236 * Update to upstream exim-4_86+fixes branch: + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, 76_Fix-post-transport-crash.patch, 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, 78_Close-logs-after-daemon-process-exceptional-write.patch. + Add 75_0001-Fix-post-transport-crash.patch 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch * Use dh v9. exim4 (4.86-3) unstable; urgency=medium * Pull three patches from upstream git: + 75_Fix-ESMTP-MAIL-command-option-processing.patch: Corrects handling of mail-addresses with whitespace. <http://article.gmane.org/gmane.mail.exim.user/97069> + 76_Fix-post-transport-crash.patch 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch <https://bugs.exim.org/show_bug.cgi?id=1671> * Fix spelling error in copyright file. (Thanks, lintian) * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from upstream git, exim was keeping logfiles open after after a "too many connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for chasing this.) * When saving the berkeley DB version at build-time pass -P option to cpp, to prevent linebreaks. exim4 (4.86-2) unstable; urgency=high * Update exim4-config Breaks, PRDR support is was moved from being Experimental into the mainline with 4.83. Closes: #794320 exim4 (4.86-1) unstable; urgency=medium * New upstream version, identical to RC5 (except for the version string). exim4 (4.86~RC5-1) unstable; urgency=medium * New upstream version. + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. exim4 (4.86~RC4-2) unstable; urgency=medium * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), transition from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc. * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then properly fix the issue. Closes: #790616 exim4 (4.86~RC4-1) unstable; urgency=medium * unexport/undefine TZ in debian/rules for reproducible build. It would be used as default value for TIMEZONE_DEFAULT. * New upstream version. + Unfuzz 31_eximmanpage.dpatch. exim4 (4.86~RC3-2) unstable; urgency=medium * Upload to unstable. exim4 (4.86~RC3-1) experimental; urgency=medium * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug 1166671. * New upstream version. exim4 (4.86~RC2-1) experimental; urgency=medium * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control (Thanks, lintian). * New upstream version: +Drop included patches. (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) * Sync Debian config with upstream default config: + Set prdr_enable. + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to log_selector option value. exim4 (4.86~RC1-3) experimental; urgency=medium * Get time and date of latest debian/changelog entry and patch exim(on) to use these instead of __DATE__ and __TIME__. * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch from GIT to fix FTBFS on kfreebsd. exim4 (4.86~RC1-2) experimental; urgency=medium * Pull three post-release fixes from upstream GIT. (null pointer derefencing, and spam scanning defaulting to rspam mode) + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch exim4 (4.86~RC1-1) experimental; urgency=medium * New upstream release. + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, refresh patches. + Update EDITME*, enable AUTH_TLS for -heavy. + Sync Debian config with upstream default config, rfc1413 calls are now disabled by default. + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 + The spamd_address main option now supports an optional timeout value per server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 + log reason for defer, on a hostlist dns-lookup temporary error. Closes: #670035 exim4 (4.85-3) unstable; urgency=medium * Upload to unstable. exim4 (4.85-2) experimental; urgency=medium * Merge from unstable 4.84-8. + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and (<< ${source:Version}.1), at least source version, but not the next sourceful upload. Closes: #777246 + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from upstream GIT which fixes breakage of string-expansion in headers_remove commands. (Thanks Gordon Dickens, for the pointer.) - 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added here since it already part of 4.85. exim4 (4.85-1) experimental; urgency=medium * exim4-config_files.5: Escape dots in regex. (Thanks, ael) * New upstream version. exim4 (4.85~RC4-1) experimental; urgency=medium * update-exim4.conf: + Drop unused variable UPEX4C_internal_tmp. + Use tempfile(1) if the generated file will not be written to /var/lib/exim4/. + Add --check option. * init-script: On restart use update-exim4.conf --check before stopping the daemon. (This is a no-op with systemd since its sysv compat layer translates "foo restart" into "foo stop" "foo start" instead of using the init scripts restart target.) * Handle _RC in watchfile with uversionmangle. * New upstream version. + Stop repacking source, rfcs have been dropped. exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium * New upstream version. exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium * New upstream version. * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff 70_remove_exim-users_references.dpatch. exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop neither expects a mbox-style From nor an empty line add the end. (Thanks, Edward Betts) Closes: #769396 * Change the init script's restart order from { regenerate_config; stop; start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) Closes: #768874 * New upstream version. + Unfuzz 66_enlarge-dh-parameters-size.dpatch + Drop 80_mime_empty_charset.diff. * Remove rfc from upstream source and repack it.