+++ /dev/null
-exim4 (4.80~rc6-1) experimental; urgency=low
-
- Upstream's handling of GnuTLS DH parameters has changed, hardcoded
- parameters (from RFCs are used by default. See
- /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
- /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
- and /var/spool/exim4/gnutls-params-2236.
-
- -- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2012 18:46:48 +0200
-
-exim4 (4.69-4) unstable; urgency=low
-
- In reaction to #475194, the size of the Diffie-Hellman parameters
- used by exim was increased to 2048, which is GnuTLS's default.
-
- Since periodically regenerating the Diffie-Hellman parameters
- doesn't increase security that much (they're sent in clear text in the
- TLS handshake, and some protocols even have hardcoded them in the
- standard document), and automatically generating 2048 bits
- Diffie-Hellman parameters can take a long time, this has been disabled
- in the Exim4 packages starting with 4.69-4. All exim installations
- will thus run with the Diffie-Hellman parameters shipped in the
- package by default.
-
- Really, really paranoid people with sufficiently fast machines will
- want to set up a cron job calling
- /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested
- interval is weekly or monthly.
-
- -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Apr 2008 09:14:32 +0200
-
-exim4 (4.30-1) unstable; urgency=low
-
- * Exim now runs under its own uid (Debian-exim) instead of using mail:mail.
-
- WARNING: You cannot downgrade this version to an older one without
- manual chown|chrgrp all files owned by Debian-exim to mail.
-
- Securitywise this is a tradeoff:
- - if exim is SUID root and runs without deliver_drop_privilege you win:
- exim's internal data in /var/spool/exim4 is not open to attacks by
- bugs in programs SGID mail (mail delivery agents like deliver or
- procmail, or MUAs like pine) anymore. This is Debian's default setup.
- - OTOH if you need to be able to make local deliveries to /var/mail and
- want to run exim with reduced priviledge you have some additional work
- to do:
- * Use an SGID MDA for the actual delivery (I suggest maildrop.)
- * Make changes to run exim4 under group mail:
- - exim_group=mail.
- - Hack: make Debian-exim a group with gid=8, i.e. an alias for
- the mail group, _before_ you make the upgrade. (groupadd -o -g 8
- Debian-exim)
-
- -- Andreas Metzler <ametzler@debian.org> Sun, 7 Dec 2003 13:59:46 +0100
-
-exim4 (4.24-1) unstable; urgency=low
-
- * This version of exim cannot run deliveries as root anymore, see change
- 5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you
- don't redirect mail for root via /etc/aliases to a nonpriviledged
- account the mail will be delivered to /var/mail/mail with permissions
- 0600 and owner mail:mail.
-
- -- Andreas Metzler <ametzler@debian.org> Fri, 3 Oct 2003 18:11:17 +0200
-
-exim4 (4.22-1) unstable; urgency=low
-
- * The way that the $h_ (and $header_) expansions work has been changed
- by the addition of RFC 2047 decoding. See the main documentation (the
- NewStuff file until release 4.30, then the manual) for full details.
-
- Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8"
-
- -- Andreas Metzler <ametzler@debian.org> Mon, 18 Aug 2003 16:51:47 +0200