X-Git-Url: http://git.hcoop.net/hcoop/debian/exim4.git/blobdiff_plain/493d55f6840d04ef186778724fc67530b1600113..0baa7b9df9e8d0188307c635776394b0db691e7d:/debian/exim4-daemon-light.NEWS diff --git a/debian/exim4-daemon-light.NEWS b/debian/exim4-daemon-light.NEWS deleted file mode 100644 index 8deea5e..0000000 --- a/debian/exim4-daemon-light.NEWS +++ /dev/null @@ -1,77 +0,0 @@ -exim4 (4.80~rc2-1) experimental; urgency=low - - Ldap lookups returning multi-valued attributes now separate the attributes - with only a comma, not a comma-space sequence. - - The GnuTLS support has been mostly rewritten. exim main configuration - options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols, - are no longer supported. (They are ignored if present now, but will trigger - an error in later releases.) Their functionality is entirely subsumed into - tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list - and is not parsed by Exim, but is instead given to gnutls_priority_init(3). - - See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details. - - -- Andreas Metzler Sat, 22 Oct 2011 19:16:58 +0200 - -exim4 (4.77~rc4-1) experimental; urgency=low - - Exim no longer performs string expansion on the second string of - the match_* expansion conditions: "match_address", "match_domain", - "match_ip" & "match_local_part". Named lists can still be used. - - The previous behavior made it too easy to create (remotely) vulnerable - configurations. A more detailed rationale and explanation can be found on - https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html - - -- Andreas Metzler Thu, 05 Oct 2011 19:22:52 +0200 - -exim4 (4.72-3) unstable; urgency=low - - Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345. - This is a privilege escalation issue that allows the exim user to gain - root privileges by specifying an alternate configuration file using the -C - option. The macro override facility (-D) might also be misused for this - purpose. - - In reaction to this security vulnerability upstream has made a number of - user visible changes. This package includes these changes. - --------------------------------------------------------- - If exim is invoked with the -C or -D option the daemon will not regain - root privileges though re-execution. This is usually necessary for local - delivery, though. Therefore it is generally not possible anymore to run an - exim daemon with -D or -C options. - - However this version of exim has been built with - TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST - defines a list of configuration files which are trusted; if a config file - is owned by root and matches a pathname in the list, then it may be - invoked by the Exim build-time user without Exim relinquishing root - privileges. - - As a hotfix to not break existing installations of mailscanner we have - also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start - exim with -DOUTGOING while being able to do local deliveries. - - If you previously were using -D switches you will need to change your - setup to use a separate configuration file. The ".include" mechanism - makes this easy. - --------------------------------------------------------- - The system filter is run as exim_user instead of root by default. If your - setup requies root privileges when running the system filter you will - need to set the system_filter_user exim main configuration option. - --------------------------------------------------------- - - -- Andreas Metzler Sat, 18 Dec 2010 18:57:16 +0100 - -exim4 (4.60-2) unstable; urgency=low - - The exim4 daemon packages now include a symlink from - /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and - init scripts if the last exim 3 you had installed was any earlier - than 3.36-5 and the conffiles from your exim 3 package are still - around. Be sure to have any exim 4 earlier than 3.36-5 _purged_ - (not removed) before installing this package. - - -- Marc Haber Wed, 24 Jan 2006 14:58:08 +0100 -