Import Debian changes 4.92-8+deb10u3 debian debian/4.92-8+deb10u3
authorAndreas Metzler <ametzler@debian.org>
Fri, 27 Sep 2019 16:09:35 +0000 (18:09 +0200)
committerClinton Ebadi <clinton@unknownlamer.org>
Sun, 16 Feb 2020 04:07:32 +0000 (23:07 -0500)
commit01e60269815612fced0df2994079cb2081f8ff0b
treea9588046ffc852fc7ad6b3009fdcd9c20c692091
parentd1e9e98adb057fac01d3b4db6c75347e05e88263
parent2ea97746a3f65eeffb434b8e4e18815e03b61532
Import Debian changes 4.92-8+deb10u3

exim4 (4.92-8+deb10u3) buster-security; urgency=high

  * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch:
    Fix buffer overflow in string_vformat.

exim4 (4.92-8+deb10u2) buster-security; urgency=high

  * 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
    related buffer overflow. CVE-2019-15846

exim4 (4.92-8+deb10u1) buster-security; urgency=high

  * Fix remote command execution vulnerability related to
    "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006

exim4 (4.92-8) unstable; urgency=low

  * Pulled from exim-4.92+fixes branch:
    + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
      Fix expansion of $tls_out_ocsp under hosts_request_ocsp.
    + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
      When tls_verify_certificates was set to a directory instead of a file
      exim/GnuTLS would still send out the list of accepted certificates,
      This did not match documented behavior.
    + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
      The dsn_from option was not used for DSN success messages.
  * Pulled from upstream GIT master:
    + 75_14-Fix-smtp-response-timeout.patch
      Fix the timeout on smtp response to apply to the whole response instead
      of resetting for every byte received.
    + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
      https://bugs.exim.org/show_bug.cgi?id=2405
      ${eval } was broken on 32bit archs.

exim4 (4.92-7) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.92-6) experimental; urgency=medium

  * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for
    debugging sa-exim.
  * Set HAVE_LOCAL_SCAN=yes in EDITME.
  * Upload to experimental.

exim4 (4.92-5) unstable; urgency=medium

  * Improved spam-scanning example with accompaning information in
    README.Debian. Explicitly warn about adding the default SpamAssassin
    report in a header, which Closes: #774553
  * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple
    of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on
    the (working) version of the patch. Drop exim4-dev package. Add a NEWS
    entry for this change.

exim4 (4.92-4) unstable; urgency=medium

  * Another patch from exim-4.92+fixes branch:
    75_10-Harden-plaintext-authenticator.patch

exim4 (4.92-3) unstable; urgency=medium

  * Pull fixes from exim-4.92+fixes branch.
    + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch
    + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch
    + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
    + 75_08-Logging-fix-initial-listening-on-log-line.patch
    + 75_09-OpenSSL-Fix-aggregation-of-messages.patch

exim4 (4.92-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.92-1) experimental; urgency=medium

  * Point watchfile to release directory again.
  * New upstream stable release, identical to rc6 except for the version
    string.
  * Pull fixes from exim-4.92+fixes branch.
    + 75_01-Fix-json-extract-operator-for-unfound-case.patch
    + 75_02-Fix-transport-buffer-size-handling.patch
    + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch
    + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch
  * Upload to experimental while waiting for rc6 to migrate.

exim4 (4.92~RC6-1) unstable; urgency=low

  * New upstream snapshot rc6, includes
    40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch.

exim4 (4.92~RC5-2) unstable; urgency=high

  * In init script use start-stop-daemon directly instead of lsb-base's
    killproc which currently fails to pass on the executable name to s-s-d
    (921558). This broke with s-s-d 1.19.2 which (for security reasons)
    requires further filtering arguments in addition to --pidfile when the pid
    file is not owned by root. Closes: #921205

exim4 (4.92~RC5-1) unstable; urgency=medium

  * New upstream snapshot rc5.
  * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers
    was ignored.

exim4 (4.92~RC4-3) unstable; urgency=medium

  * Refresh debian/upstream/signing-key.asc from
    https://downloads.exim.org/Exim-Maintainers-Keyring.asc.
  * Drop outdated pointers to alioth package homepage from README.Debian.
  * Update exim4-config Breaks to enforce upgrade to daemon binary package
    with DANE support. Closes: #919902
  * [lintian] Minimize upstream/signing-key.asc.

exim4 (4.92~RC4-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.92~RC4-1) experimental; urgency=low

  * New upstream version.
    + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch.
    + Unfuzz patches.

exim4 (4.92~RC3-1) unstable; urgency=low

  * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from
    upstream GIT master, fixing outgoing TLS 1.3.
    https://bugs.exim.org/show_bug.cgi?id=2359
  * New upstream version.
  * Upload to unstable.

exim4 (4.92~RC2-1) experimental; urgency=low

  * New upstream version.
    + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch

exim4 (4.92~RC1-1) experimental; urgency=low

  * Update upstream/signing-key.asc from
    https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding
    96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing
    1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and
    FAA1C7F9CD077DC4304BC0C885AB833FDDC03262.
  * New upstream release candidate:
    + Point watchfile to test subdir.
    + Update watchfile to handle -RC1 in addition to _RC1.
    + Drop 75_fixes*.patch.
    + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch
    + Update configuration from upstream example, except for
      tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport:
      * Enable dns_dnssec_ok.
      * Set dnssec_request_domains = * on dnslookup and
        dnslookup_relay_to_domains routers.
      * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp
        transport unless REMOTE_SMTP_DISABLE_DANE is set.
      * Set multi_domain on remote_smtp_smarthost transport.
  * Post release updates:
    + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch

exim4 (4.91-9) unstable; urgency=low

  * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back
    autodeleted comments.
  * Update from exim-4_91+fixes branch:
    + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch
    + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch
    + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch
    + 75_fixes_29-Fix-AUTH_GSASL-build.patch
    + 75_fixes_30-Harden-string-list-handling.patch

exim4 (4.91-8) unstable; urgency=low

  [ Andreas Metzler ]
  * Update from exim-4_91+fixes branch:
    + 75_fixes_18-Restore-Darwin-OS-configuration.patch
    + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch
    + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch
    + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch
    + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch
    + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch

  [ Marc Haber ]
  * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper.

exim4 (4.91-7) unstable; urgency=low

  * Update from exim-4_91+fixes branch:
    + 75_fixes_16-Fix-non-EVENTS-build.patch
    + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch

exim4 (4.91-6) unstable; urgency=low

  * Update from exim-4_91+fixes branch:
    + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch
    + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch
    + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch
  * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck.
    (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS)

exim4 (4.91-5) unstable; urgency=medium

  * Update from exim-4_91+fixes branch:
    + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch
    + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch
    + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch

exim4 (4.91-4) unstable; urgency=medium

  * Update from exim-4_91+fixes branch:
    + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch
    + 75_fixes_07-tidying.patch
    + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch
    + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch
  * [lintian] Delete trailing empty lines in changelog.

exim4 (4.91-3) unstable; urgency=medium

  * Update from exim-4_91+fixes branch:
    + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch
    + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch
    + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch
    + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch
    + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch
    + Move 50_localscan_dlopen.dpatch to end of patch series and rename to
      90_... to preserve alphanumeric patch ordering.
  * Add log_message for local blacklists to improve log readability. (Patch by
    Dominic Hargreaves).

exim4 (4.91-2) unstable; urgency=low

  * Upload to unstable.

exim4 (4.91-1) experimental; urgency=medium

  * Point watchfile to release directory again and use downloads.exim.org
    host.
  * New upstream version.
  * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did
    not ship libgnutls-dane0.

exim4 (4.91~RC4-1) experimental; urgency=medium

  * New upstream version.

exim4 (4.91~RC3-1) experimental; urgency=medium

  * New upstream version.
  * Point vcs* to salsa.

exim4 (4.91~RC2-1) experimental; urgency=medium

  * New upstream version.
    Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch

exim4 (4.91~RC1-1) experimental; urgency=medium

  * Point watchfile to test subdirectory.
  * New upstream version:
    + Drop debian/patches/75_*.
    + Update example.conf.md5.
      Upstream now enables verify = header_syntax check in default config,
      mirror this change in Debian, introduce
      NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this.
  * Build with newly available (well, for GnuTLS) DANE support.
  * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from
    upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250.

exim4 (4.90.1-5) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_15-Pipe-transport-part-two.-Bug-2257.patch
    75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch
    75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch

exim4 (4.90.1-4) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch
    75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch
    75_13-Unbreak-DMARC.patch
    75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch

exim4 (4.90.1-3) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch
    75_08-Mark-variables-unused-before-release-of-store-in-the.patch
    75_09-Mark-variables-unused-before-release-of-store-in-the.patch
    75_10-Mark-variables-that-are-unused-before-release-of-sto.patch

exim4 (4.90.1-2) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch
    75_02-Fix-memory-leak-during-multi-message-reception-using.patch
    75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch
    75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch
    75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch
    75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch

exim4 (4.90.1-1) unstable; urgency=high

  * New upstream version, fixing CVE-2018-6789. Closes: #890000
    + Drop 75_*.patch.

exim4 (4.90-7) unstable; urgency=medium

  * Update from exim-4_90+fixes branch. (exim-4.90.0.27)
    + 75_21-DKIM-fix-buffer-overflow-in-verify.patch
    + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
    + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
  * Typo fixes in old patch descriptions. (Thanks, lintian!)

exim4 (4.90-6) unstable; urgency=medium

  * Update from exim-4_90+fixes branch.
    + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
    + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
      Closes: #887489
    + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
    + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch

exim4 (4.90-5) unstable; urgency=low

  * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
    exim-4_90+fixes branch.
  * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
  * [update-exim4.conf] stop converting variables set to an empty value in
    /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
    "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972

exim4 (4.90-4) unstable; urgency=low

  * Update from exim-4_90+fixes branch.
    75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
    75_14-Fix-D-string-expansion-to-not-use-millisec.patch
    75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch

exim4 (4.90-3) unstable; urgency=medium

  * Three more patches from exim-4_90+fixes branch:
    75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
    75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
    75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch

exim4 (4.90-2) unstable; urgency=medium

  * Update to exim-4_90+fixes branch:
    + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
    + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
    + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
    + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
    + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
    + 75_05-Fix-build-of-nisplus-lookup.patch
    + 75_06-Fix-const-issue-in-nisplus-lookup.patch
    + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
    + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch

exim4 (4.90-1) unstable; urgency=low

  * rc4 released as 4.90.
  * Point watchfile to release directory again.
  * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
    GIT master branch. Fix pgsql lookup for multiple result-tuples with a
    single column. Previously only the last row was returned.
    https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
  * Simplify debian/rules and make it usable with dh v10 compat. The
    fine-grained support for selecting the to be built packages (-custom with
    or without -base) was dropped. The build process is now controlled by
    attaching tasks to dh-override hooks instead of using file dependencies,
    makefile-style.  The latter broke with dh v10 due to upstream's
    build-system which always has the main targets out-of-date inter alia due
    to the compile-number feature.
  * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
    buildflags ATM.)
  * Use debhelper v10 compat.
  * Drop override_dh_strip-arch, we have had enough toolchain and
    source changes to prevent file conflicts.

exim4 (4.90~RC4-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.90~RC3-2) unstable; urgency=low

  * Upload to unstable.
  * Point homepage to https URL.

exim4 (4.90~RC3-1) experimental; urgency=medium

  * New upstream version.
    + Fix a use-after-free while reading smtp input for header lines.
      A crafted sequence of BDAT commands could result in in-use memory
      being freed.  CVE-2017-16943. Closes: #882648
    + Fix checking for leading-dot on a line during headers reading
      from SMTP input.  Previously it was always done; now only done for
      DATA and not BDAT commands.  CVE-2017-16944 Closes: #882671
  * Drop 78_Disable-chunking-BDAT-by-default.patch again.

exim4 (4.90~RC2-3) experimental; urgency=medium

  * As a workaround for the yet-unfixed security vulnerability resurrect (and
    adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
    4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
    https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html

exim4 (4.90~RC2-2) experimental; urgency=low

  * B-d on lynx, instead of lynx-cur | lynx.

exim4 (4.90~RC2-1) experimental; urgency=low

  * New upstream release candidate.
    + Unfuzz patches, drop 40_reproducible_build.diff and
      75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
    + Refresh debian/example.conf.md5, No changes to Debian's configuration
      needed, upstream added a (commented) entry to change OpenSSL ciphers.

exim4 (4.90~RC1-1) experimental; urgency=low

  * New upstream release candidate.
    + Point watchfile to test subdirectory.
    + Update 40_reproducible_build.diff
    + Drop 75_fixes*.patch and
      80_Repair-manualroute-transport-name-not-last-option.patch.
    + Unfuzz EDITME*.diff
    + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
      SOURCE_DATE_EPOCH is set.
  * Drop trailing whitespace in debian/README.source, debian/changelog and
    debian/rules. (Thanks, lintian)
  * Drop debian/README.source and outdated parts of debian/copyright.

exim4 (4.89-13) unstable; urgency=high

  * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
    from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944

exim4 (4.89-12) unstable; urgency=high

  * Sync with exim-4_89+fixes branch:
    + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
    + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
      Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
  * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.

exim4 (4.89-11) unstable; urgency=critical

  * B-d on lynx, instead of lynx-cur | lynx.

exim4 (4.89-10) unstable; urgency=critical

  * As a workaround for the yet-unfixed security vulnerability resurrect
    78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
    both incoming and outgoing BDAT/CHUNKING. #882648
    https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html

exim4 (4.89-9) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.89-8) experimental; urgency=low

  * Sync with exim-4_89+fixes branch:
    75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch
    75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch
  * Point watchfile to https site.

exim4 (4.89-7) unstable; urgency=low

  * In debian/rules' manually called update-mtaconflicts target use
    grep-aptavail instead of hard-coding /var/lib/apt/lists/.
    (Thanks, Julian Andres Klode) Closes: #874772
  * Update debian/mtalist.
  * Sync with exim-4_89+fixes branch:
    75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch
    75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch
    75_fixes_15-SOCKS-fix-unitialized-pointer.patch
    75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch.

exim4 (4.89-6) unstable; urgency=medium

  * Use "runuser --command ..." instead of "su - --command ..." in
    exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688
    (Thanks, Jakobus Sch├╝rz)
  * Sync priorities with override file: exim4{,-base,-config,-daemon-light}
    optional from standard, exim4-dev optional from extra.
  * In debian/rules when setting up the build-tree for -custom also copy
    EDITME.eximon to allow building based on EDITME.exim4-light with eximon
    building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813

exim4 (4.89-5) unstable; urgency=medium

  * Update to exim-4_89+fixes branch:
    75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch
    75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch
    (replaces 79_CVE-2017-1000369.patch)
    75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces
    81_Fix-log-line-corruption-for-DKIM-status.patch)
    75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch
    75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
    75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch
    75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
    75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch
    (CVE-2017-10140)
    75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch
    75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch
    75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch
  * Simplify debian/rules by including buildflags.mk unconditionally which was
    introduced in dpkg 1.16.1 released in October 2011.
  * Use pkg-info.mk to get package-version, upstream-version and
    SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not
    provided by pkg-info.mk.
  * [lintian] In *daemon.postinst use which certtool instead of
    [ -x /usr/bin/certtool ] to check for availablility of the command.

exim4 (4.89-4) unstable; urgency=low

  * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT
    master: Starting with 4.85 a transport name needed to specified after
    options in route_list. Closes: #865287
  * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master.
  * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by
    default.
  * Standards-Version: 4.0.0
    + Do not check for availability of invoke-rc.d, use it always and do not
      fall back to invoking the init-script directly.
    + Drop eximon menu file.
  * Migrate to automatic debug packages. Bump b-d on debhelper since
    --dbgsym-migration was introduced in debhelper 9.20160114.

exim4 (4.89-3) unstable; urgency=high

  * Re-upload to unstable.
69 files changed:
debian/EDITME.exim4-heavy.diff
debian/EDITME.exim4-light.diff
debian/EDITME.eximon.diff
debian/EDITME.openssl.exim4-light.diff
debian/README.Debian.xml
debian/changelog
debian/compat
debian/control
debian/copyright
debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
debian/debconf/conf.d/acl/40_exim4-config_check_data
debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs
debian/debconf/conf.d/main/02_exim4-config_options
debian/debconf/conf.d/router/200_exim4-config_primary
debian/debconf/conf.d/transport/30_exim4-config_remote_smtp
debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost
debian/debconf/update-exim4.conf
debian/e-n-if-up
debian/example.conf.md5
debian/exim4-base.cron.daily
debian/exim4-base.dirs
debian/exim4-base.docs
debian/exim4-base.examples
debian/exim4-base.exim4.init
debian/exim4-base.install
debian/exim4-base.manpages
debian/exim4-base.postrm
debian/exim4-config.dirs
debian/exim4-config.install
debian/exim4-config.links
debian/exim4-config.manpages
debian/exim4-daemon-custom.links
debian/exim4-daemon-heavy.dirs
debian/exim4-daemon-heavy.links
debian/exim4-daemon-light.links
debian/exim4-daemon-light.postinst
debian/exim4-daemon-light.prerm
debian/exim4-dev.install
debian/exim4-dev.links
debian/eximon4.dirs
debian/mtalist
debian/patches/31_eximmanpage.dpatch
debian/patches/32_exim4.dpatch
debian/patches/60_convert4r4.dpatch
debian/patches/67_unnecessaryCopt.diff
debian/patches/70_remove_exim-users_references.dpatch
debian/patches/75_01-Fix-json-extract-operator-for-unfound-case.patch
debian/patches/75_02-Fix-transport-buffer-size-handling.patch
debian/patches/75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch
debian/patches/75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch
debian/patches/75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch
debian/patches/75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch
debian/patches/75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
debian/patches/75_08-Logging-fix-initial-listening-on-log-line.patch
debian/patches/75_09-OpenSSL-Fix-aggregation-of-messages.patch
debian/patches/75_10-Harden-plaintext-authenticator.patch
debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
debian/patches/75_14-Fix-smtp-response-timeout.patch
debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
debian/patches/77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch
debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
debian/patches/78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch
debian/patches/90_localscan_dlopen.dpatch
debian/patches/series
debian/rules
debian/upstream/signing-key.asc
debian/watch