Import Debian changes 4.92-8+deb10u6 exim4 (4.92-8+deb10u6) buster-security; urgency=high . * Fix several security vulnerabilities reported by Qualys and add related robustness improvements. (Originally fixed in upstream release 4.94.3 and in upstream GIT branch exim-4.92.3+fixes. (Special thanks to Heiko) + CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() + CVE-2020-28018: Use-after-free in tls-openssl.c + CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() + CVE-2020-28010: Heap out-of-bounds write in main() + CVE-2020-28011: Heap buffer overflow in queue_run() + CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() + CVE-2020-28017: Integer overflow in receive_add_recipient() + CVE-2020-28022: Heap out-of-bounds read and write in extract_option() + CVE-2020-28026: Line truncation and injection in spool_read_header() + CVE-2020-28015 and CVE-2020-28021: New-line injection into spool header file. + CVE-2020-28009: Integer overflow in get_stdinput() + CVE-2020-28024: Heap buffer underflow in smtp_ungetc() + CVE-2020-28012: Missing close-on-exec flag for privileged pipe + CVE-2020-28019: Failure to reset function pointer after BDAT error + CVE-2020-28007: Link attack in Exim's log directory + CVE-2020-28008: Assorted attacks in Exim's spool directory + CVE-2020-28014, CVE-2021-27216: Arbitrary PID file creation, clobbering, and deletion. . exim4 (4.92-8+deb10u5) buster; urgency=medium . * Fix use of concurrent TLS connections under GnuTLS: 80_01-GnuTLS-fix-hanging-callout-connections.patch 80_02-GnuTLS-tls_write-wait-after-uncorking-the-session.patch 80_03-GnuTLS-Do-not-care-about-corked-data-when-uncorking.patch (Thanks, Heiko Schlittermann for the backport) * Pull 82_TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch from upstream git (already included in 4.94), on TLS connections to a CNAME verify the certificate against the original CNAME instead of against the A record. Closes: #985243 * In README.Debian explicitly document the limitation/extent of server certificate checking (authenticity not enforced) in the default configuration (Thanks, Jö Fahlke). This Closes: #985244 (improved documentation and Closes: #985344 (Yes, without required cert checking MitM attacks are possible, but for a stable update documenting this is the best compromise.)
Import Debian changes 4.92-8+deb10u3 exim4 (4.92-8+deb10u3) buster-security; urgency=high * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer overflow in string_vformat. exim4 (4.92-8+deb10u2) buster-security; urgency=high * 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI related buffer overflow. CVE-2019-15846 exim4 (4.92-8+deb10u1) buster-security; urgency=high * Fix remote command execution vulnerability related to "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 exim4 (4.92-8) unstable; urgency=low * Pulled from exim-4.92+fixes branch: + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch Fix expansion of $tls_out_ocsp under hosts_request_ocsp. + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch When tls_verify_certificates was set to a directory instead of a file exim/GnuTLS would still send out the list of accepted certificates, This did not match documented behavior. + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch The dsn_from option was not used for DSN success messages. * Pulled from upstream GIT master: + 75_14-Fix-smtp-response-timeout.patch Fix the timeout on smtp response to apply to the whole response instead of resetting for every byte received. + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch https://bugs.exim.org/show_bug.cgi?id=2405 ${eval } was broken on 32bit archs. exim4 (4.92-7) unstable; urgency=medium * Upload to unstable. exim4 (4.92-6) experimental; urgency=medium * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for debugging sa-exim. * Set HAVE_LOCAL_SCAN=yes in EDITME. * Upload to experimental. exim4 (4.92-5) unstable; urgency=medium * Improved spam-scanning example with accompaning information in README.Debian. Explicitly warn about adding the default SpamAssassin report in a header, which Closes: #774553 * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on the (working) version of the patch. Drop exim4-dev package. Add a NEWS entry for this change. exim4 (4.92-4) unstable; urgency=medium * Another patch from exim-4.92+fixes branch: 75_10-Harden-plaintext-authenticator.patch exim4 (4.92-3) unstable; urgency=medium * Pull fixes from exim-4.92+fixes branch. + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch + 75_08-Logging-fix-initial-listening-on-log-line.patch + 75_09-OpenSSL-Fix-aggregation-of-messages.patch exim4 (4.92-2) unstable; urgency=medium * Upload to unstable. exim4 (4.92-1) experimental; urgency=medium * Point watchfile to release directory again. * New upstream stable release, identical to rc6 except for the version string. * Pull fixes from exim-4.92+fixes branch. + 75_01-Fix-json-extract-operator-for-unfound-case.patch + 75_02-Fix-transport-buffer-size-handling.patch + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch * Upload to experimental while waiting for rc6 to migrate. exim4 (4.92~RC6-1) unstable; urgency=low * New upstream snapshot rc6, includes 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch. exim4 (4.92~RC5-2) unstable; urgency=high * In init script use start-stop-daemon directly instead of lsb-base's killproc which currently fails to pass on the executable name to s-s-d (921558). This broke with s-s-d 1.19.2 which (for security reasons) requires further filtering arguments in addition to --pidfile when the pid file is not owned by root. Closes: #921205 exim4 (4.92~RC5-1) unstable; urgency=medium * New upstream snapshot rc5. * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers was ignored. exim4 (4.92~RC4-3) unstable; urgency=medium * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * Drop outdated pointers to alioth package homepage from README.Debian. * Update exim4-config Breaks to enforce upgrade to daemon binary package with DANE support. Closes: #919902 * [lintian] Minimize upstream/signing-key.asc. exim4 (4.92~RC4-2) unstable; urgency=medium * Upload to unstable. exim4 (4.92~RC4-1) experimental; urgency=low * New upstream version. + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch. + Unfuzz patches. exim4 (4.92~RC3-1) unstable; urgency=low * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from upstream GIT master, fixing outgoing TLS 1.3. https://bugs.exim.org/show_bug.cgi?id=2359 * New upstream version. * Upload to unstable. exim4 (4.92~RC2-1) experimental; urgency=low * New upstream version. + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch exim4 (4.92~RC1-1) experimental; urgency=low * Update upstream/signing-key.asc from https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding 96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing 1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and FAA1C7F9CD077DC4304BC0C885AB833FDDC03262. * New upstream release candidate: + Point watchfile to test subdir. + Update watchfile to handle -RC1 in addition to _RC1. + Drop 75_fixes*.patch. + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch + Update configuration from upstream example, except for tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport: * Enable dns_dnssec_ok. * Set dnssec_request_domains = * on dnslookup and dnslookup_relay_to_domains routers. * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp transport unless REMOTE_SMTP_DISABLE_DANE is set. * Set multi_domain on remote_smtp_smarthost transport. * Post release updates: + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch exim4 (4.91-9) unstable; urgency=low * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back autodeleted comments. * Update from exim-4_91+fixes branch: + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch + 75_fixes_29-Fix-AUTH_GSASL-build.patch + 75_fixes_30-Harden-string-list-handling.patch exim4 (4.91-8) unstable; urgency=low [ Andreas Metzler ] * Update from exim-4_91+fixes branch: + 75_fixes_18-Restore-Darwin-OS-configuration.patch + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch [ Marc Haber ] * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper. exim4 (4.91-7) unstable; urgency=low * Update from exim-4_91+fixes branch: + 75_fixes_16-Fix-non-EVENTS-build.patch + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch exim4 (4.91-6) unstable; urgency=low * Update from exim-4_91+fixes branch: + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck. (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS) exim4 (4.91-5) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch exim4 (4.91-4) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch + 75_fixes_07-tidying.patch + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch * [lintian] Delete trailing empty lines in changelog. exim4 (4.91-3) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch + Move 50_localscan_dlopen.dpatch to end of patch series and rename to 90_... to preserve alphanumeric patch ordering. * Add log_message for local blacklists to improve log readability. (Patch by Dominic Hargreaves). exim4 (4.91-2) unstable; urgency=low * Upload to unstable. exim4 (4.91-1) experimental; urgency=medium * Point watchfile to release directory again and use downloads.exim.org host. * New upstream version. * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did not ship libgnutls-dane0. exim4 (4.91~RC4-1) experimental; urgency=medium * New upstream version. exim4 (4.91~RC3-1) experimental; urgency=medium * New upstream version. * Point vcs* to salsa. exim4 (4.91~RC2-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch exim4 (4.91~RC1-1) experimental; urgency=medium * Point watchfile to test subdirectory. * New upstream version: + Drop debian/patches/75_*. + Update example.conf.md5. Upstream now enables verify = header_syntax check in default config, mirror this change in Debian, introduce NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this. * Build with newly available (well, for GnuTLS) DANE support. * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250. exim4 (4.90.1-5) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_15-Pipe-transport-part-two.-Bug-2257.patch 75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch 75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch exim4 (4.90.1-4) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch 75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch 75_13-Unbreak-DMARC.patch 75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch exim4 (4.90.1-3) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch 75_08-Mark-variables-unused-before-release-of-store-in-the.patch 75_09-Mark-variables-unused-before-release-of-store-in-the.patch 75_10-Mark-variables-that-are-unused-before-release-of-sto.patch exim4 (4.90.1-2) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch 75_02-Fix-memory-leak-during-multi-message-reception-using.patch 75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch 75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch 75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch 75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch exim4 (4.90.1-1) unstable; urgency=high * New upstream version, fixing CVE-2018-6789. Closes: #890000 + Drop 75_*.patch. exim4 (4.90-7) unstable; urgency=medium * Update from exim-4_90+fixes branch. (exim-4.90.0.27) + 75_21-DKIM-fix-buffer-overflow-in-verify.patch + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch * Typo fixes in old patch descriptions. (Thanks, lintian!) exim4 (4.90-6) unstable; urgency=medium * Update from exim-4_90+fixes branch. + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch Closes: #887489 + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch exim4 (4.90-5) unstable; urgency=low * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from exim-4_90+fixes branch. * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971 * [update-exim4.conf] stop converting variables set to an empty value in /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972 exim4 (4.90-4) unstable; urgency=low * Update from exim-4_90+fixes branch. 75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch 75_14-Fix-D-string-expansion-to-not-use-millisec.patch 75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch exim4 (4.90-3) unstable; urgency=medium * Three more patches from exim-4_90+fixes branch: 75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch 75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch 75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch exim4 (4.90-2) unstable; urgency=medium * Update to exim-4_90+fixes branch: + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch. + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch + 75_05-Fix-build-of-nisplus-lookup.patch + 75_06-Fix-const-issue-in-nisplus-lookup.patch + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch exim4 (4.90-1) unstable; urgency=low * rc4 released as 4.90. * Point watchfile to release directory again. * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream GIT master branch. Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html * Simplify debian/rules and make it usable with dh v10 compat. The fine-grained support for selecting the to be built packages (-custom with or without -base) was dropped. The build process is now controlled by attaching tasks to dh-override hooks instead of using file dependencies, makefile-style. The latter broke with dh v10 due to upstream's build-system which always has the main targets out-of-date inter alia due to the compile-number feature. * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change buildflags ATM.) * Use debhelper v10 compat. * Drop override_dh_strip-arch, we have had enough toolchain and source changes to prevent file conflicts. exim4 (4.90~RC4-1) unstable; urgency=medium * New upstream version. exim4 (4.90~RC3-2) unstable; urgency=low * Upload to unstable. * Point homepage to https URL. exim4 (4.90~RC3-1) experimental; urgency=medium * New upstream version. + Fix a use-after-free while reading smtp input for header lines. A crafted sequence of BDAT commands could result in in-use memory being freed. CVE-2017-16943. Closes: #882648 + Fix checking for leading-dot on a line during headers reading from SMTP input. Previously it was always done; now only done for DATA and not BDAT commands. CVE-2017-16944 Closes: #882671 * Drop 78_Disable-chunking-BDAT-by-default.patch again. exim4 (4.90~RC2-3) experimental; urgency=medium * As a workaround for the yet-unfixed security vulnerability resurrect (and adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html exim4 (4.90~RC2-2) experimental; urgency=low * B-d on lynx, instead of lynx-cur | lynx. exim4 (4.90~RC2-1) experimental; urgency=low * New upstream release candidate. + Unfuzz patches, drop 40_reproducible_build.diff and 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff. + Refresh debian/example.conf.md5, No changes to Debian's configuration needed, upstream added a (commented) entry to change OpenSSL ciphers. exim4 (4.90~RC1-1) experimental; urgency=low * New upstream release candidate. + Point watchfile to test subdirectory. + Update 40_reproducible_build.diff + Drop 75_fixes*.patch and 80_Repair-manualroute-transport-name-not-last-option.patch. + Unfuzz EDITME*.diff + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when SOURCE_DATE_EPOCH is set. * Drop trailing whitespace in debian/README.source, debian/changelog and debian/rules. (Thanks, lintian) * Drop debian/README.source and outdated parts of debian/copyright. exim4 (4.89-13) unstable; urgency=high * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944 exim4 (4.89-12) unstable; urgency=high * Sync with exim-4_89+fixes branch: + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943 * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch. exim4 (4.89-11) unstable; urgency=critical * B-d on lynx, instead of lynx-cur | lynx. exim4 (4.89-10) unstable; urgency=critical * As a workaround for the yet-unfixed security vulnerability resurrect 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html exim4 (4.89-9) unstable; urgency=medium * Upload to unstable. exim4 (4.89-8) experimental; urgency=low * Sync with exim-4_89+fixes branch: 75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch 75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch * Point watchfile to https site. exim4 (4.89-7) unstable; urgency=low * In debian/rules' manually called update-mtaconflicts target use grep-aptavail instead of hard-coding /var/lib/apt/lists/. (Thanks, Julian Andres Klode) Closes: #874772 * Update debian/mtalist. * Sync with exim-4_89+fixes branch: 75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch 75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch 75_fixes_15-SOCKS-fix-unitialized-pointer.patch 75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch. exim4 (4.89-6) unstable; urgency=medium * Use "runuser --command ..." instead of "su - --command ..." in exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688 (Thanks, Jakobus Schürz) * Sync priorities with override file: exim4{,-base,-config,-daemon-light} optional from standard, exim4-dev optional from extra. * In debian/rules when setting up the build-tree for -custom also copy EDITME.eximon to allow building based on EDITME.exim4-light with eximon building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813 exim4 (4.89-5) unstable; urgency=medium * Update to exim-4_89+fixes branch: 75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch 75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch (replaces 79_CVE-2017-1000369.patch) 75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces 81_Fix-log-line-corruption-for-DKIM-status.patch) 75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch 75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch 75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch 75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch 75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch (CVE-2017-10140) 75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch 75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch 75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch * Simplify debian/rules by including buildflags.mk unconditionally which was introduced in dpkg 1.16.1 released in October 2011. * Use pkg-info.mk to get package-version, upstream-version and SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not provided by pkg-info.mk. * [lintian] In *daemon.postinst use which certtool instead of [ -x /usr/bin/certtool ] to check for availablility of the command. exim4 (4.89-4) unstable; urgency=low * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT master: Starting with 4.85 a transport name needed to specified after options in route_list. Closes: #865287 * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master. * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by default. * Standards-Version: 4.0.0 + Do not check for availability of invoke-rc.d, use it always and do not fall back to invoking the init-script directly. + Drop eximon menu file. * Migrate to automatic debug packages. Bump b-d on debhelper since --dbgsym-migration was introduced in debhelper 9.20160114. exim4 (4.89-3) unstable; urgency=high * Re-upload to unstable.
Import Debian changes 4.89-2+deb9u4 exim4 (4.89-2+deb9u4) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix remote command execution vulnerability (CVE-2019-10149) exim4 (4.89-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000) exim4 (4.89-2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Avoid release of store if there have been later allocations (CVE-2017-16943) (Closes: #882648) * Chunking: do not treat the first lonely dot special (CVE-2017-16944) (Closes: #882671) exim4 (4.89-2+deb9u1) stretch-security; urgency=medium * CVE-2017-100369 exim4 (4.89-2) unstable; urgency=medium * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to initscript (#844178). It breaks when the initscript does not start a daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). Closes: #860317 * When reporting bugs also attach /etc/default/exim4 by default. exim4 (4.89-1) unstable; urgency=medium * Enable inbound (server-side) proxying for -heavy. Closes: #856712 * New upstream release, source identical to RC7. exim4 (4.89~RC7-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC6-1) unstable; urgency=medium * Document E4BCD_PANICLOG_LINES in README.Debian. * New upstream version. exim4 (4.89~RC5-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC4-1) unstable; urgency=medium * New upstream version. + Drop 92_CVE-2016-1238.diff. * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile while we are changing the init script. exim4 (4.89~RC3-1) unstable; urgency=medium * New upstream version. + Unfuzz 92_CVE-2016-1238.diff. * init file: + Source /etc/default/exim4 *before* defining the shell variables holding the pidfilenames. Overriding these via /etc/default/exim4 is not supported. + Add missing support for reload when QUEUERUNNER='queueonly'. + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way $PIDFILE is used for the main exim process for all available QUEUERUNNER choices. + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd interaction. systemd-sysv-generator uses this pseudoheader to set PIDFile in the generated service file and it also sets RemainAfterExit=no instead of yes if it is present. Thanks, Michael Biebl for suggestion and explanation. Closes: #844178 exim4 (4.89~RC2-1) unstable; urgency=medium * New upstream version. + Drop 75_add_bak_spec.txt.diff. exim4 (4.89~RC1-1) unstable; urgency=low * Refresh debian/upstream/signing-key.asc. * New upstream bugfix release. + Drop superfluous patches. 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + Unfuzz 31_eximmanpage.dpatch and 78_Disable-chunking-BDAT-by-default.patch. + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc tarball. + Unfuzz debian/EDITME.exim4-*. + Update debian/example.conf.md5. - Upstream typo fix. exim4 (4.88-5) unstable; urgency=medium * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty. This is a Debian specific change, we are right before the freeze and BDAT needs a little time. exim4 (4.88-4) unstable; urgency=medium * Upload to unstable. exim4 (4.88-3) experimental; urgency=medium * Pull multiple patches from upstream GIT: + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch (Thanks, Bart Noordervliet for the pointer) Closes: #850175 exim4 (4.88-2) unstable; urgency=medium * Upload to unstable. exim4 (4.88-1) experimental; urgency=medium * New upstream version. * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to testing. * Drop 75_Fix-DKIM-information-leakage.patch. exim4 (4.88~RC6-2) unstable; urgency=high * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA physical line limit check for both for SMTP DATA ACL and remote_smtp* transports. Closes: #828801 Also update corresponding NEWS entry. * [lintian] debian/changelog: s/lenght/length/ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM information leakage issue CVE-2016-9963. exim4 (4.88~RC6-1) unstable; urgency=low * New upstream version. exim4 (4.88~RC5-1) unstable; urgency=low * New upstream version. + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. exim4 (4.88~RC4-2) unstable; urgency=low * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream GIT to fix exim bug 1914 (exim doesn't close connection after quit. * Upload to unstable. exim4 (4.88~RC4-1) experimental; urgency=low * New upstream version. exim4 (4.88~RC3-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-check-for-commandline-macro-definition.patch 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. exim4 (4.88~RC2-3) experimental; urgency=medium * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on every upgrade. * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix longstanding bug with aborted TLS server connection handling. Under GnuTLS, when a session startup failed (eg because the client disconnected) Exim did stdio operations after fclose. This was exposed by a recent change which nulled out the file handle after the fclose. exim4 (4.88~RC2-2) experimental; urgency=medium * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission problems on commandline mail submission. Closes: #840355 exim4 (4.88~RC2-1) experimental; urgency=low * New upstream version. + Changed default Diffie-Hellman parameters to be Exim-specific, created by Phil Pennock. Added RFC7919 DH primes as an alternative. Closes: #839978 * Set tls_dhparam = historic to use site-specific DH parameters. * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in -daemon postinst. * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either by running certtool or by installing /usr/share/exim4/gnutls-params-2048. Do not try to use openssl dhparam, it takes too long. exim4 (4.88~RC1-1) experimental; urgency=low * Drop reference to removed (in 4.80-7) "what"-option in init script usage message. (Thanks, Calum Mackay!) Closes: #823855 * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] Closes: #832442 * [lintian] update-exim4.conf.8 - fix typo. * [lintian] Drop unused override binaries-have-file-conflict. * B-d on default-libmysqlclient-dev. * New upstream version. + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch 50_localscan_dlopen.dpatch + Drop superfluous patches. 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + Fix crash in VRFY handling when handed an unqualified name (lacking @domain). Apply the same qualification processing as RCPT. Closes: #834699 + Fix a possible security hole, wherein a process operating with the Exim UID can gain a root shell. Credit to http://www.halfdog.net/ for discovery and writeup. LP: #1580454 * [lintian] exim4-config_files.5 - fix typo. exim4 (4.87-3) unstable; urgency=medium * Pull multiple patches from upstream GIT: + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch Improved message on overlong lines in example config. + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch Fix race condition related to connection reuse. https://bugs.exim.org/show_bug.cgi?id=1810 + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch Avoid exposing passwords in log on failing ldap lookup expansion. https://bugs.exim.org/show_bug.cgi?id=165 * Copy information message on rejecting overlong lines in data ACL from upstream example configuration. Closes: #823418 * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. Closes: 821830 exim4 (4.87-2) unstable; urgency=medium * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. (Thanks, L. Guruprasad!) Closes: #821416 * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS connections (hosts_require_tls option) in remote_smtp_smarthost transport. Closes: #822174 * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It is deprecated and will be removed in 4.88. * README.Debian*: Fix minor issues found by lintian. * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 * Drop exim4-base Recommends on perl-modules. This had been unnecessary since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. exim4 (4.87-1) unstable; urgency=medium * Fix comment in conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, Jörg-Volker Peetz!) Closes: #819780 * New upstream release. exim4 (4.87~RC7-1) unstable; urgency=low * Enable SOCKS support in both -light and -heavy. Closes: #818091 * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 * New upstream version. + Drop 74_Store-the-initial-working-directory.diff, 75_String-expansions-fix-extract.patch, 76_only_warn_on_nonempty_environment.diff. + Update debian/example.conf.md5. exim4 (4.87~RC6-3) unstable; urgency=medium * Merge changelog entries for 4.86.2-1 and -2. * Upload to unstable. * Add link to CVE details to latest NEWS entry and bump its version and date to match this upload. Closes: #818349, #817244 exim4 (4.87~RC6-2) experimental; urgency=medium * 74_Store-the-initial-working-directory.diff, 76_only_warn_on_nonempty_environment.diff: Upstream followups on the CVE fix (Thanks, Heiko Schlittermann!): + Runtime warning is only generated if (and only if) keep_environment is unset and environment is nonempty. + Store the initial working directory and make it available in the new expansion variable $initial_cwd. * Merge all NEWS.Debian files into a single one, identical for all binary packages. - Different NEWS files built from a single source package is not and has not ever been supported by apt-listchanges which is the most important frontend. * Add a NEWS entry about the environment related runtime warning. exim4 (4.87~RC6-1) experimental; urgency=medium * New upstream version. * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing ${extract } string expansion for the numeric/3-string case. (Bug was introduced in 4.85.) * Set keep_environment to empty value instead of setting a minimal PATH in add_environment. exim4 (4.87~RC5-2) experimental; urgency=medium * Update debian/upstream/signing-key.asc, using the keys listed in ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds Heiko Schlittermann's key. * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 exim4 (4.87~RC5-1) experimental; urgency=medium * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying to grep in it. Closes: #814998 * New upstream version, includes the patch for CVE-2016-1531. (Local root exploit). * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.87~RC3-2) experimental; urgency=medium * README.Debian: Refer to Exim specification by chapter name instead of chapter number. Closes: #813351 * Fix some spelling errors found by lintian. * Minor debian/rules cleanup: + Restore originally intended behavior, upstream changelog is only shipped in exim4-base, symlinks to it elsewhere. + Drop workaround for #347577, fixed in debhelper 5.0.15. + Use "dh binary-arch" and "dh binary-indep" and a bunch of override targets instead of listing all dh-commands. While this is uglier and slows things down a bit it shortens debian/rules by 40 lines and has the huge benefit that we automatically use all suggested helpers in correct order. + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. + Delete unused, commented code. + Drop (exported) variable MTACONFLICTS, used only once. * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. exim4 (4.87~RC3-1) experimental; urgency=medium * Move Vcs-* from git/http to https. * [lintian] README.Debian: s/desireable/desirable/. * [lintian] README.Debian: Fix grammar error "allow + infinitive". * [lintian] exim4-config.postinst: Use which foo > /dev/null instead of [ -x /path/to/foo ]. * Update list of patches in debian/README.Debian.xml * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. * New upstream version. + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, merge this change and drop CHECK_MAIL_HELO_ISSUED macro. exim4 (4.87~RC2-1) experimental; urgency=medium * New upstream version. exim4 (4.87~RC1-1) experimental; urgency=medium * New upstream version. + Refresh patches. + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. + Sync with upstream default configuration: Check maximum (physical, i.e. before unfolding) line length in default spec file data ACL and smtp transport. Bug 1684 Closes: #797919 + HS/02 Add the Exim version string to the process info. This way exiwhat gives some more detail about the running daemon. Closes: #240883 * Override upstream's new default of tls_advertise_hosts = * if MAIN_TLS_ENABLE is not set. exim4 (4.86.2-2) unstable; urgency=high * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 exim4 (4.86.2-1) unstable; urgency=high * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream 4.86+fixes branch. * New upstream security release for CVE-2016-1531. + New options keep_environment/add_environment which are empty by default, i.e. any subprocesses start in a clean (empty) environment. + -C requires an absolute path. + Exim changes it's working directory to / right after startup. * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.86-7) unstable; urgency=medium * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from exim-4_86+fixes branch fixes another MIME ACL related crash. https://bugs.exim.org/show_bug.cgi?id=1730 exim4 (4.86-6) unstable; urgency=medium * Cleanup (actual patch is identical): Use 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from exim-4_86+fixes branch instad of 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 exim4 (4.86-5) unstable; urgency=high * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT head to avoid misaligned access in cached lookup. Closes: #803255 exim4 (4.86-4) unstable; urgency=medium * Fix documentation of lowuid_aliases router, exceptions are in CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) Closes: #799672 * fcron has been removed from Debian in 2011, stop listing it as an alternative dependency of exim4-base (Thanks, Alexandre Detiste). Closes: #798236 * Update to upstream exim-4_86+fixes branch: + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, 76_Fix-post-transport-crash.patch, 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, 78_Close-logs-after-daemon-process-exceptional-write.patch. + Add 75_0001-Fix-post-transport-crash.patch 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch * Use dh v9. exim4 (4.86-3) unstable; urgency=medium * Pull three patches from upstream git: + 75_Fix-ESMTP-MAIL-command-option-processing.patch: Corrects handling of mail-addresses with whitespace. <http://article.gmane.org/gmane.mail.exim.user/97069> + 76_Fix-post-transport-crash.patch 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch <https://bugs.exim.org/show_bug.cgi?id=1671> * Fix spelling error in copyright file. (Thanks, lintian) * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from upstream git, exim was keeping logfiles open after after a "too many connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for chasing this.) * When saving the berkeley DB version at build-time pass -P option to cpp, to prevent linebreaks. exim4 (4.86-2) unstable; urgency=high * Update exim4-config Breaks, PRDR support is was moved from being Experimental into the mainline with 4.83. Closes: #794320 exim4 (4.86-1) unstable; urgency=medium * New upstream version, identical to RC5 (except for the version string). exim4 (4.86~RC5-1) unstable; urgency=medium * New upstream version. + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. exim4 (4.86~RC4-2) unstable; urgency=medium * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), transition from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc. * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then properly fix the issue. Closes: #790616 exim4 (4.86~RC4-1) unstable; urgency=medium * unexport/undefine TZ in debian/rules for reproducible build. It would be used as default value for TIMEZONE_DEFAULT. * New upstream version. + Unfuzz 31_eximmanpage.dpatch. exim4 (4.86~RC3-2) unstable; urgency=medium * Upload to unstable. exim4 (4.86~RC3-1) experimental; urgency=medium * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug 1166671. * New upstream version. exim4 (4.86~RC2-1) experimental; urgency=medium * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control (Thanks, lintian). * New upstream version: +Drop included patches. (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) * Sync Debian config with upstream default config: + Set prdr_enable. + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to log_selector option value. exim4 (4.86~RC1-3) experimental; urgency=medium * Get time and date of latest debian/changelog entry and patch exim(on) to use these instead of __DATE__ and __TIME__. * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch from GIT to fix FTBFS on kfreebsd. exim4 (4.86~RC1-2) experimental; urgency=medium * Pull three post-release fixes from upstream GIT. (null pointer derefencing, and spam scanning defaulting to rspam mode) + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch exim4 (4.86~RC1-1) experimental; urgency=medium * New upstream release. + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, refresh patches. + Update EDITME*, enable AUTH_TLS for -heavy. + Sync Debian config with upstream default config, rfc1413 calls are now disabled by default. + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 + The spamd_address main option now supports an optional timeout value per server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 + log reason for defer, on a hostlist dns-lookup temporary error. Closes: #670035 exim4 (4.85-3) unstable; urgency=medium * Upload to unstable. exim4 (4.85-2) experimental; urgency=medium * Merge from unstable 4.84-8. + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and (<< ${source:Version}.1), at least source version, but not the next sourceful upload. Closes: #777246 + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from upstream GIT which fixes breakage of string-expansion in headers_remove commands. (Thanks Gordon Dickens, for the pointer.) - 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added here since it already part of 4.85. exim4 (4.85-1) experimental; urgency=medium * exim4-config_files.5: Escape dots in regex. (Thanks, ael) * New upstream version. exim4 (4.85~RC4-1) experimental; urgency=medium * update-exim4.conf: + Drop unused variable UPEX4C_internal_tmp. + Use tempfile(1) if the generated file will not be written to /var/lib/exim4/. + Add --check option. * init-script: On restart use update-exim4.conf --check before stopping the daemon. (This is a no-op with systemd since its sysv compat layer translates "foo restart" into "foo stop" "foo start" instead of using the init scripts restart target.) * Handle _RC in watchfile with uversionmangle. * New upstream version. + Stop repacking source, rfcs have been dropped. exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium * New upstream version. exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium * New upstream version. * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff 70_remove_exim-users_references.dpatch. exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop neither expects a mbox-style From nor an empty line add the end. (Thanks, Edward Betts) Closes: #769396 * Change the init script's restart order from { regenerate_config; stop; start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) Closes: #768874 * New upstream version. + Unfuzz 66_enlarge-dh-parameters-size.dpatch + Drop 80_mime_empty_charset.diff. * Remove rfc from upstream source and repack it.
Import Debian changes 4.89-2+deb9u3~bpo8+1 exim4 (4.89-2+deb9u3~bpo8+1) jessie-backports; urgency=medium * Rebuild for jessie-backports. * b-d on libmysqlclient-dev | libmysqlclient15-dev instead of default-libmysqlclient-dev. exim4 (4.89-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000) exim4 (4.89-2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Avoid release of store if there have been later allocations (CVE-2017-16943) (Closes: #882648) * Chunking: do not treat the first lonely dot special (CVE-2017-16944) (Closes: #882671) exim4 (4.89-2+deb9u1) stretch-security; urgency=medium * CVE-2017-100369 exim4 (4.89-2) unstable; urgency=medium * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to initscript (#844178). It breaks when the initscript does not start a daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). Closes: #860317 * When reporting bugs also attach /etc/default/exim4 by default. exim4 (4.89-1) unstable; urgency=medium * Enable inbound (server-side) proxying for -heavy. Closes: #856712 * New upstream release, source identical to RC7. exim4 (4.89~RC7-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC6-1) unstable; urgency=medium * Document E4BCD_PANICLOG_LINES in README.Debian. * New upstream version. exim4 (4.89~RC5-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC4-1) unstable; urgency=medium * New upstream version. + Drop 92_CVE-2016-1238.diff. * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile while we are changing the init script. exim4 (4.89~RC3-1) unstable; urgency=medium * New upstream version. + Unfuzz 92_CVE-2016-1238.diff. * init file: + Source /etc/default/exim4 *before* defining the shell variables holding the pidfilenames. Overriding these via /etc/default/exim4 is not supported. + Add missing support for reload when QUEUERUNNER='queueonly'. + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way $PIDFILE is used for the main exim process for all available QUEUERUNNER choices. + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd interaction. systemd-sysv-generator uses this pseudoheader to set PIDFile in the generated service file and it also sets RemainAfterExit=no instead of yes if it is present. Thanks, Michael Biebl for suggestion and explanation. Closes: #844178 exim4 (4.89~RC2-1) unstable; urgency=medium * New upstream version. + Drop 75_add_bak_spec.txt.diff. exim4 (4.89~RC1-1) unstable; urgency=low * Refresh debian/upstream/signing-key.asc. * New upstream bugfix release. + Drop superfluous patches. 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + Unfuzz 31_eximmanpage.dpatch and 78_Disable-chunking-BDAT-by-default.patch. + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc tarball. + Unfuzz debian/EDITME.exim4-*. + Update debian/example.conf.md5. - Upstream typo fix. exim4 (4.88-5) unstable; urgency=medium * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty. This is a Debian specific change, we are right before the freeze and BDAT needs a little time. exim4 (4.88-4) unstable; urgency=medium * Upload to unstable. exim4 (4.88-3) experimental; urgency=medium * Pull multiple patches from upstream GIT: + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch (Thanks, Bart Noordervliet for the pointer) Closes: #850175 exim4 (4.88-2) unstable; urgency=medium * Upload to unstable. exim4 (4.88-1) experimental; urgency=medium * New upstream version. * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to testing. * Drop 75_Fix-DKIM-information-leakage.patch. exim4 (4.88~RC6-2) unstable; urgency=high * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA physical line limit check for both for SMTP DATA ACL and remote_smtp* transports. Closes: #828801 Also update corresponding NEWS entry. * [lintian] debian/changelog: s/lenght/length/ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM information leakage issue CVE-2016-9963. exim4 (4.88~RC6-1) unstable; urgency=low * New upstream version. exim4 (4.88~RC5-1) unstable; urgency=low * New upstream version. + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. exim4 (4.88~RC4-2) unstable; urgency=low * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream GIT to fix exim bug 1914 (exim doesn't close connection after quit. * Upload to unstable. exim4 (4.88~RC4-1) experimental; urgency=low * New upstream version. exim4 (4.88~RC3-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-check-for-commandline-macro-definition.patch 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. exim4 (4.88~RC2-3) experimental; urgency=medium * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on every upgrade. * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix longstanding bug with aborted TLS server connection handling. Under GnuTLS, when a session startup failed (eg because the client disconnected) Exim did stdio operations after fclose. This was exposed by a recent change which nulled out the file handle after the fclose. exim4 (4.88~RC2-2) experimental; urgency=medium * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission problems on commandline mail submission. Closes: #840355 exim4 (4.88~RC2-1) experimental; urgency=low * New upstream version. + Changed default Diffie-Hellman parameters to be Exim-specific, created by Phil Pennock. Added RFC7919 DH primes as an alternative. Closes: #839978 * Set tls_dhparam = historic to use site-specific DH parameters. * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in -daemon postinst. * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either by running certtool or by installing /usr/share/exim4/gnutls-params-2048. Do not try to use openssl dhparam, it takes too long. exim4 (4.88~RC1-1) experimental; urgency=low * Drop reference to removed (in 4.80-7) "what"-option in init script usage message. (Thanks, Calum Mackay!) Closes: #823855 * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] Closes: #832442 * [lintian] update-exim4.conf.8 - fix typo. * [lintian] Drop unused override binaries-have-file-conflict. * B-d on default-libmysqlclient-dev. * New upstream version. + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch 50_localscan_dlopen.dpatch + Drop superfluous patches. 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + Fix crash in VRFY handling when handed an unqualified name (lacking @domain). Apply the same qualification processing as RCPT. Closes: #834699 + Fix a possible security hole, wherein a process operating with the Exim UID can gain a root shell. Credit to http://www.halfdog.net/ for discovery and writeup. LP: #1580454 * [lintian] exim4-config_files.5 - fix typo. exim4 (4.87-3) unstable; urgency=medium * Pull multiple patches from upstream GIT: + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch Improved message on overlong lines in example config. + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch Fix race condition related to connection reuse. https://bugs.exim.org/show_bug.cgi?id=1810 + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch Avoid exposing passwords in log on failing ldap lookup expansion. https://bugs.exim.org/show_bug.cgi?id=165 * Copy information message on rejecting overlong lines in data ACL from upstream example configuration. Closes: #823418 * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. Closes: 821830 exim4 (4.87-2) unstable; urgency=medium * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. (Thanks, L. Guruprasad!) Closes: #821416 * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS connections (hosts_require_tls option) in remote_smtp_smarthost transport. Closes: #822174 * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It is deprecated and will be removed in 4.88. * README.Debian*: Fix minor issues found by lintian. * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 * Drop exim4-base Recommends on perl-modules. This had been unnecessary since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. exim4 (4.87-1) unstable; urgency=medium * Fix comment in conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, Jörg-Volker Peetz!) Closes: #819780 * New upstream release. exim4 (4.87~RC7-1) unstable; urgency=low * Enable SOCKS support in both -light and -heavy. Closes: #818091 * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 * New upstream version. + Drop 74_Store-the-initial-working-directory.diff, 75_String-expansions-fix-extract.patch, 76_only_warn_on_nonempty_environment.diff. + Update debian/example.conf.md5. exim4 (4.87~RC6-3) unstable; urgency=medium * Merge changelog entries for 4.86.2-1 and -2. * Upload to unstable. * Add link to CVE details to latest NEWS entry and bump its version and date to match this upload. Closes: #818349, #817244 exim4 (4.87~RC6-2) experimental; urgency=medium * 74_Store-the-initial-working-directory.diff, 76_only_warn_on_nonempty_environment.diff: Upstream followups on the CVE fix (Thanks, Heiko Schlittermann!): + Runtime warning is only generated if (and only if) keep_environment is unset and environment is nonempty. + Store the initial working directory and make it available in the new expansion variable $initial_cwd. * Merge all NEWS.Debian files into a single one, identical for all binary packages. - Different NEWS files built from a single source package is not and has not ever been supported by apt-listchanges which is the most important frontend. * Add a NEWS entry about the environment related runtime warning. exim4 (4.87~RC6-1) experimental; urgency=medium * New upstream version. * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing ${extract } string expansion for the numeric/3-string case. (Bug was introduced in 4.85.) * Set keep_environment to empty value instead of setting a minimal PATH in add_environment. exim4 (4.87~RC5-2) experimental; urgency=medium * Update debian/upstream/signing-key.asc, using the keys listed in ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds Heiko Schlittermann's key. * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 exim4 (4.87~RC5-1) experimental; urgency=medium * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying to grep in it. Closes: #814998 * New upstream version, includes the patch for CVE-2016-1531. (Local root exploit). * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.87~RC3-2) experimental; urgency=medium * README.Debian: Refer to Exim specification by chapter name instead of chapter number. Closes: #813351 * Fix some spelling errors found by lintian. * Minor debian/rules cleanup: + Restore originally intended behavior, upstream changelog is only shipped in exim4-base, symlinks to it elsewhere. + Drop workaround for #347577, fixed in debhelper 5.0.15. + Use "dh binary-arch" and "dh binary-indep" and a bunch of override targets instead of listing all dh-commands. While this is uglier and slows things down a bit it shortens debian/rules by 40 lines and has the huge benefit that we automatically use all suggested helpers in correct order. + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. + Delete unused, commented code. + Drop (exported) variable MTACONFLICTS, used only once. * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. exim4 (4.87~RC3-1) experimental; urgency=medium * Move Vcs-* from git/http to https. * [lintian] README.Debian: s/desireable/desirable/. * [lintian] README.Debian: Fix grammar error "allow + infinitive". * [lintian] exim4-config.postinst: Use which foo > /dev/null instead of [ -x /path/to/foo ]. * Update list of patches in debian/README.Debian.xml * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. * New upstream version. + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, merge this change and drop CHECK_MAIL_HELO_ISSUED macro. exim4 (4.87~RC2-1) experimental; urgency=medium * New upstream version. exim4 (4.87~RC1-1) experimental; urgency=medium * New upstream version. + Refresh patches. + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. + Sync with upstream default configuration: Check maximum (physical, i.e. before unfolding) line length in default spec file data ACL and smtp transport. Bug 1684 Closes: #797919 + HS/02 Add the Exim version string to the process info. This way exiwhat gives some more detail about the running daemon. Closes: #240883 * Override upstream's new default of tls_advertise_hosts = * if MAIN_TLS_ENABLE is not set. exim4 (4.86.2-2) unstable; urgency=high * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 exim4 (4.86.2-1) unstable; urgency=high * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream 4.86+fixes branch. * New upstream security release for CVE-2016-1531. + New options keep_environment/add_environment which are empty by default, i.e. any subprocesses start in a clean (empty) environment. + -C requires an absolute path. + Exim changes it's working directory to / right after startup. * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.86-7) unstable; urgency=medium * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from exim-4_86+fixes branch fixes another MIME ACL related crash. https://bugs.exim.org/show_bug.cgi?id=1730 exim4 (4.86-6) unstable; urgency=medium * Cleanup (actual patch is identical): Use 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from exim-4_86+fixes branch instad of 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 exim4 (4.86-5) unstable; urgency=high * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT head to avoid misaligned access in cached lookup. Closes: #803255 exim4 (4.86-4) unstable; urgency=medium * Fix documentation of lowuid_aliases router, exceptions are in CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) Closes: #799672 * fcron has been removed from Debian in 2011, stop listing it as an alternative dependency of exim4-base (Thanks, Alexandre Detiste). Closes: #798236 * Update to upstream exim-4_86+fixes branch: + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, 76_Fix-post-transport-crash.patch, 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, 78_Close-logs-after-daemon-process-exceptional-write.patch. + Add 75_0001-Fix-post-transport-crash.patch 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch * Use dh v9. exim4 (4.86-3) unstable; urgency=medium * Pull three patches from upstream git: + 75_Fix-ESMTP-MAIL-command-option-processing.patch: Corrects handling of mail-addresses with whitespace. <http://article.gmane.org/gmane.mail.exim.user/97069> + 76_Fix-post-transport-crash.patch 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch <https://bugs.exim.org/show_bug.cgi?id=1671> * Fix spelling error in copyright file. (Thanks, lintian) * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from upstream git, exim was keeping logfiles open after after a "too many connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for chasing this.) * When saving the berkeley DB version at build-time pass -P option to cpp, to prevent linebreaks. exim4 (4.86-2) unstable; urgency=high * Update exim4-config Breaks, PRDR support is was moved from being Experimental into the mainline with 4.83. Closes: #794320 exim4 (4.86-1) unstable; urgency=medium * New upstream version, identical to RC5 (except for the version string). exim4 (4.86~RC5-1) unstable; urgency=medium * New upstream version. + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. exim4 (4.86~RC4-2) unstable; urgency=medium * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), transition from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc. * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then properly fix the issue. Closes: #790616 exim4 (4.86~RC4-1) unstable; urgency=medium * unexport/undefine TZ in debian/rules for reproducible build. It would be used as default value for TIMEZONE_DEFAULT. * New upstream version. + Unfuzz 31_eximmanpage.dpatch. exim4 (4.86~RC3-2) unstable; urgency=medium * Upload to unstable. exim4 (4.86~RC3-1) experimental; urgency=medium * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug 1166671. * New upstream version. exim4 (4.86~RC2-1) experimental; urgency=medium * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control (Thanks, lintian). * New upstream version: +Drop included patches. (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) * Sync Debian config with upstream default config: + Set prdr_enable. + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to log_selector option value. exim4 (4.86~RC1-3) experimental; urgency=medium * Get time and date of latest debian/changelog entry and patch exim(on) to use these instead of __DATE__ and __TIME__. * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch from GIT to fix FTBFS on kfreebsd. exim4 (4.86~RC1-2) experimental; urgency=medium * Pull three post-release fixes from upstream GIT. (null pointer derefencing, and spam scanning defaulting to rspam mode) + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch exim4 (4.86~RC1-1) experimental; urgency=medium * New upstream release. + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, refresh patches. + Update EDITME*, enable AUTH_TLS for -heavy. + Sync Debian config with upstream default config, rfc1413 calls are now disabled by default. + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 + The spamd_address main option now supports an optional timeout value per server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 + log reason for defer, on a hostlist dns-lookup temporary error. Closes: #670035 exim4 (4.85-3) unstable; urgency=medium * Upload to unstable. exim4 (4.85-2) experimental; urgency=medium * Merge from unstable 4.84-8. + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and (<< ${source:Version}.1), at least source version, but not the next sourceful upload. Closes: #777246 + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from upstream GIT which fixes breakage of string-expansion in headers_remove commands. (Thanks Gordon Dickens, for the pointer.) - 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added here since it already part of 4.85. exim4 (4.85-1) experimental; urgency=medium * exim4-config_files.5: Escape dots in regex. (Thanks, ael) * New upstream version. exim4 (4.85~RC4-1) experimental; urgency=medium * update-exim4.conf: + Drop unused variable UPEX4C_internal_tmp. + Use tempfile(1) if the generated file will not be written to /var/lib/exim4/. + Add --check option. * init-script: On restart use update-exim4.conf --check before stopping the daemon. (This is a no-op with systemd since its sysv compat layer translates "foo restart" into "foo stop" "foo start" instead of using the init scripts restart target.) * Handle _RC in watchfile with uversionmangle. * New upstream version. + Stop repacking source, rfcs have been dropped. exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium * New upstream version. exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium * New upstream version. * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff 70_remove_exim-users_references.dpatch. exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop neither expects a mbox-style From nor an empty line add the end. (Thanks, Edward Betts) Closes: #769396 * Change the init script's restart order from { regenerate_config; stop; start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) Closes: #768874 * New upstream version. + Unfuzz 66_enlarge-dh-parameters-size.dpatch + Drop 80_mime_empty_charset.diff. * Remove rfc from upstream source and repack it.