Commit | Line | Data |
---|---|---|
de45f55a AM |
1 | exim4 (4.80~rc2-1) experimental; urgency=low |
2 | ||
3 | Ldap lookups returning multi-valued attributes now separate the attributes | |
4 | with only a comma, not a comma-space sequence. | |
5 | ||
6 | The GnuTLS support has been mostly rewritten. exim main configuration | |
7 | options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols, | |
8 | are no longer supported. (They are ignored if present now, but will trigger | |
9 | an error in later releases.) Their functionality is entirely subsumed into | |
10 | tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list | |
11 | and is not parsed by Exim, but is instead given to gnutls_priority_init(3). | |
12 | ||
13 | See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details. | |
14 | ||
15 | -- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 19:16:58 +0200 | |
16 | ||
17 | exim4 (4.77~rc4-1) experimental; urgency=low | |
18 | ||
19 | Exim no longer performs string expansion on the second string of | |
20 | the match_* expansion conditions: "match_address", "match_domain", | |
21 | "match_ip" & "match_local_part". Named lists can still be used. | |
22 | ||
23 | The previous behavior made it too easy to create (remotely) vulnerable | |
24 | configurations. A more detailed rationale and explanation can be found on | |
25 | https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html | |
26 | ||
27 | -- Andreas Metzler <ametzler@debian.org> Thu, 05 Oct 2011 19:22:52 +0200 | |
28 | ||
29 | exim4 (4.72-3) unstable; urgency=low | |
30 | ||
31 | Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345. | |
32 | This is a privilege escalation issue that allows the exim user to gain | |
33 | root privileges by specifying an alternate configuration file using the -C | |
34 | option. The macro override facility (-D) might also be misused for this | |
35 | purpose. | |
36 | ||
37 | In reaction to this security vulnerability upstream has made a number of | |
38 | user visible changes. This package includes these changes. | |
39 | --------------------------------------------------------- | |
40 | If exim is invoked with the -C or -D option the daemon will not regain | |
41 | root privileges though re-execution. This is usually necessary for local | |
42 | delivery, though. Therefore it is generally not possible anymore to run an | |
43 | exim daemon with -D or -C options. | |
44 | ||
45 | However this version of exim has been built with | |
46 | TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST | |
47 | defines a list of configuration files which are trusted; if a config file | |
48 | is owned by root and matches a pathname in the list, then it may be | |
49 | invoked by the Exim build-time user without Exim relinquishing root | |
50 | privileges. | |
51 | ||
52 | As a hotfix to not break existing installations of mailscanner we have | |
53 | also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start | |
54 | exim with -DOUTGOING while being able to do local deliveries. | |
55 | ||
56 | If you previously were using -D switches you will need to change your | |
57 | setup to use a separate configuration file. The ".include" mechanism | |
58 | makes this easy. | |
59 | --------------------------------------------------------- | |
60 | The system filter is run as exim_user instead of root by default. If your | |
61 | setup requies root privileges when running the system filter you will | |
62 | need to set the system_filter_user exim main configuration option. | |
63 | --------------------------------------------------------- | |
64 | ||
65 | -- Andreas Metzler <ametzler@debian.org> Sat, 18 Dec 2010 18:57:16 +0100 | |
66 | ||
67 | exim4 (4.60-2) unstable; urgency=low | |
68 | ||
69 | The exim4 daemon packages now include a symlink from | |
70 | /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and | |
71 | init scripts if the last exim 3 you had installed was any earlier | |
72 | than 3.36-5 and the conffiles from your exim 3 package are still | |
73 | around. Be sure to have any exim 4 earlier than 3.36-5 _purged_ | |
74 | (not removed) before installing this package. | |
75 | ||
76 | -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Jan 2006 14:58:08 +0100 | |
77 |