debian/exim4-daemon-heavy.NEWS

   1 exim4 (4.80~rc2-1) experimental; urgency=low
   2
   3   Ldap lookups returning multi-valued attributes now separate the attributes
   4   with only a comma, not a comma-space sequence.
   5
   6   The GnuTLS support has been mostly rewritten. exim main configuration
   7   options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols,
   8   are no longer supported. (They are ignored if present now, but will trigger
   9   an error in later releases.) Their functionality is entirely subsumed into
  10   tls_require_ciphers.  In turn, tls_require_ciphers is no longer an Exim list
  11   and is not parsed by Exim, but is instead given to gnutls_priority_init(3).
  12
  13   See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details.
  14
  15  -- Andreas Metzler <ametzler@debian.org>  Sat, 22 Oct 2011 19:16:58 +0200
  16
  17 exim4 (4.77~rc4-1) experimental; urgency=low
  18
  19   Exim no longer performs string expansion on the second string of
  20   the match_* expansion conditions: "match_address", "match_domain",
  21   "match_ip" & "match_local_part". Named lists can still be used.
  22
  23   The previous behavior made it too easy to create (remotely) vulnerable
  24   configurations. A more detailed rationale and explanation can be found on
  25   https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
  26
  27  -- Andreas Metzler <ametzler@debian.org>  Thu, 05 Oct 2011 19:22:52 +0200
  28
  29 exim4 (4.72-3) unstable; urgency=low
  30
  31   Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
  32   This is a privilege escalation issue that allows the exim user to gain
  33   root privileges by specifying an alternate configuration file using the -C
  34   option. The macro override facility (-D) might also be misused for this
  35   purpose.
  36
  37   In reaction to this security vulnerability upstream has made a number of
  38   user visible changes. This package includes these changes.
  39   ---------------------------------------------------------
  40   If exim is invoked with the -C or -D option the daemon will not regain
  41   root privileges though re-execution. This is usually necessary for local
  42   delivery, though. Therefore it is generally not possible anymore to run an
  43   exim daemon with -D or -C options.
  44
  45   However this version of exim has been built with
  46   TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
  47   defines a list of configuration files which are trusted; if a config file
  48   is owned by root and matches a pathname in the list, then it may be
  49   invoked by the Exim build-time user without Exim relinquishing root
  50   privileges.
  51
  52   As a hotfix to not break existing installations of mailscanner we have
  53   also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
  54   exim with -DOUTGOING while being able to do local deliveries.
  55
  56   If you previously were using -D switches you will need to change your
  57   setup to use a separate configuration file. The ".include" mechanism
  58   makes this easy.
  59   ---------------------------------------------------------
  60   The system filter is run as exim_user instead of root by default. If your
  61   setup requies root privileges when running the system filter you will
  62   need to set the system_filter_user exim main configuration option.
  63   ---------------------------------------------------------
  64
  65  -- Andreas Metzler <ametzler@debian.org>  Sat, 18 Dec 2010 18:57:16 +0100
  66
  67 exim4 (4.60-2) unstable; urgency=low
  68
  69     The exim4 daemon packages now include a symlink from
  70     /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and
  71     init scripts if the last exim 3 you had installed was any earlier
  72     than 3.36-5 and the conffiles from your exim 3 package are still
  73     around. Be sure to have any exim 4 earlier than 3.36-5 _purged_
  74     (not removed) before installing this package.
  75
  76  -- Marc Haber <mh+debian-packages@zugschlus.de>  Wed, 24 Jan 2006 14:58:08 +0100
  77
  78 exim4 (4.31-2) unstable; urgency=low
  79
  80     The local_scan perl-plugin has been removed because upstream
  81     development has stopped. (am)
  82
  83  -- Andreas Metzler <ametzler@debian.org>  Mon,  5 Apr 2004 15:55:12 +0200
  84
  85 exim4 (4.22-2) unstable; urgency=low
  86
  87     Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in
  88     -heavy and -custom for easy integration of content-scanning and
  89     invoking spamassassin at SMTP time.
  90
  91  -- Andreas Metzler <ametzler@debian.org>  Wed, 27 Aug 2003 12:50:59 +0200