debian/exim4-base.NEWS

   1 exim4 (4.80~rc6-1) experimental; urgency=low
   2
   3   Upstream's handling of GnuTLS DH parameters has changed, hardcoded
   4   parameters (from RFCs are used by default. See
   5   /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
   6   /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
   7   and /var/spool/exim4/gnutls-params-2236.
   8
   9  -- Andreas Metzler <ametzler@debian.org>  Sun, 27 May 2012 18:46:48 +0200
  10
  11 exim4 (4.69-4) unstable; urgency=low
  12
  13   In reaction to #475194, the size of the Diffie-Hellman parameters
  14   used by exim was increased to 2048, which is GnuTLS's default.
  15
  16   Since periodically regenerating the Diffie-Hellman parameters
  17   doesn't increase security that much (they're sent in clear text in the
  18   TLS handshake, and some protocols even have hardcoded them in the
  19   standard document), and automatically generating 2048 bits
  20   Diffie-Hellman parameters can take a long time, this has been disabled
  21   in the Exim4 packages starting with 4.69-4. All exim installations
  22   will thus run with the Diffie-Hellman parameters shipped in the
  23   package by default.
  24
  25   Really, really paranoid people with sufficiently fast machines will
  26   want to set up a cron job calling
  27   /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested
  28   interval is weekly or monthly.
  29
  30  -- Marc Haber <mh+debian-packages@zugschlus.de>  Sun, 27 Apr 2008 09:14:32 +0200
  31
  32 exim4 (4.30-1) unstable; urgency=low
  33
  34   * Exim now runs under its own uid (Debian-exim) instead of using mail:mail.
  35
  36     WARNING: You cannot downgrade this version to an older one without
  37     manual chown|chrgrp all files owned by Debian-exim to mail.
  38
  39     Securitywise this is a tradeoff:
  40     - if exim is SUID root and runs without deliver_drop_privilege you win:
  41       exim's internal data in /var/spool/exim4 is not open to attacks by
  42       bugs in programs SGID mail (mail delivery agents like deliver or
  43       procmail, or MUAs like pine) anymore. This is Debian's default setup.
  44     - OTOH if you need to be able to make local deliveries to /var/mail and
  45       want to run exim with reduced priviledge you have some additional work
  46       to do:
  47       * Use an SGID MDA for the actual delivery (I suggest maildrop.)
  48       * Make changes to run exim4 under group mail:
  49         - exim_group=mail.
  50         - Hack: make Debian-exim a group with gid=8, i.e. an alias for
  51           the mail group, _before_ you make the upgrade. (groupadd -o -g 8
  52           Debian-exim)
  53
  54  -- Andreas Metzler <ametzler@debian.org>  Sun,  7 Dec 2003 13:59:46 +0100
  55
  56 exim4 (4.24-1) unstable; urgency=low
  57
  58   * This version of exim cannot run deliveries as root anymore, see change
  59     5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you
  60     don't redirect mail for root via /etc/aliases to a nonpriviledged
  61     account the mail will be delivered to /var/mail/mail with permissions
  62     0600 and owner mail:mail.
  63
  64  -- Andreas Metzler <ametzler@debian.org>  Fri,  3 Oct 2003 18:11:17 +0200
  65
  66 exim4 (4.22-1) unstable; urgency=low
  67
  68   * The way that the $h_ (and $header_) expansions work has been changed
  69     by the addition of RFC 2047 decoding. See the main documentation (the
  70     NewStuff file until release 4.30, then the manual) for full details.
  71
  72     Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8"
  73
  74  -- Andreas Metzler <ametzler@debian.org>  Mon, 18 Aug 2003 16:51:47 +0200