+++ /dev/null
-exim4 (4.80~rc2-1) experimental; urgency=low
-
- Ldap lookups returning multi-valued attributes now separate the attributes
- with only a comma, not a comma-space sequence.
-
- The GnuTLS support has been mostly rewritten. exim main configuration
- options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols,
- are no longer supported. (They are ignored if present now, but will trigger
- an error in later releases.) Their functionality is entirely subsumed into
- tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list
- and is not parsed by Exim, but is instead given to gnutls_priority_init(3).
-
- See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details.
-
- -- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 19:16:58 +0200
-
-exim4 (4.77~rc4-1) experimental; urgency=low
-
- Exim no longer performs string expansion on the second string of
- the match_* expansion conditions: "match_address", "match_domain",
- "match_ip" & "match_local_part". Named lists can still be used.
-
- The previous behavior made it too easy to create (remotely) vulnerable
- configurations. A more detailed rationale and explanation can be found on
- https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
-
- -- Andreas Metzler <ametzler@debian.org> Thu, 05 Oct 2011 19:22:52 +0200
-
-exim4 (4.72-3) unstable; urgency=low
-
- Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
- This is a privilege escalation issue that allows the exim user to gain
- root privileges by specifying an alternate configuration file using the -C
- option. The macro override facility (-D) might also be misused for this
- purpose.
-
- In reaction to this security vulnerability upstream has made a number of
- user visible changes. This package includes these changes.
- ---------------------------------------------------------
- If exim is invoked with the -C or -D option the daemon will not regain
- root privileges though re-execution. This is usually necessary for local
- delivery, though. Therefore it is generally not possible anymore to run an
- exim daemon with -D or -C options.
-
- However this version of exim has been built with
- TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
- defines a list of configuration files which are trusted; if a config file
- is owned by root and matches a pathname in the list, then it may be
- invoked by the Exim build-time user without Exim relinquishing root
- privileges.
-
- As a hotfix to not break existing installations of mailscanner we have
- also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
- exim with -DOUTGOING while being able to do local deliveries.
-
- If you previously were using -D switches you will need to change your
- setup to use a separate configuration file. The ".include" mechanism
- makes this easy.
- ---------------------------------------------------------
- The system filter is run as exim_user instead of root by default. If your
- setup requies root privileges when running the system filter you will
- need to set the system_filter_user exim main configuration option.
- ---------------------------------------------------------
-
- -- Andreas Metzler <ametzler@debian.org> Sat, 18 Dec 2010 18:57:16 +0100
-
-exim4 (4.60-2) unstable; urgency=low
-
- The exim4 daemon packages now include a symlink from
- /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and
- init scripts if the last exim 3 you had installed was any earlier
- than 3.36-5 and the conffiles from your exim 3 package are still
- around. Be sure to have any exim 4 earlier than 3.36-5 _purged_
- (not removed) before installing this package.
-
- -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Jan 2006 14:58:08 +0100
-