-exim4 (4.84.2-2+deb8u3) jessie; urgency=medium
+exim4 (4.89-2+deb9u6~hcoop11) unstable; urgency=medium
- * 94_Fix-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes
- branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!)
- Closes: #845569
+ * New upstream security release
- -- Andreas Metzler <ametzler@debian.org> Mon, 02 Jan 2017 19:18:05 +0100
+ -- Clinton Ebadi <clinton@unknownlamer.org> Fri, 06 Sep 2019 14:23:08 -0400
-exim4 (4.84.2-2+deb8u2) jessie-security; urgency=high
+exim4 (4.89-2+deb9u6) stretch-security; urgency=high
+
+ * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
+ related buffer overflow. CVE-2019-15846
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 03 Sep 2019 20:01:38 +0200
+
+exim4 (4.89-2+deb9u5) stretch-security; urgency=high
+
+ * Fix remote command execution vulnerability related to
+ "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jul 2019 13:32:35 +0200
+
+exim4 (4.89-2+deb9u4~hcoop10) unstable; urgency=medium
+
+ * Rebuild on 4.89-2+deb9u4
+
+ -- Clinton Ebadi <clinton@unknownlamer.org> Thu, 06 Jun 2019 19:35:28 -0400
+
+exim4 (4.89-2+deb9u4) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
- * CVE-2016-9963: DKIM information leakage
+ * Fix remote command execution vulnerability (CVE-2019-10149)
- -- Salvatore Bonaccorso <carnil@debian.org> Thu, 22 Dec 2016 12:17:01 +0100
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 28 May 2019 22:13:55 +0200
-exim4 (4.84.2-2+deb8u1) jessie-security; urgency=high
+exim4 (4.89-2+deb9u3) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
+ * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
- [ Dominic Hargreaves ]
- * eximstats: Remove . from @INC [CVE-2016-1238]
-
- -- Salvatore Bonaccorso <carnil@debian.org> Mon, 25 Jul 2016 20:10:44 +0200
-
-exim4 (4.84.2-2) jessie; urgency=medium
-
- * 90_Cutthrough-Fix-bug-with-dot-only-line.patch: JH/38 Fix cutthrough bug
- with body lines having a single dot. The dot was incorrectly not doubled
- on cutthrough transmission, hence seen as a body-termination at the
- receiving system - resulting in truncated mails. Commonly the sender saw
- a TCP-level error, and retransmitted the nessage via the normal
- store-and-forward channel. This could result in duplicates received - but
- deduplicating mailstores were liable to retain only the initial truncated
- version.
- * 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch: Fix crash
- on "exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'". Closes: #812585
- * Improve on NEWS file. Closes: #818349
- * Add 89_01_p_Delay-chdir-until-we-opened-the-main-config.patch. Backport
- 3de973a29de6852d61ba9bf1845835d08ca5a5ab (Delay chdir(/) until we opened
- the main config) to actually make $initial_cwd expansion work. Also unfuzz
- 89_02_Store-the-initial-working-directory.diff.
- (Thanks, Серж ИвановЪ for bugreport and pointer to missing patch) Closes:
- #818897, #826646
-
- -- Andreas Metzler <ametzler@debian.org> Sun, 12 Jun 2016 13:56:30 +0200
-
-exim4 (4.84.2-1) jessie-security; urgency=high
-
- * New upstream security release.
- + Fix CVE-2016-1531, a local privilege escalation issue when perl_startup
- is used.
- + New options keep_environment/add_environment which are empty by default,
- i.e. any subprocesses start in a clean (empty) environment.
- + -C requires an absolute path.
- + Exim changes it's working directory to / right after startup.
- * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
- options. Set "keep_environment =" by default to avoid a runtime warning.
- Bump exim4-config Breaks to exim4-daemon-* (<< 4.84.2).
- * 89_01_only_warn_on_nonempty_environment.diff,
- 89_02_Store-the-initial-working-directory.diff: Upstream followups on the
+ -- Salvatore Bonaccorso <carnil@debian.org> Sat, 10 Feb 2018 09:26:05 +0100
+
+exim4 (4.89-2+deb9u2) stretch-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Avoid release of store if there have been later allocations
+ (CVE-2017-16943) (Closes: #882648)
+ * Chunking: do not treat the first lonely dot special (CVE-2017-16944)
+ (Closes: #882671)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 28 Nov 2017 22:58:00 +0100
+
+exim4 (4.89-2+deb9u1) stretch-security; urgency=medium
+
+ * CVE-2017-100369
+
+ -- <jmm@debian.org> Wed, 14 Jun 2017 07:03:07 +0200
+
+exim4 (4.89-2) unstable; urgency=medium
+
+ * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
+ initscript (#844178). It breaks when the initscript does not start a
+ daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
+ Closes: #860317
+ * When reporting bugs also attach /etc/default/exim4 by default.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 20 Apr 2017 17:14:04 +0200
+
+exim4 (4.89-1) unstable; urgency=medium
+
+ * Enable inbound (server-side) proxying for -heavy. Closes: #856712
+ * New upstream release, source identical to RC7.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 09 Mar 2017 17:49:47 +0100
+
+exim4 (4.89~RC7-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 01 Mar 2017 18:37:18 +0100
+
+exim4 (4.89~RC6-1) unstable; urgency=medium
+
+ * Document E4BCD_PANICLOG_LINES in README.Debian.
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 23 Feb 2017 18:24:33 +0100
+
+exim4 (4.89~RC5-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 13 Feb 2017 19:04:46 +0100
+
+exim4 (4.89~RC4-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Drop 92_CVE-2016-1238.diff.
+ * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile
+ while we are changing the init script.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 12 Feb 2017 15:28:09 +0100
+
+exim4 (4.89~RC3-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Unfuzz 92_CVE-2016-1238.diff.
+ * init file:
+ + Source /etc/default/exim4 *before* defining the shell
+ variables holding the pidfilenames. Overriding these via
+ /etc/default/exim4 is not supported.
+ + Add missing support for reload when QUEUERUNNER='queueonly'.
+ + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way
+ $PIDFILE is used for the main exim process for all available QUEUERUNNER
+ choices.
+ + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd
+ interaction. systemd-sysv-generator uses this pseudoheader to set
+ PIDFile in the generated service file and it also sets
+ RemainAfterExit=no instead of yes if it is present. Thanks, Michael
+ Biebl for suggestion and explanation. Closes: #844178
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 10 Feb 2017 19:08:52 +0100
+
+exim4 (4.89~RC2-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Drop 75_add_bak_spec.txt.diff.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2017 15:24:44 +0100
+
+exim4 (4.89~RC1-1) unstable; urgency=low
+
+ * Refresh debian/upstream/signing-key.asc.
+ * New upstream bugfix release.
+ + Drop superfluous patches.
+ 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch
+ 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
+ 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
+ 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
+ 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
+ + Unfuzz 31_eximmanpage.dpatch and
+ 78_Disable-chunking-BDAT-by-default.patch.
+ + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc
+ tarball.
+ + Unfuzz debian/EDITME.exim4-*.
+ + Update debian/example.conf.md5. - Upstream typo fix.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 31 Jan 2017 19:52:50 +0100
+
+exim4 (4.88-5) unstable; urgency=medium
+
+ * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main
+ option chunking_advertise_hosts and smtp transport option
+ hosts_try_chunking from "*" to empty.
+ This is a Debian specific change, we are right before the freeze and BDAT
+ needs a little time.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 19 Jan 2017 19:18:15 +0100
+
+exim4 (4.88-4) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 07 Jan 2017 14:38:00 +0100
+
+exim4 (4.88-3) experimental; urgency=medium
+
+ * Pull multiple patches from upstream GIT:
+ + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch,
+ 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
+ + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
+ + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
+ + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
+ (Thanks, Bart Noordervliet for the pointer) Closes: #850175
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 06 Jan 2017 17:32:20 +0100
+
+exim4 (4.88-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 27 Dec 2016 17:36:29 +0100
+
+exim4 (4.88-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to
+ testing.
+ * Drop 75_Fix-DKIM-information-leakage.patch.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 25 Dec 2016 18:07:12 +0100
+
+exim4 (4.88~RC6-2) unstable; urgency=high
+
+ * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA
+ physical line limit check for both for SMTP DATA ACL and remote_smtp*
+ transports. Closes: #828801
+ Also update corresponding NEWS entry.
+ * [lintian] debian/changelog: s/lenght/length/
+ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
+ information leakage issue CVE-2016-9963.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 22 Dec 2016 16:50:21 +0100
+
+exim4 (4.88~RC6-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 08 Dec 2016 07:19:18 +0100
+
+exim4 (4.88~RC5-1) unstable; urgency=low
+
+ * New upstream version.
+ + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Nov 2016 17:43:51 +0100
+
+exim4 (4.88~RC4-2) unstable; urgency=low
+
+ * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream
+ GIT to fix exim bug 1914 (exim doesn't close connection after quit.
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 12 Nov 2016 07:26:14 +0100
+
+exim4 (4.88~RC4-1) experimental; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 07 Nov 2016 19:08:47 +0100
+
+exim4 (4.88~RC3-1) experimental; urgency=medium
+
+ * New upstream version.
+ Drop 75_01-Fix-check-for-commandline-macro-definition.patch
+ 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 24 Oct 2016 19:25:31 +0200
+
+exim4 (4.88~RC2-3) experimental; urgency=medium
+
+ * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on
+ every upgrade.
+ * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix
+ longstanding bug with aborted TLS server connection handling. Under
+ GnuTLS, when a session startup failed (eg because the client
+ disconnected) Exim did stdio operations after fclose. This was exposed by
+ a recent change which nulled out the file handle after the fclose.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2016 16:39:13 +0200
+
+exim4 (4.88~RC2-2) experimental; urgency=medium
+
+ * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission
+ problems on commandline mail submission. Closes: #840355
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 13 Oct 2016 19:25:07 +0200
+
+exim4 (4.88~RC2-1) experimental; urgency=low
+
+ * New upstream version.
+ + Changed default Diffie-Hellman parameters to be Exim-specific, created
+ by Phil Pennock. Added RFC7919 DH primes as an alternative.
+ Closes: #839978
+ * Set tls_dhparam = historic to use site-specific DH parameters.
+ * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
+ -daemon postinst.
+ * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
+ by running certtool or by installing
+ /usr/share/exim4/gnutls-params-2048. Do not try to use
+ openssl dhparam, it takes too long.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 09 Oct 2016 17:37:08 +0200
+
+exim4 (4.88~RC1-1) experimental; urgency=low
+
+ * Drop reference to removed (in 4.80-7) "what"-option in init script usage
+ message. (Thanks, Calum Mackay!) Closes: #823855
+ * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238]
+ Closes: #832442
+ * [lintian] update-exim4.conf.8 - fix typo.
+ * [lintian] Drop unused override binaries-have-file-conflict.
+ * B-d on default-libmysqlclient-dev.
+ * New upstream version.
+ + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch
+ 50_localscan_dlopen.dpatch
+ + Drop superfluous patches.
+ 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
+ 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
+ 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ + Fix crash in VRFY handling when handed an unqualified name
+ (lacking @domain). Apply the same qualification processing as RCPT.
+ Closes: #834699
+ + Fix a possible security hole, wherein a process operating with the Exim
+ UID can gain a root shell. Credit to http://www.halfdog.net/ for
+ discovery and writeup. LP: #1580454
+ * [lintian] exim4-config_files.5 - fix typo.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 25 Sep 2016 15:44:00 +0200
+
+exim4 (4.87-3) unstable; urgency=medium
+
+ * Pull multiple patches from upstream GIT:
+ + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
+ Improved message on overlong lines in example config.
+ + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
+ Fix race condition related to connection reuse.
+ https://bugs.exim.org/show_bug.cgi?id=1810
+ + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ Avoid exposing passwords in log on failing ldap lookup
+ expansion. https://bugs.exim.org/show_bug.cgi?id=165
+ * Copy information message on rejecting overlong lines in data ACL from
+ upstream example configuration. Closes: #823418
+ * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1.
+ Closes: 821830
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2016 14:03:10 +0200
+
+exim4 (4.87-2) unstable; urgency=medium
+
+ * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
+ (Thanks, L. Guruprasad!) Closes: #821416
+ * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS
+ connections (hosts_require_tls option) in remote_smtp_smarthost
+ transport. Closes: #822174
+ * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
+ is deprecated and will be removed in 4.88.
+ * README.Debian*: Fix minor issues found by lintian.
+ * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
+ * Drop exim4-base Recommends on perl-modules. This had been unnecessary
+ since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 30 Apr 2016 13:38:29 +0200
+
+exim4 (4.87-1) unstable; urgency=medium
+
+ * Fix comment in
+ conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
+ Jörg-Volker Peetz!) Closes: #819780
+ * New upstream release.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 07 Apr 2016 19:26:59 +0200
+
+exim4 (4.87~RC7-1) unstable; urgency=low
+
+ * Enable SOCKS support in both -light and -heavy. Closes: #818091
+ * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
+ * New upstream version.
+ + Drop 74_Store-the-initial-working-directory.diff,
+ 75_String-expansions-fix-extract.patch,
+ 76_only_warn_on_nonempty_environment.diff.
+ + Update debian/example.conf.md5.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 01 Apr 2016 19:04:07 +0200
+
+exim4 (4.87~RC6-3) unstable; urgency=medium
+
+ * Merge changelog entries for 4.86.2-1 and -2.
+ * Upload to unstable.
+ * Add link to CVE details to latest NEWS entry and bump its version and date
+ to match this upload. Closes: #818349, #817244
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 23 Mar 2016 18:44:22 +0100
+
+exim4 (4.87~RC6-2) experimental; urgency=medium
+
+ * 74_Store-the-initial-working-directory.diff,
+ 76_only_warn_on_nonempty_environment.diff: Upstream followups on the
CVE fix (Thanks, Heiko Schlittermann!):
+ Runtime warning is only generated if (and only if) keep_environment
is unset and environment is nonempty.
+ Store the initial working directory and make it available in the new
expansion variable $initial_cwd.
- * Add NEWS entry to warn of potential breakage.
+ * Merge all NEWS.Debian files into a single one, identical for all binary
+ packages. - Different NEWS files built from a single source package is not
+ and has not ever been supported by apt-listchanges which is the most
+ important frontend.
+ * Add a NEWS entry about the environment related runtime warning.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Mar 2016 18:11:32 +0100
+
+exim4 (4.87~RC6-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
+ ${extract } string expansion for the numeric/3-string case. (Bug was
+ introduced in 4.85.)
+ * Set keep_environment to empty value instead of setting a minimal PATH in
+ add_environment.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 11 Mar 2016 19:50:07 +0100
+
+exim4 (4.87~RC5-2) experimental; urgency=medium
+
+ * Update debian/upstream/signing-key.asc, using the keys listed in
+ ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds
+ Heiko Schlittermann's key.
+ * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 13:17:01 +0100
+
+exim4 (4.87~RC5-1) experimental; urgency=medium
+
+ * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
+ to grep in it. Closes: #814998
+ * New upstream version, includes the patch for CVE-2016-1531. (Local root
+ exploit).
+ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
+ options. If neither is used we use add_environment to set a minimal
+ PATH=/bin:/usr/bin to avoid a runtime warning.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 02 Mar 2016 21:06:43 +0100
+
+exim4 (4.87~RC3-2) experimental; urgency=medium
+
+ * README.Debian: Refer to Exim specification by chapter name instead of
+ chapter number. Closes: #813351
+ * Fix some spelling errors found by lintian.
+ * Minor debian/rules cleanup:
+ + Restore originally intended behavior, upstream changelog is only
+ shipped in exim4-base, symlinks to it elsewhere.
+ + Drop workaround for #347577, fixed in debhelper 5.0.15.
+ + Use "dh binary-arch" and "dh binary-indep" and a bunch of override
+ targets instead of listing all dh-commands. While this is uglier and
+ slows things down a bit it shortens debian/rules by 40 lines and has the
+ huge benefit that we automatically use all suggested helpers in correct
+ order.
+ + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
+ + Delete unused, commented code.
+ + Drop (exported) variable MTACONFLICTS, used only once.
+ * Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
+ * Refresh debian/EDITME.*, -heavy was missing ldap and sql support.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 13 Feb 2016 20:10:53 +0100
+
+exim4 (4.87~RC3-1) experimental; urgency=medium
+
+ * Move Vcs-* from git/http to https.
+ * [lintian] README.Debian: s/desireable/desirable/.
+ * [lintian] README.Debian: Fix grammar error "allow + infinitive".
+ * [lintian] exim4-config.postinst: Use which foo > /dev/null
+ instead of [ -x /path/to/foo ].
+ * Update list of patches in debian/README.Debian.xml
+ * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
+ with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
+ * New upstream version.
+ + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
+ merge this change and drop CHECK_MAIL_HELO_ISSUED macro.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 21 Jan 2016 17:44:00 +0100
+
+exim4 (4.87~RC2-1) experimental; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Dec 2015 17:51:39 +0100
+
+exim4 (4.87~RC1-1) experimental; urgency=medium
+
+ * New upstream version.
+ + Refresh patches.
+ + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
+ + Sync with upstream default configuration: Check maximum (physical, i.e.
+ before unfolding) line length in default spec file data ACL and smtp
+ transport. Bug 1684 Closes: #797919
+ + HS/02 Add the Exim version string to the process info. This way exiwhat
+ gives some more detail about the running daemon. Closes: #240883
+ * Override upstream's new default of tls_advertise_hosts = * if
+ MAIN_TLS_ENABLE is not set.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 11 Dec 2015 20:15:30 +0100
+
+exim4 (4.86.2-2) unstable; urgency=high
+
+ * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 13:07:31 +0100
+
+exim4 (4.86.2-1) unstable; urgency=high
+
+ * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
+ 4.86+fixes branch.
+ * New upstream security release for CVE-2016-1531.
+ + New options keep_environment/add_environment which are empty by default,
+ i.e. any subprocesses start in a clean (empty) environment.
+ + -C requires an absolute path.
+ + Exim changes it's working directory to / right after startup.
+ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
+ options. If neither is used we use add_environment to set a minimal
+ PATH=/bin:/usr/bin to avoid a runtime warning.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 01 Mar 2016 19:34:39 +0100
+
+exim4 (4.86-7) unstable; urgency=medium
+
+ * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
+ * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
+ exim-4_86+fixes branch fixes another MIME ACL related crash.
+ https://bugs.exim.org/show_bug.cgi?id=1730
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 28 Nov 2015 18:45:31 +0100
+
+exim4 (4.86-6) unstable; urgency=medium
+
+ * Cleanup (actual patch is identical): Use
+ 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
+ exim-4_86+fixes branch instad of
+ 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
+ * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
+ DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 Nov 2015 07:55:51 +0100
+
+exim4 (4.86-5) unstable; urgency=high
+
+ * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
+ head to avoid misaligned access in cached lookup. Closes: #803255
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 03 Nov 2015 19:33:49 +0100
+
+exim4 (4.86-4) unstable; urgency=medium
+
+ * Fix documentation of lowuid_aliases router, exceptions are in
+ CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
+ Closes: #799672
+ * fcron has been removed from Debian in 2011, stop listing it as an
+ alternative dependency of exim4-base (Thanks, Alexandre Detiste).
+ Closes: #798236
+ * Update to upstream exim-4_86+fixes branch:
+ + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
+ 76_Fix-post-transport-crash.patch,
+ 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
+ 78_Close-logs-after-daemon-process-exceptional-write.patch.
+ + Add 75_0001-Fix-post-transport-crash.patch
+ 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
+ 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
+ 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
+ 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
+ 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
+ * Use dh v9.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 17 Oct 2015 15:01:01 +0200
+
+exim4 (4.86-3) unstable; urgency=medium
+
+ * Pull three patches from upstream git:
+ + 75_Fix-ESMTP-MAIL-command-option-processing.patch:
+ Corrects handling of mail-addresses with whitespace.
+ <http://article.gmane.org/gmane.mail.exim.user/97069>
+ + 76_Fix-post-transport-crash.patch
+ 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
+ <https://bugs.exim.org/show_bug.cgi?id=1671>
+ * Fix spelling error in copyright file. (Thanks, lintian)
+ * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
+ upstream git, exim was keeping logfiles open after after a "too many
+ connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
+ chasing this.)
+ * When saving the berkeley DB version at build-time pass -P option to cpp,
+ to prevent linebreaks.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 25 Aug 2015 20:05:59 +0200
+
+exim4 (4.86-2) unstable; urgency=high
+
+ * Update exim4-config Breaks, PRDR support is was moved from being
+ Experimental into the mainline with 4.83.
+ Closes: #794320
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 02 Aug 2015 07:40:24 +0200
+
+exim4 (4.86-1) unstable; urgency=medium
+
+ * New upstream version, identical to RC5 (except for the version string).
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 26 Jul 2015 18:35:33 +0200
+
+exim4 (4.86~RC5-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 18 Jul 2015 11:46:11 +0200
+
+exim4 (4.86~RC4-2) unstable; urgency=medium
+
+ * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463
+ * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock,
+ 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch,
+ 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris,
+ 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler),
+ transition from debian/upstream-signing-key.pgp to
+ debian/upstream/signing-key.asc.
+ * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update
+ exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then
+ properly fix the issue. Closes: #790616
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 05 Jul 2015 11:47:47 +0200
+
+exim4 (4.86~RC4-1) unstable; urgency=medium
+
+ * unexport/undefine TZ in debian/rules for reproducible build. It would be
+ used as default value for TIMEZONE_DEFAULT.
+ * New upstream version.
+ + Unfuzz 31_eximmanpage.dpatch.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 29 Jun 2015 07:43:19 +0200
+
+exim4 (4.86~RC3-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 23 Jun 2015 19:11:19 +0200
+
+exim4 (4.86~RC3-1) experimental; urgency=medium
+
+ * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug
+ 1166671.
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 22 Jun 2015 20:39:11 +0200
+
+exim4 (4.86~RC2-1) experimental; urgency=medium
+
+ * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control
+ (Thanks, lintian).
+ * New upstream version:
+ +Drop included patches.
+ (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch,
+ 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch,
+ 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
+ 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch)
+ * Sync Debian config with upstream default config:
+ + Set prdr_enable.
+ + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to
+ log_selector option value.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 17 Jun 2015 19:49:58 +0200
+
+exim4 (4.86~RC1-3) experimental; urgency=medium
+
+ * Get time and date of latest debian/changelog entry and patch exim(on) to
+ use these instead of __DATE__ and __TIME__.
+ * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch
+ from GIT to fix FTBFS on kfreebsd.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 13 Jun 2015 15:22:47 +0200
+
+exim4 (4.86~RC1-2) experimental; urgency=medium
+
+ * Pull three post-release fixes from upstream GIT. (null pointer
+ derefencing, and spam scanning defaulting to rspam mode)
+ + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch
+ + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch
+ + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 07 Jun 2015 07:26:13 +0200
+
+exim4 (4.86~RC1-1) experimental; urgency=medium
+
+ * New upstream release.
+ + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch,
+ refresh patches.
+ + Update EDITME*, enable AUTH_TLS for -heavy.
+ + Sync Debian config with upstream default config, rfc1413 calls are now
+ disabled by default.
+ + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741
+ + The spamd_address main option now supports an optional timeout value per
+ server (tmo=timespec), it defaults two 2 minutes. Closes: #297915
+ + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687
+ + log reason for defer, on a hostlist dns-lookup temporary error.
+ Closes: #670035
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 06 Jun 2015 15:41:33 +0200
+
+exim4 (4.85-3) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 28 Apr 2015 19:34:16 +0200
+
+exim4 (4.85-2) experimental; urgency=medium
+
+ * Merge from unstable 4.84-8.
+ + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
+ (<< ${source:Version}.1), at least source version, but not the next
+ sourceful upload. Closes: #777246
+ + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
+ upstream GIT which fixes breakage of string-expansion in headers_remove
+ commands. (Thanks Gordon Dickens, for the pointer.) -
+ 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added
+ here since it already part of 4.85.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 21 Feb 2015 15:38:47 +0100
+
+exim4 (4.85-1) experimental; urgency=medium
+
+ * exim4-config_files.5: Escape dots in regex. (Thanks, ael)
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 13 Jan 2015 18:48:45 +0100
+
+exim4 (4.85~RC4-1) experimental; urgency=medium
+
+ * update-exim4.conf:
+ + Drop unused variable UPEX4C_internal_tmp.
+ + Use tempfile(1) if the generated file will not be written to
+ /var/lib/exim4/.
+ + Add --check option.
+ * init-script: On restart use update-exim4.conf --check before stopping the
+ daemon. (This is a no-op with systemd since its sysv compat layer
+ translates "foo restart" into "foo stop" "foo start" instead of using the
+ init scripts restart target.)
+ * Handle _RC in watchfile with uversionmangle.
+ * New upstream version.
+ + Stop repacking source, rfcs have been dropped.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 31 Dec 2014 14:24:35 +0100
+
+exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 18 Dec 2014 19:07:59 +0100
+
+exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff
+ 70_remove_exim-users_references.dpatch.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 01 Dec 2014 18:54:17 +0100
+
+exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium
+
+ * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
+ neither expects a mbox-style From nor an empty line add the end. (Thanks,
+ Edward Betts) Closes: #769396
+ * Change the init script's restart order from { regenerate_config; stop;
+ start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
+ Closes: #768874
+ * New upstream version.
+ + Unfuzz 66_enlarge-dh-parameters-size.dpatch
+ + Drop 80_mime_empty_charset.diff.
+ * Remove rfc from upstream source and repack it.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 18 Nov 2014 19:28:20 +0100
+
+exim4 (4.84-8+hcoop4) unstable; urgency=medium
+
+ * Missed another chown that needs skipping
+
+ -- Clinton Ebadi <clinton@unknownlamer.org> Thu, 14 May 2015 01:35:09 -0400
+
+exim4 (4.84-8+hcoop3) unstable; urgency=medium
+
+ * Patch the right thing.
- -- Andreas Metzler <ametzler@debian.org> Sat, 12 Mar 2016 08:17:40 +0100
+ -- Clinton Ebadi <clinton@unknownlamer.org> Thu, 14 May 2015 00:34:14 -0400
-exim4 (4.84-8+deb8u2) jessie; urgency=medium
+exim4 (4.84-8+hcoop2) unstable; urgency=medium
- * 87_Fix-transport-results-pipe-for-multiple-recipients-c.patch: Pull and
- unfuzz bd21a78 from upstream GIT, to fix a bug causing duplicate
- deliveries especially on TLS connections. Closes: #805576
+ * Change message in chown failure for sanity check
- -- Andreas Metzler <ametzler@debian.org> Sat, 21 Nov 2015 11:24:46 +0100
+ -- Clinton Ebadi <clinton@unknownlamer.org> Wed, 13 May 2015 23:47:18 -0400
-exim4 (4.84-8+deb8u1) jessie; urgency=medium
+exim4 (4.84-8+hcoop1) unstable; urgency=medium
- * Pull 85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch
- and 86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch from
- upstream GIT to fixup more MIME ACL related crashes. (Thanks, Lutz
- Preßler) Closes: #803562
+ * Relax chown requirement for delivery into afs
- -- Andreas Metzler <ametzler@debian.org> Mon, 26 Oct 2015 17:42:16 +0100
+ -- Clinton Ebadi <clinton@unknownlamer.org> Wed, 13 May 2015 23:26:54 -0400
exim4 (4.84-8) unstable; urgency=medium
- Supports CRL (Certificate Revocation List) (Closes: #229063)
- exim_dbmbuild does not crash on _very_ long RHS values.
(Closes: #231597)
- - route_list does not use a fixed lenght buffer anymore. (Closes: #231979)
+ - route_list does not use a fixed length buffer anymore. (Closes: #231979)
- An empty tls_verify_certificates file is correctly interpreted as empty
list instead of breaking TLS. (Closes: #236478)
* Korean translation of debconf templates by Changwoo Ryu (Closes: #241499)
HCoop / hcoop / debian / exim4.git / blobdiff