--- /dev/null
- --- EDITME.exim4-light 2017-03-04 11:15:58.309895066 +0100
- +++ EDITME.exim4-heavy 2017-03-04 11:17:12.616522005 +0100
- @@ -212,7 +212,7 @@
++--- EDITME.exim4-light 2019-04-16 15:54:51.009790678 +0000
+++++ EDITME.exim4-heavy 2019-04-16 15:54:44.177917231 +0000
++@@ -217,7 +217,7 @@
+
+ # This one is very special-purpose, so is not included by default.
+
+-# ROUTER_IPLOOKUP=yes
++ROUTER_IPLOOKUP=yes
+
+
+ #------------------------------------------------------------------------------
- @@ -244,7 +244,7 @@
++@@ -249,7 +249,7 @@
+
+ SUPPORT_MAILDIR=yes
+ SUPPORT_MAILSTORE=yes
+-# SUPPORT_MBX=yes
++SUPPORT_MBX=yes
+
+
+ #------------------------------------------------------------------------------
- @@ -305,15 +305,15 @@
++@@ -310,16 +310,16 @@
+ LOOKUP_CDB=yes
+ LOOKUP_DSEARCH=yes
+ # LOOKUP_IBASE=yes
+-# LOOKUP_LDAP=yes
+-# LOOKUP_MYSQL=yes
++LOOKUP_LDAP=yes
++LOOKUP_MYSQL=yes
++ # LOOKUP_MYSQL_PC=mariadb
+ LOOKUP_NIS=yes
+ # LOOKUP_NISPLUS=yes
+ # LOOKUP_ORACLE=yes
+ LOOKUP_PASSWD=yes
+-# LOOKUP_PGSQL=yes
++LOOKUP_PGSQL=yes
+ # LOOKUP_REDIS=yes
+-# LOOKUP_SQLITE=yes
++LOOKUP_SQLITE=yes
+ # LOOKUP_SQLITE_PC=sqlite3
+ # LOOKUP_WHOSON=yes
+
- @@ -334,7 +334,7 @@
++@@ -340,7 +340,7 @@
+ # with Solaris 7 onwards. Uncomment whichever of these you are using.
+
+ # LDAP_LIB_TYPE=OPENLDAP1
+-# LDAP_LIB_TYPE=OPENLDAP2
++LDAP_LIB_TYPE=OPENLDAP2
+ # LDAP_LIB_TYPE=NETSCAPE
+ # LDAP_LIB_TYPE=SOLARIS
+
- @@ -373,6 +373,9 @@
++@@ -385,6 +385,9 @@
+ # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3
+
+
++LOOKUP_INCLUDE=-I/usr/include/mysql -I`pg_config --includedir`
++LOOKUP_LIBS=-lldap -llber -lmysqlclient -lpq -lsqlite3
++
+ #------------------------------------------------------------------------------
+ # Compiling the Exim monitor: If you want to compile the Exim monitor, a
+ # program that requires an X11 display, then EXIM_MONITOR should be set to the
- @@ -381,7 +384,7 @@
++@@ -393,7 +396,7 @@
+ # files are defaulted in the OS/Makefile-Default file, but can be overridden in
+ # local OS-specific make files.
+
+-EXIM_MONITOR=eximon.bin
++# EXIM_MONITOR=eximon.bin
+
+
+ #------------------------------------------------------------------------------
- @@ -391,7 +394,7 @@
++@@ -403,7 +406,7 @@
+ # and the MIME ACL. Please read the documentation to learn more about these
+ # features.
+
+-# WITH_CONTENT_SCAN=yes
++WITH_CONTENT_SCAN=yes
+
- #------------------------------------------------------------------------------
- # If you're using ClamAV and are backporting fixes to an old version, instead
- @@ -627,16 +630,16 @@
++ # If you have content scanning you may wish to only include some of the scanner
++ # interfaces. Uncomment any of these lines to remove that code.
++@@ -645,16 +648,16 @@
+ # configuration to make use of the mechanism(s) selected.
+
+ AUTH_CRAM_MD5=yes
+-# AUTH_CYRUS_SASL=yes
+-# AUTH_DOVECOT=yes
++AUTH_CYRUS_SASL=yes
++AUTH_DOVECOT=yes
+ # AUTH_GSASL=yes
+ # AUTH_GSASL_PC=libgsasl
+ # AUTH_HEIMDAL_GSSAPI=yes
+ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
+ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
+ AUTH_PLAINTEXT=yes
+-# AUTH_SPA=yes
+-# AUTH_TLS=yes
++AUTH_SPA=yes
++AUTH_TLS=yes
+
+ # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1
+ # requires multiple pkg-config files to work with Exim, so the second example
- @@ -649,7 +652,7 @@
++@@ -667,7 +670,7 @@
+ # Similarly for GNU SASL, unless pkg-config is used via AUTH_GSASL_PC.
+ # Ditto for AUTH_HEIMDAL_GSSAPI(_PC).
+
+-# AUTH_LIBS=-lsasl2
++AUTH_LIBS=-lsasl2
+ # AUTH_LIBS=-lgsasl
+ # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt
+
- @@ -923,7 +926,7 @@
++@@ -945,7 +948,7 @@
+ # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded
+ # Perl costs quite a lot of resources. Only do this if you really need it.
+
+-# EXIM_PERL=perl.o
++EXIM_PERL=perl.o
+
+
+ #------------------------------------------------------------------------------
- @@ -933,7 +936,7 @@
++@@ -955,7 +958,7 @@
+ # that the local_scan API is made available by the linker. You may also need
+ # to add -ldl to EXTRALIBS so that dlopen() is available to Exim.
+
+-# EXPAND_DLFUNC=yes
++EXPAND_DLFUNC=yes
+
+
+ #------------------------------------------------------------------------------
- @@ -943,11 +946,11 @@
++@@ -965,11 +968,11 @@
+ # support, which is intended for use in conjunction with the SMTP AUTH
+ # facilities, is included only when requested by the following setting:
+
+-# SUPPORT_PAM=yes
++SUPPORT_PAM=yes
+
+ # You probably need to add -lpam to EXTRALIBS, and in some releases of
+ # GNU/Linux -ldl is also needed.
+-EXTRALIBS=-ldl
++EXTRALIBS=-lpam -export-dynamic
+
+
+ #------------------------------------------------------------------------------
- @@ -961,7 +964,7 @@
++@@ -983,7 +986,7 @@
+ # If you may want to use inbound (server-side) proxying, using Proxy Protocol,
+ # uncomment the line below.
+
+-# SUPPORT_PROXY=yes
++SUPPORT_PROXY=yes
+
+
+ #------------------------------------------------------------------------------
- @@ -1299,7 +1302,7 @@
++@@ -1338,7 +1341,7 @@
+ # local part) can be increased by changing this value. It should be set to
+ # a multiple of 16.
+
+-# MAX_NAMED_LIST=16
++MAX_NAMED_LIST=32
+
+
+ #------------------------------------------------------------------------------
--- /dev/null
- --- src/EDITME 2017-02-12 14:19:37.000000000 +0000
- +++ EDITME.exim4-light 2017-02-12 14:22:15.062382937 +0000
++--- src/EDITME 2019-04-16 15:52:53.000000000 +0000
+++++ EDITME.exim4-light 2019-04-16 15:54:51.009790678 +0000
+@@ -98,7 +98,7 @@
+ # /usr/local/sbin. The installation script will try to create this directory,
+ # and any superior directories, if they do not exist.
+
+-BIN_DIRECTORY=/usr/exim/bin
++BIN_DIRECTORY=/usr/sbin
+
+
+ #------------------------------------------------------------------------------
+@@ -114,7 +114,7 @@
+ # don't exist. It will also install a default runtime configuration if this
+ # file does not exist.
+
+-CONFIGURE_FILE=/usr/exim/configure
++CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
+
+ # It is possible to specify a colon-separated list of files for CONFIGURE_FILE.
+ # In this case, Exim will use the first of them that exists when it is run.
+@@ -131,7 +131,7 @@
+ # deliveries. (Local deliveries run as various non-root users, typically as the
+ # owner of a local mailbox.) Specifying these values as root is not supported.
+
+-EXIM_USER=
++EXIM_USER=ref:Debian-exim
+
+ # If you specify EXIM_USER as a name, this is looked up at build time, and the
+ # uid number is built into the binary. However, you can specify that this
+@@ -153,6 +153,7 @@
+ # you want to use a group other than the default group for the given user.
+
+ # EXIM_GROUP=
++EXIM_GROUP=ref:Debian-exim
+
+ # Many sites define a user called "exim", with an appropriate default group,
+ # and use
+@@ -173,7 +174,7 @@
+
+ # Almost all installations choose this:
+
+-SPOOL_DIRECTORY=/var/spool/exim
++SPOOL_DIRECTORY=/var/spool/exim4
+
+
+
- @@ -232,7 +233,7 @@
++@@ -237,7 +238,7 @@
+ # This one is special-purpose, and commonly not required, so it is not
+ # included by default.
+
+-# TRANSPORT_LMTP=yes
++TRANSPORT_LMTP=yes
+
+
+ #------------------------------------------------------------------------------
- @@ -241,8 +242,8 @@
++@@ -246,8 +247,8 @@
+ # MBX, is included only when requested. If you do not know what this is about,
+ # leave these settings commented out.
+
+-# SUPPORT_MAILDIR=yes
+-# SUPPORT_MAILSTORE=yes
++SUPPORT_MAILDIR=yes
++SUPPORT_MAILSTORE=yes
+ # SUPPORT_MBX=yes
+
+
- @@ -301,15 +302,15 @@
++@@ -306,16 +307,16 @@
+ LOOKUP_LSEARCH=yes
+ LOOKUP_DNSDB=yes
+
+-# LOOKUP_CDB=yes
+-# LOOKUP_DSEARCH=yes
++LOOKUP_CDB=yes
++LOOKUP_DSEARCH=yes
+ # LOOKUP_IBASE=yes
+ # LOOKUP_LDAP=yes
+ # LOOKUP_MYSQL=yes
++ # LOOKUP_MYSQL_PC=mariadb
+-# LOOKUP_NIS=yes
++LOOKUP_NIS=yes
+ # LOOKUP_NISPLUS=yes
+ # LOOKUP_ORACLE=yes
+-# LOOKUP_PASSWD=yes
++LOOKUP_PASSWD=yes
+ # LOOKUP_PGSQL=yes
+ # LOOKUP_REDIS=yes
+ # LOOKUP_SQLITE=yes
- @@ -577,7 +578,7 @@
++@@ -367,7 +368,7 @@
++ # Uncomment the following line to add DANE support
++ # Note: Enabling this unconditionally overrides DISABLE_DNSSEC
++ # For DANE under GnuTLS we need an additional library. See TLS_LIBS below.
++-# SUPPORT_DANE=yes
+++SUPPORT_DANE=yes
++
++ #------------------------------------------------------------------------------
++ # Additional libraries and include directories may be required for some
++@@ -595,7 +596,7 @@
+ # CONFIGURE_OWNER setting, to specify a configuration file which is listed in
+ # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim.
+
+-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs
++TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs
+
+
+ #------------------------------------------------------------------------------
- @@ -613,6 +614,9 @@
++@@ -631,6 +632,9 @@
+
+ # WHITELIST_D_MACROS=TLS:SPOOL
+
++# Mailscanner uses -DOUTGOING.
++WHITELIST_D_MACROS=OUTGOING
++
+ #------------------------------------------------------------------------------
+ # Exim has support for the AUTH (authentication) extension of the SMTP
+ # protocol, as defined by RFC 2554. If you don't know what SMTP authentication
- @@ -622,7 +626,7 @@
++@@ -640,7 +644,7 @@
+ # included in the Exim binary. You will then need to set up the run time
+ # configuration to make use of the mechanism(s) selected.
+
+-# AUTH_CRAM_MD5=yes
++AUTH_CRAM_MD5=yes
+ # AUTH_CYRUS_SASL=yes
+ # AUTH_DOVECOT=yes
+ # AUTH_GSASL=yes
- @@ -630,7 +634,7 @@
++@@ -648,7 +652,7 @@
+ # AUTH_HEIMDAL_GSSAPI=yes
+ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
+ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5
+-# AUTH_PLAINTEXT=yes
++AUTH_PLAINTEXT=yes
+ # AUTH_SPA=yes
+ # AUTH_TLS=yes
+
- @@ -656,7 +660,7 @@
++@@ -674,7 +678,7 @@
+ # one that is set in the headers_charset option. The default setting is
+ # defined by this setting:
+
+-HEADERS_CHARSET="ISO-8859-1"
++HEADERS_CHARSET="UTF-8"
+
+ # If you are going to make use of $header_xxx expansions in your configuration
+ # file, or if your users are going to use them in filter files, and the normal
- @@ -745,7 +749,7 @@
++@@ -763,7 +767,7 @@
+ # leave these settings commented out.
+
+ # This setting is required for any TLS support (either OpenSSL or GnuTLS)
+-# SUPPORT_TLS=yes
++SUPPORT_TLS=yes
+
+ # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
+ # USE_OPENSSL_PC=openssl
- @@ -753,9 +757,9 @@
++@@ -771,9 +775,9 @@
+
+ # Uncomment the first and either the second or the third of these if you
+ # are using GnuTLS. If you have pkg-config, then the second, else the third.
+-# USE_GNUTLS=yes
++USE_GNUTLS=yes
+ # USE_GNUTLS_PC=gnutls
+-# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
++TLS_LIBS=-lgnutls
+
+ # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
+ # build process will require libgcrypt-config to exist in your $PATH. A
- @@ -847,6 +851,7 @@
++@@ -809,7 +813,7 @@
++ # TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt
++
++ # For DANE under GnuTLS we need an additional library.
++-# TLS_LIBS += -lgnutls-dane
+++TLS_LIBS += -lgnutls-dane
++
++ # TLS_LIBS is included only on the command for linking Exim itself, not on any
++ # auxiliary programs. If the include files are not in a standard place, you can
++@@ -830,6 +834,7 @@
++ # description of the API to this function, see the Exim specification.
++
++ DLOPEN_LOCAL_SCAN=yes
+++HAVE_LOCAL_SCAN=yes
++
++ # If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
++ # linker flags. Without it, the loaded .so won't be able to access any
++@@ -868,6 +873,7 @@
+ # to form the final file names. Some installations may want something like this:
+
+ # LOG_FILE_PATH=/var/log/exim_%slog
++LOG_FILE_PATH=/var/log/exim4/%slog
+
+ # which results in files with names /var/log/exim_mainlog, etc. The directory
+ # in which the log files are placed must exist; Exim does not try to create
- @@ -895,7 +900,7 @@
++@@ -916,7 +922,7 @@
+ # files. Both the name of the command and the suffix that it adds to files
+ # need to be defined here. See also the EXICYCLOG_MAX configuration.
+
+-COMPRESS_COMMAND=/usr/bin/gzip
++COMPRESS_COMMAND=/bin/gzip
+ COMPRESS_SUFFIX=gz
+
+
- @@ -910,7 +915,7 @@
++@@ -931,7 +937,7 @@
+ # ZCAT_COMMAND=zcat
+ #
+ # Or specify the full pathname:
+-ZCAT_COMMAND=/usr/bin/zcat
++ZCAT_COMMAND=zcat
+
+ #------------------------------------------------------------------------------
+ # Compiling in support for embedded Perl: If you want to be able to
- @@ -942,6 +947,7 @@
++@@ -963,6 +969,7 @@
+
+ # You probably need to add -lpam to EXTRALIBS, and in some releases of
+ # GNU/Linux -ldl is also needed.
++EXTRALIBS=-ldl
+
+
+ #------------------------------------------------------------------------------
- @@ -950,7 +956,7 @@
++@@ -971,7 +978,7 @@
+ # If you may want to use outbound (client-side) proxying, using Socks5,
+ # uncomment the line below.
+
+-# SUPPORT_SOCKS=yes
++SUPPORT_SOCKS=yes
+
+ # If you may want to use inbound (server-side) proxying, using Proxy Protocol,
+ # uncomment the line below.
- @@ -1038,6 +1044,8 @@
++@@ -1069,6 +1076,8 @@
+
+ # CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
+
++# default in Debian's sasl2-bin
++CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux
+
+ #------------------------------------------------------------------------------
+ # TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment
- @@ -1343,6 +1351,7 @@
++@@ -1381,6 +1390,7 @@
+ # file can be specified here. Some installations may want something like this:
+
+ # PID_FILE_PATH=/var/lock/exim.pid
++PID_FILE_PATH=/run/exim4/exim.pid
+
+ # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
+ # using the name "exim-daemon.pid".
- @@ -1376,6 +1385,7 @@
++@@ -1414,6 +1424,7 @@
+ # messages become "invisible" to the normal management tools.
+
+ # SUPPORT_MOVE_FROZEN_MESSAGES=yes
++SUPPORT_MOVE_FROZEN_MESSAGES=yes
+
+
+ #------------------------------------------------------------------------------
- @@ -1414,3 +1424,6 @@
++@@ -1452,3 +1463,6 @@
+ # ENABLE_DISABLE_FSYNC=yes
+
+ # End of EDITME for Exim 4.
++
++# enable IPv6 support
++HAVE_IPV6=YES
--- /dev/null
- --- exim_monitor/EDITME 2017-02-12 00:58:50.000000000 +0000
- +++ EDITME.eximon 2017-02-12 14:19:40.765243359 +0000
++--- exim_monitor/EDITME 2018-03-15 20:22:06.000000000 +0000
+++++ EDITME.eximon 2018-03-16 18:27:06.609171034 +0000
+@@ -1,6 +1,7 @@
+ ##################################################
+ # The Exim Monitor #
+ ##################################################
++# -*- makefile -*-
+
+ # This is the template for the Exim monitor's main build-time configuration
+ # file. It contains settings that are independent of any operating system. It
--- /dev/null
- --- EDITME.exim4-light 2012-05-29 19:16:05.000000000 +0200
- +++ EDITME.exim4-light 2012-05-29 19:17:05.000000000 +0200
- @@ -697,13 +697,13 @@ SUPPORT_TLS=yes
++--- EDITME.exim4-light 2017-10-28 08:02:20.930695089 +0200
+++++ EDITME.exim4-light 2017-10-28 08:03:25.433584564 +0200
++@@ -760,13 +760,13 @@ SUPPORT_TLS=yes
+
+ # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not
+ # USE_OPENSSL_PC=openssl
+-# TLS_LIBS=-lssl -lcrypto
++TLS_LIBS=-lssl -lcrypto
+
+ # Uncomment the first and either the second or the third of these if you
+ # are using GnuTLS. If you have pkg-config, then the second, else the third.
+-USE_GNUTLS=yes
++# USE_GNUTLS=yes
+ # USE_GNUTLS_PC=gnutls
+-TLS_LIBS=-lgnutls
++# TLS_LIBS=-lgnutls
+
- # If you are running Exim as a server, note that just building it with TLS
- # support is not all you need to do. You also need to set up a suitable
++ # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's
++ # build process will require libgcrypt-config to exist in your $PATH. A
--- /dev/null
- <listitem>
- <simpara>
- The Debian Exim 4 packages have their own
- <ulink url="http://pkg-exim4.alioth.debian.org">
- Home Page
- </ulink> which also links to a User FAQ.
- </simpara>
- </listitem>
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+ "http://www.docbook.org/xml/4.4/docbookx.dtd">
+<article> <title>Exim 4 for Debian</title>
+ <section> <title>Introduction</title>
+ <para>
+ If you're reading this, you have found the README.Debian
+ file. This is good, thanks! Please continue reading this file in
+ its entirety. It is full of important information and has been
+ written with the questions in mind that keep popping up on the
+ mailing lists.
+ </para>
+ <section> <title>How to find your way around the Documentation</title>
+ <para>
+ Exim comes with very extensive documentation. Here is how to
+ find it.
+ <orderedlist>
+ <listitem>
+ <simpara>
+ A lot of information about Debian's Exim 4
+ packaging can be found in this document.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ The packages contain a lot of Debian-specific man pages.
+ Use the <command>apropos exim</command> command to get a list.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Most files that control the default configuration are
+ documented in the exim4-config_files(5) man page, which
+ is symlinked to the file names. man <filename> should
+ lead you to the page.
+ </simpara>
+ </listitem>
- <para>
- The <ulink url="http://pkg-exim4.alioth.debian.org"
- type="http">development web page</ulink> contains a lot of
- useful links and other information. The subversion repository
- of the Debian package is available for public read-only access
- and is linked from the development web page.
- </para>
+ <listitem>
+ <para>
+ The very extensive Upstream documentation is shipped
+ <orderedlist>
+ <listitem>
+ <simpara>
+ in text form
+ (<filename>/usr/share/doc/exim4-base/spec.txt.gz</filename>)
+ with the binary packages.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ in HTML in the package
+ <filename>exim4-doc-html</filename>
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ as a Texinfo file in the package
+ <filename>exim4-doc-info</filename>
+ </simpara>
+ </listitem>
+ </orderedlist>
+ </para>
+ </listitem>
+ </orderedlist>
+ </para>
+ <para>
+ Please note that documentation found on the web or in other
+ parts of the Debian system (such as the Debian Reference)
+ might be outdated and thus give wrong advice. In doubt, the
+ documentation listed above should take precedence.
+ </para>
+ </section>
+ <section> <title>Getting Support</title>
+ <para>
+ For your questions and comments, there is a <ulink
+ url="http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users">
+ Debian-specific mailing list</ulink>. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if
+ you are sure that your question is not Debian-specific.
+ Debian-specific questions are more likely to find answers on
+ our pkg-exim4-users mailing list, while complex custom
+ configuration issues might be more easily solved on the
+ upstream exim-users mailing list because of the broader and
+ more experienced audience there. You can subscribe to
+ pkg-exim4-users <ulink
+ url="http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users">
+ via the subscription web page;</ulink> you need to be
+ subscribed to post.
+ </para>
+ <para>
+ If you think that your question might be more easily answered
+ if one knows a bit about your configuration, you might want to
+ execute <command>reportbug --subject="none" --offline --quiet
+ --severity=wishlist --body="none" --output=exim4.reportbug
+ exim4-config</command> on the system in question, answer yes
+ to both "include [extended] configuration" questions and include
+ the contents of the exim4.reportbug file generated by this
+ command with your question. Please check whether the file
+ contains any confidential information before sending.
+ </para>
+ </section>
+ <section> <title>Packaging</title>
+ <para>
+ Similar to the Apache2 package, Exim 4 is an entirely
+ different package that does not currently offer a smooth
+ upgrade path from Debian's Exim 3 packages.
+ </para>
+ <para>
+ It is the first Exim package in Debian that can be configured
+ using debconf. However, the entire configuration framework is
+ extremely flexible, allowing you to get exactly the amount of
+ control you need for the job at hand.
+ </para>
+ <section> <title>Feature Sets in the daemon packages</title>
+ <para>
+ To use Exim 4, you need at least the following packages:
+ <variablelist>
+ <varlistentry>
+ <term>exim4-base</term>
+ <listitem>
+ <simpara>support files for all Exim MTA (v4) packages</simpara>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>exim4-config</term>
+ <listitem>
+ <simpara>configuration for the Exim MTA (v4)</simpara>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>exim4-daemon-light</term>
+ <listitem>
+ <simpara>lightweight exim MTA (v4) daemon</simpara>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ <para>
+ Just apting the metapackage <command>exim4</command> will pull
+ in the other packages per dependency. You'll get an exim daemon
+ with minimal feature set (no external lookups).
+ </para>
+ <para>
+ If you need more advanced features like LDAP, sqlite, PostgreSQL
+ and MySQL data lookups, SASL and SPA SMTP authentication, embedded
+ Perl interpreter, and exiscan-acl for integration of
+ virus-scanners and SpamAssassin, you can replace
+ <command>exim4-daemon-heavy</command> instead of
+ <command>exim4-daemon-light</command>. Additionally, the source
+ package offers infrastructure to build your own custom-tailored
+ exim4-daemon-custom which exactly fits your special local needs.
+ The infrastructure to do so is already in place, see
+ debian/rules for instructions.
+ </para>
+ </section>
+ <section> <title>How to build a custom daemon</title>
+ <para>
+ The process of building a custom daemon is partially
+ documented in the <filename>debian/rules</filename> file
+ in the source package. Patches for more documentation are welcome.
+ </para>
+ </section>
+ </section>
+ </section>
+ <section> <title>Configuration of Exim 4 in the Debian packages</title>
+ <para>
+ Generally, the Debian Exim 4 packages are configured through
+ debconf. You have been asked some questions on package installation,
+ and your initial Exim configuration has been created from your
+ answers. You can repeat the configuration process any time by invoking
+ <command>dpkg-reconfigure exim4-config</command>. If you are an
+ experienced Exim administrator and prefer to have your own,
+ hand-crafted, non-automatic Exim configuration, you will find
+ information about how to do so in
+ <xref linkend="completely-different-configuration"/>.
+ </para>
+ <para>
+ The debconf-driven configuration is mainly geared for a
+ one-domain shell account machine/workstation with local delivery
+ as suggested by the original upstream default configuration.
+ If you configure the packages to handle more than one local
+ domain, all local domains are treated identically. The domain
+ part is not used for routing and filtering decisions.
+ </para>
+ <para>
+ Despite the default configuration being extended somewhat from
+ the original upstream, chances are that you'll need to
+ manually change the Exim configuration with an editor if you intend to
+ do something that is not covered by the debconf-driven configuration.
+ It has never been the packages' intention to offer all possible
+ configuration methods through debconf. The configuration files are
+ there to be changed, feel free to do so if you see fit. The Debian
+ Exim 4 maintainers have tried to make the configuration as flexible as
+ possible so that manual intervention can be minimized.
+ </para>
+ <para>
+ If you need to make manual changes to the Exim configuration,
+ please be familiar with how Exim works. At minimum, have read this
+ README file and the manpages delivered with the Debian Exim 4
+ packages, and <filename>/usr/share/doc/exim4-base/spec.txt.gz</filename>
+ chapters <phrase>"How Exim receives and delivers mail"</phrase> and
+ <phrase>"The Exim run time configuration file"</phrase>.
+ <filename>spec.txt.gz</filename> is an excellent reference.
+ </para>
+ <para>
+ Please note that while most free-form fields in the
+ debconf-driven configuration have the entered string end up
+ verbatim in Exim's configuration file (and thus using more
+ advanced features like host, address and domain lists is possible
+ and will probably work), this is not officially supported.
+ Only plain lists are supported in the debconf dialogs. You may
+ use more advanced features, but they may stop working any time
+ during upgrades.
+ </para>
+ <section> <title>The Configuration System</title>
+ <section id="debconf-questions"> <title>The Debconf questions</title>
+ <para>
+ In this section, we try to document and explain the debconf
+ questions, which are themselves limited to a small screen of
+ information and might leave questions unanswered. Since you
+ can usually read this file only after having answered the
+ questions, the process can always be repeated by invoking
+ <command>dpkg-reconfigure exim4-config.</command>
+ <filename>/etc/exim4/update-exim4.conf.conf</filename>,
+ documented in the <command>update-exim4.conf</command>
+ manual page, is
+ a simple shell-script snippet used to store the answers
+ that you passed to debconf when initially configuring Exim.
+ You may also modify this file with an editor of your choice.
+ The package maintainer scripts can handle this and will
+ preserve your changes.
+ </para>
+ <section> <title>General type of mail configuration</title>
+ <para>
+ This is the main configuration question which will
+ control which of the remaining questions are
+ presented to you. It also controls things like daemon
+ invocation and delivery of outgoing mail.
+ </para>
+ <section> <title> internet site; mail is sent and
+ received directly using SMTP</title>
+ <para>
+ This option is suitable for a standalone system
+ with full internet connectivity.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The Exim SMTP daemon will accept messages
+ to local domains, and deliver them locally.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Outgoing mail will be delivered directly
+ to the mail exchange servers of the
+ recipient domain
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section> <title> mail sent by smarthost; received via
+ SMTP or fetchmail</title>
+ <para>
+ This option is suitable for a standalone client system
+ which has restricted internet connectivity, for
+ example on a residential connection where an SMTP
+ smarthost is used. Some ISPs block outgoing SMTP
+ connections to combat the spam problem, thus
+ requiring the use of their smarthosts. It is
+ generally a good idea to use the ISPs smart host
+ if one is connected with a dynamic IP address
+ since quite a few sites do not accept mail
+ directly delivered from a dial-in pool.
+ </para>
+ <para>
+ fetchmail can be used to retrieve incoming mail
+ from the ISP's POP3 or IMAP mail server and
+ deliver it to Exim via SMTP.
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The Exim SMTP daemon will accept messages
+ to local domains, and deliver them locally.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Outgoing mail will always be delivered to
+ the smarthost configured in exim4.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </section>
+ <section> <title>mail sent by smarthost; no local mail</title>
+ <para>
+ This option is suitable for a client system in a
+ computer pool which is not responsible for a local
+ e-mail domain. All locally generated e-mail is
+ sent to the smarthost without any local domains.
+ </para>
+ </section>
+ <section> <title>local delivery only; not on a network</title>
+ <para>
+ This option is suitable for a standalone system
+ with no networking at all. Only messages for configured
+ local domains are accepted and delivered locally;
+ messages for all other domains are rejected:
+ ``Mailing to remote domains not supported''.
+ </para>
+ </section>
+ <section> <title>no configuration at this time</title>
+ <para>
+ This option disables most of Debian's automatisms
+ and leaves exim in an unconfigured state.
+ update-exim4.conf will still copy
+ <filename>/etc/exim4/exim4.conf.template</filename>
+ or concatenate the files from
+ <filename>/etc/exim4/conf.d,</filename> and will
+ not generate any configuration control macros.
+ Unless you manually edit the configuration source,
+ this will leave Exim with a syntactically invalid
+ configuration file, thus in a state where the
+ daemon won't even start.
+ </para>
+ <para>
+ Only choose this option if you know what you're
+ doing and are prepared to create your own Exim
+ configuration.
+ </para>
+ <para>
+ dpkg-conffile handling is still in place, and you
+ will be offered updates for configuration
+ snippets, as soon as they become available.
+ </para>
+ </section>
+ </section>
+ <section> <title>System mail name</title>
+ <para>
+ The "mail name" is the domain name used to "qualify"
+ mail addresses without a domain name.
+ </para>
+ <para>
+ This name will also be used by other programs. It
+ should be the single, full domain name (FQDN).
+ </para>
+ <para>
+ For example, if a mail address on the local host is
+ foo@example.org, then the correct value for this
+ option would be example.org.
+ </para>
+ <para>
+ Exim, as a rule, handles only fully qualified mail
+ addresses, that is, addresses with a local part, an @
+ sign and a domain. If confronted with an unqualified
+ address, that is, one without @ sign and without
+ domain, first thing exim does is qualify the address
+ by adding the @ sign and a domain.
+ </para>
+ <para>
+ This qualification happens for all addresses exim
+ encounters, be it sender, recipient or else.
+ </para>
+ <para>
+ The domain name used to qualify unqualified mail addresses
+ is called ``mail name'' on Debian systems and entered
+ in this debconf dialog. What you enter here will end
+ up in <filename>/etc/mailname,</filename> which is a
+ file that might be used by other programs as well.
+ </para>
+ <para>
+ In some configuration types, the package configuration
+ will offer you, at a later step, to hide this name
+ from outgoing messages by rewriting the headers.
+ </para>
+ </section>
+ <section> <title>IP addresses to listen on for incoming SMTP
+ connections</title>
+ <para>
+ Please enter a semicolon-separated list of IP addresses.
+ The Exim SMTP listener daemon will listen on all IP
+ addresses listed here.
+ </para>
+ <para>
+ An empty value will cause Exim to listen for connections
+ on all available network interfaces.
+ </para>
+ <para>
+ If this system does only receive e-mail directly from
+ local services (and not from other hosts),
+ it is suggested to prohibit external connections to the
+ local Exim daemon. Such services include e-mail
+ programs (MUSs) which talk to localhost only as well as
+ fetchmail. External connections are impossible when
+ 127.0.0.1 is entered here, as this will disable listening
+ on public network interfaces.
+ </para>
+ <para>
+ Do not change this unless you know what you are doing.
+ Altering this value could post a security risk to your
+ system. For most users, the default value is sufficient.
+ </para>
+ </section>
+ <section> <title>Other destinations for which mail is accepted</title>
+ <para>
+ Please enter a semicolon-separated list of recipient
+ domains for which this machine should consider itself
+ the final destination. These domains are commonly
+ called 'local domains'. The local hostname and 'localhost'
+ are always added to the list given here.
+ </para>
+ <para>
+ By default all local domains will be treated
+ identically. If both a.example and b.example are
+ local domains, acc@a.example and acc@b.example will
+ be delivered to the same final destination. If
+ different domain names should be treated differently,
+ it is necessary to edit the config files afterwards.
+ </para>
+ <para>
+ The answer to this question ends up in the list of
+ domains that Exim will consider local domains. Mail
+ for recipients in one of these domains will be
+ subject to local alias expansion and then delivered
+ locally in the appropriate configuration types.
+ </para>
+ </section>
+ <section> <title>Domains to relay mail for</title>
+ <para>
+ Please enter a semicolon-separated list of recipient
+ domains for which this system will relay mail, for
+ example as a fallback MX or mail gateway. This means
+ that this system will accept mail for these domains
+ from anywhere on the Internet and deliver them
+ according to local delivery rules.
+ </para>
+ <para>
+ Do not mention local domains here. Wildcards may be used.
+ </para>
+ <para>
+ The answer to this question is a list of the domains
+ for which Exim will relay messages coming in from anywhere
+ on the Internet.
+ </para>
+ </section>
+ <section> <title>Machines to relay mail for</title>
+ <para>
+ Please enter a semicolon-separated list of IP address
+ ranges for which this system will unconditionally relay
+ mail, functioning as a smarthost.
+ </para>
+ <para>
+ You should use the standard address/prefix format
+ (e.g. 194.222.242.0/24 or 5f03:1200:836f::/48).
+ </para>
+ <para>
+ If this system should not be a smarthost for any
+ other host, leave this list blank.
+ </para>
+ <para>
+ Please note that systems not listed here can still use
+ SMTP AUTH to relay through this system. If this system
+ only has clients on dynamic IP addresses that use SMTP
+ AUTH, leave this list blank as well. Do
+ <emphasis>NOT</emphasis> list 0.0.0.0/0!
+ </para>
+ <para>
+ Warning: While it is possible to use
+ host<emphasis>names</emphasis> instead of IP addresses in this
+ list extra care needs to be taken in this case.
+ <emphasis>Unresolvable names in the host list will break
+ relaying.</emphasis> See
+ Exim specification chapter <phrase>"Domain, host, address, and
+ local part lists"</phrase>
+ and the exim4-config_files man page.
+ </para>
+ </section>
+ <section> <title>IP address or host name of the outgoing
+ smarthost</title>
+ <para>
+ Please enter the IP address or the host name of a mail
+ server that this system should use as outgoing
+ smarthost. If the smarthost only accepts your mail on
+ a port different from TCP/25, append two colons and
+ the port number (for example smarthost.example::587 or
+ 192.168.254.254::2525). Colons in IPv6 addresses need
+ to be doubled.
+ </para>
+ <para>
+ If the smarthost requires authentication, please refer
+ to <xref linkend="smtp-auth"/> for notes about setting
+ up SMTP authentication.
+ </para>
+ <para>
+ Multiple smarthost entries are permitted, semicolon
+ separated. Each of the hosts is tried, in the order
+ specified (See Exim specification, chapter
+ <phrase>"The manualroute router"</phrase>, section
+ <phrase>"How the list of hosts is used"</phrase>.)
+ </para>
+ </section>
+ <section> <title>Hide local mail name in outgoing mail</title>
+ <para>
+ The headers of outgoing mail can be rewritten to make
+ it appear to have been generated on a different
+ system, replacing the local host name in From,
+ Reply-To, Sender and Return-Path.
+ </para>
+ </section>
+ <section> <title>Visible domain name for local users</title>
+ <para>
+ If you ask Exim to hide the local mail name in
+ outgoing mail, it will next ask you for the domain
+ name that should be visible for your local users.
+ These information is then used to establish the
+ appropriate rewriting rules.
+ </para>
+ </section>
+ <section> <title>Keep number of DNS queries minimal
+ (Dial-on-Demand)</title>
+ <para>
+ In normal mode of operation Exim does DNS lookups at
+ startup, and when receiving or delivering messages.
+ This is for logging purposes and allows keeping down
+ the number of hard-coded values in the configuration.
+ </para>
+ <para>
+ If this system does not have a DNS full service
+ resolver available at all times (for example if its
+ Internet access is a dial-up line using
+ dial-on-demand), this might have unwanted
+ consequences. For example, starting up Exim or
+ running the queue (even with no messages waiting)
+ might trigger a costly dial-up-event.
+ </para>
+ <para>
+ This option should be selected if this system is
+ using Dial-on-Demand. If it has always-on Internet
+ access, this option should be disabled.
+ </para>
+ </section>
+ <section><title>Delivery method for local mail</title>
+ <para>
+ Exim is able to store locally delivered mail in
+ different formats. The most commonly used ones are
+ mbox and Maildir. mbox uses a single file for the
+ complete mail folder stored in /var/mail/. With
+ Maildir format every single message is stored in a
+ separate file in ~/Maildir/.
+ </para>
+ <para>
+ Please note that most mail tools in Debian expect the
+ local delivery method to be mbox in their default.
+ </para>
+ </section>
+ <section> <title>Split configuration into small files</title>
+ <para>
+ Our packages offer two (actually three, see
+ <xref linkend="completely-different-configuration"/>)
+ possibilities:
+ </para>
+ <orderedlist>
+ <listitem>
+ <simpara>
+ Generate Exim's configuration from
+ <filename>/etc/exim4/exim4.conf.template,</filename>
+ which is basically a normal Exim run-time
+ configuration file which will be supplemented
+ with some macros generated from Debconf in a
+ post-processing step before it is passed to exim.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Generate Exim's configuration from the
+ multiple files in
+ <filename>/etc/exim4/conf.d/</filename>. The
+ directories in
+ <filename>/etc/exim4/conf.d/</filename>
+ correspond to the sections of the Exim
+ run-time configuration file, so you should
+ easily find your way around there.
+ </simpara>
+ </listitem>
+ </orderedlist>
+ <para>
+ Splitting the configuration across multiple files
+ means that you have the actual configuration file
+ automatically generated from the files below
+ <filename>/etc/exim4/conf.d/</filename> by invoking
+ <command>update-exim4.conf</command>. Each section
+ of Exim's configuration has its own subdirectory and
+ the files in there are supposed to be read in
+ alphanumeric order.
+ <filename>router/00_exim4-config_header</filename>
+ is followed by
+ <filename>router/100_exim4-config_domain_literal</filename>,
+ ...
+ </para>
+ <para>
+ If you chose unsplit configuration,
+ <command>update-exim4.conf</command> builds the
+ configuration from
+ <filename>/etc/exim4/exim4.conf.template</filename>,
+ which is basically the files from
+ <filename>/etc/exim4/conf.d/</filename> concatenated
+ together at package build time, and thus guarantees
+ consistency on the target system.
+ </para>
+ <para>
+ In both cases, <command>update-exim4.conf</command>
+ generates exim configuration macros from the debconf
+ configuration values and puts them into
+ the actual configuration file, which is then used by
+ the Exim daemon. See the
+ <command>update-exim4.conf</command> manual
+ page for more in-depth information about this
+ mechanism.
+ </para>
+ <para>
+ Benefits of the split configuration approach:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ it means less work for you when upgrading.
+ If we shipped one big file and modified
+ for example the Maildir transport in a new
+ version you won't have to do manual
+ conffile merging unless you had changed
+ exactly <emphasis>this</emphasis>
+ transport.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ It allows other packages (e.g. sa-exim) to
+ modify Exim's configuration by dropping
+ files into
+ <filename>/etc/exim4/conf.d</filename>.
+ This needs, however quite exact syncing
+ between the exim4 packages and the other,
+ cooperating package.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ Drawbacks of the split configuration approach:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ It is more fragile. If files from
+ different sources (package, manually
+ changed, or other package) get out of
+ sync, it is possible for Exim to break
+ until you manually correct this. This can
+ for example happen if we decide to add a
+ new option to the Debian setup of a later
+ version, and you have already set this
+ option in a local file.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ Benefits of the unsplit configuration approach:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ People familiar with configuring Exim may
+ find this approach easier to understand as
+ <filename>exim4.conf.template</filename>
+ basically is a complete Exim configuration
+ file which will only undergo some basic
+ string replacement before is it passed to
+ exim.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Split-config's fragility mentioned
+ above does not occur.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ Drawbacks of the unsplit configuration approach:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Will require manual intervention in case of an
+ upgrade.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ If in doubt go for the unsplit config, because it is
+ easier to roll back to Debian's default configuration
+ in one step. If you intend to do many changes to the
+ Debian setup, you might want to use the split config
+ at the price of having to more closely examine the
+ config file after an update.
+ </para>
+ <para>
+ We'd appreciate a patch that uses ucf and the
+ 3-way-merge mechanism offered by that package. It
+ might be the best way to handle the big configuration
+ file.
+ </para>
+ <para>
+ If you are using unsplit configuration, have local
+ changes to <filename>/etc/exim4/conf.d/</filename>
+ (either made by yourself or by other packages dropping
+ their own routers or transports in) and want to
+ re-generate
+ <filename>/etc/exim4/exim4.conf.template</filename> to
+ activate these changes, you can do so by using
+ <command>update-exim4.conf.template</command>.
+ </para>
+ </section>
+ </section>
+ <section> <title>Access Control in the default configuration</title>
+ <para>
+ The Debian exim 4 packages come with a default configuration
+ that allows flexible access control and blacklisting of
+ sites and hosts. The acls involved can be found in
+ /etc/exim4/conf.d/acl, or in /etc/exim4/exim4.conf.template,
+ depending on which configuration scheme you use. Most
+ rejections of messages due to this mechanism happen at RCPT
+ time. Local configuration of the mechanisms happens through
+ data files in /etc/exim4 or via Exim macros that you can set
+ in /etc/exim4/conf.d/main, so there is normally no need to
+ change the files in the acl subdirectory in a split-config
+ setup. If you use the non-split config, you need to edit
+ /etc/exim4/exim4.conf.template, which, as a big
+ dpkg-conffile, won't give you any advantage of the .ifdef
+ scheme.
+ </para>
+ <para>
+ The data files are documented in the exim4-config_files man
+ page.
+ </para>
+ <para>
+ The access lists delivered with the exim4 packages also
+ contain quite a few configuration options that are too
+ restrictive to be active by default on a real-life site.
+ These are masked by .ifdef statements, can be activated by
+ setting the appropriate macros, and are documented in the
+ ACL files itself.
+ </para>
+ </section>
+ <section id='macros'> <title>Using Exim Macros to control the
+ configuration</title>
+ <para>
+ Our configuration can be controlled in a limited way by
+ setting macros. That way, you can switch on and off certain
+ parts of the default configuration and/or override values set
+ in Debconf without having to touch the dpkg-conffiles. While
+ touching dpkg-conffiles itself is explicitly allowed and wanted,
+ it can be quite a nuisance to be asked on package upgrade
+ whether one wants to use the locally changed file or the
+ file changed by the package maintainer.
+ </para>
+ <para>
+ Whenever you see an <command>.ifdef</command> or
+ <command>.ifndef</command> clause in the configuration file,
+ you can control the appropriate clause by setting the macro in
+ a local configuration file. For split configuration, you can
+ drop the local configuration file anywhere in
+ <filename>/etc/exim4/conf.d/main</filename>. Just make sure it
+ gets read before the macro is first used.
+ <filename>000_localmacros</filename> is a possible name,
+ guaranteeing first order. For a non-split configuration,
+ <filename>/etc/exim4/exim4.conf.localmacros</filename> gets
+ read before
+ <filename>/etc/exim4/exim4.conf.template</filename>. To
+ actually set the macro <varname>EXIM4_EXAMPLE</varname> to the
+ value "this is a sample", write the following line
+ </para>
+ <para>
+ EXIM4_EXAMPLE = this is a sample
+ </para>
+ <para>
+ into the appropriate file. For more detailed discussion of the
+ general macro mechanism, see the Exim specification, chapter
+ <phrase>"The Exim run time configuration file"</phrase>, for
+ details how macro expansion works.
+ </para>
+ </section>
+ <section> <title>How does this work?</title>
+ <para>
+ The script <command>update-exim4.conf</command> parses the
+ <filename>/etc/exim4/update-exim4.conf.conf</filename> file
+ and provides the configuration for the exim daemon.
+ </para>
+ <para>
+ Depending on the value of
+ <varname>dc_use_split_config</varname>, it either
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ takes all the files below
+ <filename>/etc/exim4/conf.d/</filename> and
+ concatenates them together or
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ uses <filename>exim4.conf.template</filename> as
+ input.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ The debconf-managed information from
+ <filename>/etc/exim4/update-exim4.conf.conf</filename> is
+ merged into the generated configuration file by generating a
+ number of Exim configuration macros.
+ </para>
+ <para>
+ <varname>DCsmarthost</varname>, for example, is set to the
+ value of <varname>$dc_smarthost</varname>
+ in <filename>/etc/exim4/update-exim4.conf.conf</filename>
+ which holds the answer to "Which machine will act as the
+ smarthost and handle outgoing mail?"
+ </para>
+ <para>
+ The result of these operations is saved as
+ <filename>/var/lib/exim4/config.autogenerated</filename>,
+ which is <emphasis>not</emphasis> a dpkg-conffile! Manual
+ changes to this file will be overwritten by
+ <command>update-exim4.conf</command>.
+ </para>
+ <para>
+ Please consult <command>update-exim4.conf</command> manpage
+ for more detailed information.
+ </para>
+ <para>
+ <command>update-exim4.conf</command> is invoked by the init
+ script prior to any operation that may invoke an exim process,
+ and gives an error message if the generated config file is
+ syntactically invalid. If you want to activate your changes to
+ files in conf.d/ just execute <command>invoke-rc.d exim4 restart</command>.
+ </para>
+ </section>
+ <section id="howto-change-config"><title>How do I do minor tweaks to the configuration?</title>
+ <para>
+ Some times, you want to do minor adjustments to the Exim
+ configuration to make Exim behave exactly like you want it
+ to behave. There are the following possibilities to modify
+ Exim's behavior.
+ </para>
+ <section><title>Adjustments supported by the debconf configuration</title>
+ <para>
+ If you want to modify parameters that are supported by the
+ debconf configuration, things are easy. Just invoke
+ <command>dpkg-reconfigure exim4-config</command> or hand-edit
+ <filename>/etc/exim4/update-exim4.conf.conf</filename> to your
+ liking and restart Exim.
+ </para>
+ <para>
+ You can find explanation of the debconf questions in <xref
+ linkend="debconf-questions"/>.
+ Additionally,
+ <filename>/etc/exim4/update-exim4.conf.conf</filename>
+ is documented in the <command>update-exim4.conf</command>
+ man page.
+ </para>
+ </section>
+ <section><title>Adjustments controlled by macros in the Debian Exim configuration</title>
+ <para>
+ Some aspects of the Debian Exim configuration can be
+ controlled by Exim macros. To find out about these, you
+ need basic understanding of Exim configuration. Just look
+ in our Exim configuration and see which macro needs to be
+ set to a different value to alter Exim's behavior.
+ </para>
+ <para>
+ <xref linkend="macros"/> gives a closer explanation about
+ how to do this.
+ </para>
+ </section>
+ <section><title>Making direct changes to the Debian Exim configuration</title>
+ <para>
+ You can, of course, make direct change to the
+ configuration. All configuration files in /etc/exim4 are
+ dpkg-conffiles, and you can thus edit them any time. Your
+ changes will be preserved through updates. You need to
+ know about how to configure Exim to be successful.
+ </para>
+ <para>
+ If you use unsplit configuration, edit
+ <filename>/etc/exim4/exim4.conf.template</filename>. If you use
+ split configuration, edit the Exim configuration snippets in
+ <filename>/etc/exim4/conf.d</filename>.
+ </para>
+ <para>
+ More information about how the Exim configuration is built
+ can be found in this document and in the
+ <command>update-exim4.conf</command> manual page.
+ </para>
+ </section>
+ </section>
+ <section id="completely-different-configuration"> <title>Using a completely different configuration scheme</title>
+ <para>
+ If you are an experienced Exim administrator, you might feel
+ working with our pre-fabricated configuration
+ cumbersome and complex. You might feel right if you need to
+ make more complex changes and do not need to receive updates
+ from us. This section is going to tell about how to use
+ your own configuration.
+ </para>
+ <para>
+ But, you might profit from keeping the Debian magic. Most
+ files that come with Debian exim4 are conffiles. Debian is
+ going to care about your changes and keeps them around.
+ Additionally, a lot of configuration options can be
+ overridden with a macro, which does not require you to
+ actually change our configuration file. A lot of people are
+ using our configuration scheme, and maybe it is going to
+ save you a lot of time if you decide to spend some time
+ familiarizing yourself with our scheme.
+ </para>
+ <section> <title>Override exim4-config configuration magic</title>
+ <para>
+ If you are only running a small number of systems and
+ want to completely disable Debian's magic, just take
+ your monolithic configuration file and install it as
+ <filename>/etc/exim4/exim4.conf</filename>. Exim will
+ use that file verbatim. To have something to start,
+ you can either take
+ <filename>/etc/exim4/exim4.conf.template</filename>,
+ run <command>update-exim4.conf --keepcomments --output
+ /etc/exim4/exim4.conf</command>, or use upstream's
+ default configuration file that is installed as
+ <filename>/usr/share/doc/exim4-base/examples/example.conf.gz</filename>.
+ You are going to lose all magic you get from packaging
+ though, so you need to be familiar with Exim to build
+ an actually working config.
+ </para>
+ <para>
+ <filename>/var/lib/exim4/config.autogenerated</filename>,
+ the file generated by
+ <command>update-exim4.conf</command>, is ignored as soon
+ as <filename>/etc/exim4/exim4.conf</filename> is found.
+ You should not edit
+ <filename>/etc/exim4/exim4.conf</filename> directly when
+ Exim is running, because the forked processes Exim starts
+ for SMTP receiving or queue running would use the new
+ configuration file, while the original main exim-daemon
+ would still use the old configuration file.
+ </para>
+ <para>
+ Some third-party HOWTOs that reference Debian and
+ claim to make things easy suggest dumping a
+ pre-fabricated, static config file to
+ <filename>/etc/exim4/exim4.conf</filename>. This is
+ considered bad advice by the Debian maintainers since
+ you are going to disable all updates and service magic
+ that Debian might deliver in the future this way. If
+ you do not know exactly what you're doing here, this
+ is a bad choice. We try to comment on external HOWTOs
+ found on the web in the <ulink
+ url="http://wiki.debian.org/PkgExim4UserFAQ">Debian
+ Exim4 User FAQ</ulink> to help you find out which
+ advice to follow.
+ </para>
+ </section>
+ <section> <title>Replacing exim4-config with your own exim4 configuration package.</title>
+ <para>
+ We split off Exim's configuration system (debconf,
+ <command>update-exim4.conf</command>, and the files in
+ <filename>/etc/exim4/conf.d)</filename> to a separate
+ package, exim4-config. If you want to, you can replace
+ exim4-config by something entirely different. The other
+ packages don't care. Your package needs to:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Provides: exim4-config-2, Conflicts:
+ exim4-config-2,exim4-config
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ drop the Exim 4 configuration either into
+ <filename>/var/lib/exim4/config.autogenerated</filename>
+ or into <filename>/etc/exim4/exim4.conf</filename>.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ Your package must provide an executable <command>update-exim4.conf</command>
+ that must be in root's path (<filename>/usr/sbin</filename> recommended). The init
+ script will invoke that executable prior to invoking the
+ actual exim daemon. If you do not need that script, have it exit 0.
+ </para>
+ <para>
+ If you want to create your own configuration packages, there is a
+ number of helpers available.
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ The Exim 4 Debian svn repository holds sources for a
+ exim4-config-simple package which contains a simple, not
+ debconf-driven configuration scheme as an example which can
+ be used as a template for a classical, exim4.conf based
+ configuration scheme.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ The Exim 4 Debian svn repository holds sources for a
+ exim4-config-medium package which contains the conf.d
+ driven configuration of the main package with the
+ debconf interaction removed. This can be used to create
+ your own non-debconf configuration package that uses the
+ conf.d mechanism.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Finally, you can invoke the script
+ <filename>debian/config-custom/create-custom-config-package</filename>
+ which will create a new source package
+ "exim4-config-custom" with the debconf-driven config
+ scheme of exim4-config for your local modification.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ Please note that exim4-config-simple and
+ exim4-config-medium are only targeted to be used as a
+ template. The configurations contained are not
+ suitable for productive use. Of course, the Debian
+ maintainers appreciate any patches you might find
+ suitable. The scripts in exim4-config-simple and
+ exim4-config-medium may not work at all in your
+ environment. Unfortunately, they have not been
+ updated in a long time as well. We are willing to
+ accept patches.
+ </para>
+ <para>
+ See the development web page for links to the subversion
+ repository.
+ </para>
+ <para>
+ Exchanging the entire exim4-config package with
+ something custom comes particularly handy for sites
+ that have more than a few machines that are
+ similarly configured, but do not want to use the
+ original exim4-config package. Build your own
+ exim4-config-custom or exim4-config-foo, and simply
+ apt that package to the machines that need to have
+ that configuration. Future updates can then be
+ handled via the dpkg-conffile mechanism, properly
+ detecting local modifications.
+ </para>
+ <para>
+ In the future, it might be possible that Debian will
+ contain multiple flavours of Exim4 configuration.
+ However, these packages would have to be maintained
+ by someone else because the exim4 package
+ maintainers think that the scheme delivered with
+ exim4-config is the least of all evils and would
+ rather not spend the time to maintain multiple configuration
+ schemes while only actually using one. It would be
+ nice to have a configuration scheme using a
+ monolithic config file, managed by ucf in
+ three-way-merge mode. If anybody feels ready to
+ maintain it, please go ahead.
+ </para>
+ </section>
+ </section>
+ </section>
+ <section id="TLS"> <title>Using TLS</title>
+ <section> <title>Exim 4 as TLS/SSL client</title>
+ <para>
+ Both exim4-daemon-heavy and exim4-daemon-light support TLS/SSL
+ using the GnuTLS library and STARTTLS. Exim will use TLS
+ via STARTTLS <emphasis>automatically</emphasis> as client if
+ the server Exim connects to offers it.
+ </para>
+ <para>
+ This means that you will not need any special configuration if
+ you want to use TLS for outgoing mail. However, if your
+ server setup mandates the use of client certificates, you
+ need to amend your remote_smtp and/or remote_smtp_smarthost
+ transports with a tls_certificate option. This is not
+ commonly needed.
+ </para>
+ <para>
+ The certificate
+ presented by the remote host is not checked unless you
+ specify a tls_verify_certificate option on the transport.
+ </para>
+ <para id="tls_client_certicate">
+ To make exim send a TLS certificate to the remote host set
+ REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY or for
+ the remote_smtp_smarthost transport
+ REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+ respectively.
+ </para>
+ <para>
+ TLS on connect is not natively supported.
+ </para>
+ </section>
+ <section> <title>Enabling TLS support for Exim as server</title>
+ <para>
+ You should have created certificates in
+ <filename>/etc/exim4/</filename> either by hand or by usage of
+ the exim-gencert (which requires openssl). exim-gencert is
+ shipped in
+ <filename>/usr/share/doc/exim4-base/examples/</filename> and
+ takes care of proper access privileges on the private key
+ file.
+ </para>
+ <para>
+ Now, enable TLS by setting the macro MAIN_TLS_ENABLE in a
+ local configuration file as described in <xref linkend="macros"/>.
+ </para>
+ <para>
+ After this configuration, Exim will advertise STARTTLS when
+ connected to on the normal SMTP ports. Some broken clients
+ (most prominent example being nearly all versions of Microsoft
+ Outlook and Outlook Express, and Incredimail) insist on doing
+ TLS on connect on Port 465. If you need to support these, set
+ SMTPLISTENEROPTIONS='-oX 465:25 -oP /run/exim4/exim.pid'
+ in <filename>/etc/default/exim4</filename> and
+ "tls_on_connect_ports=465" in the main configuration section.
+ </para>
+ <para>
+ The -oP is needed because Exim does not write an implicit pid
+ file if -oX is given. Without pid file, init script and cron
+ job will malfunction.
+ </para>
+ <para>
+ It might be appropriate to add "+tls_cipher" to
+ any log_selector statement you might already have, or to add a
+ log_selector statement setting these two options in a local
+ configuration file. (For Debian's configuration simply define
+ the MAIN_LOG_SELECTOR macro.)
+ This option makes Exim log what cipher
+ your Exim and the peer's mailer have negotiated to use to
+ encrypt the transaction.
+ </para>
+ <para>
+ Exim can be configured to ask a client for a certificate and to
+ try to verify it. Debian's exim configuration used to enable
+ this by default, but stopped doing so since it caused TLS errors
+ with a couple of popular clients (Outlook, Incredimail, etc.).
+ To enable this again set the macro MAIN_TLS_TRY_VERIFY_HOSTS to
+ the lists hosts whose certificates you want to check. (Use * to
+ try checking all hosts. The value of the macro is used to
+ populate exim's main option tls_try_verify_hosts.) You should
+ also point MAIN_TLS_VERIFY_CERTIFICATES to a file containing the
+ accepted certificates, since its default setting
+ (/etc/ssl/certs/ca-certificates.crt) can contain a large list of
+ certificates which causes the interoperabilty problems with
+ Outlook et.al. noted above.
+ </para>
+ <para>
+ The server certificate is only used for incoming connections,
+ please consult <xref linkend="tls_client_certicate"/> for the
+ corresponding outgoing conncection options.
+ </para>
+ </section>
+ <section> <title>Troubleshooting</title>
+ <para>
+ If Exim complains in an SMTP session that TLS is unavailable,
+ the Exim mainlog or paniclog frequently has exact information
+ about what might be wrong. Fo example, you might see
+ </para>
+ <para>
+ 2003-01-27 19:06:45 TLS error on connection from localhost [127.0.0.1]
+ (cert/key setup): Error while reading file)
+ </para>
+ <para>
+ showing that there has been an error while accessing the
+ certificate or the private key file.
+ </para>
+ <para>
+ Insuffient entropy available is a frequent cause of TLS
+ failures in Exim context. If Exim logs "not enough random bytes
+ available", or simply hangs silently when an encrypted
+ connection should be established, then Exim was
+ unable to read enough random data from
+ <filename>/dev/random</filename> to do whatever cryptographic
+ operation is requested. Please check that your
+ <filename>/dev/random</filename> device is setup properly.
+ </para>
+ <para>
+ You might also find "TLS error on connection to [...]
+ (gnutls_handshake): The Diffie-Hellman prime sent by the server is
+ not acceptable (not long enough)." given as reason. Exim by default
+ requires a DH prime length of 1024 bits. This requirement can be
+ downgraded by setting the tls_dh_min_bits option on the SMTP
+ transport. The setting is accessible in the Debian configuration by
+ setting the macro TLS_DH_MIN_BITS. (e.g. "TLS_DH_MIN_BITS = 768").
+ </para>
+ </section>
+ </section>
+ <section id="smtp-auth"> <title>SMTP-AUTH</title>
+ <para>
+ Exim can do SMTP AUTH both as a client and as a server.
+ </para>
+ <para>
+ AUTH PLAIN and AUTH LOGIN are disabled for connections which are
+ not protected by SSL/TLS per default. These authentication
+ methods use cleartext passwords, and allowing the
+ transmission of cleartext passwords on unencrypted connections
+ is a security risk. Therefore, the default configuration configures
+ Exim not to use and/or allow AUTH PLAIN and AUTH LOGIN over
+ unencrypted connections.
+ </para>
+ <para>
+ It is thus recommended to set up Exim to use TLS to encrypt
+ the connections. Please refer to <xref linkend="TLS"/> for
+ documentation about this. Note that most Microsoft clients
+ need special handling for TLS.
+ </para>
+ <section> <title>Using Exim as SMTP-AUTH client</title>
+ <para>
+ If you want to set up Exim as SMTP AUTH client for delivery
+ to your internet access provider's smarthost put the name of
+ the server, your login and password in
+ <filename>/etc/exim4/passwd.client</filename>. See the man
+ page for exim4-config_files(5) for more information about the
+ required format.
+ </para>
+ <para>
+ If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted
+ connections because your service provider does support neither
+ TLS encryption nor the CRAM MD5 authentication method, you can
+ do so by setting the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro.
+ Please refer to <xref linkend="macros"/> for an explanation of
+ how best to do this.
+ </para>
+ <para>
+ <filename>/etc/exim4/passwd.client</filename> needs to be
+ readable for the exim user (user Debian-exim, group
+ Debian-exim). It is suggested that you keep the default
+ permissions root:Debian-exim 0640.
+ </para>
+ </section>
+ <section> <title>Using Exim as SMTP-AUTH server</title>
+ <para>
+ The configuration files include many, verbosely commented,
+ examples for server-side smtp-authentication which just need
+ to be uncommented.
+ </para>
+ <para>
+ If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted
+ connections because your clients neither support TLS encryption
+ nor the CRAM MD5 authentication method, you can do so by setting
+ the AUTH_SERVER_ALLOW_NOTLS_PASSWORDS macro. Please refer to
+ <xref linkend="macros"/> for an explanation of how best to
+ do this.
+ </para>
+ <para>
+ If you want to authenticate against system passwords (e.g.
+ <filename>/etc/shadow</filename>) the easiest way is to use
+ saslauthd in the Debian package sasl2-bin. You have to add the
+ exim-user (currently Debian-exim) to the sasl group, to give
+ exim permission to use the saslauthd service.
+ </para>
+ <para>
+ The Debian exim4 maintainers consider using system login
+ passwords a bad idea for the following reasons:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ A compromised password will give access to a system account.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ E-Mail passwords could accidentally be transmitted unencrypted.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ E-Mail passwords are likely to be stored with the
+ client software, which greatly increases the chance of a
+ compromise.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </section>
+ </section>
+
+ <section> <title>How the Exim daemon is started</title>
+ <para>
+ The Debian Exim 4 packages' init script is located in
+ <filename>/etc/init.d/exim4</filename>. Apart from the
+ functions that are required by Debian policy and the LSB, it
+ supports the commands <command>what</command>, which executes
+ <command>exiwhat</command> to show what your Exim processes
+ are doing, and <command>force_stop</command> which
+ unconditionally kills all Exim processes.
+ </para>
+ <para>
+ The init script can be configured to start listening and/or
+ queue running daemons. This configuration can be found in
+ <filename>/etc/default/exim4</filename>. This file is
+ extensively documented.
+ </para>
+ </section>
+
+ <section> <title>Miscellaneous packaging issues</title>
+ <section> <title>The daily cron job</title>
+ <para>
+ Exim4's daily cron job
+ (<filename>/etc/cron.daily/exim4-base</filename>)
+ does basic housekeeping tasks:
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ It reads <filename>/etc/default/exim4</filename>, so you
+ can use this file to change any of the variables used in
+ the cron job.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ It is a no-op if no Exim4 binary is found.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ If <command>$E4BCD_DAILY_REPORT_TO</command> is set
+ to a non-empty string, the output of eximstats is
+ mailed to the address given in that variable. The
+ default is empty, so no reports are sent. Options
+ for eximstats can be given in
+ <command>$E4BCD_DAILY_REPORT_OPTIONS</command>.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ A non-empty paniclog is a nearly sure sign of bad
+ things going on. Thus, the cron job will send out
+ warning messages to the syslog and root if it finds
+ the panic log non-empty.
+ Please note that the paniclog is not rotated daily,
+ so existing issues will be reported daily until
+ either the paniclog is rotated due to its sheer
+ size, or you manually move it away, for example by
+ calling <command>logrotate -f
+ /etc/logrotate.d/exim4-paniclog</command> from a shell.
+ </simpara>
+ <simpara>
+ Just in case your system logs transient error
+ situations to the panic log as well (see, for
+ example,
+ <ulink url="http://www.exim.org/bugzilla/show_bug.cgi?id=92">Exim Bug 92</ulink>),
+ you can configure
+ <command>$E4BCD_PANICLOG_NOISE</command> to a
+ regular expression. If the paniclog contains only
+ lines that match that regular expression, no warning
+ messages are generated.
+ </simpara>
+ <simpara>
+ If you want to disable paniclog monitoring
+ completely, set <command>$E4BCD_WATCH_PANICLOG</command>
+ to no. <command>E4BCD_WATCH_PANICLOG=once</command> will
+ rotate a non-empty paniclog automatically after sending out
+ the warning e-mail.
+ </simpara>
+ <simpara>
+ The <command>E4BCD_PANICLOG_LINES</command> setting can be
+ used to limit the number of lines of paniclog quoted in
+ warning email. It is set to 10 by default.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ It tidies up the retry and hints databases.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </section>
+ </section>
+
+ <section> <title>Using Exim with inetd/xinetd</title>
+ <para>
+ Exim4 is run as a separate daemon instead of inetd/xinetd for
+ two reasons:
+ <variablelist>
+ <varlistentry>
+ <term>Ease of maintenance:</term>
+ <listitem>
+ <simpara>
+ update-inetd is difficult to impossible to handle
+ correctly (Just check the archived bug reports of Exim.)
+ and update-inetd seems to be unmaintained for a long
+ time, nobody dares to touch it. To quote Mark Baker, the
+ maintainer of Exim (v3): "I really wish I had never used
+ inetd in the first place, but simply set up exim to run
+ as a daemon, but it's too late to change that now."
+ </simpara>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Extended features</term>
+ <listitem>
+ <simpara>
+ Running from <command>inetd</command> interferes with
+ Exim's resource controls (e.g it disables
+ smtp_accept_max_per_host and smtp_accept_max).
+ </simpara>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ <para>
+ If you introduce bugs on your systems by running from (x)inetd
+ you are on your own! If you want to run exim from
+ <command>xinetd</command>, follow these steps:
+ <orderedlist>
+ <listitem>
+ <simpara>
+ Disable Exim 4's listening daemon by executing
+ <command>update-exim4defaults --queuerunner
+ queueonly</command>
+ </simpara>
+ </listitem>
+ <listitem>
+ <para>
+ Create <filename>/etc/xinetd.d/exim4</filename>
+ <programlisting>
+service smtp
+{
+ disable = no
+ flags = NAMEINARGS
+ socket_type = stream
+ protocol = tcp
+ wait = no
+ user = Debian-exim
+ group = Debian-exim
+ server = /usr/sbin/exim4
+ server_args = exim4 -bs
+}
+ </programlisting>
+ </para>
+ </listitem>
+ <listitem>
+ <simpara>Run <command>invoke-rc.d exim4 restart; invoke-rc.d
+(x)inetd restart</command></simpara>
+ </listitem>
+ </orderedlist>
+ </para>
+ <para>If you want to use plain inetd, insert following line into
+ <filename>/etc/inetd.conf</filename>:<programlisting>
+smtp stream tcp nowait Debian-exim /usr/sbin/exim4 exim4 -bs
+ </programlisting>
+ </para>
+ </section>
+
+ <section> <title>Handling incoming mail for local accounts with low UID</title>
+ <para>
+ Since system accounts (mail, uucp, lp etc) are usually aliased
+ to root, and root's mailbox is usually read by a human, these
+ account names have started to be a common target for spammers.
+ The Debian Exim 4 packages have a mechanism to deal with this
+ situation. However, since this derives rather far from normal
+ behavior, it is disabled by default.
+ </para>
+ <para>
+ To enable it, set the macro FIRST_USER_ACCOUNT_UID to a numeric,
+ non-zero value. Incoming mail for local users that have a UID
+ lower than FIRST_USER_ACCOUNT_UID is rejected with the message "no
+ mail to system accounts". Incoming mail for local users that
+ have a UID greater or equal FIRST_USER_ACCOUNT_UID are processed as
+ usual. Therefore, the default value of 0 ensures that the
+ mechanism is disabled. On Debian systems, setting
+ FIRST_USER_ACCOUNT_UID to 500 or 1000 (depending on your local policy)
+ will disable incoming mail for system accounts.
+ </para>
+ <para>
+ Just in case that you need exceptions to the rule,
+ <filename>/etc/exim4/lowuid-aliases</filename> is an alias
+ file that is only honored for local accounts with UID lower
+ than FIRST_USER_ACCOUNT_UID. If you define an alias for such an
+ account here, incoming mail is processed according to the
+ alias. If you alias the account to itself, messages are
+ delivered to the account itself, which is an exception to the
+ rule that messages for low-UID accounts are rejected. The
+ format of <filename>/etc/exim4/lowuid-aliases</filename> is
+ just another alias file.
+ </para>
+ </section>
+ <section> <title>How to bypass local routing specialities</title>
+ <para>
+ Sometimes, it might be desirable to be able to bypass local
+ routing specialities like the alias file or a user-forward
+ file. This is possible in the Debian Exim4 packages by
+ prefixing the account name with "real-". For a local account
+ name "foo", "real-foo@hostname.example" will result in direct
+ delivery to foo's local Mailbox.
+ </para>
+ <para>
+ This feature is by default only available for locally
+ generated messages. If you want it to be accessible for
+ messages delivered from remote as well, set the Exim macro
+ COND_LOCAL_SUBMITTER to true. If you do not want this at all,
+ set the macro to false. Please note that the userforward
+ router uses this feature to get error messages delivered, i.e.
+ notifying the user of a syntax error in her
+ <filename>.forward</filename> file.
+ </para>
+ </section>
+ <section> <title>Using more complex deliveries from alias files</title>
+ <para>
+ Delivery to arbitrary files, directory or to pipes in the
+ <filename>/etc/aliases</filename> file is disabled by default
+ in the Debian Exim 4 packages. The delivery process including the
+ program being piped to would run as the exim admin-user
+ Debian-exim, which might open up security holes.
+ </para>
+ <para>
+ Invoking pipes from <filename>/etc/aliases</filename> file is
+ widely considered obsolete and deprecated. The Debian Exim
+ package maintainers would like to suggest using a dedicated
+ router/transport pair to invoke local processes for mail
+ processing. For example, the Debian mailman package contains a
+ <filename>/usr/share/doc/mailman/README.Exim4.Debian</filename> file
+ that gives a good example how to implement this. Using a
+ dedicated router/transport pair have the following advantages:
+ <itemizedlist>
+ <listitem>
+ <para>
+ The router/transport pair can be put in place by another
+ package, giving a well-defined transaction point between
+ Exim 4 and $PACKAGE.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Not allowing pipe deliveries from alias files makes it
+ harder to accidentally run programs with wrong
+ privileges.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ It is possible to run different pipe processes under
+ different accounts.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Even if only invoking a single local program, it is easier
+ to do with your dedicated router/transport since you won't
+ need to change this file, making automatic updates of this
+ file possible for future versions of the Exim 4 packages. If
+ you do local changes here, dpkg conffile handling will
+ bother you on future updates.
+ </para>
+ </listitem>
+ </itemizedlist>
+ If you insist on using <filename>/etc/aliases</filename> in
+ the traditional way, you will need to activate the
+ respective functions by setting the transport options on the
+ system_aliases router appropriately. Macros are defined to make
+ this easier. See
+
+<filename>/etc/exim4/conf.d/router/400_exim4-config_system_aliases</filename>
+ for information about which macros are available. You might
+ find the address_file, address_pipe and/or address_directory
+ transports that are used for the userforward router helpful in
+ writing your own transports for use in the system_aliases router.
+ </para>
+ <para>
+ If any of your aliases expand to pipes or files or directories
+ you should set up a user and a group for these deliveries to run
+ under. You can do this by setting the "user" and - if necessary
+ - a "group" option and adding a "group" option if necessary.
+ Alternatively, you can specify "user" and/or "group" on the
+ transports that are used.
+ </para>
+ </section>
+
+ <section> <title>Putting Exim 4 and UUCP together</title>
+ <para>
+ UUCP is a traditional way to execute remote jobs (e.g. spool
+ mails), and as a lot of old things there are much more than one
+ way to do it. However, today, the ways to handle it have boiled
+ down to more or less two different ways.
+ </para>
+ <para>
+ Our recommendation is to use bsmtp/rsmtp wherever possible,
+ because it supports all kinds of mail addresses (also the empty
+ ones in bounces), and is also better from the security point of
+ view.
+ </para>
+ <section> <title>Sending mail via UUCP</title>
+ <section> <title>rmail with full addresses</title>
+ <para>
+ rmail is the oldest way to transfer mail to a remote system.
+ However, today it is normally required to use addresses with
+ full domains for that (Well, they look like any normal address
+ for you, and we do not tell about the other way to not confuse
+ you ;). If you want this, you can use this transport:
+ </para>
+ <programlisting>
+rmail:
+ debug_print = "T: rmail for $pipe_addresses"
+ driver=pipe
+ command = uux - -r -a$sender_address -gC $domain_data!rmail $pipe_addresses
+ return_fail_output
+ user=uucp
+ batch_max = 20
+ </programlisting>
+ <para>
+ However, all recipients are handled via the command line, so
+ you are discouraged to use it.
+ </para>
+ </section>
+ <section> <title>bsmtp/rsmtp</title>
+ <para>
+ This is a more efficient way to transfer mails. It works
+ like sending SMTP via a pipe, but instead of waiting for an
+ answer, the SMTP is just batched; from this is also the name
+ batched SMTP or short bsmtp.
+ </para>
+ <para>
+ Furthermore, this way won't fail on addresses like "
+ "@do.main. If you want this, please use this, if the remote
+ site uses rsmtp (e.g. is Exim 4):
+ </para>
+ <programlisting>
+rsmtp:
+ debug_print = "T: rsmtp for $pipe_addresses"
+ driver=pipe
+ command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!rsmtp
+ use_bsmtp
+ return_fail_output
+ user=uucp
+ batch_max = 100
+ </programlisting>
+ <para>
+ and this if it wants bsmtp as the command:
+ </para>
+ <programlisting>
+bsmtp:
+ debug_print = "T: bsmtp for $pipe_addresses"
+ driver=pipe
+ command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!bsmtp
+ use_bsmtp
+ return_fail_output
+ user=uucp
+ batch_max = 100
+ </programlisting>
+ <para>
+ Of course, these examples can be extended for e.g.
+ compression (but you can also use ssh for compression, if
+ you want).
+ </para>
+ </section>
+ <section> <title>The router</title>
+ <para>
+ You need a router to tell Exim 4 which mails to forward to
+ UUCP. You can use this one; please adopt the last line. Of
+ course, it is also possible to send mail via more than one way.
+ </para>
+ <programlisting>
+uucp_router:
+ debug_print = "R: uucp_router for $local_part@$domain"
+ driver=accept
+ require_files = +/usr/bin/uux
+ domains = wildlsearch;/etc/exim4/uucp
+ transport = rsmtp
+ </programlisting>
+ <para>
+ The file <filename>/etc/exim4/uucp</filename> looks like:
+ </para>
+ <programlisting>
+*.do.main uucp.name.of.remote.side
+ </programlisting>
+ </section>
+ <section> <title>Speaking UUCP with the smarthost</title>
+ <para>
+ If you have a leaf system (i.e. all your mail not for your
+ local system goes to a single remote system), you can just
+ forward all non-local mail to the remote UUCP system. In
+ this case, you can replace "domains = ..." with "domains = !
+ +local_domains", but then you need also to replace
+ $domain_data in the transport by the UUCP-name of your
+ smarthost. The file <filename>/etc/exim4/uucp</filename> is
+ not needed in this case.
+ </para>
+ </section>
+ </section>
+ <section> <title>Receiving mail via UUCP</title>
+ <section> <title>Allow UUCP to use any envelope address</title>
+ <para>
+ Depending how much you trust your local users, you might use
+ trusted_users and add uucp to it or use
+ local_sender_retain=true and local_from_check=false.
+ </para>
+ </section>
+ <section> <title>If you get batched smtp</title>
+ <para>
+ Allow uucp to execute rsmtp via
+ <programlisting>
+commands rmail rnews rsmtp
+ </programlisting>
+ in your <filename>/etc/uucp/sys</filename>, and ask the
+ sending site to use rsmtp (and not bsmtp) as the batched
+ command.
+ </para>
+ </section>
+ </section>
+ </section>
++ <section> <title>Notes on running SpamAssassin at SMTP time</title>
++ <para>
++ Exim can run
++ <ulink url="https://spamassassin.apache.org/">
++ SpamAssassin</ulink> while receiving a message by SMTP which
++ allows one to avoid acceptance of spam messages. The Debian
++ configuration contains some example code for running SpamAssassin,
++ but like all filtering this needs to be handled carefully.
++ </para>
++ <para>
++ SpamAssassin's default report should not be used in a add_header
++ statement since it contains empty lines. (This triggers e.g.
++ Amavis' warning "BAD HEADER SECTION, Improper folded header field
++ made up entirely of whitespace".) This is a safe, terse alternative:
++ <programlisting>
++ clear_report_template
++ report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN_
++ </programlisting>
++ </para>
++ <para>
++ Rejecting spam messages: Do not reject spam-messages received on
++ (non-spam) mailing lists, this can/will cause auto-unsubscription.
++ This also applies to messages received via forwarding services
++ (e.g. @debian.org addresses). If theses messages are rejected the
++ forwarding services will need to send a bounce address to the
++ spammer and will probably disable the forwarding if it happens all
++ the time. You will need to have some kind of whitelist to exclude
++ these hosts.
++ </para>
++ <para>
++ Security considerations: By default <command>spamd</command>
++ runs as root and changes uid/gid to the requested user to run
++ SpamAssassin. The example uses SpamAssassin default non-privileged
++ user (nobody) which prevents use of Bayesian filtering since this
++ requires persistent storage. You might want to setup a dedicated
++ user for exim spam scanning and use that one, either for a separate
++ SpamAssassin user profile or to run SpamAssassin as non-privileged
++ user.
++ </para>
++ </section>
+ </section>
+
+ <section> <title>Updating from Exim 3</title>
+ <para>
+ If you use <command>exim4-config</command> from Debian, you will
+ get the debconf based configuration scheme that is intended to
+ cover the majority of cases.
+ </para>
+ <para>
+ If <command>exim4-config</command> is installed while an Exim 3
+ package is present on the system,
+ <command>exim4-config</command> tries to parse the Exim 3 config
+ file to determine the answers that were given to
+ <command>eximconfig</command> on Exim 3 installation. These
+ answers are then taken as default values for the debconf based
+ configuration process. Be warned! <command>eximconfig</command>
+ from the Exim 3 packages does not record the explicit answers
+ given on Exim 3 configuration. So we have to guess the answers
+ from the Exim 3 configuration file
+ <filename>/etc/exim/exim.conf</filename>, which is bound to fail
+ if the config file has been modified after using
+ <command>eximconfig</command>.
+ </para>
+ <para>
+ This is the reason why we refrained from doing a "silent update", but
+ only use the guessed answers to get reasonable defaults for our
+ debconf based configuration process.
+ </para>
+ <para>
+ Please note that we do not use the
+ <command>exim_convert4r4</command> script, but try to configure
+ the Exim 4 package in the same way Exim 3 was. This will
+ hopefully aid future updates.
+ </para>
+ <para>
+ If you have used a customized Exim 3 configuration, you can of
+ course use <command>exim_convert4r4</command>, and install the
+ resulting file as <filename>/etc/exim4/exim4.conf</filename>
+ after careful inspection. Exim 4 will then use that file and
+ ignore the file that it generated from the debconf
+ configuration. To aid future updates, we do, however, encourage
+ you not to use the
+ <filename>exim_convert4r4-generated</filename> file verbatim but
+ instead drop appropriate configuration snippets in their
+ appropriate place in <filename>/etc/exim4/conf.d</filename>.
+ </para>
+ </section>
+ <section> <title>Misc Notes</title>
+ <section> <title>PAM</title>
+ <para>
+ On Debian systems the PAM modules run as the same user
+ as the calling program, so they cannot do anything you
+ could not do yourself, and in particular cannot access
+ <filename>/etc/shadow</filename> unless the user is in group
+ shadow. - If you want to use
+ <filename>/etc/shadow</filename> for Exim's SMTP AUTH you
+ will need to run exim as group shadow. Only
+ exim4-daemon-heavy is linked against libpam. We suggest using
+ saslauthd instead.
+ </para>
+ </section>
+ <section> <title>Account name restrictions</title>
+ <para>
+ In the default configuration, Exim cannot locally deliver
+ mail to accounts which have capitals in their name. This is
+ caused by the fact that Exim converts the local part of incoming
+ mail to lower case before the comparison done by the
+ check_local_user directive in routers is done.
+ </para>
+ <para>
+ The router option caseful_local_part can be used to control
+ this, and we decided not to set this option in the Debian
+ configuration since it would be a rather big change to Exim's
+ default behavior.
+ </para>
+ </section>
+ <section> <title>No deliveries to root!</title>
+ <para>
+ No Exim 4 version released with any Debian OS can run
+ deliveries as root. If you don't redirect mail for root via
+ <filename>/etc/aliases</filename> to a nonprivileged
+ account, the mail will be delivered to
+ <filename>/var/mail/mail</filename> with permissions 0600 and
+ owner mail:mail.
+ </para>
+ <para>
+ This redirection is done by the mail4root router which
+ is last in the list and will thus catch mail for root that has not
+ been taken care of earlier.
+ </para>
+ </section>
+ <section> <title>Debugging maintainer and init scripts</title>
+ <para>
+ Most of the scripts that come with this Debian package do a
+ <command>set -x</command> if invoked with the environment
+ variable EX4DEBUG defined and non-zero. This is particularly
+ handy if you need to debug the maintainer scripts that are
+ invoked during package installation. Since dpkg redirects
+ stdout of maintainer scripts, calling dpkg with EX4DEBUG
+ set might yield interesting results. If in doubt, invoke
+ the maintainer scripts with EX4DEBUG set manually directly
+ from the command line.
+ </para>
+ </section>
+ <section> <title>SELinux</title>
+ <para>
+ There is no SELinux policy for Exim4 available so far.
+ Until this is resolved, users should use postfix or
+ sendmail if they intend to run SELinux.
+ </para>
+ <para>
+ The Debian Exim4 maintainers would appreciate if
+ somebody could write an SELinux policy. We will gladly
+ use them in the Debian packages as long as there is
+ somebody available to test, debug and support.
+ </para>
+ </section>
+ <section> <title>misc</title>
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ <command>convert4r4</command> is installed as
+ <filename>/usr/sbin/exim_convert4r4.</filename>
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ The charset for $header_foo expansions defaults to
+ UTF-8 instead of ISO-8859-1.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ <ulink url="http://marc.merlins.org/linux/exim/">
+ Marc Merlin's Exim 4 Page</ulink> has a lot of ACL
+ examples.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ For an example of Exim usage in a
+ <emphasis>large</emphasis> installation, see
+ Tony Finch's
+ <ulink
+url="http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/">
+paper</ulink>
+ about the Exim installation at University of Cambridge:
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </section>
+ </section>
+ <section> <title>Debian modifications to the Exim source</title>
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Install the exim binary as /usr/sbin/exim4 instead of
+ /usr/sbin/exim-<version> with a symlink /usr/sbin/exim. Also
+ adapt the documentation.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Make the build reproducible. Pull date/time from debian/changelog
+ and use it as build time instead of using __DATE__.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Documentation updates
+ </simpara>
+ <itemizedlist>
+ <listitem>
+ <simpara>
+ Mention how to install the Debian packaged perl-modules needed
+ for eximstats' graphs.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Add a warning about convert4r4.
+ </simpara>
+ </listitem>
+ <listitem>
+ <simpara>
+ Point to the <ulink
+ url="mailto:pkg-exim4-users@lists.alioth.debian.org">
+ Debian-specific mailing list</ulink> instead of
+ the <ulink url="mailto:exim-users@exim.org">official
+ exim-users list</ulink>.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <simpara>
+ <ulink
+ url="http://marc.merlins.org/linux/exim/files/sa-exim-current/">localscan_dlopen.patch</ulink>:
+ This patch makes it possible to use and switch between
+ different local_scan
+ functions without recompiling Exim. Use
+ local_scan_path = /path/to/sharedobject to utilize
+ local_scan() in <filename>/path/to/sharedobject</filename>.
+ </simpara>
+ </listitem>
+ </itemizedlist>
+ </section>
+
+ <section> <title>Credits</title>
+ <para><variablelist>
+ <varlistentry>
+ <term><ulink url="mailto:aba@not.so.argh.org">Andreas
+ Barth</ulink></term>
+ <listitem>
+ <simpara>UUCP documentation</simpara>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Dan Weber, Ryen Underwood</term>
+ <listitem>
+ <simpara>inetd/xinetd documentation</simpara>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+ </section>
+
+</article>
--- /dev/null
- exim4 (4.89-2+deb9u6) stretch-security; urgency=high
++exim4 (4.92-8+deb10u3) buster-security; urgency=high
+
- * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
++ * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch:
++ Fix buffer overflow in string_vformat.
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 27 Sep 2019 18:09:35 +0200
++
++exim4 (4.92-8+deb10u2) buster-security; urgency=high
++
++ * 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
+ related buffer overflow. CVE-2019-15846
+
- -- Andreas Metzler <ametzler@debian.org> Tue, 03 Sep 2019 20:01:38 +0200
++ -- Andreas Metzler <ametzler@debian.org> Tue, 03 Sep 2019 19:51:11 +0200
+
- exim4 (4.89-2+deb9u5) stretch-security; urgency=high
++exim4 (4.92-8+deb10u1) buster-security; urgency=high
+
+ * Fix remote command execution vulnerability related to
+ "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006
+
- -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jul 2019 13:32:35 +0200
++ -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jul 2019 13:35:58 +0200
+
- exim4 (4.89-2+deb9u4) stretch-security; urgency=high
++exim4 (4.92-8) unstable; urgency=low
+
- * Non-maintainer upload by the Security Team.
- * Fix remote command execution vulnerability (CVE-2019-10149)
++ * Pulled from exim-4.92+fixes branch:
++ + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
++ Fix expansion of $tls_out_ocsp under hosts_request_ocsp.
++ + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
++ When tls_verify_certificates was set to a directory instead of a file
++ exim/GnuTLS would still send out the list of accepted certificates,
++ This did not match documented behavior.
++ + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
++ The dsn_from option was not used for DSN success messages.
++ * Pulled from upstream GIT master:
++ + 75_14-Fix-smtp-response-timeout.patch
++ Fix the timeout on smtp response to apply to the whole response instead
++ of resetting for every byte received.
++ + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
++ https://bugs.exim.org/show_bug.cgi?id=2405
++ ${eval } was broken on 32bit archs.
+
- -- Salvatore Bonaccorso <carnil@debian.org> Tue, 28 May 2019 22:13:55 +0200
++ -- Andreas Metzler <ametzler@debian.org> Sat, 08 Jun 2019 17:37:43 +0200
+
- exim4 (4.89-2+deb9u3) stretch-security; urgency=high
++exim4 (4.92-7) unstable; urgency=medium
+
- * Non-maintainer upload by the Security Team.
- * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
++ * Upload to unstable.
+
- -- Salvatore Bonaccorso <carnil@debian.org> Sat, 10 Feb 2018 09:26:05 +0100
++ -- Andreas Metzler <ametzler@debian.org> Tue, 07 May 2019 19:44:23 +0200
+
- exim4 (4.89-2+deb9u2) stretch-security; urgency=high
++exim4 (4.92-6) experimental; urgency=medium
+
- * Non-maintainer upload by the Security Team.
- * Avoid release of store if there have been later allocations
- (CVE-2017-16943) (Closes: #882648)
- * Chunking: do not treat the first lonely dot special (CVE-2017-16944)
- (Closes: #882671)
++ * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for
++ debugging sa-exim.
++ * Set HAVE_LOCAL_SCAN=yes in EDITME.
++ * Upload to experimental.
++
++ -- Andreas Metzler <ametzler@debian.org> Tue, 16 Apr 2019 17:58:20 +0200
++
++exim4 (4.92-5) unstable; urgency=medium
++
++ * Improved spam-scanning example with accompaning information in
++ README.Debian. Explicitly warn about adding the default SpamAssassin
++ report in a header, which Closes: #774553
++ * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple
++ of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on
++ the (working) version of the patch. Drop exim4-dev package. Add a NEWS
++ entry for this change.
++
++ -- Andreas Metzler <ametzler@debian.org> Sun, 07 Apr 2019 13:39:31 +0200
++
++exim4 (4.92-4) unstable; urgency=medium
++
++ * Another patch from exim-4.92+fixes branch:
++ 75_10-Harden-plaintext-authenticator.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 22 Mar 2019 07:15:20 +0100
++
++exim4 (4.92-3) unstable; urgency=medium
++
++ * Pull fixes from exim-4.92+fixes branch.
++ + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch
++ + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch
++ + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
++ + 75_08-Logging-fix-initial-listening-on-log-line.patch
++ + 75_09-OpenSSL-Fix-aggregation-of-messages.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Wed, 20 Mar 2019 17:01:29 +0100
++
++exim4 (4.92-2) unstable; urgency=medium
++
++ * Upload to unstable.
++
++ -- Andreas Metzler <ametzler@debian.org> Wed, 20 Feb 2019 19:23:11 +0100
++
++exim4 (4.92-1) experimental; urgency=medium
++
++ * Point watchfile to release directory again.
++ * New upstream stable release, identical to rc6 except for the version
++ string.
++ * Pull fixes from exim-4.92+fixes branch.
++ + 75_01-Fix-json-extract-operator-for-unfound-case.patch
++ + 75_02-Fix-transport-buffer-size-handling.patch
++ + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch
++ + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch
++ * Upload to experimental while waiting for rc6 to migrate.
++
++ -- Andreas Metzler <ametzler@debian.org> Sun, 17 Feb 2019 13:13:55 +0100
++
++exim4 (4.92~RC6-1) unstable; urgency=low
++
++ * New upstream snapshot rc6, includes
++ 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 09 Feb 2019 14:33:15 +0100
++
++exim4 (4.92~RC5-2) unstable; urgency=high
++
++ * In init script use start-stop-daemon directly instead of lsb-base's
++ killproc which currently fails to pass on the executable name to s-s-d
++ (921558). This broke with s-s-d 1.19.2 which (for security reasons)
++ requires further filtering arguments in addition to --pidfile when the pid
++ file is not owned by root. Closes: #921205
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 07 Feb 2019 18:42:41 +0100
++
++exim4 (4.92~RC5-1) unstable; urgency=medium
++
++ * New upstream snapshot rc5.
++ * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers
++ was ignored.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 31 Jan 2019 19:25:03 +0100
++
++exim4 (4.92~RC4-3) unstable; urgency=medium
++
++ * Refresh debian/upstream/signing-key.asc from
++ https://downloads.exim.org/Exim-Maintainers-Keyring.asc.
++ * Drop outdated pointers to alioth package homepage from README.Debian.
++ * Update exim4-config Breaks to enforce upgrade to daemon binary package
++ with DANE support. Closes: #919902
++ * [lintian] Minimize upstream/signing-key.asc.
++
++ -- Andreas Metzler <ametzler@debian.org> Sun, 20 Jan 2019 17:52:39 +0100
++
++exim4 (4.92~RC4-2) unstable; urgency=medium
++
++ * Upload to unstable.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 05 Jan 2019 15:35:38 +0100
++
++exim4 (4.92~RC4-1) experimental; urgency=low
++
++ * New upstream version.
++ + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch.
++ + Unfuzz patches.
++
++ -- Andreas Metzler <ametzler@debian.org> Mon, 31 Dec 2018 13:13:45 +0100
++
++exim4 (4.92~RC3-1) unstable; urgency=low
++
++ * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from
++ upstream GIT master, fixing outgoing TLS 1.3.
++ https://bugs.exim.org/show_bug.cgi?id=2359
++ * New upstream version.
++ * Upload to unstable.
++
++ -- Andreas Metzler <ametzler@debian.org> Wed, 26 Dec 2018 16:07:52 +0100
++
++exim4 (4.92~RC2-1) experimental; urgency=low
++
++ * New upstream version.
++ + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Tue, 18 Dec 2018 19:20:24 +0100
++
++exim4 (4.92~RC1-1) experimental; urgency=low
++
++ * Update upstream/signing-key.asc from
++ https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding
++ 96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing
++ 1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and
++ FAA1C7F9CD077DC4304BC0C885AB833FDDC03262.
++ * New upstream release candidate:
++ + Point watchfile to test subdir.
++ + Update watchfile to handle -RC1 in addition to _RC1.
++ + Drop 75_fixes*.patch.
++ + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch
++ + Update configuration from upstream example, except for
++ tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport:
++ * Enable dns_dnssec_ok.
++ * Set dnssec_request_domains = * on dnslookup and
++ dnslookup_relay_to_domains routers.
++ * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp
++ transport unless REMOTE_SMTP_DISABLE_DANE is set.
++ * Set multi_domain on remote_smtp_smarthost transport.
++ * Post release updates:
++ + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 15 Dec 2018 16:24:54 +0100
++
++exim4 (4.91-9) unstable; urgency=low
++
++ * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back
++ autodeleted comments.
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch
++ + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch
++ + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch
++ + 75_fixes_29-Fix-AUTH_GSASL-build.patch
++ + 75_fixes_30-Harden-string-list-handling.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 06 Dec 2018 19:19:38 +0100
++
++exim4 (4.91-8) unstable; urgency=low
++
++ [ Andreas Metzler ]
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_18-Restore-Darwin-OS-configuration.patch
++ + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch
++ + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch
++ + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch
++ + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch
++ + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch
++
++ [ Marc Haber ]
++ * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 29 Sep 2018 19:08:52 +0200
++
++exim4 (4.91-7) unstable; urgency=low
++
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_16-Fix-non-EVENTS-build.patch
++ + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sun, 26 Aug 2018 11:33:15 +0200
++
++exim4 (4.91-6) unstable; urgency=low
++
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch
++ + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch
++ + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch
++ * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck.
++ (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS)
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 20 Jul 2018 11:21:24 +0200
++
++exim4 (4.91-5) unstable; urgency=medium
++
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch
++ + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch
++ + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 09 Jun 2018 18:10:39 +0200
++
++exim4 (4.91-4) unstable; urgency=medium
++
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch
++ + 75_fixes_07-tidying.patch
++ + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch
++ + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch
++ * [lintian] Delete trailing empty lines in changelog.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 17 May 2018 17:14:53 +0200
++
++exim4 (4.91-3) unstable; urgency=medium
++
++ * Update from exim-4_91+fixes branch:
++ + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch
++ + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch
++ + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch
++ + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch
++ + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch
++ + Move 50_localscan_dlopen.dpatch to end of patch series and rename to
++ 90_... to preserve alphanumeric patch ordering.
++ * Add log_message for local blacklists to improve log readability. (Patch by
++ Dominic Hargreaves).
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 28 Apr 2018 14:59:36 +0200
++
++exim4 (4.91-2) unstable; urgency=low
++
++ * Upload to unstable.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 21 Apr 2018 10:38:50 +0200
++
++exim4 (4.91-1) experimental; urgency=medium
++
++ * Point watchfile to release directory again and use downloads.exim.org
++ host.
++ * New upstream version.
++ * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did
++ not ship libgnutls-dane0.
++
++ -- Andreas Metzler <ametzler@debian.org> Sun, 15 Apr 2018 17:52:05 +0200
++
++exim4 (4.91~RC4-1) experimental; urgency=medium
++
++ * New upstream version.
++
++ -- Andreas Metzler <ametzler@debian.org> Mon, 09 Apr 2018 19:25:18 +0200
++
++exim4 (4.91~RC3-1) experimental; urgency=medium
++
++ * New upstream version.
++ * Point vcs* to salsa.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 05 Apr 2018 19:43:39 +0200
++
++exim4 (4.91~RC2-1) experimental; urgency=medium
++
++ * New upstream version.
++ Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch
+
- -- Salvatore Bonaccorso <carnil@debian.org> Tue, 28 Nov 2017 22:58:00 +0100
++ -- Andreas Metzler <ametzler@debian.org> Wed, 21 Mar 2018 19:25:44 +0100
++
++exim4 (4.91~RC1-1) experimental; urgency=medium
++
++ * Point watchfile to test subdirectory.
++ * New upstream version:
++ + Drop debian/patches/75_*.
++ + Update example.conf.md5.
++ Upstream now enables verify = header_syntax check in default config,
++ mirror this change in Debian, introduce
++ NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this.
++ * Build with newly available (well, for GnuTLS) DANE support.
++ * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from
++ upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 17 Mar 2018 17:41:51 +0100
++
++exim4 (4.90.1-5) unstable; urgency=medium
++
++ * Update from exim-4_90+fixes branch:
++ 75_15-Pipe-transport-part-two.-Bug-2257.patch
++ 75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch
++ 75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 31 Mar 2018 07:14:31 +0200
++
++exim4 (4.90.1-4) unstable; urgency=medium
++
++ * Update from exim-4_90+fixes branch:
++ 75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch
++ 75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch
++ 75_13-Unbreak-DMARC.patch
++ 75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 22 Mar 2018 07:44:05 +0100
++
++exim4 (4.90.1-3) unstable; urgency=medium
++
++ * Update from exim-4_90+fixes branch:
++ 75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch
++ 75_08-Mark-variables-unused-before-release-of-store-in-the.patch
++ 75_09-Mark-variables-unused-before-release-of-store-in-the.patch
++ 75_10-Mark-variables-that-are-unused-before-release-of-sto.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 16 Mar 2018 18:35:01 +0100
++
++exim4 (4.90.1-2) unstable; urgency=medium
++
++ * Update from exim-4_90+fixes branch:
++ 75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch
++ 75_02-Fix-memory-leak-during-multi-message-reception-using.patch
++ 75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch
++ 75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch
++ 75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch
++ 75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 10 Mar 2018 14:25:51 +0100
++
++exim4 (4.90.1-1) unstable; urgency=high
++
++ * New upstream version, fixing CVE-2018-6789. Closes: #890000
++ + Drop 75_*.patch.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 10 Feb 2018 13:45:40 +0100
++
++exim4 (4.90-7) unstable; urgency=medium
++
++ * Update from exim-4_90+fixes branch. (exim-4.90.0.27)
++ + 75_21-DKIM-fix-buffer-overflow-in-verify.patch
++ + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
++ + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
++ * Typo fixes in old patch descriptions. (Thanks, lintian!)
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 10 Feb 2018 13:13:37 +0100
++
++exim4 (4.90-6) unstable; urgency=medium
++
++ * Update from exim-4_90+fixes branch.
++ + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
++ + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
++ Closes: #887489
++ + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
++ + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Wed, 07 Feb 2018 19:37:03 +0100
++
++exim4 (4.90-5) unstable; urgency=low
++
++ * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
++ exim-4_90+fixes branch.
++ * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
++ * [update-exim4.conf] stop converting variables set to an empty value in
++ /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
++ "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 27 Jan 2018 17:00:42 +0100
++
++exim4 (4.90-4) unstable; urgency=low
++
++ * Update from exim-4_90+fixes branch.
++ 75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
++ 75_14-Fix-D-string-expansion-to-not-use-millisec.patch
++ 75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 20 Jan 2018 08:00:45 +0100
++
++exim4 (4.90-3) unstable; urgency=medium
++
++ * Three more patches from exim-4_90+fixes branch:
++ 75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
++ 75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
++ 75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Mon, 08 Jan 2018 18:55:28 +0100
++
++exim4 (4.90-2) unstable; urgency=medium
++
++ * Update to exim-4_90+fixes branch:
++ + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
++ + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
++ + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
++ + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
++ + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
++ + 75_05-Fix-build-of-nisplus-lookup.patch
++ + 75_06-Fix-const-issue-in-nisplus-lookup.patch
++ + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
++ + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 30 Dec 2017 15:43:52 +0100
++
++exim4 (4.90-1) unstable; urgency=low
++
++ * rc4 released as 4.90.
++ * Point watchfile to release directory again.
++ * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
++ GIT master branch. Fix pgsql lookup for multiple result-tuples with a
++ single column. Previously only the last row was returned.
++ https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
++ * Simplify debian/rules and make it usable with dh v10 compat. The
++ fine-grained support for selecting the to be built packages (-custom with
++ or without -base) was dropped. The build process is now controlled by
++ attaching tasks to dh-override hooks instead of using file dependencies,
++ makefile-style. The latter broke with dh v10 due to upstream's
++ build-system which always has the main targets out-of-date inter alia due
++ to the compile-number feature.
++ * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
++ buildflags ATM.)
++ * Use debhelper v10 compat.
++ * Drop override_dh_strip-arch, we have had enough toolchain and
++ source changes to prevent file conflicts.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 28 Dec 2017 13:42:23 +0100
++
++exim4 (4.90~RC4-1) unstable; urgency=medium
++
++ * New upstream version.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 14 Dec 2017 18:11:40 +0100
++
++exim4 (4.90~RC3-2) unstable; urgency=low
++
++ * Upload to unstable.
++ * Point homepage to https URL.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 02 Dec 2017 17:37:13 +0100
++
++exim4 (4.90~RC3-1) experimental; urgency=medium
++
++ * New upstream version.
++ + Fix a use-after-free while reading smtp input for header lines.
++ A crafted sequence of BDAT commands could result in in-use memory
++ being freed. CVE-2017-16943. Closes: #882648
++ + Fix checking for leading-dot on a line during headers reading
++ from SMTP input. Previously it was always done; now only done for
++ DATA and not BDAT commands. CVE-2017-16944 Closes: #882671
++ * Drop 78_Disable-chunking-BDAT-by-default.patch again.
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 01 Dec 2017 19:14:08 +0100
++
++exim4 (4.90~RC2-3) experimental; urgency=medium
++
++ * As a workaround for the yet-unfixed security vulnerability resurrect (and
++ adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
++ 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
++ https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 25 Nov 2017 12:01:40 +0100
++
++exim4 (4.90~RC2-2) experimental; urgency=low
++
++ * B-d on lynx, instead of lynx-cur | lynx.
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 17 Nov 2017 17:03:10 +0100
++
++exim4 (4.90~RC2-1) experimental; urgency=low
++
++ * New upstream release candidate.
++ + Unfuzz patches, drop 40_reproducible_build.diff and
++ 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
++ + Refresh debian/example.conf.md5, No changes to Debian's configuration
++ needed, upstream added a (commented) entry to change OpenSSL ciphers.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 16 Nov 2017 19:40:35 +0100
++
++exim4 (4.90~RC1-1) experimental; urgency=low
++
++ * New upstream release candidate.
++ + Point watchfile to test subdirectory.
++ + Update 40_reproducible_build.diff
++ + Drop 75_fixes*.patch and
++ 80_Repair-manualroute-transport-name-not-last-option.patch.
++ + Unfuzz EDITME*.diff
++ + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
++ SOURCE_DATE_EPOCH is set.
++ * Drop trailing whitespace in debian/README.source, debian/changelog and
++ debian/rules. (Thanks, lintian)
++ * Drop debian/README.source and outdated parts of debian/copyright.
++
++ -- Andreas Metzler <ametzler@debian.org> Sun, 29 Oct 2017 10:52:30 +0100
++
++exim4 (4.89-13) unstable; urgency=high
++
++ * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
++ from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944
++
++ -- Andreas Metzler <ametzler@debian.org> Wed, 29 Nov 2017 19:30:37 +0100
++
++exim4 (4.89-12) unstable; urgency=high
++
++ * Sync with exim-4_89+fixes branch:
++ + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
++ + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
++ Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
++ * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.
++
++ -- Andreas Metzler <ametzler@debian.org> Tue, 28 Nov 2017 20:04:23 +0100
++
++exim4 (4.89-11) unstable; urgency=critical
++
++ * B-d on lynx, instead of lynx-cur | lynx.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 25 Nov 2017 13:02:43 +0100
++
++exim4 (4.89-10) unstable; urgency=critical
++
++ * As a workaround for the yet-unfixed security vulnerability resurrect
++ 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
++ both incoming and outgoing BDAT/CHUNKING. #882648
++ https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 25 Nov 2017 11:43:24 +0100
++
++exim4 (4.89-9) unstable; urgency=medium
++
++ * Upload to unstable.
++
++ -- Andreas Metzler <ametzler@debian.org> Fri, 27 Oct 2017 19:23:25 +0200
++
++exim4 (4.89-8) experimental; urgency=low
++
++ * Sync with exim-4_89+fixes branch:
++ 75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch
++ 75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch
++ * Point watchfile to https site.
++
++ -- Andreas Metzler <ametzler@debian.org> Mon, 23 Oct 2017 19:14:24 +0200
++
++exim4 (4.89-7) unstable; urgency=low
++
++ * In debian/rules' manually called update-mtaconflicts target use
++ grep-aptavail instead of hard-coding /var/lib/apt/lists/.
++ (Thanks, Julian Andres Klode) Closes: #874772
++ * Update debian/mtalist.
++ * Sync with exim-4_89+fixes branch:
++ 75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch
++ 75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch
++ 75_fixes_15-SOCKS-fix-unitialized-pointer.patch
++ 75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch.
++
++ -- Andreas Metzler <ametzler@debian.org> Wed, 27 Sep 2017 07:35:23 +0200
++
++exim4 (4.89-6) unstable; urgency=medium
++
++ * Use "runuser --command ..." instead of "su - --command ..." in
++ exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688
++ (Thanks, Jakobus Schürz)
++ * Sync priorities with override file: exim4{,-base,-config,-daemon-light}
++ optional from standard, exim4-dev optional from extra.
++ * In debian/rules when setting up the build-tree for -custom also copy
++ EDITME.eximon to allow building based on EDITME.exim4-light with eximon
++ building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 09 Sep 2017 15:29:39 +0200
++
++exim4 (4.89-5) unstable; urgency=medium
++
++ * Update to exim-4_89+fixes branch:
++ 75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch
++ 75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch
++ (replaces 79_CVE-2017-1000369.patch)
++ 75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces
++ 81_Fix-log-line-corruption-for-DKIM-status.patch)
++ 75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch
++ 75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
++ 75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch
++ 75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
++ 75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch
++ (CVE-2017-10140)
++ 75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch
++ 75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch
++ 75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch
++ * Simplify debian/rules by including buildflags.mk unconditionally which was
++ introduced in dpkg 1.16.1 released in October 2011.
++ * Use pkg-info.mk to get package-version, upstream-version and
++ SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not
++ provided by pkg-info.mk.
++ * [lintian] In *daemon.postinst use which certtool instead of
++ [ -x /usr/bin/certtool ] to check for availablility of the command.
++
++ -- Andreas Metzler <ametzler@debian.org> Thu, 10 Aug 2017 10:17:05 +0200
++
++exim4 (4.89-4) unstable; urgency=low
++
++ * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT
++ master: Starting with 4.85 a transport name needed to specified after
++ options in route_list. Closes: #865287
++ * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master.
++ * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by
++ default.
++ * Standards-Version: 4.0.0
++ + Do not check for availability of invoke-rc.d, use it always and do not
++ fall back to invoking the init-script directly.
++ + Drop eximon menu file.
++ * Migrate to automatic debug packages. Bump b-d on debhelper since
++ --dbgsym-migration was introduced in debhelper 9.20160114.
++
++ -- Andreas Metzler <ametzler@debian.org> Sat, 15 Jul 2017 12:46:16 +0200
++
++exim4 (4.89-3) unstable; urgency=high
++
++ * Re-upload to unstable.
++
++ -- Andreas Metzler <ametzler@debian.org> Mon, 19 Jun 2017 18:51:13 +0200
+
+exim4 (4.89-2+deb9u1) stretch-security; urgency=medium
+
+ * CVE-2017-100369
+
+ -- <jmm@debian.org> Wed, 14 Jun 2017 07:03:07 +0200
+
+exim4 (4.89-2) unstable; urgency=medium
+
+ * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
+ initscript (#844178). It breaks when the initscript does not start a
+ daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
+ Closes: #860317
+ * When reporting bugs also attach /etc/default/exim4 by default.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 20 Apr 2017 17:14:04 +0200
+
+exim4 (4.89-1) unstable; urgency=medium
+
+ * Enable inbound (server-side) proxying for -heavy. Closes: #856712
+ * New upstream release, source identical to RC7.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 09 Mar 2017 17:49:47 +0100
+
+exim4 (4.89~RC7-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 01 Mar 2017 18:37:18 +0100
+
+exim4 (4.89~RC6-1) unstable; urgency=medium
+
+ * Document E4BCD_PANICLOG_LINES in README.Debian.
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 23 Feb 2017 18:24:33 +0100
+
+exim4 (4.89~RC5-1) unstable; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 13 Feb 2017 19:04:46 +0100
+
+exim4 (4.89~RC4-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Drop 92_CVE-2016-1238.diff.
+ * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile
+ while we are changing the init script.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 12 Feb 2017 15:28:09 +0100
+
+exim4 (4.89~RC3-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Unfuzz 92_CVE-2016-1238.diff.
+ * init file:
+ + Source /etc/default/exim4 *before* defining the shell
+ variables holding the pidfilenames. Overriding these via
+ /etc/default/exim4 is not supported.
+ + Add missing support for reload when QUEUERUNNER='queueonly'.
+ + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way
+ $PIDFILE is used for the main exim process for all available QUEUERUNNER
+ choices.
+ + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd
+ interaction. systemd-sysv-generator uses this pseudoheader to set
+ PIDFile in the generated service file and it also sets
+ RemainAfterExit=no instead of yes if it is present. Thanks, Michael
+ Biebl for suggestion and explanation. Closes: #844178
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 10 Feb 2017 19:08:52 +0100
+
+exim4 (4.89~RC2-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Drop 75_add_bak_spec.txt.diff.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 04 Feb 2017 15:24:44 +0100
+
+exim4 (4.89~RC1-1) unstable; urgency=low
+
+ * Refresh debian/upstream/signing-key.asc.
+ * New upstream bugfix release.
+ + Drop superfluous patches.
+ 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch
+ 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
+ 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
+ 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
+ 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
+ + Unfuzz 31_eximmanpage.dpatch and
+ 78_Disable-chunking-BDAT-by-default.patch.
+ + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc
+ tarball.
+ + Unfuzz debian/EDITME.exim4-*.
+ + Update debian/example.conf.md5. - Upstream typo fix.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 31 Jan 2017 19:52:50 +0100
+
+exim4 (4.88-5) unstable; urgency=medium
+
+ * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main
+ option chunking_advertise_hosts and smtp transport option
+ hosts_try_chunking from "*" to empty.
+ This is a Debian specific change, we are right before the freeze and BDAT
+ needs a little time.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 19 Jan 2017 19:18:15 +0100
+
+exim4 (4.88-4) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 07 Jan 2017 14:38:00 +0100
+
+exim4 (4.88-3) experimental; urgency=medium
+
+ * Pull multiple patches from upstream GIT:
+ + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch,
+ 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
+ + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
+ + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
+ + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
+ (Thanks, Bart Noordervliet for the pointer) Closes: #850175
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 06 Jan 2017 17:32:20 +0100
+
+exim4 (4.88-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 27 Dec 2016 17:36:29 +0100
+
+exim4 (4.88-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to
+ testing.
+ * Drop 75_Fix-DKIM-information-leakage.patch.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 25 Dec 2016 18:07:12 +0100
+
+exim4 (4.88~RC6-2) unstable; urgency=high
+
+ * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA
+ physical line limit check for both for SMTP DATA ACL and remote_smtp*
+ transports. Closes: #828801
+ Also update corresponding NEWS entry.
+ * [lintian] debian/changelog: s/lenght/length/
+ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
+ information leakage issue CVE-2016-9963.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 22 Dec 2016 16:50:21 +0100
+
+exim4 (4.88~RC6-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 08 Dec 2016 07:19:18 +0100
+
+exim4 (4.88~RC5-1) unstable; urgency=low
+
+ * New upstream version.
+ + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Nov 2016 17:43:51 +0100
+
+exim4 (4.88~RC4-2) unstable; urgency=low
+
+ * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream
+ GIT to fix exim bug 1914 (exim doesn't close connection after quit.
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 12 Nov 2016 07:26:14 +0100
+
+exim4 (4.88~RC4-1) experimental; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 07 Nov 2016 19:08:47 +0100
+
+exim4 (4.88~RC3-1) experimental; urgency=medium
+
+ * New upstream version.
+ Drop 75_01-Fix-check-for-commandline-macro-definition.patch
+ 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 24 Oct 2016 19:25:31 +0200
+
+exim4 (4.88~RC2-3) experimental; urgency=medium
+
+ * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on
+ every upgrade.
+ * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix
+ longstanding bug with aborted TLS server connection handling. Under
+ GnuTLS, when a session startup failed (eg because the client
+ disconnected) Exim did stdio operations after fclose. This was exposed by
+ a recent change which nulled out the file handle after the fclose.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 23 Oct 2016 16:39:13 +0200
+
+exim4 (4.88~RC2-2) experimental; urgency=medium
+
+ * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission
+ problems on commandline mail submission. Closes: #840355
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 13 Oct 2016 19:25:07 +0200
+
+exim4 (4.88~RC2-1) experimental; urgency=low
+
+ * New upstream version.
+ + Changed default Diffie-Hellman parameters to be Exim-specific, created
+ by Phil Pennock. Added RFC7919 DH primes as an alternative.
+ Closes: #839978
+ * Set tls_dhparam = historic to use site-specific DH parameters.
+ * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
+ -daemon postinst.
+ * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
+ by running certtool or by installing
+ /usr/share/exim4/gnutls-params-2048. Do not try to use
+ openssl dhparam, it takes too long.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 09 Oct 2016 17:37:08 +0200
+
+exim4 (4.88~RC1-1) experimental; urgency=low
+
+ * Drop reference to removed (in 4.80-7) "what"-option in init script usage
+ message. (Thanks, Calum Mackay!) Closes: #823855
+ * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238]
+ Closes: #832442
+ * [lintian] update-exim4.conf.8 - fix typo.
+ * [lintian] Drop unused override binaries-have-file-conflict.
+ * B-d on default-libmysqlclient-dev.
+ * New upstream version.
+ + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch
+ 50_localscan_dlopen.dpatch
+ + Drop superfluous patches.
+ 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
+ 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
+ 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ + Fix crash in VRFY handling when handed an unqualified name
+ (lacking @domain). Apply the same qualification processing as RCPT.
+ Closes: #834699
+ + Fix a possible security hole, wherein a process operating with the Exim
+ UID can gain a root shell. Credit to http://www.halfdog.net/ for
+ discovery and writeup. LP: #1580454
+ * [lintian] exim4-config_files.5 - fix typo.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 25 Sep 2016 15:44:00 +0200
+
+exim4 (4.87-3) unstable; urgency=medium
+
+ * Pull multiple patches from upstream GIT:
+ + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
+ Improved message on overlong lines in example config.
+ + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
+ Fix race condition related to connection reuse.
+ https://bugs.exim.org/show_bug.cgi?id=1810
+ + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ Avoid exposing passwords in log on failing ldap lookup
+ expansion. https://bugs.exim.org/show_bug.cgi?id=165
+ * Copy information message on rejecting overlong lines in data ACL from
+ upstream example configuration. Closes: #823418
+ * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1.
+ Closes: 821830
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2016 14:03:10 +0200
+
+exim4 (4.87-2) unstable; urgency=medium
+
+ * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
+ (Thanks, L. Guruprasad!) Closes: #821416
+ * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS
+ connections (hosts_require_tls option) in remote_smtp_smarthost
+ transport. Closes: #822174
+ * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
+ is deprecated and will be removed in 4.88.
+ * README.Debian*: Fix minor issues found by lintian.
+ * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
+ * Drop exim4-base Recommends on perl-modules. This had been unnecessary
+ since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 30 Apr 2016 13:38:29 +0200
+
+exim4 (4.87-1) unstable; urgency=medium
+
+ * Fix comment in
+ conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
+ Jörg-Volker Peetz!) Closes: #819780
+ * New upstream release.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 07 Apr 2016 19:26:59 +0200
+
+exim4 (4.87~RC7-1) unstable; urgency=low
+
+ * Enable SOCKS support in both -light and -heavy. Closes: #818091
+ * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
+ * New upstream version.
+ + Drop 74_Store-the-initial-working-directory.diff,
+ 75_String-expansions-fix-extract.patch,
+ 76_only_warn_on_nonempty_environment.diff.
+ + Update debian/example.conf.md5.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 01 Apr 2016 19:04:07 +0200
+
+exim4 (4.87~RC6-3) unstable; urgency=medium
+
+ * Merge changelog entries for 4.86.2-1 and -2.
+ * Upload to unstable.
+ * Add link to CVE details to latest NEWS entry and bump its version and date
+ to match this upload. Closes: #818349, #817244
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 23 Mar 2016 18:44:22 +0100
+
+exim4 (4.87~RC6-2) experimental; urgency=medium
+
+ * 74_Store-the-initial-working-directory.diff,
+ 76_only_warn_on_nonempty_environment.diff: Upstream followups on the
+ CVE fix (Thanks, Heiko Schlittermann!):
+ + Runtime warning is only generated if (and only if) keep_environment
+ is unset and environment is nonempty.
+ + Store the initial working directory and make it available in the new
+ expansion variable $initial_cwd.
+ * Merge all NEWS.Debian files into a single one, identical for all binary
+ packages. - Different NEWS files built from a single source package is not
+ and has not ever been supported by apt-listchanges which is the most
+ important frontend.
+ * Add a NEWS entry about the environment related runtime warning.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Mar 2016 18:11:32 +0100
+
+exim4 (4.87~RC6-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
+ ${extract } string expansion for the numeric/3-string case. (Bug was
+ introduced in 4.85.)
+ * Set keep_environment to empty value instead of setting a minimal PATH in
+ add_environment.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 11 Mar 2016 19:50:07 +0100
+
+exim4 (4.87~RC5-2) experimental; urgency=medium
+
+ * Update debian/upstream/signing-key.asc, using the keys listed in
+ ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds
+ Heiko Schlittermann's key.
+ * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 13:17:01 +0100
+
+exim4 (4.87~RC5-1) experimental; urgency=medium
+
+ * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
+ to grep in it. Closes: #814998
+ * New upstream version, includes the patch for CVE-2016-1531. (Local root
+ exploit).
+ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
+ options. If neither is used we use add_environment to set a minimal
+ PATH=/bin:/usr/bin to avoid a runtime warning.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 02 Mar 2016 21:06:43 +0100
+
+exim4 (4.87~RC3-2) experimental; urgency=medium
+
+ * README.Debian: Refer to Exim specification by chapter name instead of
+ chapter number. Closes: #813351
+ * Fix some spelling errors found by lintian.
+ * Minor debian/rules cleanup:
+ + Restore originally intended behavior, upstream changelog is only
+ shipped in exim4-base, symlinks to it elsewhere.
+ + Drop workaround for #347577, fixed in debhelper 5.0.15.
+ + Use "dh binary-arch" and "dh binary-indep" and a bunch of override
+ targets instead of listing all dh-commands. While this is uglier and
+ slows things down a bit it shortens debian/rules by 40 lines and has the
+ huge benefit that we automatically use all suggested helpers in correct
+ order.
+ + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
+ + Delete unused, commented code.
+ + Drop (exported) variable MTACONFLICTS, used only once.
+ * Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
+ * Refresh debian/EDITME.*, -heavy was missing ldap and sql support.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 13 Feb 2016 20:10:53 +0100
+
+exim4 (4.87~RC3-1) experimental; urgency=medium
+
+ * Move Vcs-* from git/http to https.
+ * [lintian] README.Debian: s/desireable/desirable/.
+ * [lintian] README.Debian: Fix grammar error "allow + infinitive".
+ * [lintian] exim4-config.postinst: Use which foo > /dev/null
+ instead of [ -x /path/to/foo ].
+ * Update list of patches in debian/README.Debian.xml
+ * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
+ with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
+ * New upstream version.
+ + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
+ merge this change and drop CHECK_MAIL_HELO_ISSUED macro.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 21 Jan 2016 17:44:00 +0100
+
+exim4 (4.87~RC2-1) experimental; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Dec 2015 17:51:39 +0100
+
+exim4 (4.87~RC1-1) experimental; urgency=medium
+
+ * New upstream version.
+ + Refresh patches.
+ + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
+ + Sync with upstream default configuration: Check maximum (physical, i.e.
+ before unfolding) line length in default spec file data ACL and smtp
+ transport. Bug 1684 Closes: #797919
+ + HS/02 Add the Exim version string to the process info. This way exiwhat
+ gives some more detail about the running daemon. Closes: #240883
+ * Override upstream's new default of tls_advertise_hosts = * if
+ MAIN_TLS_ENABLE is not set.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 11 Dec 2015 20:15:30 +0100
+
+exim4 (4.86.2-2) unstable; urgency=high
+
+ * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 05 Mar 2016 13:07:31 +0100
+
+exim4 (4.86.2-1) unstable; urgency=high
+
+ * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
+ 4.86+fixes branch.
+ * New upstream security release for CVE-2016-1531.
+ + New options keep_environment/add_environment which are empty by default,
+ i.e. any subprocesses start in a clean (empty) environment.
+ + -C requires an absolute path.
+ + Exim changes it's working directory to / right after startup.
+ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
+ options. If neither is used we use add_environment to set a minimal
+ PATH=/bin:/usr/bin to avoid a runtime warning.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 01 Mar 2016 19:34:39 +0100
+
+exim4 (4.86-7) unstable; urgency=medium
+
+ * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
+ * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
+ exim-4_86+fixes branch fixes another MIME ACL related crash.
+ https://bugs.exim.org/show_bug.cgi?id=1730
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 28 Nov 2015 18:45:31 +0100
+
+exim4 (4.86-6) unstable; urgency=medium
+
+ * Cleanup (actual patch is identical): Use
+ 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
+ exim-4_86+fixes branch instad of
+ 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
+ * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
+ DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 Nov 2015 07:55:51 +0100
+
+exim4 (4.86-5) unstable; urgency=high
+
+ * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
+ head to avoid misaligned access in cached lookup. Closes: #803255
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 03 Nov 2015 19:33:49 +0100
+
+exim4 (4.86-4) unstable; urgency=medium
+
+ * Fix documentation of lowuid_aliases router, exceptions are in
+ CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
+ Closes: #799672
+ * fcron has been removed from Debian in 2011, stop listing it as an
+ alternative dependency of exim4-base (Thanks, Alexandre Detiste).
+ Closes: #798236
+ * Update to upstream exim-4_86+fixes branch:
+ + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
+ 76_Fix-post-transport-crash.patch,
+ 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
+ 78_Close-logs-after-daemon-process-exceptional-write.patch.
+ + Add 75_0001-Fix-post-transport-crash.patch
+ 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
+ 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
+ 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
+ 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
+ 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
+ * Use dh v9.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 17 Oct 2015 15:01:01 +0200
+
+exim4 (4.86-3) unstable; urgency=medium
+
+ * Pull three patches from upstream git:
+ + 75_Fix-ESMTP-MAIL-command-option-processing.patch:
+ Corrects handling of mail-addresses with whitespace.
+ <http://article.gmane.org/gmane.mail.exim.user/97069>
+ + 76_Fix-post-transport-crash.patch
+ 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
+ <https://bugs.exim.org/show_bug.cgi?id=1671>
+ * Fix spelling error in copyright file. (Thanks, lintian)
+ * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
+ upstream git, exim was keeping logfiles open after after a "too many
+ connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
+ chasing this.)
+ * When saving the berkeley DB version at build-time pass -P option to cpp,
+ to prevent linebreaks.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 25 Aug 2015 20:05:59 +0200
+
+exim4 (4.86-2) unstable; urgency=high
+
+ * Update exim4-config Breaks, PRDR support is was moved from being
+ Experimental into the mainline with 4.83.
+ Closes: #794320
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 02 Aug 2015 07:40:24 +0200
+
+exim4 (4.86-1) unstable; urgency=medium
+
+ * New upstream version, identical to RC5 (except for the version string).
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 26 Jul 2015 18:35:33 +0200
+
+exim4 (4.86~RC5-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 18 Jul 2015 11:46:11 +0200
+
+exim4 (4.86~RC4-2) unstable; urgency=medium
+
+ * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463
+ * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock,
+ 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch,
+ 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris,
+ 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler),
+ transition from debian/upstream-signing-key.pgp to
+ debian/upstream/signing-key.asc.
+ * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update
+ exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then
+ properly fix the issue. Closes: #790616
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 05 Jul 2015 11:47:47 +0200
+
+exim4 (4.86~RC4-1) unstable; urgency=medium
+
+ * unexport/undefine TZ in debian/rules for reproducible build. It would be
+ used as default value for TIMEZONE_DEFAULT.
+ * New upstream version.
+ + Unfuzz 31_eximmanpage.dpatch.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 29 Jun 2015 07:43:19 +0200
+
+exim4 (4.86~RC3-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 23 Jun 2015 19:11:19 +0200
+
+exim4 (4.86~RC3-1) experimental; urgency=medium
+
+ * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug
+ 1166671.
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 22 Jun 2015 20:39:11 +0200
+
+exim4 (4.86~RC2-1) experimental; urgency=medium
+
+ * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control
+ (Thanks, lintian).
+ * New upstream version:
+ +Drop included patches.
+ (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch,
+ 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch,
- 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
++ 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
+ 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch)
+ * Sync Debian config with upstream default config:
+ + Set prdr_enable.
+ + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to
+ log_selector option value.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 17 Jun 2015 19:49:58 +0200
+
+exim4 (4.86~RC1-3) experimental; urgency=medium
+
+ * Get time and date of latest debian/changelog entry and patch exim(on) to
+ use these instead of __DATE__ and __TIME__.
+ * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch
+ from GIT to fix FTBFS on kfreebsd.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 13 Jun 2015 15:22:47 +0200
+
+exim4 (4.86~RC1-2) experimental; urgency=medium
+
+ * Pull three post-release fixes from upstream GIT. (null pointer
+ derefencing, and spam scanning defaulting to rspam mode)
+ + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch
+ + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch
+ + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 07 Jun 2015 07:26:13 +0200
+
+exim4 (4.86~RC1-1) experimental; urgency=medium
+
+ * New upstream release.
+ + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch,
+ refresh patches.
+ + Update EDITME*, enable AUTH_TLS for -heavy.
+ + Sync Debian config with upstream default config, rfc1413 calls are now
+ disabled by default.
+ + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741
+ + The spamd_address main option now supports an optional timeout value per
+ server (tmo=timespec), it defaults two 2 minutes. Closes: #297915
+ + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687
+ + log reason for defer, on a hostlist dns-lookup temporary error.
+ Closes: #670035
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 06 Jun 2015 15:41:33 +0200
+
+exim4 (4.85-3) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 28 Apr 2015 19:34:16 +0200
+
+exim4 (4.85-2) experimental; urgency=medium
+
+ * Merge from unstable 4.84-8.
+ + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
+ (<< ${source:Version}.1), at least source version, but not the next
+ sourceful upload. Closes: #777246
+ + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
+ upstream GIT which fixes breakage of string-expansion in headers_remove
+ commands. (Thanks Gordon Dickens, for the pointer.) -
+ 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added
+ here since it already part of 4.85.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 21 Feb 2015 15:38:47 +0100
+
+exim4 (4.85-1) experimental; urgency=medium
+
+ * exim4-config_files.5: Escape dots in regex. (Thanks, ael)
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 13 Jan 2015 18:48:45 +0100
+
+exim4 (4.85~RC4-1) experimental; urgency=medium
+
+ * update-exim4.conf:
+ + Drop unused variable UPEX4C_internal_tmp.
+ + Use tempfile(1) if the generated file will not be written to
+ /var/lib/exim4/.
+ + Add --check option.
+ * init-script: On restart use update-exim4.conf --check before stopping the
+ daemon. (This is a no-op with systemd since its sysv compat layer
+ translates "foo restart" into "foo stop" "foo start" instead of using the
+ init scripts restart target.)
+ * Handle _RC in watchfile with uversionmangle.
+ * New upstream version.
+ + Stop repacking source, rfcs have been dropped.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 31 Dec 2014 14:24:35 +0100
+
+exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 18 Dec 2014 19:07:59 +0100
+
+exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium
+
+ * New upstream version.
+ * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff
+ 70_remove_exim-users_references.dpatch.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 01 Dec 2014 18:54:17 +0100
+
+exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium
+
+ * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
+ neither expects a mbox-style From nor an empty line add the end. (Thanks,
+ Edward Betts) Closes: #769396
+ * Change the init script's restart order from { regenerate_config; stop;
+ start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
+ Closes: #768874
+ * New upstream version.
+ + Unfuzz 66_enlarge-dh-parameters-size.dpatch
+ + Drop 80_mime_empty_charset.diff.
+ * Remove rfc from upstream source and repack it.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 18 Nov 2014 19:28:20 +0100
+
+exim4 (4.84-8) unstable; urgency=medium
+
+ * Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and
+ 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
+ upstream GIT which fix breakage of string-expansion in headers_remove
+ commands. (Thanks Gordon Dickens, for the pointer.)
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 17 Feb 2015 18:00:42 +0100
+
+exim4 (4.84-7) unstable; urgency=medium
+
+ * Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
+ (<< ${source:Version}.1), at least source version, but not the next
+ sourceful upload. Closes: #777246
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2015 15:12:33 +0100
+
+exim4 (4.84-6) unstable; urgency=medium
+
+ * Revert init script's restart order change in 4.84-4 for the time being.
+ This needs a slightly more involved change than I want to push into jessie
+ right now.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 21 Dec 2014 14:07:12 +0100
+
+exim4 (4.84-5) unstable; urgency=medium
+
+ * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans
+ testsuite), extends the fix in 4.84-2.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 17 Dec 2014 19:03:39 +0100
+
+exim4 (4.84-4) unstable; urgency=medium
+
+ * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
+ neither expects a mbox-style From nor an empty line add the end. (Thanks,
+ Edward Betts) Closes: #769396
+ * Change the init script's restart order from { regenerate_config; stop;
+ start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
+ Closes: #768874
+ * 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer overrun
+ with control characters in argument of spam= acl condition.
+ <http://bugs.exim.org/show_bug.cgi?id=1552>
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 30 Nov 2014 08:24:04 +0100
+
+exim4 (4.84-3) unstable; urgency=medium
+
+ * Apply patch to Italian (it) debconf template translation, thanks to
+ s3v <c0llapsed@yahoo.it>. Closes: #764925
+ * Let virtual package cron-daemon fulfill exim4-base's dependency now that
+ bcron provides it instead of "cron" and systemd-cron is fixed.
+ Closes: #765720
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 19 Oct 2014 13:35:56 +0200
+
+exim4 (4.84-2) unstable; urgency=high
+
+ * Add 80_mime_empty_charset.diff from upstream GIT (the parts that change
+ the code, not the testsuite) to handle empty content-type charset.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 29 Aug 2014 19:41:38 +0200
+
+exim4 (4.84-1) unstable; urgency=medium
+
+ * New upstream release.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 14 Aug 2014 19:33:01 +0200
+
+exim4 (4.84~RC2-1) unstable; urgency=medium
+
+ * New upstream release candidate.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 09 Aug 2014 07:42:00 +0200
+
+exim4 (4.84~RC1-3) unstable; urgency=medium
+
+ * Third try. Simply comment *custom* in debian/control.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 02 Aug 2014 09:29:13 +0200
+
+exim4 (4.84~RC1-2) unstable; urgency=medium
+
+ * Re-upload, after manually removing *custom* from the changes file to avoid
+ false detection of NEW packages due to the changes in the archive
+ infrastructure related source-only uploads.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 02 Aug 2014 08:14:54 +0200
+
+exim4 (4.84~RC1-1) unstable; urgency=medium
+
+ * New upstream release candidate, fixing a regression in the MIME handling
+ code.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 02 Aug 2014 07:45:26 +0200
+
+exim4 (4.83-2) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 26 Jul 2014 09:25:15 +0200
+
+exim4 (4.83-1) experimental; urgency=medium
+
+ * New upstream release which includes the fix for CVE-2014-2972.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 23 Jul 2014 08:13:22 +0200
+
+exim4 (4.83~RC3-1) experimental; urgency=medium
+
+ * New upstream release candidate.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 08 Jul 2014 19:07:52 +0200
+
+exim4 (4.83~RC2-1) experimental; urgency=medium
+
+ * New upstream release candidate.
+ + JH/26 Port service names are now accepted for tls_on_connect_ports, to
+ align with daemon_smtp_ports. Bug 72. Closes: #316441
+
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 06 Jun 2014 19:11:24 +0200
+
+exim4 (4.83~RC1-1) experimental; urgency=medium
+
+ * New upstream feature release candidate.
+ + JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+ failed delivery. Closes: #712987
+ * Unfuzz 31_eximmanpage.dpatch and 50_localscan_dlopen.dpatch.
+ * Drop superfluous patches: 75_unbind-ldap-connection.diff
+ 76_fix_ldap_option_setting.diff 77_close-the-server-side-of-TLS.diff
+ 80_fix_ftbfs_hurd.diff
+ * Since exim4-base currently only includes daily cronjobs let anacron
+ fulfill the dependency, too. Systems with missing recommends (anacron
+ recommends cron) that are *not* restarted regularily will therefore not
+ run the cron-job regularily. Exim should not break horribly in this case
+ and we can assume the local system administrator knows what (s)he is doing
+ by disabling installation of recommends. (Policy: "[...] packages that
+ would be found together with this one in all but unusual installations")
+ Closes: #733929
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 29 May 2014 13:09:04 +0200
+
+exim4 (4.82.1-2) unstable; urgency=high
+
+ * [87_double_expansion.diff] from upstream. Stop unwanted double expansion
+ of arguments to mathematical comparison operations. CVE-2014-2972
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 20 Jul 2014 19:05:48 +0200
+
+exim4 (4.82.1-1) unstable; urgency=high
+
+ * New upstream security release, fixing CVE-2014-2957. This is a remote
+ code execution flaw in Exim version 4.82 (only) when built with DMARC
+ support. Debian's binary packages are not built with DMARC support and
+ therefore not vulnerable. However we want to fix this for people building
+ their own binaries based on Debian's packaging.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 28 May 2014 19:01:43 +0200
+
+exim4 (4.82-8) unstable; urgency=medium
+
+ * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against
+ GnuTLS v3.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 12 Apr 2014 16:19:05 +0200
+
+exim4 (4.82-7) unstable; urgency=high
+
+ [ Martin Pitt ]
+ * debian/tests/control: Add missing python test dependency, as
+ debian/tests/security calls python. Closes: #740092
+
+ [ Andreas Metzler ]
+ * 4.82 deprecated $tls_bits, $tls_certificate_verified, $tls_cipher,
+ $tls_peerdn, $tls_sni and introduced tls_in_*/tls_out_* variants of these
+ variables which describe the respective status of the current incoming or
+ outgoing TLS connection. The rationale for this is that a single exim
+ process can now use both an incoming (message reception) and outgoing
+ TLS connection (callout or cutthrough delivery) concurrently. With this
+ change the "old" variables were mapped to tls_in_*, i.e. they expand to
+ empty values on outgoing connections. (This is not yet documented.)
+ Outgoing tls-connections can therefore not be detected by nonempty
+ $tls_cipher anymore. exim4-config << 4.82 used this mechanism to prevent
+ sending of plaintext AUTH information on unencrypted connections. Force a
+ lockstep upgrade of exim4-config by bumping the version of exim4-base's
+ dependency on exim4-config to >= 4.82.
+ Closes: #742901, #736081
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 06 Apr 2014 08:32:11 +0200
+
+exim4 (4.82-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/control: Add missing python test dependency, as
+ debian/tests/security calls python. Closes: #740092
+
+ [ Andreas Metzler ]
+ * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against
+ GnuTLS v3.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 05 Apr 2014 14:18:11 +0200
+
+exim4 (4.82-5) unstable; urgency=medium
+
+ * Upgrade to libdb5.3-dev. Closes: #738637 Be paranoid and bump BDBVERSION
+ in exim4-base.postinst from 3.0 (no idea why this did not read 5.1) to
+ 5.3, therefore purging hints db on upgrades.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 12 Feb 2014 19:31:55 +0100
+
+exim4 (4.82-4) unstable; urgency=medium
+
+ * Correct title/name of exim4-config_files(5). (Thanks, Heiko Schlittermann)
+ Closes: #734212
+ * 80_fix_ftbfs_hurd.diff by Samuel Thibault fixes FTBFS on GNU/hurd due to
+ missing support for TCLASS. Closes: #738445
+ * Add debian/upstream-signing-key.pgp (listed in
+ debian/source/include-binaries) and update watchfile to check
+ upstream signature.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 09 Feb 2014 19:41:34 +0100
+
+exim4 (4.82-3) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 27 Nov 2013 19:51:26 +0100
+
+exim4 (4.82-2) experimental; urgency=low
+
+ * Pull two post-release fixes from upstream git master:
+ + 75_unbind-ldap-connection.diff - Only unbind ldap connection if bind
+ succeeded.
+ + 77_close-the-server-side-of-TLS.diff - Correctly close the server side
+ of TLS when forking for delivery.
+ * Pull 76_fix_ldap_option_setting.diff from Todd Lyons testing tree. See
+ <http://mid.gmane.org/20131029200309.GA277075%40zedat.fu-berlin.de>.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 09 Nov 2013 17:24:59 +0100
+
+exim4 (4.82-1) experimental; urgency=low
+
+ * New upstream stable release.
+ * Drop exim4-config_files.5 symlinks for local_host_whitelist and
+ local_sender_whitelist, add symlinks for host_local_deny_exceptions and
+ sender_local_deny_exceptions instead. Closes: #661365
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 09 Nov 2013 11:52:58 +0100
+
+exim4 (4.82~rc5-1) experimental; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 26 Oct 2013 08:50:58 +0200
+
+exim4 (4.82~rc3-1) experimental; urgency=low
+
+ * New upstream version.
+ + TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard
+ Hall.
+ + TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors
+ looking up a hostname or reverse DNS when processing a host list. Used
+ suggestions from multiple comments on this bug.
+ + TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
+ * Add macros for sending a client certificate on outgoing TLS connections.
+ (REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY,
+ REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY)
+ Closes: #677826
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 12 Oct 2013 09:30:28 +0200
+
+exim4 (4.82~rc2-1) experimental; urgency=low
+
+ * exim-gencert: Generate 2048bit key by default. LP: #1200581
+ * New upstream version.
+ + Drop 80_addmanuallybuiltdocs.diff
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 03 Oct 2013 19:24:59 +0200
+
+exim4 (4.82~rc1-1) experimental; urgency=low
+
+ * New upstream version.
+ + TL/02 Add +smtp_confirmation as a default logging option.
+ Closes: #649600
+ + JH/05 Permit multiple router/transport headers_add/remove lines.
+ Closes: #276126
+ + See /usr/share/doc/exim4-base/NewStuff.gz for other newly added
+ features.
+ * Upload to experimental.
+ * Drop unnecessary patches (30_dontoverridecflags.dpatch
+ 75_openssl_sni.diff 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff
+ 78_pkcs11_init.diff 84_CVE-2012-5671.patch 85_server_set_id_SPA.diff
+ 86_Dovecot-robustness.diff 87_localinjected_mimeacl.diff), unfuzz patches.
+ * Applying upstream's default configuration updates to Debian configuration
+ change 30_exim4-config_examples to use tls_in_cipher/tls_out_cipher
- instead of tls_out_cipher. - exim4-config therefore Breaks
++ instead of tls_out_cipher. - exim4-config therefore Breaks
+ exim daemon << 4.82~rc1.
+ * 80_addmanuallybuiltdocs.diff: Upstream rc tarball ships empty filter.txt
+ and spec.txt, replace these with correct handbuilt versions.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 29 Sep 2013 14:43:25 +0200
+
+exim4 (4.80-9) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 14 Sep 2013 08:05:18 +0200
+
+exim4 (4.80-8) experimental; urgency=low
+
+ * Import updated watchfile by Bart Martens. (Handles more compression types
+ and x.y.revision versioning.)
+ * In initscript invoke pidofproc with a pathname argument as it is
+ documented in LSB and required by lsb-base (>= 4.1+Debian9).
+ Closes: #693696, #718871
+ * Improve exim4-config_files.5 and README.Debian - Warn about unresolvable
+ items in host lists. Closes: #627988
+ * Drop support for "/etc/init.d/exim4 what". It offers zero benefit to
+ invoking exiwhat directly and throws an error mesage, too. (Thanks Regid
+ Ichira for the diagnosis.) Closes: #643720
+ * Set "host_find_failed = ignore" (instead of defer) on smarthost and
+ hub_user_smarthost router. Now if one (of the possibly multiple) listed
+ smarthosts is not resolvable (NXDOMAIN) ignores it and and tries the next
+ listed one. If all listed hosts are unresolvable the mail is still
+ defered, since host_all_ignored is set to defer by default. Therefore the
+ behavior does not change for single-smarthost systems. Closes: #658878
+ * Remove obsolete conffile /etc/cron.monthly/exim4-base which was only
+ shipped in 4.69-3. Closes: #689334
+ * Update exim_db.8, syncing against spec.txt from exim 4.80.
+ * 87_localinjected_mimeacl.diff from upstream GIT. When injecting a message
+ locally in non-SMTP mode, and with MIME ACLs configured, if the ACL
+ rejected the message, Exim would try to `fprintf(NULL, "%s",
+ the_message)`. This fixes that.
+ * [lintian] Escape some dashes in exim4-config_files.5.
+ * Point vcs-* to anonscm.
+ * Remove pidfile after stopping the daemon, exim does not remove it itself.
+ Closes: #702988
+ * eu.po: Fix last reference to /usr/share/doc/exim4-base/README.Debian
+ (without either .html or .gz suffix). Closes: #394975
+ * Merge autopkgtests from Ubuntu (Thanks Yolanda Robla for the pointer)
+ Closes: #710018
+ + tests/CVE-2010-4344.py is GPLv2 - Add license header.
+ + tests/daemon and tests/security do not use bashisms, change shebang
+ to /bin/sh.
+ * Upload to experimental, due to perl transition.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 01 Sep 2013 15:58:49 +0200
+
+exim4 (4.80-7) unstable; urgency=low
+
+ * Use exim's ${quote:xxx} operator when invoking spfquery to disallow
+ bypassing of SPF validation by using special mailbox names. (Thanks to
+ Lekensteyn for diagnosis and testing.) Closes: #697057
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 02 Jan 2013 19:37:21 +0100
+
+exim4 (4.80-6) unstable; urgency=low
+
+ * Cherrypick two changes from GIT:
+ + 85_server_set_id_SPA.diff: server_set_id was not stored in
+ $authenticated_id when using SPA authentication.
+ http://article.gmane.org/gmane.mail.exim.user/92181
+ + 86_Dovecot-robustness.diff: robustness fixes for the Dovecot
+ authenticator.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 21 Nov 2012 19:08:53 +0100
+
+exim4 (4.80-5.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling.
+
+ -- Nico Golde <nion@debian.org> Thu, 25 Oct 2012 20:11:11 +0200
+
+exim4 (4.80-5) unstable; urgency=low
+
+ * Fix grammar error in debian/manpages/exim4-config_files.5. (Thanks,
+ Regid Ichira)
+ * Fix hardening support. (Thanks, Simon Ruderich)
+ + Append $(CPPFLAGS) to CFLAGS, the exim buildsystem does not use it.
+ + Set LFLAGS += $(LDFLAGS) in debian/rules.
+ Closes: #687645
+ * Correct typo in Russian debconf translation. (Thanks, Krasu)
+ Closes: #683385
+ * Point Vcs-* to git repository.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 23 Sep 2012 12:20:16 +0200
+
+exim4 (4.80-4) unstable; urgency=low
+
+ * Disable autoloading of PKCS#11 modules. Closes: #678238
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 23 Jun 2012 18:35:03 +0200
+
+exim4 (4.80-3) unstable; urgency=low
+
+ * Pull 75_openssl_sni.diff from upstream. - Segfault caused by NULL
+ dereference if Exim is built using OpenSSL, tls_sni is used and a
+ forced expansion failure is configured.
+ * Pull 76_tls_dh_min_bits.diff (and the corresponding doc change
+ 77_docsfortls_dh_min_bits.diff) from upstream. Adds a new SMTP transport
+ option tls_dh_min_bits for setting the minimal size of DH parameters.
+ * Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport
+ option. Closes: #676563
+ * [lintian] Stop shipping empty directory /usr/share/exim4 in exim4-base.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 08 Jun 2012 12:37:05 +0200
+
+exim4 (4.80-2) unstable; urgency=low
+
+ * [Brown paper bag] actually target unstable in changelog.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 03 Jun 2012 17:24:05 +0200
+
+exim4 (4.80-1) experimental; urgency=low
+
+ * New upstream version, identical to rc7.
+ * Add a missing piece of documentation to update-exim4.conf.8. DCreadhost
+ is not only used for rewriting, in satellite setup it is also
+ the host where local mail is delivered to. (Thanks, Regid Ichira).
+ Closes: #675712
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 03 Jun 2012 16:49:51 +0200
+
+exim4 (4.80~rc7-1) experimental; urgency=low
+
+ * New upstream version.
+ * Let debian/EDITME.openssl.exim4-light.diff apply again.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 29 May 2012 19:33:07 +0200
+
+exim4 (4.80~rc6-1) experimental; urgency=low
+
+ * Ship newly available GnuTLS-FAQ.txt in exim4-base.
+ * Upstream's handling of GnuTLS DH parameters has changed, hardcoded
+ parameters (from RFCs are used by default. See
+ /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
+ /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
+ and /var/spool/exim4/gnutls-params-2236.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2012 18:46:48 +0200
+
+exim4 (4.80~rc5-1) experimental; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 24 May 2012 20:20:24 +0200
+
+exim4 (4.80~rc4-1) experimental; urgency=low
+
+ * New upstream version.
+ + Unfuzz 50_localscan_dlopen.dpatch
+ + Drop 80_revert_stringformatprintf.diff, superseded upstream.
+ + Default DH param size switched to 2236 for NSS compat. Update
+ generation script and shipped parameters.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 21 May 2012 20:00:18 +0200
+
+exim4 (4.80~rc2-1) experimental; urgency=low
+
+ * Fix typo in retry/30_exim4-config (s/frequenzy/frequency/) (Thanks, Regid
+ Ichira). Closes: #646338
+ * dpkg-buildflags supersedes hardening-wrapper. set
+ DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie to use features enabled
+ by hardening-wrapper by default. Make sure to always set -Wall.
+ * List mapppings between debconf choices ("mail sent by smarthost; no local
+ mail" et al.) and corresponding values of the DC_eximconfig_configtype
+ macro in update-exim4.conf(8). Closes: #651883
+ * README.Debian.*: Correct documentation of the lowuid_aliases router. - The
+ macro is named FIRST_USER_ACCOUNT_UID instead of FIRST_USER_UID. (Thanks,
+ Yubao Liu) Closes: #653058
+ * add more verbose help to /etc/default/exim4. Closes: #653272
+ * Updated French debconf templates translation. (thanks for proofreading,
+ debian-l10n-french!) Closes: #668475
+ * Fix typo usualy in update-exim4.conf.8.
+ * Add source lintian override (debian/source/lintian-overrides) for
+ binaries-have-file-conflict exim4-daemon-heavy-dbg exim4-daemon-light-dbg.
+ *-daemon-dbg depends on the respective -daemon, and the daemon-packages
+ conflict with each other.
+ * New upstream version:
+ + Unfuzz patches
+ + Update 66_enlarge-dh-parameters-size.dpatch. This is now a noop if built
+ against gnutls >= 2.12.
+ + Default DH param size is 2432, update generation script and shipped
+ parameters.
+ + Unfuzz/update */EDITME/*. Update debian/example.conf.md5.
+ + 80_revert_stringformatprintf.diff. Do not mark string_format() as
+ PRINTF_FUNCTION(3,4) to allow compilation with -Wformat
+ -Werror=format-security
+ + Sets accept_8bitmime = true by default. Closes: #445013
+ + Uses GnuTLS priority string for configuration. (See NEWS.Debian)
+ Closes: #624041
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 20 May 2012 15:57:15 +0200
+
+exim4 (4.77-1) unstable; urgency=low
+
+ * Fix typo in exim4-config_files.5. (Thanks, Regid Ichira) Closes: #645283
+ * New upstream stable release. (No major changes compared to rc4)
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 18:00:11 +0200
+
+exim4 (4.77~rc4-1) experimental; urgency=low
+
+ * New upstream release candidate.
+ + drop patches included in this release.
+ (80_gnutls_certificate_verify_peers2.diff 80_gnutls_initrc.diff
+ 80_TLS1.2-and-TLS1.1-support.diff)
+ + New expansion conditions, "inlist", "inlisti".
+ + Exim no longer performs string expansion on the second string of
+ the match_* expansion conditions: "match_address", "match_domain",
+ "match_ip" & "match_local_part". Named lists can still be used. The
+ previous behavior made it too easy to create (remotely) vulnerable
+ configurations. A more detailed rationale and explanation can be found
- on
++ on
+ https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
+ + doc/pcrepattern.txt is not shipped anymore as part of the exim tarball
+ (and therefore the Debian package suite.)
+ * Make use of /usr/share/dpkg/buildflags.mk if available.
+ * Change build system to build each binary variant in a separate copy of
+ the source tree instead of re-using the copy and moving away the results
+ after build. The old approach stopped working since upstream added a
+ dependency on make all to make install. - As we were changing parts of
+ tree (Local/Makefile) after the build this caused an (incorrect) rebuild
+ on make install.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 08 Oct 2011 13:07:35 +0200
+
+exim4 (4.76-4) experimental; urgency=low
+
+ * 80_TLS1.2-and-TLS1.1-support.diff (pulled from upstream GIT gnutls_fixes
+ branch): Enable TLS1.2 and TLS1.1
+ * 80_gnutls_certificate_verify_peers2.diff, 80_gnutls_initrc.diff (pulled
+ from upstream GIT gnutls_fixes branch): Use
+ gnutls_certificate_verify_peers2() instead of
+ gnutls_certificate_verify_peers(). The deprecated function was dropped in
+ GnuTLS 3.x. Closes: #624082
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 24 Sep 2011 18:36:08 +0200
+
+exim4 (4.76-3) unstable; urgency=low
+
+ * [exim4-base.cron.daily] Correct invocation of mail(1), options need to be
+ specified before arguments for compatibility with heirloom-mailx (Thanks,
+ Andreas Schiweck). Closes: #629314
+ * [exim4-base.exim4.init] Use echo instead of log_failure_msg for the panic
+ log warning. Closes: #629610
+ * [exim4-base.postinst] Also take care of ratelimit db on bdbd upgrades.
+ Closes: #630985
+ * Update Debian exim webpage URL. Closes: #641126
+ * Do not run upgrade test for 4.67-5 on exim4.conf.template if split config
+ is used and vice versa. Closes: #577633
+ * [lintian] Do not specify priority in binary package stanzas, unless it
+ deviates from the source package priority setting.
+ * [lintian] Drop unused lintian override binary-without-manpage
+ usr/sbin/exim.
+ * [lintian] Improve on short descriptions of *-dbg packages.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 18 Sep 2011 11:49:13 +0200
+
+exim4 (4.76-2) unstable; urgency=low
+
+ * debian/rules: Remove test/ and test-stamp on clean.
+ * Handle BerkeleyDB upgrades more gracefully. Instead of checking Debian
+ version numbers compare DB-version of old exim (stored by postinst in
+ /var/lib/exim4/berkeleydbvers.txt) with currently used DB-version
+ (hardcoded at build time in exim4-base.postinst).
+ * [exim4-base.postinst exim4-config.postinst] Do away with unnecessary
+ chowns by dropping them or limiting to upgrades from 4.30.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 29 May 2011 18:21:03 +0200
+
+exim4 (4.76-1) unstable; urgency=low
+
+ * New upstream version.
+ * Drop 80_match_isinlist.diff (included upstream).
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 09 May 2011 19:12:09 +0200
+
+exim4 (4.76~RC1-3) experimental; urgency=low
+
+ * 80_match_isinlist.diff pulled from upstream git.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2011 14:44:20 +0200
+
+exim4 (4.76~RC1-2) experimental; urgency=low
+
+ * Fix testsuite error.
+ * Disable verification of DKIM signatures if DC_minimaldns or the (newly
+ added) DISABLE_DKIM_VERIFY macro are set. Closes: #609764
+ * [lintian] Drop useless comments from debian/watch.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2011 08:58:24 +0200
+
+exim4 (4.76~RC1-1) experimental; urgency=low
+
+ * New upstream version.
+ * Drop superfluous patches. 80_ldap_require_cert-work.diff
+ 81_negatebool.diff 82_dkimpercent.diff
+ * [Lintian] Fix grammar error in manpage (spelling-error-in-manpage
+ update-exim4defaults.8.gz allows to allows one to).
+ * [debian/minimaltest]: Added. Try to run a minimal functionality test after
+ building exim. (Currently only supported if the build-system has a
+ Debian-exim user.)
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 06 May 2011 20:27:56 +0200
+
+exim4 (4.75-3) unstable; urgency=high
+
+ * [debian/rules] Fix dependencies and targets, speeding up package build.
+ Previously everything was compiled twice.
+ * Patches pulled from upstream git:
+ +81_negatebool.diff Negating the $bool expansion condition did not work.
+ +82_dkimpercent.diff dkim sig logged to paniclog. Closes: #624670
+ (CVE-2011-1764)
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 06 May 2011 20:08:51 +0200
+
+exim4 (4.75-2) unstable; urgency=low
+
+ * clamav socket on Debian is clamd:/var/run/clamav/clamd.ctl, fix
+ configuration example accordingly. (Thanks, Roman V. Nikolaev)
+ Closes: #622111
+ * Use on libdb5.1-dev (instead of 4.8), zap hints db on upgrade from <=
+ 4.75-1. Closes: #621388
+ * Enable hardening options. (Last difference to Ubuntu except for not being
+ the default-mta there.) Closes: #542726
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 16 Apr 2011 14:45:36 +0200
+
+exim4 (4.75-1) unstable; urgency=low
+
+ * New upstream version.
+ * 80_ldap_require_cert-work.diff Pulled from upstream git. The new
+ ldap_require_cert option would segfault if used.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 28 Mar 2011 19:24:55 +0200
+
+exim4 (4.75~rc3-1) experimental; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 03 Mar 2011 19:10:06 +0100
+
+exim4 (4.75~rc2-1) experimental; urgency=low
+
+ * New upstream version.
+ + Fixes exiqgrep "Line mismatch" error on messages without size info.
+ Closes: #528625
+ + Restore default SIGPIPE handler for child_open_uid. Closes: #573779
+ * Enable verbose compilation.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 27 Feb 2011 11:59:45 +0100
+
+exim4 (4.74-2) unstable; urgency=low
+
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 24 Feb 2011 19:02:07 +0100
+
+exim4 (4.74-1) experimental; urgency=low
+
+ * 4.74 release, should build on hurd again.
+ * Fix some lintian --pedantic issues: copyright-refers-to-symlink-license
+ maintainer-script-without-set-e debian-control-has-unusual-field-spacing
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 29 Jan 2011 15:39:51 +0100
+
+exim4 (4.74~rc2-1) experimental; urgency=low
+
+ * In spf example use spf-tools-perl's spfquery instead of the one from
+ libmail-spf-query-perl. Do not try to use unimplemented best-guess
+ support. Update Suggests accordingly. Closes: #608336
+ * Add headers in ACL by using the add_header modifier instead of "message".
+ (This modifier has been available since 4.61.) Closes: #609308
+ * New upstream version.
+ + includes the fix for CVE-2011-0017
+ + If a non-debug daemon was invoked with a non-whitelisted macro, then
+ logs from after attempting delivery would be silently lost, including
+ for successful delivery. This log-loss bug was introduced in 4.73
+ as part of the security lockdown. Closes: #610611
+ + Update some patches.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 23 Jan 2011 14:02:36 +0100
+
+exim4 (4.73~rc1-1) experimental; urgency=low
+
+ * New upstream release candidate.
+ * Drop included patches. 80_4.73rc1_*, 40_dkimnotinpaniclog.diff.
+ * Update 31_eximmanpage.dpatch.
+ * exim4 now uses INSTREAM (added in clamav 0.95) instead of STREAM when
+ talking to clamav. exim4-daemon-heavy therefore Breaks: clamav-daemon
+ (<< 0.95).
+ * Unfuzz EDITME*diff.
+ * Dependency changes:
+ + Drop exim4-config's conflicts with bash (<< 2.05). This was relevant
+ pre-sarge.
+ + Drop exim4-daemon-* dependency on exim4-base (>> 4.71-2). This one is
- superfluous because of of the dependency on
++ superfluous because of of the dependency on
+ exim4-base (>= ${Upstream-Version}).
+ + exim4-config breaks instead of conflicts with pre-DKIM (i.e. << 4.69.1)
+ exim4-daemon.
+ + exim4-base breaks instead of conflicts with <<${Upstream-Version} daemon
+ packages.
+ * Add Vcs-Svn and Vcs-Browser fields to debian/control.
- * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of
++ * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of
+ libmysqlclient15-dev. libmysqlclient-dev is not a virtual package
+ anymore. Closes: #590218
+ * Use db_settitle unconditionally, even etch supports this. Drop unneeded
+ lintian override exim4-config: settitle-requires-versioned-depends.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 27 Dec 2010 19:48:19 +0100
+
+exim4 (4.72-6) unstable; urgency=high
+
+ * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges
+ were dropped. This fixes a regression from 4.72-2, it was not possible to
+ test filter files with exim4 -bf anymore. Closes: #611572
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 31 Jan 2011 19:05:48 +0100
+
+exim4 (4.72-5) unstable; urgency=medium
+
+ * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug
+ daemon was invoked with a non-whitelisted macro, then logs from after
+ attempting delivery would be silently lost, including for successful
+ delivery. This log-loss bug was introduced as part of the security
+ lockdown for fixing CVE-2010-4345. Closes: #610611
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 29 Jan 2011 14:33:36 +0100
+
+exim4 (4.72-4) unstable; urgency=medium
+
+ * In spf example use spf-tools-perl's spfquery instead of the one from
+ libmail-spf-query-perl. Do not try to use unimplemented best-guess
+ support. Update Suggests accordingly. Closes: #608336
+ * 80_4.74_CVE-2011-0017.patch (Pulled from upstream git): Check return
+ values of setgid/setuid. This is a privilege escalation vulnerability
+ whereby the Exim run-time user can cause root to append content of the
+ attacker's choosing to arbitrary files.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 22 Jan 2011 17:48:19 +0100
+
+exim4 (4.72-3) unstable; urgency=low
+
+ * [README.Debian*] Correct command for manual paniclog rotation. (Thanks,
+ Jörg Sommer) Closes: #602188
+ * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts.
+ This would not work with ALT_CONFIG_PREFIX.
+ * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1.
+ Closes: #606527
+ + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by
+ the Exim user or group.
+ + 2_permcheck_configurefile: Check configure file permissions even for
+ non-default files if still privileged.
+ + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option,
+ effectively making it always true.
+ + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the
+ daemon, to ensure that rogue child processes cannot use them.
+ + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option.
+ + 6_nonroot_system_filter_user: If the system filter needs to be run as
+ root, let that be explicitly configured. The default is now the Exim
+ run-time user.
+ + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values
+ for the -D option.
+ + 8_updatedocumentation: Update documentation to reflect the changes.
+ * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim
+ will not regain root privileges (usually necessary for local delivery) if
+ the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are
+ exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING.
+ * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch
+ 3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges
+ (usually necessary for local delivery) if the -C option was used. This
+ makes it impossible to start a fully functional damon with an alternate
+ configuration file. /etc/exim4/trusted_configs (can) contain a list of
+ filenames (one per line, full path given) to which this restriction does
+ not apply.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 26 Dec 2010 15:13:08 +0100
+
+exim4 (4.72-2) unstable; urgency=low
+
+ [ Marc Haber ]
+ * Apply patch to russian (ru) debconf template, thanks to Тим
+ Алексеевский and Tim Alexeevsky. Closes: #576202
+ * fix exim4-config_files man page, mention
+ {host|sender}_local_deny_exceptions instead of
+ local_{host|sender}_whitelist. Thanks to Fabien André in #578176
+ * add !acl = acl_local_deny_exceptions to defer stanzas in SPF code.
+ Thanks to Fabien André. Closes: #578176
+ * Re-work config.autogenerated header to more exactly reflect
+ configuration source. (mh) Closes: #593984
-
++
+ [ Andreas Metzler ]
+ * Fix getopt invocation to make update-exim4.conf.template -o work. (Thank
+ you Matthew W. S. Bell) Closes: #590333
+ * 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging
+ non-critical DKIM errors in paniclog. Closes: #567876
+ * Debconf translations:
+ - Danish. Closes: #592792
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 30 Oct 2010 13:38:26 +0200
+
+exim4 (4.72-1) unstable; urgency=low
+
- * New upstream release. (Identical to the git snapshot previously
++ * New upstream release. (Identical to the git snapshot previously
+ uploaded to experimental.)
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 03 Jun 2010 17:42:52 +0200
+
+exim4 (4.72~20100529-1) experimental; urgency=low
+
+ * Git snapshot 20100529.
+ + Fix documentation for exipick -bpra. #574778
+ + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp.
+ (Debian's default configuration does not use MBX format, but the
+ exim4-daemon-heavy binary supports MBX.)
+ + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory.
+ (Probably not relevant for Debian systems at all, since the mail spool
+ is 2775 root:mail.)
+ + Dovecot authenticator ignores unknown keywords, making it compatible
+ with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0).
+ See Changelog for complete list.
+ * Drop patches included upstream: 36_typoinexipick.diff
+ 20_PDKIM-Upgrade-PolarSSL.diff.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 30 May 2010 14:01:52 +0200
+
+exim4 (4.71-4) unstable; urgency=low
+
+ * Drop unneeded lintian overrides.
+ + description-contains-homepage
+ + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg.
+ + partially-translated-question
+ + maintainer-script-needs-depends-on-update-inetd
+ + possible-bashism-in-maintainer-script
+ + binary-without-manpage
+ + possible-debconf-note-abuse
+ + changelog-not-compressed-with-max-compression
+ * Lintian informational hints:
+ + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5
+ debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8
+ * Use dh_lintian.
+ * Fix sourcing of lsb-functions in init-script. Test for existence of
+ /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions.
+ If they are not present the package's dependencies are not installed.
+ Bump dependency on lsb-base to 3.0-6. (log_action_*)
+ * Update reference to spec.txt in README.Debian. Closes: #568051
+ * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different
+ implementations of spfquery in Debian, with incompatible commandline
+ switches and different exit codes. Closes: #573956
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 25 Mar 2010 17:34:30 +0100
+
+exim4 (4.71-3) unstable; urgency=low
+
+ * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles.
+ Closes: #501892
+ * exim4-base.postinst: If exim_dumpdb fails to read a hints-db also remove
+ Berkeley DB logfiles.
+ * Switch to Berkeley DB 4.8 (from 4.6). Zap hints db on upgrade. Temporarily
+ make -daemon packages depend on exim4-base >> 4.71-2. (This can be removed
+ after the next upstream release.)
+ Closes: #548479
+ * control: Drop bzip2 from Build-Depends. Use line-wrapping for
+ Build-Depends.
+ * 36_typoinexipick.diff: Fix a typo in exipick manpage. (Lintian).
+ * exim4-base.postinst: Redirect status message to stderr.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 01 Jan 2010 13:41:44 +0100
+
+exim4 (4.71-2) unstable; urgency=low
+
+ * Pulled from upstream: 20_PDKIM-Upgrade-PolarSSL.diff. Update files copied
+ from PolarSSL to 0.12.1.
+ * Add example file to set smarthost from /etc/network/interfaces (mh)
+ * Add DKIM_* macros on remote smtp transports for setting the corresponding
+ dkim_* options.
+ * Upload to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 12 Dec 2009 13:24:21 +0100
+
+exim4 (4.71-1) experimental; urgency=low
+
+ * New upstream version.
+ + Drop patches included upstream. 51_dkimrelatedcrash.diff
+ 51_noreject_unsigned.diff.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 28 Nov 2009 12:03:50 +0100
+
+exim4 (4.70-2) experimental; urgency=low
+
+ * 51_noreject_unsigned.diff Fix a dkim related expansion error that appears
+ when the expanded value of dkim_verify_signers winds up empty and
+ acl_smtp_dkim is defined. (This has the effect of rejecting any mail
+ without DKIM signature.)
+ * Work around 490937 by removing CHANGES.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 21 Nov 2009 10:15:41 +0100
+
+exim4 (4.70-1) experimental; urgency=low
+
+ * Point watchfile to ftp.exim.org.
+ * Use dpkg-source v3 instead of dpatch, simplifying debian/rules a little
+ bit.
+ * New upstream version.
+ + Pull 51_dkimrelatedcrash.diff fixing a segfault only applying to the
+ 4.7x series. http://bugs.exim.org/show_bug.cgi?id=912
+ * debhelper v7 mode.
+ + Use -XCHANGES to Keep dh_installchangelogs v7 from insisting to install
+ ./CHANGES as upstream changelog.
+ + Bump build-dependency.
+ + Use dh_prep instead of dh_clean -k.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 15 Nov 2009 13:10:32 +0100
+
+exim4 (4.70~rc4-1) experimental; urgency=low
+
+ * New upstream version.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 11 Nov 2009 19:04:35 +0100
+
+exim4 (4.70~cvs+20091030-1) experimental; urgency=low
+
+ * New upstream snapshot.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 31 Oct 2009 10:08:55 +0100
+
+exim4 (4.70~cvs+20091026-1) experimental; urgency=low
+
+ * New snapshot.
+ + Fixes segfault in dovecot authenticator. Closes: #551106
+ + Improved documentation regarding certifacte verification on outgoing
+ SMTP connections. Closes: #544472
+ * Drop 40_boolean_redefine_protect.dpatch - included upstream.
+ * Drop unapplied superfluous patches from diff: 36_pcre 37_exiwhatpsmisc.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 26 Oct 2009 16:09:32 +0100
+
+exim4 (4.70~cvs+20091017-1) experimental; urgency=low
+
+ * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert)
+ * New upstream cvs snapshot.
+ + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc.
+ + Close dovecot socket after wrong password was given. Closes: #515503
- + Standalone DKIM support. Obsoletes and therefore
++ + Standalone DKIM support. Obsoletes and therefore
+ Closes: #486437,#459883
+ * Drop upstream URL from package descriptions. Closes: #471425
+ * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable
+ has 1.16. Closes: #486436.
+ * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients
+ (e.g Outlook) will terminate the SSL connection when the server presents
+ the long list of accepted TLS certificates after STARTTLS. If TLS
+ certificate validation of clients is needed you'll need to set
+ MAIN_TLS_TRY_VERIFY_HOSTS again and point MAIN_TLS_VERIFY_CERTIFICATES to
+ a file containing only the accepted certificates.
+ Closes: #515999, #316522, #482012
+ * Add debian/README.source. (Policy 3.8.3)
+ * Fix typo in update-exim4.conf.8.
+ Thanks to Calum Mackay. Closes: #543354
+ * Listen on IPv6 loopback interface by default. (Only applies to fresh
+ installations.) Closes: #544292
+ * upstream default configure file explicitly disables dkim in some
+ instances. Merge into Debian config and update debian/example.conf.md5.
+ Bump Conflicts of exim4-config package.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 17 Oct 2009 14:26:54 +0200
+
+exim4 (4.69-11) unstable; urgency=medium
+
+ * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy
+ package currently, and due its strict dependencies uninstallable until
+ the most recent version of lynx-cur has been built.)
+ * Work around sed's improved unicode support, not accepting latin1
+ characters as pattern delimiters in UTF-8 locales anymore. Closes: #527445
+ + [update-exim4.conf] Go for / as separator instead. - This might have
+ served a purpose in earlier releases with free-form replacements but is
+ just overcomplicated now.
+ + [update-exim4defaults]: The tricky bits for exim options are the
+ ones that take a filename as argument (e.g. -C and -oX) or -D for
+ overriding macros. Use LC_CTYPE=C.
+ + [exim4-config.config] The sed commands deals with (lists of) hostnames
+ and IP(v6) addresses and nets. Use LC_CTYPE=C.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 10 May 2009 10:15:34 +0200
+
+exim4 (4.69-10) unstable; urgency=low
+
+ [ Andreas Metzler ]
+ * Use macro CONFDIR in lowuid_aliases router, too. Closes: #507124
+ * Disable shell filename expansion in update-exim4.conf using set -f.
+ Closes: #515668
+ * Stop using set -u in update-exim4.conf. With version 4.0 bash changed its
+ behavior to throw an error on expansion of $* or $@ with set -u if no
+ positional parameters were given. Working around this is obnoxious and
+ harms readability, imho doing away with set -u's benefits. Closes: #518752
+ * Allow setting outgoing smtp helo/ehlo by setting
+ REMOTE_SMTP_HELO_DATA macro directly. Previously this was just supposed
+ to be used as a helper macro for REMOTE_SMTP_HELO_FROM_DNS.
+ REMOTE_SMTP_HELO_FROM_DNS overrides a manual REMOTE_SMTP_HELO_DATA data
+ setting. Closes: #514113
+ * [README.Debian] Bring documentation for Diffie-Hellman parameters up to
+ current practice, mainly by deleting most of the outdated docs.
+ Closes: #508749
+ * [exim4 init-script]. Modify check for smtp inetd entry to use an anchored
+ pattern, matching "smtp" but not "smtp-foo". Closes: #516146
+ * exim4-daemon-light now Provides: default-mta. See #508644.
- * Ship both transport-filter.pl and ratelimit.pl in
++ * Ship both transport-filter.pl and ratelimit.pl in
+ /usr/share/doc/exim4-base/examples. Closes: #518836
+ * [lintian] Add ${misc:Depends} to all Depends.
+ * [lintian] Add override for dbg-package-missing-depends exim4-dbg.
+ * Sync debian/control with override file by moving *-dbg to section debug.
+ * Fix grammar error in update-exim4.conf.8. (Thank's, Gerfried Fuchs)
+ Closes: #525248
+
+ [ Christian Perrier ]
+ * Debconf translations:
+ - Asturian. Closes: #511624
+ - Belarusian. Closes: #516049
+ - Kazakh added. Closes: #520996
+ - Slovak. Closes: #523447
+ - Bengali added.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 02 May 2009 09:05:56 +0200
+
+exim4 (4.69-9) unstable; urgency=medium
+
+ * [update-exim4.conf]: Use POSIX character classes [:alnum:] or explicit
+ listing ("ABCDEF..") instead of a-z, since the latter does not work as
+ expected in some locales. Closes: #500691
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 30 Sep 2008 20:12:27 +0200
+
+exim4 (4.69-8) unstable; urgency=low
+
+ [ Andreas Metzler ]
+ * Quote last n lines (configurable by changing the value of
+ E4BCD_PANICLOG_LINES, defaults to 10) of paniclog in warning
+ email sent out on non-empty paniclog. Closes: #499492
+ * Fix evaluation logic of E4BCD_WATCH_PANICLOG for sending out warning
+ e-mails about non-empty paniclog in daily cron-job to match documentation:
+ + yes: Send daily warning e-mails, do not touch panniclog.
+ + once: Send out the mail and rotate paniclog afterwards.
+ + no: Do nothing. (Logfile is rotated when its size reaches 10 MB.)
+ (Previously the interpretations of "once" and yes were mixed up.)
+
+ [ Debconf translations ]
+ * Catalan. Closes: #499299
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 28 Sep 2008 12:01:39 +0200
+
+exim4 (4.69-7) unstable; urgency=low
+
+ [ Andreas Metzler ]
- * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in
++ * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in
+ README.Debian.xml.
+
+ [ Debconf translations ]
+ * Korean. Closes: #491518
+ * Lithuanian. Closes: #497402
+ * Greek. Closes: #498466
+ * Esperanto. Closes: #498796
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 16 Sep 2008 19:14:08 +0200
+
+exim4 (4.69-6) unstable; urgency=high
+
+ [ Debconf translations ]
+ * Malayalam. Closes: #479466
+ * Albanian. Closes: #480282
+ * Polish. Closes: #481638
+ * Vietnamese. Closes: #482641
+ * Turkish. Closes: #482714
+ * Brazilian Portuguese. Closes: #485384
+ * Finnish. Closes: #489171
+
+ [ Marc Haber ]
+ * Have timeout.pl print a meaningful error message if perl-modules
+ is not installed. Have exim4-base recommend perl-modules.
+ Thanks to Tom Schouten. Closes: #482319
+ * Create gnutls-params with mode 644 in the first place.
+ Thanks to Jean-Luc Coulon. Closes: #481765
+ * Replace ~/.rnd with $HOME/.rnd in exim_gencerts. Thanks to
+ Ross Boylan for noticing this.
+ * exim4-config.config: send hostname --fqdn stderr to /dev/null,
+ we handle errors properly. Thanks to Andrew Vaughan in #481597.
+
+ [ Andreas Metzler ]
+ * Fix typos/other errors in README.Debian.xml. Improve formatting.
+ (Thank's Georg Neis and Paul Menzel) Closes: #486105, #486106, #486116
+ * Revert fancy quoting in initscript. Closes: #486667,#482752
+ (fixes rc-bugs).
+ * [debian/control README.Debian.xml] Spelling fix ("metapackage" instead of
+ "meta-package"). Thank's lintian
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 19 Jul 2008 19:56:36 +0200
+
+exim4 (4.69-5) unstable; urgency=low
+
+ * remove chmod/chown code from exim4_refresh_gnutls-params completely
+ * do not remove gnutls-params in exim4-base.postinst
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 28 Apr 2008 21:46:18 +0200
+
+exim4 (4.69-4) unstable; urgency=low
+
+ * update-exim4.conf: Fix impossible code path in guessed_name check. Ouch.
+ Thanks to Anand Kumria. Closes: #478066
+ * Regenerating the 2048 bits DH parameters takes too long for slow
+ systems, disable (both in the monthly cron job and postinst) and
+ document that paranoid people will want to regenerate them manually.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Apr 2008 10:06:39 +0200
+
+exim4 (4.69-3) unstable; urgency=low
+
+ * The "please do not file duplicate bugs" release
+
+ [ Marc Haber ]
+ * Work around lsb-base regression (#477055, "wontfix") by changing
+ the way we quote exim's arguments in the init script, hoping that
+ this does not sacrifice robustness.
+ Closes: #477194, #477236, #477239, #477258, #477562, #476987
+ * README.Debian.xml: Fix router/transport pair typo.
+ Thanks to Georg Neis. Closes: #463573
+ * Have exim4-base Suggest swaks
+ * Relax exim4-dbg dependency on eximon4 to a recommends (see #463929).
+ * 30_exim4-config_check_rcp: Remove mention of /usr/share/doc/exim4-
+ config/default_acl in favor of exim4-config_files(5).
+ Thanks to Jon Dowland. Closes: #464539
+ * Move paniclog log rotation to /etc/logrotate.d/exim4-paniclog to
+ allow people to manually rotate the paniclog only by calling
+ logrotate -f /etc/logrotate.d/exim4-paniclog. Thanks to Josip Rodin
+ (#396003) for this nice idea. Implement E4BCD_WATCH_PANICLOG=once
+ as suggested by Vasilis Vasaitis.
+ * activate dlfunc. Closes: #471314
+ * set LC_ALL=C in debian/rules. Thanks to Michael Meskes. Closes: #471486
+ * Document that Incredimail's TLS "implementation" breaks on a
+ certificate request. Thanks to Andrew McGlashan. Closes: #459323
+ * Fix parenthesis mismatch in README.Debian
+ * exim4_refresh_gnutls-params: Call openssh dhparam with
+ HOME=$EXIM4_SPOOLDIR so that openssl's .rnd file is placed there.
+ * update-exim4.conf: print a warning if dc_minimaldns and hostname
+ --fqdn does not print a fully qualified name. Thanks to Lothar
+ Ketterer. Closes: #476249
+ * DH parameters handling: Closes: #475194
+ * add dpatch to have exim use 2048 bit DH parameters
+ * ship static gnutls-params file with the package.
+ * Override resulting lintian warning.
+ * generate new gnutls-params only monthly and in postinst on configure.
+ * exim4_refresh_gnutls-params:
+ * generate 2048 bit DH parameters
+ * dh-params file can be world readable
+ * Filter out noise from mainlog before handing it off to eximstats
+ in daily cron job. Thanks to Justin Pryzby. Closes: #476541
+ * Move docs from Apps/Net to Network/Communication
+ * linda R.I.P.
-
++
+ [ Robert Millan ]
+ * Process acl_local_deny_exceptions ACL before rejecting a message in SPF
+ check. Thanks to Miklos Szeredi. Closes: #451633
+
+ [ Andreas Metzler ]
- * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks,
++ * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks,
+ Filipus Klutiero) Closes: #471113
+ * exiwhat: Check at runtime whether killall is available. Fall back to a
+ combination of 'ps ax' and regular kill otherwise.
+ Closes: #476455
+ * Fix wrong logic in testing for existence of lsb-base functions in init
+ script. (Thanks, Tim Cross) Closes: #477578
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 26 Apr 2008 00:00:30 +0200
+
+exim4 (4.69-2) unstable; urgency=low
+
+ [ Marc Haber ]
+ * update-exim4.conf: fix bashism echo -n in preprocess_macro.
+ Thanks to Michal Politowski. Closes: #462173
+
+ [ Christian Perrier ]
+ * Debconf translations updates:
+ - German. Thanks to Eric Schanze. Closes: #462673
+
+ [Andreas Metzler]
+ * Add missing .P to exim_db.8 to fix indenting. (Thanks, David L. Anselmi)
+ Closes: #462712
+ * Add (disabled) patch to save random seed to a file
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 30 Jan 2008 09:26:56 +0100
+
+exim4 (4.69-1) unstable; urgency=low
+
+ [ Marc Haber ]
+ * New upstream version.
+ - improve --help handling. Closes: 438435
+ * Debconf translations updates:
+ - Dutch. Thanks to Bart Cornelis. Closes: #448924
+ - Norwegian Bokmål. Thanks to Hans Fredrik Nordhaug. Closes: #452383
+ - Slovak. Thanks to Peter Mann. Closes: #460502
+ - Catalan: fix some semicolon issues and most obvious fuzzy strings.
+ Thanks to Jordà Polo. Closes: #447765.
+ * Add support for smtp_accept_max_nonmail_hosts to ease external
+ relay testing.
+ * Make Change to init script dependencies as suggested by Petter
+ Reinholdtsen. Closes: #460229
+ * debian/control:
+ * Add Homepage field to Source Package stanza.
+ * Standards-Version: 3.7.3 (no changes necessary)
+ * lintian/overrides:
+ - Override all description-contains-homepage messages,
+ we're going to keep this field around until post-lenny.
+ - Override exim4-daemon-heavy: package-contains-empty-directory
+ usr/lib/exim4/local_scan/, the directory should be there to show
+ people where to put local extensions (and I am not sure how exim
+ behaves if that directory is not there).
+ * linda/overrides:
+ - Override menu section Applications, which is a false alert.
+ - Override complaint about newer standards version.
+ - This override does not work due to #386647
+ * exim4-base.NEWS: fix Debian's typo
+ * exim4-base.dirs: remove usr/bin, we do not ship any files there.
+ * Generate exim macros from every definition found in ue4cc that
+ starts with a capital letter (sans CFILEMODE) to cater for an
+ obviously very common user error. This feature is going to stay
+ undocumented.
+
+ [ Christian Perrier ]
+ * Debconf translations updates:
+ - Dzongkha. Thanks to Tenzin Dendup. Closes: #455871
+ - Slovak. Thanks to Peter Mann. Closes: #460502
+
+ [ Andreas Metzler ]
+ * Fix typo in acl/20_exim4-config_local_deny_exceptions. (Thanks, Roderick
+ Schertler) Closes: #456343
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 22 Jan 2008 09:19:14 +0100
+
+exim4 (4.68-2) unstable; urgency=low
+
+ [ Marc Haber ]
+ * Fix changelog: lowuid router does not close #420217. Closes: #440217
+
+ [ Andreas Metzler ]
+ * Mention /etc/exim4/exim4.conf in FILES section of update-exim4.conf.8.
+ * Fix syntax error in real-local router. Closes: #446346
+ * Configuring exim as configtype="internet host" asks a different set of
+ questions than e.g. satellite. However some of the settings controlled by
+ these hidden questions still have effects on exim's behavior. Change
+ exim4-config to ask these hidden questions if they have been set to a
+ non-default value. (Either manually, or by switching configtype after
+ setting the values.) Closes: #443210
+ These questions have been added conditionally:
+ - internet site with smarthost:
+ + dc_relay_domains
+ - satellite
+ + dc_relay_domains
+ + dc_localdelivery
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 01 Nov 2007 19:17:36 +0100
+
+exim4 (4.68-1) unstable; urgency=low
+
+ * new upstream version. Closes: #444195
+ * Documents tls_verify_hosts during TLS sessions. Closes: #422419
+ * new example.conf md5 sum
+ * Move lowuid router to a later place, handle real- only for
+ locally generated messages. Thanks to Andreas Metzler and others
+ on pkg-exim4-devel. Closes: #440217
+ * /etc/init.d/exim4:
+ * Use start_daemon and killproc from lsb-base
+ as a new plunge at #396944
+ * Do not clean the environment as severly as before (functions
+ need to survive).
+ * README.Debian:
+ * Document that using client certificates needs extra
+ configuration. Thanks to John Goerzen. Closes: #440663
+ * conf.d/main/03_exim4-config_tlsoptions: Make it clear that this
+ file only concerns exim as an SMTP server.
+ * exim4-config.preinst: Add EX4DEBUG facility, add rm_conffile
+ function
+ * Rename acl_whitelist_local_deny to acl_local_deny_exceptions
+ as suggested by Ross Boylan. Closes: #387078.
+ * Switch Build-Depends to db4.6. Closes: #442645
+ * Debconf translations updates:
+ - Portuguese. Thanks to Miguel Figueiredo. Closes: #441895, #445494
+ - Norwegian Nynorsk. Thanks to Håvard Korsvoll.
+ * exim4-config.NEWS: Explicitly mention that .dpkg-old and
+ .dpkg-dist files are included in the DEBCONFsomethingDEBCONF check to
+ allow lazy people to only grep the docs instead of actually reading
+ them. This was requested by Hamish Moffatt in #445327.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 07 Oct 2007 21:38:22 +0200
+
+exim4 (4.67-8) unstable; urgency=low
+
+ [ Marc Haber ]
+ * Define REMOTE_SMTP_HELO_DATA and REMOTE_SMTP_HELO_FROM_DNS macros
+ to have exim pull its HELO name from DNS automatically.
+ Thanks to Jari Aalto and Magnus Holmgren. Closes: #275975
+ * Enable DNSDB in exim4-daemon-light (needed by the HELO magic)
+ * update-exim4.conf: Allow [] in ascii strings (needed for @[])
+ * Improve domain literal docs
+ * Remove debconf template noalias_regenerate
+ * Fix PRIMARY_HOSTNAME typo in main/02_exim4-config_options.
+ Thanks to Tim Krah. Closes: #434337
+ * fix alphabet salad in README.Debian. Closes: #434640
+ * Add E4BCD_DAILY_REPORT_TO to daily cron job.
+ Thanks to Florian Schlichting. Closes: #426840
+ * Fix /etc/exim paths in exim4-config_files(5).
+ Thanks to Marques Johansson.
+ * Debconf translations updates:
+ - Japanese. Closes: #433070
+ - Spanish. Thanks to Javier Fernández-Sanguino Peña. Closes: #433084
+ - Thai. Thanks to Theppitak Karoonboonyanan. Closes: #433177
+ - Arabic. Thanks to Ossama Khayat. Closes: #433222
+ - Hebrew. Thanks to Baruch Even. Closes: #433291
+ - Italian. Closes: #433200
+ - Galician. Closes: #433218
+ - Portuguese. Thanks to Miguel Figueiredo. Closes: #433293
+ - Hungarian. Thanks to Josip Rodin. Closes: #433336
+ - Punjabi. Thanks to Amanpreet Singh Alam. Closes: #433578
+ - Marathi. Thanks to Priti Patil.
+ - Wolof. Thanks to M Mamoune Mbacke. Closes: #433701
+ - Indonesian. Thanks to Arief S Fitrianto. Closes: #433758
+ - Romanian. Thanks to Eddy Petrisor. Closes: #433854
+ - Nepali. Thanks to shyam krishna bal. Closes: #435345
+ - Swedish. Thanks to Daniel Nylander. Closes: #435705
+
+ [ Andreas Metzler ]
+ * Update eximon menu file for menu 2.1.35 hierarchy.
+
+ [ Christian Perrier ]
+ * Fix typo in README.Debian.xml. Thanks to <shaulka@012.net.il>
+ Closes: #434961
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 19 Aug 2007 09:25:10 +0200
+
+exim4 (4.67-7) unstable; urgency=low
+
+ * only generate HIDE_MAILNAME macro if its value is really non-empty
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 14 Jul 2007 08:47:40 +0200
+
+exim4 (4.67-6) unstable; urgency=low
+
+ * Add some more debugging output to maintainer scipts, hopefully
+ nailing #396944 which has surfaced again.
+ * Improve wording in NEWS.Debian for exim4-config.
+ Closes: #431019, #431130
+ * Issue DEBCONFfooDEBCONF warning as well for
+ DEBCONFheaders_rewriteDEBCONF.
+ Thanks to John Goerzen. Closes: #431088
+ * fix localhost inserted twice into local_domains. Closes: #432394
+ * fix MAIN_RELAY_TO_DOMAINS in update-exim4.conf.
+ Thanks to Ben Wheeler. Closes: #432521
+ * Document that special handling is needed for host lists that only
+ consist of a single IPv6 address. Thanks to Frederic Daniel Luc
+ Lehobey. Closes: #432229
+ * Add forgotten (conditional) definition of REMOTE_SMTP_HEADERS_REWRITE
+ and REMOTE_SMTP_RETURN_PATH for remote_smtp transports.
+ Thanks to Miguel Martins Feitosa Filho. Closes: #432716
+ * Debconf translations
+ * Bulgarian completed. Closes: #431957, #430521
+ * Update Tamil. Thanks to Tirumurti Vasudevan. Closes: #432181
+ * Update Spanish.
+ Thanks to Javier Fernández-Sanguino Peña. Closes: #429940
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 13 Jul 2007 22:22:09 +0200
+
+exim4 (4.67-5) unstable; urgency=low
+
+ * the "verderben viele Koeche den Brei?" release
-
++
+ [ Andreas Metzler ]
+ * Point to exim4_passwd(5) instead of non-existing exim_passwd(5) in AUTH
+ section of configuration. (Thanks Arkadiusz Dykiel, #430149)
+ * update-exim4.conf check_ascii_pipe(): Accept < since we use it for list
+ construction. Closes: #430391
+ * Anchor UPEX4CmacrosUPEX4C in update-exim4.conf
+
+ [ Robert Millan ]
+ * Update informational message in SPF ACL to use the latest
+ http://www.openspf.org/Why API.
+
+ [ Debconf translations ]
+ * French completed and converted to UTF-8
+ * All remaining non UTF-8 translation switched to UTF-8
+
+ [ Marc Haber ]
+ * do not quote error message in lowuid router
+ * replace commented UPEX4CmacrosUPEX4C with UPEX4CmacrosUPEX4C exim
+ configuration macro definition as placeholder for ue4c-generated macros.
+
+ [ Christian Perrier ]
+ * Correct the invalid ${fqdn} variable in exim4-config.templates
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 28 Jun 2007 09:22:04 +0200
+
+exim4 (4.67-4) unstable; urgency=low
+
+ * update-exim4.conf:
+ * fix embarrassing typo in update-exim4.conf that broke macro
+ expansion for two values.
+ Thanks to Andrew Chittenden. Closes: #429828
+ * Allow ! and * in ue4cc.
+ Thanks to Dieter Hametner and Raf D'Halleweyn. Closes: #429986
+ * have @ and localhost added to local_domains list.
+ Thanks to a big number of people. Closes: #429939
+ * eliminate -e && chmod construct as a possible cause of #429617.
+ Thanks to Martin Ketzer and Silvestre Zabala
+ * Now barfs if DEBCONFsomethingDEBCONF is still found in the
+ configuration file. Thanks to a truckload of users who were too lazy
+ to read the docs, did not accept the suggested configuration file
+ changes and then complained about a non-working exim ("malformed macro
+ definition")
+ * README.Debian: Document the new low-UID handling mechanism.
+ Thanks to Johannes Rohr. Closes: #429878
+ * debian/rules: do not ignore make clean errors
+ * Debconf translation updates:
+ - Basque. Closes: #429626
+ - Czech.
+ - Brazilian Portuguese. Closes: #429867
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 22 Jun 2007 13:55:15 +0200
+
+exim4 (4.67-3) unstable; urgency=low
+
+ [ Andreas Metzler ]
+ * Initialize permissions of bug-script and exim-adduser as 755, since diff
+ does not preserve permissions. Both were shipped as 644 in binary packages
+ not built with svn-buildpackage. Closes: #420446
+
+ [ Marc Haber ]
+ * Merge experimental changes from revision 2018:2073
+ * Fix "Zahlendreher" in closure of #427690. Closes: #427690
+ * update-exim4.conf:
+ * finally get rid of the DEBCONFfooDEBCONF stuff. That information
+ is now passed to the configuration by ue4c by directly setting exim
+ macros in the configuration. This has caused both the configuration
+ and ue4c to be much shorter.
+ * run with -e, -C and -u.
+ * convert input read from update-exim4.conf.conf to lower case
+ * barf if strange characters are found in ue4cc. Closes: #400294
+ * Remove superfluous "x$foo" = "xbar" constructs from scripts
+ * Add routers to reject mail to accounts with low UID.
+ Closes: #400790.
+ * Make daily cron job barf if /usr/bin/mail is not found. Have
+ exim4-base recommend mailx. Closes: #427690
+ * Have all -daemon packages provide exim4-localscanapi-1.0 and
+ exim4-localscanapi-1.1 as requested by Magnus Holmgren while fixing
+ #426425. Also include exim4-localscan-plugin-config script with
+ exim4-dev. Thanks to Magnus for helping with this. Closes: #428274
+ * remove /etc/exim4/email-addresses symlink and document this.
+ Thanks to Josip Rodin. Closes: #420578
+ * introduce conf.d/250_exim4-config_lowuid which optionally allows
+ to reject (or alias away) mail to low-uid accounts that are not
+ listed in an exception list. Thanks to Dominic Hargreaves,
+ Marc Sherman and Ross Boylan. Closes: #400790, #307768, #331716
+ * remove versioned depends on cron, since the version we need is
+ well before sarge.
+ * Add cron | fcron dependency. Fcron is going to be removed again
+ at the first sign of trouble. Closes: #381806
+ * remove move_exim3_spool debconf template. Closes: #391762
+ * replace openssl gendh with openssl dhparam. Closes: #413235
+ * adapt docs, README and manpages
+ * have Hilko fix the lynx-dump postprocessing to repair generating
+ README.Debian text version. Thanks!
+ * increase README.Debian generation robustness. Thanks to Hilko.
+ * debconf:
+ * Partly apply Christian Perrier's patch for reviewed
+ templates and control file. Closes: #426980
+ * Other minor template changes.
+ * get rid of "mails" in debconf templates, use "messages" instead.
+ Re-word local_interface debconf template. Other minor changes.
+ Thanks to Jens Seidel and Christian Perrrier. Closes: #394976
+ * re-work exim4-config.config logic to have split/non-split config
+ asked last instead of first. This partly addresses #410756.
+ * Add exim4-daemon-heavy.templates, exim4-daemon-light.templates
+ and exim4.templates to POTFILES.in
+ * Re-Word dc_other_hostnames debconf template.
+ Thanks to Hans G. Ehrbar. Closes: #421860
+
+ [ Christian Perrier ]
+
+ * Debconf translation updates:
+ - French
+ - Ukrainian. Closes: #427793
+ - Bulgarian.
+ - Thai.
+ - Galician.
+ - Swedish.
+ - Punjabi.
+ - Indonesian.
+ - Italian.
+ - Khmer.
+ - Traditional Chinese. Closes: #428072, #428069.
+ - Portuguese.
+ - Simplified Chinese.
+ - Marathi
+ - Romanian. Closes: #429242
+ - Russian. Closes: #429352
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 18 Jun 2007 10:26:20 +0200
+
+exim4 (4.67-1) unstable; urgency=low
+
+ [ Marc Haber ]
+ * new upstream version
+ * remove 37_upstream-patch-384015-add_headers
+ * remove 80_disable_rsa_export
+ * remove 80_upstream_408174_4-64-PH18
+ * EDITME patch changes to allow for 4.67
+ * enable dovecot authentication
+ * Upstream patch from Magnus Holmgren included upstream.
+ Thanks to Simon Walter. Closes: #407957
+ * Upstream patch PH/18 included upstream.
+ Thanks to Marc Schiffbauer. Closes: #408174
+ * merge experimental changes
+ * exim man page patch changes for 4.67
+ * robustness patches for
+ * create-custom-package
+ * exim-gencert
+ * exim4-base.config
+ * exim4-base.postinst
+ * exim4-config.config
+ * exim4-config.postinst
+ * exim4-daemon-light.postinst
+ * update-exim4defaults
+ * replace backticks with $() notation
+ * Add patch to 50_localscan_dlopen to reduce dynamic symbol table.
+ Thanks to Magnus Holmgren. Closes: #413602
+ * remove woody compatibility hacks from
+ * exim4-daemon-light.postinst
+ * exim4-config.postinst
+ * Fix eximnext => exinext in man page.
+ * README.Debian:
+ * add warning to "IP addresses for incoming connections" section.
+ * add new chapter about how to influence exim's behavior.
+ * add missing closing bracket. Thanks to Martin Schwarz. Closes: #419700
+ * update-exim4.conf(8):
+ * clarify update-exim4.conf about how ue4cc and exim configuration
+ interface
+ * remote_smtp_smarthost transport: make hosts_try_auth host list
+ semicolon-separated to correctly handle IPv6
+ * multiple minor changes to lintian overrides
+ * debian/control: have exim4 depend on debconf (>= 1.4.69) | cdebconf
+ (>= 0.39) explicitly to allow usage of debconf error template type.
+
+ [ Christian Perrier ]
+ * Esperanto debconf translation update (Serge Leblanc). Closes: #415590
+ * Marathi debconf translation added (Priti Pathil). Closes: #416801
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 21 Apr 2007 11:48:48 +0200
+
+exim4 (4.63-17) unstable; urgency=low
+
+ * 30_exim4-config_examples: add missing backslash in non-TLS client
+ login authenticator. Thanks to Kai Weber. Closes: #407567
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 20 Jan 2007 10:38:16 +0100
+
+exim4 (4.63-16) unstable; urgency=low
+
+ * Add ta (Tamil) translation of Tirumurti Vasudevan
+ Closes: #406974
+ * exim4_refresh_gnutls-params: allow EXIM4_SPOOLDIR to be overridden from
+ the environment. Closes: #406989
+ * Re-work client authenticators to handle passwords containing
+ colons and circumflexes. Thanks to Steaphan Greene. Closes: #406686
+ * transport/30_exim4-config_remote_smtp_smarthost: feed
+ hosts_try_auth from $host and $host_address, avoiding issues with
+ round-robin DNS setup.
+ Thanks to Celejar and Heiko Schlittermann. Closes: #403583
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 18 Jan 2007 21:10:34 +0100
+
+exim4 (4.63-15) unstable; urgency=low
+
+ * keep config.h from being installed in exim4-base.
+ Thanks to Aaron M. Ucko. Closes: #405824
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 6 Jan 2007 22:12:05 +0100
+
+exim4 (4.63-14) unstable; urgency=low
+
+ * patch LOCAL_SCAN_ABI_VERSION to 1.1 in 50_localscan_dlopen after
+ consulting with Magnus Holmgren.
+ * Fix update-exim4.conf.8 manpage
+ * FILES section is no longer doubled
+ * NAME is no longer multi-line
+ * proper reference to ue4cc in FILES section
+ * Thanks to Angus Mackenzie
+ * debian/rules
+ * allow buildbasepackages and extradaemonpackages to be set from
+ the environment
+ * fix buildbasepackages=no and extradaemonpackages which were
+ broken due to the new -dev binary package
+ * remove "" in various places, this is Make not shell
+ * add optional debugging output for variables that are meant to be set
+ externally
+ * clean now unpatches first, otherwise clean fails because files
+ are first deleted and then non-existing files are unpatched
+ * take config.h from first non-light daemon package built instead
+ of -heavy (we might not be building -heavy but still need -dev)
+ * Thanks to Gerfried Fuchs for actually using these features and
+ finding this bug group.
+ * exim4.init: Now returns 0 when starting and daemon already
+ running, and when stopping and daemon already stopped. This fixes LSB
+ compliance. Thanks to Heiko Schlittermann. Closes: #404182
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 5 Jan 2007 16:34:58 +0100
+
+exim4 (4.63-13) unstable; urgency=low
+
+ * Fix mangled sense in /etc/aliases exim4-config_files(5) man page.
+ Thanks to Angus Mackenzie.
+ * [update-exim4.conf.8] exim4-config_files manpage is in section 5 instead
+ of 8. Thanks to Angus Mackenzie. Closes: #404494 (am)
+ * Clarify /etc/exim4/passwd.client host name lookup to go after the
+ reverse DNS entry in exim4-config_files(5) man page.
+ * Update uk (Ukrainian) translation of debconf templates.
+ Thanks to Eugeniy Meshcheryakov and Yanovych Borys. Closes: #404481
+ * Update sl (Slovenian) translation of debconf templates.
+ Thanks to Matej Kovacic. Closes: #404481
+ * merge in experimental changes:
+ * create exim4-dev package for sa-exim and other packages. Closes: #401462
+ * fix broken usage of DPATCH_WORKDIR (dpatch-edit-patch didn't
+ work with tarballed upstream)
+ * don't use DPATCH_WORKDIR any more
+ * modify patches to apply to build-tree
+ * remove leftover debugging output from debian/patches/00_unpack.dpatch
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 2 Jan 2007 14:43:59 +0100
+
+exim4 (4.63-12) unstable; urgency=low
+
+ * exim4-base.postinst: Redirect command -v's stdout to /dev/null
+ * update-exim4.conf: add lots of quoting to increase robustness.
+ Thanks to Paul Slootman. Closes: #403605
+ * Debconf templates translation updates and new translations:
+ - Esperanto
+ - Norwegian Nynorsk (Håvard Korsvoll).
+ - Punjabi (A.S. Alam).
+ - Malayalam (Praveen A). Closes: #402541
+ - Italian (typos corrected by Davide Viti). Closes: #403199
+ - see Last-Translator for rewards)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 20 Dec 2006 14:23:57 +0100
+
+exim4 (4.63-11) unstable; urgency=low
+
+ * Remove patch to spec.txt for pkg-exim4-users, it is included
+ upstream. No idea why this patch even applied correctly.
+ * README.Debian:
+ * Fix wrong pidfile name
+ * Move FAQ to the Wiki
+ * Adapt "Using completely different configuration scheme" to also
+ mention /etc/exim4/exim4.conf.
+ * Move titles in the same line as the section statement, making it
+ easier to work with a code folding editor.
+ * exim4_files(5): fix recommended permissions for passwd[.client].
+ Thanks to Georg Neis. Closes: #398365
+ * Remove temporary gnutls parameters file if neither certtool nor
+ openssl are installed. Closes: #399023
+ * Fix path to gnutls-params file in exim4-base.postinst.
+ Thanks to J.L. Fernandez. Closes: #400794
+ * Translation updates (see Last-Translator for rewards).
+ - Punjabi (not yet complete)
+ - Hebrew (not yet complete)
+ - Portuguese. Closes: #399242
+ * merge changes from experimental:
+ * enable sqlite for exim4-daemon-heavy.
+ Thanks to Adrian Phillips. Closes: #398718
+ * Add Build-Dependency on libsqlite3-dev.
+ Thanks to Frank Lichtenheld. Closes: #398880
+ * Build-Depends
+ * add po-debconf
+ * add bzip2
+ * debian/rules:
+ * run debconf-updatepo in clean targets
+ * adapt build system to allow direct building from an upstream tarball
+ * needs tardy at build time on sarge, but not on newer distributions
+ * use dpatch-run for patches instead of locally programmed handling
+ * add lintian overrides:
+ * partially-translated-question exim4/dc_eximconfig_configtype for
+ cy, eo, et, he, mk, nn, pa, pl, sl, tl, uk - translators, move!
+ * possible-debconf-note-abuse config:15 */drec
+ * remove gratuitous exim4-daemon-heavy.postinst
+ (it is symlinked at build time)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 1 Dec 2006 11:16:34 +0000
+
+exim4 (4.63-10) unstable; urgency=low
+
+ * The "praise Osamu Aoki" release.
+ * Translation updates (see Last-Translator for rewards).
+ - Dutch. Closes: #396725
+ * README.Debian:
+ * Add information about how to obtain reportbug information for
+ mailing list questions.
+ * Point people directly to passwd.client man page instead of the
+ file itself. Thanks to Osamu Aoki.
+ * Re-work the /etc/aliases section.
+ * Improve smarthost description in update-exim4.conf(8) man page.
+ Give examples. Thanks to Osamu Aoki.
+ * include documentation for /etc/aliases in exim4-config_files(5)
+ man page. Symlink to etc-aliases(5).
+ Thanks to Osamu Aoki. Closes: #397042
+ * Change symlink of exim4-config_files(5) to email-addresses(5) to
+ point to etc-email-addresses(5) for consistency.
+ * Use nwildlsearch to index into passwd.client to allow wildcards
+ here. Thanks to Osamu Aoki. This is another pain relief for #244724.
+ * use printf instead of echo in daily cron job.
+ Thanks to Ming Hua. Closes: #395448
+ * Add de-uglyfication request to man pages.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 5 Nov 2006 10:36:28 +0000
+
+exim4 (4.63-9) unstable; urgency=low
+
+ * Fix a spelling error in templates: s/adviseable/advisable
+ Thanks to Jens Seidel for spotting it
+ * Translation updates (see Last-Translator for rewards).
+ - Bosnian. Closes: #396592
+ - Bulgarian. Closes: #396558
+ - Greek.
+ - Lithuanian. Closes: #396478
+ - Norwegian Bokmål. Closes: #391768
+ - Wolof. Closes: #395944
+ * Have ue4c barf on more lookup types found in more ue4cc fields,
+ courtesy to regexp from hell.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 2 Nov 2006 18:07:24 +0000
+
+exim4 (4.63-8) unstable; urgency=low
+
+ * Translation updates (see Last-Translator for rewards).
+ - Albanian. Closes: #394725
+ - Arabic
+ - Basque
+ - Catalan
+ - Chinese (Simplified)
+ - Chinese (Traditional)
+ - Croatian
+ - Czech
+ - Dzongkha
+ - Finnish. Closes: #393644
+ - German
+ - Italian.
+ - Korean. Closes: #394235
+ - Nepali
+ - Norwegian Bokmal. Closes: #394270
+ - Portuguese
+ - Romanian
+ - Russian.
+ - Slovak
+ - Turkish
+ * README.Debian
+ * remove wiki references from README.Debian
+ * remove dc_local_delivery FAQ entry since this is now debconfized
+ * Fix typos, replace "documented below" with a direct link.
+ Thanks to Olaf van der Spek. Closes: #394617
+ * exim4-config.templates
+ * Fixed typo: s/arbitrary/arbitrarily
+ * Extra space removed at the end of a line. Closes: #394569
+ * Change references to inexistent README.Debian.html and README.Debian,
+ both replaced by README.Debian.gz. Thanks to Eric Schanze for spotting
+ this.
+ * Various English use changes suggested by Jens Seidel. Closes: #394651
+ * update-exim4.conf: Fix wrong behavior if a debconf list answer already
+ starts with "<". Thanks to Vineet Kumar. Closes: #393843
+ * conf.d/main/02_exim4-config_options: Use upstream's wording for
+ rfc1413 configuration, fix wrongly commented timeout value.
+ Thanks to Andre Bischoff on IRC.
+ * conf.d/transports/35_exim4-config_address_directory: Add
+ delivery_date_add, streamline other options' syntax.
+ Thanks to Dominic Hargreaves. Closes: #393930
+ * Remove commented out inetd entries from maintainer scripts, we are
+ not going to support inetd again.
+ * Zap gnutls-params in postinst if old binary format is detected.
+ Exim cannot read that file any more since RSA_EXPORT has been removed.
+ Always kill the file if file(1) is not present, recommend file(1).
+ Thanks to John Goerzen. Closes: #394598
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 23 Oct 2006 20:49:46 +0200
+
+exim4 (4.63-7) unstable; urgency=low
+
+ * Translation updates (see Last-Translator for rewards). Closes: #391768
+ - Brazilian Portuguese
+ - Danish. Closes: #392548
+ - Galician
+ - Hungarian
+ - Indonesian
+ - Japanese
+ - Spanish
+ - Thai
+ * Do not ask for local delivery method if custom entry (i.e. neither
+ maildir_home nor mail_spool) has bin set in update-exim4.conf and continue
+ to use this custom setting instead of overwriting it with mail_spool. (am)
+ Closes: #392993
+ * Special-case "dsearch;" constructs in dc_other_hostnames, no
+ longer supported. Adapt documentation accordingly.
+ * Adapt docs and man pages so that they do not longer suggest that
+ answers to debconf questions might use all exim
+ host/address/domain list features.
+ * fix ue4c to handle more than one smarthost correctly.
+ * Handle spaces, commas and semicolons as separator in root alias
+ handling.
+ * Wolof translation contained a comma in the translation of a element of the
+ Choices list for the dc_eximconfig_configtype question, replace it with a
+ semicolon. (am)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 14 Oct 2006 23:45:17 +0000
+
+exim4 (4.63-6) unstable; urgency=low
+
+ * s/ipv6/IPv6 in templates (general writing consistency)
+ * Translation updates (see Last-Translator for rewards)
+ - Arabic (partial)
+ - Basque (partial)
+ - Croatian (partial)
+ - Greek (partial)
+ - Khmer
+ - Spanish (partial)
+ - Swedish
+ - Vietnamese. Closes: #392772
+ * README.Debian:
+ * Fine tuning of SMTP AUTH and TLS docs after user feedback
+ received over $BEVERAGE irl.
+ * Adapt configuration chapter to re-worded templates.
+ * Fix exim4_files man page names to not pollute name space.
+ * Clarify exim4-config_files man page to reflect that the host name
+ given there does not actually influence the routing decision.
+ Thanks to Sven Luther.
+ * Fix list separator handling for dc_other_hostnames in ue4c.
+ Thanks to Alexandre Fayolle. Closes: #392831
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 14 Oct 2006 07:40:05 +0000
+
+exim4 (4.63-5) unstable; urgency=low
+
+ * define MAIN_LOG_SELECTOR conditionally.
+ Thanks to Aaron M. Ucko. Closes: #390758
+ * Fix typos in man pages. Thanks to A. Costa.
+ Closes: #390705, #390706, #390707
+ * Address #373786:
+ * cron.daily: Try UID change with start-stop-daemon, and fall
+ back to su if that fails. This should enhance compatibility
+ with libpam-tmpdir.
+ * exim4_refresh_gnutls-params: don't drop privileges any more,
+ generate gnutls-params as root and chown them later.
+ * Thanks to Piotr Kaczuba and Tollef Fog Heen. Closes: #373786
+ * Add debugging facility to exim4_refresh_gnutls-params
+ * Debconf-Rework
+ * update-exim4.conf: expand UE4CC_semicolon list to allow
+ semicolons in all debconf questions as list separators for consistency.
+ * Do template changes suggested by Christian Perrier. Closes: #260141
+ * new mail name template thanks to Jari Aalto. Closes: #275953
+ * relay templates changes thanks to Ross Boylan. Closes: #342061
+ * remove conftype exim3manual. Closes: #355265
+ * use semicolon as list separator in debconf templates. ue4.conf
+ handles both semicolons and colons since #360162. Thanks to Adam
+ Borowski. Closes: #365428
+ * Make existing templates style-compatible regarding developer's
+ reference.
+ * Lower priorities so that the Installer can do its work without
+ exim4 asking questions. Closes: #379485
+ * Modify templates saying that smarthost::port is a valid
+ notation. Modify transport/30_exim4-config_remote_smtp_smarthost to
+ take only the first part of DCsmarthost (up to first colon) as host
+ name for hosts_try_auth. This allows debconf configuration of a
+ different port to connect to the smarthost. Closes: #251949
+ * Add debconf template to packages telling people to dpkg-reconfigure
+ exim4-config.
+ * Allow choosing between delivery to /var/mail or ~/Maildir with debconf.
+ (am) Closes: #250980, #274560, #289959
+ * Translation updates (see Last-Translator for rewards)
+ - Brazilian Portuguese
+ - Danish
+ - Galician
+ - Slovak
+ - Thai
+ - Turkish
+ - Romanian
+ - Japanese
+ - French
+ * Patch by Florian Weimer which disables RSA_EXPORT support which
+ should eliminate the "exim blocking on entropy starvation" issue.
+ * update-exim4.conf: Take only the first word from /etc/mailname as
+ system mail name. Thanks to Mike Mestnik. Closes: #215319.
+ * init script: log_failure_message alert if non-zero paniclog is
+ found. Thanks to Andreas Barth.
+ * README.Debian: document cron job, including paniclog monitoring.
+ Thanks to Stephen Gran.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 10 Oct 2006 16:50:27 +0000
+
+exim4 (4.63-4) unstable; urgency=low
+
+ * Make update-exim4.conf man page also update-exim4.conf.conf man page.
+ * Fix SPF error message when $sender_address_domain is undefined (i.e. sender
+ is <>). (rm)
+ * Change debian/rules documentation for daemon-custom build.
+ Thanks to Guido Hennecke. Closes: #386135
+ * Rotate paniclog by size, not daily, to avoid rotating away
+ messages after complaining from the daily cron job.
+ Thanks to Dirk Meyer.
+ * Update Slovak translation.
+ Thanks to Peter Mann.
+ * Add Wolof translation.
+ Thanks to M Mamoune Mbacke
+ * Add a paragraph explaning the gnutls-bin suggestion to ease DH
+ parameter generation in case of entropy starvation.
+ Thanks to Andi Barth and Florian Weimer.
+ * Since a new version of sysvinit upload will move /var/run/ to a tmpfs
+ directories under /var/run/ and their permissions are not persistent
+ anymore but will be lost after a reboot. - Re-generate /var/run/exim4 in
+ the init script to compensate for this. (am) (closes: #387699)
+ * update-exim4.conf: Exit with an error if dc_use_split_config is neither
+ true nor false instead of replacing the configuration with an empty one.
+ (am) Closes: #386554
+ * More intelligence for exim4_refresh_gnutls-params:
+ * If certtool (from gnutls-bin) is unavailable but openssl is installed
+ use openssl to re-generate DH params. (am)
+ * Change exim4-base Suggests on gnutls-bin to gnutls-bin|openssl. (am)
+ * Move invocation and background mechanism to exim4_refresh_gnutls-params.
+ Script can now be called any time from the command line or any
+ other script.
+ * Only regenerate dh params if tls_advertise_hosts is non empty.
+ According to Florian Weimer, DH params are only needed for
+ incoming TLS connections.
+ * Thanks, Yuri D'Elia. This addresses #387448
+ * Improve entropy and gnutls-params docs.
+ * cron-daily:
+ * Invoke exim4_refresh_gnutls-params unconditionally.
+ * Send out e-mail alert if gnutls-params is older than 14 days.
+ * rename config varables to E4BCD_, source /etc/default/exim4
+ * introduce a E4BCD_PANICLOG_NOISE variable containing a regexp.
+ Paniclog is negatively filtered against that regexp and paniclog
+ warning is only sent out if unfiltered lines remain. This is to allow
+ work around http://www.exim.org/bugzilla/show_bug.cgi?id=92
+ * Prepare hosts_avoid_tls statement on SMTP transports
+ * Macroize log_selector, remove +tls_cipher from examples (it is on
+ by default) and always set tls_peerdn (we use TLS by default for
+ outgoing connections). Make it easier to enable debug logging.
+ * Mention in the comments of the default RCPT ACL that verification
+ is likely to have false negatives in smarthost/satellite setups. This
+ is the easiest way to fix #388460; the "real" fix would be very very
+ complicated and thus unsuitable for the default configuration.
+ Closes: #388460
+ * README.Debian:
+ * Re-Work "misc" section to contain subsection. Fix minor
+ formatting issues.
+ * Add a section about SELinux to the misc subsection saying that
+ we currently do not have an SELinux policy but would appreciate
+ people helping here. This is already bug #387327 and #390179.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 1 Oct 2006 14:37:53 +0000
+
+exim4 (4.63-3) unstable; urgency=low
+
+ * Have exim4-config conflict with exim4-daemon-* << 4.63.
+ Thanks to Yannick Roehlly. Closes: #383420, #384058
+ * Tweak NEWS.Debian formatting. Remove asterisks and make sure that
+ contents lines start with four spaces.
+ * exim4-config.NEWS: A pair of minor fixes in SPF entry. (rm) Closes: #383708
+ * Apply upstream fix allowing header names with an odd number of
+ characters in add_headers in filters.
+ Thanks to Tony Finch. Closes: #384015
+ * Add documentation for inaccessible home directories.
+ Thanks to Juha Jäykkä. Closes: #383469
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 23 Aug 2006 17:16:38 +0000
+
+exim4 (4.63-2) unstable; urgency=low
+
+ * upload to unstable
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 15 Aug 2006 20:35:55 +0000
+
+exim4 (4.63-1) experimental; urgency=low
+
+ * New upstream version 4.63
+ + Change PostgreSQL charset handling. Closes: #369351
+ + Recognize SMTP codes at the start of "message" in ACLs and after
+ :fail: and :defer: in a redirect router. Add forbid_smtp_code to
+ suppress the latter. forbid_smtp_code is enabled in Debian's
+ default config. Closes: #378131
+ * Adapt configuration to current upstream
+ + re-work RCPT ACL. Closes: #379155
+ + add new comments to default authenticators
+ + use $auth[123] instead of $[123] which are now deprecated
+ + forbid_smtp_code on userforward router
+ * Add missing dependency on lsb-base (>= 3.0-3), needed for the new
+ init-script shipped in exim4-base. (am)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 1 Aug 2006 10:47:44 +0000
+
+exim4 (4.62-5) unstable; urgency=low
+
+ * Fix typo in exim4-base daily cron job.
+ Thanks to Salvatore Bonaccorso. Closes: #381048
+ * Fix language issues in package descriptions
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 8 Aug 2006 15:02:14 +0200
+
+exim4 (4.62-4) unstable; urgency=low
+
+ * Add missing dependency on lsb-base (>= 3.0-3), needed for the new
+ init-script shipped in exim4-base. (am)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 1 Aug 2006 11:03:57 +0000
+
+exim4 (4.62-3) unstable; urgency=low
+
+ * remove pkg-exim4-user mail address from README.Debian, mention
+ that one needs to be subscribed to post.
+ Thanks to Ross Boylan. Closes: #368242
+ * re-word -o description in update-exim4.conf(8) man page.
+ Thanks to Ross Boylan.
+ * Flag update-exim4.conf(8) man page for a re-work in its BUGS
+ section.
+ * Give a - hopefully - better explanation of the mail name thingy in
+ README.Debian.
+ * Fix occurrences of default_acl file in documentation. Make part of
+ README.Debian less confusing.
+ Thanks to Ross Boylan. Closes: #376459
+ * When installing via apt using dpkg-preconfigure the value of
+ dc_hide_mailname was overwritten during the second run of the debconf
+ script (invoked by postinst), before the value was stored in the
+ configuration file. Fix this. (am) Closes: #376460
+ * Make spamassassin example in 40_exim4_config_check_data actually
+ work, add link to documentation for "really suiteable" configuration
+ examples. Thanks, again, to Ross Boylan.
+ * remove left-over "and a bunch" sentence from exim4-config_files.5
+ * Add a symlink from /etc/email-addresses to /etc/exim4/email-addresses
+ * Fix bad parsing of CHECK_RCPT_DOMAIN_DNSBLS.
+ Thanks to Robert Millan. Closes: #378581
+ * Note in README.Debian that other parts of the Debian system might
+ give outdated and/or wrong advice. See #378684, #378685.
+ * SPF support: (rm) Closes: #290464
+ * Add (disabled) template to check SPF in 30_exim4-config_check_rcpt.
+ * Add libmail-spf-query-perl (>= 1.999-1) to Suggests.
+ * Rewrite Q/A about SPF from README.Debian.
+ * Add a small note to exim4-config.NEWS.
+ * Add conf.d/acl/30_exim4-config_check_mail to reject mail without HELO/EHLO.
+ (rm) Closes: #378935
+ * Add LSBized init script. Thanks to Carlos Villegas. Closes: #376953
+ * re-order RCPT ACL statements to resemble Upstreams default config
+ a little more. This used to be the case in the beginning, but was
+ changed eventually, and I didn't find any rationale for our deviation.
+ Thus, we change back to upstream's default to see which things might
+ break.
+ * remove cron.d from exim4-base dirs - we do not have a cron.d job
+ any more for years.
+ * Re-work daily cron job:
+ * Make statistics configurable with a variable
+ * Comment that the log handling code is fragile and depending on
+ log rotation strategy
+ * Add code to generate warnings if paniclog non-empty.
+ Thanks to Andrew Ferrier. Closes: #379898
+ * Build -dbg packages.
+ * Updated vi (vietnamese) translation.
+ Thanks to Clytie Siddall. (am) Closes: #380357
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 31 Jul 2006 06:10:51 +0000
+
+exim4 (4.62-2) unstable; urgency=low
+
+ * Move explanation about using ";" as separator in lists from debian/NEWS to
+ debian/exim4-config.NEWS. (The former ends up as
+ /usr/share/doc/eximon4/NEWS.Debian.gz.) Also fix version-number of
+ entry. (am)
+ * have ue4.conf --verbose print split or non-split config.
+ Thanks to Florian Laws. (mh)
+ * Mention http://pkg-exim4.alioth.debian.org/ in package description.
+ Thanks to Florian Laws. (mh)
+ * Mention in package description that README.Debian has information
+ about how to configure the Debian packages.
+ * /etc/init.d/exim4: parse extended inetd.conf syntax from
+ openbsd-inetd. (mh) Closes: #365928
+ * New th (thai) translation.
+ Thanks to Theppitak Karoonboonyanan. (mh) Closes: #367351
+ * New dz (Dzongkha) translation.
+ Thanks to Pema Geyleg. (am) Closes: #368593
+ * New ne (Nepali) translation.
+ Thanks to Paras pradhan. (am) Closes: #369526
+ * New eo (Esperanto) translation.
+ Thanks to Serge Leblanc. (am) Closes: #369241
+ * Updated hu (hungarian) translation.
+ Thanks to Attila Szervac. (am) Closes: #374616
+ * Make documentation of CHECK_RCPT_LOCAL_LOCALPARTS and
+ CHECK_RCPT_REMOTE_LOCALPARTS more verbose and concentrate it in the
+ ACL file. Thanks to Klaus Muth. (mh) Closes: #366491
+ * README.Debian.xml (mh)
+ * Add new section documenting where to find documentation.
+ * Move misplaced sentence.
+ * Fix spelling errors in README.Debian.
+ Thanks to Salvatore Bonaccorso. Closes: #366003
+ Thanks to Ross Boylan. Closes: #374216
+ * remove "you can stop reading now" sentence.
+ Thanks to David Lawyer. Closes: #370790
+ * Mention Debian-specific man pages
+ * Give instructions about how to use apropos to find out about man
+ pages.
+ * Documentation changes inspired by Ross Boylan. Closes: #369126
+ * Add exim4-config_files(5) man page to aid as repository for file
+ explanations.
+ * /etc/email-addresses
+ * /etc/exim4/local_host_blacklist
+ * /etc/exim4/local_host_whitelist
+ * /etc/exim4/local_sender_blacklist
+ * /etc/exim4/local_sender_whitelist
+ * /etc/exim4/local_sender_callout
+ * /etc/exim4/local_rcpt_callout
+ * /etc/exim4/local_domain_dnsbl_whitelist
+ * /etc/exim4/hubbed_hosts
+ * /etc/exim4/passwd
+ * /etc/exim4/passwd.client
+ * /etc/exim4/exim.crt
+ * /etc/exim4/exim.key
+ If you find any files that might be missing in the man page,
+ please report a bug.
+ * mention exim4-config_files(5) in update-exim4.conf.8
+ * Explicitly mention README.Debian in exim man page.
+ * Remove /usr/share/doc/exim4-config/default_acl, move contents to
+ README.Debian and exim4-config_files.
+ * remove empty /usr/share/doc/exim4-config/examples.
+ * clarify docs in RCPT ACL.
+ * streamline docs:
+ * hubbed_hosts router.
+ * passwd.client.
+ * server side authentication examples
+ * Standard-Version: 3.7.2, no changes necessary.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 24 Jun 2006 08:56:19 +0000
+
+exim4 (4.62-1) unstable; urgency=low
+
+ * New upstream version
+ * remove !acl patch, bug is fixed upstream
+ * Some minor changes to README.Debian
+ * Downgrade priority of exim4/dc_eximconfig_configtype, exim4/no_config and
+ exim4/exim3_upgrade from critical to high, as there is a sane default.
+ Closes: #342077
+ * Allow single quotes in recipient mail addresses. Closes: #346222
+ * Update debian/mtalist to conflict with hula-mta. (mh)
+ * Move back man-pages (actually they are symlinks) related to the
+ mail-transport-agent virtual package from exim4-base to the daemon
+ packages. Other MTA packages also include these manpages and would
+ otherwise need to explicitly conflict with exim4-base. Add "Replaces:
+ exim4-base (<= 4.61-1)" to the daemon packages. Thanks to Justin Pryzby.
+ Closes: #362852 (am)
+ * Update km (Khmer) translation.
+ Thanks to Khoem Sokhem. (mh) Closes: #363672, #363671
+ * Update pa (Punjabi) translation.
+ Thanks to A S Alam. (am) Closes: #364268
+ * replace backticks with $() construct in ue4.conf. (mh)
+ * Allow ";" as separator in dc_local_interfaces and dc_relay_nets.
+ If a semicolon is found, "<;" is prepended to allow a semicolon as
+ separator. Thanks to Adam Borowski. (mh) Closes: #360162
+ * Link against libdb4.3 instead of 4.2. (am). Closes: #365467
+ * Standards-Version: 3.7.0, no changes required. (am)
+ * README.Debian: Add link to "how to use a completely different
+ configuration scheme" to the beginning of the chapter about Debian's
+ configuration to provide an easy way out for experienced exim people.
+ (mh)
+ * Fix grammar error in README.Debian. (Thanks, Ross Boylan) Closes: #365546
+ * Whennever changing major Berkeley DB versions we zap the exim hint
+ databases in exim4-base postinst. Change the code to also delete
+ __db.retry, __db.misc, __db.callout and __db.wait* (which afaik are
+ Berkeley DB internal files). If these are somehow broken strange errors
+ occur, e.g. #360696. As we are deleting the whole db, deleting these files
+ seems to be a good idea. (am)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 2 May 2006 11:47:58 +0000
+
+exim4 (4.61-1) unstable; urgency=low
+
+ * New upstream version
+ - Temporary files for content scanning subdirectory are now also mode 640
+ instead of 666. Closes: #280282
+ - If group was specified without a user on a router, and no group
+ or user was specified on a transport, the group from the router
+ was ignored. Closes: #343074
+ - .include statements now require an absolute path. Closes: #268083
+ * Apply upstream patch allowing !acl constructs
+ (http://www.exim.org/mail-archives/exim-cvs/2006-April/msg00008.html)
+ * Rename the Punjabi translation file name from pa_IN to pa
+ to fit a decision taken in -i18n
+ * README.Debian:
+ * mention that relay_nets does allow relaying without authentication.
+ * minor formatting fixes
+ * Add Khmer debconf translation (Thanks, Kakada Hok) (bubulle)
+ Closes: #359668
+ * Add linda overrides for libs-not-in-depends (see #357727)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 4 Apr 2006 19:50:39 +0000
+
+exim4 (4.60-5) unstable; urgency=low
+
+ * re-introduce inst_aliases, patch src/install_exim to prevent path
+ to inst_aliases to be put into example config file. (mh)
+ * Fix typo in README.Debian.xml, thanks to Frank S. Thomas. (mh)
+ * Fix Copy&Waste error in README.Debian.xml.
+ Thanks to Olaf van der Spek. (mh) Closes: #356354
+ * Added partial Punjabi debconf translation,
+ thanks to Amanpreet Singh Alam. (cp) Closes: #349644
+ * Fix wrong example in conf.d/acl/20_exim4-config_whitelist_local_deny.
+ Thanks to Kaare Hviid for pointing this out on IRC. (mh)
+ * Add documentation about Debconf templates to README.Debian to make
+ yath happy. (mh)
+ * exim4-refresh_gnutls-params: Use prefix for tempfile to make it
+ easier recognizeable. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 13 Mar 2006 15:30:07 +0000
+
+exim4 (4.60-4) unstable; urgency=low
+
+ * add rationale to README.Debian explaining why using system
+ passwords for SMTP AUTH is a bad idea.
+ * streamline configuration to decrease differences to upstream default
+ example, and to adopt new things that were added since we last
+ looked there.
+ * Do not set inst_aliases for installation, this only affects
+ example.conf anyway.
+ * fail build if upstream's example configuration has changed.
+ * fix NEWS confusion. Thanks to Andreas for spotting this.
+ * exim4-base.exim4.init: invoke exim4 daemon with the environment
+ cleaned to avoid language confusion.
+ * document tls on connect in README.Debian.
+ * use adduser --quiet instead of > /dev/null in *.postinst.
+ * Add require_files directive to userforward router to avoid errors
+ when mailing uucp@hostname.
+ * Add comment about setting up TLS in conf.d/auth/30_exim4-config_examples
+ to keep people from blindly allowing cleartext auth.
+ * Replace 37_dns_disable_additional_section patch with
+ 37_upstream_patch_342619, which is the nearly identical patch from
+ upstream CVS, approved by Philip. (mh) Closes: #342619
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 22 Feb 2006 10:30:16 +0000
+
+exim4 (4.60-3) unstable; urgency=low
+
+ * Have exim4-base replace exim4-daemon-light and -heavy. This is a
+ needed corollary to the movement of the man pages to -base. Let's
+ hope that this change doesn't introduce too much breakage. Thanks
+ to Hamish Moffatt for making me take a closer look at policy.
+ (mh) Closes: #347908, #348067
+ * Introduce Makefile variable to build with OpenSSL instead of
+ GnuTLS. This is a last minute maneuver to help sites suffering from
+ the GnuTLS entropy issue (#338319, #343085) whose only other chance is
+ disabling TLS completely. Please note that building exim4-daemon-heavy
+ with OpenSSL is a GPL violation since OpenSSL's license clashes with
+ the MySQL client library, which is GPL licensed without OpenSSL
+ exception. (mh)
+ * re-pack configuration diffs. (mh) Closes: #331698
+ * Fix wrong variable substitution in lt (Lithuanian) debconf
+ translation. Thanks to Davide Viti and Gintautas Miliauskas. (mh)
+ Closes: #342242
+ * Fix typo in exim.8 man page. Thanks to A Costa. (mh) Closes: #338579
+ * Honor dpkg-statoverride entries for run-time data in /var.
+ Thanks to Peter Mottram. (mh) Closes: #269448
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Jan 2006 00:23:47 +0000
+
+exim4 (4.60-2) unstable; urgency=low
+
+ * Add, but not enable, 37_dns_disable_additional_section.dpatch,
+ which might be a possible fix for #342619
+ * conf.d/auth/30_exim4-config_examples: add hint to adapt public_name
+ string in support_broken_outlook_express_4_server authenticator if
+ other authencators than LOGIN and PLAIN are offered.
+ * Fix missing special characters in some debconf translations.
+ Thanks to Davide Viti. (mh) Closes: #341442
+ * Fix broken README reference in system_aliases router docs. (mh)
+ * remove references to alias files from the address_pipe transport. (mh)
+ * remove "Some-State" default from exim-gencert. (mh)
+ * Clarify split vs unsplit config in README.Debian. Thanks to Faheem
+ Mitha and Ross Boylan for helping. (mh)
+ * Update Build-Depends to libmysqlclient15-dev. (mh) Closes: #343767
+ * Fix wrong header in conf.d/routers/300_exim4-config_real_local.
+ Thanks to Ross Boylan for spotting this. (mh)
+ * Document headers_rewrite, return_path and dc_mailname_in_oh in
+ update-exim4.conf man page. (mh) Closes: #332520, #342233
+ * Re-Instate debian/patches/31_eximmanpage which was erroneously
+ removed in 4.60-1, we have local Debian patches in here. Thanks to
+ Ross Boylan for spotting this. (mh) Closes: #330967
+ * Mention relay permission from localhost in update-exim4.conf(8). (mh)
+ * Add more prose to relay control configuration. (mh)
+ * Update Greek debconf translation (Thanks, Kostas Papadimas) (am)
+ Closes: #344576
+ * Add cross-reference to README.Debian to better find macro docs.
+ Thanks to Shyamal Prasad. (mh) Closes: #329988
+ * Fix incorrect variable substitution in pt_BR debconf translation. (Thanks,
+ Felipe Augusto van de Wiel) (am) Closes: #345363
+ * [exim4-config.templates, po/*po] Replace reference to README.SMTP-AUTH
+ with one to its replacement README.Debian.html. (am) Closes: #344826
+ * Re-work long package descriptions. Move reference to README.Debian in
+ front, add hint to dpkg-reconfigure exim4-config, complete stub
+ sentences, remove non-referenced acronym MTA from the long
+ descriptions, move explanation what exim is to the very front.
+ * README.Debian: Add section about changing the configuration,
+ explain structure of conf.d and .conf.template, add hint that the SMTP
+ AUTH examples are documented.
+ * Introduce MAIN_TLS_CERTKEY to allow for single-file certificate/key
+ storage. Thanks to John Goerzen. (mh) Closes: #315126
+ * Mention entropy issue in README.Debian.
+ * Ship symlink to /usr/sbin/exim, see NEWS.Debian. (mh) Closes: 319316
+ * use dh_installinit -n instead of --noscripts to work around #347577. (mh)
+ * use dh_installinit --name instead of --init-script, rename init
+ script. (mh)
+ * move man pages from daemon packages to exim4-base, add lintian
+ and linda overrides to allow daemon packages not to contain man pages.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 12 Jan 2006 12:36:50 +0000
+
+exim4 (4.60-1) unstable; urgency=low
+
+ * new upstream version 4.60
+ * assign value to UE4CC after command line processing. Only have
+ ue4c throw an error on not-existing UPEX4C_confd if split config is
+ seleted. Thanks to Ted Percival. (mh) Closes: #337229
+ * A number of man page fixes. Thanks to A Costa. (mh)
+ Closes: #338580, #338581, #338582, #338583, #338584
+ * Pull spool dir path from exim -bP instead of hard-coding it in
+ daily cron job and exim4_refresh_gnutls-params.
+ Thanks to Alex Hermann. (mh) Closes: 340002
+ * Corrected zh_CN translation by Ming Hua. (am) Closes: #338928
+ * Corrected pl translation by Jacek Politowski. (am) Closes: #339671
+ * Change README.Debian to clarify the exim as a client only uses
+ STARTTLS and not TLS on connect. Thanks to Rob Brenart and Marc
+ Sherman for pointing that out on exim-users.
+ * Clarify passwd.client format. Thanks to Osamu Aoki for providing a
+ good starting point in #244724, which is unfortunately not fixed just
+ now.
+ * remove patch 31_eximmanpage, fixes are included upstream.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 28 Nov 2005 18:16:12 +0000
+
+exim4 (4.54-2) unstable; urgency=low
+
+ * debian/README.Debian* merged into one xml-file. Binary packages ship both
+ a html (generated by xsltproc) and plain-text version (lynx +
+ post processing) of the file. (Hilko Bengen)
+ * Switch to libmysqlclient14.
+ * Fix two typos in French debconf templates.
+ Thanks to Christian Perrier. (mh)
+ * Replace broken courier auth example with one that actually denies
+ access if a wrong password is given. Thanks to Peter Thomassen for
+ carrying that report from some colorful web forum to the people who
+ can fix it after like four months. (mh) Closes: #336979
+ * Fix minor typos in README.Debian.xml and changelog. (mh)
+ * Add 255.255.255.255 to ignore_target_hosts in dnslookup. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 2 Nov 2005 19:40:22 +0000
+
+exim4 (4.54-1) unstable; urgency=low
+
+ * new upstream version 4.54. (mh)
+ * fix typo in router/real_local header
+ * add same_domain_copy_routing to router/hubbed_hosts
+ * [update-exim4.conf.8] false friend: s/sensible/sensitive/.
+ Thanks to Ross Boylan. (am) Closes: #330975
+ * modify broken outlook express 4 authenticator so that it only
+ advertises on encrypted connections, as the other plaintext
+ authenticators do. Thanks again, Fred Viles. (mh)
+ * update-exim4.conf.8: alphabetically sort REPLACEMENT PATTERNS and
+ CONFIGURATION VARIABLES sections, add documentation for
+ DEBCONFlocal_domainsDEBCONF.
+ Thanks to Ross Boylan. (mh) Closes: #330980
+ * fix bashism == in init script. Thanks to Adam D. Barratt and
+ Justin Pryzby. (mh) Closes: #331299
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 4 Oct 2005 09:59:24 +0000
+
+exim4 (4.53-1) unstable; urgency=low
+
+ * new upstream version 4.53. (mh)
+ * Fix obviously unfinished sentence in update-exim4.conf.8
+ documenting dc_local_interfaces. (mh)
+ * Move SMTP authentication docs to README.Debian. (mh)
+ * Adapt reportbug script to be useable from the command line as well,
+ mention this in README.Debian mailing list paragraph. (mh)
+ * Remove /etc/default/exim4 in exim4-config's postrm instead of exim4-base's
+ one, as it is created in exim4-config's postinst. (am) Closes: #325901
+ * Fix error in README.Debian.xinetd.
+ Thanks to Diego Biurrun. (mh) Closes: #327847
+ * Fix substitute variable in Japanese (ja) debconf translation.
+ Thanks to Kenshi Muto. (mh) Closes: #329729
+ * Add lintian override for maintainer-script-needs-depends-on-netbase. We
+ don't need that depends since update-inetd.conf is checked for presence
+ before invocation and that invocation is only optional cleanup. (mh)
+ * add linda override to kill double shlib warning - libgnutls is
+ fully versioned and thus is not a problem. (mh)
+ * add lintian override to kill bashism "local" warning for
+ exim4-config.config and exim4-config.postinst (see #330548). (mh)
+ * add general package blurb to description of the exim4 meta package
+ as well. Thanks to Marc Sherman for pointing this out. (mh)
+ * remove code to escape dashes in the pod2man generated man pages.
+ That code makes the man pages syntactically invalid, we'd rather
+ live with suboptimal rendering (which is a pod2man bug anyway). (mh)
+ * change spacing for rewrite rules in configuration, man page and
+ ue4.conf to ease paragraph filling for the man page. (mh)
+ * re-pack config patches. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 28 Sep 2005 18:34:51 +0000
+
+exim4 (4.52-2) unstable; urgency=low
+
+ * unpack/pack configs to get clear EDITME patches (mh)
+ * Update ca (Catalan) translation.
+ Thanks to Aleix Badia i Bosch. (mh) Closes: #317429
+ * Update mk (Macedonian) translation.
+ Thanks to Georgi Stanojevski. (mh) Closes: #320231
+ * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params
+ instead of only removing the file and letting exim4 re-generate it at SMTP
+ time after receiving STARTTLS. The maximum runtime of certtool is limited
+ to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki
+ (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to
+ exim4-base' Suggests. (am) Closes: #285371
+ * Build-Depend on libgnutls-dev (from gnutls12) instead of libgnutls11.
+ * Drop compability with debhelper in woody (am):
+ - mv *.templates.master *.templates
+ - update po/POTFILES.in accordingly.
+ - no more manual invocation of po2debconf in debian/rules
+ - use dh_installppp instead of manual dh_installdirs/dh_install.
+ Closes: #212893
+ - Build-Depends: debhelper (>= 4.1.68)
+ * drop upgly passwd dependency introduced in 4.30-6. (am)
+ * shorten Build-Depends by replacing "libxfoo-dev|xlibs-dev' with just
+ 'libxfoo-dev'. (am)
+ * Do not try to authenticate to smarthost if smarthost offers AUTH LOGIN but
+ passwd.client does not contain a matching entry. (am) Closes: #323565
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 21 Aug 2005 11:44:27 +0200
+
+exim4 (4.52-1) unstable; urgency=low
+
+ * new upstream version 4.51. (mh)
+ * adapt 70_remove_exim-users_references
+ * remove 37_gnutlsparams
+ * adapt 36_pcre
+ * adapt 31_eximmanpage
+ * fix package priorities to have them in sync with override again. (mh)
+ * Fix error in nb (Norwegian) translation.
+ Thanks to Helge Hafting. (mh). Closes: #315775
+ * Standards-Version: 3.6.2, no changes needed. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 2 Jul 2005 06:08:34 +0000
+
+exim4 (4.51-2) unstable; urgency=low
+
+ * Fix typo in exiwhat.8. (am) Closes: #313246
+ * Clarify tls_verify_certificates documentation in
+ conf.d/main/03_exim4-config_tlsoptions. Thanks to Wenzhuo Zhang. (mh)
+ * Accept postmaster liberally for relay_to_domains. Thanks to
+ Roderick Schertler. (mh) Closes: #313023
+ * Improve update-exim4.conf's internal run-parts to warn about ignored files
+ if running in verbose-mode. (am) Closes: #315656
+ * Make it possible to purge a previously uninstalled exim4-suite if debconf
+ has between removed since. (am) Closes: #315173
+ - Stop useless sourcing of confmodule in exim4-config.postrm.
+ - Use debconf to ask about trashing the mailqueue if debconf is available,
+ keep the queue otherwise.
+ * exim failed to setup gnutls parameters if the gnutls-param file was
+ missing. This caused TLS breakage. (am) Closes: #315650
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 28 Jun 2005 19:35:35 +0200
+
+exim4 (4.51-1) unstable; urgency=low
+
+ * new upstream version 4.51. (mh)
+ * remove 80_upstream_fix-296492
+ * remove 81_fix-kfreebsd-gnu
+ * remove 82_upstream_fix-299733
+ * remove 82_upstream_fix_299743
+ * remove 83_upstream_fix-strangelog
+ * build-depends: replace postgresql-dev with libpq-dev. (mh)
+ * apply patch to EDITME.exim4-heavy.diff from ubuntu for clearer
+ postgresql build. (mh)
+ * fix wrong dc_other_hostnames statement in manpage. Thanks to
+ Daniel Hermann. (mh) Closes: #311023
+ * give more directions how to use /etc/exim4/exim4.conf. (mh)
+ * Fix duplicated server_advertise_condition line in
+ login_saslauth_server. Thanks to Rich Aycock. (mh) Closes: #311906
+ * Conditional restarting the daemon in exim4-config.config now checks for
+ DEBCONF_RECONFIGURE=1 instead of (mis)using an internal
+ debconf-template. (am)
+ * Documentation Improvements for update-exim4.conf.8, exim4.conf.template
+ and 01_exim4-config_listmacrosdefs and README.Debian.
+ Thanks to Ross Boylan. (am/mh)
+ * New translation: et (Estonian) by Siim Põder. (mh) Closes: #312474
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 10 Jun 2005 18:57:03 +0000
+
+exim4 (4.50-8) unstable; urgency=low
+
+ * integrate TLS docs in README.Debian, remove README.TLS.
+ Thanks to Sam Morris. (mh) Closes: #310771
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 27 May 2005 07:57:14 +0000
+
+exim4 (4.50-7) unstable; urgency=low
+
+ * Documentation Only Fixes
+ - Fix grammar error in README.system_aliases. Thanks to Andreas
+ Barth on IRC. (mh)
+ - Optimize unencrypted authentication docs. Thanks to Drew Parsons.
+ (mh) Closes: #305443
+ - Clarify dc_smarthost host list processing in update-exim4.conf.8.
+ (mh) Closes: #307370
+ - Clarify split-config description in README.Debian.
+ Thanks to Luc Saffre. (mh)
+ - Fix a typo in README.Debian-accountname, thanks to Brett Parker. (mh)
+ - Fix an issue in the exim manpage creating the illusion that
+ whitespace is allowed between -d and its options.
+ Thanks to Greg Kochanski. (mh) Closes: #309174
+ - Start re-work of README.Debian FAQ.
+ - Add "should -config depend on -base" question to README.Debian FAQ.
+ - Link README.Debian to -daemon-light and -daemon-heavy, include a
+ copy of README.Debian in -config.
+ Thanks to Daniel Maier. (mh) Closes: #310118
+ * Translations
+ - Update: cy (Welsh) by Dafydd Harries. (mh) Closes: #306349
+ - New: vi (Vietnamese) by Clytie Siddall. (mh) Closes: #306613
+ - Fix typos in pt.po (Thanks, Miguel Figueire) (am) Closes: #310057
+ * Configuration Clarification
+ - move the regexps in the local part checks to macros, adapt docs.
+ Thanks to Adam M. Costello. (mh) Closes: #306094
+ * Bug Fixes
+ - preserve escape sequences like '\\N' in
+ /etc/exim4/update-exim4.conf.conf:
+ - use awk instead of sed in exim4-config.postinst (Thanks, Barry Kitson).
+ - use printf '%s\n' "$foo" instead of echo "$foo". (echo in dash would
+ swallow the second backslash)
+ - actually making this work requires changes in debconf, too,
+ see #306134.
+ - (Closes: #305957) (am)
+ - apply upstream patch from
+ http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050425/msg00035.html
+ in some circumstances, exim writes parts of /etc/passwd and/or
+ /etc/group to the reject log. This scares people. (mh)
+ - apply upstream patch from
+ http://www.exim.org/mail-archives/exim-dev/2005-April/msg00012.html to
+ only try SASL mechanisms that are actually specified in the
+ configurations. Thanks to Juergen Kreileder. (mh) Closes: #299743
+ - Build against libmysqlclient12-dev instead of libmysqlclient10-dev.
+ (am) Closes: #306970
+ - As "mail sent by smarthost; no local mail" aka satellite requires setting
+ dc_readhost always ask this question. (am) Closes: #304838
+ - Make nonsplit-config read /etc/exim4/exim4.conf.localmacros before
+ /etc/exim4/exim4.conf.template to allow macros here as well. (mh)
+ - Make it clear that "broken debconf" warning is issued by
+ exim4-config.postinst
+ - Make sure that "generated, do not touch" disclaimer in
+ /var/lib/exim4/config.autogenerated always appears
+ - [exim4-config] As the.config script stores answers in debconf's db and the
+ postinst actually generates configurations files from these values
+ restarting the daemon on dpkg-reconfigure has to be done in postinst. (am)
+ Closes: #310703
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 26 May 2005 17:47:24 +0000
+
+exim4 (4.50-6) unstable; urgency=low
+
+ * fix some errors in update-exim4.conf(8) manpage. (am)
+ * more macros in config. (mh)
+ * Apply upstream fix: $primary_hostname is now expanded in
+ cyrus_sasl authenticator. Thanks to Juergen Kreileder, and of
+ course Philip Hazel. (mh) Closes: 299733
+ * fix conftype none missing "| \" bug, again. Thanks to Andrew Nimmo
+ and Gabriel L. Briones III. (mh) Closes: 303351.
+ * The upstream fix for #296492 sometimes causes an endless loop. Update
+ patch with correction from Philip's commit, revision 1.10. (mh)
+ * Document real_local router. (mh)
+ * Add instructions about how to use inetd. Thanks to Ryan Underwood.
+ (mh) Closes: #304436
+ * Fix wrong file header in 100_exim4-config_domain_literal. (mh)
+ * Fix bad english in 01_exim4-config_listmacrosdefs. (mh)
+ * conf.d/main/02_exim4-config_options: Remove macro effort for options
+ that we leave at their default by default anyway, re-commenting them
+ for reference. (am)
+ * Allow cleartext client AUTH PLAIN and AUTH LOGIN by setting a
+ macro. (mh)
+ * Update information in README.SMTP-AUTH. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 17 Apr 2005 19:10:26 +0000
+
+exim4 (4.50-5) unstable; urgency=low
+
+ * move exim4-config-simple and exim4-config-medium from the main
+ source package to keep them from being released.
+ * document the fact that the check done by update-exim4.conf does
+ not detect all possible errors and fails with errors that are inside
+ expanded items in the config file. Thanks to Marc Sherman.
+ (mh) Closes: 286721
+ * Add examples for cyrus_sasl to conf.d/auth/30_exim4-config_examples.
+ Thanks to Juergen Kreileder. (mh) Closes: #299732
+ * remove --dry-run from 10_daemon_close_fds.dpatch so that failures
+ to patch cause failure. Thanks to Gergely Nagy, and apologies for
+ blaming it on dpatch (see #297670). (mh)
+ * remove ACL example file, incorporate DNSBL examples (without
+ actual DNSBL domains) into main config. The example file hasn't been
+ updated in ages, and the main config file has become quite
+ sophisticated by itself. (mh)
+ * add example authenticators for courier authdaemon. (mh)
+ * have exim4-base recommend psmisc. Thanks to Thiemo Seufer.
+ (mh) Closes: #299858
+ * apply upstream patch fixing fallback handling. Thanks to Laurent Fousse.
+ (mh) Closes: #296492
+ * add patch to allow building on kfreebsd-gnu. Thanks to Robert
+ Millan. (mh) Closes: #300967
+ * remove 10_daemon_close_fds since this might close FDs which might
+ be used by other libraries such as libnss-ldap. Thanks to Antonio
+ Kanouras for reporting and testing, and to Florian Weimer for
+ debugging. To avoid #297607 from happening again, use db_stop in
+ exim4-config.config and coordinate with the d-i team. Thanks to
+ Frans Pop for testing. (mh) Closes: #299051
+ * make pidfile paths in init script variables. (mh)
+ * Update bs (Bosnian) debconf templates. Thanks to Safir Secerovic.
+ (mh) Closes: #301940
+ * Fix update-exim4.conf to actually remove the DEBCONF stuff from
+ configuration. Thanks to Jason Spiro. (mh)
+ * correctly translate an empty debconf option visiblename to an
+ _unset_ qualify_domain, not a qualify_domain set to the empty string.
+ Thanks to Miquel van Smoorenburg. (mh) Closes: #302060
+ * update-exim4.conf ignored the setting of dc_use_split_config and
+ always used the data from split config for conftype none. (am)
+ * Document #301988 (base-config) in README.Debian to offer an
+ explanation for a long delay restarting exim right after Debian
+ installation. (mh)
+ * Fix exim4-config.NEWS and exim4-config.postinst, documenting the
+ mailname change there. This should act as a heads-up to people who
+ do funky things with their ue4.conf.conf which might overwrite the
+ fixup intrduced by the maintainer script. Thanks to Vincent
+ Lefevre. (mh) Closes: #301906
+ * Make Maildir location configurable via exim macro. Thanks to
+ Frederic Lehobey. (mh) Closes: #302215
+ * pull update-exim4.conf.conf file name in shell variables
+ * liberally use .ifdef in conf.d files which changed in this release
+ anyway. This is part of the process to fix #297603. (mh)
+ * Adapt formatting policy to conf.d files which were changed. (mh)
+ * Improve on Debconf documentation in update-exim4.conf.conf and
+ the configuration templates. This partly addresses #289959. (mh)
+ * re-work ue4.conf man page, also addressing #289959. (mh)
+ * add a comment about caseless postmaster to
+ conf.d/router/400_exim4-config_system_aliases. (mh)
+ * print script name and parameters when debugging. (mh)
+ * update-exim4.conf now gives a better error message if
+ ue4.conf.conf does not exist. (mh)
+ * ue4.conf.template: If a relative output path is given, actually
+ put the file there and not in a path relative to
+ /etc/exim4/conf.d. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 3 Apr 2005 07:20:17 +0000
+
+exim4 (4.50-4) unstable; urgency=low
+
+ * fix 10_daemon_close_fds.dpatch to actually apply again. Sheesh.
+ Thanks to Joey Hess. (mh) Closes: #297607
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 2 Mar 2005 07:38:52 +0000
+
+exim4 (4.50-3) unstable; urgency=low
+
+ * actually enable dlopen patch, show this in package descriptions.
+ Thanks to Andrej KOLESNIKOV. (mh) Closes: #297282
+ * Have exim4-config conflict with -daemon (<<4.50), as we use
+ submission/sender_retain which is not supported by earlier daemons.
+ Thanks to Echo Nolan. (mh) Closes: #297501
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 1 Mar 2005 06:45:26 +0000
+
+exim4 (4.50-2) unstable; urgency=low
+
+ * now use WITH_OLD_DEMIME as discussed on pkg-exim4-devel. (mh)
+ * postinst: add "This is a Debian specific file" to ue4.c.c. (mh)
+ * fix exim.8 manpage to point to exim4 instead of exim.
+ (mh) Closes: #296864
+ * fix update-exim4.conf.8 man page to correctly document that
+ multiple smarthosts are supported and non-SMTP ports are not. Thanks
+ to Dan Jacobson. (mh) Closes: #283560
+ * Add --output option to update-exim4.conf.template. Thanks to Marc
+ Sherman. (mh/am) Closes: #296597
+ * Compile with cyrus_sasl authentication mechanism, add libsasl2-dev to
+ Build-Depends. Thanks to Sean Middleditch and Gergely Risko. (mh)
+ Closes: #296203, #292906.
+ * document that dc_localdelivery does not have a corresponding
+ Debconf option.
+ * Introduce ue4c_comments for /etc/exim4/update-exim4.conf.conf to
+ set default for keepcomments/removecomments from the config file.
+ Thanks to Greg Folkert. (mh) Closes: #295735
+ * Use "control = submission/sender_retain" to fixup relayed messags instead
+ of only adding a Message-ID with a warn-statement. (am) Closes: #285235
+ * Add force-stop to the init script. Thanks to Jari Aalto. (mh)
+ Closes: 271686
+ * tighten local parts checks. Thanks to Jari Aalto. (mh) Closes: #273302
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Feb 2005 16:33:05 +0000
+
+exim4 (4.50-1) experimental; urgency=low
+
+ * new upstream version
+ * kill exiscan patch as it is now included upstream
+ * deliver configuration which will compile daemon-heavy with the
+ built-in exiscan
+ * convert package to svn on svn.debian.org with a debian/-only
+ layout. (mh)
+ * remove 37_kbsd-gnu patch on bug submitter's request (doesn't apply
+ cleanly). (mh)
+ * fix bad German translation of a debconf template. Thanks to Hanno
+ Wagner. (mh) Closes: #291671
+ * allow option passing to updatex-exim4.conf from init script.
+ Thanks to Stephen Gran. (mh) Closes: #285973
+ * change commented out example for reverse DNS RCPT check to catch
+ deferrals as well. Thanks to Marc Sherman. (mh) Closes: #291832
+ * Update ko (Korean) debconf templates. Thanks to Seo Sanghyeon.
+ (mh) Closes: #292607
+ * Update sq (Albanian) debconf templates. Thanks to Elian Myftiu.
+ (am) Closes: #284529
+ * New gl (Galician) debconf templates. Thanks to Jacobo Tarrío.
+ (mh) Closes: #295562
+ * use #!/bin/bash in reportbug script as a quick fix until #294954
+ is fixed one way or the other in reportbug.
+ * Minor fix to de (German) debconf templates. Thanks to Dennis
+ Stampfer. (mh) Closes: #294815
+ * add bad hack authenticator to support outlook express 4.xx. (mh)
+ * streamline server authenticator names. (mh)
+ * 60_convert4r4.dpatch: patch convert4r4 to prevent execution of the
+ script without people reading a prominent warning. (mh)
+ * re-work debian/control again, pointing people towards
+ pkg-exim4-users to make upstream a little bit less unhappy.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 18 Feb 2005 15:31:12 +0000
+
+exim4 (4.44-2) unstable; urgency=low
+
+ * re-work debian/control to make lintian happy, make descriptions
+ more orthogonal. (mh)
+ * kill build-conflicts on libperl-dev (=5.8.4-1). (mh)
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 27 Jan 2005 13:45:45 +0100
+
+exim4 (4.44-1) experimental; urgency=low
+
+ * New upstream bugfix-only release (exiscan-acl 4.44-28).
+ - Fixes eximstats' generation of pie charts by volume. (Closes: #286074)
+ - Reset the locale to "C" after calling embedded Perl. (Closes: #283538)
+ - includes 66_cipherpreferences.dpatch,
+ 66_can2005-0021_can2005-0022.dpatch, 65_tidydb-spool.dpatch,
+ 62_statvfs.dpatch.
+ * Fix (commented) example for AUTH LOGIN with saslauthd (Thanks, Maik
+ Broemme). (Closes: #291205)
+ * tl (Tagalog) translation of debconf templates by eric pareja.
+ (Closes: #291184)
+ * Use db4.2. (Closes: #258311)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 23 Jan 2005 15:42:20 +0000
+
+exim4 (4.43-4) unstable; urgency=low
+
+ * Change update-exim4.conf to again generate a valid return_path (instead
+ of defering any mail to remote systems) if dc_hide_mailname='true'.
+ (Closes: #290954)
+ * Fix typo in changelog and exim4-config's NEWS.
+ * Some changes (most notably changing the interfaces exim listens on)
+ require restarting exim instead of just sending HUP. Change documentation
+ and exim4-config.config accordingly. (Closes: #290945)
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 18 Jan 2005 12:57:58 +0100
+
+exim4 (4.43-3) unstable; urgency=low
+
+ * Now that 4.44 is released upload 4.43 to unstable. ;-) Merge experimental
+ and unstable changelog.
+ * More lintian overrides. ("X" in eximon4's description has to be capital,
+ and we take care to only use settitle if it is available.
+ * make nullmailer setup and the way we use mailname a lot more sensible,
+ attacking #244095 and #280207:
+ - mailname is not implicitely made a local domain, instead it is listed
+ explicitly in dc_other_hostnames, where users can easily remove it
+ from. (This is basically what postfix does, too.) When upgrading
+ existing installations mailname is automatically added _once_ to
+ dc_other_hostnames, on fresh installations mailname is the default
+ value of dc_other_hostnames. We store the fact that we have added
+ mailname to dc_other_hostnames in $dc_mailname_in_oh in
+ update-exim4.conf.conf.
+ - Make exim work correctly if dc_readhost ("visible, rewritten domain name
+ for local users") ends up as part of local_domain, which happens if
+ the same value is chosen for mailname and dc_readhost. This
+ implemented by new router, hub_user_smarthost. Previously users were
+ required to use something different (my.invalid.domain) for mailname.
+ - Special thanks to Christian Perrier for taking care of the
+ template translation updates.
+ * We did not substitute the current value into the debconf templates with
+ db_subst but showed the old ones from the previous debconf run.
+ * /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses!
+ * Bosnian (bs.po) translation is complete (Thanks Adis Nezirovic).
+ * Includes de.po change suggested in #286525.
+ * One-line fix for incorrect fi.po translation by Kalle Olavi Niemitalo.
+ (Closes: #288930)
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 15 Jan 2005 19:38:16 +0100
+
+exim4 (4.43-2) experimental; urgency=low
+
+ * Resync against sarge/sid (4.34-10).
+ * Translation updates:
+ - he (Hebrew) by Lior Kaplan (am) (Closes: #281249)
+ * cy (Welsh) translation of debconf templates by Dafydd Harries.
+ (am) (Closes: #282731)
+ * sq (Albanian) translation of debconf templates by Elian Myftiu. (am)
+ (Closes: #284529)
+ * allow arbitrary Sender: and envelope headers in locally submitted
+ messages, no longer force them to be the local account name at the
+ local host name. (mh)
+ * delete /var/spool/exim4/gnutls-params in cron.daily. (mh)
+ (Closes: #224269)
+ * run debian/rules update-mtaconflicts. (mh)
+ * remove outdated info from README.SMTP-AUTH and clarify corresponding
+ comments in configuration file (Closes: #281249). (am)
+ * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450). (am)
+ * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205). (am)
+ * Document /etc/email-addresses in README.Debian (Closes: #276958) (am).
+ * exim_tidydb did not work properly with split spool directory. (am)
+ * Make exim prefer stronger ciphers. (AES_256 AES_128 3DES ARCFOUR).
+ * Make the prefered local transport (maildir/mailspool) configurable in
+ update-exim4.conf.conf, attacking #250980. Document this, therefore
+ (Closes: #274597) (am)
+ * Move slightly more expensive tests in rcpt ACL further down. (This only
+ changes commented out example code.) (Closes: #267708)
+ * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302)
+ * Version dpatch build-dependency to safeguard against reintroducing this
+ bug.
+ * In comment point out that using saslauthd for SMTP AUTH requires giving
+ exim privileges to use it.
+ * New patch 66_can2005-0021_can2005-0022.dpatch from
+ http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html
+ fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022
+ (mh/am).
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 6 Jan 2005 12:33:27 +0100
+
+exim4 (4.43-1) experimental; urgency=low
+
+ * targeted for experimental since we need unstable to get new 4.34
+ versions in sarge. unstable upload will happen as soon as t-p-u is in
+ working condition.
+ * New upstream version. (am) (Closes: #274246, #267994)
+ - no more unescaped hyphens in exim.8. (Closes: #262592)
+ - no more warnings in exipick.8 (Closes: #277817)
+ - New option tls_on_connect_ports. (Closes: #265818)
+ - better documentation about differences in configuring for GnuTLS or
+ OpenSSL. (Closes: #241725)
+ - verify = header_sender now respects callout options. (Closes: #260114)
- - There is now an overall timeout for performing a callout verification.
++ - There is now an overall timeout for performing a callout verification.
+ (Closes: #261511)
+ - Less typos in filter.txt. (Closes: #230545)
+ - New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947)
+ * exiscan patch 4.43-28 (mh)
+ * Use statvsf() instead of statfs(), fixing complete breakage on
+ alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and
+ debugging this. (am)
+ * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to
+ prevent similar bugs. (am)
+ * Translation updates:
+ - tr (Turkish) by Recai Oktas (#281840) (am)
+ * add lintian and linda overrides to get rid of warnings and errors. (mh)
+ * delete debian/files from config-custom, make config-custom's
+ debian/rules delete debian/files on clean. (mh)
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 21 Nov 2004 19:26:11 +0000
+
+exim4 (4.34-10) unstable; urgency=high
+
+ * urgency high because this upload fixes two minor security issues.
+ * more documentation for dc_localdelivery in update-exim4.conf.8.
+ * Move slightly more expensive tests in rcpt ACL further down. (This only
+ changes commented out example code.) (Closes: #267708)
+ * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302)
+ * Version dpatch build-dependency to safeguard against reintroducing this
+ bug.
+ * In comment point out that using saslauthd for SMTP AUTH requires giving
+ exim privileges to use it.
+ * New patch 66_can2005-0021_can2005-0022.dpatch from
+ http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html
+ fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022
+ (mh/am).
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 5 Jan 2005 10:39:03 +0100
+
+exim4 (4.34-9) unstable; urgency=low
+
+ * Translation updates:
+ - he (Hebrew) by Lior Kaplan (am) (Closes: #281249)
+ * cy (Welsh) translation of debconf templates by Dafydd Harries.
+ (am) (Closes: #282731)
+ * sq (Albanian) translation of debconf templates by Elian Myftiu. (am)
+ (Closes: #284529)
+ * new patch 64_pipeliningfixup pulled from 4.42. Exim was forgetting that it
+ had advertised PIPELINING for the second and subsequent messages on an
+ SMTP connection. Thanks to Christoph Barbian. (am) (Closes: #283230)
+ * allow arbitrary Sender: and envelope headers in locally submitted
+ messages, no longer force them to be the local account name at the
+ local host name. (mh)
+ * delete /var/spool/exim4/gnutls-params in cron.daily. (mh).
+ * remove outdated info from README.SMTP-AUTH and clarify corresponding
+ comments in configuration file (Closes: #283568) (am).
+ * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450) (am).
+ * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205) (am).
+ * run debian/rules update-mtaconflicts
+ * Document /etc/email-addresses in README.Debian (Closes: #276958) (am).
+ * exim_tidydb did not work properly with split spool directory. (am)
+ * Make the prefered local transport (maildir/mailspool) configurable in
+ update-exim4.conf.conf, attacking #250980. Document this, therefore
+ (Closes: #274597) (am)
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 7 Dec 2004 12:40:49 +0100
+
+exim4 (4.34-8) unstable; urgency=medium
+
+ * The real-life-takes-its-toll-release.
+ * Use statvsf() instead of statfs(), fixing complete breakage on
+ alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and
+ debugging this.
+ * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to
+ prevent similar bugs.
+ * Translation updates:
+ - tr (Turkish) by Recai Oktas (Closes: #281840)
+ * new patch 63_nomorecrashongnutlserror pulled from 4.40: "If a server
+ dropped the connection unexpectedly when an Exim client was using GnuTLS
+ and trying to read a response, the client delivery process crashed while
+ trying to generate an error log message." (Closes: #280647)
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 20 Nov 2004 10:52:18 +0100
+
+exim4 (4.34-7) unstable; urgency=low
+
+ * Update README.Debian.UUCP (thanks, Andreas Barth) (Closes: #271179)
+ * The hack to fix the infinite debconf loop on woody (#246742) broke
+ dpkg-reconfigure. Add an additional [ "reconfigure" != "$1" ] condition to
+ the abort clause. (Closes: #271864) (am)
+ * apply patch fixing Italian debconf translation by Danilo
+ Piazzalunga. (mh) (Closes: #274398)
+ * ro (Romanian) translation of debconf templates by Eddy Petrisor.
+ (mh) (Closes: #275414)
+ * sl (Slovenian) translation of debconf templates by Jure Cuhalev.
+ (mh) (Closes: #275090)
+ * uk (Ukrainian) translation of debconf templates by Eugeniy
+ Meshcheryakov. (mh) (Closes: #273505)
+ * mk (Macedonian) translation of debconf templates by Georgi
+ Stanojevski. (mh) (Closes: #275772)
+ * fix encoding problem in hu.po. Thanks to Christian Perrier. (mh)
+ * Hebrew translation updated. Closes: #277682 (Lior Kaplan)
+ * Norwegian Nynorsk translation fixed (commas removed and replaced by
+ dashes). Closes: #278011 (Christian Perrier)
+ * Fix commas in Macedonian, Polish, Russian translations which broke the
+ Choices list the same way they were in Norwegian Nynorsk (Christian
+ Perrier)
+ * Fix error in README.SMTP-AUTH, thanks Jari Aalto. (Closes: #276448) (am)
+ * Make update-exim4.conf more forgiving, working with files that are missing
+ the final newline. (Closes: #273279) (am)
+ * Use procmail for delivery if /either/ etc/procmailrc or ~/.procmailrc
+ exist. (Closes: #267706) (am)
+ * Shorten overlong template in Catalan (Closes: #277686) (Jordi Mallach) and
+ Brazilian translation (Closes: #278016) (Andre Luis Lopes)
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 7 Nov 2004 19:56:01 +0100
+
+exim4 (4.34-6) unstable; urgency=low
+
+ * Uploaded to test changes before we break tpu.
+ * zh_TW translation of debconf templates by Tetralet. (Closes: #267524)
+ * bg (Bulgarian) translation of debconf templates by Ognyan Kulev
+ (Closes: #267603)
+ * updated translations:
+ - nl (Dutch) by Bart Cornelis. (Closes: #268168)
+ * remove osirusoft from dnsbl examples. Thanks to Greg Kochanski for
+ noticing. Add dnsbl disclaimer. (mh) (Closes: #269501)
+ * add an example for exim-adduser. (Thanks to Jonas Meurer for the initial
+ idea, the commited version is different, though.) (mh/am) (Closes: #267792)
+ * hr (Croatian) translation of debconf templates by Krunoslav Gernhard
+ (Closes: #270578)
+ * Do not remove the Debian-exim user in "exim4-config.postrm purge".
+ Package dependencies are only effective for packages in status installed,
+ but it is clearly not sane to remove the user until all exim4-packages
+ are purged. e.g. this can completely break logrotate (Closes: #270681).
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 11 Sep 2004 10:29:26 +0200
+
+exim4 (4.34-5) unstable; urgency=low
+
+ * The let's test the changes before we upload to tpu release.
+ * updated translations:
+ - eu (Basque) by Piarres Beobide Egaña. (Closes: #261912)
+ - ca (Catalan) by Jordi Mallach. (Closes: #264842)
+ * Fix broken permissions (not readable for group/other) in upstream tarball
+ in clean target (thanks to Steve Langasek for help with find). This fixes
+ "dpkg-buildpackage -rsudo && dpkg-buildpackage -rsudo". (Closes: #262607)
+ * Stop daemon in "exim4-base.postrm remove". - Under specific circumstances
+ apt seems to purge -base before removing the depending package (-daemon),
+ therefore the daemon would not be stopped. (Closes: #261994)
+ * Build against libgnutls11-dev. (Closes: #263665)
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 11 Aug 2004 09:17:35 +0200
+
+exim4 (4.34-4) unstable; urgency=high
+
+ * Urgency high because upgrades from woody were broken.
+ * Exim4 triggers a bug in woody's debconf. - With dialog frontend, invoked
+ by dpkg-preconfigure you are stuck in a loop, always being asked the same
+ two questions (split config, and basic configtype) again and again until
+ you give up and choose split_config=yes although being discouraged from
+ doing so. I am working around this by making the config-script abort if
+ debconf is old and we are running in preconfigure mode. (Thanks to Dan
+ Weber, Adrian Bunk and whoever else wasted brainpower on this.)
+ (Closes: #246742) (am).
+ * Arabic (ar.po) translation of debconf templates by the translation team
+ of Arabeyes.org (Abdulaziz Al-Arfaj). (Closes: #261014)
+ * Change maintainer address to a mailinglist, add myself to uploaders (am)
+ * Quote ${dc_mailname} in exim4-config.config. (am)
+ * Fix grammar error in the original English templates (found by Adam D.
+ Barratt ages ago). Duplicate fix in .po files.(am)
+ * Typo/thinko in exim4-config (two 35-clauses) prevented showing a
+ (unimportant) question for satellite config. Thanks to Fabio Massimo Di
+ Nitto for finding this.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 27 Jul 2004 16:38:54 +0200
+
+exim4 (4.34-3) unstable; urgency=low
+
+ * updated translations:
+ - es (Spanish) by Javier Fernández-Sanguino Peña (Closes: #251987). Also
+ shorten overlong string. (Closes: #251316)
+ - tr (Turkish) by Recai Oktas, fixing overlong translations.
+ (Closes: #251932)
+ - de (German) corrected and scrutinized by Helge Kreutzmann.
+ (Closes: #254038)
+ - ru (Russian), too long templates shortened by Dmitry Beloglazov.
+ (Assuming I read Last-Translator correctly) (Closes: #259148)
+ * Hebrew (he.po) translation of debconf templates by Lior Kaplan.
+ (Closes: #254026, #257508)
+ * introduce .ifndef hacks to allow MESSAGE_SIZE_LIMIT, DCreadhost
+ and DCsmarthost to be changed by the local admin without having to
+ change dpkg-conffiles (mh).
+ * Use byname on the smarthost route list (mh). (Closes: #250367)
+ * Make build-dependency on libldap2-dev unversioned. This was just a paranoia
+ measure and the buildds are using this version anyway (am).
+ * escape some dashes in manpages (am).
+ * Replace the three test -a/-o with &&/|| constructs, and egrep with grep
+ -E (am).
+ * Use symbolic name instead of signal numbers for trap (am).
+ * Add explanation on missing SPF-support to README.Debian (am).
+ * remove MESSAGE_SIZE_LIMIT rule from DATA acl, use global
+ message_size_limit instead. Thanks to Matthias Gärtner for pointing
+ this out to me (mh).
+ * Increase MAX_NAMED_LIST to 32 for daemon-heavy (am). (Closes: #253959)
+ * add a reportbug-script to gather additional information. This way we do
+ not rely on possibly out of date information in debconf (am).
+ (Closes: #255645)
+ * Fix off-by-one error in queryprogram router (am).
+ * set "tls_tempfail_tryclear = false" on remote_smtp_smarthost transport
+ (am, Thanks to Dan Jacobson for the suggestion). (Closes: #253931)
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 19 Jul 2004 15:16:28 +0200
+
+exim4 (4.34-2) unstable; urgency=medium
+
+ * Urgency medium because CAN-2004-0400 isstill not fixed in testing and
+ because this version gets almost every single translation up to date.
+ * Norwegian nynorsk translation of debconf templates by Håvard Korsvoll.
+ (Closes: #248810)
+ * fix debug_print in remote_smtp_smarthost transport. (Closes: #248922)
+ * For minimal_dns update-exim4.conf(8) now tries to find out the primary
+ hostname itself and hardcodes this value in the generated configuration
+ file. (Closes: #241475,#248854)
+ * updated translations:
+ - ko (Korean) by Changwoo Ryu (Closes: #249026)
+ - it (Italian) by Danilo Piazzalunga
+ - lt (Lithuanian) by Gintautas Miliauskas (Closes: #249269)
+ - ru (Russian) by Nikolai Prokoschenko (Closes: #249298)
+ - es (Spanish) by Javier Fernández-Sanguino Peña
+ - nl (Dutch) by Bart Cornelis
+ - de (German) doublechecked and corrected by Dennis Stampfer
+ (Closes: #249925)
+ - fi (Finnish) by Tapio Lehtonen
+ - nb (Norwegian bokmål) by Klaus Ade Johnstad (Closes: #250344)
+ * New bugfix by upstream: "drop" in the DATA acl did not send 550 but dropped
+ the connection immediately.
+ * add a debian/watch file.
+ * Catalan (ca.po) translation of debconf templates by Aleix Badia i Bosch.
+ (Closes: #250113)
+ * Polish (pl.po) translation of debconf templates by Tomasz Z. Napierala.
+ (Closes: #250908)
+ * Rudimentary (5/58) Bosnian debconf templates translation by Safir
+ Šećerović (Closes: #251137)
+ * Document why exim tries to make an AAAA lookup at startup and how to stop
+ this in README.Debian. (Closes: #243822)
+ * Compile with -fno-strict-aliasing. Exim uses lots of casts that are not
+ allowed: "(char **)(&foo)" where foo is a pointer to unsigned char
+ (sourcecode: CSS(foo) with foo being a uchar), which results in lots of
+ "dereferencing type-punned pointer will break strict-aliasing rules".
+ Thanks to Andrew Suffield for the explanation.
+ * exim4-config uses features introduced in 4.33 - conflict with earlier
+ versions. (Closes: #249550)
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 31 May 2004 10:31:51 +0200
+
+exim4 (4.34-1) unstable; urgency=low
+
+ * remove cruft from source
+ * New upstream version 4.34, exiscan -21
+ * includes fix for buffer overflow (CAN-2004-0400) fixed in previous
+ upload
+ * Again adds a received header before local_scan() is invoked.
+ * Adds a missing fclose() that was causing scan directories not
+ to be deleted on NFS spools.
+ * add debug_print statements on various routers (mh)
+ * add docs to smarthost router regarding secondary MX setup (see
+ #248370) (mh)
+ * don't ask any more for relay_to_domains if configuring for
+ smarthost and satellite setup. (Closes: #248370) (am)
+ * straighten out remote_smtp transport by adding remote_smtp_smarthost
+ and using that in the smarthost router. (mh)
+ * add hubbed_hosts router for more flexible routing. (mh)
+ * add update-exim4.conf.template and use it in debian/rules (Closes:
+ #248338). (mh)
+ * remove debian/patches/60_upstream_fixes as the fix is already
+ included upstream now. (mh)
+ * add README.Debian-accountname (mh)
+ * updated translations:
+ - zh_CN (Simplified Chinese) by Carlos Z.F. Liu (Closes: #248464). (mh)
+ * Temporarily add a Build-Conflicts with libperl-dev 5.8.4-1. - This version
+ included a dyna-loader incompatible with programs linked against 5.8.3.(am)
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 12 May 2004 22:30:19 +0200
+
+exim4 (4.33-1) unstable; urgency=low
+
+ * new upstream version 4.33, exiscan -20:
+ - includes the patches for rewriting and sighandler.
+ - new expansion conditions to e.g. match a domain in named domainlist.
+ * updated translations:
+ - fr (French) by Christian Perrier (Closes: #245342)
+ - el (Greek) by Konstantinos Margaritis.
+ * Document known configuration variables in update-exim4.conf(8).
+ * Make use of ${if match_domain to get rid of the ugly hack (two transports
+ and two routers) to rewrite the envelope from.
+ * Apply fix for verify=header_syntax buffer overflow (CAN-2004-0400).
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 6 May 2004 18:17:05 +0200
+
+exim4 (4.32-2) unstable; urgency=low
+
+ * updated translations:
+ - pt (Portuguese) by Nuno Sénica. (Closes: #244296,#245694)
+ - el (Greek) by Konstantinos Margaritis (Closes: #244354)
+ - cs (Czech) by Miroslav Kure (Closes: #244368)
+ - da (Danish) by Claus Hindsgaul (Closes: #244508)
+ - it (Italian) by Danilo Piazzalunga (Closes: #245174)
+ - fr (French) by eric-m(at)wanadoo.fr (Closes: #245342) and Christian
+ Perrier
+ - ja (Japanese) by Kenshi Muto (Closes: #245430)
+ - hu (Hungarian) by VEROK Istvan
+ - nb (Norwegian Bokmål) by Steinar H. Gunderson
+ - pt_BR (Brazilian Portuguese) by André Luís Lopes
+ - ja (Japanese) by Kenshi Muto
+ - cs (Czech) by Miroslav Kure
+ - sv (Swedish) by André Dahlqvist (Closes: #245716)
+ * Basque (eu.po) translation of debconf templates by Piarres Beobide Egaña.
+ (Closes: #244401)
+ * Indonesian (id.po) translation of debconf templates by I Gede Wijaya S.
+ (Closes: #245120), updated (Closes: #245491)
+ * Turkish (tr.po) translation of debconf templates by Recai Oktas.
+ (Closes: #245751)
+ * Slovak translation of debconf templates by Peter Mann (Closes: #245809)
+ * Add comment in configuration file documenting that effective retry times
+ depend on _both_ retry-rules and frequency of queue running. Keep
+ default QUEUEINTERVAL at 30m because running the queue can be quite
+ expensive and because therespective RFCs suggest 30m as minimal waiting
+ time. (Closes: #242426)
+ * Installation over serial console/minicom only has a screen size of 80
+ characters x 24 lines available. Sigh. Shorten config-type question by
+ cutting down the introduction. (Closes: #244464). Shorten relay-net
+ question by replacing a unnecessarily complicated formulation with a
+ clearer one which closes: #226809.
+ * Debconf supports masquerading as a different host with rewriting not only
+ for "satellite" but also for "smarthost" system. (Closes: #229911).
+ - Introduces another but hopefully last pre-sarge template change.
+ (This includes final versions of the templates without the dead
+ references to "satellite" which closes: #229902.)
+ - Rewrite /this/ stuff at smtp transport time. /etc/email-addresses
+ rewriting still uses normal rewriting because it always has and because
+ it is easier to setup.
+ - This still does not address one basic issue, the misuse of /etc/mailname
+ for qualifying recipeints because this needs clarification in policy
+ _and_ changing MUAs to not do this. Therefore I declare this post-sarge.
+ - Thanks to Chris Cheney for the kick, and to Adam Conrad and Wouter
+ Verhelst for their help.
+ * Add two fixes from upstream:
+ - Change 4.31/55 was buggy and broke sender address rewriting and caching.
+ - Change 4.24/6 broke the SIGALRM handler with deliver_drop_privilege.
+ * README.TLS.gz and the actual configuration disagreed (Thanks, Richard
+ Lamont).
+ * Fix thinko in update-exim4defaults that made --queuetime a no-op.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 26 Apr 2004 09:12:23 +0200
+
+exim4 (4.32-1) unstable; urgency=low
+
+ * New upstream version 4.32 (exiscan 4.32-17)
+ - includes the fix for the caching bug and uses MAIL FROM <> as default
+ value for recipient callouts again.
+ - new exiscan adds a local "Received:" header to the copy passed to
+ spamassassin tofix evaluation of DNS lists, compensating for
+ ChangeLog 4.31/66. (Closes: #242730)
+ * Remove obsolete reference to auth_over_tls_hosts from documentation.
+ (Thanks Jonas Meurer)
+ * Enable SMTP authentication (hosts_try_auth) per default when sending
+ mail to smarthost. No need to edit the configuration-file anymore if you
+ just need to forward all mail to a smarthost with AUTH. (Closes: #203307)
+ * Hungarian translation of debconf templates by VEROK Istvan.
+ (Closes: #242931)
+ * remove "exim 3 will stay default MTA for Debian sarge" from
+ README.Debian as TPTB have decided otherwise. (Closes: #243687).
+ * Rewrite "Sender:"-header for "satellite" configuration profile, too.
+ (Closes: #228978)
+ * Use the normal user account set-up during installation as default
+ destination for delivery of mail for root. (Joey Hess)
+ * Shorten exim4/dc_postmaster template to fit on console. (Joey Hess)
+ (Closes: #242303)
+ * In template suggest using real-foo to force local delivery.
+ (Closes: #229909)
+ * Template changes reviewed by debian-l10n-english. There might still be
+ more changes, translators should probably wait a little bit longer before
+ updating the translation.
+ * On fresh installations smarthost profile only listens on loopback per
+ default. - There are valid uses of "smarthost" that require listening on
+ public interfaces but the most common one (dialup) does not.
+ * Ship README.Debian.UUCP by Andreas Barth in /usr/share/doc/exim4-base. -
+ This resolves our part of #201153.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 17 Apr 2004 18:02:42 +0200
+
+exim4 (4.31-2) unstable; urgency=low
+
+ * Fix caching bug in recipient callouts. (Nico Erfurth).
+ * Document removal of local_scan perl-plugin in NEWS.Debian file.
+ (Closes: #242227)
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 5 Apr 2004 15:55:12 +0200
+
+exim4 (4.31-1) unstable; urgency=low
+
+ * New upstream version 4.31 (exiscan 4.31-16)
+ - Supports CRL (Certificate Revocation List) (Closes: #229063)
+ - exim_dbmbuild does not crash on _very_ long RHS values.
+ (Closes: #231597)
+ - route_list does not use a fixed length buffer anymore. (Closes: #231979)
+ - An empty tls_verify_certificates file is correctly interpreted as empty
+ list instead of breaking TLS. (Closes: #236478)
+ * Korean translation of debconf templates by Changwoo Ryu (Closes: #241499)
+ * Minor changes to rcpt_acl:
+ * add missing message = qualifiers. (Closes: #240862)
+ * resync against upstream default, incorporating change 4.23/30, allowing
+ "/" and "|" in nonlocal addresses.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 5 Apr 2004 12:00:54 +0200
+
+exim4 (4.30-8) unstable; urgency=low
+
+ * remove dc_never_users from /etc/exim4/u-ex.conf.conf and the corresponding
+ pattern DEBCONFnever_usersDEBCONF from the template. The code is
+ superfluous since 4.24 introduced FIXED_NEVER_USERS and was broken, user
+ changes were not preserved. (am)
+ * Link against libmysqlclient10 instead of libmysqlclient12 to circumvent
+ symbol-clashes when using PAM with libpam-mysql. (Closes: #235938) (am)
+ * Dump temporary build-conflict with broken po-debconf. (am)
+ * Copy ugly passwd-dependency from -base to -config. (am)
+ * Do not throw away adduser's errormessages. Together with the added
+ dependency noted above this (Closes: #237657). (am)
+ * Installed copy of default configuration-file (example.conf) refered to the
+ temporary install-directory. Ugly hotfix. (Closes: #236483)
+ * Italian translation of debconf templates by Danilo Piazzalunga.
+ (Closes: #237500)
+ * Rewrite generation of /etc/aliases because it was broken when running
+ under debbian-installer/debootstrap, which installs the packages with
+ DEBIAN_FRONTEND=nointeractive and reconfigures them later (report by
+ Florian Effenberger). (am)
+ Instead of generating it _once_ and touching it never again ask for and
+ add alias for root if it is missing. Debconf template
+ exim4/dc_noalias_regenerate is not used any more. (Closes: #237524)
+ * Norwegian Bokmål translation of debconf templates by Steinar H. Gunderson.
+ (Closes: #237680)
+ * Dump local_scan perl-plugin. Upstream development has stopped. (am)
+ * Maintainer scripts now run with -x if environment variable EX4DEBUG
+ is set (mh).
+ * Minor clarifications of debian/README (mh).
+ * rm -rf Local on debian/rules clean (mh).
+ * Swedish translation of debconf templates by André Dahlqvist.
+ (Closes: #238987)
+ * Portuguese (pt) translation of debconf templates by Nuno Sénica.
+ (Closes: #239030)
+ * Lithuanian translation of debconf templates by Kęstutis Biliūnas.
+ (Closes: #239118)
+ * Add examples for client certificate-checking by J.H.M. Dassen (Ray)
+ (Closes: #236609)
+ * Adapt README.* to /etc/exim4/exim4.conf.template (am)
+ * Update to exiscan v16
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 24 Mar 2004 15:39:35 +0100
+
+exim4 (4.30-7) unstable; urgency=low
+
+ * 4.30-6 was rejected, we use | and || for OR in dependency fields.
+ * libldap2 now uses GnuTLS10. Follow suit. (Temporarily bumped libldap2-dev
+ build-dependencies for paranoia's sake.)
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 23 Feb 2004 17:03:58 +0100
+
+exim4 (4.30-6) unstable; urgency=low
+
+ * Finnish translation of debconf templates by Tapio Lehtonen.
+ (Closes: #229792)
+ * Simplified Chinese translation of debconf templates by Carlos Z.F. Liu.
+ (Closes: #229910)
+ * Spanish translation of debconf templates by Javi Castelo. (Closes: #232207)
+ * To increase robustness set explicit "domains = +local_domains" on all the
+ routers that are supposed to be handling _only_ local mail (i.e. anything
+ after dnslookup or smarthost) instead of relying on the no_more.
+
+ If the router handling remote addresses was modified by adding a
+ precondition the address would have wrongly been handled by the later
+ routers if the precondition failed, breaking at least "verify = sender".
+ (Closes: #230403) (am)
+ * In the data ACL add a Message-ID header to mails injected with SMTP from
+ +relay_from_hosts. (Exim stopped doing this by default in 4.30.) (mh)
+ * binary-all metapackage exim4 does not depend anymore on exim4-base with
+ exactly the same version. There is no necessity for dependencies that
+ strict and it broke both binary NMUs and installability on lagging
+ architectures. (Closes: #231678) (am)
+ * Give way to the "I use sid but keep it outdated by not running apt-get
+ upgrade ever."-fraction. exim4-base now depends on working versions of
+ passwd i.e. the version in woody or the one that has been in sid
+ for more than 6 months. (Closes: #230423,#230836,#231111) (am)
+ * in source-package symlink identical maintainerscripts. (am/mh)
+ * Ship README.Debian.xinetd, explaning why we do not use (x)inetd and how to
+ use xinetd properly if you insist. (Closes: #226627)
+ * Update Build-Depencies to fit the XFree86 4.3 packages.
+ * Make new lintian happy by quoting section and needs in eximon's
+ menu-file.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 23 Feb 2004 15:48:56 +0100
+
+exim4 (4.30-5) unstable; urgency=low
+
+ * Only use db_settitle if available (Closes: #226992) (am)
+ * Up to date debconf translations for all nine supported languages, thanks
+ to the translators: Miroslav Kure (Czech), Claus Hindsgaul (Danish),
+ Konstantinos Margaritis (Greek), Christian Perrier (French),
+ Kenshi Muto (Japanese), Bart Cornelis (Dutch), André Luís Lopes
+ (Brazilian Portuguese) and Ilgiz Kalmetev (Russian) (am)
+ * After merging translations split the configtype-template, using the
+ __Choices trick. I don't think I made any errors because podebconf's
+ output has not changed. (am)
+ * Don't use /etc/mailname (DEBCONFvisiblenameDEBCONF) as primary_hostname
+ for minimaldns option. (Closes: #225477)
+ * (Re)introduce /etc/exim4/exim4.conf.template as alternative to the
+ multiple small files in /etc/exim4/conf.d/ and make it the default choice
+ for fresh installations. This trades in a loss of comfort (you will again
+ need to merge in each small change manually) for increased stability.
+ (Closes: #224828) (am)
+ * Disable piping to programs in /etc/aliases per default, because they would
+ run as Debian-exim:Debian-exim per default. Add README.system_aliases
+ suggesting dedicated router/transport pairs (am/mh) (Closes: #228062)
+ * modify create-custom-package and adapt debian/rules to allow
+ building multiple named custom packages in a single build. (mh)
+ * "dpkg-reconfigure exim4-config" actually tells exim4 to read the updated
+ configuration. (am)
+ * Use -qqf instead of -qf in the ip-up.d file to force delivery of all
+ messages over a single SMTP connection. (Closes: #228001)
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 21 Jan 2004 15:09:00 +0100
+
+exim4 (4.30-4) unstable; urgency=low
+
+ * Updated Japanese debconf template translation by Kenshi Muto
+ (Closes: #224584)
+ * Remove bashism from update-exim4.conf (Closes: #224617) (Jochen Voss)
+ * Czech translation of debconf templates by Miroslav Kure (Closes: #225713)
+ * Fix typos in README.Debian. (Closes: #225149) (Vincent Lefevre)
+ * Replace first, too long debconf question with three short ones (Joey
+ Hess) (Closes: #222720)
+ * Use a custom debconf title. (Closes: #222715)
+ * Greek translation of debconf templates by Konstantinos Margaritis
+ (Closes: #226844)
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 9 Jan 2004 09:12:07 +0100
+
+exim4 (4.30-3) unstable; urgency=low
+
+ * update debian/copyright from NOTICE. (No substantial changes, credits
+ for new code) (am)
+ * missing \| made exim4-base.postinst configure hang. (Closes: #224294) (am)
+ * update-exim4.conf: Don't try chown if not running as root. (mh)
+ * Remove useless definition of an auth_over_tls_hosts hostlist in
+ 03_exim4-config_tlsoptions. - It was probably a leftover from somebody
+ running convert4r4. (am)
+ * Make it possible to override spooldir in another config-file snippet, too.
+ (Closes: #223973)
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 19 Dec 2003 15:27:50 +0100
+
+exim4 (4.30-2) unstable; urgency=low
+
+ * Fix exim4-base.logrotate to create logfiles accessible for the new
+ exim-user. (Closes: #223860,#223862)
+ * comment in 03_exim4-config_tlsoptions refered to the user "mail" too.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 13 Dec 2003 15:01:20 +0100
+
+exim4 (4.30-1) unstable; urgency=low
+
+ * Exim now runs under its own uid (Debian-exim) instead of using
+ mail:mail. (am)
+
+ WARNING: You cannot downgrade this version to an older one without
+ manual chown|chgrp all files owned by Debian-exim to mail.
+
+ - control: dependency on adduser and virtual package exim4-config-2 to
+ force review of external -config packages.
+ - use a statoverride for passwd.client.
+ - different postinst scripts:
+ * adduser.
+ * chown|chgrp files/directories owned by mail (group|user) to
+ Debian-exim.
+ * update-exim4.conf does not exit immidiately if /etc/exim4/exim4.conf
+ exists AND -o is specified. (Bill Moseley)
+ * Brazilian Portuguese debconf template translation by André Luís Lopes
+ (Closes: #219781)
+ * Dutch debconf template translation by Bart Cornelis (cobaco)
+ (Closes: #220694)
+ * Pull Dansk debconf template translation from ddtp.
+ * Use a macro to make it possible to overide the value of spool_directory
+ with -DSPOOLDIR=. Needed for mailscanner, (Closes: #221468), suggested by
+ Matthias Klose.
+ * enable support for Cyrus saslauthd (package sasl2-bin,
+ /var/run/saslauthd/mux) for SMTP AUTH against /etc/shadow. (am)
+ * Christian Perrier has reviewed the debconf-templates and changed them to
+ follow the "Debconf Templates Style Guide". (Closes: #221838) Thanks to
+ the (ru|nl|fr|pt_BR) translators for updating their translations.
+ * New upstream version 4.30 with exiscan 4.30-14 (am)
+ - option table for -d in exim(8) readable (but not perfect).
+ (Closes: #214853)
+ - Messages for configuration errors now include the name of the main
+ configuration files (Closes: #202136)
+ - does not reject IPv6 address literals in EHLO/HELO anymore
+ (Closes: #222521)
+ * exim4-config.config: support going back to previous *package* when invoked
+ by base-config 2.0. (Closes: #222773). Suggested by Joey Hess. (am)
+ * exim4-config now conflicts with non-exim4 packages providing MTA, to keep
+ dselect from automatically installing it (and -base) on dist-upgrades on
+ systems that use a different MTA. (mh)
+ * exim4-base depends on netbase again because exim requires
+ /etc/services.(mh)
+ * reindent init-script with two spaces instead of tabs to fit it in 80
+ chars/line. (Closes: #221458)
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 8 Dec 2003 16:52:32 +0100
+
+exim4 (4.24-3) unstable; urgency=low
+
+ * rename create-custom-package to create-custom-config-package (mh)
+ * add create-custom-package to create renamed exim4-daemon-custom (mh)
+ * README.TLS: Don't suggest to use commands messing up the local terminal
+ (Sander Smeenk)
+ * Pull Dansk debconf translation from ddtp (not yet up to date)
+ * correct last references to uncompressed /u/s/d/e/README.Debian
+ (Closes: #216639), also kill references to exim-tls. (Closes: #216979)
+ (Kevin "Starfox" Arima). (am)
+ * add exim4-config-medium template package to sources, document (mh)
+ * Update to exiscan 4.24-13 (bugfix-release).
+ * Ask about mailname after configtype. (Closes: #217931) (am)
+ * minor thinko in debconf "local mail only"-config. (am)
+ * update-exim4.conf: now add comment indicating the source file
+ (Closes: #202040) (mh)
+ * add --confdir option to update-exim4.conf (mh)
+ * add "nodaemon" and "queueonly" option to /etc/default/exim4 and
+ init script (mh).
+ * Fix po2debconf on woody systems with old debhelper and po2debconf. (am)
+ * exim4-config does not depend on exim4-base. (am)
+ * Use "command -v" to check for existence of invoke-rc.d instead of
+ hardcoding its path. (am)
+ * Russian debconf translation by Ilgiz Kalmetev (Closes: #219101)
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 4 Nov 2003 12:18:38 +0100
+
+exim4 (4.24-2) unstable; urgency=low
+
+ * Grammar of debconf-templates rectified by Ben Foley.
+ * Handholded by Denis Barbier I have imported debconf translations from
+ postfix: fr.po (Philippe Batailler), ja.po (Kenshi Muto), nl.po (Bart
+ Cornelis) and pt_BR.po (André Luís Lopes). It is just 5 translated
+ messages, 4 fuzzy translations, but it's a start.
+ * No more first person in debconf-templates (Adam D. Barratt)
+ * README.TLS was updated.
+ * pseudopackage libxaw-dev is gone in sid (and libxaw7-dev is already
+ available in woody) - Removed from build-depends.
+ * French debconf translation by Christian Perrier (Thanks for the other
+ hints, too.)
+ * Build-Conflict with broken po-debconf (= 0.8.0). (Closes: #215432)
+ * Add menu-entry for eximon (Artur R. Czechowski) (Closes: #215579).
+ * Resolve name-clash between client- and server-side authenticators (Bug
+ found by Rob Ristroph)
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 15 Oct 2003 12:45:49 +0200
+
+exim4 (4.24-1) unstable; urgency=low
+
+ * New upstream version
+ - 55_fixesfrom-4.23.dpatch is not needed anymore.
+ - most interesting new feature: $acl_xx are now saved with the
+ message, and can be accessed later in routers, transports, and filters.
+ - Cannot run deliveries as root anymore. If you don't redirect mail for
+ root via /etc/aliases or other means to a nonpriviledged account the
+ mail will be delivered to /var/mail/mail with permissions 0600 and owner
+ mail:mail. Change to local_user router to keep it from trying to route
+ mail for root.
+ * debconf for exim4-config pointed to /u/s/d/e/README.Debian but the
+ file is available as README.Debian.gz (Closes: #211934)
+ * exim(8) manpage provides correct NAME section for mailq/runq/... to
+ generate corresponding whatis/apropos info (Thanks to Dan Jacobson
+ <jidanni@jidanni.org> for mentioning lexgrog(1))
+ * polish and crosslink documentation about SMTP AUTH in config-files,
+ documentation and debconf templates. (Closes: #202920)
+ * Ship README.SIEVE (Thanks to Ross Boylan)
+ * Sync some debconf templates against the respective ones in postfix
+ 2.0.16, to limit the work of translators.
+ * update-exim4defaults/init-script: Add a new value fuer QUEUERUNNER,
+ "ppp". - Don't run queue by daemon but still run it from
+ /etc/ppp/ip-up.d/exim4. (Dan Jacobson pointed out that this was very
+ akward to accomplish with old setup.) update-exim4defaults now exits with
+ an error if the argument for --queuerunner is invalid.
+ * Enable gettext-style localisation of debconf templates with
+ compatibility code for woody
+ * Add German debconf-translation. (Some strings were copied from Martin A.
+ Godischs translation of postfix's templates).
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 5 Oct 2003 13:41:30 +0200
+
+exim4 (4.22-5) unstable; urgency=low
+
+ * Sorry, this is not 4.23. Tom is on holidays and because 4.23 changes
+ some ACL code, exiscan needs in depth checking and not just applying the
- patch by hand.
++ patch by hand.
+ * exim4-config conflicts with bash (<< 2.05), because it cannot handle
+ aliases in functions. This does not necessarily fix dist-upgrades
+ from potato to sarge because debconf-config might happen before the
+ new bash is installed but will keep people running potato from
+ trying to install exim4-config. (Closes: #209720)
+ * sanitize /usr/sbin/exim4's permissions, building with 007 umask
+ could have installed it -rws--x--x
+ * evaluation -oP option for specifying pid-file is broken in 4.22, use fix
+ from 4.23 (Closes: #210847)
+ * "warn log_message blah" in DATA acl triggered dumping of full headers
+ to reject.log, although the message was not rejected by this acl
+ statement. Take fix from 4.23. (Closes: #208782)
+ * On cross-upgrades from exim3 unfold lines continued with a backslash
+ in the old exim3 configuration before trying to parse it to preanswer the
+ debconf-questions. (Closes: #210404) First instance of using perl in our
+ maintainer-scripts, but I could not do it with sed.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 19 Sep 2003 13:55:07 +0200
+
+exim4 (4.22-4) unstable; urgency=low
+
+ * Update to exiscan-acl revision -12. (Emergency fix: When you were using
+ 'discard', and it was the last verb affecting a message, the mbox spool
+ files in the scan directory were not cleaned up.)
+ * Add syslog2eximlog by Martin Godisch, a script to make logfiles produced
+ with exim option "log_file_path = syslog" readable for eximstats.
+ (Closes: #208524)
+ * Enhance description of -heavy and light a little bit. (Closes: #208404)
+ * Standards-Version: 3.6.1, no changes required, we already prompt with
+ debconf.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 4 Sep 2003 19:19:25 +0200
+
+exim4 (4.22-3) unstable; urgency=low
+
+ * Add copright notice of exiscan-acl to debian/copyright.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 27 Aug 2003 17:49:46 +0200
+
+exim4 (4.22-2) unstable; urgency=low
+
+ * Include exiscan-acl patch 4.22-10 http://duncanthrax.net/exiscan-acl/
+ in -heavy and -custom (Closes: #204698)
+ * clean up gnutls-params on purge of base-package.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 27 Aug 2003 12:50:59 +0200
+
+exim4 (4.22-1) unstable; urgency=low
+
+ * new upstream version 4.22. Please take a look at README.UPDATING
+ and NewStuff in /usr/share/doc/exim4-base/
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 18 Aug 2003 16:51:47 +0200
+
+exim4 (4.20-5) unstable; urgency=low
+
+ * Fix EHLO/HELO buffer-overflow CAN-2003-0698 (Closes: #205716)
+ * exim-gencert was using '.' as separator for chown.
+ * "head -n 1" instead of "head -1" in scripts
+ * install /etc/exim4/passwd.client as root:mail 0640 (Closes: #205104)
+ (it needs to be readable for the exim-user or -group, i.e. mail:mail)
+ * set mode_fail_narrower = false for mail_spool and maildir_home transports
+ (Closes: #204228)
+ * Standards-Version: 3.6.0, no changes required.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 16 Aug 2003 17:40:17 +0200
+
+exim4 (4.20-4) unstable; urgency=low
+
+ * CFILEMODE and dc_local_interfaces were not saved in update-exim4.conf.conf
+ on fresh installations.
+ * update-exim4.conf: Remove comments _after_ doing DEBCONFpatternDEBCONF
+ replacement.
+ * conf.d/auth/30_exim4-config_examples: Fix forced failure of AUTH LOGIN
+ client on non-encrypted connections.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 5 Aug 2003 10:38:16 +0200
+
+exim4 (4.20-3) unstable; urgency=low
+
+ * hub_user router: set correct .ifdef, remove superficial condition=
+ * don't generate main/03_exim4-config_neverusers dynamically, use
+ a DEBCONF_foo pattern that is replaced by up-ex4.conf. exim4 should
+ now play nicely with readonly /etc.
+ * Enable exim-filter in .forward per default. (Closes: #201827)
+ * Enable maildrop-delivery for users with ~/.mailfilter
+ * Easier setup of client side SMTP authentification:
+ -short README file.
+ -passwd.client example shipped in CONFDIR
+ -30_exim4-config_examples:
+ +change order, prefer cram-md5.
+ +enable by default (auth-plain and -login only for TLS protected
+ connections). They remain inactive while hosts_try_auth is
+ disabled.
+ * add comments listing the filename to the files in conf.d that were
+ changed anyway. Addresses part of 202040.
+ * remove misleading comments about "bottom of file" or "see below"
+ from config-snippets. (Closes: #202165)
+ * Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 and
+ #182206 in exim4-config's postinst. I'll close #201143 manually.
+ * Restructure and clarify README.Debian and polish update-exim4.conf(8).
+ Thanks to Ross Boylan for pushing me in the correct direction.
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 24 Jul 2003 10:29:19 +0200
+
+exim4 (4.20-2) unstable; urgency=low
+
+ * update-exim4.conf works without daemon-package (Closes:#195329)
+ * Add dnslookup_relay_to_domains router for "internet" config to
+ allow relaying for domains with an MX pointing to an rfc1918
+ address. (Closes: #198410) (MH)
+ * update-exim4.conf would hang if one of the subdirectories in conf.d
+ was empty. (Report and fix by Marc Merlin)
+ * Build-Depend on libgnutls7
+ * Preserve comments in update-exim4.conf.conf by first adding missing
+ items and replacing the values with sed instead of regenerating file
+ from scratch (Closes: #184099)
+ * Set return_path_add, delivery_date_add and envelope_to_add for
+ maildir-transport (Closes: #196178)
+ * Use email-addresses file in /etc/ instead of in /etc/exim4 as exim3 does,
+ exim4-config now needs to conflict with exim,exim-tls. We still include
+ code for evaluating the old file if it exist, but suggest moving the
+ contents to the new file in NEWS.Debian. postinst will remove old orphaned
+ file if it is unmodified. (Closes: #197136)
+ * Set return_fail_output instead of return_output on address_pipe transport.
+ (Closes: #201280)
+ * Stop generating rewriting rules dynamically, exim4 accepts any
+ "address-list" item as source-pattern for rewriting. (Changelog entry
+ obfuscated on purpose, read exim4debian for painful details.). Remove old
+ dynamically generated files in postinst if they were managed by upex4conf.
+ * daemon-light supports TLS (Closes: #193596)
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 16 Jul 2003 13:36:27 +0200
+
+exim4 (4.20-1) unstable; urgency=low
+
+ * New upstream
+ * Standards-version 3.5.10 (no changes required)
+ * The doc packages have got new sane names - update Suggests.
+ * Fix a endless loop (currently ownly showing when upgrading from old
+ experimental packages) - Thanks to Marc Langer for the report.
+ * introduce ${Upstream-Version} as substitution variable for
+ debian/control (MH)
+ * Make dependencies less strict, *-daemon-* 12.34-1 can be installed with
+ -base 12.34-5.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 19 May 2003 14:14:16 +0200
+
+exim4 (4.14-1) unstable; urgency=low
+
+ * Upload to sid (Closes: #179066)
+ * Ship an (empty) acl_check_data with commented out examples. Add
+ Infrastructure to ease their activation. (MH)
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 16 May 2003 18:02:46 +0200
+
+exim4 (4.14-0.6) experimental; urgency=low
+
+ * Don't link to gnutls' (tasn,gcrypt) dependencies directly
+ (Closes: #193018)
+ * fix AUTH PLAIN server side example to work if the data is not given
+ in initial-response (exim-bug 193094)
+ * ACL-updates (MH)
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 14 May 2003 12:16:06 +0200
+
+exim4 (4.14-0.5) experimental; urgency=low
+
+ * updated version of dlopen patch (Marc Merlin)
+ * don't regenerate files managed by update-exim4.conf on package
+ updates if the local admin had deleted them.
+ * replace the listenonpublic yes/no question with one that allows one to
+ specify on which interfaces to listen to (Closes: #190498)
+ * new dc-question for dial-on-demand-users to minimize DNS lookups
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 1 May 2003 16:03:59 +0200
+
+exim4 (4.14-0.4) experimental; urgency=low
+
+ * Renamed conf.d files from *exim4-base* to *exim4-config* since
+ they can now be found in the exim4-config package.
+ WARNING, this breaks updates. After installation, execute
+ something like the following bash snipped to rename your files:
+ for i in `find . -name *exim4-base*`; do mv $i ${i/exim4-base/exim4-config}; done
+ (MH)
+ * Include more sophisticated check_rcpt ACL, include documentation,
+ include even more sophisticate check_rcpt ACL in
+ /u/s/d/e4-config/examples/acl. (MH)
+ * update-exim4.conf now filters out consecutive empty lines (MH)
+ * make update-exim4.conf's behaviour for configtype=none more consistent,
+ respect CFILEMODE and --removecomments. (Thanks to Marc Merlin)
+ * add warning about editing /etc/exim4/exim4.conf in place (Marc Merlin)
+ * use .rul instead of .disabled to override/disable configfiles in
+ /etc/exim4/conf.d/ (Suggested by Marc Merlin)
+ * fix smtp auth client-side examples (Closes: #188828), thanks to Karl
+ M. Hegbloom for the bug report (AM)
+ * add @DPATCH@-tag to patches, as required by dpath-edit-patch in
+ dpatch 1.17 (AM)
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 25 Apr 2003 12:37:50 +0200
+
+exim4 (4.14-0.3) experimental; urgency=low
+
+ * add '|| true' to every call of db_input. (Thanks to Pierfrancesco Caci for
+ the bugreport.) (Closes: #187008)
+ * Don't set received_header_text in 02_exim4-base_options, use upstream's
+ default.
+ * renumber routers to have more space for local customization.
+ WARNING WARNING upgrade is broken, execute this in
+ /etc/exim4/conf.d/router to get rid of the superfluous files:
+ mv 20_exim4-base_domain_literal 100_exim4-base_domain_literal
+ mv 22_exim4-base_primary 200_exim4-base_primary
+ mv 24_exim4-base_real_local 300_exim4-base_real_local
+ mv 26_exim4-base_system_aliases 400_exim4-base_system_aliases
+ mv 28_exim4-base_hubuser 500_exim4-base_hubuser
+ mv 30_exim4-base_userforward 600_exim4-base_userforward
+ mv 32_exim4-base_procmail 700_exim4-base_procmail
+ mv 34_exim4-base_maildrop 800_exim4-base_maildrop
+ mv 36_exim4-base_local_user 900_exim4-base_local_user
+ * add *syntax_errors* directives to userforward router, to use partially
+ valid .forward files instead of skipping them. (Marc Haber)
+ * update mysql build-depends
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 9 Apr 2003 16:19:46 +0200
+
+exim4 (4.14-0.2) experimental; urgency=low
+
+ * upstream fix for crash with AUTH PLAIN
+ * upgrade to policy 3.5.9.0 (CFLAGS in debian/rules)
+ * Add (maildir) transport for handling file addresses generated by
+ alias or .forward files if the path ends in "/", enabled for .forward per
+ default, but not for /etc/aliases. Thanks to Andreas Horter.
+ * add debconf question to move files from exim3 spool to exim4 spool
+ * run exim_tidydb as mail:mail using start-stop-daemon
+ * Make manpages UTF-8 compatible with nicer quotes and escaped dashes.
+ * fakeroot debian/rules builddaemonpackages=exim4-daemon-custom \
+ buildbasepackages=no binary produced a broken exim4-config package.
+ (Bug found by Soren Andersen)
+ * introduce new replacement item DEBCONFpackageversionDEBCONF holding
+ the complete version number, might be useful for Received headers (Marc
+ Haber)
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 27 Mar 2003 17:04:02 +0100
+
+exim4 (4.14-0.1) experimental; urgency=low
+
+ * New upstream version
+ * 20_fix.lsearch.dpatch not needed anymore
+ * use new feature .ifdef instead of simulating it with condition=...
+ * change priority of exim4-daemon-light to important
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 13 Mar 2003 15:03:41 +0100
+
+exim4 (4.12-0.2) experimental; urgency=low
+
+ * instead of generating 22_exim4-base_primary by copying the correct
+ file into it, use condition=... to select the correct one. Similar
+ change to 28_exim4-base_hubuser
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 6 Mar 2003 11:55:55 +0100
+
+exim4 (4.12-0.1) experimental; urgency=low
+
+ * minimal doc-updates
+ * init-script: output status-message before starting upex4conf()
+ * polish smtp-auth examples - don't hardcode passwords in main
+ configuration file.
+ * change default file-permissions of configfile to 0644. This can be changed
+ by setting CFILEMODE in the default file.
+ * rename debian/patches/*, giving each one an unambiguous number
+ * ignore private rfc1918 and APIPA addresses in internet router (MH)
+ * correct info about authorship of dlopen patch
+ * don't link exim4-daemon-light against PAM (explicitly link it against libdl)
+ * same_domain_copy_routing = yes for primrout-internet, primrout-satellite
+ and primrout-smarthost (MH)
+ * rename debconf.results to update-exim4.conf.conf, add upgrading-magic for
+ upgrading from 4.12-0 and earlier (marked as REMOVEMEBEFORERELEASE)
+ * introduce REMOVEMEBEFORERELEASE-tag, grep -r on debian/ will show us all
+ the cruft that needs to be removed before uploading to unstable.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 5 Mar 2003 19:03:59 +0100
+
+exim4 (4.12-0) experimental; urgency=low
+
+ * removed TODO marker from the copyright file
+ * version number for first Debian upload
+ * built i386 binary package on sid
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 21 Feb 2003 14:40:42 +0100
+
+exim4 (4.12-0.0.21) experimental; urgency=low
+
+ * update copyright
+ * exim-gencert: generate certificates valid for three years instead 30
+ days
+ * remove debian/debconf/exim4.conf.template
+ * enable LMTP, LOOKUP_NIS and mailstore for daemon-light
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Fri, 21 Feb 2003 12:55:40 +0100
+
+exim4 (4.12-0.0.20) experimental; urgency=low
+
+ * ship /usr/lib/exim4/exim4 and use it to check whether daemon package
+ is installed.
+ * Exim doesn't require a HUP after logrotation. (See spec 44.2) (MH)
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 20 Feb 2003 19:23:45 +0100
+
+exim4 (4.12-0.0.19) experimental; urgency=low
+
+ * Ship upstream-changelog only in exim4-base, Symlinks in packages depending
+ on it. Split off changelog entries up to 3.34-1 to changelog.Debian.old
+ which is only included in exim4-base. - Spares about 100KB.
+ * Ship ACKNOWLEDGMENTS in exim4-base docs.
+ * remove debian/exim4-config.docs, files are already shipped in exim4-
+ base
+ * disable some the unneeded dh_* commands from binary-indep target.
+ * make exim4 a metapackage
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 20 Feb 2003 12:41:17 +0100
+
+exim4 (4.12-0.0.18) experimental; urgency=low
+
+ * split off all configuration to exim4-config
+ * include exim4-config-simple source package
+ * include script to generate exim4-config source package
+ * changed distribution to experimental
+ * Add patch by Phil Hazel to fix lsearch*@ lookups. (AM)
+ * Remove exim4-daemon-perl; merge it into exim4-daemon-heavy (AM)
+ * Prepare removal of "exim4" daemon-flavour: Exchange the roles of
+ "exim4" and "exim4-daemon-light" in debian/rules: build helper
+ binaries, eximon, et.al. while building exim4-daemon-light. Rename
+ EDITME.exim4-base.diff to EDITME.exim4.diff. (AM)
+ -----
+ WARNING: This breaks your debian/EDITME.exim4-custom.diff, as it was
+ generated to show the differences to debian/EDITME.exim4-base instead of
+ EDITME.exim4-light. (AM)
+ -----
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Tue, 18 Feb 2003 16:16:45 +0100
+
+exim4 (4.12-0.0.17) unstable; urgency=low
+
+ * mv 26_exim4-base_aliases 26_exim4-base_system_aliases (MH)
+ * mv 30_exim4-base_forward 30_exim4-base_userforward (MH)
+ * WARNING: upgrades are broken!
+ -After ugrading delete conffiles no longer in package in directories
+ below /etc/exim4/conf.d/:
+ router/26_exim4-base_aliases
+ router/30_exim4-base_forward
+ * all file names for transports and routers are now consistent with
+ Transport/Router defined inside (MH)
+ * add debug_print to all transports/routers (MH)
+ * add cut -d\ -f1 to all md5sum calls in pipes (MH)
+ * add man page for exiqgrep (MH)
+ * fix typos in exiqsumm and exicyclog man page (MH)
+ * Don't install exim.8.diff as manpage, apply the patch instead. (AM)
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Sat, 15 Feb 2003 16:35:26 +0100
+
+exim4 (4.12-0.0.16) unstable; urgency=low
+
+ * Define CONFDIR-macro and use it in update-exim4.conf and some files in
+ CONFDIR. (AM)
+ * Enhance update-exim4.conf: remove comments by default, allow to write
+ output to a different file. (AM)
+ * update-exim4.conf: check validity of configfile before installing it
+ * fix breakage with newer md5sum - thanks to Sander (AM)
+ * check in init-script for smtp-service in inetd that is compatible with
+ openbsd-inetd's extended syntax (Hubert Chan) (AM)
+ * Don't link against libwrap, exim3 doesn't either (Alexander Koch) (AM)
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Fri, 14 Feb 2003 19:55:54 +0100
+
+exim4 (4.12-0.0.15) unstable; urgency=low
+
+ * If exim4/dc_listenonpublic=false add an explaing line to the
+ resulting configfile instead of a blank-line (Marc Haber)
+ * In postinst and cronjob make sure that db files are owned by
+ mail:mail
+ * Add buzzword convert4r4 to description of "No configuration" profile
+ * Body of manpage exim_convert4r4: s/convert4r4/exim_convert4r4/g
+ * Change maintainer, add Marc Haber to Uploaders
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sun, 2 Feb 2003 22:06:06 +0100
+
+exim4 (4.12-0.0.14) unstable; urgency=low
+
+ * fix bugs found by Marc Haber:
+ - search for email-addresses file in /etc/exim4/
+ - s/hostname -fqdn/hostname --fqdn/
+ * exim4-base.config: don't grep in /etc/aliases if does not exist yet.
+ * clear up config-script, using both $mailname and $dc_mailname was
+ irritating.
+ * fix wrong logic for aliases generation (= instead of !=)
+ * fix major breakage of debconf code: config-script is called two times
+ _before_ postinst writes debconf.results, db_set-commands (for sane
+ defaults) in the second-run overwrote the answers given by the user.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sat, 1 Feb 2003 15:06:58 +0100
+
+exim4 (4.12-0.0.13) unstable; urgency=low
+
+ * link against GNUTLS
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Fri, 31 Jan 2003 16:32:31 +0100
+
+exim4 (4.12-0.0.12) unstable; urgency=low
+
+ * clean up at purge: Remove logfiles, ask about removing
+ undelivered mails in spool directory.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Fri, 31 Jan 2003 13:32:37 +0100
+
+exim4 (4.12-0.0.11) unstable; urgency=low
+
+ * clean up update-exim4.conf:
+ + fix unconditional overwriting 03_exim4-base_neverusers
+ + one central `tempfile -m...`
+ + add skeleton function example
+ * add missing 'set -e' to exim4-base.postrm
+ * If there are no debconf answers and we are making a cross upgrade
+ from exim3, try to parse its config file to seed debconf db.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sun, 26 Jan 2003 12:22:23 +0100
+
+exim4 (4.12-0.0.10) unstable; urgency=low
+
+ * Get rid of error messages: don't call chmod/chown in
+ debconf/update-exim4.conf if the respective files don't exist. Don't try
+ to kill non running daemons.
+ * Don't start unconfigured daemon in init script, ie. require either
+ ${dc_eximconfig_configtype}" != "xnone or existence of handcrafted
+ /etc/exim4/exim4.conf.
+ Thanks to Alexander Koch for firmly pushing me this way.
+ * dc_listenonpublic was overwritten to true in config script.
+ * Typo in exim4-base.postrm prevented removal of
+ /etc/exim4/conf.d/router/28_exim4-base_hubuser
+ * Clean up /var/spool/exim4 properly; at least if there are just empty
+ directories.
+ * hub_user was broken because of unescaped $.
+ * import updated 10_daemon_close_fds.dpatch from Steve.
+ * only set neverusers if root is aliased somewhere.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Fri, 24 Jan 2003 17:14:13 +0100
+
+exim4 (4.12-0.0.9) unstable; urgency=low
+
+ * update-exim4defaults: Fix bugs, add option --init
+ * /etc/default/exim4 is no conffile anymore, it is generated with
+ update-exim4defaults.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Fri, 17 Jan 2003 13:39:46 +0100
+
+exim4 (4.12-0.0.8) unstable; urgency=low
+
+ * Don't ship now unneeded empty /var/lib/exim4/masquerade and
+ /var/lib/exim4/email_addresses
+ * move hub_user router to /etc/e4/c.d/
+ * move primary-router definition to /etc/e4/c.d/
+ * code in debian/rules installing /etc/exim4/conf.d/ tree ignores CVS
+ directories
+ * WARNING: upgrades from 0.0.6 and 0.0.7 are broken!
+ -After ugrading delete conffiles no longer in package in directories
+ below /etc/exim4/conf.d/:
+ rewrite/30_exim4-base
+ router/28_exim4-base_hub_user
+ - replace router/22_exim4-base_primary with a file containg only
+ the line "# d41d8cd98f00b204e9800998ecf8427e"
+ run update-exim4.conf afterwards and start daemon.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Tue, 14 Jan 2003 17:44:50 +0100
+
+exim4 (4.12-0.0.7) unstable; urgency=low
+
+ * Add configuration file managment code using md5sums stored in the file
+ itself to update-exim4.conf(8). Use it and move files for evaluation of
+ /e/e4/email-addresses and the masquerading rules from /var/lib/exim4 to
+ /etc/. Gets rid of /etc/exim4/conf.d/rewrite/30_exim4-base and its two
+ .includes.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Tue, 14 Jan 2003 13:05:51 +0100
+
+exim4 (4.12-0.0.6) unstable; urgency=low
+
+ * generate up to date manpage for eximstats with pod2man.
+ * EXPERIMENTAL: Split /etc/exim4/exim4.conf.template to little files
+ in /etc/exim4/conf.d/ - update docs accordingly.
+ * fix wrong path in exim4-base.doc-base.spec
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sun, 12 Jan 2003 18:25:40 +0100
+
+exim4 (4.12-0.0.5) unstable; urgency=low
+
+ * enhance default-file a lot.
+ * ship update-exim4defaults(8) - a script to allow other packages to modify
+ the default-file.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Mon, 6 Jan 2003 23:00:15 +0100
+
+exim4 (4.12-0.0.4) unstable; urgency=low
+
+ * Compile perl plugin with -fPIC
+ * Enable IPv6 support (Andrew Mulholland)
+ * remove exim4-base.cron.d, it only contained comments (no inetd support).
+ * enhance default-file: Allow disabling any queue runs and passing
+ additional options to exim daemon and/or the queuerunner.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Sun, 5 Jan 2003 13:16:37 +0100
+
+exim4 (4.12-0.0.3) unstable; urgency=low
+
+ * Keep patches separate to make upgrading easier, using dpatch.
+ * Rename eximon to eximon4: Otherwise this would force anybody who has
+ installed eximon and runs exim v3 to switch to exim v4
+ * Polish package descriptions a little bit.
+ * Drop Recommends for netbase. We don't support inetd anyway.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Tue, 31 Dec 2002 14:31:14 +0100
+
+exim4 (4.12-0.0.2) unstable; urgency=low
+
+ * Actually compile with -O2 (Matthias Klose)
+ * Apply localscan_dlopen.patch from
+ http://marc.merlins.org/linux/exim/files/sa-exim-current/ to make it
+ possible to switch local_scan functions *without* recompiling exim.
+ * compile local_scan.c perl plugin as shared object that is dlopened,
+ document this in exim4-daemon-perl's description and doc-directory.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sat, 21 Dec 2002 14:01:24 +0100
+
+exim4 (4.12-0.0.1) unstable; urgency=low
+
+ * New upstream 4.12, a strict maintenance release. Without any new features
+ (Don't worry - this is the real release i.e. Phil's third shot ;-)
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Wed, 18 Dec 2002 12:17:51 +0100
+
+exim4 (4.11-0.0.4) unstable; urgency=low
+
+ * Get rid of /usr/lib/exim4/exim (see README.Debian for patched files)
+ * Use relative paths in debian/eximon.dirs
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Tue, 17 Dec 2002 13:40:19 +0100
+
+exim4 (4.11-0.0.3) unstable; urgency=low
+
+ * fix dbm lookups (one-line patch to src/search.c)
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Fri, 13 Dec 2002 13:38:31 +0100
+
+exim4 (4.11-0.0.2) unstable; urgency=low
+
+ * Fresh installs were broken, as the initial test in update-exim4.conf
+ failed.
+ * update-exim4.conf exits silently if /etc/exim4/exim4.conf exists.
+ * don't invoke update-exim4.conf in postinst if configtype=none.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Wed, 11 Dec 2002 16:32:47 +0100
+
+exim4 (4.11-0.0.1) unstable; urgency=low
+
+ * New upstream version 4.11:
+ includes spec und util/* in orig.tar.gz, diff is small again.
+ see NewStuff items 49 to 57 for new features since snapshot 4.10.13.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Wed, 11 Dec 2002 13:01:07 +0100
+
+exim4 (4.10.13-0.0.4) unstable; urgency=low
+
+ * reformat manpages a little bit, start each sentence on a new line, refer
+ to /usr/share/doc/exim4-base/
+ * remove the %s from PID_FILE_PATH
+ * apply debian/fix-pid.issue.patch to fix minor security issue
+ http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
- * test in init-script for working config before reloading/restarting
++ * test in init-script for working config before reloading/restarting
+ (Andreas Piesk)
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 5 Dec 2002 13:04:51 +0100
+
+exim4 (4.10.13-0.0.3) unstable; urgency=low
+
+ * update copyright from NOTICE
+ * Typos in exim(8)
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Wed, 4 Dec 2002 10:35:18 +0100
+
+exim4 (4.10.13-0.0.2) unstable; urgency=low
+
+ * Fix path for eximon.bin in eximon script (Andreas Piesk)
+ * Add comments at the head of exim4.conf.template, containing a short
+ introduction to the configuration scheme.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Tue, 3 Dec 2002 23:52:28 +0100
+
+exim4 (4.10.13-0.0.1) unstable; urgency=low
+
+ * Snapshot 4.10.13
+ * CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
+ * update update-exim4.conf* and documentation accordingly.
+ * Generate config.autogenerated with same permissions as
+ /etc/exim4/exim4.conf.template (it might conatain passwords)
+ * Add BIG FAT warning at head of autogenerated file.
+ * don't ship /var/lib/exim4/config.autogenerated, simply remove it on
+ purge if it exists.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Mon, 2 Dec 2002 12:45:58 +0100
+
+exim4 (4.10.12-0.0.1) unstable; urgency=low
+
+ * Upgrade to testing snapshot 4.10.12
+ * patches accepted/superseded by upstream: exim4-MID-expanded.patch, hmac*,
+ perl.c.patch
+ * patches that do not apply cleanly anymore: bV_shows_openssl_version.txt,
+ daemon_close_fds.txt, gcc_attributes-eximon.diff, gcc_attributes.txt,
+ tls_common.txt, tls_misc.txt, tls_session_cache.txt.
+ * minimize changes to scripts/exim_install - use INSTALL_ARG=-no_symlink instead.
+ * no util/cramtest.pl util/logargs.sh util/unknownuser.sh in upstream
+ tarball - perhaps only in testing version?
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 28 Nov 2002 16:11:52 +0100
+
+exim4 (4.10-0.srh20.19) unstable; urgency=low
+
+ * ship convert4r4 as /usr/sbin/exim_convert4r4 (with manpage)
+ * eximon does not provides/Conflicts: exim4-daemon
+ * switch AGAIN *-daemon provides MTA:
+ - *-daemon depends on -base instead of the other way round
+ - explicit "conflicts/replaces: exim, exim-tls" for the base package -
+ these need to add this the other way round, too (TODO).
+ - move symlinks for sendmail, mailq, rmail, rsmtp and their manpages (+the one
+ for newaliases) to the daemon-packages.
+ - no more non-debhelper-generated exim4-base.prerm, simplified
+ *daemon.postinst
+ * try to start daemon in postinst no matter whether configtype=none, people
+ might use it with a handcrafted exim4.conf.
+ * register /var/lib/exim4/email_addresses for dpkg.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sun, 24 Nov 2002 15:04:32 +0100
+
+exim4 (4.10-0.srh20.18) unstable; urgency=low
+
+ * add "Replaces: exim4-daemon" to all the daemon flavours, needed for
+ switching.
+ * Marc Haber:
+ make exim4-daemon-custom actually work.
+ building from CVS was broken
+ clean target missed Local/eximon.conf
+ * exim-daemon-perl recommends libexim-localscan-perl
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 21 Nov 2002 17:04:54 +0100
+
+exim4 (4.10-0.srh20.17) unstable; urgency=low
+
+ * add support for building a customized daemon (exim4-daemon-custom)
+ * tighten build-depends: official exim4-base linked against db3 won't
+ work well together with exim4-daemon-custom linked against libdb2
+ * ship compile time configuration (EDITME-files) in /usd/daemon-flavour.
+ * use /var/mail instead of /var/spool/mail (#169747)
+ * make uucp a trusted user. (#169545)
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sun, 17 Nov 2002 23:06:29 +0100
+
+exim4 (4.10-0.srh20.16) unstable; urgency=low
+
+ * fix Gecos pattern: 'From: "Andreas Metzler,,," <am...'#
+ * _big_ update for README.Debian: Document which patches were applied. Short
+ note about PAM.
+ * document that the perl flavour won't deliver any mail without
+ /etc/exim4/local_scan.pl in package description.
+ * fix examples for server-side SMTP AUTH
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sat, 9 Nov 2002 10:12:34 +0100
+
+exim4 (4.10-0.srh20.15) unstable; urgency=low
+
+ * Fix crash with perl 5.8 (threads), thanks to Eckebrecht von Pappenheim
+ <evp@heise.de>
+ * perl-package: search local_scan.pl in /etc/exim4 instead of /etc/exim.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Wed, 6 Nov 2002 22:46:12 +0100
+
+exim4 (4.10-0.srh20.14) unstable; urgency=low
+
+ * add /etc/default/exim4 (#123184, #95325)
+ * Don't start a queue runner with cron per default, exim runs as daemon.
+ * polish config-script: more states, strip blanks.
+ * Ask whether to bind to all local interfaces or only to localhost with sane
+ default depending on configtype. (#108853)
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 31 Oct 2002 14:05:50 +0100
+
+exim4 (4.10-0.srh20.13) unstable; urgency=low
+
+ * send stdout of logrotate postrotate-script to /dev/null
+ * polish exim4-base.postinst and exim4-base.templates
+ * use tcp-wrappers
+ * simplify update-exim4.conf. There is no need to only add remote_smtp
+ transport for special configurations. It does not hurt and should make it
+ easy for users to activate smtp-auth.
+ * install configration example to examples subdirectory
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Tue, 29 Oct 2002 08:42:42 +0100
+
+exim4 (4.10-0.srh20.12) unstable; urgency=low
+
+ * linked against external pcre
+ * clean up a little bit - move all manpages to debian/manpages/
+ * ship template /etc/exim4/email-addresses
+ * LFS support (-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE)
+ * Don't force sender verification by default
+ * I actually use this version.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sun, 27 Oct 2002 17:10:16 +0100
+
+exim4 (4.10-0.srh20.11) unstable; urgency=low
+
+ * if HUPed exim will rexec itself as /usr/lib/exim4/exim, changing the name
+ to exim - start-stop-daemon-daemon would not recognize it. Changed
+ init.script to exec /usr/lib/exim4/exim to set the processname to "exim".
+ This needs to be deuglified.
+ * use black magic in daemon-$flavour postinst to only start it there if
+ switching flavours.
+ * support for inetd has to wait for sarge+1
+ * fix description of 'exim4' daemon flavour.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sat, 26 Oct 2002 11:09:14 +0200
+
+exim4 (4.10-0.srh20.10) unstable; urgency=low
+
+ * don't provide symlink /usr/sbin/exim anymore - this broke coinstallation
+ with uninstalled exim 3 - the exim3-init script started the exim4-daemon.
+ Ship symlink /usr/lib/exim4/exim -> /usr/sbin/exim4 and set BIN_DIRECTORY
+ to /usr/lib/exim4. This is a little bit ugly but the alterative would be to
+ patch 7 files in src.
+ * the daemon packages conflict with each other by each having
+ Conflicts/Provides: exim4-daemon
+ * Add doc base support for spec and filter.txt (bug 165961)
+ * Switching daemon flavours restarts them.
+
+ -- Andreas Metzler <ametzler@balrog.logic.univie.ac.at> Fri, 25 Oct 2002 16:14:44 +0200
+
+exim4 (4.10-0.srh20.9) unstable; urgency=low
+
+ * apply exim4-MID-expanded.patch - make domain part of M-ID configurable.
+ Shipped in debian-subdir so it can be easily patch -R'd before official
+ debian release.
+ * set spool to /var/spool/exim4 in EDITME
+ * remove /var/run/exim4 on purge
+ * remove /var/(spool|log)/exim4 on purge if empty
+ * added manpages.
+ * allow relay for 127.0.0.1 : ::::1
+ * set host_find_failed = defer for smarthost router and mimick exim3. It
+ really sucks to get a frozen message and error to the postmaster _every_
+ time I try to send a message offline.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 24 Oct 2002 14:00:05 +0200
+
+exim4 (4.10-0.srh20.8) unstable; urgency=low
+
+ * info and html doc generated from separate source package - diff is
+ small
+ * remove m4 and texinfo from build-depends
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 24 Oct 2002 12:22:56 +0200
+
+exim4 (4.10-0.srh20.7) unstable; urgency=low
+
+ * config script as state machine - allows going back!
+ * hopefully last forgotten entry of /var/{spool,log,run}/exim in postinst
+ and cron.* fixed.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 24 Oct 2002 09:16:12 +0200
+
+exim4 (4.10-0.srh20.6) unstable; urgency=low
+
+ * generate /etc/aliases with debconf
+ * remove dpkg-statoverride managment with debconf, ship exim binary as 4755
+ root:root.
+ * update debian/copyright from NOTICE.
+ * add (commented out) maildrop-transport to template
+ * add (commented out) maildir-transport to template
+ * Remove some backslashes in template
+ * Fix *lots of* cut and paste errors, introduced by generating the
+ configuration template from the debconf_eximconfig perl script.
+ $local_delivery is wrong, define macro LOCAL_DELIVERY and use it instead.
+ Remove erranous backslashes.
+ * Add comments from the example configuration file to template.
+ * host and domain lists are colon separated.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Mon, 21 Oct 2002 22:37:45 +0200
+
+exim4 (4.10-0.srh20.5) unstable; urgency=low
+
+ * new debconf-code:
+ - shell scripts
+ - debconf-results are saved (and read from) /etc/exim4/debconf.results
+ - /etc/exim4/exim4.conf.template is a dpkg-conffile
+ - update-exim4.conf(8) merges these two files and generates exim's main
+ configuration file /var/lib/exim4/exim4.conf.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Sat, 19 Oct 2002 19:23:35 +0200
+
+exim4 (4.10-0.srh20.4) unstable; urgency=low
+
+ * symlink usr/sbin/exim4 <-> usr/sbin/exim in -base package was wrong.
+ * move invoke-rc.d to -base package - _it_ contains the init-script
+ * move stat-overide-stuff to -base package. - The values are filled in _its_
+ config.
+ * missing stuff from log/exim4 run/exim4 transition: exim-base
+ maintainerscripts.
+ * Daemon-packages have only debconf stuff left as maintainerscripts. How
+ about letting dh_installinit manage the initscript?
+ * exim4-base.postrm has no business removing /etc/exim/exim.conf
+
+ -- Andreas Metzler <ametzler@balrog.logic.univie.ac.at> Fri, 18 Oct 2002 14:40:46 +0200
+
+exim4 (4.10-0.srh20.3) unstable; urgency=low
+
+ * /etc/exim4/...
+ * fix cronjob: Test for existence of /etc/exim4/exim4.conf - it formerly
+ tested for exim3's configuration file
+ * /usr/lib/exim/ --> /usr/lib/exim4/ -- Put eximon.bin there, too.
+
+ -- Andreas Metzler <ametzler@logic.univie.ac.at> Fri, 18 Oct 2002 13:43:37 +0200
+
+exim4 (4.10-0.srh20.2) unstable; urgency=low
+
+ * more changes:
+ * /var/log/exim/ --> /var/log/exim4/
+ * /var/run/exim/ --> /var/run/exim4/
+ * /etc/init.d/exim --> /etc/init.d/exim4
+ * Use files named after the real package (exim4-base instead of) exim for
+ cron and logrotate. - use dh_installlogrotate and dh_installcron
+ * Don't install exim.8 manpages in daemon packages - symlink is enough, ship
+ real manpage in base-package. - use dh_installman.
+ * Get rid of m4-magic - without the alternatives there is no need.
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 17 Oct 2002 23:52:31 +0200
+
+exim4 (4.10-0.srh20.1) unstable; urgency=low
+
+ * rename package, replace dependencies.
+ - src: exim4
+ - binary exim(-something) --> exim4-something
+ - Remove Provides: exim - does not make sense anymore, dselect/apt
+ would take the real exim instead of the provided one.
+ - Revamp Dependencies and contents
+ * exim4-base provides/confl/repl: mta and depends on one of *our*
+ flavours
+ * each of the flavours only contains only /usr/sbin/exim4 and a manpagelink
+ exim4--->exim - there is no need to provides/confl/repl: mta, because
+ we ship no common file with the same name as in the original
+ exim4-package
+ - drop alternatives.
+ - install configuration example to /usr/share/doc/exim4-doc/examples
+
+ -- Andreas Metzler <ametzler@downhill.at.eu.org> Thu, 17 Oct 2002 17:58:08 +0200
+
+exim (4.10-0.srh20) unstable; urgency=low
+
+ * exim-base.config fixes during testing-- need to run debconf subs in a
+ list context to get their numeric return code.
+ * enqueue_question(): $code == 0 is ok too
+ * main: call fetch_default() not find_default() [when did I last test this?]
+ * install debconf_eximconfig (!!!!!!)
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 21:50:27 +0100
+
+exim (4.10-0.srh19) unstable; urgency=low
+
+ * Move the eximon binary into the eximon package!
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 19:36:48 +0100
+
+exim (4.10-0.srh18) unstable; urgency=low
+
+ * The clean: target now deletes doc/tmp
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 18:10:29 +0100
+
+exim (4.10-0.srh17) unstable; urgency=low
+
+ * Slave alternatives for "rmail" too.
+ * Changed libxaw-dev in build-depends to libxaw7-dev | libxaw-dev
+ * Added libperl-dev and m4 to build-depends
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 17:19:40 +0100
+
+exim (4.10-0.srh16) unstable; urgency=low
+
+ * Put --exec $DAEMON back on the start-stop-daemon --stop calls, since
+ start-stop-daemon complains about the process not being found after it
+ just killed it. (Due to Exim not removing its own pid file?)
+ * Point slave alternatives at .gz versions of manpages
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 16:12:08 +0100
+
+exim (4.10-0.srh15) unstable; urgency=low
+
+ * Fix "update-alternatives --remove" invocation.
+ * Remove alternatives AFTER stopping daemon.
+ * Use logrotate to cycle logs.
+ * Manually install logrotate/cron stuff, to call it "exim" instead of "exim-base".
+ * Install upstream exim.8 manpage, and slave alternatives.
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 15:44:56 +0100
+
+exim (4.10-0.srh14) unstable; urgency=low
+
+ * dh_installinit: pass --noscripts, put the script invocation etc. in
+ ourselves. This is still pretty nasty, but ensures that the deamons
+ are stopped/started themselves, not by exim-base.
+ * Also, pass --init-script=exim to use /etc/init.d/exim, not
+ /etc/init.d/exim-base.
+ * Fix some inconsistencies in the postsinst related to the above that
+ made lintian scream
+ * Remove the --exec option when stopping the daemon in the init script,
+ so that we still stop the daemon if the symlink changed to point to a
+ different version (hacky).
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 14:51:19 +0100
+
+exim (4.10-0.srh13) unstable; urgency=low
+
+ * Bah, fix paths of mailq etc. to be in /usr/bin, not /usr/lib
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 14:08:45 +0100
+
+exim (4.10-0.srh12) unstable; urgency=low
+
+ * The postinsts were totally broken, doing everything off the "install"
+ target, and nothing off "configure". Since they're all pracitcally the
+ same, they are now generated from daemon-postinst.m4.
+ * Fix invocations of dpkg-statoverride (sysuser??)
+ * Added slave alternatives for mailq, sendmail etc.
+ * Removed daemon packages conflicting with mail-transport-agent,
+ although this isn't good-- the deamon packages don't conflict with
+ each other (they use alternatives to arrange themselves), but do
+ conflict with other MTAs that install
+ /usr/lib/sendmail|/usr/sbin/sendmail links. Urnf.
+ * Similar generation system for prerms as postinsts
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 13:47:53 +0100
+
+exim (4.10-0.srh11) unstable; urgency=low
+
+ * Urnf, nasty circular dependencies. Removed exim-base's dependency on exim-daemon.
+ * Fix "use strict" errors in exim-base.config (oops)
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 13:10:25 +0100
+
+exim (4.10-0.srh10) unstable; urgency=low
+
+ * Patch src/expand.c with HMAC support
+ * Rename exim-daemon-default package to just "exim", so upgrading works
+ better, and exim isn't made into a pure virtual package while other
+ packages depend on it. Moreover, mail-transport-agent is provided by
+ each of the daemon packages, not exim-base, since having exim-base
+ alone is not sufficient to have an MTA.
+ * Each exim daemon package depends on exim-base, not exim.
+
+ -- Steve Haslam <araqnid@debian.org> Wed, 16 Oct 2002 12:52:19 +0100
+
+exim (4.10-0.1) unstable; urgency=low
+
+ * Heavy changes to build system.
+ * Split package into:
+ - exim-base: This package contains all utility programs and
+ documentation in plain text format.
+ - exim-daemon-$FOO: (Currently for FOO in light, default, heavy,
+ perl): Conain only the exim daemon in different configurations
+ - exim-doc-info: Contains exim documentation in Info format.
+ - eximon: The X11 monitor for Exim
+
+ -- Hilko Bengen <bengen@toplink-plannet.de> Wed, 2 Oct 2002 17:23:04 +0200
+
+exim (4.10-0.srh4) unstable; urgency=low
+
+ * exim.c: Show the OpenSSL version number if TLS compiled in and the tls
+ debug selector enabled.
+ * exim.postinst et al: Keep the alternatives configured between upgrades
+ (naughty) since exim-light will fail to start if exim-heavy keywords
+ are in the config file
+
+ -- Steve Haslam <araqnid@debian.org> Fri, 13 Sep 2002 16:08:47 +0100
+
+exim (4.10-0.srh3) unstable; urgency=low
+
+ * tls.c: Some debug output changes to verify_callback()
+ * debconf_eximconfig: add more escaping when writing acl_check_rcpt
+ * tls.c and others: ${tls_peercn} now expands to the CN part of the
+ peer's certificate subject when using TLS.
+ * transports/smtp.c and others: Added tls_verify_hostname option to
+ verify the hostname we connected to against the CN/subjectAltName
+ of the peer certificate.
+
+ -- Steve Haslam <araqnid@debian.org> Fri, 13 Sep 2002 15:44:07 +0100
+
+exim (4.10-0.srh2) unstable; urgency=low
+
+ * exim-heavy.postinst: had duplicate sendmail alternative, removed. Had
+ a priority the same as exim-light too... increased.
+ * Replace LOOKUP_CDB=yes in exim-light configuration, since it was in
+ the Exim 3 package and doesn't bring in any dependencies.
+ * exim.postinst: delete files from /var/spool/exim/db if they cannot be
+ read by exim_dumpdb (some DB compatibility lossage)
+
+ -- Steve Haslam <araqnid@debian.org> Tue, 3 Sep 2002 13:28:44 +0100
+
+exim (4.10-0.srh1) unstable; urgency=low
+
+ * My stab at an Exim 4 package. Features include:
+ * An exim-heavy package that contains an Exim binary with LDAP,
+ MySQL, PostgreSQL etc. in, so that the main Exim package's
+ dependencies are kept thin but users can easily get hold of
+ the extra lookup types.
+ * Debconf-based configuration, although it has priority=high
+ questions, so not completely noninteractive yet, and not
+ all features of eximconfig have been ported/checked
+ * Automated conversion of Exim 3 configuration files
+ (using PH's convert4r4)
+
+ -- Steve Haslam <araqnid@debian.org> Tue, 3 Sep 2002 10:20:24 +0100
+
+exim (3.35-1.srh1) unstable; urgency=low
+
+ * Reconfigured to include MySQL and PostgreSQL lookups
+
+ -- Steve Haslam <araqnid@debian.org> Fri, 9 Aug 2002 15:52:37 +0100
+
+exim (3.35-1) unstable; urgency=low
+
+ * New upstream version, fixes buffer overflow (Closes: #135069)
+ * debian/config: Added receiver_try_verify (Closes: #136276)
+ * debian/init.d: Use --retry 30 option for start-stop-daemon when
+ stopping exim (Closes: #136450)
+ * debian/postinst: "noninteractive" in correct case (Closes: #134379)
+ * debian/init.d: Use -n option for echo (from patch in #133288)
+ * debian/exim_lock.8: Manpage for exim_lock - thanks Nick Philips
+ (Closes: #131679)
+ * debian/config: Fixed comment on smtp_accept_queue_per_connection
+ (Closes: #136756)
+ * debian/exim.8,debian/eximon.8: Fixed hyphenation (Closes: #132068)
+ * debian/control: Short description improved (Closes: #130698)
+
+ -- Mark Baker <mark@mnb.org.uk> Mon, 4 Mar 2002 23:04:52 +0000
-
-
--- /dev/null
- Uploaders: Andreas Metzler <ametzler@debian.org>,Marc Haber <mh+debian-packages@zugschlus.de>
- Homepage: http://www.exim.org/
- Standards-Version: 3.9.8
- Vcs-Git: https://anonscm.debian.org/git/pkg-exim4/exim4.git
- Vcs-Browser: https://anonscm.debian.org/git/pkg-exim4/exim4.git
- Build-Depends: debhelper (>= 9), po-debconf, docbook-xsl, xsltproc,
- lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev,
- libident-dev, libdb5.3-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev,
- libxaw7-dev, libpq-dev, default-libmysqlclient-dev,
- libsqlite3-dev, libperl-dev, libgnutls28-dev, libsasl2-dev
+Source: exim4
+Section: mail
+Priority: standard
+Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
- Breaks: exim4-daemon-light (<<${Upstream-Version}),
- exim4-daemon-heavy (<<${Upstream-Version}),
- exim4-daemon-custom (<<${Upstream-Version})
++Uploaders:
++ Andreas Metzler <ametzler@debian.org>,
++ Marc Haber <mh+debian-packages@zugschlus.de>
++Homepage: https://www.exim.org/
++Standards-Version: 4.3.0
++Vcs-Git: https://salsa.debian.org/exim-team/exim4.git
++Vcs-Browser: https://salsa.debian.org/exim-team/exim4
++Build-Depends:
++ debhelper (>= 10),
++ default-libmysqlclient-dev,
++ docbook-xml,
++ docbook-xsl,
++ libdb5.3-dev,
++ libgnutls28-dev (>= 3.5.7),
++ libident-dev,
++ libldap2-dev,
++ libpam0g-dev,
++ libpcre3-dev,
++ libperl-dev,
++ libpq-dev,
++ libsasl2-dev,
++ libsqlite3-dev,
++ libx11-dev,
++ libxaw7-dev,
++ libxext-dev,
++ libxmu-dev,
++ libxt-dev,
++ lynx,
++ po-debconf,
++ xsltproc
+
+Package: exim4-base
+Architecture: any
- Replaces: exim, exim-tls, exim4-daemon-light, exim4-daemon-heavy, exim4-daemon-custom
- Depends: ${shlibs:Depends}, ${misc:Depends},
++Priority: optional
++Breaks:
++ exim4-daemon-custom (<<${Upstream-Version}),
++ exim4-daemon-heavy (<<${Upstream-Version}),
++ exim4-daemon-light (<<${Upstream-Version})
+Conflicts: exim, exim-tls
- exim4-config (>=4.82) | exim4-config-2, adduser, netbase, lsb-base (>= 3.0-6)
++Replaces:
++ exim,
++ exim-tls,
++ exim4-daemon-custom,
++ exim4-daemon-heavy,
++ exim4-daemon-light
++Depends:
++ adduser,
+ cron | cron-daemon | anacron,
- Recommends: psmisc, mailx
- Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info,
- gnutls-bin | openssl, file, spf-tools-perl, swaks
++ exim4-config (>=4.82) | exim4-config-2,
++ lsb-base (>= 3.0-6),
++ netbase,
++ ${misc:Depends},
++ ${shlibs:Depends}
+# psmisc just for exiwhat.
- Breaks: exim4-daemon-light (<< 4.87~RC5), exim4-daemon-heavy (<< 4.87~RC5)
++Recommends: mailx, psmisc
++Suggests:
++ exim4-doc-html | exim4-doc-info,
++ eximon4,
++ file,
++ gnutls-bin | openssl,
++ mail-reader,
++ spf-tools-perl,
++ swaks
+Description: support files for all Exim MTA (v4) packages
+ Exim (v4) is a mail transport agent. exim4-base provides the support
+ files needed by all exim4 daemon packages. You need an additional package
+ containing the main executable. The available packages are:
+ .
+ exim4-daemon-light
+ exim4-daemon-heavy
+ .
+ If you build exim4 from the source package locally, you can also
+ build an exim4-daemon-custom package tailored to your own feature set.
+ .
+ The Debian exim4 packages have their own web page,
+ http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+ FAQ list. Information about the way the Debian packages are
+ configured can be found in
+ /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+ information about the way the Debian binary packages are built. The
+ very extensive upstream documentation is shipped in
+ /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+ configuration process in a standard setup, invoke dpkg-reconfigure
+ exim4-config. There is a Debian-centered mailing list,
+ pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if you are sure that your question is not Debian-specific. You
+ can find the subscription web page on
+ http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
+
+Package: exim4-config
+Architecture: all
- Conflicts: exim, exim-tls, exim4-config, exim4-config-2, ${MTA-Conflicts}
- Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
++Priority: optional
++Breaks:
++ exim4-daemon-heavy (<< 4.91~RC1),
++ exim4-daemon-light (<< 4.91~RC1)
+Provides: exim4-config-2
- Provides: mail-transport-agent, exim4-localscanapi-2.0,
++Conflicts:
++ exim,
++ exim-tls,
++ exim4-config,
++ exim4-config-2,
++ ${MTA-Conflicts}
++Depends: adduser, ${misc:Depends}, ${shlibs:Depends}
+Description: configuration for the Exim MTA (v4)
+ Exim (v4) is a mail transport agent. exim4-config provides the configuration
+ for the exim4 daemon packages. The configuration framework has been split
+ off the main package to allow sites to replace the configuration scheme
+ with their own without having to change the actual exim4 packages.
+ .
+ Sites with special configuration needs (having a lot of identically
+ configured machines for example) can use this to distribute their own
+ custom configuration via the packaging system, using the magic
+ available with dpkg's conffile handling, without having to do local
+ changes on all of these machines.
+ .
+ The Debian exim4 packages have their own web page,
+ http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+ FAQ list. Information about the way the Debian packages are
+ configured can be found in
+ /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+ information about the way the Debian binary packages are built. The
+ very extensive upstream documentation is shipped in
+ /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+ configuration process in a standard setup, invoke dpkg-reconfigure
+ exim4-config. There is a Debian-centered mailing list,
+ pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if you are sure that your question is not Debian-specific. You
+ can find the subscription web page on
+ http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
+
+Package: exim4-daemon-light
+Architecture: any
- Replaces: mail-transport-agent, exim4-base (<= 4.61-1)
- Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends}
++Priority: optional
++Provides:
++ exim4-localscanapi-2.0,
++ mail-transport-agent,
+ ${dist:Provides:exim4-daemon-light}
+Conflicts: mail-transport-agent
- Depends: ${misc:Depends}, debconf (>= 1.4.69) | cdebconf (>= 0.39),
- exim4-base (>= ${source:Version}),
++Replaces: exim4-base (<= 4.61-1), mail-transport-agent
++Depends:
++ exim4-base (>= ${Upstream-Version}),
++ ${misc:Depends},
++ ${shlibs:Depends}
+Description: lightweight Exim MTA (v4) daemon
+ Exim (v4) is a mail transport agent. This package contains the exim4
+ daemon with only basic features enabled. It works well with the
+ standard setups that are provided by Debian and includes support for
+ TLS encryption and the dlopen patch to allow dynamic loading of a
+ local_scan function.
+ .
+ The Debian exim4 packages have their own web page,
+ http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+ FAQ list. Information about the way the Debian packages are
+ configured can be found in
+ /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+ information about the way the Debian binary packages are built. The
+ very extensive upstream documentation is shipped in
+ /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+ configuration process in a standard setup, invoke dpkg-reconfigure
+ exim4-config. There is a Debian-centered mailing list,
+ pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if you are sure that your question is not Debian-specific. You
+ can find the subscription web page on
+ http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
+
+Package: exim4
+Architecture: all
- exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom
++Priority: optional
++Depends:
++ debconf (>= 1.4.69) | cdebconf (>= 0.39),
+ exim4-base (<< ${source:Version}.1),
- Provides: mail-transport-agent, exim4-localscanapi-2.0
++ exim4-base (>= ${source:Version}),
++ exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom,
++ ${misc:Depends}
+Description: metapackage to ease Exim MTA (v4) installation
+ Exim (v4) is a mail transport agent. exim4 is the metapackage depending
+ on the essential components for a basic exim4 installation.
+ .
+ The Debian exim4 packages have their own web page,
+ http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+ FAQ list. Information about the way the Debian packages are
+ configured can be found in
+ /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+ information about the way the Debian binary packages are built. The
+ very extensive upstream documentation is shipped in
+ /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+ configuration process in a standard setup, invoke dpkg-reconfigure
+ exim4-config. There is a Debian-centered mailing list,
+ pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if you are sure that your question is not Debian-specific. You
+ can find the subscription web page on
+ http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
+
+Package: exim4-daemon-heavy
+Architecture: any
+Priority: optional
- Replaces: mail-transport-agent, exim4-base (<= 4.61-1)
- Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends},
- ${misc:Depends}
++Provides: exim4-localscanapi-2.0, mail-transport-agent
+Conflicts: mail-transport-agent
- #Provides: mail-transport-agent, exim4-localscanapi-2.0
++Replaces: exim4-base (<= 4.61-1), mail-transport-agent
++Depends:
++ exim4-base (>= ${Upstream-Version}),
++ ${misc:Depends},
++ ${shlibs:Depends}
+Breaks: clamav-daemon (<< 0.95)
+Description: Exim MTA (v4) daemon with extended features, including exiscan-acl
+ Exim (v4) is a mail transport agent. This package contains the exim4
+ daemon with extended features. In addition to the features already
+ supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP,
+ sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication,
+ embedded Perl interpreter, and the content scanning extension
+ (formerly known as "exiscan-acl") for integration of virus scanners
+ and spamassassin.
+ .
+ The Debian exim4 packages have their own web page,
+ http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+ FAQ list. Information about the way the Debian packages are
+ configured can be found in
+ /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+ information about the way the Debian binary packages are built. The
+ very extensive upstream documentation is shipped in
+ /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+ configuration process in a standard setup, invoke dpkg-reconfigure
+ exim4-config. There is a Debian-centered mailing list,
+ pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if you are sure that your question is not Debian-specific. You
+ can find the subscription web page on
+ http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
+
+#Package: exim4-daemon-custom
+#Architecture: any
+#Priority: optional
- #Replaces: mail-transport-agent, exim4-base (<= 4.61-1)
- #Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends}
++#Provides: exim4-localscanapi-2.0, mail-transport-agent
+#Conflicts: mail-transport-agent
- Depends: ${shlibs:Depends}, ${misc:Depends}, exim4-base (>= 4.10)
++#Replaces: exim4-base (<= 4.61-1), mail-transport-agent
++#Depends:
++# exim4-base (>= ${Upstream-Version}),
++# ${misc:Depends},
++# ${shlibs:Depends}
+#Description: custom Exim MTA (v4) daemon with locally set features
+# Exim (v4) is a mail transport agent. This package contains a
+# custom-configured exim4 daemon compiled to local needs. This package
+# is not part of official Debian, but can easily be built from the
+# Debian source package. For information about the feature set compiled in,
+# and for bug reports, please find out who built your package.
+# .
+# The Debian exim4 packages have their own web page,
+# http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+# FAQ list. Information about the way the Debian packages are
+# configured can be found in
+# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+# information about the way the Debian binary packages are built. The
+# very extensive upstream documentation is shipped in
+# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+# configuration process in a standard setup, invoke dpkg-reconfigure
+# exim4-config. There is a Debian-centered mailing list,
+# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+# questions there, and only write to the upstream exim-users mailing
+# list if you are sure that your question is not Debian-specific. You
+# can find the subscription web page on
+# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
+
+Package: eximon4
+Architecture: any
+Priority: optional
+Conflicts: eximon
+Replaces: eximon
- Package: exim4-dbg
- Architecture: any
- Priority: extra
- Section: debug
- Depends: exim4-base, exim4-config, ${misc:Depends}
- Recommends: eximon4
- Description: debugging symbols for the Exim MTA (utilities)
- Exim (v4) is a mail transport agent. This package contains
- debugging symbols for the binaries contained in the exim4
- packages. The daemon packages have their own debug package.
- .
- The Debian exim4 packages have their own web page,
- http://wiki.debian.org/PkgExim4. There is also a Debian-specific
- FAQ list. Information about the way the Debian packages are
- configured can be found in
- /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
- information about the way the Debian binary packages are built. The
- very extensive upstream documentation is shipped in
- /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
- configuration process in a standard setup, invoke dpkg-reconfigure
- exim4-config. There is a Debian-centered mailing list,
- pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
- questions there, and only write to the upstream exim-users mailing
- list if you are sure that your question is not Debian-specific. You
- can find the subscription web page on
- http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
-
- Package: exim4-daemon-light-dbg
- Architecture: any
- Priority: extra
- Section: debug
- Depends: exim4-daemon-light, ${misc:Depends}
- Description: debugging symbols for the Exim MTA "light" daemon
- Exim (v4) is a mail transport agent. This package contains
- debugging symbols for the binaries contained in the
- exim4-daemon-light package.
- .
- The Debian exim4 packages have their own web page,
- http://wiki.debian.org/PkgExim4. There is also a Debian-specific
- FAQ list. Information about the way the Debian packages are
- configured can be found in
- /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
- information about the way the Debian binary packages are built. The
- very extensive upstream documentation is shipped in
- /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
- configuration process in a standard setup, invoke dpkg-reconfigure
- exim4-config. There is a Debian-centered mailing list,
- pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
- questions there, and only write to the upstream exim-users mailing
- list if you are sure that your question is not Debian-specific. You
- can find the subscription web page on
- http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
-
- Package: exim4-daemon-heavy-dbg
- Architecture: any
- Priority: extra
- Section: debug
- Depends: exim4-daemon-heavy, ${misc:Depends}
- Description: debugging symbols for the Exim MTA "heavy" daemon
- Exim (v4) is a mail transport agent. This package contains
- debugging symbols for the binaries contained in the
- exim4-daemon-heavy package.
- .
- The Debian exim4 packages have their own web page,
- http://wiki.debian.org/PkgExim4. There is also a Debian-specific
- FAQ list. Information about the way the Debian packages are
- configured can be found in
- /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
- information about the way the Debian binary packages are built. The
- very extensive upstream documentation is shipped in
- /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
- configuration process in a standard setup, invoke dpkg-reconfigure
- exim4-config. There is a Debian-centered mailing list,
- pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
- questions there, and only write to the upstream exim-users mailing
- list if you are sure that your question is not Debian-specific. You
- can find the subscription web page on
- http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
-
- #Package: exim4-daemon-custom-dbg
- #Architecture: any
- #Priority: extra
- #Section: debug
- #Depends: exim4-daemon-custom, ${misc:Depends}
- #Description: debugging symbols for the Exim MTA (v4) packages
- # Exim (v4) is a mail transport agent. This package contains
- # debugging symbols for the binaries contained in the
- # exim4-daemon-custom package.
- # .
- # The Debian exim4 packages have their own web page,
- # http://wiki.debian.org/PkgExim4. There is also a Debian-specific
- # FAQ list. Information about the way the Debian packages are
- # configured can be found in
- # /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
- # information about the way the Debian binary packages are built. The
- # very extensive upstream documentation is shipped in
- # /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
- # configuration process in a standard setup, invoke dpkg-reconfigure
- # exim4-config. There is a Debian-centered mailing list,
- # pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
- # questions there, and only write to the upstream exim-users mailing
- # list if you are sure that your question is not Debian-specific. You
- # can find the subscription web page on
- # http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
-
++Depends: exim4-base (>= 4.10), ${misc:Depends}, ${shlibs:Depends}
+Description: monitor application for the Exim MTA (v4) (X11 interface)
+ Eximon is a helper program for the Exim MTA (v4). It allows
+ administrators to view the mail queue and logs, and perform a variety
+ of actions on queued messages, such as freezing, bouncing and thawing
+ messages.
+
- Priority: extra
+Package: exim4-dev
+Architecture: any
++Priority: optional
+Depends: ${misc:Depends}
+Description: header files for the Exim MTA (v4) packages
+ Exim (v4) is a mail transport agent. This package contains header
+ files that can be used to compile code that is then dynamically linked
+ to exim's local_scan interface.
+ .
+ The Debian exim4 packages have their own web page,
+ http://wiki.debian.org/PkgExim4. There is also a Debian-specific
+ FAQ list. Information about the way the Debian packages are
+ configured can be found in
+ /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains
+ information about the way the Debian binary packages are built. The
+ very extensive upstream documentation is shipped in
+ /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven
+ configuration process in a standard setup, invoke dpkg-reconfigure
+ exim4-config. There is a Debian-centered mailing list,
+ pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
+ questions there, and only write to the upstream exim-users mailing
+ list if you are sure that your question is not Debian-specific. You
+ can find the subscription web page on
+ http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
--- /dev/null
- exim is copyright (c) 1995 - 2017 University of Cambridge.
+This is Debian GNU/Linux's prepackaged version of exim, a powerful yet easy
+to configure mail transport agent.
+
+-----------------------------------------------------------------
+This package was put together from the original sources which are
+maintained by Philip Hazel <ph10@cus.cam.ac.uk>, and which were
+obtained from
+
+ ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/
+
+Some modifications to the Makefiles have been made to fit with the Linux
+FHS.
+-----------------------------------------------------------------
+
+-----------------------------------------------------------------
+The exim content filtering extension, formally known as the
+exiscan-acl patch, and which is included in exim4-daemon-heavy,
+was written by Tom Kistner <tom@duncanthrax.net>.
+/* Copyright (c) Tom Kistner <tom@duncanthrax.net> 2003-???? */
+/* License: GPL */
+-----------------------------------------------------------------
+
+-----------------------------------------------------------------
+Debian Maintainer history:
+- The Debian package for exim was originally made by Tim Cutts
+ <timc@chiark.greenend.org.uk>.
+- Mark Baker <mbaker@iee.org> took over until exim version 3 and is
+ still involved with packaging.
+- Steve Haslam, Hilko Bengen and Marc Haber generated the initial
+ packages of Exim v4.
+- The exim4 packages are currently maintained by
+ - Core Team
+ - (mh) Marc Haber <mh+debian-packages@zugschlus.de> (team leader)
+ - (am) Andreas Metzler <ametzler@downhill.at.eu.org> (uploader)
+ - Commit Privileges
+ - (hb) Hilko Bengen <bengen@debian.org> (documentation, hacks etc)
+ - (cb) Christian Perrier <bubulle@debian.org> (translations)
+
+The following people helped in preparing the exim4 packages and gave
+important feedback:
+- Marc Merlin provides the dlopen patch, making it possible to load
+ local_scan-routines for a external shared object.
+ The original patch was written by David Woodhouse, it was modified first
+ by Derrick 'dman' Hudson and afterwards by Marc Merlin.
+- Sander Smeenk provided the TLS-docs and the script to generate the
+ self-signed certificates.
+- The people on the exim4debian list that submitted bug-reports and -fixes,
+ and helped with design issues: Matthias Klose, Alexander Koch, Ola
+ Lundqvist, Andrew Mulholland, David Pashley, Andreas Piesk, Nick Phillips
+ and whoever I forgot to mention.
+- syslog2eximlog script by Martin Godisch.
+- Hilko Bengen converted the Debian documentation from plain-text to XML
+ format.
+-----------------------------------------------------------------
+
+
+-----------------------------------------------------------------
- distribution); a copy of the GNU GPL version 2 is available in
++exim is copyright (c) 1995 - 2018 University of Cambridge.
+
+The original licence is as follows (from the file NOTICE in the upstream
- Copyright (C) 2009 - 2016 Tom Kistner <tom@duncanthrax.net>
- Copyright (C) 2016 - 2017 Jeremy Harris <jgh@exim.org>
++distribution); a copy of the GNU GPL version 2 is available in
+/usr/share/common-licenses/GPL-2 on Debian systems.
+
+_________________________________________________________________________
+THE EXIM MAIL TRANSFER AGENT
+----------------------------
+
+Copyright (c) 2004 University of Cambridge
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+In addition, for the avoidance of any doubt, permission is granted to
+link this program with OpenSSL or any other library package and to
+(re)distribute the binaries produced as the result of such linking.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+
+UNSOLICITED EMAIL
+-----------------
+
+The use, supply or promotion of Exim for the purpose of sending bulk,
+unsolicited electronic mail is incompatible with the basic aims of the program,
+which revolve around the free provision of a service that enhances the quality
+of personal communications. The author of Exim regards indiscriminate
+mass-mailing as an antisocial, irresponsible abuse of the Internet.
+
+
+INCORPORATED CODE
+-----------------
+
+A number of pieces of external code are included in the Exim distribution.
+
+ . Support for the cdb (Constant DataBase) lookup method is provided by code
+ contributed by Nigel Metheringham of Planet Online Ltd. which contains
+ the following statements:
+ _________________________________________________________________________
+
+ Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ This code implements Dan Bernstein's Constant DataBase (cdb) spec.
+ Information, the spec and sample code for cdb can be obtained from
+ http://www.pobox.com/~djb/cdb.html. This implementation borrows some code
+ from Dan Bernstein's implementation (which has no license restrictions
+ applied to it).
+ _________________________________________________________________________
+
+ The implementation is completely contained within the code of Exim. It
+ does not link against an external cdb library.
+
+ . Client support for Microsoft's "Secure Password Authentication" is pro-
+ vided by code contributed by Marc Prud'hommeaux. Server support was
+ contributed by Tom Kistner. This includes code taken from the Samba
+ project, which is released under the Gnu GPL.
+
+
+ . Support for calling the Cyrus "pwcheck" and "saslauthd" daemons is
+ provided by code taken from the Cyrus-SASL library and adapted by
+ Alexander S. Sabourenkov. The permission notice appears below, in
+ accordance with the conditions expressed therein.
+
+ _________________________________________________________________________
+
+ Copyright (c) 2001 Carnegie Mellon University. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ 3. The name 'Carnegie Mellon University' must not be used to endorse or
+ promote products derived from this software without prior written
+ permission. For permission or any other legal details, please
+ contact
+
+ Office of Technology Transfer
+ Carnegie Mellon University
+ 5000 Forbes Avenue
+ Pittsburgh, PA 15213-3890
+ (412) 268-4387, fax: (412) 268-7395
+ tech-transfer@andrew.cmu.edu
+
+ 4. Redistributions of any form whatsoever must retain the following
+ acknowledgment:
+ This product includes software developed by Computing Services at
+ Carnegie Mellon University (http://www.cmu.edu/computing/).
+
+ CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
+ SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY
+ SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+ RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
+ CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ _________________________________________________________________________
+
+
+ . The Exim Monitor program, which is an X-Window application, includes
+ modified versions of the Athena StripChart and TextPop widgets. This code
+ is copyright by DEC and MIT, and their permission notice appears below,
+ in accordance with the conditions expressed therein.
+
+ _________________________________________________________________________
+
+ Copyright 1987, 1988 by Digital Equipment Corporation, Maynard,
+ Massachusetts, and the Massachusetts Institute of Technology, Cambridge,
+ Massachusetts.
+
+ All Rights Reserved
+
+ Permission to use, copy, modify, and distribute this software and its
+ documentation for any purpose and without fee is hereby granted, provided
+ that the above copyright notice appear in all copies and that both that
+ copyright notice and this permission notice appear in supporting documen-
+ tation, and that the names of Digital or MIT not be used in advertising
+ or publicity pertaining to distribution of the software without specific,
+ written prior permission.
+
+ DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
+ ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL
+ DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR
+ ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+ WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ SOFTWARE.
+ _________________________________________________________________________
+
+
+ . Some of the code to support the use of maildirsize files for maildir
+ deliveries is taken from the Courier Imapd source code. This code is
+ released under the GPL.
+ _________________________________________________________________________
+
+--
+Philip Hazel University of Cambridge Computing Service,
+-----------------------------------------------------------------
+src/pdkim/*
+
+PDKIM - a RFC4871 (DKIM) implementation
+http://duncanthrax.net/pdkim/
- Includes code from the PolarSSL project.
- http://polarssl.org
- Copyright (C) 2009 Paul Bakker <polarssl_maintainer@polarssl.org>
- Copyright (C) 2006-2008 Christophe Devine
- Copyright (C) 2006-2010, Brainspark B.V.
++Copyright (C) 2009 Tom Kistner <tom@duncanthrax.net>
+
-
- License: Both the parts from PolarSSL and the original code are licensed
- under GPLv2+.
-
- Please note that the parts copied from PolarSSL are only used with ancient
- (< 2.10) GnuTLS.
- -----------------------------------------------------------------
-
++No longer includes code from the PolarSSL project.
++Copyright (C) 2016 Jeremy Harris <jgh@exim.org>
+
+This copy of PDKIM is included with Exim. For a standalone distribution,
+visit http://duncanthrax.net/pdkim/.
- Generating a tarball from CVS snapshot.
-
- Upstream is keeping sourcecode and documentation (including changelog) in
- separate CVS modules: exim-src and exim-doc. However the release tarball
- contains parts from both modules.
-
- 1. Use exim-src modules as base
- 2. Generate a doc subdirectory containing he contents of exim-doc/doc-txt/.
- 3. Take exim-doc and build the txt files You will need xfpt, xmlto, docbook-xsl
- and w3m.
- cd doc-docbook ; make spec.txt filter.txt exim.8
- Copy the three files to exim-version/doc/
-
+-----------------------------------------------------------------
--- /dev/null
- # from an RFC2822 point of view. We chose to have them blocked by
+
+### acl/30_exim4-config_check_rcpt
+#################################
+
++# define macros to be used below in this file to check recipient
++# local parts for strange characters. Documentation below.
++# This blocks local parts that begin with a dot or contain a quite
++# broad range of non-alphanumeric characters.
++
++.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
++CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
++.endif
++
++.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
++CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
++.endif
++
+# This access control list is used for every RCPT command in an incoming
+# SMTP message. The tests are run in order until the address is either
+# accepted or denied.
+#
+acl_check_rcpt:
+
+ # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
+ # testing for an empty sending host field.
+ accept
+ hosts = :
+ control = dkim_disable_verify
+
+ # Do not try to verify DKIM signatures of incoming mail if DC_minimaldns
+ # or DISABLE_DKIM_VERIFY are set.
+.ifdef DC_minimaldns
+ warn
+ control = dkim_disable_verify
+.else
+.ifdef DISABLE_DKIM_VERIFY
+ warn
+ control = dkim_disable_verify
+.endif
+.endif
+
+ # The following section of the ACL is concerned with local parts that contain
+ # certain non-alphanumeric characters. Dots in unusual places are
+ # handled by this ACL as well.
+ #
+ # Non-alphanumeric characters other than dots are rarely found in genuine
+ # local parts, but are often tried by people looking to circumvent
+ # relaying restrictions. Therefore, although they are valid in local
+ # parts, these rules disallow certain non-alphanumeric characters, as
+ # a precaution.
+ #
+ # Empty components (two dots in a row) are not valid in RFC 2822, but Exim
+ # allows them because they have been encountered. (Consider local parts
+ # constructed as "firstinitial.secondinitial.familyname" when applied to
+ # a name without a second initial.) However, a local part starting
+ # with a dot or containing /../ can cause trouble if it is used as part of a
+ # file name (e.g. for a mailing list). This is also true for local parts that
+ # contain slashes. A pipe symbol can also be troublesome if the local part is
+ # incorporated unthinkingly into a shell command line.
+ #
+ # These ACL components will block recipient addresses that are valid
- # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in
- # main/01_exim4-config_listmacrosdefs:
- # CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
- # This blocks local parts that begin with a dot or contain a quite
- # broad range of non-alphanumeric characters.
++ # from an RFC5322 point of view. We chose to have them blocked by
+ # default for security reasons.
+ #
+ # If you feel that your site should have less strict recipient
+ # checking, please feel free to change the default values of the macros
+ # defined in main/01_exim4-config_listmacrosdefs or override them from a
+ # local configuration file.
+ #
+ # Two different rules are used. The first one has a quite strict
+ # default, and is applied to messages that are addressed to one of the
+ # local domains handled by this host.
+
++ # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined
++ # at the top of this file.
+ .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
+ deny
+ domains = +local_domains
+ local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
+ message = restricted characters in address
+ .endif
+
+
+ # The second rule applies to all other domains, and its default is
+ # considerably less strict.
+
+ # The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in
+ # main/01_exim4-config_listmacrosdefs:
+ # CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
+
+ # It allows local users to send outgoing messages to sites
+ # that use slashes and vertical bars in their local parts. It blocks
+ # local parts that begin with a dot, slash, or vertical bar, but allows
+ # these characters within the local part. However, the sequence /../ is
+ # barred. The use of some other non-alphanumeric characters is blocked.
+ # Single quotes might probably be dangerous as well, but they're
+ # allowed by the default regexps to avoid rejecting mails to Ireland.
+ # The motivation here is to prevent local users (or local users' malware)
+ # from mounting certain kinds of attack on remote sites.
+ .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
+ deny
+ domains = !+local_domains
+ local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
+ message = restricted characters in address
+ .endif
+
+
+ # Accept mail to postmaster in any local domain, regardless of the source,
+ # and without verifying the sender.
+ #
+ accept
+ .ifndef CHECK_RCPT_POSTMASTER
+ local_parts = postmaster
+ .else
+ local_parts = CHECK_RCPT_POSTMASTER
+ .endif
+ domains = +local_domains : +relay_to_domains
+
+
+ # Deny unless the sender address can be verified.
+ #
+ # This is disabled by default so that DNSless systems don't break. If
+ # your system can do DNS lookups without delay or cost, you might want
+ # to enable this feature.
+ #
+ # This feature does not work in smarthost and satellite setups as
+ # with these setups all domains pass verification. See spec.txt section
+ # "Access control lists" subsection "Address verification" with the added
+ # information that a smarthost/satellite setup routes all non-local e-mail
+ # to the smarthost.
+ .ifdef CHECK_RCPT_VERIFY_SENDER
+ deny
+ message = Sender verification failed
+ !acl = acl_local_deny_exceptions
+ !verify = sender
+ .endif
+
+ # Verify senders listed in local_sender_callout with a callout.
+ #
+ # In smarthost and satellite setups, this causes the callout to be
+ # done to the smarthost. Verification will thus only be reliable if the
+ # smarthost does reject illegal addresses in the SMTP dialog.
+ deny
+ !acl = acl_local_deny_exceptions
+ senders = ${if exists{CONFDIR/local_sender_callout}\
+ {CONFDIR/local_sender_callout}\
+ {}}
+ !verify = sender/callout
+
+
+ # Accept if the message comes from one of the hosts for which we are an
+ # outgoing relay. It is assumed that such hosts are most likely to be MUAs,
+ # so we set control=submission to make Exim treat the message as a
+ # submission. It will fix up various errors in the message, for example, the
+ # lack of a Date: header line. If you are actually relaying out out from
+ # MTAs, you may want to disable this. If you are handling both relaying from
+ # MTAs and submissions from MUAs you should probably split them into two
+ # lists, and handle them differently.
+
+ # Recipient verification is omitted here, because in many cases the clients
+ # are dumb MUAs that don't cope well with SMTP error responses. If you are
+ # actually relaying out from MTAs, you should probably add recipient
+ # verification here.
+
+ # Note that, by putting this test before any DNS black list checks, you will
+ # always accept from these hosts, even if they end up on a black list. The
+ # assumption is that they are your friends, and if they get onto black
+ # list, it is a mistake.
+ accept
+ hosts = +relay_from_hosts
+ control = submission/sender_retain
+ control = dkim_disable_verify
+
+
+ # Accept if the message arrived over an authenticated connection, from
+ # any host. Again, these messages are usually from MUAs, so recipient
+ # verification is omitted, and submission mode is set. And again, we do this
+ # check before any black list tests.
+ accept
+ authenticated = *
+ control = submission/sender_retain
+ control = dkim_disable_verify
+
+ # Insist that a HELO/EHLO was accepted.
+
+ require message = nice hosts say HELO first
+ condition = ${if def:sender_helo_name}
+
+ # Insist that any other recipient address that we accept is either in one of
+ # our local domains, or is in a domain for which we explicitly allow
+ # relaying. Any other domain is rejected as being unacceptable for relaying.
+ require
+ message = relay not permitted
+ domains = +local_domains : +relay_to_domains
+
+
+ # We also require all accepted addresses to be verifiable. This check will
+ # do local part verification for local domains, but only check the domain
+ # for remote domains.
+ require
+ verify = recipient
+
+
+ # Verify recipients listed in local_rcpt_callout with a callout.
+ # This is especially handy for forwarding MX hosts (secondary MX or
+ # mail hubs) of domains that receive a lot of spam to non-existent
+ # addresses. The only way to check local parts for remote relay
+ # domains is to use a callout (add /callout), but please read the
+ # documentation about callouts before doing this.
+ deny
+ !acl = acl_local_deny_exceptions
+ recipients = ${if exists{CONFDIR/local_rcpt_callout}\
+ {CONFDIR/local_rcpt_callout}\
+ {}}
+ !verify = recipient/callout
+
+
+ # CONFDIR/local_sender_blacklist holds a list of envelope senders that
+ # should have their access denied to the local host. Incoming messages
+ # with one of these senders are rejected at RCPT time.
+ #
+ # The explicit white lists are honored as well as negative items in
+ # the black list. See exim4-config_files(5) for details.
+ deny
+ message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
++ log_message = sender envelope address is locally blacklisted.
+ !acl = acl_local_deny_exceptions
+ senders = ${if exists{CONFDIR/local_sender_blacklist}\
+ {CONFDIR/local_sender_blacklist}\
+ {}}
+
+
+ # deny bad sites (IP address)
+ # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
+ # and networks (CIDR notation) that should have their access denied to
+ # The local host. Messages coming in from a listed host will have all
+ # RCPT statements rejected.
+ #
+ # The explicit white lists are honored as well as negative items in
+ # the black list. See exim4-config_files(5) for details.
+ deny
+ message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
++ log_message = sender IP address is locally blacklisted.
+ !acl = acl_local_deny_exceptions
+ hosts = ${if exists{CONFDIR/local_host_blacklist}\
+ {CONFDIR/local_host_blacklist}\
+ {}}
+
+
+ # Warn if the sender host does not have valid reverse DNS.
+ #
+ # If your system can do DNS lookups without delay or cost, you might want
+ # to enable this.
+ # If sender_host_address is defined, it's a remote call. If
+ # sender_host_name is not defined, then reverse lookup failed. Use
+ # this instead of !verify = reverse_host_lookup to catch deferrals
+ # as well as outright failures.
+ .ifdef CHECK_RCPT_REVERSE_DNS
+ warn
+ condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
+ {yes}{no}}
+ add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
+ .endif
+
+
+ # Use spfquery to perform a pair of SPF checks (for details, see
+ # http://www.openspf.org/)
+ #
+ # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not
+ # enable if that's an issue. Also note that if you enable this, you must
+ # install "spf-tools-perl" which provides the spfquery command.
+ # Missing spf-tools-perl will trigger the "Unexpected error in
+ # SPF check" warning.
+ .ifdef CHECK_RCPT_SPF
+ deny
+ message = [SPF] $sender_host_address is not allowed to send mail from \
+ ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \
+ Please see \
+ http://www.openspf.org/Why?scope=${if def:sender_address_domain \
+ {mfrom}{helo}};identity=${if def:sender_address_domain \
+ {$sender_address}{$sender_helo_name}};ip=$sender_host_address
+ log_message = SPF check failed.
+ !acl = acl_local_deny_exceptions
+ condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
+ ${quote:$sender_host_address} --identity \
+ ${if def:sender_address_domain \
+ {--scope mfrom --identity ${quote:$sender_address}}\
+ {--scope helo --identity ${quote:$sender_helo_name}}}}\
+ {no}{${if eq {$runrc}{1}{yes}{no}}}}
+
+ defer
+ message = Temporary DNS error while checking SPF record. Try again later.
+ !acl = acl_local_deny_exceptions
+ condition = ${if eq {$runrc}{5}{yes}{no}}
+
+ warn
+ condition = ${if <={$runrc}{6}{yes}{no}}
+ add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
+ {${if eq {$runrc}{2}{softfail}\
+ {${if eq {$runrc}{3}{neutral}\
+ {${if eq {$runrc}{4}{permerror}\
+ {${if eq {$runrc}{6}{none}{error}}}}}}}}}\
+ } client-ip=$sender_host_address; \
+ ${if def:sender_address_domain \
+ {envelope-from=${sender_address}; }{}}\
+ helo=$sender_helo_name
+
+ warn
+ log_message = Unexpected error in SPF check.
+ condition = ${if >{$runrc}{6}{yes}{no}}
+ .endif
+
+
+ # Check against classic DNS "black" lists (DNSBLs) which list
+ # sender IP addresses
+ .ifdef CHECK_RCPT_IP_DNSBLS
+ warn
+ dnslists = CHECK_RCPT_IP_DNSBLS
+ add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+ log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+ .endif
+
+
+ # Check against DNSBLs which list sender domains, with an option to locally
+ # whitelist certain domains that might be blacklisted.
+ #
+ # Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append
+ # "/$sender_address_domain" after each domain. For example:
+ # CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \
+ # : rhsbl.bar.org/$sender_address_domain
+ .ifdef CHECK_RCPT_DOMAIN_DNSBLS
+ warn
+ !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
+ {CONFDIR/local_domain_dnsbl_whitelist}\
+ {}}
+ dnslists = CHECK_RCPT_DOMAIN_DNSBLS
+ add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+ log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+ .endif
+
+
+ # This hook allows you to hook in your own ACLs without having to
+ # modify this file. If you do it like we suggest, you'll end up with
+ # a small performance penalty since there is an additional file being
+ # accessed. This doesn't happen if you leave the macro unset.
+ .ifdef CHECK_RCPT_LOCAL_ACL_FILE
+ .include CHECK_RCPT_LOCAL_ACL_FILE
+ .endif
+
+
+ #############################################################################
+ # This check is commented out because it is recognized that not every
+ # sysadmin will want to do it. If you enable it, the check performs
+ # Client SMTP Authorization (csa) checks on the sending host. These checks
+ # do DNS lookups for SRV records. The CSA proposal is currently (May 2005)
+ # an Internet draft. You can, of course, add additional conditions to this
+ # ACL statement to restrict the CSA checks to certain hosts only.
+ #
+ # require verify = csa
+ #############################################################################
+
+
+ # Accept if the address is in a domain for which we are an incoming relay,
+ # but again, only if the recipient can be verified.
+
+ accept
+ domains = +relay_to_domains
+ endpass
+ verify = recipient
+
+
+ # At this point, the address has passed all the checks that have been
+ # configured, so we accept it unconditionally.
+
+ accept
--- /dev/null
- # Deny unless the address list headers are syntactically correct.
+
+### acl/40_exim4-config_check_data
+#################################
+
+# This ACL is used after the contents of a message have been received. This
+# is the ACL in which you can test a message's headers or body, and in
+# particular, this is where you can invoke external virus or spam scanners.
+
+acl_check_data:
+
+ # Deny if the message contains an overlong line. Per the standards
+ # we should never receive one such via SMTP.
+ #
+ .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+ deny message = maximum allowed line length is 998 octets, \
+ got $max_received_linelength
+ condition = ${if > {$max_received_linelength}{998}}
+ .endif
+
- # If you enable this, you might reject legitimate mail.
- .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
++ # Deny if the headers contain badly-formed addresses.
+ #
- message = Message headers fail syntax check
++ .ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX
+ deny
- # you must install SpamAssassin. You also need to set the spamd_address
+ !acl = acl_local_deny_exceptions
+ !verify = header_syntax
++ message = header syntax
++ log_message = header syntax ($acl_verify_message)
+ .endif
+
+
+ # require that there is a verifiable sender address in at least
+ # one of the "Sender:", "Reply-To:", or "From:" header lines.
+ .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
+ deny
+ message = No verifiable sender address in message headers
+ !acl = acl_local_deny_exceptions
+ !verify = header_sender
+ .endif
+
+
+ # Deny if the message contains malware. Before enabling this check, you
+ # must install a virus scanner and set the av_scanner option in the
+ # main configuration.
+ #
+ # exim4-daemon-heavy must be used for this section to work.
+ #
+ # deny
+ # malware = *
+ # message = This message was detected as possible malware ($malware_name).
+
+
+ # Add headers to a message if it is judged to be spam. Before enabling this,
- # Please note that this is only suiteable as an example. There are
- # multiple issues with this configuration method. For example, if you go
- # this way, you'll give your spamassassin daemon write access to the
- # entire exim spool which might be a security issue in case of a
- # spamassassin exploit.
++ # you must install SpamAssassin. You may also need to set the spamd_address
+ # option in the main configuration.
+ #
+ # exim4-daemon-heavy must be used for this section to work.
+ #
- # spam = Debian-exim:true
- # add_header = X-Spam_score: $spam_score\n\
- # X-Spam_score_int: $spam_score_int\n\
- # X-Spam_bar: $spam_bar\n\
- # X-Spam_report: $spam_report
++ # Please note that this is only suiteable as an example. See
++ # /usr/share/doc/exim4-base/README.Debian.gz
+ #
+ # See the exim docs and the exim wiki for more suitable examples.
+ #
++ # # Remove internal headers
+ # warn
++ # remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \
++ # X-Spam_report
++ #
++ # warn
++ # condition = ${if <{$message_size}{120k}{1}{0}}
++ # # ":true" to add headers/acl variables even if not spam
++ # spam = nobody:true
++ # add_header = X-Spam_score: $spam_score
++ # add_header = X-Spam_bar: $spam_bar
++ # # Do not enable this unless you have shorted SpamAssassin's report
++ # #add_header = X-Spam_report: $spam_report
++ #
++ # Reject spam messages (score >15.0).
++ # This breaks mailing list and forward messages.
++ # deny
++ # message = Classified as spam (score $spam_score)
++ # condition = ${if <{$message_size}{120k}{1}{0}}
++ # condition = ${if >{$spam_score_int}{150}{true}{false}}
+
+
+ # This hook allows you to hook in your own ACLs without having to
+ # modify this file. If you do it like we suggest, you'll end up with
+ # a small performance penalty since there is an additional file being
+ # accessed. This doesn't happen if you leave the macro unset.
+ .ifdef CHECK_DATA_LOCAL_ACL_FILE
+ .include CHECK_DATA_LOCAL_ACL_FILE
+ .endif
+
+
+ # accept otherwise
+ accept
--- /dev/null
- # define macros to be used in acl/30_exim4-config_check_rcpt to check
- # recipient local parts for strange characters.
-
- # This macro definition really should be in
- # acl/30_exim4-config_check_rcpt but cannot be there due to
- # http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62.
-
- # These macros are documented in acl/30_exim4-config_check_rcpt,
- # can be changed here or overridden by a locally added configuration
- # file as described in README.Debian section "Using Exim Macros to control
- # the configuration".
-
- .ifndef CHECK_RCPT_LOCAL_LOCALPARTS
- CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
- .endif
-
- .ifndef CHECK_RCPT_REMOTE_LOCALPARTS
- CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
- .endif
-
+######################################################################
+# Runtime configuration file for Exim 4 (Debian Packaging) #
+######################################################################
+
+######################################################################
+# /etc/exim4/exim4.conf.template is only used with the non-split
+# configuration scheme.
+# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used
+# with the split configuration scheme.
+# If you find this comment anywhere else, somebody copied it there.
+# Documentation about the Debian exim4 configuration scheme can be
+# found in /usr/share/doc/exim4-base/README.Debian.gz.
+######################################################################
+
+######################################################################
+# MAIN CONFIGURATION SETTINGS #
+######################################################################
+
+# Just for reference and scripts.
+# On Debian systems, the main binary is installed as exim4 to avoid
+# conflicts with the exim 3 packages.
+exim_path = /usr/sbin/exim4
+
+# Macro defining the main configuration directory.
+# We do not use absolute paths.
+.ifndef CONFDIR
+CONFDIR = /etc/exim4
+.endif
+
+# debconf-driven macro definitions get inserted after this line
+UPEX4CmacrosUPEX4C = 1
+
+# Create domain and host lists for relay control
+# '@' refers to 'the name of the local host'
+
+# List of domains considered local for exim. Domains not listed here
+# need to be deliverable remotely.
+domainlist local_domains = MAIN_LOCAL_DOMAINS
+
+# List of recipient domains to relay _to_. Use this list if you're -
+# for example - fallback MX or mail gateway for domains.
+domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
+
+# List of sender networks (IP addresses) to _unconditionally_ relay
+# _for_. If you intend to be SMTP AUTH server, you do not need to enter
+# anything here.
+hostlist relay_from_hosts = MAIN_RELAY_NETS
+
+
+# Decide which domain to use to add to all unqualified addresses.
+# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
+# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
+# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
+# the first line of /etc/mailname is used.
+.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
+.ifndef MAIN_QUALIFY_DOMAIN
+qualify_domain = ETC_MAILNAME
+.else
+qualify_domain = MAIN_QUALIFY_DOMAIN
+.endif
+.endif
+
+# listen on all all interfaces?
+.ifdef MAIN_LOCAL_INTERFACES
+local_interfaces = MAIN_LOCAL_INTERFACES
+.endif
+
+.ifndef LOCAL_DELIVERY
+# The default transport, set in /etc/exim4/update-exim4.conf.conf,
+# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
+LOCAL_DELIVERY=mail_spool
+.endif
+
+# The gecos field in /etc/passwd holds not only the name. see passwd(5).
+gecos_pattern = ^([^,:]*)
+gecos_name = $1
+
+# always log tls_peerdn as we use TLS for outgoing connects by default
+.ifndef MAIN_LOG_SELECTOR
+MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
+.endif
--- /dev/null
+
+### main/02_exim4-config_options
+#################################
+
+
+# Defines the access control list that is run when an
+# SMTP MAIL command is received.
+#
+.ifndef MAIN_ACL_CHECK_MAIL
+MAIN_ACL_CHECK_MAIL = acl_check_mail
+.endif
+acl_smtp_mail = MAIN_ACL_CHECK_MAIL
+
+
+# Defines the access control list that is run when an
+# SMTP RCPT command is received.
+#
+.ifndef MAIN_ACL_CHECK_RCPT
+MAIN_ACL_CHECK_RCPT = acl_check_rcpt
+.endif
+acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
+
+
+# Defines the access control list that is run when an
+# SMTP DATA command is received.
+#
+.ifndef MAIN_ACL_CHECK_DATA
+MAIN_ACL_CHECK_DATA = acl_check_data
+.endif
+acl_smtp_data = MAIN_ACL_CHECK_DATA
+
+
+# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
+# is unset) is 50 MB
+.ifdef MESSAGE_SIZE_LIMIT
+message_size_limit = MESSAGE_SIZE_LIMIT
+.endif
+
+
+# If you are running exim4-daemon-heavy or a custom version of Exim that
+# was compiled with the content-scanning extension, you can cause incoming
+# messages to be automatically scanned for viruses. You have to modify the
+# configuration in two places to set this up. The first of them is here,
+# where you define the interface to your scanner. This example is typical
+# for ClamAV; see the manual for details of what to set for other virus
+# scanners. The second modification is in the acl_check_data access
+# control list.
+
+# av_scanner = clamd:/var/run/clamav/clamd.ctl
+
+
+# For spam scanning, there is a similar option that defines the interface to
+# SpamAssassin. You do not need to set this if you are using the default, which
+# is shown in this commented example. As for virus scanning, you must also
+# modify the acl_check_data access control list to enable spam scanning.
+
+# spamd_address = 127.0.0.1 783
+
+# Domain used to qualify unqualified recipient addresses
+# If this option is not set, the qualify_domain value is used.
+# qualify_recipient = <value of qualify_domain>
+
+
+# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
+# where the domain part is a "domain literal" (an IP address) instead
+# of a named domain. The RFCs require this facility, but it is disabled
+# in the default config since it is rarely used and frequently abused.
+# Domain literal support also needs a special router, which is automatically
+# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
+# Additionally, you might want to make your local IP addresses (or @[])
+# local domains.
+.ifdef MAIN_ALLOW_DOMAIN_LITERALS
+allow_domain_literals
+.endif
+
+
+# Do a reverse DNS lookup on all incoming IP calls, in order to get the
+# true host name. If you feel this is too expensive, the networks for
+# which a lookup is done can be listed here.
+.ifndef DC_minimaldns
+.ifndef MAIN_HOST_LOOKUP
+MAIN_HOST_LOOKUP = *
+.endif
+host_lookup = MAIN_HOST_LOOKUP
+.endif
+
++# The setting below causes Exim to try to initialize the system resolver
++# library with DNSSEC support. It has no effect if your library lacks
++# DNSSEC support.
++dns_dnssec_ok = 1
+
+# In a minimaldns setup, update-exim4.conf guesses the hostname and
+# dumps it here to avoid DNS lookups being done at Exim run time.
+.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
+primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
+.endif
+
+# The settings below cause Exim to make RFC 1413 (ident) callbacks
+# for all incoming SMTP calls. You can limit the hosts to which these
+# calls are made, and/or change the timeout that is used. If you set
+# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls
+# are cheap and can provide useful information for tracing problem
+# messages, but some hosts and firewalls have problems with them.
+# This can result in a timeout instead of an immediate refused
+# connection, leading to delays on starting up SMTP sessions.
+# (The default was reduced from 30s to 5s for release 4.61. and to
+# disabled for release 4.86)
+#
+#rfc1413_hosts = *
+#rfc1413_query_timeout = 5s
+
+
+# Enable an efficiency feature. We advertise the feature; clients
+# may request to use it. For multi-recipient mails we then can
+# reject or accept per-user after the message is received.
+#
+prdr_enable = true
+
+# When using an external relay tester (such as rt.njabl.org and/or the
+# currently defunct relay-test.mail-abuse.org, the test may be aborted
+# since exim complains about "too many nonmail commands". If you want
+# the test to complete, add the host from where "your" relay tester
+# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro.
+# Please note that a non-empty setting may cause extra DNS lookups to
+# happen, which is the reason why this option is commented out in the
+# default settings.
+# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org
+.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
+smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
+.endif
+
+# By default, exim forces a Sender: header containing the local
+# account name at the local host name in all locally submitted messages
+# that don't have the local account name at the local host name in the
+# From: header, deletes any Sender: header present in the submitted
+# message and forces the envelope sender of all locally submitted
+# messages to the local account name at the local host name.
+# The following settings allow local users to specify their own envelope sender
+# in a locally submitted message. Sender: headers existing in a locally
+# submitted message are not removed, and no automatic Sender: headers
+# are added. These settings are fine for most hosts.
+# If you run exim on a classical multi-user systems where all users
+# have local mailboxes that can be reached via SMTP from the Internet
+# with the local FQDN as the domain part of the address, you might want
+# to disable the following three lines for traceability reasons.
+.ifndef MAIN_FORCE_SENDER
+local_from_check = false
+local_sender_retain = true
+untrusted_set_sender = *
+.endif
+
+
+# By default, Exim expects all envelope addresses to be fully qualified, that
+# is, they must contain both a local part and a domain. Configure exim
+# to accept unqualified addresses from certain hosts. When this is done,
+# unqualified addresses are qualified using the settings of qualify_domain
+# and/or qualify_recipient (see above).
+# sender_unqualified_hosts = <unset>
+# recipient_unqualified_hosts = <unset>
+
+
+# Configure Exim to support the "percent hack" for certain domains.
+# The "percent hack" is the feature by which mail addressed to x%y@z
+# (where z is one of the domains listed) is locally rerouted to x@y
+# and sent on. If z is not one of the "percent hack" domains, x%y is
+# treated as an ordinary local part. The percent hack is rarely needed
+# nowadays but frequently abused. You should not enable it unless you
+# are sure that you really need it.
+# percent_hack_domains = <unset>
+
+
+# Bounce handling
+.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
+MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
+.endif
+ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
+
+.ifndef MAIN_TIMEOUT_FROZEN_AFTER
+MAIN_TIMEOUT_FROZEN_AFTER = 7d
+.endif
+timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
+
+.ifndef MAIN_FREEZE_TELL
+MAIN_FREEZE_TELL = postmaster
+.endif
+freeze_tell = MAIN_FREEZE_TELL
+
+
+# Define spool directory
+.ifndef SPOOLDIR
+SPOOLDIR = /var/spool/exim4
+.endif
+spool_directory = SPOOLDIR
+
+
+# trusted users can set envelope-from to arbitrary values
+.ifndef MAIN_TRUSTED_USERS
+MAIN_TRUSTED_USERS = uucp
+.endif
+trusted_users = MAIN_TRUSTED_USERS
+.ifdef MAIN_TRUSTED_GROUPS
+trusted_groups = MAIN_TRUSTED_GROUPS
+.endif
+
+
+# users in admin group can do many other things
+# admin_groups = <unset>
+
+
+# SMTP Banner. The example includes the Debian version in the SMTP dialog
+# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
+# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
+
+.ifdef MAIN_KEEP_ENVIRONMENT
+keep_environment = MAIN_KEEP_ENVIRONMENT
+.else
+# set option to empty value to avoid warning.
+keep_environment =
+.endif
+.ifdef MAIN_ADD_ENVIRONMENT
+add_environment = MAIN_ADD_ENVIRONMENT
+.endif
--- /dev/null
+
+### router/200_exim4-config_primary
+#################################
+# This file holds the primary router, responsible for nonlocal mails
+
+.ifdef DCconfig_internet
+# configtype=internet
+#
+# deliver mail to the recipient if recipient domain is a domain we
+# relay for. We do not ignore any target hosts here since delivering to
+# a site local or even a link local address might be wanted here, and if
+# such an address has found its way into the MX record of such a domain,
+# the local admin is probably in a place where that broken MX record
+# could be fixed.
+
+dnslookup_relay_to_domains:
+ debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains : +relay_to_domains
+ transport = remote_smtp
+ same_domain_copy_routing = yes
++ dnssec_request_domains = *
+ no_more
+
+# deliver mail directly to the recipient. This router is only reached
+# for domains that we do not relay for. Since we most probably can't
+# have broken MX records pointing to site local or link local IP
+# addresses fixed, we ignore target hosts pointing to these addresses.
+
+dnslookup:
+ debug_print = "R: dnslookup for $local_part@$domain"
+ driver = dnslookup
+ domains = ! +local_domains
+ transport = remote_smtp
+ same_domain_copy_routing = yes
+ # ignore private rfc1918 and APIPA addresses
+ ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
+ 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
+ 255.255.255.255
++ dnssec_request_domains = *
+ no_more
+
+.endif
+
+
+.ifdef DCconfig_local
+# configtype=local
+#
+# Stand-alone system, so generate an error for mail to a non-local domain
+nonlocal:
+ debug_print = "R: nonlocal for $local_part@$domain"
+ driver = redirect
+ domains = ! +local_domains
+ allow_fail
+ data = :fail: Mailing to remote domains not supported
+ no_more
+
+.endif
+
+
+.ifdef DCconfig_smarthost DCconfig_satellite
+# configtype=smarthost or configtype=satellite
+#
+# Send all non-local mail to a single other machine (smarthost).
+#
+# This means _ALL_ non-local mail goes to the smarthost. This will most
+# probably not do what you want for domains that are listed in
+# relay_domains. The most typical use for relay_domains is to control
+# relaying for incoming e-mail on secondary MX hosts. In that case,
+# it doesn't make sense to send the mail to the smarthost since the
+# smarthost will probably send the message right back here, causing a
+# loop.
+#
+# If you want to use a smarthost while being secondary MX for some
+# domains, you'll need to copy the dnslookup_relay_to_domains router
+# here so that mail to relay_domains is handled separately.
+
+smarthost:
+ debug_print = "R: smarthost for $local_part@$domain"
+ driver = manualroute
+ domains = ! +local_domains
+ transport = remote_smtp_smarthost
+ route_list = * DCsmarthost byname
+ host_find_failed = ignore
+ same_domain_copy_routing = yes
+ no_more
+
+.endif
+
+
+# The "no_more" above means that all later routers are for
+# domains in the local_domains list, i.e. just like Exim 3 directors.
--- /dev/null
+
+### transport/30_exim4-config_remote_smtp
+#################################
+# This transport is used for delivering messages over SMTP connections.
+# Refuse to send any message with over-long lines, which could have
+# been received other than via SMTP. The use of message_size_limit to
+# enforce this is a red herring.
+
+remote_smtp:
+ debug_print = "T: remote_smtp for $local_part@$domain"
+ driver = smtp
+.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+ message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+.endif
+.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
+ hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
+.endif
+.ifdef REMOTE_SMTP_HEADERS_REWRITE
+ headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+.endif
+.ifdef REMOTE_SMTP_RETURN_PATH
+ return_path = REMOTE_SMTP_RETURN_PATH
+.endif
+.ifdef REMOTE_SMTP_HELO_DATA
+ helo_data=REMOTE_SMTP_HELO_DATA
+.endif
+.ifdef DKIM_DOMAIN
+dkim_domain = DKIM_DOMAIN
+.endif
+.ifdef DKIM_SELECTOR
+dkim_selector = DKIM_SELECTOR
+.endif
+.ifdef DKIM_PRIVATE_KEY
+dkim_private_key = DKIM_PRIVATE_KEY
+.endif
+.ifdef DKIM_CANON
+dkim_canon = DKIM_CANON
+.endif
+.ifdef DKIM_STRICT
+dkim_strict = DKIM_STRICT
+.endif
+.ifdef DKIM_SIGN_HEADERS
+dkim_sign_headers = DKIM_SIGN_HEADERS
+.endif
+.ifdef TLS_DH_MIN_BITS
+tls_dh_min_bits = TLS_DH_MIN_BITS
+.endif
+.ifdef REMOTE_SMTP_TLS_CERTIFICATE
+tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
+.endif
+.ifdef REMOTE_SMTP_PRIVATEKEY
+tls_privatekey = REMOTE_SMTP_PRIVATEKEY
+.endif
++.ifndef REMOTE_SMTP_DISABLE_DANE
++dnssec_request_domains = *
++hosts_try_dane = *
++.endif
--- /dev/null
+
+### transport/30_exim4-config_remote_smtp_smarthost
+#################################
+
+# This transport is used for delivering messages over SMTP connections
+# to a smarthost. The local host tries to authenticate.
+# This transport is used for smarthost and satellite configurations.
+# Refuse to send any messsage with over-long lines, which could have
+# been received other than via SMTP. The use of message_size_limit to
+# enforce this is a red herring.
+
+remote_smtp_smarthost:
+ debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+ driver = smtp
++ multi_domain
+.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+ message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+.endif
+ hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
+ {\
+ ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
+ }\
+ {} \
+ }
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+ hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+ hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+.endif
+.ifdef REMOTE_SMTP_HEADERS_REWRITE
+ headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+.endif
+.ifdef REMOTE_SMTP_RETURN_PATH
+ return_path = REMOTE_SMTP_RETURN_PATH
+.endif
+.ifdef REMOTE_SMTP_HELO_DATA
+ helo_data=REMOTE_SMTP_HELO_DATA
+.endif
+.ifdef TLS_DH_MIN_BITS
+tls_dh_min_bits = TLS_DH_MIN_BITS
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+.endif
+.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+.endif
--- /dev/null
- contents="$(lowercase ${@:-empty} | check_ascii_pipe)"
+#!/bin/sh
+# update-exim4.conf(8) - Generate /var/lib/exim4/config.autogenerated
+
+set -e
+set -C
+set -f
+
+UPEX4C_confdir="/etc/exim4"
+UPEX4C_sections="main acl router transport retry rewrite auth"
+
+# list of ue4cc options that need to support both colons and
+# semicolons as separators. dc_other_hostnames and dc_smarthost
+# has special handling.
+UPEX4C_semicolon="dc_local_interfaces dc_relay_nets dc_relay_domains"
+EXIM="/usr/sbin/exim4"
+
+UPEX4C_verbose=no
+UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated
+UPEX4C_outputfile="${UPEX4C_autoconfigfile}"
+UPEX4C_version=""
+
+usage() {
+cat <<EOF
+$0 - Generate exim4 configuration files
+ Options:
+ -v|--verbose - Enable verbose mode, tell about ignored files
+ -h|--help - Show this message
+ --keepcomments - Do not remove comment lines
+ --removecomments - Remove comment lines
+ -o|--output file - write output to file instead of ${UPEX4C_outputfile}
+ -d|--confdir directory - read input from given directory instead of ${UPEX4C_confdir}
+ --check - Test generated file for validity and remove it again.
+EOF
+}
+
+## Parse commandline
+TEMP=$(getopt -n update-exim4.conf \
+ -l check,keepcomments,removecomments,output:,confdir:,help,verbose -- \
+ +o:d:vh "$@")
+
+if test "$?" != 0; then
+ echo "Terminating..." >&2
+ exit 1
+fi
+
+eval set -- ${TEMP}
+while test "$1" != "--"; do
+ case $1 in
+ -h|--help)
+ usage
+ exit 0
+ ;;
+ -v|--verbose)
+ UPEX4C_verbose=yes
+ ;;
+ --keepcomments)
+ UPEX4C_comments=yes
+ ;;
+ --removecomments)
+ UPEX4C_comments=no
+ ;;
+ --check)
+ UPEX4C_check=yes
+ ;;
+ -o|--output)
+ shift
+ UPEX4C_outputfile="$1"
+ ;;
+ -d|--confdir)
+ shift
+ UPEX4C_confdir="$1"
+ ;;
+ esac
+ shift
+done
+shift
+
+# No non-option arguments allowed.
+if [ "$#" -ne 0 ]; then
+ echo "No non option arguments ($@) allowed" >&2
+ usage >&2
+ exit 1
+fi
+
+# exit immediately if /etc/exim4/exim4.conf exists and -o was not specified
+if [ -e /etc/exim4/exim4.conf ] && \
+ [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] ; then
+ exit 0
+fi
+
+UE4CC="$UPEX4C_confdir/update-exim4.conf.conf"
+UPEX4C_confd="$UPEX4C_confdir/conf.d"
+
+[ -d "$(dirname "$UPEX4C_outputfile")" ] || \
+{ printf "$0: Error, missing $(dirname "$UPEX4C_outputfile"), exiting.\n" 1>&2 ; exit 1 ; }
+
+if [ -f "$UE4CC" ]; then
+ . "$UE4CC"
+else
+ echo >&2 "$0: Error, no $UE4CC, exiting."
+ exit 1
+fi
+
+
+UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated
+if [ "$(dirname ${UPEX4C_outputfile})" = "/var/lib/exim4" ] ; then
+ UPEX4C_tmp="${UPEX4C_outputfile}.tmp"
+else
+ UPEX4C_tmp="$(tempfile -m600 -p ex4)"
+fi
+
+lowerpipe() {
+ tr 'A-Z' 'a-z'
+}
+
+lowercase() {
+ echo "$*" | lowerpipe
+}
+
+check_ascii_pipe() {
+ IN="$(cat)"
+ # Use "abcdef... instead of a a-z or [:alnum:] here since the alternatives
+ # will also match non-ascii characters.
+ OUT="$(echo $IN | sed 's/[^-0-9ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\/\.!*@_~:;< \[\]]/_/g')"
+ if [ "$OUT" != "$IN" ]; then
+ echo >&2 "$0: non-ascii value $IN read from $UE4CC, sanitizing to $OUT"
+ fi
+ echo $OUT
+}
+
+[ "${CFILEMODE}" = "" ] && CFILEMODE=644
+[ "${dc_use_split_config}" = "" ] && dc_use_split_config='false'
+[ "${dc_localdelivery}" = "" ] && dc_localdelivery='mail_spool'
+[ "${UPEX4C_comments:-}" = "" ] && UPEX4C_comments="${ue4c_keepcomments:-no}"
+
+TEMPLATEFILE="${UPEX4C_confdir}/exim4.conf.template"
+
+dc_use_split_config="$(lowercase $dc_use_split_config)"
+UPEX4C_verbose="$(lowercase $UPEX4C_verbose)"
+
+if [ "${dc_use_split_config}" = "true" ]; then
+ [ "${UPEX4C_verbose}" = "yes" ] && \
+ echo "using split configuration scheme from ${UPEX4C_confd}"
+ if ! [ -d "${UPEX4C_confd}" ]; then
+ printf >&2 "$0: Error, no ${UPEX4C_confd}, exiting.\n"
+ exit 1
+ fi
+else
+ [ "${UPEX4C_verbose}" = "yes" ] && \
+ echo "using non-split configuration scheme from ${TEMPLATEFILE}"
+fi
+
+# take only the first word from /etc/mailname
+mailname="$(< /etc/mailname sed -n 's/\([-[:alnum:]@\.]\+\).*/\1/;p;q' | lowerpipe | check_ascii_pipe)"
+
+# barf if lookups are found. They have never been supported here.
+if echo " ${dc_other_hostnames} ${dc_smarthost} ${dc_local_interfaces} ${dc_relay_nets} ${dc_relay_domains}"| grep -q '[[:space:]]\(partial-\)\?\(cdb\|dbm\|dbmnz\|\(d\|ipl\|\(n\?wild\)\?l\)search\|nis\)\([\*@]\)\?[[:space:]]*;'; then
+ echo >&2 "WARNING: using 'lookup;' constructs in $UE4CC has never been supported! See /usr/share/doc/exim4-config/NEWS.Debian.gz for details."
+fi
+
+dc_other_hostnames="$(lowercase $dc_other_hostnames | check_ascii_pipe)"
+# add localhost, get rid of spaces, trailing (semi)colons and make the list
+# colon separated
+local_domains="$(echo @:localhost:"${dc_other_hostnames}" | \
+ sed -e 's/[;: ]*$//' -e 's/ *//' -e 's/;/:/g')"
+
+
+# run-parts emulation, stolen from Branden's /etc/X11/Xsession
+# Addition: Use file.rul instead if file if it exists.
+run_parts () {
+ # reset LC_COLLATE
+ unset LANG LC_COLLATE LC_ALL
+
+ if [ -z "$1" ]; then
+ errormessage "$0: internal run_parts called without an argument"
+ fi
+ if [ ! -d "$1" ]; then
+ errormessage "$0: internal run_parts called, but $1 does not exist or is not a directory."
+ fi
+ for F in $(ls $1); do
+ if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then
+ if [ -f "$1/$F" ] ; then
+ if [ -f "$1/${F}.rul" ] ; then
+ echo "$1/${F}.rul"
+ else
+ echo "$1/$F"
+ fi
+ fi
+ else
+ if [ "${UPEX4C_verbose}" = "yes" ] && \
+ [ -f "$1/$F" ] && \
+ ! expr "$F" : '[[:alnum:]_-]\+\.rul'> /dev/null 2>&1 ; then
+ echo \
+ "internal run-parts: ignoring file: $1/$F" 1>&2
+ fi
+ fi
+ done;
+}
+# also from Branden
+errormessage () {
+ # pretty-print messages of arbitrary length (no trailing newline)
+ echo "$*" | fold -s -w ${COLUMNS:-80} >&2;
+}
+
+cat_parts() {
+ if [ -z "$1" ]; then
+ errormessage "$0: internal cat_parts called without an argument"
+ fi
+ if [ ! -d "$1" ]; then
+ errormessage "$0: internal cat_parts called, but $1 does not exist or is not a directory."
+ fi
+ for file in $(run_parts $1); do
+ echo "#####################################################"
+ echo "### $file"
+ echo "#####################################################"
+ cat "$file"
+ echo
+ echo "#####################################################"
+ echo "### end $file"
+ echo "#####################################################"
+ done
+}
+
+gentmpconf() {
+ rm -f "${UPEX4C_tmp}"
+ touch "${UPEX4C_tmp}"
+ # this can be removed by the end of 2007
+ #chown --reference=${TEMPLATEFILE} \
+ # ${UPEX4C_tmp} ${UPEX4C_outputfile}
+ #chmod --reference=${TEMPLATEFILE} \
+ # ${UPEX4C_tmp} ${UPEX4C_outputfile}
+ if [ "$(id -u)" = "0" ]; then
+ chown root:Debian-exim "${UPEX4C_tmp}"
+ [ -e "${UPEX4C_outputfile}" ] && \
+ chown root:Debian-exim "${UPEX4C_outputfile}"
+ fi
+ chmod 640 "${UPEX4C_tmp}"
+ if [ -e "${UPEX4C_outputfile}" ]; then
+ chmod 640 "${UPEX4C_outputfile}"
+ fi
+}
+
+removecomments(){
+ if [ "${UPEX4C_comments}" = "no" ] ; then
+ grep -E -v '^[[:space:]]*#' | sed -e '/^$/N;/\n$/D' ;
+ else
+ cat
+ fi
+}
+
+gentmpconf
+
+cat << EOF >> "${UPEX4C_tmp}"
+#########
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# This file was generated dynamically from
+EOF
+
+if [ "${dc_use_split_config}" = "true" ] ; then
+cat << EOF >> "${UPEX4C_tmp}"
+# split config files in the $UPEX4C_confd/ directory.
+EOF
+else
+cat << EOF >> "${UPEX4C_tmp}"
+# non-split config ($UPEX4C_confdir/exim4.conf.localmacros
+# and $UPEX4C_confdir/exim4.conf.template).
+EOF
+fi
+
+cat << EOF >> "${UPEX4C_tmp}"
+# The config files are supplemented with package installation/configuration
+# settings managed by debconf. This data is stored in
+# $UPEX4C_confdir/update-exim4.conf.conf
+# Any changes you make here will be lost.
+# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
+# for instructions of customization.
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+#########
+EOF
+
+# handle ";" in input values as separator change
+
+for field in $UPEX4C_semicolon; do
+ if eval echo \$$field | grep -q ";"; then
+ eval temp=\$$field
+ if ! echo $temp | grep -q "^<"; then
+ temp="<; $temp"
+ eval "$field='$temp'"
+ fi
+ fi
+done
+
+# fix up smarthost line: change semicolons into single colons
+dc_smarthost="$(lowercase $dc_smarthost | check_ascii_pipe | sed 's/;/:/g')"
+
+dc_relay_nets="$(lowercase $dc_relay_nets | check_ascii_pipe)"
+
+if echo "$dc_relay_nets" | grep -q '^<;'; then
+ dc_relay_nets="$dc_relay_nets ; 127.0.0.1 ; ::1"
+else
+ dc_relay_nets="$dc_relay_nets : 127.0.0.1 : ::::1"
+fi
+
+dc_eximconfig_configtype="$(lowercase $dc_eximconfig_configtype | check_ascii_pipe)"
+dc_hide_mailname="$(lowercase $dc_hide_mailname | check_ascii_pipe)"
+dc_readhost="$(lowercase $dc_readhost | check_ascii_pipe)"
+case "$dc_eximconfig_configtype" in
+ satellite|smarthost)
+ if [ "${dc_hide_mailname}" = "true" ] && [ -n "${dc_readhost}" ] ; then
+ hide_mailname=1
+ fi
+ ;;
+ local)
+ ;;
+ internet)
+ ;;
+ none|*)
+ if [ "${dc_use_split_config}" = "true" ] ; then
+ for i in ${UPEX4C_sections} ; do
+ cat_parts "${UPEX4C_confd}/$i"
+ done | \
+ removecomments \
+ >> "${UPEX4C_tmp}"
+ else
+ LOCALMACROS=""
+ if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then
+ LOCALMACROS="/etc/exim4/exim4.conf.localmacros"
+ fi
+ cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" | \
+ removecomments \
+ >> "${UPEX4C_tmp}"
+ fi
+ mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}"
+ chmod "${CFILEMODE}" "${UPEX4C_outputfile}"
+ [ "${UPEX4C_verbose}" = "yes" ] && \
+ echo "Not substituting variables since conftype is none (or other)"
+ exit 0
+ ;;
+esac
+
+UPEX4C_macros="##############################################\n"
+UPEX4C_macros="${UPEX4C_macros}# the following macro definitions were created\n"
+UPEX4C_macros="${UPEX4C_macros}# dynamically by $0\n"
+
+preprocess_macro() {
+ macroname="${1:-}"
+ shift
++ contents="$(lowercase ${@} | check_ascii_pipe)"
+ printf "%s" ".ifndef $macroname\n$macroname=$contents\n.endif\n"
+}
+
+seed_macro() {
+ UPEX4C_macros="${UPEX4C_macros}$(preprocess_macro "$1" "$2")"
+}
+
+file2macros() {
+ file="$1"
+ < $1 \
+ sed -n '/^[[:upper:]]/p;' | \
+ grep -v '^CFILEMODE=' | \
+ while read line; do
+ errormessage "undocumented line $line found in $1, generating exim macro"
+ left="$(echo $line | sed 's/\([^=]*\).*/\1/')"
+ right="$(echo $line | sed 's/[^=]*=\(.*\)/\1/')"
+ preprocess_macro "$left" "$right"
+ done
+}
+
+if [ "${dc_local_interfaces}" != "" ] ; then
+ seed_macro "MAIN_LOCAL_INTERFACES" "${dc_local_interfaces}"
+fi
+
+if [ "${dc_minimaldns}" = "true" ] ; then
+ seed_macro "DC_minimaldns" "1"
+ if guessed_name="$(hostname --fqdn | lowerpipe | check_ascii_pipe | grep '\.')" ; then
+ seed_macro "MAIN_HARDCODE_PRIMARY_HOSTNAME" "$guessed_name"
+ else
+ errormessage "hostname --fqdn did not return a fully qualified name, dc_minimaldns will not work. Please fix your /etc/hosts setup."
+ fi
+fi
+
+if [ -n "${hide_mailname:-}" ]; then
+ seed_macro "HIDE_MAILNAME" "${hide_mailname:-}"
+fi
+seed_macro "MAIN_PACKAGE_VERSION" "$UPEX4C_version"
+seed_macro "MAIN_LOCAL_DOMAINS" "${local_domains}"
+seed_macro "MAIN_RELAY_TO_DOMAINS" "${dc_relay_domains}"
+seed_macro "ETC_MAILNAME" "$mailname"
+seed_macro "LOCAL_DELIVERY" "${dc_localdelivery}"
+seed_macro "MAIN_RELAY_NETS" "${dc_relay_nets}"
+seed_macro "DCreadhost" "${dc_readhost}"
+seed_macro "DCsmarthost" "${dc_smarthost}"
+seed_macro "DC_eximconfig_configtype" "${dc_eximconfig_configtype}"
+seed_macro "DCconfig_${dc_eximconfig_configtype}" "1"
+
+# dump everything starting with a capital into macros as well
+# this is going to stay undocumented, but fixes PEBCAK where people write
+# macros into ue4cc.
+
+UPEX4C_macros="${UPEX4C_macros}$(file2macros $UE4CC)"
+
+UPEX4C_macros="${UPEX4C_macros}##############################################\n"
+
+case "${dc_use_split_config}" in
+true)
+ for i in ${UPEX4C_sections} ; do
+ echo "# begin processing $i #####"
+ cat_parts "${UPEX4C_confd}/$i"
+ echo "# end of $i #####"
+ done \
+ | removecomments \
+ | sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \
+ >> "${UPEX4C_tmp}"
+ RELEVANTTEMPLATE="$UPEX4C_confd"
+;;
+false)
+ if [ ! -r "$TEMPLATEFILE" ] ; then
+ echo "Error: Unsplit config selected and $TEMPLATEFILE missing ... exiting" 1>&2
+ exit 1
+ fi
+ LOCALMACROS=""
+ if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then
+ LOCALMACROS="${UPEX4C_confdir}/exim4.conf.localmacros"
+ fi
+ cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" \
+ | removecomments \
+ | sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \
+ >> "${UPEX4C_tmp}"
+ RELEVANTTEMPLATE="$TEMPLATEFILE"
+;;
+*)
+ errormessage "Invalid value for dc_use_split_config: \"${dc_use_split_config}\", exiting."
+ rm -f "${UPEX4C_tmp}"
+ exit 1
+;;
+esac
+
+# check for left-over DEBCONF strings that may cause installation trouble
+# (fix PEBCAK for people who don't accept conffile changes and don't
+# read docs)
+if grep -qr '^[^#]*DEBCONF[[:lower:]_]\+DEBCONF' $RELEVANTTEMPLATE \
+ && ! grep -qr '^[[:space:]]*DEBCONFstringOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then
+ errormessage "DEBCONFsomethingDEBCONF found in exim configuration. This is most probably caused by you upgrading to exim4 4.67-3 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-2 and 4.67-4"
+fi
+
+# check for left-over UPEX4CmacrosUPEX4C comment string that may cause
+# installation trouble (fix PEBCAK for people who don't accept conffile
+# changes and don't read docs)
+if grep -qr '# UPEX4CmacrosUPEX4C' $RELEVANTTEMPLATE \
+ && ! grep -qr '^[[:space:]]*UPEX4CmacrosOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then
+ errormessage "UPEX4CmacrosUPEX4C found in an exim configuration comment. This is most probably caused by you upgrading to exim4 4.67-5 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-5"
+fi
+
+
+# test validity if called without -o or if --check was supplied
+if [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] || \
+ [ "x${UPEX4C_check}" = "xyes" ]; then
+ if [ -x "${EXIM}" ] ; then
+ if ! "${EXIM}" -C "${UPEX4C_tmp}" -bV > /dev/null ; then
+ # we have an error in the configuration file. Do not install
+ # and activate. However, errors in string expansions inside
+ # the configuration file are not detected by this check!
+ errormessage "Invalid new configfile ${UPEX4C_tmp}, not installing ${UPEX4C_tmp} to ${UPEX4C_outputfile}"
+ exit 1
+ fi
+ fi
+fi
+if [ "x${UPEX4C_check}" = "xyes" ]; then
+ rm -f "${UPEX4C_tmp}"
+ exit 0
+fi
+
+mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}"
+chmod "${CFILEMODE}" "${UPEX4C_outputfile}"
+
+# end of file
--- /dev/null
- /etc/init.d/exim4 reload > /dev/null || true
+#!/bin/bash
+
+# put this file in /etc/network/if-up.d/exim4-smarthost
+# add an exim4-smarthost smtp.server.example.com::587 line to your interface
+# stanza in /etc/network/interfaces
+
+# this will only work for split config, since in non-split config we
+# only have a single file which is included and which would need more
+# serious string processing to alter. With split config, we can blindly
+# overwrite our previous file.
+
+# Environment:
+# MODE = { start | stop }
+# IF_EXIM4_SMARTHOST = hostname[::port]
+
+SMARTHOSTFILE="/etc/exim4/conf.d/main/00_local_DCsmarthost"
+
+if [ -z "$IF_EXIM4_SMARTHOST" ]; then
+ exit 0
+fi
+
+if [ "$MODE" = 'stop' ]; then
+ rm -f $SMARTHOSTFILE
- /etc/init.d/exim4 reload > /dev/null || true
++ invoke exim4 reload > /dev/null || true
+ exit 0
+fi
+
+if [ "$IF_EXIM4_SMARTHOST" = "none" ]; then
+ rm -f $SMARTHOSTFILE
- /etc/init.d/exim4 reload > /dev/null || true
++ invoke exim4 reload > /dev/null || true
+ exit 0
+fi
+
+echo "DCsmarthost = ${IF_EXIM4_SMARTHOST}" > $SMARTHOSTFILE
+
++invoke exim4 reload > /dev/null || true
+/usr/sbin/exim4 -qqf
--- /dev/null
- 855d721412eba13426a8781cc804157d -
++321b32be071eee7394d7884f9471e6bd -
--- /dev/null
- su - --shell /bin/bash \
- --command "xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \
+#!/bin/sh
+
+if [ -n "$EX4DEBUG" ]; then
+ echo "now debugging $0 $@"
+ set -x
+fi
+
+
+# set this to some other value if you don't want the panic log to be
+# watched by this script, for example when you're using your own log
+# checking mechanisms or don't care.
+
+E4BCD_DAILY_REPORT_TO=""
+E4BCD_DAILY_REPORT_OPTIONS=""
+E4BCD_WATCH_PANICLOG="yes"
+# Number of lines of paniclog quoted in warning email.
+E4BCD_PANICLOG_LINES="10"
+E4BCD_PANICLOG_NOISE=""
+
+# Only do anything if exim4 is actually installed
+if [ ! -x /usr/lib/exim4/exim4 ]; then
+ exit 0
+fi
+
+[ -f /etc/default/exim4 ] && . /etc/default/exim4
+
+SPOOLDIR="$(exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')"
+
+# The log processing code used in this cron script is not very
+# sophisticated. It relies on this cron job being executed earlier than
+# the log rotation job, and will have false results if the log is not
+# rotated exactly once daily in the daily cron processing. Even in the
+# default configuration, it will ignore log entries made between this
+# cron job and the log rotation job.
+
+# Patches for more sophisticated processing are appreciated via the
+# Debian BTS.
+
+E4BCD_MAINLOG_NOISE="^[[:digit:][:space:]:-]\{20\}\(\(Start\|End\) queue run: pid=[[:digit:]]\+\|exim [[:digit:]\.]\+ daemon started: pid=[[:digit:]]\+, .*\)$"
+
+if [ -n "$E4BCD_DAILY_REPORT_TO" ]; then
+ if [ -x "$(command -v eximstats)" ] && [ -x "$(command -v mail)" ]; then
+ if [ "$(< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" | wc -l)" -gt "0" ]; then
+ < /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" \
+ | eximstats $E4BCD_DAILY_REPORT_OPTIONS \
+ | mail -s"$(hostname --fqdn) Daily e-mail activity report" \
+ $E4BCD_DAILY_REPORT_TO
+ else
+ echo "no mail activity in this interval" \
+ | mail -s"$(hostname --fqdn) Daily e-mail activity report" \
+ $E4BCD_DAILY_REPORT_TO
+ fi
+ else
+ echo "The exim4 cron job is configured to send a daily report, but eximstats"
+ echo "and/or mail cannot be found. Please check and make sure that these two"
+ echo "binaries are available"
+ fi
+fi
+
+log_this() {
+ TEXT="$@"
+ if ! logger -t exim4 -p mail.alert $TEXT; then
+ RET="$?"
+ echo >&2 "ALERT: could not syslog $TEXT, logger return value $RET"
+ fi
+}
+
+if [ "$E4BCD_WATCH_PANICLOG" != "no" ]; then
+ if [ -s "/var/log/exim4/paniclog" ]; then
+ if [ -x "/usr/local/lib/exim4/nonzero_paniclog_hook" ]; then
+ /usr/local/lib/exim4/nonzero_paniclog_hook
+ fi
+ if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
+ log_this "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken"
+ if ! printf "Subject: exim paniclog on %s has non-zero size\nTo: root\n\nexim paniclog /var/log/exim4/paniclog on %s has non-zero size, mail system might be broken. The last ${E4BCD_PANICLOG_LINES} lines are quoted below.\n\n%s\n" \
+ "$(hostname --fqdn)" "$(hostname --fqdn)" \
+ "$(tail -n "${E4BCD_PANICLOG_LINES}" /var/log/exim4/paniclog)" \
+ | exim4 root; then
+ log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code"
+ fi
+ if [ "$E4BCD_WATCH_PANICLOG" = "once" ]; then
+ logrotate -f /etc/logrotate.d/exim4-paniclog
+ fi
+ fi
+ fi
+fi
+
+# run tidydb as Debian-exim:Debian-exim.
+if [ -x /usr/sbin/exim_tidydb ]; then
+ cd $SPOOLDIR/db || exit 1
+ if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
+ -or -type f -printf '%f\0' | \
+ xargs -0r -n 1 \
+ start-stop-daemon --start --exec /usr/sbin/exim_tidydb \
+ --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then
+ # if we reach this, invoking exim_tidydb from start-stop-daemon has
+ # failed, most probably because of libpam-tmpdir being in use
+ # (see #373786 and #376165)
+ find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \
+ -or -type f -printf '%f\0' | \
++ runuser --shell=/bin/bash \
++ --command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \
+ Debian-exim
+ fi
+fi
--- /dev/null
- /usr/sbin
- /usr/share/man/man8
+/etc/cron.daily
+/etc/logrotate.d
++/usr/sbin
+/usr/share/doc/exim4-base/examples
++/usr/share/man/man8
--- /dev/null
- b-exim4-daemon-light/NOTICE
+b-exim4-daemon-light/ACKNOWLEDGMENTS
- b-exim4-daemon-light/doc/README
- b-exim4-daemon-light/doc/README.SIEVE
++b-exim4-daemon-light/NOTICE
+b-exim4-daemon-light/README.UPDATING
- b-exim4-daemon-light/doc/dbm.discuss.txt
+b-exim4-daemon-light/doc/Exim3.upgrade
+b-exim4-daemon-light/doc/Exim4.upgrade
- b-exim4-daemon-light/doc/filter.txt
++b-exim4-daemon-light/doc/GnuTLS-FAQ.txt
+b-exim4-daemon-light/doc/NewStuff
+b-exim4-daemon-light/doc/OptionLists.txt
++b-exim4-daemon-light/doc/README
++b-exim4-daemon-light/doc/README.SIEVE
++b-exim4-daemon-light/doc/dbm.discuss.txt
++b-exim4-daemon-light/doc/filter.txt
+b-exim4-daemon-light/doc/spec.txt
- b-exim4-daemon-light/doc/GnuTLS-FAQ.txt
- debian/changelog.Debian.old
+debian/README.Debian.html
++debian/changelog.Debian.old
--- /dev/null
- debian/exim-gencert
+b-exim4-daemon-light/util/cramtest.pl
+b-exim4-daemon-light/util/logargs.sh
+b-exim4-daemon-light/util/unknownuser.sh
+debian/exim-adduser
++debian/exim-gencert
--- /dev/null
- killproc -p "$QRPIDFILE" "$DAEMON"
+#! /bin/sh
+# /etc/init.d/exim4
+#
+# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
+# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+# Modified for exim by Tim Cutts <timc@chiark.greenend.org.uk>
+# Modified for exim4 by Andreas Metzler <ametzler@debian.org>
+# and Marc Haber <mh+debian-packages@zugschlus.de>
+
+### BEGIN INIT INFO
+# Provides: exim4
+# Required-Start: $remote_fs $syslog $named $network $time
+# Required-Stop: $remote_fs $syslog $named $network
+# Should-Start: postgresql mysql clamav-daemon greylist spamassassin
+# Should-Stop: postgresql mysql clamav-daemon greylist spamassassin
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: exim Mail Transport Agent
+# Description: exim is a Mail Transport agent
+### END INIT INFO
+
+set -e
+
+test -x /usr/lib/exim4/exim4 || exit 0
+
+. /lib/lsb/init-functions
+
+if [ -n "$EX4DEBUG" ]; then
+ echo "now debugging $0 $@"
+ set -x
+fi
+
+LANG=C
+export LANG
+
+#read default file
+QUEUERUNNER='combined'
+QUEUEINTERVAL='30m'
+UPEX4OPTS=''
+[ -f /etc/default/exim4 ] && . /etc/default/exim4
+PIDFILE="/run/exim4/exim.pid"
+QRPIDFILE="/run/exim4/eximqr.pid"
+
+upex4conf() {
+ UPEX4CONF="update-exim4.conf"
+ OLDIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if [ -x "$p/$UPEX4CONF" ]; then
+ IFS="$OLDIFS"
+ $p/$UPEX4CONF $UPEX4OPTS $1
+ return 0
+ fi
+ done
+ IFS="$OLDIFS"
+}
+
+# Exit if exim runs from /etc/inetd.conf
+if [ -f /etc/inetd.conf ] && grep -E -q '^[[:space:]]*((\*|[[:alnum:].-]+):)?smtp[[:space:]]' /etc/inetd.conf
+then
+ upex4conf
+ exit 0
+fi
+
+
+DAEMON="/usr/sbin/exim4"
+NAME="exim4"
+
+# this is from madduck on IRC, 2006-07-06
+# There should be a better possibility to give daemon error messages
+# and/or to log things
+log()
+{
+ case "$1" in
+ [[:digit:]]*) success=$1; shift;;
+ *) :;;
+ esac
+ log_action_begin_msg "$1"; shift
+ log_action_end_msg ${success:-0} "$*"
+}
+
+start_exim()
+{
+ [ -e /run/exim4 ] || \
+ install -d -oDebian-exim -gDebian-exim -m750 /run/exim4
+ case ${QUEUERUNNER} in
+ combined)
+ start_daemon -p "$PIDFILE" \
+ "$DAEMON" -bd "-q${QFLAGS}${QUEUEINTERVAL}" \
+ ${COMMONOPTIONS} \
+ ${QUEUERUNNEROPTIONS} \
+ ${SMTPLISTENEROPTIONS}
+ log_progress_msg "exim4"
+ ;;
+ separate)
+ start_daemon -p "$PIDFILE" \
+ "$DAEMON" -bd \
+ ${COMMONOPTIONS} \
+ ${SMTPLISTENEROPTIONS}
+ log_progress_msg "exim4_listener"
+ start_daemon -p "$QRPIDFILE" \
+ "$DAEMON" -oP $QRPIDFILE \
+ "-q${QFLAGS}${QUEUEINTERVAL}" \
+ ${COMMONOPTIONS} \
+ ${QUEUERUNNEROPTIONS}
+ log_progress_msg "exim4_queuerunner"
+ ;;
+ queueonly)
+ start_daemon -p "$PIDFILE" \
+ "$DAEMON" -oP $PIDFILE \
+ "-q${QFLAGS}${QUEUEINTERVAL}" \
+ ${COMMONOPTIONS} \
+ ${QUEUERUNNEROPTIONS}
+ log_progress_msg "exim4_queuerunner"
+ ;;
+ no|ppp)
+ start_daemon -p "$PIDFILE" \
+ "$DAEMON" -bd \
+ ${COMMONOPTIONS} \
+ ${SMTPLISTENEROPTIONS}
+ log_progress_msg "exim4_listener"
+ ;;
+ nodaemon)
+ ;;
+ esac
+}
+
+stop_exim()
+{
+# we try to kill eximqr and exim SMTP listener, no matter what
+# ${QUEUERUNNER} is set to, we could have switched since starting.
+ if [ -f "$QRPIDFILE" ]; then
- if [ $? -eq 0 ] ; then rm -f "$QRPIDFILE" ; fi
++ start-stop-daemon --stop --retry 5 --quiet --oknodo --remove-pidfile \
++ --pidfile "$QRPIDFILE" \
++ --exec "$DAEMON"
+ # exim does not remove the pidfile
- killproc -p "$PIDFILE" "$DAEMON"
++ if [ $? -eq 2 ] ; then rm -f "$QRPIDFILE" ; fi
+ log_progress_msg "exim4_queuerunner"
+ fi
+ if [ -f "$PIDFILE" ]; then
- if [ $? -eq 0 ] ; then rm -f "$PIDFILE" ; fi
++ start-stop-daemon --stop --retry 5 --quiet --oknodo --remove-pidfile \
++ --pidfile "$PIDFILE" \
++ --exec "$DAEMON"
+ # exim does not remove the pidfile
- killproc -p "$PIDFILE" "$DAEMON" -HUP
++ if [ $? -eq 2 ] ; then rm -f "$PIDFILE" ; fi
+ log_progress_msg "exim4_listener"
+ fi
+}
+
+reload_exim()
+{
+ case ${QUEUERUNNER} in
+ combined|no|ppp|queueonly)
- killproc -p "$PIDFILE" "$DAEMON" -HUP
++ start-stop-daemon --stop --signal HUP --quiet --oknodo \
++ --pidfile "$PIDFILE" \
++ --exec "$DAEMON"
+ log_progress_msg "exim4"
+ ;;
+ separate)
- killproc -p "$QRPIDFILE" "$DAEMON" -HUP
++ start-stop-daemon --stop --signal HUP --quiet --oknodo \
++ --pidfile "$PIDFILE" \
++ --exec "$DAEMON"
+ log_progress_msg "exim4_listener"
++ start-stop-daemon --stop --signal HUP --quiet --oknodo \
++ --pidfile "$QRPIDFILE" \
++ --exec "$DAEMON"
+ log_progress_msg "exim4_queuerunner"
+ ;;
+ esac
+}
+
+kill_all_exims()
+{ SIG="${1:-TERM}"
+ for pid in $(pidof $NAME); do
+ if [ "$(readlink /proc/$pid/root)" = "/" ]; then
+ kill -$SIG $pid
+ fi
+ done
+}
+
+status()
+{
+ # the exit value of this function reflects the status of the SMTP
+ # service. Output shows the status of the queue runner as well.
+ SMTPNAME="SMTP listener daemon"
+ QRNAME="separate queue runner daemon"
+ if [ "${QUEUERUNNER}" = "combined" ]; then
+ SMTPNAME="combined SMTP listener and queue runner daemon"
+ elif [ "${QUEUERUNNER}" = "queueonly" ]; then
+ SMTPNAME="separate queue runner daemon"
+ fi
+ log_action_begin_msg "checking $QRNAME"
+ if pidofproc -p "$QRPIDFILE" "$DAEMON" >/dev/null; then
+ log_action_end_msg 0 "running"
+ else
+ if [ -e "$QRPIDFILE" ]; then
+ log_action_end_msg 1 "$QRNAME failed"
+ else
+ log_action_end_msg 0 "not running"
+ fi
+ fi
+ log_action_begin_msg "checking $SMTPNAME"
+ if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
+ log_action_end_msg 0 "running"
+ exit 0
+ else
+ if [ -e "$PIDFILE" ]; then
+ log_action_end_msg 1 "$SMTPNAME failed"
+ exit 1
+ else
+ log_action_end_msg 0 "not running"
+ exit 3
+ fi
+ fi
+}
+
+# check for valid configuration file
+isconfigvalid()
+{
+if ! $DAEMON -bV > /dev/null ; then
+ log 1 "Warning! Invalid configuration file for $NAME. Exiting."
+ exit 1
+fi
+}
+
+# check for non-empty paniclog
+warn_paniclog()
+{
+ if [ -s "/var/log/exim4/paniclog" ]; then
+ if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then
+ echo "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken" 1>&2
+ fi
+ fi
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting MTA"
+ # regenerate exim4.conf
+ upex4conf
+ isconfigvalid
+ start_exim
+ log_end_msg 0
+ warn_paniclog
+ ;;
+ stop)
+ log_daemon_msg "Stopping MTA"
+ stop_exim
+ log_end_msg 0
+ warn_paniclog
+ ;;
+ restart)
+ # check whether newly generated config would work
+ upex4conf --check
+ log_daemon_msg "Stopping MTA for restart"
+ stop_exim
+ # regenerate exim4.conf
+ upex4conf
+ isconfigvalid
+ log_end_msg 0
+ sleep 2
+ log_daemon_msg "Restarting MTA"
+ start_exim
+ log_end_msg 0
+ warn_paniclog
+ ;;
+ reload|force-reload)
+ log_daemon_msg "Reloading $NAME configuration files"
+ # regenerate exim4.conf
+ upex4conf
+ isconfigvalid
+ reload_exim
+ log_end_msg 0
+ warn_paniclog
+ ;;
+ status)
+ status
+ ;;
+ force-stop)
+ kill_all_exims $2
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|status|force-stop}"
+ exit 1
+ ;;
+esac
+
+exit 0
+# vim:tabstop=2:expandtab:shiftwidth=2
--- /dev/null
- debian/script usr/share/bug/exim4-base
- debian/gnutls-params-2048 usr/share/exim4
+debian/exim4_refresh_gnutls-params usr/share/exim4
++debian/gnutls-params-2048 usr/share/exim4
++debian/script usr/share/bug/exim4-base
--- /dev/null
- debian/manpages/exim_convert4r4.8
+b-exim4-daemon-light/doc/exim.8
+debian/manpages/exicyclog.8
+debian/manpages/exigrep.8
+debian/manpages/exim_checkaccess.8
++debian/manpages/exim_convert4r4.8
+debian/manpages/exim_db.8
+debian/manpages/exim_dbmbuild.8
+debian/manpages/exim_lock.8
+debian/manpages/exinext.8
+debian/manpages/exiqgrep.8
+debian/manpages/exiqsumm.8
+debian/manpages/exiwhat.8
--- /dev/null
- if command -v invoke-rc.d >/dev/null 2>&1; then
- invoke-rc.d exim4 stop
- else
- /etc/init.d/exim4 stop
- fi
+#!/bin/sh
+
+set -e
+
+if [ -e /usr/share/debconf/confmodule ] ; then
+ . /usr/share/debconf/confmodule
+ export debconfavailable="yes"
+fi
+
+if [ -n "$EX4DEBUG" ]; then
+ echo "now debugging $0 $@"
+ set -x
+fi
+
+case "$1" in
+ remove)
+ # work around apt purging -base before even removing -daemon #261994.
+ # postrm is good enough, we just need the init-script which is a conffile.
+ if [ -x /etc/init.d/exim4 ]; then
+ if [ -n "$EX4DEBUG" ]; then
+ netstat -tulpen
+ ls -al /run/exim4/
+ cat /run/exim4/exim.pid
+ pidof exim4
+ fi
++ invoke-rc.d exim4 stop
+ if [ -n "$EX4DEBUG" ]; then
+ netstat -tulpen
+ ls -al /run/exim4/
+ cat /run/exim4/exim.pid
+ pidof exim4
+ if pidof exim4; then
+ echo >&2 "WARN: There are some exim4 processes still running after stopping exim"
+ fi
+ fi
+ fi
+ rm -f /var/lib/exim4/berkeleydbvers.txt
+ ;;
+ purge)
+ update-rc.d exim4 remove > /dev/null
+
+ # ask about purging mailqueue if debconf is available, keep it
+ # otherwise
+ if [ -e /var/spool/exim4/input ] \
+ && ! rmdir /var/spool/exim4/input 2>/dev/null \
+ && [ "$debconfavailable" = "yes" ]; then
+ db_version 2.0
+ db_input medium exim4/purge_spool || true
+ db_go || true
+ db_get exim4/purge_spool
+ purge_spool="$RET"
+ if [ "${purge_spool}" = "true" ] ; then
+ rm -rf /var/spool/exim4/input
+ fi
+ fi
+
+ # remove logs and pid-dir.
+ rm -rf /run/exim4 /var/log/exim4 /var/spool/exim4/msglog \
+ /var/spool/exim4/db /var/spool/exim4/exim-process.info \
+ /var/spool/exim4/gnutls-params*
+ rmdir /var/spool/exim4 /var/lib/exim4 2> /dev/null || true
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
- /usr/sbin
+/etc/exim4/conf.d
+/etc/ppp/ip-up.d
++/usr/sbin
+/usr/share/doc/exim4-config
+/usr/share/man/man8
+/var/lib/exim4
--- /dev/null
- debian/debconf/update-exim4.conf.template usr/sbin
+debian/debconf/exim4.conf.template etc/exim4
++debian/debconf/update-exim4.conf.template usr/sbin
+debian/script usr/share/bug/exim4-config
--- /dev/null
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_host_local_deny_exceptions.5.gz
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_sender_local_deny_exceptions.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/etc-aliases.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/etc-email-addresses.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_crt.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_key.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_host_local_deny_exceptions.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_hubbed_hosts.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_domain_dnsbl_whitelist.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_host_blacklist.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_rcpt_callout.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_sender_blacklist.5.gz
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_rcpt_callout.5.gz
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_domain_dnsbl_whitelist.5.gz
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_hubbed_hosts.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_sender_callout.5.gz
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_crt.5.gz
- usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_key.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_passwd.5.gz
+usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_passwd_client.5.gz
++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_sender_local_deny_exceptions.5.gz
+usr/share/man/man8/update-exim4.conf.8.gz usr/share/man/man5/update-exim4.conf.conf.5.gz
--- /dev/null
- debian/manpages/exim4-config_files.5
++debian/manpages/exim4-config_files.5
+debian/manpages/update-exim4.conf.8
+debian/manpages/update-exim4.conf.template.8
+debian/manpages/update-exim4defaults.8
--- /dev/null
- usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz
++usr/sbin/exim4 usr/bin/mailq
++usr/sbin/exim4 usr/bin/newaliases
+usr/sbin/exim4 usr/lib/exim4/exim4
+usr/sbin/exim4 usr/lib/sendmail
+usr/sbin/exim4 usr/sbin/exim
- usr/sbin/exim4 usr/sbin/sendmail
- usr/sbin/exim4 usr/sbin/runq
+usr/sbin/exim4 usr/sbin/rmail
+usr/sbin/exim4 usr/sbin/rsmtp
- usr/sbin/exim4 usr/bin/mailq
- usr/sbin/exim4 usr/bin/newaliases
- usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-custom/changelog.gz
++usr/sbin/exim4 usr/sbin/runq
++usr/sbin/exim4 usr/sbin/sendmail
+usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-daemon-custom/README.Debian.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz
++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-custom/changelog.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz
+usr/share/man/man8/exim.8.gz usr/share/man/man8/mailq.8.gz
+usr/share/man/man8/exim.8.gz usr/share/man/man8/newaliases.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz
--- /dev/null
- /usr/lib/exim4/local_scan
+/usr/lib/exim4
++/usr/lib/exim4/local_scan
+/usr/sbin
+/usr/share/man/man8
--- /dev/null
- usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz
++usr/sbin/exim4 usr/bin/mailq
++usr/sbin/exim4 usr/bin/newaliases
+usr/sbin/exim4 usr/lib/exim4/exim4
+usr/sbin/exim4 usr/lib/sendmail
+usr/sbin/exim4 usr/sbin/exim
- usr/sbin/exim4 usr/sbin/sendmail
- usr/sbin/exim4 usr/sbin/runq
+usr/sbin/exim4 usr/sbin/rmail
+usr/sbin/exim4 usr/sbin/rsmtp
- usr/sbin/exim4 usr/bin/mailq
- usr/sbin/exim4 usr/bin/newaliases
- usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-heavy/changelog.gz
++usr/sbin/exim4 usr/sbin/runq
++usr/sbin/exim4 usr/sbin/sendmail
+usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-daemon-heavy/README.Debian.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz
++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-heavy/changelog.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz
+usr/share/man/man8/exim.8.gz usr/share/man/man8/mailq.8.gz
+usr/share/man/man8/exim.8.gz usr/share/man/man8/newaliases.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz
--- /dev/null
- usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz
++usr/sbin/exim4 usr/bin/mailq
++usr/sbin/exim4 usr/bin/newaliases
+usr/sbin/exim4 usr/lib/exim4/exim4
+usr/sbin/exim4 usr/lib/sendmail
+usr/sbin/exim4 usr/sbin/exim
- usr/sbin/exim4 usr/sbin/sendmail
- usr/sbin/exim4 usr/sbin/runq
+usr/sbin/exim4 usr/sbin/rmail
+usr/sbin/exim4 usr/sbin/rsmtp
- usr/sbin/exim4 usr/bin/mailq
- usr/sbin/exim4 usr/bin/newaliases
- usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-light/changelog.gz
++usr/sbin/exim4 usr/sbin/runq
++usr/sbin/exim4 usr/sbin/sendmail
+usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-daemon-light/README.Debian.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz
- usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz
++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-light/changelog.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz
+usr/share/man/man8/exim.8.gz usr/share/man/man8/mailq.8.gz
+usr/share/man/man8/exim.8.gz usr/share/man/man8/newaliases.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz
++usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz
--- /dev/null
- if [ -x /usr/bin/certtool ] && \
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+if [ -n "$EX4DEBUG" ]; then
+ echo "now debugging $0 $@"
+ set -x
+fi
+
+dc_eximconfig_configtype="other"
+db_get exim4/dc_eximconfig_configtype || true
+if [ "$RET" = "no configuration at this time" ]; then
+ dc_eximconfig_configtype="none"
+fi
+
+case "$1" in
+ configure)
+
+ # || true is needed for succesfull installation with configtype 'none'
+ if [ -x /etc/init.d/exim4 ]; then
+ db_stop
+ if [ "$dc_eximconfig_configtype" = "none" ]; then
+ # we may have broken config here, ignore errors
+ invoke-rc.d exim4 start || true
+ else
+ # we must have working config here, honor errors
+ invoke-rc.d exim4 start
+ fi
+ fi
+
+ # set up DH-parameter file, update if older than 160 days
+ if test -e /var/spool/exim4/gnutls-params-2048 ; then
+ if [ `stat --format=%Y /var/spool/exim4/gnutls-params-2048` -le $(( `date +%s` - 13824000 )) ];
+ then
+ echo "Updating GnuTLS DH parameter file" 1>&2
+ /usr/share/exim4/exim4_refresh_gnutls-params
+ fi
+ else
+ echo "Initializing GnuTLS DH parameter file" 1>&2
+ tempgnutls=$(tempfile --directory /var/spool/exim4 --mode 644 --prefix "gnutp")
+ chown Debian-exim:Debian-exim $tempgnutls
++ if which certtool > /dev/null 2>&1 && \
+ timeout --preserve-status --kill-after=15 120 \
+ certtool --generate-dh-params --bits 2048 > $tempgnutls ; then
+ mv $tempgnutls /var/spool/exim4/gnutls-params-2048
+ else
+ rm -f $tempgnutls
+ install -m 644 -o Debian-exim -g Debian-exim \
+ /usr/share/exim4/gnutls-params-2048 \
+ /var/spool/exim4/gnutls-params-2048
+ fi
+ fi
+
+
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
- if command -v invoke-rc.d >/dev/null 2>&1; then
- invoke-rc.d exim4 stop
- else
- /etc/init.d/exim4 stop
- fi
+#!/bin/sh
+
+set -e
+
+if [ -n "$EX4DEBUG" ]; then
+ echo "now debugging $0 $@"
+ set -x
+fi
+
+case "$1" in
+ remove|upgrade)
+ if [ -x /etc/init.d/exim4 ]; then
+ if [ -n "$EX4DEBUG" ]; then
+ netstat -tulpen
+ ls -al /run/exim4/
+ cat /run/exim4/exim.pid
+ pidof exim4
+ fi
++ invoke-rc.d exim4 stop
+ if [ -n "$EX4DEBUG" ]; then
+ netstat -tulpen
+ ls -al /run/exim4/
+ cat /run/exim4/exim.pid
+ pidof exim4
+ if pidof exim4; then
+ echo >&2 "WARN: There are some exim4 processes still running after stopping exim"
+ fi
+ fi
+ fi
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
- b-exim4-daemon-light/src/store.h usr/include/exim4
+b-exim4-daemon-light/src/local_scan.h usr/include/exim4
+b-exim4-daemon-light/src/mytypes.h usr/include/exim4
++b-exim4-daemon-light/src/store.h usr/include/exim4
+debian/exim4-localscan-plugin-config usr/bin
--- /dev/null
- usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-dev/changelog.gz
+usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-dev/README.Debian.gz
++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-dev/changelog.gz
--- /dev/null
- usr/sbin
+usr/lib/exim4
++usr/sbin
--- /dev/null
- courier-mta, esmtp-run, hula-mta, masqmail, mta-dummy, nullmailer, postfix, sendmail-bin, smail, ssmtp, xmail, zmailer
++citadel-server, courier-mta, dma, esmtp-run, hula-mta, masqmail, msmtp-mta, mta-dummy, nullmailer, opensmtpd, postfix, qmail-run, sendmail-bin, smail, ssmtp, xmail, zmailer
--- /dev/null
- Last-Update: 2017-01-31
+Description: We ship the binary as exim4 instead of exim, fix manpage
+ accordingly.
+Author: Marc Haber <mh+debian-packages@zugschlus.de>,
+ Andreas Metzler <ametzler@bebt.de>
- @@ -175,7 +175,7 @@ of lookups, you will just get the same r
++Last-Update: 2018-12-31
+Forwarded: not-needed (upstream uses the "exim" name)
+
+--- a/doc/exim.8
++++ b/doc/exim.8
+@@ -1,9 +1,9 @@
+-.TH EXIM 8
++.TH EXIM4 8
+ .SH NAME
+-exim \- a Mail Transfer Agent
++exim4 \- a Mail Transfer Agent
+ .SH SYNOPSIS
+ .nf
+-.B exim [options] arguments ...
++.B exim4 [options] arguments ...
+ .B mailq [options] arguments ...
+ .B rsmtp [options] arguments ...
+ .B rmail [options] arguments ...
+@@ -40,7 +40,7 @@ local message on the standard input, wit
+ recipients) is assumed. Thus, for example, if Exim is installed in
+ \fI/usr/sbin\fP, you can send a message from the command line like this:
+ .sp
+- /usr/sbin/exim -i <recipient-address(es)>
++ /usr/sbin/exim4 -i <recipient-address(es)>
+ <message content, including all the header lines>
+ CTRL-D
+ .sp
+@@ -125,8 +125,8 @@ ports, on multiple ports, and only on sp
+ .sp
+ When a listening daemon
+ is started without the use of \fB\-oX\fP (that is, without overriding the normal
+-configuration), it writes its process id to a file called exim\-daemon.pid
+-in Exim's spool directory. This location can be overridden by setting
++configuration), it writes its process id to a file called
++/var/run/exim4/exim.pid. This location can be overridden by setting
+ PID_FILE_PATH in Local/Makefile. The file is written while Exim is still
+ running as root.
+ .sp
- @@ -201,7 +201,7 @@ If you want to test a system filter file
++@@ -180,7 +180,7 @@ available to admin users.
+ This option operates like \fB\-be\fP except that it must be followed by the name
+ of a file. For example:
+ .sp
+- exim \-bem /tmp/testmessage
++ exim4 \-bem /tmp/testmessage
+ .sp
+ The file is read as a message (as if receiving a locally\-submitted non\-SMTP
+ message) before any of the test expansions are done. Thus, message\-specific
- @@ -253,8 +253,8 @@ This option runs a fake SMTP session as
++@@ -206,7 +206,7 @@ If you want to test a system filter file
+ can use both \fB\-bF\fP and \fB\-bf\fP on the same command, in order to test a system
+ filter and a user filter in the same run. For example:
+ .sp
+- exim \-bF /system/filter \-bf /user/filter </test/message
++ exim4 \-bF /system/filter \-bf /user/filter </test/message
+ .sp
+ This is helpful when the system filter adds header lines or sets filter
+ variables that are used by the user filter.
- @@ -412,7 +412,7 @@ main configuration options to be written
++@@ -258,8 +258,8 @@ This option runs a fake SMTP session as
+ standard input and output. The IP address may include a port number at the end,
+ after a full stop. For example:
+ .sp
+- exim \-bh 10.9.8.7.1234
+- exim \-bh fe80::a00:20ff:fe86:a061.5678
++ exim4 \-bh 10.9.8.7.1234
++ exim4 \-bh fe80::a00:20ff:fe86:a061.5678
+ .sp
+ When an IPv6 address is given, it is converted into canonical form. In the case
+ of the second example above, the value of \fI$sender_host_address\fP after
- @@ -440,7 +440,7 @@ written directly into the spool director
++@@ -417,7 +417,7 @@ main configuration options to be written
+ of one or more specific options can be requested by giving their names as
+ arguments, for example:
+ .sp
+- exim \-bP qualify_domain hold_domains
++ exim4 \-bP qualify_domain hold_domains
+ .sp
+ However, any option setting that is preceded by the word "hide" in the
+ configuration file is not shown in full, except to an admin user. For other
- @@ -449,7 +449,7 @@ If one of the words \fBrouter\fP, \fBtra
++@@ -445,7 +445,7 @@ written directly into the spool director
+ .sp
+ If \fB\-bP\fP is followed by a name preceded by +, for example,
+ .sp
+- exim \-bP +local_domains
++ exim4 \-bP +local_domains
+ .sp
+ it searches for a matching named list of any type (domain, host, address, or
+ local part) and outputs what it finds.
- @@ -532,7 +532,7 @@ This option is for testing retry rules,
++@@ -454,7 +454,7 @@ If one of the words \fBrouter\fP, \fBtra
+ followed by the name of an appropriate driver instance, the option settings for
+ that driver are output. For example:
+ .sp
+- exim \-bP transport local_delivery
++ exim4 \-bP transport local_delivery
+ .sp
+ The generic driver options are output first, followed by the driver's private
+ options. A list of the names of drivers of a particular type can be obtained by
- @@ -545,7 +545,7 @@ rule is found that matches the host, one
++@@ -539,7 +539,7 @@ This option is for testing retry rules,
+ arguments. It causes Exim to look for a retry rule that matches the values
+ and to write it to the standard output. For example:
+ .sp
+- exim \-brt bach.comp.mus.example
++ exim4 \-brt bach.comp.mus.example
+ Retry rule: *.comp.mus.example F,2h,15m; F,4d,30m;
+ .sp
+ The first
- @@ -648,7 +648,7 @@ doing such tests.
++@@ -552,7 +552,7 @@ rule is found that matches the host, one
+ sought. Finally, an argument that is the name of a specific delivery error, as
+ used in setting up retry rules, can be given. For example:
+ .sp
+- exim \-brt haydn.comp.mus.example quota_3d
++ exim4 \-brt haydn.comp.mus.example quota_3d
+ Retry rule: *@haydn.comp.mus.example quota_3d F,1h,15m
+ .TP 10
+ \fB\-brw\fP
- name of the run time configuration file that is in use.
- @@ -676,7 +676,7 @@ If no arguments are given, Exim runs in
++@@ -655,7 +655,7 @@ doing such tests.
+ .TP 10
+ \fB\-bV\fP
+ This option causes Exim to write the current version number, compilation
+-number, and compilation date of the \fIexim\fP binary to the standard output.
++number, and compilation date of the \fIexim4\fP binary to the standard output.
+ It also lists the DBM library that is being used, the optional modules (such as
+ specific lookup types), the drivers that are included in the binary, and the
- @@ -789,14 +789,14 @@ command line item. \fB\-D\fP can be used
++ name of the runtime configuration file that is in use.
++@@ -683,7 +683,7 @@ If no arguments are given, Exim runs in
+ right angle bracket for addresses to be verified.
+ .sp
+ Unlike the \fB\-be\fP test option, you cannot arrange for Exim to use the
+-readline() function, because it is running as \fIexim\fP and there are
++readline() function, because it is running as \fIexim4\fP and there are
+ security issues.
+ .sp
+ Verification differs from address testing (the \fB\-bt\fP option) in that routers
- @@ -926,8 +926,8 @@ never provoke a bounce. An empty sender
++@@ -796,14 +796,14 @@ command line item. \fB\-D\fP can be used
+ string, in which case the equals sign is optional. These two commands are
+ synonymous:
+ .sp
+- exim \-DABC ...
+- exim \-DABC= ...
++ exim4 \-DABC ...
++ exim4 \-DABC= ...
+ .sp
+ To include spaces in a macro definition item, quotes must be used. If you use
+ quotes, spaces are permitted around the macro name and the equals sign. For
+ example:
+ .sp
+- exim '\-D ABC = something' ...
++ exim4 '\-D ABC = something' ...
+ .sp
+ \fB\-D\fP may be repeated up to 10 times on a command line.
+ Only macro names up to 22 letters long can be set.
- @@ -1292,12 +1292,12 @@ other circumstances, they are ignored un
++@@ -938,8 +938,8 @@ never provoke a bounce. An empty sender
+ string, or as a pair of angle brackets with nothing between them, as in these
+ examples of shell commands:
+ .sp
+- exim \-f '<>' user@domain
+- exim \-f "" user@domain
++ exim4 \-f '<>' user@domain
++ exim4 \-f "" user@domain
+ .sp
+ In addition, the use of \fB\-f\fP is not restricted when testing a filter file
+ with \fB\-bf\fP or when testing or verifying addresses using the \fB\-bt\fP or
- @@ -1502,22 +1502,22 @@ If other commandline options specify an
++@@ -1315,12 +1315,12 @@ other circumstances, they are ignored un
+ The \fB\-oMa\fP option sets the sender host address. This may include a port
+ number at the end, after a full stop (period). For example:
+ .sp
+- exim \-bs \-oMa 10.9.8.7.1234
++ exim4 \-bs \-oMa 10.9.8.7.1234
+ .sp
+ An alternative syntax is to enclose the IP address in square brackets,
+ followed by a colon and the port number:
+ .sp
+- exim \-bs \-oMa [10.9.8.7]:1234
++ exim4 \-bs \-oMa [10.9.8.7]:1234
+ .sp
+ The IP address is placed in the \fI$sender_host_address\fP variable, and the
+ port, if present, in \fI$sender_host_port\fP. If both \fB\-oMa\fP and \fB\-bh\fP
- @@ -1533,7 +1533,7 @@ starting a queue runner process at inter
++@@ -1526,22 +1526,22 @@ If other commandline options specify an
+ will specify a queue to operate on.
+ For example:
+ .sp
+- exim \-bp \-qGquarantine
++ exim4 \-bp \-qGquarantine
+ mailq \-qGquarantine
+- exim \-qGoffpeak \-Rf @special.domain.example
++ exim4 \-qGoffpeak \-Rf @special.domain.example
+ .TP 10
+ \fB\-q\fP<\fIqflags\fP> <\fIstart id\fP> <\fIend id\fP>
+ When scanning the queue, Exim can be made to skip over messages whose ids are
+ lexically less than a given value by following the \fB\-q\fP option with a
+ starting message id. For example:
+ .sp
+- exim \-q 0t5C6f\-0000c8\-00
++ exim4 \-q 0t5C6f\-0000c8\-00
+ .sp
+ Messages that arrived earlier than 0t5C6f\-0000c8\-00 are not inspected. If a
+ second message id is given, messages whose ids are lexically greater than it
+ are also skipped. If the same id is given twice, for example,
+ .sp
+- exim \-q 0t5C6f\-0000c8\-00 0t5C6f\-0000c8\-00
++ exim4 \-q 0t5C6f\-0000c8\-00 0t5C6f\-0000c8\-00
+ .sp
+ just one delivery process is started, for that message. This differs from
+ \fB\-M\fP in that retry data is respected, and it also differs from \fB\-Mc\fP in
- @@ -1564,7 +1564,7 @@ regular expression; otherwise it is a li
++@@ -1557,7 +1557,7 @@ starting a queue runner process at inter
+ single daemon process handles both functions. A common way of starting up a
+ combined daemon at system boot time is to use a command such as
+ .sp
+- /usr/exim/bin/exim \-bd \-q30m
++ /usr/sbin/exim4 \-bd \-q30m
+ .sp
+ Such a daemon listens for incoming SMTP calls, and also starts a queue runner
+ process every 30 minutes.
- @@ -1680,6 +1680,26 @@ under most shells.
++@@ -1588,7 +1588,7 @@ regular expression; otherwise it is a li
+ If you want to do periodic queue runs for messages with specific recipients,
+ you can combine \fB\-R\fP with \fB\-q\fP and a time value. For example:
+ .sp
+- exim \-q25m \-R @special.domain.example
++ exim4 \-q25m \-R @special.domain.example
+ .sp
+ This example does a queue run for messages with recipients in the given domain
+ every 25 minutes. Any additional flags that are specified with \fB\-q\fP are
++@@ -1704,6 +1704,26 @@ under most shells.
+ .sp
+ .
+ .SH "SEE ALSO"
++.BR exicyclog (8),
++.BR exigrep (8),
++.BR exim_checkaccess (8),
++.BR exim_convert4r4 (8),
++.BR exim_db (8),
++.BR exim_dbmbuild (8),
++.BR exim_lock (8),
++.BR eximon (8),
++.BR exinext (8),
++.BR exiqgrep (8),
++.BR exiqsumm (8),
++.BR exiwhat (8),
++.BR update\-exim4.conf (8),
++.BR update\-exim4defaults (8),
++/usr/share/doc/exim4\-base/,
++/usr/share/doc/exim4\-base/README.Debian.[gz|html].
+ .rs
+ .sp
+ The full Exim specification, the Exim book, and the Exim wiki.
++
++.SH AUTHOR
++This manual page was provided with the upstream Exim source package.
++It was enhanced for the Debian GNU/Linux system.
--- /dev/null
- Description: Accomodate source for installing exim as exim4.
++Description: Accommodate source for installing exim as exim4.
+Author: Andreas Metzler <ametzler@debian.org>
+Origin: vendor
+Forwarded: not-needed
- Last-Update: 2013-09-28
++Last-Update: 2018-12-12
+
+--- a/OS/Makefile-Linux
++++ b/OS/Makefile-Linux
+@@ -28,9 +28,9 @@ XLFLAGS=-L$(X11)/lib
+ X11_LD_LIB=$(X11)/lib
+
+ EXIWHAT_PS_ARG=ax
+-EXIWHAT_EGREP_ARG='/exim( |$$)'
++EXIWHAT_EGREP_ARG='/exim4( |$$)'
+ EXIWHAT_MULTIKILL_CMD=killall
+-EXIWHAT_MULTIKILL_ARG=exim
++EXIWHAT_MULTIKILL_ARG=exim4
+ EXIWHAT_KILL_SIGNAL=-USR1
+
+ # End
+--- a/src/exicyclog.src
++++ b/src/exicyclog.src
- @@ -144,7 +144,7 @@ done
++@@ -149,7 +149,7 @@ done
+
+ st=' '
+ exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi
++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+
+ spool_directory=`$exim_path -C $config -bP spool_directory | sed 's/.*=[ ]*//'`
+
+--- a/src/exim_checkaccess.src
++++ b/src/exim_checkaccess.src
+@@ -52,7 +52,7 @@ done
+ # a tab to keep the tab in one place.
+
+ exim_path=`perl -ne 'chop;if (/^\s*exim_path\s*=\s*(.*)/){print "$1\n";last;}' $config`
+-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi
++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+
+
+ #########################################################################
+--- a/src/eximon.src
++++ b/src/eximon.src
- @@ -72,7 +72,7 @@ config=${EXIMON_EXIM_CONFIG-$config}
++@@ -79,7 +79,7 @@ config=${EXIMON_EXIM_CONFIG-$config}
+
+ st=' '
+ EXIM_PATH=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+-if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim; fi
++if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim4; fi
+
+ SPOOL_DIRECTORY=`$EXIM_PATH -C $config -bP spool_directory | sed 's/.*=[ ]*//'`
+ LOG_FILE_PATH=`$EXIM_PATH -C $config -bP log_file_path | sed 's/.*=[ ]*//'`
+--- a/src/exinext.src
++++ b/src/exinext.src
- @@ -90,7 +90,7 @@ if [ "$exim_path" = "" ]; then
++@@ -97,7 +97,7 @@ if [ "$exim_path" = "" ]; then
+ exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+ fi
+
+-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi
++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+ spool_directory=`$exim_path $eximmacdef -C $config -bP spool_directory | sed 's/.*=[ ]*//'`
+ qualify_domain=`$exim_path $eximmacdef -C $config -bP qualify_domain | sed 's/.*=[ ]*//'`
+
- @@ -171,7 +171,7 @@ perl - $exim_path "$eximmacdef" $argone
++@@ -181,7 +181,7 @@ perl - $exim_path "$eximmacdef" $argone
+
+ # Run exim_dumpdb to get out the retry data and pick off what we want
+
+- open(DATA, "${exim}_dumpdb $spool retry |") ||
++ open(DATA, "/usr/sbin/exim_dumpdb $spool retry |") ||
+ die "can't run exim_dumpdb";
+
+ while (<DATA>)
+--- a/src/exiqgrep.src
++++ b/src/exiqgrep.src
- @@ -21,7 +21,7 @@ use strict;
- use Getopt::Std;
++@@ -24,7 +24,7 @@ use Getopt::Std;
++ use File::Basename;
+
+ # Have this variable point to your exim binary.
+-my $exim = 'BIN_DIRECTORY/exim';
++my $exim = 'BIN_DIRECTORY/exim4';
+ my $eargs = '-bpu';
+ my %id;
+ my %opt;
+--- a/src/exiwhat.src
++++ b/src/exiwhat.src
- @@ -88,7 +88,7 @@ fi
++@@ -98,7 +98,7 @@ fi
+
+ st=' '
+ exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi
++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+ spool_directory=`$exim_path -C $config -bP spool_directory | sed "s/.*=[ ]*//"`
+ process_log_path=`$exim_path -C $config -bP process_log_path | sed "s/.*=[ ]*//"`
+
+--- a/src/globals.c
++++ b/src/globals.c
- @@ -705,7 +705,7 @@ const uschar *event_name = NULL;
++@@ -906,7 +906,7 @@ const uschar *event_name = NULL;
++
+
+ gid_t exim_gid = EXIM_GID;
- BOOL exim_gid_set = TRUE; /* This gid is always set */
+-uschar *exim_path = US BIN_DIRECTORY "/exim"
++uschar *exim_path = US BIN_DIRECTORY "/exim4"
+ "\0<---------------Space to patch exim_path->";
+ uid_t exim_uid = EXIM_UID;
- BOOL exim_uid_set = TRUE; /* This uid is always set */
++ int expand_level = 0; /* Nesting depth, indent for debug */
--- /dev/null
- --- exim4-4.82~rc1.orig/src/convert4r4.src
- +++ exim4-4.82~rc1/src/convert4r4.src
- @@ -652,6 +652,32 @@ return defined $main{$_[0]} && $main{$_[
+Description: Add a warning message to convert4r4
+Author: Marc Haber <mh+debian-packages@zugschlus.de>
+Origin: vendor
+Forwarded: no
+Last-Update: 2013-09-28
+
++--- a/src/convert4r4.src
+++++ b/src/convert4r4.src
++@@ -666,6 +666,32 @@ return defined $main{$_[0]} && $main{$_[
+
+ print STDERR "Runtime configuration file converter for Exim release 4.\n";
+
++if( !defined $ENV{"CONVERT4R4"} || $ENV{"CONVERT4R4"} ne "I understand this is an unsupported tool" ) {
++
++ print STDERR <<EOF;
++convert4r4 on Debian GNU/Linux deprecated
++
++This tool is unsupported by upstream and discouraged by the Debian Exim 4
++maintainers. It has multiple known bugs, and you need to manually
++review its output after using it anyway. Please seriously consider complete
++manual regeneration of the Exim 4 configuration, preferably by using the new
++Debconf interface to Exim 4.
++
++If you decide to ignore this advice and to use this script anyway,
++setting the environment variable CONVERT4R4 to the value
++\"I understand this is an unsupported tool\"
++will allow you to run the script. If you find bugs, you get to keep
++the pieces. Please do not file bugs against this script in the Debian
++BTS without providing a patch fixing the bugs, and please do not
++expect the upstream exim-users mailing list to answer questions.
++
++Kind regards
++the Debian Exim4 Maintainers
++EOF
++
++ exit 1;
++}
++
+ $transport_start = $director_start = $router_start = $retry_start
+ = $rewrite_start = $auth_start = 999999;
+
--- /dev/null
- Author: Andreas Metzler <ametzler@downhill.at.eu.org>
+Description: Stop using exim's -C option in utility scripts (exiwhat
+ et al.) since this breaks with ALT_CONFIG_PREFIX.
- Last-Update: 2014-12-01
++Author: Andreas Metzler <ametzler@bebt.de>
+Forwarded: http://bugs.exim.org/show_bug.cgi?id=1045
- @@ -146,10 +146,10 @@ st=' '
++Last-Update: 2018-12-31
+
+--- a/src/exicyclog.src
++++ b/src/exicyclog.src
- @@ -74,8 +74,8 @@ st=' '
++@@ -151,10 +151,10 @@ st=' '
+ exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+ if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+
+-spool_directory=`$exim_path -C $config -bP spool_directory | sed 's/.*=[ ]*//'`
++spool_directory=`$exim_path -bP spool_directory | sed 's/.*=[ ]*//'`
+
+ if [ "$log_file_path" = "" ] ; then
+- log_file_path=`$exim_path -C $config -bP log_file_path | sed 's/.*=[ ]*//'`
++ log_file_path=`$exim_path -bP log_file_path | sed 's/.*=[ ]*//'`
+ fi
+
+ # If log_file_path contains only "syslog" then no Exim log files are in use.
+--- a/src/eximon.src
++++ b/src/eximon.src
- @@ -91,8 +91,8 @@ if [ "$exim_path" = "" ]; then
++@@ -81,8 +81,8 @@ st=' '
+ EXIM_PATH=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+ if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim4; fi
+
+-SPOOL_DIRECTORY=`$EXIM_PATH -C $config -bP spool_directory | sed 's/.*=[ ]*//'`
+-LOG_FILE_PATH=`$EXIM_PATH -C $config -bP log_file_path | sed 's/.*=[ ]*//'`
++SPOOL_DIRECTORY=`$EXIM_PATH -bP spool_directory | sed 's/.*=[ ]*//'`
++LOG_FILE_PATH=`$EXIM_PATH -bP log_file_path | sed 's/.*=[ ]*//'`
+
+ # If log_file_path is "syslog" then logging is only to syslog, and the monitor
+ # is unable to display a log tail unless EXIMON_LOG_FILE_PATH is set to tell
+--- a/src/exinext.src
++++ b/src/exinext.src
- @@ -134,7 +134,7 @@ perl - $exim_path "$eximmacdef" $argone
++@@ -98,8 +98,8 @@ if [ "$exim_path" = "" ]; then
+ fi
+
+ if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+-spool_directory=`$exim_path $eximmacdef -C $config -bP spool_directory | sed 's/.*=[ ]*//'`
+-qualify_domain=`$exim_path $eximmacdef -C $config -bP qualify_domain | sed 's/.*=[ ]*//'`
++spool_directory=`$exim_path $eximmacdef -bP spool_directory | sed 's/.*=[ ]*//'`
++qualify_domain=`$exim_path $eximmacdef -bP qualify_domain | sed 's/.*=[ ]*//'`
+
+ # Now do the job. Perl uses $ so frequently that we don't want to have to
+ # escape them all from the shell, so pass in shell variable values as
- @@ -89,8 +89,8 @@ fi
++@@ -144,7 +144,7 @@ perl - $exim_path "$eximmacdef" $argone
+ # Run Exim to get a list of hosts for the given domain; for
+ # each one construct the appropriate retry key.
+
+- open(LIST, "$exim -C $config -v -bt $address |") ||
++ open(LIST, "$exim -v -bt $address |") ||
+ die "can't run exim to route $address";
+
+ while (<LIST>)
+--- a/src/exiwhat.src
++++ b/src/exiwhat.src
++@@ -99,8 +99,8 @@ fi
+ st=' '
+ exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"`
+ if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi
+-spool_directory=`$exim_path -C $config -bP spool_directory | sed "s/.*=[ ]*//"`
+-process_log_path=`$exim_path -C $config -bP process_log_path | sed "s/.*=[ ]*//"`
++spool_directory=`$exim_path -bP spool_directory | sed "s/.*=[ ]*//"`
++process_log_path=`$exim_path -bP process_log_path | sed "s/.*=[ ]*//"`
+
+ # The file that Exim writes when sent the SIGUSR1 signal is specified by
+ # the process_log_path option. If that is not defined, Exim uses the file
--- /dev/null
- #! /bin/sh /usr/share/dpatch/dpatch-run
- ## 70_remove_exim-users_references.dpatch by Marc Haber <mh+debian-packages@zugschlus.de>
- ##
- ## All lines beginning with `## DP:' are a description of the patch.
- ## DP: No description.
- Last-Update: 2014-12-01
++Description: Point Debian users to Debian specific ML.
++Author: Marc Haber <mh+debian-packages@zugschlus.de>
++Last-Update: 2018-12-31
+
+--- a/README
++++ b/README
+@@ -14,8 +14,16 @@ from Exim 3, though the basic structure
+ older book may be helpful for the background, but a lot of the detail has
+ changed, so it is likely to be confusing to newcomers.
+
- -There is a web site at http://www.exim.org; this contains details of the
++-There is a website at https://www.exim.org; this contains details of the
+-mailing list exim-users@exim.org.
++Information about the way Debian has built the binary packages is
++obtainable in /usr/share/doc/exim4-base/README.Debian.gz, and there
++is a Debian-centered mailing list,
++pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific
++questions there, and only write to the upstream exim-users mailing
++list if you are sure that your question is not Debian-specific. You
++can find the subscription web page on
++http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
++
- +There is a web site at http://www.exim.org.
+++There is a website at https://www.exim.org/.
+
+ A copy of the Exim FAQ should be available from the same source that you used
+ to obtain the Exim distribution. Additional formats for the documentation
+--- a/src/eximstats.src
++++ b/src/eximstats.src
+@@ -537,8 +537,7 @@ about how to create charts from the tabl
+
+ =head1 AUTHOR
+
- -There is a web site at http://www.exim.org - this contains details of the
++-There is a website at https://www.exim.org - this contains details of the
+-mailing list exim-users@exim.org.
- +There is a web site at http://www.exim.org
+++There is a website at https://www.exim.org/.
+
+ =head1 TO DO
+
--- /dev/null
--- /dev/null
++From b2734f7b45111f9b7de790c7b334a2ece47675b5 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Sat, 9 Feb 2019 16:56:59 +0000
++Subject: [PATCH 1/7] Fix json extract operator for unfound case
++
++(cherry picked from commit e73798976812e652320f096870359ef35ed069ff)
++---
++ doc/doc-docbook/spec.xfpt | 4 ++++
++ src/expand.c | 13 ++++++++-----
++ test/scripts/0000-Basic/0002 | 3 +++
++ test/stdout/0002 | 3 +++
++ 4 files changed, 18 insertions(+), 5 deletions(-)
++
++--- a/src/expand.c
+++++ b/src/expand.c
++@@ -3901,7 +3901,8 @@ return NULL;
++ /* Pull off the leading array or object element, returning
++ a copy in an allocated string. Update the list pointer.
++
++-The element may itself be an abject or array.
+++The element may itself be an object or array.
+++Return NULL when the list is empty.
++ */
++
++ uschar *
++@@ -3923,6 +3924,7 @@ for (item = s;
++ case '}': object_depth--; break;
++ }
++ *list = *s ? s+1 : s;
+++if (item == s) return NULL;
++ item = string_copyn(item, s - item);
++ DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item);
++ return US item;
++@@ -5790,10 +5792,11 @@ while (*s != 0)
++ }
++ while (field_number > 0 && (item = json_nextinlist(&list)))
++ field_number--;
++- s = item;
++- lookup_value = s;
++- while (*s) s++;
++- while (--s >= lookup_value && isspace(*s)) *s = '\0';
+++ if ((lookup_value = s = item))
+++ {
+++ while (*s) s++;
+++ while (--s >= lookup_value && isspace(*s)) *s = '\0';
+++ }
++ }
++ else
++ {
++--- a/doc/spec.txt
+++++ b/doc/spec.txt
++@@ -8776,6 +8776,8 @@ ${extract json{<key>}{<string1>}{<string
++ The braces, commas and colons, and the quoting of the member name are
++ required; the spaces are optional. Matching of the key against the member
++ names is done case-sensitively.
+++ If a returned value is a JSON string, it retains its leading and
+++ trailing quotes.
++
++ The results of matching are handled as above.
++
++@@ -8813,6 +8815,8 @@ ${extract json{<number>}}{<string1>}{<st
++
++ Field selection and result handling is as above; there is no choice of
++ field separator.
+++ If a returned value is a JSON string, it retains its leading and
+++ trailing quotes.
++
++ ${filter{<string>}{<condition>}}
++
--- /dev/null
--- /dev/null
++From 1cfa7822ca8928f95160df8742af11fff888ae7e Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Tue, 12 Feb 2019 16:52:51 +0000
++Subject: [PATCH 3/7] Fix transport buffer size handling Broken-by: 59932f7dcd
++
++(cherry picked from commit 05bf16f6217e93594929c8bbbbbc852caf3ed374)
++---
++ doc/ChangeLog | 7 +++++++
++ src/transport.c | 4 ++--
++ 2 files changed, 9 insertions(+), 2 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 7da07ad4..66c8a7a1 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -5,6 +5,13 @@ affect Exim's operation, with an unchanged configuration file. For new
++ options, and new features, see the NewStuff file next to this ChangeLog.
++
++
+++Since version 4.92
+++------------------
+++
+++JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
+++ buffer overrun for (non-chunking) other transports.
+++
+++
++ Exim version 4.92
++ -----------------
++
++diff --git a/src/transport.c b/src/transport.c
++index 8ccdd038..a069b883 100644
++--- a/src/transport.c
+++++ b/src/transport.c
++@@ -1115,13 +1115,13 @@ DEBUG(D_transport)
++
++ if (!(tctx->options & topt_no_body))
++ {
++- int size = size_limit;
+++ unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX;
++
++ nl_check_length = abs(nl_check_length);
++ nl_partial_match = 0;
++ if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0)
++ return FALSE;
++- while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0
+++ while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0
++ && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0)
++ {
++ if (!write_chunk(tctx, deliver_in_buffer, len))
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From cb25b75af850d664fc005d24fbad0e58bf79d4c7 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Thu, 14 Feb 2019 17:14:34 +0000
++Subject: [PATCH 5/7] Fix info on using local_scan() in the default Makefile
++
++Broken-by: 9723f96673
++(cherry picked from commit 882bc1704d33aa34873e3a0f72e657b0cc2985e5)
++---
++ OS/Makefile-Default | 10 ++++++++--
++ 1 file changed, 8 insertions(+), 2 deletions(-)
++
++diff --git a/OS/Makefile-Default b/OS/Makefile-Default
++index b3990fe8..41a4dbbd 100644
++--- a/OS/Makefile-Default
+++++ b/OS/Makefile-Default
++@@ -232,6 +232,11 @@ RANLIB=ranlib
++ EXIM_CHMOD=@true
++
++
+++# If you want to use local_scan() at all, the support code must be included
+++# by uncommenting this line.
+++
+++# HAVE_LOCAL_SCAN=yes
+++
++ # LOCAL_SCAN_SOURCE defines the file in which the function local_scan() is
++ # defined. This provides the administrator with a hook for including C code
++ # for scanning incoming mails. The path that is defined must be relative to
++@@ -239,8 +244,9 @@ EXIM_CHMOD=@true
++
++ # LOCAL_SCAN_SOURCE=Local/local_scan.c
++
++-# The default setting points to a template function that doesn't actually do
++-# any scanning, but just accepts the message.
+++# A very simple example points to a template function that doesn't actually do
+++# any scanning, but just accepts the message. A compilable file must be
+++# included in the build even if HAVE_LOCAL_SCAN is not defined.
++
++ LOCAL_SCAN_SOURCE=src/local_scan.c
++
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From c15523829ba17cce5829e2976aa1ff928965d948 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Sat, 16 Feb 2019 12:59:23 +0000
++Subject: [PATCH 7/7] GnuTLS: Fix client detection of server reject of client
++ cert under TLS1.3
++
++(cherry picked from commit fc243e944ec00b59b75f41d07494116f925d58b4)
++---
++ doc/ChangeLog | 7 +++
++ src/deliver.c | 2 +-
++ src/smtp_out.c | 10 +++--
++ src/tls-gnu.c | 23 +++-------
++ src/transports/lmtp.c | 3 +-
++ src/transports/smtp.c | 81 +++++++++++++++++++++++++++--------
++ test/confs/2027 | 8 ++--
++ test/confs/5652 | 1 +
++ test/confs/5821 | 2 +-
++ test/log/2027 | 2 +-
++ test/runtest | 14 ++++++
++ test/scripts/2000-GnuTLS/2027 | 2 +
++ 12 files changed, 111 insertions(+), 44 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 66c8a7a1..867a1d8a 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -11,6 +11,13 @@ Since version 4.92
++ JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible
++ buffer overrun for (non-chunking) other transports.
++
+++JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
+++ TLS1.3, means that a server rejecting a client certificate is not visible
+++ to the client until the first read of encrypted data (typically the
+++ response to EHLO). Add detection for that case and treat it as a failed
+++ TLS connection attempt, so that the normal retry-in-clear can work (if
+++ suitably configured).
+++
++
++ Exim version 4.92
++ -----------------
++diff --git a/src/deliver.c b/src/deliver.c
++index 664d0045..e1799411 100644
++--- a/src/deliver.c
+++++ b/src/deliver.c
++@@ -7433,7 +7433,7 @@ if (addr_senddsn)
++
++ tctx.u.fd = fd;
++ tctx.options = topt_add_return_path | topt_no_body;
++- /*XXX hmm, retval ignored.
+++ /*XXX hmm, FALSE(fail) retval ignored.
++ Could error for any number of reasons, and they are not handled. */
++ transport_write_message(&tctx, 0);
++ fflush(f);
++diff --git a/src/smtp_out.c b/src/smtp_out.c
++index 9bd90c77..b194e804 100644
++--- a/src/smtp_out.c
+++++ b/src/smtp_out.c
++@@ -688,20 +688,22 @@ Returns: TRUE if a valid, non-error response was received; else FALSE
++ /*XXX could move to smtp transport; no other users */
++
++ BOOL
++-smtp_read_response(void * sx0, uschar *buffer, int size, int okdigit,
+++smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit,
++ int timeout)
++ {
++ smtp_context * sx = sx0;
++-uschar *ptr = buffer;
++-int count = 0;
+++uschar * ptr = buffer;
+++int count = 0, rc;
++
++ errno = 0; /* Ensure errno starts out zero */
++
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
++ if (sx->pending_BANNER || sx->pending_EHLO)
++- if (smtp_reap_early_pipe(sx, &count) != OK)
+++ if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
++ {
++ DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n");
+++ buffer[0] = '\0';
+++ if (rc == DEFER) errno = ERRNO_TLSFAILURE;
++ return FALSE;
++ }
++ #endif
++diff --git a/src/tls-gnu.c b/src/tls-gnu.c
++index c404dc29..de2d70c0 100644
++--- a/src/tls-gnu.c
+++++ b/src/tls-gnu.c
++@@ -229,7 +229,7 @@ static gnutls_dh_params_t dh_server_params = NULL;
++
++ static const int ssl_session_timeout = 200;
++
++-static const char * const exim_default_gnutls_priority = "NORMAL";
+++static const uschar * const exim_default_gnutls_priority = US"NORMAL";
++
++ /* Guard library core initialisation */
++
++@@ -1278,7 +1278,6 @@ int rc;
++ size_t sz;
++ const char *errpos;
++ uschar *p;
++-BOOL want_default_priorities;
++
++ if (!exim_gnutls_base_init_done)
++ {
++@@ -1387,32 +1386,24 @@ and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols.
++ This was backwards incompatible, but means Exim no longer needs to track
++ all algorithms and provide string forms for them. */
++
++-want_default_priorities = TRUE;
++-
+++p = NULL;
++ if (state->tls_require_ciphers && *state->tls_require_ciphers)
++ {
++ if (!expand_check_tlsvar(tls_require_ciphers, errstr))
++ return DEFER;
++ if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers)
++ {
++- DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n",
++- state->exp_tls_require_ciphers);
++-
++- rc = gnutls_priority_init(&state->priority_cache,
++- CS state->exp_tls_require_ciphers, &errpos);
++- want_default_priorities = FALSE;
++ p = state->exp_tls_require_ciphers;
+++ DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p);
++ }
++ }
++-if (want_default_priorities)
+++if (!p)
++ {
+++ p = exim_default_gnutls_priority;
++ DEBUG(D_tls)
++- debug_printf("GnuTLS using default session cipher/priority \"%s\"\n",
++- exim_default_gnutls_priority);
++- rc = gnutls_priority_init(&state->priority_cache,
++- exim_default_gnutls_priority, &errpos);
++- p = US exim_default_gnutls_priority;
+++ debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p);
++ }
+++rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos);
++
++ exim_gnutls_err_check(rc, string_sprintf(
++ "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"",
++diff --git a/src/transports/lmtp.c b/src/transports/lmtp.c
++index 240d78b2..57b346d4 100644
++--- a/src/transports/lmtp.c
+++++ b/src/transports/lmtp.c
++@@ -122,7 +122,8 @@ Arguments:
++ Returns: TRUE if a "QUIT" command should be sent, else FALSE
++ */
++
++-static BOOL check_response(int *errno_value, int more_errno, uschar *buffer,
+++static BOOL
+++check_response(int *errno_value, int more_errno, uschar *buffer,
++ int *yield, uschar **message)
++ {
++ *yield = '4'; /* Default setting is to give a temporary error */
++diff --git a/src/transports/smtp.c b/src/transports/smtp.c
++index a351da84..bfd6018d 100644
++--- a/src/transports/smtp.c
+++++ b/src/transports/smtp.c
++@@ -594,6 +594,11 @@ switch(*errno_value)
++ pl, smtp_command, s);
++ return FALSE;
++
+++ case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with
+++ GnuTLS and TLS1.3 */
+++ *message = US"bad first read from TLS conn";
+++ return TRUE;
+++
++ case ERRNO_FILTER_FAIL: /* Handle a failed filter process error;
++ can't send QUIT as we mustn't end the DATA. */
++ *message = string_sprintf("transport filter process failed (%d)%s",
++@@ -942,6 +947,7 @@ Arguments:
++
++ Return:
++ OK all well
+++ DEFER error on first read of TLS'd conn
++ FAIL SMTP error in response
++ */
++ int
++@@ -949,6 +955,7 @@ smtp_reap_early_pipe(smtp_context * sx, int * countp)
++ {
++ BOOL pending_BANNER = sx->pending_BANNER;
++ BOOL pending_EHLO = sx->pending_EHLO;
+++int rc = FAIL;
++
++ sx->pending_BANNER = FALSE; /* clear early to avoid recursion */
++ sx->pending_EHLO = FALSE;
++@@ -960,6 +967,7 @@ if (pending_BANNER)
++ if (!smtp_reap_banner(sx))
++ {
++ DEBUG(D_transport) debug_printf("bad banner\n");
+++ if (tls_out.active.sock >= 0) rc = DEFER;
++ goto fail;
++ }
++ }
++@@ -974,6 +982,7 @@ if (pending_EHLO)
++ if (!smtp_reap_ehlo(sx))
++ {
++ DEBUG(D_transport) debug_printf("bad response for EHLO\n");
+++ if (tls_out.active.sock >= 0) rc = DEFER;
++ goto fail;
++ }
++
++@@ -1011,7 +1020,7 @@ return OK;
++ fail:
++ invalidate_ehlo_cache_entry(sx);
++ (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp);
++- return FAIL;
+++ return rc;
++ }
++ #endif
++
++@@ -1056,6 +1065,7 @@ Returns: 3 if at least one address had 2xx and one had 5xx
++ -2 I/O or other non-response error for RCPT
++ -3 DATA or MAIL failed - errno and buffer set
++ -4 banner or EHLO failed (early-pipelining)
+++ -5 banner or EHLO failed (early-pipelining, TLS)
++ */
++
++ static int
++@@ -1064,10 +1074,11 @@ sync_responses(smtp_context * sx, int count, int pending_DATA)
++ address_item * addr = sx->sync_addr;
++ smtp_transport_options_block * ob = sx->conn_args.ob;
++ int yield = 0;
+++int rc;
++
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
++-if (smtp_reap_early_pipe(sx, &count) != OK)
++- return -4;
+++if ((rc = smtp_reap_early_pipe(sx, &count)) != OK)
+++ return rc == FAIL ? -4 : -5;
++ #endif
++
++ /* Handle the response for a MAIL command. On error, reinstate the original
++@@ -1083,6 +1094,8 @@ if (sx->pending_MAIL)
++ {
++ DEBUG(D_transport) debug_printf("bad response for MAIL\n");
++ Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */
+++ if (errno == ERRNO_TLSFAILURE)
+++ return -5;
++ if (errno == 0 && sx->buffer[0] != 0)
++ {
++ int save_errno = 0;
++@@ -1141,6 +1154,11 @@ while (count-- > 0)
++ }
++ }
++
+++ /* Error on first TLS read */
+++
+++ else if (errno == ERRNO_TLSFAILURE)
+++ return -5;
+++
++ /* Timeout while reading the response */
++
++ else if (errno == ETIMEDOUT)
++@@ -1253,6 +1271,10 @@ if (pending_DATA != 0)
++ int code;
++ uschar *msg;
++ BOOL pass_message;
+++
+++ if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */
+++ return -5;
+++
++ if (pending_DATA > 0 || (yield & 1) != 0)
++ {
++ if (errno == 0 && sx->buffer[0] == '4')
++@@ -1802,7 +1824,9 @@ Args:
++ tc_chunk_last add LAST option to SMTP BDAT command
++ tc_reap_prev reap response to previous SMTP commands
++
++-Returns: OK or ERROR
+++Returns:
+++ OK or ERROR
+++ DEFER TLS error on first read (EHLO-resp); errno set
++ */
++
++ static int
++@@ -1859,10 +1883,12 @@ if (flags & tc_reap_prev && prev_cmd_count > 0)
++ case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */
++ case 0: break; /* No 2xx or 5xx, but no probs */
++
++- case -1: /* Timeout on RCPT */
+++ case -5: errno = ERRNO_TLSFAILURE;
+++ return DEFER;
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
++ case -4: /* non-2xx for pipelined banner or EHLO */
++ #endif
+++ case -1: /* Timeout on RCPT */
++ default: return ERROR; /* I/O error, or any MAIL/DATA error */
++ }
++ cmd_count = 1;
++@@ -1933,6 +1959,9 @@ BOOL pass_message = FALSE;
++ uschar * message = NULL;
++ int yield = OK;
++ int rc;
+++#ifdef SUPPORT_TLS
+++uschar * tls_errstr;
+++#endif
++
++ sx->conn_args.ob = ob;
++
++@@ -2474,27 +2503,27 @@ if ( smtp_peer_options & OPTION_TLS
++ TLS_NEGOTIATE:
++ {
++ address_item * addr;
++- uschar * errstr;
++ sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->conn_args.host,
++ sx->addrlist, sx->conn_args.tblock,
++ # ifdef SUPPORT_DANE
++ sx->dane ? &tlsa_dnsa : NULL,
++ # endif
++- &tls_out, &errstr);
+++ &tls_out, &tls_errstr);
++
++ if (!sx->cctx.tls_ctx)
++ {
++ /* TLS negotiation failed; give an error. From outside, this function may
++ be called again to try in clear on a new connection, if the options permit
++ it for this host. */
++- DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr);
+++GNUTLS_CONN_FAILED:
+++ DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr);
++
++ # ifdef SUPPORT_DANE
++ if (sx->dane)
++ {
++ log_write(0, LOG_MAIN,
++ "DANE attempt failed; TLS connection to %s [%s]: %s",
++- sx->conn_args.host->name, sx->conn_args.host->address, errstr);
+++ sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr);
++ # ifndef DISABLE_EVENT
++ (void) event_raise(sx->conn_args.tblock->event_action,
++ US"dane:fail", US"validation-failure"); /* could do with better detail */
++@@ -2503,7 +2532,7 @@ if ( smtp_peer_options & OPTION_TLS
++ # endif
++
++ errno = ERRNO_TLSFAILURE;
++- message = string_sprintf("TLS session: %s", errstr);
+++ message = string_sprintf("TLS session: %s", tls_errstr);
++ sx->send_quit = FALSE;
++ goto TLS_FAILED;
++ }
++@@ -2601,7 +2630,22 @@ if (tls_out.active.sock >= 0)
++ #endif
++ {
++ if (!smtp_reap_ehlo(sx))
+++#ifdef USE_GNUTLS
+++ {
+++ /* The GnuTLS layer in Exim only spots a server-rejection of a client
+++ cert late, under TLS1.3 - which means here; the first time we try to
+++ receive crypted data. Treat it as if it was a connect-time failure.
+++ See also the early-pipe equivalent... which will be hard; every call
+++ to sync_responses will need to check the result.
+++ It would be nicer to have GnuTLS check the cert during the handshake.
+++ Can it do that, with all the flexibility we need? */
+++
+++ tls_errstr = US"error on first read";
+++ goto GNUTLS_CONN_FAILED;
+++ }
+++#else
++ goto RESPONSE_FAILED;
+++#endif
++ smtp_peer_options = 0;
++ }
++ }
++@@ -3261,6 +3305,7 @@ for (addr = sx->first_addr, address_count = 0;
++
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
++ case -4: return -1; /* non-2xx for pipelined banner or EHLO */
+++ case -5: return -1; /* TLS first-read error */
++ #endif
++ }
++ sx->pending_MAIL = FALSE; /* Dealt with MAIL */
++@@ -3589,11 +3634,12 @@ if ( !(sx.peer_offered & OPTION_CHUNKING)
++
++ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
++ if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
++- case 0: break; /* No 2xx or 5xx, but no probs */
+++ case 0: break; /* No 2xx or 5xx, but no probs */
++
++- case -1: goto END_OFF; /* Timeout on RCPT */
+++ case -1: goto END_OFF; /* Timeout on RCPT */
++
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
+++ case -5: /* TLS first-read error */
++ case -4: HDEBUG(D_transport)
++ debug_printf("failed reaping pipelined cmd responses\n");
++ #endif
++@@ -3730,19 +3776,20 @@ else
++ {
++ case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */
++ case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */
++- break;
+++ break;
++
++- case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
+++ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */
++ if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */
++- case 0: break; /* No 2xx or 5xx, but no probs */
+++ case 0: break; /* No 2xx or 5xx, but no probs */
++
++- case -1: goto END_OFF; /* Timeout on RCPT */
+++ case -1: goto END_OFF; /* Timeout on RCPT */
++
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
+++ case -5: /* TLS first-read error */
++ case -4: HDEBUG(D_transport)
++ debug_printf("failed reaping pipelined cmd responses\n");
++ #endif
++- default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
+++ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */
++ }
++ }
++
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From f634b80846cc7ffcab65c9855bcb35312f0232e8 Mon Sep 17 00:00:00 2001
++From: Jasen Betts <jasen@xnet.co.nz>
++Date: Mon, 18 Feb 2019 13:52:16 +0000
++Subject: [PATCH 1/5] Fix expansions for RFC 822 addresses having comments in
++ local-part and/or domain. Bug 2375
++
++(cherry picked from commit e2ff8e24f41caca3623228b1ec66a3f3961ecad6)
++---
++ doc/ChangeLog | 3 +++
++ src/expand.c | 19 +++++++------------
++ test/scripts/0000-Basic/0002 | 7 +++++++
++ test/stdout/0002 | 7 +++++++
++ 4 files changed, 24 insertions(+), 12 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 867a1d8a..9659da32 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -16,10 +16,13 @@ JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
++ to the client until the first read of encrypted data (typically the
++ response to EHLO). Add detection for that case and treat it as a failed
++ TLS connection attempt, so that the normal retry-in-clear can work (if
++ suitably configured).
++
+++JB/01 BZg 2375: fix expansions of 822 addresses having comments in local-part
+++ and/or domain. Found and fixed by Jason Betts.
+++
++
++ Exim version 4.92
++ -----------------
++
++ JH/01 Remove code calling the customisable local_scan function, unless a new
++diff --git a/src/expand.c b/src/expand.c
++index 2c290251..35ede718 100644
++--- a/src/expand.c
+++++ b/src/expand.c
++@@ -7071,20 +7071,15 @@ while (*s != 0)
++ uschar * error;
++ int start, end, domain;
++ uschar * t = parse_extract_address(sub, &error, &start, &end, &domain,
++ FALSE);
++ if (t)
++- if (c != EOP_DOMAIN)
++- {
++- if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
++- yield = string_catn(yield, sub+start, end-start);
++- }
++- else if (domain != 0)
++- {
++- domain += start;
++- yield = string_catn(yield, sub+domain, end-domain);
++- }
+++ yield = c == EOP_DOMAIN
+++ ? string_cat(yield, t + domain)
+++ : c == EOP_LOCAL_PART && domain > 0
+++ ? string_catn(yield, t, domain - 1 )
+++ : string_cat(yield, t);
++ continue;
++ }
++
++ case EOP_ADDRESSES:
++ {
++@@ -7104,11 +7099,11 @@ while (*s != 0)
++ }
++ f.parse_allow_group = TRUE;
++
++ for (;;)
++ {
++- uschar *p = parse_find_address_end(sub, FALSE);
+++ uschar * p = parse_find_address_end(sub, FALSE);
++ uschar saveend = *p;
++ *p = '\0';
++ address = parse_extract_address(sub, &error, &start, &end, &domain,
++ FALSE);
++ *p = saveend;
++@@ -7117,11 +7112,11 @@ while (*s != 0)
++ done in chunks by searching for the separator character. At the
++ start, unless we are dealing with the first address of the output
++ list, add in a space if the new address begins with the separator
++ character, or is an empty string. */
++
++- if (address != NULL)
+++ if (address)
++ {
++ if (yield->ptr != save_ptr && address[0] == *outsep)
++ yield = string_catn(yield, US" ", 1);
++
++ for (;;)
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From 8dde16b89efe2138f92cbfa6c59fb31dc80ec22a Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Tue, 19 Feb 2019 14:45:27 +0000
++Subject: [PATCH 2/5] Docs: Add note on lsearch for IPv4-mapped IPv6 addresses
++
++Cherry-picked from: 52af443324, c77d3d85fe
++---
++ doc/doc-docbook/spec.xfpt | 11 ++++++++++-
++ doc/ChangeLog | 2 +-
++ 2 files changed, 11 insertions(+), 2 deletions(-)
++
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -18,7 +18,7 @@ JH/07 GnuTLS: Our use of late (post-hand
++ TLS connection attempt, so that the normal retry-in-clear can work (if
++ suitably configured).
++
++-JB/01 BZg 2375: fix expansions of 822 addresses having comments in local-part
+++JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
++ and/or domain. Found and fixed by Jason Betts.
++
++
++--- a/doc/spec.txt
+++++ b/doc/spec.txt
++@@ -6302,6 +6302,10 @@ The following single-key lookup types ar
++ implicit key is the host's IP address rather than its name (see section
++ 10.12).
++
+++ Warning 3: Do not use an IPv4-mapped IPv6 address for a key; use the
+++ IPv4, in dotted-quad form. (Exim converts IPv4-mapped IPv6 addresses to
+++ this notation before executing the lookup.)
+++
++ * lsearch: The given file is a text file that is searched linearly for a line
++ beginning with the search key, terminated by a colon or white space or the
++ end of the line. The search is case-insensitive; that is, upper and lower
++@@ -8003,7 +8007,11 @@ quote keys was made available in lsearch
++ implemented iplsearch files do require colons in IPv6 keys (notated using the
++ quoting facility) so as to distinguish them from IPv4 keys. For this reason,
++ when the lookup type is iplsearch, IPv6 addresses are converted using colons
++-and not dots. In all cases, full, unabbreviated IPv6 addresses are always used.
+++and not dots.
+++
+++In all cases except IPv4-mapped IPv6, full, unabbreviated IPv6 addresses
+++are always used. The latter are converted to IPv4 addresses, in dotted-quad
+++form.
++
++ Ideally, it would be nice to tidy up this anomalous situation by changing to
++ colons in all cases, given that quoting is now available for lsearch. However,
--- /dev/null
--- /dev/null
++From 09720dd9506176294154dad7152f5f40554046a4 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Thu, 14 Mar 2019 12:26:34 +0000
++Subject: [PATCH 3/5] Fix crash from SRV lookup hitting a CNAME
++
++(cherry picked from commit 14bc9cf085aff7bd5147881e5b7068769a29b026)
++---
++ doc/ChangeLog | 4 ++++
++ src/dns.c | 10 +++++++---
++ 2 files changed, 11 insertions(+), 3 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 419c1061..0f8d05b2 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -19,10 +19,14 @@ JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
++ suitably configured).
++
++ JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
++ and/or domain. Found and fixed by Jason Betts.
++
+++JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
+++ configuration). If a CNAME target was not a wellformed name pattern, a
+++ crash could result.
+++
++
++ Exim version 4.92
++ -----------------
++
++ JH/01 Remove code calling the customisable local_scan function, unless a new
++diff --git a/src/dns.c b/src/dns.c
++index 0f0b435d..b7978c52 100644
++--- a/src/dns.c
+++++ b/src/dns.c
++@@ -714,11 +714,15 @@ regex has substrings that are used - the default uses a conditional.
++ This test is omitted for PTR records. These occur only in calls from the dnsdb
++ lookup, which constructs the names itself, so they should be OK. Besides,
++ bitstring labels don't conform to normal name syntax. (But the aren't used any
++ more.)
++
++-For SRV records, we omit the initial _smtp._tcp. components at the start. */
+++For SRV records, we omit the initial _smtp._tcp. components at the start.
+++The check has been seen to bite on the destination of a SRV lookup that
+++initiall hit a CNAME, for which the next name had only two components.
+++RFC2782 makes no mention of the possibiility of CNAMES, but the Wikipedia
+++article on SRV says they are not a valid configuration. */
++
++ #ifndef STAND_ALONE /* Omit this for stand-alone tests */
++
++ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
++ {
++@@ -730,12 +734,12 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
++ /* For an SRV lookup, skip over the first two components (the service and
++ protocol names, which both start with an underscore). */
++
++ if (type == T_SRV || type == T_TLSA)
++ {
++- while (*checkname++ != '.');
++- while (*checkname++ != '.');
+++ while (*checkname && *checkname++ != '.') ;
+++ while (*checkname && *checkname++ != '.') ;
++ }
++
++ if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),
++ 0, PCRE_EOPT, ovector, nelem(ovector)) < 0)
++ {
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From e5be948a65fe601024e5d4256f64efbfed3dd72e Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Mon, 18 Mar 2019 00:31:43 +0000
++Subject: [PATCH 4/5] Logging: fix initial listening-on log line
++
++(cherry picked from commit 254f38d1c5ada5e4df0bccb385dc466549620c71)
++---
++ doc/ChangeLog | 4 +++
++ src/daemon.c | 73 +++++++++++++++++++++++++++----------------
++ src/host.c | 1 +
++ src/structs.h | 1 +
++ test/confs/0282 | 2 +-
++ test/log/0282 | 2 +-
++ 6 files changed, 54 insertions(+), 29 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 0f8d05b2..3c0ffbf0 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -23,10 +23,14 @@ JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
++
++ JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
++ configuration). If a CNAME target was not a wellformed name pattern, a
++ crash could result.
++
+++JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when
+++ the OS reports them interleaved with other addresses.
+++
+++
++
++ Exim version 4.92
++ -----------------
++
++ JH/01 Remove code calling the customisable local_scan function, unless a new
++diff --git a/src/daemon.c b/src/daemon.c
++index a852192e..01da3936 100644
++--- a/src/daemon.c
+++++ b/src/daemon.c
++@@ -1625,12 +1625,12 @@ if (f.inetd_wait_mode)
++ else if (f.daemon_listen)
++ {
++ int i, j;
++ int smtp_ports = 0;
++ int smtps_ports = 0;
++- ip_address_item * ipa, * i2;
++- uschar * p = big_buffer;
+++ ip_address_item * ipa;
+++ uschar * p;
++ uschar * qinfo = queue_interval > 0
++ ? string_sprintf("-q%s", readconf_printtime(queue_interval))
++ : US"no queue runs";
++
++ /* Build a list of listening addresses in big_buffer, but limit it to 10
++@@ -1638,73 +1638,92 @@ else if (f.daemon_listen)
++
++ It is now possible to have some ports listening for SMTPS (the old,
++ deprecated protocol that starts TLS without using STARTTLS), and others
++ listening for standard SMTP. Keep their listings separate. */
++
++- for (j = 0; j < 2; j++)
+++ for (int j = 0, i; j < 2; j++)
++ {
++ for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next)
++ {
++ /* First time round, look for SMTP ports; second time round, look for
++- SMTPS ports. For the first one of each, insert leading text. */
+++ SMTPS ports. Build IP+port strings. */
++
++ if (host_is_tls_on_connect_port(ipa->port) == (j > 0))
++ {
++ if (j == 0)
++- {
++- if (smtp_ports++ == 0)
++- {
++- memcpy(p, "SMTP on", 8);
++- p += 7;
++- }
++- }
+++ smtp_ports++;
++ else
++- if (smtps_ports++ == 0)
++- p += sprintf(CS p, "%sSMTPS on",
++- smtp_ports == 0 ? "" : " and for ");
+++ smtps_ports++;
++
++ /* Now the information about the port (and sometimes interface) */
++
++ if (ipa->address[0] == ':' && ipa->address[1] == 0)
++ { /* v6 wildcard */
++ if (ipa->next && ipa->next->address[0] == 0 &&
++ ipa->next->port == ipa->port)
++ {
++- p += sprintf(CS p, " port %d (IPv6 and IPv4)", ipa->port);
++- ipa = ipa->next;
+++ ipa->log = string_sprintf(" port %d (IPv6 and IPv4)", ipa->port);
+++ (ipa = ipa->next)->log = NULL;
++ }
++ else if (ipa->v6_include_v4)
++- p += sprintf(CS p, " port %d (IPv6 with IPv4)", ipa->port);
+++ ipa->log = string_sprintf(" port %d (IPv6 with IPv4)", ipa->port);
++ else
++- p += sprintf(CS p, " port %d (IPv6)", ipa->port);
+++ ipa->log = string_sprintf(" port %d (IPv6)", ipa->port);
++ }
++ else if (ipa->address[0] == 0) /* v4 wildcard */
++- p += sprintf(CS p, " port %d (IPv4)", ipa->port);
+++ ipa->log = string_sprintf(" port %d (IPv4)", ipa->port);
++ else /* check for previously-seen IP */
++ {
+++ ip_address_item * i2;
++ for (i2 = addresses; i2 != ipa; i2 = i2->next)
++ if ( host_is_tls_on_connect_port(i2->port) == (j > 0)
++ && Ustrcmp(ipa->address, i2->address) == 0
++ )
++ { /* found; append port to list */
++- if (p[-1] == '}') p--;
++- while (isdigit(*--p)) ;
++- p += 1 + sprintf(CS p+1, "%s%d,%d}", *p == ',' ? "" : "{",
++- i2->port, ipa->port);
+++ for (p = i2->log; *p; ) p++; /* end of existing string */
+++ if (*--p == '}') *p = '\0'; /* drop EOL */
+++ while (isdigit(*--p)) ; /* char before port */
+++
+++ i2->log = *p == ':' /* no list yet? */
+++ ? string_sprintf("%.*s{%s,%d}",
+++ (int)(p - i2->log + 1), i2->log, p+1, ipa->port)
+++ : string_sprintf("%s,%d}", i2->log, ipa->port);
+++ ipa->log = NULL;
++ break;
++ }
++ if (i2 == ipa) /* first-time IP */
++- p += sprintf(CS p, " [%s]:%d", ipa->address, ipa->port);
+++ ipa->log = string_sprintf(" [%s]:%d", ipa->address, ipa->port);
++ }
++ }
++ }
+++ }
++
++- if (ipa)
+++ p = big_buffer;
+++ for (int j = 0, i; j < 2; j++)
+++ {
+++ /* First time round, look for SMTP ports; second time round, look for
+++ SMTPS ports. For the first one of each, insert leading text. */
+++
+++ if (j == 0)
++ {
++- memcpy(p, " ...", 5);
++- p += 4;
+++ if (smtp_ports > 0)
+++ p += sprintf(CS p, "SMTP on");
++ }
+++ else
+++ if (smtps_ports > 0)
+++ p += sprintf(CS p, "%sSMTPS on",
+++ smtp_ports == 0 ? "" : " and for ");
+++
+++ /* Now the information about the port (and sometimes interface) */
+++
+++ for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next)
+++ if (host_is_tls_on_connect_port(ipa->port) == (j > 0))
+++ if (ipa->log)
+++ p += sprintf(CS p, "%s", ipa->log);
+++
+++ if (ipa)
+++ p += sprintf(CS p, " ...");
++ }
++
++ log_write(0, LOG_MAIN,
++ "exim %s daemon started: pid=%d, %s, listening for %s",
++ version_string, getpid(), qinfo, big_buffer);
++diff --git a/src/host.c b/src/host.c
++index 29c977fe..a3b0977b 100644
++--- a/src/host.c
+++++ b/src/host.c
++@@ -757,10 +757,11 @@ while ((s = string_nextinlist(&list, &sep, NULL, 0)))
++ next = store_get(sizeof(ip_address_item));
++ next->next = NULL;
++ Ustrcpy(next->address, s);
++ next->port = port;
++ next->v6_include_v4 = FALSE;
+++ next->log = NULL;
++
++ if (!yield)
++ yield = last = next;
++ else
++ {
++diff --git a/src/structs.h b/src/structs.h
++index 20db0e5f..1e63d752 100644
++--- a/src/structs.h
+++++ b/src/structs.h
++@@ -442,10 +442,11 @@ hold an IPv6 address. */
++ typedef struct ip_address_item {
++ struct ip_address_item *next;
++ int port;
++ BOOL v6_include_v4; /* Used in the daemon */
++ uschar address[46];
+++ uschar * log; /* portion of "listening on" log line */
++ } ip_address_item;
++
++ /* Structure for chaining together arbitrary strings. */
++
++ typedef struct string_item {
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From 332ebeaf8139b2b75f475880fc14b63c7c45c706 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Tue, 19 Mar 2019 15:33:31 +0000
++Subject: [PATCH 5/5] OpenSSL: Fix aggregation of messages.
++
++Broken-by: a5ffa9b475
++(cherry picked from commit c09dbcfb71f4b9a42cbfd8a20e0be6bfa1b12488)
++---
++ doc/ChangeLog | 5 +++
++ src/tls-openssl.c | 24 ++++++++++----
++ test/confs/2152 | 76 +++++++++++++++++++++++++++++++++++++++++++
++ test/log/2152 | 9 +++++
++ 4 files changed, 108 insertions(+), 6 deletions(-)
++ create mode 100644 test/confs/2152
++ create mode 100644 test/log/2152
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 3c0ffbf0..3d63725f 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -26,10 +26,15 @@ JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
++ crash could result.
++
++ JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when
++ the OS reports them interleaved with other addresses.
++
+++JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was
+++ used both for input and for a verify callout, both encrypted, SMTP
+++ responses being sent by the server could be lost. This resulted in
+++ dropped connections and sometimes bounces generated by a peer sending
+++ to this system.
++
++
++ Exim version 4.92
++ -----------------
++
++diff --git a/src/tls-openssl.c b/src/tls-openssl.c
++index 8f4cf4d8..cc0ead02 100644
++--- a/src/tls-openssl.c
+++++ b/src/tls-openssl.c
++@@ -272,10 +272,11 @@ Server:
++ */
++
++ typedef struct {
++ SSL_CTX * ctx;
++ SSL * ssl;
+++ gstring * corked;
++ } exim_openssl_client_tls_ctx;
++
++ static SSL_CTX *server_ctx = NULL;
++ static SSL *server_ssl = NULL;
++
++@@ -2471,10 +2472,11 @@ BOOL require_ocsp = FALSE;
++ #endif
++
++ rc = store_pool;
++ store_pool = POOL_PERM;
++ exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx));
+++exim_client_ctx->corked = NULL;
++ store_pool = rc;
++
++ #ifdef SUPPORT_DANE
++ tlsp->tlsa_usage = 0;
++ #endif
++@@ -2906,22 +2908,29 @@ Used by both server-side and client-side TLS.
++
++ int
++ tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more)
++ {
++ int outbytes, error, left;
++-SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;
++-static gstring * corked = NULL;
+++SSL * ssl = ct_ctx
+++ ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl;
+++static gstring * server_corked = NULL;
+++gstring ** corkedp = ct_ctx
+++ ? &((exim_openssl_client_tls_ctx *)ct_ctx)->corked : &server_corked;
+++gstring * corked = *corkedp;
++
++ DEBUG(D_tls) debug_printf("%s(%p, %lu%s)\n", __FUNCTION__,
++ buff, (unsigned long)len, more ? ", more" : "");
++
++ /* Lacking a CORK or MSG_MORE facility (such as GnuTLS has) we copy data when
++ "more" is notified. This hack is only ok if small amounts are involved AND only
++ one stream does it, in one context (i.e. no store reset). Currently it is used
++-for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */
++-/*XXX + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's
++-a store reset there. */
+++for the responses to the received SMTP MAIL , RCPT, DATA sequence, only.
+++We support callouts done by the server process by using a separate client
+++context for the stashed information. */
+++/* + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's
+++a store reset there, so use POOL_PERM. */
+++/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */
++
++ if (!ct_ctx && (more || corked))
++ {
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
++ int save_pool = store_pool;
++@@ -2933,14 +2942,17 @@ if (!ct_ctx && (more || corked))
++ #ifdef EXPERIMENTAL_PIPE_CONNECT
++ store_pool = save_pool;
++ #endif
++
++ if (more)
+++ {
+++ *corkedp = corked;
++ return len;
+++ }
++ buff = CUS corked->s;
++ len = corked->ptr;
++- corked = NULL;
+++ *corkedp = NULL;
++ }
++
++ for (left = len; left > 0;)
++ {
++ DEBUG(D_tls) debug_printf("SSL_write(%p, %p, %d)\n", ssl, buff, left);
++diff --git a/test/confs/2152 b/test/confs/2152
++new file mode 100644
++index 00000000..f783192b
++diff --git a/test/log/2152 b/test/log/2152
++new file mode 100644
++index 00000000..720200be
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From e5b942ae007d0533fbd599c64d550f3a8355b940 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Thu, 21 Mar 2019 20:01:03 +0000
++Subject: [PATCH] Harden plaintext authenticator
++
++Cherry-picked from: f9fc942757
++---
++ doc/ChangeLog | 5 +++++
++ src/auths/plaintext.c | 6 +-----
++ 2 files changed, 6 insertions(+), 5 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 3d63725f..c34e60d1 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -32,10 +32,15 @@ JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was
++ used both for input and for a verify callout, both encrypted, SMTP
++ responses being sent by the server could be lost. This resulted in
++ dropped connections and sometimes bounces generated by a peer sending
++ to this system.
++
+++JH/11 Harden plaintext authenticator against a badly misconfigured client-send
+++ string. Previously it was possible to cause undefined behaviour in a
+++ library routine (usually a crash). Found by "zerons".
+++
+++
++
++ Exim version 4.92
++ -----------------
++
++ JH/01 Remove code calling the customisable local_scan function, unless a new
++diff --git a/src/auths/plaintext.c b/src/auths/plaintext.c
++index 7a0f7885..fa05b0ad 100644
++--- a/src/auths/plaintext.c
+++++ b/src/auths/plaintext.c
++@@ -221,15 +221,11 @@ while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size)))
++ for (i = 0; i < len; i++)
++ if (ss[i] == '^')
++ if (ss[i+1] != '^')
++ ss[i] = 0;
++ else
++- {
++- i++;
++- len--;
++- memmove(ss + i, ss + i + 1, len - i);
++- }
+++ if (--len > ++i) memmove(ss + i, ss + i + 1, len - i);
++
++ /* The first string is attached to the AUTH command; others are sent
++ unembellished. */
++
++ if (first)
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Tue, 7 May 2019 22:55:41 +0100
++Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
++
++(cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941)
++---
++ doc/ChangeLog | 3 +++
++ src/tls-gnu.c | 12 ++++++++----
++ test/log/5651 | 2 +-
++ test/log/5730 | 8 ++++----
++ 4 files changed, 16 insertions(+), 9 deletions(-)
++
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga
++ library routine (usually a crash). Found by "zerons".
++
++
+++JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
+++ verification result was not updated unless hosts_require_ocsp applied.
+++
++
++ Exim version 4.92
++ -----------------
++--- a/src/tls-gnu.c
+++++ b/src/tls-gnu.c
++@@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr))
++ }
++
++ #ifndef DISABLE_OCSP
++-if (require_ocsp)
+++if (request_ocsp)
++ {
++ DEBUG(D_tls)
++ {
++@@ -2474,10 +2474,14 @@ if (require_ocsp)
++ {
++ tlsp->ocsp = OCSP_FAILED;
++ tls_error(US"certificate status check failed", NULL, state->host, errstr);
++- return NULL;
+++ if (require_ocsp)
+++ return FALSE;
+++ }
+++ else
+++ {
+++ DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
+++ tlsp->ocsp = OCSP_VFIED;
++ }
++- DEBUG(D_tls) debug_printf("Passed OCSP checking\n");
++- tlsp->ocsp = OCSP_VFIED;
++ }
++ #endif
++
--- /dev/null
--- /dev/null
++From 44893ba5249c6c6d5a0d62a1cc57ba3fbf7185b4 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Sun, 19 May 2019 12:12:36 +0100
++Subject: [PATCH 1/2] GnuTLS: fix the advertising of acceptable certs by the
++ server. Bug 2389
++
++(cherry picked from commit 12d95aa62042377fc9f603245a17a43142972447)
++---
++ doc/ChangeLog | 4 ++++
++ src/tls-gnu.c | 8 ++++++++
++ 2 files changed, 12 insertions(+)
++
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -42,6 +42,10 @@ JH/11 Harden plaintext authenticator aga
++ JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the
++ verification result was not updated unless hosts_require_ocsp applied.
++
+++JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
+++ directory-of-certs mode. Previously they were advertised despite the
+++ documentation.
+++
++
++ Exim version 4.92
++ -----------------
++--- a/src/tls-gnu.c
+++++ b/src/tls-gnu.c
++@@ -1133,6 +1133,14 @@ else
++ #endif
++ gnutls_certificate_set_x509_trust_file(state->x509_cred,
++ CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM);
+++
+++#ifdef SUPPORT_CA_DIR
+++ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list
+++ when using the directory-of-certs config model. */
+++
+++ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
+++ gnutls_certificate_send_x509_rdn_sequence(state->session, 1);
+++#endif
++ }
++
++ if (cert_count < 0)
--- /dev/null
--- /dev/null
++From 454bab46ae6812e29652d10c390451c962a6f806 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Tue, 4 Jun 2019 18:13:21 +0100
++Subject: [PATCH 2/2] Use dsn_from for success-DSN messages. Bug 2404
++
++(cherry picked from commit 87abcb247b4444bab5fd0bcb212ddb26d5fd9191)
++---
++ doc/ChangeLog | 4 ++++
++ src/deliver.c | 4 ++--
++ 2 files changed, 6 insertions(+), 2 deletions(-)
++
++diff --git a/doc/ChangeLog b/doc/ChangeLog
++index 5a3e453d..1a12c014 100644
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -65,6 +65,10 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in
++ directory-of-certs mode. Previously they were advertised despite the
++ documentation.
++
+++JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for
+++ success-DSN messages. Previously the From: header was always the default
+++ one for these; the option was ignored.
+++
++
++ Exim version 4.92
++ -----------------
++diff --git a/src/deliver.c b/src/deliver.c
++index e1799411..4720f596 100644
++--- a/src/deliver.c
+++++ b/src/deliver.c
++@@ -7365,8 +7365,8 @@ if (addr_senddsn)
++ if (errors_reply_to)
++ fprintf(f, "Reply-To: %s\n", errors_reply_to);
++
+++ moan_write_from(f);
++ fprintf(f, "Auto-Submitted: auto-generated\n"
++- "From: Mail Delivery System <Mailer-Daemon@%s>\n"
++ "To: %s\n"
++ "Subject: Delivery Status Notification\n"
++ "Content-Type: multipart/report; report-type=delivery-status; boundary=%s\n"
++@@ -7377,7 +7377,7 @@ if (addr_senddsn)
++
++ "This message was created automatically by mail delivery software.\n"
++ " ----- The following addresses had successful delivery notifications -----\n",
++- qualify_domain_sender, sender_address, bound, bound);
+++ sender_address, bound, bound);
++
++ for (addr_dsntmp = addr_senddsn; addr_dsntmp;
++ addr_dsntmp = addr_dsntmp->next)
++--
++2.20.1
++
--- /dev/null
--- /dev/null
++From 0a5441fcd93ae4145c07b3ed138dfe0e107174e0 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Mon, 27 May 2019 23:44:31 +0100
++Subject: [PATCH 1/2] Fix smtp response timeout
++
++---
++ doc/ChangeLog | 6 ++++++
++ src/functions.h | 4 ++--
++ src/ip.c | 16 +++++++---------
++ src/malware.c | 26 +++++++++++++-------------
++ src/routers/iplookup.c | 2 +-
++ src/smtp_out.c | 9 +++++----
++ src/spam.c | 2 +-
++ src/transports/smtp_socks.c | 6 +++---
++ src/verify.c | 2 +-
++ 9 files changed, 39 insertions(+), 34 deletions(-)
++
++--- a/doc/ChangeLog
+++++ b/doc/ChangeLog
++@@ -50,6 +50,13 @@ JH/27 Bug 2404: Use the main-section con
++ success-DSN messages. Previously the From: header was always the default
++ one for these; the option was ignored.
++
+++JH/28 Fix the timeout on smtp response to apply to the whole response.
+++ Previously it was reset for every read, so a teergrubing peer sending
+++ single bytes within the time limit could extend the connection for a
+++ long time. Credit to Qualsys Security Advisory Team for the discovery.
+++[from GIT master]
+++
+++
++
++ Exim version 4.92
++ -----------------
++--- a/src/functions.h
+++++ b/src/functions.h
++@@ -225,7 +225,7 @@ extern uschar *expand_string_copy(const
++ extern int_eximarith_t expand_string_integer(uschar *, BOOL);
++ extern void modify_variable(uschar *, void *);
++
++-extern BOOL fd_ready(int, int);
+++extern BOOL fd_ready(int, time_t);
++
++ extern int filter_interpret(uschar *, int, address_item **, uschar **);
++ extern BOOL filter_personal(string_item *, BOOL);
++@@ -271,7 +271,7 @@ extern int ip_connectedsocket(int, c
++ int, host_item *, uschar **, const blob *);
++ extern int ip_get_address_family(int);
++ extern void ip_keepalive(int, const uschar *, BOOL);
++-extern int ip_recv(client_conn_ctx *, uschar *, int, int);
+++extern int ip_recv(client_conn_ctx *, uschar *, int, time_t);
++ extern int ip_socket(int, int);
++
++ extern int ip_tcpsocket(const uschar *, uschar **, int);
++--- a/src/ip.c
+++++ b/src/ip.c
++@@ -566,16 +566,15 @@ if (setsockopt(sock, SOL_SOCKET, SO_KEEP
++ /*
++ Arguments:
++ fd the file descriptor
++- timeout the timeout, seconds
+++ timelimit the timeout endpoint, seconds-since-epoch
++ Returns: TRUE => ready for i/o
++ FALSE => timed out, or other error
++ */
++ BOOL
++-fd_ready(int fd, int timeout)
+++fd_ready(int fd, time_t timelimit)
++ {
++ fd_set select_inset;
++-time_t start_recv = time(NULL);
++-int time_left = timeout;
+++int time_left = timelimit - time(NULL);
++ int rc;
++
++ if (time_left <= 0)
++@@ -609,8 +608,7 @@ do
++ DEBUG(D_transport) debug_printf("EINTR while waiting for socket data\n");
++
++ /* Watch out, 'continue' jumps to the condition, not to the loops top */
++- time_left = timeout - (time(NULL) - start_recv);
++- if (time_left > 0) continue;
+++ if ((time_left = timelimit - time(NULL)) > 0) continue;
++ }
++
++ if (rc <= 0)
++@@ -634,18 +632,18 @@ Arguments:
++ cctx the connection context (socket fd, possibly TLS context)
++ buffer to read into
++ bufsize the buffer size
++- timeout the timeout
+++ timelimit the timeout endpoint, seconds-since-epoch
++
++ Returns: > 0 => that much data read
++ <= 0 on error or EOF; errno set - zero for EOF
++ */
++
++ int
++-ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, int timeout)
+++ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, time_t timelimit)
++ {
++ int rc;
++
++-if (!fd_ready(cctx->sock, timeout))
+++if (!fd_ready(cctx->sock, timelimit))
++ return -1;
++
++ /* The socket is ready, read from it (via TLS if it's active). On EOF (i.e.
++--- a/src/malware.c
+++++ b/src/malware.c
++@@ -349,13 +349,13 @@ return cre;
++ -2 on timeout or error
++ */
++ static int
++-recv_line(int fd, uschar * buffer, int bsize, int tmo)
+++recv_line(int fd, uschar * buffer, int bsize, time_t tmo)
++ {
++ uschar * p = buffer;
++ ssize_t rcv;
++ BOOL ok = FALSE;
++
++-if (!fd_ready(fd, tmo-time(NULL)))
+++if (!fd_ready(fd, tmo))
++ return -2;
++
++ /*XXX tmo handling assumes we always get a whole line */
++@@ -382,9 +382,9 @@ return p - buffer;
++
++ /* return TRUE iff size as requested */
++ static BOOL
++-recv_len(int sock, void * buf, int size, int tmo)
+++recv_len(int sock, void * buf, int size, time_t tmo)
++ {
++-return fd_ready(sock, tmo-time(NULL))
+++return fd_ready(sock, tmo)
++ ? recv(sock, buf, size, 0) == size
++ : FALSE;
++ }
++@@ -430,7 +430,7 @@ for (;;)
++ }
++
++ static inline int
++-mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, int tmo)
+++mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, time_t tmo)
++ {
++ client_conn_ctx cctx = {.sock = sock};
++ int offset = 0;
++@@ -438,7 +438,7 @@ int i;
++
++ do
++ {
++- i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo-time(NULL));
+++ i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo);
++ if (i <= 0)
++ {
++ (void) malware_panic_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)");
++@@ -497,7 +497,7 @@ switch (*line)
++
++ static int
++ mksd_scan_packed(struct scan * scanent, int sock, const uschar * scan_filename,
++- int tmo)
+++ time_t tmo)
++ {
++ struct iovec iov[3];
++ const char *cmd = "MSQ\n";
++@@ -746,7 +746,7 @@ if (!malware_ok)
++ if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0)
++ return m_panic_defer(scanent, CUS callout_address, errstr);
++
++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
+++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
++
++ if (bread <= 0)
++ return m_panic_defer_3(scanent, CUS callout_address,
++@@ -1064,7 +1064,7 @@ badseek: err = errno;
++ if (m_sock_send(malware_daemon_ctx.sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0)
++ return m_panic_defer(scanent, CUS callout_address, errstr);
++
++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
+++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
++ if (bread > 0) av_buffer[bread]='\0';
++ if (bread < 0)
++ return m_panic_defer_3(scanent, CUS callout_address,
++@@ -1096,7 +1096,7 @@ badseek: err = errno;
++ {
++ errno = ETIMEDOUT;
++ i = av_buffer+sizeof(av_buffer)-p;
++- if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo-time(NULL))) < 0)
+++ if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo)) < 0)
++ return m_panic_defer_3(scanent, CUS callout_address,
++ string_sprintf("unable to read result (%s)", strerror(errno)),
++ malware_daemon_ctx.sock);
++@@ -1401,7 +1401,7 @@ badseek: err = errno;
++
++ /* wait for result */
++ memset(av_buffer, 0, sizeof(av_buffer));
++- if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL))) <= 0)
+++ if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo)) <= 0)
++ return m_panic_defer_3(scanent, CUS callout_address,
++ string_sprintf("unable to read from UNIX socket (%s)", scanner_options),
++ malware_daemon_ctx.sock);
++@@ -1737,7 +1737,7 @@ b_seek: err = errno;
++
++ /* Read the result */
++ memset(av_buffer, 0, sizeof(av_buffer));
++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
+++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
++ (void)close(malware_daemon_ctx.sock);
++ malware_daemon_ctx.sock = -1;
++ malware_daemon_ctx.tls_ctx = NULL;
++@@ -1895,7 +1895,7 @@ b_seek: err = errno;
++ return m_panic_defer(scanent, CUS callout_address, errstr);
++
++ /* Read the result */
++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL));
+++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
++
++ if (bread <= 0)
++ return m_panic_defer_3(scanent, CUS callout_address,
++--- a/src/routers/iplookup.c
+++++ b/src/routers/iplookup.c
++@@ -279,7 +279,7 @@ while ((hostname = string_nextinlist(&li
++ /* Read the response and close the socket. If the read fails, try the
++ next IP address. */
++
++- count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, ob->timeout);
+++ count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, time(NULL) + ob->timeout);
++ (void)close(query_cctx.sock);
++ if (count <= 0)
++ {
++--- a/src/smtp_out.c
+++++ b/src/smtp_out.c
++@@ -587,14 +587,14 @@ Arguments:
++ inblock the SMTP input block (contains holding buffer, socket, etc.)
++ buffer where to put the line
++ size space available for the line
++- timeout the timeout to use when reading a packet
+++ timelimit deadline for reading the lime, seconds past epoch
++
++ Returns: length of a line that has been put in the buffer
++ -1 otherwise, with errno set
++ */
++
++ static int
++-read_response_line(smtp_inblock *inblock, uschar *buffer, int size, int timeout)
+++read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit)
++ {
++ uschar *p = buffer;
++ uschar *ptr = inblock->ptr;
++@@ -637,7 +637,7 @@ for (;;)
++
++ /* Need to read a new input packet. */
++
++- if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timeout)) <= 0)
+++ if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0)
++ {
++ DEBUG(D_deliver|D_transport|D_acl)
++ debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n",
++@@ -694,6 +694,7 @@ smtp_read_response(void * sx0, uschar *
++ smtp_context * sx = sx0;
++ uschar * ptr = buffer;
++ int count = 0, rc;
+++time_t timelimit = time(NULL) + timeout;
++
++ errno = 0; /* Ensure errno starts out zero */
++
++@@ -713,7 +714,7 @@ response. */
++
++ for (;;)
++ {
++- if ((count = read_response_line(&sx->inblock, ptr, size, timeout)) < 0)
+++ if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0)
++ return FALSE;
++
++ HDEBUG(D_transport|D_acl|D_v)
++--- a/src/spam.c
+++++ b/src/spam.c
++@@ -503,7 +503,7 @@ offset = 0;
++ while ((i = ip_recv(&spamd_cctx,
++ spamd_buffer + offset,
++ sizeof(spamd_buffer) - offset - 1,
++- sd->timeout - time(NULL) + start)) > 0)
+++ sd->timeout + start)) > 0)
++ offset += i;
++ spamd_buffer[offset] = '\0'; /* guard byte */
++
++--- a/src/transports/smtp_socks.c
+++++ b/src/transports/smtp_socks.c
++@@ -129,7 +129,7 @@ switch(method)
++ #ifdef TCP_QUICKACK
++ (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
++ #endif
++- if (!fd_ready(fd, tmo-time(NULL)) || read(fd, s, 2) != 2)
+++ if (!fd_ready(fd, tmo) || read(fd, s, 2) != 2)
++ return FAIL;
++ HDEBUG(D_transport|D_acl|D_v)
++ debug_printf_indent(" SOCKS<< %02x %02x\n", s[0], s[1]);
++@@ -320,7 +320,7 @@ HDEBUG(D_transport|D_acl|D_v) debug_prin
++ (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off));
++ #endif
++
++-if ( !fd_ready(fd, tmo-time(NULL))
+++if ( !fd_ready(fd, tmo)
++ || read(fd, buf, 2) != 2
++ )
++ goto rcv_err;
++@@ -370,7 +370,7 @@ if (send(fd, buf, size, 0) < 0)
++ /* expect conn-reply (success, local(ipver, addr, port))
++ of same length as conn-request, or non-success fail code */
++
++-if ( !fd_ready(fd, tmo-time(NULL))
+++if ( !fd_ready(fd, tmo)
++ || (size = read(fd, buf, size)) < 2
++ )
++ goto rcv_err;
++--- a/src/verify.c
+++++ b/src/verify.c
++@@ -2770,7 +2770,7 @@ for (;;)
++ int size = sizeof(buffer) - (p - buffer);
++
++ if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */
++- count = ip_recv(&ident_conn_ctx, p, size, rfc1413_query_timeout);
+++ count = ip_recv(&ident_conn_ctx, p, size, time(NULL) + rfc1413_query_timeout);
++ if (count <= 0) goto END_OFF; /* Read error or EOF */
++
++ /* Scan what we just read, to see if we have reached the terminating \r\n. Be
--- /dev/null
--- /dev/null
++From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Fri, 7 Jun 2019 11:54:10 +0100
++Subject: [PATCH 2/2] Fix detection of 32b platform at build time. Bug 2405
++
++---
++ src/buildconfig.c | 12 +++---
++ test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++-----------------
++ test/stdout/0002 | 72 +++++++++++++++++++-----------------
++ 3 files changed, 83 insertions(+), 73 deletions(-)
++
++diff --git a/src/buildconfig.c b/src/buildconfig.c
++index 71cf97b1..a680b344 100644
++--- a/src/buildconfig.c
+++++ b/src/buildconfig.c
++@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L;
++ unsigned int test_uint_t = 0;
++ #endif
++ long test_long_t = 0;
+++long long test_longlong_t = 0;
++ int test_int_t = 0;
++ FILE *base;
++ FILE *new;
++@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */
++
++ fprintf(new, "#ifndef OFF_T_FMT\n");
++ if (sizeof(test_off_t) > sizeof(test_long_t))
++- {
++ fprintf(new, "# define OFF_T_FMT \"%%lld\"\n");
++- fprintf(new, "# define LONGLONG_T long long int\n");
++- }
++ else
++- {
++ fprintf(new, "# define OFF_T_FMT \"%%ld\"\n");
+++fprintf(new, "#endif\n\n");
+++
+++fprintf(new, "#ifndef LONGLONG_T\n");
+++if (sizeof(test_longlong_t) > sizeof(test_long_t))
+++ fprintf(new, "# define LONGLONG_T long long int\n");
+++else
++ fprintf(new, "# define LONGLONG_T long int\n");
++- }
++ fprintf(new, "#endif\n\n");
++
++ /* Now do the same thing for time_t variables. If the length is greater than
++--
++2.20.1
++
--- /dev/null
- @@ -2115,6 +2115,55 @@ return ret;
+From cf84d126bc1f04746eb7c8e8b3468f7e70add3ec Mon Sep 17 00:00:00 2001
+From: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Fri, 5 Jul 2019 15:38:15 +0100
+Subject: [PATCH] Avoid re-expansion in ${sort } CVE-2019-13917
+ OVE-20190718-0006
+
+(cherry picked from commit 5c887f836e4d8e3f79da1c15565b56b40d9bd0dd)
+---
+ doc/ChangeLog | 6 ++
+ doc/doc-txt/cve-2019-13917 | 46 ++++++++
+ src/expand.c | 214 +++++++++++++++++++++++++------------
+ 3 files changed, 199 insertions(+), 67 deletions(-)
+ create mode 100644 doc/doc-txt/cve-2019-13917
+
+--- a/src/expand.c
++++ b/src/expand.c
- @@ -2145,6 +2194,7 @@ BOOL sub2_honour_dollar = TRUE;
++@@ -2147,6 +2147,55 @@ return ret;
+
+
+
++/************************************************/
++/* Return offset in ops table, or -1 if not found.
++Repoint to just after the operator in the string.
++
++Argument:
++ ss string representation of operator
++ opname split-out operator name
++*/
++
++static int
++identify_operator(const uschar ** ss, uschar ** opname)
++{
++const uschar * s = *ss;
++uschar name[256];
++
++/* Numeric comparisons are symbolic */
++
++if (*s == '=' || *s == '>' || *s == '<')
++ {
++ int p = 0;
++ name[p++] = *s++;
++ if (*s == '=')
++ {
++ name[p++] = '=';
++ s++;
++ }
++ name[p] = 0;
++ }
++
++/* All other conditions are named */
++
++else
++ s = read_name(name, sizeof(name), s, US"_");
++*ss = s;
++
++/* If we haven't read a name, it means some non-alpha character is first. */
++
++if (!name[0])
++ {
++ expand_string_message = string_sprintf("condition name expected, "
++ "but found \"%.16s\"", s);
++ return -1;
++ }
++if (opname)
++ *opname = string_copy(name);
++
++return chop_match(name, cond_table, nelem(cond_table));
++}
++
+
+ /*************************************************
+ * Read and evaluate a condition *
- @@ -2157,37 +2207,7 @@ for (;;)
++@@ -2177,6 +2226,7 @@ BOOL sub2_honour_dollar = TRUE;
+ int i, rc, cond_type, roffset;
+ int_eximarith_t num[2];
+ struct stat statbuf;
++uschar * opname;
+ uschar name[256];
+ const uschar *sub[10];
+
- @@ -2506,7 +2526,7 @@ switch(cond_type)
++@@ -2189,37 +2239,7 @@ for (;;)
+ if (*s == '!') { testfor = !testfor; s++; } else break;
+ }
+
+-/* Numeric comparisons are symbolic */
+-
+-if (*s == '=' || *s == '>' || *s == '<')
+- {
+- int p = 0;
+- name[p++] = *s++;
+- if (*s == '=')
+- {
+- name[p++] = '=';
+- s++;
+- }
+- name[p] = 0;
+- }
+-
+-/* All other conditions are named */
+-
+-else s = read_name(name, 256, s, US"_");
+-
+-/* If we haven't read a name, it means some non-alpha character is first. */
+-
+-if (name[0] == 0)
+- {
+- expand_string_message = string_sprintf("condition name expected, "
+- "but found \"%.16s\"", s);
+- return NULL;
+- }
+-
+-/* Find which condition we are dealing with, and switch on it */
+-
+-cond_type = chop_match(name, cond_table, nelem(cond_table));
+-switch(cond_type)
++switch(cond_type = identify_operator(&s, &opname))
+ {
+ /* def: tests for a non-empty variable, or for the existence of a header. If
+ yield == NULL we are in a skipping state, and don't care about the answer. */
- sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
- @@ -2518,7 +2538,7 @@ switch(cond_type)
++@@ -2538,7 +2558,7 @@ switch(cond_type)
+ {
+ if (i == 0) goto COND_FAILED_CURLY_START;
+ expand_string_message = string_sprintf("missing 2nd string in {} "
+- "after \"%s\"", name);
++ "after \"%s\"", opname);
+ return NULL;
+ }
- @@ -2832,7 +2852,7 @@ switch(cond_type)
++ if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL,
++@@ -2553,7 +2573,7 @@ switch(cond_type)
+ conditions that compare numbers do not start with a letter. This just saves
+ checking for them individually. */
+
+- if (!isalpha(name[0]) && yield != NULL)
++ if (!isalpha(opname[0]) && yield != NULL)
+ if (sub[i][0] == 0)
+ {
+ num[i] = 0;
- - DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
- + DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
++@@ -2867,7 +2887,7 @@ switch(cond_type)
+ uschar *save_iterate_item = iterate_item;
+ int (*compare)(const uschar *, const uschar *);
+
- @@ -2871,14 +2891,14 @@ switch(cond_type)
++- DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", name, sub[0]);
+++ DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]);
+
+ tempcond = FALSE;
+ compare = cond_type == ECOND_INLISTI
- @@ -2888,7 +2908,7 @@ switch(cond_type)
++@@ -2909,14 +2929,14 @@ switch(cond_type)
+ if (*s != '{') /* }-for-text-editors */
+ {
+ expand_string_message = string_sprintf("each subcondition "
+- "inside an \"%s{...}\" condition must be in its own {}", name);
++ "inside an \"%s{...}\" condition must be in its own {}", opname);
+ return NULL;
+ }
+
+ if (!(s = eval_condition(s+1, resetok, subcondptr)))
+ {
+ expand_string_message = string_sprintf("%s inside \"%s{...}\" condition",
+- expand_string_message, name);
++ expand_string_message, opname);
+ return NULL;
+ }
+ while (isspace(*s)) s++;
- @@ -2920,7 +2940,7 @@ switch(cond_type)
++@@ -2926,7 +2946,7 @@ switch(cond_type)
+ {
+ /* {-for-text-editors */
+ expand_string_message = string_sprintf("missing } at end of condition "
+- "inside \"%s\" group", name);
++ "inside \"%s\" group", opname);
+ return NULL;
+ }
+
- @@ -2941,7 +2961,7 @@ switch(cond_type)
++@@ -2958,7 +2978,7 @@ switch(cond_type)
+ int sep = 0;
+ uschar *save_iterate_item = iterate_item;
+
+- DEBUG(D_expand) debug_printf_indent("condition: %s\n", name);
++ DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname);
+
+ while (isspace(*s)) s++;
+ if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */
- @@ -2951,7 +2971,7 @@ switch(cond_type)
++@@ -2979,7 +2999,7 @@ switch(cond_type)
+ if (!(s = eval_condition(sub[1], resetok, NULL)))
+ {
+ expand_string_message = string_sprintf("%s inside \"%s\" condition",
+- expand_string_message, name);
++ expand_string_message, opname);
+ return NULL;
+ }
+ while (isspace(*s)) s++;
- @@ -2963,11 +2983,11 @@ switch(cond_type)
++@@ -2989,7 +3009,7 @@ switch(cond_type)
+ {
+ /* {-for-text-editors */
+ expand_string_message = string_sprintf("missing } at end of condition "
+- "inside \"%s\"", name);
++ "inside \"%s\"", opname);
+ return NULL;
+ }
+
- @@ -3060,19 +3080,20 @@ switch(cond_type)
++@@ -3001,11 +3021,11 @@ switch(cond_type)
+ if (!eval_condition(sub[1], resetok, &tempcond))
+ {
+ expand_string_message = string_sprintf("%s inside \"%s\" condition",
+- expand_string_message, name);
++ expand_string_message, opname);
+ iterate_item = save_iterate_item;
+ return NULL;
+ }
+- DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name,
++ DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname,
+ tempcond? "true":"false");
+
+ if (yield != NULL) *yield = (tempcond == testfor);
- @@ -3082,7 +3103,7 @@ return NULL;
++@@ -3098,19 +3118,20 @@ switch(cond_type)
+ /* Unknown condition */
+
+ default:
+- expand_string_message = string_sprintf("unknown condition \"%s\"", name);
+- return NULL;
++ if (!expand_string_message || !*expand_string_message)
++ expand_string_message = string_sprintf("unknown condition \"%s\"", opname);
++ return NULL;
+ } /* End switch on condition type */
+
+ /* Missing braces at start and end of data */
+
+ COND_FAILED_CURLY_START:
+-expand_string_message = string_sprintf("missing { after \"%s\"", name);
++expand_string_message = string_sprintf("missing { after \"%s\"", opname);
+ return NULL;
+
+ COND_FAILED_CURLY_END:
+ expand_string_message = string_sprintf("missing } at end of \"%s\" condition",
+- name);
++ opname);
+ return NULL;
+
+ /* A condition requires code that is not compiled */
- @@ -3793,6 +3814,58 @@ return x;
- }
++@@ -3120,7 +3141,7 @@ return NULL;
+ !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET)
+ COND_FAILED_NOT_COMPILED:
+ expand_string_message = string_sprintf("support for \"%s\" not compiled",
+- name);
++ opname);
+ return NULL;
+ #endif
+ }
- +
- +
++@@ -3849,6 +3870,56 @@ return x;
++
+
+
++/************************************************/
++/* Comparison operation for sort expansion. We need to avoid
++re-expanding the fields being compared, so need a custom routine.
++
++Arguments:
++ cond_type Comparison operator code
++ leftarg, rightarg Arguments for comparison
++
++Return true iff (leftarg compare rightarg)
++*/
++
++static BOOL
++sortsbefore(int cond_type, BOOL alpha_cond,
++ const uschar * leftarg, const uschar * rightarg)
++{
++int_eximarith_t l_num, r_num;
++
++if (!alpha_cond)
++ {
++ l_num = expanded_string_integer(leftarg, FALSE);
++ if (expand_string_message) return FALSE;
++ r_num = expanded_string_integer(rightarg, FALSE);
++ if (expand_string_message) return FALSE;
++
++ switch (cond_type)
++ {
++ case ECOND_NUM_G: return l_num > r_num;
++ case ECOND_NUM_GE: return l_num >= r_num;
++ case ECOND_NUM_L: return l_num < r_num;
++ case ECOND_NUM_LE: return l_num <= r_num;
++ default: break;
++ }
++ }
++else
++ switch (cond_type)
++ {
++ case ECOND_STR_LT: return Ustrcmp (leftarg, rightarg) < 0;
++ case ECOND_STR_LTI: return strcmpic(leftarg, rightarg) < 0;
++ case ECOND_STR_LE: return Ustrcmp (leftarg, rightarg) <= 0;
++ case ECOND_STR_LEI: return strcmpic(leftarg, rightarg) <= 0;
++ case ECOND_STR_GT: return Ustrcmp (leftarg, rightarg) > 0;
++ case ECOND_STR_GTI: return strcmpic(leftarg, rightarg) > 0;
++ case ECOND_STR_GE: return Ustrcmp (leftarg, rightarg) >= 0;
++ case ECOND_STR_GEI: return strcmpic(leftarg, rightarg) >= 0;
++ default: break;
++ }
++return FALSE; /* should not happen */
++}
++
++
- /*************************************************
- * Expand string *
- @@ -5904,9 +5977,10 @@ while (*s != 0)
++ /* Return pointer to dewrapped string, with enclosing specified chars removed.
++ The given string is modified on return. Leading whitespace is skipped while
++ looking for the opening wrap character, then the rest is scanned for the trailing
++@@ -3905,7 +3976,7 @@ The element may itself be an object or a
++ Return NULL when the list is empty.
++ */
+
- @@ -5941,6 +6015,25 @@ while (*s != 0)
++-uschar *
+++static uschar *
++ json_nextinlist(const uschar ** list)
++ {
++ unsigned array_depth = 0, object_depth = 0;
++@@ -6243,9 +6314,10 @@ while (*s != 0)
+
+ case EITEM_SORT:
+ {
++ int cond_type;
+ int sep = 0;
+ const uschar *srclist, *cmp, *xtract;
+- uschar *srcitem;
++ uschar * opname, * srcitem;
+ const uschar *dstlist = NULL, *dstkeylist = NULL;
+ uschar * tmp;
+ uschar *save_iterate_item = iterate_item;
- @@ -5969,10 +6062,9 @@ while (*s != 0)
++@@ -6280,6 +6352,25 @@ while (*s != 0)
+ goto EXPAND_FAILED_CURLY;
+ }
+
++ if ((cond_type = identify_operator(&cmp, &opname)) == -1)
++ {
++ if (!expand_string_message)
++ expand_string_message = string_sprintf("unknown condition \"%s\"", s);
++ goto EXPAND_FAILED;
++ }
++ switch(cond_type)
++ {
++ case ECOND_NUM_L: case ECOND_NUM_LE:
++ case ECOND_NUM_G: case ECOND_NUM_GE:
++ case ECOND_STR_GE: case ECOND_STR_GEI: case ECOND_STR_GT: case ECOND_STR_GTI:
++ case ECOND_STR_LE: case ECOND_STR_LEI: case ECOND_STR_LT: case ECOND_STR_LTI:
++ break;
++
++ default:
++ expand_string_message = US"comparator not handled for sort";
++ goto EXPAND_FAILED;
++ }
++
+ while (isspace(*s)) s++;
+ if (*s++ != '{')
+ {
- {
++@@ -6307,11 +6398,10 @@ while (*s != 0)
++ if (skipping) continue;
+
+ while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0)))
- uschar * newlist = NULL;
- uschar * newkeylist = NULL;
++- {
+- uschar * dstitem;
+++ {
++ uschar * srcfield, * dstitem;
- @@ -5993,25 +6085,15 @@ while (*s != 0)
++ gstring * newlist = NULL;
++ gstring * newkeylist = NULL;
+- uschar * srcfield;
+
+ DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem);
+
++@@ -6332,25 +6422,15 @@ while (*s != 0)
+ while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0)))
+ {
+ uschar * dstfield;
+- uschar * expr;
+- BOOL before;
+
+ /* field for comparison */
+ if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0)))
+ goto sort_mismatch;
+
+- /* build and run condition string */
+- expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield);
+-
+- DEBUG(D_expand) debug_printf_indent("%s: cond = \"%s\"\n", name, expr);
+- if (!eval_condition(expr, &resetok, &before))
+- {
+- expand_string_message = string_sprintf("comparison in sort: %s",
+- expr);
+- goto EXPAND_FAILED;
+- }
++ /* String-comparator names start with a letter; numeric names do not */
+
+- if (before)
++ if (sortsbefore(cond_type, isalpha(opname[0]),
++ srcfield, dstfield))
+ {
+ /* New-item sorts before this dst-item. Append new-item,
+ then dst-item, then remainder of dst list. */
--- /dev/null
- Exim version 4.89
- -----------------
+From 2600301ba6dbac5c9d640c87007a07ee6dcea1f4 Mon Sep 17 00:00:00 2001
+From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
+Date: Mon, 19 Aug 2019 14:45:48 +0200
+Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
+
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -4,6 +4,11 @@ This document describes *changes* to pre
+ affect Exim's operation, with an unchanged configuration file. For new
+ options, and new features, see the NewStuff file next to this ChangeLog.
+
++Exim version 4.92.2
++-------------------
++
++HS/01 Handle trailing backslash gracefully. (CVE-2019-15846)
++
+
- @@ -220,6 +220,8 @@ interpreted in strings.
++ Since version 4.92
++ ------------------
+--- a/src/string.c
++++ b/src/string.c
- @@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789
++@@ -224,6 +224,8 @@ interpreted in strings.
+ Arguments:
+ pp points a pointer to the initiating "\" in the string;
+ the pointer gets updated to point to the final character
++ If the backslash is the last character in the string, it
++ is not interpreted.
+ Returns: the value of the character escape
+ */
+
++@@ -236,6 +238,7 @@ const uschar *hex_digits= CUS"0123456789
+ int ch;
+ const uschar *p = *pp;
+ ch = *(++p);
++if (ch == '\0') return **pp;
+ if (isdigit(ch) && ch != '8' && ch != '9')
+ {
+ ch -= '0';
++@@ -1210,8 +1213,8 @@ memcpy(g->s + p, s, count);
++ g->ptr = p + count;
++ return g;
++ }
++-
++-
+++
+++
++ gstring *
++ string_cat(gstring *string, const uschar *s)
++ {
--- /dev/null
--- /dev/null
++From 478effbfd9c3cc5a627fc671d4bf94d13670d65f Mon Sep 17 00:00:00 2001
++From: Jeremy Harris <jgh146exb@wizmail.org>
++Date: Fri, 27 Sep 2019 12:21:49 +0100
++Subject: [PATCH] Fix buffer overflow in string_vformat. Bug 2449
++
++---
++ src/string.c | 4 ++--
++ test/scripts/0000-Basic/0214 | 11 +++++++++++
++ test/stdout/0214 | 7 +++++++
++ 3 files changed, 20 insertions(+), 2 deletions(-)
++
++diff --git a/src/string.c b/src/string.c
++index c6549bf93..3445f8a42 100644
++--- a/src/string.c
+++++ b/src/string.c
++@@ -1132,7 +1132,7 @@ store_reset(g->s + (g->size = g->ptr + 1));
++ Arguments:
++ g the growable-string
++ p current end of data
++- count amount to grow by
+++ count amount to grow by, offset from p
++ */
++
++ static void
++@@ -1590,7 +1590,7 @@ while (*fp)
++ }
++ else if (g->ptr >= lim - width)
++ {
++- gstring_grow(g, g->ptr, width - (lim - g->ptr));
+++ gstring_grow(g, g->ptr, width);
++ lim = g->size - 1;
++ gp = CS g->s + g->ptr;
++ }
++--
++2.23.0
++
--- /dev/null
- ## 50_localscan_dlopen.dpatch by Marc MERLIN
-
-
- Description: Allow to use and switch between different local_scan functions
++Description: Allow one to use and switch between different local_scan functions
+ without recompiling exim.
+ http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from
+ David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc
+ MERLIN for SA-Exim and minor/major API version tracking
+Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN
+Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/
+Forwarded: no
- Last-Update: 2014-12-01
++Last-Update: 2018-12-12
+
+--- a/src/EDITME
++++ b/src/EDITME
- @@ -785,6 +785,21 @@ HEADERS_CHARSET="ISO-8859-1"
++@@ -824,6 +824,21 @@ HEADERS_CHARSET="ISO-8859-1"
+
+
+ #------------------------------------------------------------------------------
++# On systems which support dynamic loading of shared libraries, Exim can
++# load a local_scan function specified in its config file instead of having
++# to be recompiled with the desired local_scan function. For a full
++# description of the API to this function, see the Exim specification.
++
++DLOPEN_LOCAL_SCAN=yes
++
++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the
++# linker flags. Without it, the loaded .so won't be able to access any
++# functions from exim.
++
++LDFLAGS += -rdynamic
++CFLAGS += -fvisibility=hidden
++
++#------------------------------------------------------------------------------
+ # The default distribution of Exim contains only the plain text form of the
+ # documentation. Other forms are available separately. If you want to install
+ # the documentation in "info" format, first fetch the Texinfo documentation
+--- a/src/config.h.defaults
++++ b/src/config.h.defaults
- @@ -28,6 +28,8 @@ it's a default value. */
++@@ -32,6 +32,8 @@ Do not put spaces between # and the 'def
+
+ #define AUTH_VARS 3
+
++#define DLOPEN_LOCAL_SCAN
++
+ #define BIN_DIRECTORY
+
+ #define CONFIGURE_FILE
+--- a/src/globals.c
++++ b/src/globals.c
- @@ -140,6 +140,10 @@ int dsn_ret = 0;
++@@ -141,6 +141,10 @@ int dsn_ret = 0;
+ const pcre *regex_DSN = NULL;
+ uschar *dsn_advertise_hosts = NULL;
+
++#ifdef DLOPEN_LOCAL_SCAN
++uschar *local_scan_path = NULL;
++#endif
++
+ #ifdef SUPPORT_TLS
+ BOOL gnutls_compat_mode = FALSE;
+ BOOL gnutls_allow_auto_pkcs11 = FALSE;
+--- a/src/globals.h
++++ b/src/globals.h
- @@ -133,6 +133,9 @@ extern int dsn_ret; /
++@@ -138,6 +138,9 @@ extern int dsn_ret; /
+ extern const pcre *regex_DSN; /* For recognizing DSN settings */
+ extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */
+
++#ifdef DLOPEN_LOCAL_SCAN
++extern uschar *local_scan_path; /* Path to local_scan() library */
++#endif
+ /* Input-reading functions for messages, so we can use special ones for
+ incoming TCP/IP. */
+
+--- a/src/local_scan.c
++++ b/src/local_scan.c
- @@ -5,60 +5,131 @@
++@@ -5,61 +5,131 @@
+ /* Copyright (c) University of Cambridge 1995 - 2009 */
+ /* See the file NOTICE for conditions of use and distribution. */
+
++#include "exim.h"
+
+-/******************************************************************************
+-This file contains a template local_scan() function that just returns ACCEPT.
+-If you want to implement your own version, you should copy this file to, say
+-Local/local_scan.c, and edit the copy. To use your version instead of the
+-default, you must set
+-
++-HAVE_LOCAL_SCAN=yes
+-LOCAL_SCAN_SOURCE=Local/local_scan.c
+-
+-in your Local/Makefile. This makes it easy to copy your version for use with
+-subsequent Exim releases.
+-
+-For a full description of the API to this function, see the Exim specification.
+-******************************************************************************/
+-
+-
+-/* This is the only Exim header that you should include. The effect of
+-including any other Exim header is not defined, and may change from release to
+-release. Use only the documented interface! */
+-
+-#include "local_scan.h"
+-
+-
+-/* This is a "do-nothing" version of a local_scan() function. The arguments
+-are:
+-
+- fd The file descriptor of the open -D file, which contains the
+- body of the message. The file is open for reading and
+- writing, but modifying it is dangerous and not recommended.
+-
+- return_text A pointer to an unsigned char* variable which you can set in
+- order to return a text string. It is initialized to NULL.
+-
+-The return values of this function are:
+-
+- LOCAL_SCAN_ACCEPT
+- The message is to be accepted. The return_text argument is
+- saved in $local_scan_data.
+-
+- LOCAL_SCAN_REJECT
+- The message is to be rejected. The returned text is used
+- in the rejection message.
+-
+- LOCAL_SCAN_TEMPREJECT
+- This specifies a temporary rejection. The returned text
+- is used in the rejection message.
+-*/
++#ifdef DLOPEN_LOCAL_SCAN
++#include <dlfcn.h>
++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL;
++static int load_local_scan_library(void);
++#endif
+
+ int
+ local_scan(int fd, uschar **return_text)
+ {
+ fd = fd; /* Keep picky compilers happy */
+ return_text = return_text;
+-return LOCAL_SCAN_ACCEPT;
++#ifdef DLOPEN_LOCAL_SCAN
++/* local_scan_path is defined AND not the empty string */
++if (local_scan_path && *local_scan_path)
++ {
++ if (!local_scan_fn)
++ {
++ if (!load_local_scan_library())
++ {
++ char *base_msg , *error_msg , *final_msg ;
++ int final_length = -1 ;
++
++ base_msg=US"Local configuration error - local_scan() library failure\n";
++ error_msg = dlerror() ;
++
++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ;
++ final_msg = (char*)malloc( final_length*sizeof(char) ) ;
++ *final_msg = '\0' ;
++
++ strcat( final_msg , base_msg ) ;
++ strcat( final_msg , error_msg ) ;
++
++ *return_text = final_msg ;
++ return LOCAL_SCAN_TEMPREJECT;
++ }
++ }
++ return local_scan_fn(fd, return_text);
++ }
++else
++#endif
++ return LOCAL_SCAN_ACCEPT;
++}
++
++#ifdef DLOPEN_LOCAL_SCAN
++
++static int load_local_scan_library(void)
++{
++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */
++void *local_scan_lib = NULL;
++int (*local_scan_version_fn)(void);
++int vers_maj;
++int vers_min;
++
++local_scan_lib = dlopen(local_scan_path, RTLD_NOW);
++if (!local_scan_lib)
++ {
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - "
++ "message temporarily rejected");
++ return FALSE;
++ }
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_major() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The major number is increased when the ABI is changed in a non
++ backward compatible way. */
++vers_maj = local_scan_version_fn();
++
++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor");
++if (!local_scan_version_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan_version_minor() function - message temporarily rejected");
++ return FALSE;
++ }
++
++/* The minor number is increased each time a new feature is added (in a
++ way that doesn't break backward compatibility) -- Marc */
++vers_min = local_scan_version_fn();
++
++
++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR)
++ {
++ dlclose(local_scan_lib);
++ local_scan_lib = NULL;
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor"
++ "version number, you need to recompile your module for this version"
++ "of exim (The module was compiled for version %d.%d and this exim provides"
++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR,
++ LOCAL_SCAN_ABI_VERSION_MINOR);
++ return FALSE;
++ }
++
++local_scan_fn = dlsym(local_scan_lib, "local_scan");
++if (!local_scan_fn)
++ {
++ dlclose(local_scan_lib);
++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain "
++ "local_scan() function - message temporarily rejected");
++ return FALSE;
++ }
++
++return TRUE;
+ }
+
++#endif /* DLOPEN_LOCAL_SCAN */
++
+ /* End of local_scan.c */
+--- a/src/local_scan.h
++++ b/src/local_scan.h
+@@ -17,6 +17,7 @@ settings, and the store functions. */
+
+ #include <stdarg.h>
+ #include <sys/types.h>
++#pragma GCC visibility push(default)
+ #include "config.h"
+ #include "mytypes.h"
+ #include "store.h"
+@@ -192,4 +193,6 @@ extern uschar *string_copy(const uschar
+ extern uschar *string_copyn(const uschar *, int);
+ extern uschar *string_sprintf(const char *, ...) ALMOST_PRINTF(1,2);
+
++#pragma GCC visibility pop
++
+ /* End of local_scan.h */
+--- a/src/readconf.c
++++ b/src/readconf.c
- @@ -313,6 +313,9 @@ static optionlist optionlist_config[] =
++@@ -199,6 +199,9 @@ static optionlist optionlist_config[] =
+ { "local_from_prefix", opt_stringptr, &local_from_prefix },
+ { "local_from_suffix", opt_stringptr, &local_from_suffix },
+ { "local_interfaces", opt_stringptr, &local_interfaces },
++#ifdef DLOPEN_LOCAL_SCAN
++ { "local_scan_path", opt_stringptr, &local_scan_path },
++#endif
++ #ifdef HAVE_LOCAL_SCAN
+ { "local_scan_timeout", opt_time, &local_scan_timeout },
- { "local_sender_retain", opt_bool, &local_sender_retain },
- { "localhost_number", opt_stringptr, &host_number_string },
++ #endif
--- /dev/null
- 40_reproducible_build.diff
- 50_localscan_dlopen.dpatch
+31_eximmanpage.dpatch
+32_exim4.dpatch
+33_eximon.binary.dpatch
+34_eximstatsmanpage.dpatch
+35_install.dpatch
- 78_Disable-chunking-BDAT-by-default.patch
- 79_CVE-2017-1000369.patch
- 80_Avoid-release-of-store-if-there-have-been-later-allo.patch
- 81_Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
- 82_Fix-base64d-buffer-size-CVE-2018-6789.patch
- 83_qsa-2019-exim4.patch
- 84_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch
- 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
+60_convert4r4.dpatch
+67_unnecessaryCopt.diff
+70_remove_exim-users_references.dpatch
++75_01-Fix-json-extract-operator-for-unfound-case.patch
++75_02-Fix-transport-buffer-size-handling.patch
++75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch
++75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch
++75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch
++75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch
++75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
++75_08-Logging-fix-initial-listening-on-log-line.patch
++75_09-OpenSSL-Fix-aggregation-of-messages.patch
++75_10-Harden-plaintext-authenticator.patch
++75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
++75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
++75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
++75_14-Fix-smtp-response-timeout.patch
++75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
++77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch
++78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch
++78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch
++90_localscan_dlopen.dpatch
--- /dev/null
- # Uncomment this to turn on verbose mode.
+#!/usr/bin/make -f
+# debian/rules for exim4
+# This file is public domain software, originally written by Joey Hess.
+#
- ifeq ($(wildcard /usr/share/dpkg/buildflags.mk),)
- CFLAGS := -g
- ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
- else
- CFLAGS += -O2
- endif
- else
- export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie
- DPKG_EXPORT_BUILDFLAGS := 1
++# Uncomment this to turn on verbose mode.
+# export DH_VERBOSE=1
+
+buildname := $(shell scripts/os-type)-$(shell scripts/arch-type)
+DEBIAN := $(shell pwd)/debian
+
- endif
++export DEB_BUILD_MAINT_OPTIONS := hardening=+all
+include /usr/share/dpkg/buildflags.mk
- CFLAGS := $(CFLAGS) $(shell getconf LFS_CFLAGS) -D_LARGEFILE_SOURCE -fno-strict-aliasing -Wall $(CPPFLAGS)
++include /usr/share/dpkg/pkg-info.mk
++# SOURCE_DATE_EPOCH is exported by pkg-info.mk since dpkg 1.18.8/July 2016
++# fall back to current date otherwise.
++SOURCE_DATE_EPOCH ?= $(shell date '+%s')
++
+
+# The build system ignores CPPFLAGS, append them to CFLAGS
- export LFLAGS += $(LDFLAGS)
++CFLAGS += $(shell getconf LFS_CFLAGS) -D_LARGEFILE_SOURCE \
++ -fno-strict-aliasing -Wall $(CPPFLAGS)
+export CFLAGS
+# LFLAGS is used where GNU would use LDFLAGS
- # Which packages should we build?
- ifndef buildbasepackages
- buildbasepackages=yes
- endif
-
- ifndef extradaemonpackages
- extradaemonpackages=exim4-daemon-heavy
- endif
++export LFLAGS = $(LDFLAGS)
+
+LC_ALL=C
+export LC_ALL
+
- # needs, uncomment the two custom packages in debian/control
- # call "fakeroot debian/rules unpack-configs", copy EDITME.exim4-light
- # to EDITME.exim4-custom and modify it. Please note that you _need_ to
- # modify EDITME.exim4-custom or your build will fail due to #386188.
+# If you want to build a daemon with a configuration tailored to YOUR special
- #
- # Afterwards EITHER change the definition of extradaemonpackages above OR
- # simply set extradaemonpackages to the desired value via the environment.
-
- # If you want your changes to survive a debian/rules clean, call
- # "fakeroot debian/rules pack-configs" after customizing EDITME.exim4-custom
-
- # If you remove exim4-daemon-light from basedaemonpackages to prevent
- # exim4-daemon-light from being built, you need to modify the build
- # process to pull the helper binaries from the daemon package that you
- # actually build. If you simply remove exim4-daemon-light here, you will
- # end up with exim4-base sans binaries, which is most probably not what
- # you intend to have.
- #
- # combined[ai]dbgpackage has a list of packages whose debug information
- # goes into the combined debug package exim4-dbg, separated as arch
- # independent and arch dependent list.
- # extraadbgpackage has a list of packages whose debug information
- # goes into one debug package foo-dbg per package. This is currently
- # only implemented and needed for arch dependent packages.
-
- ifeq ($(buildbasepackages),yes)
- basedaemonpackages=exim4-daemon-light
- combinedadbgpackage=exim4-base eximon4
- exim4dbg=exim4-dbg
- dhstripparm=--dbg-package=$(exim4dbg)
- exim4dev=exim4-dev
- extraadbgpackage=$(basedaemonpackages) $(extradaemonpackages)
- else
- basedaemonpackages=
- combinedadbgpackage=
- exim4dbg=
- dhstripparm=
- exim4dev=
- extraadbgpackage=$(extradaemonpackages)
- endif
++# needs, uncomment the exim4-daemon-custom package in debian/control,
++# call "debian/rules unpack-configs", copy EDITME.exim4-light to
++# EDITME.exim4-custom and modify it, then call "debian/rules pack-configs".
++#
++# Afterwards EITHER uncomment the customdaemon definition below, or set it
++# to the desired value via the environment.
++# e.g run:
++# env customdaemon=exim4-daemon-custom dpkg-buildpackage -uc -us
+#
+# If you want to create multiple custom packages with different names, use
+# the script debian/create-custom-package [suffix].
-
- # list of all arch dependent packages to be built
- buildpackages=$(combinedadbgpackage) $(extraadbgpackage) $(addsuffix -dbg,$(extraadbgpackage)) $(exim4dbg) $(exim4dev)
- # generate -pexim4-base -peximon4 ... commandline for debhelper
- dhbuildpackages=$(addprefix -p,$(buildpackages))
- dhcombinedadbgpackage=$(addprefix -p,$(combinedadbgpackage))
-
- # exim4-daemon-heavy --> b-exim4-daemon-heavy/build-Linux-x86_64/exim
- daemonbinaries=$(addprefix b-,$(addsuffix /build-$(buildname)/exim,$(extradaemonpackages)))
- debiandaemonbinaries=$(addprefix $(DEBIAN)/,$(addsuffix /usr/sbin/exim4,$(extradaemonpackages)))
- BDIRS=$(addprefix b-,$(extradaemonpackages) $(basedaemonpackages))
-
-
- # get upstream-version from debian/changelog, i.e. anything until the first -
- DEBVERSION := $(shell dpkg-parsechangelog | sed -n '/^Version: /s/^Version: //p')
- UPSTREAMVERSION := $(shell echo $(DEBVERSION) | sed -n 's/\(.\+\)-[^-]\+/\1/p')
- DEBTIME := $(shell dpkg-parsechangelog --show-field Date)
- REPBUILDDATE := \
- $(shell env LC_ALL=C TZ=UTC date --date="$(DEBTIME)" '+%b %e %Y')
- REPBUILDTIME := \
- $(shell env LC_ALL=C TZ=UTC date --date="$(DEBTIME)" '+%H:%M:%S')
-
++
++# customdaemon = exim4-daemon-custom
++daemons = exim4-daemon-light exim4-daemon-heavy $(customdaemon)
+
+# If you want to build with OpenSSL instead of GnuTLS, uncomment this
+# OPENSSL:=1
+# Please note that building exim4-daemon-heavy with OpenSSL is a GPL
+# violation.
+
- # set up build directory b-exim4-daemon-heavy/
- $(addsuffix /Makefile,$(BDIRS)): %/Makefile:
- mkdir $*
- find . -mindepth 1 -maxdepth 1 \
- -name debian -prune -o \
- -name 'b-*' -o -print0 | \
- xargs --no-run-if-empty --null \
- cp -a --target-directory=$*
- printf '#define REPBUILDDATE "$(REPBUILDDATE)"\n' \
- > $*/src/repbuildtime.h && \
- printf '#define REPBUILDTIME "$(REPBUILDTIME)"\n' \
- >> $*/src/repbuildtime.h
-
-
+PROVIDE_DEFAULT_MTA := $(shell if dpkg-vendor --is Ubuntu || \
+ dpkg-vendor --derives-from Ubuntu ; then : ; else \
+ echo "default-mta" ; fi)
+# for reproducible build. If set exim would use $TZ as default value for
+# TIMEZONE_DEFAULT
+undefine TZ
+unexport TZ
+
+
- # only called manually by maintainer before upload.
- update-mtaconflicts:
- which grep-available > /dev/null && \
- grep-available --show-field=Package --field=Provides \
- mail-transport-agent --no-field-names \
- /var/lib/apt/lists/*Packages | grep -v exim | sort -u | \
- tr '\n' ',' | sed -e 's/,/, /g;s/, $$//' > $(DEBIAN)/mtalist
-
- # Generate README.Debian as text/html ...
- debian/README.Debian.html: debian/README.Debian.xml
- xsltproc --nonet --stringparam section.autolabel 1 \
- -o $@ \
- /usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl \
- $<
- # ... and text/plain
- debian/README.Debian: debian/README.Debian.html
- chmod 755 $(DEBIAN)/lynx-dump-postprocess
- lynx -force_html -dump $< | $(DEBIAN)/lynx-dump-postprocess > $@.tmp
- mv $@.tmp $@
-
- configure: configure-stamp
-
- configure-stamp: $(addsuffix /Makefile,$(BDIRS)) unpack-configs-stamp
- dh_testdir
- # Add here commands to configure the package.
- touch $@
-
- # Build binaries for the base package, the eximon4 package, and the
- # exim4-daemon-light package.
- b-exim4-daemon-light/build-$(buildname)/exim: b-exim4-daemon-light/Makefile configure-stamp
- @echo build $(<D)
- dh_testdir
-
- rm -rf $(@D)
- mkdir -p $(<D)/Local
- cp EDITME.exim4-light $(<D)/Local/Makefile
- cp EDITME.eximon $(<D)/Local/eximon.conf
- cd $(<D) && $(MAKE) FULLECHO=''
-
- b-exim4-daemon-heavy/build-$(buildname)/exim: b-exim4-daemon-heavy/Makefile configure-stamp
- @echo build $(<D)
- dh_testdir
-
- rm -rf $(@D)
- mkdir -p $(<D)/Local
- cp EDITME.exim4-heavy $(<D)/Local/Makefile
- cd $(<D) && $(MAKE) FULLECHO=''
-
- b-exim4-daemon-custom/build-$(buildname)/exim: b-exim4-daemon-custom/Makefile configure-stamp
- @echo build $(<D)
- dh_testdir
-
- rm -rf $(@D)
- mkdir -p $(<D)/Local
- cp EDITME.exim4-custom $(<D)/Local/Makefile
- cd $(<D) && $(MAKE) FULLECHO=''
-
- build-indep: build-indep-stamp
- build-indep-stamp: debian/README.Debian
- dh_testdir
+unpack-configs: unpack-configs-stamp
++
+unpack-configs-stamp: src/EDITME exim_monitor/EDITME
+ patch -o EDITME.eximon exim_monitor/EDITME \
+ $(DEBIAN)/EDITME.eximon.diff
+ patch -o EDITME.exim4-light src/EDITME \
+ $(DEBIAN)/EDITME.exim4-light.diff
+ifdef OPENSSL
+ patch EDITME.exim4-light $(DEBIAN)/EDITME.openssl.exim4-light.diff
+endif
+ for editme in $(DEBIAN)/EDITME.exim4-*.diff; do \
+ if [ "$$editme" != "$(DEBIAN)/EDITME.exim4-light.diff" ]; then \
+ TARGETNAME=`basename $$editme .diff`; \
+ echo patch -o $$TARGETNAME EDITME.exim4-light $$editme; \
+ patch -o $$TARGETNAME EDITME.exim4-light $$editme || \
+ exit $$? ;\
+ fi; \
+ done
+ touch unpack-configs-stamp
+
+pack-configs:
+ -diff -u src/EDITME EDITME.exim4-light \
+ > $(DEBIAN)/EDITME.exim4-light.diff
+ -for editme in EDITME.exim4-*; do \
+ if [ "$$editme" != "EDITME.exim4-light" ]; then \
+ echo diff -u EDITME.exim4-light $$editme; \
+ diff -u EDITME.exim4-light $$editme > $(DEBIAN)/$${editme}.diff; \
+ fi; \
+ done
+ -diff -u exim_monitor/EDITME EDITME.eximon \
+ > $(DEBIAN)/EDITME.eximon.diff
+
- build-arch: build-arch-stamp test-stamp
-
- ifeq ($(buildbasepackages),yes)
- build-arch-stamp: b-exim4-daemon-light/build-$(buildname)/exim $(daemonbinaries)
- else
- build-arch-stamp: $(daemonbinaries)
- endif
- dh_testdir
++bdir-stamp: unpack-configs-stamp
++ for i in $(daemons) ; do \
++ mkdir b-$$i && \
++ find . -mindepth 1 -maxdepth 1 \
++ -name debian -prune -o \
++ -name 'b-*' -o -print0 | \
++ xargs --no-run-if-empty --null \
++ cp -a --target-directory=b-$$i ; \
++ done
+ touch $@
+
- touch build-arch-stamp
-
- test-stamp: build-arch-stamp
- # it is not possible to run exim unless the compile-time specified
- # user exists.
- if id -u Debian-exim ; then \
- echo Debian-exim user found, running minimal testsuite ; \
- chmod +x debian/minimaltest ; \
- rm -rf $(CURDIR)/test ; \
- for i in b-exim4-daemon-light/build-$(buildname)/exim \
- $(daemonbinaries) ;\
- do mkdir $(CURDIR)/test && \
- debian/minimaltest $(CURDIR)/test $$i || \
- { echo testsuite error ; exit 1 ; } ; \
- rm -rf $(CURDIR)/test ; \
- done \
- fi
- touch $@
-
- build: build-arch build-indep
-
- clean: cleanfiles
-
- cleanfiles:
- dh_testdir
- dh_testroot
-
- debconf-updatepo
-
- rm -f build-stamp configure-stamp installbase-stamp test-stamp
-
- # Add here commands to clean up after the build process.
- [ ! -f Makefile ] || $(MAKE) distclean
- -rm -rf build-* doc/tmp test/
- -rm -f EDITME.* unpack-configs-stamp
- -rm -f $(DEBIAN)/debconf/exim4.conf.template $(DEBIAN)/files \
- $(DEBIAN)/README.Debian $(DEBIAN)/README.Debian.html \
- $(DEBIAN)/berkeleydb.sed
-
- #these are identical for all daemon-* and therefore symlinked
- @cd $(DEBIAN) && find . -maxdepth 1 \
- -regex '^\./exim4-daemon-.*\.\(postinst\|prerm\)$$' \
- -and -not -name 'exim4-daemon-light.*' -print0 \
- | xargs -0r rm -v
-
- #pwd
- chmod 755 $(DEBIAN)/exim-gencert \
- $(DEBIAN)/lynx-dump-postprocess $(DEBIAN)/script \
- $(DEBIAN)/exim-adduser $(DEBIAN)/exim4_refresh_gnutls-params
- dh_clean
- rm -rf $(BDIRS)
-
- installbase-stamp: b-exim4-daemon-light/build-$(buildname)/exim debian/README.Debian debian/README.Debian.html
- dh_testdir
- dh_testroot
- dh_prep
- dh_installdirs
++override_dh_auto_configure: unpack-configs-stamp bdir-stamp
++ for i in $(daemons) ; do \
++ mkdir -p b-$$i/Local && \
++ cp EDITME.`echo $$i | sed -e s/exim4-daemon/exim4/` \
++ b-$$i/Local/Makefile && \
++ cp EDITME.eximon b-$$i/Local/eximon.conf ;\
++ done
++
++override_dh_auto_build:
++ for i in $(daemons) ; do \
++ echo building $$i; \
++ cd $(CURDIR)/b-$$i && \
++ $(MAKE) FULLECHO='' ; \
++ done
+ # Which version of Berkeley DB are we building against?
+ printf '#include <db.h>\ninstdbversionis DB_VERSION_MAJOR DB_VERSION_MINOR\n' | \
+ cpp -P | grep instdbversionis |\
+ sed -e 's/[[:space:]]*instdbversionis[[:space:]]//' \
+ -e 's/[[:space:]][[:space:]]*/./' \
+ -e 's_^_s/^BDBVERSION=.*/BDBVERSION=_' \
+ -e 's_$$_/_' \
+ > $(DEBIAN)/berkeleydb.sed
+ # Store Berkeley DB version in postinst script.
+ sed -i -f $(DEBIAN)/berkeleydb.sed \
+ $(DEBIAN)/exim4-base.postinst
- mv $(DEBIAN)/exim4-base/usr/sbin/exim \
- $(DEBIAN)/exim4-daemon-light/usr/sbin/exim4
- # fix permissions of /usr/sbin/exim4 if running with restrictive umask,
- # dh_fixperms sanitizes anything else
- chmod 4755 $(DEBIAN)/exim4-daemon-light/usr/sbin/exim4
++ # symlink identical maintainerscripts
++ for i in `echo $(daemons) | sed -e s/exim4-daemon-light//` ; do \
++ ln -sfv exim4-daemon-light.prerm \
++ "$(DEBIAN)/$$i.prerm" ; \
++ ln -sfv exim4-daemon-light.postinst \
++ "$(DEBIAN)/$$i.postinst" ; \
++ done
+
++override_dh_auto_install-arch: debian/README.Debian
+ cd b-exim4-daemon-light && \
+ $(MAKE) install FULLECHO='' \
+ INSTALL_ARG=-no_symlink \
+ inst_conf=$(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf \
+ inst_aliases=$(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/aliases \
+ inst_dest=$(DEBIAN)/exim4-base/usr/sbin
+ if [ -e "$(DEBIAN)/example.conf.md5" ] && [ "$$(< $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum)" != "$$(cat $(DEBIAN)/example.conf.md5)" ] ; then \
+ echo "upstream example configuration has changed, new md5sum:"; \
+ < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum; \
+ echo "aborting build."; \
+ exit 1; \
+ fi
+ < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum > $(DEBIAN)/example.conf.md5
+ sed -e 's,/[a-zA-Z/0-9.-]*exim4-base/examples/,/etc/,' \
+ < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf \
+ > $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf.tmp
+ mv $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf.tmp \
+ $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf
+ install -m755 b-exim4-daemon-light/build-$(buildname)/convert4r4 \
+ $(DEBIAN)/exim4-base/usr/sbin/exim_convert4r4
+ install -m755 \
+ b-exim4-daemon-light/build-$(buildname)/transport-filter.pl \
+ b-exim4-daemon-light/util/ratelimit.pl \
+ $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples
- "s/^UPEX4C_version=\"\"/UPEX4C_version=\"$(DEBVERSION)\"/" \
++ rm $(DEBIAN)/exim4-base/usr/sbin/exim
+ mv $(DEBIAN)/exim4-base/usr/sbin/eximon \
+ $(DEBIAN)/eximon4/usr/sbin
+ mv $(DEBIAN)/exim4-base/usr/sbin/eximon.bin \
+ $(DEBIAN)/eximon4/usr/lib/exim4
+ pod2man --center=EXIM4 --section=8 \
+ $(DEBIAN)/exim4-base/usr/sbin/exipick \
+ $(DEBIAN)/exim4-base/usr/share/man/man8/exipick.8
+ pod2man --center=EXIM4 --section=8 \
+ $(DEBIAN)/exim4-base/usr/sbin/eximstats \
+ $(DEBIAN)/exim4-base/usr/share/man/man8/eximstats.8
+ install -m755 $(DEBIAN)/syslog2eximlog $(DEBIAN)/exim4-base/usr/sbin/
+ pod2man --center=EXIM4 --section=8 \
+ $(DEBIAN)/syslog2eximlog \
+ $(DEBIAN)/exim4-base/usr/share/man/man8/syslog2eximlog.8
++ for i in b-exim4-daemon-*/build-$(buildname)/exim ; do \
++ install -m4755 -oroot -groot $$i \
++ $(DEBIAN)/`echo $$i | sed -e 's/^b-//' -e 's_/.*__'`/usr/sbin/exim4 ; \
++ done
++
++override_dh_auto_install-indep: debian/README.Debian
+ # if you change anything here, you will have to change
+ # config-custom/debian/rules as well
+ sed -e \
- touch $@
++ "s/^UPEX4C_version=\"\"/UPEX4C_version=\"$(DEB_VERSION)\"/" \
+ < $(DEBIAN)/debconf/update-exim4.conf \
+ > $(DEBIAN)/exim4-config/usr/sbin/update-exim4.conf
+ chmod 755 $(DEBIAN)/exim4-config/usr/sbin/update-exim4.conf
+ install -m 755 $(DEBIAN)/update-exim4defaults \
+ $(DEBIAN)/exim4-config/usr/sbin
+
+ cd $(DEBIAN)/debconf/conf.d && \
+ tar cf - `find \( -path '*/.svn/*' -prune \) -or \
+ \( -type f -print \)` | \
+ { cd $(DEBIAN)/exim4-config/etc/exim4/conf.d/ && \
+ tar xf - ; }
+
+ install -m644 $(DEBIAN)/email-addresses $(DEBIAN)/exim4-config/etc/
+ install -m640 -oroot -groot $(DEBIAN)/passwd.client \
+ $(DEBIAN)/exim4-config/etc/exim4/
+ chmod 755 $(DEBIAN)/debconf/update-exim4.conf.template
+ env CONFDIR=$(DEBIAN)/debconf \
+ $(DEBIAN)/debconf/update-exim4.conf.template --nobackup --run
- # This dependency expands to
- # debian/exim4-daemon-heavy/usr/sbin/exim4: b-exim4-daemon-heavy/build-Linux-x86_64/exim
- $(debiandaemonbinaries): $(DEBIAN)/%/usr/sbin/exim4: b-%/build-$(buildname)/exim
- dh_testdir
- dh_testroot
- dh_installdirs
- install -m4755 -oroot -groot $< $@
-
+
++# only called manually by maintainer before upload.
++update-mtaconflicts:
++ which grep-aptavail > /dev/null && \
++ grep-aptavail --show-field=Package --field=Provides \
++ mail-transport-agent --no-field-names \
++ | grep -v exim | sort -u | \
++ tr '\n' ',' | sed -e 's/,/, /g;s/, $$//' > $(DEBIAN)/mtalist
+
- ifeq ($(buildbasepackages),yes)
- install=installbase-stamp $(debiandaemonbinaries)
- else
- install=$(debiandaemonbinaries)
++# Generate README.Debian as text/html ...
++debian/README.Debian.html: debian/README.Debian.xml
++ xsltproc --nonet --stringparam section.autolabel 1 \
++ -o $@ \
++ /usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl \
++ $<
++# ... and text/plain
++debian/README.Debian: debian/README.Debian.html
++ chmod 755 $(DEBIAN)/lynx-dump-postprocess
++ lynx -force_html -dump $< | $(DEBIAN)/lynx-dump-postprocess > $@.tmp
++ mv $@.tmp $@
+
- override_dh_strip-arch:
- dh_strip $(dhcombinedadbgpackage) $(dhstripparm)
- for pkg in $(extraadbgpackage); do \
- dh_strip -p$$pkg --dbg-package=$${pkg}-dbg; \
- done
-
++override_dh_auto_test:
++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
++ # it is not possible to run exim unless the compile-time specified
++ # user exists.
++ if id -u Debian-exim ; then \
++ echo Debian-exim user found, running minimal testsuite ; \
++ chmod +x debian/minimaltest ; \
++ rm -rf $(CURDIR)/test ; \
++ for i in b-exim4-daemon*/build-$(buildname)/exim ;\
++ do mkdir $(CURDIR)/test && \
++ debian/minimaltest $(CURDIR)/test $$i || \
++ { echo testsuite error ; exit 1 ; } ; \
++ rm -rf $(CURDIR)/test ; \
++ done \
++ fi
+endif
+
++override_dh_auto_clean:
++ debconf-updatepo
++
++ -rm -rf build-* doc/tmp test/ b-exim*
++ -rm -f EDITME.* unpack-configs-stamp bdir-stamp
++ -rm -f $(DEBIAN)/debconf/exim4.conf.template $(DEBIAN)/files \
++ $(DEBIAN)/README.Debian $(DEBIAN)/README.Debian.html \
++ $(DEBIAN)/berkeleydb.sed
++
++ #these are identical for all daemon-* and therefore symlinked
++ @cd $(DEBIAN) && find . -maxdepth 1 \
++ -regex '^\./exim4-daemon-.*\.\(postinst\|prerm\)$$' \
++ -and -not -name 'exim4-daemon-light.*' -delete
++ #pwd
++ chmod 755 $(DEBIAN)/exim-gencert \
++ $(DEBIAN)/lynx-dump-postprocess $(DEBIAN)/script \
++ $(DEBIAN)/exim-adduser $(DEBIAN)/exim4_refresh_gnutls-params
++
+override_dh_installchangelogs:
+ dh_installchangelogs -pexim4-base doc/ChangeLog
+ dh_installchangelogs --no-package=exim4-base \
+ -XCHANGES -Xdoc/ChangeLog
+
+override_dh_installppp:
+ dh_installppp --name=exim4
+
- -VUpstream-Version=$(UPSTREAMVERSION) \
+override_dh_fixperms:
+ dh_fixperms -X/etc/exim4/passwd.client -Xusr/sbin/exim4
+
+override_dh_gencontrol:
+ dh_gencontrol -- \
- override_dh_auto_install:
- # disabled
-
- # Build architecture-independent files here.
- # this is just exim4-config and exim4.
- binary-indep: build $(install)
- ifeq ($(buildbasepackages),yes)
- dh binary-indep
- endif
-
- # Build architecture-dependent files here.
- binary-arch: build $(install)
- # symlink identical maintainerscripts
- @for i in $(extradaemonpackages) ; do \
- ln -sfv exim4-daemon-light.prerm \
- "$(DEBIAN)/$$i.prerm" ; \
- ln -sfv exim4-daemon-light.postinst \
- "$(DEBIAN)/$$i.postinst" ; \
- done
- dh binary-arch
++ -VUpstream-Version=$(DEB_VERSION_EPOCH_UPSTREAM) \
+ -VMTA-Conflicts="$(shell cat $(DEBIAN)/mtalist)" \
+ -Vdist:Provides:exim4-daemon-light="$(PROVIDE_DEFAULT_MTA)"
+
+override_dh_installlogrotate:
+ dh_installlogrotate
+ dh_installlogrotate --name=exim4-paniclog
+
+override_dh_installinit:
+ dh_installinit --noscripts --name=exim4
+
+override_dh_install:
+ # install config.h from daemon package, but not from exim4-daemon-light
+ dh_install -p exim4-dev \
+ $(shell ls -1 b-exim4-daemon-*/build-$(buildname)/config.h | grep -v ^b-exim4-daemon-light/) \
+ usr/include/exim4
+ dh_install
+
+override_dh_link:
+ rm -rf debian/exim4/usr/share/doc/exim4
+ dh_link
+
- binary: binary-arch binary-indep
- .PHONY: build clean binary-indep binary-arch binary install
++%:
++ dh $@ --no-parallel
+
++.PHONY: pack-configs unpack-configs update-mtaconflicts
--- /dev/null
- mQGiBEIV3d4RBADiY+ImtiuxCxe4ImIWZd6IetWIZaAjxLQliWrRHK7CdA6ANYAA
- OWwk6uMucPSjP2RUYXehDdVAb2i5AG3kGb/SNZ08x2eaeAtALAvRw3SxPW5/Ch4g
- bNB8VBCyyZlPsmS1epbaOags+1oD41FopdvfIQrtoD4I0d/ndG64wkDh2wCgiXdE
- QZzYknZgf4HA9DZHhizNnx0EAMBDVTpIq7xaYlK4dot4xNcWNJg4UX27a62lEKvV
- sDf1tH1qB4ujZy1ht83oXURpNk7uDf718kwaLGoSwW6qOx9iI46XoOtoxSH+6J8A
- oKtBNhCl03x10E8MK1fANe9WLdxARxgZxnPo9QOSTNO4PYR1yvrq0ThTKXvMweYT
- OJlIBADdTquCiM9fgoU3sBsnlmSMpFn27By0Yz4QjR8cLD0F1bZKmWPRAHDdwArS
- pOmKNv4tOaNp8WuuLEEJbPEcc6QdPEOH3lVQ/QZHdemYerwMN25i3MYeWAPRg4Sl
- dZ648IPWdHA/QYfp5JhlT/9UwwKPvIDTPg10FI5ecPYxcXUT2LQuTmlnZWwgTWV0
- aGVyaW5naGFtIChFeGltIGtleSkgPG5pZ2VsQGV4aW0ub3JnPohkBBMRCgAkAhsD
- BgsJCAcDAgMVAgMDFgIBAh4BAheABQJWzue5BQkVsOPbAAoJEIWrgz/dwDJiGmoA
- oIfRyEwpzL4v6JB4BzK3TqfH6mVRAJ90M8AfnhzW3KG7l3KYxscnVZdOlbkCDQRC
- Fd3nEAgAgeLGF7rot+0cc0hwGFK7h1aGP6r2p+o1arsR/zJystk99UBWqjmKzu+3
- 6ve+H4J28Al4B7Sm75bvnKignppp0ZGP/WXlkGsk6Tt30c7tkK+1izrCFGlxf5j0
- LKrH/cCyZp7tgqRN0ewDoqK6OmEBmSqMgarSTatyYuZy5OKof8EcJEt6nTydPdts
- VgRziX71B1pd0t/bdWwLnuQ9gkSJNiwPGBrV53x9uh43ZcpqLl17yfXh/FaUcdlZ
- N1GPtXYMr208Hv8fGpPEQVr92OJAblrlGck+aWIoYgX3tqCZDqCYtxcBaXCyRZzu
- 7usKJukY1Z6t0qF1U7aWTjeVVeWXhwADBQf/RYK2jTNLnhtCVWqWhFVd0/NTbXIs
- QDeZuZXp8xHB+YjxmcbrSTvKrkRqfCvPR5r5SBOwBtq+LHElwp1OcIt2xYIEmuS1
- Jod8+h+ohl9p11XtTp3Rd8selh7AHccFz6BYK1SsHO5ZdrFwlZf+oVxLrQzibFqZ
- Ob69T4HUp5Vh5Z9XO+YsVa5a3K1/pfpOJYMP3VgdsBlX/gUxkz9stfNUOIR5caQK
- UHfOaCQaQ02fAsmnThQkAmqACTapvqZV9wSHxgvUUbPcw2h3rty14u13J+cJDrE0
- +x1tCDSsPLbq62A1d9GJor8s6GpyYXq1ArZJgBpdq74qOKU5jc1gvMmE8YhOBBgR
- AgAPBQJCFd3nAhsMBQkJZgGAAAoJEIWrgz/dwDJiqxIAnAm3NzfRaBtl5XpnCA6n
- W2MNAwIgAJds5g802u5CKZDLGE90hHNXgF2kuQENBE1Aj9kBCADfrgx9xrDHoYSU
- 3aU8zST2GEoMZypO1fBi3AiInsKakMsVibZpEI8MVM24lZw9jxGfsX70Xr+mYiTI
- ZY9GJROG6fHFLKgUYFxYeUA1GtNNilFvBGlXJAYduyKYZMdEVVtUX4b6QpQqmTeY
- sgNCznb1HuVpj4Vl6CiirjWhnZ/WhR3L20AMK6422lCw9jZuAK5RbSRJwkgI55rl
- zZGpGbBmBIHSCccMB/jg2LRYsVs//D9Qrxtkt8W8fIHCj66L6eNw1gcndpEkyytZ
- bifE3khwlRWn/Llpw8NiQiJKUE01TWQusEvd5EHFThE/9bYpUGdMiR0UmpSLkEq3
- zurCcUK1ABEBAAGJAW4EGBECAA8FAk1Aj9kCGwIFCRKtsIABKQkQhauDP93AMmLA
- XSAEGQECAAYFAk1Aj9kACgkQA8m6p6iaqTb0Dwf/QiTT/Aj4XdoSVGR4yeXFpQNR
- l99dOtUwsP7wtSSeV5jQgEMpRwh8ib702retoWbHQva0FsDxotEatHKvdtkkCUqF
- D33jZ+aKkadcXjqnSepXY0m7sG605QN5hE1dXBhPPy5hUfXuAphSq+ma4Q4Vz+Zm
- al3etKXL2xIgAIkSX+srng3j09JfOaYdEDXOU5sNEMuDqcqPC/yt0giGFPDBd7xZ
- JQER08MyfDoFmwiVGi1Trbzjdnp1Y0q9UF2NpWUMB0q9/CaodwjU7SB4OU9FYst9
- uImVDwI3XqL45ULUCZGhUnuHz15ePb1W5cUUu55M0iuCrjhHqt0e8/c7BrdFuwee
- AJ41rUXzNNSj3w/o9T0O7mWd0rh+HQCfSNjhzVUditAzFdNneXLgs9KddFq5AQ0E
- TUCP7gEIALzLEYpmJLCDALPKv07Yd4bhyX/st+7Hz3Uj1BjIW/+pCEFf8e+ihZg/
- caWuSL695DddreiIhJlQiso8HsjehDccU51kep4vvTKu2p3zTSSZvIgsTTPAeyqa
- L12UCAm4SlkjhEH86Yf7Qyic5cZhkGBCtN/1RVxoEoonRGOJg2jkrvok3Dz1DQ5W
- UyS5gRASDnF58EW4HSMiRek2XgN/MEY9GLkXsoaSFWU9X3rW3Mgd4EMpTf+id2eS
- Ffp820Ati+1VB6Hte8JOWRhTopSB6FZfpZ322N2iCAX0TkZesfSwfZSTZ/Xc+29B
- 3JHDrVbFmCLhJfzv6MqQ04VQZ1VWzUEAEQEAAYhPBBgRAgAPBQJNQI/uAhsMBQkS
- rbCAAAoJEIWrgz/dwDJiNIgAoIdWmf17rL5Zmf/EoPtmYngbadnaAJ45YtXrEDCV
- 4fuUhLK6EdvHsGGtl5kBogRRHjTKEQQA7Nj/xLjtdH+34XBWzVRupKAEA27d5Ikn
- AVtyPK/4aiGZ2mQHPX7qaVOOHHFHVfj+38ENwZG2do87x5oJgaAf/WAqQRp0m81r
- 7YZ3DGWZxeDuCYESwZxEkJ9SfOwmQ66NrHuXjjabOoQEoxtQdxcyaGDBWbvpDaXS
- 4fG1oKyx1T8AoOGl+25xKVwA5GKU/DLqbBOoyOi7A/914vhUW1bd8TcKk5owI7/q
- FoSIjk1/lxxDFX600giri1FrENN+ERg0jaIBFFnkJF4dx6G5xIuEAHLJ0Y2BdXCF
- mJPJw7ZzgtTmWSKW0kDhbRx+Ozvpwa1spxyjgQAg3B1fVUBkGlV6+bDZOHmMDK8b
- 7RoRdW44+ygbE+WHS5/oiQQAiZtFY14WcSi4bqhpTDK5YFZh2lyhQ2snYfOiQWB/
- gLLfKDTDJ6pVygtayPKlx4jXuapyNE62QhU5zgCKr9DpsM7v7UnPfTgPYse5HqUW
- IPOiOE+ga0TpZT4egqzW6mPGRYQ/ZjViL+JGMa2ATvrSoR1BJCd8BFmmplDs2it2
- Nme0LlRvZGQgTHlvbnMgKEV4aW0gTWFpbnRhaW5lcikgPHRseW9uc0BleGltLm9y
- Zz6IZgQTEQIAJgUCUR40ygIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheA
- AAoJEMT0+UgE0p66MDwAnRW1VWjfUD5yGhedcxiHsEg1A8vnAJ9NxfoOwPP50sWT
- f2vycK0mGECYcrkCDQRRHjTREAgAlhjQZt1+uSQ3puq7p9o/AqRrVsZxxbi/C0cS
- eAvr/iN4tkKk/4esSMevwLIMPw0ByuwCDdZusdLAI6TdDe3nwDBQVRbMlmmQM1fx
- 1wsJHbiEO+WDENULU0SxqU7lwq3YCqL7oKVtZsJ0MkmEAbZlWuzBE1RzNTgdoMSB
- GmSeDu5f5q1a+BMH1gcZWQkW7Y1e1kgHDgnz6vh+cBulWCwEzrwGaEvmJJ+w2HPE
- cD9q4IvTjXxZbli7WHrSctqCdgF433iWOa+NjUCfl98z4D7KjKMqvXKqD88NYbqG
- wrvupQZMOeNjybWMnkouAXHJdA8fiTy5hV9P7nat1OMq6h+YRwAEDQf9Gl43A+H4
- xJJ34RrCp9il8/Ef7VHEn9ZnaoMNuwCjYU9OaTHAjd7V5N23ZF15+XMvO0Szx/to
- qQ14ev385VgBD/FWGy1r+UBK1/gA3pArQhpd4mtzRsjg8e2yl0D5v3v4K1EjEtDn
- 37IBwAmWjwbMU12SP0NM+KQXtO0WCQF+ggRhD8hhUPV20ejYqnismX5b7LYX+8NB
- OCleryW4pz4ZQT6MTolyjeojyCyaHE9G554ECKX+fKG/WMQmjjwjngkrPk0s3HN/
- uU8UvQv+uucP62iHcPRKwIk6jrlR7KODR00IzSXaRNYtJoDC8oFS0xyhrG1vMiGv
- OQTBfKpgyxoIBIhPBBgRAgAPBQJRHjTRAhsMBQkJZgGAAAoJEMT0+UgE0p66lx4A
- n2JHiU9h4ElPNbDSfqjQoshYKIb3AJ9RjvMg0AdlIPi6k2PWTTBAKsoB+JkCDQRU
- rvZBARAA4jmen1cqxMnj2SIOPBV5igqnsSljlCADmC8MlW1OzozaxFJo/GMMfZjE
- AAiST3IFIzk8YBotDfUwSaVpRQ8QFz0XT6+BrDwKvMId7lZ3AuaqWkXT4+uv52Yr
- PVN87kbn52MLoUEtxgWxa1dvNmg8+wzsBVI63Oep3yo9eot95SIHeqDQj+4Rzd2Z
- Ejh/m3AHcoZl+Y71b9zsaherqvBgB6QpBNaYhEXXAFZGXzynX+6WxNKQ9gRxnsKD
- ZkbnJvBOyOLz+fsVI/lbGnSXycQ/hVw3xg30bXHuOkYhIe1SRz78YAaAlBp76o3P
- +M9oJA9SxP8j6XWj3vlBtbLRNl1eUXl1ED8S95jGVzmou0I08HGJRmOGAmEYQjDJ
- JB8UR6RHn4m0yCQZZgocXCGERgSRNmPMUOaIskMnBqoCfqEifGS1ATqZgYuEik9M
- o8wfHCAeMOGsjr6ew1NGPfjvzUQGRUPRgvuE5c3m6WcsDJkgTH7YW9P8T4QeboeV
- Y7xpwkAp9Sd/eoQvpXGXjEAkC5dJhaHXKbtxrxlLHaV7cTp17+Vajuf4s3zzXhjQ
- rh9ojiNyEVBDetsowzN+UxgWybGeFtXeeqUmUgLpoV8iOjaqKI/n24+dl+JY51tH
- 8cR8DG93N9xYL/CDersmvxgIZEVDrpvc3/YMhCWVHDZ0ZqmnQrsAEQEAAbQzSGVp
- a28gU2NobGl0dGVybWFubiAoRHJlc2RlbikgPGhzQHNjaGxpdHRlcm1hbm4uZGU+
- iQJABBMBCgAqAhsBAh4BAheAAhkBBQsJCAcDBRUKCQgLBRYCAwEABQJYVnXoBQkF
- vsCnAAoJECYQG2L2k3bOhKkP/2zWhq0BlT7AAAuefaZPl9b52uT7PbY4owcMWXJz
- i7FTLWFo6KJOCBH9UTX0TXmf9S3AMMfoewblU6zOy+H1Q/ZVdzth5iJaXSbTgLlZ
- 7yc7k3P+qUdBGdCHwpUJmBScdGaKCkbdcOPIxTi02sPFTBJx45ogr3/n0S8PFNOY
- Vv0fl4Nnr2bOpoSKSka08lk4HJKsMMA/BRfaSffez1QYdRJKhKTkljlJjA682Fuf
- NBaZIQ8GHUjyyOIUwQUit2yAGChbBCh9wq5Z//xzBwdqGx64QLHHF+wCg2r9Ba3D
- QMNllPidfPBPUPQ+xGXmHz0R0FzlaTYnFYKqpJSX8j/5IhaijZRxvtJljXa0fOg3
- D1A7ZuagCpNcXWVM66FeOx2hYMlBNn/eLejBc244ydlI5lqyocGRL3qjHufp6JVi
- uwJpNMnWyLvxqrwgC6mcCDx7jJL7eI7rdAFLwfoTYnBb0zNPStf9pWngLmxsD9G0
- U3nJnVzhsZfa9s7F13wxkfZYio/HkKW1IGZHTkJzWswXx0Ba2UK9oLDCy8dByesA
- 5KmtA09dk0M/GuMFcb+ZZ3x3USa36Cw7vbJYcmDw6O4XgNf1aja5cdltENLsVKIW
- I1VguZGfIwkLC3iXN2PzO3yOW5GXQ1wPHTc/SPMuBeT6UAqPBjO6vRQRFf4ghslG
- //T2tDVIZWlrbyBTY2hsaXR0ZXJtYW5uIChIUzEyLVJJUEUpIDxoc0BzY2hsaXR0
- ZXJtYW5uLmRlPokCPwQTAQoAKQIbAQcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA
- BQJYVnXuBQkFvsCnAAoJECYQG2L2k3bO3YYP/0vbSNKAD68r2EN8//yRGgH1xyUe
- uRARgxJnhw7tBsO3k1YIkIEG7vKzLcRhi3vcM12ttY9R425Kl1c5ug6f4jt22bnO
- ONrJ++0Or6hRucJ3L5IHRK0b2niPqvXBbg9PMp/9p0jKCHqme7mdD6jBOHBAQIZe
- MuGLyzNKx6Dk52DZeLYRznoloYtUEurckrysL1/C9Qsah3JKlURSihVFibnIF1Wa
- GfphxKsgLDDi8FUyNWrt99MhxYwwlAbBNQ99ifX3ZLFR9Q2B2ntL4Vfvom9QBYWG
- 5e3rzlfQtw4pGWpFZFDSi0LdP8FfM9wKhtnbHVEav9Te7syYgMBDx5q6irqwTh58
- gKLicWkD22rtVGYPv+En54thAq6MXMQuzJ3s4MW/5GTZcbtsBBAj4OtHvtyKzI08
- /TlS09bk9mlaI8PYGUU8JKZj39alL7bI7hZVn5HkGMn1Z/lojdW8Is35uKmMZnF+
- im0vonw1n52OTv+4nOpBcidckeDr0PsiAScJBnaJNVF6v+jL5hrUxs4hD4UgTgSL
- obUzHi1g4/UP/eC1cEZH7aC2FiG2jTUqo84qTZ9Cik07fmUf95jCfsWFvijzVCPB
- oIg4W5SDfkccvoermqS2KE9b9DXdZDiaWTLO3U98nwkO6ps24lbX6mjJ+QjsSokA
- msGdN5BhOaltRYBZ0dHq0egBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEB
- AEgASAAA/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4S
- EA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU/9sAQwEDBAQFBAUJBQUJFA0LDRQU
- FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
- /8IAEQgAYQBQAwERAAIRAQMRAf/EABwAAAIDAQEBAQAAAAAAAAAAAAQFAwYHCAIB
- AP/EABsBAAIDAQEBAAAAAAAAAAAAAAIDAQQFAAYH/9oADAMBAAIQAxAAAAG9fPO/
- GubSEtBlGa96w7AivEFcmWBP87YnPpNAfdeJLIrVB5bw3TDYD3w4bu2LTZXYacWO
- gVnc64Pf8Ec9x669KlsTzp6t1iYG/tSFU0r7naLuwuQl12uih5tA9jqX6uq2jvAz
- pGF6McSNYyGJiilQ83NYWhp/p61ZWTds7d5z0VM584dN0L7eKFnVdTHT5L9NlFkL
- Jva35/0DrrVIVyK3lLNTL2PPsXHG0OOvT44MFAwd0xttYpwTK1Q38ZNWPTkM3fF0
- OIvQZknQrAnUwPMrh54UPTFkg+osm3wFrVWJQNEvXACUD12FzzDoYjPXeS7gnWSR
- 0nGJtlalBxLL5HGT12juo6HcKX+skxbGBn/EvUTEoWDLWe08e6Foxw5fK4kD5o5m
- sxQloUADLA+1dXbvUH//xAAmEAACAgICAgICAgMAAAAAAAACAwEEAAUREgYTFCEi
- MyM1FTEy/9oACAEBAAEFAh54gp4AvUZvJ8dYrKN0sFQz7ztyx4H0EEdgn+AVsX2K
- 5xi+MsfZSAxnq9LIzmSBbDrKZvr20zWWNhGTtuhVrgymkEXBTUUEP16HjdozXaov
- Sqyv7Wdy7mp019t/4ZaUE1EkNSPWK3fUv4zdhDteu4LYesShtWHx48tCNjsdwe12
- IVFoxOzQbWEa8m1j7PtqjS7NtA34pW18MuyE6hX+QsDaHjY0G2XFto1jW2l2AM5s
- hS9iWprwqCszeskE962zirt1Vu5q2ddQPrfOlzY1Qa7cTYzSMVegV+qKZBraztqE
- 4yxFsNXuRva2xHOTswprhrbFx4EkvFtlM7guCwbISTYggUz0un4y2PsEWBYbJV7n
- 5fuqeLdGb0W85DjwH/U/nIjETZniFxAQMxirnTNeInc7CEBH0AdmNqlVeEfTmd2/
- Z53xGePqk7HP8g5o6/v2vkyYXduNJeTONiKtYOWEOePK4R2EWDni/wDeeTf2lz98
- f9bP9dfA/wBaX9LM/8QAJBEAAgIBBAEFAQEAAAAAAAAAAAECESEDEBIxBBMgIkFR
- YZH/2gAIAQMBAT8BSxkqhfFnPNGIrByOxd2cnJUL9stfZJR7TLbwjH2Pb+oqTF/d
- mv0wjPaOV9kYOZSXRQ/hh7TXHZtbR8SXpx1ZfZGCiqJad9Honkaa4EbWSXyjndIe
- Uor62STOBrriNcskouqW1EVy1IxIZPTjfIbjWTng8jWt0iMs0KHE620MT5M0v0q+
- xxU0eRqLRVEu7NFf6Kx5KONM0pYJan6S8hRXZqOWq7EQbjIvOCtmKbHJsorbojK1
- XsYt62hWPavatn0IXuW0tl7frb//xAAoEQACAQQCAQMEAwEAAAAAAAAAAQIDERIx
- ECEEEyJBMlFhgQUUIDP/2gAIAQIBAT8BpSxlhq5DFv03olRg+oK37MZItdWaMLqy
- KVTF+74HVb7HJkYRlG6J+NWqRTUbiozo1FCcdkqcaZOLqO8dHtTJSVzrQrJWIuKj
- 7iNWUFaJSpQpRxpxsjBS+on4cZEv4+pD/mz+nSppZO7I04LSJUKc9oq+P6c7LR38
- opoSb0KDH+CfkpSdNbRlkyLMir7omSnsjSim5JlhuxFfY+XL7iaL20ZmSkmiFKVN
- JD/BcZf06U6n6LnbVhNofZHxHVpvuwlOldNGbkrF78eXb08I6MS6RdrR41F15dkX
- ZWPM3f4HjcXSMhTyjYls2QoTqOyKWFBYkvuVkpwdy3Xei/C2OCexRSLsTPgqfSyV
- 7/ji/CXZLm5LRPLvlbESf+HolzFEnx8cyHwti0S3w9LmQz//xAA0EAABAwMBBgMH
- AgcAAAAAAAABAAIRAxIhMRMiQVFhcQQQMjNCUnKRobEjgRRDc4PC0fH/2gAIAQEA
- Bj8C1VvWUZG8RhmpQZZ6viUTp7sLdAlundSLbQbiOql2GgnXK9mY9Wn3QqNvtHqJ
- z9EHkWNd7xVxfAHpRxCE7x+KFy6KMCcYVwJiMoAjXM81YSZ4f9Vt4z6uqB2NXkKj
- dP3TA6kwt4mlWbP0KqsqU3B7W3Y94KnX2l1MiRjVNe+6HZDV7Nv0UFlvVuFsHP3T
- o5fq6nqsZ5ZwrfD0Kj/lHBUm1m7Jky5u0Ex2TfFube2qbalB+lv+097GWUb5ZQ4A
- LOvm951p7yve1k94V7XXcZHBbO51Dw4/l0d2e5VgY2nSbmOyaGez9DJ/KnLg3QLZ
- k2nqVLTLVJT2YBdjKaTdS4YCDKTczo1EXFsc0/ZH1cUQ/dB3TH3+35UGAOSa9jJc
- NHoUaxEwtrScOyLA8Nd1WyfLGTndmED6qg4kJjKb3Y1eOATWTLCcTwXhWM3aIJbn
- jPFbd+eYTphpbp1VV7ocXHIKLGkbaoIps5K5zpfqZWTFenHHgjNS+dJQm7avy6Gz
- +yItdBzK2o3Xg7w6qnvfrgb0c1Lt1HfuJ91uq/iK+vM8Ft2Cze+kqjve0ZaUZkSt
- LD1XMoEenQjmENk2uK54Mfa09UTUe6uebiY/ZQHW/LhC+Z+JVGE3GJXhqjn2U272
- vRNHCOC1u7rGDy4KVf75bHZAKSroXrjpqgwzZxtQtGQPJoGpMKx2qzlFABQcqeCc
- /sPutbR5eFZzeqQbrZJ+qY1pha5KpPHrqE/QeXRMd8dQKXCR5UOzvwv7bfId14T+
- n/kfPwnzD8o91//EACUQAQACAgEEAgIDAQAAAAAAAAEAESExQVFhcYGhsZHBENHw
- 4f/aAAgBAQABPyE9Z0rcCdB2bi2gtW4HmMjIVWHuYcUCU5eYwoKFP2hBbZQu19sF
- WDFwPZOZgcDQquaH+Yxs5203VdHuFqNXouUu6EZ+Z1hTDzTyxnM2aDHT1EbUVngs
- BSjk5PuFkJ5DWp0M5q09Mths3DHf6UTfwkPHrMbbXRvQOEmjDiBef7oFSfCo7F8n
- SLaqvShWNQC6XDUeXtNSX2i4ae6lqNVvt8EfJrA7V0fcxG1jFyP/ACV9cKBqOiUZ
- C2wXUN1ApsETZqunJIbCqcbC1m/dd4h6PcoosA95waBemcygowzxV8n1CAldAx+G
- OkInmlb5kcXOqMULtdvdZzsfDvL+5eXLDgwcETK42ClB5gsmWhGyDjvAo+hw1rIV
- 9xwyiycHKe4fkg6SxlMs8Vz6mlZG7809IE71q2QhtMSziU80qOcS/wCBscTUFAae
- 5nJNf12vZAGlQczs+e8aURa6ew/GYQRAvyXqXlqPNGre4DAcqcwxTNC4oUqEbJcl
- biDq9rKPMLLuULL4ivJldr7qiB6YFVL8gr8TptMS6eyMT0lxwSMNwp9qE2vLaYjv
- XMHtP6jsaTjgGggcJu1d8kFcDC9Vv9TEDAt1EJs+D+J9kefEfIF+uQ4kBP2GO5Ag
- Tyx8JjS81gCjw0bY3cFQ+JV5iroWcvcomXk7O8cl2dMyCY6tvK8RFTCsu+0teB/b
- O9OZeCphaTSkz8OWFmWqmDiurNXKDVUxz5gmEbUh+U18t/mMXgnTEypbiqsw6syz
- AGjrHFnPuRKNbJhRgUl/lgr4M/qH0ZfZhCE1tqWF5RdHUDxi+X6m59xaDSY6z8JC
- aFK2E1n+p1z/AGeZ9H8d8/DV/m13h//aAAwDAQACAAMAAAAQHHAkhuHnIM0XSVXk
- 2hYx4dFqqkUj87TBa9n+afigH7l5i9yqnkoqIre5SNPbUU7e8//EACARAQACAgMA
- AwEBAAAAAAAAAAEAESExEEFRYXGB8PH/2gAIAQMBAT8QJY8fHUttqO9u11G1pn57
- i0lUztYjpmDC1RtJ/vvzGVqhZWAwTm+S5AAjvGuag4qpoYZK6xBsVVKvHc9FxssZ
- sNUdOxiNrVDNURCUkbmtMAKzN6jP9+Ro3K2JlQluitTtDF/XnsqCG7gTuE0ySzYz
- EEDMv2NsuS+6IktRiSqxBqcMtqULuW7FV5GEJTD3KR9t+iFGI4DdTIKIxu558TCD
- Q/sMDuUCEb2bj6lkow7UclYgA7llruXDRg3PeBUHccjqV17gVDq4UPuZFMIV7U6H
- mWIXeZpANE2LcB5GDCQbXBEcJEoiomU1KiGY3H93LkuOYY8umbnDpRNQezUMqcum
- IHPGsORthO4bQ1P/xAAnEQEAAwACAQMDBAMAAAAAAAABABEhMUFhUYGxEHGRocHh
- 8CDR8f/aAAgBAgEBPxAGWhXj2uOieu61TMeZb0hy/Dc4lXFTKOT+PxEWfb489ylj
- hXxEJxbivXj++s0HnzzAbWfEqE5y9e3x94q5OgUteh4ilDGel+rLo7eeePHvAuvb
- fz79TB7ZCbx8fDXEVlJXiLjXOZV9/wB6ll8lS3giEAPzH0tr+9wAQTrd8k1EHO5s
- BzPacX+2fEwD1X5/3KVlH7SzUr9fecGj0uD16QLMNehi7WZ7GkFi9bELz+1n/ZyJ
- OuiIqp0Yi15foXLB+sOdyK0snlFN7GGXfVXn7QKdQlYrbIFfmqfdgTmLY8RtouM0
- Tm4eP5ii1nv/ABFhc/M1yV5yWddv3fWJvSX6qDVUUuD94YDgjwlsbXiWYuu1ikmq
- qXS5Iwp+Jq2ARzt6lANr8zKjIZdC/wATNpBjVTGJoAgthUUy5XyRbRFIC/NINcQg
- 1lyZkqEuuoMiVVLHE2XOJmTJeoQ2XCGNXKgbKFY5QR3mJQfX6Gv0X2o/4lfpP3nc
- OPo7T//EACUQAQACAgMAAgICAwEAAAAAAAERIQAxQVFhcZGBoRCx0fDxwf/aAAgB
- AQABPxCUBCWAk8m945oGlsQalN+ZGw2ECd9zQQNzsxJ8GXOmKEjFkyxgQcQ+ZQEQ
- mLyRUgMBGQ/Dn2MR5mTXYGgZibmeIMVlINayjJgqHH6y6LMN0kG5tGGYwsioXfaV
- yxhhBW4OFS/b8YuvJGyFPBN4CBa0SKESkjAu8aYmuwMtOwz/AJwXCcxJ7Adx9Y7K
- AGg3C8G2zcc4rIY2hYH5fqNzlwVTAoA2l+O0MkAZCKJIUiSYoVvBBCEBrgiwsKSR
- zlDgqv2M9tJw5VZocibdDM6JVvKs9CCIpCXTNZ2Y04tyRLZunfVYPlAK2zwXHfxg
- 9FANFHUsucm6Lgjin4cTkQ+W1rpAJJ3gaMdwQ1KFcoyNlZ7cMTOjbVXxjZuKMbQn
- R2rK5BiSzwTKntV65yVaC1QEKRAQCNFRluTDWhmuSWkQ0hkgJEp2v+MCcPT3ixFe
- hj5gnJwAPiGY8weAkvaIdiRp5EZrxTqkYigJE6U+cCnlwd5kDwjARSogJarKFCsf
- jCWJRVIKg0LfgA4x+WIHpD9ivK41E0QCzpOMC2OmSs1iJxz/AMwoOFCWttD81ktc
- ZIkOARg5XPZjp5lYkI2JgV6kGItFG19eXHN3YbWUh2nZ7hD5WqQU1sSOeMM0RBHg
- E86x8bDCjOWpv2cnq4dB8v8AOCFKDbbqsZ4yFlzz4dTxvWb7UBTTcLl8ljgTKiRi
- 2RwmHdMVgr3HejpRnhMPWE8lASSO5wG1MRdMelBXBBh8yYFRGx5iNe+YgikAEiRZ
- 0jWDKpGjgBPMWQ3pGTXGhzKusGAB5oeNER5lONEQOShhBE/IY96ZaMNTFp/WUBix
- 85oB5tcYKAEYSW4eZDKB2cgJV0xJ0icGD2ROsJD8WJ/OPY7JpXsnXxORpkBfIJo+
- 0e5CKdoDhLtCNEr+cC0aAzIAQVNY4lH63ojxD+cnNBQlGe+OoxrKsBE+J0n0MFwD
- cGD5D+sv6PTba95HhBwyPgtCSKOtgYkbDJMkS0upbPX6ylD0FfZf7wO7B0mrmZwT
- YyVY2COq/vGeuYqZxJqGFc4ERwS5iE+LwNUiIiD4xTQrSDlTZg2kqyz78aNUdB9L
- 3iQgNwcBo+8OaC3vJwOaFA+ZwGgwILT1VE+uVpWRTr0SFXihhAmpW2N/qM72dvOR
- 3ok+Qf8AuHSQRRJzA8cRsxtVv85SwUvgcYiANqODFJ5dSVhk3wA/AwDaSYf+MON/
- JWK0kneU2jzC8arwrxZtC5JIfQ/eSsO8/onzHUJkK79xsC+Coko5lcNjYWVitI6O
- XFemlMcCcPuGgEBLvizNH8FNf+152Z/Sf2fxc/f/AIf990z99/bn/9mJAj8EEwEK
- ACkCGwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCWFZ19gUJBb7ApwAKCRAm
- EBti9pN2znUgD/0X0ppBbZ8LZBYkyCtCtIqK+CzQTI6sWU6NDAjHrHoDsmy2RcQS
- K0Ihb4g3w0VWhU/xbwDsOyHCEj5KnhfLQTUAD/8LIKUha0lJFnpT0/WDUV9EBRMT
- xJYENuE+Cn6VhjJLrsXNTawcifU3RFUOnxYDHI/0UwEJ52b+9l1D4c+HxkJZGjqQ
- DSQh8skqos2Lrhm4m41B7/dY2BfpzA/ZVUpMtWOwLHumBjtu2n97h6Jhx6duTSif
- +qghW9ViLAK0u86ZXyQKnhZSbTpeHdfU5tJUpCVb3hFNqzaS0HSfRTxeanQ09zyV
- 92eoRuOVqfcj2/uYq6PerLgoPPhmP90PpSg8WVHSo/nsqV7+oteFkEvPxU2Pq21k
- B4iqD0TNann6h9qu40ZkrwX/oe1y7DVRBmBhcRHYiClmQQHO19OvD/gGt5KHKXZR
- jEvMD1EhW2d8sDlr3tvOiplim+k2EdjMBa/edhmtoRVV0NAuStlgiWNuzehFay9g
- 7AjA2qurNoGvLlr/016hDy8KcP+0Uhg7bdhuELzU4RDqGRPGD49cH5QFYn4FaGre
- LrYksk/zNt8Hj1nko9seOMX36gSXqA+dyl/095Mtl+8E3rwhWtQbx4AzWlhFmQ1m
- f1sKZxdPbIa2MuSmzWBnctUCIus/4i8AOi4w4J/gAQ6txiAVaytzMUxf8bQ6SGVp
- a28gU2NobGl0dGVybWFubiAoRXhpbSBNVEEgTWFpbnRhaW5lcikgPGhlaWtvQGV4
- aW0ub3JnPokCPQQTAQoAJwIbAQULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCWFZ1
- /AUJBb7ApwAKCRAmEBti9pN2zo33D/4xSI5qfxOJMVdwmcK03uWQoaAkda4n5/AV
- yZb2lEfwR+CfuwmXFKwTc4ogZhE06lkDoW6bfQbsbA81Vnmjzn6YUIR0/7Te5YDQ
- l30MeBR7dD5yXArOw1yNT+/jDU9BM2wisJyAzdGuYUm9AEH2EDn8iRehSKYIhDwK
- eqhSWGr0Epl6qQLB2nTQb3yCB6dXxYKVOr1OFcZI7sOn2yc9LxbHdajWXcf+xvWP
- khvnGdsx2ZDjCKUvEa9JmKkF9WszqIdHl0oNceJSa5qf1PXKL2EcNGd6KMx5Pjwu
- LKBxQtWx3SD6tGs33jHBh99keQ06zZwpS4DsrQWR3g/ks8YvjIY2DJJEtMbka0dk
- cnZGbUl114/UYFEsmLK6r5/TB5WTAL4ucl/chrr5+CZ3yZChhv6+1HUyEtIDQ5CL
- zjtheVb6PTzWbSYZTaqXv9Rkq9611LpUeb+61PaHDKw00hFur+e4ITKM0ouaMQBo
- XKLhTYt4HsiRKuoTjiaTlMm2yLPQDpc+Fcmnrq1YaNIAq1qVzapRb7pL06ZwJm28
- 6sixlfrC4K/p4TZ5H91uorI+8zaIiKH1knbg1y1iW1J1JgJ+4qkG23TFYPeFevsU
- dY5KitWUEIGZUYbvi7IfP4FKUfobT2Ed/4nWvm67lDUXT1dU+KkII2Zp3fnYTBKa
- dWmOwHP62LkBDQRUrwUqAQgAoloa9GF0nWdO/3DrH4XvOdcupSk6oFoZMQdoQfx8
- 7NoxjR4epy1iZtYrZNgexs6S7a3lOyaAmH0zSBw8iJ5CydKpY7pVFd2lFbUvS2qe
- Hz/XVVOnCXcDShHfYULBpt9geuJc9NGmoSlF8Jjp0h3HxrSTDneatYlrwJaxMCmz
- 4AfC2QIwmt8FfX7WvNm5qqEc/7qDLgAVhbFBNPLRUpyhLn2JfMaXM0aPFaPvqwSw
- 0reLIpe+L4TXdv68jRq8FPjBzcXBgsW9uV3qJnncE3yHVVv5pIF3ls8V24jl7k+W
- wf0vdbHFomPbFRWosabwlG00O23X1TCdqytDNal7iHCzPQARAQABiQIfBBgBAgAJ
- BQJUrwUqAhsMAAoJECYQG2L2k3bOL/4QAJHiGmiO+h7e7G9AUMmZUmiLdcZ0QJhz
- webKbsebI5qGF6x4sqsT5FuVEFs4HYEaXCP/Mk92xBpt/5/9h1uKqrxToiIsL7EY
- dDtTQM9dlLACPTinbz/JRXG13aH19IAQcpc2mVwKNSR4qPnPLUJmBIrGdUGNh7dm
- zmnTrziM8U35DcnEf6Dj1GzIK3wfj+p4DFp0YWXr5dNGmxU63e/RJXOA6fZet4ZU
- ON6BhooEEGiZHxQ3sL43VLEKUaGbOkFBHq4+I1zec7VM++SkW+7zjNWvspvk3Tab
- tPDAf4OEtl84jHQpC863AzehOcXT+60THTC+K/1/u7C2B3yPUO1gIArHFkBrWIu6
- ePUj5YsqxXDhM3u3EYG4vqUB3b3zbg+1vLx8w+j0/Y0b6UX5GkbfYAVi27SGxg7o
- FaLR+ceFuzybw1xhUVWp795gHf6pX0XZOFRoBUlsSGczCJK+BhJzDm6swEtbSBcT
- eZsfnH1GmBM4X0+730tGs0Z6Va/+rn7KgST+JzztiO6/D3uBeUVC/wOHuMNcI3AP
- e0lSZp3iX57nxedd24TioFyOhXGjExl5Rb7PtntGT2cFrn4hZcxUMaobKZDsGVi9
- pGaT/LvWPauIzY06f+kS/iCdDUHQhrtzEj+vuZF4xY2YYKxbTpicC76LrdW0iVBF
- CS4Bdra3PzODuQENBFSvBtkBCACz7w7u9QK+K1Sbtr5wree+76DNF79X8a3+I9hL
- w+mRJXV3CIn666fzaqI666nQFeUXK5C6x/utoGfqPn9Ki3nXOg5NibHRcwC6yRi1
- vxoFLhsPYZGtHUuReToGpBqRxa6VtwKbiojRIr7EXS+JAwhrEsEpYIO0CymXHFmb
- 2p4EPWQB16ukWOO3MRn/Z1ucuF+9LJCwWVEGI0oKyEFQ9QNFRCnqP9gSjU8q0HVZ
- XQWUr7+hNmfkK8ODVnnNW1EHpEZAO2AfBObngSjfT9ETzNzLTsWsgvhDx33o79SZ
- Iim47U6JYjTsfavRjEkXhaJNkTKGC/1RXAjBI3NaISmQFjeBABEBAAGJAkcEKAEK
- ADEFAlTSdNYqHQFrZXkgZGVzdHJveWVkLCByZXBsYWNlZCB3aXRoIG5ldyB2ZXJz
- aW9uAAoJECYQG2L2k3bO58wQAKYDrOJAhpamwad8AcgA98Ary2AWPMLeSKqiV7uv
- 3c0JN19owZcsSR5lmknaXH5fCAVaJg4x2RlO1iFGwRBekS2gX781er/evNktWBvA
- EHX9dZjbuc/78k6Pl9XpbBCljbGtClLi/gM7k/tgGEwyqr+Pg+dXBFhGbgknumjh
- 0XJ+cc+1Hiq/pgzx+/m1blQPACxruh2Dmt9QE/SfkvxseGNcCVVppWM2JvZAQI6B
- YVGUiKDOcO1bgdaISzp47/2ShJJ2RNQzKMQ2pAPjtTUbTfq3VxkJCi3pzkkoKVkZ
- hgduh/tKA6RMqPYCXuRimB1QEixfRWwBGlAPbgCmXtaFR8FcFWtSMFs2w2zibxe0
- cWRLAAUfqkMEUPJA8aUZzsBaM0o4Qlz7+ZX6Vp8/av4nfjfgZVQyrwmedGcgCj3X
- uYTdiGLLhjYA7XyH8uiKyVjCXRc2j8GcTtKfa0DTFMvdMwPtt39IEv9Fs4m2xlIq
- hg9rIUydgIv1+iiJOUF5iqoF8tMUko2moqEoCe3cc8+w8BsTncjKiN6nbng77vIk
- zRO101YJN6Kw1bPvGeFu8MapXNq3/fKM1CGJBx7G/dI545CHsc7Cd4YWX5LF7+6Q
- Fc2jTAceFG81OEoYD6O1YHXDcwEcTQYrLO3iPSHBLW7qAeCkhVH7BmHjXyQYuyZH
- sH0fiQM+BBgBAgAJBQJUrwbZAhsCASkJECYQG2L2k3bOwF0gBBkBAgAGBQJUrwbZ
- AAoJEJG05d4bZCmnqnoH/24cH0moIvRY+KPhEkSEn/9BTTd0ugm6wxNi2MyS9bWS
- wGaUkk31OG6I4unGauca7qMbbhHqn0G+ibWT4IHyU7En8ROyXbLXs4ySzk9Tja48
- g3qaFWeqTZVpMzhqewM8R3cZxvucYPxriDFdZjWHmdi/qCTd+s8RPCOQ8fW04VH/
- U/Eeoon9soQE+8s/MeA9fyyrBMI/AXIiiEHP3dpAiWLJsMKZoHSmAvIonolan8BW
- 4NRH4SqO7jvoj05Ac8snkHVTO/BxHanZ0kEUsytABs0L4XEI30w5ctC+XAVyTFoR
- UjPp9UY8lGRIN2E8cn51klNAaQIrNje71Db6PqLos4ExURAAqtjFVU+Cr2vUwVfk
- Fp58c136MDmxv1sjNczDQ6ujyOV9cwMI5t0ibAw7T/JxkqfLltX8uZc6hPaBFQNW
- aJNgHNjKooTYSkrrBJS/nkv9zt9ORhjzEOETa0pMCEaKW+WtNCWcomOxJkhq1PTn
- V+17ZLLZ4iF4w4ApWW9lzEtVjr3bUibHGuSjB4gchHj0maMIbmVuOtNWqgWi3lVS
- wgD6Wh9ZEPvgdl+H3Ue1TmuI+ZIoy+2PMHntrJAy7Q6OOu9KbsLl3aDslxKNxNGO
- yv550QclwIhabZhMnXMzwvMC5RBNF5Yb05+RK6ZI1aATdTISCHfs1MKuS1gNSBGP
- Sr9TnT3TxmLkLb9g5+ytu58BmzQ5M2lalc75ii4WE5vDD241cGCflPFsFY+ODZBR
- 9u0fqaqyUSopELgNFYXn/5dqWtpC/lANuLgLai93ATPcY5K8mB8pe9yXut9lO59W
- EPLwHnPt7BEpzTlm6vTfWzICn3sLDX814DRGqlxi02LSTq4TuLSRfDeGQWPJ8xEu
- gSTjinhyilCcTSBjkZVPzHpfNgrRbMZ6XRKItHk5+2m1XQuqFRChw9k/zuksrw2E
- BeD+8hExpr2k4H8kzD9iIDX7+JgafRi2zYwWHtGpkelerPQv/K3aEYxopWPzj9zJ
- wcu1OS+DX6R3v4p6iiF3vtKudJe5AQ0EVK8HqAEIAJTaC3AINpl8qDPK9qSq5zV+
- lfeVA9D0O3BqCA+iqZneW3c7mi7T7A2da+KpRGanywOJtibB2TF/jWrNrbltpbhO
- JAvsou0/edeZQ0xpTAYRt/gURgRLGvRveaY/EE/zyWAmLqz1FYJUoYcyAvGRl3Yi
- AgbeDBMsrCUpJF5S77sxg03/QEjpO6jicfFdSC7HvYwfC/KLOU3nckWKkElFJG1G
- /X0+cww3H2yl7smZ/a/rs4nolcPOl9pvtZPqSuyzW3Z3JBktaeVZPGMrxqtCOgQ4
- HCXhWSNdtuilO3r5Ojwt1mJLf1VAFm8oOB8/AZUeKDGNFJJl9VjIX6UAOhdYkEUA
- EQEAAYkCHwQYAQIACQUCVK8HqAIbIAAKCRAmEBti9pN2znd7EACmlHur1eB5p7Tm
- sOn8cHN7/3vbXqaGJab4q3i0Yg+0ZTmq3AmvjFnT9tsE1FxkSHM7cvtg9jSIZ4J2
- aqQu50x+heypV12VSMpSVMoI58YoX6IIj2vAxBjbNsUvpXemOzisYPdpCd4z9h+0
- C6b6vd3r1cWnE4SQoD0+QDJh0eXPSmESdF7DJPmKz/BvRJzJQW+XdV0+w+6+Dxex
- W3gFkqM5mix6BTDs4NoVqWgXHNDuoM/26RODm9FaI3tueFfszRxGq8X6DHFTWr0Z
- dHvZoDudz/LNNOXU/jsajcB0dBmbB3f2P3EjOlxsoau8bq145iltr97RmnHDqdPK
- du7uNcelXn6Qct63dyizFzvZh7LejXHslikupKe4pXccCCpc8HtQ6OoUNGXdVyWO
- 0WgMKJ53NGLKxtiRpQrr+7D9YAXEi7KsfwDxcH1AIupVKgHAfs9NF06KOr5tYYi7
- JhaCAxlGZ5uz0AX/h0caLdrCoLQZ9deV8dRhXe1d1pVzuMc9e40RI0y+z/B/q+DJ
- 23I23Q5kE6zuBfhJrgCUUj76cEU3PugDBlDkjAyjfgEkKGsyz0QohGYCwQq/aKEX
- eAJ+NrfkD9Jv1jWOafk0UEX7KyWLsCbnlfSkVY7QIYDPNgwwKC5dQD9EIYWyQb6u
- QnWuUai52+ANTEFuDj8tmeiwvTienIkCRwQoAQoAMQUCVNJ07iodAWtleSBkZXN0
- cm95ZWQsIHJlcGxhY2VkIHdpdGggbmV3IHZlcnNpb24ACgkQJhAbYvaTds66/w/7
- BcpolgxUGKvdObzd1bfM7uCXgahvwIOY6PAi3b2yFElRlkWNnUUSRq4ZcZnqcMF+
- eOWkKkomsTHD5z64vH0jBZxTVis6vMSAuWgmjOcWZzfDU9lecPtj/72cXOf912vZ
- 0Jarlwfb+e48wCFtSyZWKr1OyC2yWZctu7K9r9SToKIKs4BM+DQMQksFKDTOjmT1
- 5yORHoCDboliqSI7hrSEKCnlJmtWATitVmm8X3th87tf0vpZgMGbaoOxwl9/DcD7
- gBcRJQAur8d0AFfOfitU1oz56AR7O8G8b/B2RFHsKs0oo7S2Gv8i4sjFVK9AJt9c
- obIBYCi0F8IcZyv4N8U8lOf5/Y4GTBMIOJtxSHqFxerQ8mL14+0SubgRki77eUeN
- JFjYlJPKZdS/iLZq01Mp4/+oNcLi62FpBD0z0pcioGaI08erLAIgzDlR48aVsVZ4
- ZwJFzpSzLnHEz8aFxEIvbFzvAcq20e6ZlUtPrFzQerV27ZZQbDwaGD0/snTihi6k
- of9URScnbN0D7PLM8KLK9sKOUzKwjHCIl6WJ/+J+ITOtToTy1dDo2JkKMRxNHLYv
- KZ7RaQ3liTLw2HjdXwLtmWYomBP/uAghnvnJmLztlylmTEB8C72nbPKAhqk6XonZ
- +sCKbDbFTYOpYnyhXEarlYfest+hj1vibh3nkxrjeO+5AQ0EVNJ1IgEIAJwynfBE
- 7wL03nQdEmO/D3ZaPnOT8jFORIXrjXsxuCxScYoIsSLqPWVuU5ddXTtBKZ8g95Cr
- CciHP/haERbkp52XhfKycB3AfNfm0CJH3pOa3PmWv6OsCfOMjM3asFOTqHNTK1XZ
- P9031Ostbhmj0np71FJKNO0rlVDizgbrHif6Hc/BNpUbdoidRy3G0V4vqUf/AyyJ
- uFPjy2CCmCq8QzQZZ9ppQe8FiCzes+3InGhNx82afdtLKnkhn5dLXV+c+8CONhGX
- H6hEVpqzXctP5s15kV/6qIU7suyNOm8K7+2rBojS7wH7z+sJ7EZy24aNNxZauBHn
- db3nXK9GT7cmgcUAEQEAAYkDPgQYAQoACQUCVNJ1IgIbAgEpCRAmEBti9pN2zsBd
- IAQZAQoABgUCVNJ1IgAKCRBqF2OKoEUM9e+4CACKtQ+EJkf2auqHlbGMx/+fq9EN
- CTOX/iSg9WvTrTzZFeGdweslgQOr1SBgVtRgekK1ffXX8VwM6mL7A7g2j7TXLFzW
- yu4kCrd+ZZVqvhvT5H4/cK0axKPq738FgyTJ6eQtjPYbnDwnN2iwlBOVF9rizi7T
- zqA/RrfZr+/pzoHRWXgDZ43x9bFM7IGDnJilV+yjnFeO/Z5DU9TV3qiJnpF5pExR
- ZliBNP80PTISkmnvhdH1eQIL+lIr0XOdTH7P6PWs1mpexwf+bttBQT1fonmV87Ep
- xtOZL15JnXBjmkqzD+fmdFOx36NWLZDYTHltm+HSJmS3wmVG+tkOyuCwqFvntQIP
- /2AG8xgVX5ZE77BAIsC9LW42qqRjHAFjFoOopTZ6htkb3eBkxsuujzGNJ2Dlcu9+
- KO58skhcuCF21B/elXqWtBuicw5IokUVYXd1T3xBSvKjWUWF3NlvKIUFfLEFP8EV
- qThD+5Mw+a5usIXNId6jXi2143Ig30u/OZgIx8FVjzs2Lj5cWixNBmkHTDGD55+t
- op3AIHnYyfcF3p2LoKLX22KH1+uSJdNcAlIb/m9Qrknd1pcBEJ4mu8ZP6PxVXUaA
- vsehhR3haY8s7EfUCVXZlA3Q3S8r7VTg/pDB67FhaJcc6rVXlKHdPtW8rzKI010J
- 625omSYA7N+HlTGDL+E0DzYapkLleDHcwkvppl52yY8S/GNpwEVIeInw3iR+jPKh
- EKlhhx05HIDwBRBDOZDURZMmBRZZTXx0Ykp0QerjDAi17YJk8mpm6KNkZt0dWODg
- qNsK8haBoiKK3pEMeGub8QsONSwxx65vlxlCBWYtZ+gJh3aBnB6tDovZ6ytfZ1Mi
- bvZqOcOBFNzrPBNldVfdsiMfZzTtGbqUQV4qiqdYmg95xkFq0upinBvr5sBI8qln
- q+4vdZosivEt8hp6uMzaFKBbX2ktrIk1jUIMwhI6ZjBHBIlaz8HxSOTgNta3r0QO
- 7UelMLWZ9w1LJWsaLWNhPXQxIA70WbLb8geMVq7VyuE+uQENBFTSdbQBCACE132Q
- pR7pocJTL+LrdLkXj9Em0fs2yXv1tRS5eW7tVIzc1XITsqjXThn5hzfJ5f33ONqv
- esqeaBakMMaW39I3SZKGHFoLwqaczGfBk4ihnsSmiGoyeMD2F9gTUCGxdT23tlmZ
- SlwDH6rAnXV1JFk3QEh/QmFwjAdDfkzpt8roWOiZRWYHKwC7I1eVC5OEadK+287/
- /RWS1mfieMaOiGIZTZqTDtGaokN3rLB62LygOUQjW20J9j4ZGIaHBvmf6dQ3LwBB
- xumeSsLxGq17VCZID9EPCAoTVPkuKs8ZfrKiLjAbuyZqgTm3oxHqStmJhGlKVn0Q
- a9IRfztb+NF0yqdNABEBAAGJAh8EGAEKAAkFAlTSdbQCGyAACgkQJhAbYvaTds4e
- fw/9Hdd/bHOfZACu0BrGS7dX+/2QmVZ6SP+yxegCQTeu4w0iZ+ohXVx4NUNzoBsg
- JqmnlY9+ulWUKMKQjTHJuC1W/4Md2rYLVMDvDl5xXY1fwkiGwAdjAVVQyJmQCjXL
- tKD50Bm1txiHARKScIuNoFj96c19pA+MUvZoLWXL52PNEKCHdi7mq6Vtu3ae3W4S
- QhFpXAlcm3CrKK52OxMFKTqMkk0r4/P+U5U9tdooElDJVoUIYoLfSr/rqPf7UrUA
- JNyk9AhajaYYgJ+Spw7FrnLoUJXgrQzRCSyDiWK6StHiCrzBej+4Co+m/N3ajqWY
- kZeFtvARPSNDxjFELxT3Jaj855WoR7DV/biAgvu3TwYcav4GYykYuq/hdFFy0Z0P
- QxSAL2Hu2s8f8T8rGjqED4++BeqTabDynKCT5dmRQ/fDw0LTTHeoxfveFKfegc8O
- R/nzYteGj71DBPpdaGTCZGDIYdSy3wb9a+9ezg2vEmP3JKMn1Z7DxP4LNOoL/ySu
- mIQIcrZWxWZSuPsiOm8FUWuvQ4iwzu+ZUC8kzNwQp7MFWPwh+DYHkp8K7m2AdjeJ
- EGPaIlhqTKIUrUEVUxkuTHGMExd/+gp3CIT5v3X08msnKrN4/HRU4x4wyUJqWVIB
- 43Pv6Xfqz/1LayeY/PvMbHSSXOeXjl20iDCVxKt5qii8sfCZAg0EUmYFigEQAOeF
- OFMWA6lDAGSAlUU6g/pRDegFlNxFJhPHcDilxCLjLOIhJU6D0T1+HZh4bB4BkA9E
- qt6/FDzaW/mQO/xS+UI6cSH28fiWl8NqCKuIQCRxNzvJSYIkDJHzKDkqbtXTV+9s
- tNYhmKx/kSrADBV2Qhp6fkINjHF9rLu/iMEZfE3B1C7ieww4a5g3dOXQUGVaJ/Qz
- KEZPKGXqsxPaWXIqeUlodsKgCyle83VFda2qj9satyibcV82Z/dsP/wrELnwOYEu
- eGcN5q7q2iFI/yHfGvzoLF1hvVfPwTkhFWZmij80szRsbWEeSJREeImqjfpGgxqs
- USEJ/KgfC/3wfO55ZXVXDxlZxkcy4ciyRP/94jadxSfcHNPei7d5LHotmhLg10q1
- QqpTJPzYcNdj1xSAu50MD93ZhSLkHLZi+AZcVE6YqO2o5ONSq7mTQFMA6N9fn8hU
- ED7PbpdgmAjTVtaK8Pk8ji2G0l3zydfbx6+7pLA3R6/93VNPv6sazRYyKh9Yuel7
- 4rXbzsm5D5alWF/39R9xxFsvmthflNCnFh0zMm/LVPEeKfMT6MRwSRjQdUGE62v9
- xrnolWI6UBCL0CDjtJuwMrUKDwHaE7gygRW6mQEX3ZEdERDX5GGcLxwdfki8T0Jv
- i1g/cNvJ39lRZC61tusKhos/DO7qfrzIjgm9AKOdABEBAAG0G1BoaWwgUGVubm9j
- ayA8cGRwQGV4aW0ub3JnPokCWAQTAQIAQgUCUmYKXAIbAwQLCQgHBRUKCQgLBBYD
- AgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMubmV0LwAKCRBN
- HpAOFMHMBL2BD/4kqg1vkxbZmlIVCjPS/YYhsAzd445elkpvx56S66HOJwEK3h5g
- tJvuSBuIXQgfvfeqwWf4w1tFja5GiBTpRd0SSq3ZT2OOXOYpNrAnFDyRy13B7Pmd
- Cz1ibZtM/7W75SXWVL0bkuSzxTYO7v2VJ4XjEsZmBhj6i3JKidmR31a5gf1WBtky
- Eun9WV+KaQSKjaxbPlK+wTvWdXpClVNOR6izFGbxATowWQmZR1do8yLh64WPf0Ia
- /yg88cM7ZnnGKa6X9Tgr8vgJ4LyUgNmCPIX4eQKQ4PVTGB9M7hEobutQicvBceHB
- AMJI79GXzker9n17E7Fyo2uJzjIdWoKyCYqp1ASu4oBuk+LxnEW6nv2A48YnZSr5
- kF/6SRM9PVykWoEKIrj/GEHzo9dpgeg8EBrjQpJ76GyTqy/KJwRUxRw1M8wrSeGX
- X1tEJbRgbXih2k1zLjQVCq9rrNTf2nX30PEcMEoLiO9mbLYkDqIvhGAfcwjoB302
- oPuPlLfCnI//3HnhbBs1lZryLjjoWzMBbHK8E3HLruN6uvYxtnKY7rF7hsFJLB6j
- 6kgeC8Li9ZjmID40/0vvyamUs6jsvIiS+1mDvCCYhOX/7G/19bl8gcOCCbDh9tC5
- bGSf0KpHu1EqaV7I+ny25g7TFX8AaPtuu2AmUi4P4JC1crBDESuigUBv07QcUGhp
- bCBQZW5ub2NrIDxwZHBAZ251cGcubmV0PokCWAQTAQIAQgUCUv0tJQIbAwQLCQgH
- BRUKCQgLBBYDAgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMu
- bmV0LwAKCRBNHpAOFMHMBLNyEAConhqhQTA1q0tQ0b5NEAellt7aae2m1rtLC74T
- PArVMU5SZqcFdbhiRKo0s1QlI4V+SNZShkNH79pk7ltjx4B7Qy2H0WTjygNNULM3
- X2AalDxs0j3vPdi3TCm0ebLO04WNUbyPr1972mHjqaCE2JgTrEr5ZUebg7/7CsYV
- dtO3T1i3KAy5J0ODg65wqcf++TJs5YGJhQD6Xu5T6glndBxK+5ChHJ39Mz4GlCLr
- Wa87YKgQfyupZRNx3H7TMp9jbjFcpIXar8wFPvX+3K8eLmr03tMbCA62biuULrl0
- k54ZE9R/E0faqMAXydPSPc95B6BxxSeONoicFuwocESyJUKLo60FR42F671OBud2
- WqEGhjxO2/tIymPLUJEdESq1pKCqaq+dIZwVf/H99wPKFEvBhzzFvtdgkGIKsvAE
- LFK8dmRSaLzU51CLmjwzVodiKNLxAV4ma6Kp6V0lCGcqKXGZwkqO0+DUJ0//ZTRN
- ARcS5MQqV7rPVkS5ejqZTBU0xPOiWCkpvfzgmVZaw/9B+eb7uR9OBLxUiHo/rtDY
- uwhRkX+JtwvWBkZur0zpHwIeJn/nkvV47PdUgPuwIn1ZhlQWwAj5ryhNUaAsQYlV
- POUELHjsJSy/MpHUKbs3Zz/MoYHEQgB2TEf97/lS6H4LDGFOi11t49d7Xi7F5DMc
- L+fqd7QfUGhpbCBQZW5ub2NrIDxwZHBAc3BvZGh1aXMub3JnPokCWAQTAQIAQgUC
- UmYJ5AIbAwQLCQgHBRUKCQgLBBYDAgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tz
- LWtleXNlcnZlcnMubmV0LwAKCRBNHpAOFMHMBIaED/4v+2yqYRS87QasQ945CE5H
- eeTU2oKbqnZBgeK5FlPmHC0fWFBA8/iJsLB+TwfZ5pNlnYbowX01ixa9usW9qGDh
- nHAxnHeI8lRheZ36rNnbXMiHXE9fEzrWcTkgIy4iB5vlV1KBQ5UrQFcxGlexdLqq
- CENaSPxHYohusrBPBbk6V0KxNVonCACOdXL2ECPZcjA2TIFDjn9bAFO/DFh0pJuZ
- TVqzBlazqDxzL/YTwMGimKiy1SeQFoIZGbQNdYoXyG2TRCuQYX/qGCXAbbvym0eU
- TqQfzHQ4f0zXxeu5ZVZaspRUTSZiydXG+/4HEDeSICMtRXWl4aPXRG19u4A4lLob
- g6Ty2+Hez2RsvAtCwmgt0DQfqKDKnLdubFtM0LtmfPPQ/4vx9dfcO8jzcG1ZGWHL
- DjJoOscUBY/kheaA6Vi+68GZVfQPh8/qLDPU0PZ6/6PLtvm/XFsJjuBIwG2fy8QD
- UaE0O5zKGbcEnKQPTEF4cjLuusz5Kp3iu25VwmUEQNcFLKhUEI2bQ3r43wADJNHw
- GPY5olkHSflyhv5fWsZCL24H2WuQMmlEq/a+53hYD+WFu0w9sVE01wSZInNdCen0
- K5dhP9StLShPHFDlFxazGssV1LDRX0FGlyfw7LcW8vPSBFmq2/csH455QXqzFgJ3
- waeojCbZQn5zX9AI+XRsMrQnUGhpbCBQZW5ub2NrIDxwaGlsLnBlbm5vY2tAZ2xv
- Ym5peC5vcmc+iQJYBBMBAgBCBQJSZgnCAhsDBAsJCAcFFQoJCAsEFgMCAQIeAQIX
- gCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVycy5uZXQvAAoJEE0ekA4UwcwE
- nQ4P/jB+mcHiWC4qEhIfXln15ydho9j1BNAGCx3u/axC8Lu1Ykzq5MfMyTYbpiiL
- I4Wq2w1eXp6N2e9cif25nVo9yVISTxdd1wzZzehedbjz85rjtCUMRgYsQh4N52PH
- nYYlkk5ctjdvrENUJ17J7v92hogDY0qXhGply0pI9LeH6g//OyrcysHAVqbIgr/B
- yjYKgaOHRvzxdYB34Djw253NQkyqA7kio6SPegHhSVlfJceNFDuf+lJ4wXyB0wlU
- TIGFnJfE4Gl5bqOhKMLOqGr9BhUoGMj/wEKjh2Mcb9aHQy1p97IiODgj+J/mloqg
- 9VDfC3+I/dh3E842rApu5aLrFn8nPjyz9LRcpBwPHPIjOibGeNMlLDW3VeEPNo4+
- /e/TU9O1fJJxioqKyytSnOs2ACwzVMH2EobfkhaSBe9VhmX2SB8TFErGc2JhQteC
- G6ueXCVqGPIcFsD1IQvUVFgxkS2IMld8vEXGZTK2jLWjJ+WH81Thij6MEoqGmtjz
- Siddr1uKNsxKp7XOioIG8r4ZEVDPvTiUiSp7dbQqVEXtI4NOIKheIqtURJ21t4Ww
- vMrIpJT1aZBrMhCIdn2xTl5NZyD7mfKnZfbdCsQxo501D6R4Flq3il0fPxsCPy6G
- T04rpaMFlE0VY4B35bGwikKy+tHIqouYFtyp+kHbDDW8nDE3tChQaGlsIFBlbm5v
- Y2sgPHBoaWwucGVubm9ja0BzcG9kaHVpcy5vcmc+iQJbBBMBAgBFAhsDBAsJCAcF
- FQoJCAsEFgMCAQIeAQIXgCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVycy5u
- ZXQvBQJSZgrxAhkBAAoJEE0ekA4UwcwEWhgP/1JmfyfHoIsCJEBXhSKb2YxcEuzu
- z6R/KhBvqyCFByjjmqh5P7SWsoTRUN1ntetQVRUGe8fK1vPcmnTjI5UVwYchNwVR
- Pr7WS66zD0Vie2UQROQB+XE3V0jgewojoSkw+fEXkLJi3q1AbHnFg0AtlxhfMl8P
- KXYzjgJJ/ZwHh+cAiRMNjy9MOK/bQlyDY6iTG9DUP0/Zny7FAq6+oyiuP1TT163L
- knFbVaEH/UdhbewQLs5GXufJ0R8TGP3VaSCiSk33kqOe4qvwFxkDN+7ioXR2A60y
- RAZNOsDd4KOxdwhUm8mNIWHne6WjFxGznrPv/VKRxUwwDV0clf7DZYvPJ0xCFLTx
- xC/9x1oKwpDB6fmqkA7DJ1GHJuKXM4O7EjVQ3SJPacU01tr2qC2BodYJG6PvzE2+
- FzGndtwQfb+eBYrEQ12Apd6rADrFnbAyd+FH6uwRxWCPweMCyUZpCF9ZQhjd20O1
- fDOSUhaHQUDa7NLcZA3Pzka0S4Rjkj4NPJd7r3ckXIwSgp3vwPBe9yUt/PZ09WbI
- YGYFy1z9kml2uycdsaY4WMQiA0unkpbkQN/WaraZltNTrfs5a47b/LWYeBe97n8P
- dczXAC3jSrj/wOJNb4as+bUVJ8U34BeUlJo0UCJPBINdRcKSiakjfGa8WAYEgbZl
- P9rRR5hZQvUaS4zytCxQaGlsIFBlbm5vY2sgPHBoaWwucGVubm9ja0BncnVtcHkt
- dHJvbGwub3JnPokCWAQTAQIAQgUCUmYKUAIbAwQLCQgHBRUKCQgLBBYDAgECHgEC
- F4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMubmV0LwAKCRBNHpAOFMHM
- BFksD/4k7P55N/ZHdHuMU59DfQSvk4r6DNrGzZNvjiwpDa9GUdvFw2vXhFsxASFI
- A4i7fmkxVUzfy508+hkP3rZivqltnaie0HRSDhilruiJF8mwSWvJ1yGvmouJvT82
- lUyUqtw79lnEADw3NypRXIRP+oz3N3jZ0s3Wmil+Lj5A2tn7QLIqTcLLtX2YmmSt
- fjc8Kk+tt6gaT+r8pov2JDjU/gG5xtKG0LfPbO12y7+qY7dJFd4gNaXAub1O0qrt
- IWsUyNqxvG98DHD0ub/+NqQdzrzhBfW7QG8hzrSafkc5qvxBR2PwJW2F5RPRwURj
- +JkT1GPHZWFlUK8t6EG9w6kzL7i1xOYkxTjYK+1VFXXMQQRIy6d5a3+7ac2OtS3X
- qvhEBH8XBLdHi/0i3GQ8EAkNC3nB+p8RUrbJQbq7mzeZ5FuHOUbf2Uo9I8FCm0aK
- trVYFiLYh5joYYlXoE2Yo8rB9uMtttyvCcdIm+ewZCIQCF8MuA8PshXaOVwq/k60
- JIIJlo+r9vX0Zgq4hEQUHA3hYkxoXWGAn0TMVZ9TekZSIdhxAIo4VsJzll2Bc51L
- IgH3zJ0FxFBTcGdKU6mDUVhrIiDe29PPQkla3wCbuH9l7W0dgebTqVZX92hbQYgm
- E3h0UcX+vnCFFPm5qpdYs4puNrSgJF8Cn9LDUGFPvUN696wmE7QkUGhpbCBQZW5u
- b2NrIDxwaGlsQHBlbm5vY2stdGVjaC5jb20+iQJYBBMBCABCBQJXqC8TAhsDBAsJ
- CAcFFQoJCAsEFgMCAQIeAQIXgCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVy
- cy5uZXQvAAoJEE0ekA4UwcwE6b4P/jUOwdtIiNmAwYNWRJvlGoq7/l+gu8CIo18e
- i35j/r6LFFuwC0+vgEowZHCqLGIBpK6yliIX1S2voguGCpoxkalPdNEb2mcBODNz
- FUVscRqzjPMOD5VY7pipP9JFJJR1FNLKCdy2OCD+lTpQkmaBmKXaGanhJ/wkDZep
- TURn75WhgpDzzdISR9tPygZvKWeE8/Ov+RzL0caOcoR4yuI+dbld1bwz0hem4rBe
- XiT8+ZSW5F8OE6MirBMyHU3fHQjHvQ3Iy/UUsMyPxE0iIMmirkKwB//U6vCJTRf/
- 2M2/k9h2DZYhsMpDkiFSI1q7jo9/zrEQEeQCX20atAPZJeaO+OLQPdBy8sghA2HD
- 8UY+wZ+bfWTfQpUHvWVuPmfLUtFzulcBvE3rwJpNsgu499XZg9GJ2O8ulhOgJRHH
- z/ddaNYvSQXQvJt3woF6ElkJI9kF9MKdvlt3Rm4Lp9dfb7wmpnv5isYBte4MlVJp
- nHCg+ABZJdzm86HP6/LdfWNpZnCX5IHFgtZwdT30aUM55fVMpqCDyfM3zcnBPE5L
- pLabNyWoSYXllDy9J4FkuRkGr55bTijNK6WU47EF5U2+5BeLVbizuJ20DHcwEl5f
- p5IyZBdBmSrlltwtX6Qp1qRfaIeyiTHzx2Bz8LzONEL29swcsQxuRyf4Xovt6EIz
- 4VNGqRc3uQINBFJmBYoBEAC6C/l0gjpwGcO+6BV0YP/eYSF8XxQ7BcEj+ooSs18j
- Zeg+9ih1yJyMWqrzXrREpPoIvxSTXgYN9cvc1hXSu0OxqCLjJ9R+wfIpUJyFoaQw
- AvuFfrnbwqUDoa/bSFXoUFxv/M9d9o8brO3ilgBouys3QTDTZuVttK6GQUZDYcgt
- gQsaKGQKvylwqmoldProvcetvNG2nTAnXYtNetF2r58jn/cVXS8t2Wn0wTs+b3WV
- kgnChnODJT9qaaoCFHhygNH6ERp+XlaqW81sNTkjyd+Wq+vXMvFzyk7i6ezplnYG
- vhEE1hPxYRDZEc9dEROgI95k0RzYXQvSahqoCyMS3DybqEPJJh2mxJim6UYHD5gc
- cVhTb7j3WfWoyMRZeEzb5bSesnkzrb4kRz6ZYvYF0EyvcWC7mSOtnIkQDjO/FfMo
- fRgtolBchHc1AOjBGVjRn39YhCDijo5cB5z+nhyK5BNSOQAtyrGOU+8mNSVDw4TW
- WjH2ZDJRnbE4NwSpDzVRbBEEPGILjIoPaPQ11IObjYHY8WQ+dxb+9e45WGjv2KlD
- S3UF3ABeLkjSYyPTTuH83gykU12gr60MrUQExdbG46mGjfTs/GOgzlItkEuQc4xZ
- kjk53jl1s1RjjFo+LxLpAYu1D0KpiclhNqWPbp6I9amEF5AeIWgDDOI46yC2Rtkb
- 0wARAQABiQIfBBgBAgAJBQJSZgWKAhsMAAoJEE0ekA4UwcwEfrgP/1E7HYaMcyDT
- RbEy8GJt+grN+m07wLO4bnES2VzVN9X1ymWP407upZt7vy8LUN7d7AEXCMJ8KffH
- IhTN+tMbx/+xMqNhSVG5AYTlPfdaumL8jR7WvZXh6nRXZNbeGqofH36zlAbV1NiT
- SWBMxQZ6MbkW3z6QXvad/MTQFlcFouGlFHmvGdtSIBdg0e25Y+mrwXnyN1OgLJLg
- L1CzmSae944LSA8fi1EA/R+vwgJNkQPTWbuiFNKvH/UwOUXJ+JxKG/CamPT3Lgzw
- VoW6bKqDPsgWz2gSGBmN1Umb86n+xV7fu39BfWaEfpoY5g2dq+CLFYgxzymKOxj8
- oIBfy/2VZuX2Aj8Gzh8q/Q2b0iqlrLzfXViHLD7LTzHn0G/xOks2qkwvm90wM32m
- 2qkniAGimeYD0MFpbL9cD0fRAhLkMsF4t1EUTIzSdZKouKF7DMI9eJe9RbqCcOiw
- 6V9h456hwqFd7Z5fi3/SbHNS8weP004DUcVhSwNsAbMDCxSDlv/QNOmGc2QDRGiP
- QrWIhq1fVj1YfWq6dfkOvwI1qvgg8b9GybIasL5YuC0xW/GHPwo54xiFcGBoWkjh
- QwxzJFDCAlO80ugGRpgEqPis6Q7gAWYjQxHuvEtgCtUcWOmlIZDyxDbcvlP2VPt6
- mUjOkYtwOLN6xiYi7OGBxwcJU02OmG+NiQIlBBgBAgAPAhsMBQJXwTGaBQkF0dMQ
- AAoJEE0ekA4UwcwEg9AP/2QqpW7xqcuU4RQzCEJQhg+iiSx1AhFZyP/+rMMuPDvk
- CGXtEepUz67AcdWEHLKXOnQJjiFJ70jgBNtD1A+EU+kUMuWZt8QjFXyx5g0ua+nz
- oTXGjCx95uDeVz8UmmjtEf3WqwgdOeB5ezcLCbNpcotYHj7lx3eHnIbC+Tv/GQf6
- YFS+OWS1SmNkJ8XlYoDSQwx3rjcyx5Oa07fS3a7+nsYCyHjepVRt7BPI+567+bEp
- FIcmx+BEYp3XSHUsXzp31o2aVgndLaJdbi79TN8cL+v7QwKTGdrE0PQx4moT3ww8
- jR4gAPB+xKYHg3ArE5LeRTxvq+UAj8CrC35gtaiLSnAoYtfqS3hsqtGfRm8SigPy
- 5qObH+9VrHW7f3EZFgPXHGJHig1xl2egq6AbJquG1Hg6+5AmaPIBlea7nDspfPoX
- +c83Vagc/70WN0EKn6dKx+EJ43XQsEqJhUzNE1mgOEwPWz39/I/Emu2ROVD5W0nb
- ZJq/TiIQI/cmKGmxkyjk5iF0y2se58tqMclXLyUfdmZyfLeDT7tcl3FoGghosiby
- Nze5rGPjl7qpEOAqK14HxpTCTtenrmPhebYTAL4qOByQB6DdbZOST8MRPBq84Vo8
- c1O8Rq74o2KIbAaotUHe0XlxFY7d4zwiWiWxIoOfbeD0JaQcYK/TBwBx8btmDFhm
- uDMEV8EwcRYJKwYBBAHaRw8BAQdAJf5CtBXUXVqiGpt1xQ4NlzBtqamtSgshdXad
- LIuJLHaJAn8EGAEIAAkFAlfBMHECGwIAagkQTR6QDhTBzARfIAQZFggABgUCV8Ew
- cQAKCRBREE5mjdBEgfmhAQCkv6N3THjDjvp6VDcXQzTTY1d3sUqi7L1qB4Ez6gdL
- iQD/bygVdVyoOtrP1/lsWfBfbjTsIMsprPUyneOKO9Gnogep/RAAkZflNkOvoJ0R
- Fjlw5MKzvTLTaraxU43p3GJwT5QDE4vWeql5/YWI6hu7h744AZhmeCbyg1AE01cD
- oRNz5SD7NRU/mnczCSkUALnYZYX3Ko6M5pm5DHVBmhbD9aFtraLH6tlJKLXM9rGs
- vyJCl7Tgy3cgXCYuXFiFPZn24MX+Wi1E5Nbk8hxaa3bIdht0vRdisan3n0OYo0aW
- muBMFtZN67BpBTD9I6Tw6Lzeq/7xh1k3K5rEvPeqHRVLHH29CcYxuyUOmLb6Fc65
- Mm4xWztS0+2wWBk85AhZ00Lf2i2WkdATrPx7NGWw5fssV/7UIU+Q+NuquzQPh84S
- v7KKWjQOP3mLGcJ7WU4PKR4STBAThd2WsgaMs52LTtD+IwtMZAMvTc9Ws1e3VqTy
- lMkjtJlGxC6Uvf5OpvnYfKcENu6LBLKOp0IYBn+hEKFatbq12Dduiz1iKK8+AizA
- J+vLS1zdYanbKAJtYW+AdmbFTyfC6ytONyIiHpvXHAb/B5vH+UE8yIrJEL4XXAup
- 0kEOjts26jcbPxbvfe8FHD4NZIM8F5tbuST+TckfSNfUwJ2/7M7nC66vwN2oMsuV
- faZk5NFlUlwaDiNDgQnb1qQm/ltLBrVsVFc3Qra41IZu18etxsOaDRpTmyW/i+2z
- F5QWE4RzEccLAJ+BPLdIQX5xKVZYhsy4OARXwTClEgorBgEEAZdVAQUBAQdAt3Vx
- YCdOrV+5P3o39foPJbUE97JkCZsH/SLX7d4WK3UDAQgHiQIlBBgBCAAPBQJXwTCl
- AhsMBQkFo5qAAAoJEE0ekA4UwcwE5q4QAN/5x/N/8gldfGwarLCLrtHywZy0JMwJ
- ZcZjT0z5mBBTwNsP1Ib2k9tGqAeqR92IYuAEJI7UYNJ8aEMbDDbfOtuhecQupfXH
- yAahLrKSaCXj49m/nwBQGDESDSbaOU/j9YSwwrG2vFZESwhTUdhJha+Uple3vtj3
- H7JH+CvdCucjOTWSpdl0nf/64wPHbos+SfeS862UjLJnS6kq4GA+T8Wyh5ttYzho
- bdNZSRh1aU5clQNFLhe+O8GWTY81AI/t3wT0WLsavhUa3CqVPJM6vzHBT46weyim
- P0qoHRpo1sfJ2A4/YGc/+r8cwDimHpG9mIr2G3nx1Z8FhXxjQN4k1QFpMJ8LyHrO
- LS1oIpmNmwWzVDXuRQoerXXqOO61qEaorQi0buR6Y3uT0+DhnGmbXYvy07IaLlyk
- fAE6/CCUkIo5BNBBm0spChAud3Hhr95uLmey0JvEGXd4kjU+6QCnY0pI//2Px3Bm
- 2V9d1o1+31dr8cbh5RkhbT9qrg+5QIOeWG3SsOQqKhOaK1l5VpdlpSMoE1OJxUOT
- TsA5RcDWlbSC6hQR+8AnUpGnB9eZDtTsAVzzcJfiphoQhCb0tyjgyeioSSPyA2SW
- /Xe8lk9swoG5eK2PI5rKQ+Av/f7vZgG3qMX9F7Ywl/Cewje6cXFaeMbOWzkrNGRN
- 6Y7KlqQSpY4luQINBFfBMcwBEAC6AUNasY9Ibw9B064L2U4uflZq3N41ZUKEcrhA
- JZbDhPlKYqLPN0xwJrbUGFCkkTZF/5jsy/2YKir1ywjNPuvrIgqRwuyouTeJOLQX
- dAlbZHajVR8ljbQehdVxMJ2nPYHyuwRAQTjtYceMC2DFe/YrdWKa9p2x7z9hD7sx
- g3HrzXXtAj0Cp/F5fokQg5xnqGqUyEjV7AHajljsap0bOZpJLkXDhDYsgMtObWgt
- yZHKfmpKv3XdFgHUpxu+XX8hw6Q9FIS28DEOVRFCzGsY6tqRUMfBSnUvj+x3pF/g
- XNMH1HJF7u4nQ5nulhlyyDupXQ5BNIF0o1bEKMOLHc0TZ7wgJnPvZXFB27dE/U5j
- W839cu0e5eVGrJz21AwnwIUSDkVG+qIGjRIVys4ce65kgjCOJkL7yRJD5YCWW7hj
- T3/JU3l3lAQVwS6bR4Qi6Qsl0eKmhsjqkT7N3KDXbCSqmAp9b994bxYOeNyotFtQ
- APCmUVFykQYDMJTUdm0iZX40q8p7T+OhkWtmuL5xGpP9KU6IOWHRxgcRN7cVNOoo
- igE9mqwiTl236kxY7NQLilF5dzNbExtFSKf2h2aXyU+CpYE2aa6FTetMUxZnI2+o
- B1hGmVGoGBzdlhdXjrn9uZdiLOumSaWZ1mt/EMNJVT6aPIPSASkXx1Se7g8pCCW1
- K2OtgQARAQABiQIlBBgBCAAPBQJXwTHMAhsMBQkFo5qAAAoJEE0ekA4UwcwEBqUP
- /jLOHwYJeaJsgsi5I2v4HPUR0kZZNrAeraW66O+zkHyPehiU2dc4KeuWAP1YZ04c
- jUyusCN9QLSx4zbaZHPJjqStLQqsanYZ9qdeAVLgxp3A3ZFAt/19DlSMIf0cWmg2
- VY9md4Ex0rTfv50cGnaB8CLpEaKwwJJVkSG3YfqgBb/1rjWj7KubM4k3QNQ2UwG4
- ABs+mZ0f7VYpd9hQkRza8IcOQ/xpGIoNlweWqOrMm9Xk1XN3LQ2SUG5pPs56FHGW
- /Q4jN0zqCGVPv68T+ij50w//JOfrL98x+QOkTYHhFBUDsqmysBO7deBeQ772Rr3w
- qLVqmVyVovhSWn+r6QLX+OD80o2I7bJKAgxK4A2blBcjIA6zK7rKlh5zitACRs3B
- vmGYenCxF55n5BTY4osVE/8iG6c3i7NLZFRtsYwaA9TCYZxOUIW8cfZi2PyfMw0A
- mndldZ5SauaACfEdcIe7LE4Qu6vUz1qEr0DCG1+VetK0NKePSXMg/VV3RTi4mUOX
- mv/pSrJxDSQMPA3y6QdXqUtQl25nM6KzgcOpGah8UOdyDZccK6B3zlq1ngKE9U19
- e/FgZamUn49hqKNu6QhQ+2pgiehgRJ1Nmo6iyf+0O12kwTHWhXsb7ZbfA86OHlPu
- EjFDDW4kXkOSE3SRTP9GY5w7HVY1qUWy+2/FeYyW4syGuQINBFfD2hsBEACqLMDp
- uA+/9VWscimKTs7+k0BiuxfPwNJAYYznAVNFt+GE464v6YJNXpKt07BRzDpuivaD
- PobqtFXc2nvBHcCUOP6QTUP89rOC/bw039B+KRaPlQJTGbPKL/kqIXiK5ihjgSXd
- HDCmzNFHuec07pWgBMI+LYfZpKIHGsFVynIL53mmhxavGTCSzJrBd6pyhoeCzMsI
- ZAq6pZ0HKjfVWP7B3yBJfazCr2V/HkOmKV/vPJT+oflE4f+PP5tTuvEWE5UXM8VX
- nROMcxaNHLB43Pbh3A5neGgFm74Ha0tfWZHrZYnNCFRGbxp7PnfbKL+tZ8xtyQr1
- pQ+x1y8Bkxj1MgiOj55MmRmjxlVJ+L6zyB5Tw7kqsaBHiSDBWUz6SJz3pFD3X3GP
- D/nkNqhBhSzFM2qxHME3CkK+hU4jOEkcZpHhsjL+pXVudGNHIByDNj9lqP7vswg7
- cnGN7QIPdpBdvgcFg4qZS93LsLJlqhNDtCwd/Ut+QNT6xE51HflZ+3/su9FEjUFK
- ZMEtAu0TDoaf7iV9VyD84wjLWAm1GVXpDh1/WuSUBifMfTyHXyLN2y2Ja5D1mws1
- g2ywzHBW/2e3gUzYSd4JQEWLYld0kZhQ5V/Y9Y19jDpDUUgxkZmb5dnHRaGwmyx2
- 7zReKqN5NF2tdeWsUMibZkEQdib0n+WnzuJMYwARAQABiQQ+BBgBCAAJBQJXw9ob
- AhsCAikJEE0ekA4UwcwEwV0gBBkBCAAGBQJXw9obAAoJEBPa2Zx+QVGcxvwP/2aI
- UD60sKExN2fLXj7mMZ/wWlDnCdqvTGD7lrk6r/fAQcaOAgajCMEXOPZXlPBhdQ4j
- xD3FLs52CNZkcwzXMbspz1lfIOk2U1UGhmnAyriY4Uf5cRu2RPR0HYwOBB0xr69S
- IrsmlX4pf1AnulE7CIY/oPBjB2XQRQ7ls8sMqmm+0TxRysaosHGu7Vbez5iKBm3p
- 0rEh8TcVkgMivdUPue/ip+mCaDCfGeAiXLXWtiEiwaS3Pq+QzHhZtBvShWlc3k2m
- CFlrGQwovPxY5SqGs6QwifrmnGSSlyaAorDZcQEkZe/HP2/qXKb7uBD3/r8t2OE+
- BZKwJxW2fIpaO+u8k5EXSDzuxRqSNj3wYUI2+WNQzBmAyOZ6XBX4Pz0xZyahtXCz
- J+5deqCnEtJI1HdPSvM7STE6s6BmkhUl8weSAD+7v/HNPWvQXYFoeGFeqvoVOCqB
- 7jJZUj+n/eUh9PxsOtwdJlvdoODuQIYyzuSapm6OPnBKg+v7Bp39Ym8j5Nfe3xqg
- +O6CQVH/qx3NoFrKfAaLKGsV++jnf894b23Y/fgu84Myt+Kn8uOrO6jbBwiWLkgn
- 0uzmO57bi/6F7aMQwSxcMcAY3DhCoeXkeYq0QRZZd2raPbA5r278wPXWg/U5bHen
- GYX1COWlRehWqXkqR9ZJYY1hTT0/WSAK2ZLCGTK5tDYP/iiHbpeWlZhwgx9Jkfmg
- L+N5XoAW6oJna3tozS+xVM5pxTaTNO24vnQw+XQxkiCFwtf81chd/oXhjWpLg/K1
- vF0AWGomN9yS5dtKtlWZ0H/3KeEGkKf9iRp8j1bVNF6mBhb8Xl+nKLWiqE/uezx6
- OYBFJuj6WpCgbmaRUbmKpX7P++JuOosg0n+BzzJYAIKP4+/FLL35qSpLW+DuWZaX
- bvgS/OgjJUL8AQj8Nwk7ViRyhBRwSAvwpdcwvlAH1VfTHfpQ8a0jjN1Nzf8Tr9Ij
- o8NQnsa+5y6Pmf6l40j4C8HPsMB7SX8ptFig8lnBRPtzEWj54/WtXJwGRG10XW4r
- dQU5hR9Tufc+WFuRfwdLgrhPTnKGyVG9zOkTd9Cl4j58tEsju+m4HNkUN5goouvd
- xHSe/dmA6cQAWf6/nhJ/uSM3aJPSUOtZwPZO7/NzsMgkwZTLXbehm+9xWMkPRt1Q
- T7V5MgfxnxhVoIeoPAEYBo8t0P2GXVMNZdZkJPoViWGOei4iPE3rj6NBynIIoEZN
- DEJ0OQOUe6Naq5AaG/a6wPa9+ITzKY8VR5KMf3XgcKLBlntyyxTgnHY7j5VrhxU3
- +mUrnwg8LIN9Sx4oWDks/SEB7KN3KGjSgczn1k3GIJRF8BhYin5Cuw/+aD16w5gS
- HxUhIgwH2BbM5X8eopbp/csAmQENBFWABsQBCADTFfb9EHGGiDel/iFzU0ag1Ruo
- HfL/09z1y7iQlLynOAQTRRNwCWezmqpDp6zDFOf1Ldp0EdEQtUXva5g2lm3o56o+
- mnXrEQr11uZIcsfGIck7yV/y/17I7ApgXMPg/mcjifOTM9C7+Ptghf3jUhj4ErYM
- FQLelBGEZZifnnAoHLOEAH70DENCI08PfYRRG6lZDB09nPW7vVG8RbRUWjQyxQUW
- wXuq4gQohSFDqF4NE8zDHE/DgPJ/yFy+wFr2ab90DsE7vOYb42y95keKtTBp98/Y
- 7/2xbzi8EYrXC+291dwZELMHnYLF5sO/fDcrDdwrde2cbZ+wtpJwtSYPNvVxABEB
- AAG0HkplcmVteSBIYXJyaXMgPGpnaEByZWRoYXQuY29tPokBOAQTAQIAIgUCVYAW
- BgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQvOWMjOQfMt/0Bwf6Ah3U
- WuUL1L2wChjHXktv0j8oQmL8CD1AUYkg+4NRTkZTm5ngZlNk4ZSJB7sonaEmzs30
- fw9zex8LMtCMnEHQYtFNb6r1M2QfMS8ZUdeaUNmlGHu8UnHqr+aTkQbQsvhs/UaL
- knWlOWqdsM29Z311yGA3BdlGxw/2wej+AtRSazT4dEISP8K8xfnoQmhIVUZ33aMV
- DF70iinmAfWfqUKhgRctrVMLgXxKtYiOeTGXDtm2dnvXTHOO3u0N2skwc6YwOxLj
- 1XXwWL6KQJx77/2SqVHDJVeEkMEb9Wr/e/l1PggU+fYxLZ5/HWbGatNmoRFoYNuC
- GlpBL9XOuQK98PcIyrQmSmVyZW15IEhhcnJpcyAobm9uZSkgPGpnaEB3aXptYWls
- Lm9yZz6JATsEEwECACUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJVgBgE
- AhkBAAoJELzljIzkHzLfiIUH/3CjMhhGiA11jVp6MUWLFvr77LhvWuLKMy9YRQt4
- TMOVDSUxPpnc/FeFkgsPjLho/srPHSjNdrmporLjUQA8pCg+KmdEAfThDK0lsgRG
- /PxOi38t4JUpRzQb0NXE48EPTdzNOCqDPgSNXaq+csX6tNTRgF6+s0KW4qiwZJ37
- dG8tZW7SEGGf2kQsp9ck1JBdlv5OkcOFINn+AKuCUEQ6EDphZsNv/iDP7lMUp2T4
- H76IBBlIe/vMhJpuM34E9iAjjsD4xTgnJyhdoBScxzSXltrp8Y1oivOu4ThoBmuU
- /mj7uaVT0ybRAmp2pjFg8CKmUkatm/5hcfV+nm54QreX40a5AQ0EVYAGxAEIAOmE
- sdopOhG5H8TtMd6sGIKMNq3AJoRM4o5NjbNEFClpDfan8XZcgYtLwJzbv6CtlIpD
- plfRk3js74AXIUcXwMf3QhdkWklHdFvzOBdPyOctfTwMzfV4QJkedHMWEaU6arpY
- BSWoHcYoI9QJjZzh5NFfKhcu15PGtcJiiPjnL9ia+VmuWicE2M8EDIeI78s3P5Xt
- 9m02w3s39caucttx018135IPUQ2ZssnxG/LKbGC5PIH+Rr0l2MccihAQnovXroHe
- GF8Iem3yILQY9mS2L0gyXQ2gnTb2MmbcmrWoRx4QGfkflAwafoWrriJfBOw7VMw1
- TClbHymO9XvBUjGMjxkAEQEAAYkBHwQYAQIACQUCVYAGxAIbDAAKCRC85YyM5B8y
- 303oB/wJLYJOsxAV2GQYS0FeYviJ8PxQcWQFEEaYzxkvZ9ZQFNldPyat1Ew4rq1w
- +cpZoK9a8qvSSe33vSP8PICAWYfyGA6LfJy2KAV5xUOOOKUB4IkyrfyzW1gpiIsN
- sF0da12QD24dnCreV93dDFwQQ7dBqZAX507uHyAA5eUb6mjzseb4TTDPizAgHz5L
- fsnOvH267QtIUN8kJMr5MgoZrlSfwvE/HKr1aec0OHvbMrsGJGJ2T+zjQpw2h3zc
- 0zgef+xsZ/ItryxLQXcwTRL6hxIw6K79kcc6LCktg1vBMnuy1nEayuC5Z5P0/5qb
- FsD9iUr3kt52y3C835Zwdnt374CumQGiBDzS0/URBACREmlUnPeSzfnC0m2oQV4e
- SzgYjskiLfwZ++Ql3zErPw0AphH7m95dZwAscTm3CQRHDDd/RYxkJMAYA+jmw8cV
- X1rXtQ2URRmzy2/I+qBU1NCPrqBjKRqrav9uhLCLGvEwdqWg2dqn8TMwNdlETbH+
- R0QQ/1lK8XtW0NiHC8I+NwCgj/8Av8ifdpVSnFp1QesTAVwdTbMD/icRYOZ5I94D
- SRk5GGnmD+lyhfj+ejYbuVEgg2igV9HuXJMnBKTnuwriuskTreeNQBvBCTltHrRe
- 1LujAtlsbixooTgUU5jkzY+J/PeNfLd1J9uoqTGQ7GjT4SMfKuetSRBhcRZYvm9F
- M+54vsumKcXGK+qBfPVBHo1bk8goJxgBA/9tnrAoLIUPvs4d4ce9h5BGA2yG9Syn
- z3w1l8Zr+4coomUjbJFV86ZWKPM6nyb2RhDb20ESkZnCoDxZY+p5t9c3aiQJKQQV
- 8Gj0tj3c7/OKoyMePgabH9752Q6upiZ5Ml3mfse/Kja4THRoPEjkQzAn77jxfves
- KiEh+fu6gsJ3cLQZVG9ueSBGaW5jaCA8ZG90QGRvdGF0LmF0PohiBBMRAgAaBQsH
- CgMEAxUDAgMWAgECF4ACGQEFAjzS3ywAEgkQ/8DxTITHG24HZUdQRwABASeAAJ99
- oc3W8UA0Peqdc5cX4Lbis7hI5QCgg7U7yZqSbW1bRDP8kufk/86S5g+0GlRvbnkg
- RmluY2ggPGZhbmZAZXhpbS5vcmc+iGAEExECACAFAkRka8wCGwMGCwkIBwMCBBUC
- CAMEFgIDAQIeAQIXgAAKCRD/wPFMhMcbblBiAJ9ggPC4h2/eyMlfUlypfFzLqQki
- LwCfd83Ub3FN2C01OLRovTWsmXWBaWC0HFRvbnkgRmluY2ggPGZhbmYyQGNhbS5h
- Yy51az6IZAQTEQIAHAUCPRc64wIbAwQLBwMCAxUCAwMWAgECHgECF4AAEgkQ/8Dx
- TITHG24HZUdQRwABAbmqAJ48Zhf7b9JQWWEiVO0m35yrUG4/7gCfc5OE/gBTg9P/
- 1C/5UFC6wzPXtdy0HFRvbnkgRmluY2ggPGZhbmZAYXBhY2hlLm9yZz6IXwQTEQIA
- FwUCPNLYtgULBwoDBAMVAwIDFgIBAheAABIJEP/A8UyExxtuB2VHUEcAAQHATwCf
- QaJHzDZcMzhOrYjhobphXayiTboAnifEwKJ1DDVZxPxxWvxNoTvaPwm2tB1Ub255
- IEZpbmNoIDxmYW5mQEZyZWVCU0Qub3JnPohfBBMRAgAXBQI80tiTBQsHCgMEAxUD
- AgMWAgECF4AAEgkQ/8DxTITHG24HZUdQRwABAfCfAJ4santm5g2yaXD29CKE/OJ5
- 4Sd5LwCfbDiwEI1mLyu0nScjBddGF9AiHx65Ag0EPNLUFRAIAJtkhGBrUaEVP2fO
- 4wQpmujYfPc7+GT+Q0naKCXrMQ1vDK5ppsghiSr9TdVB3kdkev2oGxgsCfy2uPC/
- JuewQByYBmtKJuU6GDaRVXgMhpVwhcRraaDeYZm0GIDQEX3fWSlL07xxbzSZnewl
- SqUEAznHjLGN1pq9mvPBczq2hrAsd9TPHo/IB9JsVmHV9GYasHUSbVWx1S6ntU2k
- V2TyKpBS4luF1Z7y6yIWS9pwiZjTlWdUGSfUkkTu6sM59dBAxv9S5Q8TY44TUQfh
- HQhcLTz84UurU96i6cb99ZmN5uq6IP6NPIumhOJAqPvHSqly+Ez/oSzSyUoyZ0Sa
- j35E1C8AAwUH/0tkQh1bn/BhIyBO4S9z5wQfI+ZpR7npeKZ1aYQUjFzbULb27Y20
- HRujvXljFPoWB1oJO+oXULkCaNWI+72TYXzKRDqYWMaubwrYe5dHJ4hEDpmpqeG7
- W425rItDfhz2wKORc9vk+eHMHGZZhKamurmeH7hrVpe33BRfts5yvYWofYonWGF+
- KydBcrMp3AMbKGQMSOwcBiSpIJVn0HYJFIOWmthtKIMqfVmLWS2sqFKITbBKHBem
- P+97FVAc82dXxj6irB7/jBjdPX5/5B8HHOXWeEvuHSjZ+6efXFrTVbeh2u1alB0a
- X5kz4cb8Fl9Oziqc2Lx5HLgfkKiWgDAu4YOITgQYEQIABgUCPNLUFQASCRD/wPFM
- hMcbbgdlR1BHAAEBh+4AniTeOAdNc4fOd+lc1EMiNmo8+MkQAJ9cCqXvdHcqeQ6p
- c1DsXNhc4g8rvpkCDQROjXEBARAAzeS7Rq/35b643de5gjparUQdurY+huIwHOVV
- EWG3o0Bm22Mz+S/nwi3w6NNTGCyOo335JX6XA0R4dq/wArwPjQU01az/l1/PrPPm
- OPSnv9/a7eDVFgv7fVGiJFftID9wz2EANhrHjhsGhfFe79wV6ula8KMldipQ+LwG
- FGoSedlcbGRvvyIa72Z9jI5gMm9X482WK/+xl+evAinUWOVWlRaiyl3Qu2c0WTm4
- M0fN82mt3KAu5d3BUbZhkZrbQ4FCfEdzqqdl/aHvnspc6Zp3RGZMxj2YiPdFZmXI
- b7dV1Cf1UaUcD8Zib68/jSVlZLcw1NZKGrsjposgdnDuvkXEjGqECF/k6cqiWfeq
- 3eirBwsk6HRd/d8bO99FduKUSV0m6iacgTUzo3dk/OejCPQiENEkb01CRrKeMfNo
- /t6yb0ihkwpT8BTiZCdCmkMjzCGrnT9D3bKlC0qB14gZN5Pso+rYPQmvOE67Eqy8
- dX7zOLAGaaqOaS64g25e44urVGaL6ltOjEU+6xQjIyVtAZPIz6dq/+QEnY799y48
- b6/vcHmByef6zSfTFFcN615sg21Ie/rgJv9ntuM9usROi7MSQfCc3UakUjKl3X/C
- bIrkC1qSmQcGKISw/hCivm36ar0wBx9/Vyz8/h8dT8oN/p5HECSB7GToh+bp3kMn
- +aCHdDEAEQEAAbQgRGF2aWQgV29vZGhvdXNlIDxkd213MkBleGltLm9yZz6JAjgE
- EwECACICGwMCHgECF4AFAk7PxLgGCwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2LNpn
- 4vNZhm4QALEBYT7YFCeywswA3PH88h951uia3Cc5Gn4XBKbQxQQ4QRWHkrRhmINR
- qc7SMBUfxUtYnT+T2/Ei07OtRzKX1AjKN74mF+p7s8i7JCM2t7Kc+/xSIZIhpwgb
- f4OOjtUQ3RJoYjlL+ke8YomX6geMZV/IXN2nqj4a8CYkmzXCi2dg7uWf8v/p/hyk
- /DLYlD+HwxpRG6ANUkQ6zxTxgnzwihrnhaNsu2PAnWJo9G/Tfk8o5JuTRBn5qGr7
- SyQ0PUG5s8D2IPgMaABHhpoT9mYvVOundroC2RyusS9xzrTJC+BEvLZ+J3idAvT7
- /TfjJuOrPpkr2BUIZYr4MF+acG0QQUstsJdp7V27iINNN0jmlybbCl7RiIO8nCSf
- VRssgKbfJMnThvMGjYSSFPUz25gIgH95t8a/2rGR5nnBJQYbd+1Toj0vqc4PIuSA
- Lk8bF/fr0s1DwKUJGgbiUYA4moIY165he7/RVGVwm5qM49YgSaJWwintDCGox7kD
- JMBfOz1n0FVi5LLGCHmWosLt/CRpb+F+r0ix2g4d5kIU/JedT1kU8dOugLVb5bLu
- isK28h5J06k48VfTkzkSjOb8Nn4w7q78RUZ2zx8Ny5Y5+BFEKtmu7Bs9Pzs6698D
- HSaeZzqIuSTgn8ddu8iBjHZF/sw7wrZO1z2cKj6FW6bMen/bX+HbtCJEYXZpZCBX
- b29kaG91c2UgPGRhdmlkQHdvb2Rob3Uuc2U+iQI4BBMBAgAiAhsDAh4BAheABQJO
- z8S4BgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdizaZ+LzWbR7D/4hKUfh04TLD2ZF
- sIWxrgEE/661lHaYZNi/rJAkhX73+bpPP5aVuWiqvFkYbcIvA4+PzSi8KXuKiLSb
- xtUDgqBKPWI9Zh2cOj2Ykl/+Qqp+TAPnjTde5+lc++MUm7K0QU2CJQZwvRwnLtwM
- vqsj7dlF37N46oSOqcPb6JRsDmJmoJUn1ylZhjys0qAw9A+3VVxXIIacsf7Oxr+5
- VDMTJmyclfGwbsAAEyYYEgopQ2R8Z+bEOVTdDYSC051oO0KUHidbRGU8/un7yM8R
- FtZSoPp88O4wdWyr9xbahSr4LYImoNUGpJLQQKf+EtMI4pKITDs5Nkl8S6q/Gkh8
- nhqleuVQ/jT35Uk0T1qzhX+8EaUAs4Bp/kUJ50K+V6C4wBMECoMDHXyvmgkKCkb1
- 8g7tMgv1ea3gZXcOU7MUvhgSzcndLKZi+taGTgmO+bNNdOnA1MAxMJpoU45cWpVy
- Pp5nUg1E5/joQGW9VDJFLkoIArO50e2Ccx+beDPtD20zBO4Yga+hfrztlAP9aGUA
- r5Zxu49MpeClqTyTnCoFyAMbAJXSjaBEcnpIWghaUZinyvnneB8JpK4I4zjwBgwa
- N2+D6K0MTDJjyYw/bkRa4U6vv8L91NTH6avCpMJMdo9SeokLVuPGXxAH85JfzeK/
- q1bnjrGBca/HJSksT+3wtj7XCAKIKLQiRGF2aWQgV29vZGhvdXNlIDxkd213MkBr
- ZXJuZWwub3JnPokCOAQTAQIAIgIbAwIeAQIXgAUCTs/EuAYLCQgHAwIGFQgCCQoL
- BBYCAwEACgkQY3Ys2mfi81lOqg/9Ev3xFwdEWPZdknj63f4DruELPC7GYb5aY4mA
- NzmsLkl5qlbr6+JtTZOyvM5wmR/0zD6me3e7YvMWC3bQJplMExcRJVlTBrk9hdie
- P/0CGaY5iXFLLqSVbKyNNQ3BoES6vJBX4OAgnD5J5NmCy7pnplHF7hRiasK0YyCG
- 2QcDtMdgq2AKkqRjaQ3r0kBblbNQbU1KMhVfww890wYIJ/1H51ep3IkCw9L1i/0C
- 8Z9mBQbUBGW8k6Vd4wtvnPYs6LNBXHuDX9qZumClEALfdIx/WIQZZ5OIhB94FSC2
- 06gP4pgMFJb+dgOrQU6Q46y8rRsArEJRkQBS0m1Nd5hTxYi+O5V2igbi2vvMw3ij
- emA+nEURCJku7/qb7vXhtfUYCK+9XUUIHkW6IadW5hRqt0+O24tnOsoj5yZWdbbS
- 2tpH44F/lFO5VRhKkKVy+j9D5+WXsR2NLnujMpqLVezIZY+5H8QsNp9+nPXKaLy6
- kfg86Ou4C0gdOXY3M9h+j6METzPOehhPcU4Oep6uwdogFEP85cQH/YubpX/xrTmV
- VcXJPfYsDoR/SEvCN0ZW6HBRbXs5fJrCZeFwvAG+ytXJ6CY56vp9n9fHp1n1+WuE
- f8eMBJvWn9IaZYa4fUKNPp2FGj5eCRS95onmKngom8YL4nzEN2qRQ8edF1Sz9H78
- Osshh5+0JURhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz6JAjsE
- EwECACUCGwMCHgECF4ACGQEFAk7PxK8GCwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2
- LNpn4vNZjlAP/0QmueyzFVNlUC3855fh5yDLpnucSwCrrxBZzudRu6bMbd3eTNaf
- 2WLnIstHqQS+PWDnDq3tf2k4btROqkJizSPDvajME+slM0mTyuTTT9HbhE5VfgGN
- vW0FR0sS4id72VLsycjaho1NP2/JNXTs4tz9qisq/eHIjp2vJbjcgNUBdAGoUvsf
- 6I/O3SZJM6j64LBjUbmm6yZZSUtQCTzcB96cEkKCPoXRatzFj0xHEGmCCEFWrTuH
- KczbC6VTgQfGOK3N9UeaSplrR1mEBij+M51T4rXqQvb52ko/L/UoAPNuk0TiRQs6
- YvQTy16cQEszkJvxBZUTS3ifSmEVfaWt8f9sbVfeWPm5USIG/HwsiNNy977wbbao
- BO25C+3rC4W7rFKqzYsRXnKKBWiTVtDs7gvQBdGqWRwJMj1crTDFgI09Gn+N/Xth
- IcC/STvJdDgaomxuv9oUqM9QMm1x8jVD+4nnEYPWpV4mtxjoA+gIW+Vv1PGJS+39
- +dlA2TEtDzJfGPE3YF0jjy8ycqw+y9ar6+nnspyrLafCUybXCafQ121+F+zIVfR6
- KKr+Xy5bdHUVuRWeP+EfWnaYuevRoMsY+29eURO6hh1S1ZYukpANJP7Nu2onAPOO
- P2e8X8TF23ZcYcON0/sneMnnCuWLQ/Z91ZjTDu8BjbCYPWqgUuD6f8Q2uQINBE6N
- cQEBEADahf5YXCjYAsBznLgpRFL47H0ThjvxJ7LX/bCPTo81X8T3u+kd82AFr6qN
- yc/da3mVBJ0HUMqOSGXTnT6ncvlxe56HaHX09ZWc9yONa+LLhWMvHh8cfS9Z6fH5
- I1WP0DrtLRofO99K+gGE8GflaETIoqGVCcKbHwcmBmyfJM7OcYbBNq1vMj7vsF6I
- VyYGsGCmLoAwjuZX3gO/mZSwiJGY4XHQQx4wiRLmhxl/HvcCiqNOZy3FaD8s+KBZ
- hXoOeAtj5g0vQleRcoLp6fWEXBz/eSaAC3y2P9egj7CWjsQ/8ky4dEq+96VD+Xr9
- GE0cKVFfAPDSCbC2cHBfFbLBDXlnizLgqBWEjJJ1jPAcG5pcdk4YlL0Nh73Zkp9E
- uB9nLs5bLsWsmcNBCsHXkgq/GuDKzkWzmVhgQ6YpdIM0PJ+ycmys5mErZjkU942R
- JID9xpO2tIsBoWQT5w0nvAOejjjoSFMVGIWKRwMpNyXo/MQ8IovahZwn1B/1CQgb
- aTP5unmAgyYgQ5bKvf7QVoFB30tu2SX9c8Inx2ma0tpI82GZXmEA4Crgok1q3LQR
- NO7TVEmE4I5c37HkWW7z9oyO59KZLI6jCQKcIZnTuNu3viKf1GC2fy26QgdnTZFI
- 5VOlfRYbVzu/V7MrAG56i3lZjEJ7uXhBPNugxMXtxoegvbXj8wARAQABiQIfBBgB
- AgAJBQJOjXEBAhsMAAoJEGN2LNpn4vNZDq0QAMeOdXlaM4pLO6spFxElkUK7YwSD
- j2oaI3DKDfsMt5Y1cM1pn6DPJWFE0+I3HG7KuNj1ldcxDQJ75LQclgS0SJUkn3kM
- AFkZRcpB2rbXYpUoN/9dZyiPFj689EgqooiQVVv0mbyrnDMJIlQ3oj0DUGUfAY3K
- XBVSameDnIadMKsPauwWIuqaT6BookoVYajEG7meUs4fCIG8Kwi+Yz98dFScQbkv
- YSUGC34i9g+35KnQ6ZyY2n7hYQHRizfkuYOPk9iF8YLMaefw+SDGu62EH+eS5Ip5
- crNwNAzjdETHRs3fNVzWxHt4+8KYI+nRBBwSeQes+gx5IYPaBJ9u16Bb6ygK84GA
- pgxdYBT6d9O8GST5VSFFVa6bZDW2Gr7MUAW6O4jFLrflZx6qqef86AG/2y36pZgr
- pfTg4CJszLSncTxuLQS6fKxSuaoB+H4Xn3U0nWDkpmG8tHCEWZkPktBcDebp3K+i
- BGH/00oy24sTQPzj/m3z4STzBmMFyIo7/9Md1H0PahgTYbVDquDP2+uEIh0Bh4sx
- bw5VudBxre4VpVxMLfun2alD019JN1nTsCLsvknb6A2zyEb/bK/YArPkgC0eK/uG
- x+tSCVNJzJwdmtyx6lISsuRWgamakejZAQJ1RsYey4uxchVoIBosEr96HGAXC6QG
- qUGpmp4gd45ZOhyRmQINBEvFfPcBEADU5bFOcbVCBDsTGq3D+8AnA933S4iYvxPw
- Z2eRaT415jXQs91wNTpVwgY3xRzkjThXyt6FV7Cd+BdS4YvGHMvqKZCOgVnrzpxe
- Oqy7GsC10yfU+dA7GvZiY8hm4tw/bdkjTsQQeWePgWoCgmqpadKAn4iGh0u3fBZC
- 7p4Z8Jsf02yqUFIy48OxKf/aeV8W5sTRr1m3HDmbjtUw/UbUW761GIgR11BxcPIa
- MaN7WAwKHNpIUqjIZyZ6z6tGGQ3fRwTAJwi1SROEU74DgRtRHn+pu2kp0pOsD3wz
- 8yT95gL92CC2hkitTZB4+3uglmMvuQ9nwQjadPt8as3fB2mfGK7c9tLXMIq8bmDZ
- w+mWU/XRbU4vrCdQVyWH6LUI28/Wnj6LUEC6hZOnmiLSll3bapo0eca3LV9NVp0G
- aNy8QX7Op2KwE3mWkN4F7c2ZyGQ8MaL6qLlmE63Qe4QFy5wJ4H16NCvXHqGxm60b
- nJy51NmQJGd7YQeDa5AFbgFJ8V4Bg+f1LfIeh9rpHKiuZRPZDs8yxs0kFOQOjZ4u
- 5HNn2AyuYvibT1CXj0X8OHzXpQ3SylBy+LE4xEnt6JPkQjXahwEwTotUxTJbu0fK
- 9UvBB4mqzITs270HSowzEofhc/5YJSxlxQ8a3dPBBRjzUeTfNN6gBrEV/7YalfDm
- xHKEyFHepwARAQABtDtHcmFlbWUgRm93bGVyIChLZXkgY3JlYXRlZCAyMDEwLTA0
- LTE0KSA8Z3JhZW1lQGdyYWVtZWYubmV0PokCPAQTAQIAJgIbAwYLCQgHAwIEFQII
- AwQWAgMBAh4BAheABQJWrk32BQkSbZ7/AAoJEK1e27eT7FfklXUP/2XzrCgNOhRr
- DkonKQddWqzgz9DXPttmA9mNeXAM0gBDcnNUhFXiL5yjRyCmtmrjdiv2GE3yE5Xg
- arCoyb8tTve1Ps9ouzkbHQomDOdoTv8maL+p7MovSXr0jcJow9rVIdSP03BdFExZ
- u+H7nXrKoSKcBFIMdDVznMOGBO49Z4dXFeDQgZ8xafDpB0KqCHKMf5PNQ7iQ77uv
- 3lIVFvX4svnPP5t0FEmFmwZ0YaKbRoa/I4fy0jHCpfCtEEtmrUuKIuQt8uzpYpo/
- BnH/yqXp/ajJ7x/P4n4IbLV+HSkX8Pxfh6ABeilHKvwmmNKYrNl2vCnYzUyWOyDF
- SEySxHAEN6hLdrExZNXDaLh73QKN/y8bl4sh3Ehml/DBhbktGteUBHt5M09OHvu+
- AYLpYx0iZUGzUd6hxkWlkJ2kPeToMcKfRLNGT+237VAvbGaNrXwFZXELwaptL22X
- uu2Tfn403/aD9ssk4L2v7GwJPeTQ1U9xH0742eWJf7OX7UMUoCG2HJf7Sg2nRtIg
- hK531cE1cv3i35EOHeVWClTeX2kc/9hwgzXAMWKrEe/3OMGPHQNNRsnPCsJHjhUY
- PRvS1pa6k1nuid8IZEeWskDT2PmSNWJQay9oA2ojcFua+UC/29upvBqO0O+/CtLH
- YvinLANDShtEZJ42rwbYEorT6OO8YIwbuQINBEvFfPcBEACtCHNuOn+pZjBOWmW0
- rqCnN9Oywq0h0Twk/UsqkhAijImgXrZLMoeylGA+UIsnuNl6e+x76Ke2z6H0Jytw
- IZEi9EqqZa3UhpN7JQ0ddNzkzE8tvYdicPdcXkZ99KBcHoPd25/N3fNJWJmbBv/b
- CQMW2J/zRo5QPokOjEl770xNS9wcXmA3ptTKbyzfQ4Wh8LALrJ3F9vZw8GsZFAmF
- NeMLCJ4Qhxk3MjCoQdzzRSTYEu4c7eYbE+biU/ZUgBMJH4Ed4urhOO81d9dDvf2C
- CdcJdftAYy/ACtTeq8tc3YzG+E4J+uplxxyD+IFP8U8Q5TyWdb5AU/rAWa1UdpwZ
- IQiaJfy4E1x+ac9BHAD1BZaCMv0fTcPxYm8m67GYUfFqRaI5Yd9sPvuzF8IDs2bo
- Nl5L60ce8ROOBtwRGp9daOHmhIlRKGoG7FPc1dTGjrVd5lWgzet+CHnWZ+HKYsNg
- W7cDo52Dwa8BjenK9OUxvzTNzwmz97cCioufv+ysUS9DY9tl7P0eHR1tehTM7HSA
- n/lCEU90j5/f/ozwBR8cDF8lLSMXlKybudjHteLFA/2/HbzWIEWVLpckmu3Xxpw9
- EF9xoiQmbJTmkWEIBBSLAALYtuygBbiGUdwPBeJQQUYliNpdgrwKXp9OIB8NFK99
- DvG7xB61569hUaekwnmB5uEU0wARAQABiQIlBBgBAgAPBQJLxXz3AhsMBQkSzAMA
- AAoJEK1e27eT7Ffkop4P/R97j+X8zfPt9gsABnU5zHtGS6jQ9Ahax+q0Dx0Vm7Wv
- qH8DC7RsSGp51YflfS4S3xNVGtQTUSV+z7H4cFUSD8f22RnubLUKOplVup6m3Dqz
- /Nosht8sU5Yo2mFmRNMFGo/gJF6vtqX15rPpPh0gHsEi3Toa7qzegnIVfuU14ZND
- tRnn5OmuJfFP9xO1PxIwqi+GaY06zkKbcmSw12xOwOCEt8kv4FGCx1FiSrFdHK4G
- fszvtzOG6VPbAROnERG2AbGQPXO0+m3bfYxSv8rxepSjo4f/1sXbVAX5AgH8wtcs
- iZLq7D+UrTdRe27dB/PmN+L4xz9UEmU//1rLzxOBfyWLfITF+65e4QZkrxIwVI2M
- 4AVB9pAb+fSMmWMb4IU1tuSkeJT3k/bKeWdGVbXrDiSgd6XChBeui+Td/KR0Hbl+
- i3jeDm/6tYeCob4XQ4nhJ3dI9gI1S4YXJgGizhZmiWqipA41b12rQAB6ieU6aE/N
- OX7rwcNGaCwbyCgDOQfR7fiqxVF2xA8som/asBwAUWFZIMEhfijsn7fpK/7uGoN9
- 2Eqfxvcwr7Rkp+bhCS6Wg0q+bgBn/02MB+9Uk9Yi9O7/DI8CqpwsiMzZ72ZMm4pT
- Lp8WFmqbxePWSxr4JA6XmApmC7sSlH75melFC6MCwaxpoRMbeH2mDhAfwbjXSPMO
- =XUWN
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
++mQINBFSu9kEBEADiOZ6fVyrEyePZIg48FXmKCqexKWOUIAOYLwyVbU7OjNrEUmj8
++Ywx9mMQACJJPcgUjOTxgGi0N9TBJpWlFDxAXPRdPr4GsPAq8wh3uVncC5qpaRdPj
++66/nZis9U3zuRufnYwuhQS3GBbFrV282aDz7DOwFUjrc56nfKj16i33lIgd6oNCP
++7hHN3ZkSOH+bcAdyhmX5jvVv3OxqF6uq8GAHpCkE1piERdcAVkZfPKdf7pbE0pD2
++BHGewoNmRucm8E7I4vP5+xUj+VsadJfJxD+FXDfGDfRtce46RiEh7VJHPvxgBoCU
++Gnvqjc/4z2gkD1LE/yPpdaPe+UG1stE2XV5ReXUQPxL3mMZXOai7QjTwcYlGY4YC
++YRhCMMkkHxRHpEefibTIJBlmChxcIYRGBJE2Y8xQ5oiyQycGqgJ+oSJ8ZLUBOpmB
++i4SKT0yjzB8cIB4w4ayOvp7DU0Y9+O/NRAZFQ9GC+4TlzebpZywMmSBMfthb0/xP
++hB5uh5VjvGnCQCn1J396hC+lcZeMQCQLl0mFodcpu3GvGUsdpXtxOnXv5VqO5/iz
++fPNeGNCuH2iOI3IRUEN62yjDM35TGBbJsZ4W1d56pSZSAumhXyI6Nqooj+fbj52X
++4ljnW0fxxHwMb3c33Fgv8IN6uya/GAhkRUOum9zf9gyEJZUcNnRmqadCuwARAQAB
++tDNIZWlrbyBTY2hsaXR0ZXJtYW5uIChEcmVzZGVuKSA8aHNAc2NobGl0dGVybWFu
++bi5kZT6JAlcEEwEKAEECGwECHgECF4ACGQEFCwkIBwMFFQoJCAsFFgIDAQAWIQTl
++yjMdRKuOTIBv2+4mEBti9pN2zgUCWmhlwgUJB6KMAQAKCRAmEBti9pN2znltEACa
++MD2eE28dV/wMu/G/3u4uJ6mLvb6gH51KC8KKUG2GXsnp3Bcx6RxEnsktOTRG8Zdm
++Q8Xk1QdTh6sREug62MgEKXPsNudRxzcMteISyvYAR4RkrZuHAHRxboRxB317AfFV
++iKon62bFvygOgO4MnTgfwXr7Zvm/gPONzFZgH7sdTICQXOylgce6NKojdM96FJ9F
++39A2hMcFGkzrGKWvnEIRKPngV1oIH+qfrRjNXiaSvHxpePkp/QFGXzjCQASEw76h
++2x9YytkhOkrOkFVFeuwPXCyenA3w8XOfzkRku5nuFmyeOhE1wUdP1zXDSI+5+rc/
++RV/FnQ9z1XvTBL2CypLJWANH4qWYF8cqvTP4RZBB5nTof/l9gF0+7qASYwEqplk7
++0MZHCjgadi4SB9I7w9j5bJBndSeNZPYc2w1eIPc6v+FM4BLtUU7VnTVfdhX0TY50
++iV7Y1rF3glJbWTG7btmEGRTX1GZWJcfsS46jDKqBW5LEC0WxtNFfPn4La5dY/VzC
++cVxyZdsz+HxKdq23rNZRLdKdSrTAsGgjRJIBevVa2fw2q8YXRVwtWY1dccr+Fxmp
++kSamoAlLH98HNUxDpkr5aaI0h8dxhMqX15esqW4UtdbGKxec1bC4AbJHzyCTNckd
++naDR+/umd0Jh0UmgccQzQuAy5X0t76Co6RSOMigqsrQ1SGVpa28gU2NobGl0dGVy
++bWFubiAoSFMxMi1SSVBFKSA8aHNAc2NobGl0dGVybWFubi5kZT6JAlYEEwEKAEAC
++GwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBOXKMx1Eq45MgG/b7iYQG2L2
++k3bOBQJaaGXJBQkHoowBAAoJECYQG2L2k3bOrfcP/Awnvbjd0ZRBsYeGjehzDSBk
++SeTMalsX1OGVeY2Muq/bGwc2MUQNOuHLXhpO0h0R0uaZOj8AqI2omP+kfvIIAp1l
++hH1cS+wAuJRMGimOJgaqcXBo6EZlCsA64dK+vcAoZiKlmQaYxKvXU1gv1fDcUczP
++b6g8GAPPL/3XJZ7TbrAgjWX8hWmveJAS1T82EZ5B6T7mQcSQfcPwyMLikdgxT0Wf
++G9peOCFXf3FbiIoElK8tN3xgvFwMc8znv4A5eV2Xq43ZpDV2WY6KphUxSL8Jozrr
++IdsQSp00jLkh31b9KGHN3Hwi4ig6A5zihxFJFWpqBpWbaRR7J8/YCP3uo3/NF7MT
++uOP0OuJ/7OFnpT2laDtNtg+apxnJ26zSCvcgUbhxmWPNiRVK36v799jjVpJSsv49
++or0Llnk7iZF72S3IEIx59EhpQOha5KbhKjjUBlEHbrCLFaRPgsU8SVeu0HAevBY+
++O23oXjW0OswgSAUDADICGj6CJEvz3CwVuSxhDjHUurIB3oSw2KQFba6pVbPyq2n5
++JJ387ZD6mmYrXJeTSMptPoWXxqCB2EK3eryp/ns947yIpyUQ/U0/chXpcV0hCafw
++32QkrM41aej5/r42TwOyFVUnPZzm25BzLEkx1m8FcQJDkrJf6XUwiqzcd5KpB3hl
++T5/rF40Udw3RSryKNB3v0dHq0egBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYA
++AQEBAEgASAAA/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsL
++DQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU/9sAQwEDBAQFBAUJBQUJFA0L
++DRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
++FBQU/8IAEQgAYQBQAwERAAIRAQMRAf/EABwAAAIDAQEBAQAAAAAAAAAAAAQFAwYH
++CAIBAP/EABsBAAIDAQEBAAAAAAAAAAAAAAIDAQQFAAYH/9oADAMBAAIQAxAAAAG9
++fPO/GubSEtBlGa96w7AivEFcmWBP87YnPpNAfdeJLIrVB5bw3TDYD3w4bu2LTZXY
++acWOgVnc64Pf8Ec9x669KlsTzp6t1iYG/tSFU0r7naLuwuQl12uih5tA9jqX6uq2
++jvAzpGF6McSNYyGJiilQ83NYWhp/p61ZWTds7d5z0VM584dN0L7eKFnVdTHT5L9N
++lFkLJva35/0DrrVIVyK3lLNTL2PPsXHG0OOvT44MFAwd0xttYpwTK1Q38ZNWPTkM
++3fF0OIvQZknQrAnUwPMrh54UPTFkg+osm3wFrVWJQNEvXACUD12FzzDoYjPXeS7g
++nWSR0nGJtlalBxLL5HGT12juo6HcKX+skxbGBn/EvUTEoWDLWe08e6Foxw5fK4kD
++5o5msxQloUADLA+1dXbvUH//xAAmEAACAgICAgICAgMAAAAAAAACAwEEAAUREgYT
++FCEiMyM1FTEy/9oACAEBAAEFAh54gp4AvUZvJ8dYrKN0sFQz7ztyx4H0EEdgn+AV
++sX2K5xi+MsfZSAxnq9LIzmSBbDrKZvr20zWWNhGTtuhVrgymkEXBTUUEP16Hjdoz
++XaovSqyv7Wdy7mp019t/4ZaUE1EkNSPWK3fUv4zdhDteu4LYesShtWHx48tCNjsd
++we12IVFoxOzQbWEa8m1j7PtqjS7NtA34pW18MuyE6hX+QsDaHjY0G2XFto1jW2l2
++AM5shS9iWprwqCszeskE962zirt1Vu5q2ddQPrfOlzY1Qa7cTYzSMVegV+qKZBra
++ztqE4yxFsNXuRva2xHOTswprhrbFx4EkvFtlM7guCwbISTYggUz0un4y2PsEWBYb
++JV7n5fuqeLdGb0W85DjwH/U/nIjETZniFxAQMxirnTNeInc7CEBH0AdmNqlVeEfT
++md2/Z53xGePqk7HP8g5o6/v2vkyYXduNJeTONiKtYOWEOePK4R2EWDni/wDeeTf2
++lz98f9bP9dfA/wBaX9LM/8QAJBEAAgIBBAEFAQEAAAAAAAAAAAECESEDEBIxBBMg
++IkFRYZH/2gAIAQMBAT8BSxkqhfFnPNGIrByOxd2cnJUL9stfZJR7TLbwjH2Pb+oq
++TF/dmv0wjPaOV9kYOZSXRQ/hh7TXHZtbR8SXpx1ZfZGCiqJad9Honkaa4EbWSXyj
++ndIeUor62STOBrriNcskouqW1EVy1IxIZPTjfIbjWTng8jWt0iMs0KHE620MT5M0
++v0q+xxU0eRqLRVEu7NFf6Kx5KONM0pYJan6S8hRXZqOWq7EQbjIvOCtmKbHJsorb
++ojK1XsYt62hWPavatn0IXuW0tl7frb//xAAoEQACAQQCAQMEAwEAAAAAAAAAAQID
++ERIxECEEEyJBMlFhgQUUIDP/2gAIAQIBAT8BpSxlhq5DFv03olRg+oK37MZItdWa
++MLqyKVTF+74HVb7HJkYRlG6J+NWqRTUbiozo1FCcdkqcaZOLqO8dHtTJSVzrQrJW
++IuKj7iNWUFaJSpQpRxpxsjBS+on4cZEv4+pD/mz+nSppZO7I04LSJUKc9oq+P6c7
++LR38opoSb0KDH+CfkpSdNbRlkyLMir7omSnsjSim5JlhuxFfY+XL7iaL20ZmSkmi
++FKVNJD/BcZf06U6n6LnbVhNofZHxHVpvuwlOldNGbkrF78eXb08I6MS6RdrR41F1
++5dkXZWPM3f4HjcXSMhTyjYls2QoTqOyKWFBYkvuVkpwdy3Xei/C2OCexRSLsTPgq
++fSyV7/ji/CXZLm5LRPLvlbESf+HolzFEnx8cyHwti0S3w9LmQz//xAA0EAABAwMB
++BgMHAgcAAAAAAAABAAIRAxIhMRMiQVFhcQQQMjNCUnKRobEjgRRDc4PC0fH/2gAI
++AQEABj8C1VvWUZG8RhmpQZZ6viUTp7sLdAlundSLbQbiOql2GgnXK9mY9Wn3QqNv
++tHqJz9EHkWNd7xVxfAHpRxCE7x+KFy6KMCcYVwJiMoAjXM81YSZ4f9Vt4z6uqB2N
++XkKjdP3TA6kwt4mlWbP0KqsqU3B7W3Y94KnX2l1MiRjVNe+6HZDV7Nv0UFlvVuFs
++HP3To5fq6nqsZ5ZwrfD0Kj/lHBUm1m7Jky5u0Ex2TfFube2qbalB+lv+097GWUb5
++ZQ4ALOvm951p7yve1k94V7XXcZHBbO51Dw4/l0d2e5VgY2nSbmOyaGez9DJ/KnLg
++3QLZk2nqVLTLVJT2YBdjKaTdS4YCDKTczo1EXFsc0/ZH1cUQ/dB3TH3+35UGAOSa
++9jJcNHoUaxEwtrScOyLA8Nd1WyfLGTndmED6qg4kJjKb3Y1eOATWTLCcTwXhWM3a
++IJbnjPFbd+eYTphpbp1VV7ocXHIKLGkbaoIps5K5zpfqZWTFenHHgjNS+dJQm7av
++y6Gz+yItdBzK2o3Xg7w6qnvfrgb0c1Lt1HfuJ91uq/iK+vM8Ft2Cze+kqjve0ZaU
++ZkStLD1XMoEenQjmENk2uK54Mfa09UTUe6uebiY/ZQHW/LhC+Z+JVGE3GJXhqjn2
++U272vRNHCOC1u7rGDy4KVf75bHZAKSroXrjpqgwzZxtQtGQPJoGpMKx2qzlFABQc
++qeCc/sPutbR5eFZzeqQbrZJ+qY1pha5KpPHrqE/QeXRMd8dQKXCR5UOzvwv7bfId
++14T+n/kfPwnzD8o91//EACUQAQACAgEEAgIDAQAAAAAAAAEAESExQVFhcYGhsZHB
++ENHw4f/aAAgBAQABPyE9Z0rcCdB2bi2gtW4HmMjIVWHuYcUCU5eYwoKFP2hBbZQu
++19sFWDFwPZOZgcDQquaH+Yxs5203VdHuFqNXouUu6EZ+Z1hTDzTyxnM2aDHT1EbU
++VngsBSjk5PuFkJ5DWp0M5q09Mths3DHf6UTfwkPHrMbbXRvQOEmjDiBef7oFSfCo
++7F8nSLaqvShWNQC6XDUeXtNSX2i4ae6lqNVvt8EfJrA7V0fcxG1jFyP/ACV9cKBq
++OiUZC2wXUN1ApsETZqunJIbCqcbC1m/dd4h6PcoosA95waBemcygowzxV8n1CAld
++Ax+GOkInmlb5kcXOqMULtdvdZzsfDvL+5eXLDgwcETK42ClB5gsmWhGyDjvAo+hw
++1rIV9xwyiycHKe4fkg6SxlMs8Vz6mlZG7809IE71q2QhtMSziU80qOcS/wCBscTU
++FAae5nJNf12vZAGlQczs+e8aURa6ew/GYQRAvyXqXlqPNGre4DAcqcwxTNC4oUqE
++bJclbiDq9rKPMLLuULL4ivJldr7qiB6YFVL8gr8TptMS6eyMT0lxwSMNwp9qE2vL
++aYjvXMHtP6jsaTjgGggcJu1d8kFcDC9Vv9TEDAt1EJs+D+J9kefEfIF+uQ4kBP2G
++O5AgTyx8JjS81gCjw0bY3cFQ+JV5iroWcvcomXk7O8cl2dMyCY6tvK8RFTCsu+0t
++eB/bO9OZeCphaTSkz8OWFmWqmDiurNXKDVUxz5gmEbUh+U18t/mMXgnTEypbiqsw
++6syzAGjrHFnPuRKNbJhRgUl/lgr4M/qH0ZfZhCE1tqWF5RdHUDxi+X6m59xaDSY6
++z8JCaFK2E1n+p1z/AGeZ9H8d8/DV/m13h//aAAwDAQACAAMAAAAQHHAkhuHnIM0X
++SVXk2hYx4dFqqkUj87TBa9n+afigH7l5i9yqnkoqIre5SNPbUU7e8//EACARAQAC
++AgMAAwEBAAAAAAAAAAEAESExEEFRYXGB8PH/2gAIAQMBAT8QJY8fHUttqO9u11G1
++pn57i0lUztYjpmDC1RtJ/vvzGVqhZWAwTm+S5AAjvGuag4qpoYZK6xBsVVKvHc9F
++xssZsNUdOxiNrVDNURCUkbmtMAKzN6jP9+Ro3K2JlQluitTtDF/XnsqCG7gTuE0y
++SzYzEEDMv2NsuS+6IktRiSqxBqcMtqULuW7FV5GEJTD3KR9t+iFGI4DdTIKIxu55
++8TCDQ/sMDuUCEb2bj6lkow7UclYgA7llruXDRg3PeBUHccjqV17gVDq4UPuZFMIV
++7U6HmWIXeZpANE2LcB5GDCQbXBEcJEoiomU1KiGY3H93LkuOYY8umbnDpRNQezUM
++qcumIHPGsORthO4bQ1P/xAAnEQEAAwACAQMDBAMAAAAAAAABABEhMUFhUYGxEHGR
++ocHh8CDR8f/aAAgBAgEBPxAGWhXj2uOieu61TMeZb0hy/Dc4lXFTKOT+PxEWfb48
++9yljhXxEJxbivXj++s0HnzzAbWfEqE5y9e3x94q5OgUteh4ilDGel+rLo7eeePHv
++Auvbfz79TB7ZCbx8fDXEVlJXiLjXOZV9/wB6ll8lS3giEAPzH0tr+9wAQTrd8k1E
++HO5sBzPacX+2fEwD1X5/3KVlH7SzUr9fecGj0uD16QLMNehi7WZ7GkFi9bELz+1n
++/ZyJOuiIqp0Yi15foXLB+sOdyK0snlFN7GGXfVXn7QKdQlYrbIFfmqfdgTmLY8Rt
++ouM0Tm4eP5ii1nv/ABFhc/M1yV5yWddv3fWJvSX6qDVUUuD94YDgjwlsbXiWYuu1
++ikmqqXS5Iwp+Jq2ARzt6lANr8zKjIZdC/wATNpBjVTGJoAgthUUy5XyRbRFIC/NI
++NcQg1lyZkqEuuoMiVVLHE2XOJmTJeoQ2XCGNXKgbKFY5QR3mJQfX6Gv0X2o/4lfp
++P3ncOPo7T//EACUQAQACAgMAAgICAwEAAAAAAAERIQAxQVFhcZGBoRCx0fDxwf/a
++AAgBAQABPxCUBCWAk8m945oGlsQalN+ZGw2ECd9zQQNzsxJ8GXOmKEjFkyxgQcQ+
++ZQEQmLyRUgMBGQ/Dn2MR5mTXYGgZibmeIMVlINayjJgqHH6y6LMN0kG5tGGYwsio
++XfaVyxhhBW4OFS/b8YuvJGyFPBN4CBa0SKESkjAu8aYmuwMtOwz/AJwXCcxJ7Adx
++9Y7KAGg3C8G2zcc4rIY2hYH5fqNzlwVTAoA2l+O0MkAZCKJIUiSYoVvBBCEBrgiw
++sKSRzlDgqv2M9tJw5VZocibdDM6JVvKs9CCIpCXTNZ2Y04tyRLZunfVYPlAK2zwX
++Hfxg9FANFHUsucm6Lgjin4cTkQ+W1rpAJJ3gaMdwQ1KFcoyNlZ7cMTOjbVXxjZuK
++MbQnR2rK5BiSzwTKntV65yVaC1QEKRAQCNFRluTDWhmuSWkQ0hkgJEp2v+MCcPT3
++ixFehj5gnJwAPiGY8weAkvaIdiRp5EZrxTqkYigJE6U+cCnlwd5kDwjARSogJarK
++FCsfjCWJRVIKg0LfgA4x+WIHpD9ivK41E0QCzpOMC2OmSs1iJxz/AMwoOFCWttD8
++1ktcZIkOARg5XPZjp5lYkI2JgV6kGItFG19eXHN3YbWUh2nZ7hD5WqQU1sSOeMM0
++RBHgE86x8bDCjOWpv2cnq4dB8v8AOCFKDbbqsZ4yFlzz4dTxvWb7UBTTcLl8ljgT
++KiRi2RwmHdMVgr3HejpRnhMPWE8lASSO5wG1MRdMelBXBBh8yYFRGx5iNe+YgikA
++EiRZ0jWDKpGjgBPMWQ3pGTXGhzKusGAB5oeNER5lONEQOShhBE/IY96ZaMNTFp/W
++UBix85oB5tcYKAEYSW4eZDKB2cgJV0xJ0icGD2ROsJD8WJ/OPY7JpXsnXxORpkBf
++IJo+0e5CKdoDhLtCNEr+cC0aAzIAQVNY4lH63ojxD+cnNBQlGe+OoxrKsBE+J0n0
++MFwDcGD5D+sv6PTba95HhBwyPgtCSKOtgYkbDJMkS0upbPX6ylD0FfZf7wO7B0mr
++mZwTYyVY2COq/vGeuYqZxJqGFc4ERwS5iE+LwNUiIiD4xTQrSDlTZg2kqyz78aNU
++dB9L3iQgNwcBo+8OaC3vJwOaFA+ZwGgwILT1VE+uVpWRTr0SFXihhAmpW2N/qM72
++dvOR3ok+Qf8AuHSQRRJzA8cRsxtVv85SwUvgcYiANqODFJ5dSVhk3wA/AwDaSYf+
++MON/JWK0kneU2jzC8arwrxZtC5JIfQ/eSsO8/onzHUJkK79xsC+Coko5lcNjYWVi
++tI6OXFemlMcCcPuGgEBLvizNH8FNf+152Z/Sf2fxc/f/AIf990z99/bn/9mJAlYE
++EwEKAEACGwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBOXKMx1Eq45MgG/b
++7iYQG2L2k3bOBQJaaGXQBQkHoowBAAoJECYQG2L2k3bO1k0QAIIrNpPvClBQaHao
++IhXRp4xAUG2pGNFlBbroQfRZYHqXXCEO2TQYZBgiGiCyzgTKBYJKiZVdTjcF7Mf6
++/mYe54YWxNddVpjMv6g1wAEvdMh1o4V33Di0/Xp/VWjzUIsrg9dpVutYmg8SKRZO
++b4QGRuLi7gZZSzlniu2YvTnLUZ64/nT6gAKNUP/tTvbSgO7FcunwwhPuUoiwVP5E
++7stvVfA7e4zucJdvmpTHeUP+LV+AyVWAmTua5ytEtAUOLrJHsPixGVKXNfij2cYE
++1EIZ3xyVF65uxC+41Y8wmjfbZ+30rTZ7pA2/dlhEg7LO3zGZ6xH9Ud0HIe3zY3ce
++uLdsGOlxBZrTePi+Y6ltLrLwzlkaR3+BvqP9g3Cb5m4G6y/KAPH4QeL2Ych5yITU
++qu7eMIjsoJHxy74fSxWr20vLW9rjBEFhZUxZykHEtbilFZdo++VuQqNKJLHlZ1F2
++P6peoWZ2wZ4+vW4rr63STYyQC8Tyc8Ng0+ftvG9pEyfxOjM6wwYVw1jGed2enSDp
++QRd79nkBgm2CtUPXjUwhTxXO/0ZnpIX2+0wBQuTvS4+2QnG6yKqdo34UfBUpifLo
++FUGd8ks1fc9bL+CrnUgFaN6nEJxHjlsihtPQG479R1gNEYLaOrbATHn2BgC8SN3o
++ChYdiVbWni4pUuEIItiFEIujlQN7tDpIZWlrbyBTY2hsaXR0ZXJtYW5uIChFeGlt
++IE1UQSBNYWludGFpbmVyKSA8aGVpa29AZXhpbS5vcmc+iQJTBBMBCgA+AhsBBQsJ
++CAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE5cozHUSrjkyAb9vuJhAbYvaTds4FAlpo
++ZdYFCQeijAEACgkQJhAbYvaTds6yqg/4mANG2PHYlugP5NNdtfFHxM5VwPUSCumW
++BB8cUEW7VQYhOVUukzAFywzxY9rczSWbpDZwOlTZkB1EKi3cA3XoUR7p4+B02V2x
++TMm0YF3FMmKKXzKl37iGRhhPWrrrVLixnZ4Vi3YRB7M34Clr2+7//sLlEh1rZ4QU
++sRoxgSj5NGJGhYBU5DXjoJqPFWmRxC5hhelxSq0Dlbu9I0aAWIp/IbCkfIyTT0og
++IIVOF5OwvBOcey6ZGuSYPWu4v2F4QtWlUZD1J4Ez48hoOnJ2Dx0BU3stg2pkVIq+
++eCkMyAkCU+OKpvI90B3rFNPv+aFwXlYFJKh4A9wpGr8r57It8vx5IdY/hjLI/YeS
++D1de0vQ0xgK4OqJ382J479AKuGEIsHQ4040PD/xYGECvmmruQwQeiq2uVGMvN/oD
++R5gM7HBc/qqgDRl+GIwwhqjJaNnmDCizdoevXj2pCZ7mD+SKxyExRwxD/Hz/ekyt
++I99MVs6LqAbLQZGxBmxRACDZA/enAIf0vyjfVf43Ye2ZcTRqkvLcr54acLVJy4FI
++HU8BMwzDaAY49wgfIVtoMW1swFnz5t4XYN97H6PtH4sogNvEd1E2Nmnm/yTubocV
++ruLABq2Bium1A1cREMaURACrq8QH9EBsO8vjn28xhXxNVGC4NFmI33RlBvSGkA7l
++OHqaKk8gpLQ9SGVpa28gU2NobGl0dGVybWFubiAoSFMxMi1SSVBFKSA8aHNAbm9k
++bWFyYy5zY2hsaXR0ZXJtYW5uLmRlPokCVAQTAQoAPhYhBOXKMx1Eq45MgG/b7iYQ
++G2L2k3bOBQJafrGjAhsBBQkHoowBBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
++ECYQG2L2k3bO1AIP/jaUoeWDHD75+6mg3fsqepXkf5NyZ6zrpeCwYfJBInknbA9Q
++OJH+uHWs6U8NIVTKpvF1bNWK/swa/9oG3igr7iys1WirrJCsxwc9px9BIzvhqkG9
++EicZbBCRWQLFYAXgi/2iNXl/SJ9YKO4ofn4P4CLNLDDr2oNZW2M3QHwOl27Y6pZn
++aGQvIzExLwC13D6wKxMTEbMiT9+cGw7pUyZy6jSsSdworsZmx4jQFmIFm7WTAx3C
++X9Usy9fVPH+qYQAoYVpeEs+/I1MhOpMp50/AkOqfu5/qVI/s2PUxIvctTJSk799H
++nDxKaECslTLGbUKjy8iGrMexNvSLaVJyhV+Dsd6tSmknLRIcIvRV6sRaOTCmuhaD
++10jsXTVlZ3ww9IFtymmB+dNuNbQjDHLyIQX0n2yz4MYrmtkYsl6DNM/ugYBXzXFd
++s3TcdRgbJh4gsi2GCHbQEzhGzrLjoacSYHFWqIL4qdJYEGfFwh7itXHQJNyJ4yEm
++bDXVLTiMdnYIzQiRIIFJdPgHgTOHcWeR5ymI7W9vhnXhRaCaw2aKGo7s1MH/4XQ7
++j/Mb0kHvbLVtyWIyZS7j3uPdKA1pTemmq0jF00dK6QA7OgDmkKwfCe+Deptm5UH1
++wvc3Op56vNL1Dza7EzP42rrVSBRtCUuZFsDsH1UbQYoFb/54SblKeWMK4Dk9uQEN
++BFSvBSoBCACiWhr0YXSdZ07/cOsfhe851y6lKTqgWhkxB2hB/Hzs2jGNHh6nLWJm
++1itk2B7GzpLtreU7JoCYfTNIHDyInkLJ0qljulUV3aUVtS9Lap4fP9dVU6cJdwNK
++Ed9hQsGm32B64lz00aahKUXwmOnSHcfGtJMOd5q1iWvAlrEwKbPgB8LZAjCa3wV9
++fta82bmqoRz/uoMuABWFsUE08tFSnKEufYl8xpczRo8Vo++rBLDSt4sil74vhNd2
++/ryNGrwU+MHNxcGCxb25XeomedwTfIdVW/mkgXeWzxXbiOXuT5bB/S91scWiY9sV
++FaixpvCUbTQ7bdfVMJ2rK0M1qXuIcLM9ABEBAAGJAh8EGAECAAkFAlSvBSoCGwwA
++CgkQJhAbYvaTds4v/hAAkeIaaI76Ht7sb0BQyZlSaIt1xnRAmHPB5spux5sjmoYX
++rHiyqxPkW5UQWzgdgRpcI/8yT3bEGm3/n/2HW4qqvFOiIiwvsRh0O1NAz12UsAI9
++OKdvP8lFcbXdofX0gBBylzaZXAo1JHio+c8tQmYEisZ1QY2Ht2bOadOvOIzxTfkN
++ycR/oOPUbMgrfB+P6ngMWnRhZevl00abFTrd79Elc4Dp9l63hlQ43oGGigQQaJkf
++FDewvjdUsQpRoZs6QUEerj4jXN5ztUz75KRb7vOM1a+ym+TdNpu08MB/g4S2XziM
++dCkLzrcDN6E5xdP7rRMdML4r/X+7sLYHfI9Q7WAgCscWQGtYi7p49SPliyrFcOEz
++e7cRgbi+pQHdvfNuD7W8vHzD6PT9jRvpRfkaRt9gBWLbtIbGDugVotH5x4W7PJvD
++XGFRVanv3mAd/qlfRdk4VGgFSWxIZzMIkr4GEnMObqzAS1tIFxN5mx+cfUaYEzhf
++T7vfS0azRnpVr/6ufsqBJP4nPO2I7r8Pe4F5RUL/A4e4w1wjcA97SVJmneJfnufF
++513bhOKgXI6FcaMTGXlFvs+2e0ZPZwWufiFlzFQxqhspkOwZWL2kZpP8u9Y9q4jN
++jTp/6RL+IJ0NQdCGu3MSP6+5kXjFjZhgrFtOmJwLvout1bSJUEUJLgF2trc/M4O5
++AQ0EVK8G2QEIALPvDu71Ar4rVJu2vnCt577voM0Xv1fxrf4j2EvD6ZEldXcIifrr
++p/NqojrrqdAV5RcrkLrH+62gZ+o+f0qLedc6Dk2JsdFzALrJGLW/GgUuGw9hka0d
++S5F5OgakGpHFrpW3ApuKiNEivsRdL4kDCGsSwSlgg7QLKZccWZvangQ9ZAHXq6RY
++47cxGf9nW5y4X70skLBZUQYjSgrIQVD1A0VEKeo/2BKNTyrQdVldBZSvv6E2Z+Qr
++w4NWec1bUQekRkA7YB8E5ueBKN9P0RPM3MtOxayC+EPHfejv1JkiKbjtToliNOx9
++q9GMSReFok2RMoYL/VFcCMEjc1ohKZAWN4EAEQEAAYkCRwQoAQoAMQUCVNJ01iod
++AWtleSBkZXN0cm95ZWQsIHJlcGxhY2VkIHdpdGggbmV3IHZlcnNpb24ACgkQJhAb
++YvaTds7nzBAApgOs4kCGlqbBp3wByAD3wCvLYBY8wt5IqqJXu6/dzQk3X2jBlyxJ
++HmWaSdpcfl8IBVomDjHZGU7WIUbBEF6RLaBfvzV6v9682S1YG8AQdf11mNu5z/vy
++To+X1elsEKWNsa0KUuL+AzuT+2AYTDKqv4+D51cEWEZuCSe6aOHRcn5xz7UeKr+m
++DPH7+bVuVA8ALGu6HYOa31AT9J+S/Gx4Y1wJVWmlYzYm9kBAjoFhUZSIoM5w7VuB
++1ohLOnjv/ZKEknZE1DMoxDakA+O1NRtN+rdXGQkKLenOSSgpWRmGB26H+0oDpEyo
++9gJe5GKYHVASLF9FbAEaUA9uAKZe1oVHwVwVa1IwWzbDbOJvF7RxZEsABR+qQwRQ
++8kDxpRnOwFozSjhCXPv5lfpWnz9q/id+N+BlVDKvCZ50ZyAKPde5hN2IYsuGNgDt
++fIfy6IrJWMJdFzaPwZxO0p9rQNMUy90zA+23f0gS/0WzibbGUiqGD2shTJ2Ai/X6
++KIk5QXmKqgXy0xSSjaaioSgJ7dxzz7DwGxOdyMqI3qdueDvu8iTNE7XTVgk3orDV
++s+8Z4W7wxqlc2rf98ozUIYkHHsb90jnjkIexzsJ3hhZfksXv7pAVzaNMBx4UbzU4
++ShgPo7VgdcNzARxNBiss7eI9IcEtbuoB4KSFUfsGYeNfJBi7JkewfR+JAz4EGAEC
++AAkFAlSvBtkCGwIBKQkQJhAbYvaTds7AXSAEGQECAAYFAlSvBtkACgkQkbTl3htk
++Kaeqegf/bhwfSagi9Fj4o+ESRISf/0FNN3S6CbrDE2LYzJL1tZLAZpSSTfU4boji
++6cZq5xruoxtuEeqfQb6JtZPggfJTsSfxE7JdstezjJLOT1ONrjyDepoVZ6pNlWkz
++OGp7AzxHdxnG+5xg/GuIMV1mNYeZ2L+oJN36zxE8I5Dx9bThUf9T8R6iif2yhAT7
++yz8x4D1/LKsEwj8BciKIQc/d2kCJYsmwwpmgdKYC8iieiVqfwFbg1EfhKo7uO+iP
++TkBzyyeQdVM78HEdqdnSQRSzK0AGzQvhcQjfTDly0L5cBXJMWhFSM+n1RjyUZEg3
++YTxyfnWSU0BpAis2N7vUNvo+ouizgTFREACq2MVVT4Kva9TBV+QWnnxzXfowObG/
++WyM1zMNDq6PI5X1zAwjm3SJsDDtP8nGSp8uW1fy5lzqE9oEVA1Zok2Ac2MqihNhK
++SusElL+eS/3O305GGPMQ4RNrSkwIRopb5a00JZyiY7EmSGrU9OdX7XtkstniIXjD
++gClZb2XMS1WOvdtSJsca5KMHiByEePSZowhuZW4601aqBaLeVVLCAPpaH1kQ++B2
++X4fdR7VOa4j5kijL7Y8wee2skDLtDo4670puwuXdoOyXEo3E0Y7K/nnRByXAiFpt
++mEydczPC8wLlEE0XlhvTn5ErpkjVoBN1MhIId+zUwq5LWA1IEY9Kv1OdPdPGYuQt
++v2Dn7K27nwGbNDkzaVqVzvmKLhYTm8MPbjVwYJ+U8WwVj44NkFH27R+pqrJRKikQ
++uA0Vhef/l2pa2kL+UA24uAtqL3cBM9xjkryYHyl73Je632U7n1YQ8vAec+3sESnN
++OWbq9N9bMgKfewsNfzXgNEaqXGLTYtJOrhO4tJF8N4ZBY8nzES6BJOOKeHKKUJxN
++IGORlU/Mel82CtFsxnpdEoi0eTn7abVdC6oVEKHD2T/O6SyvDYQF4P7yETGmvaTg
++fyTMP2IgNfv4mBp9GLbNjBYe0amR6V6s9C/8rdoRjGilY/OP3MnBy7U5L4NfpHe/
++inqKIXe+0q50l7kBDQRUrweoAQgAlNoLcAg2mXyoM8r2pKrnNX6V95UD0PQ7cGoI
++D6Kpmd5bdzuaLtPsDZ1r4qlEZqfLA4m2JsHZMX+Nas2tuW2luE4kC+yi7T9515lD
++TGlMBhG3+BRGBEsa9G95pj8QT/PJYCYurPUVglShhzIC8ZGXdiICBt4MEyysJSkk
++XlLvuzGDTf9ASOk7qOJx8V1ILse9jB8L8os5TedyRYqQSUUkbUb9fT5zDDcfbKXu
++yZn9r+uzieiVw86X2m+1k+pK7LNbdnckGS1p5Vk8YyvGq0I6BDgcJeFZI1226KU7
++evk6PC3WYkt/VUAWbyg4Hz8BlR4oMY0UkmX1WMhfpQA6F1iQRQARAQABiQIfBBgB
++AgAJBQJUrweoAhsgAAoJECYQG2L2k3bOd3sQAKaUe6vV4HmntOaw6fxwc3v/e9te
++poYlpvireLRiD7RlOarcCa+MWdP22wTUXGRIczty+2D2NIhngnZqpC7nTH6F7KlX
++XZVIylJUygjnxihfogiPa8DEGNs2xS+ld6Y7OKxg92kJ3jP2H7QLpvq93evVxacT
++hJCgPT5AMmHR5c9KYRJ0XsMk+YrP8G9EnMlBb5d1XT7D7r4PF7FbeAWSozmaLHoF
++MOzg2hWpaBcc0O6gz/bpE4Ob0Voje254V+zNHEarxfoMcVNavRl0e9mgO53P8s00
++5dT+OxqNwHR0GZsHd/Y/cSM6XGyhq7xurXjmKW2v3tGaccOp08p27u41x6VefpBy
++3rd3KLMXO9mHst6NceyWKS6kp7ildxwIKlzwe1Do6hQ0Zd1XJY7RaAwonnc0YsrG
++2JGlCuv7sP1gBcSLsqx/APFwfUAi6lUqAcB+z00XToo6vm1hiLsmFoIDGUZnm7PQ
++Bf+HRxot2sKgtBn115Xx1GFd7V3WlXO4xz17jREjTL7P8H+r4MnbcjbdDmQTrO4F
+++EmuAJRSPvpwRTc+6AMGUOSMDKN+ASQoazLPRCiEZgLBCr9ooRd4An42t+QP0m/W
++NY5p+TRQRfsrJYuwJueV9KRVjtAhgM82DDAoLl1AP0QhhbJBvq5Cda5RqLnb4A1M
++QW4OPy2Z6LC9OJ6ciQJHBCgBCgAxBQJU0nTuKh0Ba2V5IGRlc3Ryb3llZCwgcmVw
++bGFjZWQgd2l0aCBuZXcgdmVyc2lvbgAKCRAmEBti9pN2zrr/D/sFymiWDFQYq905
++vN3Vt8zu4JeBqG/Ag5jo8CLdvbIUSVGWRY2dRRJGrhlxmepwwX545aQqSiaxMcPn
++Pri8fSMFnFNWKzq8xIC5aCaM5xZnN8NT2V5w+2P/vZxc5/3Xa9nQlquXB9v57jzA
++IW1LJlYqvU7ILbJZly27sr2v1JOgogqzgEz4NAxCSwUoNM6OZPXnI5EegINuiWKp
++IjuGtIQoKeUma1YBOK1Wabxfe2Hzu1/S+lmAwZtqg7HCX38NwPuAFxElAC6vx3QA
++V85+K1TWjPnoBHs7wbxv8HZEUewqzSijtLYa/yLiyMVUr0Am31yhsgFgKLQXwhxn
++K/g3xTyU5/n9jgZMEwg4m3FIeoXF6tDyYvXj7RK5uBGSLvt5R40kWNiUk8pl1L+I
++tmrTUynj/6g1wuLrYWkEPTPSlyKgZojTx6ssAiDMOVHjxpWxVnhnAkXOlLMuccTP
++xoXEQi9sXO8ByrbR7pmVS0+sXNB6tXbtllBsPBoYPT+ydOKGLqSh/1RFJyds3QPs
++8szwosr2wo5TMrCMcIiXpYn/4n4hM61OhPLV0OjYmQoxHE0cti8pntFpDeWJMvDY
++eN1fAu2ZZiiYE/+4CCGe+cmYvO2XKWZMQHwLvads8oCGqTpeidn6wIpsNsVNg6li
++fKFcRquVh96y36GPW+JuHeeTGuN477kBDQRU0nUiAQgAnDKd8ETvAvTedB0SY78P
++dlo+c5PyMU5EheuNezG4LFJxigixIuo9ZW5Tl11dO0EpnyD3kKsJyIc/+FoRFuSn
++nZeF8rJwHcB81+bQIkfek5rc+Za/o6wJ84yMzdqwU5Ooc1MrVdk/3TfU6y1uGaPS
++envUUko07SuVUOLOBuseJ/odz8E2lRt2iJ1HLcbRXi+pR/8DLIm4U+PLYIKYKrxD
++NBln2mlB7wWILN6z7cicaE3HzZp920sqeSGfl0tdX5z7wI42EZcfqERWmrNdy0/m
++zXmRX/qohTuy7I06bwrv7asGiNLvAfvP6wnsRnLbho03Flq4Eed1vedcr0ZPtyaB
++xQARAQABiQM+BBgBCgAJBQJU0nUiAhsCASkJECYQG2L2k3bOwF0gBBkBCgAGBQJU
++0nUiAAoJEGoXY4qgRQz177gIAIq1D4QmR/Zq6oeVsYzH/5+r0Q0JM5f+JKD1a9Ot
++PNkV4Z3B6yWBA6vVIGBW1GB6QrV99dfxXAzqYvsDuDaPtNcsXNbK7iQKt35llWq+
++G9Pkfj9wrRrEo+rvfwWDJMnp5C2M9hucPCc3aLCUE5UX2uLOLtPOoD9Gt9mv7+nO
++gdFZeANnjfH1sUzsgYOcmKVX7KOcV479nkNT1NXeqImekXmkTFFmWIE0/zQ9MhKS
++ae+F0fV5Agv6UivRc51Mfs/o9azWal7HB/5u20FBPV+ieZXzsSnG05kvXkmdcGOa
++SrMP5+Z0U7Hfo1YtkNhMeW2b4dImZLfCZUb62Q7K4LCoW+e1Ag//YAbzGBVflkTv
++sEAiwL0tbjaqpGMcAWMWg6ilNnqG2Rvd4GTGy66PMY0nYOVy734o7nyySFy4IXbU
++H96Vepa0G6JzDkiiRRVhd3VPfEFK8qNZRYXc2W8ohQV8sQU/wRWpOEP7kzD5rm6w
++hc0h3qNeLbXjciDfS785mAjHwVWPOzYuPlxaLE0GaQdMMYPnn62incAgedjJ9wXe
++nYugotfbYofX65Il01wCUhv+b1CuSd3WlwEQnia7xk/o/FVdRoC+x6GFHeFpjyzs
++R9QJVdmUDdDdLyvtVOD+kMHrsWFolxzqtVeUod0+1byvMojTXQnrbmiZJgDs34eV
++MYMv4TQPNhqmQuV4MdzCS+mmXnbJjxL8Y2nARUh4ifDeJH6M8qEQqWGHHTkcgPAF
++EEM5kNRFkyYFFllNfHRiSnRB6uMMCLXtgmTyamboo2Rm3R1Y4OCo2wryFoGiIore
++kQx4a5vxCw41LDHHrm+XGUIFZi1n6AmHdoGcHq0Oi9nrK19nUyJu9mo5w4EU3Os8
++E2V1V92yIx9nNO0ZupRBXiqKp1iaD3nGQWrS6mKcG+vmwEjyqWer7i91miyK8S3y
++Gnq4zNoUoFtfaS2siTWNQgzCEjpmMEcEiVrPwfFI5OA21revRA7tR6UwtZn3DUsl
++axotY2E9dDEgDvRZstvyB4xWrtXK4T6JAkYEKAEKADAWIQTlyjMdRKuOTIBv2+4m
++EBti9pN2zgUCWT6rDhIdAWhhcmR3YXJlIGZhaWx1cmUACgkQJhAbYvaTds7A9Q//
++fwupqkn+2LCKKU2OeZxLksOvFyRXhBxndQrIVlyPo3xOt7sZkQvhsQvff1HA9n9Y
++Aj/4Drp+AyHwnWxibKXMnD3SHSrhKQ1Crp7RUWOBe06mqAQzBL3L5LyXqtcb2u8g
++06DZway5YCDiif3LlNIf2AdjxMcg3lqAXCMm1cGRSiuoMZAG/eU14lNQKMODLlge
++dBnmpzUc26QcGlcltzzY9fFL1WhHmHpLwtM0eIuT0GW/dQUDKsgKa7oWJM/4UCZ/
++ug19mHSxtLrQGMNQG5JKIebPkM5SgL42fRHDMpnFNtWf4vu9dG42i8oWHNGZDOdv
++PGnzM0I0Km62F2zFTTljGQ9SEDxV1hQe99Lt8TeKoch3Y8QLELh5M0FDRVet//z6
++UxYivwAzPpOK31vLsUMhjVt0jPDnRi4PJ1DYZgKVvsMbgJ2eD/NgURefHqfltR1k
++7UZLtYEhGRVowXWZ8JNR5xDVczsxMNRmJ6JpnFw8Rfco8MLM7sWROzmYn/NhjJ+h
++y83cy36vlmlTYwvFqCJW1J26Y5GMiJ9ilLNeObyh0YSZlTDYfK2mnQmsId/nm23k
++NpuZBZcd2tPTIGPsn4YhzntNG3gOe+4LMshszAUS4ZMKeXOviDRtES74zJ8hVhrq
++Q5rHcHop2Er1ZprNTebsJpSmkHhqTqYjCv666GXvgcG5AQ0EVNJ1tAEIAITXfZCl
++HumhwlMv4ut0uReP0SbR+zbJe/W1FLl5bu1UjNzVchOyqNdOGfmHN8nl/fc42q96
++yp5oFqQwxpbf0jdJkoYcWgvCppzMZ8GTiKGexKaIajJ4wPYX2BNQIbF1Pbe2WZlK
++XAMfqsCddXUkWTdASH9CYXCMB0N+TOm3yuhY6JlFZgcrALsjV5ULk4Rp0r7bzv/9
++FZLWZ+J4xo6IYhlNmpMO0ZqiQ3essHrYvKA5RCNbbQn2PhkYhocG+Z/p1DcvAEHG
++6Z5KwvEarXtUJkgP0Q8IChNU+S4qzxl+sqIuMBu7JmqBObejEepK2YmEaUpWfRBr
++0hF/O1v40XTKp00AEQEAAYkCHwQYAQoACQUCVNJ1tAIbIAAKCRAmEBti9pN2zh5/
++D/0d139sc59kAK7QGsZLt1f7/ZCZVnpI/7LF6AJBN67jDSJn6iFdXHg1Q3OgGyAm
++qaeVj366VZQowpCNMcm4LVb/gx3atgtUwO8OXnFdjV/CSIbAB2MBVVDImZAKNcu0
++oPnQGbW3GIcBEpJwi42gWP3pzX2kD4xS9mgtZcvnY80QoId2LuarpW27dp7dbhJC
++EWlcCVybcKsornY7EwUpOoySTSvj8/5TlT212igSUMlWhQhigt9Kv+uo9/tStQAk
++3KT0CFqNphiAn5KnDsWucuhQleCtDNEJLIOJYrpK0eIKvMF6P7gKj6b83dqOpZiR
++l4W28BE9I0PGMUQvFPclqPznlahHsNX9uICC+7dPBhxq/gZjKRi6r+F0UXLRnQ9D
++FIAvYe7azx/xPysaOoQPj74F6pNpsPKcoJPl2ZFD98PDQtNMd6jF+94Up96Bzw5H
+++fNi14aPvUME+l1oZMJkYMhh1LLfBv1r717ODa8SY/ckoyfVnsPE/gs06gv/JK6Y
++hAhytlbFZlK4+yI6bwVRa69DiLDO75lQLyTM3BCnswVY/CH4NgeSnwrubYB2N4kQ
++Y9oiWGpMohStQRVTGS5McYwTF3/6CncIhPm/dfTyaycqs3j8dFTjHjDJQmpZUgHj
++c+/pd+rP/UtrJ5j8+8xsdJJc55eOXbSIMJXEq3mqKLyx8IkCRgQoAQoAMBYhBOXK
++Mx1Eq45MgG/b7iYQG2L2k3bOBQJZPqseEh0BaGFyZHdhcmUgZmFpbHVyZQAKCRAm
++EBti9pN2zvUkD/9y9aiwD5OE5QPhxbUnbF+AAJeOIrviSBLpk2zSqhmN5XLfbcS3
++CU25rQuu3dAe31HRUHJBMUSb5GhPjpgIDJPEQApIZxeYcu861oG6pa4/PpEOWWlK
++yOzE9JwRo6jreDIjOqvTVT5+QiiGT3bmeudX8anj+4Eq4UVl+MKQ4ZByqyhis0tj
++dx4lNF6NH34CZlXPfazkN7rWmGJr8tBjYbe0wkWSHaXSncx7y0A0S5ioOb4aG5CJ
++5v7EMq6lTs5JbbVKSRAMJFjvOPBAHrOWRU0hmahWXXRnjj+J8qCNTUHCBbWgkHuF
++KdsdLZBhDpVs7EIveUg1w6e5luyyD+e22nHpQK1GWywtjnaNHKIYTeDWFVTvgfk8
++oK2K6uFtKjGQHjPeJot37z/w+PsLY8YMJefyfubdoOkmuDtqtfD8hB0z8k5RNWQ/
++BsrPgtJWctaLD7OLJUCRrl/VJ/J8ytBAterbHvWO+lQFu134qV7fQb4BwTsrgC6r
++KVWD0tMrU2Ltc87Q+ULMgIn/WCuFZk0AiUg9BgNSLvgXWrqatw2YSOsZd6AgucNp
++FvvOdgVNg6LBsgj/SbNNQDnRyQuKhphktll1c24/uQixgPJNA6ojHwQiCqQRYhZJ
++iE6Y8qkkqk4De/4IdyBA1cREgLpyqc7njswyprPpVXFDBzisMHrAYGSiHrkBDQRZ
++PqfeAQgA5b+99btbBH58zRUpB39U8R8v+Qv544x2p239oEkJ6N0GNZtLMpaqPpql
++p8BUcQHdVqeq35UPSDl9fQGswIgylrppO3CEznYPYTCAuma0aSeibcPS6F9F/OlD
++PPFjYpEqkIWqhuENL6ZajaIB7H7zH/VH1VxdyXMWjblZOLnDngW6j+a7IfSFzWHN
++J8MmKeTEDEG1FBxofvnbzQu8pz1MJO5E/9DF7Gv0XRmcYEdNwrxJmleJ8x6AJKE2
++5n3x0RJO4Wf1PIqzkyohGuGOPih0ncOUzwINbpbRpwXt9+PkWzj2o4O8Y5KHLR0w
++MNm3MMzgbmk82gXxM+NDm70HXRMAkwARAQABiQNsBBgBCAAgFiEE5cozHUSrjkyA
++b9vuJhAbYvaTds4FAlk+p94CGwIBQAkQJhAbYvaTds7AdCAEGQEIAB0WIQTQv9a5
++7KVpSm8Unc6vTMZ2prbBQgUCWT6n3gAKCRCvTMZ2prbBQmcSB/9RYspARPjzMf1M
++nZwYHfsL78MynfO+8ccVYFjA73njemCGaGSaP6GHE7g4dbzoFPdnwLkF71rLF/Pe
++qs+34DA3wIR9IbwlKKhLVymCrqxAsOdSglNg8z+OXlS73omm9f3Y6Gqngge19H5i
++9mXmgJZ9LdgSUhNO2NNZh9K5A381YzzcBLIInf3HmUUHdHFoYguvG78rBrRlEqWY
++hp/yG/JYbR/UbXhrNbEggf8LOeiQtODMD7kAwDCVfQjfZsBh995K0ml6/d6DFobu
++ZkkPAjhMAiWnsLYFCEqnpYnwQ4NEyNAhiB+AM62jj0nivvpmdunk2kQNtwZvpIRD
++IU4aJxkxrG8P/RVWJZyjzlPKC8qzlhPoNXc3bAlnVkO2F32f51nPx2kE9MFMFQp2
++agFR3YhCir8Gx61JsLKqp5gG7QysKeRDGzxf08ufrhcjpKoCIECCNCBUaBQ9P/Oy
++4BzleM9N0pyw0CXV3ca20GVnH7DUnXAJtTVElOBISKjV5tLS0eczEAHt3P7A5Qa1
++YRQBzRHVXbHjhdudz0maJucAERUwntqOsojoJo/bQkhggxCzuHPsfK5KUgcaKhcu
++KUhZYchL7JAlUxKxbmvvHgy2me5LUCxmhSsMN/uiWNiftDePt+O9dXQlUu/rCCyA
++pyyKODlwK8+ga1tYjBa72iteeKdqnBV7e1Z+bn+eFpFEgg6EqJc2gTaWb9hKLz0n
++/cybabpx7SAUd/nMjyxtslxtNH3Xj6Cnq/J8KYQOcHyAy7TAXsYguPmXOOBv19sA
++nU52IyeAqaREb1UEzUGpwQIOM7J5bH51ZSy3r2SSgQj53fRTv3Su13uqIPMWWGj4
++JMOgozutbFa17SJ+INDtuQMbwP4oc1Tv5hEhLoZiM92Gpg6IEmZMvUqZ2jXReEd8
++wfnXSgHvF1JTV1NF95icrIO9D8xramrSq2UaSetp5FCWZQzTihz4PiDHLU4JNw5o
++QMtb3dHtVC8+jT+b489s8qvWrCut4DZpfR07FbP15de4X53lpy+YI3N1uQENBFk+
++qAsBCACtRr15KNnY3mR3r+H+Cy0C0Wyow7gScBTXx+euP2RoO9xHurphg7rvvGEN
++WTfOlk/qzj9V2+BbwkU7tZa7uRC0fLxodKKr+QTO2BXxRGdipkQpjdflUxeascMT
++EG6WOIsNfmn2+uaPapKNedpTE2bf22hHGlooDqqmFjdfFU17dBWSMKJ8yQCgOCFJ
++5DVM3c0/t+teShLkXmVzU0G/rKrZDXjKZUlS1B7t46NhgY99ATi/go1/hs3lNMQP
+++gpc/FM9IM6Y6eWXoS3F6nTbibavVdsx/qig8sbv6FqoEi2cDx2QyPlXjLCVlt2Z
++1kv+KhXX8fltjmBifFgiq/H35cZTABEBAAGJAjYEGAEIACAWIQTlyjMdRKuOTIBv
++2+4mEBti9pN2zgUCWT6oCwIbIAAKCRAmEBti9pN2zokbEADescj66he29QklIsHg
++Wj83vl1b5byfPO4taMY6sQ0w2joGOlaS/QFZSTkSxc96xlnMJ1gDMc+HMR+REoth
++sBg+1yuz32dzvV6+eBYA2nccfAqhirKk0iijF3WRBmbe2hiTLDIr0m1h1v0LuCEw
++/kH7PseXabJ/zxt6wHBq5XbIy/H2z8PRaSEUsb9qZdtMyjvcgvU45GksjFmGoWnl
++lHFVuxQ24xcIkPe91NTa++PfuOwwRqAWThYM0lCLfJJuQbaJUlggPNrsu4FsD1GC
++9GIJT5au/v89TUIuNfEZjCnqaQuOYg4MkkHB8lyuglIv8ny3T46aEK9Mux1Ok7d8
++i77QVtezDwAch2+yPHxRT2596Dh4NVqP4+99LPqtZY3rKuzAJD25nhie0z9M71Oc
++4JC39vNi53XV3ckIy6sUg/yTi1na6/W2+JrZVLeQW7bTCTunz0FbpTt3CQRk3cMO
++aSx7PLo6x48C9Ph/It+y7d8E6qoFCpj/Lt13lnnRQdsdb8Lnl8X6QC4AK7vcZAi+
++7QwNjuSJv1aSk5cVz6IU6UD/VQrjGyfUShaPOf1nNjwFj5nQ+BxVIUlxEB55KhUb
++UuIm00VUrdB+WpLDse6X1E+OyvnxvIbXQTdkoCMtf6K59HhcavM2VJZsXYJzyZLJ
++WCVmN59H5VX6KKo9GpK9QVBS3ZkCDQRSZgWKARAA54U4UxYDqUMAZICVRTqD+lEN
++6AWU3EUmE8dwOKXEIuMs4iElToPRPX4dmHhsHgGQD0Sq3r8UPNpb+ZA7/FL5Qjpx
++Ifbx+JaXw2oIq4hAJHE3O8lJgiQMkfMoOSpu1dNX72y01iGYrH+RKsAMFXZCGnp+
++Qg2McX2su7+IwRl8TcHULuJ7DDhrmDd05dBQZVon9DMoRk8oZeqzE9pZcip5SWh2
++wqALKV7zdUV1raqP2xq3KJtxXzZn92w//CsQufA5gS54Zw3mruraIUj/Id8a/Ogs
++XWG9V8/BOSEVZmaKPzSzNGxtYR5IlER4iaqN+kaDGqxRIQn8qB8L/fB87nlldVcP
++GVnGRzLhyLJE//3iNp3FJ9wc096Lt3ksei2aEuDXSrVCqlMk/Nhw12PXFIC7nQwP
++3dmFIuQctmL4BlxUTpio7ajk41KruZNAUwDo31+fyFQQPs9ul2CYCNNW1orw+TyO
++LYbSXfPJ19vHr7uksDdHr/3dU0+/qxrNFjIqH1i56XvitdvOybkPlqVYX/f1H3HE
++Wy+a2F+U0KcWHTMyb8tU8R4p8xPoxHBJGNB1QYTra/3GueiVYjpQEIvQIOO0m7Ay
++tQoPAdoTuDKBFbqZARfdkR0RENfkYZwvHB1+SLxPQm+LWD9w28nf2VFkLrW26wqG
++iz8M7up+vMiOCb0Ao50AEQEAAbQbUGhpbCBQZW5ub2NrIDxwZHBAZXhpbS5vcmc+
++iQJJBBMBCAAzAhsDAh4BAheAAwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0e
++kA4UwcwEBQJbSOj4AAoJEE0ekA4UwcwElYMP/RQyT71nLmskNNj9cjWXRASrUGgH
++cpW9u1j/fJ6QuGfbWF30ibewRN0ff7OOg0V8iI3BWGOdu0+xb+y+FWC5XP9ddS41
++Yn1FSDjMRWM0t1hTzjQtZS0e/5F6VM1mE3h+EZnhSkl9r1aKm5cuv9g2OxWulzDA
++69Q2/K97QenJND8KDMXX5neHc2bGnVbMPlhv3RoyNxajSSg6alOsrjdBEHEnsHI8
++rzQ6UGT1M0unxwsYCrt/AD6V09/UStR1oyWRE2WWCcHqS+MW4JXas40GR2JtUhnT
++T8zB3OGhT947rrQ2fbVOsz4fOhonTFrR+aboTQQpj4XFH8HERk/wO0XUBDuAGavM
++mnz7T8wn4CTEmiBB/M5rBXa/TMtI7VweZbK2Hj2ye+0tOnx3aRQbTO4C+if4MepM
++RsKZUYufRwQYnaBbDOs2B8/QYZxnOFT8+Y3dkYj4Erucsc740cEQbSuchB7IZq/K
++QAzY4DaUUvsucWObXQR5+PyOYEmE3v047Rh/pSH5XudrjPtyBlsmo23cIuBJK4rj
++c8C9PTEJnJG8MqoHZV4U88TQVo4PU11BURAwD2ZV0MCL2HqWmbJOREm4cMudXMq2
++rmCxGfEgjUQOk0+VOFyI+W+M5Etg3jWIrdB6pZbKXWrVa4MwEDvsAfvPyRxXsJIG
++R1RVewxJpxlP6upstBxQaGlsIFBlbm5vY2sgPHBkcEBnbnVwZy5uZXQ+iQJJBBMB
++CAAzAhsDAh4BAheAAwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwE
++BQJbSOj5AAoJEE0ekA4UwcwEmtsP+gP0nC6dtrEyoLYGACFkp7FNnuCtO0IR6ppP
++XFTXaGMjR3g+N3+s17ztdH5X6CUS5rIvDJQGgtAbqDQ6EgQbr/tNBKu5mGYSAvSO
++vjR0b6tmgc3FYl29tFjgpeUJRPa/nNdhUi+TY7pbEv0O9+gGD8lKoFNiHBjEooqJ
++CU+CH96uBy9n+BI81Xqc8cuAQNKMZd5TFLmbmwAnMIt8pPOHatrorJjfJM0Odk3G
++a5CuziVfJojDTgck/tFprpr8MSnAiIW21xQVzfRazFGUA9iRF/r0gJKSyQuZj9ke
++Kn8fFVQufMAJyBrsjykloaYkx2XPccB/isjFYEYp7Aa4qQASjCGkffNuYfo0JuTp
++8k7IUHPv3sb7TodYoWFgHh8z2Za6i2I5dKb+EgWs/eGDOrRyOdgbxgqJc3KpwMLS
++JwmagViQ+PiKcRV+uGZ57BSMsTwt1vT0iKsQhM0IY0htxcYR8HPdaJnvLkD+wmNi
++DAXejp+BUZ8s+7W3VN0gyktjrN0IMsi420mVOCS64IKBeb9qCqO+IE4JDny79a1q
++Kx82jAfLOkN1KYy8xYylXJTypLtA16OiFB9Tsq6DR+BYXE2n07CEOko439HGZJIM
++thLamu0JjGAwPGKqYXyVA0pwFPBQ0OXa00H6qCZz9FpVvRe1c035x/RdsmzqgVu3
++8C8bGPZ+tB9QaGlsIFBlbm5vY2sgPHBkcEBzcG9kaHVpcy5vcmc+iQJiBBMBCABM
++AhsDAh4BAheAAwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJb
++SOkXGBhmaW5nZXI6cGRwQHNwb2RodWlzLm9yZwAKCRBNHpAOFMHMBIaIEADH1dXX
++LSMW2SW60L6jMQRUNMKUKsekEpTdrzmfWJng050X6/0Rc2HGqbgUUC7R2w1bsUcl
++5RQuj4kcgnXBnxB5XfN41M/xJlzZOgh1yLEowyOBrEV+F9z+y/4IhViFP26CBujY
++StS/WMNMl4SwWlPWfLWy9rCSuD4DRGjZXx5tC73os3D4Vl8KUjFOg+yPefPsawjd
++KnPyAUv9aZNJ8MTG77xOAFQcbX/bSMjlw18s0hAMAHZ/3r9OMjYSz4gy880i1maY
++6EHfx75Tjyow2IqIisIB+NMkH+Se56FlMRL4636Dq+GWl6GWXhoRYs7Nmre1FPCY
++Fcn7iIve86BnYPcN+iNFWj2tvf6yXiYtRJFl1BL4xvE/er/QXk3eCDpncEf+4Q/x
++i0HUc48hHdL8T52L1oePUbgXYtH1fZn5Hr6pva53mPkmfY7p+NoDgvktVAuuviPc
++SlZKlzut2Y2QClvlGZ8Mle18m/28w44Q0Oi/i1Wg4i9lFGuu7jFMaDARnySOaU5u
++Bt8nd53v9GudYkW0aNQghsRgKCsXsGPLirJI1rObzRraI17ETTawgGzvYhZaz/Mo
++HPlFMNtGwGr53uewLGw58b2BEQaFIVHtadz2iuoXNPCmoVYNFNAf5mmXoUpJnt7V
+++ZUnP0fOcXAHuerJ1ZbDDKnYxhEQLAbHCIyxprQnUGhpbCBQZW5ub2NrIDxwaGls
++LnBlbm5vY2tAZ2xvYm5peC5vcmc+iQJJBBMBCAAzAhsDAh4BAheAAwsJBwMVCggE
++FgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJbSOjqAAoJEE0ekA4UwcwEPpYQ
++AJgBYmNAuP67KdxC6HjtcPe2/hQcFXSPYi2TJGfgJrgoMHdXQW008EPz3kaXkzxD
++pda9bNpUOcRL1u9riO/4V1f+yFvkZOrnkEhw4ebrvip4sbufvb6ezD9S/OuNnTdi
++eraJlltStrq6HXaUXe8VEIfqOiZPB+3DEbcL3AHw3dfEZDYygNFLji292ZpEoYp+
++QlKamdEcebOYH/AhsQUaEmJAACY/TVMgdWio04uCDZjicvBt5+nHsN7RTfTfuVED
++Z5XeVVfOifA7D5rNBZhiI9BjsUzx74j/GNP/e8kiMEcHAPF9BgzOXfK3sTQNsZxR
++zl+rZDt3ltg49N/5BcoyTW+SA7hM3U/CWqtNH0srKPkuKFhAbLr+mVZyA8AH6vk6
++iiBmOAO6MMzcV7ru2wwu/LtgEHfdiq6XYoFVjQXkH7SanNPpmyHFocc06gLmXWNc
++qn0pvepKzjjApCs+KaHx0G6DyGeCno1qC6P9huINs7n/6bLSyh/JSHnuLddJBiRS
++w8DwYy76WzPGENjkxKv9iVO7k3S+XOGkjtqaJZFMWOZ+l6VZ29Hr9ezYJuDu+CBC
++Z/7grbjnkE+4QmvOlPNFBHsfyFb5RoX7kZ5Fmtb7flA0x0TUgaWtjocQxGbZkYrE
++7xdySqfzBycPqLCqzmDAyrREoJOLc8HD5A8dEZNVYeTbtChQaGlsIFBlbm5vY2sg
++PHBoaWwucGVubm9ja0BzcG9kaHVpcy5vcmc+iQJuBBMBCABYAhsDAh4BAheAAhkB
++AwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJbSOkKIRhmaW5n
++ZXI6cGhpbC5wZW5ub2NrQHNwb2RodWlzLm9yZwAKCRBNHpAOFMHMBMFPD/0cePg3
++HswrdBK7aHJXrD5j+5ExH6W8VeRRH1Rk8bEOgf9lWw36qOxZF4Iz0kJZZcbsISfj
++K1/SRM8bQxofZRXVvdxpXOl6lOR/aGAL8kd/TYh/6H+TMFz5WZmTvGP2Jvgltk2W
+++9I7n1xTboZ3GRZKqBzA+aAtceLWx/ofP0YRlduTIQboG0/WQsPbKORPKoM5syyE
++uAO9m9ZbvPJRRHX/O5yLgeXaQzGvkyHA8qYvYN267KEDVBqh9OSo9B5SOibk9LBs
++Kq2Yhl/XBUM5o3m0qml+sdwciNTUtQRyI7xBIjM7z1dGiHSJOo5DypUtQ0jgTVi3
++gYftu3lYiuV+FkWrhtTVNjtrKT1Q/CE9LtPx4RLhfuPz8yYRRhLunCJSriIWAHTM
+++QIdBXCH6Hu3dig+W1gPd0+3+5oqJCyZu+Hk5c7O8RyVE7zhriS+Zw2oLhhUyUSa
++E9sldEpzwK0oAFp7sOtQcWR3Qbh0lKrK+Mh6AQ3f/+uUVJruqK2CI6D4SMP+BIl5
++RUOUGUKQ0qNjeJ7vuLtCkma1bCpr54B8S2uLGDe57ox6+99XClF0cv7WANWLKTBt
++gOooYgtTwZvbZCeiMZLIBN1qjyOcE7Hkv0Fjvsgt0NIz4vcN4Yx2AJxjTMECLoFs
++k3HkMWti75tQeCGMCptMMJ02yrUsTv7zOg+sr7QsUGhpbCBQZW5ub2NrIDxwaGls
++LnBlbm5vY2tAZ3J1bXB5LXRyb2xsLm9yZz6JAkkEEwEIADMCGwMCHgECF4ADCwkH
++AxUKCAQWAwIBFiEErLtDJDk63jUV2i3aTR6QDhTBzAQFAltI6PcACgkQTR6QDhTB
++zATWUBAAmvJG5cz6hJa9RgyQGzODGWZi2dj27u1Djjz34wY9xifqFxl1/s+EEZ6M
++L/i+UmIzprY++4h/NgoAQGDBkt/EkJojmVjhwr3VHRzoi8vREMFkyELi4lPC9GmJ
++QP7wslk+L2zEVUuGLbGW8YXAUnUhwmMk6DQrabgubc6W2xL1od6TQZw7CUuLtiqz
++j8/1d8Ck8lGjWwmSF7kPhW70gP1AK+CHIRb/wOVZzhK3TG5ZYF5QUGPF2lL6yGJe
++6aYsxfn8gV5MhikG8idbRxIDiSsbvQNeHMkjVGTnAdz+I6t+x+rhGko0INehjULY
++JroxAmwWTH/t8qFD4jHRapp8d8j0sCCxziOmHAI7bi8xQt6slh8cHkmEGpiIWued
++SaKLlcYeE6ZkNvo6hKqJCh6nah54fybmlUD7Fa1hCR76l4FSPNBoGo+UIuikob1s
++6SEetzQa7ZNiIvkCVEoMxXWHuNGbZUjec+6kN1mfTjspJLtVgPo4C8jL8icZ1TNh
++0NomLpjQz/0MAxCMaIsURmv4Dn7AdCwlW/jXEiR9gt1cjGY4xFZ6Nfcx1t906S7r
++bxb4O8BtyD9Lmm0SPLSRZRqlr1eyX7sHWuCFClxO9i4CD4XKQ+obU7veo6a6xTrn
++Ylh8HpGP/spY4qjyDIArvt8W7G/XJUmAUPAiloOmrMTaraThvcK0JFBoaWwgUGVu
++bm9jayA8cGhpbEBwZW5ub2NrLXRlY2guY29tPokCSQQTAQgAMwIbAwIeAQIXgAML
++CQcDFQoIBBYDAgEWIQSsu0MkOTreNRXaLdpNHpAOFMHMBAUCW0jo+gAKCRBNHpAO
++FMHMBPQDD/9mNS3hjVL+DG1m2opXB92yyVcg4GARpVmT9lRcpYk10MasaDh/plwt
++9cEZ4OKYVOJjEO6WWqMreBb17djr3vkB9jnhkTUyw4Y4vNcmdmlt5NnL89n4Eq5x
++m0TYMUfNyNoZEdtRFcH59WD9fk7TUhhPS8JrPBV+TmKrIlpuPXx4Vpx9K97Pq4rV
++9TpQZGGRcjbwSNKecAdI0WqZ0cfEAWMHVq/CPMQzmBWSOjrqUw5JiPX1mQN7RuWr
++vpWXDiR1s2PYhVI7tgaz5nV478OW3MmmLlz5to5z4C70FFzI46ylw5XGwCZPNrIO
++rezTZC+4GGj98pz583eg7HXS+5bt2FYeckClha9fs5mse/vXvleA7AGs9HoG3G8d
++3Nt9vCaj+pI/VTbOp9+gvtxfg4DSriGeNZoTQnzbkkVFQe/n9FYNtsco/MPugGc4
++w4fBpq0AIJw66raQsFXu/30+aICb1nU/RgyksXLlL7oQ8fyZ7xprfy6fAAsuvfu7
++lI85gaWs1NboLhP8lLDAD0/rg/Bu0YGfxEfguDEIrTTmN26+4i95TiffCqch54Wf
++AQtzV9CIkxsmPxVrrAh6HEKs7gEBFIaNew8L05uUzoQnwcl6xOcbGSJLyG1a6+6H
++5IakDkcnypy/LBOPrx8HyqO4fOR/4GJ3oV7hm+e3svnC52hVdmccr7gzBFfBMHEW
++CSsGAQQB2kcPAQEHQCX+QrQV1F1aohqbdcUODZcwbamprUoLIXV2nSyLiSx2iQJ/
++BBgBCAAJBQJXwTBxAhsCAGoJEE0ekA4UwcwEXyAEGRYIAAYFAlfBMHEACgkQURBO
++Zo3QRIH5oQEApL+jd0x4w476elQ3F0M002NXd7FKouy9ageBM+oHS4kA/28oFXVc
++qDraz9f5bFnwX2407CDLKaz1Mp3jijvRp6IHqf0QAJGX5TZDr6CdERY5cOTCs70y
++02q2sVON6dxicE+UAxOL1nqpef2FiOobu4e+OAGYZngm8oNQBNNXA6ETc+Ug+zUV
++P5p3MwkpFAC52GWF9yqOjOaZuQx1QZoWw/Whba2ix+rZSSi1zPaxrL8iQpe04Mt3
++IFwmLlxYhT2Z9uDF/lotROTW5PIcWmt2yHYbdL0XYrGp959DmKNGlprgTBbWTeuw
++aQUw/SOk8Oi83qv+8YdZNyuaxLz3qh0VSxx9vQnGMbslDpi2+hXOuTJuMVs7UtPt
++sFgZPOQIWdNC39otlpHQE6z8ezRlsOX7LFf+1CFPkPjbqrs0D4fOEr+yilo0Dj95
++ixnCe1lODykeEkwQE4XdlrIGjLOdi07Q/iMLTGQDL03PVrNXt1ak8pTJI7SZRsQu
++lL3+Tqb52HynBDbuiwSyjqdCGAZ/oRChWrW6tdg3bos9YiivPgIswCfry0tc3WGp
++2ygCbWFvgHZmxU8nwusrTjciIh6b1xwG/webx/lBPMiKyRC+F1wLqdJBDo7bNuo3
++Gz8W733vBRw+DWSDPBebW7kk/k3JH0jX1MCdv+zO5wuur8DdqDLLlX2mZOTRZVJc
++Gg4jQ4EJ29akJv5bSwa1bFRXN0K2uNSGbtfHrcbDmg0aU5slv4vtsxeUFhOEcxHH
++CwCfgTy3SEF+cSlWWIbMuQINBFfD2hsBEACqLMDpuA+/9VWscimKTs7+k0BiuxfP
++wNJAYYznAVNFt+GE464v6YJNXpKt07BRzDpuivaDPobqtFXc2nvBHcCUOP6QTUP8
++9rOC/bw039B+KRaPlQJTGbPKL/kqIXiK5ihjgSXdHDCmzNFHuec07pWgBMI+LYfZ
++pKIHGsFVynIL53mmhxavGTCSzJrBd6pyhoeCzMsIZAq6pZ0HKjfVWP7B3yBJfazC
++r2V/HkOmKV/vPJT+oflE4f+PP5tTuvEWE5UXM8VXnROMcxaNHLB43Pbh3A5neGgF
++m74Ha0tfWZHrZYnNCFRGbxp7PnfbKL+tZ8xtyQr1pQ+x1y8Bkxj1MgiOj55MmRmj
++xlVJ+L6zyB5Tw7kqsaBHiSDBWUz6SJz3pFD3X3GPD/nkNqhBhSzFM2qxHME3CkK+
++hU4jOEkcZpHhsjL+pXVudGNHIByDNj9lqP7vswg7cnGN7QIPdpBdvgcFg4qZS93L
++sLJlqhNDtCwd/Ut+QNT6xE51HflZ+3/su9FEjUFKZMEtAu0TDoaf7iV9VyD84wjL
++WAm1GVXpDh1/WuSUBifMfTyHXyLN2y2Ja5D1mws1g2ywzHBW/2e3gUzYSd4JQEWL
++Yld0kZhQ5V/Y9Y19jDpDUUgxkZmb5dnHRaGwmyx27zReKqN5NF2tdeWsUMibZkEQ
++dib0n+WnzuJMYwARAQABiQQ+BBgBCAAJBQJXw9obAhsCAikJEE0ekA4UwcwEwV0g
++BBkBCAAGBQJXw9obAAoJEBPa2Zx+QVGcxvwP/2aIUD60sKExN2fLXj7mMZ/wWlDn
++CdqvTGD7lrk6r/fAQcaOAgajCMEXOPZXlPBhdQ4jxD3FLs52CNZkcwzXMbspz1lf
++IOk2U1UGhmnAyriY4Uf5cRu2RPR0HYwOBB0xr69SIrsmlX4pf1AnulE7CIY/oPBj
++B2XQRQ7ls8sMqmm+0TxRysaosHGu7Vbez5iKBm3p0rEh8TcVkgMivdUPue/ip+mC
++aDCfGeAiXLXWtiEiwaS3Pq+QzHhZtBvShWlc3k2mCFlrGQwovPxY5SqGs6Qwifrm
++nGSSlyaAorDZcQEkZe/HP2/qXKb7uBD3/r8t2OE+BZKwJxW2fIpaO+u8k5EXSDzu
++xRqSNj3wYUI2+WNQzBmAyOZ6XBX4Pz0xZyahtXCzJ+5deqCnEtJI1HdPSvM7STE6
++s6BmkhUl8weSAD+7v/HNPWvQXYFoeGFeqvoVOCqB7jJZUj+n/eUh9PxsOtwdJlvd
++oODuQIYyzuSapm6OPnBKg+v7Bp39Ym8j5Nfe3xqg+O6CQVH/qx3NoFrKfAaLKGsV
++++jnf894b23Y/fgu84Myt+Kn8uOrO6jbBwiWLkgn0uzmO57bi/6F7aMQwSxcMcAY
++3DhCoeXkeYq0QRZZd2raPbA5r278wPXWg/U5bHenGYX1COWlRehWqXkqR9ZJYY1h
++TT0/WSAK2ZLCGTK5tDYP/iiHbpeWlZhwgx9JkfmgL+N5XoAW6oJna3tozS+xVM5p
++xTaTNO24vnQw+XQxkiCFwtf81chd/oXhjWpLg/K1vF0AWGomN9yS5dtKtlWZ0H/3
++KeEGkKf9iRp8j1bVNF6mBhb8Xl+nKLWiqE/uezx6OYBFJuj6WpCgbmaRUbmKpX7P
++++JuOosg0n+BzzJYAIKP4+/FLL35qSpLW+DuWZaXbvgS/OgjJUL8AQj8Nwk7ViRy
++hBRwSAvwpdcwvlAH1VfTHfpQ8a0jjN1Nzf8Tr9Ijo8NQnsa+5y6Pmf6l40j4C8HP
++sMB7SX8ptFig8lnBRPtzEWj54/WtXJwGRG10XW4rdQU5hR9Tufc+WFuRfwdLgrhP
++TnKGyVG9zOkTd9Cl4j58tEsju+m4HNkUN5goouvdxHSe/dmA6cQAWf6/nhJ/uSM3
++aJPSUOtZwPZO7/NzsMgkwZTLXbehm+9xWMkPRt1QT7V5MgfxnxhVoIeoPAEYBo8t
++0P2GXVMNZdZkJPoViWGOei4iPE3rj6NBynIIoEZNDEJ0OQOUe6Naq5AaG/a6wPa9
+++ITzKY8VR5KMf3XgcKLBlntyyxTgnHY7j5VrhxU3+mUrnwg8LIN9Sx4oWDks/SEB
++7KN3KGjSgczn1k3GIJRF8BhYin5Cuw/+aD16w5gSHxUhIgwH2BbM5X8eopbp/csA
++uDgEWlPNvRIKKwYBBAGXVQEFAQEHQK1DtStYAOrv8CKh19A+Grx4WJusGieqP6kN
++cPu/o4dlAwEIB4kCPAQYAQgAJhYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJaU829
++AhsMBQkEBFIAAAoJEE0ekA4UwcwEvIoQAJFgOFOsevc8GDLKxSV7hR3tytGLlfss
++Y9I+PGOt2Yi6S6v7dP833FLRS/TnoKlDof3A7dw87hNy/FFelm+GUz2gWCIjGEk0
++yWqvHYfjwryTug5713cmtKBdLSQ9vxD932ZH3mRcWNmaN5909nh8ugf2TCchQ5JR
++KmGSthukPE8tHk3T5hldlRW87V0gIexJoo70RrvPwnK4dzYaA9F8SZ+rFGYTpTaK
++A3/L2CwdPIDvi73PXAkieHISOc/u9YqPR4VS7P8zD8ckCpTNZ4iAOh0mFJsozMnT
++MGekw3cozJwKxsfWCwUMyQasc0d8Yx1fJIdIOrJeXvIWIFZQrhrwDqUVPyY4jhnK
++EiL7TQIrWuYKopH3AUmKWxA9T89/Oyrsjqu8ySDT//svOF8b4VUc66y8vR1s6oUh
++8XA7sCj8TA04yxi6vzux63xQIA4DUljcUyifcr4N/RwKcv4Nd2Yxg4zY9Y81/raM
++lvEysnKqJRBpExzUmO4Zgap39aRRwSCieH3NqYkZDsVsUrcAFcU22ir0wwba+S2X
++LkedTrTB7xrM5Tdzg7EjaHfrwONOobWBn8mDEUyYIW+kuwZxdS6h5wJZRXJ6p0vZ
++xEpxpe7WJ5r6S0oFlyPU0EYVBMFbHuG49Ml504sGWn0uwLuJJZ0sQ1zYU1BgAOnD
++J6kx5FwtQIR1uQINBFpTzYABEADF6zFzagbZqkqKDYFES5aEBZUuy8dDZGSr8zMB
++sGZ5A1OJHosGZCnVA7w9265rUIwPimQi7pOC30chLcfK2bkMFZUt4keC8wHaY50c
++VGIc4xA4MMrdkg2qSBDMP1H8+i/jrpbYKSq2dH3VmdFFqxvJs/XYh/ZU+dRMvfny
++8SULvi4Gp01P3PLIcn60WW0Xt40TbADl0ueCM2GxgCbbWjvt09MvMwmj506JewsW
++bUhFDjJH9W0196giDNbSi03vg9nI3lfpFC9Ao0mNcIobyffL1E6ounBeUcA7yoi/
++QPQTB0dtNcIvtLDLCGWTw/Z42FGJQFLdHEf0cINPIL5qiJlCvdVsHhVeHKA5azpB
++TlhvnHH4eSkGquKI8Q4PIzGsQM9PG/Aa02XC1hve+kRvKWMqFWjoTfc6TcI87oEV
++qMa9eNOZIk7UG46Y4dRkSBSwRVLanH3xRK+zPnMJ3X8ePGL6yna8W2XcHznR9xyN
++zA8GoNpA0CX+SyM+xpVH+ZHEBupvArqusqrS4RPaOkZ2uurUxOJ2N91Rj06IydlR
++qWkhFX0E7rEURnBxIZrMhVWbYRufn1QiRLXOtfZF122QfLx8L1oPakyVG07TPVnh
++gcmcDny45ZeUnz8V9/gyKDopT3OXdaxqe9Ovh052QwWg4HtnGBdlhJyhwQAy9yH0
++gEOPtQARAQABiQI8BBgBCAAmFiEErLtDJDk63jUV2i3aTR6QDhTBzAQFAlpTzYAC
++GwwFCQQEUgAACgkQTR6QDhTBzAQK/A//eWA/Xd2SRObD6CEw7fhmR3J5afqifNiS
++vxQbbkZ4SIshrEs5wZF26IUl9u8uHeSyCrIB/vB4/NmCk306ATNQ1jlnQd+OKVfi
++C5Qy5Xi1T8o5W+chsy3PCGvdzG2vgvACa6vyKB6O3lV6F+WQ6GAd5NA9536vW7KW
++AXfwG7TsTcPzmRmXYb5ZpfI4g9gLw9ih6OzcP5+C2BDppWoQjnVj1+t2lw0SuFv1
++k3H4MnhEJCcTCURu6I7J6gOtNW1YJB9XRJX/9G1RiEV8R8mTUZ1HTj3T7nYRZgna
++enRsnIs3l4++dFQgGJgWctLcqlwdBr0Vc+Q8gmbbQo+RZImHXByIp7Isu5GjNOaa
++FpHS6pnMa4YWy2Zb1w4TFDZtKQLJFh9xlnm9raJboLkUH5IMZwM9GSqeSe1baXxm
++3Rd05NAhqaB5C/3e4K0x06p2s/FTlnKKIXDWjE3LaGR22yiWN1hJ0UjMNp30IfKW
++XjqdNHeeuhFkh+LzlUW234gAiPp6b+S+/Mad/qMjsuYVdvEP3NN3Wa9myA6dYNV2
++TiFKH968gp7dibCzhq2VlKGDS9EElDxPyQ2Ksl8TQInWB87/OQIVcoSuyyW/5SCQ
++clcWTJiMl+u7iuYSVqeRRFpW8cXNqvBQvWlVh6xS06sdbViqUUAx9UHkDHznIZB6
++gWTwHQbPYW+4OARcPp9VEgorBgEEAZdVAQUBAQdAjaETDfBdtd++tzqzdA+vU1v7
++packRBfYKecXc29VuAkDAQgHiQI8BBgBCAAmFiEErLtDJDk63jUV2i3aTR6QDhTB
++zAQFAlw+n1UCGwwFCQPCZwAACgkQTR6QDhTBzATTuhAAiRBqsJJScqkUDI3sNOTQ
++TDk5hfAKsTYmMYa82/gKrPpEuF5bEb7G/YSW2Sw1vARB/wo3JC4GprZqVkMFFZBz
++yOI/TPT+ggpF+1sdu5WZaqIrpiTtjDF0VYB/1K54UNx1SY+98IXwmKkN3t3k1wo4
++2mM9XzFtQAS1GEP4TL8W+Q44BDql2DIigVBpI/IM9X6/JLNXzZ8io5CVbWbBUKfr
++ClVoJvzIs/Ns4hzjBYt8A2o7rl9IIdlE/6cYpAjOsJ835cEojhQh2vV7cpYY7qmV
+++IeYQtofX6vbYZzc0qIZgFDy4D4l13986R/O9wzRyx7FKDuo1HRYQjgzEjRiXSCX
++0vPn3S6pv33IM628+ylD+Obw0Lf/UwGptECIKQiMJeJ+KxauUdhupJqmDh0BI1QW
++6A5WKUHLytCjEBJ48HVqavVupXqzILEO/xFBQr5CnTXMt0t3EyMEah09/gNPLhHa
++evLxehC2xKyzRfnuf6hdypofbpTn2vQXGUsOtvtz5aXjxm9OSmqCZJ7Q6DIMnEl0
++6UYzHAVGy0FDOJKn5x/zBsaEaPUwVKfuOUEof4rK2p+iEc97gx3gvCcRJ9WsWG0w
++wfvoXnilvwdPioElEE0MJCLG5Hyso2C+juzigcyv5NYjt8evcMZzyItsg6pOTjK+
++vOAvuIlW5ipRqLT95IG9zfG5Ag0EXD6fgQEQALK+iIAoBZ9Gg+pLcxBoMC0T6w0K
++6iEhMJTK6LmKRsVO04APxpGcx8815GIH8HrjJcblQcb1FEzMUY//I6Yj3VM/VIuC
++rRxByqWu/siW/A0qY6uJzie2wo383KkCek7afDXOzokJu4gvFqV+sMeX2y5jfJ0l
++dpLeeT7JTCaKEk4+BDibNbCoO7E3xBeqS/PRWhkrKG3Xo3p8eHH8GcnbRgJAtC1I
++PMXPl6uynB1JJU2XfBn7l3kYbDsqNhsdxMrNbsVeUZHR0tBNc4lxtECbmAJnt9lo
++8Tjid1fsB0Zm/DdQr/zIdf6hbcdFOljnfZCW7kg3fJ6kUnFVF9hy2dMxvVtzq0DK
++6da6GjYIq8NGDJbqey6Rhe7SXim0QpALPerGLGKO8WWLK2ImITWcUvDGmjLICH3P
++5leURI7OiaX9BRWcY5IRVDONFdGOE8WRBBT4vQoSLd/pPU+HFRiVq52D4ZlZbTxg
++svdq2vmbhdapI0xVw+P86qPewXbbVpJod2k82UanHQATjMSuQ0EdBWopV7UhQDHi
++mhe64rxQ6ElQOs+cqhFQGgis4oprx1seWW0Ur5rbhrOESKXsXZ9k5CBWoLmn0/RB
++tQBRVN9gZ1WPDIhktgCkOLAV0u8mL1SpeVv1rJmRmTxUkpGip3IwC1dDJI2q5b96
++gfCNJLyIyec1Fa/jABEBAAGJAjwEGAEIACYWIQSsu0MkOTreNRXaLdpNHpAOFMHM
++BAUCXD6fgQIbDAUJA8JnAAAKCRBNHpAOFMHMBJP2D/4rv9HtPbxFRmMpAG5v7MsI
++kvLy37GNdXd30wgdoyFWO6S9cQAPQaU04xML+RBziXF3XS/M3Rs3Kb3lhPhqS4U8
++rtNkzKNc2aoD5jcZZ0LLRbhfjeRdawPgwoi8lHhuE1zP2rBvBZSJJTvIuEShuAkW
++rk5BLs1gOGdLvdY01Ijr/fZzNDtwRAWFi4u+2hlKJIeTchK9BmBwIAUglUwMVEYV
++GzBwf7HJ8t28+f3fr3A/RL/5JH4DBJNzRNkqOMl+EUmPtciiCCCbieN9secUrkKW
++4626V0zOtK88aLry/8B+6AEL/ciYrYN6QQTY1eO+Qlv2NBbjSTWK+XHkYKnvsEY0
++n9a8vozc4IfYwWYjlBFw41J939NAvdgV1DyuaIeahCpkmhEqCk6SLS0W4hep6i+V
++quZg9ya8igsLCqD3QcXZOpBDsG8Teo8zA18HNjCO+H/MF/uXBZTME7rZh1OwmTOm
++urZdLFrE8H76GR823i2QxZ971uWEul1R3nTmZmT0BfO20ZrZdd3flkZNuOMv2EvE
++iG/uScOy2g40HskYDNivlJeDdMpQLEt5326J2MVAHYfl3JL2A+577aAYFWEfwj32
++FUpSaCvrd29drICL4nCAtGCL7iurNgGK1/sNMFrCjba8juP6wUQTmWsQzO06ER5r
++3Xbzl63taYLysDgSXPT+/5kBDQRVgAbEAQgA0xX2/RBxhog3pf4hc1NGoNUbqB3y
++/9Pc9cu4kJS8pzgEE0UTcAlns5qqQ6eswxTn9S3adBHRELVF72uYNpZt6OeqPpp1
++6xEK9dbmSHLHxiHJO8lf8v9eyOwKYFzD4P5nI4nzkzPQu/j7YIX941IY+BK2DBUC
++3pQRhGWYn55wKByzhAB+9AxDQiNPD32EURupWQwdPZz1u71RvEW0VFo0MsUFFsF7
++quIEKIUhQ6heDRPMwxxPw4Dyf8hcvsBa9mm/dA7BO7zmG+NsveZHirUwaffP2O/9
++sW84vBGK1wvtvdXcGRCzB52CxebDv3w3Kw3cK3XtnG2fsLaScLUmDzb1cQARAQAB
++tB5KZXJlbXkgSGFycmlzIDxqZ2hAcmVkaGF0LmNvbT6JATgEEwECACIFAlWAFgYC
++GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELzljIzkHzLf9AcH+gId1Frl
++C9S9sAoYx15Lb9I/KEJi/Ag9QFGJIPuDUU5GU5uZ4GZTZOGUiQe7KJ2hJs7N9H8P
++c3sfCzLQjJxB0GLRTW+q9TNkHzEvGVHXmlDZpRh7vFJx6q/mk5EG0LL4bP1Gi5J1
++pTlqnbDNvWd9dchgNwXZRscP9sHo/gLUUms0+HRCEj/CvMX56EJoSFVGd92jFQxe
++9Iop5gH1n6lCoYEXLa1TC4F8SrWIjnkxlw7ZtnZ710xzjt7tDdrJMHOmMDsS49V1
++8Fi+ikCce+/9kqlRwyVXhJDBG/Vq/3v5dT4IFPn2MS2efx1mxmrTZqERaGDbghpa
++QS/VzrkCvfD3CMq0JkplcmVteSBIYXJyaXMgKG5vbmUpIDxqZ2hAd2l6bWFpbC5v
++cmc+iQE7BBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVYAYBAIZ
++AQAKCRC85YyM5B8y34iFB/9wozIYRogNdY1aejFFixb6++y4b1riyjMvWEULeEzD
++lQ0lMT6Z3PxXhZILD4y4aP7Kzx0ozXa5qaKy41EAPKQoPipnRAH04QytJbIERvz8
++Tot/LeCVKUc0G9DVxOPBD03czTgqgz4EjV2qvnLF+rTU0YBevrNCluKosGSd+3Rv
++LWVu0hBhn9pELKfXJNSQXZb+TpHDhSDZ/gCrglBEOhA6YWbDb/4gz+5TFKdk+B++
++iAQZSHv7zISabjN+BPYgI47A+MU4JycoXaAUnMc0l5ba6fGNaIrzruE4aAZrlP5o
+++7mlU9Mm0QJqdqYxYPAiplJGrZv+YXH1fp5ueEK3l+NGuQENBFWABsQBCADphLHa
++KToRuR/E7THerBiCjDatwCaETOKOTY2zRBQpaQ32p/F2XIGLS8Cc27+grZSKQ6ZX
++0ZN47O+AFyFHF8DH90IXZFpJR3Rb8zgXT8jnLX08DM31eECZHnRzFhGlOmq6WAUl
++qB3GKCPUCY2c4eTRXyoXLteTxrXCYoj45y/YmvlZrlonBNjPBAyHiO/LNz+V7fZt
++NsN7N/XGrnLbcdNfNd+SD1ENmbLJ8RvyymxguTyB/ka9JdjHHIoQEJ6L166B3hhf
++CHpt8iC0GPZkti9IMl0NoJ029jJm3Jq1qEceEBn5H5QMGn6Fq64iXwTsO1TMNUwp
++Wx8pjvV7wVIxjI8ZABEBAAGJAR8EGAECAAkFAlWABsQCGwwACgkQvOWMjOQfMt9N
++6Af8CS2CTrMQFdhkGEtBXmL4ifD8UHFkBRBGmM8ZL2fWUBTZXT8mrdRMOK6tcPnK
++WaCvWvKr0knt970j/DyAgFmH8hgOi3yctigFecVDjjilAeCJMq38s1tYKYiLDbBd
++HWtdkA9uHZwq3lfd3QxcEEO3QamQF+dO7h8gAOXlG+po87Hm+E0wz4swIB8+S37J
++zrx9uu0LSFDfJCTK+TIKGa5Un8LxPxyq9WnnNDh72zK7BiRidk/s40KcNod83NM4
++Hn/sbGfyLa8sS0F3ME0S+ocSMOiu/ZHHOiwpLYNbwTJ7stZxGsrguWeT9P+amxbA
++/YlK95LedstwvN+WcHZ7d++ArpkBogQ80tP1EQQAkRJpVJz3ks35wtJtqEFeHks4
++GI7JIi38GfvkJd8xKz8NAKYR+5veXWcALHE5twkERww3f0WMZCTAGAPo5sPHFV9a
++17UNlEUZs8tvyPqgVNTQj66gYykaq2r/boSwixrxMHaloNnap/EzMDXZRE2x/kdE
++EP9ZSvF7VtDYhwvCPjcAoI//AL/In3aVUpxadUHrEwFcHU2zA/4nEWDmeSPeA0kZ
++ORhp5g/pcoX4/no2G7lRIINooFfR7lyTJwSk57sK4rrJE63njUAbwQk5bR60XtS7
++owLZbG4saKE4FFOY5M2Pifz3jXy3dSfbqKkxkOxo0+EjHyrnrUkQYXEWWL5vRTPu
++eL7LpinFxivqgXz1QR6NW5PIKCcYAQP/bZ6wKCyFD77OHeHHvYeQRgNshvUsp898
++NZfGa/uHKKJlI2yRVfOmVijzOp8m9kYQ29tBEpGZwqA8WWPqebfXN2okCSkEFfBo
++9LY93O/ziqMjHj4Gmx/e+dkOrqYmeTJd5n7Hvyo2uEx0aDxI5EMwJ++48X73rCoh
++Ifn7uoLCd3C0GVRvbnkgRmluY2ggPGRvdEBkb3RhdC5hdD6IYgQTEQIAGgULBwoD
++BAMVAwIDFgIBAheAAhkBBQI80t8sABIJEP/A8UyExxtuB2VHUEcAAQEngACffaHN
++1vFAND3qnXOXF+C24rO4SOUAoIO1O8makm1tW0Qz/JLn5P/OkuYPtBpUb255IEZp
++bmNoIDxmYW5mQGV4aW0ub3JnPohgBBMRAgAgBQJEZGvMAhsDBgsJCAcDAgQVAggD
++BBYCAwECHgECF4AACgkQ/8DxTITHG25QYgCfYIDwuIdv3sjJX1JcqXxcy6kJIi8A
++n3fN1G9xTdgtNTi0aL01rJl1gWlgtBxUb255IEZpbmNoIDxmYW5mMkBjYW0uYWMu
++dWs+iGQEExECABwFAj0XOuMCGwMECwcDAgMVAgMDFgIBAh4BAheAABIJEP/A8UyE
++xxtuB2VHUEcAAQG5qgCePGYX+2/SUFlhIlTtJt+cq1BuP+4An3OThP4AU4PT/9Qv
+++VBQusMz17XctBxUb255IEZpbmNoIDxmYW5mQGFwYWNoZS5vcmc+iF8EExECABcF
++AjzS2LYFCwcKAwQDFQMCAxYCAQIXgAASCRD/wPFMhMcbbgdlR1BHAAEBwE8An0Gi
++R8w2XDM4Tq2I4aG6YV2sok26AJ4nxMCidQw1WcT8cVr8TaE72j8JtrQdVG9ueSBG
++aW5jaCA8ZmFuZkBGcmVlQlNELm9yZz6IXwQTEQIAFwUCPNLYkwULBwoDBAMVAwID
++FgIBAheAABIJEP/A8UyExxtuB2VHUEcAAQHwnwCeLGp7ZuYNsmlw9vQihPzieeEn
++eS8An2w4sBCNZi8rtJ0nIwXXRhfQIh8euQINBDzS1BUQCACbZIRga1GhFT9nzuME
++KZro2Hz3O/hk/kNJ2igl6zENbwyuaabIIYkq/U3VQd5HZHr9qBsYLAn8trjwvybn
++sEAcmAZrSiblOhg2kVV4DIaVcIXEa2mg3mGZtBiA0BF931kpS9O8cW80mZ3sJUql
++BAM5x4yxjdaavZrzwXM6toawLHfUzx6PyAfSbFZh1fRmGrB1Em1VsdUup7VNpFdk
++8iqQUuJbhdWe8usiFkvacImY05VnVBkn1JJE7urDOfXQQMb/UuUPE2OOE1EH4R0I
++XC08/OFLq1PeounG/fWZjebquiD+jTyLpoTiQKj7x0qpcvhM/6Es0slKMmdEmo9+
++RNQvAAMFB/9LZEIdW5/wYSMgTuEvc+cEHyPmaUe56XimdWmEFIxc21C29u2NtB0b
++o715YxT6FgdaCTvqF1C5AmjViPu9k2F8ykQ6mFjGrm8K2HuXRyeIRA6Zqanhu1uN
++uayLQ34c9sCjkXPb5PnhzBxmWYSmprq5nh+4a1aXt9wUX7bOcr2FqH2KJ1hhfisn
++QXKzKdwDGyhkDEjsHAYkqSCVZ9B2CRSDlprYbSiDKn1Zi1ktrKhSiE2wShwXpj/v
++exVQHPNnV8Y+oqwe/4wY3T1+f+QfBxzl1nhL7h0o2funn1xa01W3odrtWpQdGl+Z
++M+HG/BZfTs4qnNi8eRy4H5ColoAwLuGDiE4EGBECAAYFAjzS1BUAEgkQ/8DxTITH
++G24HZUdQRwABAYfuAJ4k3jgHTXOHznfpXNRDIjZqPPjJEACfXAql73R3KnkOqXNQ
++7FzYXOIPK76ZAg0ETo1xAQEQAM3ku0av9+W+uN3XuYI6Wq1EHbq2PobiMBzlVRFh
++t6NAZttjM/kv58It8OjTUxgsjqN9+SV+lwNEeHav8AK8D40FNNWs/5dfz6zz5jj0
++p7/f2u3g1RYL+31RoiRX7SA/cM9hADYax44bBoXxXu/cFerpWvCjJXYqUPi8BhRq
++EnnZXGxkb78iGu9mfYyOYDJvV+PNliv/sZfnrwIp1FjlVpUWospd0LtnNFk5uDNH
++zfNprdygLuXdwVG2YZGa20OBQnxHc6qnZf2h757KXOmad0RmTMY9mIj3RWZlyG+3
++VdQn9VGlHA/GYm+vP40lZWS3MNTWShq7I6aLIHZw7r5FxIxqhAhf5OnKoln3qt3o
++qwcLJOh0Xf3fGzvfRXbilEldJuomnIE1M6N3ZPznowj0IhDRJG9NQkaynjHzaP7e
++sm9IoZMKU/AU4mQnQppDI8whq50/Q92ypQtKgdeIGTeT7KPq2D0JrzhOuxKsvHV+
++8ziwBmmqjmkuuINuXuOLq1Rmi+pbToxFPusUIyMlbQGTyM+nav/kBJ2O/fcuPG+v
++73B5gcnn+s0n0xRXDetebINtSHv64Cb/Z7bjPbrETouzEkHwnN1GpFIypd1/wmyK
++5AtakpkHBiiEsP4Qor5t+mq9MAcff1cs/P4fHU/KDf6eRxAkgexk6Ifm6d5DJ/mg
++h3QxABEBAAG0IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAZXhpbS5vcmc+iQI4BBMB
++AgAiAhsDAh4BAheABQJOz8S4BgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdizaZ+Lz
++WYZuEACxAWE+2BQnssLMANzx/PIfedbomtwnORp+FwSm0MUEOEEVh5K0YZiDUanO
++0jAVH8VLWJ0/k9vxItOzrUcyl9QIyje+Jhfqe7PIuyQjNreynPv8UiGSIacIG3+D
++jo7VEN0SaGI5S/pHvGKJl+oHjGVfyFzdp6o+GvAmJJs1wotnYO7ln/L/6f4cpPwy
++2JQ/h8MaURugDVJEOs8U8YJ88Ioa54WjbLtjwJ1iaPRv035PKOSbk0QZ+ahq+0sk
++ND1BubPA9iD4DGgAR4aaE/ZmL1Trp3a6AtkcrrEvcc60yQvgRLy2fid4nQL0+/03
++4ybjqz6ZK9gVCGWK+DBfmnBtEEFLLbCXae1du4iDTTdI5pcm2wpe0YiDvJwkn1Ub
++LICm3yTJ04bzBo2EkhT1M9uYCIB/ebfGv9qxkeZ5wSUGG3ftU6I9L6nODyLkgC5P
++Gxf369LNQ8ClCRoG4lGAOJqCGNeuYXu/0VRlcJuajOPWIEmiVsIp7QwhqMe5AyTA
++Xzs9Z9BVYuSyxgh5lqLC7fwkaW/hfq9IsdoOHeZCFPyXnU9ZFPHTroC1W+Wy7orC
++tvIeSdOpOPFX05M5Eozm/DZ+MO6u/EVGds8fDcuWOfgRRCrZruwbPT87OuvfAx0m
++nmc6iLkk4J/HXbvIgYx2Rf7MO8K2Ttc9nCo+hVumzHp/21/h27QiRGF2aWQgV29v
++ZGhvdXNlIDxkYXZpZEB3b29kaG91LnNlPokCOAQTAQIAIgIbAwIeAQIXgAUCTs/E
++uAYLCQgHAwIGFQgCCQoLBBYCAwEACgkQY3Ys2mfi81m0ew/+ISlH4dOEyw9mRbCF
++sa4BBP+utZR2mGTYv6yQJIV+9/m6Tz+WlbloqrxZGG3CLwOPj80ovCl7ioi0m8bV
++A4KgSj1iPWYdnDo9mJJf/kKqfkwD5403XufpXPvjFJuytEFNgiUGcL0cJy7cDL6r
++I+3ZRd+zeOqEjqnD2+iUbA5iZqCVJ9cpWYY8rNKgMPQPt1VcVyCGnLH+zsa/uVQz
++EyZsnJXxsG7AABMmGBIKKUNkfGfmxDlU3Q2EgtOdaDtClB4nW0RlPP7p+8jPERbW
++UqD6fPDuMHVsq/cW2oUq+C2CJqDVBqSS0ECn/hLTCOKSiEw7OTZJfEuqvxpIfJ4a
++pXrlUP409+VJNE9as4V/vBGlALOAaf5FCedCvleguMATBAqDAx18r5oJCgpG9fIO
++7TIL9Xmt4GV3DlOzFL4YEs3J3SymYvrWhk4JjvmzTXTpwNTAMTCaaFOOXFqVcj6e
++Z1INROf46EBlvVQyRS5KCAKzudHtgnMfm3gz7Q9tMwTuGIGvoX687ZQD/WhlAK+W
++cbuPTKXgpak8k5wqBcgDGwCV0o2gRHJ6SFoIWlGYp8r553gfCaSuCOM48AYMGjdv
++g+itDEwyY8mMP25EWuFOr7/C/dTUx+mrwqTCTHaPUnqJC1bjxl8QB/OSX83iv6tW
++546xgXGvxyUpLE/t8LY+1wgCiCi0IkRhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAa2Vy
++bmVsLm9yZz6JAjgEEwECACICGwMCHgECF4AFAk7PxLgGCwkIBwMCBhUIAgkKCwQW
++AgMBAAoJEGN2LNpn4vNZTqoP/RL98RcHRFj2XZJ4+t3+A67hCzwuxmG+WmOJgDc5
++rC5JeapW6+vibU2TsrzOcJkf9Mw+pnt3u2LzFgt20CaZTBMXESVZUwa5PYXYnj/9
++AhmmOYlxSy6klWysjTUNwaBEuryQV+DgIJw+SeTZgsu6Z6ZRxe4UYmrCtGMghtkH
++A7THYKtgCpKkY2kN69JAW5WzUG1NSjIVX8MPPdMGCCf9R+dXqdyJAsPS9Yv9AvGf
++ZgUG1ARlvJOlXeMLb5z2LOizQVx7g1/ambpgpRAC33SMf1iEGWeTiIQfeBUgttOo
++D+KYDBSW/nYDq0FOkOOsvK0bAKxCUZEAUtJtTXeYU8WIvjuVdooG4tr7zMN4o3pg
++PpxFEQiZLu/6m+714bX1GAivvV1FCB5FuiGnVuYUardPjtuLZzrKI+cmVnW20tra
++R+OBf5RTuVUYSpClcvo/Q+fll7EdjS57ozKai1XsyGWPuR/ELDaffpz1ymi8upH4
++POjruAtIHTl2NzPYfo+jBE8zznoYT3FODnqersHaIBRD/OXEB/2Lm6V/8a05lVXF
++yT32LA6Ef0hLwjdGVuhwUW17OXyawmXhcLwBvsrVyegmOer6fZ/Xx6dZ9flrhH/H
++jASb1p/SGmWGuH1CjT6dhRo+XgkUveaJ5ip4KJvGC+J8xDdqkUPHnRdUs/R+/DrL
++IYeftCVEYXZpZCBXb29kaG91c2UgPGR3bXcyQGluZnJhZGVhZC5vcmc+iQI7BBMB
++AgAlAhsDAh4BAheAAhkBBQJOz8SvBgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdiza
++Z+LzWY5QD/9EJrnssxVTZVAt/OeX4ecgy6Z7nEsAq68QWc7nUbumzG3d3kzWn9li
++5yLLR6kEvj1g5w6t7X9pOG7UTqpCYs0jw72ozBPrJTNJk8rk00/R24ROVX4Bjb1t
++BUdLEuIne9lS7MnI2oaNTT9vyTV07OLc/aorKv3hyI6dryW43IDVAXQBqFL7H+iP
++zt0mSTOo+uCwY1G5pusmWUlLUAk83AfenBJCgj6F0WrcxY9MRxBpgghBVq07hynM
++2wulU4EHxjitzfVHmkqZa0dZhAYo/jOdU+K16kL2+dpKPy/1KADzbpNE4kULOmL0
++E8tenEBLM5Cb8QWVE0t4n0phFX2lrfH/bG1X3lj5uVEiBvx8LIjTcve+8G22qATt
++uQvt6wuFu6xSqs2LEV5yigVok1bQ7O4L0AXRqlkcCTI9XK0wxYCNPRp/jf17YSHA
++v0k7yXQ4GqJsbr/aFKjPUDJtcfI1Q/uJ5xGD1qVeJrcY6APoCFvlb9TxiUvt/fnZ
++QNkxLQ8yXxjxN2BdI48vMnKsPsvWq+vp57Kcqy2nwlMm1wmn0NdtfhfsyFX0eiiq
++/l8uW3R1FbkVnj/hH1p2mLnr0aDLGPtvXlETuoYdUtWWLpKQDST+zbtqJwDzjj9n
++vF/Exdt2XGHDjdP7J3jJ5wrli0P2fdWY0w7vAY2wmD1qoFLg+n/ENrkCDQROjXEB
++ARAA2oX+WFwo2ALAc5y4KURS+Ox9E4Y78Sey1/2wj06PNV/E97vpHfNgBa+qjcnP
++3Wt5lQSdB1DKjkhl050+p3L5cXueh2h19PWVnPcjjWviy4VjLx4fHH0vWenx+SNV
++j9A67S0aHzvfSvoBhPBn5WhEyKKhlQnCmx8HJgZsnyTOznGGwTatbzI+77BeiFcm
++BrBgpi6AMI7mV94Dv5mUsIiRmOFx0EMeMIkS5ocZfx73AoqjTmctxWg/LPigWYV6
++DngLY+YNL0JXkXKC6en1hFwc/3kmgAt8tj/XoI+wlo7EP/JMuHRKvvelQ/l6/RhN
++HClRXwDw0gmwtnBwXxWywQ15Z4sy4KgVhIySdYzwHBuaXHZOGJS9DYe92ZKfRLgf
++Zy7OWy7FrJnDQQrB15IKvxrgys5Fs5lYYEOmKXSDNDyfsnJsrOZhK2Y5FPeNkSSA
++/caTtrSLAaFkE+cNJ7wDno446EhTFRiFikcDKTcl6PzEPCKL2oWcJ9Qf9QkIG2kz
+++bp5gIMmIEOWyr3+0FaBQd9Lbtkl/XPCJ8dpmtLaSPNhmV5hAOAq4KJNaty0ETTu
++01RJhOCOXN+x5Flu8/aMjufSmSyOowkCnCGZ07jbt74in9Rgtn8tukIHZ02RSOVT
++pX0WG1c7v1ezKwBueot5WYxCe7l4QTzboMTF7caHoL214/MAEQEAAYkCHwQYAQIA
++CQUCTo1xAQIbDAAKCRBjdizaZ+LzWQ6tEADHjnV5WjOKSzurKRcRJZFCu2MEg49q
++GiNwyg37DLeWNXDNaZ+gzyVhRNPiNxxuyrjY9ZXXMQ0Ce+S0HJYEtEiVJJ95DABZ
++GUXKQdq212KVKDf/XWcojxY+vPRIKqKIkFVb9Jm8q5wzCSJUN6I9A1BlHwGNylwV
++Umpng5yGnTCrD2rsFiLqmk+gaKJKFWGoxBu5nlLOHwiBvCsIvmM/fHRUnEG5L2El
++Bgt+IvYPt+Sp0OmcmNp+4WEB0Ys35LmDj5PYhfGCzGnn8PkgxruthB/nkuSKeXKz
++cDQM43REx0bN3zVc1sR7ePvCmCPp0QQcEnkHrPoMeSGD2gSfbtegW+soCvOBgKYM
++XWAU+nfTvBkk+VUhRVWum2Q1thq+zFAFujuIxS635Wceqqnn/OgBv9st+qWYK6X0
++4OAibMy0p3E8bi0EunysUrmqAfh+F591NJ1g5KZhvLRwhFmZD5LQXA3m6dyvogRh
++/9NKMtuLE0D84/5t8+Ek8wZjBciKO//THdR9D2oYE2G1Q6rgz9vrhCIdAYeLMW8O
++VbnQca3uFaVcTC37p9mpQ9NfSTdZ07Ai7L5J2+gNs8hG/2yv2AKz5IAtHiv7hsfr
++UglTScycHZrcsepSErLkVoGpmpHo2QECdUbGHsuLsXIVaCAaLBK/ehxgFwukBqlB
++qZqeIHeOWTockZkCDQRLxXz3ARAA1OWxTnG1QgQ7Exqtw/vAJwPd90uImL8T8Gdn
++kWk+NeY10LPdcDU6VcIGN8Uc5I04V8rehVewnfgXUuGLxhzL6imQjoFZ686cXjqs
++uxrAtdMn1PnQOxr2YmPIZuLcP23ZI07EEHlnj4FqAoJqqWnSgJ+IhodLt3wWQu6e
++GfCbH9NsqlBSMuPDsSn/2nlfFubE0a9Ztxw5m47VMP1G1Fu+tRiIEddQcXDyGjGj
++e1gMChzaSFKoyGcmes+rRhkN30cEwCcItUkThFO+A4EbUR5/qbtpKdKTrA98M/Mk
++/eYC/dggtoZIrU2QePt7oJZjL7kPZ8EI2nT7fGrN3wdpnxiu3PbS1zCKvG5g2cPp
++llP10W1OL6wnUFclh+i1CNvP1p4+i1BAuoWTp5oi0pZd22qaNHnGty1fTVadBmjc
++vEF+zqdisBN5lpDeBe3NmchkPDGi+qi5ZhOt0HuEBcucCeB9ejQr1x6hsZutG5yc
++udTZkCRne2EHg2uQBW4BSfFeAYPn9S3yHofa6RyormUT2Q7PMsbNJBTkDo2eLuRz
++Z9gMrmL4m09Ql49F/Dh816UN0spQcvixOMRJ7eiT5EI12ocBME6LVMUyW7tHyvVL
++wQeJqsyE7Nu9B0qMMxKH4XP+WCUsZcUPGt3TwQUY81Hk3zTeoAaxFf+2GpXw5sRy
++hMhR3qcAEQEAAbQ7R3JhZW1lIEZvd2xlciAoS2V5IGNyZWF0ZWQgMjAxMC0wNC0x
++NCkgPGdyYWVtZUBncmFlbWVmLm5ldD6JAjwEEwECACYCGwMGCwkIBwMCBBUCCAME
++FgIDAQIeAQIXgAUCVq5N9gUJEm2e/wAKCRCtXtu3k+xX5JV1D/9l86woDToUaw5K
++JykHXVqs4M/Q1z7bZgPZjXlwDNIAQ3JzVIRV4i+co0cgprZq43Yr9hhN8hOV4Gqw
++qMm/LU73tT7PaLs5Gx0KJgznaE7/Jmi/qezKL0l69I3CaMPa1SHUj9NwXRRMWbvh
+++516yqEinARSDHQ1c5zDhgTuPWeHVxXg0IGfMWnw6QdCqghyjH+TzUO4kO+7r95S
++FRb1+LL5zz+bdBRJhZsGdGGim0aGvyOH8tIxwqXwrRBLZq1LiiLkLfLs6WKaPwZx
++/8ql6f2oye8fz+J+CGy1fh0pF/D8X4egAXopRyr8JpjSmKzZdrwp2M1MljsgxUhM
++ksRwBDeoS3axMWTVw2i4e90Cjf8vG5eLIdxIZpfwwYW5LRrXlAR7eTNPTh77vgGC
++6WMdImVBs1HeocZFpZCdpD3k6DHCn0SzRk/tt+1QL2xmja18BWVxC8GqbS9tl7rt
++k35+NN/2g/bLJOC9r+xsCT3k0NVPcR9O+NnliX+zl+1DFKAhthyX+0oNp0bSIISu
++d9XBNXL94t+RDh3lVgpU3l9pHP/YcIM1wDFiqxHv9zjBjx0DTUbJzwrCR44VGD0b
++0taWupNZ7onfCGRHlrJA09j5kjViUGsvaANqI3BbmvlAv9vbqbwajtDvvwrSx2L4
++pywDQ0obRGSeNq8G2BKK0+jjvGCMG7kCDQRLxXz3ARAArQhzbjp/qWYwTlpltK6g
++pzfTssKtIdE8JP1LKpIQIoyJoF62SzKHspRgPlCLJ7jZenvse+ints+h9CcrcCGR
++IvRKqmWt1IaTeyUNHXTc5MxPLb2HYnD3XF5GffSgXB6D3dufzd3zSViZmwb/2wkD
++Ftif80aOUD6JDoxJe+9MTUvcHF5gN6bUym8s30OFofCwC6ydxfb2cPBrGRQJhTXj
++CwieEIcZNzIwqEHc80Uk2BLuHO3mGxPm4lP2VIATCR+BHeLq4TjvNXfXQ739ggnX
++CXX7QGMvwArU3qvLXN2MxvhOCfrqZcccg/iBT/FPEOU8lnW+QFP6wFmtVHacGSEI
++miX8uBNcfmnPQRwA9QWWgjL9H03D8WJvJuuxmFHxakWiOWHfbD77sxfCA7Nm6DZe
++S+tHHvETjgbcERqfXWjh5oSJUShqBuxT3NXUxo61XeZVoM3rfgh51mfhymLDYFu3
++A6Odg8GvAY3pyvTlMb80zc8Js/e3AoqLn7/srFEvQ2PbZez9Hh0dbXoUzOx0gJ/5
++QhFPdI+f3/6M8AUfHAxfJS0jF5Ssm7nYx7XixQP9vx281iBFlS6XJJrt18acPRBf
++caIkJmyU5pFhCAQUiwAC2LbsoAW4hlHcDwXiUEFGJYjaXYK8Cl6fTiAfDRSvfQ7x
++u8QeteevYVGnpMJ5gebhFNMAEQEAAYkCJQQYAQIADwUCS8V89wIbDAUJEswDAAAK
++CRCtXtu3k+xX5KKeD/0fe4/l/M3z7fYLAAZ1Ocx7Rkuo0PQIWsfqtA8dFZu1r6h/
++Awu0bEhqedWH5X0uEt8TVRrUE1Elfs+x+HBVEg/H9tkZ7my1CjqZVbqeptw6s/za
++LIbfLFOWKNphZkTTBRqP4CRer7al9eaz6T4dIB7BIt06Gu6s3oJyFX7lNeGTQ7UZ
++5+TpriXxT/cTtT8SMKovhmmNOs5Cm3JksNdsTsDghLfJL+BRgsdRYkqxXRyuBn7M
++77czhulT2wETpxERtgGxkD1ztPpt232MUr/K8XqUo6OH/9bF21QF+QIB/MLXLImS
++6uw/lK03UXtu3Qfz5jfi+Mc/VBJlP/9ay88TgX8li3yExfuuXuEGZK8SMFSNjOAF
++QfaQG/n0jJljG+CFNbbkpHiU95P2ynlnRlW16w4koHelwoQXrovk3fykdB25fot4
++3g5v+rWHgqG+F0OJ4Sd3SPYCNUuGFyYBos4WZolqoqQONW9dq0AAeonlOmhPzTl+
++68HDRmgsG8goAzkH0e34qsVRdsQPLKJv2rAcAFFhWSDBIX4o7J+36Sv+7hqDfdhK
++n8b3MK+0ZKfm4QkuloNKvm4AZ/9NjAfvVJPWIvTu/wyPAqqcLIjM2e9mTJuKUy6f
++FhZqm8Xj1ksa+CQOl5gKZgu7EpR++ZnpRQujAsGsaaETG3h9pg4QH8G410jzDpkC
++DQRWzusnARAAq4Bl6qL9ZGBVQr+lol8pXDZUdlAW6alGA+m0cxtrDRfEYo/i4ocA
++V9LrXNrf/MspjCwaVXyfw4I4kbk3mt1MX5sgnuXqrajhMViyLPQTMGE9k2XheMSw
++4OftnqttnWKoWC4pqnoCcwVzz/2FmEMXAkEULxHlyM/ytb2Wr9rHvwHzVF+an2Jj
++i9IQc9V19w0e/IS44KzFJ7diIVW49zp/NjXJU1hCBOaR4jwNyXkNCItyDMAE1ukx
++jhIsEnyZsPMEtStFrLCFkI8c+1M3nEwKXmkR/aWAf9lqPlWsO2vz5MXB8VUoXNYy
++njMjMsEe98KMz6+KB5o/MJ6DUWPkV7dhTd6O6Ju2yKMeD24vlkZpFU9yhKbAS3u+
++AYpfYidys068LHA3uAbj81eLC1zsRZ8hrWJFvvLbZ6XyFQtOAsLYdOZOpozblVtt
++NYATTHswNsQTyCU+so8x7TexJRKuqvM/+k6Boo9Vzz1yufxl9+3oKRZ40EZGzKR2
++eho+XMwYMifzHJMvCkYkKHFIuAfyKm7vjmyh1THHZcKGjuK5TRvcFH0+9M5o/XZ/
++bv4yMmiaYZU32SLZaIPkNabh7gbj57R9hxKXfaWDyfxFQqHRhbcEhbGMx15hz9Wm
++oE9u0Jv63OSck//p8P1ZxNNmWFfb8LXxcBItJ5lnDQsAyoPY7ahoyJUAEQEAAbRG
++TmlnZWwgTWV0aGVyaW5naGFtICgyMDE2IEtleSBSZXBsYWNpbmcgUHJldmlvdXMg
++S2V5cykgPG5pZ2VsQGV4aW0ub3JnPokCPQQTAQoAJwUCVs7rJwIbAwUJEs/3gAUL
++CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCFvPesZzWmgAOnD/9khxy8o+25seMI
++1KRtdqmXrsRzzAic4W/95Qo+M7m5iHBHlOMaVUJa5TSl5EkhTqfSqwHdvYbawS4M
++pWn24yZrz25V4tqL25bBoV15chDNw4p2FEcfwOEReavbdTyg+HOZGq9hxCeZ92uK
++E8fcgMjMRHX4Er79GCGHf6IdSTzL8w3xy7STbk0qnnigNp8vI7L5EsxhVc0vQb4j
++hVhhbVQShzl6w6ddZr8XtIxeXv/Wo1BbIFNKTfmjy8fpulTO/r0KUEr6LPKA9a3y
++hmT4F0BzA5K6Ni0yIr+g1R3bl4kYxrVDwgxHZpT19lot9JuDTPbviNBY0jqNHOTt
++ynZHz/cYIYLFRnmD4JJtrJ8oOnIeJ1Y5N/VNGQxK/5iDRFtCK7iIdw44IM+X0vnR
++uaR7OWtVZqQXI1wY4W2wCW53UyAtLAmyJlR+9XaxrTMbO2CnaaxETndp6LuoLwPq
++IvKVRjt3RLQWHtOcPkyO+hCkqDIFfTptfHW5hN/T7DUZns2ph76VVROv6vcilMI3
++DN2KSss+A48hL08MFB43APJ5ZHkYn7EjUr5pkYR4wjZoBPWKb2vGZ5xCiQbHpiWq
++lvO2iqbrh5+RU0HZWumw4Y1lJC+bZkvAmnj6iTeOKGVvrNwYqoNzLoHANpBhy4Bz
++xbwgxOjwyKYXlWKq93K2QSeDXENBm7kCDQRWzusnARAAyFpN4GmBS1QqEpgDJmV0
++4shmjU3AS0t382Y6AZhvSdav26m02HkY5ZJ2Fg9v2N0VsxlWuOz0+qyCw1anzqMx
++8trlvTpkpbbalgw3i86vA9nlHUhTRUPDcHOTo69CLI8B1SoHif0wZrh8/Oig4ZS3
++ykvp+F+GSTTiTCaeT02mZ5HTZb5L+NRfWJ1j7ifcbiWSYQPHB9iaF4KAAIzfHazX
++g8kBcbhUR9D4EJKe+bj45/KsvkfQXTrGT24P+Et27wD2BZegX+ZbRIBDpQcSM/CI
++QEUvPod1UxNlm7iZeXgSEyWZYg1nSxiCgNQQkEeSL0zRheDgHC/3N2stdvWgk34L
++zBztoEzytLy3lnmWG7BSZuUAONiyBME9miRt5etc9Z/dKd2Pj4DlJKCtX/+vFc02
++2q0QXBttYBm1/+Z7YaK4wlWK7RAXD4zbCgbpYJkIFzGMhanuWybufpgqzQSBpzsN
++Hir+02KRri3ghgfxBXxpVB1T/cgCu1JQ+sefdLxpWhDX0WoMDgADqr2mnsIbWjnF
++M2YLLKBV0naNBHeLqTLg4MbU4c27spZuwB+jBliYiV5l/BZbSOS6B66pmuu6WGNc
++gpnfFnSuKOq7GGHPdOWv0IdWlHs5qBRdMf6UlzTa6fuLEN7Z/+Et3SVXWpwcwhLf
++SsKwXBt3ZZD2C2GMrGF0tikAEQEAAYkCJQQYAQoADwUCVs7rJwIbDAUJEs/3gAAK
++CRCFvPesZzWmgPYaD/44M3GM/YcC757H5eu2lnxbVSc/4z42FPftsls8VNajOBL+
++SVPd3qnchyu7O0NZU1NA8qld/Xs6Uf/jEhEdMbZsifLtIgUyvNxHdn0wpo/zNDFm
++MxZdtMyGjfX+/X6a6RRjxJOI8EJ0FxaoTeAjCo/7o+YTaCmJ+kgJcdJFxXANRKeK
++rOuTzXF4SB3eiEbX6vZjJR+5ucfEs/ZgZmw/p0R7aHObBtv6zxOrmJySmGDI6iaH
++sPc+pJjxReoZhc/YuZZvagHxyXDgtGSis3/kvSsZ6S5hjEIzOOzf5EnizEO10bm5
++rLf7NWm3ikq2DVamJc/0bJftNWqAwhczrWrc1g9ZZZwRZR+PvC82zRHcPfDmWcHg
++NpdJe2X1R4wpGY8YjOJEHouEpt8+RwwN9mK7CqZLMW8rIO+JLDkAAvyh+x6kG9vx
++2ckRG1Z1N2ZI0M3Zpo6qPSukqcA1uZOthy94L374y5Apn6J+yNaxege5yEZK3mMQ
++xFRLfsCKlHia4aQTMOUCD4NRoPU/MHN5OZkDYaGrQ8fT4K/1/lMMW9y2Gi9YkNsX
++BoyGMdgMgRNQJ0cSWSYlYyx22FQ+PVR9F08TarHBwSMUUPzo0GtPavcqdXAsbfy0
++ubfVmCzt64fDowozkEAzsraGjSp+EoNLJleyM314Eqp0LEyumt0vJEnNK162rQ==
++=q8ga
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
- opts=pgpsigurlmangle=s/$/.asc/,uversionmangle=s/_/~/ \
- http://ftp.exim.org/pub/exim/exim4/exim-(\d.*)\.(?:tgz|tar\.(?:gz|bz2|xz))
+version=3
++opts=pgpsigurlmangle=s/$/.asc/,uversionmangle=s/[_-]/~/g \
++https://downloads.exim.org/exim4/exim-(\d.*)\.(?:tgz|tar\.(?:gz|bz2|xz))