From: Andreas Metzler Date: Fri, 27 Sep 2019 16:09:35 +0000 (+0200) Subject: Import Debian changes 4.92-8+deb10u3 X-Git-Tag: debian/4.92-8+deb10u3^0 X-Git-Url: https://git.hcoop.net/hcoop/debian/exim4.git/commitdiff_plain/01e60269815612fced0df2994079cb2081f8ff0b Import Debian changes 4.92-8+deb10u3 exim4 (4.92-8+deb10u3) buster-security; urgency=high * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer overflow in string_vformat. exim4 (4.92-8+deb10u2) buster-security; urgency=high * 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI related buffer overflow. CVE-2019-15846 exim4 (4.92-8+deb10u1) buster-security; urgency=high * Fix remote command execution vulnerability related to "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 exim4 (4.92-8) unstable; urgency=low * Pulled from exim-4.92+fixes branch: + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch Fix expansion of $tls_out_ocsp under hosts_request_ocsp. + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch When tls_verify_certificates was set to a directory instead of a file exim/GnuTLS would still send out the list of accepted certificates, This did not match documented behavior. + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch The dsn_from option was not used for DSN success messages. * Pulled from upstream GIT master: + 75_14-Fix-smtp-response-timeout.patch Fix the timeout on smtp response to apply to the whole response instead of resetting for every byte received. + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch https://bugs.exim.org/show_bug.cgi?id=2405 ${eval } was broken on 32bit archs. exim4 (4.92-7) unstable; urgency=medium * Upload to unstable. exim4 (4.92-6) experimental; urgency=medium * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for debugging sa-exim. * Set HAVE_LOCAL_SCAN=yes in EDITME. * Upload to experimental. exim4 (4.92-5) unstable; urgency=medium * Improved spam-scanning example with accompaning information in README.Debian. Explicitly warn about adding the default SpamAssassin report in a header, which Closes: #774553 * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on the (working) version of the patch. Drop exim4-dev package. Add a NEWS entry for this change. exim4 (4.92-4) unstable; urgency=medium * Another patch from exim-4.92+fixes branch: 75_10-Harden-plaintext-authenticator.patch exim4 (4.92-3) unstable; urgency=medium * Pull fixes from exim-4.92+fixes branch. + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch + 75_08-Logging-fix-initial-listening-on-log-line.patch + 75_09-OpenSSL-Fix-aggregation-of-messages.patch exim4 (4.92-2) unstable; urgency=medium * Upload to unstable. exim4 (4.92-1) experimental; urgency=medium * Point watchfile to release directory again. * New upstream stable release, identical to rc6 except for the version string. * Pull fixes from exim-4.92+fixes branch. + 75_01-Fix-json-extract-operator-for-unfound-case.patch + 75_02-Fix-transport-buffer-size-handling.patch + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch * Upload to experimental while waiting for rc6 to migrate. exim4 (4.92~RC6-1) unstable; urgency=low * New upstream snapshot rc6, includes 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch. exim4 (4.92~RC5-2) unstable; urgency=high * In init script use start-stop-daemon directly instead of lsb-base's killproc which currently fails to pass on the executable name to s-s-d (921558). This broke with s-s-d 1.19.2 which (for security reasons) requires further filtering arguments in addition to --pidfile when the pid file is not owned by root. Closes: #921205 exim4 (4.92~RC5-1) unstable; urgency=medium * New upstream snapshot rc5. * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers was ignored. exim4 (4.92~RC4-3) unstable; urgency=medium * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * Drop outdated pointers to alioth package homepage from README.Debian. * Update exim4-config Breaks to enforce upgrade to daemon binary package with DANE support. Closes: #919902 * [lintian] Minimize upstream/signing-key.asc. exim4 (4.92~RC4-2) unstable; urgency=medium * Upload to unstable. exim4 (4.92~RC4-1) experimental; urgency=low * New upstream version. + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch. + Unfuzz patches. exim4 (4.92~RC3-1) unstable; urgency=low * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from upstream GIT master, fixing outgoing TLS 1.3. https://bugs.exim.org/show_bug.cgi?id=2359 * New upstream version. * Upload to unstable. exim4 (4.92~RC2-1) experimental; urgency=low * New upstream version. + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch exim4 (4.92~RC1-1) experimental; urgency=low * Update upstream/signing-key.asc from https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding 96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing 1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and FAA1C7F9CD077DC4304BC0C885AB833FDDC03262. * New upstream release candidate: + Point watchfile to test subdir. + Update watchfile to handle -RC1 in addition to _RC1. + Drop 75_fixes*.patch. + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch + Update configuration from upstream example, except for tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport: * Enable dns_dnssec_ok. * Set dnssec_request_domains = * on dnslookup and dnslookup_relay_to_domains routers. * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp transport unless REMOTE_SMTP_DISABLE_DANE is set. * Set multi_domain on remote_smtp_smarthost transport. * Post release updates: + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch exim4 (4.91-9) unstable; urgency=low * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back autodeleted comments. * Update from exim-4_91+fixes branch: + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch + 75_fixes_29-Fix-AUTH_GSASL-build.patch + 75_fixes_30-Harden-string-list-handling.patch exim4 (4.91-8) unstable; urgency=low [ Andreas Metzler ] * Update from exim-4_91+fixes branch: + 75_fixes_18-Restore-Darwin-OS-configuration.patch + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch [ Marc Haber ] * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper. exim4 (4.91-7) unstable; urgency=low * Update from exim-4_91+fixes branch: + 75_fixes_16-Fix-non-EVENTS-build.patch + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch exim4 (4.91-6) unstable; urgency=low * Update from exim-4_91+fixes branch: + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck. (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS) exim4 (4.91-5) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch exim4 (4.91-4) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch + 75_fixes_07-tidying.patch + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch * [lintian] Delete trailing empty lines in changelog. exim4 (4.91-3) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch + Move 50_localscan_dlopen.dpatch to end of patch series and rename to 90_... to preserve alphanumeric patch ordering. * Add log_message for local blacklists to improve log readability. (Patch by Dominic Hargreaves). exim4 (4.91-2) unstable; urgency=low * Upload to unstable. exim4 (4.91-1) experimental; urgency=medium * Point watchfile to release directory again and use downloads.exim.org host. * New upstream version. * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did not ship libgnutls-dane0. exim4 (4.91~RC4-1) experimental; urgency=medium * New upstream version. exim4 (4.91~RC3-1) experimental; urgency=medium * New upstream version. * Point vcs* to salsa. exim4 (4.91~RC2-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch exim4 (4.91~RC1-1) experimental; urgency=medium * Point watchfile to test subdirectory. * New upstream version: + Drop debian/patches/75_*. + Update example.conf.md5. Upstream now enables verify = header_syntax check in default config, mirror this change in Debian, introduce NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this. * Build with newly available (well, for GnuTLS) DANE support. * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250. exim4 (4.90.1-5) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_15-Pipe-transport-part-two.-Bug-2257.patch 75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch 75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch exim4 (4.90.1-4) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch 75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch 75_13-Unbreak-DMARC.patch 75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch exim4 (4.90.1-3) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch 75_08-Mark-variables-unused-before-release-of-store-in-the.patch 75_09-Mark-variables-unused-before-release-of-store-in-the.patch 75_10-Mark-variables-that-are-unused-before-release-of-sto.patch exim4 (4.90.1-2) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch 75_02-Fix-memory-leak-during-multi-message-reception-using.patch 75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch 75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch 75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch 75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch exim4 (4.90.1-1) unstable; urgency=high * New upstream version, fixing CVE-2018-6789. Closes: #890000 + Drop 75_*.patch. exim4 (4.90-7) unstable; urgency=medium * Update from exim-4_90+fixes branch. (exim-4.90.0.27) + 75_21-DKIM-fix-buffer-overflow-in-verify.patch + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch * Typo fixes in old patch descriptions. (Thanks, lintian!) exim4 (4.90-6) unstable; urgency=medium * Update from exim-4_90+fixes branch. + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch Closes: #887489 + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch exim4 (4.90-5) unstable; urgency=low * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from exim-4_90+fixes branch. * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971 * [update-exim4.conf] stop converting variables set to an empty value in /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972 exim4 (4.90-4) unstable; urgency=low * Update from exim-4_90+fixes branch. 75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch 75_14-Fix-D-string-expansion-to-not-use-millisec.patch 75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch exim4 (4.90-3) unstable; urgency=medium * Three more patches from exim-4_90+fixes branch: 75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch 75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch 75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch exim4 (4.90-2) unstable; urgency=medium * Update to exim-4_90+fixes branch: + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch. + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch + 75_05-Fix-build-of-nisplus-lookup.patch + 75_06-Fix-const-issue-in-nisplus-lookup.patch + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch exim4 (4.90-1) unstable; urgency=low * rc4 released as 4.90. * Point watchfile to release directory again. * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream GIT master branch. Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html * Simplify debian/rules and make it usable with dh v10 compat. The fine-grained support for selecting the to be built packages (-custom with or without -base) was dropped. The build process is now controlled by attaching tasks to dh-override hooks instead of using file dependencies, makefile-style. The latter broke with dh v10 due to upstream's build-system which always has the main targets out-of-date inter alia due to the compile-number feature. * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change buildflags ATM.) * Use debhelper v10 compat. * Drop override_dh_strip-arch, we have had enough toolchain and source changes to prevent file conflicts. exim4 (4.90~RC4-1) unstable; urgency=medium * New upstream version. exim4 (4.90~RC3-2) unstable; urgency=low * Upload to unstable. * Point homepage to https URL. exim4 (4.90~RC3-1) experimental; urgency=medium * New upstream version. + Fix a use-after-free while reading smtp input for header lines. A crafted sequence of BDAT commands could result in in-use memory being freed. CVE-2017-16943. Closes: #882648 + Fix checking for leading-dot on a line during headers reading from SMTP input. Previously it was always done; now only done for DATA and not BDAT commands. CVE-2017-16944 Closes: #882671 * Drop 78_Disable-chunking-BDAT-by-default.patch again. exim4 (4.90~RC2-3) experimental; urgency=medium * As a workaround for the yet-unfixed security vulnerability resurrect (and adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html exim4 (4.90~RC2-2) experimental; urgency=low * B-d on lynx, instead of lynx-cur | lynx. exim4 (4.90~RC2-1) experimental; urgency=low * New upstream release candidate. + Unfuzz patches, drop 40_reproducible_build.diff and 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff. + Refresh debian/example.conf.md5, No changes to Debian's configuration needed, upstream added a (commented) entry to change OpenSSL ciphers. exim4 (4.90~RC1-1) experimental; urgency=low * New upstream release candidate. + Point watchfile to test subdirectory. + Update 40_reproducible_build.diff + Drop 75_fixes*.patch and 80_Repair-manualroute-transport-name-not-last-option.patch. + Unfuzz EDITME*.diff + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when SOURCE_DATE_EPOCH is set. * Drop trailing whitespace in debian/README.source, debian/changelog and debian/rules. (Thanks, lintian) * Drop debian/README.source and outdated parts of debian/copyright. exim4 (4.89-13) unstable; urgency=high * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944 exim4 (4.89-12) unstable; urgency=high * Sync with exim-4_89+fixes branch: + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943 * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch. exim4 (4.89-11) unstable; urgency=critical * B-d on lynx, instead of lynx-cur | lynx. exim4 (4.89-10) unstable; urgency=critical * As a workaround for the yet-unfixed security vulnerability resurrect 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html exim4 (4.89-9) unstable; urgency=medium * Upload to unstable. exim4 (4.89-8) experimental; urgency=low * Sync with exim-4_89+fixes branch: 75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch 75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch * Point watchfile to https site. exim4 (4.89-7) unstable; urgency=low * In debian/rules' manually called update-mtaconflicts target use grep-aptavail instead of hard-coding /var/lib/apt/lists/. (Thanks, Julian Andres Klode) Closes: #874772 * Update debian/mtalist. * Sync with exim-4_89+fixes branch: 75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch 75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch 75_fixes_15-SOCKS-fix-unitialized-pointer.patch 75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch. exim4 (4.89-6) unstable; urgency=medium * Use "runuser --command ..." instead of "su - --command ..." in exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688 (Thanks, Jakobus Schürz) * Sync priorities with override file: exim4{,-base,-config,-daemon-light} optional from standard, exim4-dev optional from extra. * In debian/rules when setting up the build-tree for -custom also copy EDITME.eximon to allow building based on EDITME.exim4-light with eximon building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813 exim4 (4.89-5) unstable; urgency=medium * Update to exim-4_89+fixes branch: 75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch 75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch (replaces 79_CVE-2017-1000369.patch) 75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces 81_Fix-log-line-corruption-for-DKIM-status.patch) 75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch 75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch 75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch 75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch 75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch (CVE-2017-10140) 75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch 75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch 75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch * Simplify debian/rules by including buildflags.mk unconditionally which was introduced in dpkg 1.16.1 released in October 2011. * Use pkg-info.mk to get package-version, upstream-version and SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not provided by pkg-info.mk. * [lintian] In *daemon.postinst use which certtool instead of [ -x /usr/bin/certtool ] to check for availablility of the command. exim4 (4.89-4) unstable; urgency=low * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT master: Starting with 4.85 a transport name needed to specified after options in route_list. Closes: #865287 * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master. * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by default. * Standards-Version: 4.0.0 + Do not check for availability of invoke-rc.d, use it always and do not fall back to invoking the init-script directly. + Drop eximon menu file. * Migrate to automatic debug packages. Bump b-d on debhelper since --dbgsym-migration was introduced in debhelper 9.20160114. exim4 (4.89-3) unstable; urgency=high * Re-upload to unstable. --- 01e60269815612fced0df2994079cb2081f8ff0b diff --cc debian/EDITME.exim4-heavy.diff index 136ca61,0000000..b2c7b4e mode 100644,000000..100644 --- a/debian/EDITME.exim4-heavy.diff +++ b/debian/EDITME.exim4-heavy.diff @@@ -1,157 -1,0 +1,158 @@@ - --- EDITME.exim4-light 2017-03-04 11:15:58.309895066 +0100 - +++ EDITME.exim4-heavy 2017-03-04 11:17:12.616522005 +0100 - @@ -212,7 +212,7 @@ ++--- EDITME.exim4-light 2019-04-16 15:54:51.009790678 +0000 +++++ EDITME.exim4-heavy 2019-04-16 15:54:44.177917231 +0000 ++@@ -217,7 +217,7 @@ + + # This one is very special-purpose, so is not included by default. + +-# ROUTER_IPLOOKUP=yes ++ROUTER_IPLOOKUP=yes + + + #------------------------------------------------------------------------------ - @@ -244,7 +244,7 @@ ++@@ -249,7 +249,7 @@ + + SUPPORT_MAILDIR=yes + SUPPORT_MAILSTORE=yes +-# SUPPORT_MBX=yes ++SUPPORT_MBX=yes + + + #------------------------------------------------------------------------------ - @@ -305,15 +305,15 @@ ++@@ -310,16 +310,16 @@ + LOOKUP_CDB=yes + LOOKUP_DSEARCH=yes + # LOOKUP_IBASE=yes +-# LOOKUP_LDAP=yes +-# LOOKUP_MYSQL=yes ++LOOKUP_LDAP=yes ++LOOKUP_MYSQL=yes ++ # LOOKUP_MYSQL_PC=mariadb + LOOKUP_NIS=yes + # LOOKUP_NISPLUS=yes + # LOOKUP_ORACLE=yes + LOOKUP_PASSWD=yes +-# LOOKUP_PGSQL=yes ++LOOKUP_PGSQL=yes + # LOOKUP_REDIS=yes +-# LOOKUP_SQLITE=yes ++LOOKUP_SQLITE=yes + # LOOKUP_SQLITE_PC=sqlite3 + # LOOKUP_WHOSON=yes + - @@ -334,7 +334,7 @@ ++@@ -340,7 +340,7 @@ + # with Solaris 7 onwards. Uncomment whichever of these you are using. + + # LDAP_LIB_TYPE=OPENLDAP1 +-# LDAP_LIB_TYPE=OPENLDAP2 ++LDAP_LIB_TYPE=OPENLDAP2 + # LDAP_LIB_TYPE=NETSCAPE + # LDAP_LIB_TYPE=SOLARIS + - @@ -373,6 +373,9 @@ ++@@ -385,6 +385,9 @@ + # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 + + ++LOOKUP_INCLUDE=-I/usr/include/mysql -I`pg_config --includedir` ++LOOKUP_LIBS=-lldap -llber -lmysqlclient -lpq -lsqlite3 ++ + #------------------------------------------------------------------------------ + # Compiling the Exim monitor: If you want to compile the Exim monitor, a + # program that requires an X11 display, then EXIM_MONITOR should be set to the - @@ -381,7 +384,7 @@ ++@@ -393,7 +396,7 @@ + # files are defaulted in the OS/Makefile-Default file, but can be overridden in + # local OS-specific make files. + +-EXIM_MONITOR=eximon.bin ++# EXIM_MONITOR=eximon.bin + + + #------------------------------------------------------------------------------ - @@ -391,7 +394,7 @@ ++@@ -403,7 +406,7 @@ + # and the MIME ACL. Please read the documentation to learn more about these + # features. + +-# WITH_CONTENT_SCAN=yes ++WITH_CONTENT_SCAN=yes + - #------------------------------------------------------------------------------ - # If you're using ClamAV and are backporting fixes to an old version, instead - @@ -627,16 +630,16 @@ ++ # If you have content scanning you may wish to only include some of the scanner ++ # interfaces. Uncomment any of these lines to remove that code. ++@@ -645,16 +648,16 @@ + # configuration to make use of the mechanism(s) selected. + + AUTH_CRAM_MD5=yes +-# AUTH_CYRUS_SASL=yes +-# AUTH_DOVECOT=yes ++AUTH_CYRUS_SASL=yes ++AUTH_DOVECOT=yes + # AUTH_GSASL=yes + # AUTH_GSASL_PC=libgsasl + # AUTH_HEIMDAL_GSSAPI=yes + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 + AUTH_PLAINTEXT=yes +-# AUTH_SPA=yes +-# AUTH_TLS=yes ++AUTH_SPA=yes ++AUTH_TLS=yes + + # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 + # requires multiple pkg-config files to work with Exim, so the second example - @@ -649,7 +652,7 @@ ++@@ -667,7 +670,7 @@ + # Similarly for GNU SASL, unless pkg-config is used via AUTH_GSASL_PC. + # Ditto for AUTH_HEIMDAL_GSSAPI(_PC). + +-# AUTH_LIBS=-lsasl2 ++AUTH_LIBS=-lsasl2 + # AUTH_LIBS=-lgsasl + # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt + - @@ -923,7 +926,7 @@ ++@@ -945,7 +948,7 @@ + # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded + # Perl costs quite a lot of resources. Only do this if you really need it. + +-# EXIM_PERL=perl.o ++EXIM_PERL=perl.o + + + #------------------------------------------------------------------------------ - @@ -933,7 +936,7 @@ ++@@ -955,7 +958,7 @@ + # that the local_scan API is made available by the linker. You may also need + # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. + +-# EXPAND_DLFUNC=yes ++EXPAND_DLFUNC=yes + + + #------------------------------------------------------------------------------ - @@ -943,11 +946,11 @@ ++@@ -965,11 +968,11 @@ + # support, which is intended for use in conjunction with the SMTP AUTH + # facilities, is included only when requested by the following setting: + +-# SUPPORT_PAM=yes ++SUPPORT_PAM=yes + + # You probably need to add -lpam to EXTRALIBS, and in some releases of + # GNU/Linux -ldl is also needed. +-EXTRALIBS=-ldl ++EXTRALIBS=-lpam -export-dynamic + + + #------------------------------------------------------------------------------ - @@ -961,7 +964,7 @@ ++@@ -983,7 +986,7 @@ + # If you may want to use inbound (server-side) proxying, using Proxy Protocol, + # uncomment the line below. + +-# SUPPORT_PROXY=yes ++SUPPORT_PROXY=yes + + + #------------------------------------------------------------------------------ - @@ -1299,7 +1302,7 @@ ++@@ -1338,7 +1341,7 @@ + # local part) can be increased by changing this value. It should be set to + # a multiple of 16. + +-# MAX_NAMED_LIST=16 ++MAX_NAMED_LIST=32 + + + #------------------------------------------------------------------------------ diff --cc debian/EDITME.exim4-light.diff index 4b492cd,0000000..dc04331 mode 100644,000000..100644 --- a/debian/EDITME.exim4-light.diff +++ b/debian/EDITME.exim4-light.diff @@@ -1,228 -1,0 +1,255 @@@ - --- src/EDITME 2017-02-12 14:19:37.000000000 +0000 - +++ EDITME.exim4-light 2017-02-12 14:22:15.062382937 +0000 ++--- src/EDITME 2019-04-16 15:52:53.000000000 +0000 +++++ EDITME.exim4-light 2019-04-16 15:54:51.009790678 +0000 +@@ -98,7 +98,7 @@ + # /usr/local/sbin. The installation script will try to create this directory, + # and any superior directories, if they do not exist. + +-BIN_DIRECTORY=/usr/exim/bin ++BIN_DIRECTORY=/usr/sbin + + + #------------------------------------------------------------------------------ +@@ -114,7 +114,7 @@ + # don't exist. It will also install a default runtime configuration if this + # file does not exist. + +-CONFIGURE_FILE=/usr/exim/configure ++CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated + + # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. + # In this case, Exim will use the first of them that exists when it is run. +@@ -131,7 +131,7 @@ + # deliveries. (Local deliveries run as various non-root users, typically as the + # owner of a local mailbox.) Specifying these values as root is not supported. + +-EXIM_USER= ++EXIM_USER=ref:Debian-exim + + # If you specify EXIM_USER as a name, this is looked up at build time, and the + # uid number is built into the binary. However, you can specify that this +@@ -153,6 +153,7 @@ + # you want to use a group other than the default group for the given user. + + # EXIM_GROUP= ++EXIM_GROUP=ref:Debian-exim + + # Many sites define a user called "exim", with an appropriate default group, + # and use +@@ -173,7 +174,7 @@ + + # Almost all installations choose this: + +-SPOOL_DIRECTORY=/var/spool/exim ++SPOOL_DIRECTORY=/var/spool/exim4 + + + - @@ -232,7 +233,7 @@ ++@@ -237,7 +238,7 @@ + # This one is special-purpose, and commonly not required, so it is not + # included by default. + +-# TRANSPORT_LMTP=yes ++TRANSPORT_LMTP=yes + + + #------------------------------------------------------------------------------ - @@ -241,8 +242,8 @@ ++@@ -246,8 +247,8 @@ + # MBX, is included only when requested. If you do not know what this is about, + # leave these settings commented out. + +-# SUPPORT_MAILDIR=yes +-# SUPPORT_MAILSTORE=yes ++SUPPORT_MAILDIR=yes ++SUPPORT_MAILSTORE=yes + # SUPPORT_MBX=yes + + - @@ -301,15 +302,15 @@ ++@@ -306,16 +307,16 @@ + LOOKUP_LSEARCH=yes + LOOKUP_DNSDB=yes + +-# LOOKUP_CDB=yes +-# LOOKUP_DSEARCH=yes ++LOOKUP_CDB=yes ++LOOKUP_DSEARCH=yes + # LOOKUP_IBASE=yes + # LOOKUP_LDAP=yes + # LOOKUP_MYSQL=yes ++ # LOOKUP_MYSQL_PC=mariadb +-# LOOKUP_NIS=yes ++LOOKUP_NIS=yes + # LOOKUP_NISPLUS=yes + # LOOKUP_ORACLE=yes +-# LOOKUP_PASSWD=yes ++LOOKUP_PASSWD=yes + # LOOKUP_PGSQL=yes + # LOOKUP_REDIS=yes + # LOOKUP_SQLITE=yes - @@ -577,7 +578,7 @@ ++@@ -367,7 +368,7 @@ ++ # Uncomment the following line to add DANE support ++ # Note: Enabling this unconditionally overrides DISABLE_DNSSEC ++ # For DANE under GnuTLS we need an additional library. See TLS_LIBS below. ++-# SUPPORT_DANE=yes +++SUPPORT_DANE=yes ++ ++ #------------------------------------------------------------------------------ ++ # Additional libraries and include directories may be required for some ++@@ -595,7 +596,7 @@ + # CONFIGURE_OWNER setting, to specify a configuration file which is listed in + # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. + +-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs ++TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs + + + #------------------------------------------------------------------------------ - @@ -613,6 +614,9 @@ ++@@ -631,6 +632,9 @@ + + # WHITELIST_D_MACROS=TLS:SPOOL + ++# Mailscanner uses -DOUTGOING. ++WHITELIST_D_MACROS=OUTGOING ++ + #------------------------------------------------------------------------------ + # Exim has support for the AUTH (authentication) extension of the SMTP + # protocol, as defined by RFC 2554. If you don't know what SMTP authentication - @@ -622,7 +626,7 @@ ++@@ -640,7 +644,7 @@ + # included in the Exim binary. You will then need to set up the run time + # configuration to make use of the mechanism(s) selected. + +-# AUTH_CRAM_MD5=yes ++AUTH_CRAM_MD5=yes + # AUTH_CYRUS_SASL=yes + # AUTH_DOVECOT=yes + # AUTH_GSASL=yes - @@ -630,7 +634,7 @@ ++@@ -648,7 +652,7 @@ + # AUTH_HEIMDAL_GSSAPI=yes + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 +-# AUTH_PLAINTEXT=yes ++AUTH_PLAINTEXT=yes + # AUTH_SPA=yes + # AUTH_TLS=yes + - @@ -656,7 +660,7 @@ ++@@ -674,7 +678,7 @@ + # one that is set in the headers_charset option. The default setting is + # defined by this setting: + +-HEADERS_CHARSET="ISO-8859-1" ++HEADERS_CHARSET="UTF-8" + + # If you are going to make use of $header_xxx expansions in your configuration + # file, or if your users are going to use them in filter files, and the normal - @@ -745,7 +749,7 @@ ++@@ -763,7 +767,7 @@ + # leave these settings commented out. + + # This setting is required for any TLS support (either OpenSSL or GnuTLS) +-# SUPPORT_TLS=yes ++SUPPORT_TLS=yes + + # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not + # USE_OPENSSL_PC=openssl - @@ -753,9 +757,9 @@ ++@@ -771,9 +775,9 @@ + + # Uncomment the first and either the second or the third of these if you + # are using GnuTLS. If you have pkg-config, then the second, else the third. +-# USE_GNUTLS=yes ++USE_GNUTLS=yes + # USE_GNUTLS_PC=gnutls +-# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt ++TLS_LIBS=-lgnutls + + # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's + # build process will require libgcrypt-config to exist in your $PATH. A - @@ -847,6 +851,7 @@ ++@@ -809,7 +813,7 @@ ++ # TLS_LIBS=-L/opt/gnu/lib -lgnutls -ltasn1 -lgcrypt ++ ++ # For DANE under GnuTLS we need an additional library. ++-# TLS_LIBS += -lgnutls-dane +++TLS_LIBS += -lgnutls-dane ++ ++ # TLS_LIBS is included only on the command for linking Exim itself, not on any ++ # auxiliary programs. If the include files are not in a standard place, you can ++@@ -830,6 +834,7 @@ ++ # description of the API to this function, see the Exim specification. ++ ++ DLOPEN_LOCAL_SCAN=yes +++HAVE_LOCAL_SCAN=yes ++ ++ # If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the ++ # linker flags. Without it, the loaded .so won't be able to access any ++@@ -868,6 +873,7 @@ + # to form the final file names. Some installations may want something like this: + + # LOG_FILE_PATH=/var/log/exim_%slog ++LOG_FILE_PATH=/var/log/exim4/%slog + + # which results in files with names /var/log/exim_mainlog, etc. The directory + # in which the log files are placed must exist; Exim does not try to create - @@ -895,7 +900,7 @@ ++@@ -916,7 +922,7 @@ + # files. Both the name of the command and the suffix that it adds to files + # need to be defined here. See also the EXICYCLOG_MAX configuration. + +-COMPRESS_COMMAND=/usr/bin/gzip ++COMPRESS_COMMAND=/bin/gzip + COMPRESS_SUFFIX=gz + + - @@ -910,7 +915,7 @@ ++@@ -931,7 +937,7 @@ + # ZCAT_COMMAND=zcat + # + # Or specify the full pathname: +-ZCAT_COMMAND=/usr/bin/zcat ++ZCAT_COMMAND=zcat + + #------------------------------------------------------------------------------ + # Compiling in support for embedded Perl: If you want to be able to - @@ -942,6 +947,7 @@ ++@@ -963,6 +969,7 @@ + + # You probably need to add -lpam to EXTRALIBS, and in some releases of + # GNU/Linux -ldl is also needed. ++EXTRALIBS=-ldl + + + #------------------------------------------------------------------------------ - @@ -950,7 +956,7 @@ ++@@ -971,7 +978,7 @@ + # If you may want to use outbound (client-side) proxying, using Socks5, + # uncomment the line below. + +-# SUPPORT_SOCKS=yes ++SUPPORT_SOCKS=yes + + # If you may want to use inbound (server-side) proxying, using Proxy Protocol, + # uncomment the line below. - @@ -1038,6 +1044,8 @@ ++@@ -1069,6 +1076,8 @@ + + # CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux + ++# default in Debian's sasl2-bin ++CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux + + #------------------------------------------------------------------------------ + # TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment - @@ -1343,6 +1351,7 @@ ++@@ -1381,6 +1390,7 @@ + # file can be specified here. Some installations may want something like this: + + # PID_FILE_PATH=/var/lock/exim.pid ++PID_FILE_PATH=/run/exim4/exim.pid + + # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory + # using the name "exim-daemon.pid". - @@ -1376,6 +1385,7 @@ ++@@ -1414,6 +1424,7 @@ + # messages become "invisible" to the normal management tools. + + # SUPPORT_MOVE_FROZEN_MESSAGES=yes ++SUPPORT_MOVE_FROZEN_MESSAGES=yes + + + #------------------------------------------------------------------------------ - @@ -1414,3 +1424,6 @@ ++@@ -1452,3 +1463,6 @@ + # ENABLE_DISABLE_FSYNC=yes + + # End of EDITME for Exim 4. ++ ++# enable IPv6 support ++HAVE_IPV6=YES diff --cc debian/EDITME.eximon.diff index 672f641,0000000..7ea2784 mode 100644,000000..100644 --- a/debian/EDITME.eximon.diff +++ b/debian/EDITME.eximon.diff @@@ -1,10 -1,0 +1,10 @@@ - --- exim_monitor/EDITME 2017-02-12 00:58:50.000000000 +0000 - +++ EDITME.eximon 2017-02-12 14:19:40.765243359 +0000 ++--- exim_monitor/EDITME 2018-03-15 20:22:06.000000000 +0000 +++++ EDITME.eximon 2018-03-16 18:27:06.609171034 +0000 +@@ -1,6 +1,7 @@ + ################################################## + # The Exim Monitor # + ################################################## ++# -*- makefile -*- + + # This is the template for the Exim monitor's main build-time configuration + # file. It contains settings that are independent of any operating system. It diff --cc debian/EDITME.openssl.exim4-light.diff index a00d7b6,0000000..0dc9836 mode 100644,000000..100644 --- a/debian/EDITME.openssl.exim4-light.diff +++ b/debian/EDITME.openssl.exim4-light.diff @@@ -1,19 -1,0 +1,19 @@@ - --- EDITME.exim4-light 2012-05-29 19:16:05.000000000 +0200 - +++ EDITME.exim4-light 2012-05-29 19:17:05.000000000 +0200 - @@ -697,13 +697,13 @@ SUPPORT_TLS=yes ++--- EDITME.exim4-light 2017-10-28 08:02:20.930695089 +0200 +++++ EDITME.exim4-light 2017-10-28 08:03:25.433584564 +0200 ++@@ -760,13 +760,13 @@ SUPPORT_TLS=yes + + # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not + # USE_OPENSSL_PC=openssl +-# TLS_LIBS=-lssl -lcrypto ++TLS_LIBS=-lssl -lcrypto + + # Uncomment the first and either the second or the third of these if you + # are using GnuTLS. If you have pkg-config, then the second, else the third. +-USE_GNUTLS=yes ++# USE_GNUTLS=yes + # USE_GNUTLS_PC=gnutls +-TLS_LIBS=-lgnutls ++# TLS_LIBS=-lgnutls + - # If you are running Exim as a server, note that just building it with TLS - # support is not all you need to do. You also need to set up a suitable ++ # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's ++ # build process will require libgcrypt-config to exist in your $PATH. A diff --cc debian/README.Debian.xml index 8fa7422,0000000..77b4a37 mode 100644,000000..100644 --- a/debian/README.Debian.xml +++ b/debian/README.Debian.xml @@@ -1,1961 -1,0 +1,1986 @@@ + + +
Exim 4 for Debian +
Introduction + + If you're reading this, you have found the README.Debian + file. This is good, thanks! Please continue reading this file in + its entirety. It is full of important information and has been + written with the questions in mind that keep popping up on the + mailing lists. + +
How to find your way around the Documentation + + Exim comes with very extensive documentation. Here is how to + find it. + + + + A lot of information about Debian's Exim 4 + packaging can be found in this document. + + + + + The packages contain a lot of Debian-specific man pages. + Use the apropos exim command to get a list. + + + + + Most files that control the default configuration are + documented in the exim4-config_files(5) man page, which + is symlinked to the file names. man <filename> should + lead you to the page. + + - - - The Debian Exim 4 packages have their own - - Home Page - which also links to a User FAQ. - - + + + The very extensive Upstream documentation is shipped + + + + in text form + (/usr/share/doc/exim4-base/spec.txt.gz) + with the binary packages. + + + + + in HTML in the package + exim4-doc-html + + + + + as a Texinfo file in the package + exim4-doc-info + + + + + + + + + Please note that documentation found on the web or in other + parts of the Debian system (such as the Debian Reference) + might be outdated and thus give wrong advice. In doubt, the + documentation listed above should take precedence. + +
+
Getting Support + + For your questions and comments, there is a + Debian-specific mailing list. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if + you are sure that your question is not Debian-specific. + Debian-specific questions are more likely to find answers on + our pkg-exim4-users mailing list, while complex custom + configuration issues might be more easily solved on the + upstream exim-users mailing list because of the broader and + more experienced audience there. You can subscribe to + pkg-exim4-users + via the subscription web page; you need to be + subscribed to post. + + + If you think that your question might be more easily answered + if one knows a bit about your configuration, you might want to + execute reportbug --subject="none" --offline --quiet + --severity=wishlist --body="none" --output=exim4.reportbug + exim4-config on the system in question, answer yes + to both "include [extended] configuration" questions and include + the contents of the exim4.reportbug file generated by this + command with your question. Please check whether the file + contains any confidential information before sending. + +
+
Packaging + + Similar to the Apache2 package, Exim 4 is an entirely + different package that does not currently offer a smooth + upgrade path from Debian's Exim 3 packages. + + + It is the first Exim package in Debian that can be configured + using debconf. However, the entire configuration framework is + extremely flexible, allowing you to get exactly the amount of + control you need for the job at hand. + - - The development web page contains a lot of - useful links and other information. The subversion repository - of the Debian package is available for public read-only access - and is linked from the development web page. - +
Feature Sets in the daemon packages + + To use Exim 4, you need at least the following packages: + + + exim4-base + + support files for all Exim MTA (v4) packages + + + + exim4-config + + configuration for the Exim MTA (v4) + + + + exim4-daemon-light + + lightweight exim MTA (v4) daemon + + + + + + Just apting the metapackage exim4 will pull + in the other packages per dependency. You'll get an exim daemon + with minimal feature set (no external lookups). + + + If you need more advanced features like LDAP, sqlite, PostgreSQL + and MySQL data lookups, SASL and SPA SMTP authentication, embedded + Perl interpreter, and exiscan-acl for integration of + virus-scanners and SpamAssassin, you can replace + exim4-daemon-heavy instead of + exim4-daemon-light. Additionally, the source + package offers infrastructure to build your own custom-tailored + exim4-daemon-custom which exactly fits your special local needs. + The infrastructure to do so is already in place, see + debian/rules for instructions. + +
+
How to build a custom daemon + + The process of building a custom daemon is partially + documented in the debian/rules file + in the source package. Patches for more documentation are welcome. + +
+
+
+
Configuration of Exim 4 in the Debian packages + + Generally, the Debian Exim 4 packages are configured through + debconf. You have been asked some questions on package installation, + and your initial Exim configuration has been created from your + answers. You can repeat the configuration process any time by invoking + dpkg-reconfigure exim4-config. If you are an + experienced Exim administrator and prefer to have your own, + hand-crafted, non-automatic Exim configuration, you will find + information about how to do so in + . + + + The debconf-driven configuration is mainly geared for a + one-domain shell account machine/workstation with local delivery + as suggested by the original upstream default configuration. + If you configure the packages to handle more than one local + domain, all local domains are treated identically. The domain + part is not used for routing and filtering decisions. + + + Despite the default configuration being extended somewhat from + the original upstream, chances are that you'll need to + manually change the Exim configuration with an editor if you intend to + do something that is not covered by the debconf-driven configuration. + It has never been the packages' intention to offer all possible + configuration methods through debconf. The configuration files are + there to be changed, feel free to do so if you see fit. The Debian + Exim 4 maintainers have tried to make the configuration as flexible as + possible so that manual intervention can be minimized. + + + If you need to make manual changes to the Exim configuration, + please be familiar with how Exim works. At minimum, have read this + README file and the manpages delivered with the Debian Exim 4 + packages, and /usr/share/doc/exim4-base/spec.txt.gz + chapters "How Exim receives and delivers mail" and + "The Exim run time configuration file". + spec.txt.gz is an excellent reference. + + + Please note that while most free-form fields in the + debconf-driven configuration have the entered string end up + verbatim in Exim's configuration file (and thus using more + advanced features like host, address and domain lists is possible + and will probably work), this is not officially supported. + Only plain lists are supported in the debconf dialogs. You may + use more advanced features, but they may stop working any time + during upgrades. + +
The Configuration System +
The Debconf questions + + In this section, we try to document and explain the debconf + questions, which are themselves limited to a small screen of + information and might leave questions unanswered. Since you + can usually read this file only after having answered the + questions, the process can always be repeated by invoking + dpkg-reconfigure exim4-config. + /etc/exim4/update-exim4.conf.conf, + documented in the update-exim4.conf + manual page, is + a simple shell-script snippet used to store the answers + that you passed to debconf when initially configuring Exim. + You may also modify this file with an editor of your choice. + The package maintainer scripts can handle this and will + preserve your changes. + +
General type of mail configuration + + This is the main configuration question which will + control which of the remaining questions are + presented to you. It also controls things like daemon + invocation and delivery of outgoing mail. + +
internet site; mail is sent and + received directly using SMTP + + This option is suitable for a standalone system + with full internet connectivity. + + + + + The Exim SMTP daemon will accept messages + to local domains, and deliver them locally. + + + + + Outgoing mail will be delivered directly + to the mail exchange servers of the + recipient domain + + + +
+
mail sent by smarthost; received via + SMTP or fetchmail + + This option is suitable for a standalone client system + which has restricted internet connectivity, for + example on a residential connection where an SMTP + smarthost is used. Some ISPs block outgoing SMTP + connections to combat the spam problem, thus + requiring the use of their smarthosts. It is + generally a good idea to use the ISPs smart host + if one is connected with a dynamic IP address + since quite a few sites do not accept mail + directly delivered from a dial-in pool. + + + fetchmail can be used to retrieve incoming mail + from the ISP's POP3 or IMAP mail server and + deliver it to Exim via SMTP. + + + + + The Exim SMTP daemon will accept messages + to local domains, and deliver them locally. + + + + + Outgoing mail will always be delivered to + the smarthost configured in exim4. + + + +
+
mail sent by smarthost; no local mail + + This option is suitable for a client system in a + computer pool which is not responsible for a local + e-mail domain. All locally generated e-mail is + sent to the smarthost without any local domains. + +
+
local delivery only; not on a network + + This option is suitable for a standalone system + with no networking at all. Only messages for configured + local domains are accepted and delivered locally; + messages for all other domains are rejected: + ``Mailing to remote domains not supported''. + +
+
no configuration at this time + + This option disables most of Debian's automatisms + and leaves exim in an unconfigured state. + update-exim4.conf will still copy + /etc/exim4/exim4.conf.template + or concatenate the files from + /etc/exim4/conf.d, and will + not generate any configuration control macros. + Unless you manually edit the configuration source, + this will leave Exim with a syntactically invalid + configuration file, thus in a state where the + daemon won't even start. + + + Only choose this option if you know what you're + doing and are prepared to create your own Exim + configuration. + + + dpkg-conffile handling is still in place, and you + will be offered updates for configuration + snippets, as soon as they become available. + +
+
+
System mail name + + The "mail name" is the domain name used to "qualify" + mail addresses without a domain name. + + + This name will also be used by other programs. It + should be the single, full domain name (FQDN). + + + For example, if a mail address on the local host is + foo@example.org, then the correct value for this + option would be example.org. + + + Exim, as a rule, handles only fully qualified mail + addresses, that is, addresses with a local part, an @ + sign and a domain. If confronted with an unqualified + address, that is, one without @ sign and without + domain, first thing exim does is qualify the address + by adding the @ sign and a domain. + + + This qualification happens for all addresses exim + encounters, be it sender, recipient or else. + + + The domain name used to qualify unqualified mail addresses + is called ``mail name'' on Debian systems and entered + in this debconf dialog. What you enter here will end + up in /etc/mailname, which is a + file that might be used by other programs as well. + + + In some configuration types, the package configuration + will offer you, at a later step, to hide this name + from outgoing messages by rewriting the headers. + +
+
IP addresses to listen on for incoming SMTP + connections + + Please enter a semicolon-separated list of IP addresses. + The Exim SMTP listener daemon will listen on all IP + addresses listed here. + + + An empty value will cause Exim to listen for connections + on all available network interfaces. + + + If this system does only receive e-mail directly from + local services (and not from other hosts), + it is suggested to prohibit external connections to the + local Exim daemon. Such services include e-mail + programs (MUSs) which talk to localhost only as well as + fetchmail. External connections are impossible when + 127.0.0.1 is entered here, as this will disable listening + on public network interfaces. + + + Do not change this unless you know what you are doing. + Altering this value could post a security risk to your + system. For most users, the default value is sufficient. + +
+
Other destinations for which mail is accepted + + Please enter a semicolon-separated list of recipient + domains for which this machine should consider itself + the final destination. These domains are commonly + called 'local domains'. The local hostname and 'localhost' + are always added to the list given here. + + + By default all local domains will be treated + identically. If both a.example and b.example are + local domains, acc@a.example and acc@b.example will + be delivered to the same final destination. If + different domain names should be treated differently, + it is necessary to edit the config files afterwards. + + + The answer to this question ends up in the list of + domains that Exim will consider local domains. Mail + for recipients in one of these domains will be + subject to local alias expansion and then delivered + locally in the appropriate configuration types. + +
+
Domains to relay mail for + + Please enter a semicolon-separated list of recipient + domains for which this system will relay mail, for + example as a fallback MX or mail gateway. This means + that this system will accept mail for these domains + from anywhere on the Internet and deliver them + according to local delivery rules. + + + Do not mention local domains here. Wildcards may be used. + + + The answer to this question is a list of the domains + for which Exim will relay messages coming in from anywhere + on the Internet. + +
+
Machines to relay mail for + + Please enter a semicolon-separated list of IP address + ranges for which this system will unconditionally relay + mail, functioning as a smarthost. + + + You should use the standard address/prefix format + (e.g. 194.222.242.0/24 or 5f03:1200:836f::/48). + + + If this system should not be a smarthost for any + other host, leave this list blank. + + + Please note that systems not listed here can still use + SMTP AUTH to relay through this system. If this system + only has clients on dynamic IP addresses that use SMTP + AUTH, leave this list blank as well. Do + NOT list 0.0.0.0/0! + + + Warning: While it is possible to use + hostnames instead of IP addresses in this + list extra care needs to be taken in this case. + Unresolvable names in the host list will break + relaying. See + Exim specification chapter "Domain, host, address, and + local part lists" + and the exim4-config_files man page. + +
+
IP address or host name of the outgoing + smarthost + + Please enter the IP address or the host name of a mail + server that this system should use as outgoing + smarthost. If the smarthost only accepts your mail on + a port different from TCP/25, append two colons and + the port number (for example smarthost.example::587 or + 192.168.254.254::2525). Colons in IPv6 addresses need + to be doubled. + + + If the smarthost requires authentication, please refer + to for notes about setting + up SMTP authentication. + + + Multiple smarthost entries are permitted, semicolon + separated. Each of the hosts is tried, in the order + specified (See Exim specification, chapter + "The manualroute router", section + "How the list of hosts is used".) + +
+
Hide local mail name in outgoing mail + + The headers of outgoing mail can be rewritten to make + it appear to have been generated on a different + system, replacing the local host name in From, + Reply-To, Sender and Return-Path. + +
+
Visible domain name for local users + + If you ask Exim to hide the local mail name in + outgoing mail, it will next ask you for the domain + name that should be visible for your local users. + These information is then used to establish the + appropriate rewriting rules. + +
+
Keep number of DNS queries minimal + (Dial-on-Demand) + + In normal mode of operation Exim does DNS lookups at + startup, and when receiving or delivering messages. + This is for logging purposes and allows keeping down + the number of hard-coded values in the configuration. + + + If this system does not have a DNS full service + resolver available at all times (for example if its + Internet access is a dial-up line using + dial-on-demand), this might have unwanted + consequences. For example, starting up Exim or + running the queue (even with no messages waiting) + might trigger a costly dial-up-event. + + + This option should be selected if this system is + using Dial-on-Demand. If it has always-on Internet + access, this option should be disabled. + +
+
Delivery method for local mail + + Exim is able to store locally delivered mail in + different formats. The most commonly used ones are + mbox and Maildir. mbox uses a single file for the + complete mail folder stored in /var/mail/. With + Maildir format every single message is stored in a + separate file in ~/Maildir/. + + + Please note that most mail tools in Debian expect the + local delivery method to be mbox in their default. + +
+
Split configuration into small files + + Our packages offer two (actually three, see + ) + possibilities: + + + + + Generate Exim's configuration from + /etc/exim4/exim4.conf.template, + which is basically a normal Exim run-time + configuration file which will be supplemented + with some macros generated from Debconf in a + post-processing step before it is passed to exim. + + + + + Generate Exim's configuration from the + multiple files in + /etc/exim4/conf.d/. The + directories in + /etc/exim4/conf.d/ + correspond to the sections of the Exim + run-time configuration file, so you should + easily find your way around there. + + + + + Splitting the configuration across multiple files + means that you have the actual configuration file + automatically generated from the files below + /etc/exim4/conf.d/ by invoking + update-exim4.conf. Each section + of Exim's configuration has its own subdirectory and + the files in there are supposed to be read in + alphanumeric order. + router/00_exim4-config_header + is followed by + router/100_exim4-config_domain_literal, + ... + + + If you chose unsplit configuration, + update-exim4.conf builds the + configuration from + /etc/exim4/exim4.conf.template, + which is basically the files from + /etc/exim4/conf.d/ concatenated + together at package build time, and thus guarantees + consistency on the target system. + + + In both cases, update-exim4.conf + generates exim configuration macros from the debconf + configuration values and puts them into + the actual configuration file, which is then used by + the Exim daemon. See the + update-exim4.conf manual + page for more in-depth information about this + mechanism. + + + Benefits of the split configuration approach: + + + + it means less work for you when upgrading. + If we shipped one big file and modified + for example the Maildir transport in a new + version you won't have to do manual + conffile merging unless you had changed + exactly this + transport. + + + + + It allows other packages (e.g. sa-exim) to + modify Exim's configuration by dropping + files into + /etc/exim4/conf.d. + This needs, however quite exact syncing + between the exim4 packages and the other, + cooperating package. + + + + + + Drawbacks of the split configuration approach: + + + + It is more fragile. If files from + different sources (package, manually + changed, or other package) get out of + sync, it is possible for Exim to break + until you manually correct this. This can + for example happen if we decide to add a + new option to the Debian setup of a later + version, and you have already set this + option in a local file. + + + + + + Benefits of the unsplit configuration approach: + + + + People familiar with configuring Exim may + find this approach easier to understand as + exim4.conf.template + basically is a complete Exim configuration + file which will only undergo some basic + string replacement before is it passed to + exim. + + + + + Split-config's fragility mentioned + above does not occur. + + + + + + Drawbacks of the unsplit configuration approach: + + + + Will require manual intervention in case of an + upgrade. + + + + + + If in doubt go for the unsplit config, because it is + easier to roll back to Debian's default configuration + in one step. If you intend to do many changes to the + Debian setup, you might want to use the split config + at the price of having to more closely examine the + config file after an update. + + + We'd appreciate a patch that uses ucf and the + 3-way-merge mechanism offered by that package. It + might be the best way to handle the big configuration + file. + + + If you are using unsplit configuration, have local + changes to /etc/exim4/conf.d/ + (either made by yourself or by other packages dropping + their own routers or transports in) and want to + re-generate + /etc/exim4/exim4.conf.template to + activate these changes, you can do so by using + update-exim4.conf.template. + +
+
+
Access Control in the default configuration + + The Debian exim 4 packages come with a default configuration + that allows flexible access control and blacklisting of + sites and hosts. The acls involved can be found in + /etc/exim4/conf.d/acl, or in /etc/exim4/exim4.conf.template, + depending on which configuration scheme you use. Most + rejections of messages due to this mechanism happen at RCPT + time. Local configuration of the mechanisms happens through + data files in /etc/exim4 or via Exim macros that you can set + in /etc/exim4/conf.d/main, so there is normally no need to + change the files in the acl subdirectory in a split-config + setup. If you use the non-split config, you need to edit + /etc/exim4/exim4.conf.template, which, as a big + dpkg-conffile, won't give you any advantage of the .ifdef + scheme. + + + The data files are documented in the exim4-config_files man + page. + + + The access lists delivered with the exim4 packages also + contain quite a few configuration options that are too + restrictive to be active by default on a real-life site. + These are masked by .ifdef statements, can be activated by + setting the appropriate macros, and are documented in the + ACL files itself. + +
+
Using Exim Macros to control the + configuration + + Our configuration can be controlled in a limited way by + setting macros. That way, you can switch on and off certain + parts of the default configuration and/or override values set + in Debconf without having to touch the dpkg-conffiles. While + touching dpkg-conffiles itself is explicitly allowed and wanted, + it can be quite a nuisance to be asked on package upgrade + whether one wants to use the locally changed file or the + file changed by the package maintainer. + + + Whenever you see an .ifdef or + .ifndef clause in the configuration file, + you can control the appropriate clause by setting the macro in + a local configuration file. For split configuration, you can + drop the local configuration file anywhere in + /etc/exim4/conf.d/main. Just make sure it + gets read before the macro is first used. + 000_localmacros is a possible name, + guaranteeing first order. For a non-split configuration, + /etc/exim4/exim4.conf.localmacros gets + read before + /etc/exim4/exim4.conf.template. To + actually set the macro EXIM4_EXAMPLE to the + value "this is a sample", write the following line + + + EXIM4_EXAMPLE = this is a sample + + + into the appropriate file. For more detailed discussion of the + general macro mechanism, see the Exim specification, chapter + "The Exim run time configuration file", for + details how macro expansion works. + +
+
How does this work? + + The script update-exim4.conf parses the + /etc/exim4/update-exim4.conf.conf file + and provides the configuration for the exim daemon. + + + Depending on the value of + dc_use_split_config, it either + + + + takes all the files below + /etc/exim4/conf.d/ and + concatenates them together or + + + + + uses exim4.conf.template as + input. + + + + The debconf-managed information from + /etc/exim4/update-exim4.conf.conf is + merged into the generated configuration file by generating a + number of Exim configuration macros. + + + DCsmarthost, for example, is set to the + value of $dc_smarthost + in /etc/exim4/update-exim4.conf.conf + which holds the answer to "Which machine will act as the + smarthost and handle outgoing mail?" + + + The result of these operations is saved as + /var/lib/exim4/config.autogenerated, + which is not a dpkg-conffile! Manual + changes to this file will be overwritten by + update-exim4.conf. + + + Please consult update-exim4.conf manpage + for more detailed information. + + + update-exim4.conf is invoked by the init + script prior to any operation that may invoke an exim process, + and gives an error message if the generated config file is + syntactically invalid. If you want to activate your changes to + files in conf.d/ just execute invoke-rc.d exim4 restart. + +
+
How do I do minor tweaks to the configuration? + + Some times, you want to do minor adjustments to the Exim + configuration to make Exim behave exactly like you want it + to behave. There are the following possibilities to modify + Exim's behavior. + +
Adjustments supported by the debconf configuration + + If you want to modify parameters that are supported by the + debconf configuration, things are easy. Just invoke + dpkg-reconfigure exim4-config or hand-edit + /etc/exim4/update-exim4.conf.conf to your + liking and restart Exim. + + + You can find explanation of the debconf questions in . + Additionally, + /etc/exim4/update-exim4.conf.conf + is documented in the update-exim4.conf + man page. + +
+
Adjustments controlled by macros in the Debian Exim configuration + + Some aspects of the Debian Exim configuration can be + controlled by Exim macros. To find out about these, you + need basic understanding of Exim configuration. Just look + in our Exim configuration and see which macro needs to be + set to a different value to alter Exim's behavior. + + + gives a closer explanation about + how to do this. + +
+
Making direct changes to the Debian Exim configuration + + You can, of course, make direct change to the + configuration. All configuration files in /etc/exim4 are + dpkg-conffiles, and you can thus edit them any time. Your + changes will be preserved through updates. You need to + know about how to configure Exim to be successful. + + + If you use unsplit configuration, edit + /etc/exim4/exim4.conf.template. If you use + split configuration, edit the Exim configuration snippets in + /etc/exim4/conf.d. + + + More information about how the Exim configuration is built + can be found in this document and in the + update-exim4.conf manual page. + +
+
+
Using a completely different configuration scheme + + If you are an experienced Exim administrator, you might feel + working with our pre-fabricated configuration + cumbersome and complex. You might feel right if you need to + make more complex changes and do not need to receive updates + from us. This section is going to tell about how to use + your own configuration. + + + But, you might profit from keeping the Debian magic. Most + files that come with Debian exim4 are conffiles. Debian is + going to care about your changes and keeps them around. + Additionally, a lot of configuration options can be + overridden with a macro, which does not require you to + actually change our configuration file. A lot of people are + using our configuration scheme, and maybe it is going to + save you a lot of time if you decide to spend some time + familiarizing yourself with our scheme. + +
Override exim4-config configuration magic + + If you are only running a small number of systems and + want to completely disable Debian's magic, just take + your monolithic configuration file and install it as + /etc/exim4/exim4.conf. Exim will + use that file verbatim. To have something to start, + you can either take + /etc/exim4/exim4.conf.template, + run update-exim4.conf --keepcomments --output + /etc/exim4/exim4.conf, or use upstream's + default configuration file that is installed as + /usr/share/doc/exim4-base/examples/example.conf.gz. + You are going to lose all magic you get from packaging + though, so you need to be familiar with Exim to build + an actually working config. + + + /var/lib/exim4/config.autogenerated, + the file generated by + update-exim4.conf, is ignored as soon + as /etc/exim4/exim4.conf is found. + You should not edit + /etc/exim4/exim4.conf directly when + Exim is running, because the forked processes Exim starts + for SMTP receiving or queue running would use the new + configuration file, while the original main exim-daemon + would still use the old configuration file. + + + Some third-party HOWTOs that reference Debian and + claim to make things easy suggest dumping a + pre-fabricated, static config file to + /etc/exim4/exim4.conf. This is + considered bad advice by the Debian maintainers since + you are going to disable all updates and service magic + that Debian might deliver in the future this way. If + you do not know exactly what you're doing here, this + is a bad choice. We try to comment on external HOWTOs + found on the web in the Debian + Exim4 User FAQ to help you find out which + advice to follow. + +
+
Replacing exim4-config with your own exim4 configuration package. + + We split off Exim's configuration system (debconf, + update-exim4.conf, and the files in + /etc/exim4/conf.d) to a separate + package, exim4-config. If you want to, you can replace + exim4-config by something entirely different. The other + packages don't care. Your package needs to: + + + + Provides: exim4-config-2, Conflicts: + exim4-config-2,exim4-config + + + + + drop the Exim 4 configuration either into + /var/lib/exim4/config.autogenerated + or into /etc/exim4/exim4.conf. + + + + Your package must provide an executable update-exim4.conf + that must be in root's path (/usr/sbin recommended). The init + script will invoke that executable prior to invoking the + actual exim daemon. If you do not need that script, have it exit 0. + + + If you want to create your own configuration packages, there is a + number of helpers available. + + + + The Exim 4 Debian svn repository holds sources for a + exim4-config-simple package which contains a simple, not + debconf-driven configuration scheme as an example which can + be used as a template for a classical, exim4.conf based + configuration scheme. + + + + + The Exim 4 Debian svn repository holds sources for a + exim4-config-medium package which contains the conf.d + driven configuration of the main package with the + debconf interaction removed. This can be used to create + your own non-debconf configuration package that uses the + conf.d mechanism. + + + + + Finally, you can invoke the script + debian/config-custom/create-custom-config-package + which will create a new source package + "exim4-config-custom" with the debconf-driven config + scheme of exim4-config for your local modification. + + + + Please note that exim4-config-simple and + exim4-config-medium are only targeted to be used as a + template. The configurations contained are not + suitable for productive use. Of course, the Debian + maintainers appreciate any patches you might find + suitable. The scripts in exim4-config-simple and + exim4-config-medium may not work at all in your + environment. Unfortunately, they have not been + updated in a long time as well. We are willing to + accept patches. + + + See the development web page for links to the subversion + repository. + + + Exchanging the entire exim4-config package with + something custom comes particularly handy for sites + that have more than a few machines that are + similarly configured, but do not want to use the + original exim4-config package. Build your own + exim4-config-custom or exim4-config-foo, and simply + apt that package to the machines that need to have + that configuration. Future updates can then be + handled via the dpkg-conffile mechanism, properly + detecting local modifications. + + + In the future, it might be possible that Debian will + contain multiple flavours of Exim4 configuration. + However, these packages would have to be maintained + by someone else because the exim4 package + maintainers think that the scheme delivered with + exim4-config is the least of all evils and would + rather not spend the time to maintain multiple configuration + schemes while only actually using one. It would be + nice to have a configuration scheme using a + monolithic config file, managed by ucf in + three-way-merge mode. If anybody feels ready to + maintain it, please go ahead. + +
+
+
+
Using TLS +
Exim 4 as TLS/SSL client + + Both exim4-daemon-heavy and exim4-daemon-light support TLS/SSL + using the GnuTLS library and STARTTLS. Exim will use TLS + via STARTTLS automatically as client if + the server Exim connects to offers it. + + + This means that you will not need any special configuration if + you want to use TLS for outgoing mail. However, if your + server setup mandates the use of client certificates, you + need to amend your remote_smtp and/or remote_smtp_smarthost + transports with a tls_certificate option. This is not + commonly needed. + + + The certificate + presented by the remote host is not checked unless you + specify a tls_verify_certificate option on the transport. + + + To make exim send a TLS certificate to the remote host set + REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY or for + the remote_smtp_smarthost transport + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY + respectively. + + + TLS on connect is not natively supported. + +
+
Enabling TLS support for Exim as server + + You should have created certificates in + /etc/exim4/ either by hand or by usage of + the exim-gencert (which requires openssl). exim-gencert is + shipped in + /usr/share/doc/exim4-base/examples/ and + takes care of proper access privileges on the private key + file. + + + Now, enable TLS by setting the macro MAIN_TLS_ENABLE in a + local configuration file as described in . + + + After this configuration, Exim will advertise STARTTLS when + connected to on the normal SMTP ports. Some broken clients + (most prominent example being nearly all versions of Microsoft + Outlook and Outlook Express, and Incredimail) insist on doing + TLS on connect on Port 465. If you need to support these, set + SMTPLISTENEROPTIONS='-oX 465:25 -oP /run/exim4/exim.pid' + in /etc/default/exim4 and + "tls_on_connect_ports=465" in the main configuration section. + + + The -oP is needed because Exim does not write an implicit pid + file if -oX is given. Without pid file, init script and cron + job will malfunction. + + + It might be appropriate to add "+tls_cipher" to + any log_selector statement you might already have, or to add a + log_selector statement setting these two options in a local + configuration file. (For Debian's configuration simply define + the MAIN_LOG_SELECTOR macro.) + This option makes Exim log what cipher + your Exim and the peer's mailer have negotiated to use to + encrypt the transaction. + + + Exim can be configured to ask a client for a certificate and to + try to verify it. Debian's exim configuration used to enable + this by default, but stopped doing so since it caused TLS errors + with a couple of popular clients (Outlook, Incredimail, etc.). + To enable this again set the macro MAIN_TLS_TRY_VERIFY_HOSTS to + the lists hosts whose certificates you want to check. (Use * to + try checking all hosts. The value of the macro is used to + populate exim's main option tls_try_verify_hosts.) You should + also point MAIN_TLS_VERIFY_CERTIFICATES to a file containing the + accepted certificates, since its default setting + (/etc/ssl/certs/ca-certificates.crt) can contain a large list of + certificates which causes the interoperabilty problems with + Outlook et.al. noted above. + + + The server certificate is only used for incoming connections, + please consult for the + corresponding outgoing conncection options. + +
+
Troubleshooting + + If Exim complains in an SMTP session that TLS is unavailable, + the Exim mainlog or paniclog frequently has exact information + about what might be wrong. Fo example, you might see + + + 2003-01-27 19:06:45 TLS error on connection from localhost [127.0.0.1] + (cert/key setup): Error while reading file) + + + showing that there has been an error while accessing the + certificate or the private key file. + + + Insuffient entropy available is a frequent cause of TLS + failures in Exim context. If Exim logs "not enough random bytes + available", or simply hangs silently when an encrypted + connection should be established, then Exim was + unable to read enough random data from + /dev/random to do whatever cryptographic + operation is requested. Please check that your + /dev/random device is setup properly. + + + You might also find "TLS error on connection to [...] + (gnutls_handshake): The Diffie-Hellman prime sent by the server is + not acceptable (not long enough)." given as reason. Exim by default + requires a DH prime length of 1024 bits. This requirement can be + downgraded by setting the tls_dh_min_bits option on the SMTP + transport. The setting is accessible in the Debian configuration by + setting the macro TLS_DH_MIN_BITS. (e.g. "TLS_DH_MIN_BITS = 768"). + +
+
+
SMTP-AUTH + + Exim can do SMTP AUTH both as a client and as a server. + + + AUTH PLAIN and AUTH LOGIN are disabled for connections which are + not protected by SSL/TLS per default. These authentication + methods use cleartext passwords, and allowing the + transmission of cleartext passwords on unencrypted connections + is a security risk. Therefore, the default configuration configures + Exim not to use and/or allow AUTH PLAIN and AUTH LOGIN over + unencrypted connections. + + + It is thus recommended to set up Exim to use TLS to encrypt + the connections. Please refer to for + documentation about this. Note that most Microsoft clients + need special handling for TLS. + +
Using Exim as SMTP-AUTH client + + If you want to set up Exim as SMTP AUTH client for delivery + to your internet access provider's smarthost put the name of + the server, your login and password in + /etc/exim4/passwd.client. See the man + page for exim4-config_files(5) for more information about the + required format. + + + If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted + connections because your service provider does support neither + TLS encryption nor the CRAM MD5 authentication method, you can + do so by setting the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro. + Please refer to for an explanation of + how best to do this. + + + /etc/exim4/passwd.client needs to be + readable for the exim user (user Debian-exim, group + Debian-exim). It is suggested that you keep the default + permissions root:Debian-exim 0640. + +
+
Using Exim as SMTP-AUTH server + + The configuration files include many, verbosely commented, + examples for server-side smtp-authentication which just need + to be uncommented. + + + If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted + connections because your clients neither support TLS encryption + nor the CRAM MD5 authentication method, you can do so by setting + the AUTH_SERVER_ALLOW_NOTLS_PASSWORDS macro. Please refer to + for an explanation of how best to + do this. + + + If you want to authenticate against system passwords (e.g. + /etc/shadow) the easiest way is to use + saslauthd in the Debian package sasl2-bin. You have to add the + exim-user (currently Debian-exim) to the sasl group, to give + exim permission to use the saslauthd service. + + + The Debian exim4 maintainers consider using system login + passwords a bad idea for the following reasons: + + + + A compromised password will give access to a system account. + + + + + E-Mail passwords could accidentally be transmitted unencrypted. + + + + + E-Mail passwords are likely to be stored with the + client software, which greatly increases the chance of a + compromise. + + + + +
+
+ +
How the Exim daemon is started + + The Debian Exim 4 packages' init script is located in + /etc/init.d/exim4. Apart from the + functions that are required by Debian policy and the LSB, it + supports the commands what, which executes + exiwhat to show what your Exim processes + are doing, and force_stop which + unconditionally kills all Exim processes. + + + The init script can be configured to start listening and/or + queue running daemons. This configuration can be found in + /etc/default/exim4. This file is + extensively documented. + +
+ +
Miscellaneous packaging issues +
The daily cron job + + Exim4's daily cron job + (/etc/cron.daily/exim4-base) + does basic housekeeping tasks: + + + + It reads /etc/default/exim4, so you + can use this file to change any of the variables used in + the cron job. + + + + + It is a no-op if no Exim4 binary is found. + + + + + If $E4BCD_DAILY_REPORT_TO is set + to a non-empty string, the output of eximstats is + mailed to the address given in that variable. The + default is empty, so no reports are sent. Options + for eximstats can be given in + $E4BCD_DAILY_REPORT_OPTIONS. + + + + + A non-empty paniclog is a nearly sure sign of bad + things going on. Thus, the cron job will send out + warning messages to the syslog and root if it finds + the panic log non-empty. + Please note that the paniclog is not rotated daily, + so existing issues will be reported daily until + either the paniclog is rotated due to its sheer + size, or you manually move it away, for example by + calling logrotate -f + /etc/logrotate.d/exim4-paniclog from a shell. + + + Just in case your system logs transient error + situations to the panic log as well (see, for + example, + Exim Bug 92), + you can configure + $E4BCD_PANICLOG_NOISE to a + regular expression. If the paniclog contains only + lines that match that regular expression, no warning + messages are generated. + + + If you want to disable paniclog monitoring + completely, set $E4BCD_WATCH_PANICLOG + to no. E4BCD_WATCH_PANICLOG=once will + rotate a non-empty paniclog automatically after sending out + the warning e-mail. + + + The E4BCD_PANICLOG_LINES setting can be + used to limit the number of lines of paniclog quoted in + warning email. It is set to 10 by default. + + + + + It tidies up the retry and hints databases. + + + + +
+
+ +
Using Exim with inetd/xinetd + + Exim4 is run as a separate daemon instead of inetd/xinetd for + two reasons: + + + Ease of maintenance: + + + update-inetd is difficult to impossible to handle + correctly (Just check the archived bug reports of Exim.) + and update-inetd seems to be unmaintained for a long + time, nobody dares to touch it. To quote Mark Baker, the + maintainer of Exim (v3): "I really wish I had never used + inetd in the first place, but simply set up exim to run + as a daemon, but it's too late to change that now." + + + + + Extended features + + + Running from inetd interferes with + Exim's resource controls (e.g it disables + smtp_accept_max_per_host and smtp_accept_max). + + + + + + + If you introduce bugs on your systems by running from (x)inetd + you are on your own! If you want to run exim from + xinetd, follow these steps: + + + + Disable Exim 4's listening daemon by executing + update-exim4defaults --queuerunner + queueonly + + + + + Create /etc/xinetd.d/exim4 + +service smtp +{ + disable = no + flags = NAMEINARGS + socket_type = stream + protocol = tcp + wait = no + user = Debian-exim + group = Debian-exim + server = /usr/sbin/exim4 + server_args = exim4 -bs +} + + + + + Run invoke-rc.d exim4 restart; invoke-rc.d +(x)inetd restart + + + + If you want to use plain inetd, insert following line into + /etc/inetd.conf: +smtp stream tcp nowait Debian-exim /usr/sbin/exim4 exim4 -bs + + +
+ +
Handling incoming mail for local accounts with low UID + + Since system accounts (mail, uucp, lp etc) are usually aliased + to root, and root's mailbox is usually read by a human, these + account names have started to be a common target for spammers. + The Debian Exim 4 packages have a mechanism to deal with this + situation. However, since this derives rather far from normal + behavior, it is disabled by default. + + + To enable it, set the macro FIRST_USER_ACCOUNT_UID to a numeric, + non-zero value. Incoming mail for local users that have a UID + lower than FIRST_USER_ACCOUNT_UID is rejected with the message "no + mail to system accounts". Incoming mail for local users that + have a UID greater or equal FIRST_USER_ACCOUNT_UID are processed as + usual. Therefore, the default value of 0 ensures that the + mechanism is disabled. On Debian systems, setting + FIRST_USER_ACCOUNT_UID to 500 or 1000 (depending on your local policy) + will disable incoming mail for system accounts. + + + Just in case that you need exceptions to the rule, + /etc/exim4/lowuid-aliases is an alias + file that is only honored for local accounts with UID lower + than FIRST_USER_ACCOUNT_UID. If you define an alias for such an + account here, incoming mail is processed according to the + alias. If you alias the account to itself, messages are + delivered to the account itself, which is an exception to the + rule that messages for low-UID accounts are rejected. The + format of /etc/exim4/lowuid-aliases is + just another alias file. + +
+
How to bypass local routing specialities + + Sometimes, it might be desirable to be able to bypass local + routing specialities like the alias file or a user-forward + file. This is possible in the Debian Exim4 packages by + prefixing the account name with "real-". For a local account + name "foo", "real-foo@hostname.example" will result in direct + delivery to foo's local Mailbox. + + + This feature is by default only available for locally + generated messages. If you want it to be accessible for + messages delivered from remote as well, set the Exim macro + COND_LOCAL_SUBMITTER to true. If you do not want this at all, + set the macro to false. Please note that the userforward + router uses this feature to get error messages delivered, i.e. + notifying the user of a syntax error in her + .forward file. + +
+
Using more complex deliveries from alias files + + Delivery to arbitrary files, directory or to pipes in the + /etc/aliases file is disabled by default + in the Debian Exim 4 packages. The delivery process including the + program being piped to would run as the exim admin-user + Debian-exim, which might open up security holes. + + + Invoking pipes from /etc/aliases file is + widely considered obsolete and deprecated. The Debian Exim + package maintainers would like to suggest using a dedicated + router/transport pair to invoke local processes for mail + processing. For example, the Debian mailman package contains a + /usr/share/doc/mailman/README.Exim4.Debian file + that gives a good example how to implement this. Using a + dedicated router/transport pair have the following advantages: + + + + The router/transport pair can be put in place by another + package, giving a well-defined transaction point between + Exim 4 and $PACKAGE. + + + + + Not allowing pipe deliveries from alias files makes it + harder to accidentally run programs with wrong + privileges. + + + + + It is possible to run different pipe processes under + different accounts. + + + + + Even if only invoking a single local program, it is easier + to do with your dedicated router/transport since you won't + need to change this file, making automatic updates of this + file possible for future versions of the Exim 4 packages. If + you do local changes here, dpkg conffile handling will + bother you on future updates. + + + + If you insist on using /etc/aliases in + the traditional way, you will need to activate the + respective functions by setting the transport options on the + system_aliases router appropriately. Macros are defined to make + this easier. See + +/etc/exim4/conf.d/router/400_exim4-config_system_aliases + for information about which macros are available. You might + find the address_file, address_pipe and/or address_directory + transports that are used for the userforward router helpful in + writing your own transports for use in the system_aliases router. + + + If any of your aliases expand to pipes or files or directories + you should set up a user and a group for these deliveries to run + under. You can do this by setting the "user" and - if necessary + - a "group" option and adding a "group" option if necessary. + Alternatively, you can specify "user" and/or "group" on the + transports that are used. + +
+ +
Putting Exim 4 and UUCP together + + UUCP is a traditional way to execute remote jobs (e.g. spool + mails), and as a lot of old things there are much more than one + way to do it. However, today, the ways to handle it have boiled + down to more or less two different ways. + + + Our recommendation is to use bsmtp/rsmtp wherever possible, + because it supports all kinds of mail addresses (also the empty + ones in bounces), and is also better from the security point of + view. + +
Sending mail via UUCP +
rmail with full addresses + + rmail is the oldest way to transfer mail to a remote system. + However, today it is normally required to use addresses with + full domains for that (Well, they look like any normal address + for you, and we do not tell about the other way to not confuse + you ;). If you want this, you can use this transport: + + +rmail: + debug_print = "T: rmail for $pipe_addresses" + driver=pipe + command = uux - -r -a$sender_address -gC $domain_data!rmail $pipe_addresses + return_fail_output + user=uucp + batch_max = 20 + + + However, all recipients are handled via the command line, so + you are discouraged to use it. + +
+
bsmtp/rsmtp + + This is a more efficient way to transfer mails. It works + like sending SMTP via a pipe, but instead of waiting for an + answer, the SMTP is just batched; from this is also the name + batched SMTP or short bsmtp. + + + Furthermore, this way won't fail on addresses like " + "@do.main. If you want this, please use this, if the remote + site uses rsmtp (e.g. is Exim 4): + + +rsmtp: + debug_print = "T: rsmtp for $pipe_addresses" + driver=pipe + command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!rsmtp + use_bsmtp + return_fail_output + user=uucp + batch_max = 100 + + + and this if it wants bsmtp as the command: + + +bsmtp: + debug_print = "T: bsmtp for $pipe_addresses" + driver=pipe + command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!bsmtp + use_bsmtp + return_fail_output + user=uucp + batch_max = 100 + + + Of course, these examples can be extended for e.g. + compression (but you can also use ssh for compression, if + you want). + +
+
The router + + You need a router to tell Exim 4 which mails to forward to + UUCP. You can use this one; please adopt the last line. Of + course, it is also possible to send mail via more than one way. + + +uucp_router: + debug_print = "R: uucp_router for $local_part@$domain" + driver=accept + require_files = +/usr/bin/uux + domains = wildlsearch;/etc/exim4/uucp + transport = rsmtp + + + The file /etc/exim4/uucp looks like: + + +*.do.main uucp.name.of.remote.side + +
+
Speaking UUCP with the smarthost + + If you have a leaf system (i.e. all your mail not for your + local system goes to a single remote system), you can just + forward all non-local mail to the remote UUCP system. In + this case, you can replace "domains = ..." with "domains = ! + +local_domains", but then you need also to replace + $domain_data in the transport by the UUCP-name of your + smarthost. The file /etc/exim4/uucp is + not needed in this case. + +
+
+
Receiving mail via UUCP +
Allow UUCP to use any envelope address + + Depending how much you trust your local users, you might use + trusted_users and add uucp to it or use + local_sender_retain=true and local_from_check=false. + +
+
If you get batched smtp + + Allow uucp to execute rsmtp via + +commands rmail rnews rsmtp + + in your /etc/uucp/sys, and ask the + sending site to use rsmtp (and not bsmtp) as the batched + command. + +
+
+
++
Notes on running SpamAssassin at SMTP time ++ ++ Exim can run ++ ++ SpamAssassin while receiving a message by SMTP which ++ allows one to avoid acceptance of spam messages. The Debian ++ configuration contains some example code for running SpamAssassin, ++ but like all filtering this needs to be handled carefully. ++ ++ ++ SpamAssassin's default report should not be used in a add_header ++ statement since it contains empty lines. (This triggers e.g. ++ Amavis' warning "BAD HEADER SECTION, Improper folded header field ++ made up entirely of whitespace".) This is a safe, terse alternative: ++ ++ clear_report_template ++ report (_SCORE_ / _REQD_ requ) _TESTSSCORES(,)_ autolearn=_AUTOLEARN_ ++ ++ ++ ++ Rejecting spam messages: Do not reject spam-messages received on ++ (non-spam) mailing lists, this can/will cause auto-unsubscription. ++ This also applies to messages received via forwarding services ++ (e.g. @debian.org addresses). If theses messages are rejected the ++ forwarding services will need to send a bounce address to the ++ spammer and will probably disable the forwarding if it happens all ++ the time. You will need to have some kind of whitelist to exclude ++ these hosts. ++ ++ ++ Security considerations: By default spamd ++ runs as root and changes uid/gid to the requested user to run ++ SpamAssassin. The example uses SpamAssassin default non-privileged ++ user (nobody) which prevents use of Bayesian filtering since this ++ requires persistent storage. You might want to setup a dedicated ++ user for exim spam scanning and use that one, either for a separate ++ SpamAssassin user profile or to run SpamAssassin as non-privileged ++ user. ++ ++
+
+ +
Updating from Exim 3 + + If you use exim4-config from Debian, you will + get the debconf based configuration scheme that is intended to + cover the majority of cases. + + + If exim4-config is installed while an Exim 3 + package is present on the system, + exim4-config tries to parse the Exim 3 config + file to determine the answers that were given to + eximconfig on Exim 3 installation. These + answers are then taken as default values for the debconf based + configuration process. Be warned! eximconfig + from the Exim 3 packages does not record the explicit answers + given on Exim 3 configuration. So we have to guess the answers + from the Exim 3 configuration file + /etc/exim/exim.conf, which is bound to fail + if the config file has been modified after using + eximconfig. + + + This is the reason why we refrained from doing a "silent update", but + only use the guessed answers to get reasonable defaults for our + debconf based configuration process. + + + Please note that we do not use the + exim_convert4r4 script, but try to configure + the Exim 4 package in the same way Exim 3 was. This will + hopefully aid future updates. + + + If you have used a customized Exim 3 configuration, you can of + course use exim_convert4r4, and install the + resulting file as /etc/exim4/exim4.conf + after careful inspection. Exim 4 will then use that file and + ignore the file that it generated from the debconf + configuration. To aid future updates, we do, however, encourage + you not to use the + exim_convert4r4-generated file verbatim but + instead drop appropriate configuration snippets in their + appropriate place in /etc/exim4/conf.d. + +
+
Misc Notes +
PAM + + On Debian systems the PAM modules run as the same user + as the calling program, so they cannot do anything you + could not do yourself, and in particular cannot access + /etc/shadow unless the user is in group + shadow. - If you want to use + /etc/shadow for Exim's SMTP AUTH you + will need to run exim as group shadow. Only + exim4-daemon-heavy is linked against libpam. We suggest using + saslauthd instead. + +
+
Account name restrictions + + In the default configuration, Exim cannot locally deliver + mail to accounts which have capitals in their name. This is + caused by the fact that Exim converts the local part of incoming + mail to lower case before the comparison done by the + check_local_user directive in routers is done. + + + The router option caseful_local_part can be used to control + this, and we decided not to set this option in the Debian + configuration since it would be a rather big change to Exim's + default behavior. + +
+
No deliveries to root! + + No Exim 4 version released with any Debian OS can run + deliveries as root. If you don't redirect mail for root via + /etc/aliases to a nonprivileged + account, the mail will be delivered to + /var/mail/mail with permissions 0600 and + owner mail:mail. + + + This redirection is done by the mail4root router which + is last in the list and will thus catch mail for root that has not + been taken care of earlier. + +
+
Debugging maintainer and init scripts + + Most of the scripts that come with this Debian package do a + set -x if invoked with the environment + variable EX4DEBUG defined and non-zero. This is particularly + handy if you need to debug the maintainer scripts that are + invoked during package installation. Since dpkg redirects + stdout of maintainer scripts, calling dpkg with EX4DEBUG + set might yield interesting results. If in doubt, invoke + the maintainer scripts with EX4DEBUG set manually directly + from the command line. + +
+
SELinux + + There is no SELinux policy for Exim4 available so far. + Until this is resolved, users should use postfix or + sendmail if they intend to run SELinux. + + + The Debian Exim4 maintainers would appreciate if + somebody could write an SELinux policy. We will gladly + use them in the Debian packages as long as there is + somebody available to test, debug and support. + +
+
misc + + + + convert4r4 is installed as + /usr/sbin/exim_convert4r4. + + + + + The charset for $header_foo expansions defaults to + UTF-8 instead of ISO-8859-1. + + + + + + Marc Merlin's Exim 4 Page has a lot of ACL + examples. + + + + + For an example of Exim usage in a + large installation, see + Tony Finch's + +paper + about the Exim installation at University of Cambridge: + + + +
+
+
Debian modifications to the Exim source + + + + Install the exim binary as /usr/sbin/exim4 instead of + /usr/sbin/exim-<version> with a symlink /usr/sbin/exim. Also + adapt the documentation. + + + + + Make the build reproducible. Pull date/time from debian/changelog + and use it as build time instead of using __DATE__. + + + + + Documentation updates + + + + + Mention how to install the Debian packaged perl-modules needed + for eximstats' graphs. + + + + + Add a warning about convert4r4. + + + + + Point to the + Debian-specific mailing list instead of + the official + exim-users list. + + + + + + + localscan_dlopen.patch: + This patch makes it possible to use and switch between + different local_scan + functions without recompiling Exim. Use + local_scan_path = /path/to/sharedobject to utilize + local_scan() in /path/to/sharedobject. + + + +
+ +
Credits + + + Andreas + Barth + + UUCP documentation + + + + Dan Weber, Ryen Underwood + + inetd/xinetd documentation + + + + +
+ +
diff --cc debian/changelog index 02a8d87,0000000..6fcb27a mode 100644,000000..100644 --- a/debian/changelog +++ b/debian/changelog @@@ -1,5343 -1,0 +1,5963 @@@ - exim4 (4.89-2+deb9u6) stretch-security; urgency=high ++exim4 (4.92-8+deb10u3) buster-security; urgency=high + - * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI ++ * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: ++ Fix buffer overflow in string_vformat. ++ ++ -- Andreas Metzler Fri, 27 Sep 2019 18:09:35 +0200 ++ ++exim4 (4.92-8+deb10u2) buster-security; urgency=high ++ ++ * 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI + related buffer overflow. CVE-2019-15846 + - -- Andreas Metzler Tue, 03 Sep 2019 20:01:38 +0200 ++ -- Andreas Metzler Tue, 03 Sep 2019 19:51:11 +0200 + - exim4 (4.89-2+deb9u5) stretch-security; urgency=high ++exim4 (4.92-8+deb10u1) buster-security; urgency=high + + * Fix remote command execution vulnerability related to + "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 + - -- Andreas Metzler Sat, 20 Jul 2019 13:32:35 +0200 ++ -- Andreas Metzler Sat, 20 Jul 2019 13:35:58 +0200 + - exim4 (4.89-2+deb9u4) stretch-security; urgency=high ++exim4 (4.92-8) unstable; urgency=low + - * Non-maintainer upload by the Security Team. - * Fix remote command execution vulnerability (CVE-2019-10149) ++ * Pulled from exim-4.92+fixes branch: ++ + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch ++ Fix expansion of $tls_out_ocsp under hosts_request_ocsp. ++ + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch ++ When tls_verify_certificates was set to a directory instead of a file ++ exim/GnuTLS would still send out the list of accepted certificates, ++ This did not match documented behavior. ++ + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch ++ The dsn_from option was not used for DSN success messages. ++ * Pulled from upstream GIT master: ++ + 75_14-Fix-smtp-response-timeout.patch ++ Fix the timeout on smtp response to apply to the whole response instead ++ of resetting for every byte received. ++ + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch ++ https://bugs.exim.org/show_bug.cgi?id=2405 ++ ${eval } was broken on 32bit archs. + - -- Salvatore Bonaccorso Tue, 28 May 2019 22:13:55 +0200 ++ -- Andreas Metzler Sat, 08 Jun 2019 17:37:43 +0200 + - exim4 (4.89-2+deb9u3) stretch-security; urgency=high ++exim4 (4.92-7) unstable; urgency=medium + - * Non-maintainer upload by the Security Team. - * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000) ++ * Upload to unstable. + - -- Salvatore Bonaccorso Sat, 10 Feb 2018 09:26:05 +0100 ++ -- Andreas Metzler Tue, 07 May 2019 19:44:23 +0200 + - exim4 (4.89-2+deb9u2) stretch-security; urgency=high ++exim4 (4.92-6) experimental; urgency=medium + - * Non-maintainer upload by the Security Team. - * Avoid release of store if there have been later allocations - (CVE-2017-16943) (Closes: #882648) - * Chunking: do not treat the first lonely dot special (CVE-2017-16944) - (Closes: #882671) ++ * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for ++ debugging sa-exim. ++ * Set HAVE_LOCAL_SCAN=yes in EDITME. ++ * Upload to experimental. ++ ++ -- Andreas Metzler Tue, 16 Apr 2019 17:58:20 +0200 ++ ++exim4 (4.92-5) unstable; urgency=medium ++ ++ * Improved spam-scanning example with accompaning information in ++ README.Debian. Explicitly warn about adding the default SpamAssassin ++ report in a header, which Closes: #774553 ++ * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple ++ of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on ++ the (working) version of the patch. Drop exim4-dev package. Add a NEWS ++ entry for this change. ++ ++ -- Andreas Metzler Sun, 07 Apr 2019 13:39:31 +0200 ++ ++exim4 (4.92-4) unstable; urgency=medium ++ ++ * Another patch from exim-4.92+fixes branch: ++ 75_10-Harden-plaintext-authenticator.patch ++ ++ -- Andreas Metzler Fri, 22 Mar 2019 07:15:20 +0100 ++ ++exim4 (4.92-3) unstable; urgency=medium ++ ++ * Pull fixes from exim-4.92+fixes branch. ++ + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch ++ + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch ++ + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch ++ + 75_08-Logging-fix-initial-listening-on-log-line.patch ++ + 75_09-OpenSSL-Fix-aggregation-of-messages.patch ++ ++ -- Andreas Metzler Wed, 20 Mar 2019 17:01:29 +0100 ++ ++exim4 (4.92-2) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Wed, 20 Feb 2019 19:23:11 +0100 ++ ++exim4 (4.92-1) experimental; urgency=medium ++ ++ * Point watchfile to release directory again. ++ * New upstream stable release, identical to rc6 except for the version ++ string. ++ * Pull fixes from exim-4.92+fixes branch. ++ + 75_01-Fix-json-extract-operator-for-unfound-case.patch ++ + 75_02-Fix-transport-buffer-size-handling.patch ++ + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch ++ + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch ++ * Upload to experimental while waiting for rc6 to migrate. ++ ++ -- Andreas Metzler Sun, 17 Feb 2019 13:13:55 +0100 ++ ++exim4 (4.92~RC6-1) unstable; urgency=low ++ ++ * New upstream snapshot rc6, includes ++ 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch. ++ ++ -- Andreas Metzler Sat, 09 Feb 2019 14:33:15 +0100 ++ ++exim4 (4.92~RC5-2) unstable; urgency=high ++ ++ * In init script use start-stop-daemon directly instead of lsb-base's ++ killproc which currently fails to pass on the executable name to s-s-d ++ (921558). This broke with s-s-d 1.19.2 which (for security reasons) ++ requires further filtering arguments in addition to --pidfile when the pid ++ file is not owned by root. Closes: #921205 ++ ++ -- Andreas Metzler Thu, 07 Feb 2019 18:42:41 +0100 ++ ++exim4 (4.92~RC5-1) unstable; urgency=medium ++ ++ * New upstream snapshot rc5. ++ * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers ++ was ignored. ++ ++ -- Andreas Metzler Thu, 31 Jan 2019 19:25:03 +0100 ++ ++exim4 (4.92~RC4-3) unstable; urgency=medium ++ ++ * Refresh debian/upstream/signing-key.asc from ++ https://downloads.exim.org/Exim-Maintainers-Keyring.asc. ++ * Drop outdated pointers to alioth package homepage from README.Debian. ++ * Update exim4-config Breaks to enforce upgrade to daemon binary package ++ with DANE support. Closes: #919902 ++ * [lintian] Minimize upstream/signing-key.asc. ++ ++ -- Andreas Metzler Sun, 20 Jan 2019 17:52:39 +0100 ++ ++exim4 (4.92~RC4-2) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Sat, 05 Jan 2019 15:35:38 +0100 ++ ++exim4 (4.92~RC4-1) experimental; urgency=low ++ ++ * New upstream version. ++ + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch. ++ + Unfuzz patches. ++ ++ -- Andreas Metzler Mon, 31 Dec 2018 13:13:45 +0100 ++ ++exim4 (4.92~RC3-1) unstable; urgency=low ++ ++ * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from ++ upstream GIT master, fixing outgoing TLS 1.3. ++ https://bugs.exim.org/show_bug.cgi?id=2359 ++ * New upstream version. ++ * Upload to unstable. ++ ++ -- Andreas Metzler Wed, 26 Dec 2018 16:07:52 +0100 ++ ++exim4 (4.92~RC2-1) experimental; urgency=low ++ ++ * New upstream version. ++ + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch ++ ++ -- Andreas Metzler Tue, 18 Dec 2018 19:20:24 +0100 ++ ++exim4 (4.92~RC1-1) experimental; urgency=low ++ ++ * Update upstream/signing-key.asc from ++ https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding ++ 96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing ++ 1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and ++ FAA1C7F9CD077DC4304BC0C885AB833FDDC03262. ++ * New upstream release candidate: ++ + Point watchfile to test subdir. ++ + Update watchfile to handle -RC1 in addition to _RC1. ++ + Drop 75_fixes*.patch. ++ + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch ++ + Update configuration from upstream example, except for ++ tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport: ++ * Enable dns_dnssec_ok. ++ * Set dnssec_request_domains = * on dnslookup and ++ dnslookup_relay_to_domains routers. ++ * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp ++ transport unless REMOTE_SMTP_DISABLE_DANE is set. ++ * Set multi_domain on remote_smtp_smarthost transport. ++ * Post release updates: ++ + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch ++ ++ -- Andreas Metzler Sat, 15 Dec 2018 16:24:54 +0100 ++ ++exim4 (4.91-9) unstable; urgency=low ++ ++ * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back ++ autodeleted comments. ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch ++ + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch ++ + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch ++ + 75_fixes_29-Fix-AUTH_GSASL-build.patch ++ + 75_fixes_30-Harden-string-list-handling.patch ++ ++ -- Andreas Metzler Thu, 06 Dec 2018 19:19:38 +0100 ++ ++exim4 (4.91-8) unstable; urgency=low ++ ++ [ Andreas Metzler ] ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_18-Restore-Darwin-OS-configuration.patch ++ + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch ++ + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch ++ + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch ++ + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch ++ + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch ++ ++ [ Marc Haber ] ++ * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper. ++ ++ -- Andreas Metzler Sat, 29 Sep 2018 19:08:52 +0200 ++ ++exim4 (4.91-7) unstable; urgency=low ++ ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_16-Fix-non-EVENTS-build.patch ++ + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch ++ ++ -- Andreas Metzler Sun, 26 Aug 2018 11:33:15 +0200 ++ ++exim4 (4.91-6) unstable; urgency=low ++ ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch ++ + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch ++ + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch ++ * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck. ++ (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS) ++ ++ -- Andreas Metzler Fri, 20 Jul 2018 11:21:24 +0200 ++ ++exim4 (4.91-5) unstable; urgency=medium ++ ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch ++ + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch ++ + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch ++ ++ -- Andreas Metzler Sat, 09 Jun 2018 18:10:39 +0200 ++ ++exim4 (4.91-4) unstable; urgency=medium ++ ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch ++ + 75_fixes_07-tidying.patch ++ + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch ++ + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch ++ * [lintian] Delete trailing empty lines in changelog. ++ ++ -- Andreas Metzler Thu, 17 May 2018 17:14:53 +0200 ++ ++exim4 (4.91-3) unstable; urgency=medium ++ ++ * Update from exim-4_91+fixes branch: ++ + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch ++ + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch ++ + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch ++ + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch ++ + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch ++ + Move 50_localscan_dlopen.dpatch to end of patch series and rename to ++ 90_... to preserve alphanumeric patch ordering. ++ * Add log_message for local blacklists to improve log readability. (Patch by ++ Dominic Hargreaves). ++ ++ -- Andreas Metzler Sat, 28 Apr 2018 14:59:36 +0200 ++ ++exim4 (4.91-2) unstable; urgency=low ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Sat, 21 Apr 2018 10:38:50 +0200 ++ ++exim4 (4.91-1) experimental; urgency=medium ++ ++ * Point watchfile to release directory again and use downloads.exim.org ++ host. ++ * New upstream version. ++ * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did ++ not ship libgnutls-dane0. ++ ++ -- Andreas Metzler Sun, 15 Apr 2018 17:52:05 +0200 ++ ++exim4 (4.91~RC4-1) experimental; urgency=medium ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Mon, 09 Apr 2018 19:25:18 +0200 ++ ++exim4 (4.91~RC3-1) experimental; urgency=medium ++ ++ * New upstream version. ++ * Point vcs* to salsa. ++ ++ -- Andreas Metzler Thu, 05 Apr 2018 19:43:39 +0200 ++ ++exim4 (4.91~RC2-1) experimental; urgency=medium ++ ++ * New upstream version. ++ Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch + - -- Salvatore Bonaccorso Tue, 28 Nov 2017 22:58:00 +0100 ++ -- Andreas Metzler Wed, 21 Mar 2018 19:25:44 +0100 ++ ++exim4 (4.91~RC1-1) experimental; urgency=medium ++ ++ * Point watchfile to test subdirectory. ++ * New upstream version: ++ + Drop debian/patches/75_*. ++ + Update example.conf.md5. ++ Upstream now enables verify = header_syntax check in default config, ++ mirror this change in Debian, introduce ++ NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this. ++ * Build with newly available (well, for GnuTLS) DANE support. ++ * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from ++ upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250. ++ ++ -- Andreas Metzler Sat, 17 Mar 2018 17:41:51 +0100 ++ ++exim4 (4.90.1-5) unstable; urgency=medium ++ ++ * Update from exim-4_90+fixes branch: ++ 75_15-Pipe-transport-part-two.-Bug-2257.patch ++ 75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch ++ 75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch ++ ++ -- Andreas Metzler Sat, 31 Mar 2018 07:14:31 +0200 ++ ++exim4 (4.90.1-4) unstable; urgency=medium ++ ++ * Update from exim-4_90+fixes branch: ++ 75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch ++ 75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch ++ 75_13-Unbreak-DMARC.patch ++ 75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch ++ ++ -- Andreas Metzler Thu, 22 Mar 2018 07:44:05 +0100 ++ ++exim4 (4.90.1-3) unstable; urgency=medium ++ ++ * Update from exim-4_90+fixes branch: ++ 75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch ++ 75_08-Mark-variables-unused-before-release-of-store-in-the.patch ++ 75_09-Mark-variables-unused-before-release-of-store-in-the.patch ++ 75_10-Mark-variables-that-are-unused-before-release-of-sto.patch ++ ++ -- Andreas Metzler Fri, 16 Mar 2018 18:35:01 +0100 ++ ++exim4 (4.90.1-2) unstable; urgency=medium ++ ++ * Update from exim-4_90+fixes branch: ++ 75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch ++ 75_02-Fix-memory-leak-during-multi-message-reception-using.patch ++ 75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch ++ 75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch ++ 75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch ++ 75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch ++ ++ -- Andreas Metzler Sat, 10 Mar 2018 14:25:51 +0100 ++ ++exim4 (4.90.1-1) unstable; urgency=high ++ ++ * New upstream version, fixing CVE-2018-6789. Closes: #890000 ++ + Drop 75_*.patch. ++ ++ -- Andreas Metzler Sat, 10 Feb 2018 13:45:40 +0100 ++ ++exim4 (4.90-7) unstable; urgency=medium ++ ++ * Update from exim-4_90+fixes branch. (exim-4.90.0.27) ++ + 75_21-DKIM-fix-buffer-overflow-in-verify.patch ++ + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch ++ + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch ++ * Typo fixes in old patch descriptions. (Thanks, lintian!) ++ ++ -- Andreas Metzler Sat, 10 Feb 2018 13:13:37 +0100 ++ ++exim4 (4.90-6) unstable; urgency=medium ++ ++ * Update from exim-4_90+fixes branch. ++ + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch ++ + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch ++ Closes: #887489 ++ + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch ++ + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch ++ ++ -- Andreas Metzler Wed, 07 Feb 2018 19:37:03 +0100 ++ ++exim4 (4.90-5) unstable; urgency=low ++ ++ * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from ++ exim-4_90+fixes branch. ++ * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971 ++ * [update-exim4.conf] stop converting variables set to an empty value in ++ /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of ++ "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972 ++ ++ -- Andreas Metzler Sat, 27 Jan 2018 17:00:42 +0100 ++ ++exim4 (4.90-4) unstable; urgency=low ++ ++ * Update from exim-4_90+fixes branch. ++ 75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch ++ 75_14-Fix-D-string-expansion-to-not-use-millisec.patch ++ 75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch ++ ++ -- Andreas Metzler Sat, 20 Jan 2018 08:00:45 +0100 ++ ++exim4 (4.90-3) unstable; urgency=medium ++ ++ * Three more patches from exim-4_90+fixes branch: ++ 75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch ++ 75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch ++ 75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch ++ ++ -- Andreas Metzler Mon, 08 Jan 2018 18:55:28 +0100 ++ ++exim4 (4.90-2) unstable; urgency=medium ++ ++ * Update to exim-4_90+fixes branch: ++ + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch. ++ + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch ++ + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch ++ + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch ++ + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch ++ + 75_05-Fix-build-of-nisplus-lookup.patch ++ + 75_06-Fix-const-issue-in-nisplus-lookup.patch ++ + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch ++ + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch ++ ++ -- Andreas Metzler Sat, 30 Dec 2017 15:43:52 +0100 ++ ++exim4 (4.90-1) unstable; urgency=low ++ ++ * rc4 released as 4.90. ++ * Point watchfile to release directory again. ++ * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream ++ GIT master branch. Fix pgsql lookup for multiple result-tuples with a ++ single column. Previously only the last row was returned. ++ https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html ++ * Simplify debian/rules and make it usable with dh v10 compat. The ++ fine-grained support for selecting the to be built packages (-custom with ++ or without -base) was dropped. The build process is now controlled by ++ attaching tasks to dh-override hooks instead of using file dependencies, ++ makefile-style. The latter broke with dh v10 due to upstream's ++ build-system which always has the main targets out-of-date inter alia due ++ to the compile-number feature. ++ * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change ++ buildflags ATM.) ++ * Use debhelper v10 compat. ++ * Drop override_dh_strip-arch, we have had enough toolchain and ++ source changes to prevent file conflicts. ++ ++ -- Andreas Metzler Thu, 28 Dec 2017 13:42:23 +0100 ++ ++exim4 (4.90~RC4-1) unstable; urgency=medium ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Thu, 14 Dec 2017 18:11:40 +0100 ++ ++exim4 (4.90~RC3-2) unstable; urgency=low ++ ++ * Upload to unstable. ++ * Point homepage to https URL. ++ ++ -- Andreas Metzler Sat, 02 Dec 2017 17:37:13 +0100 ++ ++exim4 (4.90~RC3-1) experimental; urgency=medium ++ ++ * New upstream version. ++ + Fix a use-after-free while reading smtp input for header lines. ++ A crafted sequence of BDAT commands could result in in-use memory ++ being freed. CVE-2017-16943. Closes: #882648 ++ + Fix checking for leading-dot on a line during headers reading ++ from SMTP input. Previously it was always done; now only done for ++ DATA and not BDAT commands. CVE-2017-16944 Closes: #882671 ++ * Drop 78_Disable-chunking-BDAT-by-default.patch again. ++ ++ -- Andreas Metzler Fri, 01 Dec 2017 19:14:08 +0100 ++ ++exim4 (4.90~RC2-3) experimental; urgency=medium ++ ++ * As a workaround for the yet-unfixed security vulnerability resurrect (and ++ adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in ++ 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 ++ https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html ++ ++ -- Andreas Metzler Sat, 25 Nov 2017 12:01:40 +0100 ++ ++exim4 (4.90~RC2-2) experimental; urgency=low ++ ++ * B-d on lynx, instead of lynx-cur | lynx. ++ ++ -- Andreas Metzler Fri, 17 Nov 2017 17:03:10 +0100 ++ ++exim4 (4.90~RC2-1) experimental; urgency=low ++ ++ * New upstream release candidate. ++ + Unfuzz patches, drop 40_reproducible_build.diff and ++ 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff. ++ + Refresh debian/example.conf.md5, No changes to Debian's configuration ++ needed, upstream added a (commented) entry to change OpenSSL ciphers. ++ ++ -- Andreas Metzler Thu, 16 Nov 2017 19:40:35 +0100 ++ ++exim4 (4.90~RC1-1) experimental; urgency=low ++ ++ * New upstream release candidate. ++ + Point watchfile to test subdirectory. ++ + Update 40_reproducible_build.diff ++ + Drop 75_fixes*.patch and ++ 80_Repair-manualroute-transport-name-not-last-option.patch. ++ + Unfuzz EDITME*.diff ++ + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when ++ SOURCE_DATE_EPOCH is set. ++ * Drop trailing whitespace in debian/README.source, debian/changelog and ++ debian/rules. (Thanks, lintian) ++ * Drop debian/README.source and outdated parts of debian/copyright. ++ ++ -- Andreas Metzler Sun, 29 Oct 2017 10:52:30 +0100 ++ ++exim4 (4.89-13) unstable; urgency=high ++ ++ * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch ++ from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944 ++ ++ -- Andreas Metzler Wed, 29 Nov 2017 19:30:37 +0100 ++ ++exim4 (4.89-12) unstable; urgency=high ++ ++ * Sync with exim-4_89+fixes branch: ++ + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch ++ + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch ++ Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943 ++ * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch. ++ ++ -- Andreas Metzler Tue, 28 Nov 2017 20:04:23 +0100 ++ ++exim4 (4.89-11) unstable; urgency=critical ++ ++ * B-d on lynx, instead of lynx-cur | lynx. ++ ++ -- Andreas Metzler Sat, 25 Nov 2017 13:02:43 +0100 ++ ++exim4 (4.89-10) unstable; urgency=critical ++ ++ * As a workaround for the yet-unfixed security vulnerability resurrect ++ 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable ++ both incoming and outgoing BDAT/CHUNKING. #882648 ++ https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html ++ ++ -- Andreas Metzler Sat, 25 Nov 2017 11:43:24 +0100 ++ ++exim4 (4.89-9) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Fri, 27 Oct 2017 19:23:25 +0200 ++ ++exim4 (4.89-8) experimental; urgency=low ++ ++ * Sync with exim-4_89+fixes branch: ++ 75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch ++ 75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch ++ * Point watchfile to https site. ++ ++ -- Andreas Metzler Mon, 23 Oct 2017 19:14:24 +0200 ++ ++exim4 (4.89-7) unstable; urgency=low ++ ++ * In debian/rules' manually called update-mtaconflicts target use ++ grep-aptavail instead of hard-coding /var/lib/apt/lists/. ++ (Thanks, Julian Andres Klode) Closes: #874772 ++ * Update debian/mtalist. ++ * Sync with exim-4_89+fixes branch: ++ 75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch ++ 75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch ++ 75_fixes_15-SOCKS-fix-unitialized-pointer.patch ++ 75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch. ++ ++ -- Andreas Metzler Wed, 27 Sep 2017 07:35:23 +0200 ++ ++exim4 (4.89-6) unstable; urgency=medium ++ ++ * Use "runuser --command ..." instead of "su - --command ..." in ++ exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688 ++ (Thanks, Jakobus Schürz) ++ * Sync priorities with override file: exim4{,-base,-config,-daemon-light} ++ optional from standard, exim4-dev optional from extra. ++ * In debian/rules when setting up the build-tree for -custom also copy ++ EDITME.eximon to allow building based on EDITME.exim4-light with eximon ++ building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813 ++ ++ -- Andreas Metzler Sat, 09 Sep 2017 15:29:39 +0200 ++ ++exim4 (4.89-5) unstable; urgency=medium ++ ++ * Update to exim-4_89+fixes branch: ++ 75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch ++ 75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch ++ (replaces 79_CVE-2017-1000369.patch) ++ 75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces ++ 81_Fix-log-line-corruption-for-DKIM-status.patch) ++ 75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch ++ 75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch ++ 75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch ++ 75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch ++ 75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch ++ (CVE-2017-10140) ++ 75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch ++ 75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch ++ 75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch ++ * Simplify debian/rules by including buildflags.mk unconditionally which was ++ introduced in dpkg 1.16.1 released in October 2011. ++ * Use pkg-info.mk to get package-version, upstream-version and ++ SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not ++ provided by pkg-info.mk. ++ * [lintian] In *daemon.postinst use which certtool instead of ++ [ -x /usr/bin/certtool ] to check for availablility of the command. ++ ++ -- Andreas Metzler Thu, 10 Aug 2017 10:17:05 +0200 ++ ++exim4 (4.89-4) unstable; urgency=low ++ ++ * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT ++ master: Starting with 4.85 a transport name needed to specified after ++ options in route_list. Closes: #865287 ++ * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master. ++ * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by ++ default. ++ * Standards-Version: 4.0.0 ++ + Do not check for availability of invoke-rc.d, use it always and do not ++ fall back to invoking the init-script directly. ++ + Drop eximon menu file. ++ * Migrate to automatic debug packages. Bump b-d on debhelper since ++ --dbgsym-migration was introduced in debhelper 9.20160114. ++ ++ -- Andreas Metzler Sat, 15 Jul 2017 12:46:16 +0200 ++ ++exim4 (4.89-3) unstable; urgency=high ++ ++ * Re-upload to unstable. ++ ++ -- Andreas Metzler Mon, 19 Jun 2017 18:51:13 +0200 + +exim4 (4.89-2+deb9u1) stretch-security; urgency=medium + + * CVE-2017-100369 + + -- Wed, 14 Jun 2017 07:03:07 +0200 + +exim4 (4.89-2) unstable; urgency=medium + + * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to + initscript (#844178). It breaks when the initscript does not start a + daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). + Closes: #860317 + * When reporting bugs also attach /etc/default/exim4 by default. + + -- Andreas Metzler Thu, 20 Apr 2017 17:14:04 +0200 + +exim4 (4.89-1) unstable; urgency=medium + + * Enable inbound (server-side) proxying for -heavy. Closes: #856712 + * New upstream release, source identical to RC7. + + -- Andreas Metzler Thu, 09 Mar 2017 17:49:47 +0100 + +exim4 (4.89~RC7-1) unstable; urgency=medium + + * New upstream version. + + -- Andreas Metzler Wed, 01 Mar 2017 18:37:18 +0100 + +exim4 (4.89~RC6-1) unstable; urgency=medium + + * Document E4BCD_PANICLOG_LINES in README.Debian. + * New upstream version. + + -- Andreas Metzler Thu, 23 Feb 2017 18:24:33 +0100 + +exim4 (4.89~RC5-1) unstable; urgency=medium + + * New upstream version. + + -- Andreas Metzler Mon, 13 Feb 2017 19:04:46 +0100 + +exim4 (4.89~RC4-1) unstable; urgency=medium + + * New upstream version. + + Drop 92_CVE-2016-1238.diff. + * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile + while we are changing the init script. + + -- Andreas Metzler Sun, 12 Feb 2017 15:28:09 +0100 + +exim4 (4.89~RC3-1) unstable; urgency=medium + + * New upstream version. + + Unfuzz 92_CVE-2016-1238.diff. + * init file: + + Source /etc/default/exim4 *before* defining the shell + variables holding the pidfilenames. Overriding these via + /etc/default/exim4 is not supported. + + Add missing support for reload when QUEUERUNNER='queueonly'. + + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way + $PIDFILE is used for the main exim process for all available QUEUERUNNER + choices. + + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd + interaction. systemd-sysv-generator uses this pseudoheader to set + PIDFile in the generated service file and it also sets + RemainAfterExit=no instead of yes if it is present. Thanks, Michael + Biebl for suggestion and explanation. Closes: #844178 + + -- Andreas Metzler Fri, 10 Feb 2017 19:08:52 +0100 + +exim4 (4.89~RC2-1) unstable; urgency=medium + + * New upstream version. + + Drop 75_add_bak_spec.txt.diff. + + -- Andreas Metzler Sat, 04 Feb 2017 15:24:44 +0100 + +exim4 (4.89~RC1-1) unstable; urgency=low + + * Refresh debian/upstream/signing-key.asc. + * New upstream bugfix release. + + Drop superfluous patches. + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch + 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + + Unfuzz 31_eximmanpage.dpatch and + 78_Disable-chunking-BDAT-by-default.patch. + + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc + tarball. + + Unfuzz debian/EDITME.exim4-*. + + Update debian/example.conf.md5. - Upstream typo fix. + + -- Andreas Metzler Tue, 31 Jan 2017 19:52:50 +0100 + +exim4 (4.88-5) unstable; urgency=medium + + * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main + option chunking_advertise_hosts and smtp transport option + hosts_try_chunking from "*" to empty. + This is a Debian specific change, we are right before the freeze and BDAT + needs a little time. + + -- Andreas Metzler Thu, 19 Jan 2017 19:18:15 +0100 + +exim4 (4.88-4) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Sat, 07 Jan 2017 14:38:00 +0100 + +exim4 (4.88-3) experimental; urgency=medium + + * Pull multiple patches from upstream GIT: + + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, + 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + (Thanks, Bart Noordervliet for the pointer) Closes: #850175 + + -- Andreas Metzler Fri, 06 Jan 2017 17:32:20 +0100 + +exim4 (4.88-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Tue, 27 Dec 2016 17:36:29 +0100 + +exim4 (4.88-1) experimental; urgency=medium + + * New upstream version. + * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to + testing. + * Drop 75_Fix-DKIM-information-leakage.patch. + + -- Andreas Metzler Sun, 25 Dec 2016 18:07:12 +0100 + +exim4 (4.88~RC6-2) unstable; urgency=high + + * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA + physical line limit check for both for SMTP DATA ACL and remote_smtp* + transports. Closes: #828801 + Also update corresponding NEWS entry. + * [lintian] debian/changelog: s/lenght/length/ + * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM + information leakage issue CVE-2016-9963. + + -- Andreas Metzler Thu, 22 Dec 2016 16:50:21 +0100 + +exim4 (4.88~RC6-1) unstable; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 08 Dec 2016 07:19:18 +0100 + +exim4 (4.88~RC5-1) unstable; urgency=low + + * New upstream version. + + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. + + -- Andreas Metzler Sat, 19 Nov 2016 17:43:51 +0100 + +exim4 (4.88~RC4-2) unstable; urgency=low + + * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream + GIT to fix exim bug 1914 (exim doesn't close connection after quit. + * Upload to unstable. + + -- Andreas Metzler Sat, 12 Nov 2016 07:26:14 +0100 + +exim4 (4.88~RC4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Mon, 07 Nov 2016 19:08:47 +0100 + +exim4 (4.88~RC3-1) experimental; urgency=medium + + * New upstream version. + Drop 75_01-Fix-check-for-commandline-macro-definition.patch + 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. + + -- Andreas Metzler Mon, 24 Oct 2016 19:25:31 +0200 + +exim4 (4.88~RC2-3) experimental; urgency=medium + + * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on + every upgrade. + * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix + longstanding bug with aborted TLS server connection handling. Under + GnuTLS, when a session startup failed (eg because the client + disconnected) Exim did stdio operations after fclose. This was exposed by + a recent change which nulled out the file handle after the fclose. + + -- Andreas Metzler Sun, 23 Oct 2016 16:39:13 +0200 + +exim4 (4.88~RC2-2) experimental; urgency=medium + + * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission + problems on commandline mail submission. Closes: #840355 + + -- Andreas Metzler Thu, 13 Oct 2016 19:25:07 +0200 + +exim4 (4.88~RC2-1) experimental; urgency=low + + * New upstream version. + + Changed default Diffie-Hellman parameters to be Exim-specific, created + by Phil Pennock. Added RFC7919 DH primes as an alternative. + Closes: #839978 + * Set tls_dhparam = historic to use site-specific DH parameters. + * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in + -daemon postinst. + * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either + by running certtool or by installing + /usr/share/exim4/gnutls-params-2048. Do not try to use + openssl dhparam, it takes too long. + + -- Andreas Metzler Sun, 09 Oct 2016 17:37:08 +0200 + +exim4 (4.88~RC1-1) experimental; urgency=low + + * Drop reference to removed (in 4.80-7) "what"-option in init script usage + message. (Thanks, Calum Mackay!) Closes: #823855 + * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] + Closes: #832442 + * [lintian] update-exim4.conf.8 - fix typo. + * [lintian] Drop unused override binaries-have-file-conflict. + * B-d on default-libmysqlclient-dev. + * New upstream version. + + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch + 50_localscan_dlopen.dpatch + + Drop superfluous patches. + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + + Fix crash in VRFY handling when handed an unqualified name + (lacking @domain). Apply the same qualification processing as RCPT. + Closes: #834699 + + Fix a possible security hole, wherein a process operating with the Exim + UID can gain a root shell. Credit to http://www.halfdog.net/ for + discovery and writeup. LP: #1580454 + * [lintian] exim4-config_files.5 - fix typo. + + -- Andreas Metzler Sun, 25 Sep 2016 15:44:00 +0200 + +exim4 (4.87-3) unstable; urgency=medium + + * Pull multiple patches from upstream GIT: + + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch + Improved message on overlong lines in example config. + + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch + Fix race condition related to connection reuse. + https://bugs.exim.org/show_bug.cgi?id=1810 + + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + Avoid exposing passwords in log on failing ldap lookup + expansion. https://bugs.exim.org/show_bug.cgi?id=165 + * Copy information message on rejecting overlong lines in data ACL from + upstream example configuration. Closes: #823418 + * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. + Closes: 821830 + + -- Andreas Metzler Sun, 08 May 2016 14:03:10 +0200 + +exim4 (4.87-2) unstable; urgency=medium + + * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. + (Thanks, L. Guruprasad!) Closes: #821416 + * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS + connections (hosts_require_tls option) in remote_smtp_smarthost + transport. Closes: #822174 + * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It + is deprecated and will be removed in 4.88. + * README.Debian*: Fix minor issues found by lintian. + * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 + * Drop exim4-base Recommends on perl-modules. This had been unnecessary + since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. + + -- Andreas Metzler Sat, 30 Apr 2016 13:38:29 +0200 + +exim4 (4.87-1) unstable; urgency=medium + + * Fix comment in + conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, + Jörg-Volker Peetz!) Closes: #819780 + * New upstream release. + + -- Andreas Metzler Thu, 07 Apr 2016 19:26:59 +0200 + +exim4 (4.87~RC7-1) unstable; urgency=low + + * Enable SOCKS support in both -light and -heavy. Closes: #818091 + * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 + * New upstream version. + + Drop 74_Store-the-initial-working-directory.diff, + 75_String-expansions-fix-extract.patch, + 76_only_warn_on_nonempty_environment.diff. + + Update debian/example.conf.md5. + + -- Andreas Metzler Fri, 01 Apr 2016 19:04:07 +0200 + +exim4 (4.87~RC6-3) unstable; urgency=medium + + * Merge changelog entries for 4.86.2-1 and -2. + * Upload to unstable. + * Add link to CVE details to latest NEWS entry and bump its version and date + to match this upload. Closes: #818349, #817244 + + -- Andreas Metzler Wed, 23 Mar 2016 18:44:22 +0100 + +exim4 (4.87~RC6-2) experimental; urgency=medium + + * 74_Store-the-initial-working-directory.diff, + 76_only_warn_on_nonempty_environment.diff: Upstream followups on the + CVE fix (Thanks, Heiko Schlittermann!): + + Runtime warning is only generated if (and only if) keep_environment + is unset and environment is nonempty. + + Store the initial working directory and make it available in the new + expansion variable $initial_cwd. + * Merge all NEWS.Debian files into a single one, identical for all binary + packages. - Different NEWS files built from a single source package is not + and has not ever been supported by apt-listchanges which is the most + important frontend. + * Add a NEWS entry about the environment related runtime warning. + + -- Andreas Metzler Sat, 19 Mar 2016 18:11:32 +0100 + +exim4 (4.87~RC6-1) experimental; urgency=medium + + * New upstream version. + * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing + ${extract } string expansion for the numeric/3-string case. (Bug was + introduced in 4.85.) + * Set keep_environment to empty value instead of setting a minimal PATH in + add_environment. + + -- Andreas Metzler Fri, 11 Mar 2016 19:50:07 +0100 + +exim4 (4.87~RC5-2) experimental; urgency=medium + + * Update debian/upstream/signing-key.asc, using the keys listed in + ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds + Heiko Schlittermann's key. + * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 + + -- Andreas Metzler Sat, 05 Mar 2016 13:17:01 +0100 + +exim4 (4.87~RC5-1) experimental; urgency=medium + + * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying + to grep in it. Closes: #814998 + * New upstream version, includes the patch for CVE-2016-1531. (Local root + exploit). + * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new + options. If neither is used we use add_environment to set a minimal + PATH=/bin:/usr/bin to avoid a runtime warning. + + -- Andreas Metzler Wed, 02 Mar 2016 21:06:43 +0100 + +exim4 (4.87~RC3-2) experimental; urgency=medium + + * README.Debian: Refer to Exim specification by chapter name instead of + chapter number. Closes: #813351 + * Fix some spelling errors found by lintian. + * Minor debian/rules cleanup: + + Restore originally intended behavior, upstream changelog is only + shipped in exim4-base, symlinks to it elsewhere. + + Drop workaround for #347577, fixed in debhelper 5.0.15. + + Use "dh binary-arch" and "dh binary-indep" and a bunch of override + targets instead of listing all dh-commands. While this is uglier and + slows things down a bit it shortens debian/rules by 40 lines and has the + huge benefit that we automatically use all suggested helpers in correct + order. + + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. + + Delete unused, commented code. + + Drop (exported) variable MTACONFLICTS, used only once. + * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. + * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. + + -- Andreas Metzler Sat, 13 Feb 2016 20:10:53 +0100 + +exim4 (4.87~RC3-1) experimental; urgency=medium + + * Move Vcs-* from git/http to https. + * [lintian] README.Debian: s/desireable/desirable/. + * [lintian] README.Debian: Fix grammar error "allow + infinitive". + * [lintian] exim4-config.postinst: Use which foo > /dev/null + instead of [ -x /path/to/foo ]. + * Update list of patches in debian/README.Debian.xml + * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect + with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. + * New upstream version. + + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, + merge this change and drop CHECK_MAIL_HELO_ISSUED macro. + + -- Andreas Metzler Thu, 21 Jan 2016 17:44:00 +0100 + +exim4 (4.87~RC2-1) experimental; urgency=medium + + * New upstream version. + + -- Andreas Metzler Sat, 19 Dec 2015 17:51:39 +0100 + +exim4 (4.87~RC1-1) experimental; urgency=medium + + * New upstream version. + + Refresh patches. + + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. + + Sync with upstream default configuration: Check maximum (physical, i.e. + before unfolding) line length in default spec file data ACL and smtp + transport. Bug 1684 Closes: #797919 + + HS/02 Add the Exim version string to the process info. This way exiwhat + gives some more detail about the running daemon. Closes: #240883 + * Override upstream's new default of tls_advertise_hosts = * if + MAIN_TLS_ENABLE is not set. + + -- Andreas Metzler Fri, 11 Dec 2015 20:15:30 +0100 + +exim4 (4.86.2-2) unstable; urgency=high + + * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 + + -- Andreas Metzler Sat, 05 Mar 2016 13:07:31 +0100 + +exim4 (4.86.2-1) unstable; urgency=high + + * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream + 4.86+fixes branch. + * New upstream security release for CVE-2016-1531. + + New options keep_environment/add_environment which are empty by default, + i.e. any subprocesses start in a clean (empty) environment. + + -C requires an absolute path. + + Exim changes it's working directory to / right after startup. + * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new + options. If neither is used we use add_environment to set a minimal + PATH=/bin:/usr/bin to avoid a runtime warning. + + -- Andreas Metzler Tue, 01 Mar 2016 19:34:39 +0100 + +exim4 (4.86-7) unstable; urgency=medium + + * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 + * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from + exim-4_86+fixes branch fixes another MIME ACL related crash. + https://bugs.exim.org/show_bug.cgi?id=1730 + + -- Andreas Metzler Sat, 28 Nov 2015 18:45:31 +0100 + +exim4 (4.86-6) unstable; urgency=medium + + * Cleanup (actual patch is identical): Use + 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from + exim-4_86+fixes branch instad of + 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. + * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, + DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 + + -- Andreas Metzler Sun, 08 Nov 2015 07:55:51 +0100 + +exim4 (4.86-5) unstable; urgency=high + + * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT + head to avoid misaligned access in cached lookup. Closes: #803255 + + -- Andreas Metzler Tue, 03 Nov 2015 19:33:49 +0100 + +exim4 (4.86-4) unstable; urgency=medium + + * Fix documentation of lowuid_aliases router, exceptions are in + CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) + Closes: #799672 + * fcron has been removed from Debian in 2011, stop listing it as an + alternative dependency of exim4-base (Thanks, Alexandre Detiste). + Closes: #798236 + * Update to upstream exim-4_86+fixes branch: + + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, + 76_Fix-post-transport-crash.patch, + 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, + 78_Close-logs-after-daemon-process-exceptional-write.patch. + + Add 75_0001-Fix-post-transport-crash.patch + 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch + 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch + 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch + 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch + 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch + * Use dh v9. + + -- Andreas Metzler Sat, 17 Oct 2015 15:01:01 +0200 + +exim4 (4.86-3) unstable; urgency=medium + + * Pull three patches from upstream git: + + 75_Fix-ESMTP-MAIL-command-option-processing.patch: + Corrects handling of mail-addresses with whitespace. + + + 76_Fix-post-transport-crash.patch + 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch + + * Fix spelling error in copyright file. (Thanks, lintian) + * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from + upstream git, exim was keeping logfiles open after after a "too many + connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for + chasing this.) + * When saving the berkeley DB version at build-time pass -P option to cpp, + to prevent linebreaks. + + -- Andreas Metzler Tue, 25 Aug 2015 20:05:59 +0200 + +exim4 (4.86-2) unstable; urgency=high + + * Update exim4-config Breaks, PRDR support is was moved from being + Experimental into the mainline with 4.83. + Closes: #794320 + + -- Andreas Metzler Sun, 02 Aug 2015 07:40:24 +0200 + +exim4 (4.86-1) unstable; urgency=medium + + * New upstream version, identical to RC5 (except for the version string). + + -- Andreas Metzler Sun, 26 Jul 2015 18:35:33 +0200 + +exim4 (4.86~RC5-1) unstable; urgency=medium + + * New upstream version. + + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. + + -- Andreas Metzler Sat, 18 Jul 2015 11:46:11 +0200 + +exim4 (4.86~RC4-2) unstable; urgency=medium + + * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 + * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, + 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, + 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, + 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), + transition from debian/upstream-signing-key.pgp to + debian/upstream/signing-key.asc. + * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update + exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then + properly fix the issue. Closes: #790616 + + -- Andreas Metzler Sun, 05 Jul 2015 11:47:47 +0200 + +exim4 (4.86~RC4-1) unstable; urgency=medium + + * unexport/undefine TZ in debian/rules for reproducible build. It would be + used as default value for TIMEZONE_DEFAULT. + * New upstream version. + + Unfuzz 31_eximmanpage.dpatch. + + -- Andreas Metzler Mon, 29 Jun 2015 07:43:19 +0200 + +exim4 (4.86~RC3-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Tue, 23 Jun 2015 19:11:19 +0200 + +exim4 (4.86~RC3-1) experimental; urgency=medium + + * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug + 1166671. + * New upstream version. + + -- Andreas Metzler Mon, 22 Jun 2015 20:39:11 +0200 + +exim4 (4.86~RC2-1) experimental; urgency=medium + + * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control + (Thanks, lintian). + * New upstream version: + +Drop included patches. + (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, - 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, ++ 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, + 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) + * Sync Debian config with upstream default config: + + Set prdr_enable. + + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to + log_selector option value. + + -- Andreas Metzler Wed, 17 Jun 2015 19:49:58 +0200 + +exim4 (4.86~RC1-3) experimental; urgency=medium + + * Get time and date of latest debian/changelog entry and patch exim(on) to + use these instead of __DATE__ and __TIME__. + * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch + from GIT to fix FTBFS on kfreebsd. + + -- Andreas Metzler Sat, 13 Jun 2015 15:22:47 +0200 + +exim4 (4.86~RC1-2) experimental; urgency=medium + + * Pull three post-release fixes from upstream GIT. (null pointer + derefencing, and spam scanning defaulting to rspam mode) + + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch + + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch + + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch + + -- Andreas Metzler Sun, 07 Jun 2015 07:26:13 +0200 + +exim4 (4.86~RC1-1) experimental; urgency=medium + + * New upstream release. + + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, + refresh patches. + + Update EDITME*, enable AUTH_TLS for -heavy. + + Sync Debian config with upstream default config, rfc1413 calls are now + disabled by default. + + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 + + The spamd_address main option now supports an optional timeout value per + server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 + + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 + + log reason for defer, on a hostlist dns-lookup temporary error. + Closes: #670035 + + -- Andreas Metzler Sat, 06 Jun 2015 15:41:33 +0200 + +exim4 (4.85-3) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Tue, 28 Apr 2015 19:34:16 +0200 + +exim4 (4.85-2) experimental; urgency=medium + + * Merge from unstable 4.84-8. + + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and + (<< ${source:Version}.1), at least source version, but not the next + sourceful upload. Closes: #777246 + + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from + upstream GIT which fixes breakage of string-expansion in headers_remove + commands. (Thanks Gordon Dickens, for the pointer.) - + 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added + here since it already part of 4.85. + + -- Andreas Metzler Sat, 21 Feb 2015 15:38:47 +0100 + +exim4 (4.85-1) experimental; urgency=medium + + * exim4-config_files.5: Escape dots in regex. (Thanks, ael) + * New upstream version. + + -- Andreas Metzler Tue, 13 Jan 2015 18:48:45 +0100 + +exim4 (4.85~RC4-1) experimental; urgency=medium + + * update-exim4.conf: + + Drop unused variable UPEX4C_internal_tmp. + + Use tempfile(1) if the generated file will not be written to + /var/lib/exim4/. + + Add --check option. + * init-script: On restart use update-exim4.conf --check before stopping the + daemon. (This is a no-op with systemd since its sysv compat layer + translates "foo restart" into "foo stop" "foo start" instead of using the + init scripts restart target.) + * Handle _RC in watchfile with uversionmangle. + * New upstream version. + + Stop repacking source, rfcs have been dropped. + + -- Andreas Metzler Wed, 31 Dec 2014 14:24:35 +0100 + +exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium + + * New upstream version. + + -- Andreas Metzler Thu, 18 Dec 2014 19:07:59 +0100 + +exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium + + * New upstream version. + * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff + 70_remove_exim-users_references.dpatch. + + -- Andreas Metzler Mon, 01 Dec 2014 18:54:17 +0100 + +exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium + + * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop + neither expects a mbox-style From nor an empty line add the end. (Thanks, + Edward Betts) Closes: #769396 + * Change the init script's restart order from { regenerate_config; stop; + start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) + Closes: #768874 + * New upstream version. + + Unfuzz 66_enlarge-dh-parameters-size.dpatch + + Drop 80_mime_empty_charset.diff. + * Remove rfc from upstream source and repack it. + + -- Andreas Metzler Tue, 18 Nov 2014 19:28:20 +0100 + +exim4 (4.84-8) unstable; urgency=medium + + * Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and + 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from + upstream GIT which fix breakage of string-expansion in headers_remove + commands. (Thanks Gordon Dickens, for the pointer.) + + -- Andreas Metzler Tue, 17 Feb 2015 18:00:42 +0100 + +exim4 (4.84-7) unstable; urgency=medium + + * Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and + (<< ${source:Version}.1), at least source version, but not the next + sourceful upload. Closes: #777246 + + -- Andreas Metzler Sat, 07 Feb 2015 15:12:33 +0100 + +exim4 (4.84-6) unstable; urgency=medium + + * Revert init script's restart order change in 4.84-4 for the time being. + This needs a slightly more involved change than I want to push into jessie + right now. + + -- Andreas Metzler Sun, 21 Dec 2014 14:07:12 +0100 + +exim4 (4.84-5) unstable; urgency=medium + + * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans + testsuite), extends the fix in 4.84-2. + + -- Andreas Metzler Wed, 17 Dec 2014 19:03:39 +0100 + +exim4 (4.84-4) unstable; urgency=medium + + * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop + neither expects a mbox-style From nor an empty line add the end. (Thanks, + Edward Betts) Closes: #769396 + * Change the init script's restart order from { regenerate_config; stop; + start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) + Closes: #768874 + * 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer overrun + with control characters in argument of spam= acl condition. + + + -- Andreas Metzler Sun, 30 Nov 2014 08:24:04 +0100 + +exim4 (4.84-3) unstable; urgency=medium + + * Apply patch to Italian (it) debconf template translation, thanks to + s3v . Closes: #764925 + * Let virtual package cron-daemon fulfill exim4-base's dependency now that + bcron provides it instead of "cron" and systemd-cron is fixed. + Closes: #765720 + + -- Andreas Metzler Sun, 19 Oct 2014 13:35:56 +0200 + +exim4 (4.84-2) unstable; urgency=high + + * Add 80_mime_empty_charset.diff from upstream GIT (the parts that change + the code, not the testsuite) to handle empty content-type charset. + + -- Andreas Metzler Fri, 29 Aug 2014 19:41:38 +0200 + +exim4 (4.84-1) unstable; urgency=medium + + * New upstream release. + + -- Andreas Metzler Thu, 14 Aug 2014 19:33:01 +0200 + +exim4 (4.84~RC2-1) unstable; urgency=medium + + * New upstream release candidate. + + -- Andreas Metzler Sat, 09 Aug 2014 07:42:00 +0200 + +exim4 (4.84~RC1-3) unstable; urgency=medium + + * Third try. Simply comment *custom* in debian/control. + + -- Andreas Metzler Sat, 02 Aug 2014 09:29:13 +0200 + +exim4 (4.84~RC1-2) unstable; urgency=medium + + * Re-upload, after manually removing *custom* from the changes file to avoid + false detection of NEW packages due to the changes in the archive + infrastructure related source-only uploads. + + -- Andreas Metzler Sat, 02 Aug 2014 08:14:54 +0200 + +exim4 (4.84~RC1-1) unstable; urgency=medium + + * New upstream release candidate, fixing a regression in the MIME handling + code. + + -- Andreas Metzler Sat, 02 Aug 2014 07:45:26 +0200 + +exim4 (4.83-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Sat, 26 Jul 2014 09:25:15 +0200 + +exim4 (4.83-1) experimental; urgency=medium + + * New upstream release which includes the fix for CVE-2014-2972. + + -- Andreas Metzler Wed, 23 Jul 2014 08:13:22 +0200 + +exim4 (4.83~RC3-1) experimental; urgency=medium + + * New upstream release candidate. + + -- Andreas Metzler Tue, 08 Jul 2014 19:07:52 +0200 + +exim4 (4.83~RC2-1) experimental; urgency=medium + + * New upstream release candidate. + + JH/26 Port service names are now accepted for tls_on_connect_ports, to + align with daemon_smtp_ports. Bug 72. Closes: #316441 + + + -- Andreas Metzler Fri, 06 Jun 2014 19:11:24 +0200 + +exim4 (4.83~RC1-1) experimental; urgency=medium + + * New upstream feature release candidate. + + JH/06 Log outbound-TLS and port details, subject to log selectors, for a + failed delivery. Closes: #712987 + * Unfuzz 31_eximmanpage.dpatch and 50_localscan_dlopen.dpatch. + * Drop superfluous patches: 75_unbind-ldap-connection.diff + 76_fix_ldap_option_setting.diff 77_close-the-server-side-of-TLS.diff + 80_fix_ftbfs_hurd.diff + * Since exim4-base currently only includes daily cronjobs let anacron + fulfill the dependency, too. Systems with missing recommends (anacron + recommends cron) that are *not* restarted regularily will therefore not + run the cron-job regularily. Exim should not break horribly in this case + and we can assume the local system administrator knows what (s)he is doing + by disabling installation of recommends. (Policy: "[...] packages that + would be found together with this one in all but unusual installations") + Closes: #733929 + + -- Andreas Metzler Thu, 29 May 2014 13:09:04 +0200 + +exim4 (4.82.1-2) unstable; urgency=high + + * [87_double_expansion.diff] from upstream. Stop unwanted double expansion + of arguments to mathematical comparison operations. CVE-2014-2972 + + -- Andreas Metzler Sun, 20 Jul 2014 19:05:48 +0200 + +exim4 (4.82.1-1) unstable; urgency=high + + * New upstream security release, fixing CVE-2014-2957. This is a remote + code execution flaw in Exim version 4.82 (only) when built with DMARC + support. Debian's binary packages are not built with DMARC support and + therefore not vulnerable. However we want to fix this for people building + their own binaries based on Debian's packaging. + + -- Andreas Metzler Wed, 28 May 2014 19:01:43 +0200 + +exim4 (4.82-8) unstable; urgency=medium + + * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against + GnuTLS v3. + + -- Andreas Metzler Sat, 12 Apr 2014 16:19:05 +0200 + +exim4 (4.82-7) unstable; urgency=high + + [ Martin Pitt ] + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. Closes: #740092 + + [ Andreas Metzler ] + * 4.82 deprecated $tls_bits, $tls_certificate_verified, $tls_cipher, + $tls_peerdn, $tls_sni and introduced tls_in_*/tls_out_* variants of these + variables which describe the respective status of the current incoming or + outgoing TLS connection. The rationale for this is that a single exim + process can now use both an incoming (message reception) and outgoing + TLS connection (callout or cutthrough delivery) concurrently. With this + change the "old" variables were mapped to tls_in_*, i.e. they expand to + empty values on outgoing connections. (This is not yet documented.) + Outgoing tls-connections can therefore not be detected by nonempty + $tls_cipher anymore. exim4-config << 4.82 used this mechanism to prevent + sending of plaintext AUTH information on unencrypted connections. Force a + lockstep upgrade of exim4-config by bumping the version of exim4-base's + dependency on exim4-config to >= 4.82. + Closes: #742901, #736081 + + -- Andreas Metzler Sun, 06 Apr 2014 08:32:11 +0200 + +exim4 (4.82-6) experimental; urgency=medium + + [ Martin Pitt ] + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. Closes: #740092 + + [ Andreas Metzler ] + * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against + GnuTLS v3. + + -- Andreas Metzler Sat, 05 Apr 2014 14:18:11 +0200 + +exim4 (4.82-5) unstable; urgency=medium + + * Upgrade to libdb5.3-dev. Closes: #738637 Be paranoid and bump BDBVERSION + in exim4-base.postinst from 3.0 (no idea why this did not read 5.1) to + 5.3, therefore purging hints db on upgrades. + + -- Andreas Metzler Wed, 12 Feb 2014 19:31:55 +0100 + +exim4 (4.82-4) unstable; urgency=medium + + * Correct title/name of exim4-config_files(5). (Thanks, Heiko Schlittermann) + Closes: #734212 + * 80_fix_ftbfs_hurd.diff by Samuel Thibault fixes FTBFS on GNU/hurd due to + missing support for TCLASS. Closes: #738445 + * Add debian/upstream-signing-key.pgp (listed in + debian/source/include-binaries) and update watchfile to check + upstream signature. + + -- Andreas Metzler Sun, 09 Feb 2014 19:41:34 +0100 + +exim4 (4.82-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Wed, 27 Nov 2013 19:51:26 +0100 + +exim4 (4.82-2) experimental; urgency=low + + * Pull two post-release fixes from upstream git master: + + 75_unbind-ldap-connection.diff - Only unbind ldap connection if bind + succeeded. + + 77_close-the-server-side-of-TLS.diff - Correctly close the server side + of TLS when forking for delivery. + * Pull 76_fix_ldap_option_setting.diff from Todd Lyons testing tree. See + . + + -- Andreas Metzler Sat, 09 Nov 2013 17:24:59 +0100 + +exim4 (4.82-1) experimental; urgency=low + + * New upstream stable release. + * Drop exim4-config_files.5 symlinks for local_host_whitelist and + local_sender_whitelist, add symlinks for host_local_deny_exceptions and + sender_local_deny_exceptions instead. Closes: #661365 + + -- Andreas Metzler Sat, 09 Nov 2013 11:52:58 +0100 + +exim4 (4.82~rc5-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Sat, 26 Oct 2013 08:50:58 +0200 + +exim4 (4.82~rc3-1) experimental; urgency=low + + * New upstream version. + + TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard + Hall. + + TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors + looking up a hostname or reverse DNS when processing a host list. Used + suggestions from multiple comments on this bug. + + TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. + * Add macros for sending a client certificate on outgoing TLS connections. + (REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY, + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY) + Closes: #677826 + + -- Andreas Metzler Sat, 12 Oct 2013 09:30:28 +0200 + +exim4 (4.82~rc2-1) experimental; urgency=low + + * exim-gencert: Generate 2048bit key by default. LP: #1200581 + * New upstream version. + + Drop 80_addmanuallybuiltdocs.diff + + -- Andreas Metzler Thu, 03 Oct 2013 19:24:59 +0200 + +exim4 (4.82~rc1-1) experimental; urgency=low + + * New upstream version. + + TL/02 Add +smtp_confirmation as a default logging option. + Closes: #649600 + + JH/05 Permit multiple router/transport headers_add/remove lines. + Closes: #276126 + + See /usr/share/doc/exim4-base/NewStuff.gz for other newly added + features. + * Upload to experimental. + * Drop unnecessary patches (30_dontoverridecflags.dpatch + 75_openssl_sni.diff 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff + 78_pkcs11_init.diff 84_CVE-2012-5671.patch 85_server_set_id_SPA.diff + 86_Dovecot-robustness.diff 87_localinjected_mimeacl.diff), unfuzz patches. + * Applying upstream's default configuration updates to Debian configuration + change 30_exim4-config_examples to use tls_in_cipher/tls_out_cipher - instead of tls_out_cipher. - exim4-config therefore Breaks ++ instead of tls_out_cipher. - exim4-config therefore Breaks + exim daemon << 4.82~rc1. + * 80_addmanuallybuiltdocs.diff: Upstream rc tarball ships empty filter.txt + and spec.txt, replace these with correct handbuilt versions. + + -- Andreas Metzler Sun, 29 Sep 2013 14:43:25 +0200 + +exim4 (4.80-9) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Sat, 14 Sep 2013 08:05:18 +0200 + +exim4 (4.80-8) experimental; urgency=low + + * Import updated watchfile by Bart Martens. (Handles more compression types + and x.y.revision versioning.) + * In initscript invoke pidofproc with a pathname argument as it is + documented in LSB and required by lsb-base (>= 4.1+Debian9). + Closes: #693696, #718871 + * Improve exim4-config_files.5 and README.Debian - Warn about unresolvable + items in host lists. Closes: #627988 + * Drop support for "/etc/init.d/exim4 what". It offers zero benefit to + invoking exiwhat directly and throws an error mesage, too. (Thanks Regid + Ichira for the diagnosis.) Closes: #643720 + * Set "host_find_failed = ignore" (instead of defer) on smarthost and + hub_user_smarthost router. Now if one (of the possibly multiple) listed + smarthosts is not resolvable (NXDOMAIN) ignores it and and tries the next + listed one. If all listed hosts are unresolvable the mail is still + defered, since host_all_ignored is set to defer by default. Therefore the + behavior does not change for single-smarthost systems. Closes: #658878 + * Remove obsolete conffile /etc/cron.monthly/exim4-base which was only + shipped in 4.69-3. Closes: #689334 + * Update exim_db.8, syncing against spec.txt from exim 4.80. + * 87_localinjected_mimeacl.diff from upstream GIT. When injecting a message + locally in non-SMTP mode, and with MIME ACLs configured, if the ACL + rejected the message, Exim would try to `fprintf(NULL, "%s", + the_message)`. This fixes that. + * [lintian] Escape some dashes in exim4-config_files.5. + * Point vcs-* to anonscm. + * Remove pidfile after stopping the daemon, exim does not remove it itself. + Closes: #702988 + * eu.po: Fix last reference to /usr/share/doc/exim4-base/README.Debian + (without either .html or .gz suffix). Closes: #394975 + * Merge autopkgtests from Ubuntu (Thanks Yolanda Robla for the pointer) + Closes: #710018 + + tests/CVE-2010-4344.py is GPLv2 - Add license header. + + tests/daemon and tests/security do not use bashisms, change shebang + to /bin/sh. + * Upload to experimental, due to perl transition. + + -- Andreas Metzler Sun, 01 Sep 2013 15:58:49 +0200 + +exim4 (4.80-7) unstable; urgency=low + + * Use exim's ${quote:xxx} operator when invoking spfquery to disallow + bypassing of SPF validation by using special mailbox names. (Thanks to + Lekensteyn for diagnosis and testing.) Closes: #697057 + + -- Andreas Metzler Wed, 02 Jan 2013 19:37:21 +0100 + +exim4 (4.80-6) unstable; urgency=low + + * Cherrypick two changes from GIT: + + 85_server_set_id_SPA.diff: server_set_id was not stored in + $authenticated_id when using SPA authentication. + http://article.gmane.org/gmane.mail.exim.user/92181 + + 86_Dovecot-robustness.diff: robustness fixes for the Dovecot + authenticator. + + -- Andreas Metzler Wed, 21 Nov 2012 19:08:53 +0100 + +exim4 (4.80-5.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling. + + -- Nico Golde Thu, 25 Oct 2012 20:11:11 +0200 + +exim4 (4.80-5) unstable; urgency=low + + * Fix grammar error in debian/manpages/exim4-config_files.5. (Thanks, + Regid Ichira) + * Fix hardening support. (Thanks, Simon Ruderich) + + Append $(CPPFLAGS) to CFLAGS, the exim buildsystem does not use it. + + Set LFLAGS += $(LDFLAGS) in debian/rules. + Closes: #687645 + * Correct typo in Russian debconf translation. (Thanks, Krasu) + Closes: #683385 + * Point Vcs-* to git repository. + + -- Andreas Metzler Sun, 23 Sep 2012 12:20:16 +0200 + +exim4 (4.80-4) unstable; urgency=low + + * Disable autoloading of PKCS#11 modules. Closes: #678238 + + -- Andreas Metzler Sat, 23 Jun 2012 18:35:03 +0200 + +exim4 (4.80-3) unstable; urgency=low + + * Pull 75_openssl_sni.diff from upstream. - Segfault caused by NULL + dereference if Exim is built using OpenSSL, tls_sni is used and a + forced expansion failure is configured. + * Pull 76_tls_dh_min_bits.diff (and the corresponding doc change + 77_docsfortls_dh_min_bits.diff) from upstream. Adds a new SMTP transport + option tls_dh_min_bits for setting the minimal size of DH parameters. + * Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport + option. Closes: #676563 + * [lintian] Stop shipping empty directory /usr/share/exim4 in exim4-base. + + -- Andreas Metzler Fri, 08 Jun 2012 12:37:05 +0200 + +exim4 (4.80-2) unstable; urgency=low + + * [Brown paper bag] actually target unstable in changelog. + + -- Andreas Metzler Sun, 03 Jun 2012 17:24:05 +0200 + +exim4 (4.80-1) experimental; urgency=low + + * New upstream version, identical to rc7. + * Add a missing piece of documentation to update-exim4.conf.8. DCreadhost + is not only used for rewriting, in satellite setup it is also + the host where local mail is delivered to. (Thanks, Regid Ichira). + Closes: #675712 + + -- Andreas Metzler Sun, 03 Jun 2012 16:49:51 +0200 + +exim4 (4.80~rc7-1) experimental; urgency=low + + * New upstream version. + * Let debian/EDITME.openssl.exim4-light.diff apply again. + + -- Andreas Metzler Tue, 29 May 2012 19:33:07 +0200 + +exim4 (4.80~rc6-1) experimental; urgency=low + + * Ship newly available GnuTLS-FAQ.txt in exim4-base. + * Upstream's handling of GnuTLS DH parameters has changed, hardcoded + parameters (from RFCs are used by default. See + /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping + /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl + and /var/spool/exim4/gnutls-params-2236. + + -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 + +exim4 (4.80~rc5-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 24 May 2012 20:20:24 +0200 + +exim4 (4.80~rc4-1) experimental; urgency=low + + * New upstream version. + + Unfuzz 50_localscan_dlopen.dpatch + + Drop 80_revert_stringformatprintf.diff, superseded upstream. + + Default DH param size switched to 2236 for NSS compat. Update + generation script and shipped parameters. + + -- Andreas Metzler Mon, 21 May 2012 20:00:18 +0200 + +exim4 (4.80~rc2-1) experimental; urgency=low + + * Fix typo in retry/30_exim4-config (s/frequenzy/frequency/) (Thanks, Regid + Ichira). Closes: #646338 + * dpkg-buildflags supersedes hardening-wrapper. set + DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie to use features enabled + by hardening-wrapper by default. Make sure to always set -Wall. + * List mapppings between debconf choices ("mail sent by smarthost; no local + mail" et al.) and corresponding values of the DC_eximconfig_configtype + macro in update-exim4.conf(8). Closes: #651883 + * README.Debian.*: Correct documentation of the lowuid_aliases router. - The + macro is named FIRST_USER_ACCOUNT_UID instead of FIRST_USER_UID. (Thanks, + Yubao Liu) Closes: #653058 + * add more verbose help to /etc/default/exim4. Closes: #653272 + * Updated French debconf templates translation. (thanks for proofreading, + debian-l10n-french!) Closes: #668475 + * Fix typo usualy in update-exim4.conf.8. + * Add source lintian override (debian/source/lintian-overrides) for + binaries-have-file-conflict exim4-daemon-heavy-dbg exim4-daemon-light-dbg. + *-daemon-dbg depends on the respective -daemon, and the daemon-packages + conflict with each other. + * New upstream version: + + Unfuzz patches + + Update 66_enlarge-dh-parameters-size.dpatch. This is now a noop if built + against gnutls >= 2.12. + + Default DH param size is 2432, update generation script and shipped + parameters. + + Unfuzz/update */EDITME/*. Update debian/example.conf.md5. + + 80_revert_stringformatprintf.diff. Do not mark string_format() as + PRINTF_FUNCTION(3,4) to allow compilation with -Wformat + -Werror=format-security + + Sets accept_8bitmime = true by default. Closes: #445013 + + Uses GnuTLS priority string for configuration. (See NEWS.Debian) + Closes: #624041 + + -- Andreas Metzler Sun, 20 May 2012 15:57:15 +0200 + +exim4 (4.77-1) unstable; urgency=low + + * Fix typo in exim4-config_files.5. (Thanks, Regid Ichira) Closes: #645283 + * New upstream stable release. (No major changes compared to rc4) + * Upload to unstable. + + -- Andreas Metzler Sat, 22 Oct 2011 18:00:11 +0200 + +exim4 (4.77~rc4-1) experimental; urgency=low + + * New upstream release candidate. + + drop patches included in this release. + (80_gnutls_certificate_verify_peers2.diff 80_gnutls_initrc.diff + 80_TLS1.2-and-TLS1.1-support.diff) + + New expansion conditions, "inlist", "inlisti". + + Exim no longer performs string expansion on the second string of + the match_* expansion conditions: "match_address", "match_domain", + "match_ip" & "match_local_part". Named lists can still be used. The + previous behavior made it too easy to create (remotely) vulnerable + configurations. A more detailed rationale and explanation can be found - on ++ on + https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html + + doc/pcrepattern.txt is not shipped anymore as part of the exim tarball + (and therefore the Debian package suite.) + * Make use of /usr/share/dpkg/buildflags.mk if available. + * Change build system to build each binary variant in a separate copy of + the source tree instead of re-using the copy and moving away the results + after build. The old approach stopped working since upstream added a + dependency on make all to make install. - As we were changing parts of + tree (Local/Makefile) after the build this caused an (incorrect) rebuild + on make install. + + -- Andreas Metzler Sat, 08 Oct 2011 13:07:35 +0200 + +exim4 (4.76-4) experimental; urgency=low + + * 80_TLS1.2-and-TLS1.1-support.diff (pulled from upstream GIT gnutls_fixes + branch): Enable TLS1.2 and TLS1.1 + * 80_gnutls_certificate_verify_peers2.diff, 80_gnutls_initrc.diff (pulled + from upstream GIT gnutls_fixes branch): Use + gnutls_certificate_verify_peers2() instead of + gnutls_certificate_verify_peers(). The deprecated function was dropped in + GnuTLS 3.x. Closes: #624082 + + -- Andreas Metzler Sat, 24 Sep 2011 18:36:08 +0200 + +exim4 (4.76-3) unstable; urgency=low + + * [exim4-base.cron.daily] Correct invocation of mail(1), options need to be + specified before arguments for compatibility with heirloom-mailx (Thanks, + Andreas Schiweck). Closes: #629314 + * [exim4-base.exim4.init] Use echo instead of log_failure_msg for the panic + log warning. Closes: #629610 + * [exim4-base.postinst] Also take care of ratelimit db on bdbd upgrades. + Closes: #630985 + * Update Debian exim webpage URL. Closes: #641126 + * Do not run upgrade test for 4.67-5 on exim4.conf.template if split config + is used and vice versa. Closes: #577633 + * [lintian] Do not specify priority in binary package stanzas, unless it + deviates from the source package priority setting. + * [lintian] Drop unused lintian override binary-without-manpage + usr/sbin/exim. + * [lintian] Improve on short descriptions of *-dbg packages. + + -- Andreas Metzler Sun, 18 Sep 2011 11:49:13 +0200 + +exim4 (4.76-2) unstable; urgency=low + + * debian/rules: Remove test/ and test-stamp on clean. + * Handle BerkeleyDB upgrades more gracefully. Instead of checking Debian + version numbers compare DB-version of old exim (stored by postinst in + /var/lib/exim4/berkeleydbvers.txt) with currently used DB-version + (hardcoded at build time in exim4-base.postinst). + * [exim4-base.postinst exim4-config.postinst] Do away with unnecessary + chowns by dropping them or limiting to upgrades from 4.30. + + -- Andreas Metzler Sun, 29 May 2011 18:21:03 +0200 + +exim4 (4.76-1) unstable; urgency=low + + * New upstream version. + * Drop 80_match_isinlist.diff (included upstream). + + -- Andreas Metzler Mon, 09 May 2011 19:12:09 +0200 + +exim4 (4.76~RC1-3) experimental; urgency=low + + * 80_match_isinlist.diff pulled from upstream git. + + -- Andreas Metzler Sun, 08 May 2011 14:44:20 +0200 + +exim4 (4.76~RC1-2) experimental; urgency=low + + * Fix testsuite error. + * Disable verification of DKIM signatures if DC_minimaldns or the (newly + added) DISABLE_DKIM_VERIFY macro are set. Closes: #609764 + * [lintian] Drop useless comments from debian/watch. + + -- Andreas Metzler Sun, 08 May 2011 08:58:24 +0200 + +exim4 (4.76~RC1-1) experimental; urgency=low + + * New upstream version. + * Drop superfluous patches. 80_ldap_require_cert-work.diff + 81_negatebool.diff 82_dkimpercent.diff + * [Lintian] Fix grammar error in manpage (spelling-error-in-manpage + update-exim4defaults.8.gz allows to allows one to). + * [debian/minimaltest]: Added. Try to run a minimal functionality test after + building exim. (Currently only supported if the build-system has a + Debian-exim user.) + + -- Andreas Metzler Fri, 06 May 2011 20:27:56 +0200 + +exim4 (4.75-3) unstable; urgency=high + + * [debian/rules] Fix dependencies and targets, speeding up package build. + Previously everything was compiled twice. + * Patches pulled from upstream git: + +81_negatebool.diff Negating the $bool expansion condition did not work. + +82_dkimpercent.diff dkim sig logged to paniclog. Closes: #624670 + (CVE-2011-1764) + + -- Andreas Metzler Fri, 06 May 2011 20:08:51 +0200 + +exim4 (4.75-2) unstable; urgency=low + + * clamav socket on Debian is clamd:/var/run/clamav/clamd.ctl, fix + configuration example accordingly. (Thanks, Roman V. Nikolaev) + Closes: #622111 + * Use on libdb5.1-dev (instead of 4.8), zap hints db on upgrade from <= + 4.75-1. Closes: #621388 + * Enable hardening options. (Last difference to Ubuntu except for not being + the default-mta there.) Closes: #542726 + + -- Andreas Metzler Sat, 16 Apr 2011 14:45:36 +0200 + +exim4 (4.75-1) unstable; urgency=low + + * New upstream version. + * 80_ldap_require_cert-work.diff Pulled from upstream git. The new + ldap_require_cert option would segfault if used. + + -- Andreas Metzler Mon, 28 Mar 2011 19:24:55 +0200 + +exim4 (4.75~rc3-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 03 Mar 2011 19:10:06 +0100 + +exim4 (4.75~rc2-1) experimental; urgency=low + + * New upstream version. + + Fixes exiqgrep "Line mismatch" error on messages without size info. + Closes: #528625 + + Restore default SIGPIPE handler for child_open_uid. Closes: #573779 + * Enable verbose compilation. + + -- Andreas Metzler Sun, 27 Feb 2011 11:59:45 +0100 + +exim4 (4.74-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Thu, 24 Feb 2011 19:02:07 +0100 + +exim4 (4.74-1) experimental; urgency=low + + * 4.74 release, should build on hurd again. + * Fix some lintian --pedantic issues: copyright-refers-to-symlink-license + maintainer-script-without-set-e debian-control-has-unusual-field-spacing + + -- Andreas Metzler Sat, 29 Jan 2011 15:39:51 +0100 + +exim4 (4.74~rc2-1) experimental; urgency=low + + * In spf example use spf-tools-perl's spfquery instead of the one from + libmail-spf-query-perl. Do not try to use unimplemented best-guess + support. Update Suggests accordingly. Closes: #608336 + * Add headers in ACL by using the add_header modifier instead of "message". + (This modifier has been available since 4.61.) Closes: #609308 + * New upstream version. + + includes the fix for CVE-2011-0017 + + If a non-debug daemon was invoked with a non-whitelisted macro, then + logs from after attempting delivery would be silently lost, including + for successful delivery. This log-loss bug was introduced in 4.73 + as part of the security lockdown. Closes: #610611 + + Update some patches. + + -- Andreas Metzler Sun, 23 Jan 2011 14:02:36 +0100 + +exim4 (4.73~rc1-1) experimental; urgency=low + + * New upstream release candidate. + * Drop included patches. 80_4.73rc1_*, 40_dkimnotinpaniclog.diff. + * Update 31_eximmanpage.dpatch. + * exim4 now uses INSTREAM (added in clamav 0.95) instead of STREAM when + talking to clamav. exim4-daemon-heavy therefore Breaks: clamav-daemon + (<< 0.95). + * Unfuzz EDITME*diff. + * Dependency changes: + + Drop exim4-config's conflicts with bash (<< 2.05). This was relevant + pre-sarge. + + Drop exim4-daemon-* dependency on exim4-base (>> 4.71-2). This one is - superfluous because of of the dependency on ++ superfluous because of of the dependency on + exim4-base (>= ${Upstream-Version}). + + exim4-config breaks instead of conflicts with pre-DKIM (i.e. << 4.69.1) + exim4-daemon. + + exim4-base breaks instead of conflicts with <<${Upstream-Version} daemon + packages. + * Add Vcs-Svn and Vcs-Browser fields to debian/control. - * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of ++ * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of + libmysqlclient15-dev. libmysqlclient-dev is not a virtual package + anymore. Closes: #590218 + * Use db_settitle unconditionally, even etch supports this. Drop unneeded + lintian override exim4-config: settitle-requires-versioned-depends. + + -- Andreas Metzler Mon, 27 Dec 2010 19:48:19 +0100 + +exim4 (4.72-6) unstable; urgency=high + + * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges + were dropped. This fixes a regression from 4.72-2, it was not possible to + test filter files with exim4 -bf anymore. Closes: #611572 + + -- Andreas Metzler Mon, 31 Jan 2011 19:05:48 +0100 + +exim4 (4.72-5) unstable; urgency=medium + + * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug + daemon was invoked with a non-whitelisted macro, then logs from after + attempting delivery would be silently lost, including for successful + delivery. This log-loss bug was introduced as part of the security + lockdown for fixing CVE-2010-4345. Closes: #610611 + + -- Andreas Metzler Sat, 29 Jan 2011 14:33:36 +0100 + +exim4 (4.72-4) unstable; urgency=medium + + * In spf example use spf-tools-perl's spfquery instead of the one from + libmail-spf-query-perl. Do not try to use unimplemented best-guess + support. Update Suggests accordingly. Closes: #608336 + * 80_4.74_CVE-2011-0017.patch (Pulled from upstream git): Check return + values of setgid/setuid. This is a privilege escalation vulnerability + whereby the Exim run-time user can cause root to append content of the + attacker's choosing to arbitrary files. + + -- Andreas Metzler Sat, 22 Jan 2011 17:48:19 +0100 + +exim4 (4.72-3) unstable; urgency=low + + * [README.Debian*] Correct command for manual paniclog rotation. (Thanks, + Jörg Sommer) Closes: #602188 + * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts. + This would not work with ALT_CONFIG_PREFIX. + * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1. + Closes: #606527 + + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by + the Exim user or group. + + 2_permcheck_configurefile: Check configure file permissions even for + non-default files if still privileged. + + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option, + effectively making it always true. + + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the + daemon, to ensure that rogue child processes cannot use them. + + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option. + + 6_nonroot_system_filter_user: If the system filter needs to be run as + root, let that be explicitly configured. The default is now the Exim + run-time user. + + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values + for the -D option. + + 8_updatedocumentation: Update documentation to reflect the changes. + * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim + will not regain root privileges (usually necessary for local delivery) if + the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are + exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING. + * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch + 3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges + (usually necessary for local delivery) if the -C option was used. This + makes it impossible to start a fully functional damon with an alternate + configuration file. /etc/exim4/trusted_configs (can) contain a list of + filenames (one per line, full path given) to which this restriction does + not apply. + + -- Andreas Metzler Sun, 26 Dec 2010 15:13:08 +0100 + +exim4 (4.72-2) unstable; urgency=low + + [ Marc Haber ] + * Apply patch to russian (ru) debconf template, thanks to Тим + Алексеевский and Tim Alexeevsky. Closes: #576202 + * fix exim4-config_files man page, mention + {host|sender}_local_deny_exceptions instead of + local_{host|sender}_whitelist. Thanks to Fabien André in #578176 + * add !acl = acl_local_deny_exceptions to defer stanzas in SPF code. + Thanks to Fabien André. Closes: #578176 + * Re-work config.autogenerated header to more exactly reflect + configuration source. (mh) Closes: #593984 - ++ + [ Andreas Metzler ] + * Fix getopt invocation to make update-exim4.conf.template -o work. (Thank + you Matthew W. S. Bell) Closes: #590333 + * 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging + non-critical DKIM errors in paniclog. Closes: #567876 + * Debconf translations: + - Danish. Closes: #592792 + + -- Andreas Metzler Sat, 30 Oct 2010 13:38:26 +0200 + +exim4 (4.72-1) unstable; urgency=low + - * New upstream release. (Identical to the git snapshot previously ++ * New upstream release. (Identical to the git snapshot previously + uploaded to experimental.) + + -- Andreas Metzler Thu, 03 Jun 2010 17:42:52 +0200 + +exim4 (4.72~20100529-1) experimental; urgency=low + + * Git snapshot 20100529. + + Fix documentation for exipick -bpra. #574778 + + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp. + (Debian's default configuration does not use MBX format, but the + exim4-daemon-heavy binary supports MBX.) + + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory. + (Probably not relevant for Debian systems at all, since the mail spool + is 2775 root:mail.) + + Dovecot authenticator ignores unknown keywords, making it compatible + with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0). + See Changelog for complete list. + * Drop patches included upstream: 36_typoinexipick.diff + 20_PDKIM-Upgrade-PolarSSL.diff. + + -- Andreas Metzler Sun, 30 May 2010 14:01:52 +0200 + +exim4 (4.71-4) unstable; urgency=low + + * Drop unneeded lintian overrides. + + description-contains-homepage + + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg. + + partially-translated-question + + maintainer-script-needs-depends-on-update-inetd + + possible-bashism-in-maintainer-script + + binary-without-manpage + + possible-debconf-note-abuse + + changelog-not-compressed-with-max-compression + * Lintian informational hints: + + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5 + debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8 + * Use dh_lintian. + * Fix sourcing of lsb-functions in init-script. Test for existence of + /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions. + If they are not present the package's dependencies are not installed. + Bump dependency on lsb-base to 3.0-6. (log_action_*) + * Update reference to spec.txt in README.Debian. Closes: #568051 + * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different + implementations of spfquery in Debian, with incompatible commandline + switches and different exit codes. Closes: #573956 + + -- Andreas Metzler Thu, 25 Mar 2010 17:34:30 +0100 + +exim4 (4.71-3) unstable; urgency=low + + * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles. + Closes: #501892 + * exim4-base.postinst: If exim_dumpdb fails to read a hints-db also remove + Berkeley DB logfiles. + * Switch to Berkeley DB 4.8 (from 4.6). Zap hints db on upgrade. Temporarily + make -daemon packages depend on exim4-base >> 4.71-2. (This can be removed + after the next upstream release.) + Closes: #548479 + * control: Drop bzip2 from Build-Depends. Use line-wrapping for + Build-Depends. + * 36_typoinexipick.diff: Fix a typo in exipick manpage. (Lintian). + * exim4-base.postinst: Redirect status message to stderr. + + -- Andreas Metzler Fri, 01 Jan 2010 13:41:44 +0100 + +exim4 (4.71-2) unstable; urgency=low + + * Pulled from upstream: 20_PDKIM-Upgrade-PolarSSL.diff. Update files copied + from PolarSSL to 0.12.1. + * Add example file to set smarthost from /etc/network/interfaces (mh) + * Add DKIM_* macros on remote smtp transports for setting the corresponding + dkim_* options. + * Upload to unstable. + + -- Andreas Metzler Sat, 12 Dec 2009 13:24:21 +0100 + +exim4 (4.71-1) experimental; urgency=low + + * New upstream version. + + Drop patches included upstream. 51_dkimrelatedcrash.diff + 51_noreject_unsigned.diff. + + -- Andreas Metzler Sat, 28 Nov 2009 12:03:50 +0100 + +exim4 (4.70-2) experimental; urgency=low + + * 51_noreject_unsigned.diff Fix a dkim related expansion error that appears + when the expanded value of dkim_verify_signers winds up empty and + acl_smtp_dkim is defined. (This has the effect of rejecting any mail + without DKIM signature.) + * Work around 490937 by removing CHANGES. + + -- Andreas Metzler Sat, 21 Nov 2009 10:15:41 +0100 + +exim4 (4.70-1) experimental; urgency=low + + * Point watchfile to ftp.exim.org. + * Use dpkg-source v3 instead of dpatch, simplifying debian/rules a little + bit. + * New upstream version. + + Pull 51_dkimrelatedcrash.diff fixing a segfault only applying to the + 4.7x series. http://bugs.exim.org/show_bug.cgi?id=912 + * debhelper v7 mode. + + Use -XCHANGES to Keep dh_installchangelogs v7 from insisting to install + ./CHANGES as upstream changelog. + + Bump build-dependency. + + Use dh_prep instead of dh_clean -k. + + -- Andreas Metzler Sun, 15 Nov 2009 13:10:32 +0100 + +exim4 (4.70~rc4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Wed, 11 Nov 2009 19:04:35 +0100 + +exim4 (4.70~cvs+20091030-1) experimental; urgency=low + + * New upstream snapshot. + + -- Andreas Metzler Sat, 31 Oct 2009 10:08:55 +0100 + +exim4 (4.70~cvs+20091026-1) experimental; urgency=low + + * New snapshot. + + Fixes segfault in dovecot authenticator. Closes: #551106 + + Improved documentation regarding certifacte verification on outgoing + SMTP connections. Closes: #544472 + * Drop 40_boolean_redefine_protect.dpatch - included upstream. + * Drop unapplied superfluous patches from diff: 36_pcre 37_exiwhatpsmisc. + + -- Andreas Metzler Mon, 26 Oct 2009 16:09:32 +0100 + +exim4 (4.70~cvs+20091017-1) experimental; urgency=low + + * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert) + * New upstream cvs snapshot. + + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc. + + Close dovecot socket after wrong password was given. Closes: #515503 - + Standalone DKIM support. Obsoletes and therefore ++ + Standalone DKIM support. Obsoletes and therefore + Closes: #486437,#459883 + * Drop upstream URL from package descriptions. Closes: #471425 + * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable + has 1.16. Closes: #486436. + * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients + (e.g Outlook) will terminate the SSL connection when the server presents + the long list of accepted TLS certificates after STARTTLS. If TLS + certificate validation of clients is needed you'll need to set + MAIN_TLS_TRY_VERIFY_HOSTS again and point MAIN_TLS_VERIFY_CERTIFICATES to + a file containing only the accepted certificates. + Closes: #515999, #316522, #482012 + * Add debian/README.source. (Policy 3.8.3) + * Fix typo in update-exim4.conf.8. + Thanks to Calum Mackay. Closes: #543354 + * Listen on IPv6 loopback interface by default. (Only applies to fresh + installations.) Closes: #544292 + * upstream default configure file explicitly disables dkim in some + instances. Merge into Debian config and update debian/example.conf.md5. + Bump Conflicts of exim4-config package. + + -- Andreas Metzler Sat, 17 Oct 2009 14:26:54 +0200 + +exim4 (4.69-11) unstable; urgency=medium + + * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy + package currently, and due its strict dependencies uninstallable until + the most recent version of lynx-cur has been built.) + * Work around sed's improved unicode support, not accepting latin1 + characters as pattern delimiters in UTF-8 locales anymore. Closes: #527445 + + [update-exim4.conf] Go for / as separator instead. - This might have + served a purpose in earlier releases with free-form replacements but is + just overcomplicated now. + + [update-exim4defaults]: The tricky bits for exim options are the + ones that take a filename as argument (e.g. -C and -oX) or -D for + overriding macros. Use LC_CTYPE=C. + + [exim4-config.config] The sed commands deals with (lists of) hostnames + and IP(v6) addresses and nets. Use LC_CTYPE=C. + + -- Andreas Metzler Sun, 10 May 2009 10:15:34 +0200 + +exim4 (4.69-10) unstable; urgency=low + + [ Andreas Metzler ] + * Use macro CONFDIR in lowuid_aliases router, too. Closes: #507124 + * Disable shell filename expansion in update-exim4.conf using set -f. + Closes: #515668 + * Stop using set -u in update-exim4.conf. With version 4.0 bash changed its + behavior to throw an error on expansion of $* or $@ with set -u if no + positional parameters were given. Working around this is obnoxious and + harms readability, imho doing away with set -u's benefits. Closes: #518752 + * Allow setting outgoing smtp helo/ehlo by setting + REMOTE_SMTP_HELO_DATA macro directly. Previously this was just supposed + to be used as a helper macro for REMOTE_SMTP_HELO_FROM_DNS. + REMOTE_SMTP_HELO_FROM_DNS overrides a manual REMOTE_SMTP_HELO_DATA data + setting. Closes: #514113 + * [README.Debian] Bring documentation for Diffie-Hellman parameters up to + current practice, mainly by deleting most of the outdated docs. + Closes: #508749 + * [exim4 init-script]. Modify check for smtp inetd entry to use an anchored + pattern, matching "smtp" but not "smtp-foo". Closes: #516146 + * exim4-daemon-light now Provides: default-mta. See #508644. - * Ship both transport-filter.pl and ratelimit.pl in ++ * Ship both transport-filter.pl and ratelimit.pl in + /usr/share/doc/exim4-base/examples. Closes: #518836 + * [lintian] Add ${misc:Depends} to all Depends. + * [lintian] Add override for dbg-package-missing-depends exim4-dbg. + * Sync debian/control with override file by moving *-dbg to section debug. + * Fix grammar error in update-exim4.conf.8. (Thank's, Gerfried Fuchs) + Closes: #525248 + + [ Christian Perrier ] + * Debconf translations: + - Asturian. Closes: #511624 + - Belarusian. Closes: #516049 + - Kazakh added. Closes: #520996 + - Slovak. Closes: #523447 + - Bengali added. + + -- Andreas Metzler Sat, 02 May 2009 09:05:56 +0200 + +exim4 (4.69-9) unstable; urgency=medium + + * [update-exim4.conf]: Use POSIX character classes [:alnum:] or explicit + listing ("ABCDEF..") instead of a-z, since the latter does not work as + expected in some locales. Closes: #500691 + + -- Andreas Metzler Tue, 30 Sep 2008 20:12:27 +0200 + +exim4 (4.69-8) unstable; urgency=low + + [ Andreas Metzler ] + * Quote last n lines (configurable by changing the value of + E4BCD_PANICLOG_LINES, defaults to 10) of paniclog in warning + email sent out on non-empty paniclog. Closes: #499492 + * Fix evaluation logic of E4BCD_WATCH_PANICLOG for sending out warning + e-mails about non-empty paniclog in daily cron-job to match documentation: + + yes: Send daily warning e-mails, do not touch panniclog. + + once: Send out the mail and rotate paniclog afterwards. + + no: Do nothing. (Logfile is rotated when its size reaches 10 MB.) + (Previously the interpretations of "once" and yes were mixed up.) + + [ Debconf translations ] + * Catalan. Closes: #499299 + + -- Andreas Metzler Sun, 28 Sep 2008 12:01:39 +0200 + +exim4 (4.69-7) unstable; urgency=low + + [ Andreas Metzler ] - * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in ++ * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in + README.Debian.xml. + + [ Debconf translations ] + * Korean. Closes: #491518 + * Lithuanian. Closes: #497402 + * Greek. Closes: #498466 + * Esperanto. Closes: #498796 + + -- Andreas Metzler Tue, 16 Sep 2008 19:14:08 +0200 + +exim4 (4.69-6) unstable; urgency=high + + [ Debconf translations ] + * Malayalam. Closes: #479466 + * Albanian. Closes: #480282 + * Polish. Closes: #481638 + * Vietnamese. Closes: #482641 + * Turkish. Closes: #482714 + * Brazilian Portuguese. Closes: #485384 + * Finnish. Closes: #489171 + + [ Marc Haber ] + * Have timeout.pl print a meaningful error message if perl-modules + is not installed. Have exim4-base recommend perl-modules. + Thanks to Tom Schouten. Closes: #482319 + * Create gnutls-params with mode 644 in the first place. + Thanks to Jean-Luc Coulon. Closes: #481765 + * Replace ~/.rnd with $HOME/.rnd in exim_gencerts. Thanks to + Ross Boylan for noticing this. + * exim4-config.config: send hostname --fqdn stderr to /dev/null, + we handle errors properly. Thanks to Andrew Vaughan in #481597. + + [ Andreas Metzler ] + * Fix typos/other errors in README.Debian.xml. Improve formatting. + (Thank's Georg Neis and Paul Menzel) Closes: #486105, #486106, #486116 + * Revert fancy quoting in initscript. Closes: #486667,#482752 + (fixes rc-bugs). + * [debian/control README.Debian.xml] Spelling fix ("metapackage" instead of + "meta-package"). Thank's lintian + + -- Andreas Metzler Sat, 19 Jul 2008 19:56:36 +0200 + +exim4 (4.69-5) unstable; urgency=low + + * remove chmod/chown code from exim4_refresh_gnutls-params completely + * do not remove gnutls-params in exim4-base.postinst + + -- Marc Haber Mon, 28 Apr 2008 21:46:18 +0200 + +exim4 (4.69-4) unstable; urgency=low + + * update-exim4.conf: Fix impossible code path in guessed_name check. Ouch. + Thanks to Anand Kumria. Closes: #478066 + * Regenerating the 2048 bits DH parameters takes too long for slow + systems, disable (both in the monthly cron job and postinst) and + document that paranoid people will want to regenerate them manually. + + -- Marc Haber Sun, 27 Apr 2008 10:06:39 +0200 + +exim4 (4.69-3) unstable; urgency=low + + * The "please do not file duplicate bugs" release + + [ Marc Haber ] + * Work around lsb-base regression (#477055, "wontfix") by changing + the way we quote exim's arguments in the init script, hoping that + this does not sacrifice robustness. + Closes: #477194, #477236, #477239, #477258, #477562, #476987 + * README.Debian.xml: Fix router/transport pair typo. + Thanks to Georg Neis. Closes: #463573 + * Have exim4-base Suggest swaks + * Relax exim4-dbg dependency on eximon4 to a recommends (see #463929). + * 30_exim4-config_check_rcp: Remove mention of /usr/share/doc/exim4- + config/default_acl in favor of exim4-config_files(5). + Thanks to Jon Dowland. Closes: #464539 + * Move paniclog log rotation to /etc/logrotate.d/exim4-paniclog to + allow people to manually rotate the paniclog only by calling + logrotate -f /etc/logrotate.d/exim4-paniclog. Thanks to Josip Rodin + (#396003) for this nice idea. Implement E4BCD_WATCH_PANICLOG=once + as suggested by Vasilis Vasaitis. + * activate dlfunc. Closes: #471314 + * set LC_ALL=C in debian/rules. Thanks to Michael Meskes. Closes: #471486 + * Document that Incredimail's TLS "implementation" breaks on a + certificate request. Thanks to Andrew McGlashan. Closes: #459323 + * Fix parenthesis mismatch in README.Debian + * exim4_refresh_gnutls-params: Call openssh dhparam with + HOME=$EXIM4_SPOOLDIR so that openssl's .rnd file is placed there. + * update-exim4.conf: print a warning if dc_minimaldns and hostname + --fqdn does not print a fully qualified name. Thanks to Lothar + Ketterer. Closes: #476249 + * DH parameters handling: Closes: #475194 + * add dpatch to have exim use 2048 bit DH parameters + * ship static gnutls-params file with the package. + * Override resulting lintian warning. + * generate new gnutls-params only monthly and in postinst on configure. + * exim4_refresh_gnutls-params: + * generate 2048 bit DH parameters + * dh-params file can be world readable + * Filter out noise from mainlog before handing it off to eximstats + in daily cron job. Thanks to Justin Pryzby. Closes: #476541 + * Move docs from Apps/Net to Network/Communication + * linda R.I.P. - ++ + [ Robert Millan ] + * Process acl_local_deny_exceptions ACL before rejecting a message in SPF + check. Thanks to Miklos Szeredi. Closes: #451633 + + [ Andreas Metzler ] - * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks, ++ * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks, + Filipus Klutiero) Closes: #471113 + * exiwhat: Check at runtime whether killall is available. Fall back to a + combination of 'ps ax' and regular kill otherwise. + Closes: #476455 + * Fix wrong logic in testing for existence of lsb-base functions in init + script. (Thanks, Tim Cross) Closes: #477578 + + -- Marc Haber Sat, 26 Apr 2008 00:00:30 +0200 + +exim4 (4.69-2) unstable; urgency=low + + [ Marc Haber ] + * update-exim4.conf: fix bashism echo -n in preprocess_macro. + Thanks to Michal Politowski. Closes: #462173 + + [ Christian Perrier ] + * Debconf translations updates: + - German. Thanks to Eric Schanze. Closes: #462673 + + [Andreas Metzler] + * Add missing .P to exim_db.8 to fix indenting. (Thanks, David L. Anselmi) + Closes: #462712 + * Add (disabled) patch to save random seed to a file + + -- Marc Haber Wed, 30 Jan 2008 09:26:56 +0100 + +exim4 (4.69-1) unstable; urgency=low + + [ Marc Haber ] + * New upstream version. + - improve --help handling. Closes: 438435 + * Debconf translations updates: + - Dutch. Thanks to Bart Cornelis. Closes: #448924 + - Norwegian Bokmål. Thanks to Hans Fredrik Nordhaug. Closes: #452383 + - Slovak. Thanks to Peter Mann. Closes: #460502 + - Catalan: fix some semicolon issues and most obvious fuzzy strings. + Thanks to Jordà Polo. Closes: #447765. + * Add support for smtp_accept_max_nonmail_hosts to ease external + relay testing. + * Make Change to init script dependencies as suggested by Petter + Reinholdtsen. Closes: #460229 + * debian/control: + * Add Homepage field to Source Package stanza. + * Standards-Version: 3.7.3 (no changes necessary) + * lintian/overrides: + - Override all description-contains-homepage messages, + we're going to keep this field around until post-lenny. + - Override exim4-daemon-heavy: package-contains-empty-directory + usr/lib/exim4/local_scan/, the directory should be there to show + people where to put local extensions (and I am not sure how exim + behaves if that directory is not there). + * linda/overrides: + - Override menu section Applications, which is a false alert. + - Override complaint about newer standards version. + - This override does not work due to #386647 + * exim4-base.NEWS: fix Debian's typo + * exim4-base.dirs: remove usr/bin, we do not ship any files there. + * Generate exim macros from every definition found in ue4cc that + starts with a capital letter (sans CFILEMODE) to cater for an + obviously very common user error. This feature is going to stay + undocumented. + + [ Christian Perrier ] + * Debconf translations updates: + - Dzongkha. Thanks to Tenzin Dendup. Closes: #455871 + - Slovak. Thanks to Peter Mann. Closes: #460502 + + [ Andreas Metzler ] + * Fix typo in acl/20_exim4-config_local_deny_exceptions. (Thanks, Roderick + Schertler) Closes: #456343 + + -- Marc Haber Tue, 22 Jan 2008 09:19:14 +0100 + +exim4 (4.68-2) unstable; urgency=low + + [ Marc Haber ] + * Fix changelog: lowuid router does not close #420217. Closes: #440217 + + [ Andreas Metzler ] + * Mention /etc/exim4/exim4.conf in FILES section of update-exim4.conf.8. + * Fix syntax error in real-local router. Closes: #446346 + * Configuring exim as configtype="internet host" asks a different set of + questions than e.g. satellite. However some of the settings controlled by + these hidden questions still have effects on exim's behavior. Change + exim4-config to ask these hidden questions if they have been set to a + non-default value. (Either manually, or by switching configtype after + setting the values.) Closes: #443210 + These questions have been added conditionally: + - internet site with smarthost: + + dc_relay_domains + - satellite + + dc_relay_domains + + dc_localdelivery + + -- Marc Haber Thu, 01 Nov 2007 19:17:36 +0100 + +exim4 (4.68-1) unstable; urgency=low + + * new upstream version. Closes: #444195 + * Documents tls_verify_hosts during TLS sessions. Closes: #422419 + * new example.conf md5 sum + * Move lowuid router to a later place, handle real- only for + locally generated messages. Thanks to Andreas Metzler and others + on pkg-exim4-devel. Closes: #440217 + * /etc/init.d/exim4: + * Use start_daemon and killproc from lsb-base + as a new plunge at #396944 + * Do not clean the environment as severly as before (functions + need to survive). + * README.Debian: + * Document that using client certificates needs extra + configuration. Thanks to John Goerzen. Closes: #440663 + * conf.d/main/03_exim4-config_tlsoptions: Make it clear that this + file only concerns exim as an SMTP server. + * exim4-config.preinst: Add EX4DEBUG facility, add rm_conffile + function + * Rename acl_whitelist_local_deny to acl_local_deny_exceptions + as suggested by Ross Boylan. Closes: #387078. + * Switch Build-Depends to db4.6. Closes: #442645 + * Debconf translations updates: + - Portuguese. Thanks to Miguel Figueiredo. Closes: #441895, #445494 + - Norwegian Nynorsk. Thanks to Håvard Korsvoll. + * exim4-config.NEWS: Explicitly mention that .dpkg-old and + .dpkg-dist files are included in the DEBCONFsomethingDEBCONF check to + allow lazy people to only grep the docs instead of actually reading + them. This was requested by Hamish Moffatt in #445327. + + -- Marc Haber Sun, 07 Oct 2007 21:38:22 +0200 + +exim4 (4.67-8) unstable; urgency=low + + [ Marc Haber ] + * Define REMOTE_SMTP_HELO_DATA and REMOTE_SMTP_HELO_FROM_DNS macros + to have exim pull its HELO name from DNS automatically. + Thanks to Jari Aalto and Magnus Holmgren. Closes: #275975 + * Enable DNSDB in exim4-daemon-light (needed by the HELO magic) + * update-exim4.conf: Allow [] in ascii strings (needed for @[]) + * Improve domain literal docs + * Remove debconf template noalias_regenerate + * Fix PRIMARY_HOSTNAME typo in main/02_exim4-config_options. + Thanks to Tim Krah. Closes: #434337 + * fix alphabet salad in README.Debian. Closes: #434640 + * Add E4BCD_DAILY_REPORT_TO to daily cron job. + Thanks to Florian Schlichting. Closes: #426840 + * Fix /etc/exim paths in exim4-config_files(5). + Thanks to Marques Johansson. + * Debconf translations updates: + - Japanese. Closes: #433070 + - Spanish. Thanks to Javier Fernández-Sanguino Peña. Closes: #433084 + - Thai. Thanks to Theppitak Karoonboonyanan. Closes: #433177 + - Arabic. Thanks to Ossama Khayat. Closes: #433222 + - Hebrew. Thanks to Baruch Even. Closes: #433291 + - Italian. Closes: #433200 + - Galician. Closes: #433218 + - Portuguese. Thanks to Miguel Figueiredo. Closes: #433293 + - Hungarian. Thanks to Josip Rodin. Closes: #433336 + - Punjabi. Thanks to Amanpreet Singh Alam. Closes: #433578 + - Marathi. Thanks to Priti Patil. + - Wolof. Thanks to M Mamoune Mbacke. Closes: #433701 + - Indonesian. Thanks to Arief S Fitrianto. Closes: #433758 + - Romanian. Thanks to Eddy Petrisor. Closes: #433854 + - Nepali. Thanks to shyam krishna bal. Closes: #435345 + - Swedish. Thanks to Daniel Nylander. Closes: #435705 + + [ Andreas Metzler ] + * Update eximon menu file for menu 2.1.35 hierarchy. + + [ Christian Perrier ] + * Fix typo in README.Debian.xml. Thanks to + Closes: #434961 + + -- Marc Haber Sun, 19 Aug 2007 09:25:10 +0200 + +exim4 (4.67-7) unstable; urgency=low + + * only generate HIDE_MAILNAME macro if its value is really non-empty + + -- Marc Haber Sat, 14 Jul 2007 08:47:40 +0200 + +exim4 (4.67-6) unstable; urgency=low + + * Add some more debugging output to maintainer scipts, hopefully + nailing #396944 which has surfaced again. + * Improve wording in NEWS.Debian for exim4-config. + Closes: #431019, #431130 + * Issue DEBCONFfooDEBCONF warning as well for + DEBCONFheaders_rewriteDEBCONF. + Thanks to John Goerzen. Closes: #431088 + * fix localhost inserted twice into local_domains. Closes: #432394 + * fix MAIN_RELAY_TO_DOMAINS in update-exim4.conf. + Thanks to Ben Wheeler. Closes: #432521 + * Document that special handling is needed for host lists that only + consist of a single IPv6 address. Thanks to Frederic Daniel Luc + Lehobey. Closes: #432229 + * Add forgotten (conditional) definition of REMOTE_SMTP_HEADERS_REWRITE + and REMOTE_SMTP_RETURN_PATH for remote_smtp transports. + Thanks to Miguel Martins Feitosa Filho. Closes: #432716 + * Debconf translations + * Bulgarian completed. Closes: #431957, #430521 + * Update Tamil. Thanks to Tirumurti Vasudevan. Closes: #432181 + * Update Spanish. + Thanks to Javier Fernández-Sanguino Peña. Closes: #429940 + + -- Marc Haber Fri, 13 Jul 2007 22:22:09 +0200 + +exim4 (4.67-5) unstable; urgency=low + + * the "verderben viele Koeche den Brei?" release - ++ + [ Andreas Metzler ] + * Point to exim4_passwd(5) instead of non-existing exim_passwd(5) in AUTH + section of configuration. (Thanks Arkadiusz Dykiel, #430149) + * update-exim4.conf check_ascii_pipe(): Accept < since we use it for list + construction. Closes: #430391 + * Anchor UPEX4CmacrosUPEX4C in update-exim4.conf + + [ Robert Millan ] + * Update informational message in SPF ACL to use the latest + http://www.openspf.org/Why API. + + [ Debconf translations ] + * French completed and converted to UTF-8 + * All remaining non UTF-8 translation switched to UTF-8 + + [ Marc Haber ] + * do not quote error message in lowuid router + * replace commented UPEX4CmacrosUPEX4C with UPEX4CmacrosUPEX4C exim + configuration macro definition as placeholder for ue4c-generated macros. + + [ Christian Perrier ] + * Correct the invalid ${fqdn} variable in exim4-config.templates + + -- Marc Haber Thu, 28 Jun 2007 09:22:04 +0200 + +exim4 (4.67-4) unstable; urgency=low + + * update-exim4.conf: + * fix embarrassing typo in update-exim4.conf that broke macro + expansion for two values. + Thanks to Andrew Chittenden. Closes: #429828 + * Allow ! and * in ue4cc. + Thanks to Dieter Hametner and Raf D'Halleweyn. Closes: #429986 + * have @ and localhost added to local_domains list. + Thanks to a big number of people. Closes: #429939 + * eliminate -e && chmod construct as a possible cause of #429617. + Thanks to Martin Ketzer and Silvestre Zabala + * Now barfs if DEBCONFsomethingDEBCONF is still found in the + configuration file. Thanks to a truckload of users who were too lazy + to read the docs, did not accept the suggested configuration file + changes and then complained about a non-working exim ("malformed macro + definition") + * README.Debian: Document the new low-UID handling mechanism. + Thanks to Johannes Rohr. Closes: #429878 + * debian/rules: do not ignore make clean errors + * Debconf translation updates: + - Basque. Closes: #429626 + - Czech. + - Brazilian Portuguese. Closes: #429867 + + -- Marc Haber Fri, 22 Jun 2007 13:55:15 +0200 + +exim4 (4.67-3) unstable; urgency=low + + [ Andreas Metzler ] + * Initialize permissions of bug-script and exim-adduser as 755, since diff + does not preserve permissions. Both were shipped as 644 in binary packages + not built with svn-buildpackage. Closes: #420446 + + [ Marc Haber ] + * Merge experimental changes from revision 2018:2073 + * Fix "Zahlendreher" in closure of #427690. Closes: #427690 + * update-exim4.conf: + * finally get rid of the DEBCONFfooDEBCONF stuff. That information + is now passed to the configuration by ue4c by directly setting exim + macros in the configuration. This has caused both the configuration + and ue4c to be much shorter. + * run with -e, -C and -u. + * convert input read from update-exim4.conf.conf to lower case + * barf if strange characters are found in ue4cc. Closes: #400294 + * Remove superfluous "x$foo" = "xbar" constructs from scripts + * Add routers to reject mail to accounts with low UID. + Closes: #400790. + * Make daily cron job barf if /usr/bin/mail is not found. Have + exim4-base recommend mailx. Closes: #427690 + * Have all -daemon packages provide exim4-localscanapi-1.0 and + exim4-localscanapi-1.1 as requested by Magnus Holmgren while fixing + #426425. Also include exim4-localscan-plugin-config script with + exim4-dev. Thanks to Magnus for helping with this. Closes: #428274 + * remove /etc/exim4/email-addresses symlink and document this. + Thanks to Josip Rodin. Closes: #420578 + * introduce conf.d/250_exim4-config_lowuid which optionally allows + to reject (or alias away) mail to low-uid accounts that are not + listed in an exception list. Thanks to Dominic Hargreaves, + Marc Sherman and Ross Boylan. Closes: #400790, #307768, #331716 + * remove versioned depends on cron, since the version we need is + well before sarge. + * Add cron | fcron dependency. Fcron is going to be removed again + at the first sign of trouble. Closes: #381806 + * remove move_exim3_spool debconf template. Closes: #391762 + * replace openssl gendh with openssl dhparam. Closes: #413235 + * adapt docs, README and manpages + * have Hilko fix the lynx-dump postprocessing to repair generating + README.Debian text version. Thanks! + * increase README.Debian generation robustness. Thanks to Hilko. + * debconf: + * Partly apply Christian Perrier's patch for reviewed + templates and control file. Closes: #426980 + * Other minor template changes. + * get rid of "mails" in debconf templates, use "messages" instead. + Re-word local_interface debconf template. Other minor changes. + Thanks to Jens Seidel and Christian Perrrier. Closes: #394976 + * re-work exim4-config.config logic to have split/non-split config + asked last instead of first. This partly addresses #410756. + * Add exim4-daemon-heavy.templates, exim4-daemon-light.templates + and exim4.templates to POTFILES.in + * Re-Word dc_other_hostnames debconf template. + Thanks to Hans G. Ehrbar. Closes: #421860 + + [ Christian Perrier ] + + * Debconf translation updates: + - French + - Ukrainian. Closes: #427793 + - Bulgarian. + - Thai. + - Galician. + - Swedish. + - Punjabi. + - Indonesian. + - Italian. + - Khmer. + - Traditional Chinese. Closes: #428072, #428069. + - Portuguese. + - Simplified Chinese. + - Marathi + - Romanian. Closes: #429242 + - Russian. Closes: #429352 + + -- Marc Haber Mon, 18 Jun 2007 10:26:20 +0200 + +exim4 (4.67-1) unstable; urgency=low + + [ Marc Haber ] + * new upstream version + * remove 37_upstream-patch-384015-add_headers + * remove 80_disable_rsa_export + * remove 80_upstream_408174_4-64-PH18 + * EDITME patch changes to allow for 4.67 + * enable dovecot authentication + * Upstream patch from Magnus Holmgren included upstream. + Thanks to Simon Walter. Closes: #407957 + * Upstream patch PH/18 included upstream. + Thanks to Marc Schiffbauer. Closes: #408174 + * merge experimental changes + * exim man page patch changes for 4.67 + * robustness patches for + * create-custom-package + * exim-gencert + * exim4-base.config + * exim4-base.postinst + * exim4-config.config + * exim4-config.postinst + * exim4-daemon-light.postinst + * update-exim4defaults + * replace backticks with $() notation + * Add patch to 50_localscan_dlopen to reduce dynamic symbol table. + Thanks to Magnus Holmgren. Closes: #413602 + * remove woody compatibility hacks from + * exim4-daemon-light.postinst + * exim4-config.postinst + * Fix eximnext => exinext in man page. + * README.Debian: + * add warning to "IP addresses for incoming connections" section. + * add new chapter about how to influence exim's behavior. + * add missing closing bracket. Thanks to Martin Schwarz. Closes: #419700 + * update-exim4.conf(8): + * clarify update-exim4.conf about how ue4cc and exim configuration + interface + * remote_smtp_smarthost transport: make hosts_try_auth host list + semicolon-separated to correctly handle IPv6 + * multiple minor changes to lintian overrides + * debian/control: have exim4 depend on debconf (>= 1.4.69) | cdebconf + (>= 0.39) explicitly to allow usage of debconf error template type. + + [ Christian Perrier ] + * Esperanto debconf translation update (Serge Leblanc). Closes: #415590 + * Marathi debconf translation added (Priti Pathil). Closes: #416801 + + -- Marc Haber Sat, 21 Apr 2007 11:48:48 +0200 + +exim4 (4.63-17) unstable; urgency=low + + * 30_exim4-config_examples: add missing backslash in non-TLS client + login authenticator. Thanks to Kai Weber. Closes: #407567 + + -- Marc Haber Sat, 20 Jan 2007 10:38:16 +0100 + +exim4 (4.63-16) unstable; urgency=low + + * Add ta (Tamil) translation of Tirumurti Vasudevan + Closes: #406974 + * exim4_refresh_gnutls-params: allow EXIM4_SPOOLDIR to be overridden from + the environment. Closes: #406989 + * Re-work client authenticators to handle passwords containing + colons and circumflexes. Thanks to Steaphan Greene. Closes: #406686 + * transport/30_exim4-config_remote_smtp_smarthost: feed + hosts_try_auth from $host and $host_address, avoiding issues with + round-robin DNS setup. + Thanks to Celejar and Heiko Schlittermann. Closes: #403583 + + -- Marc Haber Thu, 18 Jan 2007 21:10:34 +0100 + +exim4 (4.63-15) unstable; urgency=low + + * keep config.h from being installed in exim4-base. + Thanks to Aaron M. Ucko. Closes: #405824 + + -- Marc Haber Sat, 6 Jan 2007 22:12:05 +0100 + +exim4 (4.63-14) unstable; urgency=low + + * patch LOCAL_SCAN_ABI_VERSION to 1.1 in 50_localscan_dlopen after + consulting with Magnus Holmgren. + * Fix update-exim4.conf.8 manpage + * FILES section is no longer doubled + * NAME is no longer multi-line + * proper reference to ue4cc in FILES section + * Thanks to Angus Mackenzie + * debian/rules + * allow buildbasepackages and extradaemonpackages to be set from + the environment + * fix buildbasepackages=no and extradaemonpackages which were + broken due to the new -dev binary package + * remove "" in various places, this is Make not shell + * add optional debugging output for variables that are meant to be set + externally + * clean now unpatches first, otherwise clean fails because files + are first deleted and then non-existing files are unpatched + * take config.h from first non-light daemon package built instead + of -heavy (we might not be building -heavy but still need -dev) + * Thanks to Gerfried Fuchs for actually using these features and + finding this bug group. + * exim4.init: Now returns 0 when starting and daemon already + running, and when stopping and daemon already stopped. This fixes LSB + compliance. Thanks to Heiko Schlittermann. Closes: #404182 + + -- Marc Haber Fri, 5 Jan 2007 16:34:58 +0100 + +exim4 (4.63-13) unstable; urgency=low + + * Fix mangled sense in /etc/aliases exim4-config_files(5) man page. + Thanks to Angus Mackenzie. + * [update-exim4.conf.8] exim4-config_files manpage is in section 5 instead + of 8. Thanks to Angus Mackenzie. Closes: #404494 (am) + * Clarify /etc/exim4/passwd.client host name lookup to go after the + reverse DNS entry in exim4-config_files(5) man page. + * Update uk (Ukrainian) translation of debconf templates. + Thanks to Eugeniy Meshcheryakov and Yanovych Borys. Closes: #404481 + * Update sl (Slovenian) translation of debconf templates. + Thanks to Matej Kovacic. Closes: #404481 + * merge in experimental changes: + * create exim4-dev package for sa-exim and other packages. Closes: #401462 + * fix broken usage of DPATCH_WORKDIR (dpatch-edit-patch didn't + work with tarballed upstream) + * don't use DPATCH_WORKDIR any more + * modify patches to apply to build-tree + * remove leftover debugging output from debian/patches/00_unpack.dpatch + + -- Marc Haber Tue, 2 Jan 2007 14:43:59 +0100 + +exim4 (4.63-12) unstable; urgency=low + + * exim4-base.postinst: Redirect command -v's stdout to /dev/null + * update-exim4.conf: add lots of quoting to increase robustness. + Thanks to Paul Slootman. Closes: #403605 + * Debconf templates translation updates and new translations: + - Esperanto + - Norwegian Nynorsk (Håvard Korsvoll). + - Punjabi (A.S. Alam). + - Malayalam (Praveen A). Closes: #402541 + - Italian (typos corrected by Davide Viti). Closes: #403199 + - see Last-Translator for rewards) + + -- Marc Haber Wed, 20 Dec 2006 14:23:57 +0100 + +exim4 (4.63-11) unstable; urgency=low + + * Remove patch to spec.txt for pkg-exim4-users, it is included + upstream. No idea why this patch even applied correctly. + * README.Debian: + * Fix wrong pidfile name + * Move FAQ to the Wiki + * Adapt "Using completely different configuration scheme" to also + mention /etc/exim4/exim4.conf. + * Move titles in the same line as the section statement, making it + easier to work with a code folding editor. + * exim4_files(5): fix recommended permissions for passwd[.client]. + Thanks to Georg Neis. Closes: #398365 + * Remove temporary gnutls parameters file if neither certtool nor + openssl are installed. Closes: #399023 + * Fix path to gnutls-params file in exim4-base.postinst. + Thanks to J.L. Fernandez. Closes: #400794 + * Translation updates (see Last-Translator for rewards). + - Punjabi (not yet complete) + - Hebrew (not yet complete) + - Portuguese. Closes: #399242 + * merge changes from experimental: + * enable sqlite for exim4-daemon-heavy. + Thanks to Adrian Phillips. Closes: #398718 + * Add Build-Dependency on libsqlite3-dev. + Thanks to Frank Lichtenheld. Closes: #398880 + * Build-Depends + * add po-debconf + * add bzip2 + * debian/rules: + * run debconf-updatepo in clean targets + * adapt build system to allow direct building from an upstream tarball + * needs tardy at build time on sarge, but not on newer distributions + * use dpatch-run for patches instead of locally programmed handling + * add lintian overrides: + * partially-translated-question exim4/dc_eximconfig_configtype for + cy, eo, et, he, mk, nn, pa, pl, sl, tl, uk - translators, move! + * possible-debconf-note-abuse config:15 */drec + * remove gratuitous exim4-daemon-heavy.postinst + (it is symlinked at build time) + + -- Marc Haber Fri, 1 Dec 2006 11:16:34 +0000 + +exim4 (4.63-10) unstable; urgency=low + + * The "praise Osamu Aoki" release. + * Translation updates (see Last-Translator for rewards). + - Dutch. Closes: #396725 + * README.Debian: + * Add information about how to obtain reportbug information for + mailing list questions. + * Point people directly to passwd.client man page instead of the + file itself. Thanks to Osamu Aoki. + * Re-work the /etc/aliases section. + * Improve smarthost description in update-exim4.conf(8) man page. + Give examples. Thanks to Osamu Aoki. + * include documentation for /etc/aliases in exim4-config_files(5) + man page. Symlink to etc-aliases(5). + Thanks to Osamu Aoki. Closes: #397042 + * Change symlink of exim4-config_files(5) to email-addresses(5) to + point to etc-email-addresses(5) for consistency. + * Use nwildlsearch to index into passwd.client to allow wildcards + here. Thanks to Osamu Aoki. This is another pain relief for #244724. + * use printf instead of echo in daily cron job. + Thanks to Ming Hua. Closes: #395448 + * Add de-uglyfication request to man pages. + + -- Marc Haber Sun, 5 Nov 2006 10:36:28 +0000 + +exim4 (4.63-9) unstable; urgency=low + + * Fix a spelling error in templates: s/adviseable/advisable + Thanks to Jens Seidel for spotting it + * Translation updates (see Last-Translator for rewards). + - Bosnian. Closes: #396592 + - Bulgarian. Closes: #396558 + - Greek. + - Lithuanian. Closes: #396478 + - Norwegian Bokmål. Closes: #391768 + - Wolof. Closes: #395944 + * Have ue4c barf on more lookup types found in more ue4cc fields, + courtesy to regexp from hell. + + -- Marc Haber Thu, 2 Nov 2006 18:07:24 +0000 + +exim4 (4.63-8) unstable; urgency=low + + * Translation updates (see Last-Translator for rewards). + - Albanian. Closes: #394725 + - Arabic + - Basque + - Catalan + - Chinese (Simplified) + - Chinese (Traditional) + - Croatian + - Czech + - Dzongkha + - Finnish. Closes: #393644 + - German + - Italian. + - Korean. Closes: #394235 + - Nepali + - Norwegian Bokmal. Closes: #394270 + - Portuguese + - Romanian + - Russian. + - Slovak + - Turkish + * README.Debian + * remove wiki references from README.Debian + * remove dc_local_delivery FAQ entry since this is now debconfized + * Fix typos, replace "documented below" with a direct link. + Thanks to Olaf van der Spek. Closes: #394617 + * exim4-config.templates + * Fixed typo: s/arbitrary/arbitrarily + * Extra space removed at the end of a line. Closes: #394569 + * Change references to inexistent README.Debian.html and README.Debian, + both replaced by README.Debian.gz. Thanks to Eric Schanze for spotting + this. + * Various English use changes suggested by Jens Seidel. Closes: #394651 + * update-exim4.conf: Fix wrong behavior if a debconf list answer already + starts with "<". Thanks to Vineet Kumar. Closes: #393843 + * conf.d/main/02_exim4-config_options: Use upstream's wording for + rfc1413 configuration, fix wrongly commented timeout value. + Thanks to Andre Bischoff on IRC. + * conf.d/transports/35_exim4-config_address_directory: Add + delivery_date_add, streamline other options' syntax. + Thanks to Dominic Hargreaves. Closes: #393930 + * Remove commented out inetd entries from maintainer scripts, we are + not going to support inetd again. + * Zap gnutls-params in postinst if old binary format is detected. + Exim cannot read that file any more since RSA_EXPORT has been removed. + Always kill the file if file(1) is not present, recommend file(1). + Thanks to John Goerzen. Closes: #394598 + + -- Marc Haber Mon, 23 Oct 2006 20:49:46 +0200 + +exim4 (4.63-7) unstable; urgency=low + + * Translation updates (see Last-Translator for rewards). Closes: #391768 + - Brazilian Portuguese + - Danish. Closes: #392548 + - Galician + - Hungarian + - Indonesian + - Japanese + - Spanish + - Thai + * Do not ask for local delivery method if custom entry (i.e. neither + maildir_home nor mail_spool) has bin set in update-exim4.conf and continue + to use this custom setting instead of overwriting it with mail_spool. (am) + Closes: #392993 + * Special-case "dsearch;" constructs in dc_other_hostnames, no + longer supported. Adapt documentation accordingly. + * Adapt docs and man pages so that they do not longer suggest that + answers to debconf questions might use all exim + host/address/domain list features. + * fix ue4c to handle more than one smarthost correctly. + * Handle spaces, commas and semicolons as separator in root alias + handling. + * Wolof translation contained a comma in the translation of a element of the + Choices list for the dc_eximconfig_configtype question, replace it with a + semicolon. (am) + + -- Marc Haber Sat, 14 Oct 2006 23:45:17 +0000 + +exim4 (4.63-6) unstable; urgency=low + + * s/ipv6/IPv6 in templates (general writing consistency) + * Translation updates (see Last-Translator for rewards) + - Arabic (partial) + - Basque (partial) + - Croatian (partial) + - Greek (partial) + - Khmer + - Spanish (partial) + - Swedish + - Vietnamese. Closes: #392772 + * README.Debian: + * Fine tuning of SMTP AUTH and TLS docs after user feedback + received over $BEVERAGE irl. + * Adapt configuration chapter to re-worded templates. + * Fix exim4_files man page names to not pollute name space. + * Clarify exim4-config_files man page to reflect that the host name + given there does not actually influence the routing decision. + Thanks to Sven Luther. + * Fix list separator handling for dc_other_hostnames in ue4c. + Thanks to Alexandre Fayolle. Closes: #392831 + + -- Marc Haber Sat, 14 Oct 2006 07:40:05 +0000 + +exim4 (4.63-5) unstable; urgency=low + + * define MAIN_LOG_SELECTOR conditionally. + Thanks to Aaron M. Ucko. Closes: #390758 + * Fix typos in man pages. Thanks to A. Costa. + Closes: #390705, #390706, #390707 + * Address #373786: + * cron.daily: Try UID change with start-stop-daemon, and fall + back to su if that fails. This should enhance compatibility + with libpam-tmpdir. + * exim4_refresh_gnutls-params: don't drop privileges any more, + generate gnutls-params as root and chown them later. + * Thanks to Piotr Kaczuba and Tollef Fog Heen. Closes: #373786 + * Add debugging facility to exim4_refresh_gnutls-params + * Debconf-Rework + * update-exim4.conf: expand UE4CC_semicolon list to allow + semicolons in all debconf questions as list separators for consistency. + * Do template changes suggested by Christian Perrier. Closes: #260141 + * new mail name template thanks to Jari Aalto. Closes: #275953 + * relay templates changes thanks to Ross Boylan. Closes: #342061 + * remove conftype exim3manual. Closes: #355265 + * use semicolon as list separator in debconf templates. ue4.conf + handles both semicolons and colons since #360162. Thanks to Adam + Borowski. Closes: #365428 + * Make existing templates style-compatible regarding developer's + reference. + * Lower priorities so that the Installer can do its work without + exim4 asking questions. Closes: #379485 + * Modify templates saying that smarthost::port is a valid + notation. Modify transport/30_exim4-config_remote_smtp_smarthost to + take only the first part of DCsmarthost (up to first colon) as host + name for hosts_try_auth. This allows debconf configuration of a + different port to connect to the smarthost. Closes: #251949 + * Add debconf template to packages telling people to dpkg-reconfigure + exim4-config. + * Allow choosing between delivery to /var/mail or ~/Maildir with debconf. + (am) Closes: #250980, #274560, #289959 + * Translation updates (see Last-Translator for rewards) + - Brazilian Portuguese + - Danish + - Galician + - Slovak + - Thai + - Turkish + - Romanian + - Japanese + - French + * Patch by Florian Weimer which disables RSA_EXPORT support which + should eliminate the "exim blocking on entropy starvation" issue. + * update-exim4.conf: Take only the first word from /etc/mailname as + system mail name. Thanks to Mike Mestnik. Closes: #215319. + * init script: log_failure_message alert if non-zero paniclog is + found. Thanks to Andreas Barth. + * README.Debian: document cron job, including paniclog monitoring. + Thanks to Stephen Gran. + + -- Marc Haber Tue, 10 Oct 2006 16:50:27 +0000 + +exim4 (4.63-4) unstable; urgency=low + + * Make update-exim4.conf man page also update-exim4.conf.conf man page. + * Fix SPF error message when $sender_address_domain is undefined (i.e. sender + is <>). (rm) + * Change debian/rules documentation for daemon-custom build. + Thanks to Guido Hennecke. Closes: #386135 + * Rotate paniclog by size, not daily, to avoid rotating away + messages after complaining from the daily cron job. + Thanks to Dirk Meyer. + * Update Slovak translation. + Thanks to Peter Mann. + * Add Wolof translation. + Thanks to M Mamoune Mbacke + * Add a paragraph explaning the gnutls-bin suggestion to ease DH + parameter generation in case of entropy starvation. + Thanks to Andi Barth and Florian Weimer. + * Since a new version of sysvinit upload will move /var/run/ to a tmpfs + directories under /var/run/ and their permissions are not persistent + anymore but will be lost after a reboot. - Re-generate /var/run/exim4 in + the init script to compensate for this. (am) (closes: #387699) + * update-exim4.conf: Exit with an error if dc_use_split_config is neither + true nor false instead of replacing the configuration with an empty one. + (am) Closes: #386554 + * More intelligence for exim4_refresh_gnutls-params: + * If certtool (from gnutls-bin) is unavailable but openssl is installed + use openssl to re-generate DH params. (am) + * Change exim4-base Suggests on gnutls-bin to gnutls-bin|openssl. (am) + * Move invocation and background mechanism to exim4_refresh_gnutls-params. + Script can now be called any time from the command line or any + other script. + * Only regenerate dh params if tls_advertise_hosts is non empty. + According to Florian Weimer, DH params are only needed for + incoming TLS connections. + * Thanks, Yuri D'Elia. This addresses #387448 + * Improve entropy and gnutls-params docs. + * cron-daily: + * Invoke exim4_refresh_gnutls-params unconditionally. + * Send out e-mail alert if gnutls-params is older than 14 days. + * rename config varables to E4BCD_, source /etc/default/exim4 + * introduce a E4BCD_PANICLOG_NOISE variable containing a regexp. + Paniclog is negatively filtered against that regexp and paniclog + warning is only sent out if unfiltered lines remain. This is to allow + work around http://www.exim.org/bugzilla/show_bug.cgi?id=92 + * Prepare hosts_avoid_tls statement on SMTP transports + * Macroize log_selector, remove +tls_cipher from examples (it is on + by default) and always set tls_peerdn (we use TLS by default for + outgoing connections). Make it easier to enable debug logging. + * Mention in the comments of the default RCPT ACL that verification + is likely to have false negatives in smarthost/satellite setups. This + is the easiest way to fix #388460; the "real" fix would be very very + complicated and thus unsuitable for the default configuration. + Closes: #388460 + * README.Debian: + * Re-Work "misc" section to contain subsection. Fix minor + formatting issues. + * Add a section about SELinux to the misc subsection saying that + we currently do not have an SELinux policy but would appreciate + people helping here. This is already bug #387327 and #390179. + + -- Marc Haber Sun, 1 Oct 2006 14:37:53 +0000 + +exim4 (4.63-3) unstable; urgency=low + + * Have exim4-config conflict with exim4-daemon-* << 4.63. + Thanks to Yannick Roehlly. Closes: #383420, #384058 + * Tweak NEWS.Debian formatting. Remove asterisks and make sure that + contents lines start with four spaces. + * exim4-config.NEWS: A pair of minor fixes in SPF entry. (rm) Closes: #383708 + * Apply upstream fix allowing header names with an odd number of + characters in add_headers in filters. + Thanks to Tony Finch. Closes: #384015 + * Add documentation for inaccessible home directories. + Thanks to Juha Jäykkä. Closes: #383469 + + -- Marc Haber Wed, 23 Aug 2006 17:16:38 +0000 + +exim4 (4.63-2) unstable; urgency=low + + * upload to unstable + + -- Marc Haber Tue, 15 Aug 2006 20:35:55 +0000 + +exim4 (4.63-1) experimental; urgency=low + + * New upstream version 4.63 + + Change PostgreSQL charset handling. Closes: #369351 + + Recognize SMTP codes at the start of "message" in ACLs and after + :fail: and :defer: in a redirect router. Add forbid_smtp_code to + suppress the latter. forbid_smtp_code is enabled in Debian's + default config. Closes: #378131 + * Adapt configuration to current upstream + + re-work RCPT ACL. Closes: #379155 + + add new comments to default authenticators + + use $auth[123] instead of $[123] which are now deprecated + + forbid_smtp_code on userforward router + * Add missing dependency on lsb-base (>= 3.0-3), needed for the new + init-script shipped in exim4-base. (am) + + -- Marc Haber Tue, 1 Aug 2006 10:47:44 +0000 + +exim4 (4.62-5) unstable; urgency=low + + * Fix typo in exim4-base daily cron job. + Thanks to Salvatore Bonaccorso. Closes: #381048 + * Fix language issues in package descriptions + + -- Marc Haber Tue, 8 Aug 2006 15:02:14 +0200 + +exim4 (4.62-4) unstable; urgency=low + + * Add missing dependency on lsb-base (>= 3.0-3), needed for the new + init-script shipped in exim4-base. (am) + + -- Marc Haber Tue, 1 Aug 2006 11:03:57 +0000 + +exim4 (4.62-3) unstable; urgency=low + + * remove pkg-exim4-user mail address from README.Debian, mention + that one needs to be subscribed to post. + Thanks to Ross Boylan. Closes: #368242 + * re-word -o description in update-exim4.conf(8) man page. + Thanks to Ross Boylan. + * Flag update-exim4.conf(8) man page for a re-work in its BUGS + section. + * Give a - hopefully - better explanation of the mail name thingy in + README.Debian. + * Fix occurrences of default_acl file in documentation. Make part of + README.Debian less confusing. + Thanks to Ross Boylan. Closes: #376459 + * When installing via apt using dpkg-preconfigure the value of + dc_hide_mailname was overwritten during the second run of the debconf + script (invoked by postinst), before the value was stored in the + configuration file. Fix this. (am) Closes: #376460 + * Make spamassassin example in 40_exim4_config_check_data actually + work, add link to documentation for "really suiteable" configuration + examples. Thanks, again, to Ross Boylan. + * remove left-over "and a bunch" sentence from exim4-config_files.5 + * Add a symlink from /etc/email-addresses to /etc/exim4/email-addresses + * Fix bad parsing of CHECK_RCPT_DOMAIN_DNSBLS. + Thanks to Robert Millan. Closes: #378581 + * Note in README.Debian that other parts of the Debian system might + give outdated and/or wrong advice. See #378684, #378685. + * SPF support: (rm) Closes: #290464 + * Add (disabled) template to check SPF in 30_exim4-config_check_rcpt. + * Add libmail-spf-query-perl (>= 1.999-1) to Suggests. + * Rewrite Q/A about SPF from README.Debian. + * Add a small note to exim4-config.NEWS. + * Add conf.d/acl/30_exim4-config_check_mail to reject mail without HELO/EHLO. + (rm) Closes: #378935 + * Add LSBized init script. Thanks to Carlos Villegas. Closes: #376953 + * re-order RCPT ACL statements to resemble Upstreams default config + a little more. This used to be the case in the beginning, but was + changed eventually, and I didn't find any rationale for our deviation. + Thus, we change back to upstream's default to see which things might + break. + * remove cron.d from exim4-base dirs - we do not have a cron.d job + any more for years. + * Re-work daily cron job: + * Make statistics configurable with a variable + * Comment that the log handling code is fragile and depending on + log rotation strategy + * Add code to generate warnings if paniclog non-empty. + Thanks to Andrew Ferrier. Closes: #379898 + * Build -dbg packages. + * Updated vi (vietnamese) translation. + Thanks to Clytie Siddall. (am) Closes: #380357 + + -- Marc Haber Mon, 31 Jul 2006 06:10:51 +0000 + +exim4 (4.62-2) unstable; urgency=low + + * Move explanation about using ";" as separator in lists from debian/NEWS to + debian/exim4-config.NEWS. (The former ends up as + /usr/share/doc/eximon4/NEWS.Debian.gz.) Also fix version-number of + entry. (am) + * have ue4.conf --verbose print split or non-split config. + Thanks to Florian Laws. (mh) + * Mention http://pkg-exim4.alioth.debian.org/ in package description. + Thanks to Florian Laws. (mh) + * Mention in package description that README.Debian has information + about how to configure the Debian packages. + * /etc/init.d/exim4: parse extended inetd.conf syntax from + openbsd-inetd. (mh) Closes: #365928 + * New th (thai) translation. + Thanks to Theppitak Karoonboonyanan. (mh) Closes: #367351 + * New dz (Dzongkha) translation. + Thanks to Pema Geyleg. (am) Closes: #368593 + * New ne (Nepali) translation. + Thanks to Paras pradhan. (am) Closes: #369526 + * New eo (Esperanto) translation. + Thanks to Serge Leblanc. (am) Closes: #369241 + * Updated hu (hungarian) translation. + Thanks to Attila Szervac. (am) Closes: #374616 + * Make documentation of CHECK_RCPT_LOCAL_LOCALPARTS and + CHECK_RCPT_REMOTE_LOCALPARTS more verbose and concentrate it in the + ACL file. Thanks to Klaus Muth. (mh) Closes: #366491 + * README.Debian.xml (mh) + * Add new section documenting where to find documentation. + * Move misplaced sentence. + * Fix spelling errors in README.Debian. + Thanks to Salvatore Bonaccorso. Closes: #366003 + Thanks to Ross Boylan. Closes: #374216 + * remove "you can stop reading now" sentence. + Thanks to David Lawyer. Closes: #370790 + * Mention Debian-specific man pages + * Give instructions about how to use apropos to find out about man + pages. + * Documentation changes inspired by Ross Boylan. Closes: #369126 + * Add exim4-config_files(5) man page to aid as repository for file + explanations. + * /etc/email-addresses + * /etc/exim4/local_host_blacklist + * /etc/exim4/local_host_whitelist + * /etc/exim4/local_sender_blacklist + * /etc/exim4/local_sender_whitelist + * /etc/exim4/local_sender_callout + * /etc/exim4/local_rcpt_callout + * /etc/exim4/local_domain_dnsbl_whitelist + * /etc/exim4/hubbed_hosts + * /etc/exim4/passwd + * /etc/exim4/passwd.client + * /etc/exim4/exim.crt + * /etc/exim4/exim.key + If you find any files that might be missing in the man page, + please report a bug. + * mention exim4-config_files(5) in update-exim4.conf.8 + * Explicitly mention README.Debian in exim man page. + * Remove /usr/share/doc/exim4-config/default_acl, move contents to + README.Debian and exim4-config_files. + * remove empty /usr/share/doc/exim4-config/examples. + * clarify docs in RCPT ACL. + * streamline docs: + * hubbed_hosts router. + * passwd.client. + * server side authentication examples + * Standard-Version: 3.7.2, no changes necessary. + + -- Marc Haber Sat, 24 Jun 2006 08:56:19 +0000 + +exim4 (4.62-1) unstable; urgency=low + + * New upstream version + * remove !acl patch, bug is fixed upstream + * Some minor changes to README.Debian + * Downgrade priority of exim4/dc_eximconfig_configtype, exim4/no_config and + exim4/exim3_upgrade from critical to high, as there is a sane default. + Closes: #342077 + * Allow single quotes in recipient mail addresses. Closes: #346222 + * Update debian/mtalist to conflict with hula-mta. (mh) + * Move back man-pages (actually they are symlinks) related to the + mail-transport-agent virtual package from exim4-base to the daemon + packages. Other MTA packages also include these manpages and would + otherwise need to explicitly conflict with exim4-base. Add "Replaces: + exim4-base (<= 4.61-1)" to the daemon packages. Thanks to Justin Pryzby. + Closes: #362852 (am) + * Update km (Khmer) translation. + Thanks to Khoem Sokhem. (mh) Closes: #363672, #363671 + * Update pa (Punjabi) translation. + Thanks to A S Alam. (am) Closes: #364268 + * replace backticks with $() construct in ue4.conf. (mh) + * Allow ";" as separator in dc_local_interfaces and dc_relay_nets. + If a semicolon is found, "<;" is prepended to allow a semicolon as + separator. Thanks to Adam Borowski. (mh) Closes: #360162 + * Link against libdb4.3 instead of 4.2. (am). Closes: #365467 + * Standards-Version: 3.7.0, no changes required. (am) + * README.Debian: Add link to "how to use a completely different + configuration scheme" to the beginning of the chapter about Debian's + configuration to provide an easy way out for experienced exim people. + (mh) + * Fix grammar error in README.Debian. (Thanks, Ross Boylan) Closes: #365546 + * Whennever changing major Berkeley DB versions we zap the exim hint + databases in exim4-base postinst. Change the code to also delete + __db.retry, __db.misc, __db.callout and __db.wait* (which afaik are + Berkeley DB internal files). If these are somehow broken strange errors + occur, e.g. #360696. As we are deleting the whole db, deleting these files + seems to be a good idea. (am) + + -- Marc Haber Tue, 2 May 2006 11:47:58 +0000 + +exim4 (4.61-1) unstable; urgency=low + + * New upstream version + - Temporary files for content scanning subdirectory are now also mode 640 + instead of 666. Closes: #280282 + - If group was specified without a user on a router, and no group + or user was specified on a transport, the group from the router + was ignored. Closes: #343074 + - .include statements now require an absolute path. Closes: #268083 + * Apply upstream patch allowing !acl constructs + (http://www.exim.org/mail-archives/exim-cvs/2006-April/msg00008.html) + * Rename the Punjabi translation file name from pa_IN to pa + to fit a decision taken in -i18n + * README.Debian: + * mention that relay_nets does allow relaying without authentication. + * minor formatting fixes + * Add Khmer debconf translation (Thanks, Kakada Hok) (bubulle) + Closes: #359668 + * Add linda overrides for libs-not-in-depends (see #357727) + + -- Marc Haber Tue, 4 Apr 2006 19:50:39 +0000 + +exim4 (4.60-5) unstable; urgency=low + + * re-introduce inst_aliases, patch src/install_exim to prevent path + to inst_aliases to be put into example config file. (mh) + * Fix typo in README.Debian.xml, thanks to Frank S. Thomas. (mh) + * Fix Copy&Waste error in README.Debian.xml. + Thanks to Olaf van der Spek. (mh) Closes: #356354 + * Added partial Punjabi debconf translation, + thanks to Amanpreet Singh Alam. (cp) Closes: #349644 + * Fix wrong example in conf.d/acl/20_exim4-config_whitelist_local_deny. + Thanks to Kaare Hviid for pointing this out on IRC. (mh) + * Add documentation about Debconf templates to README.Debian to make + yath happy. (mh) + * exim4-refresh_gnutls-params: Use prefix for tempfile to make it + easier recognizeable. (mh) + + -- Marc Haber Mon, 13 Mar 2006 15:30:07 +0000 + +exim4 (4.60-4) unstable; urgency=low + + * add rationale to README.Debian explaining why using system + passwords for SMTP AUTH is a bad idea. + * streamline configuration to decrease differences to upstream default + example, and to adopt new things that were added since we last + looked there. + * Do not set inst_aliases for installation, this only affects + example.conf anyway. + * fail build if upstream's example configuration has changed. + * fix NEWS confusion. Thanks to Andreas for spotting this. + * exim4-base.exim4.init: invoke exim4 daemon with the environment + cleaned to avoid language confusion. + * document tls on connect in README.Debian. + * use adduser --quiet instead of > /dev/null in *.postinst. + * Add require_files directive to userforward router to avoid errors + when mailing uucp@hostname. + * Add comment about setting up TLS in conf.d/auth/30_exim4-config_examples + to keep people from blindly allowing cleartext auth. + * Replace 37_dns_disable_additional_section patch with + 37_upstream_patch_342619, which is the nearly identical patch from + upstream CVS, approved by Philip. (mh) Closes: #342619 + + -- Marc Haber Wed, 22 Feb 2006 10:30:16 +0000 + +exim4 (4.60-3) unstable; urgency=low + + * Have exim4-base replace exim4-daemon-light and -heavy. This is a + needed corollary to the movement of the man pages to -base. Let's + hope that this change doesn't introduce too much breakage. Thanks + to Hamish Moffatt for making me take a closer look at policy. + (mh) Closes: #347908, #348067 + * Introduce Makefile variable to build with OpenSSL instead of + GnuTLS. This is a last minute maneuver to help sites suffering from + the GnuTLS entropy issue (#338319, #343085) whose only other chance is + disabling TLS completely. Please note that building exim4-daemon-heavy + with OpenSSL is a GPL violation since OpenSSL's license clashes with + the MySQL client library, which is GPL licensed without OpenSSL + exception. (mh) + * re-pack configuration diffs. (mh) Closes: #331698 + * Fix wrong variable substitution in lt (Lithuanian) debconf + translation. Thanks to Davide Viti and Gintautas Miliauskas. (mh) + Closes: #342242 + * Fix typo in exim.8 man page. Thanks to A Costa. (mh) Closes: #338579 + * Honor dpkg-statoverride entries for run-time data in /var. + Thanks to Peter Mottram. (mh) Closes: #269448 + + -- Marc Haber Sun, 15 Jan 2006 00:23:47 +0000 + +exim4 (4.60-2) unstable; urgency=low + + * Add, but not enable, 37_dns_disable_additional_section.dpatch, + which might be a possible fix for #342619 + * conf.d/auth/30_exim4-config_examples: add hint to adapt public_name + string in support_broken_outlook_express_4_server authenticator if + other authencators than LOGIN and PLAIN are offered. + * Fix missing special characters in some debconf translations. + Thanks to Davide Viti. (mh) Closes: #341442 + * Fix broken README reference in system_aliases router docs. (mh) + * remove references to alias files from the address_pipe transport. (mh) + * remove "Some-State" default from exim-gencert. (mh) + * Clarify split vs unsplit config in README.Debian. Thanks to Faheem + Mitha and Ross Boylan for helping. (mh) + * Update Build-Depends to libmysqlclient15-dev. (mh) Closes: #343767 + * Fix wrong header in conf.d/routers/300_exim4-config_real_local. + Thanks to Ross Boylan for spotting this. (mh) + * Document headers_rewrite, return_path and dc_mailname_in_oh in + update-exim4.conf man page. (mh) Closes: #332520, #342233 + * Re-Instate debian/patches/31_eximmanpage which was erroneously + removed in 4.60-1, we have local Debian patches in here. Thanks to + Ross Boylan for spotting this. (mh) Closes: #330967 + * Mention relay permission from localhost in update-exim4.conf(8). (mh) + * Add more prose to relay control configuration. (mh) + * Update Greek debconf translation (Thanks, Kostas Papadimas) (am) + Closes: #344576 + * Add cross-reference to README.Debian to better find macro docs. + Thanks to Shyamal Prasad. (mh) Closes: #329988 + * Fix incorrect variable substitution in pt_BR debconf translation. (Thanks, + Felipe Augusto van de Wiel) (am) Closes: #345363 + * [exim4-config.templates, po/*po] Replace reference to README.SMTP-AUTH + with one to its replacement README.Debian.html. (am) Closes: #344826 + * Re-work long package descriptions. Move reference to README.Debian in + front, add hint to dpkg-reconfigure exim4-config, complete stub + sentences, remove non-referenced acronym MTA from the long + descriptions, move explanation what exim is to the very front. + * README.Debian: Add section about changing the configuration, + explain structure of conf.d and .conf.template, add hint that the SMTP + AUTH examples are documented. + * Introduce MAIN_TLS_CERTKEY to allow for single-file certificate/key + storage. Thanks to John Goerzen. (mh) Closes: #315126 + * Mention entropy issue in README.Debian. + * Ship symlink to /usr/sbin/exim, see NEWS.Debian. (mh) Closes: 319316 + * use dh_installinit -n instead of --noscripts to work around #347577. (mh) + * use dh_installinit --name instead of --init-script, rename init + script. (mh) + * move man pages from daemon packages to exim4-base, add lintian + and linda overrides to allow daemon packages not to contain man pages. + + -- Marc Haber Thu, 12 Jan 2006 12:36:50 +0000 + +exim4 (4.60-1) unstable; urgency=low + + * new upstream version 4.60 + * assign value to UE4CC after command line processing. Only have + ue4c throw an error on not-existing UPEX4C_confd if split config is + seleted. Thanks to Ted Percival. (mh) Closes: #337229 + * A number of man page fixes. Thanks to A Costa. (mh) + Closes: #338580, #338581, #338582, #338583, #338584 + * Pull spool dir path from exim -bP instead of hard-coding it in + daily cron job and exim4_refresh_gnutls-params. + Thanks to Alex Hermann. (mh) Closes: 340002 + * Corrected zh_CN translation by Ming Hua. (am) Closes: #338928 + * Corrected pl translation by Jacek Politowski. (am) Closes: #339671 + * Change README.Debian to clarify the exim as a client only uses + STARTTLS and not TLS on connect. Thanks to Rob Brenart and Marc + Sherman for pointing that out on exim-users. + * Clarify passwd.client format. Thanks to Osamu Aoki for providing a + good starting point in #244724, which is unfortunately not fixed just + now. + * remove patch 31_eximmanpage, fixes are included upstream. + + -- Marc Haber Mon, 28 Nov 2005 18:16:12 +0000 + +exim4 (4.54-2) unstable; urgency=low + + * debian/README.Debian* merged into one xml-file. Binary packages ship both + a html (generated by xsltproc) and plain-text version (lynx + + post processing) of the file. (Hilko Bengen) + * Switch to libmysqlclient14. + * Fix two typos in French debconf templates. + Thanks to Christian Perrier. (mh) + * Replace broken courier auth example with one that actually denies + access if a wrong password is given. Thanks to Peter Thomassen for + carrying that report from some colorful web forum to the people who + can fix it after like four months. (mh) Closes: #336979 + * Fix minor typos in README.Debian.xml and changelog. (mh) + * Add 255.255.255.255 to ignore_target_hosts in dnslookup. (mh) + + -- Marc Haber Wed, 2 Nov 2005 19:40:22 +0000 + +exim4 (4.54-1) unstable; urgency=low + + * new upstream version 4.54. (mh) + * fix typo in router/real_local header + * add same_domain_copy_routing to router/hubbed_hosts + * [update-exim4.conf.8] false friend: s/sensible/sensitive/. + Thanks to Ross Boylan. (am) Closes: #330975 + * modify broken outlook express 4 authenticator so that it only + advertises on encrypted connections, as the other plaintext + authenticators do. Thanks again, Fred Viles. (mh) + * update-exim4.conf.8: alphabetically sort REPLACEMENT PATTERNS and + CONFIGURATION VARIABLES sections, add documentation for + DEBCONFlocal_domainsDEBCONF. + Thanks to Ross Boylan. (mh) Closes: #330980 + * fix bashism == in init script. Thanks to Adam D. Barratt and + Justin Pryzby. (mh) Closes: #331299 + + -- Marc Haber Tue, 4 Oct 2005 09:59:24 +0000 + +exim4 (4.53-1) unstable; urgency=low + + * new upstream version 4.53. (mh) + * Fix obviously unfinished sentence in update-exim4.conf.8 + documenting dc_local_interfaces. (mh) + * Move SMTP authentication docs to README.Debian. (mh) + * Adapt reportbug script to be useable from the command line as well, + mention this in README.Debian mailing list paragraph. (mh) + * Remove /etc/default/exim4 in exim4-config's postrm instead of exim4-base's + one, as it is created in exim4-config's postinst. (am) Closes: #325901 + * Fix error in README.Debian.xinetd. + Thanks to Diego Biurrun. (mh) Closes: #327847 + * Fix substitute variable in Japanese (ja) debconf translation. + Thanks to Kenshi Muto. (mh) Closes: #329729 + * Add lintian override for maintainer-script-needs-depends-on-netbase. We + don't need that depends since update-inetd.conf is checked for presence + before invocation and that invocation is only optional cleanup. (mh) + * add linda override to kill double shlib warning - libgnutls is + fully versioned and thus is not a problem. (mh) + * add lintian override to kill bashism "local" warning for + exim4-config.config and exim4-config.postinst (see #330548). (mh) + * add general package blurb to description of the exim4 meta package + as well. Thanks to Marc Sherman for pointing this out. (mh) + * remove code to escape dashes in the pod2man generated man pages. + That code makes the man pages syntactically invalid, we'd rather + live with suboptimal rendering (which is a pod2man bug anyway). (mh) + * change spacing for rewrite rules in configuration, man page and + ue4.conf to ease paragraph filling for the man page. (mh) + * re-pack config patches. (mh) + + -- Marc Haber Wed, 28 Sep 2005 18:34:51 +0000 + +exim4 (4.52-2) unstable; urgency=low + + * unpack/pack configs to get clear EDITME patches (mh) + * Update ca (Catalan) translation. + Thanks to Aleix Badia i Bosch. (mh) Closes: #317429 + * Update mk (Macedonian) translation. + Thanks to Georgi Stanojevski. (mh) Closes: #320231 + * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params + instead of only removing the file and letting exim4 re-generate it at SMTP + time after receiving STARTTLS. The maximum runtime of certtool is limited + to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki + (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to + exim4-base' Suggests. (am) Closes: #285371 + * Build-Depend on libgnutls-dev (from gnutls12) instead of libgnutls11. + * Drop compability with debhelper in woody (am): + - mv *.templates.master *.templates + - update po/POTFILES.in accordingly. + - no more manual invocation of po2debconf in debian/rules + - use dh_installppp instead of manual dh_installdirs/dh_install. + Closes: #212893 + - Build-Depends: debhelper (>= 4.1.68) + * drop upgly passwd dependency introduced in 4.30-6. (am) + * shorten Build-Depends by replacing "libxfoo-dev|xlibs-dev' with just + 'libxfoo-dev'. (am) + * Do not try to authenticate to smarthost if smarthost offers AUTH LOGIN but + passwd.client does not contain a matching entry. (am) Closes: #323565 + + -- Andreas Metzler Sun, 21 Aug 2005 11:44:27 +0200 + +exim4 (4.52-1) unstable; urgency=low + + * new upstream version 4.51. (mh) + * adapt 70_remove_exim-users_references + * remove 37_gnutlsparams + * adapt 36_pcre + * adapt 31_eximmanpage + * fix package priorities to have them in sync with override again. (mh) + * Fix error in nb (Norwegian) translation. + Thanks to Helge Hafting. (mh). Closes: #315775 + * Standards-Version: 3.6.2, no changes needed. (mh) + + -- Marc Haber Sat, 2 Jul 2005 06:08:34 +0000 + +exim4 (4.51-2) unstable; urgency=low + + * Fix typo in exiwhat.8. (am) Closes: #313246 + * Clarify tls_verify_certificates documentation in + conf.d/main/03_exim4-config_tlsoptions. Thanks to Wenzhuo Zhang. (mh) + * Accept postmaster liberally for relay_to_domains. Thanks to + Roderick Schertler. (mh) Closes: #313023 + * Improve update-exim4.conf's internal run-parts to warn about ignored files + if running in verbose-mode. (am) Closes: #315656 + * Make it possible to purge a previously uninstalled exim4-suite if debconf + has between removed since. (am) Closes: #315173 + - Stop useless sourcing of confmodule in exim4-config.postrm. + - Use debconf to ask about trashing the mailqueue if debconf is available, + keep the queue otherwise. + * exim failed to setup gnutls parameters if the gnutls-param file was + missing. This caused TLS breakage. (am) Closes: #315650 + + -- Andreas Metzler Tue, 28 Jun 2005 19:35:35 +0200 + +exim4 (4.51-1) unstable; urgency=low + + * new upstream version 4.51. (mh) + * remove 80_upstream_fix-296492 + * remove 81_fix-kfreebsd-gnu + * remove 82_upstream_fix-299733 + * remove 82_upstream_fix_299743 + * remove 83_upstream_fix-strangelog + * build-depends: replace postgresql-dev with libpq-dev. (mh) + * apply patch to EDITME.exim4-heavy.diff from ubuntu for clearer + postgresql build. (mh) + * fix wrong dc_other_hostnames statement in manpage. Thanks to + Daniel Hermann. (mh) Closes: #311023 + * give more directions how to use /etc/exim4/exim4.conf. (mh) + * Fix duplicated server_advertise_condition line in + login_saslauth_server. Thanks to Rich Aycock. (mh) Closes: #311906 + * Conditional restarting the daemon in exim4-config.config now checks for + DEBCONF_RECONFIGURE=1 instead of (mis)using an internal + debconf-template. (am) + * Documentation Improvements for update-exim4.conf.8, exim4.conf.template + and 01_exim4-config_listmacrosdefs and README.Debian. + Thanks to Ross Boylan. (am/mh) + * New translation: et (Estonian) by Siim Põder. (mh) Closes: #312474 + + -- Marc Haber Fri, 10 Jun 2005 18:57:03 +0000 + +exim4 (4.50-8) unstable; urgency=low + + * integrate TLS docs in README.Debian, remove README.TLS. + Thanks to Sam Morris. (mh) Closes: #310771 + + -- Marc Haber Fri, 27 May 2005 07:57:14 +0000 + +exim4 (4.50-7) unstable; urgency=low + + * Documentation Only Fixes + - Fix grammar error in README.system_aliases. Thanks to Andreas + Barth on IRC. (mh) + - Optimize unencrypted authentication docs. Thanks to Drew Parsons. + (mh) Closes: #305443 + - Clarify dc_smarthost host list processing in update-exim4.conf.8. + (mh) Closes: #307370 + - Clarify split-config description in README.Debian. + Thanks to Luc Saffre. (mh) + - Fix a typo in README.Debian-accountname, thanks to Brett Parker. (mh) + - Fix an issue in the exim manpage creating the illusion that + whitespace is allowed between -d and its options. + Thanks to Greg Kochanski. (mh) Closes: #309174 + - Start re-work of README.Debian FAQ. + - Add "should -config depend on -base" question to README.Debian FAQ. + - Link README.Debian to -daemon-light and -daemon-heavy, include a + copy of README.Debian in -config. + Thanks to Daniel Maier. (mh) Closes: #310118 + * Translations + - Update: cy (Welsh) by Dafydd Harries. (mh) Closes: #306349 + - New: vi (Vietnamese) by Clytie Siddall. (mh) Closes: #306613 + - Fix typos in pt.po (Thanks, Miguel Figueire) (am) Closes: #310057 + * Configuration Clarification + - move the regexps in the local part checks to macros, adapt docs. + Thanks to Adam M. Costello. (mh) Closes: #306094 + * Bug Fixes + - preserve escape sequences like '\\N' in + /etc/exim4/update-exim4.conf.conf: + - use awk instead of sed in exim4-config.postinst (Thanks, Barry Kitson). + - use printf '%s\n' "$foo" instead of echo "$foo". (echo in dash would + swallow the second backslash) + - actually making this work requires changes in debconf, too, + see #306134. + - (Closes: #305957) (am) + - apply upstream patch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050425/msg00035.html + in some circumstances, exim writes parts of /etc/passwd and/or + /etc/group to the reject log. This scares people. (mh) + - apply upstream patch from + http://www.exim.org/mail-archives/exim-dev/2005-April/msg00012.html to + only try SASL mechanisms that are actually specified in the + configurations. Thanks to Juergen Kreileder. (mh) Closes: #299743 + - Build against libmysqlclient12-dev instead of libmysqlclient10-dev. + (am) Closes: #306970 + - As "mail sent by smarthost; no local mail" aka satellite requires setting + dc_readhost always ask this question. (am) Closes: #304838 + - Make nonsplit-config read /etc/exim4/exim4.conf.localmacros before + /etc/exim4/exim4.conf.template to allow macros here as well. (mh) + - Make it clear that "broken debconf" warning is issued by + exim4-config.postinst + - Make sure that "generated, do not touch" disclaimer in + /var/lib/exim4/config.autogenerated always appears + - [exim4-config] As the.config script stores answers in debconf's db and the + postinst actually generates configurations files from these values + restarting the daemon on dpkg-reconfigure has to be done in postinst. (am) + Closes: #310703 + + -- Marc Haber Thu, 26 May 2005 17:47:24 +0000 + +exim4 (4.50-6) unstable; urgency=low + + * fix some errors in update-exim4.conf(8) manpage. (am) + * more macros in config. (mh) + * Apply upstream fix: $primary_hostname is now expanded in + cyrus_sasl authenticator. Thanks to Juergen Kreileder, and of + course Philip Hazel. (mh) Closes: 299733 + * fix conftype none missing "| \" bug, again. Thanks to Andrew Nimmo + and Gabriel L. Briones III. (mh) Closes: 303351. + * The upstream fix for #296492 sometimes causes an endless loop. Update + patch with correction from Philip's commit, revision 1.10. (mh) + * Document real_local router. (mh) + * Add instructions about how to use inetd. Thanks to Ryan Underwood. + (mh) Closes: #304436 + * Fix wrong file header in 100_exim4-config_domain_literal. (mh) + * Fix bad english in 01_exim4-config_listmacrosdefs. (mh) + * conf.d/main/02_exim4-config_options: Remove macro effort for options + that we leave at their default by default anyway, re-commenting them + for reference. (am) + * Allow cleartext client AUTH PLAIN and AUTH LOGIN by setting a + macro. (mh) + * Update information in README.SMTP-AUTH. (mh) + + -- Marc Haber Sun, 17 Apr 2005 19:10:26 +0000 + +exim4 (4.50-5) unstable; urgency=low + + * move exim4-config-simple and exim4-config-medium from the main + source package to keep them from being released. + * document the fact that the check done by update-exim4.conf does + not detect all possible errors and fails with errors that are inside + expanded items in the config file. Thanks to Marc Sherman. + (mh) Closes: 286721 + * Add examples for cyrus_sasl to conf.d/auth/30_exim4-config_examples. + Thanks to Juergen Kreileder. (mh) Closes: #299732 + * remove --dry-run from 10_daemon_close_fds.dpatch so that failures + to patch cause failure. Thanks to Gergely Nagy, and apologies for + blaming it on dpatch (see #297670). (mh) + * remove ACL example file, incorporate DNSBL examples (without + actual DNSBL domains) into main config. The example file hasn't been + updated in ages, and the main config file has become quite + sophisticated by itself. (mh) + * add example authenticators for courier authdaemon. (mh) + * have exim4-base recommend psmisc. Thanks to Thiemo Seufer. + (mh) Closes: #299858 + * apply upstream patch fixing fallback handling. Thanks to Laurent Fousse. + (mh) Closes: #296492 + * add patch to allow building on kfreebsd-gnu. Thanks to Robert + Millan. (mh) Closes: #300967 + * remove 10_daemon_close_fds since this might close FDs which might + be used by other libraries such as libnss-ldap. Thanks to Antonio + Kanouras for reporting and testing, and to Florian Weimer for + debugging. To avoid #297607 from happening again, use db_stop in + exim4-config.config and coordinate with the d-i team. Thanks to + Frans Pop for testing. (mh) Closes: #299051 + * make pidfile paths in init script variables. (mh) + * Update bs (Bosnian) debconf templates. Thanks to Safir Secerovic. + (mh) Closes: #301940 + * Fix update-exim4.conf to actually remove the DEBCONF stuff from + configuration. Thanks to Jason Spiro. (mh) + * correctly translate an empty debconf option visiblename to an + _unset_ qualify_domain, not a qualify_domain set to the empty string. + Thanks to Miquel van Smoorenburg. (mh) Closes: #302060 + * update-exim4.conf ignored the setting of dc_use_split_config and + always used the data from split config for conftype none. (am) + * Document #301988 (base-config) in README.Debian to offer an + explanation for a long delay restarting exim right after Debian + installation. (mh) + * Fix exim4-config.NEWS and exim4-config.postinst, documenting the + mailname change there. This should act as a heads-up to people who + do funky things with their ue4.conf.conf which might overwrite the + fixup intrduced by the maintainer script. Thanks to Vincent + Lefevre. (mh) Closes: #301906 + * Make Maildir location configurable via exim macro. Thanks to + Frederic Lehobey. (mh) Closes: #302215 + * pull update-exim4.conf.conf file name in shell variables + * liberally use .ifdef in conf.d files which changed in this release + anyway. This is part of the process to fix #297603. (mh) + * Adapt formatting policy to conf.d files which were changed. (mh) + * Improve on Debconf documentation in update-exim4.conf.conf and + the configuration templates. This partly addresses #289959. (mh) + * re-work ue4.conf man page, also addressing #289959. (mh) + * add a comment about caseless postmaster to + conf.d/router/400_exim4-config_system_aliases. (mh) + * print script name and parameters when debugging. (mh) + * update-exim4.conf now gives a better error message if + ue4.conf.conf does not exist. (mh) + * ue4.conf.template: If a relative output path is given, actually + put the file there and not in a path relative to + /etc/exim4/conf.d. (mh) + + -- Marc Haber Sun, 3 Apr 2005 07:20:17 +0000 + +exim4 (4.50-4) unstable; urgency=low + + * fix 10_daemon_close_fds.dpatch to actually apply again. Sheesh. + Thanks to Joey Hess. (mh) Closes: #297607 + + -- Marc Haber Wed, 2 Mar 2005 07:38:52 +0000 + +exim4 (4.50-3) unstable; urgency=low + + * actually enable dlopen patch, show this in package descriptions. + Thanks to Andrej KOLESNIKOV. (mh) Closes: #297282 + * Have exim4-config conflict with -daemon (<<4.50), as we use + submission/sender_retain which is not supported by earlier daemons. + Thanks to Echo Nolan. (mh) Closes: #297501 + + -- Marc Haber Tue, 1 Mar 2005 06:45:26 +0000 + +exim4 (4.50-2) unstable; urgency=low + + * now use WITH_OLD_DEMIME as discussed on pkg-exim4-devel. (mh) + * postinst: add "This is a Debian specific file" to ue4.c.c. (mh) + * fix exim.8 manpage to point to exim4 instead of exim. + (mh) Closes: #296864 + * fix update-exim4.conf.8 man page to correctly document that + multiple smarthosts are supported and non-SMTP ports are not. Thanks + to Dan Jacobson. (mh) Closes: #283560 + * Add --output option to update-exim4.conf.template. Thanks to Marc + Sherman. (mh/am) Closes: #296597 + * Compile with cyrus_sasl authentication mechanism, add libsasl2-dev to + Build-Depends. Thanks to Sean Middleditch and Gergely Risko. (mh) + Closes: #296203, #292906. + * document that dc_localdelivery does not have a corresponding + Debconf option. + * Introduce ue4c_comments for /etc/exim4/update-exim4.conf.conf to + set default for keepcomments/removecomments from the config file. + Thanks to Greg Folkert. (mh) Closes: #295735 + * Use "control = submission/sender_retain" to fixup relayed messags instead + of only adding a Message-ID with a warn-statement. (am) Closes: #285235 + * Add force-stop to the init script. Thanks to Jari Aalto. (mh) + Closes: 271686 + * tighten local parts checks. Thanks to Jari Aalto. (mh) Closes: #273302 + + -- Marc Haber Sun, 27 Feb 2005 16:33:05 +0000 + +exim4 (4.50-1) experimental; urgency=low + + * new upstream version + * kill exiscan patch as it is now included upstream + * deliver configuration which will compile daemon-heavy with the + built-in exiscan + * convert package to svn on svn.debian.org with a debian/-only + layout. (mh) + * remove 37_kbsd-gnu patch on bug submitter's request (doesn't apply + cleanly). (mh) + * fix bad German translation of a debconf template. Thanks to Hanno + Wagner. (mh) Closes: #291671 + * allow option passing to updatex-exim4.conf from init script. + Thanks to Stephen Gran. (mh) Closes: #285973 + * change commented out example for reverse DNS RCPT check to catch + deferrals as well. Thanks to Marc Sherman. (mh) Closes: #291832 + * Update ko (Korean) debconf templates. Thanks to Seo Sanghyeon. + (mh) Closes: #292607 + * Update sq (Albanian) debconf templates. Thanks to Elian Myftiu. + (am) Closes: #284529 + * New gl (Galician) debconf templates. Thanks to Jacobo Tarrío. + (mh) Closes: #295562 + * use #!/bin/bash in reportbug script as a quick fix until #294954 + is fixed one way or the other in reportbug. + * Minor fix to de (German) debconf templates. Thanks to Dennis + Stampfer. (mh) Closes: #294815 + * add bad hack authenticator to support outlook express 4.xx. (mh) + * streamline server authenticator names. (mh) + * 60_convert4r4.dpatch: patch convert4r4 to prevent execution of the + script without people reading a prominent warning. (mh) + * re-work debian/control again, pointing people towards + pkg-exim4-users to make upstream a little bit less unhappy. + + -- Marc Haber Fri, 18 Feb 2005 15:31:12 +0000 + +exim4 (4.44-2) unstable; urgency=low + + * re-work debian/control to make lintian happy, make descriptions + more orthogonal. (mh) + * kill build-conflicts on libperl-dev (=5.8.4-1). (mh) + + -- Andreas Metzler Thu, 27 Jan 2005 13:45:45 +0100 + +exim4 (4.44-1) experimental; urgency=low + + * New upstream bugfix-only release (exiscan-acl 4.44-28). + - Fixes eximstats' generation of pie charts by volume. (Closes: #286074) + - Reset the locale to "C" after calling embedded Perl. (Closes: #283538) + - includes 66_cipherpreferences.dpatch, + 66_can2005-0021_can2005-0022.dpatch, 65_tidydb-spool.dpatch, + 62_statvfs.dpatch. + * Fix (commented) example for AUTH LOGIN with saslauthd (Thanks, Maik + Broemme). (Closes: #291205) + * tl (Tagalog) translation of debconf templates by eric pareja. + (Closes: #291184) + * Use db4.2. (Closes: #258311) + + -- Marc Haber Sun, 23 Jan 2005 15:42:20 +0000 + +exim4 (4.43-4) unstable; urgency=low + + * Change update-exim4.conf to again generate a valid return_path (instead + of defering any mail to remote systems) if dc_hide_mailname='true'. + (Closes: #290954) + * Fix typo in changelog and exim4-config's NEWS. + * Some changes (most notably changing the interfaces exim listens on) + require restarting exim instead of just sending HUP. Change documentation + and exim4-config.config accordingly. (Closes: #290945) + + -- Andreas Metzler Tue, 18 Jan 2005 12:57:58 +0100 + +exim4 (4.43-3) unstable; urgency=low + + * Now that 4.44 is released upload 4.43 to unstable. ;-) Merge experimental + and unstable changelog. + * More lintian overrides. ("X" in eximon4's description has to be capital, + and we take care to only use settitle if it is available. + * make nullmailer setup and the way we use mailname a lot more sensible, + attacking #244095 and #280207: + - mailname is not implicitely made a local domain, instead it is listed + explicitly in dc_other_hostnames, where users can easily remove it + from. (This is basically what postfix does, too.) When upgrading + existing installations mailname is automatically added _once_ to + dc_other_hostnames, on fresh installations mailname is the default + value of dc_other_hostnames. We store the fact that we have added + mailname to dc_other_hostnames in $dc_mailname_in_oh in + update-exim4.conf.conf. + - Make exim work correctly if dc_readhost ("visible, rewritten domain name + for local users") ends up as part of local_domain, which happens if + the same value is chosen for mailname and dc_readhost. This + implemented by new router, hub_user_smarthost. Previously users were + required to use something different (my.invalid.domain) for mailname. + - Special thanks to Christian Perrier for taking care of the + template translation updates. + * We did not substitute the current value into the debconf templates with + db_subst but showed the old ones from the previous debconf run. + * /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! + * Bosnian (bs.po) translation is complete (Thanks Adis Nezirovic). + * Includes de.po change suggested in #286525. + * One-line fix for incorrect fi.po translation by Kalle Olavi Niemitalo. + (Closes: #288930) + + -- Andreas Metzler Sat, 15 Jan 2005 19:38:16 +0100 + +exim4 (4.43-2) experimental; urgency=low + + * Resync against sarge/sid (4.34-10). + * Translation updates: + - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) + * cy (Welsh) translation of debconf templates by Dafydd Harries. + (am) (Closes: #282731) + * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) + (Closes: #284529) + * allow arbitrary Sender: and envelope headers in locally submitted + messages, no longer force them to be the local account name at the + local host name. (mh) + * delete /var/spool/exim4/gnutls-params in cron.daily. (mh) + (Closes: #224269) + * run debian/rules update-mtaconflicts. (mh) + * remove outdated info from README.SMTP-AUTH and clarify corresponding + comments in configuration file (Closes: #281249). (am) + * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450). (am) + * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205). (am) + * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). + * exim_tidydb did not work properly with split spool directory. (am) + * Make exim prefer stronger ciphers. (AES_256 AES_128 3DES ARCFOUR). + * Make the prefered local transport (maildir/mailspool) configurable in + update-exim4.conf.conf, attacking #250980. Document this, therefore + (Closes: #274597) (am) + * Move slightly more expensive tests in rcpt ACL further down. (This only + changes commented out example code.) (Closes: #267708) + * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) + * Version dpatch build-dependency to safeguard against reintroducing this + bug. + * In comment point out that using saslauthd for SMTP AUTH requires giving + exim privileges to use it. + * New patch 66_can2005-0021_can2005-0022.dpatch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html + fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 + (mh/am). + + -- Andreas Metzler Thu, 6 Jan 2005 12:33:27 +0100 + +exim4 (4.43-1) experimental; urgency=low + + * targeted for experimental since we need unstable to get new 4.34 + versions in sarge. unstable upload will happen as soon as t-p-u is in + working condition. + * New upstream version. (am) (Closes: #274246, #267994) + - no more unescaped hyphens in exim.8. (Closes: #262592) + - no more warnings in exipick.8 (Closes: #277817) + - New option tls_on_connect_ports. (Closes: #265818) + - better documentation about differences in configuring for GnuTLS or + OpenSSL. (Closes: #241725) + - verify = header_sender now respects callout options. (Closes: #260114) - - There is now an overall timeout for performing a callout verification. ++ - There is now an overall timeout for performing a callout verification. + (Closes: #261511) + - Less typos in filter.txt. (Closes: #230545) + - New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947) + * exiscan patch 4.43-28 (mh) + * Use statvsf() instead of statfs(), fixing complete breakage on + alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and + debugging this. (am) + * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to + prevent similar bugs. (am) + * Translation updates: + - tr (Turkish) by Recai Oktas (#281840) (am) + * add lintian and linda overrides to get rid of warnings and errors. (mh) + * delete debian/files from config-custom, make config-custom's + debian/rules delete debian/files on clean. (mh) + + -- Marc Haber Sun, 21 Nov 2004 19:26:11 +0000 + +exim4 (4.34-10) unstable; urgency=high + + * urgency high because this upload fixes two minor security issues. + * more documentation for dc_localdelivery in update-exim4.conf.8. + * Move slightly more expensive tests in rcpt ACL further down. (This only + changes commented out example code.) (Closes: #267708) + * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) + * Version dpatch build-dependency to safeguard against reintroducing this + bug. + * In comment point out that using saslauthd for SMTP AUTH requires giving + exim privileges to use it. + * New patch 66_can2005-0021_can2005-0022.dpatch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html + fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 + (mh/am). + + -- Andreas Metzler Wed, 5 Jan 2005 10:39:03 +0100 + +exim4 (4.34-9) unstable; urgency=low + + * Translation updates: + - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) + * cy (Welsh) translation of debconf templates by Dafydd Harries. + (am) (Closes: #282731) + * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) + (Closes: #284529) + * new patch 64_pipeliningfixup pulled from 4.42. Exim was forgetting that it + had advertised PIPELINING for the second and subsequent messages on an + SMTP connection. Thanks to Christoph Barbian. (am) (Closes: #283230) + * allow arbitrary Sender: and envelope headers in locally submitted + messages, no longer force them to be the local account name at the + local host name. (mh) + * delete /var/spool/exim4/gnutls-params in cron.daily. (mh). + * remove outdated info from README.SMTP-AUTH and clarify corresponding + comments in configuration file (Closes: #283568) (am). + * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450) (am). + * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205) (am). + * run debian/rules update-mtaconflicts + * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). + * exim_tidydb did not work properly with split spool directory. (am) + * Make the prefered local transport (maildir/mailspool) configurable in + update-exim4.conf.conf, attacking #250980. Document this, therefore + (Closes: #274597) (am) + + -- Andreas Metzler Tue, 7 Dec 2004 12:40:49 +0100 + +exim4 (4.34-8) unstable; urgency=medium + + * The real-life-takes-its-toll-release. + * Use statvsf() instead of statfs(), fixing complete breakage on + alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and + debugging this. + * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to + prevent similar bugs. + * Translation updates: + - tr (Turkish) by Recai Oktas (Closes: #281840) + * new patch 63_nomorecrashongnutlserror pulled from 4.40: "If a server + dropped the connection unexpectedly when an Exim client was using GnuTLS + and trying to read a response, the client delivery process crashed while + trying to generate an error log message." (Closes: #280647) + + -- Andreas Metzler Sat, 20 Nov 2004 10:52:18 +0100 + +exim4 (4.34-7) unstable; urgency=low + + * Update README.Debian.UUCP (thanks, Andreas Barth) (Closes: #271179) + * The hack to fix the infinite debconf loop on woody (#246742) broke + dpkg-reconfigure. Add an additional [ "reconfigure" != "$1" ] condition to + the abort clause. (Closes: #271864) (am) + * apply patch fixing Italian debconf translation by Danilo + Piazzalunga. (mh) (Closes: #274398) + * ro (Romanian) translation of debconf templates by Eddy Petrisor. + (mh) (Closes: #275414) + * sl (Slovenian) translation of debconf templates by Jure Cuhalev. + (mh) (Closes: #275090) + * uk (Ukrainian) translation of debconf templates by Eugeniy + Meshcheryakov. (mh) (Closes: #273505) + * mk (Macedonian) translation of debconf templates by Georgi + Stanojevski. (mh) (Closes: #275772) + * fix encoding problem in hu.po. Thanks to Christian Perrier. (mh) + * Hebrew translation updated. Closes: #277682 (Lior Kaplan) + * Norwegian Nynorsk translation fixed (commas removed and replaced by + dashes). Closes: #278011 (Christian Perrier) + * Fix commas in Macedonian, Polish, Russian translations which broke the + Choices list the same way they were in Norwegian Nynorsk (Christian + Perrier) + * Fix error in README.SMTP-AUTH, thanks Jari Aalto. (Closes: #276448) (am) + * Make update-exim4.conf more forgiving, working with files that are missing + the final newline. (Closes: #273279) (am) + * Use procmail for delivery if /either/ etc/procmailrc or ~/.procmailrc + exist. (Closes: #267706) (am) + * Shorten overlong template in Catalan (Closes: #277686) (Jordi Mallach) and + Brazilian translation (Closes: #278016) (Andre Luis Lopes) + + -- Andreas Metzler Sun, 7 Nov 2004 19:56:01 +0100 + +exim4 (4.34-6) unstable; urgency=low + + * Uploaded to test changes before we break tpu. + * zh_TW translation of debconf templates by Tetralet. (Closes: #267524) + * bg (Bulgarian) translation of debconf templates by Ognyan Kulev + (Closes: #267603) + * updated translations: + - nl (Dutch) by Bart Cornelis. (Closes: #268168) + * remove osirusoft from dnsbl examples. Thanks to Greg Kochanski for + noticing. Add dnsbl disclaimer. (mh) (Closes: #269501) + * add an example for exim-adduser. (Thanks to Jonas Meurer for the initial + idea, the commited version is different, though.) (mh/am) (Closes: #267792) + * hr (Croatian) translation of debconf templates by Krunoslav Gernhard + (Closes: #270578) + * Do not remove the Debian-exim user in "exim4-config.postrm purge". + Package dependencies are only effective for packages in status installed, + but it is clearly not sane to remove the user until all exim4-packages + are purged. e.g. this can completely break logrotate (Closes: #270681). + + -- Andreas Metzler Sat, 11 Sep 2004 10:29:26 +0200 + +exim4 (4.34-5) unstable; urgency=low + + * The let's test the changes before we upload to tpu release. + * updated translations: + - eu (Basque) by Piarres Beobide Egaña. (Closes: #261912) + - ca (Catalan) by Jordi Mallach. (Closes: #264842) + * Fix broken permissions (not readable for group/other) in upstream tarball + in clean target (thanks to Steve Langasek for help with find). This fixes + "dpkg-buildpackage -rsudo && dpkg-buildpackage -rsudo". (Closes: #262607) + * Stop daemon in "exim4-base.postrm remove". - Under specific circumstances + apt seems to purge -base before removing the depending package (-daemon), + therefore the daemon would not be stopped. (Closes: #261994) + * Build against libgnutls11-dev. (Closes: #263665) + + -- Andreas Metzler Wed, 11 Aug 2004 09:17:35 +0200 + +exim4 (4.34-4) unstable; urgency=high + + * Urgency high because upgrades from woody were broken. + * Exim4 triggers a bug in woody's debconf. - With dialog frontend, invoked + by dpkg-preconfigure you are stuck in a loop, always being asked the same + two questions (split config, and basic configtype) again and again until + you give up and choose split_config=yes although being discouraged from + doing so. I am working around this by making the config-script abort if + debconf is old and we are running in preconfigure mode. (Thanks to Dan + Weber, Adrian Bunk and whoever else wasted brainpower on this.) + (Closes: #246742) (am). + * Arabic (ar.po) translation of debconf templates by the translation team + of Arabeyes.org (Abdulaziz Al-Arfaj). (Closes: #261014) + * Change maintainer address to a mailinglist, add myself to uploaders (am) + * Quote ${dc_mailname} in exim4-config.config. (am) + * Fix grammar error in the original English templates (found by Adam D. + Barratt ages ago). Duplicate fix in .po files.(am) + * Typo/thinko in exim4-config (two 35-clauses) prevented showing a + (unimportant) question for satellite config. Thanks to Fabio Massimo Di + Nitto for finding this. + + -- Andreas Metzler Tue, 27 Jul 2004 16:38:54 +0200 + +exim4 (4.34-3) unstable; urgency=low + + * updated translations: + - es (Spanish) by Javier Fernández-Sanguino Peña (Closes: #251987). Also + shorten overlong string. (Closes: #251316) + - tr (Turkish) by Recai Oktas, fixing overlong translations. + (Closes: #251932) + - de (German) corrected and scrutinized by Helge Kreutzmann. + (Closes: #254038) + - ru (Russian), too long templates shortened by Dmitry Beloglazov. + (Assuming I read Last-Translator correctly) (Closes: #259148) + * Hebrew (he.po) translation of debconf templates by Lior Kaplan. + (Closes: #254026, #257508) + * introduce .ifndef hacks to allow MESSAGE_SIZE_LIMIT, DCreadhost + and DCsmarthost to be changed by the local admin without having to + change dpkg-conffiles (mh). + * Use byname on the smarthost route list (mh). (Closes: #250367) + * Make build-dependency on libldap2-dev unversioned. This was just a paranoia + measure and the buildds are using this version anyway (am). + * escape some dashes in manpages (am). + * Replace the three test -a/-o with &&/|| constructs, and egrep with grep + -E (am). + * Use symbolic name instead of signal numbers for trap (am). + * Add explanation on missing SPF-support to README.Debian (am). + * remove MESSAGE_SIZE_LIMIT rule from DATA acl, use global + message_size_limit instead. Thanks to Matthias Gärtner for pointing + this out to me (mh). + * Increase MAX_NAMED_LIST to 32 for daemon-heavy (am). (Closes: #253959) + * add a reportbug-script to gather additional information. This way we do + not rely on possibly out of date information in debconf (am). + (Closes: #255645) + * Fix off-by-one error in queryprogram router (am). + * set "tls_tempfail_tryclear = false" on remote_smtp_smarthost transport + (am, Thanks to Dan Jacobson for the suggestion). (Closes: #253931) + + -- Andreas Metzler Mon, 19 Jul 2004 15:16:28 +0200 + +exim4 (4.34-2) unstable; urgency=medium + + * Urgency medium because CAN-2004-0400 isstill not fixed in testing and + because this version gets almost every single translation up to date. + * Norwegian nynorsk translation of debconf templates by Håvard Korsvoll. + (Closes: #248810) + * fix debug_print in remote_smtp_smarthost transport. (Closes: #248922) + * For minimal_dns update-exim4.conf(8) now tries to find out the primary + hostname itself and hardcodes this value in the generated configuration + file. (Closes: #241475,#248854) + * updated translations: + - ko (Korean) by Changwoo Ryu (Closes: #249026) + - it (Italian) by Danilo Piazzalunga + - lt (Lithuanian) by Gintautas Miliauskas (Closes: #249269) + - ru (Russian) by Nikolai Prokoschenko (Closes: #249298) + - es (Spanish) by Javier Fernández-Sanguino Peña + - nl (Dutch) by Bart Cornelis + - de (German) doublechecked and corrected by Dennis Stampfer + (Closes: #249925) + - fi (Finnish) by Tapio Lehtonen + - nb (Norwegian bokmål) by Klaus Ade Johnstad (Closes: #250344) + * New bugfix by upstream: "drop" in the DATA acl did not send 550 but dropped + the connection immediately. + * add a debian/watch file. + * Catalan (ca.po) translation of debconf templates by Aleix Badia i Bosch. + (Closes: #250113) + * Polish (pl.po) translation of debconf templates by Tomasz Z. Napierala. + (Closes: #250908) + * Rudimentary (5/58) Bosnian debconf templates translation by Safir + Šećerović (Closes: #251137) + * Document why exim tries to make an AAAA lookup at startup and how to stop + this in README.Debian. (Closes: #243822) + * Compile with -fno-strict-aliasing. Exim uses lots of casts that are not + allowed: "(char **)(&foo)" where foo is a pointer to unsigned char + (sourcecode: CSS(foo) with foo being a uchar), which results in lots of + "dereferencing type-punned pointer will break strict-aliasing rules". + Thanks to Andrew Suffield for the explanation. + * exim4-config uses features introduced in 4.33 - conflict with earlier + versions. (Closes: #249550) + + -- Andreas Metzler Mon, 31 May 2004 10:31:51 +0200 + +exim4 (4.34-1) unstable; urgency=low + + * remove cruft from source + * New upstream version 4.34, exiscan -21 + * includes fix for buffer overflow (CAN-2004-0400) fixed in previous + upload + * Again adds a received header before local_scan() is invoked. + * Adds a missing fclose() that was causing scan directories not + to be deleted on NFS spools. + * add debug_print statements on various routers (mh) + * add docs to smarthost router regarding secondary MX setup (see + #248370) (mh) + * don't ask any more for relay_to_domains if configuring for + smarthost and satellite setup. (Closes: #248370) (am) + * straighten out remote_smtp transport by adding remote_smtp_smarthost + and using that in the smarthost router. (mh) + * add hubbed_hosts router for more flexible routing. (mh) + * add update-exim4.conf.template and use it in debian/rules (Closes: + #248338). (mh) + * remove debian/patches/60_upstream_fixes as the fix is already + included upstream now. (mh) + * add README.Debian-accountname (mh) + * updated translations: + - zh_CN (Simplified Chinese) by Carlos Z.F. Liu (Closes: #248464). (mh) + * Temporarily add a Build-Conflicts with libperl-dev 5.8.4-1. - This version + included a dyna-loader incompatible with programs linked against 5.8.3.(am) + + -- Andreas Metzler Wed, 12 May 2004 22:30:19 +0200 + +exim4 (4.33-1) unstable; urgency=low + + * new upstream version 4.33, exiscan -20: + - includes the patches for rewriting and sighandler. + - new expansion conditions to e.g. match a domain in named domainlist. + * updated translations: + - fr (French) by Christian Perrier (Closes: #245342) + - el (Greek) by Konstantinos Margaritis. + * Document known configuration variables in update-exim4.conf(8). + * Make use of ${if match_domain to get rid of the ugly hack (two transports + and two routers) to rewrite the envelope from. + * Apply fix for verify=header_syntax buffer overflow (CAN-2004-0400). + + -- Andreas Metzler Thu, 6 May 2004 18:17:05 +0200 + +exim4 (4.32-2) unstable; urgency=low + + * updated translations: + - pt (Portuguese) by Nuno Sénica. (Closes: #244296,#245694) + - el (Greek) by Konstantinos Margaritis (Closes: #244354) + - cs (Czech) by Miroslav Kure (Closes: #244368) + - da (Danish) by Claus Hindsgaul (Closes: #244508) + - it (Italian) by Danilo Piazzalunga (Closes: #245174) + - fr (French) by eric-m(at)wanadoo.fr (Closes: #245342) and Christian + Perrier + - ja (Japanese) by Kenshi Muto (Closes: #245430) + - hu (Hungarian) by VEROK Istvan + - nb (Norwegian Bokmål) by Steinar H. Gunderson + - pt_BR (Brazilian Portuguese) by André Luís Lopes + - ja (Japanese) by Kenshi Muto + - cs (Czech) by Miroslav Kure + - sv (Swedish) by André Dahlqvist (Closes: #245716) + * Basque (eu.po) translation of debconf templates by Piarres Beobide Egaña. + (Closes: #244401) + * Indonesian (id.po) translation of debconf templates by I Gede Wijaya S. + (Closes: #245120), updated (Closes: #245491) + * Turkish (tr.po) translation of debconf templates by Recai Oktas. + (Closes: #245751) + * Slovak translation of debconf templates by Peter Mann (Closes: #245809) + * Add comment in configuration file documenting that effective retry times + depend on _both_ retry-rules and frequency of queue running. Keep + default QUEUEINTERVAL at 30m because running the queue can be quite + expensive and because therespective RFCs suggest 30m as minimal waiting + time. (Closes: #242426) + * Installation over serial console/minicom only has a screen size of 80 + characters x 24 lines available. Sigh. Shorten config-type question by + cutting down the introduction. (Closes: #244464). Shorten relay-net + question by replacing a unnecessarily complicated formulation with a + clearer one which closes: #226809. + * Debconf supports masquerading as a different host with rewriting not only + for "satellite" but also for "smarthost" system. (Closes: #229911). + - Introduces another but hopefully last pre-sarge template change. + (This includes final versions of the templates without the dead + references to "satellite" which closes: #229902.) + - Rewrite /this/ stuff at smtp transport time. /etc/email-addresses + rewriting still uses normal rewriting because it always has and because + it is easier to setup. + - This still does not address one basic issue, the misuse of /etc/mailname + for qualifying recipeints because this needs clarification in policy + _and_ changing MUAs to not do this. Therefore I declare this post-sarge. + - Thanks to Chris Cheney for the kick, and to Adam Conrad and Wouter + Verhelst for their help. + * Add two fixes from upstream: + - Change 4.31/55 was buggy and broke sender address rewriting and caching. + - Change 4.24/6 broke the SIGALRM handler with deliver_drop_privilege. + * README.TLS.gz and the actual configuration disagreed (Thanks, Richard + Lamont). + * Fix thinko in update-exim4defaults that made --queuetime a no-op. + + -- Andreas Metzler Mon, 26 Apr 2004 09:12:23 +0200 + +exim4 (4.32-1) unstable; urgency=low + + * New upstream version 4.32 (exiscan 4.32-17) + - includes the fix for the caching bug and uses MAIL FROM <> as default + value for recipient callouts again. + - new exiscan adds a local "Received:" header to the copy passed to + spamassassin tofix evaluation of DNS lists, compensating for + ChangeLog 4.31/66. (Closes: #242730) + * Remove obsolete reference to auth_over_tls_hosts from documentation. + (Thanks Jonas Meurer) + * Enable SMTP authentication (hosts_try_auth) per default when sending + mail to smarthost. No need to edit the configuration-file anymore if you + just need to forward all mail to a smarthost with AUTH. (Closes: #203307) + * Hungarian translation of debconf templates by VEROK Istvan. + (Closes: #242931) + * remove "exim 3 will stay default MTA for Debian sarge" from + README.Debian as TPTB have decided otherwise. (Closes: #243687). + * Rewrite "Sender:"-header for "satellite" configuration profile, too. + (Closes: #228978) + * Use the normal user account set-up during installation as default + destination for delivery of mail for root. (Joey Hess) + * Shorten exim4/dc_postmaster template to fit on console. (Joey Hess) + (Closes: #242303) + * In template suggest using real-foo to force local delivery. + (Closes: #229909) + * Template changes reviewed by debian-l10n-english. There might still be + more changes, translators should probably wait a little bit longer before + updating the translation. + * On fresh installations smarthost profile only listens on loopback per + default. - There are valid uses of "smarthost" that require listening on + public interfaces but the most common one (dialup) does not. + * Ship README.Debian.UUCP by Andreas Barth in /usr/share/doc/exim4-base. - + This resolves our part of #201153. + + -- Andreas Metzler Sat, 17 Apr 2004 18:02:42 +0200 + +exim4 (4.31-2) unstable; urgency=low + + * Fix caching bug in recipient callouts. (Nico Erfurth). + * Document removal of local_scan perl-plugin in NEWS.Debian file. + (Closes: #242227) + + -- Andreas Metzler Mon, 5 Apr 2004 15:55:12 +0200 + +exim4 (4.31-1) unstable; urgency=low + + * New upstream version 4.31 (exiscan 4.31-16) + - Supports CRL (Certificate Revocation List) (Closes: #229063) + - exim_dbmbuild does not crash on _very_ long RHS values. + (Closes: #231597) + - route_list does not use a fixed length buffer anymore. (Closes: #231979) + - An empty tls_verify_certificates file is correctly interpreted as empty + list instead of breaking TLS. (Closes: #236478) + * Korean translation of debconf templates by Changwoo Ryu (Closes: #241499) + * Minor changes to rcpt_acl: + * add missing message = qualifiers. (Closes: #240862) + * resync against upstream default, incorporating change 4.23/30, allowing + "/" and "|" in nonlocal addresses. + + -- Andreas Metzler Mon, 5 Apr 2004 12:00:54 +0200 + +exim4 (4.30-8) unstable; urgency=low + + * remove dc_never_users from /etc/exim4/u-ex.conf.conf and the corresponding + pattern DEBCONFnever_usersDEBCONF from the template. The code is + superfluous since 4.24 introduced FIXED_NEVER_USERS and was broken, user + changes were not preserved. (am) + * Link against libmysqlclient10 instead of libmysqlclient12 to circumvent + symbol-clashes when using PAM with libpam-mysql. (Closes: #235938) (am) + * Dump temporary build-conflict with broken po-debconf. (am) + * Copy ugly passwd-dependency from -base to -config. (am) + * Do not throw away adduser's errormessages. Together with the added + dependency noted above this (Closes: #237657). (am) + * Installed copy of default configuration-file (example.conf) refered to the + temporary install-directory. Ugly hotfix. (Closes: #236483) + * Italian translation of debconf templates by Danilo Piazzalunga. + (Closes: #237500) + * Rewrite generation of /etc/aliases because it was broken when running + under debbian-installer/debootstrap, which installs the packages with + DEBIAN_FRONTEND=nointeractive and reconfigures them later (report by + Florian Effenberger). (am) + Instead of generating it _once_ and touching it never again ask for and + add alias for root if it is missing. Debconf template + exim4/dc_noalias_regenerate is not used any more. (Closes: #237524) + * Norwegian Bokmål translation of debconf templates by Steinar H. Gunderson. + (Closes: #237680) + * Dump local_scan perl-plugin. Upstream development has stopped. (am) + * Maintainer scripts now run with -x if environment variable EX4DEBUG + is set (mh). + * Minor clarifications of debian/README (mh). + * rm -rf Local on debian/rules clean (mh). + * Swedish translation of debconf templates by André Dahlqvist. + (Closes: #238987) + * Portuguese (pt) translation of debconf templates by Nuno Sénica. + (Closes: #239030) + * Lithuanian translation of debconf templates by Kęstutis Biliūnas. + (Closes: #239118) + * Add examples for client certificate-checking by J.H.M. Dassen (Ray) + (Closes: #236609) + * Adapt README.* to /etc/exim4/exim4.conf.template (am) + * Update to exiscan v16 + + -- Andreas Metzler Wed, 24 Mar 2004 15:39:35 +0100 + +exim4 (4.30-7) unstable; urgency=low + + * 4.30-6 was rejected, we use | and || for OR in dependency fields. + * libldap2 now uses GnuTLS10. Follow suit. (Temporarily bumped libldap2-dev + build-dependencies for paranoia's sake.) + + -- Andreas Metzler Mon, 23 Feb 2004 17:03:58 +0100 + +exim4 (4.30-6) unstable; urgency=low + + * Finnish translation of debconf templates by Tapio Lehtonen. + (Closes: #229792) + * Simplified Chinese translation of debconf templates by Carlos Z.F. Liu. + (Closes: #229910) + * Spanish translation of debconf templates by Javi Castelo. (Closes: #232207) + * To increase robustness set explicit "domains = +local_domains" on all the + routers that are supposed to be handling _only_ local mail (i.e. anything + after dnslookup or smarthost) instead of relying on the no_more. + + If the router handling remote addresses was modified by adding a + precondition the address would have wrongly been handled by the later + routers if the precondition failed, breaking at least "verify = sender". + (Closes: #230403) (am) + * In the data ACL add a Message-ID header to mails injected with SMTP from + +relay_from_hosts. (Exim stopped doing this by default in 4.30.) (mh) + * binary-all metapackage exim4 does not depend anymore on exim4-base with + exactly the same version. There is no necessity for dependencies that + strict and it broke both binary NMUs and installability on lagging + architectures. (Closes: #231678) (am) + * Give way to the "I use sid but keep it outdated by not running apt-get + upgrade ever."-fraction. exim4-base now depends on working versions of + passwd i.e. the version in woody or the one that has been in sid + for more than 6 months. (Closes: #230423,#230836,#231111) (am) + * in source-package symlink identical maintainerscripts. (am/mh) + * Ship README.Debian.xinetd, explaning why we do not use (x)inetd and how to + use xinetd properly if you insist. (Closes: #226627) + * Update Build-Depencies to fit the XFree86 4.3 packages. + * Make new lintian happy by quoting section and needs in eximon's + menu-file. + + -- Andreas Metzler Mon, 23 Feb 2004 15:48:56 +0100 + +exim4 (4.30-5) unstable; urgency=low + + * Only use db_settitle if available (Closes: #226992) (am) + * Up to date debconf translations for all nine supported languages, thanks + to the translators: Miroslav Kure (Czech), Claus Hindsgaul (Danish), + Konstantinos Margaritis (Greek), Christian Perrier (French), + Kenshi Muto (Japanese), Bart Cornelis (Dutch), André Luís Lopes + (Brazilian Portuguese) and Ilgiz Kalmetev (Russian) (am) + * After merging translations split the configtype-template, using the + __Choices trick. I don't think I made any errors because podebconf's + output has not changed. (am) + * Don't use /etc/mailname (DEBCONFvisiblenameDEBCONF) as primary_hostname + for minimaldns option. (Closes: #225477) + * (Re)introduce /etc/exim4/exim4.conf.template as alternative to the + multiple small files in /etc/exim4/conf.d/ and make it the default choice + for fresh installations. This trades in a loss of comfort (you will again + need to merge in each small change manually) for increased stability. + (Closes: #224828) (am) + * Disable piping to programs in /etc/aliases per default, because they would + run as Debian-exim:Debian-exim per default. Add README.system_aliases + suggesting dedicated router/transport pairs (am/mh) (Closes: #228062) + * modify create-custom-package and adapt debian/rules to allow + building multiple named custom packages in a single build. (mh) + * "dpkg-reconfigure exim4-config" actually tells exim4 to read the updated + configuration. (am) + * Use -qqf instead of -qf in the ip-up.d file to force delivery of all + messages over a single SMTP connection. (Closes: #228001) + + -- Andreas Metzler Wed, 21 Jan 2004 15:09:00 +0100 + +exim4 (4.30-4) unstable; urgency=low + + * Updated Japanese debconf template translation by Kenshi Muto + (Closes: #224584) + * Remove bashism from update-exim4.conf (Closes: #224617) (Jochen Voss) + * Czech translation of debconf templates by Miroslav Kure (Closes: #225713) + * Fix typos in README.Debian. (Closes: #225149) (Vincent Lefevre) + * Replace first, too long debconf question with three short ones (Joey + Hess) (Closes: #222720) + * Use a custom debconf title. (Closes: #222715) + * Greek translation of debconf templates by Konstantinos Margaritis + (Closes: #226844) + + -- Andreas Metzler Fri, 9 Jan 2004 09:12:07 +0100 + +exim4 (4.30-3) unstable; urgency=low + + * update debian/copyright from NOTICE. (No substantial changes, credits + for new code) (am) + * missing \| made exim4-base.postinst configure hang. (Closes: #224294) (am) + * update-exim4.conf: Don't try chown if not running as root. (mh) + * Remove useless definition of an auth_over_tls_hosts hostlist in + 03_exim4-config_tlsoptions. - It was probably a leftover from somebody + running convert4r4. (am) + * Make it possible to override spooldir in another config-file snippet, too. + (Closes: #223973) + + -- Andreas Metzler Fri, 19 Dec 2003 15:27:50 +0100 + +exim4 (4.30-2) unstable; urgency=low + + * Fix exim4-base.logrotate to create logfiles accessible for the new + exim-user. (Closes: #223860,#223862) + * comment in 03_exim4-config_tlsoptions refered to the user "mail" too. + + -- Andreas Metzler Sat, 13 Dec 2003 15:01:20 +0100 + +exim4 (4.30-1) unstable; urgency=low + + * Exim now runs under its own uid (Debian-exim) instead of using + mail:mail. (am) + + WARNING: You cannot downgrade this version to an older one without + manual chown|chgrp all files owned by Debian-exim to mail. + + - control: dependency on adduser and virtual package exim4-config-2 to + force review of external -config packages. + - use a statoverride for passwd.client. + - different postinst scripts: + * adduser. + * chown|chgrp files/directories owned by mail (group|user) to + Debian-exim. + * update-exim4.conf does not exit immidiately if /etc/exim4/exim4.conf + exists AND -o is specified. (Bill Moseley) + * Brazilian Portuguese debconf template translation by André Luís Lopes + (Closes: #219781) + * Dutch debconf template translation by Bart Cornelis (cobaco) + (Closes: #220694) + * Pull Dansk debconf template translation from ddtp. + * Use a macro to make it possible to overide the value of spool_directory + with -DSPOOLDIR=. Needed for mailscanner, (Closes: #221468), suggested by + Matthias Klose. + * enable support for Cyrus saslauthd (package sasl2-bin, + /var/run/saslauthd/mux) for SMTP AUTH against /etc/shadow. (am) + * Christian Perrier has reviewed the debconf-templates and changed them to + follow the "Debconf Templates Style Guide". (Closes: #221838) Thanks to + the (ru|nl|fr|pt_BR) translators for updating their translations. + * New upstream version 4.30 with exiscan 4.30-14 (am) + - option table for -d in exim(8) readable (but not perfect). + (Closes: #214853) + - Messages for configuration errors now include the name of the main + configuration files (Closes: #202136) + - does not reject IPv6 address literals in EHLO/HELO anymore + (Closes: #222521) + * exim4-config.config: support going back to previous *package* when invoked + by base-config 2.0. (Closes: #222773). Suggested by Joey Hess. (am) + * exim4-config now conflicts with non-exim4 packages providing MTA, to keep + dselect from automatically installing it (and -base) on dist-upgrades on + systems that use a different MTA. (mh) + * exim4-base depends on netbase again because exim requires + /etc/services.(mh) + * reindent init-script with two spaces instead of tabs to fit it in 80 + chars/line. (Closes: #221458) + + -- Andreas Metzler Mon, 8 Dec 2003 16:52:32 +0100 + +exim4 (4.24-3) unstable; urgency=low + + * rename create-custom-package to create-custom-config-package (mh) + * add create-custom-package to create renamed exim4-daemon-custom (mh) + * README.TLS: Don't suggest to use commands messing up the local terminal + (Sander Smeenk) + * Pull Dansk debconf translation from ddtp (not yet up to date) + * correct last references to uncompressed /u/s/d/e/README.Debian + (Closes: #216639), also kill references to exim-tls. (Closes: #216979) + (Kevin "Starfox" Arima). (am) + * add exim4-config-medium template package to sources, document (mh) + * Update to exiscan 4.24-13 (bugfix-release). + * Ask about mailname after configtype. (Closes: #217931) (am) + * minor thinko in debconf "local mail only"-config. (am) + * update-exim4.conf: now add comment indicating the source file + (Closes: #202040) (mh) + * add --confdir option to update-exim4.conf (mh) + * add "nodaemon" and "queueonly" option to /etc/default/exim4 and + init script (mh). + * Fix po2debconf on woody systems with old debhelper and po2debconf. (am) + * exim4-config does not depend on exim4-base. (am) + * Use "command -v" to check for existence of invoke-rc.d instead of + hardcoding its path. (am) + * Russian debconf translation by Ilgiz Kalmetev (Closes: #219101) + + -- Andreas Metzler Tue, 4 Nov 2003 12:18:38 +0100 + +exim4 (4.24-2) unstable; urgency=low + + * Grammar of debconf-templates rectified by Ben Foley. + * Handholded by Denis Barbier I have imported debconf translations from + postfix: fr.po (Philippe Batailler), ja.po (Kenshi Muto), nl.po (Bart + Cornelis) and pt_BR.po (André Luís Lopes). It is just 5 translated + messages, 4 fuzzy translations, but it's a start. + * No more first person in debconf-templates (Adam D. Barratt) + * README.TLS was updated. + * pseudopackage libxaw-dev is gone in sid (and libxaw7-dev is already + available in woody) - Removed from build-depends. + * French debconf translation by Christian Perrier (Thanks for the other + hints, too.) + * Build-Conflict with broken po-debconf (= 0.8.0). (Closes: #215432) + * Add menu-entry for eximon (Artur R. Czechowski) (Closes: #215579). + * Resolve name-clash between client- and server-side authenticators (Bug + found by Rob Ristroph) + + -- Andreas Metzler Wed, 15 Oct 2003 12:45:49 +0200 + +exim4 (4.24-1) unstable; urgency=low + + * New upstream version + - 55_fixesfrom-4.23.dpatch is not needed anymore. + - most interesting new feature: $acl_xx are now saved with the + message, and can be accessed later in routers, transports, and filters. + - Cannot run deliveries as root anymore. If you don't redirect mail for + root via /etc/aliases or other means to a nonpriviledged account the + mail will be delivered to /var/mail/mail with permissions 0600 and owner + mail:mail. Change to local_user router to keep it from trying to route + mail for root. + * debconf for exim4-config pointed to /u/s/d/e/README.Debian but the + file is available as README.Debian.gz (Closes: #211934) + * exim(8) manpage provides correct NAME section for mailq/runq/... to + generate corresponding whatis/apropos info (Thanks to Dan Jacobson + for mentioning lexgrog(1)) + * polish and crosslink documentation about SMTP AUTH in config-files, + documentation and debconf templates. (Closes: #202920) + * Ship README.SIEVE (Thanks to Ross Boylan) + * Sync some debconf templates against the respective ones in postfix + 2.0.16, to limit the work of translators. + * update-exim4defaults/init-script: Add a new value fuer QUEUERUNNER, + "ppp". - Don't run queue by daemon but still run it from + /etc/ppp/ip-up.d/exim4. (Dan Jacobson pointed out that this was very + akward to accomplish with old setup.) update-exim4defaults now exits with + an error if the argument for --queuerunner is invalid. + * Enable gettext-style localisation of debconf templates with + compatibility code for woody + * Add German debconf-translation. (Some strings were copied from Martin A. + Godischs translation of postfix's templates). + + -- Andreas Metzler Sun, 5 Oct 2003 13:41:30 +0200 + +exim4 (4.22-5) unstable; urgency=low + + * Sorry, this is not 4.23. Tom is on holidays and because 4.23 changes + some ACL code, exiscan needs in depth checking and not just applying the - patch by hand. ++ patch by hand. + * exim4-config conflicts with bash (<< 2.05), because it cannot handle + aliases in functions. This does not necessarily fix dist-upgrades + from potato to sarge because debconf-config might happen before the + new bash is installed but will keep people running potato from + trying to install exim4-config. (Closes: #209720) + * sanitize /usr/sbin/exim4's permissions, building with 007 umask + could have installed it -rws--x--x + * evaluation -oP option for specifying pid-file is broken in 4.22, use fix + from 4.23 (Closes: #210847) + * "warn log_message blah" in DATA acl triggered dumping of full headers + to reject.log, although the message was not rejected by this acl + statement. Take fix from 4.23. (Closes: #208782) + * On cross-upgrades from exim3 unfold lines continued with a backslash + in the old exim3 configuration before trying to parse it to preanswer the + debconf-questions. (Closes: #210404) First instance of using perl in our + maintainer-scripts, but I could not do it with sed. + + -- Andreas Metzler Fri, 19 Sep 2003 13:55:07 +0200 + +exim4 (4.22-4) unstable; urgency=low + + * Update to exiscan-acl revision -12. (Emergency fix: When you were using + 'discard', and it was the last verb affecting a message, the mbox spool + files in the scan directory were not cleaned up.) + * Add syslog2eximlog by Martin Godisch, a script to make logfiles produced + with exim option "log_file_path = syslog" readable for eximstats. + (Closes: #208524) + * Enhance description of -heavy and light a little bit. (Closes: #208404) + * Standards-Version: 3.6.1, no changes required, we already prompt with + debconf. + + -- Andreas Metzler Thu, 4 Sep 2003 19:19:25 +0200 + +exim4 (4.22-3) unstable; urgency=low + + * Add copright notice of exiscan-acl to debian/copyright. + + -- Andreas Metzler Wed, 27 Aug 2003 17:49:46 +0200 + +exim4 (4.22-2) unstable; urgency=low + + * Include exiscan-acl patch 4.22-10 http://duncanthrax.net/exiscan-acl/ + in -heavy and -custom (Closes: #204698) + * clean up gnutls-params on purge of base-package. + + -- Andreas Metzler Wed, 27 Aug 2003 12:50:59 +0200 + +exim4 (4.22-1) unstable; urgency=low + + * new upstream version 4.22. Please take a look at README.UPDATING + and NewStuff in /usr/share/doc/exim4-base/ + + -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200 + +exim4 (4.20-5) unstable; urgency=low + + * Fix EHLO/HELO buffer-overflow CAN-2003-0698 (Closes: #205716) + * exim-gencert was using '.' as separator for chown. + * "head -n 1" instead of "head -1" in scripts + * install /etc/exim4/passwd.client as root:mail 0640 (Closes: #205104) + (it needs to be readable for the exim-user or -group, i.e. mail:mail) + * set mode_fail_narrower = false for mail_spool and maildir_home transports + (Closes: #204228) + * Standards-Version: 3.6.0, no changes required. + + -- Andreas Metzler Sat, 16 Aug 2003 17:40:17 +0200 + +exim4 (4.20-4) unstable; urgency=low + + * CFILEMODE and dc_local_interfaces were not saved in update-exim4.conf.conf + on fresh installations. + * update-exim4.conf: Remove comments _after_ doing DEBCONFpatternDEBCONF + replacement. + * conf.d/auth/30_exim4-config_examples: Fix forced failure of AUTH LOGIN + client on non-encrypted connections. + + -- Andreas Metzler Tue, 5 Aug 2003 10:38:16 +0200 + +exim4 (4.20-3) unstable; urgency=low + + * hub_user router: set correct .ifdef, remove superficial condition= + * don't generate main/03_exim4-config_neverusers dynamically, use + a DEBCONF_foo pattern that is replaced by up-ex4.conf. exim4 should + now play nicely with readonly /etc. + * Enable exim-filter in .forward per default. (Closes: #201827) + * Enable maildrop-delivery for users with ~/.mailfilter + * Easier setup of client side SMTP authentification: + -short README file. + -passwd.client example shipped in CONFDIR + -30_exim4-config_examples: + +change order, prefer cram-md5. + +enable by default (auth-plain and -login only for TLS protected + connections). They remain inactive while hosts_try_auth is + disabled. + * add comments listing the filename to the files in conf.d that were + changed anyway. Addresses part of 202040. + * remove misleading comments about "bottom of file" or "see below" + from config-snippets. (Closes: #202165) + * Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 and + #182206 in exim4-config's postinst. I'll close #201143 manually. + * Restructure and clarify README.Debian and polish update-exim4.conf(8). + Thanks to Ross Boylan for pushing me in the correct direction. + + -- Andreas Metzler Thu, 24 Jul 2003 10:29:19 +0200 + +exim4 (4.20-2) unstable; urgency=low + + * update-exim4.conf works without daemon-package (Closes:#195329) + * Add dnslookup_relay_to_domains router for "internet" config to + allow relaying for domains with an MX pointing to an rfc1918 + address. (Closes: #198410) (MH) + * update-exim4.conf would hang if one of the subdirectories in conf.d + was empty. (Report and fix by Marc Merlin) + * Build-Depend on libgnutls7 + * Preserve comments in update-exim4.conf.conf by first adding missing + items and replacing the values with sed instead of regenerating file + from scratch (Closes: #184099) + * Set return_path_add, delivery_date_add and envelope_to_add for + maildir-transport (Closes: #196178) + * Use email-addresses file in /etc/ instead of in /etc/exim4 as exim3 does, + exim4-config now needs to conflict with exim,exim-tls. We still include + code for evaluating the old file if it exist, but suggest moving the + contents to the new file in NEWS.Debian. postinst will remove old orphaned + file if it is unmodified. (Closes: #197136) + * Set return_fail_output instead of return_output on address_pipe transport. + (Closes: #201280) + * Stop generating rewriting rules dynamically, exim4 accepts any + "address-list" item as source-pattern for rewriting. (Changelog entry + obfuscated on purpose, read exim4debian for painful details.). Remove old + dynamically generated files in postinst if they were managed by upex4conf. + * daemon-light supports TLS (Closes: #193596) + + -- Andreas Metzler Wed, 16 Jul 2003 13:36:27 +0200 + +exim4 (4.20-1) unstable; urgency=low + + * New upstream + * Standards-version 3.5.10 (no changes required) + * The doc packages have got new sane names - update Suggests. + * Fix a endless loop (currently ownly showing when upgrading from old + experimental packages) - Thanks to Marc Langer for the report. + * introduce ${Upstream-Version} as substitution variable for + debian/control (MH) + * Make dependencies less strict, *-daemon-* 12.34-1 can be installed with + -base 12.34-5. + + -- Andreas Metzler Mon, 19 May 2003 14:14:16 +0200 + +exim4 (4.14-1) unstable; urgency=low + + * Upload to sid (Closes: #179066) + * Ship an (empty) acl_check_data with commented out examples. Add + Infrastructure to ease their activation. (MH) + + -- Andreas Metzler Fri, 16 May 2003 18:02:46 +0200 + +exim4 (4.14-0.6) experimental; urgency=low + + * Don't link to gnutls' (tasn,gcrypt) dependencies directly + (Closes: #193018) + * fix AUTH PLAIN server side example to work if the data is not given + in initial-response (exim-bug 193094) + * ACL-updates (MH) + + -- Andreas Metzler Wed, 14 May 2003 12:16:06 +0200 + +exim4 (4.14-0.5) experimental; urgency=low + + * updated version of dlopen patch (Marc Merlin) + * don't regenerate files managed by update-exim4.conf on package + updates if the local admin had deleted them. + * replace the listenonpublic yes/no question with one that allows one to + specify on which interfaces to listen to (Closes: #190498) + * new dc-question for dial-on-demand-users to minimize DNS lookups + + -- Andreas Metzler Thu, 1 May 2003 16:03:59 +0200 + +exim4 (4.14-0.4) experimental; urgency=low + + * Renamed conf.d files from *exim4-base* to *exim4-config* since + they can now be found in the exim4-config package. + WARNING, this breaks updates. After installation, execute + something like the following bash snipped to rename your files: + for i in `find . -name *exim4-base*`; do mv $i ${i/exim4-base/exim4-config}; done + (MH) + * Include more sophisticated check_rcpt ACL, include documentation, + include even more sophisticate check_rcpt ACL in + /u/s/d/e4-config/examples/acl. (MH) + * update-exim4.conf now filters out consecutive empty lines (MH) + * make update-exim4.conf's behaviour for configtype=none more consistent, + respect CFILEMODE and --removecomments. (Thanks to Marc Merlin) + * add warning about editing /etc/exim4/exim4.conf in place (Marc Merlin) + * use .rul instead of .disabled to override/disable configfiles in + /etc/exim4/conf.d/ (Suggested by Marc Merlin) + * fix smtp auth client-side examples (Closes: #188828), thanks to Karl + M. Hegbloom for the bug report (AM) + * add @DPATCH@-tag to patches, as required by dpath-edit-patch in + dpatch 1.17 (AM) + + -- Andreas Metzler Fri, 25 Apr 2003 12:37:50 +0200 + +exim4 (4.14-0.3) experimental; urgency=low + + * add '|| true' to every call of db_input. (Thanks to Pierfrancesco Caci for + the bugreport.) (Closes: #187008) + * Don't set received_header_text in 02_exim4-base_options, use upstream's + default. + * renumber routers to have more space for local customization. + WARNING WARNING upgrade is broken, execute this in + /etc/exim4/conf.d/router to get rid of the superfluous files: + mv 20_exim4-base_domain_literal 100_exim4-base_domain_literal + mv 22_exim4-base_primary 200_exim4-base_primary + mv 24_exim4-base_real_local 300_exim4-base_real_local + mv 26_exim4-base_system_aliases 400_exim4-base_system_aliases + mv 28_exim4-base_hubuser 500_exim4-base_hubuser + mv 30_exim4-base_userforward 600_exim4-base_userforward + mv 32_exim4-base_procmail 700_exim4-base_procmail + mv 34_exim4-base_maildrop 800_exim4-base_maildrop + mv 36_exim4-base_local_user 900_exim4-base_local_user + * add *syntax_errors* directives to userforward router, to use partially + valid .forward files instead of skipping them. (Marc Haber) + * update mysql build-depends + + -- Andreas Metzler Wed, 9 Apr 2003 16:19:46 +0200 + +exim4 (4.14-0.2) experimental; urgency=low + + * upstream fix for crash with AUTH PLAIN + * upgrade to policy 3.5.9.0 (CFLAGS in debian/rules) + * Add (maildir) transport for handling file addresses generated by + alias or .forward files if the path ends in "/", enabled for .forward per + default, but not for /etc/aliases. Thanks to Andreas Horter. + * add debconf question to move files from exim3 spool to exim4 spool + * run exim_tidydb as mail:mail using start-stop-daemon + * Make manpages UTF-8 compatible with nicer quotes and escaped dashes. + * fakeroot debian/rules builddaemonpackages=exim4-daemon-custom \ + buildbasepackages=no binary produced a broken exim4-config package. + (Bug found by Soren Andersen) + * introduce new replacement item DEBCONFpackageversionDEBCONF holding + the complete version number, might be useful for Received headers (Marc + Haber) + + -- Andreas Metzler Thu, 27 Mar 2003 17:04:02 +0100 + +exim4 (4.14-0.1) experimental; urgency=low + + * New upstream version + * 20_fix.lsearch.dpatch not needed anymore + * use new feature .ifdef instead of simulating it with condition=... + * change priority of exim4-daemon-light to important + + -- Andreas Metzler Thu, 13 Mar 2003 15:03:41 +0100 + +exim4 (4.12-0.2) experimental; urgency=low + + * instead of generating 22_exim4-base_primary by copying the correct + file into it, use condition=... to select the correct one. Similar + change to 28_exim4-base_hubuser + + -- Andreas Metzler Thu, 6 Mar 2003 11:55:55 +0100 + +exim4 (4.12-0.1) experimental; urgency=low + + * minimal doc-updates + * init-script: output status-message before starting upex4conf() + * polish smtp-auth examples - don't hardcode passwords in main + configuration file. + * change default file-permissions of configfile to 0644. This can be changed + by setting CFILEMODE in the default file. + * rename debian/patches/*, giving each one an unambiguous number + * ignore private rfc1918 and APIPA addresses in internet router (MH) + * correct info about authorship of dlopen patch + * don't link exim4-daemon-light against PAM (explicitly link it against libdl) + * same_domain_copy_routing = yes for primrout-internet, primrout-satellite + and primrout-smarthost (MH) + * rename debconf.results to update-exim4.conf.conf, add upgrading-magic for + upgrading from 4.12-0 and earlier (marked as REMOVEMEBEFORERELEASE) + * introduce REMOVEMEBEFORERELEASE-tag, grep -r on debian/ will show us all + the cruft that needs to be removed before uploading to unstable. + + -- Andreas Metzler Wed, 5 Mar 2003 19:03:59 +0100 + +exim4 (4.12-0) experimental; urgency=low + + * removed TODO marker from the copyright file + * version number for first Debian upload + * built i386 binary package on sid + + -- Marc Haber Fri, 21 Feb 2003 14:40:42 +0100 + +exim4 (4.12-0.0.21) experimental; urgency=low + + * update copyright + * exim-gencert: generate certificates valid for three years instead 30 + days + * remove debian/debconf/exim4.conf.template + * enable LMTP, LOOKUP_NIS and mailstore for daemon-light + + -- Andreas Metzler Fri, 21 Feb 2003 12:55:40 +0100 + +exim4 (4.12-0.0.20) experimental; urgency=low + + * ship /usr/lib/exim4/exim4 and use it to check whether daemon package + is installed. + * Exim doesn't require a HUP after logrotation. (See spec 44.2) (MH) + + -- Andreas Metzler Thu, 20 Feb 2003 19:23:45 +0100 + +exim4 (4.12-0.0.19) experimental; urgency=low + + * Ship upstream-changelog only in exim4-base, Symlinks in packages depending + on it. Split off changelog entries up to 3.34-1 to changelog.Debian.old + which is only included in exim4-base. - Spares about 100KB. + * Ship ACKNOWLEDGMENTS in exim4-base docs. + * remove debian/exim4-config.docs, files are already shipped in exim4- + base + * disable some the unneeded dh_* commands from binary-indep target. + * make exim4 a metapackage + + -- Andreas Metzler Thu, 20 Feb 2003 12:41:17 +0100 + +exim4 (4.12-0.0.18) experimental; urgency=low + + * split off all configuration to exim4-config + * include exim4-config-simple source package + * include script to generate exim4-config source package + * changed distribution to experimental + * Add patch by Phil Hazel to fix lsearch*@ lookups. (AM) + * Remove exim4-daemon-perl; merge it into exim4-daemon-heavy (AM) + * Prepare removal of "exim4" daemon-flavour: Exchange the roles of + "exim4" and "exim4-daemon-light" in debian/rules: build helper + binaries, eximon, et.al. while building exim4-daemon-light. Rename + EDITME.exim4-base.diff to EDITME.exim4.diff. (AM) + ----- + WARNING: This breaks your debian/EDITME.exim4-custom.diff, as it was + generated to show the differences to debian/EDITME.exim4-base instead of + EDITME.exim4-light. (AM) + ----- + + -- Marc Haber Tue, 18 Feb 2003 16:16:45 +0100 + +exim4 (4.12-0.0.17) unstable; urgency=low + + * mv 26_exim4-base_aliases 26_exim4-base_system_aliases (MH) + * mv 30_exim4-base_forward 30_exim4-base_userforward (MH) + * WARNING: upgrades are broken! + -After ugrading delete conffiles no longer in package in directories + below /etc/exim4/conf.d/: + router/26_exim4-base_aliases + router/30_exim4-base_forward + * all file names for transports and routers are now consistent with + Transport/Router defined inside (MH) + * add debug_print to all transports/routers (MH) + * add cut -d\ -f1 to all md5sum calls in pipes (MH) + * add man page for exiqgrep (MH) + * fix typos in exiqsumm and exicyclog man page (MH) + * Don't install exim.8.diff as manpage, apply the patch instead. (AM) + + -- Andreas Metzler Sat, 15 Feb 2003 16:35:26 +0100 + +exim4 (4.12-0.0.16) unstable; urgency=low + + * Define CONFDIR-macro and use it in update-exim4.conf and some files in + CONFDIR. (AM) + * Enhance update-exim4.conf: remove comments by default, allow to write + output to a different file. (AM) + * update-exim4.conf: check validity of configfile before installing it + * fix breakage with newer md5sum - thanks to Sander (AM) + * check in init-script for smtp-service in inetd that is compatible with + openbsd-inetd's extended syntax (Hubert Chan) (AM) + * Don't link against libwrap, exim3 doesn't either (Alexander Koch) (AM) + + -- Andreas Metzler Fri, 14 Feb 2003 19:55:54 +0100 + +exim4 (4.12-0.0.15) unstable; urgency=low + + * If exim4/dc_listenonpublic=false add an explaing line to the + resulting configfile instead of a blank-line (Marc Haber) + * In postinst and cronjob make sure that db files are owned by + mail:mail + * Add buzzword convert4r4 to description of "No configuration" profile + * Body of manpage exim_convert4r4: s/convert4r4/exim_convert4r4/g + * Change maintainer, add Marc Haber to Uploaders + + -- Andreas Metzler Sun, 2 Feb 2003 22:06:06 +0100 + +exim4 (4.12-0.0.14) unstable; urgency=low + + * fix bugs found by Marc Haber: + - search for email-addresses file in /etc/exim4/ + - s/hostname -fqdn/hostname --fqdn/ + * exim4-base.config: don't grep in /etc/aliases if does not exist yet. + * clear up config-script, using both $mailname and $dc_mailname was + irritating. + * fix wrong logic for aliases generation (= instead of !=) + * fix major breakage of debconf code: config-script is called two times + _before_ postinst writes debconf.results, db_set-commands (for sane + defaults) in the second-run overwrote the answers given by the user. + + -- Andreas Metzler Sat, 1 Feb 2003 15:06:58 +0100 + +exim4 (4.12-0.0.13) unstable; urgency=low + + * link against GNUTLS + + -- Andreas Metzler Fri, 31 Jan 2003 16:32:31 +0100 + +exim4 (4.12-0.0.12) unstable; urgency=low + + * clean up at purge: Remove logfiles, ask about removing + undelivered mails in spool directory. + + -- Andreas Metzler Fri, 31 Jan 2003 13:32:37 +0100 + +exim4 (4.12-0.0.11) unstable; urgency=low + + * clean up update-exim4.conf: + + fix unconditional overwriting 03_exim4-base_neverusers + + one central `tempfile -m...` + + add skeleton function example + * add missing 'set -e' to exim4-base.postrm + * If there are no debconf answers and we are making a cross upgrade + from exim3, try to parse its config file to seed debconf db. + + -- Andreas Metzler Sun, 26 Jan 2003 12:22:23 +0100 + +exim4 (4.12-0.0.10) unstable; urgency=low + + * Get rid of error messages: don't call chmod/chown in + debconf/update-exim4.conf if the respective files don't exist. Don't try + to kill non running daemons. + * Don't start unconfigured daemon in init script, ie. require either + ${dc_eximconfig_configtype}" != "xnone or existence of handcrafted + /etc/exim4/exim4.conf. + Thanks to Alexander Koch for firmly pushing me this way. + * dc_listenonpublic was overwritten to true in config script. + * Typo in exim4-base.postrm prevented removal of + /etc/exim4/conf.d/router/28_exim4-base_hubuser + * Clean up /var/spool/exim4 properly; at least if there are just empty + directories. + * hub_user was broken because of unescaped $. + * import updated 10_daemon_close_fds.dpatch from Steve. + * only set neverusers if root is aliased somewhere. + + -- Andreas Metzler Fri, 24 Jan 2003 17:14:13 +0100 + +exim4 (4.12-0.0.9) unstable; urgency=low + + * update-exim4defaults: Fix bugs, add option --init + * /etc/default/exim4 is no conffile anymore, it is generated with + update-exim4defaults. + + -- Andreas Metzler Fri, 17 Jan 2003 13:39:46 +0100 + +exim4 (4.12-0.0.8) unstable; urgency=low + + * Don't ship now unneeded empty /var/lib/exim4/masquerade and + /var/lib/exim4/email_addresses + * move hub_user router to /etc/e4/c.d/ + * move primary-router definition to /etc/e4/c.d/ + * code in debian/rules installing /etc/exim4/conf.d/ tree ignores CVS + directories + * WARNING: upgrades from 0.0.6 and 0.0.7 are broken! + -After ugrading delete conffiles no longer in package in directories + below /etc/exim4/conf.d/: + rewrite/30_exim4-base + router/28_exim4-base_hub_user + - replace router/22_exim4-base_primary with a file containg only + the line "# d41d8cd98f00b204e9800998ecf8427e" + run update-exim4.conf afterwards and start daemon. + + -- Andreas Metzler Tue, 14 Jan 2003 17:44:50 +0100 + +exim4 (4.12-0.0.7) unstable; urgency=low + + * Add configuration file managment code using md5sums stored in the file + itself to update-exim4.conf(8). Use it and move files for evaluation of + /e/e4/email-addresses and the masquerading rules from /var/lib/exim4 to + /etc/. Gets rid of /etc/exim4/conf.d/rewrite/30_exim4-base and its two + .includes. + + -- Andreas Metzler Tue, 14 Jan 2003 13:05:51 +0100 + +exim4 (4.12-0.0.6) unstable; urgency=low + + * generate up to date manpage for eximstats with pod2man. + * EXPERIMENTAL: Split /etc/exim4/exim4.conf.template to little files + in /etc/exim4/conf.d/ - update docs accordingly. + * fix wrong path in exim4-base.doc-base.spec + + -- Andreas Metzler Sun, 12 Jan 2003 18:25:40 +0100 + +exim4 (4.12-0.0.5) unstable; urgency=low + + * enhance default-file a lot. + * ship update-exim4defaults(8) - a script to allow other packages to modify + the default-file. + + -- Andreas Metzler Mon, 6 Jan 2003 23:00:15 +0100 + +exim4 (4.12-0.0.4) unstable; urgency=low + + * Compile perl plugin with -fPIC + * Enable IPv6 support (Andrew Mulholland) + * remove exim4-base.cron.d, it only contained comments (no inetd support). + * enhance default-file: Allow disabling any queue runs and passing + additional options to exim daemon and/or the queuerunner. + + -- Andreas Metzler Sun, 5 Jan 2003 13:16:37 +0100 + +exim4 (4.12-0.0.3) unstable; urgency=low + + * Keep patches separate to make upgrading easier, using dpatch. + * Rename eximon to eximon4: Otherwise this would force anybody who has + installed eximon and runs exim v3 to switch to exim v4 + * Polish package descriptions a little bit. + * Drop Recommends for netbase. We don't support inetd anyway. + + -- Andreas Metzler Tue, 31 Dec 2002 14:31:14 +0100 + +exim4 (4.12-0.0.2) unstable; urgency=low + + * Actually compile with -O2 (Matthias Klose) + * Apply localscan_dlopen.patch from + http://marc.merlins.org/linux/exim/files/sa-exim-current/ to make it + possible to switch local_scan functions *without* recompiling exim. + * compile local_scan.c perl plugin as shared object that is dlopened, + document this in exim4-daemon-perl's description and doc-directory. + + -- Andreas Metzler Sat, 21 Dec 2002 14:01:24 +0100 + +exim4 (4.12-0.0.1) unstable; urgency=low + + * New upstream 4.12, a strict maintenance release. Without any new features + (Don't worry - this is the real release i.e. Phil's third shot ;-) + + -- Andreas Metzler Wed, 18 Dec 2002 12:17:51 +0100 + +exim4 (4.11-0.0.4) unstable; urgency=low + + * Get rid of /usr/lib/exim4/exim (see README.Debian for patched files) + * Use relative paths in debian/eximon.dirs + + -- Andreas Metzler Tue, 17 Dec 2002 13:40:19 +0100 + +exim4 (4.11-0.0.3) unstable; urgency=low + + * fix dbm lookups (one-line patch to src/search.c) + + -- Andreas Metzler Fri, 13 Dec 2002 13:38:31 +0100 + +exim4 (4.11-0.0.2) unstable; urgency=low + + * Fresh installs were broken, as the initial test in update-exim4.conf + failed. + * update-exim4.conf exits silently if /etc/exim4/exim4.conf exists. + * don't invoke update-exim4.conf in postinst if configtype=none. + + -- Andreas Metzler Wed, 11 Dec 2002 16:32:47 +0100 + +exim4 (4.11-0.0.1) unstable; urgency=low + + * New upstream version 4.11: + includes spec und util/* in orig.tar.gz, diff is small again. + see NewStuff items 49 to 57 for new features since snapshot 4.10.13. + + -- Andreas Metzler Wed, 11 Dec 2002 13:01:07 +0100 + +exim4 (4.10.13-0.0.4) unstable; urgency=low + + * reformat manpages a little bit, start each sentence on a new line, refer + to /usr/share/doc/exim4-base/ + * remove the %s from PID_FILE_PATH + * apply debian/fix-pid.issue.patch to fix minor security issue + http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html - * test in init-script for working config before reloading/restarting ++ * test in init-script for working config before reloading/restarting + (Andreas Piesk) + + -- Andreas Metzler Thu, 5 Dec 2002 13:04:51 +0100 + +exim4 (4.10.13-0.0.3) unstable; urgency=low + + * update copyright from NOTICE + * Typos in exim(8) + + -- Andreas Metzler Wed, 4 Dec 2002 10:35:18 +0100 + +exim4 (4.10.13-0.0.2) unstable; urgency=low + + * Fix path for eximon.bin in eximon script (Andreas Piesk) + * Add comments at the head of exim4.conf.template, containing a short + introduction to the configuration scheme. + + -- Andreas Metzler Tue, 3 Dec 2002 23:52:28 +0100 + +exim4 (4.10.13-0.0.1) unstable; urgency=low + + * Snapshot 4.10.13 + * CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated + * update update-exim4.conf* and documentation accordingly. + * Generate config.autogenerated with same permissions as + /etc/exim4/exim4.conf.template (it might conatain passwords) + * Add BIG FAT warning at head of autogenerated file. + * don't ship /var/lib/exim4/config.autogenerated, simply remove it on + purge if it exists. + + -- Andreas Metzler Mon, 2 Dec 2002 12:45:58 +0100 + +exim4 (4.10.12-0.0.1) unstable; urgency=low + + * Upgrade to testing snapshot 4.10.12 + * patches accepted/superseded by upstream: exim4-MID-expanded.patch, hmac*, + perl.c.patch + * patches that do not apply cleanly anymore: bV_shows_openssl_version.txt, + daemon_close_fds.txt, gcc_attributes-eximon.diff, gcc_attributes.txt, + tls_common.txt, tls_misc.txt, tls_session_cache.txt. + * minimize changes to scripts/exim_install - use INSTALL_ARG=-no_symlink instead. + * no util/cramtest.pl util/logargs.sh util/unknownuser.sh in upstream + tarball - perhaps only in testing version? + + -- Andreas Metzler Thu, 28 Nov 2002 16:11:52 +0100 + +exim4 (4.10-0.srh20.19) unstable; urgency=low + + * ship convert4r4 as /usr/sbin/exim_convert4r4 (with manpage) + * eximon does not provides/Conflicts: exim4-daemon + * switch AGAIN *-daemon provides MTA: + - *-daemon depends on -base instead of the other way round + - explicit "conflicts/replaces: exim, exim-tls" for the base package - + these need to add this the other way round, too (TODO). + - move symlinks for sendmail, mailq, rmail, rsmtp and their manpages (+the one + for newaliases) to the daemon-packages. + - no more non-debhelper-generated exim4-base.prerm, simplified + *daemon.postinst + * try to start daemon in postinst no matter whether configtype=none, people + might use it with a handcrafted exim4.conf. + * register /var/lib/exim4/email_addresses for dpkg. + + -- Andreas Metzler Sun, 24 Nov 2002 15:04:32 +0100 + +exim4 (4.10-0.srh20.18) unstable; urgency=low + + * add "Replaces: exim4-daemon" to all the daemon flavours, needed for + switching. + * Marc Haber: + make exim4-daemon-custom actually work. + building from CVS was broken + clean target missed Local/eximon.conf + * exim-daemon-perl recommends libexim-localscan-perl + + -- Andreas Metzler Thu, 21 Nov 2002 17:04:54 +0100 + +exim4 (4.10-0.srh20.17) unstable; urgency=low + + * add support for building a customized daemon (exim4-daemon-custom) + * tighten build-depends: official exim4-base linked against db3 won't + work well together with exim4-daemon-custom linked against libdb2 + * ship compile time configuration (EDITME-files) in /usd/daemon-flavour. + * use /var/mail instead of /var/spool/mail (#169747) + * make uucp a trusted user. (#169545) + + -- Andreas Metzler Sun, 17 Nov 2002 23:06:29 +0100 + +exim4 (4.10-0.srh20.16) unstable; urgency=low + + * fix Gecos pattern: 'From: "Andreas Metzler,,," Sat, 9 Nov 2002 10:12:34 +0100 + +exim4 (4.10-0.srh20.15) unstable; urgency=low + + * Fix crash with perl 5.8 (threads), thanks to Eckebrecht von Pappenheim + + * perl-package: search local_scan.pl in /etc/exim4 instead of /etc/exim. + + -- Andreas Metzler Wed, 6 Nov 2002 22:46:12 +0100 + +exim4 (4.10-0.srh20.14) unstable; urgency=low + + * add /etc/default/exim4 (#123184, #95325) + * Don't start a queue runner with cron per default, exim runs as daemon. + * polish config-script: more states, strip blanks. + * Ask whether to bind to all local interfaces or only to localhost with sane + default depending on configtype. (#108853) + + -- Andreas Metzler Thu, 31 Oct 2002 14:05:50 +0100 + +exim4 (4.10-0.srh20.13) unstable; urgency=low + + * send stdout of logrotate postrotate-script to /dev/null + * polish exim4-base.postinst and exim4-base.templates + * use tcp-wrappers + * simplify update-exim4.conf. There is no need to only add remote_smtp + transport for special configurations. It does not hurt and should make it + easy for users to activate smtp-auth. + * install configration example to examples subdirectory + + -- Andreas Metzler Tue, 29 Oct 2002 08:42:42 +0100 + +exim4 (4.10-0.srh20.12) unstable; urgency=low + + * linked against external pcre + * clean up a little bit - move all manpages to debian/manpages/ + * ship template /etc/exim4/email-addresses + * LFS support (-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE) + * Don't force sender verification by default + * I actually use this version. + + -- Andreas Metzler Sun, 27 Oct 2002 17:10:16 +0100 + +exim4 (4.10-0.srh20.11) unstable; urgency=low + + * if HUPed exim will rexec itself as /usr/lib/exim4/exim, changing the name + to exim - start-stop-daemon-daemon would not recognize it. Changed + init.script to exec /usr/lib/exim4/exim to set the processname to "exim". + This needs to be deuglified. + * use black magic in daemon-$flavour postinst to only start it there if + switching flavours. + * support for inetd has to wait for sarge+1 + * fix description of 'exim4' daemon flavour. + + -- Andreas Metzler Sat, 26 Oct 2002 11:09:14 +0200 + +exim4 (4.10-0.srh20.10) unstable; urgency=low + + * don't provide symlink /usr/sbin/exim anymore - this broke coinstallation + with uninstalled exim 3 - the exim3-init script started the exim4-daemon. + Ship symlink /usr/lib/exim4/exim -> /usr/sbin/exim4 and set BIN_DIRECTORY + to /usr/lib/exim4. This is a little bit ugly but the alterative would be to + patch 7 files in src. + * the daemon packages conflict with each other by each having + Conflicts/Provides: exim4-daemon + * Add doc base support for spec and filter.txt (bug 165961) + * Switching daemon flavours restarts them. + + -- Andreas Metzler Fri, 25 Oct 2002 16:14:44 +0200 + +exim4 (4.10-0.srh20.9) unstable; urgency=low + + * apply exim4-MID-expanded.patch - make domain part of M-ID configurable. + Shipped in debian-subdir so it can be easily patch -R'd before official + debian release. + * set spool to /var/spool/exim4 in EDITME + * remove /var/run/exim4 on purge + * remove /var/(spool|log)/exim4 on purge if empty + * added manpages. + * allow relay for 127.0.0.1 : ::::1 + * set host_find_failed = defer for smarthost router and mimick exim3. It + really sucks to get a frozen message and error to the postmaster _every_ + time I try to send a message offline. + + -- Andreas Metzler Thu, 24 Oct 2002 14:00:05 +0200 + +exim4 (4.10-0.srh20.8) unstable; urgency=low + + * info and html doc generated from separate source package - diff is + small + * remove m4 and texinfo from build-depends + + -- Andreas Metzler Thu, 24 Oct 2002 12:22:56 +0200 + +exim4 (4.10-0.srh20.7) unstable; urgency=low + + * config script as state machine - allows going back! + * hopefully last forgotten entry of /var/{spool,log,run}/exim in postinst + and cron.* fixed. + + -- Andreas Metzler Thu, 24 Oct 2002 09:16:12 +0200 + +exim4 (4.10-0.srh20.6) unstable; urgency=low + + * generate /etc/aliases with debconf + * remove dpkg-statoverride managment with debconf, ship exim binary as 4755 + root:root. + * update debian/copyright from NOTICE. + * add (commented out) maildrop-transport to template + * add (commented out) maildir-transport to template + * Remove some backslashes in template + * Fix *lots of* cut and paste errors, introduced by generating the + configuration template from the debconf_eximconfig perl script. + $local_delivery is wrong, define macro LOCAL_DELIVERY and use it instead. + Remove erranous backslashes. + * Add comments from the example configuration file to template. + * host and domain lists are colon separated. + + -- Andreas Metzler Mon, 21 Oct 2002 22:37:45 +0200 + +exim4 (4.10-0.srh20.5) unstable; urgency=low + + * new debconf-code: + - shell scripts + - debconf-results are saved (and read from) /etc/exim4/debconf.results + - /etc/exim4/exim4.conf.template is a dpkg-conffile + - update-exim4.conf(8) merges these two files and generates exim's main + configuration file /var/lib/exim4/exim4.conf. + + -- Andreas Metzler Sat, 19 Oct 2002 19:23:35 +0200 + +exim4 (4.10-0.srh20.4) unstable; urgency=low + + * symlink usr/sbin/exim4 <-> usr/sbin/exim in -base package was wrong. + * move invoke-rc.d to -base package - _it_ contains the init-script + * move stat-overide-stuff to -base package. - The values are filled in _its_ + config. + * missing stuff from log/exim4 run/exim4 transition: exim-base + maintainerscripts. + * Daemon-packages have only debconf stuff left as maintainerscripts. How + about letting dh_installinit manage the initscript? + * exim4-base.postrm has no business removing /etc/exim/exim.conf + + -- Andreas Metzler Fri, 18 Oct 2002 14:40:46 +0200 + +exim4 (4.10-0.srh20.3) unstable; urgency=low + + * /etc/exim4/... + * fix cronjob: Test for existence of /etc/exim4/exim4.conf - it formerly + tested for exim3's configuration file + * /usr/lib/exim/ --> /usr/lib/exim4/ -- Put eximon.bin there, too. + + -- Andreas Metzler Fri, 18 Oct 2002 13:43:37 +0200 + +exim4 (4.10-0.srh20.2) unstable; urgency=low + + * more changes: + * /var/log/exim/ --> /var/log/exim4/ + * /var/run/exim/ --> /var/run/exim4/ + * /etc/init.d/exim --> /etc/init.d/exim4 + * Use files named after the real package (exim4-base instead of) exim for + cron and logrotate. - use dh_installlogrotate and dh_installcron + * Don't install exim.8 manpages in daemon packages - symlink is enough, ship + real manpage in base-package. - use dh_installman. + * Get rid of m4-magic - without the alternatives there is no need. + + -- Andreas Metzler Thu, 17 Oct 2002 23:52:31 +0200 + +exim4 (4.10-0.srh20.1) unstable; urgency=low + + * rename package, replace dependencies. + - src: exim4 + - binary exim(-something) --> exim4-something + - Remove Provides: exim - does not make sense anymore, dselect/apt + would take the real exim instead of the provided one. + - Revamp Dependencies and contents + * exim4-base provides/confl/repl: mta and depends on one of *our* + flavours + * each of the flavours only contains only /usr/sbin/exim4 and a manpagelink + exim4--->exim - there is no need to provides/confl/repl: mta, because + we ship no common file with the same name as in the original + exim4-package + - drop alternatives. + - install configuration example to /usr/share/doc/exim4-doc/examples + + -- Andreas Metzler Thu, 17 Oct 2002 17:58:08 +0200 + +exim (4.10-0.srh20) unstable; urgency=low + + * exim-base.config fixes during testing-- need to run debconf subs in a + list context to get their numeric return code. + * enqueue_question(): $code == 0 is ok too + * main: call fetch_default() not find_default() [when did I last test this?] + * install debconf_eximconfig (!!!!!!) + + -- Steve Haslam Wed, 16 Oct 2002 21:50:27 +0100 + +exim (4.10-0.srh19) unstable; urgency=low + + * Move the eximon binary into the eximon package! + + -- Steve Haslam Wed, 16 Oct 2002 19:36:48 +0100 + +exim (4.10-0.srh18) unstable; urgency=low + + * The clean: target now deletes doc/tmp + + -- Steve Haslam Wed, 16 Oct 2002 18:10:29 +0100 + +exim (4.10-0.srh17) unstable; urgency=low + + * Slave alternatives for "rmail" too. + * Changed libxaw-dev in build-depends to libxaw7-dev | libxaw-dev + * Added libperl-dev and m4 to build-depends + + -- Steve Haslam Wed, 16 Oct 2002 17:19:40 +0100 + +exim (4.10-0.srh16) unstable; urgency=low + + * Put --exec $DAEMON back on the start-stop-daemon --stop calls, since + start-stop-daemon complains about the process not being found after it + just killed it. (Due to Exim not removing its own pid file?) + * Point slave alternatives at .gz versions of manpages + + -- Steve Haslam Wed, 16 Oct 2002 16:12:08 +0100 + +exim (4.10-0.srh15) unstable; urgency=low + + * Fix "update-alternatives --remove" invocation. + * Remove alternatives AFTER stopping daemon. + * Use logrotate to cycle logs. + * Manually install logrotate/cron stuff, to call it "exim" instead of "exim-base". + * Install upstream exim.8 manpage, and slave alternatives. + + -- Steve Haslam Wed, 16 Oct 2002 15:44:56 +0100 + +exim (4.10-0.srh14) unstable; urgency=low + + * dh_installinit: pass --noscripts, put the script invocation etc. in + ourselves. This is still pretty nasty, but ensures that the deamons + are stopped/started themselves, not by exim-base. + * Also, pass --init-script=exim to use /etc/init.d/exim, not + /etc/init.d/exim-base. + * Fix some inconsistencies in the postsinst related to the above that + made lintian scream + * Remove the --exec option when stopping the daemon in the init script, + so that we still stop the daemon if the symlink changed to point to a + different version (hacky). + + -- Steve Haslam Wed, 16 Oct 2002 14:51:19 +0100 + +exim (4.10-0.srh13) unstable; urgency=low + + * Bah, fix paths of mailq etc. to be in /usr/bin, not /usr/lib + + -- Steve Haslam Wed, 16 Oct 2002 14:08:45 +0100 + +exim (4.10-0.srh12) unstable; urgency=low + + * The postinsts were totally broken, doing everything off the "install" + target, and nothing off "configure". Since they're all pracitcally the + same, they are now generated from daemon-postinst.m4. + * Fix invocations of dpkg-statoverride (sysuser??) + * Added slave alternatives for mailq, sendmail etc. + * Removed daemon packages conflicting with mail-transport-agent, + although this isn't good-- the deamon packages don't conflict with + each other (they use alternatives to arrange themselves), but do + conflict with other MTAs that install + /usr/lib/sendmail|/usr/sbin/sendmail links. Urnf. + * Similar generation system for prerms as postinsts + + -- Steve Haslam Wed, 16 Oct 2002 13:47:53 +0100 + +exim (4.10-0.srh11) unstable; urgency=low + + * Urnf, nasty circular dependencies. Removed exim-base's dependency on exim-daemon. + * Fix "use strict" errors in exim-base.config (oops) + + -- Steve Haslam Wed, 16 Oct 2002 13:10:25 +0100 + +exim (4.10-0.srh10) unstable; urgency=low + + * Patch src/expand.c with HMAC support + * Rename exim-daemon-default package to just "exim", so upgrading works + better, and exim isn't made into a pure virtual package while other + packages depend on it. Moreover, mail-transport-agent is provided by + each of the daemon packages, not exim-base, since having exim-base + alone is not sufficient to have an MTA. + * Each exim daemon package depends on exim-base, not exim. + + -- Steve Haslam Wed, 16 Oct 2002 12:52:19 +0100 + +exim (4.10-0.1) unstable; urgency=low + + * Heavy changes to build system. + * Split package into: + - exim-base: This package contains all utility programs and + documentation in plain text format. + - exim-daemon-$FOO: (Currently for FOO in light, default, heavy, + perl): Conain only the exim daemon in different configurations + - exim-doc-info: Contains exim documentation in Info format. + - eximon: The X11 monitor for Exim + + -- Hilko Bengen Wed, 2 Oct 2002 17:23:04 +0200 + +exim (4.10-0.srh4) unstable; urgency=low + + * exim.c: Show the OpenSSL version number if TLS compiled in and the tls + debug selector enabled. + * exim.postinst et al: Keep the alternatives configured between upgrades + (naughty) since exim-light will fail to start if exim-heavy keywords + are in the config file + + -- Steve Haslam Fri, 13 Sep 2002 16:08:47 +0100 + +exim (4.10-0.srh3) unstable; urgency=low + + * tls.c: Some debug output changes to verify_callback() + * debconf_eximconfig: add more escaping when writing acl_check_rcpt + * tls.c and others: ${tls_peercn} now expands to the CN part of the + peer's certificate subject when using TLS. + * transports/smtp.c and others: Added tls_verify_hostname option to + verify the hostname we connected to against the CN/subjectAltName + of the peer certificate. + + -- Steve Haslam Fri, 13 Sep 2002 15:44:07 +0100 + +exim (4.10-0.srh2) unstable; urgency=low + + * exim-heavy.postinst: had duplicate sendmail alternative, removed. Had + a priority the same as exim-light too... increased. + * Replace LOOKUP_CDB=yes in exim-light configuration, since it was in + the Exim 3 package and doesn't bring in any dependencies. + * exim.postinst: delete files from /var/spool/exim/db if they cannot be + read by exim_dumpdb (some DB compatibility lossage) + + -- Steve Haslam Tue, 3 Sep 2002 13:28:44 +0100 + +exim (4.10-0.srh1) unstable; urgency=low + + * My stab at an Exim 4 package. Features include: + * An exim-heavy package that contains an Exim binary with LDAP, + MySQL, PostgreSQL etc. in, so that the main Exim package's + dependencies are kept thin but users can easily get hold of + the extra lookup types. + * Debconf-based configuration, although it has priority=high + questions, so not completely noninteractive yet, and not + all features of eximconfig have been ported/checked + * Automated conversion of Exim 3 configuration files + (using PH's convert4r4) + + -- Steve Haslam Tue, 3 Sep 2002 10:20:24 +0100 + +exim (3.35-1.srh1) unstable; urgency=low + + * Reconfigured to include MySQL and PostgreSQL lookups + + -- Steve Haslam Fri, 9 Aug 2002 15:52:37 +0100 + +exim (3.35-1) unstable; urgency=low + + * New upstream version, fixes buffer overflow (Closes: #135069) + * debian/config: Added receiver_try_verify (Closes: #136276) + * debian/init.d: Use --retry 30 option for start-stop-daemon when + stopping exim (Closes: #136450) + * debian/postinst: "noninteractive" in correct case (Closes: #134379) + * debian/init.d: Use -n option for echo (from patch in #133288) + * debian/exim_lock.8: Manpage for exim_lock - thanks Nick Philips + (Closes: #131679) + * debian/config: Fixed comment on smtp_accept_queue_per_connection + (Closes: #136756) + * debian/exim.8,debian/eximon.8: Fixed hyphenation (Closes: #132068) + * debian/control: Short description improved (Closes: #130698) + + -- Mark Baker Mon, 4 Mar 2002 23:04:52 +0000 - - diff --cc debian/compat index ec63514,0000000..f599e28 mode 100644,000000..100644 --- a/debian/compat +++ b/debian/compat @@@ -1,1 -1,0 +1,1 @@@ - 9 ++10 diff --cc debian/control index 16c00d3,0000000..cd773bb mode 100644,000000..100644 --- a/debian/control +++ b/debian/control @@@ -1,351 -1,0 +1,306 @@@ +Source: exim4 +Section: mail +Priority: standard +Maintainer: Exim4 Maintainers - Uploaders: Andreas Metzler ,Marc Haber - Homepage: http://www.exim.org/ - Standards-Version: 3.9.8 - Vcs-Git: https://anonscm.debian.org/git/pkg-exim4/exim4.git - Vcs-Browser: https://anonscm.debian.org/git/pkg-exim4/exim4.git - Build-Depends: debhelper (>= 9), po-debconf, docbook-xsl, xsltproc, - lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, - libident-dev, libdb5.3-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, - libxaw7-dev, libpq-dev, default-libmysqlclient-dev, - libsqlite3-dev, libperl-dev, libgnutls28-dev, libsasl2-dev ++Uploaders: ++ Andreas Metzler , ++ Marc Haber ++Homepage: https://www.exim.org/ ++Standards-Version: 4.3.0 ++Vcs-Git: https://salsa.debian.org/exim-team/exim4.git ++Vcs-Browser: https://salsa.debian.org/exim-team/exim4 ++Build-Depends: ++ debhelper (>= 10), ++ default-libmysqlclient-dev, ++ docbook-xml, ++ docbook-xsl, ++ libdb5.3-dev, ++ libgnutls28-dev (>= 3.5.7), ++ libident-dev, ++ libldap2-dev, ++ libpam0g-dev, ++ libpcre3-dev, ++ libperl-dev, ++ libpq-dev, ++ libsasl2-dev, ++ libsqlite3-dev, ++ libx11-dev, ++ libxaw7-dev, ++ libxext-dev, ++ libxmu-dev, ++ libxt-dev, ++ lynx, ++ po-debconf, ++ xsltproc + +Package: exim4-base +Architecture: any - Breaks: exim4-daemon-light (<<${Upstream-Version}), - exim4-daemon-heavy (<<${Upstream-Version}), - exim4-daemon-custom (<<${Upstream-Version}) ++Priority: optional ++Breaks: ++ exim4-daemon-custom (<<${Upstream-Version}), ++ exim4-daemon-heavy (<<${Upstream-Version}), ++ exim4-daemon-light (<<${Upstream-Version}) +Conflicts: exim, exim-tls - Replaces: exim, exim-tls, exim4-daemon-light, exim4-daemon-heavy, exim4-daemon-custom - Depends: ${shlibs:Depends}, ${misc:Depends}, ++Replaces: ++ exim, ++ exim-tls, ++ exim4-daemon-custom, ++ exim4-daemon-heavy, ++ exim4-daemon-light ++Depends: ++ adduser, + cron | cron-daemon | anacron, - exim4-config (>=4.82) | exim4-config-2, adduser, netbase, lsb-base (>= 3.0-6) ++ exim4-config (>=4.82) | exim4-config-2, ++ lsb-base (>= 3.0-6), ++ netbase, ++ ${misc:Depends}, ++ ${shlibs:Depends} +# psmisc just for exiwhat. - Recommends: psmisc, mailx - Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, - gnutls-bin | openssl, file, spf-tools-perl, swaks ++Recommends: mailx, psmisc ++Suggests: ++ exim4-doc-html | exim4-doc-info, ++ eximon4, ++ file, ++ gnutls-bin | openssl, ++ mail-reader, ++ spf-tools-perl, ++ swaks +Description: support files for all Exim MTA (v4) packages + Exim (v4) is a mail transport agent. exim4-base provides the support + files needed by all exim4 daemon packages. You need an additional package + containing the main executable. The available packages are: + . + exim4-daemon-light + exim4-daemon-heavy + . + If you build exim4 from the source package locally, you can also + build an exim4-daemon-custom package tailored to your own feature set. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-config +Architecture: all - Breaks: exim4-daemon-light (<< 4.87~RC5), exim4-daemon-heavy (<< 4.87~RC5) ++Priority: optional ++Breaks: ++ exim4-daemon-heavy (<< 4.91~RC1), ++ exim4-daemon-light (<< 4.91~RC1) +Provides: exim4-config-2 - Conflicts: exim, exim-tls, exim4-config, exim4-config-2, ${MTA-Conflicts} - Depends: ${shlibs:Depends}, ${misc:Depends}, adduser ++Conflicts: ++ exim, ++ exim-tls, ++ exim4-config, ++ exim4-config-2, ++ ${MTA-Conflicts} ++Depends: adduser, ${misc:Depends}, ${shlibs:Depends} +Description: configuration for the Exim MTA (v4) + Exim (v4) is a mail transport agent. exim4-config provides the configuration + for the exim4 daemon packages. The configuration framework has been split + off the main package to allow sites to replace the configuration scheme + with their own without having to change the actual exim4 packages. + . + Sites with special configuration needs (having a lot of identically + configured machines for example) can use this to distribute their own + custom configuration via the packaging system, using the magic + available with dpkg's conffile handling, without having to do local + changes on all of these machines. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-light +Architecture: any - Provides: mail-transport-agent, exim4-localscanapi-2.0, ++Priority: optional ++Provides: ++ exim4-localscanapi-2.0, ++ mail-transport-agent, + ${dist:Provides:exim4-daemon-light} +Conflicts: mail-transport-agent - Replaces: mail-transport-agent, exim4-base (<= 4.61-1) - Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends} ++Replaces: exim4-base (<= 4.61-1), mail-transport-agent ++Depends: ++ exim4-base (>= ${Upstream-Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends} +Description: lightweight Exim MTA (v4) daemon + Exim (v4) is a mail transport agent. This package contains the exim4 + daemon with only basic features enabled. It works well with the + standard setups that are provided by Debian and includes support for + TLS encryption and the dlopen patch to allow dynamic loading of a + local_scan function. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4 +Architecture: all - Depends: ${misc:Depends}, debconf (>= 1.4.69) | cdebconf (>= 0.39), - exim4-base (>= ${source:Version}), ++Priority: optional ++Depends: ++ debconf (>= 1.4.69) | cdebconf (>= 0.39), + exim4-base (<< ${source:Version}.1), - exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom ++ exim4-base (>= ${source:Version}), ++ exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom, ++ ${misc:Depends} +Description: metapackage to ease Exim MTA (v4) installation + Exim (v4) is a mail transport agent. exim4 is the metapackage depending + on the essential components for a basic exim4 installation. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-heavy +Architecture: any +Priority: optional - Provides: mail-transport-agent, exim4-localscanapi-2.0 ++Provides: exim4-localscanapi-2.0, mail-transport-agent +Conflicts: mail-transport-agent - Replaces: mail-transport-agent, exim4-base (<= 4.61-1) - Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, - ${misc:Depends} ++Replaces: exim4-base (<= 4.61-1), mail-transport-agent ++Depends: ++ exim4-base (>= ${Upstream-Version}), ++ ${misc:Depends}, ++ ${shlibs:Depends} +Breaks: clamav-daemon (<< 0.95) +Description: Exim MTA (v4) daemon with extended features, including exiscan-acl + Exim (v4) is a mail transport agent. This package contains the exim4 + daemon with extended features. In addition to the features already + supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP, + sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication, + embedded Perl interpreter, and the content scanning extension + (formerly known as "exiscan-acl") for integration of virus scanners + and spamassassin. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +#Package: exim4-daemon-custom +#Architecture: any +#Priority: optional - #Provides: mail-transport-agent, exim4-localscanapi-2.0 ++#Provides: exim4-localscanapi-2.0, mail-transport-agent +#Conflicts: mail-transport-agent - #Replaces: mail-transport-agent, exim4-base (<= 4.61-1) - #Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends} ++#Replaces: exim4-base (<= 4.61-1), mail-transport-agent ++#Depends: ++# exim4-base (>= ${Upstream-Version}), ++# ${misc:Depends}, ++# ${shlibs:Depends} +#Description: custom Exim MTA (v4) daemon with locally set features +# Exim (v4) is a mail transport agent. This package contains a +# custom-configured exim4 daemon compiled to local needs. This package +# is not part of official Debian, but can easily be built from the +# Debian source package. For information about the feature set compiled in, +# and for bug reports, please find out who built your package. +# . +# The Debian exim4 packages have their own web page, +# http://wiki.debian.org/PkgExim4. There is also a Debian-specific +# FAQ list. Information about the way the Debian packages are +# configured can be found in +# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains +# information about the way the Debian binary packages are built. The +# very extensive upstream documentation is shipped in +# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven +# configuration process in a standard setup, invoke dpkg-reconfigure +# exim4-config. There is a Debian-centered mailing list, +# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific +# questions there, and only write to the upstream exim-users mailing +# list if you are sure that your question is not Debian-specific. You +# can find the subscription web page on +# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: eximon4 +Architecture: any +Priority: optional +Conflicts: eximon +Replaces: eximon - Depends: ${shlibs:Depends}, ${misc:Depends}, exim4-base (>= 4.10) ++Depends: exim4-base (>= 4.10), ${misc:Depends}, ${shlibs:Depends} +Description: monitor application for the Exim MTA (v4) (X11 interface) + Eximon is a helper program for the Exim MTA (v4). It allows + administrators to view the mail queue and logs, and perform a variety + of actions on queued messages, such as freezing, bouncing and thawing + messages. + - Package: exim4-dbg - Architecture: any - Priority: extra - Section: debug - Depends: exim4-base, exim4-config, ${misc:Depends} - Recommends: eximon4 - Description: debugging symbols for the Exim MTA (utilities) - Exim (v4) is a mail transport agent. This package contains - debugging symbols for the binaries contained in the exim4 - packages. The daemon packages have their own debug package. - . - The Debian exim4 packages have their own web page, - http://wiki.debian.org/PkgExim4. There is also a Debian-specific - FAQ list. Information about the way the Debian packages are - configured can be found in - /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains - information about the way the Debian binary packages are built. The - very extensive upstream documentation is shipped in - /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven - configuration process in a standard setup, invoke dpkg-reconfigure - exim4-config. There is a Debian-centered mailing list, - pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific - questions there, and only write to the upstream exim-users mailing - list if you are sure that your question is not Debian-specific. You - can find the subscription web page on - http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users - - Package: exim4-daemon-light-dbg - Architecture: any - Priority: extra - Section: debug - Depends: exim4-daemon-light, ${misc:Depends} - Description: debugging symbols for the Exim MTA "light" daemon - Exim (v4) is a mail transport agent. This package contains - debugging symbols for the binaries contained in the - exim4-daemon-light package. - . - The Debian exim4 packages have their own web page, - http://wiki.debian.org/PkgExim4. There is also a Debian-specific - FAQ list. Information about the way the Debian packages are - configured can be found in - /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains - information about the way the Debian binary packages are built. The - very extensive upstream documentation is shipped in - /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven - configuration process in a standard setup, invoke dpkg-reconfigure - exim4-config. There is a Debian-centered mailing list, - pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific - questions there, and only write to the upstream exim-users mailing - list if you are sure that your question is not Debian-specific. You - can find the subscription web page on - http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users - - Package: exim4-daemon-heavy-dbg - Architecture: any - Priority: extra - Section: debug - Depends: exim4-daemon-heavy, ${misc:Depends} - Description: debugging symbols for the Exim MTA "heavy" daemon - Exim (v4) is a mail transport agent. This package contains - debugging symbols for the binaries contained in the - exim4-daemon-heavy package. - . - The Debian exim4 packages have their own web page, - http://wiki.debian.org/PkgExim4. There is also a Debian-specific - FAQ list. Information about the way the Debian packages are - configured can be found in - /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains - information about the way the Debian binary packages are built. The - very extensive upstream documentation is shipped in - /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven - configuration process in a standard setup, invoke dpkg-reconfigure - exim4-config. There is a Debian-centered mailing list, - pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific - questions there, and only write to the upstream exim-users mailing - list if you are sure that your question is not Debian-specific. You - can find the subscription web page on - http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users - - #Package: exim4-daemon-custom-dbg - #Architecture: any - #Priority: extra - #Section: debug - #Depends: exim4-daemon-custom, ${misc:Depends} - #Description: debugging symbols for the Exim MTA (v4) packages - # Exim (v4) is a mail transport agent. This package contains - # debugging symbols for the binaries contained in the - # exim4-daemon-custom package. - # . - # The Debian exim4 packages have their own web page, - # http://wiki.debian.org/PkgExim4. There is also a Debian-specific - # FAQ list. Information about the way the Debian packages are - # configured can be found in - # /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains - # information about the way the Debian binary packages are built. The - # very extensive upstream documentation is shipped in - # /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven - # configuration process in a standard setup, invoke dpkg-reconfigure - # exim4-config. There is a Debian-centered mailing list, - # pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific - # questions there, and only write to the upstream exim-users mailing - # list if you are sure that your question is not Debian-specific. You - # can find the subscription web page on - # http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users - +Package: exim4-dev +Architecture: any - Priority: extra ++Priority: optional +Depends: ${misc:Depends} +Description: header files for the Exim MTA (v4) packages + Exim (v4) is a mail transport agent. This package contains header + files that can be used to compile code that is then dynamically linked + to exim's local_scan interface. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users diff --cc debian/copyright index cd123f2,0000000..b986c5e mode 100644,000000..100644 --- a/debian/copyright +++ b/debian/copyright @@@ -1,254 -1,0 +1,229 @@@ +This is Debian GNU/Linux's prepackaged version of exim, a powerful yet easy +to configure mail transport agent. + +----------------------------------------------------------------- +This package was put together from the original sources which are +maintained by Philip Hazel , and which were +obtained from + + ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ + +Some modifications to the Makefiles have been made to fit with the Linux +FHS. +----------------------------------------------------------------- + +----------------------------------------------------------------- +The exim content filtering extension, formally known as the +exiscan-acl patch, and which is included in exim4-daemon-heavy, +was written by Tom Kistner . +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ +----------------------------------------------------------------- + +----------------------------------------------------------------- +Debian Maintainer history: +- The Debian package for exim was originally made by Tim Cutts + . +- Mark Baker took over until exim version 3 and is + still involved with packaging. +- Steve Haslam, Hilko Bengen and Marc Haber generated the initial + packages of Exim v4. +- The exim4 packages are currently maintained by + - Core Team + - (mh) Marc Haber (team leader) + - (am) Andreas Metzler (uploader) + - Commit Privileges + - (hb) Hilko Bengen (documentation, hacks etc) + - (cb) Christian Perrier (translations) + +The following people helped in preparing the exim4 packages and gave +important feedback: +- Marc Merlin provides the dlopen patch, making it possible to load + local_scan-routines for a external shared object. + The original patch was written by David Woodhouse, it was modified first + by Derrick 'dman' Hudson and afterwards by Marc Merlin. +- Sander Smeenk provided the TLS-docs and the script to generate the + self-signed certificates. +- The people on the exim4debian list that submitted bug-reports and -fixes, + and helped with design issues: Matthias Klose, Alexander Koch, Ola + Lundqvist, Andrew Mulholland, David Pashley, Andreas Piesk, Nick Phillips + and whoever I forgot to mention. +- syslog2eximlog script by Martin Godisch. +- Hilko Bengen converted the Debian documentation from plain-text to XML + format. +----------------------------------------------------------------- + + +----------------------------------------------------------------- - exim is copyright (c) 1995 - 2017 University of Cambridge. ++exim is copyright (c) 1995 - 2018 University of Cambridge. + +The original licence is as follows (from the file NOTICE in the upstream - distribution); a copy of the GNU GPL version 2 is available in ++distribution); a copy of the GNU GPL version 2 is available in +/usr/share/common-licenses/GPL-2 on Debian systems. + +_________________________________________________________________________ +THE EXIM MAIL TRANSFER AGENT +---------------------------- + +Copyright (c) 2004 University of Cambridge + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +In addition, for the avoidance of any doubt, permission is granted to +link this program with OpenSSL or any other library package and to +(re)distribute the binaries produced as the result of such linking. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +UNSOLICITED EMAIL +----------------- + +The use, supply or promotion of Exim for the purpose of sending bulk, +unsolicited electronic mail is incompatible with the basic aims of the program, +which revolve around the free provision of a service that enhances the quality +of personal communications. The author of Exim regards indiscriminate +mass-mailing as an antisocial, irresponsible abuse of the Internet. + + +INCORPORATED CODE +----------------- + +A number of pieces of external code are included in the Exim distribution. + + . Support for the cdb (Constant DataBase) lookup method is provided by code + contributed by Nigel Metheringham of Planet Online Ltd. which contains + the following statements: + _________________________________________________________________________ + + Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your + option) any later version. + + This code implements Dan Bernstein's Constant DataBase (cdb) spec. + Information, the spec and sample code for cdb can be obtained from + http://www.pobox.com/~djb/cdb.html. This implementation borrows some code + from Dan Bernstein's implementation (which has no license restrictions + applied to it). + _________________________________________________________________________ + + The implementation is completely contained within the code of Exim. It + does not link against an external cdb library. + + . Client support for Microsoft's "Secure Password Authentication" is pro- + vided by code contributed by Marc Prud'hommeaux. Server support was + contributed by Tom Kistner. This includes code taken from the Samba + project, which is released under the Gnu GPL. + + + . Support for calling the Cyrus "pwcheck" and "saslauthd" daemons is + provided by code taken from the Cyrus-SASL library and adapted by + Alexander S. Sabourenkov. The permission notice appears below, in + accordance with the conditions expressed therein. + + _________________________________________________________________________ + + Copyright (c) 2001 Carnegie Mellon University. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. The name 'Carnegie Mellon University' must not be used to endorse or + promote products derived from this software without prior written + permission. For permission or any other legal details, please + contact + + Office of Technology Transfer + Carnegie Mellon University + 5000 Forbes Avenue + Pittsburgh, PA 15213-3890 + (412) 268-4387, fax: (412) 268-7395 + tech-transfer@andrew.cmu.edu + + 4. Redistributions of any form whatsoever must retain the following + acknowledgment: + This product includes software developed by Computing Services at + Carnegie Mellon University (http://www.cmu.edu/computing/). + + CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS + SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY + SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER + RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF + CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + _________________________________________________________________________ + + + . The Exim Monitor program, which is an X-Window application, includes + modified versions of the Athena StripChart and TextPop widgets. This code + is copyright by DEC and MIT, and their permission notice appears below, + in accordance with the conditions expressed therein. + + _________________________________________________________________________ + + Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, + Massachusetts, and the Massachusetts Institute of Technology, Cambridge, + Massachusetts. + + All Rights Reserved + + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose and without fee is hereby granted, provided + that the above copyright notice appear in all copies and that both that + copyright notice and this permission notice appear in supporting documen- + tation, and that the names of Digital or MIT not be used in advertising + or publicity pertaining to distribution of the software without specific, + written prior permission. + + DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING + ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL + DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR + ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, + WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, + ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + SOFTWARE. + _________________________________________________________________________ + + + . Some of the code to support the use of maildirsize files for maildir + deliveries is taken from the Courier Imapd source code. This code is + released under the GPL. + _________________________________________________________________________ + +-- +Philip Hazel University of Cambridge Computing Service, +----------------------------------------------------------------- +src/pdkim/* + +PDKIM - a RFC4871 (DKIM) implementation +http://duncanthrax.net/pdkim/ - Copyright (C) 2009 - 2016 Tom Kistner - Copyright (C) 2016 - 2017 Jeremy Harris ++Copyright (C) 2009 Tom Kistner + - Includes code from the PolarSSL project. - http://polarssl.org - Copyright (C) 2009 Paul Bakker - Copyright (C) 2006-2008 Christophe Devine - Copyright (C) 2006-2010, Brainspark B.V. ++No longer includes code from the PolarSSL project. ++Copyright (C) 2016 Jeremy Harris + +This copy of PDKIM is included with Exim. For a standalone distribution, +visit http://duncanthrax.net/pdkim/. - - License: Both the parts from PolarSSL and the original code are licensed - under GPLv2+. - - Please note that the parts copied from PolarSSL are only used with ancient - (< 2.10) GnuTLS. - ----------------------------------------------------------------- - +----------------------------------------------------------------- - Generating a tarball from CVS snapshot. - - Upstream is keeping sourcecode and documentation (including changelog) in - separate CVS modules: exim-src and exim-doc. However the release tarball - contains parts from both modules. - - 1. Use exim-src modules as base - 2. Generate a doc subdirectory containing he contents of exim-doc/doc-txt/. - 3. Take exim-doc and build the txt files You will need xfpt, xmlto, docbook-xsl - and w3m. - cd doc-docbook ; make spec.txt filter.txt exim.8 - Copy the three files to exim-version/doc/ - diff --cc debian/debconf/conf.d/acl/30_exim4-config_check_rcpt index d616720,0000000..b8bde1e mode 100644,000000..100644 --- a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt +++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt @@@ -1,363 -1,0 +1,375 @@@ + +### acl/30_exim4-config_check_rcpt +################################# + ++# define macros to be used below in this file to check recipient ++# local parts for strange characters. Documentation below. ++# This blocks local parts that begin with a dot or contain a quite ++# broad range of non-alphanumeric characters. ++ ++.ifndef CHECK_RCPT_LOCAL_LOCALPARTS ++CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] ++.endif ++ ++.ifndef CHECK_RCPT_REMOTE_LOCALPARTS ++CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ ++.endif ++ +# This access control list is used for every RCPT command in an incoming +# SMTP message. The tests are run in order until the address is either +# accepted or denied. +# +acl_check_rcpt: + + # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by + # testing for an empty sending host field. + accept + hosts = : + control = dkim_disable_verify + + # Do not try to verify DKIM signatures of incoming mail if DC_minimaldns + # or DISABLE_DKIM_VERIFY are set. +.ifdef DC_minimaldns + warn + control = dkim_disable_verify +.else +.ifdef DISABLE_DKIM_VERIFY + warn + control = dkim_disable_verify +.endif +.endif + + # The following section of the ACL is concerned with local parts that contain + # certain non-alphanumeric characters. Dots in unusual places are + # handled by this ACL as well. + # + # Non-alphanumeric characters other than dots are rarely found in genuine + # local parts, but are often tried by people looking to circumvent + # relaying restrictions. Therefore, although they are valid in local + # parts, these rules disallow certain non-alphanumeric characters, as + # a precaution. + # + # Empty components (two dots in a row) are not valid in RFC 2822, but Exim + # allows them because they have been encountered. (Consider local parts + # constructed as "firstinitial.secondinitial.familyname" when applied to + # a name without a second initial.) However, a local part starting + # with a dot or containing /../ can cause trouble if it is used as part of a + # file name (e.g. for a mailing list). This is also true for local parts that + # contain slashes. A pipe symbol can also be troublesome if the local part is + # incorporated unthinkingly into a shell command line. + # + # These ACL components will block recipient addresses that are valid - # from an RFC2822 point of view. We chose to have them blocked by ++ # from an RFC5322 point of view. We chose to have them blocked by + # default for security reasons. + # + # If you feel that your site should have less strict recipient + # checking, please feel free to change the default values of the macros + # defined in main/01_exim4-config_listmacrosdefs or override them from a + # local configuration file. + # + # Two different rules are used. The first one has a quite strict + # default, and is applied to messages that are addressed to one of the + # local domains handled by this host. + - # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in - # main/01_exim4-config_listmacrosdefs: - # CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] - # This blocks local parts that begin with a dot or contain a quite - # broad range of non-alphanumeric characters. ++ # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined ++ # at the top of this file. + .ifdef CHECK_RCPT_LOCAL_LOCALPARTS + deny + domains = +local_domains + local_parts = CHECK_RCPT_LOCAL_LOCALPARTS + message = restricted characters in address + .endif + + + # The second rule applies to all other domains, and its default is + # considerably less strict. + + # The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in + # main/01_exim4-config_listmacrosdefs: + # CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ + + # It allows local users to send outgoing messages to sites + # that use slashes and vertical bars in their local parts. It blocks + # local parts that begin with a dot, slash, or vertical bar, but allows + # these characters within the local part. However, the sequence /../ is + # barred. The use of some other non-alphanumeric characters is blocked. + # Single quotes might probably be dangerous as well, but they're + # allowed by the default regexps to avoid rejecting mails to Ireland. + # The motivation here is to prevent local users (or local users' malware) + # from mounting certain kinds of attack on remote sites. + .ifdef CHECK_RCPT_REMOTE_LOCALPARTS + deny + domains = !+local_domains + local_parts = CHECK_RCPT_REMOTE_LOCALPARTS + message = restricted characters in address + .endif + + + # Accept mail to postmaster in any local domain, regardless of the source, + # and without verifying the sender. + # + accept + .ifndef CHECK_RCPT_POSTMASTER + local_parts = postmaster + .else + local_parts = CHECK_RCPT_POSTMASTER + .endif + domains = +local_domains : +relay_to_domains + + + # Deny unless the sender address can be verified. + # + # This is disabled by default so that DNSless systems don't break. If + # your system can do DNS lookups without delay or cost, you might want + # to enable this feature. + # + # This feature does not work in smarthost and satellite setups as + # with these setups all domains pass verification. See spec.txt section + # "Access control lists" subsection "Address verification" with the added + # information that a smarthost/satellite setup routes all non-local e-mail + # to the smarthost. + .ifdef CHECK_RCPT_VERIFY_SENDER + deny + message = Sender verification failed + !acl = acl_local_deny_exceptions + !verify = sender + .endif + + # Verify senders listed in local_sender_callout with a callout. + # + # In smarthost and satellite setups, this causes the callout to be + # done to the smarthost. Verification will thus only be reliable if the + # smarthost does reject illegal addresses in the SMTP dialog. + deny + !acl = acl_local_deny_exceptions + senders = ${if exists{CONFDIR/local_sender_callout}\ + {CONFDIR/local_sender_callout}\ + {}} + !verify = sender/callout + + + # Accept if the message comes from one of the hosts for which we are an + # outgoing relay. It is assumed that such hosts are most likely to be MUAs, + # so we set control=submission to make Exim treat the message as a + # submission. It will fix up various errors in the message, for example, the + # lack of a Date: header line. If you are actually relaying out out from + # MTAs, you may want to disable this. If you are handling both relaying from + # MTAs and submissions from MUAs you should probably split them into two + # lists, and handle them differently. + + # Recipient verification is omitted here, because in many cases the clients + # are dumb MUAs that don't cope well with SMTP error responses. If you are + # actually relaying out from MTAs, you should probably add recipient + # verification here. + + # Note that, by putting this test before any DNS black list checks, you will + # always accept from these hosts, even if they end up on a black list. The + # assumption is that they are your friends, and if they get onto black + # list, it is a mistake. + accept + hosts = +relay_from_hosts + control = submission/sender_retain + control = dkim_disable_verify + + + # Accept if the message arrived over an authenticated connection, from + # any host. Again, these messages are usually from MUAs, so recipient + # verification is omitted, and submission mode is set. And again, we do this + # check before any black list tests. + accept + authenticated = * + control = submission/sender_retain + control = dkim_disable_verify + + # Insist that a HELO/EHLO was accepted. + + require message = nice hosts say HELO first + condition = ${if def:sender_helo_name} + + # Insist that any other recipient address that we accept is either in one of + # our local domains, or is in a domain for which we explicitly allow + # relaying. Any other domain is rejected as being unacceptable for relaying. + require + message = relay not permitted + domains = +local_domains : +relay_to_domains + + + # We also require all accepted addresses to be verifiable. This check will + # do local part verification for local domains, but only check the domain + # for remote domains. + require + verify = recipient + + + # Verify recipients listed in local_rcpt_callout with a callout. + # This is especially handy for forwarding MX hosts (secondary MX or + # mail hubs) of domains that receive a lot of spam to non-existent + # addresses. The only way to check local parts for remote relay + # domains is to use a callout (add /callout), but please read the + # documentation about callouts before doing this. + deny + !acl = acl_local_deny_exceptions + recipients = ${if exists{CONFDIR/local_rcpt_callout}\ + {CONFDIR/local_rcpt_callout}\ + {}} + !verify = recipient/callout + + + # CONFDIR/local_sender_blacklist holds a list of envelope senders that + # should have their access denied to the local host. Incoming messages + # with one of these senders are rejected at RCPT time. + # + # The explicit white lists are honored as well as negative items in + # the black list. See exim4-config_files(5) for details. + deny + message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster ++ log_message = sender envelope address is locally blacklisted. + !acl = acl_local_deny_exceptions + senders = ${if exists{CONFDIR/local_sender_blacklist}\ + {CONFDIR/local_sender_blacklist}\ + {}} + + + # deny bad sites (IP address) + # CONFDIR/local_host_blacklist holds a list of host names, IP addresses + # and networks (CIDR notation) that should have their access denied to + # The local host. Messages coming in from a listed host will have all + # RCPT statements rejected. + # + # The explicit white lists are honored as well as negative items in + # the black list. See exim4-config_files(5) for details. + deny + message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster ++ log_message = sender IP address is locally blacklisted. + !acl = acl_local_deny_exceptions + hosts = ${if exists{CONFDIR/local_host_blacklist}\ + {CONFDIR/local_host_blacklist}\ + {}} + + + # Warn if the sender host does not have valid reverse DNS. + # + # If your system can do DNS lookups without delay or cost, you might want + # to enable this. + # If sender_host_address is defined, it's a remote call. If + # sender_host_name is not defined, then reverse lookup failed. Use + # this instead of !verify = reverse_host_lookup to catch deferrals + # as well as outright failures. + .ifdef CHECK_RCPT_REVERSE_DNS + warn + condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\ + {yes}{no}} + add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}}) + .endif + + + # Use spfquery to perform a pair of SPF checks (for details, see + # http://www.openspf.org/) + # + # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not + # enable if that's an issue. Also note that if you enable this, you must + # install "spf-tools-perl" which provides the spfquery command. + # Missing spf-tools-perl will trigger the "Unexpected error in + # SPF check" warning. + .ifdef CHECK_RCPT_SPF + deny + message = [SPF] $sender_host_address is not allowed to send mail from \ + ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \ + Please see \ + http://www.openspf.org/Why?scope=${if def:sender_address_domain \ + {mfrom}{helo}};identity=${if def:sender_address_domain \ + {$sender_address}{$sender_helo_name}};ip=$sender_host_address + log_message = SPF check failed. + !acl = acl_local_deny_exceptions + condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \ + ${quote:$sender_host_address} --identity \ + ${if def:sender_address_domain \ + {--scope mfrom --identity ${quote:$sender_address}}\ + {--scope helo --identity ${quote:$sender_helo_name}}}}\ + {no}{${if eq {$runrc}{1}{yes}{no}}}} + + defer + message = Temporary DNS error while checking SPF record. Try again later. + !acl = acl_local_deny_exceptions + condition = ${if eq {$runrc}{5}{yes}{no}} + + warn + condition = ${if <={$runrc}{6}{yes}{no}} + add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\ + {${if eq {$runrc}{2}{softfail}\ + {${if eq {$runrc}{3}{neutral}\ + {${if eq {$runrc}{4}{permerror}\ + {${if eq {$runrc}{6}{none}{error}}}}}}}}}\ + } client-ip=$sender_host_address; \ + ${if def:sender_address_domain \ + {envelope-from=${sender_address}; }{}}\ + helo=$sender_helo_name + + warn + log_message = Unexpected error in SPF check. + condition = ${if >{$runrc}{6}{yes}{no}} + .endif + + + # Check against classic DNS "black" lists (DNSBLs) which list + # sender IP addresses + .ifdef CHECK_RCPT_IP_DNSBLS + warn + dnslists = CHECK_RCPT_IP_DNSBLS + add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + .endif + + + # Check against DNSBLs which list sender domains, with an option to locally + # whitelist certain domains that might be blacklisted. + # + # Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append + # "/$sender_address_domain" after each domain. For example: + # CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \ + # : rhsbl.bar.org/$sender_address_domain + .ifdef CHECK_RCPT_DOMAIN_DNSBLS + warn + !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\ + {CONFDIR/local_domain_dnsbl_whitelist}\ + {}} + dnslists = CHECK_RCPT_DOMAIN_DNSBLS + add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + .endif + + + # This hook allows you to hook in your own ACLs without having to + # modify this file. If you do it like we suggest, you'll end up with + # a small performance penalty since there is an additional file being + # accessed. This doesn't happen if you leave the macro unset. + .ifdef CHECK_RCPT_LOCAL_ACL_FILE + .include CHECK_RCPT_LOCAL_ACL_FILE + .endif + + + ############################################################################# + # This check is commented out because it is recognized that not every + # sysadmin will want to do it. If you enable it, the check performs + # Client SMTP Authorization (csa) checks on the sending host. These checks + # do DNS lookups for SRV records. The CSA proposal is currently (May 2005) + # an Internet draft. You can, of course, add additional conditions to this + # ACL statement to restrict the CSA checks to certain hosts only. + # + # require verify = csa + ############################################################################# + + + # Accept if the address is in a domain for which we are an incoming relay, + # but again, only if the recipient can be verified. + + accept + domains = +relay_to_domains + endpass + verify = recipient + + + # At this point, the address has passed all the checks that have been + # configured, so we accept it unconditionally. + + accept diff --cc debian/debconf/conf.d/acl/40_exim4-config_check_data index abfa164,0000000..5b5c099 mode 100644,000000..100644 --- a/debian/debconf/conf.d/acl/40_exim4-config_check_data +++ b/debian/debconf/conf.d/acl/40_exim4-config_check_data @@@ -1,84 -1,0 +1,95 @@@ + +### acl/40_exim4-config_check_data +################################# + +# This ACL is used after the contents of a message have been received. This +# is the ACL in which you can test a message's headers or body, and in +# particular, this is where you can invoke external virus or spam scanners. + +acl_check_data: + + # Deny if the message contains an overlong line. Per the standards + # we should never receive one such via SMTP. + # + .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT + deny message = maximum allowed line length is 998 octets, \ + got $max_received_linelength + condition = ${if > {$max_received_linelength}{998}} + .endif + - # Deny unless the address list headers are syntactically correct. ++ # Deny if the headers contain badly-formed addresses. + # - # If you enable this, you might reject legitimate mail. - .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX ++ .ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX + deny - message = Message headers fail syntax check + !acl = acl_local_deny_exceptions + !verify = header_syntax ++ message = header syntax ++ log_message = header syntax ($acl_verify_message) + .endif + + + # require that there is a verifiable sender address in at least + # one of the "Sender:", "Reply-To:", or "From:" header lines. + .ifdef CHECK_DATA_VERIFY_HEADER_SENDER + deny + message = No verifiable sender address in message headers + !acl = acl_local_deny_exceptions + !verify = header_sender + .endif + + + # Deny if the message contains malware. Before enabling this check, you + # must install a virus scanner and set the av_scanner option in the + # main configuration. + # + # exim4-daemon-heavy must be used for this section to work. + # + # deny + # malware = * + # message = This message was detected as possible malware ($malware_name). + + + # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You also need to set the spamd_address ++ # you must install SpamAssassin. You may also need to set the spamd_address + # option in the main configuration. + # + # exim4-daemon-heavy must be used for this section to work. + # - # Please note that this is only suiteable as an example. There are - # multiple issues with this configuration method. For example, if you go - # this way, you'll give your spamassassin daemon write access to the - # entire exim spool which might be a security issue in case of a - # spamassassin exploit. ++ # Please note that this is only suiteable as an example. See ++ # /usr/share/doc/exim4-base/README.Debian.gz + # + # See the exim docs and the exim wiki for more suitable examples. + # ++ # # Remove internal headers + # warn - # spam = Debian-exim:true - # add_header = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report ++ # remove_header = X-Spam_score: X-Spam_score_int : X-Spam_bar : \ ++ # X-Spam_report ++ # ++ # warn ++ # condition = ${if <{$message_size}{120k}{1}{0}} ++ # # ":true" to add headers/acl variables even if not spam ++ # spam = nobody:true ++ # add_header = X-Spam_score: $spam_score ++ # add_header = X-Spam_bar: $spam_bar ++ # # Do not enable this unless you have shorted SpamAssassin's report ++ # #add_header = X-Spam_report: $spam_report ++ # ++ # Reject spam messages (score >15.0). ++ # This breaks mailing list and forward messages. ++ # deny ++ # message = Classified as spam (score $spam_score) ++ # condition = ${if <{$message_size}{120k}{1}{0}} ++ # condition = ${if >{$spam_score_int}{150}{true}{false}} + + + # This hook allows you to hook in your own ACLs without having to + # modify this file. If you do it like we suggest, you'll end up with + # a small performance penalty since there is an additional file being + # accessed. This doesn't happen if you leave the macro unset. + .ifdef CHECK_DATA_LOCAL_ACL_FILE + .include CHECK_DATA_LOCAL_ACL_FILE + .endif + + + # accept otherwise + accept diff --cc debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs index 82b0d1f,0000000..baa48fa mode 100644,000000..100644 --- a/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs +++ b/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs @@@ -1,101 -1,0 +1,81 @@@ +###################################################################### +# Runtime configuration file for Exim 4 (Debian Packaging) # +###################################################################### + +###################################################################### +# /etc/exim4/exim4.conf.template is only used with the non-split +# configuration scheme. +# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used +# with the split configuration scheme. +# If you find this comment anywhere else, somebody copied it there. +# Documentation about the Debian exim4 configuration scheme can be +# found in /usr/share/doc/exim4-base/README.Debian.gz. +###################################################################### + +###################################################################### +# MAIN CONFIGURATION SETTINGS # +###################################################################### + +# Just for reference and scripts. +# On Debian systems, the main binary is installed as exim4 to avoid +# conflicts with the exim 3 packages. +exim_path = /usr/sbin/exim4 + +# Macro defining the main configuration directory. +# We do not use absolute paths. +.ifndef CONFDIR +CONFDIR = /etc/exim4 +.endif + +# debconf-driven macro definitions get inserted after this line +UPEX4CmacrosUPEX4C = 1 + +# Create domain and host lists for relay control +# '@' refers to 'the name of the local host' + +# List of domains considered local for exim. Domains not listed here +# need to be deliverable remotely. +domainlist local_domains = MAIN_LOCAL_DOMAINS + +# List of recipient domains to relay _to_. Use this list if you're - +# for example - fallback MX or mail gateway for domains. +domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS + +# List of sender networks (IP addresses) to _unconditionally_ relay +# _for_. If you intend to be SMTP AUTH server, you do not need to enter +# anything here. +hostlist relay_from_hosts = MAIN_RELAY_NETS + + +# Decide which domain to use to add to all unqualified addresses. +# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary +# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value +# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined, +# the first line of /etc/mailname is used. +.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN +.ifndef MAIN_QUALIFY_DOMAIN +qualify_domain = ETC_MAILNAME +.else +qualify_domain = MAIN_QUALIFY_DOMAIN +.endif +.endif + +# listen on all all interfaces? +.ifdef MAIN_LOCAL_INTERFACES +local_interfaces = MAIN_LOCAL_INTERFACES +.endif + +.ifndef LOCAL_DELIVERY +# The default transport, set in /etc/exim4/update-exim4.conf.conf, +# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities +LOCAL_DELIVERY=mail_spool +.endif + +# The gecos field in /etc/passwd holds not only the name. see passwd(5). +gecos_pattern = ^([^,:]*) +gecos_name = $1 + - # define macros to be used in acl/30_exim4-config_check_rcpt to check - # recipient local parts for strange characters. - - # This macro definition really should be in - # acl/30_exim4-config_check_rcpt but cannot be there due to - # http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62. - - # These macros are documented in acl/30_exim4-config_check_rcpt, - # can be changed here or overridden by a locally added configuration - # file as described in README.Debian section "Using Exim Macros to control - # the configuration". - - .ifndef CHECK_RCPT_LOCAL_LOCALPARTS - CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] - .endif - - .ifndef CHECK_RCPT_REMOTE_LOCALPARTS - CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ - .endif - +# always log tls_peerdn as we use TLS for outgoing connects by default +.ifndef MAIN_LOG_SELECTOR +MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn +.endif diff --cc debian/debconf/conf.d/main/02_exim4-config_options index bf00d03,0000000..abff1d8 mode 100644,000000..100644 --- a/debian/debconf/conf.d/main/02_exim4-config_options +++ b/debian/debconf/conf.d/main/02_exim4-config_options @@@ -1,218 -1,0 +1,222 @@@ + +### main/02_exim4-config_options +################################# + + +# Defines the access control list that is run when an +# SMTP MAIL command is received. +# +.ifndef MAIN_ACL_CHECK_MAIL +MAIN_ACL_CHECK_MAIL = acl_check_mail +.endif +acl_smtp_mail = MAIN_ACL_CHECK_MAIL + + +# Defines the access control list that is run when an +# SMTP RCPT command is received. +# +.ifndef MAIN_ACL_CHECK_RCPT +MAIN_ACL_CHECK_RCPT = acl_check_rcpt +.endif +acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT + + +# Defines the access control list that is run when an +# SMTP DATA command is received. +# +.ifndef MAIN_ACL_CHECK_DATA +MAIN_ACL_CHECK_DATA = acl_check_data +.endif +acl_smtp_data = MAIN_ACL_CHECK_DATA + + +# Message size limit. The default (used when MESSAGE_SIZE_LIMIT +# is unset) is 50 MB +.ifdef MESSAGE_SIZE_LIMIT +message_size_limit = MESSAGE_SIZE_LIMIT +.endif + + +# If you are running exim4-daemon-heavy or a custom version of Exim that +# was compiled with the content-scanning extension, you can cause incoming +# messages to be automatically scanned for viruses. You have to modify the +# configuration in two places to set this up. The first of them is here, +# where you define the interface to your scanner. This example is typical +# for ClamAV; see the manual for details of what to set for other virus +# scanners. The second modification is in the acl_check_data access +# control list. + +# av_scanner = clamd:/var/run/clamav/clamd.ctl + + +# For spam scanning, there is a similar option that defines the interface to +# SpamAssassin. You do not need to set this if you are using the default, which +# is shown in this commented example. As for virus scanning, you must also +# modify the acl_check_data access control list to enable spam scanning. + +# spamd_address = 127.0.0.1 783 + +# Domain used to qualify unqualified recipient addresses +# If this option is not set, the qualify_domain value is used. +# qualify_recipient = + + +# Allow Exim to recognize addresses of the form "user@[10.11.12.13]", +# where the domain part is a "domain literal" (an IP address) instead +# of a named domain. The RFCs require this facility, but it is disabled +# in the default config since it is rarely used and frequently abused. +# Domain literal support also needs a special router, which is automatically +# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS. +# Additionally, you might want to make your local IP addresses (or @[]) +# local domains. +.ifdef MAIN_ALLOW_DOMAIN_LITERALS +allow_domain_literals +.endif + + +# Do a reverse DNS lookup on all incoming IP calls, in order to get the +# true host name. If you feel this is too expensive, the networks for +# which a lookup is done can be listed here. +.ifndef DC_minimaldns +.ifndef MAIN_HOST_LOOKUP +MAIN_HOST_LOOKUP = * +.endif +host_lookup = MAIN_HOST_LOOKUP +.endif + ++# The setting below causes Exim to try to initialize the system resolver ++# library with DNSSEC support. It has no effect if your library lacks ++# DNSSEC support. ++dns_dnssec_ok = 1 + +# In a minimaldns setup, update-exim4.conf guesses the hostname and +# dumps it here to avoid DNS lookups being done at Exim run time. +.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME +primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME +.endif + +# The settings below cause Exim to make RFC 1413 (ident) callbacks +# for all incoming SMTP calls. You can limit the hosts to which these +# calls are made, and/or change the timeout that is used. If you set +# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls +# are cheap and can provide useful information for tracing problem +# messages, but some hosts and firewalls have problems with them. +# This can result in a timeout instead of an immediate refused +# connection, leading to delays on starting up SMTP sessions. +# (The default was reduced from 30s to 5s for release 4.61. and to +# disabled for release 4.86) +# +#rfc1413_hosts = * +#rfc1413_query_timeout = 5s + + +# Enable an efficiency feature. We advertise the feature; clients +# may request to use it. For multi-recipient mails we then can +# reject or accept per-user after the message is received. +# +prdr_enable = true + +# When using an external relay tester (such as rt.njabl.org and/or the +# currently defunct relay-test.mail-abuse.org, the test may be aborted +# since exim complains about "too many nonmail commands". If you want +# the test to complete, add the host from where "your" relay tester +# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro. +# Please note that a non-empty setting may cause extra DNS lookups to +# happen, which is the reason why this option is commented out in the +# default settings. +# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org +.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +.endif + +# By default, exim forces a Sender: header containing the local +# account name at the local host name in all locally submitted messages +# that don't have the local account name at the local host name in the +# From: header, deletes any Sender: header present in the submitted +# message and forces the envelope sender of all locally submitted +# messages to the local account name at the local host name. +# The following settings allow local users to specify their own envelope sender +# in a locally submitted message. Sender: headers existing in a locally +# submitted message are not removed, and no automatic Sender: headers +# are added. These settings are fine for most hosts. +# If you run exim on a classical multi-user systems where all users +# have local mailboxes that can be reached via SMTP from the Internet +# with the local FQDN as the domain part of the address, you might want +# to disable the following three lines for traceability reasons. +.ifndef MAIN_FORCE_SENDER +local_from_check = false +local_sender_retain = true +untrusted_set_sender = * +.endif + + +# By default, Exim expects all envelope addresses to be fully qualified, that +# is, they must contain both a local part and a domain. Configure exim +# to accept unqualified addresses from certain hosts. When this is done, +# unqualified addresses are qualified using the settings of qualify_domain +# and/or qualify_recipient (see above). +# sender_unqualified_hosts = +# recipient_unqualified_hosts = + + +# Configure Exim to support the "percent hack" for certain domains. +# The "percent hack" is the feature by which mail addressed to x%y@z +# (where z is one of the domains listed) is locally rerouted to x@y +# and sent on. If z is not one of the "percent hack" domains, x%y is +# treated as an ordinary local part. The percent hack is rarely needed +# nowadays but frequently abused. You should not enable it unless you +# are sure that you really need it. +# percent_hack_domains = + + +# Bounce handling +.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER +MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d +.endif +ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER + +.ifndef MAIN_TIMEOUT_FROZEN_AFTER +MAIN_TIMEOUT_FROZEN_AFTER = 7d +.endif +timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER + +.ifndef MAIN_FREEZE_TELL +MAIN_FREEZE_TELL = postmaster +.endif +freeze_tell = MAIN_FREEZE_TELL + + +# Define spool directory +.ifndef SPOOLDIR +SPOOLDIR = /var/spool/exim4 +.endif +spool_directory = SPOOLDIR + + +# trusted users can set envelope-from to arbitrary values +.ifndef MAIN_TRUSTED_USERS +MAIN_TRUSTED_USERS = uucp +.endif +trusted_users = MAIN_TRUSTED_USERS +.ifdef MAIN_TRUSTED_GROUPS +trusted_groups = MAIN_TRUSTED_GROUPS +.endif + + +# users in admin group can do many other things +# admin_groups = + + +# SMTP Banner. The example includes the Debian version in the SMTP dialog +# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}" +# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full + +.ifdef MAIN_KEEP_ENVIRONMENT +keep_environment = MAIN_KEEP_ENVIRONMENT +.else +# set option to empty value to avoid warning. +keep_environment = +.endif +.ifdef MAIN_ADD_ENVIRONMENT +add_environment = MAIN_ADD_ENVIRONMENT +.endif diff --cc debian/debconf/conf.d/router/200_exim4-config_primary index 7681d91,0000000..8b03ae7 mode 100644,000000..100644 --- a/debian/debconf/conf.d/router/200_exim4-config_primary +++ b/debian/debconf/conf.d/router/200_exim4-config_primary @@@ -1,90 -1,0 +1,92 @@@ + +### router/200_exim4-config_primary +################################# +# This file holds the primary router, responsible for nonlocal mails + +.ifdef DCconfig_internet +# configtype=internet +# +# deliver mail to the recipient if recipient domain is a domain we +# relay for. We do not ignore any target hosts here since delivering to +# a site local or even a link local address might be wanted here, and if +# such an address has found its way into the MX record of such a domain, +# the local admin is probably in a place where that broken MX record +# could be fixed. + +dnslookup_relay_to_domains: + debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain" + driver = dnslookup + domains = ! +local_domains : +relay_to_domains + transport = remote_smtp + same_domain_copy_routing = yes ++ dnssec_request_domains = * + no_more + +# deliver mail directly to the recipient. This router is only reached +# for domains that we do not relay for. Since we most probably can't +# have broken MX records pointing to site local or link local IP +# addresses fixed, we ignore target hosts pointing to these addresses. + +dnslookup: + debug_print = "R: dnslookup for $local_part@$domain" + driver = dnslookup + domains = ! +local_domains + transport = remote_smtp + same_domain_copy_routing = yes + # ignore private rfc1918 and APIPA addresses + ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\ + 172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\ + 255.255.255.255 ++ dnssec_request_domains = * + no_more + +.endif + + +.ifdef DCconfig_local +# configtype=local +# +# Stand-alone system, so generate an error for mail to a non-local domain +nonlocal: + debug_print = "R: nonlocal for $local_part@$domain" + driver = redirect + domains = ! +local_domains + allow_fail + data = :fail: Mailing to remote domains not supported + no_more + +.endif + + +.ifdef DCconfig_smarthost DCconfig_satellite +# configtype=smarthost or configtype=satellite +# +# Send all non-local mail to a single other machine (smarthost). +# +# This means _ALL_ non-local mail goes to the smarthost. This will most +# probably not do what you want for domains that are listed in +# relay_domains. The most typical use for relay_domains is to control +# relaying for incoming e-mail on secondary MX hosts. In that case, +# it doesn't make sense to send the mail to the smarthost since the +# smarthost will probably send the message right back here, causing a +# loop. +# +# If you want to use a smarthost while being secondary MX for some +# domains, you'll need to copy the dnslookup_relay_to_domains router +# here so that mail to relay_domains is handled separately. + +smarthost: + debug_print = "R: smarthost for $local_part@$domain" + driver = manualroute + domains = ! +local_domains + transport = remote_smtp_smarthost + route_list = * DCsmarthost byname + host_find_failed = ignore + same_domain_copy_routing = yes + no_more + +.endif + + +# The "no_more" above means that all later routers are for +# domains in the local_domains list, i.e. just like Exim 3 directors. diff --cc debian/debconf/conf.d/transport/30_exim4-config_remote_smtp index 42bd601,0000000..bbad5fd mode 100644,000000..100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp @@@ -1,53 -1,0 +1,57 @@@ + +### transport/30_exim4-config_remote_smtp +################################# +# This transport is used for delivering messages over SMTP connections. +# Refuse to send any message with over-long lines, which could have +# been received other than via SMTP. The use of message_size_limit to +# enforce this is a red herring. + +remote_smtp: + debug_print = "T: remote_smtp for $local_part@$domain" + driver = smtp +.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT + message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} +.endif +.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS + hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS +.endif +.ifdef REMOTE_SMTP_HEADERS_REWRITE + headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE +.endif +.ifdef REMOTE_SMTP_RETURN_PATH + return_path = REMOTE_SMTP_RETURN_PATH +.endif +.ifdef REMOTE_SMTP_HELO_DATA + helo_data=REMOTE_SMTP_HELO_DATA +.endif +.ifdef DKIM_DOMAIN +dkim_domain = DKIM_DOMAIN +.endif +.ifdef DKIM_SELECTOR +dkim_selector = DKIM_SELECTOR +.endif +.ifdef DKIM_PRIVATE_KEY +dkim_private_key = DKIM_PRIVATE_KEY +.endif +.ifdef DKIM_CANON +dkim_canon = DKIM_CANON +.endif +.ifdef DKIM_STRICT +dkim_strict = DKIM_STRICT +.endif +.ifdef DKIM_SIGN_HEADERS +dkim_sign_headers = DKIM_SIGN_HEADERS +.endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif +.ifdef REMOTE_SMTP_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_PRIVATEKEY +.endif ++.ifndef REMOTE_SMTP_DISABLE_DANE ++dnssec_request_domains = * ++hosts_try_dane = * ++.endif diff --cc debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost index 9c18305,0000000..8c6b757 mode 100644,000000..100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost @@@ -1,47 -1,0 +1,48 @@@ + +### transport/30_exim4-config_remote_smtp_smarthost +################################# + +# This transport is used for delivering messages over SMTP connections +# to a smarthost. The local host tries to authenticate. +# This transport is used for smarthost and satellite configurations. +# Refuse to send any messsage with over-long lines, which could have +# been received other than via SMTP. The use of message_size_limit to +# enforce this is a red herring. + +remote_smtp_smarthost: + debug_print = "T: remote_smtp_smarthost for $local_part@$domain" + driver = smtp ++ multi_domain +.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT + message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} +.endif + hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \ + {\ + ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\ + }\ + {} \ + } +.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS + hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS +.endif +.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS + hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS +.endif +.ifdef REMOTE_SMTP_HEADERS_REWRITE + headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE +.endif +.ifdef REMOTE_SMTP_RETURN_PATH + return_path = REMOTE_SMTP_RETURN_PATH +.endif +.ifdef REMOTE_SMTP_HELO_DATA + helo_data=REMOTE_SMTP_HELO_DATA +.endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif +.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY +.endif diff --cc debian/debconf/update-exim4.conf index 59410db,0000000..084af7f mode 100644,000000..100644 --- a/debian/debconf/update-exim4.conf +++ b/debian/debconf/update-exim4.conf @@@ -1,484 -1,0 +1,484 @@@ +#!/bin/sh +# update-exim4.conf(8) - Generate /var/lib/exim4/config.autogenerated + +set -e +set -C +set -f + +UPEX4C_confdir="/etc/exim4" +UPEX4C_sections="main acl router transport retry rewrite auth" + +# list of ue4cc options that need to support both colons and +# semicolons as separators. dc_other_hostnames and dc_smarthost +# has special handling. +UPEX4C_semicolon="dc_local_interfaces dc_relay_nets dc_relay_domains" +EXIM="/usr/sbin/exim4" + +UPEX4C_verbose=no +UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated +UPEX4C_outputfile="${UPEX4C_autoconfigfile}" +UPEX4C_version="" + +usage() { +cat <&2 + exit 1 +fi + +eval set -- ${TEMP} +while test "$1" != "--"; do + case $1 in + -h|--help) + usage + exit 0 + ;; + -v|--verbose) + UPEX4C_verbose=yes + ;; + --keepcomments) + UPEX4C_comments=yes + ;; + --removecomments) + UPEX4C_comments=no + ;; + --check) + UPEX4C_check=yes + ;; + -o|--output) + shift + UPEX4C_outputfile="$1" + ;; + -d|--confdir) + shift + UPEX4C_confdir="$1" + ;; + esac + shift +done +shift + +# No non-option arguments allowed. +if [ "$#" -ne 0 ]; then + echo "No non option arguments ($@) allowed" >&2 + usage >&2 + exit 1 +fi + +# exit immediately if /etc/exim4/exim4.conf exists and -o was not specified +if [ -e /etc/exim4/exim4.conf ] && \ + [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] ; then + exit 0 +fi + +UE4CC="$UPEX4C_confdir/update-exim4.conf.conf" +UPEX4C_confd="$UPEX4C_confdir/conf.d" + +[ -d "$(dirname "$UPEX4C_outputfile")" ] || \ +{ printf "$0: Error, missing $(dirname "$UPEX4C_outputfile"), exiting.\n" 1>&2 ; exit 1 ; } + +if [ -f "$UE4CC" ]; then + . "$UE4CC" +else + echo >&2 "$0: Error, no $UE4CC, exiting." + exit 1 +fi + + +UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated +if [ "$(dirname ${UPEX4C_outputfile})" = "/var/lib/exim4" ] ; then + UPEX4C_tmp="${UPEX4C_outputfile}.tmp" +else + UPEX4C_tmp="$(tempfile -m600 -p ex4)" +fi + +lowerpipe() { + tr 'A-Z' 'a-z' +} + +lowercase() { + echo "$*" | lowerpipe +} + +check_ascii_pipe() { + IN="$(cat)" + # Use "abcdef... instead of a a-z or [:alnum:] here since the alternatives + # will also match non-ascii characters. + OUT="$(echo $IN | sed 's/[^-0-9ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\/\.!*@_~:;< \[\]]/_/g')" + if [ "$OUT" != "$IN" ]; then + echo >&2 "$0: non-ascii value $IN read from $UE4CC, sanitizing to $OUT" + fi + echo $OUT +} + +[ "${CFILEMODE}" = "" ] && CFILEMODE=644 +[ "${dc_use_split_config}" = "" ] && dc_use_split_config='false' +[ "${dc_localdelivery}" = "" ] && dc_localdelivery='mail_spool' +[ "${UPEX4C_comments:-}" = "" ] && UPEX4C_comments="${ue4c_keepcomments:-no}" + +TEMPLATEFILE="${UPEX4C_confdir}/exim4.conf.template" + +dc_use_split_config="$(lowercase $dc_use_split_config)" +UPEX4C_verbose="$(lowercase $UPEX4C_verbose)" + +if [ "${dc_use_split_config}" = "true" ]; then + [ "${UPEX4C_verbose}" = "yes" ] && \ + echo "using split configuration scheme from ${UPEX4C_confd}" + if ! [ -d "${UPEX4C_confd}" ]; then + printf >&2 "$0: Error, no ${UPEX4C_confd}, exiting.\n" + exit 1 + fi +else + [ "${UPEX4C_verbose}" = "yes" ] && \ + echo "using non-split configuration scheme from ${TEMPLATEFILE}" +fi + +# take only the first word from /etc/mailname +mailname="$(< /etc/mailname sed -n 's/\([-[:alnum:]@\.]\+\).*/\1/;p;q' | lowerpipe | check_ascii_pipe)" + +# barf if lookups are found. They have never been supported here. +if echo " ${dc_other_hostnames} ${dc_smarthost} ${dc_local_interfaces} ${dc_relay_nets} ${dc_relay_domains}"| grep -q '[[:space:]]\(partial-\)\?\(cdb\|dbm\|dbmnz\|\(d\|ipl\|\(n\?wild\)\?l\)search\|nis\)\([\*@]\)\?[[:space:]]*;'; then + echo >&2 "WARNING: using 'lookup;' constructs in $UE4CC has never been supported! See /usr/share/doc/exim4-config/NEWS.Debian.gz for details." +fi + +dc_other_hostnames="$(lowercase $dc_other_hostnames | check_ascii_pipe)" +# add localhost, get rid of spaces, trailing (semi)colons and make the list +# colon separated +local_domains="$(echo @:localhost:"${dc_other_hostnames}" | \ + sed -e 's/[;: ]*$//' -e 's/ *//' -e 's/;/:/g')" + + +# run-parts emulation, stolen from Branden's /etc/X11/Xsession +# Addition: Use file.rul instead if file if it exists. +run_parts () { + # reset LC_COLLATE + unset LANG LC_COLLATE LC_ALL + + if [ -z "$1" ]; then + errormessage "$0: internal run_parts called without an argument" + fi + if [ ! -d "$1" ]; then + errormessage "$0: internal run_parts called, but $1 does not exist or is not a directory." + fi + for F in $(ls $1); do + if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then + if [ -f "$1/$F" ] ; then + if [ -f "$1/${F}.rul" ] ; then + echo "$1/${F}.rul" + else + echo "$1/$F" + fi + fi + else + if [ "${UPEX4C_verbose}" = "yes" ] && \ + [ -f "$1/$F" ] && \ + ! expr "$F" : '[[:alnum:]_-]\+\.rul'> /dev/null 2>&1 ; then + echo \ + "internal run-parts: ignoring file: $1/$F" 1>&2 + fi + fi + done; +} +# also from Branden +errormessage () { + # pretty-print messages of arbitrary length (no trailing newline) + echo "$*" | fold -s -w ${COLUMNS:-80} >&2; +} + +cat_parts() { + if [ -z "$1" ]; then + errormessage "$0: internal cat_parts called without an argument" + fi + if [ ! -d "$1" ]; then + errormessage "$0: internal cat_parts called, but $1 does not exist or is not a directory." + fi + for file in $(run_parts $1); do + echo "#####################################################" + echo "### $file" + echo "#####################################################" + cat "$file" + echo + echo "#####################################################" + echo "### end $file" + echo "#####################################################" + done +} + +gentmpconf() { + rm -f "${UPEX4C_tmp}" + touch "${UPEX4C_tmp}" + # this can be removed by the end of 2007 + #chown --reference=${TEMPLATEFILE} \ + # ${UPEX4C_tmp} ${UPEX4C_outputfile} + #chmod --reference=${TEMPLATEFILE} \ + # ${UPEX4C_tmp} ${UPEX4C_outputfile} + if [ "$(id -u)" = "0" ]; then + chown root:Debian-exim "${UPEX4C_tmp}" + [ -e "${UPEX4C_outputfile}" ] && \ + chown root:Debian-exim "${UPEX4C_outputfile}" + fi + chmod 640 "${UPEX4C_tmp}" + if [ -e "${UPEX4C_outputfile}" ]; then + chmod 640 "${UPEX4C_outputfile}" + fi +} + +removecomments(){ + if [ "${UPEX4C_comments}" = "no" ] ; then + grep -E -v '^[[:space:]]*#' | sed -e '/^$/N;/\n$/D' ; + else + cat + fi +} + +gentmpconf + +cat << EOF >> "${UPEX4C_tmp}" +######### +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# This file was generated dynamically from +EOF + +if [ "${dc_use_split_config}" = "true" ] ; then +cat << EOF >> "${UPEX4C_tmp}" +# split config files in the $UPEX4C_confd/ directory. +EOF +else +cat << EOF >> "${UPEX4C_tmp}" +# non-split config ($UPEX4C_confdir/exim4.conf.localmacros +# and $UPEX4C_confdir/exim4.conf.template). +EOF +fi + +cat << EOF >> "${UPEX4C_tmp}" +# The config files are supplemented with package installation/configuration +# settings managed by debconf. This data is stored in +# $UPEX4C_confdir/update-exim4.conf.conf +# Any changes you make here will be lost. +# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8) +# for instructions of customization. +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +######### +EOF + +# handle ";" in input values as separator change + +for field in $UPEX4C_semicolon; do + if eval echo \$$field | grep -q ";"; then + eval temp=\$$field + if ! echo $temp | grep -q "^<"; then + temp="<; $temp" + eval "$field='$temp'" + fi + fi +done + +# fix up smarthost line: change semicolons into single colons +dc_smarthost="$(lowercase $dc_smarthost | check_ascii_pipe | sed 's/;/:/g')" + +dc_relay_nets="$(lowercase $dc_relay_nets | check_ascii_pipe)" + +if echo "$dc_relay_nets" | grep -q '^<;'; then + dc_relay_nets="$dc_relay_nets ; 127.0.0.1 ; ::1" +else + dc_relay_nets="$dc_relay_nets : 127.0.0.1 : ::::1" +fi + +dc_eximconfig_configtype="$(lowercase $dc_eximconfig_configtype | check_ascii_pipe)" +dc_hide_mailname="$(lowercase $dc_hide_mailname | check_ascii_pipe)" +dc_readhost="$(lowercase $dc_readhost | check_ascii_pipe)" +case "$dc_eximconfig_configtype" in + satellite|smarthost) + if [ "${dc_hide_mailname}" = "true" ] && [ -n "${dc_readhost}" ] ; then + hide_mailname=1 + fi + ;; + local) + ;; + internet) + ;; + none|*) + if [ "${dc_use_split_config}" = "true" ] ; then + for i in ${UPEX4C_sections} ; do + cat_parts "${UPEX4C_confd}/$i" + done | \ + removecomments \ + >> "${UPEX4C_tmp}" + else + LOCALMACROS="" + if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then + LOCALMACROS="/etc/exim4/exim4.conf.localmacros" + fi + cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" | \ + removecomments \ + >> "${UPEX4C_tmp}" + fi + mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}" + chmod "${CFILEMODE}" "${UPEX4C_outputfile}" + [ "${UPEX4C_verbose}" = "yes" ] && \ + echo "Not substituting variables since conftype is none (or other)" + exit 0 + ;; +esac + +UPEX4C_macros="##############################################\n" +UPEX4C_macros="${UPEX4C_macros}# the following macro definitions were created\n" +UPEX4C_macros="${UPEX4C_macros}# dynamically by $0\n" + +preprocess_macro() { + macroname="${1:-}" + shift - contents="$(lowercase ${@:-empty} | check_ascii_pipe)" ++ contents="$(lowercase ${@} | check_ascii_pipe)" + printf "%s" ".ifndef $macroname\n$macroname=$contents\n.endif\n" +} + +seed_macro() { + UPEX4C_macros="${UPEX4C_macros}$(preprocess_macro "$1" "$2")" +} + +file2macros() { + file="$1" + < $1 \ + sed -n '/^[[:upper:]]/p;' | \ + grep -v '^CFILEMODE=' | \ + while read line; do + errormessage "undocumented line $line found in $1, generating exim macro" + left="$(echo $line | sed 's/\([^=]*\).*/\1/')" + right="$(echo $line | sed 's/[^=]*=\(.*\)/\1/')" + preprocess_macro "$left" "$right" + done +} + +if [ "${dc_local_interfaces}" != "" ] ; then + seed_macro "MAIN_LOCAL_INTERFACES" "${dc_local_interfaces}" +fi + +if [ "${dc_minimaldns}" = "true" ] ; then + seed_macro "DC_minimaldns" "1" + if guessed_name="$(hostname --fqdn | lowerpipe | check_ascii_pipe | grep '\.')" ; then + seed_macro "MAIN_HARDCODE_PRIMARY_HOSTNAME" "$guessed_name" + else + errormessage "hostname --fqdn did not return a fully qualified name, dc_minimaldns will not work. Please fix your /etc/hosts setup." + fi +fi + +if [ -n "${hide_mailname:-}" ]; then + seed_macro "HIDE_MAILNAME" "${hide_mailname:-}" +fi +seed_macro "MAIN_PACKAGE_VERSION" "$UPEX4C_version" +seed_macro "MAIN_LOCAL_DOMAINS" "${local_domains}" +seed_macro "MAIN_RELAY_TO_DOMAINS" "${dc_relay_domains}" +seed_macro "ETC_MAILNAME" "$mailname" +seed_macro "LOCAL_DELIVERY" "${dc_localdelivery}" +seed_macro "MAIN_RELAY_NETS" "${dc_relay_nets}" +seed_macro "DCreadhost" "${dc_readhost}" +seed_macro "DCsmarthost" "${dc_smarthost}" +seed_macro "DC_eximconfig_configtype" "${dc_eximconfig_configtype}" +seed_macro "DCconfig_${dc_eximconfig_configtype}" "1" + +# dump everything starting with a capital into macros as well +# this is going to stay undocumented, but fixes PEBCAK where people write +# macros into ue4cc. + +UPEX4C_macros="${UPEX4C_macros}$(file2macros $UE4CC)" + +UPEX4C_macros="${UPEX4C_macros}##############################################\n" + +case "${dc_use_split_config}" in +true) + for i in ${UPEX4C_sections} ; do + echo "# begin processing $i #####" + cat_parts "${UPEX4C_confd}/$i" + echo "# end of $i #####" + done \ + | removecomments \ + | sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \ + >> "${UPEX4C_tmp}" + RELEVANTTEMPLATE="$UPEX4C_confd" +;; +false) + if [ ! -r "$TEMPLATEFILE" ] ; then + echo "Error: Unsplit config selected and $TEMPLATEFILE missing ... exiting" 1>&2 + exit 1 + fi + LOCALMACROS="" + if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then + LOCALMACROS="${UPEX4C_confdir}/exim4.conf.localmacros" + fi + cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" \ + | removecomments \ + | sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \ + >> "${UPEX4C_tmp}" + RELEVANTTEMPLATE="$TEMPLATEFILE" +;; +*) + errormessage "Invalid value for dc_use_split_config: \"${dc_use_split_config}\", exiting." + rm -f "${UPEX4C_tmp}" + exit 1 +;; +esac + +# check for left-over DEBCONF strings that may cause installation trouble +# (fix PEBCAK for people who don't accept conffile changes and don't +# read docs) +if grep -qr '^[^#]*DEBCONF[[:lower:]_]\+DEBCONF' $RELEVANTTEMPLATE \ + && ! grep -qr '^[[:space:]]*DEBCONFstringOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then + errormessage "DEBCONFsomethingDEBCONF found in exim configuration. This is most probably caused by you upgrading to exim4 4.67-3 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-2 and 4.67-4" +fi + +# check for left-over UPEX4CmacrosUPEX4C comment string that may cause +# installation trouble (fix PEBCAK for people who don't accept conffile +# changes and don't read docs) +if grep -qr '# UPEX4CmacrosUPEX4C' $RELEVANTTEMPLATE \ + && ! grep -qr '^[[:space:]]*UPEX4CmacrosOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then + errormessage "UPEX4CmacrosUPEX4C found in an exim configuration comment. This is most probably caused by you upgrading to exim4 4.67-5 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-5" +fi + + +# test validity if called without -o or if --check was supplied +if [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] || \ + [ "x${UPEX4C_check}" = "xyes" ]; then + if [ -x "${EXIM}" ] ; then + if ! "${EXIM}" -C "${UPEX4C_tmp}" -bV > /dev/null ; then + # we have an error in the configuration file. Do not install + # and activate. However, errors in string expansions inside + # the configuration file are not detected by this check! + errormessage "Invalid new configfile ${UPEX4C_tmp}, not installing ${UPEX4C_tmp} to ${UPEX4C_outputfile}" + exit 1 + fi + fi +fi +if [ "x${UPEX4C_check}" = "xyes" ]; then + rm -f "${UPEX4C_tmp}" + exit 0 +fi + +mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}" +chmod "${CFILEMODE}" "${UPEX4C_outputfile}" + +# end of file diff --cc debian/e-n-if-up index 2c32320,0000000..f2bc72e mode 100644,000000..100644 --- a/debian/e-n-if-up +++ b/debian/e-n-if-up @@@ -1,37 -1,0 +1,37 @@@ +#!/bin/bash + +# put this file in /etc/network/if-up.d/exim4-smarthost +# add an exim4-smarthost smtp.server.example.com::587 line to your interface +# stanza in /etc/network/interfaces + +# this will only work for split config, since in non-split config we +# only have a single file which is included and which would need more +# serious string processing to alter. With split config, we can blindly +# overwrite our previous file. + +# Environment: +# MODE = { start | stop } +# IF_EXIM4_SMARTHOST = hostname[::port] + +SMARTHOSTFILE="/etc/exim4/conf.d/main/00_local_DCsmarthost" + +if [ -z "$IF_EXIM4_SMARTHOST" ]; then + exit 0 +fi + +if [ "$MODE" = 'stop' ]; then + rm -f $SMARTHOSTFILE - /etc/init.d/exim4 reload > /dev/null || true ++ invoke exim4 reload > /dev/null || true + exit 0 +fi + +if [ "$IF_EXIM4_SMARTHOST" = "none" ]; then + rm -f $SMARTHOSTFILE - /etc/init.d/exim4 reload > /dev/null || true ++ invoke exim4 reload > /dev/null || true + exit 0 +fi + +echo "DCsmarthost = ${IF_EXIM4_SMARTHOST}" > $SMARTHOSTFILE + - /etc/init.d/exim4 reload > /dev/null || true ++invoke exim4 reload > /dev/null || true +/usr/sbin/exim4 -qqf diff --cc debian/example.conf.md5 index c16aa76,0000000..e7ee18b mode 100644,000000..100644 --- a/debian/example.conf.md5 +++ b/debian/example.conf.md5 @@@ -1,1 -1,0 +1,1 @@@ - 855d721412eba13426a8781cc804157d - ++321b32be071eee7394d7884f9471e6bd - diff --cc debian/exim4-base.cron.daily index 8f26b63,0000000..9ee4140 mode 100644,000000..100644 --- a/debian/exim4-base.cron.daily +++ b/debian/exim4-base.cron.daily @@@ -1,105 -1,0 +1,105 @@@ +#!/bin/sh + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + + +# set this to some other value if you don't want the panic log to be +# watched by this script, for example when you're using your own log +# checking mechanisms or don't care. + +E4BCD_DAILY_REPORT_TO="" +E4BCD_DAILY_REPORT_OPTIONS="" +E4BCD_WATCH_PANICLOG="yes" +# Number of lines of paniclog quoted in warning email. +E4BCD_PANICLOG_LINES="10" +E4BCD_PANICLOG_NOISE="" + +# Only do anything if exim4 is actually installed +if [ ! -x /usr/lib/exim4/exim4 ]; then + exit 0 +fi + +[ -f /etc/default/exim4 ] && . /etc/default/exim4 + +SPOOLDIR="$(exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')" + +# The log processing code used in this cron script is not very +# sophisticated. It relies on this cron job being executed earlier than +# the log rotation job, and will have false results if the log is not +# rotated exactly once daily in the daily cron processing. Even in the +# default configuration, it will ignore log entries made between this +# cron job and the log rotation job. + +# Patches for more sophisticated processing are appreciated via the +# Debian BTS. + +E4BCD_MAINLOG_NOISE="^[[:digit:][:space:]:-]\{20\}\(\(Start\|End\) queue run: pid=[[:digit:]]\+\|exim [[:digit:]\.]\+ daemon started: pid=[[:digit:]]\+, .*\)$" + +if [ -n "$E4BCD_DAILY_REPORT_TO" ]; then + if [ -x "$(command -v eximstats)" ] && [ -x "$(command -v mail)" ]; then + if [ "$(< /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" | wc -l)" -gt "0" ]; then + < /var/log/exim4/mainlog grep -v "$E4BCD_MAINLOG_NOISE" \ + | eximstats $E4BCD_DAILY_REPORT_OPTIONS \ + | mail -s"$(hostname --fqdn) Daily e-mail activity report" \ + $E4BCD_DAILY_REPORT_TO + else + echo "no mail activity in this interval" \ + | mail -s"$(hostname --fqdn) Daily e-mail activity report" \ + $E4BCD_DAILY_REPORT_TO + fi + else + echo "The exim4 cron job is configured to send a daily report, but eximstats" + echo "and/or mail cannot be found. Please check and make sure that these two" + echo "binaries are available" + fi +fi + +log_this() { + TEXT="$@" + if ! logger -t exim4 -p mail.alert $TEXT; then + RET="$?" + echo >&2 "ALERT: could not syslog $TEXT, logger return value $RET" + fi +} + +if [ "$E4BCD_WATCH_PANICLOG" != "no" ]; then + if [ -s "/var/log/exim4/paniclog" ]; then + if [ -x "/usr/local/lib/exim4/nonzero_paniclog_hook" ]; then + /usr/local/lib/exim4/nonzero_paniclog_hook + fi + if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then + log_this "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken" + if ! printf "Subject: exim paniclog on %s has non-zero size\nTo: root\n\nexim paniclog /var/log/exim4/paniclog on %s has non-zero size, mail system might be broken. The last ${E4BCD_PANICLOG_LINES} lines are quoted below.\n\n%s\n" \ + "$(hostname --fqdn)" "$(hostname --fqdn)" \ + "$(tail -n "${E4BCD_PANICLOG_LINES}" /var/log/exim4/paniclog)" \ + | exim4 root; then + log_this "PANIC: sending out e-mail warning has failed, exim has non-zero return code" + fi + if [ "$E4BCD_WATCH_PANICLOG" = "once" ]; then + logrotate -f /etc/logrotate.d/exim4-paniclog + fi + fi + fi +fi + +# run tidydb as Debian-exim:Debian-exim. +if [ -x /usr/sbin/exim_tidydb ]; then + cd $SPOOLDIR/db || exit 1 + if ! find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \ + -or -type f -printf '%f\0' | \ + xargs -0r -n 1 \ + start-stop-daemon --start --exec /usr/sbin/exim_tidydb \ + --chuid Debian-exim:Debian-exim -- $SPOOLDIR > /dev/null; then + # if we reach this, invoking exim_tidydb from start-stop-daemon has + # failed, most probably because of libpam-tmpdir being in use + # (see #373786 and #376165) + find $SPOOLDIR/db -maxdepth 1 -name '*.lockfile' -or -name 'log.*' \ + -or -type f -printf '%f\0' | \ - su - --shell /bin/bash \ - --command "xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \ ++ runuser --shell=/bin/bash \ ++ --command="xargs -0r -n 1 /usr/sbin/exim_tidydb $SPOOLDIR > /dev/null" \ + Debian-exim + fi +fi diff --cc debian/exim4-base.dirs index 70c36b0,0000000..f45547e mode 100644,000000..100644 --- a/debian/exim4-base.dirs +++ b/debian/exim4-base.dirs @@@ -1,5 -1,0 +1,5 @@@ - /usr/sbin - /usr/share/man/man8 +/etc/cron.daily +/etc/logrotate.d ++/usr/sbin +/usr/share/doc/exim4-base/examples ++/usr/share/man/man8 diff --cc debian/exim4-base.docs index cf76261,0000000..b785cea mode 100644,000000..100644 --- a/debian/exim4-base.docs +++ b/debian/exim4-base.docs @@@ -1,15 -1,0 +1,15 @@@ - b-exim4-daemon-light/NOTICE +b-exim4-daemon-light/ACKNOWLEDGMENTS - b-exim4-daemon-light/doc/README - b-exim4-daemon-light/doc/README.SIEVE ++b-exim4-daemon-light/NOTICE +b-exim4-daemon-light/README.UPDATING - b-exim4-daemon-light/doc/dbm.discuss.txt +b-exim4-daemon-light/doc/Exim3.upgrade +b-exim4-daemon-light/doc/Exim4.upgrade - b-exim4-daemon-light/doc/filter.txt ++b-exim4-daemon-light/doc/GnuTLS-FAQ.txt +b-exim4-daemon-light/doc/NewStuff +b-exim4-daemon-light/doc/OptionLists.txt ++b-exim4-daemon-light/doc/README ++b-exim4-daemon-light/doc/README.SIEVE ++b-exim4-daemon-light/doc/dbm.discuss.txt ++b-exim4-daemon-light/doc/filter.txt +b-exim4-daemon-light/doc/spec.txt - b-exim4-daemon-light/doc/GnuTLS-FAQ.txt - debian/changelog.Debian.old +debian/README.Debian.html ++debian/changelog.Debian.old diff --cc debian/exim4-base.examples index 99b99ab,0000000..88bad16 mode 100644,000000..100644 --- a/debian/exim4-base.examples +++ b/debian/exim4-base.examples @@@ -1,5 -1,0 +1,5 @@@ +b-exim4-daemon-light/util/cramtest.pl +b-exim4-daemon-light/util/logargs.sh +b-exim4-daemon-light/util/unknownuser.sh - debian/exim-gencert +debian/exim-adduser ++debian/exim-gencert diff --cc debian/exim4-base.exim4.init index 8bc24e3,0000000..61f2aff mode 100644,000000..100644 --- a/debian/exim4-base.exim4.init +++ b/debian/exim4-base.exim4.init @@@ -1,279 -1,0 +1,289 @@@ +#! /bin/sh +# /etc/init.d/exim4 +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by Ian Murdock . +# Modified for exim by Tim Cutts +# Modified for exim4 by Andreas Metzler +# and Marc Haber + +### BEGIN INIT INFO +# Provides: exim4 +# Required-Start: $remote_fs $syslog $named $network $time +# Required-Stop: $remote_fs $syslog $named $network +# Should-Start: postgresql mysql clamav-daemon greylist spamassassin +# Should-Stop: postgresql mysql clamav-daemon greylist spamassassin +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: exim Mail Transport Agent +# Description: exim is a Mail Transport agent +### END INIT INFO + +set -e + +test -x /usr/lib/exim4/exim4 || exit 0 + +. /lib/lsb/init-functions + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +LANG=C +export LANG + +#read default file +QUEUERUNNER='combined' +QUEUEINTERVAL='30m' +UPEX4OPTS='' +[ -f /etc/default/exim4 ] && . /etc/default/exim4 +PIDFILE="/run/exim4/exim.pid" +QRPIDFILE="/run/exim4/eximqr.pid" + +upex4conf() { + UPEX4CONF="update-exim4.conf" + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$UPEX4CONF" ]; then + IFS="$OLDIFS" + $p/$UPEX4CONF $UPEX4OPTS $1 + return 0 + fi + done + IFS="$OLDIFS" +} + +# Exit if exim runs from /etc/inetd.conf +if [ -f /etc/inetd.conf ] && grep -E -q '^[[:space:]]*((\*|[[:alnum:].-]+):)?smtp[[:space:]]' /etc/inetd.conf +then + upex4conf + exit 0 +fi + + +DAEMON="/usr/sbin/exim4" +NAME="exim4" + +# this is from madduck on IRC, 2006-07-06 +# There should be a better possibility to give daemon error messages +# and/or to log things +log() +{ + case "$1" in + [[:digit:]]*) success=$1; shift;; + *) :;; + esac + log_action_begin_msg "$1"; shift + log_action_end_msg ${success:-0} "$*" +} + +start_exim() +{ + [ -e /run/exim4 ] || \ + install -d -oDebian-exim -gDebian-exim -m750 /run/exim4 + case ${QUEUERUNNER} in + combined) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -bd "-q${QFLAGS}${QUEUEINTERVAL}" \ + ${COMMONOPTIONS} \ + ${QUEUERUNNEROPTIONS} \ + ${SMTPLISTENEROPTIONS} + log_progress_msg "exim4" + ;; + separate) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -bd \ + ${COMMONOPTIONS} \ + ${SMTPLISTENEROPTIONS} + log_progress_msg "exim4_listener" + start_daemon -p "$QRPIDFILE" \ + "$DAEMON" -oP $QRPIDFILE \ + "-q${QFLAGS}${QUEUEINTERVAL}" \ + ${COMMONOPTIONS} \ + ${QUEUERUNNEROPTIONS} + log_progress_msg "exim4_queuerunner" + ;; + queueonly) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -oP $PIDFILE \ + "-q${QFLAGS}${QUEUEINTERVAL}" \ + ${COMMONOPTIONS} \ + ${QUEUERUNNEROPTIONS} + log_progress_msg "exim4_queuerunner" + ;; + no|ppp) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -bd \ + ${COMMONOPTIONS} \ + ${SMTPLISTENEROPTIONS} + log_progress_msg "exim4_listener" + ;; + nodaemon) + ;; + esac +} + +stop_exim() +{ +# we try to kill eximqr and exim SMTP listener, no matter what +# ${QUEUERUNNER} is set to, we could have switched since starting. + if [ -f "$QRPIDFILE" ]; then - killproc -p "$QRPIDFILE" "$DAEMON" ++ start-stop-daemon --stop --retry 5 --quiet --oknodo --remove-pidfile \ ++ --pidfile "$QRPIDFILE" \ ++ --exec "$DAEMON" + # exim does not remove the pidfile - if [ $? -eq 0 ] ; then rm -f "$QRPIDFILE" ; fi ++ if [ $? -eq 2 ] ; then rm -f "$QRPIDFILE" ; fi + log_progress_msg "exim4_queuerunner" + fi + if [ -f "$PIDFILE" ]; then - killproc -p "$PIDFILE" "$DAEMON" ++ start-stop-daemon --stop --retry 5 --quiet --oknodo --remove-pidfile \ ++ --pidfile "$PIDFILE" \ ++ --exec "$DAEMON" + # exim does not remove the pidfile - if [ $? -eq 0 ] ; then rm -f "$PIDFILE" ; fi ++ if [ $? -eq 2 ] ; then rm -f "$PIDFILE" ; fi + log_progress_msg "exim4_listener" + fi +} + +reload_exim() +{ + case ${QUEUERUNNER} in + combined|no|ppp|queueonly) - killproc -p "$PIDFILE" "$DAEMON" -HUP ++ start-stop-daemon --stop --signal HUP --quiet --oknodo \ ++ --pidfile "$PIDFILE" \ ++ --exec "$DAEMON" + log_progress_msg "exim4" + ;; + separate) - killproc -p "$PIDFILE" "$DAEMON" -HUP ++ start-stop-daemon --stop --signal HUP --quiet --oknodo \ ++ --pidfile "$PIDFILE" \ ++ --exec "$DAEMON" + log_progress_msg "exim4_listener" - killproc -p "$QRPIDFILE" "$DAEMON" -HUP ++ start-stop-daemon --stop --signal HUP --quiet --oknodo \ ++ --pidfile "$QRPIDFILE" \ ++ --exec "$DAEMON" + log_progress_msg "exim4_queuerunner" + ;; + esac +} + +kill_all_exims() +{ SIG="${1:-TERM}" + for pid in $(pidof $NAME); do + if [ "$(readlink /proc/$pid/root)" = "/" ]; then + kill -$SIG $pid + fi + done +} + +status() +{ + # the exit value of this function reflects the status of the SMTP + # service. Output shows the status of the queue runner as well. + SMTPNAME="SMTP listener daemon" + QRNAME="separate queue runner daemon" + if [ "${QUEUERUNNER}" = "combined" ]; then + SMTPNAME="combined SMTP listener and queue runner daemon" + elif [ "${QUEUERUNNER}" = "queueonly" ]; then + SMTPNAME="separate queue runner daemon" + fi + log_action_begin_msg "checking $QRNAME" + if pidofproc -p "$QRPIDFILE" "$DAEMON" >/dev/null; then + log_action_end_msg 0 "running" + else + if [ -e "$QRPIDFILE" ]; then + log_action_end_msg 1 "$QRNAME failed" + else + log_action_end_msg 0 "not running" + fi + fi + log_action_begin_msg "checking $SMTPNAME" + if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then + log_action_end_msg 0 "running" + exit 0 + else + if [ -e "$PIDFILE" ]; then + log_action_end_msg 1 "$SMTPNAME failed" + exit 1 + else + log_action_end_msg 0 "not running" + exit 3 + fi + fi +} + +# check for valid configuration file +isconfigvalid() +{ +if ! $DAEMON -bV > /dev/null ; then + log 1 "Warning! Invalid configuration file for $NAME. Exiting." + exit 1 +fi +} + +# check for non-empty paniclog +warn_paniclog() +{ + if [ -s "/var/log/exim4/paniclog" ]; then + if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then + echo "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken" 1>&2 + fi + fi +} + +case "$1" in + start) + log_daemon_msg "Starting MTA" + # regenerate exim4.conf + upex4conf + isconfigvalid + start_exim + log_end_msg 0 + warn_paniclog + ;; + stop) + log_daemon_msg "Stopping MTA" + stop_exim + log_end_msg 0 + warn_paniclog + ;; + restart) + # check whether newly generated config would work + upex4conf --check + log_daemon_msg "Stopping MTA for restart" + stop_exim + # regenerate exim4.conf + upex4conf + isconfigvalid + log_end_msg 0 + sleep 2 + log_daemon_msg "Restarting MTA" + start_exim + log_end_msg 0 + warn_paniclog + ;; + reload|force-reload) + log_daemon_msg "Reloading $NAME configuration files" + # regenerate exim4.conf + upex4conf + isconfigvalid + reload_exim + log_end_msg 0 + warn_paniclog + ;; + status) + status + ;; + force-stop) + kill_all_exims $2 + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|status|force-stop}" + exit 1 + ;; +esac + +exit 0 +# vim:tabstop=2:expandtab:shiftwidth=2 diff --cc debian/exim4-base.install index f07dd6a,0000000..1578048 mode 100644,000000..100644 --- a/debian/exim4-base.install +++ b/debian/exim4-base.install @@@ -1,3 -1,0 +1,3 @@@ - debian/script usr/share/bug/exim4-base - debian/gnutls-params-2048 usr/share/exim4 +debian/exim4_refresh_gnutls-params usr/share/exim4 ++debian/gnutls-params-2048 usr/share/exim4 ++debian/script usr/share/bug/exim4-base diff --cc debian/exim4-base.manpages index 318fb95,0000000..af32720 mode 100644,000000..100644 --- a/debian/exim4-base.manpages +++ b/debian/exim4-base.manpages @@@ -1,12 -1,0 +1,12 @@@ +b-exim4-daemon-light/doc/exim.8 +debian/manpages/exicyclog.8 +debian/manpages/exigrep.8 +debian/manpages/exim_checkaccess.8 ++debian/manpages/exim_convert4r4.8 +debian/manpages/exim_db.8 +debian/manpages/exim_dbmbuild.8 +debian/manpages/exim_lock.8 +debian/manpages/exinext.8 +debian/manpages/exiqgrep.8 +debian/manpages/exiqsumm.8 +debian/manpages/exiwhat.8 - debian/manpages/exim_convert4r4.8 diff --cc debian/exim4-base.postrm index c875e52,0000000..a543546 mode 100644,000000..100644 --- a/debian/exim4-base.postrm +++ b/debian/exim4-base.postrm @@@ -1,69 -1,0 +1,65 @@@ +#!/bin/sh + +set -e + +if [ -e /usr/share/debconf/confmodule ] ; then + . /usr/share/debconf/confmodule + export debconfavailable="yes" +fi + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +case "$1" in + remove) + # work around apt purging -base before even removing -daemon #261994. + # postrm is good enough, we just need the init-script which is a conffile. + if [ -x /etc/init.d/exim4 ]; then + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen + ls -al /run/exim4/ + cat /run/exim4/exim.pid + pidof exim4 + fi - if command -v invoke-rc.d >/dev/null 2>&1; then - invoke-rc.d exim4 stop - else - /etc/init.d/exim4 stop - fi ++ invoke-rc.d exim4 stop + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen + ls -al /run/exim4/ + cat /run/exim4/exim.pid + pidof exim4 + if pidof exim4; then + echo >&2 "WARN: There are some exim4 processes still running after stopping exim" + fi + fi + fi + rm -f /var/lib/exim4/berkeleydbvers.txt + ;; + purge) + update-rc.d exim4 remove > /dev/null + + # ask about purging mailqueue if debconf is available, keep it + # otherwise + if [ -e /var/spool/exim4/input ] \ + && ! rmdir /var/spool/exim4/input 2>/dev/null \ + && [ "$debconfavailable" = "yes" ]; then + db_version 2.0 + db_input medium exim4/purge_spool || true + db_go || true + db_get exim4/purge_spool + purge_spool="$RET" + if [ "${purge_spool}" = "true" ] ; then + rm -rf /var/spool/exim4/input + fi + fi + + # remove logs and pid-dir. + rm -rf /run/exim4 /var/log/exim4 /var/spool/exim4/msglog \ + /var/spool/exim4/db /var/spool/exim4/exim-process.info \ + /var/spool/exim4/gnutls-params* + rmdir /var/spool/exim4 /var/lib/exim4 2> /dev/null || true + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-config.dirs index e2a5709,0000000..a87381e mode 100644,000000..100644 --- a/debian/exim4-config.dirs +++ b/debian/exim4-config.dirs @@@ -1,6 -1,0 +1,6 @@@ - /usr/sbin +/etc/exim4/conf.d +/etc/ppp/ip-up.d ++/usr/sbin +/usr/share/doc/exim4-config +/usr/share/man/man8 +/var/lib/exim4 diff --cc debian/exim4-config.install index 9ad2aa1,0000000..94d6a91 mode 100644,000000..100644 --- a/debian/exim4-config.install +++ b/debian/exim4-config.install @@@ -1,3 -1,0 +1,3 @@@ - debian/debconf/update-exim4.conf.template usr/sbin +debian/debconf/exim4.conf.template etc/exim4 ++debian/debconf/update-exim4.conf.template usr/sbin +debian/script usr/share/bug/exim4-config diff --cc debian/exim4-config.links index 7888afb,0000000..542c9f5 mode 100644,000000..100644 --- a/debian/exim4-config.links +++ b/debian/exim4-config.links @@@ -1,15 -1,0 +1,15 @@@ +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/etc-aliases.5.gz +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/etc-email-addresses.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_crt.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_key.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_host_local_deny_exceptions.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_hubbed_hosts.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_domain_dnsbl_whitelist.5.gz +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_host_blacklist.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_rcpt_callout.5.gz +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_sender_blacklist.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_host_local_deny_exceptions.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_sender_local_deny_exceptions.5.gz +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_sender_callout.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_rcpt_callout.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_local_domain_dnsbl_whitelist.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_hubbed_hosts.5.gz +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_passwd.5.gz +usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_passwd_client.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_crt.5.gz - usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_exim_key.5.gz ++usr/share/man/man5/exim4-config_files.5.gz usr/share/man/man5/exim4_sender_local_deny_exceptions.5.gz +usr/share/man/man8/update-exim4.conf.8.gz usr/share/man/man5/update-exim4.conf.conf.5.gz diff --cc debian/exim4-config.manpages index f9d3635,0000000..decb79d mode 100644,000000..100644 --- a/debian/exim4-config.manpages +++ b/debian/exim4-config.manpages @@@ -1,4 -1,0 +1,4 @@@ ++debian/manpages/exim4-config_files.5 +debian/manpages/update-exim4.conf.8 +debian/manpages/update-exim4.conf.template.8 +debian/manpages/update-exim4defaults.8 - debian/manpages/exim4-config_files.5 diff --cc debian/exim4-daemon-custom.links index 9b6c819,0000000..a342ee2 mode 100644,000000..100644 --- a/debian/exim4-daemon-custom.links +++ b/debian/exim4-daemon-custom.links @@@ -1,18 -1,0 +1,18 @@@ - usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz ++usr/sbin/exim4 usr/bin/mailq ++usr/sbin/exim4 usr/bin/newaliases +usr/sbin/exim4 usr/lib/exim4/exim4 +usr/sbin/exim4 usr/lib/sendmail +usr/sbin/exim4 usr/sbin/exim - usr/sbin/exim4 usr/sbin/sendmail - usr/sbin/exim4 usr/sbin/runq +usr/sbin/exim4 usr/sbin/rmail +usr/sbin/exim4 usr/sbin/rsmtp - usr/sbin/exim4 usr/bin/mailq - usr/sbin/exim4 usr/bin/newaliases - usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-custom/changelog.gz ++usr/sbin/exim4 usr/sbin/runq ++usr/sbin/exim4 usr/sbin/sendmail +usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-daemon-custom/README.Debian.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-custom/changelog.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz +usr/share/man/man8/exim.8.gz usr/share/man/man8/mailq.8.gz +usr/share/man/man8/exim.8.gz usr/share/man/man8/newaliases.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz diff --cc debian/exim4-daemon-heavy.dirs index 1971556,0000000..341ca05 mode 100644,000000..100644 --- a/debian/exim4-daemon-heavy.dirs +++ b/debian/exim4-daemon-heavy.dirs @@@ -1,4 -1,0 +1,4 @@@ +/usr/lib/exim4 ++/usr/lib/exim4/local_scan +/usr/sbin +/usr/share/man/man8 - /usr/lib/exim4/local_scan diff --cc debian/exim4-daemon-heavy.links index 28a9b62,0000000..373c212 mode 100644,000000..100644 --- a/debian/exim4-daemon-heavy.links +++ b/debian/exim4-daemon-heavy.links @@@ -1,18 -1,0 +1,18 @@@ - usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz ++usr/sbin/exim4 usr/bin/mailq ++usr/sbin/exim4 usr/bin/newaliases +usr/sbin/exim4 usr/lib/exim4/exim4 +usr/sbin/exim4 usr/lib/sendmail +usr/sbin/exim4 usr/sbin/exim - usr/sbin/exim4 usr/sbin/sendmail - usr/sbin/exim4 usr/sbin/runq +usr/sbin/exim4 usr/sbin/rmail +usr/sbin/exim4 usr/sbin/rsmtp - usr/sbin/exim4 usr/bin/mailq - usr/sbin/exim4 usr/bin/newaliases - usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-heavy/changelog.gz ++usr/sbin/exim4 usr/sbin/runq ++usr/sbin/exim4 usr/sbin/sendmail +usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-daemon-heavy/README.Debian.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-heavy/changelog.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz +usr/share/man/man8/exim.8.gz usr/share/man/man8/mailq.8.gz +usr/share/man/man8/exim.8.gz usr/share/man/man8/newaliases.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz diff --cc debian/exim4-daemon-light.links index 6415a53,0000000..241b2dc mode 100644,000000..100644 --- a/debian/exim4-daemon-light.links +++ b/debian/exim4-daemon-light.links @@@ -1,18 -1,0 +1,18 @@@ - usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz ++usr/sbin/exim4 usr/bin/mailq ++usr/sbin/exim4 usr/bin/newaliases +usr/sbin/exim4 usr/lib/exim4/exim4 +usr/sbin/exim4 usr/lib/sendmail +usr/sbin/exim4 usr/sbin/exim - usr/sbin/exim4 usr/sbin/sendmail - usr/sbin/exim4 usr/sbin/runq +usr/sbin/exim4 usr/sbin/rmail +usr/sbin/exim4 usr/sbin/rsmtp - usr/sbin/exim4 usr/bin/mailq - usr/sbin/exim4 usr/bin/newaliases - usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-light/changelog.gz ++usr/sbin/exim4 usr/sbin/runq ++usr/sbin/exim4 usr/sbin/sendmail +usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-daemon-light/README.Debian.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz - usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-light/changelog.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/exim4.8.gz +usr/share/man/man8/exim.8.gz usr/share/man/man8/mailq.8.gz +usr/share/man/man8/exim.8.gz usr/share/man/man8/newaliases.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/rmail.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/rsmtp.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/runq.8.gz ++usr/share/man/man8/exim.8.gz usr/share/man/man8/sendmail.8.gz diff --cc debian/exim4-daemon-light.postinst index 1096ac8,0000000..4a2e108 mode 100644,000000..100644 --- a/debian/exim4-daemon-light.postinst +++ b/debian/exim4-daemon-light.postinst @@@ -1,60 -1,0 +1,60 @@@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +dc_eximconfig_configtype="other" +db_get exim4/dc_eximconfig_configtype || true +if [ "$RET" = "no configuration at this time" ]; then + dc_eximconfig_configtype="none" +fi + +case "$1" in + configure) + + # || true is needed for succesfull installation with configtype 'none' + if [ -x /etc/init.d/exim4 ]; then + db_stop + if [ "$dc_eximconfig_configtype" = "none" ]; then + # we may have broken config here, ignore errors + invoke-rc.d exim4 start || true + else + # we must have working config here, honor errors + invoke-rc.d exim4 start + fi + fi + + # set up DH-parameter file, update if older than 160 days + if test -e /var/spool/exim4/gnutls-params-2048 ; then + if [ `stat --format=%Y /var/spool/exim4/gnutls-params-2048` -le $(( `date +%s` - 13824000 )) ]; + then + echo "Updating GnuTLS DH parameter file" 1>&2 + /usr/share/exim4/exim4_refresh_gnutls-params + fi + else + echo "Initializing GnuTLS DH parameter file" 1>&2 + tempgnutls=$(tempfile --directory /var/spool/exim4 --mode 644 --prefix "gnutp") + chown Debian-exim:Debian-exim $tempgnutls - if [ -x /usr/bin/certtool ] && \ ++ if which certtool > /dev/null 2>&1 && \ + timeout --preserve-status --kill-after=15 120 \ + certtool --generate-dh-params --bits 2048 > $tempgnutls ; then + mv $tempgnutls /var/spool/exim4/gnutls-params-2048 + else + rm -f $tempgnutls + install -m 644 -o Debian-exim -g Debian-exim \ + /usr/share/exim4/gnutls-params-2048 \ + /var/spool/exim4/gnutls-params-2048 + fi + fi + + + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-daemon-light.prerm index ddda13c,0000000..c7c3db8 mode 100644,000000..100644 --- a/debian/exim4-daemon-light.prerm +++ b/debian/exim4-daemon-light.prerm @@@ -1,37 -1,0 +1,33 @@@ +#!/bin/sh + +set -e + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +case "$1" in + remove|upgrade) + if [ -x /etc/init.d/exim4 ]; then + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen + ls -al /run/exim4/ + cat /run/exim4/exim.pid + pidof exim4 + fi - if command -v invoke-rc.d >/dev/null 2>&1; then - invoke-rc.d exim4 stop - else - /etc/init.d/exim4 stop - fi ++ invoke-rc.d exim4 stop + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen + ls -al /run/exim4/ + cat /run/exim4/exim.pid + pidof exim4 + if pidof exim4; then + echo >&2 "WARN: There are some exim4 processes still running after stopping exim" + fi + fi + fi + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-dev.install index 3c2d914,0000000..d325233 mode 100644,000000..100644 --- a/debian/exim4-dev.install +++ b/debian/exim4-dev.install @@@ -1,4 -1,0 +1,4 @@@ +b-exim4-daemon-light/src/local_scan.h usr/include/exim4 - b-exim4-daemon-light/src/store.h usr/include/exim4 +b-exim4-daemon-light/src/mytypes.h usr/include/exim4 ++b-exim4-daemon-light/src/store.h usr/include/exim4 +debian/exim4-localscan-plugin-config usr/bin diff --cc debian/exim4-dev.links index a9615bd,0000000..3d162d8 mode 100644,000000..100644 --- a/debian/exim4-dev.links +++ b/debian/exim4-dev.links @@@ -1,2 -1,0 +1,2 @@@ - usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-dev/changelog.gz +usr/share/doc/exim4-base/README.Debian.gz usr/share/doc/exim4-dev/README.Debian.gz ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-dev/changelog.gz diff --cc debian/eximon4.dirs index 802fe2e,0000000..240369d mode 100644,000000..100644 --- a/debian/eximon4.dirs +++ b/debian/eximon4.dirs @@@ -1,2 -1,0 +1,2 @@@ - usr/sbin +usr/lib/exim4 ++usr/sbin diff --cc debian/mtalist index 92e44ee,0000000..23e03d0 mode 100644,000000..100644 --- a/debian/mtalist +++ b/debian/mtalist @@@ -1,1 -1,0 +1,1 @@@ - courier-mta, esmtp-run, hula-mta, masqmail, mta-dummy, nullmailer, postfix, sendmail-bin, smail, ssmtp, xmail, zmailer ++citadel-server, courier-mta, dma, esmtp-run, hula-mta, masqmail, msmtp-mta, mta-dummy, nullmailer, opensmtpd, postfix, qmail-run, sendmail-bin, smail, ssmtp, xmail, zmailer diff --cc debian/patches/31_eximmanpage.dpatch index af3ecd7,0000000..b8f8bf6 mode 100755,000000..100755 --- a/debian/patches/31_eximmanpage.dpatch +++ b/debian/patches/31_eximmanpage.dpatch @@@ -1,250 -1,0 +1,250 @@@ +Description: We ship the binary as exim4 instead of exim, fix manpage + accordingly. +Author: Marc Haber , + Andreas Metzler - Last-Update: 2017-01-31 ++Last-Update: 2018-12-31 +Forwarded: not-needed (upstream uses the "exim" name) + +--- a/doc/exim.8 ++++ b/doc/exim.8 +@@ -1,9 +1,9 @@ +-.TH EXIM 8 ++.TH EXIM4 8 + .SH NAME +-exim \- a Mail Transfer Agent ++exim4 \- a Mail Transfer Agent + .SH SYNOPSIS + .nf +-.B exim [options] arguments ... ++.B exim4 [options] arguments ... + .B mailq [options] arguments ... + .B rsmtp [options] arguments ... + .B rmail [options] arguments ... +@@ -40,7 +40,7 @@ local message on the standard input, wit + recipients) is assumed. Thus, for example, if Exim is installed in + \fI/usr/sbin\fP, you can send a message from the command line like this: + .sp +- /usr/sbin/exim -i ++ /usr/sbin/exim4 -i + + CTRL-D + .sp +@@ -125,8 +125,8 @@ ports, on multiple ports, and only on sp + .sp + When a listening daemon + is started without the use of \fB\-oX\fP (that is, without overriding the normal +-configuration), it writes its process id to a file called exim\-daemon.pid +-in Exim's spool directory. This location can be overridden by setting ++configuration), it writes its process id to a file called ++/var/run/exim4/exim.pid. This location can be overridden by setting + PID_FILE_PATH in Local/Makefile. The file is written while Exim is still + running as root. + .sp - @@ -175,7 +175,7 @@ of lookups, you will just get the same r ++@@ -180,7 +180,7 @@ available to admin users. + This option operates like \fB\-be\fP except that it must be followed by the name + of a file. For example: + .sp +- exim \-bem /tmp/testmessage ++ exim4 \-bem /tmp/testmessage + .sp + The file is read as a message (as if receiving a locally\-submitted non\-SMTP + message) before any of the test expansions are done. Thus, message\-specific - @@ -201,7 +201,7 @@ If you want to test a system filter file ++@@ -206,7 +206,7 @@ If you want to test a system filter file + can use both \fB\-bF\fP and \fB\-bf\fP on the same command, in order to test a system + filter and a user filter in the same run. For example: + .sp +- exim \-bF /system/filter \-bf /user/filter ' user@domain +- exim \-f "" user@domain ++ exim4 \-f '<>' user@domain ++ exim4 \-f "" user@domain + .sp + In addition, the use of \fB\-f\fP is not restricted when testing a filter file + with \fB\-bf\fP or when testing or verifying addresses using the \fB\-bt\fP or - @@ -1292,12 +1292,12 @@ other circumstances, they are ignored un ++@@ -1315,12 +1315,12 @@ other circumstances, they are ignored un + The \fB\-oMa\fP option sets the sender host address. This may include a port + number at the end, after a full stop (period). For example: + .sp +- exim \-bs \-oMa 10.9.8.7.1234 ++ exim4 \-bs \-oMa 10.9.8.7.1234 + .sp + An alternative syntax is to enclose the IP address in square brackets, + followed by a colon and the port number: + .sp +- exim \-bs \-oMa [10.9.8.7]:1234 ++ exim4 \-bs \-oMa [10.9.8.7]:1234 + .sp + The IP address is placed in the \fI$sender_host_address\fP variable, and the + port, if present, in \fI$sender_host_port\fP. If both \fB\-oMa\fP and \fB\-bh\fP - @@ -1502,22 +1502,22 @@ If other commandline options specify an ++@@ -1526,22 +1526,22 @@ If other commandline options specify an + will specify a queue to operate on. + For example: + .sp +- exim \-bp \-qGquarantine ++ exim4 \-bp \-qGquarantine + mailq \-qGquarantine +- exim \-qGoffpeak \-Rf @special.domain.example ++ exim4 \-qGoffpeak \-Rf @special.domain.example + .TP 10 + \fB\-q\fP<\fIqflags\fP> <\fIstart id\fP> <\fIend id\fP> + When scanning the queue, Exim can be made to skip over messages whose ids are + lexically less than a given value by following the \fB\-q\fP option with a + starting message id. For example: + .sp +- exim \-q 0t5C6f\-0000c8\-00 ++ exim4 \-q 0t5C6f\-0000c8\-00 + .sp + Messages that arrived earlier than 0t5C6f\-0000c8\-00 are not inspected. If a + second message id is given, messages whose ids are lexically greater than it + are also skipped. If the same id is given twice, for example, + .sp +- exim \-q 0t5C6f\-0000c8\-00 0t5C6f\-0000c8\-00 ++ exim4 \-q 0t5C6f\-0000c8\-00 0t5C6f\-0000c8\-00 + .sp + just one delivery process is started, for that message. This differs from + \fB\-M\fP in that retry data is respected, and it also differs from \fB\-Mc\fP in - @@ -1533,7 +1533,7 @@ starting a queue runner process at inter ++@@ -1557,7 +1557,7 @@ starting a queue runner process at inter + single daemon process handles both functions. A common way of starting up a + combined daemon at system boot time is to use a command such as + .sp +- /usr/exim/bin/exim \-bd \-q30m ++ /usr/sbin/exim4 \-bd \-q30m + .sp + Such a daemon listens for incoming SMTP calls, and also starts a queue runner + process every 30 minutes. - @@ -1564,7 +1564,7 @@ regular expression; otherwise it is a li ++@@ -1588,7 +1588,7 @@ regular expression; otherwise it is a li + If you want to do periodic queue runs for messages with specific recipients, + you can combine \fB\-R\fP with \fB\-q\fP and a time value. For example: + .sp +- exim \-q25m \-R @special.domain.example ++ exim4 \-q25m \-R @special.domain.example + .sp + This example does a queue run for messages with recipients in the given domain + every 25 minutes. Any additional flags that are specified with \fB\-q\fP are - @@ -1680,6 +1680,26 @@ under most shells. ++@@ -1704,6 +1704,26 @@ under most shells. + .sp + . + .SH "SEE ALSO" ++.BR exicyclog (8), ++.BR exigrep (8), ++.BR exim_checkaccess (8), ++.BR exim_convert4r4 (8), ++.BR exim_db (8), ++.BR exim_dbmbuild (8), ++.BR exim_lock (8), ++.BR eximon (8), ++.BR exinext (8), ++.BR exiqgrep (8), ++.BR exiqsumm (8), ++.BR exiwhat (8), ++.BR update\-exim4.conf (8), ++.BR update\-exim4defaults (8), ++/usr/share/doc/exim4\-base/, ++/usr/share/doc/exim4\-base/README.Debian.[gz|html]. + .rs + .sp + The full Exim specification, the Exim book, and the Exim wiki. ++ ++.SH AUTHOR ++This manual page was provided with the upstream Exim source package. ++It was enhanced for the Debian GNU/Linux system. diff --cc debian/patches/32_exim4.dpatch index 5098991,0000000..967869d mode 100755,000000..100644 --- a/debian/patches/32_exim4.dpatch +++ b/debian/patches/32_exim4.dpatch @@@ -1,106 -1,0 +1,106 @@@ - Description: Accomodate source for installing exim as exim4. ++Description: Accommodate source for installing exim as exim4. +Author: Andreas Metzler +Origin: vendor +Forwarded: not-needed - Last-Update: 2013-09-28 ++Last-Update: 2018-12-12 + +--- a/OS/Makefile-Linux ++++ b/OS/Makefile-Linux +@@ -28,9 +28,9 @@ XLFLAGS=-L$(X11)/lib + X11_LD_LIB=$(X11)/lib + + EXIWHAT_PS_ARG=ax +-EXIWHAT_EGREP_ARG='/exim( |$$)' ++EXIWHAT_EGREP_ARG='/exim4( |$$)' + EXIWHAT_MULTIKILL_CMD=killall +-EXIWHAT_MULTIKILL_ARG=exim ++EXIWHAT_MULTIKILL_ARG=exim4 + EXIWHAT_KILL_SIGNAL=-USR1 + + # End +--- a/src/exicyclog.src ++++ b/src/exicyclog.src - @@ -144,7 +144,7 @@ done ++@@ -149,7 +149,7 @@ done + + st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + + spool_directory=`$exim_path -C $config -bP spool_directory | sed 's/.*=[ ]*//'` + +--- a/src/exim_checkaccess.src ++++ b/src/exim_checkaccess.src +@@ -52,7 +52,7 @@ done + # a tab to keep the tab in one place. + + exim_path=`perl -ne 'chop;if (/^\s*exim_path\s*=\s*(.*)/){print "$1\n";last;}' $config` +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + + + ######################################################################### +--- a/src/eximon.src ++++ b/src/eximon.src - @@ -72,7 +72,7 @@ config=${EXIMON_EXIM_CONFIG-$config} ++@@ -79,7 +79,7 @@ config=${EXIMON_EXIM_CONFIG-$config} + + st=' ' + EXIM_PATH=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` +-if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim; fi ++if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim4; fi + + SPOOL_DIRECTORY=`$EXIM_PATH -C $config -bP spool_directory | sed 's/.*=[ ]*//'` + LOG_FILE_PATH=`$EXIM_PATH -C $config -bP log_file_path | sed 's/.*=[ ]*//'` +--- a/src/exinext.src ++++ b/src/exinext.src - @@ -90,7 +90,7 @@ if [ "$exim_path" = "" ]; then ++@@ -97,7 +97,7 @@ if [ "$exim_path" = "" ]; then + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + fi + +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + spool_directory=`$exim_path $eximmacdef -C $config -bP spool_directory | sed 's/.*=[ ]*//'` + qualify_domain=`$exim_path $eximmacdef -C $config -bP qualify_domain | sed 's/.*=[ ]*//'` + - @@ -171,7 +171,7 @@ perl - $exim_path "$eximmacdef" $argone ++@@ -181,7 +181,7 @@ perl - $exim_path "$eximmacdef" $argone + + # Run exim_dumpdb to get out the retry data and pick off what we want + +- open(DATA, "${exim}_dumpdb $spool retry |") || ++ open(DATA, "/usr/sbin/exim_dumpdb $spool retry |") || + die "can't run exim_dumpdb"; + + while () +--- a/src/exiqgrep.src ++++ b/src/exiqgrep.src - @@ -21,7 +21,7 @@ use strict; - use Getopt::Std; ++@@ -24,7 +24,7 @@ use Getopt::Std; ++ use File::Basename; + + # Have this variable point to your exim binary. +-my $exim = 'BIN_DIRECTORY/exim'; ++my $exim = 'BIN_DIRECTORY/exim4'; + my $eargs = '-bpu'; + my %id; + my %opt; +--- a/src/exiwhat.src ++++ b/src/exiwhat.src - @@ -88,7 +88,7 @@ fi ++@@ -98,7 +98,7 @@ fi + + st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + spool_directory=`$exim_path -C $config -bP spool_directory | sed "s/.*=[ ]*//"` + process_log_path=`$exim_path -C $config -bP process_log_path | sed "s/.*=[ ]*//"` + +--- a/src/globals.c ++++ b/src/globals.c - @@ -705,7 +705,7 @@ const uschar *event_name = NULL; ++@@ -906,7 +906,7 @@ const uschar *event_name = NULL; ++ + + gid_t exim_gid = EXIM_GID; - BOOL exim_gid_set = TRUE; /* This gid is always set */ +-uschar *exim_path = US BIN_DIRECTORY "/exim" ++uschar *exim_path = US BIN_DIRECTORY "/exim4" + "\0<---------------Space to patch exim_path->"; + uid_t exim_uid = EXIM_UID; - BOOL exim_uid_set = TRUE; /* This uid is always set */ ++ int expand_level = 0; /* Nesting depth, indent for debug */ diff --cc debian/patches/60_convert4r4.dpatch index cafa02d,0000000..290b913 mode 100755,000000..100755 --- a/debian/patches/60_convert4r4.dpatch +++ b/debian/patches/60_convert4r4.dpatch @@@ -1,41 -1,0 +1,41 @@@ +Description: Add a warning message to convert4r4 +Author: Marc Haber +Origin: vendor +Forwarded: no +Last-Update: 2013-09-28 + - --- exim4-4.82~rc1.orig/src/convert4r4.src - +++ exim4-4.82~rc1/src/convert4r4.src - @@ -652,6 +652,32 @@ return defined $main{$_[0]} && $main{$_[ ++--- a/src/convert4r4.src +++++ b/src/convert4r4.src ++@@ -666,6 +666,32 @@ return defined $main{$_[0]} && $main{$_[ + + print STDERR "Runtime configuration file converter for Exim release 4.\n"; + ++if( !defined $ENV{"CONVERT4R4"} || $ENV{"CONVERT4R4"} ne "I understand this is an unsupported tool" ) { ++ ++ print STDERR < ++Author: Andreas Metzler +Forwarded: http://bugs.exim.org/show_bug.cgi?id=1045 - Last-Update: 2014-12-01 ++Last-Update: 2018-12-31 + +--- a/src/exicyclog.src ++++ b/src/exicyclog.src - @@ -146,10 +146,10 @@ st=' ' ++@@ -151,10 +151,10 @@ st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + +-spool_directory=`$exim_path -C $config -bP spool_directory | sed 's/.*=[ ]*//'` ++spool_directory=`$exim_path -bP spool_directory | sed 's/.*=[ ]*//'` + + if [ "$log_file_path" = "" ] ; then +- log_file_path=`$exim_path -C $config -bP log_file_path | sed 's/.*=[ ]*//'` ++ log_file_path=`$exim_path -bP log_file_path | sed 's/.*=[ ]*//'` + fi + + # If log_file_path contains only "syslog" then no Exim log files are in use. +--- a/src/eximon.src ++++ b/src/eximon.src - @@ -74,8 +74,8 @@ st=' ' ++@@ -81,8 +81,8 @@ st=' ' + EXIM_PATH=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim4; fi + +-SPOOL_DIRECTORY=`$EXIM_PATH -C $config -bP spool_directory | sed 's/.*=[ ]*//'` +-LOG_FILE_PATH=`$EXIM_PATH -C $config -bP log_file_path | sed 's/.*=[ ]*//'` ++SPOOL_DIRECTORY=`$EXIM_PATH -bP spool_directory | sed 's/.*=[ ]*//'` ++LOG_FILE_PATH=`$EXIM_PATH -bP log_file_path | sed 's/.*=[ ]*//'` + + # If log_file_path is "syslog" then logging is only to syslog, and the monitor + # is unable to display a log tail unless EXIMON_LOG_FILE_PATH is set to tell +--- a/src/exinext.src ++++ b/src/exinext.src - @@ -91,8 +91,8 @@ if [ "$exim_path" = "" ]; then ++@@ -98,8 +98,8 @@ if [ "$exim_path" = "" ]; then + fi + + if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi +-spool_directory=`$exim_path $eximmacdef -C $config -bP spool_directory | sed 's/.*=[ ]*//'` +-qualify_domain=`$exim_path $eximmacdef -C $config -bP qualify_domain | sed 's/.*=[ ]*//'` ++spool_directory=`$exim_path $eximmacdef -bP spool_directory | sed 's/.*=[ ]*//'` ++qualify_domain=`$exim_path $eximmacdef -bP qualify_domain | sed 's/.*=[ ]*//'` + + # Now do the job. Perl uses $ so frequently that we don't want to have to + # escape them all from the shell, so pass in shell variable values as - @@ -134,7 +134,7 @@ perl - $exim_path "$eximmacdef" $argone ++@@ -144,7 +144,7 @@ perl - $exim_path "$eximmacdef" $argone + # Run Exim to get a list of hosts for the given domain; for + # each one construct the appropriate retry key. + +- open(LIST, "$exim -C $config -v -bt $address |") || ++ open(LIST, "$exim -v -bt $address |") || + die "can't run exim to route $address"; + + while () +--- a/src/exiwhat.src ++++ b/src/exiwhat.src - @@ -89,8 +89,8 @@ fi ++@@ -99,8 +99,8 @@ fi + st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi +-spool_directory=`$exim_path -C $config -bP spool_directory | sed "s/.*=[ ]*//"` +-process_log_path=`$exim_path -C $config -bP process_log_path | sed "s/.*=[ ]*//"` ++spool_directory=`$exim_path -bP spool_directory | sed "s/.*=[ ]*//"` ++process_log_path=`$exim_path -bP process_log_path | sed "s/.*=[ ]*//"` + + # The file that Exim writes when sent the SIGUSR1 signal is specified by + # the process_log_path option. If that is not defined, Exim uses the file diff --cc debian/patches/70_remove_exim-users_references.dpatch index 81e364f,0000000..9efe04f mode 100755,000000..100755 --- a/debian/patches/70_remove_exim-users_references.dpatch +++ b/debian/patches/70_remove_exim-users_references.dpatch @@@ -1,40 -1,0 +1,37 @@@ - #! /bin/sh /usr/share/dpatch/dpatch-run - ## 70_remove_exim-users_references.dpatch by Marc Haber - ## - ## All lines beginning with `## DP:' are a description of the patch. - ## DP: No description. - Last-Update: 2014-12-01 ++Description: Point Debian users to Debian specific ML. ++Author: Marc Haber ++Last-Update: 2018-12-31 + +--- a/README ++++ b/README +@@ -14,8 +14,16 @@ from Exim 3, though the basic structure + older book may be helpful for the background, but a lot of the detail has + changed, so it is likely to be confusing to newcomers. + - -There is a web site at http://www.exim.org; this contains details of the ++-There is a website at https://www.exim.org; this contains details of the +-mailing list exim-users@exim.org. ++Information about the way Debian has built the binary packages is ++obtainable in /usr/share/doc/exim4-base/README.Debian.gz, and there ++is a Debian-centered mailing list, ++pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific ++questions there, and only write to the upstream exim-users mailing ++list if you are sure that your question is not Debian-specific. You ++can find the subscription web page on ++http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users ++ - +There is a web site at http://www.exim.org. +++There is a website at https://www.exim.org/. + + A copy of the Exim FAQ should be available from the same source that you used + to obtain the Exim distribution. Additional formats for the documentation +--- a/src/eximstats.src ++++ b/src/eximstats.src +@@ -537,8 +537,7 @@ about how to create charts from the tabl + + =head1 AUTHOR + - -There is a web site at http://www.exim.org - this contains details of the ++-There is a website at https://www.exim.org - this contains details of the +-mailing list exim-users@exim.org. - +There is a web site at http://www.exim.org +++There is a website at https://www.exim.org/. + + =head1 TO DO + diff --cc debian/patches/75_01-Fix-json-extract-operator-for-unfound-case.patch index 0000000,0000000..a0978af new file mode 100644 --- /dev/null +++ b/debian/patches/75_01-Fix-json-extract-operator-for-unfound-case.patch @@@ -1,0 -1,0 +1,69 @@@ ++From b2734f7b45111f9b7de790c7b334a2ece47675b5 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Sat, 9 Feb 2019 16:56:59 +0000 ++Subject: [PATCH 1/7] Fix json extract operator for unfound case ++ ++(cherry picked from commit e73798976812e652320f096870359ef35ed069ff) ++--- ++ doc/doc-docbook/spec.xfpt | 4 ++++ ++ src/expand.c | 13 ++++++++----- ++ test/scripts/0000-Basic/0002 | 3 +++ ++ test/stdout/0002 | 3 +++ ++ 4 files changed, 18 insertions(+), 5 deletions(-) ++ ++--- a/src/expand.c +++++ b/src/expand.c ++@@ -3901,7 +3901,8 @@ return NULL; ++ /* Pull off the leading array or object element, returning ++ a copy in an allocated string. Update the list pointer. ++ ++-The element may itself be an abject or array. +++The element may itself be an object or array. +++Return NULL when the list is empty. ++ */ ++ ++ uschar * ++@@ -3923,6 +3924,7 @@ for (item = s; ++ case '}': object_depth--; break; ++ } ++ *list = *s ? s+1 : s; +++if (item == s) return NULL; ++ item = string_copyn(item, s - item); ++ DEBUG(D_expand) debug_printf_indent(" json ele: '%s'\n", item); ++ return US item; ++@@ -5790,10 +5792,11 @@ while (*s != 0) ++ } ++ while (field_number > 0 && (item = json_nextinlist(&list))) ++ field_number--; ++- s = item; ++- lookup_value = s; ++- while (*s) s++; ++- while (--s >= lookup_value && isspace(*s)) *s = '\0'; +++ if ((lookup_value = s = item)) +++ { +++ while (*s) s++; +++ while (--s >= lookup_value && isspace(*s)) *s = '\0'; +++ } ++ } ++ else ++ { ++--- a/doc/spec.txt +++++ b/doc/spec.txt ++@@ -8776,6 +8776,8 @@ ${extract json{}{}{}}{}{}{}} ++ diff --cc debian/patches/75_02-Fix-transport-buffer-size-handling.patch index 0000000,0000000..a96350b new file mode 100644 --- /dev/null +++ b/debian/patches/75_02-Fix-transport-buffer-size-handling.patch @@@ -1,0 -1,0 +1,52 @@@ ++From 1cfa7822ca8928f95160df8742af11fff888ae7e Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Tue, 12 Feb 2019 16:52:51 +0000 ++Subject: [PATCH 3/7] Fix transport buffer size handling Broken-by: 59932f7dcd ++ ++(cherry picked from commit 05bf16f6217e93594929c8bbbbbc852caf3ed374) ++--- ++ doc/ChangeLog | 7 +++++++ ++ src/transport.c | 4 ++-- ++ 2 files changed, 9 insertions(+), 2 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 7da07ad4..66c8a7a1 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -5,6 +5,13 @@ affect Exim's operation, with an unchanged configuration file. For new ++ options, and new features, see the NewStuff file next to this ChangeLog. ++ ++ +++Since version 4.92 +++------------------ +++ +++JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible +++ buffer overrun for (non-chunking) other transports. +++ +++ ++ Exim version 4.92 ++ ----------------- ++ ++diff --git a/src/transport.c b/src/transport.c ++index 8ccdd038..a069b883 100644 ++--- a/src/transport.c +++++ b/src/transport.c ++@@ -1115,13 +1115,13 @@ DEBUG(D_transport) ++ ++ if (!(tctx->options & topt_no_body)) ++ { ++- int size = size_limit; +++ unsigned long size = size_limit > 0 ? size_limit : ULONG_MAX; ++ ++ nl_check_length = abs(nl_check_length); ++ nl_partial_match = 0; ++ if (lseek(deliver_datafile, SPOOL_DATA_START_OFFSET, SEEK_SET) < 0) ++ return FALSE; ++- while ( (len = MAX(DELIVER_IN_BUFFER_SIZE, size)) > 0 +++ while ( (len = MIN(DELIVER_IN_BUFFER_SIZE, size)) > 0 ++ && (len = read(deliver_datafile, deliver_in_buffer, len)) > 0) ++ { ++ if (!write_chunk(tctx, deliver_in_buffer, len)) ++-- ++2.20.1 ++ diff --cc debian/patches/75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch index 0000000,0000000..6db6f83 new file mode 100644 --- /dev/null +++ b/debian/patches/75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch @@@ -1,0 -1,0 +1,42 @@@ ++From cb25b75af850d664fc005d24fbad0e58bf79d4c7 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Thu, 14 Feb 2019 17:14:34 +0000 ++Subject: [PATCH 5/7] Fix info on using local_scan() in the default Makefile ++ ++Broken-by: 9723f96673 ++(cherry picked from commit 882bc1704d33aa34873e3a0f72e657b0cc2985e5) ++--- ++ OS/Makefile-Default | 10 ++++++++-- ++ 1 file changed, 8 insertions(+), 2 deletions(-) ++ ++diff --git a/OS/Makefile-Default b/OS/Makefile-Default ++index b3990fe8..41a4dbbd 100644 ++--- a/OS/Makefile-Default +++++ b/OS/Makefile-Default ++@@ -232,6 +232,11 @@ RANLIB=ranlib ++ EXIM_CHMOD=@true ++ ++ +++# If you want to use local_scan() at all, the support code must be included +++# by uncommenting this line. +++ +++# HAVE_LOCAL_SCAN=yes +++ ++ # LOCAL_SCAN_SOURCE defines the file in which the function local_scan() is ++ # defined. This provides the administrator with a hook for including C code ++ # for scanning incoming mails. The path that is defined must be relative to ++@@ -239,8 +244,9 @@ EXIM_CHMOD=@true ++ ++ # LOCAL_SCAN_SOURCE=Local/local_scan.c ++ ++-# The default setting points to a template function that doesn't actually do ++-# any scanning, but just accepts the message. +++# A very simple example points to a template function that doesn't actually do +++# any scanning, but just accepts the message. A compilable file must be +++# included in the build even if HAVE_LOCAL_SCAN is not defined. ++ ++ LOCAL_SCAN_SOURCE=src/local_scan.c ++ ++-- ++2.20.1 ++ diff --cc debian/patches/75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch index 0000000,0000000..c45f6aa new file mode 100644 --- /dev/null +++ b/debian/patches/75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch @@@ -1,0 -1,0 +1,420 @@@ ++From c15523829ba17cce5829e2976aa1ff928965d948 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Sat, 16 Feb 2019 12:59:23 +0000 ++Subject: [PATCH 7/7] GnuTLS: Fix client detection of server reject of client ++ cert under TLS1.3 ++ ++(cherry picked from commit fc243e944ec00b59b75f41d07494116f925d58b4) ++--- ++ doc/ChangeLog | 7 +++ ++ src/deliver.c | 2 +- ++ src/smtp_out.c | 10 +++-- ++ src/tls-gnu.c | 23 +++------- ++ src/transports/lmtp.c | 3 +- ++ src/transports/smtp.c | 81 +++++++++++++++++++++++++++-------- ++ test/confs/2027 | 8 ++-- ++ test/confs/5652 | 1 + ++ test/confs/5821 | 2 +- ++ test/log/2027 | 2 +- ++ test/runtest | 14 ++++++ ++ test/scripts/2000-GnuTLS/2027 | 2 + ++ 12 files changed, 111 insertions(+), 44 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 66c8a7a1..867a1d8a 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -11,6 +11,13 @@ Since version 4.92 ++ JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible ++ buffer overrun for (non-chunking) other transports. ++ +++JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under +++ TLS1.3, means that a server rejecting a client certificate is not visible +++ to the client until the first read of encrypted data (typically the +++ response to EHLO). Add detection for that case and treat it as a failed +++ TLS connection attempt, so that the normal retry-in-clear can work (if +++ suitably configured). +++ ++ ++ Exim version 4.92 ++ ----------------- ++diff --git a/src/deliver.c b/src/deliver.c ++index 664d0045..e1799411 100644 ++--- a/src/deliver.c +++++ b/src/deliver.c ++@@ -7433,7 +7433,7 @@ if (addr_senddsn) ++ ++ tctx.u.fd = fd; ++ tctx.options = topt_add_return_path | topt_no_body; ++- /*XXX hmm, retval ignored. +++ /*XXX hmm, FALSE(fail) retval ignored. ++ Could error for any number of reasons, and they are not handled. */ ++ transport_write_message(&tctx, 0); ++ fflush(f); ++diff --git a/src/smtp_out.c b/src/smtp_out.c ++index 9bd90c77..b194e804 100644 ++--- a/src/smtp_out.c +++++ b/src/smtp_out.c ++@@ -688,20 +688,22 @@ Returns: TRUE if a valid, non-error response was received; else FALSE ++ /*XXX could move to smtp transport; no other users */ ++ ++ BOOL ++-smtp_read_response(void * sx0, uschar *buffer, int size, int okdigit, +++smtp_read_response(void * sx0, uschar * buffer, int size, int okdigit, ++ int timeout) ++ { ++ smtp_context * sx = sx0; ++-uschar *ptr = buffer; ++-int count = 0; +++uschar * ptr = buffer; +++int count = 0, rc; ++ ++ errno = 0; /* Ensure errno starts out zero */ ++ ++ #ifdef EXPERIMENTAL_PIPE_CONNECT ++ if (sx->pending_BANNER || sx->pending_EHLO) ++- if (smtp_reap_early_pipe(sx, &count) != OK) +++ if ((rc = smtp_reap_early_pipe(sx, &count)) != OK) ++ { ++ DEBUG(D_transport) debug_printf("failed reaping pipelined cmd responsess\n"); +++ buffer[0] = '\0'; +++ if (rc == DEFER) errno = ERRNO_TLSFAILURE; ++ return FALSE; ++ } ++ #endif ++diff --git a/src/tls-gnu.c b/src/tls-gnu.c ++index c404dc29..de2d70c0 100644 ++--- a/src/tls-gnu.c +++++ b/src/tls-gnu.c ++@@ -229,7 +229,7 @@ static gnutls_dh_params_t dh_server_params = NULL; ++ ++ static const int ssl_session_timeout = 200; ++ ++-static const char * const exim_default_gnutls_priority = "NORMAL"; +++static const uschar * const exim_default_gnutls_priority = US"NORMAL"; ++ ++ /* Guard library core initialisation */ ++ ++@@ -1278,7 +1278,6 @@ int rc; ++ size_t sz; ++ const char *errpos; ++ uschar *p; ++-BOOL want_default_priorities; ++ ++ if (!exim_gnutls_base_init_done) ++ { ++@@ -1387,32 +1386,24 @@ and replaces gnutls_require_kx, gnutls_require_mac & gnutls_require_protocols. ++ This was backwards incompatible, but means Exim no longer needs to track ++ all algorithms and provide string forms for them. */ ++ ++-want_default_priorities = TRUE; ++- +++p = NULL; ++ if (state->tls_require_ciphers && *state->tls_require_ciphers) ++ { ++ if (!expand_check_tlsvar(tls_require_ciphers, errstr)) ++ return DEFER; ++ if (state->exp_tls_require_ciphers && *state->exp_tls_require_ciphers) ++ { ++- DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", ++- state->exp_tls_require_ciphers); ++- ++- rc = gnutls_priority_init(&state->priority_cache, ++- CS state->exp_tls_require_ciphers, &errpos); ++- want_default_priorities = FALSE; ++ p = state->exp_tls_require_ciphers; +++ DEBUG(D_tls) debug_printf("GnuTLS session cipher/priority \"%s\"\n", p); ++ } ++ } ++-if (want_default_priorities) +++if (!p) ++ { +++ p = exim_default_gnutls_priority; ++ DEBUG(D_tls) ++- debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", ++- exim_default_gnutls_priority); ++- rc = gnutls_priority_init(&state->priority_cache, ++- exim_default_gnutls_priority, &errpos); ++- p = US exim_default_gnutls_priority; +++ debug_printf("GnuTLS using default session cipher/priority \"%s\"\n", p); ++ } +++rc = gnutls_priority_init(&state->priority_cache, CCS p, &errpos); ++ ++ exim_gnutls_err_check(rc, string_sprintf( ++ "gnutls_priority_init(%s) failed at offset %ld, \"%.6s..\"", ++diff --git a/src/transports/lmtp.c b/src/transports/lmtp.c ++index 240d78b2..57b346d4 100644 ++--- a/src/transports/lmtp.c +++++ b/src/transports/lmtp.c ++@@ -122,7 +122,8 @@ Arguments: ++ Returns: TRUE if a "QUIT" command should be sent, else FALSE ++ */ ++ ++-static BOOL check_response(int *errno_value, int more_errno, uschar *buffer, +++static BOOL +++check_response(int *errno_value, int more_errno, uschar *buffer, ++ int *yield, uschar **message) ++ { ++ *yield = '4'; /* Default setting is to give a temporary error */ ++diff --git a/src/transports/smtp.c b/src/transports/smtp.c ++index a351da84..bfd6018d 100644 ++--- a/src/transports/smtp.c +++++ b/src/transports/smtp.c ++@@ -594,6 +594,11 @@ switch(*errno_value) ++ pl, smtp_command, s); ++ return FALSE; ++ +++ case ERRNO_TLSFAILURE: /* Handle bad first read; can happen with +++ GnuTLS and TLS1.3 */ +++ *message = US"bad first read from TLS conn"; +++ return TRUE; +++ ++ case ERRNO_FILTER_FAIL: /* Handle a failed filter process error; ++ can't send QUIT as we mustn't end the DATA. */ ++ *message = string_sprintf("transport filter process failed (%d)%s", ++@@ -942,6 +947,7 @@ Arguments: ++ ++ Return: ++ OK all well +++ DEFER error on first read of TLS'd conn ++ FAIL SMTP error in response ++ */ ++ int ++@@ -949,6 +955,7 @@ smtp_reap_early_pipe(smtp_context * sx, int * countp) ++ { ++ BOOL pending_BANNER = sx->pending_BANNER; ++ BOOL pending_EHLO = sx->pending_EHLO; +++int rc = FAIL; ++ ++ sx->pending_BANNER = FALSE; /* clear early to avoid recursion */ ++ sx->pending_EHLO = FALSE; ++@@ -960,6 +967,7 @@ if (pending_BANNER) ++ if (!smtp_reap_banner(sx)) ++ { ++ DEBUG(D_transport) debug_printf("bad banner\n"); +++ if (tls_out.active.sock >= 0) rc = DEFER; ++ goto fail; ++ } ++ } ++@@ -974,6 +982,7 @@ if (pending_EHLO) ++ if (!smtp_reap_ehlo(sx)) ++ { ++ DEBUG(D_transport) debug_printf("bad response for EHLO\n"); +++ if (tls_out.active.sock >= 0) rc = DEFER; ++ goto fail; ++ } ++ ++@@ -1011,7 +1020,7 @@ return OK; ++ fail: ++ invalidate_ehlo_cache_entry(sx); ++ (void) smtp_discard_responses(sx, sx->conn_args.ob, *countp); ++- return FAIL; +++ return rc; ++ } ++ #endif ++ ++@@ -1056,6 +1065,7 @@ Returns: 3 if at least one address had 2xx and one had 5xx ++ -2 I/O or other non-response error for RCPT ++ -3 DATA or MAIL failed - errno and buffer set ++ -4 banner or EHLO failed (early-pipelining) +++ -5 banner or EHLO failed (early-pipelining, TLS) ++ */ ++ ++ static int ++@@ -1064,10 +1074,11 @@ sync_responses(smtp_context * sx, int count, int pending_DATA) ++ address_item * addr = sx->sync_addr; ++ smtp_transport_options_block * ob = sx->conn_args.ob; ++ int yield = 0; +++int rc; ++ ++ #ifdef EXPERIMENTAL_PIPE_CONNECT ++-if (smtp_reap_early_pipe(sx, &count) != OK) ++- return -4; +++if ((rc = smtp_reap_early_pipe(sx, &count)) != OK) +++ return rc == FAIL ? -4 : -5; ++ #endif ++ ++ /* Handle the response for a MAIL command. On error, reinstate the original ++@@ -1083,6 +1094,8 @@ if (sx->pending_MAIL) ++ { ++ DEBUG(D_transport) debug_printf("bad response for MAIL\n"); ++ Ustrcpy(big_buffer, mail_command); /* Fits, because it came from there! */ +++ if (errno == ERRNO_TLSFAILURE) +++ return -5; ++ if (errno == 0 && sx->buffer[0] != 0) ++ { ++ int save_errno = 0; ++@@ -1141,6 +1154,11 @@ while (count-- > 0) ++ } ++ } ++ +++ /* Error on first TLS read */ +++ +++ else if (errno == ERRNO_TLSFAILURE) +++ return -5; +++ ++ /* Timeout while reading the response */ ++ ++ else if (errno == ETIMEDOUT) ++@@ -1253,6 +1271,10 @@ if (pending_DATA != 0) ++ int code; ++ uschar *msg; ++ BOOL pass_message; +++ +++ if (errno == ERRNO_TLSFAILURE) /* Error on first TLS read */ +++ return -5; +++ ++ if (pending_DATA > 0 || (yield & 1) != 0) ++ { ++ if (errno == 0 && sx->buffer[0] == '4') ++@@ -1802,7 +1824,9 @@ Args: ++ tc_chunk_last add LAST option to SMTP BDAT command ++ tc_reap_prev reap response to previous SMTP commands ++ ++-Returns: OK or ERROR +++Returns: +++ OK or ERROR +++ DEFER TLS error on first read (EHLO-resp); errno set ++ */ ++ ++ static int ++@@ -1859,10 +1883,12 @@ if (flags & tc_reap_prev && prev_cmd_count > 0) ++ case 2: sx->completed_addr = TRUE; /* 5xx (only) => progress made */ ++ case 0: break; /* No 2xx or 5xx, but no probs */ ++ ++- case -1: /* Timeout on RCPT */ +++ case -5: errno = ERRNO_TLSFAILURE; +++ return DEFER; ++ #ifdef EXPERIMENTAL_PIPE_CONNECT ++ case -4: /* non-2xx for pipelined banner or EHLO */ ++ #endif +++ case -1: /* Timeout on RCPT */ ++ default: return ERROR; /* I/O error, or any MAIL/DATA error */ ++ } ++ cmd_count = 1; ++@@ -1933,6 +1959,9 @@ BOOL pass_message = FALSE; ++ uschar * message = NULL; ++ int yield = OK; ++ int rc; +++#ifdef SUPPORT_TLS +++uschar * tls_errstr; +++#endif ++ ++ sx->conn_args.ob = ob; ++ ++@@ -2474,27 +2503,27 @@ if ( smtp_peer_options & OPTION_TLS ++ TLS_NEGOTIATE: ++ { ++ address_item * addr; ++- uschar * errstr; ++ sx->cctx.tls_ctx = tls_client_start(sx->cctx.sock, sx->conn_args.host, ++ sx->addrlist, sx->conn_args.tblock, ++ # ifdef SUPPORT_DANE ++ sx->dane ? &tlsa_dnsa : NULL, ++ # endif ++- &tls_out, &errstr); +++ &tls_out, &tls_errstr); ++ ++ if (!sx->cctx.tls_ctx) ++ { ++ /* TLS negotiation failed; give an error. From outside, this function may ++ be called again to try in clear on a new connection, if the options permit ++ it for this host. */ ++- DEBUG(D_tls) debug_printf("TLS session fail: %s\n", errstr); +++GNUTLS_CONN_FAILED: +++ DEBUG(D_tls) debug_printf("TLS session fail: %s\n", tls_errstr); ++ ++ # ifdef SUPPORT_DANE ++ if (sx->dane) ++ { ++ log_write(0, LOG_MAIN, ++ "DANE attempt failed; TLS connection to %s [%s]: %s", ++- sx->conn_args.host->name, sx->conn_args.host->address, errstr); +++ sx->conn_args.host->name, sx->conn_args.host->address, tls_errstr); ++ # ifndef DISABLE_EVENT ++ (void) event_raise(sx->conn_args.tblock->event_action, ++ US"dane:fail", US"validation-failure"); /* could do with better detail */ ++@@ -2503,7 +2532,7 @@ if ( smtp_peer_options & OPTION_TLS ++ # endif ++ ++ errno = ERRNO_TLSFAILURE; ++- message = string_sprintf("TLS session: %s", errstr); +++ message = string_sprintf("TLS session: %s", tls_errstr); ++ sx->send_quit = FALSE; ++ goto TLS_FAILED; ++ } ++@@ -2601,7 +2630,22 @@ if (tls_out.active.sock >= 0) ++ #endif ++ { ++ if (!smtp_reap_ehlo(sx)) +++#ifdef USE_GNUTLS +++ { +++ /* The GnuTLS layer in Exim only spots a server-rejection of a client +++ cert late, under TLS1.3 - which means here; the first time we try to +++ receive crypted data. Treat it as if it was a connect-time failure. +++ See also the early-pipe equivalent... which will be hard; every call +++ to sync_responses will need to check the result. +++ It would be nicer to have GnuTLS check the cert during the handshake. +++ Can it do that, with all the flexibility we need? */ +++ +++ tls_errstr = US"error on first read"; +++ goto GNUTLS_CONN_FAILED; +++ } +++#else ++ goto RESPONSE_FAILED; +++#endif ++ smtp_peer_options = 0; ++ } ++ } ++@@ -3261,6 +3305,7 @@ for (addr = sx->first_addr, address_count = 0; ++ ++ #ifdef EXPERIMENTAL_PIPE_CONNECT ++ case -4: return -1; /* non-2xx for pipelined banner or EHLO */ +++ case -5: return -1; /* TLS first-read error */ ++ #endif ++ } ++ sx->pending_MAIL = FALSE; /* Dealt with MAIL */ ++@@ -3589,11 +3634,12 @@ if ( !(sx.peer_offered & OPTION_CHUNKING) ++ ++ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ ++ if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */ ++- case 0: break; /* No 2xx or 5xx, but no probs */ +++ case 0: break; /* No 2xx or 5xx, but no probs */ ++ ++- case -1: goto END_OFF; /* Timeout on RCPT */ +++ case -1: goto END_OFF; /* Timeout on RCPT */ ++ ++ #ifdef EXPERIMENTAL_PIPE_CONNECT +++ case -5: /* TLS first-read error */ ++ case -4: HDEBUG(D_transport) ++ debug_printf("failed reaping pipelined cmd responses\n"); ++ #endif ++@@ -3730,19 +3776,20 @@ else ++ { ++ case 3: sx.ok = TRUE; /* 2xx & 5xx => OK & progress made */ ++ case 2: sx.completed_addr = TRUE; /* 5xx (only) => progress made */ ++- break; +++ break; ++ ++- case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ +++ case 1: sx.ok = TRUE; /* 2xx (only) => OK, but if LMTP, */ ++ if (!sx.lmtp) sx.completed_addr = TRUE; /* can't tell about progress yet */ ++- case 0: break; /* No 2xx or 5xx, but no probs */ +++ case 0: break; /* No 2xx or 5xx, but no probs */ ++ ++- case -1: goto END_OFF; /* Timeout on RCPT */ +++ case -1: goto END_OFF; /* Timeout on RCPT */ ++ ++ #ifdef EXPERIMENTAL_PIPE_CONNECT +++ case -5: /* TLS first-read error */ ++ case -4: HDEBUG(D_transport) ++ debug_printf("failed reaping pipelined cmd responses\n"); ++ #endif ++- default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ +++ default: goto RESPONSE_FAILED; /* I/O error, or any MAIL/DATA error */ ++ } ++ } ++ ++-- ++2.20.1 ++ diff --cc debian/patches/75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch index 0000000,0000000..517eb1c new file mode 100644 --- /dev/null +++ b/debian/patches/75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch @@@ -1,0 -1,0 +1,91 @@@ ++From f634b80846cc7ffcab65c9855bcb35312f0232e8 Mon Sep 17 00:00:00 2001 ++From: Jasen Betts ++Date: Mon, 18 Feb 2019 13:52:16 +0000 ++Subject: [PATCH 1/5] Fix expansions for RFC 822 addresses having comments in ++ local-part and/or domain. Bug 2375 ++ ++(cherry picked from commit e2ff8e24f41caca3623228b1ec66a3f3961ecad6) ++--- ++ doc/ChangeLog | 3 +++ ++ src/expand.c | 19 +++++++------------ ++ test/scripts/0000-Basic/0002 | 7 +++++++ ++ test/stdout/0002 | 7 +++++++ ++ 4 files changed, 24 insertions(+), 12 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 867a1d8a..9659da32 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -16,10 +16,13 @@ JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under ++ to the client until the first read of encrypted data (typically the ++ response to EHLO). Add detection for that case and treat it as a failed ++ TLS connection attempt, so that the normal retry-in-clear can work (if ++ suitably configured). ++ +++JB/01 BZg 2375: fix expansions of 822 addresses having comments in local-part +++ and/or domain. Found and fixed by Jason Betts. +++ ++ ++ Exim version 4.92 ++ ----------------- ++ ++ JH/01 Remove code calling the customisable local_scan function, unless a new ++diff --git a/src/expand.c b/src/expand.c ++index 2c290251..35ede718 100644 ++--- a/src/expand.c +++++ b/src/expand.c ++@@ -7071,20 +7071,15 @@ while (*s != 0) ++ uschar * error; ++ int start, end, domain; ++ uschar * t = parse_extract_address(sub, &error, &start, &end, &domain, ++ FALSE); ++ if (t) ++- if (c != EOP_DOMAIN) ++- { ++- if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1; ++- yield = string_catn(yield, sub+start, end-start); ++- } ++- else if (domain != 0) ++- { ++- domain += start; ++- yield = string_catn(yield, sub+domain, end-domain); ++- } +++ yield = c == EOP_DOMAIN +++ ? string_cat(yield, t + domain) +++ : c == EOP_LOCAL_PART && domain > 0 +++ ? string_catn(yield, t, domain - 1 ) +++ : string_cat(yield, t); ++ continue; ++ } ++ ++ case EOP_ADDRESSES: ++ { ++@@ -7104,11 +7099,11 @@ while (*s != 0) ++ } ++ f.parse_allow_group = TRUE; ++ ++ for (;;) ++ { ++- uschar *p = parse_find_address_end(sub, FALSE); +++ uschar * p = parse_find_address_end(sub, FALSE); ++ uschar saveend = *p; ++ *p = '\0'; ++ address = parse_extract_address(sub, &error, &start, &end, &domain, ++ FALSE); ++ *p = saveend; ++@@ -7117,11 +7112,11 @@ while (*s != 0) ++ done in chunks by searching for the separator character. At the ++ start, unless we are dealing with the first address of the output ++ list, add in a space if the new address begins with the separator ++ character, or is an empty string. */ ++ ++- if (address != NULL) +++ if (address) ++ { ++ if (yield->ptr != save_ptr && address[0] == *outsep) ++ yield = string_catn(yield, US" ", 1); ++ ++ for (;;) ++-- ++2.20.1 ++ diff --cc debian/patches/75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch index 0000000,0000000..a7863ef new file mode 100644 --- /dev/null +++ b/debian/patches/75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch @@@ -1,0 -1,0 +1,48 @@@ ++From 8dde16b89efe2138f92cbfa6c59fb31dc80ec22a Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Tue, 19 Feb 2019 14:45:27 +0000 ++Subject: [PATCH 2/5] Docs: Add note on lsearch for IPv4-mapped IPv6 addresses ++ ++Cherry-picked from: 52af443324, c77d3d85fe ++--- ++ doc/doc-docbook/spec.xfpt | 11 ++++++++++- ++ doc/ChangeLog | 2 +- ++ 2 files changed, 11 insertions(+), 2 deletions(-) ++ ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -18,7 +18,7 @@ JH/07 GnuTLS: Our use of late (post-hand ++ TLS connection attempt, so that the normal retry-in-clear can work (if ++ suitably configured). ++ ++-JB/01 BZg 2375: fix expansions of 822 addresses having comments in local-part +++JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part ++ and/or domain. Found and fixed by Jason Betts. ++ ++ ++--- a/doc/spec.txt +++++ b/doc/spec.txt ++@@ -6302,6 +6302,10 @@ The following single-key lookup types ar ++ implicit key is the host's IP address rather than its name (see section ++ 10.12). ++ +++ Warning 3: Do not use an IPv4-mapped IPv6 address for a key; use the +++ IPv4, in dotted-quad form. (Exim converts IPv4-mapped IPv6 addresses to +++ this notation before executing the lookup.) +++ ++ * lsearch: The given file is a text file that is searched linearly for a line ++ beginning with the search key, terminated by a colon or white space or the ++ end of the line. The search is case-insensitive; that is, upper and lower ++@@ -8003,7 +8007,11 @@ quote keys was made available in lsearch ++ implemented iplsearch files do require colons in IPv6 keys (notated using the ++ quoting facility) so as to distinguish them from IPv4 keys. For this reason, ++ when the lookup type is iplsearch, IPv6 addresses are converted using colons ++-and not dots. In all cases, full, unabbreviated IPv6 addresses are always used. +++and not dots. +++ +++In all cases except IPv4-mapped IPv6, full, unabbreviated IPv6 addresses +++are always used. The latter are converted to IPv4 addresses, in dotted-quad +++form. ++ ++ Ideally, it would be nice to tidy up this anomalous situation by changing to ++ colons in all cases, given that quoting is now available for lsearch. However, diff --cc debian/patches/75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch index 0000000,0000000..cfdbe51 new file mode 100644 --- /dev/null +++ b/debian/patches/75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch @@@ -1,0 -1,0 +1,69 @@@ ++From 09720dd9506176294154dad7152f5f40554046a4 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Thu, 14 Mar 2019 12:26:34 +0000 ++Subject: [PATCH 3/5] Fix crash from SRV lookup hitting a CNAME ++ ++(cherry picked from commit 14bc9cf085aff7bd5147881e5b7068769a29b026) ++--- ++ doc/ChangeLog | 4 ++++ ++ src/dns.c | 10 +++++++--- ++ 2 files changed, 11 insertions(+), 3 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 419c1061..0f8d05b2 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -19,10 +19,14 @@ JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under ++ suitably configured). ++ ++ JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part ++ and/or domain. Found and fixed by Jason Betts. ++ +++JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid +++ configuration). If a CNAME target was not a wellformed name pattern, a +++ crash could result. +++ ++ ++ Exim version 4.92 ++ ----------------- ++ ++ JH/01 Remove code calling the customisable local_scan function, unless a new ++diff --git a/src/dns.c b/src/dns.c ++index 0f0b435d..b7978c52 100644 ++--- a/src/dns.c +++++ b/src/dns.c ++@@ -714,11 +714,15 @@ regex has substrings that are used - the default uses a conditional. ++ This test is omitted for PTR records. These occur only in calls from the dnsdb ++ lookup, which constructs the names itself, so they should be OK. Besides, ++ bitstring labels don't conform to normal name syntax. (But the aren't used any ++ more.) ++ ++-For SRV records, we omit the initial _smtp._tcp. components at the start. */ +++For SRV records, we omit the initial _smtp._tcp. components at the start. +++The check has been seen to bite on the destination of a SRV lookup that +++initiall hit a CNAME, for which the next name had only two components. +++RFC2782 makes no mention of the possibiility of CNAMES, but the Wikipedia +++article on SRV says they are not a valid configuration. */ ++ ++ #ifndef STAND_ALONE /* Omit this for stand-alone tests */ ++ ++ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT) ++ { ++@@ -730,12 +734,12 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT) ++ /* For an SRV lookup, skip over the first two components (the service and ++ protocol names, which both start with an underscore). */ ++ ++ if (type == T_SRV || type == T_TLSA) ++ { ++- while (*checkname++ != '.'); ++- while (*checkname++ != '.'); +++ while (*checkname && *checkname++ != '.') ; +++ while (*checkname && *checkname++ != '.') ; ++ } ++ ++ if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname), ++ 0, PCRE_EOPT, ovector, nelem(ovector)) < 0) ++ { ++-- ++2.20.1 ++ diff --cc debian/patches/75_08-Logging-fix-initial-listening-on-log-line.patch index 0000000,0000000..4af2972 new file mode 100644 --- /dev/null +++ b/debian/patches/75_08-Logging-fix-initial-listening-on-log-line.patch @@@ -1,0 -1,0 +1,206 @@@ ++From e5be948a65fe601024e5d4256f64efbfed3dd72e Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Mon, 18 Mar 2019 00:31:43 +0000 ++Subject: [PATCH 4/5] Logging: fix initial listening-on log line ++ ++(cherry picked from commit 254f38d1c5ada5e4df0bccb385dc466549620c71) ++--- ++ doc/ChangeLog | 4 +++ ++ src/daemon.c | 73 +++++++++++++++++++++++++++---------------- ++ src/host.c | 1 + ++ src/structs.h | 1 + ++ test/confs/0282 | 2 +- ++ test/log/0282 | 2 +- ++ 6 files changed, 54 insertions(+), 29 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 0f8d05b2..3c0ffbf0 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -23,10 +23,14 @@ JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part ++ ++ JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid ++ configuration). If a CNAME target was not a wellformed name pattern, a ++ crash could result. ++ +++JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when +++ the OS reports them interleaved with other addresses. +++ +++ ++ ++ Exim version 4.92 ++ ----------------- ++ ++ JH/01 Remove code calling the customisable local_scan function, unless a new ++diff --git a/src/daemon.c b/src/daemon.c ++index a852192e..01da3936 100644 ++--- a/src/daemon.c +++++ b/src/daemon.c ++@@ -1625,12 +1625,12 @@ if (f.inetd_wait_mode) ++ else if (f.daemon_listen) ++ { ++ int i, j; ++ int smtp_ports = 0; ++ int smtps_ports = 0; ++- ip_address_item * ipa, * i2; ++- uschar * p = big_buffer; +++ ip_address_item * ipa; +++ uschar * p; ++ uschar * qinfo = queue_interval > 0 ++ ? string_sprintf("-q%s", readconf_printtime(queue_interval)) ++ : US"no queue runs"; ++ ++ /* Build a list of listening addresses in big_buffer, but limit it to 10 ++@@ -1638,73 +1638,92 @@ else if (f.daemon_listen) ++ ++ It is now possible to have some ports listening for SMTPS (the old, ++ deprecated protocol that starts TLS without using STARTTLS), and others ++ listening for standard SMTP. Keep their listings separate. */ ++ ++- for (j = 0; j < 2; j++) +++ for (int j = 0, i; j < 2; j++) ++ { ++ for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next) ++ { ++ /* First time round, look for SMTP ports; second time round, look for ++- SMTPS ports. For the first one of each, insert leading text. */ +++ SMTPS ports. Build IP+port strings. */ ++ ++ if (host_is_tls_on_connect_port(ipa->port) == (j > 0)) ++ { ++ if (j == 0) ++- { ++- if (smtp_ports++ == 0) ++- { ++- memcpy(p, "SMTP on", 8); ++- p += 7; ++- } ++- } +++ smtp_ports++; ++ else ++- if (smtps_ports++ == 0) ++- p += sprintf(CS p, "%sSMTPS on", ++- smtp_ports == 0 ? "" : " and for "); +++ smtps_ports++; ++ ++ /* Now the information about the port (and sometimes interface) */ ++ ++ if (ipa->address[0] == ':' && ipa->address[1] == 0) ++ { /* v6 wildcard */ ++ if (ipa->next && ipa->next->address[0] == 0 && ++ ipa->next->port == ipa->port) ++ { ++- p += sprintf(CS p, " port %d (IPv6 and IPv4)", ipa->port); ++- ipa = ipa->next; +++ ipa->log = string_sprintf(" port %d (IPv6 and IPv4)", ipa->port); +++ (ipa = ipa->next)->log = NULL; ++ } ++ else if (ipa->v6_include_v4) ++- p += sprintf(CS p, " port %d (IPv6 with IPv4)", ipa->port); +++ ipa->log = string_sprintf(" port %d (IPv6 with IPv4)", ipa->port); ++ else ++- p += sprintf(CS p, " port %d (IPv6)", ipa->port); +++ ipa->log = string_sprintf(" port %d (IPv6)", ipa->port); ++ } ++ else if (ipa->address[0] == 0) /* v4 wildcard */ ++- p += sprintf(CS p, " port %d (IPv4)", ipa->port); +++ ipa->log = string_sprintf(" port %d (IPv4)", ipa->port); ++ else /* check for previously-seen IP */ ++ { +++ ip_address_item * i2; ++ for (i2 = addresses; i2 != ipa; i2 = i2->next) ++ if ( host_is_tls_on_connect_port(i2->port) == (j > 0) ++ && Ustrcmp(ipa->address, i2->address) == 0 ++ ) ++ { /* found; append port to list */ ++- if (p[-1] == '}') p--; ++- while (isdigit(*--p)) ; ++- p += 1 + sprintf(CS p+1, "%s%d,%d}", *p == ',' ? "" : "{", ++- i2->port, ipa->port); +++ for (p = i2->log; *p; ) p++; /* end of existing string */ +++ if (*--p == '}') *p = '\0'; /* drop EOL */ +++ while (isdigit(*--p)) ; /* char before port */ +++ +++ i2->log = *p == ':' /* no list yet? */ +++ ? string_sprintf("%.*s{%s,%d}", +++ (int)(p - i2->log + 1), i2->log, p+1, ipa->port) +++ : string_sprintf("%s,%d}", i2->log, ipa->port); +++ ipa->log = NULL; ++ break; ++ } ++ if (i2 == ipa) /* first-time IP */ ++- p += sprintf(CS p, " [%s]:%d", ipa->address, ipa->port); +++ ipa->log = string_sprintf(" [%s]:%d", ipa->address, ipa->port); ++ } ++ } ++ } +++ } ++ ++- if (ipa) +++ p = big_buffer; +++ for (int j = 0, i; j < 2; j++) +++ { +++ /* First time round, look for SMTP ports; second time round, look for +++ SMTPS ports. For the first one of each, insert leading text. */ +++ +++ if (j == 0) ++ { ++- memcpy(p, " ...", 5); ++- p += 4; +++ if (smtp_ports > 0) +++ p += sprintf(CS p, "SMTP on"); ++ } +++ else +++ if (smtps_ports > 0) +++ p += sprintf(CS p, "%sSMTPS on", +++ smtp_ports == 0 ? "" : " and for "); +++ +++ /* Now the information about the port (and sometimes interface) */ +++ +++ for (i = 0, ipa = addresses; i < 10 && ipa; i++, ipa = ipa->next) +++ if (host_is_tls_on_connect_port(ipa->port) == (j > 0)) +++ if (ipa->log) +++ p += sprintf(CS p, "%s", ipa->log); +++ +++ if (ipa) +++ p += sprintf(CS p, " ..."); ++ } ++ ++ log_write(0, LOG_MAIN, ++ "exim %s daemon started: pid=%d, %s, listening for %s", ++ version_string, getpid(), qinfo, big_buffer); ++diff --git a/src/host.c b/src/host.c ++index 29c977fe..a3b0977b 100644 ++--- a/src/host.c +++++ b/src/host.c ++@@ -757,10 +757,11 @@ while ((s = string_nextinlist(&list, &sep, NULL, 0))) ++ next = store_get(sizeof(ip_address_item)); ++ next->next = NULL; ++ Ustrcpy(next->address, s); ++ next->port = port; ++ next->v6_include_v4 = FALSE; +++ next->log = NULL; ++ ++ if (!yield) ++ yield = last = next; ++ else ++ { ++diff --git a/src/structs.h b/src/structs.h ++index 20db0e5f..1e63d752 100644 ++--- a/src/structs.h +++++ b/src/structs.h ++@@ -442,10 +442,11 @@ hold an IPv6 address. */ ++ typedef struct ip_address_item { ++ struct ip_address_item *next; ++ int port; ++ BOOL v6_include_v4; /* Used in the daemon */ ++ uschar address[46]; +++ uschar * log; /* portion of "listening on" log line */ ++ } ip_address_item; ++ ++ /* Structure for chaining together arbitrary strings. */ ++ ++ typedef struct string_item { ++-- ++2.20.1 ++ diff --cc debian/patches/75_09-OpenSSL-Fix-aggregation-of-messages.patch index 0000000,0000000..b82891d new file mode 100644 --- /dev/null +++ b/debian/patches/75_09-OpenSSL-Fix-aggregation-of-messages.patch @@@ -1,0 -1,0 +1,127 @@@ ++From 332ebeaf8139b2b75f475880fc14b63c7c45c706 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Tue, 19 Mar 2019 15:33:31 +0000 ++Subject: [PATCH 5/5] OpenSSL: Fix aggregation of messages. ++ ++Broken-by: a5ffa9b475 ++(cherry picked from commit c09dbcfb71f4b9a42cbfd8a20e0be6bfa1b12488) ++--- ++ doc/ChangeLog | 5 +++ ++ src/tls-openssl.c | 24 ++++++++++---- ++ test/confs/2152 | 76 +++++++++++++++++++++++++++++++++++++++++++ ++ test/log/2152 | 9 +++++ ++ 4 files changed, 108 insertions(+), 6 deletions(-) ++ create mode 100644 test/confs/2152 ++ create mode 100644 test/log/2152 ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 3c0ffbf0..3d63725f 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -26,10 +26,15 @@ JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid ++ crash could result. ++ ++ JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when ++ the OS reports them interleaved with other addresses. ++ +++JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was +++ used both for input and for a verify callout, both encrypted, SMTP +++ responses being sent by the server could be lost. This resulted in +++ dropped connections and sometimes bounces generated by a peer sending +++ to this system. ++ ++ ++ Exim version 4.92 ++ ----------------- ++ ++diff --git a/src/tls-openssl.c b/src/tls-openssl.c ++index 8f4cf4d8..cc0ead02 100644 ++--- a/src/tls-openssl.c +++++ b/src/tls-openssl.c ++@@ -272,10 +272,11 @@ Server: ++ */ ++ ++ typedef struct { ++ SSL_CTX * ctx; ++ SSL * ssl; +++ gstring * corked; ++ } exim_openssl_client_tls_ctx; ++ ++ static SSL_CTX *server_ctx = NULL; ++ static SSL *server_ssl = NULL; ++ ++@@ -2471,10 +2472,11 @@ BOOL require_ocsp = FALSE; ++ #endif ++ ++ rc = store_pool; ++ store_pool = POOL_PERM; ++ exim_client_ctx = store_get(sizeof(exim_openssl_client_tls_ctx)); +++exim_client_ctx->corked = NULL; ++ store_pool = rc; ++ ++ #ifdef SUPPORT_DANE ++ tlsp->tlsa_usage = 0; ++ #endif ++@@ -2906,22 +2908,29 @@ Used by both server-side and client-side TLS. ++ ++ int ++ tls_write(void * ct_ctx, const uschar *buff, size_t len, BOOL more) ++ { ++ int outbytes, error, left; ++-SSL * ssl = ct_ctx ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl; ++-static gstring * corked = NULL; +++SSL * ssl = ct_ctx +++ ? ((exim_openssl_client_tls_ctx *)ct_ctx)->ssl : server_ssl; +++static gstring * server_corked = NULL; +++gstring ** corkedp = ct_ctx +++ ? &((exim_openssl_client_tls_ctx *)ct_ctx)->corked : &server_corked; +++gstring * corked = *corkedp; ++ ++ DEBUG(D_tls) debug_printf("%s(%p, %lu%s)\n", __FUNCTION__, ++ buff, (unsigned long)len, more ? ", more" : ""); ++ ++ /* Lacking a CORK or MSG_MORE facility (such as GnuTLS has) we copy data when ++ "more" is notified. This hack is only ok if small amounts are involved AND only ++ one stream does it, in one context (i.e. no store reset). Currently it is used ++-for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. */ ++-/*XXX + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's ++-a store reset there. */ +++for the responses to the received SMTP MAIL , RCPT, DATA sequence, only. +++We support callouts done by the server process by using a separate client +++context for the stashed information. */ +++/* + if PIPE_COMMAND, banner & ehlo-resp for smmtp-on-connect. Suspect there's +++a store reset there, so use POOL_PERM. */ +++/* + if CHUNKING, cmds EHLO,MAIL,RCPT(s),BDAT */ ++ ++ if (!ct_ctx && (more || corked)) ++ { ++ #ifdef EXPERIMENTAL_PIPE_CONNECT ++ int save_pool = store_pool; ++@@ -2933,14 +2942,17 @@ if (!ct_ctx && (more || corked)) ++ #ifdef EXPERIMENTAL_PIPE_CONNECT ++ store_pool = save_pool; ++ #endif ++ ++ if (more) +++ { +++ *corkedp = corked; ++ return len; +++ } ++ buff = CUS corked->s; ++ len = corked->ptr; ++- corked = NULL; +++ *corkedp = NULL; ++ } ++ ++ for (left = len; left > 0;) ++ { ++ DEBUG(D_tls) debug_printf("SSL_write(%p, %p, %d)\n", ssl, buff, left); ++diff --git a/test/confs/2152 b/test/confs/2152 ++new file mode 100644 ++index 00000000..f783192b ++diff --git a/test/log/2152 b/test/log/2152 ++new file mode 100644 ++index 00000000..720200be ++-- ++2.20.1 ++ diff --cc debian/patches/75_10-Harden-plaintext-authenticator.patch index 0000000,0000000..9dcfd47 new file mode 100644 --- /dev/null +++ b/debian/patches/75_10-Harden-plaintext-authenticator.patch @@@ -1,0 -1,0 +1,55 @@@ ++From e5b942ae007d0533fbd599c64d550f3a8355b940 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Thu, 21 Mar 2019 20:01:03 +0000 ++Subject: [PATCH] Harden plaintext authenticator ++ ++Cherry-picked from: f9fc942757 ++--- ++ doc/ChangeLog | 5 +++++ ++ src/auths/plaintext.c | 6 +----- ++ 2 files changed, 6 insertions(+), 5 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 3d63725f..c34e60d1 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -32,10 +32,15 @@ JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was ++ used both for input and for a verify callout, both encrypted, SMTP ++ responses being sent by the server could be lost. This resulted in ++ dropped connections and sometimes bounces generated by a peer sending ++ to this system. ++ +++JH/11 Harden plaintext authenticator against a badly misconfigured client-send +++ string. Previously it was possible to cause undefined behaviour in a +++ library routine (usually a crash). Found by "zerons". +++ +++ ++ ++ Exim version 4.92 ++ ----------------- ++ ++ JH/01 Remove code calling the customisable local_scan function, unless a new ++diff --git a/src/auths/plaintext.c b/src/auths/plaintext.c ++index 7a0f7885..fa05b0ad 100644 ++--- a/src/auths/plaintext.c +++++ b/src/auths/plaintext.c ++@@ -221,15 +221,11 @@ while ((s = string_nextinlist(&text, &sep, big_buffer, big_buffer_size))) ++ for (i = 0; i < len; i++) ++ if (ss[i] == '^') ++ if (ss[i+1] != '^') ++ ss[i] = 0; ++ else ++- { ++- i++; ++- len--; ++- memmove(ss + i, ss + i + 1, len - i); ++- } +++ if (--len > ++i) memmove(ss + i, ss + i + 1, len - i); ++ ++ /* The first string is attached to the AUTH command; others are sent ++ unembellished. */ ++ ++ if (first) ++-- ++2.20.1 ++ diff --cc debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch index 0000000,0000000..8322d93 new file mode 100644 --- /dev/null +++ b/debian/patches/75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch @@@ -1,0 -1,0 +1,54 @@@ ++From 5e64b73ef7cdaf20b998b3345a588b462fd30bfb Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Tue, 7 May 2019 22:55:41 +0100 ++Subject: [PATCH] GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp ++ ++(cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941) ++--- ++ doc/ChangeLog | 3 +++ ++ src/tls-gnu.c | 12 ++++++++---- ++ test/log/5651 | 2 +- ++ test/log/5730 | 8 ++++---- ++ 4 files changed, 16 insertions(+), 9 deletions(-) ++ ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -39,6 +39,9 @@ JH/11 Harden plaintext authenticator aga ++ library routine (usually a crash). Found by "zerons". ++ ++ +++JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the +++ verification result was not updated unless hosts_require_ocsp applied. +++ ++ ++ Exim version 4.92 ++ ----------------- ++--- a/src/tls-gnu.c +++++ b/src/tls-gnu.c ++@@ -2450,7 +2450,7 @@ if (!verify_certificate(state, errstr)) ++ } ++ ++ #ifndef DISABLE_OCSP ++-if (require_ocsp) +++if (request_ocsp) ++ { ++ DEBUG(D_tls) ++ { ++@@ -2474,10 +2474,14 @@ if (require_ocsp) ++ { ++ tlsp->ocsp = OCSP_FAILED; ++ tls_error(US"certificate status check failed", NULL, state->host, errstr); ++- return NULL; +++ if (require_ocsp) +++ return FALSE; +++ } +++ else +++ { +++ DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); +++ tlsp->ocsp = OCSP_VFIED; ++ } ++- DEBUG(D_tls) debug_printf("Passed OCSP checking\n"); ++- tlsp->ocsp = OCSP_VFIED; ++ } ++ #endif ++ diff --cc debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch index 0000000,0000000..5b98faa new file mode 100644 --- /dev/null +++ b/debian/patches/75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch @@@ -1,0 -1,0 +1,42 @@@ ++From 44893ba5249c6c6d5a0d62a1cc57ba3fbf7185b4 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Sun, 19 May 2019 12:12:36 +0100 ++Subject: [PATCH 1/2] GnuTLS: fix the advertising of acceptable certs by the ++ server. Bug 2389 ++ ++(cherry picked from commit 12d95aa62042377fc9f603245a17a43142972447) ++--- ++ doc/ChangeLog | 4 ++++ ++ src/tls-gnu.c | 8 ++++++++ ++ 2 files changed, 12 insertions(+) ++ ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -42,6 +42,10 @@ JH/11 Harden plaintext authenticator aga ++ JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the ++ verification result was not updated unless hosts_require_ocsp applied. ++ +++JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in +++ directory-of-certs mode. Previously they were advertised despite the +++ documentation. +++ ++ ++ Exim version 4.92 ++ ----------------- ++--- a/src/tls-gnu.c +++++ b/src/tls-gnu.c ++@@ -1133,6 +1133,14 @@ else ++ #endif ++ gnutls_certificate_set_x509_trust_file(state->x509_cred, ++ CS state->exp_tls_verify_certificates, GNUTLS_X509_FMT_PEM); +++ +++#ifdef SUPPORT_CA_DIR +++ /* Mimic the behaviour with OpenSSL of not advertising a usable-cert list +++ when using the directory-of-certs config model. */ +++ +++ if ((statbuf.st_mode & S_IFMT) == S_IFDIR) +++ gnutls_certificate_send_x509_rdn_sequence(state->session, 1); +++#endif ++ } ++ ++ if (cert_count < 0) diff --cc debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch index 0000000,0000000..0eb4d4b new file mode 100644 --- /dev/null +++ b/debian/patches/75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch @@@ -1,0 -1,0 +1,52 @@@ ++From 454bab46ae6812e29652d10c390451c962a6f806 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Tue, 4 Jun 2019 18:13:21 +0100 ++Subject: [PATCH 2/2] Use dsn_from for success-DSN messages. Bug 2404 ++ ++(cherry picked from commit 87abcb247b4444bab5fd0bcb212ddb26d5fd9191) ++--- ++ doc/ChangeLog | 4 ++++ ++ src/deliver.c | 4 ++-- ++ 2 files changed, 6 insertions(+), 2 deletions(-) ++ ++diff --git a/doc/ChangeLog b/doc/ChangeLog ++index 5a3e453d..1a12c014 100644 ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -65,6 +65,10 @@ JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in ++ directory-of-certs mode. Previously they were advertised despite the ++ documentation. ++ +++JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for +++ success-DSN messages. Previously the From: header was always the default +++ one for these; the option was ignored. +++ ++ ++ Exim version 4.92 ++ ----------------- ++diff --git a/src/deliver.c b/src/deliver.c ++index e1799411..4720f596 100644 ++--- a/src/deliver.c +++++ b/src/deliver.c ++@@ -7365,8 +7365,8 @@ if (addr_senddsn) ++ if (errors_reply_to) ++ fprintf(f, "Reply-To: %s\n", errors_reply_to); ++ +++ moan_write_from(f); ++ fprintf(f, "Auto-Submitted: auto-generated\n" ++- "From: Mail Delivery System \n" ++ "To: %s\n" ++ "Subject: Delivery Status Notification\n" ++ "Content-Type: multipart/report; report-type=delivery-status; boundary=%s\n" ++@@ -7377,7 +7377,7 @@ if (addr_senddsn) ++ ++ "This message was created automatically by mail delivery software.\n" ++ " ----- The following addresses had successful delivery notifications -----\n", ++- qualify_domain_sender, sender_address, bound, bound); +++ sender_address, bound, bound); ++ ++ for (addr_dsntmp = addr_senddsn; addr_dsntmp; ++ addr_dsntmp = addr_dsntmp->next) ++-- ++2.20.1 ++ diff --cc debian/patches/75_14-Fix-smtp-response-timeout.patch index 0000000,0000000..abf2da4 new file mode 100644 --- /dev/null +++ b/debian/patches/75_14-Fix-smtp-response-timeout.patch @@@ -1,0 -1,0 +1,325 @@@ ++From 0a5441fcd93ae4145c07b3ed138dfe0e107174e0 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Mon, 27 May 2019 23:44:31 +0100 ++Subject: [PATCH 1/2] Fix smtp response timeout ++ ++--- ++ doc/ChangeLog | 6 ++++++ ++ src/functions.h | 4 ++-- ++ src/ip.c | 16 +++++++--------- ++ src/malware.c | 26 +++++++++++++------------- ++ src/routers/iplookup.c | 2 +- ++ src/smtp_out.c | 9 +++++---- ++ src/spam.c | 2 +- ++ src/transports/smtp_socks.c | 6 +++--- ++ src/verify.c | 2 +- ++ 9 files changed, 39 insertions(+), 34 deletions(-) ++ ++--- a/doc/ChangeLog +++++ b/doc/ChangeLog ++@@ -50,6 +50,13 @@ JH/27 Bug 2404: Use the main-section con ++ success-DSN messages. Previously the From: header was always the default ++ one for these; the option was ignored. ++ +++JH/28 Fix the timeout on smtp response to apply to the whole response. +++ Previously it was reset for every read, so a teergrubing peer sending +++ single bytes within the time limit could extend the connection for a +++ long time. Credit to Qualsys Security Advisory Team for the discovery. +++[from GIT master] +++ +++ ++ ++ Exim version 4.92 ++ ----------------- ++--- a/src/functions.h +++++ b/src/functions.h ++@@ -225,7 +225,7 @@ extern uschar *expand_string_copy(const ++ extern int_eximarith_t expand_string_integer(uschar *, BOOL); ++ extern void modify_variable(uschar *, void *); ++ ++-extern BOOL fd_ready(int, int); +++extern BOOL fd_ready(int, time_t); ++ ++ extern int filter_interpret(uschar *, int, address_item **, uschar **); ++ extern BOOL filter_personal(string_item *, BOOL); ++@@ -271,7 +271,7 @@ extern int ip_connectedsocket(int, c ++ int, host_item *, uschar **, const blob *); ++ extern int ip_get_address_family(int); ++ extern void ip_keepalive(int, const uschar *, BOOL); ++-extern int ip_recv(client_conn_ctx *, uschar *, int, int); +++extern int ip_recv(client_conn_ctx *, uschar *, int, time_t); ++ extern int ip_socket(int, int); ++ ++ extern int ip_tcpsocket(const uschar *, uschar **, int); ++--- a/src/ip.c +++++ b/src/ip.c ++@@ -566,16 +566,15 @@ if (setsockopt(sock, SOL_SOCKET, SO_KEEP ++ /* ++ Arguments: ++ fd the file descriptor ++- timeout the timeout, seconds +++ timelimit the timeout endpoint, seconds-since-epoch ++ Returns: TRUE => ready for i/o ++ FALSE => timed out, or other error ++ */ ++ BOOL ++-fd_ready(int fd, int timeout) +++fd_ready(int fd, time_t timelimit) ++ { ++ fd_set select_inset; ++-time_t start_recv = time(NULL); ++-int time_left = timeout; +++int time_left = timelimit - time(NULL); ++ int rc; ++ ++ if (time_left <= 0) ++@@ -609,8 +608,7 @@ do ++ DEBUG(D_transport) debug_printf("EINTR while waiting for socket data\n"); ++ ++ /* Watch out, 'continue' jumps to the condition, not to the loops top */ ++- time_left = timeout - (time(NULL) - start_recv); ++- if (time_left > 0) continue; +++ if ((time_left = timelimit - time(NULL)) > 0) continue; ++ } ++ ++ if (rc <= 0) ++@@ -634,18 +632,18 @@ Arguments: ++ cctx the connection context (socket fd, possibly TLS context) ++ buffer to read into ++ bufsize the buffer size ++- timeout the timeout +++ timelimit the timeout endpoint, seconds-since-epoch ++ ++ Returns: > 0 => that much data read ++ <= 0 on error or EOF; errno set - zero for EOF ++ */ ++ ++ int ++-ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, int timeout) +++ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, time_t timelimit) ++ { ++ int rc; ++ ++-if (!fd_ready(cctx->sock, timeout)) +++if (!fd_ready(cctx->sock, timelimit)) ++ return -1; ++ ++ /* The socket is ready, read from it (via TLS if it's active). On EOF (i.e. ++--- a/src/malware.c +++++ b/src/malware.c ++@@ -349,13 +349,13 @@ return cre; ++ -2 on timeout or error ++ */ ++ static int ++-recv_line(int fd, uschar * buffer, int bsize, int tmo) +++recv_line(int fd, uschar * buffer, int bsize, time_t tmo) ++ { ++ uschar * p = buffer; ++ ssize_t rcv; ++ BOOL ok = FALSE; ++ ++-if (!fd_ready(fd, tmo-time(NULL))) +++if (!fd_ready(fd, tmo)) ++ return -2; ++ ++ /*XXX tmo handling assumes we always get a whole line */ ++@@ -382,9 +382,9 @@ return p - buffer; ++ ++ /* return TRUE iff size as requested */ ++ static BOOL ++-recv_len(int sock, void * buf, int size, int tmo) +++recv_len(int sock, void * buf, int size, time_t tmo) ++ { ++-return fd_ready(sock, tmo-time(NULL)) +++return fd_ready(sock, tmo) ++ ? recv(sock, buf, size, 0) == size ++ : FALSE; ++ } ++@@ -430,7 +430,7 @@ for (;;) ++ } ++ ++ static inline int ++-mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, int tmo) +++mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size, time_t tmo) ++ { ++ client_conn_ctx cctx = {.sock = sock}; ++ int offset = 0; ++@@ -438,7 +438,7 @@ int i; ++ ++ do ++ { ++- i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo-time(NULL)); +++ i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo); ++ if (i <= 0) ++ { ++ (void) malware_panic_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)"); ++@@ -497,7 +497,7 @@ switch (*line) ++ ++ static int ++ mksd_scan_packed(struct scan * scanent, int sock, const uschar * scan_filename, ++- int tmo) +++ time_t tmo) ++ { ++ struct iovec iov[3]; ++ const char *cmd = "MSQ\n"; ++@@ -746,7 +746,7 @@ if (!malware_ok) ++ if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0) ++ return m_panic_defer(scanent, CUS callout_address, errstr); ++ ++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); +++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); ++ ++ if (bread <= 0) ++ return m_panic_defer_3(scanent, CUS callout_address, ++@@ -1064,7 +1064,7 @@ badseek: err = errno; ++ if (m_sock_send(malware_daemon_ctx.sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0) ++ return m_panic_defer(scanent, CUS callout_address, errstr); ++ ++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); +++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); ++ if (bread > 0) av_buffer[bread]='\0'; ++ if (bread < 0) ++ return m_panic_defer_3(scanent, CUS callout_address, ++@@ -1096,7 +1096,7 @@ badseek: err = errno; ++ { ++ errno = ETIMEDOUT; ++ i = av_buffer+sizeof(av_buffer)-p; ++- if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo-time(NULL))) < 0) +++ if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo)) < 0) ++ return m_panic_defer_3(scanent, CUS callout_address, ++ string_sprintf("unable to read result (%s)", strerror(errno)), ++ malware_daemon_ctx.sock); ++@@ -1401,7 +1401,7 @@ badseek: err = errno; ++ ++ /* wait for result */ ++ memset(av_buffer, 0, sizeof(av_buffer)); ++- if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL))) <= 0) +++ if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo)) <= 0) ++ return m_panic_defer_3(scanent, CUS callout_address, ++ string_sprintf("unable to read from UNIX socket (%s)", scanner_options), ++ malware_daemon_ctx.sock); ++@@ -1737,7 +1737,7 @@ b_seek: err = errno; ++ ++ /* Read the result */ ++ memset(av_buffer, 0, sizeof(av_buffer)); ++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); +++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); ++ (void)close(malware_daemon_ctx.sock); ++ malware_daemon_ctx.sock = -1; ++ malware_daemon_ctx.tls_ctx = NULL; ++@@ -1895,7 +1895,7 @@ b_seek: err = errno; ++ return m_panic_defer(scanent, CUS callout_address, errstr); ++ ++ /* Read the result */ ++- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo-time(NULL)); +++ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo); ++ ++ if (bread <= 0) ++ return m_panic_defer_3(scanent, CUS callout_address, ++--- a/src/routers/iplookup.c +++++ b/src/routers/iplookup.c ++@@ -279,7 +279,7 @@ while ((hostname = string_nextinlist(&li ++ /* Read the response and close the socket. If the read fails, try the ++ next IP address. */ ++ ++- count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, ob->timeout); +++ count = ip_recv(&query_cctx, reply, sizeof(reply) - 1, time(NULL) + ob->timeout); ++ (void)close(query_cctx.sock); ++ if (count <= 0) ++ { ++--- a/src/smtp_out.c +++++ b/src/smtp_out.c ++@@ -587,14 +587,14 @@ Arguments: ++ inblock the SMTP input block (contains holding buffer, socket, etc.) ++ buffer where to put the line ++ size space available for the line ++- timeout the timeout to use when reading a packet +++ timelimit deadline for reading the lime, seconds past epoch ++ ++ Returns: length of a line that has been put in the buffer ++ -1 otherwise, with errno set ++ */ ++ ++ static int ++-read_response_line(smtp_inblock *inblock, uschar *buffer, int size, int timeout) +++read_response_line(smtp_inblock *inblock, uschar *buffer, int size, time_t timelimit) ++ { ++ uschar *p = buffer; ++ uschar *ptr = inblock->ptr; ++@@ -637,7 +637,7 @@ for (;;) ++ ++ /* Need to read a new input packet. */ ++ ++- if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timeout)) <= 0) +++ if((rc = ip_recv(cctx, inblock->buffer, inblock->buffersize, timelimit)) <= 0) ++ { ++ DEBUG(D_deliver|D_transport|D_acl) ++ debug_printf_indent(errno ? " SMTP(%s)<<\n" : " SMTP(closed)<<\n", ++@@ -694,6 +694,7 @@ smtp_read_response(void * sx0, uschar * ++ smtp_context * sx = sx0; ++ uschar * ptr = buffer; ++ int count = 0, rc; +++time_t timelimit = time(NULL) + timeout; ++ ++ errno = 0; /* Ensure errno starts out zero */ ++ ++@@ -713,7 +714,7 @@ response. */ ++ ++ for (;;) ++ { ++- if ((count = read_response_line(&sx->inblock, ptr, size, timeout)) < 0) +++ if ((count = read_response_line(&sx->inblock, ptr, size, timelimit)) < 0) ++ return FALSE; ++ ++ HDEBUG(D_transport|D_acl|D_v) ++--- a/src/spam.c +++++ b/src/spam.c ++@@ -503,7 +503,7 @@ offset = 0; ++ while ((i = ip_recv(&spamd_cctx, ++ spamd_buffer + offset, ++ sizeof(spamd_buffer) - offset - 1, ++- sd->timeout - time(NULL) + start)) > 0) +++ sd->timeout + start)) > 0) ++ offset += i; ++ spamd_buffer[offset] = '\0'; /* guard byte */ ++ ++--- a/src/transports/smtp_socks.c +++++ b/src/transports/smtp_socks.c ++@@ -129,7 +129,7 @@ switch(method) ++ #ifdef TCP_QUICKACK ++ (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); ++ #endif ++- if (!fd_ready(fd, tmo-time(NULL)) || read(fd, s, 2) != 2) +++ if (!fd_ready(fd, tmo) || read(fd, s, 2) != 2) ++ return FAIL; ++ HDEBUG(D_transport|D_acl|D_v) ++ debug_printf_indent(" SOCKS<< %02x %02x\n", s[0], s[1]); ++@@ -320,7 +320,7 @@ HDEBUG(D_transport|D_acl|D_v) debug_prin ++ (void) setsockopt(fd, IPPROTO_TCP, TCP_QUICKACK, US &off, sizeof(off)); ++ #endif ++ ++-if ( !fd_ready(fd, tmo-time(NULL)) +++if ( !fd_ready(fd, tmo) ++ || read(fd, buf, 2) != 2 ++ ) ++ goto rcv_err; ++@@ -370,7 +370,7 @@ if (send(fd, buf, size, 0) < 0) ++ /* expect conn-reply (success, local(ipver, addr, port)) ++ of same length as conn-request, or non-success fail code */ ++ ++-if ( !fd_ready(fd, tmo-time(NULL)) +++if ( !fd_ready(fd, tmo) ++ || (size = read(fd, buf, size)) < 2 ++ ) ++ goto rcv_err; ++--- a/src/verify.c +++++ b/src/verify.c ++@@ -2770,7 +2770,7 @@ for (;;) ++ int size = sizeof(buffer) - (p - buffer); ++ ++ if (size <= 0) goto END_OFF; /* Buffer filled without seeing \n. */ ++- count = ip_recv(&ident_conn_ctx, p, size, rfc1413_query_timeout); +++ count = ip_recv(&ident_conn_ctx, p, size, time(NULL) + rfc1413_query_timeout); ++ if (count <= 0) goto END_OFF; /* Read error or EOF */ ++ ++ /* Scan what we just read, to see if we have reached the terminating \r\n. Be diff --cc debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch index 0000000,0000000..039ed5f new file mode 100644 --- /dev/null +++ b/debian/patches/75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch @@@ -1,0 -1,0 +1,48 @@@ ++From 26dd3aa007b3b77969610c031f59388e0953bd00 Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Fri, 7 Jun 2019 11:54:10 +0100 ++Subject: [PATCH 2/2] Fix detection of 32b platform at build time. Bug 2405 ++ ++--- ++ src/buildconfig.c | 12 +++--- ++ test/scripts/0000-Basic/0002 | 72 +++++++++++++++++++----------------- ++ test/stdout/0002 | 72 +++++++++++++++++++----------------- ++ 3 files changed, 83 insertions(+), 73 deletions(-) ++ ++diff --git a/src/buildconfig.c b/src/buildconfig.c ++index 71cf97b1..a680b344 100644 ++--- a/src/buildconfig.c +++++ b/src/buildconfig.c ++@@ -111,6 +111,7 @@ unsigned long test_ulong_t = 0L; ++ unsigned int test_uint_t = 0; ++ #endif ++ long test_long_t = 0; +++long long test_longlong_t = 0; ++ int test_int_t = 0; ++ FILE *base; ++ FILE *new; ++@@ -155,15 +156,16 @@ This assumption is known to be OK for the common operating systems. */ ++ ++ fprintf(new, "#ifndef OFF_T_FMT\n"); ++ if (sizeof(test_off_t) > sizeof(test_long_t)) ++- { ++ fprintf(new, "# define OFF_T_FMT \"%%lld\"\n"); ++- fprintf(new, "# define LONGLONG_T long long int\n"); ++- } ++ else ++- { ++ fprintf(new, "# define OFF_T_FMT \"%%ld\"\n"); +++fprintf(new, "#endif\n\n"); +++ +++fprintf(new, "#ifndef LONGLONG_T\n"); +++if (sizeof(test_longlong_t) > sizeof(test_long_t)) +++ fprintf(new, "# define LONGLONG_T long long int\n"); +++else ++ fprintf(new, "# define LONGLONG_T long int\n"); ++- } ++ fprintf(new, "#endif\n\n"); ++ ++ /* Now do the same thing for time_t variables. If the length is greater than ++-- ++2.20.1 ++ diff --cc debian/patches/77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch index daec652,0000000..50c63ed mode 100644,000000..100644 --- a/debian/patches/77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch +++ b/debian/patches/77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch @@@ -1,385 -1,0 +1,394 @@@ +From cf84d126bc1f04746eb7c8e8b3468f7e70add3ec Mon Sep 17 00:00:00 2001 +From: Jeremy Harris +Date: Fri, 5 Jul 2019 15:38:15 +0100 +Subject: [PATCH] Avoid re-expansion in ${sort } CVE-2019-13917 + OVE-20190718-0006 + +(cherry picked from commit 5c887f836e4d8e3f79da1c15565b56b40d9bd0dd) +--- + doc/ChangeLog | 6 ++ + doc/doc-txt/cve-2019-13917 | 46 ++++++++ + src/expand.c | 214 +++++++++++++++++++++++++------------ + 3 files changed, 199 insertions(+), 67 deletions(-) + create mode 100644 doc/doc-txt/cve-2019-13917 + +--- a/src/expand.c ++++ b/src/expand.c - @@ -2115,6 +2115,55 @@ return ret; ++@@ -2147,6 +2147,55 @@ return ret; + + + ++/************************************************/ ++/* Return offset in ops table, or -1 if not found. ++Repoint to just after the operator in the string. ++ ++Argument: ++ ss string representation of operator ++ opname split-out operator name ++*/ ++ ++static int ++identify_operator(const uschar ** ss, uschar ** opname) ++{ ++const uschar * s = *ss; ++uschar name[256]; ++ ++/* Numeric comparisons are symbolic */ ++ ++if (*s == '=' || *s == '>' || *s == '<') ++ { ++ int p = 0; ++ name[p++] = *s++; ++ if (*s == '=') ++ { ++ name[p++] = '='; ++ s++; ++ } ++ name[p] = 0; ++ } ++ ++/* All other conditions are named */ ++ ++else ++ s = read_name(name, sizeof(name), s, US"_"); ++*ss = s; ++ ++/* If we haven't read a name, it means some non-alpha character is first. */ ++ ++if (!name[0]) ++ { ++ expand_string_message = string_sprintf("condition name expected, " ++ "but found \"%.16s\"", s); ++ return -1; ++ } ++if (opname) ++ *opname = string_copy(name); ++ ++return chop_match(name, cond_table, nelem(cond_table)); ++} ++ + + /************************************************* + * Read and evaluate a condition * - @@ -2145,6 +2194,7 @@ BOOL sub2_honour_dollar = TRUE; ++@@ -2177,6 +2226,7 @@ BOOL sub2_honour_dollar = TRUE; + int i, rc, cond_type, roffset; + int_eximarith_t num[2]; + struct stat statbuf; ++uschar * opname; + uschar name[256]; + const uschar *sub[10]; + - @@ -2157,37 +2207,7 @@ for (;;) ++@@ -2189,37 +2239,7 @@ for (;;) + if (*s == '!') { testfor = !testfor; s++; } else break; + } + +-/* Numeric comparisons are symbolic */ +- +-if (*s == '=' || *s == '>' || *s == '<') +- { +- int p = 0; +- name[p++] = *s++; +- if (*s == '=') +- { +- name[p++] = '='; +- s++; +- } +- name[p] = 0; +- } +- +-/* All other conditions are named */ +- +-else s = read_name(name, 256, s, US"_"); +- +-/* If we haven't read a name, it means some non-alpha character is first. */ +- +-if (name[0] == 0) +- { +- expand_string_message = string_sprintf("condition name expected, " +- "but found \"%.16s\"", s); +- return NULL; +- } +- +-/* Find which condition we are dealing with, and switch on it */ +- +-cond_type = chop_match(name, cond_table, nelem(cond_table)); +-switch(cond_type) ++switch(cond_type = identify_operator(&s, &opname)) + { + /* def: tests for a non-empty variable, or for the existence of a header. If + yield == NULL we are in a skipping state, and don't care about the answer. */ - @@ -2506,7 +2526,7 @@ switch(cond_type) ++@@ -2538,7 +2558,7 @@ switch(cond_type) + { + if (i == 0) goto COND_FAILED_CURLY_START; + expand_string_message = string_sprintf("missing 2nd string in {} " +- "after \"%s\"", name); ++ "after \"%s\"", opname); + return NULL; + } - sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL, - @@ -2518,7 +2538,7 @@ switch(cond_type) ++ if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, yield == NULL, ++@@ -2553,7 +2573,7 @@ switch(cond_type) + conditions that compare numbers do not start with a letter. This just saves + checking for them individually. */ + +- if (!isalpha(name[0]) && yield != NULL) ++ if (!isalpha(opname[0]) && yield != NULL) + if (sub[i][0] == 0) + { + num[i] = 0; - @@ -2832,7 +2852,7 @@ switch(cond_type) ++@@ -2867,7 +2887,7 @@ switch(cond_type) + uschar *save_iterate_item = iterate_item; + int (*compare)(const uschar *, const uschar *); + - - DEBUG(D_expand) debug_printf_indent("condition: %s\n", name); - + DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname); ++- DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", name, sub[0]); +++ DEBUG(D_expand) debug_printf_indent("condition: %s item: %s\n", opname, sub[0]); + + tempcond = FALSE; + compare = cond_type == ECOND_INLISTI - @@ -2871,14 +2891,14 @@ switch(cond_type) ++@@ -2909,14 +2929,14 @@ switch(cond_type) + if (*s != '{') /* }-for-text-editors */ + { + expand_string_message = string_sprintf("each subcondition " +- "inside an \"%s{...}\" condition must be in its own {}", name); ++ "inside an \"%s{...}\" condition must be in its own {}", opname); + return NULL; + } + + if (!(s = eval_condition(s+1, resetok, subcondptr))) + { + expand_string_message = string_sprintf("%s inside \"%s{...}\" condition", +- expand_string_message, name); ++ expand_string_message, opname); + return NULL; + } + while (isspace(*s)) s++; - @@ -2888,7 +2908,7 @@ switch(cond_type) ++@@ -2926,7 +2946,7 @@ switch(cond_type) + { + /* {-for-text-editors */ + expand_string_message = string_sprintf("missing } at end of condition " +- "inside \"%s\" group", name); ++ "inside \"%s\" group", opname); + return NULL; + } + - @@ -2920,7 +2940,7 @@ switch(cond_type) ++@@ -2958,7 +2978,7 @@ switch(cond_type) + int sep = 0; + uschar *save_iterate_item = iterate_item; + +- DEBUG(D_expand) debug_printf_indent("condition: %s\n", name); ++ DEBUG(D_expand) debug_printf_indent("condition: %s\n", opname); + + while (isspace(*s)) s++; + if (*s++ != '{') goto COND_FAILED_CURLY_START; /* }-for-text-editors */ - @@ -2941,7 +2961,7 @@ switch(cond_type) ++@@ -2979,7 +2999,7 @@ switch(cond_type) + if (!(s = eval_condition(sub[1], resetok, NULL))) + { + expand_string_message = string_sprintf("%s inside \"%s\" condition", +- expand_string_message, name); ++ expand_string_message, opname); + return NULL; + } + while (isspace(*s)) s++; - @@ -2951,7 +2971,7 @@ switch(cond_type) ++@@ -2989,7 +3009,7 @@ switch(cond_type) + { + /* {-for-text-editors */ + expand_string_message = string_sprintf("missing } at end of condition " +- "inside \"%s\"", name); ++ "inside \"%s\"", opname); + return NULL; + } + - @@ -2963,11 +2983,11 @@ switch(cond_type) ++@@ -3001,11 +3021,11 @@ switch(cond_type) + if (!eval_condition(sub[1], resetok, &tempcond)) + { + expand_string_message = string_sprintf("%s inside \"%s\" condition", +- expand_string_message, name); ++ expand_string_message, opname); + iterate_item = save_iterate_item; + return NULL; + } +- DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", name, ++ DEBUG(D_expand) debug_printf_indent("%s: condition evaluated to %s\n", opname, + tempcond? "true":"false"); + + if (yield != NULL) *yield = (tempcond == testfor); - @@ -3060,19 +3080,20 @@ switch(cond_type) ++@@ -3098,19 +3118,20 @@ switch(cond_type) + /* Unknown condition */ + + default: +- expand_string_message = string_sprintf("unknown condition \"%s\"", name); +- return NULL; ++ if (!expand_string_message || !*expand_string_message) ++ expand_string_message = string_sprintf("unknown condition \"%s\"", opname); ++ return NULL; + } /* End switch on condition type */ + + /* Missing braces at start and end of data */ + + COND_FAILED_CURLY_START: +-expand_string_message = string_sprintf("missing { after \"%s\"", name); ++expand_string_message = string_sprintf("missing { after \"%s\"", opname); + return NULL; + + COND_FAILED_CURLY_END: + expand_string_message = string_sprintf("missing } at end of \"%s\" condition", +- name); ++ opname); + return NULL; + + /* A condition requires code that is not compiled */ - @@ -3082,7 +3103,7 @@ return NULL; ++@@ -3120,7 +3141,7 @@ return NULL; + !defined(SUPPORT_CRYPTEQ) || !defined(CYRUS_SASLAUTHD_SOCKET) + COND_FAILED_NOT_COMPILED: + expand_string_message = string_sprintf("support for \"%s\" not compiled", +- name); ++ opname); + return NULL; + #endif + } - @@ -3793,6 +3814,58 @@ return x; - } ++@@ -3849,6 +3870,56 @@ return x; ++ + + ++/************************************************/ ++/* Comparison operation for sort expansion. We need to avoid ++re-expanding the fields being compared, so need a custom routine. ++ ++Arguments: ++ cond_type Comparison operator code ++ leftarg, rightarg Arguments for comparison ++ ++Return true iff (leftarg compare rightarg) ++*/ ++ ++static BOOL ++sortsbefore(int cond_type, BOOL alpha_cond, ++ const uschar * leftarg, const uschar * rightarg) ++{ ++int_eximarith_t l_num, r_num; ++ ++if (!alpha_cond) ++ { ++ l_num = expanded_string_integer(leftarg, FALSE); ++ if (expand_string_message) return FALSE; ++ r_num = expanded_string_integer(rightarg, FALSE); ++ if (expand_string_message) return FALSE; ++ ++ switch (cond_type) ++ { ++ case ECOND_NUM_G: return l_num > r_num; ++ case ECOND_NUM_GE: return l_num >= r_num; ++ case ECOND_NUM_L: return l_num < r_num; ++ case ECOND_NUM_LE: return l_num <= r_num; ++ default: break; ++ } ++ } ++else ++ switch (cond_type) ++ { ++ case ECOND_STR_LT: return Ustrcmp (leftarg, rightarg) < 0; ++ case ECOND_STR_LTI: return strcmpic(leftarg, rightarg) < 0; ++ case ECOND_STR_LE: return Ustrcmp (leftarg, rightarg) <= 0; ++ case ECOND_STR_LEI: return strcmpic(leftarg, rightarg) <= 0; ++ case ECOND_STR_GT: return Ustrcmp (leftarg, rightarg) > 0; ++ case ECOND_STR_GTI: return strcmpic(leftarg, rightarg) > 0; ++ case ECOND_STR_GE: return Ustrcmp (leftarg, rightarg) >= 0; ++ case ECOND_STR_GEI: return strcmpic(leftarg, rightarg) >= 0; ++ default: break; ++ } ++return FALSE; /* should not happen */ ++} ++ ++ - + - + ++ /* Return pointer to dewrapped string, with enclosing specified chars removed. ++ The given string is modified on return. Leading whitespace is skipped while ++ looking for the opening wrap character, then the rest is scanned for the trailing ++@@ -3905,7 +3976,7 @@ The element may itself be an object or a ++ Return NULL when the list is empty. ++ */ + - /************************************************* - * Expand string * - @@ -5904,9 +5977,10 @@ while (*s != 0) ++-uschar * +++static uschar * ++ json_nextinlist(const uschar ** list) ++ { ++ unsigned array_depth = 0, object_depth = 0; ++@@ -6243,9 +6314,10 @@ while (*s != 0) + + case EITEM_SORT: + { ++ int cond_type; + int sep = 0; + const uschar *srclist, *cmp, *xtract; +- uschar *srcitem; ++ uschar * opname, * srcitem; + const uschar *dstlist = NULL, *dstkeylist = NULL; + uschar * tmp; + uschar *save_iterate_item = iterate_item; - @@ -5941,6 +6015,25 @@ while (*s != 0) ++@@ -6280,6 +6352,25 @@ while (*s != 0) + goto EXPAND_FAILED_CURLY; + } + ++ if ((cond_type = identify_operator(&cmp, &opname)) == -1) ++ { ++ if (!expand_string_message) ++ expand_string_message = string_sprintf("unknown condition \"%s\"", s); ++ goto EXPAND_FAILED; ++ } ++ switch(cond_type) ++ { ++ case ECOND_NUM_L: case ECOND_NUM_LE: ++ case ECOND_NUM_G: case ECOND_NUM_GE: ++ case ECOND_STR_GE: case ECOND_STR_GEI: case ECOND_STR_GT: case ECOND_STR_GTI: ++ case ECOND_STR_LE: case ECOND_STR_LEI: case ECOND_STR_LT: case ECOND_STR_LTI: ++ break; ++ ++ default: ++ expand_string_message = US"comparator not handled for sort"; ++ goto EXPAND_FAILED; ++ } ++ + while (isspace(*s)) s++; + if (*s++ != '{') + { - @@ -5969,10 +6062,9 @@ while (*s != 0) ++@@ -6307,11 +6398,10 @@ while (*s != 0) ++ if (skipping) continue; + + while ((srcitem = string_nextinlist(&srclist, &sep, NULL, 0))) - { ++- { +- uschar * dstitem; +++ { ++ uschar * srcfield, * dstitem; - uschar * newlist = NULL; - uschar * newkeylist = NULL; ++ gstring * newlist = NULL; ++ gstring * newkeylist = NULL; +- uschar * srcfield; + + DEBUG(D_expand) debug_printf_indent("%s: $item = \"%s\"\n", name, srcitem); + - @@ -5993,25 +6085,15 @@ while (*s != 0) ++@@ -6332,25 +6422,15 @@ while (*s != 0) + while ((dstitem = string_nextinlist(&dstlist, &sep, NULL, 0))) + { + uschar * dstfield; +- uschar * expr; +- BOOL before; + + /* field for comparison */ + if (!(dstfield = string_nextinlist(&dstkeylist, &sep, NULL, 0))) + goto sort_mismatch; + +- /* build and run condition string */ +- expr = string_sprintf("%s{%s}{%s}", cmp, srcfield, dstfield); +- +- DEBUG(D_expand) debug_printf_indent("%s: cond = \"%s\"\n", name, expr); +- if (!eval_condition(expr, &resetok, &before)) +- { +- expand_string_message = string_sprintf("comparison in sort: %s", +- expr); +- goto EXPAND_FAILED; +- } ++ /* String-comparator names start with a letter; numeric names do not */ + +- if (before) ++ if (sortsbefore(cond_type, isalpha(opname[0]), ++ srcfield, dstfield)) + { + /* New-item sorts before this dst-item. Append new-item, + then dst-item, then remainder of dst list. */ diff --cc debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch index 7494dd0,0000000..38ba939 mode 100644,000000..100644 --- a/debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch +++ b/debian/patches/78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch @@@ -1,39 -1,0 +1,50 @@@ +From 2600301ba6dbac5c9d640c87007a07ee6dcea1f4 Mon Sep 17 00:00:00 2001 +From: "Heiko Schlittermann (HS12-RIPE)" +Date: Mon, 19 Aug 2019 14:45:48 +0200 +Subject: [PATCH] string.c: do not interpret '\\' before '\0' (CVE-2019-15846) + + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -4,6 +4,11 @@ This document describes *changes* to pre + affect Exim's operation, with an unchanged configuration file. For new + options, and new features, see the NewStuff file next to this ChangeLog. + ++Exim version 4.92.2 ++------------------- ++ ++HS/01 Handle trailing backslash gracefully. (CVE-2019-15846) ++ + - Exim version 4.89 - ----------------- ++ Since version 4.92 ++ ------------------ +--- a/src/string.c ++++ b/src/string.c - @@ -220,6 +220,8 @@ interpreted in strings. ++@@ -224,6 +224,8 @@ interpreted in strings. + Arguments: + pp points a pointer to the initiating "\" in the string; + the pointer gets updated to point to the final character ++ If the backslash is the last character in the string, it ++ is not interpreted. + Returns: the value of the character escape + */ + - @@ -232,6 +234,7 @@ const uschar *hex_digits= CUS"0123456789 ++@@ -236,6 +238,7 @@ const uschar *hex_digits= CUS"0123456789 + int ch; + const uschar *p = *pp; + ch = *(++p); ++if (ch == '\0') return **pp; + if (isdigit(ch) && ch != '8' && ch != '9') + { + ch -= '0'; ++@@ -1210,8 +1213,8 @@ memcpy(g->s + p, s, count); ++ g->ptr = p + count; ++ return g; ++ } ++- ++- +++ +++ ++ gstring * ++ string_cat(gstring *string, const uschar *s) ++ { diff --cc debian/patches/78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch index 0000000,0000000..6c27517 new file mode 100644 --- /dev/null +++ b/debian/patches/78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch @@@ -1,0 -1,0 +1,36 @@@ ++From 478effbfd9c3cc5a627fc671d4bf94d13670d65f Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Fri, 27 Sep 2019 12:21:49 +0100 ++Subject: [PATCH] Fix buffer overflow in string_vformat. Bug 2449 ++ ++--- ++ src/string.c | 4 ++-- ++ test/scripts/0000-Basic/0214 | 11 +++++++++++ ++ test/stdout/0214 | 7 +++++++ ++ 3 files changed, 20 insertions(+), 2 deletions(-) ++ ++diff --git a/src/string.c b/src/string.c ++index c6549bf93..3445f8a42 100644 ++--- a/src/string.c +++++ b/src/string.c ++@@ -1132,7 +1132,7 @@ store_reset(g->s + (g->size = g->ptr + 1)); ++ Arguments: ++ g the growable-string ++ p current end of data ++- count amount to grow by +++ count amount to grow by, offset from p ++ */ ++ ++ static void ++@@ -1590,7 +1590,7 @@ while (*fp) ++ } ++ else if (g->ptr >= lim - width) ++ { ++- gstring_grow(g, g->ptr, width - (lim - g->ptr)); +++ gstring_grow(g, g->ptr, width); ++ lim = g->size - 1; ++ gp = CS g->s + g->ptr; ++ } ++-- ++2.23.0 ++ diff --cc debian/patches/90_localscan_dlopen.dpatch index 1e83b92,0000000..ce71bae mode 100644,000000..100644 --- a/debian/patches/90_localscan_dlopen.dpatch +++ b/debian/patches/90_localscan_dlopen.dpatch @@@ -1,283 -1,0 +1,281 @@@ - ## 50_localscan_dlopen.dpatch by Marc MERLIN - - - Description: Allow to use and switch between different local_scan functions ++Description: Allow one to use and switch between different local_scan functions + without recompiling exim. + http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from + David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc + MERLIN for SA-Exim and minor/major API version tracking +Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN +Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/ +Forwarded: no - Last-Update: 2014-12-01 ++Last-Update: 2018-12-12 + +--- a/src/EDITME ++++ b/src/EDITME - @@ -785,6 +785,21 @@ HEADERS_CHARSET="ISO-8859-1" ++@@ -824,6 +824,21 @@ HEADERS_CHARSET="ISO-8859-1" + + + #------------------------------------------------------------------------------ ++# On systems which support dynamic loading of shared libraries, Exim can ++# load a local_scan function specified in its config file instead of having ++# to be recompiled with the desired local_scan function. For a full ++# description of the API to this function, see the Exim specification. ++ ++DLOPEN_LOCAL_SCAN=yes ++ ++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the ++# linker flags. Without it, the loaded .so won't be able to access any ++# functions from exim. ++ ++LDFLAGS += -rdynamic ++CFLAGS += -fvisibility=hidden ++ ++#------------------------------------------------------------------------------ + # The default distribution of Exim contains only the plain text form of the + # documentation. Other forms are available separately. If you want to install + # the documentation in "info" format, first fetch the Texinfo documentation +--- a/src/config.h.defaults ++++ b/src/config.h.defaults - @@ -28,6 +28,8 @@ it's a default value. */ ++@@ -32,6 +32,8 @@ Do not put spaces between # and the 'def + + #define AUTH_VARS 3 + ++#define DLOPEN_LOCAL_SCAN ++ + #define BIN_DIRECTORY + + #define CONFIGURE_FILE +--- a/src/globals.c ++++ b/src/globals.c - @@ -140,6 +140,10 @@ int dsn_ret = 0; ++@@ -141,6 +141,10 @@ int dsn_ret = 0; + const pcre *regex_DSN = NULL; + uschar *dsn_advertise_hosts = NULL; + ++#ifdef DLOPEN_LOCAL_SCAN ++uschar *local_scan_path = NULL; ++#endif ++ + #ifdef SUPPORT_TLS + BOOL gnutls_compat_mode = FALSE; + BOOL gnutls_allow_auto_pkcs11 = FALSE; +--- a/src/globals.h ++++ b/src/globals.h - @@ -133,6 +133,9 @@ extern int dsn_ret; / ++@@ -138,6 +138,9 @@ extern int dsn_ret; / + extern const pcre *regex_DSN; /* For recognizing DSN settings */ + extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ + ++#ifdef DLOPEN_LOCAL_SCAN ++extern uschar *local_scan_path; /* Path to local_scan() library */ ++#endif + /* Input-reading functions for messages, so we can use special ones for + incoming TCP/IP. */ + +--- a/src/local_scan.c ++++ b/src/local_scan.c - @@ -5,60 +5,131 @@ ++@@ -5,61 +5,131 @@ + /* Copyright (c) University of Cambridge 1995 - 2009 */ + /* See the file NOTICE for conditions of use and distribution. */ + ++#include "exim.h" + +-/****************************************************************************** +-This file contains a template local_scan() function that just returns ACCEPT. +-If you want to implement your own version, you should copy this file to, say +-Local/local_scan.c, and edit the copy. To use your version instead of the +-default, you must set +- ++-HAVE_LOCAL_SCAN=yes +-LOCAL_SCAN_SOURCE=Local/local_scan.c +- +-in your Local/Makefile. This makes it easy to copy your version for use with +-subsequent Exim releases. +- +-For a full description of the API to this function, see the Exim specification. +-******************************************************************************/ +- +- +-/* This is the only Exim header that you should include. The effect of +-including any other Exim header is not defined, and may change from release to +-release. Use only the documented interface! */ +- +-#include "local_scan.h" +- +- +-/* This is a "do-nothing" version of a local_scan() function. The arguments +-are: +- +- fd The file descriptor of the open -D file, which contains the +- body of the message. The file is open for reading and +- writing, but modifying it is dangerous and not recommended. +- +- return_text A pointer to an unsigned char* variable which you can set in +- order to return a text string. It is initialized to NULL. +- +-The return values of this function are: +- +- LOCAL_SCAN_ACCEPT +- The message is to be accepted. The return_text argument is +- saved in $local_scan_data. +- +- LOCAL_SCAN_REJECT +- The message is to be rejected. The returned text is used +- in the rejection message. +- +- LOCAL_SCAN_TEMPREJECT +- This specifies a temporary rejection. The returned text +- is used in the rejection message. +-*/ ++#ifdef DLOPEN_LOCAL_SCAN ++#include ++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; ++static int load_local_scan_library(void); ++#endif + + int + local_scan(int fd, uschar **return_text) + { + fd = fd; /* Keep picky compilers happy */ + return_text = return_text; +-return LOCAL_SCAN_ACCEPT; ++#ifdef DLOPEN_LOCAL_SCAN ++/* local_scan_path is defined AND not the empty string */ ++if (local_scan_path && *local_scan_path) ++ { ++ if (!local_scan_fn) ++ { ++ if (!load_local_scan_library()) ++ { ++ char *base_msg , *error_msg , *final_msg ; ++ int final_length = -1 ; ++ ++ base_msg=US"Local configuration error - local_scan() library failure\n"; ++ error_msg = dlerror() ; ++ ++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ; ++ final_msg = (char*)malloc( final_length*sizeof(char) ) ; ++ *final_msg = '\0' ; ++ ++ strcat( final_msg , base_msg ) ; ++ strcat( final_msg , error_msg ) ; ++ ++ *return_text = final_msg ; ++ return LOCAL_SCAN_TEMPREJECT; ++ } ++ } ++ return local_scan_fn(fd, return_text); ++ } ++else ++#endif ++ return LOCAL_SCAN_ACCEPT; ++} ++ ++#ifdef DLOPEN_LOCAL_SCAN ++ ++static int load_local_scan_library(void) ++{ ++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */ ++void *local_scan_lib = NULL; ++int (*local_scan_version_fn)(void); ++int vers_maj; ++int vers_min; ++ ++local_scan_lib = dlopen(local_scan_path, RTLD_NOW); ++if (!local_scan_lib) ++ { ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - " ++ "message temporarily rejected"); ++ return FALSE; ++ } ++ ++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major"); ++if (!local_scan_version_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan_version_major() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++/* The major number is increased when the ABI is changed in a non ++ backward compatible way. */ ++vers_maj = local_scan_version_fn(); ++ ++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor"); ++if (!local_scan_version_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan_version_minor() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++/* The minor number is increased each time a new feature is added (in a ++ way that doesn't break backward compatibility) -- Marc */ ++vers_min = local_scan_version_fn(); ++ ++ ++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR) ++ { ++ dlclose(local_scan_lib); ++ local_scan_lib = NULL; ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major" ++ "version number, you need to recompile your module for this version" ++ "of exim (The module was compiled for version %d.%d and this exim provides" ++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, ++ LOCAL_SCAN_ABI_VERSION_MINOR); ++ return FALSE; ++ } ++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR) ++ { ++ dlclose(local_scan_lib); ++ local_scan_lib = NULL; ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor" ++ "version number, you need to recompile your module for this version" ++ "of exim (The module was compiled for version %d.%d and this exim provides" ++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, ++ LOCAL_SCAN_ABI_VERSION_MINOR); ++ return FALSE; ++ } ++ ++local_scan_fn = dlsym(local_scan_lib, "local_scan"); ++if (!local_scan_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++return TRUE; + } + ++#endif /* DLOPEN_LOCAL_SCAN */ ++ + /* End of local_scan.c */ +--- a/src/local_scan.h ++++ b/src/local_scan.h +@@ -17,6 +17,7 @@ settings, and the store functions. */ + + #include + #include ++#pragma GCC visibility push(default) + #include "config.h" + #include "mytypes.h" + #include "store.h" +@@ -192,4 +193,6 @@ extern uschar *string_copy(const uschar + extern uschar *string_copyn(const uschar *, int); + extern uschar *string_sprintf(const char *, ...) ALMOST_PRINTF(1,2); + ++#pragma GCC visibility pop ++ + /* End of local_scan.h */ +--- a/src/readconf.c ++++ b/src/readconf.c - @@ -313,6 +313,9 @@ static optionlist optionlist_config[] = ++@@ -199,6 +199,9 @@ static optionlist optionlist_config[] = + { "local_from_prefix", opt_stringptr, &local_from_prefix }, + { "local_from_suffix", opt_stringptr, &local_from_suffix }, + { "local_interfaces", opt_stringptr, &local_interfaces }, ++#ifdef DLOPEN_LOCAL_SCAN ++ { "local_scan_path", opt_stringptr, &local_scan_path }, ++#endif ++ #ifdef HAVE_LOCAL_SCAN + { "local_scan_timeout", opt_time, &local_scan_timeout }, - { "local_sender_retain", opt_bool, &local_sender_retain }, - { "localhost_number", opt_stringptr, &host_number_string }, ++ #endif diff --cc debian/patches/series index e4829bd,0000000..2e2816b mode 100644,000000..100644 --- a/debian/patches/series +++ b/debian/patches/series @@@ -1,18 -1,0 +1,27 @@@ +31_eximmanpage.dpatch +32_exim4.dpatch +33_eximon.binary.dpatch +34_eximstatsmanpage.dpatch +35_install.dpatch - 40_reproducible_build.diff - 50_localscan_dlopen.dpatch +60_convert4r4.dpatch +67_unnecessaryCopt.diff +70_remove_exim-users_references.dpatch - 78_Disable-chunking-BDAT-by-default.patch - 79_CVE-2017-1000369.patch - 80_Avoid-release-of-store-if-there-have-been-later-allo.patch - 81_Chunking-do-not-treat-the-first-lonely-dot-special.-.patch - 82_Fix-base64d-buffer-size-CVE-2018-6789.patch - 83_qsa-2019-exim4.patch - 84_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch - 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch ++75_01-Fix-json-extract-operator-for-unfound-case.patch ++75_02-Fix-transport-buffer-size-handling.patch ++75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch ++75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch ++75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch ++75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch ++75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch ++75_08-Logging-fix-initial-listening-on-log-line.patch ++75_09-OpenSSL-Fix-aggregation-of-messages.patch ++75_10-Harden-plaintext-authenticator.patch ++75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch ++75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch ++75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch ++75_14-Fix-smtp-response-timeout.patch ++75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch ++77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch ++78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch ++78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch ++90_localscan_dlopen.dpatch diff --cc debian/rules index 8feb3cd,0000000..930a22c mode 100755,000000..100755 --- a/debian/rules +++ b/debian/rules @@@ -1,452 -1,0 +1,297 @@@ +#!/usr/bin/make -f +# debian/rules for exim4 +# This file is public domain software, originally written by Joey Hess. +# - # Uncomment this to turn on verbose mode. ++# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +buildname := $(shell scripts/os-type)-$(shell scripts/arch-type) +DEBIAN := $(shell pwd)/debian + - ifeq ($(wildcard /usr/share/dpkg/buildflags.mk),) - CFLAGS := -g - ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 - else - CFLAGS += -O2 - endif - else - export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie - DPKG_EXPORT_BUILDFLAGS := 1 ++export DEB_BUILD_MAINT_OPTIONS := hardening=+all +include /usr/share/dpkg/buildflags.mk - endif ++include /usr/share/dpkg/pkg-info.mk ++# SOURCE_DATE_EPOCH is exported by pkg-info.mk since dpkg 1.18.8/July 2016 ++# fall back to current date otherwise. ++SOURCE_DATE_EPOCH ?= $(shell date '+%s') ++ + +# The build system ignores CPPFLAGS, append them to CFLAGS - CFLAGS := $(CFLAGS) $(shell getconf LFS_CFLAGS) -D_LARGEFILE_SOURCE -fno-strict-aliasing -Wall $(CPPFLAGS) ++CFLAGS += $(shell getconf LFS_CFLAGS) -D_LARGEFILE_SOURCE \ ++ -fno-strict-aliasing -Wall $(CPPFLAGS) +export CFLAGS +# LFLAGS is used where GNU would use LDFLAGS - export LFLAGS += $(LDFLAGS) ++export LFLAGS = $(LDFLAGS) + +LC_ALL=C +export LC_ALL + - # Which packages should we build? - ifndef buildbasepackages - buildbasepackages=yes - endif - - ifndef extradaemonpackages - extradaemonpackages=exim4-daemon-heavy - endif +# If you want to build a daemon with a configuration tailored to YOUR special - # needs, uncomment the two custom packages in debian/control - # call "fakeroot debian/rules unpack-configs", copy EDITME.exim4-light - # to EDITME.exim4-custom and modify it. Please note that you _need_ to - # modify EDITME.exim4-custom or your build will fail due to #386188. ++# needs, uncomment the exim4-daemon-custom package in debian/control, ++# call "debian/rules unpack-configs", copy EDITME.exim4-light to ++# EDITME.exim4-custom and modify it, then call "debian/rules pack-configs". ++# ++# Afterwards EITHER uncomment the customdaemon definition below, or set it ++# to the desired value via the environment. ++# e.g run: ++# env customdaemon=exim4-daemon-custom dpkg-buildpackage -uc -us +# +# If you want to create multiple custom packages with different names, use +# the script debian/create-custom-package [suffix]. - # - # Afterwards EITHER change the definition of extradaemonpackages above OR - # simply set extradaemonpackages to the desired value via the environment. - - # If you want your changes to survive a debian/rules clean, call - # "fakeroot debian/rules pack-configs" after customizing EDITME.exim4-custom - - # If you remove exim4-daemon-light from basedaemonpackages to prevent - # exim4-daemon-light from being built, you need to modify the build - # process to pull the helper binaries from the daemon package that you - # actually build. If you simply remove exim4-daemon-light here, you will - # end up with exim4-base sans binaries, which is most probably not what - # you intend to have. - # - # combined[ai]dbgpackage has a list of packages whose debug information - # goes into the combined debug package exim4-dbg, separated as arch - # independent and arch dependent list. - # extraadbgpackage has a list of packages whose debug information - # goes into one debug package foo-dbg per package. This is currently - # only implemented and needed for arch dependent packages. - - ifeq ($(buildbasepackages),yes) - basedaemonpackages=exim4-daemon-light - combinedadbgpackage=exim4-base eximon4 - exim4dbg=exim4-dbg - dhstripparm=--dbg-package=$(exim4dbg) - exim4dev=exim4-dev - extraadbgpackage=$(basedaemonpackages) $(extradaemonpackages) - else - basedaemonpackages= - combinedadbgpackage= - exim4dbg= - dhstripparm= - exim4dev= - extraadbgpackage=$(extradaemonpackages) - endif ++ ++# customdaemon = exim4-daemon-custom ++daemons = exim4-daemon-light exim4-daemon-heavy $(customdaemon) + +# If you want to build with OpenSSL instead of GnuTLS, uncomment this +# OPENSSL:=1 +# Please note that building exim4-daemon-heavy with OpenSSL is a GPL +# violation. + - - # list of all arch dependent packages to be built - buildpackages=$(combinedadbgpackage) $(extraadbgpackage) $(addsuffix -dbg,$(extraadbgpackage)) $(exim4dbg) $(exim4dev) - # generate -pexim4-base -peximon4 ... commandline for debhelper - dhbuildpackages=$(addprefix -p,$(buildpackages)) - dhcombinedadbgpackage=$(addprefix -p,$(combinedadbgpackage)) - - # exim4-daemon-heavy --> b-exim4-daemon-heavy/build-Linux-x86_64/exim - daemonbinaries=$(addprefix b-,$(addsuffix /build-$(buildname)/exim,$(extradaemonpackages))) - debiandaemonbinaries=$(addprefix $(DEBIAN)/,$(addsuffix /usr/sbin/exim4,$(extradaemonpackages))) - BDIRS=$(addprefix b-,$(extradaemonpackages) $(basedaemonpackages)) - - - # get upstream-version from debian/changelog, i.e. anything until the first - - DEBVERSION := $(shell dpkg-parsechangelog | sed -n '/^Version: /s/^Version: //p') - UPSTREAMVERSION := $(shell echo $(DEBVERSION) | sed -n 's/\(.\+\)-[^-]\+/\1/p') - DEBTIME := $(shell dpkg-parsechangelog --show-field Date) - REPBUILDDATE := \ - $(shell env LC_ALL=C TZ=UTC date --date="$(DEBTIME)" '+%b %e %Y') - REPBUILDTIME := \ - $(shell env LC_ALL=C TZ=UTC date --date="$(DEBTIME)" '+%H:%M:%S') - +PROVIDE_DEFAULT_MTA := $(shell if dpkg-vendor --is Ubuntu || \ + dpkg-vendor --derives-from Ubuntu ; then : ; else \ + echo "default-mta" ; fi) +# for reproducible build. If set exim would use $TZ as default value for +# TIMEZONE_DEFAULT +undefine TZ +unexport TZ + + - # set up build directory b-exim4-daemon-heavy/ - $(addsuffix /Makefile,$(BDIRS)): %/Makefile: - mkdir $* - find . -mindepth 1 -maxdepth 1 \ - -name debian -prune -o \ - -name 'b-*' -o -print0 | \ - xargs --no-run-if-empty --null \ - cp -a --target-directory=$* - printf '#define REPBUILDDATE "$(REPBUILDDATE)"\n' \ - > $*/src/repbuildtime.h && \ - printf '#define REPBUILDTIME "$(REPBUILDTIME)"\n' \ - >> $*/src/repbuildtime.h - - +unpack-configs: unpack-configs-stamp ++ +unpack-configs-stamp: src/EDITME exim_monitor/EDITME + patch -o EDITME.eximon exim_monitor/EDITME \ + $(DEBIAN)/EDITME.eximon.diff + patch -o EDITME.exim4-light src/EDITME \ + $(DEBIAN)/EDITME.exim4-light.diff +ifdef OPENSSL + patch EDITME.exim4-light $(DEBIAN)/EDITME.openssl.exim4-light.diff +endif + for editme in $(DEBIAN)/EDITME.exim4-*.diff; do \ + if [ "$$editme" != "$(DEBIAN)/EDITME.exim4-light.diff" ]; then \ + TARGETNAME=`basename $$editme .diff`; \ + echo patch -o $$TARGETNAME EDITME.exim4-light $$editme; \ + patch -o $$TARGETNAME EDITME.exim4-light $$editme || \ + exit $$? ;\ + fi; \ + done + touch unpack-configs-stamp + +pack-configs: + -diff -u src/EDITME EDITME.exim4-light \ + > $(DEBIAN)/EDITME.exim4-light.diff + -for editme in EDITME.exim4-*; do \ + if [ "$$editme" != "EDITME.exim4-light" ]; then \ + echo diff -u EDITME.exim4-light $$editme; \ + diff -u EDITME.exim4-light $$editme > $(DEBIAN)/$${editme}.diff; \ + fi; \ + done + -diff -u exim_monitor/EDITME EDITME.eximon \ + > $(DEBIAN)/EDITME.eximon.diff + - # only called manually by maintainer before upload. - update-mtaconflicts: - which grep-available > /dev/null && \ - grep-available --show-field=Package --field=Provides \ - mail-transport-agent --no-field-names \ - /var/lib/apt/lists/*Packages | grep -v exim | sort -u | \ - tr '\n' ',' | sed -e 's/,/, /g;s/, $$//' > $(DEBIAN)/mtalist - - # Generate README.Debian as text/html ... - debian/README.Debian.html: debian/README.Debian.xml - xsltproc --nonet --stringparam section.autolabel 1 \ - -o $@ \ - /usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl \ - $< - # ... and text/plain - debian/README.Debian: debian/README.Debian.html - chmod 755 $(DEBIAN)/lynx-dump-postprocess - lynx -force_html -dump $< | $(DEBIAN)/lynx-dump-postprocess > $@.tmp - mv $@.tmp $@ - - configure: configure-stamp - - configure-stamp: $(addsuffix /Makefile,$(BDIRS)) unpack-configs-stamp - dh_testdir - # Add here commands to configure the package. - touch $@ - - # Build binaries for the base package, the eximon4 package, and the - # exim4-daemon-light package. - b-exim4-daemon-light/build-$(buildname)/exim: b-exim4-daemon-light/Makefile configure-stamp - @echo build $(\ninstdbversionis DB_VERSION_MAJOR DB_VERSION_MINOR\n' | \ + cpp -P | grep instdbversionis |\ + sed -e 's/[[:space:]]*instdbversionis[[:space:]]//' \ + -e 's/[[:space:]][[:space:]]*/./' \ + -e 's_^_s/^BDBVERSION=.*/BDBVERSION=_' \ + -e 's_$$_/_' \ + > $(DEBIAN)/berkeleydb.sed + # Store Berkeley DB version in postinst script. + sed -i -f $(DEBIAN)/berkeleydb.sed \ + $(DEBIAN)/exim4-base.postinst - touch build-arch-stamp - - test-stamp: build-arch-stamp - # it is not possible to run exim unless the compile-time specified - # user exists. - if id -u Debian-exim ; then \ - echo Debian-exim user found, running minimal testsuite ; \ - chmod +x debian/minimaltest ; \ - rm -rf $(CURDIR)/test ; \ - for i in b-exim4-daemon-light/build-$(buildname)/exim \ - $(daemonbinaries) ;\ - do mkdir $(CURDIR)/test && \ - debian/minimaltest $(CURDIR)/test $$i || \ - { echo testsuite error ; exit 1 ; } ; \ - rm -rf $(CURDIR)/test ; \ - done \ - fi - touch $@ - - build: build-arch build-indep - - clean: cleanfiles - - cleanfiles: - dh_testdir - dh_testroot - - debconf-updatepo - - rm -f build-stamp configure-stamp installbase-stamp test-stamp - - # Add here commands to clean up after the build process. - [ ! -f Makefile ] || $(MAKE) distclean - -rm -rf build-* doc/tmp test/ - -rm -f EDITME.* unpack-configs-stamp - -rm -f $(DEBIAN)/debconf/exim4.conf.template $(DEBIAN)/files \ - $(DEBIAN)/README.Debian $(DEBIAN)/README.Debian.html \ - $(DEBIAN)/berkeleydb.sed - - #these are identical for all daemon-* and therefore symlinked - @cd $(DEBIAN) && find . -maxdepth 1 \ - -regex '^\./exim4-daemon-.*\.\(postinst\|prerm\)$$' \ - -and -not -name 'exim4-daemon-light.*' -print0 \ - | xargs -0r rm -v - - #pwd - chmod 755 $(DEBIAN)/exim-gencert \ - $(DEBIAN)/lynx-dump-postprocess $(DEBIAN)/script \ - $(DEBIAN)/exim-adduser $(DEBIAN)/exim4_refresh_gnutls-params - dh_clean - rm -rf $(BDIRS) - - installbase-stamp: b-exim4-daemon-light/build-$(buildname)/exim debian/README.Debian debian/README.Debian.html - dh_testdir - dh_testroot - dh_prep - dh_installdirs ++ # symlink identical maintainerscripts ++ for i in `echo $(daemons) | sed -e s/exim4-daemon-light//` ; do \ ++ ln -sfv exim4-daemon-light.prerm \ ++ "$(DEBIAN)/$$i.prerm" ; \ ++ ln -sfv exim4-daemon-light.postinst \ ++ "$(DEBIAN)/$$i.postinst" ; \ ++ done + ++override_dh_auto_install-arch: debian/README.Debian + cd b-exim4-daemon-light && \ + $(MAKE) install FULLECHO='' \ + INSTALL_ARG=-no_symlink \ + inst_conf=$(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf \ + inst_aliases=$(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/aliases \ + inst_dest=$(DEBIAN)/exim4-base/usr/sbin + if [ -e "$(DEBIAN)/example.conf.md5" ] && [ "$$(< $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum)" != "$$(cat $(DEBIAN)/example.conf.md5)" ] ; then \ + echo "upstream example configuration has changed, new md5sum:"; \ + < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum; \ + echo "aborting build."; \ + exit 1; \ + fi + < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum > $(DEBIAN)/example.conf.md5 + sed -e 's,/[a-zA-Z/0-9.-]*exim4-base/examples/,/etc/,' \ + < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf \ + > $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf.tmp + mv $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf.tmp \ + $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf + install -m755 b-exim4-daemon-light/build-$(buildname)/convert4r4 \ + $(DEBIAN)/exim4-base/usr/sbin/exim_convert4r4 + install -m755 \ + b-exim4-daemon-light/build-$(buildname)/transport-filter.pl \ + b-exim4-daemon-light/util/ratelimit.pl \ + $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples - mv $(DEBIAN)/exim4-base/usr/sbin/exim \ - $(DEBIAN)/exim4-daemon-light/usr/sbin/exim4 - # fix permissions of /usr/sbin/exim4 if running with restrictive umask, - # dh_fixperms sanitizes anything else - chmod 4755 $(DEBIAN)/exim4-daemon-light/usr/sbin/exim4 ++ rm $(DEBIAN)/exim4-base/usr/sbin/exim + mv $(DEBIAN)/exim4-base/usr/sbin/eximon \ + $(DEBIAN)/eximon4/usr/sbin + mv $(DEBIAN)/exim4-base/usr/sbin/eximon.bin \ + $(DEBIAN)/eximon4/usr/lib/exim4 + pod2man --center=EXIM4 --section=8 \ + $(DEBIAN)/exim4-base/usr/sbin/exipick \ + $(DEBIAN)/exim4-base/usr/share/man/man8/exipick.8 + pod2man --center=EXIM4 --section=8 \ + $(DEBIAN)/exim4-base/usr/sbin/eximstats \ + $(DEBIAN)/exim4-base/usr/share/man/man8/eximstats.8 + install -m755 $(DEBIAN)/syslog2eximlog $(DEBIAN)/exim4-base/usr/sbin/ + pod2man --center=EXIM4 --section=8 \ + $(DEBIAN)/syslog2eximlog \ + $(DEBIAN)/exim4-base/usr/share/man/man8/syslog2eximlog.8 ++ for i in b-exim4-daemon-*/build-$(buildname)/exim ; do \ ++ install -m4755 -oroot -groot $$i \ ++ $(DEBIAN)/`echo $$i | sed -e 's/^b-//' -e 's_/.*__'`/usr/sbin/exim4 ; \ ++ done ++ ++override_dh_auto_install-indep: debian/README.Debian + # if you change anything here, you will have to change + # config-custom/debian/rules as well + sed -e \ - "s/^UPEX4C_version=\"\"/UPEX4C_version=\"$(DEBVERSION)\"/" \ ++ "s/^UPEX4C_version=\"\"/UPEX4C_version=\"$(DEB_VERSION)\"/" \ + < $(DEBIAN)/debconf/update-exim4.conf \ + > $(DEBIAN)/exim4-config/usr/sbin/update-exim4.conf + chmod 755 $(DEBIAN)/exim4-config/usr/sbin/update-exim4.conf + install -m 755 $(DEBIAN)/update-exim4defaults \ + $(DEBIAN)/exim4-config/usr/sbin + + cd $(DEBIAN)/debconf/conf.d && \ + tar cf - `find \( -path '*/.svn/*' -prune \) -or \ + \( -type f -print \)` | \ + { cd $(DEBIAN)/exim4-config/etc/exim4/conf.d/ && \ + tar xf - ; } + + install -m644 $(DEBIAN)/email-addresses $(DEBIAN)/exim4-config/etc/ + install -m640 -oroot -groot $(DEBIAN)/passwd.client \ + $(DEBIAN)/exim4-config/etc/exim4/ + chmod 755 $(DEBIAN)/debconf/update-exim4.conf.template + env CONFDIR=$(DEBIAN)/debconf \ + $(DEBIAN)/debconf/update-exim4.conf.template --nobackup --run - touch $@ + ++# only called manually by maintainer before upload. ++update-mtaconflicts: ++ which grep-aptavail > /dev/null && \ ++ grep-aptavail --show-field=Package --field=Provides \ ++ mail-transport-agent --no-field-names \ ++ | grep -v exim | sort -u | \ ++ tr '\n' ',' | sed -e 's/,/, /g;s/, $$//' > $(DEBIAN)/mtalist + - # This dependency expands to - # debian/exim4-daemon-heavy/usr/sbin/exim4: b-exim4-daemon-heavy/build-Linux-x86_64/exim - $(debiandaemonbinaries): $(DEBIAN)/%/usr/sbin/exim4: b-%/build-$(buildname)/exim - dh_testdir - dh_testroot - dh_installdirs - install -m4755 -oroot -groot $< $@ - ++# Generate README.Debian as text/html ... ++debian/README.Debian.html: debian/README.Debian.xml ++ xsltproc --nonet --stringparam section.autolabel 1 \ ++ -o $@ \ ++ /usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl \ ++ $< ++# ... and text/plain ++debian/README.Debian: debian/README.Debian.html ++ chmod 755 $(DEBIAN)/lynx-dump-postprocess ++ lynx -force_html -dump $< | $(DEBIAN)/lynx-dump-postprocess > $@.tmp ++ mv $@.tmp $@ + - ifeq ($(buildbasepackages),yes) - install=installbase-stamp $(debiandaemonbinaries) - else - install=$(debiandaemonbinaries) ++override_dh_auto_test: ++ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) ++ # it is not possible to run exim unless the compile-time specified ++ # user exists. ++ if id -u Debian-exim ; then \ ++ echo Debian-exim user found, running minimal testsuite ; \ ++ chmod +x debian/minimaltest ; \ ++ rm -rf $(CURDIR)/test ; \ ++ for i in b-exim4-daemon*/build-$(buildname)/exim ;\ ++ do mkdir $(CURDIR)/test && \ ++ debian/minimaltest $(CURDIR)/test $$i || \ ++ { echo testsuite error ; exit 1 ; } ; \ ++ rm -rf $(CURDIR)/test ; \ ++ done \ ++ fi +endif + ++override_dh_auto_clean: ++ debconf-updatepo ++ ++ -rm -rf build-* doc/tmp test/ b-exim* ++ -rm -f EDITME.* unpack-configs-stamp bdir-stamp ++ -rm -f $(DEBIAN)/debconf/exim4.conf.template $(DEBIAN)/files \ ++ $(DEBIAN)/README.Debian $(DEBIAN)/README.Debian.html \ ++ $(DEBIAN)/berkeleydb.sed ++ ++ #these are identical for all daemon-* and therefore symlinked ++ @cd $(DEBIAN) && find . -maxdepth 1 \ ++ -regex '^\./exim4-daemon-.*\.\(postinst\|prerm\)$$' \ ++ -and -not -name 'exim4-daemon-light.*' -delete ++ #pwd ++ chmod 755 $(DEBIAN)/exim-gencert \ ++ $(DEBIAN)/lynx-dump-postprocess $(DEBIAN)/script \ ++ $(DEBIAN)/exim-adduser $(DEBIAN)/exim4_refresh_gnutls-params ++ +override_dh_installchangelogs: + dh_installchangelogs -pexim4-base doc/ChangeLog + dh_installchangelogs --no-package=exim4-base \ + -XCHANGES -Xdoc/ChangeLog + +override_dh_installppp: + dh_installppp --name=exim4 + - override_dh_strip-arch: - dh_strip $(dhcombinedadbgpackage) $(dhstripparm) - for pkg in $(extraadbgpackage); do \ - dh_strip -p$$pkg --dbg-package=$${pkg}-dbg; \ - done - +override_dh_fixperms: + dh_fixperms -X/etc/exim4/passwd.client -Xusr/sbin/exim4 + +override_dh_gencontrol: + dh_gencontrol -- \ - -VUpstream-Version=$(UPSTREAMVERSION) \ ++ -VUpstream-Version=$(DEB_VERSION_EPOCH_UPSTREAM) \ + -VMTA-Conflicts="$(shell cat $(DEBIAN)/mtalist)" \ + -Vdist:Provides:exim4-daemon-light="$(PROVIDE_DEFAULT_MTA)" + +override_dh_installlogrotate: + dh_installlogrotate + dh_installlogrotate --name=exim4-paniclog + +override_dh_installinit: + dh_installinit --noscripts --name=exim4 + +override_dh_install: + # install config.h from daemon package, but not from exim4-daemon-light + dh_install -p exim4-dev \ + $(shell ls -1 b-exim4-daemon-*/build-$(buildname)/config.h | grep -v ^b-exim4-daemon-light/) \ + usr/include/exim4 + dh_install + +override_dh_link: + rm -rf debian/exim4/usr/share/doc/exim4 + dh_link + - override_dh_auto_install: - # disabled - - # Build architecture-independent files here. - # this is just exim4-config and exim4. - binary-indep: build $(install) - ifeq ($(buildbasepackages),yes) - dh binary-indep - endif - - # Build architecture-dependent files here. - binary-arch: build $(install) - # symlink identical maintainerscripts - @for i in $(extradaemonpackages) ; do \ - ln -sfv exim4-daemon-light.prerm \ - "$(DEBIAN)/$$i.prerm" ; \ - ln -sfv exim4-daemon-light.postinst \ - "$(DEBIAN)/$$i.postinst" ; \ - done - dh binary-arch ++%: ++ dh $@ --no-parallel + - binary: binary-arch binary-indep - .PHONY: build clean binary-indep binary-arch binary install ++.PHONY: pack-configs unpack-configs update-mtaconflicts diff --cc debian/upstream/signing-key.asc index 29e2e56,0000000..3e9ac90 mode 100644,000000..100644 --- a/debian/upstream/signing-key.asc +++ b/debian/upstream/signing-key.asc @@@ -1,777 -1,0 +1,838 @@@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + - mQGiBEIV3d4RBADiY+ImtiuxCxe4ImIWZd6IetWIZaAjxLQliWrRHK7CdA6ANYAA - OWwk6uMucPSjP2RUYXehDdVAb2i5AG3kGb/SNZ08x2eaeAtALAvRw3SxPW5/Ch4g - bNB8VBCyyZlPsmS1epbaOags+1oD41FopdvfIQrtoD4I0d/ndG64wkDh2wCgiXdE - QZzYknZgf4HA9DZHhizNnx0EAMBDVTpIq7xaYlK4dot4xNcWNJg4UX27a62lEKvV - sDf1tH1qB4ujZy1ht83oXURpNk7uDf718kwaLGoSwW6qOx9iI46XoOtoxSH+6J8A - oKtBNhCl03x10E8MK1fANe9WLdxARxgZxnPo9QOSTNO4PYR1yvrq0ThTKXvMweYT - OJlIBADdTquCiM9fgoU3sBsnlmSMpFn27By0Yz4QjR8cLD0F1bZKmWPRAHDdwArS - pOmKNv4tOaNp8WuuLEEJbPEcc6QdPEOH3lVQ/QZHdemYerwMN25i3MYeWAPRg4Sl - dZ648IPWdHA/QYfp5JhlT/9UwwKPvIDTPg10FI5ecPYxcXUT2LQuTmlnZWwgTWV0 - aGVyaW5naGFtIChFeGltIGtleSkgPG5pZ2VsQGV4aW0ub3JnPohkBBMRCgAkAhsD - BgsJCAcDAgMVAgMDFgIBAh4BAheABQJWzue5BQkVsOPbAAoJEIWrgz/dwDJiGmoA - oIfRyEwpzL4v6JB4BzK3TqfH6mVRAJ90M8AfnhzW3KG7l3KYxscnVZdOlbkCDQRC - Fd3nEAgAgeLGF7rot+0cc0hwGFK7h1aGP6r2p+o1arsR/zJystk99UBWqjmKzu+3 - 6ve+H4J28Al4B7Sm75bvnKignppp0ZGP/WXlkGsk6Tt30c7tkK+1izrCFGlxf5j0 - LKrH/cCyZp7tgqRN0ewDoqK6OmEBmSqMgarSTatyYuZy5OKof8EcJEt6nTydPdts - VgRziX71B1pd0t/bdWwLnuQ9gkSJNiwPGBrV53x9uh43ZcpqLl17yfXh/FaUcdlZ - N1GPtXYMr208Hv8fGpPEQVr92OJAblrlGck+aWIoYgX3tqCZDqCYtxcBaXCyRZzu - 7usKJukY1Z6t0qF1U7aWTjeVVeWXhwADBQf/RYK2jTNLnhtCVWqWhFVd0/NTbXIs - QDeZuZXp8xHB+YjxmcbrSTvKrkRqfCvPR5r5SBOwBtq+LHElwp1OcIt2xYIEmuS1 - Jod8+h+ohl9p11XtTp3Rd8selh7AHccFz6BYK1SsHO5ZdrFwlZf+oVxLrQzibFqZ - Ob69T4HUp5Vh5Z9XO+YsVa5a3K1/pfpOJYMP3VgdsBlX/gUxkz9stfNUOIR5caQK - UHfOaCQaQ02fAsmnThQkAmqACTapvqZV9wSHxgvUUbPcw2h3rty14u13J+cJDrE0 - +x1tCDSsPLbq62A1d9GJor8s6GpyYXq1ArZJgBpdq74qOKU5jc1gvMmE8YhOBBgR - AgAPBQJCFd3nAhsMBQkJZgGAAAoJEIWrgz/dwDJiqxIAnAm3NzfRaBtl5XpnCA6n - W2MNAwIgAJds5g802u5CKZDLGE90hHNXgF2kuQENBE1Aj9kBCADfrgx9xrDHoYSU - 3aU8zST2GEoMZypO1fBi3AiInsKakMsVibZpEI8MVM24lZw9jxGfsX70Xr+mYiTI - ZY9GJROG6fHFLKgUYFxYeUA1GtNNilFvBGlXJAYduyKYZMdEVVtUX4b6QpQqmTeY - sgNCznb1HuVpj4Vl6CiirjWhnZ/WhR3L20AMK6422lCw9jZuAK5RbSRJwkgI55rl - zZGpGbBmBIHSCccMB/jg2LRYsVs//D9Qrxtkt8W8fIHCj66L6eNw1gcndpEkyytZ - bifE3khwlRWn/Llpw8NiQiJKUE01TWQusEvd5EHFThE/9bYpUGdMiR0UmpSLkEq3 - zurCcUK1ABEBAAGJAW4EGBECAA8FAk1Aj9kCGwIFCRKtsIABKQkQhauDP93AMmLA - XSAEGQECAAYFAk1Aj9kACgkQA8m6p6iaqTb0Dwf/QiTT/Aj4XdoSVGR4yeXFpQNR - l99dOtUwsP7wtSSeV5jQgEMpRwh8ib702retoWbHQva0FsDxotEatHKvdtkkCUqF - D33jZ+aKkadcXjqnSepXY0m7sG605QN5hE1dXBhPPy5hUfXuAphSq+ma4Q4Vz+Zm - al3etKXL2xIgAIkSX+srng3j09JfOaYdEDXOU5sNEMuDqcqPC/yt0giGFPDBd7xZ - JQER08MyfDoFmwiVGi1Trbzjdnp1Y0q9UF2NpWUMB0q9/CaodwjU7SB4OU9FYst9 - uImVDwI3XqL45ULUCZGhUnuHz15ePb1W5cUUu55M0iuCrjhHqt0e8/c7BrdFuwee - AJ41rUXzNNSj3w/o9T0O7mWd0rh+HQCfSNjhzVUditAzFdNneXLgs9KddFq5AQ0E - TUCP7gEIALzLEYpmJLCDALPKv07Yd4bhyX/st+7Hz3Uj1BjIW/+pCEFf8e+ihZg/ - caWuSL695DddreiIhJlQiso8HsjehDccU51kep4vvTKu2p3zTSSZvIgsTTPAeyqa - L12UCAm4SlkjhEH86Yf7Qyic5cZhkGBCtN/1RVxoEoonRGOJg2jkrvok3Dz1DQ5W - UyS5gRASDnF58EW4HSMiRek2XgN/MEY9GLkXsoaSFWU9X3rW3Mgd4EMpTf+id2eS - Ffp820Ati+1VB6Hte8JOWRhTopSB6FZfpZ322N2iCAX0TkZesfSwfZSTZ/Xc+29B - 3JHDrVbFmCLhJfzv6MqQ04VQZ1VWzUEAEQEAAYhPBBgRAgAPBQJNQI/uAhsMBQkS - rbCAAAoJEIWrgz/dwDJiNIgAoIdWmf17rL5Zmf/EoPtmYngbadnaAJ45YtXrEDCV - 4fuUhLK6EdvHsGGtl5kBogRRHjTKEQQA7Nj/xLjtdH+34XBWzVRupKAEA27d5Ikn - AVtyPK/4aiGZ2mQHPX7qaVOOHHFHVfj+38ENwZG2do87x5oJgaAf/WAqQRp0m81r - 7YZ3DGWZxeDuCYESwZxEkJ9SfOwmQ66NrHuXjjabOoQEoxtQdxcyaGDBWbvpDaXS - 4fG1oKyx1T8AoOGl+25xKVwA5GKU/DLqbBOoyOi7A/914vhUW1bd8TcKk5owI7/q - FoSIjk1/lxxDFX600giri1FrENN+ERg0jaIBFFnkJF4dx6G5xIuEAHLJ0Y2BdXCF - mJPJw7ZzgtTmWSKW0kDhbRx+Ozvpwa1spxyjgQAg3B1fVUBkGlV6+bDZOHmMDK8b - 7RoRdW44+ygbE+WHS5/oiQQAiZtFY14WcSi4bqhpTDK5YFZh2lyhQ2snYfOiQWB/ - gLLfKDTDJ6pVygtayPKlx4jXuapyNE62QhU5zgCKr9DpsM7v7UnPfTgPYse5HqUW - IPOiOE+ga0TpZT4egqzW6mPGRYQ/ZjViL+JGMa2ATvrSoR1BJCd8BFmmplDs2it2 - Nme0LlRvZGQgTHlvbnMgKEV4aW0gTWFpbnRhaW5lcikgPHRseW9uc0BleGltLm9y - Zz6IZgQTEQIAJgUCUR40ygIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheA - AAoJEMT0+UgE0p66MDwAnRW1VWjfUD5yGhedcxiHsEg1A8vnAJ9NxfoOwPP50sWT - f2vycK0mGECYcrkCDQRRHjTREAgAlhjQZt1+uSQ3puq7p9o/AqRrVsZxxbi/C0cS - eAvr/iN4tkKk/4esSMevwLIMPw0ByuwCDdZusdLAI6TdDe3nwDBQVRbMlmmQM1fx - 1wsJHbiEO+WDENULU0SxqU7lwq3YCqL7oKVtZsJ0MkmEAbZlWuzBE1RzNTgdoMSB - GmSeDu5f5q1a+BMH1gcZWQkW7Y1e1kgHDgnz6vh+cBulWCwEzrwGaEvmJJ+w2HPE - cD9q4IvTjXxZbli7WHrSctqCdgF433iWOa+NjUCfl98z4D7KjKMqvXKqD88NYbqG - wrvupQZMOeNjybWMnkouAXHJdA8fiTy5hV9P7nat1OMq6h+YRwAEDQf9Gl43A+H4 - xJJ34RrCp9il8/Ef7VHEn9ZnaoMNuwCjYU9OaTHAjd7V5N23ZF15+XMvO0Szx/to - qQ14ev385VgBD/FWGy1r+UBK1/gA3pArQhpd4mtzRsjg8e2yl0D5v3v4K1EjEtDn - 37IBwAmWjwbMU12SP0NM+KQXtO0WCQF+ggRhD8hhUPV20ejYqnismX5b7LYX+8NB - OCleryW4pz4ZQT6MTolyjeojyCyaHE9G554ECKX+fKG/WMQmjjwjngkrPk0s3HN/ - uU8UvQv+uucP62iHcPRKwIk6jrlR7KODR00IzSXaRNYtJoDC8oFS0xyhrG1vMiGv - OQTBfKpgyxoIBIhPBBgRAgAPBQJRHjTRAhsMBQkJZgGAAAoJEMT0+UgE0p66lx4A - n2JHiU9h4ElPNbDSfqjQoshYKIb3AJ9RjvMg0AdlIPi6k2PWTTBAKsoB+JkCDQRU - rvZBARAA4jmen1cqxMnj2SIOPBV5igqnsSljlCADmC8MlW1OzozaxFJo/GMMfZjE - AAiST3IFIzk8YBotDfUwSaVpRQ8QFz0XT6+BrDwKvMId7lZ3AuaqWkXT4+uv52Yr - PVN87kbn52MLoUEtxgWxa1dvNmg8+wzsBVI63Oep3yo9eot95SIHeqDQj+4Rzd2Z - Ejh/m3AHcoZl+Y71b9zsaherqvBgB6QpBNaYhEXXAFZGXzynX+6WxNKQ9gRxnsKD - ZkbnJvBOyOLz+fsVI/lbGnSXycQ/hVw3xg30bXHuOkYhIe1SRz78YAaAlBp76o3P - +M9oJA9SxP8j6XWj3vlBtbLRNl1eUXl1ED8S95jGVzmou0I08HGJRmOGAmEYQjDJ - JB8UR6RHn4m0yCQZZgocXCGERgSRNmPMUOaIskMnBqoCfqEifGS1ATqZgYuEik9M - o8wfHCAeMOGsjr6ew1NGPfjvzUQGRUPRgvuE5c3m6WcsDJkgTH7YW9P8T4QeboeV - Y7xpwkAp9Sd/eoQvpXGXjEAkC5dJhaHXKbtxrxlLHaV7cTp17+Vajuf4s3zzXhjQ - rh9ojiNyEVBDetsowzN+UxgWybGeFtXeeqUmUgLpoV8iOjaqKI/n24+dl+JY51tH - 8cR8DG93N9xYL/CDersmvxgIZEVDrpvc3/YMhCWVHDZ0ZqmnQrsAEQEAAbQzSGVp - a28gU2NobGl0dGVybWFubiAoRHJlc2RlbikgPGhzQHNjaGxpdHRlcm1hbm4uZGU+ - iQJABBMBCgAqAhsBAh4BAheAAhkBBQsJCAcDBRUKCQgLBRYCAwEABQJYVnXoBQkF - vsCnAAoJECYQG2L2k3bOhKkP/2zWhq0BlT7AAAuefaZPl9b52uT7PbY4owcMWXJz - i7FTLWFo6KJOCBH9UTX0TXmf9S3AMMfoewblU6zOy+H1Q/ZVdzth5iJaXSbTgLlZ - 7yc7k3P+qUdBGdCHwpUJmBScdGaKCkbdcOPIxTi02sPFTBJx45ogr3/n0S8PFNOY - Vv0fl4Nnr2bOpoSKSka08lk4HJKsMMA/BRfaSffez1QYdRJKhKTkljlJjA682Fuf - NBaZIQ8GHUjyyOIUwQUit2yAGChbBCh9wq5Z//xzBwdqGx64QLHHF+wCg2r9Ba3D - QMNllPidfPBPUPQ+xGXmHz0R0FzlaTYnFYKqpJSX8j/5IhaijZRxvtJljXa0fOg3 - D1A7ZuagCpNcXWVM66FeOx2hYMlBNn/eLejBc244ydlI5lqyocGRL3qjHufp6JVi - uwJpNMnWyLvxqrwgC6mcCDx7jJL7eI7rdAFLwfoTYnBb0zNPStf9pWngLmxsD9G0 - U3nJnVzhsZfa9s7F13wxkfZYio/HkKW1IGZHTkJzWswXx0Ba2UK9oLDCy8dByesA - 5KmtA09dk0M/GuMFcb+ZZ3x3USa36Cw7vbJYcmDw6O4XgNf1aja5cdltENLsVKIW - I1VguZGfIwkLC3iXN2PzO3yOW5GXQ1wPHTc/SPMuBeT6UAqPBjO6vRQRFf4ghslG - //T2tDVIZWlrbyBTY2hsaXR0ZXJtYW5uIChIUzEyLVJJUEUpIDxoc0BzY2hsaXR0 - ZXJtYW5uLmRlPokCPwQTAQoAKQIbAQcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA - BQJYVnXuBQkFvsCnAAoJECYQG2L2k3bO3YYP/0vbSNKAD68r2EN8//yRGgH1xyUe - uRARgxJnhw7tBsO3k1YIkIEG7vKzLcRhi3vcM12ttY9R425Kl1c5ug6f4jt22bnO - ONrJ++0Or6hRucJ3L5IHRK0b2niPqvXBbg9PMp/9p0jKCHqme7mdD6jBOHBAQIZe - MuGLyzNKx6Dk52DZeLYRznoloYtUEurckrysL1/C9Qsah3JKlURSihVFibnIF1Wa - GfphxKsgLDDi8FUyNWrt99MhxYwwlAbBNQ99ifX3ZLFR9Q2B2ntL4Vfvom9QBYWG - 5e3rzlfQtw4pGWpFZFDSi0LdP8FfM9wKhtnbHVEav9Te7syYgMBDx5q6irqwTh58 - gKLicWkD22rtVGYPv+En54thAq6MXMQuzJ3s4MW/5GTZcbtsBBAj4OtHvtyKzI08 - /TlS09bk9mlaI8PYGUU8JKZj39alL7bI7hZVn5HkGMn1Z/lojdW8Is35uKmMZnF+ - im0vonw1n52OTv+4nOpBcidckeDr0PsiAScJBnaJNVF6v+jL5hrUxs4hD4UgTgSL - obUzHi1g4/UP/eC1cEZH7aC2FiG2jTUqo84qTZ9Cik07fmUf95jCfsWFvijzVCPB - oIg4W5SDfkccvoermqS2KE9b9DXdZDiaWTLO3U98nwkO6ps24lbX6mjJ+QjsSokA - msGdN5BhOaltRYBZ0dHq0egBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEB - AEgASAAA/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4S - EA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU/9sAQwEDBAQFBAUJBQUJFA0LDRQU - FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU - /8IAEQgAYQBQAwERAAIRAQMRAf/EABwAAAIDAQEBAQAAAAAAAAAAAAQFAwYHCAIB - AP/EABsBAAIDAQEBAAAAAAAAAAAAAAIDAQQFAAYH/9oADAMBAAIQAxAAAAG9fPO/ - GubSEtBlGa96w7AivEFcmWBP87YnPpNAfdeJLIrVB5bw3TDYD3w4bu2LTZXYacWO - gVnc64Pf8Ec9x669KlsTzp6t1iYG/tSFU0r7naLuwuQl12uih5tA9jqX6uq2jvAz - pGF6McSNYyGJiilQ83NYWhp/p61ZWTds7d5z0VM584dN0L7eKFnVdTHT5L9NlFkL - Jva35/0DrrVIVyK3lLNTL2PPsXHG0OOvT44MFAwd0xttYpwTK1Q38ZNWPTkM3fF0 - OIvQZknQrAnUwPMrh54UPTFkg+osm3wFrVWJQNEvXACUD12FzzDoYjPXeS7gnWSR - 0nGJtlalBxLL5HGT12juo6HcKX+skxbGBn/EvUTEoWDLWe08e6Foxw5fK4kD5o5m - sxQloUADLA+1dXbvUH//xAAmEAACAgICAgICAgMAAAAAAAACAwEEAAUREgYTFCEi - MyM1FTEy/9oACAEBAAEFAh54gp4AvUZvJ8dYrKN0sFQz7ztyx4H0EEdgn+AVsX2K - 5xi+MsfZSAxnq9LIzmSBbDrKZvr20zWWNhGTtuhVrgymkEXBTUUEP16HjdozXaov - Sqyv7Wdy7mp019t/4ZaUE1EkNSPWK3fUv4zdhDteu4LYesShtWHx48tCNjsdwe12 - IVFoxOzQbWEa8m1j7PtqjS7NtA34pW18MuyE6hX+QsDaHjY0G2XFto1jW2l2AM5s - hS9iWprwqCszeskE962zirt1Vu5q2ddQPrfOlzY1Qa7cTYzSMVegV+qKZBraztqE - 4yxFsNXuRva2xHOTswprhrbFx4EkvFtlM7guCwbISTYggUz0un4y2PsEWBYbJV7n - 5fuqeLdGb0W85DjwH/U/nIjETZniFxAQMxirnTNeInc7CEBH0AdmNqlVeEfTmd2/ - Z53xGePqk7HP8g5o6/v2vkyYXduNJeTONiKtYOWEOePK4R2EWDni/wDeeTf2lz98 - f9bP9dfA/wBaX9LM/8QAJBEAAgIBBAEFAQEAAAAAAAAAAAECESEDEBIxBBMgIkFR - YZH/2gAIAQMBAT8BSxkqhfFnPNGIrByOxd2cnJUL9stfZJR7TLbwjH2Pb+oqTF/d - mv0wjPaOV9kYOZSXRQ/hh7TXHZtbR8SXpx1ZfZGCiqJad9Honkaa4EbWSXyjndIe - Uor62STOBrriNcskouqW1EVy1IxIZPTjfIbjWTng8jWt0iMs0KHE620MT5M0v0q+ - xxU0eRqLRVEu7NFf6Kx5KONM0pYJan6S8hRXZqOWq7EQbjIvOCtmKbHJsorbojK1 - XsYt62hWPavatn0IXuW0tl7frb//xAAoEQACAQQCAQMEAwEAAAAAAAAAAQIDERIx - ECEEEyJBMlFhgQUUIDP/2gAIAQIBAT8BpSxlhq5DFv03olRg+oK37MZItdWaMLqy - KVTF+74HVb7HJkYRlG6J+NWqRTUbiozo1FCcdkqcaZOLqO8dHtTJSVzrQrJWIuKj - 7iNWUFaJSpQpRxpxsjBS+on4cZEv4+pD/mz+nSppZO7I04LSJUKc9oq+P6c7LR38 - opoSb0KDH+CfkpSdNbRlkyLMir7omSnsjSim5JlhuxFfY+XL7iaL20ZmSkmiFKVN - JD/BcZf06U6n6LnbVhNofZHxHVpvuwlOldNGbkrF78eXb08I6MS6RdrR41F15dkX - ZWPM3f4HjcXSMhTyjYls2QoTqOyKWFBYkvuVkpwdy3Xei/C2OCexRSLsTPgqfSyV - 7/ji/CXZLm5LRPLvlbESf+HolzFEnx8cyHwti0S3w9LmQz//xAA0EAABAwMBBgMH - AgcAAAAAAAABAAIRAxIhMRMiQVFhcQQQMjNCUnKRobEjgRRDc4PC0fH/2gAIAQEA - Bj8C1VvWUZG8RhmpQZZ6viUTp7sLdAlundSLbQbiOql2GgnXK9mY9Wn3QqNvtHqJ - z9EHkWNd7xVxfAHpRxCE7x+KFy6KMCcYVwJiMoAjXM81YSZ4f9Vt4z6uqB2NXkKj - dP3TA6kwt4mlWbP0KqsqU3B7W3Y94KnX2l1MiRjVNe+6HZDV7Nv0UFlvVuFsHP3T - o5fq6nqsZ5ZwrfD0Kj/lHBUm1m7Jky5u0Ex2TfFube2qbalB+lv+097GWUb5ZQ4A - LOvm951p7yve1k94V7XXcZHBbO51Dw4/l0d2e5VgY2nSbmOyaGez9DJ/KnLg3QLZ - k2nqVLTLVJT2YBdjKaTdS4YCDKTczo1EXFsc0/ZH1cUQ/dB3TH3+35UGAOSa9jJc - NHoUaxEwtrScOyLA8Nd1WyfLGTndmED6qg4kJjKb3Y1eOATWTLCcTwXhWM3aIJbn - jPFbd+eYTphpbp1VV7ocXHIKLGkbaoIps5K5zpfqZWTFenHHgjNS+dJQm7avy6Gz - +yItdBzK2o3Xg7w6qnvfrgb0c1Lt1HfuJ91uq/iK+vM8Ft2Cze+kqjve0ZaUZkSt - LD1XMoEenQjmENk2uK54Mfa09UTUe6uebiY/ZQHW/LhC+Z+JVGE3GJXhqjn2U272 - vRNHCOC1u7rGDy4KVf75bHZAKSroXrjpqgwzZxtQtGQPJoGpMKx2qzlFABQcqeCc - /sPutbR5eFZzeqQbrZJ+qY1pha5KpPHrqE/QeXRMd8dQKXCR5UOzvwv7bfId14T+ - n/kfPwnzD8o91//EACUQAQACAgEEAgIDAQAAAAAAAAEAESExQVFhcYGhsZHBENHw - 4f/aAAgBAQABPyE9Z0rcCdB2bi2gtW4HmMjIVWHuYcUCU5eYwoKFP2hBbZQu19sF - WDFwPZOZgcDQquaH+Yxs5203VdHuFqNXouUu6EZ+Z1hTDzTyxnM2aDHT1EbUVngs - BSjk5PuFkJ5DWp0M5q09Mths3DHf6UTfwkPHrMbbXRvQOEmjDiBef7oFSfCo7F8n - SLaqvShWNQC6XDUeXtNSX2i4ae6lqNVvt8EfJrA7V0fcxG1jFyP/ACV9cKBqOiUZ - C2wXUN1ApsETZqunJIbCqcbC1m/dd4h6PcoosA95waBemcygowzxV8n1CAldAx+G - OkInmlb5kcXOqMULtdvdZzsfDvL+5eXLDgwcETK42ClB5gsmWhGyDjvAo+hw1rIV - 9xwyiycHKe4fkg6SxlMs8Vz6mlZG7809IE71q2QhtMSziU80qOcS/wCBscTUFAae - 5nJNf12vZAGlQczs+e8aURa6ew/GYQRAvyXqXlqPNGre4DAcqcwxTNC4oUqEbJcl - biDq9rKPMLLuULL4ivJldr7qiB6YFVL8gr8TptMS6eyMT0lxwSMNwp9qE2vLaYjv - XMHtP6jsaTjgGggcJu1d8kFcDC9Vv9TEDAt1EJs+D+J9kefEfIF+uQ4kBP2GO5Ag - Tyx8JjS81gCjw0bY3cFQ+JV5iroWcvcomXk7O8cl2dMyCY6tvK8RFTCsu+0teB/b - O9OZeCphaTSkz8OWFmWqmDiurNXKDVUxz5gmEbUh+U18t/mMXgnTEypbiqsw6syz - AGjrHFnPuRKNbJhRgUl/lgr4M/qH0ZfZhCE1tqWF5RdHUDxi+X6m59xaDSY6z8JC - aFK2E1n+p1z/AGeZ9H8d8/DV/m13h//aAAwDAQACAAMAAAAQHHAkhuHnIM0XSVXk - 2hYx4dFqqkUj87TBa9n+afigH7l5i9yqnkoqIre5SNPbUU7e8//EACARAQACAgMA - AwEBAAAAAAAAAAEAESExEEFRYXGB8PH/2gAIAQMBAT8QJY8fHUttqO9u11G1pn57 - i0lUztYjpmDC1RtJ/vvzGVqhZWAwTm+S5AAjvGuag4qpoYZK6xBsVVKvHc9FxssZ - sNUdOxiNrVDNURCUkbmtMAKzN6jP9+Ro3K2JlQluitTtDF/XnsqCG7gTuE0ySzYz - EEDMv2NsuS+6IktRiSqxBqcMtqULuW7FV5GEJTD3KR9t+iFGI4DdTIKIxu558TCD - Q/sMDuUCEb2bj6lkow7UclYgA7llruXDRg3PeBUHccjqV17gVDq4UPuZFMIV7U6H - mWIXeZpANE2LcB5GDCQbXBEcJEoiomU1KiGY3H93LkuOYY8umbnDpRNQezUMqcum - IHPGsORthO4bQ1P/xAAnEQEAAwACAQMDBAMAAAAAAAABABEhMUFhUYGxEHGRocHh - 8CDR8f/aAAgBAgEBPxAGWhXj2uOieu61TMeZb0hy/Dc4lXFTKOT+PxEWfb489ylj - hXxEJxbivXj++s0HnzzAbWfEqE5y9e3x94q5OgUteh4ilDGel+rLo7eeePHvAuvb - fz79TB7ZCbx8fDXEVlJXiLjXOZV9/wB6ll8lS3giEAPzH0tr+9wAQTrd8k1EHO5s - BzPacX+2fEwD1X5/3KVlH7SzUr9fecGj0uD16QLMNehi7WZ7GkFi9bELz+1n/ZyJ - OuiIqp0Yi15foXLB+sOdyK0snlFN7GGXfVXn7QKdQlYrbIFfmqfdgTmLY8RtouM0 - Tm4eP5ii1nv/ABFhc/M1yV5yWddv3fWJvSX6qDVUUuD94YDgjwlsbXiWYuu1ikmq - qXS5Iwp+Jq2ARzt6lANr8zKjIZdC/wATNpBjVTGJoAgthUUy5XyRbRFIC/NINcQg - 1lyZkqEuuoMiVVLHE2XOJmTJeoQ2XCGNXKgbKFY5QR3mJQfX6Gv0X2o/4lfpP3nc - OPo7T//EACUQAQACAgMAAgICAwEAAAAAAAERIQAxQVFhcZGBoRCx0fDxwf/aAAgB - AQABPxCUBCWAk8m945oGlsQalN+ZGw2ECd9zQQNzsxJ8GXOmKEjFkyxgQcQ+ZQEQ - mLyRUgMBGQ/Dn2MR5mTXYGgZibmeIMVlINayjJgqHH6y6LMN0kG5tGGYwsioXfaV - yxhhBW4OFS/b8YuvJGyFPBN4CBa0SKESkjAu8aYmuwMtOwz/AJwXCcxJ7Adx9Y7K - AGg3C8G2zcc4rIY2hYH5fqNzlwVTAoA2l+O0MkAZCKJIUiSYoVvBBCEBrgiwsKSR - zlDgqv2M9tJw5VZocibdDM6JVvKs9CCIpCXTNZ2Y04tyRLZunfVYPlAK2zwXHfxg - 9FANFHUsucm6Lgjin4cTkQ+W1rpAJJ3gaMdwQ1KFcoyNlZ7cMTOjbVXxjZuKMbQn - R2rK5BiSzwTKntV65yVaC1QEKRAQCNFRluTDWhmuSWkQ0hkgJEp2v+MCcPT3ixFe - hj5gnJwAPiGY8weAkvaIdiRp5EZrxTqkYigJE6U+cCnlwd5kDwjARSogJarKFCsf - jCWJRVIKg0LfgA4x+WIHpD9ivK41E0QCzpOMC2OmSs1iJxz/AMwoOFCWttD81ktc - ZIkOARg5XPZjp5lYkI2JgV6kGItFG19eXHN3YbWUh2nZ7hD5WqQU1sSOeMM0RBHg - E86x8bDCjOWpv2cnq4dB8v8AOCFKDbbqsZ4yFlzz4dTxvWb7UBTTcLl8ljgTKiRi - 2RwmHdMVgr3HejpRnhMPWE8lASSO5wG1MRdMelBXBBh8yYFRGx5iNe+YgikAEiRZ - 0jWDKpGjgBPMWQ3pGTXGhzKusGAB5oeNER5lONEQOShhBE/IY96ZaMNTFp/WUBix - 85oB5tcYKAEYSW4eZDKB2cgJV0xJ0icGD2ROsJD8WJ/OPY7JpXsnXxORpkBfIJo+ - 0e5CKdoDhLtCNEr+cC0aAzIAQVNY4lH63ojxD+cnNBQlGe+OoxrKsBE+J0n0MFwD - cGD5D+sv6PTba95HhBwyPgtCSKOtgYkbDJMkS0upbPX6ylD0FfZf7wO7B0mrmZwT - YyVY2COq/vGeuYqZxJqGFc4ERwS5iE+LwNUiIiD4xTQrSDlTZg2kqyz78aNUdB9L - 3iQgNwcBo+8OaC3vJwOaFA+ZwGgwILT1VE+uVpWRTr0SFXihhAmpW2N/qM72dvOR - 3ok+Qf8AuHSQRRJzA8cRsxtVv85SwUvgcYiANqODFJ5dSVhk3wA/AwDaSYf+MON/ - JWK0kneU2jzC8arwrxZtC5JIfQ/eSsO8/onzHUJkK79xsC+Coko5lcNjYWVitI6O - XFemlMcCcPuGgEBLvizNH8FNf+152Z/Sf2fxc/f/AIf990z99/bn/9mJAj8EEwEK - ACkCGwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCWFZ19gUJBb7ApwAKCRAm - EBti9pN2znUgD/0X0ppBbZ8LZBYkyCtCtIqK+CzQTI6sWU6NDAjHrHoDsmy2RcQS - K0Ihb4g3w0VWhU/xbwDsOyHCEj5KnhfLQTUAD/8LIKUha0lJFnpT0/WDUV9EBRMT - xJYENuE+Cn6VhjJLrsXNTawcifU3RFUOnxYDHI/0UwEJ52b+9l1D4c+HxkJZGjqQ - DSQh8skqos2Lrhm4m41B7/dY2BfpzA/ZVUpMtWOwLHumBjtu2n97h6Jhx6duTSif - +qghW9ViLAK0u86ZXyQKnhZSbTpeHdfU5tJUpCVb3hFNqzaS0HSfRTxeanQ09zyV - 92eoRuOVqfcj2/uYq6PerLgoPPhmP90PpSg8WVHSo/nsqV7+oteFkEvPxU2Pq21k - B4iqD0TNann6h9qu40ZkrwX/oe1y7DVRBmBhcRHYiClmQQHO19OvD/gGt5KHKXZR - jEvMD1EhW2d8sDlr3tvOiplim+k2EdjMBa/edhmtoRVV0NAuStlgiWNuzehFay9g - 7AjA2qurNoGvLlr/016hDy8KcP+0Uhg7bdhuELzU4RDqGRPGD49cH5QFYn4FaGre - LrYksk/zNt8Hj1nko9seOMX36gSXqA+dyl/095Mtl+8E3rwhWtQbx4AzWlhFmQ1m - f1sKZxdPbIa2MuSmzWBnctUCIus/4i8AOi4w4J/gAQ6txiAVaytzMUxf8bQ6SGVp - a28gU2NobGl0dGVybWFubiAoRXhpbSBNVEEgTWFpbnRhaW5lcikgPGhlaWtvQGV4 - aW0ub3JnPokCPQQTAQoAJwIbAQULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCWFZ1 - /AUJBb7ApwAKCRAmEBti9pN2zo33D/4xSI5qfxOJMVdwmcK03uWQoaAkda4n5/AV - yZb2lEfwR+CfuwmXFKwTc4ogZhE06lkDoW6bfQbsbA81Vnmjzn6YUIR0/7Te5YDQ - l30MeBR7dD5yXArOw1yNT+/jDU9BM2wisJyAzdGuYUm9AEH2EDn8iRehSKYIhDwK - eqhSWGr0Epl6qQLB2nTQb3yCB6dXxYKVOr1OFcZI7sOn2yc9LxbHdajWXcf+xvWP - khvnGdsx2ZDjCKUvEa9JmKkF9WszqIdHl0oNceJSa5qf1PXKL2EcNGd6KMx5Pjwu - LKBxQtWx3SD6tGs33jHBh99keQ06zZwpS4DsrQWR3g/ks8YvjIY2DJJEtMbka0dk - cnZGbUl114/UYFEsmLK6r5/TB5WTAL4ucl/chrr5+CZ3yZChhv6+1HUyEtIDQ5CL - zjtheVb6PTzWbSYZTaqXv9Rkq9611LpUeb+61PaHDKw00hFur+e4ITKM0ouaMQBo - XKLhTYt4HsiRKuoTjiaTlMm2yLPQDpc+Fcmnrq1YaNIAq1qVzapRb7pL06ZwJm28 - 6sixlfrC4K/p4TZ5H91uorI+8zaIiKH1knbg1y1iW1J1JgJ+4qkG23TFYPeFevsU - dY5KitWUEIGZUYbvi7IfP4FKUfobT2Ed/4nWvm67lDUXT1dU+KkII2Zp3fnYTBKa - dWmOwHP62LkBDQRUrwUqAQgAoloa9GF0nWdO/3DrH4XvOdcupSk6oFoZMQdoQfx8 - 7NoxjR4epy1iZtYrZNgexs6S7a3lOyaAmH0zSBw8iJ5CydKpY7pVFd2lFbUvS2qe - Hz/XVVOnCXcDShHfYULBpt9geuJc9NGmoSlF8Jjp0h3HxrSTDneatYlrwJaxMCmz - 4AfC2QIwmt8FfX7WvNm5qqEc/7qDLgAVhbFBNPLRUpyhLn2JfMaXM0aPFaPvqwSw - 0reLIpe+L4TXdv68jRq8FPjBzcXBgsW9uV3qJnncE3yHVVv5pIF3ls8V24jl7k+W - wf0vdbHFomPbFRWosabwlG00O23X1TCdqytDNal7iHCzPQARAQABiQIfBBgBAgAJ - BQJUrwUqAhsMAAoJECYQG2L2k3bOL/4QAJHiGmiO+h7e7G9AUMmZUmiLdcZ0QJhz - webKbsebI5qGF6x4sqsT5FuVEFs4HYEaXCP/Mk92xBpt/5/9h1uKqrxToiIsL7EY - dDtTQM9dlLACPTinbz/JRXG13aH19IAQcpc2mVwKNSR4qPnPLUJmBIrGdUGNh7dm - zmnTrziM8U35DcnEf6Dj1GzIK3wfj+p4DFp0YWXr5dNGmxU63e/RJXOA6fZet4ZU - ON6BhooEEGiZHxQ3sL43VLEKUaGbOkFBHq4+I1zec7VM++SkW+7zjNWvspvk3Tab - tPDAf4OEtl84jHQpC863AzehOcXT+60THTC+K/1/u7C2B3yPUO1gIArHFkBrWIu6 - ePUj5YsqxXDhM3u3EYG4vqUB3b3zbg+1vLx8w+j0/Y0b6UX5GkbfYAVi27SGxg7o - FaLR+ceFuzybw1xhUVWp795gHf6pX0XZOFRoBUlsSGczCJK+BhJzDm6swEtbSBcT - eZsfnH1GmBM4X0+730tGs0Z6Va/+rn7KgST+JzztiO6/D3uBeUVC/wOHuMNcI3AP - e0lSZp3iX57nxedd24TioFyOhXGjExl5Rb7PtntGT2cFrn4hZcxUMaobKZDsGVi9 - pGaT/LvWPauIzY06f+kS/iCdDUHQhrtzEj+vuZF4xY2YYKxbTpicC76LrdW0iVBF - CS4Bdra3PzODuQENBFSvBtkBCACz7w7u9QK+K1Sbtr5wree+76DNF79X8a3+I9hL - w+mRJXV3CIn666fzaqI666nQFeUXK5C6x/utoGfqPn9Ki3nXOg5NibHRcwC6yRi1 - vxoFLhsPYZGtHUuReToGpBqRxa6VtwKbiojRIr7EXS+JAwhrEsEpYIO0CymXHFmb - 2p4EPWQB16ukWOO3MRn/Z1ucuF+9LJCwWVEGI0oKyEFQ9QNFRCnqP9gSjU8q0HVZ - XQWUr7+hNmfkK8ODVnnNW1EHpEZAO2AfBObngSjfT9ETzNzLTsWsgvhDx33o79SZ - Iim47U6JYjTsfavRjEkXhaJNkTKGC/1RXAjBI3NaISmQFjeBABEBAAGJAkcEKAEK - ADEFAlTSdNYqHQFrZXkgZGVzdHJveWVkLCByZXBsYWNlZCB3aXRoIG5ldyB2ZXJz - aW9uAAoJECYQG2L2k3bO58wQAKYDrOJAhpamwad8AcgA98Ary2AWPMLeSKqiV7uv - 3c0JN19owZcsSR5lmknaXH5fCAVaJg4x2RlO1iFGwRBekS2gX781er/evNktWBvA - EHX9dZjbuc/78k6Pl9XpbBCljbGtClLi/gM7k/tgGEwyqr+Pg+dXBFhGbgknumjh - 0XJ+cc+1Hiq/pgzx+/m1blQPACxruh2Dmt9QE/SfkvxseGNcCVVppWM2JvZAQI6B - YVGUiKDOcO1bgdaISzp47/2ShJJ2RNQzKMQ2pAPjtTUbTfq3VxkJCi3pzkkoKVkZ - hgduh/tKA6RMqPYCXuRimB1QEixfRWwBGlAPbgCmXtaFR8FcFWtSMFs2w2zibxe0 - cWRLAAUfqkMEUPJA8aUZzsBaM0o4Qlz7+ZX6Vp8/av4nfjfgZVQyrwmedGcgCj3X - uYTdiGLLhjYA7XyH8uiKyVjCXRc2j8GcTtKfa0DTFMvdMwPtt39IEv9Fs4m2xlIq - hg9rIUydgIv1+iiJOUF5iqoF8tMUko2moqEoCe3cc8+w8BsTncjKiN6nbng77vIk - zRO101YJN6Kw1bPvGeFu8MapXNq3/fKM1CGJBx7G/dI545CHsc7Cd4YWX5LF7+6Q - Fc2jTAceFG81OEoYD6O1YHXDcwEcTQYrLO3iPSHBLW7qAeCkhVH7BmHjXyQYuyZH - sH0fiQM+BBgBAgAJBQJUrwbZAhsCASkJECYQG2L2k3bOwF0gBBkBAgAGBQJUrwbZ - AAoJEJG05d4bZCmnqnoH/24cH0moIvRY+KPhEkSEn/9BTTd0ugm6wxNi2MyS9bWS - wGaUkk31OG6I4unGauca7qMbbhHqn0G+ibWT4IHyU7En8ROyXbLXs4ySzk9Tja48 - g3qaFWeqTZVpMzhqewM8R3cZxvucYPxriDFdZjWHmdi/qCTd+s8RPCOQ8fW04VH/ - U/Eeoon9soQE+8s/MeA9fyyrBMI/AXIiiEHP3dpAiWLJsMKZoHSmAvIonolan8BW - 4NRH4SqO7jvoj05Ac8snkHVTO/BxHanZ0kEUsytABs0L4XEI30w5ctC+XAVyTFoR - UjPp9UY8lGRIN2E8cn51klNAaQIrNje71Db6PqLos4ExURAAqtjFVU+Cr2vUwVfk - Fp58c136MDmxv1sjNczDQ6ujyOV9cwMI5t0ibAw7T/JxkqfLltX8uZc6hPaBFQNW - aJNgHNjKooTYSkrrBJS/nkv9zt9ORhjzEOETa0pMCEaKW+WtNCWcomOxJkhq1PTn - V+17ZLLZ4iF4w4ApWW9lzEtVjr3bUibHGuSjB4gchHj0maMIbmVuOtNWqgWi3lVS - wgD6Wh9ZEPvgdl+H3Ue1TmuI+ZIoy+2PMHntrJAy7Q6OOu9KbsLl3aDslxKNxNGO - yv550QclwIhabZhMnXMzwvMC5RBNF5Yb05+RK6ZI1aATdTISCHfs1MKuS1gNSBGP - Sr9TnT3TxmLkLb9g5+ytu58BmzQ5M2lalc75ii4WE5vDD241cGCflPFsFY+ODZBR - 9u0fqaqyUSopELgNFYXn/5dqWtpC/lANuLgLai93ATPcY5K8mB8pe9yXut9lO59W - EPLwHnPt7BEpzTlm6vTfWzICn3sLDX814DRGqlxi02LSTq4TuLSRfDeGQWPJ8xEu - gSTjinhyilCcTSBjkZVPzHpfNgrRbMZ6XRKItHk5+2m1XQuqFRChw9k/zuksrw2E - BeD+8hExpr2k4H8kzD9iIDX7+JgafRi2zYwWHtGpkelerPQv/K3aEYxopWPzj9zJ - wcu1OS+DX6R3v4p6iiF3vtKudJe5AQ0EVK8HqAEIAJTaC3AINpl8qDPK9qSq5zV+ - lfeVA9D0O3BqCA+iqZneW3c7mi7T7A2da+KpRGanywOJtibB2TF/jWrNrbltpbhO - JAvsou0/edeZQ0xpTAYRt/gURgRLGvRveaY/EE/zyWAmLqz1FYJUoYcyAvGRl3Yi - AgbeDBMsrCUpJF5S77sxg03/QEjpO6jicfFdSC7HvYwfC/KLOU3nckWKkElFJG1G - /X0+cww3H2yl7smZ/a/rs4nolcPOl9pvtZPqSuyzW3Z3JBktaeVZPGMrxqtCOgQ4 - HCXhWSNdtuilO3r5Ojwt1mJLf1VAFm8oOB8/AZUeKDGNFJJl9VjIX6UAOhdYkEUA - EQEAAYkCHwQYAQIACQUCVK8HqAIbIAAKCRAmEBti9pN2znd7EACmlHur1eB5p7Tm - sOn8cHN7/3vbXqaGJab4q3i0Yg+0ZTmq3AmvjFnT9tsE1FxkSHM7cvtg9jSIZ4J2 - aqQu50x+heypV12VSMpSVMoI58YoX6IIj2vAxBjbNsUvpXemOzisYPdpCd4z9h+0 - C6b6vd3r1cWnE4SQoD0+QDJh0eXPSmESdF7DJPmKz/BvRJzJQW+XdV0+w+6+Dxex - W3gFkqM5mix6BTDs4NoVqWgXHNDuoM/26RODm9FaI3tueFfszRxGq8X6DHFTWr0Z - dHvZoDudz/LNNOXU/jsajcB0dBmbB3f2P3EjOlxsoau8bq145iltr97RmnHDqdPK - du7uNcelXn6Qct63dyizFzvZh7LejXHslikupKe4pXccCCpc8HtQ6OoUNGXdVyWO - 0WgMKJ53NGLKxtiRpQrr+7D9YAXEi7KsfwDxcH1AIupVKgHAfs9NF06KOr5tYYi7 - JhaCAxlGZ5uz0AX/h0caLdrCoLQZ9deV8dRhXe1d1pVzuMc9e40RI0y+z/B/q+DJ - 23I23Q5kE6zuBfhJrgCUUj76cEU3PugDBlDkjAyjfgEkKGsyz0QohGYCwQq/aKEX - eAJ+NrfkD9Jv1jWOafk0UEX7KyWLsCbnlfSkVY7QIYDPNgwwKC5dQD9EIYWyQb6u - QnWuUai52+ANTEFuDj8tmeiwvTienIkCRwQoAQoAMQUCVNJ07iodAWtleSBkZXN0 - cm95ZWQsIHJlcGxhY2VkIHdpdGggbmV3IHZlcnNpb24ACgkQJhAbYvaTds66/w/7 - BcpolgxUGKvdObzd1bfM7uCXgahvwIOY6PAi3b2yFElRlkWNnUUSRq4ZcZnqcMF+ - eOWkKkomsTHD5z64vH0jBZxTVis6vMSAuWgmjOcWZzfDU9lecPtj/72cXOf912vZ - 0Jarlwfb+e48wCFtSyZWKr1OyC2yWZctu7K9r9SToKIKs4BM+DQMQksFKDTOjmT1 - 5yORHoCDboliqSI7hrSEKCnlJmtWATitVmm8X3th87tf0vpZgMGbaoOxwl9/DcD7 - gBcRJQAur8d0AFfOfitU1oz56AR7O8G8b/B2RFHsKs0oo7S2Gv8i4sjFVK9AJt9c - obIBYCi0F8IcZyv4N8U8lOf5/Y4GTBMIOJtxSHqFxerQ8mL14+0SubgRki77eUeN - JFjYlJPKZdS/iLZq01Mp4/+oNcLi62FpBD0z0pcioGaI08erLAIgzDlR48aVsVZ4 - ZwJFzpSzLnHEz8aFxEIvbFzvAcq20e6ZlUtPrFzQerV27ZZQbDwaGD0/snTihi6k - of9URScnbN0D7PLM8KLK9sKOUzKwjHCIl6WJ/+J+ITOtToTy1dDo2JkKMRxNHLYv - KZ7RaQ3liTLw2HjdXwLtmWYomBP/uAghnvnJmLztlylmTEB8C72nbPKAhqk6XonZ - +sCKbDbFTYOpYnyhXEarlYfest+hj1vibh3nkxrjeO+5AQ0EVNJ1IgEIAJwynfBE - 7wL03nQdEmO/D3ZaPnOT8jFORIXrjXsxuCxScYoIsSLqPWVuU5ddXTtBKZ8g95Cr - CciHP/haERbkp52XhfKycB3AfNfm0CJH3pOa3PmWv6OsCfOMjM3asFOTqHNTK1XZ - P9031Ostbhmj0np71FJKNO0rlVDizgbrHif6Hc/BNpUbdoidRy3G0V4vqUf/AyyJ - uFPjy2CCmCq8QzQZZ9ppQe8FiCzes+3InGhNx82afdtLKnkhn5dLXV+c+8CONhGX - H6hEVpqzXctP5s15kV/6qIU7suyNOm8K7+2rBojS7wH7z+sJ7EZy24aNNxZauBHn - db3nXK9GT7cmgcUAEQEAAYkDPgQYAQoACQUCVNJ1IgIbAgEpCRAmEBti9pN2zsBd - IAQZAQoABgUCVNJ1IgAKCRBqF2OKoEUM9e+4CACKtQ+EJkf2auqHlbGMx/+fq9EN - CTOX/iSg9WvTrTzZFeGdweslgQOr1SBgVtRgekK1ffXX8VwM6mL7A7g2j7TXLFzW - yu4kCrd+ZZVqvhvT5H4/cK0axKPq738FgyTJ6eQtjPYbnDwnN2iwlBOVF9rizi7T - zqA/RrfZr+/pzoHRWXgDZ43x9bFM7IGDnJilV+yjnFeO/Z5DU9TV3qiJnpF5pExR - ZliBNP80PTISkmnvhdH1eQIL+lIr0XOdTH7P6PWs1mpexwf+bttBQT1fonmV87Ep - xtOZL15JnXBjmkqzD+fmdFOx36NWLZDYTHltm+HSJmS3wmVG+tkOyuCwqFvntQIP - /2AG8xgVX5ZE77BAIsC9LW42qqRjHAFjFoOopTZ6htkb3eBkxsuujzGNJ2Dlcu9+ - KO58skhcuCF21B/elXqWtBuicw5IokUVYXd1T3xBSvKjWUWF3NlvKIUFfLEFP8EV - qThD+5Mw+a5usIXNId6jXi2143Ig30u/OZgIx8FVjzs2Lj5cWixNBmkHTDGD55+t - op3AIHnYyfcF3p2LoKLX22KH1+uSJdNcAlIb/m9Qrknd1pcBEJ4mu8ZP6PxVXUaA - vsehhR3haY8s7EfUCVXZlA3Q3S8r7VTg/pDB67FhaJcc6rVXlKHdPtW8rzKI010J - 625omSYA7N+HlTGDL+E0DzYapkLleDHcwkvppl52yY8S/GNpwEVIeInw3iR+jPKh - EKlhhx05HIDwBRBDOZDURZMmBRZZTXx0Ykp0QerjDAi17YJk8mpm6KNkZt0dWODg - qNsK8haBoiKK3pEMeGub8QsONSwxx65vlxlCBWYtZ+gJh3aBnB6tDovZ6ytfZ1Mi - bvZqOcOBFNzrPBNldVfdsiMfZzTtGbqUQV4qiqdYmg95xkFq0upinBvr5sBI8qln - q+4vdZosivEt8hp6uMzaFKBbX2ktrIk1jUIMwhI6ZjBHBIlaz8HxSOTgNta3r0QO - 7UelMLWZ9w1LJWsaLWNhPXQxIA70WbLb8geMVq7VyuE+uQENBFTSdbQBCACE132Q - pR7pocJTL+LrdLkXj9Em0fs2yXv1tRS5eW7tVIzc1XITsqjXThn5hzfJ5f33ONqv - esqeaBakMMaW39I3SZKGHFoLwqaczGfBk4ihnsSmiGoyeMD2F9gTUCGxdT23tlmZ - SlwDH6rAnXV1JFk3QEh/QmFwjAdDfkzpt8roWOiZRWYHKwC7I1eVC5OEadK+287/ - /RWS1mfieMaOiGIZTZqTDtGaokN3rLB62LygOUQjW20J9j4ZGIaHBvmf6dQ3LwBB - xumeSsLxGq17VCZID9EPCAoTVPkuKs8ZfrKiLjAbuyZqgTm3oxHqStmJhGlKVn0Q - a9IRfztb+NF0yqdNABEBAAGJAh8EGAEKAAkFAlTSdbQCGyAACgkQJhAbYvaTds4e - fw/9Hdd/bHOfZACu0BrGS7dX+/2QmVZ6SP+yxegCQTeu4w0iZ+ohXVx4NUNzoBsg - JqmnlY9+ulWUKMKQjTHJuC1W/4Md2rYLVMDvDl5xXY1fwkiGwAdjAVVQyJmQCjXL - tKD50Bm1txiHARKScIuNoFj96c19pA+MUvZoLWXL52PNEKCHdi7mq6Vtu3ae3W4S - QhFpXAlcm3CrKK52OxMFKTqMkk0r4/P+U5U9tdooElDJVoUIYoLfSr/rqPf7UrUA - JNyk9AhajaYYgJ+Spw7FrnLoUJXgrQzRCSyDiWK6StHiCrzBej+4Co+m/N3ajqWY - kZeFtvARPSNDxjFELxT3Jaj855WoR7DV/biAgvu3TwYcav4GYykYuq/hdFFy0Z0P - QxSAL2Hu2s8f8T8rGjqED4++BeqTabDynKCT5dmRQ/fDw0LTTHeoxfveFKfegc8O - R/nzYteGj71DBPpdaGTCZGDIYdSy3wb9a+9ezg2vEmP3JKMn1Z7DxP4LNOoL/ySu - mIQIcrZWxWZSuPsiOm8FUWuvQ4iwzu+ZUC8kzNwQp7MFWPwh+DYHkp8K7m2AdjeJ - EGPaIlhqTKIUrUEVUxkuTHGMExd/+gp3CIT5v3X08msnKrN4/HRU4x4wyUJqWVIB - 43Pv6Xfqz/1LayeY/PvMbHSSXOeXjl20iDCVxKt5qii8sfCZAg0EUmYFigEQAOeF - OFMWA6lDAGSAlUU6g/pRDegFlNxFJhPHcDilxCLjLOIhJU6D0T1+HZh4bB4BkA9E - qt6/FDzaW/mQO/xS+UI6cSH28fiWl8NqCKuIQCRxNzvJSYIkDJHzKDkqbtXTV+9s - tNYhmKx/kSrADBV2Qhp6fkINjHF9rLu/iMEZfE3B1C7ieww4a5g3dOXQUGVaJ/Qz - KEZPKGXqsxPaWXIqeUlodsKgCyle83VFda2qj9satyibcV82Z/dsP/wrELnwOYEu - eGcN5q7q2iFI/yHfGvzoLF1hvVfPwTkhFWZmij80szRsbWEeSJREeImqjfpGgxqs - USEJ/KgfC/3wfO55ZXVXDxlZxkcy4ciyRP/94jadxSfcHNPei7d5LHotmhLg10q1 - QqpTJPzYcNdj1xSAu50MD93ZhSLkHLZi+AZcVE6YqO2o5ONSq7mTQFMA6N9fn8hU - ED7PbpdgmAjTVtaK8Pk8ji2G0l3zydfbx6+7pLA3R6/93VNPv6sazRYyKh9Yuel7 - 4rXbzsm5D5alWF/39R9xxFsvmthflNCnFh0zMm/LVPEeKfMT6MRwSRjQdUGE62v9 - xrnolWI6UBCL0CDjtJuwMrUKDwHaE7gygRW6mQEX3ZEdERDX5GGcLxwdfki8T0Jv - i1g/cNvJ39lRZC61tusKhos/DO7qfrzIjgm9AKOdABEBAAG0G1BoaWwgUGVubm9j - ayA8cGRwQGV4aW0ub3JnPokCWAQTAQIAQgUCUmYKXAIbAwQLCQgHBRUKCQgLBBYD - AgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMubmV0LwAKCRBN - HpAOFMHMBL2BD/4kqg1vkxbZmlIVCjPS/YYhsAzd445elkpvx56S66HOJwEK3h5g - tJvuSBuIXQgfvfeqwWf4w1tFja5GiBTpRd0SSq3ZT2OOXOYpNrAnFDyRy13B7Pmd - Cz1ibZtM/7W75SXWVL0bkuSzxTYO7v2VJ4XjEsZmBhj6i3JKidmR31a5gf1WBtky - Eun9WV+KaQSKjaxbPlK+wTvWdXpClVNOR6izFGbxATowWQmZR1do8yLh64WPf0Ia - /yg88cM7ZnnGKa6X9Tgr8vgJ4LyUgNmCPIX4eQKQ4PVTGB9M7hEobutQicvBceHB - AMJI79GXzker9n17E7Fyo2uJzjIdWoKyCYqp1ASu4oBuk+LxnEW6nv2A48YnZSr5 - kF/6SRM9PVykWoEKIrj/GEHzo9dpgeg8EBrjQpJ76GyTqy/KJwRUxRw1M8wrSeGX - X1tEJbRgbXih2k1zLjQVCq9rrNTf2nX30PEcMEoLiO9mbLYkDqIvhGAfcwjoB302 - oPuPlLfCnI//3HnhbBs1lZryLjjoWzMBbHK8E3HLruN6uvYxtnKY7rF7hsFJLB6j - 6kgeC8Li9ZjmID40/0vvyamUs6jsvIiS+1mDvCCYhOX/7G/19bl8gcOCCbDh9tC5 - bGSf0KpHu1EqaV7I+ny25g7TFX8AaPtuu2AmUi4P4JC1crBDESuigUBv07QcUGhp - bCBQZW5ub2NrIDxwZHBAZ251cGcubmV0PokCWAQTAQIAQgUCUv0tJQIbAwQLCQgH - BRUKCQgLBBYDAgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMu - bmV0LwAKCRBNHpAOFMHMBLNyEAConhqhQTA1q0tQ0b5NEAellt7aae2m1rtLC74T - PArVMU5SZqcFdbhiRKo0s1QlI4V+SNZShkNH79pk7ltjx4B7Qy2H0WTjygNNULM3 - X2AalDxs0j3vPdi3TCm0ebLO04WNUbyPr1972mHjqaCE2JgTrEr5ZUebg7/7CsYV - dtO3T1i3KAy5J0ODg65wqcf++TJs5YGJhQD6Xu5T6glndBxK+5ChHJ39Mz4GlCLr - Wa87YKgQfyupZRNx3H7TMp9jbjFcpIXar8wFPvX+3K8eLmr03tMbCA62biuULrl0 - k54ZE9R/E0faqMAXydPSPc95B6BxxSeONoicFuwocESyJUKLo60FR42F671OBud2 - WqEGhjxO2/tIymPLUJEdESq1pKCqaq+dIZwVf/H99wPKFEvBhzzFvtdgkGIKsvAE - LFK8dmRSaLzU51CLmjwzVodiKNLxAV4ma6Kp6V0lCGcqKXGZwkqO0+DUJ0//ZTRN - ARcS5MQqV7rPVkS5ejqZTBU0xPOiWCkpvfzgmVZaw/9B+eb7uR9OBLxUiHo/rtDY - uwhRkX+JtwvWBkZur0zpHwIeJn/nkvV47PdUgPuwIn1ZhlQWwAj5ryhNUaAsQYlV - POUELHjsJSy/MpHUKbs3Zz/MoYHEQgB2TEf97/lS6H4LDGFOi11t49d7Xi7F5DMc - L+fqd7QfUGhpbCBQZW5ub2NrIDxwZHBAc3BvZGh1aXMub3JnPokCWAQTAQIAQgUC - UmYJ5AIbAwQLCQgHBRUKCQgLBBYDAgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tz - LWtleXNlcnZlcnMubmV0LwAKCRBNHpAOFMHMBIaED/4v+2yqYRS87QasQ945CE5H - eeTU2oKbqnZBgeK5FlPmHC0fWFBA8/iJsLB+TwfZ5pNlnYbowX01ixa9usW9qGDh - nHAxnHeI8lRheZ36rNnbXMiHXE9fEzrWcTkgIy4iB5vlV1KBQ5UrQFcxGlexdLqq - CENaSPxHYohusrBPBbk6V0KxNVonCACOdXL2ECPZcjA2TIFDjn9bAFO/DFh0pJuZ - TVqzBlazqDxzL/YTwMGimKiy1SeQFoIZGbQNdYoXyG2TRCuQYX/qGCXAbbvym0eU - TqQfzHQ4f0zXxeu5ZVZaspRUTSZiydXG+/4HEDeSICMtRXWl4aPXRG19u4A4lLob - g6Ty2+Hez2RsvAtCwmgt0DQfqKDKnLdubFtM0LtmfPPQ/4vx9dfcO8jzcG1ZGWHL - DjJoOscUBY/kheaA6Vi+68GZVfQPh8/qLDPU0PZ6/6PLtvm/XFsJjuBIwG2fy8QD - UaE0O5zKGbcEnKQPTEF4cjLuusz5Kp3iu25VwmUEQNcFLKhUEI2bQ3r43wADJNHw - GPY5olkHSflyhv5fWsZCL24H2WuQMmlEq/a+53hYD+WFu0w9sVE01wSZInNdCen0 - K5dhP9StLShPHFDlFxazGssV1LDRX0FGlyfw7LcW8vPSBFmq2/csH455QXqzFgJ3 - waeojCbZQn5zX9AI+XRsMrQnUGhpbCBQZW5ub2NrIDxwaGlsLnBlbm5vY2tAZ2xv - Ym5peC5vcmc+iQJYBBMBAgBCBQJSZgnCAhsDBAsJCAcFFQoJCAsEFgMCAQIeAQIX - gCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVycy5uZXQvAAoJEE0ekA4UwcwE - nQ4P/jB+mcHiWC4qEhIfXln15ydho9j1BNAGCx3u/axC8Lu1Ykzq5MfMyTYbpiiL - I4Wq2w1eXp6N2e9cif25nVo9yVISTxdd1wzZzehedbjz85rjtCUMRgYsQh4N52PH - nYYlkk5ctjdvrENUJ17J7v92hogDY0qXhGply0pI9LeH6g//OyrcysHAVqbIgr/B - yjYKgaOHRvzxdYB34Djw253NQkyqA7kio6SPegHhSVlfJceNFDuf+lJ4wXyB0wlU - TIGFnJfE4Gl5bqOhKMLOqGr9BhUoGMj/wEKjh2Mcb9aHQy1p97IiODgj+J/mloqg - 9VDfC3+I/dh3E842rApu5aLrFn8nPjyz9LRcpBwPHPIjOibGeNMlLDW3VeEPNo4+ - /e/TU9O1fJJxioqKyytSnOs2ACwzVMH2EobfkhaSBe9VhmX2SB8TFErGc2JhQteC - G6ueXCVqGPIcFsD1IQvUVFgxkS2IMld8vEXGZTK2jLWjJ+WH81Thij6MEoqGmtjz - Siddr1uKNsxKp7XOioIG8r4ZEVDPvTiUiSp7dbQqVEXtI4NOIKheIqtURJ21t4Ww - vMrIpJT1aZBrMhCIdn2xTl5NZyD7mfKnZfbdCsQxo501D6R4Flq3il0fPxsCPy6G - T04rpaMFlE0VY4B35bGwikKy+tHIqouYFtyp+kHbDDW8nDE3tChQaGlsIFBlbm5v - Y2sgPHBoaWwucGVubm9ja0BzcG9kaHVpcy5vcmc+iQJbBBMBAgBFAhsDBAsJCAcF - FQoJCAsEFgMCAQIeAQIXgCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVycy5u - ZXQvBQJSZgrxAhkBAAoJEE0ekA4UwcwEWhgP/1JmfyfHoIsCJEBXhSKb2YxcEuzu - z6R/KhBvqyCFByjjmqh5P7SWsoTRUN1ntetQVRUGe8fK1vPcmnTjI5UVwYchNwVR - Pr7WS66zD0Vie2UQROQB+XE3V0jgewojoSkw+fEXkLJi3q1AbHnFg0AtlxhfMl8P - KXYzjgJJ/ZwHh+cAiRMNjy9MOK/bQlyDY6iTG9DUP0/Zny7FAq6+oyiuP1TT163L - knFbVaEH/UdhbewQLs5GXufJ0R8TGP3VaSCiSk33kqOe4qvwFxkDN+7ioXR2A60y - RAZNOsDd4KOxdwhUm8mNIWHne6WjFxGznrPv/VKRxUwwDV0clf7DZYvPJ0xCFLTx - xC/9x1oKwpDB6fmqkA7DJ1GHJuKXM4O7EjVQ3SJPacU01tr2qC2BodYJG6PvzE2+ - FzGndtwQfb+eBYrEQ12Apd6rADrFnbAyd+FH6uwRxWCPweMCyUZpCF9ZQhjd20O1 - fDOSUhaHQUDa7NLcZA3Pzka0S4Rjkj4NPJd7r3ckXIwSgp3vwPBe9yUt/PZ09WbI - YGYFy1z9kml2uycdsaY4WMQiA0unkpbkQN/WaraZltNTrfs5a47b/LWYeBe97n8P - dczXAC3jSrj/wOJNb4as+bUVJ8U34BeUlJo0UCJPBINdRcKSiakjfGa8WAYEgbZl - P9rRR5hZQvUaS4zytCxQaGlsIFBlbm5vY2sgPHBoaWwucGVubm9ja0BncnVtcHkt - dHJvbGwub3JnPokCWAQTAQIAQgUCUmYKUAIbAwQLCQgHBRUKCQgLBBYDAgECHgEC - F4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMubmV0LwAKCRBNHpAOFMHM - BFksD/4k7P55N/ZHdHuMU59DfQSvk4r6DNrGzZNvjiwpDa9GUdvFw2vXhFsxASFI - A4i7fmkxVUzfy508+hkP3rZivqltnaie0HRSDhilruiJF8mwSWvJ1yGvmouJvT82 - lUyUqtw79lnEADw3NypRXIRP+oz3N3jZ0s3Wmil+Lj5A2tn7QLIqTcLLtX2YmmSt - fjc8Kk+tt6gaT+r8pov2JDjU/gG5xtKG0LfPbO12y7+qY7dJFd4gNaXAub1O0qrt - IWsUyNqxvG98DHD0ub/+NqQdzrzhBfW7QG8hzrSafkc5qvxBR2PwJW2F5RPRwURj - +JkT1GPHZWFlUK8t6EG9w6kzL7i1xOYkxTjYK+1VFXXMQQRIy6d5a3+7ac2OtS3X - qvhEBH8XBLdHi/0i3GQ8EAkNC3nB+p8RUrbJQbq7mzeZ5FuHOUbf2Uo9I8FCm0aK - trVYFiLYh5joYYlXoE2Yo8rB9uMtttyvCcdIm+ewZCIQCF8MuA8PshXaOVwq/k60 - JIIJlo+r9vX0Zgq4hEQUHA3hYkxoXWGAn0TMVZ9TekZSIdhxAIo4VsJzll2Bc51L - IgH3zJ0FxFBTcGdKU6mDUVhrIiDe29PPQkla3wCbuH9l7W0dgebTqVZX92hbQYgm - E3h0UcX+vnCFFPm5qpdYs4puNrSgJF8Cn9LDUGFPvUN696wmE7QkUGhpbCBQZW5u - b2NrIDxwaGlsQHBlbm5vY2stdGVjaC5jb20+iQJYBBMBCABCBQJXqC8TAhsDBAsJ - CAcFFQoJCAsEFgMCAQIeAQIXgCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVy - cy5uZXQvAAoJEE0ekA4UwcwE6b4P/jUOwdtIiNmAwYNWRJvlGoq7/l+gu8CIo18e - i35j/r6LFFuwC0+vgEowZHCqLGIBpK6yliIX1S2voguGCpoxkalPdNEb2mcBODNz - FUVscRqzjPMOD5VY7pipP9JFJJR1FNLKCdy2OCD+lTpQkmaBmKXaGanhJ/wkDZep - TURn75WhgpDzzdISR9tPygZvKWeE8/Ov+RzL0caOcoR4yuI+dbld1bwz0hem4rBe - XiT8+ZSW5F8OE6MirBMyHU3fHQjHvQ3Iy/UUsMyPxE0iIMmirkKwB//U6vCJTRf/ - 2M2/k9h2DZYhsMpDkiFSI1q7jo9/zrEQEeQCX20atAPZJeaO+OLQPdBy8sghA2HD - 8UY+wZ+bfWTfQpUHvWVuPmfLUtFzulcBvE3rwJpNsgu499XZg9GJ2O8ulhOgJRHH - z/ddaNYvSQXQvJt3woF6ElkJI9kF9MKdvlt3Rm4Lp9dfb7wmpnv5isYBte4MlVJp - nHCg+ABZJdzm86HP6/LdfWNpZnCX5IHFgtZwdT30aUM55fVMpqCDyfM3zcnBPE5L - pLabNyWoSYXllDy9J4FkuRkGr55bTijNK6WU47EF5U2+5BeLVbizuJ20DHcwEl5f - p5IyZBdBmSrlltwtX6Qp1qRfaIeyiTHzx2Bz8LzONEL29swcsQxuRyf4Xovt6EIz - 4VNGqRc3uQINBFJmBYoBEAC6C/l0gjpwGcO+6BV0YP/eYSF8XxQ7BcEj+ooSs18j - Zeg+9ih1yJyMWqrzXrREpPoIvxSTXgYN9cvc1hXSu0OxqCLjJ9R+wfIpUJyFoaQw - AvuFfrnbwqUDoa/bSFXoUFxv/M9d9o8brO3ilgBouys3QTDTZuVttK6GQUZDYcgt - gQsaKGQKvylwqmoldProvcetvNG2nTAnXYtNetF2r58jn/cVXS8t2Wn0wTs+b3WV - kgnChnODJT9qaaoCFHhygNH6ERp+XlaqW81sNTkjyd+Wq+vXMvFzyk7i6ezplnYG - vhEE1hPxYRDZEc9dEROgI95k0RzYXQvSahqoCyMS3DybqEPJJh2mxJim6UYHD5gc - cVhTb7j3WfWoyMRZeEzb5bSesnkzrb4kRz6ZYvYF0EyvcWC7mSOtnIkQDjO/FfMo - fRgtolBchHc1AOjBGVjRn39YhCDijo5cB5z+nhyK5BNSOQAtyrGOU+8mNSVDw4TW - WjH2ZDJRnbE4NwSpDzVRbBEEPGILjIoPaPQ11IObjYHY8WQ+dxb+9e45WGjv2KlD - S3UF3ABeLkjSYyPTTuH83gykU12gr60MrUQExdbG46mGjfTs/GOgzlItkEuQc4xZ - kjk53jl1s1RjjFo+LxLpAYu1D0KpiclhNqWPbp6I9amEF5AeIWgDDOI46yC2Rtkb - 0wARAQABiQIfBBgBAgAJBQJSZgWKAhsMAAoJEE0ekA4UwcwEfrgP/1E7HYaMcyDT - RbEy8GJt+grN+m07wLO4bnES2VzVN9X1ymWP407upZt7vy8LUN7d7AEXCMJ8KffH - IhTN+tMbx/+xMqNhSVG5AYTlPfdaumL8jR7WvZXh6nRXZNbeGqofH36zlAbV1NiT - SWBMxQZ6MbkW3z6QXvad/MTQFlcFouGlFHmvGdtSIBdg0e25Y+mrwXnyN1OgLJLg - L1CzmSae944LSA8fi1EA/R+vwgJNkQPTWbuiFNKvH/UwOUXJ+JxKG/CamPT3Lgzw - VoW6bKqDPsgWz2gSGBmN1Umb86n+xV7fu39BfWaEfpoY5g2dq+CLFYgxzymKOxj8 - oIBfy/2VZuX2Aj8Gzh8q/Q2b0iqlrLzfXViHLD7LTzHn0G/xOks2qkwvm90wM32m - 2qkniAGimeYD0MFpbL9cD0fRAhLkMsF4t1EUTIzSdZKouKF7DMI9eJe9RbqCcOiw - 6V9h456hwqFd7Z5fi3/SbHNS8weP004DUcVhSwNsAbMDCxSDlv/QNOmGc2QDRGiP - QrWIhq1fVj1YfWq6dfkOvwI1qvgg8b9GybIasL5YuC0xW/GHPwo54xiFcGBoWkjh - QwxzJFDCAlO80ugGRpgEqPis6Q7gAWYjQxHuvEtgCtUcWOmlIZDyxDbcvlP2VPt6 - mUjOkYtwOLN6xiYi7OGBxwcJU02OmG+NiQIlBBgBAgAPAhsMBQJXwTGaBQkF0dMQ - AAoJEE0ekA4UwcwEg9AP/2QqpW7xqcuU4RQzCEJQhg+iiSx1AhFZyP/+rMMuPDvk - CGXtEepUz67AcdWEHLKXOnQJjiFJ70jgBNtD1A+EU+kUMuWZt8QjFXyx5g0ua+nz - oTXGjCx95uDeVz8UmmjtEf3WqwgdOeB5ezcLCbNpcotYHj7lx3eHnIbC+Tv/GQf6 - YFS+OWS1SmNkJ8XlYoDSQwx3rjcyx5Oa07fS3a7+nsYCyHjepVRt7BPI+567+bEp - FIcmx+BEYp3XSHUsXzp31o2aVgndLaJdbi79TN8cL+v7QwKTGdrE0PQx4moT3ww8 - jR4gAPB+xKYHg3ArE5LeRTxvq+UAj8CrC35gtaiLSnAoYtfqS3hsqtGfRm8SigPy - 5qObH+9VrHW7f3EZFgPXHGJHig1xl2egq6AbJquG1Hg6+5AmaPIBlea7nDspfPoX - +c83Vagc/70WN0EKn6dKx+EJ43XQsEqJhUzNE1mgOEwPWz39/I/Emu2ROVD5W0nb - ZJq/TiIQI/cmKGmxkyjk5iF0y2se58tqMclXLyUfdmZyfLeDT7tcl3FoGghosiby - Nze5rGPjl7qpEOAqK14HxpTCTtenrmPhebYTAL4qOByQB6DdbZOST8MRPBq84Vo8 - c1O8Rq74o2KIbAaotUHe0XlxFY7d4zwiWiWxIoOfbeD0JaQcYK/TBwBx8btmDFhm - uDMEV8EwcRYJKwYBBAHaRw8BAQdAJf5CtBXUXVqiGpt1xQ4NlzBtqamtSgshdXad - LIuJLHaJAn8EGAEIAAkFAlfBMHECGwIAagkQTR6QDhTBzARfIAQZFggABgUCV8Ew - cQAKCRBREE5mjdBEgfmhAQCkv6N3THjDjvp6VDcXQzTTY1d3sUqi7L1qB4Ez6gdL - iQD/bygVdVyoOtrP1/lsWfBfbjTsIMsprPUyneOKO9Gnogep/RAAkZflNkOvoJ0R - Fjlw5MKzvTLTaraxU43p3GJwT5QDE4vWeql5/YWI6hu7h744AZhmeCbyg1AE01cD - oRNz5SD7NRU/mnczCSkUALnYZYX3Ko6M5pm5DHVBmhbD9aFtraLH6tlJKLXM9rGs - vyJCl7Tgy3cgXCYuXFiFPZn24MX+Wi1E5Nbk8hxaa3bIdht0vRdisan3n0OYo0aW - muBMFtZN67BpBTD9I6Tw6Lzeq/7xh1k3K5rEvPeqHRVLHH29CcYxuyUOmLb6Fc65 - Mm4xWztS0+2wWBk85AhZ00Lf2i2WkdATrPx7NGWw5fssV/7UIU+Q+NuquzQPh84S - v7KKWjQOP3mLGcJ7WU4PKR4STBAThd2WsgaMs52LTtD+IwtMZAMvTc9Ws1e3VqTy - lMkjtJlGxC6Uvf5OpvnYfKcENu6LBLKOp0IYBn+hEKFatbq12Dduiz1iKK8+AizA - J+vLS1zdYanbKAJtYW+AdmbFTyfC6ytONyIiHpvXHAb/B5vH+UE8yIrJEL4XXAup - 0kEOjts26jcbPxbvfe8FHD4NZIM8F5tbuST+TckfSNfUwJ2/7M7nC66vwN2oMsuV - faZk5NFlUlwaDiNDgQnb1qQm/ltLBrVsVFc3Qra41IZu18etxsOaDRpTmyW/i+2z - F5QWE4RzEccLAJ+BPLdIQX5xKVZYhsy4OARXwTClEgorBgEEAZdVAQUBAQdAt3Vx - YCdOrV+5P3o39foPJbUE97JkCZsH/SLX7d4WK3UDAQgHiQIlBBgBCAAPBQJXwTCl - AhsMBQkFo5qAAAoJEE0ekA4UwcwE5q4QAN/5x/N/8gldfGwarLCLrtHywZy0JMwJ - ZcZjT0z5mBBTwNsP1Ib2k9tGqAeqR92IYuAEJI7UYNJ8aEMbDDbfOtuhecQupfXH - yAahLrKSaCXj49m/nwBQGDESDSbaOU/j9YSwwrG2vFZESwhTUdhJha+Uple3vtj3 - H7JH+CvdCucjOTWSpdl0nf/64wPHbos+SfeS862UjLJnS6kq4GA+T8Wyh5ttYzho - bdNZSRh1aU5clQNFLhe+O8GWTY81AI/t3wT0WLsavhUa3CqVPJM6vzHBT46weyim - P0qoHRpo1sfJ2A4/YGc/+r8cwDimHpG9mIr2G3nx1Z8FhXxjQN4k1QFpMJ8LyHrO - LS1oIpmNmwWzVDXuRQoerXXqOO61qEaorQi0buR6Y3uT0+DhnGmbXYvy07IaLlyk - fAE6/CCUkIo5BNBBm0spChAud3Hhr95uLmey0JvEGXd4kjU+6QCnY0pI//2Px3Bm - 2V9d1o1+31dr8cbh5RkhbT9qrg+5QIOeWG3SsOQqKhOaK1l5VpdlpSMoE1OJxUOT - TsA5RcDWlbSC6hQR+8AnUpGnB9eZDtTsAVzzcJfiphoQhCb0tyjgyeioSSPyA2SW - /Xe8lk9swoG5eK2PI5rKQ+Av/f7vZgG3qMX9F7Ywl/Cewje6cXFaeMbOWzkrNGRN - 6Y7KlqQSpY4luQINBFfBMcwBEAC6AUNasY9Ibw9B064L2U4uflZq3N41ZUKEcrhA - JZbDhPlKYqLPN0xwJrbUGFCkkTZF/5jsy/2YKir1ywjNPuvrIgqRwuyouTeJOLQX - dAlbZHajVR8ljbQehdVxMJ2nPYHyuwRAQTjtYceMC2DFe/YrdWKa9p2x7z9hD7sx - g3HrzXXtAj0Cp/F5fokQg5xnqGqUyEjV7AHajljsap0bOZpJLkXDhDYsgMtObWgt - yZHKfmpKv3XdFgHUpxu+XX8hw6Q9FIS28DEOVRFCzGsY6tqRUMfBSnUvj+x3pF/g - XNMH1HJF7u4nQ5nulhlyyDupXQ5BNIF0o1bEKMOLHc0TZ7wgJnPvZXFB27dE/U5j - W839cu0e5eVGrJz21AwnwIUSDkVG+qIGjRIVys4ce65kgjCOJkL7yRJD5YCWW7hj - T3/JU3l3lAQVwS6bR4Qi6Qsl0eKmhsjqkT7N3KDXbCSqmAp9b994bxYOeNyotFtQ - APCmUVFykQYDMJTUdm0iZX40q8p7T+OhkWtmuL5xGpP9KU6IOWHRxgcRN7cVNOoo - igE9mqwiTl236kxY7NQLilF5dzNbExtFSKf2h2aXyU+CpYE2aa6FTetMUxZnI2+o - B1hGmVGoGBzdlhdXjrn9uZdiLOumSaWZ1mt/EMNJVT6aPIPSASkXx1Se7g8pCCW1 - K2OtgQARAQABiQIlBBgBCAAPBQJXwTHMAhsMBQkFo5qAAAoJEE0ekA4UwcwEBqUP - /jLOHwYJeaJsgsi5I2v4HPUR0kZZNrAeraW66O+zkHyPehiU2dc4KeuWAP1YZ04c - jUyusCN9QLSx4zbaZHPJjqStLQqsanYZ9qdeAVLgxp3A3ZFAt/19DlSMIf0cWmg2 - VY9md4Ex0rTfv50cGnaB8CLpEaKwwJJVkSG3YfqgBb/1rjWj7KubM4k3QNQ2UwG4 - ABs+mZ0f7VYpd9hQkRza8IcOQ/xpGIoNlweWqOrMm9Xk1XN3LQ2SUG5pPs56FHGW - /Q4jN0zqCGVPv68T+ij50w//JOfrL98x+QOkTYHhFBUDsqmysBO7deBeQ772Rr3w - qLVqmVyVovhSWn+r6QLX+OD80o2I7bJKAgxK4A2blBcjIA6zK7rKlh5zitACRs3B - vmGYenCxF55n5BTY4osVE/8iG6c3i7NLZFRtsYwaA9TCYZxOUIW8cfZi2PyfMw0A - mndldZ5SauaACfEdcIe7LE4Qu6vUz1qEr0DCG1+VetK0NKePSXMg/VV3RTi4mUOX - mv/pSrJxDSQMPA3y6QdXqUtQl25nM6KzgcOpGah8UOdyDZccK6B3zlq1ngKE9U19 - e/FgZamUn49hqKNu6QhQ+2pgiehgRJ1Nmo6iyf+0O12kwTHWhXsb7ZbfA86OHlPu - EjFDDW4kXkOSE3SRTP9GY5w7HVY1qUWy+2/FeYyW4syGuQINBFfD2hsBEACqLMDp - uA+/9VWscimKTs7+k0BiuxfPwNJAYYznAVNFt+GE464v6YJNXpKt07BRzDpuivaD - PobqtFXc2nvBHcCUOP6QTUP89rOC/bw039B+KRaPlQJTGbPKL/kqIXiK5ihjgSXd - HDCmzNFHuec07pWgBMI+LYfZpKIHGsFVynIL53mmhxavGTCSzJrBd6pyhoeCzMsI - ZAq6pZ0HKjfVWP7B3yBJfazCr2V/HkOmKV/vPJT+oflE4f+PP5tTuvEWE5UXM8VX - nROMcxaNHLB43Pbh3A5neGgFm74Ha0tfWZHrZYnNCFRGbxp7PnfbKL+tZ8xtyQr1 - pQ+x1y8Bkxj1MgiOj55MmRmjxlVJ+L6zyB5Tw7kqsaBHiSDBWUz6SJz3pFD3X3GP - D/nkNqhBhSzFM2qxHME3CkK+hU4jOEkcZpHhsjL+pXVudGNHIByDNj9lqP7vswg7 - cnGN7QIPdpBdvgcFg4qZS93LsLJlqhNDtCwd/Ut+QNT6xE51HflZ+3/su9FEjUFK - ZMEtAu0TDoaf7iV9VyD84wjLWAm1GVXpDh1/WuSUBifMfTyHXyLN2y2Ja5D1mws1 - g2ywzHBW/2e3gUzYSd4JQEWLYld0kZhQ5V/Y9Y19jDpDUUgxkZmb5dnHRaGwmyx2 - 7zReKqN5NF2tdeWsUMibZkEQdib0n+WnzuJMYwARAQABiQQ+BBgBCAAJBQJXw9ob - AhsCAikJEE0ekA4UwcwEwV0gBBkBCAAGBQJXw9obAAoJEBPa2Zx+QVGcxvwP/2aI - UD60sKExN2fLXj7mMZ/wWlDnCdqvTGD7lrk6r/fAQcaOAgajCMEXOPZXlPBhdQ4j - xD3FLs52CNZkcwzXMbspz1lfIOk2U1UGhmnAyriY4Uf5cRu2RPR0HYwOBB0xr69S - IrsmlX4pf1AnulE7CIY/oPBjB2XQRQ7ls8sMqmm+0TxRysaosHGu7Vbez5iKBm3p - 0rEh8TcVkgMivdUPue/ip+mCaDCfGeAiXLXWtiEiwaS3Pq+QzHhZtBvShWlc3k2m - CFlrGQwovPxY5SqGs6QwifrmnGSSlyaAorDZcQEkZe/HP2/qXKb7uBD3/r8t2OE+ - BZKwJxW2fIpaO+u8k5EXSDzuxRqSNj3wYUI2+WNQzBmAyOZ6XBX4Pz0xZyahtXCz - J+5deqCnEtJI1HdPSvM7STE6s6BmkhUl8weSAD+7v/HNPWvQXYFoeGFeqvoVOCqB - 7jJZUj+n/eUh9PxsOtwdJlvdoODuQIYyzuSapm6OPnBKg+v7Bp39Ym8j5Nfe3xqg - +O6CQVH/qx3NoFrKfAaLKGsV++jnf894b23Y/fgu84Myt+Kn8uOrO6jbBwiWLkgn - 0uzmO57bi/6F7aMQwSxcMcAY3DhCoeXkeYq0QRZZd2raPbA5r278wPXWg/U5bHen - GYX1COWlRehWqXkqR9ZJYY1hTT0/WSAK2ZLCGTK5tDYP/iiHbpeWlZhwgx9Jkfmg - L+N5XoAW6oJna3tozS+xVM5pxTaTNO24vnQw+XQxkiCFwtf81chd/oXhjWpLg/K1 - vF0AWGomN9yS5dtKtlWZ0H/3KeEGkKf9iRp8j1bVNF6mBhb8Xl+nKLWiqE/uezx6 - OYBFJuj6WpCgbmaRUbmKpX7P++JuOosg0n+BzzJYAIKP4+/FLL35qSpLW+DuWZaX - bvgS/OgjJUL8AQj8Nwk7ViRyhBRwSAvwpdcwvlAH1VfTHfpQ8a0jjN1Nzf8Tr9Ij - o8NQnsa+5y6Pmf6l40j4C8HPsMB7SX8ptFig8lnBRPtzEWj54/WtXJwGRG10XW4r - dQU5hR9Tufc+WFuRfwdLgrhPTnKGyVG9zOkTd9Cl4j58tEsju+m4HNkUN5goouvd - xHSe/dmA6cQAWf6/nhJ/uSM3aJPSUOtZwPZO7/NzsMgkwZTLXbehm+9xWMkPRt1Q - T7V5MgfxnxhVoIeoPAEYBo8t0P2GXVMNZdZkJPoViWGOei4iPE3rj6NBynIIoEZN - DEJ0OQOUe6Naq5AaG/a6wPa9+ITzKY8VR5KMf3XgcKLBlntyyxTgnHY7j5VrhxU3 - +mUrnwg8LIN9Sx4oWDks/SEB7KN3KGjSgczn1k3GIJRF8BhYin5Cuw/+aD16w5gS - HxUhIgwH2BbM5X8eopbp/csAmQENBFWABsQBCADTFfb9EHGGiDel/iFzU0ag1Ruo - HfL/09z1y7iQlLynOAQTRRNwCWezmqpDp6zDFOf1Ldp0EdEQtUXva5g2lm3o56o+ - mnXrEQr11uZIcsfGIck7yV/y/17I7ApgXMPg/mcjifOTM9C7+Ptghf3jUhj4ErYM - FQLelBGEZZifnnAoHLOEAH70DENCI08PfYRRG6lZDB09nPW7vVG8RbRUWjQyxQUW - wXuq4gQohSFDqF4NE8zDHE/DgPJ/yFy+wFr2ab90DsE7vOYb42y95keKtTBp98/Y - 7/2xbzi8EYrXC+291dwZELMHnYLF5sO/fDcrDdwrde2cbZ+wtpJwtSYPNvVxABEB - AAG0HkplcmVteSBIYXJyaXMgPGpnaEByZWRoYXQuY29tPokBOAQTAQIAIgUCVYAW - BgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQvOWMjOQfMt/0Bwf6Ah3U - WuUL1L2wChjHXktv0j8oQmL8CD1AUYkg+4NRTkZTm5ngZlNk4ZSJB7sonaEmzs30 - fw9zex8LMtCMnEHQYtFNb6r1M2QfMS8ZUdeaUNmlGHu8UnHqr+aTkQbQsvhs/UaL - knWlOWqdsM29Z311yGA3BdlGxw/2wej+AtRSazT4dEISP8K8xfnoQmhIVUZ33aMV - DF70iinmAfWfqUKhgRctrVMLgXxKtYiOeTGXDtm2dnvXTHOO3u0N2skwc6YwOxLj - 1XXwWL6KQJx77/2SqVHDJVeEkMEb9Wr/e/l1PggU+fYxLZ5/HWbGatNmoRFoYNuC - GlpBL9XOuQK98PcIyrQmSmVyZW15IEhhcnJpcyAobm9uZSkgPGpnaEB3aXptYWls - Lm9yZz6JATsEEwECACUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJVgBgE - AhkBAAoJELzljIzkHzLfiIUH/3CjMhhGiA11jVp6MUWLFvr77LhvWuLKMy9YRQt4 - TMOVDSUxPpnc/FeFkgsPjLho/srPHSjNdrmporLjUQA8pCg+KmdEAfThDK0lsgRG - /PxOi38t4JUpRzQb0NXE48EPTdzNOCqDPgSNXaq+csX6tNTRgF6+s0KW4qiwZJ37 - dG8tZW7SEGGf2kQsp9ck1JBdlv5OkcOFINn+AKuCUEQ6EDphZsNv/iDP7lMUp2T4 - H76IBBlIe/vMhJpuM34E9iAjjsD4xTgnJyhdoBScxzSXltrp8Y1oivOu4ThoBmuU - /mj7uaVT0ybRAmp2pjFg8CKmUkatm/5hcfV+nm54QreX40a5AQ0EVYAGxAEIAOmE - sdopOhG5H8TtMd6sGIKMNq3AJoRM4o5NjbNEFClpDfan8XZcgYtLwJzbv6CtlIpD - plfRk3js74AXIUcXwMf3QhdkWklHdFvzOBdPyOctfTwMzfV4QJkedHMWEaU6arpY - BSWoHcYoI9QJjZzh5NFfKhcu15PGtcJiiPjnL9ia+VmuWicE2M8EDIeI78s3P5Xt - 9m02w3s39caucttx018135IPUQ2ZssnxG/LKbGC5PIH+Rr0l2MccihAQnovXroHe - GF8Iem3yILQY9mS2L0gyXQ2gnTb2MmbcmrWoRx4QGfkflAwafoWrriJfBOw7VMw1 - TClbHymO9XvBUjGMjxkAEQEAAYkBHwQYAQIACQUCVYAGxAIbDAAKCRC85YyM5B8y - 303oB/wJLYJOsxAV2GQYS0FeYviJ8PxQcWQFEEaYzxkvZ9ZQFNldPyat1Ew4rq1w - +cpZoK9a8qvSSe33vSP8PICAWYfyGA6LfJy2KAV5xUOOOKUB4IkyrfyzW1gpiIsN - sF0da12QD24dnCreV93dDFwQQ7dBqZAX507uHyAA5eUb6mjzseb4TTDPizAgHz5L - fsnOvH267QtIUN8kJMr5MgoZrlSfwvE/HKr1aec0OHvbMrsGJGJ2T+zjQpw2h3zc - 0zgef+xsZ/ItryxLQXcwTRL6hxIw6K79kcc6LCktg1vBMnuy1nEayuC5Z5P0/5qb - FsD9iUr3kt52y3C835Zwdnt374CumQGiBDzS0/URBACREmlUnPeSzfnC0m2oQV4e - SzgYjskiLfwZ++Ql3zErPw0AphH7m95dZwAscTm3CQRHDDd/RYxkJMAYA+jmw8cV - X1rXtQ2URRmzy2/I+qBU1NCPrqBjKRqrav9uhLCLGvEwdqWg2dqn8TMwNdlETbH+ - R0QQ/1lK8XtW0NiHC8I+NwCgj/8Av8ifdpVSnFp1QesTAVwdTbMD/icRYOZ5I94D - SRk5GGnmD+lyhfj+ejYbuVEgg2igV9HuXJMnBKTnuwriuskTreeNQBvBCTltHrRe - 1LujAtlsbixooTgUU5jkzY+J/PeNfLd1J9uoqTGQ7GjT4SMfKuetSRBhcRZYvm9F - M+54vsumKcXGK+qBfPVBHo1bk8goJxgBA/9tnrAoLIUPvs4d4ce9h5BGA2yG9Syn - z3w1l8Zr+4coomUjbJFV86ZWKPM6nyb2RhDb20ESkZnCoDxZY+p5t9c3aiQJKQQV - 8Gj0tj3c7/OKoyMePgabH9752Q6upiZ5Ml3mfse/Kja4THRoPEjkQzAn77jxfves - KiEh+fu6gsJ3cLQZVG9ueSBGaW5jaCA8ZG90QGRvdGF0LmF0PohiBBMRAgAaBQsH - CgMEAxUDAgMWAgECF4ACGQEFAjzS3ywAEgkQ/8DxTITHG24HZUdQRwABASeAAJ99 - oc3W8UA0Peqdc5cX4Lbis7hI5QCgg7U7yZqSbW1bRDP8kufk/86S5g+0GlRvbnkg - RmluY2ggPGZhbmZAZXhpbS5vcmc+iGAEExECACAFAkRka8wCGwMGCwkIBwMCBBUC - CAMEFgIDAQIeAQIXgAAKCRD/wPFMhMcbblBiAJ9ggPC4h2/eyMlfUlypfFzLqQki - LwCfd83Ub3FN2C01OLRovTWsmXWBaWC0HFRvbnkgRmluY2ggPGZhbmYyQGNhbS5h - Yy51az6IZAQTEQIAHAUCPRc64wIbAwQLBwMCAxUCAwMWAgECHgECF4AAEgkQ/8Dx - TITHG24HZUdQRwABAbmqAJ48Zhf7b9JQWWEiVO0m35yrUG4/7gCfc5OE/gBTg9P/ - 1C/5UFC6wzPXtdy0HFRvbnkgRmluY2ggPGZhbmZAYXBhY2hlLm9yZz6IXwQTEQIA - FwUCPNLYtgULBwoDBAMVAwIDFgIBAheAABIJEP/A8UyExxtuB2VHUEcAAQHATwCf - QaJHzDZcMzhOrYjhobphXayiTboAnifEwKJ1DDVZxPxxWvxNoTvaPwm2tB1Ub255 - IEZpbmNoIDxmYW5mQEZyZWVCU0Qub3JnPohfBBMRAgAXBQI80tiTBQsHCgMEAxUD - AgMWAgECF4AAEgkQ/8DxTITHG24HZUdQRwABAfCfAJ4santm5g2yaXD29CKE/OJ5 - 4Sd5LwCfbDiwEI1mLyu0nScjBddGF9AiHx65Ag0EPNLUFRAIAJtkhGBrUaEVP2fO - 4wQpmujYfPc7+GT+Q0naKCXrMQ1vDK5ppsghiSr9TdVB3kdkev2oGxgsCfy2uPC/ - JuewQByYBmtKJuU6GDaRVXgMhpVwhcRraaDeYZm0GIDQEX3fWSlL07xxbzSZnewl - SqUEAznHjLGN1pq9mvPBczq2hrAsd9TPHo/IB9JsVmHV9GYasHUSbVWx1S6ntU2k - V2TyKpBS4luF1Z7y6yIWS9pwiZjTlWdUGSfUkkTu6sM59dBAxv9S5Q8TY44TUQfh - HQhcLTz84UurU96i6cb99ZmN5uq6IP6NPIumhOJAqPvHSqly+Ez/oSzSyUoyZ0Sa - j35E1C8AAwUH/0tkQh1bn/BhIyBO4S9z5wQfI+ZpR7npeKZ1aYQUjFzbULb27Y20 - HRujvXljFPoWB1oJO+oXULkCaNWI+72TYXzKRDqYWMaubwrYe5dHJ4hEDpmpqeG7 - W425rItDfhz2wKORc9vk+eHMHGZZhKamurmeH7hrVpe33BRfts5yvYWofYonWGF+ - KydBcrMp3AMbKGQMSOwcBiSpIJVn0HYJFIOWmthtKIMqfVmLWS2sqFKITbBKHBem - P+97FVAc82dXxj6irB7/jBjdPX5/5B8HHOXWeEvuHSjZ+6efXFrTVbeh2u1alB0a - X5kz4cb8Fl9Oziqc2Lx5HLgfkKiWgDAu4YOITgQYEQIABgUCPNLUFQASCRD/wPFM - hMcbbgdlR1BHAAEBh+4AniTeOAdNc4fOd+lc1EMiNmo8+MkQAJ9cCqXvdHcqeQ6p - c1DsXNhc4g8rvpkCDQROjXEBARAAzeS7Rq/35b643de5gjparUQdurY+huIwHOVV - EWG3o0Bm22Mz+S/nwi3w6NNTGCyOo335JX6XA0R4dq/wArwPjQU01az/l1/PrPPm - OPSnv9/a7eDVFgv7fVGiJFftID9wz2EANhrHjhsGhfFe79wV6ula8KMldipQ+LwG - FGoSedlcbGRvvyIa72Z9jI5gMm9X482WK/+xl+evAinUWOVWlRaiyl3Qu2c0WTm4 - M0fN82mt3KAu5d3BUbZhkZrbQ4FCfEdzqqdl/aHvnspc6Zp3RGZMxj2YiPdFZmXI - b7dV1Cf1UaUcD8Zib68/jSVlZLcw1NZKGrsjposgdnDuvkXEjGqECF/k6cqiWfeq - 3eirBwsk6HRd/d8bO99FduKUSV0m6iacgTUzo3dk/OejCPQiENEkb01CRrKeMfNo - /t6yb0ihkwpT8BTiZCdCmkMjzCGrnT9D3bKlC0qB14gZN5Pso+rYPQmvOE67Eqy8 - dX7zOLAGaaqOaS64g25e44urVGaL6ltOjEU+6xQjIyVtAZPIz6dq/+QEnY799y48 - b6/vcHmByef6zSfTFFcN615sg21Ie/rgJv9ntuM9usROi7MSQfCc3UakUjKl3X/C - bIrkC1qSmQcGKISw/hCivm36ar0wBx9/Vyz8/h8dT8oN/p5HECSB7GToh+bp3kMn - +aCHdDEAEQEAAbQgRGF2aWQgV29vZGhvdXNlIDxkd213MkBleGltLm9yZz6JAjgE - EwECACICGwMCHgECF4AFAk7PxLgGCwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2LNpn - 4vNZhm4QALEBYT7YFCeywswA3PH88h951uia3Cc5Gn4XBKbQxQQ4QRWHkrRhmINR - qc7SMBUfxUtYnT+T2/Ei07OtRzKX1AjKN74mF+p7s8i7JCM2t7Kc+/xSIZIhpwgb - f4OOjtUQ3RJoYjlL+ke8YomX6geMZV/IXN2nqj4a8CYkmzXCi2dg7uWf8v/p/hyk - /DLYlD+HwxpRG6ANUkQ6zxTxgnzwihrnhaNsu2PAnWJo9G/Tfk8o5JuTRBn5qGr7 - SyQ0PUG5s8D2IPgMaABHhpoT9mYvVOundroC2RyusS9xzrTJC+BEvLZ+J3idAvT7 - /TfjJuOrPpkr2BUIZYr4MF+acG0QQUstsJdp7V27iINNN0jmlybbCl7RiIO8nCSf - VRssgKbfJMnThvMGjYSSFPUz25gIgH95t8a/2rGR5nnBJQYbd+1Toj0vqc4PIuSA - Lk8bF/fr0s1DwKUJGgbiUYA4moIY165he7/RVGVwm5qM49YgSaJWwintDCGox7kD - JMBfOz1n0FVi5LLGCHmWosLt/CRpb+F+r0ix2g4d5kIU/JedT1kU8dOugLVb5bLu - isK28h5J06k48VfTkzkSjOb8Nn4w7q78RUZ2zx8Ny5Y5+BFEKtmu7Bs9Pzs6698D - HSaeZzqIuSTgn8ddu8iBjHZF/sw7wrZO1z2cKj6FW6bMen/bX+HbtCJEYXZpZCBX - b29kaG91c2UgPGRhdmlkQHdvb2Rob3Uuc2U+iQI4BBMBAgAiAhsDAh4BAheABQJO - z8S4BgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdizaZ+LzWbR7D/4hKUfh04TLD2ZF - sIWxrgEE/661lHaYZNi/rJAkhX73+bpPP5aVuWiqvFkYbcIvA4+PzSi8KXuKiLSb - xtUDgqBKPWI9Zh2cOj2Ykl/+Qqp+TAPnjTde5+lc++MUm7K0QU2CJQZwvRwnLtwM - vqsj7dlF37N46oSOqcPb6JRsDmJmoJUn1ylZhjys0qAw9A+3VVxXIIacsf7Oxr+5 - VDMTJmyclfGwbsAAEyYYEgopQ2R8Z+bEOVTdDYSC051oO0KUHidbRGU8/un7yM8R - FtZSoPp88O4wdWyr9xbahSr4LYImoNUGpJLQQKf+EtMI4pKITDs5Nkl8S6q/Gkh8 - nhqleuVQ/jT35Uk0T1qzhX+8EaUAs4Bp/kUJ50K+V6C4wBMECoMDHXyvmgkKCkb1 - 8g7tMgv1ea3gZXcOU7MUvhgSzcndLKZi+taGTgmO+bNNdOnA1MAxMJpoU45cWpVy - Pp5nUg1E5/joQGW9VDJFLkoIArO50e2Ccx+beDPtD20zBO4Yga+hfrztlAP9aGUA - r5Zxu49MpeClqTyTnCoFyAMbAJXSjaBEcnpIWghaUZinyvnneB8JpK4I4zjwBgwa - N2+D6K0MTDJjyYw/bkRa4U6vv8L91NTH6avCpMJMdo9SeokLVuPGXxAH85JfzeK/ - q1bnjrGBca/HJSksT+3wtj7XCAKIKLQiRGF2aWQgV29vZGhvdXNlIDxkd213MkBr - ZXJuZWwub3JnPokCOAQTAQIAIgIbAwIeAQIXgAUCTs/EuAYLCQgHAwIGFQgCCQoL - BBYCAwEACgkQY3Ys2mfi81lOqg/9Ev3xFwdEWPZdknj63f4DruELPC7GYb5aY4mA - NzmsLkl5qlbr6+JtTZOyvM5wmR/0zD6me3e7YvMWC3bQJplMExcRJVlTBrk9hdie - P/0CGaY5iXFLLqSVbKyNNQ3BoES6vJBX4OAgnD5J5NmCy7pnplHF7hRiasK0YyCG - 2QcDtMdgq2AKkqRjaQ3r0kBblbNQbU1KMhVfww890wYIJ/1H51ep3IkCw9L1i/0C - 8Z9mBQbUBGW8k6Vd4wtvnPYs6LNBXHuDX9qZumClEALfdIx/WIQZZ5OIhB94FSC2 - 06gP4pgMFJb+dgOrQU6Q46y8rRsArEJRkQBS0m1Nd5hTxYi+O5V2igbi2vvMw3ij - emA+nEURCJku7/qb7vXhtfUYCK+9XUUIHkW6IadW5hRqt0+O24tnOsoj5yZWdbbS - 2tpH44F/lFO5VRhKkKVy+j9D5+WXsR2NLnujMpqLVezIZY+5H8QsNp9+nPXKaLy6 - kfg86Ou4C0gdOXY3M9h+j6METzPOehhPcU4Oep6uwdogFEP85cQH/YubpX/xrTmV - VcXJPfYsDoR/SEvCN0ZW6HBRbXs5fJrCZeFwvAG+ytXJ6CY56vp9n9fHp1n1+WuE - f8eMBJvWn9IaZYa4fUKNPp2FGj5eCRS95onmKngom8YL4nzEN2qRQ8edF1Sz9H78 - Osshh5+0JURhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz6JAjsE - EwECACUCGwMCHgECF4ACGQEFAk7PxK8GCwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2 - LNpn4vNZjlAP/0QmueyzFVNlUC3855fh5yDLpnucSwCrrxBZzudRu6bMbd3eTNaf - 2WLnIstHqQS+PWDnDq3tf2k4btROqkJizSPDvajME+slM0mTyuTTT9HbhE5VfgGN - vW0FR0sS4id72VLsycjaho1NP2/JNXTs4tz9qisq/eHIjp2vJbjcgNUBdAGoUvsf - 6I/O3SZJM6j64LBjUbmm6yZZSUtQCTzcB96cEkKCPoXRatzFj0xHEGmCCEFWrTuH - KczbC6VTgQfGOK3N9UeaSplrR1mEBij+M51T4rXqQvb52ko/L/UoAPNuk0TiRQs6 - YvQTy16cQEszkJvxBZUTS3ifSmEVfaWt8f9sbVfeWPm5USIG/HwsiNNy977wbbao - BO25C+3rC4W7rFKqzYsRXnKKBWiTVtDs7gvQBdGqWRwJMj1crTDFgI09Gn+N/Xth - IcC/STvJdDgaomxuv9oUqM9QMm1x8jVD+4nnEYPWpV4mtxjoA+gIW+Vv1PGJS+39 - +dlA2TEtDzJfGPE3YF0jjy8ycqw+y9ar6+nnspyrLafCUybXCafQ121+F+zIVfR6 - KKr+Xy5bdHUVuRWeP+EfWnaYuevRoMsY+29eURO6hh1S1ZYukpANJP7Nu2onAPOO - P2e8X8TF23ZcYcON0/sneMnnCuWLQ/Z91ZjTDu8BjbCYPWqgUuD6f8Q2uQINBE6N - cQEBEADahf5YXCjYAsBznLgpRFL47H0ThjvxJ7LX/bCPTo81X8T3u+kd82AFr6qN - yc/da3mVBJ0HUMqOSGXTnT6ncvlxe56HaHX09ZWc9yONa+LLhWMvHh8cfS9Z6fH5 - I1WP0DrtLRofO99K+gGE8GflaETIoqGVCcKbHwcmBmyfJM7OcYbBNq1vMj7vsF6I - VyYGsGCmLoAwjuZX3gO/mZSwiJGY4XHQQx4wiRLmhxl/HvcCiqNOZy3FaD8s+KBZ - hXoOeAtj5g0vQleRcoLp6fWEXBz/eSaAC3y2P9egj7CWjsQ/8ky4dEq+96VD+Xr9 - GE0cKVFfAPDSCbC2cHBfFbLBDXlnizLgqBWEjJJ1jPAcG5pcdk4YlL0Nh73Zkp9E - uB9nLs5bLsWsmcNBCsHXkgq/GuDKzkWzmVhgQ6YpdIM0PJ+ycmys5mErZjkU942R - JID9xpO2tIsBoWQT5w0nvAOejjjoSFMVGIWKRwMpNyXo/MQ8IovahZwn1B/1CQgb - aTP5unmAgyYgQ5bKvf7QVoFB30tu2SX9c8Inx2ma0tpI82GZXmEA4Crgok1q3LQR - NO7TVEmE4I5c37HkWW7z9oyO59KZLI6jCQKcIZnTuNu3viKf1GC2fy26QgdnTZFI - 5VOlfRYbVzu/V7MrAG56i3lZjEJ7uXhBPNugxMXtxoegvbXj8wARAQABiQIfBBgB - AgAJBQJOjXEBAhsMAAoJEGN2LNpn4vNZDq0QAMeOdXlaM4pLO6spFxElkUK7YwSD - j2oaI3DKDfsMt5Y1cM1pn6DPJWFE0+I3HG7KuNj1ldcxDQJ75LQclgS0SJUkn3kM - AFkZRcpB2rbXYpUoN/9dZyiPFj689EgqooiQVVv0mbyrnDMJIlQ3oj0DUGUfAY3K - XBVSameDnIadMKsPauwWIuqaT6BookoVYajEG7meUs4fCIG8Kwi+Yz98dFScQbkv - YSUGC34i9g+35KnQ6ZyY2n7hYQHRizfkuYOPk9iF8YLMaefw+SDGu62EH+eS5Ip5 - crNwNAzjdETHRs3fNVzWxHt4+8KYI+nRBBwSeQes+gx5IYPaBJ9u16Bb6ygK84GA - pgxdYBT6d9O8GST5VSFFVa6bZDW2Gr7MUAW6O4jFLrflZx6qqef86AG/2y36pZgr - pfTg4CJszLSncTxuLQS6fKxSuaoB+H4Xn3U0nWDkpmG8tHCEWZkPktBcDebp3K+i - BGH/00oy24sTQPzj/m3z4STzBmMFyIo7/9Md1H0PahgTYbVDquDP2+uEIh0Bh4sx - bw5VudBxre4VpVxMLfun2alD019JN1nTsCLsvknb6A2zyEb/bK/YArPkgC0eK/uG - x+tSCVNJzJwdmtyx6lISsuRWgamakejZAQJ1RsYey4uxchVoIBosEr96HGAXC6QG - qUGpmp4gd45ZOhyRmQINBEvFfPcBEADU5bFOcbVCBDsTGq3D+8AnA933S4iYvxPw - Z2eRaT415jXQs91wNTpVwgY3xRzkjThXyt6FV7Cd+BdS4YvGHMvqKZCOgVnrzpxe - Oqy7GsC10yfU+dA7GvZiY8hm4tw/bdkjTsQQeWePgWoCgmqpadKAn4iGh0u3fBZC - 7p4Z8Jsf02yqUFIy48OxKf/aeV8W5sTRr1m3HDmbjtUw/UbUW761GIgR11BxcPIa - MaN7WAwKHNpIUqjIZyZ6z6tGGQ3fRwTAJwi1SROEU74DgRtRHn+pu2kp0pOsD3wz - 8yT95gL92CC2hkitTZB4+3uglmMvuQ9nwQjadPt8as3fB2mfGK7c9tLXMIq8bmDZ - w+mWU/XRbU4vrCdQVyWH6LUI28/Wnj6LUEC6hZOnmiLSll3bapo0eca3LV9NVp0G - aNy8QX7Op2KwE3mWkN4F7c2ZyGQ8MaL6qLlmE63Qe4QFy5wJ4H16NCvXHqGxm60b - nJy51NmQJGd7YQeDa5AFbgFJ8V4Bg+f1LfIeh9rpHKiuZRPZDs8yxs0kFOQOjZ4u - 5HNn2AyuYvibT1CXj0X8OHzXpQ3SylBy+LE4xEnt6JPkQjXahwEwTotUxTJbu0fK - 9UvBB4mqzITs270HSowzEofhc/5YJSxlxQ8a3dPBBRjzUeTfNN6gBrEV/7YalfDm - xHKEyFHepwARAQABtDtHcmFlbWUgRm93bGVyIChLZXkgY3JlYXRlZCAyMDEwLTA0 - LTE0KSA8Z3JhZW1lQGdyYWVtZWYubmV0PokCPAQTAQIAJgIbAwYLCQgHAwIEFQII - AwQWAgMBAh4BAheABQJWrk32BQkSbZ7/AAoJEK1e27eT7FfklXUP/2XzrCgNOhRr - DkonKQddWqzgz9DXPttmA9mNeXAM0gBDcnNUhFXiL5yjRyCmtmrjdiv2GE3yE5Xg - arCoyb8tTve1Ps9ouzkbHQomDOdoTv8maL+p7MovSXr0jcJow9rVIdSP03BdFExZ - u+H7nXrKoSKcBFIMdDVznMOGBO49Z4dXFeDQgZ8xafDpB0KqCHKMf5PNQ7iQ77uv - 3lIVFvX4svnPP5t0FEmFmwZ0YaKbRoa/I4fy0jHCpfCtEEtmrUuKIuQt8uzpYpo/ - BnH/yqXp/ajJ7x/P4n4IbLV+HSkX8Pxfh6ABeilHKvwmmNKYrNl2vCnYzUyWOyDF - SEySxHAEN6hLdrExZNXDaLh73QKN/y8bl4sh3Ehml/DBhbktGteUBHt5M09OHvu+ - AYLpYx0iZUGzUd6hxkWlkJ2kPeToMcKfRLNGT+237VAvbGaNrXwFZXELwaptL22X - uu2Tfn403/aD9ssk4L2v7GwJPeTQ1U9xH0742eWJf7OX7UMUoCG2HJf7Sg2nRtIg - hK531cE1cv3i35EOHeVWClTeX2kc/9hwgzXAMWKrEe/3OMGPHQNNRsnPCsJHjhUY - PRvS1pa6k1nuid8IZEeWskDT2PmSNWJQay9oA2ojcFua+UC/29upvBqO0O+/CtLH - YvinLANDShtEZJ42rwbYEorT6OO8YIwbuQINBEvFfPcBEACtCHNuOn+pZjBOWmW0 - rqCnN9Oywq0h0Twk/UsqkhAijImgXrZLMoeylGA+UIsnuNl6e+x76Ke2z6H0Jytw - IZEi9EqqZa3UhpN7JQ0ddNzkzE8tvYdicPdcXkZ99KBcHoPd25/N3fNJWJmbBv/b - CQMW2J/zRo5QPokOjEl770xNS9wcXmA3ptTKbyzfQ4Wh8LALrJ3F9vZw8GsZFAmF - NeMLCJ4Qhxk3MjCoQdzzRSTYEu4c7eYbE+biU/ZUgBMJH4Ed4urhOO81d9dDvf2C - CdcJdftAYy/ACtTeq8tc3YzG+E4J+uplxxyD+IFP8U8Q5TyWdb5AU/rAWa1UdpwZ - IQiaJfy4E1x+ac9BHAD1BZaCMv0fTcPxYm8m67GYUfFqRaI5Yd9sPvuzF8IDs2bo - Nl5L60ce8ROOBtwRGp9daOHmhIlRKGoG7FPc1dTGjrVd5lWgzet+CHnWZ+HKYsNg - W7cDo52Dwa8BjenK9OUxvzTNzwmz97cCioufv+ysUS9DY9tl7P0eHR1tehTM7HSA - n/lCEU90j5/f/ozwBR8cDF8lLSMXlKybudjHteLFA/2/HbzWIEWVLpckmu3Xxpw9 - EF9xoiQmbJTmkWEIBBSLAALYtuygBbiGUdwPBeJQQUYliNpdgrwKXp9OIB8NFK99 - DvG7xB61569hUaekwnmB5uEU0wARAQABiQIlBBgBAgAPBQJLxXz3AhsMBQkSzAMA - AAoJEK1e27eT7Ffkop4P/R97j+X8zfPt9gsABnU5zHtGS6jQ9Ahax+q0Dx0Vm7Wv - qH8DC7RsSGp51YflfS4S3xNVGtQTUSV+z7H4cFUSD8f22RnubLUKOplVup6m3Dqz - /Nosht8sU5Yo2mFmRNMFGo/gJF6vtqX15rPpPh0gHsEi3Toa7qzegnIVfuU14ZND - tRnn5OmuJfFP9xO1PxIwqi+GaY06zkKbcmSw12xOwOCEt8kv4FGCx1FiSrFdHK4G - fszvtzOG6VPbAROnERG2AbGQPXO0+m3bfYxSv8rxepSjo4f/1sXbVAX5AgH8wtcs - iZLq7D+UrTdRe27dB/PmN+L4xz9UEmU//1rLzxOBfyWLfITF+65e4QZkrxIwVI2M - 4AVB9pAb+fSMmWMb4IU1tuSkeJT3k/bKeWdGVbXrDiSgd6XChBeui+Td/KR0Hbl+ - i3jeDm/6tYeCob4XQ4nhJ3dI9gI1S4YXJgGizhZmiWqipA41b12rQAB6ieU6aE/N - OX7rwcNGaCwbyCgDOQfR7fiqxVF2xA8som/asBwAUWFZIMEhfijsn7fpK/7uGoN9 - 2Eqfxvcwr7Rkp+bhCS6Wg0q+bgBn/02MB+9Uk9Yi9O7/DI8CqpwsiMzZ72ZMm4pT - Lp8WFmqbxePWSxr4JA6XmApmC7sSlH75melFC6MCwaxpoRMbeH2mDhAfwbjXSPMO - =XUWN ++mQINBFSu9kEBEADiOZ6fVyrEyePZIg48FXmKCqexKWOUIAOYLwyVbU7OjNrEUmj8 ++Ywx9mMQACJJPcgUjOTxgGi0N9TBJpWlFDxAXPRdPr4GsPAq8wh3uVncC5qpaRdPj ++66/nZis9U3zuRufnYwuhQS3GBbFrV282aDz7DOwFUjrc56nfKj16i33lIgd6oNCP ++7hHN3ZkSOH+bcAdyhmX5jvVv3OxqF6uq8GAHpCkE1piERdcAVkZfPKdf7pbE0pD2 ++BHGewoNmRucm8E7I4vP5+xUj+VsadJfJxD+FXDfGDfRtce46RiEh7VJHPvxgBoCU ++Gnvqjc/4z2gkD1LE/yPpdaPe+UG1stE2XV5ReXUQPxL3mMZXOai7QjTwcYlGY4YC ++YRhCMMkkHxRHpEefibTIJBlmChxcIYRGBJE2Y8xQ5oiyQycGqgJ+oSJ8ZLUBOpmB ++i4SKT0yjzB8cIB4w4ayOvp7DU0Y9+O/NRAZFQ9GC+4TlzebpZywMmSBMfthb0/xP ++hB5uh5VjvGnCQCn1J396hC+lcZeMQCQLl0mFodcpu3GvGUsdpXtxOnXv5VqO5/iz ++fPNeGNCuH2iOI3IRUEN62yjDM35TGBbJsZ4W1d56pSZSAumhXyI6Nqooj+fbj52X ++4ljnW0fxxHwMb3c33Fgv8IN6uya/GAhkRUOum9zf9gyEJZUcNnRmqadCuwARAQAB ++tDNIZWlrbyBTY2hsaXR0ZXJtYW5uIChEcmVzZGVuKSA8aHNAc2NobGl0dGVybWFu ++bi5kZT6JAlcEEwEKAEECGwECHgECF4ACGQEFCwkIBwMFFQoJCAsFFgIDAQAWIQTl ++yjMdRKuOTIBv2+4mEBti9pN2zgUCWmhlwgUJB6KMAQAKCRAmEBti9pN2znltEACa ++MD2eE28dV/wMu/G/3u4uJ6mLvb6gH51KC8KKUG2GXsnp3Bcx6RxEnsktOTRG8Zdm ++Q8Xk1QdTh6sREug62MgEKXPsNudRxzcMteISyvYAR4RkrZuHAHRxboRxB317AfFV ++iKon62bFvygOgO4MnTgfwXr7Zvm/gPONzFZgH7sdTICQXOylgce6NKojdM96FJ9F ++39A2hMcFGkzrGKWvnEIRKPngV1oIH+qfrRjNXiaSvHxpePkp/QFGXzjCQASEw76h ++2x9YytkhOkrOkFVFeuwPXCyenA3w8XOfzkRku5nuFmyeOhE1wUdP1zXDSI+5+rc/ ++RV/FnQ9z1XvTBL2CypLJWANH4qWYF8cqvTP4RZBB5nTof/l9gF0+7qASYwEqplk7 ++0MZHCjgadi4SB9I7w9j5bJBndSeNZPYc2w1eIPc6v+FM4BLtUU7VnTVfdhX0TY50 ++iV7Y1rF3glJbWTG7btmEGRTX1GZWJcfsS46jDKqBW5LEC0WxtNFfPn4La5dY/VzC ++cVxyZdsz+HxKdq23rNZRLdKdSrTAsGgjRJIBevVa2fw2q8YXRVwtWY1dccr+Fxmp ++kSamoAlLH98HNUxDpkr5aaI0h8dxhMqX15esqW4UtdbGKxec1bC4AbJHzyCTNckd ++naDR+/umd0Jh0UmgccQzQuAy5X0t76Co6RSOMigqsrQ1SGVpa28gU2NobGl0dGVy ++bWFubiAoSFMxMi1SSVBFKSA8aHNAc2NobGl0dGVybWFubi5kZT6JAlYEEwEKAEAC ++GwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBOXKMx1Eq45MgG/b7iYQG2L2 ++k3bOBQJaaGXJBQkHoowBAAoJECYQG2L2k3bOrfcP/Awnvbjd0ZRBsYeGjehzDSBk ++SeTMalsX1OGVeY2Muq/bGwc2MUQNOuHLXhpO0h0R0uaZOj8AqI2omP+kfvIIAp1l ++hH1cS+wAuJRMGimOJgaqcXBo6EZlCsA64dK+vcAoZiKlmQaYxKvXU1gv1fDcUczP ++b6g8GAPPL/3XJZ7TbrAgjWX8hWmveJAS1T82EZ5B6T7mQcSQfcPwyMLikdgxT0Wf ++G9peOCFXf3FbiIoElK8tN3xgvFwMc8znv4A5eV2Xq43ZpDV2WY6KphUxSL8Jozrr ++IdsQSp00jLkh31b9KGHN3Hwi4ig6A5zihxFJFWpqBpWbaRR7J8/YCP3uo3/NF7MT ++uOP0OuJ/7OFnpT2laDtNtg+apxnJ26zSCvcgUbhxmWPNiRVK36v799jjVpJSsv49 ++or0Llnk7iZF72S3IEIx59EhpQOha5KbhKjjUBlEHbrCLFaRPgsU8SVeu0HAevBY+ ++O23oXjW0OswgSAUDADICGj6CJEvz3CwVuSxhDjHUurIB3oSw2KQFba6pVbPyq2n5 ++JJ387ZD6mmYrXJeTSMptPoWXxqCB2EK3eryp/ns947yIpyUQ/U0/chXpcV0hCafw ++32QkrM41aej5/r42TwOyFVUnPZzm25BzLEkx1m8FcQJDkrJf6XUwiqzcd5KpB3hl ++T5/rF40Udw3RSryKNB3v0dHq0egBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYA ++AQEBAEgASAAA/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsL ++DQ4SEA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU/9sAQwEDBAQFBAUJBQUJFA0L ++DRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU ++FBQU/8IAEQgAYQBQAwERAAIRAQMRAf/EABwAAAIDAQEBAQAAAAAAAAAAAAQFAwYH ++CAIBAP/EABsBAAIDAQEBAAAAAAAAAAAAAAIDAQQFAAYH/9oADAMBAAIQAxAAAAG9 ++fPO/GubSEtBlGa96w7AivEFcmWBP87YnPpNAfdeJLIrVB5bw3TDYD3w4bu2LTZXY ++acWOgVnc64Pf8Ec9x669KlsTzp6t1iYG/tSFU0r7naLuwuQl12uih5tA9jqX6uq2 ++jvAzpGF6McSNYyGJiilQ83NYWhp/p61ZWTds7d5z0VM584dN0L7eKFnVdTHT5L9N ++lFkLJva35/0DrrVIVyK3lLNTL2PPsXHG0OOvT44MFAwd0xttYpwTK1Q38ZNWPTkM ++3fF0OIvQZknQrAnUwPMrh54UPTFkg+osm3wFrVWJQNEvXACUD12FzzDoYjPXeS7g ++nWSR0nGJtlalBxLL5HGT12juo6HcKX+skxbGBn/EvUTEoWDLWe08e6Foxw5fK4kD ++5o5msxQloUADLA+1dXbvUH//xAAmEAACAgICAgICAgMAAAAAAAACAwEEAAUREgYT ++FCEiMyM1FTEy/9oACAEBAAEFAh54gp4AvUZvJ8dYrKN0sFQz7ztyx4H0EEdgn+AV ++sX2K5xi+MsfZSAxnq9LIzmSBbDrKZvr20zWWNhGTtuhVrgymkEXBTUUEP16Hjdoz ++XaovSqyv7Wdy7mp019t/4ZaUE1EkNSPWK3fUv4zdhDteu4LYesShtWHx48tCNjsd ++we12IVFoxOzQbWEa8m1j7PtqjS7NtA34pW18MuyE6hX+QsDaHjY0G2XFto1jW2l2 ++AM5shS9iWprwqCszeskE962zirt1Vu5q2ddQPrfOlzY1Qa7cTYzSMVegV+qKZBra ++ztqE4yxFsNXuRva2xHOTswprhrbFx4EkvFtlM7guCwbISTYggUz0un4y2PsEWBYb ++JV7n5fuqeLdGb0W85DjwH/U/nIjETZniFxAQMxirnTNeInc7CEBH0AdmNqlVeEfT ++md2/Z53xGePqk7HP8g5o6/v2vkyYXduNJeTONiKtYOWEOePK4R2EWDni/wDeeTf2 ++lz98f9bP9dfA/wBaX9LM/8QAJBEAAgIBBAEFAQEAAAAAAAAAAAECESEDEBIxBBMg ++IkFRYZH/2gAIAQMBAT8BSxkqhfFnPNGIrByOxd2cnJUL9stfZJR7TLbwjH2Pb+oq ++TF/dmv0wjPaOV9kYOZSXRQ/hh7TXHZtbR8SXpx1ZfZGCiqJad9Honkaa4EbWSXyj ++ndIeUor62STOBrriNcskouqW1EVy1IxIZPTjfIbjWTng8jWt0iMs0KHE620MT5M0 ++v0q+xxU0eRqLRVEu7NFf6Kx5KONM0pYJan6S8hRXZqOWq7EQbjIvOCtmKbHJsorb ++ojK1XsYt62hWPavatn0IXuW0tl7frb//xAAoEQACAQQCAQMEAwEAAAAAAAAAAQID ++ERIxECEEEyJBMlFhgQUUIDP/2gAIAQIBAT8BpSxlhq5DFv03olRg+oK37MZItdWa ++MLqyKVTF+74HVb7HJkYRlG6J+NWqRTUbiozo1FCcdkqcaZOLqO8dHtTJSVzrQrJW ++IuKj7iNWUFaJSpQpRxpxsjBS+on4cZEv4+pD/mz+nSppZO7I04LSJUKc9oq+P6c7 ++LR38opoSb0KDH+CfkpSdNbRlkyLMir7omSnsjSim5JlhuxFfY+XL7iaL20ZmSkmi ++FKVNJD/BcZf06U6n6LnbVhNofZHxHVpvuwlOldNGbkrF78eXb08I6MS6RdrR41F1 ++5dkXZWPM3f4HjcXSMhTyjYls2QoTqOyKWFBYkvuVkpwdy3Xei/C2OCexRSLsTPgq ++fSyV7/ji/CXZLm5LRPLvlbESf+HolzFEnx8cyHwti0S3w9LmQz//xAA0EAABAwMB ++BgMHAgcAAAAAAAABAAIRAxIhMRMiQVFhcQQQMjNCUnKRobEjgRRDc4PC0fH/2gAI ++AQEABj8C1VvWUZG8RhmpQZZ6viUTp7sLdAlundSLbQbiOql2GgnXK9mY9Wn3QqNv ++tHqJz9EHkWNd7xVxfAHpRxCE7x+KFy6KMCcYVwJiMoAjXM81YSZ4f9Vt4z6uqB2N ++XkKjdP3TA6kwt4mlWbP0KqsqU3B7W3Y94KnX2l1MiRjVNe+6HZDV7Nv0UFlvVuFs ++HP3To5fq6nqsZ5ZwrfD0Kj/lHBUm1m7Jky5u0Ex2TfFube2qbalB+lv+097GWUb5 ++ZQ4ALOvm951p7yve1k94V7XXcZHBbO51Dw4/l0d2e5VgY2nSbmOyaGez9DJ/KnLg ++3QLZk2nqVLTLVJT2YBdjKaTdS4YCDKTczo1EXFsc0/ZH1cUQ/dB3TH3+35UGAOSa ++9jJcNHoUaxEwtrScOyLA8Nd1WyfLGTndmED6qg4kJjKb3Y1eOATWTLCcTwXhWM3a ++IJbnjPFbd+eYTphpbp1VV7ocXHIKLGkbaoIps5K5zpfqZWTFenHHgjNS+dJQm7av ++y6Gz+yItdBzK2o3Xg7w6qnvfrgb0c1Lt1HfuJ91uq/iK+vM8Ft2Cze+kqjve0ZaU ++ZkStLD1XMoEenQjmENk2uK54Mfa09UTUe6uebiY/ZQHW/LhC+Z+JVGE3GJXhqjn2 ++U272vRNHCOC1u7rGDy4KVf75bHZAKSroXrjpqgwzZxtQtGQPJoGpMKx2qzlFABQc ++qeCc/sPutbR5eFZzeqQbrZJ+qY1pha5KpPHrqE/QeXRMd8dQKXCR5UOzvwv7bfId ++14T+n/kfPwnzD8o91//EACUQAQACAgEEAgIDAQAAAAAAAAEAESExQVFhcYGhsZHB ++ENHw4f/aAAgBAQABPyE9Z0rcCdB2bi2gtW4HmMjIVWHuYcUCU5eYwoKFP2hBbZQu ++19sFWDFwPZOZgcDQquaH+Yxs5203VdHuFqNXouUu6EZ+Z1hTDzTyxnM2aDHT1EbU ++VngsBSjk5PuFkJ5DWp0M5q09Mths3DHf6UTfwkPHrMbbXRvQOEmjDiBef7oFSfCo ++7F8nSLaqvShWNQC6XDUeXtNSX2i4ae6lqNVvt8EfJrA7V0fcxG1jFyP/ACV9cKBq ++OiUZC2wXUN1ApsETZqunJIbCqcbC1m/dd4h6PcoosA95waBemcygowzxV8n1CAld ++Ax+GOkInmlb5kcXOqMULtdvdZzsfDvL+5eXLDgwcETK42ClB5gsmWhGyDjvAo+hw ++1rIV9xwyiycHKe4fkg6SxlMs8Vz6mlZG7809IE71q2QhtMSziU80qOcS/wCBscTU ++FAae5nJNf12vZAGlQczs+e8aURa6ew/GYQRAvyXqXlqPNGre4DAcqcwxTNC4oUqE ++bJclbiDq9rKPMLLuULL4ivJldr7qiB6YFVL8gr8TptMS6eyMT0lxwSMNwp9qE2vL ++aYjvXMHtP6jsaTjgGggcJu1d8kFcDC9Vv9TEDAt1EJs+D+J9kefEfIF+uQ4kBP2G ++O5AgTyx8JjS81gCjw0bY3cFQ+JV5iroWcvcomXk7O8cl2dMyCY6tvK8RFTCsu+0t ++eB/bO9OZeCphaTSkz8OWFmWqmDiurNXKDVUxz5gmEbUh+U18t/mMXgnTEypbiqsw ++6syzAGjrHFnPuRKNbJhRgUl/lgr4M/qH0ZfZhCE1tqWF5RdHUDxi+X6m59xaDSY6 ++z8JCaFK2E1n+p1z/AGeZ9H8d8/DV/m13h//aAAwDAQACAAMAAAAQHHAkhuHnIM0X ++SVXk2hYx4dFqqkUj87TBa9n+afigH7l5i9yqnkoqIre5SNPbUU7e8//EACARAQAC ++AgMAAwEBAAAAAAAAAAEAESExEEFRYXGB8PH/2gAIAQMBAT8QJY8fHUttqO9u11G1 ++pn57i0lUztYjpmDC1RtJ/vvzGVqhZWAwTm+S5AAjvGuag4qpoYZK6xBsVVKvHc9F ++xssZsNUdOxiNrVDNURCUkbmtMAKzN6jP9+Ro3K2JlQluitTtDF/XnsqCG7gTuE0y ++SzYzEEDMv2NsuS+6IktRiSqxBqcMtqULuW7FV5GEJTD3KR9t+iFGI4DdTIKIxu55 ++8TCDQ/sMDuUCEb2bj6lkow7UclYgA7llruXDRg3PeBUHccjqV17gVDq4UPuZFMIV ++7U6HmWIXeZpANE2LcB5GDCQbXBEcJEoiomU1KiGY3H93LkuOYY8umbnDpRNQezUM ++qcumIHPGsORthO4bQ1P/xAAnEQEAAwACAQMDBAMAAAAAAAABABEhMUFhUYGxEHGR ++ocHh8CDR8f/aAAgBAgEBPxAGWhXj2uOieu61TMeZb0hy/Dc4lXFTKOT+PxEWfb48 ++9yljhXxEJxbivXj++s0HnzzAbWfEqE5y9e3x94q5OgUteh4ilDGel+rLo7eeePHv ++Auvbfz79TB7ZCbx8fDXEVlJXiLjXOZV9/wB6ll8lS3giEAPzH0tr+9wAQTrd8k1E ++HO5sBzPacX+2fEwD1X5/3KVlH7SzUr9fecGj0uD16QLMNehi7WZ7GkFi9bELz+1n ++/ZyJOuiIqp0Yi15foXLB+sOdyK0snlFN7GGXfVXn7QKdQlYrbIFfmqfdgTmLY8Rt ++ouM0Tm4eP5ii1nv/ABFhc/M1yV5yWddv3fWJvSX6qDVUUuD94YDgjwlsbXiWYuu1 ++ikmqqXS5Iwp+Jq2ARzt6lANr8zKjIZdC/wATNpBjVTGJoAgthUUy5XyRbRFIC/NI ++NcQg1lyZkqEuuoMiVVLHE2XOJmTJeoQ2XCGNXKgbKFY5QR3mJQfX6Gv0X2o/4lfp ++P3ncOPo7T//EACUQAQACAgMAAgICAwEAAAAAAAERIQAxQVFhcZGBoRCx0fDxwf/a ++AAgBAQABPxCUBCWAk8m945oGlsQalN+ZGw2ECd9zQQNzsxJ8GXOmKEjFkyxgQcQ+ ++ZQEQmLyRUgMBGQ/Dn2MR5mTXYGgZibmeIMVlINayjJgqHH6y6LMN0kG5tGGYwsio ++XfaVyxhhBW4OFS/b8YuvJGyFPBN4CBa0SKESkjAu8aYmuwMtOwz/AJwXCcxJ7Adx ++9Y7KAGg3C8G2zcc4rIY2hYH5fqNzlwVTAoA2l+O0MkAZCKJIUiSYoVvBBCEBrgiw ++sKSRzlDgqv2M9tJw5VZocibdDM6JVvKs9CCIpCXTNZ2Y04tyRLZunfVYPlAK2zwX ++Hfxg9FANFHUsucm6Lgjin4cTkQ+W1rpAJJ3gaMdwQ1KFcoyNlZ7cMTOjbVXxjZuK ++MbQnR2rK5BiSzwTKntV65yVaC1QEKRAQCNFRluTDWhmuSWkQ0hkgJEp2v+MCcPT3 ++ixFehj5gnJwAPiGY8weAkvaIdiRp5EZrxTqkYigJE6U+cCnlwd5kDwjARSogJarK ++FCsfjCWJRVIKg0LfgA4x+WIHpD9ivK41E0QCzpOMC2OmSs1iJxz/AMwoOFCWttD8 ++1ktcZIkOARg5XPZjp5lYkI2JgV6kGItFG19eXHN3YbWUh2nZ7hD5WqQU1sSOeMM0 ++RBHgE86x8bDCjOWpv2cnq4dB8v8AOCFKDbbqsZ4yFlzz4dTxvWb7UBTTcLl8ljgT ++KiRi2RwmHdMVgr3HejpRnhMPWE8lASSO5wG1MRdMelBXBBh8yYFRGx5iNe+YgikA ++EiRZ0jWDKpGjgBPMWQ3pGTXGhzKusGAB5oeNER5lONEQOShhBE/IY96ZaMNTFp/W ++UBix85oB5tcYKAEYSW4eZDKB2cgJV0xJ0icGD2ROsJD8WJ/OPY7JpXsnXxORpkBf ++IJo+0e5CKdoDhLtCNEr+cC0aAzIAQVNY4lH63ojxD+cnNBQlGe+OoxrKsBE+J0n0 ++MFwDcGD5D+sv6PTba95HhBwyPgtCSKOtgYkbDJMkS0upbPX6ylD0FfZf7wO7B0mr ++mZwTYyVY2COq/vGeuYqZxJqGFc4ERwS5iE+LwNUiIiD4xTQrSDlTZg2kqyz78aNU ++dB9L3iQgNwcBo+8OaC3vJwOaFA+ZwGgwILT1VE+uVpWRTr0SFXihhAmpW2N/qM72 ++dvOR3ok+Qf8AuHSQRRJzA8cRsxtVv85SwUvgcYiANqODFJ5dSVhk3wA/AwDaSYf+ ++MON/JWK0kneU2jzC8arwrxZtC5JIfQ/eSsO8/onzHUJkK79xsC+Coko5lcNjYWVi ++tI6OXFemlMcCcPuGgEBLvizNH8FNf+152Z/Sf2fxc/f/AIf990z99/bn/9mJAlYE ++EwEKAEACGwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgBYhBOXKMx1Eq45MgG/b ++7iYQG2L2k3bOBQJaaGXQBQkHoowBAAoJECYQG2L2k3bO1k0QAIIrNpPvClBQaHao ++IhXRp4xAUG2pGNFlBbroQfRZYHqXXCEO2TQYZBgiGiCyzgTKBYJKiZVdTjcF7Mf6 ++/mYe54YWxNddVpjMv6g1wAEvdMh1o4V33Di0/Xp/VWjzUIsrg9dpVutYmg8SKRZO ++b4QGRuLi7gZZSzlniu2YvTnLUZ64/nT6gAKNUP/tTvbSgO7FcunwwhPuUoiwVP5E ++7stvVfA7e4zucJdvmpTHeUP+LV+AyVWAmTua5ytEtAUOLrJHsPixGVKXNfij2cYE ++1EIZ3xyVF65uxC+41Y8wmjfbZ+30rTZ7pA2/dlhEg7LO3zGZ6xH9Ud0HIe3zY3ce ++uLdsGOlxBZrTePi+Y6ltLrLwzlkaR3+BvqP9g3Cb5m4G6y/KAPH4QeL2Ych5yITU ++qu7eMIjsoJHxy74fSxWr20vLW9rjBEFhZUxZykHEtbilFZdo++VuQqNKJLHlZ1F2 ++P6peoWZ2wZ4+vW4rr63STYyQC8Tyc8Ng0+ftvG9pEyfxOjM6wwYVw1jGed2enSDp ++QRd79nkBgm2CtUPXjUwhTxXO/0ZnpIX2+0wBQuTvS4+2QnG6yKqdo34UfBUpifLo ++FUGd8ks1fc9bL+CrnUgFaN6nEJxHjlsihtPQG479R1gNEYLaOrbATHn2BgC8SN3o ++ChYdiVbWni4pUuEIItiFEIujlQN7tDpIZWlrbyBTY2hsaXR0ZXJtYW5uIChFeGlt ++IE1UQSBNYWludGFpbmVyKSA8aGVpa29AZXhpbS5vcmc+iQJTBBMBCgA+AhsBBQsJ ++CAcDBRUKCQgLBRYCAwEAAh4BAheAFiEE5cozHUSrjkyAb9vuJhAbYvaTds4FAlpo ++ZdYFCQeijAEACgkQJhAbYvaTds6yqg/4mANG2PHYlugP5NNdtfFHxM5VwPUSCumW ++BB8cUEW7VQYhOVUukzAFywzxY9rczSWbpDZwOlTZkB1EKi3cA3XoUR7p4+B02V2x ++TMm0YF3FMmKKXzKl37iGRhhPWrrrVLixnZ4Vi3YRB7M34Clr2+7//sLlEh1rZ4QU ++sRoxgSj5NGJGhYBU5DXjoJqPFWmRxC5hhelxSq0Dlbu9I0aAWIp/IbCkfIyTT0og ++IIVOF5OwvBOcey6ZGuSYPWu4v2F4QtWlUZD1J4Ez48hoOnJ2Dx0BU3stg2pkVIq+ ++eCkMyAkCU+OKpvI90B3rFNPv+aFwXlYFJKh4A9wpGr8r57It8vx5IdY/hjLI/YeS ++D1de0vQ0xgK4OqJ382J479AKuGEIsHQ4040PD/xYGECvmmruQwQeiq2uVGMvN/oD ++R5gM7HBc/qqgDRl+GIwwhqjJaNnmDCizdoevXj2pCZ7mD+SKxyExRwxD/Hz/ekyt ++I99MVs6LqAbLQZGxBmxRACDZA/enAIf0vyjfVf43Ye2ZcTRqkvLcr54acLVJy4FI ++HU8BMwzDaAY49wgfIVtoMW1swFnz5t4XYN97H6PtH4sogNvEd1E2Nmnm/yTubocV ++ruLABq2Bium1A1cREMaURACrq8QH9EBsO8vjn28xhXxNVGC4NFmI33RlBvSGkA7l ++OHqaKk8gpLQ9SGVpa28gU2NobGl0dGVybWFubiAoSFMxMi1SSVBFKSA8aHNAbm9k ++bWFyYy5zY2hsaXR0ZXJtYW5uLmRlPokCVAQTAQoAPhYhBOXKMx1Eq45MgG/b7iYQ ++G2L2k3bOBQJafrGjAhsBBQkHoowBBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ ++ECYQG2L2k3bO1AIP/jaUoeWDHD75+6mg3fsqepXkf5NyZ6zrpeCwYfJBInknbA9Q ++OJH+uHWs6U8NIVTKpvF1bNWK/swa/9oG3igr7iys1WirrJCsxwc9px9BIzvhqkG9 ++EicZbBCRWQLFYAXgi/2iNXl/SJ9YKO4ofn4P4CLNLDDr2oNZW2M3QHwOl27Y6pZn ++aGQvIzExLwC13D6wKxMTEbMiT9+cGw7pUyZy6jSsSdworsZmx4jQFmIFm7WTAx3C ++X9Usy9fVPH+qYQAoYVpeEs+/I1MhOpMp50/AkOqfu5/qVI/s2PUxIvctTJSk799H ++nDxKaECslTLGbUKjy8iGrMexNvSLaVJyhV+Dsd6tSmknLRIcIvRV6sRaOTCmuhaD ++10jsXTVlZ3ww9IFtymmB+dNuNbQjDHLyIQX0n2yz4MYrmtkYsl6DNM/ugYBXzXFd ++s3TcdRgbJh4gsi2GCHbQEzhGzrLjoacSYHFWqIL4qdJYEGfFwh7itXHQJNyJ4yEm ++bDXVLTiMdnYIzQiRIIFJdPgHgTOHcWeR5ymI7W9vhnXhRaCaw2aKGo7s1MH/4XQ7 ++j/Mb0kHvbLVtyWIyZS7j3uPdKA1pTemmq0jF00dK6QA7OgDmkKwfCe+Deptm5UH1 ++wvc3Op56vNL1Dza7EzP42rrVSBRtCUuZFsDsH1UbQYoFb/54SblKeWMK4Dk9uQEN ++BFSvBSoBCACiWhr0YXSdZ07/cOsfhe851y6lKTqgWhkxB2hB/Hzs2jGNHh6nLWJm ++1itk2B7GzpLtreU7JoCYfTNIHDyInkLJ0qljulUV3aUVtS9Lap4fP9dVU6cJdwNK ++Ed9hQsGm32B64lz00aahKUXwmOnSHcfGtJMOd5q1iWvAlrEwKbPgB8LZAjCa3wV9 ++fta82bmqoRz/uoMuABWFsUE08tFSnKEufYl8xpczRo8Vo++rBLDSt4sil74vhNd2 ++/ryNGrwU+MHNxcGCxb25XeomedwTfIdVW/mkgXeWzxXbiOXuT5bB/S91scWiY9sV ++FaixpvCUbTQ7bdfVMJ2rK0M1qXuIcLM9ABEBAAGJAh8EGAECAAkFAlSvBSoCGwwA ++CgkQJhAbYvaTds4v/hAAkeIaaI76Ht7sb0BQyZlSaIt1xnRAmHPB5spux5sjmoYX ++rHiyqxPkW5UQWzgdgRpcI/8yT3bEGm3/n/2HW4qqvFOiIiwvsRh0O1NAz12UsAI9 ++OKdvP8lFcbXdofX0gBBylzaZXAo1JHio+c8tQmYEisZ1QY2Ht2bOadOvOIzxTfkN ++ycR/oOPUbMgrfB+P6ngMWnRhZevl00abFTrd79Elc4Dp9l63hlQ43oGGigQQaJkf ++FDewvjdUsQpRoZs6QUEerj4jXN5ztUz75KRb7vOM1a+ym+TdNpu08MB/g4S2XziM ++dCkLzrcDN6E5xdP7rRMdML4r/X+7sLYHfI9Q7WAgCscWQGtYi7p49SPliyrFcOEz ++e7cRgbi+pQHdvfNuD7W8vHzD6PT9jRvpRfkaRt9gBWLbtIbGDugVotH5x4W7PJvD ++XGFRVanv3mAd/qlfRdk4VGgFSWxIZzMIkr4GEnMObqzAS1tIFxN5mx+cfUaYEzhf ++T7vfS0azRnpVr/6ufsqBJP4nPO2I7r8Pe4F5RUL/A4e4w1wjcA97SVJmneJfnufF ++513bhOKgXI6FcaMTGXlFvs+2e0ZPZwWufiFlzFQxqhspkOwZWL2kZpP8u9Y9q4jN ++jTp/6RL+IJ0NQdCGu3MSP6+5kXjFjZhgrFtOmJwLvout1bSJUEUJLgF2trc/M4O5 ++AQ0EVK8G2QEIALPvDu71Ar4rVJu2vnCt577voM0Xv1fxrf4j2EvD6ZEldXcIifrr ++p/NqojrrqdAV5RcrkLrH+62gZ+o+f0qLedc6Dk2JsdFzALrJGLW/GgUuGw9hka0d ++S5F5OgakGpHFrpW3ApuKiNEivsRdL4kDCGsSwSlgg7QLKZccWZvangQ9ZAHXq6RY ++47cxGf9nW5y4X70skLBZUQYjSgrIQVD1A0VEKeo/2BKNTyrQdVldBZSvv6E2Z+Qr ++w4NWec1bUQekRkA7YB8E5ueBKN9P0RPM3MtOxayC+EPHfejv1JkiKbjtToliNOx9 ++q9GMSReFok2RMoYL/VFcCMEjc1ohKZAWN4EAEQEAAYkCRwQoAQoAMQUCVNJ01iod ++AWtleSBkZXN0cm95ZWQsIHJlcGxhY2VkIHdpdGggbmV3IHZlcnNpb24ACgkQJhAb ++YvaTds7nzBAApgOs4kCGlqbBp3wByAD3wCvLYBY8wt5IqqJXu6/dzQk3X2jBlyxJ ++HmWaSdpcfl8IBVomDjHZGU7WIUbBEF6RLaBfvzV6v9682S1YG8AQdf11mNu5z/vy ++To+X1elsEKWNsa0KUuL+AzuT+2AYTDKqv4+D51cEWEZuCSe6aOHRcn5xz7UeKr+m ++DPH7+bVuVA8ALGu6HYOa31AT9J+S/Gx4Y1wJVWmlYzYm9kBAjoFhUZSIoM5w7VuB ++1ohLOnjv/ZKEknZE1DMoxDakA+O1NRtN+rdXGQkKLenOSSgpWRmGB26H+0oDpEyo ++9gJe5GKYHVASLF9FbAEaUA9uAKZe1oVHwVwVa1IwWzbDbOJvF7RxZEsABR+qQwRQ ++8kDxpRnOwFozSjhCXPv5lfpWnz9q/id+N+BlVDKvCZ50ZyAKPde5hN2IYsuGNgDt ++fIfy6IrJWMJdFzaPwZxO0p9rQNMUy90zA+23f0gS/0WzibbGUiqGD2shTJ2Ai/X6 ++KIk5QXmKqgXy0xSSjaaioSgJ7dxzz7DwGxOdyMqI3qdueDvu8iTNE7XTVgk3orDV ++s+8Z4W7wxqlc2rf98ozUIYkHHsb90jnjkIexzsJ3hhZfksXv7pAVzaNMBx4UbzU4 ++ShgPo7VgdcNzARxNBiss7eI9IcEtbuoB4KSFUfsGYeNfJBi7JkewfR+JAz4EGAEC ++AAkFAlSvBtkCGwIBKQkQJhAbYvaTds7AXSAEGQECAAYFAlSvBtkACgkQkbTl3htk ++Kaeqegf/bhwfSagi9Fj4o+ESRISf/0FNN3S6CbrDE2LYzJL1tZLAZpSSTfU4boji ++6cZq5xruoxtuEeqfQb6JtZPggfJTsSfxE7JdstezjJLOT1ONrjyDepoVZ6pNlWkz ++OGp7AzxHdxnG+5xg/GuIMV1mNYeZ2L+oJN36zxE8I5Dx9bThUf9T8R6iif2yhAT7 ++yz8x4D1/LKsEwj8BciKIQc/d2kCJYsmwwpmgdKYC8iieiVqfwFbg1EfhKo7uO+iP ++TkBzyyeQdVM78HEdqdnSQRSzK0AGzQvhcQjfTDly0L5cBXJMWhFSM+n1RjyUZEg3 ++YTxyfnWSU0BpAis2N7vUNvo+ouizgTFREACq2MVVT4Kva9TBV+QWnnxzXfowObG/ ++WyM1zMNDq6PI5X1zAwjm3SJsDDtP8nGSp8uW1fy5lzqE9oEVA1Zok2Ac2MqihNhK ++SusElL+eS/3O305GGPMQ4RNrSkwIRopb5a00JZyiY7EmSGrU9OdX7XtkstniIXjD ++gClZb2XMS1WOvdtSJsca5KMHiByEePSZowhuZW4601aqBaLeVVLCAPpaH1kQ++B2 ++X4fdR7VOa4j5kijL7Y8wee2skDLtDo4670puwuXdoOyXEo3E0Y7K/nnRByXAiFpt ++mEydczPC8wLlEE0XlhvTn5ErpkjVoBN1MhIId+zUwq5LWA1IEY9Kv1OdPdPGYuQt ++v2Dn7K27nwGbNDkzaVqVzvmKLhYTm8MPbjVwYJ+U8WwVj44NkFH27R+pqrJRKikQ ++uA0Vhef/l2pa2kL+UA24uAtqL3cBM9xjkryYHyl73Je632U7n1YQ8vAec+3sESnN ++OWbq9N9bMgKfewsNfzXgNEaqXGLTYtJOrhO4tJF8N4ZBY8nzES6BJOOKeHKKUJxN ++IGORlU/Mel82CtFsxnpdEoi0eTn7abVdC6oVEKHD2T/O6SyvDYQF4P7yETGmvaTg ++fyTMP2IgNfv4mBp9GLbNjBYe0amR6V6s9C/8rdoRjGilY/OP3MnBy7U5L4NfpHe/ ++inqKIXe+0q50l7kBDQRUrweoAQgAlNoLcAg2mXyoM8r2pKrnNX6V95UD0PQ7cGoI ++D6Kpmd5bdzuaLtPsDZ1r4qlEZqfLA4m2JsHZMX+Nas2tuW2luE4kC+yi7T9515lD ++TGlMBhG3+BRGBEsa9G95pj8QT/PJYCYurPUVglShhzIC8ZGXdiICBt4MEyysJSkk ++XlLvuzGDTf9ASOk7qOJx8V1ILse9jB8L8os5TedyRYqQSUUkbUb9fT5zDDcfbKXu ++yZn9r+uzieiVw86X2m+1k+pK7LNbdnckGS1p5Vk8YyvGq0I6BDgcJeFZI1226KU7 ++evk6PC3WYkt/VUAWbyg4Hz8BlR4oMY0UkmX1WMhfpQA6F1iQRQARAQABiQIfBBgB ++AgAJBQJUrweoAhsgAAoJECYQG2L2k3bOd3sQAKaUe6vV4HmntOaw6fxwc3v/e9te ++poYlpvireLRiD7RlOarcCa+MWdP22wTUXGRIczty+2D2NIhngnZqpC7nTH6F7KlX ++XZVIylJUygjnxihfogiPa8DEGNs2xS+ld6Y7OKxg92kJ3jP2H7QLpvq93evVxacT ++hJCgPT5AMmHR5c9KYRJ0XsMk+YrP8G9EnMlBb5d1XT7D7r4PF7FbeAWSozmaLHoF ++MOzg2hWpaBcc0O6gz/bpE4Ob0Voje254V+zNHEarxfoMcVNavRl0e9mgO53P8s00 ++5dT+OxqNwHR0GZsHd/Y/cSM6XGyhq7xurXjmKW2v3tGaccOp08p27u41x6VefpBy ++3rd3KLMXO9mHst6NceyWKS6kp7ildxwIKlzwe1Do6hQ0Zd1XJY7RaAwonnc0YsrG ++2JGlCuv7sP1gBcSLsqx/APFwfUAi6lUqAcB+z00XToo6vm1hiLsmFoIDGUZnm7PQ ++Bf+HRxot2sKgtBn115Xx1GFd7V3WlXO4xz17jREjTL7P8H+r4MnbcjbdDmQTrO4F +++EmuAJRSPvpwRTc+6AMGUOSMDKN+ASQoazLPRCiEZgLBCr9ooRd4An42t+QP0m/W ++NY5p+TRQRfsrJYuwJueV9KRVjtAhgM82DDAoLl1AP0QhhbJBvq5Cda5RqLnb4A1M ++QW4OPy2Z6LC9OJ6ciQJHBCgBCgAxBQJU0nTuKh0Ba2V5IGRlc3Ryb3llZCwgcmVw ++bGFjZWQgd2l0aCBuZXcgdmVyc2lvbgAKCRAmEBti9pN2zrr/D/sFymiWDFQYq905 ++vN3Vt8zu4JeBqG/Ag5jo8CLdvbIUSVGWRY2dRRJGrhlxmepwwX545aQqSiaxMcPn ++Pri8fSMFnFNWKzq8xIC5aCaM5xZnN8NT2V5w+2P/vZxc5/3Xa9nQlquXB9v57jzA ++IW1LJlYqvU7ILbJZly27sr2v1JOgogqzgEz4NAxCSwUoNM6OZPXnI5EegINuiWKp ++IjuGtIQoKeUma1YBOK1Wabxfe2Hzu1/S+lmAwZtqg7HCX38NwPuAFxElAC6vx3QA ++V85+K1TWjPnoBHs7wbxv8HZEUewqzSijtLYa/yLiyMVUr0Am31yhsgFgKLQXwhxn ++K/g3xTyU5/n9jgZMEwg4m3FIeoXF6tDyYvXj7RK5uBGSLvt5R40kWNiUk8pl1L+I ++tmrTUynj/6g1wuLrYWkEPTPSlyKgZojTx6ssAiDMOVHjxpWxVnhnAkXOlLMuccTP ++xoXEQi9sXO8ByrbR7pmVS0+sXNB6tXbtllBsPBoYPT+ydOKGLqSh/1RFJyds3QPs ++8szwosr2wo5TMrCMcIiXpYn/4n4hM61OhPLV0OjYmQoxHE0cti8pntFpDeWJMvDY ++eN1fAu2ZZiiYE/+4CCGe+cmYvO2XKWZMQHwLvads8oCGqTpeidn6wIpsNsVNg6li ++fKFcRquVh96y36GPW+JuHeeTGuN477kBDQRU0nUiAQgAnDKd8ETvAvTedB0SY78P ++dlo+c5PyMU5EheuNezG4LFJxigixIuo9ZW5Tl11dO0EpnyD3kKsJyIc/+FoRFuSn ++nZeF8rJwHcB81+bQIkfek5rc+Za/o6wJ84yMzdqwU5Ooc1MrVdk/3TfU6y1uGaPS ++envUUko07SuVUOLOBuseJ/odz8E2lRt2iJ1HLcbRXi+pR/8DLIm4U+PLYIKYKrxD ++NBln2mlB7wWILN6z7cicaE3HzZp920sqeSGfl0tdX5z7wI42EZcfqERWmrNdy0/m ++zXmRX/qohTuy7I06bwrv7asGiNLvAfvP6wnsRnLbho03Flq4Eed1vedcr0ZPtyaB ++xQARAQABiQM+BBgBCgAJBQJU0nUiAhsCASkJECYQG2L2k3bOwF0gBBkBCgAGBQJU ++0nUiAAoJEGoXY4qgRQz177gIAIq1D4QmR/Zq6oeVsYzH/5+r0Q0JM5f+JKD1a9Ot ++PNkV4Z3B6yWBA6vVIGBW1GB6QrV99dfxXAzqYvsDuDaPtNcsXNbK7iQKt35llWq+ ++G9Pkfj9wrRrEo+rvfwWDJMnp5C2M9hucPCc3aLCUE5UX2uLOLtPOoD9Gt9mv7+nO ++gdFZeANnjfH1sUzsgYOcmKVX7KOcV479nkNT1NXeqImekXmkTFFmWIE0/zQ9MhKS ++ae+F0fV5Agv6UivRc51Mfs/o9azWal7HB/5u20FBPV+ieZXzsSnG05kvXkmdcGOa ++SrMP5+Z0U7Hfo1YtkNhMeW2b4dImZLfCZUb62Q7K4LCoW+e1Ag//YAbzGBVflkTv ++sEAiwL0tbjaqpGMcAWMWg6ilNnqG2Rvd4GTGy66PMY0nYOVy734o7nyySFy4IXbU ++H96Vepa0G6JzDkiiRRVhd3VPfEFK8qNZRYXc2W8ohQV8sQU/wRWpOEP7kzD5rm6w ++hc0h3qNeLbXjciDfS785mAjHwVWPOzYuPlxaLE0GaQdMMYPnn62incAgedjJ9wXe ++nYugotfbYofX65Il01wCUhv+b1CuSd3WlwEQnia7xk/o/FVdRoC+x6GFHeFpjyzs ++R9QJVdmUDdDdLyvtVOD+kMHrsWFolxzqtVeUod0+1byvMojTXQnrbmiZJgDs34eV ++MYMv4TQPNhqmQuV4MdzCS+mmXnbJjxL8Y2nARUh4ifDeJH6M8qEQqWGHHTkcgPAF ++EEM5kNRFkyYFFllNfHRiSnRB6uMMCLXtgmTyamboo2Rm3R1Y4OCo2wryFoGiIore ++kQx4a5vxCw41LDHHrm+XGUIFZi1n6AmHdoGcHq0Oi9nrK19nUyJu9mo5w4EU3Os8 ++E2V1V92yIx9nNO0ZupRBXiqKp1iaD3nGQWrS6mKcG+vmwEjyqWer7i91miyK8S3y ++Gnq4zNoUoFtfaS2siTWNQgzCEjpmMEcEiVrPwfFI5OA21revRA7tR6UwtZn3DUsl ++axotY2E9dDEgDvRZstvyB4xWrtXK4T6JAkYEKAEKADAWIQTlyjMdRKuOTIBv2+4m ++EBti9pN2zgUCWT6rDhIdAWhhcmR3YXJlIGZhaWx1cmUACgkQJhAbYvaTds7A9Q// ++fwupqkn+2LCKKU2OeZxLksOvFyRXhBxndQrIVlyPo3xOt7sZkQvhsQvff1HA9n9Y ++Aj/4Drp+AyHwnWxibKXMnD3SHSrhKQ1Crp7RUWOBe06mqAQzBL3L5LyXqtcb2u8g ++06DZway5YCDiif3LlNIf2AdjxMcg3lqAXCMm1cGRSiuoMZAG/eU14lNQKMODLlge ++dBnmpzUc26QcGlcltzzY9fFL1WhHmHpLwtM0eIuT0GW/dQUDKsgKa7oWJM/4UCZ/ ++ug19mHSxtLrQGMNQG5JKIebPkM5SgL42fRHDMpnFNtWf4vu9dG42i8oWHNGZDOdv ++PGnzM0I0Km62F2zFTTljGQ9SEDxV1hQe99Lt8TeKoch3Y8QLELh5M0FDRVet//z6 ++UxYivwAzPpOK31vLsUMhjVt0jPDnRi4PJ1DYZgKVvsMbgJ2eD/NgURefHqfltR1k ++7UZLtYEhGRVowXWZ8JNR5xDVczsxMNRmJ6JpnFw8Rfco8MLM7sWROzmYn/NhjJ+h ++y83cy36vlmlTYwvFqCJW1J26Y5GMiJ9ilLNeObyh0YSZlTDYfK2mnQmsId/nm23k ++NpuZBZcd2tPTIGPsn4YhzntNG3gOe+4LMshszAUS4ZMKeXOviDRtES74zJ8hVhrq ++Q5rHcHop2Er1ZprNTebsJpSmkHhqTqYjCv666GXvgcG5AQ0EVNJ1tAEIAITXfZCl ++HumhwlMv4ut0uReP0SbR+zbJe/W1FLl5bu1UjNzVchOyqNdOGfmHN8nl/fc42q96 ++yp5oFqQwxpbf0jdJkoYcWgvCppzMZ8GTiKGexKaIajJ4wPYX2BNQIbF1Pbe2WZlK ++XAMfqsCddXUkWTdASH9CYXCMB0N+TOm3yuhY6JlFZgcrALsjV5ULk4Rp0r7bzv/9 ++FZLWZ+J4xo6IYhlNmpMO0ZqiQ3essHrYvKA5RCNbbQn2PhkYhocG+Z/p1DcvAEHG ++6Z5KwvEarXtUJkgP0Q8IChNU+S4qzxl+sqIuMBu7JmqBObejEepK2YmEaUpWfRBr ++0hF/O1v40XTKp00AEQEAAYkCHwQYAQoACQUCVNJ1tAIbIAAKCRAmEBti9pN2zh5/ ++D/0d139sc59kAK7QGsZLt1f7/ZCZVnpI/7LF6AJBN67jDSJn6iFdXHg1Q3OgGyAm ++qaeVj366VZQowpCNMcm4LVb/gx3atgtUwO8OXnFdjV/CSIbAB2MBVVDImZAKNcu0 ++oPnQGbW3GIcBEpJwi42gWP3pzX2kD4xS9mgtZcvnY80QoId2LuarpW27dp7dbhJC ++EWlcCVybcKsornY7EwUpOoySTSvj8/5TlT212igSUMlWhQhigt9Kv+uo9/tStQAk ++3KT0CFqNphiAn5KnDsWucuhQleCtDNEJLIOJYrpK0eIKvMF6P7gKj6b83dqOpZiR ++l4W28BE9I0PGMUQvFPclqPznlahHsNX9uICC+7dPBhxq/gZjKRi6r+F0UXLRnQ9D ++FIAvYe7azx/xPysaOoQPj74F6pNpsPKcoJPl2ZFD98PDQtNMd6jF+94Up96Bzw5H +++fNi14aPvUME+l1oZMJkYMhh1LLfBv1r717ODa8SY/ckoyfVnsPE/gs06gv/JK6Y ++hAhytlbFZlK4+yI6bwVRa69DiLDO75lQLyTM3BCnswVY/CH4NgeSnwrubYB2N4kQ ++Y9oiWGpMohStQRVTGS5McYwTF3/6CncIhPm/dfTyaycqs3j8dFTjHjDJQmpZUgHj ++c+/pd+rP/UtrJ5j8+8xsdJJc55eOXbSIMJXEq3mqKLyx8IkCRgQoAQoAMBYhBOXK ++Mx1Eq45MgG/b7iYQG2L2k3bOBQJZPqseEh0BaGFyZHdhcmUgZmFpbHVyZQAKCRAm ++EBti9pN2zvUkD/9y9aiwD5OE5QPhxbUnbF+AAJeOIrviSBLpk2zSqhmN5XLfbcS3 ++CU25rQuu3dAe31HRUHJBMUSb5GhPjpgIDJPEQApIZxeYcu861oG6pa4/PpEOWWlK ++yOzE9JwRo6jreDIjOqvTVT5+QiiGT3bmeudX8anj+4Eq4UVl+MKQ4ZByqyhis0tj ++dx4lNF6NH34CZlXPfazkN7rWmGJr8tBjYbe0wkWSHaXSncx7y0A0S5ioOb4aG5CJ ++5v7EMq6lTs5JbbVKSRAMJFjvOPBAHrOWRU0hmahWXXRnjj+J8qCNTUHCBbWgkHuF ++KdsdLZBhDpVs7EIveUg1w6e5luyyD+e22nHpQK1GWywtjnaNHKIYTeDWFVTvgfk8 ++oK2K6uFtKjGQHjPeJot37z/w+PsLY8YMJefyfubdoOkmuDtqtfD8hB0z8k5RNWQ/ ++BsrPgtJWctaLD7OLJUCRrl/VJ/J8ytBAterbHvWO+lQFu134qV7fQb4BwTsrgC6r ++KVWD0tMrU2Ltc87Q+ULMgIn/WCuFZk0AiUg9BgNSLvgXWrqatw2YSOsZd6AgucNp ++FvvOdgVNg6LBsgj/SbNNQDnRyQuKhphktll1c24/uQixgPJNA6ojHwQiCqQRYhZJ ++iE6Y8qkkqk4De/4IdyBA1cREgLpyqc7njswyprPpVXFDBzisMHrAYGSiHrkBDQRZ ++PqfeAQgA5b+99btbBH58zRUpB39U8R8v+Qv544x2p239oEkJ6N0GNZtLMpaqPpql ++p8BUcQHdVqeq35UPSDl9fQGswIgylrppO3CEznYPYTCAuma0aSeibcPS6F9F/OlD ++PPFjYpEqkIWqhuENL6ZajaIB7H7zH/VH1VxdyXMWjblZOLnDngW6j+a7IfSFzWHN ++J8MmKeTEDEG1FBxofvnbzQu8pz1MJO5E/9DF7Gv0XRmcYEdNwrxJmleJ8x6AJKE2 ++5n3x0RJO4Wf1PIqzkyohGuGOPih0ncOUzwINbpbRpwXt9+PkWzj2o4O8Y5KHLR0w ++MNm3MMzgbmk82gXxM+NDm70HXRMAkwARAQABiQNsBBgBCAAgFiEE5cozHUSrjkyA ++b9vuJhAbYvaTds4FAlk+p94CGwIBQAkQJhAbYvaTds7AdCAEGQEIAB0WIQTQv9a5 ++7KVpSm8Unc6vTMZ2prbBQgUCWT6n3gAKCRCvTMZ2prbBQmcSB/9RYspARPjzMf1M ++nZwYHfsL78MynfO+8ccVYFjA73njemCGaGSaP6GHE7g4dbzoFPdnwLkF71rLF/Pe ++qs+34DA3wIR9IbwlKKhLVymCrqxAsOdSglNg8z+OXlS73omm9f3Y6Gqngge19H5i ++9mXmgJZ9LdgSUhNO2NNZh9K5A381YzzcBLIInf3HmUUHdHFoYguvG78rBrRlEqWY ++hp/yG/JYbR/UbXhrNbEggf8LOeiQtODMD7kAwDCVfQjfZsBh995K0ml6/d6DFobu ++ZkkPAjhMAiWnsLYFCEqnpYnwQ4NEyNAhiB+AM62jj0nivvpmdunk2kQNtwZvpIRD ++IU4aJxkxrG8P/RVWJZyjzlPKC8qzlhPoNXc3bAlnVkO2F32f51nPx2kE9MFMFQp2 ++agFR3YhCir8Gx61JsLKqp5gG7QysKeRDGzxf08ufrhcjpKoCIECCNCBUaBQ9P/Oy ++4BzleM9N0pyw0CXV3ca20GVnH7DUnXAJtTVElOBISKjV5tLS0eczEAHt3P7A5Qa1 ++YRQBzRHVXbHjhdudz0maJucAERUwntqOsojoJo/bQkhggxCzuHPsfK5KUgcaKhcu ++KUhZYchL7JAlUxKxbmvvHgy2me5LUCxmhSsMN/uiWNiftDePt+O9dXQlUu/rCCyA ++pyyKODlwK8+ga1tYjBa72iteeKdqnBV7e1Z+bn+eFpFEgg6EqJc2gTaWb9hKLz0n ++/cybabpx7SAUd/nMjyxtslxtNH3Xj6Cnq/J8KYQOcHyAy7TAXsYguPmXOOBv19sA ++nU52IyeAqaREb1UEzUGpwQIOM7J5bH51ZSy3r2SSgQj53fRTv3Su13uqIPMWWGj4 ++JMOgozutbFa17SJ+INDtuQMbwP4oc1Tv5hEhLoZiM92Gpg6IEmZMvUqZ2jXReEd8 ++wfnXSgHvF1JTV1NF95icrIO9D8xramrSq2UaSetp5FCWZQzTihz4PiDHLU4JNw5o ++QMtb3dHtVC8+jT+b489s8qvWrCut4DZpfR07FbP15de4X53lpy+YI3N1uQENBFk+ ++qAsBCACtRr15KNnY3mR3r+H+Cy0C0Wyow7gScBTXx+euP2RoO9xHurphg7rvvGEN ++WTfOlk/qzj9V2+BbwkU7tZa7uRC0fLxodKKr+QTO2BXxRGdipkQpjdflUxeascMT ++EG6WOIsNfmn2+uaPapKNedpTE2bf22hHGlooDqqmFjdfFU17dBWSMKJ8yQCgOCFJ ++5DVM3c0/t+teShLkXmVzU0G/rKrZDXjKZUlS1B7t46NhgY99ATi/go1/hs3lNMQP +++gpc/FM9IM6Y6eWXoS3F6nTbibavVdsx/qig8sbv6FqoEi2cDx2QyPlXjLCVlt2Z ++1kv+KhXX8fltjmBifFgiq/H35cZTABEBAAGJAjYEGAEIACAWIQTlyjMdRKuOTIBv ++2+4mEBti9pN2zgUCWT6oCwIbIAAKCRAmEBti9pN2zokbEADescj66he29QklIsHg ++Wj83vl1b5byfPO4taMY6sQ0w2joGOlaS/QFZSTkSxc96xlnMJ1gDMc+HMR+REoth ++sBg+1yuz32dzvV6+eBYA2nccfAqhirKk0iijF3WRBmbe2hiTLDIr0m1h1v0LuCEw ++/kH7PseXabJ/zxt6wHBq5XbIy/H2z8PRaSEUsb9qZdtMyjvcgvU45GksjFmGoWnl ++lHFVuxQ24xcIkPe91NTa++PfuOwwRqAWThYM0lCLfJJuQbaJUlggPNrsu4FsD1GC ++9GIJT5au/v89TUIuNfEZjCnqaQuOYg4MkkHB8lyuglIv8ny3T46aEK9Mux1Ok7d8 ++i77QVtezDwAch2+yPHxRT2596Dh4NVqP4+99LPqtZY3rKuzAJD25nhie0z9M71Oc ++4JC39vNi53XV3ckIy6sUg/yTi1na6/W2+JrZVLeQW7bTCTunz0FbpTt3CQRk3cMO ++aSx7PLo6x48C9Ph/It+y7d8E6qoFCpj/Lt13lnnRQdsdb8Lnl8X6QC4AK7vcZAi+ ++7QwNjuSJv1aSk5cVz6IU6UD/VQrjGyfUShaPOf1nNjwFj5nQ+BxVIUlxEB55KhUb ++UuIm00VUrdB+WpLDse6X1E+OyvnxvIbXQTdkoCMtf6K59HhcavM2VJZsXYJzyZLJ ++WCVmN59H5VX6KKo9GpK9QVBS3ZkCDQRSZgWKARAA54U4UxYDqUMAZICVRTqD+lEN ++6AWU3EUmE8dwOKXEIuMs4iElToPRPX4dmHhsHgGQD0Sq3r8UPNpb+ZA7/FL5Qjpx ++Ifbx+JaXw2oIq4hAJHE3O8lJgiQMkfMoOSpu1dNX72y01iGYrH+RKsAMFXZCGnp+ ++Qg2McX2su7+IwRl8TcHULuJ7DDhrmDd05dBQZVon9DMoRk8oZeqzE9pZcip5SWh2 ++wqALKV7zdUV1raqP2xq3KJtxXzZn92w//CsQufA5gS54Zw3mruraIUj/Id8a/Ogs ++XWG9V8/BOSEVZmaKPzSzNGxtYR5IlER4iaqN+kaDGqxRIQn8qB8L/fB87nlldVcP ++GVnGRzLhyLJE//3iNp3FJ9wc096Lt3ksei2aEuDXSrVCqlMk/Nhw12PXFIC7nQwP ++3dmFIuQctmL4BlxUTpio7ajk41KruZNAUwDo31+fyFQQPs9ul2CYCNNW1orw+TyO ++LYbSXfPJ19vHr7uksDdHr/3dU0+/qxrNFjIqH1i56XvitdvOybkPlqVYX/f1H3HE ++Wy+a2F+U0KcWHTMyb8tU8R4p8xPoxHBJGNB1QYTra/3GueiVYjpQEIvQIOO0m7Ay ++tQoPAdoTuDKBFbqZARfdkR0RENfkYZwvHB1+SLxPQm+LWD9w28nf2VFkLrW26wqG ++iz8M7up+vMiOCb0Ao50AEQEAAbQbUGhpbCBQZW5ub2NrIDxwZHBAZXhpbS5vcmc+ ++iQJJBBMBCAAzAhsDAh4BAheAAwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0e ++kA4UwcwEBQJbSOj4AAoJEE0ekA4UwcwElYMP/RQyT71nLmskNNj9cjWXRASrUGgH ++cpW9u1j/fJ6QuGfbWF30ibewRN0ff7OOg0V8iI3BWGOdu0+xb+y+FWC5XP9ddS41 ++Yn1FSDjMRWM0t1hTzjQtZS0e/5F6VM1mE3h+EZnhSkl9r1aKm5cuv9g2OxWulzDA ++69Q2/K97QenJND8KDMXX5neHc2bGnVbMPlhv3RoyNxajSSg6alOsrjdBEHEnsHI8 ++rzQ6UGT1M0unxwsYCrt/AD6V09/UStR1oyWRE2WWCcHqS+MW4JXas40GR2JtUhnT ++T8zB3OGhT947rrQ2fbVOsz4fOhonTFrR+aboTQQpj4XFH8HERk/wO0XUBDuAGavM ++mnz7T8wn4CTEmiBB/M5rBXa/TMtI7VweZbK2Hj2ye+0tOnx3aRQbTO4C+if4MepM ++RsKZUYufRwQYnaBbDOs2B8/QYZxnOFT8+Y3dkYj4Erucsc740cEQbSuchB7IZq/K ++QAzY4DaUUvsucWObXQR5+PyOYEmE3v047Rh/pSH5XudrjPtyBlsmo23cIuBJK4rj ++c8C9PTEJnJG8MqoHZV4U88TQVo4PU11BURAwD2ZV0MCL2HqWmbJOREm4cMudXMq2 ++rmCxGfEgjUQOk0+VOFyI+W+M5Etg3jWIrdB6pZbKXWrVa4MwEDvsAfvPyRxXsJIG ++R1RVewxJpxlP6upstBxQaGlsIFBlbm5vY2sgPHBkcEBnbnVwZy5uZXQ+iQJJBBMB ++CAAzAhsDAh4BAheAAwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwE ++BQJbSOj5AAoJEE0ekA4UwcwEmtsP+gP0nC6dtrEyoLYGACFkp7FNnuCtO0IR6ppP ++XFTXaGMjR3g+N3+s17ztdH5X6CUS5rIvDJQGgtAbqDQ6EgQbr/tNBKu5mGYSAvSO ++vjR0b6tmgc3FYl29tFjgpeUJRPa/nNdhUi+TY7pbEv0O9+gGD8lKoFNiHBjEooqJ ++CU+CH96uBy9n+BI81Xqc8cuAQNKMZd5TFLmbmwAnMIt8pPOHatrorJjfJM0Odk3G ++a5CuziVfJojDTgck/tFprpr8MSnAiIW21xQVzfRazFGUA9iRF/r0gJKSyQuZj9ke ++Kn8fFVQufMAJyBrsjykloaYkx2XPccB/isjFYEYp7Aa4qQASjCGkffNuYfo0JuTp ++8k7IUHPv3sb7TodYoWFgHh8z2Za6i2I5dKb+EgWs/eGDOrRyOdgbxgqJc3KpwMLS ++JwmagViQ+PiKcRV+uGZ57BSMsTwt1vT0iKsQhM0IY0htxcYR8HPdaJnvLkD+wmNi ++DAXejp+BUZ8s+7W3VN0gyktjrN0IMsi420mVOCS64IKBeb9qCqO+IE4JDny79a1q ++Kx82jAfLOkN1KYy8xYylXJTypLtA16OiFB9Tsq6DR+BYXE2n07CEOko439HGZJIM ++thLamu0JjGAwPGKqYXyVA0pwFPBQ0OXa00H6qCZz9FpVvRe1c035x/RdsmzqgVu3 ++8C8bGPZ+tB9QaGlsIFBlbm5vY2sgPHBkcEBzcG9kaHVpcy5vcmc+iQJiBBMBCABM ++AhsDAh4BAheAAwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJb ++SOkXGBhmaW5nZXI6cGRwQHNwb2RodWlzLm9yZwAKCRBNHpAOFMHMBIaIEADH1dXX ++LSMW2SW60L6jMQRUNMKUKsekEpTdrzmfWJng050X6/0Rc2HGqbgUUC7R2w1bsUcl ++5RQuj4kcgnXBnxB5XfN41M/xJlzZOgh1yLEowyOBrEV+F9z+y/4IhViFP26CBujY ++StS/WMNMl4SwWlPWfLWy9rCSuD4DRGjZXx5tC73os3D4Vl8KUjFOg+yPefPsawjd ++KnPyAUv9aZNJ8MTG77xOAFQcbX/bSMjlw18s0hAMAHZ/3r9OMjYSz4gy880i1maY ++6EHfx75Tjyow2IqIisIB+NMkH+Se56FlMRL4636Dq+GWl6GWXhoRYs7Nmre1FPCY ++Fcn7iIve86BnYPcN+iNFWj2tvf6yXiYtRJFl1BL4xvE/er/QXk3eCDpncEf+4Q/x ++i0HUc48hHdL8T52L1oePUbgXYtH1fZn5Hr6pva53mPkmfY7p+NoDgvktVAuuviPc ++SlZKlzut2Y2QClvlGZ8Mle18m/28w44Q0Oi/i1Wg4i9lFGuu7jFMaDARnySOaU5u ++Bt8nd53v9GudYkW0aNQghsRgKCsXsGPLirJI1rObzRraI17ETTawgGzvYhZaz/Mo ++HPlFMNtGwGr53uewLGw58b2BEQaFIVHtadz2iuoXNPCmoVYNFNAf5mmXoUpJnt7V +++ZUnP0fOcXAHuerJ1ZbDDKnYxhEQLAbHCIyxprQnUGhpbCBQZW5ub2NrIDxwaGls ++LnBlbm5vY2tAZ2xvYm5peC5vcmc+iQJJBBMBCAAzAhsDAh4BAheAAwsJBwMVCggE ++FgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJbSOjqAAoJEE0ekA4UwcwEPpYQ ++AJgBYmNAuP67KdxC6HjtcPe2/hQcFXSPYi2TJGfgJrgoMHdXQW008EPz3kaXkzxD ++pda9bNpUOcRL1u9riO/4V1f+yFvkZOrnkEhw4ebrvip4sbufvb6ezD9S/OuNnTdi ++eraJlltStrq6HXaUXe8VEIfqOiZPB+3DEbcL3AHw3dfEZDYygNFLji292ZpEoYp+ ++QlKamdEcebOYH/AhsQUaEmJAACY/TVMgdWio04uCDZjicvBt5+nHsN7RTfTfuVED ++Z5XeVVfOifA7D5rNBZhiI9BjsUzx74j/GNP/e8kiMEcHAPF9BgzOXfK3sTQNsZxR ++zl+rZDt3ltg49N/5BcoyTW+SA7hM3U/CWqtNH0srKPkuKFhAbLr+mVZyA8AH6vk6 ++iiBmOAO6MMzcV7ru2wwu/LtgEHfdiq6XYoFVjQXkH7SanNPpmyHFocc06gLmXWNc ++qn0pvepKzjjApCs+KaHx0G6DyGeCno1qC6P9huINs7n/6bLSyh/JSHnuLddJBiRS ++w8DwYy76WzPGENjkxKv9iVO7k3S+XOGkjtqaJZFMWOZ+l6VZ29Hr9ezYJuDu+CBC ++Z/7grbjnkE+4QmvOlPNFBHsfyFb5RoX7kZ5Fmtb7flA0x0TUgaWtjocQxGbZkYrE ++7xdySqfzBycPqLCqzmDAyrREoJOLc8HD5A8dEZNVYeTbtChQaGlsIFBlbm5vY2sg ++PHBoaWwucGVubm9ja0BzcG9kaHVpcy5vcmc+iQJuBBMBCABYAhsDAh4BAheAAhkB ++AwsJBwMVCggEFgMCARYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJbSOkKIRhmaW5n ++ZXI6cGhpbC5wZW5ub2NrQHNwb2RodWlzLm9yZwAKCRBNHpAOFMHMBMFPD/0cePg3 ++HswrdBK7aHJXrD5j+5ExH6W8VeRRH1Rk8bEOgf9lWw36qOxZF4Iz0kJZZcbsISfj ++K1/SRM8bQxofZRXVvdxpXOl6lOR/aGAL8kd/TYh/6H+TMFz5WZmTvGP2Jvgltk2W +++9I7n1xTboZ3GRZKqBzA+aAtceLWx/ofP0YRlduTIQboG0/WQsPbKORPKoM5syyE ++uAO9m9ZbvPJRRHX/O5yLgeXaQzGvkyHA8qYvYN267KEDVBqh9OSo9B5SOibk9LBs ++Kq2Yhl/XBUM5o3m0qml+sdwciNTUtQRyI7xBIjM7z1dGiHSJOo5DypUtQ0jgTVi3 ++gYftu3lYiuV+FkWrhtTVNjtrKT1Q/CE9LtPx4RLhfuPz8yYRRhLunCJSriIWAHTM +++QIdBXCH6Hu3dig+W1gPd0+3+5oqJCyZu+Hk5c7O8RyVE7zhriS+Zw2oLhhUyUSa ++E9sldEpzwK0oAFp7sOtQcWR3Qbh0lKrK+Mh6AQ3f/+uUVJruqK2CI6D4SMP+BIl5 ++RUOUGUKQ0qNjeJ7vuLtCkma1bCpr54B8S2uLGDe57ox6+99XClF0cv7WANWLKTBt ++gOooYgtTwZvbZCeiMZLIBN1qjyOcE7Hkv0Fjvsgt0NIz4vcN4Yx2AJxjTMECLoFs ++k3HkMWti75tQeCGMCptMMJ02yrUsTv7zOg+sr7QsUGhpbCBQZW5ub2NrIDxwaGls ++LnBlbm5vY2tAZ3J1bXB5LXRyb2xsLm9yZz6JAkkEEwEIADMCGwMCHgECF4ADCwkH ++AxUKCAQWAwIBFiEErLtDJDk63jUV2i3aTR6QDhTBzAQFAltI6PcACgkQTR6QDhTB ++zATWUBAAmvJG5cz6hJa9RgyQGzODGWZi2dj27u1Djjz34wY9xifqFxl1/s+EEZ6M ++L/i+UmIzprY++4h/NgoAQGDBkt/EkJojmVjhwr3VHRzoi8vREMFkyELi4lPC9GmJ ++QP7wslk+L2zEVUuGLbGW8YXAUnUhwmMk6DQrabgubc6W2xL1od6TQZw7CUuLtiqz ++j8/1d8Ck8lGjWwmSF7kPhW70gP1AK+CHIRb/wOVZzhK3TG5ZYF5QUGPF2lL6yGJe ++6aYsxfn8gV5MhikG8idbRxIDiSsbvQNeHMkjVGTnAdz+I6t+x+rhGko0INehjULY ++JroxAmwWTH/t8qFD4jHRapp8d8j0sCCxziOmHAI7bi8xQt6slh8cHkmEGpiIWued ++SaKLlcYeE6ZkNvo6hKqJCh6nah54fybmlUD7Fa1hCR76l4FSPNBoGo+UIuikob1s ++6SEetzQa7ZNiIvkCVEoMxXWHuNGbZUjec+6kN1mfTjspJLtVgPo4C8jL8icZ1TNh ++0NomLpjQz/0MAxCMaIsURmv4Dn7AdCwlW/jXEiR9gt1cjGY4xFZ6Nfcx1t906S7r ++bxb4O8BtyD9Lmm0SPLSRZRqlr1eyX7sHWuCFClxO9i4CD4XKQ+obU7veo6a6xTrn ++Ylh8HpGP/spY4qjyDIArvt8W7G/XJUmAUPAiloOmrMTaraThvcK0JFBoaWwgUGVu ++bm9jayA8cGhpbEBwZW5ub2NrLXRlY2guY29tPokCSQQTAQgAMwIbAwIeAQIXgAML ++CQcDFQoIBBYDAgEWIQSsu0MkOTreNRXaLdpNHpAOFMHMBAUCW0jo+gAKCRBNHpAO ++FMHMBPQDD/9mNS3hjVL+DG1m2opXB92yyVcg4GARpVmT9lRcpYk10MasaDh/plwt ++9cEZ4OKYVOJjEO6WWqMreBb17djr3vkB9jnhkTUyw4Y4vNcmdmlt5NnL89n4Eq5x ++m0TYMUfNyNoZEdtRFcH59WD9fk7TUhhPS8JrPBV+TmKrIlpuPXx4Vpx9K97Pq4rV ++9TpQZGGRcjbwSNKecAdI0WqZ0cfEAWMHVq/CPMQzmBWSOjrqUw5JiPX1mQN7RuWr ++vpWXDiR1s2PYhVI7tgaz5nV478OW3MmmLlz5to5z4C70FFzI46ylw5XGwCZPNrIO ++rezTZC+4GGj98pz583eg7HXS+5bt2FYeckClha9fs5mse/vXvleA7AGs9HoG3G8d ++3Nt9vCaj+pI/VTbOp9+gvtxfg4DSriGeNZoTQnzbkkVFQe/n9FYNtsco/MPugGc4 ++w4fBpq0AIJw66raQsFXu/30+aICb1nU/RgyksXLlL7oQ8fyZ7xprfy6fAAsuvfu7 ++lI85gaWs1NboLhP8lLDAD0/rg/Bu0YGfxEfguDEIrTTmN26+4i95TiffCqch54Wf ++AQtzV9CIkxsmPxVrrAh6HEKs7gEBFIaNew8L05uUzoQnwcl6xOcbGSJLyG1a6+6H ++5IakDkcnypy/LBOPrx8HyqO4fOR/4GJ3oV7hm+e3svnC52hVdmccr7gzBFfBMHEW ++CSsGAQQB2kcPAQEHQCX+QrQV1F1aohqbdcUODZcwbamprUoLIXV2nSyLiSx2iQJ/ ++BBgBCAAJBQJXwTBxAhsCAGoJEE0ekA4UwcwEXyAEGRYIAAYFAlfBMHEACgkQURBO ++Zo3QRIH5oQEApL+jd0x4w476elQ3F0M002NXd7FKouy9ageBM+oHS4kA/28oFXVc ++qDraz9f5bFnwX2407CDLKaz1Mp3jijvRp6IHqf0QAJGX5TZDr6CdERY5cOTCs70y ++02q2sVON6dxicE+UAxOL1nqpef2FiOobu4e+OAGYZngm8oNQBNNXA6ETc+Ug+zUV ++P5p3MwkpFAC52GWF9yqOjOaZuQx1QZoWw/Whba2ix+rZSSi1zPaxrL8iQpe04Mt3 ++IFwmLlxYhT2Z9uDF/lotROTW5PIcWmt2yHYbdL0XYrGp959DmKNGlprgTBbWTeuw ++aQUw/SOk8Oi83qv+8YdZNyuaxLz3qh0VSxx9vQnGMbslDpi2+hXOuTJuMVs7UtPt ++sFgZPOQIWdNC39otlpHQE6z8ezRlsOX7LFf+1CFPkPjbqrs0D4fOEr+yilo0Dj95 ++ixnCe1lODykeEkwQE4XdlrIGjLOdi07Q/iMLTGQDL03PVrNXt1ak8pTJI7SZRsQu ++lL3+Tqb52HynBDbuiwSyjqdCGAZ/oRChWrW6tdg3bos9YiivPgIswCfry0tc3WGp ++2ygCbWFvgHZmxU8nwusrTjciIh6b1xwG/webx/lBPMiKyRC+F1wLqdJBDo7bNuo3 ++Gz8W733vBRw+DWSDPBebW7kk/k3JH0jX1MCdv+zO5wuur8DdqDLLlX2mZOTRZVJc ++Gg4jQ4EJ29akJv5bSwa1bFRXN0K2uNSGbtfHrcbDmg0aU5slv4vtsxeUFhOEcxHH ++CwCfgTy3SEF+cSlWWIbMuQINBFfD2hsBEACqLMDpuA+/9VWscimKTs7+k0BiuxfP ++wNJAYYznAVNFt+GE464v6YJNXpKt07BRzDpuivaDPobqtFXc2nvBHcCUOP6QTUP8 ++9rOC/bw039B+KRaPlQJTGbPKL/kqIXiK5ihjgSXdHDCmzNFHuec07pWgBMI+LYfZ ++pKIHGsFVynIL53mmhxavGTCSzJrBd6pyhoeCzMsIZAq6pZ0HKjfVWP7B3yBJfazC ++r2V/HkOmKV/vPJT+oflE4f+PP5tTuvEWE5UXM8VXnROMcxaNHLB43Pbh3A5neGgF ++m74Ha0tfWZHrZYnNCFRGbxp7PnfbKL+tZ8xtyQr1pQ+x1y8Bkxj1MgiOj55MmRmj ++xlVJ+L6zyB5Tw7kqsaBHiSDBWUz6SJz3pFD3X3GPD/nkNqhBhSzFM2qxHME3CkK+ ++hU4jOEkcZpHhsjL+pXVudGNHIByDNj9lqP7vswg7cnGN7QIPdpBdvgcFg4qZS93L ++sLJlqhNDtCwd/Ut+QNT6xE51HflZ+3/su9FEjUFKZMEtAu0TDoaf7iV9VyD84wjL ++WAm1GVXpDh1/WuSUBifMfTyHXyLN2y2Ja5D1mws1g2ywzHBW/2e3gUzYSd4JQEWL ++Yld0kZhQ5V/Y9Y19jDpDUUgxkZmb5dnHRaGwmyx27zReKqN5NF2tdeWsUMibZkEQ ++dib0n+WnzuJMYwARAQABiQQ+BBgBCAAJBQJXw9obAhsCAikJEE0ekA4UwcwEwV0g ++BBkBCAAGBQJXw9obAAoJEBPa2Zx+QVGcxvwP/2aIUD60sKExN2fLXj7mMZ/wWlDn ++CdqvTGD7lrk6r/fAQcaOAgajCMEXOPZXlPBhdQ4jxD3FLs52CNZkcwzXMbspz1lf ++IOk2U1UGhmnAyriY4Uf5cRu2RPR0HYwOBB0xr69SIrsmlX4pf1AnulE7CIY/oPBj ++B2XQRQ7ls8sMqmm+0TxRysaosHGu7Vbez5iKBm3p0rEh8TcVkgMivdUPue/ip+mC ++aDCfGeAiXLXWtiEiwaS3Pq+QzHhZtBvShWlc3k2mCFlrGQwovPxY5SqGs6Qwifrm ++nGSSlyaAorDZcQEkZe/HP2/qXKb7uBD3/r8t2OE+BZKwJxW2fIpaO+u8k5EXSDzu ++xRqSNj3wYUI2+WNQzBmAyOZ6XBX4Pz0xZyahtXCzJ+5deqCnEtJI1HdPSvM7STE6 ++s6BmkhUl8weSAD+7v/HNPWvQXYFoeGFeqvoVOCqB7jJZUj+n/eUh9PxsOtwdJlvd ++oODuQIYyzuSapm6OPnBKg+v7Bp39Ym8j5Nfe3xqg+O6CQVH/qx3NoFrKfAaLKGsV ++++jnf894b23Y/fgu84Myt+Kn8uOrO6jbBwiWLkgn0uzmO57bi/6F7aMQwSxcMcAY ++3DhCoeXkeYq0QRZZd2raPbA5r278wPXWg/U5bHenGYX1COWlRehWqXkqR9ZJYY1h ++TT0/WSAK2ZLCGTK5tDYP/iiHbpeWlZhwgx9JkfmgL+N5XoAW6oJna3tozS+xVM5p ++xTaTNO24vnQw+XQxkiCFwtf81chd/oXhjWpLg/K1vF0AWGomN9yS5dtKtlWZ0H/3 ++KeEGkKf9iRp8j1bVNF6mBhb8Xl+nKLWiqE/uezx6OYBFJuj6WpCgbmaRUbmKpX7P ++++JuOosg0n+BzzJYAIKP4+/FLL35qSpLW+DuWZaXbvgS/OgjJUL8AQj8Nwk7ViRy ++hBRwSAvwpdcwvlAH1VfTHfpQ8a0jjN1Nzf8Tr9Ijo8NQnsa+5y6Pmf6l40j4C8HP ++sMB7SX8ptFig8lnBRPtzEWj54/WtXJwGRG10XW4rdQU5hR9Tufc+WFuRfwdLgrhP ++TnKGyVG9zOkTd9Cl4j58tEsju+m4HNkUN5goouvdxHSe/dmA6cQAWf6/nhJ/uSM3 ++aJPSUOtZwPZO7/NzsMgkwZTLXbehm+9xWMkPRt1QT7V5MgfxnxhVoIeoPAEYBo8t ++0P2GXVMNZdZkJPoViWGOei4iPE3rj6NBynIIoEZNDEJ0OQOUe6Naq5AaG/a6wPa9 +++ITzKY8VR5KMf3XgcKLBlntyyxTgnHY7j5VrhxU3+mUrnwg8LIN9Sx4oWDks/SEB ++7KN3KGjSgczn1k3GIJRF8BhYin5Cuw/+aD16w5gSHxUhIgwH2BbM5X8eopbp/csA ++uDgEWlPNvRIKKwYBBAGXVQEFAQEHQK1DtStYAOrv8CKh19A+Grx4WJusGieqP6kN ++cPu/o4dlAwEIB4kCPAQYAQgAJhYhBKy7QyQ5Ot41Fdot2k0ekA4UwcwEBQJaU829 ++AhsMBQkEBFIAAAoJEE0ekA4UwcwEvIoQAJFgOFOsevc8GDLKxSV7hR3tytGLlfss ++Y9I+PGOt2Yi6S6v7dP833FLRS/TnoKlDof3A7dw87hNy/FFelm+GUz2gWCIjGEk0 ++yWqvHYfjwryTug5713cmtKBdLSQ9vxD932ZH3mRcWNmaN5909nh8ugf2TCchQ5JR ++KmGSthukPE8tHk3T5hldlRW87V0gIexJoo70RrvPwnK4dzYaA9F8SZ+rFGYTpTaK ++A3/L2CwdPIDvi73PXAkieHISOc/u9YqPR4VS7P8zD8ckCpTNZ4iAOh0mFJsozMnT ++MGekw3cozJwKxsfWCwUMyQasc0d8Yx1fJIdIOrJeXvIWIFZQrhrwDqUVPyY4jhnK ++EiL7TQIrWuYKopH3AUmKWxA9T89/Oyrsjqu8ySDT//svOF8b4VUc66y8vR1s6oUh ++8XA7sCj8TA04yxi6vzux63xQIA4DUljcUyifcr4N/RwKcv4Nd2Yxg4zY9Y81/raM ++lvEysnKqJRBpExzUmO4Zgap39aRRwSCieH3NqYkZDsVsUrcAFcU22ir0wwba+S2X ++LkedTrTB7xrM5Tdzg7EjaHfrwONOobWBn8mDEUyYIW+kuwZxdS6h5wJZRXJ6p0vZ ++xEpxpe7WJ5r6S0oFlyPU0EYVBMFbHuG49Ml504sGWn0uwLuJJZ0sQ1zYU1BgAOnD ++J6kx5FwtQIR1uQINBFpTzYABEADF6zFzagbZqkqKDYFES5aEBZUuy8dDZGSr8zMB ++sGZ5A1OJHosGZCnVA7w9265rUIwPimQi7pOC30chLcfK2bkMFZUt4keC8wHaY50c ++VGIc4xA4MMrdkg2qSBDMP1H8+i/jrpbYKSq2dH3VmdFFqxvJs/XYh/ZU+dRMvfny ++8SULvi4Gp01P3PLIcn60WW0Xt40TbADl0ueCM2GxgCbbWjvt09MvMwmj506JewsW ++bUhFDjJH9W0196giDNbSi03vg9nI3lfpFC9Ao0mNcIobyffL1E6ounBeUcA7yoi/ ++QPQTB0dtNcIvtLDLCGWTw/Z42FGJQFLdHEf0cINPIL5qiJlCvdVsHhVeHKA5azpB ++TlhvnHH4eSkGquKI8Q4PIzGsQM9PG/Aa02XC1hve+kRvKWMqFWjoTfc6TcI87oEV ++qMa9eNOZIk7UG46Y4dRkSBSwRVLanH3xRK+zPnMJ3X8ePGL6yna8W2XcHznR9xyN ++zA8GoNpA0CX+SyM+xpVH+ZHEBupvArqusqrS4RPaOkZ2uurUxOJ2N91Rj06IydlR ++qWkhFX0E7rEURnBxIZrMhVWbYRufn1QiRLXOtfZF122QfLx8L1oPakyVG07TPVnh ++gcmcDny45ZeUnz8V9/gyKDopT3OXdaxqe9Ovh052QwWg4HtnGBdlhJyhwQAy9yH0 ++gEOPtQARAQABiQI8BBgBCAAmFiEErLtDJDk63jUV2i3aTR6QDhTBzAQFAlpTzYAC ++GwwFCQQEUgAACgkQTR6QDhTBzAQK/A//eWA/Xd2SRObD6CEw7fhmR3J5afqifNiS ++vxQbbkZ4SIshrEs5wZF26IUl9u8uHeSyCrIB/vB4/NmCk306ATNQ1jlnQd+OKVfi ++C5Qy5Xi1T8o5W+chsy3PCGvdzG2vgvACa6vyKB6O3lV6F+WQ6GAd5NA9536vW7KW ++AXfwG7TsTcPzmRmXYb5ZpfI4g9gLw9ih6OzcP5+C2BDppWoQjnVj1+t2lw0SuFv1 ++k3H4MnhEJCcTCURu6I7J6gOtNW1YJB9XRJX/9G1RiEV8R8mTUZ1HTj3T7nYRZgna ++enRsnIs3l4++dFQgGJgWctLcqlwdBr0Vc+Q8gmbbQo+RZImHXByIp7Isu5GjNOaa ++FpHS6pnMa4YWy2Zb1w4TFDZtKQLJFh9xlnm9raJboLkUH5IMZwM9GSqeSe1baXxm ++3Rd05NAhqaB5C/3e4K0x06p2s/FTlnKKIXDWjE3LaGR22yiWN1hJ0UjMNp30IfKW ++XjqdNHeeuhFkh+LzlUW234gAiPp6b+S+/Mad/qMjsuYVdvEP3NN3Wa9myA6dYNV2 ++TiFKH968gp7dibCzhq2VlKGDS9EElDxPyQ2Ksl8TQInWB87/OQIVcoSuyyW/5SCQ ++clcWTJiMl+u7iuYSVqeRRFpW8cXNqvBQvWlVh6xS06sdbViqUUAx9UHkDHznIZB6 ++gWTwHQbPYW+4OARcPp9VEgorBgEEAZdVAQUBAQdAjaETDfBdtd++tzqzdA+vU1v7 ++packRBfYKecXc29VuAkDAQgHiQI8BBgBCAAmFiEErLtDJDk63jUV2i3aTR6QDhTB ++zAQFAlw+n1UCGwwFCQPCZwAACgkQTR6QDhTBzATTuhAAiRBqsJJScqkUDI3sNOTQ ++TDk5hfAKsTYmMYa82/gKrPpEuF5bEb7G/YSW2Sw1vARB/wo3JC4GprZqVkMFFZBz ++yOI/TPT+ggpF+1sdu5WZaqIrpiTtjDF0VYB/1K54UNx1SY+98IXwmKkN3t3k1wo4 ++2mM9XzFtQAS1GEP4TL8W+Q44BDql2DIigVBpI/IM9X6/JLNXzZ8io5CVbWbBUKfr ++ClVoJvzIs/Ns4hzjBYt8A2o7rl9IIdlE/6cYpAjOsJ835cEojhQh2vV7cpYY7qmV +++IeYQtofX6vbYZzc0qIZgFDy4D4l13986R/O9wzRyx7FKDuo1HRYQjgzEjRiXSCX ++0vPn3S6pv33IM628+ylD+Obw0Lf/UwGptECIKQiMJeJ+KxauUdhupJqmDh0BI1QW ++6A5WKUHLytCjEBJ48HVqavVupXqzILEO/xFBQr5CnTXMt0t3EyMEah09/gNPLhHa ++evLxehC2xKyzRfnuf6hdypofbpTn2vQXGUsOtvtz5aXjxm9OSmqCZJ7Q6DIMnEl0 ++6UYzHAVGy0FDOJKn5x/zBsaEaPUwVKfuOUEof4rK2p+iEc97gx3gvCcRJ9WsWG0w ++wfvoXnilvwdPioElEE0MJCLG5Hyso2C+juzigcyv5NYjt8evcMZzyItsg6pOTjK+ ++vOAvuIlW5ipRqLT95IG9zfG5Ag0EXD6fgQEQALK+iIAoBZ9Gg+pLcxBoMC0T6w0K ++6iEhMJTK6LmKRsVO04APxpGcx8815GIH8HrjJcblQcb1FEzMUY//I6Yj3VM/VIuC ++rRxByqWu/siW/A0qY6uJzie2wo383KkCek7afDXOzokJu4gvFqV+sMeX2y5jfJ0l ++dpLeeT7JTCaKEk4+BDibNbCoO7E3xBeqS/PRWhkrKG3Xo3p8eHH8GcnbRgJAtC1I ++PMXPl6uynB1JJU2XfBn7l3kYbDsqNhsdxMrNbsVeUZHR0tBNc4lxtECbmAJnt9lo ++8Tjid1fsB0Zm/DdQr/zIdf6hbcdFOljnfZCW7kg3fJ6kUnFVF9hy2dMxvVtzq0DK ++6da6GjYIq8NGDJbqey6Rhe7SXim0QpALPerGLGKO8WWLK2ImITWcUvDGmjLICH3P ++5leURI7OiaX9BRWcY5IRVDONFdGOE8WRBBT4vQoSLd/pPU+HFRiVq52D4ZlZbTxg ++svdq2vmbhdapI0xVw+P86qPewXbbVpJod2k82UanHQATjMSuQ0EdBWopV7UhQDHi ++mhe64rxQ6ElQOs+cqhFQGgis4oprx1seWW0Ur5rbhrOESKXsXZ9k5CBWoLmn0/RB ++tQBRVN9gZ1WPDIhktgCkOLAV0u8mL1SpeVv1rJmRmTxUkpGip3IwC1dDJI2q5b96 ++gfCNJLyIyec1Fa/jABEBAAGJAjwEGAEIACYWIQSsu0MkOTreNRXaLdpNHpAOFMHM ++BAUCXD6fgQIbDAUJA8JnAAAKCRBNHpAOFMHMBJP2D/4rv9HtPbxFRmMpAG5v7MsI ++kvLy37GNdXd30wgdoyFWO6S9cQAPQaU04xML+RBziXF3XS/M3Rs3Kb3lhPhqS4U8 ++rtNkzKNc2aoD5jcZZ0LLRbhfjeRdawPgwoi8lHhuE1zP2rBvBZSJJTvIuEShuAkW ++rk5BLs1gOGdLvdY01Ijr/fZzNDtwRAWFi4u+2hlKJIeTchK9BmBwIAUglUwMVEYV ++GzBwf7HJ8t28+f3fr3A/RL/5JH4DBJNzRNkqOMl+EUmPtciiCCCbieN9secUrkKW ++4626V0zOtK88aLry/8B+6AEL/ciYrYN6QQTY1eO+Qlv2NBbjSTWK+XHkYKnvsEY0 ++n9a8vozc4IfYwWYjlBFw41J939NAvdgV1DyuaIeahCpkmhEqCk6SLS0W4hep6i+V ++quZg9ya8igsLCqD3QcXZOpBDsG8Teo8zA18HNjCO+H/MF/uXBZTME7rZh1OwmTOm ++urZdLFrE8H76GR823i2QxZ971uWEul1R3nTmZmT0BfO20ZrZdd3flkZNuOMv2EvE ++iG/uScOy2g40HskYDNivlJeDdMpQLEt5326J2MVAHYfl3JL2A+577aAYFWEfwj32 ++FUpSaCvrd29drICL4nCAtGCL7iurNgGK1/sNMFrCjba8juP6wUQTmWsQzO06ER5r ++3Xbzl63taYLysDgSXPT+/5kBDQRVgAbEAQgA0xX2/RBxhog3pf4hc1NGoNUbqB3y ++/9Pc9cu4kJS8pzgEE0UTcAlns5qqQ6eswxTn9S3adBHRELVF72uYNpZt6OeqPpp1 ++6xEK9dbmSHLHxiHJO8lf8v9eyOwKYFzD4P5nI4nzkzPQu/j7YIX941IY+BK2DBUC ++3pQRhGWYn55wKByzhAB+9AxDQiNPD32EURupWQwdPZz1u71RvEW0VFo0MsUFFsF7 ++quIEKIUhQ6heDRPMwxxPw4Dyf8hcvsBa9mm/dA7BO7zmG+NsveZHirUwaffP2O/9 ++sW84vBGK1wvtvdXcGRCzB52CxebDv3w3Kw3cK3XtnG2fsLaScLUmDzb1cQARAQAB ++tB5KZXJlbXkgSGFycmlzIDxqZ2hAcmVkaGF0LmNvbT6JATgEEwECACIFAlWAFgYC ++GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELzljIzkHzLf9AcH+gId1Frl ++C9S9sAoYx15Lb9I/KEJi/Ag9QFGJIPuDUU5GU5uZ4GZTZOGUiQe7KJ2hJs7N9H8P ++c3sfCzLQjJxB0GLRTW+q9TNkHzEvGVHXmlDZpRh7vFJx6q/mk5EG0LL4bP1Gi5J1 ++pTlqnbDNvWd9dchgNwXZRscP9sHo/gLUUms0+HRCEj/CvMX56EJoSFVGd92jFQxe ++9Iop5gH1n6lCoYEXLa1TC4F8SrWIjnkxlw7ZtnZ710xzjt7tDdrJMHOmMDsS49V1 ++8Fi+ikCce+/9kqlRwyVXhJDBG/Vq/3v5dT4IFPn2MS2efx1mxmrTZqERaGDbghpa ++QS/VzrkCvfD3CMq0JkplcmVteSBIYXJyaXMgKG5vbmUpIDxqZ2hAd2l6bWFpbC5v ++cmc+iQE7BBMBAgAlAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVYAYBAIZ ++AQAKCRC85YyM5B8y34iFB/9wozIYRogNdY1aejFFixb6++y4b1riyjMvWEULeEzD ++lQ0lMT6Z3PxXhZILD4y4aP7Kzx0ozXa5qaKy41EAPKQoPipnRAH04QytJbIERvz8 ++Tot/LeCVKUc0G9DVxOPBD03czTgqgz4EjV2qvnLF+rTU0YBevrNCluKosGSd+3Rv ++LWVu0hBhn9pELKfXJNSQXZb+TpHDhSDZ/gCrglBEOhA6YWbDb/4gz+5TFKdk+B++ ++iAQZSHv7zISabjN+BPYgI47A+MU4JycoXaAUnMc0l5ba6fGNaIrzruE4aAZrlP5o +++7mlU9Mm0QJqdqYxYPAiplJGrZv+YXH1fp5ueEK3l+NGuQENBFWABsQBCADphLHa ++KToRuR/E7THerBiCjDatwCaETOKOTY2zRBQpaQ32p/F2XIGLS8Cc27+grZSKQ6ZX ++0ZN47O+AFyFHF8DH90IXZFpJR3Rb8zgXT8jnLX08DM31eECZHnRzFhGlOmq6WAUl ++qB3GKCPUCY2c4eTRXyoXLteTxrXCYoj45y/YmvlZrlonBNjPBAyHiO/LNz+V7fZt ++NsN7N/XGrnLbcdNfNd+SD1ENmbLJ8RvyymxguTyB/ka9JdjHHIoQEJ6L166B3hhf ++CHpt8iC0GPZkti9IMl0NoJ029jJm3Jq1qEceEBn5H5QMGn6Fq64iXwTsO1TMNUwp ++Wx8pjvV7wVIxjI8ZABEBAAGJAR8EGAECAAkFAlWABsQCGwwACgkQvOWMjOQfMt9N ++6Af8CS2CTrMQFdhkGEtBXmL4ifD8UHFkBRBGmM8ZL2fWUBTZXT8mrdRMOK6tcPnK ++WaCvWvKr0knt970j/DyAgFmH8hgOi3yctigFecVDjjilAeCJMq38s1tYKYiLDbBd ++HWtdkA9uHZwq3lfd3QxcEEO3QamQF+dO7h8gAOXlG+po87Hm+E0wz4swIB8+S37J ++zrx9uu0LSFDfJCTK+TIKGa5Un8LxPxyq9WnnNDh72zK7BiRidk/s40KcNod83NM4 ++Hn/sbGfyLa8sS0F3ME0S+ocSMOiu/ZHHOiwpLYNbwTJ7stZxGsrguWeT9P+amxbA ++/YlK95LedstwvN+WcHZ7d++ArpkBogQ80tP1EQQAkRJpVJz3ks35wtJtqEFeHks4 ++GI7JIi38GfvkJd8xKz8NAKYR+5veXWcALHE5twkERww3f0WMZCTAGAPo5sPHFV9a ++17UNlEUZs8tvyPqgVNTQj66gYykaq2r/boSwixrxMHaloNnap/EzMDXZRE2x/kdE ++EP9ZSvF7VtDYhwvCPjcAoI//AL/In3aVUpxadUHrEwFcHU2zA/4nEWDmeSPeA0kZ ++ORhp5g/pcoX4/no2G7lRIINooFfR7lyTJwSk57sK4rrJE63njUAbwQk5bR60XtS7 ++owLZbG4saKE4FFOY5M2Pifz3jXy3dSfbqKkxkOxo0+EjHyrnrUkQYXEWWL5vRTPu ++eL7LpinFxivqgXz1QR6NW5PIKCcYAQP/bZ6wKCyFD77OHeHHvYeQRgNshvUsp898 ++NZfGa/uHKKJlI2yRVfOmVijzOp8m9kYQ29tBEpGZwqA8WWPqebfXN2okCSkEFfBo ++9LY93O/ziqMjHj4Gmx/e+dkOrqYmeTJd5n7Hvyo2uEx0aDxI5EMwJ++48X73rCoh ++Ifn7uoLCd3C0GVRvbnkgRmluY2ggPGRvdEBkb3RhdC5hdD6IYgQTEQIAGgULBwoD ++BAMVAwIDFgIBAheAAhkBBQI80t8sABIJEP/A8UyExxtuB2VHUEcAAQEngACffaHN ++1vFAND3qnXOXF+C24rO4SOUAoIO1O8makm1tW0Qz/JLn5P/OkuYPtBpUb255IEZp ++bmNoIDxmYW5mQGV4aW0ub3JnPohgBBMRAgAgBQJEZGvMAhsDBgsJCAcDAgQVAggD ++BBYCAwECHgECF4AACgkQ/8DxTITHG25QYgCfYIDwuIdv3sjJX1JcqXxcy6kJIi8A ++n3fN1G9xTdgtNTi0aL01rJl1gWlgtBxUb255IEZpbmNoIDxmYW5mMkBjYW0uYWMu ++dWs+iGQEExECABwFAj0XOuMCGwMECwcDAgMVAgMDFgIBAh4BAheAABIJEP/A8UyE ++xxtuB2VHUEcAAQG5qgCePGYX+2/SUFlhIlTtJt+cq1BuP+4An3OThP4AU4PT/9Qv +++VBQusMz17XctBxUb255IEZpbmNoIDxmYW5mQGFwYWNoZS5vcmc+iF8EExECABcF ++AjzS2LYFCwcKAwQDFQMCAxYCAQIXgAASCRD/wPFMhMcbbgdlR1BHAAEBwE8An0Gi ++R8w2XDM4Tq2I4aG6YV2sok26AJ4nxMCidQw1WcT8cVr8TaE72j8JtrQdVG9ueSBG ++aW5jaCA8ZmFuZkBGcmVlQlNELm9yZz6IXwQTEQIAFwUCPNLYkwULBwoDBAMVAwID ++FgIBAheAABIJEP/A8UyExxtuB2VHUEcAAQHwnwCeLGp7ZuYNsmlw9vQihPzieeEn ++eS8An2w4sBCNZi8rtJ0nIwXXRhfQIh8euQINBDzS1BUQCACbZIRga1GhFT9nzuME ++KZro2Hz3O/hk/kNJ2igl6zENbwyuaabIIYkq/U3VQd5HZHr9qBsYLAn8trjwvybn ++sEAcmAZrSiblOhg2kVV4DIaVcIXEa2mg3mGZtBiA0BF931kpS9O8cW80mZ3sJUql ++BAM5x4yxjdaavZrzwXM6toawLHfUzx6PyAfSbFZh1fRmGrB1Em1VsdUup7VNpFdk ++8iqQUuJbhdWe8usiFkvacImY05VnVBkn1JJE7urDOfXQQMb/UuUPE2OOE1EH4R0I ++XC08/OFLq1PeounG/fWZjebquiD+jTyLpoTiQKj7x0qpcvhM/6Es0slKMmdEmo9+ ++RNQvAAMFB/9LZEIdW5/wYSMgTuEvc+cEHyPmaUe56XimdWmEFIxc21C29u2NtB0b ++o715YxT6FgdaCTvqF1C5AmjViPu9k2F8ykQ6mFjGrm8K2HuXRyeIRA6Zqanhu1uN ++uayLQ34c9sCjkXPb5PnhzBxmWYSmprq5nh+4a1aXt9wUX7bOcr2FqH2KJ1hhfisn ++QXKzKdwDGyhkDEjsHAYkqSCVZ9B2CRSDlprYbSiDKn1Zi1ktrKhSiE2wShwXpj/v ++exVQHPNnV8Y+oqwe/4wY3T1+f+QfBxzl1nhL7h0o2funn1xa01W3odrtWpQdGl+Z ++M+HG/BZfTs4qnNi8eRy4H5ColoAwLuGDiE4EGBECAAYFAjzS1BUAEgkQ/8DxTITH ++G24HZUdQRwABAYfuAJ4k3jgHTXOHznfpXNRDIjZqPPjJEACfXAql73R3KnkOqXNQ ++7FzYXOIPK76ZAg0ETo1xAQEQAM3ku0av9+W+uN3XuYI6Wq1EHbq2PobiMBzlVRFh ++t6NAZttjM/kv58It8OjTUxgsjqN9+SV+lwNEeHav8AK8D40FNNWs/5dfz6zz5jj0 ++p7/f2u3g1RYL+31RoiRX7SA/cM9hADYax44bBoXxXu/cFerpWvCjJXYqUPi8BhRq ++EnnZXGxkb78iGu9mfYyOYDJvV+PNliv/sZfnrwIp1FjlVpUWospd0LtnNFk5uDNH ++zfNprdygLuXdwVG2YZGa20OBQnxHc6qnZf2h757KXOmad0RmTMY9mIj3RWZlyG+3 ++VdQn9VGlHA/GYm+vP40lZWS3MNTWShq7I6aLIHZw7r5FxIxqhAhf5OnKoln3qt3o ++qwcLJOh0Xf3fGzvfRXbilEldJuomnIE1M6N3ZPznowj0IhDRJG9NQkaynjHzaP7e ++sm9IoZMKU/AU4mQnQppDI8whq50/Q92ypQtKgdeIGTeT7KPq2D0JrzhOuxKsvHV+ ++8ziwBmmqjmkuuINuXuOLq1Rmi+pbToxFPusUIyMlbQGTyM+nav/kBJ2O/fcuPG+v ++73B5gcnn+s0n0xRXDetebINtSHv64Cb/Z7bjPbrETouzEkHwnN1GpFIypd1/wmyK ++5AtakpkHBiiEsP4Qor5t+mq9MAcff1cs/P4fHU/KDf6eRxAkgexk6Ifm6d5DJ/mg ++h3QxABEBAAG0IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAZXhpbS5vcmc+iQI4BBMB ++AgAiAhsDAh4BAheABQJOz8S4BgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdizaZ+Lz ++WYZuEACxAWE+2BQnssLMANzx/PIfedbomtwnORp+FwSm0MUEOEEVh5K0YZiDUanO ++0jAVH8VLWJ0/k9vxItOzrUcyl9QIyje+Jhfqe7PIuyQjNreynPv8UiGSIacIG3+D ++jo7VEN0SaGI5S/pHvGKJl+oHjGVfyFzdp6o+GvAmJJs1wotnYO7ln/L/6f4cpPwy ++2JQ/h8MaURugDVJEOs8U8YJ88Ioa54WjbLtjwJ1iaPRv035PKOSbk0QZ+ahq+0sk ++ND1BubPA9iD4DGgAR4aaE/ZmL1Trp3a6AtkcrrEvcc60yQvgRLy2fid4nQL0+/03 ++4ybjqz6ZK9gVCGWK+DBfmnBtEEFLLbCXae1du4iDTTdI5pcm2wpe0YiDvJwkn1Ub ++LICm3yTJ04bzBo2EkhT1M9uYCIB/ebfGv9qxkeZ5wSUGG3ftU6I9L6nODyLkgC5P ++Gxf369LNQ8ClCRoG4lGAOJqCGNeuYXu/0VRlcJuajOPWIEmiVsIp7QwhqMe5AyTA ++Xzs9Z9BVYuSyxgh5lqLC7fwkaW/hfq9IsdoOHeZCFPyXnU9ZFPHTroC1W+Wy7orC ++tvIeSdOpOPFX05M5Eozm/DZ+MO6u/EVGds8fDcuWOfgRRCrZruwbPT87OuvfAx0m ++nmc6iLkk4J/HXbvIgYx2Rf7MO8K2Ttc9nCo+hVumzHp/21/h27QiRGF2aWQgV29v ++ZGhvdXNlIDxkYXZpZEB3b29kaG91LnNlPokCOAQTAQIAIgIbAwIeAQIXgAUCTs/E ++uAYLCQgHAwIGFQgCCQoLBBYCAwEACgkQY3Ys2mfi81m0ew/+ISlH4dOEyw9mRbCF ++sa4BBP+utZR2mGTYv6yQJIV+9/m6Tz+WlbloqrxZGG3CLwOPj80ovCl7ioi0m8bV ++A4KgSj1iPWYdnDo9mJJf/kKqfkwD5403XufpXPvjFJuytEFNgiUGcL0cJy7cDL6r ++I+3ZRd+zeOqEjqnD2+iUbA5iZqCVJ9cpWYY8rNKgMPQPt1VcVyCGnLH+zsa/uVQz ++EyZsnJXxsG7AABMmGBIKKUNkfGfmxDlU3Q2EgtOdaDtClB4nW0RlPP7p+8jPERbW ++UqD6fPDuMHVsq/cW2oUq+C2CJqDVBqSS0ECn/hLTCOKSiEw7OTZJfEuqvxpIfJ4a ++pXrlUP409+VJNE9as4V/vBGlALOAaf5FCedCvleguMATBAqDAx18r5oJCgpG9fIO ++7TIL9Xmt4GV3DlOzFL4YEs3J3SymYvrWhk4JjvmzTXTpwNTAMTCaaFOOXFqVcj6e ++Z1INROf46EBlvVQyRS5KCAKzudHtgnMfm3gz7Q9tMwTuGIGvoX687ZQD/WhlAK+W ++cbuPTKXgpak8k5wqBcgDGwCV0o2gRHJ6SFoIWlGYp8r553gfCaSuCOM48AYMGjdv ++g+itDEwyY8mMP25EWuFOr7/C/dTUx+mrwqTCTHaPUnqJC1bjxl8QB/OSX83iv6tW ++546xgXGvxyUpLE/t8LY+1wgCiCi0IkRhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAa2Vy ++bmVsLm9yZz6JAjgEEwECACICGwMCHgECF4AFAk7PxLgGCwkIBwMCBhUIAgkKCwQW ++AgMBAAoJEGN2LNpn4vNZTqoP/RL98RcHRFj2XZJ4+t3+A67hCzwuxmG+WmOJgDc5 ++rC5JeapW6+vibU2TsrzOcJkf9Mw+pnt3u2LzFgt20CaZTBMXESVZUwa5PYXYnj/9 ++AhmmOYlxSy6klWysjTUNwaBEuryQV+DgIJw+SeTZgsu6Z6ZRxe4UYmrCtGMghtkH ++A7THYKtgCpKkY2kN69JAW5WzUG1NSjIVX8MPPdMGCCf9R+dXqdyJAsPS9Yv9AvGf ++ZgUG1ARlvJOlXeMLb5z2LOizQVx7g1/ambpgpRAC33SMf1iEGWeTiIQfeBUgttOo ++D+KYDBSW/nYDq0FOkOOsvK0bAKxCUZEAUtJtTXeYU8WIvjuVdooG4tr7zMN4o3pg ++PpxFEQiZLu/6m+714bX1GAivvV1FCB5FuiGnVuYUardPjtuLZzrKI+cmVnW20tra ++R+OBf5RTuVUYSpClcvo/Q+fll7EdjS57ozKai1XsyGWPuR/ELDaffpz1ymi8upH4 ++POjruAtIHTl2NzPYfo+jBE8zznoYT3FODnqersHaIBRD/OXEB/2Lm6V/8a05lVXF ++yT32LA6Ef0hLwjdGVuhwUW17OXyawmXhcLwBvsrVyegmOer6fZ/Xx6dZ9flrhH/H ++jASb1p/SGmWGuH1CjT6dhRo+XgkUveaJ5ip4KJvGC+J8xDdqkUPHnRdUs/R+/DrL ++IYeftCVEYXZpZCBXb29kaG91c2UgPGR3bXcyQGluZnJhZGVhZC5vcmc+iQI7BBMB ++AgAlAhsDAh4BAheAAhkBBQJOz8SvBgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdiza ++Z+LzWY5QD/9EJrnssxVTZVAt/OeX4ecgy6Z7nEsAq68QWc7nUbumzG3d3kzWn9li ++5yLLR6kEvj1g5w6t7X9pOG7UTqpCYs0jw72ozBPrJTNJk8rk00/R24ROVX4Bjb1t ++BUdLEuIne9lS7MnI2oaNTT9vyTV07OLc/aorKv3hyI6dryW43IDVAXQBqFL7H+iP ++zt0mSTOo+uCwY1G5pusmWUlLUAk83AfenBJCgj6F0WrcxY9MRxBpgghBVq07hynM ++2wulU4EHxjitzfVHmkqZa0dZhAYo/jOdU+K16kL2+dpKPy/1KADzbpNE4kULOmL0 ++E8tenEBLM5Cb8QWVE0t4n0phFX2lrfH/bG1X3lj5uVEiBvx8LIjTcve+8G22qATt ++uQvt6wuFu6xSqs2LEV5yigVok1bQ7O4L0AXRqlkcCTI9XK0wxYCNPRp/jf17YSHA ++v0k7yXQ4GqJsbr/aFKjPUDJtcfI1Q/uJ5xGD1qVeJrcY6APoCFvlb9TxiUvt/fnZ ++QNkxLQ8yXxjxN2BdI48vMnKsPsvWq+vp57Kcqy2nwlMm1wmn0NdtfhfsyFX0eiiq ++/l8uW3R1FbkVnj/hH1p2mLnr0aDLGPtvXlETuoYdUtWWLpKQDST+zbtqJwDzjj9n ++vF/Exdt2XGHDjdP7J3jJ5wrli0P2fdWY0w7vAY2wmD1qoFLg+n/ENrkCDQROjXEB ++ARAA2oX+WFwo2ALAc5y4KURS+Ox9E4Y78Sey1/2wj06PNV/E97vpHfNgBa+qjcnP ++3Wt5lQSdB1DKjkhl050+p3L5cXueh2h19PWVnPcjjWviy4VjLx4fHH0vWenx+SNV ++j9A67S0aHzvfSvoBhPBn5WhEyKKhlQnCmx8HJgZsnyTOznGGwTatbzI+77BeiFcm ++BrBgpi6AMI7mV94Dv5mUsIiRmOFx0EMeMIkS5ocZfx73AoqjTmctxWg/LPigWYV6 ++DngLY+YNL0JXkXKC6en1hFwc/3kmgAt8tj/XoI+wlo7EP/JMuHRKvvelQ/l6/RhN ++HClRXwDw0gmwtnBwXxWywQ15Z4sy4KgVhIySdYzwHBuaXHZOGJS9DYe92ZKfRLgf ++Zy7OWy7FrJnDQQrB15IKvxrgys5Fs5lYYEOmKXSDNDyfsnJsrOZhK2Y5FPeNkSSA ++/caTtrSLAaFkE+cNJ7wDno446EhTFRiFikcDKTcl6PzEPCKL2oWcJ9Qf9QkIG2kz +++bp5gIMmIEOWyr3+0FaBQd9Lbtkl/XPCJ8dpmtLaSPNhmV5hAOAq4KJNaty0ETTu ++01RJhOCOXN+x5Flu8/aMjufSmSyOowkCnCGZ07jbt74in9Rgtn8tukIHZ02RSOVT ++pX0WG1c7v1ezKwBueot5WYxCe7l4QTzboMTF7caHoL214/MAEQEAAYkCHwQYAQIA ++CQUCTo1xAQIbDAAKCRBjdizaZ+LzWQ6tEADHjnV5WjOKSzurKRcRJZFCu2MEg49q ++GiNwyg37DLeWNXDNaZ+gzyVhRNPiNxxuyrjY9ZXXMQ0Ce+S0HJYEtEiVJJ95DABZ ++GUXKQdq212KVKDf/XWcojxY+vPRIKqKIkFVb9Jm8q5wzCSJUN6I9A1BlHwGNylwV ++Umpng5yGnTCrD2rsFiLqmk+gaKJKFWGoxBu5nlLOHwiBvCsIvmM/fHRUnEG5L2El ++Bgt+IvYPt+Sp0OmcmNp+4WEB0Ys35LmDj5PYhfGCzGnn8PkgxruthB/nkuSKeXKz ++cDQM43REx0bN3zVc1sR7ePvCmCPp0QQcEnkHrPoMeSGD2gSfbtegW+soCvOBgKYM ++XWAU+nfTvBkk+VUhRVWum2Q1thq+zFAFujuIxS635Wceqqnn/OgBv9st+qWYK6X0 ++4OAibMy0p3E8bi0EunysUrmqAfh+F591NJ1g5KZhvLRwhFmZD5LQXA3m6dyvogRh ++/9NKMtuLE0D84/5t8+Ek8wZjBciKO//THdR9D2oYE2G1Q6rgz9vrhCIdAYeLMW8O ++VbnQca3uFaVcTC37p9mpQ9NfSTdZ07Ai7L5J2+gNs8hG/2yv2AKz5IAtHiv7hsfr ++UglTScycHZrcsepSErLkVoGpmpHo2QECdUbGHsuLsXIVaCAaLBK/ehxgFwukBqlB ++qZqeIHeOWTockZkCDQRLxXz3ARAA1OWxTnG1QgQ7Exqtw/vAJwPd90uImL8T8Gdn ++kWk+NeY10LPdcDU6VcIGN8Uc5I04V8rehVewnfgXUuGLxhzL6imQjoFZ686cXjqs ++uxrAtdMn1PnQOxr2YmPIZuLcP23ZI07EEHlnj4FqAoJqqWnSgJ+IhodLt3wWQu6e ++GfCbH9NsqlBSMuPDsSn/2nlfFubE0a9Ztxw5m47VMP1G1Fu+tRiIEddQcXDyGjGj ++e1gMChzaSFKoyGcmes+rRhkN30cEwCcItUkThFO+A4EbUR5/qbtpKdKTrA98M/Mk ++/eYC/dggtoZIrU2QePt7oJZjL7kPZ8EI2nT7fGrN3wdpnxiu3PbS1zCKvG5g2cPp ++llP10W1OL6wnUFclh+i1CNvP1p4+i1BAuoWTp5oi0pZd22qaNHnGty1fTVadBmjc ++vEF+zqdisBN5lpDeBe3NmchkPDGi+qi5ZhOt0HuEBcucCeB9ejQr1x6hsZutG5yc ++udTZkCRne2EHg2uQBW4BSfFeAYPn9S3yHofa6RyormUT2Q7PMsbNJBTkDo2eLuRz ++Z9gMrmL4m09Ql49F/Dh816UN0spQcvixOMRJ7eiT5EI12ocBME6LVMUyW7tHyvVL ++wQeJqsyE7Nu9B0qMMxKH4XP+WCUsZcUPGt3TwQUY81Hk3zTeoAaxFf+2GpXw5sRy ++hMhR3qcAEQEAAbQ7R3JhZW1lIEZvd2xlciAoS2V5IGNyZWF0ZWQgMjAxMC0wNC0x ++NCkgPGdyYWVtZUBncmFlbWVmLm5ldD6JAjwEEwECACYCGwMGCwkIBwMCBBUCCAME ++FgIDAQIeAQIXgAUCVq5N9gUJEm2e/wAKCRCtXtu3k+xX5JV1D/9l86woDToUaw5K ++JykHXVqs4M/Q1z7bZgPZjXlwDNIAQ3JzVIRV4i+co0cgprZq43Yr9hhN8hOV4Gqw ++qMm/LU73tT7PaLs5Gx0KJgznaE7/Jmi/qezKL0l69I3CaMPa1SHUj9NwXRRMWbvh +++516yqEinARSDHQ1c5zDhgTuPWeHVxXg0IGfMWnw6QdCqghyjH+TzUO4kO+7r95S ++FRb1+LL5zz+bdBRJhZsGdGGim0aGvyOH8tIxwqXwrRBLZq1LiiLkLfLs6WKaPwZx ++/8ql6f2oye8fz+J+CGy1fh0pF/D8X4egAXopRyr8JpjSmKzZdrwp2M1MljsgxUhM ++ksRwBDeoS3axMWTVw2i4e90Cjf8vG5eLIdxIZpfwwYW5LRrXlAR7eTNPTh77vgGC ++6WMdImVBs1HeocZFpZCdpD3k6DHCn0SzRk/tt+1QL2xmja18BWVxC8GqbS9tl7rt ++k35+NN/2g/bLJOC9r+xsCT3k0NVPcR9O+NnliX+zl+1DFKAhthyX+0oNp0bSIISu ++d9XBNXL94t+RDh3lVgpU3l9pHP/YcIM1wDFiqxHv9zjBjx0DTUbJzwrCR44VGD0b ++0taWupNZ7onfCGRHlrJA09j5kjViUGsvaANqI3BbmvlAv9vbqbwajtDvvwrSx2L4 ++pywDQ0obRGSeNq8G2BKK0+jjvGCMG7kCDQRLxXz3ARAArQhzbjp/qWYwTlpltK6g ++pzfTssKtIdE8JP1LKpIQIoyJoF62SzKHspRgPlCLJ7jZenvse+ints+h9CcrcCGR ++IvRKqmWt1IaTeyUNHXTc5MxPLb2HYnD3XF5GffSgXB6D3dufzd3zSViZmwb/2wkD ++Ftif80aOUD6JDoxJe+9MTUvcHF5gN6bUym8s30OFofCwC6ydxfb2cPBrGRQJhTXj ++CwieEIcZNzIwqEHc80Uk2BLuHO3mGxPm4lP2VIATCR+BHeLq4TjvNXfXQ739ggnX ++CXX7QGMvwArU3qvLXN2MxvhOCfrqZcccg/iBT/FPEOU8lnW+QFP6wFmtVHacGSEI ++miX8uBNcfmnPQRwA9QWWgjL9H03D8WJvJuuxmFHxakWiOWHfbD77sxfCA7Nm6DZe ++S+tHHvETjgbcERqfXWjh5oSJUShqBuxT3NXUxo61XeZVoM3rfgh51mfhymLDYFu3 ++A6Odg8GvAY3pyvTlMb80zc8Js/e3AoqLn7/srFEvQ2PbZez9Hh0dbXoUzOx0gJ/5 ++QhFPdI+f3/6M8AUfHAxfJS0jF5Ssm7nYx7XixQP9vx281iBFlS6XJJrt18acPRBf ++caIkJmyU5pFhCAQUiwAC2LbsoAW4hlHcDwXiUEFGJYjaXYK8Cl6fTiAfDRSvfQ7x ++u8QeteevYVGnpMJ5gebhFNMAEQEAAYkCJQQYAQIADwUCS8V89wIbDAUJEswDAAAK ++CRCtXtu3k+xX5KKeD/0fe4/l/M3z7fYLAAZ1Ocx7Rkuo0PQIWsfqtA8dFZu1r6h/ ++Awu0bEhqedWH5X0uEt8TVRrUE1Elfs+x+HBVEg/H9tkZ7my1CjqZVbqeptw6s/za ++LIbfLFOWKNphZkTTBRqP4CRer7al9eaz6T4dIB7BIt06Gu6s3oJyFX7lNeGTQ7UZ ++5+TpriXxT/cTtT8SMKovhmmNOs5Cm3JksNdsTsDghLfJL+BRgsdRYkqxXRyuBn7M ++77czhulT2wETpxERtgGxkD1ztPpt232MUr/K8XqUo6OH/9bF21QF+QIB/MLXLImS ++6uw/lK03UXtu3Qfz5jfi+Mc/VBJlP/9ay88TgX8li3yExfuuXuEGZK8SMFSNjOAF ++QfaQG/n0jJljG+CFNbbkpHiU95P2ynlnRlW16w4koHelwoQXrovk3fykdB25fot4 ++3g5v+rWHgqG+F0OJ4Sd3SPYCNUuGFyYBos4WZolqoqQONW9dq0AAeonlOmhPzTl+ ++68HDRmgsG8goAzkH0e34qsVRdsQPLKJv2rAcAFFhWSDBIX4o7J+36Sv+7hqDfdhK ++n8b3MK+0ZKfm4QkuloNKvm4AZ/9NjAfvVJPWIvTu/wyPAqqcLIjM2e9mTJuKUy6f ++FhZqm8Xj1ksa+CQOl5gKZgu7EpR++ZnpRQujAsGsaaETG3h9pg4QH8G410jzDpkC ++DQRWzusnARAAq4Bl6qL9ZGBVQr+lol8pXDZUdlAW6alGA+m0cxtrDRfEYo/i4ocA ++V9LrXNrf/MspjCwaVXyfw4I4kbk3mt1MX5sgnuXqrajhMViyLPQTMGE9k2XheMSw ++4OftnqttnWKoWC4pqnoCcwVzz/2FmEMXAkEULxHlyM/ytb2Wr9rHvwHzVF+an2Jj ++i9IQc9V19w0e/IS44KzFJ7diIVW49zp/NjXJU1hCBOaR4jwNyXkNCItyDMAE1ukx ++jhIsEnyZsPMEtStFrLCFkI8c+1M3nEwKXmkR/aWAf9lqPlWsO2vz5MXB8VUoXNYy ++njMjMsEe98KMz6+KB5o/MJ6DUWPkV7dhTd6O6Ju2yKMeD24vlkZpFU9yhKbAS3u+ ++AYpfYidys068LHA3uAbj81eLC1zsRZ8hrWJFvvLbZ6XyFQtOAsLYdOZOpozblVtt ++NYATTHswNsQTyCU+so8x7TexJRKuqvM/+k6Boo9Vzz1yufxl9+3oKRZ40EZGzKR2 ++eho+XMwYMifzHJMvCkYkKHFIuAfyKm7vjmyh1THHZcKGjuK5TRvcFH0+9M5o/XZ/ ++bv4yMmiaYZU32SLZaIPkNabh7gbj57R9hxKXfaWDyfxFQqHRhbcEhbGMx15hz9Wm ++oE9u0Jv63OSck//p8P1ZxNNmWFfb8LXxcBItJ5lnDQsAyoPY7ahoyJUAEQEAAbRG ++TmlnZWwgTWV0aGVyaW5naGFtICgyMDE2IEtleSBSZXBsYWNpbmcgUHJldmlvdXMg ++S2V5cykgPG5pZ2VsQGV4aW0ub3JnPokCPQQTAQoAJwUCVs7rJwIbAwUJEs/3gAUL ++CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCFvPesZzWmgAOnD/9khxy8o+25seMI ++1KRtdqmXrsRzzAic4W/95Qo+M7m5iHBHlOMaVUJa5TSl5EkhTqfSqwHdvYbawS4M ++pWn24yZrz25V4tqL25bBoV15chDNw4p2FEcfwOEReavbdTyg+HOZGq9hxCeZ92uK ++E8fcgMjMRHX4Er79GCGHf6IdSTzL8w3xy7STbk0qnnigNp8vI7L5EsxhVc0vQb4j ++hVhhbVQShzl6w6ddZr8XtIxeXv/Wo1BbIFNKTfmjy8fpulTO/r0KUEr6LPKA9a3y ++hmT4F0BzA5K6Ni0yIr+g1R3bl4kYxrVDwgxHZpT19lot9JuDTPbviNBY0jqNHOTt ++ynZHz/cYIYLFRnmD4JJtrJ8oOnIeJ1Y5N/VNGQxK/5iDRFtCK7iIdw44IM+X0vnR ++uaR7OWtVZqQXI1wY4W2wCW53UyAtLAmyJlR+9XaxrTMbO2CnaaxETndp6LuoLwPq ++IvKVRjt3RLQWHtOcPkyO+hCkqDIFfTptfHW5hN/T7DUZns2ph76VVROv6vcilMI3 ++DN2KSss+A48hL08MFB43APJ5ZHkYn7EjUr5pkYR4wjZoBPWKb2vGZ5xCiQbHpiWq ++lvO2iqbrh5+RU0HZWumw4Y1lJC+bZkvAmnj6iTeOKGVvrNwYqoNzLoHANpBhy4Bz ++xbwgxOjwyKYXlWKq93K2QSeDXENBm7kCDQRWzusnARAAyFpN4GmBS1QqEpgDJmV0 ++4shmjU3AS0t382Y6AZhvSdav26m02HkY5ZJ2Fg9v2N0VsxlWuOz0+qyCw1anzqMx ++8trlvTpkpbbalgw3i86vA9nlHUhTRUPDcHOTo69CLI8B1SoHif0wZrh8/Oig4ZS3 ++ykvp+F+GSTTiTCaeT02mZ5HTZb5L+NRfWJ1j7ifcbiWSYQPHB9iaF4KAAIzfHazX ++g8kBcbhUR9D4EJKe+bj45/KsvkfQXTrGT24P+Et27wD2BZegX+ZbRIBDpQcSM/CI ++QEUvPod1UxNlm7iZeXgSEyWZYg1nSxiCgNQQkEeSL0zRheDgHC/3N2stdvWgk34L ++zBztoEzytLy3lnmWG7BSZuUAONiyBME9miRt5etc9Z/dKd2Pj4DlJKCtX/+vFc02 ++2q0QXBttYBm1/+Z7YaK4wlWK7RAXD4zbCgbpYJkIFzGMhanuWybufpgqzQSBpzsN ++Hir+02KRri3ghgfxBXxpVB1T/cgCu1JQ+sefdLxpWhDX0WoMDgADqr2mnsIbWjnF ++M2YLLKBV0naNBHeLqTLg4MbU4c27spZuwB+jBliYiV5l/BZbSOS6B66pmuu6WGNc ++gpnfFnSuKOq7GGHPdOWv0IdWlHs5qBRdMf6UlzTa6fuLEN7Z/+Et3SVXWpwcwhLf ++SsKwXBt3ZZD2C2GMrGF0tikAEQEAAYkCJQQYAQoADwUCVs7rJwIbDAUJEs/3gAAK ++CRCFvPesZzWmgPYaD/44M3GM/YcC757H5eu2lnxbVSc/4z42FPftsls8VNajOBL+ ++SVPd3qnchyu7O0NZU1NA8qld/Xs6Uf/jEhEdMbZsifLtIgUyvNxHdn0wpo/zNDFm ++MxZdtMyGjfX+/X6a6RRjxJOI8EJ0FxaoTeAjCo/7o+YTaCmJ+kgJcdJFxXANRKeK ++rOuTzXF4SB3eiEbX6vZjJR+5ucfEs/ZgZmw/p0R7aHObBtv6zxOrmJySmGDI6iaH ++sPc+pJjxReoZhc/YuZZvagHxyXDgtGSis3/kvSsZ6S5hjEIzOOzf5EnizEO10bm5 ++rLf7NWm3ikq2DVamJc/0bJftNWqAwhczrWrc1g9ZZZwRZR+PvC82zRHcPfDmWcHg ++NpdJe2X1R4wpGY8YjOJEHouEpt8+RwwN9mK7CqZLMW8rIO+JLDkAAvyh+x6kG9vx ++2ckRG1Z1N2ZI0M3Zpo6qPSukqcA1uZOthy94L374y5Apn6J+yNaxege5yEZK3mMQ ++xFRLfsCKlHia4aQTMOUCD4NRoPU/MHN5OZkDYaGrQ8fT4K/1/lMMW9y2Gi9YkNsX ++BoyGMdgMgRNQJ0cSWSYlYyx22FQ+PVR9F08TarHBwSMUUPzo0GtPavcqdXAsbfy0 ++ubfVmCzt64fDowozkEAzsraGjSp+EoNLJleyM314Eqp0LEyumt0vJEnNK162rQ== ++=q8ga +-----END PGP PUBLIC KEY BLOCK----- diff --cc debian/watch index e0d3fce,0000000..cc041be mode 100644,000000..100644 --- a/debian/watch +++ b/debian/watch @@@ -1,3 -1,0 +1,3 @@@ +version=3 - opts=pgpsigurlmangle=s/$/.asc/,uversionmangle=s/_/~/ \ - http://ftp.exim.org/pub/exim/exim4/exim-(\d.*)\.(?:tgz|tar\.(?:gz|bz2|xz)) ++opts=pgpsigurlmangle=s/$/.asc/,uversionmangle=s/[_-]/~/g \ ++https://downloads.exim.org/exim4/exim-(\d.*)\.(?:tgz|tar\.(?:gz|bz2|xz))