From: Salvatore Bonaccorso Date: Tue, 28 May 2019 20:13:55 +0000 (+0200) Subject: Import Debian changes 4.89-2+deb9u4 X-Git-Tag: debian/4.89-2+deb9u4^0 X-Git-Url: https://git.hcoop.net/hcoop/debian/exim4.git/commitdiff_plain/0baa7b9df9e8d0188307c635776394b0db691e7d Import Debian changes 4.89-2+deb9u4 exim4 (4.89-2+deb9u4) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix remote command execution vulnerability (CVE-2019-10149) exim4 (4.89-2+deb9u3) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000) exim4 (4.89-2+deb9u2) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * Avoid release of store if there have been later allocations (CVE-2017-16943) (Closes: #882648) * Chunking: do not treat the first lonely dot special (CVE-2017-16944) (Closes: #882671) exim4 (4.89-2+deb9u1) stretch-security; urgency=medium * CVE-2017-100369 exim4 (4.89-2) unstable; urgency=medium * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to initscript (#844178). It breaks when the initscript does not start a daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). Closes: #860317 * When reporting bugs also attach /etc/default/exim4 by default. exim4 (4.89-1) unstable; urgency=medium * Enable inbound (server-side) proxying for -heavy. Closes: #856712 * New upstream release, source identical to RC7. exim4 (4.89~RC7-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC6-1) unstable; urgency=medium * Document E4BCD_PANICLOG_LINES in README.Debian. * New upstream version. exim4 (4.89~RC5-1) unstable; urgency=medium * New upstream version. exim4 (4.89~RC4-1) unstable; urgency=medium * New upstream version. + Drop 92_CVE-2016-1238.diff. * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile while we are changing the init script. exim4 (4.89~RC3-1) unstable; urgency=medium * New upstream version. + Unfuzz 92_CVE-2016-1238.diff. * init file: + Source /etc/default/exim4 *before* defining the shell variables holding the pidfilenames. Overriding these via /etc/default/exim4 is not supported. + Add missing support for reload when QUEUERUNNER='queueonly'. + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way $PIDFILE is used for the main exim process for all available QUEUERUNNER choices. + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd interaction. systemd-sysv-generator uses this pseudoheader to set PIDFile in the generated service file and it also sets RemainAfterExit=no instead of yes if it is present. Thanks, Michael Biebl for suggestion and explanation. Closes: #844178 exim4 (4.89~RC2-1) unstable; urgency=medium * New upstream version. + Drop 75_add_bak_spec.txt.diff. exim4 (4.89~RC1-1) unstable; urgency=low * Refresh debian/upstream/signing-key.asc. * New upstream bugfix release. + Drop superfluous patches. 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + Unfuzz 31_eximmanpage.dpatch and 78_Disable-chunking-BDAT-by-default.patch. + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc tarball. + Unfuzz debian/EDITME.exim4-*. + Update debian/example.conf.md5. - Upstream typo fix. exim4 (4.88-5) unstable; urgency=medium * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty. This is a Debian specific change, we are right before the freeze and BDAT needs a little time. exim4 (4.88-4) unstable; urgency=medium * Upload to unstable. exim4 (4.88-3) experimental; urgency=medium * Pull multiple patches from upstream GIT: + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch (Thanks, Bart Noordervliet for the pointer) Closes: #850175 exim4 (4.88-2) unstable; urgency=medium * Upload to unstable. exim4 (4.88-1) experimental; urgency=medium * New upstream version. * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to testing. * Drop 75_Fix-DKIM-information-leakage.patch. exim4 (4.88~RC6-2) unstable; urgency=high * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA physical line limit check for both for SMTP DATA ACL and remote_smtp* transports. Closes: #828801 Also update corresponding NEWS entry. * [lintian] debian/changelog: s/lenght/length/ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM information leakage issue CVE-2016-9963. exim4 (4.88~RC6-1) unstable; urgency=low * New upstream version. exim4 (4.88~RC5-1) unstable; urgency=low * New upstream version. + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. exim4 (4.88~RC4-2) unstable; urgency=low * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream GIT to fix exim bug 1914 (exim doesn't close connection after quit. * Upload to unstable. exim4 (4.88~RC4-1) experimental; urgency=low * New upstream version. exim4 (4.88~RC3-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-check-for-commandline-macro-definition.patch 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. exim4 (4.88~RC2-3) experimental; urgency=medium * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on every upgrade. * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix longstanding bug with aborted TLS server connection handling. Under GnuTLS, when a session startup failed (eg because the client disconnected) Exim did stdio operations after fclose. This was exposed by a recent change which nulled out the file handle after the fclose. exim4 (4.88~RC2-2) experimental; urgency=medium * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission problems on commandline mail submission. Closes: #840355 exim4 (4.88~RC2-1) experimental; urgency=low * New upstream version. + Changed default Diffie-Hellman parameters to be Exim-specific, created by Phil Pennock. Added RFC7919 DH primes as an alternative. Closes: #839978 * Set tls_dhparam = historic to use site-specific DH parameters. * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in -daemon postinst. * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either by running certtool or by installing /usr/share/exim4/gnutls-params-2048. Do not try to use openssl dhparam, it takes too long. exim4 (4.88~RC1-1) experimental; urgency=low * Drop reference to removed (in 4.80-7) "what"-option in init script usage message. (Thanks, Calum Mackay!) Closes: #823855 * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] Closes: #832442 * [lintian] update-exim4.conf.8 - fix typo. * [lintian] Drop unused override binaries-have-file-conflict. * B-d on default-libmysqlclient-dev. * New upstream version. + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch 50_localscan_dlopen.dpatch + Drop superfluous patches. 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + Fix crash in VRFY handling when handed an unqualified name (lacking @domain). Apply the same qualification processing as RCPT. Closes: #834699 + Fix a possible security hole, wherein a process operating with the Exim UID can gain a root shell. Credit to http://www.halfdog.net/ for discovery and writeup. LP: #1580454 * [lintian] exim4-config_files.5 - fix typo. exim4 (4.87-3) unstable; urgency=medium * Pull multiple patches from upstream GIT: + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch Improved message on overlong lines in example config. + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch Fix race condition related to connection reuse. https://bugs.exim.org/show_bug.cgi?id=1810 + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch Avoid exposing passwords in log on failing ldap lookup expansion. https://bugs.exim.org/show_bug.cgi?id=165 * Copy information message on rejecting overlong lines in data ACL from upstream example configuration. Closes: #823418 * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. Closes: 821830 exim4 (4.87-2) unstable; urgency=medium * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. (Thanks, L. Guruprasad!) Closes: #821416 * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS connections (hosts_require_tls option) in remote_smtp_smarthost transport. Closes: #822174 * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It is deprecated and will be removed in 4.88. * README.Debian*: Fix minor issues found by lintian. * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 * Drop exim4-base Recommends on perl-modules. This had been unnecessary since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. exim4 (4.87-1) unstable; urgency=medium * Fix comment in conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, Jörg-Volker Peetz!) Closes: #819780 * New upstream release. exim4 (4.87~RC7-1) unstable; urgency=low * Enable SOCKS support in both -light and -heavy. Closes: #818091 * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 * New upstream version. + Drop 74_Store-the-initial-working-directory.diff, 75_String-expansions-fix-extract.patch, 76_only_warn_on_nonempty_environment.diff. + Update debian/example.conf.md5. exim4 (4.87~RC6-3) unstable; urgency=medium * Merge changelog entries for 4.86.2-1 and -2. * Upload to unstable. * Add link to CVE details to latest NEWS entry and bump its version and date to match this upload. Closes: #818349, #817244 exim4 (4.87~RC6-2) experimental; urgency=medium * 74_Store-the-initial-working-directory.diff, 76_only_warn_on_nonempty_environment.diff: Upstream followups on the CVE fix (Thanks, Heiko Schlittermann!): + Runtime warning is only generated if (and only if) keep_environment is unset and environment is nonempty. + Store the initial working directory and make it available in the new expansion variable $initial_cwd. * Merge all NEWS.Debian files into a single one, identical for all binary packages. - Different NEWS files built from a single source package is not and has not ever been supported by apt-listchanges which is the most important frontend. * Add a NEWS entry about the environment related runtime warning. exim4 (4.87~RC6-1) experimental; urgency=medium * New upstream version. * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing ${extract } string expansion for the numeric/3-string case. (Bug was introduced in 4.85.) * Set keep_environment to empty value instead of setting a minimal PATH in add_environment. exim4 (4.87~RC5-2) experimental; urgency=medium * Update debian/upstream/signing-key.asc, using the keys listed in ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds Heiko Schlittermann's key. * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 exim4 (4.87~RC5-1) experimental; urgency=medium * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying to grep in it. Closes: #814998 * New upstream version, includes the patch for CVE-2016-1531. (Local root exploit). * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.87~RC3-2) experimental; urgency=medium * README.Debian: Refer to Exim specification by chapter name instead of chapter number. Closes: #813351 * Fix some spelling errors found by lintian. * Minor debian/rules cleanup: + Restore originally intended behavior, upstream changelog is only shipped in exim4-base, symlinks to it elsewhere. + Drop workaround for #347577, fixed in debhelper 5.0.15. + Use "dh binary-arch" and "dh binary-indep" and a bunch of override targets instead of listing all dh-commands. While this is uglier and slows things down a bit it shortens debian/rules by 40 lines and has the huge benefit that we automatically use all suggested helpers in correct order. + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. + Delete unused, commented code. + Drop (exported) variable MTACONFLICTS, used only once. * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. exim4 (4.87~RC3-1) experimental; urgency=medium * Move Vcs-* from git/http to https. * [lintian] README.Debian: s/desireable/desirable/. * [lintian] README.Debian: Fix grammar error "allow + infinitive". * [lintian] exim4-config.postinst: Use which foo > /dev/null instead of [ -x /path/to/foo ]. * Update list of patches in debian/README.Debian.xml * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. * New upstream version. + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, merge this change and drop CHECK_MAIL_HELO_ISSUED macro. exim4 (4.87~RC2-1) experimental; urgency=medium * New upstream version. exim4 (4.87~RC1-1) experimental; urgency=medium * New upstream version. + Refresh patches. + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. + Sync with upstream default configuration: Check maximum (physical, i.e. before unfolding) line length in default spec file data ACL and smtp transport. Bug 1684 Closes: #797919 + HS/02 Add the Exim version string to the process info. This way exiwhat gives some more detail about the running daemon. Closes: #240883 * Override upstream's new default of tls_advertise_hosts = * if MAIN_TLS_ENABLE is not set. exim4 (4.86.2-2) unstable; urgency=high * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 exim4 (4.86.2-1) unstable; urgency=high * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream 4.86+fixes branch. * New upstream security release for CVE-2016-1531. + New options keep_environment/add_environment which are empty by default, i.e. any subprocesses start in a clean (empty) environment. + -C requires an absolute path. + Exim changes it's working directory to / right after startup. * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. exim4 (4.86-7) unstable; urgency=medium * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from exim-4_86+fixes branch fixes another MIME ACL related crash. https://bugs.exim.org/show_bug.cgi?id=1730 exim4 (4.86-6) unstable; urgency=medium * Cleanup (actual patch is identical): Use 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from exim-4_86+fixes branch instad of 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 exim4 (4.86-5) unstable; urgency=high * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT head to avoid misaligned access in cached lookup. Closes: #803255 exim4 (4.86-4) unstable; urgency=medium * Fix documentation of lowuid_aliases router, exceptions are in CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) Closes: #799672 * fcron has been removed from Debian in 2011, stop listing it as an alternative dependency of exim4-base (Thanks, Alexandre Detiste). Closes: #798236 * Update to upstream exim-4_86+fixes branch: + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, 76_Fix-post-transport-crash.patch, 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, 78_Close-logs-after-daemon-process-exceptional-write.patch. + Add 75_0001-Fix-post-transport-crash.patch 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch * Use dh v9. exim4 (4.86-3) unstable; urgency=medium * Pull three patches from upstream git: + 75_Fix-ESMTP-MAIL-command-option-processing.patch: Corrects handling of mail-addresses with whitespace. + 76_Fix-post-transport-crash.patch 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch * Fix spelling error in copyright file. (Thanks, lintian) * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from upstream git, exim was keeping logfiles open after after a "too many connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for chasing this.) * When saving the berkeley DB version at build-time pass -P option to cpp, to prevent linebreaks. exim4 (4.86-2) unstable; urgency=high * Update exim4-config Breaks, PRDR support is was moved from being Experimental into the mainline with 4.83. Closes: #794320 exim4 (4.86-1) unstable; urgency=medium * New upstream version, identical to RC5 (except for the version string). exim4 (4.86~RC5-1) unstable; urgency=medium * New upstream version. + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. exim4 (4.86~RC4-2) unstable; urgency=medium * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), transition from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc. * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then properly fix the issue. Closes: #790616 exim4 (4.86~RC4-1) unstable; urgency=medium * unexport/undefine TZ in debian/rules for reproducible build. It would be used as default value for TIMEZONE_DEFAULT. * New upstream version. + Unfuzz 31_eximmanpage.dpatch. exim4 (4.86~RC3-2) unstable; urgency=medium * Upload to unstable. exim4 (4.86~RC3-1) experimental; urgency=medium * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug 1166671. * New upstream version. exim4 (4.86~RC2-1) experimental; urgency=medium * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control (Thanks, lintian). * New upstream version: +Drop included patches. (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) * Sync Debian config with upstream default config: + Set prdr_enable. + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to log_selector option value. exim4 (4.86~RC1-3) experimental; urgency=medium * Get time and date of latest debian/changelog entry and patch exim(on) to use these instead of __DATE__ and __TIME__. * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch from GIT to fix FTBFS on kfreebsd. exim4 (4.86~RC1-2) experimental; urgency=medium * Pull three post-release fixes from upstream GIT. (null pointer derefencing, and spam scanning defaulting to rspam mode) + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch exim4 (4.86~RC1-1) experimental; urgency=medium * New upstream release. + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, refresh patches. + Update EDITME*, enable AUTH_TLS for -heavy. + Sync Debian config with upstream default config, rfc1413 calls are now disabled by default. + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 + The spamd_address main option now supports an optional timeout value per server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 + log reason for defer, on a hostlist dns-lookup temporary error. Closes: #670035 exim4 (4.85-3) unstable; urgency=medium * Upload to unstable. exim4 (4.85-2) experimental; urgency=medium * Merge from unstable 4.84-8. + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and (<< ${source:Version}.1), at least source version, but not the next sourceful upload. Closes: #777246 + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from upstream GIT which fixes breakage of string-expansion in headers_remove commands. (Thanks Gordon Dickens, for the pointer.) - 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added here since it already part of 4.85. exim4 (4.85-1) experimental; urgency=medium * exim4-config_files.5: Escape dots in regex. (Thanks, ael) * New upstream version. exim4 (4.85~RC4-1) experimental; urgency=medium * update-exim4.conf: + Drop unused variable UPEX4C_internal_tmp. + Use tempfile(1) if the generated file will not be written to /var/lib/exim4/. + Add --check option. * init-script: On restart use update-exim4.conf --check before stopping the daemon. (This is a no-op with systemd since its sysv compat layer translates "foo restart" into "foo stop" "foo start" instead of using the init scripts restart target.) * Handle _RC in watchfile with uversionmangle. * New upstream version. + Stop repacking source, rfcs have been dropped. exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium * New upstream version. exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium * New upstream version. * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff 70_remove_exim-users_references.dpatch. exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop neither expects a mbox-style From nor an empty line add the end. (Thanks, Edward Betts) Closes: #769396 * Change the init script's restart order from { regenerate_config; stop; start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) Closes: #768874 * New upstream version. + Unfuzz 66_enlarge-dh-parameters-size.dpatch + Drop 80_mime_empty_charset.diff. * Remove rfc from upstream source and repack it. --- 0baa7b9df9e8d0188307c635776394b0db691e7d diff --cc debian/EDITME.exim4-heavy.diff index b269d02,0000000..136ca61 mode 100644,000000..100644 --- a/debian/EDITME.exim4-heavy.diff +++ b/debian/EDITME.exim4-heavy.diff @@@ -1,152 -1,0 +1,157 @@@ - --- EDITME.exim4-light 2012-05-18 20:11:24.000000000 +0200 - +++ EDITME.exim4-heavy 2012-05-18 20:13:56.000000000 +0200 - @@ -212,7 +212,7 @@ ROUTER_REDIRECT=yes ++--- EDITME.exim4-light 2017-03-04 11:15:58.309895066 +0100 +++++ EDITME.exim4-heavy 2017-03-04 11:17:12.616522005 +0100 ++@@ -212,7 +212,7 @@ + + # This one is very special-purpose, so is not included by default. + +-# ROUTER_IPLOOKUP=yes ++ROUTER_IPLOOKUP=yes + + + #------------------------------------------------------------------------------ - @@ -244,7 +244,7 @@ TRANSPORT_LMTP=yes ++@@ -244,7 +244,7 @@ + + SUPPORT_MAILDIR=yes + SUPPORT_MAILSTORE=yes +-# SUPPORT_MBX=yes ++SUPPORT_MBX=yes + + + #------------------------------------------------------------------------------ - @@ -300,14 +300,14 @@ LOOKUP_DNSDB=yes ++@@ -305,15 +305,15 @@ + LOOKUP_CDB=yes + LOOKUP_DSEARCH=yes + # LOOKUP_IBASE=yes +-# LOOKUP_LDAP=yes +-# LOOKUP_MYSQL=yes ++LOOKUP_LDAP=yes ++LOOKUP_MYSQL=yes + LOOKUP_NIS=yes + # LOOKUP_NISPLUS=yes + # LOOKUP_ORACLE=yes + LOOKUP_PASSWD=yes +-# LOOKUP_PGSQL=yes - -# LOOKUP_SQLITE=yes ++LOOKUP_PGSQL=yes ++ # LOOKUP_REDIS=yes ++-# LOOKUP_SQLITE=yes ++LOOKUP_SQLITE=yes + # LOOKUP_SQLITE_PC=sqlite3 + # LOOKUP_WHOSON=yes + - @@ -328,7 +328,7 @@ LOOKUP_PASSWD=yes ++@@ -334,7 +334,7 @@ + # with Solaris 7 onwards. Uncomment whichever of these you are using. + + # LDAP_LIB_TYPE=OPENLDAP1 +-# LDAP_LIB_TYPE=OPENLDAP2 ++LDAP_LIB_TYPE=OPENLDAP2 + # LDAP_LIB_TYPE=NETSCAPE + # LDAP_LIB_TYPE=SOLARIS + - @@ -366,6 +366,9 @@ LOOKUP_PASSWD=yes ++@@ -373,6 +373,9 @@ + # LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq -lgds -lsqlite3 + + ++LOOKUP_INCLUDE=-I/usr/include/mysql -I`pg_config --includedir` ++LOOKUP_LIBS=-lldap -llber -lmysqlclient -lpq -lsqlite3 ++ + #------------------------------------------------------------------------------ + # Compiling the Exim monitor: If you want to compile the Exim monitor, a + # program that requires an X11 display, then EXIM_MONITOR should be set to the - @@ -374,7 +377,7 @@ LOOKUP_PASSWD=yes ++@@ -381,7 +384,7 @@ + # files are defaulted in the OS/Makefile-Default file, but can be overridden in + # local OS-specific make files. + +-EXIM_MONITOR=eximon.bin ++# EXIM_MONITOR=eximon.bin + + + #------------------------------------------------------------------------------ - @@ -384,14 +387,14 @@ EXIM_MONITOR=eximon.bin ++@@ -391,7 +394,7 @@ + # and the MIME ACL. Please read the documentation to learn more about these + # features. + +-# WITH_CONTENT_SCAN=yes ++WITH_CONTENT_SCAN=yes + - # If you want to use the deprecated "demime" condition in the DATA ACL, - # uncomment the line below. Doing so will also explicitly turn on the - # WITH_CONTENT_SCAN option. If possible, use the MIME ACL instead of - # the "demime" condition. - - -# WITH_OLD_DEMIME=yes - +WITH_OLD_DEMIME=yes - ++ #------------------------------------------------------------------------------ + # If you're using ClamAV and are backporting fixes to an old version, instead - # of staying current (which is the more usual approach) then you may need to - @@ -578,14 +581,14 @@ WHITELIST_D_MACROS=OUTGOING ++@@ -627,16 +630,16 @@ + # configuration to make use of the mechanism(s) selected. + + AUTH_CRAM_MD5=yes +-# AUTH_CYRUS_SASL=yes +-# AUTH_DOVECOT=yes ++AUTH_CYRUS_SASL=yes ++AUTH_DOVECOT=yes + # AUTH_GSASL=yes + # AUTH_GSASL_PC=libgsasl + # AUTH_HEIMDAL_GSSAPI=yes + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi ++ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 + AUTH_PLAINTEXT=yes +-# AUTH_SPA=yes ++-# AUTH_TLS=yes ++AUTH_SPA=yes +++AUTH_TLS=yes + - - #------------------------------------------------------------------------------ - @@ -595,7 +598,7 @@ AUTH_PLAINTEXT=yes ++ # Heimdal through 1.5 required pkg-config 'heimdal-gssapi'; Heimdal 7.1 ++ # requires multiple pkg-config files to work with Exim, so the second example ++@@ -649,7 +652,7 @@ + # Similarly for GNU SASL, unless pkg-config is used via AUTH_GSASL_PC. + # Ditto for AUTH_HEIMDAL_GSSAPI(_PC). + +-# AUTH_LIBS=-lsasl2 ++AUTH_LIBS=-lsasl2 + # AUTH_LIBS=-lgsasl + # AUTH_LIBS=-lgssapi -lheimntlm -lkrb5 -lhx509 -lcom_err -lhcrypto -lasn1 -lwind -lroken -lcrypt + - @@ -830,7 +833,7 @@ ZCAT_COMMAND=/bin/zcat ++@@ -923,7 +926,7 @@ + # (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using embedded + # Perl costs quite a lot of resources. Only do this if you really need it. + +-# EXIM_PERL=perl.o ++EXIM_PERL=perl.o + + + #------------------------------------------------------------------------------ - @@ -840,7 +843,7 @@ ZCAT_COMMAND=/bin/zcat ++@@ -933,7 +936,7 @@ + # that the local_scan API is made available by the linker. You may also need + # to add -ldl to EXTRALIBS so that dlopen() is available to Exim. + +-# EXPAND_DLFUNC=yes ++EXPAND_DLFUNC=yes + + + #------------------------------------------------------------------------------ - @@ -850,11 +853,11 @@ ZCAT_COMMAND=/bin/zcat ++@@ -943,11 +946,11 @@ + # support, which is intended for use in conjunction with the SMTP AUTH + # facilities, is included only when requested by the following setting: + +-# SUPPORT_PAM=yes ++SUPPORT_PAM=yes + + # You probably need to add -lpam to EXTRALIBS, and in some releases of + # GNU/Linux -ldl is also needed. +-EXTRALIBS=-ldl ++EXTRALIBS=-lpam -export-dynamic + + + #------------------------------------------------------------------------------ - @@ -1174,7 +1177,7 @@ TMPDIR="/tmp" ++@@ -961,7 +964,7 @@ ++ # If you may want to use inbound (server-side) proxying, using Proxy Protocol, ++ # uncomment the line below. ++ ++-# SUPPORT_PROXY=yes +++SUPPORT_PROXY=yes ++ ++ ++ #------------------------------------------------------------------------------ ++@@ -1299,7 +1302,7 @@ + # local part) can be increased by changing this value. It should be set to + # a multiple of 16. + +-# MAX_NAMED_LIST=16 ++MAX_NAMED_LIST=32 + + + #------------------------------------------------------------------------------ diff --cc debian/EDITME.exim4-light.diff index fb495bb,0000000..4b492cd mode 100644,000000..100644 --- a/debian/EDITME.exim4-light.diff +++ b/debian/EDITME.exim4-light.diff @@@ -1,218 -1,0 +1,228 @@@ - --- src/EDITME 2012-05-18 19:51:52.000000000 +0200 - +++ EDITME.exim4-light 2012-05-18 19:56:25.000000000 +0200 ++--- src/EDITME 2017-02-12 14:19:37.000000000 +0000 +++++ EDITME.exim4-light 2017-02-12 14:22:15.062382937 +0000 +@@ -98,7 +98,7 @@ + # /usr/local/sbin. The installation script will try to create this directory, + # and any superior directories, if they do not exist. + +-BIN_DIRECTORY=/usr/exim/bin ++BIN_DIRECTORY=/usr/sbin + + + #------------------------------------------------------------------------------ - @@ -114,7 +114,7 @@ BIN_DIRECTORY=/usr/exim/bin ++@@ -114,7 +114,7 @@ + # don't exist. It will also install a default runtime configuration if this + # file does not exist. + +-CONFIGURE_FILE=/usr/exim/configure ++CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated + + # It is possible to specify a colon-separated list of files for CONFIGURE_FILE. + # In this case, Exim will use the first of them that exists when it is run. - @@ -131,7 +131,7 @@ CONFIGURE_FILE=/usr/exim/configure ++@@ -131,7 +131,7 @@ + # deliveries. (Local deliveries run as various non-root users, typically as the + # owner of a local mailbox.) Specifying these values as root is not supported. + +-EXIM_USER= ++EXIM_USER=ref:Debian-exim + + # If you specify EXIM_USER as a name, this is looked up at build time, and the + # uid number is built into the binary. However, you can specify that this - @@ -153,6 +153,7 @@ EXIM_USER= ++@@ -153,6 +153,7 @@ + # you want to use a group other than the default group for the given user. + + # EXIM_GROUP= ++EXIM_GROUP=ref:Debian-exim + + # Many sites define a user called "exim", with an appropriate default group, + # and use - @@ -173,7 +174,7 @@ EXIM_USER= ++@@ -173,7 +174,7 @@ + + # Almost all installations choose this: + +-SPOOL_DIRECTORY=/var/spool/exim ++SPOOL_DIRECTORY=/var/spool/exim4 + + + - @@ -232,7 +233,7 @@ TRANSPORT_SMTP=yes ++@@ -232,7 +233,7 @@ + # This one is special-purpose, and commonly not required, so it is not + # included by default. + +-# TRANSPORT_LMTP=yes ++TRANSPORT_LMTP=yes + + + #------------------------------------------------------------------------------ - @@ -241,8 +242,8 @@ TRANSPORT_SMTP=yes ++@@ -241,8 +242,8 @@ + # MBX, is included only when requested. If you do not know what this is about, + # leave these settings commented out. + +-# SUPPORT_MAILDIR=yes +-# SUPPORT_MAILSTORE=yes ++SUPPORT_MAILDIR=yes ++SUPPORT_MAILSTORE=yes + # SUPPORT_MBX=yes + + - @@ -296,15 +297,15 @@ LOOKUP_DBM=yes ++@@ -301,15 +302,15 @@ + LOOKUP_LSEARCH=yes + LOOKUP_DNSDB=yes + +-# LOOKUP_CDB=yes +-# LOOKUP_DSEARCH=yes ++LOOKUP_CDB=yes ++LOOKUP_DSEARCH=yes + # LOOKUP_IBASE=yes + # LOOKUP_LDAP=yes + # LOOKUP_MYSQL=yes +-# LOOKUP_NIS=yes ++LOOKUP_NIS=yes + # LOOKUP_NISPLUS=yes + # LOOKUP_ORACLE=yes +-# LOOKUP_PASSWD=yes ++LOOKUP_PASSWD=yes + # LOOKUP_PGSQL=yes ++ # LOOKUP_REDIS=yes + # LOOKUP_SQLITE=yes - # LOOKUP_SQLITE_PC=sqlite3 - @@ -528,7 +529,7 @@ FIXED_NEVER_USERS=root ++@@ -577,7 +578,7 @@ + # CONFIGURE_OWNER setting, to specify a configuration file which is listed in + # the TRUSTED_CONFIG_LIST file, then root privileges are not dropped by Exim. + +-# TRUSTED_CONFIG_LIST=/usr/exim/trusted_configs ++TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs + + + #------------------------------------------------------------------------------ - @@ -564,6 +565,9 @@ FIXED_NEVER_USERS=root ++@@ -613,6 +614,9 @@ + + # WHITELIST_D_MACROS=TLS:SPOOL + ++# Mailscanner uses -DOUTGOING. ++WHITELIST_D_MACROS=OUTGOING ++ + #------------------------------------------------------------------------------ + # Exim has support for the AUTH (authentication) extension of the SMTP + # protocol, as defined by RFC 2554. If you don't know what SMTP authentication - @@ -573,14 +577,14 @@ FIXED_NEVER_USERS=root ++@@ -622,7 +626,7 @@ + # included in the Exim binary. You will then need to set up the run time + # configuration to make use of the mechanism(s) selected. + +-# AUTH_CRAM_MD5=yes ++AUTH_CRAM_MD5=yes + # AUTH_CYRUS_SASL=yes + # AUTH_DOVECOT=yes + # AUTH_GSASL=yes - # AUTH_GSASL_PC=libgsasl ++@@ -630,7 +634,7 @@ + # AUTH_HEIMDAL_GSSAPI=yes + # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi ++ # AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi heimdal-krb5 +-# AUTH_PLAINTEXT=yes ++AUTH_PLAINTEXT=yes + # AUTH_SPA=yes ++ # AUTH_TLS=yes + - - @@ -602,7 +606,7 @@ FIXED_NEVER_USERS=root ++@@ -656,7 +660,7 @@ + # one that is set in the headers_charset option. The default setting is + # defined by this setting: + +-HEADERS_CHARSET="ISO-8859-1" ++HEADERS_CHARSET="UTF-8" + + # If you are going to make use of $header_xxx expansions in your configuration + # file, or if your users are going to use them in filter files, and the normal - @@ -684,7 +688,7 @@ HEADERS_CHARSET="ISO-8859-1" ++@@ -745,7 +749,7 @@ + # leave these settings commented out. + + # This setting is required for any TLS support (either OpenSSL or GnuTLS) +-# SUPPORT_TLS=yes ++SUPPORT_TLS=yes + + # Uncomment one of these settings if you are using OpenSSL; pkg-config vs not + # USE_OPENSSL_PC=openssl - @@ -692,9 +696,9 @@ HEADERS_CHARSET="ISO-8859-1" ++@@ -753,9 +757,9 @@ + + # Uncomment the first and either the second or the third of these if you + # are using GnuTLS. If you have pkg-config, then the second, else the third. +-# USE_GNUTLS=yes ++USE_GNUTLS=yes + # USE_GNUTLS_PC=gnutls +-# TLS_LIBS=-lgnutls -ltasn1 -lgcrypt ++TLS_LIBS=-lgnutls + - # If you are running Exim as a server, note that just building it with TLS - # support is not all you need to do. You also need to set up a suitable - @@ -775,6 +779,7 @@ CFLAGS += -fvisibility=hidden ++ # If using GnuTLS older than 2.10 and using pkg-config then note that Exim's ++ # build process will require libgcrypt-config to exist in your $PATH. A ++@@ -847,6 +851,7 @@ + # to form the final file names. Some installations may want something like this: + + # LOG_FILE_PATH=/var/log/exim_%slog ++LOG_FILE_PATH=/var/log/exim4/%slog + + # which results in files with names /var/log/exim_mainlog, etc. The directory + # in which the log files are placed must exist; Exim does not try to create - @@ -823,7 +828,7 @@ EXICYCLOG_MAX=10 ++@@ -895,7 +900,7 @@ + # files. Both the name of the command and the suffix that it adds to files + # need to be defined here. See also the EXICYCLOG_MAX configuration. + +-COMPRESS_COMMAND=/usr/bin/gzip ++COMPRESS_COMMAND=/bin/gzip + COMPRESS_SUFFIX=gz + + - @@ -831,7 +836,7 @@ COMPRESS_SUFFIX=gz - # If the exigrep utility is fed compressed log files, it tries to uncompress - # them using this command. - ++@@ -910,7 +915,7 @@ ++ # ZCAT_COMMAND=zcat ++ # ++ # Or specify the full pathname: +-ZCAT_COMMAND=/usr/bin/zcat - +ZCAT_COMMAND=/bin/zcat - +++ZCAT_COMMAND=zcat + + #------------------------------------------------------------------------------ - @@ -864,6 +869,7 @@ ZCAT_COMMAND=/usr/bin/zcat ++ # Compiling in support for embedded Perl: If you want to be able to ++@@ -942,6 +947,7 @@ + + # You probably need to add -lpam to EXTRALIBS, and in some releases of + # GNU/Linux -ldl is also needed. ++EXTRALIBS=-ldl + + + #------------------------------------------------------------------------------ - @@ -930,6 +936,8 @@ ZCAT_COMMAND=/usr/bin/zcat ++@@ -950,7 +956,7 @@ ++ # If you may want to use outbound (client-side) proxying, using Socks5, ++ # uncomment the line below. ++ ++-# SUPPORT_SOCKS=yes +++SUPPORT_SOCKS=yes ++ ++ # If you may want to use inbound (server-side) proxying, using Proxy Protocol, ++ # uncomment the line below. ++@@ -1038,6 +1044,8 @@ + + # CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux + ++# default in Debian's sasl2-bin ++CYRUS_SASLAUTHD_SOCKET=/var/run/saslauthd/mux + + #------------------------------------------------------------------------------ + # TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment - @@ -1233,6 +1241,7 @@ TMPDIR="/tmp" ++@@ -1343,6 +1351,7 @@ + # file can be specified here. Some installations may want something like this: + + # PID_FILE_PATH=/var/lock/exim.pid - +PID_FILE_PATH=/var/run/exim4/exim.pid +++PID_FILE_PATH=/run/exim4/exim.pid + + # If PID_FILE_PATH is not defined, Exim writes a file in its spool directory + # using the name "exim-daemon.pid". - @@ -1266,6 +1275,7 @@ TMPDIR="/tmp" ++@@ -1376,6 +1385,7 @@ + # messages become "invisible" to the normal management tools. + + # SUPPORT_MOVE_FROZEN_MESSAGES=yes ++SUPPORT_MOVE_FROZEN_MESSAGES=yes + + + #------------------------------------------------------------------------------ - @@ -1304,3 +1314,6 @@ TMPDIR="/tmp" ++@@ -1414,3 +1424,6 @@ + # ENABLE_DISABLE_FSYNC=yes + + # End of EDITME for Exim 4. ++ ++# enable IPv6 support ++HAVE_IPV6=YES diff --cc debian/EDITME.eximon.diff index d3d02a5,0000000..672f641 mode 100644,000000..100644 --- a/debian/EDITME.eximon.diff +++ b/debian/EDITME.eximon.diff @@@ -1,10 -1,0 +1,10 @@@ - --- exim_monitor/EDITME 2012-05-18 05:04:36.000000000 +0200 - +++ EDITME.eximon 2012-05-18 19:53:04.000000000 +0200 ++--- exim_monitor/EDITME 2017-02-12 00:58:50.000000000 +0000 +++++ EDITME.eximon 2017-02-12 14:19:40.765243359 +0000 +@@ -1,6 +1,7 @@ + ################################################## + # The Exim Monitor # + ################################################## ++# -*- makefile -*- + + # This is the template for the Exim monitor's main build-time configuration + # file. It contains settings that are independent of any operating system. It diff --cc debian/NEWS index f8041e4,0000000..ef106e2 mode 100644,000000..100644 --- a/debian/NEWS +++ b/debian/NEWS @@@ -1,264 -1,0 +1,450 @@@ - exim4 (4.84.2-2) jessie; urgency=medium ++exim4 (4.87-3) unstable; urgency=medium ++ ++ Starting with 4.87~RC1-1 exim will not accept or send out messages with ++ physical lines longer than 998 characters by SMTP DATA. Delivery of such ++ RFC-violating message might fail and subsequently cause routing errors and ++ loss of legitimate mail. See . ++ This limit can be disabled by setting the macro ++ IGNORE_SMTP_LINE_LENGTH_LIMIT. ++ ++ -- Andreas Metzler Sun, 08 May 2016 14:03:10 +0200 ++ ++exim4 (4.87-2) unstable; urgency=medium ++ ++ exim4-daemon heavy does not support the "demime" ACL condition ++ (WITH_OLD_DEMIME) anymore. It was superceded by the acl_smtp_mime ACL and ++ will not be part of the next upstream release. ++ ++ -- Andreas Metzler Sat, 30 Apr 2016 13:38:29 +0200 ++ ++exim4 (4.87~RC6-3) unstable; urgency=medium + + As part of the fix for CVE-2016-1531 updated Exim versions clean + the complete execution environment by default, affecting Exim and + subprocesses such as routers calling other programs, and thus may break + existing installations. New configuration options (keep_environment, + add_environment) were introduced to adjust this behavior. Because of the + possible breakage Exim will show a runtime warning if keep_environment is + not set. + + The Debian exim4 configuration does not rely on specific environment + variables and therefore sets 'keep_environment =' (i.e confirm empty + environment). + + Users of custom Exim configurations will need to check whether their setup + continues to work with the abovementioned upstream change and modify the + Exim environment as needed otherwise. If the setup works fine with empty + environment it is still necessary to set the main configuration option + "keep_environment =" to quiet the runtime warning. + + See for details. + - -- Andreas Metzler Mon, 28 Mar 2016 17:58:09 +0200 ++ -- Andreas Metzler Wed, 23 Mar 2016 18:44:22 +0100 ++ ++exim4 (4.80~rc6-1) experimental; urgency=low ++ ++ Upstream's handling of GnuTLS DH parameters has changed, hardcoded ++ parameters (from RFCs are used by default. See ++ /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping ++ /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl ++ and /var/spool/exim4/gnutls-params-2236. ++ ++ -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 ++ ++exim4 (4.80~rc2-1) experimental; urgency=low ++ ++ Ldap lookups returning multi-valued attributes now separate the attributes ++ with only a comma, not a comma-space sequence. ++ ++ The GnuTLS support has been mostly rewritten. exim main configuration ++ options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols, ++ are no longer supported. (They are ignored if present now, but will trigger ++ an error in later releases.) Their functionality is entirely subsumed into ++ tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list ++ and is not parsed by Exim, but is instead given to gnutls_priority_init(3). ++ ++ See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details. ++ ++ -- Andreas Metzler Sat, 22 Oct 2011 19:16:58 +0200 ++ ++exim4 (4.77~rc4-1) experimental; urgency=low ++ ++ Exim no longer performs string expansion on the second string of ++ the match_* expansion conditions: "match_address", "match_domain", ++ "match_ip" & "match_local_part". Named lists can still be used. ++ ++ The previous behavior made it too easy to create (remotely) vulnerable ++ configurations. A more detailed rationale and explanation can be found on ++ https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html ++ ++ -- Andreas Metzler Thu, 05 Oct 2011 19:22:52 +0200 ++ ++exim4 (4.72-3) unstable; urgency=low ++ ++ Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345. ++ This is a privilege escalation issue that allows the exim user to gain ++ root privileges by specifying an alternate configuration file using the -C ++ option. The macro override facility (-D) might also be misused for this ++ purpose. ++ ++ In reaction to this security vulnerability upstream has made a number of ++ user visible changes. This package includes these changes. ++ --------------------------------------------------------- ++ If exim is invoked with the -C or -D option the daemon will not regain ++ root privileges though re-execution. This is usually necessary for local ++ delivery, though. Therefore it is generally not possible anymore to run an ++ exim daemon with -D or -C options. ++ ++ However this version of exim has been built with ++ TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST ++ defines a list of configuration files which are trusted; if a config file ++ is owned by root and matches a pathname in the list, then it may be ++ invoked by the Exim build-time user without Exim relinquishing root ++ privileges. ++ ++ As a hotfix to not break existing installations of mailscanner we have ++ also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start ++ exim with -DOUTGOING while being able to do local deliveries. ++ ++ If you previously were using -D switches you will need to change your ++ setup to use a separate configuration file. The ".include" mechanism ++ makes this easy. ++ --------------------------------------------------------- ++ The system filter is run as exim_user instead of root by default. If your ++ setup requies root privileges when running the system filter you will ++ need to set the system_filter_user exim main configuration option. ++ --------------------------------------------------------- ++ ++ -- Andreas Metzler Sat, 18 Dec 2010 18:57:16 +0100 ++ ++exim4 (4.69-4) unstable; urgency=low ++ ++ In reaction to #475194, the size of the Diffie-Hellman parameters ++ used by exim was increased to 2048, which is GnuTLS's default. ++ ++ Since periodically regenerating the Diffie-Hellman parameters ++ doesn't increase security that much (they're sent in clear text in the ++ TLS handshake, and some protocols even have hardcoded them in the ++ standard document), and automatically generating 2048 bits ++ Diffie-Hellman parameters can take a long time, this has been disabled ++ in the Exim4 packages starting with 4.69-4. All exim installations ++ will thus run with the Diffie-Hellman parameters shipped in the ++ package by default. ++ ++ Really, really paranoid people with sufficiently fast machines will ++ want to set up a cron job calling ++ /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested ++ interval is weekly or monthly. ++ ++ -- Marc Haber Sun, 27 Apr 2008 09:14:32 +0200 + +exim4 (4.68-1) unstable; urgency=low + + In order to fix #420217, the handling of incoming messages to + system accounts has been changed once again. To allow system + account mail addresses to be redirected via traditional + /etc/aliases, system accounts are now processed later in the + router chain. + + This has made it necessary to change the default behavior of the + real- prefix. real-foo is now only accessible for locally + generated messages, such as the error message generated by the + userforward router. If you need the old behavior back, set the + macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can + entirely switch off the real- processing by setting + COND_LOCAL_SUBMITTER=false. + + -- Marc Haber Thu, 04 Oct 2007 22:34:01 +0200 + +exim4 (4.67-6) unstable; urgency=low + + acl_whitelist_local_deny was renamed to acl_local_deny_exceptions + to avoid confusion. This means changes to ACLs, file names in + /etc/exim4/conf.d/acl and the exception list file names themselves. + + CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist + have been renamed to CONFDIR/host_local_deny_exceptions and + CONFDIR/sender_local_deny_exceptions. The old files will continue + to be honored for a transition period. + + The old file conf.d/acl/20_exim4-config_whitelist_local_deny will + get a .dpkg-bak suffix if it had local changes, and it will be + removed if there were no local changes. In the case of local changes, + you'll need to repeat these changes in the new file + conf.d/acl/20_exim4-config_local_deny_exceptions. + + -- Marc Haber Wed, 05 Sep 2007 21:22:22 +0200 + +exim4 (4.67-5) unstable; urgency=low + + The macro generation in update-exim4.conf has been changed once + more. update-exim4.conf now looks for the (non-commented!) + definition of the exim configuration macro UPEX4CmacrosUPEX4C to + an arbitrary, non-empty value, and inserts the generated macro + definitions right after this line, without changing it. + + update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which + used to be the place marker in earlier 4.67-x versions) and barfs + if it finds them anywhere in /etc/exim4/exim4.conf.template or + recursively /etc/exim4/conf.d. This check - as a feature - also + includes files that would normally be excluded by + update-exim4.conf, such as .dpkg-old and .dpkg-dist files. + + If you insist on having a commented UPEX4CmacrosUPEX4C in your + exim configuration and don't want update-exim4.conf to barf, set + the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value. + + -- Marc Haber Thu, 28 Jun 2007 08:29:36 +0200 + +exim4 (4.67-4) unstable; urgency=low + + Since a lot of users did not read the docs while upgrading and + filed bug reports about exim4-config failing to install due to a + "malformed macro definition", update-exim4.conf.conf now checks + for DEBCONFsomethingDEBCONF strings anywhere in + /etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d + and barfs if such strings are found. This check - as a feature - also + includes files that would normally be excluded by + update-exim4.conf. + + It _is_ necessary to either accept the offered configuration file + change _or_ to manually check a manually changed exim config. Exim + will _NOT_ run if a configuration file of an older version is + being used with a more recent exim4-config. + + If you insist on having DEBCONFsomethingDEBCONF strings in your + exim configuration and don't want update-exim4.conf to barf, set + the exim macro DEBCONFstringOK_config_adapted to a non-empty + value. + + -- Marc Haber Fri, 22 Jun 2007 12:50:38 +0200 + +exim4 (4.67-2) experimental; urgency=low + + The symlink /etc/exim4/email-addresses caused data loss for people + who had a local file named /etc/exim4/email-addresses. The Debian + tools do not handle symlinks in /etc which are contained in + packages very well, so we decided to simply remove it. Please + submit a tested patch if you think that it would be a more elegant + way to handle the transition from /etc/exim4/email-addresses to + /etc/email-addresses. + + There is now a possibility to modify handling of incoming messages + to system accounts, identified by their UID (see + conf.d/router/250_exim4-config_lowuid). If you want this, set the + macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of + your first "real" user account. Incoming messages for an account + with an UID below that value get routed according to the extra + alias file /etc/exim4/lowuid-aliases. If an account does not have + an alias there, it gets routed to the value of the macro + DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to + system accounts" and gets the message rejected. You can use this + mechanism to route all messages for system accounts to a single + address, with exceptions. Locally generated messages are not + processed by this facility. + + Generation of the final exim configuration has changed. The + configuration no longer has the DEBCONFsomethingDEBCONF + placeholders. All data from Debconf are put into exim + configuration macros by update-exim4.conf, which are then + appropriately picked up by the configuration itself. There should + be no visible change to people who have not modified their + configuration, but customized configurations need to adapt. + + We now do basic sanitizing of input read from + update-exim4.conf.conf. If your update-exim4.conf complains about + non-ascii values, you have found a bug. Please report it. + + -- Marc Haber Mon, 11 Jun 2007 14:09:24 +0200 + +exim4 (4.62-7) unstable; urgency=low + + Bug #392993 says that 4.63-5 and -6 have overwritten manual + setting of dc_local_delivery with one of the default versions if + you have set dc_local_delivery to a value that is not either + mail_spool or maildir_home. Please verify that your + dc_local_delivery does still point to the transport you have + chosen. + + Please note that the debconf configuration only supports plain + lists. Advanced features like "dsearch;" entered there may work + today, but are not guaranteed to continue working in the future. + + If you want to use such features, please use the macros made + available for use in the configuration or edit the configuration + itself. + + This allows us to use semicolons as list delimiters consistently + while still being backwards compatible to colon-separated lists + without driving code complexity up too high. + + Starting with this version, update-exim4.conf will print a warning + if a dsearch lookup is found in the list of local domains, + dc_local_domains since there is a HOWTO on the Internet that + recommends doing this kind of things and this will _not_ work any + more. + + -- Marc Haber Sun, 15 Oct 2006 10:00:15 +0000 + +exim4 (4.62-4) unstable; urgency=low + + exim4-config has had its debconf templates re-worked. Basic + functionality is unchanged, so you shouldn't expect a real + difference. The priority of most questions has been lowered to + medium, so that the Installer can install exim4 with no questions + being asked. The default is local delivery only. Mail messages for + root and postmaster are delivered to an mbox file in + /var/mail/mail, make sure to read them. + + You can do the full exim4 configuration by calling + dpkg-reconfigure exim4-config as root. + + It is now finally possible to configure exim4 to deliver outgoing + mail to a smarthost on a port number different from 25 via debconf. + + -- Marc Haber Mon, 9 Oct 2006 14:12:25 +0000 + +exim4 (4.62-3) unstable; urgency=low + + A template for SPF support is now provided. It is disabled by + default, and relies on external calls to spfquery(1) from the + libmail-spf-query-perl package. For details, check README.Debian, + and conf.d/acl/30_exim4-config_check_rcpt. + + -- Robert Millan Fri, 28 Jul 2006 22:43:56 +0200 + +exim4 (4.62-1) unstable; urgency=low + + Please note that the handling of update-exim4.conf.conf has + changed with regard to dc_local_interfaces and dc_relay_nets: If + the strings given there contain a semicolon, the string "<;" is + now prepended to the value written to the configuration file to + consider ; a list separator. This significantly helps writing down + IPv6 addresses, but means that if you use complex things like + lookups in update-exim4.conf.conf, you'll have to change your + configuration to use the macros that directly interfere with the + configuration. + + 127.0.0.1 and ::1 have been removed from the default hostlist + relay_from_hosts - these addresses are now added by + update-exim4.conf with the appropriate separator. If you set + MAIN_RELAY_NETS manually, you'll need to add these two addresses + to your local host list. + + -- Marc Haber Sat, 29 Apr 2006 22:36:31 +0000 + ++exim4 (4.60-2) unstable; urgency=low ++ ++ The exim4 daemon packages now include a symlink from ++ /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and ++ init scripts if the last exim 3 you had installed was any earlier ++ than 3.36-5 and the conffiles from your exim 3 package are still ++ around. Be sure to have any exim 4 earlier than 3.36-5 _purged_ ++ (not removed) before installing this package. ++ ++ -- Marc Haber Wed, 24 Jan 2006 14:58:08 +0100 ++ +exim4 (4.50-5) unstable; urgency=low + + mailname, the local name of the system used to qualify senders and + recipients is no longer a local domain by default. Having local + delivery for that host name used to break satellite and smarthost + setups where no local delivery was expected. + /etc/exim4/update-exim4.conf.conf is modified automatically on + upgrade from the appropriate earlier versions, so if you don't do any + funky things with /etc/exim4/update-exim4.conf.conf, you should be fine. + + -- Marc Haber Sat, 2 Apr 2005 20:31:27 +0200 + +exim4 (4.43-3) unstable; urgency=low + + /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! + The last version of exim4 that shipped this file was uploaded on the + 19th of May 2003, and I really do not want to start sarge with cruft like + that. + + -- Andreas Metzler Mon, 10 Jan 2004 10:05:34 +0100 + +exim4 (4.34-1) unstable; urgency=low + + Debconf will not ask for relay_domains if configuring smarthost or + satellite-type systems. - This functionality was untested and could + generate mail-loops. + + -- Andreas Metzler Wed, 12 May 2004 13:42:23 +0200 + ++exim4 (4.31-2) unstable; urgency=low ++ ++ The local_scan perl-plugin has been removed because upstream ++ development has stopped. (am) ++ ++ -- Andreas Metzler Mon, 5 Apr 2004 15:55:12 +0200 ++ +exim4 (4.30-5) unstable; urgency=low + + (Re)introduce /etc/exim4/exim4.conf.template as alternative to the + multiple small files in /etc/exim4/conf.d/ and make it the default choice + for fresh installations. This trades in a loss of comfort (you will again + need to merge in each small change manually) for increased stability. + + -- Andreas Metzler Sun, 11 Jan 2004 13:03:43 +0100 + ++exim4 (4.30-1) unstable; urgency=low ++ ++ * Exim now runs under its own uid (Debian-exim) instead of using mail:mail. ++ ++ WARNING: You cannot downgrade this version to an older one without ++ manual chown|chrgrp all files owned by Debian-exim to mail. ++ ++ Securitywise this is a tradeoff: ++ - if exim is SUID root and runs without deliver_drop_privilege you win: ++ exim's internal data in /var/spool/exim4 is not open to attacks by ++ bugs in programs SGID mail (mail delivery agents like deliver or ++ procmail, or MUAs like pine) anymore. This is Debian's default setup. ++ - OTOH if you need to be able to make local deliveries to /var/mail and ++ want to run exim with reduced priviledge you have some additional work ++ to do: ++ * Use an SGID MDA for the actual delivery (I suggest maildrop.) ++ * Make changes to run exim4 under group mail: ++ - exim_group=mail. ++ - Hack: make Debian-exim a group with gid=8, i.e. an alias for ++ the mail group, _before_ you make the upgrade. (groupadd -o -g 8 ++ Debian-exim) ++ ++ -- Andreas Metzler Sun, 7 Dec 2003 13:59:46 +0100 ++ ++exim4 (4.24-1) unstable; urgency=low ++ ++ * This version of exim cannot run deliveries as root anymore, see change ++ 5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you ++ don't redirect mail for root via /etc/aliases to a nonpriviledged ++ account the mail will be delivered to /var/mail/mail with permissions ++ 0600 and owner mail:mail. ++ ++ -- Andreas Metzler Fri, 3 Oct 2003 18:11:17 +0200 ++ ++exim4 (4.22-2) unstable; urgency=low ++ ++ Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in ++ -heavy and -custom for easy integration of content-scanning and ++ invoking spamassassin at SMTP time. ++ ++ -- Andreas Metzler Wed, 27 Aug 2003 12:50:59 +0200 ++ ++exim4 (4.22-1) unstable; urgency=low ++ ++ * The way that the $h_ (and $header_) expansions work has been changed ++ by the addition of RFC 2047 decoding. See the main documentation (the ++ NewStuff file until release 4.30, then the manual) for full details. ++ ++ Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8" ++ ++ -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200 ++ +exim4 (4.20-2) unstable; urgency=low + + Rewriting now uses /etc/email-addresses instead of + /etc/exim4/email-addresses like exim v3 did. Please move the contents to + the new file and delete the old one, when you have time to spare. + + -- Andreas Metzler Tue, 15 Jul 2003 10:20:15 +0200 diff --cc debian/README.Debian.xml index 30c5961,0000000..8fa7422 mode 100644,000000..100644 --- a/debian/README.Debian.xml +++ b/debian/README.Debian.xml @@@ -1,1978 -1,0 +1,1961 @@@ + + +
Exim 4 for Debian +
Introduction + + If you're reading this, you have found the README.Debian + file. This is good, thanks! Please continue reading this file in + its entirety. It is full of important information and has been + written with the questions in mind that keep popping up on the + mailing lists. + +
How to find your way around the Documentation + + Exim comes with very extensive documentation. Here is how to + find it. + + + + A lot of information about Debian's Exim 4 + packaging can be found in this document. + + + + + The packages contain a lot of Debian-specific man pages. + Use the apropos exim command to get a list. + + + + + Most files that control the default configuration are + documented in the exim4-config_files(5) man page, which + is symlinked to the file names. man <filename> should + lead you to the page. + + + + + The Debian Exim 4 packages have their own + + Home Page + which also links to a User FAQ. + + + + + The very extensive Upstream documentation is shipped + + + + in text form + (/usr/share/doc/exim4-base/spec.txt.gz) + with the binary packages. + + + + + in HTML in the package + exim4-doc-html + + + + + as a Texinfo file in the package + exim4-doc-info + + + + + + + + + Please note that documentation found on the web or in other + parts of the Debian system (such as the Debian Reference) + might be outdated and thus give wrong advice. In doubt, the + documentation listed above should take precedence. + +
+
Getting Support + + For your questions and comments, there is a + Debian-specific mailing list. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if + you are sure that your question is not Debian-specific. + Debian-specific questions are more likely to find answers on + our pkg-exim4-users mailing list, while complex custom + configuration issues might be more easily solved on the + upstream exim-users mailing list because of the broader and + more experienced audience there. You can subscribe to + pkg-exim4-users + via the subscription web page; you need to be + subscribed to post. + + + If you think that your question might be more easily answered + if one knows a bit about your configuration, you might want to + execute reportbug --subject="none" --offline --quiet + --severity=wishlist --body="none" --output=exim4.reportbug + exim4-config on the system in question, answer yes + to both "include [extended] configuration" questions and include + the contents of the exim4.reportbug file generated by this + command with your question. Please check whether the file + contains any confidential information before sending. + +
+
Packaging + + Similar to the Apache2 package, Exim 4 is an entirely + different package that does not currently offer a smooth + upgrade path from Debian's Exim 3 packages. + + + It is the first Exim package in Debian that can be configured + using debconf. However, the entire configuration framework is + extremely flexible, allowing you to get exactly the amount of + control you need for the job at hand. + + + The development web page contains a lot of + useful links and other information. The subversion repository + of the Debian package is available for public read-only access + and is linked from the development web page. + +
Feature Sets in the daemon packages + + To use Exim 4, you need at least the following packages: + + + exim4-base + + support files for all Exim MTA (v4) packages + + + + exim4-config + + configuration for the Exim MTA (v4) + + + + exim4-daemon-light + + lightweight exim MTA (v4) daemon + + + + + + Just apting the metapackage exim4 will pull + in the other packages per dependency. You'll get an exim daemon + with minimal feature set (no external lookups). + + + If you need more advanced features like LDAP, sqlite, PostgreSQL + and MySQL data lookups, SASL and SPA SMTP authentication, embedded + Perl interpreter, and exiscan-acl for integration of + virus-scanners and SpamAssassin, you can replace + exim4-daemon-heavy instead of + exim4-daemon-light. Additionally, the source + package offers infrastructure to build your own custom-tailored + exim4-daemon-custom which exactly fits your special local needs. + The infrastructure to do so is already in place, see + debian/rules for instructions. + +
+
How to build a custom daemon + + The process of building a custom daemon is partially + documented in the debian/rules file + in the source package. Patches for more documentation are welcome. + +
+
+
+
Configuration of Exim 4 in the Debian packages + + Generally, the Debian Exim 4 packages are configured through + debconf. You have been asked some questions on package installation, + and your initial Exim configuration has been created from your + answers. You can repeat the configuration process any time by invoking + dpkg-reconfigure exim4-config. If you are an + experienced Exim administrator and prefer to have your own, + hand-crafted, non-automatic Exim configuration, you will find + information about how to do so in + . + + + The debconf-driven configuration is mainly geared for a + one-domain shell account machine/workstation with local delivery + as suggested by the original upstream default configuration. + If you configure the packages to handle more than one local + domain, all local domains are treated identically. The domain + part is not used for routing and filtering decisions. + + + Despite the default configuration being extended somewhat from + the original upstream, chances are that you'll need to + manually change the Exim configuration with an editor if you intend to + do something that is not covered by the debconf-driven configuration. + It has never been the packages' intention to offer all possible + configuration methods through debconf. The configuration files are + there to be changed, feel free to do so if you see fit. The Debian + Exim 4 maintainers have tried to make the configuration as flexible as + possible so that manual intervention can be minimized. + + + If you need to make manual changes to the Exim configuration, + please be familiar with how Exim works. At minimum, have read this + README file and the manpages delivered with the Debian Exim 4 + packages, and /usr/share/doc/exim4-base/spec.txt.gz - chapters 3 and 6. spec.txt.gz is an excellent - reference. ++ chapters "How Exim receives and delivers mail" and ++ "The Exim run time configuration file". ++ spec.txt.gz is an excellent reference. + + + Please note that while most free-form fields in the + debconf-driven configuration have the entered string end up + verbatim in Exim's configuration file (and thus using more + advanced features like host, address and domain lists is possible + and will probably work), this is not officially supported. + Only plain lists are supported in the debconf dialogs. You may + use more advanced features, but they may stop working any time + during upgrades. + +
The Configuration System +
The Debconf questions + + In this section, we try to document and explain the debconf + questions, which are themselves limited to a small screen of + information and might leave questions unanswered. Since you + can usually read this file only after having answered the + questions, the process can always be repeated by invoking + dpkg-reconfigure exim4-config. + /etc/exim4/update-exim4.conf.conf, + documented in the update-exim4.conf + manual page, is + a simple shell-script snippet used to store the answers + that you passed to debconf when initially configuring Exim. + You may also modify this file with an editor of your choice. + The package maintainer scripts can handle this and will + preserve your changes. + +
General type of mail configuration + + This is the main configuration question which will + control which of the remaining questions are + presented to you. It also controls things like daemon + invocation and delivery of outgoing mail. + +
internet site; mail is sent and + received directly using SMTP + + This option is suitable for a standalone system + with full internet connectivity. + + + + + The Exim SMTP daemon will accept messages + to local domains, and deliver them locally. + + + + + Outgoing mail will be delivered directly + to the mail exchange servers of the + recipient domain + + + +
+
mail sent by smarthost; received via + SMTP or fetchmail + + This option is suitable for a standalone client system + which has restricted internet connectivity, for + example on a residential connection where an SMTP + smarthost is used. Some ISPs block outgoing SMTP + connections to combat the spam problem, thus + requiring the use of their smarthosts. It is + generally a good idea to use the ISPs smart host + if one is connected with a dynamic IP address + since quite a few sites do not accept mail + directly delivered from a dial-in pool. + + + fetchmail can be used to retrieve incoming mail + from the ISP's POP3 or IMAP mail server and + deliver it to Exim via SMTP. + + + + + The Exim SMTP daemon will accept messages + to local domains, and deliver them locally. + + + + + Outgoing mail will always be delivered to + the smarthost configured in exim4. + + + +
+
mail sent by smarthost; no local mail + + This option is suitable for a client system in a + computer pool which is not responsible for a local + e-mail domain. All locally generated e-mail is + sent to the smarthost without any local domains. + +
+
local delivery only; not on a network + + This option is suitable for a standalone system + with no networking at all. Only messages for configured + local domains are accepted and delivered locally; + messages for all other domains are rejected: + ``Mailing to remote domains not supported''. + +
+
no configuration at this time + + This option disables most of Debian's automatisms + and leaves exim in an unconfigured state. + update-exim4.conf will still copy + /etc/exim4/exim4.conf.template + or concatenate the files from + /etc/exim4/conf.d, and will + not generate any configuration control macros. + Unless you manually edit the configuration source, + this will leave Exim with a syntactically invalid + configuration file, thus in a state where the + daemon won't even start. + + + Only choose this option if you know what you're + doing and are prepared to create your own Exim + configuration. + + + dpkg-conffile handling is still in place, and you + will be offered updates for configuration + snippets, as soon as they become available. + +
+
+
System mail name + + The "mail name" is the domain name used to "qualify" + mail addresses without a domain name. + + + This name will also be used by other programs. It + should be the single, full domain name (FQDN). + + + For example, if a mail address on the local host is + foo@example.org, then the correct value for this + option would be example.org. + + + Exim, as a rule, handles only fully qualified mail + addresses, that is, addresses with a local part, an @ + sign and a domain. If confronted with an unqualified + address, that is, one without @ sign and without + domain, first thing exim does is qualify the address + by adding the @ sign and a domain. + + + This qualification happens for all addresses exim + encounters, be it sender, recipient or else. + + + The domain name used to qualify unqualified mail addresses + is called ``mail name'' on Debian systems and entered + in this debconf dialog. What you enter here will end + up in /etc/mailname, which is a + file that might be used by other programs as well. + + + In some configuration types, the package configuration + will offer you, at a later step, to hide this name + from outgoing messages by rewriting the headers. + +
+
IP addresses to listen on for incoming SMTP + connections + + Please enter a semicolon-separated list of IP addresses. + The Exim SMTP listener daemon will listen on all IP + addresses listed here. + + + An empty value will cause Exim to listen for connections + on all available network interfaces. + + + If this system does only receive e-mail directly from + local services (and not from other hosts), + it is suggested to prohibit external connections to the + local Exim daemon. Such services include e-mail + programs (MUSs) which talk to localhost only as well as + fetchmail. External connections are impossible when + 127.0.0.1 is entered here, as this will disable listening + on public network interfaces. + + + Do not change this unless you know what you are doing. + Altering this value could post a security risk to your + system. For most users, the default value is sufficient. + +
+
Other destinations for which mail is accepted + + Please enter a semicolon-separated list of recipient + domains for which this machine should consider itself + the final destination. These domains are commonly + called 'local domains'. The local hostname and 'localhost' + are always added to the list given here. + + + By default all local domains will be treated + identically. If both a.example and b.example are + local domains, acc@a.example and acc@b.example will + be delivered to the same final destination. If + different domain names should be treated differently, + it is necessary to edit the config files afterwards. + + + The answer to this question ends up in the list of + domains that Exim will consider local domains. Mail + for recipients in one of these domains will be + subject to local alias expansion and then delivered + locally in the appropriate configuration types. + +
+
Domains to relay mail for + + Please enter a semicolon-separated list of recipient + domains for which this system will relay mail, for + example as a fallback MX or mail gateway. This means + that this system will accept mail for these domains + from anywhere on the Internet and deliver them + according to local delivery rules. + + + Do not mention local domains here. Wildcards may be used. + + + The answer to this question is a list of the domains + for which Exim will relay messages coming in from anywhere + on the Internet. + +
+
Machines to relay mail for + + Please enter a semicolon-separated list of IP address + ranges for which this system will unconditionally relay + mail, functioning as a smarthost. + + + You should use the standard address/prefix format + (e.g. 194.222.242.0/24 or 5f03:1200:836f::/48). + + + If this system should not be a smarthost for any + other host, leave this list blank. + + + Please note that systems not listed here can still use + SMTP AUTH to relay through this system. If this system + only has clients on dynamic IP addresses that use SMTP + AUTH, leave this list blank as well. Do + NOT list 0.0.0.0/0! + + + Warning: While it is possible to use + hostnames instead of IP addresses in this + list extra care needs to be taken in this case. + Unresolvable names in the host list will break + relaying. See - - Exim specification - chapter Domain, host, address, and - local part lists - and the exim4-config_files man page. ++ Exim specification chapter "Domain, host, address, and ++ local part lists" ++ and the exim4-config_files man page. + +
+
IP address or host name of the outgoing + smarthost + + Please enter the IP address or the host name of a mail + server that this system should use as outgoing + smarthost. If the smarthost only accepts your mail on + a port different from TCP/25, append two colons and + the port number (for example smarthost.example::587 or + 192.168.254.254::2525). Colons in IPv6 addresses need + to be doubled. + + + If the smarthost requires authentication, please refer + to for notes about setting + up SMTP authentication. + + + Multiple smarthost entries are permitted, semicolon + separated. Each of the hosts is tried, in the order - specified (See Exim specification, chapter 20.5). ++ specified (See Exim specification, chapter ++ "The manualroute router", section ++ "How the list of hosts is used".) + +
+
Hide local mail name in outgoing mail + + The headers of outgoing mail can be rewritten to make + it appear to have been generated on a different + system, replacing the local host name in From, + Reply-To, Sender and Return-Path. + +
+
Visible domain name for local users + + If you ask Exim to hide the local mail name in + outgoing mail, it will next ask you for the domain + name that should be visible for your local users. + These information is then used to establish the + appropriate rewriting rules. + +
+
Keep number of DNS queries minimal + (Dial-on-Demand) + + In normal mode of operation Exim does DNS lookups at + startup, and when receiving or delivering messages. + This is for logging purposes and allows keeping down + the number of hard-coded values in the configuration. + + + If this system does not have a DNS full service + resolver available at all times (for example if its + Internet access is a dial-up line using + dial-on-demand), this might have unwanted + consequences. For example, starting up Exim or + running the queue (even with no messages waiting) + might trigger a costly dial-up-event. + + + This option should be selected if this system is + using Dial-on-Demand. If it has always-on Internet + access, this option should be disabled. + +
+
Delivery method for local mail + + Exim is able to store locally delivered mail in + different formats. The most commonly used ones are + mbox and Maildir. mbox uses a single file for the + complete mail folder stored in /var/mail/. With + Maildir format every single message is stored in a + separate file in ~/Maildir/. + + + Please note that most mail tools in Debian expect the + local delivery method to be mbox in their default. + +
+
Split configuration into small files + + Our packages offer two (actually three, see + ) + possibilities: + + + + + Generate Exim's configuration from + /etc/exim4/exim4.conf.template, + which is basically a normal Exim run-time + configuration file which will be supplemented + with some macros generated from Debconf in a + post-processing step before it is passed to exim. + + + + + Generate Exim's configuration from the + multiple files in + /etc/exim4/conf.d/. The + directories in + /etc/exim4/conf.d/ + correspond to the sections of the Exim + run-time configuration file, so you should + easily find your way around there. + + + + + Splitting the configuration across multiple files + means that you have the actual configuration file + automatically generated from the files below + /etc/exim4/conf.d/ by invoking + update-exim4.conf. Each section + of Exim's configuration has its own subdirectory and + the files in there are supposed to be read in + alphanumeric order. + router/00_exim4-config_header + is followed by + router/100_exim4-config_domain_literal, + ... + + + If you chose unsplit configuration, + update-exim4.conf builds the + configuration from + /etc/exim4/exim4.conf.template, + which is basically the files from + /etc/exim4/conf.d/ concatenated + together at package build time, and thus guarantees + consistency on the target system. + + + In both cases, update-exim4.conf + generates exim configuration macros from the debconf + configuration values and puts them into + the actual configuration file, which is then used by + the Exim daemon. See the + update-exim4.conf manual + page for more in-depth information about this + mechanism. + + + Benefits of the split configuration approach: + + + + it means less work for you when upgrading. + If we shipped one big file and modified + for example the Maildir transport in a new + version you won't have to do manual + conffile merging unless you had changed + exactly this + transport. + + + + + It allows other packages (e.g. sa-exim) to + modify Exim's configuration by dropping + files into + /etc/exim4/conf.d. + This needs, however quite exact syncing + between the exim4 packages and the other, + cooperating package. + + + + + + Drawbacks of the split configuration approach: + + + + It is more fragile. If files from + different sources (package, manually + changed, or other package) get out of + sync, it is possible for Exim to break + until you manually correct this. This can + for example happen if we decide to add a + new option to the Debian setup of a later + version, and you have already set this + option in a local file. + + + + + + Benefits of the unsplit configuration approach: + + + + People familiar with configuring Exim may + find this approach easier to understand as + exim4.conf.template + basically is a complete Exim configuration + file which will only undergo some basic + string replacement before is it passed to + exim. + + + + + Split-config's fragility mentioned + above does not occur. + + + + + + Drawbacks of the unsplit configuration approach: + + + + Will require manual intervention in case of an + upgrade. + + + + + + If in doubt go for the unsplit config, because it is + easier to roll back to Debian's default configuration + in one step. If you intend to do many changes to the + Debian setup, you might want to use the split config + at the price of having to more closely examine the + config file after an update. + + + We'd appreciate a patch that uses ucf and the + 3-way-merge mechanism offered by that package. It + might be the best way to handle the big configuration + file. + + + If you are using unsplit configuration, have local + changes to /etc/exim4/conf.d/ + (either made by yourself or by other packages dropping + their own routers or transports in) and want to + re-generate + /etc/exim4/exim4.conf.template to + activate these changes, you can do so by using + update-exim4.conf.template. + +
+
+
Access Control in the default configuration + + The Debian exim 4 packages come with a default configuration + that allows flexible access control and blacklisting of + sites and hosts. The acls involved can be found in + /etc/exim4/conf.d/acl, or in /etc/exim4/exim4.conf.template, + depending on which configuration scheme you use. Most + rejections of messages due to this mechanism happen at RCPT + time. Local configuration of the mechanisms happens through + data files in /etc/exim4 or via Exim macros that you can set + in /etc/exim4/conf.d/main, so there is normally no need to + change the files in the acl subdirectory in a split-config + setup. If you use the non-split config, you need to edit + /etc/exim4/exim4.conf.template, which, as a big + dpkg-conffile, won't give you any advantage of the .ifdef + scheme. + + + The data files are documented in the exim4-config_files man + page. + + + The access lists delivered with the exim4 packages also + contain quite a few configuration options that are too + restrictive to be active by default on a real-life site. + These are masked by .ifdef statements, can be activated by + setting the appropriate macros, and are documented in the + ACL files itself. + +
+
Using Exim Macros to control the + configuration + + Our configuration can be controlled in a limited way by + setting macros. That way, you can switch on and off certain + parts of the default configuration and/or override values set + in Debconf without having to touch the dpkg-conffiles. While - touching dpkg-conffiles itself is explitly allowed and wanted, ++ touching dpkg-conffiles itself is explicitly allowed and wanted, + it can be quite a nuisance to be asked on package upgrade + whether one wants to use the locally changed file or the + file changed by the package maintainer. + + + Whenever you see an .ifdef or + .ifndef clause in the configuration file, + you can control the appropriate clause by setting the macro in + a local configuration file. For split configuration, you can + drop the local configuration file anywhere in + /etc/exim4/conf.d/main. Just make sure it + gets read before the macro is first used. + 000_localmacros is a possible name, + guaranteeing first order. For a non-split configuration, + /etc/exim4/exim4.conf.localmacros gets + read before + /etc/exim4/exim4.conf.template. To + actually set the macro EXIM4_EXAMPLE to the + value "this is a sample", write the following line + + + EXIM4_EXAMPLE = this is a sample + + + into the appropriate file. For more detailed discussion of the + general macro mechanism, see the Exim specification, chapter - 6.4, for details how macro expansion works. ++ "The Exim run time configuration file", for ++ details how macro expansion works. + +
+
How does this work? + + The script update-exim4.conf parses the + /etc/exim4/update-exim4.conf.conf file + and provides the configuration for the exim daemon. + + + Depending on the value of + dc_use_split_config, it either + + + + takes all the files below + /etc/exim4/conf.d/ and + concatenates them together or + + + + + uses exim4.conf.template as + input. + + + + The debconf-managed information from + /etc/exim4/update-exim4.conf.conf is + merged into the generated configuration file by generating a + number of Exim configuration macros. + + + DCsmarthost, for example, is set to the + value of $dc_smarthost + in /etc/exim4/update-exim4.conf.conf + which holds the answer to "Which machine will act as the + smarthost and handle outgoing mail?" + + + The result of these operations is saved as + /var/lib/exim4/config.autogenerated, + which is not a dpkg-conffile! Manual + changes to this file will be overwritten by + update-exim4.conf. + + + Please consult update-exim4.conf manpage + for more detailed information. + + + update-exim4.conf is invoked by the init + script prior to any operation that may invoke an exim process, + and gives an error message if the generated config file is + syntactically invalid. If you want to activate your changes to + files in conf.d/ just execute invoke-rc.d exim4 restart. + +
+
How do I do minor tweaks to the configuration? + + Some times, you want to do minor adjustments to the Exim + configuration to make Exim behave exactly like you want it + to behave. There are the following possibilities to modify + Exim's behavior. + +
Adjustments supported by the debconf configuration + + If you want to modify parameters that are supported by the + debconf configuration, things are easy. Just invoke + dpkg-reconfigure exim4-config or hand-edit + /etc/exim4/update-exim4.conf.conf to your + liking and restart Exim. + + + You can find explanation of the debconf questions in . + Additionally, + /etc/exim4/update-exim4.conf.conf + is documented in the update-exim4.conf + man page. + +
+
Adjustments controlled by macros in the Debian Exim configuration + + Some aspects of the Debian Exim configuration can be + controlled by Exim macros. To find out about these, you + need basic understanding of Exim configuration. Just look + in our Exim configuration and see which macro needs to be + set to a different value to alter Exim's behavior. + + + gives a closer explanation about + how to do this. + +
+
Making direct changes to the Debian Exim configuration + + You can, of course, make direct change to the + configuration. All configuration files in /etc/exim4 are + dpkg-conffiles, and you can thus edit them any time. Your + changes will be preserved through updates. You need to + know about how to configure Exim to be successful. + + + If you use unsplit configuration, edit + /etc/exim4/exim4.conf.template. If you use + split configuration, edit the Exim configuration snippets in + /etc/exim4/conf.d. + + + More information about how the Exim configuration is built + can be found in this document and in the + update-exim4.conf manual page. + +
+
+
Using a completely different configuration scheme + + If you are an experienced Exim administrator, you might feel + working with our pre-fabricated configuration + cumbersome and complex. You might feel right if you need to + make more complex changes and do not need to receive updates + from us. This section is going to tell about how to use + your own configuration. + + + But, you might profit from keeping the Debian magic. Most + files that come with Debian exim4 are conffiles. Debian is + going to care about your changes and keeps them around. + Additionally, a lot of configuration options can be + overridden with a macro, which does not require you to + actually change our configuration file. A lot of people are + using our configuration scheme, and maybe it is going to + save you a lot of time if you decide to spend some time + familiarizing yourself with our scheme. + +
Override exim4-config configuration magic + + If you are only running a small number of systems and + want to completely disable Debian's magic, just take + your monolithic configuration file and install it as + /etc/exim4/exim4.conf. Exim will + use that file verbatim. To have something to start, + you can either take + /etc/exim4/exim4.conf.template, + run update-exim4.conf --keepcomments --output + /etc/exim4/exim4.conf, or use upstream's + default configuration file that is installed as + /usr/share/doc/exim4-base/examples/example.conf.gz. + You are going to lose all magic you get from packaging + though, so you need to be familiar with Exim to build + an actually working config. + + + /var/lib/exim4/config.autogenerated, + the file generated by + update-exim4.conf, is ignored as soon + as /etc/exim4/exim4.conf is found. + You should not edit + /etc/exim4/exim4.conf directly when + Exim is running, because the forked processes Exim starts + for SMTP receiving or queue running would use the new + configuration file, while the original main exim-daemon + would still use the old configuration file. + + + Some third-party HOWTOs that reference Debian and + claim to make things easy suggest dumping a + pre-fabricated, static config file to + /etc/exim4/exim4.conf. This is + considered bad advice by the Debian maintainers since + you are going to disable all updates and service magic + that Debian might deliver in the future this way. If + you do not know exactly what you're doing here, this + is a bad choice. We try to comment on external HOWTOs + found on the web in the Debian + Exim4 User FAQ to help you find out which + advice to follow. + +
+
Replacing exim4-config with your own exim4 configuration package. + + We split off Exim's configuration system (debconf, + update-exim4.conf, and the files in + /etc/exim4/conf.d) to a separate + package, exim4-config. If you want to, you can replace + exim4-config by something entirely different. The other + packages don't care. Your package needs to: + + + + Provides: exim4-config-2, Conflicts: + exim4-config-2,exim4-config + + + + + drop the Exim 4 configuration either into + /var/lib/exim4/config.autogenerated + or into /etc/exim4/exim4.conf. + + + + Your package must provide an executable update-exim4.conf + that must be in root's path (/usr/sbin recommended). The init + script will invoke that executable prior to invoking the + actual exim daemon. If you do not need that script, have it exit 0. + + + If you want to create your own configuration packages, there is a + number of helpers available. + + + + The Exim 4 Debian svn repository holds sources for a + exim4-config-simple package which contains a simple, not + debconf-driven configuration scheme as an example which can + be used as a template for a classical, exim4.conf based + configuration scheme. + + + + + The Exim 4 Debian svn repository holds sources for a + exim4-config-medium package which contains the conf.d + driven configuration of the main package with the + debconf interaction removed. This can be used to create + your own non-debconf configuration package that uses the + conf.d mechanism. + + + + + Finally, you can invoke the script + debian/config-custom/create-custom-config-package + which will create a new source package + "exim4-config-custom" with the debconf-driven config + scheme of exim4-config for your local modification. + + + + Please note that exim4-config-simple and + exim4-config-medium are only targeted to be used as a + template. The configurations contained are not + suitable for productive use. Of course, the Debian + maintainers appreciate any patches you might find + suitable. The scripts in exim4-config-simple and + exim4-config-medium may not work at all in your + environment. Unfortunately, they have not been + updated in a long time as well. We are willing to + accept patches. + + + See the development web page for links to the subversion + repository. + + + Exchanging the entire exim4-config package with + something custom comes particularly handy for sites + that have more than a few machines that are + similarly configured, but do not want to use the + original exim4-config package. Build your own + exim4-config-custom or exim4-config-foo, and simply + apt that package to the machines that need to have + that configuration. Future updates can then be + handled via the dpkg-conffile mechanism, properly + detecting local modifications. + + + In the future, it might be possible that Debian will + contain multiple flavours of Exim4 configuration. + However, these packages would have to be maintained + by someone else because the exim4 package + maintainers think that the scheme delivered with + exim4-config is the least of all evils and would + rather not spend the time to maintain multiple configuration + schemes while only actually using one. It would be + nice to have a configuration scheme using a + monolithic config file, managed by ucf in + three-way-merge mode. If anybody feels ready to + maintain it, please go ahead. + +
+
+
+
Using TLS +
Exim 4 as TLS/SSL client + + Both exim4-daemon-heavy and exim4-daemon-light support TLS/SSL + using the GnuTLS library and STARTTLS. Exim will use TLS + via STARTTLS automatically as client if + the server Exim connects to offers it. + + + This means that you will not need any special configuration if + you want to use TLS for outgoing mail. However, if your + server setup mandates the use of client certificates, you + need to amend your remote_smtp and/or remote_smtp_smarthost + transports with a tls_certificate option. This is not + commonly needed. + + + The certificate + presented by the remote host is not checked unless you + specify a tls_verify_certificate option on the transport. + + + To make exim send a TLS certificate to the remote host set + REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY or for + the remote_smtp_smarthost transport + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY + respectively. + + + TLS on connect is not natively supported. + +
+
Enabling TLS support for Exim as server + + You should have created certificates in + /etc/exim4/ either by hand or by usage of + the exim-gencert (which requires openssl). exim-gencert is + shipped in + /usr/share/doc/exim4-base/examples/ and + takes care of proper access privileges on the private key + file. + + + Now, enable TLS by setting the macro MAIN_TLS_ENABLE in a + local configuration file as described in . + + + After this configuration, Exim will advertise STARTTLS when + connected to on the normal SMTP ports. Some broken clients + (most prominent example being nearly all versions of Microsoft + Outlook and Outlook Express, and Incredimail) insist on doing + TLS on connect on Port 465. If you need to support these, set - SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid' ++ SMTPLISTENEROPTIONS='-oX 465:25 -oP /run/exim4/exim.pid' + in /etc/default/exim4 and + "tls_on_connect_ports=465" in the main configuration section. + + + The -oP is needed because Exim does not write an implicit pid + file if -oX is given. Without pid file, init script and cron + job will malfunction. + + - It might be appropriate to add "+tls_cipher +tls_peerdn" to ++ It might be appropriate to add "+tls_cipher" to + any log_selector statement you might already have, or to add a + log_selector statement setting these two options in a local - configuration file. These options have Exim log what cipher ++ configuration file. (For Debian's configuration simply define ++ the MAIN_LOG_SELECTOR macro.) ++ This option makes Exim log what cipher + your Exim and the peer's mailer have negotiated to use to - encrypt the transaction, and they have Exim log the - Distinguished Name of the peer's certificate. ++ encrypt the transaction. + + + Exim can be configured to ask a client for a certificate and to + try to verify it. Debian's exim configuration used to enable + this by default, but stopped doing so since it caused TLS errors + with a couple of popular clients (Outlook, Incredimail, etc.). + To enable this again set the macro MAIN_TLS_TRY_VERIFY_HOSTS to + the lists hosts whose certificates you want to check. (Use * to + try checking all hosts. The value of the macro is used to + populate exim's main option tls_try_verify_hosts.) You should + also point MAIN_TLS_VERIFY_CERTIFICATES to a file containing the + accepted certificates, since its default setting + (/etc/ssl/certs/ca-certificates.crt) can contain a large list of + certificates which causes the interoperabilty problems with + Outlook et.al. noted above. + + + The server certificate is only used for incoming connections, + please consult for the + corresponding outgoing conncection options. + +
+
Troubleshooting + + If Exim complains in an SMTP session that TLS is unavailable, + the Exim mainlog or paniclog frequently has exact information + about what might be wrong. Fo example, you might see + + + 2003-01-27 19:06:45 TLS error on connection from localhost [127.0.0.1] + (cert/key setup): Error while reading file) + + + showing that there has been an error while accessing the + certificate or the private key file. + + + Insuffient entropy available is a frequent cause of TLS + failures in Exim context. If Exim logs "not enough random bytes + available", or simply hangs silently when an encrypted + connection should be established, then Exim was + unable to read enough random data from + /dev/random to do whatever cryptographic + operation is requested. Please check that your + /dev/random device is setup properly. + + + You might also find "TLS error on connection to [...] + (gnutls_handshake): The Diffie-Hellman prime sent by the server is + not acceptable (not long enough)." given as reason. Exim by default + requires a DH prime length of 1024 bits. This requirement can be + downgraded by setting the tls_dh_min_bits option on the SMTP + transport. The setting is accessible in the Debian configuration by + setting the macro TLS_DH_MIN_BITS. (e.g. "TLS_DH_MIN_BITS = 768"). + +
+
+
SMTP-AUTH + + Exim can do SMTP AUTH both as a client and as a server. + + + AUTH PLAIN and AUTH LOGIN are disabled for connections which are + not protected by SSL/TLS per default. These authentication + methods use cleartext passwords, and allowing the + transmission of cleartext passwords on unencrypted connections + is a security risk. Therefore, the default configuration configures + Exim not to use and/or allow AUTH PLAIN and AUTH LOGIN over + unencrypted connections. + + + It is thus recommended to set up Exim to use TLS to encrypt + the connections. Please refer to for + documentation about this. Note that most Microsoft clients + need special handling for TLS. + +
Using Exim as SMTP-AUTH client + + If you want to set up Exim as SMTP AUTH client for delivery + to your internet access provider's smarthost put the name of + the server, your login and password in + /etc/exim4/passwd.client. See the man + page for exim4-config_files(5) for more information about the + required format. + + + If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted + connections because your service provider does support neither + TLS encryption nor the CRAM MD5 authentication method, you can + do so by setting the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro. + Please refer to for an explanation of + how best to do this. + + + /etc/exim4/passwd.client needs to be + readable for the exim user (user Debian-exim, group + Debian-exim). It is suggested that you keep the default + permissions root:Debian-exim 0640. + +
+
Using Exim as SMTP-AUTH server + + The configuration files include many, verbosely commented, + examples for server-side smtp-authentication which just need + to be uncommented. + + + If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted + connections because your clients neither support TLS encryption + nor the CRAM MD5 authentication method, you can do so by setting + the AUTH_SERVER_ALLOW_NOTLS_PASSWORDS macro. Please refer to + for an explanation of how best to + do this. + + + If you want to authenticate against system passwords (e.g. + /etc/shadow) the easiest way is to use + saslauthd in the Debian package sasl2-bin. You have to add the + exim-user (currently Debian-exim) to the sasl group, to give + exim permission to use the saslauthd service. + + + The Debian exim4 maintainers consider using system login + passwords a bad idea for the following reasons: + + + + A compromised password will give access to a system account. + + + + + E-Mail passwords could accidentally be transmitted unencrypted. + + + + + E-Mail passwords are likely to be stored with the + client software, which greatly increases the chance of a + compromise. + + + + +
+
+ +
How the Exim daemon is started + + The Debian Exim 4 packages' init script is located in + /etc/init.d/exim4. Apart from the + functions that are required by Debian policy and the LSB, it + supports the commands what, which executes + exiwhat to show what your Exim processes + are doing, and force_stop which + unconditionally kills all Exim processes. + + + The init script can be configured to start listening and/or + queue running daemons. This configuration can be found in + /etc/default/exim4. This file is + extensively documented. + +
+ +
Miscellaneous packaging issues +
The daily cron job + + Exim4's daily cron job + (/etc/cron.daily/exim4-base) + does basic housekeeping tasks: + + + + It reads /etc/default/exim4, so you + can use this file to change any of the variables used in + the cron job. + + + + + It is a no-op if no Exim4 binary is found. + + + + + If $E4BCD_DAILY_REPORT_TO is set + to a non-empty string, the output of eximstats is + mailed to the address given in that variable. The + default is empty, so no reports are sent. Options + for eximstats can be given in + $E4BCD_DAILY_REPORT_OPTIONS. + + + + + A non-empty paniclog is a nearly sure sign of bad + things going on. Thus, the cron job will send out + warning messages to the syslog and root if it finds + the panic log non-empty. + Please note that the paniclog is not rotated daily, + so existing issues will be reported daily until + either the paniclog is rotated due to its sheer + size, or you manually move it away, for example by + calling logrotate -f + /etc/logrotate.d/exim4-paniclog from a shell. + + + Just in case your system logs transient error + situations to the panic log as well (see, for + example, + Exim Bug 92), + you can configure + $E4BCD_PANICLOG_NOISE to a + regular expression. If the paniclog contains only + lines that match that regular expression, no warning + messages are generated. + + + If you want to disable paniclog monitoring + completely, set $E4BCD_WATCH_PANICLOG + to no. E4BCD_WATCH_PANICLOG=once will + rotate a non-empty paniclog automatically after sending out + the warning e-mail. ++ ++ ++ The E4BCD_PANICLOG_LINES setting can be ++ used to limit the number of lines of paniclog quoted in ++ warning email. It is set to 10 by default. + + + + + It tidies up the retry and hints databases. + + + + +
+
+ +
Using Exim with inetd/xinetd + + Exim4 is run as a separate daemon instead of inetd/xinetd for + two reasons: + + + Ease of maintenance: + + + update-inetd is difficult to impossible to handle + correctly (Just check the archived bug reports of Exim.) + and update-inetd seems to be unmaintained for a long + time, nobody dares to touch it. To quote Mark Baker, the + maintainer of Exim (v3): "I really wish I had never used + inetd in the first place, but simply set up exim to run + as a daemon, but it's too late to change that now." + + + + + Extended features + + + Running from inetd interferes with + Exim's resource controls (e.g it disables + smtp_accept_max_per_host and smtp_accept_max). + + + + + + + If you introduce bugs on your systems by running from (x)inetd + you are on your own! If you want to run exim from + xinetd, follow these steps: + + + + Disable Exim 4's listening daemon by executing + update-exim4defaults --queuerunner + queueonly + + + + + Create /etc/xinetd.d/exim4 + +service smtp +{ + disable = no + flags = NAMEINARGS + socket_type = stream + protocol = tcp + wait = no + user = Debian-exim + group = Debian-exim + server = /usr/sbin/exim4 + server_args = exim4 -bs +} + + + + + Run invoke-rc.d exim4 restart; invoke-rc.d +(x)inetd restart + + + + If you want to use plain inetd, insert following line into + /etc/inetd.conf: +smtp stream tcp nowait Debian-exim /usr/sbin/exim4 exim4 -bs + + +
+ +
Handling incoming mail for local accounts with low UID + + Since system accounts (mail, uucp, lp etc) are usually aliased + to root, and root's mailbox is usually read by a human, these + account names have started to be a common target for spammers. + The Debian Exim 4 packages have a mechanism to deal with this + situation. However, since this derives rather far from normal + behavior, it is disabled by default. + + + To enable it, set the macro FIRST_USER_ACCOUNT_UID to a numeric, + non-zero value. Incoming mail for local users that have a UID + lower than FIRST_USER_ACCOUNT_UID is rejected with the message "no + mail to system accounts". Incoming mail for local users that + have a UID greater or equal FIRST_USER_ACCOUNT_UID are processed as + usual. Therefore, the default value of 0 ensures that the + mechanism is disabled. On Debian systems, setting + FIRST_USER_ACCOUNT_UID to 500 or 1000 (depending on your local policy) + will disable incoming mail for system accounts. + + + Just in case that you need exceptions to the rule, - /etc/exim4/lowuid_aliases is an alias ++ /etc/exim4/lowuid-aliases is an alias + file that is only honored for local accounts with UID lower + than FIRST_USER_ACCOUNT_UID. If you define an alias for such an + account here, incoming mail is processed according to the + alias. If you alias the account to itself, messages are + delivered to the account itself, which is an exception to the + rule that messages for low-UID accounts are rejected. The - format of /etc/exim4/lowuid_aliases is ++ format of /etc/exim4/lowuid-aliases is + just another alias file. + +
+
How to bypass local routing specialities + - Sometimes, it might be desireable to be able to bypass local ++ Sometimes, it might be desirable to be able to bypass local + routing specialities like the alias file or a user-forward + file. This is possible in the Debian Exim4 packages by + prefixing the account name with "real-". For a local account + name "foo", "real-foo@hostname.example" will result in direct + delivery to foo's local Mailbox. + + + This feature is by default only available for locally + generated messages. If you want it to be accessible for + messages delivered from remote as well, set the Exim macro + COND_LOCAL_SUBMITTER to true. If you do not want this at all, + set the macro to false. Please note that the userforward + router uses this feature to get error messages delivered, i.e. + notifying the user of a syntax error in her + .forward file. + +
+
Using more complex deliveries from alias files + + Delivery to arbitrary files, directory or to pipes in the + /etc/aliases file is disabled by default + in the Debian Exim 4 packages. The delivery process including the + program being piped to would run as the exim admin-user + Debian-exim, which might open up security holes. + + + Invoking pipes from /etc/aliases file is + widely considered obsolete and deprecated. The Debian Exim + package maintainers would like to suggest using a dedicated + router/transport pair to invoke local processes for mail + processing. For example, the Debian mailman package contains a + /usr/share/doc/mailman/README.Exim4.Debian file + that gives a good example how to implement this. Using a + dedicated router/transport pair have the following advantages: + + + + The router/transport pair can be put in place by another + package, giving a well-defined transaction point between + Exim 4 and $PACKAGE. + + + + + Not allowing pipe deliveries from alias files makes it + harder to accidentally run programs with wrong + privileges. + + + + + It is possible to run different pipe processes under + different accounts. + + + + + Even if only invoking a single local program, it is easier + to do with your dedicated router/transport since you won't + need to change this file, making automatic updates of this + file possible for future versions of the Exim 4 packages. If + you do local changes here, dpkg conffile handling will + bother you on future updates. + + + + If you insist on using /etc/aliases in + the traditional way, you will need to activate the + respective functions by setting the transport options on the + system_aliases router appropriately. Macros are defined to make + this easier. See + +/etc/exim4/conf.d/router/400_exim4-config_system_aliases + for information about which macros are available. You might + find the address_file, address_pipe and/or address_directory + transports that are used for the userforward router helpful in + writing your own transports for use in the system_aliases router. + + + If any of your aliases expand to pipes or files or directories + you should set up a user and a group for these deliveries to run + under. You can do this by setting the "user" and - if necessary + - a "group" option and adding a "group" option if necessary. + Alternatively, you can specify "user" and/or "group" on the + transports that are used. + +
+ +
Putting Exim 4 and UUCP together + + UUCP is a traditional way to execute remote jobs (e.g. spool + mails), and as a lot of old things there are much more than one + way to do it. However, today, the ways to handle it have boiled + down to more or less two different ways. + + + Our recommendation is to use bsmtp/rsmtp wherever possible, + because it supports all kinds of mail addresses (also the empty + ones in bounces), and is also better from the security point of + view. + +
Sending mail via UUCP +
rmail with full addresses + + rmail is the oldest way to transfer mail to a remote system. + However, today it is normally required to use addresses with + full domains for that (Well, they look like any normal address + for you, and we do not tell about the other way to not confuse + you ;). If you want this, you can use this transport: + + +rmail: + debug_print = "T: rmail for $pipe_addresses" + driver=pipe + command = uux - -r -a$sender_address -gC $domain_data!rmail $pipe_addresses + return_fail_output + user=uucp + batch_max = 20 + + + However, all recipients are handled via the command line, so + you are discouraged to use it. + +
+
bsmtp/rsmtp + + This is a more efficient way to transfer mails. It works + like sending SMTP via a pipe, but instead of waiting for an + answer, the SMTP is just batched; from this is also the name + batched SMTP or short bsmtp. + + + Furthermore, this way won't fail on addresses like " + "@do.main. If you want this, please use this, if the remote + site uses rsmtp (e.g. is Exim 4): + + +rsmtp: + debug_print = "T: rsmtp for $pipe_addresses" + driver=pipe + command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!rsmtp + use_bsmtp + return_fail_output + user=uucp + batch_max = 100 + + + and this if it wants bsmtp as the command: + + +bsmtp: + debug_print = "T: bsmtp for $pipe_addresses" + driver=pipe + command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!bsmtp + use_bsmtp + return_fail_output + user=uucp + batch_max = 100 + + + Of course, these examples can be extended for e.g. + compression (but you can also use ssh for compression, if + you want). + +
+
The router + + You need a router to tell Exim 4 which mails to forward to + UUCP. You can use this one; please adopt the last line. Of + course, it is also possible to send mail via more than one way. + + +uucp_router: + debug_print = "R: uucp_router for $local_part@$domain" + driver=accept + require_files = +/usr/bin/uux + domains = wildlsearch;/etc/exim4/uucp + transport = rsmtp + + + The file /etc/exim4/uucp looks like: + + +*.do.main uucp.name.of.remote.side + +
+
Speaking UUCP with the smarthost + + If you have a leaf system (i.e. all your mail not for your + local system goes to a single remote system), you can just + forward all non-local mail to the remote UUCP system. In + this case, you can replace "domains = ..." with "domains = ! + +local_domains", but then you need also to replace + $domain_data in the transport by the UUCP-name of your + smarthost. The file /etc/exim4/uucp is + not needed in this case. + +
+
+
Receiving mail via UUCP +
Allow UUCP to use any envelope address + + Depending how much you trust your local users, you might use + trusted_users and add uucp to it or use + local_sender_retain=true and local_from_check=false. + +
+
If you get batched smtp + + Allow uucp to execute rsmtp via + +commands rmail rnews rsmtp + + in your /etc/uucp/sys, and ask the + sending site to use rsmtp (and not bsmtp) as the batched + command. + +
+
+
+
+ +
Updating from Exim 3 + + If you use exim4-config from Debian, you will + get the debconf based configuration scheme that is intended to + cover the majority of cases. + + + If exim4-config is installed while an Exim 3 + package is present on the system, + exim4-config tries to parse the Exim 3 config + file to determine the answers that were given to + eximconfig on Exim 3 installation. These + answers are then taken as default values for the debconf based + configuration process. Be warned! eximconfig + from the Exim 3 packages does not record the explicit answers + given on Exim 3 configuration. So we have to guess the answers + from the Exim 3 configuration file + /etc/exim/exim.conf, which is bound to fail + if the config file has been modified after using + eximconfig. + + + This is the reason why we refrained from doing a "silent update", but + only use the guessed answers to get reasonable defaults for our + debconf based configuration process. + + + Please note that we do not use the + exim_convert4r4 script, but try to configure + the Exim 4 package in the same way Exim 3 was. This will + hopefully aid future updates. + + + If you have used a customized Exim 3 configuration, you can of + course use exim_convert4r4, and install the + resulting file as /etc/exim4/exim4.conf + after careful inspection. Exim 4 will then use that file and + ignore the file that it generated from the debconf + configuration. To aid future updates, we do, however, encourage + you not to use the + exim_convert4r4-generated file verbatim but + instead drop appropriate configuration snippets in their + appropriate place in /etc/exim4/conf.d. + +
+
Misc Notes +
PAM + - PAM: On Debian systems the PAM modules run as the same user ++ On Debian systems the PAM modules run as the same user + as the calling program, so they cannot do anything you + could not do yourself, and in particular cannot access + /etc/shadow unless the user is in group + shadow. - If you want to use + /etc/shadow for Exim's SMTP AUTH you + will need to run exim as group shadow. Only + exim4-daemon-heavy is linked against libpam. We suggest using + saslauthd instead. + +
+
Account name restrictions + + In the default configuration, Exim cannot locally deliver + mail to accounts which have capitals in their name. This is + caused by the fact that Exim converts the local part of incoming - mail to lower case before the comparision done by the ++ mail to lower case before the comparison done by the + check_local_user directive in routers is done. + + + The router option caseful_local_part can be used to control + this, and we decided not to set this option in the Debian + configuration since it would be a rather big change to Exim's + default behavior. + +
+
No deliveries to root! + + No Exim 4 version released with any Debian OS can run + deliveries as root. If you don't redirect mail for root via + /etc/aliases to a nonprivileged + account, the mail will be delivered to + /var/mail/mail with permissions 0600 and + owner mail:mail. + + + This redirection is done by the mail4root router which + is last in the list and will thus catch mail for root that has not + been taken care of earlier. + +
+
Debugging maintainer and init scripts + + Most of the scripts that come with this Debian package do a + set -x if invoked with the environment + variable EX4DEBUG defined and non-zero. This is particularly + handy if you need to debug the maintainer scripts that are + invoked during package installation. Since dpkg redirects + stdout of maintainer scripts, calling dpkg with EX4DEBUG + set might yield interesting results. If in doubt, invoke + the maintainer scripts with EX4DEBUG set manually directly + from the command line. + +
+
SELinux + + There is no SELinux policy for Exim4 available so far. + Until this is resolved, users should use postfix or + sendmail if they intend to run SELinux. + + + The Debian Exim4 maintainers would appreciate if + somebody could write an SELinux policy. We will gladly + use them in the Debian packages as long as there is + somebody available to test, debug and support. + +
+
misc + + + + convert4r4 is installed as + /usr/sbin/exim_convert4r4. + + + + + The charset for $header_foo expansions defaults to + UTF-8 instead of ISO-8859-1. + + + + + + Marc Merlin's Exim 4 Page has a lot of ACL + examples. + + + + + For an example of Exim usage in a + large installation, see + Tony Finch's + +paper + about the Exim installation at University of Cambridge: + + + +
+
+
Debian modifications to the Exim source - - - - - Patches by Steve Haslam: - - - - boolean_redefine_protect - [src/mytypes.h] - Surround the definition of TRUE and FALSE macros with #ifndef - /#endif, in case some other header defines them (from mixing No - Perl and Exim, istr) - - - - - - Other stuff - - - - - - link exim dynamically against pcre. - - - - - The main binary is /usr/sbin/exim4: - - - - src/globals.c was changed to use 'US - BIN_DIRECTORY "/exim4"' as default for - exim_path. - - - - - changed default for $exim_path (modulo - lower/upper case) from BIN_DIRECTORY/exim to - BIN_DIRECTORY/exim4 in exicyclog.src, - exim_checkaccess.src, eximon.src, exinext.src, - exiqgrep.src, exiwhat.src. - - - - - OS/Makefile-Linux:EXIWHAT_MULTIKILL_ARG=exim4 - - - - - - - - localscan_dlopen - .patch: - Allow to use and switch between different local_scan ++ ++ ++ ++ Install the exim binary as /usr/sbin/exim4 instead of ++ /usr/sbin/exim-<version> with a symlink /usr/sbin/exim. Also ++ adapt the documentation. ++ ++ ++ ++ ++ Make the build reproducible. Pull date/time from debian/changelog ++ and use it as build time instead of using __DATE__. ++ ++ ++ ++ ++ Documentation updates ++ ++ ++ ++ ++ Mention how to install the Debian packaged perl-modules needed ++ for eximstats' graphs. ++ ++ ++ ++ ++ Add a warning about convert4r4. ++ ++ ++ ++ ++ Point to the ++ Debian-specific mailing list instead of ++ the official ++ exim-users list. ++ ++ ++ ++ ++ ++ ++ localscan_dlopen.patch: ++ This patch makes it possible to use and switch between ++ different local_scan + functions without recompiling Exim. Use + local_scan_path = /path/to/sharedobject to utilize + local_scan() in /path/to/sharedobject. - - - - - changes to the documentation to have the - Debian-specific mailing list mentioned where - the official - exim-users list is mentioned - - - - - - ++ ++ ++ +
+ +
Credits + + + Andreas + Barth + + UUCP documentation + + + + Dan Weber, Ryen Underwood + + inetd/xinetd documentation + + + + +
+ +
diff --cc debian/changelog index 64a8f55,0000000..cf8ba8d mode 100644,000000..100644 --- a/debian/changelog +++ b/debian/changelog @@@ -1,4694 -1,0 +1,5329 @@@ - exim4 (4.84.2-2+deb8u3) jessie; urgency=medium ++exim4 (4.89-2+deb9u4) stretch-security; urgency=high + - * 94_Fix-memory-leak-on-Gnu-TLS-close.patch from upstream exim-4_84_2+fixes - branch: Fix GnuTLS memory leak. (Thanks, Heiko Schlittermann!) - Closes: #845569 ++ * Non-maintainer upload by the Security Team. ++ * Fix remote command execution vulnerability (CVE-2019-10149) + - -- Andreas Metzler Mon, 02 Jan 2017 19:18:05 +0100 ++ -- Salvatore Bonaccorso Tue, 28 May 2019 22:13:55 +0200 + - exim4 (4.84.2-2+deb8u2) jessie-security; urgency=high ++exim4 (4.89-2+deb9u3) stretch-security; urgency=high + + * Non-maintainer upload by the Security Team. - * CVE-2016-9963: DKIM information leakage ++ * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000) + - -- Salvatore Bonaccorso Thu, 22 Dec 2016 12:17:01 +0100 ++ -- Salvatore Bonaccorso Sat, 10 Feb 2018 09:26:05 +0100 + - exim4 (4.84.2-2+deb8u1) jessie-security; urgency=high ++exim4 (4.89-2+deb9u2) stretch-security; urgency=high + + * Non-maintainer upload by the Security Team. ++ * Avoid release of store if there have been later allocations ++ (CVE-2017-16943) (Closes: #882648) ++ * Chunking: do not treat the first lonely dot special (CVE-2017-16944) ++ (Closes: #882671) + - [ Dominic Hargreaves ] - * eximstats: Remove . from @INC [CVE-2016-1238] - - -- Salvatore Bonaccorso Mon, 25 Jul 2016 20:10:44 +0200 - - exim4 (4.84.2-2) jessie; urgency=medium - - * 90_Cutthrough-Fix-bug-with-dot-only-line.patch: JH/38 Fix cutthrough bug - with body lines having a single dot. The dot was incorrectly not doubled - on cutthrough transmission, hence seen as a body-termination at the - receiving system - resulting in truncated mails. Commonly the sender saw - a TCP-level error, and retransmitted the nessage via the normal - store-and-forward channel. This could result in duplicates received - but - deduplicating mailstores were liable to retain only the initial truncated - version. - * 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch: Fix crash - on "exim -be '${if crypteq{xxx}{\$aaa}{yes}{no}}'". Closes: #812585 - * Improve on NEWS file. Closes: #818349 - * Add 89_01_p_Delay-chdir-until-we-opened-the-main-config.patch. Backport - 3de973a29de6852d61ba9bf1845835d08ca5a5ab (Delay chdir(/) until we opened - the main config) to actually make $initial_cwd expansion work. Also unfuzz - 89_02_Store-the-initial-working-directory.diff. - (Thanks, Серж ИвановЪ for bugreport and pointer to missing patch) Closes: - #818897, #826646 - - -- Andreas Metzler Sun, 12 Jun 2016 13:56:30 +0200 - - exim4 (4.84.2-1) jessie-security; urgency=high - - * New upstream security release. - + Fix CVE-2016-1531, a local privilege escalation issue when perl_startup - is used. - + New options keep_environment/add_environment which are empty by default, - i.e. any subprocesses start in a clean (empty) environment. - + -C requires an absolute path. - + Exim changes it's working directory to / right after startup. - * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new - options. Set "keep_environment =" by default to avoid a runtime warning. - Bump exim4-config Breaks to exim4-daemon-* (<< 4.84.2). - * 89_01_only_warn_on_nonempty_environment.diff, - 89_02_Store-the-initial-working-directory.diff: Upstream followups on the ++ -- Salvatore Bonaccorso Tue, 28 Nov 2017 22:58:00 +0100 ++ ++exim4 (4.89-2+deb9u1) stretch-security; urgency=medium ++ ++ * CVE-2017-100369 ++ ++ -- Wed, 14 Jun 2017 07:03:07 +0200 ++ ++exim4 (4.89-2) unstable; urgency=medium ++ ++ * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to ++ initscript (#844178). It breaks when the initscript does not start a ++ daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). ++ Closes: #860317 ++ * When reporting bugs also attach /etc/default/exim4 by default. ++ ++ -- Andreas Metzler Thu, 20 Apr 2017 17:14:04 +0200 ++ ++exim4 (4.89-1) unstable; urgency=medium ++ ++ * Enable inbound (server-side) proxying for -heavy. Closes: #856712 ++ * New upstream release, source identical to RC7. ++ ++ -- Andreas Metzler Thu, 09 Mar 2017 17:49:47 +0100 ++ ++exim4 (4.89~RC7-1) unstable; urgency=medium ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Wed, 01 Mar 2017 18:37:18 +0100 ++ ++exim4 (4.89~RC6-1) unstable; urgency=medium ++ ++ * Document E4BCD_PANICLOG_LINES in README.Debian. ++ * New upstream version. ++ ++ -- Andreas Metzler Thu, 23 Feb 2017 18:24:33 +0100 ++ ++exim4 (4.89~RC5-1) unstable; urgency=medium ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Mon, 13 Feb 2017 19:04:46 +0100 ++ ++exim4 (4.89~RC4-1) unstable; urgency=medium ++ ++ * New upstream version. ++ + Drop 92_CVE-2016-1238.diff. ++ * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile ++ while we are changing the init script. ++ ++ -- Andreas Metzler Sun, 12 Feb 2017 15:28:09 +0100 ++ ++exim4 (4.89~RC3-1) unstable; urgency=medium ++ ++ * New upstream version. ++ + Unfuzz 92_CVE-2016-1238.diff. ++ * init file: ++ + Source /etc/default/exim4 *before* defining the shell ++ variables holding the pidfilenames. Overriding these via ++ /etc/default/exim4 is not supported. ++ + Add missing support for reload when QUEUERUNNER='queueonly'. ++ + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way ++ $PIDFILE is used for the main exim process for all available QUEUERUNNER ++ choices. ++ + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd ++ interaction. systemd-sysv-generator uses this pseudoheader to set ++ PIDFile in the generated service file and it also sets ++ RemainAfterExit=no instead of yes if it is present. Thanks, Michael ++ Biebl for suggestion and explanation. Closes: #844178 ++ ++ -- Andreas Metzler Fri, 10 Feb 2017 19:08:52 +0100 ++ ++exim4 (4.89~RC2-1) unstable; urgency=medium ++ ++ * New upstream version. ++ + Drop 75_add_bak_spec.txt.diff. ++ ++ -- Andreas Metzler Sat, 04 Feb 2017 15:24:44 +0100 ++ ++exim4 (4.89~RC1-1) unstable; urgency=low ++ ++ * Refresh debian/upstream/signing-key.asc. ++ * New upstream bugfix release. ++ + Drop superfluous patches. ++ 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch ++ 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch ++ 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch ++ 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch ++ 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch ++ + Unfuzz 31_eximmanpage.dpatch and ++ 78_Disable-chunking-BDAT-by-default.patch. ++ + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc ++ tarball. ++ + Unfuzz debian/EDITME.exim4-*. ++ + Update debian/example.conf.md5. - Upstream typo fix. ++ ++ -- Andreas Metzler Tue, 31 Jan 2017 19:52:50 +0100 ++ ++exim4 (4.88-5) unstable; urgency=medium ++ ++ * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main ++ option chunking_advertise_hosts and smtp transport option ++ hosts_try_chunking from "*" to empty. ++ This is a Debian specific change, we are right before the freeze and BDAT ++ needs a little time. ++ ++ -- Andreas Metzler Thu, 19 Jan 2017 19:18:15 +0100 ++ ++exim4 (4.88-4) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Sat, 07 Jan 2017 14:38:00 +0100 ++ ++exim4 (4.88-3) experimental; urgency=medium ++ ++ * Pull multiple patches from upstream GIT: ++ + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, ++ 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch ++ + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch ++ + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch ++ + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch ++ (Thanks, Bart Noordervliet for the pointer) Closes: #850175 ++ ++ -- Andreas Metzler Fri, 06 Jan 2017 17:32:20 +0100 ++ ++exim4 (4.88-2) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Tue, 27 Dec 2016 17:36:29 +0100 ++ ++exim4 (4.88-1) experimental; urgency=medium ++ ++ * New upstream version. ++ * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to ++ testing. ++ * Drop 75_Fix-DKIM-information-leakage.patch. ++ ++ -- Andreas Metzler Sun, 25 Dec 2016 18:07:12 +0100 ++ ++exim4 (4.88~RC6-2) unstable; urgency=high ++ ++ * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA ++ physical line limit check for both for SMTP DATA ACL and remote_smtp* ++ transports. Closes: #828801 ++ Also update corresponding NEWS entry. ++ * [lintian] debian/changelog: s/lenght/length/ ++ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM ++ information leakage issue CVE-2016-9963. ++ ++ -- Andreas Metzler Thu, 22 Dec 2016 16:50:21 +0100 ++ ++exim4 (4.88~RC6-1) unstable; urgency=low ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Thu, 08 Dec 2016 07:19:18 +0100 ++ ++exim4 (4.88~RC5-1) unstable; urgency=low ++ ++ * New upstream version. ++ + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. ++ ++ -- Andreas Metzler Sat, 19 Nov 2016 17:43:51 +0100 ++ ++exim4 (4.88~RC4-2) unstable; urgency=low ++ ++ * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream ++ GIT to fix exim bug 1914 (exim doesn't close connection after quit. ++ * Upload to unstable. ++ ++ -- Andreas Metzler Sat, 12 Nov 2016 07:26:14 +0100 ++ ++exim4 (4.88~RC4-1) experimental; urgency=low ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Mon, 07 Nov 2016 19:08:47 +0100 ++ ++exim4 (4.88~RC3-1) experimental; urgency=medium ++ ++ * New upstream version. ++ Drop 75_01-Fix-check-for-commandline-macro-definition.patch ++ 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. ++ ++ -- Andreas Metzler Mon, 24 Oct 2016 19:25:31 +0200 ++ ++exim4 (4.88~RC2-3) experimental; urgency=medium ++ ++ * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on ++ every upgrade. ++ * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix ++ longstanding bug with aborted TLS server connection handling. Under ++ GnuTLS, when a session startup failed (eg because the client ++ disconnected) Exim did stdio operations after fclose. This was exposed by ++ a recent change which nulled out the file handle after the fclose. ++ ++ -- Andreas Metzler Sun, 23 Oct 2016 16:39:13 +0200 ++ ++exim4 (4.88~RC2-2) experimental; urgency=medium ++ ++ * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission ++ problems on commandline mail submission. Closes: #840355 ++ ++ -- Andreas Metzler Thu, 13 Oct 2016 19:25:07 +0200 ++ ++exim4 (4.88~RC2-1) experimental; urgency=low ++ ++ * New upstream version. ++ + Changed default Diffie-Hellman parameters to be Exim-specific, created ++ by Phil Pennock. Added RFC7919 DH primes as an alternative. ++ Closes: #839978 ++ * Set tls_dhparam = historic to use site-specific DH parameters. ++ * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in ++ -daemon postinst. ++ * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either ++ by running certtool or by installing ++ /usr/share/exim4/gnutls-params-2048. Do not try to use ++ openssl dhparam, it takes too long. ++ ++ -- Andreas Metzler Sun, 09 Oct 2016 17:37:08 +0200 ++ ++exim4 (4.88~RC1-1) experimental; urgency=low ++ ++ * Drop reference to removed (in 4.80-7) "what"-option in init script usage ++ message. (Thanks, Calum Mackay!) Closes: #823855 ++ * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] ++ Closes: #832442 ++ * [lintian] update-exim4.conf.8 - fix typo. ++ * [lintian] Drop unused override binaries-have-file-conflict. ++ * B-d on default-libmysqlclient-dev. ++ * New upstream version. ++ + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch ++ 50_localscan_dlopen.dpatch ++ + Drop superfluous patches. ++ 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch ++ 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch ++ 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch ++ 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch ++ + Fix crash in VRFY handling when handed an unqualified name ++ (lacking @domain). Apply the same qualification processing as RCPT. ++ Closes: #834699 ++ + Fix a possible security hole, wherein a process operating with the Exim ++ UID can gain a root shell. Credit to http://www.halfdog.net/ for ++ discovery and writeup. LP: #1580454 ++ * [lintian] exim4-config_files.5 - fix typo. ++ ++ -- Andreas Metzler Sun, 25 Sep 2016 15:44:00 +0200 ++ ++exim4 (4.87-3) unstable; urgency=medium ++ ++ * Pull multiple patches from upstream GIT: ++ + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch ++ Improved message on overlong lines in example config. ++ + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch ++ Fix race condition related to connection reuse. ++ https://bugs.exim.org/show_bug.cgi?id=1810 ++ + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch ++ 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch ++ Avoid exposing passwords in log on failing ldap lookup ++ expansion. https://bugs.exim.org/show_bug.cgi?id=165 ++ * Copy information message on rejecting overlong lines in data ACL from ++ upstream example configuration. Closes: #823418 ++ * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. ++ Closes: 821830 ++ ++ -- Andreas Metzler Sun, 08 May 2016 14:03:10 +0200 ++ ++exim4 (4.87-2) unstable; urgency=medium ++ ++ * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. ++ (Thanks, L. Guruprasad!) Closes: #821416 ++ * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS ++ connections (hosts_require_tls option) in remote_smtp_smarthost ++ transport. Closes: #822174 ++ * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It ++ is deprecated and will be removed in 4.88. ++ * README.Debian*: Fix minor issues found by lintian. ++ * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 ++ * Drop exim4-base Recommends on perl-modules. This had been unnecessary ++ since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. ++ ++ -- Andreas Metzler Sat, 30 Apr 2016 13:38:29 +0200 ++ ++exim4 (4.87-1) unstable; urgency=medium ++ ++ * Fix comment in ++ conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, ++ Jörg-Volker Peetz!) Closes: #819780 ++ * New upstream release. ++ ++ -- Andreas Metzler Thu, 07 Apr 2016 19:26:59 +0200 ++ ++exim4 (4.87~RC7-1) unstable; urgency=low ++ ++ * Enable SOCKS support in both -light and -heavy. Closes: #818091 ++ * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 ++ * New upstream version. ++ + Drop 74_Store-the-initial-working-directory.diff, ++ 75_String-expansions-fix-extract.patch, ++ 76_only_warn_on_nonempty_environment.diff. ++ + Update debian/example.conf.md5. ++ ++ -- Andreas Metzler Fri, 01 Apr 2016 19:04:07 +0200 ++ ++exim4 (4.87~RC6-3) unstable; urgency=medium ++ ++ * Merge changelog entries for 4.86.2-1 and -2. ++ * Upload to unstable. ++ * Add link to CVE details to latest NEWS entry and bump its version and date ++ to match this upload. Closes: #818349, #817244 ++ ++ -- Andreas Metzler Wed, 23 Mar 2016 18:44:22 +0100 ++ ++exim4 (4.87~RC6-2) experimental; urgency=medium ++ ++ * 74_Store-the-initial-working-directory.diff, ++ 76_only_warn_on_nonempty_environment.diff: Upstream followups on the + CVE fix (Thanks, Heiko Schlittermann!): + + Runtime warning is only generated if (and only if) keep_environment + is unset and environment is nonempty. + + Store the initial working directory and make it available in the new + expansion variable $initial_cwd. - * Add NEWS entry to warn of potential breakage. ++ * Merge all NEWS.Debian files into a single one, identical for all binary ++ packages. - Different NEWS files built from a single source package is not ++ and has not ever been supported by apt-listchanges which is the most ++ important frontend. ++ * Add a NEWS entry about the environment related runtime warning. ++ ++ -- Andreas Metzler Sat, 19 Mar 2016 18:11:32 +0100 ++ ++exim4 (4.87~RC6-1) experimental; urgency=medium ++ ++ * New upstream version. ++ * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing ++ ${extract } string expansion for the numeric/3-string case. (Bug was ++ introduced in 4.85.) ++ * Set keep_environment to empty value instead of setting a minimal PATH in ++ add_environment. ++ ++ -- Andreas Metzler Fri, 11 Mar 2016 19:50:07 +0100 ++ ++exim4 (4.87~RC5-2) experimental; urgency=medium ++ ++ * Update debian/upstream/signing-key.asc, using the keys listed in ++ ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds ++ Heiko Schlittermann's key. ++ * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 ++ ++ -- Andreas Metzler Sat, 05 Mar 2016 13:17:01 +0100 ++ ++exim4 (4.87~RC5-1) experimental; urgency=medium ++ ++ * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying ++ to grep in it. Closes: #814998 ++ * New upstream version, includes the patch for CVE-2016-1531. (Local root ++ exploit). ++ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new ++ options. If neither is used we use add_environment to set a minimal ++ PATH=/bin:/usr/bin to avoid a runtime warning. ++ ++ -- Andreas Metzler Wed, 02 Mar 2016 21:06:43 +0100 ++ ++exim4 (4.87~RC3-2) experimental; urgency=medium ++ ++ * README.Debian: Refer to Exim specification by chapter name instead of ++ chapter number. Closes: #813351 ++ * Fix some spelling errors found by lintian. ++ * Minor debian/rules cleanup: ++ + Restore originally intended behavior, upstream changelog is only ++ shipped in exim4-base, symlinks to it elsewhere. ++ + Drop workaround for #347577, fixed in debhelper 5.0.15. ++ + Use "dh binary-arch" and "dh binary-indep" and a bunch of override ++ targets instead of listing all dh-commands. While this is uglier and ++ slows things down a bit it shortens debian/rules by 40 lines and has the ++ huge benefit that we automatically use all suggested helpers in correct ++ order. ++ + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. ++ + Delete unused, commented code. ++ + Drop (exported) variable MTACONFLICTS, used only once. ++ * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. ++ * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. ++ ++ -- Andreas Metzler Sat, 13 Feb 2016 20:10:53 +0100 ++ ++exim4 (4.87~RC3-1) experimental; urgency=medium ++ ++ * Move Vcs-* from git/http to https. ++ * [lintian] README.Debian: s/desireable/desirable/. ++ * [lintian] README.Debian: Fix grammar error "allow + infinitive". ++ * [lintian] exim4-config.postinst: Use which foo > /dev/null ++ instead of [ -x /path/to/foo ]. ++ * Update list of patches in debian/README.Debian.xml ++ * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect ++ with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. ++ * New upstream version. ++ + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, ++ merge this change and drop CHECK_MAIL_HELO_ISSUED macro. ++ ++ -- Andreas Metzler Thu, 21 Jan 2016 17:44:00 +0100 ++ ++exim4 (4.87~RC2-1) experimental; urgency=medium ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Sat, 19 Dec 2015 17:51:39 +0100 ++ ++exim4 (4.87~RC1-1) experimental; urgency=medium ++ ++ * New upstream version. ++ + Refresh patches. ++ + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. ++ + Sync with upstream default configuration: Check maximum (physical, i.e. ++ before unfolding) line length in default spec file data ACL and smtp ++ transport. Bug 1684 Closes: #797919 ++ + HS/02 Add the Exim version string to the process info. This way exiwhat ++ gives some more detail about the running daemon. Closes: #240883 ++ * Override upstream's new default of tls_advertise_hosts = * if ++ MAIN_TLS_ENABLE is not set. ++ ++ -- Andreas Metzler Fri, 11 Dec 2015 20:15:30 +0100 ++ ++exim4 (4.86.2-2) unstable; urgency=high ++ ++ * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 ++ ++ -- Andreas Metzler Sat, 05 Mar 2016 13:07:31 +0100 ++ ++exim4 (4.86.2-1) unstable; urgency=high ++ ++ * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream ++ 4.86+fixes branch. ++ * New upstream security release for CVE-2016-1531. ++ + New options keep_environment/add_environment which are empty by default, ++ i.e. any subprocesses start in a clean (empty) environment. ++ + -C requires an absolute path. ++ + Exim changes it's working directory to / right after startup. ++ * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new ++ options. If neither is used we use add_environment to set a minimal ++ PATH=/bin:/usr/bin to avoid a runtime warning. ++ ++ -- Andreas Metzler Tue, 01 Mar 2016 19:34:39 +0100 ++ ++exim4 (4.86-7) unstable; urgency=medium ++ ++ * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 ++ * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from ++ exim-4_86+fixes branch fixes another MIME ACL related crash. ++ https://bugs.exim.org/show_bug.cgi?id=1730 ++ ++ -- Andreas Metzler Sat, 28 Nov 2015 18:45:31 +0100 ++ ++exim4 (4.86-6) unstable; urgency=medium ++ ++ * Cleanup (actual patch is identical): Use ++ 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from ++ exim-4_86+fixes branch instad of ++ 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. ++ * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, ++ DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 ++ ++ -- Andreas Metzler Sun, 08 Nov 2015 07:55:51 +0100 ++ ++exim4 (4.86-5) unstable; urgency=high ++ ++ * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT ++ head to avoid misaligned access in cached lookup. Closes: #803255 ++ ++ -- Andreas Metzler Tue, 03 Nov 2015 19:33:49 +0100 ++ ++exim4 (4.86-4) unstable; urgency=medium ++ ++ * Fix documentation of lowuid_aliases router, exceptions are in ++ CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) ++ Closes: #799672 ++ * fcron has been removed from Debian in 2011, stop listing it as an ++ alternative dependency of exim4-base (Thanks, Alexandre Detiste). ++ Closes: #798236 ++ * Update to upstream exim-4_86+fixes branch: ++ + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, ++ 76_Fix-post-transport-crash.patch, ++ 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, ++ 78_Close-logs-after-daemon-process-exceptional-write.patch. ++ + Add 75_0001-Fix-post-transport-crash.patch ++ 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch ++ 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch ++ 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch ++ 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch ++ 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch ++ * Use dh v9. ++ ++ -- Andreas Metzler Sat, 17 Oct 2015 15:01:01 +0200 ++ ++exim4 (4.86-3) unstable; urgency=medium ++ ++ * Pull three patches from upstream git: ++ + 75_Fix-ESMTP-MAIL-command-option-processing.patch: ++ Corrects handling of mail-addresses with whitespace. ++ ++ + 76_Fix-post-transport-crash.patch ++ 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch ++ ++ * Fix spelling error in copyright file. (Thanks, lintian) ++ * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from ++ upstream git, exim was keeping logfiles open after after a "too many ++ connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for ++ chasing this.) ++ * When saving the berkeley DB version at build-time pass -P option to cpp, ++ to prevent linebreaks. ++ ++ -- Andreas Metzler Tue, 25 Aug 2015 20:05:59 +0200 ++ ++exim4 (4.86-2) unstable; urgency=high ++ ++ * Update exim4-config Breaks, PRDR support is was moved from being ++ Experimental into the mainline with 4.83. ++ Closes: #794320 ++ ++ -- Andreas Metzler Sun, 02 Aug 2015 07:40:24 +0200 ++ ++exim4 (4.86-1) unstable; urgency=medium ++ ++ * New upstream version, identical to RC5 (except for the version string). ++ ++ -- Andreas Metzler Sun, 26 Jul 2015 18:35:33 +0200 ++ ++exim4 (4.86~RC5-1) unstable; urgency=medium ++ ++ * New upstream version. ++ + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. ++ ++ -- Andreas Metzler Sat, 18 Jul 2015 11:46:11 +0200 + - -- Andreas Metzler Sat, 12 Mar 2016 08:17:40 +0100 ++exim4 (4.86~RC4-2) unstable; urgency=medium + - exim4 (4.84-8+deb8u2) jessie; urgency=medium ++ * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 ++ * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, ++ 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, ++ 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, ++ 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), ++ transition from debian/upstream-signing-key.pgp to ++ debian/upstream/signing-key.asc. ++ * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update ++ exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then ++ properly fix the issue. Closes: #790616 + - * 87_Fix-transport-results-pipe-for-multiple-recipients-c.patch: Pull and - unfuzz bd21a78 from upstream GIT, to fix a bug causing duplicate - deliveries especially on TLS connections. Closes: #805576 ++ -- Andreas Metzler Sun, 05 Jul 2015 11:47:47 +0200 + - -- Andreas Metzler Sat, 21 Nov 2015 11:24:46 +0100 ++exim4 (4.86~RC4-1) unstable; urgency=medium + - exim4 (4.84-8+deb8u1) jessie; urgency=medium ++ * unexport/undefine TZ in debian/rules for reproducible build. It would be ++ used as default value for TIMEZONE_DEFAULT. ++ * New upstream version. ++ + Unfuzz 31_eximmanpage.dpatch. ++ ++ -- Andreas Metzler Mon, 29 Jun 2015 07:43:19 +0200 ++ ++exim4 (4.86~RC3-2) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Tue, 23 Jun 2015 19:11:19 +0200 ++ ++exim4 (4.86~RC3-1) experimental; urgency=medium ++ ++ * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug ++ 1166671. ++ * New upstream version. ++ ++ -- Andreas Metzler Mon, 22 Jun 2015 20:39:11 +0200 ++ ++exim4 (4.86~RC2-1) experimental; urgency=medium ++ ++ * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control ++ (Thanks, lintian). ++ * New upstream version: ++ +Drop included patches. ++ (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, ++ 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, ++ 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, ++ 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) ++ * Sync Debian config with upstream default config: ++ + Set prdr_enable. ++ + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to ++ log_selector option value. ++ ++ -- Andreas Metzler Wed, 17 Jun 2015 19:49:58 +0200 ++ ++exim4 (4.86~RC1-3) experimental; urgency=medium ++ ++ * Get time and date of latest debian/changelog entry and patch exim(on) to ++ use these instead of __DATE__ and __TIME__. ++ * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch ++ from GIT to fix FTBFS on kfreebsd. ++ ++ -- Andreas Metzler Sat, 13 Jun 2015 15:22:47 +0200 ++ ++exim4 (4.86~RC1-2) experimental; urgency=medium ++ ++ * Pull three post-release fixes from upstream GIT. (null pointer ++ derefencing, and spam scanning defaulting to rspam mode) ++ + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch ++ + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch ++ + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch ++ ++ -- Andreas Metzler Sun, 07 Jun 2015 07:26:13 +0200 ++ ++exim4 (4.86~RC1-1) experimental; urgency=medium ++ ++ * New upstream release. ++ + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, ++ refresh patches. ++ + Update EDITME*, enable AUTH_TLS for -heavy. ++ + Sync Debian config with upstream default config, rfc1413 calls are now ++ disabled by default. ++ + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 ++ + The spamd_address main option now supports an optional timeout value per ++ server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 ++ + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 ++ + log reason for defer, on a hostlist dns-lookup temporary error. ++ Closes: #670035 ++ ++ -- Andreas Metzler Sat, 06 Jun 2015 15:41:33 +0200 ++ ++exim4 (4.85-3) unstable; urgency=medium ++ ++ * Upload to unstable. ++ ++ -- Andreas Metzler Tue, 28 Apr 2015 19:34:16 +0200 ++ ++exim4 (4.85-2) experimental; urgency=medium + - * Pull 85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch - and 86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch from - upstream GIT to fixup more MIME ACL related crashes. (Thanks, Lutz - Preßler) Closes: #803562 ++ * Merge from unstable 4.84-8. ++ + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and ++ (<< ${source:Version}.1), at least source version, but not the next ++ sourceful upload. Closes: #777246 ++ + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from ++ upstream GIT which fixes breakage of string-expansion in headers_remove ++ commands. (Thanks Gordon Dickens, for the pointer.) - ++ 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added ++ here since it already part of 4.85. ++ ++ -- Andreas Metzler Sat, 21 Feb 2015 15:38:47 +0100 ++ ++exim4 (4.85-1) experimental; urgency=medium ++ ++ * exim4-config_files.5: Escape dots in regex. (Thanks, ael) ++ * New upstream version. ++ ++ -- Andreas Metzler Tue, 13 Jan 2015 18:48:45 +0100 ++ ++exim4 (4.85~RC4-1) experimental; urgency=medium ++ ++ * update-exim4.conf: ++ + Drop unused variable UPEX4C_internal_tmp. ++ + Use tempfile(1) if the generated file will not be written to ++ /var/lib/exim4/. ++ + Add --check option. ++ * init-script: On restart use update-exim4.conf --check before stopping the ++ daemon. (This is a no-op with systemd since its sysv compat layer ++ translates "foo restart" into "foo stop" "foo start" instead of using the ++ init scripts restart target.) ++ * Handle _RC in watchfile with uversionmangle. ++ * New upstream version. ++ + Stop repacking source, rfcs have been dropped. ++ ++ -- Andreas Metzler Wed, 31 Dec 2014 14:24:35 +0100 ++ ++exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium ++ ++ * New upstream version. ++ ++ -- Andreas Metzler Thu, 18 Dec 2014 19:07:59 +0100 ++ ++exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium ++ ++ * New upstream version. ++ * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff ++ 70_remove_exim-users_references.dpatch. ++ ++ -- Andreas Metzler Mon, 01 Dec 2014 18:54:17 +0100 ++ ++exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium ++ ++ * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop ++ neither expects a mbox-style From nor an empty line add the end. (Thanks, ++ Edward Betts) Closes: #769396 ++ * Change the init script's restart order from { regenerate_config; stop; ++ start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) ++ Closes: #768874 ++ * New upstream version. ++ + Unfuzz 66_enlarge-dh-parameters-size.dpatch ++ + Drop 80_mime_empty_charset.diff. ++ * Remove rfc from upstream source and repack it. + - -- Andreas Metzler Mon, 26 Oct 2015 17:42:16 +0100 ++ -- Andreas Metzler Tue, 18 Nov 2014 19:28:20 +0100 + +exim4 (4.84-8) unstable; urgency=medium + + * Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and + 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from + upstream GIT which fix breakage of string-expansion in headers_remove + commands. (Thanks Gordon Dickens, for the pointer.) + + -- Andreas Metzler Tue, 17 Feb 2015 18:00:42 +0100 + +exim4 (4.84-7) unstable; urgency=medium + + * Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and + (<< ${source:Version}.1), at least source version, but not the next + sourceful upload. Closes: #777246 + + -- Andreas Metzler Sat, 07 Feb 2015 15:12:33 +0100 + +exim4 (4.84-6) unstable; urgency=medium + + * Revert init script's restart order change in 4.84-4 for the time being. + This needs a slightly more involved change than I want to push into jessie + right now. + + -- Andreas Metzler Sun, 21 Dec 2014 14:07:12 +0100 + +exim4 (4.84-5) unstable; urgency=medium + + * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans + testsuite), extends the fix in 4.84-2. + + -- Andreas Metzler Wed, 17 Dec 2014 19:03:39 +0100 + +exim4 (4.84-4) unstable; urgency=medium + + * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop + neither expects a mbox-style From nor an empty line add the end. (Thanks, + Edward Betts) Closes: #769396 + * Change the init script's restart order from { regenerate_config; stop; + start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) + Closes: #768874 + * 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer overrun + with control characters in argument of spam= acl condition. + + + -- Andreas Metzler Sun, 30 Nov 2014 08:24:04 +0100 + +exim4 (4.84-3) unstable; urgency=medium + + * Apply patch to Italian (it) debconf template translation, thanks to + s3v . Closes: #764925 + * Let virtual package cron-daemon fulfill exim4-base's dependency now that + bcron provides it instead of "cron" and systemd-cron is fixed. + Closes: #765720 + + -- Andreas Metzler Sun, 19 Oct 2014 13:35:56 +0200 + +exim4 (4.84-2) unstable; urgency=high + + * Add 80_mime_empty_charset.diff from upstream GIT (the parts that change + the code, not the testsuite) to handle empty content-type charset. + + -- Andreas Metzler Fri, 29 Aug 2014 19:41:38 +0200 + +exim4 (4.84-1) unstable; urgency=medium + + * New upstream release. + + -- Andreas Metzler Thu, 14 Aug 2014 19:33:01 +0200 + +exim4 (4.84~RC2-1) unstable; urgency=medium + + * New upstream release candidate. + + -- Andreas Metzler Sat, 09 Aug 2014 07:42:00 +0200 + +exim4 (4.84~RC1-3) unstable; urgency=medium + + * Third try. Simply comment *custom* in debian/control. + + -- Andreas Metzler Sat, 02 Aug 2014 09:29:13 +0200 + +exim4 (4.84~RC1-2) unstable; urgency=medium + + * Re-upload, after manually removing *custom* from the changes file to avoid + false detection of NEW packages due to the changes in the archive + infrastructure related source-only uploads. + + -- Andreas Metzler Sat, 02 Aug 2014 08:14:54 +0200 + +exim4 (4.84~RC1-1) unstable; urgency=medium + + * New upstream release candidate, fixing a regression in the MIME handling + code. + + -- Andreas Metzler Sat, 02 Aug 2014 07:45:26 +0200 + +exim4 (4.83-2) unstable; urgency=medium + + * Upload to unstable. + + -- Andreas Metzler Sat, 26 Jul 2014 09:25:15 +0200 + +exim4 (4.83-1) experimental; urgency=medium + + * New upstream release which includes the fix for CVE-2014-2972. + + -- Andreas Metzler Wed, 23 Jul 2014 08:13:22 +0200 + +exim4 (4.83~RC3-1) experimental; urgency=medium + + * New upstream release candidate. + + -- Andreas Metzler Tue, 08 Jul 2014 19:07:52 +0200 + +exim4 (4.83~RC2-1) experimental; urgency=medium + + * New upstream release candidate. + + JH/26 Port service names are now accepted for tls_on_connect_ports, to + align with daemon_smtp_ports. Bug 72. Closes: #316441 + + + -- Andreas Metzler Fri, 06 Jun 2014 19:11:24 +0200 + +exim4 (4.83~RC1-1) experimental; urgency=medium + + * New upstream feature release candidate. + + JH/06 Log outbound-TLS and port details, subject to log selectors, for a + failed delivery. Closes: #712987 + * Unfuzz 31_eximmanpage.dpatch and 50_localscan_dlopen.dpatch. + * Drop superfluous patches: 75_unbind-ldap-connection.diff + 76_fix_ldap_option_setting.diff 77_close-the-server-side-of-TLS.diff + 80_fix_ftbfs_hurd.diff + * Since exim4-base currently only includes daily cronjobs let anacron + fulfill the dependency, too. Systems with missing recommends (anacron + recommends cron) that are *not* restarted regularily will therefore not + run the cron-job regularily. Exim should not break horribly in this case + and we can assume the local system administrator knows what (s)he is doing + by disabling installation of recommends. (Policy: "[...] packages that + would be found together with this one in all but unusual installations") + Closes: #733929 + + -- Andreas Metzler Thu, 29 May 2014 13:09:04 +0200 + +exim4 (4.82.1-2) unstable; urgency=high + + * [87_double_expansion.diff] from upstream. Stop unwanted double expansion + of arguments to mathematical comparison operations. CVE-2014-2972 + + -- Andreas Metzler Sun, 20 Jul 2014 19:05:48 +0200 + +exim4 (4.82.1-1) unstable; urgency=high + + * New upstream security release, fixing CVE-2014-2957. This is a remote + code execution flaw in Exim version 4.82 (only) when built with DMARC + support. Debian's binary packages are not built with DMARC support and + therefore not vulnerable. However we want to fix this for people building + their own binaries based on Debian's packaging. + + -- Andreas Metzler Wed, 28 May 2014 19:01:43 +0200 + +exim4 (4.82-8) unstable; urgency=medium + + * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against + GnuTLS v3. + + -- Andreas Metzler Sat, 12 Apr 2014 16:19:05 +0200 + +exim4 (4.82-7) unstable; urgency=high + + [ Martin Pitt ] + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. Closes: #740092 + + [ Andreas Metzler ] + * 4.82 deprecated $tls_bits, $tls_certificate_verified, $tls_cipher, + $tls_peerdn, $tls_sni and introduced tls_in_*/tls_out_* variants of these + variables which describe the respective status of the current incoming or + outgoing TLS connection. The rationale for this is that a single exim + process can now use both an incoming (message reception) and outgoing + TLS connection (callout or cutthrough delivery) concurrently. With this + change the "old" variables were mapped to tls_in_*, i.e. they expand to + empty values on outgoing connections. (This is not yet documented.) + Outgoing tls-connections can therefore not be detected by nonempty + $tls_cipher anymore. exim4-config << 4.82 used this mechanism to prevent + sending of plaintext AUTH information on unencrypted connections. Force a + lockstep upgrade of exim4-config by bumping the version of exim4-base's + dependency on exim4-config to >= 4.82. + Closes: #742901, #736081 + + -- Andreas Metzler Sun, 06 Apr 2014 08:32:11 +0200 + +exim4 (4.82-6) experimental; urgency=medium + + [ Martin Pitt ] + * debian/tests/control: Add missing python test dependency, as + debian/tests/security calls python. Closes: #740092 + + [ Andreas Metzler ] + * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against + GnuTLS v3. + + -- Andreas Metzler Sat, 05 Apr 2014 14:18:11 +0200 + +exim4 (4.82-5) unstable; urgency=medium + + * Upgrade to libdb5.3-dev. Closes: #738637 Be paranoid and bump BDBVERSION + in exim4-base.postinst from 3.0 (no idea why this did not read 5.1) to + 5.3, therefore purging hints db on upgrades. + + -- Andreas Metzler Wed, 12 Feb 2014 19:31:55 +0100 + +exim4 (4.82-4) unstable; urgency=medium + + * Correct title/name of exim4-config_files(5). (Thanks, Heiko Schlittermann) + Closes: #734212 + * 80_fix_ftbfs_hurd.diff by Samuel Thibault fixes FTBFS on GNU/hurd due to + missing support for TCLASS. Closes: #738445 + * Add debian/upstream-signing-key.pgp (listed in + debian/source/include-binaries) and update watchfile to check + upstream signature. + + -- Andreas Metzler Sun, 09 Feb 2014 19:41:34 +0100 + +exim4 (4.82-3) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Wed, 27 Nov 2013 19:51:26 +0100 + +exim4 (4.82-2) experimental; urgency=low + + * Pull two post-release fixes from upstream git master: + + 75_unbind-ldap-connection.diff - Only unbind ldap connection if bind + succeeded. + + 77_close-the-server-side-of-TLS.diff - Correctly close the server side + of TLS when forking for delivery. + * Pull 76_fix_ldap_option_setting.diff from Todd Lyons testing tree. See + . + + -- Andreas Metzler Sat, 09 Nov 2013 17:24:59 +0100 + +exim4 (4.82-1) experimental; urgency=low + + * New upstream stable release. + * Drop exim4-config_files.5 symlinks for local_host_whitelist and + local_sender_whitelist, add symlinks for host_local_deny_exceptions and + sender_local_deny_exceptions instead. Closes: #661365 + + -- Andreas Metzler Sat, 09 Nov 2013 11:52:58 +0100 + +exim4 (4.82~rc5-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Sat, 26 Oct 2013 08:50:58 +0200 + +exim4 (4.82~rc3-1) experimental; urgency=low + + * New upstream version. + + TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard + Hall. + + TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors + looking up a hostname or reverse DNS when processing a host list. Used + suggestions from multiple comments on this bug. + + TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. + * Add macros for sending a client certificate on outgoing TLS connections. + (REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY, + REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY) + Closes: #677826 + + -- Andreas Metzler Sat, 12 Oct 2013 09:30:28 +0200 + +exim4 (4.82~rc2-1) experimental; urgency=low + + * exim-gencert: Generate 2048bit key by default. LP: #1200581 + * New upstream version. + + Drop 80_addmanuallybuiltdocs.diff + + -- Andreas Metzler Thu, 03 Oct 2013 19:24:59 +0200 + +exim4 (4.82~rc1-1) experimental; urgency=low + + * New upstream version. + + TL/02 Add +smtp_confirmation as a default logging option. + Closes: #649600 + + JH/05 Permit multiple router/transport headers_add/remove lines. + Closes: #276126 + + See /usr/share/doc/exim4-base/NewStuff.gz for other newly added + features. + * Upload to experimental. + * Drop unnecessary patches (30_dontoverridecflags.dpatch + 75_openssl_sni.diff 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff + 78_pkcs11_init.diff 84_CVE-2012-5671.patch 85_server_set_id_SPA.diff + 86_Dovecot-robustness.diff 87_localinjected_mimeacl.diff), unfuzz patches. + * Applying upstream's default configuration updates to Debian configuration + change 30_exim4-config_examples to use tls_in_cipher/tls_out_cipher + instead of tls_out_cipher. - exim4-config therefore Breaks + exim daemon << 4.82~rc1. + * 80_addmanuallybuiltdocs.diff: Upstream rc tarball ships empty filter.txt + and spec.txt, replace these with correct handbuilt versions. + + -- Andreas Metzler Sun, 29 Sep 2013 14:43:25 +0200 + +exim4 (4.80-9) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Sat, 14 Sep 2013 08:05:18 +0200 + +exim4 (4.80-8) experimental; urgency=low + + * Import updated watchfile by Bart Martens. (Handles more compression types + and x.y.revision versioning.) + * In initscript invoke pidofproc with a pathname argument as it is + documented in LSB and required by lsb-base (>= 4.1+Debian9). + Closes: #693696, #718871 + * Improve exim4-config_files.5 and README.Debian - Warn about unresolvable + items in host lists. Closes: #627988 + * Drop support for "/etc/init.d/exim4 what". It offers zero benefit to + invoking exiwhat directly and throws an error mesage, too. (Thanks Regid + Ichira for the diagnosis.) Closes: #643720 + * Set "host_find_failed = ignore" (instead of defer) on smarthost and + hub_user_smarthost router. Now if one (of the possibly multiple) listed + smarthosts is not resolvable (NXDOMAIN) ignores it and and tries the next + listed one. If all listed hosts are unresolvable the mail is still + defered, since host_all_ignored is set to defer by default. Therefore the + behavior does not change for single-smarthost systems. Closes: #658878 + * Remove obsolete conffile /etc/cron.monthly/exim4-base which was only + shipped in 4.69-3. Closes: #689334 + * Update exim_db.8, syncing against spec.txt from exim 4.80. + * 87_localinjected_mimeacl.diff from upstream GIT. When injecting a message + locally in non-SMTP mode, and with MIME ACLs configured, if the ACL + rejected the message, Exim would try to `fprintf(NULL, "%s", + the_message)`. This fixes that. + * [lintian] Escape some dashes in exim4-config_files.5. + * Point vcs-* to anonscm. + * Remove pidfile after stopping the daemon, exim does not remove it itself. + Closes: #702988 + * eu.po: Fix last reference to /usr/share/doc/exim4-base/README.Debian + (without either .html or .gz suffix). Closes: #394975 + * Merge autopkgtests from Ubuntu (Thanks Yolanda Robla for the pointer) + Closes: #710018 + + tests/CVE-2010-4344.py is GPLv2 - Add license header. + + tests/daemon and tests/security do not use bashisms, change shebang + to /bin/sh. + * Upload to experimental, due to perl transition. + + -- Andreas Metzler Sun, 01 Sep 2013 15:58:49 +0200 + +exim4 (4.80-7) unstable; urgency=low + + * Use exim's ${quote:xxx} operator when invoking spfquery to disallow + bypassing of SPF validation by using special mailbox names. (Thanks to + Lekensteyn for diagnosis and testing.) Closes: #697057 + + -- Andreas Metzler Wed, 02 Jan 2013 19:37:21 +0100 + +exim4 (4.80-6) unstable; urgency=low + + * Cherrypick two changes from GIT: + + 85_server_set_id_SPA.diff: server_set_id was not stored in + $authenticated_id when using SPA authentication. + http://article.gmane.org/gmane.mail.exim.user/92181 + + 86_Dovecot-robustness.diff: robustness fixes for the Dovecot + authenticator. + + -- Andreas Metzler Wed, 21 Nov 2012 19:08:53 +0100 + +exim4 (4.80-5.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling. + + -- Nico Golde Thu, 25 Oct 2012 20:11:11 +0200 + +exim4 (4.80-5) unstable; urgency=low + + * Fix grammar error in debian/manpages/exim4-config_files.5. (Thanks, + Regid Ichira) + * Fix hardening support. (Thanks, Simon Ruderich) + + Append $(CPPFLAGS) to CFLAGS, the exim buildsystem does not use it. + + Set LFLAGS += $(LDFLAGS) in debian/rules. + Closes: #687645 + * Correct typo in Russian debconf translation. (Thanks, Krasu) + Closes: #683385 + * Point Vcs-* to git repository. + + -- Andreas Metzler Sun, 23 Sep 2012 12:20:16 +0200 + +exim4 (4.80-4) unstable; urgency=low + + * Disable autoloading of PKCS#11 modules. Closes: #678238 + + -- Andreas Metzler Sat, 23 Jun 2012 18:35:03 +0200 + +exim4 (4.80-3) unstable; urgency=low + + * Pull 75_openssl_sni.diff from upstream. - Segfault caused by NULL + dereference if Exim is built using OpenSSL, tls_sni is used and a + forced expansion failure is configured. + * Pull 76_tls_dh_min_bits.diff (and the corresponding doc change + 77_docsfortls_dh_min_bits.diff) from upstream. Adds a new SMTP transport + option tls_dh_min_bits for setting the minimal size of DH parameters. + * Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport + option. Closes: #676563 + * [lintian] Stop shipping empty directory /usr/share/exim4 in exim4-base. + + -- Andreas Metzler Fri, 08 Jun 2012 12:37:05 +0200 + +exim4 (4.80-2) unstable; urgency=low + + * [Brown paper bag] actually target unstable in changelog. + + -- Andreas Metzler Sun, 03 Jun 2012 17:24:05 +0200 + +exim4 (4.80-1) experimental; urgency=low + + * New upstream version, identical to rc7. + * Add a missing piece of documentation to update-exim4.conf.8. DCreadhost + is not only used for rewriting, in satellite setup it is also + the host where local mail is delivered to. (Thanks, Regid Ichira). + Closes: #675712 + + -- Andreas Metzler Sun, 03 Jun 2012 16:49:51 +0200 + +exim4 (4.80~rc7-1) experimental; urgency=low + + * New upstream version. + * Let debian/EDITME.openssl.exim4-light.diff apply again. + + -- Andreas Metzler Tue, 29 May 2012 19:33:07 +0200 + +exim4 (4.80~rc6-1) experimental; urgency=low + + * Ship newly available GnuTLS-FAQ.txt in exim4-base. + * Upstream's handling of GnuTLS DH parameters has changed, hardcoded + parameters (from RFCs are used by default. See + /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping + /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl + and /var/spool/exim4/gnutls-params-2236. + + -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 + +exim4 (4.80~rc5-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 24 May 2012 20:20:24 +0200 + +exim4 (4.80~rc4-1) experimental; urgency=low + + * New upstream version. + + Unfuzz 50_localscan_dlopen.dpatch + + Drop 80_revert_stringformatprintf.diff, superseded upstream. + + Default DH param size switched to 2236 for NSS compat. Update + generation script and shipped parameters. + + -- Andreas Metzler Mon, 21 May 2012 20:00:18 +0200 + +exim4 (4.80~rc2-1) experimental; urgency=low + + * Fix typo in retry/30_exim4-config (s/frequenzy/frequency/) (Thanks, Regid + Ichira). Closes: #646338 + * dpkg-buildflags supersedes hardening-wrapper. set + DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie to use features enabled + by hardening-wrapper by default. Make sure to always set -Wall. + * List mapppings between debconf choices ("mail sent by smarthost; no local + mail" et al.) and corresponding values of the DC_eximconfig_configtype + macro in update-exim4.conf(8). Closes: #651883 + * README.Debian.*: Correct documentation of the lowuid_aliases router. - The + macro is named FIRST_USER_ACCOUNT_UID instead of FIRST_USER_UID. (Thanks, + Yubao Liu) Closes: #653058 + * add more verbose help to /etc/default/exim4. Closes: #653272 + * Updated French debconf templates translation. (thanks for proofreading, + debian-l10n-french!) Closes: #668475 + * Fix typo usualy in update-exim4.conf.8. + * Add source lintian override (debian/source/lintian-overrides) for + binaries-have-file-conflict exim4-daemon-heavy-dbg exim4-daemon-light-dbg. + *-daemon-dbg depends on the respective -daemon, and the daemon-packages + conflict with each other. + * New upstream version: + + Unfuzz patches + + Update 66_enlarge-dh-parameters-size.dpatch. This is now a noop if built + against gnutls >= 2.12. + + Default DH param size is 2432, update generation script and shipped + parameters. + + Unfuzz/update */EDITME/*. Update debian/example.conf.md5. + + 80_revert_stringformatprintf.diff. Do not mark string_format() as + PRINTF_FUNCTION(3,4) to allow compilation with -Wformat + -Werror=format-security + + Sets accept_8bitmime = true by default. Closes: #445013 + + Uses GnuTLS priority string for configuration. (See NEWS.Debian) + Closes: #624041 + + -- Andreas Metzler Sun, 20 May 2012 15:57:15 +0200 + +exim4 (4.77-1) unstable; urgency=low + + * Fix typo in exim4-config_files.5. (Thanks, Regid Ichira) Closes: #645283 + * New upstream stable release. (No major changes compared to rc4) + * Upload to unstable. + + -- Andreas Metzler Sat, 22 Oct 2011 18:00:11 +0200 + +exim4 (4.77~rc4-1) experimental; urgency=low + + * New upstream release candidate. + + drop patches included in this release. + (80_gnutls_certificate_verify_peers2.diff 80_gnutls_initrc.diff + 80_TLS1.2-and-TLS1.1-support.diff) + + New expansion conditions, "inlist", "inlisti". + + Exim no longer performs string expansion on the second string of + the match_* expansion conditions: "match_address", "match_domain", + "match_ip" & "match_local_part". Named lists can still be used. The + previous behavior made it too easy to create (remotely) vulnerable + configurations. A more detailed rationale and explanation can be found + on + https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html + + doc/pcrepattern.txt is not shipped anymore as part of the exim tarball + (and therefore the Debian package suite.) + * Make use of /usr/share/dpkg/buildflags.mk if available. + * Change build system to build each binary variant in a separate copy of + the source tree instead of re-using the copy and moving away the results + after build. The old approach stopped working since upstream added a + dependency on make all to make install. - As we were changing parts of + tree (Local/Makefile) after the build this caused an (incorrect) rebuild + on make install. + + -- Andreas Metzler Sat, 08 Oct 2011 13:07:35 +0200 + +exim4 (4.76-4) experimental; urgency=low + + * 80_TLS1.2-and-TLS1.1-support.diff (pulled from upstream GIT gnutls_fixes + branch): Enable TLS1.2 and TLS1.1 + * 80_gnutls_certificate_verify_peers2.diff, 80_gnutls_initrc.diff (pulled + from upstream GIT gnutls_fixes branch): Use + gnutls_certificate_verify_peers2() instead of + gnutls_certificate_verify_peers(). The deprecated function was dropped in + GnuTLS 3.x. Closes: #624082 + + -- Andreas Metzler Sat, 24 Sep 2011 18:36:08 +0200 + +exim4 (4.76-3) unstable; urgency=low + + * [exim4-base.cron.daily] Correct invocation of mail(1), options need to be + specified before arguments for compatibility with heirloom-mailx (Thanks, + Andreas Schiweck). Closes: #629314 + * [exim4-base.exim4.init] Use echo instead of log_failure_msg for the panic + log warning. Closes: #629610 + * [exim4-base.postinst] Also take care of ratelimit db on bdbd upgrades. + Closes: #630985 + * Update Debian exim webpage URL. Closes: #641126 + * Do not run upgrade test for 4.67-5 on exim4.conf.template if split config + is used and vice versa. Closes: #577633 + * [lintian] Do not specify priority in binary package stanzas, unless it + deviates from the source package priority setting. + * [lintian] Drop unused lintian override binary-without-manpage + usr/sbin/exim. + * [lintian] Improve on short descriptions of *-dbg packages. + + -- Andreas Metzler Sun, 18 Sep 2011 11:49:13 +0200 + +exim4 (4.76-2) unstable; urgency=low + + * debian/rules: Remove test/ and test-stamp on clean. + * Handle BerkeleyDB upgrades more gracefully. Instead of checking Debian + version numbers compare DB-version of old exim (stored by postinst in + /var/lib/exim4/berkeleydbvers.txt) with currently used DB-version + (hardcoded at build time in exim4-base.postinst). + * [exim4-base.postinst exim4-config.postinst] Do away with unnecessary + chowns by dropping them or limiting to upgrades from 4.30. + + -- Andreas Metzler Sun, 29 May 2011 18:21:03 +0200 + +exim4 (4.76-1) unstable; urgency=low + + * New upstream version. + * Drop 80_match_isinlist.diff (included upstream). + + -- Andreas Metzler Mon, 09 May 2011 19:12:09 +0200 + +exim4 (4.76~RC1-3) experimental; urgency=low + + * 80_match_isinlist.diff pulled from upstream git. + + -- Andreas Metzler Sun, 08 May 2011 14:44:20 +0200 + +exim4 (4.76~RC1-2) experimental; urgency=low + + * Fix testsuite error. + * Disable verification of DKIM signatures if DC_minimaldns or the (newly + added) DISABLE_DKIM_VERIFY macro are set. Closes: #609764 + * [lintian] Drop useless comments from debian/watch. + + -- Andreas Metzler Sun, 08 May 2011 08:58:24 +0200 + +exim4 (4.76~RC1-1) experimental; urgency=low + + * New upstream version. + * Drop superfluous patches. 80_ldap_require_cert-work.diff + 81_negatebool.diff 82_dkimpercent.diff + * [Lintian] Fix grammar error in manpage (spelling-error-in-manpage + update-exim4defaults.8.gz allows to allows one to). + * [debian/minimaltest]: Added. Try to run a minimal functionality test after + building exim. (Currently only supported if the build-system has a + Debian-exim user.) + + -- Andreas Metzler Fri, 06 May 2011 20:27:56 +0200 + +exim4 (4.75-3) unstable; urgency=high + + * [debian/rules] Fix dependencies and targets, speeding up package build. + Previously everything was compiled twice. + * Patches pulled from upstream git: + +81_negatebool.diff Negating the $bool expansion condition did not work. + +82_dkimpercent.diff dkim sig logged to paniclog. Closes: #624670 + (CVE-2011-1764) + + -- Andreas Metzler Fri, 06 May 2011 20:08:51 +0200 + +exim4 (4.75-2) unstable; urgency=low + + * clamav socket on Debian is clamd:/var/run/clamav/clamd.ctl, fix + configuration example accordingly. (Thanks, Roman V. Nikolaev) + Closes: #622111 + * Use on libdb5.1-dev (instead of 4.8), zap hints db on upgrade from <= + 4.75-1. Closes: #621388 + * Enable hardening options. (Last difference to Ubuntu except for not being + the default-mta there.) Closes: #542726 + + -- Andreas Metzler Sat, 16 Apr 2011 14:45:36 +0200 + +exim4 (4.75-1) unstable; urgency=low + + * New upstream version. + * 80_ldap_require_cert-work.diff Pulled from upstream git. The new + ldap_require_cert option would segfault if used. + + -- Andreas Metzler Mon, 28 Mar 2011 19:24:55 +0200 + +exim4 (4.75~rc3-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Thu, 03 Mar 2011 19:10:06 +0100 + +exim4 (4.75~rc2-1) experimental; urgency=low + + * New upstream version. + + Fixes exiqgrep "Line mismatch" error on messages without size info. + Closes: #528625 + + Restore default SIGPIPE handler for child_open_uid. Closes: #573779 + * Enable verbose compilation. + + -- Andreas Metzler Sun, 27 Feb 2011 11:59:45 +0100 + +exim4 (4.74-2) unstable; urgency=low + + * Upload to unstable. + + -- Andreas Metzler Thu, 24 Feb 2011 19:02:07 +0100 + +exim4 (4.74-1) experimental; urgency=low + + * 4.74 release, should build on hurd again. + * Fix some lintian --pedantic issues: copyright-refers-to-symlink-license + maintainer-script-without-set-e debian-control-has-unusual-field-spacing + + -- Andreas Metzler Sat, 29 Jan 2011 15:39:51 +0100 + +exim4 (4.74~rc2-1) experimental; urgency=low + + * In spf example use spf-tools-perl's spfquery instead of the one from + libmail-spf-query-perl. Do not try to use unimplemented best-guess + support. Update Suggests accordingly. Closes: #608336 + * Add headers in ACL by using the add_header modifier instead of "message". + (This modifier has been available since 4.61.) Closes: #609308 + * New upstream version. + + includes the fix for CVE-2011-0017 + + If a non-debug daemon was invoked with a non-whitelisted macro, then + logs from after attempting delivery would be silently lost, including + for successful delivery. This log-loss bug was introduced in 4.73 + as part of the security lockdown. Closes: #610611 + + Update some patches. + + -- Andreas Metzler Sun, 23 Jan 2011 14:02:36 +0100 + +exim4 (4.73~rc1-1) experimental; urgency=low + + * New upstream release candidate. + * Drop included patches. 80_4.73rc1_*, 40_dkimnotinpaniclog.diff. + * Update 31_eximmanpage.dpatch. + * exim4 now uses INSTREAM (added in clamav 0.95) instead of STREAM when + talking to clamav. exim4-daemon-heavy therefore Breaks: clamav-daemon + (<< 0.95). + * Unfuzz EDITME*diff. + * Dependency changes: + + Drop exim4-config's conflicts with bash (<< 2.05). This was relevant + pre-sarge. + + Drop exim4-daemon-* dependency on exim4-base (>> 4.71-2). This one is + superfluous because of of the dependency on + exim4-base (>= ${Upstream-Version}). + + exim4-config breaks instead of conflicts with pre-DKIM (i.e. << 4.69.1) + exim4-daemon. + + exim4-base breaks instead of conflicts with <<${Upstream-Version} daemon + packages. + * Add Vcs-Svn and Vcs-Browser fields to debian/control. + * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of + libmysqlclient15-dev. libmysqlclient-dev is not a virtual package + anymore. Closes: #590218 + * Use db_settitle unconditionally, even etch supports this. Drop unneeded + lintian override exim4-config: settitle-requires-versioned-depends. + + -- Andreas Metzler Mon, 27 Dec 2010 19:48:19 +0100 + +exim4 (4.72-6) unstable; urgency=high + + * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges + were dropped. This fixes a regression from 4.72-2, it was not possible to + test filter files with exim4 -bf anymore. Closes: #611572 + + -- Andreas Metzler Mon, 31 Jan 2011 19:05:48 +0100 + +exim4 (4.72-5) unstable; urgency=medium + + * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug + daemon was invoked with a non-whitelisted macro, then logs from after + attempting delivery would be silently lost, including for successful + delivery. This log-loss bug was introduced as part of the security + lockdown for fixing CVE-2010-4345. Closes: #610611 + + -- Andreas Metzler Sat, 29 Jan 2011 14:33:36 +0100 + +exim4 (4.72-4) unstable; urgency=medium + + * In spf example use spf-tools-perl's spfquery instead of the one from + libmail-spf-query-perl. Do not try to use unimplemented best-guess + support. Update Suggests accordingly. Closes: #608336 + * 80_4.74_CVE-2011-0017.patch (Pulled from upstream git): Check return + values of setgid/setuid. This is a privilege escalation vulnerability + whereby the Exim run-time user can cause root to append content of the + attacker's choosing to arbitrary files. + + -- Andreas Metzler Sat, 22 Jan 2011 17:48:19 +0100 + +exim4 (4.72-3) unstable; urgency=low + + * [README.Debian*] Correct command for manual paniclog rotation. (Thanks, + Jörg Sommer) Closes: #602188 + * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts. + This would not work with ALT_CONFIG_PREFIX. + * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1. + Closes: #606527 + + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by + the Exim user or group. + + 2_permcheck_configurefile: Check configure file permissions even for + non-default files if still privileged. + + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option, + effectively making it always true. + + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the + daemon, to ensure that rogue child processes cannot use them. + + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option. + + 6_nonroot_system_filter_user: If the system filter needs to be run as + root, let that be explicitly configured. The default is now the Exim + run-time user. + + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values + for the -D option. + + 8_updatedocumentation: Update documentation to reflect the changes. + * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim + will not regain root privileges (usually necessary for local delivery) if + the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are + exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING. + * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch + 3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges + (usually necessary for local delivery) if the -C option was used. This + makes it impossible to start a fully functional damon with an alternate + configuration file. /etc/exim4/trusted_configs (can) contain a list of + filenames (one per line, full path given) to which this restriction does + not apply. + + -- Andreas Metzler Sun, 26 Dec 2010 15:13:08 +0100 + +exim4 (4.72-2) unstable; urgency=low + + [ Marc Haber ] + * Apply patch to russian (ru) debconf template, thanks to Тим + Алексеевский and Tim Alexeevsky. Closes: #576202 + * fix exim4-config_files man page, mention + {host|sender}_local_deny_exceptions instead of + local_{host|sender}_whitelist. Thanks to Fabien André in #578176 + * add !acl = acl_local_deny_exceptions to defer stanzas in SPF code. + Thanks to Fabien André. Closes: #578176 + * Re-work config.autogenerated header to more exactly reflect + configuration source. (mh) Closes: #593984 + + [ Andreas Metzler ] + * Fix getopt invocation to make update-exim4.conf.template -o work. (Thank + you Matthew W. S. Bell) Closes: #590333 + * 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging + non-critical DKIM errors in paniclog. Closes: #567876 + * Debconf translations: + - Danish. Closes: #592792 + + -- Andreas Metzler Sat, 30 Oct 2010 13:38:26 +0200 + +exim4 (4.72-1) unstable; urgency=low + + * New upstream release. (Identical to the git snapshot previously + uploaded to experimental.) + + -- Andreas Metzler Thu, 03 Jun 2010 17:42:52 +0200 + +exim4 (4.72~20100529-1) experimental; urgency=low + + * Git snapshot 20100529. + + Fix documentation for exipick -bpra. #574778 + + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp. + (Debian's default configuration does not use MBX format, but the + exim4-daemon-heavy binary supports MBX.) + + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory. + (Probably not relevant for Debian systems at all, since the mail spool + is 2775 root:mail.) + + Dovecot authenticator ignores unknown keywords, making it compatible + with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0). + See Changelog for complete list. + * Drop patches included upstream: 36_typoinexipick.diff + 20_PDKIM-Upgrade-PolarSSL.diff. + + -- Andreas Metzler Sun, 30 May 2010 14:01:52 +0200 + +exim4 (4.71-4) unstable; urgency=low + + * Drop unneeded lintian overrides. + + description-contains-homepage + + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg. + + partially-translated-question + + maintainer-script-needs-depends-on-update-inetd + + possible-bashism-in-maintainer-script + + binary-without-manpage + + possible-debconf-note-abuse + + changelog-not-compressed-with-max-compression + * Lintian informational hints: + + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5 + debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8 + * Use dh_lintian. + * Fix sourcing of lsb-functions in init-script. Test for existence of + /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions. + If they are not present the package's dependencies are not installed. + Bump dependency on lsb-base to 3.0-6. (log_action_*) + * Update reference to spec.txt in README.Debian. Closes: #568051 + * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different + implementations of spfquery in Debian, with incompatible commandline + switches and different exit codes. Closes: #573956 + + -- Andreas Metzler Thu, 25 Mar 2010 17:34:30 +0100 + +exim4 (4.71-3) unstable; urgency=low + + * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles. + Closes: #501892 + * exim4-base.postinst: If exim_dumpdb fails to read a hints-db also remove + Berkeley DB logfiles. + * Switch to Berkeley DB 4.8 (from 4.6). Zap hints db on upgrade. Temporarily + make -daemon packages depend on exim4-base >> 4.71-2. (This can be removed + after the next upstream release.) + Closes: #548479 + * control: Drop bzip2 from Build-Depends. Use line-wrapping for + Build-Depends. + * 36_typoinexipick.diff: Fix a typo in exipick manpage. (Lintian). + * exim4-base.postinst: Redirect status message to stderr. + + -- Andreas Metzler Fri, 01 Jan 2010 13:41:44 +0100 + +exim4 (4.71-2) unstable; urgency=low + + * Pulled from upstream: 20_PDKIM-Upgrade-PolarSSL.diff. Update files copied + from PolarSSL to 0.12.1. + * Add example file to set smarthost from /etc/network/interfaces (mh) + * Add DKIM_* macros on remote smtp transports for setting the corresponding + dkim_* options. + * Upload to unstable. + + -- Andreas Metzler Sat, 12 Dec 2009 13:24:21 +0100 + +exim4 (4.71-1) experimental; urgency=low + + * New upstream version. + + Drop patches included upstream. 51_dkimrelatedcrash.diff + 51_noreject_unsigned.diff. + + -- Andreas Metzler Sat, 28 Nov 2009 12:03:50 +0100 + +exim4 (4.70-2) experimental; urgency=low + + * 51_noreject_unsigned.diff Fix a dkim related expansion error that appears + when the expanded value of dkim_verify_signers winds up empty and + acl_smtp_dkim is defined. (This has the effect of rejecting any mail + without DKIM signature.) + * Work around 490937 by removing CHANGES. + + -- Andreas Metzler Sat, 21 Nov 2009 10:15:41 +0100 + +exim4 (4.70-1) experimental; urgency=low + + * Point watchfile to ftp.exim.org. + * Use dpkg-source v3 instead of dpatch, simplifying debian/rules a little + bit. + * New upstream version. + + Pull 51_dkimrelatedcrash.diff fixing a segfault only applying to the + 4.7x series. http://bugs.exim.org/show_bug.cgi?id=912 + * debhelper v7 mode. + + Use -XCHANGES to Keep dh_installchangelogs v7 from insisting to install + ./CHANGES as upstream changelog. + + Bump build-dependency. + + Use dh_prep instead of dh_clean -k. + + -- Andreas Metzler Sun, 15 Nov 2009 13:10:32 +0100 + +exim4 (4.70~rc4-1) experimental; urgency=low + + * New upstream version. + + -- Andreas Metzler Wed, 11 Nov 2009 19:04:35 +0100 + +exim4 (4.70~cvs+20091030-1) experimental; urgency=low + + * New upstream snapshot. + + -- Andreas Metzler Sat, 31 Oct 2009 10:08:55 +0100 + +exim4 (4.70~cvs+20091026-1) experimental; urgency=low + + * New snapshot. + + Fixes segfault in dovecot authenticator. Closes: #551106 + + Improved documentation regarding certifacte verification on outgoing + SMTP connections. Closes: #544472 + * Drop 40_boolean_redefine_protect.dpatch - included upstream. + * Drop unapplied superfluous patches from diff: 36_pcre 37_exiwhatpsmisc. + + -- Andreas Metzler Mon, 26 Oct 2009 16:09:32 +0100 + +exim4 (4.70~cvs+20091017-1) experimental; urgency=low + + * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert) + * New upstream cvs snapshot. + + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc. + + Close dovecot socket after wrong password was given. Closes: #515503 + + Standalone DKIM support. Obsoletes and therefore + Closes: #486437,#459883 + * Drop upstream URL from package descriptions. Closes: #471425 + * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable + has 1.16. Closes: #486436. + * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients + (e.g Outlook) will terminate the SSL connection when the server presents + the long list of accepted TLS certificates after STARTTLS. If TLS + certificate validation of clients is needed you'll need to set + MAIN_TLS_TRY_VERIFY_HOSTS again and point MAIN_TLS_VERIFY_CERTIFICATES to + a file containing only the accepted certificates. + Closes: #515999, #316522, #482012 + * Add debian/README.source. (Policy 3.8.3) + * Fix typo in update-exim4.conf.8. + Thanks to Calum Mackay. Closes: #543354 + * Listen on IPv6 loopback interface by default. (Only applies to fresh + installations.) Closes: #544292 + * upstream default configure file explicitly disables dkim in some + instances. Merge into Debian config and update debian/example.conf.md5. + Bump Conflicts of exim4-config package. + + -- Andreas Metzler Sat, 17 Oct 2009 14:26:54 +0200 + +exim4 (4.69-11) unstable; urgency=medium + + * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy + package currently, and due its strict dependencies uninstallable until + the most recent version of lynx-cur has been built.) + * Work around sed's improved unicode support, not accepting latin1 + characters as pattern delimiters in UTF-8 locales anymore. Closes: #527445 + + [update-exim4.conf] Go for / as separator instead. - This might have + served a purpose in earlier releases with free-form replacements but is + just overcomplicated now. + + [update-exim4defaults]: The tricky bits for exim options are the + ones that take a filename as argument (e.g. -C and -oX) or -D for + overriding macros. Use LC_CTYPE=C. + + [exim4-config.config] The sed commands deals with (lists of) hostnames + and IP(v6) addresses and nets. Use LC_CTYPE=C. + + -- Andreas Metzler Sun, 10 May 2009 10:15:34 +0200 + +exim4 (4.69-10) unstable; urgency=low + + [ Andreas Metzler ] + * Use macro CONFDIR in lowuid_aliases router, too. Closes: #507124 + * Disable shell filename expansion in update-exim4.conf using set -f. + Closes: #515668 + * Stop using set -u in update-exim4.conf. With version 4.0 bash changed its + behavior to throw an error on expansion of $* or $@ with set -u if no + positional parameters were given. Working around this is obnoxious and + harms readability, imho doing away with set -u's benefits. Closes: #518752 + * Allow setting outgoing smtp helo/ehlo by setting + REMOTE_SMTP_HELO_DATA macro directly. Previously this was just supposed + to be used as a helper macro for REMOTE_SMTP_HELO_FROM_DNS. + REMOTE_SMTP_HELO_FROM_DNS overrides a manual REMOTE_SMTP_HELO_DATA data + setting. Closes: #514113 + * [README.Debian] Bring documentation for Diffie-Hellman parameters up to + current practice, mainly by deleting most of the outdated docs. + Closes: #508749 + * [exim4 init-script]. Modify check for smtp inetd entry to use an anchored + pattern, matching "smtp" but not "smtp-foo". Closes: #516146 + * exim4-daemon-light now Provides: default-mta. See #508644. + * Ship both transport-filter.pl and ratelimit.pl in + /usr/share/doc/exim4-base/examples. Closes: #518836 + * [lintian] Add ${misc:Depends} to all Depends. + * [lintian] Add override for dbg-package-missing-depends exim4-dbg. + * Sync debian/control with override file by moving *-dbg to section debug. + * Fix grammar error in update-exim4.conf.8. (Thank's, Gerfried Fuchs) + Closes: #525248 + + [ Christian Perrier ] + * Debconf translations: + - Asturian. Closes: #511624 + - Belarusian. Closes: #516049 + - Kazakh added. Closes: #520996 + - Slovak. Closes: #523447 + - Bengali added. + + -- Andreas Metzler Sat, 02 May 2009 09:05:56 +0200 + +exim4 (4.69-9) unstable; urgency=medium + + * [update-exim4.conf]: Use POSIX character classes [:alnum:] or explicit + listing ("ABCDEF..") instead of a-z, since the latter does not work as + expected in some locales. Closes: #500691 + + -- Andreas Metzler Tue, 30 Sep 2008 20:12:27 +0200 + +exim4 (4.69-8) unstable; urgency=low + + [ Andreas Metzler ] + * Quote last n lines (configurable by changing the value of + E4BCD_PANICLOG_LINES, defaults to 10) of paniclog in warning + email sent out on non-empty paniclog. Closes: #499492 + * Fix evaluation logic of E4BCD_WATCH_PANICLOG for sending out warning + e-mails about non-empty paniclog in daily cron-job to match documentation: + + yes: Send daily warning e-mails, do not touch panniclog. + + once: Send out the mail and rotate paniclog afterwards. + + no: Do nothing. (Logfile is rotated when its size reaches 10 MB.) + (Previously the interpretations of "once" and yes were mixed up.) + + [ Debconf translations ] + * Catalan. Closes: #499299 + + -- Andreas Metzler Sun, 28 Sep 2008 12:01:39 +0200 + +exim4 (4.69-7) unstable; urgency=low + + [ Andreas Metzler ] + * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in + README.Debian.xml. + + [ Debconf translations ] + * Korean. Closes: #491518 + * Lithuanian. Closes: #497402 + * Greek. Closes: #498466 + * Esperanto. Closes: #498796 + + -- Andreas Metzler Tue, 16 Sep 2008 19:14:08 +0200 + +exim4 (4.69-6) unstable; urgency=high + + [ Debconf translations ] + * Malayalam. Closes: #479466 + * Albanian. Closes: #480282 + * Polish. Closes: #481638 + * Vietnamese. Closes: #482641 + * Turkish. Closes: #482714 + * Brazilian Portuguese. Closes: #485384 + * Finnish. Closes: #489171 + + [ Marc Haber ] + * Have timeout.pl print a meaningful error message if perl-modules + is not installed. Have exim4-base recommend perl-modules. + Thanks to Tom Schouten. Closes: #482319 + * Create gnutls-params with mode 644 in the first place. + Thanks to Jean-Luc Coulon. Closes: #481765 + * Replace ~/.rnd with $HOME/.rnd in exim_gencerts. Thanks to + Ross Boylan for noticing this. + * exim4-config.config: send hostname --fqdn stderr to /dev/null, + we handle errors properly. Thanks to Andrew Vaughan in #481597. + + [ Andreas Metzler ] + * Fix typos/other errors in README.Debian.xml. Improve formatting. + (Thank's Georg Neis and Paul Menzel) Closes: #486105, #486106, #486116 + * Revert fancy quoting in initscript. Closes: #486667,#482752 + (fixes rc-bugs). + * [debian/control README.Debian.xml] Spelling fix ("metapackage" instead of + "meta-package"). Thank's lintian + + -- Andreas Metzler Sat, 19 Jul 2008 19:56:36 +0200 + +exim4 (4.69-5) unstable; urgency=low + + * remove chmod/chown code from exim4_refresh_gnutls-params completely + * do not remove gnutls-params in exim4-base.postinst + + -- Marc Haber Mon, 28 Apr 2008 21:46:18 +0200 + +exim4 (4.69-4) unstable; urgency=low + + * update-exim4.conf: Fix impossible code path in guessed_name check. Ouch. + Thanks to Anand Kumria. Closes: #478066 + * Regenerating the 2048 bits DH parameters takes too long for slow + systems, disable (both in the monthly cron job and postinst) and + document that paranoid people will want to regenerate them manually. + + -- Marc Haber Sun, 27 Apr 2008 10:06:39 +0200 + +exim4 (4.69-3) unstable; urgency=low + + * The "please do not file duplicate bugs" release + + [ Marc Haber ] + * Work around lsb-base regression (#477055, "wontfix") by changing + the way we quote exim's arguments in the init script, hoping that + this does not sacrifice robustness. + Closes: #477194, #477236, #477239, #477258, #477562, #476987 + * README.Debian.xml: Fix router/transport pair typo. + Thanks to Georg Neis. Closes: #463573 + * Have exim4-base Suggest swaks + * Relax exim4-dbg dependency on eximon4 to a recommends (see #463929). + * 30_exim4-config_check_rcp: Remove mention of /usr/share/doc/exim4- + config/default_acl in favor of exim4-config_files(5). + Thanks to Jon Dowland. Closes: #464539 + * Move paniclog log rotation to /etc/logrotate.d/exim4-paniclog to + allow people to manually rotate the paniclog only by calling + logrotate -f /etc/logrotate.d/exim4-paniclog. Thanks to Josip Rodin + (#396003) for this nice idea. Implement E4BCD_WATCH_PANICLOG=once + as suggested by Vasilis Vasaitis. + * activate dlfunc. Closes: #471314 + * set LC_ALL=C in debian/rules. Thanks to Michael Meskes. Closes: #471486 + * Document that Incredimail's TLS "implementation" breaks on a + certificate request. Thanks to Andrew McGlashan. Closes: #459323 + * Fix parenthesis mismatch in README.Debian + * exim4_refresh_gnutls-params: Call openssh dhparam with + HOME=$EXIM4_SPOOLDIR so that openssl's .rnd file is placed there. + * update-exim4.conf: print a warning if dc_minimaldns and hostname + --fqdn does not print a fully qualified name. Thanks to Lothar + Ketterer. Closes: #476249 + * DH parameters handling: Closes: #475194 + * add dpatch to have exim use 2048 bit DH parameters + * ship static gnutls-params file with the package. + * Override resulting lintian warning. + * generate new gnutls-params only monthly and in postinst on configure. + * exim4_refresh_gnutls-params: + * generate 2048 bit DH parameters + * dh-params file can be world readable + * Filter out noise from mainlog before handing it off to eximstats + in daily cron job. Thanks to Justin Pryzby. Closes: #476541 + * Move docs from Apps/Net to Network/Communication + * linda R.I.P. + + [ Robert Millan ] + * Process acl_local_deny_exceptions ACL before rejecting a message in SPF + check. Thanks to Miklos Szeredi. Closes: #451633 + + [ Andreas Metzler ] + * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks, + Filipus Klutiero) Closes: #471113 + * exiwhat: Check at runtime whether killall is available. Fall back to a + combination of 'ps ax' and regular kill otherwise. + Closes: #476455 + * Fix wrong logic in testing for existence of lsb-base functions in init + script. (Thanks, Tim Cross) Closes: #477578 + + -- Marc Haber Sat, 26 Apr 2008 00:00:30 +0200 + +exim4 (4.69-2) unstable; urgency=low + + [ Marc Haber ] + * update-exim4.conf: fix bashism echo -n in preprocess_macro. + Thanks to Michal Politowski. Closes: #462173 + + [ Christian Perrier ] + * Debconf translations updates: + - German. Thanks to Eric Schanze. Closes: #462673 + + [Andreas Metzler] + * Add missing .P to exim_db.8 to fix indenting. (Thanks, David L. Anselmi) + Closes: #462712 + * Add (disabled) patch to save random seed to a file + + -- Marc Haber Wed, 30 Jan 2008 09:26:56 +0100 + +exim4 (4.69-1) unstable; urgency=low + + [ Marc Haber ] + * New upstream version. + - improve --help handling. Closes: 438435 + * Debconf translations updates: + - Dutch. Thanks to Bart Cornelis. Closes: #448924 + - Norwegian BokmÃ¥l. Thanks to Hans Fredrik Nordhaug. Closes: #452383 + - Slovak. Thanks to Peter Mann. Closes: #460502 + - Catalan: fix some semicolon issues and most obvious fuzzy strings. + Thanks to Jordà Polo. Closes: #447765. + * Add support for smtp_accept_max_nonmail_hosts to ease external + relay testing. + * Make Change to init script dependencies as suggested by Petter + Reinholdtsen. Closes: #460229 + * debian/control: + * Add Homepage field to Source Package stanza. + * Standards-Version: 3.7.3 (no changes necessary) + * lintian/overrides: + - Override all description-contains-homepage messages, + we're going to keep this field around until post-lenny. + - Override exim4-daemon-heavy: package-contains-empty-directory + usr/lib/exim4/local_scan/, the directory should be there to show + people where to put local extensions (and I am not sure how exim + behaves if that directory is not there). + * linda/overrides: + - Override menu section Applications, which is a false alert. + - Override complaint about newer standards version. + - This override does not work due to #386647 + * exim4-base.NEWS: fix Debian's typo + * exim4-base.dirs: remove usr/bin, we do not ship any files there. + * Generate exim macros from every definition found in ue4cc that + starts with a capital letter (sans CFILEMODE) to cater for an + obviously very common user error. This feature is going to stay + undocumented. + + [ Christian Perrier ] + * Debconf translations updates: + - Dzongkha. Thanks to Tenzin Dendup. Closes: #455871 + - Slovak. Thanks to Peter Mann. Closes: #460502 + + [ Andreas Metzler ] + * Fix typo in acl/20_exim4-config_local_deny_exceptions. (Thanks, Roderick + Schertler) Closes: #456343 + + -- Marc Haber Tue, 22 Jan 2008 09:19:14 +0100 + +exim4 (4.68-2) unstable; urgency=low + + [ Marc Haber ] + * Fix changelog: lowuid router does not close #420217. Closes: #440217 + + [ Andreas Metzler ] + * Mention /etc/exim4/exim4.conf in FILES section of update-exim4.conf.8. + * Fix syntax error in real-local router. Closes: #446346 + * Configuring exim as configtype="internet host" asks a different set of + questions than e.g. satellite. However some of the settings controlled by + these hidden questions still have effects on exim's behavior. Change + exim4-config to ask these hidden questions if they have been set to a + non-default value. (Either manually, or by switching configtype after + setting the values.) Closes: #443210 + These questions have been added conditionally: + - internet site with smarthost: + + dc_relay_domains + - satellite + + dc_relay_domains + + dc_localdelivery + + -- Marc Haber Thu, 01 Nov 2007 19:17:36 +0100 + +exim4 (4.68-1) unstable; urgency=low + + * new upstream version. Closes: #444195 + * Documents tls_verify_hosts during TLS sessions. Closes: #422419 + * new example.conf md5 sum + * Move lowuid router to a later place, handle real- only for + locally generated messages. Thanks to Andreas Metzler and others + on pkg-exim4-devel. Closes: #440217 + * /etc/init.d/exim4: + * Use start_daemon and killproc from lsb-base + as a new plunge at #396944 + * Do not clean the environment as severly as before (functions + need to survive). + * README.Debian: + * Document that using client certificates needs extra + configuration. Thanks to John Goerzen. Closes: #440663 + * conf.d/main/03_exim4-config_tlsoptions: Make it clear that this + file only concerns exim as an SMTP server. + * exim4-config.preinst: Add EX4DEBUG facility, add rm_conffile + function + * Rename acl_whitelist_local_deny to acl_local_deny_exceptions + as suggested by Ross Boylan. Closes: #387078. + * Switch Build-Depends to db4.6. Closes: #442645 + * Debconf translations updates: + - Portuguese. Thanks to Miguel Figueiredo. Closes: #441895, #445494 + - Norwegian Nynorsk. Thanks to HÃ¥vard Korsvoll. + * exim4-config.NEWS: Explicitly mention that .dpkg-old and + .dpkg-dist files are included in the DEBCONFsomethingDEBCONF check to + allow lazy people to only grep the docs instead of actually reading + them. This was requested by Hamish Moffatt in #445327. + + -- Marc Haber Sun, 07 Oct 2007 21:38:22 +0200 + +exim4 (4.67-8) unstable; urgency=low + + [ Marc Haber ] + * Define REMOTE_SMTP_HELO_DATA and REMOTE_SMTP_HELO_FROM_DNS macros + to have exim pull its HELO name from DNS automatically. + Thanks to Jari Aalto and Magnus Holmgren. Closes: #275975 + * Enable DNSDB in exim4-daemon-light (needed by the HELO magic) + * update-exim4.conf: Allow [] in ascii strings (needed for @[]) + * Improve domain literal docs + * Remove debconf template noalias_regenerate + * Fix PRIMARY_HOSTNAME typo in main/02_exim4-config_options. + Thanks to Tim Krah. Closes: #434337 + * fix alphabet salad in README.Debian. Closes: #434640 + * Add E4BCD_DAILY_REPORT_TO to daily cron job. + Thanks to Florian Schlichting. Closes: #426840 + * Fix /etc/exim paths in exim4-config_files(5). + Thanks to Marques Johansson. + * Debconf translations updates: + - Japanese. Closes: #433070 + - Spanish. Thanks to Javier Fernández-Sanguino Peña. Closes: #433084 + - Thai. Thanks to Theppitak Karoonboonyanan. Closes: #433177 + - Arabic. Thanks to Ossama Khayat. Closes: #433222 + - Hebrew. Thanks to Baruch Even. Closes: #433291 + - Italian. Closes: #433200 + - Galician. Closes: #433218 + - Portuguese. Thanks to Miguel Figueiredo. Closes: #433293 + - Hungarian. Thanks to Josip Rodin. Closes: #433336 + - Punjabi. Thanks to Amanpreet Singh Alam. Closes: #433578 + - Marathi. Thanks to Priti Patil. + - Wolof. Thanks to M Mamoune Mbacke. Closes: #433701 + - Indonesian. Thanks to Arief S Fitrianto. Closes: #433758 + - Romanian. Thanks to Eddy Petrisor. Closes: #433854 + - Nepali. Thanks to shyam krishna bal. Closes: #435345 + - Swedish. Thanks to Daniel Nylander. Closes: #435705 + + [ Andreas Metzler ] + * Update eximon menu file for menu 2.1.35 hierarchy. + + [ Christian Perrier ] + * Fix typo in README.Debian.xml. Thanks to + Closes: #434961 + + -- Marc Haber Sun, 19 Aug 2007 09:25:10 +0200 + +exim4 (4.67-7) unstable; urgency=low + + * only generate HIDE_MAILNAME macro if its value is really non-empty + + -- Marc Haber Sat, 14 Jul 2007 08:47:40 +0200 + +exim4 (4.67-6) unstable; urgency=low + + * Add some more debugging output to maintainer scipts, hopefully + nailing #396944 which has surfaced again. + * Improve wording in NEWS.Debian for exim4-config. + Closes: #431019, #431130 + * Issue DEBCONFfooDEBCONF warning as well for + DEBCONFheaders_rewriteDEBCONF. + Thanks to John Goerzen. Closes: #431088 + * fix localhost inserted twice into local_domains. Closes: #432394 + * fix MAIN_RELAY_TO_DOMAINS in update-exim4.conf. + Thanks to Ben Wheeler. Closes: #432521 + * Document that special handling is needed for host lists that only + consist of a single IPv6 address. Thanks to Frederic Daniel Luc + Lehobey. Closes: #432229 + * Add forgotten (conditional) definition of REMOTE_SMTP_HEADERS_REWRITE + and REMOTE_SMTP_RETURN_PATH for remote_smtp transports. + Thanks to Miguel Martins Feitosa Filho. Closes: #432716 + * Debconf translations + * Bulgarian completed. Closes: #431957, #430521 + * Update Tamil. Thanks to Tirumurti Vasudevan. Closes: #432181 + * Update Spanish. + Thanks to Javier Fernández-Sanguino Peña. Closes: #429940 + + -- Marc Haber Fri, 13 Jul 2007 22:22:09 +0200 + +exim4 (4.67-5) unstable; urgency=low + + * the "verderben viele Koeche den Brei?" release + + [ Andreas Metzler ] + * Point to exim4_passwd(5) instead of non-existing exim_passwd(5) in AUTH + section of configuration. (Thanks Arkadiusz Dykiel, #430149) + * update-exim4.conf check_ascii_pipe(): Accept < since we use it for list + construction. Closes: #430391 + * Anchor UPEX4CmacrosUPEX4C in update-exim4.conf + + [ Robert Millan ] + * Update informational message in SPF ACL to use the latest + http://www.openspf.org/Why API. + + [ Debconf translations ] + * French completed and converted to UTF-8 + * All remaining non UTF-8 translation switched to UTF-8 + + [ Marc Haber ] + * do not quote error message in lowuid router + * replace commented UPEX4CmacrosUPEX4C with UPEX4CmacrosUPEX4C exim + configuration macro definition as placeholder for ue4c-generated macros. + + [ Christian Perrier ] + * Correct the invalid ${fqdn} variable in exim4-config.templates + + -- Marc Haber Thu, 28 Jun 2007 09:22:04 +0200 + +exim4 (4.67-4) unstable; urgency=low + + * update-exim4.conf: + * fix embarrassing typo in update-exim4.conf that broke macro + expansion for two values. + Thanks to Andrew Chittenden. Closes: #429828 + * Allow ! and * in ue4cc. + Thanks to Dieter Hametner and Raf D'Halleweyn. Closes: #429986 + * have @ and localhost added to local_domains list. + Thanks to a big number of people. Closes: #429939 + * eliminate -e && chmod construct as a possible cause of #429617. + Thanks to Martin Ketzer and Silvestre Zabala + * Now barfs if DEBCONFsomethingDEBCONF is still found in the + configuration file. Thanks to a truckload of users who were too lazy + to read the docs, did not accept the suggested configuration file + changes and then complained about a non-working exim ("malformed macro + definition") + * README.Debian: Document the new low-UID handling mechanism. + Thanks to Johannes Rohr. Closes: #429878 + * debian/rules: do not ignore make clean errors + * Debconf translation updates: + - Basque. Closes: #429626 + - Czech. + - Brazilian Portuguese. Closes: #429867 + + -- Marc Haber Fri, 22 Jun 2007 13:55:15 +0200 + +exim4 (4.67-3) unstable; urgency=low + + [ Andreas Metzler ] + * Initialize permissions of bug-script and exim-adduser as 755, since diff + does not preserve permissions. Both were shipped as 644 in binary packages + not built with svn-buildpackage. Closes: #420446 + + [ Marc Haber ] + * Merge experimental changes from revision 2018:2073 + * Fix "Zahlendreher" in closure of #427690. Closes: #427690 + * update-exim4.conf: + * finally get rid of the DEBCONFfooDEBCONF stuff. That information + is now passed to the configuration by ue4c by directly setting exim + macros in the configuration. This has caused both the configuration + and ue4c to be much shorter. + * run with -e, -C and -u. + * convert input read from update-exim4.conf.conf to lower case + * barf if strange characters are found in ue4cc. Closes: #400294 + * Remove superfluous "x$foo" = "xbar" constructs from scripts + * Add routers to reject mail to accounts with low UID. + Closes: #400790. + * Make daily cron job barf if /usr/bin/mail is not found. Have + exim4-base recommend mailx. Closes: #427690 + * Have all -daemon packages provide exim4-localscanapi-1.0 and + exim4-localscanapi-1.1 as requested by Magnus Holmgren while fixing + #426425. Also include exim4-localscan-plugin-config script with + exim4-dev. Thanks to Magnus for helping with this. Closes: #428274 + * remove /etc/exim4/email-addresses symlink and document this. + Thanks to Josip Rodin. Closes: #420578 + * introduce conf.d/250_exim4-config_lowuid which optionally allows + to reject (or alias away) mail to low-uid accounts that are not + listed in an exception list. Thanks to Dominic Hargreaves, + Marc Sherman and Ross Boylan. Closes: #400790, #307768, #331716 + * remove versioned depends on cron, since the version we need is + well before sarge. + * Add cron | fcron dependency. Fcron is going to be removed again + at the first sign of trouble. Closes: #381806 + * remove move_exim3_spool debconf template. Closes: #391762 + * replace openssl gendh with openssl dhparam. Closes: #413235 + * adapt docs, README and manpages + * have Hilko fix the lynx-dump postprocessing to repair generating + README.Debian text version. Thanks! + * increase README.Debian generation robustness. Thanks to Hilko. + * debconf: + * Partly apply Christian Perrier's patch for reviewed + templates and control file. Closes: #426980 + * Other minor template changes. + * get rid of "mails" in debconf templates, use "messages" instead. + Re-word local_interface debconf template. Other minor changes. + Thanks to Jens Seidel and Christian Perrrier. Closes: #394976 + * re-work exim4-config.config logic to have split/non-split config + asked last instead of first. This partly addresses #410756. + * Add exim4-daemon-heavy.templates, exim4-daemon-light.templates + and exim4.templates to POTFILES.in + * Re-Word dc_other_hostnames debconf template. + Thanks to Hans G. Ehrbar. Closes: #421860 + + [ Christian Perrier ] + + * Debconf translation updates: + - French + - Ukrainian. Closes: #427793 + - Bulgarian. + - Thai. + - Galician. + - Swedish. + - Punjabi. + - Indonesian. + - Italian. + - Khmer. + - Traditional Chinese. Closes: #428072, #428069. + - Portuguese. + - Simplified Chinese. + - Marathi + - Romanian. Closes: #429242 + - Russian. Closes: #429352 + + -- Marc Haber Mon, 18 Jun 2007 10:26:20 +0200 + +exim4 (4.67-1) unstable; urgency=low + + [ Marc Haber ] + * new upstream version + * remove 37_upstream-patch-384015-add_headers + * remove 80_disable_rsa_export + * remove 80_upstream_408174_4-64-PH18 + * EDITME patch changes to allow for 4.67 + * enable dovecot authentication + * Upstream patch from Magnus Holmgren included upstream. + Thanks to Simon Walter. Closes: #407957 + * Upstream patch PH/18 included upstream. + Thanks to Marc Schiffbauer. Closes: #408174 + * merge experimental changes + * exim man page patch changes for 4.67 + * robustness patches for + * create-custom-package + * exim-gencert + * exim4-base.config + * exim4-base.postinst + * exim4-config.config + * exim4-config.postinst + * exim4-daemon-light.postinst + * update-exim4defaults + * replace backticks with $() notation + * Add patch to 50_localscan_dlopen to reduce dynamic symbol table. + Thanks to Magnus Holmgren. Closes: #413602 + * remove woody compatibility hacks from + * exim4-daemon-light.postinst + * exim4-config.postinst + * Fix eximnext => exinext in man page. + * README.Debian: + * add warning to "IP addresses for incoming connections" section. + * add new chapter about how to influence exim's behavior. + * add missing closing bracket. Thanks to Martin Schwarz. Closes: #419700 + * update-exim4.conf(8): + * clarify update-exim4.conf about how ue4cc and exim configuration + interface + * remote_smtp_smarthost transport: make hosts_try_auth host list + semicolon-separated to correctly handle IPv6 + * multiple minor changes to lintian overrides + * debian/control: have exim4 depend on debconf (>= 1.4.69) | cdebconf + (>= 0.39) explicitly to allow usage of debconf error template type. + + [ Christian Perrier ] + * Esperanto debconf translation update (Serge Leblanc). Closes: #415590 + * Marathi debconf translation added (Priti Pathil). Closes: #416801 + + -- Marc Haber Sat, 21 Apr 2007 11:48:48 +0200 + +exim4 (4.63-17) unstable; urgency=low + + * 30_exim4-config_examples: add missing backslash in non-TLS client + login authenticator. Thanks to Kai Weber. Closes: #407567 + + -- Marc Haber Sat, 20 Jan 2007 10:38:16 +0100 + +exim4 (4.63-16) unstable; urgency=low + + * Add ta (Tamil) translation of Tirumurti Vasudevan + Closes: #406974 + * exim4_refresh_gnutls-params: allow EXIM4_SPOOLDIR to be overridden from + the environment. Closes: #406989 + * Re-work client authenticators to handle passwords containing + colons and circumflexes. Thanks to Steaphan Greene. Closes: #406686 + * transport/30_exim4-config_remote_smtp_smarthost: feed + hosts_try_auth from $host and $host_address, avoiding issues with + round-robin DNS setup. + Thanks to Celejar and Heiko Schlittermann. Closes: #403583 + + -- Marc Haber Thu, 18 Jan 2007 21:10:34 +0100 + +exim4 (4.63-15) unstable; urgency=low + + * keep config.h from being installed in exim4-base. + Thanks to Aaron M. Ucko. Closes: #405824 + + -- Marc Haber Sat, 6 Jan 2007 22:12:05 +0100 + +exim4 (4.63-14) unstable; urgency=low + + * patch LOCAL_SCAN_ABI_VERSION to 1.1 in 50_localscan_dlopen after + consulting with Magnus Holmgren. + * Fix update-exim4.conf.8 manpage + * FILES section is no longer doubled + * NAME is no longer multi-line + * proper reference to ue4cc in FILES section + * Thanks to Angus Mackenzie + * debian/rules + * allow buildbasepackages and extradaemonpackages to be set from + the environment + * fix buildbasepackages=no and extradaemonpackages which were + broken due to the new -dev binary package + * remove "" in various places, this is Make not shell + * add optional debugging output for variables that are meant to be set + externally + * clean now unpatches first, otherwise clean fails because files + are first deleted and then non-existing files are unpatched + * take config.h from first non-light daemon package built instead + of -heavy (we might not be building -heavy but still need -dev) + * Thanks to Gerfried Fuchs for actually using these features and + finding this bug group. + * exim4.init: Now returns 0 when starting and daemon already + running, and when stopping and daemon already stopped. This fixes LSB + compliance. Thanks to Heiko Schlittermann. Closes: #404182 + + -- Marc Haber Fri, 5 Jan 2007 16:34:58 +0100 + +exim4 (4.63-13) unstable; urgency=low + + * Fix mangled sense in /etc/aliases exim4-config_files(5) man page. + Thanks to Angus Mackenzie. + * [update-exim4.conf.8] exim4-config_files manpage is in section 5 instead + of 8. Thanks to Angus Mackenzie. Closes: #404494 (am) + * Clarify /etc/exim4/passwd.client host name lookup to go after the + reverse DNS entry in exim4-config_files(5) man page. + * Update uk (Ukrainian) translation of debconf templates. + Thanks to Eugeniy Meshcheryakov and Yanovych Borys. Closes: #404481 + * Update sl (Slovenian) translation of debconf templates. + Thanks to Matej Kovacic. Closes: #404481 + * merge in experimental changes: + * create exim4-dev package for sa-exim and other packages. Closes: #401462 + * fix broken usage of DPATCH_WORKDIR (dpatch-edit-patch didn't + work with tarballed upstream) + * don't use DPATCH_WORKDIR any more + * modify patches to apply to build-tree + * remove leftover debugging output from debian/patches/00_unpack.dpatch + + -- Marc Haber Tue, 2 Jan 2007 14:43:59 +0100 + +exim4 (4.63-12) unstable; urgency=low + + * exim4-base.postinst: Redirect command -v's stdout to /dev/null + * update-exim4.conf: add lots of quoting to increase robustness. + Thanks to Paul Slootman. Closes: #403605 + * Debconf templates translation updates and new translations: + - Esperanto + - Norwegian Nynorsk (HÃ¥vard Korsvoll). + - Punjabi (A.S. Alam). + - Malayalam (Praveen A). Closes: #402541 + - Italian (typos corrected by Davide Viti). Closes: #403199 + - see Last-Translator for rewards) + + -- Marc Haber Wed, 20 Dec 2006 14:23:57 +0100 + +exim4 (4.63-11) unstable; urgency=low + + * Remove patch to spec.txt for pkg-exim4-users, it is included + upstream. No idea why this patch even applied correctly. + * README.Debian: + * Fix wrong pidfile name + * Move FAQ to the Wiki + * Adapt "Using completely different configuration scheme" to also + mention /etc/exim4/exim4.conf. + * Move titles in the same line as the section statement, making it + easier to work with a code folding editor. + * exim4_files(5): fix recommended permissions for passwd[.client]. + Thanks to Georg Neis. Closes: #398365 + * Remove temporary gnutls parameters file if neither certtool nor + openssl are installed. Closes: #399023 + * Fix path to gnutls-params file in exim4-base.postinst. + Thanks to J.L. Fernandez. Closes: #400794 + * Translation updates (see Last-Translator for rewards). + - Punjabi (not yet complete) + - Hebrew (not yet complete) + - Portuguese. Closes: #399242 + * merge changes from experimental: + * enable sqlite for exim4-daemon-heavy. + Thanks to Adrian Phillips. Closes: #398718 + * Add Build-Dependency on libsqlite3-dev. + Thanks to Frank Lichtenheld. Closes: #398880 + * Build-Depends + * add po-debconf + * add bzip2 + * debian/rules: + * run debconf-updatepo in clean targets + * adapt build system to allow direct building from an upstream tarball + * needs tardy at build time on sarge, but not on newer distributions + * use dpatch-run for patches instead of locally programmed handling + * add lintian overrides: + * partially-translated-question exim4/dc_eximconfig_configtype for + cy, eo, et, he, mk, nn, pa, pl, sl, tl, uk - translators, move! + * possible-debconf-note-abuse config:15 */drec + * remove gratuitous exim4-daemon-heavy.postinst + (it is symlinked at build time) + + -- Marc Haber Fri, 1 Dec 2006 11:16:34 +0000 + +exim4 (4.63-10) unstable; urgency=low + + * The "praise Osamu Aoki" release. + * Translation updates (see Last-Translator for rewards). + - Dutch. Closes: #396725 + * README.Debian: + * Add information about how to obtain reportbug information for + mailing list questions. + * Point people directly to passwd.client man page instead of the + file itself. Thanks to Osamu Aoki. + * Re-work the /etc/aliases section. + * Improve smarthost description in update-exim4.conf(8) man page. + Give examples. Thanks to Osamu Aoki. + * include documentation for /etc/aliases in exim4-config_files(5) + man page. Symlink to etc-aliases(5). + Thanks to Osamu Aoki. Closes: #397042 + * Change symlink of exim4-config_files(5) to email-addresses(5) to + point to etc-email-addresses(5) for consistency. + * Use nwildlsearch to index into passwd.client to allow wildcards + here. Thanks to Osamu Aoki. This is another pain relief for #244724. + * use printf instead of echo in daily cron job. + Thanks to Ming Hua. Closes: #395448 + * Add de-uglyfication request to man pages. + + -- Marc Haber Sun, 5 Nov 2006 10:36:28 +0000 + +exim4 (4.63-9) unstable; urgency=low + + * Fix a spelling error in templates: s/adviseable/advisable + Thanks to Jens Seidel for spotting it + * Translation updates (see Last-Translator for rewards). + - Bosnian. Closes: #396592 + - Bulgarian. Closes: #396558 + - Greek. + - Lithuanian. Closes: #396478 + - Norwegian BokmÃ¥l. Closes: #391768 + - Wolof. Closes: #395944 + * Have ue4c barf on more lookup types found in more ue4cc fields, + courtesy to regexp from hell. + + -- Marc Haber Thu, 2 Nov 2006 18:07:24 +0000 + +exim4 (4.63-8) unstable; urgency=low + + * Translation updates (see Last-Translator for rewards). + - Albanian. Closes: #394725 + - Arabic + - Basque + - Catalan + - Chinese (Simplified) + - Chinese (Traditional) + - Croatian + - Czech + - Dzongkha + - Finnish. Closes: #393644 + - German + - Italian. + - Korean. Closes: #394235 + - Nepali + - Norwegian Bokmal. Closes: #394270 + - Portuguese + - Romanian + - Russian. + - Slovak + - Turkish + * README.Debian + * remove wiki references from README.Debian + * remove dc_local_delivery FAQ entry since this is now debconfized + * Fix typos, replace "documented below" with a direct link. + Thanks to Olaf van der Spek. Closes: #394617 + * exim4-config.templates + * Fixed typo: s/arbitrary/arbitrarily + * Extra space removed at the end of a line. Closes: #394569 + * Change references to inexistent README.Debian.html and README.Debian, + both replaced by README.Debian.gz. Thanks to Eric Schanze for spotting + this. + * Various English use changes suggested by Jens Seidel. Closes: #394651 + * update-exim4.conf: Fix wrong behavior if a debconf list answer already + starts with "<". Thanks to Vineet Kumar. Closes: #393843 + * conf.d/main/02_exim4-config_options: Use upstream's wording for + rfc1413 configuration, fix wrongly commented timeout value. + Thanks to Andre Bischoff on IRC. + * conf.d/transports/35_exim4-config_address_directory: Add + delivery_date_add, streamline other options' syntax. + Thanks to Dominic Hargreaves. Closes: #393930 + * Remove commented out inetd entries from maintainer scripts, we are + not going to support inetd again. + * Zap gnutls-params in postinst if old binary format is detected. + Exim cannot read that file any more since RSA_EXPORT has been removed. + Always kill the file if file(1) is not present, recommend file(1). + Thanks to John Goerzen. Closes: #394598 + + -- Marc Haber Mon, 23 Oct 2006 20:49:46 +0200 + +exim4 (4.63-7) unstable; urgency=low + + * Translation updates (see Last-Translator for rewards). Closes: #391768 + - Brazilian Portuguese + - Danish. Closes: #392548 + - Galician + - Hungarian + - Indonesian + - Japanese + - Spanish + - Thai + * Do not ask for local delivery method if custom entry (i.e. neither + maildir_home nor mail_spool) has bin set in update-exim4.conf and continue + to use this custom setting instead of overwriting it with mail_spool. (am) + Closes: #392993 + * Special-case "dsearch;" constructs in dc_other_hostnames, no + longer supported. Adapt documentation accordingly. + * Adapt docs and man pages so that they do not longer suggest that + answers to debconf questions might use all exim + host/address/domain list features. + * fix ue4c to handle more than one smarthost correctly. + * Handle spaces, commas and semicolons as separator in root alias + handling. + * Wolof translation contained a comma in the translation of a element of the + Choices list for the dc_eximconfig_configtype question, replace it with a + semicolon. (am) + + -- Marc Haber Sat, 14 Oct 2006 23:45:17 +0000 + +exim4 (4.63-6) unstable; urgency=low + + * s/ipv6/IPv6 in templates (general writing consistency) + * Translation updates (see Last-Translator for rewards) + - Arabic (partial) + - Basque (partial) + - Croatian (partial) + - Greek (partial) + - Khmer + - Spanish (partial) + - Swedish + - Vietnamese. Closes: #392772 + * README.Debian: + * Fine tuning of SMTP AUTH and TLS docs after user feedback + received over $BEVERAGE irl. + * Adapt configuration chapter to re-worded templates. + * Fix exim4_files man page names to not pollute name space. + * Clarify exim4-config_files man page to reflect that the host name + given there does not actually influence the routing decision. + Thanks to Sven Luther. + * Fix list separator handling for dc_other_hostnames in ue4c. + Thanks to Alexandre Fayolle. Closes: #392831 + + -- Marc Haber Sat, 14 Oct 2006 07:40:05 +0000 + +exim4 (4.63-5) unstable; urgency=low + + * define MAIN_LOG_SELECTOR conditionally. + Thanks to Aaron M. Ucko. Closes: #390758 + * Fix typos in man pages. Thanks to A. Costa. + Closes: #390705, #390706, #390707 + * Address #373786: + * cron.daily: Try UID change with start-stop-daemon, and fall + back to su if that fails. This should enhance compatibility + with libpam-tmpdir. + * exim4_refresh_gnutls-params: don't drop privileges any more, + generate gnutls-params as root and chown them later. + * Thanks to Piotr Kaczuba and Tollef Fog Heen. Closes: #373786 + * Add debugging facility to exim4_refresh_gnutls-params + * Debconf-Rework + * update-exim4.conf: expand UE4CC_semicolon list to allow + semicolons in all debconf questions as list separators for consistency. + * Do template changes suggested by Christian Perrier. Closes: #260141 + * new mail name template thanks to Jari Aalto. Closes: #275953 + * relay templates changes thanks to Ross Boylan. Closes: #342061 + * remove conftype exim3manual. Closes: #355265 + * use semicolon as list separator in debconf templates. ue4.conf + handles both semicolons and colons since #360162. Thanks to Adam + Borowski. Closes: #365428 + * Make existing templates style-compatible regarding developer's + reference. + * Lower priorities so that the Installer can do its work without + exim4 asking questions. Closes: #379485 + * Modify templates saying that smarthost::port is a valid + notation. Modify transport/30_exim4-config_remote_smtp_smarthost to + take only the first part of DCsmarthost (up to first colon) as host + name for hosts_try_auth. This allows debconf configuration of a + different port to connect to the smarthost. Closes: #251949 + * Add debconf template to packages telling people to dpkg-reconfigure + exim4-config. + * Allow choosing between delivery to /var/mail or ~/Maildir with debconf. + (am) Closes: #250980, #274560, #289959 + * Translation updates (see Last-Translator for rewards) + - Brazilian Portuguese + - Danish + - Galician + - Slovak + - Thai + - Turkish + - Romanian + - Japanese + - French + * Patch by Florian Weimer which disables RSA_EXPORT support which + should eliminate the "exim blocking on entropy starvation" issue. + * update-exim4.conf: Take only the first word from /etc/mailname as + system mail name. Thanks to Mike Mestnik. Closes: #215319. + * init script: log_failure_message alert if non-zero paniclog is + found. Thanks to Andreas Barth. + * README.Debian: document cron job, including paniclog monitoring. + Thanks to Stephen Gran. + + -- Marc Haber Tue, 10 Oct 2006 16:50:27 +0000 + +exim4 (4.63-4) unstable; urgency=low + + * Make update-exim4.conf man page also update-exim4.conf.conf man page. + * Fix SPF error message when $sender_address_domain is undefined (i.e. sender + is <>). (rm) + * Change debian/rules documentation for daemon-custom build. + Thanks to Guido Hennecke. Closes: #386135 + * Rotate paniclog by size, not daily, to avoid rotating away + messages after complaining from the daily cron job. + Thanks to Dirk Meyer. + * Update Slovak translation. + Thanks to Peter Mann. + * Add Wolof translation. + Thanks to M Mamoune Mbacke + * Add a paragraph explaning the gnutls-bin suggestion to ease DH + parameter generation in case of entropy starvation. + Thanks to Andi Barth and Florian Weimer. + * Since a new version of sysvinit upload will move /var/run/ to a tmpfs + directories under /var/run/ and their permissions are not persistent + anymore but will be lost after a reboot. - Re-generate /var/run/exim4 in + the init script to compensate for this. (am) (closes: #387699) + * update-exim4.conf: Exit with an error if dc_use_split_config is neither + true nor false instead of replacing the configuration with an empty one. + (am) Closes: #386554 + * More intelligence for exim4_refresh_gnutls-params: + * If certtool (from gnutls-bin) is unavailable but openssl is installed + use openssl to re-generate DH params. (am) + * Change exim4-base Suggests on gnutls-bin to gnutls-bin|openssl. (am) + * Move invocation and background mechanism to exim4_refresh_gnutls-params. + Script can now be called any time from the command line or any + other script. + * Only regenerate dh params if tls_advertise_hosts is non empty. + According to Florian Weimer, DH params are only needed for + incoming TLS connections. + * Thanks, Yuri D'Elia. This addresses #387448 + * Improve entropy and gnutls-params docs. + * cron-daily: + * Invoke exim4_refresh_gnutls-params unconditionally. + * Send out e-mail alert if gnutls-params is older than 14 days. + * rename config varables to E4BCD_, source /etc/default/exim4 + * introduce a E4BCD_PANICLOG_NOISE variable containing a regexp. + Paniclog is negatively filtered against that regexp and paniclog + warning is only sent out if unfiltered lines remain. This is to allow + work around http://www.exim.org/bugzilla/show_bug.cgi?id=92 + * Prepare hosts_avoid_tls statement on SMTP transports + * Macroize log_selector, remove +tls_cipher from examples (it is on + by default) and always set tls_peerdn (we use TLS by default for + outgoing connections). Make it easier to enable debug logging. + * Mention in the comments of the default RCPT ACL that verification + is likely to have false negatives in smarthost/satellite setups. This + is the easiest way to fix #388460; the "real" fix would be very very + complicated and thus unsuitable for the default configuration. + Closes: #388460 + * README.Debian: + * Re-Work "misc" section to contain subsection. Fix minor + formatting issues. + * Add a section about SELinux to the misc subsection saying that + we currently do not have an SELinux policy but would appreciate + people helping here. This is already bug #387327 and #390179. + + -- Marc Haber Sun, 1 Oct 2006 14:37:53 +0000 + +exim4 (4.63-3) unstable; urgency=low + + * Have exim4-config conflict with exim4-daemon-* << 4.63. + Thanks to Yannick Roehlly. Closes: #383420, #384058 + * Tweak NEWS.Debian formatting. Remove asterisks and make sure that + contents lines start with four spaces. + * exim4-config.NEWS: A pair of minor fixes in SPF entry. (rm) Closes: #383708 + * Apply upstream fix allowing header names with an odd number of + characters in add_headers in filters. + Thanks to Tony Finch. Closes: #384015 + * Add documentation for inaccessible home directories. + Thanks to Juha Jäykkä. Closes: #383469 + + -- Marc Haber Wed, 23 Aug 2006 17:16:38 +0000 + +exim4 (4.63-2) unstable; urgency=low + + * upload to unstable + + -- Marc Haber Tue, 15 Aug 2006 20:35:55 +0000 + +exim4 (4.63-1) experimental; urgency=low + + * New upstream version 4.63 + + Change PostgreSQL charset handling. Closes: #369351 + + Recognize SMTP codes at the start of "message" in ACLs and after + :fail: and :defer: in a redirect router. Add forbid_smtp_code to + suppress the latter. forbid_smtp_code is enabled in Debian's + default config. Closes: #378131 + * Adapt configuration to current upstream + + re-work RCPT ACL. Closes: #379155 + + add new comments to default authenticators + + use $auth[123] instead of $[123] which are now deprecated + + forbid_smtp_code on userforward router + * Add missing dependency on lsb-base (>= 3.0-3), needed for the new + init-script shipped in exim4-base. (am) + + -- Marc Haber Tue, 1 Aug 2006 10:47:44 +0000 + +exim4 (4.62-5) unstable; urgency=low + + * Fix typo in exim4-base daily cron job. + Thanks to Salvatore Bonaccorso. Closes: #381048 + * Fix language issues in package descriptions + + -- Marc Haber Tue, 8 Aug 2006 15:02:14 +0200 + +exim4 (4.62-4) unstable; urgency=low + + * Add missing dependency on lsb-base (>= 3.0-3), needed for the new + init-script shipped in exim4-base. (am) + + -- Marc Haber Tue, 1 Aug 2006 11:03:57 +0000 + +exim4 (4.62-3) unstable; urgency=low + + * remove pkg-exim4-user mail address from README.Debian, mention + that one needs to be subscribed to post. + Thanks to Ross Boylan. Closes: #368242 + * re-word -o description in update-exim4.conf(8) man page. + Thanks to Ross Boylan. + * Flag update-exim4.conf(8) man page for a re-work in its BUGS + section. + * Give a - hopefully - better explanation of the mail name thingy in + README.Debian. + * Fix occurrences of default_acl file in documentation. Make part of + README.Debian less confusing. + Thanks to Ross Boylan. Closes: #376459 + * When installing via apt using dpkg-preconfigure the value of + dc_hide_mailname was overwritten during the second run of the debconf + script (invoked by postinst), before the value was stored in the + configuration file. Fix this. (am) Closes: #376460 + * Make spamassassin example in 40_exim4_config_check_data actually + work, add link to documentation for "really suiteable" configuration + examples. Thanks, again, to Ross Boylan. + * remove left-over "and a bunch" sentence from exim4-config_files.5 + * Add a symlink from /etc/email-addresses to /etc/exim4/email-addresses + * Fix bad parsing of CHECK_RCPT_DOMAIN_DNSBLS. + Thanks to Robert Millan. Closes: #378581 + * Note in README.Debian that other parts of the Debian system might + give outdated and/or wrong advice. See #378684, #378685. + * SPF support: (rm) Closes: #290464 + * Add (disabled) template to check SPF in 30_exim4-config_check_rcpt. + * Add libmail-spf-query-perl (>= 1.999-1) to Suggests. + * Rewrite Q/A about SPF from README.Debian. + * Add a small note to exim4-config.NEWS. + * Add conf.d/acl/30_exim4-config_check_mail to reject mail without HELO/EHLO. + (rm) Closes: #378935 + * Add LSBized init script. Thanks to Carlos Villegas. Closes: #376953 + * re-order RCPT ACL statements to resemble Upstreams default config + a little more. This used to be the case in the beginning, but was + changed eventually, and I didn't find any rationale for our deviation. + Thus, we change back to upstream's default to see which things might + break. + * remove cron.d from exim4-base dirs - we do not have a cron.d job + any more for years. + * Re-work daily cron job: + * Make statistics configurable with a variable + * Comment that the log handling code is fragile and depending on + log rotation strategy + * Add code to generate warnings if paniclog non-empty. + Thanks to Andrew Ferrier. Closes: #379898 + * Build -dbg packages. + * Updated vi (vietnamese) translation. + Thanks to Clytie Siddall. (am) Closes: #380357 + + -- Marc Haber Mon, 31 Jul 2006 06:10:51 +0000 + +exim4 (4.62-2) unstable; urgency=low + + * Move explanation about using ";" as separator in lists from debian/NEWS to + debian/exim4-config.NEWS. (The former ends up as + /usr/share/doc/eximon4/NEWS.Debian.gz.) Also fix version-number of + entry. (am) + * have ue4.conf --verbose print split or non-split config. + Thanks to Florian Laws. (mh) + * Mention http://pkg-exim4.alioth.debian.org/ in package description. + Thanks to Florian Laws. (mh) + * Mention in package description that README.Debian has information + about how to configure the Debian packages. + * /etc/init.d/exim4: parse extended inetd.conf syntax from + openbsd-inetd. (mh) Closes: #365928 + * New th (thai) translation. + Thanks to Theppitak Karoonboonyanan. (mh) Closes: #367351 + * New dz (Dzongkha) translation. + Thanks to Pema Geyleg. (am) Closes: #368593 + * New ne (Nepali) translation. + Thanks to Paras pradhan. (am) Closes: #369526 + * New eo (Esperanto) translation. + Thanks to Serge Leblanc. (am) Closes: #369241 + * Updated hu (hungarian) translation. + Thanks to Attila Szervac. (am) Closes: #374616 + * Make documentation of CHECK_RCPT_LOCAL_LOCALPARTS and + CHECK_RCPT_REMOTE_LOCALPARTS more verbose and concentrate it in the + ACL file. Thanks to Klaus Muth. (mh) Closes: #366491 + * README.Debian.xml (mh) + * Add new section documenting where to find documentation. + * Move misplaced sentence. + * Fix spelling errors in README.Debian. + Thanks to Salvatore Bonaccorso. Closes: #366003 + Thanks to Ross Boylan. Closes: #374216 + * remove "you can stop reading now" sentence. + Thanks to David Lawyer. Closes: #370790 + * Mention Debian-specific man pages + * Give instructions about how to use apropos to find out about man + pages. + * Documentation changes inspired by Ross Boylan. Closes: #369126 + * Add exim4-config_files(5) man page to aid as repository for file + explanations. + * /etc/email-addresses + * /etc/exim4/local_host_blacklist + * /etc/exim4/local_host_whitelist + * /etc/exim4/local_sender_blacklist + * /etc/exim4/local_sender_whitelist + * /etc/exim4/local_sender_callout + * /etc/exim4/local_rcpt_callout + * /etc/exim4/local_domain_dnsbl_whitelist + * /etc/exim4/hubbed_hosts + * /etc/exim4/passwd + * /etc/exim4/passwd.client + * /etc/exim4/exim.crt + * /etc/exim4/exim.key + If you find any files that might be missing in the man page, + please report a bug. + * mention exim4-config_files(5) in update-exim4.conf.8 + * Explicitly mention README.Debian in exim man page. + * Remove /usr/share/doc/exim4-config/default_acl, move contents to + README.Debian and exim4-config_files. + * remove empty /usr/share/doc/exim4-config/examples. + * clarify docs in RCPT ACL. + * streamline docs: + * hubbed_hosts router. + * passwd.client. + * server side authentication examples + * Standard-Version: 3.7.2, no changes necessary. + + -- Marc Haber Sat, 24 Jun 2006 08:56:19 +0000 + +exim4 (4.62-1) unstable; urgency=low + + * New upstream version + * remove !acl patch, bug is fixed upstream + * Some minor changes to README.Debian + * Downgrade priority of exim4/dc_eximconfig_configtype, exim4/no_config and + exim4/exim3_upgrade from critical to high, as there is a sane default. + Closes: #342077 + * Allow single quotes in recipient mail addresses. Closes: #346222 + * Update debian/mtalist to conflict with hula-mta. (mh) + * Move back man-pages (actually they are symlinks) related to the + mail-transport-agent virtual package from exim4-base to the daemon + packages. Other MTA packages also include these manpages and would + otherwise need to explicitly conflict with exim4-base. Add "Replaces: + exim4-base (<= 4.61-1)" to the daemon packages. Thanks to Justin Pryzby. + Closes: #362852 (am) + * Update km (Khmer) translation. + Thanks to Khoem Sokhem. (mh) Closes: #363672, #363671 + * Update pa (Punjabi) translation. + Thanks to A S Alam. (am) Closes: #364268 + * replace backticks with $() construct in ue4.conf. (mh) + * Allow ";" as separator in dc_local_interfaces and dc_relay_nets. + If a semicolon is found, "<;" is prepended to allow a semicolon as + separator. Thanks to Adam Borowski. (mh) Closes: #360162 + * Link against libdb4.3 instead of 4.2. (am). Closes: #365467 + * Standards-Version: 3.7.0, no changes required. (am) + * README.Debian: Add link to "how to use a completely different + configuration scheme" to the beginning of the chapter about Debian's + configuration to provide an easy way out for experienced exim people. + (mh) + * Fix grammar error in README.Debian. (Thanks, Ross Boylan) Closes: #365546 + * Whennever changing major Berkeley DB versions we zap the exim hint + databases in exim4-base postinst. Change the code to also delete + __db.retry, __db.misc, __db.callout and __db.wait* (which afaik are + Berkeley DB internal files). If these are somehow broken strange errors + occur, e.g. #360696. As we are deleting the whole db, deleting these files + seems to be a good idea. (am) + + -- Marc Haber Tue, 2 May 2006 11:47:58 +0000 + +exim4 (4.61-1) unstable; urgency=low + + * New upstream version + - Temporary files for content scanning subdirectory are now also mode 640 + instead of 666. Closes: #280282 + - If group was specified without a user on a router, and no group + or user was specified on a transport, the group from the router + was ignored. Closes: #343074 + - .include statements now require an absolute path. Closes: #268083 + * Apply upstream patch allowing !acl constructs + (http://www.exim.org/mail-archives/exim-cvs/2006-April/msg00008.html) + * Rename the Punjabi translation file name from pa_IN to pa + to fit a decision taken in -i18n + * README.Debian: + * mention that relay_nets does allow relaying without authentication. + * minor formatting fixes + * Add Khmer debconf translation (Thanks, Kakada Hok) (bubulle) + Closes: #359668 + * Add linda overrides for libs-not-in-depends (see #357727) + + -- Marc Haber Tue, 4 Apr 2006 19:50:39 +0000 + +exim4 (4.60-5) unstable; urgency=low + + * re-introduce inst_aliases, patch src/install_exim to prevent path + to inst_aliases to be put into example config file. (mh) + * Fix typo in README.Debian.xml, thanks to Frank S. Thomas. (mh) + * Fix Copy&Waste error in README.Debian.xml. + Thanks to Olaf van der Spek. (mh) Closes: #356354 + * Added partial Punjabi debconf translation, + thanks to Amanpreet Singh Alam. (cp) Closes: #349644 + * Fix wrong example in conf.d/acl/20_exim4-config_whitelist_local_deny. + Thanks to Kaare Hviid for pointing this out on IRC. (mh) + * Add documentation about Debconf templates to README.Debian to make + yath happy. (mh) + * exim4-refresh_gnutls-params: Use prefix for tempfile to make it + easier recognizeable. (mh) + + -- Marc Haber Mon, 13 Mar 2006 15:30:07 +0000 + +exim4 (4.60-4) unstable; urgency=low + + * add rationale to README.Debian explaining why using system + passwords for SMTP AUTH is a bad idea. + * streamline configuration to decrease differences to upstream default + example, and to adopt new things that were added since we last + looked there. + * Do not set inst_aliases for installation, this only affects + example.conf anyway. + * fail build if upstream's example configuration has changed. + * fix NEWS confusion. Thanks to Andreas for spotting this. + * exim4-base.exim4.init: invoke exim4 daemon with the environment + cleaned to avoid language confusion. + * document tls on connect in README.Debian. + * use adduser --quiet instead of > /dev/null in *.postinst. + * Add require_files directive to userforward router to avoid errors + when mailing uucp@hostname. + * Add comment about setting up TLS in conf.d/auth/30_exim4-config_examples + to keep people from blindly allowing cleartext auth. + * Replace 37_dns_disable_additional_section patch with + 37_upstream_patch_342619, which is the nearly identical patch from + upstream CVS, approved by Philip. (mh) Closes: #342619 + + -- Marc Haber Wed, 22 Feb 2006 10:30:16 +0000 + +exim4 (4.60-3) unstable; urgency=low + + * Have exim4-base replace exim4-daemon-light and -heavy. This is a + needed corollary to the movement of the man pages to -base. Let's + hope that this change doesn't introduce too much breakage. Thanks + to Hamish Moffatt for making me take a closer look at policy. + (mh) Closes: #347908, #348067 + * Introduce Makefile variable to build with OpenSSL instead of + GnuTLS. This is a last minute maneuver to help sites suffering from + the GnuTLS entropy issue (#338319, #343085) whose only other chance is + disabling TLS completely. Please note that building exim4-daemon-heavy + with OpenSSL is a GPL violation since OpenSSL's license clashes with + the MySQL client library, which is GPL licensed without OpenSSL + exception. (mh) + * re-pack configuration diffs. (mh) Closes: #331698 + * Fix wrong variable substitution in lt (Lithuanian) debconf + translation. Thanks to Davide Viti and Gintautas Miliauskas. (mh) + Closes: #342242 + * Fix typo in exim.8 man page. Thanks to A Costa. (mh) Closes: #338579 + * Honor dpkg-statoverride entries for run-time data in /var. + Thanks to Peter Mottram. (mh) Closes: #269448 + + -- Marc Haber Sun, 15 Jan 2006 00:23:47 +0000 + +exim4 (4.60-2) unstable; urgency=low + + * Add, but not enable, 37_dns_disable_additional_section.dpatch, + which might be a possible fix for #342619 + * conf.d/auth/30_exim4-config_examples: add hint to adapt public_name + string in support_broken_outlook_express_4_server authenticator if + other authencators than LOGIN and PLAIN are offered. + * Fix missing special characters in some debconf translations. + Thanks to Davide Viti. (mh) Closes: #341442 + * Fix broken README reference in system_aliases router docs. (mh) + * remove references to alias files from the address_pipe transport. (mh) + * remove "Some-State" default from exim-gencert. (mh) + * Clarify split vs unsplit config in README.Debian. Thanks to Faheem + Mitha and Ross Boylan for helping. (mh) + * Update Build-Depends to libmysqlclient15-dev. (mh) Closes: #343767 + * Fix wrong header in conf.d/routers/300_exim4-config_real_local. + Thanks to Ross Boylan for spotting this. (mh) + * Document headers_rewrite, return_path and dc_mailname_in_oh in + update-exim4.conf man page. (mh) Closes: #332520, #342233 + * Re-Instate debian/patches/31_eximmanpage which was erroneously + removed in 4.60-1, we have local Debian patches in here. Thanks to + Ross Boylan for spotting this. (mh) Closes: #330967 + * Mention relay permission from localhost in update-exim4.conf(8). (mh) + * Add more prose to relay control configuration. (mh) + * Update Greek debconf translation (Thanks, Kostas Papadimas) (am) + Closes: #344576 + * Add cross-reference to README.Debian to better find macro docs. + Thanks to Shyamal Prasad. (mh) Closes: #329988 + * Fix incorrect variable substitution in pt_BR debconf translation. (Thanks, + Felipe Augusto van de Wiel) (am) Closes: #345363 + * [exim4-config.templates, po/*po] Replace reference to README.SMTP-AUTH + with one to its replacement README.Debian.html. (am) Closes: #344826 + * Re-work long package descriptions. Move reference to README.Debian in + front, add hint to dpkg-reconfigure exim4-config, complete stub + sentences, remove non-referenced acronym MTA from the long + descriptions, move explanation what exim is to the very front. + * README.Debian: Add section about changing the configuration, + explain structure of conf.d and .conf.template, add hint that the SMTP + AUTH examples are documented. + * Introduce MAIN_TLS_CERTKEY to allow for single-file certificate/key + storage. Thanks to John Goerzen. (mh) Closes: #315126 + * Mention entropy issue in README.Debian. + * Ship symlink to /usr/sbin/exim, see NEWS.Debian. (mh) Closes: 319316 + * use dh_installinit -n instead of --noscripts to work around #347577. (mh) + * use dh_installinit --name instead of --init-script, rename init + script. (mh) + * move man pages from daemon packages to exim4-base, add lintian + and linda overrides to allow daemon packages not to contain man pages. + + -- Marc Haber Thu, 12 Jan 2006 12:36:50 +0000 + +exim4 (4.60-1) unstable; urgency=low + + * new upstream version 4.60 + * assign value to UE4CC after command line processing. Only have + ue4c throw an error on not-existing UPEX4C_confd if split config is + seleted. Thanks to Ted Percival. (mh) Closes: #337229 + * A number of man page fixes. Thanks to A Costa. (mh) + Closes: #338580, #338581, #338582, #338583, #338584 + * Pull spool dir path from exim -bP instead of hard-coding it in + daily cron job and exim4_refresh_gnutls-params. + Thanks to Alex Hermann. (mh) Closes: 340002 + * Corrected zh_CN translation by Ming Hua. (am) Closes: #338928 + * Corrected pl translation by Jacek Politowski. (am) Closes: #339671 + * Change README.Debian to clarify the exim as a client only uses + STARTTLS and not TLS on connect. Thanks to Rob Brenart and Marc + Sherman for pointing that out on exim-users. + * Clarify passwd.client format. Thanks to Osamu Aoki for providing a + good starting point in #244724, which is unfortunately not fixed just + now. + * remove patch 31_eximmanpage, fixes are included upstream. + + -- Marc Haber Mon, 28 Nov 2005 18:16:12 +0000 + +exim4 (4.54-2) unstable; urgency=low + + * debian/README.Debian* merged into one xml-file. Binary packages ship both + a html (generated by xsltproc) and plain-text version (lynx + + post processing) of the file. (Hilko Bengen) + * Switch to libmysqlclient14. + * Fix two typos in French debconf templates. + Thanks to Christian Perrier. (mh) + * Replace broken courier auth example with one that actually denies + access if a wrong password is given. Thanks to Peter Thomassen for + carrying that report from some colorful web forum to the people who + can fix it after like four months. (mh) Closes: #336979 + * Fix minor typos in README.Debian.xml and changelog. (mh) + * Add 255.255.255.255 to ignore_target_hosts in dnslookup. (mh) + + -- Marc Haber Wed, 2 Nov 2005 19:40:22 +0000 + +exim4 (4.54-1) unstable; urgency=low + + * new upstream version 4.54. (mh) + * fix typo in router/real_local header + * add same_domain_copy_routing to router/hubbed_hosts + * [update-exim4.conf.8] false friend: s/sensible/sensitive/. + Thanks to Ross Boylan. (am) Closes: #330975 + * modify broken outlook express 4 authenticator so that it only + advertises on encrypted connections, as the other plaintext + authenticators do. Thanks again, Fred Viles. (mh) + * update-exim4.conf.8: alphabetically sort REPLACEMENT PATTERNS and + CONFIGURATION VARIABLES sections, add documentation for + DEBCONFlocal_domainsDEBCONF. + Thanks to Ross Boylan. (mh) Closes: #330980 + * fix bashism == in init script. Thanks to Adam D. Barratt and + Justin Pryzby. (mh) Closes: #331299 + + -- Marc Haber Tue, 4 Oct 2005 09:59:24 +0000 + +exim4 (4.53-1) unstable; urgency=low + + * new upstream version 4.53. (mh) + * Fix obviously unfinished sentence in update-exim4.conf.8 + documenting dc_local_interfaces. (mh) + * Move SMTP authentication docs to README.Debian. (mh) + * Adapt reportbug script to be useable from the command line as well, + mention this in README.Debian mailing list paragraph. (mh) + * Remove /etc/default/exim4 in exim4-config's postrm instead of exim4-base's + one, as it is created in exim4-config's postinst. (am) Closes: #325901 + * Fix error in README.Debian.xinetd. + Thanks to Diego Biurrun. (mh) Closes: #327847 + * Fix substitute variable in Japanese (ja) debconf translation. + Thanks to Kenshi Muto. (mh) Closes: #329729 + * Add lintian override for maintainer-script-needs-depends-on-netbase. We + don't need that depends since update-inetd.conf is checked for presence + before invocation and that invocation is only optional cleanup. (mh) + * add linda override to kill double shlib warning - libgnutls is + fully versioned and thus is not a problem. (mh) + * add lintian override to kill bashism "local" warning for + exim4-config.config and exim4-config.postinst (see #330548). (mh) + * add general package blurb to description of the exim4 meta package + as well. Thanks to Marc Sherman for pointing this out. (mh) + * remove code to escape dashes in the pod2man generated man pages. + That code makes the man pages syntactically invalid, we'd rather + live with suboptimal rendering (which is a pod2man bug anyway). (mh) + * change spacing for rewrite rules in configuration, man page and + ue4.conf to ease paragraph filling for the man page. (mh) + * re-pack config patches. (mh) + + -- Marc Haber Wed, 28 Sep 2005 18:34:51 +0000 + +exim4 (4.52-2) unstable; urgency=low + + * unpack/pack configs to get clear EDITME patches (mh) + * Update ca (Catalan) translation. + Thanks to Aleix Badia i Bosch. (mh) Closes: #317429 + * Update mk (Macedonian) translation. + Thanks to Georgi Stanojevski. (mh) Closes: #320231 + * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params + instead of only removing the file and letting exim4 re-generate it at SMTP + time after receiving STARTTLS. The maximum runtime of certtool is limited + to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki + (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to + exim4-base' Suggests. (am) Closes: #285371 + * Build-Depend on libgnutls-dev (from gnutls12) instead of libgnutls11. + * Drop compability with debhelper in woody (am): + - mv *.templates.master *.templates + - update po/POTFILES.in accordingly. + - no more manual invocation of po2debconf in debian/rules + - use dh_installppp instead of manual dh_installdirs/dh_install. + Closes: #212893 + - Build-Depends: debhelper (>= 4.1.68) + * drop upgly passwd dependency introduced in 4.30-6. (am) + * shorten Build-Depends by replacing "libxfoo-dev|xlibs-dev' with just + 'libxfoo-dev'. (am) + * Do not try to authenticate to smarthost if smarthost offers AUTH LOGIN but + passwd.client does not contain a matching entry. (am) Closes: #323565 + + -- Andreas Metzler Sun, 21 Aug 2005 11:44:27 +0200 + +exim4 (4.52-1) unstable; urgency=low + + * new upstream version 4.51. (mh) + * adapt 70_remove_exim-users_references + * remove 37_gnutlsparams + * adapt 36_pcre + * adapt 31_eximmanpage + * fix package priorities to have them in sync with override again. (mh) + * Fix error in nb (Norwegian) translation. + Thanks to Helge Hafting. (mh). Closes: #315775 + * Standards-Version: 3.6.2, no changes needed. (mh) + + -- Marc Haber Sat, 2 Jul 2005 06:08:34 +0000 + +exim4 (4.51-2) unstable; urgency=low + + * Fix typo in exiwhat.8. (am) Closes: #313246 + * Clarify tls_verify_certificates documentation in + conf.d/main/03_exim4-config_tlsoptions. Thanks to Wenzhuo Zhang. (mh) + * Accept postmaster liberally for relay_to_domains. Thanks to + Roderick Schertler. (mh) Closes: #313023 + * Improve update-exim4.conf's internal run-parts to warn about ignored files + if running in verbose-mode. (am) Closes: #315656 + * Make it possible to purge a previously uninstalled exim4-suite if debconf + has between removed since. (am) Closes: #315173 + - Stop useless sourcing of confmodule in exim4-config.postrm. + - Use debconf to ask about trashing the mailqueue if debconf is available, + keep the queue otherwise. + * exim failed to setup gnutls parameters if the gnutls-param file was + missing. This caused TLS breakage. (am) Closes: #315650 + + -- Andreas Metzler Tue, 28 Jun 2005 19:35:35 +0200 + +exim4 (4.51-1) unstable; urgency=low + + * new upstream version 4.51. (mh) + * remove 80_upstream_fix-296492 + * remove 81_fix-kfreebsd-gnu + * remove 82_upstream_fix-299733 + * remove 82_upstream_fix_299743 + * remove 83_upstream_fix-strangelog + * build-depends: replace postgresql-dev with libpq-dev. (mh) + * apply patch to EDITME.exim4-heavy.diff from ubuntu for clearer + postgresql build. (mh) + * fix wrong dc_other_hostnames statement in manpage. Thanks to + Daniel Hermann. (mh) Closes: #311023 + * give more directions how to use /etc/exim4/exim4.conf. (mh) + * Fix duplicated server_advertise_condition line in + login_saslauth_server. Thanks to Rich Aycock. (mh) Closes: #311906 + * Conditional restarting the daemon in exim4-config.config now checks for + DEBCONF_RECONFIGURE=1 instead of (mis)using an internal + debconf-template. (am) + * Documentation Improvements for update-exim4.conf.8, exim4.conf.template + and 01_exim4-config_listmacrosdefs and README.Debian. + Thanks to Ross Boylan. (am/mh) + * New translation: et (Estonian) by Siim Põder. (mh) Closes: #312474 + + -- Marc Haber Fri, 10 Jun 2005 18:57:03 +0000 + +exim4 (4.50-8) unstable; urgency=low + + * integrate TLS docs in README.Debian, remove README.TLS. + Thanks to Sam Morris. (mh) Closes: #310771 + + -- Marc Haber Fri, 27 May 2005 07:57:14 +0000 + +exim4 (4.50-7) unstable; urgency=low + + * Documentation Only Fixes + - Fix grammar error in README.system_aliases. Thanks to Andreas + Barth on IRC. (mh) + - Optimize unencrypted authentication docs. Thanks to Drew Parsons. + (mh) Closes: #305443 + - Clarify dc_smarthost host list processing in update-exim4.conf.8. + (mh) Closes: #307370 + - Clarify split-config description in README.Debian. + Thanks to Luc Saffre. (mh) + - Fix a typo in README.Debian-accountname, thanks to Brett Parker. (mh) + - Fix an issue in the exim manpage creating the illusion that + whitespace is allowed between -d and its options. + Thanks to Greg Kochanski. (mh) Closes: #309174 + - Start re-work of README.Debian FAQ. + - Add "should -config depend on -base" question to README.Debian FAQ. + - Link README.Debian to -daemon-light and -daemon-heavy, include a + copy of README.Debian in -config. + Thanks to Daniel Maier. (mh) Closes: #310118 + * Translations + - Update: cy (Welsh) by Dafydd Harries. (mh) Closes: #306349 + - New: vi (Vietnamese) by Clytie Siddall. (mh) Closes: #306613 + - Fix typos in pt.po (Thanks, Miguel Figueire) (am) Closes: #310057 + * Configuration Clarification + - move the regexps in the local part checks to macros, adapt docs. + Thanks to Adam M. Costello. (mh) Closes: #306094 + * Bug Fixes + - preserve escape sequences like '\\N' in + /etc/exim4/update-exim4.conf.conf: + - use awk instead of sed in exim4-config.postinst (Thanks, Barry Kitson). + - use printf '%s\n' "$foo" instead of echo "$foo". (echo in dash would + swallow the second backslash) + - actually making this work requires changes in debconf, too, + see #306134. + - (Closes: #305957) (am) + - apply upstream patch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050425/msg00035.html + in some circumstances, exim writes parts of /etc/passwd and/or + /etc/group to the reject log. This scares people. (mh) + - apply upstream patch from + http://www.exim.org/mail-archives/exim-dev/2005-April/msg00012.html to + only try SASL mechanisms that are actually specified in the + configurations. Thanks to Juergen Kreileder. (mh) Closes: #299743 + - Build against libmysqlclient12-dev instead of libmysqlclient10-dev. + (am) Closes: #306970 + - As "mail sent by smarthost; no local mail" aka satellite requires setting + dc_readhost always ask this question. (am) Closes: #304838 + - Make nonsplit-config read /etc/exim4/exim4.conf.localmacros before + /etc/exim4/exim4.conf.template to allow macros here as well. (mh) + - Make it clear that "broken debconf" warning is issued by + exim4-config.postinst + - Make sure that "generated, do not touch" disclaimer in + /var/lib/exim4/config.autogenerated always appears + - [exim4-config] As the.config script stores answers in debconf's db and the + postinst actually generates configurations files from these values + restarting the daemon on dpkg-reconfigure has to be done in postinst. (am) + Closes: #310703 + + -- Marc Haber Thu, 26 May 2005 17:47:24 +0000 + +exim4 (4.50-6) unstable; urgency=low + + * fix some errors in update-exim4.conf(8) manpage. (am) + * more macros in config. (mh) + * Apply upstream fix: $primary_hostname is now expanded in + cyrus_sasl authenticator. Thanks to Juergen Kreileder, and of + course Philip Hazel. (mh) Closes: 299733 + * fix conftype none missing "| \" bug, again. Thanks to Andrew Nimmo + and Gabriel L. Briones III. (mh) Closes: 303351. + * The upstream fix for #296492 sometimes causes an endless loop. Update + patch with correction from Philip's commit, revision 1.10. (mh) + * Document real_local router. (mh) + * Add instructions about how to use inetd. Thanks to Ryan Underwood. + (mh) Closes: #304436 + * Fix wrong file header in 100_exim4-config_domain_literal. (mh) + * Fix bad english in 01_exim4-config_listmacrosdefs. (mh) + * conf.d/main/02_exim4-config_options: Remove macro effort for options + that we leave at their default by default anyway, re-commenting them + for reference. (am) + * Allow cleartext client AUTH PLAIN and AUTH LOGIN by setting a + macro. (mh) + * Update information in README.SMTP-AUTH. (mh) + + -- Marc Haber Sun, 17 Apr 2005 19:10:26 +0000 + +exim4 (4.50-5) unstable; urgency=low + + * move exim4-config-simple and exim4-config-medium from the main + source package to keep them from being released. + * document the fact that the check done by update-exim4.conf does + not detect all possible errors and fails with errors that are inside + expanded items in the config file. Thanks to Marc Sherman. + (mh) Closes: 286721 + * Add examples for cyrus_sasl to conf.d/auth/30_exim4-config_examples. + Thanks to Juergen Kreileder. (mh) Closes: #299732 + * remove --dry-run from 10_daemon_close_fds.dpatch so that failures + to patch cause failure. Thanks to Gergely Nagy, and apologies for + blaming it on dpatch (see #297670). (mh) + * remove ACL example file, incorporate DNSBL examples (without + actual DNSBL domains) into main config. The example file hasn't been + updated in ages, and the main config file has become quite + sophisticated by itself. (mh) + * add example authenticators for courier authdaemon. (mh) + * have exim4-base recommend psmisc. Thanks to Thiemo Seufer. + (mh) Closes: #299858 + * apply upstream patch fixing fallback handling. Thanks to Laurent Fousse. + (mh) Closes: #296492 + * add patch to allow building on kfreebsd-gnu. Thanks to Robert + Millan. (mh) Closes: #300967 + * remove 10_daemon_close_fds since this might close FDs which might + be used by other libraries such as libnss-ldap. Thanks to Antonio + Kanouras for reporting and testing, and to Florian Weimer for + debugging. To avoid #297607 from happening again, use db_stop in + exim4-config.config and coordinate with the d-i team. Thanks to + Frans Pop for testing. (mh) Closes: #299051 + * make pidfile paths in init script variables. (mh) + * Update bs (Bosnian) debconf templates. Thanks to Safir Secerovic. + (mh) Closes: #301940 + * Fix update-exim4.conf to actually remove the DEBCONF stuff from + configuration. Thanks to Jason Spiro. (mh) + * correctly translate an empty debconf option visiblename to an + _unset_ qualify_domain, not a qualify_domain set to the empty string. + Thanks to Miquel van Smoorenburg. (mh) Closes: #302060 + * update-exim4.conf ignored the setting of dc_use_split_config and + always used the data from split config for conftype none. (am) + * Document #301988 (base-config) in README.Debian to offer an + explanation for a long delay restarting exim right after Debian + installation. (mh) + * Fix exim4-config.NEWS and exim4-config.postinst, documenting the + mailname change there. This should act as a heads-up to people who + do funky things with their ue4.conf.conf which might overwrite the + fixup intrduced by the maintainer script. Thanks to Vincent + Lefevre. (mh) Closes: #301906 + * Make Maildir location configurable via exim macro. Thanks to + Frederic Lehobey. (mh) Closes: #302215 + * pull update-exim4.conf.conf file name in shell variables + * liberally use .ifdef in conf.d files which changed in this release + anyway. This is part of the process to fix #297603. (mh) + * Adapt formatting policy to conf.d files which were changed. (mh) + * Improve on Debconf documentation in update-exim4.conf.conf and + the configuration templates. This partly addresses #289959. (mh) + * re-work ue4.conf man page, also addressing #289959. (mh) + * add a comment about caseless postmaster to + conf.d/router/400_exim4-config_system_aliases. (mh) + * print script name and parameters when debugging. (mh) + * update-exim4.conf now gives a better error message if + ue4.conf.conf does not exist. (mh) + * ue4.conf.template: If a relative output path is given, actually + put the file there and not in a path relative to + /etc/exim4/conf.d. (mh) + + -- Marc Haber Sun, 3 Apr 2005 07:20:17 +0000 + +exim4 (4.50-4) unstable; urgency=low + + * fix 10_daemon_close_fds.dpatch to actually apply again. Sheesh. + Thanks to Joey Hess. (mh) Closes: #297607 + + -- Marc Haber Wed, 2 Mar 2005 07:38:52 +0000 + +exim4 (4.50-3) unstable; urgency=low + + * actually enable dlopen patch, show this in package descriptions. + Thanks to Andrej KOLESNIKOV. (mh) Closes: #297282 + * Have exim4-config conflict with -daemon (<<4.50), as we use + submission/sender_retain which is not supported by earlier daemons. + Thanks to Echo Nolan. (mh) Closes: #297501 + + -- Marc Haber Tue, 1 Mar 2005 06:45:26 +0000 + +exim4 (4.50-2) unstable; urgency=low + + * now use WITH_OLD_DEMIME as discussed on pkg-exim4-devel. (mh) + * postinst: add "This is a Debian specific file" to ue4.c.c. (mh) + * fix exim.8 manpage to point to exim4 instead of exim. + (mh) Closes: #296864 + * fix update-exim4.conf.8 man page to correctly document that + multiple smarthosts are supported and non-SMTP ports are not. Thanks + to Dan Jacobson. (mh) Closes: #283560 + * Add --output option to update-exim4.conf.template. Thanks to Marc + Sherman. (mh/am) Closes: #296597 + * Compile with cyrus_sasl authentication mechanism, add libsasl2-dev to + Build-Depends. Thanks to Sean Middleditch and Gergely Risko. (mh) + Closes: #296203, #292906. + * document that dc_localdelivery does not have a corresponding + Debconf option. + * Introduce ue4c_comments for /etc/exim4/update-exim4.conf.conf to + set default for keepcomments/removecomments from the config file. + Thanks to Greg Folkert. (mh) Closes: #295735 + * Use "control = submission/sender_retain" to fixup relayed messags instead + of only adding a Message-ID with a warn-statement. (am) Closes: #285235 + * Add force-stop to the init script. Thanks to Jari Aalto. (mh) + Closes: 271686 + * tighten local parts checks. Thanks to Jari Aalto. (mh) Closes: #273302 + + -- Marc Haber Sun, 27 Feb 2005 16:33:05 +0000 + +exim4 (4.50-1) experimental; urgency=low + + * new upstream version + * kill exiscan patch as it is now included upstream + * deliver configuration which will compile daemon-heavy with the + built-in exiscan + * convert package to svn on svn.debian.org with a debian/-only + layout. (mh) + * remove 37_kbsd-gnu patch on bug submitter's request (doesn't apply + cleanly). (mh) + * fix bad German translation of a debconf template. Thanks to Hanno + Wagner. (mh) Closes: #291671 + * allow option passing to updatex-exim4.conf from init script. + Thanks to Stephen Gran. (mh) Closes: #285973 + * change commented out example for reverse DNS RCPT check to catch + deferrals as well. Thanks to Marc Sherman. (mh) Closes: #291832 + * Update ko (Korean) debconf templates. Thanks to Seo Sanghyeon. + (mh) Closes: #292607 + * Update sq (Albanian) debconf templates. Thanks to Elian Myftiu. + (am) Closes: #284529 + * New gl (Galician) debconf templates. Thanks to Jacobo Tarrío. + (mh) Closes: #295562 + * use #!/bin/bash in reportbug script as a quick fix until #294954 + is fixed one way or the other in reportbug. + * Minor fix to de (German) debconf templates. Thanks to Dennis + Stampfer. (mh) Closes: #294815 + * add bad hack authenticator to support outlook express 4.xx. (mh) + * streamline server authenticator names. (mh) + * 60_convert4r4.dpatch: patch convert4r4 to prevent execution of the + script without people reading a prominent warning. (mh) + * re-work debian/control again, pointing people towards + pkg-exim4-users to make upstream a little bit less unhappy. + + -- Marc Haber Fri, 18 Feb 2005 15:31:12 +0000 + +exim4 (4.44-2) unstable; urgency=low + + * re-work debian/control to make lintian happy, make descriptions + more orthogonal. (mh) + * kill build-conflicts on libperl-dev (=5.8.4-1). (mh) + + -- Andreas Metzler Thu, 27 Jan 2005 13:45:45 +0100 + +exim4 (4.44-1) experimental; urgency=low + + * New upstream bugfix-only release (exiscan-acl 4.44-28). + - Fixes eximstats' generation of pie charts by volume. (Closes: #286074) + - Reset the locale to "C" after calling embedded Perl. (Closes: #283538) + - includes 66_cipherpreferences.dpatch, + 66_can2005-0021_can2005-0022.dpatch, 65_tidydb-spool.dpatch, + 62_statvfs.dpatch. + * Fix (commented) example for AUTH LOGIN with saslauthd (Thanks, Maik + Broemme). (Closes: #291205) + * tl (Tagalog) translation of debconf templates by eric pareja. + (Closes: #291184) + * Use db4.2. (Closes: #258311) + + -- Marc Haber Sun, 23 Jan 2005 15:42:20 +0000 + +exim4 (4.43-4) unstable; urgency=low + + * Change update-exim4.conf to again generate a valid return_path (instead + of defering any mail to remote systems) if dc_hide_mailname='true'. + (Closes: #290954) + * Fix typo in changelog and exim4-config's NEWS. + * Some changes (most notably changing the interfaces exim listens on) + require restarting exim instead of just sending HUP. Change documentation + and exim4-config.config accordingly. (Closes: #290945) + + -- Andreas Metzler Tue, 18 Jan 2005 12:57:58 +0100 + +exim4 (4.43-3) unstable; urgency=low + + * Now that 4.44 is released upload 4.43 to unstable. ;-) Merge experimental + and unstable changelog. + * More lintian overrides. ("X" in eximon4's description has to be capital, + and we take care to only use settitle if it is available. + * make nullmailer setup and the way we use mailname a lot more sensible, + attacking #244095 and #280207: + - mailname is not implicitely made a local domain, instead it is listed + explicitly in dc_other_hostnames, where users can easily remove it + from. (This is basically what postfix does, too.) When upgrading + existing installations mailname is automatically added _once_ to + dc_other_hostnames, on fresh installations mailname is the default + value of dc_other_hostnames. We store the fact that we have added + mailname to dc_other_hostnames in $dc_mailname_in_oh in + update-exim4.conf.conf. + - Make exim work correctly if dc_readhost ("visible, rewritten domain name + for local users") ends up as part of local_domain, which happens if + the same value is chosen for mailname and dc_readhost. This + implemented by new router, hub_user_smarthost. Previously users were + required to use something different (my.invalid.domain) for mailname. + - Special thanks to Christian Perrier for taking care of the + template translation updates. + * We did not substitute the current value into the debconf templates with + db_subst but showed the old ones from the previous debconf run. + * /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! + * Bosnian (bs.po) translation is complete (Thanks Adis Nezirovic). + * Includes de.po change suggested in #286525. + * One-line fix for incorrect fi.po translation by Kalle Olavi Niemitalo. + (Closes: #288930) + + -- Andreas Metzler Sat, 15 Jan 2005 19:38:16 +0100 + +exim4 (4.43-2) experimental; urgency=low + + * Resync against sarge/sid (4.34-10). + * Translation updates: + - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) + * cy (Welsh) translation of debconf templates by Dafydd Harries. + (am) (Closes: #282731) + * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) + (Closes: #284529) + * allow arbitrary Sender: and envelope headers in locally submitted + messages, no longer force them to be the local account name at the + local host name. (mh) + * delete /var/spool/exim4/gnutls-params in cron.daily. (mh) + (Closes: #224269) + * run debian/rules update-mtaconflicts. (mh) + * remove outdated info from README.SMTP-AUTH and clarify corresponding + comments in configuration file (Closes: #281249). (am) + * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450). (am) + * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205). (am) + * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). + * exim_tidydb did not work properly with split spool directory. (am) + * Make exim prefer stronger ciphers. (AES_256 AES_128 3DES ARCFOUR). + * Make the prefered local transport (maildir/mailspool) configurable in + update-exim4.conf.conf, attacking #250980. Document this, therefore + (Closes: #274597) (am) + * Move slightly more expensive tests in rcpt ACL further down. (This only + changes commented out example code.) (Closes: #267708) + * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) + * Version dpatch build-dependency to safeguard against reintroducing this + bug. + * In comment point out that using saslauthd for SMTP AUTH requires giving + exim privileges to use it. + * New patch 66_can2005-0021_can2005-0022.dpatch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html + fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 + (mh/am). + + -- Andreas Metzler Thu, 6 Jan 2005 12:33:27 +0100 + +exim4 (4.43-1) experimental; urgency=low + + * targeted for experimental since we need unstable to get new 4.34 + versions in sarge. unstable upload will happen as soon as t-p-u is in + working condition. + * New upstream version. (am) (Closes: #274246, #267994) + - no more unescaped hyphens in exim.8. (Closes: #262592) + - no more warnings in exipick.8 (Closes: #277817) + - New option tls_on_connect_ports. (Closes: #265818) + - better documentation about differences in configuring for GnuTLS or + OpenSSL. (Closes: #241725) + - verify = header_sender now respects callout options. (Closes: #260114) + - There is now an overall timeout for performing a callout verification. + (Closes: #261511) + - Less typos in filter.txt. (Closes: #230545) + - New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947) + * exiscan patch 4.43-28 (mh) + * Use statvsf() instead of statfs(), fixing complete breakage on + alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and + debugging this. (am) + * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to + prevent similar bugs. (am) + * Translation updates: + - tr (Turkish) by Recai Oktas (#281840) (am) + * add lintian and linda overrides to get rid of warnings and errors. (mh) + * delete debian/files from config-custom, make config-custom's + debian/rules delete debian/files on clean. (mh) + + -- Marc Haber Sun, 21 Nov 2004 19:26:11 +0000 + +exim4 (4.34-10) unstable; urgency=high + + * urgency high because this upload fixes two minor security issues. + * more documentation for dc_localdelivery in update-exim4.conf.8. + * Move slightly more expensive tests in rcpt ACL further down. (This only + changes commented out example code.) (Closes: #267708) + * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) + * Version dpatch build-dependency to safeguard against reintroducing this + bug. + * In comment point out that using saslauthd for SMTP AUTH requires giving + exim privileges to use it. + * New patch 66_can2005-0021_can2005-0022.dpatch from + http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html + fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 + (mh/am). + + -- Andreas Metzler Wed, 5 Jan 2005 10:39:03 +0100 + +exim4 (4.34-9) unstable; urgency=low + + * Translation updates: + - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) + * cy (Welsh) translation of debconf templates by Dafydd Harries. + (am) (Closes: #282731) + * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) + (Closes: #284529) + * new patch 64_pipeliningfixup pulled from 4.42. Exim was forgetting that it + had advertised PIPELINING for the second and subsequent messages on an + SMTP connection. Thanks to Christoph Barbian. (am) (Closes: #283230) + * allow arbitrary Sender: and envelope headers in locally submitted + messages, no longer force them to be the local account name at the + local host name. (mh) + * delete /var/spool/exim4/gnutls-params in cron.daily. (mh). + * remove outdated info from README.SMTP-AUTH and clarify corresponding + comments in configuration file (Closes: #283568) (am). + * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450) (am). + * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205) (am). + * run debian/rules update-mtaconflicts + * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). + * exim_tidydb did not work properly with split spool directory. (am) + * Make the prefered local transport (maildir/mailspool) configurable in + update-exim4.conf.conf, attacking #250980. Document this, therefore + (Closes: #274597) (am) + + -- Andreas Metzler Tue, 7 Dec 2004 12:40:49 +0100 + +exim4 (4.34-8) unstable; urgency=medium + + * The real-life-takes-its-toll-release. + * Use statvsf() instead of statfs(), fixing complete breakage on + alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and + debugging this. + * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to + prevent similar bugs. + * Translation updates: + - tr (Turkish) by Recai Oktas (Closes: #281840) + * new patch 63_nomorecrashongnutlserror pulled from 4.40: "If a server + dropped the connection unexpectedly when an Exim client was using GnuTLS + and trying to read a response, the client delivery process crashed while + trying to generate an error log message." (Closes: #280647) + + -- Andreas Metzler Sat, 20 Nov 2004 10:52:18 +0100 + +exim4 (4.34-7) unstable; urgency=low + + * Update README.Debian.UUCP (thanks, Andreas Barth) (Closes: #271179) + * The hack to fix the infinite debconf loop on woody (#246742) broke + dpkg-reconfigure. Add an additional [ "reconfigure" != "$1" ] condition to + the abort clause. (Closes: #271864) (am) + * apply patch fixing Italian debconf translation by Danilo + Piazzalunga. (mh) (Closes: #274398) + * ro (Romanian) translation of debconf templates by Eddy Petrisor. + (mh) (Closes: #275414) + * sl (Slovenian) translation of debconf templates by Jure Cuhalev. + (mh) (Closes: #275090) + * uk (Ukrainian) translation of debconf templates by Eugeniy + Meshcheryakov. (mh) (Closes: #273505) + * mk (Macedonian) translation of debconf templates by Georgi + Stanojevski. (mh) (Closes: #275772) + * fix encoding problem in hu.po. Thanks to Christian Perrier. (mh) + * Hebrew translation updated. Closes: #277682 (Lior Kaplan) + * Norwegian Nynorsk translation fixed (commas removed and replaced by + dashes). Closes: #278011 (Christian Perrier) + * Fix commas in Macedonian, Polish, Russian translations which broke the + Choices list the same way they were in Norwegian Nynorsk (Christian + Perrier) + * Fix error in README.SMTP-AUTH, thanks Jari Aalto. (Closes: #276448) (am) + * Make update-exim4.conf more forgiving, working with files that are missing + the final newline. (Closes: #273279) (am) + * Use procmail for delivery if /either/ etc/procmailrc or ~/.procmailrc + exist. (Closes: #267706) (am) + * Shorten overlong template in Catalan (Closes: #277686) (Jordi Mallach) and + Brazilian translation (Closes: #278016) (Andre Luis Lopes) + + -- Andreas Metzler Sun, 7 Nov 2004 19:56:01 +0100 + +exim4 (4.34-6) unstable; urgency=low + + * Uploaded to test changes before we break tpu. + * zh_TW translation of debconf templates by Tetralet. (Closes: #267524) + * bg (Bulgarian) translation of debconf templates by Ognyan Kulev + (Closes: #267603) + * updated translations: + - nl (Dutch) by Bart Cornelis. (Closes: #268168) + * remove osirusoft from dnsbl examples. Thanks to Greg Kochanski for + noticing. Add dnsbl disclaimer. (mh) (Closes: #269501) + * add an example for exim-adduser. (Thanks to Jonas Meurer for the initial + idea, the commited version is different, though.) (mh/am) (Closes: #267792) + * hr (Croatian) translation of debconf templates by Krunoslav Gernhard + (Closes: #270578) + * Do not remove the Debian-exim user in "exim4-config.postrm purge". + Package dependencies are only effective for packages in status installed, + but it is clearly not sane to remove the user until all exim4-packages + are purged. e.g. this can completely break logrotate (Closes: #270681). + + -- Andreas Metzler Sat, 11 Sep 2004 10:29:26 +0200 + +exim4 (4.34-5) unstable; urgency=low + + * The let's test the changes before we upload to tpu release. + * updated translations: + - eu (Basque) by Piarres Beobide Egaña. (Closes: #261912) + - ca (Catalan) by Jordi Mallach. (Closes: #264842) + * Fix broken permissions (not readable for group/other) in upstream tarball + in clean target (thanks to Steve Langasek for help with find). This fixes + "dpkg-buildpackage -rsudo && dpkg-buildpackage -rsudo". (Closes: #262607) + * Stop daemon in "exim4-base.postrm remove". - Under specific circumstances + apt seems to purge -base before removing the depending package (-daemon), + therefore the daemon would not be stopped. (Closes: #261994) + * Build against libgnutls11-dev. (Closes: #263665) + + -- Andreas Metzler Wed, 11 Aug 2004 09:17:35 +0200 + +exim4 (4.34-4) unstable; urgency=high + + * Urgency high because upgrades from woody were broken. + * Exim4 triggers a bug in woody's debconf. - With dialog frontend, invoked + by dpkg-preconfigure you are stuck in a loop, always being asked the same + two questions (split config, and basic configtype) again and again until + you give up and choose split_config=yes although being discouraged from + doing so. I am working around this by making the config-script abort if + debconf is old and we are running in preconfigure mode. (Thanks to Dan + Weber, Adrian Bunk and whoever else wasted brainpower on this.) + (Closes: #246742) (am). + * Arabic (ar.po) translation of debconf templates by the translation team + of Arabeyes.org (Abdulaziz Al-Arfaj). (Closes: #261014) + * Change maintainer address to a mailinglist, add myself to uploaders (am) + * Quote ${dc_mailname} in exim4-config.config. (am) + * Fix grammar error in the original English templates (found by Adam D. + Barratt ages ago). Duplicate fix in .po files.(am) + * Typo/thinko in exim4-config (two 35-clauses) prevented showing a + (unimportant) question for satellite config. Thanks to Fabio Massimo Di + Nitto for finding this. + + -- Andreas Metzler Tue, 27 Jul 2004 16:38:54 +0200 + +exim4 (4.34-3) unstable; urgency=low + + * updated translations: + - es (Spanish) by Javier Fernández-Sanguino Peña (Closes: #251987). Also + shorten overlong string. (Closes: #251316) + - tr (Turkish) by Recai Oktas, fixing overlong translations. + (Closes: #251932) + - de (German) corrected and scrutinized by Helge Kreutzmann. + (Closes: #254038) + - ru (Russian), too long templates shortened by Dmitry Beloglazov. + (Assuming I read Last-Translator correctly) (Closes: #259148) + * Hebrew (he.po) translation of debconf templates by Lior Kaplan. + (Closes: #254026, #257508) + * introduce .ifndef hacks to allow MESSAGE_SIZE_LIMIT, DCreadhost + and DCsmarthost to be changed by the local admin without having to + change dpkg-conffiles (mh). + * Use byname on the smarthost route list (mh). (Closes: #250367) + * Make build-dependency on libldap2-dev unversioned. This was just a paranoia + measure and the buildds are using this version anyway (am). + * escape some dashes in manpages (am). + * Replace the three test -a/-o with &&/|| constructs, and egrep with grep + -E (am). + * Use symbolic name instead of signal numbers for trap (am). + * Add explanation on missing SPF-support to README.Debian (am). + * remove MESSAGE_SIZE_LIMIT rule from DATA acl, use global + message_size_limit instead. Thanks to Matthias Gärtner for pointing + this out to me (mh). + * Increase MAX_NAMED_LIST to 32 for daemon-heavy (am). (Closes: #253959) + * add a reportbug-script to gather additional information. This way we do + not rely on possibly out of date information in debconf (am). + (Closes: #255645) + * Fix off-by-one error in queryprogram router (am). + * set "tls_tempfail_tryclear = false" on remote_smtp_smarthost transport + (am, Thanks to Dan Jacobson for the suggestion). (Closes: #253931) + + -- Andreas Metzler Mon, 19 Jul 2004 15:16:28 +0200 + +exim4 (4.34-2) unstable; urgency=medium + + * Urgency medium because CAN-2004-0400 isstill not fixed in testing and + because this version gets almost every single translation up to date. + * Norwegian nynorsk translation of debconf templates by HÃ¥vard Korsvoll. + (Closes: #248810) + * fix debug_print in remote_smtp_smarthost transport. (Closes: #248922) + * For minimal_dns update-exim4.conf(8) now tries to find out the primary + hostname itself and hardcodes this value in the generated configuration + file. (Closes: #241475,#248854) + * updated translations: + - ko (Korean) by Changwoo Ryu (Closes: #249026) + - it (Italian) by Danilo Piazzalunga + - lt (Lithuanian) by Gintautas Miliauskas (Closes: #249269) + - ru (Russian) by Nikolai Prokoschenko (Closes: #249298) + - es (Spanish) by Javier Fernández-Sanguino Peña + - nl (Dutch) by Bart Cornelis + - de (German) doublechecked and corrected by Dennis Stampfer + (Closes: #249925) + - fi (Finnish) by Tapio Lehtonen + - nb (Norwegian bokmÃ¥l) by Klaus Ade Johnstad (Closes: #250344) + * New bugfix by upstream: "drop" in the DATA acl did not send 550 but dropped + the connection immediately. + * add a debian/watch file. + * Catalan (ca.po) translation of debconf templates by Aleix Badia i Bosch. + (Closes: #250113) + * Polish (pl.po) translation of debconf templates by Tomasz Z. Napierala. + (Closes: #250908) + * Rudimentary (5/58) Bosnian debconf templates translation by Safir + Å ećerović (Closes: #251137) + * Document why exim tries to make an AAAA lookup at startup and how to stop + this in README.Debian. (Closes: #243822) + * Compile with -fno-strict-aliasing. Exim uses lots of casts that are not + allowed: "(char **)(&foo)" where foo is a pointer to unsigned char + (sourcecode: CSS(foo) with foo being a uchar), which results in lots of + "dereferencing type-punned pointer will break strict-aliasing rules". + Thanks to Andrew Suffield for the explanation. + * exim4-config uses features introduced in 4.33 - conflict with earlier + versions. (Closes: #249550) + + -- Andreas Metzler Mon, 31 May 2004 10:31:51 +0200 + +exim4 (4.34-1) unstable; urgency=low + + * remove cruft from source + * New upstream version 4.34, exiscan -21 + * includes fix for buffer overflow (CAN-2004-0400) fixed in previous + upload + * Again adds a received header before local_scan() is invoked. + * Adds a missing fclose() that was causing scan directories not + to be deleted on NFS spools. + * add debug_print statements on various routers (mh) + * add docs to smarthost router regarding secondary MX setup (see + #248370) (mh) + * don't ask any more for relay_to_domains if configuring for + smarthost and satellite setup. (Closes: #248370) (am) + * straighten out remote_smtp transport by adding remote_smtp_smarthost + and using that in the smarthost router. (mh) + * add hubbed_hosts router for more flexible routing. (mh) + * add update-exim4.conf.template and use it in debian/rules (Closes: + #248338). (mh) + * remove debian/patches/60_upstream_fixes as the fix is already + included upstream now. (mh) + * add README.Debian-accountname (mh) + * updated translations: + - zh_CN (Simplified Chinese) by Carlos Z.F. Liu (Closes: #248464). (mh) + * Temporarily add a Build-Conflicts with libperl-dev 5.8.4-1. - This version + included a dyna-loader incompatible with programs linked against 5.8.3.(am) + + -- Andreas Metzler Wed, 12 May 2004 22:30:19 +0200 + +exim4 (4.33-1) unstable; urgency=low + + * new upstream version 4.33, exiscan -20: + - includes the patches for rewriting and sighandler. + - new expansion conditions to e.g. match a domain in named domainlist. + * updated translations: + - fr (French) by Christian Perrier (Closes: #245342) + - el (Greek) by Konstantinos Margaritis. + * Document known configuration variables in update-exim4.conf(8). + * Make use of ${if match_domain to get rid of the ugly hack (two transports + and two routers) to rewrite the envelope from. + * Apply fix for verify=header_syntax buffer overflow (CAN-2004-0400). + + -- Andreas Metzler Thu, 6 May 2004 18:17:05 +0200 + +exim4 (4.32-2) unstable; urgency=low + + * updated translations: + - pt (Portuguese) by Nuno Sénica. (Closes: #244296,#245694) + - el (Greek) by Konstantinos Margaritis (Closes: #244354) + - cs (Czech) by Miroslav Kure (Closes: #244368) + - da (Danish) by Claus Hindsgaul (Closes: #244508) + - it (Italian) by Danilo Piazzalunga (Closes: #245174) + - fr (French) by eric-m(at)wanadoo.fr (Closes: #245342) and Christian + Perrier + - ja (Japanese) by Kenshi Muto (Closes: #245430) + - hu (Hungarian) by VEROK Istvan + - nb (Norwegian BokmÃ¥l) by Steinar H. Gunderson + - pt_BR (Brazilian Portuguese) by André Luís Lopes + - ja (Japanese) by Kenshi Muto + - cs (Czech) by Miroslav Kure + - sv (Swedish) by André Dahlqvist (Closes: #245716) + * Basque (eu.po) translation of debconf templates by Piarres Beobide Egaña. + (Closes: #244401) + * Indonesian (id.po) translation of debconf templates by I Gede Wijaya S. + (Closes: #245120), updated (Closes: #245491) + * Turkish (tr.po) translation of debconf templates by Recai Oktas. + (Closes: #245751) + * Slovak translation of debconf templates by Peter Mann (Closes: #245809) + * Add comment in configuration file documenting that effective retry times + depend on _both_ retry-rules and frequency of queue running. Keep + default QUEUEINTERVAL at 30m because running the queue can be quite + expensive and because therespective RFCs suggest 30m as minimal waiting + time. (Closes: #242426) + * Installation over serial console/minicom only has a screen size of 80 + characters x 24 lines available. Sigh. Shorten config-type question by + cutting down the introduction. (Closes: #244464). Shorten relay-net + question by replacing a unnecessarily complicated formulation with a + clearer one which closes: #226809. + * Debconf supports masquerading as a different host with rewriting not only + for "satellite" but also for "smarthost" system. (Closes: #229911). + - Introduces another but hopefully last pre-sarge template change. + (This includes final versions of the templates without the dead + references to "satellite" which closes: #229902.) + - Rewrite /this/ stuff at smtp transport time. /etc/email-addresses + rewriting still uses normal rewriting because it always has and because + it is easier to setup. + - This still does not address one basic issue, the misuse of /etc/mailname + for qualifying recipeints because this needs clarification in policy + _and_ changing MUAs to not do this. Therefore I declare this post-sarge. + - Thanks to Chris Cheney for the kick, and to Adam Conrad and Wouter + Verhelst for their help. + * Add two fixes from upstream: + - Change 4.31/55 was buggy and broke sender address rewriting and caching. + - Change 4.24/6 broke the SIGALRM handler with deliver_drop_privilege. + * README.TLS.gz and the actual configuration disagreed (Thanks, Richard + Lamont). + * Fix thinko in update-exim4defaults that made --queuetime a no-op. + + -- Andreas Metzler Mon, 26 Apr 2004 09:12:23 +0200 + +exim4 (4.32-1) unstable; urgency=low + + * New upstream version 4.32 (exiscan 4.32-17) + - includes the fix for the caching bug and uses MAIL FROM <> as default + value for recipient callouts again. + - new exiscan adds a local "Received:" header to the copy passed to + spamassassin tofix evaluation of DNS lists, compensating for + ChangeLog 4.31/66. (Closes: #242730) + * Remove obsolete reference to auth_over_tls_hosts from documentation. + (Thanks Jonas Meurer) + * Enable SMTP authentication (hosts_try_auth) per default when sending + mail to smarthost. No need to edit the configuration-file anymore if you + just need to forward all mail to a smarthost with AUTH. (Closes: #203307) + * Hungarian translation of debconf templates by VEROK Istvan. + (Closes: #242931) + * remove "exim 3 will stay default MTA for Debian sarge" from + README.Debian as TPTB have decided otherwise. (Closes: #243687). + * Rewrite "Sender:"-header for "satellite" configuration profile, too. + (Closes: #228978) + * Use the normal user account set-up during installation as default + destination for delivery of mail for root. (Joey Hess) + * Shorten exim4/dc_postmaster template to fit on console. (Joey Hess) + (Closes: #242303) + * In template suggest using real-foo to force local delivery. + (Closes: #229909) + * Template changes reviewed by debian-l10n-english. There might still be + more changes, translators should probably wait a little bit longer before + updating the translation. + * On fresh installations smarthost profile only listens on loopback per + default. - There are valid uses of "smarthost" that require listening on + public interfaces but the most common one (dialup) does not. + * Ship README.Debian.UUCP by Andreas Barth in /usr/share/doc/exim4-base. - + This resolves our part of #201153. + + -- Andreas Metzler Sat, 17 Apr 2004 18:02:42 +0200 + +exim4 (4.31-2) unstable; urgency=low + + * Fix caching bug in recipient callouts. (Nico Erfurth). + * Document removal of local_scan perl-plugin in NEWS.Debian file. + (Closes: #242227) + + -- Andreas Metzler Mon, 5 Apr 2004 15:55:12 +0200 + +exim4 (4.31-1) unstable; urgency=low + + * New upstream version 4.31 (exiscan 4.31-16) + - Supports CRL (Certificate Revocation List) (Closes: #229063) + - exim_dbmbuild does not crash on _very_ long RHS values. + (Closes: #231597) - - route_list does not use a fixed lenght buffer anymore. (Closes: #231979) ++ - route_list does not use a fixed length buffer anymore. (Closes: #231979) + - An empty tls_verify_certificates file is correctly interpreted as empty + list instead of breaking TLS. (Closes: #236478) + * Korean translation of debconf templates by Changwoo Ryu (Closes: #241499) + * Minor changes to rcpt_acl: + * add missing message = qualifiers. (Closes: #240862) + * resync against upstream default, incorporating change 4.23/30, allowing + "/" and "|" in nonlocal addresses. + + -- Andreas Metzler Mon, 5 Apr 2004 12:00:54 +0200 + +exim4 (4.30-8) unstable; urgency=low + + * remove dc_never_users from /etc/exim4/u-ex.conf.conf and the corresponding + pattern DEBCONFnever_usersDEBCONF from the template. The code is + superfluous since 4.24 introduced FIXED_NEVER_USERS and was broken, user + changes were not preserved. (am) + * Link against libmysqlclient10 instead of libmysqlclient12 to circumvent + symbol-clashes when using PAM with libpam-mysql. (Closes: #235938) (am) + * Dump temporary build-conflict with broken po-debconf. (am) + * Copy ugly passwd-dependency from -base to -config. (am) + * Do not throw away adduser's errormessages. Together with the added + dependency noted above this (Closes: #237657). (am) + * Installed copy of default configuration-file (example.conf) refered to the + temporary install-directory. Ugly hotfix. (Closes: #236483) + * Italian translation of debconf templates by Danilo Piazzalunga. + (Closes: #237500) + * Rewrite generation of /etc/aliases because it was broken when running + under debbian-installer/debootstrap, which installs the packages with + DEBIAN_FRONTEND=nointeractive and reconfigures them later (report by + Florian Effenberger). (am) + Instead of generating it _once_ and touching it never again ask for and + add alias for root if it is missing. Debconf template + exim4/dc_noalias_regenerate is not used any more. (Closes: #237524) + * Norwegian BokmÃ¥l translation of debconf templates by Steinar H. Gunderson. + (Closes: #237680) + * Dump local_scan perl-plugin. Upstream development has stopped. (am) + * Maintainer scripts now run with -x if environment variable EX4DEBUG + is set (mh). + * Minor clarifications of debian/README (mh). + * rm -rf Local on debian/rules clean (mh). + * Swedish translation of debconf templates by André Dahlqvist. + (Closes: #238987) + * Portuguese (pt) translation of debconf templates by Nuno Sénica. + (Closes: #239030) + * Lithuanian translation of debconf templates by Kęstutis BiliÅ«nas. + (Closes: #239118) + * Add examples for client certificate-checking by J.H.M. Dassen (Ray) + (Closes: #236609) + * Adapt README.* to /etc/exim4/exim4.conf.template (am) + * Update to exiscan v16 + + -- Andreas Metzler Wed, 24 Mar 2004 15:39:35 +0100 + +exim4 (4.30-7) unstable; urgency=low + + * 4.30-6 was rejected, we use | and || for OR in dependency fields. + * libldap2 now uses GnuTLS10. Follow suit. (Temporarily bumped libldap2-dev + build-dependencies for paranoia's sake.) + + -- Andreas Metzler Mon, 23 Feb 2004 17:03:58 +0100 + +exim4 (4.30-6) unstable; urgency=low + + * Finnish translation of debconf templates by Tapio Lehtonen. + (Closes: #229792) + * Simplified Chinese translation of debconf templates by Carlos Z.F. Liu. + (Closes: #229910) + * Spanish translation of debconf templates by Javi Castelo. (Closes: #232207) + * To increase robustness set explicit "domains = +local_domains" on all the + routers that are supposed to be handling _only_ local mail (i.e. anything + after dnslookup or smarthost) instead of relying on the no_more. + + If the router handling remote addresses was modified by adding a + precondition the address would have wrongly been handled by the later + routers if the precondition failed, breaking at least "verify = sender". + (Closes: #230403) (am) + * In the data ACL add a Message-ID header to mails injected with SMTP from + +relay_from_hosts. (Exim stopped doing this by default in 4.30.) (mh) + * binary-all metapackage exim4 does not depend anymore on exim4-base with + exactly the same version. There is no necessity for dependencies that + strict and it broke both binary NMUs and installability on lagging + architectures. (Closes: #231678) (am) + * Give way to the "I use sid but keep it outdated by not running apt-get + upgrade ever."-fraction. exim4-base now depends on working versions of + passwd i.e. the version in woody or the one that has been in sid + for more than 6 months. (Closes: #230423,#230836,#231111) (am) + * in source-package symlink identical maintainerscripts. (am/mh) + * Ship README.Debian.xinetd, explaning why we do not use (x)inetd and how to + use xinetd properly if you insist. (Closes: #226627) + * Update Build-Depencies to fit the XFree86 4.3 packages. + * Make new lintian happy by quoting section and needs in eximon's + menu-file. + + -- Andreas Metzler Mon, 23 Feb 2004 15:48:56 +0100 + +exim4 (4.30-5) unstable; urgency=low + + * Only use db_settitle if available (Closes: #226992) (am) + * Up to date debconf translations for all nine supported languages, thanks + to the translators: Miroslav Kure (Czech), Claus Hindsgaul (Danish), + Konstantinos Margaritis (Greek), Christian Perrier (French), + Kenshi Muto (Japanese), Bart Cornelis (Dutch), André Luís Lopes + (Brazilian Portuguese) and Ilgiz Kalmetev (Russian) (am) + * After merging translations split the configtype-template, using the + __Choices trick. I don't think I made any errors because podebconf's + output has not changed. (am) + * Don't use /etc/mailname (DEBCONFvisiblenameDEBCONF) as primary_hostname + for minimaldns option. (Closes: #225477) + * (Re)introduce /etc/exim4/exim4.conf.template as alternative to the + multiple small files in /etc/exim4/conf.d/ and make it the default choice + for fresh installations. This trades in a loss of comfort (you will again + need to merge in each small change manually) for increased stability. + (Closes: #224828) (am) + * Disable piping to programs in /etc/aliases per default, because they would + run as Debian-exim:Debian-exim per default. Add README.system_aliases + suggesting dedicated router/transport pairs (am/mh) (Closes: #228062) + * modify create-custom-package and adapt debian/rules to allow + building multiple named custom packages in a single build. (mh) + * "dpkg-reconfigure exim4-config" actually tells exim4 to read the updated + configuration. (am) + * Use -qqf instead of -qf in the ip-up.d file to force delivery of all + messages over a single SMTP connection. (Closes: #228001) + + -- Andreas Metzler Wed, 21 Jan 2004 15:09:00 +0100 + +exim4 (4.30-4) unstable; urgency=low + + * Updated Japanese debconf template translation by Kenshi Muto + (Closes: #224584) + * Remove bashism from update-exim4.conf (Closes: #224617) (Jochen Voss) + * Czech translation of debconf templates by Miroslav Kure (Closes: #225713) + * Fix typos in README.Debian. (Closes: #225149) (Vincent Lefevre) + * Replace first, too long debconf question with three short ones (Joey + Hess) (Closes: #222720) + * Use a custom debconf title. (Closes: #222715) + * Greek translation of debconf templates by Konstantinos Margaritis + (Closes: #226844) + + -- Andreas Metzler Fri, 9 Jan 2004 09:12:07 +0100 + +exim4 (4.30-3) unstable; urgency=low + + * update debian/copyright from NOTICE. (No substantial changes, credits + for new code) (am) + * missing \| made exim4-base.postinst configure hang. (Closes: #224294) (am) + * update-exim4.conf: Don't try chown if not running as root. (mh) + * Remove useless definition of an auth_over_tls_hosts hostlist in + 03_exim4-config_tlsoptions. - It was probably a leftover from somebody + running convert4r4. (am) + * Make it possible to override spooldir in another config-file snippet, too. + (Closes: #223973) + + -- Andreas Metzler Fri, 19 Dec 2003 15:27:50 +0100 + +exim4 (4.30-2) unstable; urgency=low + + * Fix exim4-base.logrotate to create logfiles accessible for the new + exim-user. (Closes: #223860,#223862) + * comment in 03_exim4-config_tlsoptions refered to the user "mail" too. + + -- Andreas Metzler Sat, 13 Dec 2003 15:01:20 +0100 + +exim4 (4.30-1) unstable; urgency=low + + * Exim now runs under its own uid (Debian-exim) instead of using + mail:mail. (am) + + WARNING: You cannot downgrade this version to an older one without + manual chown|chgrp all files owned by Debian-exim to mail. + + - control: dependency on adduser and virtual package exim4-config-2 to + force review of external -config packages. + - use a statoverride for passwd.client. + - different postinst scripts: + * adduser. + * chown|chgrp files/directories owned by mail (group|user) to + Debian-exim. + * update-exim4.conf does not exit immidiately if /etc/exim4/exim4.conf + exists AND -o is specified. (Bill Moseley) + * Brazilian Portuguese debconf template translation by André Luís Lopes + (Closes: #219781) + * Dutch debconf template translation by Bart Cornelis (cobaco) + (Closes: #220694) + * Pull Dansk debconf template translation from ddtp. + * Use a macro to make it possible to overide the value of spool_directory + with -DSPOOLDIR=. Needed for mailscanner, (Closes: #221468), suggested by + Matthias Klose. + * enable support for Cyrus saslauthd (package sasl2-bin, + /var/run/saslauthd/mux) for SMTP AUTH against /etc/shadow. (am) + * Christian Perrier has reviewed the debconf-templates and changed them to + follow the "Debconf Templates Style Guide". (Closes: #221838) Thanks to + the (ru|nl|fr|pt_BR) translators for updating their translations. + * New upstream version 4.30 with exiscan 4.30-14 (am) + - option table for -d in exim(8) readable (but not perfect). + (Closes: #214853) + - Messages for configuration errors now include the name of the main + configuration files (Closes: #202136) + - does not reject IPv6 address literals in EHLO/HELO anymore + (Closes: #222521) + * exim4-config.config: support going back to previous *package* when invoked + by base-config 2.0. (Closes: #222773). Suggested by Joey Hess. (am) + * exim4-config now conflicts with non-exim4 packages providing MTA, to keep + dselect from automatically installing it (and -base) on dist-upgrades on + systems that use a different MTA. (mh) + * exim4-base depends on netbase again because exim requires + /etc/services.(mh) + * reindent init-script with two spaces instead of tabs to fit it in 80 + chars/line. (Closes: #221458) + + -- Andreas Metzler Mon, 8 Dec 2003 16:52:32 +0100 + +exim4 (4.24-3) unstable; urgency=low + + * rename create-custom-package to create-custom-config-package (mh) + * add create-custom-package to create renamed exim4-daemon-custom (mh) + * README.TLS: Don't suggest to use commands messing up the local terminal + (Sander Smeenk) + * Pull Dansk debconf translation from ddtp (not yet up to date) + * correct last references to uncompressed /u/s/d/e/README.Debian + (Closes: #216639), also kill references to exim-tls. (Closes: #216979) + (Kevin "Starfox" Arima). (am) + * add exim4-config-medium template package to sources, document (mh) + * Update to exiscan 4.24-13 (bugfix-release). + * Ask about mailname after configtype. (Closes: #217931) (am) + * minor thinko in debconf "local mail only"-config. (am) + * update-exim4.conf: now add comment indicating the source file + (Closes: #202040) (mh) + * add --confdir option to update-exim4.conf (mh) + * add "nodaemon" and "queueonly" option to /etc/default/exim4 and + init script (mh). + * Fix po2debconf on woody systems with old debhelper and po2debconf. (am) + * exim4-config does not depend on exim4-base. (am) + * Use "command -v" to check for existence of invoke-rc.d instead of + hardcoding its path. (am) + * Russian debconf translation by Ilgiz Kalmetev (Closes: #219101) + + -- Andreas Metzler Tue, 4 Nov 2003 12:18:38 +0100 + +exim4 (4.24-2) unstable; urgency=low + + * Grammar of debconf-templates rectified by Ben Foley. + * Handholded by Denis Barbier I have imported debconf translations from + postfix: fr.po (Philippe Batailler), ja.po (Kenshi Muto), nl.po (Bart + Cornelis) and pt_BR.po (André Luís Lopes). It is just 5 translated + messages, 4 fuzzy translations, but it's a start. + * No more first person in debconf-templates (Adam D. Barratt) + * README.TLS was updated. + * pseudopackage libxaw-dev is gone in sid (and libxaw7-dev is already + available in woody) - Removed from build-depends. + * French debconf translation by Christian Perrier (Thanks for the other + hints, too.) + * Build-Conflict with broken po-debconf (= 0.8.0). (Closes: #215432) + * Add menu-entry for eximon (Artur R. Czechowski) (Closes: #215579). + * Resolve name-clash between client- and server-side authenticators (Bug + found by Rob Ristroph) + + -- Andreas Metzler Wed, 15 Oct 2003 12:45:49 +0200 + +exim4 (4.24-1) unstable; urgency=low + + * New upstream version + - 55_fixesfrom-4.23.dpatch is not needed anymore. + - most interesting new feature: $acl_xx are now saved with the + message, and can be accessed later in routers, transports, and filters. + - Cannot run deliveries as root anymore. If you don't redirect mail for + root via /etc/aliases or other means to a nonpriviledged account the + mail will be delivered to /var/mail/mail with permissions 0600 and owner + mail:mail. Change to local_user router to keep it from trying to route + mail for root. + * debconf for exim4-config pointed to /u/s/d/e/README.Debian but the + file is available as README.Debian.gz (Closes: #211934) + * exim(8) manpage provides correct NAME section for mailq/runq/... to + generate corresponding whatis/apropos info (Thanks to Dan Jacobson + for mentioning lexgrog(1)) + * polish and crosslink documentation about SMTP AUTH in config-files, + documentation and debconf templates. (Closes: #202920) + * Ship README.SIEVE (Thanks to Ross Boylan) + * Sync some debconf templates against the respective ones in postfix + 2.0.16, to limit the work of translators. + * update-exim4defaults/init-script: Add a new value fuer QUEUERUNNER, + "ppp". - Don't run queue by daemon but still run it from + /etc/ppp/ip-up.d/exim4. (Dan Jacobson pointed out that this was very + akward to accomplish with old setup.) update-exim4defaults now exits with + an error if the argument for --queuerunner is invalid. + * Enable gettext-style localisation of debconf templates with + compatibility code for woody + * Add German debconf-translation. (Some strings were copied from Martin A. + Godischs translation of postfix's templates). + + -- Andreas Metzler Sun, 5 Oct 2003 13:41:30 +0200 + +exim4 (4.22-5) unstable; urgency=low + + * Sorry, this is not 4.23. Tom is on holidays and because 4.23 changes + some ACL code, exiscan needs in depth checking and not just applying the + patch by hand. + * exim4-config conflicts with bash (<< 2.05), because it cannot handle + aliases in functions. This does not necessarily fix dist-upgrades + from potato to sarge because debconf-config might happen before the + new bash is installed but will keep people running potato from + trying to install exim4-config. (Closes: #209720) + * sanitize /usr/sbin/exim4's permissions, building with 007 umask + could have installed it -rws--x--x + * evaluation -oP option for specifying pid-file is broken in 4.22, use fix + from 4.23 (Closes: #210847) + * "warn log_message blah" in DATA acl triggered dumping of full headers + to reject.log, although the message was not rejected by this acl + statement. Take fix from 4.23. (Closes: #208782) + * On cross-upgrades from exim3 unfold lines continued with a backslash + in the old exim3 configuration before trying to parse it to preanswer the + debconf-questions. (Closes: #210404) First instance of using perl in our + maintainer-scripts, but I could not do it with sed. + + -- Andreas Metzler Fri, 19 Sep 2003 13:55:07 +0200 + +exim4 (4.22-4) unstable; urgency=low + + * Update to exiscan-acl revision -12. (Emergency fix: When you were using + 'discard', and it was the last verb affecting a message, the mbox spool + files in the scan directory were not cleaned up.) + * Add syslog2eximlog by Martin Godisch, a script to make logfiles produced + with exim option "log_file_path = syslog" readable for eximstats. + (Closes: #208524) + * Enhance description of -heavy and light a little bit. (Closes: #208404) + * Standards-Version: 3.6.1, no changes required, we already prompt with + debconf. + + -- Andreas Metzler Thu, 4 Sep 2003 19:19:25 +0200 + +exim4 (4.22-3) unstable; urgency=low + + * Add copright notice of exiscan-acl to debian/copyright. + + -- Andreas Metzler Wed, 27 Aug 2003 17:49:46 +0200 + +exim4 (4.22-2) unstable; urgency=low + + * Include exiscan-acl patch 4.22-10 http://duncanthrax.net/exiscan-acl/ + in -heavy and -custom (Closes: #204698) + * clean up gnutls-params on purge of base-package. + + -- Andreas Metzler Wed, 27 Aug 2003 12:50:59 +0200 + +exim4 (4.22-1) unstable; urgency=low + + * new upstream version 4.22. Please take a look at README.UPDATING + and NewStuff in /usr/share/doc/exim4-base/ + + -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200 + +exim4 (4.20-5) unstable; urgency=low + + * Fix EHLO/HELO buffer-overflow CAN-2003-0698 (Closes: #205716) + * exim-gencert was using '.' as separator for chown. + * "head -n 1" instead of "head -1" in scripts + * install /etc/exim4/passwd.client as root:mail 0640 (Closes: #205104) + (it needs to be readable for the exim-user or -group, i.e. mail:mail) + * set mode_fail_narrower = false for mail_spool and maildir_home transports + (Closes: #204228) + * Standards-Version: 3.6.0, no changes required. + + -- Andreas Metzler Sat, 16 Aug 2003 17:40:17 +0200 + +exim4 (4.20-4) unstable; urgency=low + + * CFILEMODE and dc_local_interfaces were not saved in update-exim4.conf.conf + on fresh installations. + * update-exim4.conf: Remove comments _after_ doing DEBCONFpatternDEBCONF + replacement. + * conf.d/auth/30_exim4-config_examples: Fix forced failure of AUTH LOGIN + client on non-encrypted connections. + + -- Andreas Metzler Tue, 5 Aug 2003 10:38:16 +0200 + +exim4 (4.20-3) unstable; urgency=low + + * hub_user router: set correct .ifdef, remove superficial condition= + * don't generate main/03_exim4-config_neverusers dynamically, use + a DEBCONF_foo pattern that is replaced by up-ex4.conf. exim4 should + now play nicely with readonly /etc. + * Enable exim-filter in .forward per default. (Closes: #201827) + * Enable maildrop-delivery for users with ~/.mailfilter + * Easier setup of client side SMTP authentification: + -short README file. + -passwd.client example shipped in CONFDIR + -30_exim4-config_examples: + +change order, prefer cram-md5. + +enable by default (auth-plain and -login only for TLS protected + connections). They remain inactive while hosts_try_auth is + disabled. + * add comments listing the filename to the files in conf.d that were + changed anyway. Addresses part of 202040. + * remove misleading comments about "bottom of file" or "see below" + from config-snippets. (Closes: #202165) + * Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 and + #182206 in exim4-config's postinst. I'll close #201143 manually. + * Restructure and clarify README.Debian and polish update-exim4.conf(8). + Thanks to Ross Boylan for pushing me in the correct direction. + + -- Andreas Metzler Thu, 24 Jul 2003 10:29:19 +0200 + +exim4 (4.20-2) unstable; urgency=low + + * update-exim4.conf works without daemon-package (Closes:#195329) + * Add dnslookup_relay_to_domains router for "internet" config to + allow relaying for domains with an MX pointing to an rfc1918 + address. (Closes: #198410) (MH) + * update-exim4.conf would hang if one of the subdirectories in conf.d + was empty. (Report and fix by Marc Merlin) + * Build-Depend on libgnutls7 + * Preserve comments in update-exim4.conf.conf by first adding missing + items and replacing the values with sed instead of regenerating file + from scratch (Closes: #184099) + * Set return_path_add, delivery_date_add and envelope_to_add for + maildir-transport (Closes: #196178) + * Use email-addresses file in /etc/ instead of in /etc/exim4 as exim3 does, + exim4-config now needs to conflict with exim,exim-tls. We still include + code for evaluating the old file if it exist, but suggest moving the + contents to the new file in NEWS.Debian. postinst will remove old orphaned + file if it is unmodified. (Closes: #197136) + * Set return_fail_output instead of return_output on address_pipe transport. + (Closes: #201280) + * Stop generating rewriting rules dynamically, exim4 accepts any + "address-list" item as source-pattern for rewriting. (Changelog entry + obfuscated on purpose, read exim4debian for painful details.). Remove old + dynamically generated files in postinst if they were managed by upex4conf. + * daemon-light supports TLS (Closes: #193596) + + -- Andreas Metzler Wed, 16 Jul 2003 13:36:27 +0200 + +exim4 (4.20-1) unstable; urgency=low + + * New upstream + * Standards-version 3.5.10 (no changes required) + * The doc packages have got new sane names - update Suggests. + * Fix a endless loop (currently ownly showing when upgrading from old + experimental packages) - Thanks to Marc Langer for the report. + * introduce ${Upstream-Version} as substitution variable for + debian/control (MH) + * Make dependencies less strict, *-daemon-* 12.34-1 can be installed with + -base 12.34-5. + + -- Andreas Metzler Mon, 19 May 2003 14:14:16 +0200 + +exim4 (4.14-1) unstable; urgency=low + + * Upload to sid (Closes: #179066) + * Ship an (empty) acl_check_data with commented out examples. Add + Infrastructure to ease their activation. (MH) + + -- Andreas Metzler Fri, 16 May 2003 18:02:46 +0200 + +exim4 (4.14-0.6) experimental; urgency=low + + * Don't link to gnutls' (tasn,gcrypt) dependencies directly + (Closes: #193018) + * fix AUTH PLAIN server side example to work if the data is not given + in initial-response (exim-bug 193094) + * ACL-updates (MH) + + -- Andreas Metzler Wed, 14 May 2003 12:16:06 +0200 + +exim4 (4.14-0.5) experimental; urgency=low + + * updated version of dlopen patch (Marc Merlin) + * don't regenerate files managed by update-exim4.conf on package + updates if the local admin had deleted them. + * replace the listenonpublic yes/no question with one that allows one to + specify on which interfaces to listen to (Closes: #190498) + * new dc-question for dial-on-demand-users to minimize DNS lookups + + -- Andreas Metzler Thu, 1 May 2003 16:03:59 +0200 + +exim4 (4.14-0.4) experimental; urgency=low + + * Renamed conf.d files from *exim4-base* to *exim4-config* since + they can now be found in the exim4-config package. + WARNING, this breaks updates. After installation, execute + something like the following bash snipped to rename your files: + for i in `find . -name *exim4-base*`; do mv $i ${i/exim4-base/exim4-config}; done + (MH) + * Include more sophisticated check_rcpt ACL, include documentation, + include even more sophisticate check_rcpt ACL in + /u/s/d/e4-config/examples/acl. (MH) + * update-exim4.conf now filters out consecutive empty lines (MH) + * make update-exim4.conf's behaviour for configtype=none more consistent, + respect CFILEMODE and --removecomments. (Thanks to Marc Merlin) + * add warning about editing /etc/exim4/exim4.conf in place (Marc Merlin) + * use .rul instead of .disabled to override/disable configfiles in + /etc/exim4/conf.d/ (Suggested by Marc Merlin) + * fix smtp auth client-side examples (Closes: #188828), thanks to Karl + M. Hegbloom for the bug report (AM) + * add @DPATCH@-tag to patches, as required by dpath-edit-patch in + dpatch 1.17 (AM) + + -- Andreas Metzler Fri, 25 Apr 2003 12:37:50 +0200 + +exim4 (4.14-0.3) experimental; urgency=low + + * add '|| true' to every call of db_input. (Thanks to Pierfrancesco Caci for + the bugreport.) (Closes: #187008) + * Don't set received_header_text in 02_exim4-base_options, use upstream's + default. + * renumber routers to have more space for local customization. + WARNING WARNING upgrade is broken, execute this in + /etc/exim4/conf.d/router to get rid of the superfluous files: + mv 20_exim4-base_domain_literal 100_exim4-base_domain_literal + mv 22_exim4-base_primary 200_exim4-base_primary + mv 24_exim4-base_real_local 300_exim4-base_real_local + mv 26_exim4-base_system_aliases 400_exim4-base_system_aliases + mv 28_exim4-base_hubuser 500_exim4-base_hubuser + mv 30_exim4-base_userforward 600_exim4-base_userforward + mv 32_exim4-base_procmail 700_exim4-base_procmail + mv 34_exim4-base_maildrop 800_exim4-base_maildrop + mv 36_exim4-base_local_user 900_exim4-base_local_user + * add *syntax_errors* directives to userforward router, to use partially + valid .forward files instead of skipping them. (Marc Haber) + * update mysql build-depends + + -- Andreas Metzler Wed, 9 Apr 2003 16:19:46 +0200 + +exim4 (4.14-0.2) experimental; urgency=low + + * upstream fix for crash with AUTH PLAIN + * upgrade to policy 3.5.9.0 (CFLAGS in debian/rules) + * Add (maildir) transport for handling file addresses generated by + alias or .forward files if the path ends in "/", enabled for .forward per + default, but not for /etc/aliases. Thanks to Andreas Horter. + * add debconf question to move files from exim3 spool to exim4 spool + * run exim_tidydb as mail:mail using start-stop-daemon + * Make manpages UTF-8 compatible with nicer quotes and escaped dashes. + * fakeroot debian/rules builddaemonpackages=exim4-daemon-custom \ + buildbasepackages=no binary produced a broken exim4-config package. + (Bug found by Soren Andersen) + * introduce new replacement item DEBCONFpackageversionDEBCONF holding + the complete version number, might be useful for Received headers (Marc + Haber) + + -- Andreas Metzler Thu, 27 Mar 2003 17:04:02 +0100 + +exim4 (4.14-0.1) experimental; urgency=low + + * New upstream version + * 20_fix.lsearch.dpatch not needed anymore + * use new feature .ifdef instead of simulating it with condition=... + * change priority of exim4-daemon-light to important + + -- Andreas Metzler Thu, 13 Mar 2003 15:03:41 +0100 + +exim4 (4.12-0.2) experimental; urgency=low + + * instead of generating 22_exim4-base_primary by copying the correct + file into it, use condition=... to select the correct one. Similar + change to 28_exim4-base_hubuser + + -- Andreas Metzler Thu, 6 Mar 2003 11:55:55 +0100 + +exim4 (4.12-0.1) experimental; urgency=low + + * minimal doc-updates + * init-script: output status-message before starting upex4conf() + * polish smtp-auth examples - don't hardcode passwords in main + configuration file. + * change default file-permissions of configfile to 0644. This can be changed + by setting CFILEMODE in the default file. + * rename debian/patches/*, giving each one an unambiguous number + * ignore private rfc1918 and APIPA addresses in internet router (MH) + * correct info about authorship of dlopen patch + * don't link exim4-daemon-light against PAM (explicitly link it against libdl) + * same_domain_copy_routing = yes for primrout-internet, primrout-satellite + and primrout-smarthost (MH) + * rename debconf.results to update-exim4.conf.conf, add upgrading-magic for + upgrading from 4.12-0 and earlier (marked as REMOVEMEBEFORERELEASE) + * introduce REMOVEMEBEFORERELEASE-tag, grep -r on debian/ will show us all + the cruft that needs to be removed before uploading to unstable. + + -- Andreas Metzler Wed, 5 Mar 2003 19:03:59 +0100 + +exim4 (4.12-0) experimental; urgency=low + + * removed TODO marker from the copyright file + * version number for first Debian upload + * built i386 binary package on sid + + -- Marc Haber Fri, 21 Feb 2003 14:40:42 +0100 + +exim4 (4.12-0.0.21) experimental; urgency=low + + * update copyright + * exim-gencert: generate certificates valid for three years instead 30 + days + * remove debian/debconf/exim4.conf.template + * enable LMTP, LOOKUP_NIS and mailstore for daemon-light + + -- Andreas Metzler Fri, 21 Feb 2003 12:55:40 +0100 + +exim4 (4.12-0.0.20) experimental; urgency=low + + * ship /usr/lib/exim4/exim4 and use it to check whether daemon package + is installed. + * Exim doesn't require a HUP after logrotation. (See spec 44.2) (MH) + + -- Andreas Metzler Thu, 20 Feb 2003 19:23:45 +0100 + +exim4 (4.12-0.0.19) experimental; urgency=low + + * Ship upstream-changelog only in exim4-base, Symlinks in packages depending + on it. Split off changelog entries up to 3.34-1 to changelog.Debian.old + which is only included in exim4-base. - Spares about 100KB. + * Ship ACKNOWLEDGMENTS in exim4-base docs. + * remove debian/exim4-config.docs, files are already shipped in exim4- + base + * disable some the unneeded dh_* commands from binary-indep target. + * make exim4 a metapackage + + -- Andreas Metzler Thu, 20 Feb 2003 12:41:17 +0100 + +exim4 (4.12-0.0.18) experimental; urgency=low + + * split off all configuration to exim4-config + * include exim4-config-simple source package + * include script to generate exim4-config source package + * changed distribution to experimental + * Add patch by Phil Hazel to fix lsearch*@ lookups. (AM) + * Remove exim4-daemon-perl; merge it into exim4-daemon-heavy (AM) + * Prepare removal of "exim4" daemon-flavour: Exchange the roles of + "exim4" and "exim4-daemon-light" in debian/rules: build helper + binaries, eximon, et.al. while building exim4-daemon-light. Rename + EDITME.exim4-base.diff to EDITME.exim4.diff. (AM) + ----- + WARNING: This breaks your debian/EDITME.exim4-custom.diff, as it was + generated to show the differences to debian/EDITME.exim4-base instead of + EDITME.exim4-light. (AM) + ----- + + -- Marc Haber Tue, 18 Feb 2003 16:16:45 +0100 + +exim4 (4.12-0.0.17) unstable; urgency=low + + * mv 26_exim4-base_aliases 26_exim4-base_system_aliases (MH) + * mv 30_exim4-base_forward 30_exim4-base_userforward (MH) + * WARNING: upgrades are broken! + -After ugrading delete conffiles no longer in package in directories + below /etc/exim4/conf.d/: + router/26_exim4-base_aliases + router/30_exim4-base_forward + * all file names for transports and routers are now consistent with + Transport/Router defined inside (MH) + * add debug_print to all transports/routers (MH) + * add cut -d\ -f1 to all md5sum calls in pipes (MH) + * add man page for exiqgrep (MH) + * fix typos in exiqsumm and exicyclog man page (MH) + * Don't install exim.8.diff as manpage, apply the patch instead. (AM) + + -- Andreas Metzler Sat, 15 Feb 2003 16:35:26 +0100 + +exim4 (4.12-0.0.16) unstable; urgency=low + + * Define CONFDIR-macro and use it in update-exim4.conf and some files in + CONFDIR. (AM) + * Enhance update-exim4.conf: remove comments by default, allow to write + output to a different file. (AM) + * update-exim4.conf: check validity of configfile before installing it + * fix breakage with newer md5sum - thanks to Sander (AM) + * check in init-script for smtp-service in inetd that is compatible with + openbsd-inetd's extended syntax (Hubert Chan) (AM) + * Don't link against libwrap, exim3 doesn't either (Alexander Koch) (AM) + + -- Andreas Metzler Fri, 14 Feb 2003 19:55:54 +0100 + +exim4 (4.12-0.0.15) unstable; urgency=low + + * If exim4/dc_listenonpublic=false add an explaing line to the + resulting configfile instead of a blank-line (Marc Haber) + * In postinst and cronjob make sure that db files are owned by + mail:mail + * Add buzzword convert4r4 to description of "No configuration" profile + * Body of manpage exim_convert4r4: s/convert4r4/exim_convert4r4/g + * Change maintainer, add Marc Haber to Uploaders + + -- Andreas Metzler Sun, 2 Feb 2003 22:06:06 +0100 + +exim4 (4.12-0.0.14) unstable; urgency=low + + * fix bugs found by Marc Haber: + - search for email-addresses file in /etc/exim4/ + - s/hostname -fqdn/hostname --fqdn/ + * exim4-base.config: don't grep in /etc/aliases if does not exist yet. + * clear up config-script, using both $mailname and $dc_mailname was + irritating. + * fix wrong logic for aliases generation (= instead of !=) + * fix major breakage of debconf code: config-script is called two times + _before_ postinst writes debconf.results, db_set-commands (for sane + defaults) in the second-run overwrote the answers given by the user. + + -- Andreas Metzler Sat, 1 Feb 2003 15:06:58 +0100 + +exim4 (4.12-0.0.13) unstable; urgency=low + + * link against GNUTLS + + -- Andreas Metzler Fri, 31 Jan 2003 16:32:31 +0100 + +exim4 (4.12-0.0.12) unstable; urgency=low + + * clean up at purge: Remove logfiles, ask about removing + undelivered mails in spool directory. + + -- Andreas Metzler Fri, 31 Jan 2003 13:32:37 +0100 + +exim4 (4.12-0.0.11) unstable; urgency=low + + * clean up update-exim4.conf: + + fix unconditional overwriting 03_exim4-base_neverusers + + one central `tempfile -m...` + + add skeleton function example + * add missing 'set -e' to exim4-base.postrm + * If there are no debconf answers and we are making a cross upgrade + from exim3, try to parse its config file to seed debconf db. + + -- Andreas Metzler Sun, 26 Jan 2003 12:22:23 +0100 + +exim4 (4.12-0.0.10) unstable; urgency=low + + * Get rid of error messages: don't call chmod/chown in + debconf/update-exim4.conf if the respective files don't exist. Don't try + to kill non running daemons. + * Don't start unconfigured daemon in init script, ie. require either + ${dc_eximconfig_configtype}" != "xnone or existence of handcrafted + /etc/exim4/exim4.conf. + Thanks to Alexander Koch for firmly pushing me this way. + * dc_listenonpublic was overwritten to true in config script. + * Typo in exim4-base.postrm prevented removal of + /etc/exim4/conf.d/router/28_exim4-base_hubuser + * Clean up /var/spool/exim4 properly; at least if there are just empty + directories. + * hub_user was broken because of unescaped $. + * import updated 10_daemon_close_fds.dpatch from Steve. + * only set neverusers if root is aliased somewhere. + + -- Andreas Metzler Fri, 24 Jan 2003 17:14:13 +0100 + +exim4 (4.12-0.0.9) unstable; urgency=low + + * update-exim4defaults: Fix bugs, add option --init + * /etc/default/exim4 is no conffile anymore, it is generated with + update-exim4defaults. + + -- Andreas Metzler Fri, 17 Jan 2003 13:39:46 +0100 + +exim4 (4.12-0.0.8) unstable; urgency=low + + * Don't ship now unneeded empty /var/lib/exim4/masquerade and + /var/lib/exim4/email_addresses + * move hub_user router to /etc/e4/c.d/ + * move primary-router definition to /etc/e4/c.d/ + * code in debian/rules installing /etc/exim4/conf.d/ tree ignores CVS + directories + * WARNING: upgrades from 0.0.6 and 0.0.7 are broken! + -After ugrading delete conffiles no longer in package in directories + below /etc/exim4/conf.d/: + rewrite/30_exim4-base + router/28_exim4-base_hub_user + - replace router/22_exim4-base_primary with a file containg only + the line "# d41d8cd98f00b204e9800998ecf8427e" + run update-exim4.conf afterwards and start daemon. + + -- Andreas Metzler Tue, 14 Jan 2003 17:44:50 +0100 + +exim4 (4.12-0.0.7) unstable; urgency=low + + * Add configuration file managment code using md5sums stored in the file + itself to update-exim4.conf(8). Use it and move files for evaluation of + /e/e4/email-addresses and the masquerading rules from /var/lib/exim4 to + /etc/. Gets rid of /etc/exim4/conf.d/rewrite/30_exim4-base and its two + .includes. + + -- Andreas Metzler Tue, 14 Jan 2003 13:05:51 +0100 + +exim4 (4.12-0.0.6) unstable; urgency=low + + * generate up to date manpage for eximstats with pod2man. + * EXPERIMENTAL: Split /etc/exim4/exim4.conf.template to little files + in /etc/exim4/conf.d/ - update docs accordingly. + * fix wrong path in exim4-base.doc-base.spec + + -- Andreas Metzler Sun, 12 Jan 2003 18:25:40 +0100 + +exim4 (4.12-0.0.5) unstable; urgency=low + + * enhance default-file a lot. + * ship update-exim4defaults(8) - a script to allow other packages to modify + the default-file. + + -- Andreas Metzler Mon, 6 Jan 2003 23:00:15 +0100 + +exim4 (4.12-0.0.4) unstable; urgency=low + + * Compile perl plugin with -fPIC + * Enable IPv6 support (Andrew Mulholland) + * remove exim4-base.cron.d, it only contained comments (no inetd support). + * enhance default-file: Allow disabling any queue runs and passing + additional options to exim daemon and/or the queuerunner. + + -- Andreas Metzler Sun, 5 Jan 2003 13:16:37 +0100 + +exim4 (4.12-0.0.3) unstable; urgency=low + + * Keep patches separate to make upgrading easier, using dpatch. + * Rename eximon to eximon4: Otherwise this would force anybody who has + installed eximon and runs exim v3 to switch to exim v4 + * Polish package descriptions a little bit. + * Drop Recommends for netbase. We don't support inetd anyway. + + -- Andreas Metzler Tue, 31 Dec 2002 14:31:14 +0100 + +exim4 (4.12-0.0.2) unstable; urgency=low + + * Actually compile with -O2 (Matthias Klose) + * Apply localscan_dlopen.patch from + http://marc.merlins.org/linux/exim/files/sa-exim-current/ to make it + possible to switch local_scan functions *without* recompiling exim. + * compile local_scan.c perl plugin as shared object that is dlopened, + document this in exim4-daemon-perl's description and doc-directory. + + -- Andreas Metzler Sat, 21 Dec 2002 14:01:24 +0100 + +exim4 (4.12-0.0.1) unstable; urgency=low + + * New upstream 4.12, a strict maintenance release. Without any new features + (Don't worry - this is the real release i.e. Phil's third shot ;-) + + -- Andreas Metzler Wed, 18 Dec 2002 12:17:51 +0100 + +exim4 (4.11-0.0.4) unstable; urgency=low + + * Get rid of /usr/lib/exim4/exim (see README.Debian for patched files) + * Use relative paths in debian/eximon.dirs + + -- Andreas Metzler Tue, 17 Dec 2002 13:40:19 +0100 + +exim4 (4.11-0.0.3) unstable; urgency=low + + * fix dbm lookups (one-line patch to src/search.c) + + -- Andreas Metzler Fri, 13 Dec 2002 13:38:31 +0100 + +exim4 (4.11-0.0.2) unstable; urgency=low + + * Fresh installs were broken, as the initial test in update-exim4.conf + failed. + * update-exim4.conf exits silently if /etc/exim4/exim4.conf exists. + * don't invoke update-exim4.conf in postinst if configtype=none. + + -- Andreas Metzler Wed, 11 Dec 2002 16:32:47 +0100 + +exim4 (4.11-0.0.1) unstable; urgency=low + + * New upstream version 4.11: + includes spec und util/* in orig.tar.gz, diff is small again. + see NewStuff items 49 to 57 for new features since snapshot 4.10.13. + + -- Andreas Metzler Wed, 11 Dec 2002 13:01:07 +0100 + +exim4 (4.10.13-0.0.4) unstable; urgency=low + + * reformat manpages a little bit, start each sentence on a new line, refer + to /usr/share/doc/exim4-base/ + * remove the %s from PID_FILE_PATH + * apply debian/fix-pid.issue.patch to fix minor security issue + http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html + * test in init-script for working config before reloading/restarting + (Andreas Piesk) + + -- Andreas Metzler Thu, 5 Dec 2002 13:04:51 +0100 + +exim4 (4.10.13-0.0.3) unstable; urgency=low + + * update copyright from NOTICE + * Typos in exim(8) + + -- Andreas Metzler Wed, 4 Dec 2002 10:35:18 +0100 + +exim4 (4.10.13-0.0.2) unstable; urgency=low + + * Fix path for eximon.bin in eximon script (Andreas Piesk) + * Add comments at the head of exim4.conf.template, containing a short + introduction to the configuration scheme. + + -- Andreas Metzler Tue, 3 Dec 2002 23:52:28 +0100 + +exim4 (4.10.13-0.0.1) unstable; urgency=low + + * Snapshot 4.10.13 + * CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated + * update update-exim4.conf* and documentation accordingly. + * Generate config.autogenerated with same permissions as + /etc/exim4/exim4.conf.template (it might conatain passwords) + * Add BIG FAT warning at head of autogenerated file. + * don't ship /var/lib/exim4/config.autogenerated, simply remove it on + purge if it exists. + + -- Andreas Metzler Mon, 2 Dec 2002 12:45:58 +0100 + +exim4 (4.10.12-0.0.1) unstable; urgency=low + + * Upgrade to testing snapshot 4.10.12 + * patches accepted/superseded by upstream: exim4-MID-expanded.patch, hmac*, + perl.c.patch + * patches that do not apply cleanly anymore: bV_shows_openssl_version.txt, + daemon_close_fds.txt, gcc_attributes-eximon.diff, gcc_attributes.txt, + tls_common.txt, tls_misc.txt, tls_session_cache.txt. + * minimize changes to scripts/exim_install - use INSTALL_ARG=-no_symlink instead. + * no util/cramtest.pl util/logargs.sh util/unknownuser.sh in upstream + tarball - perhaps only in testing version? + + -- Andreas Metzler Thu, 28 Nov 2002 16:11:52 +0100 + +exim4 (4.10-0.srh20.19) unstable; urgency=low + + * ship convert4r4 as /usr/sbin/exim_convert4r4 (with manpage) + * eximon does not provides/Conflicts: exim4-daemon + * switch AGAIN *-daemon provides MTA: + - *-daemon depends on -base instead of the other way round + - explicit "conflicts/replaces: exim, exim-tls" for the base package - + these need to add this the other way round, too (TODO). + - move symlinks for sendmail, mailq, rmail, rsmtp and their manpages (+the one + for newaliases) to the daemon-packages. + - no more non-debhelper-generated exim4-base.prerm, simplified + *daemon.postinst + * try to start daemon in postinst no matter whether configtype=none, people + might use it with a handcrafted exim4.conf. + * register /var/lib/exim4/email_addresses for dpkg. + + -- Andreas Metzler Sun, 24 Nov 2002 15:04:32 +0100 + +exim4 (4.10-0.srh20.18) unstable; urgency=low + + * add "Replaces: exim4-daemon" to all the daemon flavours, needed for + switching. + * Marc Haber: + make exim4-daemon-custom actually work. + building from CVS was broken + clean target missed Local/eximon.conf + * exim-daemon-perl recommends libexim-localscan-perl + + -- Andreas Metzler Thu, 21 Nov 2002 17:04:54 +0100 + +exim4 (4.10-0.srh20.17) unstable; urgency=low + + * add support for building a customized daemon (exim4-daemon-custom) + * tighten build-depends: official exim4-base linked against db3 won't + work well together with exim4-daemon-custom linked against libdb2 + * ship compile time configuration (EDITME-files) in /usd/daemon-flavour. + * use /var/mail instead of /var/spool/mail (#169747) + * make uucp a trusted user. (#169545) + + -- Andreas Metzler Sun, 17 Nov 2002 23:06:29 +0100 + +exim4 (4.10-0.srh20.16) unstable; urgency=low + + * fix Gecos pattern: 'From: "Andreas Metzler,,," Sat, 9 Nov 2002 10:12:34 +0100 + +exim4 (4.10-0.srh20.15) unstable; urgency=low + + * Fix crash with perl 5.8 (threads), thanks to Eckebrecht von Pappenheim + + * perl-package: search local_scan.pl in /etc/exim4 instead of /etc/exim. + + -- Andreas Metzler Wed, 6 Nov 2002 22:46:12 +0100 + +exim4 (4.10-0.srh20.14) unstable; urgency=low + + * add /etc/default/exim4 (#123184, #95325) + * Don't start a queue runner with cron per default, exim runs as daemon. + * polish config-script: more states, strip blanks. + * Ask whether to bind to all local interfaces or only to localhost with sane + default depending on configtype. (#108853) + + -- Andreas Metzler Thu, 31 Oct 2002 14:05:50 +0100 + +exim4 (4.10-0.srh20.13) unstable; urgency=low + + * send stdout of logrotate postrotate-script to /dev/null + * polish exim4-base.postinst and exim4-base.templates + * use tcp-wrappers + * simplify update-exim4.conf. There is no need to only add remote_smtp + transport for special configurations. It does not hurt and should make it + easy for users to activate smtp-auth. + * install configration example to examples subdirectory + + -- Andreas Metzler Tue, 29 Oct 2002 08:42:42 +0100 + +exim4 (4.10-0.srh20.12) unstable; urgency=low + + * linked against external pcre + * clean up a little bit - move all manpages to debian/manpages/ + * ship template /etc/exim4/email-addresses + * LFS support (-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE) + * Don't force sender verification by default + * I actually use this version. + + -- Andreas Metzler Sun, 27 Oct 2002 17:10:16 +0100 + +exim4 (4.10-0.srh20.11) unstable; urgency=low + + * if HUPed exim will rexec itself as /usr/lib/exim4/exim, changing the name + to exim - start-stop-daemon-daemon would not recognize it. Changed + init.script to exec /usr/lib/exim4/exim to set the processname to "exim". + This needs to be deuglified. + * use black magic in daemon-$flavour postinst to only start it there if + switching flavours. + * support for inetd has to wait for sarge+1 + * fix description of 'exim4' daemon flavour. + + -- Andreas Metzler Sat, 26 Oct 2002 11:09:14 +0200 + +exim4 (4.10-0.srh20.10) unstable; urgency=low + + * don't provide symlink /usr/sbin/exim anymore - this broke coinstallation + with uninstalled exim 3 - the exim3-init script started the exim4-daemon. + Ship symlink /usr/lib/exim4/exim -> /usr/sbin/exim4 and set BIN_DIRECTORY + to /usr/lib/exim4. This is a little bit ugly but the alterative would be to + patch 7 files in src. + * the daemon packages conflict with each other by each having + Conflicts/Provides: exim4-daemon + * Add doc base support for spec and filter.txt (bug 165961) + * Switching daemon flavours restarts them. + + -- Andreas Metzler Fri, 25 Oct 2002 16:14:44 +0200 + +exim4 (4.10-0.srh20.9) unstable; urgency=low + + * apply exim4-MID-expanded.patch - make domain part of M-ID configurable. + Shipped in debian-subdir so it can be easily patch -R'd before official + debian release. + * set spool to /var/spool/exim4 in EDITME + * remove /var/run/exim4 on purge + * remove /var/(spool|log)/exim4 on purge if empty + * added manpages. + * allow relay for 127.0.0.1 : ::::1 + * set host_find_failed = defer for smarthost router and mimick exim3. It + really sucks to get a frozen message and error to the postmaster _every_ + time I try to send a message offline. + + -- Andreas Metzler Thu, 24 Oct 2002 14:00:05 +0200 + +exim4 (4.10-0.srh20.8) unstable; urgency=low + + * info and html doc generated from separate source package - diff is + small + * remove m4 and texinfo from build-depends + + -- Andreas Metzler Thu, 24 Oct 2002 12:22:56 +0200 + +exim4 (4.10-0.srh20.7) unstable; urgency=low + + * config script as state machine - allows going back! + * hopefully last forgotten entry of /var/{spool,log,run}/exim in postinst + and cron.* fixed. + + -- Andreas Metzler Thu, 24 Oct 2002 09:16:12 +0200 + +exim4 (4.10-0.srh20.6) unstable; urgency=low + + * generate /etc/aliases with debconf + * remove dpkg-statoverride managment with debconf, ship exim binary as 4755 + root:root. + * update debian/copyright from NOTICE. + * add (commented out) maildrop-transport to template + * add (commented out) maildir-transport to template + * Remove some backslashes in template + * Fix *lots of* cut and paste errors, introduced by generating the + configuration template from the debconf_eximconfig perl script. + $local_delivery is wrong, define macro LOCAL_DELIVERY and use it instead. + Remove erranous backslashes. + * Add comments from the example configuration file to template. + * host and domain lists are colon separated. + + -- Andreas Metzler Mon, 21 Oct 2002 22:37:45 +0200 + +exim4 (4.10-0.srh20.5) unstable; urgency=low + + * new debconf-code: + - shell scripts + - debconf-results are saved (and read from) /etc/exim4/debconf.results + - /etc/exim4/exim4.conf.template is a dpkg-conffile + - update-exim4.conf(8) merges these two files and generates exim's main + configuration file /var/lib/exim4/exim4.conf. + + -- Andreas Metzler Sat, 19 Oct 2002 19:23:35 +0200 + +exim4 (4.10-0.srh20.4) unstable; urgency=low + + * symlink usr/sbin/exim4 <-> usr/sbin/exim in -base package was wrong. + * move invoke-rc.d to -base package - _it_ contains the init-script + * move stat-overide-stuff to -base package. - The values are filled in _its_ + config. + * missing stuff from log/exim4 run/exim4 transition: exim-base + maintainerscripts. + * Daemon-packages have only debconf stuff left as maintainerscripts. How + about letting dh_installinit manage the initscript? + * exim4-base.postrm has no business removing /etc/exim/exim.conf + + -- Andreas Metzler Fri, 18 Oct 2002 14:40:46 +0200 + +exim4 (4.10-0.srh20.3) unstable; urgency=low + + * /etc/exim4/... + * fix cronjob: Test for existence of /etc/exim4/exim4.conf - it formerly + tested for exim3's configuration file + * /usr/lib/exim/ --> /usr/lib/exim4/ -- Put eximon.bin there, too. + + -- Andreas Metzler Fri, 18 Oct 2002 13:43:37 +0200 + +exim4 (4.10-0.srh20.2) unstable; urgency=low + + * more changes: + * /var/log/exim/ --> /var/log/exim4/ + * /var/run/exim/ --> /var/run/exim4/ + * /etc/init.d/exim --> /etc/init.d/exim4 + * Use files named after the real package (exim4-base instead of) exim for + cron and logrotate. - use dh_installlogrotate and dh_installcron + * Don't install exim.8 manpages in daemon packages - symlink is enough, ship + real manpage in base-package. - use dh_installman. + * Get rid of m4-magic - without the alternatives there is no need. + + -- Andreas Metzler Thu, 17 Oct 2002 23:52:31 +0200 + +exim4 (4.10-0.srh20.1) unstable; urgency=low + + * rename package, replace dependencies. + - src: exim4 + - binary exim(-something) --> exim4-something + - Remove Provides: exim - does not make sense anymore, dselect/apt + would take the real exim instead of the provided one. + - Revamp Dependencies and contents + * exim4-base provides/confl/repl: mta and depends on one of *our* + flavours + * each of the flavours only contains only /usr/sbin/exim4 and a manpagelink + exim4--->exim - there is no need to provides/confl/repl: mta, because + we ship no common file with the same name as in the original + exim4-package + - drop alternatives. + - install configuration example to /usr/share/doc/exim4-doc/examples + + -- Andreas Metzler Thu, 17 Oct 2002 17:58:08 +0200 + +exim (4.10-0.srh20) unstable; urgency=low + + * exim-base.config fixes during testing-- need to run debconf subs in a + list context to get their numeric return code. + * enqueue_question(): $code == 0 is ok too + * main: call fetch_default() not find_default() [when did I last test this?] + * install debconf_eximconfig (!!!!!!) + + -- Steve Haslam Wed, 16 Oct 2002 21:50:27 +0100 + +exim (4.10-0.srh19) unstable; urgency=low + + * Move the eximon binary into the eximon package! + + -- Steve Haslam Wed, 16 Oct 2002 19:36:48 +0100 + +exim (4.10-0.srh18) unstable; urgency=low + + * The clean: target now deletes doc/tmp + + -- Steve Haslam Wed, 16 Oct 2002 18:10:29 +0100 + +exim (4.10-0.srh17) unstable; urgency=low + + * Slave alternatives for "rmail" too. + * Changed libxaw-dev in build-depends to libxaw7-dev | libxaw-dev + * Added libperl-dev and m4 to build-depends + + -- Steve Haslam Wed, 16 Oct 2002 17:19:40 +0100 + +exim (4.10-0.srh16) unstable; urgency=low + + * Put --exec $DAEMON back on the start-stop-daemon --stop calls, since + start-stop-daemon complains about the process not being found after it + just killed it. (Due to Exim not removing its own pid file?) + * Point slave alternatives at .gz versions of manpages + + -- Steve Haslam Wed, 16 Oct 2002 16:12:08 +0100 + +exim (4.10-0.srh15) unstable; urgency=low + + * Fix "update-alternatives --remove" invocation. + * Remove alternatives AFTER stopping daemon. + * Use logrotate to cycle logs. + * Manually install logrotate/cron stuff, to call it "exim" instead of "exim-base". + * Install upstream exim.8 manpage, and slave alternatives. + + -- Steve Haslam Wed, 16 Oct 2002 15:44:56 +0100 + +exim (4.10-0.srh14) unstable; urgency=low + + * dh_installinit: pass --noscripts, put the script invocation etc. in + ourselves. This is still pretty nasty, but ensures that the deamons + are stopped/started themselves, not by exim-base. + * Also, pass --init-script=exim to use /etc/init.d/exim, not + /etc/init.d/exim-base. + * Fix some inconsistencies in the postsinst related to the above that + made lintian scream + * Remove the --exec option when stopping the daemon in the init script, + so that we still stop the daemon if the symlink changed to point to a + different version (hacky). + + -- Steve Haslam Wed, 16 Oct 2002 14:51:19 +0100 + +exim (4.10-0.srh13) unstable; urgency=low + + * Bah, fix paths of mailq etc. to be in /usr/bin, not /usr/lib + + -- Steve Haslam Wed, 16 Oct 2002 14:08:45 +0100 + +exim (4.10-0.srh12) unstable; urgency=low + + * The postinsts were totally broken, doing everything off the "install" + target, and nothing off "configure". Since they're all pracitcally the + same, they are now generated from daemon-postinst.m4. + * Fix invocations of dpkg-statoverride (sysuser??) + * Added slave alternatives for mailq, sendmail etc. + * Removed daemon packages conflicting with mail-transport-agent, + although this isn't good-- the deamon packages don't conflict with + each other (they use alternatives to arrange themselves), but do + conflict with other MTAs that install + /usr/lib/sendmail|/usr/sbin/sendmail links. Urnf. + * Similar generation system for prerms as postinsts + + -- Steve Haslam Wed, 16 Oct 2002 13:47:53 +0100 + +exim (4.10-0.srh11) unstable; urgency=low + + * Urnf, nasty circular dependencies. Removed exim-base's dependency on exim-daemon. + * Fix "use strict" errors in exim-base.config (oops) + + -- Steve Haslam Wed, 16 Oct 2002 13:10:25 +0100 + +exim (4.10-0.srh10) unstable; urgency=low + + * Patch src/expand.c with HMAC support + * Rename exim-daemon-default package to just "exim", so upgrading works + better, and exim isn't made into a pure virtual package while other + packages depend on it. Moreover, mail-transport-agent is provided by + each of the daemon packages, not exim-base, since having exim-base + alone is not sufficient to have an MTA. + * Each exim daemon package depends on exim-base, not exim. + + -- Steve Haslam Wed, 16 Oct 2002 12:52:19 +0100 + +exim (4.10-0.1) unstable; urgency=low + + * Heavy changes to build system. + * Split package into: + - exim-base: This package contains all utility programs and + documentation in plain text format. + - exim-daemon-$FOO: (Currently for FOO in light, default, heavy, + perl): Conain only the exim daemon in different configurations + - exim-doc-info: Contains exim documentation in Info format. + - eximon: The X11 monitor for Exim + + -- Hilko Bengen Wed, 2 Oct 2002 17:23:04 +0200 + +exim (4.10-0.srh4) unstable; urgency=low + + * exim.c: Show the OpenSSL version number if TLS compiled in and the tls + debug selector enabled. + * exim.postinst et al: Keep the alternatives configured between upgrades + (naughty) since exim-light will fail to start if exim-heavy keywords + are in the config file + + -- Steve Haslam Fri, 13 Sep 2002 16:08:47 +0100 + +exim (4.10-0.srh3) unstable; urgency=low + + * tls.c: Some debug output changes to verify_callback() + * debconf_eximconfig: add more escaping when writing acl_check_rcpt + * tls.c and others: ${tls_peercn} now expands to the CN part of the + peer's certificate subject when using TLS. + * transports/smtp.c and others: Added tls_verify_hostname option to + verify the hostname we connected to against the CN/subjectAltName + of the peer certificate. + + -- Steve Haslam Fri, 13 Sep 2002 15:44:07 +0100 + +exim (4.10-0.srh2) unstable; urgency=low + + * exim-heavy.postinst: had duplicate sendmail alternative, removed. Had + a priority the same as exim-light too... increased. + * Replace LOOKUP_CDB=yes in exim-light configuration, since it was in + the Exim 3 package and doesn't bring in any dependencies. + * exim.postinst: delete files from /var/spool/exim/db if they cannot be + read by exim_dumpdb (some DB compatibility lossage) + + -- Steve Haslam Tue, 3 Sep 2002 13:28:44 +0100 + +exim (4.10-0.srh1) unstable; urgency=low + + * My stab at an Exim 4 package. Features include: + * An exim-heavy package that contains an Exim binary with LDAP, + MySQL, PostgreSQL etc. in, so that the main Exim package's + dependencies are kept thin but users can easily get hold of + the extra lookup types. + * Debconf-based configuration, although it has priority=high + questions, so not completely noninteractive yet, and not + all features of eximconfig have been ported/checked + * Automated conversion of Exim 3 configuration files + (using PH's convert4r4) + + -- Steve Haslam Tue, 3 Sep 2002 10:20:24 +0100 + +exim (3.35-1.srh1) unstable; urgency=low + + * Reconfigured to include MySQL and PostgreSQL lookups + + -- Steve Haslam Fri, 9 Aug 2002 15:52:37 +0100 + +exim (3.35-1) unstable; urgency=low + + * New upstream version, fixes buffer overflow (Closes: #135069) + * debian/config: Added receiver_try_verify (Closes: #136276) + * debian/init.d: Use --retry 30 option for start-stop-daemon when + stopping exim (Closes: #136450) + * debian/postinst: "noninteractive" in correct case (Closes: #134379) + * debian/init.d: Use -n option for echo (from patch in #133288) + * debian/exim_lock.8: Manpage for exim_lock - thanks Nick Philips + (Closes: #131679) + * debian/config: Fixed comment on smtp_accept_queue_per_connection + (Closes: #136756) + * debian/exim.8,debian/eximon.8: Fixed hyphenation (Closes: #132068) + * debian/control: Short description improved (Closes: #130698) + + -- Mark Baker Mon, 4 Mar 2002 23:04:52 +0000 + + diff --cc debian/compat index 7f8f011,0000000..ec63514 mode 100644,000000..100644 --- a/debian/compat +++ b/debian/compat @@@ -1,1 -1,0 +1,1 @@@ - 7 ++9 diff --cc debian/control index 25b073d,0000000..16c00d3 mode 100644,000000..100644 --- a/debian/control +++ b/debian/control @@@ -1,353 -1,0 +1,351 @@@ +Source: exim4 +Section: mail +Priority: standard +Maintainer: Exim4 Maintainers +Uploaders: Andreas Metzler ,Marc Haber +Homepage: http://www.exim.org/ - Standards-Version: 3.9.6 - #Vcs-Git: git://git.debian.org/git/pkg-exim4/exim4.git - #Vcs-Browser: http://git.debian.org/?p=pkg-exim4/exim4.git - Vcs-Git: git://anonscm.debian.org/pkg-exim4/exim4.git - Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-exim4/exim4.git - Build-Depends: debhelper (>= 7.0.15), po-debconf, docbook-xsl, xsltproc, ++Standards-Version: 3.9.8 ++Vcs-Git: https://anonscm.debian.org/git/pkg-exim4/exim4.git ++Vcs-Browser: https://anonscm.debian.org/git/pkg-exim4/exim4.git ++Build-Depends: debhelper (>= 9), po-debconf, docbook-xsl, xsltproc, + lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, + libident-dev, libdb5.3-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, - libxaw7-dev, libpq-dev, libmysqlclient-dev | libmysqlclient15-dev, ++ libxaw7-dev, libpq-dev, default-libmysqlclient-dev, + libsqlite3-dev, libperl-dev, libgnutls28-dev, libsasl2-dev - XS-Testsuite: autopkgtest + +Package: exim4-base +Architecture: any +Breaks: exim4-daemon-light (<<${Upstream-Version}), + exim4-daemon-heavy (<<${Upstream-Version}), + exim4-daemon-custom (<<${Upstream-Version}) +Conflicts: exim, exim-tls +Replaces: exim, exim-tls, exim4-daemon-light, exim4-daemon-heavy, exim4-daemon-custom +Depends: ${shlibs:Depends}, ${misc:Depends}, - cron | cron-daemon | anacron | fcron, ++ cron | cron-daemon | anacron, + exim4-config (>=4.82) | exim4-config-2, adduser, netbase, lsb-base (>= 3.0-6) +# psmisc just for exiwhat. - Recommends: psmisc, mailx, perl-modules ++Recommends: psmisc, mailx +Suggests: mail-reader, eximon4, exim4-doc-html|exim4-doc-info, + gnutls-bin | openssl, file, spf-tools-perl, swaks +Description: support files for all Exim MTA (v4) packages + Exim (v4) is a mail transport agent. exim4-base provides the support + files needed by all exim4 daemon packages. You need an additional package + containing the main executable. The available packages are: + . + exim4-daemon-light + exim4-daemon-heavy + . + If you build exim4 from the source package locally, you can also + build an exim4-daemon-custom package tailored to your own feature set. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-config +Architecture: all - Breaks: exim4-daemon-light (<<4.84.2), exim4-daemon-heavy (<<4.84.2) ++Breaks: exim4-daemon-light (<< 4.87~RC5), exim4-daemon-heavy (<< 4.87~RC5) +Provides: exim4-config-2 +Conflicts: exim, exim-tls, exim4-config, exim4-config-2, ${MTA-Conflicts} +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Description: configuration for the Exim MTA (v4) + Exim (v4) is a mail transport agent. exim4-config provides the configuration + for the exim4 daemon packages. The configuration framework has been split + off the main package to allow sites to replace the configuration scheme + with their own without having to change the actual exim4 packages. + . + Sites with special configuration needs (having a lot of identically + configured machines for example) can use this to distribute their own + custom configuration via the packaging system, using the magic + available with dpkg's conffile handling, without having to do local + changes on all of these machines. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-light +Architecture: any - Provides: mail-transport-agent, exim4-localscanapi-1.0, exim4-localscanapi-1.1, default-mta ++Provides: mail-transport-agent, exim4-localscanapi-2.0, ++ ${dist:Provides:exim4-daemon-light} +Conflicts: mail-transport-agent +Replaces: mail-transport-agent, exim4-base (<= 4.61-1) +Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends} +Description: lightweight Exim MTA (v4) daemon + Exim (v4) is a mail transport agent. This package contains the exim4 + daemon with only basic features enabled. It works well with the + standard setups that are provided by Debian and includes support for + TLS encryption and the dlopen patch to allow dynamic loading of a + local_scan function. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4 +Architecture: all +Depends: ${misc:Depends}, debconf (>= 1.4.69) | cdebconf (>= 0.39), + exim4-base (>= ${source:Version}), + exim4-base (<< ${source:Version}.1), + exim4-daemon-light | exim4-daemon-heavy | exim4-daemon-custom +Description: metapackage to ease Exim MTA (v4) installation + Exim (v4) is a mail transport agent. exim4 is the metapackage depending + on the essential components for a basic exim4 installation. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-heavy +Architecture: any +Priority: optional - Provides: mail-transport-agent, exim4-localscanapi-1.0, exim4-localscanapi-1.1 ++Provides: mail-transport-agent, exim4-localscanapi-2.0 +Conflicts: mail-transport-agent +Replaces: mail-transport-agent, exim4-base (<= 4.61-1) +Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, + ${misc:Depends} +Breaks: clamav-daemon (<< 0.95) +Description: Exim MTA (v4) daemon with extended features, including exiscan-acl + Exim (v4) is a mail transport agent. This package contains the exim4 + daemon with extended features. In addition to the features already + supported by exim4-daemon-light, exim4-daemon-heavy includes LDAP, + sqlite, PostgreSQL and MySQL data lookups, SASL and SPA SMTP authentication, + embedded Perl interpreter, and the content scanning extension + (formerly known as "exiscan-acl") for integration of virus scanners + and spamassassin. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +#Package: exim4-daemon-custom +#Architecture: any +#Priority: optional - #Provides: mail-transport-agent, exim4-localscanapi-1.0, exim4-localscanapi-1.1 ++#Provides: mail-transport-agent, exim4-localscanapi-2.0 +#Conflicts: mail-transport-agent +#Replaces: mail-transport-agent, exim4-base (<= 4.61-1) +#Depends: exim4-base (>= ${Upstream-Version}), ${shlibs:Depends}, ${misc:Depends} +#Description: custom Exim MTA (v4) daemon with locally set features +# Exim (v4) is a mail transport agent. This package contains a +# custom-configured exim4 daemon compiled to local needs. This package +# is not part of official Debian, but can easily be built from the +# Debian source package. For information about the feature set compiled in, +# and for bug reports, please find out who built your package. +# . +# The Debian exim4 packages have their own web page, +# http://wiki.debian.org/PkgExim4. There is also a Debian-specific +# FAQ list. Information about the way the Debian packages are +# configured can be found in +# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains +# information about the way the Debian binary packages are built. The +# very extensive upstream documentation is shipped in +# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven +# configuration process in a standard setup, invoke dpkg-reconfigure +# exim4-config. There is a Debian-centered mailing list, +# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific +# questions there, and only write to the upstream exim-users mailing +# list if you are sure that your question is not Debian-specific. You +# can find the subscription web page on +# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: eximon4 +Architecture: any +Priority: optional +Conflicts: eximon +Replaces: eximon +Depends: ${shlibs:Depends}, ${misc:Depends}, exim4-base (>= 4.10) +Description: monitor application for the Exim MTA (v4) (X11 interface) + Eximon is a helper program for the Exim MTA (v4). It allows + administrators to view the mail queue and logs, and perform a variety + of actions on queued messages, such as freezing, bouncing and thawing + messages. + +Package: exim4-dbg +Architecture: any +Priority: extra +Section: debug +Depends: exim4-base, exim4-config, ${misc:Depends} +Recommends: eximon4 +Description: debugging symbols for the Exim MTA (utilities) + Exim (v4) is a mail transport agent. This package contains + debugging symbols for the binaries contained in the exim4 + packages. The daemon packages have their own debug package. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-light-dbg +Architecture: any +Priority: extra +Section: debug +Depends: exim4-daemon-light, ${misc:Depends} +Description: debugging symbols for the Exim MTA "light" daemon + Exim (v4) is a mail transport agent. This package contains + debugging symbols for the binaries contained in the + exim4-daemon-light package. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-daemon-heavy-dbg +Architecture: any +Priority: extra +Section: debug +Depends: exim4-daemon-heavy, ${misc:Depends} +Description: debugging symbols for the Exim MTA "heavy" daemon + Exim (v4) is a mail transport agent. This package contains + debugging symbols for the binaries contained in the + exim4-daemon-heavy package. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +#Package: exim4-daemon-custom-dbg +#Architecture: any +#Priority: extra +#Section: debug +#Depends: exim4-daemon-custom, ${misc:Depends} +#Description: debugging symbols for the Exim MTA (v4) packages +# Exim (v4) is a mail transport agent. This package contains +# debugging symbols for the binaries contained in the +# exim4-daemon-custom package. +# . +# The Debian exim4 packages have their own web page, +# http://wiki.debian.org/PkgExim4. There is also a Debian-specific +# FAQ list. Information about the way the Debian packages are +# configured can be found in +# /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains +# information about the way the Debian binary packages are built. The +# very extensive upstream documentation is shipped in +# /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven +# configuration process in a standard setup, invoke dpkg-reconfigure +# exim4-config. There is a Debian-centered mailing list, +# pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific +# questions there, and only write to the upstream exim-users mailing +# list if you are sure that your question is not Debian-specific. You +# can find the subscription web page on +# http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users + +Package: exim4-dev +Architecture: any +Priority: extra +Depends: ${misc:Depends} +Description: header files for the Exim MTA (v4) packages + Exim (v4) is a mail transport agent. This package contains header + files that can be used to compile code that is then dynamically linked + to exim's local_scan interface. + . + The Debian exim4 packages have their own web page, + http://wiki.debian.org/PkgExim4. There is also a Debian-specific + FAQ list. Information about the way the Debian packages are + configured can be found in + /usr/share/doc/exim4-base/README.Debian.gz, which additionally contains + information about the way the Debian binary packages are built. The + very extensive upstream documentation is shipped in + /usr/share/doc/exim4-base/spec.txt.gz. To repeat the debconf-driven + configuration process in a standard setup, invoke dpkg-reconfigure + exim4-config. There is a Debian-centered mailing list, + pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific + questions there, and only write to the upstream exim-users mailing + list if you are sure that your question is not Debian-specific. You + can find the subscription web page on + http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users diff --cc debian/copyright index 453276d,0000000..cd123f2 mode 100644,000000..100644 --- a/debian/copyright +++ b/debian/copyright @@@ -1,262 -1,0 +1,254 @@@ +This is Debian GNU/Linux's prepackaged version of exim, a powerful yet easy +to configure mail transport agent. + +----------------------------------------------------------------- +This package was put together from the original sources which are +maintained by Philip Hazel , and which were +obtained from + + ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ + +Some modifications to the Makefiles have been made to fit with the Linux +FHS. +----------------------------------------------------------------- + +----------------------------------------------------------------- +The exim content filtering extension, formally known as the +exiscan-acl patch, and which is included in exim4-daemon-heavy, +was written by Tom Kistner . +/* Copyright (c) Tom Kistner 2003-???? */ +/* License: GPL */ +----------------------------------------------------------------- + +----------------------------------------------------------------- +Debian Maintainer history: +- The Debian package for exim was originally made by Tim Cutts + . +- Mark Baker took over until exim version 3 and is + still involved with packaging. +- Steve Haslam, Hilko Bengen and Marc Haber generated the initial + packages of Exim v4. +- The exim4 packages are currently maintained by + - Core Team + - (mh) Marc Haber (team leader) + - (am) Andreas Metzler (uploader) + - Commit Privileges + - (hb) Hilko Bengen (documentation, hacks etc) + - (cb) Christian Perrier (translations) + +The following people helped in preparing the exim4 packages and gave +important feedback: +- Marc Merlin provides the dlopen patch, making it possible to load + local_scan-routines for a external shared object. + The original patch was written by David Woodhouse, it was modified first + by Derrick 'dman' Hudson and afterwards by Marc Merlin. +- Sander Smeenk provided the TLS-docs and the script to generate the + self-signed certificates. +- The people on the exim4debian list that submitted bug-reports and -fixes, + and helped with design issues: Matthias Klose, Alexander Koch, Ola + Lundqvist, Andrew Mulholland, David Pashley, Andreas Piesk, Nick Phillips + and whoever I forgot to mention. +- syslog2eximlog script by Martin Godisch. +- Hilko Bengen converted the Debian documentation from plain-text to XML + format. +----------------------------------------------------------------- + + +----------------------------------------------------------------- - exim is copyright (c) 1999 University of Cambridge. ++exim is copyright (c) 1995 - 2017 University of Cambridge. + +The original licence is as follows (from the file NOTICE in the upstream +distribution); a copy of the GNU GPL version 2 is available in +/usr/share/common-licenses/GPL-2 on Debian systems. + +_________________________________________________________________________ +THE EXIM MAIL TRANSFER AGENT +---------------------------- + - Copyright (c) 2002 University of Cambridge ++Copyright (c) 2004 University of Cambridge + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or +(at your option) any later version. + +In addition, for the avoidance of any doubt, permission is granted to +link this program with OpenSSL or any other library package and to +(re)distribute the binaries produced as the result of such linking. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. ++Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + +UNSOLICITED EMAIL +----------------- + +The use, supply or promotion of Exim for the purpose of sending bulk, +unsolicited electronic mail is incompatible with the basic aims of the program, +which revolve around the free provision of a service that enhances the quality +of personal communications. The author of Exim regards indiscriminate +mass-mailing as an antisocial, irresponsible abuse of the Internet. + + +INCORPORATED CODE +----------------- + +A number of pieces of external code are included in the Exim distribution. + - . Regular expressions are supported in the main Exim program and in the - Exim monitor using the freely-distributable PCRE library, copyright (c) - 2003 University of Cambridge. The source is distributed in the directory - src/pcre. However, this is a cut-down version of PCRE. If you want to use - the PCRE library in other programs, you should obtain and install the - full version from ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre. - - + . Support for the cdb (Constant DataBase) lookup method is provided by code + contributed by Nigel Metheringham of Planet Online Ltd. which contains + the following statements: + _________________________________________________________________________ + + Copyright (c) 1998 Nigel Metheringham, Planet Online Ltd + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation; either version 2 of the License, or (at your + option) any later version. + + This code implements Dan Bernstein's Constant DataBase (cdb) spec. + Information, the spec and sample code for cdb can be obtained from + http://www.pobox.com/~djb/cdb.html. This implementation borrows some code + from Dan Bernstein's implementation (which has no license restrictions + applied to it). + _________________________________________________________________________ + + The implementation is completely contained within the code of Exim. It + does not link against an external cdb library. + + . Client support for Microsoft's "Secure Password Authentication" is pro- + vided by code contributed by Marc Prud'hommeaux. Server support was + contributed by Tom Kistner. This includes code taken from the Samba + project, which is released under the Gnu GPL. + + + . Support for calling the Cyrus "pwcheck" and "saslauthd" daemons is + provided by code taken from the Cyrus-SASL library and adapted by + Alexander S. Sabourenkov. The permission notice appears below, in + accordance with the conditions expressed therein. + + _________________________________________________________________________ + + Copyright (c) 2001 Carnegie Mellon University. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. The name 'Carnegie Mellon University' must not be used to endorse or + promote products derived from this software without prior written + permission. For permission or any other legal details, please + contact + + Office of Technology Transfer + Carnegie Mellon University + 5000 Forbes Avenue + Pittsburgh, PA 15213-3890 + (412) 268-4387, fax: (412) 268-7395 + tech-transfer@andrew.cmu.edu + + 4. Redistributions of any form whatsoever must retain the following + acknowledgment: + This product includes software developed by Computing Services at + Carnegie Mellon University (http://www.cmu.edu/computing/). + + CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS + SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND + FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY + SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER + RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF + CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + _________________________________________________________________________ + + + . The Exim Monitor program, which is an X-Window application, includes + modified versions of the Athena StripChart and TextPop widgets. This code + is copyright by DEC and MIT, and their permission notice appears below, + in accordance with the conditions expressed therein. + + _________________________________________________________________________ + + Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, + Massachusetts, and the Massachusetts Institute of Technology, Cambridge, + Massachusetts. + + All Rights Reserved + + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose and without fee is hereby granted, provided + that the above copyright notice appear in all copies and that both that + copyright notice and this permission notice appear in supporting documen- + tation, and that the names of Digital or MIT not be used in advertising + or publicity pertaining to distribution of the software without specific, + written prior permission. + + DIGITAL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING + ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL + DIGITAL BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR + ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, + WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, + ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + SOFTWARE. + _________________________________________________________________________ + + + . Some of the code to support the use of maildirsize files for maildir + deliveries is taken from the Courier Imapd source code. This code is + released under the GPL. + _________________________________________________________________________ + +-- +Philip Hazel University of Cambridge Computing Service, - ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714. - ----------------------------------------------------------------- - - - +----------------------------------------------------------------- +src/pdkim/* + +PDKIM - a RFC4871 (DKIM) implementation +http://duncanthrax.net/pdkim/ - Copyright (C) 2009 Tom Kistner ++Copyright (C) 2009 - 2016 Tom Kistner ++Copyright (C) 2016 - 2017 Jeremy Harris + +Includes code from the PolarSSL project. +http://polarssl.org +Copyright (C) 2009 Paul Bakker +Copyright (C) 2006-2008 Christophe Devine ++Copyright (C) 2006-2010, Brainspark B.V. + +This copy of PDKIM is included with Exim. For a standalone distribution, +visit http://duncanthrax.net/pdkim/. + +License: Both the parts from PolarSSL and the original code are licensed +under GPLv2+. ++ ++Please note that the parts copied from PolarSSL are only used with ancient ++(< 2.10) GnuTLS. +----------------------------------------------------------------- + +----------------------------------------------------------------- +Generating a tarball from CVS snapshot. + - Upstream is keeping sourcecode and documention (including changelog) in ++Upstream is keeping sourcecode and documentation (including changelog) in +separate CVS modules: exim-src and exim-doc. However the release tarball +contains parts from both modules. + +1. Use exim-src modules as base +2. Generate a doc subdirectory containing he contents of exim-doc/doc-txt/. +3. Take exim-doc and build the txt files You will need xfpt, xmlto, docbook-xsl +and w3m. +cd doc-docbook ; make spec.txt filter.txt exim.8 +Copy the three files to exim-version/doc/ + diff --cc debian/debconf/conf.d/acl/30_exim4-config_check_mail index 7a6a3e7,0000000..f8c53d6 mode 100644,000000..100644 --- a/debian/debconf/conf.d/acl/30_exim4-config_check_mail +++ b/debian/debconf/conf.d/acl/30_exim4-config_check_mail @@@ -1,16 -1,0 +1,11 @@@ + +### acl/30_exim4-config_check_mail +################################# + +# This access control list is used for every MAIL command in an incoming +# SMTP message. The tests are run in order until the address is either +# accepted or denied. +# +acl_check_mail: - .ifdef CHECK_MAIL_HELO_ISSUED - deny - message = no HELO given before MAIL command - condition = ${if def:sender_helo_name {no}{yes}} - .endif + + accept diff --cc debian/debconf/conf.d/acl/30_exim4-config_check_rcpt index 4949587,0000000..d616720 mode 100644,000000..100644 --- a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt +++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt @@@ -1,358 -1,0 +1,363 @@@ + +### acl/30_exim4-config_check_rcpt +################################# + +# This access control list is used for every RCPT command in an incoming +# SMTP message. The tests are run in order until the address is either +# accepted or denied. +# +acl_check_rcpt: + + # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by + # testing for an empty sending host field. + accept + hosts = : + control = dkim_disable_verify + + # Do not try to verify DKIM signatures of incoming mail if DC_minimaldns + # or DISABLE_DKIM_VERIFY are set. +.ifdef DC_minimaldns + warn + control = dkim_disable_verify +.else +.ifdef DISABLE_DKIM_VERIFY + warn + control = dkim_disable_verify +.endif +.endif + + # The following section of the ACL is concerned with local parts that contain + # certain non-alphanumeric characters. Dots in unusual places are + # handled by this ACL as well. + # + # Non-alphanumeric characters other than dots are rarely found in genuine + # local parts, but are often tried by people looking to circumvent + # relaying restrictions. Therefore, although they are valid in local + # parts, these rules disallow certain non-alphanumeric characters, as + # a precaution. + # + # Empty components (two dots in a row) are not valid in RFC 2822, but Exim + # allows them because they have been encountered. (Consider local parts + # constructed as "firstinitial.secondinitial.familyname" when applied to + # a name without a second initial.) However, a local part starting + # with a dot or containing /../ can cause trouble if it is used as part of a + # file name (e.g. for a mailing list). This is also true for local parts that + # contain slashes. A pipe symbol can also be troublesome if the local part is + # incorporated unthinkingly into a shell command line. + # + # These ACL components will block recipient addresses that are valid + # from an RFC2822 point of view. We chose to have them blocked by + # default for security reasons. + # + # If you feel that your site should have less strict recipient + # checking, please feel free to change the default values of the macros + # defined in main/01_exim4-config_listmacrosdefs or override them from a + # local configuration file. + # + # Two different rules are used. The first one has a quite strict + # default, and is applied to messages that are addressed to one of the + # local domains handled by this host. + + # The default value of CHECK_RCPT_LOCAL_LOCALPARTS is defined in + # main/01_exim4-config_listmacrosdefs: + # CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] + # This blocks local parts that begin with a dot or contain a quite + # broad range of non-alphanumeric characters. + .ifdef CHECK_RCPT_LOCAL_LOCALPARTS + deny + domains = +local_domains + local_parts = CHECK_RCPT_LOCAL_LOCALPARTS + message = restricted characters in address + .endif + + + # The second rule applies to all other domains, and its default is + # considerably less strict. + + # The default value of CHECK_RCPT_REMOTE_LOCALPARTS is defined in + # main/01_exim4-config_listmacrosdefs: + # CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ + + # It allows local users to send outgoing messages to sites + # that use slashes and vertical bars in their local parts. It blocks + # local parts that begin with a dot, slash, or vertical bar, but allows + # these characters within the local part. However, the sequence /../ is + # barred. The use of some other non-alphanumeric characters is blocked. + # Single quotes might probably be dangerous as well, but they're + # allowed by the default regexps to avoid rejecting mails to Ireland. + # The motivation here is to prevent local users (or local users' malware) + # from mounting certain kinds of attack on remote sites. + .ifdef CHECK_RCPT_REMOTE_LOCALPARTS + deny + domains = !+local_domains + local_parts = CHECK_RCPT_REMOTE_LOCALPARTS + message = restricted characters in address + .endif + + + # Accept mail to postmaster in any local domain, regardless of the source, + # and without verifying the sender. + # + accept + .ifndef CHECK_RCPT_POSTMASTER + local_parts = postmaster + .else + local_parts = CHECK_RCPT_POSTMASTER + .endif + domains = +local_domains : +relay_to_domains + + + # Deny unless the sender address can be verified. + # + # This is disabled by default so that DNSless systems don't break. If + # your system can do DNS lookups without delay or cost, you might want + # to enable this feature. + # + # This feature does not work in smarthost and satellite setups as - # with these setups all domains pass verification. See spec.txt chapter - # 39.31 with the added information that a smarthost/satellite setup - # routes all non-local e-mail to the smarthost. ++ # with these setups all domains pass verification. See spec.txt section ++ # "Access control lists" subsection "Address verification" with the added ++ # information that a smarthost/satellite setup routes all non-local e-mail ++ # to the smarthost. + .ifdef CHECK_RCPT_VERIFY_SENDER + deny + message = Sender verification failed + !acl = acl_local_deny_exceptions + !verify = sender + .endif + + # Verify senders listed in local_sender_callout with a callout. + # + # In smarthost and satellite setups, this causes the callout to be + # done to the smarthost. Verification will thus only be reliable if the + # smarthost does reject illegal addresses in the SMTP dialog. + deny + !acl = acl_local_deny_exceptions + senders = ${if exists{CONFDIR/local_sender_callout}\ + {CONFDIR/local_sender_callout}\ + {}} + !verify = sender/callout + + + # Accept if the message comes from one of the hosts for which we are an + # outgoing relay. It is assumed that such hosts are most likely to be MUAs, + # so we set control=submission to make Exim treat the message as a + # submission. It will fix up various errors in the message, for example, the + # lack of a Date: header line. If you are actually relaying out out from + # MTAs, you may want to disable this. If you are handling both relaying from + # MTAs and submissions from MUAs you should probably split them into two + # lists, and handle them differently. + + # Recipient verification is omitted here, because in many cases the clients + # are dumb MUAs that don't cope well with SMTP error responses. If you are + # actually relaying out from MTAs, you should probably add recipient + # verification here. + + # Note that, by putting this test before any DNS black list checks, you will + # always accept from these hosts, even if they end up on a black list. The + # assumption is that they are your friends, and if they get onto black + # list, it is a mistake. + accept + hosts = +relay_from_hosts + control = submission/sender_retain + control = dkim_disable_verify + + + # Accept if the message arrived over an authenticated connection, from + # any host. Again, these messages are usually from MUAs, so recipient + # verification is omitted, and submission mode is set. And again, we do this + # check before any black list tests. + accept + authenticated = * + control = submission/sender_retain + control = dkim_disable_verify + ++ # Insist that a HELO/EHLO was accepted. ++ ++ require message = nice hosts say HELO first ++ condition = ${if def:sender_helo_name} + + # Insist that any other recipient address that we accept is either in one of + # our local domains, or is in a domain for which we explicitly allow + # relaying. Any other domain is rejected as being unacceptable for relaying. + require + message = relay not permitted + domains = +local_domains : +relay_to_domains + + + # We also require all accepted addresses to be verifiable. This check will + # do local part verification for local domains, but only check the domain + # for remote domains. + require + verify = recipient + + + # Verify recipients listed in local_rcpt_callout with a callout. + # This is especially handy for forwarding MX hosts (secondary MX or + # mail hubs) of domains that receive a lot of spam to non-existent + # addresses. The only way to check local parts for remote relay + # domains is to use a callout (add /callout), but please read the + # documentation about callouts before doing this. + deny + !acl = acl_local_deny_exceptions + recipients = ${if exists{CONFDIR/local_rcpt_callout}\ + {CONFDIR/local_rcpt_callout}\ + {}} + !verify = recipient/callout + + + # CONFDIR/local_sender_blacklist holds a list of envelope senders that + # should have their access denied to the local host. Incoming messages + # with one of these senders are rejected at RCPT time. + # + # The explicit white lists are honored as well as negative items in + # the black list. See exim4-config_files(5) for details. + deny + message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster + !acl = acl_local_deny_exceptions + senders = ${if exists{CONFDIR/local_sender_blacklist}\ + {CONFDIR/local_sender_blacklist}\ + {}} + + + # deny bad sites (IP address) + # CONFDIR/local_host_blacklist holds a list of host names, IP addresses + # and networks (CIDR notation) that should have their access denied to + # The local host. Messages coming in from a listed host will have all + # RCPT statements rejected. + # + # The explicit white lists are honored as well as negative items in + # the black list. See exim4-config_files(5) for details. + deny + message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster + !acl = acl_local_deny_exceptions + hosts = ${if exists{CONFDIR/local_host_blacklist}\ + {CONFDIR/local_host_blacklist}\ + {}} + + + # Warn if the sender host does not have valid reverse DNS. + # + # If your system can do DNS lookups without delay or cost, you might want + # to enable this. + # If sender_host_address is defined, it's a remote call. If + # sender_host_name is not defined, then reverse lookup failed. Use + # this instead of !verify = reverse_host_lookup to catch deferrals + # as well as outright failures. + .ifdef CHECK_RCPT_REVERSE_DNS + warn + condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\ + {yes}{no}} + add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}}) + .endif + + + # Use spfquery to perform a pair of SPF checks (for details, see + # http://www.openspf.org/) + # + # This is quite costly in terms of DNS lookups (~6 lookups per mail). Do not + # enable if that's an issue. Also note that if you enable this, you must + # install "spf-tools-perl" which provides the spfquery command. + # Missing spf-tools-perl will trigger the "Unexpected error in + # SPF check" warning. + .ifdef CHECK_RCPT_SPF + deny + message = [SPF] $sender_host_address is not allowed to send mail from \ + ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}. \ + Please see \ + http://www.openspf.org/Why?scope=${if def:sender_address_domain \ + {mfrom}{helo}};identity=${if def:sender_address_domain \ + {$sender_address}{$sender_helo_name}};ip=$sender_host_address + log_message = SPF check failed. + !acl = acl_local_deny_exceptions + condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \ + ${quote:$sender_host_address} --identity \ + ${if def:sender_address_domain \ + {--scope mfrom --identity ${quote:$sender_address}}\ + {--scope helo --identity ${quote:$sender_helo_name}}}}\ + {no}{${if eq {$runrc}{1}{yes}{no}}}} + + defer + message = Temporary DNS error while checking SPF record. Try again later. + !acl = acl_local_deny_exceptions + condition = ${if eq {$runrc}{5}{yes}{no}} + + warn + condition = ${if <={$runrc}{6}{yes}{no}} + add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\ + {${if eq {$runrc}{2}{softfail}\ + {${if eq {$runrc}{3}{neutral}\ + {${if eq {$runrc}{4}{permerror}\ + {${if eq {$runrc}{6}{none}{error}}}}}}}}}\ + } client-ip=$sender_host_address; \ + ${if def:sender_address_domain \ + {envelope-from=${sender_address}; }{}}\ + helo=$sender_helo_name + + warn + log_message = Unexpected error in SPF check. + condition = ${if >{$runrc}{6}{yes}{no}} + .endif + + + # Check against classic DNS "black" lists (DNSBLs) which list + # sender IP addresses + .ifdef CHECK_RCPT_IP_DNSBLS + warn + dnslists = CHECK_RCPT_IP_DNSBLS + add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + .endif + + + # Check against DNSBLs which list sender domains, with an option to locally + # whitelist certain domains that might be blacklisted. + # + # Note: If you define CHECK_RCPT_DOMAIN_DNSBLS, you must append + # "/$sender_address_domain" after each domain. For example: + # CHECK_RCPT_DOMAIN_DNSBLS = rhsbl.foo.org/$sender_address_domain \ + # : rhsbl.bar.org/$sender_address_domain + .ifdef CHECK_RCPT_DOMAIN_DNSBLS + warn + !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\ + {CONFDIR/local_domain_dnsbl_whitelist}\ + {}} + dnslists = CHECK_RCPT_DOMAIN_DNSBLS + add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text) + .endif + + + # This hook allows you to hook in your own ACLs without having to + # modify this file. If you do it like we suggest, you'll end up with + # a small performance penalty since there is an additional file being + # accessed. This doesn't happen if you leave the macro unset. + .ifdef CHECK_RCPT_LOCAL_ACL_FILE + .include CHECK_RCPT_LOCAL_ACL_FILE + .endif + + + ############################################################################# + # This check is commented out because it is recognized that not every + # sysadmin will want to do it. If you enable it, the check performs + # Client SMTP Authorization (csa) checks on the sending host. These checks + # do DNS lookups for SRV records. The CSA proposal is currently (May 2005) + # an Internet draft. You can, of course, add additional conditions to this + # ACL statement to restrict the CSA checks to certain hosts only. + # + # require verify = csa + ############################################################################# + + + # Accept if the address is in a domain for which we are an incoming relay, + # but again, only if the recipient can be verified. + + accept + domains = +relay_to_domains + endpass + verify = recipient + + + # At this point, the address has passed all the checks that have been + # configured, so we accept it unconditionally. + + accept diff --cc debian/debconf/conf.d/acl/40_exim4-config_check_data index 1b371d2,0000000..abfa164 mode 100644,000000..100644 --- a/debian/debconf/conf.d/acl/40_exim4-config_check_data +++ b/debian/debconf/conf.d/acl/40_exim4-config_check_data @@@ -1,75 -1,0 +1,84 @@@ + +### acl/40_exim4-config_check_data +################################# + +# This ACL is used after the contents of a message have been received. This +# is the ACL in which you can test a message's headers or body, and in +# particular, this is where you can invoke external virus or spam scanners. + +acl_check_data: + ++ # Deny if the message contains an overlong line. Per the standards ++ # we should never receive one such via SMTP. ++ # ++ .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT ++ deny message = maximum allowed line length is 998 octets, \ ++ got $max_received_linelength ++ condition = ${if > {$max_received_linelength}{998}} ++ .endif ++ + # Deny unless the address list headers are syntactically correct. + # + # If you enable this, you might reject legitimate mail. + .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX + deny + message = Message headers fail syntax check + !acl = acl_local_deny_exceptions + !verify = header_syntax + .endif + + + # require that there is a verifiable sender address in at least + # one of the "Sender:", "Reply-To:", or "From:" header lines. + .ifdef CHECK_DATA_VERIFY_HEADER_SENDER + deny + message = No verifiable sender address in message headers + !acl = acl_local_deny_exceptions + !verify = header_sender + .endif + + + # Deny if the message contains malware. Before enabling this check, you + # must install a virus scanner and set the av_scanner option in the + # main configuration. + # + # exim4-daemon-heavy must be used for this section to work. + # + # deny + # malware = * + # message = This message was detected as possible malware ($malware_name). + + + # Add headers to a message if it is judged to be spam. Before enabling this, + # you must install SpamAssassin. You also need to set the spamd_address + # option in the main configuration. + # + # exim4-daemon-heavy must be used for this section to work. + # + # Please note that this is only suiteable as an example. There are + # multiple issues with this configuration method. For example, if you go + # this way, you'll give your spamassassin daemon write access to the + # entire exim spool which might be a security issue in case of a + # spamassassin exploit. + # + # See the exim docs and the exim wiki for more suitable examples. + # + # warn + # spam = Debian-exim:true + # add_header = X-Spam_score: $spam_score\n\ + # X-Spam_score_int: $spam_score_int\n\ + # X-Spam_bar: $spam_bar\n\ + # X-Spam_report: $spam_report + + + # This hook allows you to hook in your own ACLs without having to + # modify this file. If you do it like we suggest, you'll end up with + # a small performance penalty since there is an additional file being + # accessed. This doesn't happen if you leave the macro unset. + .ifdef CHECK_DATA_LOCAL_ACL_FILE + .include CHECK_DATA_LOCAL_ACL_FILE + .endif + + + # accept otherwise + accept diff --cc debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs index 8e51605,0000000..82b0d1f mode 100644,000000..100644 --- a/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs +++ b/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs @@@ -1,100 -1,0 +1,101 @@@ +###################################################################### +# Runtime configuration file for Exim 4 (Debian Packaging) # +###################################################################### + +###################################################################### +# /etc/exim4/exim4.conf.template is only used with the non-split +# configuration scheme. +# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used +# with the split configuration scheme. +# If you find this comment anywhere else, somebody copied it there. +# Documentation about the Debian exim4 configuration scheme can be +# found in /usr/share/doc/exim4-base/README.Debian.gz. +###################################################################### + +###################################################################### +# MAIN CONFIGURATION SETTINGS # +###################################################################### + +# Just for reference and scripts. +# On Debian systems, the main binary is installed as exim4 to avoid +# conflicts with the exim 3 packages. +exim_path = /usr/sbin/exim4 + +# Macro defining the main configuration directory. +# We do not use absolute paths. +.ifndef CONFDIR +CONFDIR = /etc/exim4 +.endif + +# debconf-driven macro definitions get inserted after this line +UPEX4CmacrosUPEX4C = 1 + +# Create domain and host lists for relay control +# '@' refers to 'the name of the local host' + +# List of domains considered local for exim. Domains not listed here +# need to be deliverable remotely. +domainlist local_domains = MAIN_LOCAL_DOMAINS + +# List of recipient domains to relay _to_. Use this list if you're - +# for example - fallback MX or mail gateway for domains. +domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS + +# List of sender networks (IP addresses) to _unconditionally_ relay +# _for_. If you intend to be SMTP AUTH server, you do not need to enter +# anything here. +hostlist relay_from_hosts = MAIN_RELAY_NETS + + +# Decide which domain to use to add to all unqualified addresses. +# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary +# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value +# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined, +# the first line of /etc/mailname is used. +.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN +.ifndef MAIN_QUALIFY_DOMAIN +qualify_domain = ETC_MAILNAME +.else +qualify_domain = MAIN_QUALIFY_DOMAIN +.endif +.endif + +# listen on all all interfaces? +.ifdef MAIN_LOCAL_INTERFACES +local_interfaces = MAIN_LOCAL_INTERFACES +.endif + +.ifndef LOCAL_DELIVERY +# The default transport, set in /etc/exim4/update-exim4.conf.conf, +# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities +LOCAL_DELIVERY=mail_spool +.endif + +# The gecos field in /etc/passwd holds not only the name. see passwd(5). +gecos_pattern = ^([^,:]*) +gecos_name = $1 + +# define macros to be used in acl/30_exim4-config_check_rcpt to check +# recipient local parts for strange characters. + +# This macro definition really should be in +# acl/30_exim4-config_check_rcpt but cannot be there due to +# http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62. + +# These macros are documented in acl/30_exim4-config_check_rcpt, +# can be changed here or overridden by a locally added configuration - # file as described in README.Debian chapter 2.1.2 ++# file as described in README.Debian section "Using Exim Macros to control ++# the configuration". + +.ifndef CHECK_RCPT_LOCAL_LOCALPARTS +CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] +.endif + +.ifndef CHECK_RCPT_REMOTE_LOCALPARTS +CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ +.endif + +# always log tls_peerdn as we use TLS for outgoing connects by default +.ifndef MAIN_LOG_SELECTOR - MAIN_LOG_SELECTOR = +tls_peerdn ++MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn +.endif diff --cc debian/debconf/conf.d/main/02_exim4-config_options index bfaf7bd,0000000..bf00d03 mode 100644,000000..100644 --- a/debian/debconf/conf.d/main/02_exim4-config_options +++ b/debian/debconf/conf.d/main/02_exim4-config_options @@@ -1,210 -1,0 +1,218 @@@ + +### main/02_exim4-config_options +################################# + + +# Defines the access control list that is run when an +# SMTP MAIL command is received. +# +.ifndef MAIN_ACL_CHECK_MAIL +MAIN_ACL_CHECK_MAIL = acl_check_mail +.endif +acl_smtp_mail = MAIN_ACL_CHECK_MAIL + + +# Defines the access control list that is run when an +# SMTP RCPT command is received. +# +.ifndef MAIN_ACL_CHECK_RCPT +MAIN_ACL_CHECK_RCPT = acl_check_rcpt +.endif +acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT + + +# Defines the access control list that is run when an +# SMTP DATA command is received. +# +.ifndef MAIN_ACL_CHECK_DATA +MAIN_ACL_CHECK_DATA = acl_check_data +.endif +acl_smtp_data = MAIN_ACL_CHECK_DATA + + +# Message size limit. The default (used when MESSAGE_SIZE_LIMIT +# is unset) is 50 MB +.ifdef MESSAGE_SIZE_LIMIT +message_size_limit = MESSAGE_SIZE_LIMIT +.endif + + +# If you are running exim4-daemon-heavy or a custom version of Exim that +# was compiled with the content-scanning extension, you can cause incoming +# messages to be automatically scanned for viruses. You have to modify the +# configuration in two places to set this up. The first of them is here, +# where you define the interface to your scanner. This example is typical +# for ClamAV; see the manual for details of what to set for other virus +# scanners. The second modification is in the acl_check_data access +# control list. + +# av_scanner = clamd:/var/run/clamav/clamd.ctl + + +# For spam scanning, there is a similar option that defines the interface to +# SpamAssassin. You do not need to set this if you are using the default, which +# is shown in this commented example. As for virus scanning, you must also +# modify the acl_check_data access control list to enable spam scanning. + +# spamd_address = 127.0.0.1 783 + +# Domain used to qualify unqualified recipient addresses +# If this option is not set, the qualify_domain value is used. +# qualify_recipient = + + +# Allow Exim to recognize addresses of the form "user@[10.11.12.13]", +# where the domain part is a "domain literal" (an IP address) instead +# of a named domain. The RFCs require this facility, but it is disabled - # in the default config since it is seldomly used and frequently abused. ++# in the default config since it is rarely used and frequently abused. +# Domain literal support also needs a special router, which is automatically +# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS. +# Additionally, you might want to make your local IP addresses (or @[]) +# local domains. +.ifdef MAIN_ALLOW_DOMAIN_LITERALS +allow_domain_literals +.endif + + +# Do a reverse DNS lookup on all incoming IP calls, in order to get the +# true host name. If you feel this is too expensive, the networks for +# which a lookup is done can be listed here. +.ifndef DC_minimaldns +.ifndef MAIN_HOST_LOOKUP +MAIN_HOST_LOOKUP = * +.endif +host_lookup = MAIN_HOST_LOOKUP +.endif + + +# In a minimaldns setup, update-exim4.conf guesses the hostname and +# dumps it here to avoid DNS lookups being done at Exim run time. +.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME +primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME +.endif + - # The settings below, which are actually the same as the defaults in the - # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP - # calls. You can limit the hosts to which these calls are made, and/or change - # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls - # are disabled. RFC 1413 calls are cheap and can provide useful information - # for tracing problem messages, but some hosts and firewalls are - # misconfigured to drop the requests instead of either answering or - # rejecting them. This can result in a timeout instead of an immediate refused - # connection, leading to delays on starting up SMTP sessions. (The default was - # reduced from 30s to 5s for release 4.61.) - # rfc1413_hosts = * - # rfc1413_query_timeout = 5s ++# The settings below cause Exim to make RFC 1413 (ident) callbacks ++# for all incoming SMTP calls. You can limit the hosts to which these ++# calls are made, and/or change the timeout that is used. If you set ++# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls ++# are cheap and can provide useful information for tracing problem ++# messages, but some hosts and firewalls have problems with them. ++# This can result in a timeout instead of an immediate refused ++# connection, leading to delays on starting up SMTP sessions. ++# (The default was reduced from 30s to 5s for release 4.61. and to ++# disabled for release 4.86) ++# ++#rfc1413_hosts = * ++#rfc1413_query_timeout = 5s ++ ++ ++# Enable an efficiency feature. We advertise the feature; clients ++# may request to use it. For multi-recipient mails we then can ++# reject or accept per-user after the message is received. ++# ++prdr_enable = true + +# When using an external relay tester (such as rt.njabl.org and/or the +# currently defunct relay-test.mail-abuse.org, the test may be aborted +# since exim complains about "too many nonmail commands". If you want +# the test to complete, add the host from where "your" relay tester +# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro. +# Please note that a non-empty setting may cause extra DNS lookups to +# happen, which is the reason why this option is commented out in the +# default settings. +# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org +.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +.endif + +# By default, exim forces a Sender: header containing the local +# account name at the local host name in all locally submitted messages +# that don't have the local account name at the local host name in the +# From: header, deletes any Sender: header present in the submitted +# message and forces the envelope sender of all locally submitted +# messages to the local account name at the local host name. +# The following settings allow local users to specify their own envelope sender +# in a locally submitted message. Sender: headers existing in a locally +# submitted message are not removed, and no automatic Sender: headers +# are added. These settings are fine for most hosts. +# If you run exim on a classical multi-user systems where all users +# have local mailboxes that can be reached via SMTP from the Internet +# with the local FQDN as the domain part of the address, you might want +# to disable the following three lines for traceability reasons. +.ifndef MAIN_FORCE_SENDER +local_from_check = false +local_sender_retain = true +untrusted_set_sender = * +.endif + + +# By default, Exim expects all envelope addresses to be fully qualified, that +# is, they must contain both a local part and a domain. Configure exim +# to accept unqualified addresses from certain hosts. When this is done, +# unqualified addresses are qualified using the settings of qualify_domain +# and/or qualify_recipient (see above). +# sender_unqualified_hosts = +# recipient_unqualified_hosts = + + +# Configure Exim to support the "percent hack" for certain domains. +# The "percent hack" is the feature by which mail addressed to x%y@z +# (where z is one of the domains listed) is locally rerouted to x@y +# and sent on. If z is not one of the "percent hack" domains, x%y is +# treated as an ordinary local part. The percent hack is rarely needed +# nowadays but frequently abused. You should not enable it unless you +# are sure that you really need it. +# percent_hack_domains = + + +# Bounce handling +.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER +MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d +.endif +ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER + +.ifndef MAIN_TIMEOUT_FROZEN_AFTER +MAIN_TIMEOUT_FROZEN_AFTER = 7d +.endif +timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER + +.ifndef MAIN_FREEZE_TELL +MAIN_FREEZE_TELL = postmaster +.endif +freeze_tell = MAIN_FREEZE_TELL + + +# Define spool directory +.ifndef SPOOLDIR +SPOOLDIR = /var/spool/exim4 +.endif +spool_directory = SPOOLDIR + + +# trusted users can set envelope-from to arbitrary values +.ifndef MAIN_TRUSTED_USERS +MAIN_TRUSTED_USERS = uucp +.endif +trusted_users = MAIN_TRUSTED_USERS +.ifdef MAIN_TRUSTED_GROUPS +trusted_groups = MAIN_TRUSTED_GROUPS +.endif + + +# users in admin group can do many other things +# admin_groups = + + +# SMTP Banner. The example includes the Debian version in the SMTP dialog +# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}" +# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full + +.ifdef MAIN_KEEP_ENVIRONMENT +keep_environment = MAIN_KEEP_ENVIRONMENT +.else +# set option to empty value to avoid warning. +keep_environment = +.endif +.ifdef MAIN_ADD_ENVIRONMENT +add_environment = MAIN_ADD_ENVIRONMENT +.endif diff --cc debian/debconf/conf.d/main/03_exim4-config_tlsoptions index 3f40c59,0000000..86299e1 mode 100644,000000..100644 --- a/debian/debconf/conf.d/main/03_exim4-config_tlsoptions +++ b/debian/debconf/conf.d/main/03_exim4-config_tlsoptions @@@ -1,78 -1,0 +1,85 @@@ + +### main/03_exim4-config_tlsoptions +################################# + +# TLS/SSL configuration for exim as an SMTP server. +# See /usr/share/doc/exim4-base/README.Debian.gz for explanations. + +.ifdef MAIN_TLS_ENABLE +# Defines what hosts to 'advertise' STARTTLS functionality to. The +# default, *, will advertise to all hosts that connect with EHLO. +.ifndef MAIN_TLS_ADVERTISE_HOSTS +MAIN_TLS_ADVERTISE_HOSTS = * +.endif +tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS + + +# Full paths to Certificate and Private Key. The Private Key file +# must be kept 'secret' and should be owned by root.Debian-exim mode +# 640 (-rw-r-----). exim-gencert takes care of these prerequisites. +# Normally, exim4 looks for certificate and key in different files: +# MAIN_TLS_CERTIFICATE - path to certificate file, +# CONFDIR/exim.crt if unset +# MAIN_TLS_PRIVATEKEY - path to private key file +# CONFDIR/exim.key if unset +# You can also configure exim to look for certificate and key in the +# same file, set MAIN_TLS_CERTKEY to that file to enable. This takes +# precedence over all other settings regarding certificate and key file. +.ifdef MAIN_TLS_CERTKEY +tls_certificate = MAIN_TLS_CERTKEY +.else +.ifndef MAIN_TLS_CERTIFICATE +MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt +.endif +tls_certificate = MAIN_TLS_CERTIFICATE + +.ifndef MAIN_TLS_PRIVATEKEY +MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key +.endif +tls_privatekey = MAIN_TLS_PRIVATEKEY +.endif + +# Pointer to the CA Certificates against which client certificates are +# checked. This is controlled by the `tls_verify_hosts' and +# `tls_try_verify_hosts' lists below. +# If you want to check server certificates, you need to add an +# tls_verify_certificates statement to the smtp transport. +# /etc/ssl/certs/ca-certificates.crt is generated by +# the "ca-certificates" package's update-ca-certificates(8) command. +.ifndef MAIN_TLS_VERIFY_CERTIFICATES +MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\ + {/etc/ssl/certs/ca-certificates.crt}\ + {/dev/null}} +.endif +tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES + + +# A list of hosts which are constrained by `tls_verify_certificates'. A host +# that matches `tls_verify_host' must present a certificate that is +# verifyable through `tls_verify_certificates' in order to be accepted as an +# SMTP client. If it does not, the connection is aborted. +.ifdef MAIN_TLS_VERIFY_HOSTS +tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS +.endif + +# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but +# not `tls_verify_hosts'), request a certificate and check it against +# `tls_verify_certificates' but do not abort the connection if there is no +# certificate or if the certificate presented does not match. (This +# condition can be tested for in ACLs through `verify = certificate') +# By default, this check is done for all hosts. It is known that some +# clients (including incredimail's version downloadable in February +# 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an +# empty value. +.ifdef MAIN_TLS_TRY_VERIFY_HOSTS +tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS +.endif + ++.ifdef _HAVE_GNUTLS ++tls_dhparam = historic ++.endif ++ ++.else ++# Don't advertise TLS if MAIN_TLS_ENABLE is not set. ++tls_advertise_hosts = +.endif diff --cc debian/debconf/conf.d/rewrite/31_exim4-config_rewriting index b11b797,0000000..b7415b6 mode 100644,000000..100644 --- a/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting +++ b/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting @@@ -1,16 -1,0 +1,16 @@@ + +### rewrite/31_exim4-config_rewriting +################################# + - # This rewriting rule is particularily useful for dialup users who ++# This rewriting rule is particularly useful for dialup users who +# don't have their own domain, but could be useful for anyone. +# It looks up the real address of all local users in a file +.ifndef NO_EAA_REWRITE_REWRITE +*@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\ + {$value}fail}" Ffrs +# identical rewriting rule for /etc/mailname +*@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\ + {$value}fail}" Ffrs +.endif + + diff --cc debian/debconf/conf.d/router/100_exim4-config_domain_literal index 244b479,0000000..d37fea6 mode 100644,000000..100644 --- a/debian/debconf/conf.d/router/100_exim4-config_domain_literal +++ b/debian/debconf/conf.d/router/100_exim4-config_domain_literal @@@ -1,18 -1,0 +1,18 @@@ + +### router/100_exim4-config_domain_literal +################################# + +# This router handles e-mail addresses in "domain literal" form like +# . The RFCs require this facility, but it is disabled - # in the default config since it is seldomly used and frequently abused. ++# in the default config since it is rarely used and frequently abused. +# Domain literal support also needs to be enabled in the main config, +# which is automatically done if you use the enable macro +# MAIN_ALLOW_DOMAIN_LITERALS. + +.ifdef MAIN_ALLOW_DOMAIN_LITERALS +domain_literal: + debug_print = "R: domain_literal for $local_part@$domain" + driver = ipliteral + domains = ! +local_domains + transport = remote_smtp +.endif diff --cc debian/debconf/conf.d/router/500_exim4-config_hubuser index 01a4c94,0000000..1884b21 mode 100644,000000..100644 --- a/debian/debconf/conf.d/router/500_exim4-config_hubuser +++ b/debian/debconf/conf.d/router/500_exim4-config_hubuser @@@ -1,31 -1,0 +1,31 @@@ + +### router/500_exim4-config_hubuser +################################# + +.ifdef DCconfig_satellite +# This router is only used for configtype=satellite. - # It takes care to route all mail targetted to ++# It takes care to route all mail targeted to +# to the host where we read our mail +# +hub_user: + debug_print = "R: hub_user for $local_part@$domain" + driver = redirect + domains = +local_domains + data = ${local_part}@DCreadhost + check_local_user + +# Grab the redirected mail and deliver it. +# This is a duplicate of the smarthost router, needed because +# DCreadhost might end up as part of +local_domains +hub_user_smarthost: + debug_print = "R: hub_user_smarthost for $local_part@$domain" + driver = manualroute + domains = DCreadhost + transport = remote_smtp_smarthost + route_list = * DCsmarthost byname + host_find_failed = ignore + same_domain_copy_routing = yes + check_local_user +.endif + + diff --cc debian/debconf/conf.d/transport/30_exim4-config_remote_smtp index 11d72bb,0000000..42bd601 mode 100644,000000..100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp @@@ -1,47 -1,0 +1,53 @@@ + +### transport/30_exim4-config_remote_smtp +################################# +# This transport is used for delivering messages over SMTP connections. ++# Refuse to send any message with over-long lines, which could have ++# been received other than via SMTP. The use of message_size_limit to ++# enforce this is a red herring. + +remote_smtp: + debug_print = "T: remote_smtp for $local_part@$domain" + driver = smtp ++.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT ++ message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} ++.endif +.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS + hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS +.endif +.ifdef REMOTE_SMTP_HEADERS_REWRITE + headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE +.endif +.ifdef REMOTE_SMTP_RETURN_PATH + return_path = REMOTE_SMTP_RETURN_PATH +.endif +.ifdef REMOTE_SMTP_HELO_DATA + helo_data=REMOTE_SMTP_HELO_DATA +.endif +.ifdef DKIM_DOMAIN +dkim_domain = DKIM_DOMAIN +.endif +.ifdef DKIM_SELECTOR +dkim_selector = DKIM_SELECTOR +.endif +.ifdef DKIM_PRIVATE_KEY +dkim_private_key = DKIM_PRIVATE_KEY +.endif +.ifdef DKIM_CANON +dkim_canon = DKIM_CANON +.endif +.ifdef DKIM_STRICT +dkim_strict = DKIM_STRICT +.endif +.ifdef DKIM_SIGN_HEADERS +dkim_sign_headers = DKIM_SIGN_HEADERS +.endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif +.ifdef REMOTE_SMTP_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_PRIVATEKEY +.endif diff --cc debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost index b834249,0000000..9c18305 mode 100644,000000..100644 --- a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost +++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp_smarthost @@@ -1,38 -1,0 +1,47 @@@ + +### transport/30_exim4-config_remote_smtp_smarthost +################################# + +# This transport is used for delivering messages over SMTP connections +# to a smarthost. The local host tries to authenticate. +# This transport is used for smarthost and satellite configurations. ++# Refuse to send any messsage with over-long lines, which could have ++# been received other than via SMTP. The use of message_size_limit to ++# enforce this is a red herring. + +remote_smtp_smarthost: + debug_print = "T: remote_smtp_smarthost for $local_part@$domain" + driver = smtp ++.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT ++ message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} ++.endif + hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \ + {\ + ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\ + }\ + {} \ + } +.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS + hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS +.endif ++.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS ++ hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS ++.endif +.ifdef REMOTE_SMTP_HEADERS_REWRITE + headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE +.endif +.ifdef REMOTE_SMTP_RETURN_PATH + return_path = REMOTE_SMTP_RETURN_PATH +.endif +.ifdef REMOTE_SMTP_HELO_DATA + helo_data=REMOTE_SMTP_HELO_DATA +.endif +.ifdef TLS_DH_MIN_BITS +tls_dh_min_bits = TLS_DH_MIN_BITS +.endif +.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE +.endif +.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY +tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY +.endif diff --cc debian/debconf/update-exim4.conf index fac2d9c,0000000..59410db mode 100644,000000..100644 --- a/debian/debconf/update-exim4.conf +++ b/debian/debconf/update-exim4.conf @@@ -1,469 -1,0 +1,484 @@@ +#!/bin/sh +# update-exim4.conf(8) - Generate /var/lib/exim4/config.autogenerated + +set -e +set -C +set -f + +UPEX4C_confdir="/etc/exim4" +UPEX4C_sections="main acl router transport retry rewrite auth" + +# list of ue4cc options that need to support both colons and +# semicolons as separators. dc_other_hostnames and dc_smarthost +# has special handling. +UPEX4C_semicolon="dc_local_interfaces dc_relay_nets dc_relay_domains" +EXIM="/usr/sbin/exim4" + +UPEX4C_verbose=no +UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated +UPEX4C_outputfile="${UPEX4C_autoconfigfile}" +UPEX4C_version="" + +usage() { +cat <&2 + exit 1 +fi + +eval set -- ${TEMP} +while test "$1" != "--"; do + case $1 in + -h|--help) + usage + exit 0 + ;; + -v|--verbose) + UPEX4C_verbose=yes + ;; + --keepcomments) + UPEX4C_comments=yes + ;; + --removecomments) + UPEX4C_comments=no + ;; ++ --check) ++ UPEX4C_check=yes ++ ;; + -o|--output) + shift + UPEX4C_outputfile="$1" + ;; + -d|--confdir) + shift + UPEX4C_confdir="$1" + ;; + esac + shift +done +shift + +# No non-option arguments allowed. +if [ "$#" -ne 0 ]; then + echo "No non option arguments ($@) allowed" >&2 + usage >&2 + exit 1 +fi + +# exit immediately if /etc/exim4/exim4.conf exists and -o was not specified +if [ -e /etc/exim4/exim4.conf ] && \ + [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] ; then + exit 0 +fi + +UE4CC="$UPEX4C_confdir/update-exim4.conf.conf" +UPEX4C_confd="$UPEX4C_confdir/conf.d" + +[ -d "$(dirname "$UPEX4C_outputfile")" ] || \ +{ printf "$0: Error, missing $(dirname "$UPEX4C_outputfile"), exiting.\n" 1>&2 ; exit 1 ; } + +if [ -f "$UE4CC" ]; then + . "$UE4CC" +else + echo >&2 "$0: Error, no $UE4CC, exiting." + exit 1 +fi + ++ ++UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated ++if [ "$(dirname ${UPEX4C_outputfile})" = "/var/lib/exim4" ] ; then ++ UPEX4C_tmp="${UPEX4C_outputfile}.tmp" ++else ++ UPEX4C_tmp="$(tempfile -m600 -p ex4)" ++fi ++ +lowerpipe() { + tr 'A-Z' 'a-z' +} + +lowercase() { + echo "$*" | lowerpipe +} + +check_ascii_pipe() { + IN="$(cat)" + # Use "abcdef... instead of a a-z or [:alnum:] here since the alternatives + # will also match non-ascii characters. + OUT="$(echo $IN | sed 's/[^-0-9ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\/\.!*@_~:;< \[\]]/_/g')" + if [ "$OUT" != "$IN" ]; then + echo >&2 "$0: non-ascii value $IN read from $UE4CC, sanitizing to $OUT" + fi + echo $OUT +} + +[ "${CFILEMODE}" = "" ] && CFILEMODE=644 +[ "${dc_use_split_config}" = "" ] && dc_use_split_config='false' +[ "${dc_localdelivery}" = "" ] && dc_localdelivery='mail_spool' +[ "${UPEX4C_comments:-}" = "" ] && UPEX4C_comments="${ue4c_keepcomments:-no}" + +TEMPLATEFILE="${UPEX4C_confdir}/exim4.conf.template" + +dc_use_split_config="$(lowercase $dc_use_split_config)" +UPEX4C_verbose="$(lowercase $UPEX4C_verbose)" + +if [ "${dc_use_split_config}" = "true" ]; then + [ "${UPEX4C_verbose}" = "yes" ] && \ + echo "using split configuration scheme from ${UPEX4C_confd}" + if ! [ -d "${UPEX4C_confd}" ]; then + printf >&2 "$0: Error, no ${UPEX4C_confd}, exiting.\n" + exit 1 + fi +else + [ "${UPEX4C_verbose}" = "yes" ] && \ + echo "using non-split configuration scheme from ${TEMPLATEFILE}" +fi + +# take only the first word from /etc/mailname +mailname="$(< /etc/mailname sed -n 's/\([-[:alnum:]@\.]\+\).*/\1/;p;q' | lowerpipe | check_ascii_pipe)" + +# barf if lookups are found. They have never been supported here. +if echo " ${dc_other_hostnames} ${dc_smarthost} ${dc_local_interfaces} ${dc_relay_nets} ${dc_relay_domains}"| grep -q '[[:space:]]\(partial-\)\?\(cdb\|dbm\|dbmnz\|\(d\|ipl\|\(n\?wild\)\?l\)search\|nis\)\([\*@]\)\?[[:space:]]*;'; then + echo >&2 "WARNING: using 'lookup;' constructs in $UE4CC has never been supported! See /usr/share/doc/exim4-config/NEWS.Debian.gz for details." +fi + +dc_other_hostnames="$(lowercase $dc_other_hostnames | check_ascii_pipe)" +# add localhost, get rid of spaces, trailing (semi)colons and make the list +# colon separated +local_domains="$(echo @:localhost:"${dc_other_hostnames}" | \ + sed -e 's/[;: ]*$//' -e 's/ *//' -e 's/;/:/g')" + - UPEX4C_internal_tmp="$(tempfile -m600 -p ex4)" - - trap "rm -f ${UPEX4C_internal_tmp}" EXIT INT TERM + +# run-parts emulation, stolen from Branden's /etc/X11/Xsession +# Addition: Use file.rul instead if file if it exists. +run_parts () { + # reset LC_COLLATE + unset LANG LC_COLLATE LC_ALL + + if [ -z "$1" ]; then + errormessage "$0: internal run_parts called without an argument" + fi + if [ ! -d "$1" ]; then + errormessage "$0: internal run_parts called, but $1 does not exist or is not a directory." + fi + for F in $(ls $1); do + if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then + if [ -f "$1/$F" ] ; then + if [ -f "$1/${F}.rul" ] ; then + echo "$1/${F}.rul" + else + echo "$1/$F" + fi + fi + else + if [ "${UPEX4C_verbose}" = "yes" ] && \ + [ -f "$1/$F" ] && \ + ! expr "$F" : '[[:alnum:]_-]\+\.rul'> /dev/null 2>&1 ; then + echo \ + "internal run-parts: ignoring file: $1/$F" 1>&2 + fi + fi + done; +} +# also from Branden +errormessage () { + # pretty-print messages of arbitrary length (no trailing newline) + echo "$*" | fold -s -w ${COLUMNS:-80} >&2; +} + +cat_parts() { + if [ -z "$1" ]; then + errormessage "$0: internal cat_parts called without an argument" + fi + if [ ! -d "$1" ]; then + errormessage "$0: internal cat_parts called, but $1 does not exist or is not a directory." + fi + for file in $(run_parts $1); do + echo "#####################################################" + echo "### $file" + echo "#####################################################" + cat "$file" + echo + echo "#####################################################" + echo "### end $file" + echo "#####################################################" + done +} + +gentmpconf() { - rm -f "${UPEX4C_outputfile}.tmp" - touch "${UPEX4C_outputfile}.tmp" ++ rm -f "${UPEX4C_tmp}" ++ touch "${UPEX4C_tmp}" + # this can be removed by the end of 2007 + #chown --reference=${TEMPLATEFILE} \ - # ${UPEX4C_outputfile}.tmp ${UPEX4C_outputfile} ++ # ${UPEX4C_tmp} ${UPEX4C_outputfile} + #chmod --reference=${TEMPLATEFILE} \ - # ${UPEX4C_outputfile}.tmp ${UPEX4C_outputfile} ++ # ${UPEX4C_tmp} ${UPEX4C_outputfile} + if [ "$(id -u)" = "0" ]; then - chown root:Debian-exim "${UPEX4C_outputfile}.tmp" ++ chown root:Debian-exim "${UPEX4C_tmp}" + [ -e "${UPEX4C_outputfile}" ] && \ + chown root:Debian-exim "${UPEX4C_outputfile}" + fi - chmod 640 "${UPEX4C_outputfile}.tmp" ++ chmod 640 "${UPEX4C_tmp}" + if [ -e "${UPEX4C_outputfile}" ]; then + chmod 640 "${UPEX4C_outputfile}" + fi +} + +removecomments(){ + if [ "${UPEX4C_comments}" = "no" ] ; then + grep -E -v '^[[:space:]]*#' | sed -e '/^$/N;/\n$/D' ; + else + cat + fi +} + +gentmpconf + - cat << EOF >> "${UPEX4C_outputfile}.tmp" ++cat << EOF >> "${UPEX4C_tmp}" +######### +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# This file was generated dynamically from +EOF + +if [ "${dc_use_split_config}" = "true" ] ; then - cat << EOF >> "${UPEX4C_outputfile}.tmp" ++cat << EOF >> "${UPEX4C_tmp}" +# split config files in the $UPEX4C_confd/ directory. +EOF +else - cat << EOF >> "${UPEX4C_outputfile}.tmp" ++cat << EOF >> "${UPEX4C_tmp}" +# non-split config ($UPEX4C_confdir/exim4.conf.localmacros +# and $UPEX4C_confdir/exim4.conf.template). +EOF +fi + - cat << EOF >> "${UPEX4C_outputfile}.tmp" ++cat << EOF >> "${UPEX4C_tmp}" +# The config files are supplemented with package installation/configuration +# settings managed by debconf. This data is stored in +# $UPEX4C_confdir/update-exim4.conf.conf +# Any changes you make here will be lost. +# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8) +# for instructions of customization. +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +######### +EOF + +# handle ";" in input values as separator change + +for field in $UPEX4C_semicolon; do + if eval echo \$$field | grep -q ";"; then + eval temp=\$$field + if ! echo $temp | grep -q "^<"; then + temp="<; $temp" + eval "$field='$temp'" + fi + fi +done + +# fix up smarthost line: change semicolons into single colons +dc_smarthost="$(lowercase $dc_smarthost | check_ascii_pipe | sed 's/;/:/g')" + +dc_relay_nets="$(lowercase $dc_relay_nets | check_ascii_pipe)" + +if echo "$dc_relay_nets" | grep -q '^<;'; then + dc_relay_nets="$dc_relay_nets ; 127.0.0.1 ; ::1" +else + dc_relay_nets="$dc_relay_nets : 127.0.0.1 : ::::1" +fi + +dc_eximconfig_configtype="$(lowercase $dc_eximconfig_configtype | check_ascii_pipe)" +dc_hide_mailname="$(lowercase $dc_hide_mailname | check_ascii_pipe)" +dc_readhost="$(lowercase $dc_readhost | check_ascii_pipe)" +case "$dc_eximconfig_configtype" in + satellite|smarthost) + if [ "${dc_hide_mailname}" = "true" ] && [ -n "${dc_readhost}" ] ; then + hide_mailname=1 + fi + ;; + local) + ;; + internet) + ;; + none|*) + if [ "${dc_use_split_config}" = "true" ] ; then + for i in ${UPEX4C_sections} ; do + cat_parts "${UPEX4C_confd}/$i" + done | \ + removecomments \ - >> "${UPEX4C_outputfile}.tmp" ++ >> "${UPEX4C_tmp}" + else + LOCALMACROS="" + if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then + LOCALMACROS="/etc/exim4/exim4.conf.localmacros" + fi + cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" | \ + removecomments \ - >> "${UPEX4C_outputfile}.tmp" ++ >> "${UPEX4C_tmp}" + fi - mv -f "${UPEX4C_outputfile}.tmp" "${UPEX4C_outputfile}" ++ mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}" + chmod "${CFILEMODE}" "${UPEX4C_outputfile}" + [ "${UPEX4C_verbose}" = "yes" ] && \ + echo "Not substituting variables since conftype is none (or other)" + exit 0 + ;; +esac + +UPEX4C_macros="##############################################\n" +UPEX4C_macros="${UPEX4C_macros}# the following macro definitions were created\n" +UPEX4C_macros="${UPEX4C_macros}# dynamically by $0\n" + +preprocess_macro() { + macroname="${1:-}" + shift + contents="$(lowercase ${@:-empty} | check_ascii_pipe)" + printf "%s" ".ifndef $macroname\n$macroname=$contents\n.endif\n" +} + +seed_macro() { + UPEX4C_macros="${UPEX4C_macros}$(preprocess_macro "$1" "$2")" +} + +file2macros() { + file="$1" + < $1 \ + sed -n '/^[[:upper:]]/p;' | \ + grep -v '^CFILEMODE=' | \ + while read line; do + errormessage "undocumented line $line found in $1, generating exim macro" + left="$(echo $line | sed 's/\([^=]*\).*/\1/')" + right="$(echo $line | sed 's/[^=]*=\(.*\)/\1/')" + preprocess_macro "$left" "$right" + done +} + +if [ "${dc_local_interfaces}" != "" ] ; then + seed_macro "MAIN_LOCAL_INTERFACES" "${dc_local_interfaces}" +fi + +if [ "${dc_minimaldns}" = "true" ] ; then + seed_macro "DC_minimaldns" "1" + if guessed_name="$(hostname --fqdn | lowerpipe | check_ascii_pipe | grep '\.')" ; then + seed_macro "MAIN_HARDCODE_PRIMARY_HOSTNAME" "$guessed_name" + else + errormessage "hostname --fqdn did not return a fully qualified name, dc_minimaldns will not work. Please fix your /etc/hosts setup." + fi +fi + +if [ -n "${hide_mailname:-}" ]; then + seed_macro "HIDE_MAILNAME" "${hide_mailname:-}" +fi +seed_macro "MAIN_PACKAGE_VERSION" "$UPEX4C_version" +seed_macro "MAIN_LOCAL_DOMAINS" "${local_domains}" +seed_macro "MAIN_RELAY_TO_DOMAINS" "${dc_relay_domains}" +seed_macro "ETC_MAILNAME" "$mailname" +seed_macro "LOCAL_DELIVERY" "${dc_localdelivery}" +seed_macro "MAIN_RELAY_NETS" "${dc_relay_nets}" +seed_macro "DCreadhost" "${dc_readhost}" +seed_macro "DCsmarthost" "${dc_smarthost}" +seed_macro "DC_eximconfig_configtype" "${dc_eximconfig_configtype}" +seed_macro "DCconfig_${dc_eximconfig_configtype}" "1" + +# dump everything starting with a capital into macros as well +# this is going to stay undocumented, but fixes PEBCAK where people write +# macros into ue4cc. + +UPEX4C_macros="${UPEX4C_macros}$(file2macros $UE4CC)" + +UPEX4C_macros="${UPEX4C_macros}##############################################\n" + +case "${dc_use_split_config}" in +true) + for i in ${UPEX4C_sections} ; do + echo "# begin processing $i #####" + cat_parts "${UPEX4C_confd}/$i" + echo "# end of $i #####" + done \ + | removecomments \ + | sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \ - >> "${UPEX4C_outputfile}.tmp" ++ >> "${UPEX4C_tmp}" + RELEVANTTEMPLATE="$UPEX4C_confd" +;; +false) + if [ ! -r "$TEMPLATEFILE" ] ; then + echo "Error: Unsplit config selected and $TEMPLATEFILE missing ... exiting" 1>&2 + exit 1 + fi + LOCALMACROS="" + if [ -e "/etc/exim4/exim4.conf.localmacros" ]; then + LOCALMACROS="${UPEX4C_confdir}/exim4.conf.localmacros" + fi + cat "${LOCALMACROS:-/dev/null}" "${TEMPLATEFILE:-/dev/null}" \ + | removecomments \ + | sed "s|^\(UPEX4CmacrosUPEX4C.*\)$|\1\n$UPEX4C_macros|" \ - >> "${UPEX4C_outputfile}.tmp" ++ >> "${UPEX4C_tmp}" + RELEVANTTEMPLATE="$TEMPLATEFILE" +;; +*) + errormessage "Invalid value for dc_use_split_config: \"${dc_use_split_config}\", exiting." - rm -f "${UPEX4C_outputfile}.tmp" ++ rm -f "${UPEX4C_tmp}" + exit 1 +;; +esac + +# check for left-over DEBCONF strings that may cause installation trouble +# (fix PEBCAK for people who don't accept conffile changes and don't +# read docs) +if grep -qr '^[^#]*DEBCONF[[:lower:]_]\+DEBCONF' $RELEVANTTEMPLATE \ + && ! grep -qr '^[[:space:]]*DEBCONFstringOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then + errormessage "DEBCONFsomethingDEBCONF found in exim configuration. This is most probably caused by you upgrading to exim4 4.67-3 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-2 and 4.67-4" +fi + +# check for left-over UPEX4CmacrosUPEX4C comment string that may cause +# installation trouble (fix PEBCAK for people who don't accept conffile +# changes and don't read docs) +if grep -qr '# UPEX4CmacrosUPEX4C' $RELEVANTTEMPLATE \ + && ! grep -qr '^[[:space:]]*UPEX4CmacrosOK_config_adapted[[:space:]]*=' $RELEVANTTEMPLATE; then + errormessage "UPEX4CmacrosUPEX4C found in an exim configuration comment. This is most probably caused by you upgrading to exim4 4.67-5 or later without accepting the suggested conffile changes. Please read /usr/share/doc/exim4-config/NEWS.Debian.gz for 4.67-5" +fi + + - # test validity if called without -o - if [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] && \ - [ -x "${EXIM}" ] ; then - if ! "${EXIM}" -C "${UPEX4C_outputfile}.tmp" -bV > /dev/null ; then - # we have an error in the configuration file. Do not install - # and activate. However, errors in string expansions inside - # the configuration file are not detected by this check! - errormessage "Invalid new configfile ${UPEX4C_outputfile}.tmp, not installing ${UPEX4C_outputfile}.tmp to ${UPEX4C_outputfile}" - exit 1 ++# test validity if called without -o or if --check was supplied ++if [ "${UPEX4C_outputfile}" = "${UPEX4C_autoconfigfile}" ] || \ ++ [ "x${UPEX4C_check}" = "xyes" ]; then ++ if [ -x "${EXIM}" ] ; then ++ if ! "${EXIM}" -C "${UPEX4C_tmp}" -bV > /dev/null ; then ++ # we have an error in the configuration file. Do not install ++ # and activate. However, errors in string expansions inside ++ # the configuration file are not detected by this check! ++ errormessage "Invalid new configfile ${UPEX4C_tmp}, not installing ${UPEX4C_tmp} to ${UPEX4C_outputfile}" ++ exit 1 ++ fi + fi +fi ++if [ "x${UPEX4C_check}" = "xyes" ]; then ++ rm -f "${UPEX4C_tmp}" ++ exit 0 ++fi + - mv -f "${UPEX4C_outputfile}.tmp" "${UPEX4C_outputfile}" ++mv -f "${UPEX4C_tmp}" "${UPEX4C_outputfile}" +chmod "${CFILEMODE}" "${UPEX4C_outputfile}" + +# end of file diff --cc debian/example.conf.md5 index ba51e3a,0000000..c16aa76 mode 100644,000000..100644 --- a/debian/example.conf.md5 +++ b/debian/example.conf.md5 @@@ -1,1 -1,0 +1,1 @@@ - c181c27925094f50dbb2f1388602cf03 - ++855d721412eba13426a8781cc804157d - diff --cc debian/exim4-base.exim4.init index 67a1059,0000000..8bc24e3 mode 100644,000000..100644 --- a/debian/exim4-base.exim4.init +++ b/debian/exim4-base.exim4.init @@@ -1,275 -1,0 +1,279 @@@ +#! /bin/sh +# /etc/init.d/exim4 +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by Ian Murdock . +# Modified for exim by Tim Cutts - # Modified for exim4 by Andreas Metzler ++# Modified for exim4 by Andreas Metzler +# and Marc Haber + +### BEGIN INIT INFO +# Provides: exim4 +# Required-Start: $remote_fs $syslog $named $network $time +# Required-Stop: $remote_fs $syslog $named $network +# Should-Start: postgresql mysql clamav-daemon greylist spamassassin +# Should-Stop: postgresql mysql clamav-daemon greylist spamassassin +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: exim Mail Transport Agent +# Description: exim is a Mail Transport agent +### END INIT INFO + +set -e + +test -x /usr/lib/exim4/exim4 || exit 0 + +. /lib/lsb/init-functions + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +LANG=C +export LANG + +#read default file +QUEUERUNNER='combined' +QUEUEINTERVAL='30m' +UPEX4OPTS='' - PIDFILE="/var/run/exim4/exim.pid" - QRPIDFILE="/var/run/exim4/eximqr.pid" +[ -f /etc/default/exim4 ] && . /etc/default/exim4 ++PIDFILE="/run/exim4/exim.pid" ++QRPIDFILE="/run/exim4/eximqr.pid" + +upex4conf() { + UPEX4CONF="update-exim4.conf" + OLDIFS="$IFS" + IFS=: + for p in $PATH; do + if [ -x "$p/$UPEX4CONF" ]; then + IFS="$OLDIFS" - $p/$UPEX4CONF $UPEX4OPTS ++ $p/$UPEX4CONF $UPEX4OPTS $1 + return 0 + fi + done + IFS="$OLDIFS" +} + +# Exit if exim runs from /etc/inetd.conf +if [ -f /etc/inetd.conf ] && grep -E -q '^[[:space:]]*((\*|[[:alnum:].-]+):)?smtp[[:space:]]' /etc/inetd.conf +then + upex4conf + exit 0 +fi + + +DAEMON="/usr/sbin/exim4" +NAME="exim4" + +# this is from madduck on IRC, 2006-07-06 +# There should be a better possibility to give daemon error messages +# and/or to log things +log() +{ + case "$1" in + [[:digit:]]*) success=$1; shift;; + *) :;; + esac + log_action_begin_msg "$1"; shift + log_action_end_msg ${success:-0} "$*" +} + +start_exim() +{ - [ -e /var/run/exim4 ] || \ - install -d -oDebian-exim -gDebian-exim -m750 /var/run/exim4 ++ [ -e /run/exim4 ] || \ ++ install -d -oDebian-exim -gDebian-exim -m750 /run/exim4 + case ${QUEUERUNNER} in + combined) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -bd "-q${QFLAGS}${QUEUEINTERVAL}" \ + ${COMMONOPTIONS} \ + ${QUEUERUNNEROPTIONS} \ + ${SMTPLISTENEROPTIONS} + log_progress_msg "exim4" + ;; + separate) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -bd \ + ${COMMONOPTIONS} \ + ${SMTPLISTENEROPTIONS} + log_progress_msg "exim4_listener" + start_daemon -p "$QRPIDFILE" \ + "$DAEMON" -oP $QRPIDFILE \ + "-q${QFLAGS}${QUEUEINTERVAL}" \ + ${COMMONOPTIONS} \ + ${QUEUERUNNEROPTIONS} + log_progress_msg "exim4_queuerunner" + ;; + queueonly) - start_daemon -p "$QRPIDFILE" \ - "$DAEMON" -oP $QRPIDFILE \ ++ start_daemon -p "$PIDFILE" \ ++ "$DAEMON" -oP $PIDFILE \ + "-q${QFLAGS}${QUEUEINTERVAL}" \ + ${COMMONOPTIONS} \ + ${QUEUERUNNEROPTIONS} + log_progress_msg "exim4_queuerunner" + ;; + no|ppp) + start_daemon -p "$PIDFILE" \ + "$DAEMON" -bd \ + ${COMMONOPTIONS} \ + ${SMTPLISTENEROPTIONS} + log_progress_msg "exim4_listener" + ;; + nodaemon) + ;; + esac +} + +stop_exim() +{ +# we try to kill eximqr and exim SMTP listener, no matter what +# ${QUEUERUNNER} is set to, we could have switched since starting. + if [ -f "$QRPIDFILE" ]; then + killproc -p "$QRPIDFILE" "$DAEMON" + # exim does not remove the pidfile + if [ $? -eq 0 ] ; then rm -f "$QRPIDFILE" ; fi + log_progress_msg "exim4_queuerunner" + fi + if [ -f "$PIDFILE" ]; then + killproc -p "$PIDFILE" "$DAEMON" + # exim does not remove the pidfile + if [ $? -eq 0 ] ; then rm -f "$PIDFILE" ; fi + log_progress_msg "exim4_listener" + fi +} + +reload_exim() +{ + case ${QUEUERUNNER} in - combined|no|ppp) ++ combined|no|ppp|queueonly) + killproc -p "$PIDFILE" "$DAEMON" -HUP + log_progress_msg "exim4" + ;; + separate) + killproc -p "$PIDFILE" "$DAEMON" -HUP + log_progress_msg "exim4_listener" + killproc -p "$QRPIDFILE" "$DAEMON" -HUP + log_progress_msg "exim4_queuerunner" + ;; + esac +} + +kill_all_exims() +{ SIG="${1:-TERM}" + for pid in $(pidof $NAME); do + if [ "$(readlink /proc/$pid/root)" = "/" ]; then + kill -$SIG $pid + fi + done +} + +status() +{ + # the exit value of this function reflects the status of the SMTP + # service. Output shows the status of the queue runner as well. + SMTPNAME="SMTP listener daemon" + QRNAME="separate queue runner daemon" + if [ "${QUEUERUNNER}" = "combined" ]; then + SMTPNAME="combined SMTP listener and queue runner daemon" ++ elif [ "${QUEUERUNNER}" = "queueonly" ]; then ++ SMTPNAME="separate queue runner daemon" + fi + log_action_begin_msg "checking $QRNAME" + if pidofproc -p "$QRPIDFILE" "$DAEMON" >/dev/null; then + log_action_end_msg 0 "running" + else + if [ -e "$QRPIDFILE" ]; then + log_action_end_msg 1 "$QRNAME failed" + else + log_action_end_msg 0 "not running" + fi + fi + log_action_begin_msg "checking $SMTPNAME" + if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then + log_action_end_msg 0 "running" + exit 0 + else + if [ -e "$PIDFILE" ]; then + log_action_end_msg 1 "$SMTPNAME failed" + exit 1 + else + log_action_end_msg 0 "not running" + exit 3 + fi + fi +} + +# check for valid configuration file +isconfigvalid() +{ +if ! $DAEMON -bV > /dev/null ; then + log 1 "Warning! Invalid configuration file for $NAME. Exiting." + exit 1 +fi +} + +# check for non-empty paniclog +warn_paniclog() +{ + if [ -s "/var/log/exim4/paniclog" ]; then + if [ -z "$E4BCD_PANICLOG_NOISE" ] || grep -vq "$E4BCD_PANICLOG_NOISE" /var/log/exim4/paniclog; then + echo "ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken" 1>&2 + fi + fi +} + +case "$1" in + start) + log_daemon_msg "Starting MTA" + # regenerate exim4.conf + upex4conf + isconfigvalid + start_exim + log_end_msg 0 + warn_paniclog + ;; + stop) + log_daemon_msg "Stopping MTA" + stop_exim + log_end_msg 0 + warn_paniclog + ;; + restart) ++ # check whether newly generated config would work ++ upex4conf --check + log_daemon_msg "Stopping MTA for restart" ++ stop_exim + # regenerate exim4.conf + upex4conf + isconfigvalid - stop_exim + log_end_msg 0 + sleep 2 + log_daemon_msg "Restarting MTA" + start_exim + log_end_msg 0 + warn_paniclog + ;; + reload|force-reload) + log_daemon_msg "Reloading $NAME configuration files" + # regenerate exim4.conf + upex4conf + isconfigvalid + reload_exim + log_end_msg 0 + warn_paniclog + ;; + status) + status + ;; + force-stop) + kill_all_exims $2 + ;; + *) - echo "Usage: $0 {start|stop|restart|reload|status|what|force-stop}" ++ echo "Usage: $0 {start|stop|restart|reload|status|force-stop}" + exit 1 + ;; +esac + +exit 0 +# vim:tabstop=2:expandtab:shiftwidth=2 diff --cc debian/exim4-base.install index 8e16f3e,0000000..f07dd6a mode 100644,000000..100644 --- a/debian/exim4-base.install +++ b/debian/exim4-base.install @@@ -1,1 -1,0 +1,3 @@@ +debian/script usr/share/bug/exim4-base ++debian/gnutls-params-2048 usr/share/exim4 ++debian/exim4_refresh_gnutls-params usr/share/exim4 diff --cc debian/exim4-base.postinst index 66e9a1a,0000000..4972855 mode 100644,000000..100644 --- a/debian/exim4-base.postinst +++ b/debian/exim4-base.postinst @@@ -1,103 -1,0 +1,103 @@@ +#!/bin/sh + +set -e +. /usr/share/debconf/confmodule + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +db_version 2.0 + +BDBVERSION=5.3 + +case "$1" in + configure) + + if ! getent passwd Debian-exim > /dev/null ; then + echo 'Adding system-user for exim (v4)' 1>&2 + adduser --system --group --quiet --home /var/spool/exim4 \ + --no-create-home --disabled-login --force-badname Debian-exim + fi + # Create directories for log etc + # install also fixes permissions. + install -d -oDebian-exim -gadm -m2750 /var/log/exim4 - install -d -oDebian-exim -gDebian-exim -m750 /var/run/exim4 ++ install -d -oDebian-exim -gDebian-exim -m750 /run/exim4 + install -d -oDebian-exim -gDebian-exim -m750 /var/spool/exim4 + install -d -oDebian-exim -gDebian-exim -m750 /var/spool/exim4/db \ + /var/spool/exim4/input /var/spool/exim4/msglog + + # fix permissions on upgrades + if dpkg --compare-versions "$2" le "4.30-1" ; then + find /var/log/exim4 /var/spool/exim4 -group mail \ + \( -type f -or -type d \) -print0 | \ + xargs -0r chgrp Debian-exim + find /var/log/exim4 /var/spool/exim4 -user mail \ + \( -type f -or -type d \) -print0 | \ + xargs -0r chown Debian-exim + fi + + # Paranoia check: On any db upgrade throw away hints + # databases. + if test -r /var/lib/exim4/berkeleydbvers.txt ; then + OLDBDB=`head -n1 /var/lib/exim4/berkeleydbvers.txt` + else + OLDBDB="unknown" + fi + if [ "$BDBVERSION" != "$OLDBDB" ] ; then + echo exim: DB upgrade, deleting hints-db 1>&2 + rm -f /var/spool/exim4/db/misc-* /var/spool/exim4/db/wait-* \ + /var/spool/exim4/db/callout* \ + /var/spool/exim4/db/retry* \ + /var/spool/exim4/db/ratelimit* \ + /var/spool/exim4/db/__db.retry \ + /var/spool/exim4/db/__db.misc* \ + /var/spool/exim4/db/__db.callout \ + /var/spool/exim4/db/__db.ratelimit \ + /var/spool/exim4/db/__db.wait* \ + /var/spool/exim4/db/log.* + echo "$BDBVERSION" > /var/lib/exim4/berkeleydbvers.txt + fi + # Check that db files are readable by this Exim's db library + dbfiles="" + for f in /var/spool/exim4/db/misc-* /var/spool/exim4/db/wait-* \ + /var/spool/exim4/db/callout* /var/spool/exim4/db/retry* \ + /var/spool/exim4/db/ratelimit* ; do + if [ -f "$f" ]; then + if echo $f | grep \.lockfile\$ >/dev/null 2>&1; then + : # ignore lock files + else + dbfiles="$dbfiles $(basename $f)" + fi + fi + done + for dbfile in $dbfiles; do + if exim_dumpdb /var/spool/exim4 $dbfile >/dev/null 2>&1; then + : # File OK + else + echo "Resetting invalid $dbfile hints db" 1>&2 + rm -f /var/spool/exim4/db/$dbfile \ + /var/spool/exim4/db/$dbfile.* \ + /var/spool/exim4/db/__db.${dbfile}.* \ + /var/spool/exim4/db/log.* + fi + done + + if [ -x "/etc/init.d/exim4" ]; then + update-rc.d exim4 defaults >/dev/null + fi + + # honor dpkg-statoverride settings for files not managed with dpkg + for pat in /var/\*/exim4 /var/\*/exim4/\*; do + [ $EX4DEBUG ] && eval echo "evaluate statoverride $pat" + eval dpkg-statoverride --list $pat | while read USER GROUP MODE FILE; do + [ $EX4DEBUG ] && echo "statoverride $USER $GROUP $MODE $FILE" + chown ${USER}:${GROUP} $FILE + chmod $MODE $FILE + done + done + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-base.postrm index 331bafd,0000000..c875e52 mode 100644,000000..100644 --- a/debian/exim4-base.postrm +++ b/debian/exim4-base.postrm @@@ -1,69 -1,0 +1,69 @@@ +#!/bin/sh + +set -e + +if [ -e /usr/share/debconf/confmodule ] ; then + . /usr/share/debconf/confmodule + export debconfavailable="yes" +fi + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +case "$1" in + remove) + # work around apt purging -base before even removing -daemon #261994. + # postrm is good enough, we just need the init-script which is a conffile. + if [ -x /etc/init.d/exim4 ]; then + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen - ls -al /var/run/exim4/ - cat /var/run/exim4/exim.pid ++ ls -al /run/exim4/ ++ cat /run/exim4/exim.pid + pidof exim4 + fi + if command -v invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d exim4 stop + else + /etc/init.d/exim4 stop + fi + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen - ls -al /var/run/exim4/ - cat /var/run/exim4/exim.pid ++ ls -al /run/exim4/ ++ cat /run/exim4/exim.pid + pidof exim4 + if pidof exim4; then + echo >&2 "WARN: There are some exim4 processes still running after stopping exim" + fi + fi + fi + rm -f /var/lib/exim4/berkeleydbvers.txt + ;; + purge) + update-rc.d exim4 remove > /dev/null + + # ask about purging mailqueue if debconf is available, keep it + # otherwise + if [ -e /var/spool/exim4/input ] \ + && ! rmdir /var/spool/exim4/input 2>/dev/null \ + && [ "$debconfavailable" = "yes" ]; then + db_version 2.0 + db_input medium exim4/purge_spool || true + db_go || true + db_get exim4/purge_spool + purge_spool="$RET" + if [ "${purge_spool}" = "true" ] ; then + rm -rf /var/spool/exim4/input + fi + fi + + # remove logs and pid-dir. - rm -rf /var/run/exim4 /var/log/exim4 /var/spool/exim4/msglog \ ++ rm -rf /run/exim4 /var/log/exim4 /var/spool/exim4/msglog \ + /var/spool/exim4/db /var/spool/exim4/exim-process.info \ + /var/spool/exim4/gnutls-params* + rmdir /var/spool/exim4 /var/lib/exim4 2> /dev/null || true + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-config.postinst index beaabf5,0000000..42d7b53 mode 100644,000000..100644 --- a/debian/exim4-config.postinst +++ b/debian/exim4-config.postinst @@@ -1,407 -1,0 +1,408 @@@ +#!/bin/sh + +set -e +export exim4postinstisrunning=true +. /usr/share/debconf/confmodule + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +UE4CC="/etc/exim4/update-exim4.conf.conf" + +db_version 2.0 + +get_value() { + db_get $1 + code="$?" + if [ "$code" -eq "0" ]; then + : + else + echo "Error getting debconf answer $1: debconf code=$code" >&2 + exit $code + fi +} + +write_header() { + cat < $UE4CC +# $UE4CC +# +# Edit this file and /etc/mailname by hand and execute update-exim4.conf +# yourself or use 'dpkg-reconfigure exim4-config' +# +# Please note that this is _not_ a dpkg-conffile and that automatic changes +# to this file might happen. The code handling this will honor your local +# changes, so this is usually fine, but will break local schemes that mess +# around with multiple versions of the file. +# +# update-exim4.conf uses this file to determine variable values to generate +# exim configuration macros for the configuration file. +# +# Most settings found in here do have corresponding questions in the +# Debconf configuration, but not all of them. +# +# This is a Debian specific file + +EOF +} + +addrootalias() { +# remove leading and ending whitespace, shrink multiple whitespace, separate +# entries with commas +poma="$(echo "$1" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' -e 's/[[:space:];][[:space:]]*/,/g')" +if [ "none" != "$poma" ] && [ "" != "$poma" ]; then + echo "root: ${poma}" >> /etc/aliases +fi +} + +#initialize /etc/aliases +writealiases() { +echo '# /etc/aliases' > /etc/aliases.tmp +echo 'mailer-daemon: postmaster' >> /etc/aliases.tmp +for i in postmaster nobody hostmaster usenet news webmaster www ftp abuse noc security ; do + echo "${i}: root" +done >> /etc/aliases.tmp +mv /etc/aliases.tmp /etc/aliases +} + +alias stripwhitespace="sed -e 's/^[[:blank:]]*//' -e 's/[[:blank:]]*$//'" + +# return success if md5sum matches file +unmodified() { + [ "$#" -eq 1 ] || return 1 + [ -f "$1" ] || return 1 + # first line, without the leading '# '. + checksum_current="$(sed -n -e '1s/^# //' -e '1p;1q' "$1")" + + # md5sum over the rest of the file. + # some versions of md5sum produce + # '68b329da9893e34099c7d8ad5cb9c940 -' others don't add the dash. + # '68b329da9893e34099c7d8ad5cb9c940' + checksum_new="$(sed -n '2,$p' "$1" | md5sum | cut -d\ -f1)" + + if [ "${checksum_current}" = "${checksum_new}" ] ; then + return 0 + else + return 1 + fi +} + +convert_to_long () +{ + case "$1" in + internet) + echo -n "internet site; mail is sent and received directly using SMTP" + ;; + smarthost) + echo -n "mail sent by smarthost; received via SMTP or fetchmail" + ;; + satellite) + echo -n "mail sent by smarthost; no local mail" + ;; + local) + echo -n "local delivery only; not on a network" + ;; + none) + echo -n "no configuration at this time" + ;; + esac +} + +convert_to_short () +{ + case "$1" in + "internet site; mail is sent and received directly using SMTP") + echo -n "internet" + ;; + "mail sent by smarthost; received via SMTP or fetchmail") + echo -n "smarthost" + ;; + "mail sent by smarthost; no local mail") + echo -n "satellite" + ;; + "local delivery only; not on a network") + echo -n "local" + ;; + "no configuration at this time") + echo -n "none" + ;; + esac +} + +convert_transport_to_long () +{ + case "$1" in + maildir_home) + echo -n "Maildir format in home directory" + ;; + mail_spool) + echo -n "mbox format in /var/mail/" + ;; + *) + echo -n "locally customized" + ;; + esac +} +convert_transport_to_short () +{ + case "$1" in + "Maildir format in home directory") + echo -n "maildir_home" + ;; + "mbox format in /var/mail/") + echo -n "mail_spool" + ;; + *) + echo -n "custom" + ;; + esac +} + +# remove orphaned autogenerated conffile if unmodified. 4.20-2. +if [ "$1" = "configure" ] && \ + dpkg --compare-versions "$2" le-nl "4.20-1" ; then + + for i in /etc/exim4/conf.d/rewrite/30_exim4-config_email-addresses \ + /etc/exim4/conf.d/rewrite/35_exim4-config_masquerade ; do + if unmodified "$i"; then + echo "Removing orphaned unmodified configfile $i" 1>&2 + rm "$i" + fi + done + +fi +if [ "$1" = "configure" ] && \ + dpkg --compare-versions "$2" le-nl "4.20-2" ; then + if unmodified "/etc/exim4/conf.d/main/03_exim4-config_neverusers"; then + echo "Removing orphaned unmodified configfile /etc/exim4/conf.d/main/03_exim4-config_neverusers" 1>&2 + rm "/etc/exim4/conf.d/main/03_exim4-config_neverusers" + fi +fi + +# Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 +# and #182206. +if [ "$1" = "configure" ] &&\ - [ -x /usr/sbin/update-inetd ] && [ ! -x /usr/sbin/exim ] && \ ++ which update-inetd > /dev/null && which exim > /dev/null && \ ++ [ -f /etc/inetd.conf ] && \ + grep -E -q '^smtp[[:space:]]*stream[[:space:]]*tcp[[:space:]]*nowait[[:space:]]*mail[[:space:]]*/usr/sbin/+exim exim -bs' /etc/inetd.conf +then + update-inetd --comment-chars \#disabled\# \ + --pattern '/usr/sbin/exim exim -bs' --disable smtp +fi + +if [ "$1" = "configure" ] &&\ + ! getent passwd Debian-exim > /dev/null ; then + echo 'Adding system-user for exim (v4)' 1>&2 + adduser --system --group --quiet --home /var/spool/exim4 \ + --no-create-home --disabled-login --force-badname Debian-exim +fi + +# fix permissions of /etc/exim4/passwd.client +if [ "$1" = "configure" ] ; then + if ! dpkg-statoverride --list /etc/exim4/passwd.client > /dev/null 2>&1 + then + dpkg-statoverride --update --add root Debian-exim 0640 \ + /etc/exim4/passwd.client + fi + + if dpkg --compare-versions "$2" le "4.30-1" ; then + find /etc/exim4 -user mail \( -type f -or -type d \) -print |\ + while read i ; + do + if ! dpkg-statoverride --list "$i" > /dev/null ; then + chown Debian-exim "$i" + fi + done + find /etc/exim4 -group mail \( -type f -or -type d \) -print |\ + while read i ; + do + if ! dpkg-statoverride --list "$i" > /dev/null ; then + chgrp Debian-exim "$i" + fi + done + fi +fi + +case "$1" in + configure) + # Configure Exim############################## + ############################################## + # valid config directives + dc_directives="dc_eximconfig_configtype dc_other_hostnames dc_local_interfaces dc_readhost dc_relay_domains dc_minimaldns dc_relay_nets dc_smarthost CFILEMODE dc_use_split_config dc_hide_mailname dc_mailname_in_oh dc_localdelivery" + # Generate config-file if it does not yet exist + if [ ! -e $UE4CC ] ; then + write_header + for variable in ${dc_directives} ; do + echo "${variable}=" + done >> $UE4CC + fi + + # If this is a fresh installation generate dummy files, which + # will be overwritten by update-exim4.conf + # if we add stuff later, we have to compare versions: + # if [ -z "$2" ] || [ "$2" = "" ] || dpkg --compare-versions "$2" lt "4.14-0.4" ; then + # for file in /etc/exim4/conf.d/main/03_exim4-config_neverusers ;do + # if [ ! -f "$file" ] ; then + # echo "# d41d8cd98f00b204e9800998ecf8427e" > "$file" + # chmod 644 "$file" + # fi + # done + #fi + + # generate defaultfile + update-exim4defaults --init + + # source $UE4CC - needed for not + # debconf-managed values in there. + . $UE4CC + + # Substitute values from debconf db + db_get exim4/dc_eximconfig_configtype || true + dc_eximconfig_configtype="$(convert_to_short "$RET")" + db_get exim4/dc_local_interfaces || true + dc_local_interfaces="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/dc_other_hostnames || true + dc_other_hostnames="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/dc_readhost || true + dc_readhost="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/dc_relay_domains || true + dc_relay_domains="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/dc_relay_nets || true + dc_relay_nets="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/dc_smarthost || true + dc_smarthost="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/dc_minimaldns || true + dc_minimaldns="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/mailname || true + mailname="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/use_split_config || true + dc_use_split_config="$(printf '%s\n' "$RET" | stripwhitespace)" + db_get exim4/hide_mailname || true + dc_hide_mailname="$(printf '%s\n' "$RET" | stripwhitespace)" + + # overwrite dc_localdelivery with value stored in debconf db unless + # it is set to something else than maildir_home or mail_spool. + if [ "${dc_localdelivery}" = "" ] || + [ "$(convert_transport_to_long ${dc_localdelivery})" != "locally customized" ] ; then + db_get exim4/dc_localdelivery || true + dc_localdelivery="$(convert_transport_to_short "$RET")" + fi + + if [ -r /var/lib/exim4/addmailname2oh ] ; then + # .config added mailname to other hostnames, 2nd run of config script + # will have overwritten this change in debcond-db, therefore we need + # to store this externally, too. + . /var/lib/exim4/addmailname2oh + rm -f /var/lib/exim4/addmailname2oh + fi + db_fget "exim4/dc_other_hostnames" mailname || true + dc_mailname_in_oh="$RET" + + [ "${CFILEMODE}" = "" ] && CFILEMODE=644 + + db_get exim4/dc_postmaster + dc_postmaster="$(printf '%s\n' "$RET" | stripwhitespace)" + + if [ ! -e /etc/aliases ] ; then + writealiases + fi + if ! grep -q '^root:[[:space:]]*[[:alnum:]]' /etc/aliases && \ + [ "${dc_postmaster}" != "none" ]; then + addrootalias "${dc_postmaster}" + fi + + ### write configuration to files # + # add missing items + for variable in ${dc_directives} ; do + if ! grep -E -q "^[[:space:]]*${variable}=" $UE4CC ; then + echo "${variable}=''" >> $UE4CC + fi + done + # insert new values, remove outdated ones. + + # Use environment variables to communicate data to awk, to + # avoid shell (or awk or sed) string expansion which may + # expand escape sequences. Note that the variables named in + # ${dc_directives} (but not the variable names themselves) may + # contain escaped characters like \N. + + export dc_directives ${dc_directives} + + awk ' + BEGIN { + split( ENVIRON["dc_directives"], directives, "[ \t]" ); + } + { + written = 0; + for ( i in directives ) + { + regex = "^[ \t]*" directives[i] "="; + if ( ( $0 ~ regex ) && ( ! written ) ) + { + # Add single quotes (\0x27) around the value. + print directives[i] "=\x27" ENVIRON[directives[i]] "\x27"; + written = 1; + break; + } + } + if ( ! written ) + print $0; + }' < ${UE4CC} > ${UE4CC}.tmp + + mv ${UE4CC}.tmp $UE4CC + + echo $mailname > /etc/mailname + ### configuration files written ## + + + if [ "${dc_eximconfig_configtype}" != "none" ]; then + update-exim4.conf + fi + # If dpkg-reconfigure was used implement the changes by restarting + # the daemon. + if [ "${DEBCONF_RECONFIGURE}" = "1" ] ; then + if [ -x /etc/init.d/exim4 ]; then + # use restart instead of reload, as changing listening + # interfaces cannot be done with HUP. + db_stop + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen - ls -al /var/run/exim4/ - cat /var/run/exim4/exim.pid ++ ls -al /run/exim4/ ++ cat /run/exim4/exim.pid + pidof exim4 + fi + if [ "$dc_eximconfig_configtype" = "none" ]; then + # we may have broken config here, ignore errors + invoke-rc.d exim4 restart || true + else + # we must have working config here, honor errors + invoke-rc.d exim4 restart + fi + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen - ls -al /var/run/exim4/ - cat /var/run/exim4/exim.pid ++ ls -al /run/exim4/ ++ cat /run/exim4/exim.pid + pidof exim4 + if pidof exim4; then + echo >&2 "WARN: There are some exim4 processes still running after stopping exim" + fi + fi + fi + fi + + ;; +esac + +# remove orphaned conffile if unmodified. 4.20-2. +if [ "$1" = "configure" ] && \ + dpkg --compare-versions "$2" le-nl "4.20-1" && \ + [ -e /etc/exim4/email-addresses ] && \ + [ "$(md5sum /etc/exim4/email-addresses | cut -d\ -f1)" = "6bea09fbb18e4676012105fa5fc726c6" ] +then + echo "Removing orphaned unmodified configfile /etc/exim4/email-addresses" 1>&2 + rm /etc/exim4/email-addresses +fi + + +#DEBHELPER# diff --cc debian/exim4-daemon-heavy-dbg.links index 0000000,0000000..a53f6ad new file mode 100644 --- /dev/null +++ b/debian/exim4-daemon-heavy-dbg.links @@@ -1,0 -1,0 +1,1 @@@ ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-heavy-dbg/changelog.gz diff --cc debian/exim4-daemon-light-dbg.links index 0000000,0000000..a8e778e new file mode 100644 --- /dev/null +++ b/debian/exim4-daemon-light-dbg.links @@@ -1,0 -1,0 +1,1 @@@ ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-daemon-light-dbg/changelog.gz diff --cc debian/exim4-daemon-light.postinst index 95578d7,0000000..1096ac8 mode 100644,000000..100644 --- a/debian/exim4-daemon-light.postinst +++ b/debian/exim4-daemon-light.postinst @@@ -1,35 -1,0 +1,60 @@@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +dc_eximconfig_configtype="other" +db_get exim4/dc_eximconfig_configtype || true +if [ "$RET" = "no configuration at this time" ]; then + dc_eximconfig_configtype="none" +fi + +case "$1" in + configure) + + # || true is needed for succesfull installation with configtype 'none' + if [ -x /etc/init.d/exim4 ]; then + db_stop + if [ "$dc_eximconfig_configtype" = "none" ]; then + # we may have broken config here, ignore errors + invoke-rc.d exim4 start || true + else + # we must have working config here, honor errors + invoke-rc.d exim4 start + fi + fi ++ ++ # set up DH-parameter file, update if older than 160 days ++ if test -e /var/spool/exim4/gnutls-params-2048 ; then ++ if [ `stat --format=%Y /var/spool/exim4/gnutls-params-2048` -le $(( `date +%s` - 13824000 )) ]; ++ then ++ echo "Updating GnuTLS DH parameter file" 1>&2 ++ /usr/share/exim4/exim4_refresh_gnutls-params ++ fi ++ else ++ echo "Initializing GnuTLS DH parameter file" 1>&2 ++ tempgnutls=$(tempfile --directory /var/spool/exim4 --mode 644 --prefix "gnutp") ++ chown Debian-exim:Debian-exim $tempgnutls ++ if [ -x /usr/bin/certtool ] && \ ++ timeout --preserve-status --kill-after=15 120 \ ++ certtool --generate-dh-params --bits 2048 > $tempgnutls ; then ++ mv $tempgnutls /var/spool/exim4/gnutls-params-2048 ++ else ++ rm -f $tempgnutls ++ install -m 644 -o Debian-exim -g Debian-exim \ ++ /usr/share/exim4/gnutls-params-2048 \ ++ /var/spool/exim4/gnutls-params-2048 ++ fi ++ fi ++ ++ + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-daemon-light.prerm index 8b7f855,0000000..ddda13c mode 100644,000000..100644 --- a/debian/exim4-daemon-light.prerm +++ b/debian/exim4-daemon-light.prerm @@@ -1,37 -1,0 +1,37 @@@ +#!/bin/sh + +set -e + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +case "$1" in + remove|upgrade) + if [ -x /etc/init.d/exim4 ]; then + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen - ls -al /var/run/exim4/ - cat /var/run/exim4/exim.pid ++ ls -al /run/exim4/ ++ cat /run/exim4/exim.pid + pidof exim4 + fi + if command -v invoke-rc.d >/dev/null 2>&1; then + invoke-rc.d exim4 stop + else + /etc/init.d/exim4 stop + fi + if [ -n "$EX4DEBUG" ]; then + netstat -tulpen - ls -al /var/run/exim4/ - cat /var/run/exim4/exim.pid ++ ls -al /run/exim4/ ++ cat /run/exim4/exim.pid + pidof exim4 + if pidof exim4; then + echo >&2 "WARN: There are some exim4 processes still running after stopping exim" + fi + fi + fi + ;; +esac + +#DEBHELPER# diff --cc debian/exim4-dbg.links index 0000000,0000000..de4f4be new file mode 100644 --- /dev/null +++ b/debian/exim4-dbg.links @@@ -1,0 -1,0 +1,1 @@@ ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/exim4-dbg/changelog.gz diff --cc debian/exim4_refresh_gnutls-params index 0000000,0000000..c16d2e2 new file mode 100755 --- /dev/null +++ b/debian/exim4_refresh_gnutls-params @@@ -1,0 -1,0 +1,52 @@@ ++#!/bin/sh ++set -e ++ ++if [ -n "$EX4DEBUG" ]; then ++ echo "now debugging $0 $@" ++ set -x ++fi ++ ++ ++# regenerate $EXIM4_SPOOLDIR/gnutls-params-* ++# As this can take _very_ long on machines with little entropy, we limit ++# the maximum runtime to 1800 seconds and keep using the ++# old file otherwise. ++ ++# Only do anything if exim4 is actually installed ++if [ ! -x /usr/lib/exim4/exim4 ]; then ++ exit 0 ++fi ++ ++# Only do anyting if TLS is enabled in exim ++if [ -z "$(/usr/lib/exim4/exim4 -bP tls_advertise_hosts | sed 's/.*=[[:space:]]\(.*\)/\1/')" ]; then ++ # TLS disabled ++ exit 0 ++fi ++ ++TIMEOUT=${1:-1800} ++ ++EXIM4_SPOOLDIR="${EXIM4_SPOOLDIR:-$(/usr/lib/exim4/exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')}" ++cd $EXIM4_SPOOLDIR ++ ++# loop over gnutls-params-files ++for paramfile in `find -maxdepth 1 -regex '\./gnutls-params-[0-9][0-9][0-9]*'` ; do ++ bits=`echo ${paramfile} | sed -e 's:\./gnutls-params-::'` ++ tempgnutls=$(tempfile --directory $EXIM4_SPOOLDIR --mode 644 --prefix "gnutp" ) ++ ++ if [ -x /usr/bin/certtool ] ; then ++ # GnuTLS ++ if timeout --preserve-status --kill-after=15 \ ++ "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits ${bits} \ ++ > "$tempgnutls" 2> /dev/null ; then ++ cat "$tempgnutls" > "${paramfile}" ; rm -f "$tempgnutls" ++ else ++ rm -f "$tempgnutls" ++ break ++ fi ++ else ++ # gnutls-bin not installed, let exim generate the DH params ++ rm -f "${paramfile}" "$tempgnutls" ++ fi ++done ++ ++# vim:tabstop=2:expandtab:shiftwidth=2 diff --cc debian/eximon4.links index 0000000,0000000..bdc19ec new file mode 100644 --- /dev/null +++ b/debian/eximon4.links @@@ -1,0 -1,0 +1,1 @@@ ++usr/share/doc/exim4-base/changelog.gz usr/share/doc/eximon4/changelog.gz diff --cc debian/gnutls-params-2048 index 0000000,0000000..8716426 new file mode 100644 --- /dev/null +++ b/debian/gnutls-params-2048 @@@ -1,0 -1,0 +1,31 @@@ ++generator: ++ 02: ++ ++prime: ++ b7:0b:a3:05:f1:f7:a1:65:11:e9:47:76:c3:58:f3:74 ++ 7e:3a:9e:ae:53:e2:5b:a3:0e:73:d3:32:c4:54:89:37 ++ f9:ab:84:3a:a1:48:ba:9c:16:49:3a:6e:f7:83:44:52 ++ 27:2c:64:55:99:1b:ed:f1:cb:cd:67:4e:c0:f3:16:dc ++ fa:78:ab:1b:b0:2e:47:81:80:1f:a0:61:e2:4c:cf:7d ++ e8:05:5d:91:ee:4d:65:9b:39:17:60:f4:84:cd:91:96 ++ f7:5a:e1:47:89:06:ab:48:54:60:44:43:c3:6a:10:d3 ++ ba:67:58:16:0c:10:9b:ed:de:4c:b2:cc:14:1b:c6:29 ++ 79:f8:42:be:2a:f4:b8:98:16:7f:30:a2:08:22:0b:ec ++ a8:d0:a7:8c:32:ef:b3:5d:eb:c6:9e:3f:1f:78:0d:75 ++ e9:bd:cf:a3:35:3c:e5:4b:05:f0:e2:c0:3d:2b:9c:ef ++ bc:cc:a3:66:1e:49:dd:1a:20:f0:f9:f2:cd:05:36:10 ++ b3:11:58:a5:a1:9d:eb:a8:ad:87:18:ea:3c:41:62:78 ++ c2:39:83:3e:60:f8:6a:5b:53:70:ad:07:f6:56:9e:f3 ++ 4f:53:74:00:01:13:ca:dc:7b:39:1f:bc:81:c3:a8:13 ++ d7:26:57:05:28:1f:f9:b7:6e:02:99:38:a0:6f:92:03 ++ ++ ++ ++-----BEGIN DH PARAMETERS----- ++MIIBCAKCAQEAtwujBfH3oWUR6Ud2w1jzdH46nq5T4lujDnPTMsRUiTf5q4Q6oUi6 ++nBZJOm73g0RSJyxkVZkb7fHLzWdOwPMW3Pp4qxuwLkeBgB+gYeJMz33oBV2R7k1l ++mzkXYPSEzZGW91rhR4kGq0hUYERDw2oQ07pnWBYMEJvt3kyyzBQbxil5+EK+KvS4 ++mBZ/MKIIIgvsqNCnjDLvs13rxp4/H3gNdem9z6M1POVLBfDiwD0rnO+8zKNmHknd ++GiDw+fLNBTYQsxFYpaGd66ithxjqPEFieMI5gz5g+GpbU3CtB/ZWnvNPU3QAARPK ++3Hs5H7yBw6gT1yZXBSgf+bduApk4oG+SAwIBAg== ++-----END DH PARAMETERS----- diff --cc debian/manpages/exim4-config_files.5 index dc4a52c,0000000..b217377 mode 100644,000000..100644 --- a/debian/manpages/exim4-config_files.5 +++ b/debian/manpages/exim4-config_files.5 @@@ -1,364 -1,0 +1,364 @@@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) - .TH EXIM4-CONFIG_FILES 5 "Jan 5, 2014" EXIM4 ++.TH EXIM4-CONFIG_FILES 5 "Jan 4, 2015" EXIM4 +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.\" \(oqthis text is enclosed in single quotes\(cq +.\" \(lqthis text is enclosed in double quotes\(rq +.SH NAME +exim4-config_files \- Files in use by the Debian exim4 packages +.SH SYNOPSIS +.br +/etc/aliases +.br +/etc/email\-addresses +.br +/etc/exim4/local_host_blacklist +.br +/etc/exim4/host_local_deny_exceptions +.br +/etc/exim4/local_sender_blacklist +.br +/etc/exim4/sender_local_deny_exceptions +.br +/etc/exim4/local_sender_callout +.br +/etc/exim4/local_rcpt_callout +.br +/etc/exim4/local_domain_dnsbl_whitelist +.br +/etc/exim4/hubbed_hosts +.br +/etc/exim4/passwd +.br +/etc/exim4/passwd.client +.br +/etc/exim4/exim.crt +.br +/etc/exim4/exim.key +.SH DESCRIPTION +This manual page describes the files that are in use by the Debian +exim4 packages and which are not part of an exim installation done +from source. +.SH /etc/aliases +is a table providing a mechanism to redirect mail for local +recipients. /etc/aliases is a text file which is roughly compatible +with Sendmail. The file should contain lines of the form +.br +name: address, address, ... +.br +The name is a local address without domain part. All local domains are +handled equally. For more detailed documentation, please refer to +/usr/share/doc/exim4\-base/spec.txt.gz, chapter 22, and to +/usr/share/doc/exim4\-base/README.Debian.gz. Please note that it +is not possible to use delivery to arbitrary files, directories and to +pipes. This is forbidden in Debian's exim4 default configuration. + +You should at least set up an alias for postmaster in the /etc/aliases +file. +.SH /etc/email\-addresses +is used to rewrite the email addresses of users. This is particularly +useful for users who use their ISP's domain for email. + +The file should contain lines of the form + +.br +user: someone@isp.com +.br +otheruser: someoneelse@anotherisp.com + +This way emails from user will appear to be from someone@isp.com to +the outside world. Technically, the from, reply\-to, and sender +addresses, along with the envelope sender, are rewritten for users that +appear to be in the local domain. + +.SH /etc/exim4/local_host_blacklist +.I [exim host list] +is an optional file containing a list of IP addresses, networks and +host names whose messages will be denied with the error message +"locally blacklisted". This is a full exim 4 host list, and all +available features can be used. This includes negative items, and so +it is possible to exclude addresses from being blacklisted. For +convenience, as an additional method to whitelist addresses from being +blocked, an explicit whitelist is read in from +/etc/exim4/host_local_deny_exceptions. Entries in the whitelist override +corresponding blacklist entries. + +In the blacklist, the trick is to read a line break as "or" if it +follows a positive item, and as "and" if it follows a negative item. + +For example, a /etc/exim4/local_host_blacklist + +.br +192.168.10.0/24 +.br +!172.16.10.128/26 +.br +172.16.10.0/24 +.br +10.0.0.0/8 + +Exim just evaluates left to right (or up-down in the file listing +context), so you don't get the same kind of operator binding as in a +programming language. + +.SH /etc/exim4/host_local_deny_exceptions +.I [exim host list] +contains a list of IP addresses, networks and host names whose +messages will be accepted despite the address is also listed in +/etc/exim4/local_host_blacklist, overriding a blacklisting. + +.SH /etc/exim4/local_sender_blacklist +.I [exim address list] +is an optional files containing a list of envelope senders whose +messages will be denied with the error message "locally blacklisted". +This is a full exim 4 address list, and all available features can be +used. This includes negative items, and so it is possible to exclude +addresses from being blacklisted. For convenience, as an additional +method to whitelist addresses from being blocked, an explicit +whitelist is read in from /etc/exim4/sender_local_deny_exceptions. Entries +in the whitelist override corresponding blacklist entries. + +In the blacklist, the trick is to read a line break as "or" if it +follows a positive item, and as "and" if it follows a negative item. + +For example, a /etc/exim4/local_sender_blacklist + +.br +domain1.example +.br +!local@domain2.example +.br +domain2.example +.br +domain3.example + +Exim just evaluates left to right (or up-down in the file listing +context), so you don't get the same kind of operator binding as in a +programming language. + +.SH /etc/exim4/sender_local_deny_exceptions +.I [exim address list] +is an optional file containing a list of envelope senders whose messages +will be accepted despite the address being also listed in +/etc/exim4/local_sender_blacklist, overriding a blacklisting. + +.SH /etc/exim4/local_sender_callout +.I [exim address list] +is an optional file containing a list of envelope senders whose +messages are subject to sender verification with a callout. This is a +full exim4 address list, and all available features can be used. + +.SH /etc/exim4/local_rcpt_callout +.I [exim address list] +is an optional file containing a list of envelope recipients for which +incoming messages are subject to recipient verification with a +callout. This is a full exim4 address list, and all available features +can be used. + +.SH /etc/exim4/local_domain_dnsbl_whitelist +.I [exim address list] +is an optional file containing a list of envelope senders whose +messages are exempt from blacklisting via a domain-based DNSBL. This +is a full exim4 address list, and all available features can be used. +This feature is intended to be used in case of a domain-based DNSBL +being too heavy handed, for example listing entire top-level domains +for their registry policies. + +.SH /etc/exim4/hubbed_hosts +.I [exim domain list] +is an optional file containing a list of route_data records which can +be used to override or augment MX information from the DNS. This is +particularly useful for mail hubs which are highest-priority MX for a +domain in the DNS but are not final destination of the messages, +passing them on to a host which is not publicly reachable, or to +temporarily fix mail routing in case of broken DNS setups. + +The file should contain key-value pairs of domain pattern and route +data of the form + +.br +domain: host-list options +.br +dict.ref.example: mail\-1.ref.example:mail\-2.ref.example +.br +foo.example: internal.mail.example.com +.br +bar.example: 192.168.183.3 + +which will cause mail for foo.example to be sent to the host +internal.mail.example (IP address derived from A record only), and +mail to bar.example to be sent to 192.168.183.3. + +See spec.txt chapter 20.3 through 20.7 for a more detailed explanation +of host list format and available options. + +.SH /etc/exim4/passwd +contains account and password data for SMTP authentication when the +local exim is SMTP server and clients authenticate to the local exim. + +The file should contain lines of the form + +.br +username:crypted-password:clear-password + +crypted-password is the crypt(3)-created hash of your password. You +can, for example, use the mkpasswd program from the whois package to +create a crypted password. It is recommended to use a modern hash +algorithm, see mkpasswd \-\-method=help. Consider not using crypt or MD5. + +clear-password is only necessary if you want to offer CRAM-MD5 +authentication. If you don't plan on doing so, the third column can be +omitted completely. + +This file must be readable for the Debian\-exim user and should not be +readable for others. Recommended file mode is root:Debian\-exim 640. + +.SH /etc/exim4/passwd.client +contains account and password data for SMTP authentication when exim +is authenticating as a client to some remote server. + +The file should contain lines of the form + +.br +target.mail.server.example:login-user-name:password + +which will cause exim to use login-user-name and password when sending +messages to a server with the canonical host name +target.mail.server.example. Please note that this does not configure +the mail server to send to (this is determined in Debconf), but only +creates the correlation between host name and authentication +credentials to avoid exposing passwords to the wrong host. + +Please note that target.mail.server.example is currently the value +that exim can read from reverse DNS: It first follows the host name of +the target system until it finds an IP address, and then looks up the +reverse DNS for that IP address to use the outcome of this query (or +the IP address itself should the query fail) as index into +/etc/exim4/passwd.client. + +This goes inevitably wrong if the host name of the mail server is a +CNAME (a DNS alias), or the reverse lookup does not fit the forward one. + +Currently, you need to manually lookup all reverse DNS names for all +IP addresses that your SMTP server host name points to, for example by +using the host command. If the SMTP smarthost alias expands to +multiple IPs, you need to have multiple lines for all the hosts. When +your ISP changes the alias, you will need to manually fix that. + +You may minimize this trouble by using a wild card entry or regular +expressions, thus reducing the risk of divulging the password to the +wrong SMTP server while reducing the number of necessary lines. For a +deeper discussion, see the Debian BTS #244724. + +password is your SMTP password in clear text. If you do not know about +your SMTP password, you can try using your POP3 password as a first +guess. + +This file must be readable for the Debian\-exim user and should not be +readable for others. Recommended file mode is root:Debian\-exim 640. + +.br +# example for CONFDIR/passwd.client +.br +# this will only match if the server's generic name matches exactly +.br +mail.server.example:user:password +.br +# this will deliver the password to any server +.br +*:username:password +.br +# this will deliver the password to servers whose generic name ends in +.br +# mail.server.example +.br +*.mail.server.example:user:password +.br +# this will deliver the password to servers whose generic name matches +.br +# the regular expression +.br - ^smtp[0\-9]*.mail.server.example:user:password ++^smtp[0\-9]*\\.mail\\.server\\.example:user:password +.br + +.SH /etc/exim4/exim.crt +contains the certificate that exim uses to initiate TLS connections. +This is public information and can be world readable. +/usr/share/doc/exim4\-base/examples/exim\-gencert can +be used to generate a private key and self-signed certificate. + +.SH /etc/exim4/exim.key +contains the private key belonging to the certificate in exim.crt. +This file's contents must be kept secret and should have mode +root:Debian\-exim 640. /usr/share/doc/exim4\-base/examples/exim\-gencert +can be used to generate a private key and self-signed certificate. + +.SH BUGS +Plenty. Please report them through the Debian BTS + +This manual page needs a major re-work. If somebody knows better groff +than us and has more experience in writing manual pages, any patches +would be greatly appreciated. + +.SH NOTES +.SS Unresolvable items in host lists + +Adding or keeping items in the abovementioned host lists which are not +resolvable by DNS has severe consequences. + +e.g. if resolving a +.B hostname +in local_host_blacklist returns a temporary error (DNS timeout) exim +will not be able to check whether a connecting host is part of the list. +Exim will therefore return a temporary SMTP error for +.I every +connecting host. + +On the other hand if there is a permanent error in resolving a name in the +host list (the record was removed from DNS) exim behaves as if the host +does not match the list. e.g. a local_host_blacklist consisting of + +notresolvable.example.com:rejectme.example.com + +is equivalent to an empty one. - Exim tries to match the IP-address of the - conecting host to notresolvable.example.com, resolving this IP by DNS ++connecting host to notresolvable.example.com, resolving this IP by DNS +fails, exim behaves as if the connecting host does not match the list. List +processing stops at this point! + +Starting the list with the special pattern +ignore_unknown as a +safeguard against this behavior is strongly recommended if hostnames are +used in hostlists. + +See Exim specification Chapter +.I Domain, host, address, and local part lists +, section +.I Behaviour when an IP address or name cannot be found. + + +.SH SEE ALSO +.br +.BR exim (8), +.br +.BR update\-exim4.conf(8), +.br +.BR /usr/share/doc/exim4\-base/, +.br +and for general notes and details about interaction with debconf +.BR /usr/share/doc/exim4\-base/README.Debian.gz + +.SH AUTHOR +Marc Haber with help from Ross Boylan. + diff --cc debian/manpages/update-exim4.conf.8 index 9d871b9,0000000..9a4efcb mode 100644,000000..100644 --- a/debian/manpages/update-exim4.conf.8 +++ b/debian/manpages/update-exim4.conf.8 @@@ -1,340 -1,0 +1,346 @@@ +.\" Hey, EMACS: -*- nroff -*- +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH UPDATE-EXIM4.CONF 8 "Jun 25, 2005" EXIM4 +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.\" \(oqthis text is enclosed in single quotes\(cq +.\" \(lqthis text is enclosed in double quotes\(rq +.SH NAME +update\-exim4.conf \- Generate exim4 configuration files. + +.SH SYNOPSIS +.B update\-exim4.conf [\-v|\-\-verbose] [\-h|\-\-help] [\-\-keepcomments] [\-\-removecomments] [\-o|\-\-output file] + +.SH OPTIONS +.TP - .I \-v|\-\-verbose - Enable verbose mode ++.I \-\-check ++Generate temporary configuration file, check its validity and exit with ++either success (exitcode 0) or an error (exitcode 1). On success the ++temporary file is deleted, otherwise the file is left for further ++debugging. ++.TP ++.I \-d|\-\-confdir directory ++Read input from directory instead of /etc/exim4. +.TP +.I \-h|\-\-help +Show short help message and exit +.TP +.I \-\-keepcomments +Do not remove comment lines from the output file. +.TP - .I \-\-removecomments - Remove comment lines from the output file. [Default] - .TP +.I \-o|\-\-output file +Write output to file instead of /var/lib/exim4/config.autogenerated. +.TP - .I \-d|\-\-confdir directory - Read input from directory instead of /etc/exim4. ++.I \-\-removecomments ++Remove comment lines from the output file. [Default] ++.TP ++.I \-v|\-\-verbose ++Enable verbose mode + +.SH DESCRIPTION +The script +.B update\-exim4.conf +generates the main configuration files +.I /var/lib/exim4/config.autogenerated +for +.B Exim v4 +by merging the data in the template file +.I /etc/exim4/exim4.conf.template +or the ones in the +.I /etc/exim4/conf.d +directory tree respectively and +.I /etc/exim4/update\-exim4.conf.conf +to the output file +.I /var/lib/exim4/config.autogenerated. +.PP +If dc_use_split_config in /etc/exim4/update\-exim4.conf.conf specifies a split +configuration, +.B update\-exim4.conf +processes the /etc/exim4/conf.d subdirectories in the order main, acl, +router, transport, retry, rewrite and auth. Within each directory it takes +files in lexical sort order by file name. It concatenates all these files +and makes the debconf replacement described below. + +If you are not using split configuration +.B update\-exim4.conf +concatenates +/etc/exim4/exim4.conf.localmacros +(if this file exists) and /etc/exim4/exim4.conf.template (in this order) and +makes the debconf replacement described below. + +In either case, before outputting the result +to /var/lib/exim4/config.autogenerated, +.B update\-exim4.conf +generates a number of exim configuration macros from the contents of +dc_something from /etc/exim4/update\-exim4.conf.conf and inserts them +into the configuration right after the definition of the exim +configuration macro UPEX4CmacrosUPEX4C (which is only used as +placeholder for this case). The macro definitions are bracketed +with .ifdef clauses to allow the local admin to override the values with +earlier definitions. +.B update\-exim4.conf +makes no other changes to the configuration. +This makes it very simple to make small changes to the configuration and +still have the benefits of debconf. + +On the other hand if you don't want to manage exim4.conf with debconf +install your own handcrafted version as /etc/exim4/exim4.conf. +Exim will use this file if it exists and ignore the autogenerated one. +Additionally you might want to set +.I dc_eximconfig_configtype=none +in /etc/exim4/update\-exim4.conf.conf to stop debconf from asking you questions about exim4. + +.B update\-exim4.conf +exits silently and does nothing if /etc/exim4/exim4.conf exists and \-o +was not used to direct the output to a different file than +/var/lib/exim4/config.autogenerated. + +.B update\-exim4.conf +will only use files in the conf.d directory that have a filename which +consists only of letters, numbers, underscores and hyphens +([:alnum:]_\-), similar to +.B run\-parts(8). +Additionally, +.B update\-exim4.conf +will use /etc/exim4/conf.d/foo/bar.rul instead of +/etc/exim4/conf.d/foo/bar if the .rul file exists. This is meant to be +helpful for easy interaction with packages extending Exim. + +If the new configuration will be written to +/var/lib/exim4/config.autogenerated, +.B update\-exim4.conf +will check the validity of the freshly generated configuration. If +the new file is detected as invalid, update-exim4.conf leaves the old +/var/lib/exim4/config.autogenerated untouched and exits with an error. + +However, there are still possible invalidities that can only be +detected at run time. This most notably applies to errors in +expressions that are expanded at run time. + +If the new configuration will be written to some other file, no +validity checking occurs and that file will always be overwritten. + +.SH EXAMPLES +You want to be able to check exim's queue as normal user: Generate a new +file, e.g. /etc/exim4/conf.d/main/40_local_mailq, containing only the line +.I queue_list_requires_admin = false + +.SH NOTES +.B update\-exim4.conf +changes the file permissions of the output file to the value of the environment +variable CFILEMODE. If CFILEMODE is neither set in +/etc/exim4/update\-exim4.conf.conf nor in the environment it defaults to 0644. +Change this to 0640 if you are keeping sensitive information (LDAP credentials +et. al.) in there. + +.SH CONFIGURATION VARIABLES +All lists given in configuration variables are semicolon-separated. In +the past, they used to be colon separated. This was changed to +semicolon separation to make specification of IPv6 addresses easier. +Backwards compatibility is preserved, so that old configurations using +colons as separators do still work. Colons are deprecated and might - stop working in a later release. If you need to specifiy a single IPv6 ++stop working in a later release. If you need to specify a single IPv6 +address in a field that is defined as a list of host names or IP +addresses, please prefix "<;" to explicitly specify the list separator +as a semicolon. Otherwise, the code cannot tell an IP address from a +colon-separated list of strange host names. + +Using lookups like "dsearch;something" in update-exim4.conf.conf has +never been supported and does no longer work! If you need this, please +convert to directly setting the appropriate macros. + +.B update\-exim4.conf +evaluates these patterns in +.B /etc/exim4/update\-exim4.conf.conf: +.TP +.I CFILEMODE +The octal file mode of the generated file. +.TP +.I dc_eximconfig_configtype +The main configuration type. Sets macro DC_eximconfig_configtype. The macro +usually contains a shorthand for one of the choices for the +\(lqGeneral type of mail configuration\(rq debconf question (See +README.Debian). + +.RS +.B dc_eximconfig_configtype <-> debconf configtype mapping: +.PD 0.1 +.TP +\(lqinternet\(rq +internet site; mail is sent and received directly using SMTP +.TP +\(lqsmarthost\(rq +mail sent by smarthost; received via SMTP or fetchmail +.TP +\(lqsatellite\(rq +mail sent by smarthost; no local mail +.TP +\(lqlocal\(rq +local delivery only; not on a network +.TP +\(lqnone\(rq +no configuration at this time +.PD +.RE + +.TP +.I dc_hide_mailname +Boolean option that controls whether the local mailname in the headers of +outgoing mail should be hidden. (Only effective for \(lqsmarthost\(rq and +\(lqsatellite\(rq. Sets macro HIDE_MAILNAME. +.TP +.I dc_mailname_in_oh +Internal use only Boolean option that is set by the maintainer scripts +after adding the contents of /etc/mailname to the dc_other_hostnames +list. This is a transition helper since it wouldn't otherwise be +possible to see whether that domain name has been removed from +dc_other_hostnames on purpose. This is not used by update-exim4.conf, +and no macro is set. +.TP +.I ue4c_keepcomments +Boolean option that controls whether +.B update\-exim4.conf +strips the comments from the target configuration file (default) or +leaves them in. This can be overridden by the command line options +\-\-keepcomments and \-\-removecomments. The value is not written to an +exim macro. +.TP +.I dc_localdelivery +name of the default transport for local mail delivery. Defaults to mail_spool +if unset, use maildir_home for delivery to ~/Maildir/. Sets macro +LOCAL_DELIVERY. +.TP +.I dc_local_interfaces +List of IP addresses the Exim daemon should listen on. If this is left +empty, Exim listens on all interfaces. Sets macro +MAIN_LOCAL_INTERFACES only if there is a non-empty value. +.TP +.I dc_minimaldns +Boolean option to activate some option to minimize DNS lookups, if set to +\(lqtrue\(rq a macro DC_minimaldns is defined. If true, the macro +DC_minimaldns is set to 1, and the macro +MAIN_HARDCODE_PRIMARY_HOSTNAME is set to the appropriately +post-processes output of hostname \-\-fqdn. +.TP +.I dc_other_hostnames +is used to build the local_domains list, together with \(lqlocalhost\(rq. +This is the list of domains for which this machine should +consider itself the final destination. The local_domains list ends up +in the macro MAIN_LOCAL_DOMAINS. +.TP +.I dc_readhost +For \(lqsmarthost\(rq and \(lqsatellite\(rq it is possible to hide the local +mailname in the headers of outgoing mail and replace it with this value +instead, using rewriting. For \(lqsatellite\(rq only, this value is +also the host to send local mail to. Sets macro DCreadhost. +.TP +.I dc_relay_domains +is a list of domains for which we accept mail from anywhere on the +Internet but which are not delivered locally, e.g. because this machine +serves as secondary MX for these domains. Sets MAIN_RELAY_TO_DOMAINS. +.TP +.I dc_relay_nets +A list of machines for which we serve as smarthost. Please note that +127.0.0.1 and ::1 are always permitted to relay since /usr/lib/sendmail +is available anyway and relay control doesn't make sense here. Sets +macro MAIN_RELAY_NETS. +.TP +.I dc_smarthost +List of hosts to which all outgoing mail is passed to and that takes care +of delivering it. Each of the hosts is tried, in the order specified +(See exim specification, chapter 20.5). All deliveries go out to TCP +port 25 unless a different port is specified after the host name, +separated from the host name by two colons. Colons in IPv6 addresses need +to be doubled. If a port number follows, IP addresses may be enclosed in +brackets, which might be the only possibility to specify delivery to an +IPv6 address and a different port. Examples: +.br +.BR host.domain.example +deliver to host looked up on DNS, tcp/25 +.br +.BR host.domain.example::587 +deliver to host looked up on DNS, tcp/587 +.br +.BR 192.168.2.4 +deliver to IPv4 host, tcp/25 +.br +.BR 192.168.2.4::587 +deliver to IPv4 host, tcp/587 +.br +.BR [192.168.2.4]::587 +deliver to IPv4 host, tcp/587 +.br +.BR 2001::0db8::f::4::::2 +deliver to IPv6 host, tcp/25 +.br +.BR [2001::0db8::f::4::::2]::587 +deliver to IPv6 host, tcp/587 +.br +This is used as value of the DCsmarthost macro. +.TP +.I dc_use_split_config +Boolean option that controls whether +.B update\-exim4.conf +uses /etc/exim4/exim4.conf.template (\(lqfalse\(rq) or the multiple files +below /etc/exim4/conf.d (\(lqtrue\(rq) as input. This does not set any +macros. +.TP +.I The macro MAIN_PACKAGE_VERSION is set to Debian's Version number of +the package being installed for convenient inclusion in the +configuration. + +.SH RECOMMENDED USAGE +If you are running exim as daemon (as it is in the default setup of the +Debian packages) you should not invoke +.B update\-exim4.conf +directly when exim is running. For SMTP receiving or queue running, +exim forks, and the new processes would use the new configuration file, +while the original main exim daemon would still use the old configuration +file. You should use +.I invoke\-rc.d exim4 restart +instead. + +.SH BUGS +This manual page needs a major re-work. If somebody knows better groff +than us and has more experience in writing manual pages, any patches +would be greatly appreciated. + +.SH FILES +.LP +.TP +.B /var/lib/exim4/config.autogenerated +Exim's main configuration file +.LP +.TP +.B /etc/exim4/exim4.conf +Optional manually managed Exim main configuration file. Takes precedence over +debconf managed one if it exists. +.LP +.TP +.B /etc/exim4/update-exim4.conf.conf +Configuration file being written by exim4-config maintainer scripts, +which may be hand-edited, and is read as input by update-exim4.conf. + +.SH SEE ALSO +.BR exim (8), +.BR exim4-config_files(5), +/usr/share/doc/exim4\-base/ and for general notes and details about interaction +with debconf +/usr/share/doc/exim4\-base/README.Debian.gz + +.SH AUTHOR - Andreas Metzler ++Andreas Metzler +.br +Marc Haber diff --cc debian/minimaltest index 083f6a6,0000000..97f5ccb mode 100644,000000..100644 --- a/debian/minimaltest +++ b/debian/minimaltest @@@ -1,87 -1,0 +1,87 @@@ +#!/bin/sh + +set -e + +# Do not run as root +if [ `id -u` = "0" ]; then + echo $0: running with id 0, exiting. + exit 0 +fi + +if ! test -x "$2" ; then + echo "\$2 $2: not exeutable" + exit 1 +fi + +# set up directorytree +if ! echo "$1" | grep -q '^/......' && test -d "$1"; then + echo \$1 needs to be absolute patch + exit 1 +fi + +echo ======================================== +echo running minimal functionality test for binary $2 in directory $1 + +top="$1/eximtest" + +rm -rf $1/eximtest/* - mkdir -p $top/var/log $top/var/spool/db $top/var/spool/input $top/var/spool/msglog $top/var/run $top/var/mail ++mkdir -p $top/var/log $top/var/spool/db $top/var/spool/input $top/var/spool/msglog $top/run $top/var/mail +cat < $top/exim4.conf +exim_user = `id -u` +exim_group = `id -g` +log_file_path = $top/var/log/%slog +spool_directory = $top/var/spool - pid_file_path = $top/var/run ++pid_file_path = $top/run +primary_hostname = eximtest.example.com +rfc1413_hosts = + +begin routers +eximtest: + driver = accept + transport = writetofile + +begin transports +writetofile: + driver = appendfile + file = $top/var/mail/\$local_part + delivery_date_add + envelope_to_add + return_path_add +EOF + +cat < $top/var/mail/compare +From from@eximtest.example.com Sat May 07 12:12:12 2012 +Return-path: +Envelope-to: recip@eximtest.example.com +Delivery-date: Sat, 07 May 2011 12:12:12 +0000 +Received: from buildd by eximtest.example.com with local (Exim 4.44) + (envelope-from ) + id msgid + for recip@eximtest.example.com;Sat, 07 May 2011 12:12:12 +0000 +From: Testing Exim +To: Recipient +Subject: Test Message +Message-Id: +Date: Sat, 07 May 2011 12:12:12 +0000 + +no body + +EOF + +$2 -C "$top/exim4.conf" -bV +$2 -C "$top/exim4.conf" -be '${if bool{0}{yes}{no}} X ${if !bool{0}{yes}{no}}' +$2 -C "$top/exim4.conf" -bt local +printf 'From: Testing Exim \nTo: Recipient \nSubject: Test Message\n\nno body\n' | \ +$2 -C "$top/exim4.conf" -odf -oep -oi -t -f from@eximtest.example.com +sed -i -e 's/^From \([^ ]*\) .*/From \1 Sat May 07 12:12:12 2012/' \ + -e 's/^Delivery-date: .*/Delivery-date: Sat, 07 May 2011 12:12:12 +0000/' \ + -e 's/^Received: from [^ ][^ ]* /Received: from buildd /' \ + -e '/^Received:/s/(Exim [^)]*/(Exim 4.44/' \ + -e '/[[:space:]]for /s/;.*/;Sat, 07 May 2011 12:12:12 +0000/' \ + -e '/[[:space:]]id /s/id .*/id msgid/' \ + -e 's/^Message-Id: [^@]*/Message-Id: , + Andreas Metzler - Last-Update: 2014-05-29 ++Last-Update: 2017-01-31 +Forwarded: not-needed (upstream uses the "exim" name) + +--- a/doc/exim.8 ++++ b/doc/exim.8 +@@ -1,9 +1,9 @@ +-.TH EXIM 8 ++.TH EXIM4 8 + .SH NAME +-exim \- a Mail Transfer Agent ++exim4 \- a Mail Transfer Agent + .SH SYNOPSIS + .nf +-.B exim [options] arguments ... ++.B exim4 [options] arguments ... + .B mailq [options] arguments ... + .B rsmtp [options] arguments ... + .B rmail [options] arguments ... +@@ -40,7 +40,7 @@ local message on the standard input, wit + recipients) is assumed. Thus, for example, if Exim is installed in + \fI/usr/sbin\fP, you can send a message from the command line like this: + .sp +- /usr/sbin/exim -i ++ /usr/sbin/exim4 -i + + CTRL-D + .sp +@@ -125,8 +125,8 @@ ports, on multiple ports, and only on sp + .sp + When a listening daemon + is started without the use of \fB\-oX\fP (that is, without overriding the normal +-configuration), it writes its process id to a file called exim\-daemon.pid +-in Exim's spool directory. This location can be overridden by setting ++configuration), it writes its process id to a file called ++/var/run/exim4/exim.pid. This location can be overridden by setting + PID_FILE_PATH in Local/Makefile. The file is written while Exim is still + running as root. + .sp +@@ -175,7 +175,7 @@ of lookups, you will just get the same r + This option operates like \fB\-be\fP except that it must be followed by the name + of a file. For example: + .sp +- exim \-bem /tmp/testmessage ++ exim4 \-bem /tmp/testmessage + .sp + The file is read as a message (as if receiving a locally\-submitted non\-SMTP + message) before any of the test expansions are done. Thus, message\-specific +@@ -201,7 +201,7 @@ If you want to test a system filter file + can use both \fB\-bF\fP and \fB\-bf\fP on the same command, in order to test a system + filter and a user filter in the same run. For example: + .sp +- exim \-bF /system/filter \-bf /user/filter ' user@domain +- exim \-f "" user@domain ++ exim4 \-f '<>' user@domain ++ exim4 \-f "" user@domain + .sp + In addition, the use of \fB\-f\fP is not restricted when testing a filter file + with \fB\-bf\fP or when testing or verifying addresses using the \fB\-bt\fP or - @@ -1271,12 +1271,12 @@ other circumstances, they are ignored un ++@@ -1292,12 +1292,12 @@ other circumstances, they are ignored un + The \fB\-oMa\fP option sets the sender host address. This may include a port + number at the end, after a full stop (period). For example: + .sp +- exim \-bs \-oMa 10.9.8.7.1234 ++ exim4 \-bs \-oMa 10.9.8.7.1234 + .sp + An alternative syntax is to enclose the IP address in square brackets, + followed by a colon and the port number: + .sp +- exim \-bs \-oMa [10.9.8.7]:1234 ++ exim4 \-bs \-oMa [10.9.8.7]:1234 + .sp + The IP address is placed in the \fI$sender_host_address\fP variable, and the + port, if present, in \fI$sender_host_port\fP. If both \fB\-oMa\fP and \fB\-bh\fP - @@ -1474,13 +1474,13 @@ When scanning the queue, Exim can be mad ++@@ -1502,22 +1502,22 @@ If other commandline options specify an ++ will specify a queue to operate on. ++ For example: ++ .sp ++- exim \-bp \-qGquarantine +++ exim4 \-bp \-qGquarantine ++ mailq \-qGquarantine ++- exim \-qGoffpeak \-Rf @special.domain.example +++ exim4 \-qGoffpeak \-Rf @special.domain.example ++ .TP 10 ++ \fB\-q\fP<\fIqflags\fP> <\fIstart id\fP> <\fIend id\fP> ++ When scanning the queue, Exim can be made to skip over messages whose ids are + lexically less than a given value by following the \fB\-q\fP option with a + starting message id. For example: + .sp +- exim \-q 0t5C6f\-0000c8\-00 ++ exim4 \-q 0t5C6f\-0000c8\-00 + .sp + Messages that arrived earlier than 0t5C6f\-0000c8\-00 are not inspected. If a + second message id is given, messages whose ids are lexically greater than it + are also skipped. If the same id is given twice, for example, + .sp +- exim \-q 0t5C6f\-0000c8\-00 0t5C6f\-0000c8\-00 ++ exim4 \-q 0t5C6f\-0000c8\-00 0t5C6f\-0000c8\-00 + .sp + just one delivery process is started, for that message. This differs from + \fB\-M\fP in that retry data is respected, and it also differs from \fB\-Mc\fP in - @@ -1496,7 +1496,7 @@ starting a queue runner process at inter ++@@ -1533,7 +1533,7 @@ starting a queue runner process at inter + single daemon process handles both functions. A common way of starting up a + combined daemon at system boot time is to use a command such as + .sp +- /usr/exim/bin/exim \-bd \-q30m ++ /usr/sbin/exim4 \-bd \-q30m + .sp + Such a daemon listens for incoming SMTP calls, and also starts a queue runner + process every 30 minutes. - @@ -1527,7 +1527,7 @@ regular expression; otherwise it is a li ++@@ -1564,7 +1564,7 @@ regular expression; otherwise it is a li + If you want to do periodic queue runs for messages with specific recipients, + you can combine \fB\-R\fP with \fB\-q\fP and a time value. For example: + .sp +- exim \-q25m \-R @special.domain.example ++ exim4 \-q25m \-R @special.domain.example + .sp + This example does a queue run for messages with recipients in the given domain + every 25 minutes. Any additional flags that are specified with \fB\-q\fP are - @@ -1637,6 +1637,26 @@ to the named file. It is ignored by Exi ++@@ -1680,6 +1680,26 @@ under most shells. + .sp + . + .SH "SEE ALSO" ++.BR exicyclog (8), ++.BR exigrep (8), ++.BR exim_checkaccess (8), ++.BR exim_convert4r4 (8), ++.BR exim_db (8), ++.BR exim_dbmbuild (8), ++.BR exim_lock (8), ++.BR eximon (8), ++.BR exinext (8), ++.BR exiqgrep (8), ++.BR exiqsumm (8), ++.BR exiwhat (8), ++.BR update\-exim4.conf (8), ++.BR update\-exim4defaults (8), ++/usr/share/doc/exim4\-base/, ++/usr/share/doc/exim4\-base/README.Debian.[gz|html]. + .rs + .sp + The full Exim specification, the Exim book, and the Exim wiki. ++ ++.SH AUTHOR ++This manual page was provided with the upstream Exim source package. ++It was enhanced for the Debian GNU/Linux system. diff --cc debian/patches/32_exim4.dpatch index 84b39a1,0000000..5098991 mode 100755,000000..100755 --- a/debian/patches/32_exim4.dpatch +++ b/debian/patches/32_exim4.dpatch @@@ -1,106 -1,0 +1,106 @@@ +Description: Accomodate source for installing exim as exim4. +Author: Andreas Metzler +Origin: vendor +Forwarded: not-needed +Last-Update: 2013-09-28 + - --- exim4-4.82~rc1.orig/OS/Makefile-Linux - +++ exim4-4.82~rc1/OS/Makefile-Linux ++--- a/OS/Makefile-Linux +++++ b/OS/Makefile-Linux +@@ -28,9 +28,9 @@ XLFLAGS=-L$(X11)/lib + X11_LD_LIB=$(X11)/lib + + EXIWHAT_PS_ARG=ax +-EXIWHAT_EGREP_ARG='/exim( |$$)' ++EXIWHAT_EGREP_ARG='/exim4( |$$)' + EXIWHAT_MULTIKILL_CMD=killall +-EXIWHAT_MULTIKILL_ARG=exim ++EXIWHAT_MULTIKILL_ARG=exim4 + EXIWHAT_KILL_SIGNAL=-USR1 + + # End - --- exim4-4.82~rc1.orig/src/exicyclog.src - +++ exim4-4.82~rc1/src/exicyclog.src ++--- a/src/exicyclog.src +++++ b/src/exicyclog.src +@@ -144,7 +144,7 @@ done + + st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + + spool_directory=`$exim_path -C $config -bP spool_directory | sed 's/.*=[ ]*//'` + - --- exim4-4.82~rc1.orig/src/exim_checkaccess.src - +++ exim4-4.82~rc1/src/exim_checkaccess.src ++--- a/src/exim_checkaccess.src +++++ b/src/exim_checkaccess.src +@@ -52,7 +52,7 @@ done + # a tab to keep the tab in one place. + + exim_path=`perl -ne 'chop;if (/^\s*exim_path\s*=\s*(.*)/){print "$1\n";last;}' $config` +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + + + ######################################################################### - --- exim4-4.82~rc1.orig/src/eximon.src - +++ exim4-4.82~rc1/src/eximon.src ++--- a/src/eximon.src +++++ b/src/eximon.src +@@ -72,7 +72,7 @@ config=${EXIMON_EXIM_CONFIG-$config} + + st=' ' + EXIM_PATH=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` +-if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim; fi ++if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim4; fi + + SPOOL_DIRECTORY=`$EXIM_PATH -C $config -bP spool_directory | sed 's/.*=[ ]*//'` + LOG_FILE_PATH=`$EXIM_PATH -C $config -bP log_file_path | sed 's/.*=[ ]*//'` - --- exim4-4.82~rc1.orig/src/exinext.src - +++ exim4-4.82~rc1/src/exinext.src ++--- a/src/exinext.src +++++ b/src/exinext.src +@@ -90,7 +90,7 @@ if [ "$exim_path" = "" ]; then + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + fi + +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + spool_directory=`$exim_path $eximmacdef -C $config -bP spool_directory | sed 's/.*=[ ]*//'` + qualify_domain=`$exim_path $eximmacdef -C $config -bP qualify_domain | sed 's/.*=[ ]*//'` + +@@ -171,7 +171,7 @@ perl - $exim_path "$eximmacdef" $argone + + # Run exim_dumpdb to get out the retry data and pick off what we want + +- open(DATA, "${exim}_dumpdb $spool retry |") || ++ open(DATA, "/usr/sbin/exim_dumpdb $spool retry |") || + die "can't run exim_dumpdb"; + + while () - --- exim4-4.82~rc1.orig/src/exiqgrep.src - +++ exim4-4.82~rc1/src/exiqgrep.src ++--- a/src/exiqgrep.src +++++ b/src/exiqgrep.src +@@ -21,7 +21,7 @@ use strict; + use Getopt::Std; + + # Have this variable point to your exim binary. +-my $exim = 'BIN_DIRECTORY/exim'; ++my $exim = 'BIN_DIRECTORY/exim4'; + my $eargs = '-bpu'; + my %id; + my %opt; - --- exim4-4.82~rc1.orig/src/exiwhat.src - +++ exim4-4.82~rc1/src/exiwhat.src ++--- a/src/exiwhat.src +++++ b/src/exiwhat.src +@@ -88,7 +88,7 @@ fi + + st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` +-if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim; fi ++if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + spool_directory=`$exim_path -C $config -bP spool_directory | sed "s/.*=[ ]*//"` + process_log_path=`$exim_path -C $config -bP process_log_path | sed "s/.*=[ ]*//"` + - --- exim4-4.82~rc1.orig/src/globals.c - +++ exim4-4.82~rc1/src/globals.c - @@ -633,7 +633,7 @@ int errors_sender_rc = EXIT_FA ++--- a/src/globals.c +++++ b/src/globals.c ++@@ -705,7 +705,7 @@ const uschar *event_name = NULL; + + gid_t exim_gid = EXIM_GID; + BOOL exim_gid_set = TRUE; /* This gid is always set */ +-uschar *exim_path = US BIN_DIRECTORY "/exim" ++uschar *exim_path = US BIN_DIRECTORY "/exim4" + "\0<---------------Space to patch exim_path->"; + uid_t exim_uid = EXIM_UID; + BOOL exim_uid_set = TRUE; /* This uid is always set */ diff --cc debian/patches/35_install.dpatch index b926110,0000000..d0ab602 mode 100755,000000..100755 --- a/debian/patches/35_install.dpatch +++ b/debian/patches/35_install.dpatch @@@ -1,52 -1,0 +1,49 @@@ +Description: Exim's installation scripts install the binary as + exim- - disable this feature. +Author: Andreas Metzler +Origin: vendor +Forwarded: not-needed - Last-Update: 2013-09-28 ++Last-Update: 2016-09-25 + - --- exim4-4.82~rc1.orig/scripts/exim_install - +++ exim4-4.82~rc1/scripts/exim_install - @@ -217,8 +217,9 @@ while [ $# -gt 0 ]; do - # The exim binary is handled specially - - if [ $name = exim${EXE} ]; then - - version=exim-`./exim -bV -C /dev/null | \ - - awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE} - + version=exim - +# version=exim-`./exim -bV -C /dev/null | \ - +# awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE} ++--- a/scripts/exim_install +++++ b/scripts/exim_install ++@@ -221,6 +221,8 @@ while [ $# -gt 0 ]; do ++ version=exim-`$exim 2>/dev/null | \ ++ awk '/Exim version/ { OFS=""; print $3,"-",substr($4,2,length($4)-1) }'`${EXE} + +++ version=exim +++ + if [ "${version}" = "exim-${EXE}" ]; then + echo $com "" - @@ -368,10 +369,8 @@ done ++ echo $com "*** Could not run $exim to find version number ***" ++@@ -370,10 +372,8 @@ done + + + +-# If there is no configuration file, install the default, modifying it to refer +-# to the configured system aliases file. If there is no setting for +-# SYSTEM_ALIASES_FILE, use the traditional /etc/aliases. If the file does not +-# exist, install a default (dummy) for that too. ++# Install default configuration file ++# This is a local Debian modification. + + # However, if CONFIGURE_FILE specifies a list of files, skip this code. + - @@ -394,7 +393,7 @@ elif [ ! -f ${CONFIGURE_FILE} ]; then ++@@ -396,7 +396,7 @@ elif [ ! -f ${CONFIGURE_FILE} ]; then + ${real} ${MKDIR} -p `${DIRNAME} ${CONFIGURE_FILE}` + + echo sed -e '\\' +- echo " \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'\"" '\\' ++ echo " \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'\"" '\\' + echo " ../src/configure.default > \${CONFIGURE_FILE}" + + # I can't find a way of writing this using the ${real} feature because - @@ -403,7 +402,7 @@ elif [ ! -f ${CONFIGURE_FILE} ]; then ++@@ -405,7 +405,7 @@ elif [ ! -f ${CONFIGURE_FILE} ]; then + + if [ "$real" = "" ] ; then + sed -e \ +- "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'" \ ++ "/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'/etc/aliases'" \ + ../src/configure.default > ${CONFIGURE_FILE} + else + true diff --cc debian/patches/40_reproducible_build.diff index 0000000,0000000..818f0f3 new file mode 100644 --- /dev/null +++ b/debian/patches/40_reproducible_build.diff @@@ -1,0 -1,0 +1,63 @@@ ++Description: Reproducible build fix. ++ Use REPBUILDDATE which is pulled from debian/changelog in debian/rules ++ instead of __DATE__ as compile date. ++Author: Andreas Metzler ++ ++--- a/exim_monitor/em_version.c +++++ b/exim_monitor/em_version.c ++@@ -10,6 +10,8 @@ ++ #include ++ #include ++ +++#include "../src/repbuildtime.h" +++ ++ extern uschar *version_string; ++ extern uschar *version_date; ++ ++@@ -21,7 +23,7 @@ uschar today[20]; ++ ++ version_string = US"2.06"; ++ ++-Ustrcpy(today, __DATE__); +++Ustrcpy(today, REPBUILDDATE); ++ if (today[4] == ' ') i = 1; ++ today[3] = today[6] = '-'; ++ ++@@ -31,7 +33,7 @@ Ustrncat(version_date, today+4+i, 3-i); ++ Ustrncat(version_date, today, 4); ++ Ustrncat(version_date, today+7, 4); ++ Ustrcat(version_date, " "); ++-Ustrcat(version_date, __TIME__); +++Ustrcat(version_date, REPBUILDTIME); ++ } ++ ++ /* End of em_version.c */ ++--- a/src/version.c +++++ b/src/version.c ++@@ -11,6 +11,8 @@ ++ ++ #include "version.h" ++ +++#include "../src/repbuildtime.h" +++ ++ ++ /* The header file cnumber.h contains a single line containing the ++ compilation number, making it easy to have it updated automatically. ++@@ -40,7 +42,7 @@ version_cnumber_format = US"%d\0<>"; ++ ++-Ustrcpy(today, __DATE__); +++Ustrcpy(today, REPBUILDDATE); ++ if (today[4] == ' ') today[4] = '0'; ++ today[3] = today[6] = '-'; ++ ++@@ -50,7 +52,7 @@ Ustrncat(version_date, today+4, 3); ++ Ustrncat(version_date, today, 4); ++ Ustrncat(version_date, today+7, 4); ++ Ustrcat(version_date, " "); ++-Ustrcat(version_date, __TIME__); +++Ustrcat(version_date, REPBUILDTIME); ++ } ++ ++ /* End of version.c */ diff --cc debian/patches/50_localscan_dlopen.dpatch index 67b48ae,0000000..1e83b92 mode 100644,000000..100644 --- a/debian/patches/50_localscan_dlopen.dpatch +++ b/debian/patches/50_localscan_dlopen.dpatch @@@ -1,283 -1,0 +1,283 @@@ +## 50_localscan_dlopen.dpatch by Marc MERLIN + + +Description: Allow to use and switch between different local_scan functions + without recompiling exim. + http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from + David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc + MERLIN for SA-Exim and minor/major API version tracking +Author: David Woodhouse, Derrick 'dman' Hudson, Marc MERLIN +Origin: other, http://marc.merlins.org/linux/exim/files/sa-exim-current/ +Forwarded: no - Last-Update: 2013-09-28 ++Last-Update: 2014-12-01 + +--- a/src/EDITME ++++ b/src/EDITME - @@ -783,6 +783,21 @@ HEADERS_CHARSET="ISO-8859-1" ++@@ -785,6 +785,21 @@ HEADERS_CHARSET="ISO-8859-1" + + + #------------------------------------------------------------------------------ ++# On systems which support dynamic loading of shared libraries, Exim can ++# load a local_scan function specified in its config file instead of having ++# to be recompiled with the desired local_scan function. For a full ++# description of the API to this function, see the Exim specification. ++ ++DLOPEN_LOCAL_SCAN=yes ++ ++# If you set DLOPEN_LOCAL_SCAN, then you need to include -rdynamic in the ++# linker flags. Without it, the loaded .so won't be able to access any ++# functions from exim. ++ ++LDFLAGS += -rdynamic ++CFLAGS += -fvisibility=hidden ++ ++#------------------------------------------------------------------------------ + # The default distribution of Exim contains only the plain text form of the + # documentation. Other forms are available separately. If you want to install + # the documentation in "info" format, first fetch the Texinfo documentation +--- a/src/config.h.defaults ++++ b/src/config.h.defaults - @@ -27,6 +27,8 @@ it's a default value. */ ++@@ -28,6 +28,8 @@ it's a default value. */ + + #define AUTH_VARS 3 + ++#define DLOPEN_LOCAL_SCAN ++ + #define BIN_DIRECTORY + + #define CONFIGURE_FILE +--- a/src/globals.c ++++ b/src/globals.c - @@ -134,6 +134,10 @@ BOOL smtp_use_dsn = FALSE; ++@@ -140,6 +140,10 @@ int dsn_ret = 0; ++ const pcre *regex_DSN = NULL; + uschar *dsn_advertise_hosts = NULL; - #endif + ++#ifdef DLOPEN_LOCAL_SCAN ++uschar *local_scan_path = NULL; ++#endif ++ + #ifdef SUPPORT_TLS + BOOL gnutls_compat_mode = FALSE; + BOOL gnutls_allow_auto_pkcs11 = FALSE; +--- a/src/globals.h ++++ b/src/globals.h - @@ -134,6 +134,9 @@ extern BOOL smtp_use_dsn; / ++@@ -133,6 +133,9 @@ extern int dsn_ret; / ++ extern const pcre *regex_DSN; /* For recognizing DSN settings */ + extern uschar *dsn_advertise_hosts; /* host for which TLS is advertised */ - #endif + ++#ifdef DLOPEN_LOCAL_SCAN ++extern uschar *local_scan_path; /* Path to local_scan() library */ ++#endif + /* Input-reading functions for messages, so we can use special ones for + incoming TCP/IP. */ + +--- a/src/local_scan.c ++++ b/src/local_scan.c +@@ -5,60 +5,131 @@ + /* Copyright (c) University of Cambridge 1995 - 2009 */ + /* See the file NOTICE for conditions of use and distribution. */ + ++#include "exim.h" + +-/****************************************************************************** +-This file contains a template local_scan() function that just returns ACCEPT. +-If you want to implement your own version, you should copy this file to, say +-Local/local_scan.c, and edit the copy. To use your version instead of the +-default, you must set +- +-LOCAL_SCAN_SOURCE=Local/local_scan.c +- +-in your Local/Makefile. This makes it easy to copy your version for use with +-subsequent Exim releases. +- +-For a full description of the API to this function, see the Exim specification. +-******************************************************************************/ +- +- +-/* This is the only Exim header that you should include. The effect of +-including any other Exim header is not defined, and may change from release to +-release. Use only the documented interface! */ +- +-#include "local_scan.h" +- +- +-/* This is a "do-nothing" version of a local_scan() function. The arguments +-are: +- +- fd The file descriptor of the open -D file, which contains the +- body of the message. The file is open for reading and +- writing, but modifying it is dangerous and not recommended. +- +- return_text A pointer to an unsigned char* variable which you can set in +- order to return a text string. It is initialized to NULL. +- +-The return values of this function are: +- +- LOCAL_SCAN_ACCEPT +- The message is to be accepted. The return_text argument is +- saved in $local_scan_data. +- +- LOCAL_SCAN_REJECT +- The message is to be rejected. The returned text is used +- in the rejection message. +- +- LOCAL_SCAN_TEMPREJECT +- This specifies a temporary rejection. The returned text +- is used in the rejection message. +-*/ ++#ifdef DLOPEN_LOCAL_SCAN ++#include ++static int (*local_scan_fn)(int fd, uschar **return_text) = NULL; ++static int load_local_scan_library(void); ++#endif + + int + local_scan(int fd, uschar **return_text) + { + fd = fd; /* Keep picky compilers happy */ + return_text = return_text; +-return LOCAL_SCAN_ACCEPT; ++#ifdef DLOPEN_LOCAL_SCAN ++/* local_scan_path is defined AND not the empty string */ ++if (local_scan_path && *local_scan_path) ++ { ++ if (!local_scan_fn) ++ { ++ if (!load_local_scan_library()) ++ { ++ char *base_msg , *error_msg , *final_msg ; ++ int final_length = -1 ; ++ ++ base_msg=US"Local configuration error - local_scan() library failure\n"; ++ error_msg = dlerror() ; ++ ++ final_length = strlen(base_msg) + strlen(error_msg) + 1 ; ++ final_msg = (char*)malloc( final_length*sizeof(char) ) ; ++ *final_msg = '\0' ; ++ ++ strcat( final_msg , base_msg ) ; ++ strcat( final_msg , error_msg ) ; ++ ++ *return_text = final_msg ; ++ return LOCAL_SCAN_TEMPREJECT; ++ } ++ } ++ return local_scan_fn(fd, return_text); ++ } ++else ++#endif ++ return LOCAL_SCAN_ACCEPT; ++} ++ ++#ifdef DLOPEN_LOCAL_SCAN ++ ++static int load_local_scan_library(void) ++{ ++/* No point in keeping local_scan_lib since we'll never dlclose() anyway */ ++void *local_scan_lib = NULL; ++int (*local_scan_version_fn)(void); ++int vers_maj; ++int vers_min; ++ ++local_scan_lib = dlopen(local_scan_path, RTLD_NOW); ++if (!local_scan_lib) ++ { ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library open failed - " ++ "message temporarily rejected"); ++ return FALSE; ++ } ++ ++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_major"); ++if (!local_scan_version_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan_version_major() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++/* The major number is increased when the ABI is changed in a non ++ backward compatible way. */ ++vers_maj = local_scan_version_fn(); ++ ++local_scan_version_fn = dlsym(local_scan_lib, "local_scan_version_minor"); ++if (!local_scan_version_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan_version_minor() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++/* The minor number is increased each time a new feature is added (in a ++ way that doesn't break backward compatibility) -- Marc */ ++vers_min = local_scan_version_fn(); ++ ++ ++if (vers_maj != LOCAL_SCAN_ABI_VERSION_MAJOR) ++ { ++ dlclose(local_scan_lib); ++ local_scan_lib = NULL; ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible major" ++ "version number, you need to recompile your module for this version" ++ "of exim (The module was compiled for version %d.%d and this exim provides" ++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, ++ LOCAL_SCAN_ABI_VERSION_MINOR); ++ return FALSE; ++ } ++else if (vers_min > LOCAL_SCAN_ABI_VERSION_MINOR) ++ { ++ dlclose(local_scan_lib); ++ local_scan_lib = NULL; ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() has an incompatible minor" ++ "version number, you need to recompile your module for this version" ++ "of exim (The module was compiled for version %d.%d and this exim provides" ++ "ABI version %d.%d)", vers_maj, vers_min, LOCAL_SCAN_ABI_VERSION_MAJOR, ++ LOCAL_SCAN_ABI_VERSION_MINOR); ++ return FALSE; ++ } ++ ++local_scan_fn = dlsym(local_scan_lib, "local_scan"); ++if (!local_scan_fn) ++ { ++ dlclose(local_scan_lib); ++ log_write(0, LOG_MAIN|LOG_REJECT, "local_scan() library doesn't contain " ++ "local_scan() function - message temporarily rejected"); ++ return FALSE; ++ } ++ ++return TRUE; + } + ++#endif /* DLOPEN_LOCAL_SCAN */ ++ + /* End of local_scan.c */ +--- a/src/local_scan.h ++++ b/src/local_scan.h +@@ -17,6 +17,7 @@ settings, and the store functions. */ + + #include + #include ++#pragma GCC visibility push(default) + #include "config.h" + #include "mytypes.h" + #include "store.h" - @@ -194,4 +195,6 @@ extern uschar *string_copy(const uschar - extern uschar *string_copyn(uschar *, int); ++@@ -192,4 +193,6 @@ extern uschar *string_copy(const uschar ++ extern uschar *string_copyn(const uschar *, int); + extern uschar *string_sprintf(const char *, ...) ALMOST_PRINTF(1,2); + ++#pragma GCC visibility pop ++ + /* End of local_scan.h */ +--- a/src/readconf.c ++++ b/src/readconf.c - @@ -289,6 +289,9 @@ static optionlist optionlist_config[] = ++@@ -313,6 +313,9 @@ static optionlist optionlist_config[] = + { "local_from_prefix", opt_stringptr, &local_from_prefix }, + { "local_from_suffix", opt_stringptr, &local_from_suffix }, + { "local_interfaces", opt_stringptr, &local_interfaces }, ++#ifdef DLOPEN_LOCAL_SCAN ++ { "local_scan_path", opt_stringptr, &local_scan_path }, ++#endif + { "local_scan_timeout", opt_time, &local_scan_timeout }, + { "local_sender_retain", opt_bool, &local_sender_retain }, + { "localhost_number", opt_stringptr, &host_number_string }, diff --cc debian/patches/67_unnecessaryCopt.diff index 7561579,0000000..4a819ef mode 100644,000000..100644 --- a/debian/patches/67_unnecessaryCopt.diff +++ b/debian/patches/67_unnecessaryCopt.diff @@@ -1,69 -1,0 +1,69 @@@ +Description: Stop using exim's -C option in utility scripts (exiwhat + et al.) since this breaks with ALT_CONFIG_PREFIX. +Author: Andreas Metzler +Forwarded: http://bugs.exim.org/show_bug.cgi?id=1045 - Last-Update: 2010-12-12 ++Last-Update: 2014-12-01 + - --- exim4-4.72.orig/src/exicyclog.src - +++ exim4-4.72/src/exicyclog.src - @@ -147,10 +147,10 @@ st=' ' ++--- a/src/exicyclog.src +++++ b/src/exicyclog.src ++@@ -146,10 +146,10 @@ st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi + +-spool_directory=`$exim_path -C $config -bP spool_directory | sed 's/.*=[ ]*//'` ++spool_directory=`$exim_path -bP spool_directory | sed 's/.*=[ ]*//'` + + if [ "$log_file_path" = "" ] ; then +- log_file_path=`$exim_path -C $config -bP log_file_path | sed 's/.*=[ ]*//'` ++ log_file_path=`$exim_path -bP log_file_path | sed 's/.*=[ ]*//'` + fi + + # If log_file_path contains only "syslog" then no Exim log files are in use. - --- exim4-4.72.orig/src/eximon.src - +++ exim4-4.72/src/eximon.src - @@ -68,8 +68,8 @@ st=' ' ++--- a/src/eximon.src +++++ b/src/eximon.src ++@@ -74,8 +74,8 @@ st=' ' + EXIM_PATH=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + if test "$EXIM_PATH" = ""; then EXIM_PATH=BIN_DIRECTORY/exim4; fi + +-SPOOL_DIRECTORY=`$EXIM_PATH -C $config -bP spool_directory | sed 's/.*=[ ]*//'` +-LOG_FILE_PATH=`$EXIM_PATH -C $config -bP log_file_path | sed 's/.*=[ ]*//'` ++SPOOL_DIRECTORY=`$EXIM_PATH -bP spool_directory | sed 's/.*=[ ]*//'` ++LOG_FILE_PATH=`$EXIM_PATH -bP log_file_path | sed 's/.*=[ ]*//'` + + # If log_file_path is "syslog" then logging is only to syslog, and the monitor + # is unable to display a log tail unless EXIMON_LOG_FILE_PATH is set to tell - --- exim4-4.72.orig/src/exinext.src - +++ exim4-4.72/src/exinext.src - @@ -92,8 +92,8 @@ if [ "$exim_path" = "" ]; then ++--- a/src/exinext.src +++++ b/src/exinext.src ++@@ -91,8 +91,8 @@ if [ "$exim_path" = "" ]; then + fi + + if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi +-spool_directory=`$exim_path $eximmacdef -C $config -bP spool_directory | sed 's/.*=[ ]*//'` +-qualify_domain=`$exim_path $eximmacdef -C $config -bP qualify_domain | sed 's/.*=[ ]*//'` ++spool_directory=`$exim_path $eximmacdef -bP spool_directory | sed 's/.*=[ ]*//'` ++qualify_domain=`$exim_path $eximmacdef -bP qualify_domain | sed 's/.*=[ ]*//'` + + # Now do the job. Perl uses $ so frequently that we don't want to have to + # escape them all from the shell, so pass in shell variable values as - @@ -135,7 +135,7 @@ perl - $exim_path "$eximmacdef" $argone ++@@ -134,7 +134,7 @@ perl - $exim_path "$eximmacdef" $argone + # Run Exim to get a list of hosts for the given domain; for + # each one construct the appropriate retry key. + +- open(LIST, "$exim -C $config -v -bt $address |") || ++ open(LIST, "$exim -v -bt $address |") || + die "can't run exim to route $address"; + + while () - --- exim4-4.72.orig/src/exiwhat.src - +++ exim4-4.72/src/exiwhat.src - @@ -90,8 +90,8 @@ fi ++--- a/src/exiwhat.src +++++ b/src/exiwhat.src ++@@ -89,8 +89,8 @@ fi + st=' ' + exim_path=`grep "^[$st]*exim_path" $config | sed "s/.*=[$st]*//"` + if test "$exim_path" = ""; then exim_path=BIN_DIRECTORY/exim4; fi +-spool_directory=`$exim_path -C $config -bP spool_directory | sed "s/.*=[ ]*//"` +-process_log_path=`$exim_path -C $config -bP process_log_path | sed "s/.*=[ ]*//"` ++spool_directory=`$exim_path -bP spool_directory | sed "s/.*=[ ]*//"` ++process_log_path=`$exim_path -bP process_log_path | sed "s/.*=[ ]*//"` + + # The file that Exim writes when sent the SIGUSR1 signal is specified by + # the process_log_path option. If that is not defined, Exim uses the file diff --cc debian/patches/70_remove_exim-users_references.dpatch index abb6ea1,0000000..81e364f mode 100755,000000..100755 --- a/debian/patches/70_remove_exim-users_references.dpatch +++ b/debian/patches/70_remove_exim-users_references.dpatch @@@ -1,41 -1,0 +1,40 @@@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 70_remove_exim-users_references.dpatch by Marc Haber +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. ++Last-Update: 2014-12-01 + - diff -NurbBp exim.orig/README exim/README - --- exim.orig/README 2005-08-30 12:07:58.000000000 +0200 - +++ exim/README 2009-11-15 12:17:48.000000000 +0100 - @@ -16,8 +16,16 @@ from Exim 3, though the basic structure ++--- a/README +++++ b/README ++@@ -14,8 +14,16 @@ from Exim 3, though the basic structure + older book may be helpful for the background, but a lot of the detail has + changed, so it is likely to be confusing to newcomers. + +-There is a web site at http://www.exim.org; this contains details of the +-mailing list exim-users@exim.org. ++Information about the way Debian has built the binary packages is ++obtainable in /usr/share/doc/exim4-base/README.Debian.gz, and there ++is a Debian-centered mailing list, ++pkg-exim4-users@lists.alioth.debian.org. Please ask Debian-specific ++questions there, and only write to the upstream exim-users mailing ++list if you are sure that your question is not Debian-specific. You ++can find the subscription web page on ++http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users ++ ++There is a web site at http://www.exim.org. + + A copy of the Exim FAQ should be available from the same source that you used + to obtain the Exim distribution. Additional formats for the documentation - diff -NurbBp exim.orig/src/eximstats.src exim/src/eximstats.src - --- exim.orig/src/eximstats.src 2009-11-15 12:16:19.000000000 +0100 - +++ exim/src/eximstats.src 2009-11-15 12:17:48.000000000 +0100 - @@ -536,8 +536,7 @@ about how to create charts from the tabl ++--- a/src/eximstats.src +++++ b/src/eximstats.src ++@@ -537,8 +537,7 @@ about how to create charts from the tabl + + =head1 AUTHOR + +-There is a web site at http://www.exim.org - this contains details of the +-mailing list exim-users@exim.org. ++There is a web site at http://www.exim.org + + =head1 TO DO + diff --cc debian/patches/78_Disable-chunking-BDAT-by-default.patch index 0000000,0000000..2d0b7f8 new file mode 100644 --- /dev/null +++ b/debian/patches/78_Disable-chunking-BDAT-by-default.patch @@@ -1,0 -1,0 +1,58 @@@ ++Description: Disable chunking (BDAT) by default. ++ Change default value of main option chunking_advertise_hosts and smtp ++ transport option hosts_try_chunking from "*" to empty. ++Author: Andreas Metzler ++Origin: vendor ++Forwarded: not-needed ++Last-Update: 2017-01-19 ++ ++--- a/doc/spec.txt +++++ b/doc/spec.txt ++@@ -13215,9 +13215,9 @@ There is a slight performance penalty fo ++ preceding 4.88 had these disabled by default; high-rate installations confident ++ they will never run out of resources may wish to deliberately disable them. ++ ++-+--------------------------------------------------------------+ ++-|chunking_advertise_hosts|Use: main|Type: host list*|Default: *| ++-+--------------------------------------------------------------+ ++++------------------------------------------------------------------+ +++|chunking_advertise_hosts|Use: main|Type: host list*|Default: unset| ++++------------------------------------------------------------------+ ++ ++ The CHUNKING extension (RFC3030) will be advertised in the EHLO message to ++ these hosts. Hosts may use the BDAT command as an alternate to DATA. ++@@ -22522,9 +22522,9 @@ connects. If authentication fails, Exim ++ unauthenticated. See also hosts_require_auth, and chapter 33 for details of ++ authentication. ++ ++-+--------------------------------------------------------+ ++-|hosts_try_chunking|Use: smtp|Type: host list*|Default: *| ++-+--------------------------------------------------------+ ++++------------------------------------------------------------+ +++|hosts_try_chunking|Use: smtp|Type: host list*|Default: unset| ++++------------------------------------------------------------+ ++ ++ This option provides a list of servers to which, provided they announce ++ CHUNKING support, Exim will attempt to use BDAT commands rather than DATA. BDAT ++--- a/src/globals.c +++++ b/src/globals.c ++@@ -498,7 +498,7 @@ BOOL check_rfc2047_length = TRUE; ++ int check_spool_inodes = 100; ++ int check_spool_space = 10*1024; /* 10K Kbyte == 10MB */ ++ ++-uschar *chunking_advertise_hosts = US"*"; +++uschar *chunking_advertise_hosts = NULL; ++ unsigned chunking_datasize = 0; ++ unsigned chunking_data_left = 0; ++ BOOL chunking_offered = FALSE; ++--- a/src/transports/smtp.c +++++ b/src/transports/smtp.c ++@@ -200,7 +200,7 @@ smtp_transport_options_block smtp_transp ++ NULL, /* serialize_hosts */ ++ NULL, /* hosts_try_auth */ ++ NULL, /* hosts_require_auth */ ++- US"*", /* hosts_try_chunking */ +++ NULL, /* hosts_try_chunking */ ++ #ifdef EXPERIMENTAL_DANE ++ NULL, /* hosts_try_dane */ ++ NULL, /* hosts_require_dane */ diff --cc debian/patches/79_CVE-2017-1000369.patch index 0000000,0000000..87fb3b7 new file mode 100644 --- /dev/null +++ b/debian/patches/79_CVE-2017-1000369.patch @@@ -1,0 -1,0 +1,43 @@@ ++commit 65e061b76867a9ea7aeeb535341b790b90ae6c21 ++Author: Heiko Schlittermann (HS12-RIPE) ++Date: Wed May 31 23:08:56 2017 +0200 ++ ++ Cleanup (prevent repeated use of -p/-oMr to avoid mem leak) ++ ++diff --git a/src/exim.c b/src/exim.c ++index 67583e5..88e1197 100644 ++--- a/src/exim.c +++++ b/src/exim.c ++@@ -3106,7 +3106,14 @@ for (i = 1; i < argc; i++) ++ ++ /* -oMr: Received protocol */ ++ ++- else if (Ustrcmp(argrest, "Mr") == 0) received_protocol = argv[++i]; +++ else if (Ustrcmp(argrest, "Mr") == 0) +++ +++ if (received_protocol) +++ { +++ fprintf(stderr, "received_protocol is set already\n"); +++ exit(EXIT_FAILURE); +++ } +++ else received_protocol = argv[++i]; ++ ++ /* -oMs: Set sender host name */ ++ ++@@ -3202,7 +3209,15 @@ for (i = 1; i < argc; i++) ++ ++ if (*argrest != 0) ++ { ++- uschar *hn = Ustrchr(argrest, ':'); +++ uschar *hn; +++ +++ if (received_protocol) +++ { +++ fprintf(stderr, "received_protocol is set already\n"); +++ exit(EXIT_FAILURE); +++ } +++ +++ hn = Ustrchr(argrest, ':'); ++ if (hn == NULL) ++ { ++ received_protocol = argrest; diff --cc debian/patches/80_Avoid-release-of-store-if-there-have-been-later-allo.patch index 0000000,0000000..1b55f79 new file mode 100644 --- /dev/null +++ b/debian/patches/80_Avoid-release-of-store-if-there-have-been-later-allo.patch @@@ -1,0 -1,0 +1,40 @@@ ++From: Jeremy Harris ++Date: Fri, 24 Nov 2017 20:22:33 +0000 ++Subject: Avoid release of store if there have been later allocations. Bug ++ 2199 ++Origin: https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde ++Bug: https://bugs.exim.org/show_bug.cgi?id=2199 ++Bug-Debian: https://bugs.debian.org/882648 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16943 ++ ++--- ++diff --git a/src/receive.c b/src/receive.c ++index 95cf13e1..20672dbe 100644 ++--- a/src/receive.c +++++ b/src/receive.c ++@@ -1772,8 +1772,8 @@ for (;;) ++ (and sometimes lunatic messages can have ones that are 100s of K long) we ++ call store_release() for strings that have been copied - if the string is at ++ the start of a block (and therefore the only thing in it, because we aren't ++- doing any other gets), the block gets freed. We can only do this because we ++- know there are no other calls to store_get() going on. */ +++ doing any other gets), the block gets freed. We can only do this release if +++ there were no allocations since the once that we want to free. */ ++ ++ if (ptr >= header_size - 4) ++ { ++@@ -1782,9 +1782,10 @@ for (;;) ++ header_size *= 2; ++ if (!store_extend(next->text, oldsize, header_size)) ++ { +++ BOOL release_ok = store_last_get[store_pool] == next->text; ++ uschar *newtext = store_get(header_size); ++ memcpy(newtext, next->text, ptr); ++- store_release(next->text); +++ if (release_ok) store_release(next->text); ++ next->text = newtext; ++ } ++ } ++-- ++2.15.0 ++ diff --cc debian/patches/81_Chunking-do-not-treat-the-first-lonely-dot-special.-.patch index 0000000,0000000..62bfdce new file mode 100644 --- /dev/null +++ b/debian/patches/81_Chunking-do-not-treat-the-first-lonely-dot-special.-.patch @@@ -1,0 -1,0 +1,60 @@@ ++From: "Heiko Schlittermann (HS12-RIPE)" ++Date: Mon, 27 Nov 2017 22:42:33 +0100 ++Subject: Chunking: do not treat the first lonely dot special. CVE-2017-16944, ++ Bug 2201 ++Origin: https://git.exim.org/exim.git/commit/4804c62909a62a3ac12ec4777ebd48c541028965 ++Bug: https://bugs.exim.org/show_bug.cgi?id=2201 ++Bug-Debian: https://bugs.debian.org/882671 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-16944 ++ ++(cherry picked from commit 178ecb70987f024f0e775d87c2f8b2cf587dd542) ++ ++Change log update ++ ++(cherry picked from commit b488395f4d99d44a950073a64b35ec8729102782) ++ ++--- ++diff --git a/src/receive.c b/src/receive.c ++index 20672dbe..2812ea2c 100644 ++--- a/src/receive.c +++++ b/src/receive.c ++@@ -1827,7 +1827,7 @@ for (;;) ++ prevent further reading), and break out of the loop, having freed the ++ empty header, and set next = NULL to indicate no data line. */ ++ ++- if (ptr == 0 && ch == '.' && (smtp_input || dot_ends)) +++ if (ptr == 0 && ch == '.' && dot_ends) ++ { ++ ch = (receive_getc)(GETC_BUFFER_UNLIMITED); ++ if (ch == '\r') ++diff --git a/src/smtp_in.c b/src/smtp_in.c ++index 1b45f84d..02075404 100644 ++--- a/src/smtp_in.c +++++ b/src/smtp_in.c ++@@ -4955,16 +4955,23 @@ while (done <= 0) ++ DEBUG(D_receive) debug_printf("chunking state %d, %d bytes\n", ++ (int)chunking_state, chunking_data_left); ++ +++ /* push the current receive_* function on the "stack", and +++ replace them by bdat_getc(), which in turn will use the lwr_receive_* +++ functions to do the dirty work. */ ++ lwr_receive_getc = receive_getc; ++ lwr_receive_ungetc = receive_ungetc; +++ ++ receive_getc = bdat_getc; ++ receive_ungetc = bdat_ungetc; ++ +++ dot_ends = FALSE; +++ ++ goto DATA_BDAT; ++ } ++ ++ case DATA_CMD: ++ HAD(SCH_DATA); +++ dot_ends = TRUE; ++ ++ DATA_BDAT: /* Common code for DATA and BDAT */ ++ if (!discarded && recipients_count <= 0) ++-- ++2.15.0 ++ diff --cc debian/patches/82_Fix-base64d-buffer-size-CVE-2018-6789.patch index 0000000,0000000..146339c new file mode 100644 --- /dev/null +++ b/debian/patches/82_Fix-base64d-buffer-size-CVE-2018-6789.patch @@@ -1,0 -1,0 +1,29 @@@ ++Description: Fix base64d() buffer size (CVE-2018-6789) ++ Credits for discovering this bug: Meh Chang ++Origin: vendor ++Bug-Debian: https://bugs.debian.org/890000 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-6789 ++Forwarded: not-needed ++Author: "Heiko Schlittermann (HS12-RIPE)" ++Last-Update: 2018-02-10 ++--- ++ ++--- a/src/base64.c +++++ b/src/base64.c ++@@ -152,10 +152,14 @@ static uschar dec64table[] = { ++ int ++ b64decode(uschar *code, uschar **ptr) ++ { +++ ++ int x, y; ++-uschar *result = store_get(3*(Ustrlen(code)/4) + 1); +++uschar *result; ++ ++-*ptr = result; +++{ +++ int l = Ustrlen(code); +++ *ptr = result = store_get(1 + l/4 * 3 + l%4); +++} ++ ++ /* Each cycle of the loop handles a quantum of 4 input bytes. For the last ++ quantum this may decode to 1, 2, or 3 output bytes. */ diff --cc debian/patches/83_qsa-2019-exim4.patch index 0000000,0000000..c840d5e new file mode 100644 --- /dev/null +++ b/debian/patches/83_qsa-2019-exim4.patch @@@ -1,0 -1,0 +1,45 @@@ ++From d740d2111f189760593a303124ff6b9b1f83453d Mon Sep 17 00:00:00 2001 ++From: Jeremy Harris ++Date: Mon, 27 May 2019 21:57:31 +0100 ++Subject: [PATCH] Fix CVE-2019-10149 ++ ++--- ++diff --git a/src/deliver.c b/src/deliver.c ++index 59256ac2c..45cc0723f 100644 ++--- a/src/deliver.c +++++ b/src/deliver.c ++@@ -6227,17 +6227,23 @@ if (process_recipients != RECIP_IGNORE) ++ { ++ uschar * save_local = deliver_localpart; ++ const uschar * save_domain = deliver_domain; +++ uschar * addr = new->address, * errmsg = NULL; +++ int start, end, dom; ++ ++- deliver_localpart = expand_string( ++- string_sprintf("${local_part:%s}", new->address)); ++- deliver_domain = expand_string( ++- string_sprintf("${domain:%s}", new->address)); +++ if (!parse_extract_address(addr, &errmsg, &start, &end, &dom, TRUE)) +++ log_write(0, LOG_MAIN|LOG_PANIC, +++ "failed to parse address '%.100s': %s\n", addr, errmsg); +++ else +++ { +++ deliver_localpart = +++ string_copyn(addr+start, dom ? (dom-1) - start : end - start); +++ deliver_domain = dom ? CUS string_copyn(addr+dom, end - dom) : CUS""; ++ ++- (void) event_raise(event_action, ++- US"msg:fail:internal", new->message); +++ event_raise(event_action, US"msg:fail:internal", new->message); ++ ++- deliver_localpart = save_local; ++- deliver_domain = save_domain; +++ deliver_localpart = save_local; +++ deliver_domain = save_domain; +++ } ++ } ++ #endif ++ } ++-- ++2.20.1 ++ diff --cc debian/patches/series index 872a01c,0000000..c426865 mode 100644,000000..100644 --- a/debian/patches/series +++ b/debian/patches/series @@@ -1,26 -1,0 +1,16 @@@ +31_eximmanpage.dpatch +32_exim4.dpatch +33_eximon.binary.dpatch +34_eximstatsmanpage.dpatch +35_install.dpatch ++40_reproducible_build.diff +50_localscan_dlopen.dpatch +60_convert4r4.dpatch - 66_enlarge-dh-parameters-size.dpatch +67_unnecessaryCopt.diff +70_remove_exim-users_references.dpatch - 80_mime_empty_charset.diff - 81_buffer-overrun-in-spam-acl.diff - 82_quoted-or-r-2047-encoded.diff - 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch - 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch - 85_Fix-crash-in-mime-acl-when-a-parameter-is-unterminat.patch - 86_Avoid-crash-with-badly-terminated-non-recognised-mim.patch - 87_Fix-transport-results-pipe-for-multiple-recipients-c.patch - 89_01_only_warn_on_nonempty_environment.diff - 89_01_p_Delay-chdir-until-we-opened-the-main-config.patch - 89_02_Store-the-initial-working-directory.diff - 90_Cutthrough-Fix-bug-with-dot-only-line.patch - 91_Expansions-Fix-crash-in-crypteq-On-OpenBSD-a-bad-sec.patch - 92_CVE-2016-1238.diff - 93_CVE-2016-9963-Fix-DKIM-information-leakage.patch - 94_Fix-memory-leak-on-Gnu-TLS-close.patch ++78_Disable-chunking-BDAT-by-default.patch ++79_CVE-2017-1000369.patch ++80_Avoid-release-of-store-if-there-have-been-later-allo.patch ++81_Chunking-do-not-treat-the-first-lonely-dot-special.-.patch ++82_Fix-base64d-buffer-size-CVE-2018-6789.patch ++83_qsa-2019-exim4.patch diff --cc debian/rules index 582ed0f,0000000..8feb3cd mode 100755,000000..100755 --- a/debian/rules +++ b/debian/rules @@@ -1,489 -1,0 +1,452 @@@ +#!/usr/bin/make -f +# debian/rules for exim4 +# This file is public domain software, originally written by Joey Hess. +# +# Uncomment this to turn on verbose mode. +# export DH_VERBOSE=1 + +buildname := $(shell scripts/os-type)-$(shell scripts/arch-type) +DEBIAN := $(shell pwd)/debian + +ifeq ($(wildcard /usr/share/dpkg/buildflags.mk),) +CFLAGS := -g +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) +CFLAGS += -O0 +else +CFLAGS += -O2 +endif +else +export DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie +DPKG_EXPORT_BUILDFLAGS := 1 +include /usr/share/dpkg/buildflags.mk +endif + +# The build system ignores CPPFLAGS, append them to CFLAGS +CFLAGS := $(CFLAGS) $(shell getconf LFS_CFLAGS) -D_LARGEFILE_SOURCE -fno-strict-aliasing -Wall $(CPPFLAGS) +export CFLAGS +# LFLAGS is used where GNU would use LDFLAGS +export LFLAGS += $(LDFLAGS) + +LC_ALL=C +export LC_ALL + +# Which packages should we build? +ifndef buildbasepackages +buildbasepackages=yes +endif + +ifndef extradaemonpackages +extradaemonpackages=exim4-daemon-heavy +endif +# If you want to build a daemon with a configuration tailored to YOUR special +# needs, uncomment the two custom packages in debian/control +# call "fakeroot debian/rules unpack-configs", copy EDITME.exim4-light +# to EDITME.exim4-custom and modify it. Please note that you _need_ to +# modify EDITME.exim4-custom or your build will fail due to #386188. +# +# If you want to create multiple custom packages with different names, use +# the script debian/create-custom-package [suffix]. +# +# Afterwards EITHER change the definition of extradaemonpackages above OR +# simply set extradaemonpackages to the desired value via the environment. + +# If you want your changes to survive a debian/rules clean, call +# "fakeroot debian/rules pack-configs" after customizing EDITME.exim4-custom + +# If you remove exim4-daemon-light from basedaemonpackages to prevent +# exim4-daemon-light from being built, you need to modify the build +# process to pull the helper binaries from the daemon package that you +# actually build. If you simply remove exim4-daemon-light here, you will +# end up with exim4-base sans binaries, which is most probably not what +# you intend to have. +# +# combined[ai]dbgpackage has a list of packages whose debug information +# goes into the combined debug package exim4-dbg, separated as arch +# independent and arch dependent list. +# extraadbgpackage has a list of packages whose debug information +# goes into one debug package foo-dbg per package. This is currently +# only implemented and needed for arch dependent packages. + +ifeq ($(buildbasepackages),yes) +basedaemonpackages=exim4-daemon-light +combinedadbgpackage=exim4-base eximon4 - combinedidbgpackage=exim4-config exim4 +exim4dbg=exim4-dbg +dhstripparm=--dbg-package=$(exim4dbg) +exim4dev=exim4-dev +extraadbgpackage=$(basedaemonpackages) $(extradaemonpackages) +else +basedaemonpackages= +combinedadbgpackage= - combinedidbgpackage= +exim4dbg= +dhstripparm= +exim4dev= +extraadbgpackage=$(extradaemonpackages) +endif - #DEBUGOUT:=$(shell echo >&2 buildbasepackages $(buildbasepackages)) - #DEBUGOUT:=$(shell echo >&2 extradaemonpackages $(extradaemonpackages)) + +# If you want to build with OpenSSL instead of GnuTLS, uncomment this +# OPENSSL:=1 +# Please note that building exim4-daemon-heavy with OpenSSL is a GPL +# violation. + + +# list of all arch dependent packages to be built +buildpackages=$(combinedadbgpackage) $(extraadbgpackage) $(addsuffix -dbg,$(extraadbgpackage)) $(exim4dbg) $(exim4dev) +# generate -pexim4-base -peximon4 ... commandline for debhelper +dhbuildpackages=$(addprefix -p,$(buildpackages)) +dhcombinedadbgpackage=$(addprefix -p,$(combinedadbgpackage)) - dhcombinedidbgpackage=$(addprefix -p,$(combinedidbgpackage)) + +# exim4-daemon-heavy --> b-exim4-daemon-heavy/build-Linux-x86_64/exim +daemonbinaries=$(addprefix b-,$(addsuffix /build-$(buildname)/exim,$(extradaemonpackages))) +debiandaemonbinaries=$(addprefix $(DEBIAN)/,$(addsuffix /usr/sbin/exim4,$(extradaemonpackages))) +BDIRS=$(addprefix b-,$(extradaemonpackages) $(basedaemonpackages)) + + +# get upstream-version from debian/changelog, i.e. anything until the first - +DEBVERSION := $(shell dpkg-parsechangelog | sed -n '/^Version: /s/^Version: //p') +UPSTREAMVERSION := $(shell echo $(DEBVERSION) | sed -n 's/\(.\+\)-[^-]\+/\1/p') - MTACONFLICTS := $(shell cat $(DEBIAN)/mtalist) ++DEBTIME := $(shell dpkg-parsechangelog --show-field Date) ++REPBUILDDATE := \ ++ $(shell env LC_ALL=C TZ=UTC date --date="$(DEBTIME)" '+%b %e %Y') ++REPBUILDTIME := \ ++ $(shell env LC_ALL=C TZ=UTC date --date="$(DEBTIME)" '+%H:%M:%S') ++ ++PROVIDE_DEFAULT_MTA := $(shell if dpkg-vendor --is Ubuntu || \ ++ dpkg-vendor --derives-from Ubuntu ; then : ; else \ ++ echo "default-mta" ; fi) ++# for reproducible build. If set exim would use $TZ as default value for ++# TIMEZONE_DEFAULT ++undefine TZ ++unexport TZ ++ + +# set up build directory b-exim4-daemon-heavy/ +$(addsuffix /Makefile,$(BDIRS)): %/Makefile: + mkdir $* + find . -mindepth 1 -maxdepth 1 \ + -name debian -prune -o \ + -name 'b-*' -o -print0 | \ + xargs --no-run-if-empty --null \ + cp -a --target-directory=$* ++ printf '#define REPBUILDDATE "$(REPBUILDDATE)"\n' \ ++ > $*/src/repbuildtime.h && \ ++ printf '#define REPBUILDTIME "$(REPBUILDTIME)"\n' \ ++ >> $*/src/repbuildtime.h + + +unpack-configs: unpack-configs-stamp +unpack-configs-stamp: src/EDITME exim_monitor/EDITME + patch -o EDITME.eximon exim_monitor/EDITME \ + $(DEBIAN)/EDITME.eximon.diff + patch -o EDITME.exim4-light src/EDITME \ + $(DEBIAN)/EDITME.exim4-light.diff +ifdef OPENSSL + patch EDITME.exim4-light $(DEBIAN)/EDITME.openssl.exim4-light.diff +endif - -for editme in $(DEBIAN)/EDITME.exim4-*.diff; do \ ++ for editme in $(DEBIAN)/EDITME.exim4-*.diff; do \ + if [ "$$editme" != "$(DEBIAN)/EDITME.exim4-light.diff" ]; then \ + TARGETNAME=`basename $$editme .diff`; \ + echo patch -o $$TARGETNAME EDITME.exim4-light $$editme; \ - patch -o $$TARGETNAME EDITME.exim4-light $$editme; \ ++ patch -o $$TARGETNAME EDITME.exim4-light $$editme || \ ++ exit $$? ;\ + fi; \ + done + touch unpack-configs-stamp + +pack-configs: + -diff -u src/EDITME EDITME.exim4-light \ + > $(DEBIAN)/EDITME.exim4-light.diff + -for editme in EDITME.exim4-*; do \ + if [ "$$editme" != "EDITME.exim4-light" ]; then \ + echo diff -u EDITME.exim4-light $$editme; \ + diff -u EDITME.exim4-light $$editme > $(DEBIAN)/$${editme}.diff; \ + fi; \ + done + -diff -u exim_monitor/EDITME EDITME.eximon \ + > $(DEBIAN)/EDITME.eximon.diff + +# only called manually by maintainer before upload. +update-mtaconflicts: + which grep-available > /dev/null && \ + grep-available --show-field=Package --field=Provides \ + mail-transport-agent --no-field-names \ + /var/lib/apt/lists/*Packages | grep -v exim | sort -u | \ + tr '\n' ',' | sed -e 's/,/, /g;s/, $$//' > $(DEBIAN)/mtalist + +# Generate README.Debian as text/html ... +debian/README.Debian.html: debian/README.Debian.xml + xsltproc --nonet --stringparam section.autolabel 1 \ + -o $@ \ + /usr/share/xml/docbook/stylesheet/nwalsh/html/docbook.xsl \ + $< +# ... and text/plain +debian/README.Debian: debian/README.Debian.html + chmod 755 $(DEBIAN)/lynx-dump-postprocess + lynx -force_html -dump $< | $(DEBIAN)/lynx-dump-postprocess > $@.tmp + mv $@.tmp $@ + +configure: configure-stamp + +configure-stamp: $(addsuffix /Makefile,$(BDIRS)) unpack-configs-stamp + dh_testdir + # Add here commands to configure the package. - # We currently do not want to build depend on debhelper 7.2.3 just to - # keep it from installing the wrong upstream changelog. 490937 - rm -fv CHANGES + touch $@ + +# Build binaries for the base package, the eximon4 package, and the +# exim4-daemon-light package. +b-exim4-daemon-light/build-$(buildname)/exim: b-exim4-daemon-light/Makefile configure-stamp + @echo build $( exim.1 - - touch build-indep-stamp ++ touch $@ + +build-arch: build-arch-stamp test-stamp + +ifeq ($(buildbasepackages),yes) +build-arch-stamp: b-exim4-daemon-light/build-$(buildname)/exim $(daemonbinaries) +else +build-arch-stamp: $(daemonbinaries) +endif + dh_testdir + # Which version of Berkeley DB are we building against? + printf '#include \ninstdbversionis DB_VERSION_MAJOR DB_VERSION_MINOR\n' | \ - cpp | grep instdbversionis |\ ++ cpp -P | grep instdbversionis |\ + sed -e 's/[[:space:]]*instdbversionis[[:space:]]//' \ + -e 's/[[:space:]][[:space:]]*/./' \ + -e 's_^_s/^BDBVERSION=.*/BDBVERSION=_' \ + -e 's_$$_/_' \ + > $(DEBIAN)/berkeleydb.sed + # Store Berkeley DB version in postinst script. + sed -i -f $(DEBIAN)/berkeleydb.sed \ + $(DEBIAN)/exim4-base.postinst + touch build-arch-stamp + +test-stamp: build-arch-stamp + # it is not possible to run exim unless the compile-time specified + # user exists. + if id -u Debian-exim ; then \ + echo Debian-exim user found, running minimal testsuite ; \ + chmod +x debian/minimaltest ; \ + rm -rf $(CURDIR)/test ; \ + for i in b-exim4-daemon-light/build-$(buildname)/exim \ + $(daemonbinaries) ;\ + do mkdir $(CURDIR)/test && \ + debian/minimaltest $(CURDIR)/test $$i || \ + { echo testsuite error ; exit 1 ; } ; \ + rm -rf $(CURDIR)/test ; \ + done \ + fi + touch $@ + +build: build-arch build-indep + +clean: cleanfiles + +cleanfiles: + dh_testdir + dh_testroot + + debconf-updatepo + + rm -f build-stamp configure-stamp installbase-stamp test-stamp + + # Add here commands to clean up after the build process. + [ ! -f Makefile ] || $(MAKE) distclean + -rm -rf build-* doc/tmp test/ + -rm -f EDITME.* unpack-configs-stamp + -rm -f $(DEBIAN)/debconf/exim4.conf.template $(DEBIAN)/files \ + $(DEBIAN)/README.Debian $(DEBIAN)/README.Debian.html \ + $(DEBIAN)/berkeleydb.sed + + #these are identical for all daemon-* and therefore symlinked + @cd $(DEBIAN) && find . -maxdepth 1 \ + -regex '^\./exim4-daemon-.*\.\(postinst\|prerm\)$$' \ + -and -not -name 'exim4-daemon-light.*' -print0 \ + | xargs -0r rm -v + + #pwd + chmod 755 $(DEBIAN)/exim-gencert \ + $(DEBIAN)/lynx-dump-postprocess $(DEBIAN)/script \ - $(DEBIAN)/exim-adduser ++ $(DEBIAN)/exim-adduser $(DEBIAN)/exim4_refresh_gnutls-params + dh_clean + rm -rf $(BDIRS) - # fix broken (0600) permissions in original tarball - #find OS doc scripts exim_monitor src util -perm -044 -or -print0 |\ - # xargs -0r chmod -c og+r + +installbase-stamp: b-exim4-daemon-light/build-$(buildname)/exim debian/README.Debian debian/README.Debian.html + dh_testdir + dh_testroot + dh_prep + dh_installdirs + + cd b-exim4-daemon-light && \ + $(MAKE) install FULLECHO='' \ + INSTALL_ARG=-no_symlink \ + inst_conf=$(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf \ + inst_aliases=$(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/aliases \ + inst_dest=$(DEBIAN)/exim4-base/usr/sbin + if [ -e "$(DEBIAN)/example.conf.md5" ] && [ "$$(< $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum)" != "$$(cat $(DEBIAN)/example.conf.md5)" ] ; then \ + echo "upstream example configuration has changed, new md5sum:"; \ + < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum; \ + echo "aborting build."; \ + exit 1; \ + fi + < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf md5sum > $(DEBIAN)/example.conf.md5 + sed -e 's,/[a-zA-Z/0-9.-]*exim4-base/examples/,/etc/,' \ + < $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf \ + > $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf.tmp + mv $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf.tmp \ + $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples/example.conf + install -m755 b-exim4-daemon-light/build-$(buildname)/convert4r4 \ + $(DEBIAN)/exim4-base/usr/sbin/exim_convert4r4 + install -m755 \ + b-exim4-daemon-light/build-$(buildname)/transport-filter.pl \ + b-exim4-daemon-light/util/ratelimit.pl \ + $(DEBIAN)/exim4-base/usr/share/doc/exim4-base/examples + mv $(DEBIAN)/exim4-base/usr/sbin/exim \ + $(DEBIAN)/exim4-daemon-light/usr/sbin/exim4 + # fix permissions of /usr/sbin/exim4 if running with restrictive umask, + # dh_fixperms sanitizes anything else + chmod 4755 $(DEBIAN)/exim4-daemon-light/usr/sbin/exim4 + mv $(DEBIAN)/exim4-base/usr/sbin/eximon \ + $(DEBIAN)/eximon4/usr/sbin + mv $(DEBIAN)/exim4-base/usr/sbin/eximon.bin \ + $(DEBIAN)/eximon4/usr/lib/exim4 + pod2man --center=EXIM4 --section=8 \ + $(DEBIAN)/exim4-base/usr/sbin/exipick \ + $(DEBIAN)/exim4-base/usr/share/man/man8/exipick.8 + pod2man --center=EXIM4 --section=8 \ + $(DEBIAN)/exim4-base/usr/sbin/eximstats \ + $(DEBIAN)/exim4-base/usr/share/man/man8/eximstats.8 + install -m755 $(DEBIAN)/syslog2eximlog $(DEBIAN)/exim4-base/usr/sbin/ + pod2man --center=EXIM4 --section=8 \ + $(DEBIAN)/syslog2eximlog \ + $(DEBIAN)/exim4-base/usr/share/man/man8/syslog2eximlog.8 + # if you change anything here, you will have to change + # config-custom/debian/rules as well + sed -e \ + "s/^UPEX4C_version=\"\"/UPEX4C_version=\"$(DEBVERSION)\"/" \ + < $(DEBIAN)/debconf/update-exim4.conf \ + > $(DEBIAN)/exim4-config/usr/sbin/update-exim4.conf + chmod 755 $(DEBIAN)/exim4-config/usr/sbin/update-exim4.conf + install -m 755 $(DEBIAN)/update-exim4defaults \ + $(DEBIAN)/exim4-config/usr/sbin + + cd $(DEBIAN)/debconf/conf.d && \ + tar cf - `find \( -path '*/.svn/*' -prune \) -or \ + \( -type f -print \)` | \ + { cd $(DEBIAN)/exim4-config/etc/exim4/conf.d/ && \ + tar xf - ; } + - # ship a copy in examples - # install -m644 $(DEBIAN)/debconf/exim4.conf.template $(DEBIAN)/exim4-config/usr/share/doc/exim4-config/examples/exim4.conf.template.debconf + install -m644 $(DEBIAN)/email-addresses $(DEBIAN)/exim4-config/etc/ + install -m640 -oroot -groot $(DEBIAN)/passwd.client \ + $(DEBIAN)/exim4-config/etc/exim4/ + chmod 755 $(DEBIAN)/debconf/update-exim4.conf.template + env CONFDIR=$(DEBIAN)/debconf \ + $(DEBIAN)/debconf/update-exim4.conf.template --nobackup --run - # dh_movefiles - touch installbase-stamp ++ touch $@ + + +# This dependency expands to +# debian/exim4-daemon-heavy/usr/sbin/exim4: b-exim4-daemon-heavy/build-Linux-x86_64/exim +$(debiandaemonbinaries): $(DEBIAN)/%/usr/sbin/exim4: b-%/build-$(buildname)/exim + dh_testdir + dh_testroot + dh_installdirs + install -m4755 -oroot -groot $< $@ + + ++ifeq ($(buildbasepackages),yes) ++install=installbase-stamp $(debiandaemonbinaries) ++else ++install=$(debiandaemonbinaries) ++endif ++ ++override_dh_installchangelogs: ++ dh_installchangelogs -pexim4-base doc/ChangeLog ++ dh_installchangelogs --no-package=exim4-base \ ++ -XCHANGES -Xdoc/ChangeLog ++ ++override_dh_installppp: ++ dh_installppp --name=exim4 ++ ++override_dh_strip-arch: ++ dh_strip $(dhcombinedadbgpackage) $(dhstripparm) ++ for pkg in $(extraadbgpackage); do \ ++ dh_strip -p$$pkg --dbg-package=$${pkg}-dbg; \ ++ done ++ ++override_dh_fixperms: ++ dh_fixperms -X/etc/exim4/passwd.client -Xusr/sbin/exim4 ++ ++override_dh_gencontrol: ++ dh_gencontrol -- \ ++ -VUpstream-Version=$(UPSTREAMVERSION) \ ++ -VMTA-Conflicts="$(shell cat $(DEBIAN)/mtalist)" \ ++ -Vdist:Provides:exim4-daemon-light="$(PROVIDE_DEFAULT_MTA)" ++ ++override_dh_installlogrotate: ++ dh_installlogrotate ++ dh_installlogrotate --name=exim4-paniclog ++ ++override_dh_installinit: ++ dh_installinit --noscripts --name=exim4 ++ ++override_dh_install: ++ # install config.h from daemon package, but not from exim4-daemon-light ++ dh_install -p exim4-dev \ ++ $(shell ls -1 b-exim4-daemon-*/build-$(buildname)/config.h | grep -v ^b-exim4-daemon-light/) \ ++ usr/include/exim4 ++ dh_install ++ ++override_dh_link: ++ rm -rf debian/exim4/usr/share/doc/exim4 ++ dh_link ++ ++override_dh_auto_install: ++ # disabled ++ +# Build architecture-independent files here. +# this is just exim4-config and exim4. +binary-indep: build $(install) +ifeq ($(buildbasepackages),yes) - dh_testdir -i - dh_testroot -i - # upstream changelog is only in exim4-base - dh_link -i - dh_installchangelogs -i -XCHANGES - dh_installdocs -i - dh_installexamples -i - #dh_installmenu -i - dh_installdebconf -i - dh_installlogrotate -i - # dh_installemacsen -i - #dh_installpam -i - #dh_installmime -i - # dh_installinit -i - dh_installcron -i - # dh_installinfo -i - # dh_undocumented -i - dh_installppp -i --name=exim4 - dh_installman -i - dh_install -i - dh_lintian -i - dh_strip $(dhcombinedidbgpackage) $(dhstripparm) - #for pkg in $(extraidbgpackage); do \ - # dh_strip -p$$pkg --dbg-package=$${pkg}-dbg; \ - #done - dh_compress -i - dh_fixperms -i -X/etc/exim4/passwd.client - # dh_makeshlibs -i - dh_installdeb -i - # dh_perl -i - dh_shlibdeps -i - dh_gencontrol -i -- -VUpstream-Version=$(UPSTREAMVERSION) \ - -VMTA-Conflicts="$(MTACONFLICTS)" - dh_md5sums -i - dh_builddeb -i ++ dh binary-indep +endif + +# Build architecture-dependent files here. - ifeq ($(buildbasepackages),yes) - install=installbase-stamp $(debiandaemonbinaries) - else - install=$(debiandaemonbinaries) - endif - +binary-arch: build $(install) - dh_testdir $(dhbuildpackages) - dh_testroot $(dhbuildpackages) + # symlink identical maintainerscripts + @for i in $(extradaemonpackages) ; do \ + ln -sfv exim4-daemon-light.prerm \ + "$(DEBIAN)/$$i.prerm" ; \ + ln -sfv exim4-daemon-light.postinst \ + "$(DEBIAN)/$$i.postinst" ; \ + done - # upstream changelog is only in exim4-base, the other packages include - # a symlink - dh_installchangelogs -pexim4-base doc/ChangeLog - # remove "-pexim4-base" from "-pexim4-base -pexim4-daemon-light ..." - dh_installchangelogs $(subst -pexim4-base ,,$(dhbuildpackages)) \ - -XCHANGES - dh_installdocs $(dhbuildpackages) - dh_installexamples $(dhbuildpackages) - dh_installmenu $(dhbuildpackages) - dh_installdebconf $(dhbuildpackages) - dh_installlogrotate $(dhbuildpackages) - dh_installlogrotate $(dhbuildpackages) --name=exim4-paniclog - # dh_installemacsen $(dhbuildpackages) - dh_installpam $(dhbuildpackages) - dh_installmime $(dhbuildpackages) - #dh_installinit $(dhbuildpackages) --noscripts --name=exim4 - # work around #347577 (fixed in debhelper 5.0.15) - dh_installinit $(dhbuildpackages) -n --name=exim4 - dh_installcron $(dhbuildpackages) - # dh_installinfo $(dhbuildpackages) - # dh_undocumented $(dhbuildpackages) - dh_installman $(dhbuildpackages) - dh_install $(dhbuildpackages) - # install config.h from daemon package, but not from exim4-daemon-light - dh_install -p exim4-dev \ - $(shell ls -1 b-exim4-daemon-*/build-$(buildname)/config.h | grep -v ^b-exim4-daemon-light/) \ - usr/include/exim4 - dh_lintian $(dhbuildpackages) - dh_strip $(dhcombinedadbgpackage) $(dhstripparm) - for pkg in $(extraadbgpackage); do \ - dh_strip -p$$pkg --dbg-package=$${pkg}-dbg; \ - done - dh_link $(dhbuildpackages) - dh_compress $(dhbuildpackages) - dh_fixperms $(dhbuildpackages) -Xusr/sbin/exim4 - # dh_makeshlibs $(dhbuildpackages) - dh_installdeb $(dhbuildpackages) - # dh_perl $(dhbuildpackages) - dh_shlibdeps $(dhbuildpackages) - dh_gencontrol $(dhbuildpackages) -- \ - -VUpstream-Version=$(UPSTREAMVERSION) \ - -VMTA-Conflicts="$(MTACONFLICTS)" - dh_md5sums $(dhbuildpackages) - dh_builddeb $(dhbuildpackages) ++ dh binary-arch + +binary: binary-arch binary-indep +.PHONY: build clean binary-indep binary-arch binary install diff --cc debian/script index 5fc09bd,0000000..bc0ef5c mode 100755,000000..100755 --- a/debian/script +++ b/debian/script @@@ -1,25 -1,0 +1,28 @@@ +#!/bin/bash +# install as /usr/share/bug/$package/script or /usr/share/bug/$package + +UE4CC="/etc/exim4/update-exim4.conf.conf" +REDIR=">&3" +if [ "$OUTPUT" = "all" ]; then + REDIR="" +fi + +if test -x /usr/sbin/exim4 ; then + eval /usr/sbin/exim4 -bV $REDIR +fi +if [ "$OUTPUT" != "all" ]; then + yesno "Include extended configuration information?" "yep" + if [ "$REPLY" != "yep" ] ;then + exit 0 + fi +fi +if test -r $UE4CC ; then + eval cat $UE4CC $REDIR +fi +if test -r /etc/mailname ; then + eval echo -n 'mailname:' $REDIR + eval cat /etc/mailname $REDIR +fi ++if test -r /etc/default/exim4 ; then ++ eval cat /etc/default/exim4 $REDIR ++fi diff --cc debian/update-exim4defaults index 1725f53,0000000..06915e7 mode 100644,000000..100644 --- a/debian/update-exim4defaults +++ b/debian/update-exim4defaults @@@ -1,284 -1,0 +1,284 @@@ +#!/bin/sh +# update-exim4defaults(8): manage entries in /etc/default/exim4 +# per script + +if [ -n "$EX4DEBUG" ]; then + echo "now debugging $0 $@" + set -x +fi + +unset LC_ALL +export LC_CTYPE=C + +defaultfile=/etc/default/exim4 + +EX4DEF_INIT=false +EX4DEF_FORCE=false + + +if [ -r ${defaultfile} ]; then + . ${defaultfile} +fi + + +# initialize variables +EX4DEF_QUEUERUNNER="${QUEUERUNNER}" +EX4DEF_QUEUEINTERVAL="${QUEUEINTERVAL}" +EX4DEF_COMMONOPTIONS="${COMMONOPTIONS}" +EX4DEF_QUEUERUNNEROPTIONS="${QUEUERUNNEROPTIONS}" +EX4DEF_QFLAGS="${QFLAGS}" +EX4DEF_SMTPLISTENEROPTIONS="${SMTPLISTENEROPTIONS}" + +EX4DEF_FLAGOPTIONS=false +EX4DEF_FLAGREMOVE=false + +ex4def_usage () +{ + echo "update-exim4defaults: manage entries in /etc/default/exim4" + echo " usage: update-exim4defaults [[--queuerunner combined|separate|queueonly|ppp|no|nodaemon]" + echo " [--qflags flags ] [--queuetime time] [--commonoptions options]" + echo " [--queuerunneroptions options] [--smtplisteneroptions options]]" + echo " [--remove-common options] [--remove-queue options]" + echo " [--remove-smtp options]" + echo " [--force|-f] [--help|-h]" + echo " [--init]" +} + + +# used for initialzing and with --force. +ex4def_write(){ + EX4DEF_TMP="$(tempfile -m 600 -p ex4)" + cat << EOF > "${EX4DEF_TMP}" +# /etc/default/exim4 +EX4DEF_VERSION='${EX4DEF_VERSION}' + +# 'combined' - one daemon running queue and listening on SMTP port +# 'no' - no daemon running the queue +# 'separate' - two separate daemons +# 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4. +# 'nodaemon' - no daemon is started at all. +# 'queueonly' - only a queue running daemon is started, no SMTP listener. +# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4 +QUEUERUNNER='${EX4DEF_QUEUERUNNER}' +# how often should we run the queue +QUEUEINTERVAL='${EX4DEF_QUEUEINTERVAL}' +# options common to quez-runner and listening daemon +COMMONOPTIONS='${EX4DEF_COMMONOPTIONS}' +# more options for the daemon/process running the queue (applies to the one +# started in /etc/ppp/ip-up.d/exim4, too. +QUEUERUNNEROPTIONS='${EX4DEF_QUEUERUNNEROPTIONS}' +# special flags given to exim directly after the -q. See exim(8) +QFLAGS='${EX4DEF_QFLAGS}' +# Options for the SMTP listener daemon. By default, it is listening on +# port 25 only. To listen on more ports, it is recommended to use - # -oX 25:587:10025 -oP /var/run/exim4/exim.pid ++# -oX 25:587:10025 -oP /run/exim4/exim.pid +SMTPLISTENEROPTIONS='${EX4DEF_SMTPLISTENEROPTIONS}' +EOF + cat "${EX4DEF_TMP}" > "${defaultfile}" + rm -f "${EX4DEF_TMP}" +} + +## Parse commandline +TEMP=$(getopt -n update-exim4defaults \ + -l qflags:,queuerunner:,queuetime:,commonoptions:,queuerunneroptions:,smtplisteneroptions:,remove-common:,remove-queue:,remove-smtp:,force,help,init -- \ + +fh "$@") + +if test "$?" != 0; then + echo "Terminating..." >&2 + exit 1 +fi + +eval set -- ${TEMP} +while test "$1" != "--"; do + case $1 in + -f|--force) + EX4DEF_FORCE=true + ;; + -h|--help) + ex4def_usage + exit 0 + ;; + --qflags) + shift + EX4DEF_QFLAGS="$1" + ;; + --queuerunner) + shift + EX4DEF_QUEUERUNNER="$1" + if ! expr match "${EX4DEF_QUEUERUNNER}" '\(ppp\|no\|combined\|nodaemon\|queueonly\|separate\)$' >/dev/null ; then + echo "invalid argument ${EX4DEF_QUEUERUNNER} for --queuerunner" 1>&2 + exit 1 + fi + ;; + --queuetime) + shift + EX4DEF_QUEUEINTERVAL="$1" + ;; + --commonoptions) + shift + EX4DEF_COMMONOPTIONS="$1" + EX4DEF_FLAGOPTIONS=true + ;; + --queuerunneroptions) + shift + EX4DEF_QUEUERUNNEROPTIONS="$1" + EX4DEF_FLAGOPTIONS=true + ;; + --smtplisteneroptions) + shift + EX4DEF_SMTPLISTENEROPTIONS="$1" + EX4DEF_FLAGOPTIONS=true + ;; + --remove-common) + shift + EX4DEF_REMOVECOMMON="$1" + EX4DEF_FLAGREMOVE=true + ;; + --remove-queue) + shift + EX4DEF_REMOVEQUEUE="$1" + EX4DEF_FLAGREMOVE=true + ;; + --remove-smtp) + shift + EX4DEF_REMOVESMTP="$1" + EX4DEF_FLAGREMOVE=true + ;; + --init) + EX4DEF_INIT=true + ;; + esac + shift +done +shift + +# No non-option arguments allowed. +if [ "$#" -ne 0 ]; then + echo "No non option arguments allowed" >&2 + ex4def_usage >&2 + exit 1 +fi + +if [ "${EX4DEF_FLAGREMOVE}" = "true" ] && [ "${EX4DEF_FLAGOPTIONS}" = "true" ] ; then + echo "Cannot use --remove-something together with --somethingoptions" >&2 + ex4def_usage >&2 + exit 1 +fi + +#if [ ! -r ${defaultfile} ]; then +# echo "Cannot read ${defaultfile}, terminating" >&2 +# exit 1 +#fi + +if "${EX4DEF_INIT}" = "true" ] ; then + [ -e "${defaultfile}" ] && [ "${EX4DEF_FORCE}" != "true" ] && exit 0 + # Reset to default values + EX4DEF_QUEUERUNNER='combined' + EX4DEF_QUEUEINTERVAL='30m' + EX4DEF_COMMONOPTIONS='' + EX4DEF_QUEUERUNNEROPTIONS='' + EX4DEF_QFLAGS='' + EX4DEF_SMTPLISTENEROPTIONS='' + + ex4def_write + exit 0 +fi + +#Try removing +if [ "${EX4DEF_FLAGREMOVE}" = "true" ] ; then + EX4DEF_REMOVEERROR="false" + if [ ! -z "${EX4DEF_REMOVECOMMON}" ] ; then + EX4DEF_COMMONOPTIONS=$(echo "${COMMONOPTIONS}" | \ + sed -e "sÄ${EX4DEF_REMOVECOMMON}ÄÄ" -e "s/ / /g" -e 's/^ //' -e 's/ $//') + [ "${EX4DEF_COMMONOPTIONS}" = "${COMMONOPTIONS}" ] && \ + EX4DEF_REMOVEERROR="true" + fi + if [ ! -z "${EX4DEF_REMOVEQUEUE}" ] ; then + EX4DEF_QUEUERUNNEROPTIONS=$(echo "${QUEUERUNNEROPTIONS}" | \ + sed -e "sÄ${EX4DEF_REMOVEQUEUE}ÄÄ" -e "s/ / /g" -e 's/^ //' -e 's/ $//') + [ "${EX4DEF_QUEUERUNNEROPTIONS}" = "${QUEUERUNNEROPTIONS}" ] && \ + EX4DEF_REMOVEERROR="true" + fi + if [ ! -z "${EX4DEF_REMOVESMTP}" ] ; then + EX4DEF_SMTPLISTENEROPTIONS=$(echo "${SMTPLISTENEROPTIONS}" | \ + sed -e "sÄ${EX4DEF_REMOVESMTP}ÄÄ" -e "s/ / /g" -e 's/^ //' -e 's/ $//') + [ "${EX4DEF_SMTPLISTENEROPTIONS}" = "${SMTPLISTENEROPTIONS}"] && \ + EX4DEF_REMOVEERROR="true" + fi + if [ "${EX4DEF_REMOVEERROR}" = "true" ] ; then + echo "$0: removing failed, no changes" >&2 + exit 64 + fi + + EX4DEF_TMP="$(tempfile -m 600 -p ex4)" + sed -e "sÄ^QFLAGS=.*ÄQFLAGS='${EX4DEF_QFLAGS}'Ä" \ + -e "sÄ^QUEUERUNNER=.*ÄQUEUERUNNER='${EX4DEF_QUEUERUNNER}'Ä" \ + -e "sÄ^QUEUEINTERVAL=.*ÄQUEUEINTERVAL='${EX4DEF_QUEUEINTERVAL}'Ä" \ + -e "sÄ^COMMONOPTIONS=.*ÄCOMMONOPTIONS='${EX4DEF_COMMONOPTIONS}'Ä" \ + -e "sÄ^QUEUERUNNEROPTIONS=.*ÄQUEUERUNNEROPTIONS='${EX4DEF_QUEUERUNNEROPTIONS}'Ä" \ + -e "sÄ^SMTPLISTENEROPTIONS=.*ÄSMTPLISTENEROPTIONS='${EX4DEF_SMTPLISTENEROPTIONS}'Ä" \ + < $defaultfile > "${EX4DEF_TMP}" + mv "${EX4DEF_TMP}" $defaultfile + rm -f "${EX4DEF_TMP}" + exit 0 +fi + +if [ "${EX4DEF_FORCE}" = "true" ] ; then + ex4def_write + exit 0 + +else + EX4DEF_DOANYTHING=0 + EX4DEF_NOTALLOWED=0 + if [ "${QUEUERUNNER}" != "${EX4DEF_QUEUERUNNER}" ]; then + EX4DEF_DOANYTHING=$((${EX4DEF_DOANYTHING}+1)) + # switching the QUEUERUNNER modus is always allowed + #[ -z "${QUEUERUNNER}" ] || EX4DEF_NOTALLOWED=$((${EX4DEF_NOTALLOWED}+1)) + fi + if [ "${QUEUEINTERVAL}" != "${EX4DEF_QUEUEINTERVAL}" ] ; then + EX4DEF_DOANYTHING=$((${EX4DEF_DOANYTHING}+2)) + [ -z "${QUEUEINTERVAL}" ] || \ + EX4DEF_NOTALLOWED=$((${EX4DEF_NOTALLOWED}+2)) + fi + if [ "${COMMONOPTIONS}" != "${EX4DEF_COMMONOPTIONS}" ] ; then + EX4DEF_DOANYTHING=$((${EX4DEF_DOANYTHING}+4)) + [ -z "${COMMONOPTIONS}" ] || \ + EX4DEF_NOTALLOWED=$((${EX4DEF_NOTALLOWED}+4)) + fi + if [ "${QUEUERUNNEROPTIONS}" != "${EX4DEF_QUEUERUNNEROPTIONS}" ] ; then + EX4DEF_DOANYTHING=$((${EX4DEF_DOANYTHING}+8)) + [ -z "${QUEUERUNNEROPTIONS}" ] || \ + EX4DEF_NOTALLOWED=$((${EX4DEF_NOTALLOWED}+8)) + fi + if [ "${SMTPLISTENEROPTIONS}" != "${EX4DEF_SMTPLISTENEROPTIONS}" ] ; then + EX4DEF_DOANYTHING=$((${EX4DEF_DOANYTHING}+16)) + [ -z "${SMTPLISTENEROPTIONS}" ] || \ + EX4DEF_NOTALLOWED=$((${EX4DEF_NOTALLOWED}+16)) + fi + if [ "${QFLAGS}" != "${EX4DEF_QFLAGS}" ] ; then + EX4DEF_DOANYTHING=$((${EX4DEF_DOANYTHING}+32)) + [ -z "${QFLAGS}" ] || \ + EX4DEF_NOTALLOWED=$((${EX4DEF_NOTALLOWED}+32)) + fi + + [ ${EX4DEF_DOANYTHING} -eq 0 ] && exit 0 + if [ ${EX4DEF_NOTALLOWED} -ne 0 ] ; then + echo "setting(s) conflict with current one, terminating" >&2 + exit ${EX4DEF_NOTALLOWED} + fi + + EX4DEF_TMP="$(tempfile -m 600 -p ex4)" + sed -e "sÄ^QFLAGS=.*ÄQFLAGS='${EX4DEF_QFLAGS}'Ä" \ + -e "sÄ^QUEUERUNNER=.*ÄQUEUERUNNER='${EX4DEF_QUEUERUNNER}'Ä" \ + -e "sÄ^QUEUEINTERVAL=.*ÄQUEUEINTERVAL='${EX4DEF_QUEUEINTERVAL}'Ä" \ + -e "sÄ^COMMONOPTIONS=.*ÄCOMMONOPTIONS='${EX4DEF_COMMONOPTIONS}'Ä" \ + -e "sÄ^QUEUERUNNEROPTIONS=.*ÄQUEUERUNNEROPTIONS='${EX4DEF_QUEUERUNNEROPTIONS}'Ä" \ + -e "sÄ^SMTPLISTENEROPTIONS=.*ÄSMTPLISTENEROPTIONS='${EX4DEF_SMTPLISTENEROPTIONS}'Ä" \ + < $defaultfile > "${EX4DEF_TMP}" + mv "${EX4DEF_TMP}" $defaultfile + rm -f "${EX4DEF_TMP}" + exit 0 +fi + + + diff --cc debian/upstream/signing-key.asc index 0000000,0000000..29e2e56 new file mode 100644 --- /dev/null +++ b/debian/upstream/signing-key.asc @@@ -1,0 -1,0 +1,777 @@@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++ ++mQGiBEIV3d4RBADiY+ImtiuxCxe4ImIWZd6IetWIZaAjxLQliWrRHK7CdA6ANYAA ++OWwk6uMucPSjP2RUYXehDdVAb2i5AG3kGb/SNZ08x2eaeAtALAvRw3SxPW5/Ch4g ++bNB8VBCyyZlPsmS1epbaOags+1oD41FopdvfIQrtoD4I0d/ndG64wkDh2wCgiXdE ++QZzYknZgf4HA9DZHhizNnx0EAMBDVTpIq7xaYlK4dot4xNcWNJg4UX27a62lEKvV ++sDf1tH1qB4ujZy1ht83oXURpNk7uDf718kwaLGoSwW6qOx9iI46XoOtoxSH+6J8A ++oKtBNhCl03x10E8MK1fANe9WLdxARxgZxnPo9QOSTNO4PYR1yvrq0ThTKXvMweYT ++OJlIBADdTquCiM9fgoU3sBsnlmSMpFn27By0Yz4QjR8cLD0F1bZKmWPRAHDdwArS ++pOmKNv4tOaNp8WuuLEEJbPEcc6QdPEOH3lVQ/QZHdemYerwMN25i3MYeWAPRg4Sl ++dZ648IPWdHA/QYfp5JhlT/9UwwKPvIDTPg10FI5ecPYxcXUT2LQuTmlnZWwgTWV0 ++aGVyaW5naGFtIChFeGltIGtleSkgPG5pZ2VsQGV4aW0ub3JnPohkBBMRCgAkAhsD ++BgsJCAcDAgMVAgMDFgIBAh4BAheABQJWzue5BQkVsOPbAAoJEIWrgz/dwDJiGmoA ++oIfRyEwpzL4v6JB4BzK3TqfH6mVRAJ90M8AfnhzW3KG7l3KYxscnVZdOlbkCDQRC ++Fd3nEAgAgeLGF7rot+0cc0hwGFK7h1aGP6r2p+o1arsR/zJystk99UBWqjmKzu+3 ++6ve+H4J28Al4B7Sm75bvnKignppp0ZGP/WXlkGsk6Tt30c7tkK+1izrCFGlxf5j0 ++LKrH/cCyZp7tgqRN0ewDoqK6OmEBmSqMgarSTatyYuZy5OKof8EcJEt6nTydPdts ++VgRziX71B1pd0t/bdWwLnuQ9gkSJNiwPGBrV53x9uh43ZcpqLl17yfXh/FaUcdlZ ++N1GPtXYMr208Hv8fGpPEQVr92OJAblrlGck+aWIoYgX3tqCZDqCYtxcBaXCyRZzu ++7usKJukY1Z6t0qF1U7aWTjeVVeWXhwADBQf/RYK2jTNLnhtCVWqWhFVd0/NTbXIs ++QDeZuZXp8xHB+YjxmcbrSTvKrkRqfCvPR5r5SBOwBtq+LHElwp1OcIt2xYIEmuS1 ++Jod8+h+ohl9p11XtTp3Rd8selh7AHccFz6BYK1SsHO5ZdrFwlZf+oVxLrQzibFqZ ++Ob69T4HUp5Vh5Z9XO+YsVa5a3K1/pfpOJYMP3VgdsBlX/gUxkz9stfNUOIR5caQK ++UHfOaCQaQ02fAsmnThQkAmqACTapvqZV9wSHxgvUUbPcw2h3rty14u13J+cJDrE0 +++x1tCDSsPLbq62A1d9GJor8s6GpyYXq1ArZJgBpdq74qOKU5jc1gvMmE8YhOBBgR ++AgAPBQJCFd3nAhsMBQkJZgGAAAoJEIWrgz/dwDJiqxIAnAm3NzfRaBtl5XpnCA6n ++W2MNAwIgAJds5g802u5CKZDLGE90hHNXgF2kuQENBE1Aj9kBCADfrgx9xrDHoYSU ++3aU8zST2GEoMZypO1fBi3AiInsKakMsVibZpEI8MVM24lZw9jxGfsX70Xr+mYiTI ++ZY9GJROG6fHFLKgUYFxYeUA1GtNNilFvBGlXJAYduyKYZMdEVVtUX4b6QpQqmTeY ++sgNCznb1HuVpj4Vl6CiirjWhnZ/WhR3L20AMK6422lCw9jZuAK5RbSRJwkgI55rl ++zZGpGbBmBIHSCccMB/jg2LRYsVs//D9Qrxtkt8W8fIHCj66L6eNw1gcndpEkyytZ ++bifE3khwlRWn/Llpw8NiQiJKUE01TWQusEvd5EHFThE/9bYpUGdMiR0UmpSLkEq3 ++zurCcUK1ABEBAAGJAW4EGBECAA8FAk1Aj9kCGwIFCRKtsIABKQkQhauDP93AMmLA ++XSAEGQECAAYFAk1Aj9kACgkQA8m6p6iaqTb0Dwf/QiTT/Aj4XdoSVGR4yeXFpQNR ++l99dOtUwsP7wtSSeV5jQgEMpRwh8ib702retoWbHQva0FsDxotEatHKvdtkkCUqF ++D33jZ+aKkadcXjqnSepXY0m7sG605QN5hE1dXBhPPy5hUfXuAphSq+ma4Q4Vz+Zm ++al3etKXL2xIgAIkSX+srng3j09JfOaYdEDXOU5sNEMuDqcqPC/yt0giGFPDBd7xZ ++JQER08MyfDoFmwiVGi1Trbzjdnp1Y0q9UF2NpWUMB0q9/CaodwjU7SB4OU9FYst9 ++uImVDwI3XqL45ULUCZGhUnuHz15ePb1W5cUUu55M0iuCrjhHqt0e8/c7BrdFuwee ++AJ41rUXzNNSj3w/o9T0O7mWd0rh+HQCfSNjhzVUditAzFdNneXLgs9KddFq5AQ0E ++TUCP7gEIALzLEYpmJLCDALPKv07Yd4bhyX/st+7Hz3Uj1BjIW/+pCEFf8e+ihZg/ ++caWuSL695DddreiIhJlQiso8HsjehDccU51kep4vvTKu2p3zTSSZvIgsTTPAeyqa ++L12UCAm4SlkjhEH86Yf7Qyic5cZhkGBCtN/1RVxoEoonRGOJg2jkrvok3Dz1DQ5W ++UyS5gRASDnF58EW4HSMiRek2XgN/MEY9GLkXsoaSFWU9X3rW3Mgd4EMpTf+id2eS ++Ffp820Ati+1VB6Hte8JOWRhTopSB6FZfpZ322N2iCAX0TkZesfSwfZSTZ/Xc+29B ++3JHDrVbFmCLhJfzv6MqQ04VQZ1VWzUEAEQEAAYhPBBgRAgAPBQJNQI/uAhsMBQkS ++rbCAAAoJEIWrgz/dwDJiNIgAoIdWmf17rL5Zmf/EoPtmYngbadnaAJ45YtXrEDCV ++4fuUhLK6EdvHsGGtl5kBogRRHjTKEQQA7Nj/xLjtdH+34XBWzVRupKAEA27d5Ikn ++AVtyPK/4aiGZ2mQHPX7qaVOOHHFHVfj+38ENwZG2do87x5oJgaAf/WAqQRp0m81r ++7YZ3DGWZxeDuCYESwZxEkJ9SfOwmQ66NrHuXjjabOoQEoxtQdxcyaGDBWbvpDaXS ++4fG1oKyx1T8AoOGl+25xKVwA5GKU/DLqbBOoyOi7A/914vhUW1bd8TcKk5owI7/q ++FoSIjk1/lxxDFX600giri1FrENN+ERg0jaIBFFnkJF4dx6G5xIuEAHLJ0Y2BdXCF ++mJPJw7ZzgtTmWSKW0kDhbRx+Ozvpwa1spxyjgQAg3B1fVUBkGlV6+bDZOHmMDK8b ++7RoRdW44+ygbE+WHS5/oiQQAiZtFY14WcSi4bqhpTDK5YFZh2lyhQ2snYfOiQWB/ ++gLLfKDTDJ6pVygtayPKlx4jXuapyNE62QhU5zgCKr9DpsM7v7UnPfTgPYse5HqUW ++IPOiOE+ga0TpZT4egqzW6mPGRYQ/ZjViL+JGMa2ATvrSoR1BJCd8BFmmplDs2it2 ++Nme0LlRvZGQgTHlvbnMgKEV4aW0gTWFpbnRhaW5lcikgPHRseW9uc0BleGltLm9y ++Zz6IZgQTEQIAJgUCUR40ygIbAwUJCWYBgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheA ++AAoJEMT0+UgE0p66MDwAnRW1VWjfUD5yGhedcxiHsEg1A8vnAJ9NxfoOwPP50sWT ++f2vycK0mGECYcrkCDQRRHjTREAgAlhjQZt1+uSQ3puq7p9o/AqRrVsZxxbi/C0cS ++eAvr/iN4tkKk/4esSMevwLIMPw0ByuwCDdZusdLAI6TdDe3nwDBQVRbMlmmQM1fx ++1wsJHbiEO+WDENULU0SxqU7lwq3YCqL7oKVtZsJ0MkmEAbZlWuzBE1RzNTgdoMSB ++GmSeDu5f5q1a+BMH1gcZWQkW7Y1e1kgHDgnz6vh+cBulWCwEzrwGaEvmJJ+w2HPE ++cD9q4IvTjXxZbli7WHrSctqCdgF433iWOa+NjUCfl98z4D7KjKMqvXKqD88NYbqG ++wrvupQZMOeNjybWMnkouAXHJdA8fiTy5hV9P7nat1OMq6h+YRwAEDQf9Gl43A+H4 ++xJJ34RrCp9il8/Ef7VHEn9ZnaoMNuwCjYU9OaTHAjd7V5N23ZF15+XMvO0Szx/to ++qQ14ev385VgBD/FWGy1r+UBK1/gA3pArQhpd4mtzRsjg8e2yl0D5v3v4K1EjEtDn ++37IBwAmWjwbMU12SP0NM+KQXtO0WCQF+ggRhD8hhUPV20ejYqnismX5b7LYX+8NB ++OCleryW4pz4ZQT6MTolyjeojyCyaHE9G554ECKX+fKG/WMQmjjwjngkrPk0s3HN/ ++uU8UvQv+uucP62iHcPRKwIk6jrlR7KODR00IzSXaRNYtJoDC8oFS0xyhrG1vMiGv ++OQTBfKpgyxoIBIhPBBgRAgAPBQJRHjTRAhsMBQkJZgGAAAoJEMT0+UgE0p66lx4A ++n2JHiU9h4ElPNbDSfqjQoshYKIb3AJ9RjvMg0AdlIPi6k2PWTTBAKsoB+JkCDQRU ++rvZBARAA4jmen1cqxMnj2SIOPBV5igqnsSljlCADmC8MlW1OzozaxFJo/GMMfZjE ++AAiST3IFIzk8YBotDfUwSaVpRQ8QFz0XT6+BrDwKvMId7lZ3AuaqWkXT4+uv52Yr ++PVN87kbn52MLoUEtxgWxa1dvNmg8+wzsBVI63Oep3yo9eot95SIHeqDQj+4Rzd2Z ++Ejh/m3AHcoZl+Y71b9zsaherqvBgB6QpBNaYhEXXAFZGXzynX+6WxNKQ9gRxnsKD ++ZkbnJvBOyOLz+fsVI/lbGnSXycQ/hVw3xg30bXHuOkYhIe1SRz78YAaAlBp76o3P +++M9oJA9SxP8j6XWj3vlBtbLRNl1eUXl1ED8S95jGVzmou0I08HGJRmOGAmEYQjDJ ++JB8UR6RHn4m0yCQZZgocXCGERgSRNmPMUOaIskMnBqoCfqEifGS1ATqZgYuEik9M ++o8wfHCAeMOGsjr6ew1NGPfjvzUQGRUPRgvuE5c3m6WcsDJkgTH7YW9P8T4QeboeV ++Y7xpwkAp9Sd/eoQvpXGXjEAkC5dJhaHXKbtxrxlLHaV7cTp17+Vajuf4s3zzXhjQ ++rh9ojiNyEVBDetsowzN+UxgWybGeFtXeeqUmUgLpoV8iOjaqKI/n24+dl+JY51tH ++8cR8DG93N9xYL/CDersmvxgIZEVDrpvc3/YMhCWVHDZ0ZqmnQrsAEQEAAbQzSGVp ++a28gU2NobGl0dGVybWFubiAoRHJlc2RlbikgPGhzQHNjaGxpdHRlcm1hbm4uZGU+ ++iQJABBMBCgAqAhsBAh4BAheAAhkBBQsJCAcDBRUKCQgLBRYCAwEABQJYVnXoBQkF ++vsCnAAoJECYQG2L2k3bOhKkP/2zWhq0BlT7AAAuefaZPl9b52uT7PbY4owcMWXJz ++i7FTLWFo6KJOCBH9UTX0TXmf9S3AMMfoewblU6zOy+H1Q/ZVdzth5iJaXSbTgLlZ ++7yc7k3P+qUdBGdCHwpUJmBScdGaKCkbdcOPIxTi02sPFTBJx45ogr3/n0S8PFNOY ++Vv0fl4Nnr2bOpoSKSka08lk4HJKsMMA/BRfaSffez1QYdRJKhKTkljlJjA682Fuf ++NBaZIQ8GHUjyyOIUwQUit2yAGChbBCh9wq5Z//xzBwdqGx64QLHHF+wCg2r9Ba3D ++QMNllPidfPBPUPQ+xGXmHz0R0FzlaTYnFYKqpJSX8j/5IhaijZRxvtJljXa0fOg3 ++D1A7ZuagCpNcXWVM66FeOx2hYMlBNn/eLejBc244ydlI5lqyocGRL3qjHufp6JVi ++uwJpNMnWyLvxqrwgC6mcCDx7jJL7eI7rdAFLwfoTYnBb0zNPStf9pWngLmxsD9G0 ++U3nJnVzhsZfa9s7F13wxkfZYio/HkKW1IGZHTkJzWswXx0Ba2UK9oLDCy8dByesA ++5KmtA09dk0M/GuMFcb+ZZ3x3USa36Cw7vbJYcmDw6O4XgNf1aja5cdltENLsVKIW ++I1VguZGfIwkLC3iXN2PzO3yOW5GXQ1wPHTc/SPMuBeT6UAqPBjO6vRQRFf4ghslG ++//T2tDVIZWlrbyBTY2hsaXR0ZXJtYW5uIChIUzEyLVJJUEUpIDxoc0BzY2hsaXR0 ++ZXJtYW5uLmRlPokCPwQTAQoAKQIbAQcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheA ++BQJYVnXuBQkFvsCnAAoJECYQG2L2k3bO3YYP/0vbSNKAD68r2EN8//yRGgH1xyUe ++uRARgxJnhw7tBsO3k1YIkIEG7vKzLcRhi3vcM12ttY9R425Kl1c5ug6f4jt22bnO ++ONrJ++0Or6hRucJ3L5IHRK0b2niPqvXBbg9PMp/9p0jKCHqme7mdD6jBOHBAQIZe ++MuGLyzNKx6Dk52DZeLYRznoloYtUEurckrysL1/C9Qsah3JKlURSihVFibnIF1Wa ++GfphxKsgLDDi8FUyNWrt99MhxYwwlAbBNQ99ifX3ZLFR9Q2B2ntL4Vfvom9QBYWG ++5e3rzlfQtw4pGWpFZFDSi0LdP8FfM9wKhtnbHVEav9Te7syYgMBDx5q6irqwTh58 ++gKLicWkD22rtVGYPv+En54thAq6MXMQuzJ3s4MW/5GTZcbtsBBAj4OtHvtyKzI08 ++/TlS09bk9mlaI8PYGUU8JKZj39alL7bI7hZVn5HkGMn1Z/lojdW8Is35uKmMZnF+ ++im0vonw1n52OTv+4nOpBcidckeDr0PsiAScJBnaJNVF6v+jL5hrUxs4hD4UgTgSL ++obUzHi1g4/UP/eC1cEZH7aC2FiG2jTUqo84qTZ9Cik07fmUf95jCfsWFvijzVCPB ++oIg4W5SDfkccvoermqS2KE9b9DXdZDiaWTLO3U98nwkO6ps24lbX6mjJ+QjsSokA ++msGdN5BhOaltRYBZ0dHq0egBEAABAQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEB ++AEgASAAA/9sAQwADAgIDAgIDAwMDBAMDBAUIBQUEBAUKBwcGCAwKDAwLCgsLDQ4S ++EA0OEQ4LCxAWEBETFBUVFQwPFxgWFBgSFBUU/9sAQwEDBAQFBAUJBQUJFA0LDRQU ++FBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU ++/8IAEQgAYQBQAwERAAIRAQMRAf/EABwAAAIDAQEBAQAAAAAAAAAAAAQFAwYHCAIB ++AP/EABsBAAIDAQEBAAAAAAAAAAAAAAIDAQQFAAYH/9oADAMBAAIQAxAAAAG9fPO/ ++GubSEtBlGa96w7AivEFcmWBP87YnPpNAfdeJLIrVB5bw3TDYD3w4bu2LTZXYacWO ++gVnc64Pf8Ec9x669KlsTzp6t1iYG/tSFU0r7naLuwuQl12uih5tA9jqX6uq2jvAz ++pGF6McSNYyGJiilQ83NYWhp/p61ZWTds7d5z0VM584dN0L7eKFnVdTHT5L9NlFkL ++Jva35/0DrrVIVyK3lLNTL2PPsXHG0OOvT44MFAwd0xttYpwTK1Q38ZNWPTkM3fF0 ++OIvQZknQrAnUwPMrh54UPTFkg+osm3wFrVWJQNEvXACUD12FzzDoYjPXeS7gnWSR ++0nGJtlalBxLL5HGT12juo6HcKX+skxbGBn/EvUTEoWDLWe08e6Foxw5fK4kD5o5m ++sxQloUADLA+1dXbvUH//xAAmEAACAgICAgICAgMAAAAAAAACAwEEAAUREgYTFCEi ++MyM1FTEy/9oACAEBAAEFAh54gp4AvUZvJ8dYrKN0sFQz7ztyx4H0EEdgn+AVsX2K ++5xi+MsfZSAxnq9LIzmSBbDrKZvr20zWWNhGTtuhVrgymkEXBTUUEP16HjdozXaov ++Sqyv7Wdy7mp019t/4ZaUE1EkNSPWK3fUv4zdhDteu4LYesShtWHx48tCNjsdwe12 ++IVFoxOzQbWEa8m1j7PtqjS7NtA34pW18MuyE6hX+QsDaHjY0G2XFto1jW2l2AM5s ++hS9iWprwqCszeskE962zirt1Vu5q2ddQPrfOlzY1Qa7cTYzSMVegV+qKZBraztqE ++4yxFsNXuRva2xHOTswprhrbFx4EkvFtlM7guCwbISTYggUz0un4y2PsEWBYbJV7n ++5fuqeLdGb0W85DjwH/U/nIjETZniFxAQMxirnTNeInc7CEBH0AdmNqlVeEfTmd2/ ++Z53xGePqk7HP8g5o6/v2vkyYXduNJeTONiKtYOWEOePK4R2EWDni/wDeeTf2lz98 ++f9bP9dfA/wBaX9LM/8QAJBEAAgIBBAEFAQEAAAAAAAAAAAECESEDEBIxBBMgIkFR ++YZH/2gAIAQMBAT8BSxkqhfFnPNGIrByOxd2cnJUL9stfZJR7TLbwjH2Pb+oqTF/d ++mv0wjPaOV9kYOZSXRQ/hh7TXHZtbR8SXpx1ZfZGCiqJad9Honkaa4EbWSXyjndIe ++Uor62STOBrriNcskouqW1EVy1IxIZPTjfIbjWTng8jWt0iMs0KHE620MT5M0v0q+ ++xxU0eRqLRVEu7NFf6Kx5KONM0pYJan6S8hRXZqOWq7EQbjIvOCtmKbHJsorbojK1 ++XsYt62hWPavatn0IXuW0tl7frb//xAAoEQACAQQCAQMEAwEAAAAAAAAAAQIDERIx ++ECEEEyJBMlFhgQUUIDP/2gAIAQIBAT8BpSxlhq5DFv03olRg+oK37MZItdWaMLqy ++KVTF+74HVb7HJkYRlG6J+NWqRTUbiozo1FCcdkqcaZOLqO8dHtTJSVzrQrJWIuKj ++7iNWUFaJSpQpRxpxsjBS+on4cZEv4+pD/mz+nSppZO7I04LSJUKc9oq+P6c7LR38 ++opoSb0KDH+CfkpSdNbRlkyLMir7omSnsjSim5JlhuxFfY+XL7iaL20ZmSkmiFKVN ++JD/BcZf06U6n6LnbVhNofZHxHVpvuwlOldNGbkrF78eXb08I6MS6RdrR41F15dkX ++ZWPM3f4HjcXSMhTyjYls2QoTqOyKWFBYkvuVkpwdy3Xei/C2OCexRSLsTPgqfSyV ++7/ji/CXZLm5LRPLvlbESf+HolzFEnx8cyHwti0S3w9LmQz//xAA0EAABAwMBBgMH ++AgcAAAAAAAABAAIRAxIhMRMiQVFhcQQQMjNCUnKRobEjgRRDc4PC0fH/2gAIAQEA ++Bj8C1VvWUZG8RhmpQZZ6viUTp7sLdAlundSLbQbiOql2GgnXK9mY9Wn3QqNvtHqJ ++z9EHkWNd7xVxfAHpRxCE7x+KFy6KMCcYVwJiMoAjXM81YSZ4f9Vt4z6uqB2NXkKj ++dP3TA6kwt4mlWbP0KqsqU3B7W3Y94KnX2l1MiRjVNe+6HZDV7Nv0UFlvVuFsHP3T ++o5fq6nqsZ5ZwrfD0Kj/lHBUm1m7Jky5u0Ex2TfFube2qbalB+lv+097GWUb5ZQ4A ++LOvm951p7yve1k94V7XXcZHBbO51Dw4/l0d2e5VgY2nSbmOyaGez9DJ/KnLg3QLZ ++k2nqVLTLVJT2YBdjKaTdS4YCDKTczo1EXFsc0/ZH1cUQ/dB3TH3+35UGAOSa9jJc ++NHoUaxEwtrScOyLA8Nd1WyfLGTndmED6qg4kJjKb3Y1eOATWTLCcTwXhWM3aIJbn ++jPFbd+eYTphpbp1VV7ocXHIKLGkbaoIps5K5zpfqZWTFenHHgjNS+dJQm7avy6Gz +++yItdBzK2o3Xg7w6qnvfrgb0c1Lt1HfuJ91uq/iK+vM8Ft2Cze+kqjve0ZaUZkSt ++LD1XMoEenQjmENk2uK54Mfa09UTUe6uebiY/ZQHW/LhC+Z+JVGE3GJXhqjn2U272 ++vRNHCOC1u7rGDy4KVf75bHZAKSroXrjpqgwzZxtQtGQPJoGpMKx2qzlFABQcqeCc ++/sPutbR5eFZzeqQbrZJ+qY1pha5KpPHrqE/QeXRMd8dQKXCR5UOzvwv7bfId14T+ ++n/kfPwnzD8o91//EACUQAQACAgEEAgIDAQAAAAAAAAEAESExQVFhcYGhsZHBENHw ++4f/aAAgBAQABPyE9Z0rcCdB2bi2gtW4HmMjIVWHuYcUCU5eYwoKFP2hBbZQu19sF ++WDFwPZOZgcDQquaH+Yxs5203VdHuFqNXouUu6EZ+Z1hTDzTyxnM2aDHT1EbUVngs ++BSjk5PuFkJ5DWp0M5q09Mths3DHf6UTfwkPHrMbbXRvQOEmjDiBef7oFSfCo7F8n ++SLaqvShWNQC6XDUeXtNSX2i4ae6lqNVvt8EfJrA7V0fcxG1jFyP/ACV9cKBqOiUZ ++C2wXUN1ApsETZqunJIbCqcbC1m/dd4h6PcoosA95waBemcygowzxV8n1CAldAx+G ++OkInmlb5kcXOqMULtdvdZzsfDvL+5eXLDgwcETK42ClB5gsmWhGyDjvAo+hw1rIV ++9xwyiycHKe4fkg6SxlMs8Vz6mlZG7809IE71q2QhtMSziU80qOcS/wCBscTUFAae ++5nJNf12vZAGlQczs+e8aURa6ew/GYQRAvyXqXlqPNGre4DAcqcwxTNC4oUqEbJcl ++biDq9rKPMLLuULL4ivJldr7qiB6YFVL8gr8TptMS6eyMT0lxwSMNwp9qE2vLaYjv ++XMHtP6jsaTjgGggcJu1d8kFcDC9Vv9TEDAt1EJs+D+J9kefEfIF+uQ4kBP2GO5Ag ++Tyx8JjS81gCjw0bY3cFQ+JV5iroWcvcomXk7O8cl2dMyCY6tvK8RFTCsu+0teB/b ++O9OZeCphaTSkz8OWFmWqmDiurNXKDVUxz5gmEbUh+U18t/mMXgnTEypbiqsw6syz ++AGjrHFnPuRKNbJhRgUl/lgr4M/qH0ZfZhCE1tqWF5RdHUDxi+X6m59xaDSY6z8JC ++aFK2E1n+p1z/AGeZ9H8d8/DV/m13h//aAAwDAQACAAMAAAAQHHAkhuHnIM0XSVXk ++2hYx4dFqqkUj87TBa9n+afigH7l5i9yqnkoqIre5SNPbUU7e8//EACARAQACAgMA ++AwEBAAAAAAAAAAEAESExEEFRYXGB8PH/2gAIAQMBAT8QJY8fHUttqO9u11G1pn57 ++i0lUztYjpmDC1RtJ/vvzGVqhZWAwTm+S5AAjvGuag4qpoYZK6xBsVVKvHc9FxssZ ++sNUdOxiNrVDNURCUkbmtMAKzN6jP9+Ro3K2JlQluitTtDF/XnsqCG7gTuE0ySzYz ++EEDMv2NsuS+6IktRiSqxBqcMtqULuW7FV5GEJTD3KR9t+iFGI4DdTIKIxu558TCD ++Q/sMDuUCEb2bj6lkow7UclYgA7llruXDRg3PeBUHccjqV17gVDq4UPuZFMIV7U6H ++mWIXeZpANE2LcB5GDCQbXBEcJEoiomU1KiGY3H93LkuOYY8umbnDpRNQezUMqcum ++IHPGsORthO4bQ1P/xAAnEQEAAwACAQMDBAMAAAAAAAABABEhMUFhUYGxEHGRocHh ++8CDR8f/aAAgBAgEBPxAGWhXj2uOieu61TMeZb0hy/Dc4lXFTKOT+PxEWfb489ylj ++hXxEJxbivXj++s0HnzzAbWfEqE5y9e3x94q5OgUteh4ilDGel+rLo7eeePHvAuvb ++fz79TB7ZCbx8fDXEVlJXiLjXOZV9/wB6ll8lS3giEAPzH0tr+9wAQTrd8k1EHO5s ++BzPacX+2fEwD1X5/3KVlH7SzUr9fecGj0uD16QLMNehi7WZ7GkFi9bELz+1n/ZyJ ++OuiIqp0Yi15foXLB+sOdyK0snlFN7GGXfVXn7QKdQlYrbIFfmqfdgTmLY8RtouM0 ++Tm4eP5ii1nv/ABFhc/M1yV5yWddv3fWJvSX6qDVUUuD94YDgjwlsbXiWYuu1ikmq ++qXS5Iwp+Jq2ARzt6lANr8zKjIZdC/wATNpBjVTGJoAgthUUy5XyRbRFIC/NINcQg ++1lyZkqEuuoMiVVLHE2XOJmTJeoQ2XCGNXKgbKFY5QR3mJQfX6Gv0X2o/4lfpP3nc ++OPo7T//EACUQAQACAgMAAgICAwEAAAAAAAERIQAxQVFhcZGBoRCx0fDxwf/aAAgB ++AQABPxCUBCWAk8m945oGlsQalN+ZGw2ECd9zQQNzsxJ8GXOmKEjFkyxgQcQ+ZQEQ ++mLyRUgMBGQ/Dn2MR5mTXYGgZibmeIMVlINayjJgqHH6y6LMN0kG5tGGYwsioXfaV ++yxhhBW4OFS/b8YuvJGyFPBN4CBa0SKESkjAu8aYmuwMtOwz/AJwXCcxJ7Adx9Y7K ++AGg3C8G2zcc4rIY2hYH5fqNzlwVTAoA2l+O0MkAZCKJIUiSYoVvBBCEBrgiwsKSR ++zlDgqv2M9tJw5VZocibdDM6JVvKs9CCIpCXTNZ2Y04tyRLZunfVYPlAK2zwXHfxg ++9FANFHUsucm6Lgjin4cTkQ+W1rpAJJ3gaMdwQ1KFcoyNlZ7cMTOjbVXxjZuKMbQn ++R2rK5BiSzwTKntV65yVaC1QEKRAQCNFRluTDWhmuSWkQ0hkgJEp2v+MCcPT3ixFe ++hj5gnJwAPiGY8weAkvaIdiRp5EZrxTqkYigJE6U+cCnlwd5kDwjARSogJarKFCsf ++jCWJRVIKg0LfgA4x+WIHpD9ivK41E0QCzpOMC2OmSs1iJxz/AMwoOFCWttD81ktc ++ZIkOARg5XPZjp5lYkI2JgV6kGItFG19eXHN3YbWUh2nZ7hD5WqQU1sSOeMM0RBHg ++E86x8bDCjOWpv2cnq4dB8v8AOCFKDbbqsZ4yFlzz4dTxvWb7UBTTcLl8ljgTKiRi ++2RwmHdMVgr3HejpRnhMPWE8lASSO5wG1MRdMelBXBBh8yYFRGx5iNe+YgikAEiRZ ++0jWDKpGjgBPMWQ3pGTXGhzKusGAB5oeNER5lONEQOShhBE/IY96ZaMNTFp/WUBix ++85oB5tcYKAEYSW4eZDKB2cgJV0xJ0icGD2ROsJD8WJ/OPY7JpXsnXxORpkBfIJo+ ++0e5CKdoDhLtCNEr+cC0aAzIAQVNY4lH63ojxD+cnNBQlGe+OoxrKsBE+J0n0MFwD ++cGD5D+sv6PTba95HhBwyPgtCSKOtgYkbDJMkS0upbPX6ylD0FfZf7wO7B0mrmZwT ++YyVY2COq/vGeuYqZxJqGFc4ERwS5iE+LwNUiIiD4xTQrSDlTZg2kqyz78aNUdB9L ++3iQgNwcBo+8OaC3vJwOaFA+ZwGgwILT1VE+uVpWRTr0SFXihhAmpW2N/qM72dvOR ++3ok+Qf8AuHSQRRJzA8cRsxtVv85SwUvgcYiANqODFJ5dSVhk3wA/AwDaSYf+MON/ ++JWK0kneU2jzC8arwrxZtC5JIfQ/eSsO8/onzHUJkK79xsC+Coko5lcNjYWVitI6O ++XFemlMcCcPuGgEBLvizNH8FNf+152Z/Sf2fxc/f/AIf990z99/bn/9mJAj8EEwEK ++ACkCGwEHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAUCWFZ19gUJBb7ApwAKCRAm ++EBti9pN2znUgD/0X0ppBbZ8LZBYkyCtCtIqK+CzQTI6sWU6NDAjHrHoDsmy2RcQS ++K0Ihb4g3w0VWhU/xbwDsOyHCEj5KnhfLQTUAD/8LIKUha0lJFnpT0/WDUV9EBRMT ++xJYENuE+Cn6VhjJLrsXNTawcifU3RFUOnxYDHI/0UwEJ52b+9l1D4c+HxkJZGjqQ ++DSQh8skqos2Lrhm4m41B7/dY2BfpzA/ZVUpMtWOwLHumBjtu2n97h6Jhx6duTSif +++qghW9ViLAK0u86ZXyQKnhZSbTpeHdfU5tJUpCVb3hFNqzaS0HSfRTxeanQ09zyV ++92eoRuOVqfcj2/uYq6PerLgoPPhmP90PpSg8WVHSo/nsqV7+oteFkEvPxU2Pq21k ++B4iqD0TNann6h9qu40ZkrwX/oe1y7DVRBmBhcRHYiClmQQHO19OvD/gGt5KHKXZR ++jEvMD1EhW2d8sDlr3tvOiplim+k2EdjMBa/edhmtoRVV0NAuStlgiWNuzehFay9g ++7AjA2qurNoGvLlr/016hDy8KcP+0Uhg7bdhuELzU4RDqGRPGD49cH5QFYn4FaGre ++LrYksk/zNt8Hj1nko9seOMX36gSXqA+dyl/095Mtl+8E3rwhWtQbx4AzWlhFmQ1m ++f1sKZxdPbIa2MuSmzWBnctUCIus/4i8AOi4w4J/gAQ6txiAVaytzMUxf8bQ6SGVp ++a28gU2NobGl0dGVybWFubiAoRXhpbSBNVEEgTWFpbnRhaW5lcikgPGhlaWtvQGV4 ++aW0ub3JnPokCPQQTAQoAJwIbAQULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCWFZ1 ++/AUJBb7ApwAKCRAmEBti9pN2zo33D/4xSI5qfxOJMVdwmcK03uWQoaAkda4n5/AV ++yZb2lEfwR+CfuwmXFKwTc4ogZhE06lkDoW6bfQbsbA81Vnmjzn6YUIR0/7Te5YDQ ++l30MeBR7dD5yXArOw1yNT+/jDU9BM2wisJyAzdGuYUm9AEH2EDn8iRehSKYIhDwK ++eqhSWGr0Epl6qQLB2nTQb3yCB6dXxYKVOr1OFcZI7sOn2yc9LxbHdajWXcf+xvWP ++khvnGdsx2ZDjCKUvEa9JmKkF9WszqIdHl0oNceJSa5qf1PXKL2EcNGd6KMx5Pjwu ++LKBxQtWx3SD6tGs33jHBh99keQ06zZwpS4DsrQWR3g/ks8YvjIY2DJJEtMbka0dk ++cnZGbUl114/UYFEsmLK6r5/TB5WTAL4ucl/chrr5+CZ3yZChhv6+1HUyEtIDQ5CL ++zjtheVb6PTzWbSYZTaqXv9Rkq9611LpUeb+61PaHDKw00hFur+e4ITKM0ouaMQBo ++XKLhTYt4HsiRKuoTjiaTlMm2yLPQDpc+Fcmnrq1YaNIAq1qVzapRb7pL06ZwJm28 ++6sixlfrC4K/p4TZ5H91uorI+8zaIiKH1knbg1y1iW1J1JgJ+4qkG23TFYPeFevsU ++dY5KitWUEIGZUYbvi7IfP4FKUfobT2Ed/4nWvm67lDUXT1dU+KkII2Zp3fnYTBKa ++dWmOwHP62LkBDQRUrwUqAQgAoloa9GF0nWdO/3DrH4XvOdcupSk6oFoZMQdoQfx8 ++7NoxjR4epy1iZtYrZNgexs6S7a3lOyaAmH0zSBw8iJ5CydKpY7pVFd2lFbUvS2qe ++Hz/XVVOnCXcDShHfYULBpt9geuJc9NGmoSlF8Jjp0h3HxrSTDneatYlrwJaxMCmz ++4AfC2QIwmt8FfX7WvNm5qqEc/7qDLgAVhbFBNPLRUpyhLn2JfMaXM0aPFaPvqwSw ++0reLIpe+L4TXdv68jRq8FPjBzcXBgsW9uV3qJnncE3yHVVv5pIF3ls8V24jl7k+W ++wf0vdbHFomPbFRWosabwlG00O23X1TCdqytDNal7iHCzPQARAQABiQIfBBgBAgAJ ++BQJUrwUqAhsMAAoJECYQG2L2k3bOL/4QAJHiGmiO+h7e7G9AUMmZUmiLdcZ0QJhz ++webKbsebI5qGF6x4sqsT5FuVEFs4HYEaXCP/Mk92xBpt/5/9h1uKqrxToiIsL7EY ++dDtTQM9dlLACPTinbz/JRXG13aH19IAQcpc2mVwKNSR4qPnPLUJmBIrGdUGNh7dm ++zmnTrziM8U35DcnEf6Dj1GzIK3wfj+p4DFp0YWXr5dNGmxU63e/RJXOA6fZet4ZU ++ON6BhooEEGiZHxQ3sL43VLEKUaGbOkFBHq4+I1zec7VM++SkW+7zjNWvspvk3Tab ++tPDAf4OEtl84jHQpC863AzehOcXT+60THTC+K/1/u7C2B3yPUO1gIArHFkBrWIu6 ++ePUj5YsqxXDhM3u3EYG4vqUB3b3zbg+1vLx8w+j0/Y0b6UX5GkbfYAVi27SGxg7o ++FaLR+ceFuzybw1xhUVWp795gHf6pX0XZOFRoBUlsSGczCJK+BhJzDm6swEtbSBcT ++eZsfnH1GmBM4X0+730tGs0Z6Va/+rn7KgST+JzztiO6/D3uBeUVC/wOHuMNcI3AP ++e0lSZp3iX57nxedd24TioFyOhXGjExl5Rb7PtntGT2cFrn4hZcxUMaobKZDsGVi9 ++pGaT/LvWPauIzY06f+kS/iCdDUHQhrtzEj+vuZF4xY2YYKxbTpicC76LrdW0iVBF ++CS4Bdra3PzODuQENBFSvBtkBCACz7w7u9QK+K1Sbtr5wree+76DNF79X8a3+I9hL ++w+mRJXV3CIn666fzaqI666nQFeUXK5C6x/utoGfqPn9Ki3nXOg5NibHRcwC6yRi1 ++vxoFLhsPYZGtHUuReToGpBqRxa6VtwKbiojRIr7EXS+JAwhrEsEpYIO0CymXHFmb ++2p4EPWQB16ukWOO3MRn/Z1ucuF+9LJCwWVEGI0oKyEFQ9QNFRCnqP9gSjU8q0HVZ ++XQWUr7+hNmfkK8ODVnnNW1EHpEZAO2AfBObngSjfT9ETzNzLTsWsgvhDx33o79SZ ++Iim47U6JYjTsfavRjEkXhaJNkTKGC/1RXAjBI3NaISmQFjeBABEBAAGJAkcEKAEK ++ADEFAlTSdNYqHQFrZXkgZGVzdHJveWVkLCByZXBsYWNlZCB3aXRoIG5ldyB2ZXJz ++aW9uAAoJECYQG2L2k3bO58wQAKYDrOJAhpamwad8AcgA98Ary2AWPMLeSKqiV7uv ++3c0JN19owZcsSR5lmknaXH5fCAVaJg4x2RlO1iFGwRBekS2gX781er/evNktWBvA ++EHX9dZjbuc/78k6Pl9XpbBCljbGtClLi/gM7k/tgGEwyqr+Pg+dXBFhGbgknumjh ++0XJ+cc+1Hiq/pgzx+/m1blQPACxruh2Dmt9QE/SfkvxseGNcCVVppWM2JvZAQI6B ++YVGUiKDOcO1bgdaISzp47/2ShJJ2RNQzKMQ2pAPjtTUbTfq3VxkJCi3pzkkoKVkZ ++hgduh/tKA6RMqPYCXuRimB1QEixfRWwBGlAPbgCmXtaFR8FcFWtSMFs2w2zibxe0 ++cWRLAAUfqkMEUPJA8aUZzsBaM0o4Qlz7+ZX6Vp8/av4nfjfgZVQyrwmedGcgCj3X ++uYTdiGLLhjYA7XyH8uiKyVjCXRc2j8GcTtKfa0DTFMvdMwPtt39IEv9Fs4m2xlIq ++hg9rIUydgIv1+iiJOUF5iqoF8tMUko2moqEoCe3cc8+w8BsTncjKiN6nbng77vIk ++zRO101YJN6Kw1bPvGeFu8MapXNq3/fKM1CGJBx7G/dI545CHsc7Cd4YWX5LF7+6Q ++Fc2jTAceFG81OEoYD6O1YHXDcwEcTQYrLO3iPSHBLW7qAeCkhVH7BmHjXyQYuyZH ++sH0fiQM+BBgBAgAJBQJUrwbZAhsCASkJECYQG2L2k3bOwF0gBBkBAgAGBQJUrwbZ ++AAoJEJG05d4bZCmnqnoH/24cH0moIvRY+KPhEkSEn/9BTTd0ugm6wxNi2MyS9bWS ++wGaUkk31OG6I4unGauca7qMbbhHqn0G+ibWT4IHyU7En8ROyXbLXs4ySzk9Tja48 ++g3qaFWeqTZVpMzhqewM8R3cZxvucYPxriDFdZjWHmdi/qCTd+s8RPCOQ8fW04VH/ ++U/Eeoon9soQE+8s/MeA9fyyrBMI/AXIiiEHP3dpAiWLJsMKZoHSmAvIonolan8BW ++4NRH4SqO7jvoj05Ac8snkHVTO/BxHanZ0kEUsytABs0L4XEI30w5ctC+XAVyTFoR ++UjPp9UY8lGRIN2E8cn51klNAaQIrNje71Db6PqLos4ExURAAqtjFVU+Cr2vUwVfk ++Fp58c136MDmxv1sjNczDQ6ujyOV9cwMI5t0ibAw7T/JxkqfLltX8uZc6hPaBFQNW ++aJNgHNjKooTYSkrrBJS/nkv9zt9ORhjzEOETa0pMCEaKW+WtNCWcomOxJkhq1PTn ++V+17ZLLZ4iF4w4ApWW9lzEtVjr3bUibHGuSjB4gchHj0maMIbmVuOtNWqgWi3lVS ++wgD6Wh9ZEPvgdl+H3Ue1TmuI+ZIoy+2PMHntrJAy7Q6OOu9KbsLl3aDslxKNxNGO ++yv550QclwIhabZhMnXMzwvMC5RBNF5Yb05+RK6ZI1aATdTISCHfs1MKuS1gNSBGP ++Sr9TnT3TxmLkLb9g5+ytu58BmzQ5M2lalc75ii4WE5vDD241cGCflPFsFY+ODZBR ++9u0fqaqyUSopELgNFYXn/5dqWtpC/lANuLgLai93ATPcY5K8mB8pe9yXut9lO59W ++EPLwHnPt7BEpzTlm6vTfWzICn3sLDX814DRGqlxi02LSTq4TuLSRfDeGQWPJ8xEu ++gSTjinhyilCcTSBjkZVPzHpfNgrRbMZ6XRKItHk5+2m1XQuqFRChw9k/zuksrw2E ++BeD+8hExpr2k4H8kzD9iIDX7+JgafRi2zYwWHtGpkelerPQv/K3aEYxopWPzj9zJ ++wcu1OS+DX6R3v4p6iiF3vtKudJe5AQ0EVK8HqAEIAJTaC3AINpl8qDPK9qSq5zV+ ++lfeVA9D0O3BqCA+iqZneW3c7mi7T7A2da+KpRGanywOJtibB2TF/jWrNrbltpbhO ++JAvsou0/edeZQ0xpTAYRt/gURgRLGvRveaY/EE/zyWAmLqz1FYJUoYcyAvGRl3Yi ++AgbeDBMsrCUpJF5S77sxg03/QEjpO6jicfFdSC7HvYwfC/KLOU3nckWKkElFJG1G ++/X0+cww3H2yl7smZ/a/rs4nolcPOl9pvtZPqSuyzW3Z3JBktaeVZPGMrxqtCOgQ4 ++HCXhWSNdtuilO3r5Ojwt1mJLf1VAFm8oOB8/AZUeKDGNFJJl9VjIX6UAOhdYkEUA ++EQEAAYkCHwQYAQIACQUCVK8HqAIbIAAKCRAmEBti9pN2znd7EACmlHur1eB5p7Tm ++sOn8cHN7/3vbXqaGJab4q3i0Yg+0ZTmq3AmvjFnT9tsE1FxkSHM7cvtg9jSIZ4J2 ++aqQu50x+heypV12VSMpSVMoI58YoX6IIj2vAxBjbNsUvpXemOzisYPdpCd4z9h+0 ++C6b6vd3r1cWnE4SQoD0+QDJh0eXPSmESdF7DJPmKz/BvRJzJQW+XdV0+w+6+Dxex ++W3gFkqM5mix6BTDs4NoVqWgXHNDuoM/26RODm9FaI3tueFfszRxGq8X6DHFTWr0Z ++dHvZoDudz/LNNOXU/jsajcB0dBmbB3f2P3EjOlxsoau8bq145iltr97RmnHDqdPK ++du7uNcelXn6Qct63dyizFzvZh7LejXHslikupKe4pXccCCpc8HtQ6OoUNGXdVyWO ++0WgMKJ53NGLKxtiRpQrr+7D9YAXEi7KsfwDxcH1AIupVKgHAfs9NF06KOr5tYYi7 ++JhaCAxlGZ5uz0AX/h0caLdrCoLQZ9deV8dRhXe1d1pVzuMc9e40RI0y+z/B/q+DJ ++23I23Q5kE6zuBfhJrgCUUj76cEU3PugDBlDkjAyjfgEkKGsyz0QohGYCwQq/aKEX ++eAJ+NrfkD9Jv1jWOafk0UEX7KyWLsCbnlfSkVY7QIYDPNgwwKC5dQD9EIYWyQb6u ++QnWuUai52+ANTEFuDj8tmeiwvTienIkCRwQoAQoAMQUCVNJ07iodAWtleSBkZXN0 ++cm95ZWQsIHJlcGxhY2VkIHdpdGggbmV3IHZlcnNpb24ACgkQJhAbYvaTds66/w/7 ++BcpolgxUGKvdObzd1bfM7uCXgahvwIOY6PAi3b2yFElRlkWNnUUSRq4ZcZnqcMF+ ++eOWkKkomsTHD5z64vH0jBZxTVis6vMSAuWgmjOcWZzfDU9lecPtj/72cXOf912vZ ++0Jarlwfb+e48wCFtSyZWKr1OyC2yWZctu7K9r9SToKIKs4BM+DQMQksFKDTOjmT1 ++5yORHoCDboliqSI7hrSEKCnlJmtWATitVmm8X3th87tf0vpZgMGbaoOxwl9/DcD7 ++gBcRJQAur8d0AFfOfitU1oz56AR7O8G8b/B2RFHsKs0oo7S2Gv8i4sjFVK9AJt9c ++obIBYCi0F8IcZyv4N8U8lOf5/Y4GTBMIOJtxSHqFxerQ8mL14+0SubgRki77eUeN ++JFjYlJPKZdS/iLZq01Mp4/+oNcLi62FpBD0z0pcioGaI08erLAIgzDlR48aVsVZ4 ++ZwJFzpSzLnHEz8aFxEIvbFzvAcq20e6ZlUtPrFzQerV27ZZQbDwaGD0/snTihi6k ++of9URScnbN0D7PLM8KLK9sKOUzKwjHCIl6WJ/+J+ITOtToTy1dDo2JkKMRxNHLYv ++KZ7RaQ3liTLw2HjdXwLtmWYomBP/uAghnvnJmLztlylmTEB8C72nbPKAhqk6XonZ +++sCKbDbFTYOpYnyhXEarlYfest+hj1vibh3nkxrjeO+5AQ0EVNJ1IgEIAJwynfBE ++7wL03nQdEmO/D3ZaPnOT8jFORIXrjXsxuCxScYoIsSLqPWVuU5ddXTtBKZ8g95Cr ++CciHP/haERbkp52XhfKycB3AfNfm0CJH3pOa3PmWv6OsCfOMjM3asFOTqHNTK1XZ ++P9031Ostbhmj0np71FJKNO0rlVDizgbrHif6Hc/BNpUbdoidRy3G0V4vqUf/AyyJ ++uFPjy2CCmCq8QzQZZ9ppQe8FiCzes+3InGhNx82afdtLKnkhn5dLXV+c+8CONhGX ++H6hEVpqzXctP5s15kV/6qIU7suyNOm8K7+2rBojS7wH7z+sJ7EZy24aNNxZauBHn ++db3nXK9GT7cmgcUAEQEAAYkDPgQYAQoACQUCVNJ1IgIbAgEpCRAmEBti9pN2zsBd ++IAQZAQoABgUCVNJ1IgAKCRBqF2OKoEUM9e+4CACKtQ+EJkf2auqHlbGMx/+fq9EN ++CTOX/iSg9WvTrTzZFeGdweslgQOr1SBgVtRgekK1ffXX8VwM6mL7A7g2j7TXLFzW ++yu4kCrd+ZZVqvhvT5H4/cK0axKPq738FgyTJ6eQtjPYbnDwnN2iwlBOVF9rizi7T ++zqA/RrfZr+/pzoHRWXgDZ43x9bFM7IGDnJilV+yjnFeO/Z5DU9TV3qiJnpF5pExR ++ZliBNP80PTISkmnvhdH1eQIL+lIr0XOdTH7P6PWs1mpexwf+bttBQT1fonmV87Ep ++xtOZL15JnXBjmkqzD+fmdFOx36NWLZDYTHltm+HSJmS3wmVG+tkOyuCwqFvntQIP ++/2AG8xgVX5ZE77BAIsC9LW42qqRjHAFjFoOopTZ6htkb3eBkxsuujzGNJ2Dlcu9+ ++KO58skhcuCF21B/elXqWtBuicw5IokUVYXd1T3xBSvKjWUWF3NlvKIUFfLEFP8EV ++qThD+5Mw+a5usIXNId6jXi2143Ig30u/OZgIx8FVjzs2Lj5cWixNBmkHTDGD55+t ++op3AIHnYyfcF3p2LoKLX22KH1+uSJdNcAlIb/m9Qrknd1pcBEJ4mu8ZP6PxVXUaA ++vsehhR3haY8s7EfUCVXZlA3Q3S8r7VTg/pDB67FhaJcc6rVXlKHdPtW8rzKI010J ++625omSYA7N+HlTGDL+E0DzYapkLleDHcwkvppl52yY8S/GNpwEVIeInw3iR+jPKh ++EKlhhx05HIDwBRBDOZDURZMmBRZZTXx0Ykp0QerjDAi17YJk8mpm6KNkZt0dWODg ++qNsK8haBoiKK3pEMeGub8QsONSwxx65vlxlCBWYtZ+gJh3aBnB6tDovZ6ytfZ1Mi ++bvZqOcOBFNzrPBNldVfdsiMfZzTtGbqUQV4qiqdYmg95xkFq0upinBvr5sBI8qln ++q+4vdZosivEt8hp6uMzaFKBbX2ktrIk1jUIMwhI6ZjBHBIlaz8HxSOTgNta3r0QO ++7UelMLWZ9w1LJWsaLWNhPXQxIA70WbLb8geMVq7VyuE+uQENBFTSdbQBCACE132Q ++pR7pocJTL+LrdLkXj9Em0fs2yXv1tRS5eW7tVIzc1XITsqjXThn5hzfJ5f33ONqv ++esqeaBakMMaW39I3SZKGHFoLwqaczGfBk4ihnsSmiGoyeMD2F9gTUCGxdT23tlmZ ++SlwDH6rAnXV1JFk3QEh/QmFwjAdDfkzpt8roWOiZRWYHKwC7I1eVC5OEadK+287/ ++/RWS1mfieMaOiGIZTZqTDtGaokN3rLB62LygOUQjW20J9j4ZGIaHBvmf6dQ3LwBB ++xumeSsLxGq17VCZID9EPCAoTVPkuKs8ZfrKiLjAbuyZqgTm3oxHqStmJhGlKVn0Q ++a9IRfztb+NF0yqdNABEBAAGJAh8EGAEKAAkFAlTSdbQCGyAACgkQJhAbYvaTds4e ++fw/9Hdd/bHOfZACu0BrGS7dX+/2QmVZ6SP+yxegCQTeu4w0iZ+ohXVx4NUNzoBsg ++JqmnlY9+ulWUKMKQjTHJuC1W/4Md2rYLVMDvDl5xXY1fwkiGwAdjAVVQyJmQCjXL ++tKD50Bm1txiHARKScIuNoFj96c19pA+MUvZoLWXL52PNEKCHdi7mq6Vtu3ae3W4S ++QhFpXAlcm3CrKK52OxMFKTqMkk0r4/P+U5U9tdooElDJVoUIYoLfSr/rqPf7UrUA ++JNyk9AhajaYYgJ+Spw7FrnLoUJXgrQzRCSyDiWK6StHiCrzBej+4Co+m/N3ajqWY ++kZeFtvARPSNDxjFELxT3Jaj855WoR7DV/biAgvu3TwYcav4GYykYuq/hdFFy0Z0P ++QxSAL2Hu2s8f8T8rGjqED4++BeqTabDynKCT5dmRQ/fDw0LTTHeoxfveFKfegc8O ++R/nzYteGj71DBPpdaGTCZGDIYdSy3wb9a+9ezg2vEmP3JKMn1Z7DxP4LNOoL/ySu ++mIQIcrZWxWZSuPsiOm8FUWuvQ4iwzu+ZUC8kzNwQp7MFWPwh+DYHkp8K7m2AdjeJ ++EGPaIlhqTKIUrUEVUxkuTHGMExd/+gp3CIT5v3X08msnKrN4/HRU4x4wyUJqWVIB ++43Pv6Xfqz/1LayeY/PvMbHSSXOeXjl20iDCVxKt5qii8sfCZAg0EUmYFigEQAOeF ++OFMWA6lDAGSAlUU6g/pRDegFlNxFJhPHcDilxCLjLOIhJU6D0T1+HZh4bB4BkA9E ++qt6/FDzaW/mQO/xS+UI6cSH28fiWl8NqCKuIQCRxNzvJSYIkDJHzKDkqbtXTV+9s ++tNYhmKx/kSrADBV2Qhp6fkINjHF9rLu/iMEZfE3B1C7ieww4a5g3dOXQUGVaJ/Qz ++KEZPKGXqsxPaWXIqeUlodsKgCyle83VFda2qj9satyibcV82Z/dsP/wrELnwOYEu ++eGcN5q7q2iFI/yHfGvzoLF1hvVfPwTkhFWZmij80szRsbWEeSJREeImqjfpGgxqs ++USEJ/KgfC/3wfO55ZXVXDxlZxkcy4ciyRP/94jadxSfcHNPei7d5LHotmhLg10q1 ++QqpTJPzYcNdj1xSAu50MD93ZhSLkHLZi+AZcVE6YqO2o5ONSq7mTQFMA6N9fn8hU ++ED7PbpdgmAjTVtaK8Pk8ji2G0l3zydfbx6+7pLA3R6/93VNPv6sazRYyKh9Yuel7 ++4rXbzsm5D5alWF/39R9xxFsvmthflNCnFh0zMm/LVPEeKfMT6MRwSRjQdUGE62v9 ++xrnolWI6UBCL0CDjtJuwMrUKDwHaE7gygRW6mQEX3ZEdERDX5GGcLxwdfki8T0Jv ++i1g/cNvJ39lRZC61tusKhos/DO7qfrzIjgm9AKOdABEBAAG0G1BoaWwgUGVubm9j ++ayA8cGRwQGV4aW0ub3JnPokCWAQTAQIAQgUCUmYKXAIbAwQLCQgHBRUKCQgLBBYD ++AgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMubmV0LwAKCRBN ++HpAOFMHMBL2BD/4kqg1vkxbZmlIVCjPS/YYhsAzd445elkpvx56S66HOJwEK3h5g ++tJvuSBuIXQgfvfeqwWf4w1tFja5GiBTpRd0SSq3ZT2OOXOYpNrAnFDyRy13B7Pmd ++Cz1ibZtM/7W75SXWVL0bkuSzxTYO7v2VJ4XjEsZmBhj6i3JKidmR31a5gf1WBtky ++Eun9WV+KaQSKjaxbPlK+wTvWdXpClVNOR6izFGbxATowWQmZR1do8yLh64WPf0Ia ++/yg88cM7ZnnGKa6X9Tgr8vgJ4LyUgNmCPIX4eQKQ4PVTGB9M7hEobutQicvBceHB ++AMJI79GXzker9n17E7Fyo2uJzjIdWoKyCYqp1ASu4oBuk+LxnEW6nv2A48YnZSr5 ++kF/6SRM9PVykWoEKIrj/GEHzo9dpgeg8EBrjQpJ76GyTqy/KJwRUxRw1M8wrSeGX ++X1tEJbRgbXih2k1zLjQVCq9rrNTf2nX30PEcMEoLiO9mbLYkDqIvhGAfcwjoB302 ++oPuPlLfCnI//3HnhbBs1lZryLjjoWzMBbHK8E3HLruN6uvYxtnKY7rF7hsFJLB6j ++6kgeC8Li9ZjmID40/0vvyamUs6jsvIiS+1mDvCCYhOX/7G/19bl8gcOCCbDh9tC5 ++bGSf0KpHu1EqaV7I+ny25g7TFX8AaPtuu2AmUi4P4JC1crBDESuigUBv07QcUGhp ++bCBQZW5ub2NrIDxwZHBAZ251cGcubmV0PokCWAQTAQIAQgUCUv0tJQIbAwQLCQgH ++BRUKCQgLBBYDAgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMu ++bmV0LwAKCRBNHpAOFMHMBLNyEAConhqhQTA1q0tQ0b5NEAellt7aae2m1rtLC74T ++PArVMU5SZqcFdbhiRKo0s1QlI4V+SNZShkNH79pk7ltjx4B7Qy2H0WTjygNNULM3 ++X2AalDxs0j3vPdi3TCm0ebLO04WNUbyPr1972mHjqaCE2JgTrEr5ZUebg7/7CsYV ++dtO3T1i3KAy5J0ODg65wqcf++TJs5YGJhQD6Xu5T6glndBxK+5ChHJ39Mz4GlCLr ++Wa87YKgQfyupZRNx3H7TMp9jbjFcpIXar8wFPvX+3K8eLmr03tMbCA62biuULrl0 ++k54ZE9R/E0faqMAXydPSPc95B6BxxSeONoicFuwocESyJUKLo60FR42F671OBud2 ++WqEGhjxO2/tIymPLUJEdESq1pKCqaq+dIZwVf/H99wPKFEvBhzzFvtdgkGIKsvAE ++LFK8dmRSaLzU51CLmjwzVodiKNLxAV4ma6Kp6V0lCGcqKXGZwkqO0+DUJ0//ZTRN ++ARcS5MQqV7rPVkS5ejqZTBU0xPOiWCkpvfzgmVZaw/9B+eb7uR9OBLxUiHo/rtDY ++uwhRkX+JtwvWBkZur0zpHwIeJn/nkvV47PdUgPuwIn1ZhlQWwAj5ryhNUaAsQYlV ++POUELHjsJSy/MpHUKbs3Zz/MoYHEQgB2TEf97/lS6H4LDGFOi11t49d7Xi7F5DMc ++L+fqd7QfUGhpbCBQZW5ub2NrIDxwZHBAc3BvZGh1aXMub3JnPokCWAQTAQIAQgUC ++UmYJ5AIbAwQLCQgHBRUKCQgLBBYDAgECHgECF4AiGGhrcDovL2hhLnBvb2wuc2tz ++LWtleXNlcnZlcnMubmV0LwAKCRBNHpAOFMHMBIaED/4v+2yqYRS87QasQ945CE5H ++eeTU2oKbqnZBgeK5FlPmHC0fWFBA8/iJsLB+TwfZ5pNlnYbowX01ixa9usW9qGDh ++nHAxnHeI8lRheZ36rNnbXMiHXE9fEzrWcTkgIy4iB5vlV1KBQ5UrQFcxGlexdLqq ++CENaSPxHYohusrBPBbk6V0KxNVonCACOdXL2ECPZcjA2TIFDjn9bAFO/DFh0pJuZ ++TVqzBlazqDxzL/YTwMGimKiy1SeQFoIZGbQNdYoXyG2TRCuQYX/qGCXAbbvym0eU ++TqQfzHQ4f0zXxeu5ZVZaspRUTSZiydXG+/4HEDeSICMtRXWl4aPXRG19u4A4lLob ++g6Ty2+Hez2RsvAtCwmgt0DQfqKDKnLdubFtM0LtmfPPQ/4vx9dfcO8jzcG1ZGWHL ++DjJoOscUBY/kheaA6Vi+68GZVfQPh8/qLDPU0PZ6/6PLtvm/XFsJjuBIwG2fy8QD ++UaE0O5zKGbcEnKQPTEF4cjLuusz5Kp3iu25VwmUEQNcFLKhUEI2bQ3r43wADJNHw ++GPY5olkHSflyhv5fWsZCL24H2WuQMmlEq/a+53hYD+WFu0w9sVE01wSZInNdCen0 ++K5dhP9StLShPHFDlFxazGssV1LDRX0FGlyfw7LcW8vPSBFmq2/csH455QXqzFgJ3 ++waeojCbZQn5zX9AI+XRsMrQnUGhpbCBQZW5ub2NrIDxwaGlsLnBlbm5vY2tAZ2xv ++Ym5peC5vcmc+iQJYBBMBAgBCBQJSZgnCAhsDBAsJCAcFFQoJCAsEFgMCAQIeAQIX ++gCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVycy5uZXQvAAoJEE0ekA4UwcwE ++nQ4P/jB+mcHiWC4qEhIfXln15ydho9j1BNAGCx3u/axC8Lu1Ykzq5MfMyTYbpiiL ++I4Wq2w1eXp6N2e9cif25nVo9yVISTxdd1wzZzehedbjz85rjtCUMRgYsQh4N52PH ++nYYlkk5ctjdvrENUJ17J7v92hogDY0qXhGply0pI9LeH6g//OyrcysHAVqbIgr/B ++yjYKgaOHRvzxdYB34Djw253NQkyqA7kio6SPegHhSVlfJceNFDuf+lJ4wXyB0wlU ++TIGFnJfE4Gl5bqOhKMLOqGr9BhUoGMj/wEKjh2Mcb9aHQy1p97IiODgj+J/mloqg ++9VDfC3+I/dh3E842rApu5aLrFn8nPjyz9LRcpBwPHPIjOibGeNMlLDW3VeEPNo4+ ++/e/TU9O1fJJxioqKyytSnOs2ACwzVMH2EobfkhaSBe9VhmX2SB8TFErGc2JhQteC ++G6ueXCVqGPIcFsD1IQvUVFgxkS2IMld8vEXGZTK2jLWjJ+WH81Thij6MEoqGmtjz ++Siddr1uKNsxKp7XOioIG8r4ZEVDPvTiUiSp7dbQqVEXtI4NOIKheIqtURJ21t4Ww ++vMrIpJT1aZBrMhCIdn2xTl5NZyD7mfKnZfbdCsQxo501D6R4Flq3il0fPxsCPy6G ++T04rpaMFlE0VY4B35bGwikKy+tHIqouYFtyp+kHbDDW8nDE3tChQaGlsIFBlbm5v ++Y2sgPHBoaWwucGVubm9ja0BzcG9kaHVpcy5vcmc+iQJbBBMBAgBFAhsDBAsJCAcF ++FQoJCAsEFgMCAQIeAQIXgCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVycy5u ++ZXQvBQJSZgrxAhkBAAoJEE0ekA4UwcwEWhgP/1JmfyfHoIsCJEBXhSKb2YxcEuzu ++z6R/KhBvqyCFByjjmqh5P7SWsoTRUN1ntetQVRUGe8fK1vPcmnTjI5UVwYchNwVR ++Pr7WS66zD0Vie2UQROQB+XE3V0jgewojoSkw+fEXkLJi3q1AbHnFg0AtlxhfMl8P ++KXYzjgJJ/ZwHh+cAiRMNjy9MOK/bQlyDY6iTG9DUP0/Zny7FAq6+oyiuP1TT163L ++knFbVaEH/UdhbewQLs5GXufJ0R8TGP3VaSCiSk33kqOe4qvwFxkDN+7ioXR2A60y ++RAZNOsDd4KOxdwhUm8mNIWHne6WjFxGznrPv/VKRxUwwDV0clf7DZYvPJ0xCFLTx ++xC/9x1oKwpDB6fmqkA7DJ1GHJuKXM4O7EjVQ3SJPacU01tr2qC2BodYJG6PvzE2+ ++FzGndtwQfb+eBYrEQ12Apd6rADrFnbAyd+FH6uwRxWCPweMCyUZpCF9ZQhjd20O1 ++fDOSUhaHQUDa7NLcZA3Pzka0S4Rjkj4NPJd7r3ckXIwSgp3vwPBe9yUt/PZ09WbI ++YGYFy1z9kml2uycdsaY4WMQiA0unkpbkQN/WaraZltNTrfs5a47b/LWYeBe97n8P ++dczXAC3jSrj/wOJNb4as+bUVJ8U34BeUlJo0UCJPBINdRcKSiakjfGa8WAYEgbZl ++P9rRR5hZQvUaS4zytCxQaGlsIFBlbm5vY2sgPHBoaWwucGVubm9ja0BncnVtcHkt ++dHJvbGwub3JnPokCWAQTAQIAQgUCUmYKUAIbAwQLCQgHBRUKCQgLBBYDAgECHgEC ++F4AiGGhrcDovL2hhLnBvb2wuc2tzLWtleXNlcnZlcnMubmV0LwAKCRBNHpAOFMHM ++BFksD/4k7P55N/ZHdHuMU59DfQSvk4r6DNrGzZNvjiwpDa9GUdvFw2vXhFsxASFI ++A4i7fmkxVUzfy508+hkP3rZivqltnaie0HRSDhilruiJF8mwSWvJ1yGvmouJvT82 ++lUyUqtw79lnEADw3NypRXIRP+oz3N3jZ0s3Wmil+Lj5A2tn7QLIqTcLLtX2YmmSt ++fjc8Kk+tt6gaT+r8pov2JDjU/gG5xtKG0LfPbO12y7+qY7dJFd4gNaXAub1O0qrt ++IWsUyNqxvG98DHD0ub/+NqQdzrzhBfW7QG8hzrSafkc5qvxBR2PwJW2F5RPRwURj +++JkT1GPHZWFlUK8t6EG9w6kzL7i1xOYkxTjYK+1VFXXMQQRIy6d5a3+7ac2OtS3X ++qvhEBH8XBLdHi/0i3GQ8EAkNC3nB+p8RUrbJQbq7mzeZ5FuHOUbf2Uo9I8FCm0aK ++trVYFiLYh5joYYlXoE2Yo8rB9uMtttyvCcdIm+ewZCIQCF8MuA8PshXaOVwq/k60 ++JIIJlo+r9vX0Zgq4hEQUHA3hYkxoXWGAn0TMVZ9TekZSIdhxAIo4VsJzll2Bc51L ++IgH3zJ0FxFBTcGdKU6mDUVhrIiDe29PPQkla3wCbuH9l7W0dgebTqVZX92hbQYgm ++E3h0UcX+vnCFFPm5qpdYs4puNrSgJF8Cn9LDUGFPvUN696wmE7QkUGhpbCBQZW5u ++b2NrIDxwaGlsQHBlbm5vY2stdGVjaC5jb20+iQJYBBMBCABCBQJXqC8TAhsDBAsJ ++CAcFFQoJCAsEFgMCAQIeAQIXgCIYaGtwOi8vaGEucG9vbC5za3Mta2V5c2VydmVy ++cy5uZXQvAAoJEE0ekA4UwcwE6b4P/jUOwdtIiNmAwYNWRJvlGoq7/l+gu8CIo18e ++i35j/r6LFFuwC0+vgEowZHCqLGIBpK6yliIX1S2voguGCpoxkalPdNEb2mcBODNz ++FUVscRqzjPMOD5VY7pipP9JFJJR1FNLKCdy2OCD+lTpQkmaBmKXaGanhJ/wkDZep ++TURn75WhgpDzzdISR9tPygZvKWeE8/Ov+RzL0caOcoR4yuI+dbld1bwz0hem4rBe ++XiT8+ZSW5F8OE6MirBMyHU3fHQjHvQ3Iy/UUsMyPxE0iIMmirkKwB//U6vCJTRf/ ++2M2/k9h2DZYhsMpDkiFSI1q7jo9/zrEQEeQCX20atAPZJeaO+OLQPdBy8sghA2HD ++8UY+wZ+bfWTfQpUHvWVuPmfLUtFzulcBvE3rwJpNsgu499XZg9GJ2O8ulhOgJRHH ++z/ddaNYvSQXQvJt3woF6ElkJI9kF9MKdvlt3Rm4Lp9dfb7wmpnv5isYBte4MlVJp ++nHCg+ABZJdzm86HP6/LdfWNpZnCX5IHFgtZwdT30aUM55fVMpqCDyfM3zcnBPE5L ++pLabNyWoSYXllDy9J4FkuRkGr55bTijNK6WU47EF5U2+5BeLVbizuJ20DHcwEl5f ++p5IyZBdBmSrlltwtX6Qp1qRfaIeyiTHzx2Bz8LzONEL29swcsQxuRyf4Xovt6EIz ++4VNGqRc3uQINBFJmBYoBEAC6C/l0gjpwGcO+6BV0YP/eYSF8XxQ7BcEj+ooSs18j ++Zeg+9ih1yJyMWqrzXrREpPoIvxSTXgYN9cvc1hXSu0OxqCLjJ9R+wfIpUJyFoaQw ++AvuFfrnbwqUDoa/bSFXoUFxv/M9d9o8brO3ilgBouys3QTDTZuVttK6GQUZDYcgt ++gQsaKGQKvylwqmoldProvcetvNG2nTAnXYtNetF2r58jn/cVXS8t2Wn0wTs+b3WV ++kgnChnODJT9qaaoCFHhygNH6ERp+XlaqW81sNTkjyd+Wq+vXMvFzyk7i6ezplnYG ++vhEE1hPxYRDZEc9dEROgI95k0RzYXQvSahqoCyMS3DybqEPJJh2mxJim6UYHD5gc ++cVhTb7j3WfWoyMRZeEzb5bSesnkzrb4kRz6ZYvYF0EyvcWC7mSOtnIkQDjO/FfMo ++fRgtolBchHc1AOjBGVjRn39YhCDijo5cB5z+nhyK5BNSOQAtyrGOU+8mNSVDw4TW ++WjH2ZDJRnbE4NwSpDzVRbBEEPGILjIoPaPQ11IObjYHY8WQ+dxb+9e45WGjv2KlD ++S3UF3ABeLkjSYyPTTuH83gykU12gr60MrUQExdbG46mGjfTs/GOgzlItkEuQc4xZ ++kjk53jl1s1RjjFo+LxLpAYu1D0KpiclhNqWPbp6I9amEF5AeIWgDDOI46yC2Rtkb ++0wARAQABiQIfBBgBAgAJBQJSZgWKAhsMAAoJEE0ekA4UwcwEfrgP/1E7HYaMcyDT ++RbEy8GJt+grN+m07wLO4bnES2VzVN9X1ymWP407upZt7vy8LUN7d7AEXCMJ8KffH ++IhTN+tMbx/+xMqNhSVG5AYTlPfdaumL8jR7WvZXh6nRXZNbeGqofH36zlAbV1NiT ++SWBMxQZ6MbkW3z6QXvad/MTQFlcFouGlFHmvGdtSIBdg0e25Y+mrwXnyN1OgLJLg ++L1CzmSae944LSA8fi1EA/R+vwgJNkQPTWbuiFNKvH/UwOUXJ+JxKG/CamPT3Lgzw ++VoW6bKqDPsgWz2gSGBmN1Umb86n+xV7fu39BfWaEfpoY5g2dq+CLFYgxzymKOxj8 ++oIBfy/2VZuX2Aj8Gzh8q/Q2b0iqlrLzfXViHLD7LTzHn0G/xOks2qkwvm90wM32m ++2qkniAGimeYD0MFpbL9cD0fRAhLkMsF4t1EUTIzSdZKouKF7DMI9eJe9RbqCcOiw ++6V9h456hwqFd7Z5fi3/SbHNS8weP004DUcVhSwNsAbMDCxSDlv/QNOmGc2QDRGiP ++QrWIhq1fVj1YfWq6dfkOvwI1qvgg8b9GybIasL5YuC0xW/GHPwo54xiFcGBoWkjh ++QwxzJFDCAlO80ugGRpgEqPis6Q7gAWYjQxHuvEtgCtUcWOmlIZDyxDbcvlP2VPt6 ++mUjOkYtwOLN6xiYi7OGBxwcJU02OmG+NiQIlBBgBAgAPAhsMBQJXwTGaBQkF0dMQ ++AAoJEE0ekA4UwcwEg9AP/2QqpW7xqcuU4RQzCEJQhg+iiSx1AhFZyP/+rMMuPDvk ++CGXtEepUz67AcdWEHLKXOnQJjiFJ70jgBNtD1A+EU+kUMuWZt8QjFXyx5g0ua+nz ++oTXGjCx95uDeVz8UmmjtEf3WqwgdOeB5ezcLCbNpcotYHj7lx3eHnIbC+Tv/GQf6 ++YFS+OWS1SmNkJ8XlYoDSQwx3rjcyx5Oa07fS3a7+nsYCyHjepVRt7BPI+567+bEp ++FIcmx+BEYp3XSHUsXzp31o2aVgndLaJdbi79TN8cL+v7QwKTGdrE0PQx4moT3ww8 ++jR4gAPB+xKYHg3ArE5LeRTxvq+UAj8CrC35gtaiLSnAoYtfqS3hsqtGfRm8SigPy ++5qObH+9VrHW7f3EZFgPXHGJHig1xl2egq6AbJquG1Hg6+5AmaPIBlea7nDspfPoX +++c83Vagc/70WN0EKn6dKx+EJ43XQsEqJhUzNE1mgOEwPWz39/I/Emu2ROVD5W0nb ++ZJq/TiIQI/cmKGmxkyjk5iF0y2se58tqMclXLyUfdmZyfLeDT7tcl3FoGghosiby ++Nze5rGPjl7qpEOAqK14HxpTCTtenrmPhebYTAL4qOByQB6DdbZOST8MRPBq84Vo8 ++c1O8Rq74o2KIbAaotUHe0XlxFY7d4zwiWiWxIoOfbeD0JaQcYK/TBwBx8btmDFhm ++uDMEV8EwcRYJKwYBBAHaRw8BAQdAJf5CtBXUXVqiGpt1xQ4NlzBtqamtSgshdXad ++LIuJLHaJAn8EGAEIAAkFAlfBMHECGwIAagkQTR6QDhTBzARfIAQZFggABgUCV8Ew ++cQAKCRBREE5mjdBEgfmhAQCkv6N3THjDjvp6VDcXQzTTY1d3sUqi7L1qB4Ez6gdL ++iQD/bygVdVyoOtrP1/lsWfBfbjTsIMsprPUyneOKO9Gnogep/RAAkZflNkOvoJ0R ++Fjlw5MKzvTLTaraxU43p3GJwT5QDE4vWeql5/YWI6hu7h744AZhmeCbyg1AE01cD ++oRNz5SD7NRU/mnczCSkUALnYZYX3Ko6M5pm5DHVBmhbD9aFtraLH6tlJKLXM9rGs ++vyJCl7Tgy3cgXCYuXFiFPZn24MX+Wi1E5Nbk8hxaa3bIdht0vRdisan3n0OYo0aW ++muBMFtZN67BpBTD9I6Tw6Lzeq/7xh1k3K5rEvPeqHRVLHH29CcYxuyUOmLb6Fc65 ++Mm4xWztS0+2wWBk85AhZ00Lf2i2WkdATrPx7NGWw5fssV/7UIU+Q+NuquzQPh84S ++v7KKWjQOP3mLGcJ7WU4PKR4STBAThd2WsgaMs52LTtD+IwtMZAMvTc9Ws1e3VqTy ++lMkjtJlGxC6Uvf5OpvnYfKcENu6LBLKOp0IYBn+hEKFatbq12Dduiz1iKK8+AizA ++J+vLS1zdYanbKAJtYW+AdmbFTyfC6ytONyIiHpvXHAb/B5vH+UE8yIrJEL4XXAup ++0kEOjts26jcbPxbvfe8FHD4NZIM8F5tbuST+TckfSNfUwJ2/7M7nC66vwN2oMsuV ++faZk5NFlUlwaDiNDgQnb1qQm/ltLBrVsVFc3Qra41IZu18etxsOaDRpTmyW/i+2z ++F5QWE4RzEccLAJ+BPLdIQX5xKVZYhsy4OARXwTClEgorBgEEAZdVAQUBAQdAt3Vx ++YCdOrV+5P3o39foPJbUE97JkCZsH/SLX7d4WK3UDAQgHiQIlBBgBCAAPBQJXwTCl ++AhsMBQkFo5qAAAoJEE0ekA4UwcwE5q4QAN/5x/N/8gldfGwarLCLrtHywZy0JMwJ ++ZcZjT0z5mBBTwNsP1Ib2k9tGqAeqR92IYuAEJI7UYNJ8aEMbDDbfOtuhecQupfXH ++yAahLrKSaCXj49m/nwBQGDESDSbaOU/j9YSwwrG2vFZESwhTUdhJha+Uple3vtj3 ++H7JH+CvdCucjOTWSpdl0nf/64wPHbos+SfeS862UjLJnS6kq4GA+T8Wyh5ttYzho ++bdNZSRh1aU5clQNFLhe+O8GWTY81AI/t3wT0WLsavhUa3CqVPJM6vzHBT46weyim ++P0qoHRpo1sfJ2A4/YGc/+r8cwDimHpG9mIr2G3nx1Z8FhXxjQN4k1QFpMJ8LyHrO ++LS1oIpmNmwWzVDXuRQoerXXqOO61qEaorQi0buR6Y3uT0+DhnGmbXYvy07IaLlyk ++fAE6/CCUkIo5BNBBm0spChAud3Hhr95uLmey0JvEGXd4kjU+6QCnY0pI//2Px3Bm ++2V9d1o1+31dr8cbh5RkhbT9qrg+5QIOeWG3SsOQqKhOaK1l5VpdlpSMoE1OJxUOT ++TsA5RcDWlbSC6hQR+8AnUpGnB9eZDtTsAVzzcJfiphoQhCb0tyjgyeioSSPyA2SW ++/Xe8lk9swoG5eK2PI5rKQ+Av/f7vZgG3qMX9F7Ywl/Cewje6cXFaeMbOWzkrNGRN ++6Y7KlqQSpY4luQINBFfBMcwBEAC6AUNasY9Ibw9B064L2U4uflZq3N41ZUKEcrhA ++JZbDhPlKYqLPN0xwJrbUGFCkkTZF/5jsy/2YKir1ywjNPuvrIgqRwuyouTeJOLQX ++dAlbZHajVR8ljbQehdVxMJ2nPYHyuwRAQTjtYceMC2DFe/YrdWKa9p2x7z9hD7sx ++g3HrzXXtAj0Cp/F5fokQg5xnqGqUyEjV7AHajljsap0bOZpJLkXDhDYsgMtObWgt ++yZHKfmpKv3XdFgHUpxu+XX8hw6Q9FIS28DEOVRFCzGsY6tqRUMfBSnUvj+x3pF/g ++XNMH1HJF7u4nQ5nulhlyyDupXQ5BNIF0o1bEKMOLHc0TZ7wgJnPvZXFB27dE/U5j ++W839cu0e5eVGrJz21AwnwIUSDkVG+qIGjRIVys4ce65kgjCOJkL7yRJD5YCWW7hj ++T3/JU3l3lAQVwS6bR4Qi6Qsl0eKmhsjqkT7N3KDXbCSqmAp9b994bxYOeNyotFtQ ++APCmUVFykQYDMJTUdm0iZX40q8p7T+OhkWtmuL5xGpP9KU6IOWHRxgcRN7cVNOoo ++igE9mqwiTl236kxY7NQLilF5dzNbExtFSKf2h2aXyU+CpYE2aa6FTetMUxZnI2+o ++B1hGmVGoGBzdlhdXjrn9uZdiLOumSaWZ1mt/EMNJVT6aPIPSASkXx1Se7g8pCCW1 ++K2OtgQARAQABiQIlBBgBCAAPBQJXwTHMAhsMBQkFo5qAAAoJEE0ekA4UwcwEBqUP ++/jLOHwYJeaJsgsi5I2v4HPUR0kZZNrAeraW66O+zkHyPehiU2dc4KeuWAP1YZ04c ++jUyusCN9QLSx4zbaZHPJjqStLQqsanYZ9qdeAVLgxp3A3ZFAt/19DlSMIf0cWmg2 ++VY9md4Ex0rTfv50cGnaB8CLpEaKwwJJVkSG3YfqgBb/1rjWj7KubM4k3QNQ2UwG4 ++ABs+mZ0f7VYpd9hQkRza8IcOQ/xpGIoNlweWqOrMm9Xk1XN3LQ2SUG5pPs56FHGW ++/Q4jN0zqCGVPv68T+ij50w//JOfrL98x+QOkTYHhFBUDsqmysBO7deBeQ772Rr3w ++qLVqmVyVovhSWn+r6QLX+OD80o2I7bJKAgxK4A2blBcjIA6zK7rKlh5zitACRs3B ++vmGYenCxF55n5BTY4osVE/8iG6c3i7NLZFRtsYwaA9TCYZxOUIW8cfZi2PyfMw0A ++mndldZ5SauaACfEdcIe7LE4Qu6vUz1qEr0DCG1+VetK0NKePSXMg/VV3RTi4mUOX ++mv/pSrJxDSQMPA3y6QdXqUtQl25nM6KzgcOpGah8UOdyDZccK6B3zlq1ngKE9U19 ++e/FgZamUn49hqKNu6QhQ+2pgiehgRJ1Nmo6iyf+0O12kwTHWhXsb7ZbfA86OHlPu ++EjFDDW4kXkOSE3SRTP9GY5w7HVY1qUWy+2/FeYyW4syGuQINBFfD2hsBEACqLMDp ++uA+/9VWscimKTs7+k0BiuxfPwNJAYYznAVNFt+GE464v6YJNXpKt07BRzDpuivaD ++PobqtFXc2nvBHcCUOP6QTUP89rOC/bw039B+KRaPlQJTGbPKL/kqIXiK5ihjgSXd ++HDCmzNFHuec07pWgBMI+LYfZpKIHGsFVynIL53mmhxavGTCSzJrBd6pyhoeCzMsI ++ZAq6pZ0HKjfVWP7B3yBJfazCr2V/HkOmKV/vPJT+oflE4f+PP5tTuvEWE5UXM8VX ++nROMcxaNHLB43Pbh3A5neGgFm74Ha0tfWZHrZYnNCFRGbxp7PnfbKL+tZ8xtyQr1 ++pQ+x1y8Bkxj1MgiOj55MmRmjxlVJ+L6zyB5Tw7kqsaBHiSDBWUz6SJz3pFD3X3GP ++D/nkNqhBhSzFM2qxHME3CkK+hU4jOEkcZpHhsjL+pXVudGNHIByDNj9lqP7vswg7 ++cnGN7QIPdpBdvgcFg4qZS93LsLJlqhNDtCwd/Ut+QNT6xE51HflZ+3/su9FEjUFK ++ZMEtAu0TDoaf7iV9VyD84wjLWAm1GVXpDh1/WuSUBifMfTyHXyLN2y2Ja5D1mws1 ++g2ywzHBW/2e3gUzYSd4JQEWLYld0kZhQ5V/Y9Y19jDpDUUgxkZmb5dnHRaGwmyx2 ++7zReKqN5NF2tdeWsUMibZkEQdib0n+WnzuJMYwARAQABiQQ+BBgBCAAJBQJXw9ob ++AhsCAikJEE0ekA4UwcwEwV0gBBkBCAAGBQJXw9obAAoJEBPa2Zx+QVGcxvwP/2aI ++UD60sKExN2fLXj7mMZ/wWlDnCdqvTGD7lrk6r/fAQcaOAgajCMEXOPZXlPBhdQ4j ++xD3FLs52CNZkcwzXMbspz1lfIOk2U1UGhmnAyriY4Uf5cRu2RPR0HYwOBB0xr69S ++IrsmlX4pf1AnulE7CIY/oPBjB2XQRQ7ls8sMqmm+0TxRysaosHGu7Vbez5iKBm3p ++0rEh8TcVkgMivdUPue/ip+mCaDCfGeAiXLXWtiEiwaS3Pq+QzHhZtBvShWlc3k2m ++CFlrGQwovPxY5SqGs6QwifrmnGSSlyaAorDZcQEkZe/HP2/qXKb7uBD3/r8t2OE+ ++BZKwJxW2fIpaO+u8k5EXSDzuxRqSNj3wYUI2+WNQzBmAyOZ6XBX4Pz0xZyahtXCz ++J+5deqCnEtJI1HdPSvM7STE6s6BmkhUl8weSAD+7v/HNPWvQXYFoeGFeqvoVOCqB ++7jJZUj+n/eUh9PxsOtwdJlvdoODuQIYyzuSapm6OPnBKg+v7Bp39Ym8j5Nfe3xqg +++O6CQVH/qx3NoFrKfAaLKGsV++jnf894b23Y/fgu84Myt+Kn8uOrO6jbBwiWLkgn ++0uzmO57bi/6F7aMQwSxcMcAY3DhCoeXkeYq0QRZZd2raPbA5r278wPXWg/U5bHen ++GYX1COWlRehWqXkqR9ZJYY1hTT0/WSAK2ZLCGTK5tDYP/iiHbpeWlZhwgx9Jkfmg ++L+N5XoAW6oJna3tozS+xVM5pxTaTNO24vnQw+XQxkiCFwtf81chd/oXhjWpLg/K1 ++vF0AWGomN9yS5dtKtlWZ0H/3KeEGkKf9iRp8j1bVNF6mBhb8Xl+nKLWiqE/uezx6 ++OYBFJuj6WpCgbmaRUbmKpX7P++JuOosg0n+BzzJYAIKP4+/FLL35qSpLW+DuWZaX ++bvgS/OgjJUL8AQj8Nwk7ViRyhBRwSAvwpdcwvlAH1VfTHfpQ8a0jjN1Nzf8Tr9Ij ++o8NQnsa+5y6Pmf6l40j4C8HPsMB7SX8ptFig8lnBRPtzEWj54/WtXJwGRG10XW4r ++dQU5hR9Tufc+WFuRfwdLgrhPTnKGyVG9zOkTd9Cl4j58tEsju+m4HNkUN5goouvd ++xHSe/dmA6cQAWf6/nhJ/uSM3aJPSUOtZwPZO7/NzsMgkwZTLXbehm+9xWMkPRt1Q ++T7V5MgfxnxhVoIeoPAEYBo8t0P2GXVMNZdZkJPoViWGOei4iPE3rj6NBynIIoEZN ++DEJ0OQOUe6Naq5AaG/a6wPa9+ITzKY8VR5KMf3XgcKLBlntyyxTgnHY7j5VrhxU3 +++mUrnwg8LIN9Sx4oWDks/SEB7KN3KGjSgczn1k3GIJRF8BhYin5Cuw/+aD16w5gS ++HxUhIgwH2BbM5X8eopbp/csAmQENBFWABsQBCADTFfb9EHGGiDel/iFzU0ag1Ruo ++HfL/09z1y7iQlLynOAQTRRNwCWezmqpDp6zDFOf1Ldp0EdEQtUXva5g2lm3o56o+ ++mnXrEQr11uZIcsfGIck7yV/y/17I7ApgXMPg/mcjifOTM9C7+Ptghf3jUhj4ErYM ++FQLelBGEZZifnnAoHLOEAH70DENCI08PfYRRG6lZDB09nPW7vVG8RbRUWjQyxQUW ++wXuq4gQohSFDqF4NE8zDHE/DgPJ/yFy+wFr2ab90DsE7vOYb42y95keKtTBp98/Y ++7/2xbzi8EYrXC+291dwZELMHnYLF5sO/fDcrDdwrde2cbZ+wtpJwtSYPNvVxABEB ++AAG0HkplcmVteSBIYXJyaXMgPGpnaEByZWRoYXQuY29tPokBOAQTAQIAIgUCVYAW ++BgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQvOWMjOQfMt/0Bwf6Ah3U ++WuUL1L2wChjHXktv0j8oQmL8CD1AUYkg+4NRTkZTm5ngZlNk4ZSJB7sonaEmzs30 ++fw9zex8LMtCMnEHQYtFNb6r1M2QfMS8ZUdeaUNmlGHu8UnHqr+aTkQbQsvhs/UaL ++knWlOWqdsM29Z311yGA3BdlGxw/2wej+AtRSazT4dEISP8K8xfnoQmhIVUZ33aMV ++DF70iinmAfWfqUKhgRctrVMLgXxKtYiOeTGXDtm2dnvXTHOO3u0N2skwc6YwOxLj ++1XXwWL6KQJx77/2SqVHDJVeEkMEb9Wr/e/l1PggU+fYxLZ5/HWbGatNmoRFoYNuC ++GlpBL9XOuQK98PcIyrQmSmVyZW15IEhhcnJpcyAobm9uZSkgPGpnaEB3aXptYWls ++Lm9yZz6JATsEEwECACUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJVgBgE ++AhkBAAoJELzljIzkHzLfiIUH/3CjMhhGiA11jVp6MUWLFvr77LhvWuLKMy9YRQt4 ++TMOVDSUxPpnc/FeFkgsPjLho/srPHSjNdrmporLjUQA8pCg+KmdEAfThDK0lsgRG ++/PxOi38t4JUpRzQb0NXE48EPTdzNOCqDPgSNXaq+csX6tNTRgF6+s0KW4qiwZJ37 ++dG8tZW7SEGGf2kQsp9ck1JBdlv5OkcOFINn+AKuCUEQ6EDphZsNv/iDP7lMUp2T4 ++H76IBBlIe/vMhJpuM34E9iAjjsD4xTgnJyhdoBScxzSXltrp8Y1oivOu4ThoBmuU ++/mj7uaVT0ybRAmp2pjFg8CKmUkatm/5hcfV+nm54QreX40a5AQ0EVYAGxAEIAOmE ++sdopOhG5H8TtMd6sGIKMNq3AJoRM4o5NjbNEFClpDfan8XZcgYtLwJzbv6CtlIpD ++plfRk3js74AXIUcXwMf3QhdkWklHdFvzOBdPyOctfTwMzfV4QJkedHMWEaU6arpY ++BSWoHcYoI9QJjZzh5NFfKhcu15PGtcJiiPjnL9ia+VmuWicE2M8EDIeI78s3P5Xt ++9m02w3s39caucttx018135IPUQ2ZssnxG/LKbGC5PIH+Rr0l2MccihAQnovXroHe ++GF8Iem3yILQY9mS2L0gyXQ2gnTb2MmbcmrWoRx4QGfkflAwafoWrriJfBOw7VMw1 ++TClbHymO9XvBUjGMjxkAEQEAAYkBHwQYAQIACQUCVYAGxAIbDAAKCRC85YyM5B8y ++303oB/wJLYJOsxAV2GQYS0FeYviJ8PxQcWQFEEaYzxkvZ9ZQFNldPyat1Ew4rq1w +++cpZoK9a8qvSSe33vSP8PICAWYfyGA6LfJy2KAV5xUOOOKUB4IkyrfyzW1gpiIsN ++sF0da12QD24dnCreV93dDFwQQ7dBqZAX507uHyAA5eUb6mjzseb4TTDPizAgHz5L ++fsnOvH267QtIUN8kJMr5MgoZrlSfwvE/HKr1aec0OHvbMrsGJGJ2T+zjQpw2h3zc ++0zgef+xsZ/ItryxLQXcwTRL6hxIw6K79kcc6LCktg1vBMnuy1nEayuC5Z5P0/5qb ++FsD9iUr3kt52y3C835Zwdnt374CumQGiBDzS0/URBACREmlUnPeSzfnC0m2oQV4e ++SzgYjskiLfwZ++Ql3zErPw0AphH7m95dZwAscTm3CQRHDDd/RYxkJMAYA+jmw8cV ++X1rXtQ2URRmzy2/I+qBU1NCPrqBjKRqrav9uhLCLGvEwdqWg2dqn8TMwNdlETbH+ ++R0QQ/1lK8XtW0NiHC8I+NwCgj/8Av8ifdpVSnFp1QesTAVwdTbMD/icRYOZ5I94D ++SRk5GGnmD+lyhfj+ejYbuVEgg2igV9HuXJMnBKTnuwriuskTreeNQBvBCTltHrRe ++1LujAtlsbixooTgUU5jkzY+J/PeNfLd1J9uoqTGQ7GjT4SMfKuetSRBhcRZYvm9F ++M+54vsumKcXGK+qBfPVBHo1bk8goJxgBA/9tnrAoLIUPvs4d4ce9h5BGA2yG9Syn ++z3w1l8Zr+4coomUjbJFV86ZWKPM6nyb2RhDb20ESkZnCoDxZY+p5t9c3aiQJKQQV ++8Gj0tj3c7/OKoyMePgabH9752Q6upiZ5Ml3mfse/Kja4THRoPEjkQzAn77jxfves ++KiEh+fu6gsJ3cLQZVG9ueSBGaW5jaCA8ZG90QGRvdGF0LmF0PohiBBMRAgAaBQsH ++CgMEAxUDAgMWAgECF4ACGQEFAjzS3ywAEgkQ/8DxTITHG24HZUdQRwABASeAAJ99 ++oc3W8UA0Peqdc5cX4Lbis7hI5QCgg7U7yZqSbW1bRDP8kufk/86S5g+0GlRvbnkg ++RmluY2ggPGZhbmZAZXhpbS5vcmc+iGAEExECACAFAkRka8wCGwMGCwkIBwMCBBUC ++CAMEFgIDAQIeAQIXgAAKCRD/wPFMhMcbblBiAJ9ggPC4h2/eyMlfUlypfFzLqQki ++LwCfd83Ub3FN2C01OLRovTWsmXWBaWC0HFRvbnkgRmluY2ggPGZhbmYyQGNhbS5h ++Yy51az6IZAQTEQIAHAUCPRc64wIbAwQLBwMCAxUCAwMWAgECHgECF4AAEgkQ/8Dx ++TITHG24HZUdQRwABAbmqAJ48Zhf7b9JQWWEiVO0m35yrUG4/7gCfc5OE/gBTg9P/ ++1C/5UFC6wzPXtdy0HFRvbnkgRmluY2ggPGZhbmZAYXBhY2hlLm9yZz6IXwQTEQIA ++FwUCPNLYtgULBwoDBAMVAwIDFgIBAheAABIJEP/A8UyExxtuB2VHUEcAAQHATwCf ++QaJHzDZcMzhOrYjhobphXayiTboAnifEwKJ1DDVZxPxxWvxNoTvaPwm2tB1Ub255 ++IEZpbmNoIDxmYW5mQEZyZWVCU0Qub3JnPohfBBMRAgAXBQI80tiTBQsHCgMEAxUD ++AgMWAgECF4AAEgkQ/8DxTITHG24HZUdQRwABAfCfAJ4santm5g2yaXD29CKE/OJ5 ++4Sd5LwCfbDiwEI1mLyu0nScjBddGF9AiHx65Ag0EPNLUFRAIAJtkhGBrUaEVP2fO ++4wQpmujYfPc7+GT+Q0naKCXrMQ1vDK5ppsghiSr9TdVB3kdkev2oGxgsCfy2uPC/ ++JuewQByYBmtKJuU6GDaRVXgMhpVwhcRraaDeYZm0GIDQEX3fWSlL07xxbzSZnewl ++SqUEAznHjLGN1pq9mvPBczq2hrAsd9TPHo/IB9JsVmHV9GYasHUSbVWx1S6ntU2k ++V2TyKpBS4luF1Z7y6yIWS9pwiZjTlWdUGSfUkkTu6sM59dBAxv9S5Q8TY44TUQfh ++HQhcLTz84UurU96i6cb99ZmN5uq6IP6NPIumhOJAqPvHSqly+Ez/oSzSyUoyZ0Sa ++j35E1C8AAwUH/0tkQh1bn/BhIyBO4S9z5wQfI+ZpR7npeKZ1aYQUjFzbULb27Y20 ++HRujvXljFPoWB1oJO+oXULkCaNWI+72TYXzKRDqYWMaubwrYe5dHJ4hEDpmpqeG7 ++W425rItDfhz2wKORc9vk+eHMHGZZhKamurmeH7hrVpe33BRfts5yvYWofYonWGF+ ++KydBcrMp3AMbKGQMSOwcBiSpIJVn0HYJFIOWmthtKIMqfVmLWS2sqFKITbBKHBem ++P+97FVAc82dXxj6irB7/jBjdPX5/5B8HHOXWeEvuHSjZ+6efXFrTVbeh2u1alB0a ++X5kz4cb8Fl9Oziqc2Lx5HLgfkKiWgDAu4YOITgQYEQIABgUCPNLUFQASCRD/wPFM ++hMcbbgdlR1BHAAEBh+4AniTeOAdNc4fOd+lc1EMiNmo8+MkQAJ9cCqXvdHcqeQ6p ++c1DsXNhc4g8rvpkCDQROjXEBARAAzeS7Rq/35b643de5gjparUQdurY+huIwHOVV ++EWG3o0Bm22Mz+S/nwi3w6NNTGCyOo335JX6XA0R4dq/wArwPjQU01az/l1/PrPPm ++OPSnv9/a7eDVFgv7fVGiJFftID9wz2EANhrHjhsGhfFe79wV6ula8KMldipQ+LwG ++FGoSedlcbGRvvyIa72Z9jI5gMm9X482WK/+xl+evAinUWOVWlRaiyl3Qu2c0WTm4 ++M0fN82mt3KAu5d3BUbZhkZrbQ4FCfEdzqqdl/aHvnspc6Zp3RGZMxj2YiPdFZmXI ++b7dV1Cf1UaUcD8Zib68/jSVlZLcw1NZKGrsjposgdnDuvkXEjGqECF/k6cqiWfeq ++3eirBwsk6HRd/d8bO99FduKUSV0m6iacgTUzo3dk/OejCPQiENEkb01CRrKeMfNo ++/t6yb0ihkwpT8BTiZCdCmkMjzCGrnT9D3bKlC0qB14gZN5Pso+rYPQmvOE67Eqy8 ++dX7zOLAGaaqOaS64g25e44urVGaL6ltOjEU+6xQjIyVtAZPIz6dq/+QEnY799y48 ++b6/vcHmByef6zSfTFFcN615sg21Ie/rgJv9ntuM9usROi7MSQfCc3UakUjKl3X/C ++bIrkC1qSmQcGKISw/hCivm36ar0wBx9/Vyz8/h8dT8oN/p5HECSB7GToh+bp3kMn +++aCHdDEAEQEAAbQgRGF2aWQgV29vZGhvdXNlIDxkd213MkBleGltLm9yZz6JAjgE ++EwECACICGwMCHgECF4AFAk7PxLgGCwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2LNpn ++4vNZhm4QALEBYT7YFCeywswA3PH88h951uia3Cc5Gn4XBKbQxQQ4QRWHkrRhmINR ++qc7SMBUfxUtYnT+T2/Ei07OtRzKX1AjKN74mF+p7s8i7JCM2t7Kc+/xSIZIhpwgb ++f4OOjtUQ3RJoYjlL+ke8YomX6geMZV/IXN2nqj4a8CYkmzXCi2dg7uWf8v/p/hyk ++/DLYlD+HwxpRG6ANUkQ6zxTxgnzwihrnhaNsu2PAnWJo9G/Tfk8o5JuTRBn5qGr7 ++SyQ0PUG5s8D2IPgMaABHhpoT9mYvVOundroC2RyusS9xzrTJC+BEvLZ+J3idAvT7 ++/TfjJuOrPpkr2BUIZYr4MF+acG0QQUstsJdp7V27iINNN0jmlybbCl7RiIO8nCSf ++VRssgKbfJMnThvMGjYSSFPUz25gIgH95t8a/2rGR5nnBJQYbd+1Toj0vqc4PIuSA ++Lk8bF/fr0s1DwKUJGgbiUYA4moIY165he7/RVGVwm5qM49YgSaJWwintDCGox7kD ++JMBfOz1n0FVi5LLGCHmWosLt/CRpb+F+r0ix2g4d5kIU/JedT1kU8dOugLVb5bLu ++isK28h5J06k48VfTkzkSjOb8Nn4w7q78RUZ2zx8Ny5Y5+BFEKtmu7Bs9Pzs6698D ++HSaeZzqIuSTgn8ddu8iBjHZF/sw7wrZO1z2cKj6FW6bMen/bX+HbtCJEYXZpZCBX ++b29kaG91c2UgPGRhdmlkQHdvb2Rob3Uuc2U+iQI4BBMBAgAiAhsDAh4BAheABQJO ++z8S4BgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdizaZ+LzWbR7D/4hKUfh04TLD2ZF ++sIWxrgEE/661lHaYZNi/rJAkhX73+bpPP5aVuWiqvFkYbcIvA4+PzSi8KXuKiLSb ++xtUDgqBKPWI9Zh2cOj2Ykl/+Qqp+TAPnjTde5+lc++MUm7K0QU2CJQZwvRwnLtwM ++vqsj7dlF37N46oSOqcPb6JRsDmJmoJUn1ylZhjys0qAw9A+3VVxXIIacsf7Oxr+5 ++VDMTJmyclfGwbsAAEyYYEgopQ2R8Z+bEOVTdDYSC051oO0KUHidbRGU8/un7yM8R ++FtZSoPp88O4wdWyr9xbahSr4LYImoNUGpJLQQKf+EtMI4pKITDs5Nkl8S6q/Gkh8 ++nhqleuVQ/jT35Uk0T1qzhX+8EaUAs4Bp/kUJ50K+V6C4wBMECoMDHXyvmgkKCkb1 ++8g7tMgv1ea3gZXcOU7MUvhgSzcndLKZi+taGTgmO+bNNdOnA1MAxMJpoU45cWpVy ++Pp5nUg1E5/joQGW9VDJFLkoIArO50e2Ccx+beDPtD20zBO4Yga+hfrztlAP9aGUA ++r5Zxu49MpeClqTyTnCoFyAMbAJXSjaBEcnpIWghaUZinyvnneB8JpK4I4zjwBgwa ++N2+D6K0MTDJjyYw/bkRa4U6vv8L91NTH6avCpMJMdo9SeokLVuPGXxAH85JfzeK/ ++q1bnjrGBca/HJSksT+3wtj7XCAKIKLQiRGF2aWQgV29vZGhvdXNlIDxkd213MkBr ++ZXJuZWwub3JnPokCOAQTAQIAIgIbAwIeAQIXgAUCTs/EuAYLCQgHAwIGFQgCCQoL ++BBYCAwEACgkQY3Ys2mfi81lOqg/9Ev3xFwdEWPZdknj63f4DruELPC7GYb5aY4mA ++NzmsLkl5qlbr6+JtTZOyvM5wmR/0zD6me3e7YvMWC3bQJplMExcRJVlTBrk9hdie ++P/0CGaY5iXFLLqSVbKyNNQ3BoES6vJBX4OAgnD5J5NmCy7pnplHF7hRiasK0YyCG ++2QcDtMdgq2AKkqRjaQ3r0kBblbNQbU1KMhVfww890wYIJ/1H51ep3IkCw9L1i/0C ++8Z9mBQbUBGW8k6Vd4wtvnPYs6LNBXHuDX9qZumClEALfdIx/WIQZZ5OIhB94FSC2 ++06gP4pgMFJb+dgOrQU6Q46y8rRsArEJRkQBS0m1Nd5hTxYi+O5V2igbi2vvMw3ij ++emA+nEURCJku7/qb7vXhtfUYCK+9XUUIHkW6IadW5hRqt0+O24tnOsoj5yZWdbbS ++2tpH44F/lFO5VRhKkKVy+j9D5+WXsR2NLnujMpqLVezIZY+5H8QsNp9+nPXKaLy6 ++kfg86Ou4C0gdOXY3M9h+j6METzPOehhPcU4Oep6uwdogFEP85cQH/YubpX/xrTmV ++VcXJPfYsDoR/SEvCN0ZW6HBRbXs5fJrCZeFwvAG+ytXJ6CY56vp9n9fHp1n1+WuE ++f8eMBJvWn9IaZYa4fUKNPp2FGj5eCRS95onmKngom8YL4nzEN2qRQ8edF1Sz9H78 ++Osshh5+0JURhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAaW5mcmFkZWFkLm9yZz6JAjsE ++EwECACUCGwMCHgECF4ACGQEFAk7PxK8GCwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2 ++LNpn4vNZjlAP/0QmueyzFVNlUC3855fh5yDLpnucSwCrrxBZzudRu6bMbd3eTNaf ++2WLnIstHqQS+PWDnDq3tf2k4btROqkJizSPDvajME+slM0mTyuTTT9HbhE5VfgGN ++vW0FR0sS4id72VLsycjaho1NP2/JNXTs4tz9qisq/eHIjp2vJbjcgNUBdAGoUvsf ++6I/O3SZJM6j64LBjUbmm6yZZSUtQCTzcB96cEkKCPoXRatzFj0xHEGmCCEFWrTuH ++KczbC6VTgQfGOK3N9UeaSplrR1mEBij+M51T4rXqQvb52ko/L/UoAPNuk0TiRQs6 ++YvQTy16cQEszkJvxBZUTS3ifSmEVfaWt8f9sbVfeWPm5USIG/HwsiNNy977wbbao ++BO25C+3rC4W7rFKqzYsRXnKKBWiTVtDs7gvQBdGqWRwJMj1crTDFgI09Gn+N/Xth ++IcC/STvJdDgaomxuv9oUqM9QMm1x8jVD+4nnEYPWpV4mtxjoA+gIW+Vv1PGJS+39 +++dlA2TEtDzJfGPE3YF0jjy8ycqw+y9ar6+nnspyrLafCUybXCafQ121+F+zIVfR6 ++KKr+Xy5bdHUVuRWeP+EfWnaYuevRoMsY+29eURO6hh1S1ZYukpANJP7Nu2onAPOO ++P2e8X8TF23ZcYcON0/sneMnnCuWLQ/Z91ZjTDu8BjbCYPWqgUuD6f8Q2uQINBE6N ++cQEBEADahf5YXCjYAsBznLgpRFL47H0ThjvxJ7LX/bCPTo81X8T3u+kd82AFr6qN ++yc/da3mVBJ0HUMqOSGXTnT6ncvlxe56HaHX09ZWc9yONa+LLhWMvHh8cfS9Z6fH5 ++I1WP0DrtLRofO99K+gGE8GflaETIoqGVCcKbHwcmBmyfJM7OcYbBNq1vMj7vsF6I ++VyYGsGCmLoAwjuZX3gO/mZSwiJGY4XHQQx4wiRLmhxl/HvcCiqNOZy3FaD8s+KBZ ++hXoOeAtj5g0vQleRcoLp6fWEXBz/eSaAC3y2P9egj7CWjsQ/8ky4dEq+96VD+Xr9 ++GE0cKVFfAPDSCbC2cHBfFbLBDXlnizLgqBWEjJJ1jPAcG5pcdk4YlL0Nh73Zkp9E ++uB9nLs5bLsWsmcNBCsHXkgq/GuDKzkWzmVhgQ6YpdIM0PJ+ycmys5mErZjkU942R ++JID9xpO2tIsBoWQT5w0nvAOejjjoSFMVGIWKRwMpNyXo/MQ8IovahZwn1B/1CQgb ++aTP5unmAgyYgQ5bKvf7QVoFB30tu2SX9c8Inx2ma0tpI82GZXmEA4Crgok1q3LQR ++NO7TVEmE4I5c37HkWW7z9oyO59KZLI6jCQKcIZnTuNu3viKf1GC2fy26QgdnTZFI ++5VOlfRYbVzu/V7MrAG56i3lZjEJ7uXhBPNugxMXtxoegvbXj8wARAQABiQIfBBgB ++AgAJBQJOjXEBAhsMAAoJEGN2LNpn4vNZDq0QAMeOdXlaM4pLO6spFxElkUK7YwSD ++j2oaI3DKDfsMt5Y1cM1pn6DPJWFE0+I3HG7KuNj1ldcxDQJ75LQclgS0SJUkn3kM ++AFkZRcpB2rbXYpUoN/9dZyiPFj689EgqooiQVVv0mbyrnDMJIlQ3oj0DUGUfAY3K ++XBVSameDnIadMKsPauwWIuqaT6BookoVYajEG7meUs4fCIG8Kwi+Yz98dFScQbkv ++YSUGC34i9g+35KnQ6ZyY2n7hYQHRizfkuYOPk9iF8YLMaefw+SDGu62EH+eS5Ip5 ++crNwNAzjdETHRs3fNVzWxHt4+8KYI+nRBBwSeQes+gx5IYPaBJ9u16Bb6ygK84GA ++pgxdYBT6d9O8GST5VSFFVa6bZDW2Gr7MUAW6O4jFLrflZx6qqef86AG/2y36pZgr ++pfTg4CJszLSncTxuLQS6fKxSuaoB+H4Xn3U0nWDkpmG8tHCEWZkPktBcDebp3K+i ++BGH/00oy24sTQPzj/m3z4STzBmMFyIo7/9Md1H0PahgTYbVDquDP2+uEIh0Bh4sx ++bw5VudBxre4VpVxMLfun2alD019JN1nTsCLsvknb6A2zyEb/bK/YArPkgC0eK/uG ++x+tSCVNJzJwdmtyx6lISsuRWgamakejZAQJ1RsYey4uxchVoIBosEr96HGAXC6QG ++qUGpmp4gd45ZOhyRmQINBEvFfPcBEADU5bFOcbVCBDsTGq3D+8AnA933S4iYvxPw ++Z2eRaT415jXQs91wNTpVwgY3xRzkjThXyt6FV7Cd+BdS4YvGHMvqKZCOgVnrzpxe ++Oqy7GsC10yfU+dA7GvZiY8hm4tw/bdkjTsQQeWePgWoCgmqpadKAn4iGh0u3fBZC ++7p4Z8Jsf02yqUFIy48OxKf/aeV8W5sTRr1m3HDmbjtUw/UbUW761GIgR11BxcPIa ++MaN7WAwKHNpIUqjIZyZ6z6tGGQ3fRwTAJwi1SROEU74DgRtRHn+pu2kp0pOsD3wz ++8yT95gL92CC2hkitTZB4+3uglmMvuQ9nwQjadPt8as3fB2mfGK7c9tLXMIq8bmDZ ++w+mWU/XRbU4vrCdQVyWH6LUI28/Wnj6LUEC6hZOnmiLSll3bapo0eca3LV9NVp0G ++aNy8QX7Op2KwE3mWkN4F7c2ZyGQ8MaL6qLlmE63Qe4QFy5wJ4H16NCvXHqGxm60b ++nJy51NmQJGd7YQeDa5AFbgFJ8V4Bg+f1LfIeh9rpHKiuZRPZDs8yxs0kFOQOjZ4u ++5HNn2AyuYvibT1CXj0X8OHzXpQ3SylBy+LE4xEnt6JPkQjXahwEwTotUxTJbu0fK ++9UvBB4mqzITs270HSowzEofhc/5YJSxlxQ8a3dPBBRjzUeTfNN6gBrEV/7YalfDm ++xHKEyFHepwARAQABtDtHcmFlbWUgRm93bGVyIChLZXkgY3JlYXRlZCAyMDEwLTA0 ++LTE0KSA8Z3JhZW1lQGdyYWVtZWYubmV0PokCPAQTAQIAJgIbAwYLCQgHAwIEFQII ++AwQWAgMBAh4BAheABQJWrk32BQkSbZ7/AAoJEK1e27eT7FfklXUP/2XzrCgNOhRr ++DkonKQddWqzgz9DXPttmA9mNeXAM0gBDcnNUhFXiL5yjRyCmtmrjdiv2GE3yE5Xg ++arCoyb8tTve1Ps9ouzkbHQomDOdoTv8maL+p7MovSXr0jcJow9rVIdSP03BdFExZ ++u+H7nXrKoSKcBFIMdDVznMOGBO49Z4dXFeDQgZ8xafDpB0KqCHKMf5PNQ7iQ77uv ++3lIVFvX4svnPP5t0FEmFmwZ0YaKbRoa/I4fy0jHCpfCtEEtmrUuKIuQt8uzpYpo/ ++BnH/yqXp/ajJ7x/P4n4IbLV+HSkX8Pxfh6ABeilHKvwmmNKYrNl2vCnYzUyWOyDF ++SEySxHAEN6hLdrExZNXDaLh73QKN/y8bl4sh3Ehml/DBhbktGteUBHt5M09OHvu+ ++AYLpYx0iZUGzUd6hxkWlkJ2kPeToMcKfRLNGT+237VAvbGaNrXwFZXELwaptL22X ++uu2Tfn403/aD9ssk4L2v7GwJPeTQ1U9xH0742eWJf7OX7UMUoCG2HJf7Sg2nRtIg ++hK531cE1cv3i35EOHeVWClTeX2kc/9hwgzXAMWKrEe/3OMGPHQNNRsnPCsJHjhUY ++PRvS1pa6k1nuid8IZEeWskDT2PmSNWJQay9oA2ojcFua+UC/29upvBqO0O+/CtLH ++YvinLANDShtEZJ42rwbYEorT6OO8YIwbuQINBEvFfPcBEACtCHNuOn+pZjBOWmW0 ++rqCnN9Oywq0h0Twk/UsqkhAijImgXrZLMoeylGA+UIsnuNl6e+x76Ke2z6H0Jytw ++IZEi9EqqZa3UhpN7JQ0ddNzkzE8tvYdicPdcXkZ99KBcHoPd25/N3fNJWJmbBv/b ++CQMW2J/zRo5QPokOjEl770xNS9wcXmA3ptTKbyzfQ4Wh8LALrJ3F9vZw8GsZFAmF ++NeMLCJ4Qhxk3MjCoQdzzRSTYEu4c7eYbE+biU/ZUgBMJH4Ed4urhOO81d9dDvf2C ++CdcJdftAYy/ACtTeq8tc3YzG+E4J+uplxxyD+IFP8U8Q5TyWdb5AU/rAWa1UdpwZ ++IQiaJfy4E1x+ac9BHAD1BZaCMv0fTcPxYm8m67GYUfFqRaI5Yd9sPvuzF8IDs2bo ++Nl5L60ce8ROOBtwRGp9daOHmhIlRKGoG7FPc1dTGjrVd5lWgzet+CHnWZ+HKYsNg ++W7cDo52Dwa8BjenK9OUxvzTNzwmz97cCioufv+ysUS9DY9tl7P0eHR1tehTM7HSA ++n/lCEU90j5/f/ozwBR8cDF8lLSMXlKybudjHteLFA/2/HbzWIEWVLpckmu3Xxpw9 ++EF9xoiQmbJTmkWEIBBSLAALYtuygBbiGUdwPBeJQQUYliNpdgrwKXp9OIB8NFK99 ++DvG7xB61569hUaekwnmB5uEU0wARAQABiQIlBBgBAgAPBQJLxXz3AhsMBQkSzAMA ++AAoJEK1e27eT7Ffkop4P/R97j+X8zfPt9gsABnU5zHtGS6jQ9Ahax+q0Dx0Vm7Wv ++qH8DC7RsSGp51YflfS4S3xNVGtQTUSV+z7H4cFUSD8f22RnubLUKOplVup6m3Dqz ++/Nosht8sU5Yo2mFmRNMFGo/gJF6vtqX15rPpPh0gHsEi3Toa7qzegnIVfuU14ZND ++tRnn5OmuJfFP9xO1PxIwqi+GaY06zkKbcmSw12xOwOCEt8kv4FGCx1FiSrFdHK4G ++fszvtzOG6VPbAROnERG2AbGQPXO0+m3bfYxSv8rxepSjo4f/1sXbVAX5AgH8wtcs ++iZLq7D+UrTdRe27dB/PmN+L4xz9UEmU//1rLzxOBfyWLfITF+65e4QZkrxIwVI2M ++4AVB9pAb+fSMmWMb4IU1tuSkeJT3k/bKeWdGVbXrDiSgd6XChBeui+Td/KR0Hbl+ ++i3jeDm/6tYeCob4XQ4nhJ3dI9gI1S4YXJgGizhZmiWqipA41b12rQAB6ieU6aE/N ++OX7rwcNGaCwbyCgDOQfR7fiqxVF2xA8som/asBwAUWFZIMEhfijsn7fpK/7uGoN9 ++2Eqfxvcwr7Rkp+bhCS6Wg0q+bgBn/02MB+9Uk9Yi9O7/DI8CqpwsiMzZ72ZMm4pT ++Lp8WFmqbxePWSxr4JA6XmApmC7sSlH75melFC6MCwaxpoRMbeH2mDhAfwbjXSPMO ++=XUWN ++-----END PGP PUBLIC KEY BLOCK----- diff --cc debian/watch index eac4c0a,0000000..e0d3fce mode 100644,000000..100644 --- a/debian/watch +++ b/debian/watch @@@ -1,3 -1,0 +1,3 @@@ +version=3 - opts=pgpsigurlmangle=s/$/.asc/ \ ++opts=pgpsigurlmangle=s/$/.asc/,uversionmangle=s/_/~/ \ +http://ftp.exim.org/pub/exim/exim4/exim-(\d.*)\.(?:tgz|tar\.(?:gz|bz2|xz))