hcoop/debian/exim4.git
13 days agorelease hcoop build of 4.92+deb10u3 master debian/4.92-8+deb10u3_hcoop1
Clinton Ebadi [Sun, 16 Feb 2020 04:26:09 +0000 (23:26 -0500)]
release hcoop build of 4.92+deb10u3

13 days agorefresh hcoop patch for exim 4.92
Clinton Ebadi [Sun, 16 Feb 2020 04:24:32 +0000 (23:24 -0500)]
refresh hcoop patch for exim 4.92

13 days agoMerge branch 'debian'
Clinton Ebadi [Sun, 16 Feb 2020 04:17:42 +0000 (23:17 -0500)]
Merge branch 'debian'

13 days agoImport Debian changes 4.92-8+deb10u3 debian debian/4.92-8+deb10u3
Andreas Metzler [Fri, 27 Sep 2019 16:09:35 +0000 (18:09 +0200)]
Import Debian changes 4.92-8+deb10u3

exim4 (4.92-8+deb10u3) buster-security; urgency=high

  * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch:
    Fix buffer overflow in string_vformat.

exim4 (4.92-8+deb10u2) buster-security; urgency=high

  * 78_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
    related buffer overflow. CVE-2019-15846

exim4 (4.92-8+deb10u1) buster-security; urgency=high

  * Fix remote command execution vulnerability related to
    "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006

exim4 (4.92-8) unstable; urgency=low

  * Pulled from exim-4.92+fixes branch:
    + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch
      Fix expansion of $tls_out_ocsp under hosts_request_ocsp.
    + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch
      When tls_verify_certificates was set to a directory instead of a file
      exim/GnuTLS would still send out the list of accepted certificates,
      This did not match documented behavior.
    + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch
      The dsn_from option was not used for DSN success messages.
  * Pulled from upstream GIT master:
    + 75_14-Fix-smtp-response-timeout.patch
      Fix the timeout on smtp response to apply to the whole response instead
      of resetting for every byte received.
    + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch
      https://bugs.exim.org/show_bug.cgi?id=2405
      ${eval } was broken on 32bit archs.

exim4 (4.92-7) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.92-6) experimental; urgency=medium

  * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for
    debugging sa-exim.
  * Set HAVE_LOCAL_SCAN=yes in EDITME.
  * Upload to experimental.

exim4 (4.92-5) unstable; urgency=medium

  * Improved spam-scanning example with accompaning information in
    README.Debian. Explicitly warn about adding the default SpamAssassin
    report in a header, which Closes: #774553
  * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple
    of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on
    the (working) version of the patch. Drop exim4-dev package. Add a NEWS
    entry for this change.

exim4 (4.92-4) unstable; urgency=medium

  * Another patch from exim-4.92+fixes branch:
    75_10-Harden-plaintext-authenticator.patch

exim4 (4.92-3) unstable; urgency=medium

  * Pull fixes from exim-4.92+fixes branch.
    + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch
    + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch
    + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
    + 75_08-Logging-fix-initial-listening-on-log-line.patch
    + 75_09-OpenSSL-Fix-aggregation-of-messages.patch

exim4 (4.92-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.92-1) experimental; urgency=medium

  * Point watchfile to release directory again.
  * New upstream stable release, identical to rc6 except for the version
    string.
  * Pull fixes from exim-4.92+fixes branch.
    + 75_01-Fix-json-extract-operator-for-unfound-case.patch
    + 75_02-Fix-transport-buffer-size-handling.patch
    + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch
    + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch
  * Upload to experimental while waiting for rc6 to migrate.

exim4 (4.92~RC6-1) unstable; urgency=low

  * New upstream snapshot rc6, includes
    40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch.

exim4 (4.92~RC5-2) unstable; urgency=high

  * In init script use start-stop-daemon directly instead of lsb-base's
    killproc which currently fails to pass on the executable name to s-s-d
    (921558). This broke with s-s-d 1.19.2 which (for security reasons)
    requires further filtering arguments in addition to --pidfile when the pid
    file is not owned by root. Closes: #921205

exim4 (4.92~RC5-1) unstable; urgency=medium

  * New upstream snapshot rc5.
  * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers
    was ignored.

exim4 (4.92~RC4-3) unstable; urgency=medium

  * Refresh debian/upstream/signing-key.asc from
    https://downloads.exim.org/Exim-Maintainers-Keyring.asc.
  * Drop outdated pointers to alioth package homepage from README.Debian.
  * Update exim4-config Breaks to enforce upgrade to daemon binary package
    with DANE support. Closes: #919902
  * [lintian] Minimize upstream/signing-key.asc.

exim4 (4.92~RC4-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.92~RC4-1) experimental; urgency=low

  * New upstream version.
    + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch.
    + Unfuzz patches.

exim4 (4.92~RC3-1) unstable; urgency=low

  * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from
    upstream GIT master, fixing outgoing TLS 1.3.
    https://bugs.exim.org/show_bug.cgi?id=2359
  * New upstream version.
  * Upload to unstable.

exim4 (4.92~RC2-1) experimental; urgency=low

  * New upstream version.
    + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch

exim4 (4.92~RC1-1) experimental; urgency=low

  * Update upstream/signing-key.asc from
    https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding
    96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing
    1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and
    FAA1C7F9CD077DC4304BC0C885AB833FDDC03262.
  * New upstream release candidate:
    + Point watchfile to test subdir.
    + Update watchfile to handle -RC1 in addition to _RC1.
    + Drop 75_fixes*.patch.
    + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch
    + Update configuration from upstream example, except for
      tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport:
      * Enable dns_dnssec_ok.
      * Set dnssec_request_domains = * on dnslookup and
        dnslookup_relay_to_domains routers.
      * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp
        transport unless REMOTE_SMTP_DISABLE_DANE is set.
      * Set multi_domain on remote_smtp_smarthost transport.
  * Post release updates:
    + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch

exim4 (4.91-9) unstable; urgency=low

  * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back
    autodeleted comments.
  * Update from exim-4_91+fixes branch:
    + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch
    + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch
    + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch
    + 75_fixes_29-Fix-AUTH_GSASL-build.patch
    + 75_fixes_30-Harden-string-list-handling.patch

exim4 (4.91-8) unstable; urgency=low

  [ Andreas Metzler ]
  * Update from exim-4_91+fixes branch:
    + 75_fixes_18-Restore-Darwin-OS-configuration.patch
    + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch
    + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch
    + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch
    + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch
    + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch

  [ Marc Haber ]
  * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper.

exim4 (4.91-7) unstable; urgency=low

  * Update from exim-4_91+fixes branch:
    + 75_fixes_16-Fix-non-EVENTS-build.patch
    + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch

exim4 (4.91-6) unstable; urgency=low

  * Update from exim-4_91+fixes branch:
    + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch
    + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch
    + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch
  * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck.
    (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS)

exim4 (4.91-5) unstable; urgency=medium

  * Update from exim-4_91+fixes branch:
    + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch
    + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch
    + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch

exim4 (4.91-4) unstable; urgency=medium

  * Update from exim-4_91+fixes branch:
    + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch
    + 75_fixes_07-tidying.patch
    + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch
    + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch
  * [lintian] Delete trailing empty lines in changelog.

exim4 (4.91-3) unstable; urgency=medium

  * Update from exim-4_91+fixes branch:
    + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch
    + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch
    + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch
    + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch
    + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch
    + Move 50_localscan_dlopen.dpatch to end of patch series and rename to
      90_... to preserve alphanumeric patch ordering.
  * Add log_message for local blacklists to improve log readability. (Patch by
    Dominic Hargreaves).

exim4 (4.91-2) unstable; urgency=low

  * Upload to unstable.

exim4 (4.91-1) experimental; urgency=medium

  * Point watchfile to release directory again and use downloads.exim.org
    host.
  * New upstream version.
  * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did
    not ship libgnutls-dane0.

exim4 (4.91~RC4-1) experimental; urgency=medium

  * New upstream version.

exim4 (4.91~RC3-1) experimental; urgency=medium

  * New upstream version.
  * Point vcs* to salsa.

exim4 (4.91~RC2-1) experimental; urgency=medium

  * New upstream version.
    Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch

exim4 (4.91~RC1-1) experimental; urgency=medium

  * Point watchfile to test subdirectory.
  * New upstream version:
    + Drop debian/patches/75_*.
    + Update example.conf.md5.
      Upstream now enables verify = header_syntax check in default config,
      mirror this change in Debian, introduce
      NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this.
  * Build with newly available (well, for GnuTLS) DANE support.
  * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from
    upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250.

exim4 (4.90.1-5) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_15-Pipe-transport-part-two.-Bug-2257.patch
    75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch
    75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch

exim4 (4.90.1-4) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch
    75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch
    75_13-Unbreak-DMARC.patch
    75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch

exim4 (4.90.1-3) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch
    75_08-Mark-variables-unused-before-release-of-store-in-the.patch
    75_09-Mark-variables-unused-before-release-of-store-in-the.patch
    75_10-Mark-variables-that-are-unused-before-release-of-sto.patch

exim4 (4.90.1-2) unstable; urgency=medium

  * Update from exim-4_90+fixes branch:
    75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch
    75_02-Fix-memory-leak-during-multi-message-reception-using.patch
    75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch
    75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch
    75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch
    75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch

exim4 (4.90.1-1) unstable; urgency=high

  * New upstream version, fixing CVE-2018-6789. Closes: #890000
    + Drop 75_*.patch.

exim4 (4.90-7) unstable; urgency=medium

  * Update from exim-4_90+fixes branch. (exim-4.90.0.27)
    + 75_21-DKIM-fix-buffer-overflow-in-verify.patch
    + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
    + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
  * Typo fixes in old patch descriptions. (Thanks, lintian!)

exim4 (4.90-6) unstable; urgency=medium

  * Update from exim-4_90+fixes branch.
    + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
    + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
      Closes: #887489
    + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
    + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch

exim4 (4.90-5) unstable; urgency=low

  * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
    exim-4_90+fixes branch.
  * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
  * [update-exim4.conf] stop converting variables set to an empty value in
    /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
    "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972

exim4 (4.90-4) unstable; urgency=low

  * Update from exim-4_90+fixes branch.
    75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
    75_14-Fix-D-string-expansion-to-not-use-millisec.patch
    75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch

exim4 (4.90-3) unstable; urgency=medium

  * Three more patches from exim-4_90+fixes branch:
    75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
    75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
    75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch

exim4 (4.90-2) unstable; urgency=medium

  * Update to exim-4_90+fixes branch:
    + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
    + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
    + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
    + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
    + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
    + 75_05-Fix-build-of-nisplus-lookup.patch
    + 75_06-Fix-const-issue-in-nisplus-lookup.patch
    + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
    + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch

exim4 (4.90-1) unstable; urgency=low

  * rc4 released as 4.90.
  * Point watchfile to release directory again.
  * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
    GIT master branch. Fix pgsql lookup for multiple result-tuples with a
    single column. Previously only the last row was returned.
    https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
  * Simplify debian/rules and make it usable with dh v10 compat. The
    fine-grained support for selecting the to be built packages (-custom with
    or without -base) was dropped. The build process is now controlled by
    attaching tasks to dh-override hooks instead of using file dependencies,
    makefile-style.  The latter broke with dh v10 due to upstream's
    build-system which always has the main targets out-of-date inter alia due
    to the compile-number feature.
  * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
    buildflags ATM.)
  * Use debhelper v10 compat.
  * Drop override_dh_strip-arch, we have had enough toolchain and
    source changes to prevent file conflicts.

exim4 (4.90~RC4-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.90~RC3-2) unstable; urgency=low

  * Upload to unstable.
  * Point homepage to https URL.

exim4 (4.90~RC3-1) experimental; urgency=medium

  * New upstream version.
    + Fix a use-after-free while reading smtp input for header lines.
      A crafted sequence of BDAT commands could result in in-use memory
      being freed.  CVE-2017-16943. Closes: #882648
    + Fix checking for leading-dot on a line during headers reading
      from SMTP input.  Previously it was always done; now only done for
      DATA and not BDAT commands.  CVE-2017-16944 Closes: #882671
  * Drop 78_Disable-chunking-BDAT-by-default.patch again.

exim4 (4.90~RC2-3) experimental; urgency=medium

  * As a workaround for the yet-unfixed security vulnerability resurrect (and
    adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
    4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
    https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html

exim4 (4.90~RC2-2) experimental; urgency=low

  * B-d on lynx, instead of lynx-cur | lynx.

exim4 (4.90~RC2-1) experimental; urgency=low

  * New upstream release candidate.
    + Unfuzz patches, drop 40_reproducible_build.diff and
      75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
    + Refresh debian/example.conf.md5, No changes to Debian's configuration
      needed, upstream added a (commented) entry to change OpenSSL ciphers.

exim4 (4.90~RC1-1) experimental; urgency=low

  * New upstream release candidate.
    + Point watchfile to test subdirectory.
    + Update 40_reproducible_build.diff
    + Drop 75_fixes*.patch and
      80_Repair-manualroute-transport-name-not-last-option.patch.
    + Unfuzz EDITME*.diff
    + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
      SOURCE_DATE_EPOCH is set.
  * Drop trailing whitespace in debian/README.source, debian/changelog and
    debian/rules. (Thanks, lintian)
  * Drop debian/README.source and outdated parts of debian/copyright.

exim4 (4.89-13) unstable; urgency=high

  * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
    from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944

exim4 (4.89-12) unstable; urgency=high

  * Sync with exim-4_89+fixes branch:
    + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
    + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
      Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
  * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.

exim4 (4.89-11) unstable; urgency=critical

  * B-d on lynx, instead of lynx-cur | lynx.

exim4 (4.89-10) unstable; urgency=critical

  * As a workaround for the yet-unfixed security vulnerability resurrect
    78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
    both incoming and outgoing BDAT/CHUNKING. #882648
    https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html

exim4 (4.89-9) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.89-8) experimental; urgency=low

  * Sync with exim-4_89+fixes branch:
    75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch
    75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch
  * Point watchfile to https site.

exim4 (4.89-7) unstable; urgency=low

  * In debian/rules' manually called update-mtaconflicts target use
    grep-aptavail instead of hard-coding /var/lib/apt/lists/.
    (Thanks, Julian Andres Klode) Closes: #874772
  * Update debian/mtalist.
  * Sync with exim-4_89+fixes branch:
    75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch
    75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch
    75_fixes_15-SOCKS-fix-unitialized-pointer.patch
    75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch.

exim4 (4.89-6) unstable; urgency=medium

  * Use "runuser --command ..." instead of "su - --command ..." in
    exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688
    (Thanks, Jakobus Schürz)
  * Sync priorities with override file: exim4{,-base,-config,-daemon-light}
    optional from standard, exim4-dev optional from extra.
  * In debian/rules when setting up the build-tree for -custom also copy
    EDITME.eximon to allow building based on EDITME.exim4-light with eximon
    building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813

exim4 (4.89-5) unstable; urgency=medium

  * Update to exim-4_89+fixes branch:
    75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch
    75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch
    (replaces 79_CVE-2017-1000369.patch)
    75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces
    81_Fix-log-line-corruption-for-DKIM-status.patch)
    75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch
    75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
    75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch
    75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
    75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch
    (CVE-2017-10140)
    75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch
    75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch
    75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch
  * Simplify debian/rules by including buildflags.mk unconditionally which was
    introduced in dpkg 1.16.1 released in October 2011.
  * Use pkg-info.mk to get package-version, upstream-version and
    SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not
    provided by pkg-info.mk.
  * [lintian] In *daemon.postinst use which certtool instead of
    [ -x /usr/bin/certtool ] to check for availablility of the command.

exim4 (4.89-4) unstable; urgency=low

  * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT
    master: Starting with 4.85 a transport name needed to specified after
    options in route_list. Closes: #865287
  * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master.
  * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by
    default.
  * Standards-Version: 4.0.0
    + Do not check for availability of invoke-rc.d, use it always and do not
      fall back to invoking the init-script directly.
    + Drop eximon menu file.
  * Migrate to automatic debug packages. Bump b-d on debhelper since
    --dbgsym-migration was introduced in debhelper 9.20160114.

exim4 (4.89-3) unstable; urgency=high

  * Re-upload to unstable.

13 days agoImport Upstream version 4.92 upstream upstream/4.92
Clinton Ebadi [Sun, 16 Feb 2020 04:06:36 +0000 (23:06 -0500)]
Import Upstream version 4.92

5 months agoMerge branch 'debian' stretch
Clinton Ebadi [Fri, 6 Sep 2019 18:23:36 +0000 (14:23 -0400)]
Merge branch 'debian'

5 months agoImport Debian changes 4.89-2+deb9u6 debian/4.89-2+deb9u6
Andreas Metzler [Tue, 3 Sep 2019 18:01:38 +0000 (20:01 +0200)]
Import Debian changes 4.89-2+deb9u6

exim4 (4.89-2+deb9u6) stretch-security; urgency=high

  * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
    related buffer overflow. CVE-2019-15846

5 months agoImport Debian changes 4.89-2+deb9u5 debian/4.89-2+deb9u5
Andreas Metzler [Sat, 20 Jul 2019 11:32:35 +0000 (13:32 +0200)]
Import Debian changes 4.89-2+deb9u5

exim4 (4.89-2+deb9u5) stretch-security; urgency=high

  * Fix remote command execution vulnerability related to
    "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006

8 months agoMerge branch 'debian' debian/4.89-2+deb9u4_hcoop10
Clinton Ebadi [Thu, 6 Jun 2019 23:36:26 +0000 (19:36 -0400)]
Merge branch 'debian'

New upstream security release

8 months agoImport Debian changes 4.89-2+deb9u4 debian/4.89-2+deb9u4
Salvatore Bonaccorso [Tue, 28 May 2019 20:13:55 +0000 (22:13 +0200)]
Import Debian changes 4.89-2+deb9u4

exim4 (4.89-2+deb9u4) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix remote command execution vulnerability (CVE-2019-10149)

exim4 (4.89-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)

exim4 (4.89-2+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Avoid release of store if there have been later allocations
    (CVE-2017-16943) (Closes: #882648)
  * Chunking: do not treat the first lonely dot special (CVE-2017-16944)
    (Closes: #882671)

exim4 (4.89-2+deb9u1) stretch-security; urgency=medium

  * CVE-2017-100369

exim4 (4.89-2) unstable; urgency=medium

  * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
    initscript (#844178). It breaks when the initscript does not start a
    daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
    Closes: #860317
  * When reporting bugs also attach /etc/default/exim4 by default.

exim4 (4.89-1) unstable; urgency=medium

  * Enable inbound (server-side) proxying for -heavy. Closes: #856712
  * New upstream release, source identical to RC7.

exim4 (4.89~RC7-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.89~RC6-1) unstable; urgency=medium

  * Document E4BCD_PANICLOG_LINES in README.Debian.
  * New upstream version.

exim4 (4.89~RC5-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.89~RC4-1) unstable; urgency=medium

  * New upstream version.
    + Drop 92_CVE-2016-1238.diff.
  * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile
    while we are changing the init script.

exim4 (4.89~RC3-1) unstable; urgency=medium

  * New upstream version.
    + Unfuzz 92_CVE-2016-1238.diff.
  * init file:
    + Source /etc/default/exim4 *before* defining the shell
      variables holding the pidfilenames. Overriding these via
      /etc/default/exim4 is not supported.
    + Add missing support for reload when QUEUERUNNER='queueonly'.
    + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way
      $PIDFILE is used for the main exim process for all available QUEUERUNNER
      choices.
    + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd
      interaction. systemd-sysv-generator uses this pseudoheader to set
      PIDFile in the generated service file and it also sets
      RemainAfterExit=no instead of yes if it is present. Thanks, Michael
      Biebl for suggestion and explanation. Closes: #844178

exim4 (4.89~RC2-1) unstable; urgency=medium

  * New upstream version.
    + Drop 75_add_bak_spec.txt.diff.

exim4 (4.89~RC1-1) unstable; urgency=low

  * Refresh debian/upstream/signing-key.asc.
  * New upstream bugfix release.
    + Drop superfluous patches.
      75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch
      75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
      75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
      75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
      75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
    + Unfuzz 31_eximmanpage.dpatch and
      78_Disable-chunking-BDAT-by-default.patch.
    + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc
      tarball.
    + Unfuzz debian/EDITME.exim4-*.
    + Update debian/example.conf.md5. - Upstream typo fix.

exim4 (4.88-5) unstable; urgency=medium

  * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main
    option chunking_advertise_hosts and smtp transport option
    hosts_try_chunking from "*" to empty.
    This is a Debian specific change, we are right before the freeze and BDAT
    needs a little time.

exim4 (4.88-4) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.88-3) experimental; urgency=medium

  * Pull multiple patches from upstream GIT:
   + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch,
     75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
   + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
   + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
   + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
     (Thanks, Bart Noordervliet for the pointer) Closes: #850175

exim4 (4.88-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.88-1) experimental; urgency=medium

  * New upstream version.
  * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to
    testing.
  * Drop 75_Fix-DKIM-information-leakage.patch.

exim4 (4.88~RC6-2) unstable; urgency=high

  * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA
    physical line limit check for both for SMTP DATA ACL and remote_smtp*
    transports. Closes: #828801
    Also update corresponding NEWS entry.
  * [lintian] debian/changelog: s/lenght/length/
  * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
    information leakage issue CVE-2016-9963.

exim4 (4.88~RC6-1) unstable; urgency=low

  * New upstream version.

exim4 (4.88~RC5-1) unstable; urgency=low

  * New upstream version.
    + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff.

exim4 (4.88~RC4-2) unstable; urgency=low

  * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream
    GIT to fix exim bug 1914 (exim doesn't close connection after quit.
  * Upload to unstable.

exim4 (4.88~RC4-1) experimental; urgency=low

  * New upstream version.

exim4 (4.88~RC3-1) experimental; urgency=medium

  * New upstream version.
    Drop 75_01-Fix-check-for-commandline-macro-definition.patch
    75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch.

exim4 (4.88~RC2-3) experimental; urgency=medium

  * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on
    every upgrade.
  * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix
    longstanding bug with aborted TLS server connection handling. Under
    GnuTLS, when a session startup failed (eg because the client
    disconnected) Exim did stdio operations after fclose.  This was exposed by
    a recent change which nulled out the file handle after the fclose.

exim4 (4.88~RC2-2) experimental; urgency=medium

  * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission
    problems on commandline mail submission. Closes: #840355

exim4 (4.88~RC2-1) experimental; urgency=low

  *  New upstream version.
    + Changed default Diffie-Hellman parameters to be Exim-specific, created
      by Phil Pennock. Added RFC7919 DH primes as an alternative.
      Closes: #839978
  * Set tls_dhparam = historic to use site-specific DH parameters.
  * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
    -daemon postinst.
  * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
    by running certtool or by installing
    /usr/share/exim4/gnutls-params-2048. Do not try to use
    openssl dhparam, it takes too long.

exim4 (4.88~RC1-1) experimental; urgency=low

  * Drop reference to removed (in 4.80-7) "what"-option in init script usage
    message. (Thanks, Calum Mackay!) Closes: #823855
  * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238]
    Closes: #832442
  * [lintian] update-exim4.conf.8 - fix typo.
  * [lintian] Drop unused override binaries-have-file-conflict.
  * B-d on default-libmysqlclient-dev.
  * New upstream version.
    + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch
      50_localscan_dlopen.dpatch
    + Drop superfluous patches.
      71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
      71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
      71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
      71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
    + Fix crash in VRFY handling when handed an unqualified name
      (lacking @domain).  Apply the same qualification processing as RCPT.
      Closes: #834699
    + Fix a possible security hole, wherein a process operating with the Exim
      UID can gain a root shell.  Credit to http://www.halfdog.net/ for
      discovery and writeup.  LP: #1580454
  * [lintian] exim4-config_files.5 - fix typo.

exim4 (4.87-3) unstable; urgency=medium

  * Pull multiple patches from upstream GIT:
    + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
      Improved message on overlong lines in example config.
    + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
      Fix race condition related to connection reuse.
      https://bugs.exim.org/show_bug.cgi?id=1810
    + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
      71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
      Avoid exposing passwords in log on failing ldap lookup
      expansion. https://bugs.exim.org/show_bug.cgi?id=165
  * Copy information message on rejecting overlong lines in data ACL from
    upstream example configuration. Closes: #823418
  * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1.
    Closes: 821830

exim4 (4.87-2) unstable; urgency=medium

  * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
    (Thanks, L. Guruprasad!) Closes: #821416
  * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS
    connections (hosts_require_tls option) in remote_smtp_smarthost
    transport. Closes: #822174
  * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
    is deprecated and will be removed in 4.88.
  * README.Debian*: Fix minor issues  found by lintian.
  * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
  * Drop exim4-base Recommends on perl-modules. This had been unnecessary
    since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl.

exim4 (4.87-1) unstable; urgency=medium

  * Fix comment in
    conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
    Jörg-Volker Peetz!) Closes: #819780
  * New upstream release.

exim4 (4.87~RC7-1) unstable; urgency=low

  * Enable SOCKS support in both -light and -heavy. Closes: #818091
  * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
  * New upstream version.
    + Drop 74_Store-the-initial-working-directory.diff,
      75_String-expansions-fix-extract.patch,
      76_only_warn_on_nonempty_environment.diff.
    + Update debian/example.conf.md5.

exim4 (4.87~RC6-3) unstable; urgency=medium

  * Merge changelog entries for 4.86.2-1 and -2.
  * Upload to unstable.
  * Add link to CVE details to latest NEWS entry and bump its version and date
    to match this upload. Closes: #818349, #817244

exim4 (4.87~RC6-2) experimental; urgency=medium

  * 74_Store-the-initial-working-directory.diff,
    76_only_warn_on_nonempty_environment.diff: Upstream followups on the
    CVE fix (Thanks, Heiko Schlittermann!):
    + Runtime warning is only generated if (and only if) keep_environment
      is unset and environment is nonempty.
    + Store the initial working directory and make it available in the new
      expansion variable $initial_cwd.
  * Merge all NEWS.Debian files into a single one, identical for all binary
    packages. - Different NEWS files built from a single source package is not
    and has not ever been supported by apt-listchanges which is the most
    important frontend.
  * Add a NEWS entry about the environment related runtime warning.

exim4 (4.87~RC6-1) experimental; urgency=medium

  * New upstream version.
  * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
    ${extract } string expansion for the numeric/3-string case. (Bug was
    introduced in 4.85.)
  * Set keep_environment to empty value instead of setting a minimal PATH in
    add_environment.

exim4 (4.87~RC5-2) experimental; urgency=medium

  * Update debian/upstream/signing-key.asc, using the keys listed in
    ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds
    Heiko Schlittermann's key.
  * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790

exim4 (4.87~RC5-1) experimental; urgency=medium

  * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
    to grep in it. Closes: #814998
  * New upstream version, includes the patch for CVE-2016-1531. (Local root
    exploit).
  * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
    options. If neither is used we use add_environment to set a minimal
    PATH=/bin:/usr/bin to avoid a runtime warning.

exim4 (4.87~RC3-2) experimental; urgency=medium

  * README.Debian: Refer to Exim specification by chapter name instead of
    chapter number. Closes: #813351
  * Fix some spelling errors found by lintian.
  * Minor debian/rules cleanup:
    + Restore originally intended behavior, upstream changelog is only
      shipped in exim4-base, symlinks to it elsewhere.
    + Drop workaround for #347577, fixed in debhelper 5.0.15.
    + Use "dh binary-arch" and "dh binary-indep" and a bunch of override
      targets instead of listing all dh-commands. While this is uglier and
      slows things down a bit it shortens debian/rules by 40 lines and has the
      huge benefit that we automatically use all suggested helpers in correct
      order.
    + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
    + Delete unused, commented code.
    + Drop (exported) variable MTACONFLICTS, used only once.
  * Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
  * Refresh debian/EDITME.*, -heavy was missing ldap and sql support.

exim4 (4.87~RC3-1) experimental; urgency=medium

  * Move Vcs-* from git/http to https.
  * [lintian] README.Debian: s/desireable/desirable/.
  * [lintian] README.Debian: Fix grammar error "allow + infinitive".
  * [lintian] exim4-config.postinst: Use which foo > /dev/null
    instead of [ -x /path/to/foo ].
  * Update list of patches in debian/README.Debian.xml
  * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
    with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
  * New upstream version.
    + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
      merge this change and drop CHECK_MAIL_HELO_ISSUED macro.

exim4 (4.87~RC2-1) experimental; urgency=medium

  * New upstream version.

exim4 (4.87~RC1-1) experimental; urgency=medium

  * New upstream version.
    + Refresh patches.
    + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
    + Sync with upstream default configuration: Check maximum (physical, i.e.
      before unfolding) line length in default spec file data ACL and smtp
      transport. Bug 1684 Closes: #797919
    + HS/02 Add the Exim version string to the process info.  This way exiwhat
      gives some more detail about the running daemon. Closes: #240883
  * Override upstream's new default of tls_advertise_hosts = * if
    MAIN_TLS_ENABLE is not set.

exim4 (4.86.2-2) unstable; urgency=high

  * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790

exim4 (4.86.2-1) unstable; urgency=high

  * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
    4.86+fixes branch.
  * New upstream security release for CVE-2016-1531.
    + New options keep_environment/add_environment which are empty by default,
      i.e. any subprocesses start in a clean (empty) environment.
    + -C requires an absolute path.
    + Exim changes it's working directory to / right after startup.
  * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
    options. If neither is used we use add_environment to set a minimal
    PATH=/bin:/usr/bin to avoid a runtime warning.

exim4 (4.86-7) unstable; urgency=medium

  * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
  * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
    exim-4_86+fixes branch fixes another MIME ACL related crash.
    https://bugs.exim.org/show_bug.cgi?id=1730

exim4 (4.86-6) unstable; urgency=medium

  * Cleanup (actual patch is identical): Use
    75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
    exim-4_86+fixes branch instad of
    76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
  * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
    DKIM: ignore space & tab embedded in base64 during decode.  Bug 1700

exim4 (4.86-5) unstable; urgency=high

  * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
    head to avoid misaligned access in cached lookup. Closes: #803255

exim4 (4.86-4) unstable; urgency=medium

  * Fix documentation of lowuid_aliases router, exceptions are in
    CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
    Closes: #799672
  * fcron has been removed from Debian in 2011, stop listing it as an
    alternative dependency of exim4-base (Thanks, Alexandre Detiste).
    Closes: #798236
  * Update to upstream exim-4_86+fixes branch:
    + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
      76_Fix-post-transport-crash.patch,
      77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
      78_Close-logs-after-daemon-process-exceptional-write.patch.
    + Add 75_0001-Fix-post-transport-crash.patch
      75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
      75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
      75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
      75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
      75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
  * Use dh v9.

exim4 (4.86-3) unstable; urgency=medium

  * Pull three patches from upstream git:
    + 75_Fix-ESMTP-MAIL-command-option-processing.patch:
      Corrects handling of mail-addresses with whitespace.
      <http://article.gmane.org/gmane.mail.exim.user/97069>
    + 76_Fix-post-transport-crash.patch
      77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
      <https://bugs.exim.org/show_bug.cgi?id=1671>
  * Fix spelling error in copyright file. (Thanks, lintian)
  * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
    upstream git, exim was keeping logfiles open after after a "too many
    connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
    chasing this.)
  * When saving the berkeley DB version at build-time pass -P option to cpp,
    to prevent linebreaks.

exim4 (4.86-2) unstable; urgency=high

  * Update exim4-config Breaks, PRDR support is was moved from being
    Experimental into the mainline with 4.83.
    Closes: #794320

exim4 (4.86-1) unstable; urgency=medium

  * New upstream version, identical to RC5 (except for the version string).

exim4 (4.86~RC5-1) unstable; urgency=medium

  * New upstream version.
    + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.

exim4 (4.86~RC4-2) unstable; urgency=medium

  * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463
  * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock,
    0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch,
    0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris,
    0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler),
    transition from debian/upstream-signing-key.pgp to
    debian/upstream/signing-key.asc.
  * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update
    exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then
    properly fix the issue. Closes: #790616

exim4 (4.86~RC4-1) unstable; urgency=medium

  * unexport/undefine TZ in debian/rules for reproducible build. It would be
    used as default value for TIMEZONE_DEFAULT.
  * New upstream version.
    + Unfuzz 31_eximmanpage.dpatch.

exim4 (4.86~RC3-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.86~RC3-1) experimental; urgency=medium

  * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug
    1166671.
  * New upstream version.

exim4 (4.86~RC2-1) experimental; urgency=medium

  * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control
    (Thanks, lintian).
  * New upstream version:
    +Drop included patches.
     (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch,
     72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch,
     72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
     72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch)
  * Sync Debian config with upstream default config:
    + Set prdr_enable.
    + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to
      log_selector option value.

exim4 (4.86~RC1-3) experimental; urgency=medium

  * Get time and date of latest debian/changelog entry and patch exim(on) to
    use these instead of __DATE__ and __TIME__.
  * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch
    from GIT to fix FTBFS on kfreebsd.

exim4 (4.86~RC1-2) experimental; urgency=medium

  * Pull three post-release fixes from upstream GIT. (null pointer
    derefencing, and spam scanning defaulting to rspam mode)
    + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch
    + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch
    + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch

exim4 (4.86~RC1-1) experimental; urgency=medium

  * New upstream release.
    + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch,
      refresh patches.
    + Update EDITME*, enable AUTH_TLS for -heavy.
    + Sync Debian config with upstream default config, rfc1413 calls are now
      disabled by default.
    + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741
    + The spamd_address main option now supports an optional timeout value per
      server (tmo=timespec), it defaults two 2 minutes. Closes:  #297915
    + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687
    + log reason for defer, on a hostlist dns-lookup temporary error.
      Closes: #670035

exim4 (4.85-3) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.85-2) experimental; urgency=medium

  * Merge from unstable 4.84-8.
    + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
      (<< ${source:Version}.1), at least source version, but not the next
      sourceful upload. Closes: #777246
    + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
      upstream GIT which fixes breakage of string-expansion in headers_remove
      commands. (Thanks Gordon Dickens, for the pointer.) -
      83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added
      here since it already part of 4.85.

exim4 (4.85-1) experimental; urgency=medium

  * exim4-config_files.5: Escape dots in regex. (Thanks, ael)
  * New upstream version.

exim4 (4.85~RC4-1) experimental; urgency=medium

  * update-exim4.conf:
    + Drop unused variable UPEX4C_internal_tmp.
    + Use tempfile(1) if the generated file will not be written to
      /var/lib/exim4/.
    + Add --check option.
  * init-script: On restart use update-exim4.conf --check before stopping the
    daemon. (This is a no-op with systemd since its sysv compat layer
    translates "foo restart" into "foo stop" "foo start" instead of using the
    init scripts restart target.)
  * Handle _RC in watchfile with uversionmangle.
  * New upstream version.
    + Stop repacking source, rfcs have been dropped.

exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium

  * New upstream version.

exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium

  * New upstream version.
  * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff
    70_remove_exim-users_references.dpatch.

exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium

  * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
    neither expects a mbox-style From nor an empty line add the end. (Thanks,
    Edward Betts) Closes: #769396
  * Change the init script's restart order from { regenerate_config; stop;
    start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
    Closes: #768874
  * New upstream version.
    + Unfuzz 66_enlarge-dh-parameters-size.dpatch
    + Drop 80_mime_empty_charset.diff.
  * Remove rfc from upstream source and repack it.

22 months agoMerge branch 'debian' into hcoop_489_stretch hcoop_489_stretch debian/4.89-2+deb9u4_hcoop9+1
Clinton Ebadi [Sun, 22 Apr 2018 05:15:11 +0000 (01:15 -0400)]
Merge branch 'debian' into hcoop_489_stretch

22 months agoImport Debian changes 4.89-2+deb9u3 debian/4.89-2+deb9u3
Salvatore Bonaccorso [Sat, 10 Feb 2018 08:26:05 +0000 (09:26 +0100)]
Import Debian changes 4.89-2+deb9u3

exim4 (4.89-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)

23 months agorelease hcoop_489
Clinton Ebadi [Fri, 23 Mar 2018 03:28:38 +0000 (23:28 -0400)]
release

23 months agoMerge branch 'debian' into hcoop_489
Clinton Ebadi [Fri, 23 Mar 2018 03:25:15 +0000 (23:25 -0400)]
Merge branch 'debian' into hcoop_489

23 months agoImport Upstream version 4.89 upstream/4.89
Clinton Ebadi [Fri, 23 Mar 2018 03:22:44 +0000 (23:22 -0400)]
Import Upstream version 4.89

23 months agoImport Debian changes 4.89-2+deb9u3~bpo8+1 debian/4.89-2+deb9u3_bpo8+1
Andreas Metzler [Sun, 25 Feb 2018 14:26:27 +0000 (15:26 +0100)]
Import Debian changes 4.89-2+deb9u3~bpo8+1

exim4 (4.89-2+deb9u3~bpo8+1) jessie-backports; urgency=medium

  * Rebuild for jessie-backports.
  * b-d on libmysqlclient-dev | libmysqlclient15-dev instead of
    default-libmysqlclient-dev.

exim4 (4.89-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)

exim4 (4.89-2+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Avoid release of store if there have been later allocations
    (CVE-2017-16943) (Closes: #882648)
  * Chunking: do not treat the first lonely dot special (CVE-2017-16944)
    (Closes: #882671)

exim4 (4.89-2+deb9u1) stretch-security; urgency=medium

  * CVE-2017-100369

exim4 (4.89-2) unstable; urgency=medium

  * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
    initscript (#844178). It breaks when the initscript does not start a
    daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
    Closes: #860317
  * When reporting bugs also attach /etc/default/exim4 by default.

exim4 (4.89-1) unstable; urgency=medium

  * Enable inbound (server-side) proxying for -heavy. Closes: #856712
  * New upstream release, source identical to RC7.

exim4 (4.89~RC7-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.89~RC6-1) unstable; urgency=medium

  * Document E4BCD_PANICLOG_LINES in README.Debian.
  * New upstream version.

exim4 (4.89~RC5-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.89~RC4-1) unstable; urgency=medium

  * New upstream version.
    + Drop 92_CVE-2016-1238.diff.
  * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile
    while we are changing the init script.

exim4 (4.89~RC3-1) unstable; urgency=medium

  * New upstream version.
    + Unfuzz 92_CVE-2016-1238.diff.
  * init file:
    + Source /etc/default/exim4 *before* defining the shell
      variables holding the pidfilenames. Overriding these via
      /etc/default/exim4 is not supported.
    + Add missing support for reload when QUEUERUNNER='queueonly'.
    + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way
      $PIDFILE is used for the main exim process for all available QUEUERUNNER
      choices.
    + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd
      interaction. systemd-sysv-generator uses this pseudoheader to set
      PIDFile in the generated service file and it also sets
      RemainAfterExit=no instead of yes if it is present. Thanks, Michael
      Biebl for suggestion and explanation. Closes: #844178

exim4 (4.89~RC2-1) unstable; urgency=medium

  * New upstream version.
    + Drop 75_add_bak_spec.txt.diff.

exim4 (4.89~RC1-1) unstable; urgency=low

  * Refresh debian/upstream/signing-key.asc.
  * New upstream bugfix release.
    + Drop superfluous patches.
      75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch
      75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
      75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
      75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
      75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
    + Unfuzz 31_eximmanpage.dpatch and
      78_Disable-chunking-BDAT-by-default.patch.
    + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc
      tarball.
    + Unfuzz debian/EDITME.exim4-*.
    + Update debian/example.conf.md5. - Upstream typo fix.

exim4 (4.88-5) unstable; urgency=medium

  * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main
    option chunking_advertise_hosts and smtp transport option
    hosts_try_chunking from "*" to empty.
    This is a Debian specific change, we are right before the freeze and BDAT
    needs a little time.

exim4 (4.88-4) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.88-3) experimental; urgency=medium

  * Pull multiple patches from upstream GIT:
   + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch,
     75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
   + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
   + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
   + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
     (Thanks, Bart Noordervliet for the pointer) Closes: #850175

exim4 (4.88-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.88-1) experimental; urgency=medium

  * New upstream version.
  * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to
    testing.
  * Drop 75_Fix-DKIM-information-leakage.patch.

exim4 (4.88~RC6-2) unstable; urgency=high

  * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA
    physical line limit check for both for SMTP DATA ACL and remote_smtp*
    transports. Closes: #828801
    Also update corresponding NEWS entry.
  * [lintian] debian/changelog: s/lenght/length/
  * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
    information leakage issue CVE-2016-9963.

exim4 (4.88~RC6-1) unstable; urgency=low

  * New upstream version.

exim4 (4.88~RC5-1) unstable; urgency=low

  * New upstream version.
    + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff.

exim4 (4.88~RC4-2) unstable; urgency=low

  * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream
    GIT to fix exim bug 1914 (exim doesn't close connection after quit.
  * Upload to unstable.

exim4 (4.88~RC4-1) experimental; urgency=low

  * New upstream version.

exim4 (4.88~RC3-1) experimental; urgency=medium

  * New upstream version.
    Drop 75_01-Fix-check-for-commandline-macro-definition.patch
    75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch.

exim4 (4.88~RC2-3) experimental; urgency=medium

  * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on
    every upgrade.
  * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix
    longstanding bug with aborted TLS server connection handling. Under
    GnuTLS, when a session startup failed (eg because the client
    disconnected) Exim did stdio operations after fclose.  This was exposed by
    a recent change which nulled out the file handle after the fclose.

exim4 (4.88~RC2-2) experimental; urgency=medium

  * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission
    problems on commandline mail submission. Closes: #840355

exim4 (4.88~RC2-1) experimental; urgency=low

  *  New upstream version.
    + Changed default Diffie-Hellman parameters to be Exim-specific, created
      by Phil Pennock. Added RFC7919 DH primes as an alternative.
      Closes: #839978
  * Set tls_dhparam = historic to use site-specific DH parameters.
  * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
    -daemon postinst.
  * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
    by running certtool or by installing
    /usr/share/exim4/gnutls-params-2048. Do not try to use
    openssl dhparam, it takes too long.

exim4 (4.88~RC1-1) experimental; urgency=low

  * Drop reference to removed (in 4.80-7) "what"-option in init script usage
    message. (Thanks, Calum Mackay!) Closes: #823855
  * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238]
    Closes: #832442
  * [lintian] update-exim4.conf.8 - fix typo.
  * [lintian] Drop unused override binaries-have-file-conflict.
  * B-d on default-libmysqlclient-dev.
  * New upstream version.
    + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch
      50_localscan_dlopen.dpatch
    + Drop superfluous patches.
      71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
      71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
      71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
      71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
    + Fix crash in VRFY handling when handed an unqualified name
      (lacking @domain).  Apply the same qualification processing as RCPT.
      Closes: #834699
    + Fix a possible security hole, wherein a process operating with the Exim
      UID can gain a root shell.  Credit to http://www.halfdog.net/ for
      discovery and writeup.  LP: #1580454
  * [lintian] exim4-config_files.5 - fix typo.

exim4 (4.87-3) unstable; urgency=medium

  * Pull multiple patches from upstream GIT:
    + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
      Improved message on overlong lines in example config.
    + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
      Fix race condition related to connection reuse.
      https://bugs.exim.org/show_bug.cgi?id=1810
    + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
      71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
      Avoid exposing passwords in log on failing ldap lookup
      expansion. https://bugs.exim.org/show_bug.cgi?id=165
  * Copy information message on rejecting overlong lines in data ACL from
    upstream example configuration. Closes: #823418
  * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1.
    Closes: 821830

exim4 (4.87-2) unstable; urgency=medium

  * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
    (Thanks, L. Guruprasad!) Closes: #821416
  * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS
    connections (hosts_require_tls option) in remote_smtp_smarthost
    transport. Closes: #822174
  * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
    is deprecated and will be removed in 4.88.
  * README.Debian*: Fix minor issues  found by lintian.
  * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
  * Drop exim4-base Recommends on perl-modules. This had been unnecessary
    since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl.

exim4 (4.87-1) unstable; urgency=medium

  * Fix comment in
    conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
    Jörg-Volker Peetz!) Closes: #819780
  * New upstream release.

exim4 (4.87~RC7-1) unstable; urgency=low

  * Enable SOCKS support in both -light and -heavy. Closes: #818091
  * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
  * New upstream version.
    + Drop 74_Store-the-initial-working-directory.diff,
      75_String-expansions-fix-extract.patch,
      76_only_warn_on_nonempty_environment.diff.
    + Update debian/example.conf.md5.

exim4 (4.87~RC6-3) unstable; urgency=medium

  * Merge changelog entries for 4.86.2-1 and -2.
  * Upload to unstable.
  * Add link to CVE details to latest NEWS entry and bump its version and date
    to match this upload. Closes: #818349, #817244

exim4 (4.87~RC6-2) experimental; urgency=medium

  * 74_Store-the-initial-working-directory.diff,
    76_only_warn_on_nonempty_environment.diff: Upstream followups on the
    CVE fix (Thanks, Heiko Schlittermann!):
    + Runtime warning is only generated if (and only if) keep_environment
      is unset and environment is nonempty.
    + Store the initial working directory and make it available in the new
      expansion variable $initial_cwd.
  * Merge all NEWS.Debian files into a single one, identical for all binary
    packages. - Different NEWS files built from a single source package is not
    and has not ever been supported by apt-listchanges which is the most
    important frontend.
  * Add a NEWS entry about the environment related runtime warning.

exim4 (4.87~RC6-1) experimental; urgency=medium

  * New upstream version.
  * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
    ${extract } string expansion for the numeric/3-string case. (Bug was
    introduced in 4.85.)
  * Set keep_environment to empty value instead of setting a minimal PATH in
    add_environment.

exim4 (4.87~RC5-2) experimental; urgency=medium

  * Update debian/upstream/signing-key.asc, using the keys listed in
    ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds
    Heiko Schlittermann's key.
  * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790

exim4 (4.87~RC5-1) experimental; urgency=medium

  * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
    to grep in it. Closes: #814998
  * New upstream version, includes the patch for CVE-2016-1531. (Local root
    exploit).
  * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
    options. If neither is used we use add_environment to set a minimal
    PATH=/bin:/usr/bin to avoid a runtime warning.

exim4 (4.87~RC3-2) experimental; urgency=medium

  * README.Debian: Refer to Exim specification by chapter name instead of
    chapter number. Closes: #813351
  * Fix some spelling errors found by lintian.
  * Minor debian/rules cleanup:
    + Restore originally intended behavior, upstream changelog is only
      shipped in exim4-base, symlinks to it elsewhere.
    + Drop workaround for #347577, fixed in debhelper 5.0.15.
    + Use "dh binary-arch" and "dh binary-indep" and a bunch of override
      targets instead of listing all dh-commands. While this is uglier and
      slows things down a bit it shortens debian/rules by 40 lines and has the
      huge benefit that we automatically use all suggested helpers in correct
      order.
    + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
    + Delete unused, commented code.
    + Drop (exported) variable MTACONFLICTS, used only once.
  * Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
  * Refresh debian/EDITME.*, -heavy was missing ldap and sql support.

exim4 (4.87~RC3-1) experimental; urgency=medium

  * Move Vcs-* from git/http to https.
  * [lintian] README.Debian: s/desireable/desirable/.
  * [lintian] README.Debian: Fix grammar error "allow + infinitive".
  * [lintian] exim4-config.postinst: Use which foo > /dev/null
    instead of [ -x /path/to/foo ].
  * Update list of patches in debian/README.Debian.xml
  * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
    with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
  * New upstream version.
    + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
      merge this change and drop CHECK_MAIL_HELO_ISSUED macro.

exim4 (4.87~RC2-1) experimental; urgency=medium

  * New upstream version.

exim4 (4.87~RC1-1) experimental; urgency=medium

  * New upstream version.
    + Refresh patches.
    + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
    + Sync with upstream default configuration: Check maximum (physical, i.e.
      before unfolding) line length in default spec file data ACL and smtp
      transport. Bug 1684 Closes: #797919
    + HS/02 Add the Exim version string to the process info.  This way exiwhat
      gives some more detail about the running daemon. Closes: #240883
  * Override upstream's new default of tls_advertise_hosts = * if
    MAIN_TLS_ENABLE is not set.

exim4 (4.86.2-2) unstable; urgency=high

  * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790

exim4 (4.86.2-1) unstable; urgency=high

  * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
    4.86+fixes branch.
  * New upstream security release for CVE-2016-1531.
    + New options keep_environment/add_environment which are empty by default,
      i.e. any subprocesses start in a clean (empty) environment.
    + -C requires an absolute path.
    + Exim changes it's working directory to / right after startup.
  * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
    options. If neither is used we use add_environment to set a minimal
    PATH=/bin:/usr/bin to avoid a runtime warning.

exim4 (4.86-7) unstable; urgency=medium

  * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
  * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
    exim-4_86+fixes branch fixes another MIME ACL related crash.
    https://bugs.exim.org/show_bug.cgi?id=1730

exim4 (4.86-6) unstable; urgency=medium

  * Cleanup (actual patch is identical): Use
    75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
    exim-4_86+fixes branch instad of
    76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
  * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
    DKIM: ignore space & tab embedded in base64 during decode.  Bug 1700

exim4 (4.86-5) unstable; urgency=high

  * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
    head to avoid misaligned access in cached lookup. Closes: #803255

exim4 (4.86-4) unstable; urgency=medium

  * Fix documentation of lowuid_aliases router, exceptions are in
    CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
    Closes: #799672
  * fcron has been removed from Debian in 2011, stop listing it as an
    alternative dependency of exim4-base (Thanks, Alexandre Detiste).
    Closes: #798236
  * Update to upstream exim-4_86+fixes branch:
    + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
      76_Fix-post-transport-crash.patch,
      77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
      78_Close-logs-after-daemon-process-exceptional-write.patch.
    + Add 75_0001-Fix-post-transport-crash.patch
      75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
      75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
      75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
      75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
      75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
  * Use dh v9.

exim4 (4.86-3) unstable; urgency=medium

  * Pull three patches from upstream git:
    + 75_Fix-ESMTP-MAIL-command-option-processing.patch:
      Corrects handling of mail-addresses with whitespace.
      <http://article.gmane.org/gmane.mail.exim.user/97069>
    + 76_Fix-post-transport-crash.patch
      77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
      <https://bugs.exim.org/show_bug.cgi?id=1671>
  * Fix spelling error in copyright file. (Thanks, lintian)
  * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
    upstream git, exim was keeping logfiles open after after a "too many
    connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
    chasing this.)
  * When saving the berkeley DB version at build-time pass -P option to cpp,
    to prevent linebreaks.

exim4 (4.86-2) unstable; urgency=high

  * Update exim4-config Breaks, PRDR support is was moved from being
    Experimental into the mainline with 4.83.
    Closes: #794320

exim4 (4.86-1) unstable; urgency=medium

  * New upstream version, identical to RC5 (except for the version string).

exim4 (4.86~RC5-1) unstable; urgency=medium

  * New upstream version.
    + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.

exim4 (4.86~RC4-2) unstable; urgency=medium

  * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463
  * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock,
    0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch,
    0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris,
    0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler),
    transition from debian/upstream-signing-key.pgp to
    debian/upstream/signing-key.asc.
  * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update
    exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then
    properly fix the issue. Closes: #790616

exim4 (4.86~RC4-1) unstable; urgency=medium

  * unexport/undefine TZ in debian/rules for reproducible build. It would be
    used as default value for TIMEZONE_DEFAULT.
  * New upstream version.
    + Unfuzz 31_eximmanpage.dpatch.

exim4 (4.86~RC3-2) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.86~RC3-1) experimental; urgency=medium

  * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug
    1166671.
  * New upstream version.

exim4 (4.86~RC2-1) experimental; urgency=medium

  * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control
    (Thanks, lintian).
  * New upstream version:
    +Drop included patches.
     (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch,
     72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch,
     72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
     72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch)
  * Sync Debian config with upstream default config:
    + Set prdr_enable.
    + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to
      log_selector option value.

exim4 (4.86~RC1-3) experimental; urgency=medium

  * Get time and date of latest debian/changelog entry and patch exim(on) to
    use these instead of __DATE__ and __TIME__.
  * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch
    from GIT to fix FTBFS on kfreebsd.

exim4 (4.86~RC1-2) experimental; urgency=medium

  * Pull three post-release fixes from upstream GIT. (null pointer
    derefencing, and spam scanning defaulting to rspam mode)
    + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch
    + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch
    + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch

exim4 (4.86~RC1-1) experimental; urgency=medium

  * New upstream release.
    + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch,
      refresh patches.
    + Update EDITME*, enable AUTH_TLS for -heavy.
    + Sync Debian config with upstream default config, rfc1413 calls are now
      disabled by default.
    + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741
    + The spamd_address main option now supports an optional timeout value per
      server (tmo=timespec), it defaults two 2 minutes. Closes:  #297915
    + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687
    + log reason for defer, on a hostlist dns-lookup temporary error.
      Closes: #670035

exim4 (4.85-3) unstable; urgency=medium

  * Upload to unstable.

exim4 (4.85-2) experimental; urgency=medium

  * Merge from unstable 4.84-8.
    + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
      (<< ${source:Version}.1), at least source version, but not the next
      sourceful upload. Closes: #777246
    + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
      upstream GIT which fixes breakage of string-expansion in headers_remove
      commands. (Thanks Gordon Dickens, for the pointer.) -
      83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added
      here since it already part of 4.85.

exim4 (4.85-1) experimental; urgency=medium

  * exim4-config_files.5: Escape dots in regex. (Thanks, ael)
  * New upstream version.

exim4 (4.85~RC4-1) experimental; urgency=medium

  * update-exim4.conf:
    + Drop unused variable UPEX4C_internal_tmp.
    + Use tempfile(1) if the generated file will not be written to
      /var/lib/exim4/.
    + Add --check option.
  * init-script: On restart use update-exim4.conf --check before stopping the
    daemon. (This is a no-op with systemd since its sysv compat layer
    translates "foo restart" into "foo stop" "foo start" instead of using the
    init scripts restart target.)
  * Handle _RC in watchfile with uversionmangle.
  * New upstream version.
    + Stop repacking source, rfcs have been dropped.

exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium

  * New upstream version.

exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium

  * New upstream version.
  * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff
    70_remove_exim-users_references.dpatch.

exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium

  * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
    neither expects a mbox-style From nor an empty line add the end. (Thanks,
    Edward Betts) Closes: #769396
  * Change the init script's restart order from { regenerate_config; stop;
    start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
    Closes: #768874
  * New upstream version.
    + Unfuzz 66_enlarge-dh-parameters-size.dpatch
    + Drop 80_mime_empty_charset.diff.
  * Remove rfc from upstream source and repack it.

3 years agoImport Debian patch 4.84.2-2+deb8u3 debian/4.84.2-2+deb8u3
Andreas Metzler [Mon, 2 Jan 2017 18:18:05 +0000 (19:18 +0100)]
Import Debian patch 4.84.2-2+deb8u3

3 years agoImport Upstream version 4.84.2 upstream/4.84.2
Clinton Ebadi [Mon, 30 Jan 2017 22:14:09 +0000 (17:14 -0500)]
Import Upstream version 4.84.2

4 years agoskip failed chown check on file before writing debian/4.84-8+hcoop4
Clinton Ebadi [Thu, 14 May 2015 05:34:43 +0000 (01:34 -0400)]
skip failed chown check on file before writing

4 years agoActually patch maildir problem debian/4.84-8+hcoop3
Clinton Ebadi [Thu, 14 May 2015 04:34:01 +0000 (00:34 -0400)]
Actually patch maildir problem

It would help if I patched the maildir in afs issue and not the
mailbox problem... reverting the mailbox case even if it might make
sense, review later.

4 years agochange perm change error message for sanity debian/4.84-8+hcoop2
Clinton Ebadi [Thu, 14 May 2015 03:47:38 +0000 (23:47 -0400)]
change perm change error message for sanity

4 years agoRelax chown requirements when check_owner is false debian/4.84-8+hcoop1
Clinton Ebadi [Thu, 14 May 2015 03:26:29 +0000 (23:26 -0400)]
Relax chown requirements when check_owner is false

HCoop delivers into /afs, and the chown will always fail since the
effective unix user and openafs role ($user.daemon) are not the
same. This is harmless in afs space, and it seems reasonable enough to
not care about the chown failing in the general case when exim will
ignore the perms afterward / if the file already exists and it is
appending to it.

4 years agoImported Debian patch 4.84-8 debian/4.84-8
Andreas Metzler [Tue, 17 Feb 2015 17:00:42 +0000 (18:00 +0100)]
Imported Debian patch 4.84-8

4 years agoImported Upstream version 4.84 upstream/4.84
Clinton Ebadi [Thu, 14 May 2015 03:12:14 +0000 (23:12 -0400)]
Imported Upstream version 4.84