summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Clinton Ebadi [Fri, 6 Sep 2019 18:23:36 +0000 (14:23 -0400)]
Merge branch 'debian'
Andreas Metzler [Tue, 3 Sep 2019 18:01:38 +0000 (20:01 +0200)]
Import Debian changes 4.89-2+deb9u6
exim4 (4.89-2+deb9u6) stretch-security; urgency=high
* 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
related buffer overflow. CVE-2019-15846
Andreas Metzler [Sat, 20 Jul 2019 11:32:35 +0000 (13:32 +0200)]
Import Debian changes 4.89-2+deb9u5
exim4 (4.89-2+deb9u5) stretch-security; urgency=high
* Fix remote command execution vulnerability related to
"${sort}"-expansion. CVE-2019-13917 OVE-
20190718-0006
Clinton Ebadi [Thu, 6 Jun 2019 23:36:26 +0000 (19:36 -0400)]
Merge branch 'debian'
New upstream security release
Salvatore Bonaccorso [Tue, 28 May 2019 20:13:55 +0000 (22:13 +0200)]
Import Debian changes 4.89-2+deb9u4
exim4 (4.89-2+deb9u4) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix remote command execution vulnerability (CVE-2019-10149)
exim4 (4.89-2+deb9u3) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
exim4 (4.89-2+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Avoid release of store if there have been later allocations
(CVE-2017-16943) (Closes: #882648)
* Chunking: do not treat the first lonely dot special (CVE-2017-16944)
(Closes: #882671)
exim4 (4.89-2+deb9u1) stretch-security; urgency=medium
* CVE-2017-100369
exim4 (4.89-2) unstable; urgency=medium
* Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
initscript (#844178). It breaks when the initscript does not start a
daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
Closes: #860317
* When reporting bugs also attach /etc/default/exim4 by default.
exim4 (4.89-1) unstable; urgency=medium
* Enable inbound (server-side) proxying for -heavy. Closes: #856712
* New upstream release, source identical to RC7.
exim4 (4.89~RC7-1) unstable; urgency=medium
* New upstream version.
exim4 (4.89~RC6-1) unstable; urgency=medium
* Document E4BCD_PANICLOG_LINES in README.Debian.
* New upstream version.
exim4 (4.89~RC5-1) unstable; urgency=medium
* New upstream version.
exim4 (4.89~RC4-1) unstable; urgency=medium
* New upstream version.
+ Drop 92_CVE-2016-1238.diff.
* Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile
while we are changing the init script.
exim4 (4.89~RC3-1) unstable; urgency=medium
* New upstream version.
+ Unfuzz 92_CVE-2016-1238.diff.
* init file:
+ Source /etc/default/exim4 *before* defining the shell
variables holding the pidfilenames. Overriding these via
/etc/default/exim4 is not supported.
+ Add missing support for reload when QUEUERUNNER='queueonly'.
+ For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way
$PIDFILE is used for the main exim process for all available QUEUERUNNER
choices.
+ Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd
interaction. systemd-sysv-generator uses this pseudoheader to set
PIDFile in the generated service file and it also sets
RemainAfterExit=no instead of yes if it is present. Thanks, Michael
Biebl for suggestion and explanation. Closes: #844178
exim4 (4.89~RC2-1) unstable; urgency=medium
* New upstream version.
+ Drop 75_add_bak_spec.txt.diff.
exim4 (4.89~RC1-1) unstable; urgency=low
* Refresh debian/upstream/signing-key.asc.
* New upstream bugfix release.
+ Drop superfluous patches.
75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch
75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
+ Unfuzz 31_eximmanpage.dpatch and
78_Disable-chunking-BDAT-by-default.patch.
+ Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc
tarball.
+ Unfuzz debian/EDITME.exim4-*.
+ Update debian/example.conf.md5. - Upstream typo fix.
exim4 (4.88-5) unstable; urgency=medium
* 78_Disable-chunking-BDAT-by-default.patch: Change default value of main
option chunking_advertise_hosts and smtp transport option
hosts_try_chunking from "*" to empty.
This is a Debian specific change, we are right before the freeze and BDAT
needs a little time.
exim4 (4.88-4) unstable; urgency=medium
* Upload to unstable.
exim4 (4.88-3) experimental; urgency=medium
* Pull multiple patches from upstream GIT:
+ 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch,
75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
+ 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
+ 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
+ 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
(Thanks, Bart Noordervliet for the pointer) Closes: #850175
exim4 (4.88-2) unstable; urgency=medium
* Upload to unstable.
exim4 (4.88-1) experimental; urgency=medium
* New upstream version.
* Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to
testing.
* Drop 75_Fix-DKIM-information-leakage.patch.
exim4 (4.88~RC6-2) unstable; urgency=high
* Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA
physical line limit check for both for SMTP DATA ACL and remote_smtp*
transports. Closes: #828801
Also update corresponding NEWS entry.
* [lintian] debian/changelog: s/lenght/length/
* Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
information leakage issue CVE-2016-9963.
exim4 (4.88~RC6-1) unstable; urgency=low
* New upstream version.
exim4 (4.88~RC5-1) unstable; urgency=low
* New upstream version.
+ Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff.
exim4 (4.88~RC4-2) unstable; urgency=low
* Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream
GIT to fix exim bug 1914 (exim doesn't close connection after quit.
* Upload to unstable.
exim4 (4.88~RC4-1) experimental; urgency=low
* New upstream version.
exim4 (4.88~RC3-1) experimental; urgency=medium
* New upstream version.
Drop 75_01-Fix-check-for-commandline-macro-definition.patch
75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch.
exim4 (4.88~RC2-3) experimental; urgency=medium
* Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on
every upgrade.
* 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix
longstanding bug with aborted TLS server connection handling. Under
GnuTLS, when a session startup failed (eg because the client
disconnected) Exim did stdio operations after fclose. This was exposed by
a recent change which nulled out the file handle after the fclose.
exim4 (4.88~RC2-2) experimental; urgency=medium
* 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission
problems on commandline mail submission. Closes: #840355
exim4 (4.88~RC2-1) experimental; urgency=low
* New upstream version.
+ Changed default Diffie-Hellman parameters to be Exim-specific, created
by Phil Pennock. Added RFC7919 DH primes as an alternative.
Closes: #839978
* Set tls_dhparam = historic to use site-specific DH parameters.
* Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
-daemon postinst.
* Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
by running certtool or by installing
/usr/share/exim4/gnutls-params-2048. Do not try to use
openssl dhparam, it takes too long.
exim4 (4.88~RC1-1) experimental; urgency=low
* Drop reference to removed (in 4.80-7) "what"-option in init script usage
message. (Thanks, Calum Mackay!) Closes: #823855
* 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238]
Closes: #832442
* [lintian] update-exim4.conf.8 - fix typo.
* [lintian] Drop unused override binaries-have-file-conflict.
* B-d on default-libmysqlclient-dev.
* New upstream version.
+ Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch
50_localscan_dlopen.dpatch
+ Drop superfluous patches.
71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ Fix crash in VRFY handling when handed an unqualified name
(lacking @domain). Apply the same qualification processing as RCPT.
Closes: #834699
+ Fix a possible security hole, wherein a process operating with the Exim
UID can gain a root shell. Credit to http://www.halfdog.net/ for
discovery and writeup. LP: #
1580454
* [lintian] exim4-config_files.5 - fix typo.
exim4 (4.87-3) unstable; urgency=medium
* Pull multiple patches from upstream GIT:
+ 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
Improved message on overlong lines in example config.
+ 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
Fix race condition related to connection reuse.
https://bugs.exim.org/show_bug.cgi?id=1810
+ 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
Avoid exposing passwords in log on failing ldap lookup
expansion. https://bugs.exim.org/show_bug.cgi?id=165
* Copy information message on rejecting overlong lines in data ACL from
upstream example configuration. Closes: #823418
* Add NEWS entry on line-length-limit introduced in 4.87~RC1-1.
Closes: 821830
exim4 (4.87-2) unstable; urgency=medium
* Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
(Thanks, L. Guruprasad!) Closes: #821416
* Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS
connections (hosts_require_tls option) in remote_smtp_smarthost
transport. Closes: #822174
* exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
is deprecated and will be removed in 4.88.
* README.Debian*: Fix minor issues found by lintian.
* Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
* Drop exim4-base Recommends on perl-modules. This had been unnecessary
since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl.
exim4 (4.87-1) unstable; urgency=medium
* Fix comment in
conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
Jörg-Volker Peetz!) Closes: #819780
* New upstream release.
exim4 (4.87~RC7-1) unstable; urgency=low
* Enable SOCKS support in both -light and -heavy. Closes: #818091
* Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
* New upstream version.
+ Drop 74_Store-the-initial-working-directory.diff,
75_String-expansions-fix-extract.patch,
76_only_warn_on_nonempty_environment.diff.
+ Update debian/example.conf.md5.
exim4 (4.87~RC6-3) unstable; urgency=medium
* Merge changelog entries for 4.86.2-1 and -2.
* Upload to unstable.
* Add link to CVE details to latest NEWS entry and bump its version and date
to match this upload. Closes: #818349, #817244
exim4 (4.87~RC6-2) experimental; urgency=medium
* 74_Store-the-initial-working-directory.diff,
76_only_warn_on_nonempty_environment.diff: Upstream followups on the
CVE fix (Thanks, Heiko Schlittermann!):
+ Runtime warning is only generated if (and only if) keep_environment
is unset and environment is nonempty.
+ Store the initial working directory and make it available in the new
expansion variable $initial_cwd.
* Merge all NEWS.Debian files into a single one, identical for all binary
packages. - Different NEWS files built from a single source package is not
and has not ever been supported by apt-listchanges which is the most
important frontend.
* Add a NEWS entry about the environment related runtime warning.
exim4 (4.87~RC6-1) experimental; urgency=medium
* New upstream version.
* Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
${extract } string expansion for the numeric/3-string case. (Bug was
introduced in 4.85.)
* Set keep_environment to empty value instead of setting a minimal PATH in
add_environment.
exim4 (4.87~RC5-2) experimental; urgency=medium
* Update debian/upstream/signing-key.asc, using the keys listed in
ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds
Heiko Schlittermann's key.
* Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790
exim4 (4.87~RC5-1) experimental; urgency=medium
* exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
to grep in it. Closes: #814998
* New upstream version, includes the patch for CVE-2016-1531. (Local root
exploit).
* Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
options. If neither is used we use add_environment to set a minimal
PATH=/bin:/usr/bin to avoid a runtime warning.
exim4 (4.87~RC3-2) experimental; urgency=medium
* README.Debian: Refer to Exim specification by chapter name instead of
chapter number. Closes: #813351
* Fix some spelling errors found by lintian.
* Minor debian/rules cleanup:
+ Restore originally intended behavior, upstream changelog is only
shipped in exim4-base, symlinks to it elsewhere.
+ Drop workaround for #347577, fixed in debhelper 5.0.15.
+ Use "dh binary-arch" and "dh binary-indep" and a bunch of override
targets instead of listing all dh-commands. While this is uglier and
slows things down a bit it shortens debian/rules by 40 lines and has the
huge benefit that we automatically use all suggested helpers in correct
order.
+ Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
+ Delete unused, commented code.
+ Drop (exported) variable MTACONFLICTS, used only once.
* Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
* Refresh debian/EDITME.*, -heavy was missing ldap and sql support.
exim4 (4.87~RC3-1) experimental; urgency=medium
* Move Vcs-* from git/http to https.
* [lintian] README.Debian: s/desireable/desirable/.
* [lintian] README.Debian: Fix grammar error "allow + infinitive".
* [lintian] exim4-config.postinst: Use which foo > /dev/null
instead of [ -x /path/to/foo ].
* Update list of patches in debian/README.Debian.xml
* Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
* New upstream version.
+ Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
merge this change and drop CHECK_MAIL_HELO_ISSUED macro.
exim4 (4.87~RC2-1) experimental; urgency=medium
* New upstream version.
exim4 (4.87~RC1-1) experimental; urgency=medium
* New upstream version.
+ Refresh patches.
+ Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
+ Sync with upstream default configuration: Check maximum (physical, i.e.
before unfolding) line length in default spec file data ACL and smtp
transport. Bug 1684 Closes: #797919
+ HS/02 Add the Exim version string to the process info. This way exiwhat
gives some more detail about the running daemon. Closes: #240883
* Override upstream's new default of tls_advertise_hosts = * if
MAIN_TLS_ENABLE is not set.
exim4 (4.86.2-2) unstable; urgency=high
* Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790
exim4 (4.86.2-1) unstable; urgency=high
* Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
4.86+fixes branch.
* New upstream security release for CVE-2016-1531.
+ New options keep_environment/add_environment which are empty by default,
i.e. any subprocesses start in a clean (empty) environment.
+ -C requires an absolute path.
+ Exim changes it's working directory to / right after startup.
* Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
options. If neither is used we use add_environment to set a minimal
PATH=/bin:/usr/bin to avoid a runtime warning.
exim4 (4.86-7) unstable; urgency=medium
* Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
* 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
exim-4_86+fixes branch fixes another MIME ACL related crash.
https://bugs.exim.org/show_bug.cgi?id=1730
exim4 (4.86-6) unstable; urgency=medium
* Cleanup (actual patch is identical): Use
75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
exim-4_86+fixes branch instad of
76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
* Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
exim4 (4.86-5) unstable; urgency=high
* Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
head to avoid misaligned access in cached lookup. Closes: #803255
exim4 (4.86-4) unstable; urgency=medium
* Fix documentation of lowuid_aliases router, exceptions are in
CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
Closes: #799672
* fcron has been removed from Debian in 2011, stop listing it as an
alternative dependency of exim4-base (Thanks, Alexandre Detiste).
Closes: #798236
* Update to upstream exim-4_86+fixes branch:
+ Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
76_Fix-post-transport-crash.patch,
77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
78_Close-logs-after-daemon-process-exceptional-write.patch.
+ Add 75_0001-Fix-post-transport-crash.patch
75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
* Use dh v9.
exim4 (4.86-3) unstable; urgency=medium
* Pull three patches from upstream git:
+ 75_Fix-ESMTP-MAIL-command-option-processing.patch:
Corrects handling of mail-addresses with whitespace.
<http://article.gmane.org/gmane.mail.exim.user/97069>
+ 76_Fix-post-transport-crash.patch
77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
<https://bugs.exim.org/show_bug.cgi?id=1671>
* Fix spelling error in copyright file. (Thanks, lintian)
* Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
upstream git, exim was keeping logfiles open after after a "too many
connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
chasing this.)
* When saving the berkeley DB version at build-time pass -P option to cpp,
to prevent linebreaks.
exim4 (4.86-2) unstable; urgency=high
* Update exim4-config Breaks, PRDR support is was moved from being
Experimental into the mainline with 4.83.
Closes: #794320
exim4 (4.86-1) unstable; urgency=medium
* New upstream version, identical to RC5 (except for the version string).
exim4 (4.86~RC5-1) unstable; urgency=medium
* New upstream version.
+ Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.
exim4 (4.86~RC4-2) unstable; urgency=medium
* Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463
* Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock,
0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch,
0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris,
0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler),
transition from debian/upstream-signing-key.pgp to
debian/upstream/signing-key.asc.
* Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update
exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then
properly fix the issue. Closes: #790616
exim4 (4.86~RC4-1) unstable; urgency=medium
* unexport/undefine TZ in debian/rules for reproducible build. It would be
used as default value for TIMEZONE_DEFAULT.
* New upstream version.
+ Unfuzz 31_eximmanpage.dpatch.
exim4 (4.86~RC3-2) unstable; urgency=medium
* Upload to unstable.
exim4 (4.86~RC3-1) experimental; urgency=medium
* Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug
1166671.
* New upstream version.
exim4 (4.86~RC2-1) experimental; urgency=medium
* Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control
(Thanks, lintian).
* New upstream version:
+Drop included patches.
(-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch,
72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch,
72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch)
* Sync Debian config with upstream default config:
+ Set prdr_enable.
+ Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to
log_selector option value.
exim4 (4.86~RC1-3) experimental; urgency=medium
* Get time and date of latest debian/changelog entry and patch exim(on) to
use these instead of __DATE__ and __TIME__.
* Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch
from GIT to fix FTBFS on kfreebsd.
exim4 (4.86~RC1-2) experimental; urgency=medium
* Pull three post-release fixes from upstream GIT. (null pointer
derefencing, and spam scanning defaulting to rspam mode)
+ 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch
+ 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch
+ 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch
exim4 (4.86~RC1-1) experimental; urgency=medium
* New upstream release.
+ Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch,
refresh patches.
+ Update EDITME*, enable AUTH_TLS for -heavy.
+ Sync Debian config with upstream default config, rfc1413 calls are now
disabled by default.
+ Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741
+ The spamd_address main option now supports an optional timeout value per
server (tmo=timespec), it defaults two 2 minutes. Closes: #297915
+ spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687
+ log reason for defer, on a hostlist dns-lookup temporary error.
Closes: #670035
exim4 (4.85-3) unstable; urgency=medium
* Upload to unstable.
exim4 (4.85-2) experimental; urgency=medium
* Merge from unstable 4.84-8.
+ Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
(<< ${source:Version}.1), at least source version, but not the next
sourceful upload. Closes: #777246
+ Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
upstream GIT which fixes breakage of string-expansion in headers_remove
commands. (Thanks Gordon Dickens, for the pointer.) -
83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added
here since it already part of 4.85.
exim4 (4.85-1) experimental; urgency=medium
* exim4-config_files.5: Escape dots in regex. (Thanks, ael)
* New upstream version.
exim4 (4.85~RC4-1) experimental; urgency=medium
* update-exim4.conf:
+ Drop unused variable UPEX4C_internal_tmp.
+ Use tempfile(1) if the generated file will not be written to
/var/lib/exim4/.
+ Add --check option.
* init-script: On restart use update-exim4.conf --check before stopping the
daemon. (This is a no-op with systemd since its sysv compat layer
translates "foo restart" into "foo stop" "foo start" instead of using the
init scripts restart target.)
* Handle _RC in watchfile with uversionmangle.
* New upstream version.
+ Stop repacking source, rfcs have been dropped.
exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium
* New upstream version.
exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium
* New upstream version.
* Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff
70_remove_exim-users_references.dpatch.
exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium
* Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
neither expects a mbox-style From nor an empty line add the end. (Thanks,
Edward Betts) Closes: #769396
* Change the init script's restart order from { regenerate_config; stop;
start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
Closes: #768874
* New upstream version.
+ Unfuzz 66_enlarge-dh-parameters-size.dpatch
+ Drop 80_mime_empty_charset.diff.
* Remove rfc from upstream source and repack it.
Clinton Ebadi [Sun, 22 Apr 2018 05:15:11 +0000 (01:15 -0400)]
Merge branch 'debian' into hcoop_489_stretch
Salvatore Bonaccorso [Sat, 10 Feb 2018 08:26:05 +0000 (09:26 +0100)]
Import Debian changes 4.89-2+deb9u3
exim4 (4.89-2+deb9u3) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
Clinton Ebadi [Fri, 23 Mar 2018 03:28:38 +0000 (23:28 -0400)]
release
Clinton Ebadi [Fri, 23 Mar 2018 03:25:15 +0000 (23:25 -0400)]
Merge branch 'debian' into hcoop_489
Clinton Ebadi [Fri, 23 Mar 2018 03:22:44 +0000 (23:22 -0400)]
Import Upstream version 4.89
Andreas Metzler [Sun, 25 Feb 2018 14:26:27 +0000 (15:26 +0100)]
Import Debian changes 4.89-2+deb9u3~bpo8+1
exim4 (4.89-2+deb9u3~bpo8+1) jessie-backports; urgency=medium
* Rebuild for jessie-backports.
* b-d on libmysqlclient-dev | libmysqlclient15-dev instead of
default-libmysqlclient-dev.
exim4 (4.89-2+deb9u3) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix base64d() buffer size (CVE-2018-6789) (Closes: #890000)
exim4 (4.89-2+deb9u2) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Avoid release of store if there have been later allocations
(CVE-2017-16943) (Closes: #882648)
* Chunking: do not treat the first lonely dot special (CVE-2017-16944)
(Closes: #882671)
exim4 (4.89-2+deb9u1) stretch-security; urgency=medium
* CVE-2017-100369
exim4 (4.89-2) unstable; urgency=medium
* Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to
initscript (#844178). It breaks when the initscript does not start a
daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon').
Closes: #860317
* When reporting bugs also attach /etc/default/exim4 by default.
exim4 (4.89-1) unstable; urgency=medium
* Enable inbound (server-side) proxying for -heavy. Closes: #856712
* New upstream release, source identical to RC7.
exim4 (4.89~RC7-1) unstable; urgency=medium
* New upstream version.
exim4 (4.89~RC6-1) unstable; urgency=medium
* Document E4BCD_PANICLOG_LINES in README.Debian.
* New upstream version.
exim4 (4.89~RC5-1) unstable; urgency=medium
* New upstream version.
exim4 (4.89~RC4-1) unstable; urgency=medium
* New upstream version.
+ Drop 92_CVE-2016-1238.diff.
* Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile
while we are changing the init script.
exim4 (4.89~RC3-1) unstable; urgency=medium
* New upstream version.
+ Unfuzz 92_CVE-2016-1238.diff.
* init file:
+ Source /etc/default/exim4 *before* defining the shell
variables holding the pidfilenames. Overriding these via
/etc/default/exim4 is not supported.
+ Add missing support for reload when QUEUERUNNER='queueonly'.
+ For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way
$PIDFILE is used for the main exim process for all available QUEUERUNNER
choices.
+ Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd
interaction. systemd-sysv-generator uses this pseudoheader to set
PIDFile in the generated service file and it also sets
RemainAfterExit=no instead of yes if it is present. Thanks, Michael
Biebl for suggestion and explanation. Closes: #844178
exim4 (4.89~RC2-1) unstable; urgency=medium
* New upstream version.
+ Drop 75_add_bak_spec.txt.diff.
exim4 (4.89~RC1-1) unstable; urgency=low
* Refresh debian/upstream/signing-key.asc.
* New upstream bugfix release.
+ Drop superfluous patches.
75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch
75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
+ Unfuzz 31_eximmanpage.dpatch and
78_Disable-chunking-BDAT-by-default.patch.
+ Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc
tarball.
+ Unfuzz debian/EDITME.exim4-*.
+ Update debian/example.conf.md5. - Upstream typo fix.
exim4 (4.88-5) unstable; urgency=medium
* 78_Disable-chunking-BDAT-by-default.patch: Change default value of main
option chunking_advertise_hosts and smtp transport option
hosts_try_chunking from "*" to empty.
This is a Debian specific change, we are right before the freeze and BDAT
needs a little time.
exim4 (4.88-4) unstable; urgency=medium
* Upload to unstable.
exim4 (4.88-3) experimental; urgency=medium
* Pull multiple patches from upstream GIT:
+ 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch,
75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch
+ 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch
+ 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch
+ 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch
(Thanks, Bart Noordervliet for the pointer) Closes: #850175
exim4 (4.88-2) unstable; urgency=medium
* Upload to unstable.
exim4 (4.88-1) experimental; urgency=medium
* New upstream version.
* Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to
testing.
* Drop 75_Fix-DKIM-information-leakage.patch.
exim4 (4.88~RC6-2) unstable; urgency=high
* Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA
physical line limit check for both for SMTP DATA ACL and remote_smtp*
transports. Closes: #828801
Also update corresponding NEWS entry.
* [lintian] debian/changelog: s/lenght/length/
* Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM
information leakage issue CVE-2016-9963.
exim4 (4.88~RC6-1) unstable; urgency=low
* New upstream version.
exim4 (4.88~RC5-1) unstable; urgency=low
* New upstream version.
+ Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff.
exim4 (4.88~RC4-2) unstable; urgency=low
* Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream
GIT to fix exim bug 1914 (exim doesn't close connection after quit.
* Upload to unstable.
exim4 (4.88~RC4-1) experimental; urgency=low
* New upstream version.
exim4 (4.88~RC3-1) experimental; urgency=medium
* New upstream version.
Drop 75_01-Fix-check-for-commandline-macro-definition.patch
75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch.
exim4 (4.88~RC2-3) experimental; urgency=medium
* Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on
every upgrade.
* 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix
longstanding bug with aborted TLS server connection handling. Under
GnuTLS, when a session startup failed (eg because the client
disconnected) Exim did stdio operations after fclose. This was exposed by
a recent change which nulled out the file handle after the fclose.
exim4 (4.88~RC2-2) experimental; urgency=medium
* 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission
problems on commandline mail submission. Closes: #840355
exim4 (4.88~RC2-1) experimental; urgency=low
* New upstream version.
+ Changed default Diffie-Hellman parameters to be Exim-specific, created
by Phil Pennock. Added RFC7919 DH primes as an alternative.
Closes: #839978
* Set tls_dhparam = historic to use site-specific DH parameters.
* Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in
-daemon postinst.
* Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either
by running certtool or by installing
/usr/share/exim4/gnutls-params-2048. Do not try to use
openssl dhparam, it takes too long.
exim4 (4.88~RC1-1) experimental; urgency=low
* Drop reference to removed (in 4.80-7) "what"-option in init script usage
message. (Thanks, Calum Mackay!) Closes: #823855
* 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238]
Closes: #832442
* [lintian] update-exim4.conf.8 - fix typo.
* [lintian] Drop unused override binaries-have-file-conflict.
* B-d on default-libmysqlclient-dev.
* New upstream version.
+ Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch
50_localscan_dlopen.dpatch
+ Drop superfluous patches.
71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
+ Fix crash in VRFY handling when handed an unqualified name
(lacking @domain). Apply the same qualification processing as RCPT.
Closes: #834699
+ Fix a possible security hole, wherein a process operating with the Exim
UID can gain a root shell. Credit to http://www.halfdog.net/ for
discovery and writeup. LP: #
1580454
* [lintian] exim4-config_files.5 - fix typo.
exim4 (4.87-3) unstable; urgency=medium
* Pull multiple patches from upstream GIT:
+ 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
Improved message on overlong lines in example config.
+ 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
Fix race condition related to connection reuse.
https://bugs.exim.org/show_bug.cgi?id=1810
+ 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
Avoid exposing passwords in log on failing ldap lookup
expansion. https://bugs.exim.org/show_bug.cgi?id=165
* Copy information message on rejecting overlong lines in data ACL from
upstream example configuration. Closes: #823418
* Add NEWS entry on line-length-limit introduced in 4.87~RC1-1.
Closes: 821830
exim4 (4.87-2) unstable; urgency=medium
* Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
(Thanks, L. Guruprasad!) Closes: #821416
* Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS
connections (hosts_require_tls option) in remote_smtp_smarthost
transport. Closes: #822174
* exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
is deprecated and will be removed in 4.88.
* README.Debian*: Fix minor issues found by lintian.
* Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
* Drop exim4-base Recommends on perl-modules. This had been unnecessary
since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl.
exim4 (4.87-1) unstable; urgency=medium
* Fix comment in
conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
Jörg-Volker Peetz!) Closes: #819780
* New upstream release.
exim4 (4.87~RC7-1) unstable; urgency=low
* Enable SOCKS support in both -light and -heavy. Closes: #818091
* Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
* New upstream version.
+ Drop 74_Store-the-initial-working-directory.diff,
75_String-expansions-fix-extract.patch,
76_only_warn_on_nonempty_environment.diff.
+ Update debian/example.conf.md5.
exim4 (4.87~RC6-3) unstable; urgency=medium
* Merge changelog entries for 4.86.2-1 and -2.
* Upload to unstable.
* Add link to CVE details to latest NEWS entry and bump its version and date
to match this upload. Closes: #818349, #817244
exim4 (4.87~RC6-2) experimental; urgency=medium
* 74_Store-the-initial-working-directory.diff,
76_only_warn_on_nonempty_environment.diff: Upstream followups on the
CVE fix (Thanks, Heiko Schlittermann!):
+ Runtime warning is only generated if (and only if) keep_environment
is unset and environment is nonempty.
+ Store the initial working directory and make it available in the new
expansion variable $initial_cwd.
* Merge all NEWS.Debian files into a single one, identical for all binary
packages. - Different NEWS files built from a single source package is not
and has not ever been supported by apt-listchanges which is the most
important frontend.
* Add a NEWS entry about the environment related runtime warning.
exim4 (4.87~RC6-1) experimental; urgency=medium
* New upstream version.
* Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
${extract } string expansion for the numeric/3-string case. (Bug was
introduced in 4.85.)
* Set keep_environment to empty value instead of setting a minimal PATH in
add_environment.
exim4 (4.87~RC5-2) experimental; urgency=medium
* Update debian/upstream/signing-key.asc, using the keys listed in
ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds
Heiko Schlittermann's key.
* Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790
exim4 (4.87~RC5-1) experimental; urgency=medium
* exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
to grep in it. Closes: #814998
* New upstream version, includes the patch for CVE-2016-1531. (Local root
exploit).
* Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
options. If neither is used we use add_environment to set a minimal
PATH=/bin:/usr/bin to avoid a runtime warning.
exim4 (4.87~RC3-2) experimental; urgency=medium
* README.Debian: Refer to Exim specification by chapter name instead of
chapter number. Closes: #813351
* Fix some spelling errors found by lintian.
* Minor debian/rules cleanup:
+ Restore originally intended behavior, upstream changelog is only
shipped in exim4-base, symlinks to it elsewhere.
+ Drop workaround for #347577, fixed in debhelper 5.0.15.
+ Use "dh binary-arch" and "dh binary-indep" and a bunch of override
targets instead of listing all dh-commands. While this is uglier and
slows things down a bit it shortens debian/rules by 40 lines and has the
huge benefit that we automatically use all suggested helpers in correct
order.
+ Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
+ Delete unused, commented code.
+ Drop (exported) variable MTACONFLICTS, used only once.
* Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
* Refresh debian/EDITME.*, -heavy was missing ldap and sql support.
exim4 (4.87~RC3-1) experimental; urgency=medium
* Move Vcs-* from git/http to https.
* [lintian] README.Debian: s/desireable/desirable/.
* [lintian] README.Debian: Fix grammar error "allow + infinitive".
* [lintian] exim4-config.postinst: Use which foo > /dev/null
instead of [ -x /path/to/foo ].
* Update list of patches in debian/README.Debian.xml
* Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
* New upstream version.
+ Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
merge this change and drop CHECK_MAIL_HELO_ISSUED macro.
exim4 (4.87~RC2-1) experimental; urgency=medium
* New upstream version.
exim4 (4.87~RC1-1) experimental; urgency=medium
* New upstream version.
+ Refresh patches.
+ Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
+ Sync with upstream default configuration: Check maximum (physical, i.e.
before unfolding) line length in default spec file data ACL and smtp
transport. Bug 1684 Closes: #797919
+ HS/02 Add the Exim version string to the process info. This way exiwhat
gives some more detail about the running daemon. Closes: #240883
* Override upstream's new default of tls_advertise_hosts = * if
MAIN_TLS_ENABLE is not set.
exim4 (4.86.2-2) unstable; urgency=high
* Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790
exim4 (4.86.2-1) unstable; urgency=high
* Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream
4.86+fixes branch.
* New upstream security release for CVE-2016-1531.
+ New options keep_environment/add_environment which are empty by default,
i.e. any subprocesses start in a clean (empty) environment.
+ -C requires an absolute path.
+ Exim changes it's working directory to / right after startup.
* Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
options. If neither is used we use add_environment to set a minimal
PATH=/bin:/usr/bin to avoid a runtime warning.
exim4 (4.86-7) unstable; urgency=medium
* Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023
* 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from
exim-4_86+fixes branch fixes another MIME ACL related crash.
https://bugs.exim.org/show_bug.cgi?id=1730
exim4 (4.86-6) unstable; urgency=medium
* Cleanup (actual patch is identical): Use
75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from
exim-4_86+fixes branch instad of
76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch.
* Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch,
DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
exim4 (4.86-5) unstable; urgency=high
* Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT
head to avoid misaligned access in cached lookup. Closes: #803255
exim4 (4.86-4) unstable; urgency=medium
* Fix documentation of lowuid_aliases router, exceptions are in
CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah)
Closes: #799672
* fcron has been removed from Debian in 2011, stop listing it as an
alternative dependency of exim4-base (Thanks, Alexandre Detiste).
Closes: #798236
* Update to upstream exim-4_86+fixes branch:
+ Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch,
76_Fix-post-transport-crash.patch,
77_Fix-post-transport-crash-safeguard-for-missing-spool.patch,
78_Close-logs-after-daemon-process-exceptional-write.patch.
+ Add 75_0001-Fix-post-transport-crash.patch
75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch
75_0003-Fix-ESMTP-MAIL-command-option-processing.patch
75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch
75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch
75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch
* Use dh v9.
exim4 (4.86-3) unstable; urgency=medium
* Pull three patches from upstream git:
+ 75_Fix-ESMTP-MAIL-command-option-processing.patch:
Corrects handling of mail-addresses with whitespace.
<http://article.gmane.org/gmane.mail.exim.user/97069>
+ 76_Fix-post-transport-crash.patch
77_Fix-post-transport-crash-safeguard-for-missing-spool.patch
<https://bugs.exim.org/show_bug.cgi?id=1671>
* Fix spelling error in copyright file. (Thanks, lintian)
* Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from
upstream git, exim was keeping logfiles open after after a "too many
connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for
chasing this.)
* When saving the berkeley DB version at build-time pass -P option to cpp,
to prevent linebreaks.
exim4 (4.86-2) unstable; urgency=high
* Update exim4-config Breaks, PRDR support is was moved from being
Experimental into the mainline with 4.83.
Closes: #794320
exim4 (4.86-1) unstable; urgency=medium
* New upstream version, identical to RC5 (except for the version string).
exim4 (4.86~RC5-1) unstable; urgency=medium
* New upstream version.
+ Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch.
exim4 (4.86~RC4-2) unstable; urgency=medium
* Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463
* Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock,
0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch,
0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris,
0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler),
transition from debian/upstream-signing-key.pgp to
debian/upstream/signing-key.asc.
* Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update
exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then
properly fix the issue. Closes: #790616
exim4 (4.86~RC4-1) unstable; urgency=medium
* unexport/undefine TZ in debian/rules for reproducible build. It would be
used as default value for TIMEZONE_DEFAULT.
* New upstream version.
+ Unfuzz 31_eximmanpage.dpatch.
exim4 (4.86~RC3-2) unstable; urgency=medium
* Upload to unstable.
exim4 (4.86~RC3-1) experimental; urgency=medium
* Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug
1166671.
* New upstream version.
exim4 (4.86~RC2-1) experimental; urgency=medium
* Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control
(Thanks, lintian).
* New upstream version:
+Drop included patches.
(-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch,
72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch,
72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch,
72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch)
* Sync Debian config with upstream default config:
+ Set prdr_enable.
+ Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to
log_selector option value.
exim4 (4.86~RC1-3) experimental; urgency=medium
* Get time and date of latest debian/changelog entry and patch exim(on) to
use these instead of __DATE__ and __TIME__.
* Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch
from GIT to fix FTBFS on kfreebsd.
exim4 (4.86~RC1-2) experimental; urgency=medium
* Pull three post-release fixes from upstream GIT. (null pointer
derefencing, and spam scanning defaulting to rspam mode)
+ 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch
+ 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch
+ 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch
exim4 (4.86~RC1-1) experimental; urgency=medium
* New upstream release.
+ Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch,
refresh patches.
+ Update EDITME*, enable AUTH_TLS for -heavy.
+ Sync Debian config with upstream default config, rfc1413 calls are now
disabled by default.
+ Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741
+ The spamd_address main option now supports an optional timeout value per
server (tmo=timespec), it defaults two 2 minutes. Closes: #297915
+ spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687
+ log reason for defer, on a hostlist dns-lookup temporary error.
Closes: #670035
exim4 (4.85-3) unstable; urgency=medium
* Upload to unstable.
exim4 (4.85-2) experimental; urgency=medium
* Merge from unstable 4.84-8.
+ Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and
(<< ${source:Version}.1), at least source version, but not the next
sourceful upload. Closes: #777246
+ Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from
upstream GIT which fixes breakage of string-expansion in headers_remove
commands. (Thanks Gordon Dickens, for the pointer.) -
83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added
here since it already part of 4.85.
exim4 (4.85-1) experimental; urgency=medium
* exim4-config_files.5: Escape dots in regex. (Thanks, ael)
* New upstream version.
exim4 (4.85~RC4-1) experimental; urgency=medium
* update-exim4.conf:
+ Drop unused variable UPEX4C_internal_tmp.
+ Use tempfile(1) if the generated file will not be written to
/var/lib/exim4/.
+ Add --check option.
* init-script: On restart use update-exim4.conf --check before stopping the
daemon. (This is a no-op with systemd since its sysv compat layer
translates "foo restart" into "foo stop" "foo start" instead of using the
init scripts restart target.)
* Handle _RC in watchfile with uversionmangle.
* New upstream version.
+ Stop repacking source, rfcs have been dropped.
exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium
* New upstream version.
exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium
* New upstream version.
* Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff
70_remove_exim-users_references.dpatch.
exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium
* Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop
neither expects a mbox-style From nor an empty line add the end. (Thanks,
Edward Betts) Closes: #769396
* Change the init script's restart order from { regenerate_config; stop;
start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz)
Closes: #768874
* New upstream version.
+ Unfuzz 66_enlarge-dh-parameters-size.dpatch
+ Drop 80_mime_empty_charset.diff.
* Remove rfc from upstream source and repack it.
Andreas Metzler [Mon, 2 Jan 2017 18:18:05 +0000 (19:18 +0100)]
Import Debian patch 4.84.2-2+deb8u3
Clinton Ebadi [Mon, 30 Jan 2017 22:14:09 +0000 (17:14 -0500)]
Import Upstream version 4.84.2
Clinton Ebadi [Thu, 14 May 2015 05:34:43 +0000 (01:34 -0400)]
skip failed chown check on file before writing
Clinton Ebadi [Thu, 14 May 2015 04:34:01 +0000 (00:34 -0400)]
Actually patch maildir problem
It would help if I patched the maildir in afs issue and not the
mailbox problem... reverting the mailbox case even if it might make
sense, review later.
Clinton Ebadi [Thu, 14 May 2015 03:47:38 +0000 (23:47 -0400)]
change perm change error message for sanity
Clinton Ebadi [Thu, 14 May 2015 03:26:29 +0000 (23:26 -0400)]
Relax chown requirements when check_owner is false
HCoop delivers into /afs, and the chown will always fail since the
effective unix user and openafs role ($user.daemon) are not the
same. This is harmless in afs space, and it seems reasonable enough to
not care about the chown failing in the general case when exim will
ignore the perms afterward / if the file already exists and it is
appending to it.
Andreas Metzler [Tue, 17 Feb 2015 17:00:42 +0000 (18:00 +0100)]
Imported Debian patch 4.84-8
Clinton Ebadi [Thu, 14 May 2015 03:12:14 +0000 (23:12 -0400)]
Imported Upstream version 4.84