Change log for exim4 package in Debian
| 1 → 75 of 341 results | First • Previous • Next • Last |
exim4 (4.97-8) unstable; urgency=medium
* Pull fixes from upstream GIT master:
+ 78_35-Fix-encoding-for-AUTH-on-MAIL-FROM.patch
+ 78_37-Logging-fix-receive-time-crash-with-recipients-loggi.patch
+ 78_39-SRS-fix-encode-for-local-part-with-zero-length-quote.patch (exim
bug #3087)
-- Andreas Metzler <email address hidden> Sun, 07 Apr 2024 07:50:45 +0200
exim4 (4.97-7) unstable; urgency=medium
* Pull fixes from upstream GIT master:
+ 78_30-Rewrites-fix-delivery-crash-from-constant-errors_to..patch (exim
bug #3066)
+ 78_31-Lookups-fix-dbmnz-crash-on-zero-length-datum.-Bug-30.patch (exim
bug #3081)
* Update lintian overrides.
-- Andreas Metzler <email address hidden> Mon, 01 Apr 2024 10:45:05 +0200
exim4 (4.97-6) unstable; urgency=high
* Add b-d on libnsl-dev to fix (temporary) FTBFS. Closes: #1065107
* Pull fixes from upstream GIT master:
78_10-Use-non-releaseable-memory-for-regex-match-strings.-.patch
78_11-use-dynamic-mem-for-regex_match_string.patch
78_12-Use-non-releasable-memory-for-regex-line-buffer.patch
78_15-regex-avoid-releasing-built-RE-midloop.patch
78_21-Lookups-avoid-leaking-user-passwd-from-server-spec-t.patch
78_23-Fix-crash-on-empty-oMt-argument.-Bug-3070.patch
* 78_06, 78_07, 78_10, 78_11, 78_12 and 78_15 together Closes: #1053447
-- Andreas Metzler <email address hidden> Fri, 01 Mar 2024 18:09:49 +0100
| Published in bullseye-release |
exim4 (4.94.2-7+deb11u2) bullseye-security; urgency=high
* 79_CVE-2023-51766_4.97.1-release.diff from 4,97.1 release: Refuse to
accept a line "dot, LF" as end-of-DATA unless operating in LF-only mode
(as detected from the first header line) to fix smtp-smuggling
(CVE-2023-51766). Closes: #1059387
-- Andreas Metzler <email address hidden> Mon, 01 Jan 2024 18:00:11 +0100
| Published in bookworm-release |
exim4 (4.96-15+deb12u4) bookworm-security; urgency=high
* 77_CVE-2023-51766_4.97.1-release.diff from 4,97.1 release: Refuse to
accept a line "dot, LF" as end-of-DATA unless operating in LF-only mode
(as detected from the first header line) to fix smtp-smuggling
(CVE-2023-51766). Closes: #1059387
-- Andreas Metzler <email address hidden> Mon, 01 Jan 2024 17:58:00 +0100
exim4 (4.97-5) unstable; urgency=low
* Multiple fixes from upstream GIT master:
+ 73_Check-for-missing-commandline-arg-after-options-taki.patch (upstream
bug #3049)
+ 76_01-Support-old-format-message_id-spoolfiles-for-mailq-b.patch
(upstream bug #3050)
+ 76_05-Fix-periodic-queue-runs.-Bug-3046.patch (upstream bug #3046)
+ 78_01-Fix-recipient-or-source-selection-in-combination-wit.patch
(upstream bug #3064)
+ 78_02-Eximon-handle-new-format-message-IDs.patch (upstream bug #)
+ 78_03-Lookups-log-warning-for-deprecated-syntax.-Bug-3068.patch
(upstream bug #3068)
+ 78_04-Exinext-handle-new-format-message-IDs.patch
+ 78_05-TLS-fix-startup-after-forced-fail.patch (upstream bug #)
+ 78_06-Appendfile-release-regex-match-store-every-thousand-.patch
(upstream bug #3047)
+ 78_07-ACL-in-regex-condition-release-store-every-thousand-.patch
(upstream bug #3047)
+ 78_08-Fix-smtp-transport-response-to-close-after-all-rcpt-.patch
(upstream bug #3059)
-- Andreas Metzler <email address hidden> Sun, 28 Jan 2024 14:08:10 +0100
exim4 (4.97-4) unstable; urgency=medium
* autopkgtest: Stop using previously deprecated swaks feature to autodetect
whether the argument for --data was a file. This was dropped in swaks
20240102.0.
-- Andreas Metzler <email address hidden> Sat, 06 Jan 2024 07:48:19 +0100
exim4 (4.97-3) unstable; urgency=medium
* Fixes from upstream GIT master:
77_01-Reject-dot-LF-as-ending-data-phase.-Bug-3063.patch
77_02-Use-enum-for-body-data-input-state-machine.patch
77_03-Reject-dot-LF-as-ending-data-phase-pt.-2-.-Bug-3063.patch
+ Enforce a data synch check before emitting the 354 "go ahead".
Previously this was only done if a pre-data ACL was configured.
+ Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
LF-only mode (as detected from the first header line). Previously we
did accept that in (normal) CRLF mode; this has been raised as a
possible attack scenario (under the name "smtp smuggling").
Closes: #1059387 CVE-2023-51766
-- Andreas Metzler <email address hidden> Mon, 25 Dec 2023 07:50:16 +0100
| Superseded in bookworm-release |
exim4 (4.96-15+deb12u3) bookworm; urgency=medium
* Multiple bugfixes from upstream GIT master:
+ 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch
+ 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch
(Upstream bug 2998)
+ 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch
+ 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch
(Upstream bug 3013)
+ 75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch: Fix on-demand
TLS cert expiry date. Closes: #1043233
(Upstream bug 3014)
+ 75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch
+ 76-10-Fix-tr.-and-empty-strings.-Bug-3023.patch ((Upstream bug 3023)
+ 76-12-DNS-more-hardening-against-crafted-responses.patch
+ 76-14-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch Fix
regression in dnsdb in CVE-2023-42119 fix. (Upstream bug 3054)
* tests/basic: Add isolation-container restriction (needs a running
exim daemon).
* Add ${run } expansion test to tests/basic.
* Update code to 4.96.2, fixing issues with the proxy protocol
(CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42119). It
also includes additional hardening for spf lookups, however CVE-2023-42118
was diagnosed as a vulnerability in the libspf2 library and needs to be
addressed there. Closes: #1053310
-- Andreas Metzler <email address hidden> Wed, 18 Nov 2023 11:07:57 +0100
exim4 (4.97-2) unstable; urgency=medium
* Add 75-04-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch from
upstream git master to fix dnsdb lookup regression. (Upstream bug 3054)
* Due to being rebuilt with a newer debhelper exim4-base.service
and exim4-base.timer move to /usr/lib/systemd/.
-- Andreas Metzler <email address hidden> Sat, 18 Nov 2023 13:02:52 +0100
exim4 (4.97-1) unstable; urgency=medium
* Drop reference to QUEUEINTERVAL from conf.d/retry/30_exim4-config.
(Thanks, Vincent Lefevre!) Closes: #1054492
* New upstream version.
+ Update debian/copyright.
-- Andreas Metzler <email address hidden> Sat, 04 Nov 2023 18:28:43 +0100
| Superseded in sid-release |
exim4 (4.97~RC3-1) unstable; urgency=medium * New upstream version, drop patches pulled from master. -- Andreas Metzler <email address hidden> Sun, 22 Oct 2023 07:31:26 +0200
| Superseded in sid-release |
exim4 (4.97~RC2-2) unstable; urgency=high
* 76_changesfrom_4.96.2.diff: Pull fixes for CVE-2023-42117 and
CVE-2023-41227 from upstream GIT master. Closes: #1053310
-- Andreas Metzler <email address hidden> Mon, 16 Oct 2023 18:26:40 +0200
| Superseded in sid-release |
exim4 (4.97~RC2-1) unstable; urgency=low
* Generate /etc/default/exim4 in exim4-config.postinst instead of
/etc/default/exim. Closes: #1053788
* Also remove the unused file and generate the correct one if missing.
* New upstream version.
+ Drop 75-01-Auths*.diff.
* Add two post-release fixes:
+ 75-01-Fix-crash-in-SPF-DNS-usage.patch
+ 75-02-SPF-harden-against-crafted-DNS-responses.patch
-- Andreas Metzler <email address hidden> Wed, 11 Oct 2023 18:56:28 +0200
| Superseded in sid-release |
exim4 (4.97~RC1-2) unstable; urgency=high
* Address SPA authenticator vulnerabilities (CVE-2023-42114, CVE-2023-42115,
CVE-2023-42116)
- Auths: fix possible OOB write in external authenticator (CVE-2023-42115)
- Auths: use uschar more in spa authenticator
- Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116)
- Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114)
-- Andreas Metzler <email address hidden> Sun, 01 Oct 2023 18:04:33 +0200
| Superseded in sid-release |
exim4 (4.97~RC1-1) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTBFS when dh_installsystemd installs units to /usr.
Closes: #1053110
[ Andreas Metzler ]
* New upstream version.
+ Drop 75_01-Fix-tr.-and-empty-strings.-Bug-3023.patch.
-- Andreas Metzler <email address hidden> Sat, 30 Sep 2023 11:29:26 +0200
| Superseded in sid-release |
exim4 (4.97~RC0-3) unstable; urgency=medium
* Drop misleading phrase regarding incoming TLS support in README.Debian.
Closes: #1051945
* Improve on description of group setting for pipe deliveries in
README.Debian.
* 75_01-Fix-tr.-and-empty-strings.-Bug-3023.patch from upstream GIT master
fixing crashes in string expansion.
https://bugs.exim.org/show_bug.cgi?id=3023
-- Andreas Metzler <email address hidden> Tue, 19 Sep 2023 18:04:22 +0200
| Superseded in sid-release |
exim4 (4.97~RC0-2) unstable; urgency=low
* Fix URL of specific upstream exim bugreport in README.Debian.
* Upload to unstable.
* Add NEWS entry for format change of internal ID used for message
identification. (See upstream changelog JH/29!)
* Generate manpage for exim_msgdate(8) with pod2man and ship it.
* Add manpage for exim_id_update.
-- Andreas Metzler <email address hidden> Sun, 10 Sep 2023 14:04:49 +0200
| Deleted in experimental-release (Reason: None provided.) |
exim4 (4.97~RC0-1) experimental; urgency=low
* New upstream version.
+ Drop cherry-picked patches.
+ Unfuzz 90_localscan_dlopen.dpatch.
+ Add b-d and -basde dep on libfile-fcntllock-perl.
+ Update example conf md5 hash (no changes to merge).
* Let -base depend on ${perl:Depends}.
-- Andreas Metzler <email address hidden> Sat, 09 Sep 2023 13:53:15 +0200
exim4 (4.96-22) unstable; urgency=low * Fix architecture all build. -- Andreas Metzler <email address hidden> Sat, 02 Sep 2023 15:41:28 +0200
exim4 (4.96-21) unstable; urgency=low
* tests/basic: Add isolation-container restriction (needs a running
exim daemon).
* Add ${run } expansion test to tests/basic.
* Replace 75_78-Fix-free-of-value-after-run.patch with
75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch fixing
$value expansion after ${run ..}.
* Upload to unstable.
-- Andreas Metzler <email address hidden> Sat, 02 Sep 2023 13:49:33 +0200
| Deleted in experimental-release (Reason: None provided.) |
exim4 (4.96-20) experimental; urgency=low
* Drop support for configuring daemon startup by setting QUEUERUNNER in
/etc/default/exim4. Also queue run from /etc/ppp/ip-up.d/exim4 is
disabled by default.
Also replace QFLAGS, QUEUEINTERVAL, COMMONOPTIONS, QUEUERUNNEROPTIONS and
SMTPLISTENEROPTIONS settings for systemd service/init script in
etc/default/exim4 with a combined EXIMSERVICE (for systemd) or
EXIMDAEMONOPTS (init script) directive.
* Drop update-inetd related code from maintainerscripts, update docs.
* Drop update-exim4defaults and its manpage It has no users in Debian
and with the removal of the queuerunner option functionality does not
provide a real benefit over editing /etc/default/exim4.
* Ship systemd exim4.service unit in exim4-daemon-* packages. (Mainly
inspired by the file from OpenSuse, but using Type=exec and -bdf as in
from exim upstream git). Since contrary to the init script
/lib/systemd/system/exim4.service is not a conffile we can simply ship it
in *both* daemon packages (they have the necessarry conflicts/replaces
relation) and let dh_installsystemd handle maintainerscripts.
* Ship exim4.service in its real location below /usr (by moving after
dh_installsystemd has run.
* Add lintian-overrides for omitted-systemd-service-for-init.d-script and
package-supports-alternative-init-but-no-init.d-script which are triggered
by service file and init script being in different packages.
-- Andreas Metzler <email address hidden> Wed, 16 Aug 2023 17:44:59 +0200
exim4 (4.96-19) unstable; urgency=medium
* 77_fix_autogencert_expiry.diff: Fix on-demand TLS cert expiry date.
Closes: #1043233
-- Andreas Metzler <email address hidden> Sat, 12 Aug 2023 14:57:51 +0200
exim4 (4.96-18) unstable; urgency=medium
* Fixes from upstream GIT master:
+ 75_78-Fix-free-of-value-after-run.patch
+ 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch
-- Andreas Metzler <email address hidden> Sat, 05 Aug 2023 13:29:22 +0200
exim4 (4.96-17) unstable; urgency=low
* Fixes from upstream GIT master:
+ 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch
+ 75_75-Fix-json-extract-for-strings-carrying-commas.-Bug-30.patch
+ 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch
+ 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch
(Upstream bugs 3006, 2998)
-- Andreas Metzler <email address hidden> Sat, 29 Jul 2023 18:32:55 +0200
| Superseded in bookworm-release |
exim4 (4.96-15+deb12u1) bookworm; urgency=medium
* 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion.
Previously, when an argument included a close-brace character (eg. it
itself used an expansion) an error occurred. Closes: #1025420
* 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
master: Fix ${srs_encode ..}. Previously it would give a bad result for
one day every 1024 days.
-- Andreas Metzler <email address hidden> Sun, 02 Jul 2023 14:56:17 +0200
exim4 (4.96-16) unstable; urgency=medium
[ Marc Haber ]
* Enforce TLS for dovecot_plain_server example. (Thanks: Dominic Preston)
Closes: #1037127
[ Andreas Metzler ]
* 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by
Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion.
Previously, when an argument included a close-brace character (eg. it
itself used an expansion) an error occurred. Closes: #1025420
* 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT
master: Fix ${srs_encode ..}. Previously it would give a bad result for
one day every 1024 days.
-- Andreas Metzler <email address hidden> Sun, 11 Jun 2023 18:20:21 +0200
exim4 (4.96-15) unstable; urgency=medium
* Pull from upstream GIT master:
+ 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch
Fix a crash in the smtp transport.
https://bugs.exim.org/show_bug.cgi?id=2996
-- Andreas Metzler <email address hidden> Wed, 10 May 2023 18:30:35 +0200
exim4 (4.96-14) unstable; urgency=medium
* Pull from upstream GIT master:
+ 75_66-Fix-crash-in-expansions.patch
* [lintian]: b-d on libidn-dev instead of libidn11-dev.
* [lintian]: Drop dependency on transitional package lsb-base. (Depended on
package sysvinit-utils is Esssential: yes)
-- Andreas Metzler <email address hidden> Sat, 04 Feb 2023 13:33:50 +0100
exim4 (4.96-13) unstable; urgency=low
* Pull fixes from upstream GIT master:
75_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch
75_60-OpenSSL-fix-tls_eccurve-setting-explicit-curve-group.patch
75_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch
75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch
75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch
-- Andreas Metzler <email address hidden> Sat, 07 Jan 2023 14:38:13 +0100
exim4 (4.96-12) unstable; urgency=high
* 75_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch from
upstream GIT master: Fix unbounded recursion in DNS lookups.
-- Andreas Metzler <email address hidden> Fri, 30 Dec 2022 07:37:00 +0100
exim4 (4.96-11) unstable; urgency=high
* 75_50-Fix-logging-of-max-size-log-line.patch: Fix crash on acl logwrite
modifier.
-- Andreas Metzler <email address hidden> Tue, 20 Dec 2022 18:06:06 +0100
exim4 (4.96-10) unstable; urgency=medium
* Pull two OpenSSL related fixes (does not apply to Debian binaries) from
upstream git master.
* Fix pointer truncation issue in DLOPEN_LOCAL_SCAN patch. Thanks to Florian
Weimer for patch and bug report. Closes: #1026045
-- Andreas Metzler <email address hidden> Mon, 19 Dec 2022 18:23:13 +0100
exim4 (4.96-9) unstable; urgency=medium
* Cherrypick three fixes from upstream GIT master:
+ 75_31-Fix-regext-substring-capture-variables-for-null-matc.patch
+ 75_32-Fix-regex-substring-capture-variables-for-null-match.patch
+ 75_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch
-- Andreas Metzler <email address hidden> Sun, 13 Nov 2022 18:43:32 +0100
exim4 (4.96-8) unstable; urgency=medium
* Cherrypick two fixes from upstream GIT master:
+ 75_22-Fix-daemon-startup.-Bug-2930.patch
+ 75_23-Fix-reccipients-after-run.-.-Bug-2929.patch
-- Andreas Metzler <email address hidden> Sat, 05 Nov 2022 07:42:03 +0100
exim4 (4.96-7) unstable; urgency=high
* Replace 85_dmarc-api-breakage-workaround.diff with version from upstream
GIT master 75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch.
* 75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch: Fix
use-after-free in dmarc.c. VDB-211919 / CVE-2022-3620.
This does not affect Debian *binary* packages since they are not built
with DMARC support. Closes: #1022556
-- Andreas Metzler <email address hidden> Tue, 25 Oct 2022 18:38:38 +0200
exim4 (4.96-6) unstable; urgency=low
* Use a limit of 1G instead oof 2G in message_linelength_limit. (Thanks,
Frederic Peters) Closes: #1021503
-- Andreas Metzler <email address hidden> Mon, 10 Oct 2022 07:02:03 +0200
exim4 (4.96-5) unstable; urgency=low
* Add pointers to /etc/mailname documentation to exim4-config_files.5.
Closes: #1019946
* Change remote_smtp transports to set message_linelength_limit = 2G if
IGNORE_SMTP_LINE_LENGTH_LIMIT was set to avoid accepting messages (due to
IGNORE_SMTP_LINE_LENGTH_LIMIT disabling the limit in the ACLs) without
being able to pass them on. Closes: #1019959
* Pull 75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch from
upstream GIT.
-- Andreas Metzler <email address hidden> Sun, 09 Oct 2022 14:26:52 +0200
exim4 (4.96-4) unstable; urgency=low
* Cherrypick two fixes from upstream GIT master:
+ 75_05-SPF-fix-memory-accounting-for-error-case.patch
+ 75_08-Fix-regex-n-use-after-free.-Bug-2915.patch
75_09-Fix-non-WITH_CONTENT_SCAN-build.patch
75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch
75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch
* 85_dmarc-api-breakage-workaround.diff: Fix build-error against
opendmarc-1.4 which broke API and ABI without soname bump.
Closes: #1014945
-- Andreas Metzler <email address hidden> Sun, 11 Sep 2022 13:38:26 +0200
exim4 (4.96-3) unstable; urgency=medium
* Fix error messages of test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z
on processing update-exim4.conf.8 and exim4-config_files.5. Also make
mandoc -lint update-exim4.conf.8 happy. (Thanks, Bjarni Ingi Gislason for
patch and report.)
Closes: #1014347, #1014349, #1014356
* 75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:
Bug 2903: avoid exit on an attempt to rewrite a malformed address.
* Add dovecot server-side AUTH example. Closes: #1014235
-- Andreas Metzler <email address hidden> Wed, 13 Jul 2022 13:22:40 +0200
exim4 (4.96-1) unstable; urgency=low * New upstream version, almost identical to RC2. * Upload to unstable. * Extend debian/NEWS. * Update lintian-overrides for new lintian version. -- Andreas Metzler <email address hidden> Sun, 26 Jun 2022 14:11:00 +0200
| Deleted in experimental-release (Reason: None provided.) |
exim4 (4.96~RC2-1) experimental; urgency=low * New upstream version. + Drop 75_*.patch. -- Andreas Metzler <email address hidden> Thu, 16 Jun 2022 10:32:16 +0200
| Superseded in experimental-release |
exim4 (4.96~RC1-2) experimental; urgency=low
* Update from upstream GIT master:
+ 75_70-Debug-clarify-SMTP-DATA-ops-in-transport.patch
+ 75_71-Docs-more-info-on-PIPECONNECT.patch
+ 75_72-TLS-resumption-disable-on-continued-connection.patch
+ 75_73-Logging-distinguish-mem-allocation-errors.patch
+ 75_74-typo.patch
+ 75_75-TLS-resumption-fix-for-PIPECONNECT.patch
+ 75_76-DEBUG-clarify-multiline-smtp-responses.patch
+ 75_77-CHUNKING-fix-second-message-on-conn-when-first-rejec.patch
+ 75_78-CHUNKING-handle-protocol-errors-during-reception.patch
-- Andreas Metzler <email address hidden> Sat, 28 May 2022 11:41:06 +0200
| Superseded in experimental-release |
exim4 (4.96~RC1-1) experimental; urgency=low
* Merge 4.95-6:
75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch:
Fix segfault on deferred delivery on first MX. Closes: #1004740
(Huge thanks to Gedalya for finding/setting up a reproducer and taking
this upstream.)
* New upstream version.
* Pull 75_69-ARC-reset-headers-before-signing-for-secondary-MX.-B.patch to
fix a crash when built against libarc.
-- Andreas Metzler <email address hidden> Sat, 21 May 2022 13:09:06 +0200
exim4 (4.95-6) unstable; urgency=high
* Drop code for upgrading from ancient (4.80-7 and earlier) versions in
maintainer-scripts. Closes: #1000962
* 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch:
Fix segfault on deferred delivery on first MX. Closes: #1004740
-- Andreas Metzler <email address hidden> Fri, 20 May 2022 19:37:43 +0200
| Superseded in experimental-release |
exim4 (4.96~RC0-1) experimental; urgency=low
* Drop code for upgrading from ancient (4.80-7 and earlier) versions in
maintainer-scripts. Closes: #1000962
* New upstream version.
+ Drop cherrypicked patches.
+ Unfuzz patches (including EDITME*).
+ Uses pcre2 (Closes: #1000107), update b-d to libpcre2-dev.
+ The allow_insecure_tainted_data main config option and the
"taint" log_selector were removed, add entry to NEWS.
-- Andreas Metzler <email address hidden> Sun, 24 Apr 2022 18:38:06 +0200
exim4 (4.95-5) unstable; urgency=medium
* More upstream fixes:
+ 75_60-Utilities-fix-exiqgrep-perl-syntax-add-testcases.-Bu.patch
Closes: #1006661
+ 75_64-Logging-fix-crash-on-local_part-utf8-conversion-fail.patch
* Update exiqgrep manpage.
-- Andreas Metzler <email address hidden> Sun, 10 Apr 2022 13:57:43 +0200
exim4 (4.95-4) unstable; urgency=low
* Fix typo in exiqgrep.8.
* Document all options of exiqgrep in manpage. (Patch by Janne Hess).
Closes: #1004428
* Cherry-pick some patches from upstream GIT master:
+ 75_32-Fix-PAM-auth.-Bug-2813.patch
https://bugs.exim.org/show_bug.cgi?id=2813
+ 75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch
https://bugs.exim.org/show_bug.cgi?id=2821
+ 75_45-Fix-bogus-error-message-copy.-Bug-2857.patch
https://bugs.exim.org/show_bug.cgi?id=2857
+ 75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch
Closes: #988301
+ 75_55-Specific-check-for-null-pointer.patch
* Add lintian override for fp bash-term-in-posix-shell *HOSTNAME.
-- Andreas Metzler <email address hidden> Sat, 19 Feb 2022 14:49:28 +0100
exim4 (4.95-3) unstable; urgency=low
* Build with support for SASL external authenticator. Closes: #982325
* Add lintian overrides for bash-term-in-posix-shell exim4-base
usr/sbin/exim_checkaccess and exim4-config:
maintainer-script-needs-depends-on-update-inetd.
* Run wrap-and-sort -ast.
* Pull 75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch from upstream
GIT master to fix FTBFS on sparc. (Thanks, John Paul Adrian Glaubitz)
Closes: #995679
-- Andreas Metzler <email address hidden> Thu, 16 Dec 2021 19:26:32 +0100
exim4 (4.95-2) unstable; urgency=medium
* 75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch from
upstream GIT master, fixes inefficient command line mail submission.
Closes: #996282
-- Andreas Metzler <email address hidden> Sat, 16 Oct 2021 13:14:58 +0200
exim4 (4.95-1) unstable; urgency=medium
[ Andreas Metzler ]
* Use »command -v« instead of »which«. Closes: #993653
* New upstream version.
* Catch up with changed lintian output, update overrides.
* Add macro for setting DKIM_IDENTITY. (Thanks, "RL"). Closes: #993880
* Add macro for setting the protocol option on the remote_smtp_smarthost
transport. (Thanks, Bill Allombert). Closes: #994597 Also update
README.Debian.
[ Edward Betts ]
* Remove debian/TODO. It was just a link to alioth that no longer works.
-- Andreas Metzler <email address hidden> Sun, 03 Oct 2021 13:39:56 +0200
| Superseded in sid-release |
exim4 (4.95~RC2-1) unstable; urgency=low
* Let exim4-base recommend bsd-mailx|mailx instead of only the virtual
package. (Thanks, Daniel Lewart) Closes: #992475
* New upstream version.
+ Update debian/example.conf.md5, no changes needed.
* Upload to unstable.
-- Andreas Metzler <email address hidden> Sat, 28 Aug 2021 13:18:59 +0200
| Deleted in experimental-release (Reason: None provided.) |
exim4 (4.95~RC1-1) experimental; urgency=low
* New upstream version.
+ Drop 75_04-Remove-the-must-helo-check-from-the-example-config.patch
77_01-Revert-GnuTLS-when-library-too-old-for-system-CA-bun.patch.
+ Unfuzz 90_localscan_dlopen.dpatch.
-- Andreas Metzler <email address hidden> Wed, 28 Jul 2021 12:59:22 +0200
| Superseded in experimental-release |
exim4 (4.95~RC0-1) experimental; urgency=low
* New upstream version.
+ Point watchfile to test subdirectory.
+ Drop superfluous patches.
+ Unfuzz 90_localscan_dlopen.dpatch
+ Unfuzz debian/EDITME.*
+ Fixup debian/minimaltest for new upstream.
+ New upstream default configuration does not abuse message_size_limit
option to reject overlong lines, there is a new main configuration
option - message_linelength_limit - which is set to 998 by default.
Mirror this change, now the IGNORE_SMTP_LINE_LENGTH_LIMIT only affects
the data ACL.
+ JH/48 Use a less bogus-looking filename for a temporary used for
DH-parameters for GnuTLS. Previously the name started "%s" which,
while not a bug, looked as if it might be one.
Closes: #985997
* Enable native SRS support. Closes: #702358
* Enable external SPF support in -heavy. Closes: #528344
* Cherrypick 75_04-Remove-the-must-helo-check-from-the-example-config.patch
from upstream git master. Drops checking for EHLO/HELO-received in ACL
since the new main config option hosts_require_helo defaults to '*'.
Adapt Debian configuration to mirror this.
* Drop versioned Breaks added in 4.94.2-6, they are superfluous due to
bumped upstream version.
* 77_01-Revert-GnuTLS-when-library-too-old-for-system-CA-bun.patch. Fix
regression (tls_verify_certificates defaulting to unset instead of
"system" for GnuTLS) by reverting respive upstream commit.
-- Andreas Metzler <email address hidden> Mon, 19 Jul 2021 13:10:00 +0200
exim4 (4.94.2-7) unstable; urgency=medium
* 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes
branch: Fix re-expansion of custom message with control=fakereject.
-- Andreas Metzler <email address hidden> Tue, 13 Jul 2021 18:04:57 +0200
| Published in buster-release |
exim4 (4.92-8+deb10u6) buster-security; urgency=high
* Fix several security vulnerabilities reported by Qualys and add related
robustness improvements. (Originally fixed in upstream release 4.94.3 and
in upstream GIT branch exim-4.92.3+fixes. (Special thanks to Heiko)
+ CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
+ CVE-2020-28018: Use-after-free in tls-openssl.c
+ CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
+ CVE-2020-28010: Heap out-of-bounds write in main()
+ CVE-2020-28011: Heap buffer overflow in queue_run()
+ CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
+ CVE-2020-28017: Integer overflow in receive_add_recipient()
+ CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
+ CVE-2020-28026: Line truncation and injection in spool_read_header()
+ CVE-2020-28015 and CVE-2020-28021: New-line injection into spool header
file.
+ CVE-2020-28009: Integer overflow in get_stdinput()
+ CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
+ CVE-2020-28012: Missing close-on-exec flag for privileged pipe
+ CVE-2020-28019: Failure to reset function pointer after BDAT error
+ CVE-2020-28007: Link attack in Exim's log directory
+ CVE-2020-28008: Assorted attacks in Exim's spool directory
+ CVE-2020-28014, CVE-2021-27216: Arbitrary PID file creation, clobbering,
and deletion.
-- Andreas Metzler <email address hidden> Sat, 01 May 2021 11:42:39 +0200
exim4 (4.94.2-6) unstable; urgency=medium
* Cherrypick
78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from
upstream GIT master. This allows one to disable creation of a
daemon notifier socket by either setting notifier_socket to a empty value
or specifying -oY commandline option.
* Init script: For QUEUERUNNER='separate' start daemons with -oY commandline
option to disable daemon notifier socket. Enforce lockstep ugrade of -base
and *daemon* by temporarily adding a versioned Breaks to exim4-base on
older *daemon*. Closes: #988844
-- Andreas Metzler <email address hidden> Wed, 26 May 2021 18:49:44 +0200
exim4 (4.94.2-5) unstable; urgency=high
* 73_04-Fix-host_name_lookup-Close-2747.patch from exim-4.94.2+fixes.
Fix regression in 4.94.2.
-- Andreas Metzler <email address hidden> Mon, 17 May 2021 17:45:00 +0200
exim4 (4.94.2-4) unstable; urgency=high
* 75_27_Fix-logging-with-empty-element-in-log_file_path-Bug-.patch /
75_28_Fix-logging-with-build-time-config-and-empty-element.patch replacing
75_27_open_logs_2744.patch from upstream exim-4.94.2+taintwarn branch:
Fix null-pointer dereference when logging to syslog (Closes: #988086) and
also fix loging to syslog at all (Closes: #988304)
-- Andreas Metzler <email address hidden> Sat, 15 May 2021 18:16:08 +0200
exim4 (4.94.2-3) unstable; urgency=medium
* Updates from exim-4.94.2+fixes:
+ 73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch
Fix false positive taint error when using named queues.
-- Andreas Metzler <email address hidden> Thu, 13 May 2021 18:53:53 +0200
exim4 (4.94.2-2) unstable; urgency=medium
* Updates from exim-4.94.2+fixes:
+ 73_01-Fix-DANE-SNI-handling-Bug-2265.patch (from +fixes).
Fix broken SNI/DANE handling.
+ 73_02-Fix-ipv6norm.patch: Fix ${ip6norm:} operator. Previously, any
trailing line text was dropped, making it unusable in complex
expressions.
+ 75_27_open_logs_2744.patch Partial fix for nullpointer dereference with
logging to syslog. See 988086.
-- Andreas Metzler <email address hidden> Sun, 09 May 2021 18:03:15 +0200
exim4 (4.94.2-1) unstable; urgency=high
* New upstream security release.
+ Release based on +fixes branch, drop 74_*diff.
+ Unfuzz 75_04-acl.patch.
+ Merge in upstream configuration change rejecting all RCPT commands after
too many (more than five out of the initial ten) bad recipients. Can be
disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT.
+ Fixes multiple security vulnerabilities reported by Qualys and adds
related robustness improvements. (Special thanks to Heiko)
CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
CVE-2020-28007: Link attack in Exim's log directory
CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
CVE-2020-28012: Missing close-on-exec flag for privileged pipe
CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
CVE-2020-28009: Integer overflow in get_stdinput()
CVE-2020-28015, CVE-28021: New-line injection into spool header file
CVE-2020-28026: Line truncation and injection in spool_read_header()
CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
CVE-2020-28017: Integer overflow in receive_add_recipient()
CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
CVE-2020-28011: Heap buffer overflow in queue_run()
CVE-2020-28010: Heap out-of-bounds write in main()
CVE-2020-28018: Use-after-free in tls-openssl.c
CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
CVE-2020-28014, CVE-2021-27216: PID file handling
CVE-2020-28008: Assorted attacks in Exim's spool directory
CVE-2020-28019: Failure to reset function pointer after BDAT error
* Update debian/upstream/signing-key.asc from
<https://downloads.exim.org/Exim-Maintainers-Keyring.asc>.
-- Andreas Metzler <email address hidden> Sun, 02 May 2021 07:22:06 +0200
exim4 (4.94-19) unstable; urgency=medium
* Further updates from heiko/exim-4.94+fixes+taintwarn:
+ 75_24-Silence-the-compiler.patch
+ 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
* Upload to unstable.
-- Andreas Metzler <email address hidden> Mon, 26 Apr 2021 18:35:43 +0200
| Deleted in experimental-release (Reason: None provided.) |
exim4 (4.94-18) experimental; urgency=medium
* Pull patches to temporarily add an option to turn taint errors into
warnings. (See #987133)
+ 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
+ 75_02-search.patch
+ 75_03-dbstuff.patch
+ 75_04-acl.patch
+ 75_05-parse.patch
+ 75_06-rda.patch
+ 75_07-appendfile.patch
+ 75_08-autoreply.patch
+ 75_09-pipe.patch
+ 75_10-deliver.patch
+ 75_11-directory.patch
+ 75_12-expand.patch
+ 75_13-lf_sqlperform.patch
+ 75_14-rf_get_transport.patch
+ 75_15-deliver.patch
+ 75_16-smtp_out.patch
+ 75_17-smtp.patch
+ 75_18-update-doc.patch
+ 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch
+ 75_21-tidy-log.c.patch
+ 75_22-Silence-compiler.patch
+ 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch
* Update NEWS.Debian to describe the feature.
-- Andreas Metzler <email address hidden> Sun, 25 Apr 2021 07:42:26 +0200
| Superseded in buster-release |
exim4 (4.92-8+deb10u5) buster; urgency=medium
* Fix use of concurrent TLS connections under GnuTLS:
80_01-GnuTLS-fix-hanging-callout-connections.patch
80_02-GnuTLS-tls_write-wait-after-uncorking-the-session.patch
80_03-GnuTLS-Do-not-care-about-corked-data-when-uncorking.patch
(Thanks, Heiko Schlittermann for the backport)
* Pull 82_TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch from
upstream git (already included in 4.94), on TLS connections to a CNAME
verify the certificate against the original CNAME instead of against
the A record. Closes: #985243
* In README.Debian explicitly document the limitation/extent of server
certificate checking (authenticity not enforced) in the default
configuration (Thanks, Jö Fahlke). This Closes: #985244 (improved
documentation and Closes: #985344 (Yes, without required cert
checking MitM attacks are possible, but for a stable update documenting
this is the best compromise.)
-- Andreas Metzler <email address hidden> Thu, 18 Mar 2021 09:10:15 +0100
exim4 (4.94-17) unstable; urgency=medium
* Let exim4-config Recommend ca-certificates, needed for certificate
verification.
-- Andreas Metzler <email address hidden> Thu, 18 Mar 2021 13:54:47 +0100
exim4 (4.94-16) unstable; urgency=medium
* README.Debian: Fix typo "tls_verify_certificate" instead of
"tls_verify_certificates".
* General doc improvements in this area. (Thanks, Jö Fahlke) Closes: #985244
* Intensify upgrade warning in NEWS file.
* Enforce certificate verification against the system trust store in the
remote SMTP transport by default by setting
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *. Closes: #985344
* Update from exim-4.94+fixes:
+ 74_56-Fix-FreeBSD-13-build.patch
+ 74_57-Fix-weight-calculation-for-spamd_address.-Bug-2694.patch
+ 74_58-Fix-weight-calculation-for-socks_proxy.-Bug-2694.patch
+ 74_59-Fix-build-for-platforms-not-having-ulong.patch
+ 74_60-Fix-list-expansion-for-various-domainlists-having-in.patch
+ 74_61-Bulid-fix-DISABLE_PIPE_CONNECT-build.-Bug-2703.patch
+ 74_62-Docs-fix-description-of-hosts_try_dane.-Bug-2704.patch
-- Andreas Metzler <email address hidden> Wed, 17 Mar 2021 13:50:44 +0100
exim4 (4.94-15) unstable; urgency=medium * Update from exim-4.94+fixes: + 74_54-Fix-daemon-SIGHUP-on-FreeBSD.patch + 74_55-Fix-handling-of-server-which-follows-a-RCPT-452-with.patch -- Andreas Metzler <email address hidden> Sun, 07 Feb 2021 08:13:29 +0100
exim4 (4.94-14) unstable; urgency=high
* As was done for -heavy in 963251 also automatically version localscanapi
provides for -light and -custom. (Thanks, Adam Borowski) Closes: #981399
-- Andreas Metzler <email address hidden> Sat, 30 Jan 2021 18:12:49 +0100
exim4 (4.94-12) unstable; urgency=medium
* Update from exim-4.94+fixes:
+ 74_48-Fix-build-warning-on-32-bit-int-platfowms.-Bug-2678.patch
+ 74_49-Fix-build-on-GNU-Hurd-supports-openat-.-Bug-2608.patch
+ 74_50-Utilities-harden-exim_tidydb-against-corrupt-wait-re.patch
+ 74_51-Auths-in-plaintext-authenticator-fix-parsing-of-cons.patch
-- Andreas Metzler <email address hidden> Sat, 16 Jan 2021 16:02:51 +0100
exim4 (4.94-11) unstable; urgency=medium
* Update from exim-4.94+fixes:
+ 74_46-Fix-local-delivery-delay-when-combined-with-remote-c.patch
+ 74_47-Fix-listextract-from-a-tainted-list.patch
-- Andreas Metzler <email address hidden> Fri, 25 Dec 2020 13:35:10 +0100
exim4 (4.94-10) unstable; urgency=low
* Update from exim-4.94+fixes:
+ 74_43-Fix-matching-of-long-addresses.-Bug-2677.patch
+ 74_44-Remove-the-X_-prefix-from-the-PIPE_CONNECT-SMTP-serv.patch
+ 74_45-Fix-the-PIPE_CONNECT-feature-control-in-the-template.patch
* Add lintian overrides for debian-changelog-file-is-a-symlink.
* [lintian] Bump watchfile version to v4.
* Use debhelper v13 compat.
* Stop setting SOURCE_DATE_EPOCH in debian/rules. While the build
dependencies do not (transitively) guarantee that dpkg-dev >= 1.18.8 is
installed even oldstable, i.e. Debian 9 stretch features a new enough
dpkg (1.18.25).
-- Andreas Metzler <email address hidden> Sat, 19 Dec 2020 12:03:56 +0100
exim4 (4.94-9) unstable; urgency=low
* Update from exim-4.94+fixes:
+ 74_38-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-l.patch
+ 74_39-Fix-non-TLS-build.patch
+ 74_40-eximon-fix-FreeBSD-build.patch
+ 74_41-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646.patch
+ 74_42-Pass-authenticator-pubname-through-spool.-Bug-2648.patch
-- Andreas Metzler <email address hidden> Wed, 04 Nov 2020 17:50:43 +0100
exim4 (4.94-8) unstable; urgency=low
* Reorder ACL using a "require" verb, move message-statement to the
beginning. (Thanks, Slavko!) Closes: #968089
* Update from exim-4.94+fixes:
+ 74_27-Fix-spelling-of-local_part_data-in-docs-and-debug-ou.patch
+ 74_28-Fix-readsocket-eol-replacement.-Bug-2630.patch
+ 74_29-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634.patch
+ 74_30-Build-ifdef-guard-for-EXPERIMENTAL_QUEUEFILE.patch
+ 74_31-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634.patch
+ 74_32-DANE-force-SNI-to-use-domain.-Bug-2265.patch
+ 74_33-DANE-Fix-2-rcpt-message-diff-domins-case.-Bug-2265.patch
+ 74_34-Fix-non-DANE-build.patch
+ 74_35-DANE-Fix-2-messages-from-queue-case.patch
+ 74_36-Fix-non-DANE-build.patch
-- Andreas Metzler <email address hidden> Thu, 17 Sep 2020 06:54:00 +0200
| Superseded in buster-release |
exim4 (4.92-8+deb10u4) buster-security; urgency=high
* Fix authentication bypass in SPA authenticator due to out-of-bound buffer
read. https://bugs.exim.org/show_bug.cgi?id=2571 CVE-2020-12783
-- Andreas Metzler <email address hidden> Wed, 13 May 2020 18:01:31 +0200
| 1 → 75 of 341 results | First • Previous • Next • Last |
