Merge exim4 from Debian unstable for noble
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
exim4 (Ubuntu) |
Fix Released
|
Medium
|
Bryce Harrington |
Bug Description
Upstream: 4.97
Debian: 4.97-2
Ubuntu: 4.96-17ubuntu2.1
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle.
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.
### New Debian Changes ###
exim4 (4.97~RC3-1) unstable; urgency=medium
* New upstream version, drop patches pulled from master.
-- Andreas Metzler <email address hidden> Sun, 22 Oct 2023 07:31:26 +0200
exim4 (4.97~RC2-2) unstable; urgency=high
* 76_changesfrom_
CVE-2023-42119 from upstream GIT master. Closes: #1053310
-- Andreas Metzler <email address hidden> Mon, 16 Oct 2023 18:26:40 +0200
exim4 (4.97~RC2-1) unstable; urgency=low
* Generate /etc/default/exim4 in exim4-config.
/etc/
* Also remove the unused file and generate the correct one if missing.
* New upstream version.
+ Drop 75-01-Auths*.diff.
* Add two post-release fixes:
+ 75-01-Fix-
+ 75-02-SPF-
-- Andreas Metzler <email address hidden> Wed, 11 Oct 2023 18:56:28 +0200
exim4 (4.97~RC1-2) unstable; urgency=high
* Address SPA authenticator vulnerabilities (CVE-2023-42114, CVE-2023-42115,
CVE-2023-42116)
- Auths: fix possible OOB write in external authenticator (CVE-2023-42115)
- Auths: use uschar more in spa authenticator
- Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116)
- Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114)
-- Andreas Metzler <email address hidden> Sun, 01 Oct 2023 18:04:33 +0200
exim4 (4.97~RC1-1) unstable; urgency=medium
[ Helmut Grohne ]
* Fix FTBFS when dh_installsystemd installs units to /usr.
Closes: #1053110
[ Andreas Metzler ]
* New upstream version.
+ Drop 75_01-Fix-
-- Andreas Metzler <email address hidden> Sat, 30 Sep 2023 11:29:26 +0200
exim4 (4.97~RC0-3) unstable; urgency=medium
* Drop misleading phrase regarding incoming TLS support in README.Debian.
Closes: #1051945
* Improve on description of group setting for pipe deliveries in
README.Debian.
* 75_01-Fix-
fixing crashes in string expansion.
https:/
-- Andreas Metzler <email address hidden> Tue, 19 Sep 2023 18:04:22 +0200
exim4 (4.97~RC0-2) unstable; urgency=low
* Fix URL of specific upstream exim bugreport in README.Debian.
* Upload to unstable.
* Add NEWS entry for format change of internal ID used for message
identification. (See upstream changelog JH/29!)
* Generate manpage for exim_msgdate(8) with pod2man and ship it.
* Add manpage for exim_id_update.
-- Andreas Metzler <email address hidden> Sun, 10 Sep 2023 14:04:49 +0200
exim4 (4.97~RC0-1) experimental; urgency=low
* New upstream version.
+ Drop cherry-picked patches.
+ Unfuzz 90_localscan_
+ Add b-d and -basde dep on libfile-
+ Update example conf md5 hash (no changes to merge).
* Let -base depend on ${perl:Depends}.
-- Andreas Metzler <email address hidden> Sat, 09 Sep 2023 13:53:15 +0200
exim4 (4.96-22) unstable; urgency=low
* Fix architecture all build.
-- Andreas Metzler <email address hidden> Sat, 02 Sep 2023 15:41:28 +0200
exim4 (4.96-21) unstable; urgency=low
* tests/basic: Add isolation-container restriction (needs a running
exim daemon).
* Add ${run } expansion test to tests/basic.
* Replace 75_78-Fix-
75_
$value expansion after ${run ..}.
* Upload to unstable.
-- Andreas Metzler <email address hidden> Sat, 02 Sep 2023 13:49:33 +0200
### Old Ubuntu Delta ###
exim4 (4.96-17ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: information disclosure
- debian/
SPA authenticator
- CVE-2023-42114
* SECURITY UPDATE: remote code execution
- debian/
external authenticator
- CVE-2023-42115
* SECURITY UPDATE: remote code execution
- debian/
SPA authenticator
- CVE-2023-42116
* debian/
- use uschar more in spa authenticator
-- Allen Huang <email address hidden> Tue, 03 Oct 2023 14:35:45 +0100
exim4 (4.96-17ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2030098). Remaining changes:
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
(LP #1952738)
+ d/control: drop Build-Depends on libspf2-dev.
+ d/EDITME.
+ d/d/c/a/
on spfquery.
the previously supported helo detection.
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_
in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
* Dropped:
- d/p/fix-
expansion. Previously, when an argument included a close-brace
character (e.g. it itself used an expansion) an error occurred.
(LP #1998678)
[Accepted by Debian in 4.96-16]
-- Bryce Harrington <email address hidden> Fri, 04 Aug 2023 20:28:47 -0700
Related branches
- Andreas Hasenack: Approve
- git-ubuntu bot: Approve
- Canonical Server Reporter: Pending requested
- Canonical Server packageset reviewers: Pending requested
-
Diff: 1756 lines (+1200/-20) (has conflicts)6 files modifieddebian/EDITME.exim4-heavy.diff (+0/-12)
debian/changelog (+1114/-0)
debian/control (+3/-2)
debian/debconf/conf.d/acl/30_exim4-config_check_rcpt (+27/-6)
debian/patches/fix_smtp_banner.patch (+55/-0)
debian/patches/series (+1/-0)
CVE References
Changed in exim4 (Ubuntu): | |
milestone: | none → ubuntu-24.01 |
Changed in exim4 (Ubuntu): | |
assignee: | nobody → Bryce Harrington (bryce) |
description: | updated |
description: | updated |
Changed in exim4 (Ubuntu): | |
milestone: | ubuntu-24.01 → ubuntu-23.12 |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in exim4 (Ubuntu): | |
status: | Triaged → In Progress |
Changed in exim4 (Ubuntu): | |
milestone: | ubuntu-23.12 → ubuntu-24.01 |
~~4.0.0-8 is now in the debian archives. Merging that.~~ EDIT: this comment made it's way in the wrong bug report. Ignore it.