Change log for exim4 package in Debian

175 of 290 results
Published in sid-release
exim4 (4.95~RC2-1) unstable; urgency=low

  * Let exim4-base recommend bsd-mailx|mailx instead of only the virtual
    package. (Thanks, Daniel Lewart) Closes: #992475
  * New upstream version.
    + Update debian/example.conf.md5, no changes needed.
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 28 Aug 2021 13:18:59 +0200
Deleted in experimental-release (Reason: None provided.)
exim4 (4.95~RC1-1) experimental; urgency=low

  * New upstream version.
    + Drop 75_04-Remove-the-must-helo-check-from-the-example-config.patch
      77_01-Revert-GnuTLS-when-library-too-old-for-system-CA-bun.patch.
    + Unfuzz 90_localscan_dlopen.dpatch.

 -- Andreas Metzler <email address hidden>  Wed, 28 Jul 2021 12:59:22 +0200
Superseded in experimental-release
exim4 (4.95~RC0-1) experimental; urgency=low

  * New upstream version.
    + Point watchfile to test subdirectory.
    + Drop superfluous patches.
    + Unfuzz 90_localscan_dlopen.dpatch
    + Unfuzz debian/EDITME.*
    + Fixup debian/minimaltest for new upstream.
    + New upstream default configuration does not abuse message_size_limit
      option to reject overlong lines, there is a new main configuration
      option - message_linelength_limit - which is set to 998 by default.
      Mirror this change, now the IGNORE_SMTP_LINE_LENGTH_LIMIT only affects
      the data ACL.
    + JH/48 Use a less bogus-looking filename for a temporary used for
      DH-parameters for GnuTLS.  Previously the name started "%s" which,
      while not a bug, looked as if it might be one.
      Closes: #985997
   * Enable native SRS support. Closes: #702358
   * Enable external SPF support in -heavy. Closes: #528344
   * Cherrypick 75_04-Remove-the-must-helo-check-from-the-example-config.patch
     from upstream git master. Drops checking for EHLO/HELO-received in ACL
     since the new main config option hosts_require_helo defaults to '*'.
     Adapt Debian configuration to mirror this.
   * Drop versioned Breaks added in 4.94.2-6, they are superfluous due to
     bumped upstream version.
   * 77_01-Revert-GnuTLS-when-library-too-old-for-system-CA-bun.patch. Fix
     regression (tls_verify_certificates defaulting to unset instead of
     "system" for GnuTLS) by reverting respive upstream commit.

 -- Andreas Metzler <email address hidden>  Mon, 19 Jul 2021 13:10:00 +0200
Published in bullseye-release
Superseded in sid-release
exim4 (4.94.2-7) unstable; urgency=medium

  * 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes
    branch: Fix re-expansion of custom message with control=fakereject.

 -- Andreas Metzler <email address hidden>  Tue, 13 Jul 2021 18:04:57 +0200
Published in buster-release
exim4 (4.92-8+deb10u6) buster-security; urgency=high

  * Fix several security vulnerabilities reported by Qualys and add related
    robustness improvements. (Originally fixed in upstream release 4.94.3 and
    in upstream GIT branch exim-4.92.3+fixes. (Special thanks to Heiko)
    + CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
    + CVE-2020-28018: Use-after-free in tls-openssl.c
    + CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
    + CVE-2020-28010: Heap out-of-bounds write in main()
    + CVE-2020-28011: Heap buffer overflow in queue_run()
    + CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
    + CVE-2020-28017: Integer overflow in receive_add_recipient()
    + CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
    + CVE-2020-28026: Line truncation and injection in spool_read_header()
    + CVE-2020-28015 and CVE-2020-28021: New-line injection into spool header
      file.
    + CVE-2020-28009: Integer overflow in get_stdinput()
    + CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
    + CVE-2020-28012: Missing close-on-exec flag for privileged pipe
    + CVE-2020-28019: Failure to reset function pointer after BDAT error
    + CVE-2020-28007: Link attack in Exim's log directory
    + CVE-2020-28008: Assorted attacks in Exim's spool directory
    + CVE-2020-28014, CVE-2021-27216: Arbitrary PID file creation, clobbering,
      and deletion.

 -- Andreas Metzler <email address hidden>  Sat, 01 May 2021 11:42:39 +0200
Superseded in bullseye-release
Superseded in sid-release
exim4 (4.94.2-6) unstable; urgency=medium

  * Cherrypick
    78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from
    upstream GIT master. This allows one to disable creation of a
    daemon notifier socket by either setting notifier_socket to a empty value
    or specifying -oY commandline option.
  * Init script: For QUEUERUNNER='separate' start daemons with -oY commandline
    option to disable daemon notifier socket. Enforce lockstep ugrade of -base
    and *daemon* by temporarily adding a versioned Breaks to exim4-base on
    older *daemon*. Closes: #988844

 -- Andreas Metzler <email address hidden>  Wed, 26 May 2021 18:49:44 +0200
Superseded in sid-release
exim4 (4.94.2-5) unstable; urgency=high

  * 73_04-Fix-host_name_lookup-Close-2747.patch from exim-4.94.2+fixes.
    Fix regression in 4.94.2.

 -- Andreas Metzler <email address hidden>  Mon, 17 May 2021 17:45:00 +0200
Superseded in sid-release
exim4 (4.94.2-4) unstable; urgency=high

  * 75_27_Fix-logging-with-empty-element-in-log_file_path-Bug-.patch /
    75_28_Fix-logging-with-build-time-config-and-empty-element.patch replacing
    75_27_open_logs_2744.patch from upstream exim-4.94.2+taintwarn branch:
    Fix null-pointer dereference when logging to syslog (Closes: #988086) and
    also fix loging to syslog at all (Closes: #988304)

 -- Andreas Metzler <email address hidden>  Sat, 15 May 2021 18:16:08 +0200
Superseded in sid-release
exim4 (4.94.2-3) unstable; urgency=medium

  * Updates from exim-4.94.2+fixes:
    + 73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch
      Fix false positive taint error when using named queues.

 -- Andreas Metzler <email address hidden>  Thu, 13 May 2021 18:53:53 +0200
Superseded in sid-release
exim4 (4.94.2-2) unstable; urgency=medium

  * Updates from exim-4.94.2+fixes:
    + 73_01-Fix-DANE-SNI-handling-Bug-2265.patch (from +fixes).
      Fix broken SNI/DANE handling.
    + 73_02-Fix-ipv6norm.patch: Fix ${ip6norm:} operator.  Previously, any
      trailing line text was dropped, making it unusable in complex
      expressions.
    + 75_27_open_logs_2744.patch Partial fix for nullpointer dereference with
      logging to syslog. See 988086.

 -- Andreas Metzler <email address hidden>  Sun, 09 May 2021 18:03:15 +0200
Superseded in sid-release
exim4 (4.94.2-1) unstable; urgency=high

  * New upstream security release.
    + Release based on +fixes branch, drop 74_*diff.
    + Unfuzz 75_04-acl.patch.
    + Merge in upstream configuration change rejecting all RCPT commands after
      too many (more than five out of the initial ten) bad recipients. Can be
      disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT.
    + Fixes multiple security vulnerabilities reported by Qualys and adds
      related robustness improvements. (Special thanks to Heiko)
      CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
      CVE-2020-28007: Link attack in Exim's log directory
      CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
      CVE-2020-28012: Missing close-on-exec flag for privileged pipe
      CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
      CVE-2020-28009: Integer overflow in get_stdinput()
      CVE-2020-28015, CVE-28021: New-line injection into spool header file
      CVE-2020-28026: Line truncation and injection in spool_read_header()
      CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
      CVE-2020-28017: Integer overflow in receive_add_recipient()
      CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
      CVE-2020-28011: Heap buffer overflow in queue_run()
      CVE-2020-28010: Heap out-of-bounds write in main()
      CVE-2020-28018: Use-after-free in tls-openssl.c
      CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
      CVE-2020-28014, CVE-2021-27216: PID file handling
      CVE-2020-28008: Assorted attacks in Exim's spool directory
      CVE-2020-28019: Failure to reset function pointer after BDAT error
  * Update debian/upstream/signing-key.asc from
    <https://downloads.exim.org/Exim-Maintainers-Keyring.asc>.

 -- Andreas Metzler <email address hidden>  Sun, 02 May 2021 07:22:06 +0200
Superseded in sid-release
exim4 (4.94-19) unstable; urgency=medium

  * Further updates from heiko/exim-4.94+fixes+taintwarn:
    + 75_24-Silence-the-compiler.patch
    + 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Mon, 26 Apr 2021 18:35:43 +0200
Deleted in experimental-release (Reason: None provided.)
exim4 (4.94-18) experimental; urgency=medium

  * Pull patches to temporarily add an option to turn taint errors into
    warnings. (See #987133)
    + 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch
    + 75_02-search.patch
    + 75_03-dbstuff.patch
    + 75_04-acl.patch
    + 75_05-parse.patch
    + 75_06-rda.patch
    + 75_07-appendfile.patch
    + 75_08-autoreply.patch
    + 75_09-pipe.patch
    + 75_10-deliver.patch
    + 75_11-directory.patch
    + 75_12-expand.patch
    + 75_13-lf_sqlperform.patch
    + 75_14-rf_get_transport.patch
    + 75_15-deliver.patch
    + 75_16-smtp_out.patch
    + 75_17-smtp.patch
    + 75_18-update-doc.patch
    + 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch
    + 75_21-tidy-log.c.patch
    + 75_22-Silence-compiler.patch
    + 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch
  * Update NEWS.Debian to describe the feature.

 -- Andreas Metzler <email address hidden>  Sun, 25 Apr 2021 07:42:26 +0200
Superseded in buster-release
exim4 (4.92-8+deb10u5) buster; urgency=medium

  * Fix use of concurrent TLS connections under GnuTLS:
    80_01-GnuTLS-fix-hanging-callout-connections.patch
    80_02-GnuTLS-tls_write-wait-after-uncorking-the-session.patch
    80_03-GnuTLS-Do-not-care-about-corked-data-when-uncorking.patch
    (Thanks, Heiko Schlittermann for the backport)
  * Pull 82_TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch from
    upstream git (already included in 4.94), on TLS connections to a CNAME
    verify the certificate against the original CNAME instead of against
    the A record. Closes: #985243
  * In README.Debian explicitly document the limitation/extent of server
    certificate checking (authenticity not enforced) in the default
    configuration (Thanks, Jö Fahlke). This Closes: #985244 (improved
    documentation and Closes: #985344 (Yes, without required cert
    checking MitM attacks are possible, but for a stable update documenting
    this is the best compromise.)

 -- Andreas Metzler <email address hidden>  Thu, 18 Mar 2021 09:10:15 +0100
Superseded in sid-release
exim4 (4.94-17) unstable; urgency=medium

  * Let exim4-config Recommend ca-certificates, needed for certificate
    verification.

 -- Andreas Metzler <email address hidden>  Thu, 18 Mar 2021 13:54:47 +0100
Superseded in sid-release
exim4 (4.94-16) unstable; urgency=medium

  * README.Debian: Fix typo "tls_verify_certificate" instead of
    "tls_verify_certificates".
  * General doc improvements in this area. (Thanks, Jö Fahlke) Closes: #985244
  * Intensify upgrade warning in NEWS file.
  * Enforce certificate verification against the system trust store in the
    remote SMTP transport by default by setting
    REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *. Closes: #985344
  * Update from exim-4.94+fixes:
    + 74_56-Fix-FreeBSD-13-build.patch
    + 74_57-Fix-weight-calculation-for-spamd_address.-Bug-2694.patch
    + 74_58-Fix-weight-calculation-for-socks_proxy.-Bug-2694.patch
    + 74_59-Fix-build-for-platforms-not-having-ulong.patch
    + 74_60-Fix-list-expansion-for-various-domainlists-having-in.patch
    + 74_61-Bulid-fix-DISABLE_PIPE_CONNECT-build.-Bug-2703.patch
    + 74_62-Docs-fix-description-of-hosts_try_dane.-Bug-2704.patch

 -- Andreas Metzler <email address hidden>  Wed, 17 Mar 2021 13:50:44 +0100
Superseded in sid-release
exim4 (4.94-15) unstable; urgency=medium

  * Update from exim-4.94+fixes:
   + 74_54-Fix-daemon-SIGHUP-on-FreeBSD.patch
   + 74_55-Fix-handling-of-server-which-follows-a-RCPT-452-with.patch

 -- Andreas Metzler <email address hidden>  Sun, 07 Feb 2021 08:13:29 +0100
Superseded in sid-release
exim4 (4.94-14) unstable; urgency=high

  * As was done for -heavy in 963251 also automatically version localscanapi
    provides for -light and -custom. (Thanks, Adam Borowski) Closes: #981399

 -- Andreas Metzler <email address hidden>  Sat, 30 Jan 2021 18:12:49 +0100
Superseded in sid-release
exim4 (4.94-12) unstable; urgency=medium

  * Update from exim-4.94+fixes:
    + 74_48-Fix-build-warning-on-32-bit-int-platfowms.-Bug-2678.patch
    + 74_49-Fix-build-on-GNU-Hurd-supports-openat-.-Bug-2608.patch
    + 74_50-Utilities-harden-exim_tidydb-against-corrupt-wait-re.patch
    + 74_51-Auths-in-plaintext-authenticator-fix-parsing-of-cons.patch

 -- Andreas Metzler <email address hidden>  Sat, 16 Jan 2021 16:02:51 +0100
Superseded in sid-release
exim4 (4.94-11) unstable; urgency=medium

  * Update from exim-4.94+fixes:
    + 74_46-Fix-local-delivery-delay-when-combined-with-remote-c.patch
    + 74_47-Fix-listextract-from-a-tainted-list.patch

 -- Andreas Metzler <email address hidden>  Fri, 25 Dec 2020 13:35:10 +0100
Superseded in sid-release
exim4 (4.94-10) unstable; urgency=low

  * Update from exim-4.94+fixes:
    + 74_43-Fix-matching-of-long-addresses.-Bug-2677.patch
    + 74_44-Remove-the-X_-prefix-from-the-PIPE_CONNECT-SMTP-serv.patch
    + 74_45-Fix-the-PIPE_CONNECT-feature-control-in-the-template.patch
  * Add lintian overrides for debian-changelog-file-is-a-symlink.
  * [lintian] Bump watchfile version to v4.
  * Use debhelper v13 compat.
  * Stop setting SOURCE_DATE_EPOCH in debian/rules. While the build
    dependencies do not (transitively) guarantee that dpkg-dev >= 1.18.8 is
    installed even oldstable, i.e. Debian 9 stretch features a new enough
    dpkg (1.18.25).

 -- Andreas Metzler <email address hidden>  Sat, 19 Dec 2020 12:03:56 +0100
Superseded in sid-release
exim4 (4.94-9) unstable; urgency=low

  * Update from exim-4.94+fixes:
    + 74_38-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-l.patch
    + 74_39-Fix-non-TLS-build.patch
    + 74_40-eximon-fix-FreeBSD-build.patch
    + 74_41-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646.patch
    + 74_42-Pass-authenticator-pubname-through-spool.-Bug-2648.patch

 -- Andreas Metzler <email address hidden>  Wed, 04 Nov 2020 17:50:43 +0100
Superseded in sid-release
exim4 (4.94-8) unstable; urgency=low

  * Reorder ACL using a "require" verb, move message-statement to the
    beginning. (Thanks, Slavko!) Closes: #968089
  * Update from exim-4.94+fixes:
    + 74_27-Fix-spelling-of-local_part_data-in-docs-and-debug-ou.patch
    + 74_28-Fix-readsocket-eol-replacement.-Bug-2630.patch
    + 74_29-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634.patch
    + 74_30-Build-ifdef-guard-for-EXPERIMENTAL_QUEUEFILE.patch
    + 74_31-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634.patch
    + 74_32-DANE-force-SNI-to-use-domain.-Bug-2265.patch
    + 74_33-DANE-Fix-2-rcpt-message-diff-domins-case.-Bug-2265.patch
    + 74_34-Fix-non-DANE-build.patch
    + 74_35-DANE-Fix-2-messages-from-queue-case.patch
    + 74_36-Fix-non-DANE-build.patch

 -- Andreas Metzler <email address hidden>  Thu, 17 Sep 2020 06:54:00 +0200
Superseded in buster-release
exim4 (4.92-8+deb10u4) buster-security; urgency=high

  * Fix authentication bypass in SPA authenticator due to out-of-bound buffer
    read. https://bugs.exim.org/show_bug.cgi?id=2571 CVE-2020-12783

 -- Andreas Metzler <email address hidden>  Wed, 13 May 2020 18:01:31 +0200
Superseded in sid-release
exim4 (4.94-7) unstable; urgency=low

  * Update from exim-4.94+fixes:
   + 74_24-Taint-fix-ACL-spam-condition-to-permit-tainted-name-.patch
   + 74_25-Fix-debug_print_socket.patch
   + 74_26-debug_print_socket-output-formatting.patch
  * [lintian] Mark some patches with "Forwarded: not-needed".

 -- Andreas Metzler <email address hidden>  Fri, 24 Jul 2020 13:31:47 +0200
Published in stretch-release
exim4 (4.89-2+deb9u7) stretch-security; urgency=high

  * Fix authentication bypass in SPA authenticator due to out-of-bound buffer
    read. https://bugs.exim.org/show_bug.cgi?id=2571 CVE-2020-12783

 -- Andreas Metzler <email address hidden>  Wed, 13 May 2020 18:18:26 +0200
Superseded in sid-release
exim4 (4.94-6) unstable; urgency=medium

  * Fix typo (missing "S") in REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS macro.
    (Thanks, Slavko!)  Closes: #964394
  * Update from exim-4.94+fixes:
    + 74_21-typoes.patch (replaces 75_typo_in_74_20.diff)
    + 74_22-Fix-DKIM-signing-to-always-terminate.-Bug-2295.patch
    + 74_23-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617.patch
  * Add lintian overrides for usr/lib/sendmail symlink and for not forwarding
    Debian-specific manpages (maintainer-manual-page).
  * [lintian] Use UTF-8 encoding in es.po.

 -- Andreas Metzler <email address hidden>  Sat, 11 Jul 2020 14:27:31 +0200
Superseded in sid-release
exim4 (4.94-5) unstable; urgency=medium

  [ Justin Aplin ]
  * Fix build with GNU Make (<4.3), broken in -3.

  [ Andreas Metzler ]
  * Update from exim-4.94+fixes:
    + 74_15-Cutthrough-handle-request-when-a-callout-hold-is-act.patch
    + 74_16-Lookups-Fix-subdir-filter-on-a-dsearch.patch
    + 74_17-Docs-list-further-ways-domain_data-c-may-be-filled-i.patch
    + 74_18-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bu.patch
    + 74_19-Taint-fix-ACL-spam-condition-to-permit-tainted-name-.patch
    + 74_20-Fix-message-reception-clock-usage.-Bug-2615.patch Closes: #962847
  * 75_typo_in_74_20.diff: Fix a typo in
    74_20-Fix-message-reception-clock-usage.-Bug-2615.patch.

 -- Andreas Metzler <email address hidden>  Fri, 03 Jul 2020 08:20:07 +0200
Superseded in sid-release
exim4 (4.94-4) unstable; urgency=medium

  * Automatically version localscanapi provides. Closes: #963251
  * Update from exim-4.94+fixes:
    + 74_14-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug.patch

 -- Andreas Metzler <email address hidden>  Sun, 21 Jun 2020 18:10:04 +0200
Superseded in sid-release
exim4 (4.94-3) unstable; urgency=medium

  * Update from exim-4.94+fixes:
    + 74_09-Filters-fix-vacation-in-Exim-filter.-Bug-2593.patch
    + 74_10-TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch
    + 74_11-Taint-fix-radius-expansion-condition.patch
    + 74_12-smtp_accept_map_per_host-call-search_tidyup-in-fail-.patch
    + 74_13-Taint-fix-verify.-Bug-2598.patch

 -- Andreas Metzler <email address hidden>  Fri, 19 Jun 2020 10:31:26 +0200
Superseded in sid-release
exim4 (4.94-2) unstable; urgency=low

  * Tighten package interdependencies.  With 4.94's daemon avoiding of
    tainting requires usage of $local_part_data instead of $local_part_data
    in mail_spool transport, but this variable is only filled by the
    check_local_user router option in 4.94.
  * Update from exim-4.94+fixes:
    + 74_01-Docs-listitem.patch
    + 74_02-Taint-fix-pam-expansion-condition.-Bug-2587.patch
    + 74_03-Taint-fix-listcount-expansion-operator.-Bug-2586.patch
    + 74_04-Docs-fix-mistaken-variable-name.patch
    + 74_05-Docs-fix-layout.patch
    + 74_06-Docs-typoes.patch
    + 74_07-Taint-fix-multiple-ACL-actions-to-properly-manage-ta.patch
    + 74_08-Fix-bi.-Bug-2590.patch

 -- Andreas Metzler <email address hidden>  Sun, 07 Jun 2020 09:55:58 +0200
Superseded in sid-release
exim4 (4.94-1) unstable; urgency=low

  * New upstream version.
  * Use mktemp(1) instead of tempfile(1), avoid deprecation warning.
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Mon, 01 Jun 2020 18:45:54 +0200
Deleted in experimental-release (Reason: None provided.)
exim4 (4.94~RC2-1) experimental; urgency=low

  * New upstream version.

 -- Andreas Metzler <email address hidden>  Sat, 23 May 2020 18:07:01 +0200
Superseded in experimental-release
exim4 (4.94~RC1-1) experimental; urgency=low

  * Fix broken cross-reference in exim_lock.8 (Closes: #960356) and sync from
    spec.txt.
  * New upstream version.
    + Drop 75*patch.
    + In ACLs always specify "message" or "log_message" after conditions.
    + Use $local_part_data instead of $local_part in require_files statements.
    + Update example.conf.md5.

 -- Andreas Metzler <email address hidden>  Sat, 16 May 2020 11:13:48 +0200
Superseded in experimental-release
exim4 (4.94~RC0-2) experimental; urgency=low

  * Update from upstream GIT master.
    + 75_06-Debug-socket-details.patch
    + 75_08-Fix-build-on-platforms-not-supporting-sockopt-SO_PRO.patch
    + 75_09-Build-fix-parallelism-problem.-Bug-2566.patch
    + 75_11-Make-bounce-warn-_message_file-expanded.-Bug-2522.patch
    + 75_12-Taint-When-a-non-wildcarded-localpart-affix-is-match.patch
    + 75_14-Consolidate-local_part_verified-into-local_part_data.patch
    + 75_17-Ensure-lookup-result-variables-are-dropped-between-m.patch
    + 75_18-tidying.patch
    + 75_19-Fix-SPA-authenticator-checking-client-supplied-data-.patch
    + 75_20-wip-see-failed-summary.log.list_match_value.-Pretty-.patch
    + 75_21-value-return.patch
    + 75_22-docs-more-debug.patch
    + 75_23-testcases-for-value-return.patch
    + 75_24-Numeric-variable-returns.patch
    + 75_25-Rework-SPA-fix-to-avoid-overflows.-Bug-2571.patch
    + 75_28-I18N-change-default-on-smtp-transport-to-downconvert.patch
    + 75_29-Lookups-ret-key-option.patch
    + 75_32-Performance-workaround-Linux-kernel-bug.patch
    + 75_33-Fix-build-with-Radius-auth-expansion-condition-suppo.patch
  * $local_part_verified gone again, use $local_part_data. - Update NEWS and
    configuration.

 -- Andreas Metzler <email address hidden>  Sun, 10 May 2020 10:27:04 +0200
Superseded in sid-release
exim4 (4.93-16) unstable; urgency=medium

  * Update from exim-4.93+fixes:
    + 74_40-DKIM-fix-dkim_key_length-in-verify.patch
    + 74_41-Build-fix-parallelism-problem.-Bug-2566.patch
    + 74_42-tidying.patch
    + 74_43-Ensure-lookup-result-variables-are-dropped-between-m.patch
    + 74_44-Fix-SPA-authenticator-checking-client-supplied-data-.patch
    + 74_45-Rework-SPA-fix-to-avoid-overflows.-Bug-2571.patch
    + 74_46-Fix-build-with-Radius-auth-expansion-condition-suppo.patch

 -- Andreas Metzler <email address hidden>  Sat, 09 May 2020 19:10:34 +0200
Superseded in experimental-release
exim4 (4.94~RC0-1) experimental; urgency=low

  * Point watchfile to test subdirectory.
  * New upstream version.
    + Drop 74_*.diff (fixes branch) and
      75_01-Build-Enable-GNU-Hurd-Bug-2476.patch (from GIT master).
    + Unfuzz 90_localscan_dlopen.dpatch.
    + Update debian/minimaltest, stop using tainted $local_part variable as
      local filename for delivery.
    + Sync from upstream default configuration: Use
      "file = /var/mail/$local_part_verified" in mail_spool transport
      instead of [...]/$local_part.
  * Add NEWS entry for tainting change.
  * Patches from upstream GIT master:
    + 75_02-Fix-local_part_verified-for-remote-delivery-routing-.patch

 -- Andreas Metzler <email address hidden>  Fri, 01 May 2020 18:57:32 +0200
Superseded in sid-release
exim4 (4.93-15) unstable; urgency=low

  * Update from exim-4.93+fixes:
    + 74_37-Taint-fix-parsing-of-ACL-ratelimit-condition.patch
    + 74_38-Fix-spool-space-check-to-account-for-SIZE.-Bug-2552.patch
  * Add macro REMOTE_SMTP_INTERFACE for setting the interface option on the
    remote_smtp transport. Closes: #761925

 -- Andreas Metzler <email address hidden>  Sat, 25 Apr 2020 14:10:47 +0200
Superseded in sid-release
exim4 (4.93-14) unstable; urgency=low

  * Update from exim-4.93+fixes:
    + 74_34-Taint-fix-dsearch-result-to-be-untainted.patch
    + 74_35-Fix-argument-checking-for-readsocket.patch
    + 74_36-OpenSSL-avoid-loading-server-s-CA-list-for-client-no.patch

 -- Andreas Metzler <email address hidden>  Fri, 10 Apr 2020 13:53:34 +0200
Superseded in sid-release
exim4 (4.93-13) unstable; urgency=medium

  * Update from exim-4.93+fixes:
    + 74_29-Fix-mime_part_count-for-non-mime-message-on-multi-me.patch
    + 74_31-Taint-track-in-utf8clean-operator.patch
    + 74_32-Fix-spurious-detection-of-timeout-while-writing-to-t.patch
    + 74_33-Fix-segfault-on-bad-cmdline-f-sender-argument.-Bug-2.patch
  * [lintian] Move eximon.bin from /usr/lib/exim4 to /usr/libexec/exim4.

 -- Andreas Metzler <email address hidden>  Sat, 21 Mar 2020 11:39:19 +0100
Superseded in sid-release
exim4 (4.93-12) unstable; urgency=low

  * Update from exim-4.93+fixes:
    + 74_28-Fix-tr-expansion-item.-Bug-2533.patch
  * Recover more gracefull from half installed state after trying to install
    without util-linux (essential) installed. Closes: #952451 (Thanks, James
    Le Cuirot for the patch)
  * Use macro ("ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS") for ignore_target_hosts
    list setting on dnslookup router. Extend list by corresponding IPv6
    entries (Thanks, C Snover) Closes: #950973
  * Add REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE to allow setting headers_remove
    on both remote_smtp and remote_smtp_smarthost transports. Closes: #927741

 -- Andreas Metzler <email address hidden>  Sat, 29 Feb 2020 15:53:44 +0100
Superseded in sid-release
exim4 (4.93-11) unstable; urgency=medium

  * Update from exim-4.93+fixes:
    + 74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.-Bug-2524.patch
    + 74_27-GnuTLS-fix-hanging-callout-connections.patch

 -- Andreas Metzler <email address hidden>  Fri, 14 Feb 2020 16:02:05 +0100
Superseded in stretch-release
exim4 (4.89-2+deb9u6) stretch-security; urgency=high

  * 85_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch Fix SNI
    related buffer overflow. CVE-2019-15846

 -- Andreas Metzler <email address hidden>  Tue, 03 Sep 2019 20:01:38 +0200
Superseded in sid-release
exim4 (4.93-10) unstable; urgency=medium

  * Refresh debian/upstream/signing-key.asc from
    https://downloads.exim.org/Exim-Maintainers-Keyring.asc.
  * Update from exim-4.93+fixes:
    + 74_23-Fix-taint-hybrid-checking-on-BSD.patch
    + 74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch
    + 74_25-Taint-slow-mode-checking-only.patch

 -- Andreas Metzler <email address hidden>  Sat, 01 Feb 2020 11:06:29 +0100
Superseded in sid-release
exim4 (4.93-9) unstable; urgency=medium

  * Add 74_22-Taint-hybrid-checking-mode.patch.

 -- Andreas Metzler <email address hidden>  Thu, 16 Jan 2020 18:15:36 +0100
Superseded in sid-release
exim4 (4.93-7) unstable; urgency=medium

  * README.Debian: Expand a little bit on how macros work. (See #948308)
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sat, 11 Jan 2020 11:12:35 +0100
Deleted in experimental-release (Reason: None provided.)
exim4 (4.93-6) experimental; urgency=low

  * Improve on reproducible build, set EXIM_ARCHTYPE=DEB_TARGET_GNU_CPU to
    override/avoid CPU detection with uname -m.
  * More updates from exim-4.93+fixes:
    74_18-SPF-fix-handling-mix-of-spf-and-other-txt-records.-B.patch
  * Polish debian/rules. (Use CURDIR instead of executing `pwd`, avoid :=
    assignments with $(shell).
  * Build with SMTPUTF8 support. (SUPPORT_I18N_2008 and SUPPORT_I18N)
    Closes: #885149
    In configuration set smtputf8_advertise_hosts to '' instead of '*'.

 -- Andreas Metzler <email address hidden>  Mon, 06 Jan 2020 13:58:44 +0100
Superseded in sid-release
exim4 (4.93-5) unstable; urgency=medium

  * More updates from exim-4.93+fixes:
    74_14-SPF-only-require-v-spf1-on-TXT-DNS-records-during-lo.patch
    74_15-Eximon-fix-string-handling.-Bug-2500.patch
    74_16-Fix-build-with-heimdal-gssapi.-Bug-2501.patch
    74_17-Fix-the-variables-set-by-gsasl-authenticator.patch

 -- Andreas Metzler <email address hidden>  Fri, 03 Jan 2020 19:02:33 +0100
Superseded in sid-release
exim4 (4.93-4) unstable; urgency=medium

  * Improve on TLS info in README.Debian.
  * More updates  from exim-4.93+fixes:
    74_10-DMARC-default-dmarc_tld_file-to-unset.-Bug-2494.patch
    74_11-Zero-smtp-context-structure-after-allocation.patch
    74_13-ARC-Reset-received-ARC-instance-counter-before-next-.patch

 -- Andreas Metzler <email address hidden>  Thu, 26 Dec 2019 15:13:40 +0100
Superseded in sid-release
exim4 (4.93-3) unstable; urgency=medium

  * More updates (4.93.0.3) from exim-4.93+fixes:
    74_08-ARC-fix-crash-induced-by-misordered-headers.-Bug-249.patch
    74_09-Fix-taint-issue-with-retry-records.-Bug-2492.patch

 -- Andreas Metzler <email address hidden>  Fri, 13 Dec 2019 18:56:18 +0100
Superseded in sid-release
exim4 (4.93-2) unstable; urgency=medium

  * Update to exim-4.93+fixes branch
    74_01-PAM-fix-crash-in-the-pam-expansion-condition.-Bug-24.patch
    74_02-Regard-command-line-recipients-as-tainted.patch
    74_03-TFO-disable-for-FreeBSD.patch
    74_04-Hurd-errno-really-uses-more-than-a-short-sized-value.patch
    74_06-local_scan-align-local_scan.h-and-docs-re.-store_get.patch
    74_07-Fix-taint-issue-in-transport-with-DSN.-Bug-2491.patch

 -- Andreas Metzler <email address hidden>  Thu, 12 Dec 2019 18:25:44 +0100
Superseded in sid-release
exim4 (4.93-1) unstable; urgency=low

  * Point watchfile to release directory again.
  * New upstream version.

 -- Andreas Metzler <email address hidden>  Mon, 09 Dec 2019 19:05:17 +0100
Superseded in sid-release
exim4 (4.93~RC7-1) unstable; urgency=low

  * New upstream version.
    + Update md5 hash for upstream example configuration. (Change not relevant
      for Debian)
  * 75_01-Build-Enable-GNU-Hurd-Bug-2476.patch and
    75_02-TFO-disable-for-FreeBSD.patch from upstream 4.next branch: Re-enable
    build on GNU/hurd. (Thanks. Samuel Thibault) Closes: #945943

 -- Andreas Metzler <email address hidden>  Thu, 05 Dec 2019 17:50:20 +0100
Superseded in sid-release
exim4 (4.93~RC5-1) unstable; urgency=low

  * New upstream version.
    + Bump exim4-localscanap Provides.

 -- Andreas Metzler <email address hidden>  Wed, 27 Nov 2019 19:25:06 +0100
Superseded in sid-release
exim4 (4.93~RC4-1) unstable; urgency=low

  * New upstream version.

 -- Andreas Metzler <email address hidden>  Tue, 19 Nov 2019 19:39:37 +0100
Superseded in sid-release
exim4 (4.93~RC3-1) unstable; urgency=low

  * Drop (dead) link to openspf.org in rcpt ACL message string.
    Closes: #944786
  * New upstream version.
    + Unfuzz 90_localscan_dlopen.dpatch.

 -- Andreas Metzler <email address hidden>  Sun, 17 Nov 2019 11:37:15 +0100
Superseded in buster-release
exim4 (4.92-8+deb10u3) buster-security; urgency=high

  * 78_02-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch:
    Fix buffer overflow in string_vformat.

 -- Andreas Metzler <email address hidden>  Fri, 27 Sep 2019 18:09:35 +0200
Superseded in sid-release
exim4 (4.93~RC2-1) unstable; urgency=low

  * New upstream beta version.
    + Drop patches/75*.
  * Allow overriding cron.daily paniclog report recipient. Closes: #611085
  * Add REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES and
    REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS to set tls_verify_certificates and
    tls_verify_hosts respectively on the remote_smtp_smarthost transport.
    Closes: #823831
    In addition to that add REMOTE_SMTP_HOSTS_REQUIRE_TLS to set
    hosts_require_tls for the remote_smtp transport. Closes: #780033

 -- Andreas Metzler <email address hidden>  Sun, 10 Nov 2019 13:30:37 +0100
Superseded in sid-release
exim4 (4.93~RC1-4) unstable; urgency=low

  * Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need
    it yet but will forget for sure to add it when we do.
  * Following upstream defaults do not disable incoming TLS by default - i.e.
    if MAIN_TLS_ENABLE is not set - but use a self-signed certificate.
    (Relevant upstream changes: tls_advertise_hosts defaults to * for TLS
    builds since 4.87_JH/18, on-demand generation of self-signed certificate
    for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by
    default.)
  * 75_02-Revert-preallocate-store-for-config-which-appears-to.patch: Fix
    mismerge which triggered a test error on mipsel. Closes: #944060

 -- Andreas Metzler <email address hidden>  Sat, 09 Nov 2019 19:25:10 +0100
Superseded in sid-release
exim4 (4.93~RC1-3) unstable; urgency=low

  * 75_01-Dsearch-Fix-taint-handling-in-lookup.-Bug-2465.patch: Untaint
    dsearch lookup. Closes: #944199

 -- Andreas Metzler <email address hidden>  Sat, 09 Nov 2019 15:10:27 +0100
Superseded in sid-release
exim4 (4.93~RC1-2) unstable; urgency=low

  * autopkg test: Drop (python2) test for ancient vulnerability and do some
    basic testing with swaks instead. Closes: #943006
  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 03 Nov 2019 14:39:28 +0100
Deleted in experimental-release (Reason: None provided.)
exim4 (4.93~RC1-1) experimental; urgency=low

  * New upstream beta version.
    + Drop 75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch,
      75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch and
      75_03_Fix-local-scan-ABI.-Bug-2458.patch.
    + Update debian/example.conf.md5 (Removal of dnssec_request_domains was
      already implemented in 4.93~RC0-1.)
  * exigrep does case sensitive *option* processing (as it did for all
    versions <4.90). Notably -M, -m, --invert, -I may be affected.
    Closes: #927280
    (This change was already present in RC0.)

 -- Andreas Metzler <email address hidden>  Thu, 31 Oct 2019 18:22:11 +0100
Superseded in experimental-release
exim4 (4.93~RC0-2) experimental; urgency=low

  * 75_03_Fix-local-scan-ABI.-Bug-2458.patch: Fix function prototypes in
    local_scan.h.
  * 90_localscan_dlopen.dpatch: Unfuzz, mark
    string_copy_function/string_copy_taint_function/string_copyn_function in
    string.c as visible.
  * Provide exim4-localscanapi-2.1.
  * Drop sa-exim Breaks, the localscanapi version bump makes this superfluous.

 -- Andreas Metzler <email address hidden>  Sun, 27 Oct 2019 13:48:27 +0100
Superseded in experimental-release
exim4 (4.93~RC0-1) experimental; urgency=low

  * Point watchfile to test-subdirectory.
  * New upstream beta version.
    + Drop debian/patches/7[56]*.
    + Unfuzz 90_localscan_dlopen.dpatch.
    + Unfuzz/update (explicit -lnsl) debian/EDITME*
    + Update configuration, mirorring upstream changes.
      Both dnssec_request_domains and hosts_try_dane now default to '*', drop
      these settings. REMOTE_SMTP_DISABLE_DANE is a noop, now.
    + Exim DH param configuration (tls_dhparam) now makes use of the current
      GnuTLS (> 3.6) functionality, which implements rfc 7919. Drop
      unnecessary packaging bits.
    + Pull post release fix from upstream GIT
      (75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch) to fix build error
      with HAVE_LOCAL_SCAN=yes.
    + Update 90_localscan_dlopen.dpatch to #include documented interface
      (local_scan.h) instead of exim.h.
  * debian/rules: Do not try to build -heavy if -light failed.
  * 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch:
    Post-release hix from upstream GIT.
    https://bugs.exim.org/show_bug.cgi?id=2454
  * The localscan dlopen functionality is broken, (temporarily) drop
    exim4-localscanapi-2.0 from Provides.

 -- Andreas Metzler <email address hidden>  Sun, 20 Oct 2019 13:46:49 +0200
Superseded in sid-release
exim4 (4.92.3-1) unstable; urgency=medium

  * Fix (commented) examples in configuration for clamd and courier authdaemon
    to refer to /run instead of /var/run. Closes: #942292
  * While we are at it also fix exim pid file path in exim(8).
  * New upstream version (identical to 4.92.2 +
    75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch, i.e.
    4.92.2-3).
  * Use patches from exim-4.92.3+fixes, add
    75_36-Fix-errorcheck-in-smtp-transport.patch.
  * [lintian] Set Rules-Requires-Root: binary-targets.

 -- Andreas Metzler <email address hidden>  Fri, 18 Oct 2019 18:44:35 +0200
Superseded in sid-release
exim4 (4.92.2-3) unstable; urgency=critical

  * 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer
    overflow in string_vformat. CVE-2019-16928

 -- Andreas Metzler <email address hidden>  Sat, 28 Sep 2019 06:41:18 +0200
Superseded in sid-release
exim4 (4.92.2-2) unstable; urgency=medium

  * Upload to unstable.

 -- Andreas Metzler <email address hidden>  Sun, 08 Sep 2019 15:10:46 +0200
Superseded in stretch-release
exim4 (4.89-2+deb9u5) stretch-security; urgency=high

  * Fix remote command execution vulnerability related to
    "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006

 -- Andreas Metzler <email address hidden>  Sat, 20 Jul 2019 13:32:35 +0200
Superseded in buster-release
exim4 (4.92-8+deb10u1) buster-security; urgency=high

  * Fix remote command execution vulnerability related to
    "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006

 -- Andreas Metzler <email address hidden>  Sat, 20 Jul 2019 13:35:58 +0200
Deleted in experimental-release (Reason: None provided.)
exim4 (4.92.2-1) experimental; urgency=medium

  * New upstream security release (identical except for the version number to
    4.92.1 + 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch).
    + Drop 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch.
  * Refresh from exim-4.92.2+fixes branch:
    + 75_32-Fix-domain-for-a-bare-local-part-input.-Bug-2375.patch
    + 75_33-exim_dbmbuild-handle-0-sequence.patch
    + 75_34-fixup-exim_dbmbuild-handle-0-sequence.patch


 -- Andreas Metzler <email address hidden>  Sat, 07 Sep 2019 11:00:29 +0200
Superseded in sid-release
exim4 (4.92.1-3) unstable; urgency=high

  * 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch - Fix SNI
    related buffer overflow. CVE-2019-15846

 -- Andreas Metzler <email address hidden>  Tue, 03 Sep 2019 19:35:34 +0200
Superseded in sid-release
exim4 (4.92.1-2) unstable; urgency=medium

  * Pulled from exim-4.92+fixes branch:
    + 75_30-Fix-crash-after-TLS-channel-shutdown.patch
    + 75_31-Auth-handle-socket-read-errors-in-Dovecot-authentica.patch
  * Add Breaks: sa-exim (<< 4.2.1-17) to -heavy, see #930648.
  * Change *.logrotate to nocreate to work around #400198.
    Closes: #399930

 -- Andreas Metzler <email address hidden>  Wed, 14 Aug 2019 09:25:28 +0200
Superseded in sid-release
exim4 (4.92.1-1) unstable; urgency=low

  * New upstream bugfix release. (4.92.1 is 4.92 + the fix for CVE-2019-13917,
    so there are no source changes to the previous upload.)
    + Drop 77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch.
    + Use patches from exim-4.92.1+fixes branch.
  * In cron.daily use '/usr/sbin/exim4 -be '${primary_hostname}' instead of
    hostname --fqdn to get local hostname (for information purposes).
    Closes: #933231
  * Run exim4-base daily job via systemd.timer to guarantee execution after
    logrotate. Closes: #932328 (Thanks to Sven Hartge for bug-report and
    patch)
  * Add systemd-sysv as alternative for fulfilling the cron dependency.
  * Use debhelper 12 compat.

 -- Andreas Metzler <email address hidden>  Sun, 04 Aug 2019 14:28:22 +0200
Superseded in sid-release
exim4 (4.92-10) unstable; urgency=high

  * Fix remote command execution vulnerability related to
    "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006

 -- Andreas Metzler <email address hidden>  Sat, 20 Jul 2019 19:01:57 +0200
Superseded in sid-release
exim4 (4.92-9) unstable; urgency=low

  * exim4-base.cron.daily, paniclog warning mail:
    + Improve on wording. ${E4BCD_PANICLOG_LINES} only sets an upper limit
      of reported lines, there might be less lines than that in the mail.
      Closes: #929626
    + Instead of quoting the last ${E4BCD_PANICLOG_LINES} send out the last
      lines not filtered out by "$E4BCD_PANICLOG_NOISE". Closes: #929798
  * Add missing patches from exim-4.92+fixes branch, other patches renamed for
    proper order.
    + 75_11-Fix-bP-smtp_receive_timeout-.-Bug-2384.patch
    + 75_12-Fix-build-with-recent-LibreSSL-when-including-DANE.-.patch
    + 75_13-SPF-better-buld-compatibility-with-OpenBSD.patch
    + 75_15-GnuTLS-3.6.7-cipher-strings.patch
    + 75_17-Fix-listing-a-named-queue-by-a-non-admin-user.-Bug-2.patch
    + 75_21-Unbreak-heimdal_gssapi-auth-driver.patch
    + 75_22-Fix-DSN-Final-Recipient-field.patch
    + 75_23-Fix-bounce-generation-under-RFC-3461-request.-Bug-24.patch
  * 75_20-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch is now
    also from + fixes branch.
  * Tighten dependency of exim4 on daemon packages. Closes: #930519 Add
    lintian override for version-substvar-for-external-package.

 -- Andreas Metzler <email address hidden>  Fri, 05 Jul 2019 19:23:53 +0200
175 of 290 results