Publishing details


exim4 (4.90.1-1ubuntu1) bionic; urgency=medium

  * Merge from Debian testing, Remaining changes:
    - Show Ubuntu distribution in SMTP banner
      - Build-Depends on lsb-release to detect Distribution.
      - d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.

exim4 (4.90.1-1) unstable; urgency=high

  * New upstream version, fixing CVE-2018-6789. Closes: #890000
    + Drop 75_*.patch.

exim4 (4.90-7) unstable; urgency=medium

  * Update from exim-4_90+fixes branch. (exim-
    + 75_21-DKIM-fix-buffer-overflow-in-verify.patch
    + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
    + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
  * Typo fixes in old patch descriptions. (Thanks, lintian!)

exim4 (4.90-6) unstable; urgency=medium

  * Update from exim-4_90+fixes branch.
    + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
    + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
      Closes: #887489
    + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
    + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch

exim4 (4.90-5) unstable; urgency=low

  * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
    exim-4_90+fixes branch.
  * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
  * [update-exim4.conf] stop converting variables set to an empty value in
    /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
    "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972

exim4 (4.90-4) unstable; urgency=low

  * Update from exim-4_90+fixes branch.

exim4 (4.90-3) unstable; urgency=medium

  * Three more patches from exim-4_90+fixes branch:

exim4 (4.90-2) unstable; urgency=medium

  * Update to exim-4_90+fixes branch:
    + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
    + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
    + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
    + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
    + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
    + 75_05-Fix-build-of-nisplus-lookup.patch
    + 75_06-Fix-const-issue-in-nisplus-lookup.patch
    + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
    + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch

exim4 (4.90-1) unstable; urgency=low

  * rc4 released as 4.90.
  * Point watchfile to release directory again.
  * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
    GIT master branch. Fix pgsql lookup for multiple result-tuples with a
    single column. Previously only the last row was returned.
  * Simplify debian/rules and make it usable with dh v10 compat. The
    fine-grained support for selecting the to be built packages (-custom with
    or without -base) was dropped. The build process is now controlled by
    attaching tasks to dh-override hooks instead of using file dependencies,
    makefile-style.  The latter broke with dh v10 due to upstream's
    build-system which always has the main targets out-of-date inter alia due
    to the compile-number feature.
  * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
    buildflags ATM.)
  * Use debhelper v10 compat.
  * Drop override_dh_strip-arch, we have had enough toolchain and
    source changes to prevent file conflicts.

exim4 (4.90~RC4-1) unstable; urgency=medium

  * New upstream version.

exim4 (4.90~RC3-2) unstable; urgency=low

  * Upload to unstable.
  * Point homepage to https URL.

exim4 (4.90~RC3-1) experimental; urgency=medium

  * New upstream version.
    + Fix a use-after-free while reading smtp input for header lines.
      A crafted sequence of BDAT commands could result in in-use memory
      being freed.  CVE-2017-16943. Closes: #882648
    + Fix checking for leading-dot on a line during headers reading
      from SMTP input.  Previously it was always done; now only done for
      DATA and not BDAT commands.  CVE-2017-16944 Closes: #882671
  * Drop 78_Disable-chunking-BDAT-by-default.patch again.

exim4 (4.90~RC2-3) experimental; urgency=medium

  * As a workaround for the yet-unfixed security vulnerability resurrect (and
    adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
    4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648

exim4 (4.90~RC2-2) experimental; urgency=low

  * B-d on lynx, instead of lynx-cur | lynx.

exim4 (4.90~RC2-1) experimental; urgency=low

  * New upstream release candidate.
    + Unfuzz patches, drop 40_reproducible_build.diff and
    + Refresh debian/example.conf.md5, No changes to Debian's configuration
      needed, upstream added a (commented) entry to change OpenSSL ciphers.

exim4 (4.90~RC1-1) experimental; urgency=low

  * New upstream release candidate.
    + Point watchfile to test subdirectory.
    + Update 40_reproducible_build.diff
    + Drop 75_fixes*.patch and
    + Unfuzz EDITME*.diff
    + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
      SOURCE_DATE_EPOCH is set.
  * Drop trailing whitespace in debian/README.source, debian/changelog and
    debian/rules. (Thanks, lintian)
  * Drop debian/README.source and outdated parts of debian/copyright.

exim4 (4.89-13) unstable; urgency=high

  * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
    from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944

exim4 (4.89-12) unstable; urgency=high

  * Sync with exim-4_89+fixes branch:
    + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
    + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
      Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
  * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.

exim4 (4.89-11) unstable; urgency=critical

  * B-d on lynx, instead of lynx-cur | lynx.

exim4 (4.89-10) unstable; urgency=critical

  * As a workaround for the yet-unfixed security vulnerability resurrect
    78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
    both incoming and outgoing BDAT/CHUNKING. #882648

 -- Christian Ehrhardt <email address hidden>  Wed, 14 Feb 2018 17:01:14 +0100

Available diffs


Built packages

Package files