-
exim4 (4.96-14ubuntu1.3) lunar-security; urgency=medium
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42117.patch: fixed string_is_ip_address()
in string.c
- CVE-2023-42117
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42119.patch: hardened dnsdb.c against
crafted DNS responses.
- CVE-2023-42119
-- Allen Huang <email address hidden> Wed, 25 Oct 2023 01:34:55 +0100
-
exim4 (4.96-14ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: information disclosure
- debian/patches/CVE-2023-42114.patch: fix possible OOB read in
SPA authenticator
- CVE-2023-42114
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42115.patch: fix possible OOB write in
external authenticator
- CVE-2023-42115
* SECURITY UPDATE: remote code execution
- debian/patches/CVE-2023-42116.patch: fix possible OOB write in
SPA authenticator
- CVE-2023-42116
* debian/patches/CVE-2023-42114_15_16.patch:
- use uschar more in spa authenticator
-- Allen Huang <email address hidden> Mon, 02 Oct 2023 16:53:24 +0100
-
exim4 (4.96-14ubuntu1.1) lunar; urgency=medium
* d/p/fix-run--arg-parsing.patch: Fix argument parsing for ${run }
expansion. Previously, when an argument included a close-brace
character (e.g. it itself used an expansion) an error occurred.
(LP: #1998678)
-- Bryce Harrington <email address hidden> Fri, 10 Feb 2023 00:17:40 -0800
-
exim4 (4.96-14ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #2008016). Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution
in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. This reverts
Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
+ d/control: drop Build-Depends on libspf2-dev.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
-- Bryce Harrington <email address hidden> Tue, 21 Feb 2023 19:52:34 +0000
-
exim4 (4.96-9ubuntu1) lunar; urgency=medium
* Merge with Debian unstable. (LP: #1993399) Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution
in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. (LP #1952738)
This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
Changes:
+ d/control: drop Build-Depends on libspf2-dev.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
exim4 (4.96-9) unstable; urgency=medium
* Cherrypick three fixes from upstream GIT master:
+ 75_31-Fix-regext-substring-capture-variables-for-null-matc.patch
+ 75_32-Fix-regex-substring-capture-variables-for-null-match.patch
+ 75_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch
exim4 (4.96-8) unstable; urgency=medium
* Cherrypick two fixes from upstream GIT master:
+ 75_22-Fix-daemon-startup.-Bug-2930.patch
+ 75_23-Fix-reccipients-after-run.-.-Bug-2929.patch
exim4 (4.96-7) unstable; urgency=high
* Replace 85_dmarc-api-breakage-workaround.diff with version from upstream
GIT master 75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch.
* 75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch: Fix
use-after-free in dmarc.c. VDB-211919 / CVE-2022-3620.
This does not affect Debian *binary* packages since they are not built
with DMARC support. Closes: #1022556
exim4 (4.96-6) unstable; urgency=low
* Use a limit of 1G instead of 2G in message_linelength_limit. (Thanks,
Frederic Peters) Closes: #1021503
exim4 (4.96-5) unstable; urgency=low
* Add pointers to /etc/mailname documentation to exim4-config_files.5.
Closes: #1019946
* Change remote_smtp transports to set message_linelength_limit = 2G if
IGNORE_SMTP_LINE_LENGTH_LIMIT was set to avoid accepting messages (due to
IGNORE_SMTP_LINE_LENGTH_LIMIT disabling the limit in the ACLs) without
being able to pass them on. Closes: #1019959
* Pull 75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch from
upstream GIT.
exim4 (4.96-4) unstable; urgency=low
* Cherrypick two fixes from upstream GIT master:
+ 75_05-SPF-fix-memory-accounting-for-error-case.patch
+ 75_08-Fix-regex-n-use-after-free.-Bug-2915.patch
75_09-Fix-non-WITH_CONTENT_SCAN-build.patch
75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch
75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch
* 85_dmarc-api-breakage-workaround.diff: Fix build-error against
opendmarc-1.4 which broke API and ABI without soname bump.
Closes: #1014945
-- Marc Deslauriers <email address hidden> Thu, 08 Dec 2022 12:19:10 -0500
-
exim4 (4.96-3ubuntu2) lunar; urgency=medium
* Rebuild against new perlapi-5.36.
-- Gianfranco Costamagna <email address hidden> Sat, 05 Nov 2022 09:11:59 +0100
-
exim4 (4.96-3ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable. (LP: #1971274) Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution
in SMTP banner.
+ Build-Depends on lsb-release to detect Distribution.
- Disable external SPF support to avoid Build-Depends on libspf2-dev
(only available in universe). SPF can still be implemented via
spf-tools-perl, as documented in exim4.conf.template. (LP #1952738)
This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
Changes:
+ d/control: drop Build-Depends on libspf2-dev.
+ d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
on spfquery.mail-spf-perl from spf-tools-perl.
+ d/EDITME.exim4-heavy.diff: disable support for libspf2.
exim4 (4.96-3) unstable; urgency=medium
* Fix error messages of test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z
on processing update-exim4.conf.8 and exim4-config_files.5. Also make
mandoc -lint update-exim4.conf.8 happy. (Thanks, Bjarni Ingi Gislason for
patch and report.)
Closes: #1014347, #1014349, #1014356
* 75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch:
Bug 2903: avoid exit on an attempt to rewrite a malformed address.
* Add dovecot server-side AUTH example. Closes: #1014235
exim4 (4.96-1) unstable; urgency=low
* New upstream version, almost identical to RC2.
* Upload to unstable.
* Extend debian/NEWS.
* Update lintian-overrides for new lintian version.
exim4 (4.96~RC2-1) experimental; urgency=low
* New upstream version.
+ Drop 75_*.patch.
exim4 (4.96~RC1-2) experimental; urgency=low
* Update from upstream GIT master:
+ 75_70-Debug-clarify-SMTP-DATA-ops-in-transport.patch
+ 75_71-Docs-more-info-on-PIPECONNECT.patch
+ 75_72-TLS-resumption-disable-on-continued-connection.patch
+ 75_73-Logging-distinguish-mem-allocation-errors.patch
+ 75_74-typo.patch
+ 75_75-TLS-resumption-fix-for-PIPECONNECT.patch
+ 75_76-DEBUG-clarify-multiline-smtp-responses.patch
+ 75_77-CHUNKING-fix-second-message-on-conn-when-first-rejec.patch
+ 75_78-CHUNKING-handle-protocol-errors-during-reception.patch
exim4 (4.96~RC1-1) experimental; urgency=low
* Merge 4.95-6:
75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch:
Fix segfault on deferred delivery on first MX. Closes: #1004740
(Huge thanks to Gedalya for finding/setting up a reproducer and taking
this upstream.)
* New upstream version.
* Pull 75_69-ARC-reset-headers-before-signing-for-secondary-MX.-B.patch to
fix a crash when built against libarc.
exim4 (4.96~RC0-1) experimental; urgency=low
* Drop code for upgrading from ancient (4.80-7 and earlier) versions in
maintainer-scripts. Closes: #1000962
* New upstream version.
+ Drop cherrypicked patches.
+ Unfuzz patches (including EDITME*).
+ Uses pcre2 (Closes: #1000107), update b-d to libpcre2-dev.
+ The allow_insecure_tainted_data main config option and the
"taint" log_selector were removed, add entry to NEWS.
exim4 (4.95-6) unstable; urgency=high
* Drop code for upgrading from ancient (4.80-7 and earlier) versions in
maintainer-scripts. Closes: #1000962
* 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch:
Fix segfault on deferred delivery on first MX. Closes: #1004740
exim4 (4.95-5) unstable; urgency=medium
* More upstream fixes:
+ 75_60-Utilities-fix-exiqgrep-perl-syntax-add-testcases.-Bu.patch
Closes: #1006661
+ 75_64-Logging-fix-crash-on-local_part-utf8-conversion-fail.patch
* Update exiqgrep manpage.
-- Christian Ehrhardt <email address hidden> Thu, 14 Jul 2022 10:33:39 +0200