Change logs for exim4 source package in Yakkety

  • exim4 (4.87-3ubuntu1.2) yakkety-security; urgency=medium
      * SECURITY UPDATE: memory leak
        - debian/patches/93_CVE-2017-1000368.patch: free -p argument if
          allocation was required.
        - CVE-2017-1000368
     -- Steve Beattie <email address hidden>  Fri, 02 Jun 2017 22:05:59 -0700
  • exim4 (4.87-3ubuntu1.1) yakkety-security; urgency=medium
      * SECURITY UPDATE: DKIM information leakage
        - debian/patches/CVE-2016-9963.patch: fix information leakage in
          src/dkim.c, src/transports/smtp.c.
        - CVE-2016-9963
     -- Marc Deslauriers <email address hidden>  Thu, 05 Jan 2017 08:24:06 -0500
  • exim4 (4.87-3ubuntu1) yakkety; urgency=medium
      * Merge from Debian unstable. Remaining changes:
        + Show Ubuntu distribution in SMTP banner.
        + Build-Depends on lsb-release (needed for the Ubuntu SMTP banner patch)
    exim4 (4.87-3) unstable; urgency=medium
      * Pull multiple patches from upstream GIT:
        + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch
          Improved message on overlong lines in example config.
        + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch
          Fix race condition related to connection reuse.

        + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch
          Avoid exposing passwords in log on failing ldap lookup
      * Copy information message on rejecting overlong lines in data ACL from
        upstream example configuration. Closes: #823418
      * Add NEWS entry on line-lenght-limit introduced in 4.87~RC1-1.
        Closes: 821830
    exim4 (4.87-2) unstable; urgency=medium
      * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs.
        (Thanks, L. Guruprasad!) Closes: #821416
        connections (hosts_require_tls option) in remote_smtp_smarthost
        transport. Closes: #822174
      * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It
        is deprecated and will be removed in 4.88.
      * README.Debian*: Fix minor issues  found by lintian.
      * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399
      * Drop exim4-base Recommends on perl-modules. This had been unnecessary
        since 4.80~rc6-1 which dropped /usr/share/exim4/
    exim4 (4.87-1) unstable; urgency=medium
      * Fix comment in
        conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks,
        Jörg-Volker Peetz!) Closes: #819780
      * New upstream release.
    exim4 (4.87~RC7-1) unstable; urgency=low
      * Enable SOCKS support in both -light and -heavy. Closes: #818091
      * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482
      * New upstream version.
        + Drop 74_Store-the-initial-working-directory.diff,
        + Update debian/example.conf.md5.
    exim4 (4.87~RC6-3) unstable; urgency=medium
      * Merge changelog entries for 4.86.2-1 and -2.
      * Upload to unstable.
      * Add link to CVE details to latest NEWS entry and bump its version and date
        to match this upload. Closes: #818349, #817244
    exim4 (4.87~RC6-2) experimental; urgency=medium
      * 74_Store-the-initial-working-directory.diff,
        76_only_warn_on_nonempty_environment.diff: Upstream followups on the
        CVE fix (Thanks, Heiko Schlittermann!):
        + Runtime warning is only generated if (and only if) keep_environment
          is unset and environment is nonempty.
        + Store the initial working directory and make it available in the new
          expansion variable $initial_cwd.
      * Merge all NEWS.Debian files into a single one, identical for all binary
        packages. - Different NEWS files built from a single source package is not
        and has not ever been supported by apt-listchanges which is the most
        important frontend.
      * Add a NEWS entry about the environment related runtime warning.
    exim4 (4.87~RC6-1) experimental; urgency=medium
      * New upstream version.
      * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing
        ${extract } string expansion for the numeric/3-string case. (Bug was
        introduced in 4.85.)
      * Set keep_environment to empty value instead of setting a minimal PATH in
    exim4 (4.87~RC5-2) experimental; urgency=medium
      * Update debian/upstream/signing-key.asc, using the keys listed in This adds
        Heiko Schlittermann's key.
      * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790
    exim4 (4.87~RC5-1) experimental; urgency=medium
      * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying
        to grep in it. Closes: #814998
      * New upstream version, includes the patch for CVE-2016-1531. (Local root
      * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new
        options. If neither is used we use add_environment to set a minimal
        PATH=/bin:/usr/bin to avoid a runtime warning.
    exim4 (4.87~RC3-2) experimental; urgency=medium
      * README.Debian: Refer to Exim specification by chapter name instead of
        chapter number. Closes: #813351
      * Fix some spelling errors found by lintian.
      * Minor debian/rules cleanup:
        + Restore originally intended behavior, upstream changelog is only
          shipped in exim4-base, symlinks to it elsewhere.
        + Drop workaround for #347577, fixed in debhelper 5.0.15.
        + Use "dh binary-arch" and "dh binary-indep" and a bunch of override
          targets instead of listing all dh-commands. While this is uglier and
          slows things down a bit it shortens debian/rules by 40 lines and has the
          huge benefit that we automatically use all suggested helpers in correct
        + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage.
        + Delete unused, commented code.
        + Drop (exported) variable MTACONFLICTS, used only once.
      * Bugfix: Stop build if generation of EDITME.exim4-heavy fails.
      * Refresh debian/EDITME.*, -heavy was missing ldap and sql support.
    exim4 (4.87~RC3-1) experimental; urgency=medium
      * Move Vcs-* from git/http to https.
      * [lintian] README.Debian: s/desireable/desirable/.
      * [lintian] README.Debian: Fix grammar error "allow + infinitive".
      * [lintian] exim4-config.postinst: Use which foo > /dev/null
        instead of [ -x /path/to/foo ].
      * Update list of patches in debian/README.Debian.xml
      * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect
        with GnuTLS >= 2.12 and even stable has GnuTLS 3.x.
      * New upstream version.
        + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted,
          merge this change and drop CHECK_MAIL_HELO_ISSUED macro.
    exim4 (4.87~RC2-1) experimental; urgency=medium
      * New upstream version.
    exim4 (4.87~RC1-1) experimental; urgency=medium
      * New upstream version.
        + Refresh patches.
        + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch.
        + Sync with upstream default configuration: Check maximum (physical, i.e.
          before unfolding) line length in default spec file data ACL and smtp
          transport. Bug 1684 Closes: #797919
        + HS/02 Add the Exim version string to the process info.  This way exiwhat
          gives some more detail about the running daemon. Closes: #240883
      * Override upstream's new default of tls_advertise_hosts = * if
        MAIN_TLS_ENABLE is not set.
     -- Christian Ehrhardt <email address hidden>  Tue, 26 Jul 2016 13:30:09 +0200
  • exim4 (4.86.2-2ubuntu2) xenial; urgency=medium
      * Rebuild against libmysqlclient20.
     -- Robie Basak <email address hidden>  Tue, 05 Apr 2016 12:21:41 +0000