-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 01 Mar 2020 11:10:05 +0100 Source: exim4 Binary: exim4 exim4-base exim4-base-dbgsym exim4-config exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: source amd64 all Version: 4.93-12~bpo10+1 Distribution: buster-backports Urgency: critical Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Description: exim4 - metapackage to ease Exim MTA (v4) installation exim4-base - support files for all Exim MTA (v4) packages exim4-config - configuration for the Exim MTA (v4) exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 399930 611085 780033 823831 885149 927280 927741 929626 929798 930519 932328 933231 942292 943006 944060 944199 944786 945943 949034 950973 952451 Changes: exim4 (4.93-12~bpo10+1) buster-backports; urgency=low . * Rebuild for buster-backports. . exim4 (4.93-12) unstable; urgency=low . * Update from exim-4.93+fixes: + 74_28-Fix-tr-expansion-item.-Bug-2533.patch * Recover more gracefull from half installed state after trying to install without util-linux (essential) installed. Closes: #952451 (Thanks, James Le Cuirot for the patch) * Use macro ("ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS") for ignore_target_hosts list setting on dnslookup router. Extend list by corresponding IPv6 entries (Thanks, C Snover) Closes: #950973 * Add REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE to allow setting headers_remove on both remote_smtp and remote_smtp_smarthost transports. Closes: #927741 . exim4 (4.93-11) unstable; urgency=medium . * Update from exim-4.93+fixes: + 74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.-Bug-2524.patch + 74_27-GnuTLS-fix-hanging-callout-connections.patch . exim4 (4.93-10) unstable; urgency=medium . * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * Update from exim-4.93+fixes: + 74_23-Fix-taint-hybrid-checking-on-BSD.patch + 74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch + 74_25-Taint-slow-mode-checking-only.patch . exim4 (4.93-9) unstable; urgency=medium . * Add 74_22-Taint-hybrid-checking-mode.patch. . exim4 (4.93-8) unstable; urgency=medium . * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * More updates from exim-4.93+fixes: + 74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.-Bug.patch + 74_20-Fix-error-logging-for-dynamically-loaded-modules.-Bu.patch + 74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.-Bu.patch Closes: #949034 . exim4 (4.93-7) unstable; urgency=medium . * README.Debian: Expand a little bit on how macros work. (See #948308) * Upload to unstable. . exim4 (4.93-6) experimental; urgency=low . * Improve on reproducible build, set EXIM_ARCHTYPE=DEB_TARGET_GNU_CPU to override/avoid CPU detection with uname -m. * More updates from exim-4.93+fixes: 74_18-SPF-fix-handling-mix-of-spf-and-other-txt-records.-B.patch * Polish debian/rules. (Use CURDIR instead of executing `pwd`, avoid := assignments with $(shell). * Build with SMTPUTF8 support. (SUPPORT_I18N_2008 and SUPPORT_I18N) Closes: #885149 In configuration set smtputf8_advertise_hosts to '' instead of '*'. . exim4 (4.93-5) unstable; urgency=medium . * More updates from exim-4.93+fixes: 74_14-SPF-only-require-v-spf1-on-TXT-DNS-records-during-lo.patch 74_15-Eximon-fix-string-handling.-Bug-2500.patch 74_16-Fix-build-with-heimdal-gssapi.-Bug-2501.patch 74_17-Fix-the-variables-set-by-gsasl-authenticator.patch . exim4 (4.93-4) unstable; urgency=medium . * Improve on TLS info in README.Debian. * More updates from exim-4.93+fixes: 74_10-DMARC-default-dmarc_tld_file-to-unset.-Bug-2494.patch 74_11-Zero-smtp-context-structure-after-allocation.patch 74_13-ARC-Reset-received-ARC-instance-counter-before-next-.patch . exim4 (4.93-3) unstable; urgency=medium . * More updates (4.93.0.3) from exim-4.93+fixes: 74_08-ARC-fix-crash-induced-by-misordered-headers.-Bug-249.patch 74_09-Fix-taint-issue-with-retry-records.-Bug-2492.patch . exim4 (4.93-2) unstable; urgency=medium . * Update to exim-4.93+fixes branch 74_01-PAM-fix-crash-in-the-pam-expansion-condition.-Bug-24.patch 74_02-Regard-command-line-recipients-as-tainted.patch 74_03-TFO-disable-for-FreeBSD.patch 74_04-Hurd-errno-really-uses-more-than-a-short-sized-value.patch 74_06-local_scan-align-local_scan.h-and-docs-re.-store_get.patch 74_07-Fix-taint-issue-in-transport-with-DSN.-Bug-2491.patch . exim4 (4.93-1) unstable; urgency=low . * Point watchfile to release directory again. * New upstream version. . exim4 (4.93~RC7-1) unstable; urgency=low . * New upstream version. + Update md5 hash for upstream example configuration. (Change not relevant for Debian) * 75_01-Build-Enable-GNU-Hurd-Bug-2476.patch and 75_02-TFO-disable-for-FreeBSD.patch from upstream 4.next branch: Re-enable build on GNU/hurd. (Thanks. Samuel Thibault) Closes: #945943 . exim4 (4.93~RC5-1) unstable; urgency=low . * New upstream version. + Bump exim4-localscanap Provides. . exim4 (4.93~RC4-1) unstable; urgency=low . * New upstream version. . exim4 (4.93~RC3-1) unstable; urgency=low . * Drop (dead) link to openspf.org in rcpt ACL message string. Closes: #944786 * New upstream version. + Unfuzz 90_localscan_dlopen.dpatch. . exim4 (4.93~RC2-1) unstable; urgency=low . * New upstream beta version. + Drop patches/75*. * Allow overriding cron.daily paniclog report recipient. Closes: #611085 * Add REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES and REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS to set tls_verify_certificates and tls_verify_hosts respectively on the remote_smtp_smarthost transport. Closes: #823831 In addition to that add REMOTE_SMTP_HOSTS_REQUIRE_TLS to set hosts_require_tls for the remote_smtp transport. Closes: #780033 . exim4 (4.93~RC1-4) unstable; urgency=low . * Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need it yet but will forget for sure to add it when we do. * Following upstream defaults do not disable incoming TLS by default - i.e. if MAIN_TLS_ENABLE is not set - but use a self-signed certificate. (Relevant upstream changes: tls_advertise_hosts defaults to * for TLS builds since 4.87_JH/18, on-demand generation of self-signed certificate for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by default.) * 75_02-Revert-preallocate-store-for-config-which-appears-to.patch: Fix mismerge which triggered a test error on mipsel. Closes: #944060 . exim4 (4.93~RC1-3) unstable; urgency=low . * 75_01-Dsearch-Fix-taint-handling-in-lookup.-Bug-2465.patch: Untaint dsearch lookup. Closes: #944199 . exim4 (4.93~RC1-2) unstable; urgency=low . * autopkg test: Drop (python2) test for ancient vulnerability and do some basic testing with swaks instead. Closes: #943006 * Upload to unstable. . exim4 (4.93~RC1-1) experimental; urgency=low . * New upstream beta version. + Drop 75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch, 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch and 75_03_Fix-local-scan-ABI.-Bug-2458.patch. + Update debian/example.conf.md5 (Removal of dnssec_request_domains was already implemented in 4.93~RC0-1.) * exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. Closes: #927280 (This change was already present in RC0.) . exim4 (4.93~RC0-2) experimental; urgency=low . * 75_03_Fix-local-scan-ABI.-Bug-2458.patch: Fix function prototypes in local_scan.h. * 90_localscan_dlopen.dpatch: Unfuzz, mark string_copy_function/string_copy_taint_function/string_copyn_function in string.c as visible. * Provide exim4-localscanapi-2.1. * Drop sa-exim Breaks, the localscanapi version bump makes this superfluous. . exim4 (4.93~RC0-1) experimental; urgency=low . * Point watchfile to test-subdirectory. * New upstream beta version. + Drop debian/patches/7[56]*. + Unfuzz 90_localscan_dlopen.dpatch. + Unfuzz/update (explicit -lnsl) debian/EDITME* + Update configuration, mirorring upstream changes. Both dnssec_request_domains and hosts_try_dane now default to '*', drop these settings. REMOTE_SMTP_DISABLE_DANE is a noop, now. + Exim DH param configuration (tls_dhparam) now makes use of the current GnuTLS (> 3.6) functionality, which implements rfc 7919. Drop unnecessary packaging bits. + Pull post release fix from upstream GIT (75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch) to fix build error with HAVE_LOCAL_SCAN=yes. + Update 90_localscan_dlopen.dpatch to #include documented interface (local_scan.h) instead of exim.h. * debian/rules: Do not try to build -heavy if -light failed. * 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch: Post-release hix from upstream GIT. https://bugs.exim.org/show_bug.cgi?id=2454 * The localscan dlopen functionality is broken, (temporarily) drop exim4-localscanapi-2.0 from Provides. . exim4 (4.92.3-1) unstable; urgency=medium . * Fix (commented) examples in configuration for clamd and courier authdaemon to refer to /run instead of /var/run. Closes: #942292 * While we are at it also fix exim pid file path in exim(8). * New upstream version (identical to 4.92.2 + 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch, i.e. 4.92.2-3). * Use patches from exim-4.92.3+fixes, add 75_36-Fix-errorcheck-in-smtp-transport.patch. * [lintian] Set Rules-Requires-Root: binary-targets. . exim4 (4.92.2-3) unstable; urgency=critical . * 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer overflow in string_vformat. CVE-2019-16928 . exim4 (4.92.2-2) unstable; urgency=medium . * Upload to unstable. . exim4 (4.92.2-1) experimental; urgency=medium . * New upstream security release (identical except for the version number to 4.92.1 + 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch). + Drop 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch. * Refresh from exim-4.92.2+fixes branch: + 75_32-Fix-domain-for-a-bare-local-part-input.-Bug-2375.patch + 75_33-exim_dbmbuild-handle-0-sequence.patch + 75_34-fixup-exim_dbmbuild-handle-0-sequence.patch . exim4 (4.92.1-3) unstable; urgency=high . * 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch - Fix SNI related buffer overflow. CVE-2019-15846 . exim4 (4.92.1-2) unstable; urgency=medium . * Pulled from exim-4.92+fixes branch: + 75_30-Fix-crash-after-TLS-channel-shutdown.patch + 75_31-Auth-handle-socket-read-errors-in-Dovecot-authentica.patch * Add Breaks: sa-exim (<< 4.2.1-17) to -heavy, see #930648. * Change *.logrotate to nocreate to work around #400198. Closes: #399930 . exim4 (4.92.1-1) unstable; urgency=low . * New upstream bugfix release. (4.92.1 is 4.92 + the fix for CVE-2019-13917, so there are no source changes to the previous upload.) + Drop 77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch. + Use patches from exim-4.92.1+fixes branch. * In cron.daily use '/usr/sbin/exim4 -be '${primary_hostname}' instead of hostname --fqdn to get local hostname (for information purposes). Closes: #933231 * Run exim4-base daily job via systemd.timer to guarantee execution before logrotate. Closes: #932328 (Thanks to Sven Hartge for bug-report and patch) * Add systemd-sysv as alternative for fulfilling the cron dependency. * Use debhelper 12 compat. . exim4 (4.92-10) unstable; urgency=high . * Fix remote command execution vulnerability related to "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 . exim4 (4.92-9) unstable; urgency=low . * exim4-base.cron.daily, paniclog warning mail: + Improve on wording. ${E4BCD_PANICLOG_LINES} only sets an upper limit of reported lines, there might be less lines than that in the mail. Closes: #929626 + Instead of quoting the last ${E4BCD_PANICLOG_LINES} send out the last lines not filtered out by "$E4BCD_PANICLOG_NOISE". Closes: #929798 * Add missing patches from exim-4.92+fixes branch, other patches renamed for proper order. + 75_11-Fix-bP-smtp_receive_timeout-.-Bug-2384.patch + 75_12-Fix-build-with-recent-LibreSSL-when-including-DANE.-.patch + 75_13-SPF-better-buld-compatibility-with-OpenBSD.patch + 75_15-GnuTLS-3.6.7-cipher-strings.patch + 75_17-Fix-listing-a-named-queue-by-a-non-admin-user.-Bug-2.patch + 75_21-Unbreak-heimdal_gssapi-auth-driver.patch + 75_22-Fix-DSN-Final-Recipient-field.patch + 75_23-Fix-bounce-generation-under-RFC-3461-request.-Bug-24.patch * 75_20-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch is now also from + fixes branch. * Tighten dependency of exim4 on daemon packages. Closes: #930519 Add lintian override for version-substvar-for-external-package. Checksums-Sha1: ce7bcb61fbcc3a8d66672cf4a1c196a9280ca79b 2911 exim4_4.93-12~bpo10+1.dsc 7a8490a153395491229a11c5ac9b0df9a2aa4dde 488184 exim4_4.93-12~bpo10+1.debian.tar.xz 7fc10cd24d767a76d23039c673a9ba74e428c67e 211640 exim4-base-dbgsym_4.93-12~bpo10+1_amd64.deb 33bff5b7a274223eba2b6404402b67102bd33763 1152248 exim4-base_4.93-12~bpo10+1_amd64.deb 0a4fe417337adacfe14a0539a2818753afd32d9b 327960 exim4-config_4.93-12~bpo10+1_all.deb b1288dbba8d767ef682f59c3297e72ccd313daae 1427456 exim4-daemon-heavy-dbgsym_4.93-12~bpo10+1_amd64.deb 73a88507e496a5f61d757e2f7d4a3b95c2750043 683196 exim4-daemon-heavy_4.93-12~bpo10+1_amd64.deb ab7f3af735cd5ca7176dea378864140e0d051db5 1253600 exim4-daemon-light-dbgsym_4.93-12~bpo10+1_amd64.deb 89b41dfd96dbca11d936bfe36f604b98664724c9 625640 exim4-daemon-light_4.93-12~bpo10+1_amd64.deb a031f8c0138ca801eb8c4b363016a798b46bc424 110832 exim4-dev_4.93-12~bpo10+1_amd64.deb 43a675c0f6e26f26db9f17ebd133f2ca92da4321 7188 exim4_4.93-12~bpo10+1_all.deb 101d2c2aeecee580d9b64d84f52c100e72c286e3 11195 exim4_4.93-12~bpo10+1_amd64.buildinfo 5e1b27a85e2b8e87a5d4f29a8b0b29449cf8d032 137880 eximon4-dbgsym_4.93-12~bpo10+1_amd64.deb f53015ac26c810faefc7f03a6c6a8dfe1fd4e0d2 143460 eximon4_4.93-12~bpo10+1_amd64.deb Checksums-Sha256: 2b88ffd20ab8abcd23fcaf58c2eb7d4315c31ef9f9ee0fd3210a6c4d6ea5eec1 2911 exim4_4.93-12~bpo10+1.dsc 618ee905ce06e2e8f5947dca0d3a073036f93c5cd99060d94a0187bd8564ee83 488184 exim4_4.93-12~bpo10+1.debian.tar.xz 6604863c389cdb6a25667a00e9df11a7badec9f14cf63c2efe4222a43e8a884f 211640 exim4-base-dbgsym_4.93-12~bpo10+1_amd64.deb 50240077d9f8361ae7a64817c44a8abb055bf03fb7ef7475518ca8579db4b3ba 1152248 exim4-base_4.93-12~bpo10+1_amd64.deb c9c8e97f1cba2db1b147b9d5e062519fb6fb2b4ddf5a6a9a937a0c5e521fa1ae 327960 exim4-config_4.93-12~bpo10+1_all.deb 38f508b7f1ceeb132f408b1dd63dfce86e6138a14b4dd91f272271028ce90c49 1427456 exim4-daemon-heavy-dbgsym_4.93-12~bpo10+1_amd64.deb 198038f0e5bd72234363ebfa7ec248e234355c507270953eadeb6b27c74cd752 683196 exim4-daemon-heavy_4.93-12~bpo10+1_amd64.deb 9e811717c3330eedc23e4e04b432c74012950ea8be551d5c0de971890e01d448 1253600 exim4-daemon-light-dbgsym_4.93-12~bpo10+1_amd64.deb ddbfd46925d6f9aa8b4bc7ebaf8754370f882bdffadc2ff032b154b789a3cf09 625640 exim4-daemon-light_4.93-12~bpo10+1_amd64.deb e4d019404bc1db172eb1d86e9e876682b7054d80937da368b28b8e318f08c8b0 110832 exim4-dev_4.93-12~bpo10+1_amd64.deb 7f82ff1bcb799070d674b39b624138a1ce176a3e12afc4d924914944fb1e301c 7188 exim4_4.93-12~bpo10+1_all.deb 51bebb1e85f95118e662769ce85e414e0b263ad46e9fcb0840b5c065919282af 11195 exim4_4.93-12~bpo10+1_amd64.buildinfo a75538d025902285554e5eb2e1731ba3c9acba160534cf26257dcc36cf8f2742 137880 eximon4-dbgsym_4.93-12~bpo10+1_amd64.deb 0b21b8b659885c28a335e8d8ce9a2c9da29986d063d6adcc0975824ae634c9f2 143460 eximon4_4.93-12~bpo10+1_amd64.deb Files: fe6be2f615ef1d668bb9ff166bdf93dc 2911 mail standard exim4_4.93-12~bpo10+1.dsc 0ea70e728a74a675af4d0228c31a533f 488184 mail standard exim4_4.93-12~bpo10+1.debian.tar.xz 9d8331c98536462b5fede6e24d43c371 211640 debug optional exim4-base-dbgsym_4.93-12~bpo10+1_amd64.deb fa782c40dd3bf715c4c67028e8906a9c 1152248 mail optional exim4-base_4.93-12~bpo10+1_amd64.deb b4dc49833b058d337a4649157fdf33eb 327960 mail optional exim4-config_4.93-12~bpo10+1_all.deb 39b858689dfa5a75e29f83405e93d05f 1427456 debug optional exim4-daemon-heavy-dbgsym_4.93-12~bpo10+1_amd64.deb f749e301b76aac13d01ba3f789774f2a 683196 mail optional exim4-daemon-heavy_4.93-12~bpo10+1_amd64.deb 4312d52c0f4d0a25b641b15df9b1863e 1253600 debug optional exim4-daemon-light-dbgsym_4.93-12~bpo10+1_amd64.deb a3b1c0f6eeb1289bf3584dc788c0f1ed 625640 mail optional exim4-daemon-light_4.93-12~bpo10+1_amd64.deb 9a56c5401e93ad15181b2609f1ee98b1 110832 mail optional exim4-dev_4.93-12~bpo10+1_amd64.deb 44b7b9a1ef4541b1e16172c352160ea7 7188 mail optional exim4_4.93-12~bpo10+1_all.deb 93cc0248fc5da77b7d7864ef9d733c37 11195 mail standard exim4_4.93-12~bpo10+1_amd64.buildinfo e1720e0f152f62ae5735f82292ebf21a 137880 debug optional eximon4-dbgsym_4.93-12~bpo10+1_amd64.deb ac55116d6e60a45c31f09fa2deefbb72 143460 mail optional eximon4_4.93-12~bpo10+1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl5bjJUACgkQpU8BhUOC FIQgpg//UMtuIihCwAd2dXEWrxGWY20NHajFD6nuuzCGQ9P+7mDrtvAJZ/wy9goI IbcISD6q3EQ0Gc1VYqvDy+8MS3N0d7yoTWMBIrIZt8Xg4vAtPjBlUH2iwvkedXsv I6EpxiQHDF6uU4vgdRwiHKf9xliFi5DXLkWvn2Hk/e8tGjLUo9oh4va6klBTtOQF PYnPeP61reBn72OuDNHrwV5l0gB645jZ+1o8YTh/2EI/JHKhaNV/C/dKooqF2qwc ORzhoIeB35R1OxHBAaORvA1X+vqATYx/4TsWg17jeLLzMRY2BRfcACUREvaml99D q+JYdQFiDGBgR7xMQ+VSan5xOmS50CeoSCO4QRc2hRmDCOhPfsDqrj7Ti1fK9uQT owmGhRCBoRki8B7mWMfiEuFHA/nbZxGAeu+CJR+MurAOQql3ZUY7kv69srbwND2t 7GL5OInk8mU05DcxjFWn8IF4yeXt1o6hle3K7TTYGk3Rmkqhhv1XufHBdzHulAO+ n0GFoJnzOyTpNRePjcU+2M7XvvE/8KexKnYhUEvGd+qcAYvUFxWiQt/RfDv9uE7l VsowbWfQ3UEUGAM+tU/xhf0Yoafg090zIchuSDhKplOZ2BKLHq2kzzArJi4VzVqn yU/sdbnPIsXiB3lkmDeXbhs+cpZ0RJLIfE0kiY05ldlQ1NZctIo= =JQMK -----END PGP SIGNATURE-----