-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2020 18:27:33 +0100 Source: exim4 Architecture: source Version: 4.93-13~bpo10+1 Distribution: buster-backports Urgency: critical Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Closes: 399930 611085 780033 823831 885149 927280 927741 932328 933231 942292 943006 944060 944199 944786 945943 949034 950973 952451 Changes: exim4 (4.93-13~bpo10+1) buster-backports; urgency=medium . * Rebuild for buster-backports. . exim4 (4.93-13) unstable; urgency=medium . * Update from exim-4.93+fixes: + 74_29-Fix-mime_part_count-for-non-mime-message-on-multi-me.patch + 74_31-Taint-track-in-utf8clean-operator.patch + 74_32-Fix-spurious-detection-of-timeout-while-writing-to-t.patch + 74_33-Fix-segfault-on-bad-cmdline-f-sender-argument.-Bug-2.patch * [lintian] Move eximon.bin from /usr/lib/exim4 to /usr/libexec/exim4. . exim4 (4.93-12) unstable; urgency=low . * Update from exim-4.93+fixes: + 74_28-Fix-tr-expansion-item.-Bug-2533.patch * Recover more gracefull from half installed state after trying to install without util-linux (essential) installed. Closes: #952451 (Thanks, James Le Cuirot for the patch) * Use macro ("ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS") for ignore_target_hosts list setting on dnslookup router. Extend list by corresponding IPv6 entries (Thanks, C Snover) Closes: #950973 * Add REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE to allow setting headers_remove on both remote_smtp and remote_smtp_smarthost transports. Closes: #927741 . exim4 (4.93-11) unstable; urgency=medium . * Update from exim-4.93+fixes: + 74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.-Bug-2524.patch + 74_27-GnuTLS-fix-hanging-callout-connections.patch . exim4 (4.93-10) unstable; urgency=medium . * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * Update from exim-4.93+fixes: + 74_23-Fix-taint-hybrid-checking-on-BSD.patch + 74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch + 74_25-Taint-slow-mode-checking-only.patch . exim4 (4.93-9) unstable; urgency=medium . * Add 74_22-Taint-hybrid-checking-mode.patch. . exim4 (4.93-8) unstable; urgency=medium . * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * More updates from exim-4.93+fixes: + 74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.-Bug.patch + 74_20-Fix-error-logging-for-dynamically-loaded-modules.-Bu.patch + 74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.-Bu.patch Closes: #949034 . exim4 (4.93-7) unstable; urgency=medium . * README.Debian: Expand a little bit on how macros work. (See #948308) * Upload to unstable. . exim4 (4.93-6) experimental; urgency=low . * Improve on reproducible build, set EXIM_ARCHTYPE=DEB_TARGET_GNU_CPU to override/avoid CPU detection with uname -m. * More updates from exim-4.93+fixes: 74_18-SPF-fix-handling-mix-of-spf-and-other-txt-records.-B.patch * Polish debian/rules. (Use CURDIR instead of executing `pwd`, avoid := assignments with $(shell). * Build with SMTPUTF8 support. (SUPPORT_I18N_2008 and SUPPORT_I18N) Closes: #885149 In configuration set smtputf8_advertise_hosts to '' instead of '*'. . exim4 (4.93-5) unstable; urgency=medium . * More updates from exim-4.93+fixes: 74_14-SPF-only-require-v-spf1-on-TXT-DNS-records-during-lo.patch 74_15-Eximon-fix-string-handling.-Bug-2500.patch 74_16-Fix-build-with-heimdal-gssapi.-Bug-2501.patch 74_17-Fix-the-variables-set-by-gsasl-authenticator.patch . exim4 (4.93-4) unstable; urgency=medium . * Improve on TLS info in README.Debian. * More updates from exim-4.93+fixes: 74_10-DMARC-default-dmarc_tld_file-to-unset.-Bug-2494.patch 74_11-Zero-smtp-context-structure-after-allocation.patch 74_13-ARC-Reset-received-ARC-instance-counter-before-next-.patch . exim4 (4.93-3) unstable; urgency=medium . * More updates (4.93.0.3) from exim-4.93+fixes: 74_08-ARC-fix-crash-induced-by-misordered-headers.-Bug-249.patch 74_09-Fix-taint-issue-with-retry-records.-Bug-2492.patch . exim4 (4.93-2) unstable; urgency=medium . * Update to exim-4.93+fixes branch 74_01-PAM-fix-crash-in-the-pam-expansion-condition.-Bug-24.patch 74_02-Regard-command-line-recipients-as-tainted.patch 74_03-TFO-disable-for-FreeBSD.patch 74_04-Hurd-errno-really-uses-more-than-a-short-sized-value.patch 74_06-local_scan-align-local_scan.h-and-docs-re.-store_get.patch 74_07-Fix-taint-issue-in-transport-with-DSN.-Bug-2491.patch . exim4 (4.93-1) unstable; urgency=low . * Point watchfile to release directory again. * New upstream version. . exim4 (4.93~RC7-1) unstable; urgency=low . * New upstream version. + Update md5 hash for upstream example configuration. (Change not relevant for Debian) * 75_01-Build-Enable-GNU-Hurd-Bug-2476.patch and 75_02-TFO-disable-for-FreeBSD.patch from upstream 4.next branch: Re-enable build on GNU/hurd. (Thanks. Samuel Thibault) Closes: #945943 . exim4 (4.93~RC5-1) unstable; urgency=low . * New upstream version. + Bump exim4-localscanap Provides. . exim4 (4.93~RC4-1) unstable; urgency=low . * New upstream version. . exim4 (4.93~RC3-1) unstable; urgency=low . * Drop (dead) link to openspf.org in rcpt ACL message string. Closes: #944786 * New upstream version. + Unfuzz 90_localscan_dlopen.dpatch. . exim4 (4.93~RC2-1) unstable; urgency=low . * New upstream beta version. + Drop patches/75*. * Allow overriding cron.daily paniclog report recipient. Closes: #611085 * Add REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES and REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS to set tls_verify_certificates and tls_verify_hosts respectively on the remote_smtp_smarthost transport. Closes: #823831 In addition to that add REMOTE_SMTP_HOSTS_REQUIRE_TLS to set hosts_require_tls for the remote_smtp transport. Closes: #780033 . exim4 (4.93~RC1-4) unstable; urgency=low . * Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need it yet but will forget for sure to add it when we do. * Following upstream defaults do not disable incoming TLS by default - i.e. if MAIN_TLS_ENABLE is not set - but use a self-signed certificate. (Relevant upstream changes: tls_advertise_hosts defaults to * for TLS builds since 4.87_JH/18, on-demand generation of self-signed certificate for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by default.) * 75_02-Revert-preallocate-store-for-config-which-appears-to.patch: Fix mismerge which triggered a test error on mipsel. Closes: #944060 . exim4 (4.93~RC1-3) unstable; urgency=low . * 75_01-Dsearch-Fix-taint-handling-in-lookup.-Bug-2465.patch: Untaint dsearch lookup. Closes: #944199 . exim4 (4.93~RC1-2) unstable; urgency=low . * autopkg test: Drop (python2) test for ancient vulnerability and do some basic testing with swaks instead. Closes: #943006 * Upload to unstable. . exim4 (4.93~RC1-1) experimental; urgency=low . * New upstream beta version. + Drop 75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch, 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch and 75_03_Fix-local-scan-ABI.-Bug-2458.patch. + Update debian/example.conf.md5 (Removal of dnssec_request_domains was already implemented in 4.93~RC0-1.) * exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. Closes: #927280 (This change was already present in RC0.) . exim4 (4.93~RC0-2) experimental; urgency=low . * 75_03_Fix-local-scan-ABI.-Bug-2458.patch: Fix function prototypes in local_scan.h. * 90_localscan_dlopen.dpatch: Unfuzz, mark string_copy_function/string_copy_taint_function/string_copyn_function in string.c as visible. * Provide exim4-localscanapi-2.1. * Drop sa-exim Breaks, the localscanapi version bump makes this superfluous. . exim4 (4.93~RC0-1) experimental; urgency=low . * Point watchfile to test-subdirectory. * New upstream beta version. + Drop debian/patches/7[56]*. + Unfuzz 90_localscan_dlopen.dpatch. + Unfuzz/update (explicit -lnsl) debian/EDITME* + Update configuration, mirorring upstream changes. Both dnssec_request_domains and hosts_try_dane now default to '*', drop these settings. REMOTE_SMTP_DISABLE_DANE is a noop, now. + Exim DH param configuration (tls_dhparam) now makes use of the current GnuTLS (> 3.6) functionality, which implements rfc 7919. Drop unnecessary packaging bits. + Pull post release fix from upstream GIT (75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch) to fix build error with HAVE_LOCAL_SCAN=yes. + Update 90_localscan_dlopen.dpatch to #include documented interface (local_scan.h) instead of exim.h. * debian/rules: Do not try to build -heavy if -light failed. * 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch: Post-release hix from upstream GIT. https://bugs.exim.org/show_bug.cgi?id=2454 * The localscan dlopen functionality is broken, (temporarily) drop exim4-localscanapi-2.0 from Provides. . exim4 (4.92.3-1) unstable; urgency=medium . * Fix (commented) examples in configuration for clamd and courier authdaemon to refer to /run instead of /var/run. Closes: #942292 * While we are at it also fix exim pid file path in exim(8). * New upstream version (identical to 4.92.2 + 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch, i.e. 4.92.2-3). * Use patches from exim-4.92.3+fixes, add 75_36-Fix-errorcheck-in-smtp-transport.patch. * [lintian] Set Rules-Requires-Root: binary-targets. . exim4 (4.92.2-3) unstable; urgency=critical . * 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer overflow in string_vformat. CVE-2019-16928 . exim4 (4.92.2-2) unstable; urgency=medium . * Upload to unstable. . exim4 (4.92.2-1) experimental; urgency=medium . * New upstream security release (identical except for the version number to 4.92.1 + 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch). + Drop 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch. * Refresh from exim-4.92.2+fixes branch: + 75_32-Fix-domain-for-a-bare-local-part-input.-Bug-2375.patch + 75_33-exim_dbmbuild-handle-0-sequence.patch + 75_34-fixup-exim_dbmbuild-handle-0-sequence.patch . exim4 (4.92.1-3) unstable; urgency=high . * 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch - Fix SNI related buffer overflow. CVE-2019-15846 . exim4 (4.92.1-2) unstable; urgency=medium . * Pulled from exim-4.92+fixes branch: + 75_30-Fix-crash-after-TLS-channel-shutdown.patch + 75_31-Auth-handle-socket-read-errors-in-Dovecot-authentica.patch * Add Breaks: sa-exim (<< 4.2.1-17) to -heavy, see #930648. * Change *.logrotate to nocreate to work around #400198. Closes: #399930 . exim4 (4.92.1-1) unstable; urgency=low . * New upstream bugfix release. (4.92.1 is 4.92 + the fix for CVE-2019-13917, so there are no source changes to the previous upload.) + Drop 77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch. + Use patches from exim-4.92.1+fixes branch. * In cron.daily use '/usr/sbin/exim4 -be '${primary_hostname}' instead of hostname --fqdn to get local hostname (for information purposes). Closes: #933231 * Run exim4-base daily job via systemd.timer to guarantee execution before logrotate. Closes: #932328 (Thanks to Sven Hartge for bug-report and patch) * Add systemd-sysv as alternative for fulfilling the cron dependency. * Use debhelper 12 compat. Checksums-Sha1: d4cd92018cc49bf5529f004ccd187a9f67db30f4 2911 exim4_4.93-13~bpo10+1.dsc d953d3da1d73abeb68a858fde777b2025b165c02 490060 exim4_4.93-13~bpo10+1.debian.tar.xz Checksums-Sha256: 138acfc744f124fea1c243bc5f67ade8d12fec7e9f9ac33253015df022bbbf53 2911 exim4_4.93-13~bpo10+1.dsc 6a445a18e846812e5f5e74f387ae7b0e7324801b0408d38c8486526e92543927 490060 exim4_4.93-13~bpo10+1.debian.tar.xz Files: ed61b96b786c2a1713908de51627216a 2911 mail standard exim4_4.93-13~bpo10+1.dsc 4a2b02eb5eb34cb3f78e3470f563d40b 490060 mail standard exim4_4.93-13~bpo10+1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl56RRgACgkQpU8BhUOC FISG8w//QtDy74m9xyAHW5FCrACrWVH/Xn+DdMcgvb5CoK9RYKScXxZc59+tdavE CpEKyau9JOfYlQtyVrz8X9qJSo3EeJJD/pPGYI4UFStdUgatAq3EU5x9yk7VN+YP LGwi1MFEBxhUMlhJcOLrFpQEvjB0sHXL4GsTNautwCW7yyKuQ1t5mm0uUl4PxG+q Y5kUVis2hS1Doze0d9X1otpxfZo9LU2oPBp3O25gaywP2YPniRBHqitr+NUXNTKz 4tMbpQ6iCAeYsV1y/5WZfefVMlUqumcFy34XcbNvQD7N4GWzTaXpeeJVFBHQfZwp TabPBPiEt+17/k+WXiVua0jEPiSd7sxH5XYQGkMsfVHPadQgcpyPVpkVt7V/NtlI dQ1PzA9VAo+6FlAKX8qOmz5vgWEsRyUXs9/1ZxcuB0whle1ucPjapzDUSjelLnSi IgMtXdiVo+nNMSnbuznTRWSQ2myZXGWx2KUXspZkagEbnesFRcHGxEZpUIlnTEFb o00L5DLK52x+dL9qQD68ZOCBJ1K/PC9gcyoFTjMSAPcIv1b7x+gmP43oziYKNroi DIlz7wNFHD5SvOvt/kRn+CV8OghCAANDba2VzpTKM22fUgflQ1826uZlnFr/DJWz BhNQo1DEuSYGOu2ZdGSp3b2u8SU+UADF/MVZVrNaAkqJ/MkZZ+8= =ASwk -----END PGP SIGNATURE-----