-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 May 2024 18:39:30 +0200 Source: exim4 Binary: exim4 exim4-base exim4-base-dbgsym exim4-config exim4-daemon-heavy exim4-daemon-heavy-dbgsym exim4-daemon-light exim4-daemon-light-dbgsym exim4-dev eximon4 eximon4-dbgsym Architecture: source amd64 all Version: 4.97-8~bpo12+1 Distribution: bookworm-backports Urgency: high Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org> Changed-By: Andreas Metzler <ametzler@debian.org> Description: exim4 - metapackage to ease Exim MTA (v4) installation exim4-base - support files for all Exim MTA (v4) packages exim4-config - configuration for the Exim MTA (v4) exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac exim4-daemon-light - lightweight Exim MTA (v4) daemon exim4-dev - header files for the Exim MTA (v4) packages eximon4 - monitor application for the Exim MTA (v4) (X11 interface) Closes: 1025420 1037127 1043233 1051945 1053110 1053310 1053447 1053788 1054492 1059387 1065107 Changes: exim4 (4.97-8~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. . exim4 (4.97-8) unstable; urgency=medium . * Pull fixes from upstream GIT master: + 78_35-Fix-encoding-for-AUTH-on-MAIL-FROM.patch + 78_37-Logging-fix-receive-time-crash-with-recipients-loggi.patch + 78_39-SRS-fix-encode-for-local-part-with-zero-length-quote.patch (exim bug #3087) . exim4 (4.97-7) unstable; urgency=medium . * Pull fixes from upstream GIT master: + 78_30-Rewrites-fix-delivery-crash-from-constant-errors_to..patch (exim bug #3066) + 78_31-Lookups-fix-dbmnz-crash-on-zero-length-datum.-Bug-30.patch (exim bug #3081) * Update lintian overrides. . exim4 (4.97-6) unstable; urgency=high . * Add b-d on libnsl-dev to fix (temporary) FTBFS. Closes: #1065107 * Pull fixes from upstream GIT master: 78_10-Use-non-releaseable-memory-for-regex-match-strings.-.patch 78_11-use-dynamic-mem-for-regex_match_string.patch 78_12-Use-non-releasable-memory-for-regex-line-buffer.patch 78_15-regex-avoid-releasing-built-RE-midloop.patch 78_21-Lookups-avoid-leaking-user-passwd-from-server-spec-t.patch 78_23-Fix-crash-on-empty-oMt-argument.-Bug-3070.patch * 78_06, 78_07, 78_10, 78_11, 78_12 and 78_15 together Closes: #1053447 . exim4 (4.97-5) unstable; urgency=low . * Multiple fixes from upstream GIT master: + 73_Check-for-missing-commandline-arg-after-options-taki.patch (upstream bug #3049) + 76_01-Support-old-format-message_id-spoolfiles-for-mailq-b.patch (upstream bug #3050) + 76_05-Fix-periodic-queue-runs.-Bug-3046.patch (upstream bug #3046) + 78_01-Fix-recipient-or-source-selection-in-combination-wit.patch (upstream bug #3064) + 78_02-Eximon-handle-new-format-message-IDs.patch (upstream bug #) + 78_03-Lookups-log-warning-for-deprecated-syntax.-Bug-3068.patch (upstream bug #3068) + 78_04-Exinext-handle-new-format-message-IDs.patch + 78_05-TLS-fix-startup-after-forced-fail.patch (upstream bug #) + 78_06-Appendfile-release-regex-match-store-every-thousand-.patch (upstream bug #3047) + 78_07-ACL-in-regex-condition-release-store-every-thousand-.patch (upstream bug #3047) + 78_08-Fix-smtp-transport-response-to-close-after-all-rcpt-.patch (upstream bug #3059) . exim4 (4.97-4) unstable; urgency=medium . * autopkgtest: Stop using previously deprecated swaks feature to autodetect whether the argument for --data was a file. This was dropped in swaks 20240102.0. . exim4 (4.97-3) unstable; urgency=medium . * Fixes from upstream GIT master: 77_01-Reject-dot-LF-as-ending-data-phase.-Bug-3063.patch 77_02-Use-enum-for-body-data-input-state-machine.patch 77_03-Reject-dot-LF-as-ending-data-phase-pt.-2-.-Bug-3063.patch + Enforce a data synch check before emitting the 354 "go ahead". Previously this was only done if a pre-data ACL was configured. + Refuse to accept a line "dot, LF" as end-of-DATA unless operating in LF-only mode (as detected from the first header line). Previously we did accept that in (normal) CRLF mode; this has been raised as a possible attack scenario (under the name "smtp smuggling"). Closes: #1059387 CVE-2023-51766 . exim4 (4.97-2) unstable; urgency=medium . * Add 75-04-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch from upstream git master to fix dnsdb lookup regression. (Upstream bug 3054) * Due to being rebuilt with a newer debhelper exim4-base.service and exim4-base.timer move to /usr/lib/systemd/. . exim4 (4.97-1) unstable; urgency=medium . * Drop reference to QUEUEINTERVAL from conf.d/retry/30_exim4-config. (Thanks, Vincent Lefevre!) Closes: #1054492 * New upstream version. + Update debian/copyright. . exim4 (4.97~RC3-1) unstable; urgency=medium . * New upstream version, drop patches pulled from master. . exim4 (4.97~RC2-2) unstable; urgency=high . * 76_changesfrom_4.96.2.diff: Pull fixes for CVE-2023-42117 and CVE-2023-42119 from upstream GIT master. Closes: #1053310 . exim4 (4.97~RC2-1) unstable; urgency=low . * Generate /etc/default/exim4 in exim4-config.postinst instead of /etc/default/exim. Closes: #1053788 * Also remove the unused file and generate the correct one if missing. * New upstream version. + Drop 75-01-Auths*.diff. * Add two post-release fixes: + 75-01-Fix-crash-in-SPF-DNS-usage.patch + 75-02-SPF-harden-against-crafted-DNS-responses.patch . exim4 (4.97~RC1-2) unstable; urgency=high . * Address SPA authenticator vulnerabilities (CVE-2023-42114, CVE-2023-42115, CVE-2023-42116) - Auths: fix possible OOB write in external authenticator (CVE-2023-42115) - Auths: use uschar more in spa authenticator - Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116) - Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114) . exim4 (4.97~RC1-1) unstable; urgency=medium . [ Helmut Grohne ] * Fix FTBFS when dh_installsystemd installs units to /usr. Closes: #1053110 . [ Andreas Metzler ] * New upstream version. + Drop 75_01-Fix-tr.-and-empty-strings.-Bug-3023.patch. . exim4 (4.97~RC0-3) unstable; urgency=medium . * Drop misleading phrase regarding incoming TLS support in README.Debian. Closes: #1051945 * Improve on description of group setting for pipe deliveries in README.Debian. * 75_01-Fix-tr.-and-empty-strings.-Bug-3023.patch from upstream GIT master fixing crashes in string expansion. https://bugs.exim.org/show_bug.cgi?id=3023 . exim4 (4.97~RC0-2) unstable; urgency=low . * Fix URL of specific upstream exim bugreport in README.Debian. * Upload to unstable. * Add NEWS entry for format change of internal ID used for message identification. (See upstream changelog JH/29!) * Generate manpage for exim_msgdate(8) with pod2man and ship it. * Add manpage for exim_id_update. . exim4 (4.97~RC0-1) experimental; urgency=low . * New upstream version. + Drop cherry-picked patches. + Unfuzz 90_localscan_dlopen.dpatch. + Add b-d and -basde dep on libfile-fcntllock-perl. + Update example conf md5 hash (no changes to merge). * Let -base depend on ${perl:Depends}. . exim4 (4.96-22) unstable; urgency=low . * Fix architecture all build. . exim4 (4.96-21) unstable; urgency=low . * tests/basic: Add isolation-container restriction (needs a running exim daemon). * Add ${run } expansion test to tests/basic. * Replace 75_78-Fix-free-of-value-after-run.patch with 75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch fixing $value expansion after ${run ..}. * Upload to unstable. . exim4 (4.96-20) experimental; urgency=low . * Drop support for configuring daemon startup by setting QUEUERUNNER in /etc/default/exim4. Also queue run from /etc/ppp/ip-up.d/exim4 is disabled by default. Also replace QFLAGS, QUEUEINTERVAL, COMMONOPTIONS, QUEUERUNNEROPTIONS and SMTPLISTENEROPTIONS settings for systemd service/init script in etc/default/exim4 with a combined EXIMSERVICE (for systemd) or EXIMDAEMONOPTS (init script) directive. * Drop update-inetd related code from maintainerscripts, update docs. * Drop update-exim4defaults and its manpage It has no users in Debian and with the removal of the queuerunner option functionality does not provide a real benefit over editing /etc/default/exim4. * Ship systemd exim4.service unit in exim4-daemon-* packages. (Mainly inspired by the file from OpenSuse, but using Type=exec and -bdf as in from exim upstream git). Since contrary to the init script /lib/systemd/system/exim4.service is not a conffile we can simply ship it in *both* daemon packages (they have the necessarry conflicts/replaces relation) and let dh_installsystemd handle maintainerscripts. * Ship exim4.service in its real location below /usr (by moving after dh_installsystemd has run. * Add lintian-overrides for omitted-systemd-service-for-init.d-script and package-supports-alternative-init-but-no-init.d-script which are triggered by service file and init script being in different packages. . exim4 (4.96-19) unstable; urgency=medium . * 77_fix_autogencert_expiry.diff: Fix on-demand TLS cert expiry date. Closes: #1043233 . exim4 (4.96-18) unstable; urgency=medium . * Fixes from upstream GIT master: + 75_78-Fix-free-of-value-after-run.patch + 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch . exim4 (4.96-17) unstable; urgency=low . * Fixes from upstream GIT master: + 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch + 75_75-Fix-json-extract-for-strings-carrying-commas.-Bug-30.patch + 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch + 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch (Upstream bugs 3006, 2998) . exim4 (4.96-16) unstable; urgency=medium . [ Marc Haber ] * Enforce TLS for dovecot_plain_server example. (Thanks: Dominic Preston) Closes: #1037127 . [ Andreas Metzler ] * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion. Previously, when an argument included a close-brace character (eg. it itself used an expansion) an error occurred. Closes: #1025420 * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT master: Fix ${srs_encode ..}. Previously it would give a bad result for one day every 1024 days. Checksums-Sha1: aebae9f6a7d64df87cd13046e3d15315c1588887 2955 exim4_4.97-8~bpo12+1.dsc f0596fb37117f36907cf943d6e369fa942f7fa58 498260 exim4_4.97-8~bpo12+1.debian.tar.xz ac0c851a636c69583af1ba3e9c8bfc6fdc83f2a5 139264 exim4-base-dbgsym_4.97-8~bpo12+1_amd64.deb 9d27f95a6c02ddba1ecd08cdfc468ac145311c61 1138180 exim4-base_4.97-8~bpo12+1_amd64.deb c5ac189350954458c4e828a884469af5abd278d1 254876 exim4-config_4.97-8~bpo12+1_all.deb c691934ed6e81e9178749076c72174ded7420f02 1642896 exim4-daemon-heavy-dbgsym_4.97-8~bpo12+1_amd64.deb 1fd9d64b2f9b9dab571e0db7e7c718122de5717a 683164 exim4-daemon-heavy_4.97-8~bpo12+1_amd64.deb 8015d36a5df9d7d4db4db83d163c9b4c0408950b 1443400 exim4-daemon-light-dbgsym_4.97-8~bpo12+1_amd64.deb 0fb0b283dfb8bef47c2cad8bcc1ebeeafa887a85 621092 exim4-daemon-light_4.97-8~bpo12+1_amd64.deb baa0e495107d5884871e8e10503a1d82b760972f 41448 exim4-dev_4.97-8~bpo12+1_amd64.deb f277a3b9d84189d9e841377304ef00bd6d3805b1 7192 exim4_4.97-8~bpo12+1_all.deb 9089774898b060451c0deaa73418fe231f2fc7cd 11913 exim4_4.97-8~bpo12+1_amd64.buildinfo a1a892b57a149ac390dbfd12b14c73b26a6530fb 137888 eximon4-dbgsym_4.97-8~bpo12+1_amd64.deb 88cd7df51722d568461b0d203c7b3af985c65543 76480 eximon4_4.97-8~bpo12+1_amd64.deb Checksums-Sha256: 5401b189e5007fd8806f59ee452415a0392bb49c9ea7f2f27e42d1c970ec81a9 2955 exim4_4.97-8~bpo12+1.dsc ee7a2e82c856cea8126716836647fd860a2c41495fea3f8f2917c686aa2a5c67 498260 exim4_4.97-8~bpo12+1.debian.tar.xz f59a9f63ac0671835777a18d42f0d24bbfc083973040d82851b9169c7f63d1b8 139264 exim4-base-dbgsym_4.97-8~bpo12+1_amd64.deb ee70f0312fcc208fb5949005fd56be33acdeb066f73684964d41a56ea0d6c38e 1138180 exim4-base_4.97-8~bpo12+1_amd64.deb 1ee3e3c2ebdf44d0e28d8fd1fc73e9549901e45f5bd64157be41a213b5c72145 254876 exim4-config_4.97-8~bpo12+1_all.deb 3a45371aca9925ccafa46b5121c93d4bc52f8820a55f4991de6f2074b7fd68b7 1642896 exim4-daemon-heavy-dbgsym_4.97-8~bpo12+1_amd64.deb b640ec08ec7c815ac31f1fb001d31deee161ec13362f61f989f4a39ad7f5b247 683164 exim4-daemon-heavy_4.97-8~bpo12+1_amd64.deb f752149546c6e1f3dff05c85489281fd582635a9fa0b33a51240b3864c6d7fa3 1443400 exim4-daemon-light-dbgsym_4.97-8~bpo12+1_amd64.deb 12e9e318c47efa70e38ae3180907bf3201672b224ec621db17162fbf396807f9 621092 exim4-daemon-light_4.97-8~bpo12+1_amd64.deb 7798f91a0efe781f4ef86b90a06cd46ed61b2b97a5b1e4cf3f027389bee74aef 41448 exim4-dev_4.97-8~bpo12+1_amd64.deb 1e54d095b2aeb37ca142ec9f003a4a6ca065e9b951090d684127f87ac09aa283 7192 exim4_4.97-8~bpo12+1_all.deb 3420a1579cdbf5875516fe00e4f26ecad09731af552d18054b00f461bd43d75c 11913 exim4_4.97-8~bpo12+1_amd64.buildinfo 56bc73c5693690737ce7d6746b599a8d9b9988f1716983dfc7c16e08efbb71d7 137888 eximon4-dbgsym_4.97-8~bpo12+1_amd64.deb 3a0074eb0cd61f8b4b4b2e000c4bdf60fda04ee0ba42f9b46e78e5dc641c6b85 76480 eximon4_4.97-8~bpo12+1_amd64.deb Files: 20b634e236fffa8183cd0eb065f9555b 2955 mail standard exim4_4.97-8~bpo12+1.dsc 0402baa1b86b3455fac4e22399b3746a 498260 mail standard exim4_4.97-8~bpo12+1.debian.tar.xz d5439f84ff3548481bef8dbe5868a826 139264 debug optional exim4-base-dbgsym_4.97-8~bpo12+1_amd64.deb 0397ee0b3ea5be265371274338ce2b94 1138180 mail optional exim4-base_4.97-8~bpo12+1_amd64.deb d91b007a93f8c2460590d2fda588423b 254876 mail optional exim4-config_4.97-8~bpo12+1_all.deb e03a133a9f11c5705eab3832e9104835 1642896 debug optional exim4-daemon-heavy-dbgsym_4.97-8~bpo12+1_amd64.deb 66f53b2843c844d09b26de482f36bce9 683164 mail optional exim4-daemon-heavy_4.97-8~bpo12+1_amd64.deb b4ed25ede05feec4d5a8ed34d7b1cbe3 1443400 debug optional exim4-daemon-light-dbgsym_4.97-8~bpo12+1_amd64.deb fca56593a2ecedb3f6f3aff9891843bb 621092 mail optional exim4-daemon-light_4.97-8~bpo12+1_amd64.deb 3fa713d1bccc2e4922189ba9f2af93d7 41448 mail optional exim4-dev_4.97-8~bpo12+1_amd64.deb 262b622684ed37d97bfb9408c4986539 7192 mail optional exim4_4.97-8~bpo12+1_all.deb 5c229f1254c74c4d4b80ddb1e5e5d420 11913 mail standard exim4_4.97-8~bpo12+1_amd64.buildinfo dc6ce5b533f121f781ca4b6b1c69a0ab 137888 debug optional eximon4-dbgsym_4.97-8~bpo12+1_amd64.deb a61030bdc025c94ab801b2f565a5b491 76480 mail optional eximon4_4.97-8~bpo12+1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmY1FMgACgkQpU8BhUOC FIQbexAAgE2gnbZx0qqAGHYti+ezb79Qa+czwosqI7lDuHMXBebYK08ehv9aWsHv Yjp1P6pqxSidWk2a2dumGZyVeu3bwZvuLorGIR3NyNDMplEpoM6fEwJSvZAFi08T Fj8XcKsaQe0+CAsE4n02/D7tJqEp2nD+c926uPsPXM3eyEYfHhen3CpeA6EyK5Bz jRWNC958aEtYyyhm1RtrpMcipeHnSM2uSQO/++X927TIvwjNxZA2OsP/8TsmdkiI wA6hFm+rIMXifRF1oTvzX9pJxiTuLItVPPSCQpdOTxpSfmBD+dFoo32Oh/WpcXr7 tnKDnHcgUAA/CgXumidMVzagxYha7HytwmeEXTIQmODKQnKGXkLhEWyNCI9V32CG kT1cALfijgo6CQDHDMP1biquoOkhFPVFTRNm4ifjxaA6zCRctwvFSA05HTn14r5q BrwTs8PNy6IEeJPv4cv0xTvRY8GdZ3dmZknq/kv3K+hIgUbB7mp8nDooJ6xPP/In oJNhhKLo/88uIq0wJUlMSndHic8NQrCAuj4ZS7caNpHy2b7xsRRpWl63QsN9BT/a 4LbXrr45eMZpA51U64+wYGOa+6klKo3dKBeYrVaVTJDaGZv1CALn3ymlEu9CQbPy mF1LdveBKD8CXO+1cqFaTJ1Q2qYmAhFKfY5MnC1ijI/t13xNHzM= =s994 -----END PGP SIGNATURE-----