Accepted exim4 4.90.1-4~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Mar 2018 13:20:34 +0200
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev
Architecture: source amd64 all
Version: 4.90.1-4~bpo9+1
Distribution: stretch-backports
Urgency: critical
Maintainer: Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Description:
 exim4      - metapackage to ease Exim MTA (v4) installation
 exim4-base - support files for all Exim MTA (v4) packages
 exim4-config - configuration for the Exim MTA (v4)
 exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
 exim4-daemon-light - lightweight Exim MTA (v4) daemon
 exim4-dev  - header files for the Exim MTA (v4) packages
 eximon4    - monitor application for the Exim MTA (v4) (X11 interface)
Closes: 783813 865287 871688 874772 882648 882671 887489 887971 887972 890000
Changes:
 exim4 (4.90.1-4~bpo9+1) stretch-backports; urgency=medium
 .
   * Rebuild for stretch-backports.
 .
 exim4 (4.90.1-4) unstable; urgency=medium
 .
   * Update from exim-4_90+fixes branch:
     75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch
     75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch
     75_13-Unbreak-DMARC.patch
     75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch
 .
 exim4 (4.90.1-3) unstable; urgency=medium
 .
   * Update from exim-4_90+fixes branch:
     75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch
     75_08-Mark-variables-unused-before-release-of-store-in-the.patch
     75_09-Mark-variables-unused-before-release-of-store-in-the.patch
     75_10-Mark-variables-that-are-unused-before-release-of-sto.patch
 .
 exim4 (4.90.1-2) unstable; urgency=medium
 .
   * Update from exim-4_90+fixes branch:
     75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch
     75_02-Fix-memory-leak-during-multi-message-reception-using.patch
     75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch
     75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch
     75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch
     75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch
 .
 exim4 (4.90.1-1) unstable; urgency=high
 .
   * New upstream version, fixing CVE-2018-6789. Closes: #890000
     + Drop 75_*.patch.
 .
 exim4 (4.90-7) unstable; urgency=medium
 .
   * Update from exim-4_90+fixes branch. (exim-4.90.0.27)
     + 75_21-DKIM-fix-buffer-overflow-in-verify.patch
     + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
     + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
   * Typo fixes in old patch descriptions. (Thanks, lintian!)
 .
 exim4 (4.90-6) unstable; urgency=medium
 .
   * Update from exim-4_90+fixes branch.
     + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
     + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
       Closes: #887489
     + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
     + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch
 .
 exim4 (4.90-5) unstable; urgency=low
 .
   * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
     exim-4_90+fixes branch.
   * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
   * [update-exim4.conf] stop converting variables set to an empty value in
     /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
     "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972
 .
 exim4 (4.90-4) unstable; urgency=low
 .
   * Update from exim-4_90+fixes branch.
     75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
     75_14-Fix-D-string-expansion-to-not-use-millisec.patch
     75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch
 .
 exim4 (4.90-3) unstable; urgency=medium
 .
   * Three more patches from exim-4_90+fixes branch:
     75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
     75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
     75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch
 .
 exim4 (4.90-2) unstable; urgency=medium
 .
   * Update to exim-4_90+fixes branch:
     + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
     + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
     + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
     + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
     + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
     + 75_05-Fix-build-of-nisplus-lookup.patch
     + 75_06-Fix-const-issue-in-nisplus-lookup.patch
     + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
     + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch
 .
 exim4 (4.90-1) unstable; urgency=low
 .
   * rc4 released as 4.90.
   * Point watchfile to release directory again.
   * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
     GIT master branch. Fix pgsql lookup for multiple result-tuples with a
     single column. Previously only the last row was returned.
     https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
   * Simplify debian/rules and make it usable with dh v10 compat. The
     fine-grained support for selecting the to be built packages (-custom with
     or without -base) was dropped. The build process is now controlled by
     attaching tasks to dh-override hooks instead of using file dependencies,
     makefile-style.  The latter broke with dh v10 due to upstream's
     build-system which always has the main targets out-of-date inter alia due
     to the compile-number feature.
   * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
     buildflags ATM.)
   * Use debhelper v10 compat.
   * Drop override_dh_strip-arch, we have had enough toolchain and
     source changes to prevent file conflicts.
 .
 exim4 (4.90~RC4-1) unstable; urgency=medium
 .
   * New upstream version.
 .
 exim4 (4.90~RC3-2) unstable; urgency=low
 .
   * Upload to unstable.
   * Point homepage to https URL.
 .
 exim4 (4.90~RC3-1) experimental; urgency=medium
 .
   * New upstream version.
     + Fix a use-after-free while reading smtp input for header lines.
       A crafted sequence of BDAT commands could result in in-use memory
       being freed.  CVE-2017-16943. Closes: #882648
     + Fix checking for leading-dot on a line during headers reading
       from SMTP input.  Previously it was always done; now only done for
       DATA and not BDAT commands.  CVE-2017-16944 Closes: #882671
   * Drop 78_Disable-chunking-BDAT-by-default.patch again.
 .
 exim4 (4.90~RC2-3) experimental; urgency=medium
 .
   * As a workaround for the yet-unfixed security vulnerability resurrect (and
     adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
     4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
     https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
 .
 exim4 (4.90~RC2-2) experimental; urgency=low
 .
   * B-d on lynx, instead of lynx-cur | lynx.
 .
 exim4 (4.90~RC2-1) experimental; urgency=low
 .
   * New upstream release candidate.
     + Unfuzz patches, drop 40_reproducible_build.diff and
       75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
     + Refresh debian/example.conf.md5, No changes to Debian's configuration
       needed, upstream added a (commented) entry to change OpenSSL ciphers.
 .
 exim4 (4.90~RC1-1) experimental; urgency=low
 .
   * New upstream release candidate.
     + Point watchfile to test subdirectory.
     + Update 40_reproducible_build.diff
     + Drop 75_fixes*.patch and
       80_Repair-manualroute-transport-name-not-last-option.patch.
     + Unfuzz EDITME*.diff
     + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
       SOURCE_DATE_EPOCH is set.
   * Drop trailing whitespace in debian/README.source, debian/changelog and
     debian/rules. (Thanks, lintian)
   * Drop debian/README.source and outdated parts of debian/copyright.
 .
 exim4 (4.89-13) unstable; urgency=high
 .
   * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
     from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944
 .
 exim4 (4.89-12) unstable; urgency=high
 .
   * Sync with exim-4_89+fixes branch:
     + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
     + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
       Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
   * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.
 .
 exim4 (4.89-11) unstable; urgency=critical
 .
   * B-d on lynx, instead of lynx-cur | lynx.
 .
 exim4 (4.89-10) unstable; urgency=critical
 .
   * As a workaround for the yet-unfixed security vulnerability resurrect
     78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
     both incoming and outgoing BDAT/CHUNKING. #882648
     https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
 .
 exim4 (4.89-9) unstable; urgency=medium
 .
   * Upload to unstable.
 .
 exim4 (4.89-8) experimental; urgency=low
 .
   * Sync with exim-4_89+fixes branch:
     75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch
     75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch
   * Point watchfile to https site.
 .
 exim4 (4.89-7) unstable; urgency=low
 .
   * In debian/rules' manually called update-mtaconflicts target use
     grep-aptavail instead of hard-coding /var/lib/apt/lists/.
     (Thanks, Julian Andres Klode) Closes: #874772
   * Update debian/mtalist.
   * Sync with exim-4_89+fixes branch:
     75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch
     75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch
     75_fixes_15-SOCKS-fix-unitialized-pointer.patch
     75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch.
 .
 exim4 (4.89-6) unstable; urgency=medium
 .
   * Use "runuser --command ..." instead of "su - --command ..." in
     exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688
     (Thanks, Jakobus Schürz)
   * Sync priorities with override file: exim4{,-base,-config,-daemon-light}
     optional from standard, exim4-dev optional from extra.
   * In debian/rules when setting up the build-tree for -custom also copy
     EDITME.eximon to allow building based on EDITME.exim4-light with eximon
     building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813
 .
 exim4 (4.89-5) unstable; urgency=medium
 .
   * Update to exim-4_89+fixes branch:
     75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch
     75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch
     (replaces 79_CVE-2017-1000369.patch)
     75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces
     81_Fix-log-line-corruption-for-DKIM-status.patch)
     75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch
     75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
     75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch
     75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch
     75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch
     (CVE-2017-10140)
     75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch
     75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch
     75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch
   * Simplify debian/rules by including buildflags.mk unconditionally which was
     introduced in dpkg 1.16.1 released in October 2011.
   * Use pkg-info.mk to get package-version, upstream-version and
     SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not
     provided by pkg-info.mk.
   * [lintian] In *daemon.postinst use which certtool instead of
     [ -x /usr/bin/certtool ] to check for availablility of the command.
 .
 exim4 (4.89-4) unstable; urgency=low
 .
   * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT
     master: Starting with 4.85 a transport name needed to specified after
     options in route_list. Closes: #865287
   * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master.
   * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by
     default.
   * Standards-Version: 4.0.0
     + Do not check for availability of invoke-rc.d, use it always and do not
       fall back to invoking the init-script directly.
     + Drop eximon menu file.
   * Migrate to automatic debug packages. Bump b-d on debhelper since
     --dbgsym-migration was introduced in debhelper 9.20160114.
 .
 exim4 (4.89-3) unstable; urgency=high
 .
   * Re-upload to unstable.
Checksums-Sha1:
 04a66ed1357de886bfd5b66708212ea7aa7c64e3 2874 exim4_4.90.1-4~bpo9+1.dsc
 ffd8c97632c6a875557f8eca766bcdcfa4fb04f1 458832 exim4_4.90.1-4~bpo9+1.debian.tar.xz
 15ed99f0623156fc7f595ea913f49a801eae0c7a 269998 exim4-base-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 e350475556850232ea5359211b822e7f6d2bde37 1109454 exim4-base_4.90.1-4~bpo9+1_amd64.deb
 8dff565b6b1c94cdd98f5e3bb074fe8976790fbd 380136 exim4-config_4.90.1-4~bpo9+1_all.deb
 b43ac6610cdfa96167ae90e09d0fa1a6fafd2898 2090666 exim4-daemon-heavy-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 ddf91c220e329acbf14d663af5528d3e6b7e260e 614514 exim4-daemon-heavy_4.90.1-4~bpo9+1_amd64.deb
 4b3a68b33d3809eeedf9c1692daf1ddc43a81a90 1782900 exim4-daemon-light-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 c3fbdaf003b272a328db8526e5b826abf738699d 562988 exim4-daemon-light_4.90.1-4~bpo9+1_amd64.deb
 a3d239d52079ac42fd3512d1107ac6d8a245a55c 102468 exim4-dev_4.90.1-4~bpo9+1_amd64.deb
 7f00ff221ba835de0b19a0d585337eef478a076b 7874 exim4_4.90.1-4~bpo9+1_all.deb
 6b04e7e05e784f62bb54f1c969a9138fb6faf523 11481 exim4_4.90.1-4~bpo9+1_amd64.buildinfo
 fcc5f374a9e2f9143048327f38a02a487b3b9101 275760 eximon4-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 c8084eb2b08dc39207e4b4f9078012f917e7f000 132332 eximon4_4.90.1-4~bpo9+1_amd64.deb
Checksums-Sha256:
 dc1f315c8b0d3a99062e1d79be4e85e5dc7934319187f14ea368cf5c80444ed6 2874 exim4_4.90.1-4~bpo9+1.dsc
 b022de611f539d5310775463e60c32c2536553897467fef536b121dd6ac201ec 458832 exim4_4.90.1-4~bpo9+1.debian.tar.xz
 1a797d9f6d35f127ee332072e7c47064812fc1b3ca946024e7c4f13d1a14f4a0 269998 exim4-base-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 ebd960f76f07041a6831477ed065dc1d6b0bbd550dd157a9c3f4330b2a80016c 1109454 exim4-base_4.90.1-4~bpo9+1_amd64.deb
 944bd49eb67c54fa6c132aa6e80e6c0f061b0905ac5c1737f11157ecc2731865 380136 exim4-config_4.90.1-4~bpo9+1_all.deb
 57504fa6124ebb4b57792b765b4d5a2c85957144ecded4a1fbfa8e2c62a82efc 2090666 exim4-daemon-heavy-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 d441d1a890592aed37197c856a613042836038aeddbf6e691c5e011d44043340 614514 exim4-daemon-heavy_4.90.1-4~bpo9+1_amd64.deb
 4ca91e67f6472959b9dd1a89feb14a1c07009826a82039b33e5b691f97ab800b 1782900 exim4-daemon-light-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 d4448ce60eaaa61520cf1c1bbf02c67e2ea54c0f28829b7a7483dc32d86e0639 562988 exim4-daemon-light_4.90.1-4~bpo9+1_amd64.deb
 e808c88b3b561041fb1ffab0f565626e4a6f7dd629e158465e64e2d5c558e747 102468 exim4-dev_4.90.1-4~bpo9+1_amd64.deb
 4cf8c1b9e5007b04c4f686d91cf9b949f9d679cb38b1b9baa164b067e73aafac 7874 exim4_4.90.1-4~bpo9+1_all.deb
 5ff7503a11bdd5eab9745ac8407187eb1b9113541b1d63106e9069a1d17c4711 11481 exim4_4.90.1-4~bpo9+1_amd64.buildinfo
 a97676303d02e555f8396deedb6ff023502ff4b26c355675073c4b54b5642d07 275760 eximon4-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 018840a06e9654436120cbfb1f4b57a9be353ce9c9dd6e4bac60e820ba8b80a1 132332 eximon4_4.90.1-4~bpo9+1_amd64.deb
Files:
 443ae0fd7a4529d03e8b8e609888793d 2874 mail standard exim4_4.90.1-4~bpo9+1.dsc
 759747ee6b93781d9d23e4dbe1279483 458832 mail standard exim4_4.90.1-4~bpo9+1.debian.tar.xz
 1e3e14e83692519a9b3fc69f553c2142 269998 debug extra exim4-base-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 dceebc1653e5ab44945f008612629c05 1109454 mail optional exim4-base_4.90.1-4~bpo9+1_amd64.deb
 0a7f6a9cbfa89182491ad8174d78b781 380136 mail optional exim4-config_4.90.1-4~bpo9+1_all.deb
 46143597f027f82a44fd04309face121 2090666 debug extra exim4-daemon-heavy-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 6311431b676a0d3071d4c6dd960a4322 614514 mail optional exim4-daemon-heavy_4.90.1-4~bpo9+1_amd64.deb
 ca676c42dc59fef9b972a0a7c02e4560 1782900 debug extra exim4-daemon-light-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 618c92776194f75621f624f4b68bfc5a 562988 mail optional exim4-daemon-light_4.90.1-4~bpo9+1_amd64.deb
 15f650b5b57f36fd17a390b136d26d11 102468 mail optional exim4-dev_4.90.1-4~bpo9+1_amd64.deb
 57ee5343011ccfef39e6eebcb57b7eac 7874 mail optional exim4_4.90.1-4~bpo9+1_all.deb
 aa6e1ebaafd8cc11980564c4ce0b8aa3 11481 mail standard exim4_4.90.1-4~bpo9+1_amd64.buildinfo
 3cfbeca2b498b0c535ad07c958ad9557 275760 debug extra eximon4-dbgsym_4.90.1-4~bpo9+1_amd64.deb
 069039795b965fb61ca6a320c0fc14d5 132332 mail optional eximon4_4.90.1-4~bpo9+1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlq/cOwACgkQpU8BhUOC
FISobQ/9ER7gLIxWL/wvlZfkWmyLYK5GT7dDirzsPiXvQI12DATGJPx/fleTT1e0
0MkOpdTyqq7BjS44BTAIsJ5IkAqdFHGID4aqCZ9p/U3SV5a2kyKSKStTIYjESZKv
IoIuf3iog9RMj95UduQvqAKCGtUu2Y8Mtmh8pUpRryDJ21W6QvmX4jl3uFcWCmHh
m3h8SklKkT+qMtxcOQxeMYKxirWM8xseEyR9ZFu+8xdEACnQoVoLFcAvLYaKoylr
pPDn7FMVDfaE6PPz/9T2JqekMzObnWbDX86itCJf4wgB3aLp3KO99gTMlcFN8ksa
kUrPvuzqmBuuiV9sPT2HB7PIXUMnsoqBWVGB5PsjY0X524A2H9uiHSOSXHRSCgv8
5zKT8aJgb1uj0RHrs0wBOAd69JY4Eg/6vJdNv0zSrsBLXT6EuwlgCTjm3+qkASwp
37YMQXJZgUjlhTC0uJrj4AVoixsLwo2ygOMfXt3bHebm/nPnac8hjiVULXt/Pm0k
3USXU3ODjdSABWrvB09z8eChYVIhUGJRAFnYex34gAK5J0IFuxsJk12Hy0DhhZOx
ahmx+y1BM+m2GqjPJEIupoGgIUyAbGvxkGRaJVAtrJ0HhdQielzI/81+Jg+QGk2h
xxsS9EKxUc/tzqEdGsqbmcVXk9gOO1HJdgzE36oS68bf32NOzq4=
=TlMt
-----END PGP SIGNATURE-----