exim4 (4.96-15+deb12u6) bookworm; urgency=medium * Fix crash in dbmnz when looking up keys with no content. Closes: #1080472 -- Andreas Metzler Sat, 28 Sep 2024 16:49:26 +0200 exim4 (4.96-15+deb12u5) bookworm-security; urgency=high * Fix parsing of multiline RFC 2231 header filename parameter in mime ACL. CVE-2024-39929 Closes: #1075785 -- Andreas Metzler Tue, 09 Jul 2024 10:53:35 +0200 exim4 (4.96-15+deb12u4) bookworm-security; urgency=high * 77_CVE-2023-51766_4.97.1-release.diff from 4,97.1 release: Refuse to accept a line "dot, LF" as end-of-DATA unless operating in LF-only mode (as detected from the first header line) to fix smtp-smuggling (CVE-2023-51766). Closes: #1059387 -- Andreas Metzler Mon, 01 Jan 2024 17:58:00 +0100 exim4 (4.96-15+deb12u3) bookworm; urgency=medium * Multiple bugfixes from upstream GIT master: + 75_74-Cancel-early-pipe-on-an-observed-advertising-change.patch + 75_76-Expansions-disallow-UTF-16-surrogates-from-utf8clean.patch (Upstream bug 2998) + 75_77-GnuTLS-fix-crash-with-tls_dhparam-none.patch + 75_79-Fix-recipients-expansion-when-used-within-run.-.-Bug.patch (Upstream bug 3013) + 75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch: Fix on-demand TLS cert expiry date. Closes: #1043233 (Upstream bug 3014) + 75_83-Re-fix-live-variable-value-free.-The-inital-fix-resu.patch + 76-10-Fix-tr.-and-empty-strings.-Bug-3023.patch ((Upstream bug 3023) + 76-12-DNS-more-hardening-against-crafted-responses.patch + 76-14-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch Fix regression in dnsdb in CVE-2023-42119 fix. (Upstream bug 3054) * tests/basic: Add isolation-container restriction (needs a running exim daemon). * Add ${run } expansion test to tests/basic. * Update code to 4.96.2, fixing issues with the proxy protocol (CVE-2023-42117) and the `dnsdb` lookup subsystem (CVE-2023-42119). It also includes additional hardening for spf lookups, however CVE-2023-42118 was diagnosed as a vulnerability in the libspf2 library and needs to be addressed there. Closes: #1053310 -- Andreas Metzler Wed, 18 Nov 2023 11:07:57 +0100 exim4 (4.96-15+deb12u2) bookworm-security; urgency=high * Non-maintainer upload by the Security Team. * Address external and SPA authenticator vulnerabilities (CVE-2023-42114, CVE-2023-42115, CVE-2023-42116) - Auths: fix possible OOB write in external authenticator (CVE-2023-42115) - Auths: use uschar more in spa authenticator - Auths: fix possible OOB write in SPA authenticator (CVE-2023-42116) - Auths: fix possible OOB read in SPA authenticator (CVE-2023-42114) -- Salvatore Bonaccorso Fri, 29 Sep 2023 22:38:02 +0200 exim4 (4.96-15+deb12u1) bookworm; urgency=medium * 75_42-Fix-run-arg-parsing.patch (From upstream GIT master, backported by Bryce Harrington for Ubuntu): Fix argument parsing for ${run } expansion. Previously, when an argument included a close-brace character (eg. it itself used an expansion) an error occurred. Closes: #1025420 * 75_68-Fix-srs_encode-.-for-mod-1024-day-zero.patch from upstream GIT master: Fix ${srs_encode ..}. Previously it would give a bad result for one day every 1024 days. -- Andreas Metzler Sun, 02 Jul 2023 14:56:17 +0200 exim4 (4.96-15) unstable; urgency=medium * Pull from upstream GIT master: + 75_70-Fix-variable-initialisation-in-smtp-transport.-Bug-2.patch Fix a crash in the smtp transport. https://bugs.exim.org/show_bug.cgi?id=2996 -- Andreas Metzler Wed, 10 May 2023 18:30:35 +0200 exim4 (4.96-14) unstable; urgency=medium * Pull from upstream GIT master: + 75_66-Fix-crash-in-expansions.patch * [lintian]: b-d on libidn-dev instead of libidn11-dev. * [lintian]: Drop dependency on transitional package lsb-base. (Depended on package sysvinit-utils is Esssential: yes) -- Andreas Metzler Sat, 04 Feb 2023 13:33:50 +0100 exim4 (4.96-13) unstable; urgency=low * Pull fixes from upstream GIT master: 75_58-Close-server-smtp-socket-explicitly-on-connect-ACL-d.patch 75_60-OpenSSL-fix-tls_eccurve-setting-explicit-curve-group.patch 75_62-OpenSSL-Fix-tls_eccurve-on-earlier-versions-than-3.0.patch 75_63-OpenSSL-log-conns-rejected-for-bad-ALPN-with-the-off.patch 75_64-DANE-do-not-check-dns_again_means_nonexist-for-TLSA-.patch -- Andreas Metzler Sat, 07 Jan 2023 14:38:13 +0100 exim4 (4.96-12) unstable; urgency=high * 75_55-Fix-recursion-on-dns_again_means_nonexist.-Bug-2911.patch from upstream GIT master: Fix unbounded recursion in DNS lookups. -- Andreas Metzler Fri, 30 Dec 2022 07:37:00 +0100 exim4 (4.96-11) unstable; urgency=high * 75_50-Fix-logging-of-max-size-log-line.patch: Fix crash on acl logwrite modifier. -- Andreas Metzler Tue, 20 Dec 2022 18:06:06 +0100 exim4 (4.96-10) unstable; urgency=medium * Pull two OpenSSL related fixes (does not apply to Debian binaries) from upstream git master. * Fix pointer truncation issue in DLOPEN_LOCAL_SCAN patch. Thanks to Florian Weimer for patch and bug report. Closes: #1026045 -- Andreas Metzler Mon, 19 Dec 2022 18:23:13 +0100 exim4 (4.96-9) unstable; urgency=medium * Cherrypick three fixes from upstream GIT master: + 75_31-Fix-regext-substring-capture-variables-for-null-matc.patch + 75_32-Fix-regex-substring-capture-variables-for-null-match.patch + 75_34-Fix-regex-substring-capture-commentary.-Bug-2933.patch -- Andreas Metzler Sun, 13 Nov 2022 18:43:32 +0100 exim4 (4.96-8) unstable; urgency=medium * Cherrypick two fixes from upstream GIT master: + 75_22-Fix-daemon-startup.-Bug-2930.patch + 75_23-Fix-reccipients-after-run.-.-Bug-2929.patch -- Andreas Metzler Sat, 05 Nov 2022 07:42:03 +0100 exim4 (4.96-7) unstable; urgency=high * Replace 85_dmarc-api-breakage-workaround.diff with version from upstream GIT master 75_18-Fix-Build-with-libopendmarc-1.4.x-fixes-2728.patch. * 75_19-DMARC-fix-use-after-free-in-dmarc_dns_lookup.patch: Fix use-after-free in dmarc.c. VDB-211919 / CVE-2022-3620. This does not affect Debian *binary* packages since they are not built with DMARC support. Closes: #1022556 -- Andreas Metzler Tue, 25 Oct 2022 18:38:38 +0200 exim4 (4.96-6) unstable; urgency=low * Use a limit of 1G instead of 2G in message_linelength_limit. (Thanks, Frederic Peters) Closes: #1021503 -- Andreas Metzler Mon, 10 Oct 2022 07:02:03 +0200 exim4 (4.96-5) unstable; urgency=low * Add pointers to /etc/mailname documentation to exim4-config_files.5. Closes: #1019946 * Change remote_smtp transports to set message_linelength_limit = 2G if IGNORE_SMTP_LINE_LENGTH_LIMIT was set to avoid accepting messages (due to IGNORE_SMTP_LINE_LENGTH_LIMIT disabling the limit in the ACLs) without being able to pass them on. Closes: #1019959 * Pull 75_16-GnuTLS-fix-for-clients-offering-no-TLS-extensions.patch from upstream GIT. -- Andreas Metzler Sun, 09 Oct 2022 14:26:52 +0200 exim4 (4.96-4) unstable; urgency=low * Cherrypick two fixes from upstream GIT master: + 75_05-SPF-fix-memory-accounting-for-error-case.patch + 75_08-Fix-regex-n-use-after-free.-Bug-2915.patch 75_09-Fix-non-WITH_CONTENT_SCAN-build.patch 75_10-Fix-non-WITH_CONTENT_SCAN-build-2.patch 75_11-Fix-non-WITH_CONTENT_SCAN-build-3.patch * 85_dmarc-api-breakage-workaround.diff: Fix build-error against opendmarc-1.4 which broke API and ABI without soname bump. Closes: #1014945 -- Andreas Metzler Sun, 11 Sep 2022 13:38:26 +0200 exim4 (4.96-3) unstable; urgency=medium * Fix error messages of test-groff -b -mandoc -dAD=l -rF0 -rHY=0 -t -w w -z on processing update-exim4.conf.8 and exim4-config_files.5. Also make mandoc -lint update-exim4.conf.8 happy. (Thanks, Bjarni Ingi Gislason for patch and report.) Closes: #1014347, #1014349, #1014356 * 75_01-Fix-exit-on-attempt-to-rewrite-a-malformed-address.-.patch: Bug 2903: avoid exit on an attempt to rewrite a malformed address. * Add dovecot server-side AUTH example. Closes: #1014235 -- Andreas Metzler Wed, 13 Jul 2022 13:22:40 +0200 exim4 (4.96-1) unstable; urgency=low * New upstream version, almost identical to RC2. * Upload to unstable. * Extend debian/NEWS. * Update lintian-overrides for new lintian version. -- Andreas Metzler Sun, 26 Jun 2022 14:11:00 +0200 exim4 (4.96~RC2-1) experimental; urgency=low * New upstream version. + Drop 75_*.patch. -- Andreas Metzler Thu, 16 Jun 2022 10:32:16 +0200 exim4 (4.96~RC1-2) experimental; urgency=low * Update from upstream GIT master: + 75_70-Debug-clarify-SMTP-DATA-ops-in-transport.patch + 75_71-Docs-more-info-on-PIPECONNECT.patch + 75_72-TLS-resumption-disable-on-continued-connection.patch + 75_73-Logging-distinguish-mem-allocation-errors.patch + 75_74-typo.patch + 75_75-TLS-resumption-fix-for-PIPECONNECT.patch + 75_76-DEBUG-clarify-multiline-smtp-responses.patch + 75_77-CHUNKING-fix-second-message-on-conn-when-first-rejec.patch + 75_78-CHUNKING-handle-protocol-errors-during-reception.patch -- Andreas Metzler Sat, 28 May 2022 11:41:06 +0200 exim4 (4.96~RC1-1) experimental; urgency=low * Merge 4.95-6: 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch: Fix segfault on deferred delivery on first MX. Closes: #1004740 (Huge thanks to Gedalya for finding/setting up a reproducer and taking this upstream.) * New upstream version. * Pull 75_69-ARC-reset-headers-before-signing-for-secondary-MX.-B.patch to fix a crash when built against libarc. -- Andreas Metzler Sat, 21 May 2022 13:09:06 +0200 exim4 (4.96~RC0-1) experimental; urgency=low * Drop code for upgrading from ancient (4.80-7 and earlier) versions in maintainer-scripts. Closes: #1000962 * New upstream version. + Drop cherrypicked patches. + Unfuzz patches (including EDITME*). + Uses pcre2 (Closes: #1000107), update b-d to libpcre2-dev. + The allow_insecure_tainted_data main config option and the "taint" log_selector were removed, add entry to NEWS. -- Andreas Metzler Sun, 24 Apr 2022 18:38:06 +0200 exim4 (4.95-6) unstable; urgency=high * Drop code for upgrading from ancient (4.80-7 and earlier) versions in maintainer-scripts. Closes: #1000962 * 75_68-GnuTLS-Do-not-free-the-cached-creds-on-transport-con.patch: Fix segfault on deferred delivery on first MX. Closes: #1004740 -- Andreas Metzler Fri, 20 May 2022 19:37:43 +0200 exim4 (4.95-5) unstable; urgency=medium * More upstream fixes: + 75_60-Utilities-fix-exiqgrep-perl-syntax-add-testcases.-Bu.patch Closes: #1006661 + 75_64-Logging-fix-crash-on-local_part-utf8-conversion-fail.patch * Update exiqgrep manpage. -- Andreas Metzler Sun, 10 Apr 2022 13:57:43 +0200 exim4 (4.95-4) unstable; urgency=low * Fix typo in exiqgrep.8. * Document all options of exiqgrep in manpage. (Patch by Janne Hess). Closes: #1004428 * Cherry-pick some patches from upstream GIT master: + 75_32-Fix-PAM-auth.-Bug-2813.patch https://bugs.exim.org/show_bug.cgi?id=2813 + 75_35-Exiqgrep-check-arg-parsing.-Bug-2821.patch https://bugs.exim.org/show_bug.cgi?id=2821 + 75_45-Fix-bogus-error-message-copy.-Bug-2857.patch https://bugs.exim.org/show_bug.cgi?id=2857 + 75_50-Fix-include_directory-in-redirect-routers.-Bug-2715.patch Closes: #988301 + 75_55-Specific-check-for-null-pointer.patch * Add lintian override for fp bash-term-in-posix-shell *HOSTNAME. -- Andreas Metzler Sat, 19 Feb 2022 14:49:28 +0100 exim4 (4.95-3) unstable; urgency=low * Build with support for SASL external authenticator. Closes: #982325 * Add lintian overrides for bash-term-in-posix-shell exim4-base usr/sbin/exim_checkaccess and exim4-config: maintainer-script-needs-depends-on-update-inetd. * Run wrap-and-sort -ast. * Pull 75_40-Fix-basic-memory-use-for-SPARC.-Bug-2838.patch from upstream GIT master to fix FTBFS on sparc. (Thanks, John Paul Adrian Glaubitz) Closes: #995679 -- Andreas Metzler Thu, 16 Dec 2021 19:26:32 +0100 exim4 (4.95-2) unstable; urgency=medium * 75_30-Avoid-calling-gettimeofday-select-per-char-for-cmdli.patch from upstream GIT master, fixes inefficient command line mail submission. Closes: #996282 -- Andreas Metzler Sat, 16 Oct 2021 13:14:58 +0200 exim4 (4.95-1) unstable; urgency=medium [ Andreas Metzler ] * Use »command -v« instead of »which«. Closes: #993653 * New upstream version. * Catch up with changed lintian output, update overrides. * Add macro for setting DKIM_IDENTITY. (Thanks, "RL"). Closes: #993880 * Add macro for setting the protocol option on the remote_smtp_smarthost transport. (Thanks, Bill Allombert). Closes: #994597 Also update README.Debian. [ Edward Betts ] * Remove debian/TODO. It was just a link to alioth that no longer works. -- Andreas Metzler Sun, 03 Oct 2021 13:39:56 +0200 exim4 (4.95~RC2-1) unstable; urgency=low * Let exim4-base recommend bsd-mailx|mailx instead of only the virtual package. (Thanks, Daniel Lewart) Closes: #992475 * New upstream version. + Update debian/example.conf.md5, no changes needed. * Upload to unstable. -- Andreas Metzler Sat, 28 Aug 2021 13:18:59 +0200 exim4 (4.95~RC1-1) experimental; urgency=low * New upstream version. + Drop 75_04-Remove-the-must-helo-check-from-the-example-config.patch 77_01-Revert-GnuTLS-when-library-too-old-for-system-CA-bun.patch. + Unfuzz 90_localscan_dlopen.dpatch. -- Andreas Metzler Wed, 28 Jul 2021 12:59:22 +0200 exim4 (4.95~RC0-1) experimental; urgency=low * New upstream version. + Point watchfile to test subdirectory. + Drop superfluous patches. + Unfuzz 90_localscan_dlopen.dpatch + Unfuzz debian/EDITME.* + Fixup debian/minimaltest for new upstream. + New upstream default configuration does not abuse message_size_limit option to reject overlong lines, there is a new main configuration option - message_linelength_limit - which is set to 998 by default. Mirror this change, now the IGNORE_SMTP_LINE_LENGTH_LIMIT only affects the data ACL. + JH/48 Use a less bogus-looking filename for a temporary used for DH-parameters for GnuTLS. Previously the name started "%s" which, while not a bug, looked as if it might be one. Closes: #985997 * Enable native SRS support. Closes: #702358 * Enable external SPF support in -heavy. Closes: #528344 * Cherrypick 75_04-Remove-the-must-helo-check-from-the-example-config.patch from upstream git master. Drops checking for EHLO/HELO-received in ACL since the new main config option hosts_require_helo defaults to '*'. Adapt Debian configuration to mirror this. * Drop versioned Breaks added in 4.94.2-6, they are superfluous due to bumped upstream version. * 77_01-Revert-GnuTLS-when-library-too-old-for-system-CA-bun.patch. Fix regression (tls_verify_certificates defaulting to unset instead of "system" for GnuTLS) by reverting respive upstream commit. -- Andreas Metzler Mon, 19 Jul 2021 13:10:00 +0200 exim4 (4.94.2-7) unstable; urgency=medium * 73_05-Fix-tainted-message-for-fakereject.patch from upstream +fixes branch: Fix re-expansion of custom message with control=fakereject. -- Andreas Metzler Tue, 13 Jul 2021 18:04:57 +0200 exim4 (4.94.2-6) unstable; urgency=medium * Cherrypick 78_01-Command-line-option-for-no-notifier-socket.-Bug-2616.patch from upstream GIT master. This allows one to disable creation of a daemon notifier socket by either setting notifier_socket to a empty value or specifying -oY commandline option. * Init script: For QUEUERUNNER='separate' start daemons with -oY commandline option to disable daemon notifier socket. Enforce lockstep ugrade of -base and *daemon* by temporarily adding a versioned Breaks to exim4-base on older *daemon*. Closes: #988844 -- Andreas Metzler Wed, 26 May 2021 18:49:44 +0200 exim4 (4.94.2-5) unstable; urgency=high * 73_04-Fix-host_name_lookup-Close-2747.patch from exim-4.94.2+fixes. Fix regression in 4.94.2. -- Andreas Metzler Mon, 17 May 2021 17:45:00 +0200 exim4 (4.94.2-4) unstable; urgency=high * 75_27_Fix-logging-with-empty-element-in-log_file_path-Bug-.patch / 75_28_Fix-logging-with-build-time-config-and-empty-element.patch replacing 75_27_open_logs_2744.patch from upstream exim-4.94.2+taintwarn branch: Fix null-pointer dereference when logging to syslog (Closes: #988086) and also fix loging to syslog at all (Closes: #988304) -- Andreas Metzler Sat, 15 May 2021 18:16:08 +0200 exim4 (4.94.2-3) unstable; urgency=medium * Updates from exim-4.94.2+fixes: + 73_03-Named-Queues-fix-immediate-delivery.-Bug-2743.patch Fix false positive taint error when using named queues. -- Andreas Metzler Thu, 13 May 2021 18:53:53 +0200 exim4 (4.94.2-2) unstable; urgency=medium * Updates from exim-4.94.2+fixes: + 73_01-Fix-DANE-SNI-handling-Bug-2265.patch (from +fixes). Fix broken SNI/DANE handling. + 73_02-Fix-ipv6norm.patch: Fix ${ip6norm:} operator. Previously, any trailing line text was dropped, making it unusable in complex expressions. * 75_27_open_logs_2744.patch Partial fix for nullpointer dereference with logging to syslog. See 988086. -- Andreas Metzler Sun, 09 May 2021 18:03:15 +0200 exim4 (4.94.2-1) unstable; urgency=high * New upstream security release. + Release based on +fixes branch, drop 74_*diff. + Unfuzz 75_04-acl.patch. + Merge in upstream configuration change rejecting all RCPT commands after too many (more than five out of the initial ten) bad recipients. Can be disabled by setting CHECK_RCPT_NO_FAIL_TOO_MANY_BAD_RCPT. + Fixes multiple security vulnerabilities reported by Qualys and adds related robustness improvements. (Special thanks to Heiko) CVE-2020-28023: Out-of-bounds read in smtp_setup_msg() CVE-2020-28007: Link attack in Exim's log directory CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase() CVE-2020-28012: Missing close-on-exec flag for privileged pipe CVE-2020-28024: Heap buffer underflow in smtp_ungetc() CVE-2020-28009: Integer overflow in get_stdinput() CVE-2020-28015, CVE-28021: New-line injection into spool header file CVE-2020-28026: Line truncation and injection in spool_read_header() CVE-2020-28022: Heap out-of-bounds read and write in extract_option() CVE-2020-28017: Integer overflow in receive_add_recipient() CVE-2020-28013: Heap buffer overflow in parse_fix_phrase() CVE-2020-28011: Heap buffer overflow in queue_run() CVE-2020-28010: Heap out-of-bounds write in main() CVE-2020-28018: Use-after-free in tls-openssl.c CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash() CVE-2020-28014, CVE-2021-27216: PID file handling CVE-2020-28008: Assorted attacks in Exim's spool directory CVE-2020-28019: Failure to reset function pointer after BDAT error * Update debian/upstream/signing-key.asc from . -- Andreas Metzler Sun, 02 May 2021 07:22:06 +0200 exim4 (4.94-19) unstable; urgency=medium * Further updates from heiko/exim-4.94+fixes+taintwarn: + 75_24-Silence-the-compiler.patch + 75_26-Disable-taintchecks-for-mkdir-this-isn-t-part-of-4.9.patch * Upload to unstable. -- Andreas Metzler Mon, 26 Apr 2021 18:35:43 +0200 exim4 (4.94-18) experimental; urgency=medium * Pull patches to temporarily add an option to turn taint errors into warnings. (See #987133) + 75_01-Introduce-main-config-option-allow_insecure_tainted_.patch + 75_02-search.patch + 75_03-dbstuff.patch + 75_04-acl.patch + 75_05-parse.patch + 75_06-rda.patch + 75_07-appendfile.patch + 75_08-autoreply.patch + 75_09-pipe.patch + 75_10-deliver.patch + 75_11-directory.patch + 75_12-expand.patch + 75_13-lf_sqlperform.patch + 75_14-rf_get_transport.patch + 75_15-deliver.patch + 75_16-smtp_out.patch + 75_17-smtp.patch + 75_18-update-doc.patch + 75_20-Set-mainlog_name-and-rejectlog_name-unconditionally.patch + 75_21-tidy-log.c.patch + 75_22-Silence-compiler.patch + 75_23-Do-not-close-the-main-_log-if-we-do-not-see-a-chance.patch * Update NEWS.Debian to describe the feature. -- Andreas Metzler Sun, 25 Apr 2021 07:42:26 +0200 exim4 (4.94-17) unstable; urgency=medium * Let exim4-config Recommend ca-certificates, needed for certificate verification. -- Andreas Metzler Thu, 18 Mar 2021 13:54:47 +0100 exim4 (4.94-16) unstable; urgency=medium * README.Debian: Fix typo "tls_verify_certificate" instead of "tls_verify_certificates". * General doc improvements in this area. (Thanks, Jö Fahlke) Closes: #985244 * Intensify upgrade warning in NEWS file. * Enforce certificate verification against the system trust store in the remote SMTP transport by default by setting REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS = *. Closes: #985344 * Update from exim-4.94+fixes: + 74_56-Fix-FreeBSD-13-build.patch + 74_57-Fix-weight-calculation-for-spamd_address.-Bug-2694.patch + 74_58-Fix-weight-calculation-for-socks_proxy.-Bug-2694.patch + 74_59-Fix-build-for-platforms-not-having-ulong.patch + 74_60-Fix-list-expansion-for-various-domainlists-having-in.patch + 74_61-Bulid-fix-DISABLE_PIPE_CONNECT-build.-Bug-2703.patch + 74_62-Docs-fix-description-of-hosts_try_dane.-Bug-2704.patch -- Andreas Metzler Wed, 17 Mar 2021 13:50:44 +0100 exim4 (4.94-15) unstable; urgency=medium * Update from exim-4.94+fixes: + 74_54-Fix-daemon-SIGHUP-on-FreeBSD.patch + 74_55-Fix-handling-of-server-which-follows-a-RCPT-452-with.patch -- Andreas Metzler Sun, 07 Feb 2021 08:13:29 +0100 exim4 (4.94-14) unstable; urgency=high * As was done for -heavy in 963251 also automatically version localscanapi provides for -light and -custom. (Thanks, Adam Borowski) Closes: #981399 -- Andreas Metzler Sat, 30 Jan 2021 18:12:49 +0100 exim4 (4.94-13) unstable; urgency=medium * Add DKIM_TIMESTAMPS macro to set the dkim_timestamps option on remote_smtp transport. (Thanks, Simon Josefsson) Closes: #980886 * Update from exim-4.94+fixes: + 74_52-Lookups-fix-local_part_data-for-a-match-on-a-filenam.patch -- Andreas Metzler Sat, 30 Jan 2021 14:50:50 +0100 exim4 (4.94-12) unstable; urgency=medium * Update from exim-4.94+fixes: + 74_48-Fix-build-warning-on-32-bit-int-platfowms.-Bug-2678.patch + 74_49-Fix-build-on-GNU-Hurd-supports-openat-.-Bug-2608.patch + 74_50-Utilities-harden-exim_tidydb-against-corrupt-wait-re.patch + 74_51-Auths-in-plaintext-authenticator-fix-parsing-of-cons.patch -- Andreas Metzler Sat, 16 Jan 2021 16:02:51 +0100 exim4 (4.94-11) unstable; urgency=medium * Update from exim-4.94+fixes: + 74_46-Fix-local-delivery-delay-when-combined-with-remote-c.patch + 74_47-Fix-listextract-from-a-tainted-list.patch -- Andreas Metzler Fri, 25 Dec 2020 13:35:10 +0100 exim4 (4.94-10) unstable; urgency=low * Update from exim-4.94+fixes: + 74_43-Fix-matching-of-long-addresses.-Bug-2677.patch + 74_44-Remove-the-X_-prefix-from-the-PIPE_CONNECT-SMTP-serv.patch + 74_45-Fix-the-PIPE_CONNECT-feature-control-in-the-template.patch * Add lintian overrides for debian-changelog-file-is-a-symlink. * [lintian] Bump watchfile version to v4. * Use debhelper v13 compat. * Stop setting SOURCE_DATE_EPOCH in debian/rules. While the build dependencies do not (transitively) guarantee that dpkg-dev >= 1.18.8 is installed even oldstable, i.e. Debian 9 stretch features a new enough dpkg (1.18.25). -- Andreas Metzler Sat, 19 Dec 2020 12:03:56 +0100 exim4 (4.94-9) unstable; urgency=low * Update from exim-4.94+fixes: + 74_38-GnuTLS-clear-errno-before-any-data-i-o-op-so-error-l.patch + 74_39-Fix-non-TLS-build.patch + 74_40-eximon-fix-FreeBSD-build.patch + 74_41-LDAP-fix-taint-check-in-server-list-walk.-Bug-2646.patch + 74_42-Pass-authenticator-pubname-through-spool.-Bug-2648.patch -- Andreas Metzler Wed, 04 Nov 2020 17:50:43 +0100 exim4 (4.94-8) unstable; urgency=low * Reorder ACL using a "require" verb, move message-statement to the beginning. (Thanks, Slavko!) Closes: #968089 * Update from exim-4.94+fixes: + 74_27-Fix-spelling-of-local_part_data-in-docs-and-debug-ou.patch + 74_28-Fix-readsocket-eol-replacement.-Bug-2630.patch + 74_29-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634.patch + 74_30-Build-ifdef-guard-for-EXPERIMENTAL_QUEUEFILE.patch + 74_31-Taint-fix-off-by-one-in-is_tainted-.-Bug-2634.patch + 74_32-DANE-force-SNI-to-use-domain.-Bug-2265.patch + 74_33-DANE-Fix-2-rcpt-message-diff-domins-case.-Bug-2265.patch + 74_34-Fix-non-DANE-build.patch + 74_35-DANE-Fix-2-messages-from-queue-case.patch + 74_36-Fix-non-DANE-build.patch -- Andreas Metzler Thu, 17 Sep 2020 06:54:00 +0200 exim4 (4.94-7) unstable; urgency=low * Update from exim-4.94+fixes: + 74_24-Taint-fix-ACL-spam-condition-to-permit-tainted-name-.patch + 74_25-Fix-debug_print_socket.patch + 74_26-debug_print_socket-output-formatting.patch * [lintian] Mark some patches with "Forwarded: not-needed". -- Andreas Metzler Fri, 24 Jul 2020 13:31:47 +0200 exim4 (4.94-6) unstable; urgency=medium * Fix typo (missing "S") in REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS macro. (Thanks, Slavko!) Closes: #964394 * Update from exim-4.94+fixes: + 74_21-typoes.patch (replaces 75_typo_in_74_20.diff) + 74_22-Fix-DKIM-signing-to-always-terminate.-Bug-2295.patch + 74_23-Fix-taint-trap-in-parse_fix_phrase-.-Bug-2617.patch * Add lintian overrides for usr/lib/sendmail symlink and for not forwarding Debian-specific manpages (maintainer-manual-page). * [lintian] Use UTF-8 encoding in es.po. -- Andreas Metzler Sat, 11 Jul 2020 14:27:31 +0200 exim4 (4.94-5) unstable; urgency=medium [ Justin Aplin ] * Fix build with GNU Make (<4.3), broken in -3. [ Andreas Metzler ] * Update from exim-4.94+fixes: + 74_15-Cutthrough-handle-request-when-a-callout-hold-is-act.patch + 74_16-Lookups-Fix-subdir-filter-on-a-dsearch.patch + 74_17-Docs-list-further-ways-domain_data-c-may-be-filled-i.patch + 74_18-Sqlite-fix-segfault-on-bad-missing-sqlite_dbfile.-Bu.patch + 74_19-Taint-fix-ACL-spam-condition-to-permit-tainted-name-.patch + 74_20-Fix-message-reception-clock-usage.-Bug-2615.patch Closes: #962847 * 75_typo_in_74_20.diff: Fix a typo in 74_20-Fix-message-reception-clock-usage.-Bug-2615.patch. -- Andreas Metzler Fri, 03 Jul 2020 08:20:07 +0200 exim4 (4.94-4) unstable; urgency=medium * Automatically version localscanapi provides. Closes: #963251 * Update from exim-4.94+fixes: + 74_14-Fix-string_copy-macro-to-not-multiple-eval-args.-Bug.patch -- Andreas Metzler Sun, 21 Jun 2020 18:10:04 +0200 exim4 (4.94-3) unstable; urgency=medium * Update from exim-4.94+fixes: + 74_09-Filters-fix-vacation-in-Exim-filter.-Bug-2593.patch + 74_10-TLS-use-RFC-6125-rules-for-certifucate-name-checks-w.patch + 74_11-Taint-fix-radius-expansion-condition.patch + 74_12-smtp_accept_map_per_host-call-search_tidyup-in-fail-.patch + 74_13-Taint-fix-verify.-Bug-2598.patch -- Andreas Metzler Fri, 19 Jun 2020 10:31:26 +0200 exim4 (4.94-2) unstable; urgency=low * Tighten package interdependencies. With 4.94's daemon avoiding of tainting requires usage of $local_part_data instead of $local_part_data in mail_spool transport, but this variable is only filled by the check_local_user router option in 4.94. * Update from exim-4.94+fixes: + 74_01-Docs-listitem.patch + 74_02-Taint-fix-pam-expansion-condition.-Bug-2587.patch + 74_03-Taint-fix-listcount-expansion-operator.-Bug-2586.patch + 74_04-Docs-fix-mistaken-variable-name.patch + 74_05-Docs-fix-layout.patch + 74_06-Docs-typoes.patch + 74_07-Taint-fix-multiple-ACL-actions-to-properly-manage-ta.patch + 74_08-Fix-bi.-Bug-2590.patch -- Andreas Metzler Sun, 07 Jun 2020 09:55:58 +0200 exim4 (4.94-1) unstable; urgency=low * New upstream version. * Use mktemp(1) instead of tempfile(1), avoid deprecation warning. * Upload to unstable. -- Andreas Metzler Mon, 01 Jun 2020 18:45:54 +0200 exim4 (4.94~RC2-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 23 May 2020 18:07:01 +0200 exim4 (4.94~RC1-1) experimental; urgency=low * Fix broken cross-reference in exim_lock.8 (Closes: #960356) and sync from spec.txt. * New upstream version. + Drop 75*patch. + In ACLs always specify "message" or "log_message" after conditions. + Use $local_part_data instead of $local_part in require_files statements. + Update example.conf.md5. -- Andreas Metzler Sat, 16 May 2020 11:13:48 +0200 exim4 (4.94~RC0-2) experimental; urgency=low * Update from upstream GIT master. + 75_06-Debug-socket-details.patch + 75_08-Fix-build-on-platforms-not-supporting-sockopt-SO_PRO.patch + 75_09-Build-fix-parallelism-problem.-Bug-2566.patch + 75_11-Make-bounce-warn-_message_file-expanded.-Bug-2522.patch + 75_12-Taint-When-a-non-wildcarded-localpart-affix-is-match.patch + 75_14-Consolidate-local_part_verified-into-local_part_data.patch + 75_17-Ensure-lookup-result-variables-are-dropped-between-m.patch + 75_18-tidying.patch + 75_19-Fix-SPA-authenticator-checking-client-supplied-data-.patch + 75_20-wip-see-failed-summary.log.list_match_value.-Pretty-.patch + 75_21-value-return.patch + 75_22-docs-more-debug.patch + 75_23-testcases-for-value-return.patch + 75_24-Numeric-variable-returns.patch + 75_25-Rework-SPA-fix-to-avoid-overflows.-Bug-2571.patch + 75_28-I18N-change-default-on-smtp-transport-to-downconvert.patch + 75_29-Lookups-ret-key-option.patch + 75_32-Performance-workaround-Linux-kernel-bug.patch + 75_33-Fix-build-with-Radius-auth-expansion-condition-suppo.patch * $local_part_verified gone again, use $local_part_data. - Update NEWS and configuration. -- Andreas Metzler Sun, 10 May 2020 10:27:04 +0200 exim4 (4.94~RC0-1) experimental; urgency=low * Point watchfile to test subdirectory. * New upstream version. + Drop 74_*.diff (fixes branch) and 75_01-Build-Enable-GNU-Hurd-Bug-2476.patch (from GIT master). + Unfuzz 90_localscan_dlopen.dpatch. + Update debian/minimaltest, stop using tainted $local_part variable as local filename for delivery. + Sync from upstream default configuration: Use "file = /var/mail/$local_part_verified" in mail_spool transport instead of [...]/$local_part. * Add NEWS entry for tainting change. * Patches from upstream GIT master: + 75_02-Fix-local_part_verified-for-remote-delivery-routing-.patch -- Andreas Metzler Fri, 01 May 2020 18:57:32 +0200 exim4 (4.93-16) unstable; urgency=medium * Update from exim-4.93+fixes: + 74_40-DKIM-fix-dkim_key_length-in-verify.patch + 74_41-Build-fix-parallelism-problem.-Bug-2566.patch + 74_42-tidying.patch + 74_43-Ensure-lookup-result-variables-are-dropped-between-m.patch + 74_44-Fix-SPA-authenticator-checking-client-supplied-data-.patch + 74_45-Rework-SPA-fix-to-avoid-overflows.-Bug-2571.patch + 74_46-Fix-build-with-Radius-auth-expansion-condition-suppo.patch -- Andreas Metzler Sat, 09 May 2020 19:10:34 +0200 exim4 (4.93-15) unstable; urgency=low * Update from exim-4.93+fixes: + 74_37-Taint-fix-parsing-of-ACL-ratelimit-condition.patch + 74_38-Fix-spool-space-check-to-account-for-SIZE.-Bug-2552.patch * Add macro REMOTE_SMTP_INTERFACE for setting the interface option on the remote_smtp transport. Closes: #761925 -- Andreas Metzler Sat, 25 Apr 2020 14:10:47 +0200 exim4 (4.93-14) unstable; urgency=low * Update from exim-4.93+fixes: + 74_34-Taint-fix-dsearch-result-to-be-untainted.patch + 74_35-Fix-argument-checking-for-readsocket.patch + 74_36-OpenSSL-avoid-loading-server-s-CA-list-for-client-no.patch -- Andreas Metzler Fri, 10 Apr 2020 13:53:34 +0200 exim4 (4.93-13) unstable; urgency=medium * Update from exim-4.93+fixes: + 74_29-Fix-mime_part_count-for-non-mime-message-on-multi-me.patch + 74_31-Taint-track-in-utf8clean-operator.patch + 74_32-Fix-spurious-detection-of-timeout-while-writing-to-t.patch + 74_33-Fix-segfault-on-bad-cmdline-f-sender-argument.-Bug-2.patch * [lintian] Move eximon.bin from /usr/lib/exim4 to /usr/libexec/exim4. -- Andreas Metzler Sat, 21 Mar 2020 11:39:19 +0100 exim4 (4.93-12) unstable; urgency=low * Update from exim-4.93+fixes: + 74_28-Fix-tr-expansion-item.-Bug-2533.patch * Recover more gracefull from half installed state after trying to install without util-linux (essential) installed. Closes: #952451 (Thanks, James Le Cuirot for the patch) * Use macro ("ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS") for ignore_target_hosts list setting on dnslookup router. Extend list by corresponding IPv6 entries (Thanks, C Snover) Closes: #950973 * Add REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE to allow setting headers_remove on both remote_smtp and remote_smtp_smarthost transports. Closes: #927741 -- Andreas Metzler Sat, 29 Feb 2020 15:53:44 +0100 exim4 (4.93-11) unstable; urgency=medium * Update from exim-4.93+fixes: + 74_26-Auths-fix-cyrus-sasl-driver-for-gssapi-use.-Bug-2524.patch + 74_27-GnuTLS-fix-hanging-callout-connections.patch -- Andreas Metzler Fri, 14 Feb 2020 16:02:05 +0100 exim4 (4.93-10) unstable; urgency=medium * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * Update from exim-4.93+fixes: + 74_23-Fix-taint-hybrid-checking-on-BSD.patch + 74_24-TFO-even-in-binary-built-for-modern-Linux-handle-err.patch + 74_25-Taint-slow-mode-checking-only.patch -- Andreas Metzler Sat, 01 Feb 2020 11:06:29 +0100 exim4 (4.93-9) unstable; urgency=medium * Add 74_22-Taint-hybrid-checking-mode.patch. -- Andreas Metzler Thu, 16 Jan 2020 18:15:36 +0100 exim4 (4.93-8) unstable; urgency=medium * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * More updates from exim-4.93+fixes: + 74_19-SPF-fix-result-for-case-of-only-non-spf-TXT-RRs.-Bug.patch + 74_20-Fix-error-logging-for-dynamically-loaded-modules.-Bu.patch + 74_21-heimdal-auth-fix-the-increase-of-big_buffer-size.-Bu.patch Closes: #949034 -- Andreas Metzler Thu, 16 Jan 2020 14:38:21 +0100 exim4 (4.93-7) unstable; urgency=medium * README.Debian: Expand a little bit on how macros work. (See #948308) * Upload to unstable. -- Andreas Metzler Sat, 11 Jan 2020 11:12:35 +0100 exim4 (4.93-6) experimental; urgency=low * Improve on reproducible build, set EXIM_ARCHTYPE=DEB_TARGET_GNU_CPU to override/avoid CPU detection with uname -m. * More updates from exim-4.93+fixes: 74_18-SPF-fix-handling-mix-of-spf-and-other-txt-records.-B.patch * Polish debian/rules. (Use CURDIR instead of executing `pwd`, avoid := assignments with $(shell). * Build with SMTPUTF8 support. (SUPPORT_I18N_2008 and SUPPORT_I18N) Closes: #885149 In configuration set smtputf8_advertise_hosts to '' instead of '*'. -- Andreas Metzler Mon, 06 Jan 2020 13:58:44 +0100 exim4 (4.93-5) unstable; urgency=medium * More updates from exim-4.93+fixes: 74_14-SPF-only-require-v-spf1-on-TXT-DNS-records-during-lo.patch 74_15-Eximon-fix-string-handling.-Bug-2500.patch 74_16-Fix-build-with-heimdal-gssapi.-Bug-2501.patch 74_17-Fix-the-variables-set-by-gsasl-authenticator.patch -- Andreas Metzler Fri, 03 Jan 2020 19:02:33 +0100 exim4 (4.93-4) unstable; urgency=medium * Improve on TLS info in README.Debian. * More updates from exim-4.93+fixes: 74_10-DMARC-default-dmarc_tld_file-to-unset.-Bug-2494.patch 74_11-Zero-smtp-context-structure-after-allocation.patch 74_13-ARC-Reset-received-ARC-instance-counter-before-next-.patch -- Andreas Metzler Thu, 26 Dec 2019 15:13:40 +0100 exim4 (4.93-3) unstable; urgency=medium * More updates (4.93.0.3) from exim-4.93+fixes: 74_08-ARC-fix-crash-induced-by-misordered-headers.-Bug-249.patch 74_09-Fix-taint-issue-with-retry-records.-Bug-2492.patch -- Andreas Metzler Fri, 13 Dec 2019 18:56:18 +0100 exim4 (4.93-2) unstable; urgency=medium * Update to exim-4.93+fixes branch 74_01-PAM-fix-crash-in-the-pam-expansion-condition.-Bug-24.patch 74_02-Regard-command-line-recipients-as-tainted.patch 74_03-TFO-disable-for-FreeBSD.patch 74_04-Hurd-errno-really-uses-more-than-a-short-sized-value.patch 74_06-local_scan-align-local_scan.h-and-docs-re.-store_get.patch 74_07-Fix-taint-issue-in-transport-with-DSN.-Bug-2491.patch -- Andreas Metzler Thu, 12 Dec 2019 18:25:44 +0100 exim4 (4.93-1) unstable; urgency=low * Point watchfile to release directory again. * New upstream version. -- Andreas Metzler Mon, 09 Dec 2019 19:05:17 +0100 exim4 (4.93~RC7-1) unstable; urgency=low * New upstream version. + Update md5 hash for upstream example configuration. (Change not relevant for Debian) * 75_01-Build-Enable-GNU-Hurd-Bug-2476.patch and 75_02-TFO-disable-for-FreeBSD.patch from upstream 4.next branch: Re-enable build on GNU/hurd. (Thanks. Samuel Thibault) Closes: #945943 -- Andreas Metzler Thu, 05 Dec 2019 17:50:20 +0100 exim4 (4.93~RC5-1) unstable; urgency=low * New upstream version. + Bump exim4-localscanap Provides. -- Andreas Metzler Wed, 27 Nov 2019 19:25:06 +0100 exim4 (4.93~RC4-1) unstable; urgency=low * New upstream version. -- Andreas Metzler Tue, 19 Nov 2019 19:39:37 +0100 exim4 (4.93~RC3-1) unstable; urgency=low * Drop (dead) link to openspf.org in rcpt ACL message string. Closes: #944786 * New upstream version. + Unfuzz 90_localscan_dlopen.dpatch. -- Andreas Metzler Sun, 17 Nov 2019 11:37:15 +0100 exim4 (4.93~RC2-1) unstable; urgency=low * New upstream beta version. + Drop patches/75*. * Allow overriding cron.daily paniclog report recipient. Closes: #611085 * Add REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES and REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS to set tls_verify_certificates and tls_verify_hosts respectively on the remote_smtp_smarthost transport. Closes: #823831 In addition to that add REMOTE_SMTP_HOSTS_REQUIRE_TLS to set hosts_require_tls for the remote_smtp transport. Closes: #780033 -- Andreas Metzler Sun, 10 Nov 2019 13:30:37 +0100 exim4 (4.93~RC1-4) unstable; urgency=low * Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need it yet but will forget for sure to add it when we do. * Following upstream defaults do not disable incoming TLS by default - i.e. if MAIN_TLS_ENABLE is not set - but use a self-signed certificate. (Relevant upstream changes: tls_advertise_hosts defaults to * for TLS builds since 4.87_JH/18, on-demand generation of self-signed certificate for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by default.) * 75_02-Revert-preallocate-store-for-config-which-appears-to.patch: Fix mismerge which triggered a test error on mipsel. Closes: #944060 -- Andreas Metzler Sat, 09 Nov 2019 19:25:10 +0100 exim4 (4.93~RC1-3) unstable; urgency=low * 75_01-Dsearch-Fix-taint-handling-in-lookup.-Bug-2465.patch: Untaint dsearch lookup. Closes: #944199 -- Andreas Metzler Sat, 09 Nov 2019 15:10:27 +0100 exim4 (4.93~RC1-2) unstable; urgency=low * autopkg test: Drop (python2) test for ancient vulnerability and do some basic testing with swaks instead. Closes: #943006 * Upload to unstable. -- Andreas Metzler Sun, 03 Nov 2019 14:39:28 +0100 exim4 (4.93~RC1-1) experimental; urgency=low * New upstream beta version. + Drop 75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch, 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch and 75_03_Fix-local-scan-ABI.-Bug-2458.patch. + Update debian/example.conf.md5 (Removal of dnssec_request_domains was already implemented in 4.93~RC0-1.) * exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. Closes: #927280 (This change was already present in RC0.) -- Andreas Metzler Thu, 31 Oct 2019 18:22:11 +0100 exim4 (4.93~RC0-2) experimental; urgency=low * 75_03_Fix-local-scan-ABI.-Bug-2458.patch: Fix function prototypes in local_scan.h. * 90_localscan_dlopen.dpatch: Unfuzz, mark string_copy_function/string_copy_taint_function/string_copyn_function in string.c as visible. * Provide exim4-localscanapi-2.1. * Drop sa-exim Breaks, the localscanapi version bump makes this superfluous. -- Andreas Metzler Sun, 27 Oct 2019 13:48:27 +0100 exim4 (4.93~RC0-1) experimental; urgency=low * Point watchfile to test-subdirectory. * New upstream beta version. + Drop debian/patches/7[56]*. + Unfuzz 90_localscan_dlopen.dpatch. + Unfuzz/update (explicit -lnsl) debian/EDITME* + Update configuration, mirorring upstream changes. Both dnssec_request_domains and hosts_try_dane now default to '*', drop these settings. REMOTE_SMTP_DISABLE_DANE is a noop, now. + Exim DH param configuration (tls_dhparam) now makes use of the current GnuTLS (> 3.6) functionality, which implements rfc 7919. Drop unnecessary packaging bits. + Pull post release fix from upstream GIT (75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch) to fix build error with HAVE_LOCAL_SCAN=yes. + Update 90_localscan_dlopen.dpatch to #include documented interface (local_scan.h) instead of exim.h. * debian/rules: Do not try to build -heavy if -light failed. * 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch: Post-release hix from upstream GIT. https://bugs.exim.org/show_bug.cgi?id=2454 * The localscan dlopen functionality is broken, (temporarily) drop exim4-localscanapi-2.0 from Provides. -- Andreas Metzler Sun, 20 Oct 2019 13:46:49 +0200 exim4 (4.92.3-1) unstable; urgency=medium * Fix (commented) examples in configuration for clamd and courier authdaemon to refer to /run instead of /var/run. Closes: #942292 * While we are at it also fix exim pid file path in exim(8). * New upstream version (identical to 4.92.2 + 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch, i.e. 4.92.2-3). * Use patches from exim-4.92.3+fixes, add 75_36-Fix-errorcheck-in-smtp-transport.patch. * [lintian] Set Rules-Requires-Root: binary-targets. -- Andreas Metzler Fri, 18 Oct 2019 18:44:35 +0200 exim4 (4.92.2-3) unstable; urgency=critical * 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer overflow in string_vformat. CVE-2019-16928 -- Andreas Metzler Sat, 28 Sep 2019 06:41:18 +0200 exim4 (4.92.2-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Sun, 08 Sep 2019 15:10:46 +0200 exim4 (4.92.2-1) experimental; urgency=medium * New upstream security release (identical except for the version number to 4.92.1 + 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch). + Drop 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch. * Refresh from exim-4.92.2+fixes branch: + 75_32-Fix-domain-for-a-bare-local-part-input.-Bug-2375.patch + 75_33-exim_dbmbuild-handle-0-sequence.patch + 75_34-fixup-exim_dbmbuild-handle-0-sequence.patch -- Andreas Metzler Sat, 07 Sep 2019 11:00:29 +0200 exim4 (4.92.1-3) unstable; urgency=high * 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch - Fix SNI related buffer overflow. CVE-2019-15846 -- Andreas Metzler Tue, 03 Sep 2019 19:35:34 +0200 exim4 (4.92.1-2) unstable; urgency=medium * Pulled from exim-4.92+fixes branch: + 75_30-Fix-crash-after-TLS-channel-shutdown.patch + 75_31-Auth-handle-socket-read-errors-in-Dovecot-authentica.patch * Add Breaks: sa-exim (<< 4.2.1-17) to -heavy, see #930648. * Change *.logrotate to nocreate to work around #400198. Closes: #399930 -- Andreas Metzler Wed, 14 Aug 2019 09:25:28 +0200 exim4 (4.92.1-1) unstable; urgency=low * New upstream bugfix release. (4.92.1 is 4.92 + the fix for CVE-2019-13917, so there are no source changes to the previous upload.) + Drop 77_Avoid-re-expansion-in-sort-CVE-2019-13917-OVE-201907.patch. + Use patches from exim-4.92.1+fixes branch. * In cron.daily use '/usr/sbin/exim4 -be '${primary_hostname}' instead of hostname --fqdn to get local hostname (for information purposes). Closes: #933231 * Run exim4-base daily job via systemd.timer to guarantee execution before logrotate. Closes: #932328 (Thanks to Sven Hartge for bug-report and patch) * Add systemd-sysv as alternative for fulfilling the cron dependency. * Use debhelper 12 compat. -- Andreas Metzler Sun, 04 Aug 2019 14:28:22 +0200 exim4 (4.92-10) unstable; urgency=high * Fix remote command execution vulnerability related to "${sort}"-expansion. CVE-2019-13917 OVE-20190718-0006 -- Andreas Metzler Sat, 20 Jul 2019 19:01:57 +0200 exim4 (4.92-9) unstable; urgency=low * exim4-base.cron.daily, paniclog warning mail: + Improve on wording. ${E4BCD_PANICLOG_LINES} only sets an upper limit of reported lines, there might be less lines than that in the mail. Closes: #929626 + Instead of quoting the last ${E4BCD_PANICLOG_LINES} send out the last lines not filtered out by "$E4BCD_PANICLOG_NOISE". Closes: #929798 * Add missing patches from exim-4.92+fixes branch, other patches renamed for proper order. + 75_11-Fix-bP-smtp_receive_timeout-.-Bug-2384.patch + 75_12-Fix-build-with-recent-LibreSSL-when-including-DANE.-.patch + 75_13-SPF-better-buld-compatibility-with-OpenBSD.patch + 75_15-GnuTLS-3.6.7-cipher-strings.patch + 75_17-Fix-listing-a-named-queue-by-a-non-admin-user.-Bug-2.patch + 75_21-Unbreak-heimdal_gssapi-auth-driver.patch + 75_22-Fix-DSN-Final-Recipient-field.patch + 75_23-Fix-bounce-generation-under-RFC-3461-request.-Bug-24.patch * 75_20-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch is now also from + fixes branch. * Tighten dependency of exim4 on daemon packages. Closes: #930519 Add lintian override for version-substvar-for-external-package. -- Andreas Metzler Fri, 05 Jul 2019 19:23:53 +0200 exim4 (4.92-8) unstable; urgency=low * Pulled from exim-4.92+fixes branch: + 75_11-GnuTLS-fix-tls_out_ocsp-under-hosts_request_ocsp.patch Fix expansion of $tls_out_ocsp under hosts_request_ocsp. + 75_12-GnuTLS-fix-the-advertising-of-acceptable-certs-by-th.patch When tls_verify_certificates was set to a directory instead of a file exim/GnuTLS would still send out the list of accepted certificates, This did not match documented behavior. + 75_13-Use-dsn_from-for-success-DSN-messages.-Bug-2404.patch The dsn_from option was not used for DSN success messages. * Pulled from upstream GIT master: + 75_14-Fix-smtp-response-timeout.patch Fix the timeout on smtp response to apply to the whole response instead of resetting for every byte received. + 75_15-Fix-detection-of-32b-platform-at-build-time.-Bug-240.patch https://bugs.exim.org/show_bug.cgi?id=2405 ${eval } was broken on 32bit archs. -- Andreas Metzler Sat, 08 Jun 2019 17:37:43 +0200 exim4 (4.92-7) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Tue, 07 May 2019 19:44:23 +0200 exim4 (4.92-6) experimental; urgency=medium * Revert 90_localscan_dlopen.dpatch removal to give Magnus some chance for debugging sa-exim. * Set HAVE_LOCAL_SCAN=yes in EDITME. * Upload to experimental. -- Andreas Metzler Tue, 16 Apr 2019 17:58:20 +0200 exim4 (4.92-5) unstable; urgency=medium * Improved spam-scanning example with accompaning information in README.Debian. Explicitly warn about adding the default SpamAssassin report in a header, which Closes: #774553 * Drop 90_localscan_dlopen.dpatch. (It has been non-functional for a couple of months.) Closes: #925982 Add a Conflicts for sa-exim, which relied on the (working) version of the patch. Drop exim4-dev package. Add a NEWS entry for this change. -- Andreas Metzler Sun, 07 Apr 2019 13:39:31 +0200 exim4 (4.92-4) unstable; urgency=medium * Another patch from exim-4.92+fixes branch: 75_10-Harden-plaintext-authenticator.patch -- Andreas Metzler Fri, 22 Mar 2019 07:15:20 +0100 exim4 (4.92-3) unstable; urgency=medium * Pull fixes from exim-4.92+fixes branch. + 75_05-Fix-expansions-for-RFC-822-addresses-having-comments.patch + 75_06-Docs-Add-note-on-lsearch-for-IPv4-mapped-IPv6-addres.patch + 75_07-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch + 75_08-Logging-fix-initial-listening-on-log-line.patch + 75_09-OpenSSL-Fix-aggregation-of-messages.patch -- Andreas Metzler Wed, 20 Mar 2019 17:01:29 +0100 exim4 (4.92-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Wed, 20 Feb 2019 19:23:11 +0100 exim4 (4.92-1) experimental; urgency=medium * Point watchfile to release directory again. * New upstream stable release, identical to rc6 except for the version string. * Pull fixes from exim-4.92+fixes branch. + 75_01-Fix-json-extract-operator-for-unfound-case.patch + 75_02-Fix-transport-buffer-size-handling.patch + 75_03-Fix-info-on-using-local_scan-in-the-default-Makefile.patch + 75_04-GnuTLS-Fix-client-detection-of-server-reject-of-clie.patch * Upload to experimental while waiting for rc6 to migrate. -- Andreas Metzler Sun, 17 Feb 2019 13:13:55 +0100 exim4 (4.92~RC6-1) unstable; urgency=low * New upstream snapshot rc6, includes 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch. -- Andreas Metzler Sat, 09 Feb 2019 14:33:15 +0100 exim4 (4.92~RC5-2) unstable; urgency=high * In init script use start-stop-daemon directly instead of lsb-base's killproc which currently fails to pass on the executable name to s-s-d (921558). This broke with s-s-d 1.19.2 which (for security reasons) requires further filtering arguments in addition to --pidfile when the pid file is not owned by root. Closes: #921205 -- Andreas Metzler Thu, 07 Feb 2019 18:42:41 +0100 exim4 (4.92~RC5-1) unstable; urgency=medium * New upstream snapshot rc5. * 40_01-Fix-dkim_verify_signers-option.-Bug-2366.patch: dkim_verify_signers was ignored. -- Andreas Metzler Thu, 31 Jan 2019 19:25:03 +0100 exim4 (4.92~RC4-3) unstable; urgency=medium * Refresh debian/upstream/signing-key.asc from https://downloads.exim.org/Exim-Maintainers-Keyring.asc. * Drop outdated pointers to alioth package homepage from README.Debian. * Update exim4-config Breaks to enforce upgrade to daemon binary package with DANE support. Closes: #919902 * [lintian] Minimize upstream/signing-key.asc. -- Andreas Metzler Sun, 20 Jan 2019 17:52:39 +0100 exim4 (4.92~RC4-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Sat, 05 Jan 2019 15:35:38 +0100 exim4 (4.92~RC4-1) experimental; urgency=low * New upstream version. + Drop 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch. + Unfuzz patches. -- Andreas Metzler Mon, 31 Dec 2018 13:13:45 +0100 exim4 (4.92~RC3-1) unstable; urgency=low * Add 75_GnuTLS-repeat-lowlevel-read-and-write-operations-whi.patch from upstream GIT master, fixing outgoing TLS 1.3. https://bugs.exim.org/show_bug.cgi?id=2359 * New upstream version. * Upload to unstable. -- Andreas Metzler Wed, 26 Dec 2018 16:07:52 +0100 exim4 (4.92~RC2-1) experimental; urgency=low * New upstream version. + Drop 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch -- Andreas Metzler Tue, 18 Dec 2018 19:20:24 +0100 exim4 (4.92~RC1-1) experimental; urgency=low * Update upstream/signing-key.asc from https://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc, adding 96E4754B8F93C1B239F1A95785BCF7AC6735A680 while removing 1F9C181B1E83D2099F02C95AC4F4F94804D29EBA and FAA1C7F9CD077DC4304BC0C885AB833FDDC03262. * New upstream release candidate: + Point watchfile to test subdir. + Update watchfile to handle -RC1 in addition to _RC1. + Drop 75_fixes*.patch. + Unfuzz 32_exim4.dpatch and 90_localscan_dlopen.dpatch + Update configuration from upstream example, except for tls_sni/tls_require_ciphers settings on remote_smtp_smarthost transport: * Enable dns_dnssec_ok. * Set dnssec_request_domains = * on dnslookup and dnslookup_relay_to_domains routers. * Set hosts_try_dane = */dnssec_request_domains = * on remote_smtp transport unless REMOTE_SMTP_DISABLE_DANE is set. * Set multi_domain on remote_smtp_smarthost transport. * Post release updates: + 75_01-Fix-parsing-of-option-type-Kint-integer-stored-in-K-.patch -- Andreas Metzler Sat, 15 Dec 2018 16:24:54 +0100 exim4 (4.91-9) unstable; urgency=low * Run "wrap-and-sort --max-line-length=72 --short-indent" and add back autodeleted comments. * Update from exim-4_91+fixes branch: + 75_fixes_26-Fix-bad-use-of-library-copying-string-over-itself.patch + 75_fixes_27-Fix-cyrus-sasl-authenticator-for-authenticated_fail_.patch + 75_fixes_28-Avoid-leaving-domain-live-with-bogus-info-during-ser.patch + 75_fixes_29-Fix-AUTH_GSASL-build.patch + 75_fixes_30-Harden-string-list-handling.patch -- Andreas Metzler Thu, 06 Dec 2018 19:19:38 +0100 exim4 (4.91-8) unstable; urgency=low [ Andreas Metzler ] * Update from exim-4_91+fixes branch: + 75_fixes_18-Restore-Darwin-OS-configuration.patch + 75_fixes_20-Fix-filter-noerror-command.-Bug-2318.patch + 75_fixes_21-DANE-fix-TA-mode-verify-under-GnuTLS.-Bug-2311.patch + 75_fixes_22-Testsuite-track-newer-GnuTLS-behaviour.patch + 75_fixes_24-DANE-ignore-undersized-TLSA-records.patch + 75_fixes_25-Logging-do-not-log-a-missing-proxy-address-on-delive.patch [ Marc Haber ] * Move definition of CHECK_RCPT_*_LOCALPARTS macro to acl file proper. -- Andreas Metzler Sat, 29 Sep 2018 19:08:52 +0200 exim4 (4.91-7) unstable; urgency=low * Update from exim-4_91+fixes branch: + 75_fixes_16-Fix-non-EVENTS-build.patch + 75_fixes_17-Fix-cutthrough-delivery-for-more-than-one-iteration-.patch -- Andreas Metzler Sun, 26 Aug 2018 11:33:15 +0200 exim4 (4.91-6) unstable; urgency=low * Update from exim-4_91+fixes branch: + 75_fixes_13-DKIM-Fix-signing-for-body-lines-starting-with-a-pair.patch + 75_fixes_14-ARC-Fix-verification-to-do-AS-checks-in-reverse-orde.patch + 75_fixes_15-I18N-Fix-protocol-recorded-for-a-multi-SMTPUTF8-mess.patch * [lintian] Do not run mininal testsuite with DEB_BUILD_OPTIONS=nocheck. (override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS) -- Andreas Metzler Fri, 20 Jul 2018 11:21:24 +0200 exim4 (4.91-5) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_10-Use-serial-number-1-for-self-generated-selfsigned-ce.patch + 75_fixes_11-Fix-logging-of-cmdline-args-when-starting-in-an-unli.patch + 75_fixes_12-ARC-Fix-signing-for-case-when-DKIM-signing-failed.patch -- Andreas Metzler Sat, 09 Jun 2018 18:10:39 +0200 exim4 (4.91-4) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_06-Cutthrough-fix-race-resulting-in-duplicate-delivery..patch + 75_fixes_07-tidying.patch + 75_fixes_08-ARC-fix-crash-on-signing-with-missing-key-file.patch + 75_fixes_09-Content-scanning-Fix-locking-on-message-spool-files..patch * [lintian] Delete trailing empty lines in changelog. -- Andreas Metzler Thu, 17 May 2018 17:14:53 +0200 exim4 (4.91-3) unstable; urgency=medium * Update from exim-4_91+fixes branch: + 75_fixes_01-Belated-README.UPDATING-notes-for-Exim-4.91.patch + 75_fixes_02-Avoid-doing-logging-in-signal-handlers.-Bug-1007.patch + 75_fixes_03-Fix-typo-in-arc.-Bug-2262.patch + 75_fixes_04-Fix-OpenSSL-non-OCSP-build.patch + 75_fixes_05-DKIM-enforce-limit-of-20-on-received-DKIM-Signature-.patch + Move 50_localscan_dlopen.dpatch to end of patch series and rename to 90_... to preserve alphanumeric patch ordering. * Add log_message for local blacklists to improve log readability. (Patch by Dominic Hargreaves). -- Andreas Metzler Sat, 28 Apr 2018 14:59:36 +0200 exim4 (4.91-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sat, 21 Apr 2018 10:38:50 +0200 exim4 (4.91-1) experimental; urgency=medium * Point watchfile to release directory again and use downloads.exim.org host. * New upstream version. * Tighten b-d on libgnutls28-dev to >= 3.5.7, earlier Debian packages did not ship libgnutls-dane0. -- Andreas Metzler Sun, 15 Apr 2018 17:52:05 +0200 exim4 (4.91~RC4-1) experimental; urgency=medium * New upstream version. -- Andreas Metzler Mon, 09 Apr 2018 19:25:18 +0200 exim4 (4.91~RC3-1) experimental; urgency=medium * New upstream version. * Point vcs* to salsa. -- Andreas Metzler Thu, 05 Apr 2018 19:43:39 +0200 exim4 (4.91~RC2-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch -- Andreas Metzler Wed, 21 Mar 2018 19:25:44 +0100 exim4 (4.91~RC1-1) experimental; urgency=medium * Point watchfile to test subdirectory. * New upstream version: + Drop debian/patches/75_*. + Update example.conf.md5. Upstream now enables verify = header_syntax check in default config, mirror this change in Debian, introduce NO_CHECK_DATA_VERIFY_HEADER_SYNTAX macro to override this. * Build with newly available (well, for GnuTLS) DANE support. * Pull 75_01-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch from upstream master, fixing https://bugs.exim.org/show_bug.cgi?id=2250. -- Andreas Metzler Sat, 17 Mar 2018 17:41:51 +0100 exim4 (4.90.1-5) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_15-Pipe-transport-part-two.-Bug-2257.patch 75_16-Fix-spool_wireformat-final-dot-on-LMTP-transport.-Bu.patch 75_17-Cutthrough-enforce-non-use-in-combination-with-DKIM-.patch -- Andreas Metzler Sat, 31 Mar 2018 07:14:31 +0200 exim4 (4.90.1-4) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_11-DMARC-add-variables-to-list-of-those-now-unused-at-t.patch 75_12-Fix-heavy-pipeline-SMTP-command-input-corruption.-Bu.patch 75_13-Unbreak-DMARC.patch 75_14-Fix-pipe-transport-to-not-use-a-socket-only-syscall..patch -- Andreas Metzler Thu, 22 Mar 2018 07:44:05 +0100 exim4 (4.90.1-3) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_07-Fix-ldap-lookups-for-zero-length-attribute-value.-Bu.patch 75_08-Mark-variables-unused-before-release-of-store-in-the.patch 75_09-Mark-variables-unused-before-release-of-store-in-the.patch 75_10-Mark-variables-that-are-unused-before-release-of-sto.patch -- Andreas Metzler Fri, 16 Mar 2018 18:35:01 +0100 exim4 (4.90.1-2) unstable; urgency=medium * Update from exim-4_90+fixes branch: 75_01-ACL-Enforce-non-usability-of-control-utf8_downconver.patch 75_02-Fix-memory-leak-during-multi-message-reception-using.patch 75_03-OpenSSL-Fix-memory-leak-during-multi-message-connect.patch 75_04-Fix-exim_dbmbuild-to-permit-directoryless-filenames..patch 75_05-OpenSSL-revert-needless-free-of-certificate-list.-Th.patch 75_06-I18N-Fix-utf8_downconvert-propagation-through-a-redi.patch -- Andreas Metzler Sat, 10 Mar 2018 14:25:51 +0100 exim4 (4.90.1-1) unstable; urgency=high * New upstream version, fixing CVE-2018-6789. Closes: #890000 + Drop 75_*.patch. -- Andreas Metzler Sat, 10 Feb 2018 13:45:40 +0100 exim4 (4.90-7) unstable; urgency=medium * Update from exim-4_90+fixes branch. (exim-4.90.0.27) + 75_21-DKIM-fix-buffer-overflow-in-verify.patch + 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch + 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch * Typo fixes in old patch descriptions. (Thanks, lintian!) -- Andreas Metzler Sat, 10 Feb 2018 13:13:37 +0100 exim4 (4.90-6) unstable; urgency=medium * Update from exim-4_90+fixes branch. + 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch + 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch Closes: #887489 + 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch + 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch -- Andreas Metzler Wed, 07 Feb 2018 19:37:03 +0100 exim4 (4.90-5) unstable; urgency=low * Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from exim-4_90+fixes branch. * Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971 * [update-exim4.conf] stop converting variables set to an empty value in /etc/exim4/update-exim4.conf.conf to exim macros with a literal value of "empty" in the generated configuration. Thanks, Gedalya. Closes: #887972 -- Andreas Metzler Sat, 27 Jan 2018 17:00:42 +0100 exim4 (4.90-4) unstable; urgency=low * Update from exim-4_90+fixes branch. 75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch 75_14-Fix-D-string-expansion-to-not-use-millisec.patch 75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch -- Andreas Metzler Sat, 20 Jan 2018 08:00:45 +0100 exim4 (4.90-3) unstable; urgency=medium * Three more patches from exim-4_90+fixes branch: 75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch 75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch 75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch -- Andreas Metzler Mon, 08 Jan 2018 18:55:28 +0100 exim4 (4.90-2) unstable; urgency=medium * Update to exim-4_90+fixes branch: + Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch. + 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch + 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch + 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch + 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch + 75_05-Fix-build-of-nisplus-lookup.patch + 75_06-Fix-const-issue-in-nisplus-lookup.patch + 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch + 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch -- Andreas Metzler Sat, 30 Dec 2017 15:43:52 +0100 exim4 (4.90-1) unstable; urgency=low * rc4 released as 4.90. * Point watchfile to release directory again. * 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream GIT master branch. Fix pgsql lookup for multiple result-tuples with a single column. Previously only the last row was returned. https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html * Simplify debian/rules and make it usable with dh v10 compat. The fine-grained support for selecting the to be built packages (-custom with or without -base) was dropped. The build process is now controlled by attaching tasks to dh-override hooks instead of using file dependencies, makefile-style. The latter broke with dh v10 due to upstream's build-system which always has the main targets out-of-date inter alia due to the compile-number feature. * Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change buildflags ATM.) * Use debhelper v10 compat. * Drop override_dh_strip-arch, we have had enough toolchain and source changes to prevent file conflicts. -- Andreas Metzler Thu, 28 Dec 2017 13:42:23 +0100 exim4 (4.90~RC4-1) unstable; urgency=medium * New upstream version. -- Andreas Metzler Thu, 14 Dec 2017 18:11:40 +0100 exim4 (4.90~RC3-2) unstable; urgency=low * Upload to unstable. * Point homepage to https URL. -- Andreas Metzler Sat, 02 Dec 2017 17:37:13 +0100 exim4 (4.90~RC3-1) experimental; urgency=medium * New upstream version. + Fix a use-after-free while reading smtp input for header lines. A crafted sequence of BDAT commands could result in in-use memory being freed. CVE-2017-16943. Closes: #882648 + Fix checking for leading-dot on a line during headers reading from SMTP input. Previously it was always done; now only done for DATA and not BDAT commands. CVE-2017-16944 Closes: #882671 * Drop 78_Disable-chunking-BDAT-by-default.patch again. -- Andreas Metzler Fri, 01 Dec 2017 19:14:08 +0100 exim4 (4.90~RC2-3) experimental; urgency=medium * As a workaround for the yet-unfixed security vulnerability resurrect (and adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html -- Andreas Metzler Sat, 25 Nov 2017 12:01:40 +0100 exim4 (4.90~RC2-2) experimental; urgency=low * B-d on lynx, instead of lynx-cur | lynx. -- Andreas Metzler Fri, 17 Nov 2017 17:03:10 +0100 exim4 (4.90~RC2-1) experimental; urgency=low * New upstream release candidate. + Unfuzz patches, drop 40_reproducible_build.diff and 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff. + Refresh debian/example.conf.md5, No changes to Debian's configuration needed, upstream added a (commented) entry to change OpenSSL ciphers. -- Andreas Metzler Thu, 16 Nov 2017 19:40:35 +0100 exim4 (4.90~RC1-1) experimental; urgency=low * New upstream release candidate. + Point watchfile to test subdirectory. + Update 40_reproducible_build.diff + Drop 75_fixes*.patch and 80_Repair-manualroute-transport-name-not-last-option.patch. + Unfuzz EDITME*.diff + 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when SOURCE_DATE_EPOCH is set. * Drop trailing whitespace in debian/README.source, debian/changelog and debian/rules. (Thanks, lintian) * Drop debian/README.source and outdated parts of debian/copyright. -- Andreas Metzler Sun, 29 Oct 2017 10:52:30 +0100 exim4 (4.89-13) unstable; urgency=high * 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944 -- Andreas Metzler Wed, 29 Nov 2017 19:30:37 +0100 exim4 (4.89-12) unstable; urgency=high * Sync with exim-4_89+fixes branch: + 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch + 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943 * Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch. -- Andreas Metzler Tue, 28 Nov 2017 20:04:23 +0100 exim4 (4.89-11) unstable; urgency=critical * B-d on lynx, instead of lynx-cur | lynx. -- Andreas Metzler Sat, 25 Nov 2017 13:02:43 +0100 exim4 (4.89-10) unstable; urgency=critical * As a workaround for the yet-unfixed security vulnerability resurrect 78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648 https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html -- Andreas Metzler Sat, 25 Nov 2017 11:43:24 +0100 exim4 (4.89-9) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Fri, 27 Oct 2017 19:23:25 +0200 exim4 (4.89-8) experimental; urgency=low * Sync with exim-4_89+fixes branch: 75_fixes_17-Fix-queue_run_in_order-to-ignore-the-PID-portion-of-.patch 75_fixes_18-Use-safer-routine-for-possibly-overlapping-copy.patch * Point watchfile to https site. -- Andreas Metzler Mon, 23 Oct 2017 19:14:24 +0200 exim4 (4.89-7) unstable; urgency=low * In debian/rules' manually called update-mtaconflicts target use grep-aptavail instead of hard-coding /var/lib/apt/lists/. (Thanks, Julian Andres Klode) Closes: #874772 * Update debian/mtalist. * Sync with exim-4_89+fixes branch: 75_fixes_13-Document-CVE-assignment-for-Berkeley-DB-issue.patch 75_fixes_14-DKIM-fix-signing-bug-induced-by-total-size-of-parame.patch 75_fixes_15-SOCKS-fix-unitialized-pointer.patch 75_fixes_16-Fix-crash-in-transport-on-second-smtp-connect-fail-f.patch. -- Andreas Metzler Wed, 27 Sep 2017 07:35:23 +0200 exim4 (4.89-6) unstable; urgency=medium * Use "runuser --command ..." instead of "su - --command ..." in exim4-base.cron.daily to avoid invoking pam_systemd. Closes: #871688 (Thanks, Jakobus Schürz) * Sync priorities with override file: exim4{,-base,-config,-daemon-light} optional from standard, exim4-dev optional from extra. * In debian/rules when setting up the build-tree for -custom also copy EDITME.eximon to allow building based on EDITME.exim4-light with eximon building *not* disabled. (Thanks, Marko von Oppen) Closes: #783813 -- Andreas Metzler Sat, 09 Sep 2017 15:29:39 +0200 exim4 (4.89-5) unstable; urgency=medium * Update to exim-4_89+fixes branch: 75_fixes_01-Start-exim-4_89-fixes-to-cherry-pick-some-commits-fr.patch 75_fixes_02-Cleanup-prevent-repeated-use-of-p-oMr-to-avoid-mem-l.patch (replaces 79_CVE-2017-1000369.patch) 75_fixes_03-Fix-log-line-corruption-for-DKIM-status.patch (replaces 81_Fix-log-line-corruption-for-DKIM-status.patch) 75_fixes_04-Openssl-disable-session-tickets-by-default-and-sessi.patch 75_fixes_05-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch 75_fixes_07-Openssl-disable-session-tickets-by-default-and-sessi.patch 75_fixes_08-Transport-fix-smtp-under-combo-of-mua_wrapper-and-li.patch 75_fixes_09-Use-the-BDB-environment-so-that-a-database-config-fi.patch (CVE-2017-10140) 75_fixes_10-Fix-cache-cold-random-callout-verify.-Bug-2147.patch 75_fixes_11-On-callout-avoid-SIZE-every-time-but-noncacheable-rc.patch 75_fixes_12-Fix-build-for-earlier-version-Berkeley-DB.patch * Simplify debian/rules by including buildflags.mk unconditionally which was introduced in dpkg 1.16.1 released in October 2011. * Use pkg-info.mk to get package-version, upstream-version and SOURCE_DATE_EPOCH. For the latter fall back to current time if it is not provided by pkg-info.mk. * [lintian] In *daemon.postinst use which certtool instead of [ -x /usr/bin/certtool ] to check for availablility of the command. -- Andreas Metzler Thu, 10 Aug 2017 10:17:05 +0200 exim4 (4.89-4) unstable; urgency=low * 80_Repair-manualroute-transport-name-not-last-option.patch from GIT master: Starting with 4.85 a transport name needed to specified after options in route_list. Closes: #865287 * Add 81_Fix-log-line-corruption-for-DKIM-status.patch from GIT master. * Drop 78_Disable-chunking-BDAT-by-default.patch, enable BDAT/Chunking by default. * Standards-Version: 4.0.0 + Do not check for availability of invoke-rc.d, use it always and do not fall back to invoking the init-script directly. + Drop eximon menu file. * Migrate to automatic debug packages. Bump b-d on debhelper since --dbgsym-migration was introduced in debhelper 9.20160114. -- Andreas Metzler Sat, 15 Jul 2017 12:46:16 +0200 exim4 (4.89-3) unstable; urgency=high * Re-upload to unstable. -- Andreas Metzler Mon, 19 Jun 2017 18:51:13 +0200 exim4 (4.89-2+deb9u1) stretch-security; urgency=medium * CVE-2017-100369 -- Wed, 14 Jun 2017 07:03:07 +0200 exim4 (4.89-2) unstable; urgency=medium * Revert addition of header "# pidfile: /var/run/exim4/exim.pid" to initscript (#844178). It breaks when the initscript does not start a daemon but only runs update-exim4.conf. (inetd or QUEUERUNNER='nodaemon'). Closes: #860317 * When reporting bugs also attach /etc/default/exim4 by default. -- Andreas Metzler Thu, 20 Apr 2017 17:14:04 +0200 exim4 (4.89-1) unstable; urgency=medium * Enable inbound (server-side) proxying for -heavy. Closes: #856712 * New upstream release, source identical to RC7. -- Andreas Metzler Thu, 09 Mar 2017 17:49:47 +0100 exim4 (4.89~RC7-1) unstable; urgency=medium * New upstream version. -- Andreas Metzler Wed, 01 Mar 2017 18:37:18 +0100 exim4 (4.89~RC6-1) unstable; urgency=medium * Document E4BCD_PANICLOG_LINES in README.Debian. * New upstream version. -- Andreas Metzler Thu, 23 Feb 2017 18:24:33 +0100 exim4 (4.89~RC5-1) unstable; urgency=medium * New upstream version. -- Andreas Metzler Mon, 13 Feb 2017 19:04:46 +0100 exim4 (4.89~RC4-1) unstable; urgency=medium * New upstream version. + Drop 92_CVE-2016-1238.diff. * Use /run/exim4/ instead of legacy directory /var/run/exim4 for pidfile while we are changing the init script. -- Andreas Metzler Sun, 12 Feb 2017 15:28:09 +0100 exim4 (4.89~RC3-1) unstable; urgency=medium * New upstream version. + Unfuzz 92_CVE-2016-1238.diff. * init file: + Source /etc/default/exim4 *before* defining the shell variables holding the pidfilenames. Overriding these via /etc/default/exim4 is not supported. + Add missing support for reload when QUEUERUNNER='queueonly'. + For QUEUERUNNER='queueonly' use $PIDFILE instead of $QRPIDFILE. This way $PIDFILE is used for the main exim process for all available QUEUERUNNER choices. + Add header "# pidfile: /var/run/exim4/exim.pid" for improved systemd interaction. systemd-sysv-generator uses this pseudoheader to set PIDFile in the generated service file and it also sets RemainAfterExit=no instead of yes if it is present. Thanks, Michael Biebl for suggestion and explanation. Closes: #844178 -- Andreas Metzler Fri, 10 Feb 2017 19:08:52 +0100 exim4 (4.89~RC2-1) unstable; urgency=medium * New upstream version. + Drop 75_add_bak_spec.txt.diff. -- Andreas Metzler Sat, 04 Feb 2017 15:24:44 +0100 exim4 (4.89~RC1-1) unstable; urgency=low * Refresh debian/upstream/signing-key.asc. * New upstream bugfix release. + Drop superfluous patches. 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch + Unfuzz 31_eximmanpage.dpatch and 78_Disable-chunking-BDAT-by-default.patch. + Add 75_add_bak_spec.txt.diff - spec.txt and filter.txt missing in rc tarball. + Unfuzz debian/EDITME.exim4-*. + Update debian/example.conf.md5. - Upstream typo fix. -- Andreas Metzler Tue, 31 Jan 2017 19:52:50 +0100 exim4 (4.88-5) unstable; urgency=medium * 78_Disable-chunking-BDAT-by-default.patch: Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty. This is a Debian specific change, we are right before the freeze and BDAT needs a little time. -- Andreas Metzler Thu, 19 Jan 2017 19:18:15 +0100 exim4 (4.88-4) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Sat, 07 Jan 2017 14:38:00 +0100 exim4 (4.88-3) experimental; urgency=medium * Pull multiple patches from upstream GIT: + 75_00_DKIM-More-validation-of-DNS-key-record.-Bug-1926.patch, 75_01_DKIM-Under-debug-when-signing-do-an-extra-check-on-t.patch + 75_02_Do-not-call-ldap_start_tls_s-on-ldapi-connections.patch + 75_03_PROXY-fix-v2-protocol-decode.-Bugs-2003-1747.patch + 75_04_CHUNKING-fix-non-pipelined-synch-checks.-Bug-2004.patch (Thanks, Bart Noordervliet for the pointer) Closes: #850175 -- Andreas Metzler Fri, 06 Jan 2017 17:32:20 +0100 exim4 (4.88-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Tue, 27 Dec 2016 17:36:29 +0100 exim4 (4.88-1) experimental; urgency=medium * New upstream version. * Upload to experimental, let (almost identical) 4.88~RC6-2 propagate to testing. * Drop 75_Fix-DKIM-information-leakage.patch. -- Andreas Metzler Sun, 25 Dec 2016 18:07:12 +0100 exim4 (4.88~RC6-2) unstable; urgency=high * Add macro IGNORE_SMTP_LINE_LENGTH_LIMIT to allow disabling the SMTP DATA physical line limit check for both for SMTP DATA ACL and remote_smtp* transports. Closes: #828801 Also update corresponding NEWS entry. * [lintian] debian/changelog: s/lenght/length/ * Pull 75_Fix-DKIM-information-leakage.patch from upstream GIT, fixing DKIM information leakage issue CVE-2016-9963. -- Andreas Metzler Thu, 22 Dec 2016 16:50:21 +0100 exim4 (4.88~RC6-1) unstable; urgency=low * New upstream version. -- Andreas Metzler Thu, 08 Dec 2016 07:19:18 +0100 exim4 (4.88~RC5-1) unstable; urgency=low * New upstream version. + Drop 75_01-Ensure-socket-is-nonblocking-before-draining.diff. -- Andreas Metzler Sat, 19 Nov 2016 17:43:51 +0100 exim4 (4.88~RC4-2) unstable; urgency=low * Pull 75_01-Ensure-socket-is-nonblocking-before-draining.diff from upstream GIT to fix exim bug 1914 (exim doesn't close connection after quit. * Upload to unstable. -- Andreas Metzler Sat, 12 Nov 2016 07:26:14 +0100 exim4 (4.88~RC4-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Mon, 07 Nov 2016 19:08:47 +0100 exim4 (4.88~RC3-1) experimental; urgency=medium * New upstream version. Drop 75_01-Fix-check-for-commandline-macro-definition.patch 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch. -- Andreas Metzler Mon, 24 Oct 2016 19:25:31 +0200 exim4 (4.88~RC2-3) experimental; urgency=medium * Fix thinko in exim4-daemon-*.postinst. Do not regenerate gnutls params on every upgrade. * 75_02_Fix-bug-with-aborted-server-TLS-connection-under-Gnu.patch: Fix longstanding bug with aborted TLS server connection handling. Under GnuTLS, when a session startup failed (eg because the client disconnected) Exim did stdio operations after fclose. This was exposed by a recent change which nulled out the file handle after the fclose. -- Andreas Metzler Sun, 23 Oct 2016 16:39:13 +0200 exim4 (4.88~RC2-2) experimental; urgency=medium * 75_01-Fix-check-for-commandline-macro-definition.patch - Fix permission problems on commandline mail submission. Closes: #840355 -- Andreas Metzler Thu, 13 Oct 2016 19:25:07 +0200 exim4 (4.88~RC2-1) experimental; urgency=low * New upstream version. + Changed default Diffie-Hellman parameters to be Exim-specific, created by Phil Pennock. Added RFC7919 DH primes as an alternative. Closes: #839978 * Set tls_dhparam = historic to use site-specific DH parameters. * Again, ship /usr/share/exim4/exim4_refresh_gnutls-params, use it in -daemon postinst. * Initialize /var/spool/exim4/gnutls-params-2048 at daemon install, either by running certtool or by installing /usr/share/exim4/gnutls-params-2048. Do not try to use openssl dhparam, it takes too long. -- Andreas Metzler Sun, 09 Oct 2016 17:37:08 +0200 exim4 (4.88~RC1-1) experimental; urgency=low * Drop reference to removed (in 4.80-7) "what"-option in init script usage message. (Thanks, Calum Mackay!) Closes: #823855 * 92_CVE-2016-1238.diff: eximstats: Remove . from @INC [CVE-2016-1238] Closes: #832442 * [lintian] update-exim4.conf.8 - fix typo. * [lintian] Drop unused override binaries-have-file-conflict. * B-d on default-libmysqlclient-dev. * New upstream version. + Refresh patches: 31_eximmanpage.dpatch 32_exim4.dpatch 35_install.dpatch 50_localscan_dlopen.dpatch + Drop superfluous patches. 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch + Fix crash in VRFY handling when handed an unqualified name (lacking @domain). Apply the same qualification processing as RCPT. Closes: #834699 + Fix a possible security hole, wherein a process operating with the Exim UID can gain a root shell. Credit to http://www.halfdog.net/ for discovery and writeup. LP: #1580454 * [lintian] exim4-config_files.5 - fix typo. -- Andreas Metzler Sun, 25 Sep 2016 15:44:00 +0200 exim4 (4.87-3) unstable; urgency=medium * Pull multiple patches from upstream GIT: + 71_01_configure.default-nice-message-for-overlong-lines-Bu.patch Improved message on overlong lines in example config. + 71_02_Delivery-quieten-smtp-transport-conn-reuse-vs.-deliv.patch Fix race condition related to connection reuse. https://bugs.exim.org/show_bug.cgi?id=1810 + 71_03_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch 71_04_Avoid-exposing-passwords-in-log-on-failing-ldap-look.patch Avoid exposing passwords in log on failing ldap lookup expansion. https://bugs.exim.org/show_bug.cgi?id=165 * Copy information message on rejecting overlong lines in data ACL from upstream example configuration. Closes: #823418 * Add NEWS entry on line-length-limit introduced in 4.87~RC1-1. Closes: 821830 -- Andreas Metzler Sun, 08 May 2016 14:03:10 +0200 exim4 (4.87-2) unstable; urgency=medium * Fix reference to README.Debian in 01_exim4-config_listmacrosdefs. (Thanks, L. Guruprasad!) Closes: #821416 * Add REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS macro to enforce TLS connections (hosts_require_tls option) in remote_smtp_smarthost transport. Closes: #822174 * exim4-daemon-heavy: Disable WITH_OLD_DEMIME ("demime" ACL condition). It is deprecated and will be removed in 4.88. * README.Debian*: Fix minor issues found by lintian. * Fix reference to spec.txt in 30_exim4-config_check_rcpt. Closes: #665399 * Drop exim4-base Recommends on perl-modules. This had been unnecessary since 4.80~rc6-1 which dropped /usr/share/exim4/timeout.pl. -- Andreas Metzler Sat, 30 Apr 2016 13:38:29 +0200 exim4 (4.87-1) unstable; urgency=medium * Fix comment in conf.d/transport/30_exim4-config_remote_smtp_smarthost. (Thanks, Jörg-Volker Peetz!) Closes: #819780 * New upstream release. -- Andreas Metzler Thu, 07 Apr 2016 19:26:59 +0200 exim4 (4.87~RC7-1) unstable; urgency=low * Enable SOCKS support in both -light and -heavy. Closes: #818091 * Fix typos in configuration. (Thanks, Vincent Lefevre!) Closes: #819482 * New upstream version. + Drop 74_Store-the-initial-working-directory.diff, 75_String-expansions-fix-extract.patch, 76_only_warn_on_nonempty_environment.diff. + Update debian/example.conf.md5. -- Andreas Metzler Fri, 01 Apr 2016 19:04:07 +0200 exim4 (4.87~RC6-3) unstable; urgency=medium * Merge changelog entries for 4.86.2-1 and -2. * Upload to unstable. * Add link to CVE details to latest NEWS entry and bump its version and date to match this upload. Closes: #818349, #817244 -- Andreas Metzler Wed, 23 Mar 2016 18:44:22 +0100 exim4 (4.87~RC6-2) experimental; urgency=medium * 74_Store-the-initial-working-directory.diff, 76_only_warn_on_nonempty_environment.diff: Upstream followups on the CVE fix (Thanks, Heiko Schlittermann!): + Runtime warning is only generated if (and only if) keep_environment is unset and environment is nonempty. + Store the initial working directory and make it available in the new expansion variable $initial_cwd. * Merge all NEWS.Debian files into a single one, identical for all binary packages. - Different NEWS files built from a single source package is not and has not ever been supported by apt-listchanges which is the most important frontend. * Add a NEWS entry about the environment related runtime warning. -- Andreas Metzler Sat, 19 Mar 2016 18:11:32 +0100 exim4 (4.87~RC6-1) experimental; urgency=medium * New upstream version. * Add 75_String-expansions-fix-extract.patch from upstream GIT, fixing ${extract } string expansion for the numeric/3-string case. (Bug was introduced in 4.85.) * Set keep_environment to empty value instead of setting a minimal PATH in add_environment. -- Andreas Metzler Fri, 11 Mar 2016 19:50:07 +0100 exim4 (4.87~RC5-2) experimental; urgency=medium * Update debian/upstream/signing-key.asc, using the keys listed in ftp://ftp.exim.org/pub/exim/Exim-Maintainers-Keyring.asc. This adds Heiko Schlittermann's key. * Bump exim4-config Breaks to exim4-daemon-* (<< 4.87~RC5). Closes: #816790 -- Andreas Metzler Sat, 05 Mar 2016 13:17:01 +0100 exim4 (4.87~RC5-1) experimental; urgency=medium * exim4-config.postinst: Test for existence of /etc/inetd.conf before trying to grep in it. Closes: #814998 * New upstream version, includes the patch for CVE-2016-1531. (Local root exploit). * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. -- Andreas Metzler Wed, 02 Mar 2016 21:06:43 +0100 exim4 (4.87~RC3-2) experimental; urgency=medium * README.Debian: Refer to Exim specification by chapter name instead of chapter number. Closes: #813351 * Fix some spelling errors found by lintian. * Minor debian/rules cleanup: + Restore originally intended behavior, upstream changelog is only shipped in exim4-base, symlinks to it elsewhere. + Drop workaround for #347577, fixed in debhelper 5.0.15. + Use "dh binary-arch" and "dh binary-indep" and a bunch of override targets instead of listing all dh-commands. While this is uglier and slows things down a bit it shortens debian/rules by 40 lines and has the huge benefit that we automatically use all suggested helpers in correct order. + Drop unused variables combinedidbgpackage/dhcombinedidbgpackage. + Delete unused, commented code. + Drop (exported) variable MTACONFLICTS, used only once. * Bugfix: Stop build if generation of EDITME.exim4-heavy fails. * Refresh debian/EDITME.*, -heavy was missing ldap and sql support. -- Andreas Metzler Sat, 13 Feb 2016 20:10:53 +0100 exim4 (4.87~RC3-1) experimental; urgency=medium * Move Vcs-* from git/http to https. * [lintian] README.Debian: s/desireable/desirable/. * [lintian] README.Debian: Fix grammar error "allow + infinitive". * [lintian] exim4-config.postinst: Use which foo > /dev/null instead of [ -x /path/to/foo ]. * Update list of patches in debian/README.Debian.xml * Drop 66_enlarge-dh-parameters-size.dpatch: It does not have any effect with GnuTLS >= 2.12 and even stable has GnuTLS 3.x. * New upstream version. + Upstream's default rcpt ACL now requires that a HELO/EHLO was accepted, merge this change and drop CHECK_MAIL_HELO_ISSUED macro. -- Andreas Metzler Thu, 21 Jan 2016 17:44:00 +0100 exim4 (4.87~RC2-1) experimental; urgency=medium * New upstream version. -- Andreas Metzler Sat, 19 Dec 2015 17:51:39 +0100 exim4 (4.87~RC1-1) experimental; urgency=medium * New upstream version. + Refresh patches. + Drop debian/patches/75_00xx*.patch from exim-4_86+fixes branch. + Sync with upstream default configuration: Check maximum (physical, i.e. before unfolding) line length in default spec file data ACL and smtp transport. Bug 1684 Closes: #797919 + HS/02 Add the Exim version string to the process info. This way exiwhat gives some more detail about the running daemon. Closes: #240883 * Override upstream's new default of tls_advertise_hosts = * if MAIN_TLS_ENABLE is not set. -- Andreas Metzler Fri, 11 Dec 2015 20:15:30 +0100 exim4 (4.86.2-2) unstable; urgency=high * Bump exim4-config Breaks to exim4-daemon-* (<< 4.86.2). Closes: #816790 -- Andreas Metzler Sat, 05 Mar 2016 13:07:31 +0100 exim4 (4.86.2-1) unstable; urgency=high * Pull 75_0012_Cutthrough-Fix-bug-with-dot-only-line.patch from upstream 4.86+fixes branch. * New upstream security release for CVE-2016-1531. + New options keep_environment/add_environment which are empty by default, i.e. any subprocesses start in a clean (empty) environment. + -C requires an absolute path. + Exim changes it's working directory to / right after startup. * Add macros MAIN_KEEP_ENVIRONMENT and MAIN_ADD_ENVIRONMENT to set the new options. If neither is used we use add_environment to set a minimal PATH=/bin:/usr/bin to avoid a runtime warning. -- Andreas Metzler Tue, 01 Mar 2016 19:34:39 +0100 exim4 (4.86-7) unstable; urgency=medium * Allow arch-indep build (dpkg-buildpackage -A). Closes: #806023 * 75_0011_MIME-fix-crash-on-filenames-having-null-charset.-Bug.patch from exim-4_86+fixes branch fixes another MIME ACL related crash. https://bugs.exim.org/show_bug.cgi?id=1730 -- Andreas Metzler Sat, 28 Nov 2015 18:45:31 +0100 exim4 (4.86-6) unstable; urgency=medium * Cleanup (actual patch is identical): Use 75_0009_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from exim-4_86+fixes branch instad of 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch. * Pull 75_0010_DKIM-ignore-space-tab-embedded-in-base64-during-deco.patch, DKIM: ignore space & tab embedded in base64 during decode. Bug 1700 -- Andreas Metzler Sun, 08 Nov 2015 07:55:51 +0100 exim4 (4.86-5) unstable; urgency=high * Pull 76_Avoid-misaligned-access-in-cached-lookup.-Bug-1708.patch from GIT head to avoid misaligned access in cached lookup. Closes: #803255 -- Andreas Metzler Tue, 03 Nov 2015 19:33:49 +0100 exim4 (4.86-4) unstable; urgency=medium * Fix documentation of lowuid_aliases router, exceptions are in CONFDIR/lowuid-aliases not CONFDIR/lowuid_aliases. (Thanks, Tim Krah) Closes: #799672 * fcron has been removed from Debian in 2011, stop listing it as an alternative dependency of exim4-base (Thanks, Alexandre Detiste). Closes: #798236 * Update to upstream exim-4_86+fixes branch: + Drop 75_Fix-ESMTP-MAIL-command-option-processing.patch, 76_Fix-post-transport-crash.patch, 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch, 78_Close-logs-after-daemon-process-exceptional-write.patch. + Add 75_0001-Fix-post-transport-crash.patch 75_0002-Fix-post-transport-crash-safeguard-for-missing-spool.patch 75_0003-Fix-ESMTP-MAIL-command-option-processing.patch 75_0005-Close-logs-after-daemon-process-exceptional-write.-B.patch 75_0007-DNS-time-limit-cached-returns-using-TTL.-Bug-1395.patch 75_0008-Retry-always-use-interface-if-set-for-retry-DB-key.-.patch * Use dh v9. -- Andreas Metzler Sat, 17 Oct 2015 15:01:01 +0200 exim4 (4.86-3) unstable; urgency=medium * Pull three patches from upstream git: + 75_Fix-ESMTP-MAIL-command-option-processing.patch: Corrects handling of mail-addresses with whitespace. + 76_Fix-post-transport-crash.patch 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch * Fix spelling error in copyright file. (Thanks, lintian) * Pull 77_Fix-post-transport-crash-safeguard-for-missing-spool.patch from upstream git, exim was keeping logfiles open after after a "too many connections" event. Closes: #796524, #476958 (Thanks to Andreas Pflug for chasing this.) * When saving the berkeley DB version at build-time pass -P option to cpp, to prevent linebreaks. -- Andreas Metzler Tue, 25 Aug 2015 20:05:59 +0200 exim4 (4.86-2) unstable; urgency=high * Update exim4-config Breaks, PRDR support is was moved from being Experimental into the mainline with 4.83. Closes: #794320 -- Andreas Metzler Sun, 02 Aug 2015 07:40:24 +0200 exim4 (4.86-1) unstable; urgency=medium * New upstream version, identical to RC5 (except for the version string). -- Andreas Metzler Sun, 26 Jul 2015 18:35:33 +0200 exim4 (4.86~RC5-1) unstable; urgency=medium * New upstream version. + Drop 75_Bump-LOCAL_SCAN_ABI_VERSION.patch. -- Andreas Metzler Sat, 18 Jul 2015 11:46:11 +0200 exim4 (4.86~RC4-2) unstable; urgency=medium * Drop libmysqlclient15-dev alternative build-dependency. Closes: #790463 * Update list of upstream gpg-keys (0x4D1E900E14C1CC04 Phil Pennock, 0x85AB833FDDC03262 Nigel Metheringham, 0xFFC0F14C84C71B6E Tony Finch, 0xC4F4F94804D29EBA Todd Lyons, 0xBCE58C8CE41F32DF Jeremy Harris, 0x63762CDA67E2F359 David Woodhouse, 0xAD5EDBB793EC57E4 Graeme Fowler), transition from debian/upstream-signing-key.pgp to debian/upstream/signing-key.asc. * Pull 75_Bump-LOCAL_SCAN_ABI_VERSION.patch from upstream GIT and update exim4-localscanapi-x.y provides to 2.0. A binNMU of sa-exim will then properly fix the issue. Closes: #790616 -- Andreas Metzler Sun, 05 Jul 2015 11:47:47 +0200 exim4 (4.86~RC4-1) unstable; urgency=medium * unexport/undefine TZ in debian/rules for reproducible build. It would be used as default value for TIMEZONE_DEFAULT. * New upstream version. + Unfuzz 31_eximmanpage.dpatch. -- Andreas Metzler Mon, 29 Jun 2015 07:43:19 +0200 exim4 (4.86~RC3-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Tue, 23 Jun 2015 19:11:19 +0200 exim4 (4.86~RC3-1) experimental; urgency=medium * Don't provide default-mta on Ubuntu and Ubuntu-derivatives. See LP-bug 1166671. * New upstream version. -- Andreas Metzler Mon, 22 Jun 2015 20:39:11 +0200 exim4 (4.86~RC2-1) experimental; urgency=medium * Drop nowadays unneeded XS-Testsuite: autopkgtest in debian/control (Thanks, lintian). * New upstream version: +Drop included patches. (-72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch, 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch, 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch, 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch) * Sync Debian config with upstream default config: + Set prdr_enable. + Add +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified to log_selector option value. -- Andreas Metzler Wed, 17 Jun 2015 19:49:58 +0200 exim4 (4.86~RC1-3) experimental; urgency=medium * Get time and date of latest debian/changelog entry and patch exim(on) to use these instead of __DATE__ and __TIME__. * Pull 72_0004-Content-scan-Use-ETIMEDOUT-not-ETIME-as-having-bette.patch from GIT to fix FTBFS on kfreebsd. -- Andreas Metzler Sat, 13 Jun 2015 15:22:47 +0200 exim4 (4.86~RC1-2) experimental; urgency=medium * Pull three post-release fixes from upstream GIT. (null pointer derefencing, and spam scanning defaulting to rspam mode) + 72_0001-Guard-routing-against-a-null-deref.-Bug-1639.patch + 72_0002-Spamd-add-missing-initialiser.-Rspamd-mode-was-incor.patch + 72_0003-DSN-fix-null-deref-when-bounce-is-due-to-conn-timeou.patch -- Andreas Metzler Sun, 07 Jun 2015 07:26:13 +0200 exim4 (4.86~RC1-1) experimental; urgency=medium * New upstream release. + Drop 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch, refresh patches. + Update EDITME*, enable AUTH_TLS for -heavy. + Sync Debian config with upstream default config, rfc1413 calls are now disabled by default. + Uses MIME format bounce messages (RFC 3461). Closes: #230284,#400741 + The spamd_address main option now supports an optional timeout value per server (tmo=timespec), it defaults two 2 minutes. Closes: #297915 + spamd_address also accepts hostnames and IPv6 addresses. Closes: #751687 + log reason for defer, on a hostlist dns-lookup temporary error. Closes: #670035 -- Andreas Metzler Sat, 06 Jun 2015 15:41:33 +0200 exim4 (4.85-3) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Tue, 28 Apr 2015 19:34:16 +0200 exim4 (4.85-2) experimental; urgency=medium * Merge from unstable 4.84-8. + Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and (<< ${source:Version}.1), at least source version, but not the next sourceful upload. Closes: #777246 + Pull 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from upstream GIT which fixes breakage of string-expansion in headers_remove commands. (Thanks Gordon Dickens, for the pointer.) - 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch not added here since it already part of 4.85. -- Andreas Metzler Sat, 21 Feb 2015 15:38:47 +0100 exim4 (4.85-1) experimental; urgency=medium * exim4-config_files.5: Escape dots in regex. (Thanks, ael) * New upstream version. -- Andreas Metzler Tue, 13 Jan 2015 18:48:45 +0100 exim4 (4.85~RC4-1) experimental; urgency=medium * update-exim4.conf: + Drop unused variable UPEX4C_internal_tmp. + Use tempfile(1) if the generated file will not be written to /var/lib/exim4/. + Add --check option. * init-script: On restart use update-exim4.conf --check before stopping the daemon. (This is a no-op with systemd since its sysv compat layer translates "foo restart" into "foo stop" "foo start" instead of using the init scripts restart target.) * Handle _RC in watchfile with uversionmangle. * New upstream version. + Stop repacking source, rfcs have been dropped. -- Andreas Metzler Wed, 31 Dec 2014 14:24:35 +0100 exim4 (4.85~RC3+dfsg-1) experimental; urgency=medium * New upstream version. -- Andreas Metzler Thu, 18 Dec 2014 19:07:59 +0100 exim4 (4.85~RC2+dfsg-1) experimental; urgency=medium * New upstream version. * Unfuzz patches: 50_localscan_dlopen.dpatch 67_unnecessaryCopt.diff 70_remove_exim-users_references.dpatch. -- Andreas Metzler Mon, 01 Dec 2014 18:54:17 +0100 exim4 (4.85~RC1+dfsg-1) experimental; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop neither expects a mbox-style From nor an empty line add the end. (Thanks, Edward Betts) Closes: #769396 * Change the init script's restart order from { regenerate_config; stop; start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) Closes: #768874 * New upstream version. + Unfuzz 66_enlarge-dh-parameters-size.dpatch + Drop 80_mime_empty_charset.diff. * Remove rfc from upstream source and repack it. -- Andreas Metzler Tue, 18 Nov 2014 19:28:20 +0100 exim4 (4.84-8) unstable; urgency=medium * Pull 83_Remove-limit-on-remove_headers-item-size.-Bug-1533.patch and 84_Fix-truncation-of-items-in-headers_remove-lists-this.patch from upstream GIT which fix breakage of string-expansion in headers_remove commands. (Thanks Gordon Dickens, for the pointer.) -- Andreas Metzler Tue, 17 Feb 2015 18:00:42 +0100 exim4 (4.84-7) unstable; urgency=medium * Tighten dependency of exim4 on exim4-base to (>= ${source:Version}) and (<< ${source:Version}.1), at least source version, but not the next sourceful upload. Closes: #777246 -- Andreas Metzler Sat, 07 Feb 2015 15:12:33 +0100 exim4 (4.84-6) unstable; urgency=medium * Revert init script's restart order change in 4.84-4 for the time being. This needs a slightly more involved change than I want to push into jessie right now. -- Andreas Metzler Sun, 21 Dec 2014 14:07:12 +0100 exim4 (4.84-5) unstable; urgency=medium * 82_quoted-or-r-2047-encoded.diff pulled from upstream git (sans testsuite), extends the fix in 4.84-2. -- Andreas Metzler Wed, 17 Dec 2014 19:03:39 +0100 exim4 (4.84-4) unstable; urgency=medium * Unset message_prefix/message_sufix in maildrop_pipe transport. Maildrop neither expects a mbox-style From nor an empty line add the end. (Thanks, Edward Betts) Closes: #769396 * Change the init script's restart order from { regenerate_config; stop; start ; } to { stop; regenerate_config; start ; }. (Thanks, Jakub Warmuz) Closes: #768874 * 81_buffer-overrun-in-spam-acl.diff from upstream git. Fix a buffer overrun with control characters in argument of spam= acl condition. -- Andreas Metzler Sun, 30 Nov 2014 08:24:04 +0100 exim4 (4.84-3) unstable; urgency=medium * Apply patch to Italian (it) debconf template translation, thanks to s3v . Closes: #764925 * Let virtual package cron-daemon fulfill exim4-base's dependency now that bcron provides it instead of "cron" and systemd-cron is fixed. Closes: #765720 -- Andreas Metzler Sun, 19 Oct 2014 13:35:56 +0200 exim4 (4.84-2) unstable; urgency=high * Add 80_mime_empty_charset.diff from upstream GIT (the parts that change the code, not the testsuite) to handle empty content-type charset. -- Andreas Metzler Fri, 29 Aug 2014 19:41:38 +0200 exim4 (4.84-1) unstable; urgency=medium * New upstream release. -- Andreas Metzler Thu, 14 Aug 2014 19:33:01 +0200 exim4 (4.84~RC2-1) unstable; urgency=medium * New upstream release candidate. -- Andreas Metzler Sat, 09 Aug 2014 07:42:00 +0200 exim4 (4.84~RC1-3) unstable; urgency=medium * Third try. Simply comment *custom* in debian/control. -- Andreas Metzler Sat, 02 Aug 2014 09:29:13 +0200 exim4 (4.84~RC1-2) unstable; urgency=medium * Re-upload, after manually removing *custom* from the changes file to avoid false detection of NEW packages due to the changes in the archive infrastructure related source-only uploads. -- Andreas Metzler Sat, 02 Aug 2014 08:14:54 +0200 exim4 (4.84~RC1-1) unstable; urgency=medium * New upstream release candidate, fixing a regression in the MIME handling code. -- Andreas Metzler Sat, 02 Aug 2014 07:45:26 +0200 exim4 (4.83-2) unstable; urgency=medium * Upload to unstable. -- Andreas Metzler Sat, 26 Jul 2014 09:25:15 +0200 exim4 (4.83-1) experimental; urgency=medium * New upstream release which includes the fix for CVE-2014-2972. -- Andreas Metzler Wed, 23 Jul 2014 08:13:22 +0200 exim4 (4.83~RC3-1) experimental; urgency=medium * New upstream release candidate. -- Andreas Metzler Tue, 08 Jul 2014 19:07:52 +0200 exim4 (4.83~RC2-1) experimental; urgency=medium * New upstream release candidate. + JH/26 Port service names are now accepted for tls_on_connect_ports, to align with daemon_smtp_ports. Bug 72. Closes: #316441 -- Andreas Metzler Fri, 06 Jun 2014 19:11:24 +0200 exim4 (4.83~RC1-1) experimental; urgency=medium * New upstream feature release candidate. + JH/06 Log outbound-TLS and port details, subject to log selectors, for a failed delivery. Closes: #712987 * Unfuzz 31_eximmanpage.dpatch and 50_localscan_dlopen.dpatch. * Drop superfluous patches: 75_unbind-ldap-connection.diff 76_fix_ldap_option_setting.diff 77_close-the-server-side-of-TLS.diff 80_fix_ftbfs_hurd.diff * Since exim4-base currently only includes daily cronjobs let anacron fulfill the dependency, too. Systems with missing recommends (anacron recommends cron) that are *not* restarted regularily will therefore not run the cron-job regularily. Exim should not break horribly in this case and we can assume the local system administrator knows what (s)he is doing by disabling installation of recommends. (Policy: "[...] packages that would be found together with this one in all but unusual installations") Closes: #733929 -- Andreas Metzler Thu, 29 May 2014 13:09:04 +0200 exim4 (4.82.1-2) unstable; urgency=high * [87_double_expansion.diff] from upstream. Stop unwanted double expansion of arguments to mathematical comparison operations. CVE-2014-2972 -- Andreas Metzler Sun, 20 Jul 2014 19:05:48 +0200 exim4 (4.82.1-1) unstable; urgency=high * New upstream security release, fixing CVE-2014-2957. This is a remote code execution flaw in Exim version 4.82 (only) when built with DMARC support. Debian's binary packages are not built with DMARC support and therefore not vulnerable. However we want to fix this for people building their own binaries based on Debian's packaging. -- Andreas Metzler Wed, 28 May 2014 19:01:43 +0200 exim4 (4.82-8) unstable; urgency=medium * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against GnuTLS v3. -- Andreas Metzler Sat, 12 Apr 2014 16:19:05 +0200 exim4 (4.82-7) unstable; urgency=high [ Martin Pitt ] * debian/tests/control: Add missing python test dependency, as debian/tests/security calls python. Closes: #740092 [ Andreas Metzler ] * 4.82 deprecated $tls_bits, $tls_certificate_verified, $tls_cipher, $tls_peerdn, $tls_sni and introduced tls_in_*/tls_out_* variants of these variables which describe the respective status of the current incoming or outgoing TLS connection. The rationale for this is that a single exim process can now use both an incoming (message reception) and outgoing TLS connection (callout or cutthrough delivery) concurrently. With this change the "old" variables were mapped to tls_in_*, i.e. they expand to empty values on outgoing connections. (This is not yet documented.) Outgoing tls-connections can therefore not be detected by nonempty $tls_cipher anymore. exim4-config << 4.82 used this mechanism to prevent sending of plaintext AUTH information on unencrypted connections. Force a lockstep upgrade of exim4-config by bumping the version of exim4-base's dependency on exim4-config to >= 4.82. Closes: #742901, #736081 -- Andreas Metzler Sun, 06 Apr 2014 08:32:11 +0200 exim4 (4.82-6) experimental; urgency=medium [ Martin Pitt ] * debian/tests/control: Add missing python test dependency, as debian/tests/security calls python. Closes: #740092 [ Andreas Metzler ] * Now that GMP has been relicensed to LGPLv3+/GPLv2+ build exim against GnuTLS v3. -- Andreas Metzler Sat, 05 Apr 2014 14:18:11 +0200 exim4 (4.82-5) unstable; urgency=medium * Upgrade to libdb5.3-dev. Closes: #738637 Be paranoid and bump BDBVERSION in exim4-base.postinst from 3.0 (no idea why this did not read 5.1) to 5.3, therefore purging hints db on upgrades. -- Andreas Metzler Wed, 12 Feb 2014 19:31:55 +0100 exim4 (4.82-4) unstable; urgency=medium * Correct title/name of exim4-config_files(5). (Thanks, Heiko Schlittermann) Closes: #734212 * 80_fix_ftbfs_hurd.diff by Samuel Thibault fixes FTBFS on GNU/hurd due to missing support for TCLASS. Closes: #738445 * Add debian/upstream-signing-key.pgp (listed in debian/source/include-binaries) and update watchfile to check upstream signature. -- Andreas Metzler Sun, 09 Feb 2014 19:41:34 +0100 exim4 (4.82-3) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Wed, 27 Nov 2013 19:51:26 +0100 exim4 (4.82-2) experimental; urgency=low * Pull two post-release fixes from upstream git master: + 75_unbind-ldap-connection.diff - Only unbind ldap connection if bind succeeded. + 77_close-the-server-side-of-TLS.diff - Correctly close the server side of TLS when forking for delivery. * Pull 76_fix_ldap_option_setting.diff from Todd Lyons testing tree. See . -- Andreas Metzler Sat, 09 Nov 2013 17:24:59 +0100 exim4 (4.82-1) experimental; urgency=low * New upstream stable release. * Drop exim4-config_files.5 symlinks for local_host_whitelist and local_sender_whitelist, add symlinks for host_local_deny_exceptions and sender_local_deny_exceptions instead. Closes: #661365 -- Andreas Metzler Sat, 09 Nov 2013 11:52:58 +0100 exim4 (4.82~rc5-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Sat, 26 Oct 2013 08:50:58 +0200 exim4 (4.82~rc3-1) experimental; urgency=low * New upstream version. + TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall. + TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a hostname or reverse DNS when processing a host list. Used suggestions from multiple comments on this bug. + TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. * Add macros for sending a client certificate on outgoing TLS connections. (REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY, REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY) Closes: #677826 -- Andreas Metzler Sat, 12 Oct 2013 09:30:28 +0200 exim4 (4.82~rc2-1) experimental; urgency=low * exim-gencert: Generate 2048bit key by default. LP: #1200581 * New upstream version. + Drop 80_addmanuallybuiltdocs.diff -- Andreas Metzler Thu, 03 Oct 2013 19:24:59 +0200 exim4 (4.82~rc1-1) experimental; urgency=low * New upstream version. + TL/02 Add +smtp_confirmation as a default logging option. Closes: #649600 + JH/05 Permit multiple router/transport headers_add/remove lines. Closes: #276126 + See /usr/share/doc/exim4-base/NewStuff.gz for other newly added features. * Upload to experimental. * Drop unnecessary patches (30_dontoverridecflags.dpatch 75_openssl_sni.diff 76_tls_dh_min_bits.diff 77_docsfortls_dh_min_bits.diff 78_pkcs11_init.diff 84_CVE-2012-5671.patch 85_server_set_id_SPA.diff 86_Dovecot-robustness.diff 87_localinjected_mimeacl.diff), unfuzz patches. * Applying upstream's default configuration updates to Debian configuration change 30_exim4-config_examples to use tls_in_cipher/tls_out_cipher instead of tls_out_cipher. - exim4-config therefore Breaks exim daemon << 4.82~rc1. * 80_addmanuallybuiltdocs.diff: Upstream rc tarball ships empty filter.txt and spec.txt, replace these with correct handbuilt versions. -- Andreas Metzler Sun, 29 Sep 2013 14:43:25 +0200 exim4 (4.80-9) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Sat, 14 Sep 2013 08:05:18 +0200 exim4 (4.80-8) experimental; urgency=low * Import updated watchfile by Bart Martens. (Handles more compression types and x.y.revision versioning.) * In initscript invoke pidofproc with a pathname argument as it is documented in LSB and required by lsb-base (>= 4.1+Debian9). Closes: #693696, #718871 * Improve exim4-config_files.5 and README.Debian - Warn about unresolvable items in host lists. Closes: #627988 * Drop support for "/etc/init.d/exim4 what". It offers zero benefit to invoking exiwhat directly and throws an error mesage, too. (Thanks Regid Ichira for the diagnosis.) Closes: #643720 * Set "host_find_failed = ignore" (instead of defer) on smarthost and hub_user_smarthost router. Now if one (of the possibly multiple) listed smarthosts is not resolvable (NXDOMAIN) ignores it and and tries the next listed one. If all listed hosts are unresolvable the mail is still defered, since host_all_ignored is set to defer by default. Therefore the behavior does not change for single-smarthost systems. Closes: #658878 * Remove obsolete conffile /etc/cron.monthly/exim4-base which was only shipped in 4.69-3. Closes: #689334 * Update exim_db.8, syncing against spec.txt from exim 4.80. * 87_localinjected_mimeacl.diff from upstream GIT. When injecting a message locally in non-SMTP mode, and with MIME ACLs configured, if the ACL rejected the message, Exim would try to `fprintf(NULL, "%s", the_message)`. This fixes that. * [lintian] Escape some dashes in exim4-config_files.5. * Point vcs-* to anonscm. * Remove pidfile after stopping the daemon, exim does not remove it itself. Closes: #702988 * eu.po: Fix last reference to /usr/share/doc/exim4-base/README.Debian (without either .html or .gz suffix). Closes: #394975 * Merge autopkgtests from Ubuntu (Thanks Yolanda Robla for the pointer) Closes: #710018 + tests/CVE-2010-4344.py is GPLv2 - Add license header. + tests/daemon and tests/security do not use bashisms, change shebang to /bin/sh. * Upload to experimental, due to perl transition. -- Andreas Metzler Sun, 01 Sep 2013 15:58:49 +0200 exim4 (4.80-7) unstable; urgency=low * Use exim's ${quote:xxx} operator when invoking spfquery to disallow bypassing of SPF validation by using special mailbox names. (Thanks to Lekensteyn for diagnosis and testing.) Closes: #697057 -- Andreas Metzler Wed, 02 Jan 2013 19:37:21 +0100 exim4 (4.80-6) unstable; urgency=low * Cherrypick two changes from GIT: + 85_server_set_id_SPA.diff: server_set_id was not stored in $authenticated_id when using SPA authentication. http://article.gmane.org/gmane.mail.exim.user/92181 + 86_Dovecot-robustness.diff: robustness fixes for the Dovecot authenticator. -- Andreas Metzler Wed, 21 Nov 2012 19:08:53 +0100 exim4 (4.80-5.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * CVE-2012-5671: Fix heap-based buffer overflow in DKIM handling. -- Nico Golde Thu, 25 Oct 2012 20:11:11 +0200 exim4 (4.80-5) unstable; urgency=low * Fix grammar error in debian/manpages/exim4-config_files.5. (Thanks, Regid Ichira) * Fix hardening support. (Thanks, Simon Ruderich) + Append $(CPPFLAGS) to CFLAGS, the exim buildsystem does not use it. + Set LFLAGS += $(LDFLAGS) in debian/rules. Closes: #687645 * Correct typo in Russian debconf translation. (Thanks, Krasu) Closes: #683385 * Point Vcs-* to git repository. -- Andreas Metzler Sun, 23 Sep 2012 12:20:16 +0200 exim4 (4.80-4) unstable; urgency=low * Disable autoloading of PKCS#11 modules. Closes: #678238 -- Andreas Metzler Sat, 23 Jun 2012 18:35:03 +0200 exim4 (4.80-3) unstable; urgency=low * Pull 75_openssl_sni.diff from upstream. - Segfault caused by NULL dereference if Exim is built using OpenSSL, tls_sni is used and a forced expansion failure is configured. * Pull 76_tls_dh_min_bits.diff (and the corresponding doc change 77_docsfortls_dh_min_bits.diff) from upstream. Adds a new SMTP transport option tls_dh_min_bits for setting the minimal size of DH parameters. * Add macro TLS_DH_MIN_BITS for setting the tls_dh_min_bits smtp transport option. Closes: #676563 * [lintian] Stop shipping empty directory /usr/share/exim4 in exim4-base. -- Andreas Metzler Fri, 08 Jun 2012 12:37:05 +0200 exim4 (4.80-2) unstable; urgency=low * [Brown paper bag] actually target unstable in changelog. -- Andreas Metzler Sun, 03 Jun 2012 17:24:05 +0200 exim4 (4.80-1) experimental; urgency=low * New upstream version, identical to rc7. * Add a missing piece of documentation to update-exim4.conf.8. DCreadhost is not only used for rewriting, in satellite setup it is also the host where local mail is delivered to. (Thanks, Regid Ichira). Closes: #675712 -- Andreas Metzler Sun, 03 Jun 2012 16:49:51 +0200 exim4 (4.80~rc7-1) experimental; urgency=low * New upstream version. * Let debian/EDITME.openssl.exim4-light.diff apply again. -- Andreas Metzler Tue, 29 May 2012 19:33:07 +0200 exim4 (4.80~rc6-1) experimental; urgency=low * Ship newly available GnuTLS-FAQ.txt in exim4-base. * Upstream's handling of GnuTLS DH parameters has changed, hardcoded parameters (from RFCs are used by default. See /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl and /var/spool/exim4/gnutls-params-2236. -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 exim4 (4.80~rc5-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Thu, 24 May 2012 20:20:24 +0200 exim4 (4.80~rc4-1) experimental; urgency=low * New upstream version. + Unfuzz 50_localscan_dlopen.dpatch + Drop 80_revert_stringformatprintf.diff, superseded upstream. + Default DH param size switched to 2236 for NSS compat. Update generation script and shipped parameters. -- Andreas Metzler Mon, 21 May 2012 20:00:18 +0200 exim4 (4.80~rc2-1) experimental; urgency=low * Fix typo in retry/30_exim4-config (s/frequenzy/frequency/) (Thanks, Regid Ichira). Closes: #646338 * dpkg-buildflags supersedes hardening-wrapper. set DEB_BUILD_MAINT_OPTIONS := hardening=+bindnow,+pie to use features enabled by hardening-wrapper by default. Make sure to always set -Wall. * List mapppings between debconf choices ("mail sent by smarthost; no local mail" et al.) and corresponding values of the DC_eximconfig_configtype macro in update-exim4.conf(8). Closes: #651883 * README.Debian.*: Correct documentation of the lowuid_aliases router. - The macro is named FIRST_USER_ACCOUNT_UID instead of FIRST_USER_UID. (Thanks, Yubao Liu) Closes: #653058 * add more verbose help to /etc/default/exim4. Closes: #653272 * Updated French debconf templates translation. (thanks for proofreading, debian-l10n-french!) Closes: #668475 * Fix typo usualy in update-exim4.conf.8. * Add source lintian override (debian/source/lintian-overrides) for binaries-have-file-conflict exim4-daemon-heavy-dbg exim4-daemon-light-dbg. *-daemon-dbg depends on the respective -daemon, and the daemon-packages conflict with each other. * New upstream version: + Unfuzz patches + Update 66_enlarge-dh-parameters-size.dpatch. This is now a noop if built against gnutls >= 2.12. + Default DH param size is 2432, update generation script and shipped parameters. + Unfuzz/update */EDITME/*. Update debian/example.conf.md5. + 80_revert_stringformatprintf.diff. Do not mark string_format() as PRINTF_FUNCTION(3,4) to allow compilation with -Wformat -Werror=format-security + Sets accept_8bitmime = true by default. Closes: #445013 + Uses GnuTLS priority string for configuration. (See NEWS.Debian) Closes: #624041 -- Andreas Metzler Sun, 20 May 2012 15:57:15 +0200 exim4 (4.77-1) unstable; urgency=low * Fix typo in exim4-config_files.5. (Thanks, Regid Ichira) Closes: #645283 * New upstream stable release. (No major changes compared to rc4) * Upload to unstable. -- Andreas Metzler Sat, 22 Oct 2011 18:00:11 +0200 exim4 (4.77~rc4-1) experimental; urgency=low * New upstream release candidate. + drop patches included in this release. (80_gnutls_certificate_verify_peers2.diff 80_gnutls_initrc.diff 80_TLS1.2-and-TLS1.1-support.diff) + New expansion conditions, "inlist", "inlisti". + Exim no longer performs string expansion on the second string of the match_* expansion conditions: "match_address", "match_domain", "match_ip" & "match_local_part". Named lists can still be used. The previous behavior made it too easy to create (remotely) vulnerable configurations. A more detailed rationale and explanation can be found on https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html + doc/pcrepattern.txt is not shipped anymore as part of the exim tarball (and therefore the Debian package suite.) * Make use of /usr/share/dpkg/buildflags.mk if available. * Change build system to build each binary variant in a separate copy of the source tree instead of re-using the copy and moving away the results after build. The old approach stopped working since upstream added a dependency on make all to make install. - As we were changing parts of tree (Local/Makefile) after the build this caused an (incorrect) rebuild on make install. -- Andreas Metzler Sat, 08 Oct 2011 13:07:35 +0200 exim4 (4.76-4) experimental; urgency=low * 80_TLS1.2-and-TLS1.1-support.diff (pulled from upstream GIT gnutls_fixes branch): Enable TLS1.2 and TLS1.1 * 80_gnutls_certificate_verify_peers2.diff, 80_gnutls_initrc.diff (pulled from upstream GIT gnutls_fixes branch): Use gnutls_certificate_verify_peers2() instead of gnutls_certificate_verify_peers(). The deprecated function was dropped in GnuTLS 3.x. Closes: #624082 -- Andreas Metzler Sat, 24 Sep 2011 18:36:08 +0200 exim4 (4.76-3) unstable; urgency=low * [exim4-base.cron.daily] Correct invocation of mail(1), options need to be specified before arguments for compatibility with heirloom-mailx (Thanks, Andreas Schiweck). Closes: #629314 * [exim4-base.exim4.init] Use echo instead of log_failure_msg for the panic log warning. Closes: #629610 * [exim4-base.postinst] Also take care of ratelimit db on bdbd upgrades. Closes: #630985 * Update Debian exim webpage URL. Closes: #641126 * Do not run upgrade test for 4.67-5 on exim4.conf.template if split config is used and vice versa. Closes: #577633 * [lintian] Do not specify priority in binary package stanzas, unless it deviates from the source package priority setting. * [lintian] Drop unused lintian override binary-without-manpage usr/sbin/exim. * [lintian] Improve on short descriptions of *-dbg packages. -- Andreas Metzler Sun, 18 Sep 2011 11:49:13 +0200 exim4 (4.76-2) unstable; urgency=low * debian/rules: Remove test/ and test-stamp on clean. * Handle BerkeleyDB upgrades more gracefully. Instead of checking Debian version numbers compare DB-version of old exim (stored by postinst in /var/lib/exim4/berkeleydbvers.txt) with currently used DB-version (hardcoded at build time in exim4-base.postinst). * [exim4-base.postinst exim4-config.postinst] Do away with unnecessary chowns by dropping them or limiting to upgrades from 4.30. -- Andreas Metzler Sun, 29 May 2011 18:21:03 +0200 exim4 (4.76-1) unstable; urgency=low * New upstream version. * Drop 80_match_isinlist.diff (included upstream). -- Andreas Metzler Mon, 09 May 2011 19:12:09 +0200 exim4 (4.76~RC1-3) experimental; urgency=low * 80_match_isinlist.diff pulled from upstream git. -- Andreas Metzler Sun, 08 May 2011 14:44:20 +0200 exim4 (4.76~RC1-2) experimental; urgency=low * Fix testsuite error. * Disable verification of DKIM signatures if DC_minimaldns or the (newly added) DISABLE_DKIM_VERIFY macro are set. Closes: #609764 * [lintian] Drop useless comments from debian/watch. -- Andreas Metzler Sun, 08 May 2011 08:58:24 +0200 exim4 (4.76~RC1-1) experimental; urgency=low * New upstream version. * Drop superfluous patches. 80_ldap_require_cert-work.diff 81_negatebool.diff 82_dkimpercent.diff * [Lintian] Fix grammar error in manpage (spelling-error-in-manpage update-exim4defaults.8.gz allows to allows one to). * [debian/minimaltest]: Added. Try to run a minimal functionality test after building exim. (Currently only supported if the build-system has a Debian-exim user.) -- Andreas Metzler Fri, 06 May 2011 20:27:56 +0200 exim4 (4.75-3) unstable; urgency=high * [debian/rules] Fix dependencies and targets, speeding up package build. Previously everything was compiled twice. * Patches pulled from upstream git: +81_negatebool.diff Negating the $bool expansion condition did not work. +82_dkimpercent.diff dkim sig logged to paniclog. Closes: #624670 (CVE-2011-1764) -- Andreas Metzler Fri, 06 May 2011 20:08:51 +0200 exim4 (4.75-2) unstable; urgency=low * clamav socket on Debian is clamd:/var/run/clamav/clamd.ctl, fix configuration example accordingly. (Thanks, Roman V. Nikolaev) Closes: #622111 * Use on libdb5.1-dev (instead of 4.8), zap hints db on upgrade from <= 4.75-1. Closes: #621388 * Enable hardening options. (Last difference to Ubuntu except for not being the default-mta there.) Closes: #542726 -- Andreas Metzler Sat, 16 Apr 2011 14:45:36 +0200 exim4 (4.75-1) unstable; urgency=low * New upstream version. * 80_ldap_require_cert-work.diff Pulled from upstream git. The new ldap_require_cert option would segfault if used. -- Andreas Metzler Mon, 28 Mar 2011 19:24:55 +0200 exim4 (4.75~rc3-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Thu, 03 Mar 2011 19:10:06 +0100 exim4 (4.75~rc2-1) experimental; urgency=low * New upstream version. + Fixes exiqgrep "Line mismatch" error on messages without size info. Closes: #528625 + Restore default SIGPIPE handler for child_open_uid. Closes: #573779 * Enable verbose compilation. -- Andreas Metzler Sun, 27 Feb 2011 11:59:45 +0100 exim4 (4.74-2) unstable; urgency=low * Upload to unstable. -- Andreas Metzler Thu, 24 Feb 2011 19:02:07 +0100 exim4 (4.74-1) experimental; urgency=low * 4.74 release, should build on hurd again. * Fix some lintian --pedantic issues: copyright-refers-to-symlink-license maintainer-script-without-set-e debian-control-has-unusual-field-spacing -- Andreas Metzler Sat, 29 Jan 2011 15:39:51 +0100 exim4 (4.74~rc2-1) experimental; urgency=low * In spf example use spf-tools-perl's spfquery instead of the one from libmail-spf-query-perl. Do not try to use unimplemented best-guess support. Update Suggests accordingly. Closes: #608336 * Add headers in ACL by using the add_header modifier instead of "message". (This modifier has been available since 4.61.) Closes: #609308 * New upstream version. + includes the fix for CVE-2011-0017 + If a non-debug daemon was invoked with a non-whitelisted macro, then logs from after attempting delivery would be silently lost, including for successful delivery. This log-loss bug was introduced in 4.73 as part of the security lockdown. Closes: #610611 + Update some patches. -- Andreas Metzler Sun, 23 Jan 2011 14:02:36 +0100 exim4 (4.73~rc1-1) experimental; urgency=low * New upstream release candidate. * Drop included patches. 80_4.73rc1_*, 40_dkimnotinpaniclog.diff. * Update 31_eximmanpage.dpatch. * exim4 now uses INSTREAM (added in clamav 0.95) instead of STREAM when talking to clamav. exim4-daemon-heavy therefore Breaks: clamav-daemon (<< 0.95). * Unfuzz EDITME*diff. * Dependency changes: + Drop exim4-config's conflicts with bash (<< 2.05). This was relevant pre-sarge. + Drop exim4-daemon-* dependency on exim4-base (>> 4.71-2). This one is superfluous because of of the dependency on exim4-base (>= ${Upstream-Version}). + exim4-config breaks instead of conflicts with pre-DKIM (i.e. << 4.69.1) exim4-daemon. + exim4-base breaks instead of conflicts with <<${Upstream-Version} daemon packages. * Add Vcs-Svn and Vcs-Browser fields to debian/control. * Build depend on libmysqlclient-dev | libmysqlclient15-dev instead of libmysqlclient15-dev. libmysqlclient-dev is not a virtual package anymore. Closes: #590218 * Use db_settitle unconditionally, even etch supports this. Drop unneeded lintian override exim4-config: settitle-requires-versioned-depends. -- Andreas Metzler Mon, 27 Dec 2010 19:48:19 +0100 exim4 (4.72-6) unstable; urgency=high * 80_4.74_filtertesting.diff: Do not abort when setgid fails if privileges were dropped. This fixes a regression from 4.72-2, it was not possible to test filter files with exim4 -bf anymore. Closes: #611572 -- Andreas Metzler Mon, 31 Jan 2011 19:05:48 +0100 exim4 (4.72-5) unstable; urgency=medium * 80_4.74_deliverylogging.patch (Pulled from upstream git): If a non-debug daemon was invoked with a non-whitelisted macro, then logs from after attempting delivery would be silently lost, including for successful delivery. This log-loss bug was introduced as part of the security lockdown for fixing CVE-2010-4345. Closes: #610611 -- Andreas Metzler Sat, 29 Jan 2011 14:33:36 +0100 exim4 (4.72-4) unstable; urgency=medium * In spf example use spf-tools-perl's spfquery instead of the one from libmail-spf-query-perl. Do not try to use unimplemented best-guess support. Update Suggests accordingly. Closes: #608336 * 80_4.74_CVE-2011-0017.patch (Pulled from upstream git): Check return values of setgid/setuid. This is a privilege escalation vulnerability whereby the Exim run-time user can cause root to append content of the attacker's choosing to arbitrary files. -- Andreas Metzler Sat, 22 Jan 2011 17:48:19 +0100 exim4 (4.72-3) unstable; urgency=low * [README.Debian*] Correct command for manual paniclog rotation. (Thanks, Jörg Sommer) Closes: #602188 * 67_unnecessaryCopt.diff: Do not use exim's -C option in utility scripts. This would not work with ALT_CONFIG_PREFIX. * Pull changes related to fixing CVE-2010-4345 from exim 4.73 rc1. Closes: #606527 + 1_cfile_norw_eximuid: Don't allow a configure file which is writeable by the Exim user or group. + 2_permcheck_configurefile: Check configure file permissions even for non-default files if still privileged. + 3_remove_ALT_CONFIG_ROOT_ONLY: Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true. + 4_FD_CLOEXEC: Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure that rogue child processes cannot use them. + 5_TRUSTED_CONFIG_LIST: Add TRUSTED_CONFIG_LIST compile option. + 6_nonroot_system_filter_user: If the system filter needs to be run as root, let that be explicitly configured. The default is now the Exim run-time user. + 7_filter_D_option: Add a (compiletime) whitelist of acceptable values for the -D option. + 8_updatedocumentation: Update documentation to reflect the changes. * Build with WHITELIST_D_MACROS=OUTGOING. Post patch 7_filter_D_option exim will not regain root privileges (usually necessary for local delivery) if the -D option was used. Macro identifiers listed in WHITELIST_D_MACROS are exempted from this restriction. mailscanner (4.79.11-2.2) uses -DOUTGOING. * Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. Post patch 3_remove_ALT_CONFIG_ROOT_ONLY exim will not re-gain root privileges (usually necessary for local delivery) if the -C option was used. This makes it impossible to start a fully functional damon with an alternate configuration file. /etc/exim4/trusted_configs (can) contain a list of filenames (one per line, full path given) to which this restriction does not apply. -- Andreas Metzler Sun, 26 Dec 2010 15:13:08 +0100 exim4 (4.72-2) unstable; urgency=low [ Marc Haber ] * Apply patch to russian (ru) debconf template, thanks to Тим Алексеевский and Tim Alexeevsky. Closes: #576202 * fix exim4-config_files man page, mention {host|sender}_local_deny_exceptions instead of local_{host|sender}_whitelist. Thanks to Fabien André in #578176 * add !acl = acl_local_deny_exceptions to defer stanzas in SPF code. Thanks to Fabien André. Closes: #578176 * Re-work config.autogenerated header to more exactly reflect configuration source. (mh) Closes: #593984 [ Andreas Metzler ] * Fix getopt invocation to make update-exim4.conf.template -o work. (Thank you Matthew W. S. Bell) Closes: #590333 * 40_dkimnotinpaniclog.diff pulled from upstream git. Stop logging non-critical DKIM errors in paniclog. Closes: #567876 * Debconf translations: - Danish. Closes: #592792 -- Andreas Metzler Sat, 30 Oct 2010 13:38:26 +0200 exim4 (4.72-1) unstable; urgency=low * New upstream release. (Identical to the git snapshot previously uploaded to experimental.) -- Andreas Metzler Thu, 03 Jun 2010 17:42:52 +0200 exim4 (4.72~20100529-1) experimental; urgency=low * Git snapshot 20100529. + Fix documentation for exipick -bpra. #574778 + CVE-2010-2024: Protect against symlink attacks on MBX lockfile in /tmp. (Debian's default configuration does not use MBX format, but the exim4-daemon-heavy binary supports MBX.) + CVE-2010-2023 Prevent hardlink attack on mbox sticky mail directory. (Probably not relevant for Debian systems at all, since the mail spool is 2775 root:mail.) + Dovecot authenticator ignores unknown keywords, making it compatible with version 1.1 of Dovecot authentication protocol. (= dovecot 2.0). See Changelog for complete list. * Drop patches included upstream: 36_typoinexipick.diff 20_PDKIM-Upgrade-PolarSSL.diff. -- Andreas Metzler Sun, 30 May 2010 14:01:52 +0200 exim4 (4.71-4) unstable; urgency=low * Drop unneeded lintian overrides. + description-contains-homepage + debian/source.lintian-overrides dbg-package-missing-depends exim4-dbg. + partially-translated-question + maintainer-script-needs-depends-on-update-inetd + possible-bashism-in-maintainer-script + binary-without-manpage + possible-debconf-note-abuse + changelog-not-compressed-with-max-compression * Lintian informational hints: + hyphen-used-as-minus-sign. debian/manpages/exim4-config_files.5 debian/manpages/update-exim4.conf.8 debian/manpages/exiwhat.8 * Use dh_lintian. * Fix sourcing of lsb-functions in init-script. Test for existence of /usr/lib/exim4/exim4 first. Unconditionally read /lib/lsb/init-functions. If they are not present the package's dependencies are not installed. Bump dependency on lsb-base to 3.0-6. (log_action_*) * Update reference to spec.txt in README.Debian. Closes: #568051 * Invoke spfquery as spfquery.mail-spf-query-perl. There are three different implementations of spfquery in Debian, with incompatible commandline switches and different exit codes. Closes: #573956 -- Andreas Metzler Thu, 25 Mar 2010 17:34:30 +0100 exim4 (4.71-3) unstable; urgency=low * exim4-base.cron.daily: Do not run exim_tidydb on Berkeley DB logfiles. Closes: #501892 * exim4-base.postinst: If exim_dumpdb fails to read a hints-db also remove Berkeley DB logfiles. * Switch to Berkeley DB 4.8 (from 4.6). Zap hints db on upgrade. Temporarily make -daemon packages depend on exim4-base >> 4.71-2. (This can be removed after the next upstream release.) Closes: #548479 * control: Drop bzip2 from Build-Depends. Use line-wrapping for Build-Depends. * 36_typoinexipick.diff: Fix a typo in exipick manpage. (Lintian). * exim4-base.postinst: Redirect status message to stderr. -- Andreas Metzler Fri, 01 Jan 2010 13:41:44 +0100 exim4 (4.71-2) unstable; urgency=low * Pulled from upstream: 20_PDKIM-Upgrade-PolarSSL.diff. Update files copied from PolarSSL to 0.12.1. * Add example file to set smarthost from /etc/network/interfaces (mh) * Add DKIM_* macros on remote smtp transports for setting the corresponding dkim_* options. * Upload to unstable. -- Andreas Metzler Sat, 12 Dec 2009 13:24:21 +0100 exim4 (4.71-1) experimental; urgency=low * New upstream version. + Drop patches included upstream. 51_dkimrelatedcrash.diff 51_noreject_unsigned.diff. -- Andreas Metzler Sat, 28 Nov 2009 12:03:50 +0100 exim4 (4.70-2) experimental; urgency=low * 51_noreject_unsigned.diff Fix a dkim related expansion error that appears when the expanded value of dkim_verify_signers winds up empty and acl_smtp_dkim is defined. (This has the effect of rejecting any mail without DKIM signature.) * Work around 490937 by removing CHANGES. -- Andreas Metzler Sat, 21 Nov 2009 10:15:41 +0100 exim4 (4.70-1) experimental; urgency=low * Point watchfile to ftp.exim.org. * Use dpkg-source v3 instead of dpatch, simplifying debian/rules a little bit. * New upstream version. + Pull 51_dkimrelatedcrash.diff fixing a segfault only applying to the 4.7x series. http://bugs.exim.org/show_bug.cgi?id=912 * debhelper v7 mode. + Use -XCHANGES to Keep dh_installchangelogs v7 from insisting to install ./CHANGES as upstream changelog. + Bump build-dependency. + Use dh_prep instead of dh_clean -k. -- Andreas Metzler Sun, 15 Nov 2009 13:10:32 +0100 exim4 (4.70~rc4-1) experimental; urgency=low * New upstream version. -- Andreas Metzler Wed, 11 Nov 2009 19:04:35 +0100 exim4 (4.70~cvs+20091030-1) experimental; urgency=low * New upstream snapshot. -- Andreas Metzler Sat, 31 Oct 2009 10:08:55 +0100 exim4 (4.70~cvs+20091026-1) experimental; urgency=low * New snapshot. + Fixes segfault in dovecot authenticator. Closes: #551106 + Improved documentation regarding certifacte verification on outgoing SMTP connections. Closes: #544472 * Drop 40_boolean_redefine_protect.dpatch - included upstream. * Drop unapplied superfluous patches from diff: 36_pcre 37_exiwhatpsmisc. -- Andreas Metzler Mon, 26 Oct 2009 16:09:32 +0100 exim4 (4.70~cvs+20091017-1) experimental; urgency=low * Fix syntax errors in README.Debian.xml. (Thank's, Daniel Leidert) * New upstream cvs snapshot. + Drop unnecessary patches: 36_pcre 37_exiwhatpsmisc. + Close dovecot socket after wrong password was given. Closes: #515503 + Standalone DKIM support. Obsoletes and therefore Closes: #486437,#459883 * Drop upstream URL from package descriptions. Closes: #471425 * [patches/00_unpack.dpatch] Drop workaround for tar 1.14, even oldstable has 1.16. Closes: #486436. * Do not set 'tls_try_verify_hosts = *' by default anymore. Some clients (e.g Outlook) will terminate the SSL connection when the server presents the long list of accepted TLS certificates after STARTTLS. If TLS certificate validation of clients is needed you'll need to set MAIN_TLS_TRY_VERIFY_HOSTS again and point MAIN_TLS_VERIFY_CERTIFICATES to a file containing only the accepted certificates. Closes: #515999, #316522, #482012 * Add debian/README.source. (Policy 3.8.3) * Fix typo in update-exim4.conf.8. Thanks to Calum Mackay. Closes: #543354 * Listen on IPv6 loopback interface by default. (Only applies to fresh installations.) Closes: #544292 * upstream default configure file explicitly disables dkim in some instances. Merge into Debian config and update debian/example.conf.md5. Bump Conflicts of exim4-config package. -- Andreas Metzler Sat, 17 Oct 2009 14:26:54 +0200 exim4 (4.69-11) unstable; urgency=medium * Build-Depend on lynx-cur|lynx instead of lynx. (lynx is just a dummy package currently, and due its strict dependencies uninstallable until the most recent version of lynx-cur has been built.) * Work around sed's improved unicode support, not accepting latin1 characters as pattern delimiters in UTF-8 locales anymore. Closes: #527445 + [update-exim4.conf] Go for / as separator instead. - This might have served a purpose in earlier releases with free-form replacements but is just overcomplicated now. + [update-exim4defaults]: The tricky bits for exim options are the ones that take a filename as argument (e.g. -C and -oX) or -D for overriding macros. Use LC_CTYPE=C. + [exim4-config.config] The sed commands deals with (lists of) hostnames and IP(v6) addresses and nets. Use LC_CTYPE=C. -- Andreas Metzler Sun, 10 May 2009 10:15:34 +0200 exim4 (4.69-10) unstable; urgency=low [ Andreas Metzler ] * Use macro CONFDIR in lowuid_aliases router, too. Closes: #507124 * Disable shell filename expansion in update-exim4.conf using set -f. Closes: #515668 * Stop using set -u in update-exim4.conf. With version 4.0 bash changed its behavior to throw an error on expansion of $* or $@ with set -u if no positional parameters were given. Working around this is obnoxious and harms readability, imho doing away with set -u's benefits. Closes: #518752 * Allow setting outgoing smtp helo/ehlo by setting REMOTE_SMTP_HELO_DATA macro directly. Previously this was just supposed to be used as a helper macro for REMOTE_SMTP_HELO_FROM_DNS. REMOTE_SMTP_HELO_FROM_DNS overrides a manual REMOTE_SMTP_HELO_DATA data setting. Closes: #514113 * [README.Debian] Bring documentation for Diffie-Hellman parameters up to current practice, mainly by deleting most of the outdated docs. Closes: #508749 * [exim4 init-script]. Modify check for smtp inetd entry to use an anchored pattern, matching "smtp" but not "smtp-foo". Closes: #516146 * exim4-daemon-light now Provides: default-mta. See #508644. * Ship both transport-filter.pl and ratelimit.pl in /usr/share/doc/exim4-base/examples. Closes: #518836 * [lintian] Add ${misc:Depends} to all Depends. * [lintian] Add override for dbg-package-missing-depends exim4-dbg. * Sync debian/control with override file by moving *-dbg to section debug. * Fix grammar error in update-exim4.conf.8. (Thank's, Gerfried Fuchs) Closes: #525248 [ Christian Perrier ] * Debconf translations: - Asturian. Closes: #511624 - Belarusian. Closes: #516049 - Kazakh added. Closes: #520996 - Slovak. Closes: #523447 - Bengali added. -- Andreas Metzler Sat, 02 May 2009 09:05:56 +0200 exim4 (4.69-9) unstable; urgency=medium * [update-exim4.conf]: Use POSIX character classes [:alnum:] or explicit listing ("ABCDEF..") instead of a-z, since the latter does not work as expected in some locales. Closes: #500691 -- Andreas Metzler Tue, 30 Sep 2008 20:12:27 +0200 exim4 (4.69-8) unstable; urgency=low [ Andreas Metzler ] * Quote last n lines (configurable by changing the value of E4BCD_PANICLOG_LINES, defaults to 10) of paniclog in warning email sent out on non-empty paniclog. Closes: #499492 * Fix evaluation logic of E4BCD_WATCH_PANICLOG for sending out warning e-mails about non-empty paniclog in daily cron-job to match documentation: + yes: Send daily warning e-mails, do not touch panniclog. + once: Send out the mail and rotate paniclog afterwards. + no: Do nothing. (Logfile is rotated when its size reaches 10 MB.) (Previously the interpretations of "once" and yes were mixed up.) [ Debconf translations ] * Catalan. Closes: #499299 -- Andreas Metzler Sun, 28 Sep 2008 12:01:39 +0200 exim4 (4.69-7) unstable; urgency=low [ Andreas Metzler ] * Sync from ubuntu: Refer to spec.txt.gz instead of spec.txt in README.Debian.xml. [ Debconf translations ] * Korean. Closes: #491518 * Lithuanian. Closes: #497402 * Greek. Closes: #498466 * Esperanto. Closes: #498796 -- Andreas Metzler Tue, 16 Sep 2008 19:14:08 +0200 exim4 (4.69-6) unstable; urgency=high [ Debconf translations ] * Malayalam. Closes: #479466 * Albanian. Closes: #480282 * Polish. Closes: #481638 * Vietnamese. Closes: #482641 * Turkish. Closes: #482714 * Brazilian Portuguese. Closes: #485384 * Finnish. Closes: #489171 [ Marc Haber ] * Have timeout.pl print a meaningful error message if perl-modules is not installed. Have exim4-base recommend perl-modules. Thanks to Tom Schouten. Closes: #482319 * Create gnutls-params with mode 644 in the first place. Thanks to Jean-Luc Coulon. Closes: #481765 * Replace ~/.rnd with $HOME/.rnd in exim_gencerts. Thanks to Ross Boylan for noticing this. * exim4-config.config: send hostname --fqdn stderr to /dev/null, we handle errors properly. Thanks to Andrew Vaughan in #481597. [ Andreas Metzler ] * Fix typos/other errors in README.Debian.xml. Improve formatting. (Thank's Georg Neis and Paul Menzel) Closes: #486105, #486106, #486116 * Revert fancy quoting in initscript. Closes: #486667,#482752 (fixes rc-bugs). * [debian/control README.Debian.xml] Spelling fix ("metapackage" instead of "meta-package"). Thank's lintian -- Andreas Metzler Sat, 19 Jul 2008 19:56:36 +0200 exim4 (4.69-5) unstable; urgency=low * remove chmod/chown code from exim4_refresh_gnutls-params completely * do not remove gnutls-params in exim4-base.postinst -- Marc Haber Mon, 28 Apr 2008 21:46:18 +0200 exim4 (4.69-4) unstable; urgency=low * update-exim4.conf: Fix impossible code path in guessed_name check. Ouch. Thanks to Anand Kumria. Closes: #478066 * Regenerating the 2048 bits DH parameters takes too long for slow systems, disable (both in the monthly cron job and postinst) and document that paranoid people will want to regenerate them manually. -- Marc Haber Sun, 27 Apr 2008 10:06:39 +0200 exim4 (4.69-3) unstable; urgency=low * The "please do not file duplicate bugs" release [ Marc Haber ] * Work around lsb-base regression (#477055, "wontfix") by changing the way we quote exim's arguments in the init script, hoping that this does not sacrifice robustness. Closes: #477194, #477236, #477239, #477258, #477562, #476987 * README.Debian.xml: Fix router/transport pair typo. Thanks to Georg Neis. Closes: #463573 * Have exim4-base Suggest swaks * Relax exim4-dbg dependency on eximon4 to a recommends (see #463929). * 30_exim4-config_check_rcp: Remove mention of /usr/share/doc/exim4- config/default_acl in favor of exim4-config_files(5). Thanks to Jon Dowland. Closes: #464539 * Move paniclog log rotation to /etc/logrotate.d/exim4-paniclog to allow people to manually rotate the paniclog only by calling logrotate -f /etc/logrotate.d/exim4-paniclog. Thanks to Josip Rodin (#396003) for this nice idea. Implement E4BCD_WATCH_PANICLOG=once as suggested by Vasilis Vasaitis. * activate dlfunc. Closes: #471314 * set LC_ALL=C in debian/rules. Thanks to Michael Meskes. Closes: #471486 * Document that Incredimail's TLS "implementation" breaks on a certificate request. Thanks to Andrew McGlashan. Closes: #459323 * Fix parenthesis mismatch in README.Debian * exim4_refresh_gnutls-params: Call openssh dhparam with HOME=$EXIM4_SPOOLDIR so that openssl's .rnd file is placed there. * update-exim4.conf: print a warning if dc_minimaldns and hostname --fqdn does not print a fully qualified name. Thanks to Lothar Ketterer. Closes: #476249 * DH parameters handling: Closes: #475194 * add dpatch to have exim use 2048 bit DH parameters * ship static gnutls-params file with the package. * Override resulting lintian warning. * generate new gnutls-params only monthly and in postinst on configure. * exim4_refresh_gnutls-params: * generate 2048 bit DH parameters * dh-params file can be world readable * Filter out noise from mainlog before handing it off to eximstats in daily cron job. Thanks to Justin Pryzby. Closes: #476541 * Move docs from Apps/Net to Network/Communication * linda R.I.P. [ Robert Millan ] * Process acl_local_deny_exceptions ACL before rejecting a message in SPF check. Thanks to Miklos Szeredi. Closes: #451633 [ Andreas Metzler ] * Fix typos in exinext's man page (/s/eximnext/exinext/). (Thanks, Filipus Klutiero) Closes: #471113 * exiwhat: Check at runtime whether killall is available. Fall back to a combination of 'ps ax' and regular kill otherwise. Closes: #476455 * Fix wrong logic in testing for existence of lsb-base functions in init script. (Thanks, Tim Cross) Closes: #477578 -- Marc Haber Sat, 26 Apr 2008 00:00:30 +0200 exim4 (4.69-2) unstable; urgency=low [ Marc Haber ] * update-exim4.conf: fix bashism echo -n in preprocess_macro. Thanks to Michal Politowski. Closes: #462173 [ Christian Perrier ] * Debconf translations updates: - German. Thanks to Eric Schanze. Closes: #462673 [Andreas Metzler] * Add missing .P to exim_db.8 to fix indenting. (Thanks, David L. Anselmi) Closes: #462712 * Add (disabled) patch to save random seed to a file -- Marc Haber Wed, 30 Jan 2008 09:26:56 +0100 exim4 (4.69-1) unstable; urgency=low [ Marc Haber ] * New upstream version. - improve --help handling. Closes: 438435 * Debconf translations updates: - Dutch. Thanks to Bart Cornelis. Closes: #448924 - Norwegian Bokmål. Thanks to Hans Fredrik Nordhaug. Closes: #452383 - Slovak. Thanks to Peter Mann. Closes: #460502 - Catalan: fix some semicolon issues and most obvious fuzzy strings. Thanks to Jordà Polo. Closes: #447765. * Add support for smtp_accept_max_nonmail_hosts to ease external relay testing. * Make Change to init script dependencies as suggested by Petter Reinholdtsen. Closes: #460229 * debian/control: * Add Homepage field to Source Package stanza. * Standards-Version: 3.7.3 (no changes necessary) * lintian/overrides: - Override all description-contains-homepage messages, we're going to keep this field around until post-lenny. - Override exim4-daemon-heavy: package-contains-empty-directory usr/lib/exim4/local_scan/, the directory should be there to show people where to put local extensions (and I am not sure how exim behaves if that directory is not there). * linda/overrides: - Override menu section Applications, which is a false alert. - Override complaint about newer standards version. - This override does not work due to #386647 * exim4-base.NEWS: fix Debian's typo * exim4-base.dirs: remove usr/bin, we do not ship any files there. * Generate exim macros from every definition found in ue4cc that starts with a capital letter (sans CFILEMODE) to cater for an obviously very common user error. This feature is going to stay undocumented. [ Christian Perrier ] * Debconf translations updates: - Dzongkha. Thanks to Tenzin Dendup. Closes: #455871 - Slovak. Thanks to Peter Mann. Closes: #460502 [ Andreas Metzler ] * Fix typo in acl/20_exim4-config_local_deny_exceptions. (Thanks, Roderick Schertler) Closes: #456343 -- Marc Haber Tue, 22 Jan 2008 09:19:14 +0100 exim4 (4.68-2) unstable; urgency=low [ Marc Haber ] * Fix changelog: lowuid router does not close #420217. Closes: #440217 [ Andreas Metzler ] * Mention /etc/exim4/exim4.conf in FILES section of update-exim4.conf.8. * Fix syntax error in real-local router. Closes: #446346 * Configuring exim as configtype="internet host" asks a different set of questions than e.g. satellite. However some of the settings controlled by these hidden questions still have effects on exim's behavior. Change exim4-config to ask these hidden questions if they have been set to a non-default value. (Either manually, or by switching configtype after setting the values.) Closes: #443210 These questions have been added conditionally: - internet site with smarthost: + dc_relay_domains - satellite + dc_relay_domains + dc_localdelivery -- Marc Haber Thu, 01 Nov 2007 19:17:36 +0100 exim4 (4.68-1) unstable; urgency=low * new upstream version. Closes: #444195 * Documents tls_verify_hosts during TLS sessions. Closes: #422419 * new example.conf md5 sum * Move lowuid router to a later place, handle real- only for locally generated messages. Thanks to Andreas Metzler and others on pkg-exim4-devel. Closes: #440217 * /etc/init.d/exim4: * Use start_daemon and killproc from lsb-base as a new plunge at #396944 * Do not clean the environment as severly as before (functions need to survive). * README.Debian: * Document that using client certificates needs extra configuration. Thanks to John Goerzen. Closes: #440663 * conf.d/main/03_exim4-config_tlsoptions: Make it clear that this file only concerns exim as an SMTP server. * exim4-config.preinst: Add EX4DEBUG facility, add rm_conffile function * Rename acl_whitelist_local_deny to acl_local_deny_exceptions as suggested by Ross Boylan. Closes: #387078. * Switch Build-Depends to db4.6. Closes: #442645 * Debconf translations updates: - Portuguese. Thanks to Miguel Figueiredo. Closes: #441895, #445494 - Norwegian Nynorsk. Thanks to Håvard Korsvoll. * exim4-config.NEWS: Explicitly mention that .dpkg-old and .dpkg-dist files are included in the DEBCONFsomethingDEBCONF check to allow lazy people to only grep the docs instead of actually reading them. This was requested by Hamish Moffatt in #445327. -- Marc Haber Sun, 07 Oct 2007 21:38:22 +0200 exim4 (4.67-8) unstable; urgency=low [ Marc Haber ] * Define REMOTE_SMTP_HELO_DATA and REMOTE_SMTP_HELO_FROM_DNS macros to have exim pull its HELO name from DNS automatically. Thanks to Jari Aalto and Magnus Holmgren. Closes: #275975 * Enable DNSDB in exim4-daemon-light (needed by the HELO magic) * update-exim4.conf: Allow [] in ascii strings (needed for @[]) * Improve domain literal docs * Remove debconf template noalias_regenerate * Fix PRIMARY_HOSTNAME typo in main/02_exim4-config_options. Thanks to Tim Krah. Closes: #434337 * fix alphabet salad in README.Debian. Closes: #434640 * Add E4BCD_DAILY_REPORT_TO to daily cron job. Thanks to Florian Schlichting. Closes: #426840 * Fix /etc/exim paths in exim4-config_files(5). Thanks to Marques Johansson. * Debconf translations updates: - Japanese. Closes: #433070 - Spanish. Thanks to Javier Fernández-Sanguino Peña. Closes: #433084 - Thai. Thanks to Theppitak Karoonboonyanan. Closes: #433177 - Arabic. Thanks to Ossama Khayat. Closes: #433222 - Hebrew. Thanks to Baruch Even. Closes: #433291 - Italian. Closes: #433200 - Galician. Closes: #433218 - Portuguese. Thanks to Miguel Figueiredo. Closes: #433293 - Hungarian. Thanks to Josip Rodin. Closes: #433336 - Punjabi. Thanks to Amanpreet Singh Alam. Closes: #433578 - Marathi. Thanks to Priti Patil. - Wolof. Thanks to M Mamoune Mbacke. Closes: #433701 - Indonesian. Thanks to Arief S Fitrianto. Closes: #433758 - Romanian. Thanks to Eddy Petrisor. Closes: #433854 - Nepali. Thanks to shyam krishna bal. Closes: #435345 - Swedish. Thanks to Daniel Nylander. Closes: #435705 [ Andreas Metzler ] * Update eximon menu file for menu 2.1.35 hierarchy. [ Christian Perrier ] * Fix typo in README.Debian.xml. Thanks to Closes: #434961 -- Marc Haber Sun, 19 Aug 2007 09:25:10 +0200 exim4 (4.67-7) unstable; urgency=low * only generate HIDE_MAILNAME macro if its value is really non-empty -- Marc Haber Sat, 14 Jul 2007 08:47:40 +0200 exim4 (4.67-6) unstable; urgency=low * Add some more debugging output to maintainer scipts, hopefully nailing #396944 which has surfaced again. * Improve wording in NEWS.Debian for exim4-config. Closes: #431019, #431130 * Issue DEBCONFfooDEBCONF warning as well for DEBCONFheaders_rewriteDEBCONF. Thanks to John Goerzen. Closes: #431088 * fix localhost inserted twice into local_domains. Closes: #432394 * fix MAIN_RELAY_TO_DOMAINS in update-exim4.conf. Thanks to Ben Wheeler. Closes: #432521 * Document that special handling is needed for host lists that only consist of a single IPv6 address. Thanks to Frederic Daniel Luc Lehobey. Closes: #432229 * Add forgotten (conditional) definition of REMOTE_SMTP_HEADERS_REWRITE and REMOTE_SMTP_RETURN_PATH for remote_smtp transports. Thanks to Miguel Martins Feitosa Filho. Closes: #432716 * Debconf translations * Bulgarian completed. Closes: #431957, #430521 * Update Tamil. Thanks to Tirumurti Vasudevan. Closes: #432181 * Update Spanish. Thanks to Javier Fernández-Sanguino Peña. Closes: #429940 -- Marc Haber Fri, 13 Jul 2007 22:22:09 +0200 exim4 (4.67-5) unstable; urgency=low * the "verderben viele Koeche den Brei?" release [ Andreas Metzler ] * Point to exim4_passwd(5) instead of non-existing exim_passwd(5) in AUTH section of configuration. (Thanks Arkadiusz Dykiel, #430149) * update-exim4.conf check_ascii_pipe(): Accept < since we use it for list construction. Closes: #430391 * Anchor UPEX4CmacrosUPEX4C in update-exim4.conf [ Robert Millan ] * Update informational message in SPF ACL to use the latest http://www.openspf.org/Why API. [ Debconf translations ] * French completed and converted to UTF-8 * All remaining non UTF-8 translation switched to UTF-8 [ Marc Haber ] * do not quote error message in lowuid router * replace commented UPEX4CmacrosUPEX4C with UPEX4CmacrosUPEX4C exim configuration macro definition as placeholder for ue4c-generated macros. [ Christian Perrier ] * Correct the invalid ${fqdn} variable in exim4-config.templates -- Marc Haber Thu, 28 Jun 2007 09:22:04 +0200 exim4 (4.67-4) unstable; urgency=low * update-exim4.conf: * fix embarrassing typo in update-exim4.conf that broke macro expansion for two values. Thanks to Andrew Chittenden. Closes: #429828 * Allow ! and * in ue4cc. Thanks to Dieter Hametner and Raf D'Halleweyn. Closes: #429986 * have @ and localhost added to local_domains list. Thanks to a big number of people. Closes: #429939 * eliminate -e && chmod construct as a possible cause of #429617. Thanks to Martin Ketzer and Silvestre Zabala * Now barfs if DEBCONFsomethingDEBCONF is still found in the configuration file. Thanks to a truckload of users who were too lazy to read the docs, did not accept the suggested configuration file changes and then complained about a non-working exim ("malformed macro definition") * README.Debian: Document the new low-UID handling mechanism. Thanks to Johannes Rohr. Closes: #429878 * debian/rules: do not ignore make clean errors * Debconf translation updates: - Basque. Closes: #429626 - Czech. - Brazilian Portuguese. Closes: #429867 -- Marc Haber Fri, 22 Jun 2007 13:55:15 +0200 exim4 (4.67-3) unstable; urgency=low [ Andreas Metzler ] * Initialize permissions of bug-script and exim-adduser as 755, since diff does not preserve permissions. Both were shipped as 644 in binary packages not built with svn-buildpackage. Closes: #420446 [ Marc Haber ] * Merge experimental changes from revision 2018:2073 * Fix "Zahlendreher" in closure of #427690. Closes: #427690 * update-exim4.conf: * finally get rid of the DEBCONFfooDEBCONF stuff. That information is now passed to the configuration by ue4c by directly setting exim macros in the configuration. This has caused both the configuration and ue4c to be much shorter. * run with -e, -C and -u. * convert input read from update-exim4.conf.conf to lower case * barf if strange characters are found in ue4cc. Closes: #400294 * Remove superfluous "x$foo" = "xbar" constructs from scripts * Add routers to reject mail to accounts with low UID. Closes: #400790. * Make daily cron job barf if /usr/bin/mail is not found. Have exim4-base recommend mailx. Closes: #427690 * Have all -daemon packages provide exim4-localscanapi-1.0 and exim4-localscanapi-1.1 as requested by Magnus Holmgren while fixing #426425. Also include exim4-localscan-plugin-config script with exim4-dev. Thanks to Magnus for helping with this. Closes: #428274 * remove /etc/exim4/email-addresses symlink and document this. Thanks to Josip Rodin. Closes: #420578 * introduce conf.d/250_exim4-config_lowuid which optionally allows to reject (or alias away) mail to low-uid accounts that are not listed in an exception list. Thanks to Dominic Hargreaves, Marc Sherman and Ross Boylan. Closes: #400790, #307768, #331716 * remove versioned depends on cron, since the version we need is well before sarge. * Add cron | fcron dependency. Fcron is going to be removed again at the first sign of trouble. Closes: #381806 * remove move_exim3_spool debconf template. Closes: #391762 * replace openssl gendh with openssl dhparam. Closes: #413235 * adapt docs, README and manpages * have Hilko fix the lynx-dump postprocessing to repair generating README.Debian text version. Thanks! * increase README.Debian generation robustness. Thanks to Hilko. * debconf: * Partly apply Christian Perrier's patch for reviewed templates and control file. Closes: #426980 * Other minor template changes. * get rid of "mails" in debconf templates, use "messages" instead. Re-word local_interface debconf template. Other minor changes. Thanks to Jens Seidel and Christian Perrrier. Closes: #394976 * re-work exim4-config.config logic to have split/non-split config asked last instead of first. This partly addresses #410756. * Add exim4-daemon-heavy.templates, exim4-daemon-light.templates and exim4.templates to POTFILES.in * Re-Word dc_other_hostnames debconf template. Thanks to Hans G. Ehrbar. Closes: #421860 [ Christian Perrier ] * Debconf translation updates: - French - Ukrainian. Closes: #427793 - Bulgarian. - Thai. - Galician. - Swedish. - Punjabi. - Indonesian. - Italian. - Khmer. - Traditional Chinese. Closes: #428072, #428069. - Portuguese. - Simplified Chinese. - Marathi - Romanian. Closes: #429242 - Russian. Closes: #429352 -- Marc Haber Mon, 18 Jun 2007 10:26:20 +0200 exim4 (4.67-1) unstable; urgency=low [ Marc Haber ] * new upstream version * remove 37_upstream-patch-384015-add_headers * remove 80_disable_rsa_export * remove 80_upstream_408174_4-64-PH18 * EDITME patch changes to allow for 4.67 * enable dovecot authentication * Upstream patch from Magnus Holmgren included upstream. Thanks to Simon Walter. Closes: #407957 * Upstream patch PH/18 included upstream. Thanks to Marc Schiffbauer. Closes: #408174 * merge experimental changes * exim man page patch changes for 4.67 * robustness patches for * create-custom-package * exim-gencert * exim4-base.config * exim4-base.postinst * exim4-config.config * exim4-config.postinst * exim4-daemon-light.postinst * update-exim4defaults * replace backticks with $() notation * Add patch to 50_localscan_dlopen to reduce dynamic symbol table. Thanks to Magnus Holmgren. Closes: #413602 * remove woody compatibility hacks from * exim4-daemon-light.postinst * exim4-config.postinst * Fix eximnext => exinext in man page. * README.Debian: * add warning to "IP addresses for incoming connections" section. * add new chapter about how to influence exim's behavior. * add missing closing bracket. Thanks to Martin Schwarz. Closes: #419700 * update-exim4.conf(8): * clarify update-exim4.conf about how ue4cc and exim configuration interface * remote_smtp_smarthost transport: make hosts_try_auth host list semicolon-separated to correctly handle IPv6 * multiple minor changes to lintian overrides * debian/control: have exim4 depend on debconf (>= 1.4.69) | cdebconf (>= 0.39) explicitly to allow usage of debconf error template type. [ Christian Perrier ] * Esperanto debconf translation update (Serge Leblanc). Closes: #415590 * Marathi debconf translation added (Priti Pathil). Closes: #416801 -- Marc Haber Sat, 21 Apr 2007 11:48:48 +0200 exim4 (4.63-17) unstable; urgency=low * 30_exim4-config_examples: add missing backslash in non-TLS client login authenticator. Thanks to Kai Weber. Closes: #407567 -- Marc Haber Sat, 20 Jan 2007 10:38:16 +0100 exim4 (4.63-16) unstable; urgency=low * Add ta (Tamil) translation of Tirumurti Vasudevan Closes: #406974 * exim4_refresh_gnutls-params: allow EXIM4_SPOOLDIR to be overridden from the environment. Closes: #406989 * Re-work client authenticators to handle passwords containing colons and circumflexes. Thanks to Steaphan Greene. Closes: #406686 * transport/30_exim4-config_remote_smtp_smarthost: feed hosts_try_auth from $host and $host_address, avoiding issues with round-robin DNS setup. Thanks to Celejar and Heiko Schlittermann. Closes: #403583 -- Marc Haber Thu, 18 Jan 2007 21:10:34 +0100 exim4 (4.63-15) unstable; urgency=low * keep config.h from being installed in exim4-base. Thanks to Aaron M. Ucko. Closes: #405824 -- Marc Haber Sat, 6 Jan 2007 22:12:05 +0100 exim4 (4.63-14) unstable; urgency=low * patch LOCAL_SCAN_ABI_VERSION to 1.1 in 50_localscan_dlopen after consulting with Magnus Holmgren. * Fix update-exim4.conf.8 manpage * FILES section is no longer doubled * NAME is no longer multi-line * proper reference to ue4cc in FILES section * Thanks to Angus Mackenzie * debian/rules * allow buildbasepackages and extradaemonpackages to be set from the environment * fix buildbasepackages=no and extradaemonpackages which were broken due to the new -dev binary package * remove "" in various places, this is Make not shell * add optional debugging output for variables that are meant to be set externally * clean now unpatches first, otherwise clean fails because files are first deleted and then non-existing files are unpatched * take config.h from first non-light daemon package built instead of -heavy (we might not be building -heavy but still need -dev) * Thanks to Gerfried Fuchs for actually using these features and finding this bug group. * exim4.init: Now returns 0 when starting and daemon already running, and when stopping and daemon already stopped. This fixes LSB compliance. Thanks to Heiko Schlittermann. Closes: #404182 -- Marc Haber Fri, 5 Jan 2007 16:34:58 +0100 exim4 (4.63-13) unstable; urgency=low * Fix mangled sense in /etc/aliases exim4-config_files(5) man page. Thanks to Angus Mackenzie. * [update-exim4.conf.8] exim4-config_files manpage is in section 5 instead of 8. Thanks to Angus Mackenzie. Closes: #404494 (am) * Clarify /etc/exim4/passwd.client host name lookup to go after the reverse DNS entry in exim4-config_files(5) man page. * Update uk (Ukrainian) translation of debconf templates. Thanks to Eugeniy Meshcheryakov and Yanovych Borys. Closes: #404481 * Update sl (Slovenian) translation of debconf templates. Thanks to Matej Kovacic. Closes: #404481 * merge in experimental changes: * create exim4-dev package for sa-exim and other packages. Closes: #401462 * fix broken usage of DPATCH_WORKDIR (dpatch-edit-patch didn't work with tarballed upstream) * don't use DPATCH_WORKDIR any more * modify patches to apply to build-tree * remove leftover debugging output from debian/patches/00_unpack.dpatch -- Marc Haber Tue, 2 Jan 2007 14:43:59 +0100 exim4 (4.63-12) unstable; urgency=low * exim4-base.postinst: Redirect command -v's stdout to /dev/null * update-exim4.conf: add lots of quoting to increase robustness. Thanks to Paul Slootman. Closes: #403605 * Debconf templates translation updates and new translations: - Esperanto - Norwegian Nynorsk (Håvard Korsvoll). - Punjabi (A.S. Alam). - Malayalam (Praveen A). Closes: #402541 - Italian (typos corrected by Davide Viti). Closes: #403199 - see Last-Translator for rewards) -- Marc Haber Wed, 20 Dec 2006 14:23:57 +0100 exim4 (4.63-11) unstable; urgency=low * Remove patch to spec.txt for pkg-exim4-users, it is included upstream. No idea why this patch even applied correctly. * README.Debian: * Fix wrong pidfile name * Move FAQ to the Wiki * Adapt "Using completely different configuration scheme" to also mention /etc/exim4/exim4.conf. * Move titles in the same line as the section statement, making it easier to work with a code folding editor. * exim4_files(5): fix recommended permissions for passwd[.client]. Thanks to Georg Neis. Closes: #398365 * Remove temporary gnutls parameters file if neither certtool nor openssl are installed. Closes: #399023 * Fix path to gnutls-params file in exim4-base.postinst. Thanks to J.L. Fernandez. Closes: #400794 * Translation updates (see Last-Translator for rewards). - Punjabi (not yet complete) - Hebrew (not yet complete) - Portuguese. Closes: #399242 * merge changes from experimental: * enable sqlite for exim4-daemon-heavy. Thanks to Adrian Phillips. Closes: #398718 * Add Build-Dependency on libsqlite3-dev. Thanks to Frank Lichtenheld. Closes: #398880 * Build-Depends * add po-debconf * add bzip2 * debian/rules: * run debconf-updatepo in clean targets * adapt build system to allow direct building from an upstream tarball * needs tardy at build time on sarge, but not on newer distributions * use dpatch-run for patches instead of locally programmed handling * add lintian overrides: * partially-translated-question exim4/dc_eximconfig_configtype for cy, eo, et, he, mk, nn, pa, pl, sl, tl, uk - translators, move! * possible-debconf-note-abuse config:15 */drec * remove gratuitous exim4-daemon-heavy.postinst (it is symlinked at build time) -- Marc Haber Fri, 1 Dec 2006 11:16:34 +0000 exim4 (4.63-10) unstable; urgency=low * The "praise Osamu Aoki" release. * Translation updates (see Last-Translator for rewards). - Dutch. Closes: #396725 * README.Debian: * Add information about how to obtain reportbug information for mailing list questions. * Point people directly to passwd.client man page instead of the file itself. Thanks to Osamu Aoki. * Re-work the /etc/aliases section. * Improve smarthost description in update-exim4.conf(8) man page. Give examples. Thanks to Osamu Aoki. * include documentation for /etc/aliases in exim4-config_files(5) man page. Symlink to etc-aliases(5). Thanks to Osamu Aoki. Closes: #397042 * Change symlink of exim4-config_files(5) to email-addresses(5) to point to etc-email-addresses(5) for consistency. * Use nwildlsearch to index into passwd.client to allow wildcards here. Thanks to Osamu Aoki. This is another pain relief for #244724. * use printf instead of echo in daily cron job. Thanks to Ming Hua. Closes: #395448 * Add de-uglyfication request to man pages. -- Marc Haber Sun, 5 Nov 2006 10:36:28 +0000 exim4 (4.63-9) unstable; urgency=low * Fix a spelling error in templates: s/adviseable/advisable Thanks to Jens Seidel for spotting it * Translation updates (see Last-Translator for rewards). - Bosnian. Closes: #396592 - Bulgarian. Closes: #396558 - Greek. - Lithuanian. Closes: #396478 - Norwegian Bokmål. Closes: #391768 - Wolof. Closes: #395944 * Have ue4c barf on more lookup types found in more ue4cc fields, courtesy to regexp from hell. -- Marc Haber Thu, 2 Nov 2006 18:07:24 +0000 exim4 (4.63-8) unstable; urgency=low * Translation updates (see Last-Translator for rewards). - Albanian. Closes: #394725 - Arabic - Basque - Catalan - Chinese (Simplified) - Chinese (Traditional) - Croatian - Czech - Dzongkha - Finnish. Closes: #393644 - German - Italian. - Korean. Closes: #394235 - Nepali - Norwegian Bokmal. Closes: #394270 - Portuguese - Romanian - Russian. - Slovak - Turkish * README.Debian * remove wiki references from README.Debian * remove dc_local_delivery FAQ entry since this is now debconfized * Fix typos, replace "documented below" with a direct link. Thanks to Olaf van der Spek. Closes: #394617 * exim4-config.templates * Fixed typo: s/arbitrary/arbitrarily * Extra space removed at the end of a line. Closes: #394569 * Change references to inexistent README.Debian.html and README.Debian, both replaced by README.Debian.gz. Thanks to Eric Schanze for spotting this. * Various English use changes suggested by Jens Seidel. Closes: #394651 * update-exim4.conf: Fix wrong behavior if a debconf list answer already starts with "<". Thanks to Vineet Kumar. Closes: #393843 * conf.d/main/02_exim4-config_options: Use upstream's wording for rfc1413 configuration, fix wrongly commented timeout value. Thanks to Andre Bischoff on IRC. * conf.d/transports/35_exim4-config_address_directory: Add delivery_date_add, streamline other options' syntax. Thanks to Dominic Hargreaves. Closes: #393930 * Remove commented out inetd entries from maintainer scripts, we are not going to support inetd again. * Zap gnutls-params in postinst if old binary format is detected. Exim cannot read that file any more since RSA_EXPORT has been removed. Always kill the file if file(1) is not present, recommend file(1). Thanks to John Goerzen. Closes: #394598 -- Marc Haber Mon, 23 Oct 2006 20:49:46 +0200 exim4 (4.63-7) unstable; urgency=low * Translation updates (see Last-Translator for rewards). Closes: #391768 - Brazilian Portuguese - Danish. Closes: #392548 - Galician - Hungarian - Indonesian - Japanese - Spanish - Thai * Do not ask for local delivery method if custom entry (i.e. neither maildir_home nor mail_spool) has bin set in update-exim4.conf and continue to use this custom setting instead of overwriting it with mail_spool. (am) Closes: #392993 * Special-case "dsearch;" constructs in dc_other_hostnames, no longer supported. Adapt documentation accordingly. * Adapt docs and man pages so that they do not longer suggest that answers to debconf questions might use all exim host/address/domain list features. * fix ue4c to handle more than one smarthost correctly. * Handle spaces, commas and semicolons as separator in root alias handling. * Wolof translation contained a comma in the translation of a element of the Choices list for the dc_eximconfig_configtype question, replace it with a semicolon. (am) -- Marc Haber Sat, 14 Oct 2006 23:45:17 +0000 exim4 (4.63-6) unstable; urgency=low * s/ipv6/IPv6 in templates (general writing consistency) * Translation updates (see Last-Translator for rewards) - Arabic (partial) - Basque (partial) - Croatian (partial) - Greek (partial) - Khmer - Spanish (partial) - Swedish - Vietnamese. Closes: #392772 * README.Debian: * Fine tuning of SMTP AUTH and TLS docs after user feedback received over $BEVERAGE irl. * Adapt configuration chapter to re-worded templates. * Fix exim4_files man page names to not pollute name space. * Clarify exim4-config_files man page to reflect that the host name given there does not actually influence the routing decision. Thanks to Sven Luther. * Fix list separator handling for dc_other_hostnames in ue4c. Thanks to Alexandre Fayolle. Closes: #392831 -- Marc Haber Sat, 14 Oct 2006 07:40:05 +0000 exim4 (4.63-5) unstable; urgency=low * define MAIN_LOG_SELECTOR conditionally. Thanks to Aaron M. Ucko. Closes: #390758 * Fix typos in man pages. Thanks to A. Costa. Closes: #390705, #390706, #390707 * Address #373786: * cron.daily: Try UID change with start-stop-daemon, and fall back to su if that fails. This should enhance compatibility with libpam-tmpdir. * exim4_refresh_gnutls-params: don't drop privileges any more, generate gnutls-params as root and chown them later. * Thanks to Piotr Kaczuba and Tollef Fog Heen. Closes: #373786 * Add debugging facility to exim4_refresh_gnutls-params * Debconf-Rework * update-exim4.conf: expand UE4CC_semicolon list to allow semicolons in all debconf questions as list separators for consistency. * Do template changes suggested by Christian Perrier. Closes: #260141 * new mail name template thanks to Jari Aalto. Closes: #275953 * relay templates changes thanks to Ross Boylan. Closes: #342061 * remove conftype exim3manual. Closes: #355265 * use semicolon as list separator in debconf templates. ue4.conf handles both semicolons and colons since #360162. Thanks to Adam Borowski. Closes: #365428 * Make existing templates style-compatible regarding developer's reference. * Lower priorities so that the Installer can do its work without exim4 asking questions. Closes: #379485 * Modify templates saying that smarthost::port is a valid notation. Modify transport/30_exim4-config_remote_smtp_smarthost to take only the first part of DCsmarthost (up to first colon) as host name for hosts_try_auth. This allows debconf configuration of a different port to connect to the smarthost. Closes: #251949 * Add debconf template to packages telling people to dpkg-reconfigure exim4-config. * Allow choosing between delivery to /var/mail or ~/Maildir with debconf. (am) Closes: #250980, #274560, #289959 * Translation updates (see Last-Translator for rewards) - Brazilian Portuguese - Danish - Galician - Slovak - Thai - Turkish - Romanian - Japanese - French * Patch by Florian Weimer which disables RSA_EXPORT support which should eliminate the "exim blocking on entropy starvation" issue. * update-exim4.conf: Take only the first word from /etc/mailname as system mail name. Thanks to Mike Mestnik. Closes: #215319. * init script: log_failure_message alert if non-zero paniclog is found. Thanks to Andreas Barth. * README.Debian: document cron job, including paniclog monitoring. Thanks to Stephen Gran. -- Marc Haber Tue, 10 Oct 2006 16:50:27 +0000 exim4 (4.63-4) unstable; urgency=low * Make update-exim4.conf man page also update-exim4.conf.conf man page. * Fix SPF error message when $sender_address_domain is undefined (i.e. sender is <>). (rm) * Change debian/rules documentation for daemon-custom build. Thanks to Guido Hennecke. Closes: #386135 * Rotate paniclog by size, not daily, to avoid rotating away messages after complaining from the daily cron job. Thanks to Dirk Meyer. * Update Slovak translation. Thanks to Peter Mann. * Add Wolof translation. Thanks to M Mamoune Mbacke * Add a paragraph explaning the gnutls-bin suggestion to ease DH parameter generation in case of entropy starvation. Thanks to Andi Barth and Florian Weimer. * Since a new version of sysvinit upload will move /var/run/ to a tmpfs directories under /var/run/ and their permissions are not persistent anymore but will be lost after a reboot. - Re-generate /var/run/exim4 in the init script to compensate for this. (am) (closes: #387699) * update-exim4.conf: Exit with an error if dc_use_split_config is neither true nor false instead of replacing the configuration with an empty one. (am) Closes: #386554 * More intelligence for exim4_refresh_gnutls-params: * If certtool (from gnutls-bin) is unavailable but openssl is installed use openssl to re-generate DH params. (am) * Change exim4-base Suggests on gnutls-bin to gnutls-bin|openssl. (am) * Move invocation and background mechanism to exim4_refresh_gnutls-params. Script can now be called any time from the command line or any other script. * Only regenerate dh params if tls_advertise_hosts is non empty. According to Florian Weimer, DH params are only needed for incoming TLS connections. * Thanks, Yuri D'Elia. This addresses #387448 * Improve entropy and gnutls-params docs. * cron-daily: * Invoke exim4_refresh_gnutls-params unconditionally. * Send out e-mail alert if gnutls-params is older than 14 days. * rename config varables to E4BCD_, source /etc/default/exim4 * introduce a E4BCD_PANICLOG_NOISE variable containing a regexp. Paniclog is negatively filtered against that regexp and paniclog warning is only sent out if unfiltered lines remain. This is to allow work around http://www.exim.org/bugzilla/show_bug.cgi?id=92 * Prepare hosts_avoid_tls statement on SMTP transports * Macroize log_selector, remove +tls_cipher from examples (it is on by default) and always set tls_peerdn (we use TLS by default for outgoing connections). Make it easier to enable debug logging. * Mention in the comments of the default RCPT ACL that verification is likely to have false negatives in smarthost/satellite setups. This is the easiest way to fix #388460; the "real" fix would be very very complicated and thus unsuitable for the default configuration. Closes: #388460 * README.Debian: * Re-Work "misc" section to contain subsection. Fix minor formatting issues. * Add a section about SELinux to the misc subsection saying that we currently do not have an SELinux policy but would appreciate people helping here. This is already bug #387327 and #390179. -- Marc Haber Sun, 1 Oct 2006 14:37:53 +0000 exim4 (4.63-3) unstable; urgency=low * Have exim4-config conflict with exim4-daemon-* << 4.63. Thanks to Yannick Roehlly. Closes: #383420, #384058 * Tweak NEWS.Debian formatting. Remove asterisks and make sure that contents lines start with four spaces. * exim4-config.NEWS: A pair of minor fixes in SPF entry. (rm) Closes: #383708 * Apply upstream fix allowing header names with an odd number of characters in add_headers in filters. Thanks to Tony Finch. Closes: #384015 * Add documentation for inaccessible home directories. Thanks to Juha Jäykkä. Closes: #383469 -- Marc Haber Wed, 23 Aug 2006 17:16:38 +0000 exim4 (4.63-2) unstable; urgency=low * upload to unstable -- Marc Haber Tue, 15 Aug 2006 20:35:55 +0000 exim4 (4.63-1) experimental; urgency=low * New upstream version 4.63 + Change PostgreSQL charset handling. Closes: #369351 + Recognize SMTP codes at the start of "message" in ACLs and after :fail: and :defer: in a redirect router. Add forbid_smtp_code to suppress the latter. forbid_smtp_code is enabled in Debian's default config. Closes: #378131 * Adapt configuration to current upstream + re-work RCPT ACL. Closes: #379155 + add new comments to default authenticators + use $auth[123] instead of $[123] which are now deprecated + forbid_smtp_code on userforward router * Add missing dependency on lsb-base (>= 3.0-3), needed for the new init-script shipped in exim4-base. (am) -- Marc Haber Tue, 1 Aug 2006 10:47:44 +0000 exim4 (4.62-5) unstable; urgency=low * Fix typo in exim4-base daily cron job. Thanks to Salvatore Bonaccorso. Closes: #381048 * Fix language issues in package descriptions -- Marc Haber Tue, 8 Aug 2006 15:02:14 +0200 exim4 (4.62-4) unstable; urgency=low * Add missing dependency on lsb-base (>= 3.0-3), needed for the new init-script shipped in exim4-base. (am) -- Marc Haber Tue, 1 Aug 2006 11:03:57 +0000 exim4 (4.62-3) unstable; urgency=low * remove pkg-exim4-user mail address from README.Debian, mention that one needs to be subscribed to post. Thanks to Ross Boylan. Closes: #368242 * re-word -o description in update-exim4.conf(8) man page. Thanks to Ross Boylan. * Flag update-exim4.conf(8) man page for a re-work in its BUGS section. * Give a - hopefully - better explanation of the mail name thingy in README.Debian. * Fix occurrences of default_acl file in documentation. Make part of README.Debian less confusing. Thanks to Ross Boylan. Closes: #376459 * When installing via apt using dpkg-preconfigure the value of dc_hide_mailname was overwritten during the second run of the debconf script (invoked by postinst), before the value was stored in the configuration file. Fix this. (am) Closes: #376460 * Make spamassassin example in 40_exim4_config_check_data actually work, add link to documentation for "really suiteable" configuration examples. Thanks, again, to Ross Boylan. * remove left-over "and a bunch" sentence from exim4-config_files.5 * Add a symlink from /etc/email-addresses to /etc/exim4/email-addresses * Fix bad parsing of CHECK_RCPT_DOMAIN_DNSBLS. Thanks to Robert Millan. Closes: #378581 * Note in README.Debian that other parts of the Debian system might give outdated and/or wrong advice. See #378684, #378685. * SPF support: (rm) Closes: #290464 * Add (disabled) template to check SPF in 30_exim4-config_check_rcpt. * Add libmail-spf-query-perl (>= 1.999-1) to Suggests. * Rewrite Q/A about SPF from README.Debian. * Add a small note to exim4-config.NEWS. * Add conf.d/acl/30_exim4-config_check_mail to reject mail without HELO/EHLO. (rm) Closes: #378935 * Add LSBized init script. Thanks to Carlos Villegas. Closes: #376953 * re-order RCPT ACL statements to resemble Upstreams default config a little more. This used to be the case in the beginning, but was changed eventually, and I didn't find any rationale for our deviation. Thus, we change back to upstream's default to see which things might break. * remove cron.d from exim4-base dirs - we do not have a cron.d job any more for years. * Re-work daily cron job: * Make statistics configurable with a variable * Comment that the log handling code is fragile and depending on log rotation strategy * Add code to generate warnings if paniclog non-empty. Thanks to Andrew Ferrier. Closes: #379898 * Build -dbg packages. * Updated vi (vietnamese) translation. Thanks to Clytie Siddall. (am) Closes: #380357 -- Marc Haber Mon, 31 Jul 2006 06:10:51 +0000 exim4 (4.62-2) unstable; urgency=low * Move explanation about using ";" as separator in lists from debian/NEWS to debian/exim4-config.NEWS. (The former ends up as /usr/share/doc/eximon4/NEWS.Debian.gz.) Also fix version-number of entry. (am) * have ue4.conf --verbose print split or non-split config. Thanks to Florian Laws. (mh) * Mention http://pkg-exim4.alioth.debian.org/ in package description. Thanks to Florian Laws. (mh) * Mention in package description that README.Debian has information about how to configure the Debian packages. * /etc/init.d/exim4: parse extended inetd.conf syntax from openbsd-inetd. (mh) Closes: #365928 * New th (thai) translation. Thanks to Theppitak Karoonboonyanan. (mh) Closes: #367351 * New dz (Dzongkha) translation. Thanks to Pema Geyleg. (am) Closes: #368593 * New ne (Nepali) translation. Thanks to Paras pradhan. (am) Closes: #369526 * New eo (Esperanto) translation. Thanks to Serge Leblanc. (am) Closes: #369241 * Updated hu (hungarian) translation. Thanks to Attila Szervac. (am) Closes: #374616 * Make documentation of CHECK_RCPT_LOCAL_LOCALPARTS and CHECK_RCPT_REMOTE_LOCALPARTS more verbose and concentrate it in the ACL file. Thanks to Klaus Muth. (mh) Closes: #366491 * README.Debian.xml (mh) * Add new section documenting where to find documentation. * Move misplaced sentence. * Fix spelling errors in README.Debian. Thanks to Salvatore Bonaccorso. Closes: #366003 Thanks to Ross Boylan. Closes: #374216 * remove "you can stop reading now" sentence. Thanks to David Lawyer. Closes: #370790 * Mention Debian-specific man pages * Give instructions about how to use apropos to find out about man pages. * Documentation changes inspired by Ross Boylan. Closes: #369126 * Add exim4-config_files(5) man page to aid as repository for file explanations. * /etc/email-addresses * /etc/exim4/local_host_blacklist * /etc/exim4/local_host_whitelist * /etc/exim4/local_sender_blacklist * /etc/exim4/local_sender_whitelist * /etc/exim4/local_sender_callout * /etc/exim4/local_rcpt_callout * /etc/exim4/local_domain_dnsbl_whitelist * /etc/exim4/hubbed_hosts * /etc/exim4/passwd * /etc/exim4/passwd.client * /etc/exim4/exim.crt * /etc/exim4/exim.key If you find any files that might be missing in the man page, please report a bug. * mention exim4-config_files(5) in update-exim4.conf.8 * Explicitly mention README.Debian in exim man page. * Remove /usr/share/doc/exim4-config/default_acl, move contents to README.Debian and exim4-config_files. * remove empty /usr/share/doc/exim4-config/examples. * clarify docs in RCPT ACL. * streamline docs: * hubbed_hosts router. * passwd.client. * server side authentication examples * Standard-Version: 3.7.2, no changes necessary. -- Marc Haber Sat, 24 Jun 2006 08:56:19 +0000 exim4 (4.62-1) unstable; urgency=low * New upstream version * remove !acl patch, bug is fixed upstream * Some minor changes to README.Debian * Downgrade priority of exim4/dc_eximconfig_configtype, exim4/no_config and exim4/exim3_upgrade from critical to high, as there is a sane default. Closes: #342077 * Allow single quotes in recipient mail addresses. Closes: #346222 * Update debian/mtalist to conflict with hula-mta. (mh) * Move back man-pages (actually they are symlinks) related to the mail-transport-agent virtual package from exim4-base to the daemon packages. Other MTA packages also include these manpages and would otherwise need to explicitly conflict with exim4-base. Add "Replaces: exim4-base (<= 4.61-1)" to the daemon packages. Thanks to Justin Pryzby. Closes: #362852 (am) * Update km (Khmer) translation. Thanks to Khoem Sokhem. (mh) Closes: #363672, #363671 * Update pa (Punjabi) translation. Thanks to A S Alam. (am) Closes: #364268 * replace backticks with $() construct in ue4.conf. (mh) * Allow ";" as separator in dc_local_interfaces and dc_relay_nets. If a semicolon is found, "<;" is prepended to allow a semicolon as separator. Thanks to Adam Borowski. (mh) Closes: #360162 * Link against libdb4.3 instead of 4.2. (am). Closes: #365467 * Standards-Version: 3.7.0, no changes required. (am) * README.Debian: Add link to "how to use a completely different configuration scheme" to the beginning of the chapter about Debian's configuration to provide an easy way out for experienced exim people. (mh) * Fix grammar error in README.Debian. (Thanks, Ross Boylan) Closes: #365546 * Whennever changing major Berkeley DB versions we zap the exim hint databases in exim4-base postinst. Change the code to also delete __db.retry, __db.misc, __db.callout and __db.wait* (which afaik are Berkeley DB internal files). If these are somehow broken strange errors occur, e.g. #360696. As we are deleting the whole db, deleting these files seems to be a good idea. (am) -- Marc Haber Tue, 2 May 2006 11:47:58 +0000 exim4 (4.61-1) unstable; urgency=low * New upstream version - Temporary files for content scanning subdirectory are now also mode 640 instead of 666. Closes: #280282 - If group was specified without a user on a router, and no group or user was specified on a transport, the group from the router was ignored. Closes: #343074 - .include statements now require an absolute path. Closes: #268083 * Apply upstream patch allowing !acl constructs (http://www.exim.org/mail-archives/exim-cvs/2006-April/msg00008.html) * Rename the Punjabi translation file name from pa_IN to pa to fit a decision taken in -i18n * README.Debian: * mention that relay_nets does allow relaying without authentication. * minor formatting fixes * Add Khmer debconf translation (Thanks, Kakada Hok) (bubulle) Closes: #359668 * Add linda overrides for libs-not-in-depends (see #357727) -- Marc Haber Tue, 4 Apr 2006 19:50:39 +0000 exim4 (4.60-5) unstable; urgency=low * re-introduce inst_aliases, patch src/install_exim to prevent path to inst_aliases to be put into example config file. (mh) * Fix typo in README.Debian.xml, thanks to Frank S. Thomas. (mh) * Fix Copy&Waste error in README.Debian.xml. Thanks to Olaf van der Spek. (mh) Closes: #356354 * Added partial Punjabi debconf translation, thanks to Amanpreet Singh Alam. (cp) Closes: #349644 * Fix wrong example in conf.d/acl/20_exim4-config_whitelist_local_deny. Thanks to Kaare Hviid for pointing this out on IRC. (mh) * Add documentation about Debconf templates to README.Debian to make yath happy. (mh) * exim4-refresh_gnutls-params: Use prefix for tempfile to make it easier recognizeable. (mh) -- Marc Haber Mon, 13 Mar 2006 15:30:07 +0000 exim4 (4.60-4) unstable; urgency=low * add rationale to README.Debian explaining why using system passwords for SMTP AUTH is a bad idea. * streamline configuration to decrease differences to upstream default example, and to adopt new things that were added since we last looked there. * Do not set inst_aliases for installation, this only affects example.conf anyway. * fail build if upstream's example configuration has changed. * fix NEWS confusion. Thanks to Andreas for spotting this. * exim4-base.exim4.init: invoke exim4 daemon with the environment cleaned to avoid language confusion. * document tls on connect in README.Debian. * use adduser --quiet instead of > /dev/null in *.postinst. * Add require_files directive to userforward router to avoid errors when mailing uucp@hostname. * Add comment about setting up TLS in conf.d/auth/30_exim4-config_examples to keep people from blindly allowing cleartext auth. * Replace 37_dns_disable_additional_section patch with 37_upstream_patch_342619, which is the nearly identical patch from upstream CVS, approved by Philip. (mh) Closes: #342619 -- Marc Haber Wed, 22 Feb 2006 10:30:16 +0000 exim4 (4.60-3) unstable; urgency=low * Have exim4-base replace exim4-daemon-light and -heavy. This is a needed corollary to the movement of the man pages to -base. Let's hope that this change doesn't introduce too much breakage. Thanks to Hamish Moffatt for making me take a closer look at policy. (mh) Closes: #347908, #348067 * Introduce Makefile variable to build with OpenSSL instead of GnuTLS. This is a last minute maneuver to help sites suffering from the GnuTLS entropy issue (#338319, #343085) whose only other chance is disabling TLS completely. Please note that building exim4-daemon-heavy with OpenSSL is a GPL violation since OpenSSL's license clashes with the MySQL client library, which is GPL licensed without OpenSSL exception. (mh) * re-pack configuration diffs. (mh) Closes: #331698 * Fix wrong variable substitution in lt (Lithuanian) debconf translation. Thanks to Davide Viti and Gintautas Miliauskas. (mh) Closes: #342242 * Fix typo in exim.8 man page. Thanks to A Costa. (mh) Closes: #338579 * Honor dpkg-statoverride entries for run-time data in /var. Thanks to Peter Mottram. (mh) Closes: #269448 -- Marc Haber Sun, 15 Jan 2006 00:23:47 +0000 exim4 (4.60-2) unstable; urgency=low * Add, but not enable, 37_dns_disable_additional_section.dpatch, which might be a possible fix for #342619 * conf.d/auth/30_exim4-config_examples: add hint to adapt public_name string in support_broken_outlook_express_4_server authenticator if other authencators than LOGIN and PLAIN are offered. * Fix missing special characters in some debconf translations. Thanks to Davide Viti. (mh) Closes: #341442 * Fix broken README reference in system_aliases router docs. (mh) * remove references to alias files from the address_pipe transport. (mh) * remove "Some-State" default from exim-gencert. (mh) * Clarify split vs unsplit config in README.Debian. Thanks to Faheem Mitha and Ross Boylan for helping. (mh) * Update Build-Depends to libmysqlclient15-dev. (mh) Closes: #343767 * Fix wrong header in conf.d/routers/300_exim4-config_real_local. Thanks to Ross Boylan for spotting this. (mh) * Document headers_rewrite, return_path and dc_mailname_in_oh in update-exim4.conf man page. (mh) Closes: #332520, #342233 * Re-Instate debian/patches/31_eximmanpage which was erroneously removed in 4.60-1, we have local Debian patches in here. Thanks to Ross Boylan for spotting this. (mh) Closes: #330967 * Mention relay permission from localhost in update-exim4.conf(8). (mh) * Add more prose to relay control configuration. (mh) * Update Greek debconf translation (Thanks, Kostas Papadimas) (am) Closes: #344576 * Add cross-reference to README.Debian to better find macro docs. Thanks to Shyamal Prasad. (mh) Closes: #329988 * Fix incorrect variable substitution in pt_BR debconf translation. (Thanks, Felipe Augusto van de Wiel) (am) Closes: #345363 * [exim4-config.templates, po/*po] Replace reference to README.SMTP-AUTH with one to its replacement README.Debian.html. (am) Closes: #344826 * Re-work long package descriptions. Move reference to README.Debian in front, add hint to dpkg-reconfigure exim4-config, complete stub sentences, remove non-referenced acronym MTA from the long descriptions, move explanation what exim is to the very front. * README.Debian: Add section about changing the configuration, explain structure of conf.d and .conf.template, add hint that the SMTP AUTH examples are documented. * Introduce MAIN_TLS_CERTKEY to allow for single-file certificate/key storage. Thanks to John Goerzen. (mh) Closes: #315126 * Mention entropy issue in README.Debian. * Ship symlink to /usr/sbin/exim, see NEWS.Debian. (mh) Closes: 319316 * use dh_installinit -n instead of --noscripts to work around #347577. (mh) * use dh_installinit --name instead of --init-script, rename init script. (mh) * move man pages from daemon packages to exim4-base, add lintian and linda overrides to allow daemon packages not to contain man pages. -- Marc Haber Thu, 12 Jan 2006 12:36:50 +0000 exim4 (4.60-1) unstable; urgency=low * new upstream version 4.60 * assign value to UE4CC after command line processing. Only have ue4c throw an error on not-existing UPEX4C_confd if split config is seleted. Thanks to Ted Percival. (mh) Closes: #337229 * A number of man page fixes. Thanks to A Costa. (mh) Closes: #338580, #338581, #338582, #338583, #338584 * Pull spool dir path from exim -bP instead of hard-coding it in daily cron job and exim4_refresh_gnutls-params. Thanks to Alex Hermann. (mh) Closes: 340002 * Corrected zh_CN translation by Ming Hua. (am) Closes: #338928 * Corrected pl translation by Jacek Politowski. (am) Closes: #339671 * Change README.Debian to clarify the exim as a client only uses STARTTLS and not TLS on connect. Thanks to Rob Brenart and Marc Sherman for pointing that out on exim-users. * Clarify passwd.client format. Thanks to Osamu Aoki for providing a good starting point in #244724, which is unfortunately not fixed just now. * remove patch 31_eximmanpage, fixes are included upstream. -- Marc Haber Mon, 28 Nov 2005 18:16:12 +0000 exim4 (4.54-2) unstable; urgency=low * debian/README.Debian* merged into one xml-file. Binary packages ship both a html (generated by xsltproc) and plain-text version (lynx + post processing) of the file. (Hilko Bengen) * Switch to libmysqlclient14. * Fix two typos in French debconf templates. Thanks to Christian Perrier. (mh) * Replace broken courier auth example with one that actually denies access if a wrong password is given. Thanks to Peter Thomassen for carrying that report from some colorful web forum to the people who can fix it after like four months. (mh) Closes: #336979 * Fix minor typos in README.Debian.xml and changelog. (mh) * Add 255.255.255.255 to ignore_target_hosts in dnslookup. (mh) -- Marc Haber Wed, 2 Nov 2005 19:40:22 +0000 exim4 (4.54-1) unstable; urgency=low * new upstream version 4.54. (mh) * fix typo in router/real_local header * add same_domain_copy_routing to router/hubbed_hosts * [update-exim4.conf.8] false friend: s/sensible/sensitive/. Thanks to Ross Boylan. (am) Closes: #330975 * modify broken outlook express 4 authenticator so that it only advertises on encrypted connections, as the other plaintext authenticators do. Thanks again, Fred Viles. (mh) * update-exim4.conf.8: alphabetically sort REPLACEMENT PATTERNS and CONFIGURATION VARIABLES sections, add documentation for DEBCONFlocal_domainsDEBCONF. Thanks to Ross Boylan. (mh) Closes: #330980 * fix bashism == in init script. Thanks to Adam D. Barratt and Justin Pryzby. (mh) Closes: #331299 -- Marc Haber Tue, 4 Oct 2005 09:59:24 +0000 exim4 (4.53-1) unstable; urgency=low * new upstream version 4.53. (mh) * Fix obviously unfinished sentence in update-exim4.conf.8 documenting dc_local_interfaces. (mh) * Move SMTP authentication docs to README.Debian. (mh) * Adapt reportbug script to be useable from the command line as well, mention this in README.Debian mailing list paragraph. (mh) * Remove /etc/default/exim4 in exim4-config's postrm instead of exim4-base's one, as it is created in exim4-config's postinst. (am) Closes: #325901 * Fix error in README.Debian.xinetd. Thanks to Diego Biurrun. (mh) Closes: #327847 * Fix substitute variable in Japanese (ja) debconf translation. Thanks to Kenshi Muto. (mh) Closes: #329729 * Add lintian override for maintainer-script-needs-depends-on-netbase. We don't need that depends since update-inetd.conf is checked for presence before invocation and that invocation is only optional cleanup. (mh) * add linda override to kill double shlib warning - libgnutls is fully versioned and thus is not a problem. (mh) * add lintian override to kill bashism "local" warning for exim4-config.config and exim4-config.postinst (see #330548). (mh) * add general package blurb to description of the exim4 meta package as well. Thanks to Marc Sherman for pointing this out. (mh) * remove code to escape dashes in the pod2man generated man pages. That code makes the man pages syntactically invalid, we'd rather live with suboptimal rendering (which is a pod2man bug anyway). (mh) * change spacing for rewrite rules in configuration, man page and ue4.conf to ease paragraph filling for the man page. (mh) * re-pack config patches. (mh) -- Marc Haber Wed, 28 Sep 2005 18:34:51 +0000 exim4 (4.52-2) unstable; urgency=low * unpack/pack configs to get clear EDITME patches (mh) * Update ca (Catalan) translation. Thanks to Aleix Badia i Bosch. (mh) Closes: #317429 * Update mk (Macedonian) translation. Thanks to Georgi Stanojevski. (mh) Closes: #320231 * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params instead of only removing the file and letting exim4 re-generate it at SMTP time after receiving STARTTLS. The maximum runtime of certtool is limited to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to exim4-base' Suggests. (am) Closes: #285371 * Build-Depend on libgnutls-dev (from gnutls12) instead of libgnutls11. * Drop compability with debhelper in woody (am): - mv *.templates.master *.templates - update po/POTFILES.in accordingly. - no more manual invocation of po2debconf in debian/rules - use dh_installppp instead of manual dh_installdirs/dh_install. Closes: #212893 - Build-Depends: debhelper (>= 4.1.68) * drop upgly passwd dependency introduced in 4.30-6. (am) * shorten Build-Depends by replacing "libxfoo-dev|xlibs-dev' with just 'libxfoo-dev'. (am) * Do not try to authenticate to smarthost if smarthost offers AUTH LOGIN but passwd.client does not contain a matching entry. (am) Closes: #323565 -- Andreas Metzler Sun, 21 Aug 2005 11:44:27 +0200 exim4 (4.52-1) unstable; urgency=low * new upstream version 4.51. (mh) * adapt 70_remove_exim-users_references * remove 37_gnutlsparams * adapt 36_pcre * adapt 31_eximmanpage * fix package priorities to have them in sync with override again. (mh) * Fix error in nb (Norwegian) translation. Thanks to Helge Hafting. (mh). Closes: #315775 * Standards-Version: 3.6.2, no changes needed. (mh) -- Marc Haber Sat, 2 Jul 2005 06:08:34 +0000 exim4 (4.51-2) unstable; urgency=low * Fix typo in exiwhat.8. (am) Closes: #313246 * Clarify tls_verify_certificates documentation in conf.d/main/03_exim4-config_tlsoptions. Thanks to Wenzhuo Zhang. (mh) * Accept postmaster liberally for relay_to_domains. Thanks to Roderick Schertler. (mh) Closes: #313023 * Improve update-exim4.conf's internal run-parts to warn about ignored files if running in verbose-mode. (am) Closes: #315656 * Make it possible to purge a previously uninstalled exim4-suite if debconf has between removed since. (am) Closes: #315173 - Stop useless sourcing of confmodule in exim4-config.postrm. - Use debconf to ask about trashing the mailqueue if debconf is available, keep the queue otherwise. * exim failed to setup gnutls parameters if the gnutls-param file was missing. This caused TLS breakage. (am) Closes: #315650 -- Andreas Metzler Tue, 28 Jun 2005 19:35:35 +0200 exim4 (4.51-1) unstable; urgency=low * new upstream version 4.51. (mh) * remove 80_upstream_fix-296492 * remove 81_fix-kfreebsd-gnu * remove 82_upstream_fix-299733 * remove 82_upstream_fix_299743 * remove 83_upstream_fix-strangelog * build-depends: replace postgresql-dev with libpq-dev. (mh) * apply patch to EDITME.exim4-heavy.diff from ubuntu for clearer postgresql build. (mh) * fix wrong dc_other_hostnames statement in manpage. Thanks to Daniel Hermann. (mh) Closes: #311023 * give more directions how to use /etc/exim4/exim4.conf. (mh) * Fix duplicated server_advertise_condition line in login_saslauth_server. Thanks to Rich Aycock. (mh) Closes: #311906 * Conditional restarting the daemon in exim4-config.config now checks for DEBCONF_RECONFIGURE=1 instead of (mis)using an internal debconf-template. (am) * Documentation Improvements for update-exim4.conf.8, exim4.conf.template and 01_exim4-config_listmacrosdefs and README.Debian. Thanks to Ross Boylan. (am/mh) * New translation: et (Estonian) by Siim Põder. (mh) Closes: #312474 -- Marc Haber Fri, 10 Jun 2005 18:57:03 +0000 exim4 (4.50-8) unstable; urgency=low * integrate TLS docs in README.Debian, remove README.TLS. Thanks to Sam Morris. (mh) Closes: #310771 -- Marc Haber Fri, 27 May 2005 07:57:14 +0000 exim4 (4.50-7) unstable; urgency=low * Documentation Only Fixes - Fix grammar error in README.system_aliases. Thanks to Andreas Barth on IRC. (mh) - Optimize unencrypted authentication docs. Thanks to Drew Parsons. (mh) Closes: #305443 - Clarify dc_smarthost host list processing in update-exim4.conf.8. (mh) Closes: #307370 - Clarify split-config description in README.Debian. Thanks to Luc Saffre. (mh) - Fix a typo in README.Debian-accountname, thanks to Brett Parker. (mh) - Fix an issue in the exim manpage creating the illusion that whitespace is allowed between -d and its options. Thanks to Greg Kochanski. (mh) Closes: #309174 - Start re-work of README.Debian FAQ. - Add "should -config depend on -base" question to README.Debian FAQ. - Link README.Debian to -daemon-light and -daemon-heavy, include a copy of README.Debian in -config. Thanks to Daniel Maier. (mh) Closes: #310118 * Translations - Update: cy (Welsh) by Dafydd Harries. (mh) Closes: #306349 - New: vi (Vietnamese) by Clytie Siddall. (mh) Closes: #306613 - Fix typos in pt.po (Thanks, Miguel Figueire) (am) Closes: #310057 * Configuration Clarification - move the regexps in the local part checks to macros, adapt docs. Thanks to Adam M. Costello. (mh) Closes: #306094 * Bug Fixes - preserve escape sequences like '\\N' in /etc/exim4/update-exim4.conf.conf: - use awk instead of sed in exim4-config.postinst (Thanks, Barry Kitson). - use printf '%s\n' "$foo" instead of echo "$foo". (echo in dash would swallow the second backslash) - actually making this work requires changes in debconf, too, see #306134. - (Closes: #305957) (am) - apply upstream patch from http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050425/msg00035.html in some circumstances, exim writes parts of /etc/passwd and/or /etc/group to the reject log. This scares people. (mh) - apply upstream patch from http://www.exim.org/mail-archives/exim-dev/2005-April/msg00012.html to only try SASL mechanisms that are actually specified in the configurations. Thanks to Juergen Kreileder. (mh) Closes: #299743 - Build against libmysqlclient12-dev instead of libmysqlclient10-dev. (am) Closes: #306970 - As "mail sent by smarthost; no local mail" aka satellite requires setting dc_readhost always ask this question. (am) Closes: #304838 - Make nonsplit-config read /etc/exim4/exim4.conf.localmacros before /etc/exim4/exim4.conf.template to allow macros here as well. (mh) - Make it clear that "broken debconf" warning is issued by exim4-config.postinst - Make sure that "generated, do not touch" disclaimer in /var/lib/exim4/config.autogenerated always appears - [exim4-config] As the.config script stores answers in debconf's db and the postinst actually generates configurations files from these values restarting the daemon on dpkg-reconfigure has to be done in postinst. (am) Closes: #310703 -- Marc Haber Thu, 26 May 2005 17:47:24 +0000 exim4 (4.50-6) unstable; urgency=low * fix some errors in update-exim4.conf(8) manpage. (am) * more macros in config. (mh) * Apply upstream fix: $primary_hostname is now expanded in cyrus_sasl authenticator. Thanks to Juergen Kreileder, and of course Philip Hazel. (mh) Closes: 299733 * fix conftype none missing "| \" bug, again. Thanks to Andrew Nimmo and Gabriel L. Briones III. (mh) Closes: 303351. * The upstream fix for #296492 sometimes causes an endless loop. Update patch with correction from Philip's commit, revision 1.10. (mh) * Document real_local router. (mh) * Add instructions about how to use inetd. Thanks to Ryan Underwood. (mh) Closes: #304436 * Fix wrong file header in 100_exim4-config_domain_literal. (mh) * Fix bad english in 01_exim4-config_listmacrosdefs. (mh) * conf.d/main/02_exim4-config_options: Remove macro effort for options that we leave at their default by default anyway, re-commenting them for reference. (am) * Allow cleartext client AUTH PLAIN and AUTH LOGIN by setting a macro. (mh) * Update information in README.SMTP-AUTH. (mh) -- Marc Haber Sun, 17 Apr 2005 19:10:26 +0000 exim4 (4.50-5) unstable; urgency=low * move exim4-config-simple and exim4-config-medium from the main source package to keep them from being released. * document the fact that the check done by update-exim4.conf does not detect all possible errors and fails with errors that are inside expanded items in the config file. Thanks to Marc Sherman. (mh) Closes: 286721 * Add examples for cyrus_sasl to conf.d/auth/30_exim4-config_examples. Thanks to Juergen Kreileder. (mh) Closes: #299732 * remove --dry-run from 10_daemon_close_fds.dpatch so that failures to patch cause failure. Thanks to Gergely Nagy, and apologies for blaming it on dpatch (see #297670). (mh) * remove ACL example file, incorporate DNSBL examples (without actual DNSBL domains) into main config. The example file hasn't been updated in ages, and the main config file has become quite sophisticated by itself. (mh) * add example authenticators for courier authdaemon. (mh) * have exim4-base recommend psmisc. Thanks to Thiemo Seufer. (mh) Closes: #299858 * apply upstream patch fixing fallback handling. Thanks to Laurent Fousse. (mh) Closes: #296492 * add patch to allow building on kfreebsd-gnu. Thanks to Robert Millan. (mh) Closes: #300967 * remove 10_daemon_close_fds since this might close FDs which might be used by other libraries such as libnss-ldap. Thanks to Antonio Kanouras for reporting and testing, and to Florian Weimer for debugging. To avoid #297607 from happening again, use db_stop in exim4-config.config and coordinate with the d-i team. Thanks to Frans Pop for testing. (mh) Closes: #299051 * make pidfile paths in init script variables. (mh) * Update bs (Bosnian) debconf templates. Thanks to Safir Secerovic. (mh) Closes: #301940 * Fix update-exim4.conf to actually remove the DEBCONF stuff from configuration. Thanks to Jason Spiro. (mh) * correctly translate an empty debconf option visiblename to an _unset_ qualify_domain, not a qualify_domain set to the empty string. Thanks to Miquel van Smoorenburg. (mh) Closes: #302060 * update-exim4.conf ignored the setting of dc_use_split_config and always used the data from split config for conftype none. (am) * Document #301988 (base-config) in README.Debian to offer an explanation for a long delay restarting exim right after Debian installation. (mh) * Fix exim4-config.NEWS and exim4-config.postinst, documenting the mailname change there. This should act as a heads-up to people who do funky things with their ue4.conf.conf which might overwrite the fixup intrduced by the maintainer script. Thanks to Vincent Lefevre. (mh) Closes: #301906 * Make Maildir location configurable via exim macro. Thanks to Frederic Lehobey. (mh) Closes: #302215 * pull update-exim4.conf.conf file name in shell variables * liberally use .ifdef in conf.d files which changed in this release anyway. This is part of the process to fix #297603. (mh) * Adapt formatting policy to conf.d files which were changed. (mh) * Improve on Debconf documentation in update-exim4.conf.conf and the configuration templates. This partly addresses #289959. (mh) * re-work ue4.conf man page, also addressing #289959. (mh) * add a comment about caseless postmaster to conf.d/router/400_exim4-config_system_aliases. (mh) * print script name and parameters when debugging. (mh) * update-exim4.conf now gives a better error message if ue4.conf.conf does not exist. (mh) * ue4.conf.template: If a relative output path is given, actually put the file there and not in a path relative to /etc/exim4/conf.d. (mh) -- Marc Haber Sun, 3 Apr 2005 07:20:17 +0000 exim4 (4.50-4) unstable; urgency=low * fix 10_daemon_close_fds.dpatch to actually apply again. Sheesh. Thanks to Joey Hess. (mh) Closes: #297607 -- Marc Haber Wed, 2 Mar 2005 07:38:52 +0000 exim4 (4.50-3) unstable; urgency=low * actually enable dlopen patch, show this in package descriptions. Thanks to Andrej KOLESNIKOV. (mh) Closes: #297282 * Have exim4-config conflict with -daemon (<<4.50), as we use submission/sender_retain which is not supported by earlier daemons. Thanks to Echo Nolan. (mh) Closes: #297501 -- Marc Haber Tue, 1 Mar 2005 06:45:26 +0000 exim4 (4.50-2) unstable; urgency=low * now use WITH_OLD_DEMIME as discussed on pkg-exim4-devel. (mh) * postinst: add "This is a Debian specific file" to ue4.c.c. (mh) * fix exim.8 manpage to point to exim4 instead of exim. (mh) Closes: #296864 * fix update-exim4.conf.8 man page to correctly document that multiple smarthosts are supported and non-SMTP ports are not. Thanks to Dan Jacobson. (mh) Closes: #283560 * Add --output option to update-exim4.conf.template. Thanks to Marc Sherman. (mh/am) Closes: #296597 * Compile with cyrus_sasl authentication mechanism, add libsasl2-dev to Build-Depends. Thanks to Sean Middleditch and Gergely Risko. (mh) Closes: #296203, #292906. * document that dc_localdelivery does not have a corresponding Debconf option. * Introduce ue4c_comments for /etc/exim4/update-exim4.conf.conf to set default for keepcomments/removecomments from the config file. Thanks to Greg Folkert. (mh) Closes: #295735 * Use "control = submission/sender_retain" to fixup relayed messags instead of only adding a Message-ID with a warn-statement. (am) Closes: #285235 * Add force-stop to the init script. Thanks to Jari Aalto. (mh) Closes: 271686 * tighten local parts checks. Thanks to Jari Aalto. (mh) Closes: #273302 -- Marc Haber Sun, 27 Feb 2005 16:33:05 +0000 exim4 (4.50-1) experimental; urgency=low * new upstream version * kill exiscan patch as it is now included upstream * deliver configuration which will compile daemon-heavy with the built-in exiscan * convert package to svn on svn.debian.org with a debian/-only layout. (mh) * remove 37_kbsd-gnu patch on bug submitter's request (doesn't apply cleanly). (mh) * fix bad German translation of a debconf template. Thanks to Hanno Wagner. (mh) Closes: #291671 * allow option passing to updatex-exim4.conf from init script. Thanks to Stephen Gran. (mh) Closes: #285973 * change commented out example for reverse DNS RCPT check to catch deferrals as well. Thanks to Marc Sherman. (mh) Closes: #291832 * Update ko (Korean) debconf templates. Thanks to Seo Sanghyeon. (mh) Closes: #292607 * Update sq (Albanian) debconf templates. Thanks to Elian Myftiu. (am) Closes: #284529 * New gl (Galician) debconf templates. Thanks to Jacobo Tarrío. (mh) Closes: #295562 * use #!/bin/bash in reportbug script as a quick fix until #294954 is fixed one way or the other in reportbug. * Minor fix to de (German) debconf templates. Thanks to Dennis Stampfer. (mh) Closes: #294815 * add bad hack authenticator to support outlook express 4.xx. (mh) * streamline server authenticator names. (mh) * 60_convert4r4.dpatch: patch convert4r4 to prevent execution of the script without people reading a prominent warning. (mh) * re-work debian/control again, pointing people towards pkg-exim4-users to make upstream a little bit less unhappy. -- Marc Haber Fri, 18 Feb 2005 15:31:12 +0000 exim4 (4.44-2) unstable; urgency=low * re-work debian/control to make lintian happy, make descriptions more orthogonal. (mh) * kill build-conflicts on libperl-dev (=5.8.4-1). (mh) -- Andreas Metzler Thu, 27 Jan 2005 13:45:45 +0100 exim4 (4.44-1) experimental; urgency=low * New upstream bugfix-only release (exiscan-acl 4.44-28). - Fixes eximstats' generation of pie charts by volume. (Closes: #286074) - Reset the locale to "C" after calling embedded Perl. (Closes: #283538) - includes 66_cipherpreferences.dpatch, 66_can2005-0021_can2005-0022.dpatch, 65_tidydb-spool.dpatch, 62_statvfs.dpatch. * Fix (commented) example for AUTH LOGIN with saslauthd (Thanks, Maik Broemme). (Closes: #291205) * tl (Tagalog) translation of debconf templates by eric pareja. (Closes: #291184) * Use db4.2. (Closes: #258311) -- Marc Haber Sun, 23 Jan 2005 15:42:20 +0000 exim4 (4.43-4) unstable; urgency=low * Change update-exim4.conf to again generate a valid return_path (instead of defering any mail to remote systems) if dc_hide_mailname='true'. (Closes: #290954) * Fix typo in changelog and exim4-config's NEWS. * Some changes (most notably changing the interfaces exim listens on) require restarting exim instead of just sending HUP. Change documentation and exim4-config.config accordingly. (Closes: #290945) -- Andreas Metzler Tue, 18 Jan 2005 12:57:58 +0100 exim4 (4.43-3) unstable; urgency=low * Now that 4.44 is released upload 4.43 to unstable. ;-) Merge experimental and unstable changelog. * More lintian overrides. ("X" in eximon4's description has to be capital, and we take care to only use settitle if it is available. * make nullmailer setup and the way we use mailname a lot more sensible, attacking #244095 and #280207: - mailname is not implicitely made a local domain, instead it is listed explicitly in dc_other_hostnames, where users can easily remove it from. (This is basically what postfix does, too.) When upgrading existing installations mailname is automatically added _once_ to dc_other_hostnames, on fresh installations mailname is the default value of dc_other_hostnames. We store the fact that we have added mailname to dc_other_hostnames in $dc_mailname_in_oh in update-exim4.conf.conf. - Make exim work correctly if dc_readhost ("visible, rewritten domain name for local users") ends up as part of local_domain, which happens if the same value is chosen for mailname and dc_readhost. This implemented by new router, hub_user_smarthost. Previously users were required to use something different (my.invalid.domain) for mailname. - Special thanks to Christian Perrier for taking care of the template translation updates. * We did not substitute the current value into the debconf templates with db_subst but showed the old ones from the previous debconf run. * /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! * Bosnian (bs.po) translation is complete (Thanks Adis Nezirovic). * Includes de.po change suggested in #286525. * One-line fix for incorrect fi.po translation by Kalle Olavi Niemitalo. (Closes: #288930) -- Andreas Metzler Sat, 15 Jan 2005 19:38:16 +0100 exim4 (4.43-2) experimental; urgency=low * Resync against sarge/sid (4.34-10). * Translation updates: - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) * cy (Welsh) translation of debconf templates by Dafydd Harries. (am) (Closes: #282731) * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) (Closes: #284529) * allow arbitrary Sender: and envelope headers in locally submitted messages, no longer force them to be the local account name at the local host name. (mh) * delete /var/spool/exim4/gnutls-params in cron.daily. (mh) (Closes: #224269) * run debian/rules update-mtaconflicts. (mh) * remove outdated info from README.SMTP-AUTH and clarify corresponding comments in configuration file (Closes: #281249). (am) * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450). (am) * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205). (am) * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). * exim_tidydb did not work properly with split spool directory. (am) * Make exim prefer stronger ciphers. (AES_256 AES_128 3DES ARCFOUR). * Make the prefered local transport (maildir/mailspool) configurable in update-exim4.conf.conf, attacking #250980. Document this, therefore (Closes: #274597) (am) * Move slightly more expensive tests in rcpt ACL further down. (This only changes commented out example code.) (Closes: #267708) * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) * Version dpatch build-dependency to safeguard against reintroducing this bug. * In comment point out that using saslauthd for SMTP AUTH requires giving exim privileges to use it. * New patch 66_can2005-0021_can2005-0022.dpatch from http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 (mh/am). -- Andreas Metzler Thu, 6 Jan 2005 12:33:27 +0100 exim4 (4.43-1) experimental; urgency=low * targeted for experimental since we need unstable to get new 4.34 versions in sarge. unstable upload will happen as soon as t-p-u is in working condition. * New upstream version. (am) (Closes: #274246, #267994) - no more unescaped hyphens in exim.8. (Closes: #262592) - no more warnings in exipick.8 (Closes: #277817) - New option tls_on_connect_ports. (Closes: #265818) - better documentation about differences in configuring for GnuTLS or OpenSSL. (Closes: #241725) - verify = header_sender now respects callout options. (Closes: #260114) - There is now an overall timeout for performing a callout verification. (Closes: #261511) - Less typos in filter.txt. (Closes: #230545) - New ACL: acl_smtp_predata, useful for greylisting. (Closes: #237947) * exiscan patch 4.43-28 (mh) * Use statvsf() instead of statfs(), fixing complete breakage on alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and debugging this. (am) * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to prevent similar bugs. (am) * Translation updates: - tr (Turkish) by Recai Oktas (#281840) (am) * add lintian and linda overrides to get rid of warnings and errors. (mh) * delete debian/files from config-custom, make config-custom's debian/rules delete debian/files on clean. (mh) -- Marc Haber Sun, 21 Nov 2004 19:26:11 +0000 exim4 (4.34-10) unstable; urgency=high * urgency high because this upload fixes two minor security issues. * more documentation for dc_localdelivery in update-exim4.conf.8. * Move slightly more expensive tests in rcpt ACL further down. (This only changes commented out example code.) (Closes: #267708) * Fix 62_statvfs to work with older versions of dpatch. (Closes: #286302) * Version dpatch build-dependency to safeguard against reintroducing this bug. * In comment point out that using saslauthd for SMTP AUTH requires giving exim privileges to use it. * New patch 66_can2005-0021_can2005-0022.dpatch from http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html fixing two buffer overflows labeled CAN-2005-0021 and CAN-2005-0022 (mh/am). -- Andreas Metzler Wed, 5 Jan 2005 10:39:03 +0100 exim4 (4.34-9) unstable; urgency=low * Translation updates: - he (Hebrew) by Lior Kaplan (am) (Closes: #281249) * cy (Welsh) translation of debconf templates by Dafydd Harries. (am) (Closes: #282731) * sq (Albanian) translation of debconf templates by Elian Myftiu. (am) (Closes: #284529) * new patch 64_pipeliningfixup pulled from 4.42. Exim was forgetting that it had advertised PIPELINING for the second and subsequent messages on an SMTP connection. Thanks to Christoph Barbian. (am) (Closes: #283230) * allow arbitrary Sender: and envelope headers in locally submitted messages, no longer force them to be the local account name at the local host name. (mh) * delete /var/spool/exim4/gnutls-params in cron.daily. (mh). * remove outdated info from README.SMTP-AUTH and clarify corresponding comments in configuration file (Closes: #283568) (am). * Add an example for AUTH LOGIN using saslauthd. (Closes: #276450) (am). * exim4-base.cron.daily: Use find | xargs -0r (Closes: #279205) (am). * run debian/rules update-mtaconflicts * Document /etc/email-addresses in README.Debian (Closes: #276958) (am). * exim_tidydb did not work properly with split spool directory. (am) * Make the prefered local transport (maildir/mailspool) configurable in update-exim4.conf.conf, attacking #250980. Document this, therefore (Closes: #274597) (am) -- Andreas Metzler Tue, 7 Dec 2004 12:40:49 +0100 exim4 (4.34-8) unstable; urgency=medium * The real-life-takes-its-toll-release. * Use statvsf() instead of statfs(), fixing complete breakage on alpha/ReiserFS (Closes: #280213). Thanks to John Goerzen for finding and debugging this. * Use getconf LFS_CFLAGS instead of hardcoding -D_FILE_OFFSET_BITS=64 to prevent similar bugs. * Translation updates: - tr (Turkish) by Recai Oktas (Closes: #281840) * new patch 63_nomorecrashongnutlserror pulled from 4.40: "If a server dropped the connection unexpectedly when an Exim client was using GnuTLS and trying to read a response, the client delivery process crashed while trying to generate an error log message." (Closes: #280647) -- Andreas Metzler Sat, 20 Nov 2004 10:52:18 +0100 exim4 (4.34-7) unstable; urgency=low * Update README.Debian.UUCP (thanks, Andreas Barth) (Closes: #271179) * The hack to fix the infinite debconf loop on woody (#246742) broke dpkg-reconfigure. Add an additional [ "reconfigure" != "$1" ] condition to the abort clause. (Closes: #271864) (am) * apply patch fixing Italian debconf translation by Danilo Piazzalunga. (mh) (Closes: #274398) * ro (Romanian) translation of debconf templates by Eddy Petrisor. (mh) (Closes: #275414) * sl (Slovenian) translation of debconf templates by Jure Cuhalev. (mh) (Closes: #275090) * uk (Ukrainian) translation of debconf templates by Eugeniy Meshcheryakov. (mh) (Closes: #273505) * mk (Macedonian) translation of debconf templates by Georgi Stanojevski. (mh) (Closes: #275772) * fix encoding problem in hu.po. Thanks to Christian Perrier. (mh) * Hebrew translation updated. Closes: #277682 (Lior Kaplan) * Norwegian Nynorsk translation fixed (commas removed and replaced by dashes). Closes: #278011 (Christian Perrier) * Fix commas in Macedonian, Polish, Russian translations which broke the Choices list the same way they were in Norwegian Nynorsk (Christian Perrier) * Fix error in README.SMTP-AUTH, thanks Jari Aalto. (Closes: #276448) (am) * Make update-exim4.conf more forgiving, working with files that are missing the final newline. (Closes: #273279) (am) * Use procmail for delivery if /either/ etc/procmailrc or ~/.procmailrc exist. (Closes: #267706) (am) * Shorten overlong template in Catalan (Closes: #277686) (Jordi Mallach) and Brazilian translation (Closes: #278016) (Andre Luis Lopes) -- Andreas Metzler Sun, 7 Nov 2004 19:56:01 +0100 exim4 (4.34-6) unstable; urgency=low * Uploaded to test changes before we break tpu. * zh_TW translation of debconf templates by Tetralet. (Closes: #267524) * bg (Bulgarian) translation of debconf templates by Ognyan Kulev (Closes: #267603) * updated translations: - nl (Dutch) by Bart Cornelis. (Closes: #268168) * remove osirusoft from dnsbl examples. Thanks to Greg Kochanski for noticing. Add dnsbl disclaimer. (mh) (Closes: #269501) * add an example for exim-adduser. (Thanks to Jonas Meurer for the initial idea, the commited version is different, though.) (mh/am) (Closes: #267792) * hr (Croatian) translation of debconf templates by Krunoslav Gernhard (Closes: #270578) * Do not remove the Debian-exim user in "exim4-config.postrm purge". Package dependencies are only effective for packages in status installed, but it is clearly not sane to remove the user until all exim4-packages are purged. e.g. this can completely break logrotate (Closes: #270681). -- Andreas Metzler Sat, 11 Sep 2004 10:29:26 +0200 exim4 (4.34-5) unstable; urgency=low * The let's test the changes before we upload to tpu release. * updated translations: - eu (Basque) by Piarres Beobide Egaña. (Closes: #261912) - ca (Catalan) by Jordi Mallach. (Closes: #264842) * Fix broken permissions (not readable for group/other) in upstream tarball in clean target (thanks to Steve Langasek for help with find). This fixes "dpkg-buildpackage -rsudo && dpkg-buildpackage -rsudo". (Closes: #262607) * Stop daemon in "exim4-base.postrm remove". - Under specific circumstances apt seems to purge -base before removing the depending package (-daemon), therefore the daemon would not be stopped. (Closes: #261994) * Build against libgnutls11-dev. (Closes: #263665) -- Andreas Metzler Wed, 11 Aug 2004 09:17:35 +0200 exim4 (4.34-4) unstable; urgency=high * Urgency high because upgrades from woody were broken. * Exim4 triggers a bug in woody's debconf. - With dialog frontend, invoked by dpkg-preconfigure you are stuck in a loop, always being asked the same two questions (split config, and basic configtype) again and again until you give up and choose split_config=yes although being discouraged from doing so. I am working around this by making the config-script abort if debconf is old and we are running in preconfigure mode. (Thanks to Dan Weber, Adrian Bunk and whoever else wasted brainpower on this.) (Closes: #246742) (am). * Arabic (ar.po) translation of debconf templates by the translation team of Arabeyes.org (Abdulaziz Al-Arfaj). (Closes: #261014) * Change maintainer address to a mailinglist, add myself to uploaders (am) * Quote ${dc_mailname} in exim4-config.config. (am) * Fix grammar error in the original English templates (found by Adam D. Barratt ages ago). Duplicate fix in .po files.(am) * Typo/thinko in exim4-config (two 35-clauses) prevented showing a (unimportant) question for satellite config. Thanks to Fabio Massimo Di Nitto for finding this. -- Andreas Metzler Tue, 27 Jul 2004 16:38:54 +0200 exim4 (4.34-3) unstable; urgency=low * updated translations: - es (Spanish) by Javier Fernández-Sanguino Peña (Closes: #251987). Also shorten overlong string. (Closes: #251316) - tr (Turkish) by Recai Oktas, fixing overlong translations. (Closes: #251932) - de (German) corrected and scrutinized by Helge Kreutzmann. (Closes: #254038) - ru (Russian), too long templates shortened by Dmitry Beloglazov. (Assuming I read Last-Translator correctly) (Closes: #259148) * Hebrew (he.po) translation of debconf templates by Lior Kaplan. (Closes: #254026, #257508) * introduce .ifndef hacks to allow MESSAGE_SIZE_LIMIT, DCreadhost and DCsmarthost to be changed by the local admin without having to change dpkg-conffiles (mh). * Use byname on the smarthost route list (mh). (Closes: #250367) * Make build-dependency on libldap2-dev unversioned. This was just a paranoia measure and the buildds are using this version anyway (am). * escape some dashes in manpages (am). * Replace the three test -a/-o with &&/|| constructs, and egrep with grep -E (am). * Use symbolic name instead of signal numbers for trap (am). * Add explanation on missing SPF-support to README.Debian (am). * remove MESSAGE_SIZE_LIMIT rule from DATA acl, use global message_size_limit instead. Thanks to Matthias Gärtner for pointing this out to me (mh). * Increase MAX_NAMED_LIST to 32 for daemon-heavy (am). (Closes: #253959) * add a reportbug-script to gather additional information. This way we do not rely on possibly out of date information in debconf (am). (Closes: #255645) * Fix off-by-one error in queryprogram router (am). * set "tls_tempfail_tryclear = false" on remote_smtp_smarthost transport (am, Thanks to Dan Jacobson for the suggestion). (Closes: #253931) -- Andreas Metzler Mon, 19 Jul 2004 15:16:28 +0200 exim4 (4.34-2) unstable; urgency=medium * Urgency medium because CAN-2004-0400 isstill not fixed in testing and because this version gets almost every single translation up to date. * Norwegian nynorsk translation of debconf templates by Håvard Korsvoll. (Closes: #248810) * fix debug_print in remote_smtp_smarthost transport. (Closes: #248922) * For minimal_dns update-exim4.conf(8) now tries to find out the primary hostname itself and hardcodes this value in the generated configuration file. (Closes: #241475,#248854) * updated translations: - ko (Korean) by Changwoo Ryu (Closes: #249026) - it (Italian) by Danilo Piazzalunga - lt (Lithuanian) by Gintautas Miliauskas (Closes: #249269) - ru (Russian) by Nikolai Prokoschenko (Closes: #249298) - es (Spanish) by Javier Fernández-Sanguino Peña - nl (Dutch) by Bart Cornelis - de (German) doublechecked and corrected by Dennis Stampfer (Closes: #249925) - fi (Finnish) by Tapio Lehtonen - nb (Norwegian bokmål) by Klaus Ade Johnstad (Closes: #250344) * New bugfix by upstream: "drop" in the DATA acl did not send 550 but dropped the connection immediately. * add a debian/watch file. * Catalan (ca.po) translation of debconf templates by Aleix Badia i Bosch. (Closes: #250113) * Polish (pl.po) translation of debconf templates by Tomasz Z. Napierala. (Closes: #250908) * Rudimentary (5/58) Bosnian debconf templates translation by Safir Šećerović (Closes: #251137) * Document why exim tries to make an AAAA lookup at startup and how to stop this in README.Debian. (Closes: #243822) * Compile with -fno-strict-aliasing. Exim uses lots of casts that are not allowed: "(char **)(&foo)" where foo is a pointer to unsigned char (sourcecode: CSS(foo) with foo being a uchar), which results in lots of "dereferencing type-punned pointer will break strict-aliasing rules". Thanks to Andrew Suffield for the explanation. * exim4-config uses features introduced in 4.33 - conflict with earlier versions. (Closes: #249550) -- Andreas Metzler Mon, 31 May 2004 10:31:51 +0200 exim4 (4.34-1) unstable; urgency=low * remove cruft from source * New upstream version 4.34, exiscan -21 * includes fix for buffer overflow (CAN-2004-0400) fixed in previous upload * Again adds a received header before local_scan() is invoked. * Adds a missing fclose() that was causing scan directories not to be deleted on NFS spools. * add debug_print statements on various routers (mh) * add docs to smarthost router regarding secondary MX setup (see #248370) (mh) * don't ask any more for relay_to_domains if configuring for smarthost and satellite setup. (Closes: #248370) (am) * straighten out remote_smtp transport by adding remote_smtp_smarthost and using that in the smarthost router. (mh) * add hubbed_hosts router for more flexible routing. (mh) * add update-exim4.conf.template and use it in debian/rules (Closes: #248338). (mh) * remove debian/patches/60_upstream_fixes as the fix is already included upstream now. (mh) * add README.Debian-accountname (mh) * updated translations: - zh_CN (Simplified Chinese) by Carlos Z.F. Liu (Closes: #248464). (mh) * Temporarily add a Build-Conflicts with libperl-dev 5.8.4-1. - This version included a dyna-loader incompatible with programs linked against 5.8.3.(am) -- Andreas Metzler Wed, 12 May 2004 22:30:19 +0200 exim4 (4.33-1) unstable; urgency=low * new upstream version 4.33, exiscan -20: - includes the patches for rewriting and sighandler. - new expansion conditions to e.g. match a domain in named domainlist. * updated translations: - fr (French) by Christian Perrier (Closes: #245342) - el (Greek) by Konstantinos Margaritis. * Document known configuration variables in update-exim4.conf(8). * Make use of ${if match_domain to get rid of the ugly hack (two transports and two routers) to rewrite the envelope from. * Apply fix for verify=header_syntax buffer overflow (CAN-2004-0400). -- Andreas Metzler Thu, 6 May 2004 18:17:05 +0200 exim4 (4.32-2) unstable; urgency=low * updated translations: - pt (Portuguese) by Nuno Sénica. (Closes: #244296,#245694) - el (Greek) by Konstantinos Margaritis (Closes: #244354) - cs (Czech) by Miroslav Kure (Closes: #244368) - da (Danish) by Claus Hindsgaul (Closes: #244508) - it (Italian) by Danilo Piazzalunga (Closes: #245174) - fr (French) by eric-m(at)wanadoo.fr (Closes: #245342) and Christian Perrier - ja (Japanese) by Kenshi Muto (Closes: #245430) - hu (Hungarian) by VEROK Istvan - nb (Norwegian Bokmål) by Steinar H. Gunderson - pt_BR (Brazilian Portuguese) by André Luís Lopes - ja (Japanese) by Kenshi Muto - cs (Czech) by Miroslav Kure - sv (Swedish) by André Dahlqvist (Closes: #245716) * Basque (eu.po) translation of debconf templates by Piarres Beobide Egaña. (Closes: #244401) * Indonesian (id.po) translation of debconf templates by I Gede Wijaya S. (Closes: #245120), updated (Closes: #245491) * Turkish (tr.po) translation of debconf templates by Recai Oktas. (Closes: #245751) * Slovak translation of debconf templates by Peter Mann (Closes: #245809) * Add comment in configuration file documenting that effective retry times depend on _both_ retry-rules and frequency of queue running. Keep default QUEUEINTERVAL at 30m because running the queue can be quite expensive and because therespective RFCs suggest 30m as minimal waiting time. (Closes: #242426) * Installation over serial console/minicom only has a screen size of 80 characters x 24 lines available. Sigh. Shorten config-type question by cutting down the introduction. (Closes: #244464). Shorten relay-net question by replacing a unnecessarily complicated formulation with a clearer one which closes: #226809. * Debconf supports masquerading as a different host with rewriting not only for "satellite" but also for "smarthost" system. (Closes: #229911). - Introduces another but hopefully last pre-sarge template change. (This includes final versions of the templates without the dead references to "satellite" which closes: #229902.) - Rewrite /this/ stuff at smtp transport time. /etc/email-addresses rewriting still uses normal rewriting because it always has and because it is easier to setup. - This still does not address one basic issue, the misuse of /etc/mailname for qualifying recipeints because this needs clarification in policy _and_ changing MUAs to not do this. Therefore I declare this post-sarge. - Thanks to Chris Cheney for the kick, and to Adam Conrad and Wouter Verhelst for their help. * Add two fixes from upstream: - Change 4.31/55 was buggy and broke sender address rewriting and caching. - Change 4.24/6 broke the SIGALRM handler with deliver_drop_privilege. * README.TLS.gz and the actual configuration disagreed (Thanks, Richard Lamont). * Fix thinko in update-exim4defaults that made --queuetime a no-op. -- Andreas Metzler Mon, 26 Apr 2004 09:12:23 +0200 exim4 (4.32-1) unstable; urgency=low * New upstream version 4.32 (exiscan 4.32-17) - includes the fix for the caching bug and uses MAIL FROM <> as default value for recipient callouts again. - new exiscan adds a local "Received:" header to the copy passed to spamassassin tofix evaluation of DNS lists, compensating for ChangeLog 4.31/66. (Closes: #242730) * Remove obsolete reference to auth_over_tls_hosts from documentation. (Thanks Jonas Meurer) * Enable SMTP authentication (hosts_try_auth) per default when sending mail to smarthost. No need to edit the configuration-file anymore if you just need to forward all mail to a smarthost with AUTH. (Closes: #203307) * Hungarian translation of debconf templates by VEROK Istvan. (Closes: #242931) * remove "exim 3 will stay default MTA for Debian sarge" from README.Debian as TPTB have decided otherwise. (Closes: #243687). * Rewrite "Sender:"-header for "satellite" configuration profile, too. (Closes: #228978) * Use the normal user account set-up during installation as default destination for delivery of mail for root. (Joey Hess) * Shorten exim4/dc_postmaster template to fit on console. (Joey Hess) (Closes: #242303) * In template suggest using real-foo to force local delivery. (Closes: #229909) * Template changes reviewed by debian-l10n-english. There might still be more changes, translators should probably wait a little bit longer before updating the translation. * On fresh installations smarthost profile only listens on loopback per default. - There are valid uses of "smarthost" that require listening on public interfaces but the most common one (dialup) does not. * Ship README.Debian.UUCP by Andreas Barth in /usr/share/doc/exim4-base. - This resolves our part of #201153. -- Andreas Metzler Sat, 17 Apr 2004 18:02:42 +0200 exim4 (4.31-2) unstable; urgency=low * Fix caching bug in recipient callouts. (Nico Erfurth). * Document removal of local_scan perl-plugin in NEWS.Debian file. (Closes: #242227) -- Andreas Metzler Mon, 5 Apr 2004 15:55:12 +0200 exim4 (4.31-1) unstable; urgency=low * New upstream version 4.31 (exiscan 4.31-16) - Supports CRL (Certificate Revocation List) (Closes: #229063) - exim_dbmbuild does not crash on _very_ long RHS values. (Closes: #231597) - route_list does not use a fixed length buffer anymore. (Closes: #231979) - An empty tls_verify_certificates file is correctly interpreted as empty list instead of breaking TLS. (Closes: #236478) * Korean translation of debconf templates by Changwoo Ryu (Closes: #241499) * Minor changes to rcpt_acl: * add missing message = qualifiers. (Closes: #240862) * resync against upstream default, incorporating change 4.23/30, allowing "/" and "|" in nonlocal addresses. -- Andreas Metzler Mon, 5 Apr 2004 12:00:54 +0200 exim4 (4.30-8) unstable; urgency=low * remove dc_never_users from /etc/exim4/u-ex.conf.conf and the corresponding pattern DEBCONFnever_usersDEBCONF from the template. The code is superfluous since 4.24 introduced FIXED_NEVER_USERS and was broken, user changes were not preserved. (am) * Link against libmysqlclient10 instead of libmysqlclient12 to circumvent symbol-clashes when using PAM with libpam-mysql. (Closes: #235938) (am) * Dump temporary build-conflict with broken po-debconf. (am) * Copy ugly passwd-dependency from -base to -config. (am) * Do not throw away adduser's errormessages. Together with the added dependency noted above this (Closes: #237657). (am) * Installed copy of default configuration-file (example.conf) refered to the temporary install-directory. Ugly hotfix. (Closes: #236483) * Italian translation of debconf templates by Danilo Piazzalunga. (Closes: #237500) * Rewrite generation of /etc/aliases because it was broken when running under debbian-installer/debootstrap, which installs the packages with DEBIAN_FRONTEND=nointeractive and reconfigures them later (report by Florian Effenberger). (am) Instead of generating it _once_ and touching it never again ask for and add alias for root if it is missing. Debconf template exim4/dc_noalias_regenerate is not used any more. (Closes: #237524) * Norwegian Bokmål translation of debconf templates by Steinar H. Gunderson. (Closes: #237680) * Dump local_scan perl-plugin. Upstream development has stopped. (am) * Maintainer scripts now run with -x if environment variable EX4DEBUG is set (mh). * Minor clarifications of debian/README (mh). * rm -rf Local on debian/rules clean (mh). * Swedish translation of debconf templates by André Dahlqvist. (Closes: #238987) * Portuguese (pt) translation of debconf templates by Nuno Sénica. (Closes: #239030) * Lithuanian translation of debconf templates by Kęstutis Biliūnas. (Closes: #239118) * Add examples for client certificate-checking by J.H.M. Dassen (Ray) (Closes: #236609) * Adapt README.* to /etc/exim4/exim4.conf.template (am) * Update to exiscan v16 -- Andreas Metzler Wed, 24 Mar 2004 15:39:35 +0100 exim4 (4.30-7) unstable; urgency=low * 4.30-6 was rejected, we use | and || for OR in dependency fields. * libldap2 now uses GnuTLS10. Follow suit. (Temporarily bumped libldap2-dev build-dependencies for paranoia's sake.) -- Andreas Metzler Mon, 23 Feb 2004 17:03:58 +0100 exim4 (4.30-6) unstable; urgency=low * Finnish translation of debconf templates by Tapio Lehtonen. (Closes: #229792) * Simplified Chinese translation of debconf templates by Carlos Z.F. Liu. (Closes: #229910) * Spanish translation of debconf templates by Javi Castelo. (Closes: #232207) * To increase robustness set explicit "domains = +local_domains" on all the routers that are supposed to be handling _only_ local mail (i.e. anything after dnslookup or smarthost) instead of relying on the no_more. If the router handling remote addresses was modified by adding a precondition the address would have wrongly been handled by the later routers if the precondition failed, breaking at least "verify = sender". (Closes: #230403) (am) * In the data ACL add a Message-ID header to mails injected with SMTP from +relay_from_hosts. (Exim stopped doing this by default in 4.30.) (mh) * binary-all metapackage exim4 does not depend anymore on exim4-base with exactly the same version. There is no necessity for dependencies that strict and it broke both binary NMUs and installability on lagging architectures. (Closes: #231678) (am) * Give way to the "I use sid but keep it outdated by not running apt-get upgrade ever."-fraction. exim4-base now depends on working versions of passwd i.e. the version in woody or the one that has been in sid for more than 6 months. (Closes: #230423,#230836,#231111) (am) * in source-package symlink identical maintainerscripts. (am/mh) * Ship README.Debian.xinetd, explaning why we do not use (x)inetd and how to use xinetd properly if you insist. (Closes: #226627) * Update Build-Depencies to fit the XFree86 4.3 packages. * Make new lintian happy by quoting section and needs in eximon's menu-file. -- Andreas Metzler Mon, 23 Feb 2004 15:48:56 +0100 exim4 (4.30-5) unstable; urgency=low * Only use db_settitle if available (Closes: #226992) (am) * Up to date debconf translations for all nine supported languages, thanks to the translators: Miroslav Kure (Czech), Claus Hindsgaul (Danish), Konstantinos Margaritis (Greek), Christian Perrier (French), Kenshi Muto (Japanese), Bart Cornelis (Dutch), André Luís Lopes (Brazilian Portuguese) and Ilgiz Kalmetev (Russian) (am) * After merging translations split the configtype-template, using the __Choices trick. I don't think I made any errors because podebconf's output has not changed. (am) * Don't use /etc/mailname (DEBCONFvisiblenameDEBCONF) as primary_hostname for minimaldns option. (Closes: #225477) * (Re)introduce /etc/exim4/exim4.conf.template as alternative to the multiple small files in /etc/exim4/conf.d/ and make it the default choice for fresh installations. This trades in a loss of comfort (you will again need to merge in each small change manually) for increased stability. (Closes: #224828) (am) * Disable piping to programs in /etc/aliases per default, because they would run as Debian-exim:Debian-exim per default. Add README.system_aliases suggesting dedicated router/transport pairs (am/mh) (Closes: #228062) * modify create-custom-package and adapt debian/rules to allow building multiple named custom packages in a single build. (mh) * "dpkg-reconfigure exim4-config" actually tells exim4 to read the updated configuration. (am) * Use -qqf instead of -qf in the ip-up.d file to force delivery of all messages over a single SMTP connection. (Closes: #228001) -- Andreas Metzler Wed, 21 Jan 2004 15:09:00 +0100 exim4 (4.30-4) unstable; urgency=low * Updated Japanese debconf template translation by Kenshi Muto (Closes: #224584) * Remove bashism from update-exim4.conf (Closes: #224617) (Jochen Voss) * Czech translation of debconf templates by Miroslav Kure (Closes: #225713) * Fix typos in README.Debian. (Closes: #225149) (Vincent Lefevre) * Replace first, too long debconf question with three short ones (Joey Hess) (Closes: #222720) * Use a custom debconf title. (Closes: #222715) * Greek translation of debconf templates by Konstantinos Margaritis (Closes: #226844) -- Andreas Metzler Fri, 9 Jan 2004 09:12:07 +0100 exim4 (4.30-3) unstable; urgency=low * update debian/copyright from NOTICE. (No substantial changes, credits for new code) (am) * missing \| made exim4-base.postinst configure hang. (Closes: #224294) (am) * update-exim4.conf: Don't try chown if not running as root. (mh) * Remove useless definition of an auth_over_tls_hosts hostlist in 03_exim4-config_tlsoptions. - It was probably a leftover from somebody running convert4r4. (am) * Make it possible to override spooldir in another config-file snippet, too. (Closes: #223973) -- Andreas Metzler Fri, 19 Dec 2003 15:27:50 +0100 exim4 (4.30-2) unstable; urgency=low * Fix exim4-base.logrotate to create logfiles accessible for the new exim-user. (Closes: #223860,#223862) * comment in 03_exim4-config_tlsoptions refered to the user "mail" too. -- Andreas Metzler Sat, 13 Dec 2003 15:01:20 +0100 exim4 (4.30-1) unstable; urgency=low * Exim now runs under its own uid (Debian-exim) instead of using mail:mail. (am) WARNING: You cannot downgrade this version to an older one without manual chown|chgrp all files owned by Debian-exim to mail. - control: dependency on adduser and virtual package exim4-config-2 to force review of external -config packages. - use a statoverride for passwd.client. - different postinst scripts: * adduser. * chown|chgrp files/directories owned by mail (group|user) to Debian-exim. * update-exim4.conf does not exit immidiately if /etc/exim4/exim4.conf exists AND -o is specified. (Bill Moseley) * Brazilian Portuguese debconf template translation by André Luís Lopes (Closes: #219781) * Dutch debconf template translation by Bart Cornelis (cobaco) (Closes: #220694) * Pull Dansk debconf template translation from ddtp. * Use a macro to make it possible to overide the value of spool_directory with -DSPOOLDIR=. Needed for mailscanner, (Closes: #221468), suggested by Matthias Klose. * enable support for Cyrus saslauthd (package sasl2-bin, /var/run/saslauthd/mux) for SMTP AUTH against /etc/shadow. (am) * Christian Perrier has reviewed the debconf-templates and changed them to follow the "Debconf Templates Style Guide". (Closes: #221838) Thanks to the (ru|nl|fr|pt_BR) translators for updating their translations. * New upstream version 4.30 with exiscan 4.30-14 (am) - option table for -d in exim(8) readable (but not perfect). (Closes: #214853) - Messages for configuration errors now include the name of the main configuration files (Closes: #202136) - does not reject IPv6 address literals in EHLO/HELO anymore (Closes: #222521) * exim4-config.config: support going back to previous *package* when invoked by base-config 2.0. (Closes: #222773). Suggested by Joey Hess. (am) * exim4-config now conflicts with non-exim4 packages providing MTA, to keep dselect from automatically installing it (and -base) on dist-upgrades on systems that use a different MTA. (mh) * exim4-base depends on netbase again because exim requires /etc/services.(mh) * reindent init-script with two spaces instead of tabs to fit it in 80 chars/line. (Closes: #221458) -- Andreas Metzler Mon, 8 Dec 2003 16:52:32 +0100 exim4 (4.24-3) unstable; urgency=low * rename create-custom-package to create-custom-config-package (mh) * add create-custom-package to create renamed exim4-daemon-custom (mh) * README.TLS: Don't suggest to use commands messing up the local terminal (Sander Smeenk) * Pull Dansk debconf translation from ddtp (not yet up to date) * correct last references to uncompressed /u/s/d/e/README.Debian (Closes: #216639), also kill references to exim-tls. (Closes: #216979) (Kevin "Starfox" Arima). (am) * add exim4-config-medium template package to sources, document (mh) * Update to exiscan 4.24-13 (bugfix-release). * Ask about mailname after configtype. (Closes: #217931) (am) * minor thinko in debconf "local mail only"-config. (am) * update-exim4.conf: now add comment indicating the source file (Closes: #202040) (mh) * add --confdir option to update-exim4.conf (mh) * add "nodaemon" and "queueonly" option to /etc/default/exim4 and init script (mh). * Fix po2debconf on woody systems with old debhelper and po2debconf. (am) * exim4-config does not depend on exim4-base. (am) * Use "command -v" to check for existence of invoke-rc.d instead of hardcoding its path. (am) * Russian debconf translation by Ilgiz Kalmetev (Closes: #219101) -- Andreas Metzler Tue, 4 Nov 2003 12:18:38 +0100 exim4 (4.24-2) unstable; urgency=low * Grammar of debconf-templates rectified by Ben Foley. * Handholded by Denis Barbier I have imported debconf translations from postfix: fr.po (Philippe Batailler), ja.po (Kenshi Muto), nl.po (Bart Cornelis) and pt_BR.po (André Luís Lopes). It is just 5 translated messages, 4 fuzzy translations, but it's a start. * No more first person in debconf-templates (Adam D. Barratt) * README.TLS was updated. * pseudopackage libxaw-dev is gone in sid (and libxaw7-dev is already available in woody) - Removed from build-depends. * French debconf translation by Christian Perrier (Thanks for the other hints, too.) * Build-Conflict with broken po-debconf (= 0.8.0). (Closes: #215432) * Add menu-entry for eximon (Artur R. Czechowski) (Closes: #215579). * Resolve name-clash between client- and server-side authenticators (Bug found by Rob Ristroph) -- Andreas Metzler Wed, 15 Oct 2003 12:45:49 +0200 exim4 (4.24-1) unstable; urgency=low * New upstream version - 55_fixesfrom-4.23.dpatch is not needed anymore. - most interesting new feature: $acl_xx are now saved with the message, and can be accessed later in routers, transports, and filters. - Cannot run deliveries as root anymore. If you don't redirect mail for root via /etc/aliases or other means to a nonpriviledged account the mail will be delivered to /var/mail/mail with permissions 0600 and owner mail:mail. Change to local_user router to keep it from trying to route mail for root. * debconf for exim4-config pointed to /u/s/d/e/README.Debian but the file is available as README.Debian.gz (Closes: #211934) * exim(8) manpage provides correct NAME section for mailq/runq/... to generate corresponding whatis/apropos info (Thanks to Dan Jacobson for mentioning lexgrog(1)) * polish and crosslink documentation about SMTP AUTH in config-files, documentation and debconf templates. (Closes: #202920) * Ship README.SIEVE (Thanks to Ross Boylan) * Sync some debconf templates against the respective ones in postfix 2.0.16, to limit the work of translators. * update-exim4defaults/init-script: Add a new value fuer QUEUERUNNER, "ppp". - Don't run queue by daemon but still run it from /etc/ppp/ip-up.d/exim4. (Dan Jacobson pointed out that this was very akward to accomplish with old setup.) update-exim4defaults now exits with an error if the argument for --queuerunner is invalid. * Enable gettext-style localisation of debconf templates with compatibility code for woody * Add German debconf-translation. (Some strings were copied from Martin A. Godischs translation of postfix's templates). -- Andreas Metzler Sun, 5 Oct 2003 13:41:30 +0200 exim4 (4.22-5) unstable; urgency=low * Sorry, this is not 4.23. Tom is on holidays and because 4.23 changes some ACL code, exiscan needs in depth checking and not just applying the patch by hand. * exim4-config conflicts with bash (<< 2.05), because it cannot handle aliases in functions. This does not necessarily fix dist-upgrades from potato to sarge because debconf-config might happen before the new bash is installed but will keep people running potato from trying to install exim4-config. (Closes: #209720) * sanitize /usr/sbin/exim4's permissions, building with 007 umask could have installed it -rws--x--x * evaluation -oP option for specifying pid-file is broken in 4.22, use fix from 4.23 (Closes: #210847) * "warn log_message blah" in DATA acl triggered dumping of full headers to reject.log, although the message was not rejected by this acl statement. Take fix from 4.23. (Closes: #208782) * On cross-upgrades from exim3 unfold lines continued with a backslash in the old exim3 configuration before trying to parse it to preanswer the debconf-questions. (Closes: #210404) First instance of using perl in our maintainer-scripts, but I could not do it with sed. -- Andreas Metzler Fri, 19 Sep 2003 13:55:07 +0200 exim4 (4.22-4) unstable; urgency=low * Update to exiscan-acl revision -12. (Emergency fix: When you were using 'discard', and it was the last verb affecting a message, the mbox spool files in the scan directory were not cleaned up.) * Add syslog2eximlog by Martin Godisch, a script to make logfiles produced with exim option "log_file_path = syslog" readable for eximstats. (Closes: #208524) * Enhance description of -heavy and light a little bit. (Closes: #208404) * Standards-Version: 3.6.1, no changes required, we already prompt with debconf. -- Andreas Metzler Thu, 4 Sep 2003 19:19:25 +0200 exim4 (4.22-3) unstable; urgency=low * Add copright notice of exiscan-acl to debian/copyright. -- Andreas Metzler Wed, 27 Aug 2003 17:49:46 +0200 exim4 (4.22-2) unstable; urgency=low * Include exiscan-acl patch 4.22-10 http://duncanthrax.net/exiscan-acl/ in -heavy and -custom (Closes: #204698) * clean up gnutls-params on purge of base-package. -- Andreas Metzler Wed, 27 Aug 2003 12:50:59 +0200 exim4 (4.22-1) unstable; urgency=low * new upstream version 4.22. Please take a look at README.UPDATING and NewStuff in /usr/share/doc/exim4-base/ -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200 exim4 (4.20-5) unstable; urgency=low * Fix EHLO/HELO buffer-overflow CAN-2003-0698 (Closes: #205716) * exim-gencert was using '.' as separator for chown. * "head -n 1" instead of "head -1" in scripts * install /etc/exim4/passwd.client as root:mail 0640 (Closes: #205104) (it needs to be readable for the exim-user or -group, i.e. mail:mail) * set mode_fail_narrower = false for mail_spool and maildir_home transports (Closes: #204228) * Standards-Version: 3.6.0, no changes required. -- Andreas Metzler Sat, 16 Aug 2003 17:40:17 +0200 exim4 (4.20-4) unstable; urgency=low * CFILEMODE and dc_local_interfaces were not saved in update-exim4.conf.conf on fresh installations. * update-exim4.conf: Remove comments _after_ doing DEBCONFpatternDEBCONF replacement. * conf.d/auth/30_exim4-config_examples: Fix forced failure of AUTH LOGIN client on non-encrypted connections. -- Andreas Metzler Tue, 5 Aug 2003 10:38:16 +0200 exim4 (4.20-3) unstable; urgency=low * hub_user router: set correct .ifdef, remove superficial condition= * don't generate main/03_exim4-config_neverusers dynamically, use a DEBCONF_foo pattern that is replaced by up-ex4.conf. exim4 should now play nicely with readonly /etc. * Enable exim-filter in .forward per default. (Closes: #201827) * Enable maildrop-delivery for users with ~/.mailfilter * Easier setup of client side SMTP authentification: -short README file. -passwd.client example shipped in CONFDIR -30_exim4-config_examples: +change order, prefer cram-md5. +enable by default (auth-plain and -login only for TLS protected connections). They remain inactive while hosts_try_auth is disabled. * add comments listing the filename to the files in conf.d that were changed anyway. Addresses part of 202040. * remove misleading comments about "bottom of file" or "see below" from config-snippets. (Closes: #202165) * Disable orphaned inetd-entries from exim (v3) caused by bugs #202670 and #182206 in exim4-config's postinst. I'll close #201143 manually. * Restructure and clarify README.Debian and polish update-exim4.conf(8). Thanks to Ross Boylan for pushing me in the correct direction. -- Andreas Metzler Thu, 24 Jul 2003 10:29:19 +0200 exim4 (4.20-2) unstable; urgency=low * update-exim4.conf works without daemon-package (Closes:#195329) * Add dnslookup_relay_to_domains router for "internet" config to allow relaying for domains with an MX pointing to an rfc1918 address. (Closes: #198410) (MH) * update-exim4.conf would hang if one of the subdirectories in conf.d was empty. (Report and fix by Marc Merlin) * Build-Depend on libgnutls7 * Preserve comments in update-exim4.conf.conf by first adding missing items and replacing the values with sed instead of regenerating file from scratch (Closes: #184099) * Set return_path_add, delivery_date_add and envelope_to_add for maildir-transport (Closes: #196178) * Use email-addresses file in /etc/ instead of in /etc/exim4 as exim3 does, exim4-config now needs to conflict with exim,exim-tls. We still include code for evaluating the old file if it exist, but suggest moving the contents to the new file in NEWS.Debian. postinst will remove old orphaned file if it is unmodified. (Closes: #197136) * Set return_fail_output instead of return_output on address_pipe transport. (Closes: #201280) * Stop generating rewriting rules dynamically, exim4 accepts any "address-list" item as source-pattern for rewriting. (Changelog entry obfuscated on purpose, read exim4debian for painful details.). Remove old dynamically generated files in postinst if they were managed by upex4conf. * daemon-light supports TLS (Closes: #193596) -- Andreas Metzler Wed, 16 Jul 2003 13:36:27 +0200 exim4 (4.20-1) unstable; urgency=low * New upstream * Standards-version 3.5.10 (no changes required) * The doc packages have got new sane names - update Suggests. * Fix a endless loop (currently ownly showing when upgrading from old experimental packages) - Thanks to Marc Langer for the report. * introduce ${Upstream-Version} as substitution variable for debian/control (MH) * Make dependencies less strict, *-daemon-* 12.34-1 can be installed with -base 12.34-5. -- Andreas Metzler Mon, 19 May 2003 14:14:16 +0200 exim4 (4.14-1) unstable; urgency=low * Upload to sid (Closes: #179066) * Ship an (empty) acl_check_data with commented out examples. Add Infrastructure to ease their activation. (MH) -- Andreas Metzler Fri, 16 May 2003 18:02:46 +0200 exim4 (4.14-0.6) experimental; urgency=low * Don't link to gnutls' (tasn,gcrypt) dependencies directly (Closes: #193018) * fix AUTH PLAIN server side example to work if the data is not given in initial-response (exim-bug 193094) * ACL-updates (MH) -- Andreas Metzler Wed, 14 May 2003 12:16:06 +0200 exim4 (4.14-0.5) experimental; urgency=low * updated version of dlopen patch (Marc Merlin) * don't regenerate files managed by update-exim4.conf on package updates if the local admin had deleted them. * replace the listenonpublic yes/no question with one that allows one to specify on which interfaces to listen to (Closes: #190498) * new dc-question for dial-on-demand-users to minimize DNS lookups -- Andreas Metzler Thu, 1 May 2003 16:03:59 +0200 exim4 (4.14-0.4) experimental; urgency=low * Renamed conf.d files from *exim4-base* to *exim4-config* since they can now be found in the exim4-config package. WARNING, this breaks updates. After installation, execute something like the following bash snipped to rename your files: for i in `find . -name *exim4-base*`; do mv $i ${i/exim4-base/exim4-config}; done (MH) * Include more sophisticated check_rcpt ACL, include documentation, include even more sophisticate check_rcpt ACL in /u/s/d/e4-config/examples/acl. (MH) * update-exim4.conf now filters out consecutive empty lines (MH) * make update-exim4.conf's behaviour for configtype=none more consistent, respect CFILEMODE and --removecomments. (Thanks to Marc Merlin) * add warning about editing /etc/exim4/exim4.conf in place (Marc Merlin) * use .rul instead of .disabled to override/disable configfiles in /etc/exim4/conf.d/ (Suggested by Marc Merlin) * fix smtp auth client-side examples (Closes: #188828), thanks to Karl M. Hegbloom for the bug report (AM) * add @DPATCH@-tag to patches, as required by dpath-edit-patch in dpatch 1.17 (AM) -- Andreas Metzler Fri, 25 Apr 2003 12:37:50 +0200 exim4 (4.14-0.3) experimental; urgency=low * add '|| true' to every call of db_input. (Thanks to Pierfrancesco Caci for the bugreport.) (Closes: #187008) * Don't set received_header_text in 02_exim4-base_options, use upstream's default. * renumber routers to have more space for local customization. WARNING WARNING upgrade is broken, execute this in /etc/exim4/conf.d/router to get rid of the superfluous files: mv 20_exim4-base_domain_literal 100_exim4-base_domain_literal mv 22_exim4-base_primary 200_exim4-base_primary mv 24_exim4-base_real_local 300_exim4-base_real_local mv 26_exim4-base_system_aliases 400_exim4-base_system_aliases mv 28_exim4-base_hubuser 500_exim4-base_hubuser mv 30_exim4-base_userforward 600_exim4-base_userforward mv 32_exim4-base_procmail 700_exim4-base_procmail mv 34_exim4-base_maildrop 800_exim4-base_maildrop mv 36_exim4-base_local_user 900_exim4-base_local_user * add *syntax_errors* directives to userforward router, to use partially valid .forward files instead of skipping them. (Marc Haber) * update mysql build-depends -- Andreas Metzler Wed, 9 Apr 2003 16:19:46 +0200 exim4 (4.14-0.2) experimental; urgency=low * upstream fix for crash with AUTH PLAIN * upgrade to policy 3.5.9.0 (CFLAGS in debian/rules) * Add (maildir) transport for handling file addresses generated by alias or .forward files if the path ends in "/", enabled for .forward per default, but not for /etc/aliases. Thanks to Andreas Horter. * add debconf question to move files from exim3 spool to exim4 spool * run exim_tidydb as mail:mail using start-stop-daemon * Make manpages UTF-8 compatible with nicer quotes and escaped dashes. * fakeroot debian/rules builddaemonpackages=exim4-daemon-custom \ buildbasepackages=no binary produced a broken exim4-config package. (Bug found by Soren Andersen) * introduce new replacement item DEBCONFpackageversionDEBCONF holding the complete version number, might be useful for Received headers (Marc Haber) -- Andreas Metzler Thu, 27 Mar 2003 17:04:02 +0100 exim4 (4.14-0.1) experimental; urgency=low * New upstream version * 20_fix.lsearch.dpatch not needed anymore * use new feature .ifdef instead of simulating it with condition=... * change priority of exim4-daemon-light to important -- Andreas Metzler Thu, 13 Mar 2003 15:03:41 +0100 exim4 (4.12-0.2) experimental; urgency=low * instead of generating 22_exim4-base_primary by copying the correct file into it, use condition=... to select the correct one. Similar change to 28_exim4-base_hubuser -- Andreas Metzler Thu, 6 Mar 2003 11:55:55 +0100 exim4 (4.12-0.1) experimental; urgency=low * minimal doc-updates * init-script: output status-message before starting upex4conf() * polish smtp-auth examples - don't hardcode passwords in main configuration file. * change default file-permissions of configfile to 0644. This can be changed by setting CFILEMODE in the default file. * rename debian/patches/*, giving each one an unambiguous number * ignore private rfc1918 and APIPA addresses in internet router (MH) * correct info about authorship of dlopen patch * don't link exim4-daemon-light against PAM (explicitly link it against libdl) * same_domain_copy_routing = yes for primrout-internet, primrout-satellite and primrout-smarthost (MH) * rename debconf.results to update-exim4.conf.conf, add upgrading-magic for upgrading from 4.12-0 and earlier (marked as REMOVEMEBEFORERELEASE) * introduce REMOVEMEBEFORERELEASE-tag, grep -r on debian/ will show us all the cruft that needs to be removed before uploading to unstable. -- Andreas Metzler Wed, 5 Mar 2003 19:03:59 +0100 exim4 (4.12-0) experimental; urgency=low * removed TODO marker from the copyright file * version number for first Debian upload * built i386 binary package on sid -- Marc Haber Fri, 21 Feb 2003 14:40:42 +0100 exim4 (4.12-0.0.21) experimental; urgency=low * update copyright * exim-gencert: generate certificates valid for three years instead 30 days * remove debian/debconf/exim4.conf.template * enable LMTP, LOOKUP_NIS and mailstore for daemon-light -- Andreas Metzler Fri, 21 Feb 2003 12:55:40 +0100 exim4 (4.12-0.0.20) experimental; urgency=low * ship /usr/lib/exim4/exim4 and use it to check whether daemon package is installed. * Exim doesn't require a HUP after logrotation. (See spec 44.2) (MH) -- Andreas Metzler Thu, 20 Feb 2003 19:23:45 +0100 exim4 (4.12-0.0.19) experimental; urgency=low * Ship upstream-changelog only in exim4-base, Symlinks in packages depending on it. Split off changelog entries up to 3.34-1 to changelog.Debian.old which is only included in exim4-base. - Spares about 100KB. * Ship ACKNOWLEDGMENTS in exim4-base docs. * remove debian/exim4-config.docs, files are already shipped in exim4- base * disable some the unneeded dh_* commands from binary-indep target. * make exim4 a metapackage -- Andreas Metzler Thu, 20 Feb 2003 12:41:17 +0100 exim4 (4.12-0.0.18) experimental; urgency=low * split off all configuration to exim4-config * include exim4-config-simple source package * include script to generate exim4-config source package * changed distribution to experimental * Add patch by Phil Hazel to fix lsearch*@ lookups. (AM) * Remove exim4-daemon-perl; merge it into exim4-daemon-heavy (AM) * Prepare removal of "exim4" daemon-flavour: Exchange the roles of "exim4" and "exim4-daemon-light" in debian/rules: build helper binaries, eximon, et.al. while building exim4-daemon-light. Rename EDITME.exim4-base.diff to EDITME.exim4.diff. (AM) ----- WARNING: This breaks your debian/EDITME.exim4-custom.diff, as it was generated to show the differences to debian/EDITME.exim4-base instead of EDITME.exim4-light. (AM) ----- -- Marc Haber Tue, 18 Feb 2003 16:16:45 +0100 exim4 (4.12-0.0.17) unstable; urgency=low * mv 26_exim4-base_aliases 26_exim4-base_system_aliases (MH) * mv 30_exim4-base_forward 30_exim4-base_userforward (MH) * WARNING: upgrades are broken! -After ugrading delete conffiles no longer in package in directories below /etc/exim4/conf.d/: router/26_exim4-base_aliases router/30_exim4-base_forward * all file names for transports and routers are now consistent with Transport/Router defined inside (MH) * add debug_print to all transports/routers (MH) * add cut -d\ -f1 to all md5sum calls in pipes (MH) * add man page for exiqgrep (MH) * fix typos in exiqsumm and exicyclog man page (MH) * Don't install exim.8.diff as manpage, apply the patch instead. (AM) -- Andreas Metzler Sat, 15 Feb 2003 16:35:26 +0100 exim4 (4.12-0.0.16) unstable; urgency=low * Define CONFDIR-macro and use it in update-exim4.conf and some files in CONFDIR. (AM) * Enhance update-exim4.conf: remove comments by default, allow to write output to a different file. (AM) * update-exim4.conf: check validity of configfile before installing it * fix breakage with newer md5sum - thanks to Sander (AM) * check in init-script for smtp-service in inetd that is compatible with openbsd-inetd's extended syntax (Hubert Chan) (AM) * Don't link against libwrap, exim3 doesn't either (Alexander Koch) (AM) -- Andreas Metzler Fri, 14 Feb 2003 19:55:54 +0100 exim4 (4.12-0.0.15) unstable; urgency=low * If exim4/dc_listenonpublic=false add an explaing line to the resulting configfile instead of a blank-line (Marc Haber) * In postinst and cronjob make sure that db files are owned by mail:mail * Add buzzword convert4r4 to description of "No configuration" profile * Body of manpage exim_convert4r4: s/convert4r4/exim_convert4r4/g * Change maintainer, add Marc Haber to Uploaders -- Andreas Metzler Sun, 2 Feb 2003 22:06:06 +0100 exim4 (4.12-0.0.14) unstable; urgency=low * fix bugs found by Marc Haber: - search for email-addresses file in /etc/exim4/ - s/hostname -fqdn/hostname --fqdn/ * exim4-base.config: don't grep in /etc/aliases if does not exist yet. * clear up config-script, using both $mailname and $dc_mailname was irritating. * fix wrong logic for aliases generation (= instead of !=) * fix major breakage of debconf code: config-script is called two times _before_ postinst writes debconf.results, db_set-commands (for sane defaults) in the second-run overwrote the answers given by the user. -- Andreas Metzler Sat, 1 Feb 2003 15:06:58 +0100 exim4 (4.12-0.0.13) unstable; urgency=low * link against GNUTLS -- Andreas Metzler Fri, 31 Jan 2003 16:32:31 +0100 exim4 (4.12-0.0.12) unstable; urgency=low * clean up at purge: Remove logfiles, ask about removing undelivered mails in spool directory. -- Andreas Metzler Fri, 31 Jan 2003 13:32:37 +0100 exim4 (4.12-0.0.11) unstable; urgency=low * clean up update-exim4.conf: + fix unconditional overwriting 03_exim4-base_neverusers + one central `tempfile -m...` + add skeleton function example * add missing 'set -e' to exim4-base.postrm * If there are no debconf answers and we are making a cross upgrade from exim3, try to parse its config file to seed debconf db. -- Andreas Metzler Sun, 26 Jan 2003 12:22:23 +0100 exim4 (4.12-0.0.10) unstable; urgency=low * Get rid of error messages: don't call chmod/chown in debconf/update-exim4.conf if the respective files don't exist. Don't try to kill non running daemons. * Don't start unconfigured daemon in init script, ie. require either ${dc_eximconfig_configtype}" != "xnone or existence of handcrafted /etc/exim4/exim4.conf. Thanks to Alexander Koch for firmly pushing me this way. * dc_listenonpublic was overwritten to true in config script. * Typo in exim4-base.postrm prevented removal of /etc/exim4/conf.d/router/28_exim4-base_hubuser * Clean up /var/spool/exim4 properly; at least if there are just empty directories. * hub_user was broken because of unescaped $. * import updated 10_daemon_close_fds.dpatch from Steve. * only set neverusers if root is aliased somewhere. -- Andreas Metzler Fri, 24 Jan 2003 17:14:13 +0100 exim4 (4.12-0.0.9) unstable; urgency=low * update-exim4defaults: Fix bugs, add option --init * /etc/default/exim4 is no conffile anymore, it is generated with update-exim4defaults. -- Andreas Metzler Fri, 17 Jan 2003 13:39:46 +0100 exim4 (4.12-0.0.8) unstable; urgency=low * Don't ship now unneeded empty /var/lib/exim4/masquerade and /var/lib/exim4/email_addresses * move hub_user router to /etc/e4/c.d/ * move primary-router definition to /etc/e4/c.d/ * code in debian/rules installing /etc/exim4/conf.d/ tree ignores CVS directories * WARNING: upgrades from 0.0.6 and 0.0.7 are broken! -After ugrading delete conffiles no longer in package in directories below /etc/exim4/conf.d/: rewrite/30_exim4-base router/28_exim4-base_hub_user - replace router/22_exim4-base_primary with a file containg only the line "# d41d8cd98f00b204e9800998ecf8427e" run update-exim4.conf afterwards and start daemon. -- Andreas Metzler Tue, 14 Jan 2003 17:44:50 +0100 exim4 (4.12-0.0.7) unstable; urgency=low * Add configuration file managment code using md5sums stored in the file itself to update-exim4.conf(8). Use it and move files for evaluation of /e/e4/email-addresses and the masquerading rules from /var/lib/exim4 to /etc/. Gets rid of /etc/exim4/conf.d/rewrite/30_exim4-base and its two .includes. -- Andreas Metzler Tue, 14 Jan 2003 13:05:51 +0100 exim4 (4.12-0.0.6) unstable; urgency=low * generate up to date manpage for eximstats with pod2man. * EXPERIMENTAL: Split /etc/exim4/exim4.conf.template to little files in /etc/exim4/conf.d/ - update docs accordingly. * fix wrong path in exim4-base.doc-base.spec -- Andreas Metzler Sun, 12 Jan 2003 18:25:40 +0100 exim4 (4.12-0.0.5) unstable; urgency=low * enhance default-file a lot. * ship update-exim4defaults(8) - a script to allow other packages to modify the default-file. -- Andreas Metzler Mon, 6 Jan 2003 23:00:15 +0100 exim4 (4.12-0.0.4) unstable; urgency=low * Compile perl plugin with -fPIC * Enable IPv6 support (Andrew Mulholland) * remove exim4-base.cron.d, it only contained comments (no inetd support). * enhance default-file: Allow disabling any queue runs and passing additional options to exim daemon and/or the queuerunner. -- Andreas Metzler Sun, 5 Jan 2003 13:16:37 +0100 exim4 (4.12-0.0.3) unstable; urgency=low * Keep patches separate to make upgrading easier, using dpatch. * Rename eximon to eximon4: Otherwise this would force anybody who has installed eximon and runs exim v3 to switch to exim v4 * Polish package descriptions a little bit. * Drop Recommends for netbase. We don't support inetd anyway. -- Andreas Metzler Tue, 31 Dec 2002 14:31:14 +0100 exim4 (4.12-0.0.2) unstable; urgency=low * Actually compile with -O2 (Matthias Klose) * Apply localscan_dlopen.patch from http://marc.merlins.org/linux/exim/files/sa-exim-current/ to make it possible to switch local_scan functions *without* recompiling exim. * compile local_scan.c perl plugin as shared object that is dlopened, document this in exim4-daemon-perl's description and doc-directory. -- Andreas Metzler Sat, 21 Dec 2002 14:01:24 +0100 exim4 (4.12-0.0.1) unstable; urgency=low * New upstream 4.12, a strict maintenance release. Without any new features (Don't worry - this is the real release i.e. Phil's third shot ;-) -- Andreas Metzler Wed, 18 Dec 2002 12:17:51 +0100 exim4 (4.11-0.0.4) unstable; urgency=low * Get rid of /usr/lib/exim4/exim (see README.Debian for patched files) * Use relative paths in debian/eximon.dirs -- Andreas Metzler Tue, 17 Dec 2002 13:40:19 +0100 exim4 (4.11-0.0.3) unstable; urgency=low * fix dbm lookups (one-line patch to src/search.c) -- Andreas Metzler Fri, 13 Dec 2002 13:38:31 +0100 exim4 (4.11-0.0.2) unstable; urgency=low * Fresh installs were broken, as the initial test in update-exim4.conf failed. * update-exim4.conf exits silently if /etc/exim4/exim4.conf exists. * don't invoke update-exim4.conf in postinst if configtype=none. -- Andreas Metzler Wed, 11 Dec 2002 16:32:47 +0100 exim4 (4.11-0.0.1) unstable; urgency=low * New upstream version 4.11: includes spec und util/* in orig.tar.gz, diff is small again. see NewStuff items 49 to 57 for new features since snapshot 4.10.13. -- Andreas Metzler Wed, 11 Dec 2002 13:01:07 +0100 exim4 (4.10.13-0.0.4) unstable; urgency=low * reformat manpages a little bit, start each sentence on a new line, refer to /usr/share/doc/exim4-base/ * remove the %s from PID_FILE_PATH * apply debian/fix-pid.issue.patch to fix minor security issue http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html * test in init-script for working config before reloading/restarting (Andreas Piesk) -- Andreas Metzler Thu, 5 Dec 2002 13:04:51 +0100 exim4 (4.10.13-0.0.3) unstable; urgency=low * update copyright from NOTICE * Typos in exim(8) -- Andreas Metzler Wed, 4 Dec 2002 10:35:18 +0100 exim4 (4.10.13-0.0.2) unstable; urgency=low * Fix path for eximon.bin in eximon script (Andreas Piesk) * Add comments at the head of exim4.conf.template, containing a short introduction to the configuration scheme. -- Andreas Metzler Tue, 3 Dec 2002 23:52:28 +0100 exim4 (4.10.13-0.0.1) unstable; urgency=low * Snapshot 4.10.13 * CONFIGURE_FILE=/etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated * update update-exim4.conf* and documentation accordingly. * Generate config.autogenerated with same permissions as /etc/exim4/exim4.conf.template (it might conatain passwords) * Add BIG FAT warning at head of autogenerated file. * don't ship /var/lib/exim4/config.autogenerated, simply remove it on purge if it exists. -- Andreas Metzler Mon, 2 Dec 2002 12:45:58 +0100 exim4 (4.10.12-0.0.1) unstable; urgency=low * Upgrade to testing snapshot 4.10.12 * patches accepted/superseded by upstream: exim4-MID-expanded.patch, hmac*, perl.c.patch * patches that do not apply cleanly anymore: bV_shows_openssl_version.txt, daemon_close_fds.txt, gcc_attributes-eximon.diff, gcc_attributes.txt, tls_common.txt, tls_misc.txt, tls_session_cache.txt. * minimize changes to scripts/exim_install - use INSTALL_ARG=-no_symlink instead. * no util/cramtest.pl util/logargs.sh util/unknownuser.sh in upstream tarball - perhaps only in testing version? -- Andreas Metzler Thu, 28 Nov 2002 16:11:52 +0100 exim4 (4.10-0.srh20.19) unstable; urgency=low * ship convert4r4 as /usr/sbin/exim_convert4r4 (with manpage) * eximon does not provides/Conflicts: exim4-daemon * switch AGAIN *-daemon provides MTA: - *-daemon depends on -base instead of the other way round - explicit "conflicts/replaces: exim, exim-tls" for the base package - these need to add this the other way round, too (TODO). - move symlinks for sendmail, mailq, rmail, rsmtp and their manpages (+the one for newaliases) to the daemon-packages. - no more non-debhelper-generated exim4-base.prerm, simplified *daemon.postinst * try to start daemon in postinst no matter whether configtype=none, people might use it with a handcrafted exim4.conf. * register /var/lib/exim4/email_addresses for dpkg. -- Andreas Metzler Sun, 24 Nov 2002 15:04:32 +0100 exim4 (4.10-0.srh20.18) unstable; urgency=low * add "Replaces: exim4-daemon" to all the daemon flavours, needed for switching. * Marc Haber: make exim4-daemon-custom actually work. building from CVS was broken clean target missed Local/eximon.conf * exim-daemon-perl recommends libexim-localscan-perl -- Andreas Metzler Thu, 21 Nov 2002 17:04:54 +0100 exim4 (4.10-0.srh20.17) unstable; urgency=low * add support for building a customized daemon (exim4-daemon-custom) * tighten build-depends: official exim4-base linked against db3 won't work well together with exim4-daemon-custom linked against libdb2 * ship compile time configuration (EDITME-files) in /usd/daemon-flavour. * use /var/mail instead of /var/spool/mail (#169747) * make uucp a trusted user. (#169545) -- Andreas Metzler Sun, 17 Nov 2002 23:06:29 +0100 exim4 (4.10-0.srh20.16) unstable; urgency=low * fix Gecos pattern: 'From: "Andreas Metzler,,," Sat, 9 Nov 2002 10:12:34 +0100 exim4 (4.10-0.srh20.15) unstable; urgency=low * Fix crash with perl 5.8 (threads), thanks to Eckebrecht von Pappenheim * perl-package: search local_scan.pl in /etc/exim4 instead of /etc/exim. -- Andreas Metzler Wed, 6 Nov 2002 22:46:12 +0100 exim4 (4.10-0.srh20.14) unstable; urgency=low * add /etc/default/exim4 (#123184, #95325) * Don't start a queue runner with cron per default, exim runs as daemon. * polish config-script: more states, strip blanks. * Ask whether to bind to all local interfaces or only to localhost with sane default depending on configtype. (#108853) -- Andreas Metzler Thu, 31 Oct 2002 14:05:50 +0100 exim4 (4.10-0.srh20.13) unstable; urgency=low * send stdout of logrotate postrotate-script to /dev/null * polish exim4-base.postinst and exim4-base.templates * use tcp-wrappers * simplify update-exim4.conf. There is no need to only add remote_smtp transport for special configurations. It does not hurt and should make it easy for users to activate smtp-auth. * install configration example to examples subdirectory -- Andreas Metzler Tue, 29 Oct 2002 08:42:42 +0100 exim4 (4.10-0.srh20.12) unstable; urgency=low * linked against external pcre * clean up a little bit - move all manpages to debian/manpages/ * ship template /etc/exim4/email-addresses * LFS support (-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE) * Don't force sender verification by default * I actually use this version. -- Andreas Metzler Sun, 27 Oct 2002 17:10:16 +0100 exim4 (4.10-0.srh20.11) unstable; urgency=low * if HUPed exim will rexec itself as /usr/lib/exim4/exim, changing the name to exim - start-stop-daemon-daemon would not recognize it. Changed init.script to exec /usr/lib/exim4/exim to set the processname to "exim". This needs to be deuglified. * use black magic in daemon-$flavour postinst to only start it there if switching flavours. * support for inetd has to wait for sarge+1 * fix description of 'exim4' daemon flavour. -- Andreas Metzler Sat, 26 Oct 2002 11:09:14 +0200 exim4 (4.10-0.srh20.10) unstable; urgency=low * don't provide symlink /usr/sbin/exim anymore - this broke coinstallation with uninstalled exim 3 - the exim3-init script started the exim4-daemon. Ship symlink /usr/lib/exim4/exim -> /usr/sbin/exim4 and set BIN_DIRECTORY to /usr/lib/exim4. This is a little bit ugly but the alterative would be to patch 7 files in src. * the daemon packages conflict with each other by each having Conflicts/Provides: exim4-daemon * Add doc base support for spec and filter.txt (bug 165961) * Switching daemon flavours restarts them. -- Andreas Metzler Fri, 25 Oct 2002 16:14:44 +0200 exim4 (4.10-0.srh20.9) unstable; urgency=low * apply exim4-MID-expanded.patch - make domain part of M-ID configurable. Shipped in debian-subdir so it can be easily patch -R'd before official debian release. * set spool to /var/spool/exim4 in EDITME * remove /var/run/exim4 on purge * remove /var/(spool|log)/exim4 on purge if empty * added manpages. * allow relay for 127.0.0.1 : ::::1 * set host_find_failed = defer for smarthost router and mimick exim3. It really sucks to get a frozen message and error to the postmaster _every_ time I try to send a message offline. -- Andreas Metzler Thu, 24 Oct 2002 14:00:05 +0200 exim4 (4.10-0.srh20.8) unstable; urgency=low * info and html doc generated from separate source package - diff is small * remove m4 and texinfo from build-depends -- Andreas Metzler Thu, 24 Oct 2002 12:22:56 +0200 exim4 (4.10-0.srh20.7) unstable; urgency=low * config script as state machine - allows going back! * hopefully last forgotten entry of /var/{spool,log,run}/exim in postinst and cron.* fixed. -- Andreas Metzler Thu, 24 Oct 2002 09:16:12 +0200 exim4 (4.10-0.srh20.6) unstable; urgency=low * generate /etc/aliases with debconf * remove dpkg-statoverride managment with debconf, ship exim binary as 4755 root:root. * update debian/copyright from NOTICE. * add (commented out) maildrop-transport to template * add (commented out) maildir-transport to template * Remove some backslashes in template * Fix *lots of* cut and paste errors, introduced by generating the configuration template from the debconf_eximconfig perl script. $local_delivery is wrong, define macro LOCAL_DELIVERY and use it instead. Remove erranous backslashes. * Add comments from the example configuration file to template. * host and domain lists are colon separated. -- Andreas Metzler Mon, 21 Oct 2002 22:37:45 +0200 exim4 (4.10-0.srh20.5) unstable; urgency=low * new debconf-code: - shell scripts - debconf-results are saved (and read from) /etc/exim4/debconf.results - /etc/exim4/exim4.conf.template is a dpkg-conffile - update-exim4.conf(8) merges these two files and generates exim's main configuration file /var/lib/exim4/exim4.conf. -- Andreas Metzler Sat, 19 Oct 2002 19:23:35 +0200 exim4 (4.10-0.srh20.4) unstable; urgency=low * symlink usr/sbin/exim4 <-> usr/sbin/exim in -base package was wrong. * move invoke-rc.d to -base package - _it_ contains the init-script * move stat-overide-stuff to -base package. - The values are filled in _its_ config. * missing stuff from log/exim4 run/exim4 transition: exim-base maintainerscripts. * Daemon-packages have only debconf stuff left as maintainerscripts. How about letting dh_installinit manage the initscript? * exim4-base.postrm has no business removing /etc/exim/exim.conf -- Andreas Metzler Fri, 18 Oct 2002 14:40:46 +0200 exim4 (4.10-0.srh20.3) unstable; urgency=low * /etc/exim4/... * fix cronjob: Test for existence of /etc/exim4/exim4.conf - it formerly tested for exim3's configuration file * /usr/lib/exim/ --> /usr/lib/exim4/ -- Put eximon.bin there, too. -- Andreas Metzler Fri, 18 Oct 2002 13:43:37 +0200 exim4 (4.10-0.srh20.2) unstable; urgency=low * more changes: * /var/log/exim/ --> /var/log/exim4/ * /var/run/exim/ --> /var/run/exim4/ * /etc/init.d/exim --> /etc/init.d/exim4 * Use files named after the real package (exim4-base instead of) exim for cron and logrotate. - use dh_installlogrotate and dh_installcron * Don't install exim.8 manpages in daemon packages - symlink is enough, ship real manpage in base-package. - use dh_installman. * Get rid of m4-magic - without the alternatives there is no need. -- Andreas Metzler Thu, 17 Oct 2002 23:52:31 +0200 exim4 (4.10-0.srh20.1) unstable; urgency=low * rename package, replace dependencies. - src: exim4 - binary exim(-something) --> exim4-something - Remove Provides: exim - does not make sense anymore, dselect/apt would take the real exim instead of the provided one. - Revamp Dependencies and contents * exim4-base provides/confl/repl: mta and depends on one of *our* flavours * each of the flavours only contains only /usr/sbin/exim4 and a manpagelink exim4--->exim - there is no need to provides/confl/repl: mta, because we ship no common file with the same name as in the original exim4-package - drop alternatives. - install configuration example to /usr/share/doc/exim4-doc/examples -- Andreas Metzler Thu, 17 Oct 2002 17:58:08 +0200 exim (4.10-0.srh20) unstable; urgency=low * exim-base.config fixes during testing-- need to run debconf subs in a list context to get their numeric return code. * enqueue_question(): $code == 0 is ok too * main: call fetch_default() not find_default() [when did I last test this?] * install debconf_eximconfig (!!!!!!) -- Steve Haslam Wed, 16 Oct 2002 21:50:27 +0100 exim (4.10-0.srh19) unstable; urgency=low * Move the eximon binary into the eximon package! -- Steve Haslam Wed, 16 Oct 2002 19:36:48 +0100 exim (4.10-0.srh18) unstable; urgency=low * The clean: target now deletes doc/tmp -- Steve Haslam Wed, 16 Oct 2002 18:10:29 +0100 exim (4.10-0.srh17) unstable; urgency=low * Slave alternatives for "rmail" too. * Changed libxaw-dev in build-depends to libxaw7-dev | libxaw-dev * Added libperl-dev and m4 to build-depends -- Steve Haslam Wed, 16 Oct 2002 17:19:40 +0100 exim (4.10-0.srh16) unstable; urgency=low * Put --exec $DAEMON back on the start-stop-daemon --stop calls, since start-stop-daemon complains about the process not being found after it just killed it. (Due to Exim not removing its own pid file?) * Point slave alternatives at .gz versions of manpages -- Steve Haslam Wed, 16 Oct 2002 16:12:08 +0100 exim (4.10-0.srh15) unstable; urgency=low * Fix "update-alternatives --remove" invocation. * Remove alternatives AFTER stopping daemon. * Use logrotate to cycle logs. * Manually install logrotate/cron stuff, to call it "exim" instead of "exim-base". * Install upstream exim.8 manpage, and slave alternatives. -- Steve Haslam Wed, 16 Oct 2002 15:44:56 +0100 exim (4.10-0.srh14) unstable; urgency=low * dh_installinit: pass --noscripts, put the script invocation etc. in ourselves. This is still pretty nasty, but ensures that the deamons are stopped/started themselves, not by exim-base. * Also, pass --init-script=exim to use /etc/init.d/exim, not /etc/init.d/exim-base. * Fix some inconsistencies in the postsinst related to the above that made lintian scream * Remove the --exec option when stopping the daemon in the init script, so that we still stop the daemon if the symlink changed to point to a different version (hacky). -- Steve Haslam Wed, 16 Oct 2002 14:51:19 +0100 exim (4.10-0.srh13) unstable; urgency=low * Bah, fix paths of mailq etc. to be in /usr/bin, not /usr/lib -- Steve Haslam Wed, 16 Oct 2002 14:08:45 +0100 exim (4.10-0.srh12) unstable; urgency=low * The postinsts were totally broken, doing everything off the "install" target, and nothing off "configure". Since they're all pracitcally the same, they are now generated from daemon-postinst.m4. * Fix invocations of dpkg-statoverride (sysuser??) * Added slave alternatives for mailq, sendmail etc. * Removed daemon packages conflicting with mail-transport-agent, although this isn't good-- the deamon packages don't conflict with each other (they use alternatives to arrange themselves), but do conflict with other MTAs that install /usr/lib/sendmail|/usr/sbin/sendmail links. Urnf. * Similar generation system for prerms as postinsts -- Steve Haslam Wed, 16 Oct 2002 13:47:53 +0100 exim (4.10-0.srh11) unstable; urgency=low * Urnf, nasty circular dependencies. Removed exim-base's dependency on exim-daemon. * Fix "use strict" errors in exim-base.config (oops) -- Steve Haslam Wed, 16 Oct 2002 13:10:25 +0100 exim (4.10-0.srh10) unstable; urgency=low * Patch src/expand.c with HMAC support * Rename exim-daemon-default package to just "exim", so upgrading works better, and exim isn't made into a pure virtual package while other packages depend on it. Moreover, mail-transport-agent is provided by each of the daemon packages, not exim-base, since having exim-base alone is not sufficient to have an MTA. * Each exim daemon package depends on exim-base, not exim. -- Steve Haslam Wed, 16 Oct 2002 12:52:19 +0100 exim (4.10-0.1) unstable; urgency=low * Heavy changes to build system. * Split package into: - exim-base: This package contains all utility programs and documentation in plain text format. - exim-daemon-$FOO: (Currently for FOO in light, default, heavy, perl): Conain only the exim daemon in different configurations - exim-doc-info: Contains exim documentation in Info format. - eximon: The X11 monitor for Exim -- Hilko Bengen Wed, 2 Oct 2002 17:23:04 +0200 exim (4.10-0.srh4) unstable; urgency=low * exim.c: Show the OpenSSL version number if TLS compiled in and the tls debug selector enabled. * exim.postinst et al: Keep the alternatives configured between upgrades (naughty) since exim-light will fail to start if exim-heavy keywords are in the config file -- Steve Haslam Fri, 13 Sep 2002 16:08:47 +0100 exim (4.10-0.srh3) unstable; urgency=low * tls.c: Some debug output changes to verify_callback() * debconf_eximconfig: add more escaping when writing acl_check_rcpt * tls.c and others: ${tls_peercn} now expands to the CN part of the peer's certificate subject when using TLS. * transports/smtp.c and others: Added tls_verify_hostname option to verify the hostname we connected to against the CN/subjectAltName of the peer certificate. -- Steve Haslam Fri, 13 Sep 2002 15:44:07 +0100 exim (4.10-0.srh2) unstable; urgency=low * exim-heavy.postinst: had duplicate sendmail alternative, removed. Had a priority the same as exim-light too... increased. * Replace LOOKUP_CDB=yes in exim-light configuration, since it was in the Exim 3 package and doesn't bring in any dependencies. * exim.postinst: delete files from /var/spool/exim/db if they cannot be read by exim_dumpdb (some DB compatibility lossage) -- Steve Haslam Tue, 3 Sep 2002 13:28:44 +0100 exim (4.10-0.srh1) unstable; urgency=low * My stab at an Exim 4 package. Features include: * An exim-heavy package that contains an Exim binary with LDAP, MySQL, PostgreSQL etc. in, so that the main Exim package's dependencies are kept thin but users can easily get hold of the extra lookup types. * Debconf-based configuration, although it has priority=high questions, so not completely noninteractive yet, and not all features of eximconfig have been ported/checked * Automated conversion of Exim 3 configuration files (using PH's convert4r4) -- Steve Haslam Tue, 3 Sep 2002 10:20:24 +0100 exim (3.35-1.srh1) unstable; urgency=low * Reconfigured to include MySQL and PostgreSQL lookups -- Steve Haslam Fri, 9 Aug 2002 15:52:37 +0100 exim (3.35-1) unstable; urgency=low * New upstream version, fixes buffer overflow (Closes: #135069) * debian/config: Added receiver_try_verify (Closes: #136276) * debian/init.d: Use --retry 30 option for start-stop-daemon when stopping exim (Closes: #136450) * debian/postinst: "noninteractive" in correct case (Closes: #134379) * debian/init.d: Use -n option for echo (from patch in #133288) * debian/exim_lock.8: Manpage for exim_lock - thanks Nick Philips (Closes: #131679) * debian/config: Fixed comment on smtp_accept_queue_per_connection (Closes: #136756) * debian/exim.8,debian/eximon.8: Fixed hyphenation (Closes: #132068) * debian/control: Short description improved (Closes: #130698) -- Mark Baker Mon, 4 Mar 2002 23:04:52 +0000