[ubuntu/focal-proposed] exim4 4.93~RC2-1ubuntu1 (Accepted)
Bryce Harrington
bryce at canonical.com
Fri Nov 15 16:13:13 UTC 2019
exim4 (4.93~RC2-1ubuntu1) focal; urgency=medium
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ Build-Depends on lsb-release to detect Distribution.
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
* Dropped:
- SECURITY UPDATE: remote command execution
+ d/p/CVE-2019-15846.patch: ensure not to interpret '\\'
before '\0' in src/string.c
+ CVE-2019-15846
[Now in upstream as of 4.92.2-1]
- SECURITY UPDATE: heap-based buffer overflow in string_vformat
+ debian/patches/CVE-2019-16928.patch: fix overflow in src/string.c.
+ CVE-2019-16928
[Now upstream as of 4.92.3-1]
exim4 (4.93~RC2-1) unstable; urgency=low
* New upstream beta version.
+ Drop patches/75*.
* Allow overriding cron.daily paniclog report recipient. Closes: #611085
* Add REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES and
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS to set tls_verify_certificates and
tls_verify_hosts respectively on the remote_smtp_smarthost transport.
Closes: #823831
In addition to that add REMOTE_SMTP_HOSTS_REQUIRE_TLS to set
hosts_require_tls for the remote_smtp transport. Closes: #780033
exim4 (4.93~RC1-4) unstable; urgency=low
* Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need
it yet but will forget for sure to add it when we do.
* Following upstream defaults do not disable incoming TLS by default - i.e.
if MAIN_TLS_ENABLE is not set - but use a self-signed certificate.
(Relevant upstream changes: tls_advertise_hosts defaults to * for TLS
builds since 4.87_JH/18, on-demand generation of self-signed certificate
for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by
default.)
* 75_02-Revert-preallocate-store-for-config-which-appears-to.patch: Fix
mismerge which triggered a test error on mipsel. Closes: #944060
exim4 (4.93~RC1-3) unstable; urgency=low
* 75_01-Dsearch-Fix-taint-handling-in-lookup.-Bug-2465.patch: Untaint
dsearch lookup. Closes: #944199
exim4 (4.93~RC1-2) unstable; urgency=low
* autopkg test: Drop (python2) test for ancient vulnerability and do some
basic testing with swaks instead. Closes: #943006
* Upload to unstable.
exim4 (4.93~RC1-1) experimental; urgency=low
* New upstream beta version.
+ Drop 75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch,
75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch and
75_03_Fix-local-scan-ABI.-Bug-2458.patch.
+ Update debian/example.conf.md5 (Removal of dnssec_request_domains was
already implemented in 4.93~RC0-1.)
* exigrep does case sensitive *option* processing (as it did for all
versions <4.90). Notably -M, -m, --invert, -I may be affected.
Closes: #927280
(This change was already present in RC0.)
exim4 (4.93~RC0-2) experimental; urgency=low
* 75_03_Fix-local-scan-ABI.-Bug-2458.patch: Fix function prototypes in
local_scan.h.
* 90_localscan_dlopen.dpatch: Unfuzz, mark
string_copy_function/string_copy_taint_function/string_copyn_function in
string.c as visible.
* Provide exim4-localscanapi-2.1.
* Drop sa-exim Breaks, the localscanapi version bump makes this superfluous.
exim4 (4.93~RC0-1) experimental; urgency=low
* Point watchfile to test-subdirectory.
* New upstream beta version.
+ Drop debian/patches/7[56]*.
+ Unfuzz 90_localscan_dlopen.dpatch.
+ Unfuzz/update (explicit -lnsl) debian/EDITME*
+ Update configuration, mirorring upstream changes.
Both dnssec_request_domains and hosts_try_dane now default to '*', drop
these settings. REMOTE_SMTP_DISABLE_DANE is a noop, now.
+ Exim DH param configuration (tls_dhparam) now makes use of the current
GnuTLS (> 3.6) functionality, which implements rfc 7919. Drop
unnecessary packaging bits.
+ Pull post release fix from upstream GIT
(75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch) to fix build error
with HAVE_LOCAL_SCAN=yes.
+ Update 90_localscan_dlopen.dpatch to #include documented interface
(local_scan.h) instead of exim.h.
* debian/rules: Do not try to build -heavy if -light failed.
* 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch:
Post-release hix from upstream GIT.
https://bugs.exim.org/show_bug.cgi?id=2454
* The localscan dlopen functionality is broken, (temporarily) drop
exim4-localscanapi-2.0 from Provides.
exim4 (4.92.3-1) unstable; urgency=medium
* Fix (commented) examples in configuration for clamd and courier authdaemon
to refer to /run instead of /var/run. Closes: #942292
* While we are at it also fix exim pid file path in exim(8).
* New upstream version (identical to 4.92.2 +
75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch, i.e.
4.92.2-3).
* Use patches from exim-4.92.3+fixes, add
75_36-Fix-errorcheck-in-smtp-transport.patch.
* [lintian] Set Rules-Requires-Root: binary-targets.
exim4 (4.92.2-3) unstable; urgency=critical
* 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer
overflow in string_vformat. CVE-2019-16928
exim4 (4.92.2-2) unstable; urgency=medium
* Upload to unstable.
exim4 (4.92.2-1) experimental; urgency=medium
* New upstream security release (identical except for the version number to
4.92.1 + 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch).
+ Drop 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch.
* Refresh from exim-4.92.2+fixes branch:
+ 75_32-Fix-domain-for-a-bare-local-part-input.-Bug-2375.patch
+ 75_33-exim_dbmbuild-handle-0-sequence.patch
+ 75_34-fixup-exim_dbmbuild-handle-0-sequence.patch
exim4 (4.92.1-3) unstable; urgency=high
* 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch - Fix SNI
related buffer overflow. CVE-2019-15846
exim4 (4.92.1-2) unstable; urgency=medium
* Pulled from exim-4.92+fixes branch:
+ 75_30-Fix-crash-after-TLS-channel-shutdown.patch
+ 75_31-Auth-handle-socket-read-errors-in-Dovecot-authentica.patch
* Add Breaks: sa-exim (<< 4.2.1-17) to -heavy, see #930648.
* Change *.logrotate to nocreate to work around #400198.
Closes: #399930
Date: Wed, 13 Nov 2019 18:56:58 -0800
Changed-By: Bryce Harrington <bryce at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/exim4/4.93~RC2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 13 Nov 2019 18:56:58 -0800
Source: exim4
Architecture: source
Version: 4.93~RC2-1ubuntu1
Distribution: focal
Urgency: critical
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bryce Harrington <bryce at canonical.com>
Closes: 399930 611085 780033 823831 927280 942292 943006 944060 944199
Changes:
exim4 (4.93~RC2-1ubuntu1) focal; urgency=medium
.
* Merge with Debian unstable. Remaining changes:
- Show Ubuntu distribution in SMTP banner
+ Build-Depends on lsb-release to detect Distribution.
+ d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
* Dropped:
- SECURITY UPDATE: remote command execution
+ d/p/CVE-2019-15846.patch: ensure not to interpret '\\'
before '\0' in src/string.c
+ CVE-2019-15846
[Now in upstream as of 4.92.2-1]
- SECURITY UPDATE: heap-based buffer overflow in string_vformat
+ debian/patches/CVE-2019-16928.patch: fix overflow in src/string.c.
+ CVE-2019-16928
[Now upstream as of 4.92.3-1]
.
exim4 (4.93~RC2-1) unstable; urgency=low
.
* New upstream beta version.
+ Drop patches/75*.
* Allow overriding cron.daily paniclog report recipient. Closes: #611085
* Add REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES and
REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS to set tls_verify_certificates and
tls_verify_hosts respectively on the remote_smtp_smarthost transport.
Closes: #823831
In addition to that add REMOTE_SMTP_HOSTS_REQUIRE_TLS to set
hosts_require_tls for the remote_smtp transport. Closes: #780033
.
exim4 (4.93~RC1-4) unstable; urgency=low
.
* Add libnet-ssleay-perl dependency to "basic" autopkg test. We do not need
it yet but will forget for sure to add it when we do.
* Following upstream defaults do not disable incoming TLS by default - i.e.
if MAIN_TLS_ENABLE is not set - but use a self-signed certificate.
(Relevant upstream changes: tls_advertise_hosts defaults to * for TLS
builds since 4.87_JH/18, on-demand generation of self-signed certificate
for inbound SMTP since 4.88_JH/05, 4.93_JH/23 TLS enabled build by
default.)
* 75_02-Revert-preallocate-store-for-config-which-appears-to.patch: Fix
mismerge which triggered a test error on mipsel. Closes: #944060
.
exim4 (4.93~RC1-3) unstable; urgency=low
.
* 75_01-Dsearch-Fix-taint-handling-in-lookup.-Bug-2465.patch: Untaint
dsearch lookup. Closes: #944199
.
exim4 (4.93~RC1-2) unstable; urgency=low
.
* autopkg test: Drop (python2) test for ancient vulnerability and do some
basic testing with swaks instead. Closes: #943006
* Upload to unstable.
.
exim4 (4.93~RC1-1) experimental; urgency=low
.
* New upstream beta version.
+ Drop 75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch,
75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch and
75_03_Fix-local-scan-ABI.-Bug-2458.patch.
+ Update debian/example.conf.md5 (Removal of dnssec_request_domains was
already implemented in 4.93~RC0-1.)
* exigrep does case sensitive *option* processing (as it did for all
versions <4.90). Notably -M, -m, --invert, -I may be affected.
Closes: #927280
(This change was already present in RC0.)
.
exim4 (4.93~RC0-2) experimental; urgency=low
.
* 75_03_Fix-local-scan-ABI.-Bug-2458.patch: Fix function prototypes in
local_scan.h.
* 90_localscan_dlopen.dpatch: Unfuzz, mark
string_copy_function/string_copy_taint_function/string_copyn_function in
string.c as visible.
* Provide exim4-localscanapi-2.1.
* Drop sa-exim Breaks, the localscanapi version bump makes this superfluous.
.
exim4 (4.93~RC0-1) experimental; urgency=low
.
* Point watchfile to test-subdirectory.
* New upstream beta version.
+ Drop debian/patches/7[56]*.
+ Unfuzz 90_localscan_dlopen.dpatch.
+ Unfuzz/update (explicit -lnsl) debian/EDITME*
+ Update configuration, mirorring upstream changes.
Both dnssec_request_domains and hosts_try_dane now default to '*', drop
these settings. REMOTE_SMTP_DISABLE_DANE is a noop, now.
+ Exim DH param configuration (tls_dhparam) now makes use of the current
GnuTLS (> 3.6) functionality, which implements rfc 7919. Drop
unnecessary packaging bits.
+ Pull post release fix from upstream GIT
(75_01-Fix-HAVE_LOCAL_SCAN-build.-Bug-2457.patch) to fix build error
with HAVE_LOCAL_SCAN=yes.
+ Update 90_localscan_dlopen.dpatch to #include documented interface
(local_scan.h) instead of exim.h.
* debian/rules: Do not try to build -heavy if -light failed.
* 75_02-CHUNKING-fix-all-RCPTs-rejected-non-pipelined.-Bug-2.patch:
Post-release hix from upstream GIT.
https://bugs.exim.org/show_bug.cgi?id=2454
* The localscan dlopen functionality is broken, (temporarily) drop
exim4-localscanapi-2.0 from Provides.
.
exim4 (4.92.3-1) unstable; urgency=medium
.
* Fix (commented) examples in configuration for clamd and courier authdaemon
to refer to /run instead of /var/run. Closes: #942292
* While we are at it also fix exim pid file path in exim(8).
* New upstream version (identical to 4.92.2 +
75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch, i.e.
4.92.2-3).
* Use patches from exim-4.92.3+fixes, add
75_36-Fix-errorcheck-in-smtp-transport.patch.
* [lintian] Set Rules-Requires-Root: binary-targets.
.
exim4 (4.92.2-3) unstable; urgency=critical
.
* 75_36-Fix-buffer-overflow-in-string_vformat.-Bug-2449.patch: Fix buffer
overflow in string_vformat. CVE-2019-16928
.
exim4 (4.92.2-2) unstable; urgency=medium
.
* Upload to unstable.
.
exim4 (4.92.2-1) experimental; urgency=medium
.
* New upstream security release (identical except for the version number to
4.92.1 + 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch).
+ Drop 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch.
* Refresh from exim-4.92.2+fixes branch:
+ 75_32-Fix-domain-for-a-bare-local-part-input.-Bug-2375.patch
+ 75_33-exim_dbmbuild-handle-0-sequence.patch
+ 75_34-fixup-exim_dbmbuild-handle-0-sequence.patch
.
exim4 (4.92.1-3) unstable; urgency=high
.
* 77_01-string.c-do-not-interpret-before-0-CVE-2019-15846.patch - Fix SNI
related buffer overflow. CVE-2019-15846
.
exim4 (4.92.1-2) unstable; urgency=medium
.
* Pulled from exim-4.92+fixes branch:
+ 75_30-Fix-crash-after-TLS-channel-shutdown.patch
+ 75_31-Auth-handle-socket-read-errors-in-Dovecot-authentica.patch
* Add Breaks: sa-exim (<< 4.2.1-17) to -heavy, see #930648.
* Change *.logrotate to nocreate to work around #400198.
Closes: #399930
Checksums-Sha1:
30b4a9a7703abb95fb36b887a1c9d3a2d44d844f 2761 exim4_4.93~RC2-1ubuntu1.dsc
e9e4e06d0c809ac5d0bd9580d1627acb83db5093 1802552 exim4_4.93~RC2.orig.tar.xz
28f3ea476ebccadae8f20714f06832e2f1aa1d3b 459120 exim4_4.93~RC2-1ubuntu1.debian.tar.xz
9170bb14a6981396bee3a641fef9057ccd3b8f2c 8550 exim4_4.93~RC2-1ubuntu1_source.buildinfo
Checksums-Sha256:
1e820b134fc9c23ec5866ff16d15a57c0af5ee2ef9b9bb0b18abce32e8dd681a 2761 exim4_4.93~RC2-1ubuntu1.dsc
5e0ceb672752ac0bc73ddf315d52f48166f8f9360636f5e59b1df7f645f6b304 1802552 exim4_4.93~RC2.orig.tar.xz
4e9a93635ba715c214c7d069e3e36a7ae6c6295925ca235f5f03d7e8d63aeb95 459120 exim4_4.93~RC2-1ubuntu1.debian.tar.xz
952cc3b70170d2a592f28ae3198210e10827df38028479431cbf4811214bf9ea 8550 exim4_4.93~RC2-1ubuntu1_source.buildinfo
Files:
6a30446742770492c1d1b0ad73a9bdb1 2761 mail standard exim4_4.93~RC2-1ubuntu1.dsc
e28ed3413c9e62f0d063b00daa4a5903 1802552 mail standard exim4_4.93~RC2.orig.tar.xz
d4eb538d36bc25aac6f0859707ab1783 459120 mail standard exim4_4.93~RC2-1ubuntu1.debian.tar.xz
b51599e8e8876a3a6a7352a23f36b922 8550 mail standard exim4_4.93~RC2-1ubuntu1_source.buildinfo
Original-Maintainer: Exim4 Maintainers <pkg-exim4-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEpmEQCz2sHU8srYpU5gOyV4+48PsFAl3OzYcACgkQ5gOyV4+4
8PvX+A/+OtWInfANEAmH7qxIPAKw8IckhOhXSL/8QH0C7uAgjjrev6DE0Wa2ejKr
hBFlPPrWOmz9TVbFBW7QOWrV/Kg+SJ60SzOJWfRzGTmTkOb31Km6XgM/kCJ2i5ob
so/t3KUf0lOH3STWWdsJDgl/63TwBx8EkEYPLAr7rokfa3UhsJN1x8D4Somvn697
5f/OW1YPWRX9SDBPacwVywm6guLRw3GgnOMNStccsa+Ue1mNAbDvA+dizR0oB4NI
DuM/xKke09II1lzt+LQQ+asA5BpfDFsfDl+5nr4oYjqr4k7wJ02xw5GSyBij95HH
ZjfcSalUx/y6oAuu8WC1vTYQA/k5yaNZxK3olEEYQnUXixcyZkgmsNb4QJ4WKHAH
udanh03I/oifxqSNGs442JvX1YleV3Eqm4SGZSxouLuJauCkpEg/sifeKb/4VJXk
KSiNCmNRvL8t4YXJ1UAeRd1mWCv2KhmXwFy2/nlxcT4I4joR7QrsBjBuSh6s0eGd
uh5Wal56Xlu63sSkMzdgpnHZzrFjDySWBEWDAwEezvN82zFsYGUsaLyWlY7SUjyS
adMIhDr3izK+7lpYSfVdbYvZK7qxFSJmttSgRrIYwz4sZ8J0gxclPPXg5+xM6gdx
FVAdGz4E0AB7oOpJvaQaUMayV7RJxi0BlQFkQ2UVkrhXyBQnfwM=
=Dnz5
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list