[ubuntu/bionic-proposed] exim4 4.90.1-1ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Thu Feb 15 12:27:19 UTC 2018
exim4 (4.90.1-1ubuntu1) bionic; urgency=medium
* Merge from Debian testing, Remaining changes:
- Show Ubuntu distribution in SMTP banner
- Build-Depends on lsb-release to detect Distribution.
- d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
exim4 (4.90.1-1) unstable; urgency=high
* New upstream version, fixing CVE-2018-6789. Closes: #890000
+ Drop 75_*.patch.
exim4 (4.90-7) unstable; urgency=medium
* Update from exim-4_90+fixes branch. (exim-4.90.0.27)
+ 75_21-DKIM-fix-buffer-overflow-in-verify.patch
+ 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
+ 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
* Typo fixes in old patch descriptions. (Thanks, lintian!)
exim4 (4.90-6) unstable; urgency=medium
* Update from exim-4_90+fixes branch.
+ 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
+ 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
Closes: #887489
+ 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
+ 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch
exim4 (4.90-5) unstable; urgency=low
* Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
exim-4_90+fixes branch.
* Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
* [update-exim4.conf] stop converting variables set to an empty value in
/etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
"empty" in the generated configuration. Thanks, Gedalya. Closes: #887972
exim4 (4.90-4) unstable; urgency=low
* Update from exim-4_90+fixes branch.
75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
75_14-Fix-D-string-expansion-to-not-use-millisec.patch
75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch
exim4 (4.90-3) unstable; urgency=medium
* Three more patches from exim-4_90+fixes branch:
75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch
exim4 (4.90-2) unstable; urgency=medium
* Update to exim-4_90+fixes branch:
+ Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
+ 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
+ 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
+ 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
+ 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
+ 75_05-Fix-build-of-nisplus-lookup.patch
+ 75_06-Fix-const-issue-in-nisplus-lookup.patch
+ 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
+ 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch
exim4 (4.90-1) unstable; urgency=low
* rc4 released as 4.90.
* Point watchfile to release directory again.
* 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
GIT master branch. Fix pgsql lookup for multiple result-tuples with a
single column. Previously only the last row was returned.
https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
* Simplify debian/rules and make it usable with dh v10 compat. The
fine-grained support for selecting the to be built packages (-custom with
or without -base) was dropped. The build process is now controlled by
attaching tasks to dh-override hooks instead of using file dependencies,
makefile-style. The latter broke with dh v10 due to upstream's
build-system which always has the main targets out-of-date inter alia due
to the compile-number feature.
* Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
buildflags ATM.)
* Use debhelper v10 compat.
* Drop override_dh_strip-arch, we have had enough toolchain and
source changes to prevent file conflicts.
exim4 (4.90~RC4-1) unstable; urgency=medium
* New upstream version.
exim4 (4.90~RC3-2) unstable; urgency=low
* Upload to unstable.
* Point homepage to https URL.
exim4 (4.90~RC3-1) experimental; urgency=medium
* New upstream version.
+ Fix a use-after-free while reading smtp input for header lines.
A crafted sequence of BDAT commands could result in in-use memory
being freed. CVE-2017-16943. Closes: #882648
+ Fix checking for leading-dot on a line during headers reading
from SMTP input. Previously it was always done; now only done for
DATA and not BDAT commands. CVE-2017-16944 Closes: #882671
* Drop 78_Disable-chunking-BDAT-by-default.patch again.
exim4 (4.90~RC2-3) experimental; urgency=medium
* As a workaround for the yet-unfixed security vulnerability resurrect (and
adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
exim4 (4.90~RC2-2) experimental; urgency=low
* B-d on lynx, instead of lynx-cur | lynx.
exim4 (4.90~RC2-1) experimental; urgency=low
* New upstream release candidate.
+ Unfuzz patches, drop 40_reproducible_build.diff and
75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
+ Refresh debian/example.conf.md5, No changes to Debian's configuration
needed, upstream added a (commented) entry to change OpenSSL ciphers.
exim4 (4.90~RC1-1) experimental; urgency=low
* New upstream release candidate.
+ Point watchfile to test subdirectory.
+ Update 40_reproducible_build.diff
+ Drop 75_fixes*.patch and
80_Repair-manualroute-transport-name-not-last-option.patch.
+ Unfuzz EDITME*.diff
+ 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
SOURCE_DATE_EPOCH is set.
* Drop trailing whitespace in debian/README.source, debian/changelog and
debian/rules. (Thanks, lintian)
* Drop debian/README.source and outdated parts of debian/copyright.
exim4 (4.89-13) unstable; urgency=high
* 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944
exim4 (4.89-12) unstable; urgency=high
* Sync with exim-4_89+fixes branch:
+ 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
+ 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
* Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.
exim4 (4.89-11) unstable; urgency=critical
* B-d on lynx, instead of lynx-cur | lynx.
exim4 (4.89-10) unstable; urgency=critical
* As a workaround for the yet-unfixed security vulnerability resurrect
78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
both incoming and outgoing BDAT/CHUNKING. #882648
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
Date: Wed, 14 Feb 2018 17:01:14 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Feb 2018 17:01:14 +0100
Source: exim4
Binary: exim4-base exim4-config exim4-daemon-light exim4 exim4-daemon-heavy eximon4 exim4-dev
Architecture: source
Version: 4.90.1-1ubuntu1
Distribution: bionic
Urgency: critical
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
exim4 - metapackage to ease Exim MTA (v4) installation
exim4-base - support files for all Exim MTA (v4) packages
exim4-config - configuration for the Exim MTA (v4)
exim4-daemon-heavy - Exim MTA (v4) daemon with extended features, including exiscan-ac
exim4-daemon-light - lightweight Exim MTA (v4) daemon
exim4-dev - header files for the Exim MTA (v4) packages
eximon4 - monitor application for the Exim MTA (v4) (X11 interface)
Closes: 882648 882671 887489 887971 887972 890000
Changes:
exim4 (4.90.1-1ubuntu1) bionic; urgency=medium
.
* Merge from Debian testing, Remaining changes:
- Show Ubuntu distribution in SMTP banner
- Build-Depends on lsb-release to detect Distribution.
- d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner.
.
exim4 (4.90.1-1) unstable; urgency=high
.
* New upstream version, fixing CVE-2018-6789. Closes: #890000
+ Drop 75_*.patch.
.
exim4 (4.90-7) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch. (exim-4.90.0.27)
+ 75_21-DKIM-fix-buffer-overflow-in-verify.patch
+ 75_22-Repair-Heimdal-GSSAPI-authenticator-init.patch
+ 75_23-Repair-Heimdal-GSSAPI-authenticator-init-part-2.patch
* Typo fixes in old patch descriptions. (Thanks, lintian!)
.
exim4 (4.90-6) unstable; urgency=medium
.
* Update from exim-4_90+fixes branch.
+ 75_17-Cutthrough-fix-for-port-number-defined-by-router.-Bu.patch
+ 75_18-GnuTLS-fix-to-ignore-timeout-on-unrelated-callout-co.patch
Closes: #887489
+ 75_19-Build-.git-may-be-a-file-when-this-repo-is-a-submodu.patch
+ 75_20-Debugging-fix-potential-null-derefs-in-DSN-debug_pri.patch
.
exim4 (4.90-5) unstable; urgency=low
.
* Add 75_16-Cutthrough-fix-multi-message-initiating-connections.patch from
exim-4_90+fixes branch.
* Improved exim4-daemon-custom documentation by Gedalya. Closes: #887971
* [update-exim4.conf] stop converting variables set to an empty value in
/etc/exim4/update-exim4.conf.conf to exim macros with a literal value of
"empty" in the generated configuration. Thanks, Gedalya. Closes: #887972
.
exim4 (4.90-4) unstable; urgency=low
.
* Update from exim-4_90+fixes branch.
75_13-Lookups-fix-mysql-lookup-returns-for-no-data-queries.patch
75_14-Fix-D-string-expansion-to-not-use-millisec.patch
75_15-DKIM-DNS-records-having-no-v-tag-are-acceptable.-Bug.patch
.
exim4 (4.90-3) unstable; urgency=medium
.
* Three more patches from exim-4_90+fixes branch:
75_10-Fix-issue-with-continued-connections-when-the-DNS-sh.patch
75_11-MIME-ACL-fix-SMTP-response-for-non-accept-result-of-.patch
75_12-DKIM-permit-dkim_private_key-to-override-dkim_strict.patch
.
exim4 (4.90-2) unstable; urgency=medium
.
* Update to exim-4_90+fixes branch:
+ Replace 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch.
+ 75_01-TLS-Fix-excessive-calling-of-smtp_auth_acl-under-AUT.patch
+ 75_02-TLS-avoid-calling-smtp_auth_acl-on-client-cert-when-.patch
+ 75_03-Debug-fix-coding-in-dnssec-reporting.-Bug-2205.patch
+ 75_04-DKIM-Ignore-non-DKIM-TXT-records-in-DNS-response.-Bu.patch
+ 75_05-Fix-build-of-nisplus-lookup.patch
+ 75_06-Fix-const-issue-in-nisplus-lookup.patch
+ 75_08-DKIM-tighter-checking-while-parsing-signature-header.patch
+ 75_09-Fix-crash-associated-with-dnsdb-lookup-done-from-DKI.patch
.
exim4 (4.90-1) unstable; urgency=low
.
* rc4 released as 4.90.
* Point watchfile to release directory again.
* 75_Lookups-fix-pgsql-multiple-row-single-column-return.patch from upstream
GIT master branch. Fix pgsql lookup for multiple result-tuples with a
single column. Previously only the last row was returned.
https://lists.exim.org/lurker/message/20171223.102237.a53dd5bd.en.html
* Simplify debian/rules and make it usable with dh v10 compat. The
fine-grained support for selecting the to be built packages (-custom with
or without -base) was dropped. The build process is now controlled by
attaching tasks to dh-override hooks instead of using file dependencies,
makefile-style. The latter broke with dh v10 due to upstream's
build-system which always has the main targets out-of-date inter alia due
to the compile-number feature.
* Use hardening=+all instead of hardening=+bindnow,+pie. (Does not change
buildflags ATM.)
* Use debhelper v10 compat.
* Drop override_dh_strip-arch, we have had enough toolchain and
source changes to prevent file conflicts.
.
exim4 (4.90~RC4-1) unstable; urgency=medium
.
* New upstream version.
.
exim4 (4.90~RC3-2) unstable; urgency=low
.
* Upload to unstable.
* Point homepage to https URL.
.
exim4 (4.90~RC3-1) experimental; urgency=medium
.
* New upstream version.
+ Fix a use-after-free while reading smtp input for header lines.
A crafted sequence of BDAT commands could result in in-use memory
being freed. CVE-2017-16943. Closes: #882648
+ Fix checking for leading-dot on a line during headers reading
from SMTP input. Previously it was always done; now only done for
DATA and not BDAT commands. CVE-2017-16944 Closes: #882671
* Drop 78_Disable-chunking-BDAT-by-default.patch again.
.
exim4 (4.90~RC2-3) experimental; urgency=medium
.
* As a workaround for the yet-unfixed security vulnerability resurrect (and
adapt for 4.90) 78_Disable-chunking-BDAT-by-default.patch (dropped in
4.89-4) to disable both incoming and outgoing BDAT/CHUNKING. #882648
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
.
exim4 (4.90~RC2-2) experimental; urgency=low
.
* B-d on lynx, instead of lynx-cur | lynx.
.
exim4 (4.90~RC2-1) experimental; urgency=low
.
* New upstream release candidate.
+ Unfuzz patches, drop 40_reproducible_build.diff and
75_fix_ftbfs_SOURCE_DATE_EPOCH.diff.
+ Refresh debian/example.conf.md5, No changes to Debian's configuration
needed, upstream added a (commented) entry to change OpenSSL ciphers.
.
exim4 (4.90~RC1-1) experimental; urgency=low
.
* New upstream release candidate.
+ Point watchfile to test subdirectory.
+ Update 40_reproducible_build.diff
+ Drop 75_fixes*.patch and
80_Repair-manualroute-transport-name-not-last-option.patch.
+ Unfuzz EDITME*.diff
+ 75_fix_ftbfs_SOURCE_DATE_EPOCH.diff Fix build-error when
SOURCE_DATE_EPOCH is set.
* Drop trailing whitespace in debian/README.source, debian/changelog and
debian/rules. (Thanks, lintian)
* Drop debian/README.source and outdated parts of debian/copyright.
.
exim4 (4.89-13) unstable; urgency=high
.
* 75_fixes_21-Chunking-do-not-treat-the-first-lonely-dot-special.-.patch
from exim-4_89+fixes branch. Closes: #882671 CVE-2017-16944
.
exim4 (4.89-12) unstable; urgency=high
.
* Sync with exim-4_89+fixes branch:
+ 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch
+ 75_fixes_20-Avoid-release-of-store-if-there-have-been-later-allo.patch
Closes: #882648 (use-after-free, remote-code-execution) CVE-2017-16943
* Update EDITME* for 75_fixes_19-Fix-mariadb-mysql-macro-confusion.patch.
.
exim4 (4.89-11) unstable; urgency=critical
.
* B-d on lynx, instead of lynx-cur | lynx.
.
exim4 (4.89-10) unstable; urgency=critical
.
* As a workaround for the yet-unfixed security vulnerability resurrect
78_Disable-chunking-BDAT-by-default.patch (dropped in 4.89-4) to disable
both incoming and outgoing BDAT/CHUNKING. #882648
https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
Checksums-Sha1:
f0e3efc4a3057c285d8120e3f1641efd42ac73ca 2684 exim4_4.90.1-1ubuntu1.dsc
ae89fd6fe0d377f68b4c4b96d9e3d0d630226aba 1721460 exim4_4.90.1.orig.tar.xz
f85fca299949fc41224bf153bfef17ed63e2295c 450360 exim4_4.90.1-1ubuntu1.debian.tar.xz
Checksums-Sha256:
e2f9c89922d12c1911e6ed93e09ca0f070a15d8a2ad476abf0bcd42501d8c516 2684 exim4_4.90.1-1ubuntu1.dsc
5c98dfd12043be5751b88ef64d5363cd99284236eaeec6316b062a7628c2f726 1721460 exim4_4.90.1.orig.tar.xz
a3ac40d41f59f8a40c813b3bfdcfc821c8141e54428392f60ea2886cf26f119a 450360 exim4_4.90.1-1ubuntu1.debian.tar.xz
Files:
ecfcc762cf4dd0e90c56613cad852ad9 2684 mail standard exim4_4.90.1-1ubuntu1.dsc
0095c67c9954a51c67424a11e429ebc7 1721460 mail standard exim4_4.90.1.orig.tar.xz
7f41164733f721f13fc7cb6aa98d0f37 450360 mail standard exim4_4.90.1-1ubuntu1.debian.tar.xz
Original-Maintainer: Exim4 Maintainers <pkg-exim4-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJahTsyAAoJELo+KTOCgLJCXqIP/2LlzBXZgOl+DN1ONAgOfjOW
4uKe9kHa02yFzoAfv+EY96DzzgYWPSlhosEjebatelPJ1f1MWGEucUjpQf0MIgCJ
3wV15T4+3aFa2AerWJBXwDQ/RfnPPlUprDBJ3DI7PVdo5cZikXgPMGarpW9DhLHh
4gGr3RjQMUgzQzPJIdFDKbjdvzvuzOg7SWg/yv7SjaGJKvadFHUHeF9MtqCiE13l
hn4yvdIiwIZwGT/4HY0X9T3hKS6jK+wFBj/Bfgb9F3Eh8F4yMA3vqbtal4auuc6b
eu9e/8VlCcahpwX9TxWmc29O/WJBWXcw65dm64911GqfRlTP7mjwQnmzaOVasR06
6je2T7huKk4I+srkQMCbWp/pu9Ium5kLZCNu9wbOwrSuWohtpmjnmpZCwJTg+iNO
WosF7vs2gez0Nk+qUWwN52/8tCOxQUVM5tRvMi1QoPbTS+rMM6QQkZUQbC6MG8mK
8RCv6syeNE2aOv+97hNOOAnWkCAHKPR1g7Sq1HLzL8KouHyjBoF7xtlSVVoI7DjA
ImhvjLpYnZHBRiiboGjQFcL/bkhCpQlrJxmmIRco4CS5l4AoF/Ns8R5gcpdoU8LK
ugBKTfVunnyFiUWjJiwmlELSHTfez5LuHx/qqalocGyjzJ0hBJG+0wZMmBqc8Brt
bKYNCy3R/mWnsu92IwdD
=Kubw
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list