lp:ubuntu/dapper-updates/exim4

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

12. By Marc Deslauriers on 2011-02-08

* SECURITY UPDATE: local privilege escalation via alternate config file
  (LP: #697934)
  - debian/patches/80_CVE-2010-4345.dpatch: backport massive behaviour-
    altering changes from upstream git to fix issue.
  - debian/patches/81_CVE-2010-4345-docs.dpatch: backport documentation
    changes.
  - debian/patches/67_unnecessaryCopt.dpatch: Do not use exim's -C option
    in utility scripts. This would not work with ALT_CONFIG_PREFIX.
    Patch obtained from Debian's 4.69-9+lenny2.
  - Build with WHITELIST_D_MACROS=OUTGOING. After this security update,
    exim will not regain root privileges (usually necessary for local
    delivery) if the -D option was used. Macro identifiers listed in
    WHITELIST_D_MACROS are exempted from this restriction. mailscanner
    (4.79.11-2.2) uses -DOUTGOING.
  - Build with TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. After this
    security update, exim will not re-gain root privileges (usually
    necessary for local delivery) if the -C option was used. This makes
    it impossible to start a fully functional damon with an alternate
    configuration file. /etc/exim4/trusted_configs (can) contain a list
    of filenames (one per line, full path given) to which this
    restriction does not apply.
  - debian/exim4-daemon-*.NEWS: Add description of changes. Thanks to
    Debian and Andreas Metzler for the text.
  - CVE-2010-4345
* SECURITY UPDATE: arbitrary file append via symlink attack (LP: #708023)
  - debian/patches/82_CVE-2011-0017.dpatch: check setuid and setgid return
    codes in src/exim.c, src/log.c.
  - CVE-2011-0017
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via hard link to another user's file (LP: #609620)
  - debian/patches/CVE-2010-2023.dpatch: check for links in
    src/transports/appendfile.c.
  - CVE-2010-2023
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via symlink on a lock file (LP: #609620)
  - debian/patches/CVE-2010-2024.dpatch: improve lock file handling in
    src/exim_lock.c, src/transports/appendfile.c.
  - CVE-2010-2024

11. By Marc Deslauriers on 2010-12-10

* SECURITY UPDATE: remote code execution via buffer overflow
  - debian/patches/72_CVE-2010-4344.dpatch: validate lengths in
    src/string.c.
  - CVE-2010-4344

10. By Martin Pitt on 2006-06-02

* SECURITY UPDATE: database SQL injection in certain client encodings.
* Add debian/patches/71_sql_quote_escaping.dpatch:
  - src/lookups/{my,pg}sql.c: In the string quoting functions, quote ' as
    '', not as \'. \' can be abused for SQL injection in some encodings, and
    '' is SQL standard anyway.
* CVE-2006-2314 (for PostgreSQL), CVE-2006-2753 (for MySQL)

9. By Daniel Silverstone on 2006-04-13

Replace 37_dns_disable_additional_section with the upstream
sanctioned patch for this behaviour and turn it on.
Closes: launchpad #26820

8. By Adam Conrad on 2006-04-06

Rebuild against the new libmysqlclient15off with correct symbols.

7. By Martin Pitt on 2006-01-30

debian/control: Build against libdb4.3.

6. By Marc Haber <email address hidden> on 2006-01-15

* Have exim4-base replace exim4-daemon-light and -heavy. This is a
  needed corollary to the movement of the man pages to -base. Let's
  hope that this change doesn't introduce too much breakage. Thanks
  to Hamish Moffatt for making me take a closer look at policy.
  (mh) Closes: #347908, #348067
* Introduce Makefile variable to build with OpenSSL instead of
  GnuTLS. This is a last minute maneuver to help sites suffering from
  the GnuTLS entropy issue (#338319, #343085) whose only other chance is
  disabling TLS completely. Please note that building exim4-daemon-heavy
  with OpenSSL is a GPL violation since OpenSSL's license clashes with
  the MySQL client library, which is GPL licensed without OpenSSL
  exception. (mh)
* re-pack configuration diffs. (mh) Closes: #331698
* Fix wrong variable substitution in lt (Lithuanian) debconf
  translation. Thanks to Davide Viti and Gintautas Miliauskas. (mh)
  Closes: #342242
* Fix typo in exim.8 man page. Thanks to A Costa. (mh) Closes: #338579
* Honor dpkg-statoverride entries for run-time data in /var.
  Thanks to Peter Mottram. (mh) Closes: #269448

5. By Marc Haber <email address hidden> on 2006-01-12

* Add, but not enable, 37_dns_disable_additional_section.dpatch,
  which might be a possible fix for #342619
* conf.d/auth/30_exim4-config_examples: add hint to adapt public_name
  string in support_broken_outlook_express_4_server authenticator if
  other authencators than LOGIN and PLAIN are offered.
* Fix missing special characters in some debconf translations.
  Thanks to Davide Viti. (mh) Closes: #341442
* Fix broken README reference in system_aliases router docs. (mh)
* remove references to alias files from the address_pipe transport. (mh)
* remove "Some-State" default from exim-gencert. (mh)
* Clarify split vs unsplit config in README.Debian. Thanks to Faheem
  Mitha and Ross Boylan for helping. (mh)
* Update Build-Depends to libmysqlclient15-dev. (mh) Closes: #343767
* Fix wrong header in conf.d/routers/300_exim4-config_real_local.
  Thanks to Ross Boylan for spotting this. (mh)
* Document headers_rewrite, return_path and dc_mailname_in_oh in
  update-exim4.conf man page. (mh) Closes: #332520, #342233
* Re-Instate debian/patches/31_eximmanpage which was erroneously
  removed in 4.60-1, we have local Debian patches in here. Thanks to
  Ross Boylan for spotting this. (mh) Closes: #330967
* Mention relay permission from localhost in update-exim4.conf(8). (mh)
* Add more prose to relay control configuration. (mh)
* Update Greek debconf translation (Thanks, Kostas Papadimas) (am)
  Closes: #344576
* Add cross-reference to README.Debian to better find macro docs.
  Thanks to Shyamal Prasad. (mh) Closes: #329988
* Fix incorrect variable substitution in pt_BR debconf translation. (Thanks,
  Felipe Augusto van de Wiel) (am) Closes: #345363
* [exim4-config.templates, po/*po] Replace reference to README.SMTP-AUTH
  with one to its replacement README.Debian.html. (am) Closes: #344826
* Re-work long package descriptions. Move reference to README.Debian in
  front, add hint to dpkg-reconfigure exim4-config, complete stub
  sentences, remove non-referenced acronym MTA from the long
  descriptions, move explanation what exim is to the very front.
* README.Debian: Add section about changing the configuration,
  explain structure of conf.d and .conf.template, add hint that the SMTP
  AUTH examples are documented.
* Introduce MAIN_TLS_CERTKEY to allow for single-file certificate/key
  storage. Thanks to John Goerzen. (mh) Closes: #315126
* Mention entropy issue in README.Debian.
* Ship symlink to /usr/sbin/exim, see NEWS.Debian. (mh) Closes: 319316
* use dh_installinit -n instead of --noscripts to work around #347577. (mh)
* use dh_installinit --name instead of --init-script, rename init
  script. (mh)
* move man pages from daemon packages to exim4-base, add lintian
  and linda overrides to allow daemon packages not to contain man pages.

4. By Marc Haber <email address hidden> on 2005-11-28

* new upstream version 4.60
* assign value to UE4CC after command line processing. Only have
  ue4c throw an error on not-existing UPEX4C_confd if split config is
  seleted. Thanks to Ted Percival. (mh) Closes: #337229
* A number of man page fixes. Thanks to A Costa. (mh)
  Closes: #338580, #338581, #338582, #338583, #338584
* Pull spool dir path from exim -bP instead of hard-coding it in
  daily cron job and exim4_refresh_gnutls-params.
  Thanks to Alex Hermann. (mh) Closes: 340002
* Corrected zh_CN translation by Ming Hua. (am) Closes: #338928
* Corrected pl translation by Jacek Politowski. (am) Closes: #339671
* Change README.Debian to clarify the exim as a client only uses
  STARTTLS and not TLS on connect. Thanks to Rob Brenart and Marc
  Sherman for pointing that out on exim-users.
* Clarify passwd.client format. Thanks to Osamu Aoki for providing a
  good starting point in #244724, which is unfortunately not fixed just
  now.
* remove patch 31_eximmanpage, fixes are included upstream.

3. By Marc Haber <email address hidden> on 2005-07-02

* new upstream version 4.51. (mh)
  * adapt 70_remove_exim-users_references
  * remove 37_gnutlsparams
  * adapt 36_pcre
  * adapt 31_eximmanpage
* fix package priorities to have them in sync with override again. (mh)
* Fix error in nb (Norwegian) translation.
  Thanks to Helge Hafting. (mh). Closes: #315775
* Standards-Version: 3.6.2, no changes needed. (mh)