summaryrefslogtreecommitdiffstats
path: root/debian/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'debian/NEWS')
-rw-r--r--debian/NEWS516
1 files changed, 516 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
new file mode 100644
index 0000000..0a81823
--- /dev/null
+++ b/debian/NEWS
@@ -0,0 +1,516 @@
+exim4 (4.96-1) unstable; urgency=low
+
+ The allow_insecure_tainted_data main config option and the "taint"
+ log_selector were removed. (See previous entry for exim4 4.94-18.)
+
+ Taint-check exec arguments for transport-initiated external processes.
+ Previously, tainted values could be used. This affects "pipe", "lmtp"
+ and "queryprogram" transport, transport-filter, and ETRN commands. The
+ ${run} expansion is also affected: in "preexpand" mode no part of the
+ command line may be tainted, in default mode the executable name may not
+ be tainted.
+
+ Query-style lookups are now checked for quoting, if the query string is
+ built using untrusted data ("tainted"). For now lack of quoting is
+ merely logged; a future release will upgrade this to an error.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 26 Jun 2022 14:11:00 +0200
+
+exim4 (4.94-18) experimental; urgency=medium
+
+ Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the
+ concept of tainted data read from untrusted sources, like e.g. message
+ sender or recipient. This tainted data (e.g. $local_part or $domain)
+ cannot be used among other things as a file or directory name or command
+ name.
+
+ This WILL BREAK configurations which are not updated accordingly.
+ Old Debian exim configuration files also will not work unmodified, the new
+ configuration needs to be installed with local modifications merged in.
+
+ Typical nonworking examples include:
+ * Delivery to /var/mail/$local_part. Use $local_part_data in combination
+ with check_local_user.
+ * Using
+ data = ${lookup{$local_part}lsearch{/some/path/$domain/aliases}}
+ instead of
+ data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}}
+ for a virtual domain alias file.
+
+ The basic strategy for dealing with this change is to use the result of a
+ lookup in further processing instead of the original (remote provided)
+ value.
+
+ To ease upgrading there is a new main configuration option to temporarily
+ downgrade taint errors to warnings, letting the old configuration work with
+ the newer exim. To make use of this feature add
+ .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
+ allow_insecure_tainted_data = yes
+ .endif
+ to the exim configuration (e.g. to /etc/exim4/exim4.conf.localmacros)
+ *before* upgrading to exim 4.93/4.94 and check the logfile for taint
+ warnings. This is a temporary workaround which is already marked for
+ removal on introduction.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 25 Apr 2021 07:42:26 +0200
+
+exim4 (4.94-16) unstable; urgency=medium
+
+ The configuration now enforces certificate verification against the
+ system trust store on encrypted connections using the
+ remote_smtp_smarthost transport (smarthost and satellite setups).
+ Delivery will therefore fail if the host certificates are not verifyable
+ and non TLS delivery is not available (e.g. because AUTH PLAIN is used).
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 17 Mar 2021 13:50:44 +0100
+
+exim4 (4.87-3) unstable; urgency=medium
+
+ Starting with 4.87~RC1-1 exim will not accept or send out messages with
+ physical lines longer than 998 characters by SMTP DATA. Delivery of such
+ RFC-violating message might fail and subsequently cause routing errors and
+ loss of legitimate mail. See <https://bugs.exim.org/show_bug.cgi?id=1684>.
+ This limit can be disabled by setting the macro
+ IGNORE_SMTP_LINE_LENGTH_LIMIT.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 08 May 2016 14:03:10 +0200
+
+exim4 (4.87-2) unstable; urgency=medium
+
+ exim4-daemon heavy does not support the "demime" ACL condition
+ (WITH_OLD_DEMIME) anymore. It was superceded by the acl_smtp_mime ACL and
+ will not be part of the next upstream release.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 30 Apr 2016 13:38:29 +0200
+
+exim4 (4.87~RC6-3) unstable; urgency=medium
+
+ As part of the fix for CVE-2016-1531 updated Exim versions clean
+ the complete execution environment by default, affecting Exim and
+ subprocesses such as routers calling other programs, and thus may break
+ existing installations. New configuration options (keep_environment,
+ add_environment) were introduced to adjust this behavior. Because of the
+ possible breakage Exim will show a runtime warning if keep_environment is
+ not set.
+
+ The Debian exim4 configuration does not rely on specific environment
+ variables and therefore sets 'keep_environment =' (i.e confirm empty
+ environment).
+
+ Users of custom Exim configurations will need to check whether their setup
+ continues to work with the abovementioned upstream change and modify the
+ Exim environment as needed otherwise. If the setup works fine with empty
+ environment it is still necessary to set the main configuration option
+ "keep_environment =" to quiet the runtime warning.
+
+ See <https://exim.org/static/doc/CVE-2016-1531.txt> for details.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 23 Mar 2016 18:44:22 +0100
+
+exim4 (4.80~rc6-1) experimental; urgency=low
+
+ Upstream's handling of GnuTLS DH parameters has changed, hardcoded
+ parameters (from RFCs are used by default. See
+ /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping
+ /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl
+ and /var/spool/exim4/gnutls-params-2236.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 27 May 2012 18:46:48 +0200
+
+exim4 (4.80~rc2-1) experimental; urgency=low
+
+ Ldap lookups returning multi-valued attributes now separate the attributes
+ with only a comma, not a comma-space sequence.
+
+ The GnuTLS support has been mostly rewritten. exim main configuration
+ options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols,
+ are no longer supported. (They are ignored if present now, but will trigger
+ an error in later releases.) Their functionality is entirely subsumed into
+ tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list
+ and is not parsed by Exim, but is instead given to gnutls_priority_init(3).
+
+ See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 22 Oct 2011 19:16:58 +0200
+
+exim4 (4.77~rc4-1) experimental; urgency=low
+
+ Exim no longer performs string expansion on the second string of
+ the match_* expansion conditions: "match_address", "match_domain",
+ "match_ip" & "match_local_part". Named lists can still be used.
+
+ The previous behavior made it too easy to create (remotely) vulnerable
+ configurations. A more detailed rationale and explanation can be found on
+ https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 05 Oct 2011 19:22:52 +0200
+
+exim4 (4.72-3) unstable; urgency=low
+
+ Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
+ This is a privilege escalation issue that allows the exim user to gain
+ root privileges by specifying an alternate configuration file using the -C
+ option. The macro override facility (-D) might also be misused for this
+ purpose.
+
+ In reaction to this security vulnerability upstream has made a number of
+ user visible changes. This package includes these changes.
+ ---------------------------------------------------------
+ If exim is invoked with the -C or -D option the daemon will not regain
+ root privileges though re-execution. This is usually necessary for local
+ delivery, though. Therefore it is generally not possible anymore to run an
+ exim daemon with -D or -C options.
+
+ However this version of exim has been built with
+ TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST
+ defines a list of configuration files which are trusted; if a config file
+ is owned by root and matches a pathname in the list, then it may be
+ invoked by the Exim build-time user without Exim relinquishing root
+ privileges.
+
+ As a hotfix to not break existing installations of mailscanner we have
+ also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start
+ exim with -DOUTGOING while being able to do local deliveries.
+
+ If you previously were using -D switches you will need to change your
+ setup to use a separate configuration file. The ".include" mechanism
+ makes this easy.
+ ---------------------------------------------------------
+ The system filter is run as exim_user instead of root by default. If your
+ setup requies root privileges when running the system filter you will
+ need to set the system_filter_user exim main configuration option.
+ ---------------------------------------------------------
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 18 Dec 2010 18:57:16 +0100
+
+exim4 (4.69-4) unstable; urgency=low
+
+ In reaction to #475194, the size of the Diffie-Hellman parameters
+ used by exim was increased to 2048, which is GnuTLS's default.
+
+ Since periodically regenerating the Diffie-Hellman parameters
+ doesn't increase security that much (they're sent in clear text in the
+ TLS handshake, and some protocols even have hardcoded them in the
+ standard document), and automatically generating 2048 bits
+ Diffie-Hellman parameters can take a long time, this has been disabled
+ in the Exim4 packages starting with 4.69-4. All exim installations
+ will thus run with the Diffie-Hellman parameters shipped in the
+ package by default.
+
+ Really, really paranoid people with sufficiently fast machines will
+ want to set up a cron job calling
+ /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested
+ interval is weekly or monthly.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 27 Apr 2008 09:14:32 +0200
+
+exim4 (4.68-1) unstable; urgency=low
+
+ In order to fix #420217, the handling of incoming messages to
+ system accounts has been changed once again. To allow system
+ account mail addresses to be redirected via traditional
+ /etc/aliases, system accounts are now processed later in the
+ router chain.
+
+ This has made it necessary to change the default behavior of the
+ real- prefix. real-foo is now only accessible for locally
+ generated messages, such as the error message generated by the
+ userforward router. If you need the old behavior back, set the
+ macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can
+ entirely switch off the real- processing by setting
+ COND_LOCAL_SUBMITTER=false.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 04 Oct 2007 22:34:01 +0200
+
+exim4 (4.67-6) unstable; urgency=low
+
+ acl_whitelist_local_deny was renamed to acl_local_deny_exceptions
+ to avoid confusion. This means changes to ACLs, file names in
+ /etc/exim4/conf.d/acl and the exception list file names themselves.
+
+ CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist
+ have been renamed to CONFDIR/host_local_deny_exceptions and
+ CONFDIR/sender_local_deny_exceptions. The old files will continue
+ to be honored for a transition period.
+
+ The old file conf.d/acl/20_exim4-config_whitelist_local_deny will
+ get a .dpkg-bak suffix if it had local changes, and it will be
+ removed if there were no local changes. In the case of local changes,
+ you'll need to repeat these changes in the new file
+ conf.d/acl/20_exim4-config_local_deny_exceptions.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 05 Sep 2007 21:22:22 +0200
+
+exim4 (4.67-5) unstable; urgency=low
+
+ The macro generation in update-exim4.conf has been changed once
+ more. update-exim4.conf now looks for the (non-commented!)
+ definition of the exim configuration macro UPEX4CmacrosUPEX4C to
+ an arbitrary, non-empty value, and inserts the generated macro
+ definitions right after this line, without changing it.
+
+ update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which
+ used to be the place marker in earlier 4.67-x versions) and barfs
+ if it finds them anywhere in /etc/exim4/exim4.conf.template or
+ recursively /etc/exim4/conf.d. This check - as a feature - also
+ includes files that would normally be excluded by
+ update-exim4.conf, such as .dpkg-old and .dpkg-dist files.
+
+ If you insist on having a commented UPEX4CmacrosUPEX4C in your
+ exim configuration and don't want update-exim4.conf to barf, set
+ the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 28 Jun 2007 08:29:36 +0200
+
+exim4 (4.67-4) unstable; urgency=low
+
+ Since a lot of users did not read the docs while upgrading and
+ filed bug reports about exim4-config failing to install due to a
+ "malformed macro definition", update-exim4.conf.conf now checks
+ for DEBCONFsomethingDEBCONF strings anywhere in
+ /etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d
+ and barfs if such strings are found. This check - as a feature - also
+ includes files that would normally be excluded by
+ update-exim4.conf.
+
+ It _is_ necessary to either accept the offered configuration file
+ change _or_ to manually check a manually changed exim config. Exim
+ will _NOT_ run if a configuration file of an older version is
+ being used with a more recent exim4-config.
+
+ If you insist on having DEBCONFsomethingDEBCONF strings in your
+ exim configuration and don't want update-exim4.conf to barf, set
+ the exim macro DEBCONFstringOK_config_adapted to a non-empty
+ value.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Fri, 22 Jun 2007 12:50:38 +0200
+
+exim4 (4.67-2) experimental; urgency=low
+
+ The symlink /etc/exim4/email-addresses caused data loss for people
+ who had a local file named /etc/exim4/email-addresses. The Debian
+ tools do not handle symlinks in /etc which are contained in
+ packages very well, so we decided to simply remove it. Please
+ submit a tested patch if you think that it would be a more elegant
+ way to handle the transition from /etc/exim4/email-addresses to
+ /etc/email-addresses.
+
+ There is now a possibility to modify handling of incoming messages
+ to system accounts, identified by their UID (see
+ conf.d/router/250_exim4-config_lowuid). If you want this, set the
+ macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of
+ your first "real" user account. Incoming messages for an account
+ with an UID below that value get routed according to the extra
+ alias file /etc/exim4/lowuid-aliases. If an account does not have
+ an alias there, it gets routed to the value of the macro
+ DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to
+ system accounts" and gets the message rejected. You can use this
+ mechanism to route all messages for system accounts to a single
+ address, with exceptions. Locally generated messages are not
+ processed by this facility.
+
+ Generation of the final exim configuration has changed. The
+ configuration no longer has the DEBCONFsomethingDEBCONF
+ placeholders. All data from Debconf are put into exim
+ configuration macros by update-exim4.conf, which are then
+ appropriately picked up by the configuration itself. There should
+ be no visible change to people who have not modified their
+ configuration, but customized configurations need to adapt.
+
+ We now do basic sanitizing of input read from
+ update-exim4.conf.conf. If your update-exim4.conf complains about
+ non-ascii values, you have found a bug. Please report it.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 11 Jun 2007 14:09:24 +0200
+
+exim4 (4.62-7) unstable; urgency=low
+
+ Bug #392993 says that 4.63-5 and -6 have overwritten manual
+ setting of dc_local_delivery with one of the default versions if
+ you have set dc_local_delivery to a value that is not either
+ mail_spool or maildir_home. Please verify that your
+ dc_local_delivery does still point to the transport you have
+ chosen.
+
+ Please note that the debconf configuration only supports plain
+ lists. Advanced features like "dsearch;" entered there may work
+ today, but are not guaranteed to continue working in the future.
+
+ If you want to use such features, please use the macros made
+ available for use in the configuration or edit the configuration
+ itself.
+
+ This allows us to use semicolons as list delimiters consistently
+ while still being backwards compatible to colon-separated lists
+ without driving code complexity up too high.
+
+ Starting with this version, update-exim4.conf will print a warning
+ if a dsearch lookup is found in the list of local domains,
+ dc_local_domains since there is a HOWTO on the Internet that
+ recommends doing this kind of things and this will _not_ work any
+ more.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sun, 15 Oct 2006 10:00:15 +0000
+
+exim4 (4.62-4) unstable; urgency=low
+
+ exim4-config has had its debconf templates re-worked. Basic
+ functionality is unchanged, so you shouldn't expect a real
+ difference. The priority of most questions has been lowered to
+ medium, so that the Installer can install exim4 with no questions
+ being asked. The default is local delivery only. Mail messages for
+ root and postmaster are delivered to an mbox file in
+ /var/mail/mail, make sure to read them.
+
+ You can do the full exim4 configuration by calling
+ dpkg-reconfigure exim4-config as root.
+
+ It is now finally possible to configure exim4 to deliver outgoing
+ mail to a smarthost on a port number different from 25 via debconf.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Mon, 9 Oct 2006 14:12:25 +0000
+
+exim4 (4.62-3) unstable; urgency=low
+
+ A template for SPF support is now provided. It is disabled by
+ default, and relies on external calls to spfquery(1) from the
+ libmail-spf-query-perl package. For details, check README.Debian,
+ and conf.d/acl/30_exim4-config_check_rcpt.
+
+ -- Robert Millan <rmh@aybabtu.com> Fri, 28 Jul 2006 22:43:56 +0200
+
+exim4 (4.62-1) unstable; urgency=low
+
+ Please note that the handling of update-exim4.conf.conf has
+ changed with regard to dc_local_interfaces and dc_relay_nets: If
+ the strings given there contain a semicolon, the string "<;" is
+ now prepended to the value written to the configuration file to
+ consider ; a list separator. This significantly helps writing down
+ IPv6 addresses, but means that if you use complex things like
+ lookups in update-exim4.conf.conf, you'll have to change your
+ configuration to use the macros that directly interfere with the
+ configuration.
+
+ 127.0.0.1 and ::1 have been removed from the default hostlist
+ relay_from_hosts - these addresses are now added by
+ update-exim4.conf with the appropriate separator. If you set
+ MAIN_RELAY_NETS manually, you'll need to add these two addresses
+ to your local host list.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 29 Apr 2006 22:36:31 +0000
+
+exim4 (4.60-2) unstable; urgency=low
+
+ The exim4 daemon packages now include a symlink from
+ /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and
+ init scripts if the last exim 3 you had installed was any earlier
+ than 3.36-5 and the conffiles from your exim 3 package are still
+ around. Be sure to have any exim 4 earlier than 3.36-5 _purged_
+ (not removed) before installing this package.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Wed, 24 Jan 2006 14:58:08 +0100
+
+exim4 (4.50-5) unstable; urgency=low
+
+ mailname, the local name of the system used to qualify senders and
+ recipients is no longer a local domain by default. Having local
+ delivery for that host name used to break satellite and smarthost
+ setups where no local delivery was expected.
+ /etc/exim4/update-exim4.conf.conf is modified automatically on
+ upgrade from the appropriate earlier versions, so if you don't do any
+ funky things with /etc/exim4/update-exim4.conf.conf, you should be fine.
+
+ -- Marc Haber <mh+debian-packages@zugschlus.de> Sat, 2 Apr 2005 20:31:27 +0200
+
+exim4 (4.43-3) unstable; urgency=low
+
+ /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses!
+ The last version of exim4 that shipped this file was uploaded on the
+ 19th of May 2003, and I really do not want to start sarge with cruft like
+ that.
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 10 Jan 2004 10:05:34 +0100
+
+exim4 (4.34-1) unstable; urgency=low
+
+ Debconf will not ask for relay_domains if configuring smarthost or
+ satellite-type systems. - This functionality was untested and could
+ generate mail-loops.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 12 May 2004 13:42:23 +0200
+
+exim4 (4.31-2) unstable; urgency=low
+
+ The local_scan perl-plugin has been removed because upstream
+ development has stopped. (am)
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 5 Apr 2004 15:55:12 +0200
+
+exim4 (4.30-5) unstable; urgency=low
+
+ (Re)introduce /etc/exim4/exim4.conf.template as alternative to the
+ multiple small files in /etc/exim4/conf.d/ and make it the default choice
+ for fresh installations. This trades in a loss of comfort (you will again
+ need to merge in each small change manually) for increased stability.
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 11 Jan 2004 13:03:43 +0100
+
+exim4 (4.30-1) unstable; urgency=low
+
+ * Exim now runs under its own uid (Debian-exim) instead of using mail:mail.
+
+ WARNING: You cannot downgrade this version to an older one without
+ manual chown|chrgrp all files owned by Debian-exim to mail.
+
+ Securitywise this is a tradeoff:
+ - if exim is SUID root and runs without deliver_drop_privilege you win:
+ exim's internal data in /var/spool/exim4 is not open to attacks by
+ bugs in programs SGID mail (mail delivery agents like deliver or
+ procmail, or MUAs like pine) anymore. This is Debian's default setup.
+ - OTOH if you need to be able to make local deliveries to /var/mail and
+ want to run exim with reduced priviledge you have some additional work
+ to do:
+ * Use an SGID MDA for the actual delivery (I suggest maildrop.)
+ * Make changes to run exim4 under group mail:
+ - exim_group=mail.
+ - Hack: make Debian-exim a group with gid=8, i.e. an alias for
+ the mail group, _before_ you make the upgrade. (groupadd -o -g 8
+ Debian-exim)
+
+ -- Andreas Metzler <ametzler@debian.org> Sun, 7 Dec 2003 13:59:46 +0100
+
+exim4 (4.24-1) unstable; urgency=low
+
+ * This version of exim cannot run deliveries as root anymore, see change
+ 5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you
+ don't redirect mail for root via /etc/aliases to a nonpriviledged
+ account the mail will be delivered to /var/mail/mail with permissions
+ 0600 and owner mail:mail.
+
+ -- Andreas Metzler <ametzler@debian.org> Fri, 3 Oct 2003 18:11:17 +0200
+
+exim4 (4.22-2) unstable; urgency=low
+
+ Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in
+ -heavy and -custom for easy integration of content-scanning and
+ invoking spamassassin at SMTP time.
+
+ -- Andreas Metzler <ametzler@debian.org> Wed, 27 Aug 2003 12:50:59 +0200
+
+exim4 (4.22-1) unstable; urgency=low
+
+ * The way that the $h_ (and $header_) expansions work has been changed
+ by the addition of RFC 2047 decoding. See the main documentation (the
+ NewStuff file until release 4.30, then the manual) for full details.
+
+ Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8"
+
+ -- Andreas Metzler <ametzler@debian.org> Mon, 18 Aug 2003 16:51:47 +0200
+
+exim4 (4.20-2) unstable; urgency=low
+
+ Rewriting now uses /etc/email-addresses instead of
+ /etc/exim4/email-addresses like exim v3 did. Please move the contents to
+ the new file and delete the old one, when you have time to spare.
+
+ -- Andreas Metzler <ametzler@debian.org> Tue, 15 Jul 2003 10:20:15 +0200