From 318a1a2246a9f521e5a02313dcc1f6d68a0af7ec Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 18:16:14 +0200 Subject: Adding debian version 4.96-15+deb12u4. Signed-off-by: Daniel Baumann --- debian/NEWS | 516 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 516 insertions(+) create mode 100644 debian/NEWS (limited to 'debian/NEWS') diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..0a81823 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,516 @@ +exim4 (4.96-1) unstable; urgency=low + + The allow_insecure_tainted_data main config option and the "taint" + log_selector were removed. (See previous entry for exim4 4.94-18.) + + Taint-check exec arguments for transport-initiated external processes. + Previously, tainted values could be used. This affects "pipe", "lmtp" + and "queryprogram" transport, transport-filter, and ETRN commands. The + ${run} expansion is also affected: in "preexpand" mode no part of the + command line may be tainted, in default mode the executable name may not + be tainted. + + Query-style lookups are now checked for quoting, if the query string is + built using untrusted data ("tainted"). For now lack of quoting is + merely logged; a future release will upgrade this to an error. + + -- Andreas Metzler Sun, 26 Jun 2022 14:11:00 +0200 + +exim4 (4.94-18) experimental; urgency=medium + + Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the + concept of tainted data read from untrusted sources, like e.g. message + sender or recipient. This tainted data (e.g. $local_part or $domain) + cannot be used among other things as a file or directory name or command + name. + + This WILL BREAK configurations which are not updated accordingly. + Old Debian exim configuration files also will not work unmodified, the new + configuration needs to be installed with local modifications merged in. + + Typical nonworking examples include: + * Delivery to /var/mail/$local_part. Use $local_part_data in combination + with check_local_user. + * Using + data = ${lookup{$local_part}lsearch{/some/path/$domain/aliases}} + instead of + data = ${lookup{$local_part}lsearch{/some/path/$domain_data/aliases}} + for a virtual domain alias file. + + The basic strategy for dealing with this change is to use the result of a + lookup in further processing instead of the original (remote provided) + value. + + To ease upgrading there is a new main configuration option to temporarily + downgrade taint errors to warnings, letting the old configuration work with + the newer exim. To make use of this feature add + .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA + allow_insecure_tainted_data = yes + .endif + to the exim configuration (e.g. to /etc/exim4/exim4.conf.localmacros) + *before* upgrading to exim 4.93/4.94 and check the logfile for taint + warnings. This is a temporary workaround which is already marked for + removal on introduction. + + -- Andreas Metzler Sun, 25 Apr 2021 07:42:26 +0200 + +exim4 (4.94-16) unstable; urgency=medium + + The configuration now enforces certificate verification against the + system trust store on encrypted connections using the + remote_smtp_smarthost transport (smarthost and satellite setups). + Delivery will therefore fail if the host certificates are not verifyable + and non TLS delivery is not available (e.g. because AUTH PLAIN is used). + + -- Andreas Metzler Wed, 17 Mar 2021 13:50:44 +0100 + +exim4 (4.87-3) unstable; urgency=medium + + Starting with 4.87~RC1-1 exim will not accept or send out messages with + physical lines longer than 998 characters by SMTP DATA. Delivery of such + RFC-violating message might fail and subsequently cause routing errors and + loss of legitimate mail. See . + This limit can be disabled by setting the macro + IGNORE_SMTP_LINE_LENGTH_LIMIT. + + -- Andreas Metzler Sun, 08 May 2016 14:03:10 +0200 + +exim4 (4.87-2) unstable; urgency=medium + + exim4-daemon heavy does not support the "demime" ACL condition + (WITH_OLD_DEMIME) anymore. It was superceded by the acl_smtp_mime ACL and + will not be part of the next upstream release. + + -- Andreas Metzler Sat, 30 Apr 2016 13:38:29 +0200 + +exim4 (4.87~RC6-3) unstable; urgency=medium + + As part of the fix for CVE-2016-1531 updated Exim versions clean + the complete execution environment by default, affecting Exim and + subprocesses such as routers calling other programs, and thus may break + existing installations. New configuration options (keep_environment, + add_environment) were introduced to adjust this behavior. Because of the + possible breakage Exim will show a runtime warning if keep_environment is + not set. + + The Debian exim4 configuration does not rely on specific environment + variables and therefore sets 'keep_environment =' (i.e confirm empty + environment). + + Users of custom Exim configurations will need to check whether their setup + continues to work with the abovementioned upstream change and modify the + Exim environment as needed otherwise. If the setup works fine with empty + environment it is still necessary to set the main configuration option + "keep_environment =" to quiet the runtime warning. + + See for details. + + -- Andreas Metzler Wed, 23 Mar 2016 18:44:22 +0100 + +exim4 (4.80~rc6-1) experimental; urgency=low + + Upstream's handling of GnuTLS DH parameters has changed, hardcoded + parameters (from RFCs are used by default. See + /usr/share/doc/exim4-base/README.UPDATING* for details. Stop shipping + /usr/share/exim4/exim4_refresh_gnutls-params /usr/share/exim4/timeout.pl + and /var/spool/exim4/gnutls-params-2236. + + -- Andreas Metzler Sun, 27 May 2012 18:46:48 +0200 + +exim4 (4.80~rc2-1) experimental; urgency=low + + Ldap lookups returning multi-valued attributes now separate the attributes + with only a comma, not a comma-space sequence. + + The GnuTLS support has been mostly rewritten. exim main configuration + options gnutls_require_kx, gnutls_require_mac and gnutls_require_protocols, + are no longer supported. (They are ignored if present now, but will trigger + an error in later releases.) Their functionality is entirely subsumed into + tls_require_ciphers. In turn, tls_require_ciphers is no longer an Exim list + and is not parsed by Exim, but is instead given to gnutls_priority_init(3). + + See /exim4-base/usr/share/doc/exim4-base/README.UPDATING.gz for details. + + -- Andreas Metzler Sat, 22 Oct 2011 19:16:58 +0200 + +exim4 (4.77~rc4-1) experimental; urgency=low + + Exim no longer performs string expansion on the second string of + the match_* expansion conditions: "match_address", "match_domain", + "match_ip" & "match_local_part". Named lists can still be used. + + The previous behavior made it too easy to create (remotely) vulnerable + configurations. A more detailed rationale and explanation can be found on + https://lists.exim.org/lurker/message/20111003.122326.fbcf32b7.en.html + + -- Andreas Metzler Thu, 05 Oct 2011 19:22:52 +0200 + +exim4 (4.72-3) unstable; urgency=low + + Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345. + This is a privilege escalation issue that allows the exim user to gain + root privileges by specifying an alternate configuration file using the -C + option. The macro override facility (-D) might also be misused for this + purpose. + + In reaction to this security vulnerability upstream has made a number of + user visible changes. This package includes these changes. + --------------------------------------------------------- + If exim is invoked with the -C or -D option the daemon will not regain + root privileges though re-execution. This is usually necessary for local + delivery, though. Therefore it is generally not possible anymore to run an + exim daemon with -D or -C options. + + However this version of exim has been built with + TRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST + defines a list of configuration files which are trusted; if a config file + is owned by root and matches a pathname in the list, then it may be + invoked by the Exim build-time user without Exim relinquishing root + privileges. + + As a hotfix to not break existing installations of mailscanner we have + also set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to start + exim with -DOUTGOING while being able to do local deliveries. + + If you previously were using -D switches you will need to change your + setup to use a separate configuration file. The ".include" mechanism + makes this easy. + --------------------------------------------------------- + The system filter is run as exim_user instead of root by default. If your + setup requies root privileges when running the system filter you will + need to set the system_filter_user exim main configuration option. + --------------------------------------------------------- + + -- Andreas Metzler Sat, 18 Dec 2010 18:57:16 +0100 + +exim4 (4.69-4) unstable; urgency=low + + In reaction to #475194, the size of the Diffie-Hellman parameters + used by exim was increased to 2048, which is GnuTLS's default. + + Since periodically regenerating the Diffie-Hellman parameters + doesn't increase security that much (they're sent in clear text in the + TLS handshake, and some protocols even have hardcoded them in the + standard document), and automatically generating 2048 bits + Diffie-Hellman parameters can take a long time, this has been disabled + in the Exim4 packages starting with 4.69-4. All exim installations + will thus run with the Diffie-Hellman parameters shipped in the + package by default. + + Really, really paranoid people with sufficiently fast machines will + want to set up a cron job calling + /usr/share/exim4/exim4_refresh_gnutls-params manually - suggested + interval is weekly or monthly. + + -- Marc Haber Sun, 27 Apr 2008 09:14:32 +0200 + +exim4 (4.68-1) unstable; urgency=low + + In order to fix #420217, the handling of incoming messages to + system accounts has been changed once again. To allow system + account mail addresses to be redirected via traditional + /etc/aliases, system accounts are now processed later in the + router chain. + + This has made it necessary to change the default behavior of the + real- prefix. real-foo is now only accessible for locally + generated messages, such as the error message generated by the + userforward router. If you need the old behavior back, set the + macro COND_LOCAL_SUBMITTER=true. As a side-effect, you can + entirely switch off the real- processing by setting + COND_LOCAL_SUBMITTER=false. + + -- Marc Haber Thu, 04 Oct 2007 22:34:01 +0200 + +exim4 (4.67-6) unstable; urgency=low + + acl_whitelist_local_deny was renamed to acl_local_deny_exceptions + to avoid confusion. This means changes to ACLs, file names in + /etc/exim4/conf.d/acl and the exception list file names themselves. + + CONFDIR/local_host_whitelist and CONFDIR/local_sender_whitelist + have been renamed to CONFDIR/host_local_deny_exceptions and + CONFDIR/sender_local_deny_exceptions. The old files will continue + to be honored for a transition period. + + The old file conf.d/acl/20_exim4-config_whitelist_local_deny will + get a .dpkg-bak suffix if it had local changes, and it will be + removed if there were no local changes. In the case of local changes, + you'll need to repeat these changes in the new file + conf.d/acl/20_exim4-config_local_deny_exceptions. + + -- Marc Haber Wed, 05 Sep 2007 21:22:22 +0200 + +exim4 (4.67-5) unstable; urgency=low + + The macro generation in update-exim4.conf has been changed once + more. update-exim4.conf now looks for the (non-commented!) + definition of the exim configuration macro UPEX4CmacrosUPEX4C to + an arbitrary, non-empty value, and inserts the generated macro + definitions right after this line, without changing it. + + update-exim4.conf looks for commented UPEX4CmacrosUPEX4C (which + used to be the place marker in earlier 4.67-x versions) and barfs + if it finds them anywhere in /etc/exim4/exim4.conf.template or + recursively /etc/exim4/conf.d. This check - as a feature - also + includes files that would normally be excluded by + update-exim4.conf, such as .dpkg-old and .dpkg-dist files. + + If you insist on having a commented UPEX4CmacrosUPEX4C in your + exim configuration and don't want update-exim4.conf to barf, set + the exim macro UPEX4CmacrosOK_config_adapted to a non-empty value. + + -- Marc Haber Thu, 28 Jun 2007 08:29:36 +0200 + +exim4 (4.67-4) unstable; urgency=low + + Since a lot of users did not read the docs while upgrading and + filed bug reports about exim4-config failing to install due to a + "malformed macro definition", update-exim4.conf.conf now checks + for DEBCONFsomethingDEBCONF strings anywhere in + /etc/exim4/exim4.conf.template or recursively /etc/exim4/conf.d + and barfs if such strings are found. This check - as a feature - also + includes files that would normally be excluded by + update-exim4.conf. + + It _is_ necessary to either accept the offered configuration file + change _or_ to manually check a manually changed exim config. Exim + will _NOT_ run if a configuration file of an older version is + being used with a more recent exim4-config. + + If you insist on having DEBCONFsomethingDEBCONF strings in your + exim configuration and don't want update-exim4.conf to barf, set + the exim macro DEBCONFstringOK_config_adapted to a non-empty + value. + + -- Marc Haber Fri, 22 Jun 2007 12:50:38 +0200 + +exim4 (4.67-2) experimental; urgency=low + + The symlink /etc/exim4/email-addresses caused data loss for people + who had a local file named /etc/exim4/email-addresses. The Debian + tools do not handle symlinks in /etc which are contained in + packages very well, so we decided to simply remove it. Please + submit a tested patch if you think that it would be a more elegant + way to handle the transition from /etc/exim4/email-addresses to + /etc/email-addresses. + + There is now a possibility to modify handling of incoming messages + to system accounts, identified by their UID (see + conf.d/router/250_exim4-config_lowuid). If you want this, set the + macro FIRST_USER_ACCOUNT_UID (which defaults to 0) to the UID of + your first "real" user account. Incoming messages for an account + with an UID below that value get routed according to the extra + alias file /etc/exim4/lowuid-aliases. If an account does not have + an alias there, it gets routed to the value of the macro + DEFAULT_SYSTEM_ACCOUNT_ALIAS, which defaults to ":fail: no mail to + system accounts" and gets the message rejected. You can use this + mechanism to route all messages for system accounts to a single + address, with exceptions. Locally generated messages are not + processed by this facility. + + Generation of the final exim configuration has changed. The + configuration no longer has the DEBCONFsomethingDEBCONF + placeholders. All data from Debconf are put into exim + configuration macros by update-exim4.conf, which are then + appropriately picked up by the configuration itself. There should + be no visible change to people who have not modified their + configuration, but customized configurations need to adapt. + + We now do basic sanitizing of input read from + update-exim4.conf.conf. If your update-exim4.conf complains about + non-ascii values, you have found a bug. Please report it. + + -- Marc Haber Mon, 11 Jun 2007 14:09:24 +0200 + +exim4 (4.62-7) unstable; urgency=low + + Bug #392993 says that 4.63-5 and -6 have overwritten manual + setting of dc_local_delivery with one of the default versions if + you have set dc_local_delivery to a value that is not either + mail_spool or maildir_home. Please verify that your + dc_local_delivery does still point to the transport you have + chosen. + + Please note that the debconf configuration only supports plain + lists. Advanced features like "dsearch;" entered there may work + today, but are not guaranteed to continue working in the future. + + If you want to use such features, please use the macros made + available for use in the configuration or edit the configuration + itself. + + This allows us to use semicolons as list delimiters consistently + while still being backwards compatible to colon-separated lists + without driving code complexity up too high. + + Starting with this version, update-exim4.conf will print a warning + if a dsearch lookup is found in the list of local domains, + dc_local_domains since there is a HOWTO on the Internet that + recommends doing this kind of things and this will _not_ work any + more. + + -- Marc Haber Sun, 15 Oct 2006 10:00:15 +0000 + +exim4 (4.62-4) unstable; urgency=low + + exim4-config has had its debconf templates re-worked. Basic + functionality is unchanged, so you shouldn't expect a real + difference. The priority of most questions has been lowered to + medium, so that the Installer can install exim4 with no questions + being asked. The default is local delivery only. Mail messages for + root and postmaster are delivered to an mbox file in + /var/mail/mail, make sure to read them. + + You can do the full exim4 configuration by calling + dpkg-reconfigure exim4-config as root. + + It is now finally possible to configure exim4 to deliver outgoing + mail to a smarthost on a port number different from 25 via debconf. + + -- Marc Haber Mon, 9 Oct 2006 14:12:25 +0000 + +exim4 (4.62-3) unstable; urgency=low + + A template for SPF support is now provided. It is disabled by + default, and relies on external calls to spfquery(1) from the + libmail-spf-query-perl package. For details, check README.Debian, + and conf.d/acl/30_exim4-config_check_rcpt. + + -- Robert Millan Fri, 28 Jul 2006 22:43:56 +0200 + +exim4 (4.62-1) unstable; urgency=low + + Please note that the handling of update-exim4.conf.conf has + changed with regard to dc_local_interfaces and dc_relay_nets: If + the strings given there contain a semicolon, the string "<;" is + now prepended to the value written to the configuration file to + consider ; a list separator. This significantly helps writing down + IPv6 addresses, but means that if you use complex things like + lookups in update-exim4.conf.conf, you'll have to change your + configuration to use the macros that directly interfere with the + configuration. + + 127.0.0.1 and ::1 have been removed from the default hostlist + relay_from_hosts - these addresses are now added by + update-exim4.conf with the appropriate separator. If you set + MAIN_RELAY_NETS manually, you'll need to add these two addresses + to your local host list. + + -- Marc Haber Sat, 29 Apr 2006 22:36:31 +0000 + +exim4 (4.60-2) unstable; urgency=low + + The exim4 daemon packages now include a symlink from + /usr/sbin/exim4 to /usr/sbin/exim. This can break exim 3 cron and + init scripts if the last exim 3 you had installed was any earlier + than 3.36-5 and the conffiles from your exim 3 package are still + around. Be sure to have any exim 4 earlier than 3.36-5 _purged_ + (not removed) before installing this package. + + -- Marc Haber Wed, 24 Jan 2006 14:58:08 +0100 + +exim4 (4.50-5) unstable; urgency=low + + mailname, the local name of the system used to qualify senders and + recipients is no longer a local domain by default. Having local + delivery for that host name used to break satellite and smarthost + setups where no local delivery was expected. + /etc/exim4/update-exim4.conf.conf is modified automatically on + upgrade from the appropriate earlier versions, so if you don't do any + funky things with /etc/exim4/update-exim4.conf.conf, you should be fine. + + -- Marc Haber Sat, 2 Apr 2005 20:31:27 +0200 + +exim4 (4.43-3) unstable; urgency=low + + /etc/exim4/email-addresses is ignored now, please use /etc/email-addresses! + The last version of exim4 that shipped this file was uploaded on the + 19th of May 2003, and I really do not want to start sarge with cruft like + that. + + -- Andreas Metzler Mon, 10 Jan 2004 10:05:34 +0100 + +exim4 (4.34-1) unstable; urgency=low + + Debconf will not ask for relay_domains if configuring smarthost or + satellite-type systems. - This functionality was untested and could + generate mail-loops. + + -- Andreas Metzler Wed, 12 May 2004 13:42:23 +0200 + +exim4 (4.31-2) unstable; urgency=low + + The local_scan perl-plugin has been removed because upstream + development has stopped. (am) + + -- Andreas Metzler Mon, 5 Apr 2004 15:55:12 +0200 + +exim4 (4.30-5) unstable; urgency=low + + (Re)introduce /etc/exim4/exim4.conf.template as alternative to the + multiple small files in /etc/exim4/conf.d/ and make it the default choice + for fresh installations. This trades in a loss of comfort (you will again + need to merge in each small change manually) for increased stability. + + -- Andreas Metzler Sun, 11 Jan 2004 13:03:43 +0100 + +exim4 (4.30-1) unstable; urgency=low + + * Exim now runs under its own uid (Debian-exim) instead of using mail:mail. + + WARNING: You cannot downgrade this version to an older one without + manual chown|chrgrp all files owned by Debian-exim to mail. + + Securitywise this is a tradeoff: + - if exim is SUID root and runs without deliver_drop_privilege you win: + exim's internal data in /var/spool/exim4 is not open to attacks by + bugs in programs SGID mail (mail delivery agents like deliver or + procmail, or MUAs like pine) anymore. This is Debian's default setup. + - OTOH if you need to be able to make local deliveries to /var/mail and + want to run exim with reduced priviledge you have some additional work + to do: + * Use an SGID MDA for the actual delivery (I suggest maildrop.) + * Make changes to run exim4 under group mail: + - exim_group=mail. + - Hack: make Debian-exim a group with gid=8, i.e. an alias for + the mail group, _before_ you make the upgrade. (groupadd -o -g 8 + Debian-exim) + + -- Andreas Metzler Sun, 7 Dec 2003 13:59:46 +0100 + +exim4 (4.24-1) unstable; urgency=low + + * This version of exim cannot run deliveries as root anymore, see change + 5a for exim 4.23 in /usr/share/doc/exim4-base/changelog.gz. If you + don't redirect mail for root via /etc/aliases to a nonpriviledged + account the mail will be delivered to /var/mail/mail with permissions + 0600 and owner mail:mail. + + -- Andreas Metzler Fri, 3 Oct 2003 18:11:17 +0200 + +exim4 (4.22-2) unstable; urgency=low + + Include exiscan-acl patch http://duncanthrax.net/exiscan-acl/ in + -heavy and -custom for easy integration of content-scanning and + invoking spamassassin at SMTP time. + + -- Andreas Metzler Wed, 27 Aug 2003 12:50:59 +0200 + +exim4 (4.22-1) unstable; urgency=low + + * The way that the $h_ (and $header_) expansions work has been changed + by the addition of RFC 2047 decoding. See the main documentation (the + NewStuff file until release 4.30, then the manual) for full details. + + Exim shipped with Debian defaults to HEADER_DECODE_TO="UTF-8" + + -- Andreas Metzler Mon, 18 Aug 2003 16:51:47 +0200 + +exim4 (4.20-2) unstable; urgency=low + + Rewriting now uses /etc/email-addresses instead of + /etc/exim4/email-addresses like exim v3 did. Please move the contents to + the new file and delete the old one, when you have time to spare. + + -- Andreas Metzler Tue, 15 Jul 2003 10:20:15 +0200 -- cgit v1.2.3