Public bug reported: Upstream: tbd Debian: 4.97-8 Ubuntu: 4.97-4ubuntu4
Debian does new releases regularly, so it's likely there will be newer versions available before FF that we can pick up if this merge is done later in the cycle. If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Oracular Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### exim4 (4.97-8) unstable; urgency=medium * Pull fixes from upstream GIT master: + 78_35-Fix-encoding-for-AUTH-on-MAIL-FROM.patch + 78_37-Logging-fix-receive-time-crash-with-recipients-loggi.patch + 78_39-SRS-fix-encode-for-local-part-with-zero-length-quote.patch (exim bug #3087) -- Andreas Metzler <ametz...@debian.org> Sun, 07 Apr 2024 07:50:45 +0200 exim4 (4.97-7) unstable; urgency=medium * Pull fixes from upstream GIT master: + 78_30-Rewrites-fix-delivery-crash-from-constant-errors_to..patch (exim bug #3066) + 78_31-Lookups-fix-dbmnz-crash-on-zero-length-datum.-Bug-30.patch (exim bug #3081) * Update lintian overrides. -- Andreas Metzler <ametz...@debian.org> Mon, 01 Apr 2024 10:45:05 +0200 exim4 (4.97-6) unstable; urgency=high * Add b-d on libnsl-dev to fix (temporary) FTBFS. Closes: #1065107 * Pull fixes from upstream GIT master: 78_10-Use-non-releaseable-memory-for-regex-match-strings.-.patch 78_11-use-dynamic-mem-for-regex_match_string.patch 78_12-Use-non-releasable-memory-for-regex-line-buffer.patch 78_15-regex-avoid-releasing-built-RE-midloop.patch 78_21-Lookups-avoid-leaking-user-passwd-from-server-spec-t.patch 78_23-Fix-crash-on-empty-oMt-argument.-Bug-3070.patch * 78_06, 78_07, 78_10, 78_11, 78_12 and 78_15 together Closes: #1053447 -- Andreas Metzler <ametz...@debian.org> Fri, 01 Mar 2024 18:09:49 +0100 exim4 (4.97-5) unstable; urgency=low * Multiple fixes from upstream GIT master: + 73_Check-for-missing-commandline-arg-after-options-taki.patch (upstream bug #3049) + 76_01-Support-old-format-message_id-spoolfiles-for-mailq-b.patch (upstream bug #3050) + 76_05-Fix-periodic-queue-runs.-Bug-3046.patch (upstream bug #3046) + 78_01-Fix-recipient-or-source-selection-in-combination-wit.patch (upstream bug #3064) + 78_02-Eximon-handle-new-format-message-IDs.patch (upstream bug #) + 78_03-Lookups-log-warning-for-deprecated-syntax.-Bug-3068.patch (upstream bug #3068) + 78_04-Exinext-handle-new-format-message-IDs.patch + 78_05-TLS-fix-startup-after-forced-fail.patch (upstream bug #) + 78_06-Appendfile-release-regex-match-store-every-thousand-.patch (upstream bug #3047) + 78_07-ACL-in-regex-condition-release-store-every-thousand-.patch (upstream bug #3047) + 78_08-Fix-smtp-transport-response-to-close-after-all-rcpt-.patch (upstream bug #3059) -- Andreas Metzler <ametz...@debian.org> Sun, 28 Jan 2024 14:08:10 +0100 exim4 (4.97-4) unstable; urgency=medium * autopkgtest: Stop using previously deprecated swaks feature to autodetect whether the argument for --data was a file. This was dropped in swaks 20240102.0. -- Andreas Metzler <ametz...@debian.org> Sat, 06 Jan 2024 07:48:19 +0100 exim4 (4.97-3) unstable; urgency=medium * Fixes from upstream GIT master: 77_01-Reject-dot-LF-as-ending-data-phase.-Bug-3063.patch 77_02-Use-enum-for-body-data-input-state-machine.patch 77_03-Reject-dot-LF-as-ending-data-phase-pt.-2-.-Bug-3063.patch + Enforce a data synch check before emitting the 354 'go ahead'. Previously this was only done if a pre-data ACL was configured. + Refuse to accept a line 'dot, LF' as end-of-DATA unless operating in LF-only mode (as detected from the first header line). Previously we did accept that in (normal) CRLF mode; this has been raised as a possible attack scenario (under the name 'smtp smuggling'). Closes: #1059387 CVE-2023-51766 -- Andreas Metzler <ametz...@debian.org> Mon, 25 Dec 2023 07:50:16 +0100 exim4 (4.97-2) unstable; urgency=medium * Add 75-04-Lookups-Fix-dnsdb-lookup-of-multi-chunk-TXT.-Bug-305.patch from upstream git master to fix dnsdb lookup regression. (Upstream bug 3054) * Due to being rebuilt with a newer debhelper exim4-base.service and exim4-base.timer move to /usr/lib/systemd/. -- Andreas Metzler <ametz...@debian.org> Sat, 18 Nov 2023 13:02:52 +0100 exim4 (4.97-1) unstable; urgency=medium * Drop reference to QUEUEINTERVAL from conf.d/retry/30_exim4-config. (Thanks, Vincent Lefevre!) Closes: #1054492 * New upstream version. + Update debian/copyright. -- Andreas Metzler <ametz...@debian.org> Sat, 04 Nov 2023 18:28:43 +0100 ### Old Ubuntu Delta ### exim4 (4.97-4ubuntu4) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <steve.langa...@ubuntu.com> Sun, 31 Mar 2024 18:12:56 +0000 exim4 (4.97-4ubuntu3) noble; urgency=medium * No-change rebuild against libperl5.38t64 -- Steve Langasek <steve.langa...@ubuntu.com> Sat, 09 Mar 2024 18:19:06 +0000 exim4 (4.97-4ubuntu2) noble; urgency=medium * No-change rebuild against libdb5.3t64 -- Steve Langasek <steve.langa...@ubuntu.com> Sat, 02 Mar 2024 20:31:24 +0000 exim4 (4.97-4ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2051408). Remaining changes: - Show Ubuntu distribution in SMTP banner + d/p/fix_smtp_banner.patch: Show Ubuntu distribution in SMTP banner. + d/control: Build-Depends on lsb-release to detect Distribution. - Disable external SPF support to avoid Build-Depends on libspf2-dev (only available in universe). SPF can still be implemented via spf-tools-perl, as documented in exim4.conf.template. This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1. (LP #1952738) + d/control: drop Build-Depends on libspf2-dev. + d/EDITME.exim4-heavy.diff: disable support for libspf2. + d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based on spfquery.mail-spf-perl from spf-tools-perl, but without the previously supported helo detection. -- Bryce Harrington <br...@canonical.com> Fri, 26 Jan 2024 17:11:37 -0800 ** Affects: exim4 (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: exim4 (Ubuntu) Milestone: None => ubuntu-24.07 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2064401 Title: Merge exim4 from Debian unstable for oracular To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/2064401/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs