Package: exim4 | Debian Sources

Package: exim4 / 4.89-2+deb9u7

Metadata

Package	Version	Patches format
exim4	4.89-2+deb9u7	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
31_eximmanpage.dpatch \| (download)	doc/exim.8 \| 80 50 + 30 - 0 ! 1 file changed, 50 insertions(+), 30 deletions(-)	we ship the binary as exim4 instead of exim, fix manpage accordingly.
32_exim4.dpatch \| (download)	OS/Makefile-Linux \| 4 2 + 2 - 0 ! src/exicyclog.src \| 2 1 + 1 - 0 ! src/exim_checkaccess.src \| 2 1 + 1 - 0 ! src/eximon.src \| 2 1 + 1 - 0 ! src/exinext.src \| 4 2 + 2 - 0 ! src/exiqgrep.src \| 2 1 + 1 - 0 ! src/exiwhat.src \| 2 1 + 1 - 0 ! src/globals.c \| 2 1 + 1 - 0 ! 8 files changed, 10 insertions(+), 10 deletions(-)	accomodate source for installing exim as exim4.
33_eximon.binary.dpatch \| (download)	OS/eximon.conf-Default \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
34_eximstatsmanpage.dpatch \| (download)	src/eximstats.src \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	add note about installing perl-modules on debian to generated manpage
35_install.dpatch \| (download)	scripts/exim_install \| 12 6 + 6 - 0 ! 1 file changed, 6 insertions(+), 6 deletions(-)	exim's installation scripts install the binary as exim-<version> - disable this feature.
40_reproducible_build.diff \| (download)	exim_monitor/em_version.c \| 6 4 + 2 - 0 ! src/version.c \| 6 4 + 2 - 0 ! 2 files changed, 8 insertions(+), 4 deletions(-)	reproducible build fix. Use REPBUILDDATE which is pulled from debian/changelog in debian/rules instead of __DATE__ as compile date.
50_localscan_dlopen.dpatch \| (download)	src/EDITME \| 15 15 + 0 - 0 ! src/config.h.defaults \| 2 2 + 0 - 0 ! src/globals.c \| 4 4 + 0 - 0 ! src/globals.h \| 3 3 + 0 - 0 ! src/local_scan.c \| 165 118 + 47 - 0 ! src/local_scan.h \| 3 3 + 0 - 0 ! src/readconf.c \| 3 3 + 0 - 0 ! 7 files changed, 148 insertions(+), 47 deletions(-)	allow to use and switch between different local_scan functions without recompiling exim. http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc MERLIN for SA-Exim and minor/major API version tracking
60_convert4r4.dpatch \| (download)	src/convert4r4.src \| 26 26 + 0 - 0 ! 1 file changed, 26 insertions(+)	add a warning message to convert4r4
67_unnecessaryCopt.diff \| (download)	src/exicyclog.src \| 4 2 + 2 - 0 ! src/eximon.src \| 4 2 + 2 - 0 ! src/exinext.src \| 6 3 + 3 - 0 ! src/exiwhat.src \| 4 2 + 2 - 0 ! 4 files changed, 9 insertions(+), 9 deletions(-)	stop using exim's -c option in utility scripts (exiwhat et al.) since this breaks with ALT_CONFIG_PREFIX.
70_remove_exim users_references.dpatch \| (download)	README \| 12 10 + 2 - 0 ! src/eximstats.src \| 3 1 + 2 - 0 ! 2 files changed, 11 insertions(+), 4 deletions(-)	---
78_Disable chunking BDAT by default.patch \| (download)	doc/spec.txt \| 12 6 + 6 - 0 ! src/globals.c \| 2 1 + 1 - 0 ! src/transports/smtp.c \| 2 1 + 1 - 0 ! 3 files changed, 8 insertions(+), 8 deletions(-)	disable chunking (bdat) by default. Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty.
79_CVE 2017 1000369.patch \| (download)	src/exim.c \| 19 17 + 2 - 0 ! 1 file changed, 17 insertions(+), 2 deletions(-)	---
80_Avoid release of store if there have been later allo.patch \| (download)	src/receive.c \| 7 4 + 3 - 0 ! 1 file changed, 4 insertions(+), 3 deletions(-)	avoid release of store if there have been later allocations. bug 2199
81_Chunking do not treat the first lonely dot special. .patch \| (download)	src/receive.c \| 2 1 + 1 - 0 ! src/smtp_in.c \| 7 7 + 0 - 0 ! 2 files changed, 8 insertions(+), 1 deletion(-)	chunking: do not treat the first lonely dot special. cve-2017-16944, Bug 2201
82_Fix base64d buffer size CVE 2018 6789.patch \| (download)	src/base64.c \| 8 6 + 2 - 0 ! 1 file changed, 6 insertions(+), 2 deletions(-)	fix base64d() buffer size (cve-2018-6789) Credits for discovering this bug: Meh Chang <meh@devco.re>
83_qsa 2019 exim4.patch \| (download)	src/deliver.c \| 22 14 + 8 - 0 ! 1 file changed, 14 insertions(+), 8 deletions(-)	[patch] fix cve-2019-10149
84_Avoid re expansion in sort CVE 2019 13917 OVE 201907.patch \| (download)	src/expand.c \| 208 145 + 63 - 0 ! 1 file changed, 145 insertions(+), 63 deletions(-)	[patch] avoid re-expansion in ${sort } cve-2019-13917 OVE-20190718-0006 (cherry picked from commit 5c887f836e4d8e3f79da1c15565b56b40d9bd0dd)
85_01 string.c do not interpret before 0 CVE 2019 15846.patch \| (download)	doc/ChangeLog \| 5 5 + 0 - 0 ! src/string.c \| 3 3 + 0 - 0 ! 2 files changed, 8 insertions(+)	[patch] string.c: do not interpret '\\' before '\0' (cve-2019-15846)
86_01 Fix SPA authenticator checking client supplied data .patch \| (download)	doc/ChangeLog \| 5 5 + 0 - 0 ! src/auths/spa.c \| 22 16 + 6 - 0 ! 2 files changed, 21 insertions(+), 6 deletions(-)	[patch 1/2] fix spa authenticator, checking client-supplied data before using it. Bug 2571 (cherry picked from commit 57aa14b216432be381b6295c312065b2fd034f86)
86_02 Rework SPA fix to avoid overflows. Bug 2571.patch \| (download)	src/auths/spa.c \| 13 9 + 4 - 0 ! 1 file changed, 9 insertions(+), 4 deletions(-)	[patch 2/2] rework spa fix to avoid overflows. bug 2571 Amends: 6a7edbf660 (cherry picked from commit a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0)

Patch	File delta	Description
31_eximmanpage.dpatch \| (download)	doc/exim.8 \| 80 50 + 30 - 0 ! 1 file changed, 50 insertions(+), 30 deletions(-)	we ship the binary as exim4 instead of exim, fix manpage accordingly.
32_exim4.dpatch \| (download)	OS/Makefile-Linux \| 4 2 + 2 - 0 ! src/exicyclog.src \| 2 1 + 1 - 0 ! src/exim_checkaccess.src \| 2 1 + 1 - 0 ! src/eximon.src \| 2 1 + 1 - 0 ! src/exinext.src \| 4 2 + 2 - 0 ! src/exiqgrep.src \| 2 1 + 1 - 0 ! src/exiwhat.src \| 2 1 + 1 - 0 ! src/globals.c \| 2 1 + 1 - 0 ! 8 files changed, 10 insertions(+), 10 deletions(-)	accomodate source for installing exim as exim4.
33_eximon.binary.dpatch \| (download)	OS/eximon.conf-Default \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
34_eximstatsmanpage.dpatch \| (download)	src/eximstats.src \| 4 4 + 0 - 0 ! 1 file changed, 4 insertions(+)	add note about installing perl-modules on debian to generated manpage
35_install.dpatch \| (download)	scripts/exim_install \| 12 6 + 6 - 0 ! 1 file changed, 6 insertions(+), 6 deletions(-)	exim's installation scripts install the binary as exim-<version> - disable this feature.
40_reproducible_build.diff \| (download)	exim_monitor/em_version.c \| 6 4 + 2 - 0 ! src/version.c \| 6 4 + 2 - 0 ! 2 files changed, 8 insertions(+), 4 deletions(-)	reproducible build fix. Use REPBUILDDATE which is pulled from debian/changelog in debian/rules instead of __DATE__ as compile date.
50_localscan_dlopen.dpatch \| (download)	src/EDITME \| 15 15 + 0 - 0 ! src/config.h.defaults \| 2 2 + 0 - 0 ! src/globals.c \| 4 4 + 0 - 0 ! src/globals.h \| 3 3 + 0 - 0 ! src/local_scan.c \| 165 118 + 47 - 0 ! src/local_scan.h \| 3 3 + 0 - 0 ! src/readconf.c \| 3 3 + 0 - 0 ! 7 files changed, 148 insertions(+), 47 deletions(-)	allow to use and switch between different local_scan functions without recompiling exim. http://marc.merlins.org/linux/exim/files/sa-exim-current/ Original patch from David Woodhouse, modified first by Derrick 'dman' Hudson and then by Marc MERLIN for SA-Exim and minor/major API version tracking
60_convert4r4.dpatch \| (download)	src/convert4r4.src \| 26 26 + 0 - 0 ! 1 file changed, 26 insertions(+)	add a warning message to convert4r4
67_unnecessaryCopt.diff \| (download)	src/exicyclog.src \| 4 2 + 2 - 0 ! src/eximon.src \| 4 2 + 2 - 0 ! src/exinext.src \| 6 3 + 3 - 0 ! src/exiwhat.src \| 4 2 + 2 - 0 ! 4 files changed, 9 insertions(+), 9 deletions(-)	stop using exim's -c option in utility scripts (exiwhat et al.) since this breaks with ALT_CONFIG_PREFIX.
70_remove_exim users_references.dpatch \| (download)	README \| 12 10 + 2 - 0 ! src/eximstats.src \| 3 1 + 2 - 0 ! 2 files changed, 11 insertions(+), 4 deletions(-)	---
78_Disable chunking BDAT by default.patch \| (download)	doc/spec.txt \| 12 6 + 6 - 0 ! src/globals.c \| 2 1 + 1 - 0 ! src/transports/smtp.c \| 2 1 + 1 - 0 ! 3 files changed, 8 insertions(+), 8 deletions(-)	disable chunking (bdat) by default. Change default value of main option chunking_advertise_hosts and smtp transport option hosts_try_chunking from "*" to empty.
79_CVE 2017 1000369.patch \| (download)	src/exim.c \| 19 17 + 2 - 0 ! 1 file changed, 17 insertions(+), 2 deletions(-)	---
80_Avoid release of store if there have been later allo.patch \| (download)	src/receive.c \| 7 4 + 3 - 0 ! 1 file changed, 4 insertions(+), 3 deletions(-)	avoid release of store if there have been later allocations. bug 2199
81_Chunking do not treat the first lonely dot special. .patch \| (download)	src/receive.c \| 2 1 + 1 - 0 ! src/smtp_in.c \| 7 7 + 0 - 0 ! 2 files changed, 8 insertions(+), 1 deletion(-)	chunking: do not treat the first lonely dot special. cve-2017-16944, Bug 2201
82_Fix base64d buffer size CVE 2018 6789.patch \| (download)	src/base64.c \| 8 6 + 2 - 0 ! 1 file changed, 6 insertions(+), 2 deletions(-)	fix base64d() buffer size (cve-2018-6789) Credits for discovering this bug: Meh Chang <meh@devco.re>
83_qsa 2019 exim4.patch \| (download)	src/deliver.c \| 22 14 + 8 - 0 ! 1 file changed, 14 insertions(+), 8 deletions(-)	[patch] fix cve-2019-10149
84_Avoid re expansion in sort CVE 2019 13917 OVE 201907.patch \| (download)	src/expand.c \| 208 145 + 63 - 0 ! 1 file changed, 145 insertions(+), 63 deletions(-)	[patch] avoid re-expansion in ${sort } cve-2019-13917 OVE-20190718-0006 (cherry picked from commit 5c887f836e4d8e3f79da1c15565b56b40d9bd0dd)
85_01 string.c do not interpret before 0 CVE 2019 15846.patch \| (download)	doc/ChangeLog \| 5 5 + 0 - 0 ! src/string.c \| 3 3 + 0 - 0 ! 2 files changed, 8 insertions(+)	[patch] string.c: do not interpret '\\' before '\0' (cve-2019-15846)
86_01 Fix SPA authenticator checking client supplied data .patch \| (download)	doc/ChangeLog \| 5 5 + 0 - 0 ! src/auths/spa.c \| 22 16 + 6 - 0 ! 2 files changed, 21 insertions(+), 6 deletions(-)	[patch 1/2] fix spa authenticator, checking client-supplied data before using it. Bug 2571 (cherry picked from commit 57aa14b216432be381b6295c312065b2fd034f86)
86_02 Rework SPA fix to avoid overflows. Bug 2571.patch \| (download)	src/auths/spa.c \| 13 9 + 4 - 0 ! 1 file changed, 9 insertions(+), 4 deletions(-)	[patch 2/2] rework spa fix to avoid overflows. bug 2571 Amends: 6a7edbf660 (cherry picked from commit a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0)