Profile cover photo
Profile photo
Exim
The Exim Mail Transfer Agent
The Exim Mail Transfer Agent
About
Exim's posts

Post has attachment

Public
Exim 4.89 RC3 is now available.

Public
I have uploaded Exim 4.89 RC1 to:

https://ftp.exim.org/pub/exim/exim4/test/

This is a stabilization release containing a number of bug-fixes; the RC process for 4.89 will be accepting bug-fixes only, with a release-branch in git so that any developments need to be explicitly carried across.

As of RC1, I have not yet done a full sweep to ensure that documentation correctly marks new features; the binary appears to identify itself as "4.89" not "4.89RC1". All bugs so far identified as critical are believed to have been fixed.

IDNA2008 support is now available; a number of DKIM, CHUNKING and Proxy Protocol fixes have gone in; TCP Fast Open is a little more cautious such that binaries may run better on older Linux kernels. As we are into 2017, the oldest OpenSSL supported by the OpenSSL project is 1.0.2, so that is now the oldest version which the Exim Maintainers formally "support" for Exim. As of yet, I do not believe that any changes have been merged which would break support for older OpenSSL, but you are on your own if you try to use such. We do have a new document describing how to build and install a recent OpenSSL for use by Exim without interfering with any system packages.

While I am Release Engineer for 4.89, I want to note that Jeremy Harris has so far done the lion's share of the work, jumping on every issue identified. I've done just enough to start lubricating the rust off the joints of my maintainership.

The important text-format documents can be reviewed at:

https://git.exim.org/exim.git/blob/exim-4_89_RC1:/src/README.UPDATING
https://git.exim.org/exim.git/blob/exim-4_89_RC1:/doc/doc-txt/ChangeLog
https://git.exim.org/exim.git/blob/exim-4_89_RC1:/doc/doc-txt/NewStuff
https://git.exim.org/exim.git/blob/exim-4_89_RC1:/doc/doc-txt/openssl.txt

The files are signed with the PGP key 0x4D1E900E14C1CC04, which has a uid "Phil Pennock <pdp@exim.org>". Please use your own discretion in assessing what trust paths you might have to this uid.

Checksums below. Detached PGP signatures in .asc files are available alongside the tarballs.

Please report issues in reply to this email, on exim-users.

Thank you for your testing and feedback,
-Phil Pennock, pp The Exim Maintainers.


SHA256(exim-4.89_RC1.tar.bz2)= 4e64927665c83aa9d18b1edc3cc73b1113c886925f71bd72eb3d598eb72ad573
SHA256(exim-4.89_RC1.tar.gz)= ab136923916b4c57906daa325c70ca67f94a8e13395c3fdc36f275134258ad8e
SHA256(exim-html-4.89_RC1.tar.bz2)= 3a8990f4b2d3ff74ce368db52b82548e95db442d84848f86c44bedf14eb68201
SHA256(exim-html-4.89_RC1.tar.gz)= 6ae981f08a897076e991605509f94092a2fb063b7850e1f20e1047f21d64fa4b
SHA256(exim-pdf-4.89_RC1.tar.bz2)= 83e3ed3bd2ccf460c629ed2967148be03d0bdef408d9908be90a78cb86b572c9
SHA256(exim-pdf-4.89_RC1.tar.gz)= bc50da9dc931ef12e0018c83cd7a273d964c332a497d2b2ca3bc40fa0b3c770d
SHA256(exim-postscript-4.89_RC1.tar.bz2)= 9d48d06034b920a156333f40e6a8993dfef7563af5a356e6266ee3b714458d17
SHA256(exim-postscript-4.89_RC1.tar.gz)= 4499c0d1040c5b5ee14a9858668260acef7f2aea9c31c22ce7768ba639ae174b

https://lists.exim.org/lurker/message/20170131.025153.592b38db.en.html

Post has attachment
I have uploaded Exim 4.83 to the Exim website. It includes a fix for one Security Advisory, some new features, and several incremental improvements in function and documentation.  The official release notification is archived at https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html#exim-dev and the Security Advisory is archived at https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html.

We would like to publicly thank Rack911 and Cpanel for doing responsible disclosure of the issue they uncovered.

I have uploaded a security release for Exim 4.82.1.  If a builder/packager built Exim 4.82 with the Experimental DMARC feature, it used an unsafe function to parse the From header.  The fix can be viewed at http://git.exim.org/exim.git/commit/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0

Post has attachment
One of the issues that always plagues me is writing code which I don't realize is non-standard.  One way to fix that is to have lots of different people constantly building it on different OS/Distro/compiler combinations.  We need a build farm!

I started with the excellent PostgreSQL Build Farm code (both client and server side) and feel that the resulting Exim BuildFarm is relatively stable and ready to be exercised.  We have several RedHat lineage machines currently building and submitting to it.  I would like to see some other OS/architecture machines join the farm so we can see build issues when commits are made.

The Exim BuildFarm web interface is at http://eximbuild.mrball.net.  There is a wiki at https://github.com/mrballcb/exim-build-farm-client/wiki which gives an overview and installation process of the client.

Post has attachment
I have uploaded Exim 4.82 to the Exim website.  It's been baking for almost a year and half and has many new features as well as bugfixes.  Details are in the release email and can also be seen in the following URLs:

http://git.exim.org/exim.git/blob/exim-4_82:/doc/doc-txt/NewStuff
http://git.exim.org/exim.git/blob/exim-4_82:/doc/doc-txt/ChangeLog
http://git.exim.org/exim.git/blob/exim-4_82:/src/README.UPDATING

As a reminder: after Exim 4.80, we released 4.80.1 as a security-critical fix; to avoid confusion between "4.80.1" and "4.81", when we released 4.80.1 we announced that the next release would be 4.82.  We skipped 4.81.  There is no 4.81.  4.81 is a spoon, there is no spoon.

Post has shared content
Two of the exim.org team members, Todd Lyons and Jeremy Harris, shall soon start the work of cutting the Exim 4.82 release and beginning the RC series.
 
We currently expect that the 4.82 Release Candidates, final Release, and announcement message shall be PGP signed using Todd's key:
 
  0xC4F4F94804D29EBA
 
This key is in the PGP strong set, although it does not at time of writing include any signatures directly from any other @exim.org UIDs. There is a trust path from my [Phil Pennock's] key to Todd's via a key belonging to Phil Dibowitz, 0x3795E8C5A1E732BB.
 
For the record: I [pdp] know Mr Dibowitz as a former colleague, he is very security conscious and does not issue PGP signatures without diligent checking.  He's the author of the PGP tutorial documentation available at <http://phildev.net/pgp/> and is one of the few people to whose keys I assign a GnuPG trust ranking of '4'.  Thus I have a high degree of confidence in this trust path.

You can retrieve Todd's key from any of the normal PGP keyservers; for instance:

http://ha.pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0xC4F4F94804D29EBA

(click on the keyid in the "pub" line at the top).

This Exim release is long overdue and I'd like to take this opportunity to thank Todd and Jeremy for stepping up to make it happen.

-Phil Pennock
#Exim   #Release   #PGP

Two of the exim.org team members, Todd Lyons and Jeremy Harris, shall soon start the work of cutting the Exim 4.82 release and beginning the RC series.
 
We currently expect that the 4.82 Release Candidates, final Release, and announcement message shall be PGP signed using Todd's key:
 
  0xC4F4F94804D29EBA
 
This key is in the PGP strong set, although it does not at time of writing include any signatures directly from any other @exim.org UIDs. There is a trust path from my [Phil Pennock's] key to Todd's via a key belonging to Phil Dibowitz, 0x3795E8C5A1E732BB.
 
For the record: I [pdp] know Mr Dibowitz as a former colleague, he is very security conscious and does not issue PGP signatures without diligent checking.  He's the author of the PGP tutorial documentation available at <http://phildev.net/pgp/> and is one of the few people to whose keys I assign a GnuPG trust ranking of '4'.  Thus I have a high degree of confidence in this trust path.

You can retrieve Todd's key from any of the normal PGP keyservers; for instance:

http://ha.pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0xC4F4F94804D29EBA

(click on the keyid in the "pub" line at the top).

This Exim release is long overdue and I'd like to take this opportunity to thank Todd and Jeremy for stepping up to make it happen.

-Phil Pennock
#Exim   #Release   #PGP
Wait while more posts are being loaded