X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9e45c72b8e4f14f722c704634ee0880ca65e4686..4263f395efd136dece52d765dfcff3c96f17506e:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index bf4ddf1af..bc2fbc671 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,6 +1,14 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.80.1 +------------------- + +PP/01 SECURITY: protect DKIM DNS decoding from remote exploit. + CVE-2012-5671 + This, or similar/improved, will also be change PP/11 of 4.81. + + Exim version 4.80 ----------------- @@ -113,9 +121,58 @@ PP/25 Revamped GnuTLS support, passing tls_require_ciphers to PP/26 Added EXPERIMENTAL_OCSP for OpenSSL. PP/27 Applied dnsdb SPF support patch from Janne Snabb. + Applied second patch from Janne, implementing suggestion to default + multiple-strings-in-record handling to match SPF spec. JH/04 Added expansion variable $tod_epoch_l for a higher-precision time. +PP/28 Fix DCC dcc_header content corruption (stack memory referenced, + read-only, out of scope). + Patch from Wolfgang Breyha, report from Stuart Northfield. + +PP/29 Fix three issues highlighted by clang analyser static analysis. + Only crash-plausible issue would require the Cambridge-specific + iplookup router and a misconfiguration. + Report from Marcin Mirosław. + +PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy. + +PP/31 %D in printf continues to cause issues (-Wformat=security), so for + now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. + As part of this, removing so much warning spew let me fix some minor + real issues in debug logging. + +PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing + assignment on my part. Fixed. + +PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit + of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by + Janne Snabb (who went above and beyond: thank you). + +PP/34 Validate tls_require_ciphers on startup, since debugging an invalid + string otherwise requires a connection and a bunch more work and it's + relatively easy to get wrong. Should also expose TLS library linkage + problems. + +PP/35 Pull in on Linux, for some portability edge-cases of + 64-bit ${eval} (JH/03). + +PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of + GNU libc to support some of the 64-bit stuff, should not lead to + conflicts. Defined before os.h is pulled in, so if a given platform + needs to override this, it can. + +PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought + protection layer was required, which is not implemented. + Bugzilla 1254, patch from Wolfgang Breyha. + +PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built + into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make + tls_dhparam take prime identifiers. Also unbreak combination of + OpenSSL+DH_params+TLSSNI. + +PP/39 Disable SSLv2 by default in OpenSSL support. + Exim version 4.77 -----------------