From: Phil Pennock Date: Mon, 3 Oct 2011 11:36:12 +0000 (-0400) Subject: Merge branch 'list_safety' X-Git-Tag: exim-4_77_RC1~2 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/d6cc7c78f624e505bb889c8ccd2879706d6dc9e1 Merge branch 'list_safety' (gnutls fixes had updated some text docs) --- d6cc7c78f624e505bb889c8ccd2879706d6dc9e1 diff --cc doc/doc-txt/ChangeLog index e58136040,e2e95c548..a911d80a1 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@@ -112,11 -112,10 +112,15 @@@ PP/08 Handle ${run} returning more dat PP/09 Handle IPv6 addresses with SPF. Bugzilla 860. Patch from Wolfgang Breyha. -PP/10 match_* no longer expand right-hand-side by default. +PP/10 GnuTLS: support TLS 1.2 & 1.1. + Bugzilla 1156. + Use gnutls_certificate_verify_peers2() [patch from Andreas Metzler]. + Bugzilla 1095. + ++PP/11 match_* no longer expand right-hand-side by default. + New compile-time build option, EXPAND_LISTMATCH_RHS. + New expansion conditions, "inlist", "inlisti". + Exim version 4.76 ----------------- diff --cc src/README.UPDATING index fadf59aa9,20313b2cb..8a0533b10 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@@ -29,12 -29,13 +29,19 @@@ that might affect a running system Exim version 4.77 ----------------- + * GnuTLS will now attempt to use TLS 1.2 and TLS 1.1 before TLS 1.0 and SSL3, + if supported by your GnuTLS library. Use the existing + "gnutls_require_protocols" option to downgrade this if that will be a + problem. Prior to this release, supported values were "TLS1" and "SSL3", + so you should be able to update configuration prior to update. + + * The match_{string1}{string2} expansion conditions no longer subject + string2 to string expansion, unless Exim was built with the new + "EXPAND_LISTMATCH_RHS" option. Too many people have inadvertently created + insecure configurations that way. If you need the functionality and turn on + that build option, please let the developers know, and know why, so we can + try to provide a safer mechanism for you. + Exim version 4.74 -----------------