HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
API changes in libopendmarc.
+JH/12 Bug 2930: Fix daemon startup. When started from any process apart from
+ pid 1, in the normal "background daemon" mode, having to drop process-
+ group leadership also lost track of needing to create listener sockets.
+
+JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
+ resulted in the variable appearing empty. Find and fix by Ruben Jenster.
+
+JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
+ a capture group which obtained no text (eg. "(abc)*" matching zero
+ occurrences) could cause a segfault if the corresponding $<n> was
+ expanded.
+
+JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
+ included a close-brace character (eg. it itself used an expansion) an
+ error occurred.
+
+JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
+ starting TLS. Previously it was after, meaning that attackers on such
+ ports had to be screened using the host_reject_connection main config
+ option. The new sequence aligns better with the STARTTLS behaviour, and
+ permits defences against crypto-processing load attacks, even though it
+ is strictly an incompatible change.
+ Also, avoid sending any SMTP fail response for either the connect ACL
+ or host_reject_connection, for TLS-on-connect ports.
+
+JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
+ Previously this was not permitted, but it makes reasonable sense.
+ While there, restore a restriction on using it from a connect ACL; given
+ the change JH/16 it could only return false (and before 4.91 was not
+ permitted).
+
+JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line
+ was exactly sized compared to the log buffer, a crash occurred with the
+ misleading message "bad memory reference; pool not found".
+ Found and traced by Jasen Betts.
+
+JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
+ dns_again_means_nonexist included an element causing a DNS lookup which
+ iteslf returned DNS_AGAIN, unbounded recursion occurred. Possible results
+ included (though probably not limited to) a process crash from stack
+ memory limit, or from excessive open files. Replace this with a paniclog
+ whine (as this is likely a configuration error), and returning
+ DNS_NOMATCH.
+
+JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously
+ this always failed, probably leading to the usual downgrade to in-clear
+ connections.
+
+JH/21 Fix TLSA lookups. Previously dns_again_means_nonexist would affect
+ SERVFAIL results, which breaks the downgrade resistance of DANE. Change
+ to not checking that list for these lookups.
+
+JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
+ closure log lines.
+
+JH/23 Fix crash in string expansions. Previously, if an empty variable was
+ immediately followed by an expansion operator, a null-indirection read
+ was done, killing the process.
+
+JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
+ include an SMTP response string which is longer than that supported
+ by the delivering transport. Alleviate by wrapping such lines before
+ column 80.
+
+JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
+ chars (RFC limit). Previously a limit of 12 items was made, which with
+ a not-impossible References: in the message being bounced could still
+ be over-large and get stopped in the transport.
+
+JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
+ close. Previously a bare socket close was done.
+
Exim version 4.96
-----------------
git://git.exim.org / exim.git / blobdiff