Exim version 4.98
-----------------
+JH/01 Use fewer forks & execs for sending many messages to a single host.
+ By passing back more info from the transport to the delivery process,
+ we can loop there. A two-phase queue run will benefit, particularly for
+ mailinglist and smarthost cases.
+
+JH/02 Add transaction support for hintsdbs. The providers supported are tdb and
+ sqlite. Transactions are used for the wait-transport and retry DBs.
+ They imply locking internal to the DB. We no longer need a separate
+ lockfile, can keep the DB handle open for extended periods, yet
+ potentially benefit from concurrency on non-conflicting record uses.
+
+JH/03 With dkim_verify_minimal, avoid calling the DKIM ACL after the first
+ good verify.
+
+JH/04 Remove the docs and support scripts dealing with conversion of Exim
+ version 3 installations.
+
+JH/05 Fix hintsdb support for dbmjz when compiled using sqlite3. Previously
+ the backend support assumed keys would be simple C strings, but dbmjz
+ uses keys with embedded NUL bytes. The builtin hintsdb use is unaffected,
+ but installations using dbmjz will need to rebuild those DBs.
+
+JH/06 Bug 1141: When operating a continued-connection transport, verify that
+ the interface option, if specified, evaluates to match the connection.
+ Previously, a queued message for the same host was sent without checking.
+
+JH/07 Bug 3106: Fix coding in SPA authenticator. A macro argument was not
+ properly parenthesized, resulting in a logic error. While the simple
+ fix was provided by Andrew Aitchison, the over-large code block resulting
+ from this macro made me want to replace it with a real function so more
+ extensive rework becamse needed.
+
+JH/08 The output of "exim -bV" now includes lookup types built as dynamic-load
+ modules.
+
+JH/09 Not a change, but worthy of note: There is no test coverage of the
+ heimdall-gssapi authenticator driver. It does build, though with (on at
+ least one platform) library version conflicts with the gsasl auth
+ driver). Confidence in its operation is lacking.
+
+JH/10 Bug 3108: On platforms not providing strchrnul() [OpenBSD] supply a proper
+ prototype (as well as implementaton). Previously, a return type "int"
+ was assumed, resulting in type-conversion bugs when int and pointer had
+ different size. This resulted in crashes while processing DKIM signatures
+ of received messages. Identification and fix from Qualys Security.
+
+JH/11 Lookups built as dynamic-load modules which support a single lookup
+ type are now only loaded if required by the config. Previously all lookup
+ modules present in the modules directory were loaded; this now applies
+ only to those supporting multiple types.
+
+JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup
+ syntax". Previously, the end of the top-level file was reported.
+
+JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted
+ record could crash the meesage recieve process. Investigation by
+ Maxim Galaganov.
+
+JH/14 Bug 3116: Fix crash in dkim signing. On kernels supporting immutable
+ memory segments, a write was done into one when a constant string was
+ configured for a transport's dkim private key.
+
+JH/15 Disallow tainted metadata in lists.
+ - Change-of-separator prefixes are handled specially when they are
+ explicit text; only the remainder of the list is expanded. A change-of-
+ separator resulting from expansion will not take effect if tainted.
+ - Elements starting with a plus-sign (named-list inclusion,
+ case-interpretation etc) and (hostlist) @[] (et al) are not handled
+ specially and are still operative at this time - but warnings are logged;
+ if any of these are needed in a list with a tainted element (which taints
+ the entire list at string-expansion time) then a named-list can be used
+ for that element.
+ - Exclamation-marks ("!" signifying negation) are not checked for taint
+ at this time.
+
+JH/16 Bug 3124: Fix theoretical crash in received connection, triggerable by a
+ crafted packet with massive count of IP options. A buffer overflow was
+ detected, but a null-deref results. In practice, IP packets with options
+ are rare (to non-existent). Exim refuses connections having any, but this
+ issue was in the coding for logging preceding that refusal. If coredumps
+ were enabled (not common), an attack could cause filesystem space usage.
+
+JH/17 Bug 3126: Fix build error in the ibase lookup. Find & fix by
+ Andrew Aitchison.
+
+Exim version 4.98
+-----------------
+
JH/01 Support list of dkim results in the dkim_status ACL condition, making
it more usable in the data ACL.
dealt with. Thanks to Wolfgand Breyha for debug runs.
JH/22 The ESMTP_LIMITS facility (RFC 9422) is promoted from experimental status
- and is now controlled by the build-time option DISABLE_ESMTP_LIMITS..
+ and is now controlled by the build-time option DISABLE_ESMTP_LIMITS.
+
+JH/23 Bug 3066: Avoid leaking lookup database credentials to log.
+
+JH/24 Bug 3081: Fix a delivery process crash. When the router "errors_to"
+ option specified a fixed address, later rewriting on that address would
+ trip on the configuration data being readonly. Instead of modifying
+ in-place, copy data. Found and fixed by Peter Benie.
+
+JH/25 Bug 3079: Fix crash in dbmnz. When a key was present for zero-length
+ data a null pointer was followed. Find and testcase by Sebastian Bugge.
+
+JH/26 Fix encoding for an AUTH parameter on a MAIL FROM command. Previously
+ decimal 127 chars were not encoded, and lowercase hex was used for
+ encoded values. Outstanding since at least 1999.
+
+JH/27 Fix crash in logging. When a message with a large number of recipients
+ had been received, and logging of recipients is enabled, the buffer used
+ for logging could reach limit. A read using a null pointer would then
+ be done, resulting in a crash of the receiving process before an SMTP
+ ACK for the message was returned to the sending system. Duplicate
+ messages were created as a result.
+ Find and debug help by Mateusz Krawczyk
+
+JH/28 Bug 3086: Fix exinext for ipv6. Change the format of keys in the retry
+ DB, wrapping transport record bare-ip "host names" and ipv6
+ "host addresses" in square-brackets. This makes the parsing that
+ exinext does more reliable.
+
+JH/29 Bug 3087: Fix SRS encode. A zero-length quoted element in the local-part
+ would cause a crash.
+
+JH/30 Bug 3029: Avoid feeding Resent-From: to DMARC.
+
+JH/31 Bug 3027: For -bh / -bhc tests change to using the compressed form of
+ ipv6 addresses for the sender. Previously the uncompressed form was used,
+ and if used in textual form this would result in behavior difference
+ versus non-bh.
+
+JH/32 Bug 3096: MAIL before HELO/EHLO, where required by hosts_require_helo, is
+ now classed as a protocol error and subject to smtp_max_synprot_errors.
+
+JH/33 Bug 2994: A subdir dsearch lookup should permit a directory name that starts
+ ".." and has following characters.
+
+JH/34 Fix delivery ordering for 2-phase queue run combined with
+ queue_run_in_order.
+
+JH/35 Bug 3099: fix parsing of MIME filename= split over multiple paramemters.
+ Previously the $mime_filename variable would have an incorrect value.
+ While in the code, extend coverage to name= which previously was only
+ supported for single parameters, despite also filling in $mime_filename.
Exim version 4.97
mx_fail_domains.
JH/45 Use a (new) separate store pool-pair for DKIM verify working data.
- Previously the permanent pool was used, so the sore could not be freed.
+ Previously the permanent pool was used, so the store could not be freed.
This meant a connection with many messages would use continually-growing
memory.