-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.103 2005/03/29 14:19:21 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.123 2005/04/07 15:37:13 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
"previously delivered" was not happening when checking to see if an
address could be batched with a previous (undelivered) one; under
certain circumstances this could lead to multiple deliveries to the same
- address. A one-line patch to add the appropriate test fixes the bug.
+ address.
PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T
in its include files, and this causes problems building Exim.
API. The code is untested by me (my Linux distribution still has 0.3.2 of
radiusclient), but it was contributed by a Radius user.
+PH/18 Installed Lars Mainka's patch for the support of CRL collections in
+ files or directories, for OpenSSL.
+
+PH/19 When an Exim process that is running as root has to create an Exim log
+ file, it does so in a subprocess that runs as exim:exim so as to get the
+ ownership right at creation (otherwise, other Exim processes might see
+ the file with the wrong ownership). There was no test for failure of this
+ fork() call, which would lead to the process getting stuck as it waited
+ for a non-existent subprocess. Forks do occasionally fail when resources
+ run out. I reviewed all the other calls to fork(); they all seem to check
+ for failure.
+
+PH/20 When checking for unexpected SMTP input at connect time (before writing
+ the banner), Exim was not dealing correctly with a non-positive return
+ from the read() function. If the client had disconnected by this time,
+ the result was a log entry for a synchronization error with an empty
+ string after "input=" when read() returned zero. If read() returned -1
+ (an event I could not check), uninitialized data bytes were printed.
+ There were reports of junk text (parts of files, etc) appearing after
+ "input=".
+
+PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages.
+
+PH/22 Added support for macro redefinition, and (re)definition in between
+ driver and ACL definitions.
+
+PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then
+ forgetting to use the resulting value; it was using the unexpanded value.
+
+PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it
+ hadn't been configured. The fix is from Juergen Kreileder, who
+ understands it better than I do:
+
+ "Here's what I see happening with three configured cyrus_sasl
+ authenticators configured (plain, login, cram-md5):
+
+ On startup auth_cyrus_sasl_init() gets called for each of these.
+ This means three calls to sasl_listmech() without a specified mech_list.
+ => SASL tests which mechs of all available mechs actually work
+ => three warnings about OTP not working
+ => the returned list contains: plain, login, cram-md5, digest-md5, ...
+
+ With the patch, sasl_listmech() also gets called three times. But now
+ SASL's mech_list option is set to the server_mech specified in the the
+ authenticator. Or in other words, the answer from sasl_listmech()
+ gets limited to just the mech you're testing for (which is different
+ for each call.)
+ => the return list contains just 'plain' or 'login', 'cram-md5' or
+ nothing depending on the value of ob->server_mech.
+
+ I've just tested the patch: Authentication still works fine,
+ unavailable mechs specified in the exim configuration are still
+ caught, and the auth.log warnings about OTP are gone."
+
+PH/25 When debugging is enabled, the contents of the command line are added
+ to the debugging output, even when log_selector=+arguments is not
+ specified.
+
+PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the
+ answer is "GNU", and only if the return is "GNU/something" is the answer
+ "Linux".
+
+PH/27 $acl_verify_message is now set immediately after the failure of a
+ verification in an ACL, and so is available in subsequent modifiers. In
+ particular, the message can be preserved by coding like this:
+
+ warn !verify = sender
+ set acl_m0 = $acl_verify_message
+
+ Previously, $acl_verify_message was set only while expanding "message"
+ and "log_message" when a very denied access.
+
+PH/28 Modified OS/os.c-Linux with
+
+ -#ifndef OS_LOAD_AVERAGE
+ +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__)
+
+ to make Exim compile on kfreebsd-gnu. (I'm totally confused about the
+ nomenclature these days.)
+
+PH/29 Installed patch from the Sieve maintainer that adds the options
+ sieve_useraddress and sieve_subaddress to the redirect router.
+
+PH/30 In these circumstances:
+ . Two addresses routed to the same list of hosts;
+ . First host does not offer TLS;
+ . First host accepts first address;
+ . First host gives temporary error to second address;
+ . Second host offers TLS and a TLS session is established;
+ . Second host accepts second address.
+ Exim incorrectly logged both deliveries with the TLS parameters (cipher
+ and peerdn, if requested) that were in fact used only for the second
+ address.
+
+PH/31 When doing a callout as part of verifying an address, Exim was not paying
+ attention to any local part prefix or suffix that was matched by the
+ router that accepted the address. It now behaves in the same way as it
+ does for delivery: the affixes are removed from the local part unless
+ rcpt_include_affixes is set on the transport.
+
+PH/32 Add the sender address, as F=<...>, to the log line when logging a
+ timeout during the DATA phase of an incoming message.
+
+PH/33 Sieve envelope tests were broken for match types other than :is. I have
+ applied a patch sanctioned by the Sieve maintainer.
+
+PH/34 Change 4.50/80 broke Exim in that it could no longer handle cases where
+ the uid or gid is negative. A case of a negative gid caused this to be
+ noticed. The fix allows for either to be negative.
+
+PH/35 ACL_WHERE_MIME is now declared unconditionally, to avoid too much code
+ clutter, but the tables that are indexed by ACL_WHERE_xxx values had been
+ overlooked.
+
+PH/36 The change PH/12 above was broken. Fixed it.
+
+PH/37 Exim used to check for duplicate addresses in the middle of routing, on
+ the grounds that routing the same address twice would always produce the
+ same answer. This might have been true once, but it is certainly no
+ longer true now. Routing a child address may depend on the previous
+ routing that produced that child. Some complicated redirection strategies
+ went wrong when messages had multiple recipients, and made Exim's
+ behaviour dependent on the order in which the addresses were given.
+
+ I have moved the duplicate checking until after the routing is complete.
+ Exim scans the addresses that are assigned to local and remote
+ transports, and removes any duplicates. This means that more work will be
+ done, as duplicates will always all be routed, but duplicates are
+ presumably rare, so I don't expect this is of any significance.
+
+ For deliveries to pipes, files, and autoreplies, the duplicate checking
+ still happens during the routing process, since they are not going to be
+ routed further.
+
A note about Exim versions 4.44 and 4.50
----------------------------------------