Fix taint trap in parse_fix_phrase(). Bug 2617

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 83908a58a8b48de56ead0df8b50d2882294e6ab7..6d688d1b4bd4dc1e3a75c4ed3156ec18429aafdd 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -74,13 +74,24 @@ JH/15 Fix "spam" ACL condition.  Previously, tainted values for the "name"
       was a coding error.
 
 JH/16 Bug 2615: Fix pause during message reception, on systems that have been
-      suspended/resumed.  This Linux CLOCK_MONOTONIC does not account for time
-      spent suspended, ignoring the Posix definintion.  Previously we assumed
+      suspended/resumed.  The Linux CLOCK_MONOTONIC does not account for time
+      spent suspended, ignoring the Posix definition.  Previously we assumed
       it did and a constant offset from real time could be used as a correction.
       Change to using the same clock source for the start-of-message and the
       post-message next-tick-wait.  Also change to using CLOCK_BOOTTIME if it
       exists, just to get a clock slightly more aligned to reality.
 
+JH/17 Bug 2295: Fix DKIM signing to always semicolon-terminate.  Although the
+      RFC says it is optional some validators care.  The missing char was not
+      intended but triggered by a line-wrap alignement.  Discovery and fix by
+      Guillaume Outters, hacked on by JH.
+
+JH/18 Bug 2617: Fix a taint trap in parse_fix_phrase().  Previously when the
+      name being quoted was tainted a trap would be taken.  Fix by using
+      dynamicaly created buffers.  The routine could have been called by a
+      rewrite with the "h" flag, by using the "-F" command-line option, or
+      by using a "name=" option on a control=submission ACL modifier.
+
 
 Exim version 4.94
 -----------------