X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/26da7e207f1978012085c096366d623dc15b9778..33191679e1a86ba6d9c38a74d07:/src/README.UPDATING?ds=sidebyside diff --git a/src/README.UPDATING b/src/README.UPDATING index 45822fdef..40210a800 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -1,4 +1,4 @@ -$Cambridge: exim/src/README.UPDATING,v 1.13 2006/09/25 11:25:37 ph10 Exp $ +$Cambridge: exim/src/README.UPDATING,v 1.17 2009/10/16 07:35:42 tom Exp $ This document contains detailed information about incompatibilities that might be encountered when upgrading from one release of Exim to another. The @@ -28,6 +28,71 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.74 +----------------- + + * No incompatible changes within Exim itself, but the integrated support for + dynamically loadable lookup modules has an ABI change from the modules + supported by some OS vendors through an unofficial patch. Don't try to + mix & match. + + +Exim version 4.73 +----------------- + + * The Exim run-time user can no longer be root; this was always + strongly discouraged, but is now prohibited both at build and + run-time. If you need Exim to run routinely as root, you'll need to + patch the source and accept the risk. Here be dragons. + + * Exim will no longer accept a configuration file owned by the Exim + run-time user, unless that account is explicitly the value in + CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that + files are not writable by other accounts. + + * The ALT_CONFIG_ROOT_ONLY build option is no longer optional and is forced + on; the Exim user can, by default, no longer use -C/-D and retain privilege. + Two new build options mitigate this. + + * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config + files that are trusted to be selected by the Exim user; one per line. + This is the recommended approach going forward. + + * WHITELIST_D_MACROS defines a colon-separated list of macro names which + the Exim run-time user may safely pass without dropping privileges. + Because changes to this involve a recompile, this is not the recommended + approach but may ease transition. The values of the macros, when + overriden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ + + * The system_filter_user option now defaults to the Exim run-time user, + rather than root. You can still set it explicitly to root and this + can be done with prior versions too, letting you roll versions + without needing to change this configuration option. + + * ClamAV must be at least version 0.95 unless WITH_OLD_CLAMAV_STREAM is + defined at build time. + + +Exim version 4.70 +----------------- + +1. Experimental Yahoo! Domainkeys support has been dropped in this release. +It has been superceded by a native implementation of its successor DKIM. + +2. Up to version 4.69, Exim came with an embedded version of the PCRE library. +As of 4.70, this is no longer the case. To compile Exim, you will need PCRE +installed. Most OS distributions have ready-made library and develoment +packages. + + +Exim version 4.68 +----------------- + +1. The internal implementation of the database keys that are used for ACL +ratelimiting has been tidied up. This means that an update to 4.68 might cause +Exim to "forget" previous rates that it had calculated, and reset them to zero. + + Exim version 4.64 ----------------- @@ -41,6 +106,27 @@ there is no remote transport (possible with a router that sets up host addresses), $smtp_active_hostname is used. This change is mentioned here in case somebody is relying on the use of $smtp_active_hostname. +2. A bug has been fixed that might just possibly be something that is relied on +in some configurations. In expansion items such as ${if >{xxx}{yyy}...} an +empty string (that is {}) was being interpreted as if it was {0} and therefore +treated as the number zero. From release 4.64, such strings cause an error +because a decimal number, possibly followed by K or M, is required (as has +always been documented). + +3. There has been a change to the GnuTLS support (ChangeLog/PH/20) to improve +Exim's performance. Unfortunately, this has the side effect of being slightly +non-upwards compatible for versions 4.50 and earlier. If you are upgrading from +one of these earlier versions and you use GnuTLS, you must remove the file +called gnutls-params in Exim's spool directory. If you don't do this, you will +see this error: + + TLS error on connection from ... (DH params import): Base64 decoding error. + +Removing the file causes Exim to recompute the relevant encryption parameters +and cache them in the new format that was introduced for release 4.51 (May +2005). If you are upgrading from release 4.51 or later, there should be no +problem. + Exim version 4.63 -----------------