X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/56ed4f42c83f576badd797a6ec6ba81ad73166ea..e94c0fe42ba93c2643d44046f2f3a269bae41290:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2a7a70c47..37cc3b77d 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -22,6 +22,64 @@ JH/03 With dkim_verify_minimal, avoid calling the DKIM ACL after the first JH/04 Remove the docs and support scripts dealing with conversion of Exim version 3 installations. +JH/05 Fix hintsdb support for dbmjz when compiled using sqlite3. Previously + the backend support assumed keys would be simple C strings, but dbmjz + uses keys with embedded NUL bytes. The builtin hintsdb use is unaffected, + but installations using dbmjz will need to rebuild those DBs. + +JH/06 Bug 1141: When operating a continued-connection transport, verify that + the interface option, if specified, evaluates to match the connection. + Previously, a queued message for the same host was sent without checking. + +JH/07 Bug 3106: Fix coding in SPA authenticator. A macro argument was not + properly parenthesized, resulting in a logic error. While the simple + fix was provided by Andrew Aitchison, the over-large code block resulting + from this macro made me want to replace it with a real function so more + extensive rework becamse needed. + +JH/08 The output of "exim -bV" now includes lookup types built as dynamic-load + modules. + +JH/09 Not a change, but worthy of note: There is no test coverage of the + heimdall-gssapi authenticator driver. It does build, though with (on at + least one platform) library version conflicts with the gsasl auth + driver). Confidence in its operation is lacking. + +JH/10 Bug 3108: On platforms not providing strchrnul() [OpenBSD] supply a proper + prototype (as well as implementaton). Previously, a return type "int" + was assumed, resulting in type-conversion bugs when int and pointer had + different size. This resulted in crashes while processing DKIM signatures + of received messages. Identification and fix from Qualys Security. + +JH/11 Lookups built as dynamic-load modules which support a single lookup + type are now only loaded if required by the config. Previously all lookup + modules present in the modules directory were loaded; this now applies + only to those supporting multiple types. + +JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup + syntax". Previously, the end of the top-level file was reported. + +JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted + record could crash the meesage recieve process. Investigation by + Maxim Galaganov. + +JH/14 Bug 3116: Fix crash in dkim signing. On kernels supporting immutable + memory segments, a write was done into one when a constant string was + configured for a transport's dkim private key. + +JH/15 Disallow tainted metadata in lists. + - Change-of-separator prefixes are handled specially when they are + explicit text; only the remainder of the list is expanded. A change-of- + separator resulting from expansion will not take effect if tainted. + - Elements starting with a plus-sign (named-list inclusion, + case-interpretation etc) and (hostlist) @[] (et al) are not handled + specially and are still operative at this time - but warnings are logged; + if any of these are needed in a list with a tainted element (which taints + the entire list at string-expansion time) then a named-list can be used + for that element. + - Exclamation-marks ("!" signifying negation) are not checked for taint + at this time. + Exim version 4.98 -----------------