X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/602e59e5b8de4b1bf6617437156ae619ea55a569..48da425923d2c912902cc946782e4ea8075a4386:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4e2c709e6..6059f6b6f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.407 2006/10/16 10:37:19 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.411 2006/10/18 08:55:37 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -65,7 +65,7 @@ PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_ addresses), $smtp_active_hostname is used. PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various - tweaks were necessary in order to get it to work: + tweaks were necessary in order to get it to work (see also 21 below): (a) The code assumed that strncpy() returns a negative number on buffer overflow, which isn't the case. Replaced with Exim's string_format() function. @@ -134,6 +134,30 @@ PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called but it didn't always do it. This confused somebody who was copying the code for some other use. I have removed all the tests. +PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a + feature that was used to support insecure browsers during the U.S. crypto + embargo. It requires special client support, and Exim is probably the + only MTA that supported it -- and would never use it because real RSA is + always available. This code has been removed, because it had the bad + effect of slowing Exim down by computing (never used) parameters for the + RSA_EXPORT functionality. + +PH/21 On the advice of Timo Sirainen, added a check to the dovecot + authenticator to fail if there's a tab character in the incoming data + (there should never be unless someone is messing about, as it's supposed + to be base64-encoded). Also added, on Timo's advice, the "secured" option + if the connection is using TLS or if the remote IP is the same as the + local IP, and the "valid-client-cert option" if a client certificate has + been verified. + +PH/22 As suggested by Dennis Davis, added a server_condition option to *all* + authenticators. This can be used for authorization after authentication + succeeds. (In the case of plaintext, it servers for both authentication + and authorization.) + +PH/23 Testing for tls_required and lost_connection in a retry rule didn't work + if any retry times were supplied. + Exim version 4.63 -----------------