X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/753739fdef6d9753ee4a7e89afd959a4034d2ad9..a522411280b4f851587511c26ea620481a11660e:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 3311ae8f5..4e0d602dd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,6 +2,25 @@ This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.95 +----------------- + +JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from + after reception to before a subsequent reception. This should + mean slightly faster delivery, and also confirmation of reception + to senders. + +JH/02 Move from using the pcre library to pcre2. The former is no longer + being developed or supported (by the original developer). + +JH/03 Constification work in the filters module required a major version + bump for the local-scan API. Specifically, the "headers_charset" + global which is visible via the API is now const and may therefore + not be modified by local-scan code. + +JH/04 Fix ClamAV TCP use under FreeBSD. Previously the OS-specific shim for + sendfile() didi not account for the way the ClamAV driver code called it. + Exim version 4.95 ----------------- @@ -38,7 +57,7 @@ JH/06 Bug 2594: Change the name used for certificate name checks in the smtp JH/07 Bug 2597: Fix a resource leak. Using a lookup in obtaining a value for smtp_accept_max_per_host allocated resources which were not released when the limit was exceeded. This eventually crashed the daemon. Fix - by adding a relase action in that path. + by adding a release action in that path. JH/08 Bug 2598: Fix verify ACL condition. The options for the condition are expanded; previously using tainted values was rejected. Fix by using @@ -75,7 +94,7 @@ JH/15 Bug 2620: Fix "spam" ACL condition. Previously, tainted values for the JH/16 Bug 2615: Fix pause during message reception, on systems that have been suspended/resumed. The Linux CLOCK_MONOTONIC does not account for time - spent suspended, ignoring the Posix definition. Previously we assumed + spent suspended, ignoring the POSIX definition. Previously we assumed it did and a constant offset from real time could be used as a correction. Change to using the same clock source for the start-of-message and the post-message next-tick-wait. Also change to using CLOCK_BOOTTIME if it @@ -83,12 +102,12 @@ JH/16 Bug 2615: Fix pause during message reception, on systems that have been JH/17 Bug 2295: Fix DKIM signing to always semicolon-terminate. Although the RFC says it is optional some validators care. The missing char was not - intended but triggered by a line-wrap alignement. Discovery and fix by + intended but triggered by a line-wrap alignment. Discovery and fix by Guillaume Outters, hacked on by JH. JH/18 Bug 2617: Fix a taint trap in parse_fix_phrase(). Previously when the name being quoted was tainted a trap would be taken. Fix by using - dynamicaly created buffers. The routine could have been called by a + dynamically created buffers. The routine could have been called by a rewrite with the "h" flag, by using the "-F" command-line option, or by using a "name=" option on a control=submission ACL modifier. @@ -146,15 +165,15 @@ JH/29 Bug 2675: add outgoing-interface I= element to deferred "==" log lines, JH/30 Bug 2677: fix matching of long addresses. Since 4.93 a limit of 256 was applied. This resulted, if any header-line rewrite rules were configured, - in a panic-log trigerrable by sending a message with a long address in - a header. Fix by increaing the arbitrary limit to larger than a single + in a panic-log triggerable by sending a message with a long address in + a header. Fix by increasing the arbitrary limit to larger than a single (dewrapped) 5322 header line maximum size. JH/31 The ESMTP option name advertised for the SUPPORT_EARLY_PIPE build option is changed from X_PIPE_CONNECT to PIPE_CONNECT. This is in line with RFC 6648 which deprecates X- options in protocols as a general practice. Changeover between the implementations is handled by the mechanisms - alrready coded. + already coded. JH/32 Bug 2599: fix delay of delivery to a local address where there is also a remote which uses callout/hold. Previously the local was queued. @@ -182,7 +201,7 @@ JH/37 Enforce the expected size, for fixed-size records read from hints-DB JH/38 When logging an AUTH failure, as server, do not include sensitive information. Previously, the credentials would be included if given - as part of the AUTH command line and an ACL denied authentidcation. + as part of the AUTH command line and an ACL denied authentication. JH/39 Bug 2691: fix $local_part_data. When the matching list element referred to a file, bad data was returned. This likely also affected @@ -236,14 +255,14 @@ JH/49 Bug 2710: when using SOCKS for additional messages after the first (a transport executions. This also mean that the log lines for the messages can show the proxy information. -JH/50 Bug 2672: QT elements in log lines, unless disabled, now exclude the +JH/50 Bug 2672: QT elements in log lines, unless disabled, now exclude the receive time. With modern systems the difference is significant. The historical behaviour can be restored by disabling (a new) log_selector "queue_time_exclusive". JH/51 Taint-check ACL line. Previously, only filenames (for out-of-line ACL - content) were specifically tested for. Now, also cover epxansions - rerulting in acl names and inline ACL content. + content) were specifically tested for. Now, also cover expansions + resulting in ACL names and inline ACL content. JH/52 Fix ${ip6norm:} operator. Previously, any trailing line text was dropped, making it unusable in complex expressions. @@ -317,7 +336,24 @@ JH/54 DMARC: recent versions of the OpenDMARC library appear to have broken JH/55 TLS: as server, reject connections with ALPN indicating non-smtp use. JH/56 Make the majority of info read from config files readonly, for defence-in- - depth against exploits. Suggestion by Qualsy. + depth against exploits. Suggestion by Qualys. + Not supported on Solaris 10. + +JH/57 Fix control=fakreject for a custom message containing tainted data. + Previously this resulted in a log complaint, due to a re-expansion present + since fakereject was originally introduced. + +JH/58 GnuTLS: Fix certextract expansion. If a second modifier after a tag + modifier was given, a loop resulted. + +JH/59 DKIM: Fix small-message verification under TLS with chunking. If a + pipelined SMTP command followed the BDAT LAST then it would be + incorrectly treated as part of the message body, causing a verification + fail. + +JH/60 Bug 2805: Fix logging of domain-literals in Message_ID: headers. They + require looser validation rules than those for 821-level addresses, + which only permit IP addresses. Exim version 4.94