X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/8618b5c7a533f167bff9c25c9653d8d3ab94b68f..ee549a2ed04164407f4f897be3bf545f32579c5c:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index fadb4995a..d3820946e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -10,15 +10,92 @@ JH/01 Use fewer forks & execs for sending many messages to a single host. we can loop there. A two-phase queue run will benefit, particularly for mailinglist and smarthost cases. -JH/02 Add transaction support for hintsdbs. The sole initial provider is - sqlite, and is used for the wait-transport and retry DBs. Transactions - imply locking internal to the DB. We no longer need a separate lockfile, - can keep the DB handle open for extended periods, yet potentially benefit - from concurrency on non-conflicting record uses. +JH/02 Add transaction support for hintsdbs. The providers supported are tdb and + sqlite. Transactions are used for the wait-transport and retry DBs. + They imply locking internal to the DB. We no longer need a separate + lockfile, can keep the DB handle open for extended periods, yet + potentially benefit from concurrency on non-conflicting record uses. JH/03 With dkim_verify_minimal, avoid calling the DKIM ACL after the first good verify. +JH/04 Remove the docs and support scripts dealing with conversion of Exim + version 3 installations. + +JH/05 Fix hintsdb support for dbmjz when compiled using sqlite3. Previously + the backend support assumed keys would be simple C strings, but dbmjz + uses keys with embedded NUL bytes. The builtin hintsdb use is unaffected, + but installations using dbmjz will need to rebuild those DBs. + +JH/06 Bug 1141: When operating a continued-connection transport, verify that + the interface option, if specified, evaluates to match the connection. + Previously, a queued message for the same host was sent without checking. + +JH/07 Bug 3106: Fix coding in SPA authenticator. A macro argument was not + properly parenthesized, resulting in a logic error. While the simple + fix was provided by Andrew Aitchison, the over-large code block resulting + from this macro made me want to replace it with a real function so more + extensive rework becamse needed. + +JH/08 The output of "exim -bV" now includes lookup types built as dynamic-load + modules. + +JH/09 Not a change, but worthy of note: There is no test coverage of the + heimdall-gssapi authenticator driver. It does build, though with (on at + least one platform) library version conflicts with the gsasl auth + driver). Confidence in its operation is lacking. + +JH/10 Bug 3108: On platforms not providing strchrnul() [OpenBSD] supply a proper + prototype (as well as implementaton). Previously, a return type "int" + was assumed, resulting in type-conversion bugs when int and pointer had + different size. This resulted in crashes while processing DKIM signatures + of received messages. Identification and fix from Qualys Security. + +JH/11 Lookups built as dynamic-load modules which support a single lookup + type are now only loaded if required by the config. Previously all lookup + modules present in the modules directory were loaded; this now applies + only to those supporting multiple types. + +JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup + syntax". Previously, the end of the top-level file was reported. + +JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted + record could crash the meesage recieve process. Investigation by + Maxim Galaganov. + +JH/14 Bug 3116: Fix crash in dkim signing. On kernels supporting immutable + memory segments, a write was done into one when a constant string was + configured for a transport's dkim private key. + +JH/15 Disallow tainted metadata in lists. + - Change-of-separator prefixes are handled specially when they are + explicit text; only the remainder of the list is expanded. A change-of- + separator resulting from expansion will not take effect if tainted. + - Elements starting with a plus-sign (named-list inclusion, + case-interpretation etc) and (hostlist) @[] (et al) are not handled + specially and are still operative at this time - but warnings are logged; + if any of these are needed in a list with a tainted element (which taints + the entire list at string-expansion time) then a named-list can be used + for that element. + - Exclamation-marks ("!" signifying negation) are not checked for taint + at this time. + +JH/16 Bug 3124: Fix theoretical crash in received connection, triggerable by a + crafted packet with massive count of IP options. A buffer overflow was + detected, but a null-deref results. In practice, IP packets with options + are rare (to non-existent). Exim refuses connections having any, but this + issue was in the coding for logging preceding that refusal. If coredumps + were enabled (not common), an attack could cause filesystem space usage. + +JH/17 Bug 3126: Fix build error in the ibase lookup. Find & fix by + Andrew Aitchison. + +JH/18 Bug 3102: The dmarc_tld_file and dmarc_history_file options are now + expanded before use. + +JH/19 Bug 3092: Call acl_smtp_notquit for drops associated with the + smtp_max_synprot_errors limit. + Exim version 4.98 -----------------