X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/df6303fac223cae633ac6054ea8d795f2e8bf7ee..e11808aefbde8bc86009a426ca73c252d93093ec:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index aa11372cb..8c7dc7230 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,7 +1,7 @@ Change log file for Exim from version 4.21 ------------------------------------------- -Exim version 4.78 +Exim version 4.80 ----------------- PP/01 Handle short writes when writing local log-files. @@ -25,6 +25,130 @@ PP/04 Local/Makefile support for (AUTH|LOOKUP)_*_PC=foo to use PP/05 Swapped $auth1/$auth2 for gsasl GSSAPI mechanism, to be more consistent with rest of GSASL and with heimdal_gssapi. +PP/06 Local/Makefile support for USE_(GNUTLS|OPENSSL)_PC=foo to use + `pkg-config foo` for cflags/libs for the TLS implementation. + +PP/07 New expansion variable $tls_bits; Cyrus SASL server connection + properties get this fed in as external SSF. A number of robustness + and debugging improvements to the cyrus_sasl authenticator. + +PP/08 cyrus_sasl server now expands the server_realm option. + +PP/09 Bugzilla 1214 - Log authentication information in reject log. + Patch by Jeremy Harris. + +PP/10 Added dbmjz lookup type. + +PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid. + +PP/12 MAIL args handles TAB as well as SP, for better interop with + non-compliant senders. + Analysis and variant patch by Todd Lyons. + +NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated + Bug report from Lars Müller (via SUSE), + Patch from Dirk Mueller + +PP/13 tls_peerdn now print-escaped for spool files. + Observed some $tls_peerdn in wild which contained \n, which resulted + in spool file corruption. + +PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" + values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read + or write after TLS renegotiation, which otherwise led to messages + "Got SSL error 2". + +TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted + as a tracking header (ie: a signed header comes before the signature). + Patch from Wolfgang Breyha. + +JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a + comma-sep list; embedded commas doubled. + +JH/02 Refactored ACL "verify =" logic to table-driven dispatch. + +PP/15 LDAP: Check for errors of TLS initialisation, to give correct + diagnostics. + Report and patch from Dmitry Banschikov. + +PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options". + Removed SSL_clear() after SSL_new() which led to protocol negotiation + failures. We appear to now support TLS1.1+ with Exim. + +PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate + lets Exim select keys and certificates based upon TLS SNI from client. + Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly + before an outbound SMTP session. New log_selector, +tls_sni. + +PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid + NULL dereference. Report and patch from Alun Jones. + +PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage + on less well tested platforms). Obviates NetBSD pkgsrc patch-ac. + Not seeing resolver debug output on NetBSD, but suspect this is a + resolver implementation change. + +PP/20 Revert part of NM/04, it broke log_path containing %D expansions. + Left warnings. Added "eximon gdb" invocation mode. + +PP/21 Defaulting "accept_8bitmime" to true, not false. + +PP/22 Added -bw for inetd wait mode support. + +PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to + locate the relevant includes and libraries. Made this the default. + +PP/24 Fixed headers_only on smtp transports (was not sending trailing dot). + Bugzilla 1246, report and most of solution from Tomasz Kusy. + +JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). + This may cause build issues on older platforms. + +PP/25 Revamped GnuTLS support, passing tls_require_ciphers to + gnutls_priority_init, ignoring Exim options gnutls_require_kx, + gnutls_require_mac & gnutls_require_protocols (no longer supported). + Added SNI support via GnuTLS too. + Made ${randint:..} supplier available, if using not-too-old GnuTLS. + +PP/26 Added EXPERIMENTAL_OCSP for OpenSSL. + +PP/27 Applied dnsdb SPF support patch from Janne Snabb. + Applied second patch from Janne, implementing suggestion to default + multiple-strings-in-record handling to match SPF spec. + +JH/04 Added expansion variable $tod_epoch_l for a higher-precision time. + +PP/28 Fix DCC dcc_header content corruption (stack memory referenced, + read-only, out of scope). + Patch from Wolfgang Breyha, report from Stuart Northfield. + +PP/29 Fix three issues highlighted by clang analyser static analysis. + Only crash-plausible issue would require the Cambridge-specific + iplookup router and a misconfiguration. + Report from Marcin Mirosław. + +PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy. + +PP/31 %D in printf continues to cause issues (-Wformat=security), so for + now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. + As part of this, removing so much warning spew let me fix some minor + real issues in debug logging. + +PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing + assignment on my part. Fixed. + +PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit + of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by + Janne Snabb (who went above and beyond: thank you). + +PP/34 Validate tls_require_ciphers on startup, since debugging an invalid + string otherwise requires a connection and a bunch more work and it's + relatively easy to get wrong. Should also expose TLS library linkage + problems. + +PP/35 Pull in on Linux, for some portability edge-cases of + 64-bit ${eval} (JH/03). + Exim version 4.77 -----------------