X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/ed774df4902eaa5d67f7220a3b2d0831aee2da0f..ee549a2ed04164407f4f897be3bf545f32579c5c:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index bd4fd1921..d3820946e 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -67,6 +67,35 @@ JH/14 Bug 3116: Fix crash in dkim signing. On kernels supporting immutable memory segments, a write was done into one when a constant string was configured for a transport's dkim private key. +JH/15 Disallow tainted metadata in lists. + - Change-of-separator prefixes are handled specially when they are + explicit text; only the remainder of the list is expanded. A change-of- + separator resulting from expansion will not take effect if tainted. + - Elements starting with a plus-sign (named-list inclusion, + case-interpretation etc) and (hostlist) @[] (et al) are not handled + specially and are still operative at this time - but warnings are logged; + if any of these are needed in a list with a tainted element (which taints + the entire list at string-expansion time) then a named-list can be used + for that element. + - Exclamation-marks ("!" signifying negation) are not checked for taint + at this time. + +JH/16 Bug 3124: Fix theoretical crash in received connection, triggerable by a + crafted packet with massive count of IP options. A buffer overflow was + detected, but a null-deref results. In practice, IP packets with options + are rare (to non-existent). Exim refuses connections having any, but this + issue was in the coding for logging preceding that refusal. If coredumps + were enabled (not common), an attack could cause filesystem space usage. + +JH/17 Bug 3126: Fix build error in the ibase lookup. Find & fix by + Andrew Aitchison. + +JH/18 Bug 3102: The dmarc_tld_file and dmarc_history_file options are now + expanded before use. + +JH/19 Bug 3092: Call acl_smtp_notquit for drops associated with the + smtp_max_synprot_errors limit. + Exim version 4.98 -----------------