X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f1e05cc79778c693a1a2bad478ced44791922cce..e402235ff8393624d3976746270bb2bf0d7a73c6:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 3f43ef83d..a03eebde3 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,7 +1,31 @@ Change log file for Exim from version 4.21 ------------------------------------------- -Exim version 4.78 +Exim version 4.81 +----------------- + +PP/01 Add -bI: framework, and -bI:sieve for querying sieve capabilities. + +PP/02 Make -n do something, by making it not do something. + When combined with -bP, the name of an option is not output. + +PP/03 Added tls_dh_min_bits SMTP transport driver option, only honoured + by GnuTLS. + +PP/04 First step towards DNSSEC, provide $sender_host_dnssec for + $sender_host_name and config options to manage this, and basic check + routines. + +PP/05 DSCP support for outbound connections and control modifier for inbound. + +PP/06 Cyrus SASL: set local and remote IP;port properties for driver. + (Only plugin which currently uses this is kerberos4, which nobody should + be using, but we should make it available and other future plugins might + conceivably use it, even though it would break NAT; stuff *should* be + using channel bindings instead). + + +Exim version 4.80 ----------------- PP/01 Handle short writes when writing local log-files. @@ -32,6 +56,139 @@ PP/07 New expansion variable $tls_bits; Cyrus SASL server connection properties get this fed in as external SSF. A number of robustness and debugging improvements to the cyrus_sasl authenticator. +PP/08 cyrus_sasl server now expands the server_realm option. + +PP/09 Bugzilla 1214 - Log authentication information in reject log. + Patch by Jeremy Harris. + +PP/10 Added dbmjz lookup type. + +PP/11 Let heimdal_gssapi authenticator take a SASL message without an authzid. + +PP/12 MAIL args handles TAB as well as SP, for better interop with + non-compliant senders. + Analysis and variant patch by Todd Lyons. + +NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated + Bug report from Lars Müller (via SUSE), + Patch from Dirk Mueller + +PP/13 tls_peerdn now print-escaped for spool files. + Observed some $tls_peerdn in wild which contained \n, which resulted + in spool file corruption. + +PP/14 TLS fixes for OpenSSL: support TLS 1.1 & 1.2; new "openssl_options" + values; set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read + or write after TLS renegotiation, which otherwise led to messages + "Got SSL error 2". + +TK/01 Bugzilla 1239 - fix DKIM verification when signature was not inserted + as a tracking header (ie: a signed header comes before the signature). + Patch from Wolfgang Breyha. + +JH/01 Bugzilla 660 - Multi-valued attributes from ldap now parseable as a + comma-sep list; embedded commas doubled. + +JH/02 Refactored ACL "verify =" logic to table-driven dispatch. + +PP/15 LDAP: Check for errors of TLS initialisation, to give correct + diagnostics. + Report and patch from Dmitry Banschikov. + +PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options". + Removed SSL_clear() after SSL_new() which led to protocol negotiation + failures. We appear to now support TLS1.1+ with Exim. + +PP/17 OpenSSL: new expansion var $tls_sni, which if used in tls_certificate + lets Exim select keys and certificates based upon TLS SNI from client. + Also option tls_sni on SMTP Transports. Also clear $tls_bits correctly + before an outbound SMTP session. New log_selector, +tls_sni. + +PP/18 Bugzilla 1122 - check localhost_number expansion for failure, avoid + NULL dereference. Report and patch from Alun Jones. + +PP/19 DNS resolver init changes for NetBSD compatibility. (Risk of breakage + on less well tested platforms). Obviates NetBSD pkgsrc patch-ac. + Not seeing resolver debug output on NetBSD, but suspect this is a + resolver implementation change. + +PP/20 Revert part of NM/04, it broke log_path containing %D expansions. + Left warnings. Added "eximon gdb" invocation mode. + +PP/21 Defaulting "accept_8bitmime" to true, not false. + +PP/22 Added -bw for inetd wait mode support. + +PP/23 Added PCRE_CONFIG=yes support to Makefile for using pcre-config to + locate the relevant includes and libraries. Made this the default. + +PP/24 Fixed headers_only on smtp transports (was not sending trailing dot). + Bugzilla 1246, report and most of solution from Tomasz Kusy. + +JH/03 ${eval } now uses 64-bit and supports a "g" suffix (like to "k" and "m"). + This may cause build issues on older platforms. + +PP/25 Revamped GnuTLS support, passing tls_require_ciphers to + gnutls_priority_init, ignoring Exim options gnutls_require_kx, + gnutls_require_mac & gnutls_require_protocols (no longer supported). + Added SNI support via GnuTLS too. + Made ${randint:..} supplier available, if using not-too-old GnuTLS. + +PP/26 Added EXPERIMENTAL_OCSP for OpenSSL. + +PP/27 Applied dnsdb SPF support patch from Janne Snabb. + Applied second patch from Janne, implementing suggestion to default + multiple-strings-in-record handling to match SPF spec. + +JH/04 Added expansion variable $tod_epoch_l for a higher-precision time. + +PP/28 Fix DCC dcc_header content corruption (stack memory referenced, + read-only, out of scope). + Patch from Wolfgang Breyha, report from Stuart Northfield. + +PP/29 Fix three issues highlighted by clang analyser static analysis. + Only crash-plausible issue would require the Cambridge-specific + iplookup router and a misconfiguration. + Report from Marcin Mirosław. + +PP/30 Another attempt to deal with PCRE_PRERELEASE, this one less buggy. + +PP/31 %D in printf continues to cause issues (-Wformat=security), so for + now guard some of the printf checks behind WANT_DEEPER_PRINTF_CHECKS. + As part of this, removing so much warning spew let me fix some minor + real issues in debug logging. + +PP/32 GnuTLS was always using default tls_require_ciphers, due to a missing + assignment on my part. Fixed. + +PP/33 Added tls_dh_max_bits option, defaulting to current hard-coded limit + of NSS, for GnuTLS/NSS interop. Problem root cause diagnosis by + Janne Snabb (who went above and beyond: thank you). + +PP/34 Validate tls_require_ciphers on startup, since debugging an invalid + string otherwise requires a connection and a bunch more work and it's + relatively easy to get wrong. Should also expose TLS library linkage + problems. + +PP/35 Pull in on Linux, for some portability edge-cases of + 64-bit ${eval} (JH/03). + +PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of + GNU libc to support some of the 64-bit stuff, should not lead to + conflicts. Defined before os.h is pulled in, so if a given platform + needs to override this, it can. + +PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought + protection layer was required, which is not implemented. + Bugzilla 1254, patch from Wolfgang Breyha. + +PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built + into Exim, default to IKE id 23 from RFC 5114 (2048 bit). Make + tls_dhparam take prime identifiers. Also unbreak combination of + OpenSSL+DH_params+TLSSNI. + +PP/39 Disable SSLv2 by default in OpenSSL support. + Exim version 4.77 ----------------- @@ -639,7 +796,7 @@ NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" NM/33 Bugzilla 898: Transport filter timeout fix. Patch by Todd Rinaldo. -NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches. +NM/34 Bugzilla 901: Fix sign/unsigned and UTF mismatches. Patch by Serge Demonchaux. NM/35 Bugzilla 39: Base64 decode bug fixes.