X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f6b1f8e7d642f82d830a71b78699a4349e0158e1..17648b558fc29a488d1e0bc12d2960f892d2838a:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f7ab3c005..49d81084d 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,33 +2,76 @@ This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. -Exim version 4.96.1 -------------------- - -This is a security release. - -JH/01 Bug 2999: Fix a possible OOB write in the external authenticator, which - could be triggered by externally-supplied input. Found by Trend Micro. - CVE-2023-42115 +Exim version 4.98 +----------------- -JH/02 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could - be triggered by externally-controlled input. Found by Trend Micro. - CVE-2023-42116 +JH/01 Support list of dkim results in the dkim_status ACL condition, making + it more usable in the data ACL. -JH/03 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could - be triggered by externally-controlled input. Found by Trend Micro. - CVE-2023-42114 +JH/02 Bug 3040: Handle error on close of the spool data file during reception. + Previously This was only logged, on the assumption that errors would be + seen for a previous fflush(). However, a fuse filesystem has been + reported as showing this an error for the fclose(). The spool is now in + an uncertain state, and we have logged and responded acceptance. Change + this to respond with a temp-reject, wipe spoolfiles, and log the error + detail. + +JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA. When hit + during a recipient verify callout, a QUIT command was attempted on the + now-closed callout channel, causing a paniclog entry. + +JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with + a connection_reject log_selector, under tls_on_connect. Previously + with this combination, when the connect ACL rejected, a spurious + paniclog entry was made. + +JH/05 Fix TLS resumption for TLS-on-connect. This was broken by the advent + of loadbalancer-detection for resumption, in 4.96 - which tries to + use the EHLO response. SMTPS does not have one at the time it is starting + TLS. Change the default for the smtp transport host_name_extract option + to be a static string, for TLS-on-connect cases; meaning that resumption + will always be attempted (unless deliberately overriden). + +JH/06 Bug 3054: Fix dnsdb lookup for a TXT record with multiple chunks, with a + chunk-separator specification. This was broken by hardening introduced + for Bug 3031. + +JH/07 Bug 3050: Fix -bp for old message_id format spoolfiles. Previously it + included the -H with the id; this also messed up exiqgrep. + +JH/08 Bug 3056: Tighten up parsing of DKIM DNS records. Previously, whitespace + was not properly skipped and empty elements would cause mis-parsing. + Tighten parsing of DKIM header records. Previously, all but lowercase + alpha chars would be ignored in potential tag names. + +JH/09 Bug 3057: Add heuristic for spotting mistyped IPv6 addresses in lists + being searched. Previously we only had one for IPv4 addresses. Per the + documentation, the error results by default in a no-match result for the + list. It is logged if the unknown_in_list log_selector is used. + +JH/10 Bug 3058: Ensure that a failing expansion in a router "set" option defers + the routing operation. Previously it would silently stop routing the + message. +JH/11 Bug 3046: Fix queue-runs. Previously, the arrivel of a notification or + info-request event close in time to a scheduled run timer could result in + the latter being missed, and no further queue scheduled runs being + initiated. This ouwld be more likely on high-load systems. -JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address. - Make the rewrite never match and keep the logging. Trust the - admin to be using verify=header-syntax (to actually reject the message). +JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in + LF-only mode (as detected from the first header line). Previously we did + accept that in (normal) CRLF mode; this has been raised as a possible + attack scenario (under the name "smtp smuggling"). +JH/13 Add an fdatasync call for the received message data file in spool, before + loggging reception and sending the SMTP ack. Previously we only flushed + the stdio buffer so there was still the possibility of a disk error. -Exim version 4.next -------------------- +JH/14 Bug 3061: Avoid a split log line when trtying to rewrite a malformed + address. Previously, for the last address in a header line (commonly + there is only one) the terminating newline was part of the logged + information. -HS/01 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031) Exim version 4.97 @@ -117,7 +160,7 @@ JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option dns_again_means_nonexist included an element causing a DNS lookup which - iteslf returned DNS_AGAIN, unbounded recursion occurred. Possible results + itself returned DNS_AGAIN, unbounded recursion occurred. Possible results included (though probably not limited to) a process crash from stack memory limit, or from excessive open files. Replace this with a paniclog whine (as this is likely a configuration error), and returning @@ -222,17 +265,32 @@ JH/38 Taint-track intermediate values from the peer in multi-stage authentation JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings and ${tr...}. Found and diagnosed by Heiko Schlichting. -JH/40 Support list of dkim results in the dkim_status ACL condition, making - it more usable in the data ACL. +JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which + could be triggered by externally-supplied input. Found by Trend Micro. + CVE-2023-42115 + +JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could + be triggered by externally-controlled input. Found by Trend Micro. + CVE-2023-42116 -JH/43 Bug 3033: Harden dnsdb lookups against crafted DNS responses. +JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could + be triggered by externally-controlled input. Found by Trend Micro. + CVE-2023-42114 + +JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address. + Make the rewrite never match and keep the logging. Trust the + admin to be using verify=header-syntax (to actually reject the message). + +JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses. CVE-2023-42219 +HS/02 Fix string_is_ip_address() CVE-2023-42117 (Bug 3031) + Exim version 4.96 ----------------- -JH/01 Move the wait-for-next-tick (needed for unique messmage IDs) from +JH/01 Move the wait-for-next-tick (needed for unique message IDs) from after reception to before a subsequent reception. This should mean slightly faster delivery, and also confirmation of reception to senders.