Change log file for Exim from version 4.21
-------------------------------------------
+
+Exim version 4.83
+-----------------
+
+TF/01 Correctly close the server side of TLS when forking for delivery.
+
+ When a message was received over SMTP with TLS, Exim failed to clear up
+ the incoming connection properly after forking off the child process to
+ deliver the message. In some situations the subsequent outgoing
+ delivery connection happened to have the same fd number as the incoming
+ connection previously had. Exim would try to use TLS and fail, logging
+ a "Bad file descriptor" error.
+
+TF/02 Portability fix for building lookup modules on Solaris when the xpg4
+ utilities have not been installed.
+
+JH/01 Fix memory-handling in use of acl as a conditional; avoid free of
+ temporary space as the ACL may create new global variables.
+
+TL/01 LDAP support uses per connection or global context settings, depending
+ upon the detected version of the libraries at build time.
+
+TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection
+ to extract and use the src ip:port in logging and expansions as if it
+ were a direct connection from the outside internet.
+
+JH/02 Add ${listextract {number}{list}{success}{fail}}.
+
+TL/03 Bugzilla 1433: Fix DMARC SEGV with specific From header contents.
+ Properly escape header and check for NULL return.
+
+PP/01 Continue incomplete 4.82 PP/19 by fixing docs too: use dns_dnssec_ok
+ not dns_use_dnssec.
+
+JH/03 Bugzilla 1157: support log_selector smtp_confirmation for lmtp.
+
+TL/04 Add verify = header_names_ascii check to reject email with non-ASCII
+ characters in header names, implemented as a verify condition.
+ Contributed by Michael Fischer v. Mollard.
+
+TL/05 Rename SPF condition results err_perm and err_temp to standardized
+ results permerror and temperror. Is a backward incompatibility if
+ the ACL tests for either of these two results. Patch contributed by
+ user bes-internal on the mailing list.
+
+JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.
+
+JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
+ selectors, in both main and reject logs.
+
+JH/06 Log outbound-TLS and port details, subject to log selectors, for a
+ failed delivery.
+
+JH/07 Add malware type "sock" for talking to simple daemon.
+
+JH/08 Bugzilla 1371: Add tls_{,try_}verify_hosts to smtp transport.
+ OpenSSL only.
+
+JH/09 Bugzilla 1431: Support (with limitations) headers_add/headers_remove in
+ routers/transports under cutthrough routing.
+
+
Exim version 4.82
-----------------
TL/05 Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation.
+TL/06 Add Experimental DMARC support using libopendmarc libraries.
+
+TL/07 Fix an out of order global option causing a segfault. Reported to dev
+ mailing list by by Dmitry Isaikin.
+
JH/01 Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support.
JH/02 Support "G" suffix to numbers in ${if comparisons.
JH/03 Add expansion operators ${listnamed:name} and ${listcount:string}
-PP/09 Add gnutls_enable_pkcs11 option.
+PP/09 Add gnutls_allow_auto_pkcs11 option (was originally called
+ gnutls_enable_pkcs11, but renamed to more accurately indicate its
+ function.
PP/10 Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC.
Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler.
PP/11 SECURITY: protect DKIM DNS decoding from remote exploit.
CVE-2012-5671
+ (nb: this is the same fix as in Exim 4.80.1)
JH/11 Add A= logging on delivery lines, and a client_set_id option on
authenticators.
PP/16 Fix problems caused by timeouts during quit ACLs trying to double
fclose(). Diagnosis by Todd Lyons.
+PP/17 Update configure.default to handle IPv6 localhost better.
+ Patch by Alain Williams (plus minor tweaks).
+ Bugzilla 880.
+
+PP/18 OpenSSL made graceful with empty tls_verify_certificates setting.
+ This is now consistent with GnuTLS, and is now documented: the
+ previous undocumented portable approach to treating the option as
+ unset was to force an expansion failure. That still works, and
+ an empty string is now equivalent.
+
+PP/19 Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it
+ clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag,
+ not performing validation itself.
+
+PP/20 Added force_command boolean option to pipe transport.
+ Patch from Nick Koston, of cPanel Inc.
+
+JH/15 AUTH support on callouts (and hence cutthrough-deliveries).
+ Bugzilla 321, 823.
+
+TF/04 Added udpsend ACL modifer and hexquote expansion operator
+
+PP/21 Fix eximon continuous updating with timestamped log-files.
+ Broken in a format-string cleanup in 4.80, missed when I repaired the
+ other false fix of the same issue.
+ Report and fix from Heiko Schlichting.
+ Bugzilla 1363.
+
+PP/22 Guard LDAP TLS usage against Solaris LDAP variant.
+ Report from Prashanth Katuri.
+
+PP/23 Support safari_ecdhe_ecdsa_bug for openssl_options.
+ It's SecureTransport, so affects any MacOS clients which use the
+ system-integrated TLS libraries, including email clients.
+
+PP/24 Fix segfault from trying to fprintf() to a NULL stdio FILE* if
+ using a MIME ACL for non-SMTP local injection.
+ Report and assistance in diagnosis by Warren Baker.
+
+TL/08 Adjust exiqgrep to be case-insensitive for sender/receiver.
+
+JH/16 Fix comparisons for 64b. Bugzilla 1385.
+
+TL/09 Add expansion variable $authenticated_fail_id to keep track of
+ last id that failed so it may be referenced in subsequent ACL's.
+
+TL/10 Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by
+ Alexander Miroch.
+
+TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls
+ ldap library initialization, allowing self-signed CA's to be
+ used. Also properly sets require_cert option later in code by
+ using NULL (global ldap config) instead of ldap handle (per
+ session). Bug diagnosis and testing by alxgomz.
+
+TL/12 Enhanced documentation in the ratelimit.pl script provided in
+ the src/util/ subdirectory.
+
+TL/13 Bug 1301 - Imported transport SQL logging patch from Axel Rau
+ renamed to Transport Post Delivery Action by Jeremy Harris, as
+ EXPERIMENTAL_TPDA.
+
+TL/14 Bugzilla 1217 - Redis lookup support has been added. It is only enabled
+ when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable
+ redis_servers = needs to be configured which will be used by the redis
+ lookup. Patch from Warren Baker, of The Packet Hub.
+
+TL/15 Fix exiqsumm summary for corner case. Patch provided by Richard Hall.
+
+TL/16 Bugzilla 1289 - Clarify host/ip processing when have errors looking up a
+ hostname or reverse DNS when processing a host list. Used suggestions
+ from multiple comments on this bug.
+
+TL/17 Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey.
+
+TL/18 Had previously added a -CONTINUE option to runtest in the test suite.
+ Missed a few lines, added it to make the runtest require no keyboard
+ interaction.
+
+TL/19 Bugzilla 1402 - Test 533 fails if any part of the path to the test suite
+ contains upper case chars. Make router use caseful_local_part.
+
+TL/20 Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS
+ support when GnuTLS has been built with p11-kit.
+
Exim version 4.80.1
-------------------