X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/18ce445ddbdb16e45270eb76bcb7b341ded5bf48..60dc5e56c3e1a53aa42c0b74a4af3f7a3ad9118c:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index cdc3a636c..bf214bce7 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.56 2004/12/21 16:26:31 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.63 2005/01/04 13:31:41 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -236,8 +236,8 @@ Exim version 4.50 55. Some experimental protocols are using DNS PTR records for new purposes. The keys for these records are domain names, not reversed IP addresses. The - dnsdb lookup now tests whether it's key is an IP address. If not, it leaves - it alone. Component reversal etc. now happens only for IP addresses. + dnsdb PTR lookup now tests whether its key is an IP address. If not, it + leaves it alone. Component reversal etc. now happens only for IP addresses. 56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. @@ -247,6 +247,49 @@ Exim version 4.50 58. The exicyclog utility now does better if the number of log files to keep exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02... +59. Two changes related to the smtp_active_hostname option: + + (1) $smtp_active_hostname is now available as a variable. + (2) The default for smtp_banner uses $smtp_active_hostname instead + of $primary_hostname. + +60. The host_aton() function is supposed to be passed a string that is known + to be a valid IP address. However, in the case of IPv6 addresses, it was + not checking this. This is a hostage to fortune. Exim now panics and dies + if the condition is not met. A case was found where this could be provoked + from a dnsdb PTR lookup with an IPv6 address that had more than 8 + components; fortuitously, this particular loophole had already been fixed + by change 4.50/55 above. + + If there are any other similar loopholes, the new check in host_aton() + itself should stop them being exploited. The report I received stated that + data on the command line could provoke the exploit when Exim was running as + exim, but did not say which command line option was involved. All I could + find was the use of -be with a bad dnsdb PTR lookup, and in that case it is + running as the user. + +61. There was a buffer overflow vulnerability in the SPA authentication code + (which came originally from the Samba project). I have added a test to the + spa_base64_to_bits() function which I hope fixes it. + +62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and + os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD. + +63. The daemon start-up calls getloadavg() while still root for those OS that + need the first call to be done as root, but it missed one case: when + deliver_queue_load_max is set with deliver_drop_privilege. This is + necessary for the benefit of the queue runner, because there is no re-exec + when deliver_drop_privilege is set. + +64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs. + This has been fixed. + +65. Caching of lookup data for "hosts =" ACL conditions, when a named host list + was in use, was not putting the data itself into the right store pool; + consequently, it could be overwritten for a subsequent message in the same + SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked + the caching.) + Exim version 4.43 -----------------