X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/36b600bb776d082be8cdd15c18daed3c29cfda7f..a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index be07ba625..6109a14dd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names + - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it @@ -156,6 +157,38 @@ JH/33 Fix the dsearch lookup to return an untainted result. Previously the taint of the lookup key was maintained; we now regard the presence in the filesystem as sufficient validation. +JH/34 Fix the readsocket expansion to not segfault when an empty "options" + argument is supplied. + +JH/35 The dsearch lookup now requires that the directory is an absolute path. + Previously this was not checked, and nonempty relative paths made an + access under Exim's current working directory. + +JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case. + Previously no event was raised. + +JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE + parameter supplied by the sender MAIL FROM command. Previously it was + ignored, and only the check_spool_space option value for the required + leeway checked. + +JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present + the size of the signing public-key. Previously it was instead giving + the size of the signature hash. + +JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now + the default. See the (new) dkim_verify_min_keysizes option. + +JH/40 Fix a memory-handling bug: when a connection carried multiple messages + and an ACL use a lookup for checking either the local_part or domain, + stale data could be accessed. Ensure that variable references are + dropped between messages. + +JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied + by the client was not checked as pointing within response data before + being used. A malicious client could thus cause an out-of-bounds read and + possibly gain authentication. Fix by adding the check. + Exim version 4.93 -----------------