X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/48519cef815997302bbb0f8c4499ecf4ae9ef446..2156b9e96e10dba65081dbc688a98bf42c26d868:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9ee8c22df..c5b2ca2d8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,5 +1,3 @@ -Change log file for Exim from version 4.21 ------------------------------------------- This document describes *changes* to previous versions, that might affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. @@ -70,10 +68,10 @@ HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a systems which restrict the file name length to lower values. (It was "hdr.$pid".) -HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a +HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. -HS/02 Bug 2392: exigrep does case sensitive *option* processing (as it +HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. @@ -120,6 +118,92 @@ JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define JH/24 Fix duplicated logging of peer name/address, on a transport connection- reject under TFO. +JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by + default. If the platform supports and has the facility enabled, it will + be requested on all coneections. + +JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now + controlled by the build-time option SUPPORT_PIPE_CONNECT. + +PP/01 Unbreak heimdal_gssapi, broken in 4.92. + +JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for + success-DSN messages. Previously the From: header was always the default + one for these; the option was ignored. + +JH/28 Fix the timeout on smtp response to apply to the whole response. + Previously it was reset for every read, so a teergrubing peer sending + single bytes within the time limit could extend the connection for a + long time. Credit to Qualsys Security Advisory Team for the discovery. + +JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing + delivery address, which leaked information of the results of local + forwarding. Change to the original envelope recipient address, per + standards. + +JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is + requested. Previously not bounce was generated and a log entry of + error ignored was made. + +JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) + +JH/32 Introduce a general tainting mechanism for values read from the input + channel, and values derived from them. Refuse to expand any tainted + values, to catch one form of exploit. + +JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result + was unused and the unexpanded text used for the test. Found and + fixed by Ruben Jenster. + +JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, + an attempt to use a TLS library read routine dereffed a nul pointer, + causing a segfault. + +JH/35 Bug 2409: filter out-of-spec chars from callout response before using + them in our smtp response. + +JH/36 Have the general router option retry_use_local_part default to true when + any of the restrictive preconditions are set (to anything). Previously it + was only for check_local user. The change removes one item of manual + configuration which is required for proper retries when a remote router + handles a subset of addresses for a domain. + +JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file + link count into consideration. + +HS/04 Fix handling of very log lines in -H files. If a - line + caused the extension of big_buffer, the following lines were ignored. + +JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in + accordance with RFC 2308. Previously there was no expiry, so a longlived + receive process (eg. due to ACL delays) versus a short SOA value could + surprise. + +HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) + +JH/39 Promote DMARC support to mainline. + +JH/40 Bug 2452: Add a References: header to DSNs. + +JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman + parameters. The relevant library call is documented as "Deprecated: This + function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since + 3.6.0, DH parameters are negotiated following RFC7919." + +HS/06 Change the default of dnssec_request_domains to "*" + +JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we + carried on and emitted a BDAT command, even when PIPELINING was not + active. + +JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted + buffer was used for the filename, resulting in a trap when tainted + arguments (eg. $domain) were used. + +JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; + recommended to avoid a possible server-load attack. The feature can be + re-enabled via the openssl_options main cofiguration option. + Exim version 4.92 -----------------