X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/7086e875ca3e382883f31ef4385044d77c66c035..fed770203382d612a893e070efb774a72be341b0:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 6e1d523b4..08f59181f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,10 +1,224 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.4 2004/10/14 11:21:02 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.119 2005/04/06 16:43:59 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- -Exim version 4.44 +Exim version 4.51 +----------------- + +TK/01 Added Yahoo DomainKeys support via libdomainkeys. See + doc/experimental-spec.txt for details. (http://domainkeys.sf.net) + +TK/02 Fix ACL "control" statement not being available in MIME ACL. + +TK/03 Fix ACL "regex" condition not being available in MIME ACL. + +PH/01 Installed a patch from the Sieve maintainer that allows -bf to be used + to test Sieve filters that use "vacation". + +PH/02 Installed a slightly modified version of Nikos Mavrogiannopoulos' patch + that changes the way the GnuTLS parameters are stored in the cache file. + The new format can be generated externally. For backward compatibility, + if the data in the cache doesn't make sense, Exim assumes it has read an + old-format file, and it generates new data and writes a new file. This + means that you can't go back to an older release without removing the + file. + +PH/03 A redirect router that has both "unseen" and "one_time" set does not + work if there are any delivery delays because "one_time" forces the + parent to be marked "delivered", so its unseen clone is never tried + again. For this reason, Exim now forbids the simultaneous setting of + these two options. + +PH/04 Change 4.11/85 fixed an obscure bug concerned with addresses that are + redirected to themselves ("homonym" addresses). Read the long ChangeLog + entry if you want to know the details. The fix, however, neglected to + consider the case when local delivery batching is involved. The test for + "previously delivered" was not happening when checking to see if an + address could be batched with a previous (undelivered) one; under + certain circumstances this could lead to multiple deliveries to the same + address. + +PH/05 Renamed the macro SOCKLEN_T as EXIM_SOCKLEN_T because AIX uses SOCKLEN_T + in its include files, and this causes problems building Exim. + +PH/06 A number of "verify =" ACL conditions have no options (e.g. verify = + header_syntax) but Exim was just ignoring anything given after a slash. + In particular, this caused confusion with an attempt to use "verify = + reverse_host_lookup/defer_ok". An error is now given when options are + supplied for verify items that do not have them. (Maybe reverse_host_ + lookup should have a defer_ok option, but that's a different point.) + +PH/07 Increase the size of the buffer for incoming SMTP commands from 512 (as + defined by RFC 821) to 2048, because there were problems with some AUTH + commands, and RFC 1869 says the size should be increased for extended + SMTP commands that take arguments. + +PH/08 Added ${dlfunc dynamically loaded function for expansion (code from Tony + Finch). + +PH/09 Previously, an attempt to use ${perl when it wasn't compiled gave an + "unknown" error; now it says that the functionality isn't in the binary. + +PH/10 Added a nasty fudge to try to recognize and flatten LDAP passwords in + an address' error message when a string expansion fails (syntax or + whatever). Otherwise not only does the password appear in the log, it may + also be put in a bounce message. + +PH/11 Installed exipick version 20050225.0 from John Jetmore. + +PH/12 If the last host in a fallback_hosts list was multihomed, only the first + of its addresses was ever tried. (Bugzilla bug #2.) + +PH/13 If "headers_add" in a transport didn't end in a newline, Exim printed + the result incorrectly in the debug output. (It correctly added a newline + to what was transported.) + +TF/01 Added $received_time. + +PH/14 Modified the default configuration to add an acl_smtp_data ACL, with + commented out examples of how to interface to a virus scanner and to + SpamAssassin. Also added commented examples of av_scanner and + spamd_address settings. + +PH/15 Further to TK/02 and TK/03 above, tidied up the tables of what conditions + and controls are allowed in which ACLs. There were a couple of minor + errors. Some of the entries in the conditions table (which is a table of + where they are NOT allowed) were getting very unwieldy; rewrote them as a + negation of where the condition IS allowed. + +PH/16 Installed updated OS/os.c-cygwin from the Cygwin maintainer. + +PH/17 The API for radiusclient changed at release 0.4.0. Unfortunately, the + header file does not have a version number, so I've had to invent a new + value for RADIUS_LIB_TYPE, namely "RADIUSCLIENTNEW" to request the new + API. The code is untested by me (my Linux distribution still has 0.3.2 of + radiusclient), but it was contributed by a Radius user. + +PH/18 Installed Lars Mainka's patch for the support of CRL collections in + files or directories, for OpenSSL. + +PH/19 When an Exim process that is running as root has to create an Exim log + file, it does so in a subprocess that runs as exim:exim so as to get the + ownership right at creation (otherwise, other Exim processes might see + the file with the wrong ownership). There was no test for failure of this + fork() call, which would lead to the process getting stuck as it waited + for a non-existent subprocess. Forks do occasionally fail when resources + run out. I reviewed all the other calls to fork(); they all seem to check + for failure. + +PH/20 When checking for unexpected SMTP input at connect time (before writing + the banner), Exim was not dealing correctly with a non-positive return + from the read() function. If the client had disconnected by this time, + the result was a log entry for a synchronization error with an empty + string after "input=" when read() returned zero. If read() returned -1 + (an event I could not check), uninitialized data bytes were printed. + There were reports of junk text (parts of files, etc) appearing after + "input=". + +PH/21 Added acl_not_smtp_mime to allow for MIME scanning for non-SMTP messages. + +PH/22 Added support for macro redefinition, and (re)definition in between + driver and ACL definitions. + +PH/23 The cyrus_sasl authenticator was expanding server_hostname, but then + forgetting to use the resulting value; it was using the unexpanded value. + +PH/24 The cyrus_sasl authenticator was advertising mechanisms for which it + hadn't been configured. The fix is from Juergen Kreileder, who + understands it better than I do: + + "Here's what I see happening with three configured cyrus_sasl + authenticators configured (plain, login, cram-md5): + + On startup auth_cyrus_sasl_init() gets called for each of these. + This means three calls to sasl_listmech() without a specified mech_list. + => SASL tests which mechs of all available mechs actually work + => three warnings about OTP not working + => the returned list contains: plain, login, cram-md5, digest-md5, ... + + With the patch, sasl_listmech() also gets called three times. But now + SASL's mech_list option is set to the server_mech specified in the the + authenticator. Or in other words, the answer from sasl_listmech() + gets limited to just the mech you're testing for (which is different + for each call.) + => the return list contains just 'plain' or 'login', 'cram-md5' or + nothing depending on the value of ob->server_mech. + + I've just tested the patch: Authentication still works fine, + unavailable mechs specified in the exim configuration are still + caught, and the auth.log warnings about OTP are gone." + +PH/25 When debugging is enabled, the contents of the command line are added + to the debugging output, even when log_selector=+arguments is not + specified. + +PH/26 Change scripts/os-type so that when "uname -s" returns just "GNU", the + answer is "GNU", and only if the return is "GNU/something" is the answer + "Linux". + +PH/27 $acl_verify_message is now set immediately after the failure of a + verification in an ACL, and so is available in subsequent modifiers. In + particular, the message can be preserved by coding like this: + + warn !verify = sender + set acl_m0 = $acl_verify_message + + Previously, $acl_verify_message was set only while expanding "message" + and "log_message" when a very denied access. + +PH/28 Modified OS/os.c-Linux with + + -#ifndef OS_LOAD_AVERAGE + +#if !defined(OS_LOAD_AVERAGE) && defined(__linux__) + + to make Exim compile on kfreebsd-gnu. (I'm totally confused about the + nomenclature these days.) + +PH/29 Installed patch from the Sieve maintainer that adds the options + sieve_useraddress and sieve_subaddress to the redirect router. + +PH/30 In these circumstances: + . Two addresses routed to the same list of hosts; + . First host does not offer TLS; + . First host accepts first address; + . First host gives temporary error to second address; + . Second host offers TLS and a TLS session is established; + . Second host accepts second address. + Exim incorrectly logged both deliveries with the TLS parameters (cipher + and peerdn, if requested) that were in fact used only for the second + address. + +PH/31 When doing a callout as part of verifying an address, Exim was not paying + attention to any local part prefix or suffix that was matched by the + router that accepted the address. It now behaves in the same way as it + does for delivery: the affixes are removed from the local part unless + rcpt_include_affixes is set on the transport. + +PH/32 Add the sender address, as F=<...>, to the log line when logging a + timeout during the DATA phase of an incoming message. + + + +A note about Exim versions 4.44 and 4.50 +---------------------------------------- + +Exim 4.50 was meant to be the next release after 4.43. It contains a lot of +changes of various kinds. As a consequence, a big documentation update was +needed. This delayed the release for rather longer than seemed good, especially +in the light of a couple of (minor) security issues. Therefore, the changes +that fixed bugs were backported into 4.43, to create a 4.44 maintenance +release. So 4.44 and 4.50 are in effect two different branches that both start +from 4.43. + +I have left the 4.50 change log unchanged; it contains all the changes since +4.43. The change log for 4.44 is below; many of its items are identical to +those for 4.50. This seems to be the most sensible way to preserve the +historical information. + + +Exim version 4.50 ----------------- 1. Minor wording change to the doc/README.SIEVE file. @@ -16,6 +230,557 @@ Exim version 4.44 bug fixed in 4.43/37 would have been diagnosed quickly if this had been in place. + 4. Give more explanation in the error message when the command for a transport + filter fails to execute. + + 5. There are several places where Exim runs a non-Exim command in a + subprocess. The SIGUSR1 signal should be disabled for these processes. This + was being done only for the command run by the queryprogram router. It is + now done for all such subprocesses. The other cases are: ${run, transport + filters, and the commands run by the lmtp and pipe transports. + + 6. Added CONFIGURE_GROUP build-time option. + + 7. Some older OS have a limit of 256 on the maximum number of file + descriptors. Exim was using setrlimit() to set 1000 as a large value + unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these + systems. I've change it so that if it can't get 1000, it tries for 256. + + 8. "control=submission" was allowed, but had no effect, in a DATA ACL. This + was an oversight, and furthermore, ever since the addition of extra + controls (e.g. 4.43/32), the checks on when to allow different forms of + "control" were broken. There should now be diagnostics for all cases when a + control that does not make sense is encountered. + + 9. Added the /retain_sender option to "control=submission". + +10. $recipients is now available in the predata ACL (oversight). + +11. Tidy the search cache before the fork to do a delivery from a message + received from the command line. Otherwise the child will trigger a lookup + failure and thereby defer the delivery if it tries to use (for example) a + cached ldap connection that the parent has called unbind on. + +12. If verify=recipient was followed by verify=sender in a RCPT ACL, the value + of $address_data from the recipient verification was clobbered by the + sender verification. + +13. The value of address_data from a sender verification is now available in + $sender_address_data in subsequent conditions in the ACL statement. + +14. Added forbid_sieve_filter and forbid_exim_filter to the redirect router. + +15. Added a new option "connect=