X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/9eed571fd7c3236326cc6ea74f1455b027df7604..210135138f6150c46e8abc54f6ccf82a860d510f:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index fef4c74b8..1ce732f52 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -44,6 +44,87 @@ JH/08 Bug 2598: Fix verify ACL condition. The options for the condition are expanded; previously using tainted values was rejected. Fix by using dynamically-created buffers. +JH/09 Relax restrictions on ACL verify condition needing access to message + headers. Previously they were only permitted in data and non-smtp ACLs; + permit also mime, dkim, prdr quit and notquit. Applies to header-syntax, + not_blind, header_sender and header_names_ascii verification. + +JH/10 Bug 2603: Fix coding of string copying to only evaluate arguments once. + Previously a macro used one argument twice; when called with the + argument as an expression having side-effects, incorrect operation + resulted. Use an inlineable function. + +JH/11 Bug 2604: Fix request to cutthrough-deliver when a connection is already + held open for a verify callout. Previously this wan not accounted for + and a corrupt onward SMTP conversation resulted. + +JH/12 Bug 2607: Fix the ${srs_encode } expansion to handle quoted local_parts. + Previously they were embedded naively in the constructed address; when + needed, strip the quoting and quote the entire local_part. + Also make the inbound_srs expansion condition handle quoting. + +JH/13 Fix dsearch "subdir" filter to ignore ".". Previously only ".." was + excluded, not matching the documentation. + +JH/14 Bug 2606: Fix a segfault in sqlite lookups. When no, or a bad, filename + was given for the sqlite_dbfile a trap resulted. + +JH/15 Bug 2620: Fix "spam" ACL condition. Previously, tainted values for the + "name" argument resulted in a trap. There is no reason to disallow such; + this was a coding error. + +JH/16 Bug 2615: Fix pause during message reception, on systems that have been + suspended/resumed. The Linux CLOCK_MONOTONIC does not account for time + spent suspended, ignoring the Posix definition. Previously we assumed + it did and a constant offset from real time could be used as a correction. + Change to using the same clock source for the start-of-message and the + post-message next-tick-wait. Also change to using CLOCK_BOOTTIME if it + exists, just to get a clock slightly more aligned to reality. + +JH/17 Bug 2295: Fix DKIM signing to always semicolon-terminate. Although the + RFC says it is optional some validators care. The missing char was not + intended but triggered by a line-wrap alignement. Discovery and fix by + Guillaume Outters, hacked on by JH. + +JH/18 Bug 2617: Fix a taint trap in parse_fix_phrase(). Previously when the + name being quoted was tainted a trap would be taken. Fix by using + dynamicaly created buffers. The routine could have been called by a + rewrite with the "h" flag, by using the "-F" command-line option, or + by using a "name=" option on a control=submission ACL modifier. + +JH/19 SPF: change the Authentication-Results expansion component to give + smtp.helo when the sender domain is empty. Previously it gave + "smtp.mailfrom=<>" + +JH/20 Bug 2631: ACL dnslist conditions now ignore and log any lookups returns + not in 127.0.0.0/8 to help in spotting list domains taken over by a + domain-parking registrar. + +JH/21 Bug 2630: Fix eol-replacement string for the ${readsocket } expansion. + Previously when a whitespace character was specified it was not inserted + after removing the newline. + +JH/22 Bug 2265: Force SNI usage for smtp transport DANE'd connections, to be + the domain part of the recipient address. This overrides any tls_sni + option set, which was previously used. + +JH/23 Logging: with the +tls_sni log_selector, do not wrap the received SNI + in quotes. + +JH/24 Bug 2634: Fix a taint trap seen on NetBSD: the testing coded for + is_tainted() had an off-by-one error in the overenthusiastic direction. + Find and fix by Gavan. Although NetBSD is not a supported platform for + 4.94 this bug could affect other platforms. + +PP/01 Fix default prime selection to be consistent. + One path used ike23 still, instead of exim.dev.20160529.3; now both + execution flows will use the same DH primes (currently + exim.dev.20160529.3). + +JH/25 OpenSSL: Fix back-compatibiility behaviour surrounding tls_certificates + option in smtp transport, to match the documentation. Previously + verification was not being done in some cases where it should have been. + Exim version 4.94 ----------------- @@ -62,9 +143,9 @@ JH/04 Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. -JH/05 Regard command-line receipients as tainted. +JH/05 Regard command-line recipients as tainted. -JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. +JH/06 Bug 340: Remove the daemon pid file on exit, when due to SIGTERM. JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the PAM library frees one of the arguments given to it, despite the @@ -726,7 +807,7 @@ JH/11 The runtime Berkeley DB library version is now additionally output by "exim -d -bV". Previously only the compile-time version was shown. JH/12 Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating - SMTP connection. Previously, when one had more receipients than the + SMTP connection. Previously, when one had more recipients than the first, an abortive onward connection was made. Move to full support for multiple onward connections in sequence, handling cutthrough connection for all multi-message initiating connections. @@ -6666,7 +6747,7 @@ Exim version 4.31 same list, then the first domain was re-checked, the value of $domain_data after the final check could be wrong. In particular, if the second check failed, it could be set empty. This bug probably also applied to - $localpart_data. + $local_part_data. 41. The strip_trailing_dot option was not being applied to the address given with the -f command-line option.