X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/a841a6eca79ff08b36f2225dcf89c1c162bb8777..623f07cfdcaca96274ca765d0fcf0761bdf7151b:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 99ad7d1a5..015959cb6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -3,6 +3,21 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Since Exim version 4.94 +----------------------- + +JH/02 Bug 2587: Fix pam expansion condition. Tainted values are commonly used + as arguments, so an implementation trying to copy these into a local + buffer was taking a taint-enforcement trap. Fix by using dynamically + created buffers. + +JH/03 Bug 2586: Fix listcount expansion operator. Using tainted arguments is + reasonable, eg. to count headers. Fix by using dynamically created + buffers rather than a local. Do similar fixes for ACL actions "dcc", + "log_reject_target", "malware" and "spam"; the arguments are expanded + so could be handling tainted values. + + Exim version 4.94 ----------------- @@ -176,6 +191,37 @@ JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present the size of the signing public-key. Previously it was instead giving the size of the signature hash. +JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now + the default. See the (new) dkim_verify_min_keysizes option. + +JH/40 Fix a memory-handling bug: when a connection carried multiple messages + and an ACL use a lookup for checking either the local_part or domain, + stale data could be accessed. Ensure that variable references are + dropped between messages. + +JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied + by the client was not checked as pointing within response data before + being used. A malicious client could thus cause an out-of-bounds read and + possibly gain authentication. Fix by adding the check. + +JH/42 Internationalisation: change the default for downconversion in the smtp + transport to be "if needed". Previously it was "as previously set" for + the message, which usually meant "if needed" for message-submission but + "no" for everything else. However, MTAs have been seen using SMTPUTF8 + even when the envelope addresses did not need it, resulting in forwarding + failures to non-supporting MTAs. A downconvert in such cases will be + a no-op on the addresses, merely dropping the use of SMTPUTF8 by the + transport. The change does mean that addresses needing conversion will + be converted when previously a delivery failure would occur. + +JH/43 Fix possible long line in DSN. Previously when a very long SMTP error + response was received it would be used unchecked in a fail-DSN, violating + standards on line-length limits. Truncate if needed. + +HS/01 Remove parameters of the link to www.open-spf.org. The linked form + doesn't work. (Additionally add a new main config option to configure the + spf_smtp_comment) + Exim version 4.93 -----------------