X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/b7d3afcfad94edf99a8dbc50ab670ded417e6bea..0f1a8658daf8689f0ef0afbb11d0cb589447a57d:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a7b441e64..0b4076c20 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -63,7 +63,7 @@ JH/09 Avoid using a temporary file during transport using dkim. Unless a JH/10 Enable use of sendfile in Linux builds as default. It was disabled in 4.77 as the kernel support then wasn't solid, having issues in 64bit - mode. Now, it's been long enough. + mode. Now, it's been long enough. Add support for FreeBSD also. JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the case where the routing stage had gathered several addresses to send to @@ -73,6 +73,71 @@ JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the which naturally failed, giving a failed delivery and bloating the retry database. Investigation and fix prototype from Wolfgang Breyha. +JH/12 Fix check on SMTP command input synchronisation. Previously there were + false-negatives in the check that the sender had not preempted a response + or prompt from Exim (running as a server), due to that code's lack of + awareness of the SMTP input buffering. + +PP/04 Add commandline_checks_require_admin option. + Exim drops privileges sanely, various checks such as -be aren't a + security problem, as long as you trust local users with access to their + own account. When invoked by services which pass untrusted data to + Exim, this might be an issue. Set this option in main configuration + AND make fixes to the calling application, such as using `--` to stop + processing options. + +JH/13 Do pipelining under TLS. Previously, although safe, no advantage was + taken. Now take care to pack both (client) MAIL,RCPT,DATA, and (server) + responses to those, into a single TLS record each way (this usually means + a single packet). As a side issue, smtp_enforce_sync now works on TLS + connections. + +PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes. This + affects you only if you're dancing at the edge of the param size limits. + If you are, and this message makes sense to you, then: raise the + configured limit or use OpenSSL 1.1. Nothing we can do for older + versions. + +JH/14 For the "sock" variant of the malware scanner interface, accept an empty + cmdline element to get the documented default one. Previously it was + inaccessible. + +JH/15 Fix a crash in the smtp transport caused when two hosts in succession + are unsuable for non-message-specific reasons - eg. connection timeout, + banner-time rejection. + +JH/16 Fix logging of delivery remote port, when specified by router, under + callout/hold. + +PP/06 Repair manualroute's ability to take options in any order, even if one + is the name of a transport. + Fixes bug 2140. + +HS/01 Cleanup, prevent repeated use of -p/-oMr (CVE-2017-1000369) + +JH/17 Change the list-building routines interface to use the expanding-string + triplet model, for better allocation and copying behaviour. + +JH/18 Prebuild the data-structure for "builtin" macros, for faster startup. + Previously it was constructed the first time a possibly-matching string + was met in the configuration file input during startup; now it is done + during compilation. + +JH/19 Bug 2141: Use the full-complex API for Berkeley DB rather than the legacy- + compatible one, to avoid the (poorly documented) possibility of a config + file in the working directory redirecting the DB files, possibly correpting + some existing file. + +JH/20 Bug 2147: Do not defer for a verify-with-callout-and-random which is not + cache-hot. Previously, although the result was properly cached, the + initial verify call returned a defer. + +JH/21 Bug 2151: Avoid using SIZE on the MAIL for a callout verify, on any but + the main verify for receipient in uncached-mode. + +JH/22 Retire historical build files to an "unsupported" subdir. These are + defined as "ones for which we have no current evidence of testing". + Exim version 4.89 -----------------