X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/c06ddd664f4a0f6e485f6f9f6b5086aa4719a441..a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 7e5de8880..6109a14dd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names + - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it @@ -159,6 +160,35 @@ JH/33 Fix the dsearch lookup to return an untainted result. Previously the JH/34 Fix the readsocket expansion to not segfault when an empty "options" argument is supplied. +JH/35 The dsearch lookup now requires that the directory is an absolute path. + Previously this was not checked, and nonempty relative paths made an + access under Exim's current working directory. + +JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case. + Previously no event was raised. + +JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE + parameter supplied by the sender MAIL FROM command. Previously it was + ignored, and only the check_spool_space option value for the required + leeway checked. + +JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present + the size of the signing public-key. Previously it was instead giving + the size of the signature hash. + +JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now + the default. See the (new) dkim_verify_min_keysizes option. + +JH/40 Fix a memory-handling bug: when a connection carried multiple messages + and an ACL use a lookup for checking either the local_part or domain, + stale data could be accessed. Ensure that variable references are + dropped between messages. + +JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied + by the client was not checked as pointing within response data before + being used. A malicious client could thus cause an out-of-bounds read and + possibly gain authentication. Fix by adding the check. + Exim version 4.93 -----------------