Change log file for Exim from version 4.21
-------------------------------------------
+Exim version 4.74
+-----------------
+
+TF/01 Failure to get a lock on a hints database can have serious
+ consequences so log it to the panic log.
+
+TF/02 Log LMTP confirmation messages in the same way as SMTP,
+ controlled using the smtp_confirmation log selector.
+
+TF/03 Include the error message when we fail to unlink a spool file.
+
+DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
+ With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
+ for maintaining out-of-tree patches for some time.
+
+PP/01 Bugzilla 139: Documentation and portability issues.
+ Avoid GNU Makefile-isms, let Exim continue to build on BSD.
+ Handle per-OS dynamic-module compilation flags.
+
+PP/02 Let /dev/null have normal permissions.
+ The 4.73 fixes were a little too stringent and complained about the
+ permissions on /dev/null. Exempt it from some checks.
+ Reported by Andreas M. Kirchwitz.
+
+PP/03 Report version information for many libraries, including
+ Exim version information for dynamically loaded libraries. Created
+ version.h, now support a version extension string for distributors
+ who patch heavily. Dynamic module ABI change.
+
+PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
+ privilege escalation vulnerability whereby the Exim run-time user
+ can cause root to append content of the attacker's choosing to
+ arbitrary files.
+
+PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code.
+ (Wolfgang Breyha)
+
+PP/06 Bugzilla 1071: fix delivery logging with untrusted macros.
+ If dropping privileges for untrusted macros, we disabled normal logging
+ on the basis that it would fail; for the Exim run-time user, this is not
+ the case, and it resulted in successful deliveries going unlogged.
+ Fixed. Reported by Andreas Metzler.
+
+
Exim version 4.73
-----------------
XSL and documented dependency on system catalogs, with examples of how
it normally works.
+DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store
+ access.
+
+DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour
+ of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a
+ configuration file which is writeable by the Exim user or group.
+
+DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability
+ of configuration files to cover files specified with the -C option if
+ they are going to be used with root privileges, not just the default
+ configuration file.
+
+DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
+ option (effectively making it always true).
+
+DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
+ files to be used while preserving root privileges.
+
+DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+ that rogue child processes cannot use them.
+
+PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim
+ run-time user, instead of root.
+
+PP/28 Add WHITELIST_D_MACROS option to let some macros be overriden by the
+ Exim run-time user without dropping privileges.
+
+DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the
+ result string, instead of calling string_vformat() twice with the same
+ arguments.
+
+DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not
+ for other users. Others should always drop root privileges if they use
+ -C on the command line, even for a whitelisted configure file.
+
+DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes.
+
+NM/01 Fixed bug #1002 - Message loss when using multiple deliveries
+
Exim version 4.72
-----------------