X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/0cc095774a2e98c2f1d9f9983a822167d5633162..35110e7035925a8f2bb93c64151da7e0afaf85cf:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9611cfd46..a1bd4e7fc 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,22 +1,225 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.583 2009/10/26 13:22:13 nm4 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.632 2010/06/12 15:21:25 jetmore Exp $ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.74 +----------------- + +TF/01 Failure to get a lock on a hints database can have serious + consequences so log it to the panic log. + +TF/02 Log LMTP confirmation messages in the same way as SMTP, + controlled using the smtp_confirmation log selector. + +TF/03 Include the error message when we fail to unlink a spool file. + +DW/01 Bugzilla 139: Support dynamically loaded lookups as modules. + With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux + for maintaining out-of-tree patches for some time. + +PP/01 Bugzilla 139: Documentation and portability issues. + Avoid GNU Makefile-isms, let Exim continue to build on BSD. + Handle per-OS dynamic-module compilation flags. + +PP/02 Let /dev/null have normal permissions. + The 4.73 fixes were a little too stringent and complained about the + permissions on /dev/null. Exempt it from some checks. + Reported by Andreas M. Kirchwitz. + +PP/03 Report version information for many libraries, including + Exim version information for dynamically loaded libraries. Created + version.h, now support a version extension string for distributors + who patch heavily. Dynamic module ABI change. + +PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a + privilege escalation vulnerability whereby the Exim run-time user + can cause root to append content of the attacker's choosing to + arbitrary files. + + +Exim version 4.73 +----------------- + +PP/01 Date: & Message-Id: revert to normally being appended to a message, + only prepend for the Resent-* case. Fixes regression introduced in + Exim 4.70 by NM/22 for Bugzilla 607. + +PP/02 Include check_rfc2047_length in configure.default because we're seeing + increasing numbers of administrators be bitten by this. + +JJ/01 Added DISABLE_DKIM and comment to src/EDITME + +PP/03 Bugzilla 994: added openssl_options main configuration option. + +PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. + +PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports. + +PP/06 Adjust NTLM authentication to handle SASL Initial Response. + +PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but + without a peer certificate, leading to a segfault because of an + assumption that peers always have certificates. Be a little more + paranoid. Problem reported by Martin Tscholak. + +PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content + filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes + NB: ClamAV planning to remove STREAM in "middle of 2010". + CL also introduces -bmalware, various -d+acl logging additions and + more caution in buffer sizes. + +PP/09 Implemented reverse_ip expansion operator. + +PP/10 Bugzilla 937: provide a "debug" ACL control. + +PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne. + +PP/12 Bugzilla 973: Implement --version. + +PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0. + +PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler. + +PP/15 Bugzilla 816: support multiple condition rules on Routers. + +PP/16 Add bool_lax{} expansion operator and use that for combining multiple + condition rules, instead of bool{}. Make both bool{} and bool_lax{} + ignore trailing whitespace. + +JJ/02 prevent non-panic DKIM error from being sent to paniclog + +JJ/03 added tcp_wrappers_daemon_name to allow host entries other than + "exim" to be used + +PP/17 Fix malware regression for cmdline scanner introduced in PP/08. + Notification from Dr Andrew Aitchison. + +PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's + ExtendedDetectionInfo response format. + Notification from John Horne. + +PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards + compatible. + +PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http: + XSL and documented dependency on system catalogs, with examples of how + it normally works. + +DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store + access. + +DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour + of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a + configuration file which is writeable by the Exim user or group. + +DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability + of configuration files to cover files specified with the -C option if + they are going to be used with root privileges, not just the default + configuration file. + +DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY + option (effectively making it always true). + +DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration + files to be used while preserving root privileges. + +DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure + that rogue child processes cannot use them. + +PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim + run-time user, instead of root. + +PP/28 Add WHITELIST_D_MACROS option to let some macros be overriden by the + Exim run-time user without dropping privileges. + +DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the + result string, instead of calling string_vformat() twice with the same + arguments. + +DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not + for other users. Others should always drop root privileges if they use + -C on the command line, even for a whitelisted configure file. + +DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes. + +NM/01 Fixed bug #1002 - Message loss when using multiple deliveries + + +Exim version 4.72 +----------------- + +JJ/01 installed exipick 20100104.1, adding $max_received_linelength, + $data_path, and $header_path variables; fixed documentation bugs and + typos + +JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow + exipick to access non-standard spools, including the "frozen" queue + (Finput) + +NM/01 Bugzilla 965: Support mysql stored procedures. + Patch from Alain Williams + +NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD + +NM/03 Bugzilla 955: Documentation fix for max_rcpts. + Patch from Andreas Metzler + +NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator. + Patch from Kirill Miazine + +NM/05 Bugzilla 671: Added umask to procmail example. + +JJ/03 installed exipick 20100323.0, fixing doc bug + +NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail + directory. Notification and patch from Dan Rosenberg. + +TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1. + +TK/02 Improve log output when DKIM signing operation fails. + +MH/01 Treat the transport option dkim_domain as a colon separated + list, not as a single string, and sign the message with each element, + omitting multiple occurences of the same signer. + +NM/07 Null terminate DKIM strings, Null initialise DKIM variable + Bugzilla 985, 986. Patch by Simon Arlott + +NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related) + Patch by Simon Arlott + +PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on + MBX locking. Notification from Dan Rosenberg. + + +Exim version 4.71 +----------------- + +TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body. + +NM/01 Bugzilla 913: Documentation fix for gnutls_* options. + +NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults. + +NM/03 Bugzilla 847: Enable DNSDB lookup by default. + +NM/04 Bugzilla 915: Flag broken perl installation during build. + + Exim version 4.70 ----------------- TK/01 Added patch by Johannes Berg that expands the main option - "spamd_servers" if it starts with a dollar sign. + "spamd_address" if it starts with a dollar sign. TK/02 Write list of recipients to X-Envelope-Sender header when building the mbox-format spool file for content scanning (suggested by Jakob - Hirsch) + Hirsch). TK/03 Added patch by Wolfgang Breyha that adds experimental DCC (http://www.dcc-servers.net/) support via dccifd. Activated by - setting EXPERIMENTAL_DCC=yes in Local/Makefile. Check out - experimental_spec.txt for more documentation. + setting EXPERIMENTAL_DCC=yes in Local/Makefile. TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted by Mark Daniel Reidel . @@ -28,16 +231,16 @@ NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree. NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator conversation. Added nologin parameter to request. - Patch contributed by Kirill Miazine + Patch contributed by Kirill Miazine. TF/01 Do not log submission mode rewrites if they do not change the address. TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c. NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty - log files in place. Contributed by Roberto Lima + log files in place. Contributed by Roberto Lima. -NM/04 Bugzilla 667: close socket used by dovecot authenticator +NM/04 Bugzilla 667: Close socket used by dovecot authenticator. TF/03 Bugzilla 615: When checking the local_parts router precondition after a local_part_suffix or local_part_prefix option, Exim now @@ -45,14 +248,14 @@ TF/03 Bugzilla 615: When checking the local_parts router precondition contains cached lookups for the whole local part. NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by - Robert Millan. Documentation is in experimental-spec.txt + Robert Millan. Documentation is in experimental-spec.txt. TF/04 Bugzilla 668: Fix parallel build (make -j). -NM/05 Bugzilla 437: Prevent Maildix aux files being created with mode 000 +NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000. -NM/05 Bugzilla 598: Improvement to Dovecot authenticator handling. - Patch provided by Jan Srzednicki +NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling. + Patch provided by Jan Srzednicki. TF/05 Leading white space used to be stripped from $spam_report which wrecked the formatting. Now it is preserved. @@ -69,74 +272,96 @@ TF/09 Produce a more useful error message if an SMTP transport's hosts setting expands to an empty string. NM/06 Bugzilla 744: EXPN did not work under TLS. - Patch provided by Phil Pennock + Patch provided by Phil Pennock. NM/07 Bugzilla 769: Extraneous comma in usage fprintf - Patch provided by Richard Godbee + Patch provided by Richard Godbee. NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be acl_smtp_notquit, added index entry. -NM/09 Bugzilla 787: Potential buffer overflow in string_format - Patch provided by Eugene Bujak +NM/09 Bugzilla 787: Potential buffer overflow in string_format. + Patch provided by Eugene Bujak. -NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to accept() - Patch provided by Maxim Dounin +NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to + accept(). Patch provided by Maxim Dounin. NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero. - Patch provided by Phil Pennock + Patch provided by Phil Pennock. NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists. NM/13 Bugzilla 590: Correct handling of Resent-Date headers. - Patch provided by Brad "anomie" Jorsch + Patch provided by Brad "anomie" Jorsch. NM/14 Bugzilla 622: Added timeout setting to transport filter. - Patch provided by Dean Brooks + Patch provided by Dean Brooks. TK/05 Add native DKIM support (does not depend on external libraries). NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful. - Patch provided by Graeme Fowler + Patch provided by Graeme Fowler. NM/16 Bugzilla 851: Documentation example syntax fix. NM/17 Changed NOTICE file to remove references to embedded PCRE. -NM/18 Bugzilla 894: Fix issue with very long lines including comments in lsearch +NM/18 Bugzilla 894: Fix issue with very long lines including comments in + lsearch. + +NM/19 Bugzilla 745: TLS version reporting. + Patch provided by Phil Pennock. + +NM/20 Bugzilla 167: bool: condition support. + Patch provided by Phil Pennock. + +NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken + clients. Patch provided by Phil Pennock. + +NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date. + Patch provided by Brad "anomie" Jorsch. + +NM/23 Bugzilla 687: Fix misparses in eximstats. + Patch provided by Heiko Schlittermann. + +NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid. + Patch provided by Heiko Schlittermann. + +NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file. + plus update to original patch. + +NM/26 Bugzilla 799: Documentation correction for ratelimit. -NM/19 Bugzilla 745: TLS version reporting - Patch provided by Phil Pennock +NM/27 Bugzilla 802: Improvements to local interface IP addr detection. + Patch provided by David Brownlee. -NM/20 Bugzilla 167: bool: condition support - Patch provided by Phil Pennock +NM/28 Bugzilla 807: Improvements to LMTP delivery logging. -NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken clients - Patch provided by Phil Pennock +NM/29 Bugzilla 862, 866, 875: Documentation bugfixes. -NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date - Patch provided by Brad "anomie" Jorsch +NM/30 Bugzilla 888: TLS documentation bugfixes. -NM/23 Bugzilla 687: Fix misparses in eximstats - Patch provided by Heiko Schlittermann +NM/31 Bugzilla 896: Dovecot buffer overrun fix. -NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid - Patch provided by Heiko Schlittermann +NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" + Unlike the original bugzilla I have changed all shell scripts in src tree. -NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file +NM/33 Bugzilla 898: Transport filter timeout fix. + Patch by Todd Rinaldo. -NM/26 Bugzilla 799: Documentation correction for ratelimit +NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches. + Patch by Serge Demonchaux. -NM/27 Bugzilla 802: Improvements to local interface IP addr detection - Patch provided by David Brownlee +NM/35 Bugzilla 39: Base64 decode bug fixes. + Patch by Jakob Hirsch. -NM/28 Bugzilla 807: Improvements to LMTP delivery logging +NM/36 Bugzilla 909: Correct connect() call in dcc code. -NM/29 Bugzilla 862, 866, 875: Documentation bugfixes +NM/37 Bugzilla 910: Correct issue with relaxed/simple handling. -NM/30 Bugzilla 888: TLS documentation bugfixes +NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed. -NM/31 Bugzilla 896: Dovecot buffer overrun fix +NM/39 Bugzilla 911: Fixed MakeLinks build script. Exim version 4.69 @@ -158,11 +383,11 @@ NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked SC/01 Added the -bylocaldomain option to eximstats. -NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr +NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr. -NM/03 Bugzilla 613: Documentation fix for acl_not_smtp +NM/03 Bugzilla 613: Documentation fix for acl_not_smtp. -NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall) +NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall). Exim version 4.68