X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/130212d30d47e588c2bc03edcfce11bf3857da03..361615d1e97b82f4797381b749bc5977d7a1d66b:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 4875289b3..e8f704839 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -3,6 +3,14 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Since Exim version 4.94 +---------------------- + +JH/01 Bug 1329: Fix format of Maildir-format filenames to match other mail- + related applications. Previously an "H" was used where available info + says that "M" should be, so change to match. + + Exim version 4.94 ----------------- @@ -93,6 +101,7 @@ JH/20 Taint checking: disallow use of tainted data for - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names + - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it @@ -149,6 +158,55 @@ JH/30 When an pipelined-connect fails at the first response, assume incorrect JH/31 Fix spurious detection of timeout while writing to transport filter. +JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously + an attempt to copy the string was made before checking it. + +JH/33 Fix the dsearch lookup to return an untainted result. Previously the + taint of the lookup key was maintained; we now regard the presence in the + filesystem as sufficient validation. + +JH/34 Fix the readsocket expansion to not segfault when an empty "options" + argument is supplied. + +JH/35 The dsearch lookup now requires that the directory is an absolute path. + Previously this was not checked, and nonempty relative paths made an + access under Exim's current working directory. + +JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case. + Previously no event was raised. + +JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE + parameter supplied by the sender MAIL FROM command. Previously it was + ignored, and only the check_spool_space option value for the required + leeway checked. + +JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present + the size of the signing public-key. Previously it was instead giving + the size of the signature hash. + +JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now + the default. See the (new) dkim_verify_min_keysizes option. + +JH/40 Fix a memory-handling bug: when a connection carried multiple messages + and an ACL use a lookup for checking either the local_part or domain, + stale data could be accessed. Ensure that variable references are + dropped between messages. + +JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied + by the client was not checked as pointing within response data before + being used. A malicious client could thus cause an out-of-bounds read and + possibly gain authentication. Fix by adding the check. + +JH/42 Internationalisation: change the default for downconversion in the smtp + transport to be "if needed". Previously it was "as previously set" for + the message, which usually meant "if needed" for message-submission but + "no" for everything else. However, MTAs have been seen using SMTPUTF8 + even when the envelope addresses did not need it, resulting in forwarding + failures to non-supporting MTAs. A downconvert in such cases will be + a no-op on the addresses, merely dropping the use of SMTPUTF8 by the + transport. The change does mean that addresses needing conversion will + be converted when previously a delivery failure would occur. + Exim version 4.93 -----------------