X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/2525748962c69c005b3c73779b26c8883b219956..0ef732d996b5f37b28410c5efe132fbbe5c686ef:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 869a9c270..c8e74b5f7 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,8 +1,170 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.366 2006/07/03 15:19:44 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.413 2006/10/23 13:24:21 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.64 +----------------- + +TF/01 In the add_headers option to the mail command in an Exim filter, + there was a bug that Exim would claim a syntax error in any + header after the first one which had an odd number of characters + in the field name. + +PH/01 If a server that rejects MAIL FROM:<> was the target of a sender + callout verification, Exim cached a "reject" for the entire domain. This + is correct for most verifications, but it is not correct for a recipient + verification with use_sender or use_postmaster set, because in that case + the callout does not use MAIL FROM:<>. Exim now distinguishes the special + case of MAIL FROM:<> rejection from other early rejections (e.g. + rejection of HELO). When verifying a recipient using a non-null MAIL + address, the cache is ignored if it shows MAIL FROM:<> rejection. + Whatever the result of the callout, the value of the domain cache is + left unchanged (for any other kind of callout, getting as far as trying + RCPT means that the domain itself is ok). + +PH/02 Tidied a number of unused variable and signed/unsigned warnings that + gcc 4.1.1 threw up. + +PH/03 On Solaris, an unexpectedly close socket (dropped connection) can + manifest itself as EPIPE rather than ECONNECT. When tidying away a + session, the daemon ignores ECONNECT errors and logs others; it now + ignores EPIPE as well. + +PH/04 Applied Nico Erfurth's refactoring patch to tidy up mime.c + (quoted-printable decoding). + +PH/05 Applied Nico Erfurth's refactoring patch to tidy up spool_mbox.c, and + later the small subsequent patch to fix an introduced bug. + +PH/06 Installed the latest Cygwin Makefile from the Cygwin maintainer. + +PH/07 There was no check for overflow in expansions such as ${if >{1}{4096M}}. + +PH/08 An error is now given if message_size_limit is specified negative. + +PH/09 Applied and tidied up Jakob Hirsch's patch for allowing ACL variables + to be given (somewhat) arbitrary names. + +JJ/01 exipick 20060919.0, allow for arbitrary acl_ variables introduced + in 4.64-PH/09. + +JJ/02 exipick 20060919.0, --show-vars args can now be regular expressions, + miscellaneous code fixes + +PH/10 Added the log_reject_target ACL modifier to specify where to log + rejections. + +PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_ + hostname. This is wrong, because it relates to the incoming message (and + probably the interface on which it is arriving) and not to the outgoing + callout (which could be using a different interface). This has been + changed to use the value of the helo_data option from the smtp transport + instead - this is what is used when a message is actually being sent. If + there is no remote transport (possible with a router that sets up host + addresses), $smtp_active_hostname is used. + +PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various + tweaks were necessary in order to get it to work (see also 21 below): + (a) The code assumed that strncpy() returns a negative number on buffer + overflow, which isn't the case. Replaced with Exim's string_format() + function. + (b) There were several signed/unsigned issues. I just did the minimum + hacking in of casts. There is scope for a larger refactoring. + (c) The code used strcasecmp() which is not a standard C function. + Replaced with Exim's strcmpic() function. + (d) The code set only $1; it now sets $auth1 as well. + (e) A simple test gave the error "authentication client didn't specify + service in request". It would seem that Dovecot has changed its + interface. Fortunately there's a specification; I followed it and + changed what the client sends and it appears to be working now. + +PH/13 Added $message_headers_raw to provide the headers without RFC 2047 + decoding. + +PH/14 Corrected misleading output from -bv when -v was also used. Suppose the + address A is aliased to B and C, where B exists and C does not. Without + -v the output is "A verified" because verification stops after a + successful redirection if more than one address is generated. However, + with -v the child addresses are also verified. Exim was outputting "A + failed to verify" and then showing the successful verification for C, + with its parentage. It now outputs "B failed to verify", showing B's + parentage before showing the successful verification of C. + +PH/15 Applied Michael Deutschmann's patch to allow DNS black list processing to + look up a TXT record in a specific list after matching in a combined + list. + +PH/16 It seems that the options setting for the resolver (RES_DEFNAMES and + RES_DNSRCH) can affect the behaviour of gethostbyname() and friends when + they consult the DNS. I had assumed they would set it the way they + wanted; and indeed my experiments on Linux seem to show that in some + cases they do (I could influence IPv6 lookups but not IPv4 lookups). + To be on the safe side, however, I have now made the interface to + host_find_byname() similar to host_find_bydns(), with an argument + containing the DNS resolver options. The host_find_byname() function now + sets these options at its start, just as host_find_bydns() does. The smtp + transport options dns_qualify_single and dns_search_parents are passed to + host_find_byname() when gethostbyname=TRUE in this transport. Other uses + of host_find_byname() use the default settings of RES_DEFNAMES + (qualify_single) but not RES_DNSRCH (search_parents). + +PH/17 Applied (a modified version of) Nico Erfurth's patch to make + spool_read_header() do less string testing, by means of a preliminary + switch on the second character of optional "-foo" lines. (This is + overdue, caused by the large number of possibilities that now exist. + Originally there were few.) While I was there, I also converted the + str(n)cmp tests so they don't re-test the leading "-" and the first + character, in the hope this might squeeze out yet more improvement. + +PH/18 Two problems with "group" syntax in header lines when verifying: (1) The + flag allowing group syntax was set by the header_syntax check but not + turned off, possible causing trouble later; (2) The flag was not being + set at all for the header_verify test, causing "group"-style headers to + be rejected. I have now set it in this case, and also caused header_ + verify to ignore an empty address taken from a group. While doing this, I + came across some other cases where the code for allowing group syntax + while scanning a header line wasn't quite right (mostly, not resetting + the flag correctly in the right place). These bugs could have caused + trouble for malformed header lines. I hope it is now all correct. + +PH/19 The functions {pwcheck,saslauthd}_verify_password() are always called + with the "reply" argument non-NULL. The code, however (which originally + came from elsewhere) had *some* tests for NULL when it wrote to *reply, + but it didn't always do it. This confused somebody who was copying the + code for some other use. I have removed all the tests. + +PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a + feature that was used to support insecure browsers during the U.S. crypto + embargo. It requires special client support, and Exim is probably the + only MTA that supported it -- and would never use it because real RSA is + always available. This code has been removed, because it had the bad + effect of slowing Exim down by computing (never used) parameters for the + RSA_EXPORT functionality. + +PH/21 On the advice of Timo Sirainen, added a check to the dovecot + authenticator to fail if there's a tab character in the incoming data + (there should never be unless someone is messing about, as it's supposed + to be base64-encoded). Also added, on Timo's advice, the "secured" option + if the connection is using TLS or if the remote IP is the same as the + local IP, and the "valid-client-cert option" if a client certificate has + been verified. + +PH/22 As suggested by Dennis Davis, added a server_condition option to *all* + authenticators. This can be used for authorization after authentication + succeeds. (In the case of plaintext, it servers for both authentication + and authorization.) + +PH/23 Testing for tls_required and lost_connection in a retry rule didn't work + if any retry times were supplied. + +PH/24 Exim crashed if verify=helo was activated during an incoming -bs + connection, where there is no client IP address to check. In this + situation, the verify now always succeeds. + +PH/25 Applied John Jetmore's -Mset patch. + + Exim version 4.63 ----------------- @@ -70,6 +232,83 @@ PH/08 When testing addresses using -bt, indicate those final addresses that PH/09 Applied patch from Erik to use select() instead of poll() in spam.c on systems where poll() doesn't work, in particular OS X. +PH/10 Added more information to debugging output for retry time not reached. + +PH/11 Applied patch from Arkadiusz Miskiewicz to apply a timeout to read + operations in malware.c. + +PH/12 Applied patch from Magnus Holmgren to include the "h" tag in Domain Keys + signatures. + +PH/13 If write_rejectlog was set false when logging was sent to syslog with + syslog_duplication set false, log lines that would normally be written + both the the main log and to the reject log were not written to syslog at + all. + +PH/14 In the default configuration, change the use of "message" in ACL warn + statements to "add_header". + +PH/15 Diagnose a filter syntax error for "seen", "unseen", or "noerror" if not + not followed by a command (e.g. "seen endif"). + +PH/16 Recognize SMTP codes at the start of "message" in ACLs and after :fail: + and :defer: in a redirect router. Add forbid_smtp_code to suppress the + latter. + +PH/17 Added extra conditions to the default value of delay_warning_condition + so that it is now: + + ${if or { \ + { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} } \ + { match{$h_precedence:}{(?i)bulk|list|junk} } \ + { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} } \ + }{no}{yes}} + + The Auto-Submitted: and various List- headers are standardised, whereas I + don't think Precedence: ever was. + +PH/18 Refactored debugging code in route_finduser() to show more information, + in particular, the error code if getpwnam() issues one. + +PH/19 Added PQsetClientEncoding(conn, "SQL_ASCII") to the pgsql code module. + This is apparently needed in addition to the PH/07 change above to avoid + any possible encoding problems. + +PH/20 Perl can change the locale. Exim was resetting it after a ${perl call, + but not after initializing Perl. + +PH/21 Added a call to PQsetNoticeProcessor() to catch pgsql "notices" and + output them only if debugging. By default they are written stderr, + apparently, which is not desirable. + +PH/22 Added Alain Williams' LDAP patch to support setting REFERRALS=off on + queries. + +JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and + --not options + +JJ/02 exipick: rewrote --help documentation to hopefully make more clear. + +PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is + authenticated or an ident call has been made. Suppress the default + values for $authenticated_id and $authenticated_sender (but permit -oMai + and -oMas) when testing with -bh. + +PH/24 Re-jigged the order of the tests in the default configuration so that the + tests for valid domains and recipients precede the DNS black list and CSA + tests, on the grounds that those ones are more expensive. + +PH/25 Exim was not testing for a space following SMTP commands such as EHLO + that require one. Thus, EHLORHUBARB was interpreted as a valid command. + This bug exists in every version of Exim that I still have, right back to + 0.12. + +PH/26 (n)wildlsearch lookups are documented as being done case-insensitively. + However, an attempt to turn on case-sensitivity in a regex key by + including (?-i) didn't work because the subject string was already + lowercased, and the effects were non-intuitive. It turns out that a + one-line patch can be used to allow (?-i) to work as expected. + Exim version 4.62 -----------------