X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/36eb5d3d77426d8cbf4243ea752f8d8cd1d5c682..46d2a5e6f6e7709d172903b13945d23fc0a2c888:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f0dccdc62..be07ba625 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -100,13 +100,61 @@ JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it buffer was in use at the time. Change to a compile-time increase in the buffer size, when this authenticator is compiled into exim. -JH/22 Taint checking: move to a hybrid approach for checking. Previously, one - of two ways was used, depending on a build-time flag. The fast method - relied on assumptions about the OS and libc malloc, which were known to - not hold for the BSD-derived platforms, and discovered to not hold for - 32-bit Linux either. In fact the glibc documentation describes cases - where these assumptions do not hold. The new implementation tests for - the situation arising and actively switches over from fast to safe mode. +JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The + previous fast-mode was untenable in the face of glibs using mmap to + support larger malloc requests. + +PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c. + New values supported, if defined on system where compiled: + allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat, + no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding + +JH/23 Performance improvement in the initial phase of a two-pass queue run. By + running a limited number of proceses in parallel, a benefit is gained. The + amount varies with the platform hardware and load. The use of the option + queue_run_in_order means we cannot do this, as ordering becomes + indeterminate. + +JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix + had introduced a string-copy (for ensuring NUL-termination) which was not + appropriate for that case, which can include embedded NUL bytes in the + block of data. Investigation showed the copy to actually be needless, the + data being length-specified. + +JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was + done during a receiving connection, and both used TLS, global info was + used rather than per-connection info for tracking the state of data + queued for transmission. This could result in a connection hang. + +JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections. + Previously, when delivering serveral messages down a single connection + only the first would provide a SIZE. This was due to the size information + not being properly tracked. + +JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as + TAI (at 37 seconds currently), pretend to be in UTC for time-related + expansion and logging. Previously, spurious values such as a future + minute could be seen. + +JH/28 Bug 2533: Fix expansion of ${tr } item. When called in some situations + it could crash from a null-deref. This could also affect the + ${addresses: } operator and ${readsock } item. + +JH/29 Bug 2537: Fix $mime_part_count. When a single connection had a non-mime + message following a mime one, the variable was not reset. + +JH/30 When an pipelined-connect fails at the first response, assume incorrect + cached capability (perhaps the peer reneged?) and immediately retry in + non-pipelined mode. + +JH/31 Fix spurious detection of timeout while writing to transport filter. + +JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously + an attempt to copy the string was made before checking it. + +JH/33 Fix the dsearch lookup to return an untainted result. Previously the + taint of the lookup key was maintained; we now regard the presence in the + filesystem as sufficient validation. Exim version 4.93