X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/411ef850bbc5eba056d314edef8124105d480a4a..f6c332bd03c89f108c7fe531156cb18d7888ba35:/doc/doc-txt/ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2355e01fc..04ed8e86b 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.408 2006/10/16 10:58:39 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.417 2006/10/30 16:41:04 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -65,7 +65,7 @@ PH/11 Callouts were setting the name used for EHLO/HELO from $smtp_active_
       addresses), $smtp_active_hostname is used.
 
 PH/12 Installed Andrey Panin's patch to add a dovecot authenticator. Various
-      tweaks were necessary in order to get it to work:
+      tweaks were necessary in order to get it to work (see also 21 below):
       (a) The code assumed that strncpy() returns a negative number on buffer
           overflow, which isn't the case. Replaced with Exim's string_format()
           function.
@@ -142,6 +142,70 @@ PH/20 It was discovered that the GnuTLS code had support for RSA_EXPORT, a
       effect of slowing Exim down by computing (never used) parameters for the
       RSA_EXPORT functionality.
 
+PH/21 On the advice of Timo Sirainen, added a check to the dovecot
+      authenticator to fail if there's a tab character in the incoming data
+      (there should never be unless someone is messing about, as it's supposed
+      to be base64-encoded). Also added, on Timo's advice, the "secured" option
+      if the connection is using TLS or if the remote IP is the same as the
+      local IP, and the "valid-client-cert option" if a client certificate has
+      been verified.
+
+PH/22 As suggested by Dennis Davis, added a server_condition option to *all*
+      authenticators. This can be used for authorization after authentication
+      succeeds. (In the case of plaintext, it servers for both authentication
+      and authorization.)
+
+PH/23 Testing for tls_required and lost_connection in a retry rule didn't work
+      if any retry times were supplied.
+
+PH/24 Exim crashed if verify=helo was activated during an incoming -bs
+      connection, where there is no client IP address to check. In this
+      situation, the verify now always succeeds.
+
+PH/25 Applied John Jetmore's -Mset patch.
+
+PH/26 Added -bem to be like -Mset, but loading a message from a file.
+
+PH/27 In a string expansion for a processed (not raw) header when multiple
+      headers of the same name were present, leading whitespace was being
+      removed from all of them, but trailing whitespace was being removed only
+      from the last one. Now trailing whitespace is removed from each header
+      before concatenation. Completely empty headers in a concatenation (as
+      before) are ignored.
+
+PH/28 Fixed bug in backwards-compatibility feature of PH/09 (thanks to John
+      Jetmore). It would have mis-read ACL variables from pre-4.61 spool files.
+
+PH/29 After an address error (typically a 4xx response from a server), Exim
+      always tries the failing address if it appears in a new message, but
+      respects the retry time otherwise. This was implemented by checking for
+      being in a queue run, which isn't quite right. Now it checks the
+      "first_delivery" flag instead.
+
+PH/30 Exim was sometimes attempting to deliver messages that had suffered
+      address errors (4xx response to RCPT) over the same connection as other
+      messages routed to the same hosts. Such deliveries are always "forced",
+      so retry times are not inspected. This resulted in far too many retries
+      for the affected addresses. The effect occurred only when there were more
+      hosts than the hosts_max_try setting in the smtp transport when it had
+      the 4xx errors. Those hosts that it had tried were not added to the list
+      of hosts for which the message was waiting, so if all were tried, there
+      was no problem. Two fixes have been applied:
+
+      (i)  If there are any address or message errors in an SMTP delivery, none
+           of the hosts (tried or untried) are now added to the list of hosts
+           for which the message is waiting, so the message should not be a
+           candidate for sending over the same connection that was used for a
+           successful delivery of some other message. This seems entirely
+           reasonable: after all the message is NOT "waiting for some host".
+           This is so "obvious" that I'm not sure why it wasn't done
+           previously. Hope I haven't missed anything, but it can't do any
+           harm, as the worst effect is to miss an optimization.
+
+      (ii) If, despite (i), such a delivery is accidentally attempted, the
+           routing retry time is respected, so at least it doesn't keep
+           hammering the server.
+
 
 Exim version 4.63
 -----------------