X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/44e6651b73545fb2a58a00ac3641c5eb4722301e..8e041ae0290357eb556bc0692a9fa85bb77bd815:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a4c11e58d..05931dca1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -5,8 +5,117 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.90 +----------------- + +JH/01 Rework error string handling in TLS interface so that the caller in + more cases is responsible for logging. This permits library-sourced + string to be attached to addresses during delivery, and collapses + pairs of long lines into single ones. + +PP/01 Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly + during configuration. Wildcards are allowed and expanded. + +JH/02 Rework error string handling in DKIM to pass more info back to callers. + This permits better logging. + +JH/03 Rework the transport continued-connection mechanism: when TLS is active, + do not close it down and have the child transport start it up again on + the passed-on TCP connection. Instead, proxy the child (and any + subsequent ones) for TLS via a unix-domain socket channel. Logging is + affected: the continued delivery log lines do not have any DNSSEC, TLS + Certificate or OCSP information. TLS cipher information is still logged. + +JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of + identical IP addresses on different listening ports. Will also affect + "exiwhat" output. + +PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers; + add noisy ifdef guards to special-case this sillyness. + Patch from Bernd Kuhls. + +JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger + than 255 are no longer allowed. + +JH/06 Default openssl_options to include +no_ticket, to reduce load on peers. + Disable the session-cache too, which might reduce our load. Since we + currrectly use a new context for every connection, both as server and + client, there is no benefit for these. + GnuTLS appears to not support tickets server-side by default (we don't + call gnutls_session_ticket_enable_server()) but client side is enabled + by default on recent versions (3.1.3 +) unless the PFS priority string + is used (3.2.4 +). + +PP/03 Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at + . + +JH/07 Fix smtp transport use of limited max_rcpt under mua_wrapper. Previously + the check for any unsuccessful recipients did not notice the limit, and + erroneously found still-pending ones. + +JH/08 Pipeline CHUNKING command and data together, on kernels that support + MSG_MORE. Only in-clear (not on TLS connections). + +JH/09 Avoid using a temporary file during transport using dkim. Unless a + transport-filter is involved we can buffer the headers in memory for + creating the signature, and read the spool data file once for the + signature and again for transmission. + +JH/10 Enable use of sendfile in Linux builds as default. It was disabled in + 4.77 as the kernel support then wasn't solid, having issues in 64bit + mode. Now, it's been long enough. Add support for FreeBSD also. + +JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the + case where the routing stage had gathered several addresses to send to + a host before calling the transport for the first, we previously failed + to close down TLS in the old transport process before passing the TCP + connection to the new process. The new one sent a STARTTLS command + which naturally failed, giving a failed delivery and bloating the retry + database. Investigation and fix prototype from Wolfgang Breyha. + +JH/12 Fix check on SMTP command input synchronisation. Previously there were + false-negatives in the check that the sender had not preempted a response + or prompt from Exim (running as a server), due to that code's lack of + awareness of the SMTP input buffering. + +PP/04 Add commandline_checks_require_admin option. + Exim drops privileges sanely, various checks such as -be aren't a + security problem, as long as you trust local users with access to their + own account. When invoked by services which pass untrusted data to + Exim, this might be an issue. Set this option in main configuration + AND make fixes to the calling application, such as using `--` to stop + processing options. + +JH/13 Do pipelining under TLS. Previously, although safe, no advantage was + taken. Now take care to pack both (client) MAIL,RCPT,DATA, and (server) + responses to those, into a single TLS record each way (this usually means + a single packet). As a side issue, smtp_enforce_sync now works on TLS + connections. + +PP/05 OpenSSL/1.1: use DH_bits() for more accurate DH param sizes. This + affects you only if you're dancing at the edge of the param size limits. + If you are, and this message makes sense to you, then: raise the + configured limit or use OpenSSL 1.1. Nothing we can do for older + versions. + +JH/14 For the "sock" variant of the malware scanner interface, accept an empty + cmdline element to get the documented default one. Previously it was + inaccessible. + +JH/15 Fix a crash in the smtp transport caused when two hosts in succession + are unsuable for non-message-specific reasons - eg. connection timeout, + banner-time rejection. + +JH/16 Fix logging of delivery remote port, when specified by router, under + callout/hold. + +PP/06 Repair manualroute's ability to take options in any order, even if one + is the name of a transport. + Fixes bug 2140. + + Exim version 4.89 -------------------- +----------------- JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules than -2003 did; needs libidn2 in addition to libidn. @@ -69,6 +178,50 @@ JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line endings, at least on the first header line. Try to canonify any that get past that check, despite the cost. +JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are + now limited to an arbitrary five deep, while parsing addresses with the + strip_excess_angle_brackets option enabled. + +PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and + instead leave the unprompted TLS handshake in socket buffer for the + TLS library to consume. + +PP/04 Bug 2018: Also handle Proxy Protocol v2 safely. + +PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl + +JH/16 Drop variables when they go out of scope. Memory management drops a whole + region in one operation, for speed, and this leaves assigned pointers + dangling. Add checks run only under the testsuite which checks all + variables at a store-reset and panics on a dangling pointer; add code + explicitly nulling out all the variables discovered. Fixes one known + bug: a transport crash, where a dangling pointer for $sending_ip_address + originally assigned in a verify callout, is re-used. + +PP/06 Drop '.' from @INC in various Perl scripts. + +PP/07 Switch FreeBSD iconv to always use the base-system libc functions. + +PP/08 Reduce a number of compilation warnings under clang; building with + CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses + should be warning-free. + +JH/17 Fix inbound CHUNKING when DKIM disabled at runtime. + +HS/01 Fix portability problems introduced by PP/08 for platforms where + realloc(NULL) is not equivalent to malloc() [SunOS et al]. + +HS/02 Bug 1974: Fix missing line terminator on the last received BDAT + chunk. This allows us to accept broken chunked messages. We need a more + general solution here. + +PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover + already-broken messages in the queue. + +JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value. + +JH/19 Fix reference counting bug in routing-generated-address tracking. + Exim version 4.88 -----------------