X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/578897ea8764001d0538b8b645d161524ba1fa4e..594db4c93b1f04ddb422ad86a188a4fdcb19c570:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index d4240fa29..2dfd7d347 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -2,6 +2,142 @@ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.86 +----------------- +JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now + expanded. + +JH/02 The smtp transport option "multi_domain" is now expanded. + +JH/03 The smtp transport now requests PRDR by default, if the server offers + it. + +JH/04 Certificate name checking on server certificates, when exim is a client, + is now done by default. The transport option tls_verify_cert_hostname + can be used to disable this per-host. The build option + EXPERIMENTAL_CERTNAMES is withdrawn. + +JH/05 The value of the tls_verify_certificates smtp transport and main options + default to the word "system" to access the system default CA bundle. + For GnuTLS, only version 3.0.20 or later. + +JH/06 Verification of the server certificate for a TLS connection is now tried + (but not required) by default. The verification status is now logged by + default, for both outbound TLS and client-certificate supplying inbound + TLS connections + +JH/07 Changed the default rfc1413 lookup settings to disable calls. Few + sites use this now. + +JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery + Status Notification (bounce) messages are now MIME format per RFC 3464. + Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised + under the control of the dsn_advertise_hosts option, and routers may + have a dsn_lasthop option. + +JH/09 A timeout of 2 minutes is now applied to all malware scanner types by + default, modifiable by a malware= option. The list separator for + the options can now be changed in the usual way. + + + +Exim version 4.85 +----------------- +TL/01 When running the test suite, the README says that variables such as + no_msglog_check are global and can be placed anywhere in a specific + test's script, however it was observed that placement needed to be near + the beginning for it to behave that way. Changed the runtest perl + script to read through the entire script once to detect and set these + variables, reset to the beginning of the script, and then run through + the script parsing/test process like normal. + +TL/02 The BSD's have an arc4random API. One of the functions to induce + adding randomness was arc4random_stir(), but it has been removed in + OpenBSD 5.5. Detect this OpenBSD version and skip calling this + function when detected. + +JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now + cause callback expansion. + +TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that + syntax errors in an expansion can be treated as a string instead of + logging or causing an error, due to the internal use of bool_lax + instead of bool when processing it. + +JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for + server certificates when making smtp deliveries. + +JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups. + +JH/04 Add ${sort {list}{condition}{extractor}} expansion item. + +TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep. + +TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups. + Merged patch from Sebastian Wiedenroth. + +JH/05 Fix results-pipe from transport process. Several recipients, combined + with certificate use, exposed issues where response data items split + over buffer boundaries were not parsed properly. This eventually + resulted in duplicates being sent. This issue only became common enough + to notice due to the introduction of conection certificate information, + the item size being so much larger. Found and fixed by Wolfgang Breyha. + +JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed + size buffer was used, resulting in syntax errors when an expansion + exceeded it. + +JH/07 Add support for directories of certificates when compiled with a GnuTLS + version 3.3.6 or later. + +JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef + is EXPERIMENTAL_EVENT, the main-configuration and transport options + both become "event_action", the variables become $event_name, $event_data + and $event_defer_errno. There is a new variable $verify_mode, usable in + routers, transports and related events. The tls:cert event is now also + raised for inbound connections, if the main configuration event_action + option is defined. + +TL/06 In test suite, disable OCSP for old versions of openssl which contained + early OCSP support, but no stapling (appears to be less than 1.0.0). + +JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on + server certificate names available under the smtp transport option + "tls_verify_cert_hostname" now do not permit multi-component wildcard + matches. + +JH/10 Time-related extraction expansions from certificates now use the main + option "timezone" setting for output formatting, and are consistent + between OpenSSL and GnuTLS compilations. Bug 1541. + +JH/11 Fix a crash in mime ACL when meeting a zero-length parameter in the + incoming message. + +JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now + include certificate info, eximon was claiming there were spoolfile + syntax errors. + +JH/13 Buf 1521: Fix ldap lookup for single-attr request, multiple-attr return. + +JH/14 Log delivery-related information more consistently, using the sequence + "H= []" wherever possible. + + +Exim version 4.84 +----------------- +TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static + checkers that were complaining about end of non-void function with no + return. + +JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers. + This was a regression intruduced in 4.83 by another bugfix. + +JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled. + +TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when + EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha. + + Exim version 4.83 ----------------- @@ -25,7 +161,8 @@ TL/01 LDAP support uses per connection or global context settings, depending TL/02 Experimental Proxy Protocol support: allows a proxied SMTP connection to extract and use the src ip:port in logging and expansions as if it - were a direct connection from the outside internet. + were a direct connection from the outside internet. PPv2 support was + updated based on HAProxy spec change in May 2014. JH/02 Add ${listextract {number}{list}{success}{fail}}. @@ -100,6 +237,59 @@ TL/09 Bugzilla 609: Add -C option to exiqgrep, specify which exim.conf to use. JH/19 EXPERIMENTAL_OCSP support under GnuTLS. Bug 1459. +TL/10 Bugzilla 1454: New -oMm option to pass message reference to Exim. + Requires trusted mode and valid format message id, aborts otherwise. + Patch contributed by Heiko Schlichting. + +JH/20 New expansion variables tls_(in,out)_(our,peer)cert, and expansion item + certextract with support for various fields. Bug 1358. + +JH/21 Observability of OCSP via variables tls_(in,out)_ocsp. Stapling + is requested by default, modifiable by smtp transport option + hosts_request_ocsp. + +JH/22 Expansion operators ${md5:string} and ${sha1:string} can now + operate on certificate variables to give certificate fingerprints + Also new ${sha256:cert_variable}. + +JH/23 The PRDR feature is moved from being Experimental into the mainline. + +TL/11 Bug 1119: fix memory allocation in string_printing2(). Patch from + Christian Aistleitner. + +JH/24 The OCSP stapling feature is moved from Experimental into the mainline. + +TL/12 Bug 1444: Fix improper \r\n sequence handling when writing spool + file. Patch from Wolfgang Breyha. + +JH/25 Expand the coverage of the delivery $host and $host_address to + client authenticators run in verify callout. Bug 1476. + +JH/26 Port service names are now accepted for tls_on_connect_ports, to + align with daemon_smtp_ports. Bug 72. + +TF/03 Fix udpsend. The ip_connectedsocket() function's socket type + support and error reporting did not work properly. + +TL/13 Bug 1495: Exiqgrep check if -C config file specified on cli exists + and is readable. Patch from Andrew Colin Kissa. + +TL/14 Enhance documentation of ${run expansion and how it parses the + commandline after expansion, particularly in the case when an + unquoted variable expansion results in an empty value. + +JH/27 The TLS SNI feature was broken in 4.82. Fix it. + +PP/02 Fix internal collision of T_APL on systems which support RFC3123 + by renaming away from it. Addresses GH issue 15, reported by + Jasper Wallace. + +JH/28 Fix parsing of MIME headers for parameters with quoted semicolons. + +TL/15 SECURITY: prevent double expansion in math comparison functions + (can expand unsanitized data). Not remotely exploitable. + CVE-2014-2972 + Exim version 4.82 ----------------- @@ -337,7 +527,7 @@ TL/11 Bugzilla 1382 - Option ldap_require_cert overrides start_tls TL/12 Enhanced documentation in the ratelimit.pl script provided in the src/util/ subdirectory. -TL/13 Bug 1301 - Imported transport SQL logging patch from Axel Rau +TL/13 Bug 1031 - Imported transport SQL logging patch from Axel Rau renamed to Transport Post Delivery Action by Jeremy Harris, as EXPERIMENTAL_TPDA.