X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/8b5af54dcce3034b7893ad66e685a668b3470053..ebd9bd7d2ef66379770eb415b360b6b880784f7b:/src/README.UPDATING diff --git a/src/README.UPDATING b/src/README.UPDATING index 41375584d..0b70caa2b 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -1,4 +1,4 @@ -$Cambridge: exim/src/README.UPDATING,v 1.2 2005/01/11 15:15:33 ph10 Exp $ +$Cambridge: exim/src/README.UPDATING,v 1.17 2009/10/16 07:35:42 tom Exp $ This document contains detailed information about incompatibilities that might be encountered when upgrading from one release of Exim to another. The @@ -28,34 +28,192 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.74 +----------------- + + * The integrated support for dynamically loadable lookup modules has an ABI + change from the modules supported by some OS vendors through an unofficial + patch. Don't try to mix & match. + + * Some parts of the build system are now beginning to assume that the host + environment is POSIX. If you're building on a system where POSIX tools are + not the default, you might have an easier time if you switch to the POSIX + tools. Feel free to report non-POSIX issues as a request for a feature + enhancement, but if the POSIX variants are available then the fix will + probably just involve some coercion. See the README instructions for + building on such hosts. + + +Exim version 4.73 +----------------- + + * The Exim run-time user can no longer be root; this was always + strongly discouraged, but is now prohibited both at build and + run-time. If you need Exim to run routinely as root, you'll need to + patch the source and accept the risk. Here be dragons. + + * Exim will no longer accept a configuration file owned by the Exim + run-time user, unless that account is explicitly the value in + CONFIGURE_OWNER, which we discourage. Exim now checks to ensure that + files are not writable by other accounts. + + * The ALT_CONFIG_ROOT_ONLY build option is no longer optional and is forced + on; the Exim user can, by default, no longer use -C/-D and retain privilege. + Two new build options mitigate this. + + * TRUSTED_CONFIG_LIST defines a file containing a whitelist of config + files that are trusted to be selected by the Exim user; one per line. + This is the recommended approach going forward. + + * WHITELIST_D_MACROS defines a colon-separated list of macro names which + the Exim run-time user may safely pass without dropping privileges. + Because changes to this involve a recompile, this is not the recommended + approach but may ease transition. The values of the macros, when + overriden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ + + * The system_filter_user option now defaults to the Exim run-time user, + rather than root. You can still set it explicitly to root and this + can be done with prior versions too, letting you roll versions + without needing to change this configuration option. + + * ClamAV must be at least version 0.95 unless WITH_OLD_CLAMAV_STREAM is + defined at build time. + + +Exim version 4.70 +----------------- + +1. Experimental Yahoo! Domainkeys support has been dropped in this release. +It has been superceded by a native implementation of its successor DKIM. + +2. Up to version 4.69, Exim came with an embedded version of the PCRE library. +As of 4.70, this is no longer the case. To compile Exim, you will need PCRE +installed. Most OS distributions have ready-made library and develoment +packages. + + +Exim version 4.68 +----------------- + +1. The internal implementation of the database keys that are used for ACL +ratelimiting has been tidied up. This means that an update to 4.68 might cause +Exim to "forget" previous rates that it had calculated, and reset them to zero. + + +Exim version 4.64 +----------------- + +1. Callouts were setting the name used for EHLO/HELO from $smtp_active_ +hostname. This is wrong, because it relates to the incoming message (and +probably the interface on which it is arriving) and not to the outgoing +callout (which could be using a different interface). This has been +changed to use the value of the helo_data option from the smtp transport +instead - this is what is used when a message is actually being sent. If +there is no remote transport (possible with a router that sets up host +addresses), $smtp_active_hostname is used. This change is mentioned here in +case somebody is relying on the use of $smtp_active_hostname. + +2. A bug has been fixed that might just possibly be something that is relied on +in some configurations. In expansion items such as ${if >{xxx}{yyy}...} an +empty string (that is {}) was being interpreted as if it was {0} and therefore +treated as the number zero. From release 4.64, such strings cause an error +because a decimal number, possibly followed by K or M, is required (as has +always been documented). + +3. There has been a change to the GnuTLS support (ChangeLog/PH/20) to improve +Exim's performance. Unfortunately, this has the side effect of being slightly +non-upwards compatible for versions 4.50 and earlier. If you are upgrading from +one of these earlier versions and you use GnuTLS, you must remove the file +called gnutls-params in Exim's spool directory. If you don't do this, you will +see this error: + + TLS error on connection from ... (DH params import): Base64 decoding error. + +Removing the file causes Exim to recompute the relevant encryption parameters +and cache them in the new format that was introduced for release 4.51 (May +2005). If you are upgrading from release 4.51 or later, there should be no +problem. + + +Exim version 4.63 +----------------- + +When an SMTP error message is specified in a "message" modifier in an ACL, or +in a :fail: or :defer: message in a redirect router, Exim now checks the start +of the message for an SMTP error code. This consists of three digits followed +by a space, optionally followed by an extended code of the form n.n.n, also +followed by a space. If this is the case and the very first digit is the same +as the default error code, the code from the message is used instead. If the +very first digit is incorrect, a panic error is logged, and the default code is +used. This is an incompatible change, but it is not expected to affect many (if +any) configurations. It is possible to suppress the use of the supplied code in +a redirect router by setting the smtp_error_code option false. In this case, +any SMTP code is quietly ignored. + + +Exim version 4.61 +----------------- + +1. The default number of ACL variables of each type has been increased to 20, +and it's possible to compile Exim with more. You can safely upgrade to this +release if you already have messages on the queue with saved ACL variable +values. However, if you downgrade from this release with messages on the queue, +any saved ACL values they may have will be lost. + +2. The default value for rfc1413_query_timeout has been changed from 30s to 5s. + + +Exim version 4.54 +----------------- + +There was a problem with 4.52/TF/02 in that a "name=" option on control= +submission terminated at the next slash, thereby not allowing for slashes in +the name. This has been changed so that "name=" takes the rest of the string as +its data. It must therefore be the last option. + + +Version 4.53 +------------ + +If you are using the experimental Domain Keys support, you must upgrade to +at least libdomainkeys 0.67 in order to run this release of Exim. + + +Version 4.51 +------------ + +1. The format in which GnuTLS parameters are cached (in the file gnutls-params +in the spool directory) has been changed. The new format can also be generated +externally, so it is now possible to update the values from outside Exim. This +has been implemented in an upwards, BUT NOT downwards, compatible manner. +Upgrading should be seamless: when Exim finds that it cannot understand an +existing cache file, it generates new parameters and writes them to the cache +in the new format. If, however, you downgrade from 4.51 to a previous release, +you MUST delete the gnutls-params file in the spool directory, because the +older Exim will not recognize the new format. + +2. When doing a callout as part of verifying an address, Exim was not paying +attention to any local part prefix or suffix that was matched by the router +that accepted the address. It now behaves in the same way as it does for +delivery: the affixes are removed from the local part unless +rcpt_include_affixes is set on the transport. If you have a configuration that +uses prefixes or suffixes on addresses that could be used for callouts, and you +want the affixes to be retained, you must make sure that rcpt_include_affixes +is set on the transport. + +3. Bounce and delay warning messages no longer contain details of delivery +errors, except for explicit messages (e.g. generated by :fail:) and SMTP +responses from remote hosts. + + Version 4.50 ------------ -The exicyclog script has been updated to use three-digit numbers in rotated log -files if the maximum number to keep is greater than 99. If you are already -keeping more than 99, there will be an incompatible change when you upgrade. -You will probably want to rename your old log files to the new form before -running the new exicyclog. The following script, by Mick Swisher, can do this -for you: - -# Begin conversion -# Rename all the old files by adding additional leading zeros. -count=99 -while [ $count -gt 0 ]; do -if [ $count -lt 100 ]; then newt=0$count; oldt=$count; fi -if [ $count -lt 10 ]; then newt=00$count; oldt=0$count; fi -if [ -f $mainlog.$oldt ]; then - $mv $mainlog.$oldt $mainlog.$newt -elif [ -f $mainlog.$oldt.$suffix ]; then - $mv $mainlog.$oldt.$suffix $mainlog.$newt.$suffix -fi -if [ -f $rejectlog.$oldt ]; then - $mv $rejectlog.$oldt $rejectlog.$newt -elif [ -f $rejectlog.$oldt.$suffix ]; then - $mv $rejectlog.$oldt.$suffix $rejectlog.$newt.$suffix -fi -count=`expr $count - 1` -done +The exicyclog script has been updated to use three-digit numbers in rotated log +files if the maximum number to keep is greater than 99. If you are already +keeping more than 99, there will be an incompatible change when you upgrade. +You will probably want to rename your old log files to the new form before +running the new exicyclog. Version 4.42