X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/9e0ed81fc2a821e60dd3235c4e5598ab45cfcc1e..3709254fd0fd46f0efa74fe85c80260958b9c51e:/doc/doc-txt/ChangeLog?ds=inline diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 5266cefc4..cf104e7f1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -169,6 +169,38 @@ JH/27 Fix SOCKS bug: an unitialized pointer was deref'd by the transport process JH/28 Logging: "next input sent too soon" now shows where input was truncated for log purposes. +JH/29 Fix queue_run_in_order to ignore the PID portion of the message ID. This + matters on fast-turnover and PID-randomising systems, which were getting + out-of-order delivery. + +JH/30 Fix a logging bug on aarch64: an unsafe routine was previously used for + a possibly-overlapping copy. The symptom was that "Remote host closed + connection in response to HELO" was logged instead of the actual 4xx + error for the HELO. + +JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error. + Previously only that bufferd was discarded, resulting in SYMTP command + desynchronisation. + +JH/32 DKIM: when a message has multiple signatures matching an identity given + in dkim_verify_signers, run the dkim acl once for each. Previously only + one run was done. Bug 2189. + +JH/33 Downgrade an unfound-list name (usually a typo in the config file) from + "panic the current process" to "deliberately defer". The panic log is + still written with the problem list name; the mail and reject logs now + get a temp-reject line for the message that was being handled, saying + something like "domains check lookup or other defer". The SMTP 451 + message is still "Temporary local problem". + +JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines. + A crafted sequence of BDAT commands could result in in-use memory beeing + freed. CVE-2017-16943. + +HS/03 Bug 2201: Fix checking for leading-dot on a line during headers reading + from SMTP input. Previously it was always done; now only done for DATA + and not BDAT commands. CVE-2017-16944. + Exim version 4.89 -----------------