X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/b2335c0b21d064f660e593112f8c349e48414c9f..54e7ce4ad20a6977ee895a358259122bf3630090:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 295e91723..e6684b4e3 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,22 +1,340 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.575 2009/10/19 11:47:43 nm4 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.632 2010/06/12 15:21:25 jetmore Exp $ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.76 +----------------- + +PP/01 The new ldap_require_cert option would segfault if used. Fixed. + +PP/02 Harmonised TLS library version reporting; only show if debugging. + Layout now matches that introduced for other libraries in 4.74 PP/03. + +PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 + +PP/04 New "dns_use_edns0" global option. + +PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. + Bugzilla 1098. + +PP/06 Extra paranoia around buffer usage at the STARTTLS transition. + nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 + +PP/07 Catch divide-by-zero in ${eval:...}. + Fixes bugzilla 1102. + + +Exim version 4.75 +----------------- + +NM/01 Workround for PCRE version dependency in version reporting + Bugzilla 1073 + +TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0. + This fixes portability to compilers other than gcc, notably + Solaris CC and HP-UX CC. Fixes Bugzilla 1050. + +TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup + makefiles for portability to HP-UX and POSIX correctness. + +PP/01 Permit LOOKUP_foo enabling on the make command-line. + Also via indented variable definition in the Makefile. + (Debugging by Oliver Heesakkers). + +PP/02 Restore caching of spamd results with expanded spamd_address. + Patch from author of expandable spamd_address patch, Wolfgang Breyha. + +PP/03 Build issue: lookups-Makefile now exports LC_ALL=C + Improves build reliability. Fix from: Frank Elsner + +NM/02 Fix wide character breakage in the rfc2047 coding + Fixes bug 1064. Patch from Andrey N. Oktyabrski + +NM/03 Allow underscore in dnslist lookups + Fixes bug 1026. Patch from Graeme Fowler + +PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps). + Code patches from Adam Ciarcinski of NetBSD. + +NM/04 Fixed exiqgrep to cope with mailq missing size issue + Fixes bug 943. + +PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which + is logged, to avoid truncation. Patch from John Horne. + +PP/06 Bugzilla 1042: implement freeze_signal on pipe transports. + Patch from Jakob Hirsch. + +PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal + SQL string expansion failure details. + Patch from Andrey Oktyabrski. + +PP/08 Bugzilla 486: implement %M datestamping in log filenames. + Patch from Simon Arlott. + +PP/09 New lookups functionality failed to compile on old gcc which rejects + extern declarations in function scope. + Patch from Oliver Fleischmann + +PP/10 Use sig_atomic_t for flags set from signal handlers. + Check getgroups() return and improve debugging. + Fixed developed for diagnosis in bug 927 (which turned out to be + a kernel bug). + +PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag. + Patch from Mark Zealey. + +PP/12 Bugzilla 1056: Improved spamd server selection. + Patch from Mark Zealey. + +PP/13 Bugzilla 1086: Deal with maildir quota file races. + Based on patch from Heiko Schlittermann. + +PP/14 Bugzilla 1019: DKIM multiple signature generation fix. + Patch from Uwe Doering, sign-off by Michael Haardt. + +NM/05 Fix to spam.c to accommodate older gcc versions which dislike + variable declaration deep within a block. Bug and patch from + Dennis Davis. + +PP/15 lookups-Makefile IRIX compatibilty coercion. + +PP/16 Make DISABLE_DKIM build knob functional. + +NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler + Patch by Simon Arlott + +TF/03 Fix valgrind.h portability to C89 compilers that do not support + variable argument macros. Our copy now differs from upstream. + + +Exim version 4.74 +----------------- + +TF/01 Failure to get a lock on a hints database can have serious + consequences so log it to the panic log. + +TF/02 Log LMTP confirmation messages in the same way as SMTP, + controlled using the smtp_confirmation log selector. + +TF/03 Include the error message when we fail to unlink a spool file. + +DW/01 Bugzilla 139: Support dynamically loaded lookups as modules. + With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux + for maintaining out-of-tree patches for some time. + +PP/01 Bugzilla 139: Documentation and portability issues. + Avoid GNU Makefile-isms, let Exim continue to build on BSD. + Handle per-OS dynamic-module compilation flags. + +PP/02 Let /dev/null have normal permissions. + The 4.73 fixes were a little too stringent and complained about the + permissions on /dev/null. Exempt it from some checks. + Reported by Andreas M. Kirchwitz. + +PP/03 Report version information for many libraries, including + Exim version information for dynamically loaded libraries. Created + version.h, now support a version extension string for distributors + who patch heavily. Dynamic module ABI change. + +PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a + privilege escalation vulnerability whereby the Exim run-time user + can cause root to append content of the attacker's choosing to + arbitrary files. + +PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code. + (Wolfgang Breyha) + +PP/06 Bugzilla 1071: fix delivery logging with untrusted macros. + If dropping privileges for untrusted macros, we disabled normal logging + on the basis that it would fail; for the Exim run-time user, this is not + the case, and it resulted in successful deliveries going unlogged. + Fixed. Reported by Andreas Metzler. + + +Exim version 4.73 +----------------- + +PP/01 Date: & Message-Id: revert to normally being appended to a message, + only prepend for the Resent-* case. Fixes regression introduced in + Exim 4.70 by NM/22 for Bugzilla 607. + +PP/02 Include check_rfc2047_length in configure.default because we're seeing + increasing numbers of administrators be bitten by this. + +JJ/01 Added DISABLE_DKIM and comment to src/EDITME + +PP/03 Bugzilla 994: added openssl_options main configuration option. + +PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. + +PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports. + +PP/06 Adjust NTLM authentication to handle SASL Initial Response. + +PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but + without a peer certificate, leading to a segfault because of an + assumption that peers always have certificates. Be a little more + paranoid. Problem reported by Martin Tscholak. + +PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content + filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes + NB: ClamAV planning to remove STREAM in "middle of 2010". + CL also introduces -bmalware, various -d+acl logging additions and + more caution in buffer sizes. + +PP/09 Implemented reverse_ip expansion operator. + +PP/10 Bugzilla 937: provide a "debug" ACL control. + +PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne. + +PP/12 Bugzilla 973: Implement --version. + +PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0. + +PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler. + +PP/15 Bugzilla 816: support multiple condition rules on Routers. + +PP/16 Add bool_lax{} expansion operator and use that for combining multiple + condition rules, instead of bool{}. Make both bool{} and bool_lax{} + ignore trailing whitespace. + +JJ/02 prevent non-panic DKIM error from being sent to paniclog + +JJ/03 added tcp_wrappers_daemon_name to allow host entries other than + "exim" to be used + +PP/17 Fix malware regression for cmdline scanner introduced in PP/08. + Notification from Dr Andrew Aitchison. + +PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's + ExtendedDetectionInfo response format. + Notification from John Horne. + +PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards + compatible. + +PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http: + XSL and documented dependency on system catalogs, with examples of how + it normally works. + +DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store + access. + +DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour + of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a + configuration file which is writeable by the Exim user or group. + +DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability + of configuration files to cover files specified with the -C option if + they are going to be used with root privileges, not just the default + configuration file. + +DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY + option (effectively making it always true). + +DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration + files to be used while preserving root privileges. + +DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure + that rogue child processes cannot use them. + +PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim + run-time user, instead of root. + +PP/28 Add WHITELIST_D_MACROS option to let some macros be overriden by the + Exim run-time user without dropping privileges. + +DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the + result string, instead of calling string_vformat() twice with the same + arguments. + +DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not + for other users. Others should always drop root privileges if they use + -C on the command line, even for a whitelisted configure file. + +DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes. + +NM/01 Fixed bug #1002 - Message loss when using multiple deliveries + + +Exim version 4.72 +----------------- + +JJ/01 installed exipick 20100104.1, adding $max_received_linelength, + $data_path, and $header_path variables; fixed documentation bugs and + typos + +JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow + exipick to access non-standard spools, including the "frozen" queue + (Finput) + +NM/01 Bugzilla 965: Support mysql stored procedures. + Patch from Alain Williams + +NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD + +NM/03 Bugzilla 955: Documentation fix for max_rcpts. + Patch from Andreas Metzler + +NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator. + Patch from Kirill Miazine + +NM/05 Bugzilla 671: Added umask to procmail example. + +JJ/03 installed exipick 20100323.0, fixing doc bug + +NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail + directory. Notification and patch from Dan Rosenberg. + +TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1. + +TK/02 Improve log output when DKIM signing operation fails. + +MH/01 Treat the transport option dkim_domain as a colon separated + list, not as a single string, and sign the message with each element, + omitting multiple occurences of the same signer. + +NM/07 Null terminate DKIM strings, Null initialise DKIM variable + Bugzilla 985, 986. Patch by Simon Arlott + +NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related) + Patch by Simon Arlott + +PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on + MBX locking. Notification from Dan Rosenberg. + + +Exim version 4.71 +----------------- + +TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body. + +NM/01 Bugzilla 913: Documentation fix for gnutls_* options. + +NM/02 Bugzilla 722: Documentation for randint. Better randomness defaults. + +NM/03 Bugzilla 847: Enable DNSDB lookup by default. + +NM/04 Bugzilla 915: Flag broken perl installation during build. + + Exim version 4.70 ----------------- TK/01 Added patch by Johannes Berg that expands the main option - "spamd_servers" if it starts with a dollar sign. + "spamd_address" if it starts with a dollar sign. TK/02 Write list of recipients to X-Envelope-Sender header when building the mbox-format spool file for content scanning (suggested by Jakob - Hirsch) + Hirsch). TK/03 Added patch by Wolfgang Breyha that adds experimental DCC (http://www.dcc-servers.net/) support via dccifd. Activated by - setting EXPERIMENTAL_DCC=yes in Local/Makefile. Check out - experimental_spec.txt for more documentation. + setting EXPERIMENTAL_DCC=yes in Local/Makefile. TK/04 Bugzilla 673: Add f-protd malware scanner support. Patch submitted by Mark Daniel Reidel . @@ -28,16 +346,16 @@ NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree. NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator conversation. Added nologin parameter to request. - Patch contributed by Kirill Miazine + Patch contributed by Kirill Miazine. TF/01 Do not log submission mode rewrites if they do not change the address. TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c. NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty - log files in place. Contributed by Roberto Lima + log files in place. Contributed by Roberto Lima. -NM/04 Bugzilla 667: close socket used by dovecot authenticator +NM/04 Bugzilla 667: Close socket used by dovecot authenticator. TF/03 Bugzilla 615: When checking the local_parts router precondition after a local_part_suffix or local_part_prefix option, Exim now @@ -45,14 +363,14 @@ TF/03 Bugzilla 615: When checking the local_parts router precondition contains cached lookups for the whole local part. NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by - Robert Millan. Documentation is in experimental-spec.txt + Robert Millan. Documentation is in experimental-spec.txt. TF/04 Bugzilla 668: Fix parallel build (make -j). -NM/05 Bugzilla 437: Prevent Maildix aux files being created with mode 000 +NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000. -NM/05 Bugzilla 598: Improvement to Dovecot authenticator handling. - Patch provided by Jan Srzednicki +NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling. + Patch provided by Jan Srzednicki. TF/05 Leading white space used to be stripped from $spam_report which wrecked the formatting. Now it is preserved. @@ -69,59 +387,96 @@ TF/09 Produce a more useful error message if an SMTP transport's hosts setting expands to an empty string. NM/06 Bugzilla 744: EXPN did not work under TLS. - Patch provided by Phil Pennock + Patch provided by Phil Pennock. NM/07 Bugzilla 769: Extraneous comma in usage fprintf - Patch provided by Richard Godbee + Patch provided by Richard Godbee. NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be acl_smtp_notquit, added index entry. -NM/09 Bugzilla 787: Potential buffer overflow in string_format - Patch provided by Eugene Bujak +NM/09 Bugzilla 787: Potential buffer overflow in string_format. + Patch provided by Eugene Bujak. -NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to accept() - Patch provided by Maxim Dounin +NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to + accept(). Patch provided by Maxim Dounin. NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero. - Patch provided by Phil Pennock + Patch provided by Phil Pennock. NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists. NM/13 Bugzilla 590: Correct handling of Resent-Date headers. - Patch provided by Brad "anomie" Jorsch + Patch provided by Brad "anomie" Jorsch. NM/14 Bugzilla 622: Added timeout setting to transport filter. - Patch provided by Dean Brooks + Patch provided by Dean Brooks. TK/05 Add native DKIM support (does not depend on external libraries). NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful. - Patch provided by Graeme Fowler + Patch provided by Graeme Fowler. NM/16 Bugzilla 851: Documentation example syntax fix. NM/17 Changed NOTICE file to remove references to embedded PCRE. -NM/18 Bugzilla 894: Fix issue with very long lines including comments in lsearch +NM/18 Bugzilla 894: Fix issue with very long lines including comments in + lsearch. + +NM/19 Bugzilla 745: TLS version reporting. + Patch provided by Phil Pennock. + +NM/20 Bugzilla 167: bool: condition support. + Patch provided by Phil Pennock. + +NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken + clients. Patch provided by Phil Pennock. + +NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date. + Patch provided by Brad "anomie" Jorsch. + +NM/23 Bugzilla 687: Fix misparses in eximstats. + Patch provided by Heiko Schlittermann. + +NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid. + Patch provided by Heiko Schlittermann. + +NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file. + plus update to original patch. + +NM/26 Bugzilla 799: Documentation correction for ratelimit. + +NM/27 Bugzilla 802: Improvements to local interface IP addr detection. + Patch provided by David Brownlee. + +NM/28 Bugzilla 807: Improvements to LMTP delivery logging. + +NM/29 Bugzilla 862, 866, 875: Documentation bugfixes. + +NM/30 Bugzilla 888: TLS documentation bugfixes. + +NM/31 Bugzilla 896: Dovecot buffer overrun fix. + +NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" + Unlike the original bugzilla I have changed all shell scripts in src tree. + +NM/33 Bugzilla 898: Transport filter timeout fix. + Patch by Todd Rinaldo. -NM/19 Bugzilla 745: TLS version reporting - Patch provided by Phil Pennock +NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches. + Patch by Serge Demonchaux. -NM/20 Bugzilla 167: bool: condition support - Patch provided by Phil Pennock +NM/35 Bugzilla 39: Base64 decode bug fixes. + Patch by Jakob Hirsch. -NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken clients - Patch provided by Phil Pennock +NM/36 Bugzilla 909: Correct connect() call in dcc code. -NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date - Patch provided by Brad "anomie" Jorsch +NM/37 Bugzilla 910: Correct issue with relaxed/simple handling. -NM/23 Bugzilla 687: Fix misparses in eximstats - Patch provided by Heiko Schlittermann +NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed. -NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid - Patch provided by Heiko Schlittermann +NM/39 Bugzilla 911: Fixed MakeLinks build script. Exim version 4.69 @@ -143,11 +498,11 @@ NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked SC/01 Added the -bylocaldomain option to eximstats. -NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr +NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr. -NM/03 Bugzilla 613: Documentation fix for acl_not_smtp +NM/03 Bugzilla 613: Documentation fix for acl_not_smtp. -NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall) +NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall). Exim version 4.68