X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/d4eb88df5bdd76827decfbaed23341ba775fa03e..00f00ca5c40d7deec2a8eddb9153b47830554b83:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 03a41b4dd..04b87509b 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,10 +1,9 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.22 2004/11/11 11:40:36 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.70 2005/01/13 16:15:52 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- - -Exim version 4.44 +Exim version 4.50 ----------------- 1. Minor wording change to the doc/README.SIEVE file. @@ -86,6 +85,238 @@ Exim version 4.44 since this list is usually IP addresses). A host name is now passed as "[x.x.x.x]". +24. Changed the calls that set up the SIGCHLD handler in the daemon to use the + code that specifies a non-restarting handler (typically sigaction() in + modern systems) in an attempt to fix a rare and obscure crash bug. + +25. Narrowed the window for a race in the daemon that could cause it to ignore + SIGCHLD signals. This is not a major problem, because they are used only to + wake it up if nothing else does. + +26. A malformed maildirsize file could cause Exim to calculate negative values + for the mailbox size or file count. Odd effects could occur as a result. + The maildirsize information is now recalculated if the size or filecount + end up negative. + +27. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this + support for a long time. Removed HAVE_SYS_VFS_H. + +28. Installed the latest version of exipick from John Jetmore. + +29. In an address list, if the pattern was not a regular expression, an empty + subject address (from a bounce message) matched only if the pattern was an + empty string. Non-empty patterns were not even tested. This was the wrong + because it is perfectly reasonable to use an empty address as part of a + database query. An empty address is now tested by patterns that are + lookups. However, all the other forms of pattern expect the subject to + contain a local part and a domain, and therefore, for them, an empty + address still always fails if the pattern is not itself empty. + +30. Exim went into a mad DNS loop when attempting to do a callout where the + host was specified on an smtp transport, and looking it up yielded more + than one IP address. + +31. Re-factored the code for checking spool and log partition space into a + function that finds that data and another that does the check. The former + is then used to implement four new variables: $spool_space, $log_space, + $spool_inodes, and $log_inodes. + +32. The RFC2047 encoding function was originally intended for short strings + such as real names; it was not keeping to the 75-character limit for + encoded words that the RFC imposes. It now respects the limit, and + generates multiple encoded words if necessary. To be on the safe side, I + have increased the buffer size for the ${rfc2047: expansion operator from + 1024 to 2048 bytes. + +33. It is now permitted to omit both strings after an "if" condition; if the + condition is true, the result is "true". As before, when the second string + is omitted, a false condition yields an empty string. This makes it less + cumbersome to write custom ACL and router conditions. + +34. Failure to deliver a bounce message always caused it to be frozen, even if + there was an errors_to setting on the router. The errors_to setting is now + respected. + +35. If an IPv6 address is given for -bh or -bhc, it is now converted to the + canonical form (fully expanded) before being placed in + $sender_host_address. + +36. The table in the code that translates DNS record types into text (T_A to + "A" for instance) was missing entries for NS and CNAME. It is just possible + that this could have caused confusion if both these types were looked up + for the same domain, because the text type is used as part of Exim's + per-process caching. But the chance of anyone hitting this buglet seems + very small. + +37. The dnsdb lookup has been extended in a number of ways. + + (1) There is a new type, "zns", which walks up the domain tree until it + finds some nameserver records. It should be used with care. + + (2) There is a new type, "mxh", which is like "mx" except that it returns + just the host names, not the priorities. + + (3) It is now possible to give a list of domains (or IP addresses) to be + looked up. The behaviour when one of the lookups defers can be + controlled by a keyword. + + (4) It is now possible to specify the separator character for use when + multiple records are returned. + +38. The dnslists ACL condition has been extended: it is now possible to supply + a list of IP addresses and/or domains to be looked up in a particular DNS + domain. + +39. Added log_selector=+queue_time_overall. + +40. When running the queue in the test harness, wait just a tad after forking a + delivery process, to get repeatability of debugging output. + +41. Include certificate and key file names in error message when GnuTLS fails + to set them up, because the GnuTLS error message doesn't include the name + of the failing file when there is a problem reading it. + +42. Allow both -bf and -bF in the same test run. + +43. Did the same fix as 41 above for OpenSSL, which had the same infelicity. + +44. The "Exiscan patch" is now merged into the mainline Exim source. + +45. Sometimes the final signoff response after QUIT could fail to get + transmitted in the non-TLS case. Testing !tls_active instead of tls_active + < 0 before doing a fflush(). This bug looks as though it goes back to the + introduction of TLS in release 3.20, but "sometimes" must have been rare + because the tests only now provoked it. + +46. Reset the locale to "C" after calling embedded Perl, in case it was changed + (this can affect the format of dates). + +47. exim_tidydb, when checking for the continued existence of a message for + which it has found a message-specific retry record, was not finding + messages that were in split spool directories. Consequently, it was + deleting retry records that should have stayed in existence. + +48. Steve fixed some bugs in eximstats. + +49. The SPA authentication driver was not abandoning authentication and moving + on to the next authenticator when an expansion was forced to fail, + contradicting the general specification for all authenticators. Instead it + was generating a temporary error. It now behaves as specified. + +50. The default ordering of permitted cipher suites for GnuTLS was pessimal + (the order specifies the preference for clients). The order is now AES256, + AES128, 3DES, ARCFOUR128. + +51. Small patch to Sieve code - explicitly set From: when generating an + autoreply. + +52. Exim crashed if a remote delivery caused a very long error message to be + recorded - for instance if somebody sent an entire SpamAssassin report back + as a large number of 550 error lines. This bug was coincidentally fixed by + increasing the size of one of Exim's internal buffers (big_buffer) that + happened as part of the Exiscan merge. However, to be on the safe side, I + have made the code more robust (and fixed the comments that describe what + is going on). + +53. Now that there can be additional text after "Completed" in log lines (if + the queue_time_overall log selector is set), a one-byte patch to exigrep + was needed to allow it to recognize "Completed" as not the last thing in + the line. + +54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A + patch that reportedly fixes this has been added. I am not expert enough to + create a test for it. This is what the patch creator wrote: + + "I found a little strange behaviour of ldap code when working with + Windows 2003 AD Domain, where users was placed in more than one + Organization Units. When I tried to give exim partial DN, the exit code + of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE. + But simultaneously result of request was absolutely normal ldap result, + so I produce this patch..." + + Later: it seems that not all versions of LDAP support LDAP_RES_SEARCH_ + REFERENCE, so I have modified the code to exclude the patch when that macro + is not defined. + +55. Some experimental protocols are using DNS PTR records for new purposes. The + keys for these records are domain names, not reversed IP addresses. The + dnsdb PTR lookup now tests whether its key is an IP address. If not, it + leaves it alone. Component reversal etc. now happens only for IP addresses. + +56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. + +57. Double the size of the debug message buffer (to 2048) so that more of very + long debug lines gets shown. + +58. The exicyclog utility now does better if the number of log files to keep + exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02... + +59. Two changes related to the smtp_active_hostname option: + + (1) $smtp_active_hostname is now available as a variable. + (2) The default for smtp_banner uses $smtp_active_hostname instead + of $primary_hostname. + +60. The host_aton() function is supposed to be passed a string that is known + to be a valid IP address. However, in the case of IPv6 addresses, it was + not checking this. This is a hostage to fortune. Exim now panics and dies + if the condition is not met. A case was found where this could be provoked + from a dnsdb PTR lookup with an IPv6 address that had more than 8 + components; fortuitously, this particular loophole had already been fixed + by change 4.50/55 above. + + If there are any other similar loopholes, the new check in host_aton() + itself should stop them being exploited. The report I received stated that + data on the command line could provoke the exploit when Exim was running as + exim, but did not say which command line option was involved. All I could + find was the use of -be with a bad dnsdb PTR lookup, and in that case it is + running as the user. + +61. There was a buffer overflow vulnerability in the SPA authentication code + (which came originally from the Samba project). I have added a test to the + spa_base64_to_bits() function which I hope fixes it. + +62. Configuration update for GNU/Hurd and variations. Updated Makefile-GNU and + os.h-GNU, and added configuration files for GNUkFreeBSD and GNUkNetBSD. + +63. The daemon start-up calls getloadavg() while still root for those OS that + need the first call to be done as root, but it missed one case: when + deliver_queue_load_max is set with deliver_drop_privilege. This is + necessary for the benefit of the queue runner, because there is no re-exec + when deliver_drop_privilege is set. + +64. A call to exiwhat cut short delays set up by "delay" modifiers in ACLs. + This has been fixed. + +65. Caching of lookup data for "hosts =" ACL conditions, when a named host list + was in use, was not putting the data itself into the right store pool; + consequently, it could be overwritten for a subsequent message in the same + SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked + the caching.) + +66. Added hosts_max_try_hardlimit to the smtp transport, default 50. + +67. The string_is_ip_address() function returns 0, 4, or 6, for "no an IP + address", "IPv4 address", and "IPv6 address", respectively. Some calls of + the function were treating the return as a boolean value, which happened to + work because 0=false and not-0=true, but is not correct code. + +68. The host_aton() function was not handling scoped IPv6 addresses (those + with, for example, "%eth0" on the end) correctly. + +69. Fixed some compiler warnings in acl.c for the bitmaps specified with + negated items (that is, ~something) in unsigned ints. Some compilers + apparently mutter when there is no cast. + +70. If an address verification called from an ACL failed, and did not produce a + user-specific message (i.e. there was only a "system" message), nothing was + put in $acl_verify_message. In this situation, it now puts the system + message there. + +71. Change 4.23/11 added synchronization checking at the start of an SMTP + session; change 4.31/43 added the unwanted input to the log line - except + that it did not do this in the start of session case. It now does. + Exim version 4.43 -----------------