X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/df98a6ff2e70887890690ffbf8a8ad583d7d7e38..6ce1ece9cb2b13fdc4d235146fa98835811570bd:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c1bbf2636..45d126ccd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -5,6 +5,20 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.next +------------------- + +JH/01 Avoid costly startup code when not strictly needed. This reduces time + for some exim process initialisations. It does mean that the logging + of TLS configuration problems is only done for the daemon startup. + +JH/02 Early-pipelining support code is now included unless disabled in Makefile. + +JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to + RFC 8301. They can still be enabled, using the dkim_verify_hashes main + option. + + Exim version 4.93 ----------------- @@ -70,10 +84,10 @@ HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a systems which restrict the file name length to lower values. (It was "hdr.$pid".) -HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a +HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. -HS/02 Bug 2392: exigrep does case sensitive *option* processing (as it +HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. @@ -147,6 +161,51 @@ JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. +JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) + +JH/32 Introduce a general tainting mechanism for values read from the input + channel, and values derived from them. Refuse to expand any tainted + values, to catch one form of exploit. + +JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result + was unused and the unexpanded text used for the test. Found and + fixed by Ruben Jenster. + +JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, + an attempt to use a TLS library read routine dereffed a nul pointer, + causing a segfault. + +JH/35 Bug 2409: filter out-of-spec chars from callout response before using + them in our smtp response. + +JH/36 Have the general router option retry_use_local_part default to true when + any of the restrictive preconditions are set (to anything). Previously it + was only for check_local user. The change removes one item of manual + configuration which is required for proper retries when a remote router + handles a subset of addresses for a domain. + +JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file + link count into consideration. + +HS/04 Fix handling of very log lines in -H files. If a - line + caused the extension of big_buffer, the following lines were ignored. + +JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in + accordance with RFC 2308. Previously there was no expiry, so a longlived + receive process (eg. due to ACL delays) versus a short SOA value could + surprise. + +HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) + +JH/39 Promote DMARC support to mainline. + +JH/40 Bug 2452: Add a References: header to DSNs. + +JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman + parameters. The relevant library call is documented as "Deprecated: This + function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since + 3.6.0, DH parameters are negotiated following RFC7919." + Exim version 4.92 -----------------