X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/ea18931d9b1e9b73b699a2f3eb661d70b7f52fab..2577f55f69b29e2aa23e8c1a67795b1403aa4ba2:/doc/doc-txt/ChangeLog diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 79510ff4f..a30c71ae3 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -5,6 +5,45 @@ affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. +Exim version 4.91 +----------------- + +JH/01 Replace the store_release() internal interface with store_newblock(), + which internalises the check required to safely use the old one, plus + the allocate and data copy operations duplicated in both (!) of the + extant use locations. + +JH/02 Disallow '/' characters in queue names specified for the "queue=" ACL + modifier. This matches the restriction on the commandline. + +JH/03 Fix pgsql lookup for multiple result-tuples with a single column. + Previously only the last row was returned. + +JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously + we assumed that tags in the header were well-formed, and parsed the + element content after inspecting only the first char of the tag. + Assumptions at that stage could crash the receive process on malformed + input. + +JH/05 Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL. + While running the DKIM ACL we operate on the Permanent memory pool so that + variables created with "set" persist to the DATA ACL. Also (at any time) + DNS lookups that fail create cache records using the Permanent pool. But + expansions release any allocations made on the current pool - so a dnsdb + lookup expansion done in the DKIM ACL releases the memory used for the + DNS negative-cache, and bad things result. Solution is to switch to the + Main pool for expansions. + While we're in that code, add checks on the DNS cache during store_reset, + active in the testsuite. + Problem spotted, and debugging aided, by Wolfgang Breyha. + +JH/06 Fix issue with continued-connections when the DNS shifts unreliably. + When none of the hosts presented to a transport match an already-open + connection, close it and proceed with the list. Previously we would + queue the message. Spotted by Lena with Yahoo, probably involving + round-robin DNS. + + Exim version 4.90 ----------------- @@ -160,6 +199,52 @@ JH/26 Fix DKIM bug: when the pseudoheader generated for signing was exactly line, the header hash was calculated to an incorrect value thanks to the (relaxed) space the fold became. +HS/02 Fix Bug 2130: large writes from the transport subprocess where chunked + and confused the parent. + +JH/27 Fix SOCKS bug: an unitialized pointer was deref'd by the transport process + which could crash as a result. This could lead to undeliverable messages. + +JH/28 Logging: "next input sent too soon" now shows where input was truncated + for log purposes. + +JH/29 Fix queue_run_in_order to ignore the PID portion of the message ID. This + matters on fast-turnover and PID-randomising systems, which were getting + out-of-order delivery. + +JH/30 Fix a logging bug on aarch64: an unsafe routine was previously used for + a possibly-overlapping copy. The symptom was that "Remote host closed + connection in response to HELO" was logged instead of the actual 4xx + error for the HELO. + +JH/31 Fix CHUNKING code to properly flush the unwanted chunk after an error. + Previously only that bufferd was discarded, resulting in SYMTP command + desynchronisation. + +JH/32 DKIM: when a message has multiple signatures matching an identity given + in dkim_verify_signers, run the dkim acl once for each. Previously only + one run was done. Bug 2189. + +JH/33 Downgrade an unfound-list name (usually a typo in the config file) from + "panic the current process" to "deliberately defer". The panic log is + still written with the problem list name; the mail and reject logs now + get a temp-reject line for the message that was being handled, saying + something like "domains check lookup or other defer". The SMTP 451 + message is still "Temporary local problem". + +JH/34 Bug 2199: Fix a use-after-free while reading smtp input for header lines. + A crafted sequence of BDAT commands could result in in-use memory beeing + freed. CVE-2017-16943. + +HS/03 Bug 2201: Fix checking for leading-dot on a line during headers reading + from SMTP input. Previously it was always done; now only done for DATA + and not BDAT commands. CVE-2017-16944. + +JH/35 Bug 2201: Flush received data in BDAT mode after detecting an error fatal + to the message (such as an overlong header line). Previously this was + not done and we did not exit BDAT mode. Followon from the previous item + though a different problem. + Exim version 4.89 -----------------