From: Phil Pennock Date: Sun, 1 Jan 2017 04:22:22 +0000 (-0500) Subject: Merge remote-tracking branch 'github/pr/50' X-Git-Tag: exim-4_89_RC1~50 X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/4c57a40e227ea6585cf1dd4bef37fbb15e1f7e35?hp=--cc Merge remote-tracking branch 'github/pr/50' GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called ldap_start_tls_s on ldapi:// connections. This is obviously a correct change, since above we've avoiding initializing the TLS state if using ldapi. Added documentation noting this behaviour. --- 4c57a40e227ea6585cf1dd4bef37fbb15e1f7e35 diff --cc doc/doc-docbook/spec.xfpt index 769b9e1c9,769b9e1c9..465a30525 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@@ -15293,6 -15293,6 +15293,9 @@@ connecting on a regular LDAP port. Thi of SSL-on-connect. In the event of failure to negotiate TLS, the action taken is controlled by &%ldap_require_cert%&. ++.new ++This option is ignored for &`ldapi`& connections. ++.wen .option ldap_version main integer unset diff --cc doc/doc-txt/ChangeLog index 5427392b9,5427392b9..7e02d30bc --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@@ -4,16 -4,16 +4,22 @@@ This document describes *changes* to pr affect Exim's operation, with an unchanged configuration file. For new options, and new features, see the NewStuff file next to this ChangeLog. ++ Exim version 4.89 ------------------- ++ JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules than -2003 did; needs libidn2 in addition to linidn. JH/02 The path option on a pipe transport is now expanded before use. ++PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections. ++ Patch provided by "Björn", documentation fix added too. ++ Exim version 4.88 ----------------- ++ JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination supports it and a size is available (ie. the sending peer gave us one). @@@ -152,11 -152,11 +158,12 @@@ HS/03 Use "auto" as the default EC curv fallback to "prime256v1". JH/34 SECURITY: Use proper copy of DATA command in error message. -- Could leak key material. Remotely explaoitable. CVE-2016-9963. ++ Could leak key material. Remotely exploitable. CVE-2016-9963. Exim version 4.87 ----------------- ++ JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16 and 3.4.4 - once the server is enabled to respond to an OCSP request it does even when not requested, resulting in a stapling non-aware @@@ -353,9 -353,9 +360,9 @@@ JH/48 Bug 1807: Fix ${extract } for th extraction. Accept either. -- Exim version 4.86 ----------------- ++ JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now expanded. @@@ -478,6 -478,6 +485,7 @@@ HS/03 Add perl_taintmode main config op Exim version 4.85 ----------------- ++ TL/01 When running the test suite, the README says that variables such as no_msglog_check are global and can be placed anywhere in a specific test's script, however it was observed that placement needed to be near