36437ec4c1
Exim version 4.94 ----------------- JH/01 Avoid costly startup code when not strictly needed. This reduces time for some exim process initialisations. It does mean that the logging of TLS configuration problems is only done for the daemon startup. JH/02 Early-pipelining support code is now included unless disabled in Makefile. JH/03 DKIM verification defaults no long accept sha1 hashes, to conform to RFC 8301. They can still be enabled, using the dkim_verify_hashes main option. JH/04 Support CHUNKING from an smtp transport using a transport_filter, when DKIM signing is being done. Previously a transport_filter would always disable CHUNKING, falling back to traditional DATA. JH/05 Regard command-line receipients as tainted. JH/06 Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM. JH/07 Bug 2489: Fix crash in the "pam" expansion condition. It seems that the PAM library frees one of the arguments given to it, despite the documentation. Therefore a plain malloc must be used. JH/08 Bug 2491: Use tainted buffers for the transport smtp context. Previously on-stack buffers were used, resulting in a taint trap when DSN information copied from a received message was written into the buffer. JH/09 Bug 2493: Harden ARC verify against Outlook, whick has been seen to mix the ordering of its ARC headers. This caused a crash. JH/10 Bug 2492: Use tainted memory for retry record when needed. Previously when a new record was being constructed with information from the peer, a trap was taken. JH/11 Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive installation would get error messages from DMARC verify, when it hit the nonexistent file indicated by the default. Distros wanting DMARC enabled should both provide the file and set the option. Also enforce no DMARC verification for command-line sourced messages. JH/12 Fix an uninitialised flag in early-pipelining. Previously connections could, depending on the platform, hang at the STARTTLS response. JH/13 Bug 2498: Reset a counter used for ARC verify before handling another message on a connection. Previously if one message had ARC headers and the following one did not, a crash could result when adding an Authentication-Results: header. JH/14 Bug 2500: Rewind some of the common-coding in string handling between the Exim main code and Exim-related utities. The introduction of taint tracking also did many adjustments to string handling. Since then, eximon frequently terminated with an assert failure. JH/15 When PIPELINING, synch after every hundred or so RCPT commands sent and check for 452 responses. This slightly helps the inefficieny of doing a large alias-expansion into a recipient-limited target. The max_rcpt transport option still applies (and at the current default, will override the new feature). The check is done for either cause of synch, and forces a fast-retry of all 452'd recipients using a new MAIL FROM on the same connection. The new facility is not tunable at this time. JH/16 Fix the variables set by the gsasl authenticator. Previously a pointer to library live data was being used, so the results became garbage. Make copies while it is still usable. JH/17 Logging: when the deliver_time selector ise set, include the DT= field on delivery deferred (==) and failed (**) lines (if a delivery was attemtped). Previously it was only on completion (=>) lines. JH/18 Authentication: the gsasl driver not provides the $authN variables in time for the expansion of the server_scram_iter and server_scram_salt options. WB/01 SPF: DNS lookups for the obsolete SPF RR type done by the libspf2 library are now specifically given a NO_DATA response without hitting the system resolver. The library goes on to do the now-standard TXT lookup. Use of dnsdb lookups is not affected. JH/19 Bug 2507: Modules: on handling a dynamic-module (lookups) open failure, only retrieve the errormessage once. Previously two calls to dlerror() were used, and the second one (for mainlog/paniclog) retrieved null information. JH/20 Taint checking: disallow use of tainted data for - the appendfile transport file and directory options - the pipe transport command - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it adjusted the size of a major service buffer; this failed because the buffer was in use at the time. Change to a compile-time increase in the buffer size, when this authenticator is compiled into exim. JH/22 Taint-checking: move to safe-mode taint checking on all platforms. The previous fast-mode was untenable in the face of glibs using mmap to support larger malloc requests. PP/01 Update the openssl_options possible values through OpenSSL 1.1.1c. New values supported, if defined on system where compiled: allow_no_dhe_kex, cryptopro_tlsext_bug, enable_middlebox_compat, no_anti_replay, no_encrypt_then_mac, prioritize_chacha, tlsext_padding JH/23 Performance improvement in the initial phase of a two-pass queue run. By running a limited number of proceses in parallel, a benefit is gained. The amount varies with the platform hardware and load. The use of the option queue_run_in_order means we cannot do this, as ordering becomes indeterminate. JH/24 Bug 2524: fix the cyrus_sasl auth driver gssapi usage. A previous fix had introduced a string-copy (for ensuring NUL-termination) which was not appropriate for that case, which can include embedded NUL bytes in the block of data. Investigation showed the copy to actually be needless, the data being length-specified. JH/25 Fix use of concurrent TLS connections under GnuTLS. When a callout was done during a receiving connection, and both used TLS, global info was used rather than per-connection info for tracking the state of data queued for transmission. This could result in a connection hang. JH/26 Fix use of the SIZE parameter on MAIL commands, on continued connections. Previously, when delivering serveral messages down a single connection only the first would provide a SIZE. This was due to the size information not being properly tracked. JH/27 Bug 2530: When operating in a timezone with sub-minute offset, such as TAI (at 37 seconds currently), pretend to be in UTC for time-related expansion and logging. Previously, spurious values such as a future minute could be seen. JH/28 Bug 2533: Fix expansion of ${tr } item. When called in some situations it could crash from a null-deref. This could also affect the ${addresses: } operator and ${readsock } item. JH/29 Bug 2537: Fix $mime_part_count. When a single connection had a non-mime message following a mime one, the variable was not reset. JH/30 When an pipelined-connect fails at the first response, assume incorrect cached capability (perhaps the peer reneged?) and immediately retry in non-pipelined mode. JH/31 Fix spurious detection of timeout while writing to transport filter. JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously an attempt to copy the string was made before checking it. JH/33 Fix the dsearch lookup to return an untainted result. Previously the taint of the lookup key was maintained; we now regard the presence in the filesystem as sufficient validation. JH/34 Fix the readsocket expansion to not segfault when an empty "options" argument is supplied. JH/35 The dsearch lookup now requires that the directory is an absolute path. Previously this was not checked, and nonempty relative paths made an access under Exim's current working directory. JH/36 Bug 2554: Fix msg:defer event for the hosts_max_try_hardlimit case. Previously no event was raised. JH/37 Bug 2552: Fix the check on spool space during reception to use the SIZE parameter supplied by the sender MAIL FROM command. Previously it was ignored, and only the check_spool_space option value for the required leeway checked. JH/38 Fix $dkim_key_length. This should, after a DKIM verification, present the size of the signing public-key. Previously it was instead giving the size of the signature hash. JH/39 DKIM verification: the RFC 8301 restriction on sizes of RSA keys is now the default. See the (new) dkim_verify_min_keysizes option. JH/40 Fix a memory-handling bug: when a connection carried multiple messages and an ACL use a lookup for checking either the local_part or domain, stale data could be accessed. Ensure that variable references are dropped between messages. JH/41 Bug 2571: Fix SPA authenticator. Running as a server, an offset supplied by the client was not checked as pointing within response data before being used. A malicious client could thus cause an out-of-bounds read and possibly gain authentication. Fix by adding the check. JH/42 Internationalisation: change the default for downconversion in the smtp transport to be "if needed". Previously it was "as previously set" for the message, which usually meant "if needed" for message-submission but "no" for everything else. However, MTAs have been seen using SMTPUTF8 even when the envelope addresses did not need it, resulting in forwarding failures to non-supporting MTAs. A downconvert in such cases will be a no-op on the addresses, merely dropping the use of SMTPUTF8 by the transport. The change does mean that addresses needing conversion will be converted when previously a delivery failure would occur. JH/43 Fix possible long line in DSN. Previously when a very long SMTP error response was received it would be used unchecked in a fail-DSN, violating standards on line-length limits. Truncate if needed. HS/01 Remove parameters of the link to www.open-spf.org. The linked form doesn't work. (Additionally add a new main config option to configure the spf_smtp_comment) |
||
---|---|---|
.. | ||
DESCR | ||
distinfo | ||
Makefile | ||
PLIST |