b333d0b822
Exim version 4.93 ----------------- JH/01 OpenSSL: With debug enabled output keying information sufficient, server side, to decode a TLS 1.3 packet capture. JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets. Previously the default library behaviour applied, sending two, each in its own TCP segment. JH/03 Debug output for ACL now gives the config file name and line number for each verb. JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. JH/05 DKIM: ensure that dkim_domain elements are lowercased before use. JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible buffer overrun for (non-chunking) other transports. JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under TLS1.3, means that a server rejecting a client certificate is not visible to the client until the first read of encrypted data (typically the response to EHLO). Add detection for that case and treat it as a failed TLS connection attempt, so that the normal retry-in-clear can work (if suitably configured). JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part and/or domain. Found and fixed by Jason Betts. JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid configuration). If a CNAME target was not a wellformed name pattern, a crash could result. JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when the OS reports them interleaved with other addresses. JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was used both for input and for a verify callout, both encrypted, SMTP responses being sent by the server could be lost. This resulted in dropped connections and sometimes bounces generated by a peer sending to this system. JH/11 Harden plaintext authenticator against a badly misconfigured client-send string. Previously it was possible to cause undefined behaviour in a library routine (usually a crash). Found by "zerons". JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no output. JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old API was removed, so update to use the newer ones. JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without any timeout set, is taking a long time. Previously we would hang on to a rotated logfile "forever" if the input was arriving with long gaps (a previous attempt to fix addressed lack, for a long time, of initial input). HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. The length of the tempfile name is now 4 + 16 ("hdr.$message_exim_id") which might break on file systems which restrict the file name length to lower values. (It was "hdr.$pid".) HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a shared (NFS) environment. HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it did for all versions <4.90). Notably -M, -m, --invert, -I may be affected. JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors on some platforms for bit 31. JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks to changes apparently associated with TLS1.3 handling some of the APIs previously used were either nonfunctional or inappropriate. Strings like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 . This affects log line X= elements, the $tls_{in,out}_cipher variables, and the use of specific cipher names in the encrypted= ACL condition. JH/17 OpenSSL: the default openssl_options now disables ssl_v3. JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the verification result was not updated unless hosts_require_ocsp applied. JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option queue_list_requires_admin set to false, non-admin users were denied the facility. JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in directory-of-certs mode. Previously they were advertised despite the documentation. JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default. A single TCP connection by a client will now hold a TLS connection open for multiple message deliveries, by default. Previoud the default was to not do so. JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by default. If built with the facility, DANE will be used. The facility SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME". JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL must be defined and you must still, unless you define DISABLE_TLS, manage the the include-dir and library-file requirements that go with that choice. Non-TLS builds are still supported. JH/24 Fix duplicated logging of peer name/address, on a transport connection- reject under TFO. JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by default. If the platform supports and has the facility enabled, it will be requested on all coneections. JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now controlled by the build-time option SUPPORT_PIPE_CONNECT. PP/01 Unbreak heimdal_gssapi, broken in 4.92. JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for success-DSN messages. Previously the From: header was always the default one for these; the option was ignored. JH/28 Fix the timeout on smtp response to apply to the whole response. Previously it was reset for every read, so a teergrubing peer sending single bytes within the time limit could extend the connection for a long time. Credit to Qualsys Security Advisory Team for the discovery. JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing delivery address, which leaked information of the results of local forwarding. Change to the original envelope recipient address, per standards. JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is requested. Previously not bounce was generated and a log entry of error ignored was made. JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result was unused and the unexpanded text used for the test. Found and fixed by Ruben Jenster. JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault. JH/35 Bug 2409: filter out-of-spec chars from callout response before using them in our smtp response. JH/36 Have the general router option retry_use_local_part default to true when any of the restrictive preconditions are set (to anything). Previously it was only for check_local user. The change removes one item of manual configuration which is required for proper retries when a remote router handles a subset of addresses for a domain. JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file link count into consideration. HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line caused the extension of big_buffer, the following lines were ignored. JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in accordance with RFC 2308. Previously there was no expiry, so a longlived receive process (eg. due to ACL delays) versus a short SOA value could surprise. HS/05 Handle trailing backslash gracefully. (CVE-2019-15846) JH/39 Promote DMARC support to mainline. JH/40 Bug 2452: Add a References: header to DSNs. JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman parameters. The relevant library call is documented as "Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919." HS/06 Change the default of dnssec_request_domains to "*" JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we carried on and emitted a BDAT command, even when PIPELINING was not active. JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; recommended to avoid a possible server-load attack. The feature can be re-enabled via the openssl_options main cofiguration option. JH/45 local_scan API: documented the current smtp_printf() call. This changed for version 4.90 - adding a "more data" boolean to the arguments. Bumped the ABI version number also, this having been missed previously; release versions 4.90 to 4.92.3 inclusive were effectively broken in respect of usage of smtp_printf() by either local_scan code or libraries accessed via the ${dlfunc } expansion item. Both will need coding adjustment for any calls to smtp_printf() to match the new function signature; a FALSE value for the new argument is always safe. JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating the file-offset (which the Linux syscall does, and exim expects); this resulted in an indefinite loop. JH/47 ARC: fix crash in signing, triggered when a configuration error failed to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item. |
||
---|---|---|
.. | ||
files | ||
patches | ||
DESCR | ||
distinfo | ||
Makefile | ||
MESSAGE | ||
options.mk | ||
PLIST | ||
PLIST.eximon |