X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=doc%2Fdoc-txt%2FChangeLog;h=ba8b15bfbcf19217098b2cd17902bec98670fc31;hb=c988f1f4faa9f679f79beddf3c14676c5dcb8e28;hp=c35a96f6568bc4b18108828045fb0b32863a3138;hpb=d6453af2c864d0bd57785f5f808bc366d6f18970;p=exim.git diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c35a96f65..ba8b15bfb 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,10 +1,9 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.42 2004/11/25 15:29:36 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.59 2004/12/29 10:55:58 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- - -Exim version 4.44 +Exim version 4.50 ----------------- 1. Minor wording change to the doc/README.SIEVE file. @@ -158,7 +157,8 @@ Exim version 4.44 just the host names, not the priorities. (3) It is now possible to give a list of domains (or IP addresses) to be - looked up. + looked up. The behaviour when one of the lookups defers can be + controlled by a keyword. (4) It is now possible to specify the separator character for use when multiple records are returned. @@ -180,6 +180,98 @@ Exim version 4.44 43. Did the same fix as 41 above for OpenSSL, which had the same infelicity. +44. The "Exiscan patch" is now merged into the mainline Exim source. + +45. Sometimes the final signoff response after QUIT could fail to get + transmitted in the non-TLS case. Testing !tls_active instead of tls_active + < 0 before doing a fflush(). This bug looks as though it goes back to the + introduction of TLS in release 3.20, but "sometimes" must have been rare + because the tests only now provoked it. + +46. Reset the locale to "C" after calling embedded Perl, in case it was changed + (this can affect the format of dates). + +47. exim_tidydb, when checking for the continued existence of a message for + which it has found a message-specific retry record, was not finding + messages that were in split spool directories. Consequently, it was + deleting retry records that should have stayed in existence. + +48. Steve fixed some bugs in eximstats. + +49. The SPA authentication driver was not abandoning authentication and moving + on to the next authenticator when an expansion was forced to fail, + contradicting the general specification for all authenticators. Instead it + was generating a temporary error. It now behaves as specified. + +50. The default ordering of permitted cipher suites for GnuTLS was pessimal + (the order specifies the preference for clients). The order is now AES256, + AES128, 3DES, ARCFOUR128. + +51. Small patch to Sieve code - explicitly set From: when generating an + autoreply. + +52. Exim crashed if a remote delivery caused a very long error message to be + recorded - for instance if somebody sent an entire SpamAssassin report back + as a large number of 550 error lines. This bug was coincidentally fixed by + increasing the size of one of Exim's internal buffers (big_buffer) that + happened as part of the Exiscan merge. However, to be on the safe side, I + have made the code more robust (and fixed the comments that describe what + is going on). + +53. Now that there can be additional text after "Completed" in log lines (if + the queue_time_overall log selector is set), a one-byte patch to exigrep + was needed to allow it to recognize "Completed" as not the last thing in + the line. + +54. The LDAP lookup was not handling a return of LDAP_RES_SEARCH_REFERENCE. A + patch that reportedly fixes this has been added. I am not expert enough to + create a test for it. This is what the patch creator wrote: + + "I found a little strange behaviour of ldap code when working with + Windows 2003 AD Domain, where users was placed in more than one + Organization Units. When I tried to give exim partial DN, the exit code + of ldap_search was unknown to exim because of LDAP_RES_SEARCH_REFERENCE. + But simultaneously result of request was absolutely normal ldap result, + so I produce this patch..." + +55. Some experimental protocols are using DNS PTR records for new purposes. The + keys for these records are domain names, not reversed IP addresses. The + dnsdb PTR lookup now tests whether its key is an IP address. If not, it + leaves it alone. Component reversal etc. now happens only for IP addresses. + +56. Improve error message when ldap_search() fails in OpenLDAP or Solaris LDAP. + +57. Double the size of the debug message buffer (to 2048) so that more of very + long debug lines gets shown. + +58. The exicyclog utility now does better if the number of log files to keep + exceeds 99. In this case, it numbers them 001, 002 ... instead of 01, 02... + +59. Two changes related to the smtp_active_hostname option: + + (1) $smtp_active_hostname is now available as a variable. + (2) The default for smtp_banner uses $smtp_active_hostname instead + of $primary_hostname. + +60. The host_aton() function is supposed to be passed a string that is known + to be a valid IP address. However, in the case of IPv6 addresses, it was + not checking this. This is a hostage to fortune. Exim now panics and dies + if the condition is not met. A case was found where this could be provoked + from a dnsdb PTR lookup with an IPv6 address that had more than 8 + components; fortuitously, this particular loophole had already been fixed + by change 4.50/55 above. + + If there are any other similar loopholes, the new check in host_aton() + itself should stop them being exploited. The report I received stated that + data on the command line could provoke the exploit when Exim was running as + exim, but did not say which command line option was involved. All I could + find was the use of -be with a bad dnsdb PTR lookup, and in that case it is + running as the user. + +61. There was a buffer overflow vulnerability in the SPA authentication code + (which came originally from the Samba project). I have added a test to the + spa_base64_to_bits() function which I hope fixes it. + Exim version 4.43 -----------------