X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=doc%2Fdoc-txt%2FChangeLog;h=d3b3609f3621a715b01e095746f9d8bedb8223df;hp=0ce7c8371e1cbafaf7c09b76f41e4c69ccc5efc9;hb=867fcbf59a53d5acbab505bc7670e7d0c29dbc94;hpb=9bd3e22c092714394142075994e403fc3ce3f6c6 diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 0ce7c8371..d3b3609f3 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,23 +1,341 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.602 2010/03/05 16:03:59 nm4 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.632 2010/06/12 15:21:25 jetmore Exp $ Change log file for Exim from version 4.21 ------------------------------------------- +Exim version 4.77 +----------------- + +PP/01 Solaris build fix for Oracle's LDAP libraries. + Bugzilla 1109, patch from Stephen Usher. + + +Exim version 4.76 +----------------- + +PP/01 The new ldap_require_cert option would segfault if used. Fixed. + +PP/02 Harmonised TLS library version reporting; only show if debugging. + Layout now matches that introduced for other libraries in 4.74 PP/03. + +PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 + +PP/04 New "dns_use_edns0" global option. + +PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. + Bugzilla 1098. + +PP/06 Extra paranoia around buffer usage at the STARTTLS transition. + nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 + +TK/01 Updated PolarSSL code to 0.14.2. + Bugzilla 1097. Patch from Andreas Metzler. + +PP/07 Catch divide-by-zero in ${eval:...}. + Fixes bugzilla 1102. + +PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed. + Bugzilla 1104. + +TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a + format-string attack -- SECURITY: remote arbitrary code execution. + +TK/03 SECURITY - DKIM signature header parsing was double-expanded, second + time unintentionally subject to list matching rules, letting the header + cause arbitrary Exim lookups (of items which can occur in lists, *not* + arbitrary string expansion). This allowed for information disclosure. + +PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to + INT_MIN/-1 -- value coerced to INT_MAX. + + +Exim version 4.75 +----------------- + +NM/01 Workround for PCRE version dependency in version reporting + Bugzilla 1073 + +TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0. + This fixes portability to compilers other than gcc, notably + Solaris CC and HP-UX CC. Fixes Bugzilla 1050. + +TF/02 Bugzilla 139: Avoid using the += operator in the modular lookup + makefiles for portability to HP-UX and POSIX correctness. + +PP/01 Permit LOOKUP_foo enabling on the make command-line. + Also via indented variable definition in the Makefile. + (Debugging by Oliver Heesakkers). + +PP/02 Restore caching of spamd results with expanded spamd_address. + Patch from author of expandable spamd_address patch, Wolfgang Breyha. + +PP/03 Build issue: lookups-Makefile now exports LC_ALL=C + Improves build reliability. Fix from: Frank Elsner + +NM/02 Fix wide character breakage in the rfc2047 coding + Fixes bug 1064. Patch from Andrey N. Oktyabrski + +NM/03 Allow underscore in dnslist lookups + Fixes bug 1026. Patch from Graeme Fowler + +PP/04 Bugzilla 230: Support TLS-enabled LDAP (in addition to ldaps). + Code patches from Adam Ciarcinski of NetBSD. + +NM/04 Fixed exiqgrep to cope with mailq missing size issue + Fixes bug 943. + +PP/05 Bugzilla 1083: when lookup expansion defers, escape the output which + is logged, to avoid truncation. Patch from John Horne. + +PP/06 Bugzilla 1042: implement freeze_signal on pipe transports. + Patch from Jakob Hirsch. + +PP/07 Bugzilla 1061: restrict error messages sent over SMTP to not reveal + SQL string expansion failure details. + Patch from Andrey Oktyabrski. + +PP/08 Bugzilla 486: implement %M datestamping in log filenames. + Patch from Simon Arlott. + +PP/09 New lookups functionality failed to compile on old gcc which rejects + extern declarations in function scope. + Patch from Oliver Fleischmann + +PP/10 Use sig_atomic_t for flags set from signal handlers. + Check getgroups() return and improve debugging. + Fixed developed for diagnosis in bug 927 (which turned out to be + a kernel bug). + +PP/11 Bugzilla 1055: Update $message_linecount for maildir_tag. + Patch from Mark Zealey. + +PP/12 Bugzilla 1056: Improved spamd server selection. + Patch from Mark Zealey. + +PP/13 Bugzilla 1086: Deal with maildir quota file races. + Based on patch from Heiko Schlittermann. + +PP/14 Bugzilla 1019: DKIM multiple signature generation fix. + Patch from Uwe Doering, sign-off by Michael Haardt. + +NM/05 Fix to spam.c to accommodate older gcc versions which dislike + variable declaration deep within a block. Bug and patch from + Dennis Davis. + +PP/15 lookups-Makefile IRIX compatibilty coercion. + +PP/16 Make DISABLE_DKIM build knob functional. + +NM/06 Bugzilla 968: child_open_uid: restore default SIGPIPE handler + Patch by Simon Arlott + +TF/03 Fix valgrind.h portability to C89 compilers that do not support + variable argument macros. Our copy now differs from upstream. + + +Exim version 4.74 +----------------- + +TF/01 Failure to get a lock on a hints database can have serious + consequences so log it to the panic log. + +TF/02 Log LMTP confirmation messages in the same way as SMTP, + controlled using the smtp_confirmation log selector. + +TF/03 Include the error message when we fail to unlink a spool file. + +DW/01 Bugzilla 139: Support dynamically loaded lookups as modules. + With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux + for maintaining out-of-tree patches for some time. + +PP/01 Bugzilla 139: Documentation and portability issues. + Avoid GNU Makefile-isms, let Exim continue to build on BSD. + Handle per-OS dynamic-module compilation flags. + +PP/02 Let /dev/null have normal permissions. + The 4.73 fixes were a little too stringent and complained about the + permissions on /dev/null. Exempt it from some checks. + Reported by Andreas M. Kirchwitz. + +PP/03 Report version information for many libraries, including + Exim version information for dynamically loaded libraries. Created + version.h, now support a version extension string for distributors + who patch heavily. Dynamic module ABI change. + +PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a + privilege escalation vulnerability whereby the Exim run-time user + can cause root to append content of the attacker's choosing to + arbitrary files. + +PP/05 Bugzilla 1041: merged DCC maintainer's fixes for return code. + (Wolfgang Breyha) + +PP/06 Bugzilla 1071: fix delivery logging with untrusted macros. + If dropping privileges for untrusted macros, we disabled normal logging + on the basis that it would fail; for the Exim run-time user, this is not + the case, and it resulted in successful deliveries going unlogged. + Fixed. Reported by Andreas Metzler. + + +Exim version 4.73 +----------------- + +PP/01 Date: & Message-Id: revert to normally being appended to a message, + only prepend for the Resent-* case. Fixes regression introduced in + Exim 4.70 by NM/22 for Bugzilla 607. + +PP/02 Include check_rfc2047_length in configure.default because we're seeing + increasing numbers of administrators be bitten by this. + +JJ/01 Added DISABLE_DKIM and comment to src/EDITME + +PP/03 Bugzilla 994: added openssl_options main configuration option. + +PP/04 Bugzilla 995: provide better SSL diagnostics on failed reads. + +PP/05 Bugzilla 834: provide a permit_coredump option for pipe transports. + +PP/06 Adjust NTLM authentication to handle SASL Initial Response. + +PP/07 If TLS negotiated an anonymous cipher, we could end up with SSL but + without a peer certificate, leading to a segfault because of an + assumption that peers always have certificates. Be a little more + paranoid. Problem reported by Martin Tscholak. + +PP/08 Bugzilla 926: switch ClamAV to use the new zINSTREAM API for content + filtering; old API available if built with WITH_OLD_CLAMAV_STREAM=yes + NB: ClamAV planning to remove STREAM in "middle of 2010". + CL also introduces -bmalware, various -d+acl logging additions and + more caution in buffer sizes. + +PP/09 Implemented reverse_ip expansion operator. + +PP/10 Bugzilla 937: provide a "debug" ACL control. + +PP/11 Bugzilla 922: Documentation dusting, patch provided by John Horne. + +PP/12 Bugzilla 973: Implement --version. + +PP/13 Bugzilla 752: Refuse to build/run if Exim user is root/0. + +PP/14 Build without WITH_CONTENT_SCAN. Path from Andreas Metzler. + +PP/15 Bugzilla 816: support multiple condition rules on Routers. + +PP/16 Add bool_lax{} expansion operator and use that for combining multiple + condition rules, instead of bool{}. Make both bool{} and bool_lax{} + ignore trailing whitespace. + +JJ/02 prevent non-panic DKIM error from being sent to paniclog + +JJ/03 added tcp_wrappers_daemon_name to allow host entries other than + "exim" to be used + +PP/17 Fix malware regression for cmdline scanner introduced in PP/08. + Notification from Dr Andrew Aitchison. + +PP/18 Change ClamAV response parsing to be more robust and to handle ClamAV's + ExtendedDetectionInfo response format. + Notification from John Horne. + +PP/19 OpenSSL 1.0.0a compatibility const-ness change, should be backwards + compatible. + +PP/20 Added a CONTRIBUTING file. Fixed the documentation build to use http: + XSL and documented dependency on system catalogs, with examples of how + it normally works. + +DW/21 Added Valgrind hooks in store.c to help it capture out-of-bounds store + access. + +DW/22 Bugzilla 1044: CVE-2010-4345 - partial fix: restrict default behaviour + of CONFIGURE_OWNER and CONFIGURE_GROUP options to no longer allow a + configuration file which is writeable by the Exim user or group. + +DW/23 Bugzilla 1044: CVE-2010-4345 - part two: extend checks for writeability + of configuration files to cover files specified with the -C option if + they are going to be used with root privileges, not just the default + configuration file. + +DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY + option (effectively making it always true). + +DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration + files to be used while preserving root privileges. + +DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure + that rogue child processes cannot use them. + +PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim + run-time user, instead of root. + +PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the + Exim run-time user without dropping privileges. + +DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the + result string, instead of calling string_vformat() twice with the same + arguments. + +DW/30 Allow TRUSTED_CONFIG_PREFIX_FILE only for Exim or CONFIGURE_OWNER, not + for other users. Others should always drop root privileges if they use + -C on the command line, even for a whitelisted configure file. + +DW/31 Turn TRUSTED_CONFIG_PREFIX_FILE into TRUSTED_CONFIG_FILE. No prefixes. + +NM/01 Fixed bug #1002 - Message loss when using multiple deliveries + + Exim version 4.72 ----------------- -JJ/01 installed exipick 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixed documentation bugs and typos +JJ/01 installed exipick 20100104.1, adding $max_received_linelength, + $data_path, and $header_path variables; fixed documentation bugs and + typos -JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow exipick to access non-standard spools, including the "frozen" queue (Finput) +JJ/02 installed exipick 20100222.0, added --input-dir and --finput to allow + exipick to access non-standard spools, including the "frozen" queue + (Finput) NM/01 Bugzilla 965: Support mysql stored procedures. Patch from Alain Williams +NM/02 Bugzilla 961: Spacing fix (syntax error) on Makefile directives for NetBSD + +NM/03 Bugzilla 955: Documentation fix for max_rcpts. + Patch from Andreas Metzler + +NM/04 Bugzilla 954: Fix for unknown responses from Dovecot authenticator. + Patch from Kirill Miazine + +NM/05 Bugzilla 671: Added umask to procmail example. + +JJ/03 installed exipick 20100323.0, fixing doc bug + +NM/06 Bugzilla 988: CVE-2010-2023 - prevent hardlink attack on sticky mail + directory. Notification and patch from Dan Rosenberg. + +TK/01 PDKIM: Upgrade PolarSSL files to upstream version 0.12.1. + +TK/02 Improve log output when DKIM signing operation fails. + +MH/01 Treat the transport option dkim_domain as a colon separated + list, not as a single string, and sign the message with each element, + omitting multiple occurences of the same signer. + +NM/07 Null terminate DKIM strings, Null initialise DKIM variable + Bugzilla 985, 986. Patch by Simon Arlott + +NM/08 Bugzilla 967. dnsdb DNS TXT record bug fix (DKIM-related) + Patch by Simon Arlott + +PP/01 Bugzilla 989: CVE-2010-2024 - work round race condition on + MBX locking. Notification from Dan Rosenberg. + Exim version 4.71 ----------------- -TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body +TK/01 Bugzilla 912: Fix DKIM segfault on empty headers/body. NM/01 Bugzilla 913: Documentation fix for gnutls_* options. @@ -36,7 +354,7 @@ TK/01 Added patch by Johannes Berg that expands the main option TK/02 Write list of recipients to X-Envelope-Sender header when building the mbox-format spool file for content scanning (suggested by Jakob - Hirsch) + Hirsch). TK/03 Added patch by Wolfgang Breyha that adds experimental DCC (http://www.dcc-servers.net/) support via dccifd. Activated by @@ -52,16 +370,16 @@ NM/01 Bugzilla 657: Embedded PCRE removed from the exim source tree. NM/02 Bugzilla 646: Removed unwanted C/R in Dovecot authenticator conversation. Added nologin parameter to request. - Patch contributed by Kirill Miazine + Patch contributed by Kirill Miazine. TF/01 Do not log submission mode rewrites if they do not change the address. TF/02 Bugzilla 662: Fix stack corruption before exec() in daemon.c. NM/03 Bugzilla 602: exicyclog now handles panic log, and creates empty - log files in place. Contributed by Roberto Lima + log files in place. Contributed by Roberto Lima. -NM/04 Bugzilla 667: close socket used by dovecot authenticator +NM/04 Bugzilla 667: Close socket used by dovecot authenticator. TF/03 Bugzilla 615: When checking the local_parts router precondition after a local_part_suffix or local_part_prefix option, Exim now @@ -69,14 +387,14 @@ TF/03 Bugzilla 615: When checking the local_parts router precondition contains cached lookups for the whole local part. NM/05 Bugzilla 521: Integrated SPF Best Guess support contributed by - Robert Millan. Documentation is in experimental-spec.txt + Robert Millan. Documentation is in experimental-spec.txt. TF/04 Bugzilla 668: Fix parallel build (make -j). -NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000 +NM/05.2 Bugzilla 437: Prevent Maildir aux files being created with mode 000. NM/05.3 Bugzilla 598: Improvement to Dovecot authenticator handling. - Patch provided by Jan Srzednicki + Patch provided by Jan Srzednicki. TF/05 Leading white space used to be stripped from $spam_report which wrecked the formatting. Now it is preserved. @@ -93,95 +411,96 @@ TF/09 Produce a more useful error message if an SMTP transport's hosts setting expands to an empty string. NM/06 Bugzilla 744: EXPN did not work under TLS. - Patch provided by Phil Pennock + Patch provided by Phil Pennock. NM/07 Bugzilla 769: Extraneous comma in usage fprintf - Patch provided by Richard Godbee + Patch provided by Richard Godbee. NM/08 Fixed erroneous documentation references to smtp_notquit_acl to be acl_smtp_notquit, added index entry. -NM/09 Bugzilla 787: Potential buffer overflow in string_format - Patch provided by Eugene Bujak +NM/09 Bugzilla 787: Potential buffer overflow in string_format. + Patch provided by Eugene Bujak. -NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to accept() - Patch provided by Maxim Dounin +NM/10 Bugzilla 770: Problem on some platforms modifying the len parameter to + accept(). Patch provided by Maxim Dounin. NM/11 Bugzilla 749: Preserve old behaviour of blanks comparing equal to zero. - Patch provided by Phil Pennock + Patch provided by Phil Pennock. NM/12 Bugzilla 497: Correct behaviour of exiwhat when no config exists. NM/13 Bugzilla 590: Correct handling of Resent-Date headers. - Patch provided by Brad "anomie" Jorsch + Patch provided by Brad "anomie" Jorsch. NM/14 Bugzilla 622: Added timeout setting to transport filter. - Patch provided by Dean Brooks + Patch provided by Dean Brooks. TK/05 Add native DKIM support (does not depend on external libraries). NM/15 Bugzilla 854: Removed code that symlinks to pcre as its no longer useful. - Patch provided by Graeme Fowler + Patch provided by Graeme Fowler. NM/16 Bugzilla 851: Documentation example syntax fix. NM/17 Changed NOTICE file to remove references to embedded PCRE. -NM/18 Bugzilla 894: Fix issue with very long lines including comments in lsearch +NM/18 Bugzilla 894: Fix issue with very long lines including comments in + lsearch. -NM/19 Bugzilla 745: TLS version reporting - Patch provided by Phil Pennock +NM/19 Bugzilla 745: TLS version reporting. + Patch provided by Phil Pennock. -NM/20 Bugzilla 167: bool: condition support - Patch provided by Phil Pennock +NM/20 Bugzilla 167: bool: condition support. + Patch provided by Phil Pennock. -NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken clients - Patch provided by Phil Pennock +NM/21 Bugzilla 665: gnutls_compat_mode to allow compatibility with broken + clients. Patch provided by Phil Pennock. -NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date - Patch provided by Brad "anomie" Jorsch +NM/22 Bugzilla 607: prepend (not append) Resent-Message-ID and Resent-Date. + Patch provided by Brad "anomie" Jorsch. -NM/23 Bugzilla 687: Fix misparses in eximstats - Patch provided by Heiko Schlittermann +NM/23 Bugzilla 687: Fix misparses in eximstats. + Patch provided by Heiko Schlittermann. -NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid - Patch provided by Heiko Schlittermann +NM/24 Bugzilla 688: Fix exiwhat to handle log_selector = +pid. + Patch provided by Heiko Schlittermann. -NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file +NM/25 Bugzilla 727: Use transport mode as default mode for maildirsize file. plus update to original patch. -NM/26 Bugzilla 799: Documentation correction for ratelimit +NM/26 Bugzilla 799: Documentation correction for ratelimit. -NM/27 Bugzilla 802: Improvements to local interface IP addr detection - Patch provided by David Brownlee +NM/27 Bugzilla 802: Improvements to local interface IP addr detection. + Patch provided by David Brownlee. -NM/28 Bugzilla 807: Improvements to LMTP delivery logging +NM/28 Bugzilla 807: Improvements to LMTP delivery logging. -NM/29 Bugzilla 862, 866, 875: Documentation bugfixes +NM/29 Bugzilla 862, 866, 875: Documentation bugfixes. -NM/30 Bugzilla 888: TLS documentation bugfixes +NM/30 Bugzilla 888: TLS documentation bugfixes. -NM/31 Bugzilla 896: Dovecot buffer overrun fix +NM/31 Bugzilla 896: Dovecot buffer overrun fix. NM/32 Bugzilla 889: Change all instances of "expr" in shell scripts to "expr --" - Unlike the original bugzilla I have changed all shell scripts in src tree + Unlike the original bugzilla I have changed all shell scripts in src tree. -NM/33 Bugzilla 898: Transport filter timeout fix - Patch by Todd Rinaldo +NM/33 Bugzilla 898: Transport filter timeout fix. + Patch by Todd Rinaldo. -NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches - Patch by Serge Demonchaux +NM/34 Bugzilla 901: Fix sign/unsigned and UTF mistmatches. + Patch by Serge Demonchaux. -NM/35 Bugzilla 39: Base64 decode bug fixes - Patch by Jakob Hirsch +NM/35 Bugzilla 39: Base64 decode bug fixes. + Patch by Jakob Hirsch. -NM/36 Bugzilla 909: Correct connect() call in dcc code +NM/36 Bugzilla 909: Correct connect() call in dcc code. -NM/37 Bugzilla 910: Correct issue with relaxed/simple handling +NM/37 Bugzilla 910: Correct issue with relaxed/simple handling. -NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed +NM/38 Bugzilla 908: Removed NetBSD3 support as no longer needed. -NM/39 Bugzilla 911: Fixed MakeLinks build script +NM/39 Bugzilla 911: Fixed MakeLinks build script. Exim version 4.69 @@ -203,11 +522,11 @@ NM/01 Bugzilla 592: --help option is handled incorrectly if exim is invoked SC/01 Added the -bylocaldomain option to eximstats. -NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr +NM/02 Bugzilla 619: Defended against bad data coming back from gethostbyaddr. -NM/03 Bugzilla 613: Documentation fix for acl_not_smtp +NM/03 Bugzilla 613: Documentation fix for acl_not_smtp. -NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall) +NM/04 Bugzilla 628: PCRE update to 7.4 (work done by John Hall). Exim version 4.68