X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=inline;f=doc%2Fdoc-txt%2FChangeLog;h=45834756b1a5b7be528452e4bc2d2f131aeaa30b;hb=f0ff270537676f8473bad957e81746731fc3fd03;hp=2ca0f7e00db532379923f0b8dc4952fe0b3f2bf8;hpb=1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2ca0f7e00..45834756b 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -50,6 +50,58 @@ JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible API changes in libopendmarc. +JH/12 Bug 2930: Fix daemon startup. When started from any process apart from + pid 1, in the normal "background daemon" mode, having to drop process- + group leadership also lost track of needing to create listener sockets. + +JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96 + resulted in the variable appearing empty. Find and fix by Ruben Jenster. + +JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96 + a capture group which obtained no text (eg. "(abc)*" matching zero + occurrences) could cause a segfault if the corresponding $ was + expanded. + +JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument + included a close-brace character (eg. it itself used an expansion) an + error occurred. + +JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports, + starting TLS. Previously it was after, meaning that attackers on such + ports had to be screened using the host_reject_connection main config + option. The new sequence aligns better with the STARTTLS behaviour, and + permits defences against crypto-processing load attacks, even though it + is strictly an incompatible change. + Also, avoid sending any SMTP fail response for either the connect ACL + or host_reject_connection, for TLS-on-connect ports. + +JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL, + Previously this was not permitted, but it makes reasonable sense. + While there, restore a restriction on using it from a connect ACL; given + the change JH/16 it could only return false (and before 4.91 was not + permitted). + +JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line + was exactly sized compared to the log buffer, a crash occurred with the + misleading message "bad memory reference; pool not found". + Found and traced by Jasen Betts. + +JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option + dns_again_means_nonexist included an element causing a DNS lookup which + iteslf returned DNS_AGAIN, unbounded recursion occurred. Possible results + included (though probably not limited to) a process crash from stack + memory limit, or from excessive open files. Replace this with a paniclog + whine (as this is likely a configuration error), and returning + DNS_NOMATCH. + +JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously + this always failed, probably leading to the usual downgrade to in-clear + connections. + +JH/20 Fix TLSA lookups. Previously dns_again_means_nonexist would affect + SERVFAIL results, which breaks the downgrade resistance of DANE. Change + to not checking that list for these looks. + Exim version 4.96 -----------------