X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=doc%2Fdoc-txt%2FChangeLog;h=158871bed1d9550376bb9b37a7ff1b6a64b2fec8;hb=fc55624df0c1956b7b6b4ae35605a6b95704d022;hp=f9a14b678df39b82c4c1ab84a6624023b7ff4f65;hpb=87abcb247b4444bab5fd0bcb212ddb26d5fd9191;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f9a14b678..158871bed 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -17,6 +17,9 @@ JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets. JH/03 Debug output for ACL now gives the config file name and line number for each verb. +HS/01 Fix handling of very log lines in -H files. If a - + line caused the extension of big_buffer, the following lines where + ignored. JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause. @@ -128,10 +131,51 @@ JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now controlled by the build-time option SUPPORT_PIPE_CONNECT. PP/01 Unbreak heimdal_gssapi, broken in 4.92. + JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for success-DSN messages. Previously the From: header was always the default one for these; the option was ignored. +JH/28 Fix the timeout on smtp response to apply to the whole response. + Previously it was reset for every read, so a teergrubing peer sending + single bytes within the time limit could extend the connection for a + long time. Credit to Qualsys Security Advisory Team for the discovery. + +JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing + delivery address, which leaked information of the results of local + forwarding. Change to the original envelope recipient address, per + standards. + +JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is + requested. Previously not bounce was generated and a log entry of + error ignored was made. + +JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917) + +JH/32 Introduce a general tainting mechanism for values read from the input + channel, and values derived from them. Refuse to expand any tainted + values, to catch one form of exploit. + +JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result + was unused and the unexpanded text used for the test. Found and + fixed by Ruben Jenster. + +JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, + an attempt to use a TLS library read routine dereffed a nul pointer, + causing a segfault. + +JH/35 Bug 2409: filter out-of-spec chars from callout response before using + them in our smtp response. + +JH/36 Have the general router option retry_use_local_part default to true when + any of the restrictive preconditions are set (to anything). Previously it + was only for check_local user. The change removes one item of manual + configuration which is required for proper retries when a remote router + handles a subset of addresses for a domain. + +JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file + link count into consideration. + Exim version 4.92 -----------------