Opened 5 years ago
Closed 5 years ago
#11659 closed enhancement (fixed)
exim-4.92
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.4 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (4)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
comment:3 by , 5 years ago
Exim version 4.92
-----------------
JH/01 Remove code calling the customisable local_scan function, unless a new
definition "HAVE_LOCAL_SCAN=yes" is present in the Local/Makefile.
JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in
non-signal-safe functions being used.
JH/03 Bug 2269: When presented with a received message having a stupidly large
number of DKIM-Signature headers, disable DKIM verification to avoid
a resource-consumption attack. The limit is set at twenty.
JH/04 Add variables $arc_domains, $arc_oldest_pass for ARC verify. Fix the
report of oldest_pass in ${authres } in consequence, and separate out
some descriptions of reasons for verification fail.
JH/05 Bug 2273: Cutthrough delivery left a window where the received messsage
files in the spool were present and unlocked. A queue-runner could spot
them, resulting in a duplicate delivery. Fix that by doing the unlock
after the unlink. Investigation by Tim Stewart. Take the opportunity to
add more error-checking on spoolfile handling while that code is being
messed with.
PP/01 Refuse to open a spool data file (*-D) if it's a symlink.
No known attacks, no CVE, this is defensive hardening.
JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
a queue-runner could start a delivery while other operations were ongoing.
Cutthrough delivery was a common victim, resulting in duplicate delivery.
Found and investigated by Tim Stewart. Fix by using the open message data
file handle rather than opening another, and not locally closing it (which
releases a lock) for that case, while creating the temporary .eml format
file for the MIME ACL. Also applies to "regex" and "spam" ACL conditions.
JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
$sender_verify_failure/$recipient_verify_failure to "random".
JH/08 When generating a selfsigned cert, use serial number 1 since zero is not
legitimate.
JH/09 Bug 2274: Fix logging of cmdline args when starting in an unlinked cwd.
Previously this would segfault.
JH/10 Fix ARC signing for case when DKIM signing failed. Previously this would
segfault.
JH/11 Bug 2264: Exim now only follows CNAME chains one step by default. We'd
like zero, since the resolver should be doing this for us, But we need one
as a CNAME but no MX presence gets the CNAME returned; we need to check
that doesn't point to an MX to declare it "no MX returned" rather than
"error, loop". A new main option is added so the older capability of
following some limited number of chain links is maintained.
JH/12 Add client-ip info to non-pass iprev ${authres } lines.
JH/13 For receent Openssl versions (1.1 onward) use modern generic protocol
methods. These should support TLS 1.3; they arrived with TLS 1.3 and the
now-deprecated earlier definitions used only specified the range up to TLS
1.2 (in the older-version library docs).
JH/14 Bug 2284: Fix DKIM signing for body lines starting with a pair of dots.
JH/15 Rework TLS client-side context management. Stop using a global, and
explicitly pass a context around. This enables future use of TLS for
connections to service-daemons (eg. malware scanning) while a client smtp
connection is using TLS; with cutthrough connections this is quite likely.
JH/16 Fix ARC verification to do AS checks in reverse order.
JH/17 Support a "tls" option on the ${readsocket } expansion item.
JH/18 Bug 2287: Fix the protocol name (eg utf8esmtp) for multiple messages
using the SMTPUTF8 option on their MAIL FROM commands, in one connection.
Previously the "utf8" would be re-prepended for every additional message.
JH/19 Reject MAIL FROM commands with SMTPUTF8 when the facility was not advertised.
Previously thery were accepted, resulting in issues when attempting to
forward messages to a non-supporting MTA.
PP/02 Let -n work with printing macros too, not just options.
JH/20 Bug 2296: Fix cutthrough for >1 address redirection. Previously only
one parent address was copied, and bogus data was used at delivery-logging
time. Either a crash (after delivery) or bogus log data could result.
Discovery and analysis by Tim Stewart.
PP/03 Make ${utf8clean:} expansion operator detect incomplete final character.
Previously if the string ended mid-character, we did not insert the
promised '?' replacement.
PP/04 Documentation: current string operators work on bytes, not codepoints.
JH/21 Change as many as possible of the global flags into one-bit bitfields; these
should pack well giving a smaller memory footprint so better caching and
therefore performance. Group the declarations where this can't be done so
that the byte-sized flag variables are not interspersed among pointer
variables, giving a better chance of good packing by the compiler.
JH/22 Bug 1896: Fix the envelope from for DMARC forensic reports to be possibly
non-null, to avoid issues with sites running BATV. Previously reports were
sent with an empty envelope sender so looked like bounces.
JH/23 Bug 2318: Fix the noerror command within filters. It wasn't working.
The ignore_error flag wasn't being returned from the filter subprocess so
was not set for later routers. Investigation and fix by Matthias Kurz.
JH/24 Bug 2310: Raise a msg:fail:internal event for each undelivered recipient,
and a msg:complete for the whole, when a message is manually removed using
-Mrm. Developement by Matthias Kurz, hacked on by JH.
JH/25 Avoid fixed-size buffers for pathnames in DB access. This required using
a "Gnu special" function, asprintf() in the DB utility binary builds; I
hope that is portable enough.
JH/26 Bug 2311: Fix DANE-TA verification under GnuTLS. Previously it was also
requiring a known-CA anchor certificate; make it now rely entirely on the
TLSA as an anchor. Checking the name on the leaf cert against the name
on the A-record for the host is still done for TA (but not for EE mode).
JH/27 Fix logging of proxy address. Previously, a pointless "PRX=[]:0" would be
included in delivery lines for non-proxied connections, when compiled with
SUPPORT_SOCKS and running with proxy logging enabled.
JH/28 Bug 2314: Fire msg:fail:delivery event even when error is being ignored.
Developement by Matthias Kurz, tweaked by JH. While in that bit of code,
move the existing event to fire before the normal logging of message
failure so that custom logging is bracketed by normal logging.
JH/29 Bug 2322: A "fail" command in a non-system filter (file) now fires the
msg:fail:internal event. Developement by Matthias Kurz.
JH/30 Bug 2329: Increase buffer size used for dns lookup from 2k, which was
far too small for todays use of crypto signatures stored there. Go all
the way to the max DNS message size of 64kB, even though this might be
overmuch for IOT constrained device use.
JH/31 Fix a bad use of a copy function, which could be used to pointlessly
copy a string over itself. The library routine is documented as not
supporting overlapping copies, and on MacOS it actually raised a SIGABRT.
JH/32 For main options check_spool_space and check_inode_space, where the
platform supports 64b integers, support more than the previous 2^31 kB
(i.e. more than 2 TB). Accept E, P and T multipliers in addition to
the previous G, M, k.
JH/33 Bug 2338: Fix the cyrus-sasl authenticator to fill in the
$authenticated_fail_id variable on authentication failure. Previously
it was unset.
JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048. RHEL 8.0
OpenSSL didn't want to use such a weak key. Do for GnuTLS also, and for
more-modern GnuTLS move from GNUTLS_SEC_PARAM_LOW to
GNUTLS_SEC_PARAM_MEDIUM.
JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server
side. Previously we would continue as if no SNI had been received.
JH/36 Harden the handling of string-lists. When a list consisted of a sole
"<" character, which should be a list-separator specification, we walked
off past the nul-terimation.
JH/37 Bug 2341: Send "message delayed" warning MDNs (restricted to external
causes) even when the retry time is not yet met. Previously they were
not, meaning that when (say) an account was over-quota and temp-rejecting,
and multiple senders' messages were queued, only one sender would get
notified on each configured delay_warning cycle.
JH/38 Bug 2351: Log failures to extract envelope addresses from message headers.
JH/39 OpenSSL: clear the error stack after an SSL_accept(). With anon-auth
cipher-suites, an error can be left on the stack even for a succeeding
accept; this results in impossible error messages when a later operation
actually does fail.
AM/01 Bug 2359: GnuTLS: repeat lowlevel read and write operations while they
return error codes indicating retry. Under TLS1.3 this becomes required.
JH/40 Fix the feature-cache refresh for EXPERIMENTAL_PIPE_CONNECT. Previously
it only wrote the new authenticators, resulting in a lack of tracking of
peer changes of ESMTP extensions until the next cache flush.
JH/41 Fix the loop reading a message header line to check for integer overflow,
and more-often against header_maxsize. Previously a crafted message could
induce a crash of the recive process; now the message is cleanly rejected.
JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option. It had
been totally disabled for all of 4.91. Discovery and fix by "Mad Alex".
Note:
See TracTickets
for help on using tickets.
For documentation purposes, it's worth noting here that I had to add a line to the sed command.
The sed command that is in the book right now for configuring Exim itself isn't designed to handle the comment above the line for TLS, which causes a build failure because build-Linux-x86_64/Makefile gets a line not only without a comment but without any logical text.
Removing the line out of src/EDITME via 'sed -e '515,d' src/EDITME' fixes this.