Opened 3 years ago

Closed 3 years ago

#11659 closed enhancement (fixed)

exim-4.92

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: normal Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

For documentation purposes, it's worth noting here that I had to add a line to the sed command.

The sed command that is in the book right now for configuring Exim itself isn't designed to handle the comment above the line for TLS, which causes a build failure because build-Linux-x86_64/Makefile gets a line not only without a comment but without any logical text.

Removing the line out of src/EDITME via 'sed -e '515,d' src/EDITME' fixes this.

comment:3 by Douglas R. Reno, 3 years ago

Exim version 4.92
-----------------

JH/01 Remove code calling the customisable local_scan function, unless a new
      definition "HAVE_LOCAL_SCAN=yes" is present in the Local/Makefile.

JH/02 Bug 1007: Avoid doing logging from signal-handlers, as that can result in
      non-signal-safe functions being used.

JH/03 Bug 2269: When presented with a received message having a stupidly large
      number of DKIM-Signature headers, disable DKIM verification to avoid
      a resource-consumption attack.  The limit is set at twenty.

JH/04 Add variables $arc_domains, $arc_oldest_pass for ARC verify.  Fix the
      report of oldest_pass in ${authres } in consequence, and separate out
      some descriptions of reasons for verification fail.

JH/05 Bug 2273: Cutthrough delivery left a window where the received messsage
      files in the spool were present and unlocked.  A queue-runner could spot
      them, resulting in a duplicate delivery.  Fix that by doing the unlock
      after the unlink.  Investigation by Tim Stewart.  Take the opportunity to
      add more error-checking on spoolfile handling while that code is being
      messed with.

PP/01 Refuse to open a spool data file (*-D) if it's a symlink.
      No known attacks, no CVE, this is defensive hardening.

JH/06 Bug 2275: The MIME ACL unlocked the received message files early, and
      a queue-runner could start a delivery while other operations were ongoing.
      Cutthrough delivery was a common victim, resulting in duplicate delivery.
      Found and investigated by Tim Stewart.  Fix by using the open message data
      file handle rather than opening another, and not locally closing it (which
      releases a lock) for that case, while creating the temporary .eml format
      file for the MIME ACL.  Also applies to "regex" and "spam" ACL conditions.

JH/07 Bug 177: Make a random-recipient callout success visible in ACL, by setting
      $sender_verify_failure/$recipient_verify_failure to "random".

JH/08 When generating a selfsigned cert, use serial number 1 since zero is not
      legitimate.

JH/09 Bug 2274: Fix logging of cmdline args when starting in an unlinked cwd.
      Previously this would segfault.

JH/10 Fix ARC signing for case when DKIM signing failed.  Previously this would
      segfault.

JH/11 Bug 2264: Exim now only follows CNAME chains one step by default. We'd
      like zero, since the resolver should be doing this for us, But we need one
      as a CNAME but no MX presence gets the CNAME returned; we need to check
      that doesn't point to an MX to declare it "no MX returned" rather than
      "error, loop".  A new main option is added so the older capability of
      following some limited number of chain links is maintained.

JH/12 Add client-ip info to non-pass iprev ${authres } lines.

JH/13 For receent Openssl versions (1.1 onward) use modern generic protocol
      methods.  These should support TLS 1.3; they arrived with TLS 1.3 and the
      now-deprecated earlier definitions used only specified the range up to TLS
      1.2 (in the older-version library docs).

JH/14 Bug 2284: Fix DKIM signing for body lines starting with a pair of dots.

JH/15 Rework TLS client-side context management.  Stop using a global, and
      explicitly pass a context around.  This enables future use of TLS for
      connections to service-daemons (eg. malware scanning) while a client smtp
      connection is using TLS; with cutthrough connections this is quite likely.

JH/16 Fix ARC verification to do AS checks in reverse order.

JH/17 Support a "tls" option on the ${readsocket } expansion item.

JH/18 Bug 2287: Fix the protocol name (eg utf8esmtp) for multiple messages
      using the SMTPUTF8 option on their MAIL FROM commands, in one connection.
      Previously the "utf8" would be re-prepended for every additional message.

JH/19 Reject MAIL FROM commands with SMTPUTF8 when the facility was not advertised.
      Previously thery were accepted, resulting in issues when attempting to
      forward messages to a non-supporting MTA.

PP/02 Let -n work with printing macros too, not just options.

JH/20 Bug 2296: Fix cutthrough for >1 address redirection.  Previously only
      one parent address was copied, and bogus data was used at delivery-logging
      time.  Either a crash (after delivery) or bogus log data could result.
      Discovery and analysis by Tim Stewart.

PP/03 Make ${utf8clean:} expansion operator detect incomplete final character.
      Previously if the string ended mid-character, we did not insert the
      promised '?' replacement.

PP/04 Documentation: current string operators work on bytes, not codepoints.

JH/21 Change as many as possible of the global flags into one-bit bitfields; these
      should pack well giving a smaller memory footprint so better caching and
      therefore performance.  Group the declarations where this can't be done so
      that the byte-sized flag variables are not interspersed among pointer
      variables, giving a better chance of good packing by the compiler.

JH/22 Bug 1896: Fix the envelope from for DMARC forensic reports to be possibly
      non-null, to avoid issues with sites running BATV.  Previously reports were
      sent with an empty envelope sender so looked like bounces.

JH/23 Bug 2318: Fix the noerror command within filters.  It wasn't working.
      The ignore_error flag wasn't being returned from the filter subprocess so
      was not set for later routers.  Investigation and fix by Matthias Kurz.

JH/24 Bug 2310: Raise a msg:fail:internal event for each undelivered recipient,
      and a msg:complete for the whole, when a message is manually removed using
      -Mrm.  Developement by Matthias Kurz, hacked on by JH.

JH/25 Avoid fixed-size buffers for pathnames in DB access.  This required using
      a "Gnu special" function, asprintf() in the DB utility binary builds; I
      hope that is portable enough.

JH/26 Bug 2311: Fix DANE-TA verification under GnuTLS.  Previously it was also
      requiring a known-CA anchor certificate; make it now rely entirely on the
      TLSA as an anchor.  Checking the name on the leaf cert against the name
      on the A-record for the host is still done for TA (but not for EE mode).

JH/27 Fix logging of proxy address.  Previously, a pointless "PRX=[]:0" would be
      included in delivery lines for non-proxied connections, when compiled with
      SUPPORT_SOCKS and running with proxy logging enabled.

JH/28 Bug 2314: Fire msg:fail:delivery event even when error is being ignored.
      Developement by Matthias Kurz, tweaked by JH.  While in that bit of code,
      move the existing event to fire before the normal logging of message
      failure so that custom logging is bracketed by normal logging.

JH/29 Bug 2322: A "fail" command in a non-system filter (file) now fires the
      msg:fail:internal event.  Developement by Matthias Kurz.

JH/30 Bug 2329: Increase buffer size used for dns lookup from 2k, which was
      far too small for todays use of crypto signatures stored there.  Go all
      the way to the max DNS message size of 64kB, even though this might be
      overmuch for IOT constrained device use.

JH/31 Fix a bad use of a copy function, which could be used to pointlessly
      copy a string over itself.  The library routine is documented as not
      supporting overlapping copies, and on MacOS it actually raised a SIGABRT.

JH/32 For main options check_spool_space and check_inode_space, where the
      platform supports 64b integers, support more than the previous 2^31 kB
      (i.e. more than 2 TB).  Accept E, P and T multipliers in addition to
      the previous G, M, k.

JH/33 Bug 2338: Fix the cyrus-sasl authenticator to fill in the
      $authenticated_fail_id variable on authentication failure.  Previously
      it was unset.

JH/34 Increase RSA keysize of autogen selfsign cert from 1024 to 2048.  RHEL 8.0
      OpenSSL didn't want to use such a weak key.  Do for GnuTLS also, and for
      more-modern GnuTLS move from GNUTLS_SEC_PARAM_LOW to
      GNUTLS_SEC_PARAM_MEDIUM.

JH/35 OpenSSL: fail the handshake when SNI processing hits a problem, server
      side.  Previously we would continue as if no SNI had been received.

JH/36 Harden the handling of string-lists.  When a list consisted of a sole
      "<" character, which should be a list-separator specification, we walked
      off past the nul-terimation.

JH/37 Bug 2341: Send "message delayed" warning MDNs (restricted to external
      causes) even when the retry time is not yet met.  Previously they were
      not, meaning that when (say) an account was over-quota and temp-rejecting,
      and multiple senders' messages were queued, only one sender would get
      notified on each configured delay_warning cycle.

JH/38 Bug 2351: Log failures to extract envelope addresses from message headers.

JH/39 OpenSSL: clear the error stack after an SSL_accept().  With anon-auth
      cipher-suites, an error can be left on the stack even for a succeeding
      accept; this results in impossible error messages when a later operation
      actually does fail.

AM/01 Bug 2359: GnuTLS: repeat lowlevel read and write operations while they
      return error codes indicating retry.  Under TLS1.3 this becomes required.

JH/40 Fix the feature-cache refresh for EXPERIMENTAL_PIPE_CONNECT.  Previously
      it only wrote the new authenticators, resulting in a lack of tracking of
      peer changes of ESMTP extensions until the next cache flush.

JH/41 Fix the loop reading a message header line to check for integer overflow,
      and more-often against header_maxsize.  Previously a crafted message could
      induce a crash of the recive process; now the message is cleanly rejected.

JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option.  It had
      been totally disabled for all of 4.91.  Discovery and fix by "Mad Alex".

comment:4 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21138

Note: See TracTickets for help on using tickets.