#12886 closed enhancement (fixed)

exim-4.93

Reported by: Douglas R. Reno Owned by: Tim Tassonis
Priority: normal Milestone: 9.1
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New minor version

Change History (3)

comment:1 by Tim Tassonis, 20 months ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned

comment:2 by Tim Tassonis, 20 months ago

Exim version 4.93


JH/01 OpenSSL: With debug enabled output keying information sufficient, server

side, to decode a TLS 1.3 packet capture.

JH/02 OpenSSL: Suppress the sending of (stateful) TLS1.3 session tickets.

Previously the default library behaviour applied, sending two, each in its own TCP segment.

JH/03 Debug output for ACL now gives the config file name and line number for

each verb.

JH/04 The default received_header_text now uses the RFC 8314 tls cipher clause.

JH/05 DKIM: ensure that dkim_domain elements are lowercased before use.

JH/06 Fix buggy handling of autoreply bounce_return_size_limit, and a possible

buffer overrun for (non-chunking) other transports.

JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under

TLS1.3, means that a server rejecting a client certificate is not visible to the client until the first read of encrypted data (typically the response to EHLO). Add detection for that case and treat it as a failed TLS connection attempt, so that the normal retry-in-clear can work (if suitably configured).

JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part

and/or domain. Found and fixed by Jason Betts.

JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid

configuration). If a CNAME target was not a wellformed name pattern, a crash could result.

JH/09 Logging: Fix initial listening-on line for multiple ports for an IP when

the OS reports them interleaved with other addresses.

JH/10 OpenSSL: Fix aggregation of messages. Previously, when PIPELINING was

used both for input and for a verify callout, both encrypted, SMTP responses being sent by the server could be lost. This resulted in dropped connections and sometimes bounces generated by a peer sending to this system.

JH/11 Harden plaintext authenticator against a badly misconfigured client-send

string. Previously it was possible to cause undefined behaviour in a library routine (usually a crash). Found by "zerons".

JH/12 Bug 2384: fix "-bP smtp_receive_timeout". Previously it returned no

output.

JH/13 Bug 2386: Fix builds with Dane under LibreSSL 2.9.0 onward. Some old

API was removed, so update to use the newer ones.

JH/14 Bug 1891: Close the log file if receiving a non-smtp message, without

any timeout set, is taking a long time. Previously we would hang on to a rotated logfile "forever" if the input was arriving with long gaps (a previous attempt to fix addressed lack, for a long time, of initial input).

HS/01 Bug 2390: Use message_id for tempfile creation to avoid races in a

shared (NFS) environment. The length of the tempfile name is now 4 + 16 ("hdr.$message_exim_id") which might break on file systems which restrict the file name length to lower values. (It was "hdr.$pid".)

HS/02 Bug 2390: Use message_id for tempfile creation to avoid races in a

shared (NFS) environment.

HS/03 Bug 2392: exigrep does case sensitive *option* processing (as it

did for all versions <4.90). Notably -M, -m, --invert, -I may be affected.

JH/15 Use unsigned when creating bitmasks in macros, to avoid build errors

on some platforms for bit 31.

JH/16 GnuTLS: rework ciphersuite strings under recent library versions. Thanks

to changes apparently associated with TLS1.3 handling some of the APIs previously used were either nonfunctional or inappropriate. Strings like TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM__AEAD:256 and TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_128_CBC__SHA256:128 replace the previous TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 . This affects log line X= elements, the $tls_{in,out}_cipher variables, and the use of specific cipher names in the encrypted= ACL condition.

JH/17 OpenSSL: the default openssl_options now disables ssl_v3.

JH/18 GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp. Previously the

verification result was not updated unless hosts_require_ocsp applied.

JH/19 Bug 2398: fix listing of a named-queue. Previously, even with the option

queue_list_requires_admin set to false, non-admin users were denied the facility.

JH/20 Bug 2389: fix server advertising of usable certificates, under GnuTLS in

directory-of-certs mode. Previously they were advertised despite the documentation.

JH/21 The smtp transport option "hosts_noproxy_tls" is now unset by default.

A single TCP connection by a client will now hold a TLS connection open for multiple message deliveries, by default. Previoud the default was to not do so.

JH/22 The smtp transport option "hosts_try_dane" now enables all hosts by

default. If built with the facility, DANE will be used. The facility SUPPORT_DANE is now enabled in the prototype build Makefile "EDITME".

JH/23 The build default is now for TLS to be included; the SUPPORT_TLS define

is replaced with DISABLE_TLS. Either USE_GNUTLS or (the new) USE_OPENSSL must be defined and you must still, unless you define DISABLE_TLS, manage the the include-dir and library-file requirements that go with that choice. Non-TLS builds are still supported.

JH/24 Fix duplicated logging of peer name/address, on a transport connection-

reject under TFO.

JH/25 The smtp transport option "hosts_try_fastopen" now enables all hosts by

default. If the platform supports and has the facility enabled, it will be requested on all coneections.

JH/26 The PIPE_CONNECT facility is promoted from experimental status and is now

controlled by the build-time option SUPPORT_PIPE_CONNECT.

PP/01 Unbreak heimdal_gssapi, broken in 4.92.

JH/27 Bug 2404: Use the main-section configuration option "dsn_from" for

success-DSN messages. Previously the From: header was always the default one for these; the option was ignored.

JH/28 Fix the timeout on smtp response to apply to the whole response.

Previously it was reset for every read, so a teergrubing peer sending single bytes within the time limit could extend the connection for a long time. Credit to Qualsys Security Advisory Team for the discovery.

JH/29 Fix DSN Final-Recipient: field. Previously it was the post-routing

delivery address, which leaked information of the results of local forwarding. Change to the original envelope recipient address, per standards.

JH/30 Bug 2411: Fix DSN generation when RFC 3461 failure notification is

requested. Previously not bounce was generated and a log entry of error ignored was made.

JH/31 Avoid re-expansion in ${sort } expansion. (CVE-2019-13917)

JH/32 Introduce a general tainting mechanism for values read from the input

channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit.

JH/33 Bug 2413: Fix dkim_strict option. Previously the expansion result

was unused and the unexpanded text used for the test. Found and fixed by Ruben Jenster.

JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open,

an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault.

JH/35 Bug 2409: filter out-of-spec chars from callout response before using

them in our smtp response.

JH/36 Have the general router option retry_use_local_part default to true when

any of the restrictive preconditions are set (to anything). Previously it was only for check_local user. The change removes one item of manual configuration which is required for proper retries when a remote router handles a subset of addresses for a domain.

JH/37 Appendfile: when evaluating quota use (non-quota_size_regex) take the file

link count into consideration.

HS/04 Fix handling of very log lines in -H files. If a -<key> <value> line

caused the extension of big_buffer, the following lines were ignored.

JH/38 Bug 1395: Teach the DNS negative-cache about TTL value from the SOA in

accordance with RFC 2308. Previously there was no expiry, so a longlived receive process (eg. due to ACL delays) versus a short SOA value could surprise.

HS/05 Handle trailing backslash gracefully. (CVE-2019-15846)

JH/39 Promote DMARC support to mainline.

JH/40 Bug 2452: Add a References: header to DSNs.

JH/41 With GnuTLS 3.6.0 (and later) do not attempt to manage Diffie-Hellman

parameters. The relevant library call is documented as "Deprecated: This function is unnecessary and discouraged on GnuTLS 3.6.0 or later. Since 3.6.0, DH parameters are negotiated following RFC7919."

HS/06 Change the default of dnssec_request_domains to "*"

JH/42 Bug 2545: Fix CHUNKING for all RCPT commands rejected. Previously we

carried on and emitted a BDAT command, even when PIPELINING was not active.

JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted

buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used.

JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below;

recommended to avoid a possible server-load attack. The feature can be re-enabled via the openssl_options main cofiguration option.

JH/45 local_scan API: documented the current smtp_printf() call. This changed

for version 4.90 - adding a "more data" boolean to the arguments. Bumped the ABI version number also, this having been missed previously; release versions 4.90 to 4.92.3 inclusive were effectively broken in respect of usage of smtp_printf() by either local_scan code or libraries accessed via the ${dlfunc } expansion item. Both will need coding adjustment for any calls to smtp_printf() to match the new function signature; a FALSE value for the new argument is always safe.

JH/46 FreeBSD: fix use of the sendfile() syscall. The shim was not updating

the file-offset (which the Linux syscall does, and exim expects); this resulted in an indefinite loop.

JH/47 ARC: fix crash in signing, triggered when a configuration error failed

to do ARC verification. The Authentication-Results: header line added by the configuration then had no ARC item.

comment:3 by Tim Tassonis, 20 months ago

Resolution: fixed
Status: assignedclosed

Fixed in revision 22456.

Note: See TracTickets for help on using tickets.