Exim 4.85 released

ben29

Verified User
Joined
Jul 20, 2006
Messages
449
Location
Israel
Exim version 4.8
bugs fixed:
Code:
TL/01 When running the test suite, the README says that variables such as
      no_msglog_check are global and can be placed anywhere in a specific
      test's script, however it was observed that placement needed to be near
      the beginning for it to behave that way. Changed the runtest perl
      script to read through the entire script once to detect and set these
      variables, reset to the beginning of the script, and then run through
      the script parsing/test process like normal.

TL/02 The BSD's have an arc4random API. One of the functions to induce
      adding randomness was arc4random_stir(), but it has been removed in
      OpenBSD 5.5. Detect this OpenBSD version and skip calling this
      function when detected.

JH/01 Expand the EXPERIMENTAL_TPDA feature.  Several different events now
      cause callback expansion.

TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
      syntax errors in an expansion can be treated as a string instead of
      logging or causing an error, due to the internal use of bool_lax
      instead of bool when processing it.

JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
      server certificates when making smtp deliveries.

JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.

JH/04 Add ${sort {list}{condition}{extractor}} expansion item.

TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.

TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
      Merged patch from Sebastian Wiedenroth.

JH/05 Fix results-pipe from transport process.  Several recipients, combined
      with certificate use, exposed issues where response data items split
      over buffer boundaries were not parsed properly.  This eventually
      resulted in duplicates being sent.  This issue only became common enough
      to notice due to the introduction of conection certificate information,
      the item size being so much larger.  Found and fixed by Wolfgang Breyha.

JH/06 Bug 1533: Fix truncation of items in headers_remove lists.  A fixed
      size buffer was used, resulting in syntax errors when an expansion
      exceeded it.

JH/07 Add support for directories of certificates when compiled with a GnuTLS
      version 3.3.6 or later.

JH/08 Rename the TPDA expermimental facility to Event Actions.  The #ifdef
      is EXPERIMENTAL_EVENT, the main-configuration and transport options
      both become "event_action", the variables become $event_name, $event_data
      and $event_defer_errno.  There is a new variable $verify_mode, usable in
      routers, transports and related events.  The tls:cert event is now also
      raised for inbound connections, if the main configuration event_action
      option is defined.

TL/06 In test suite, disable OCSP for old versions of openssl which contained
      early OCSP support, but no stapling (appears to be less than 1.0.0).

JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
      server certificate names available under the smtp transport option
      "tls_verify_cert_hostname" now do not permit multi-component wildcard
      matches.

JH/10 Time-related extraction expansions from certificates now use the main
      option "timezone" setting for output formatting, and are consistent
      between OpenSSL and GnuTLS compilations.  Bug 1541.

JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
      encoded parameter in the incoming message.  Bug 1558.

JH/12 Bug 1527: Autogrow buffer used in reading spool files.  Since they now
      include certificate info, eximon was claiming there were spoolfile
      syntax errors.

JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.

JH/14 Log delivery-related information more consistently, using the sequence
      "H=<name> [<ip>]" wherever possible.

TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
      are problematic for Debian distribution, omit them from the release
      tarball.

JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.

JH/16 Fix string representation of time values on 64bit time_t anchitectures.
      Bug 1561.

JH/17 Fix a null-indirection in certextract expansions when a nondefault
      output list separator was used.

New Features
Code:
 1. If built with EXPERIMENTAL_DANE feature enabled, Exim will follow the
    DANE smtp draft to assess a secure chain of trust of the certificate
    used to establish the TLS connection based on a TLSA record in the
    domain of the sender.

 2. The EXPERIMENTAL_TPDA feature has been renamed to EXPERIMENTAL_EVENT
    and several new events have been created. The reason is because it has
    been expanded beyond just firing events during the transport phase. Any
    existing TPDA transport options will have to be rewritten to use a new
    $event_name expansion variable in a condition. Refer to the
    experimental-spec.txt for details and examples.

 3. The EXPERIMENTAL_CERTNAMES features is an enhancement to verify that
    server certs used for TLS match the result of the MX lookup. It does
    not use the same mechanism as DANE.
 
Back
Top