Exim version 4.8
bugs fixed:
New Features
bugs fixed:
Code:
TL/01 When running the test suite, the README says that variables such as
no_msglog_check are global and can be placed anywhere in a specific
test's script, however it was observed that placement needed to be near
the beginning for it to behave that way. Changed the runtest perl
script to read through the entire script once to detect and set these
variables, reset to the beginning of the script, and then run through
the script parsing/test process like normal.
TL/02 The BSD's have an arc4random API. One of the functions to induce
adding randomness was arc4random_stir(), but it has been removed in
OpenBSD 5.5. Detect this OpenBSD version and skip calling this
function when detected.
JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now
cause callback expansion.
TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that
syntax errors in an expansion can be treated as a string instead of
logging or causing an error, due to the internal use of bool_lax
instead of bool when processing it.
JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for
server certificates when making smtp deliveries.
JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups.
JH/04 Add ${sort {list}{condition}{extractor}} expansion item.
TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep.
TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups.
Merged patch from Sebastian Wiedenroth.
JH/05 Fix results-pipe from transport process. Several recipients, combined
with certificate use, exposed issues where response data items split
over buffer boundaries were not parsed properly. This eventually
resulted in duplicates being sent. This issue only became common enough
to notice due to the introduction of conection certificate information,
the item size being so much larger. Found and fixed by Wolfgang Breyha.
JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed
size buffer was used, resulting in syntax errors when an expansion
exceeded it.
JH/07 Add support for directories of certificates when compiled with a GnuTLS
version 3.3.6 or later.
JH/08 Rename the TPDA expermimental facility to Event Actions. The #ifdef
is EXPERIMENTAL_EVENT, the main-configuration and transport options
both become "event_action", the variables become $event_name, $event_data
and $event_defer_errno. There is a new variable $verify_mode, usable in
routers, transports and related events. The tls:cert event is now also
raised for inbound connections, if the main configuration event_action
option is defined.
TL/06 In test suite, disable OCSP for old versions of openssl which contained
early OCSP support, but no stapling (appears to be less than 1.0.0).
JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on
server certificate names available under the smtp transport option
"tls_verify_cert_hostname" now do not permit multi-component wildcard
matches.
JH/10 Time-related extraction expansions from certificates now use the main
option "timezone" setting for output formatting, and are consistent
between OpenSSL and GnuTLS compilations. Bug 1541.
JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047-
encoded parameter in the incoming message. Bug 1558.
JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now
include certificate info, eximon was claiming there were spoolfile
syntax errors.
JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return.
JH/14 Log delivery-related information more consistently, using the sequence
"H=<name> [<ip>]" wherever possible.
TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which
are problematic for Debian distribution, omit them from the release
tarball.
JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature.
JH/16 Fix string representation of time values on 64bit time_t anchitectures.
Bug 1561.
JH/17 Fix a null-indirection in certextract expansions when a nondefault
output list separator was used.
New Features
Code:
1. If built with EXPERIMENTAL_DANE feature enabled, Exim will follow the
DANE smtp draft to assess a secure chain of trust of the certificate
used to establish the TLS connection based on a TLSA record in the
domain of the sender.
2. The EXPERIMENTAL_TPDA feature has been renamed to EXPERIMENTAL_EVENT
and several new events have been created. The reason is because it has
been expanded beyond just firing events during the transport phase. Any
existing TPDA transport options will have to be rewritten to use a new
$event_name expansion variable in a condition. Refer to the
experimental-spec.txt for details and examples.
3. The EXPERIMENTAL_CERTNAMES features is an enhancement to verify that
server certs used for TLS match the result of the MX lookup. It does
not use the same mechanism as DANE.