I have prepared an Exim 4.44 release candidate which I invite folks to
test prior to it becoming a formal 4.44 release.
This release is intended to be a stop gap measure due to the 4.50
release being unlikely to appear before March. Hence I have taken the
bug fix items from the 4.50 development series and merged them into the
4.43 release. One of the main drivers for doing this is that I believe
that take up of the security bug fixes for 4.43 (other than by the main
linux/bsd/other distribution makers) is likely to be poor, and a bug fix
release is likely to have higher visibility.
The changes from 4.43 are basically all the bug fix releases *except*:-
* LDAP changes which I thought were too invasive and complex to
take in on a short test cycle release
No interface affecting enhancements have been taken, other than updates
to eximstats and exipick.
The ChangeLog entries for 4.44 are included at the end of this mail.
The Release Candidate is at
ftp://ftp.exim.org/pub/exim/Testing/
The files are:-
34fdf3ff205cd00ec79fab4cada9c4a0 exim-4.43-4.44_rc2.patch
183adad20ce8993a97de4e9ccf575050 exim-4.44_rc2.tar.bz2
31442509d9b8a7dd08fdbda1549ae2b0 exim-4.44_rc2.tar.gz
There are detached signatures for each of the files, made by Philip.
I hope to get (or rather get Tom to produce) a exiscan version produced
for this shortly - if you use the standard exiscan-acl patch for 4.43
you will find 3 patch rejects:-
* version.c - change of exim version number
* macro.h - change of some limit sizes, which are now in exim
proper
* acl.c - requires basic fix up.
Please test this and send any issues to me and/or the list. This is
also the first case of a non-Philip driven release - the intention is
that these will become the norm, but we need to develop a little more
infrastructure to handle them. Most of the actual development work was,
however, done by Philip and some others, I have just co-ordinated the
selection and merging of changes into this release.
Cheers
Nigel.
ChangeLog entries.....
Exim version 4.44
-----------------
1. Change 4.43/35 introduced a bug that caused file counts to be
incorrectly computed when quota_filecount was set in an appendfile
transport
2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
place.
3. Give more explanation in the error message when the command for a transport
filter fails to execute.
4. There are several places where Exim runs a non-Exim command in a
subprocess. The SIGUSR1 signal should be disabled for these processes. This
was being done only for the command run by the queryprogram router. It is
now done for all such subprocesses. The other cases are: ${run, transport
filters, and the commands run by the lmtp and pipe transports.
5. Some older OS have a limit of 256 on the maximum number of file
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
was an oversight, and furthermore, ever since the addition of extra
controls (e.g. 4.43/32), the checks on when to allow different forms of
"control" were broken. There should now be diagnostics for all cases when a
control that does not make sense is encountered.
7. $recipients is now available in the predata ACL (oversight).
8. Tidy the search cache before the fork to do a delivery from a message
received from the command line. Otherwise the child will trigger a lookup
failure and thereby defer the delivery if it tries to use (for example) a
cached ldap connection that the parent has called unbind on.
9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
of $address_data from the recipient verification was clobbered by the
sender verification.
10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
was its contents. (It was OK if the option was not defined at all.)
11. A "Completed" log line is now written for messages that are removed from
the spool by the -Mrm option.
12. $host_address is now set to the target address during the checking of
ignore_target_hosts.
13. When checking ignore_target_hosts for an ipliteral router, no host name was
being passed; this would have caused $sender_host_name to have been used if
matching the list had actually called for a host name (not very likely,
since this list is usually IP addresses). A host name is now passed as
"[x.x.x.x]".
14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
code that specifies a non-restarting handler (typically sigaction() in
modern systems) in an attempt to fix a rare and obscure crash bug.
15. Narrowed the window for a race in the daemon that could cause it to ignore
SIGCHLD signals. This is not a major problem, because they are used only to
wake it up if nothing else does.
16. A malformed maildirsize file could cause Exim to calculate negative values
for the mailbox size or file count. Odd effects could occur as a result.
The maildirsize information is now recalculated if the size or filecount
end up negative.
17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
support for a long time. Removed HAVE_SYS_VFS_H.
18. Updated exipick to current release
19. Allow an empty sender to be matched against a lookup in an address list.
Previously the only cases considered were a regular expression, or an
empty pattern.
20. Exim went into a mad DNS lookup loop when doing a callout where the
host was specified on the transport, if the DNS lookup yielded more than
one IP address.
21. Respect the 75-character limit for "encoded words" when doing RFC 2047
encoding, and increase the buffer size for ${rfc2047: expansion.
22. errors_to on a router was being ignored for bounce messages.
23. If an IPv6 address is given for -bh or -bhc, it is now converted to the
canonical form (fully expanded) before being placed in
$sender_host_address.
24. Updated eximstats to version 1.33
25. Expand error message when GnuTLS has problems setting up cert/key files.
26. Expand error message when OpenSSL has problems setting up cert/key files.
27. Reset locale after calling embedded Perl, in case it was changed.
28. When checking for a message's continued existence, exim_tidydb was not
looking in the split spool subdirectories.
29. eximstats updated to version 1.35
1.34 - allow eximstats to parse syslog lines as well as mainlog lines
1.35 - bugfix such that pie charts by volume are generated correctly
30. A forced expansion failure in the SPA authenticator is now treated the
same as in other authenticators (it moves to the next authenticator).
31. Fixed the cipher preference order for GnuTLS client usage.
31. Fixed Sieve buglet: now it explicitly sets From: when generating
an autoreply.
32. More robust handling of very large SMTP responses.
33. Check dnsdb PTR key for IP address before reversing.
CAN-2005-0021
34. Put a check in host_aton() to protect against buffer overrun
CAN-2005-0021
35. Fix buffer overflow vulnerability in spa_base64_to_bits() function.
CAN-2005-0022
36. Need to initialize getloadavg() as root in the daemon when
deliver_drop_privilege is set, for the benefit of the queue runner.
37. Data saved for $host_data after a lookup involving a named host list was
corrupted if there was more than one message in an SMTP session.
38. Fixed a very old bug that sometimes lost the final 221 message after QUIT.
--
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ - Comments in this message are my own and not ITO opinion/policy - ]