[exim] Exim 4.89 RC6 uploaded: one remaining known issue

Top Page
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: exim-users, exim-dev
Subject: [exim] Exim 4.89 RC6 uploaded: one remaining known issue
Folks, we really need your help tracking down one last issue with a
crashing Exim; _please_ try this Exim some place, to see if you can help
expose it.

I have uploaded Exim 4.89 RC6 to:

    https://ftp.exim.org/pub/exim/exim4/test/


Over RC5, this fixes a problem where a message received via CHUNKING
could be missing the final newline, and so never make it out of the Exim
queue; provides a util script for fixing any such messages found in the
queue, and provides a main option for debugging memory usage.

We have one issue remaining, which is a crash bug. We think that it's a
long-standing issue of memory mis-use which has been exposed by some
memory management cleanups, which has worrying security implications.
So this is not new, only the surfacing is; on the other hand, it might
only have become possible to trigger it with the 4.88/4.89 code. I am
extremely reluctant to release with this issue in the code.

We need a usable core-file, which means _full_ GDB debugging
information, so please build with CFLAGS+=-ggdb if you think that you
might be able to trigger a crash.

Additionally, you can now set the new main-section configuration option
"debug_store", which is a bool. This adds a couple of assertions to the
code, making a crash more likely, but exposing where those issues are.

*PLEASE TEST* -- we need your help.

The important text-format documents for this release can be reviewed at:

    https://git.exim.org/exim.git/blob/exim-4_89_RC6:/src/README.UPDATING
    https://git.exim.org/exim.git/blob/exim-4_89_RC6:/doc/doc-txt/ChangeLog
    https://git.exim.org/exim.git/blob/exim-4_89_RC6:/doc/doc-txt/NewStuff
    https://git.exim.org/exim.git/blob/exim-4_89_RC6:/doc/doc-txt/openssl.txt


The files are signed with the PGP key 0x4D1E900E14C1CC04, which has a
uid "Phil Pennock <pdp@???>". Please use your own discretion in
assessing what trust paths you might have to this uid. Note that I have
two signing sub-keys and have signed with both; if you have an ancient
GnuPG release, you should get unimplemented warnings for one signature.
If this causes you inability to verify, please let me know; but if you
can verify with the other signature then that's expected behavior.

Checksums below. Detached PGP signatures in .asc files are available
alongside the tarballs.

Please report issues in reply to this email.

Thank you for your testing and feedback,
-Phil Pennock, pp The Exim Maintainers.

SHA256(exim-4.89_RC6.tar.bz2)= 22adfa9eec3e0ec36df1d6948f337fcee2747440f807d9de47324ead7ef55585
SHA256(exim-4.89_RC6.tar.gz)= be0b62277d52c3f4c1751104f3b74bec374a7197ffbfe5e18a18a5bab929ccd0
SHA256(exim-4.89_RC6.tar.xz)= 2e0e2a8e25ecdc25eadd5553ffc0a403aa5280bfedc9344a5f43cae014ba71d7
SHA256(exim-html-4.89_RC6.tar.bz2)= 93296566f8fcefa955906f035ef47df8076a9650564726da9a9ee45d0dad959e
SHA256(exim-html-4.89_RC6.tar.gz)= 479a4e74d8eddf98d0f76902c1439712b23aae33b2c1381fed4372529eb45034
SHA256(exim-html-4.89_RC6.tar.xz)= b6f033ccd94c2c80f05ddf72a1f9a41ab005c8ae9438fa7386d3056175512967
SHA256(exim-pdf-4.89_RC6.tar.bz2)= f102ac4f887c43be194385515b30e2e673d0cd46e0da8d4ed2ec278a8ea82faf
SHA256(exim-pdf-4.89_RC6.tar.gz)= 31017411fe289d67b7039e2686de2a4f7b6b2fbdf817f1321f7a313136985c36
SHA256(exim-pdf-4.89_RC6.tar.xz)= f27bb917ce4e158c277bb0a029184e4f00df24b81001264c68709ee913c8a17e
SHA256(exim-postscript-4.89_RC6.tar.bz2)= 4093d30be7bbb0b435474b4b59fa74130b6407d7923521f559d2827f88be46cb
SHA256(exim-postscript-4.89_RC6.tar.gz)= 2e574a70026a579994533ee29808d3d9ba0fac4a579b4265b1fae54f5dec0747
SHA256(exim-postscript-4.89_RC6.tar.xz)= 2a6d41adae2b2c8670e109301af7049add84ab7c1d8c18bee2c1868a5668832b

SIZE(exim-4.89_RC6.tar.bz2)= 1843883
SIZE(exim-4.89_RC6.tar.gz)= 2331323
SIZE(exim-4.89_RC6.tar.xz)= 1686368