[exim] Exim 4.91 released

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-announce, exim-maintainers, exim users
Subject: [exim] Exim 4.91 released
I have uploaded Exim 4.91 to:
    https://downloads.exim.org/exim4/


(The FTP access, ftp://ftp.exim.org/pub/exim/exim4/ is still maintained).

The release was built and signed by me.


There were a few bugfixes since the RC4 (a week ago):

- - OpenSSL: Revert the disabling of the session-cache. Bug 2255
- - DMARC: fix history file
- - ARC: fix signing when DKIM-signing is also being done
- - fix heimdal interaction: check length
- - fix syslog logging

There was one relaxation of a constraint:

- - DKIM: add support for the SubjectPublicKeyInfo wrapped form of Ed25519 pubkey


Files:
SIZE(exim-4.91.tar.bz2)= 1912811
SIZE(exim-4.91.tar.gz)= 2407413
SIZE(exim-4.91.tar.xz)= 1744660
SIZE(exim-html-4.91.tar.bz2)= 493670
SIZE(exim-html-4.91.tar.gz)= 721820
SIZE(exim-html-4.91.tar.xz)= 487980
SIZE(exim-pdf-4.91.tar.bz2)= 2005787
SIZE(exim-pdf-4.91.tar.gz)= 2032676
SIZE(exim-pdf-4.91.tar.xz)= 1973672
SIZE(exim-postscript-4.91.tar.bz2)= 1076728
SIZE(exim-postscript-4.91.tar.gz)= 1447575
SIZE(exim-postscript-4.91.tar.xz)= 1073420

SHA256(exim-4.91.tar.bz2)= eff5b41276a0039e89af4b447da13aaa61c5823d4ec2c37353dc23577cfb02d3
SHA256(exim-4.91.tar.gz)= c8b4e2820a1e4e3769a24c966f70432d02f306a9e3a4783cd58f7703500a7496
SHA256(exim-4.91.tar.xz)= ec57acb103d5550aca8d60adb57f355c7b3c41b5449290594ed6615ad4b9d118
SHA256(exim-html-4.91.tar.bz2)= f8cc27a8b9ff3f76769cf530179386db97fcb129a3496b569956abcf54a076ba
SHA256(exim-html-4.91.tar.gz)= 5343271bf9236fb2362ef69b8f3c621d3b0cd6fbdb34cc40d1e710f533a0e065
SHA256(exim-html-4.91.tar.xz)= d9135ad4869f1d00552dc25941135ae933dddb7ba755781965c8d0d9f5eff058
SHA256(exim-pdf-4.91.tar.bz2)= 95767840a332a68777445ad936774b7f1e7afda182179c554760fa4dfc3aab61
SHA256(exim-pdf-4.91.tar.gz)= 9a7fdf045c9ef92f8cf92c73505f5d6b77cc46f11c700a0d302293c781ad8c3c
SHA256(exim-pdf-4.91.tar.xz)= 58b34cedb175156e9948239aca92cd0d8a6ed21669580a3504e3676996e0b1ae
SHA256(exim-postscript-4.91.tar.bz2)= fe20825a2fc53035585cf034e8cd66197173118f13d1d99d46a920e646ae21e9
SHA256(exim-postscript-4.91.tar.gz)= bba5c561d0d2a9f89c17803f6db722e54061de029b29a0f562e8445c23053613
SHA256(exim-postscript-4.91.tar.xz)= 4b8e6cef10e6281264434607aa53ea065e0e850421b8b6be27020b8dd04b2234



New features since the 4.90 release:

 1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS
    version 3.5.6 or later.


 2. DANE is now supported under GnuTLS version 3.0.0 or later.  Both GnuTLS and
    OpenSSL versions are moved to mainline support from Experimental.
    New SMTP transport option "dane_require_tls_ciphers".


3. Feature macros for the compiled-in set of malware scanner interfaces.

 4. SPF support is promoted from Experimental to mainline status.  The template
    src/EDITME makefile does not enable its inclusion.


 5. Logging control for DKIM verification.  The existing DKIM log line is
    controlled by a "dkim_verbose" selector which is _not_ enabled by default.
    A new tag "DKIM=<domain>" is added to <= lines by default, controlled by
    a "dkim" log_selector.


6. Receive duration on <= lines, under a new log_selector "receive_time".

 7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup router and on
    routing rules in the manualroute router.


 8. Expansion item ${sha3:<string>} / ${sha3_<N>:<string>} now also supported
    under OpenSSL version 1.1.1 or later.


 9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under
    GnuTLS 3.6.0 or OpenSSL 1.1.1 or later.


10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library
    version dependent.


11. "exim -bP macro <name>" returns caller-usable status.

12. Expansion item ${authresults {<machine>}} for creating an
    Authentication-Results: header.


13. EXPERIMENTAL_ARC.  See the experimental.spec file.
    See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC.


14: A dane:fail event, intended to facilitate reporting.

15. "Lightweight" support for Redis Cluster. Requires redis_servers list to
    contain all the servers in the cluster, all of which must be reachable from
    the running exim instance. If the cluster has master/slave replication, the
    list must contain all the master and slave servers.


16. Add an option to the Avast scanner interface: "pass_unscanned". This
    allows to treat unscanned files as clean. Files may be unscanned for
    several reasons: decompression bombs, broken archives.



Bugfixes and other changes of note since the 4.90 release:

1.    DEFER rather than ERROR on redis cluster MOVED response.
      When redis_servers is set to a list of > 1 element, and the Redis servers
      in that list are in cluster configuration, convert the REDIS_REPLY_ERROR
      case of MOVED into a DEFER case instead, thus moving the query onto the
      next server in the list. For a cluster of N elements, all N servers must
      be defined in redis_servers.


2.    Catch and remove uninitialized value warning in exiqsumm
      Check for existence of @ARGV before looking at $ARGV[0]


3.    Replace the store_release() internal interface with store_newblock(),
      which internalises the check required to safely use the old one, plus
      the allocate and data copy operations duplicated in both (!) of the
      extant use locations.


4.    Disallow '/' characters in queue names specified for the "queue=" ACL
      modifier.  This matches the restriction on the commandline.


5.    Fix pgsql lookup for multiple result-tuples with a single column.
      Previously only the last row was returned.


6.    Bug 2217: Tighten up the parsing of DKIM signature headers. Previously
      we assumed that tags in the header were well-formed, and parsed the
      element content after inspecting only the first char of the tag.
      Assumptions at that stage could crash the receive process on malformed
      input.


7.    Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
      While running the DKIM ACL we operate on the Permanent memory pool so that
      variables created with "set" persist to the DATA ACL.  Also (at any time)
      DNS lookups that fail create cache records using the Permanent pool.  But
      expansions release any allocations made on the current pool - so a dnsdb
      lookup expansion done in the DKIM ACL releases the memory used for the
      DNS negative-cache, and bad things result.  Solution is to switch to the
      Main pool for expansions.
      While we're in that code, add checks on the DNS cache during store_reset,
      active in the testsuite.
      Problem spotted, and debugging aided, by Wolfgang Breyha.


8.    Fix issue with continued-connections when the DNS shifts unreliably.
      When none of the hosts presented to a transport match an already-open
      connection, close it and proceed with the list.  Previously we would
      queue the message.  Spotted by Lena with Yahoo, probably involving
      round-robin DNS.


9.    Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
      Previously a spurious "250 OK id=" response was appended to the proper
      failure response.


10.   The "support for" informational output now, which built with Content
      Scanning support, has a line for the malware scanner interfaces compiled
      in.  Interface can be individually included or not at build time.


11.   The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
      by the template makefile "src/EDITME".  The "STREAM" support for an older
      ClamAV interface method is removed.


12.   Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
      rows affected is given instead).


13.   The runtime Berkeley DB library version is now additionally output by
      "exim -d -bV".  Previously only the compile-time version was shown.


14.   Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
      SMTP connection.  Previously, when one had more receipients than the
      first, an abortive onward connection was made.  Move to full support for
      multiple onward connections in sequence, handling cutthrough connection
      for all multi-message initiating connections.


15.   Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
      routers.  Previously, a multi-recipient message would fail to match the
      onward-connection opened for the first recipient, and cause its closure.


16.   Bug 2174: A timeout on connect for a callout was also erroneously seen as
      a timeout on read on a GnuTLS initiating connection, resulting in the
      initiating connection being dropped.  This mattered most when the callout
      was marked defer_ok.  Fix to keep the two timeout-detection methods
      separate.


17.   Relax results from ACL control request to enable cutthrough, in
      unsupported situations, from error to silently (except under debug)
      ignoring.  This covers use with PRDR, frozen messages, queue-only and
      fake-reject.


18. Fix Buffer overflow in base64d() (CVE-2018-6789)

19.   Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
      metadata, resulting in a crash in free().


20.   Fix broken Heimdal GSSAPI authenticator integration.
      Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
      Broken also in d185889f4, with init system revamp.


21.   Bug 2113: Fix conversation closedown with the Avast malware scanner.
      Previously we abruptly closed the connection after reading a malware-
      found indication; now we go on to read the "scan ok" response line,
      and send a quit.


22.   Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
      ACL.  Previously, a crash would result.


23.   Speed up macro lookups during configuration file read, by skipping non-
      macro text after a replacement (previously it was only once per line) and
      by skipping builtin macros when searching for an uppercase lead character.


24.   DANE support moved from Experimental to mainline.  The Makefile control
      for the build is renamed.


25.   Fix memory leak during multi-message connections using STARTTLS.  A buffer
      was allocated for every new TLS startup, meaning one per message.  Fix
      by only allocating once (OpenSSL) or freeing on TLS-close (GnuTLS).


26.   Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
      reported the original.  Fix to report (as far as possible) the ACL
      result replacing the original.


27.   Fix memory leak during multi-message connections using STARTTLS under
      OpenSSL.  Certificate information is loaded for every new TLS startup,
      and the resources needed to be freed.


28. Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.

29.   Fix utf8_downconvert propagation through a redirect router.  Previously it
      was not propagated.


30.   Bug 2253: For logging delivery lines under PRDR, append the overall
      DATA response info to the (existing) per-recipient response info for
      the "C=" log element.  It can have useful tracking info from the
      destination system.  Patch from Simon Arlott.


31.   Bug 2251: Fix ldap lookups that return a single attribute having zero-
      length value.  Previously this would segfault.


32.   Support Avast multiline protoocol, this allows passing flags to
      newer versions of the scanner.


33.   Ensure that variables possibly set during message acceptance are marked
      dead before release of memory in the daemon loop.  This stops complaints
      about them when the debug_store option is enabled.  Discovered specifically
      for sender_rate_period, but applies to a whole set of variables.
      Do the same for the queue-runner and queue-list loops, for variables set
      from spool message files.  Do the same for the SMTP per-message loop, for
      certain variables indirectly set in ACL operations.


34.   Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
      as a multi-recipient message from a mailinglist manager).  The coding had
      an arbitrary cutoff number of characters while checking for more input;
      enforced by writing a NUL into the buffer.  This corrupted long / fast
      input.   The problem was exposed more widely when more pipelineing of SMTP
      responses was introduced, and one Exim system was feeding another.
      The symptom is log complaints of SMTP syntax error (NUL chars) on the
      receiving system, and refused recipients seen by the sending system
      (propating to people being dropped from mailing lists).
      Discovered and pinpointed by David Carter.


35.   The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
      replaced by the ${authresults } expansion.


36. Bug 2257: Fix pipe transport to not use a socket-only syscall.

37.   Set a handler for SIGTERM and call exit(3) if running as PID 1. This
      allows proper process termination in container environments.


38.   Bug 2258: Fix spool_wireformat in combination with LMTP transport.
      Previously the "final dot" had a newline after it; ensure it is CR,LF.


39.   SPF: remove support for the "spf" ACL condition outcome values "err_temp"
      and "err_perm", deprecated since 4.83 when the RFC-defined words
      "temperror" and "permerror" were introduced.


40.   Re-introduce enforcement of no cutthrough delivery on transports having
      transport-filters or DKIM-signing.  The restriction was lost in the
      consolidation of verify-callout and delivery SMTP handling.
      Extend the restriction to also cover ARC-signing.


41.   Cutthrough: for a final-dot response timeout (and nonunderstood responses)
      in defer=pass mode supply a 450 to the initiator.  Previously the message
      would be spooled.


42.   DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
      tls_require_ciphers is used as before.


43.   Malware Avast: Better match the Avast multiline protocol. Add
      "pass_unscanned".  Only tmpfails from the scanner are written to
      the paniclog, as they may require admin intervention (permission
      denied, license issues). Other scanner errors (like decompression
      bombs) do not cause a paniclog entry.


44.   Fix reinitialisation of DKIM logging variable between messages.
      Previously it was possible to log spurious information in receive log
      lines.


45.   Bug 2255: Revert the disable of the OpenSSL session caching.  This
      triggered odd behaviour from Outlook Express clients.


46.   Add util/renew-opendmarc-tlds.sh script for safe renewal of public
      suffix list.


47.   DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
      since the IETF WG has not yet settled on that versus the original
      "bare" representation.


48.   Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
      Previously the millisecond value corrupted the output.
      Fix also for syslog_pid=no and log_selector +pid, for which the pid
      corrupted the output.


- --
Jeremy