I have uploaded Exim 4.91 to:
https://downloads.exim.org/exim4/
(The FTP access,
ftp://ftp.exim.org/pub/exim/exim4/ is still maintained).
The release was built and signed by me.
There were a few bugfixes since the RC4 (a week ago):
- - OpenSSL: Revert the disabling of the session-cache. Bug 2255
- - DMARC: fix history file
- - ARC: fix signing when DKIM-signing is also being done
- - fix heimdal interaction: check length
- - fix syslog logging
There was one relaxation of a constraint:
- - DKIM: add support for the SubjectPublicKeyInfo wrapped form of Ed25519 pubkey
Files:
SIZE(exim-4.91.tar.bz2)= 1912811
SIZE(exim-4.91.tar.gz)= 2407413
SIZE(exim-4.91.tar.xz)= 1744660
SIZE(exim-html-4.91.tar.bz2)= 493670
SIZE(exim-html-4.91.tar.gz)= 721820
SIZE(exim-html-4.91.tar.xz)= 487980
SIZE(exim-pdf-4.91.tar.bz2)= 2005787
SIZE(exim-pdf-4.91.tar.gz)= 2032676
SIZE(exim-pdf-4.91.tar.xz)= 1973672
SIZE(exim-postscript-4.91.tar.bz2)= 1076728
SIZE(exim-postscript-4.91.tar.gz)= 1447575
SIZE(exim-postscript-4.91.tar.xz)= 1073420
SHA256(exim-4.91.tar.bz2)= eff5b41276a0039e89af4b447da13aaa61c5823d4ec2c37353dc23577cfb02d3
SHA256(exim-4.91.tar.gz)= c8b4e2820a1e4e3769a24c966f70432d02f306a9e3a4783cd58f7703500a7496
SHA256(exim-4.91.tar.xz)= ec57acb103d5550aca8d60adb57f355c7b3c41b5449290594ed6615ad4b9d118
SHA256(exim-html-4.91.tar.bz2)= f8cc27a8b9ff3f76769cf530179386db97fcb129a3496b569956abcf54a076ba
SHA256(exim-html-4.91.tar.gz)= 5343271bf9236fb2362ef69b8f3c621d3b0cd6fbdb34cc40d1e710f533a0e065
SHA256(exim-html-4.91.tar.xz)= d9135ad4869f1d00552dc25941135ae933dddb7ba755781965c8d0d9f5eff058
SHA256(exim-pdf-4.91.tar.bz2)= 95767840a332a68777445ad936774b7f1e7afda182179c554760fa4dfc3aab61
SHA256(exim-pdf-4.91.tar.gz)= 9a7fdf045c9ef92f8cf92c73505f5d6b77cc46f11c700a0d302293c781ad8c3c
SHA256(exim-pdf-4.91.tar.xz)= 58b34cedb175156e9948239aca92cd0d8a6ed21669580a3504e3676996e0b1ae
SHA256(exim-postscript-4.91.tar.bz2)= fe20825a2fc53035585cf034e8cd66197173118f13d1d99d46a920e646ae21e9
SHA256(exim-postscript-4.91.tar.gz)= bba5c561d0d2a9f89c17803f6db722e54061de029b29a0f562e8445c23053613
SHA256(exim-postscript-4.91.tar.xz)= 4b8e6cef10e6281264434607aa53ea065e0e850421b8b6be27020b8dd04b2234
New features since the 4.90 release:
1. Dual-certificate stacks on servers now support OCSP stapling, under GnuTLS
version 3.5.6 or later.
2. DANE is now supported under GnuTLS version 3.0.0 or later. Both GnuTLS and
OpenSSL versions are moved to mainline support from Experimental.
New SMTP transport option "dane_require_tls_ciphers".
3. Feature macros for the compiled-in set of malware scanner interfaces.
4. SPF support is promoted from Experimental to mainline status. The template
src/EDITME makefile does not enable its inclusion.
5. Logging control for DKIM verification. The existing DKIM log line is
controlled by a "dkim_verbose" selector which is _not_ enabled by default.
A new tag "DKIM=<domain>" is added to <= lines by default, controlled by
a "dkim" log_selector.
6. Receive duration on <= lines, under a new log_selector "receive_time".
7. Options "ipv4_only" and "ipv4_prefer" on the dnslookup router and on
routing rules in the manualroute router.
8. Expansion item ${sha3:<string>} / ${sha3_<N>:<string>} now also supported
under OpenSSL version 1.1.1 or later.
9. DKIM operations can now use the Ed25519 algorithm in addition to RSA, under
GnuTLS 3.6.0 or OpenSSL 1.1.1 or later.
10. Builtin feature-macros _CRYPTO_HASH_SHA3 and _CRYPTO_SIGN_ED25519, library
version dependent.
11. "exim -bP macro <name>" returns caller-usable status.
12. Expansion item ${authresults {<machine>}} for creating an
Authentication-Results: header.
13. EXPERIMENTAL_ARC. See the experimental.spec file.
See also new util/renew-opendmarc-tlds.sh script for use with DMARC/ARC.
14: A dane:fail event, intended to facilitate reporting.
15. "Lightweight" support for Redis Cluster. Requires redis_servers list to
contain all the servers in the cluster, all of which must be reachable from
the running exim instance. If the cluster has master/slave replication, the
list must contain all the master and slave servers.
16. Add an option to the Avast scanner interface: "pass_unscanned". This
allows to treat unscanned files as clean. Files may be unscanned for
several reasons: decompression bombs, broken archives.
Bugfixes and other changes of note since the 4.90 release:
1. DEFER rather than ERROR on redis cluster MOVED response.
When redis_servers is set to a list of > 1 element, and the Redis servers
in that list are in cluster configuration, convert the REDIS_REPLY_ERROR
case of MOVED into a DEFER case instead, thus moving the query onto the
next server in the list. For a cluster of N elements, all N servers must
be defined in redis_servers.
2. Catch and remove uninitialized value warning in exiqsumm
Check for existence of @ARGV before looking at $ARGV[0]
3. Replace the store_release() internal interface with store_newblock(),
which internalises the check required to safely use the old one, plus
the allocate and data copy operations duplicated in both (!) of the
extant use locations.
4. Disallow '/' characters in queue names specified for the "queue=" ACL
modifier. This matches the restriction on the commandline.
5. Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
6. Bug 2217: Tighten up the parsing of DKIM signature headers. Previously
we assumed that tags in the header were well-formed, and parsed the
element content after inspecting only the first char of the tag.
Assumptions at that stage could crash the receive process on malformed
input.
7. Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
While running the DKIM ACL we operate on the Permanent memory pool so that
variables created with "set" persist to the DATA ACL. Also (at any time)
DNS lookups that fail create cache records using the Permanent pool. But
expansions release any allocations made on the current pool - so a dnsdb
lookup expansion done in the DKIM ACL releases the memory used for the
DNS negative-cache, and bad things result. Solution is to switch to the
Main pool for expansions.
While we're in that code, add checks on the DNS cache during store_reset,
active in the testsuite.
Problem spotted, and debugging aided, by Wolfgang Breyha.
8. Fix issue with continued-connections when the DNS shifts unreliably.
When none of the hosts presented to a transport match an already-open
connection, close it and proceed with the list. Previously we would
queue the message. Spotted by Lena with Yahoo, probably involving
round-robin DNS.
9. Bug 2214: Fix SMTP responses resulting from non-accept result of MIME ACL.
Previously a spurious "250 OK id=" response was appended to the proper
failure response.
10. The "support for" informational output now, which built with Content
Scanning support, has a line for the malware scanner interfaces compiled
in. Interface can be individually included or not at build time.
11. The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
by the template makefile "src/EDITME". The "STREAM" support for an older
ClamAV interface method is removed.
12. Bug 2223: Fix mysql lookup returns for the no-data case (when the number of
rows affected is given instead).
13. The runtime Berkeley DB library version is now additionally output by
"exim -d -bV". Previously only the compile-time version was shown.
14. Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
SMTP connection. Previously, when one had more receipients than the
first, an abortive onward connection was made. Move to full support for
multiple onward connections in sequence, handling cutthrough connection
for all multi-message initiating connections.
15. Bug 2229: Fix cutthrough routing for nonstandard port numbers defined by
routers. Previously, a multi-recipient message would fail to match the
onward-connection opened for the first recipient, and cause its closure.
16. Bug 2174: A timeout on connect for a callout was also erroneously seen as
a timeout on read on a GnuTLS initiating connection, resulting in the
initiating connection being dropped. This mattered most when the callout
was marked defer_ok. Fix to keep the two timeout-detection methods
separate.
17. Relax results from ACL control request to enable cutthrough, in
unsupported situations, from error to silently (except under debug)
ignoring. This covers use with PRDR, frozen messages, queue-only and
fake-reject.
18. Fix Buffer overflow in base64d() (CVE-2018-6789)
19. Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
metadata, resulting in a crash in free().
20. Fix broken Heimdal GSSAPI authenticator integration.
Broken in f2ed27cf5, missing an equals sign for specified-initialisers.
Broken also in d185889f4, with init system revamp.
21. Bug 2113: Fix conversation closedown with the Avast malware scanner.
Previously we abruptly closed the connection after reading a malware-
found indication; now we go on to read the "scan ok" response line,
and send a quit.
22. Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
ACL. Previously, a crash would result.
23. Speed up macro lookups during configuration file read, by skipping non-
macro text after a replacement (previously it was only once per line) and
by skipping builtin macros when searching for an uppercase lead character.
24. DANE support moved from Experimental to mainline. The Makefile control
for the build is renamed.
25. Fix memory leak during multi-message connections using STARTTLS. A buffer
was allocated for every new TLS startup, meaning one per message. Fix
by only allocating once (OpenSSL) or freeing on TLS-close (GnuTLS).
26. Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
reported the original. Fix to report (as far as possible) the ACL
result replacing the original.
27. Fix memory leak during multi-message connections using STARTTLS under
OpenSSL. Certificate information is loaded for every new TLS startup,
and the resources needed to be freed.
28. Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
29. Fix utf8_downconvert propagation through a redirect router. Previously it
was not propagated.
30. Bug 2253: For logging delivery lines under PRDR, append the overall
DATA response info to the (existing) per-recipient response info for
the "C=" log element. It can have useful tracking info from the
destination system. Patch from Simon Arlott.
31. Bug 2251: Fix ldap lookups that return a single attribute having zero-
length value. Previously this would segfault.
32. Support Avast multiline protoocol, this allows passing flags to
newer versions of the scanner.
33. Ensure that variables possibly set during message acceptance are marked
dead before release of memory in the daemon loop. This stops complaints
about them when the debug_store option is enabled. Discovered specifically
for sender_rate_period, but applies to a whole set of variables.
Do the same for the queue-runner and queue-list loops, for variables set
from spool message files. Do the same for the SMTP per-message loop, for
certain variables indirectly set in ACL operations.
34. Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
as a multi-recipient message from a mailinglist manager). The coding had
an arbitrary cutoff number of characters while checking for more input;
enforced by writing a NUL into the buffer. This corrupted long / fast
input. The problem was exposed more widely when more pipelineing of SMTP
responses was introduced, and one Exim system was feeding another.
The symptom is log complaints of SMTP syntax error (NUL chars) on the
receiving system, and refused recipients seen by the sending system
(propating to people being dropped from mailing lists).
Discovered and pinpointed by David Carter.
35. The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
replaced by the ${authresults } expansion.
36. Bug 2257: Fix pipe transport to not use a socket-only syscall.
37. Set a handler for SIGTERM and call exit(3) if running as PID 1. This
allows proper process termination in container environments.
38. Bug 2258: Fix spool_wireformat in combination with LMTP transport.
Previously the "final dot" had a newline after it; ensure it is CR,LF.
39. SPF: remove support for the "spf" ACL condition outcome values "err_temp"
and "err_perm", deprecated since 4.83 when the RFC-defined words
"temperror" and "permerror" were introduced.
40. Re-introduce enforcement of no cutthrough delivery on transports having
transport-filters or DKIM-signing. The restriction was lost in the
consolidation of verify-callout and delivery SMTP handling.
Extend the restriction to also cover ARC-signing.
41. Cutthrough: for a final-dot response timeout (and nonunderstood responses)
in defer=pass mode supply a 450 to the initiator. Previously the message
would be spooled.
42. DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
tls_require_ciphers is used as before.
43. Malware Avast: Better match the Avast multiline protocol. Add
"pass_unscanned". Only tmpfails from the scanner are written to
the paniclog, as they may require admin intervention (permission
denied, license issues). Other scanner errors (like decompression
bombs) do not cause a paniclog entry.
44. Fix reinitialisation of DKIM logging variable between messages.
Previously it was possible to log spurious information in receive log
lines.
45. Bug 2255: Revert the disable of the OpenSSL session caching. This
triggered odd behaviour from Outlook Express clients.
46. Add util/renew-opendmarc-tlds.sh script for safe renewal of public
suffix list.
47. DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
since the IETF WG has not yet settled on that versus the original
"bare" representation.
48. Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
Previously the millisecond value corrupted the output.
Fix also for syslog_pid=no and log_selector +pid, for which the pid
corrupted the output.
- --
Jeremy