Exim version 4.20 ----------------- 1. If data for an authentication interaction was just the string "=", indicating an empty string, Exim was not setting up the numerical variable correctly. In some situations, this could cause a crash - in others, it might have passed unnoticed. 2. Changed signal(SIGTERM, command_sigterm_handler) in smtp_in.c to use os_non_restarting_signal() for tidiness; in practice this doesn't actually matter because the handler terminates the process. 3. Refactoring: (a) In some (but not all) places where Exim applies timers using alarm(), it was resetting the SIGALRM handler afterwards, but sometimes to SIG_IGN and sometimes to SIG_DFL. In other words, it was a mess. In fact, this reset is not necessary, because after alarm(0) there is no possibility of receiving a SIGLARM signal. So I've just removed them all. (b) The daemon.c module had its own SIGALRM handler, which was unnecessary. I changed it to use the handler that is used (almost) everywhere else. (c) Almost all uses of SIGALRM use the same handler, but it was being set by signal() all over the place. Now it is set at the start, and it resets itself every time it is called, so it remains enabled throughout. The few places that use a different handler reset to the "standard" one afterwards. (d) The setting of the SIGTERM handler while reading SMTP commands was done somwhat untidily. I have re-arranged the code. 4. If the building process was interrupted during the MakeLinks script, a subsequent run of 'make' gave misleading errors. I've made it a bit more robust against this case. If there appears to be a half-made set of links, an error message suggests that the user should remove the build directory and start again. 5. For compatibility with other MTAs, -f "" is now accepted as synonymous with -f "<>". 6. Upgraded to PCRE 4.1. 7. If a domain list contained @mx_any, or @mx_secondary, and the DNS contained secondary MX records for a domain, but all the other MX (higher priority) records pointed to non-existent hosts, Exim was behaving as if the domain did not match the list item. This has been fixed. 8. Upgraded eximstats to 1.27. 9. It was reported that change 4.14/46(b) caused problems on some systems with older libraries. There is now an option that can be set in Local/Makefile (or in a operating system Makefile): IPV6_USE_INET_PTON=yes If this is done, Exim reverts to using inet_pton() to convert a textual IPv6 address for actual use, instead of getaddrinfo(), as it did in versions before 4.14. Of course, this means that the additional functionality of getaddrinfo() - recognizing scoped addresses - is lost. 10. Update for PostgreSQL to match 4.14/14: after an insert, delete, or update command, the result is the number of rows affected. 11. If smtp_banner expanded to an empty string, no greeting line was sent, thus causing the client to time out. An empty 220 response is now sent. 12. An empty argument was logged as a null string by the "arguments" log selector. Now empty strings and arguments that contain whitespace are surrounded by quotes. 13. The "arguments" log selector now also logs the current working directory when Exim is called. 14. Added a couple more debugging calls to tls-openssl. 15. Changed the name of the global variable ldap_version because some LDAP library uses the same name, which causes a clash. It's now called eldap_version. While I was at it, I changed the other two global variables, ldap_default_servers and ldap_dn. 16. If an address that is verified in an ACL is redirected to a single address, Exim verifies the child (this is not new). However, the value of $address_ data that was being returned was the value from the parent. It is now the value from the child. 17. Re-arranged the code for rda_is_filter() to make it easier to add other filter types in future. 18. Removed the filter test function from filter.c and put it into its own source file, again to make things easier for multiple filter types. 19. To help those people who are maintaining a patch for dynamically loaded local_scan() functions, I have added #define LOCAL_SCAN_ABI_VERSION_MAJOR 1 #define LOCAL_SCAN_ABI_VERSION_MINOR 0 to the local_scan.h file. 20. The variables $tls_certificate_verified, $tls_cipher, and $tls_peerdn now exist even when Exim is not compiled with TLS support. 21. If an empty user name was sent by a client for a LOGIN authentication, it was not put into $1; instead, the password ended up in $1 (instead of in $2). 22. When creating a temporary file in the appendfile transport for a per-file delivery not in maildir or mailstore format (that is, in the old Smail format - I wonder if anyone uses this?), Exim was opening the file without O_EXCL, which is a bit unsafe. 23. The output from the ${stat: expansion operator was being formatted using %d which expects an integer; in many (most) systems size_t is off_t, which is actually a long or even a longlong, and in some cases this caused incorrect data to be output. The formatting is now done using %ld, with the values all explicitly cast to (long). 24. Callout caching was failing to cache a negative response to a "random" address check. 25. If a daemon was started with -qsomething and not -bd, and deliver_drop_ privilege was set, and a pid file was specified with -oP, and the pid file did not previously exist, it was created with owner exim instead of owner root. 26. verify=sender was not being allowed in a non-SMTP ACL. 27. Under some error conditions, the socket used for ident calls could be left open. 28. Added acl_smtp_helo, because some people seem to want it. 29. For hosts that match helo_verify_hosts, the error given when a MAIL command is received without HELO or EHLO has been changed from 550 to 503 (which means "bad sequence of commands"). 30. Installed PCRE 4.2. 31. The quota_size_regex option for the appendfile transport was broken in that a terminating zero was omitted from the string that was extracted for the size. If it happened that digits followed in the memory to which it was copied, an incorrect (too large) size was then used. 32. Change 4.14/32 (iv) introduced a bug in the case when the "phrase" part of a rewritten address did *not* contain any special characters. The generated address was mangled. 33. Several items of refactoring from Michael Haardt: . Introduction of "const" in a number of places . Use memcpy() instead of strncpy() in string_cat() . Add HAVE_ICONF to Linux file, for external users (Exim doesn't use it) . Preparation for adding additional types of filter file 34. Changed (incompatibly, but hopefully not so it affects anyone) the appendfile transport in the case when it is called directly as a result of a .forward or a filter file requesting a delivery to a file. Previously, any settings of "file" or "directory" were ignored in this case. Now they are used. The path received from the router is in $address_file (as before) and can therefore be included in the expansion. 35. If a "save" command in a filter specifies a non-absolute path, the value of $home/ is pre-pended. This no longer happens if $home is unset or is an empty string. It is expected that the transport will complete the path (see 34 above). If there is an error before the path is complete, the local part is logged as "save xxxx". 36. If multiple "to file" deliveries are routed to the same transport, no batching ever takes place, whatever the value of batch_max. 37. If an address was redirected to an unqualified local part preceded by a backslash, Exim was qualifying it with the qualify_domain, instead of with the incoming domain. 38. Minor rewording: header lines can be added by MAIL as well as RCPT: the debug line mentioned only RCPT. 39. DESTDIR is the more common variable that ROOT for use when installing software under a different root filing system. The Exim install script now recognizes DESTDIR first; if it is not set, ROOT is used. 40. If DESTDIR is set when installing Exim, it no longer prepends its value to the path of the system aliases file that appears in the default configuration (when a default configuration is installed). If an aliases file is actually created, its name *does* use the prefix. 41. If an item in log_file_path was an empty string, Exim wrote the log to the log directory in the spool directory. Now it takes notice of the setting of LOG_FILE_PATH in Local/Makefile, and uses the first non-empty, non-"syslog" item from that list. If there are none, it uses the ultimate default of the spool directory. 42. If there is a Reply-to: header line, but it is empty, $reply_address now contains the From: address instead of being empty. 43. Added -no-cpp-precomp to CFLAGS in OS/Makefile-Darwin. Without this, the compiler provides a string for __DATE__ that does not conform to the specification in the C standard. The option disables precompiled headers, which should not have any bad effects, as pre-compiled headers are supposedly just a performance enhancement at compile time. 44. Refactoring: as there is now a flag that specifies whether or not a home directory that is passed with an address is already expanded, we no longer need the \N...\N fudge for home directories extracted from the password data. 45. Fixed an infelicity introduced by 4.14/71: The defaulting of the prefix, suffix, and check string stuff in appendfile was happening when no directory was supplied. Now it happens if no directory is supplied AND maildir has not been specified. 46. If expansion of the serverpassword in a spa authenticator or expansion of server_condition in a plaintext authenticator is forced to fail, authentication now fails (previously it gave a temporary error, which is what happens for other expansion failures). This brings these authenticators into line with cram_md5, where expansion of server_secret has always behaved like this. 46. Added new syslog facilities (courtesy Oliver Gorwits): (i) SYSLOG_LOGS_PID and LONG_SYSLOG_LINES in src/EDITME. (ii) syslog_facility and syslog_processname main options. 47. Callout was using only the hosts from the router, ignoring the transport. This has been changed. If (a) the router does not set up hosts (e.g. it's an accept router) or (b) the smtp transport that is routed to has hosts_override set, then the transport's hosts are used for callout checking. 48. When named lists were nested, and an inner list was resolved by a lookup that saved data for, e.g. $domain_data, the data was associated with just the outer list, though both were cached, so if a subsequent test was done for the inner list, there was no domain data. Example: domainlist A = lsearch;/a/b domainlist B = lsearch;/c/d domainlist C = +A : +B A test on +C that matched, followed by a test on +A or +B would provoke this bug. Now the data is saved with both the inner and the outer lists. 49. When the log selector +address_rewrite is turned on, the log lines now show where the rewritten address came from (which header line, envelope field, or an SMTP command). 50. If an integer or fixed point configuration value is too big to fit in a 32-bit int, Exim now writes an error to the panic log and dies. 51. Unknown SMTP commands are now assumed to be ones that need synchronization; this means that a packet that contains more than one of them will cause the connection to be dropped as soon as the first one is encountered. 52. The "control" feature of ACLs was not permitted for the MAIL ACL (an oversight). It now is allowed. 53. Added the "discard" verb to ACLs. 54. Fixed a theoretical bug observed by reading the code: if local_scan() changed the number of recipients, output from the received_recipients log selector would be incorrect. 55. Added HAVE_ICONV to the os.h files for Linux, Solaris, HP-UX. This is for use in the forthcoming Sieve addition to Exim. 56. The behaviour of -t in the presence of Resent- headers has been changed, for compability with Sendmail and other MTAs. Previously, Exim gave an error, because it is not clear from RFC 2822 how this might be handled. It turns out that MUAs don't seem to follow what RFC 2822 says, and any MUA that uses -t with Resent- ensures that there is only one set of Resent- header lines (usually by renaming others to X-Resent-xxx). So now Exim will take recipients from all the Resent- header lines instead of the usual ones. ****