summaryrefslogtreecommitdiff
path: root/src/README.UPDATING
Commit message (Collapse)AuthorAgeFilesLines
* Start documenting the things we changed incompatibly.Phil Pennock2021-05-271-0/+18
| | | | | (cherry picked from commit 8dad4da53bad2ed3b29fa6a3b9ef59bfec73dc0e) (cherry picked from commit 125f0d4afbc858cf514c29326a3016c2d9d7bdc1)
* Docs: fix mistaken variable namePatrick Boutilier2020-06-021-2/+2
|
* Docs: another mention of $local_part_verifiedAndreas Metzler2020-05-161-1/+1
| | | | Broken-by: d8024efa36
* Incompatibility warningJeremy Harris2020-02-031-1/+6
|
* Warn updating folks to use $local_part_verifiedPhil Pennock2020-01-111-0/+12
| | | | | This tainting change to appendfile seems likely to cause pain, breaking previously working configurations. Note it in README.UPDATING.
* Update README.UPDATING to reflect the major changes for 4.93exim-4.93Heiko Schlittermann (HS12-RIPE)2019-12-081-0/+31
|
* spelling fixesklemens2018-12-201-3/+3
|
* Restore rsmapd supportJeremy Harris2018-06-271-2/+0
| | | | | Following discussions on the exim-user mailinglist it seems that the conclusion that the interface was nonfunctioning was unwarranted.
* Revert "Support Rspamd. Patch from Andrew Lewis, lightly editorialised"Jeremy Harris2018-06-261-0/+2
| | | | This reverts commit c5f280e20a8e3ecd5f016b8fb34a436588915ed2.
* Follow CNAME chains only one step. Bug 2264Jeremy Harris2018-06-071-0/+8
|
* Belated README.UPDATING notes for Exim 4.91Phil Pennock2018-04-161-0/+21
| | | | | | | | | | | People skip versions and move past them later, so while it's too late for 4.91, this will still help people moving to 4.92 from pre-4.91 in future. Note that none of these strictly needed to be documented here: experimental features, features marked as deprecated for many many years, etc. But let's err on the side of caution and include "things which will break if you try to upgrade without changing Local/Makefile".
* Fix broken-in-queue messages predating CHUNKING fixPhil Pennock2017-02-141-0/+9
| | | | | | | | | | | | | | util/chunking_fixqueue_finalnewlines.pl walks the queue, fixing any affected messages; see README.UPDATING. We're extremely cautious about operation failure. We do one check without locking messages, so that we can quickly skip past before trying to lock and contending with an actual delivery. Then we lock and do another fix. Note that we use flock, not fcntl, because that's what Perl makes readily available; we use an OS-guard to barf if the OS is not handled.
* Mention FreeBSD/iconv in README.UPDATINGPhil Pennock2017-02-111-0/+3
|
* 214 spelling fixesJosh Soref2017-01-181-1/+1
|
* wip: OpenSSL docs on custom installPhil Pennock2017-01-021-0/+10
| | | | | To fix before merge: ability to use `$ORIGIN` in linker line via Exim config file.
* Update README.UPDATING; fix typos in ChangeLog/NewStuffPhil Pennock2016-10-231-0/+11
|
* Initial set of warnings for the upcoming releaseJeremy Harris2014-06-061-0/+15
|
* Bug 1400: Fix GnuTLS PKCS11 issuesTodd Lyons2013-10-221-1/+1
| | | | | | Can disable PKCS11 in Makefile with AVOID_GNUTLS_PKCS11 build flag. Rename gnutls_enable_pkcs11 option to gnutls_allow_auto_pkcs11. Update Changelog
* Documentation for multiple TCP clamd serversTodd Lyons2013-10-091-0/+3
|
* GnuTLS website movesPhil Pennock2013-09-011-1/+1
|
* 4.81 to 4.82Phil Pennock2012-10-261-1/+1
| | | | Avoiding confusion of 4.80.1 vs 4.81, we went with skipping to 4.82 instead.
* Minor doc nits re bug 1262.Phil Pennock2012-09-111-0/+5
| | | | | | | Update src comment to be clearer about why it's safe for "state of this transport" to affect other deliveries. Mention change in externally observable state in README.UPDATING. Reference bugzilla entry in ChangeLog. Update Paul's credit in ACKNOWLEDGMENTS.
* Add gnutls_enable_pkcs11 option.Phil Pennock2012-06-241-0/+7
| | | | | | | | | | | | | | | | GnuTLS 2.12.0 adds PKCS11 support using p11-kit and by default will autoload modules, which interoperates badly with GNOME keyring integration, configured via paths in environment variables, and Exim invoked by the user (eg, mailq) will then try to load the modules, fail and spew warnings from the module for a library loaded by a library. http://www.gnu.org/software/gnutls/manual/gnutls.html#Smart-cards-and-HSMs documents that to prevent this, explicitly init PKCS11 before calling gnutls_global_init(). So we do so, unless the admin sets the new option. Reported by Andreas Metzler, who confirmed that the added calls fixed the problem for him.
* Merge openssl_disable_ssl2 branchexim-4_80_RC7Phil Pennock2012-05-281-2/+9
|\
| * Disable SSLv2 by default.Phil Pennock2012-05-061-2/+9
| |
* | For DH, use standard primes from RFCsPhil Pennock2012-05-271-0/+15
| |
* | README.UPDATING: emphasise more the LDAP issuePhil Pennock2012-05-221-0/+7
| |
* | Added tls_dh_max_bits & check tls_require_ciphers early.Phil Pennock2012-05-201-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Janne Snabb tracked down the GnuTLS 2.12 vs NSS (Thunderbird) interop problems to a hard-coded limit of 2236 bits for DH in NSS while GnuTLS was suggesting 2432 bits as normal. Added new global option tls_dh_max_bits to clamp all DH values (client or server); unexpanded integer. Default value to 2236. Apply to both GnuTLS and OpenSSL (which requires tls_dh_params for this). Tired of debugging "SMTP fails TLS" error messages in mailing-lists caused by OpenSSL library/include clashes, and of finding out I typo'd in tls_require_ciphers only at the STARTTLS handshake. During readconf, fork/drop-privs/initialise-TLS-library. In that, if tls_require_ciphers is set, then validate it. The validation child will panic if it can't initialise or if tls_require_ciphers can't be parsed, else it exits 0. If the child exits anything other than 0, the main Exim process will exit.
* | Torture the English language slightly lessexim-4_80_RC2Phil Pennock2012-05-181-5/+7
| |
* | gnutls_require_protocols comment on 4.77 notes.Phil Pennock2012-05-171-0/+3
| |
* | Handle absent tls_require_ciphers correctly.Phil Pennock2012-05-171-1/+9
| | | | | | | | | | | | Fix test-suite certs to not use MD5. Document that we do not support MD5 certs any longer. Make test-suite generate probably-correct gnutls-params filename for us.
* | Overhaul of GnuTLS code.Phil Pennock2012-05-161-0/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GnuTLS code re-done, using cut&paste for preservation where appropriate. Stop using deprecated APIs. Stop hard-coding lists of ciphers. Use gnutls_priority_init() instead. Turns tls_require_ciphers into a string in the GnuTLS case, not just OpenSSL case. Deprecate three gnutls_require_* options; now ignored but not errors. (No warnings yet). Added TLS SNI support. Made the channel binding integration theoretically actually work. I had it guarded by an #ifdef but the value used was an enum instead. Oops. Fixed. New code much more amenable to future work permitting TLS in callouts. DH param sizes now chosen by GnuTLS maintainers, we use "normal"; that's suddenly a lot more bits, so the saved filename was changed too. (GNUTLS_SEC_PARAM_NORMAL). DH param setup only done for servers now, since clients don't need/use it. GnuTLS a lot more robust to library negotiation using stuff we don't support, error-ing out quickly for other authentication systems (PGP, etc). Renamed pseudo_random_number() to vaguely_random_number() which makes the nature clearer. GnuTLS now provides a vaguely_random_number() implementation, to match OpenSSL. Pull in <inttypes.h> to make the recent arithmetic changes compile on MacOS. Nuke test 2011 which related to the gnutls_require_* options now non-functional.
* | Default accept_8bitmime to true.Phil Pennock2012-05-071-0/+8
|/ | | | | | | Some discussion at http://bugs.exim.org/show_bug.cgi?id=817 Refer readers to Dan Bernstein's analysis of the issues. Consensus seen from maintainers is that DJB is right on this point.
* OpenSSL fixes and backwards compat break.Phil Pennock2012-05-031-0/+16
| | | | | | Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b. Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.
* Change notes for bug 660.Jeremy Harris2012-05-011-0/+5
|
* TLS fixes for OpenSSL.Phil Pennock2012-04-281-0/+9
| | | | | | | | Support TLS 1.1 & 1.2 New "openssl_options" values (all now documented). Set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after TLS renegotiation, which otherwise led to messages "Got SSL error 2".
* describe spool file changes for -tls_peerdnPhil Pennock2012-04-281-0/+14
|
* Make README.UPDATING more explicit, with more examples, about the impact of ↵Phil Pennock2011-10-081-2/+15
| | | | the match_<type> changes
* Merge branch 'list_safety'Phil Pennock2011-10-031-0/+7
|\ | | | | | | (gnutls fixes had updated some text docs)
| * Document match_*/inlist changes (before coding starts)Phil Pennock2011-09-241-0/+11
| |
* | TLS1.2 and TLS1.1 support with GnuTLSPhil Pennock2011-09-241-0/+10
|/
* Remove obsolete $Cambridge$ CVS revision strings.Tony Finch2011-06-291-2/+0
| | | | | I have also de-CVSed the ABOUT files and cleaned up a few introductory comments.
* Typo fixes from Andreas Metzler.Phil Pennock2011-05-071-1/+1
| | | | fixes bug 1111
* Compatibility fixes for dynlookup makefile builder.Phil Pennock2011-01-241-4/+11
| | | | | | | | | | Don't abort if CFLAGS_DYNAMIC not defined. Oops! Attempt to get a POSIX environment on Solaris. Document POSIXy assumptions going forward. Problems reported by: Dennis Davis
* IncompatibleChanges out, README.UPDATING updated.Phil Pennock2011-01-211-0/+46
| | | | | | | | | | I forgot about README.UPDATING and introduced a new txt file with the 4.73 release, noting incompatible changes. Because these weren't documented in the normal place, some people missed them. Mea culpa. Integrated the notes from IncompatibleChanges into README.UPDATING. Added a note on the ABI of the dynlookups.
* Brush up README.UPDATINGTom Kistner2009-10-161-1/+12
|
* Note about ratelimit resets.Philip Hazel2007-06-201-1/+9
|
* Note about GnuTLS incompatibility for updates from 4.50 and earlier.Philip Hazel2006-10-231-1/+15
|
* Add comment about {} now being an error in numerical expansionPhilip Hazel2006-09-261-1/+8
| | | | comparisons. The bug that caused it to be treated as {0} has been fixed.
* Change callout EHLO/HELO from smtp_active_hostname to the helo_dataPhilip Hazel2006-09-251-1/+15
| | | | setting from the transport, when there is one.
View Lorry Controller Status