1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
[
{ type: install
message: <<EOM
All installations having Exim set-uid root and using 'perl_startup' are
vulnerable to a local privilege escalation. Any user who can start an
instance of Exim (and this is normally *any* user) can gain root
privileges. If you do not use 'perl_startup' you *should* be safe.
New options
-----------
We had to introduce two new configuration options:
keep_environment =
add_environment =
Both options are empty per default. That is, Exim cleans the complete
environment on startup. This affects Exim itself and any subprocesses,
as transports, that may call other programs via some alias mechanisms,
as routers (queryprogram), lookups, and so on. This may affect used
libraries (e.g. LDAP).
** THIS MAY BREAK your existing installation **
New behaviour
-------------
Now Exim changes it's working directory to / right after startup,
even before reading it's configuration. (Later Exim changes it's working
directory to $spool_directory, as usual.)
Exim only accepts an absolute configuration file path now, when using
the -C option.
EOM
}
{ type: upgrade
maximum_version: 4.80
message: <<EOM
Upgrades to Exim 4.80
=====================
Exim 4.80 contains some backward-incompatible changes.
OpenSSL default options have changed to be more secure, including
disabling of SSLv2 by default (and adding support for TLSv1.1 and
TLSv1.2 if using OpenSSL 1.0.1 or newer); GnuTLS has been updated to use
a new API and stop honouring some options starting gnutls_*; users of
LDAP can now distinguish "comma in data" from "multi-valued attribute".
There are more details, covering more changes, in README.UPDATING.
We now enable accept_8bitmime by default, as the Exim maintainers agree
with Dan Bernstein about the best way to deal with the 8BITMIME
extension.
EOM
}
]
|