Version 3.30
------------

1. Check for string shorter than 2 chars for the second argument of crypteq,
and force failure. Otherwise, with an empty string, it gives a false positive.

2. If ignore_target_hosts caused all hosts found from MX records to be
discarded, and there was more than one of them, Exim crashed.

3. If there were several ignored hosts, the name of the first one was always
output in the debug output.

4. If a local message was terminated by a line containing just "." while
reading the header (unlikely except in test situations) it could cause Exim to
crash, or to add some random data to the message's body.

5. Modified the system-dependent files for NetBSD to make it work on systems
that use ELF binary format as well as those that use a.out.

6. The code in the libident library was stopping reading after reaching a CR.
This left the LF which should follow the CR unread - causing trouble to some
people. Exim now swallows the LF.

7. When the (esoteric) CONFIGURE_FILE_USE_NODE option was in use, the version
of exicyclog that was built did not read the correct configuration file. The
same applied to exinext, exiwhat, and eximon.

8. Added -oMas and -oMai to set authenticated_sender and authenticated_id, if
the caller is trusted.

9. If a queue listing option (-bp, etc) is called by a non-admin user, and
queue_list_require_admin is true, Exim now gives "permission denied" instead of
just listing the messages submitted by the caller.

10. If syslog_timestamp is set FALSE, the timestamps on Exim's log lines are
omitted when these lines are sent to syslog.

11. The actions for one_time are disabled for the first pass when delivering a
message in a -qq queue run.

12. Setting log_sender_on_delivery causes Exim to add an F=<sender> item to
delivery and bounce log lines (F is for "envelope from" - the same letter as is
used in rewriting rules).

13. When processing an "extract" expansion item, Exim was expanding both the
"yes" and the "no" strings fully, when it should have been skipping lookups
etc. in the one that it did not want. There was a similar problem when
processing ${tr} and ${sg} in "unwanted" substrings.

14. Found another place where databases might not be tidied up on the way out
of Exim (see 3.20/3 below).

15. Exim uses the O_NONBLOCK option for the pipes it uses to retrieve results
from remote parallel deliveries, but if the OS doesn't have O_NONBLOCK, it uses
O_NDELAY instead. At least, it is supposed to. There was a typo causing
compilation failure on systems without O_NONBLOCK (clearly very few!).

16. If "=" was missing after an option name, the error was 'unexpected "x"'
instead of 'missing "="'.

17. When reading addresses for the -t option, if an address contained a newline
because of folding of the header line, a malformed address was read, leading to
a malformed spool file.

18. If forbid_filter_lookup was set for a forwardfile director, this didn't
stop lookups inside a file that was expanded in the autoreply transport as a
result of a "mail expand file /foo/bar" command in the filter. Ditto for
forbid_existstest and forbid_perl.

19. Fixed a programming infelicity in the interpretation of file type bits in
appendfile and tls modules.

20. Added ignore_target_hosts = 127.0.0.0/8 to the default configuration.

21. Added alarm(0) just before re-exec of the daemon; there was a small window
before the new daemon re-established the signal handler (yes, somebody did hit
this).

22. If a message with an address that resolved to :blackhole: had several
delivery attempts (because other addresses deferred), a log entry for
:blackhole: was written for each delivery attempt, instead of just the first.

23. Appendfile uses a temporary file when doing MBX delivery; change from using
tmpnam() to using tmpfile() because of worries over the security of tmpnam().

24. Added system configuration files in the OS directory for Darwin (Mac OS X).

25. If a write error occurred when updating the -H file, an incorrect error
message could be output (errno not preserved). This has been fixed, and more
detail is now included in the message.

26. Add "could be header name not terminated by colon" to another case of
expansion string syntax failure when a non-existent header name contains }.

27. The "freeze" or "fail" message in a system filter can become very large if
long header lines are included: truncate it if it's over 1000 characters long.
Also ensure that it contains only printing characters (by escaping if
necessary) so as not to mess up the log.

28. Address rewriting was inadvertantly lower-casing local parts so that if
they were used via numerical variables in the replacement string, the wrong
case appeared. Matching addresses in rewriting rules is now done casefully, but
with the domain in the incoming address forced to lower case (exactly as for an
address list after a +caseful item, and as documented).

29. The checking of From: headers against a local login was happening after the
headers had been rewritten; if logins were being rewritten to other names, this
meant that Sender: headers were being added unnecessarily, often containing the
same rewritten address as From: (which is what you are supposed not to do). As
part of this fix, if Exim creates a From: header from an envelope sender, it
does so with the unrewritten value.

30. If stdin was a socket, Exim was assuming it was an INET socket, implying a
call from inetd. This caused problems if a UNIX domain socket was used. Exim
now checks.

31. The expansion operator "md5" computes the MD5 hash of its argument.

32. If quota and quota_warn_threshold in appendfile were set big enough (e.g.
50M and 41%) there was a integer overflow during the calculation.

33. If an "unseen" director or router had an errors_to setting, it was
erroneously passed on to the subsequent "seen" drivers for the address.

34. Fixed small security exposure caused by what is essentially typo. If an
SMTP error message generated during batch SMTP input contained quoted external
material (e.g. a bad header line), the inclusion of formatting characters (e.g.
%s) in the quoted material could cause all sorts of problems.

35. If -Mrm was used on a non-existent message id, it still logged "removed by
<user>". Now it writes this line only if it finds at least one file to remove.

36. Modified base make file so that setting STRIP_COMMAND causes all the
binaries to be stripped.

37. Modified scripts/exim_install to change the code for installing the texinfo
documentation (as requested by FreeBSD maintainer).

38. Give error if address on a command line is longer than 512 bytes (RFC 2821
limits local parts to 64 and domains to 255 - allow extra for escapes, the "@"
and so on.) Previously Exim crashed if an address was longer than 1024.

****