X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5cd1d1356732d96d49a1f7c682d1b8a33b2576f9..1ddb1855402d48ad735e46abaf0d662e45600ecd:/test/runtest

diff --git a/test/runtest b/test/runtest
index 6050411ed..ede05bea8 100755
--- a/test/runtest
+++ b/test/runtest
@@ -408,7 +408,7 @@ RESET_AFTER_EXTRA_LINE_READ:
   #s/Exim \K\d+[._]\d+[\w_-]*/x.yz/i;
 
   # Replace Exim message ids by a unique series
-  s/((?:[^\W_]{6}-){2}[^\W_]{2})
+  s/(\d[^\W_]{5}-[^\W_]{6}-[^\W_]{2})
     /new_value($1, "10Hm%s-0005vi-00", \$next_msgid)/egx;
 
   # The names of lock files appear in some error and debug messages
@@ -599,11 +599,13 @@ RESET_AFTER_EXTRA_LINE_READ:
   # LibreSSL
   # TLSv1:AES256-GCM-SHA384:256
   # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256
+  # TLS1.3:AEAD-AES256-GCM-SHA384:256
   #
   # ECDHE-RSA-CHACHA20-POLY1305
   # AES256-GCM-SHA384
 
   s/(?<!-)(AES256-GCM-SHA384)/RSA-$1/;
+  s/AEAD-(AES256-GCM-SHA384)/RSA-$1/g;
   s/(?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305)(?!:)/ke-$3-AES256-SHAnnn/g;
   s/(?<!ke-)((EC)?DHE-)?(RSA|ECDSA)-(AES256|CHACHA20)-(GCM-SHA384|POLY1305):256/ke-$3-AES256-SHAnnn:xxx/g;
 
@@ -906,6 +908,9 @@ RESET_AFTER_EXTRA_LINE_READ:
   s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
   next if /SSL verify error: depth=0 error=certificate not trusted/;
 
+  # OpenSSL 3.0.0
+  s/TLS error \(D-H param setting .* error:\K.*dh key too small/xxxxxxxx:SSL routines::dh key too small/;
+
   # ======== Maildir things ========
   # timestamp output in maildir processing
   s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g;
@@ -1007,7 +1012,8 @@ RESET_AFTER_EXTRA_LINE_READ:
     s/conversion: german.xn--strae-oqa.de/conversion: german.straße.de/;
 
     # subsecond timstamp info in reported header-files
-    s/^(-received_time_usec \.)\d{6}$/$1uuuuuu/;
+    s/^-received_time_usec \.\K\d{6}$/uuuuuu/;
+    s/^-received_time_complete \K\d+\.\d{6}$/tttt.uuuuuu/;
 
     # Postgres server takes varible time to shut down; lives in various places
     s/^waiting for server to shut down\.+ done$/waiting for server to shut down.... done/;
@@ -1019,6 +1025,9 @@ RESET_AFTER_EXTRA_LINE_READ:
     # ARC is not always supported by the build
     next if /^arc_sign =/;
 
+    # LIMITS is not always supported by the build
+    next if /^limits_advertise_hosts =/;
+
     # TLS resumption is not always supported by the build
     next if /^tls_resumption_hosts =/;
     next if /^-tls_resumption/;
@@ -1090,11 +1099,16 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /^GnuTLS<2>: added \d+ protocols, \d+ ciphersuites, \d+ sig algos and \d+ groups into priority list$/;
     next if /^GnuTLS<2>: (Disabling X.509 extensions|signing structure using RSA-SHA256)/;
     next if /^GnuTLS.*(wrap_nettle_mpi_print|gnutls_subject_alt_names_get|get_alt_name)/;
+    next if /^GnuTLS<[23]>: (p11|ASSERT: pkcs11.c|Initializing needed PKCS #11 modules)/;
+    next if /^GnuTLS<2>: Intel (AES|GCM) accelerator was detected/;
+    next if /^Added \d{3} certificate authorities/;
+    next if /^TLS: not preloading CRL for server/;
 
     # only kevent platforms (FreeBSD, OpenBSD) say this
     next if /^watch dir/;
     next if /^watch file .*\/usr\/local/;
     next if /^watch file .*\/etc\/ssl/;
+    next if /^closing watch fd:/;
 
     # TLS preload
     # there happen in different orders for OpenSSL/GnuTLS/noTLS
@@ -1103,28 +1117,28 @@ RESET_AFTER_EXTRA_LINE_READ:
     next if /^TLS: not preloading server certs$/;
 
     # drop lookups
-    next if /^Lookups \(built-in\):/;
-    next if /^Loading lookup modules from/;
-    next if /^Loaded \d+ lookup modules/;
-    next if /^Total \d+ lookups/;
+    next if /^(?:\d\d:\d\d:\d\d\ \d+\ )?(?: Lookups\ \(built-in\):
+					| Loading\ lookup\ modules\ from
+					| Loaded\ \d+\ lookup\ modules
+					| Total\ \d+\ lookups)/x;
 
     # drop compiler information
-    next if /^Compiler:/;
+    next if /^(?:\d\d:\d\d:\d\d \d+ )?Compiler:/;
 
     # and the ugly bit
     # different libraries will have different numbers (possibly 0) of follow-up
     # lines, indenting with more data
-    if (/^Library version:/) {
+    if (/^(?:\d\d:\d\d:\d\d \d+ )?Library version:/) {
       while (1) {
 	$_ = <IN>;
-	next if /^\s/;
+	next if /^(?:\d\d:\d\d:\d\d \d+ )?\s/;
 	goto RESET_AFTER_EXTRA_LINE_READ;
       }
     }
 
     # drop other build-time controls emitted for debugging
-    next if /^WHITELIST_D_MACROS:/;
-    next if /^TRUSTED_CONFIG_LIST:/;
+    next if /^(?:\d\d:\d\d:\d\d \d+ )?WHITELIST_D_MACROS:/;
+    next if /^(?:\d\d:\d\d:\d\d \d+ )?TRUSTED_CONFIG_LIST:/;
 
     # As of Exim 4.74, we log when a setgid fails; because we invoke Exim
     # with -be, privileges will have been dropped, so this will always
@@ -1170,14 +1184,16 @@ RESET_AFTER_EXTRA_LINE_READ:
       next;
       }
 
-    # Non-TLS bulds have a different Recieved: header expansion
-    s/^((.*)\t}}}}by \$primary_hostname \$\{if def:received_protocol \{with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/;
-    s/^((\s*).*considering: with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/;
-    if (/condition: def:tls_in_cipher_std$/)
+    # Non-TLS builds have a different default Recieved: header expansion
+    s/^((.*)\t}}}}by \$primary_hostname \$\{if def:received_protocol \{with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_ver        { (\$tls_in_ver)}}\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/;
+    s/^((\s*).*considering: with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_ver        { (\$tls_in_ver)}}\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/;
+    if (/condition: def:tls_in_ver$/)
       {
       $_= <IN>; $_= <IN>; $_= <IN>; $_= <IN>;
       $_= <IN>; $_= <IN>; $_= <IN>; $_= <IN>;
-      $_= <IN>; $_= <IN>; $_= <IN>; next;
+      $_= <IN>; $_= <IN>; $_= <IN>; $_= <IN>;
+      $_= <IN>; $_= <IN>; $_= <IN>; $_= <IN>;
+      $_= <IN>; $_= <IN>; $_= <IN>; $_= <IN>; $_= <IN>; next;
       }
 
 
@@ -1269,6 +1285,9 @@ RESET_AFTER_EXTRA_LINE_READ:
       $_ = $line . $_;
       }
 
+    # Different builds will have different lookup types included
+    s/^search_type \K\d+ \((\w+)\) quoting -1 \(none\)$/NN ($1) quoting -1 (none)/;
+
     # DISABLE_OCSP
     next if /in hosts_requ(est|ire)_ocsp\? (no|yes)/;
 
@@ -1284,6 +1303,9 @@ RESET_AFTER_EXTRA_LINE_READ:
     # Experimental_REQUIRETLS
     next if / in tls_advertise_requiretls?\? no \(end of list\)/;
 
+    # Experimental_LIMITS
+    next if / in limits_advertise_hosts?\? no \(matched "!\*"\)/;
+
     # TCP Fast Open
     next if /^(ppppp )?setsockopt FASTOPEN: Network Error/;
 
@@ -1386,8 +1408,13 @@ RESET_AFTER_EXTRA_LINE_READ:
     s/^errno = \d+$/errno = EEE/;
     s/^writing error \d+: /writing error EEE: /;
 
-    # Some platforms have to flip to slow-mode taint-checking
-    next if /switching to slow-mode taint checking/;
+    # Time-only, in debug output
+    # we have to handle double lines from the DBOPEN, hence placed down here and /mg
+    s/^\d\d:\d\d:\d\d\s/01:01:01 /mg;
+
+    # pid in debug lines
+    s/^(\d\d:\d\d:\d\d)(\s\d+\s)/"$1 " . new_value($2, "%s", \$next_pid) . " "/mgxe;
+    s/(?<!post-)[Pp]rocess\K(\s\d+ )/new_value($1, "%s", \$next_pid) . " "/gxe;
 
     # When Exim is checking the size of directories for maildir, it uses
     # the check_dir_size() function to scan directories. Of course, the order
@@ -1414,20 +1441,23 @@ RESET_AFTER_EXTRA_LINE_READ:
       # because they will be different in different binaries.
 
       print MUNGED
-        unless (/^Berkeley DB: / ||
-                /^Probably (?:Berkeley DB|ndbm|GDBM)/ ||
-                /^Authenticators:/ ||
-                /^Lookups:/ ||
-                /^Support for:/ ||
-                /^Routers:/ ||
-                /^Transports:/ ||
-                /^Malware:/ ||
-                /^log selectors =/ ||
-                /^cwd=/ ||
-                /^Fixed never_users:/ ||
-		/^Configure owner:/ ||
-                /^Size of off_t:/
-                );
+        unless (/^(?:\d\d:\d\d:\d\d\ \d+\ )?
+		  (?: Berkeley\ DB:\s
+		    | Probably\ (?:Berkeley\ DB|ndbm|GDBM)
+		    | Authenticators:
+		    | Lookups(?:\(built-in\))?:
+		    | Support\ for:
+		    | Routers:
+		    | Transports:
+		    | Malware:
+		    | log\ selectors\ =
+		    | cwd=
+		    | Fixed\ never_users
+		    | Configure\ owner
+		    | Size\ of\ off_t:
+		  )
+		/x
+               );
 
 
       }
@@ -1496,6 +1526,8 @@ RESET_AFTER_EXTRA_LINE_READ:
     s/session: \K\((SSL_connect|gnutls_handshake)\): timed out/(tls lib connect fn): timed out/;
     s/TLS error on connection from .*\K\((SSL_accept|gnutls_handshake)\): timed out/(tls lib accept fn): timed out/;
     s/TLS error on connection from .*\K(SSL_accept: TCP connection closed by peer|\(gnutls_handshake\): The TLS connection was non-properly terminated.)/(tls lib accept fn): TCP connection closed by peer/;
+    s/TLS session: \K\(gnutls_handshake\): No supported application protocol could be negotiated/(SSL_connect): error: <<detail omitted>>/;
+    s/\(gnutls_handshake\): No common application protocol could be negotiated./(SSL_accept): error: <<detail omitted>>/;
     }
 
   # ======== mail ========
@@ -1899,7 +1931,8 @@ $munges =
 
     'debuglog_stdout' =>
     { 'stdout' => 's/^\d\d:\d\d:\d\d\s+\d+ //;
-                  s/Process \d+ is ready for new message/Process pppp is ready for new message/'
+                  s/Process \d+ is ready for new message/Process pppp is ready for new message/;
+		  s/^(?:daemon-accept forked for daemon-accept-delivery:|forked delivery process) \K\d+$/pppp/;'
     },
 
     'timeout_errno' =>		# actual errno differs Solaris vs. Linux