X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/87193ab87011f7c61fd9164e2a09913a55944340..ae0a8c3a7e15ddec563e2eaef130d96bb3f7b2a8:/test/runtest diff --git a/test/runtest b/test/runtest index 0b236bca1..84cf4df4f 100755 --- a/test/runtest +++ b/test/runtest @@ -33,7 +33,7 @@ use File::Copy; use lib "$RealBin/lib"; use Exim::Runtest; -use Exim::Utils qw(uniq numerically); +use Exim::Utils qw(uniq numerically cp); use if $ENV{DEBUG} && scalar($ENV{DEBUG} =~ /\bruntest\b/) => 'Smart::Comments' => '####'; use if $ENV{DEBUG} && scalar($ENV{DEBUG} =~ /\bruntest\b/) => 'Data::Dumper'; @@ -342,7 +342,7 @@ return @yield; # into the same standard values throughout the data from a single test. # Message ids get this treatment (can't be made reliable for times), and # times in dumped retry databases are also handled in a special way, as are -# incoming port numbers. +# incoming port numbers and PIDs. # On entry to the subroutine, the file to write to is already opened with the # name MUNGED. The input file name is the only argument to the subroutine. @@ -369,6 +369,10 @@ my($is_mail) = $file =~ /mail/; $date = "\\d{2}-\\w{3}-\\d{4}\\s\\d{2}:\\d{2}:\\d{2}"; +# Debug time & pid + +$time_pid = "(?:\\d{2}:\\d{2}:\\d{2}\\s+\\d+\\s)"; + # Pattern for matching pids at start of stderr lines; initially something # that won't match. @@ -408,7 +412,7 @@ RESET_AFTER_EXTRA_LINE_READ: #s/Exim \K\d+[._]\d+[\w_-]*/x.yz/i; # Replace Exim message ids by a unique series - s/((?:[^\W_]{6}-){2}[^\W_]{2}) + s/(\d[^\W_]{5}-[^\W_]{6}-[^\W_]{2}) /new_value($1, "10Hm%s-0005vi-00", \$next_msgid)/egx; # The names of lock files appear in some error and debug messages @@ -428,6 +432,8 @@ RESET_AFTER_EXTRA_LINE_READ: # There are differences in error messages between OpenSSL versions s/SSL_CTX_set_cipher_list/SSL_connect/; + s/error=\Kauthority and subject key identifier mismatch/self signed certificate/; + s/error=\Kself-signed certificate/self signed certificate/; # One error test in expansions mentions base 62 or 36 s/is not a base (36|62) number/is not a base 36\/62 number/; @@ -501,7 +507,7 @@ RESET_AFTER_EXTRA_LINE_READ: # Date/time in logs and in one instance of a filter test s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d(\s[+-]\d\d\d\d)?\s/1999-03-02 09:44:33 /gx; - s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}(\s[+-]\d\d\d\d)?\s/2017-07-30 18:51:05.712 /gx; + s/^\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\.\d{3}(?:\s(?:[+-]\d\d\d\d|[A-Z]{2}T))?\s/2017-07-30 18:51:05.712 /gx; s/^Logwrite\s"\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d/Logwrite "1999-03-02 09:44:33/gx; # Date/time in syslog test s/^SYSLOG:\s\'\K\d{4}-\d\d-\d\d\s\d\d:\d\d:\d\d\s/2017-07-30 18:51:05 /gx; @@ -599,11 +605,13 @@ RESET_AFTER_EXTRA_LINE_READ: # LibreSSL # TLSv1:AES256-GCM-SHA384:256 # TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256 + # TLS1.3:AEAD-AES256-GCM-SHA384:256 # # ECDHE-RSA-CHACHA20-POLY1305 # AES256-GCM-SHA384 s/(?opened and my $port = $dynamic_socket->sockport) { s/^Connecting to 127\.0\.0\.1 port \K$port//; @@ -900,12 +908,21 @@ RESET_AFTER_EXTRA_LINE_READ: # numbers, or handle specific bad conditions in different ways, leading to # different wording in the error messages, so we cannot compare them. -#XXX This loses any trailing "deliving unencypted to" which is unfortunate +#XXX This loses any trailing "delivering unencypted to" which is unfortunate # but I can't work out how to deal with that. s/(TLS session: \(SSL_\w+\): error:)(.*)(?!: delivering)/$1 <>/; + s/TLS error on connection from .*\K\(SSL_accept\): error:.*:unexpected eof while reading$/(tls lib accept fn): TCP connection closed by peer/; s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <>/; next if /SSL verify error: depth=0 error=certificate not trusted/; + # OpenSSL 3.0.0 + s/TLS error \(D-H param setting .* error:\K.*dh key too small/xxxxxxxx:SSL routines::dh key too small/; + + # OpenSSL 1.1.1 + s/error:\K0B080074:x509 certificate routines:X509_check_private_key(?=:key values mismatch$)/05800074:x509 certificate routines:/; + s/error:\K02001002:system library:fopen(?=:No such file or directory$)/80000002:system library:/; + s/error:\K0909006C:PEM routines:get_name(?=:no start line$)/0480006C:PEM routines:/; + # ======== Maildir things ======== # timestamp output in maildir processing s/(timestamp=|\(timestamp_only\): )\d+/$1ddddddd/g; @@ -955,6 +972,9 @@ RESET_AFTER_EXTRA_LINE_READ: # MIME boundaries in RFC3461 DSN messages s/\d{8,10}-eximdsn-\d+/NNNNNNNNNN-eximdsn-MMMMMMMMMM/; + # Cyrus SASL library version differences (rejectlog) + s/Cyrus SASL permanent failure: \Kuser not found$/generic failure/; + # ========================================================== # Some munging is specific to the specific file types @@ -996,8 +1016,10 @@ RESET_AFTER_EXTRA_LINE_READ: next if /SSL verify error: depth=0 error=certificate not trusted/; s/SSL3_READ_BYTES/ssl3_read_bytes/i; s/CONNECT_CR_FINISHED/ssl3_read_bytes/i; - s/^\d+:error:\d+(?:E\d+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/; - s/^error:[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/error:dddddddd:$1/; + s/^[[:xdigit:]]+:error:[[:xdigit:]]+(?:E[[:xdigit:]]+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/; + s/^error:\K[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/dddddddd:$1/; + s/^error:\K[[:xdigit:]]+:SSL routines::(tlsv13 alert certificate required)$/dddddddd:SSL routines:ssl3_read_bytes:$1/; + s/^error:\K[[:xdigit:]]+:SSL routines::((tlsv1|sslv3) alert (unknown ca|certificate revoked))$/dddddddd:SSL routines:ssl3_read_bytes:$1/; # gnutls version variances next if /^Error in the pull function./; @@ -1007,7 +1029,8 @@ RESET_AFTER_EXTRA_LINE_READ: s/conversion: german.xn--strae-oqa.de/conversion: german.straße.de/; # subsecond timstamp info in reported header-files - s/^(-received_time_usec \.)\d{6}$/$1uuuuuu/; + s/^-received_time_usec \.\K\d{6}$/uuuuuu/; + s/^-received_time_complete \K\d+\.\d{6}$/tttt.uuuuuu/; # Postgres server takes varible time to shut down; lives in various places s/^waiting for server to shut down\.+ done$/waiting for server to shut down.... done/; @@ -1019,9 +1042,13 @@ RESET_AFTER_EXTRA_LINE_READ: # ARC is not always supported by the build next if /^arc_sign =/; + # LIMITS is not always supported by the build + next if /^limits_advertise_hosts =/; + # TLS resumption is not always supported by the build next if /^tls_resumption_hosts =/; next if /^-tls_resumption/; + next if /^host_name_extract = /; # gsasl library version may not support some methods s/250-AUTH ANONYMOUS PLAIN SCRAM-SHA-1\K SCRAM-SHA-256//; @@ -1032,14 +1059,33 @@ RESET_AFTER_EXTRA_LINE_READ: elsif ($is_stderr) { # The very first line of debugging output will vary - s/^Exim version .*/Exim version x.yz ..../; - # Debugging lines for Exim terminations and process-generation + # Skip some lines that Exim puts out at the start of debugging output + # because they will be different in different binaries. + + next if /^$time_pid? + (?: Berkeley\ DB:\s + | Probably\ (?:Berkeley\ DB|ndbm|GDBM) + | Using\ tdb + | Authenticators: + | Lookups(?:\(built-in\))?: + | Support\ for: + | Routers: + | Transports: + | Malware: + | log\ selectors\ = + | cwd= + | Fixed\ never_users + | Configure\ owner + | Size\ of\ off_t: + ) + /x; + + # Lines with a leading pid. Only handle >= 4-digit PIDs to avoid converting SMTP respose codes + s/^\s*(\d{4,})\s(?!(?:previous message|in\s|bytes remain in|SMTP accept process running))/new_value($1, "p%s", \$next_pid) . ' '/e; - s/(?<=^>>>>>>>>>>>>>>>> Exim pid=)\d+(?= terminating)/pppp/; - s/^(proxy-proc \w{5}-pid) \d+$/$1 pppp/; - s/^(?:\s*\d+ )(exec .* -oPX)$/pppp $1/; + # Debugging lines for Exim terminations and process-generation next if /(?:postfork: | fork(?:ing|ed) for )/; # IP address lookups use gethostbyname() when IPv6 is not supported, @@ -1053,6 +1099,14 @@ RESET_AFTER_EXTRA_LINE_READ: # we don't care what TZ enviroment the testhost was running next if /^Reset TZ to/; + # port numbers + s/(?:\[[^\]]*\]:|V4NET\.0\.0\.0:|localhost::?|127\.0\.0\.1[.:]:?|port[= ])\K$parm_port_d/PORT_D/; + s/(?:\[[^\]]*\]:|V4NET\.0\.0\.0:|localhost::?|127\.0\.0\.1[.:]:?|port[= ])\K$parm_port_d2/PORT_D2/; + s/(?:\[[^\]]*\]:|V4NET\.0\.0\.0:|localhost::?|127\.0\.0\.1[.:]:?|port[= ])\K$parm_port_d3/PORT_D3/; + s/(?:\[[^\]]*\]:|V4NET\.0\.0\.0:|localhost::?|127\.0\.0\.1[.:]:?|port[= ])\K$parm_port_d4/PORT_D4/; + s/(?:\[[^\]]*\]:|V4NET\.0\.0\.0:|localhost::?|127\.0\.0\.1[.:]:?|port[= ])\K$parm_port_s/PORT_S/; + s/(?:\[[^\]]*\]:|V4NET\.0\.0\.0:|localhost::?|127\.0\.0\.1[.:]:?|port[= ])\K$parm_port_n/PORT_N/; + # ========= Exim lookups ================== # Lookups have a char which depends on the number of lookup types compiled in, # in stderr output. Replace with a "0". Recognising this while avoiding @@ -1062,6 +1116,11 @@ RESET_AFTER_EXTRA_LINE_READ: # drop gnutls version strings next if /GnuTLS compile-time version: \d+[\.\d]+$/; next if /GnuTLS runtime version: \d+[\.\d]+$/; + # and unwanted debug + next if /^GnuTLS<2>: FIPS140-2 (context is not set|operation mode switched from initial to not-approved)$/; + next if /^GnuTLS<3>: ASSERT: sign.c\[_gnutls_sign_is_secure2\]:\d+$/; + next if /^GnuTLS<3>: ASSERT: \.\.\/\.\.\/lib\/pkcs11.c\[find_multi_objs_cb\]:/; + next if /^GnuTLS<3>: ASSERT: \.\.\/\.\.\/lib\/pkcs11.c\[gnutls_pkcs11_obj_list_import_url3\]:/; # drop openssl version strings next if /OpenSSL compile-time version: OpenSSL \d+[\.\da-z]+/; @@ -1073,10 +1132,10 @@ RESET_AFTER_EXTRA_LINE_READ: # TLS preload # only OpenSSL speaks of these - next if /^TLS: (preloading (DH params|ECDH curve|CA bundle) for server|generating selfsigned server cert)/; - next if /^Diffie-Hellman initialized from default/; - next if /^ECDH OpenSSL (< )?[\d.+]+: temp key parameter settings:/; - next if /^ECDH: .*'prime256v1'/; + next if /^TLS: (preloading (DH params \S+|ECDH curve \S+|CA bundle) for server|generating selfsigned server cert)/; + next if /^ Diffie-Hellman initialized from default/; + next if /^ ECDH OpenSSL (< )?[\d.+]+: temp key parameter settings:/; + next if /^ ECDH: .*'prime256v1'/; next if /^tls_verify_certificates: system$/; next if /^tls_set_watch: .*\/cert.pem/; next if /^Generating 2048 bit RSA key/; @@ -1090,11 +1149,20 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^GnuTLS<2>: added \d+ protocols, \d+ ciphersuites, \d+ sig algos and \d+ groups into priority list$/; next if /^GnuTLS<2>: (Disabling X.509 extensions|signing structure using RSA-SHA256)/; next if /^GnuTLS.*(wrap_nettle_mpi_print|gnutls_subject_alt_names_get|get_alt_name)/; + next if /^GnuTLS<[23]>: (p11|ASSERT: pkcs11.c|Initializing needed PKCS #11 modules)/; + next if /^GnuTLS<2>: Intel (AES|GCM) accelerator was detected/; + next if /^Added \d{3} certificate authorities/; + next if /^TLS: not preloading CRL for server/; + next if /^GnuTLS<3>: ASSERT: extensions.c\[_gnutls_get_extension/; + next if /^GnuTLS<3>: ASSERT: \.\.\/\.\.\/\.\.\/lib\/x509\//; + next if /^GnuTLS<2>: Initializing PKCS #11 modules/; + # only kevent platforms (FreeBSD, OpenBSD) say this next if /^watch dir/; next if /^watch file .*\/usr\/local/; next if /^watch file .*\/etc\/ssl/; + next if /^closing watch fd:/; # TLS preload # there happen in different orders for OpenSSL/GnuTLS/noTLS @@ -1102,29 +1170,32 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^TLS: not preloading (CA bundle|cipher list) for server$/; next if /^TLS: not preloading server certs$/; + # some plaatforms are missing the standard CA bundle file + next if /^tls_set_watch\(\) fail on '\/usr\/lib\/ssl\/cert.pem': No such file or directory$/; + # drop lookups - next if /^Lookups \(built-in\):/; - next if /^Loading lookup modules from/; - next if /^Loaded \d+ lookup modules/; - next if /^Total \d+ lookups/; + next if /^$time_pid?(?: Lookups\ \(built-in\): + | Loading\ lookup\ modules\ from + | Loaded\ \d+\ lookup\ modules + | Total\ \d+\ lookups)/x; # drop compiler information - next if /^Compiler:/; + next if /^$time_pid?Compiler:/; # and the ugly bit # different libraries will have different numbers (possibly 0) of follow-up # lines, indenting with more data - if (/^Library version:/) { + if (/^$time_pid?Library version:/) { while (1) { $_ = ; - next if /^\s/; + next if /^$time_pid?\s/; goto RESET_AFTER_EXTRA_LINE_READ; } } # drop other build-time controls emitted for debugging - next if /^WHITELIST_D_MACROS:/; - next if /^TRUSTED_CONFIG_LIST:/; + next if /^$time_pid?WHITELIST_D_MACROS:/; + next if /^$time_pid?TRUSTED_CONFIG_LIST:/; # As of Exim 4.74, we log when a setgid fails; because we invoke Exim # with -be, privileges will have been dropped, so this will always @@ -1170,20 +1241,23 @@ RESET_AFTER_EXTRA_LINE_READ: next; } - # Non-TLS bulds have a different Recieved: header expansion - s/^((.*)\t}}}}by \$primary_hostname \$\{if def:received_protocol \{with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/; - s/^((\s*).*considering: with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/; - if (/condition: def:tls_in_cipher_std$/) + # Non-TLS builds have a different default Recieved: header expansion + s/^((.*)\t}}}}by \$primary_hostname \$\{if def:received_protocol \{with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_ver { (\$tls_in_ver)}}\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/; + s/^((\s*).*considering: with \$received_protocol }})\(Exim \$version_number\)$/$1\${if def:tls_in_ver { (\$tls_in_ver)}}\${if def:tls_in_cipher_std { tls \$tls_in_cipher_std\n$2\t}}(Exim \$version_number)/; + if (/condition: def:tls_in_ver$/) { $_= ; $_= ; $_= ; $_= ; $_= ; $_= ; $_= ; $_= ; - $_= ; $_= ; $_= ; next; + $_= ; $_= ; $_= ; $_= ; + $_= ; $_= ; $_= ; $_= ; + $_= ; $_= ; $_= ; $_= ; $_= ; next; } # Skip tls_advertise_hosts and hosts_require_tls checks when the options # are unset, because tls ain't always there. + next if /^((>>>)?\s*host)? in tls_advertise_hosts\?$/; next if /in\s(?:tls_advertise_hosts\?|hosts_require_tls\?) \sno\s\((option\sunset|end\sof\slist)\)/x; @@ -1255,9 +1329,7 @@ RESET_AFTER_EXTRA_LINE_READ: next if /in\shosts_require_dane\?\sno\s\(option\sunset\)/x; # daemon notifier socket - s/^(\s*\d+|ppppp) (creating notifier socket)$/ppppp $2/; - s/^ \@(.*exim_daemon_notify)$/ $1/; - s/^(\s*\d+|ppppp) \@?(.*exim_daemon_notify)$/ppppp $2/; + s% \@(?=[^ @]+/spool/exim_daemon_notify$)% %; next if /unlinking notifier socket/; # daemon notifier socket @@ -1269,6 +1341,12 @@ RESET_AFTER_EXTRA_LINE_READ: $_ = $line . $_; } + # Different builds will have different lookup types included + s/^\s*search_type \K\d+ \((\w+)\) quoting -1 \(none\)$/NN ($1) quoting -1 (none)/; + # and different numbers of lookup types result in different type-code letters, + # so convert them all to "0" + s%(?>>)?\s*host in pipelining_connect_advertise_hosts\?$/ ) + { + $_ = ; + while ( /^(>>>)?\s*list element:/ ) { $_ = ; } + goto RESET_AFTER_EXTRA_LINE_READ; + } + next if / in (?:pipelining_connect_advertise_hosts|hosts_pipe_connect)?\? no /; # Experimental_International next if / in smtputf8_advertise_hosts\? no \(option unset\)/; @@ -1284,9 +1368,23 @@ RESET_AFTER_EXTRA_LINE_READ: # Experimental_REQUIRETLS next if / in tls_advertise_requiretls?\? no \(end of list\)/; + # Experimental_LIMITS + if ( /^((>>>)?\s*host)? in limits_advertise_hosts\?$/ ) + { + $_ = ; + while ( /^(>>>)?\s*list element: !\*$/ ) { $_ = ; } + goto RESET_AFTER_EXTRA_LINE_READ; + } + next if / in limits_advertise_hosts?\? no \(matched "!\*"\)/; + # TCP Fast Open next if /^(ppppp )?setsockopt FASTOPEN: Network Error/; + # DISABLE_TLS_RESUME + # TLS resumption is not always supported by the build + next if /in tls_resumption_hosts\?/; + next if /RE '.outlook.com/; + # Environment cleaning next if /\w+ in keep_environment\? (yes|no)/; @@ -1331,7 +1429,7 @@ RESET_AFTER_EXTRA_LINE_READ: s/Address family not supported by protocol family/Network Error/; s/Network is unreachable/Network Error/; } - next if /^(ppppp )?setsockopt FASTOPEN: Protocol not available$/; + next if /^(ppppp |\d+ )?setsockopt FASTOPEN: Protocol not available$/; s/^(Connecting to .* \.\.\. sending) \d+ (nonTFO early-data)$/$1 dd $2/; if (/^([0-9: ]* # possible timestamp @@ -1372,13 +1470,12 @@ RESET_AFTER_EXTRA_LINE_READ: # Postgres version-dependent differences s/^initdb: warning: (enabling "trust" authentication for local connections)$/\nWARNING: $1/; + # Postgre DB server PID + s/ \[\d+\] (?=(LOG: redirecting log|HINT: Future log output))/ [pppp] /; # Not all builds include DMARC next if /^DMARC: no (dmarc_tld_file|sender_host_address)$/ ; - # TLS resumption is not always supported by the build - next if /in tls_resumption_hosts\?/; - # Platform differences in errno strings s/ SMTP\(Operation timed out\)</; # When Exim is checking the size of directories for maildir, it uses # the check_dir_size() function to scan directories. Of course, the order @@ -1410,26 +1515,7 @@ RESET_AFTER_EXTRA_LINE_READ: @saved = (); } - # Skip some lines that Exim puts out at the start of debugging output - # because they will be different in different binaries. - - print MUNGED - unless (/^Berkeley DB: / || - /^Probably (?:Berkeley DB|ndbm|GDBM)/ || - /^Authenticators:/ || - /^Lookups:/ || - /^Support for:/ || - /^Routers:/ || - /^Transports:/ || - /^Malware:/ || - /^log selectors =/ || - /^cwd=/ || - /^Fixed never_users:/ || - /^Configure owner:/ || - /^Size of off_t:/ - ); - - + print MUNGED; } next; @@ -1445,13 +1531,15 @@ RESET_AFTER_EXTRA_LINE_READ: # CHUNKING: exact sizes depend on hostnames in headers s/(=>.* K C="250- \d)\d+ (byte chunk, total \d)\d+/$1nn $2nn/; - # openssl version variances - s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; - s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(?:(?i)ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; + # OpenSSL version variances + s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)|):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; + next if /TLS error \(SSL_read\): error:0A000126:SSL routines::unexpected eof while reading$/ ; + s/EVDATA: \K\(SSL_accept\): error:0A000126:SSL routines::unexpected eof while reading/SSL_accept: TCP connection closed by peer/; + s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(?:(?i)ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT|)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./; s/ARC: AMS signing: privkey PEM-block import: error:\K[0-9A-F]{8}:(PEM routines):get_name:(no start line)/0906D06C:$1:PEM_read_bio:$2/; - # gnutls version variances + # GnuTLS version variances if (/TLS error on connection \(recv\): .* (Decode error|peer did not send any certificate)/) { my $prev = $_; @@ -1464,8 +1552,10 @@ RESET_AFTER_EXTRA_LINE_READ: else { $_ = $prev; } } - # translate gnutls error into the openssl one + # translate GnuTLS error into the OpenSSL one s/ARC: AMS signing: privkey PEM-block import: \KThe requested data were not available.$/error:0906D06C:PEM routines:PEM_read_bio:no start line/; + # and then both into the OpenSSL 3.x one + s/ARC: AMS signing: privkey PEM-block import: error:\K[0-9A-F]{8}:PEM routines:PEM_read_bio:no start line$/1E08010C:DECODER routines::unsupported/; # DKIM timestamps if ( /(DKIM: d=.*) t=([0-9]*) x=([0-9]*) / ) @@ -1477,6 +1567,9 @@ RESET_AFTER_EXTRA_LINE_READ: s/signer: [^ ]* bits:\K 256/ 253/; s/public key too short:\K 256 bits/ 253 bits/; + # with GnuTLS we cannot log single bad ALPN. So ignore the with-OpenSSL log line. + # next if /TLS ALPN (http) rejected$/; + # port numbers s/(?:\[[^\]]*\]:|port )\K$parm_port_d/PORT_D/; s/(?:\[[^\]]*\]:|port )\K$parm_port_d2/PORT_D2/; @@ -1496,6 +1589,8 @@ RESET_AFTER_EXTRA_LINE_READ: s/session: \K\((SSL_connect|gnutls_handshake)\): timed out/(tls lib connect fn): timed out/; s/TLS error on connection from .*\K\((SSL_accept|gnutls_handshake)\): timed out/(tls lib accept fn): timed out/; s/TLS error on connection from .*\K(SSL_accept: TCP connection closed by peer|\(gnutls_handshake\): The TLS connection was non-properly terminated.)/(tls lib accept fn): TCP connection closed by peer/; + s/TLS session: \K\(gnutls_handshake\): rxd alert: No supported application protocol could be negotiated/(SSL_connect): error: <>/; + s/\(gnutls_handshake\): No common application protocol could be negotiated./(SSL_accept): error: <>/; } # ======== mail ======== @@ -1868,9 +1963,6 @@ $munges = 'rejectlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /', }, - 'debug_pid' => - { 'stderr' => 's/(^\s{0,4}|(?<=Process )|(?<=child ))\d+/ppppp/g' }, - 'optional_dsn_info' => { 'mail' => '/^(X-(Remote-MTA-(smtp-greeting|helo-response)|Exim-Diagnostic|(body|message)-linecount):|Remote-MTA: X-ip;)/' }, @@ -1897,11 +1989,6 @@ $munges = { 'mainlog' => 's/^(.* SMTP protocol synchronization error .* next input=.{8}).*$/$1/', 'rejectlog' => 's/^(.* SMTP protocol synchronization error .* next input=.{8}).*$/$1/'}, - 'debuglog_stdout' => - { 'stdout' => 's/^\d\d:\d\d:\d\d\s+\d+ //; - s/Process \d+ is ready for new message/Process pppp is ready for new message/' - }, - 'timeout_errno' => # actual errno differs Solaris vs. Linux { 'mainlog' => 's/((?:host|message) deferral .* errno) <\d+> /$1 /' }, @@ -2002,7 +2089,7 @@ if (! $message_skip) foreach $mail (@mails) { - next if $mail eq "test-mail/oncelog"; + next if $mail =~ /^test-mail\/oncelog(.(dir|pag|db))?$/; $saved_mail = substr($mail, 10); # Remove "test-mail/" $saved_mail =~ s/^$parm_caller(\/|$)/CALLER/; # Convert caller name @@ -2283,7 +2370,7 @@ if (/^dump\s+(\S+)/) sort { $a->[0] cmp $b->[0] } #map { [ (split)[0] =~ s/\Q$parm_ipv4/ip4.ip4.ip4.ip4/gr, $_ ] } # this is too modern for 5.10.1 map { - (my $k = (split)[0]) =~ s/\Q$parm_ipv4/ip4.ip4.ip4.ip4/g; + (my $k = (split)[0]) =~ s/\Q$parm_ipv4\E/ip4.ip4.ip4.ip4/g; [ $k, $_ ] } do { local $/ = "\n "; <$in> }; @@ -2304,6 +2391,16 @@ if (/^dump\s+(\S+)/) return $aa cmp $bb; } @temp; } + elsif ($which eq "seen") + { + @temp = sort { + (my $aa = $a) =~ s/^([\d.]+)/$1/; + (my $bb = $b) =~ s/^([\d.]+)/$1/; + $aa =~ s/\Q$parm_ipv4\E/ip4.ip4.ip4.ip4/; + $bb =~ s/\Q$parm_ipv4\E/ip4.ip4.ip4.ip4/; + return $aa cmp $bb; + } @temp; + } print $out @temp; } close($in); # close it explicitly, otherwise $? does not get set @@ -2370,6 +2467,17 @@ if (/^exigrep\s+(.*)/) } +# The "exiqgrep" command runs exiqgrep on the current spool + +if (/^exiqgrep(\s+.*)?/) + { + run_system("(./eximdir/exiqgrep -E ./eximdir/exim -C $parm_cwd/test-config" . ($1 || '') . ";" . + "echo exiqgrep exit code = \$?)" . + ">>test-stdout"); + return 1; + } + + # The "eximstats" command runs eximstats on the current mainlog if (/^eximstats\s+(.*)/) @@ -2875,6 +2983,231 @@ return $yield; # Ran command and waited +############################################################################### +############################################################################### + +################################################## +# Check for SpamAssassin and ClamAV # +################################################## + +# These are crude tests. If they aren't good enough, we'll have to improve +# them, for example by actually passing a message through spamc or clamscan. + +sub check_running_spamassassin +{ +my $sock = new FileHandle; + +if (system("spamc -h 2>/dev/null >/dev/null") == 0) + { + print "The spamc command works:\n"; + + # This test for an active SpamAssassin is courtesy of John Jetmore. + # The tests are hard coded to localhost:783, so no point in making + # this test flexible like the clamav test until the test scripts are + # changed. spamd doesn't have the nice PING/PONG protocol that + # clamd does, but it does respond to errors in an informative manner, + # so use that. + + my($sint,$sport) = ('127.0.0.1',783); + eval + { + my $sin = sockaddr_in($sport, inet_aton($sint)) + or die "** Failed packing $sint:$sport\n"; + socket($sock, PF_INET, SOCK_STREAM, getprotobyname('tcp')) + or die "** Unable to open socket $sint:$sport\n"; + + local $SIG{ALRM} = + sub { die "** Timeout while connecting to socket $sint:$sport\n"; }; + alarm(5); + connect($sock, $sin) + or die "** Unable to connect to socket $sint:$sport\n"; + alarm(0); + + select((select($sock), $| = 1)[0]); + print $sock "bad command\r\n"; + + $SIG{ALRM} = + sub { die "** Timeout while reading from socket $sint:$sport\n"; }; + alarm(10); + my $res = <$sock>; + alarm(0); + + $res =~ m|^SPAMD/| + or die "** Did not get SPAMD from socket $sint:$sport. " + ."It said: $res\n"; + }; + alarm(0); + if($@) + { + print " $@"; + print " Assume SpamAssassin (spamd) is not running\n"; + } + else + { + $parm_running{SpamAssassin} = ' '; + print " SpamAssassin (spamd) seems to be running\n"; + } + } +else + { + print "The spamc command failed: assume SpamAssassin (spamd) is not running\n"; + } +} + +sub check_running_clamav +{ +my $sock; + +# For ClamAV, we need to find the clamd socket for use in the Exim +# configuration. Search for the clamd configuration file. + +if (system("clamscan -h 2>/dev/null >/dev/null") == 0) + { + my($f, $clamconf, $test_prefix); + + print "The clamscan command works"; + + $test_prefix = $ENV{EXIM_TEST_PREFIX}; + $test_prefix = '' if !defined $test_prefix; + + foreach $f ("$test_prefix/etc/clamd.conf", + "$test_prefix/usr/local/etc/clamd.conf", + "$test_prefix/etc/clamav/clamd.conf", '') + { + if (-e $f) + { + $clamconf = $f; + last; + } + } + + # Read the ClamAV configuration file and find the socket interface. + + if ($clamconf ne '') + { + my $socket_domain; + open(IN, "$clamconf") || die "\n** Unable to open $clamconf: $!\n"; + while () + { + if (/^LocalSocket\s+(.*)/) + { + $parm_clamsocket = $1; + $socket_domain = AF_UNIX; + last; + } + if (/^TCPSocket\s+(\d+)/) + { + if (defined $parm_clamsocket) + { + $parm_clamsocket .= " $1"; + $socket_domain = AF_INET; + last; + } + else + { + $parm_clamsocket = " $1"; + } + } + elsif (/^TCPAddr\s+(\S+)/) + { + if (defined $parm_clamsocket) + { + $parm_clamsocket = $1 . $parm_clamsocket; + $socket_domain = AF_INET; + last; + } + else + { + $parm_clamsocket = $1; + } + } + } + close(IN); + + if (defined $socket_domain) + { + print ":\n The clamd socket is $parm_clamsocket\n"; + # This test for an active ClamAV is courtesy of Daniel Tiefnig. + eval + { + my $socket; + if ($socket_domain == AF_UNIX) + { + $socket = sockaddr_un($parm_clamsocket) or die "** Failed packing '$parm_clamsocket'\n"; + } + elsif ($socket_domain == AF_INET) + { + my ($ca_host, $ca_port) = split(/\s+/,$parm_clamsocket); + my $ca_hostent = gethostbyname($ca_host) or die "** Failed to get raw address for host '$ca_host'\n"; + $socket = sockaddr_in($ca_port, $ca_hostent) or die "** Failed packing '$parm_clamsocket'\n"; + } + else + { + die "** Unknown socket domain '$socket_domain' (should not happen)\n"; + } + socket($sock, $socket_domain, SOCK_STREAM, 0) or die "** Unable to open socket '$parm_clamsocket'\n"; + local $SIG{ALRM} = sub { die "** Timeout while connecting to socket '$parm_clamsocket'\n"; }; + alarm(5); + connect($sock, $socket) or die "** Unable to connect to socket '$parm_clamsocket'\n"; + alarm(0); + + my $ofh = select $sock; $| = 1; select $ofh; + print $sock "PING\n"; + + $SIG{ALRM} = sub { die "** Timeout while reading from socket '$parm_clamsocket'\n"; }; + alarm(10); + my $res = <$sock>; + alarm(0); + + $res =~ /PONG/ or die "** Did not get PONG from socket '$parm_clamsocket'. It said: $res\n"; + }; + alarm(0); + + if($@) + { + print " $@"; + print " Assume ClamAV is not running\n"; + } + else + { + $parm_running{ClamAV} = ' '; + print " ClamAV seems to be running\n"; + } + } + else + { + print ", but the socket for clamd could not be determined\n"; + print "Assume ClamAV is not running\n"; + } + } + + else + { + print ", but I can't find a configuration for clamd\n"; + print "Assume ClamAV is not running\n"; + } + } +} + + +sub check_running_redis +{ +if (defined $parm_lookups{redis}) + { + if (system("redis-server -v 2>/dev/null >/dev/null") == 0) + { + print "The redis-server command works\n"; + $parm_running{redis} = ' '; + } + else + { + print "The redis-server command failed: assume Redis not installed\n"; + } + } +} + + + ############################################################################### ############################################################################### @@ -2942,6 +3275,7 @@ GetOptions( 'valgrind' => \$valgrind, 'range=s{2}' => \my @range_wanted, 'test=i@' => \my @tests_wanted, + 'fail-any!' => \my $fail_any, 'flavor|flavour=s' => \$flavour, 'help' => sub { pod2usage(-exit => 0) }, 'man' => sub { @@ -3226,220 +3560,14 @@ print "-" x 78, "\n"; unlink("$parm_cwd/test-config"); -################################################## -# Check for SpamAssassin and ClamAV # -################################################## -# These are crude tests. If they aren't good enough, we'll have to improve -# them, for example by actually passing a message through spamc or clamscan. if (defined $parm_support{Content_Scanning}) { - my $sock = new FileHandle; - - if (system("spamc -h 2>/dev/null >/dev/null") == 0) - { - print "The spamc command works:\n"; - - # This test for an active SpamAssassin is courtesy of John Jetmore. - # The tests are hard coded to localhost:783, so no point in making - # this test flexible like the clamav test until the test scripts are - # changed. spamd doesn't have the nice PING/PONG protocol that - # clamd does, but it does respond to errors in an informative manner, - # so use that. - - my($sint,$sport) = ('127.0.0.1',783); - eval - { - my $sin = sockaddr_in($sport, inet_aton($sint)) - or die "** Failed packing $sint:$sport\n"; - socket($sock, PF_INET, SOCK_STREAM, getprotobyname('tcp')) - or die "** Unable to open socket $sint:$sport\n"; - - local $SIG{ALRM} = - sub { die "** Timeout while connecting to socket $sint:$sport\n"; }; - alarm(5); - connect($sock, $sin) - or die "** Unable to connect to socket $sint:$sport\n"; - alarm(0); - - select((select($sock), $| = 1)[0]); - print $sock "bad command\r\n"; - - $SIG{ALRM} = - sub { die "** Timeout while reading from socket $sint:$sport\n"; }; - alarm(10); - my $res = <$sock>; - alarm(0); - - $res =~ m|^SPAMD/| - or die "** Did not get SPAMD from socket $sint:$sport. " - ."It said: $res\n"; - }; - alarm(0); - if($@) - { - print " $@"; - print " Assume SpamAssassin (spamd) is not running\n"; - } - else - { - $parm_running{SpamAssassin} = ' '; - print " SpamAssassin (spamd) seems to be running\n"; - } - } - else - { - print "The spamc command failed: assume SpamAssassin (spamd) is not running\n"; - } - - # For ClamAV, we need to find the clamd socket for use in the Exim - # configuration. Search for the clamd configuration file. - - if (system("clamscan -h 2>/dev/null >/dev/null") == 0) - { - my($f, $clamconf, $test_prefix); - - print "The clamscan command works"; - - $test_prefix = $ENV{EXIM_TEST_PREFIX}; - $test_prefix = '' if !defined $test_prefix; - - foreach $f ("$test_prefix/etc/clamd.conf", - "$test_prefix/usr/local/etc/clamd.conf", - "$test_prefix/etc/clamav/clamd.conf", '') - { - if (-e $f) - { - $clamconf = $f; - last; - } - } - - # Read the ClamAV configuration file and find the socket interface. - - if ($clamconf ne '') - { - my $socket_domain; - open(IN, "$clamconf") || die "\n** Unable to open $clamconf: $!\n"; - while () - { - if (/^LocalSocket\s+(.*)/) - { - $parm_clamsocket = $1; - $socket_domain = AF_UNIX; - last; - } - if (/^TCPSocket\s+(\d+)/) - { - if (defined $parm_clamsocket) - { - $parm_clamsocket .= " $1"; - $socket_domain = AF_INET; - last; - } - else - { - $parm_clamsocket = " $1"; - } - } - elsif (/^TCPAddr\s+(\S+)/) - { - if (defined $parm_clamsocket) - { - $parm_clamsocket = $1 . $parm_clamsocket; - $socket_domain = AF_INET; - last; - } - else - { - $parm_clamsocket = $1; - } - } - } - close(IN); - - if (defined $socket_domain) - { - print ":\n The clamd socket is $parm_clamsocket\n"; - # This test for an active ClamAV is courtesy of Daniel Tiefnig. - eval - { - my $socket; - if ($socket_domain == AF_UNIX) - { - $socket = sockaddr_un($parm_clamsocket) or die "** Failed packing '$parm_clamsocket'\n"; - } - elsif ($socket_domain == AF_INET) - { - my ($ca_host, $ca_port) = split(/\s+/,$parm_clamsocket); - my $ca_hostent = gethostbyname($ca_host) or die "** Failed to get raw address for host '$ca_host'\n"; - $socket = sockaddr_in($ca_port, $ca_hostent) or die "** Failed packing '$parm_clamsocket'\n"; - } - else - { - die "** Unknown socket domain '$socket_domain' (should not happen)\n"; - } - socket($sock, $socket_domain, SOCK_STREAM, 0) or die "** Unable to open socket '$parm_clamsocket'\n"; - local $SIG{ALRM} = sub { die "** Timeout while connecting to socket '$parm_clamsocket'\n"; }; - alarm(5); - connect($sock, $socket) or die "** Unable to connect to socket '$parm_clamsocket'\n"; - alarm(0); - - my $ofh = select $sock; $| = 1; select $ofh; - print $sock "PING\n"; - - $SIG{ALRM} = sub { die "** Timeout while reading from socket '$parm_clamsocket'\n"; }; - alarm(10); - my $res = <$sock>; - alarm(0); - - $res =~ /PONG/ or die "** Did not get PONG from socket '$parm_clamsocket'. It said: $res\n"; - }; - alarm(0); - - if($@) - { - print " $@"; - print " Assume ClamAV is not running\n"; - } - else - { - $parm_running{ClamAV} = ' '; - print " ClamAV seems to be running\n"; - } - } - else - { - print ", but the socket for clamd could not be determined\n"; - print "Assume ClamAV is not running\n"; - } - } - - else - { - print ", but I can't find a configuration for clamd\n"; - print "Assume ClamAV is not running\n"; - } - } - } - - -################################################## -# Check for redis # -################################################## -if (defined $parm_lookups{redis}) - { - if (system("redis-server -v 2>/dev/null >/dev/null") == 0) - { - print "The redis-server command works\n"; - $parm_running{redis} = ' '; - } - else - { - print "The redis-server command failed: assume Redis not installed\n"; - } + check_running_spamassassin(); + check_running_clamav(); } +check_running_redis(); ################################################## # Test for the basic requirements # @@ -3745,23 +3873,21 @@ system("sudo cp eximdir/exim eximdir/exim_exim;" . ($parm_exim_dir) = $parm_exim =~ m?^(.*)/exim?; $dbm_build_deleted = 0; -if (defined $parm_lookups{dbm} && not copy("$parm_exim_dir/exim_dbmbuild", "eximdir")) +if (defined $parm_lookups{dbm} && not cp("$parm_exim_dir/exim_dbmbuild", "eximdir/exim_dbmbuild")) { delete $parm_lookups{dbm}; $dbm_build_deleted = 1; } -foreach my $tool (qw(exim_dumpdb exim_lock exinext exigrep eximstats)) { - copy("$parm_exim_dir/$tool" => "eximdir/") +foreach my $tool (qw(exim_dumpdb exim_lock exinext exigrep eximstats exiqgrep)) { + cp("$parm_exim_dir/$tool" => "eximdir/$tool") or tests_exit(-1, "Failed to make a copy of $tool: $!"); - chmod((stat "$parm_exim_dir/$tool")[2]&07777, "eximdir/$tool") - or tests_exit(-1, "Failed to chmod $tool: $!\n"); } # Collect some version information print '-' x 78, "\n"; print "Perl version for runtest: $]\n"; -foreach (map { "./eximdir/$_" } qw(exigrep exinext eximstats)) { +foreach (map { "./eximdir/$_" } qw(exigrep exinext eximstats exiqgrep)) { # fold (or unfold?) multiline output into a one-liner print join(', ', map { chomp; $_ } `$_ --version`), "\n"; } @@ -4518,7 +4644,7 @@ foreach $test (@test_list) ################################################## tests_exit(-1, "No runnable tests selected") if not @test_list; -tests_exit($failures); +tests_exit($fail_any ? $failures : 0); __END__