X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f870028fd26f8ac1a2fcb6e43e0d7d1c76c110ec..9370c62082c6596c3eaf5dcf6c0b29cf002bd321:/src/src/deliver.c diff --git a/src/src/deliver.c b/src/src/deliver.c index 0cddec758..4e472ebe6 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -334,7 +334,7 @@ static int open_msglog_file(uschar *filename, int mode, uschar **error) { if (Ustrstr(filename, US"/../")) - log_write(0, LOG_MAIN|LOG_PANIC, + log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Attempt to open msglog file path with upward-traversal: '%s'\n", filename); for (int i = 2; i > 0; i--) @@ -521,8 +521,12 @@ while (one && two) else if (one->port != two->port) return FALSE; - /* Hosts matched */ +#ifdef SUPPORT_DANE + /* DNSSEC equality */ + if (one->dnssec != two->dnssec) return FALSE; +#endif + /* Hosts matched */ one = one->next; two = two->next; } @@ -2093,9 +2097,9 @@ return FALSE; /* Each local delivery is performed in a separate process which sets its uid and gid as specified. This is a safer way than simply changing and -restoring using seteuid(); there is a body of opinion that seteuid() cannot be -used safely. From release 4, Exim no longer makes any use of it. Besides, not -all systems have seteuid(). +restoring using seteuid(); there is a body of opinion that seteuid() +cannot be used safely. From release 4, Exim no longer makes any use of +it for delivery. Besides, not all systems have seteuid(). If the uid/gid are specified in the transport_instance, they are used; the transport initialization must ensure that either both or neither are set. @@ -2884,10 +2888,8 @@ while (addr_local) deliveries (e.g. to pipes) can take a substantial time. */ if (!(dbm_file = dbfn_open(US"retry", O_RDONLY, &dbblock, FALSE, TRUE))) - { DEBUG(D_deliver|D_retry|D_hints_lookup) debug_printf("no retry data available\n"); - } addr2 = addr; addr3 = NULL; @@ -8570,6 +8572,9 @@ f.tcp_fastopen_ok = TRUE; +/* Called from a commandline, or from the daemon, to do a delivery. +We need to regain privs; do this by exec of the exim binary. */ + void delivery_re_exec(int exec_type) {