From: Tom Kistner Date: Sun, 8 May 2011 09:08:12 +0000 (+0100) Subject: Merge branch 'tom_dev' X-Git-Tag: exim-4_76_RC2~2 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/5fa5f96fcfb9aa3c73e4ce9289a30be1e616e576?hp=ae9094bfe313aeb9ffefc7566bd4dae49ada3cf5 Merge branch 'tom_dev' --- diff --git a/doc/doc-docbook/filter.xfpt b/doc/doc-docbook/filter.xfpt index 54b145944..42d2910a1 100644 --- a/doc/doc-docbook/filter.xfpt +++ b/doc/doc-docbook/filter.xfpt @@ -65,8 +65,8 @@ PhilipHazel PH - 4.75 - 21 Feb 2011 + 4.76 + 06 May 2011 PH 2010University of Cambridge @@ -80,7 +80,7 @@ .chapter "Forwarding and filtering in Exim" "CHAPforandfilt" This document describes the user interfaces to Exim's in-built mail filtering facilities, and is copyright © University of Cambridge 2007. It -corresponds to Exim version 4.75. +corresponds to Exim version 4.76. diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 5cfa344c0..fb2721818 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -48,7 +48,7 @@ . ///////////////////////////////////////////////////////////////////////////// .set previousversion "4.75" -.set version "4.75" +.set version "4.76" .set ACL "access control lists (ACLs)" .set I "    " @@ -172,12 +172,12 @@ Specification of the Exim Mail Transfer Agent The Exim MTA -21 Jan 2011 +06 May 2011 EximMaintainers EM - 4.75 - 21 Feb 2011 + 4.76 + 06 May 2011 EM 2011University of Cambridge diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 7bf9ebbed..b30b6abda 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -21,12 +21,18 @@ PP/05 Don't segfault on misconfiguration of ref:name exim-user as uid. PP/06 Extra paranoia around buffer usage at the STARTTLS transition. nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316 +TK/01 Updated PolarSSL code to 0.14.2. + Bugzilla 1097. Patch from Andreas Metzler. + PP/07 Catch divide-by-zero in ${eval:...}. Fixes bugzilla 1102. PP/08 Condition negation of bool{}/bool_lax{} did not negate. Fixed. Bugzilla 1104. +TK/02 Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to a + format-string attack. + Exim version 4.75 ----------------- @@ -248,7 +254,7 @@ DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure PP/27 Bugzilla 1047: change the default for system_filter_user to be the Exim run-time user, instead of root. -PP/28 Add WHITELIST_D_MACROS option to let some macros be overriden by the +PP/28 Add WHITELIST_D_MACROS option to let some macros be overridden by the Exim run-time user without dropping privileges. DW/29 Remove use of va_copy() which breaks pre-C99 systems. Duplicate the diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index c205e9c98..09e4dd283 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -72,7 +72,7 @@ Version 4.73 2. A new pipe transport option, "permit_coredumps", may help with problem diagnosis in some scenarios. Note that Exim is typically installed as a setuid binary, which on most OSes will inhibit coredumps by default, - so that safety mechanism would have to be overriden for this option to + so that safety mechanism would have to be overridden for this option to be able to take effect. 3. ClamAV 0.95 is now required for ClamAV support in Exim, unless @@ -158,7 +158,7 @@ Version 4.73 forward, we recommend using TRUSTED_CONFIG_LIST with shim configs that include the main config. As a transition mechanism, we are temporarily providing a work-around: the new build option WHITELIST_D_MACROS provides - a colon-separated list of macro names which may be overriden by the Exim + a colon-separated list of macro names which may be overridden by the Exim run-time user. The values of these macros are constrained to the regex ^[A-Za-z0-9_/.-]*$ (which explicitly does allow for empty values). diff --git a/src/README.UPDATING b/src/README.UPDATING index 0b70caa2b..1e08ff5b3 100644 --- a/src/README.UPDATING +++ b/src/README.UPDATING @@ -69,7 +69,7 @@ Exim version 4.73 the Exim run-time user may safely pass without dropping privileges. Because changes to this involve a recompile, this is not the recommended approach but may ease transition. The values of the macros, when - overriden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ + overridden, are constrained to match this regex: ^[A-Za-z0-9_/.-]*$ * The system_filter_user option now defaults to the Exim run-time user, rather than root. You can still set it explicitly to root and this diff --git a/src/exim_monitor/em_main.c b/src/exim_monitor/em_main.c index 187dba3b0..4692fa744 100644 --- a/src/exim_monitor/em_main.c +++ b/src/exim_monitor/em_main.c @@ -168,7 +168,7 @@ Returns: nothing */ void -log_write(unsigned int selector, int flags, char *format, ...) +log_write(unsigned int selector, int flags, const char *format, ...) { va_list ap; va_start(ap, format); diff --git a/src/src/EDITME b/src/src/EDITME index 833c3f8ca..b0335a963 100644 --- a/src/src/EDITME +++ b/src/src/EDITME @@ -528,7 +528,7 @@ FIXED_NEVER_USERS=root # # As a strictly transient measure to ease migration to 4.73, the # WHITELIST_D_MACROS value definies a colon-separated list of macro-names -# which are permitted to be overriden from the command-line which will be +# which are permitted to be overridden from the command-line which will be # honoured by the Exim user. So these are macros that can persist to delivery # time. # Examples might be -DTLS or -DSPOOL=/some/dir. The values on the diff --git a/src/src/exim.c b/src/src/exim.c index 528ffc7c8..371bc1025 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1299,7 +1299,7 @@ for (m = macros; m != NULL; m = m->next) return FALSE; } } -DEBUG(D_any) debug_printf("macros_trusted overriden to true by whitelisting\n"); +DEBUG(D_any) debug_printf("macros_trusted overridden to true by whitelisting\n"); return TRUE; #endif } diff --git a/src/src/eximstats.src b/src/src/eximstats.src index df64294a0..9a9a90c54 100644 --- a/src/src/eximstats.src +++ b/src/src/eximstats.src @@ -540,7 +540,7 @@ mailing list exim-users@exim.org. This program does not perfectly handle messages whose received and delivered log lines are in different files, which can happen when you have multiple mail servers and a message cannot be -immeadiately delivered. Fixing this could be tricky... +immediately delivered. Fixing this could be tricky... Merging of xls files is not (yet) possible. Be free to implement :) diff --git a/src/src/exipick.src b/src/src/exipick.src index 33054543f..ec7f58842 100644 --- a/src/src/exipick.src +++ b/src/src/exipick.src @@ -1488,7 +1488,7 @@ Boolean variables are checked simply by being true or false. There is no real o =item NUMERIC -Valid comparisons are <, <=, >, >=, ==, and !=. Numbers can be integers or floats. Any number in a test suffixed with d, h, m, s, M, K, or B will be mulitplied by 86400, 3600, 60, 1, 1048576, 1024, or 1 respectively. Examples of valid numeric tests: +Valid comparisons are <, <=, >, >=, ==, and !=. Numbers can be integers or floats. Any number in a test suffixed with d, h, m, s, M, K, or B will be multiplied by 86400, 3600, 60, 1, 1048576, 1024, or 1 respectively. Examples of valid numeric tests: '$message_age >= 3d' '$local_interface == 587' '$message_size < 30K' @@ -1502,7 +1502,7 @@ The string operators are =, eq, ne, =~, and !~. With the exception of '=', the =item NEGATION -There are many ways to negate tests, each having a reason for existing. Many tests can be negated using native operators. For instance, >1 is the opposite of <=1 and eq and ne are opposites. In addition, each individual test can be negated by adding a ! at the beginning of the test. For instance, '!$acl_m1 =~ /^DENY$/' is the same as '$acl_m1 !~ /^DENY$/'. Finally, every test can be specified by using the command line argument --not. This is functionally equivilant to adding a ! to the beginning of every test. +There are many ways to negate tests, each having a reason for existing. Many tests can be negated using native operators. For instance, >1 is the opposite of <=1 and eq and ne are opposites. In addition, each individual test can be negated by adding a ! at the beginning of the test. For instance, '!$acl_m1 =~ /^DENY$/' is the same as '$acl_m1 !~ /^DENY$/'. Finally, every test can be specified by using the command line argument --not. This is functionally equivalent to adding a ! to the beginning of every test. =back diff --git a/src/src/osfunctions.h b/src/src/osfunctions.h index 14111d383..1010ff556 100644 --- a/src/src/osfunctions.h +++ b/src/src/osfunctions.h @@ -14,7 +14,7 @@ that uses a type that isn't defined for them. */ extern ip_address_item *os_common_find_running_interfaces(void); #endif -/* If these exist as a macro, then they're overriden away from us and we +/* If these exist as a macro, then they're overridden away from us and we rely upon the system headers to provide prototype declarations for us. Notably, strsignal() is not in the Single Unix Specification (v3) and predicting constness is awkward. */ diff --git a/src/src/version.h b/src/src/version.h index b84d108c3..6c1cc556f 100644 --- a/src/src/version.h +++ b/src/src/version.h @@ -6,7 +6,7 @@ /* See the file NOTICE for conditions of use and distribution. */ /* This is bumped by the Exim Maintainers, the release engineer: */ -#define EXIM_RELEASE_VERSION_STR "4.75" +#define EXIM_RELEASE_VERSION_STR "4.76" /* If you apply extensive local patches, consider putting -foo into here */ #define EXIM_VARIANT_VERSION "" diff --git a/test/runtest b/test/runtest index 324049fc0..feca75e2e 100755 --- a/test/runtest +++ b/test/runtest @@ -763,7 +763,7 @@ RESET_AFTER_EXTRA_LINE_READ: next if /^changing group to \d+ failed: Operation not permitted/; # We invoke Exim with -D, so we hit this new messag as of Exim 4.73: - next if /^macros_trusted overriden to true by whitelisting/; + next if /^macros_trusted overridden to true by whitelisting/; # We have to omit the localhost ::1 address so that all is well in # the IPv4-only case.