exim.git
10 years agoBug 1495: Exiqgrep -C check configfile readability
Andrew Colin Kissa [Wed, 2 Jul 2014 14:00:46 +0000 (07:00 -0700)]
Bug 1495: Exiqgrep -C check configfile readability

10 years agoUse enum for var_entry type
Jeremy Harris [Fri, 20 Jun 2014 12:40:24 +0000 (13:40 +0100)]
Use enum for var_entry type

10 years agoFix build dependencies
Heiko Schlittermann [Tue, 17 Jun 2014 11:18:26 +0000 (12:18 +0100)]
Fix build dependencies

"make distclean; make -j" was failing on config.h

10 years agoCorrect testuite doc
Jeremy Harris [Sun, 15 Jun 2014 15:44:56 +0000 (16:44 +0100)]
Correct testuite doc

10 years agoFix testcase 0390 when testing an EXPERIMENTAL_TPDA compile
Jeremy Harris [Sun, 15 Jun 2014 15:16:32 +0000 (16:16 +0100)]
Fix testcase 0390 when testing an EXPERIMENTAL_TPDA compile

Insert a custom-munge for the new transport option.
This may be removed once the code goes mainline.

10 years agoFix testcase 0373
Jeremy Harris [Sun, 15 Jun 2014 14:48:55 +0000 (15:48 +0100)]
Fix testcase 0373

A readsocket expansion against a unix-domain socket which is
immediately closed.  This gave variable results does to the race of
the write into the client-end versus the close at the server end.
Insert under-testsuite delays to assure sequencing; the testcase
now specifically looks for a write into a closed peer.

10 years agoFix dkim for no-key case under SENDFILE compile. Bug 934
Wolfgang Breyha [Wed, 11 Jun 2014 18:19:49 +0000 (19:19 +0100)]
Fix dkim for no-key case under SENDFILE compile.  Bug 934

Tested-by: <wbreyha@gmx.net>
10 years agoTidy coding style. Bug 934
Jeremy Harris [Wed, 11 Jun 2014 18:17:28 +0000 (19:17 +0100)]
Tidy coding style.  Bug 934

10 years agoUse strict C89 variable declaration positioning
Jeremy Harris [Sun, 8 Jun 2014 20:31:47 +0000 (21:31 +0100)]
Use strict C89 variable declaration positioning

10 years agoPreempt future testsuite integration of EXPERIMENTAL_DSN
Jeremy Harris [Sun, 8 Jun 2014 20:13:07 +0000 (21:13 +0100)]
Preempt future testsuite integration of EXPERIMENTAL_DSN

10 years agoFix testcase for today's faster cpus
Jeremy Harris [Sun, 8 Jun 2014 20:08:31 +0000 (21:08 +0100)]
Fix testcase for today's faster cpus

10 years agoTestcase for udpsend
Jeremy Harris [Sun, 8 Jun 2014 16:49:21 +0000 (17:49 +0100)]
Testcase for udpsend

10 years agoInitial set of warnings for the upcoming release
Jeremy Harris [Fri, 6 Jun 2014 19:17:51 +0000 (20:17 +0100)]
Initial set of warnings for the upcoming release

10 years agoFix testcase for 984702 - the buffer boundary was deliberately
Jeremy Harris [Fri, 6 Jun 2014 16:53:08 +0000 (17:53 +0100)]
Fix testcase for 984702 - the buffer boundary was deliberately
being explored by the test

10 years agoMore care with time types
Jeremy Harris [Fri, 6 Jun 2014 14:58:54 +0000 (15:58 +0100)]
More care with time types

10 years agoFix udpsend and ip_connectedsocket(). exim-4_83_RC2
Tony Finch [Thu, 5 Jun 2014 17:01:11 +0000 (18:01 +0100)]
Fix udpsend and ip_connectedsocket().

The ip_connectedsocket() function's socket type support and error
reporting did not work properly.

10 years agoTidy up OpenSSL certificate signature & sig_algorithm extractor results.
Jeremy Harris [Thu, 5 Jun 2014 14:16:29 +0000 (15:16 +0100)]
Tidy up OpenSSL certificate signature & sig_algorithm extractor results.
Bug 1489

10 years agoCompiler quietening
Jeremy Harris [Wed, 4 Jun 2014 19:11:25 +0000 (20:11 +0100)]
Compiler quietening

10 years agoEnsure output buffer big enough for DSN additions to MAIL FROM. Bug 1482
Jeremy Harris [Mon, 26 May 2014 15:07:33 +0000 (16:07 +0100)]
Ensure output buffer big enough for DSN additions to MAIL FROM.  Bug 1482

10 years agoFix tiny ChangeLog typo
Todd Lyons [Mon, 2 Jun 2014 12:54:39 +0000 (05:54 -0700)]
Fix tiny ChangeLog typo

10 years agoSupport service names for tls_on_connect_ports. Bug 72
Jeremy Harris [Sat, 31 May 2014 14:36:13 +0000 (15:36 +0100)]
Support service names for tls_on_connect_ports.  Bug 72

10 years agoFix doc for $sender_host_dnssec. Bug 1485
Jeremy Harris [Fri, 30 May 2014 13:23:12 +0000 (14:23 +0100)]
Fix doc for $sender_host_dnssec. Bug 1485

10 years agoFix no-ssl build
Jeremy Harris [Fri, 30 May 2014 11:58:26 +0000 (12:58 +0100)]
Fix no-ssl build

10 years agoFix delivery $host in client authenticator in verify/callout. Bug 1476
Jeremy Harris [Thu, 29 May 2014 21:46:48 +0000 (22:46 +0100)]
Fix delivery $host in client authenticator in verify/callout.  Bug 1476

10 years agoLog warnings on presence of deperecated options
Jeremy Harris [Thu, 29 May 2014 20:57:04 +0000 (21:57 +0100)]
Log warnings on presence of deperecated options

10 years agoFix dnssec dnsdb lookup in defer_never mode
Jeremy Harris [Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)]
Fix dnssec dnsdb lookup in defer_never mode

10 years agoBug 1444: Fix \r\n handling writing spool file
Todd Lyons [Wed, 28 May 2014 15:48:45 +0000 (08:48 -0700)]
Bug 1444: Fix \r\n handling writing spool file

Fix a bug which causes DKIM signatures to fail because what gets
  written to the spool file is different than what gets passed through
  the DKIM code.

10 years agoMerge tag 'exim-4_82_1' exim-4_83_RC1
Todd Lyons [Wed, 28 May 2014 12:12:00 +0000 (05:12 -0700)]
Merge tag 'exim-4_82_1'

Fix Conflicts:
src/src/dmarc.c

10 years agoSECURITY: DMARC uses From header untrusted data exim-4_82_1
Todd Lyons [Mon, 26 May 2014 19:14:16 +0000 (12:14 -0700)]
SECURITY: DMARC uses From header untrusted data

CVE-2014-2957

To find the sending domain, expand_string() was used to directly parse
  the contents of the From header. This passes untrusted data directly
  into an internal function. Convert to use standard internal parsing
  functions.

10 years agoIncrease limit of smtp_confirmation logging from 100 to 256 chars. Bug 1408
Jeremy Harris [Mon, 26 May 2014 15:26:58 +0000 (16:26 +0100)]
Increase limit of smtp_confirmation logging from 100 to 256 chars.  Bug 1408

10 years agoErrorcheck TLS library calls
Jeremy Harris [Mon, 26 May 2014 10:47:30 +0000 (11:47 +0100)]
Errorcheck TLS library calls

10 years agoRestrict certificate name checkin for wildcards.
Jeremy Harris [Mon, 26 May 2014 09:35:50 +0000 (10:35 +0100)]
Restrict certificate name checkin for wildcards.

On more recent OpenSSL library versions the builtin wildcard checking
can take a restriction option that we want, to disallow the more
complex possibilities of wildcarding.

10 years agoMissing initialiser
Jeremy Harris [Sun, 25 May 2014 12:21:39 +0000 (13:21 +0100)]
Missing initialiser

10 years agoAdd OpenSSL version check
Jeremy Harris [Fri, 23 May 2014 17:46:03 +0000 (18:46 +0100)]
Add OpenSSL version check

10 years agoAdd GnuTLS version check
Jeremy Harris [Fri, 23 May 2014 17:32:48 +0000 (18:32 +0100)]
Add GnuTLS version check

10 years agoMove OCSP out of EXPERIMENTAL
Jeremy Harris [Fri, 23 May 2014 14:50:07 +0000 (15:50 +0100)]
Move OCSP out of EXPERIMENTAL

10 years agoCompiler quietening. Bug 907
Jeremy Harris [Thu, 22 May 2014 20:50:27 +0000 (21:50 +0100)]
Compiler quietening.  Bug 907

10 years agoBug 1394: Document how to do per host conn limits
Todd Lyons [Thu, 22 May 2014 20:24:42 +0000 (13:24 -0700)]
Bug 1394: Document how to do per host conn limits

Since the max connections per host setting is computed and enforced
  in the master listening process before the fork, there is no easy
  way to get an accurate connection count once the Proxy Protocol
  negotiation has been done (i.e. in a child process, after the
  fork). Rather than try to use a shared mmap file using CAS in the
  children to manipulate it, we just advise of a crude version of
  max connections per IP be achieved by using ratelimit per_conn in
  the connect ACL.

10 years agoFix doc for dovecot authenticator. Bugs 1448, 1483
Jeremy Harris [Thu, 22 May 2014 15:22:53 +0000 (16:22 +0100)]
Fix doc for dovecot authenticator.  Bugs 1448, 1483

10 years agoRFC3461 support - MIME DSN messages. Bug 118
Wolfgang Breyha [Wed, 21 May 2014 15:21:46 +0000 (16:21 +0100)]
RFC3461 support - MIME DSN messages.    Bug 118

10 years agoEliminate one foolish way to break the build
Jeremy Harris [Tue, 20 May 2014 21:53:48 +0000 (22:53 +0100)]
Eliminate one foolish way to break the build

10 years agoAdd PRDR feature output in -bV
Todd Lyons [Wed, 21 May 2014 14:03:29 +0000 (07:03 -0700)]
Add PRDR feature output in -bV

10 years agoSupport optional server certificate name checking. Bug 1479
Jeremy Harris [Tue, 20 May 2014 20:25:10 +0000 (21:25 +0100)]
Support optional server certificate name checking.  Bug 1479
Enable EXPERIMENTAL_CERTNAMES to include.

10 years agoFinal tidyout of EXPERIMENTAL_PRDR
Jeremy Harris [Tue, 20 May 2014 20:21:11 +0000 (21:21 +0100)]
Final tidyout of EXPERIMENTAL_PRDR

10 years agoUse accessor functions for OpenSSL internal data
Jeremy Harris [Sat, 17 May 2014 22:43:23 +0000 (23:43 +0100)]
Use accessor functions for OpenSSL internal data

10 years agoGeneral tidying
Jeremy Harris [Tue, 13 May 2014 11:27:04 +0000 (12:27 +0100)]
General tidying

10 years agoTidy certificate verification logic under OpenSSL
Jeremy Harris [Thu, 15 May 2014 23:07:31 +0000 (00:07 +0100)]
Tidy certificate verification logic under OpenSSL

10 years agoExtractors for certificate time fields support integer output modifier
Jeremy Harris [Tue, 13 May 2014 22:50:13 +0000 (23:50 +0100)]
Extractors for certificate time fields support integer output modifier

10 years agoExtractor for named RDN element types from a certificate DN field.
Jeremy Harris [Tue, 13 May 2014 21:02:51 +0000 (22:02 +0100)]
Extractor for named RDN element types from a certificate DN field.

10 years agoUpdated changelog.
Todd Lyons [Tue, 13 May 2014 18:36:35 +0000 (11:36 -0700)]
Updated changelog.

Accidentally included the fix for Bug 1119 in the same commit fixing
  Proxy Protocol version 2 to match the API change in May 2014.

10 years agoBug 1394: PPv2 header modifed
Todd Lyons [Mon, 12 May 2014 23:15:07 +0000 (16:15 -0700)]
Bug 1394: PPv2 header modifed

The HAProxy dev team adjusted the layout of the 16 byte header to allow
  it to be used for SSL connections.  Had to adjust PPv2 handling code
  and perl proxy emulation script.
Added link to this HAProxy commit in the documentation.

10 years agoFix cert fingerprint path to deny noncerts
Jeremy Harris [Tue, 13 May 2014 17:54:06 +0000 (18:54 +0100)]
Fix cert fingerprint path to deny noncerts

10 years agocertextract tidying
Jeremy Harris [Tue, 13 May 2014 16:47:04 +0000 (17:47 +0100)]
certextract tidying

10 years agoAdd doc notes on verifying self-signing hosts
Jeremy Harris [Tue, 13 May 2014 14:38:14 +0000 (15:38 +0100)]
Add doc notes on verifying self-signing hosts

10 years agoUpdate docs for suggested Ident and PRDR settings
Jeremy Harris [Tue, 13 May 2014 15:37:41 +0000 (16:37 +0100)]
Update docs for suggested Ident and PRDR settings

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Tue, 13 May 2014 15:36:22 +0000 (08:36 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoTest suite normalize TLS 1.[12] to TLS1
Todd Lyons [Tue, 13 May 2014 15:36:08 +0000 (08:36 -0700)]
Test suite normalize TLS 1.[12] to TLS1

10 years agoMove PRDR out of EXPERIMENTAL
Jeremy Harris [Tue, 13 May 2014 14:44:09 +0000 (15:44 +0100)]
Move PRDR out of EXPERIMENTAL

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Mon, 12 May 2014 15:12:17 +0000 (08:12 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoProvide better sprintf debug output for callers
Todd Lyons [Mon, 12 May 2014 15:03:08 +0000 (08:03 -0700)]
Provide better sprintf debug output for callers

10 years agoPropagate dnssec status from dnslookup router through transport to tpda
Jeremy Harris [Mon, 12 May 2014 14:30:47 +0000 (15:30 +0100)]
Propagate dnssec status from dnslookup router through transport to tpda

10 years agoFix pair of buffer size errors. Bug 1478
Jeremy Harris [Mon, 12 May 2014 12:54:33 +0000 (13:54 +0100)]
Fix pair of buffer size errors.  Bug 1478

Reported-by: David Binderman
10 years agoNew expansion operator sha256 for certificates. Bug 1170
Jeremy Harris [Sat, 10 May 2014 14:37:52 +0000 (15:37 +0100)]
New expansion operator sha256 for certificates.  Bug 1170

10 years agoMore testcase serialization
Jeremy Harris [Sun, 11 May 2014 19:27:04 +0000 (20:27 +0100)]
More testcase serialization

10 years agoCompiler quietening and testcase consistency
Jeremy Harris [Sun, 11 May 2014 11:27:29 +0000 (12:27 +0100)]
Compiler quietening and testcase consistency
Fix an unterminated comment from 018058b

10 years agoRemove extraneous debug
Jeremy Harris [Fri, 9 May 2014 20:40:25 +0000 (21:40 +0100)]
Remove extraneous debug

10 years agoMake $tls_out_ocsp visible to TPDA (mostly testsuite)
Jeremy Harris [Wed, 7 May 2014 19:46:49 +0000 (20:46 +0100)]
Make $tls_out_ocsp visible to TPDA (mostly testsuite)

10 years agoCertificate-related routines only present when TLS is supported
Jeremy Harris [Thu, 8 May 2014 22:29:35 +0000 (23:29 +0100)]
Certificate-related routines only present when TLS is supported

10 years agoEnable operator md5 and sha1 use on certificate variables. Bug 1170
Jeremy Harris [Thu, 8 May 2014 19:38:46 +0000 (20:38 +0100)]
Enable operator md5 and sha1 use on certificate variables.  Bug 1170

10 years agoOCSP observability: variables $tls_{in,out}_ocsp
Jeremy Harris [Tue, 6 May 2014 13:44:21 +0000 (14:44 +0100)]
OCSP observability: variables $tls_{in,out}_ocsp
and smtp transport option hosts_request_ocsp

10 years agoRefactor tls_client_init interface
Jeremy Harris [Tue, 6 May 2014 07:44:59 +0000 (08:44 +0100)]
Refactor tls_client_init interface

10 years agoExtractors for subject-alternate-name, ocsp-uri, crl-uri return list. Bug 1358
Jeremy Harris [Mon, 5 May 2014 15:53:48 +0000 (16:53 +0100)]
Extractors for subject-alternate-name, ocsp-uri, crl-uri return list.  Bug 1358

10 years agoFix build with OpenSSL on earlier versions.
Jeremy Harris [Sun, 4 May 2014 17:28:51 +0000 (18:28 +0100)]
Fix build with OpenSSL on earlier versions.

Centos 6.5 and earlier had a build fail with GENERAL_NAME etc. undefined.
Just include the file defining it even if it's a duplicate on later versions.

10 years agoMore debug output
Jeremy Harris [Sat, 3 May 2014 20:36:14 +0000 (21:36 +0100)]
More debug output

10 years agoRestore testsuite operation on earlier GnuTLS libraries
Jeremy Harris [Sat, 3 May 2014 17:08:19 +0000 (18:08 +0100)]
Restore testsuite operation on earlier GnuTLS libraries

Typo

10 years agoRestore testsuite operation on earlier GnuTLS libraries
Jeremy Harris [Sat, 3 May 2014 16:46:23 +0000 (17:46 +0100)]
Restore testsuite operation on earlier GnuTLS libraries

10 years agoCertificate variables and field-extractor expansions. Bug 1358
Jeremy Harris [Fri, 2 May 2014 17:50:34 +0000 (18:50 +0100)]
Certificate variables and field-extractor expansions.  Bug 1358

10 years agoSupport dnssec in verify-callout use of smtp transport.
Jeremy Harris [Thu, 1 May 2014 22:26:14 +0000 (23:26 +0100)]
Support dnssec in verify-callout use of smtp transport.
Use of dnslookup router support is already present.

10 years agoCancel in-progress or reject requeted cutthrough when fakereject. Bug 1475
Jeremy Harris [Tue, 29 Apr 2014 23:16:30 +0000 (00:16 +0100)]
Cancel in-progress or reject requeted cutthrough when fakereject.  Bug 1475

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Wed, 30 Apr 2014 00:07:04 +0000 (17:07 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoBug 1454: Option -oMm for message reference
Heiko Schlichting [Tue, 2 Apr 2013 19:06:03 +0000 (21:06 +0200)]
Bug 1454: Option -oMm for message reference

Includes docs and test suite

10 years agoAdd options dnssec_request_domains, dnssec_require_domains to the smtp transport
Jeremy Harris [Sun, 27 Apr 2014 17:17:29 +0000 (18:17 +0100)]
Add options dnssec_request_domains, dnssec_require_domains to the smtp transport

Note there are no testsuite cases included.

TODO in this area:
- dnssec during verify-callouts
- dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup

10 years agoSupport OCSP Stapling under GnuTLS. Bug 1459
Jeremy Harris [Thu, 24 Apr 2014 22:28:24 +0000 (23:28 +0100)]
Support OCSP Stapling under GnuTLS.  Bug 1459
Requires GnuTLS version 3.1.3 or later.
Under EXPERIMENTAL_OCSP

10 years agoDnssec observability: add variable $lookup_dnssec_authenticated
Jeremy Harris [Thu, 24 Apr 2014 15:41:11 +0000 (16:41 +0100)]
Dnssec observability: add variable $lookup_dnssec_authenticated

10 years agoFix typo in markup. Add .new/.wen.
Todd Lyons [Thu, 24 Apr 2014 14:54:36 +0000 (07:54 -0700)]
Fix typo in markup.  Add .new/.wen.

10 years agoBug 609: Add -C option to exiqgrep
Lars Timmann [Thu, 24 Apr 2014 00:03:06 +0000 (17:03 -0700)]
Bug 609: Add -C option to exiqgrep

Option is a passthrough to the exim process that it spawns that
  generates the queue list.

Fixed Conflicts:
doc/doc-txt/ChangeLog

10 years agodnssec_strict, _lax, _never modifiers for dnsdb lookups
Jeremy Harris [Wed, 23 Apr 2014 23:49:56 +0000 (00:49 +0100)]
dnssec_strict, _lax, _never modifiers for dnsdb lookups

Lacking testsuite coverage

10 years agoBug 1453: Add SERVERS ldap server list override
Heiko Schlichting [Wed, 23 Apr 2014 14:30:41 +0000 (07:30 -0700)]
Bug 1453: Add SERVERS ldap server list override

10 years agoMerge branch 'master' of git://git.exim.org/exim
Todd Lyons [Wed, 23 Apr 2014 12:26:34 +0000 (05:26 -0700)]
Merge branch 'master' of git://git.exim.org/exim

10 years agoMake --verbose propogate to html generation script
Todd Lyons [Wed, 23 Apr 2014 12:25:54 +0000 (05:25 -0700)]
Make --verbose propogate to html generation script

10 years agoMerge remote-tracking branch 'github/pr/13'
Phil Pennock [Mon, 21 Apr 2014 23:42:21 +0000 (19:42 -0400)]
Merge remote-tracking branch 'github/pr/13'

(exiqgrep -a support)

10 years agoexiqgrep: add -a to use all recipients (including delivered)
mg [Mon, 21 Apr 2014 22:41:34 +0000 (00:41 +0200)]
exiqgrep: add -a to use all recipients (including delivered)

10 years agoUpdated GnuTLS error messages
Jeremy Harris [Mon, 21 Apr 2014 15:50:46 +0000 (16:50 +0100)]
Updated GnuTLS error messages

10 years agoFix testcase "server missing/empty certificate file"
Jeremy Harris [Mon, 21 Apr 2014 15:34:01 +0000 (16:34 +0100)]
Fix testcase "server missing/empty certificate file"

GnuTLS early versions (pre 3.0.0 ?) fail to send a reasonable
client-cert request when tls_verify_certificates is an empty file.
Since the test is for missing *server* certs (tls_certificate)
avoid this by pointing to a real (if non-verifying) cert in
tls_verify_certificates.

10 years agoFix DISABLE_DNSSEC build
Jeremy Harris [Mon, 21 Apr 2014 12:07:17 +0000 (13:07 +0100)]
Fix DISABLE_DNSSEC build

Bad syntax possibly only affected some compilers.

10 years agoMake testcase more robust vs. timing variations
Jeremy Harris [Sun, 20 Apr 2014 22:28:34 +0000 (23:28 +0100)]
Make testcase more robust vs. timing variations
by restricting operations and logging to fewer items of interest

10 years agoRestore testsuite operation under gnuTLS 2.8.5
Jeremy Harris [Sun, 20 Apr 2014 20:50:48 +0000 (21:50 +0100)]
Restore testsuite operation under gnuTLS 2.8.5

10 years agoUpdate testsuite for gnuTLS 3.1.23
Jeremy Harris [Sun, 20 Apr 2014 19:53:32 +0000 (20:53 +0100)]
Update testsuite for gnuTLS 3.1.23

10 years agoAdd options dnssec_request_domains, dnssec_require_domains to the dnslookup router
Jeremy Harris [Sun, 20 Apr 2014 15:44:52 +0000 (16:44 +0100)]
Add options dnssec_request_domains, dnssec_require_domains to the dnslookup router

Note there are no testsuite cases included.

TODO in this area:
- dnssec during verify-callouts
- dnssec during dnsdb expansions
- dnssec on the forward lookup of a verify=helo and verify=reverse_host_lookup
- observability of status of requested dnssec

10 years agoFix handling of $tls_cipher et.al. in (non-verify) transport. Bug 1455
Jeremy Harris [Sun, 20 Apr 2014 15:44:52 +0000 (16:44 +0100)]
Fix handling of $tls_cipher et.al. in (non-verify) transport.  Bug 1455

The split of these variables into _in and _out sets introduced by d9b231
in 4.82 was incomplete, leaving the deprecated legacy variables nonfunctional
during a transport and associated client authenticator.

Fix by repointing the legacy set to the outbound connection set at
transport startup (and do not clear out the inbound set at this
time, either).