Phil Pennock [Sat, 27 Aug 2011 21:43:09 +0000 (14:43 -0700)]
Add protocol=smtps support to smtp transport.
Permits SSL-on-connect for outbound connections.
Heavily based on Simon Arlott's patch, but with enough modifications to
risk new bugs.
nb: am on a plane, change confirmed to compile on MacOS, nothing more
fixes bug 97
Phil Pennock [Sat, 27 Aug 2011 18:58:44 +0000 (11:58 -0700)]
Raise smtp_cmd_buffer_size to 16384.
Needed to interoperate with SASL commands containing a large
initial-response; in practice, GSSAPI with authorisation data, such as
in a Windows domain.
Patch from Paul Fisher.
fixes bug 879
Phil Pennock [Wed, 6 Jul 2011 15:19:17 +0000 (11:19 -0400)]
Pull strict-aliasing fix for sockaddr_46.
One-line code change in unattributed .patch file bundled in someone's
.src.rpm.
We cause plenty of warnings for -Wstrict-aliasing=2, most appear to be
signed/unsigned char issues.
Tony Finch [Thu, 30 Jun 2011 19:03:17 +0000 (20:03 +0100)]
Use git to automatically create version.h
Adapted from git itself via unifdef. This does not (yet) include
the equivalent automation for the doc build.
Tony Finch [Thu, 30 Jun 2011 18:05:02 +0000 (19:05 +0100)]
Another PCRE remnant.
Tony Finch [Thu, 30 Jun 2011 17:45:03 +0000 (18:45 +0100)]
More PCRE cleanup.
Tony Finch [Thu, 30 Jun 2011 15:54:51 +0000 (16:54 +0100)]
Remove a few PCRE remnants.
Tony Finch [Wed, 29 Jun 2011 16:31:00 +0000 (17:31 +0100)]
Remove obsolete $Cambridge$ CVS revision strings.
I have also de-CVSed the ABOUT files and cleaned up a few
introductory comments.
Tony Finch [Fri, 17 Jun 2011 19:55:53 +0000 (20:55 +0100)]
doc/doc-txt/NewStuff: note the ratelimit changes.
Tony Finch [Mon, 13 Jun 2011 20:48:24 +0000 (21:48 +0100)]
Improved ratelimit ACL condition.
Replace /noupdate with simpler /readonly option. (/noupdate is
supported for backwards compatibility but no longer documented.)
Better checking of the compatibility between per_* options and the
ACL in which the ratelimit condition appears.
Better handling of the start of a burst of email and of very low-rate
clients.
The new /count= option generalizes the per_byte and per_rcpt options.
The new /unique= option is a rather groovy use for a Bloom filter.
Tony Finch [Tue, 7 Jun 2011 15:48:44 +0000 (16:48 +0100)]
exiwhat: Ensure the SIGUSR1 signal handler is safe.
exiwhat sends a SIGUSR1 to all exim processes to make them write
their status to the process log. This is all done in the signal
handler, but the logging code makes a number of calls that are not
signal safe. These can all cause crashes or recursive locking in
libc.
Firstly, obtaining and formatting the timestamp is not safe.
Doing so is unnecessary since exiwhat strips off the timestamp.
This change removes timestamps from the process log.
Secondly, exim closes all the logs after writing the process
log. Closing syslog is not signal safe, and isn't necessary.
We now only close the process log after writing to it.
Thirdly, exim may calculate the process_log_path inside the signal
handler which involves some possibly-unsafe string handling code.
This change calculates the path when reading the configuration.
Fourthly, when exim creates the process log file it might have to
call the unsafe directory_create() though this is unlikely in
practice. After this change exim only calls log_create() in a
subprocess which is safe - it sometimes needs to do so anyway, if
it is running as root and needs to drop privileges.
The new code has no process log handling in log.c which eliminates
some awkward special cases. It uses very simple code to write to
the file in the signal handler, so it is obviously safe by inspection.
Tony Finch [Tue, 7 Jun 2011 15:48:44 +0000 (16:48 +0100)]
Ensure we log the error message when unlink() fails.
See also commit ID
0761d44e
Tom Kistner [Sun, 5 Jun 2011 16:08:36 +0000 (17:08 +0100)]
DKIM Verification: Fix relaxed canon for empty headers w/o
whitespace trailer
Tony Finch [Mon, 9 May 2011 10:20:26 +0000 (11:20 +0100)]
malware.c: avoid arithmetic on a void pointer.
Phil Pennock [Mon, 9 May 2011 09:31:39 +0000 (05:31 -0400)]
Solaris build fix for Oracle's LDAP libraries.
Patch from Stephen Usher.
fixes 1109
Phil Pennock [Mon, 9 May 2011 08:36:25 +0000 (04:36 -0400)]
Testsuite: Compiler info skip; whitespace stupidity.
Phil Pennock [Mon, 9 May 2011 03:00:17 +0000 (23:00 -0400)]
ChangeLog updates for the security issues.
Phil Pennock [Sun, 8 May 2011 07:11:09 +0000 (03:11 -0400)]
INT_MIN {/,%} -1 = INT_MAX for our purposes.
Dodge a SIGFPE on x86.
Tom Kistner [Sun, 8 May 2011 09:08:12 +0000 (10:08 +0100)]
Merge branch 'tom_dev'
Tom Kistner [Sun, 8 May 2011 08:58:12 +0000 (09:58 +0100)]
Don't use match_isinlist() for simple string list matching
Phil Pennock [Sat, 7 May 2011 21:17:04 +0000 (17:17 -0400)]
Typo fixes from Andreas Metzler.
fixes bug 1111
Phil Pennock [Fri, 6 May 2011 10:24:14 +0000 (06:24 -0400)]
Prep for 4.76 release. Version bumps, ChangeLog update.
Phil Pennock [Thu, 5 May 2011 01:41:58 +0000 (21:41 -0400)]
Fix compile of exim_monitor
The "Compiler masochism compliance" patch changed the log_write()
prototype to use "const char *" instead of "char *"; I don't have X11 on
my main box, so neglected to handle exim_monitor's duplicate definition
of log_write().
Fixes bug 1107
Tom Kistner [Sat, 30 Apr 2011 12:20:17 +0000 (13:20 +0100)]
Bugzilla #1106: Don't pass DKIM compound log line as format string
Phil Pennock [Tue, 26 Apr 2011 19:02:09 +0000 (15:02 -0400)]
Cond !bool{}/!bool_lax{} did not negate. Fixed.
Fixes bug: 1104
Phil Pennock [Tue, 12 Apr 2011 20:26:44 +0000 (16:26 -0400)]
Also ${eval:x % 0} fixed to not SIGFPE.
Pointed out by: Steven A. Reisman
Phil Pennock [Tue, 12 Apr 2011 08:24:12 +0000 (04:24 -0400)]
Catch divide-by-zero in ${eval:...}.
Fixes 1102
Phil Pennock [Sat, 26 Mar 2011 18:08:02 +0000 (14:08 -0400)]
Merge branch 'master' of git://git.exim.org/exim
Tom Kistner [Sat, 26 Mar 2011 14:24:09 +0000 (14:24 +0000)]
Revert "Avoid conflicting prototypes for strsignal()"
This reverts commit
29f20a41029cc5e36a8756ad8dfda64d0ed314ce.
Phil has staged something better.
Tom Kistner [Sat, 26 Mar 2011 08:49:12 +0000 (08:49 +0000)]
Merge branch 'master' of /home/git/exim into tom_dev
Tom Kistner [Sat, 26 Mar 2011 08:46:42 +0000 (08:46 +0000)]
Avoid conflicting prototypes for strsignal()
Phil Pennock [Sat, 26 Mar 2011 04:32:44 +0000 (00:32 -0400)]
Rely on system prototypes if we #define our os funcs.
The const-ness updates broke systems where `os_strsignal()` gets mapped
to `strsignal()`, which does *not* return `const char *` but `char *`.
If we #define away, then there should be a prototype from the system
headers.
Tom Kistner [Fri, 25 Mar 2011 10:46:33 +0000 (10:46 +0000)]
Bugzilla #1097: PDKIM: Update embedded PolarSSL code to 0.14.2, thanks to Andreas Metzler for the patch!
Phil Pennock [Thu, 24 Mar 2011 08:40:33 +0000 (04:40 -0400)]
Also memset(.., 0, ..) the pre-TLS input buffer.
Phil Pennock [Thu, 24 Mar 2011 06:37:39 +0000 (02:37 -0400)]
Extra paranoia around STARTTLS-with-data-in-buffer.
Phil Pennock [Wed, 23 Mar 2011 02:28:33 +0000 (22:28 -0400)]
Avoid segfault on ref:name specified as uid.
If group not also specified, make this a fatal error. If group
specified, we'll error out anyway unless the group can be resolved.
Approach considered but not followed: fatal config error if built with
ref:name where name is a number.
fixes bug 1098
Phil Pennock [Tue, 22 Mar 2011 13:46:28 +0000 (09:46 -0400)]
Mention dns_use_edns0
Phil Pennock [Tue, 22 Mar 2011 13:37:32 +0000 (09:37 -0400)]
Added dns_use_edns0 main option.
Is int because need a "do not override default" option, but that stops
us from using the bool expansion logic and so we need to explicitly
set numbers. Should try to find a way around that.
Phil Pennock [Tue, 22 Mar 2011 12:39:43 +0000 (08:39 -0400)]
openssl_options: rejig default code & debug prints.
A couple of debug_printf()s missing trailing \n.
Set the default to 0L and |= the one item we default, rather than
setting outright, in the hopes of soon also |= setting another option if
available (SSL_OP_NO_SSLv2).
Phil Pennock [Tue, 22 Mar 2011 12:35:54 +0000 (08:35 -0400)]
New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
(no changes to any defaults).
Phil Pennock [Tue, 22 Mar 2011 11:01:52 +0000 (07:01 -0400)]
Harmonised TLS library version reporting.
Only show if debugging.
Layout now matches that introduced for other libraries in 4.74 PP/03.
Phil Pennock [Tue, 22 Mar 2011 10:43:34 +0000 (06:43 -0400)]
Make ldap_require_cert work (not segfault).
The clang complaint, which also triggered a gcc complaint, was
legitimate. My first test, which suggested no problem, was flawed.
This:
ldap_start_tls
ldap_require_cert = demand
would cause a segfault on LDAP lookup.
fixes bug 230
Phil Pennock [Tue, 22 Mar 2011 10:33:20 +0000 (06:33 -0400)]
Report compiler in -d -bV. Clang compat.
Exim successfully builds with clang, albeit with a number of warnings.
* Our %n usage in printf() calls appears to be correct and safe, AFAICT.
* dummy functions are, unsurprisingly, unused
* Valgrind macros cause vociferous complaints
* Dynamic modules *not* tested
Further clang testing on my part will require an OS update and clang
2.9 to get -rdynamic support.
Phil Pennock [Tue, 22 Mar 2011 09:36:24 +0000 (05:36 -0400)]
Compiler masochism compliance.
Be able to build most of Exim with:
-Werror -Wwrite-strings -Wunused-function -Waddress -Wpointer-sign
-Wformat -Wuninitialized -Winit-self
Skipped a change to auth-spa which I was uncertain of. That is not
the most readable of code.
Temporarily gave up on src/src/pdkim/pdkim.c, as header_name_match()
treats the second param as const or not depending on the third param.
(I hacked the build-*/pdkim/Makefile to continue past this)
Much of this change is const propagation.
Phil Pennock [Tue, 22 Mar 2011 09:26:36 +0000 (05:26 -0400)]
Set "new since" to the 4.75 release.
Stripped all .new/.wen except the exemplar. 4.75 was a stabilisation
release, reset the accumulation of "this is new".
Phil Pennock [Tue, 22 Mar 2011 08:00:51 +0000 (04:00 -0400)]
no_freeze_signal in output.
Pipe transport option added in:
2fe767453007d1b015f52313d16dc61635085621
Phil Pennock [Tue, 22 Mar 2011 07:37:07 +0000 (03:37 -0400)]
Fix RFC2047 encoding tests after robustness patch.
Output changed by:
Commit
86ae49a65fce504ebcf9c30ddff213cca71fb872
Fix wide character breakage in the rfc2047 coding
Fixes bug 1064
Patch frome Andrey N. Oktyabrski
Tony Finch [Thu, 3 Mar 2011 15:08:05 +0000 (15:08 +0000)]
Another valgrind.h portability fix.
C89 compilers do not support variable argument macros.
Our copy of valgrind.h now differs from upstream.
Reported-by: Heiko Schlichting <heiko.schlichting@fu-berlin.de>
Nigel Metheringham [Mon, 28 Feb 2011 10:25:22 +0000 (10:25 +0000)]
Fixed previous changelog to Bugzilla 968
Ugh - typo-ed previous bugzilla id (case of probably shouldn't be
let near a keyboard today).
Nigel Metheringham [Mon, 28 Feb 2011 08:57:03 +0000 (08:57 +0000)]
Add missing changelog for Bugzilla 698
Phil Pennock [Wed, 23 Feb 2011 23:36:32 +0000 (18:36 -0500)]
DISABLE_DKIM has never worked. Fix that.
Phil Pennock [Wed, 23 Feb 2011 10:26:58 +0000 (05:26 -0500)]
Work on IRIX by setting _XPG=1
Phil Pennock [Tue, 22 Feb 2011 03:17:13 +0000 (22:17 -0500)]
Don't disable quota when maildirsize lost to races.
When maildir_ensure_sizefile() returns -2, we still have size
information, so we can still use that. Don't disable quota. As a
result, do refrain from potentially calling close(-2).
Fixes bug 1086
Nigel Metheringham [Mon, 21 Feb 2011 12:53:04 +0000 (12:53 +0000)]
Moved variable decl to start of block for old gcc
Nigel Metheringham [Mon, 21 Feb 2011 12:49:34 +0000 (12:49 +0000)]
Trivial spelling fix in ChangeLog
Thanks to Dennis Davis in full pedant mode!
Phil Pennock [Mon, 21 Feb 2011 08:06:10 +0000 (03:06 -0500)]
Fix doc/ directory assembly in build-script.
Phil Pennock [Mon, 21 Feb 2011 06:33:58 +0000 (01:33 -0500)]
Fix doc typos. Add freeze_signal to OptionLists.
Phil Pennock [Mon, 21 Feb 2011 06:21:14 +0000 (01:21 -0500)]
Exim 4.75.
Exim 4.75, prepping for release.
"Previous" version of docs deliberately remains 4.72.
Phil Pennock [Mon, 21 Feb 2011 06:09:25 +0000 (01:09 -0500)]
DKIM multiple signature generation fix.
Patch from Uwe Doering, sign-off by Michael Haardt.
fixes bug 1019
Phil Pennock [Mon, 21 Feb 2011 05:55:44 +0000 (00:55 -0500)]
maildir_tag hint provided by Heiko Schlittermann.
(and add .new/.wen to previous change).
Phil Pennock [Mon, 21 Feb 2011 05:38:07 +0000 (00:38 -0500)]
Deal with maildir quota file races.
Based on patch from Heiko Schlittermann.
Fixes bug 1086.
Phil Pennock [Mon, 21 Feb 2011 05:11:32 +0000 (00:11 -0500)]
Improved spamd server selection.
Patch from Mark Zealey.
Fixes bug 1056.
Phil Pennock [Mon, 21 Feb 2011 04:44:50 +0000 (23:44 -0500)]
Update $message_linecount for maildir_tag.
Patch from Mark Zealey.
Fixes bug 1055.
Phil Pennock [Mon, 21 Feb 2011 04:28:45 +0000 (23:28 -0500)]
Minor robustness fixes for debugging.
sig_atomic_t for signal-handlers.
getgroups() return value checking.
Developed for bug 927.
Tom Kistner [Mon, 14 Feb 2011 19:24:00 +0000 (19:24 +0000)]
BugZilla 1006 - recommit patch from Micha Lenk
Phil Pennock [Sun, 13 Feb 2011 05:45:12 +0000 (00:45 -0500)]
Move lookup extern decls to file scope.
Should permit building on old gcc which dislikes extern inside function
scope.
Patch from Oliver Fleischmann, who encountered this with gcc 2.95.2.
Phil Pennock [Sun, 13 Feb 2011 05:31:49 +0000 (00:31 -0500)]
Implement %M datestamping in log filenames.
Patch from Simon Arlott.
fixes bug 486
Phil Pennock [Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)]
Don't reveal SQL expansion failure details in SMTP.
fixes bug 1061
Phil Pennock [Sun, 13 Feb 2011 05:09:18 +0000 (00:09 -0500)]
Implement freeze_signal on pipe transport.
Patch from Jakob Hirsch.
fixes bug 1042
Phil Pennock [Sun, 13 Feb 2011 02:49:36 +0000 (21:49 -0500)]
Escape lookup deferral error message when logging.
closes bug 1083
Patch from John Horne.
Phil Pennock [Mon, 7 Feb 2011 01:50:09 +0000 (20:50 -0500)]
RC releases get marked as such in version.h.
Release-tools only, no NewStuff/ChangeLog
Nigel Metheringham [Sun, 6 Feb 2011 19:20:06 +0000 (19:20 +0000)]
Fix exiqgrep issue where malformed lines not parsed
Fixes bug 943
Lightly tested, but not with report error condition,
would like reporter to check this fix on their system.
Phil Pennock [Sat, 5 Feb 2011 05:23:31 +0000 (00:23 -0500)]
Strip \x{c2} from .txt files and audit.
Am unable to keep the build process from inserting spurious \x{c2}
characters into the created .txt files.
Strip the characters in Tidytxt.
Add SanityTestText to do a final audit for non-ASCII characters in the
.txt files. Dependency: pcregrep if available, else uses Perl.
Phil Pennock [Sat, 5 Feb 2011 05:22:28 +0000 (00:22 -0500)]
LDAP TLS negotiation support.
closes bug 230
Applies patches provided by Adam Ciarcinski of NetBSD in bug 230.
Adds documentation.
Tested the negotiation and server verification, not tested the client
certificate presentation but looks sane.
Nigel Metheringham [Sun, 30 Jan 2011 19:45:13 +0000 (19:45 +0000)]
Allow underscore in dnslist lookups
Fixes bug 1026
Patch from Graeme Fowler
Nigel Metheringham [Sun, 30 Jan 2011 19:43:33 +0000 (19:43 +0000)]
Added ChangeLog entry for f68cdd
Nigel Metheringham [Sun, 30 Jan 2011 15:50:46 +0000 (15:50 +0000)]
Fix wide character breakage in the rfc2047 coding
Fixes bug 1064
Patch frome Andrey N. Oktyabrski
Nigel Metheringham [Sun, 30 Jan 2011 15:33:20 +0000 (15:33 +0000)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim
Nigel Metheringham [Sun, 30 Jan 2011 15:25:28 +0000 (15:25 +0000)]
child_open_uid: restore default SIGPIPE handler
Fixes bug 968
Merge branch 'sigpipe-fix' of git://github.com/lp0/exim into master
Phil Pennock [Sun, 30 Jan 2011 08:44:24 +0000 (03:44 -0500)]
Testing: Exim must not use HEADERS_CHARSET UTF-8.
Failed at test 178.
Phil Pennock [Sun, 30 Jan 2011 08:34:31 +0000 (03:34 -0500)]
sudo !tty_tickets; correct config file list.
sudo needs to permit sudo w/o a TTY.
The config file used is the same for each test, the individual config
files are made available under a particular name. Correct that advice.
Phil Pennock [Sun, 30 Jan 2011 08:13:21 +0000 (03:13 -0500)]
Test suite mostly clean for 4.73/4.74.
With this, I can run the test suite with few enough differences that I
can review and confirm, getting as far as Basic/0094.
Pretty much just dealing with new stderr from debugging.
Phil Pennock [Sun, 30 Jan 2011 08:04:52 +0000 (03:04 -0500)]
macros_trusted overriden message only if debugging.
DEBUG(D_any) missing. Fixed.
Phil Pennock [Sun, 30 Jan 2011 05:21:20 +0000 (00:21 -0500)]
The test suite dislikes USE_READLINE.
There's a lot of copying of stdin to stdout when using readline for -be,
which breaks the test suite. The suite now runs well enough for me to
fix the stuff broken by the debugging changes I introduced.
Nigel Metheringham [Fri, 28 Jan 2011 13:19:58 +0000 (13:19 +0000)]
Incremental improvement of release build script
Phil Pennock [Fri, 28 Jan 2011 00:11:17 +0000 (19:11 -0500)]
Use LC_ALL=C for building lookups/Makefile.
Phil Pennock [Fri, 28 Jan 2011 00:08:45 +0000 (19:08 -0500)]
Pulled spamd_address-expanded caching fix.
Author: Wolfgang Breyha
Bugzilla: 935
Attachment: 378
(looks like it could do with a strcmp check at the end before the extra
string_copy, but that's a nicety and the author has presumably been
running with this).
Phil Pennock [Fri, 28 Jan 2011 00:07:05 +0000 (19:07 -0500)]
Permit make values to be indented or in env.
It appears some make(1)s are not complaining about variables defined
with leading whitespace on the line. Permit that where we can, for the
lookups, but it's not tenable for CFLAGS_DYNAMIC.
Some people are specifying knobs on the make command-line, so we get
them via the environment.
Tested: indented LOOKUP_CDB and commented out LOOKUP_DNSDB, supplying it
via { make LOOKUP_DNSDB=yes }. { exim -d --version } shows both are
built-in, no results from { fgrep DNSDB build-*/Makefile }.
Tony Finch [Thu, 27 Jan 2011 16:26:36 +0000 (16:26 +0000)]
Fix portability of Makefiles to HP-UX and other non-extended makes.
Tony Finch [Tue, 11 Jan 2011 15:12:56 +0000 (15:12 +0000)]
Fix portability bugs in valgrind support.
Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
This fixes portability to compilers other than gcc, notably
Solaris CC and HP-UX CC.
Fixes: bug #1050.
Nigel Metheringham [Wed, 26 Jan 2011 11:04:32 +0000 (11:04 +0000)]
Workround compile error with old PCRE versions
Fixes bug #1073
Phil Pennock [Mon, 24 Jan 2011 21:40:38 +0000 (16:40 -0500)]
Bug-fix the xpg4 Solaris logic.
Should not code at 9am when still awake then.
Should sanity-review such code changes before submitting (after sleep).
Should s,/usr/xpg4/bin/sh,/bin/bash, as a convenient test to confirm
what I suspected. But should do so pre-submit.
Doh.
Phil Pennock [Mon, 24 Jan 2011 19:35:04 +0000 (14:35 -0500)]
Compatibility fixes for dynlookup makefile builder.
Don't abort if CFLAGS_DYNAMIC not defined. Oops!
Attempt to get a POSIX environment on Solaris.
Document POSIXy assumptions going forward.
Problems reported by: Dennis Davis
Phil Pennock [Sun, 23 Jan 2011 10:41:55 +0000 (05:41 -0500)]
Loadable modules: fix debug invocations
The new code was calling DEBUG(<n>) for values of n including 4, 5, 9;
that was an Exim 3 API, we now use bits; -v sets bit 0x1, -bP implies
-v, so { exim -bP } was pulling up random debug messages.
Switched all the DEBUG checks to be DEBUG(D_lookup).
Phil Pennock [Sun, 23 Jan 2011 10:44:45 +0000 (05:44 -0500)]
Bug 1071: fix delivery logging with untrusted macros.
If dropping privileges for untrusted macros, we disabled normal logging
on the basis that it would fail; for the Exim run-time user, this is not
the case, and it resulted in successful deliveries going unlogged.
Fixed. Reported by Andreas Metzler.
Phil Pennock [Sun, 23 Jan 2011 08:26:09 +0000 (03:26 -0500)]
Report TRUSTED_CONFIG_LIST & WHITELIST_D_MACROS.
When invoked { exim -d -bV } show these build-time options that affect
what can be done.
Phil Pennock [Sun, 23 Jan 2011 08:11:21 +0000 (03:11 -0500)]
Document 1041 merge (DCC fix).
Phil Pennock [Sat, 22 Jan 2011 23:40:43 +0000 (18:40 -0500)]
Merge branch 'master' of git://git.exim.org/exim
Phil Pennock [Sat, 22 Jan 2011 23:33:45 +0000 (18:33 -0500)]
Bugzilla 1041: pull patch id=425, DCC fixes.
DCC return codes were not always correct. Patch from DCC code
maintainer, Wolfgang Breyha.
Phil Pennock [Sat, 22 Jan 2011 21:52:17 +0000 (21:52 +0000)]
Sign Script - Take EXIM_KEY from environ.