Jeremy Harris [Sun, 17 Aug 2014 00:05:21 +0000 (01:05 +0100)]
Add sha256 operator usage
Jeremy Harris [Sat, 16 Aug 2014 20:37:36 +0000 (21:37 +0100)]
Clarify docs on ldap alternate servers list
Jeremy Harris [Thu, 14 Aug 2014 20:37:00 +0000 (21:37 +0100)]
Clean docs for next release
Todd Lyons [Thu, 14 Aug 2014 19:59:49 +0000 (12:59 -0700)]
ChangeLog entry for OpenBSD 5.5 patch
Todd Lyons [Thu, 14 Aug 2014 19:37:23 +0000 (12:37 -0700)]
Merge branch 'master' of git://git.exim.org/exim
Todd Lyons [Thu, 14 Aug 2014 19:36:34 +0000 (12:36 -0700)]
Properly detect/set test variables from scripts.
Todd Lyons [Thu, 14 Aug 2014 12:30:54 +0000 (05:30 -0700)]
OpenBSD 5.5 removed arc4random_stir
Jeremy Harris [Wed, 13 Aug 2014 15:23:44 +0000 (16:23 +0100)]
Testsuite - Squashed commit of the following:
commit
7566c531c43298510e080eb8a7ed7cf767f9476b
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed Aug 13 16:20:38 2014 +0100
Assorted OpenSSL cases fail on different library versions. Discard stdout info to hide this.
commit
3d389bc6a5ba0943f1b451fa7a8f2e3246de0bb1
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed Aug 13 14:05:19 2014 +0100
Case 0563 was broken when the GECOS field had spaces. Accept quoted ones in stderr.
commit
d4333083f230702c8be45650dc48b6eb65a162eb
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date: Mon Aug 11 18:30:49 2014 +0100
Case 0601 was unreliable; perl racing with exim for output. Quieten exim.
Jeremy Harris [Mon, 11 Aug 2014 16:47:01 +0000 (17:47 +0100)]
Do not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426
Jeremy Harris [Mon, 11 Aug 2014 16:10:12 +0000 (17:10 +0100)]
Better logging of OCSP fails
Jeremy Harris [Sat, 9 Aug 2014 12:44:29 +0000 (13:44 +0100)]
Doc updates for work since 4.83
Wolfgang Breyha [Fri, 8 Aug 2014 20:04:06 +0000 (13:04 -0700)]
Bug 1509: Add parser for DSN spool lines
DSN support added a new formatted entry to the spool files, this change
gives exipick the ability to read that entry.
Jeremy Harris [Mon, 4 Aug 2014 15:03:39 +0000 (16:03 +0100)]
Better logging of OCSP fails
Jeremy Harris [Mon, 4 Aug 2014 13:55:55 +0000 (14:55 +0100)]
Document $tls_in_ocsp, $tls_out_ocsp
Jeremy Harris [Sat, 2 Aug 2014 10:26:11 +0000 (11:26 +0100)]
Fix broken EXPERIMENTAL_DSN compile
Jeremy Harris [Fri, 1 Aug 2014 08:18:18 +0000 (09:18 +0100)]
Add note on Dovecot configuration for authentication. Bug 1512
Jeremy Harris [Wed, 30 Jul 2014 20:42:38 +0000 (21:42 +0100)]
Fix parsing of quoted parameter values in MIME headers. Bug 1513
Todd Lyons [Tue, 29 Jul 2014 12:24:50 +0000 (05:24 -0700)]
Fix doc parse error
Jeremy Harris [Sat, 26 Jul 2014 13:28:40 +0000 (14:28 +0100)]
Document acl args variables in main variables section
Jeremy Harris [Thu, 24 Jul 2014 12:55:00 +0000 (13:55 +0100)]
Fix "default config" section wrt. rfc1413_hosts
Todd Lyons [Wed, 23 Jul 2014 15:11:09 +0000 (08:11 -0700)]
Bug 1506: document change made
Lars Mueller [Wed, 23 Jul 2014 14:22:52 +0000 (07:22 -0700)]
Bug 1506: Silence static checkers.
Re-adds a return NULL which was removed because it was redundant. Static
checkers don't parse the logic, so adding it back to make them happy.
Todd Lyons [Wed, 23 Jul 2014 14:09:06 +0000 (07:09 -0700)]
Bug 1506: Fix static typechecker output
The end of the function can never be reached because the switch is only
reached if the value it is checking is valid. Putting this return
silences the warnings.
Todd Lyons [Wed, 23 Jul 2014 14:08:52 +0000 (07:08 -0700)]
Update version numbers, clean docs for next release
Jeremy Harris [Tue, 27 May 2014 20:50:41 +0000 (21:50 +0100)]
Do not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426
Jeremy Harris [Mon, 26 May 2014 15:09:37 +0000 (16:09 +0100)]
Ensure timer never set to zero for millisleep. Bug 1426
Jeremy Harris [Tue, 22 Jul 2014 21:30:22 +0000 (22:30 +0100)]
Massage coding style to project norm
Todd Lyons [Fri, 18 Jul 2014 18:42:08 +0000 (11:42 -0700)]
Documentation/Tests for CVE-2014-2972 fix
Tony Finch [Wed, 16 Jul 2014 13:13:39 +0000 (06:13 -0700)]
Only expand integers for integer math once
Todd Lyons [Tue, 15 Jul 2014 19:50:35 +0000 (12:50 -0700)]
Fix regex for Suse when converting spec to ASCII
Jeremy Harris [Mon, 14 Jul 2014 13:13:22 +0000 (14:13 +0100)]
Fix parsing of mime headers
RFC2045 allows parameter values to be quoted; an embedded semicolon
must then not terminate the parameter.
Phil Pennock [Mon, 14 Jul 2014 07:13:13 +0000 (03:13 -0400)]
DNSSEC: fix clang warning re && in || precedence
I looked and AFAICT the compiler guidance gives the correct logical
binding for the code intention.
```
dnsdb.c:362:32: warning: '&&' within '||' [-Wlogical-op-parentheses]
|| dnssec_mode == DEFER && !dns_is_secure(&dnsa)
~~ ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
dnsdb.c:362:32: note: place parentheses around the '&&' expression to silence this warning
|| dnssec_mode == DEFER && !dns_is_secure(&dnsa)
^
( )
```
Phil Pennock [Mon, 14 Jul 2014 07:10:41 +0000 (03:10 -0400)]
MacOS: fix clang redef warning
Phil Pennock [Mon, 14 Jul 2014 07:04:16 +0000 (03:04 -0400)]
Use Ustrlen() on a uschar
Phil Pennock [Mon, 14 Jul 2014 06:59:52 +0000 (02:59 -0400)]
Fix unsigned < 0 check
Two places in malware.c were using `fsize`, defined as `unsigned int`,
to receive the result of `lseek()` and then checking if the value was
less than 0. As clang says:
```
malware.c:1228:46: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
```
Fix. Use `off_t`, which we're already using elsewhere, then use
`fsize_uint` to handle off_t being potentially 64-bit, and a
sanity-check on conversion which hopefully won't be optimised away by
compilers.
Phil Pennock [Mon, 14 Jul 2014 06:49:33 +0000 (02:49 -0400)]
Rename T_APL to T_ADDRESSES
Fixes Github issue #15
Known DNS RRTYPE aliases can be found at
<http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml>
and `T_APL` conflicts with the `APL` RRTYPE, Address Prefix List, in
experimental RFC 3123.
Issue reported compilation issues on OpenBSD.
Instead, use `T_ADDRESSES`.
Jeremy Harris [Sun, 13 Jul 2014 11:18:09 +0000 (12:18 +0100)]
Fix TLS SNI, and add regression test cases
Jeremy Harris [Tue, 8 Jul 2014 12:54:53 +0000 (13:54 +0100)]
Reinstate SNI variables under GnuTLS. Bug 1499
Todd Lyons [Thu, 3 Jul 2014 17:29:50 +0000 (10:29 -0700)]
Typo in docs, add missing word
Todd Lyons [Thu, 3 Jul 2014 17:23:18 +0000 (10:23 -0700)]
Add cscope files to git ignore list
Todd Lyons [Thu, 3 Jul 2014 15:32:48 +0000 (08:32 -0700)]
Enhance documentation of ${run command parsing.
Todd Lyons [Wed, 2 Jul 2014 14:04:38 +0000 (07:04 -0700)]
Bug 1496: Fix typo in ChangeLog
Andrew Colin Kissa [Wed, 2 Jul 2014 14:00:46 +0000 (07:00 -0700)]
Bug 1495: Exiqgrep -C check configfile readability
Jeremy Harris [Fri, 20 Jun 2014 12:40:24 +0000 (13:40 +0100)]
Use enum for var_entry type
Heiko Schlittermann [Tue, 17 Jun 2014 11:18:26 +0000 (12:18 +0100)]
Fix build dependencies
"make distclean; make -j" was failing on config.h
Jeremy Harris [Sun, 15 Jun 2014 15:44:56 +0000 (16:44 +0100)]
Correct testuite doc
Jeremy Harris [Sun, 15 Jun 2014 15:16:32 +0000 (16:16 +0100)]
Fix testcase 0390 when testing an EXPERIMENTAL_TPDA compile
Insert a custom-munge for the new transport option.
This may be removed once the code goes mainline.
Jeremy Harris [Sun, 15 Jun 2014 14:48:55 +0000 (15:48 +0100)]
Fix testcase 0373
A readsocket expansion against a unix-domain socket which is
immediately closed. This gave variable results does to the race of
the write into the client-end versus the close at the server end.
Insert under-testsuite delays to assure sequencing; the testcase
now specifically looks for a write into a closed peer.
Wolfgang Breyha [Wed, 11 Jun 2014 18:19:49 +0000 (19:19 +0100)]
Fix dkim for no-key case under SENDFILE compile. Bug 934
Tested-by: <wbreyha@gmx.net>
Jeremy Harris [Wed, 11 Jun 2014 18:17:28 +0000 (19:17 +0100)]
Tidy coding style. Bug 934
Jeremy Harris [Sun, 8 Jun 2014 20:31:47 +0000 (21:31 +0100)]
Use strict C89 variable declaration positioning
Jeremy Harris [Sun, 8 Jun 2014 20:13:07 +0000 (21:13 +0100)]
Preempt future testsuite integration of EXPERIMENTAL_DSN
Jeremy Harris [Sun, 8 Jun 2014 20:08:31 +0000 (21:08 +0100)]
Fix testcase for today's faster cpus
Jeremy Harris [Sun, 8 Jun 2014 16:49:21 +0000 (17:49 +0100)]
Testcase for udpsend
Jeremy Harris [Fri, 6 Jun 2014 19:17:51 +0000 (20:17 +0100)]
Initial set of warnings for the upcoming release
Jeremy Harris [Fri, 6 Jun 2014 16:53:08 +0000 (17:53 +0100)]
Fix testcase for 984702 - the buffer boundary was deliberately
being explored by the test
Jeremy Harris [Fri, 6 Jun 2014 14:58:54 +0000 (15:58 +0100)]
More care with time types
Tony Finch [Thu, 5 Jun 2014 17:01:11 +0000 (18:01 +0100)]
Fix udpsend and ip_connectedsocket().
The ip_connectedsocket() function's socket type support and error
reporting did not work properly.
Jeremy Harris [Thu, 5 Jun 2014 14:16:29 +0000 (15:16 +0100)]
Tidy up OpenSSL certificate signature & sig_algorithm extractor results.
Bug 1489
Jeremy Harris [Wed, 4 Jun 2014 19:11:25 +0000 (20:11 +0100)]
Compiler quietening
Jeremy Harris [Mon, 26 May 2014 15:07:33 +0000 (16:07 +0100)]
Ensure output buffer big enough for DSN additions to MAIL FROM. Bug 1482
Todd Lyons [Mon, 2 Jun 2014 12:54:39 +0000 (05:54 -0700)]
Fix tiny ChangeLog typo
Jeremy Harris [Sat, 31 May 2014 14:36:13 +0000 (15:36 +0100)]
Support service names for tls_on_connect_ports. Bug 72
Jeremy Harris [Fri, 30 May 2014 13:23:12 +0000 (14:23 +0100)]
Fix doc for $sender_host_dnssec. Bug 1485
Jeremy Harris [Fri, 30 May 2014 11:58:26 +0000 (12:58 +0100)]
Fix no-ssl build
Jeremy Harris [Thu, 29 May 2014 21:46:48 +0000 (22:46 +0100)]
Fix delivery $host in client authenticator in verify/callout. Bug 1476
Jeremy Harris [Thu, 29 May 2014 20:57:04 +0000 (21:57 +0100)]
Log warnings on presence of deperecated options
Jeremy Harris [Thu, 29 May 2014 20:00:04 +0000 (21:00 +0100)]
Fix dnssec dnsdb lookup in defer_never mode
Todd Lyons [Wed, 28 May 2014 15:48:45 +0000 (08:48 -0700)]
Bug 1444: Fix \r\n handling writing spool file
Fix a bug which causes DKIM signatures to fail because what gets
written to the spool file is different than what gets passed through
the DKIM code.
Todd Lyons [Wed, 28 May 2014 12:12:00 +0000 (05:12 -0700)]
Merge tag 'exim-4_82_1'
Fix Conflicts:
src/src/dmarc.c
Todd Lyons [Mon, 26 May 2014 19:14:16 +0000 (12:14 -0700)]
SECURITY: DMARC uses From header untrusted data
CVE-2014-2957
To find the sending domain, expand_string() was used to directly parse
the contents of the From header. This passes untrusted data directly
into an internal function. Convert to use standard internal parsing
functions.
Jeremy Harris [Mon, 26 May 2014 15:26:58 +0000 (16:26 +0100)]
Increase limit of smtp_confirmation logging from 100 to 256 chars. Bug 1408
Jeremy Harris [Mon, 26 May 2014 10:47:30 +0000 (11:47 +0100)]
Errorcheck TLS library calls
Jeremy Harris [Mon, 26 May 2014 09:35:50 +0000 (10:35 +0100)]
Restrict certificate name checkin for wildcards.
On more recent OpenSSL library versions the builtin wildcard checking
can take a restriction option that we want, to disallow the more
complex possibilities of wildcarding.
Jeremy Harris [Sun, 25 May 2014 12:21:39 +0000 (13:21 +0100)]
Missing initialiser
Jeremy Harris [Fri, 23 May 2014 17:46:03 +0000 (18:46 +0100)]
Add OpenSSL version check
Jeremy Harris [Fri, 23 May 2014 17:32:48 +0000 (18:32 +0100)]
Add GnuTLS version check
Jeremy Harris [Fri, 23 May 2014 14:50:07 +0000 (15:50 +0100)]
Move OCSP out of EXPERIMENTAL
Jeremy Harris [Thu, 22 May 2014 20:50:27 +0000 (21:50 +0100)]
Compiler quietening. Bug 907
Todd Lyons [Thu, 22 May 2014 20:24:42 +0000 (13:24 -0700)]
Bug 1394: Document how to do per host conn limits
Since the max connections per host setting is computed and enforced
in the master listening process before the fork, there is no easy
way to get an accurate connection count once the Proxy Protocol
negotiation has been done (i.e. in a child process, after the
fork). Rather than try to use a shared mmap file using CAS in the
children to manipulate it, we just advise of a crude version of
max connections per IP be achieved by using ratelimit per_conn in
the connect ACL.
Jeremy Harris [Thu, 22 May 2014 15:22:53 +0000 (16:22 +0100)]
Fix doc for dovecot authenticator. Bugs 1448, 1483
Wolfgang Breyha [Wed, 21 May 2014 15:21:46 +0000 (16:21 +0100)]
RFC3461 support - MIME DSN messages. Bug 118
Jeremy Harris [Tue, 20 May 2014 21:53:48 +0000 (22:53 +0100)]
Eliminate one foolish way to break the build
Todd Lyons [Wed, 21 May 2014 14:03:29 +0000 (07:03 -0700)]
Add PRDR feature output in -bV
Jeremy Harris [Tue, 20 May 2014 20:25:10 +0000 (21:25 +0100)]
Support optional server certificate name checking. Bug 1479
Enable EXPERIMENTAL_CERTNAMES to include.
Jeremy Harris [Tue, 20 May 2014 20:21:11 +0000 (21:21 +0100)]
Final tidyout of EXPERIMENTAL_PRDR
Jeremy Harris [Sat, 17 May 2014 22:43:23 +0000 (23:43 +0100)]
Use accessor functions for OpenSSL internal data
Jeremy Harris [Tue, 13 May 2014 11:27:04 +0000 (12:27 +0100)]
General tidying
Jeremy Harris [Thu, 15 May 2014 23:07:31 +0000 (00:07 +0100)]
Tidy certificate verification logic under OpenSSL
Jeremy Harris [Tue, 13 May 2014 22:50:13 +0000 (23:50 +0100)]
Extractors for certificate time fields support integer output modifier
Jeremy Harris [Tue, 13 May 2014 21:02:51 +0000 (22:02 +0100)]
Extractor for named RDN element types from a certificate DN field.
Todd Lyons [Tue, 13 May 2014 18:36:35 +0000 (11:36 -0700)]
Updated changelog.
Accidentally included the fix for Bug 1119 in the same commit fixing
Proxy Protocol version 2 to match the API change in May 2014.
Todd Lyons [Mon, 12 May 2014 23:15:07 +0000 (16:15 -0700)]
Bug 1394: PPv2 header modifed
The HAProxy dev team adjusted the layout of the 16 byte header to allow
it to be used for SSL connections. Had to adjust PPv2 handling code
and perl proxy emulation script.
Added link to this HAProxy commit in the documentation.
Jeremy Harris [Tue, 13 May 2014 17:54:06 +0000 (18:54 +0100)]
Fix cert fingerprint path to deny noncerts
Jeremy Harris [Tue, 13 May 2014 16:47:04 +0000 (17:47 +0100)]
certextract tidying
Jeremy Harris [Tue, 13 May 2014 14:38:14 +0000 (15:38 +0100)]
Add doc notes on verifying self-signing hosts
Jeremy Harris [Tue, 13 May 2014 15:37:41 +0000 (16:37 +0100)]
Update docs for suggested Ident and PRDR settings
Todd Lyons [Tue, 13 May 2014 15:36:22 +0000 (08:36 -0700)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim
Todd Lyons [Tue, 13 May 2014 15:36:08 +0000 (08:36 -0700)]
Test suite normalize TLS 1.[12] to TLS1
Jeremy Harris [Tue, 13 May 2014 14:44:09 +0000 (15:44 +0100)]
Move PRDR out of EXPERIMENTAL