Phil Pennock [Wed, 15 Feb 2012 13:09:57 +0000 (08:09 -0500)]
First pass heimdal_gssapi authenticator.
Not yet working, failing to set keytab.
Also: support (AUTH|LOOKUP)_*_PC=foo to use `pkg-config foo` for cflags/libs.
Phil Pennock [Tue, 14 Feb 2012 02:11:25 +0000 (21:11 -0500)]
Document gsasl integration
Phil Pennock [Mon, 6 Feb 2012 01:36:51 +0000 (20:36 -0500)]
More bug-fixes, GSASL DIGEST-MD5 now works.
Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
Deal with left-over-data-to-send correctly.
Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.
Phil Pennock [Mon, 6 Feb 2012 00:55:37 +0000 (19:55 -0500)]
remove stray globals block
Phil Pennock [Mon, 6 Feb 2012 00:13:32 +0000 (19:13 -0500)]
Implemented gsasl driver for authentication.
Missing: documentation; tests.
Tested: PLAIN auth.
Status: probably buggy
Phil Pennock [Sat, 4 Feb 2012 07:33:40 +0000 (02:33 -0500)]
Documentation for $tls_bits and SASL changes
Phil Pennock [Sat, 4 Feb 2012 07:26:27 +0000 (02:26 -0500)]
Various SASL fixes.
Export $tls_bits new expansion variable (not yet documented).
Fix tls-gnu.c so that ciphername string construction uses bit-count, not byte-count.
Avoid hard-coding primary_hostname in first call to init Cyrus SASL.
Cast fix for function pointer (Cyrus-SASL uses void params in struct entry funcptr, so need to cast).
Many more debug statements in cyrus_sasl.c
Pass external SSF from TLS cipher into Cyrus SASL initialisation.
Detect when we can't get an identity from SASL properties (error out correctly).
Detect when SASL negotiated a protection layer and error out, since we do not support those.
Phil Pennock [Tue, 3 Jan 2012 07:41:57 +0000 (02:41 -0500)]
bool{} is false for empty strings
fixes bug 1193
reported by Jasen Betts.
Nigel Metheringham [Wed, 30 Nov 2011 15:55:14 +0000 (15:55 +0000)]
Documentation had primary_host_name for primary_hostname. Fixes: #1169
Nigel Metheringham [Wed, 30 Nov 2011 15:46:48 +0000 (15:46 +0000)]
eximstats DATA reject detection regexps improved. Fixes: #1093
Nigel Metheringham [Wed, 30 Nov 2011 15:41:55 +0000 (15:41 +0000)]
Documentation fix. Fixes: #949
Phil Pennock [Tue, 22 Nov 2011 19:14:57 +0000 (14:14 -0500)]
Handle short writes on logfiles.
fixes bug 1053
Phil Pennock [Mon, 21 Nov 2011 03:02:16 +0000 (22:02 -0500)]
Merge branch 'log_retry'
Nigel Metheringham [Fri, 18 Nov 2011 13:36:14 +0000 (13:36 +0000)]
Rough readme mainly for benefit of github
Pod translator is lousing up - may move to a different
format for the future. [issues are with L<> links]
Phil Pennock [Mon, 14 Nov 2011 04:51:43 +0000 (23:51 -0500)]
log_write EINTR handling on write()
Phil Pennock [Thu, 10 Nov 2011 09:44:04 +0000 (04:44 -0500)]
Parallel build fixes for lookups
Make lookups depend upon PHDRS not HDRS.
Make parent dir depend upon child build target for lookups
Phil Pennock [Thu, 20 Oct 2011 23:30:20 +0000 (19:30 -0400)]
ASCII NUL in desc of $body_zerocount (keyword grepability)
Phil Pennock [Fri, 14 Oct 2011 14:03:02 +0000 (10:03 -0400)]
EXPAND_LISTMATCH_RHS for match_ip too
Phil Pennock [Tue, 11 Oct 2011 07:27:17 +0000 (03:27 -0400)]
PCRE_PRERELEASE is a bare sequence, not a string.
Phil Pennock [Mon, 10 Oct 2011 05:18:13 +0000 (01:18 -0400)]
Unbreak release.sh for final releases
Phil Pennock [Mon, 10 Oct 2011 05:05:07 +0000 (01:05 -0400)]
Update release date, prep for 4.77 final cut
Phil Pennock [Mon, 10 Oct 2011 03:53:48 +0000 (23:53 -0400)]
Testsuite: also handle -XX in version
Phil Pennock [Mon, 10 Oct 2011 03:43:13 +0000 (23:43 -0400)]
More testsuite fixes
Phil Pennock [Mon, 10 Oct 2011 00:34:40 +0000 (20:34 -0400)]
Make runtest more resilient to setup problems
Phil Pennock [Sun, 9 Oct 2011 06:25:31 +0000 (02:25 -0400)]
fix unprotected variable in SQL example
Phil Pennock [Sat, 8 Oct 2011 11:13:07 +0000 (07:13 -0400)]
Make README.UPDATING more explicit, with more examples, about the impact of the match_<type> changes
Phil Pennock [Fri, 7 Oct 2011 20:37:32 +0000 (16:37 -0400)]
exiqgrep: handle queue line size output too small for K
Phil Pennock [Fri, 7 Oct 2011 03:40:01 +0000 (23:40 -0400)]
rework userforward local_part_suffix documentation
Loosely based on suggestion from Julian Gilbey.
fixes bug 1139.
Phil Pennock [Thu, 6 Oct 2011 06:59:26 +0000 (02:59 -0400)]
shut up bogus complaint of unused variable in new ratelimit ACL work
Phil Pennock [Wed, 5 Oct 2011 23:36:34 +0000 (19:36 -0400)]
Apply patch from Dmitry Isaikin fixing log.c format string.
fixes bug 1152.
Phil Pennock [Wed, 5 Oct 2011 04:29:25 +0000 (00:29 -0400)]
fix sub2_honour_dollar type
Was code correct before, but storing a ptr of 0 or 1, from bool initialiser.
I meant to use a BOOL and it is more type-safe to do so, so fixed.
Phil Pennock [Wed, 5 Oct 2011 04:27:45 +0000 (00:27 -0400)]
quote var for case stmt, so that old shell will see it as empty, rather than syntax error
Phil Pennock [Wed, 5 Oct 2011 04:26:33 +0000 (00:26 -0400)]
test for .git dir with -d not -e; more portable
Phil Pennock [Wed, 5 Oct 2011 04:21:34 +0000 (00:21 -0400)]
Solaris/Irix portability hacks for reversion
Phil Pennock [Mon, 3 Oct 2011 23:16:36 +0000 (19:16 -0400)]
source referenced version.sh file always
Tested for version.sh in cwd, but used . to source, assuming that
would pull in file from cwd. True on BSD (checked after $PATH) but
not part of POSIX and not true for bash when in POSIX mode.
Phil Pennock [Mon, 3 Oct 2011 12:10:11 +0000 (08:10 -0400)]
PP/12 fix uninitialised greeting string from PP/03
Phil Pennock [Mon, 3 Oct 2011 11:41:40 +0000 (07:41 -0400)]
Exim 4.77: documentation version updates.
Phil Pennock [Mon, 3 Oct 2011 11:36:12 +0000 (07:36 -0400)]
Merge branch 'list_safety'
(gnutls fixes had updated some text docs)
Phil Pennock [Sun, 25 Sep 2011 05:01:41 +0000 (01:01 -0400)]
EXPAND_LISTMATCH_RHS plumbed into build makefiles.
Tested builds both with and without this option, behaviour matches expectations.
Phil Pennock [Sun, 25 Sep 2011 04:50:48 +0000 (00:50 -0400)]
match_* do not expand RHS, unconditionally.
EXPAND_LISTMATCH_RHS define is checked, but not yet plumbed that into build system.
Phil Pennock [Sun, 25 Sep 2011 04:01:26 +0000 (00:01 -0400)]
Implement inlist/inlisti expansion conditions
Phil Pennock [Sun, 25 Sep 2011 03:13:27 +0000 (23:13 -0400)]
Document match_*/inlist changes (before coding starts)
Phil Pennock [Sat, 24 Sep 2011 07:12:05 +0000 (03:12 -0400)]
Make sure rc is initialised
Phil Pennock [Sat, 24 Sep 2011 07:09:44 +0000 (03:09 -0400)]
Pull Andreas Metzler's fix for gnutls_certificate_verify_peers (bug 1095)
Phil Pennock [Sat, 24 Sep 2011 05:30:34 +0000 (01:30 -0400)]
TLS1.2 and TLS1.1 support with GnuTLS
Phil Pennock [Mon, 5 Sep 2011 20:08:19 +0000 (16:08 -0400)]
ssize_t for mime.c
mime_decode_*() functions can return -1 for error, which would be lost when assigning to unsigned int.
Sprinkled ssize_t across function return types and result variables.
Phil Pennock [Mon, 5 Sep 2011 19:31:02 +0000 (15:31 -0400)]
Doc: exim-future@ gone; mention exim-cvs@
fixes bug 1146
Phil Pennock [Sun, 4 Sep 2011 04:43:15 +0000 (00:43 -0400)]
Document behaviour of message_size_limit=0 (main config setting, not transport)
Phil Pennock [Sun, 28 Aug 2011 20:45:46 +0000 (16:45 -0400)]
Doc fixes for syntax errors.
Fixes from Simon Arlott.
Phil Pennock [Sun, 28 Aug 2011 20:35:03 +0000 (16:35 -0400)]
Handle IPv6 addresses with SPF.
Patch from Wolfgang Breyha.
Also, slight improvements to some debug statements.
fixes bug 860
Phil Pennock [Sun, 28 Aug 2011 20:27:01 +0000 (16:27 -0400)]
Handle ${run} returning more data than OS pipe buffer size.
Patch from Holger Weiß.
fixes bug 1131
Phil Pennock [Sat, 27 Aug 2011 23:19:48 +0000 (16:19 -0700)]
Make maildir_use_size_file expandable.
Patch from Heiko Schlittermann.
Fixes bug 1089
Phil Pennock [Sat, 27 Aug 2011 23:10:52 +0000 (16:10 -0700)]
Stop build process more reliably on failure.
Patch from Heiko Schlittermann.
Fixes bug 1087
Phil Pennock [Sat, 27 Aug 2011 23:01:01 +0000 (16:01 -0700)]
$av_failed variable set when av_scanner deferred
Patch from John Horne.
Fixes bug 1078
Phil Pennock [Sat, 27 Aug 2011 22:45:01 +0000 (15:45 -0700)]
Use .dylib not .so for dynamic libraries on MacOS
Not tested the drtables.c change for dynamically loaded lookups, only
the readline loading for -be interactive mode.
Phil Pennock [Sat, 27 Aug 2011 21:43:09 +0000 (14:43 -0700)]
Add protocol=smtps support to smtp transport.
Permits SSL-on-connect for outbound connections.
Heavily based on Simon Arlott's patch, but with enough modifications to
risk new bugs.
nb: am on a plane, change confirmed to compile on MacOS, nothing more
fixes bug 97
Phil Pennock [Sat, 27 Aug 2011 18:58:44 +0000 (11:58 -0700)]
Raise smtp_cmd_buffer_size to 16384.
Needed to interoperate with SASL commands containing a large
initial-response; in practice, GSSAPI with authorisation data, such as
in a Windows domain.
Patch from Paul Fisher.
fixes bug 879
Phil Pennock [Wed, 6 Jul 2011 15:19:17 +0000 (11:19 -0400)]
Pull strict-aliasing fix for sockaddr_46.
One-line code change in unattributed .patch file bundled in someone's
.src.rpm.
We cause plenty of warnings for -Wstrict-aliasing=2, most appear to be
signed/unsigned char issues.
Tony Finch [Thu, 30 Jun 2011 19:03:17 +0000 (20:03 +0100)]
Use git to automatically create version.h
Adapted from git itself via unifdef. This does not (yet) include
the equivalent automation for the doc build.
Tony Finch [Thu, 30 Jun 2011 18:05:02 +0000 (19:05 +0100)]
Another PCRE remnant.
Tony Finch [Thu, 30 Jun 2011 17:45:03 +0000 (18:45 +0100)]
More PCRE cleanup.
Tony Finch [Thu, 30 Jun 2011 15:54:51 +0000 (16:54 +0100)]
Remove a few PCRE remnants.
Tony Finch [Wed, 29 Jun 2011 16:31:00 +0000 (17:31 +0100)]
Remove obsolete $Cambridge$ CVS revision strings.
I have also de-CVSed the ABOUT files and cleaned up a few
introductory comments.
Tony Finch [Fri, 17 Jun 2011 19:55:53 +0000 (20:55 +0100)]
doc/doc-txt/NewStuff: note the ratelimit changes.
Tony Finch [Mon, 13 Jun 2011 20:48:24 +0000 (21:48 +0100)]
Improved ratelimit ACL condition.
Replace /noupdate with simpler /readonly option. (/noupdate is
supported for backwards compatibility but no longer documented.)
Better checking of the compatibility between per_* options and the
ACL in which the ratelimit condition appears.
Better handling of the start of a burst of email and of very low-rate
clients.
The new /count= option generalizes the per_byte and per_rcpt options.
The new /unique= option is a rather groovy use for a Bloom filter.
Tony Finch [Tue, 7 Jun 2011 15:48:44 +0000 (16:48 +0100)]
exiwhat: Ensure the SIGUSR1 signal handler is safe.
exiwhat sends a SIGUSR1 to all exim processes to make them write
their status to the process log. This is all done in the signal
handler, but the logging code makes a number of calls that are not
signal safe. These can all cause crashes or recursive locking in
libc.
Firstly, obtaining and formatting the timestamp is not safe.
Doing so is unnecessary since exiwhat strips off the timestamp.
This change removes timestamps from the process log.
Secondly, exim closes all the logs after writing the process
log. Closing syslog is not signal safe, and isn't necessary.
We now only close the process log after writing to it.
Thirdly, exim may calculate the process_log_path inside the signal
handler which involves some possibly-unsafe string handling code.
This change calculates the path when reading the configuration.
Fourthly, when exim creates the process log file it might have to
call the unsafe directory_create() though this is unlikely in
practice. After this change exim only calls log_create() in a
subprocess which is safe - it sometimes needs to do so anyway, if
it is running as root and needs to drop privileges.
The new code has no process log handling in log.c which eliminates
some awkward special cases. It uses very simple code to write to
the file in the signal handler, so it is obviously safe by inspection.
Tony Finch [Tue, 7 Jun 2011 15:48:44 +0000 (16:48 +0100)]
Ensure we log the error message when unlink() fails.
See also commit ID
0761d44e
Tom Kistner [Sun, 5 Jun 2011 16:08:36 +0000 (17:08 +0100)]
DKIM Verification: Fix relaxed canon for empty headers w/o
whitespace trailer
Tony Finch [Mon, 9 May 2011 10:20:26 +0000 (11:20 +0100)]
malware.c: avoid arithmetic on a void pointer.
Phil Pennock [Mon, 9 May 2011 09:31:39 +0000 (05:31 -0400)]
Solaris build fix for Oracle's LDAP libraries.
Patch from Stephen Usher.
fixes 1109
Phil Pennock [Mon, 9 May 2011 08:36:25 +0000 (04:36 -0400)]
Testsuite: Compiler info skip; whitespace stupidity.
Phil Pennock [Mon, 9 May 2011 03:00:17 +0000 (23:00 -0400)]
ChangeLog updates for the security issues.
Phil Pennock [Sun, 8 May 2011 07:11:09 +0000 (03:11 -0400)]
INT_MIN {/,%} -1 = INT_MAX for our purposes.
Dodge a SIGFPE on x86.
Tom Kistner [Sun, 8 May 2011 09:08:12 +0000 (10:08 +0100)]
Merge branch 'tom_dev'
Tom Kistner [Sun, 8 May 2011 08:58:12 +0000 (09:58 +0100)]
Don't use match_isinlist() for simple string list matching
Phil Pennock [Sat, 7 May 2011 21:17:04 +0000 (17:17 -0400)]
Typo fixes from Andreas Metzler.
fixes bug 1111
Phil Pennock [Fri, 6 May 2011 10:24:14 +0000 (06:24 -0400)]
Prep for 4.76 release. Version bumps, ChangeLog update.
Phil Pennock [Thu, 5 May 2011 01:41:58 +0000 (21:41 -0400)]
Fix compile of exim_monitor
The "Compiler masochism compliance" patch changed the log_write()
prototype to use "const char *" instead of "char *"; I don't have X11 on
my main box, so neglected to handle exim_monitor's duplicate definition
of log_write().
Fixes bug 1107
Tom Kistner [Sat, 30 Apr 2011 12:20:17 +0000 (13:20 +0100)]
Bugzilla #1106: Don't pass DKIM compound log line as format string
Phil Pennock [Tue, 26 Apr 2011 19:02:09 +0000 (15:02 -0400)]
Cond !bool{}/!bool_lax{} did not negate. Fixed.
Fixes bug: 1104
Phil Pennock [Tue, 12 Apr 2011 20:26:44 +0000 (16:26 -0400)]
Also ${eval:x % 0} fixed to not SIGFPE.
Pointed out by: Steven A. Reisman
Phil Pennock [Tue, 12 Apr 2011 08:24:12 +0000 (04:24 -0400)]
Catch divide-by-zero in ${eval:...}.
Fixes 1102
Phil Pennock [Sat, 26 Mar 2011 18:08:02 +0000 (14:08 -0400)]
Merge branch 'master' of git://git.exim.org/exim
Tom Kistner [Sat, 26 Mar 2011 14:24:09 +0000 (14:24 +0000)]
Revert "Avoid conflicting prototypes for strsignal()"
This reverts commit
29f20a41029cc5e36a8756ad8dfda64d0ed314ce.
Phil has staged something better.
Tom Kistner [Sat, 26 Mar 2011 08:49:12 +0000 (08:49 +0000)]
Merge branch 'master' of /home/git/exim into tom_dev
Tom Kistner [Sat, 26 Mar 2011 08:46:42 +0000 (08:46 +0000)]
Avoid conflicting prototypes for strsignal()
Phil Pennock [Sat, 26 Mar 2011 04:32:44 +0000 (00:32 -0400)]
Rely on system prototypes if we #define our os funcs.
The const-ness updates broke systems where `os_strsignal()` gets mapped
to `strsignal()`, which does *not* return `const char *` but `char *`.
If we #define away, then there should be a prototype from the system
headers.
Tom Kistner [Fri, 25 Mar 2011 10:46:33 +0000 (10:46 +0000)]
Bugzilla #1097: PDKIM: Update embedded PolarSSL code to 0.14.2, thanks to Andreas Metzler for the patch!
Phil Pennock [Thu, 24 Mar 2011 08:40:33 +0000 (04:40 -0400)]
Also memset(.., 0, ..) the pre-TLS input buffer.
Phil Pennock [Thu, 24 Mar 2011 06:37:39 +0000 (02:37 -0400)]
Extra paranoia around STARTTLS-with-data-in-buffer.
Phil Pennock [Wed, 23 Mar 2011 02:28:33 +0000 (22:28 -0400)]
Avoid segfault on ref:name specified as uid.
If group not also specified, make this a fatal error. If group
specified, we'll error out anyway unless the group can be resolved.
Approach considered but not followed: fatal config error if built with
ref:name where name is a number.
fixes bug 1098
Phil Pennock [Tue, 22 Mar 2011 13:46:28 +0000 (09:46 -0400)]
Mention dns_use_edns0
Phil Pennock [Tue, 22 Mar 2011 13:37:32 +0000 (09:37 -0400)]
Added dns_use_edns0 main option.
Is int because need a "do not override default" option, but that stops
us from using the bool expansion logic and so we need to explicitly
set numbers. Should try to find a way around that.
Phil Pennock [Tue, 22 Mar 2011 12:39:43 +0000 (08:39 -0400)]
openssl_options: rejig default code & debug prints.
A couple of debug_printf()s missing trailing \n.
Set the default to 0L and |= the one item we default, rather than
setting outright, in the hopes of soon also |= setting another option if
available (SSL_OP_NO_SSLv2).
Phil Pennock [Tue, 22 Mar 2011 12:35:54 +0000 (08:35 -0400)]
New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
(no changes to any defaults).
Phil Pennock [Tue, 22 Mar 2011 11:01:52 +0000 (07:01 -0400)]
Harmonised TLS library version reporting.
Only show if debugging.
Layout now matches that introduced for other libraries in 4.74 PP/03.
Phil Pennock [Tue, 22 Mar 2011 10:43:34 +0000 (06:43 -0400)]
Make ldap_require_cert work (not segfault).
The clang complaint, which also triggered a gcc complaint, was
legitimate. My first test, which suggested no problem, was flawed.
This:
ldap_start_tls
ldap_require_cert = demand
would cause a segfault on LDAP lookup.
fixes bug 230
Phil Pennock [Tue, 22 Mar 2011 10:33:20 +0000 (06:33 -0400)]
Report compiler in -d -bV. Clang compat.
Exim successfully builds with clang, albeit with a number of warnings.
* Our %n usage in printf() calls appears to be correct and safe, AFAICT.
* dummy functions are, unsurprisingly, unused
* Valgrind macros cause vociferous complaints
* Dynamic modules *not* tested
Further clang testing on my part will require an OS update and clang
2.9 to get -rdynamic support.
Phil Pennock [Tue, 22 Mar 2011 09:36:24 +0000 (05:36 -0400)]
Compiler masochism compliance.
Be able to build most of Exim with:
-Werror -Wwrite-strings -Wunused-function -Waddress -Wpointer-sign
-Wformat -Wuninitialized -Winit-self
Skipped a change to auth-spa which I was uncertain of. That is not
the most readable of code.
Temporarily gave up on src/src/pdkim/pdkim.c, as header_name_match()
treats the second param as const or not depending on the third param.
(I hacked the build-*/pdkim/Makefile to continue past this)
Much of this change is const propagation.
Phil Pennock [Tue, 22 Mar 2011 09:26:36 +0000 (05:26 -0400)]
Set "new since" to the 4.75 release.
Stripped all .new/.wen except the exemplar. 4.75 was a stabilisation
release, reset the accumulation of "this is new".