Phil Pennock [Fri, 13 Jan 2017 04:37:50 +0000 (23:37 -0500)]
Provide alternative Heimdal pkg-config example
Building Exim against Heimdal 1.5, heimdal-gssapi.pc was needed.
There's been a major version bump in Heimdal, and against 7.1 that
doesn't work; using heimdal-krb5.pc fails on missing `gss_*` functions.
I can find no build documentation for Heimdal which describes what
should be needed. heimdal-gssapi.pc does reference heimdal-krb5.pc
in `Requires.private` but it's not being used by FreeBSD pkgconf in
such a way that it's available when building on FreeBSD 10.3.
Fortunately, our `*_PC` logic works with multiple packages listed,
so provide that example.
Jeremy Harris [Wed, 11 Jan 2017 12:12:49 +0000 (12:12 +0000)]
Docs: add note on DKIM ACL triggers
Jeremy Harris [Wed, 4 Jan 2017 13:58:29 +0000 (13:58 +0000)]
Testsuite: moved output file
Broken-by: f4630439f888
Jeremy Harris [Tue, 3 Jan 2017 20:15:39 +0000 (20:15 +0000)]
CHUNKING: fix non-pipelined synch checks. Bug 2004
Jeremy Harris [Mon, 2 Jan 2017 17:20:26 +0000 (17:20 +0000)]
PROXY: fix v2 protocol decode. Bugs 2003, 1747
Phil Pennock [Mon, 2 Jan 2017 13:59:17 +0000 (08:59 -0500)]
wip: OpenSSL docs on custom install
To fix before merge: ability to use `$ORIGIN` in linker line via Exim
config file.
Jeremy Harris [Sun, 1 Jan 2017 13:21:39 +0000 (13:21 +0000)]
Docs: fix smtp transport TFO option indexing
Phil Pennock [Sun, 1 Jan 2017 04:22:22 +0000 (23:22 -0500)]
Merge remote-tracking branch 'github/pr/50'
GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called
ldap_start_tls_s on ldapi:// connections.
This is obviously a correct change, since above we've avoiding
initializing the TLS state if using ldapi.
Added documentation noting this behaviour.
Jeremy Harris [Sat, 31 Dec 2016 15:24:38 +0000 (15:24 +0000)]
DKIM: Under debug, when signing do an extra check on the dns record that will be
used for verification. Bug 1926
YmrDtnJu [Sat, 31 Dec 2016 12:57:49 +0000 (13:57 +0100)]
Do not call ldap_start_tls_s on ldapi:// connections.
The code already skips the initialisation of TLS on LDAP connections over unix
sockets but the call to ldap_start_tls_s is done nonetheless.
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Dec 2016 13:05:08 +0000 (14:05 +0100)]
Docs: Add .new/wen marker for relative includes (Bug 1971)
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Dec 2016 11:35:47 +0000 (12:35 +0100)]
Tidy and add \0 after string_append() for relative .includes
Jeremy Harris [Tue, 8 Nov 2016 22:41:42 +0000 (22:41 +0000)]
tidying
Jeremy Harris [Mon, 26 Dec 2016 18:05:38 +0000 (18:05 +0000)]
Docs: typoes
Jeremy Harris [Thu, 29 Dec 2016 15:55:45 +0000 (15:55 +0000)]
I18N: avoid trying to downconvert all-ascii domain names.
With the IDNA-2008 handling downconversion results in lowercasing;
so avoid doing that if possible.
Jeremy Harris [Wed, 28 Dec 2016 21:15:49 +0000 (21:15 +0000)]
Testsuite: use custom-munge for dsn-info in 4510
Broken-by: 87cb4a166c47
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 23:15:47 +0000 (23:15 +0000)]
Allow relative file names in .include lines (Closes 1971)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Dec 2016 22:02:20 +0000 (23:02 +0100)]
Doc: Minor fixes
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 10:02:18 +0000 (11:02 +0100)]
Release process: make mk_exim_release more self descriptive
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:25:58 +0000 (10:25 +0100)]
Release process: rename the scripts to be more generic
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:23:47 +0000 (10:23 +0100)]
Release process: sign all *.tar.* under a given dir
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:01:38 +0000 (10:01 +0100)]
Release process: fix the --no-web option
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 22:56:09 +0000 (23:56 +0100)]
Constify config_filename
Jeremy Harris [Tue, 22 Nov 2016 15:22:11 +0000 (15:22 +0000)]
DKIM: More validation of DNS key record. Bug 1926
Jeremy Harris [Sun, 11 Dec 2016 16:36:09 +0000 (16:36 +0000)]
OpenSSL: add detail to certname verify fail log line
Jeremy Harris [Sun, 4 Dec 2016 11:21:55 +0000 (11:21 +0000)]
Pipe transport: expand the path option
Jeremy Harris [Sat, 26 Nov 2016 18:35:48 +0000 (18:35 +0000)]
Testsuite: enhance IDNA examples; move to IDNA-2008 conversions
Jeremy Harris [Tue, 27 Dec 2016 16:47:36 +0000 (16:47 +0000)]
Docs: clarify headers availability in data-time ACLs
Jeremy Harris [Sat, 26 Nov 2016 18:35:48 +0000 (18:35 +0000)]
I18N: support IDNA2008. Bug 1911
Jeremy Harris [Sun, 25 Dec 2016 11:54:37 +0000 (11:54 +0000)]
Docs: Clean for next release
Heiko Schlittermann (HS12-RIPE) [Thu, 22 Dec 2016 11:01:16 +0000 (12:01 +0100)]
Doc: clarify CVE-2016-9963
Heiko Schlittermann (HS12-RIPE) [Sat, 17 Dec 2016 17:15:35 +0000 (18:15 +0100)]
Doc: short description of CVE-2016-9963
Jeremy Harris [Fri, 16 Dec 2016 20:45:44 +0000 (20:45 +0000)]
Fix DKIM information leakage
Jeremy Harris [Fri, 16 Dec 2016 23:05:54 +0000 (23:05 +0000)]
Docs: typo
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Dec 2016 17:40:21 +0000 (18:40 +0100)]
Use long names for the _DRIVER_*, and _OPT_* macros
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 12:18:09 +0000 (13:18 +0100)]
Doc: fix minor typos
Jeremy Harris [Wed, 7 Dec 2016 15:00:37 +0000 (15:00 +0000)]
Testsuite: ipv6 output changes
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Dec 2016 22:34:13 +0000 (23:34 +0100)]
Testsuite: honour the "build" environment variable
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Dec 2016 13:32:08 +0000 (14:32 +0100)]
OpenSSL: default to tls_eccurve = auto
For OpenSSL < 1.0.2: fallback to prime256v1, for newer libraries
rely on auto-selection.
Jeremy Harris [Sun, 4 Dec 2016 13:00:26 +0000 (13:00 +0000)]
Testsuite: more pipe transport / perl cases
Jeremy Harris [Sun, 4 Dec 2016 10:53:17 +0000 (10:53 +0000)]
Testsuite: set path for use of perl by pipe transport
FreeBSD places perl in a nonstandard (for the pipe transport) directory
Jeremy Harris [Sun, 4 Dec 2016 00:12:17 +0000 (00:12 +0000)]
Testsuite: remove outdated flavour result files
Jeremy Harris [Sat, 3 Dec 2016 23:41:13 +0000 (23:41 +0000)]
Testsuite: platform variance for perl utility location
Jeremy Harris [Sat, 3 Dec 2016 23:26:26 +0000 (23:26 +0000)]
Testsuite: ipv6 source address platform variance
Jeremy Harris [Sat, 3 Dec 2016 23:07:12 +0000 (23:07 +0000)]
Testsuite: ensure delivery order
Jeremy Harris [Sat, 3 Dec 2016 21:51:14 +0000 (21:51 +0000)]
Testsuite: OpenSSL error lines change going to 1.1
Jeremy Harris [Sat, 3 Dec 2016 19:37:16 +0000 (19:37 +0000)]
Build: disable OCSP, AUTH_TLS and EXPERIMENTAL_CERTNAMES if SUPPORT_TLS is not enabled
Jeremy Harris [Sat, 3 Dec 2016 19:18:28 +0000 (19:18 +0000)]
Testsuite: OpenSSL info output during conn changes going to 1.1; give up trying to track changes
Heiko Schlittermann (HS12-RIPE) [Tue, 29 Nov 2016 14:57:11 +0000 (15:57 +0100)]
Doc: Add hint about spamd and half-closed connections
Heiko Schlittermann (HS12-RIPE) [Mon, 28 Nov 2016 10:34:57 +0000 (11:34 +0100)]
Doc: Minor corrections/additions
Jeremy Harris [Sat, 26 Nov 2016 18:38:57 +0000 (18:38 +0000)]
Testsuite: annotate I18N conversions
Jeremy Harris [Fri, 25 Nov 2016 12:17:54 +0000 (12:17 +0000)]
Update ChangeLog
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 14:11:12 +0000 (15:11 +0100)]
Testsuite: distribute configure script
configure needs to be created by autoreconf. Autoconf
It is not always available.
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 14:10:06 +0000 (15:10 +0100)]
Testsuite: do not use VPATH and $<
It is not portable, was a GNU extension, available in GNU make
only.
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 12:02:53 +0000 (13:02 +0100)]
Testsuite: patchexim now uses /usr/bin/env
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 11:59:07 +0000 (12:59 +0100)]
Testsuite: ignore run-summary.log
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 11:56:37 +0000 (12:56 +0100)]
Testsuite: fix minor warning in runtest
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 18:51:59 +0000 (19:51 +0100)]
Testsuite: more diag info if initial Exim startup fails
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 16:36:26 +0000 (17:36 +0100)]
Testsuite: show output from failed exim -d -bP exim_user
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 15:04:24 +0000 (16:04 +0100)]
Testsuite: fix warning
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 14:36:51 +0000 (15:36 +0100)]
Revert "Testsuite: Debian8 GnuTLS does not support OCSP. Add flavour files."
This reverts commit
28660ab6ff99d24fdabe3ce0d9feb3478de1015b.
On Debian8 OCSP doesn't work with GnuTLS. Local/Makefile allows
to configure this (DISABLE_OCSP=yes), thus neither it is a test failure,
nor is it a specific flavour, it's just a build mis-configuration.
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 12:42:43 +0000 (13:42 +0100)]
Testsuite: Debian8 GnuTLS does not support OCSP. Add flavour files.
5651 is still unstable.
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 11:02:26 +0000 (12:02 +0100)]
Fix memory leak on (Gnu)TLS close.
This leak doesn't show up under normal operation, as the process
normally dies right after closing the session.
But during callout repetitive TLS sessions are opened and closed from
the same process (the process receiving the message). Depending on
the amount of RAM and the number of callouts the same process does,
this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000
recipients the memory is exhausted.)
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 09:51:51 +0000 (10:51 +0100)]
Fix crash in (Gnu)TLS debug output
Heiko Schlittermann (HS12-RIPE) [Mon, 21 Nov 2016 22:41:16 +0000 (23:41 +0100)]
Testsuite: prepare shadow (vpath) builds
Jeremy Harris [Sat, 19 Nov 2016 20:58:18 +0000 (20:58 +0000)]
Testsuite: fix for not-previously-existing logfile
Jeremy Harris [Sat, 19 Nov 2016 20:44:05 +0000 (20:44 +0000)]
Testsuite: output a machine-readable results summary file
The intent is for finegrain results display in the buildfarm.
Jeremy Harris [Sat, 19 Nov 2016 17:35:12 +0000 (17:35 +0000)]
Testsuite another platform difference in errstr
Jeremy Harris [Sat, 19 Nov 2016 14:11:03 +0000 (14:11 +0000)]
Testsuite: fix platforn TFO nonsupprt munge
Jeremy Harris [Sat, 19 Nov 2016 13:37:02 +0000 (13:37 +0000)]
Testsuite: Munge for platform TFO nonsupport
Jeremy Harris [Tue, 15 Nov 2016 14:32:40 +0000 (14:32 +0000)]
Callout: wait for response to QUIT before closing
Heiko Schlittermann (HS12-RIPE) [Mon, 14 Nov 2016 21:04:17 +0000 (22:04 +0100)]
Testsuite: tidyup runtest (quotes and some my variables)
Heiko Schlittermann (HS12-RIPE) [Mon, 14 Nov 2016 20:18:01 +0000 (21:18 +0100)]
Testsuite: make 4009,4015 independend on user name length
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 12:42:20 +0000 (13:42 +0100)]
Testsuite: Add verbose comments to 5840
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 12:36:38 +0000 (13:36 +0100)]
Testsuite: enable verbose comments
Comments in script files, matching /^###\s/, will be copied
to test-{stdout,err}{,-server}. This is intended to ease the
mapping between error messages (failed comparisons) to the script part,
causing the failure.
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 12:34:22 +0000 (13:34 +0100)]
Testsuite: tidy-up runtest
This will be done step by step, to get a more readable(?)
version. At least the result will be more consistent in coding style
somewhen
Jeremy Harris [Tue, 8 Nov 2016 23:40:09 +0000 (23:40 +0000)]
Tidying: coverity issues
Jeremy Harris [Sun, 13 Nov 2016 16:33:03 +0000 (16:33 +0000)]
OpenSSL 1.1 - update testsuite for retired ciphers
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 21:48:37 +0000 (22:48 +0100)]
Testsuite: Assume '' for missing VERSION_ID
Jeremy Harris [Sat, 12 Nov 2016 20:50:21 +0000 (20:50 +0000)]
OpenLLS 1.1 - Testsuite
Jeremy Harris [Sat, 12 Nov 2016 20:16:31 +0000 (20:16 +0000)]
DANE: Bitrot: Port to OpenSSL >= 1.1.0
Jeremy Harris [Sat, 12 Nov 2016 19:13:25 +0000 (19:13 +0000)]
OpenSSL 1.1 - STORE_CTX accessor functions
Jeremy Harris [Sat, 12 Nov 2016 15:44:51 +0000 (15:44 +0000)]
OpenSSL 1.1 - rework OCSP proof verification at load time in server
Jeremy Harris [Fri, 11 Nov 2016 16:11:00 +0000 (16:11 +0000)]
Revert "Testsuite: tidyup runtest"
This reverts commit
2d47f67729aecd3dcbacdfd303b719893f2d61fa.
Fails on some buildfarm animals (older perl version?); the "r" option on a / edit
Jeremy Harris [Tue, 8 Nov 2016 23:04:56 +0000 (23:04 +0000)]
Testsuite: 4509 independent of calling user
Jeremy Harris [Tue, 8 Nov 2016 22:56:13 +0000 (22:56 +0000)]
Testsuite: 2091,5403 independent of calling user
Heiko Schlittermann (HS12-RIPE) [Tue, 8 Nov 2016 21:28:05 +0000 (22:28 +0100)]
Testsuite: 2191 independend on calling user
Heiko Schlittermann (HS12-RIPE) [Tue, 8 Nov 2016 21:22:11 +0000 (22:22 +0100)]
Testsuite: tidyup runtest
Jeremy Harris [Sun, 6 Nov 2016 23:10:34 +0000 (23:10 +0000)]
Ensure socket is nonblocking before draining. Bug 1914
Jeremy Harris [Sun, 6 Nov 2016 13:56:46 +0000 (13:56 +0000)]
tidying
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 23:57:23 +0000 (00:57 +0100)]
Testsuite: use @ISA instead of 'parent'
Use parent is available on Perl >= 5.10.1, some old CentOS
do not have it.
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 23:50:37 +0000 (00:50 +0100)]
Testsuite: limited support for Content-length:
The simulation of the rspamd protocol needs this, as rspamd-client
sends this Content-length header and newer rspamd-servers
honour this header in favour of a half closed connection.
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 23:49:52 +0000 (00:49 +0100)]
Testsuite: remove \r line endings from script file
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 15:27:50 +0000 (16:27 +0100)]
Testsuite: Update debian8 flavour
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 14:36:50 +0000 (15:36 +0100)]
Testsuite: Add flavour detection
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 14:02:47 +0000 (15:02 +0100)]
Testsuite: fixe lower/upper case fix in OpenSSL munging
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 13:26:35 +0000 (14:26 +0100)]
Add syslog_pid option.
This option suppresses the PID duplication to syslog. As syslog/systemd
add the PID of the logging process automatically.
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Nov 2016 11:02:32 +0000 (12:02 +0100)]
Testsuite: tidyup
Andrew Lewis [Tue, 11 Oct 2016 15:48:23 +0000 (17:48 +0200)]
Do not use shutdown() when talking to rspamd. Fixes 1802
Heiko Schlittermann (HS12-RIPE) [Thu, 3 Nov 2016 23:08:59 +0000 (00:08 +0100)]
Introduce EXIM_BUILD_SUFFIX for src/Makefile and testsuite
This enables parallel builds in a shared directory, if they have
the same os-type and arch-type. Think about EXIM_BUILD_SUFFIX
as 'name of your linux distro'