users/heiko/exim.git
13 years agoCatch divide-by-zero in ${eval:...}.
Phil Pennock [Tue, 12 Apr 2011 08:24:12 +0000 (04:24 -0400)]
Catch divide-by-zero in ${eval:...}.

Fixes 1102

13 years agoMerge branch 'master' of git://git.exim.org/exim
Phil Pennock [Sat, 26 Mar 2011 18:08:02 +0000 (14:08 -0400)]
Merge branch 'master' of git://git.exim.org/exim

13 years agoRevert "Avoid conflicting prototypes for strsignal()"
Tom Kistner [Sat, 26 Mar 2011 14:24:09 +0000 (14:24 +0000)]
Revert "Avoid conflicting prototypes for strsignal()"

This reverts commit 29f20a41029cc5e36a8756ad8dfda64d0ed314ce.

Phil has staged something better.

13 years agoMerge branch 'master' of /home/git/exim into tom_dev
Tom Kistner [Sat, 26 Mar 2011 08:49:12 +0000 (08:49 +0000)]
Merge branch 'master' of /home/git/exim into tom_dev

13 years agoAvoid conflicting prototypes for strsignal()
Tom Kistner [Sat, 26 Mar 2011 08:46:42 +0000 (08:46 +0000)]
Avoid conflicting prototypes for strsignal()

13 years agoRely on system prototypes if we #define our os funcs.
Phil Pennock [Sat, 26 Mar 2011 04:32:44 +0000 (00:32 -0400)]
Rely on system prototypes if we #define our os funcs.

The const-ness updates broke systems where `os_strsignal()` gets mapped
to `strsignal()`, which does *not* return `const char *` but `char *`.

If we #define away, then there should be a prototype from the system
headers.

13 years agoBugzilla #1097: PDKIM: Update embedded PolarSSL code to 0.14.2, thanks to Andreas...
Tom Kistner [Fri, 25 Mar 2011 10:46:33 +0000 (10:46 +0000)]
Bugzilla #1097: PDKIM: Update embedded PolarSSL code to 0.14.2, thanks to Andreas Metzler for the patch!

13 years agoAlso memset(.., 0, ..) the pre-TLS input buffer.
Phil Pennock [Thu, 24 Mar 2011 08:40:33 +0000 (04:40 -0400)]
Also memset(.., 0, ..) the pre-TLS input buffer.

13 years agoExtra paranoia around STARTTLS-with-data-in-buffer.
Phil Pennock [Thu, 24 Mar 2011 06:37:39 +0000 (02:37 -0400)]
Extra paranoia around STARTTLS-with-data-in-buffer.

13 years agoAvoid segfault on ref:name specified as uid.
Phil Pennock [Wed, 23 Mar 2011 02:28:33 +0000 (22:28 -0400)]
Avoid segfault on ref:name specified as uid.

If group not also specified, make this a fatal error.  If group
specified, we'll error out anyway unless the group can be resolved.

Approach considered but not followed: fatal config error if built with
ref:name where name is a number.

fixes bug 1098

13 years agoMention dns_use_edns0
Phil Pennock [Tue, 22 Mar 2011 13:46:28 +0000 (09:46 -0400)]
Mention dns_use_edns0

13 years agoAdded dns_use_edns0 main option.
Phil Pennock [Tue, 22 Mar 2011 13:37:32 +0000 (09:37 -0400)]
Added dns_use_edns0 main option.

Is int because need a "do not override default" option, but that stops
us from using the bool expansion logic and so we need to explicitly
set numbers. Should try to find a way around that.

13 years agoopenssl_options: rejig default code & debug prints.
Phil Pennock [Tue, 22 Mar 2011 12:39:43 +0000 (08:39 -0400)]
openssl_options: rejig default code & debug prints.

A couple of debug_printf()s missing trailing \n.

Set the default to 0L and |= the one item we default, rather than
setting outright, in the hopes of soon also |= setting another option if
available (SSL_OP_NO_SSLv2).

13 years agoNew openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
Phil Pennock [Tue, 22 Mar 2011 12:35:54 +0000 (08:35 -0400)]
New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1

(no changes to any defaults).

13 years agoHarmonised TLS library version reporting.
Phil Pennock [Tue, 22 Mar 2011 11:01:52 +0000 (07:01 -0400)]
Harmonised TLS library version reporting.

Only show if debugging.
Layout now matches that introduced for other libraries in 4.74 PP/03.

13 years agoMake ldap_require_cert work (not segfault).
Phil Pennock [Tue, 22 Mar 2011 10:43:34 +0000 (06:43 -0400)]
Make ldap_require_cert work (not segfault).

The clang complaint, which also triggered a gcc complaint, was
legitimate. My first test, which suggested no problem, was flawed.

This:
  ldap_start_tls
  ldap_require_cert = demand
would cause a segfault on LDAP lookup.

fixes bug 230

13 years agoReport compiler in -d -bV. Clang compat.
Phil Pennock [Tue, 22 Mar 2011 10:33:20 +0000 (06:33 -0400)]
Report compiler in -d -bV. Clang compat.

Exim successfully builds with clang, albeit with a number of warnings.

 * Our %n usage in printf() calls appears to be correct and safe, AFAICT.
 * dummy functions are, unsurprisingly, unused
 * Valgrind macros cause vociferous complaints
 * Dynamic modules *not* tested

Further clang testing on my part will require an OS update and clang
2.9 to get -rdynamic support.

13 years agoCompiler masochism compliance.
Phil Pennock [Tue, 22 Mar 2011 09:36:24 +0000 (05:36 -0400)]
Compiler masochism compliance.

Be able to build most of Exim with:
  -Werror -Wwrite-strings -Wunused-function -Waddress -Wpointer-sign
  -Wformat -Wuninitialized -Winit-self

Skipped a change to auth-spa which I was uncertain of. That is not
the most readable of code.

Temporarily gave up on src/src/pdkim/pdkim.c, as header_name_match()
treats the second param as const or not depending on the third param.
(I hacked the build-*/pdkim/Makefile to continue past this)

Much of this change is const propagation.

13 years agoSet "new since" to the 4.75 release.
Phil Pennock [Tue, 22 Mar 2011 09:26:36 +0000 (05:26 -0400)]
Set "new since" to the 4.75 release.

Stripped all .new/.wen except the exemplar.  4.75 was a stabilisation
release, reset the accumulation of "this is new".

13 years agono_freeze_signal in output. exim-4_75
Phil Pennock [Tue, 22 Mar 2011 08:00:51 +0000 (04:00 -0400)]
no_freeze_signal in output.

Pipe transport option added in: 2fe767453007d1b015f52313d16dc61635085621

13 years agoFix RFC2047 encoding tests after robustness patch.
Phil Pennock [Tue, 22 Mar 2011 07:37:07 +0000 (03:37 -0400)]
Fix RFC2047 encoding tests after robustness patch.

Output changed by:
  Commit 86ae49a65fce504ebcf9c30ddff213cca71fb872

  Fix wide character breakage in the rfc2047 coding

  Fixes bug 1064
  Patch frome Andrey N. Oktyabrski

13 years agoAnother valgrind.h portability fix.
Tony Finch [Thu, 3 Mar 2011 15:08:05 +0000 (15:08 +0000)]
Another valgrind.h portability fix.

C89 compilers do not support variable argument macros.
Our copy of valgrind.h now differs from upstream.

Reported-by: Heiko Schlichting <heiko.schlichting@fu-berlin.de>
13 years agoFixed previous changelog to Bugzilla 968 exim-4_75_RC3
Nigel Metheringham [Mon, 28 Feb 2011 10:25:22 +0000 (10:25 +0000)]
Fixed previous changelog to Bugzilla 968

Ugh - typo-ed previous bugzilla id (case of probably shouldn't be
let near a keyboard today).

13 years agoAdd missing changelog for Bugzilla 698
Nigel Metheringham [Mon, 28 Feb 2011 08:57:03 +0000 (08:57 +0000)]
Add missing changelog for Bugzilla 698

13 years agoDISABLE_DKIM has never worked. Fix that.
Phil Pennock [Wed, 23 Feb 2011 23:36:32 +0000 (18:36 -0500)]
DISABLE_DKIM has never worked. Fix that.

13 years agoWork on IRIX by setting _XPG=1
Phil Pennock [Wed, 23 Feb 2011 10:26:58 +0000 (05:26 -0500)]
Work on IRIX by setting _XPG=1

13 years agoDon't disable quota when maildirsize lost to races. exim-4_75_RC2
Phil Pennock [Tue, 22 Feb 2011 03:17:13 +0000 (22:17 -0500)]
Don't disable quota when maildirsize lost to races.

When maildir_ensure_sizefile() returns -2, we still have size
information, so we can still use that.  Don't disable quota.  As a
result, do refrain from potentially calling close(-2).

Fixes bug 1086

13 years agoMoved variable decl to start of block for old gcc
Nigel Metheringham [Mon, 21 Feb 2011 12:53:04 +0000 (12:53 +0000)]
Moved variable decl to start of block for old gcc

13 years agoTrivial spelling fix in ChangeLog
Nigel Metheringham [Mon, 21 Feb 2011 12:49:34 +0000 (12:49 +0000)]
Trivial spelling fix in ChangeLog

Thanks to Dennis Davis in full pedant mode!

13 years agoFix doc/ directory assembly in build-script.
Phil Pennock [Mon, 21 Feb 2011 08:06:10 +0000 (03:06 -0500)]
Fix doc/ directory assembly in build-script.

13 years agoFix doc typos. Add freeze_signal to OptionLists. exim-4_75_RC1
Phil Pennock [Mon, 21 Feb 2011 06:33:58 +0000 (01:33 -0500)]
Fix doc typos. Add freeze_signal to OptionLists.

13 years agoExim 4.75.
Phil Pennock [Mon, 21 Feb 2011 06:21:14 +0000 (01:21 -0500)]
Exim 4.75.

Exim 4.75, prepping for release.
"Previous" version of docs deliberately remains 4.72.

13 years agoDKIM multiple signature generation fix.
Phil Pennock [Mon, 21 Feb 2011 06:09:25 +0000 (01:09 -0500)]
DKIM multiple signature generation fix.

Patch from Uwe Doering, sign-off by Michael Haardt.
fixes bug 1019

13 years agomaildir_tag hint provided by Heiko Schlittermann.
Phil Pennock [Mon, 21 Feb 2011 05:55:44 +0000 (00:55 -0500)]
maildir_tag hint provided by Heiko Schlittermann.

(and add .new/.wen to previous change).

13 years agoDeal with maildir quota file races.
Phil Pennock [Mon, 21 Feb 2011 05:38:07 +0000 (00:38 -0500)]
Deal with maildir quota file races.

Based on patch from Heiko Schlittermann.
Fixes bug 1086.

13 years agoImproved spamd server selection.
Phil Pennock [Mon, 21 Feb 2011 05:11:32 +0000 (00:11 -0500)]
Improved spamd server selection.

Patch from Mark Zealey.
Fixes bug 1056.

13 years agoUpdate $message_linecount for maildir_tag.
Phil Pennock [Mon, 21 Feb 2011 04:44:50 +0000 (23:44 -0500)]
Update $message_linecount for maildir_tag.

Patch from Mark Zealey.
Fixes bug 1055.

13 years agoMinor robustness fixes for debugging.
Phil Pennock [Mon, 21 Feb 2011 04:28:45 +0000 (23:28 -0500)]
Minor robustness fixes for debugging.

sig_atomic_t for signal-handlers.
getgroups() return value checking.
Developed for bug 927.

13 years agoBugZilla 1006 - recommit patch from Micha Lenk
Tom Kistner [Mon, 14 Feb 2011 19:24:00 +0000 (19:24 +0000)]
BugZilla 1006 - recommit patch from Micha Lenk

13 years agoMove lookup extern decls to file scope.
Phil Pennock [Sun, 13 Feb 2011 05:45:12 +0000 (00:45 -0500)]
Move lookup extern decls to file scope.

Should permit building on old gcc which dislikes extern inside function
scope.

Patch from Oliver Fleischmann, who encountered this with gcc 2.95.2.

13 years agoImplement %M datestamping in log filenames.
Phil Pennock [Sun, 13 Feb 2011 05:31:49 +0000 (00:31 -0500)]
Implement %M datestamping in log filenames.

Patch from Simon Arlott.

fixes bug 486

13 years agoDon't reveal SQL expansion failure details in SMTP.
Phil Pennock [Sun, 13 Feb 2011 05:19:26 +0000 (00:19 -0500)]
Don't reveal SQL expansion failure details in SMTP.

fixes bug 1061

13 years agoImplement freeze_signal on pipe transport.
Phil Pennock [Sun, 13 Feb 2011 05:09:18 +0000 (00:09 -0500)]
Implement freeze_signal on pipe transport.

Patch from Jakob Hirsch.

fixes bug 1042

13 years agoEscape lookup deferral error message when logging.
Phil Pennock [Sun, 13 Feb 2011 02:49:36 +0000 (21:49 -0500)]
Escape lookup deferral error message when logging.

closes bug 1083

Patch from John Horne.

13 years agoRC releases get marked as such in version.h.
Phil Pennock [Mon, 7 Feb 2011 01:50:09 +0000 (20:50 -0500)]
RC releases get marked as such in version.h.

Release-tools only, no NewStuff/ChangeLog

13 years agoFix exiqgrep issue where malformed lines not parsed
Nigel Metheringham [Sun, 6 Feb 2011 19:20:06 +0000 (19:20 +0000)]
Fix exiqgrep issue where malformed lines not parsed

Fixes bug 943
Lightly tested, but not with report error condition,
would like reporter to check this fix on their system.

13 years agoStrip \x{c2} from .txt files and audit.
Phil Pennock [Sat, 5 Feb 2011 05:23:31 +0000 (00:23 -0500)]
Strip \x{c2} from .txt files and audit.

Am unable to keep the build process from inserting spurious \x{c2}
characters into the created .txt files.

Strip the characters in Tidytxt.

Add SanityTestText to do a final audit for non-ASCII characters in the
.txt files.  Dependency: pcregrep if available, else uses Perl.

13 years agoLDAP TLS negotiation support.
Phil Pennock [Sat, 5 Feb 2011 05:22:28 +0000 (00:22 -0500)]
LDAP TLS negotiation support.

closes bug 230
Applies patches provided by Adam Ciarcinski of NetBSD in bug 230.
Adds documentation.

Tested the negotiation and server verification, not tested the client
certificate presentation but looks sane.

13 years agoAllow underscore in dnslist lookups
Nigel Metheringham [Sun, 30 Jan 2011 19:45:13 +0000 (19:45 +0000)]
Allow underscore in dnslist lookups

Fixes bug 1026
Patch from Graeme Fowler

13 years agoAdded ChangeLog entry for f68cdd
Nigel Metheringham [Sun, 30 Jan 2011 19:43:33 +0000 (19:43 +0000)]
Added ChangeLog entry for f68cdd

13 years agoFix wide character breakage in the rfc2047 coding
Nigel Metheringham [Sun, 30 Jan 2011 15:50:46 +0000 (15:50 +0000)]
Fix wide character breakage in the rfc2047 coding

Fixes bug 1064
Patch frome Andrey N. Oktyabrski

13 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
Nigel Metheringham [Sun, 30 Jan 2011 15:33:20 +0000 (15:33 +0000)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

13 years agochild_open_uid: restore default SIGPIPE handler
Nigel Metheringham [Sun, 30 Jan 2011 15:25:28 +0000 (15:25 +0000)]
child_open_uid: restore default SIGPIPE handler

Fixes bug 968
Merge branch 'sigpipe-fix' of git://github.com/lp0/exim into master

13 years agoTesting: Exim must not use HEADERS_CHARSET UTF-8.
Phil Pennock [Sun, 30 Jan 2011 08:44:24 +0000 (03:44 -0500)]
Testing: Exim must not use HEADERS_CHARSET UTF-8.

Failed at test 178.

13 years agosudo !tty_tickets; correct config file list.
Phil Pennock [Sun, 30 Jan 2011 08:34:31 +0000 (03:34 -0500)]
sudo !tty_tickets; correct config file list.

sudo needs to permit sudo w/o a TTY.
The config file used is the same for each test, the individual config
files are made available under a particular name. Correct that advice.

13 years agoTest suite mostly clean for 4.73/4.74.
Phil Pennock [Sun, 30 Jan 2011 08:13:21 +0000 (03:13 -0500)]
Test suite mostly clean for 4.73/4.74.

With this, I can run the test suite with few enough differences that I
can review and confirm, getting as far as Basic/0094.

Pretty much just dealing with new stderr from debugging.

13 years agomacros_trusted overriden message only if debugging.
Phil Pennock [Sun, 30 Jan 2011 08:04:52 +0000 (03:04 -0500)]
macros_trusted overriden message only if debugging.

DEBUG(D_any) missing.  Fixed.

13 years agoThe test suite dislikes USE_READLINE.
Phil Pennock [Sun, 30 Jan 2011 05:21:20 +0000 (00:21 -0500)]
The test suite dislikes USE_READLINE.

There's a lot of copying of stdin to stdout when using readline for -be,
which breaks the test suite.  The suite now runs well enough for me to
fix the stuff broken by the debugging changes I introduced.

13 years agoIncremental improvement of release build script
Nigel Metheringham [Fri, 28 Jan 2011 13:19:58 +0000 (13:19 +0000)]
Incremental improvement of release build script

13 years agoUse LC_ALL=C for building lookups/Makefile.
Phil Pennock [Fri, 28 Jan 2011 00:11:17 +0000 (19:11 -0500)]
Use LC_ALL=C for building lookups/Makefile.

13 years agoPulled spamd_address-expanded caching fix.
Phil Pennock [Fri, 28 Jan 2011 00:08:45 +0000 (19:08 -0500)]
Pulled spamd_address-expanded caching fix.

Author: Wolfgang Breyha
Bugzilla: 935
Attachment: 378

(looks like it could do with a strcmp check at the end before the extra
 string_copy, but that's a nicety and the author has presumably been
 running with this).

13 years agoPermit make values to be indented or in env.
Phil Pennock [Fri, 28 Jan 2011 00:07:05 +0000 (19:07 -0500)]
Permit make values to be indented or in env.

It appears some make(1)s are not complaining about variables defined
with leading whitespace on the line.  Permit that where we can, for the
lookups, but it's not tenable for CFLAGS_DYNAMIC.

Some people are specifying knobs on the make command-line, so we get
them via the environment.

Tested: indented LOOKUP_CDB and commented out LOOKUP_DNSDB, supplying it
via { make LOOKUP_DNSDB=yes }.  { exim -d --version } shows both are
built-in, no results from { fgrep DNSDB build-*/Makefile }.

13 years agoFix portability of Makefiles to HP-UX and other non-extended makes.
Tony Finch [Thu, 27 Jan 2011 16:26:36 +0000 (16:26 +0000)]
Fix portability of Makefiles to HP-UX and other non-extended makes.

13 years agoFix portability bugs in valgrind support.
Tony Finch [Tue, 11 Jan 2011 15:12:56 +0000 (15:12 +0000)]
Fix portability bugs in valgrind support.

Update valgrind.h and memcheck.h to copies from valgrind-3.6.0.
This fixes portability to compilers other than gcc, notably
Solaris CC and HP-UX CC.

Fixes: bug #1050.
13 years agoWorkround compile error with old PCRE versions
Nigel Metheringham [Wed, 26 Jan 2011 11:04:32 +0000 (11:04 +0000)]
Workround compile error with old PCRE versions

Fixes bug #1073

13 years agoBug-fix the xpg4 Solaris logic. exim-4_74
Phil Pennock [Mon, 24 Jan 2011 21:40:38 +0000 (16:40 -0500)]
Bug-fix the xpg4 Solaris logic.

Should not code at 9am when still awake then.
Should sanity-review such code changes before submitting (after sleep).
Should s,/usr/xpg4/bin/sh,/bin/bash, as a convenient test to confirm
what I suspected.  But should do so pre-submit.

Doh.

13 years agoCompatibility fixes for dynlookup makefile builder.
Phil Pennock [Mon, 24 Jan 2011 19:35:04 +0000 (14:35 -0500)]
Compatibility fixes for dynlookup makefile builder.

Don't abort if CFLAGS_DYNAMIC not defined.  Oops!

Attempt to get a POSIX environment on Solaris.

Document POSIXy assumptions going forward.

Problems reported by: Dennis Davis

13 years agoLoadable modules: fix debug invocations
Phil Pennock [Sun, 23 Jan 2011 10:41:55 +0000 (05:41 -0500)]
Loadable modules: fix debug invocations

The new code was calling DEBUG(<n>) for values of n including 4, 5, 9;
that was an Exim 3 API, we now use bits; -v sets bit 0x1, -bP implies
-v, so { exim -bP } was pulling up random debug messages.

Switched all the DEBUG checks to be DEBUG(D_lookup).

13 years agoBug 1071: fix delivery logging with untrusted macros.
Phil Pennock [Sun, 23 Jan 2011 10:44:45 +0000 (05:44 -0500)]
Bug 1071: fix delivery logging with untrusted macros.

If dropping privileges for untrusted macros, we disabled normal logging
on the basis that it would fail; for the Exim run-time user, this is not
the case, and it resulted in successful deliveries going unlogged.
Fixed.  Reported by Andreas Metzler.

13 years agoReport TRUSTED_CONFIG_LIST & WHITELIST_D_MACROS.
Phil Pennock [Sun, 23 Jan 2011 08:26:09 +0000 (03:26 -0500)]
Report TRUSTED_CONFIG_LIST & WHITELIST_D_MACROS.

When invoked { exim -d -bV } show these build-time options that affect
what can be done.

13 years agoDocument 1041 merge (DCC fix).
Phil Pennock [Sun, 23 Jan 2011 08:11:21 +0000 (03:11 -0500)]
Document 1041 merge (DCC fix).

13 years agoMerge branch 'master' of git://git.exim.org/exim
Phil Pennock [Sat, 22 Jan 2011 23:40:43 +0000 (18:40 -0500)]
Merge branch 'master' of git://git.exim.org/exim

13 years agoBugzilla 1041: pull patch id=425, DCC fixes.
Phil Pennock [Sat, 22 Jan 2011 23:33:45 +0000 (18:33 -0500)]
Bugzilla 1041: pull patch id=425, DCC fixes.

DCC return codes were not always correct. Patch from DCC code
maintainer, Wolfgang Breyha.

13 years agoSign Script - Take EXIM_KEY from environ.
Phil Pennock [Sat, 22 Jan 2011 21:52:17 +0000 (21:52 +0000)]
Sign Script - Take EXIM_KEY from environ.

13 years agoReworked changebars (still relative to 4.72) in doc source
Nigel Metheringham [Fri, 21 Jan 2011 12:47:01 +0000 (12:47 +0000)]
Reworked changebars (still relative to 4.72) in doc source

13 years agoUpdate dates. exim-4_74_RC1
Phil Pennock [Fri, 21 Jan 2011 13:07:43 +0000 (08:07 -0500)]
Update dates.

Spec: both doc date and release date (plus copyright year).
Filter: only release date (doc not changed, so neither is copyright year)

13 years agoTest suite: make cf 64-bit compat for -exact.
Phil Pennock [Fri, 21 Jan 2011 12:26:27 +0000 (07:26 -0500)]
Test suite: make cf 64-bit compat for -exact.

I assume stdint.h and intptr_t available for any platform where we're
running the test suite.

13 years agoTests compat. setgid failure / dropped_privilege
Phil Pennock [Fri, 21 Jan 2011 11:10:35 +0000 (06:10 -0500)]
Tests compat. setgid failure / dropped_privilege

If we've *dropped* privilege, it's okay to not abort if setgid fails.

Document some of what's now needed for the test suite.
Adjust the test suide for better post-4.73 compat.

13 years agoBump version to 4.74.
Phil Pennock [Fri, 21 Jan 2011 09:33:49 +0000 (04:33 -0500)]
Bump version to 4.74.

Docs deliberately keep changebars since v4.72 as 4.73 has not been out
for long.

OptionLists updates for dynamic modules and for the security changes
from 4.73.

13 years agoIncompatibleChanges out, README.UPDATING updated.
Phil Pennock [Fri, 21 Jan 2011 09:12:15 +0000 (04:12 -0500)]
IncompatibleChanges out, README.UPDATING updated.

I forgot about README.UPDATING and introduced a new txt file with the
4.73 release, noting incompatible changes. Because these weren't
documented in the normal place, some people missed them. Mea culpa.

Integrated the notes from IncompatibleChanges into README.UPDATING.

Added a note on the ABI of the dynlookups.

13 years agoCheck return values of setgid/setuid.
Phil Pennock [Fri, 21 Jan 2011 08:56:02 +0000 (03:56 -0500)]
Check return values of setgid/setuid.

CVE-2011-0017

One assertion of the unimportance of checking the return value was wrong,
in the event of a compromised exim run-time user.

13 years agoVersion reporting & module ABI change.
Phil Pennock [Fri, 21 Jan 2011 08:25:51 +0000 (03:25 -0500)]
Version reporting & module ABI change.

Debug version display reports library info.

Bumps lookup API magic constant, adds new field to module API.

When invoking { exim -d -bV } we can display more version information.
Show versions for many external libraries, including both compile-time
and run-time information if we can.

Optional for modules, may be NULL.  Implemented for MySQL, SQLite &
Whoson lookups.  For all lookups, if dynamically loaded, report the
Exim version number from the build.  (Packagers will bundle stuff, but
dynamic modules are no longer just available for packagers, so we need
to deal with less managed environments and people forgetting to install
new modules).

Suggest in EDITME that users of modules not using package management
consider embedding a version number in the path to the modules.

Should consider removing the TLS (OpenSSL/GnuTLS) reporting from the
default -bV display and moving it into the debug display.  Not done.

Created version.h, now support a version extension string for
distributors who patch heavily. Henceforth release engineer should
change the version in version.h not version.c.

13 years agoModule loading working on FreeBSD (and unbreak).
Phil Pennock [Mon, 17 Jan 2011 13:43:35 +0000 (08:43 -0500)]
Module loading working on FreeBSD (and unbreak).

(1) Commit eec525c43adade97ff94d839810faf7cb35bd87f broke module
    support, because we *do* still need some exported variable
    definitions, as for a module to actually work, we need the
    per-module _INCLUDE/_LIBS settings.

(2) FreeBSD's nsdispatch() will leave dlerror() returning a complaint
    about "_nss_cache_cycle_prevention_function"; we need to clear the
    error state before the dlsym() call, so that any error found
    afterwards must have come from that dlsym() call.  Fix is just an
    extra call to dlerror(), which should be portable.

I can now use sqlite3 from a module, in FreeBSD.

13 years agoMention new dlopen functionality.
Phil Pennock [Mon, 17 Jan 2011 06:57:28 +0000 (01:57 -0500)]
Mention new dlopen functionality.

13 years agoClarify: tls_verify_certificates is for CA certs.
Phil Pennock [Mon, 17 Jan 2011 03:21:37 +0000 (22:21 -0500)]
Clarify: tls_verify_certificates is for CA certs.

It can be used for individual user certs but is really intended for
CAs.  Note this, and explain that if the tls_verify_certificates value
is a file, then the certs within are sent from the server to clients,
thus is public data.

13 years agoLet /dev/null have normal permissions.
Phil Pennock [Mon, 17 Jan 2011 02:54:53 +0000 (21:54 -0500)]
Let /dev/null have normal permissions.

The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null.  Exempt it from some checks.
Reported by Andreas M. Kirchwitz

13 years agoBug-fix for bash and no-dynamic case.
Phil Pennock [Sun, 16 Jan 2011 23:36:55 +0000 (18:36 -0500)]
Bug-fix for bash and no-dynamic case.

When writing the patch, originally nothing other than a cp was needed if
there were no dynamic modules.  That changed, but the guard at the top
did not.  Remove that check.

bash does not like a block which consists solely of a comment.  Provide
a ':' invocation.

Both problems spotted by Simon Arlott -- thanks.

13 years agoBug 139: portability fixes and documentation.
Phil Pennock [Sun, 16 Jan 2011 07:15:53 +0000 (02:15 -0500)]
Bug 139: portability fixes and documentation.

Document the dynamic lookup module capability in spec.xfpt.
Include a ChangeLog item.

Avoid the GNU-specific "export" make(1) directive.
Build the lookups Makefile using the existing framework.
Build with BSD Make once more.

The src/lookups/Makefile that is used at build time now has the dynamic
content come from scripts/lookups-Makefile.

Add CFLAGS_DYNAMIC support, which can be set in Local/Makefile.
Provide defaults for Linux & FreeBSD.

Ensure that build fails early if a dynamic module is requested but
CFLAGS_DYNAMIC is not defined.

13 years agosrc/deliver.c: log the error message when unlink(spoolname) fails
Tony Finch [Fri, 14 Jan 2011 14:19:40 +0000 (14:19 +0000)]
src/deliver.c: log the error message when unlink(spoolname) fails

13 years agosrc/transports/smtp.c: log LMTP confirmation same as SMTP
Tony Finch [Fri, 14 Jan 2011 14:16:53 +0000 (14:16 +0000)]
src/transports/smtp.c: log LMTP confirmation same as SMTP

13 years agosrc/dbfn.c: write lock aquisition failures to the panic log
Tony Finch [Fri, 14 Jan 2011 14:12:23 +0000 (14:12 +0000)]
src/dbfn.c: write lock aquisition failures to the panic log

13 years agoCONTRIBUTING: correct expansion of GPL
Tony Finch [Fri, 14 Jan 2011 13:44:41 +0000 (13:44 +0000)]
CONTRIBUTING: correct expansion of GPL

13 years agoBugzilla #1067 - DKIM: Fix relaxed header canon for headers ending with whitespace.
Tom Kistner [Wed, 12 Jan 2011 20:48:22 +0000 (20:48 +0000)]
Bugzilla #1067 - DKIM: Fix relaxed header canon for headers ending with whitespace.

13 years agoInclude <dlfcn.h> only when necessary
David Woodhouse [Wed, 5 Jan 2011 23:58:37 +0000 (23:58 +0000)]
Include <dlfcn.h> only when necessary

13 years agoAdd dynamic lookup support
David Woodhouse [Wed, 5 Jan 2011 22:55:50 +0000 (22:55 +0000)]
Add dynamic lookup support

Fixed: bug #139

13 years agoDKIM ACL Documentation exim-4_73
Nigel Metheringham [Sun, 26 Dec 2010 18:17:23 +0000 (18:17 +0000)]
DKIM ACL Documentation

Fixes: bug #929
13 years agoFixes: bug #1002 - Message loss when using multiple deliveries
Miroslav Lichvar [Sun, 26 Dec 2010 18:10:29 +0000 (18:10 +0000)]
Fixes: bug #1002 - Message loss when using multiple deliveries
13 years agoLDAP Authetication documentation example syntax fix
Nigel Metheringham [Sun, 26 Dec 2010 18:04:08 +0000 (18:04 +0000)]
LDAP Authetication documentation example syntax fix

Fixes: bug #999
13 years agoReword BSMTP ACL documentation
Nigel Metheringham [Sun, 26 Dec 2010 18:01:47 +0000 (18:01 +0000)]
Reword BSMTP ACL documentation

Fixes: bug #974
13 years agoEximstats documentstion - s/delivery_time/deliver_time/
Nigel Metheringham [Sun, 26 Dec 2010 17:44:58 +0000 (17:44 +0000)]
Eximstats documentstion - s/delivery_time/deliver_time/

Fixes: bug #1034