Phil Pennock [Sun, 6 May 2012 09:50:57 +0000 (02:50 -0700)]
Disable SSLv2 by default.
Phil Pennock [Sun, 6 May 2012 04:38:18 +0000 (21:38 -0700)]
DNS resolver init changes for NetBSD compatibility.
Jeremy Harris [Sat, 5 May 2012 20:26:02 +0000 (21:26 +0100)]
Fix eximon build (tls_sni)
Jeremy Harris [Sat, 5 May 2012 20:10:19 +0000 (21:10 +0100)]
Merge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Sat, 5 May 2012 19:52:41 +0000 (20:52 +0100)]
Fix bug 1225: Accept new testsuite case output.
Having looked further at the ratelimit code, the new output looks reasonable. The obscure
values of "19" derive from testing "per-byte", being the size of the test message.
Phil Pennock [Sat, 5 May 2012 01:22:16 +0000 (18:22 -0700)]
Check localhost_number expansion for failure.
Avoids NULL dereference.
Report and patch from Alun Jones.
Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.
fixes bug 1122
Phil Pennock [Fri, 4 May 2012 22:52:30 +0000 (15:52 -0700)]
New doc section explaining TLS SNI
Phil Pennock [Fri, 4 May 2012 20:25:49 +0000 (13:25 -0700)]
silence various compiler complaints; expose NVALGRIND
Phil Pennock [Fri, 4 May 2012 20:06:38 +0000 (13:06 -0700)]
fix sdop directive in filter.xfpt
Phil Pennock [Fri, 4 May 2012 19:52:56 +0000 (12:52 -0700)]
fix all sdop "line overflow" doc complaints
Phil Pennock [Fri, 4 May 2012 19:26:21 +0000 (12:26 -0700)]
fix example line-length, add comment (openssl_options)
Phil Pennock [Fri, 4 May 2012 19:13:56 +0000 (12:13 -0700)]
Doc build bug-fix.
Had repeated .ilist instead of .next in the openssl_options value list.
Old sdop: segfault. New sdop: memory exhaustion.
Oops!
Phil Pennock [Fri, 4 May 2012 15:27:09 +0000 (08:27 -0700)]
More tls_sni support: outbound, logging.
tls_sni as SMTP transport option.
Use correct storage pool for copying tls_sni, so survives for life of process.
Add +tls_sni log-selector, for inbound tls_sni.
Update exipick to handle -tls_sni in spool files.
Also reset tls_bits at start of outbound connection (was missing).
Phil Pennock [Fri, 4 May 2012 11:39:01 +0000 (04:39 -0700)]
TLS SNI support for OpenSSL ($tls_sni)
Phil Pennock [Fri, 4 May 2012 02:20:43 +0000 (19:20 -0700)]
Guard loadable module vars with LOOKUP_MODULE_DIR.
Fixes compiler complaints about unused variables.
Phil Pennock [Fri, 4 May 2012 02:18:34 +0000 (19:18 -0700)]
spurious compiler warning of unused var fix
(but added check in case wrong about spuriousness)
Phil Pennock [Fri, 4 May 2012 02:11:49 +0000 (19:11 -0700)]
OpenSSL fixes and backwards compat break.
Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b.
Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.
Phil Pennock [Thu, 3 May 2012 10:21:31 +0000 (03:21 -0700)]
LDAP: Check for errors of TLS initialisation
Report and patch from Dmitry Banschikov.
Jeremy Harris [Tue, 1 May 2012 22:27:17 +0000 (23:27 +0100)]
Update testsuite output files for GnuTLS version update and fixes.
Jeremy Harris [Sun, 22 Apr 2012 21:23:42 +0000 (22:23 +0100)]
Code refactoring in acl.c (bug 1184)
Move to a table-driven approach for the parsing of "verify =".
Jeremy Harris [Fri, 27 Apr 2012 21:45:16 +0000 (22:45 +0100)]
Change notes for bug 660.
Jeremy Harris [Mon, 23 Apr 2012 20:46:03 +0000 (21:46 +0100)]
Return multi-values attributes from an LDAP lookup in parsable form (bug 660).
Phil Pennock [Mon, 30 Apr 2012 23:58:45 +0000 (16:58 -0700)]
document TK's bug 1239 fix in ChangeLog
Tom Kistner [Mon, 30 Apr 2012 12:37:40 +0000 (13:37 +0100)]
Fix verification when DKIM Signatures are not inserted as tracking headers. Thanks to Wolfgang Breyha for the patch! (bug 1239)
Jeremy Harris [Sat, 28 Apr 2012 23:22:35 +0000 (00:22 +0100)]
Include string_interpret_escape() in COMPILE_UTILITY cases.
Eximon needs it, via util-spool_in.o
It needed a private hex_digits[] to avoid bringing in all of globals.c to COMPILE_UTILITY.
Phil Pennock [Sat, 28 Apr 2012 21:17:24 +0000 (14:17 -0700)]
include string_unprinting() in COMPILE_UTILITY cases.
jgh debugged eximon build failure; util-spool_in.o needs it
Phil Pennock [Sat, 28 Apr 2012 13:21:02 +0000 (06:21 -0700)]
TLS fixes for OpenSSL.
Support TLS 1.1 & 1.2
New "openssl_options" values (all now documented).
Set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after
TLS renegotiation, which otherwise led to messages "Got SSL error 2".
Phil Pennock [Sat, 28 Apr 2012 13:04:09 +0000 (06:04 -0700)]
describe spool file changes for -tls_peerdn
Phil Pennock [Fri, 27 Apr 2012 09:39:59 +0000 (02:39 -0700)]
Handle \n in tls_peerdn for spool files.
Fixes bug 1240.
Jeremy Harris [Thu, 26 Apr 2012 22:00:15 +0000 (23:00 +0100)]
Fix testsuite case 0373.
The subtest does a readsocket (with 1s timeout) into a server
which closes immediately. The expected output in the testcase was null, the output
actually seen was the error-return expansion, which seems more correct.
Accepting the actual output.
Jeremy Harris [Sun, 22 Apr 2012 07:23:53 +0000 (08:23 +0100)]
New testcase output from SSL library.
Jeremy Harris [Tue, 24 Apr 2012 23:25:51 +0000 (00:25 +0100)]
Add ACL name to debug output of condition result (bug 1238).
Jeremy Harris [Mon, 23 Apr 2012 22:57:47 +0000 (23:57 +0100)]
Ensure $smtp_command is initialized before it can be expanded (bug 1182).
Jeremy Harris [Mon, 23 Apr 2012 20:47:53 +0000 (21:47 +0100)]
Add pointer to IPv6 support in prototype Makefile (bug 1232).
Jeremy Harris [Mon, 23 Apr 2012 19:03:16 +0000 (20:03 +0100)]
Update testsuite case enabled by fix for bug 1227, with changes require by bug 1224.
Phil Pennock [Mon, 23 Apr 2012 03:35:02 +0000 (20:35 -0700)]
Always init_lookup_list before readconf_main.
This happens while still root.
Be more emphatic in EDITME about the security implications of loadable modules.
Phil Pennock [Mon, 23 Apr 2012 03:20:16 +0000 (20:20 -0700)]
Better ls output fixing.
fixes bug 1226
Further investigation from Jeremy Harris showed the previous fix
left trailing whitespace on output which previously ended after
the permission bits (eg, test 0240).
This works better for me.
Jeremy Harris [Sun, 22 Apr 2012 21:28:57 +0000 (22:28 +0100)]
Merge branch 'master' of git://git.exim.org/exim
Dirk Mueller [Sun, 22 Apr 2012 18:21:32 +0000 (19:21 +0100)]
Mark cases where printf format strings are used
Bug report from Lars Müller <lars@samba.org> (via SUSE),
Patch from Dirk Mueller <dmueller@suse.com>
Jeremy Harris [Sun, 22 Apr 2012 15:13:22 +0000 (16:13 +0100)]
Bug 1224: fixup testsuite case output from testdb.
Jeremy Harris [Sun, 22 Apr 2012 13:32:03 +0000 (14:32 +0100)]
Add testsuite case retry (without update) option on failed file compare.
Jeremy Harris [Sun, 22 Apr 2012 09:01:29 +0000 (10:01 +0100)]
Accept change in testcase munged output for -bt
Trailing spaces were trimmed by commit
37acd760db
Jeremy Harris [Thu, 19 Apr 2012 00:52:07 +0000 (01:52 +0100)]
Bug 1224 followon - avoid breaking other testcases.
Add specific patterns to avoid when munging the output.
This is fragile and may still be broken outside my specific test environment.
Jeremy Harris [Wed, 18 Apr 2012 23:43:11 +0000 (00:43 +0100)]
Fix bug 1224.
Replace the lookup index char in sterr traces with a zero;
update testcase expected stderr files to match.
Jeremy Harris [Wed, 18 Apr 2012 20:21:28 +0000 (21:21 +0100)]
Fix bug 1229.
Update testcase output with now-expected info.
root [Tue, 17 Apr 2012 20:05:20 +0000 (21:05 +0100)]
Testcase changes to match changes introduced by bug 1214.
Additional "A=" authenticator info was added to log lines for rejections.
root [Mon, 16 Apr 2012 20:04:52 +0000 (21:04 +0100)]
Merge remote branch 'origin'
Phil Pennock [Fri, 13 Apr 2012 02:33:48 +0000 (19:33 -0700)]
Handle TAB, not just SP, in MAIL args.
Analysis, diagnosis and variant patch by Todd Lyons.
Phil Pennock [Thu, 12 Apr 2012 10:02:20 +0000 (03:02 -0700)]
Updated OptionsList with gsasl, heimdal_gssapi, _PC changes.
Also maildir_use_size_file is now expanded
Phil Pennock [Thu, 12 Apr 2012 08:41:44 +0000 (01:41 -0700)]
Two clarifications.
String expansion, draw more attention to † marking.
Document the order in which parameters are supplied to relative comparators.
root [Mon, 2 Apr 2012 19:57:49 +0000 (20:57 +0100)]
Fix IPv6 RE
Phil Pennock [Sat, 31 Mar 2012 10:10:54 +0000 (03:10 -0700)]
fix gsasl / cyrus claims
Point 1 for 4.78 said gsasl could *not* be used to replace cyrus.
This was obsoleted by point 5.
Remove claim from point 1, add additional note to point 5.
Phil Pennock [Fri, 30 Mar 2012 20:52:17 +0000 (13:52 -0700)]
Handle alternate access method flag in ls.
Jeremy Harris found ls output not parsing on SELinux systems. I
identified this as SUSv3's "optional alternate access method flag".
Jeremy wrote the patch, I adjusted a little.
fixes bug 1226
Phil Pennock [Fri, 30 Mar 2012 20:47:15 +0000 (13:47 -0700)]
set umask
fixes bug 1228
Phil Pennock [Fri, 30 Mar 2012 20:41:16 +0000 (13:41 -0700)]
handle more of the new format version numbers
Phil Pennock [Wed, 21 Mar 2012 08:45:59 +0000 (01:45 -0700)]
Merge branch 'dbmjz'
Phil Pennock [Wed, 21 Mar 2012 08:38:57 +0000 (01:38 -0700)]
heimdal_gssapi: accept SASL with empty authzid
Saw this happening with Apple Mail; accept it, dup the GSS Display Name
Phil Pennock [Fri, 2 Mar 2012 09:51:01 +0000 (01:51 -0800)]
Add dbmjz lookup type
Phil Pennock [Sun, 19 Feb 2012 22:03:06 +0000 (17:03 -0500)]
Log auth data in rejectlog.
http://bugs.exim.org/attachment.cgi?id=547&action=edit
fixes bug: 1214
Patch by Jeremy Harris
Phil Pennock [Sat, 18 Feb 2012 17:05:03 +0000 (12:05 -0500)]
expand cyrus_sasl server_realm option
Phil Pennock [Sat, 18 Feb 2012 16:20:18 +0000 (11:20 -0500)]
Merge branch 'sasl_fixes'
Phil Pennock [Sat, 18 Feb 2012 16:10:36 +0000 (11:10 -0500)]
Use gsasl_property_fast() in property callback.
Avoids the loops which we only cancel out anyway.
Phil Pennock [Sat, 18 Feb 2012 14:22:27 +0000 (09:22 -0500)]
Document pkg-config for TLS
Phil Pennock [Sat, 18 Feb 2012 14:10:50 +0000 (09:10 -0500)]
Support pkg-config for SSL libraries.
Also: update EDITME to refer to pkg-config & AUTH_HEIMDAL_GSSAPI.
Phil Pennock [Sat, 18 Feb 2012 13:34:12 +0000 (08:34 -0500)]
Document pkg-config
Phil Pennock [Sat, 18 Feb 2012 13:14:29 +0000 (08:14 -0500)]
Swap gsasl GSSAPI $auth1/$auth2
Phil Pennock [Sat, 18 Feb 2012 12:15:16 +0000 (07:15 -0500)]
Drop server_realm from heimdal_gssapi
Phil Pennock [Sat, 18 Feb 2012 09:56:19 +0000 (04:56 -0500)]
Document heimdal_gssapi as it works now.
Phil Pennock [Sat, 18 Feb 2012 09:10:35 +0000 (04:10 -0500)]
Minor cleanups.
multi-blank-line protection never set the bool needed
OID-method for keytab setting cleanup (drop <roken.h> and fix comments)
Phil Pennock [Fri, 17 Feb 2012 13:01:10 +0000 (08:01 -0500)]
Use gsskrb5_register_acceptor_identity
Drop the OID and pseudo-standard GSSAPI extension mechanism.
Found Heimdal-specific API call I needed, works great.
gsskrb5_register_acceptor_identity(filename)
Separately: add various debug statements.
Phil Pennock [Wed, 15 Feb 2012 13:09:57 +0000 (08:09 -0500)]
First pass heimdal_gssapi authenticator.
Not yet working, failing to set keytab.
Also: support (AUTH|LOOKUP)_*_PC=foo to use `pkg-config foo` for cflags/libs.
Phil Pennock [Tue, 14 Feb 2012 02:11:25 +0000 (21:11 -0500)]
Document gsasl integration
Phil Pennock [Mon, 6 Feb 2012 01:36:51 +0000 (20:36 -0500)]
More bug-fixes, GSASL DIGEST-MD5 now works.
Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
Deal with left-over-data-to-send correctly.
Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.
Phil Pennock [Mon, 6 Feb 2012 00:55:37 +0000 (19:55 -0500)]
remove stray globals block
Phil Pennock [Mon, 6 Feb 2012 00:13:32 +0000 (19:13 -0500)]
Implemented gsasl driver for authentication.
Missing: documentation; tests.
Tested: PLAIN auth.
Status: probably buggy
Phil Pennock [Sat, 4 Feb 2012 07:33:40 +0000 (02:33 -0500)]
Documentation for $tls_bits and SASL changes
Phil Pennock [Sat, 4 Feb 2012 07:26:27 +0000 (02:26 -0500)]
Various SASL fixes.
Export $tls_bits new expansion variable (not yet documented).
Fix tls-gnu.c so that ciphername string construction uses bit-count, not byte-count.
Avoid hard-coding primary_hostname in first call to init Cyrus SASL.
Cast fix for function pointer (Cyrus-SASL uses void params in struct entry funcptr, so need to cast).
Many more debug statements in cyrus_sasl.c
Pass external SSF from TLS cipher into Cyrus SASL initialisation.
Detect when we can't get an identity from SASL properties (error out correctly).
Detect when SASL negotiated a protection layer and error out, since we do not support those.
Phil Pennock [Tue, 3 Jan 2012 07:41:57 +0000 (02:41 -0500)]
bool{} is false for empty strings
fixes bug 1193
reported by Jasen Betts.
Nigel Metheringham [Wed, 30 Nov 2011 15:55:14 +0000 (15:55 +0000)]
Documentation had primary_host_name for primary_hostname. Fixes: #1169
Nigel Metheringham [Wed, 30 Nov 2011 15:46:48 +0000 (15:46 +0000)]
eximstats DATA reject detection regexps improved. Fixes: #1093
Nigel Metheringham [Wed, 30 Nov 2011 15:41:55 +0000 (15:41 +0000)]
Documentation fix. Fixes: #949
Phil Pennock [Tue, 22 Nov 2011 19:14:57 +0000 (14:14 -0500)]
Handle short writes on logfiles.
fixes bug 1053
Phil Pennock [Mon, 21 Nov 2011 03:02:16 +0000 (22:02 -0500)]
Merge branch 'log_retry'
Nigel Metheringham [Fri, 18 Nov 2011 13:36:14 +0000 (13:36 +0000)]
Rough readme mainly for benefit of github
Pod translator is lousing up - may move to a different
format for the future. [issues are with L<> links]
Phil Pennock [Mon, 14 Nov 2011 04:51:43 +0000 (23:51 -0500)]
log_write EINTR handling on write()
Phil Pennock [Thu, 10 Nov 2011 09:44:04 +0000 (04:44 -0500)]
Parallel build fixes for lookups
Make lookups depend upon PHDRS not HDRS.
Make parent dir depend upon child build target for lookups
Phil Pennock [Thu, 20 Oct 2011 23:30:20 +0000 (19:30 -0400)]
ASCII NUL in desc of $body_zerocount (keyword grepability)
Phil Pennock [Fri, 14 Oct 2011 14:03:02 +0000 (10:03 -0400)]
EXPAND_LISTMATCH_RHS for match_ip too
Phil Pennock [Tue, 11 Oct 2011 07:27:17 +0000 (03:27 -0400)]
PCRE_PRERELEASE is a bare sequence, not a string.
Phil Pennock [Mon, 10 Oct 2011 05:18:13 +0000 (01:18 -0400)]
Unbreak release.sh for final releases
Phil Pennock [Mon, 10 Oct 2011 05:05:07 +0000 (01:05 -0400)]
Update release date, prep for 4.77 final cut
Phil Pennock [Mon, 10 Oct 2011 03:53:48 +0000 (23:53 -0400)]
Testsuite: also handle -XX in version
Phil Pennock [Mon, 10 Oct 2011 03:43:13 +0000 (23:43 -0400)]
More testsuite fixes
Phil Pennock [Mon, 10 Oct 2011 00:34:40 +0000 (20:34 -0400)]
Make runtest more resilient to setup problems
Phil Pennock [Sun, 9 Oct 2011 06:25:31 +0000 (02:25 -0400)]
fix unprotected variable in SQL example
Phil Pennock [Sat, 8 Oct 2011 11:13:07 +0000 (07:13 -0400)]
Make README.UPDATING more explicit, with more examples, about the impact of the match_<type> changes
Phil Pennock [Fri, 7 Oct 2011 20:37:32 +0000 (16:37 -0400)]
exiqgrep: handle queue line size output too small for K
Phil Pennock [Fri, 7 Oct 2011 03:40:01 +0000 (23:40 -0400)]
rework userforward local_part_suffix documentation
Loosely based on suggestion from Julian Gilbey.
fixes bug 1139.
Phil Pennock [Thu, 6 Oct 2011 06:59:26 +0000 (02:59 -0400)]
shut up bogus complaint of unused variable in new ratelimit ACL work
Phil Pennock [Wed, 5 Oct 2011 23:36:34 +0000 (19:36 -0400)]
Apply patch from Dmitry Isaikin fixing log.c format string.
fixes bug 1152.