users/jgh/exim.git
10 years agoTPDA tidying
Jeremy Harris [Wed, 10 Sep 2014 14:13:53 +0000 (15:13 +0100)]
TPDA tidying

10 years agodoc typo
Jeremy Harris [Mon, 8 Sep 2014 08:55:57 +0000 (09:55 +0100)]
doc typo

10 years agoAdd expansion item for sorting lists
Jeremy Harris [Sat, 6 Sep 2014 20:10:17 +0000 (21:10 +0100)]
Add expansion item for sorting lists

10 years agoSupport secondary-separator specifier for MX, SRV and TLSA dnsdb lookups
Jeremy Harris [Sat, 6 Sep 2014 18:59:34 +0000 (19:59 +0100)]
Support secondary-separator specifier for MX, SRV and TLSA dnsdb lookups

10 years agoMerge branch 'master_condition_description'
Todd Lyons [Sat, 6 Sep 2014 05:17:37 +0000 (22:17 -0700)]
Merge branch 'master_condition_description'

10 years agoBug 1518: fix description of condition processing
Todd Lyons [Thu, 4 Sep 2014 18:20:31 +0000 (11:20 -0700)]
Bug 1518: fix description of condition processing

The description in the first commit was completely wrong.  Thanks to
  Phil for setting me straight and seeding me with the correct verbage.

10 years agoEnforce TLS under DANE when host has TLSA records
Jeremy Harris [Thu, 4 Sep 2014 21:40:09 +0000 (22:40 +0100)]
Enforce TLS under DANE when host has TLSA records

10 years agoFix ${extract expansion for use within ${if inlist etc. Bug 1524
Jeremy Harris [Tue, 2 Sep 2014 22:37:57 +0000 (23:37 +0100)]
Fix ${extract expansion for use within ${if inlist etc.  Bug 1524

The coding of the numeric test on the key decided that empty was numeric, and
insisted on a third substring even in syntax-check "skip" mode.  This failed
when a single expansion variable was used for the key (eg. $item) and the
defaults for string2, string3 were being assumed.  Skip the test in skip mode.

10 years agoIntroduce EXPERIMENTAL_DANE feature
Jeremy Harris [Tue, 2 Sep 2014 12:14:01 +0000 (13:14 +0100)]
Introduce EXPERIMENTAL_DANE feature

10 years agoChangeLog entry
Jeremy Harris [Tue, 2 Sep 2014 12:12:45 +0000 (13:12 +0100)]
ChangeLog entry

10 years agoredis lookup returns false for things that should be true
Sebastian Wiedenroth [Tue, 2 Sep 2014 10:41:30 +0000 (12:41 +0200)]
redis lookup returns false for things that should be true

If redis returns an integer the lookup code currently checks if the value is 1 and returns false for all other values.
This is problematic if you want to use redis commands that return counts (ZCARD etc.) because you can't check for "does not exist" or "exists at least once". (It will be 0->false, 1->true, 2 or more-> false again)

This commit changes the code to handle integer values like C: 0 is false and everything else is true.

For the simple 0 and 1 values nothing changes to existing queries so this diff is backwards compatible.
For queries that return other values exim now gets the bool that would be expected.

10 years agoWarn on OCSP interaction with DANE
Jeremy Harris [Mon, 1 Sep 2014 13:54:59 +0000 (14:54 +0100)]
Warn on OCSP interaction with DANE

10 years agoAdd missing puctuation
Jeremy Harris [Sun, 31 Aug 2014 21:07:54 +0000 (22:07 +0100)]
Add missing puctuation

10 years agoUpdate comment
Jeremy Harris [Sun, 31 Aug 2014 20:54:58 +0000 (21:54 +0100)]
Update comment

10 years agoFurther doc examples for ldap lookup output
Heiko Schlittermann [Sun, 31 Aug 2014 13:13:22 +0000 (14:13 +0100)]
Further doc examples for ldap lookup output

10 years agoFix crash in mime acl when a parameter is zero-length
Jeremy Harris [Fri, 29 Aug 2014 13:11:50 +0000 (14:11 +0100)]
Fix crash in mime acl when a parameter is zero-length

10 years agoFix tpda tcp:connect testcase
Jeremy Harris [Fri, 29 Aug 2014 10:37:56 +0000 (11:37 +0100)]
Fix tpda tcp:connect testcase

10 years agoBugzilla 1518: Clarify router "condition" parsing
Todd Lyons [Fri, 29 Aug 2014 00:09:03 +0000 (17:09 -0700)]
Bugzilla 1518: Clarify router "condition" parsing

10 years agoFurther TPDA events
Jeremy Harris [Wed, 27 Aug 2014 16:00:39 +0000 (17:00 +0100)]
Further TPDA events
 msg:complete
 msg:fail:internal
 msg:fail:delivery

10 years agoAdd doc detail on ldap lookup output parsing
Jeremy Harris [Wed, 27 Aug 2014 11:08:48 +0000 (12:08 +0100)]
Add doc detail on ldap lookup output parsing

10 years agoMerge branch dane-tpda into dane
Jeremy Harris [Wed, 20 Aug 2014 19:34:17 +0000 (20:34 +0100)]
Merge branch dane-tpda into dane

Conflicts:
doc/doc-txt/experimental-spec.txt
src/src/deliver.c
src/src/functions.h
src/src/smtp_out.c
src/src/tls-openssl.c
src/src/transports/smtp.c
src/src/verify.c

10 years agoUpdate change log
Jeremy Harris [Wed, 20 Aug 2014 19:24:50 +0000 (20:24 +0100)]
Update change log

10 years agoMerge branch 'master' into dane
Jeremy Harris [Wed, 20 Aug 2014 19:22:21 +0000 (20:22 +0100)]
Merge branch 'master' into dane

Conflicts:
doc/doc-txt/ChangeLog
src/src/tls-openssl.c
src/src/transports/smtp.c
src/src/verify.c

10 years agoExpanded EXPERIMENTAL_TPDA feature
Jeremy Harris [Wed, 20 Aug 2014 13:05:30 +0000 (14:05 +0100)]
Expanded EXPERIMENTAL_TPDA feature

Note this introduces incompatible changes; users who are compiling
the feature in, and with configuration files using it, will need to
change their configurations appropriately.  See the experimental-spec.txt
file.

10 years agoMerge remote-tracking branch 'exim_github/pr/16'
Todd Lyons [Mon, 18 Aug 2014 12:25:59 +0000 (05:25 -0700)]
Merge remote-tracking branch 'exim_github/pr/16'

10 years agoSafer coding for utf8clean expansion operator
Jeremy Harris [Sun, 17 Aug 2014 18:10:36 +0000 (19:10 +0100)]
Safer coding for utf8clean expansion operator

10 years agoUpdate DANE draft docs
Jeremy Harris [Sun, 17 Aug 2014 18:05:37 +0000 (19:05 +0100)]
Update DANE draft docs

10 years agoLog an error (instead of hanging) if Dovecot auth is configured to use the wrong...
Timo Sirainen [Sun, 17 Aug 2014 18:01:49 +0000 (21:01 +0300)]
Log an error (instead of hanging) if Dovecot auth is configured to use the wrong auth-master/auth-userdb socket.

10 years agoUnbreak utf8clean testcase.
Jeremy Harris [Sun, 17 Aug 2014 17:26:08 +0000 (18:26 +0100)]
Unbreak utf8clean testcase.

Broken by my compile quitening; the issue was a variable
declared local in a loop body and used for carrying data
from one iteration to the next.  I'd blindly added an
initialiser, destroying the data.  However, I *think* that
compilers might be at liberty to not use the same location
for separate iterations; if so the code was broken (and only
worked by chance).  Fix by moving the declaration outside
the loop.

10 years agoProperly detect/set test variables from scripts.
Todd Lyons [Thu, 14 Aug 2014 19:36:34 +0000 (12:36 -0700)]
Properly detect/set test variables from scripts.

10 years agoOverride an unchanged default hosts_request_ocsp when DANE is used
Jeremy Harris [Sun, 17 Aug 2014 15:38:32 +0000 (16:38 +0100)]
Override an unchanged default hosts_request_ocsp when DANE is used

10 years agoFeature compile-guard
Jeremy Harris [Sun, 17 Aug 2014 13:42:43 +0000 (14:42 +0100)]
Feature compile-guard

10 years agoAdd sha256 operator usage
Jeremy Harris [Sun, 17 Aug 2014 00:05:21 +0000 (01:05 +0100)]
Add sha256 operator usage

10 years agoAdd observability variables and provision for avoiding OCSP conflicts
Jeremy Harris [Sat, 16 Aug 2014 23:41:17 +0000 (00:41 +0100)]
Add observability variables and provision for avoiding OCSP conflicts

10 years agoBreak out dane code to separate functions
Jeremy Harris [Sat, 16 Aug 2014 21:36:56 +0000 (22:36 +0100)]
Break out dane code to separate functions

10 years agoClarify docs on ldap alternate servers list
Jeremy Harris [Sat, 16 Aug 2014 20:37:36 +0000 (21:37 +0100)]
Clarify docs on ldap alternate servers list

10 years agoCompiler quietening
Jeremy Harris [Fri, 15 Aug 2014 19:24:44 +0000 (20:24 +0100)]
Compiler quietening

10 years agoClean docs for next release
Jeremy Harris [Thu, 14 Aug 2014 20:37:00 +0000 (21:37 +0100)]
Clean docs for next release

10 years agoFix fakens TLSA generation and DANE TLSA lookup
Jeremy Harris [Thu, 14 Aug 2014 20:21:45 +0000 (21:21 +0100)]
Fix fakens TLSA generation and DANE TLSA lookup

10 years agoChangeLog entry for OpenBSD 5.5 patch
Todd Lyons [Thu, 14 Aug 2014 19:59:49 +0000 (12:59 -0700)]
ChangeLog entry for OpenBSD 5.5 patch

10 years agoShuffle test order
Jeremy Harris [Thu, 14 Aug 2014 19:47:31 +0000 (20:47 +0100)]
Shuffle test order

10 years agoMerge branch 'master' of git://git.exim.org/exim
Todd Lyons [Thu, 14 Aug 2014 19:37:23 +0000 (12:37 -0700)]
Merge branch 'master' of git://git.exim.org/exim

10 years agoProperly detect/set test variables from scripts.
Todd Lyons [Thu, 14 Aug 2014 19:36:34 +0000 (12:36 -0700)]
Properly detect/set test variables from scripts.

10 years agoAdd testcase for TLSA record access
Jeremy Harris [Thu, 14 Aug 2014 19:28:02 +0000 (20:28 +0100)]
Add testcase for TLSA record access

10 years agoFix non-dane build
Jeremy Harris [Thu, 14 Aug 2014 13:52:40 +0000 (14:52 +0100)]
Fix non-dane build

10 years agoOpenBSD 5.5 removed arc4random_stir
Todd Lyons [Thu, 14 Aug 2014 12:30:54 +0000 (05:30 -0700)]
OpenBSD 5.5 removed arc4random_stir

10 years agoTestsuite - Squashed commit of the following:
Jeremy Harris [Wed, 13 Aug 2014 15:23:44 +0000 (16:23 +0100)]
Testsuite - Squashed commit of the following:

commit 7566c531c43298510e080eb8a7ed7cf767f9476b
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date:   Wed Aug 13 16:20:38 2014 +0100

    Assorted OpenSSL cases fail on different library versions. Discard stdout info to hide this.

commit 3d389bc6a5ba0943f1b451fa7a8f2e3246de0bb1
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date:   Wed Aug 13 14:05:19 2014 +0100

    Case 0563 was broken when the GECOS field had spaces. Accept quoted ones in stderr.

commit d4333083f230702c8be45650dc48b6eb65a162eb
Author: Jeremy Harris <jgh146exb@wizmail.org>
Date:   Mon Aug 11 18:30:49 2014 +0100

    Case 0601 was unreliable; perl racing with exim for output. Quieten exim.

10 years agoDo not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426
Jeremy Harris [Mon, 11 Aug 2014 16:47:01 +0000 (17:47 +0100)]
Do not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426

10 years agoBetter logging of OCSP fails
Jeremy Harris [Mon, 11 Aug 2014 16:10:12 +0000 (17:10 +0100)]
Better logging of OCSP fails

10 years agoEnable OCSP
Jeremy Harris [Sun, 10 Aug 2014 20:52:24 +0000 (21:52 +0100)]
Enable OCSP

10 years agoAdd (2 0 1) test
Jeremy Harris [Sun, 10 Aug 2014 18:06:47 +0000 (19:06 +0100)]
Add (2 0 1) test

10 years agoChange CV= log line element for dane-verified cert
Jeremy Harris [Sun, 10 Aug 2014 16:25:26 +0000 (17:25 +0100)]
Change CV= log line element for dane-verified cert

10 years agoCapture the knowlege that verification succeeded
Jeremy Harris [Sun, 10 Aug 2014 15:57:15 +0000 (16:57 +0100)]
Capture the knowlege that verification succeeded

10 years agoAdd direct-A test
Jeremy Harris [Sun, 10 Aug 2014 14:55:43 +0000 (15:55 +0100)]
Add direct-A test

10 years agoVerifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)
Jeremy Harris [Sun, 10 Aug 2014 14:00:27 +0000 (15:00 +0100)]
Verifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)

10 years agoDiffs for draft 11
Jeremy Harris [Sun, 10 Aug 2014 13:58:59 +0000 (14:58 +0100)]
Diffs for draft 11

10 years agoCopy latest SMTP-with-DANE - draft 11
Jeremy Harris [Sun, 10 Aug 2014 13:43:59 +0000 (14:43 +0100)]
Copy latest SMTP-with-DANE - draft 11

10 years agoAdd support in the fakens utility for TLSA records
Jeremy Harris [Sun, 10 Aug 2014 11:31:21 +0000 (12:31 +0100)]
Add support in the fakens utility for TLSA records

10 years agoAdd support in the fakens utility for marking records as "secure"
Jeremy Harris [Sun, 10 Aug 2014 10:58:06 +0000 (11:58 +0100)]
Add support in the fakens utility for marking records as "secure"
and returning an AD bit for lookups.

10 years agoOn a host lookup name->MX->A->ip sequence, require both stages to
Jeremy Harris [Sun, 10 Aug 2014 10:49:49 +0000 (11:49 +0100)]
On a host lookup name->MX->A->ip sequence, require both stages to
be dnssec before declaring the lookup was secure.

10 years agoIgnore dane-related debug out in non-dane testcases
Jeremy Harris [Sat, 9 Aug 2014 15:04:37 +0000 (16:04 +0100)]
Ignore dane-related debug out in non-dane testcases

10 years agoDoc updates for work since 4.83 exim-4_84
Jeremy Harris [Sat, 9 Aug 2014 12:44:29 +0000 (13:44 +0100)]
Doc updates for work since 4.83

10 years agoTest development
Jeremy Harris [Fri, 8 Aug 2014 20:37:22 +0000 (21:37 +0100)]
Test development

10 years agoBug 1509: Add parser for DSN spool lines exim-4_84_RC2
Wolfgang Breyha [Fri, 8 Aug 2014 20:04:06 +0000 (13:04 -0700)]
Bug 1509: Add parser for DSN spool lines

DSN support added a new formatted entry to the spool files, this change
  gives exipick the ability to read that entry.

10 years agoTestsuite basics.
Jeremy Harris [Fri, 8 Aug 2014 19:45:24 +0000 (20:45 +0100)]
Testsuite basics.

Not actually excercising DANE yet,
this will take additions in the fakedns and
probably changes in certificates.

10 years agoSketch in library interface
Jeremy Harris [Thu, 7 Aug 2014 21:18:41 +0000 (22:18 +0100)]
Sketch in library interface

10 years agoGeneral discussion of DANE usage
Jeremy Harris [Thu, 7 Aug 2014 19:31:46 +0000 (20:31 +0100)]
General discussion of DANE usage

10 years agoBetter logging of OCSP fails
Jeremy Harris [Mon, 4 Aug 2014 15:03:39 +0000 (16:03 +0100)]
Better logging of OCSP fails

10 years agoDocument $tls_in_ocsp, $tls_out_ocsp
Jeremy Harris [Mon, 4 Aug 2014 13:55:55 +0000 (14:55 +0100)]
Document $tls_in_ocsp, $tls_out_ocsp

10 years agoFix broken EXPERIMENTAL_DSN compile
Jeremy Harris [Sat, 2 Aug 2014 10:26:11 +0000 (11:26 +0100)]
Fix broken EXPERIMENTAL_DSN compile

10 years agoFix development-testing induced crash on second use
Jeremy Harris [Fri, 1 Aug 2014 18:07:56 +0000 (19:07 +0100)]
Fix development-testing induced crash on second use

10 years agoBasic DANE entry points
Jeremy Harris [Fri, 1 Aug 2014 17:16:53 +0000 (18:16 +0100)]
Basic DANE entry points

10 years agoAdd note on Dovecot configuration for authentication. Bug 1512 exim-4_84_RC1
Jeremy Harris [Fri, 1 Aug 2014 08:18:18 +0000 (09:18 +0100)]
Add note on Dovecot configuration for authentication.  Bug 1512

10 years agoAdd interface documentation for the DANE library
Jeremy Harris [Thu, 31 Jul 2014 20:52:48 +0000 (21:52 +0100)]
Add interface documentation for the DANE library

10 years agoFix parsing of quoted parameter values in MIME headers. Bug 1513
Jeremy Harris [Wed, 30 Jul 2014 20:42:38 +0000 (21:42 +0100)]
Fix parsing of quoted parameter values in MIME headers.  Bug 1513

10 years agoCoding style closer to project norms
Jeremy Harris [Tue, 29 Jul 2014 21:27:42 +0000 (22:27 +0100)]
Coding style closer to project norms

10 years agoAdd DANE RFC (6698) for reference
Todd Lyons [Tue, 29 Jul 2014 15:40:38 +0000 (08:40 -0700)]
Add DANE RFC (6698) for reference

10 years agoAdd current draft of SMTP with DANE
Todd Lyons [Tue, 29 Jul 2014 14:33:26 +0000 (07:33 -0700)]
Add current draft of SMTP with DANE

10 years agoCreate a hosts_try_dane transport option, does nothing yet
Todd Lyons [Mon, 24 Mar 2014 18:24:23 +0000 (11:24 -0700)]
Create a hosts_try_dane transport option, does nothing yet

10 years agoFramework to build dane support
Todd Lyons [Wed, 5 Mar 2014 14:17:54 +0000 (06:17 -0800)]
Framework to build dane support

10 years agoFix doc parse error
Todd Lyons [Tue, 29 Jul 2014 12:24:50 +0000 (05:24 -0700)]
Fix doc parse error

10 years agoDocument acl args variables in main variables section
Jeremy Harris [Sat, 26 Jul 2014 13:28:40 +0000 (14:28 +0100)]
Document acl args variables in main variables section

10 years agoFix "default config" section wrt. rfc1413_hosts
Jeremy Harris [Thu, 24 Jul 2014 12:55:00 +0000 (13:55 +0100)]
Fix "default config" section wrt. rfc1413_hosts

10 years agoBug 1506: document change made
Todd Lyons [Wed, 23 Jul 2014 15:11:09 +0000 (08:11 -0700)]
Bug 1506: document change made

10 years agoBug 1506: Silence static checkers.
Lars Mueller [Wed, 23 Jul 2014 14:22:52 +0000 (07:22 -0700)]
Bug 1506: Silence static checkers.

Re-adds a return NULL which was removed because it was redundant. Static
  checkers don't parse the logic, so adding it back to make them happy.

10 years agoBug 1506: Fix static typechecker output
Todd Lyons [Wed, 23 Jul 2014 14:09:06 +0000 (07:09 -0700)]
Bug 1506: Fix static typechecker output

The end of the function can never be reached because the switch is only
  reached if the value it is checking is valid. Putting this return
  silences the warnings.

10 years agoUpdate version numbers, clean docs for next release
Todd Lyons [Wed, 23 Jul 2014 14:08:52 +0000 (07:08 -0700)]
Update version numbers, clean docs for next release

10 years agoDo not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426
Jeremy Harris [Tue, 27 May 2014 20:50:41 +0000 (21:50 +0100)]
Do not sleep for tiny periods, or hang trying to sleep for zero. Bug 1426

10 years agoEnsure timer never set to zero for millisleep. Bug 1426
Jeremy Harris [Mon, 26 May 2014 15:09:37 +0000 (16:09 +0100)]
Ensure timer never set to zero for millisleep.  Bug 1426

10 years agoMassage coding style to project norm
Jeremy Harris [Tue, 22 Jul 2014 21:30:22 +0000 (22:30 +0100)]
Massage coding style to project norm

10 years agoDocumentation/Tests for CVE-2014-2972 fix exim-4_83
Todd Lyons [Fri, 18 Jul 2014 18:42:08 +0000 (11:42 -0700)]
Documentation/Tests for CVE-2014-2972 fix

10 years agoOnly expand integers for integer math once
Tony Finch [Wed, 16 Jul 2014 13:13:39 +0000 (06:13 -0700)]
Only expand integers for integer math once

10 years agoFix regex for Suse when converting spec to ASCII
Todd Lyons [Tue, 15 Jul 2014 19:50:35 +0000 (12:50 -0700)]
Fix regex for Suse when converting spec to ASCII

10 years agoFix parsing of mime headers
Jeremy Harris [Mon, 14 Jul 2014 13:13:22 +0000 (14:13 +0100)]
Fix parsing of mime headers

RFC2045 allows parameter values to be quoted; an embedded semicolon
must then not terminate the parameter.

10 years agoDNSSEC: fix clang warning re && in || precedence
Phil Pennock [Mon, 14 Jul 2014 07:13:13 +0000 (03:13 -0400)]
DNSSEC: fix clang warning re && in || precedence

I looked and AFAICT the compiler guidance gives the correct logical
binding for the code intention.

```
dnsdb.c:362:32: warning: '&&' within '||' [-Wlogical-op-parentheses]
       || dnssec_mode == DEFER && !dns_is_secure(&dnsa)
       ~~ ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~
dnsdb.c:362:32: note: place parentheses around the '&&' expression to silence this warning
       || dnssec_mode == DEFER && !dns_is_secure(&dnsa)
                               ^
          (                                            )
```

10 years agoMacOS: fix clang redef warning
Phil Pennock [Mon, 14 Jul 2014 07:10:41 +0000 (03:10 -0400)]
MacOS: fix clang redef warning

10 years agoUse Ustrlen() on a uschar
Phil Pennock [Mon, 14 Jul 2014 07:04:16 +0000 (03:04 -0400)]
Use Ustrlen() on a uschar

10 years agoFix unsigned < 0 check
Phil Pennock [Mon, 14 Jul 2014 06:59:52 +0000 (02:59 -0400)]
Fix unsigned < 0 check

Two places in malware.c were using `fsize`, defined as `unsigned int`,
to receive the result of `lseek()` and then checking if the value was
less than 0.  As clang says:

```
malware.c:1228:46: warning: comparison of unsigned expression < 0 is always false [-Wtautological-compare]
          if ((fsize = lseek(clam_fd, 0, SEEK_END)) < 0) {
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~
```

Fix.  Use `off_t`, which we're already using elsewhere, then use
`fsize_uint` to handle off_t being potentially 64-bit, and a
sanity-check on conversion which hopefully won't be optimised away by
compilers.

10 years agoRename T_APL to T_ADDRESSES
Phil Pennock [Mon, 14 Jul 2014 06:49:33 +0000 (02:49 -0400)]
Rename T_APL to T_ADDRESSES

Fixes Github issue #15

Known DNS RRTYPE aliases can be found at
<http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml>
and `T_APL` conflicts with the `APL` RRTYPE, Address Prefix List, in
experimental RFC 3123.

Issue reported compilation issues on OpenBSD.

Instead, use `T_ADDRESSES`.

10 years agoFix TLS SNI, and add regression test cases
Jeremy Harris [Sun, 13 Jul 2014 11:18:09 +0000 (12:18 +0100)]
Fix TLS SNI, and add regression test cases