Heiko Schlittermann (HS12-RIPE) [Wed, 2 Nov 2016 22:19:31 +0000 (23:19 +0100)]
Testsuite: README for t/
Heiko Schlittermann (HS12-RIPE) [Wed, 2 Nov 2016 22:16:49 +0000 (23:16 +0100)]
Testsuite: started t/ to add tests for the testsuite
Jeremy Harris [Wed, 2 Nov 2016 21:30:16 +0000 (21:30 +0000)]
Fix OCSP proof verification for direct-signed proofs. Bug 1909
Jeremy Harris [Wed, 2 Nov 2016 21:25:49 +0000 (21:25 +0000)]
Testsuite: replicate testcases for LE OCSP
Jeremy Harris [Tue, 1 Nov 2016 18:35:39 +0000 (18:35 +0000)]
Testsuite: regen certs, now with additional LetsEncrypt-style OCSP proofs
Jeremy Harris [Sun, 30 Oct 2016 19:05:26 +0000 (19:05 +0000)]
Reverse the scan direction for option-table builtin macros
so that names with substring-names work usefully
Heiko Schlittermann (HS12-RIPE) [Wed, 2 Nov 2016 21:28:18 +0000 (22:28 +0100)]
Testsuite: find a group name if 'mail' is not available.
If the group 'mail' does not exist (as on some *BSD systems),
test 0001 fails. We now use a randomly choosen group, if necessary.
The group name isn't used for anything else than testing the config
file parser.
Heiko Schlittermann (HS12-RIPE) [Tue, 1 Nov 2016 12:58:36 +0000 (13:58 +0100)]
Testsuite: do not attempt to open /dev/tty if in -CONTINUE mode
Jeremy Harris [Sat, 29 Oct 2016 22:06:49 +0000 (23:06 +0100)]
Testsuite: tidying
Jeremy Harris [Sat, 29 Oct 2016 19:51:44 +0000 (20:51 +0100)]
Tidying: coverity issues
Jeremy Harris [Sat, 29 Oct 2016 17:54:49 +0000 (18:54 +0100)]
Fix dns authority-name lookup
Jeremy Harris [Sat, 29 Oct 2016 16:51:38 +0000 (17:51 +0100)]
constification
Jeremy Harris [Sat, 29 Oct 2016 14:22:23 +0000 (15:22 +0100)]
Testsuite: tidying
Jeremy Harris [Sat, 29 Oct 2016 12:35:52 +0000 (13:35 +0100)]
Testsuite: tidying
Jeremy Harris [Sun, 23 Oct 2016 17:15:26 +0000 (18:15 +0100)]
tidying
Jeremy Harris [Tue, 25 Oct 2016 22:48:23 +0000 (23:48 +0100)]
Testsuite: for $parm_hostname use method more similar to readconf() $primary_hostname coding
Jeremy Harris [Tue, 25 Oct 2016 13:59:44 +0000 (14:59 +0100)]
TFO: use IPPROTO_TCP not SOL_TCL for setsockopt, being present on more platforms
Also downgrade errors from panic-log to debug
Jeremy Harris [Tue, 25 Oct 2016 13:58:03 +0000 (14:58 +0100)]
Testsuite: make common-code config usable in non-TLS builds
Phil Pennock [Mon, 24 Oct 2016 01:59:30 +0000 (21:59 -0400)]
Update README.UPDATING; fix typos in ChangeLog/NewStuff
Heiko Schlittermann (HS12-RIPE) [Sun, 23 Oct 2016 21:43:18 +0000 (22:43 +0100)]
Testsuite: account for platforms not supporting TFO, redux
Jeremy Harris [Sun, 23 Oct 2016 16:57:43 +0000 (17:57 +0100)]
TFO: feature advertisement
Jeremy Harris [Sun, 23 Oct 2016 16:23:49 +0000 (17:23 +0100)]
Testsuite: account for platforms not supporting TFO
Jeremy Harris [Sun, 23 Oct 2016 13:09:55 +0000 (14:09 +0100)]
Fix bug with aborted server TLS connection, under GnuTLS
Longstanding, but exposed by
60d10ce
Jeremy Harris [Sat, 22 Oct 2016 21:40:39 +0000 (22:40 +0100)]
TFO: Support compilation on systems which define TCP_FASTOPEN but not MSG_FASTOPEN
RHEL 7.0 does that, oddly
Jeremy Harris [Sat, 22 Oct 2016 20:12:52 +0000 (21:12 +0100)]
Testsuite: Add testcase for GnuTLS disconnect after STARTTLS
Jeremy Harris [Sat, 22 Oct 2016 20:44:46 +0000 (21:44 +0100)]
Testsuite: More help with getting testsuite running
Jeremy Harris [Sat, 22 Oct 2016 13:47:59 +0000 (14:47 +0100)]
tidying
Jeremy Harris [Thu, 20 Oct 2016 23:26:14 +0000 (00:26 +0100)]
TCP Fast Open
Jeremy Harris [Fri, 21 Oct 2016 11:36:55 +0000 (12:36 +0100)]
Expansions: errorcheck use of crypt() in the open-coded version of crypteq/crypt16
Previously, bad arguments crashed under OpenBSD
Jeremy Harris [Wed, 19 Oct 2016 20:55:44 +0000 (21:55 +0100)]
tidying
Jeremy Harris [Thu, 20 Oct 2016 20:49:50 +0000 (21:49 +0100)]
Testsuite: munge for platform errno variance
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Oct 2016 14:53:32 +0000 (16:53 +0200)]
Testsuite: use /usr/bin/env perl to get Perl from $PATH
Some buildfarm animals may have more recent versions of Perl
installed in some directory accessable via $PATH. So we don't hardwire
/usr/bin/perl. (e.g. verily)
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Oct 2016 14:46:10 +0000 (16:46 +0200)]
Testsuite: Add doc for PORT_DYNAMIC
Heiko Schlittermann (HS12-RIPE) [Wed, 19 Oct 2016 22:15:03 +0000 (00:15 +0200)]
Testsuite: cosmetical change
Heiko Schlittermann (HS12-RIPE) [Wed, 19 Oct 2016 22:14:08 +0000 (00:14 +0200)]
Testsuite: Use .editorconfig for test/runtest
Heiko Schlittermann (HS12-RIPE) [Wed, 19 Oct 2016 14:56:37 +0000 (16:56 +0200)]
Testsuite: Add PORT_DYNAMIC (Bug 1775)
This avoids problems on OpenBSD with SO_REUSEADDR.
On OpenBSD SO_REUSEADDR only works if the IP address AND the EUID
of the bind(2) calls match. In 0562 Exim binds to 1225 as euid=0,
in 0564 runtest tries to bind to 01225 as the user running the tests.
Thanks to Kirill Miazine for working this out.
Heiko Schlittermann (HS12-RIPE) [Wed, 19 Oct 2016 21:13:20 +0000 (23:13 +0200)]
Testsuite: Fix IPv4 address detection.
Broken-by: d63a95630
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Oct 2016 20:16:24 +0000 (22:16 +0200)]
Testsuite: Test for existence if 'ip'
Phil Pennock [Wed, 19 Oct 2016 03:22:03 +0000 (23:22 -0400)]
Unbreak build: crypto hdrs not in system includes
If using pkg-config to get the paths for various packages and the crypto
library headers are not in the system headers, then the hash work broke
the Exim build by requiring the CFLAGS manipulation for _all_ builds,
not just the TLS libraries.
Shows up on MacOS where there's a system OpenSSL but not system OpenSSL
headers (because only SecureTransport is supported) and using
brew-installed OpenSSL.
I've also coded the fix for GnuTLS on the same basis, but that's
untested.
Fixes bug 1906
Jeremy Harris [Tue, 18 Oct 2016 22:35:35 +0000 (23:35 +0100)]
Avoid pure-ACK TCP segments during command phase
Heiko Schlittermann (HS12-RIPE) [Sun, 16 Oct 2016 22:14:55 +0000 (00:14 +0200)]
Testsuite: Check version of binary against current git revision
Jeremy Harris [Sun, 16 Oct 2016 18:28:01 +0000 (19:28 +0100)]
Tidying: coverity issues
Jeremy Harris [Sun, 16 Oct 2016 17:08:33 +0000 (18:08 +0100)]
Fix sender-verify callout to not use trigger-message SIZE
Broken-by: 9094b84b4cce
Jeremy Harris [Sun, 16 Oct 2016 15:34:18 +0000 (16:34 +0100)]
Tidying: coverity issues
Jeremy Harris [Sun, 16 Oct 2016 14:29:20 +0000 (15:29 +0100)]
Queuefile: avoid using buffered I/O - no point for a block-copy
and it meant (an admittedly ingnorable) Coverity whine about a FILE leak
Take the oppurtunity to constify a utility function
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 22:26:31 +0000 (00:26 +0200)]
Testsuite: revert some of the modernish Perl constructs
Solaris10 needs to be supported, they use Perl 5.8
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 21:51:43 +0000 (23:51 +0200)]
Testsuite: re-insert munge expression about size/inode
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 21:01:36 +0000 (23:01 +0200)]
Testsuite: detect "hidden" IPs
`ifconfig -a` doesn't show all addresses, it skippes addresses that
do not have a label. `ip a` show even these.
Bonus: some small cosmetical changes to get a more modern Perl
style.
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 20:48:26 +0000 (22:48 +0200)]
Testsuite: stabilize disk space/inode munging
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 20:52:23 +0000 (22:52 +0200)]
Testsuite: add tests/munges for configure owner
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 19:53:47 +0000 (21:53 +0200)]
Include 'Configure owner' in -bV output
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2016 13:38:21 +0000 (15:38 +0200)]
Testsuite: add clarification about the permissions of the trusted-configs file
Jeremy Harris [Sat, 1 Oct 2016 18:50:24 +0000 (19:50 +0100)]
tidying
Jeremy Harris [Sat, 15 Oct 2016 19:29:30 +0000 (20:29 +0100)]
Queuefile: refactor
Jeremy Harris [Sat, 15 Oct 2016 17:56:16 +0000 (18:56 +0100)]
Testsuite: for queuefile transport, avoid using named-queues as part of test
Also avoid using aux-var as a testing temporary area
Andrew Colin Kissa [Sat, 15 Oct 2016 17:33:31 +0000 (18:33 +0100)]
New: queuefile transport, under EXPERIMENTAL_QUEUEFILE
Jeremy Harris [Fri, 14 Oct 2016 12:57:01 +0000 (13:57 +0100)]
Testsuite: (named queues) add testcase for 3rd-party queue transfer
Jeremy Harris [Wed, 12 Oct 2016 12:40:19 +0000 (13:40 +0100)]
Docs: add warning on SNI-dependent certfile expansion needing a good default
Jeremy Harris [Mon, 10 Oct 2016 19:24:34 +0000 (20:24 +0100)]
Lazy-create builtin macros
By only filling out the internal macro representation for the builtin macros
when a config line includes an underscore followed by a letter which might be one
we should save startup effort on configs which never use a builtin.
Jeremy Harris [Mon, 10 Oct 2016 13:20:30 +0000 (14:20 +0100)]
Fix check for commandline macro definition
Without this, mailq (done by unpriv user) and daemon SIGHUP handling fail
Broken-by: c0b9d3e87264
Jeremy Harris [Sun, 9 Oct 2016 13:14:57 +0000 (14:14 +0100)]
Docs: add section on builtin macros
Phil Pennock [Sun, 29 May 2016 06:31:18 +0000 (02:31 -0400)]
DH parameters update, new values & default
* Add three new Exim-specific DH parameter constants; state provenance,
but no way for others to verify; this is a signed commit, which is
about as much as we can do for the truly paranoid: provide an audit
trail.
* Add the RFC 7919 DH primes
+ No TLS feature negotiation, per 7919, but the DH primes can be used
if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
+ Turns out, q doesn't affect the PEM and that's not a mistake in my
initialisation; I've checked with a cryptographer, we're losing some
server-side optimizations but not any security properties for our
scenario.
Fixes: 1895
Jeremy Harris [Sat, 8 Oct 2016 18:21:41 +0000 (19:21 +0100)]
Fix callouts connection fallback from TLS to cleartext. Bug 1897
Jeremy Harris [Wed, 5 Oct 2016 12:03:01 +0000 (13:03 +0100)]
Docs: add another index entry for delay_warning
Jeremy Harris [Mon, 3 Oct 2016 23:11:32 +0000 (00:11 +0100)]
Testsuite: for CHUNKING set sender name explicitly
for consistent chunk size on different platforms
Jeremy Harris [Mon, 3 Oct 2016 16:00:05 +0000 (17:00 +0100)]
Testsuite: for CHUNKING rewrite sender name in headers to consistent value
for consistent chunk size on different test platforms
Jeremy Harris [Sun, 2 Oct 2016 18:58:19 +0000 (19:58 +0100)]
Close logfile after a while waiting for non-smtp input. Bug 1891
Jeremy Harris [Sun, 2 Oct 2016 16:39:18 +0000 (17:39 +0100)]
Avoid parsing cost for auto-macro creates
Jeremy Harris [Sun, 2 Oct 2016 13:03:09 +0000 (14:03 +0100)]
Logging: connection_reject log selector should apply also to the connect acl
Jeremy Harris [Fri, 30 Sep 2016 13:59:04 +0000 (14:59 +0100)]
Fix mime ACL filename decode
A latent bug (uninitialised memory referred to by $mime_decoded_filename)
uncovered by
40c90bca9f7e
Jeremy Harris [Thu, 29 Sep 2016 22:18:54 +0000 (23:18 +0100)]
Fix checking for -D option use
Broken-by: c0b9d3e87264
Jeremy Harris [Thu, 29 Sep 2016 21:56:02 +0000 (22:56 +0100)]
Feature macros should be uppercase
Jeremy Harris [Thu, 29 Sep 2016 21:44:14 +0000 (22:44 +0100)]
Debug: fix openssl tls_close() debug output
Jeremy Harris [Thu, 29 Sep 2016 20:25:47 +0000 (21:25 +0100)]
Testsuite: tidying
Jeremy Harris [Wed, 28 Sep 2016 21:24:00 +0000 (22:24 +0100)]
Refactor driver feature-macro generation to be driven by existing tables
Would like to do lookup drivers too but unsure about dyn-linked variants
Jeremy Harris [Wed, 28 Sep 2016 18:41:08 +0000 (19:41 +0100)]
Default to filesystem space/inode checking enabled
Jeremy Harris [Tue, 27 Sep 2016 22:23:52 +0000 (23:23 +0100)]
Drain socket to get clean TCP FINs
Jeremy Harris [Sun, 25 Sep 2016 21:59:36 +0000 (22:59 +0100)]
Add automatic macros for config-file options. Bug 1819
Jeremy Harris [Sat, 24 Sep 2016 16:59:51 +0000 (17:59 +0100)]
Docs: fix quotes
Jeremy Harris [Sat, 24 Sep 2016 16:11:19 +0000 (17:11 +0100)]
Delivery: fix memory leak
Jeremy Harris [Fri, 23 Sep 2016 08:24:16 +0000 (09:24 +0100)]
Doc: add clarification for DKIM example
Jeremy Harris [Thu, 22 Sep 2016 21:55:49 +0000 (22:55 +0100)]
Defend against symlink attack by another process running as exim
Reported-by:
http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/
Jeremy Harris [Thu, 22 Sep 2016 18:59:48 +0000 (19:59 +0100)]
Routing: avoid doing the one_time replacement operation when a redirect leaves the address unchanged
When done, in combination with a defer the retry would see the address as delivered, hence losing mail.
Jeremy Harris [Thu, 22 Sep 2016 18:29:49 +0000 (19:29 +0100)]
Routing: for efficiency, avoid complexifying the "condition" string until the second is read from config
Jeremy Harris [Sun, 18 Sep 2016 21:47:22 +0000 (22:47 +0100)]
ACL: merge the tables used for codition/modifier decode
Jeremy Harris [Sun, 18 Sep 2016 17:14:29 +0000 (18:14 +0100)]
ACL: bsearch for controls
Jeremy Harris [Thu, 15 Sep 2016 22:58:57 +0000 (23:58 +0100)]
tidying
Jeremy Harris [Thu, 15 Sep 2016 20:43:22 +0000 (21:43 +0100)]
Docs: mention Perl manpages for PCRE. Bug 1881
Jeremy Harris [Tue, 13 Sep 2016 22:49:09 +0000 (23:49 +0100)]
Logging: fix errno decodes
Jeremy Harris [Tue, 13 Sep 2016 22:41:55 +0000 (23:41 +0100)]
Auth: fix error check in CRAM-MD5
Jeremy Harris [Wed, 7 Sep 2016 20:58:04 +0000 (21:58 +0100)]
tidying
Jeremy Harris [Sat, 10 Sep 2016 20:37:56 +0000 (21:37 +0100)]
Log EHLO response on getting conn-close response for HELO. Bug 1832
Jeremy Harris [Sat, 10 Sep 2016 20:36:33 +0000 (21:36 +0100)]
Reduce space used by flags in smtp transport
Jeremy Harris [Sun, 11 Sep 2016 12:30:45 +0000 (13:30 +0100)]
Make BOOL unsigned; fix resulting latent bugs
Jeremy Harris [Sun, 4 Sep 2016 13:54:18 +0000 (14:54 +0100)]
Cutthrough: option to reflect 4xx errors from target to initiator
Jeremy Harris [Sun, 4 Sep 2016 13:46:42 +0000 (14:46 +0100)]
Testsuite: missing output file
Jeremy Harris [Sat, 3 Sep 2016 12:43:33 +0000 (13:43 +0100)]
Docs: prettify code examples. Bug 1284
Jeremy Harris [Sat, 3 Sep 2016 12:33:57 +0000 (13:33 +0100)]
Docs: add note on strict DKIM verification
Jeremy Harris [Thu, 1 Sep 2016 20:08:32 +0000 (21:08 +0100)]
Testsuite: fix GnuTLS OCSP testing
Jeremy Harris [Thu, 1 Sep 2016 18:20:11 +0000 (19:20 +0100)]
Support "G" multiplier on integer configuration values