Phil Pennock [Sun, 26 Feb 2017 18:31:28 +0000 (13:31 -0500)]
ChangeLog entry JH/18; applying to 4.89 release
Jeremy Harris [Sun, 26 Feb 2017 14:58:54 +0000 (14:58 +0000)]
DKIM: rework error logging - compiler quietening. Bug 966
Jeremy Harris [Sun, 26 Feb 2017 14:19:27 +0000 (14:19 +0000)]
Testsuite: in force-continue mode, always dump any unexpected paniclog files
Jeremy Harris [Sun, 26 Feb 2017 13:34:10 +0000 (13:34 +0000)]
Testsuite: regression test for Bug 2061
Jeremy Harris [Sun, 26 Feb 2017 01:07:47 +0000 (01:07 +0000)]
Fix ${extract } corrupting an enclosing ${reduce } $value. Bug 2061
Broken-by: 20fcb1e7be45 - Bug 1870
Phil Pennock [Sun, 26 Feb 2017 01:18:08 +0000 (20:18 -0500)]
Point at readline fix on macOS
dlopen() without a qualified path searches env vars and paths stamped
into the binary; Exim is usually setuid, so this becomes just the paths
stamped into the binary. On some platforms (*cough* macOS) libreadline
is not in the usual places.
So show how to stamp the Homebrew location of libreadline into the Exim
binary.
Jeremy Harris [Sat, 25 Feb 2017 21:36:12 +0000 (21:36 +0000)]
Testsuite: set cmdline before running testcase not after
Jeremy Harris [Sat, 25 Feb 2017 18:42:51 +0000 (18:42 +0000)]
DKIM: rework error logging to pass strings back to caller for logging. Bug 966
Jeremy Harris [Sat, 25 Feb 2017 18:32:11 +0000 (18:32 +0000)]
Testsuite: add file-inclusion facility to "client" scripts
Jeremy Harris [Sat, 11 Feb 2017 16:36:23 +0000 (16:36 +0000)]
Memory Management: new main-section config option "debug_store" to control extra internal checking
(cherry picked from commit
10919584f8ad580434442c7d971083f91c315bc0)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sat, 25 Feb 2017 03:39:02 +0000 (22:39 -0500)]
Pull in vdukhovni/ssl_dane
8270afba fix
Negating an int and comparing to another int was a bug which we got
lucky on.
Jeremy Harris [Mon, 6 Feb 2017 13:07:42 +0000 (13:07 +0000)]
tidying
Jeremy Harris [Fri, 24 Feb 2017 15:00:40 +0000 (15:00 +0000)]
Memory management: drop $acl_m_ variables explicitly as they go out-of-scope
between message receptions in an SMTP connection
Jeremy Harris [Thu, 23 Feb 2017 09:34:12 +0000 (09:34 +0000)]
Docs: clarify non-applicability of the tls_eccurve option to GnuTLS
Phil Pennock [Thu, 23 Feb 2017 02:24:03 +0000 (21:24 -0500)]
Move bdat_ungetc decl to hdr ∵ receive.c uses too
Phil Pennock [Sun, 19 Feb 2017 22:27:11 +0000 (17:27 -0500)]
releng: able to use gnupg default keys for signing
Git and our previous "must specify one keyid" approach is more
constraining than GnuPG allows; cleanest and simplest way, without
breaking support for people with multiple keys and such like, is to just
provide a way to break out of our logic and say "use the configured
default GnuPG keys".
My PGP key has multiple signing subkeys, one RSA and one
Ed25519; I
think I might try a dual-signature in an upcoming RC to see how many
people scream with broken OpenPGP clients.
Jeremy Harris [Sat, 18 Feb 2017 23:07:14 +0000 (23:07 +0000)]
Testsuite: add option to insert delays, for very slow test platforms
An emulated PPC, running as a VM on x86_64, was seeing testcase fails where
the trailing few log line were missing in munged output, despite on inspection
being present in the spool. Adding a delay before the munge-and-compare
made the issue go away.
Heiko Schlittermann (HS12-RIPE) [Wed, 15 Feb 2017 22:49:20 +0000 (23:49 +0100)]
testsuite: make patchexim more relaxed for tag names
Jeremy Harris [Wed, 15 Feb 2017 21:43:50 +0000 (21:43 +0000)]
Docs: Add commandline option used for chunking on continued connection
Heiko Schlittermann (HS12-RIPE) [Wed, 15 Feb 2017 18:04:56 +0000 (19:04 +0100)]
Tidy quickrelease
Phil Pennock [Wed, 15 Feb 2017 03:22:17 +0000 (22:22 -0500)]
Fix broken-in-queue messages predating CHUNKING fix
util/chunking_fixqueue_finalnewlines.pl walks the queue, fixing any
affected messages; see README.UPDATING.
We're extremely cautious about operation failure.
We do one check without locking messages, so that we can quickly skip
past before trying to lock and contending with an actual delivery. Then
we lock and do another fix.
Note that we use flock, not fcntl, because that's what Perl makes
readily available; we use an OS-guard to barf if the OS is not handled.
Phil Pennock [Tue, 14 Feb 2017 23:20:52 +0000 (18:20 -0500)]
nit: document that `fout` must be open for reading too
Heiko Schlittermann (HS12-RIPE) [Tue, 14 Feb 2017 18:38:41 +0000 (19:38 +0100)]
Fix missing line termination on the last received BDAT chunk (Bug 1974)
Heiko Schlittermann (HS12-RIPE) [Tue, 14 Feb 2017 18:37:28 +0000 (19:37 +0100)]
Use enum { SEEN_LF, …} for ch_state(s)
Phil Pennock [Mon, 13 Feb 2017 02:22:02 +0000 (21:22 -0500)]
Handle PKG_CONFIG_PATH in Local/Makefile
Handle PKG_CONFIG_PATH, stripping whitespace expanding globs, collecting
multiple sets and just build one variable, and use it in environment at
configure time so that the libraries are found.
Phil Pennock [Sun, 12 Feb 2017 22:42:28 +0000 (17:42 -0500)]
Forward-port ChangeLog entries written for release branch
Heiko Schlittermann (HS12-RIPE) [Sun, 12 Feb 2017 18:23:12 +0000 (19:23 +0100)]
os_getcwd(): do not realloc if there was no malloc().
Jeremy Harris [Sun, 12 Feb 2017 16:44:09 +0000 (16:44 +0000)]
DKIM: fix crash with a verification when dkim disabled, under CHUNKING
Jeremy Harris [Sun, 12 Feb 2017 16:30:28 +0000 (16:30 +0000)]
Debug: avoid indenting line-prefixes (timestamp, pid, host-checking marker)
Phil Pennock [Sun, 12 Feb 2017 11:52:36 +0000 (06:52 -0500)]
FreeBSD: only assume iconv for FreeBSD >= 10
Since FreeBSD 10 is the oldest version of the OS supported by the
FreeBSD Project, we shouldn't need this. But people are still using
older versions. On closer examination, it's only been 6 weeks since 9.3
stopped being supported. People ignoring the status are playing with
fire, getting no security updates, but let's not make that _our_
problem.
Guard the "use system iconv" #define for the libiconv package with an OS
version #ifdef.
Phil Pennock [Sun, 12 Feb 2017 11:47:24 +0000 (06:47 -0500)]
4.89 JH/17 -> 4.90 JH/01
Phil Pennock [Sun, 12 Feb 2017 00:56:50 +0000 (19:56 -0500)]
Fix missing Changelog entries for recent work
Phil Pennock [Sun, 12 Feb 2017 00:37:04 +0000 (19:37 -0500)]
Unbreak test_dbfn make-target
doc/dbm.discuss.txt describes how to make and use `test_dbfn` for
testing DB functionality.
Commit
cf0812d5 adds a call to assert_no_variables into store.c which
depends upon expand.c functionality and we can't link that in for
test_dbfn without pulling in half of Exim.
So adjust the test_dbfn target to rebuild store.o in COMPILE_UTILITY
mode and link against that variant, then remove the custom-built store.o
after the executable has been linked.
Jeremy Harris [Sat, 11 Feb 2017 18:20:41 +0000 (18:20 +0000)]
DNS: return explicit error code to caller on dnssec failure, for better logging
Phil Pennock [Sat, 11 Feb 2017 21:10:16 +0000 (16:10 -0500)]
Mention FreeBSD/iconv in README.UPDATING
Phil Pennock [Sat, 11 Feb 2017 02:00:02 +0000 (21:00 -0500)]
Compilation warnings shushing
With this patch, in clang 3.4.1 we get no compilation complaints if
Local/Makefile contains:
CC=clang
CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
* In hash.c, for the OpenSSL case, use assert() to guard the paths which
can't happen, instead of just assuming that the calling code never has
a mistake
* Fix some signed/unsigned issues
* Be explicit about some ignored return values
* Some parens around bit-twiddling
* Use our os_getcwd with its extra guards in one place where getcwd was
called
* FreeBSD: use system iconv, safely, always
(cherry picked from commit
845a3ced80964f562872aba841099adbc8933b40)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sat, 11 Feb 2017 00:37:44 +0000 (19:37 -0500)]
perl paranoia about @INC
Jeremy Harris [Sun, 15 Jan 2017 16:50:20 +0000 (16:50 +0000)]
TLS: rework error logging to pass more string back to caller for logging
This permits a library-sourced error to be associated with an address
being delivered, collapsing pairs of log lines
Jeremy Harris [Fri, 10 Feb 2017 11:36:52 +0000 (11:36 +0000)]
Testsuite: fix munging of now-indented date in stdout
Broken-by: e1d04f48a45c
Phil Pennock [Fri, 10 Feb 2017 03:42:00 +0000 (22:42 -0500)]
Fix release RC stamping & tarball ownership
The ability to release 4.XX.Y via hardcoding a version.sh as part of
release broke the ability to do properly versioned RC releases. Fix
that.
Try to fix ownership of files in tarballs to not be local system user.
(cherry picked from commit
7677a8673f89843326aab3944e608c6be4339039)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Thu, 2 Feb 2017 20:38:14 +0000 (15:38 -0500)]
Release packaging & scripting improvements.
* Make the .xz tarball variant too, and work harder on compressing our
files for distribution.
+ The .xz files have gained more positive feedback than any other part
of the 4.89 release.
* Drop usercodes from tarball
+ We shouldn't be embedding own-system-specifc ownership information
into software release tarballs. That's for local system backups,
not distribution.
* Script for the size/checksums
+ We include checksums in the mail; this gets the format fixed and not
including checksums-of-signatures, etc. I've also experimented with
including the size, so let's script that to be portably generated.
* Better tarball signing script
+ Automatically find the signing directory (if not already in it)
+ Sign all files, properly skipping existing .asc files
+ Find the signing key from git config, if available, else error out
(Nigel is not on the hook as the default victim now)
+ Show what we're doing as we do it
All changes made on the original `release_4_89` branch with
`RELEASE EXPERIMENT` subject tags.
Jeremy Harris [Wed, 8 Feb 2017 17:31:37 +0000 (17:31 +0000)]
Fix DKIM/GnuTLS build
Broken-by: e1d04f48a45c
Jeremy Harris [Sun, 5 Feb 2017 23:19:56 +0000 (23:19 +0000)]
Debug: indent ACL and expreassion tracing by evaluation depth
Jeremy Harris [Wed, 8 Feb 2017 14:04:47 +0000 (14:04 +0000)]
DKIM: trim debug verbosity
This tidies some buildfarm fails on animals buildding without DKIM
Jeremy Harris [Wed, 8 Feb 2017 10:48:33 +0000 (10:48 +0000)]
Fix non-contentscan build
Broken-by: 90341c71c19c
Jeremy Harris [Wed, 8 Feb 2017 01:19:39 +0000 (01:19 +0000)]
Memory management: drop variables identified as going out-of-scope
Fixes crash in transport re-using bad $sender_ip_address from callout
Jeremy Harris [Tue, 7 Feb 2017 21:48:48 +0000 (21:48 +0000)]
Memory management: when running under the testsuite, check every string variable on store_reset
On spotting data in a region being freed, panic
Heiko Schlittermann (HS12-RIPE) [Tue, 7 Feb 2017 19:08:58 +0000 (20:08 +0100)]
DocÖ Fix typo about spf lookup (experimental)
Heiko Schlittermann (HS12-RIPE) [Thu, 2 Feb 2017 08:21:13 +0000 (09:21 +0100)]
Testsuite: tidy generation and sorting of exim -bp output
The root cause is, that exim -bp doesn't always return the message
ids in the order they were created, but sorted. The 2nd
part of the message id (PID) can be random on *BSD.
Phil Pennock [Mon, 6 Feb 2017 18:25:30 +0000 (13:25 -0500)]
doc-fix: reference current libsrs_alt availability
Matches site from Wiki, from Google SERP, etc.
Jeremy Harris [Mon, 6 Feb 2017 14:16:14 +0000 (14:16 +0000)]
CHUNKING: fix transport crash on temp-reject of pipelined non-first chunk
Jeremy Harris [Fri, 3 Feb 2017 13:55:58 +0000 (13:55 +0000)]
DKIM: more care over untrustworthy data during verify
Jeremy Harris [Fri, 3 Feb 2017 14:00:40 +0000 (14:00 +0000)]
Fix no-SSL build
Phil Pennock [Thu, 2 Feb 2017 21:02:40 +0000 (16:02 -0500)]
FreeBSD: Perl no longer in /usr/bin from Ports
FreeBSD Ports by policy no longer allows symlinks in /usr/bin for things
like Perl, so we have to look in /usr/local/bin for it instead.
Phil Pennock [Thu, 2 Feb 2017 20:13:53 +0000 (15:13 -0500)]
Spec docs for IDNA2008 support
Jeremy Harris [Thu, 2 Feb 2017 14:22:07 +0000 (14:22 +0000)]
GnuTLS: fix use of SHA3 hashes
Heiko Schlittermann (HS12-RIPE) [Thu, 2 Feb 2017 00:32:21 +0000 (01:32 +0100)]
Testsuite: Fix 0207 (message order)
Message ids are not always in ascending order (PIDs may be randomized)
Thanks to Kirill Miazine.
Jeremy Harris [Wed, 1 Feb 2017 17:46:26 +0000 (17:46 +0000)]
Testsuite: output changes from
a26fb6a77384
Phil Pennock [Wed, 1 Feb 2017 17:34:52 +0000 (12:34 -0500)]
bug-fix test-driving input
The client driver is a little restrictive in the escape sequences it
handles; two octets here were missing the `x` after the `\`, so `\05` is
two octets, a 0 and then a 5, where `\x05` would be one octet.
So we were sending two more octets than expected, not catching that Exim
was parsing the wrong IP/port at the end, and now that Exim only reads
as much of the proxy protocol header as belongs in it, instead of "up to
the largest it could be", this test-bug has been exposed.
Phil Pennock [Wed, 1 Feb 2017 04:55:51 +0000 (23:55 -0500)]
Proxy clarification & nit fixes.
Release: should be cherry-picked into 4.89RC series
Phil Pennock [Wed, 1 Feb 2017 03:15:55 +0000 (22:15 -0500)]
Handle Proxy Protocol v2 safely as well.
We had test suite failures (test suite success!) because Proxy Protocol
v2 (PPv2) wasn't being detected; by only reading 12 octets, the >= 16
check was failing. But in fact I had previously only fixed reading
"only enough" for PPv1.
Handling both PPv1 and PPv2 is complicated because the minimum valid
length for PPv1 is 15 octets but for PPv2 the size to read is in the
15th and 16th octets.
So refactored a little and we now use a total of 3 reads for the PPv2
case (assuming no fragmentation, etc; we'll actually keep reading now
instead of aborting) to get the entire PPv2 header of exactly the right
size, so that TLS handshake immediately following the PP header is not
also swallowed.
Fixes: 2018
Tested: manually, TLS and non-TLS, PPv1 and PPv2, all ways.
Release: should be cherry-picked into 4.89RC series
Jeremy Harris [Tue, 31 Jan 2017 21:38:22 +0000 (21:38 +0000)]
Fix error logged for send failure
Broken-by: de6273b487f1
Jeremy Harris [Tue, 31 Jan 2017 17:45:51 +0000 (17:45 +0000)]
Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit clamp on small-size_t platforms
Jeremy Harris [Tue, 31 Jan 2017 16:00:54 +0000 (16:00 +0000)]
Callouts: fix recipient verify/random
Broken-by: e9166683487c
Jeremy Harris [Tue, 31 Jan 2017 01:22:17 +0000 (01:22 +0000)]
Fix logging of drop-after-EHLO-reject.
An unset variable went wrong with clang, was fortuitously right with gcc.
Jeremy Harris [Mon, 30 Jan 2017 17:52:50 +0000 (17:52 +0000)]
Testsuite: perl may live in /usr/local/bin
Jeremy Harris [Mon, 30 Jan 2017 17:27:15 +0000 (17:27 +0000)]
Avoid using "-w" option in perl script shebang lines, being incompatible with "env perl"
Phil Pennock [Tue, 31 Jan 2017 03:57:52 +0000 (22:57 -0500)]
Abort release process if generated .txt empty
Phil Pennock [Tue, 31 Jan 2017 03:44:45 +0000 (22:44 -0500)]
Open umask before creating release packages
Phil Pennock [Tue, 31 Jan 2017 01:41:31 +0000 (20:41 -0500)]
Copyright year bumps for substantive changes 2017
Phil Pennock [Tue, 31 Jan 2017 00:54:47 +0000 (19:54 -0500)]
Document that fixed 2018
Fixes: 2018
Phil Pennock [Tue, 31 Jan 2017 00:51:01 +0000 (19:51 -0500)]
Avoid reading too much data before TLS handshake
Phil Pennock [Mon, 30 Jan 2017 23:38:16 +0000 (18:38 -0500)]
Fix size calculation, log unhandled amount.
We did a `string_copy()` so `hdr.v1.line` is not the right base for an
accurate size. Fix.
Log unhanded amount. For clients waiting on the server before sending,
this has to be 0. For clients speaking first (TLS) this can be
non-zero.
Jeremy Harris [Mon, 30 Jan 2017 15:37:50 +0000 (15:37 +0000)]
Restrict address-parsing to a maximum of five layers of nested angle-brackets,
under main-option strip_excess_angle_brackets
Jeremy Harris [Sun, 29 Jan 2017 22:58:47 +0000 (22:58 +0000)]
Tidying: Coverity
Jeremy Harris [Sun, 29 Jan 2017 20:18:07 +0000 (20:18 +0000)]
Testsuite: add missing output file.
Broken-by: 560e71cc5451
Jeremy Harris [Sun, 29 Jan 2017 19:15:12 +0000 (19:15 +0000)]
Update change log
Jeremy Harris [Sun, 29 Jan 2017 18:03:40 +0000 (18:03 +0000)]
CHUNKING: Reject messages with malformed line ending. Bug 2000
Actually test only the first header line, but still do full line-ending canonicalisation on the
remainder of the message in case a Evil Person slips past that.
Jeremy Harris [Sun, 29 Jan 2017 15:30:28 +0000 (15:30 +0000)]
Docs: add note on verify = senders= . Bug 2028
Jeremy Harris [Thu, 26 Jan 2017 20:21:57 +0000 (20:21 +0000)]
TFO: remember setsockopt results, to condition non-transport client use. Bug 2027
Jeremy Harris [Tue, 17 Jan 2017 00:39:41 +0000 (00:39 +0000)]
Shuffle proxy-protocol to wrap TLS-on-connect startup. Bug 2018
Kirill Miazine [Sun, 29 Jan 2017 14:55:58 +0000 (14:55 +0000)]
DANE: fix build under LibreSSL. Bug 2020
Jeremy Harris [Sat, 28 Jan 2017 17:53:29 +0000 (17:53 +0000)]
Testsuite: add dnsdb testcase for defer when used in ACL
Jeremy Harris [Sat, 28 Jan 2017 16:13:26 +0000 (16:13 +0000)]
Docs: add note on system_filter forced expansion fail
Jeremy Harris [Sat, 28 Jan 2017 15:08:22 +0000 (15:08 +0000)]
LMDB: include filename in open-error message
Jeremy Harris [Sat, 28 Jan 2017 12:30:29 +0000 (12:30 +0000)]
DKIM: check pointer to calculated body hash before verify comparison. Bug 2029
We can have a missing body hash from a malformed DKIM-Signature: header
Jeremy Harris [Sat, 28 Jan 2017 14:21:19 +0000 (14:21 +0000)]
Testsuite: testcase for DKIM bug 2029
Jeremy Harris [Sat, 28 Jan 2017 12:29:47 +0000 (12:29 +0000)]
DKIM: rename variables for clarity
Jeremy Harris [Wed, 25 Jan 2017 17:08:53 +0000 (17:08 +0000)]
Testsuite: get same certextract samples for GnuTLS and OpenSSL
Jeremy Harris [Tue, 24 Jan 2017 21:01:04 +0000 (21:01 +0000)]
Testsuite: output file changes from
d7a2c8337f7b
Jeremy Harris [Tue, 24 Jan 2017 20:46:47 +0000 (20:46 +0000)]
Testsuite: fix delay-dependent testcase for really slow systems
Jeremy Harris [Tue, 24 Jan 2017 19:46:36 +0000 (19:46 +0000)]
Testsuite: missing output files
Jeremy Harris [Tue, 24 Jan 2017 18:17:10 +0000 (18:17 +0000)]
Fix reception of (quoted) local-parts with embedded spaces. Bug 2025
Jeremy Harris [Tue, 24 Jan 2017 16:52:01 +0000 (16:52 +0000)]
TFO: Support compilation on Linus platforms which define TCP_FASTOPEN but not MSG_FASTOPEN
Jeremy Harris [Tue, 24 Jan 2017 15:03:03 +0000 (15:03 +0000)]
Define MIN and MAX for Solaris
Jeremy Harris [Mon, 23 Jan 2017 19:12:37 +0000 (19:12 +0000)]
Fix build with OpenSSL, EXPERIMENTAL_DANE and DISABLE_EVENT
Phil Pennock [Mon, 23 Jan 2017 02:36:21 +0000 (21:36 -0500)]
Document OpenBSD resolver ignoring EDNS0
Jeremy Harris [Sun, 22 Jan 2017 17:35:08 +0000 (17:35 +0000)]
DKIM: permit verify of sig blocks that sign other sig blocks. Bug 2014
Jeremy Harris [Sun, 22 Jan 2017 14:05:38 +0000 (14:05 +0000)]
Merge branch 'fix-2016-dkim'
Jeremy Harris [Thu, 19 Jan 2017 15:37:16 +0000 (15:37 +0000)]
Fix DKIM verify when used with CHUNKING. Bug 2016