Phil Pennock [Mon, 17 Jan 2011 03:21:37 +0000 (22:21 -0500)]
Clarify: tls_verify_certificates is for CA certs.
It can be used for individual user certs but is really intended for
CAs. Note this, and explain that if the tls_verify_certificates value
is a file, then the certs within are sent from the server to clients,
thus is public data.
Phil Pennock [Mon, 17 Jan 2011 02:54:53 +0000 (21:54 -0500)]
Let /dev/null have normal permissions.
The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null. Exempt it from some checks.
Reported by Andreas M. Kirchwitz
Phil Pennock [Sun, 16 Jan 2011 23:36:55 +0000 (18:36 -0500)]
Bug-fix for bash and no-dynamic case.
When writing the patch, originally nothing other than a cp was needed if
there were no dynamic modules. That changed, but the guard at the top
did not. Remove that check.
bash does not like a block which consists solely of a comment. Provide
a ':' invocation.
Both problems spotted by Simon Arlott -- thanks.
Phil Pennock [Sun, 16 Jan 2011 07:15:53 +0000 (02:15 -0500)]
Bug 139: portability fixes and documentation.
Document the dynamic lookup module capability in spec.xfpt.
Include a ChangeLog item.
Avoid the GNU-specific "export" make(1) directive.
Build the lookups Makefile using the existing framework.
Build with BSD Make once more.
The src/lookups/Makefile that is used at build time now has the dynamic
content come from scripts/lookups-Makefile.
Add CFLAGS_DYNAMIC support, which can be set in Local/Makefile.
Provide defaults for Linux & FreeBSD.
Ensure that build fails early if a dynamic module is requested but
CFLAGS_DYNAMIC is not defined.
Tony Finch [Fri, 14 Jan 2011 14:19:40 +0000 (14:19 +0000)]
src/deliver.c: log the error message when unlink(spoolname) fails
Tony Finch [Fri, 14 Jan 2011 14:16:53 +0000 (14:16 +0000)]
src/transports/smtp.c: log LMTP confirmation same as SMTP
Tony Finch [Fri, 14 Jan 2011 14:12:23 +0000 (14:12 +0000)]
src/dbfn.c: write lock aquisition failures to the panic log
Tony Finch [Fri, 14 Jan 2011 13:44:41 +0000 (13:44 +0000)]
CONTRIBUTING: correct expansion of GPL
Tom Kistner [Wed, 12 Jan 2011 20:48:22 +0000 (20:48 +0000)]
Bugzilla #1067 - DKIM: Fix relaxed header canon for headers ending with whitespace.
David Woodhouse [Wed, 5 Jan 2011 23:58:37 +0000 (23:58 +0000)]
Include <dlfcn.h> only when necessary
David Woodhouse [Wed, 5 Jan 2011 22:55:50 +0000 (22:55 +0000)]
Add dynamic lookup support
Fixed: bug #139
Nigel Metheringham [Sun, 26 Dec 2010 18:17:23 +0000 (18:17 +0000)]
DKIM ACL Documentation
Fixes: bug #929
Miroslav Lichvar [Sun, 26 Dec 2010 18:10:29 +0000 (18:10 +0000)]
Fixes: bug #1002 - Message loss when using multiple deliveries
Nigel Metheringham [Sun, 26 Dec 2010 18:04:08 +0000 (18:04 +0000)]
LDAP Authetication documentation example syntax fix
Fixes: bug #999
Nigel Metheringham [Sun, 26 Dec 2010 18:01:47 +0000 (18:01 +0000)]
Reword BSMTP ACL documentation
Fixes: bug #974
Nigel Metheringham [Sun, 26 Dec 2010 17:44:58 +0000 (17:44 +0000)]
Eximstats documentstion - s/delivery_time/deliver_time/
Fixes: bug #1034
Andreas Metzler [Sun, 26 Dec 2010 15:10:51 +0000 (16:10 +0100)]
drop unwanted paragraph break.
Fixes: bug #1052
Signed-off-by: Nigel Metheringham <nigel@exim.org>
Andreas Metzler [Sun, 26 Dec 2010 13:55:59 +0000 (14:55 +0100)]
fix grammar error: s/this/that/
Fixes: bug #1051
Signed-off-by: Nigel Metheringham <nigel@exim.org>
Nigel Metheringham [Thu, 23 Dec 2010 14:19:35 +0000 (14:19 +0000)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim
Andreas Metzler [Tue, 21 Dec 2010 14:40:42 +0000 (15:40 +0100)]
Do not refer to TRUSTED_CONFIG_PREFIX_FILE.
Refer to TRUSTED_CONFIG_LIST instead of TRUSTED_CONFIG_PREFIX_FILE in
documentation and comments.
Nigel Metheringham [Sun, 19 Dec 2010 11:05:19 +0000 (11:05 +0000)]
Inserted change notifications into the documentation source
David Woodhouse [Sat, 18 Dec 2010 23:22:17 +0000 (23:22 +0000)]
Make the documentation cleared that TRUSTED_CONFIG_LIST is pathname one per line
Nigel Metheringham [Sat, 18 Dec 2010 19:52:54 +0000 (19:52 +0000)]
Release script now generates the HTML documentation
This is really rather crude... but should work.
Nigel Metheringham [Sat, 18 Dec 2010 19:48:06 +0000 (19:48 +0000)]
Updated version numbers of code and documentation
David Woodhouse [Fri, 17 Dec 2010 19:03:37 +0000 (19:03 +0000)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim
Nigel Metheringham [Fri, 17 Dec 2010 13:03:21 +0000 (13:03 +0000)]
Stripped old HTML doc generation - will add new HTML gen soon
David Woodhouse [Thu, 16 Dec 2010 22:29:53 +0000 (22:29 +0000)]
Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexes
Nigel Metheringham [Thu, 16 Dec 2010 13:19:14 +0000 (13:19 +0000)]
Updated mk_exim_release.pl to work with git
However this still builds docs as before - ie it does
not use the new HTML generation. Will work on that next.
David Woodhouse [Wed, 15 Dec 2010 13:47:46 +0000 (13:47 +0000)]
Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C
We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing
of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to;
other users don't get to make use of it.
David Woodhouse [Wed, 15 Dec 2010 13:24:00 +0000 (13:24 +0000)]
Kil va_copy(). It isn't present on some ancient systems.
Phil Pennock [Wed, 15 Dec 2010 07:43:33 +0000 (02:43 -0500)]
Implement -D whitelist invoking user restriction.
Document WHITELIST_D_MACROS.
Phil Pennock [Wed, 15 Dec 2010 01:02:24 +0000 (20:02 -0500)]
doc-txt updates for the security changes
Phil Pennock [Tue, 14 Dec 2010 08:42:36 +0000 (03:42 -0500)]
Implement -D filtering, first pass.
Phil Pennock [Tue, 14 Dec 2010 07:17:32 +0000 (02:17 -0500)]
Document the change to system_filter_user's default.
Phil Pennock [Tue, 14 Dec 2010 05:30:30 +0000 (00:30 -0500)]
Change the default for system_filter_user.
If the system filter needs to be run as root, let that be explicitly
configured. The default is now the Exim run-time user.
Document this, and a couple of other points, in IncompatibleChanges.
David Woodhouse [Sun, 12 Dec 2010 10:18:48 +0000 (10:18 +0000)]
Allow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leak
David Woodhouse [Sun, 12 Dec 2010 02:48:18 +0000 (02:48 +0000)]
Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.
David Woodhouse [Sun, 12 Dec 2010 02:41:37 +0000 (02:41 +0000)]
Add TRUSTED_CONFIG_PREFIX_FILE option
(Bug 1044, CVE-2010-4345)
David Woodhouse [Sat, 11 Dec 2010 23:39:54 +0000 (23:39 +0000)]
Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.
We *never* want the Exim user to be able to specify arbitrary configuration
files. Don't let them build it that way.
(Bug 1044, CVE-2010-4345)
David Woodhouse [Sat, 11 Dec 2010 14:09:17 +0000 (14:09 +0000)]
Check configure file permissions even for non-default files if still privileged
(Bug 1044, CVE-2010-4345)
David Woodhouse [Sat, 11 Dec 2010 13:44:55 +0000 (13:44 +0000)]
Don't allow a configure file which is writeable by the Exim user or group
(Bug 1044, CVE-2010-4345)
David Woodhouse [Thu, 9 Dec 2010 16:53:40 +0000 (16:53 +0000)]
Add Valgrind hooks for memory pools
It's useful to tell Valgrind when memory is undefined because it's been
freed by store_reset(), and when it's not supposed to be accessed because
although it's been allocated for the store it hasn't actually been given
out by store_get() yet.
Phil Pennock [Sun, 5 Sep 2010 23:08:48 +0000 (19:08 -0400)]
OpenSSL and XSL changes documented.
Plus typo fixed.
Phil Pennock [Sun, 5 Sep 2010 22:59:38 +0000 (18:59 -0400)]
Document the ClamAV ExtendedDetectionInfo response handling.
Phil Pennock [Sun, 11 Jul 2010 07:19:56 +0000 (00:19 -0700)]
OpenSSL 1.0.0 const fix for SSL_get_current_cipher
OpenSSL 1.0.0 changes SSL_get_current_cipher()'s return value to include
const. It looks like a safe change for older OpenSSL, so treat it
appropriately and cast as needed.
Phil Pennock [Wed, 7 Jul 2010 21:00:40 +0000 (14:00 -0700)]
Guidance on contributing to Exim.
Phil Pennock [Tue, 6 Jul 2010 03:31:07 +0000 (20:31 -0700)]
Use public http: URLs for XSL includes.
Adjust OS-Fixups, document how this works in HowItWorks.txt
Phil Pennock [Sun, 5 Sep 2010 20:29:07 +0000 (16:29 -0400)]
Rework clamd response handling to be more robust.
In particular, clamd's ExtendedDetectionInfo option broke our parsing.
John Jetmore [Tue, 20 Jul 2010 02:18:51 +0000 (21:18 -0500)]
Merge ssh://tahini.csx.cam.ac.uk/home/git/exim
John Jetmore [Tue, 20 Jul 2010 02:10:33 +0000 (21:10 -0500)]
Somehow in learning how to use git I lost half the changes needed to fix the collision between 0383.f and 0383.F on HFS+. this is the second half of
04a45836676516936d791202928e249b711c03ee
Tom Kistner [Mon, 19 Jul 2010 09:47:27 +0000 (11:47 +0200)]
Bugzilla #1006: Keep EHLO attributes in case STARTTLS errors are ignored
Applied patch submitted by Micha Lenk. Thanks!
John Jetmore [Sat, 17 Jul 2010 02:53:24 +0000 (22:53 -0400)]
The test architecture can't support having the testsuite user and the Exim user the same. restrict it in runtest and add a note about it in the README
John Jetmore [Fri, 16 Jul 2010 02:20:58 +0000 (03:20 +0100)]
Change to allow test 0383 to work on HFS+ (non-case-sensitive FS)
Phil Pennock [Sun, 4 Jul 2010 20:42:34 +0000 (13:42 -0700)]
Fix malware regression for cmdline scanner introduced in PP/08.
Notification from Dr Andrew Aitchison.
(Also: make the PP/08 description more complete)
John Jetmore [Mon, 14 Jun 2010 21:07:16 +0000 (21:07 +0000)]
added expansion tests for bool{} and bool_lax{}
John Jetmore [Mon, 14 Jun 2010 20:30:12 +0000 (20:30 +0000)]
print sizeof(off_t) in initial -bV output. Refuse to tun tests is sizeof(off_t) > 32.
Phil Pennock [Mon, 14 Jun 2010 18:51:09 +0000 (18:51 +0000)]
Clarify that the ACL framework is not invoked for -bmalware, so that using
ACL variables in av_scanner blindly will not work.
Phil Pennock [Sun, 13 Jun 2010 08:26:40 +0000 (08:26 +0000)]
Remove logic branch which can use PRIdMAX for SIZE_T_FMT because it fails
when size_t is 32-bit but the system supports 64-bit integers.
John Jetmore [Sat, 12 Jun 2010 18:10:00 +0000 (18:10 +0000)]
account for new information TLS log line added in tls-openssl.c 1.23
John Jetmore [Sat, 12 Jun 2010 17:56:32 +0000 (17:56 +0000)]
removed extraneous "\n" from the end of some log_write lines, removed "magic" string " => " from a non-delivery log line
John Jetmore [Sat, 12 Jun 2010 15:21:25 +0000 (15:21 +0000)]
Add tcp_wrappers_daemon_name (closes: bug #278)
(I honestly have no memory of writing this patch...)
John Jetmore [Sat, 12 Jun 2010 13:54:38 +0000 (13:54 +0000)]
iaddressing bug 966 and my own concerns, stop sending non-panic error to panic log in dkim.c
Phil Pennock [Wed, 9 Jun 2010 01:30:16 +0000 (01:30 +0000)]
Minor doc updates:
* -bmalware, note that not running as invoking user and emphasize that it's
for debugging Exim, not for general scanning.
* permit_codedump ? coRedump.
* Anon SSL lacking cert has been confirmed, fix works, remove the
"(I believe)" (which also might have been inferred to mean I did the
diagnosis; I didn't, I just convinced myself that Martin's analysis was
correct).
John Jetmore [Tue, 8 Jun 2010 13:34:28 +0000 (13:34 +0000)]
another change related to Date/Message-Id order, just took me a while to realize how it was related.
John Jetmore [Tue, 8 Jun 2010 13:05:51 +0000 (13:05 +0000)]
log/5101 - header order, plus new wording for appendfile to dir from MBX security checks
stdout/0390 - allow for new option permit_coredump in output (from bug 834)
Phil Pennock [Mon, 7 Jun 2010 18:25:57 +0000 (18:25 +0000)]
Run when EXIM_USER=notroot specified.
Phil Pennock [Mon, 7 Jun 2010 18:09:07 +0000 (18:09 +0000)]
For the new SIZE_T_FMT, if not C99 then our size_t conversion specifier
should use PRIdMAX; this was disabled because I was testing the other logic
and forgot to restore before commit. Bleh, sorry.
Add #if to protect against unused variable complaints for this too.
Phil Pennock [Mon, 7 Jun 2010 08:42:15 +0000 (08:42 +0000)]
Both bool{} and bool_lax{} should ignore trailing whitespace.
Phil Pennock [Mon, 7 Jun 2010 08:23:20 +0000 (08:23 +0000)]
Added bool_lax{} expansion operator, which uses Router condition logic to
determine whether or not a string is true.
Switch the multiple-condition logic to use bool_lax{}.
Add note where we combine multiple conditions regarding the memory leak.
Phil Pennock [Mon, 7 Jun 2010 07:09:10 +0000 (07:09 +0000)]
Allow Routers to have multiple conditions, IF each one yields a strict bool.
Fixes: #816
Phil Pennock [Mon, 7 Jun 2010 00:12:42 +0000 (00:12 +0000)]
Clean up compiler warnings from { gcc -Wall }, many of which I introduced with
the ClamAV and openssl_options patches in this release.
Logic in buildconfig.c for adjusting some print format strings assumed that
long ints were four bytes; adjust to test this against reality, to remove
spurious warnings on my dev box (FreeBSD/amd64).
Note: this commit adds a buildconfig.h dependency upon inttypes.h, which was in
SUSv2, so should be safe.
Phil Pennock [Sun, 6 Jun 2010 22:46:33 +0000 (22:46 +0000)]
Build without WITH_CONTENT_SCAN.
Broken by -bmalware option added while reworking ClamAV to new API.
Path from Andreas Metzler (adjusted slightly).
Phil Pennock [Sun, 6 Jun 2010 02:46:13 +0000 (02:46 +0000)]
No longer permit the exim user to be root. Fixes: #752
Phil Pennock [Sun, 6 Jun 2010 02:08:50 +0000 (02:08 +0000)]
Implement --version. Fixes: #973
Phil Pennock [Sun, 6 Jun 2010 01:35:41 +0000 (01:35 +0000)]
Light documentation dusting from patch provided by John Horne.
Fixes: #922
Phil Pennock [Sun, 6 Jun 2010 00:25:46 +0000 (00:25 +0000)]
Implement "control = debug" ACL control. Fixes: #937
Phil Pennock [Sat, 5 Jun 2010 23:50:18 +0000 (23:50 +0000)]
New expansion operator: reverse_ip
Phil Pennock [Sat, 5 Jun 2010 21:42:53 +0000 (21:42 +0000)]
Update OptionLists. (Claim for 4.72 because 4.73 not yet complete and don't
want to claim have *more* than we do, but okay to make a lesser claim).
Typo fix in RFC reference in spec.xfpt.
Phil Pennock [Sat, 5 Jun 2010 11:13:29 +0000 (11:13 +0000)]
ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
New command-line option, -bmalware (restricted to admin_user).
Fixes: #926
Phil Pennock [Sat, 5 Jun 2010 10:34:29 +0000 (10:34 +0000)]
Deal with anonymous SSL giving us no peer certificate.
Phil Pennock [Sat, 5 Jun 2010 10:16:36 +0000 (10:16 +0000)]
Handle SASL Initial Response.
See discussion at:
http://lists.exim.org/lurker/message/
20090125.014515.
3746c882.en.html
and the code is "correct by inspection", for whatever that's worth.
Phil Pennock [Sat, 5 Jun 2010 10:04:43 +0000 (10:04 +0000)]
Add permit_coredump pipe transport option. Fixes: #834
Phil Pennock [Sat, 5 Jun 2010 09:36:11 +0000 (09:36 +0000)]
Doh, fix the error message to say SSL_read not SSL_write.
Phil Pennock [Sat, 5 Jun 2010 09:32:31 +0000 (09:32 +0000)]
Log a diagnostic when an SSL write fails, to help admins debug SSL interop issues.
Fixes: #995
Phil Pennock [Sat, 5 Jun 2010 09:10:08 +0000 (09:10 +0000)]
Add an openssl_options main configuration option, to allow administrators to
shoot themselves in each foot in turn. The default value is chosen to avoid
a change in behaviour, but since it is disabling a security countermeasure,
I'd like to change the default to be "no options". Fixes: #994
John Jetmore [Sat, 5 Jun 2010 03:08:01 +0000 (03:08 +0000)]
two more header order changes
John Jetmore [Sat, 5 Jun 2010 02:45:01 +0000 (02:45 +0000)]
fix output for SSL logging format change
John Jetmore [Sat, 5 Jun 2010 02:25:16 +0000 (02:25 +0000)]
munge caller's GECOS in output to make more portable across test accounts
John Jetmore [Sat, 5 Jun 2010 01:58:39 +0000 (01:58 +0000)]
runtest - trim trailing whitespace from otherwise un-rewritten host lines in munge function
0190, 0244, 0297, 0350, 0430 - standardize trailing whitespace
0403 - lingering header order fix, fix change in lookup type encoding after dkim lookup type removal
John Jetmore [Fri, 4 Jun 2010 18:20:51 +0000 (18:20 +0000)]
With a few minor exceptions for tests that had additional concerns and tests I don't have working in my environment yet, this should be the last of the header-order-related changes
John Jetmore [Thu, 3 Jun 2010 17:24:39 +0000 (17:24 +0000)]
updating test suite - rolling back incomplete fix for header order change (header order changed back to old behavior)
John Jetmore [Thu, 3 Jun 2010 15:20:41 +0000 (15:20 +0000)]
Added DISABLE_DKIM option to EDITME, leaving some breadcrumbs about it being turned on by default
Nigel Metheringham [Thu, 3 Jun 2010 12:00:38 +0000 (12:00 +0000)]
Added some release maintenance stuff
Phil Pennock [Thu, 3 Jun 2010 08:19:13 +0000 (08:19 +0000)]
Include check_rfc2047_length in configure.default to raise the visibility
because we're seeing more Russian administrators get bitten by this.
Idealism says this option is set correctly by default. Pragmatism says not.
There's a good argument for the idealism but if we see the problems escalate
then the idealism will have lost and we should, IMO, switch.
Phil Pennock [Thu, 3 Jun 2010 05:43:24 +0000 (05:43 +0000)]
Document Date/Message-Id/Resent-* as first 4.73 patch.
Phil Pennock [Thu, 3 Jun 2010 05:40:27 +0000 (05:40 +0000)]
The Date: and Message-Id: headers should normally be *appended* to a message,
and only *prepended* when are Resent-* headers. Regression was introduced
with the prepend logic in Exim 4.70, for bug #607.
John Jetmore [Thu, 3 Jun 2010 02:42:19 +0000 (02:42 +0000)]
updates to test suite - roll back lookup changes after dkim lookup removed, strip OpenSSL version info
Phil Pennock [Tue, 1 Jun 2010 11:21:30 +0000 (11:21 +0000)]
My understanding of the new dnsdb txt lookup syntax was flawed.
Fixed the description and the last example.
Phil Pennock [Tue, 1 Jun 2010 11:13:54 +0000 (11:13 +0000)]
Provide a NewStuff description for 4.72.
Don't blame Dan Rosenberg for the incomplete hack I applied to the MBX case.
Nigel Metheringham [Sun, 30 May 2010 18:16:12 +0000 (18:16 +0000)]
Revert previous incorrect change to XSL files.