Jeremy Harris [Wed, 26 Jun 2019 11:39:33 +0000 (12:39 +0100)]
Compiler quietening
Trying to set an enum (int-sized) with top bit set, needs a cast to (signed) int.
Broken-by: ae8f9024d8
Jeremy Harris [Wed, 26 Jun 2019 11:36:49 +0000 (12:36 +0100)]
Testsuite: output changes resulting
Broken-by: 436bda2ac0
Jeremy Harris [Wed, 26 Jun 2019 09:59:44 +0000 (10:59 +0100)]
Fix DSN Final-Recipient: field
Jeremy Harris [Mon, 3 Jun 2019 12:55:04 +0000 (13:55 +0100)]
tidying
Jeremy Harris [Mon, 24 Jun 2019 14:15:55 +0000 (15:15 +0100)]
Debug: more gentle line-drawing chars
Phil Pennock [Wed, 19 Jun 2019 19:37:19 +0000 (15:37 -0400)]
Add a security page in a place where GitHub will detect it
Jeremy Harris [Sun, 16 Jun 2019 17:10:59 +0000 (18:10 +0100)]
Inline the smaller string-handling functions
Jeremy Harris [Fri, 7 Jun 2019 10:54:10 +0000 (11:54 +0100)]
Fix detection of 32b platform at build time. Bug 2405
Jeremy Harris [Mon, 27 May 2019 22:44:31 +0000 (23:44 +0100)]
Fix smtp response timeout
Jeremy Harris [Tue, 4 Jun 2019 17:13:21 +0000 (18:13 +0100)]
Use dsn_from for success-DSN messages. Bug 2404
Phil Pennock [Wed, 5 Jun 2019 09:35:28 +0000 (05:35 -0400)]
Unbreak heimdal_gssapi auth driver
Commit
251b9eb46 broke heimdal_gssapi by changing the function
definition in the `.c` without changing the declaration in the `.h`.
Was part of 4.92.
Make corresponding `.h` change to reflect newer internal API.
Jeremy Harris [Tue, 4 Jun 2019 15:06:27 +0000 (16:06 +0100)]
Testsuite: compat vs. older GnuTLS
Jeremy Harris [Tue, 4 Jun 2019 13:18:59 +0000 (14:18 +0100)]
Events: avoid evaluating intermediates for unneeded events
Jeremy Harris [Wed, 29 May 2019 13:14:24 +0000 (14:14 +0100)]
Testsuite: platform variances
Jeremy Harris [Tue, 28 May 2019 22:38:34 +0000 (23:38 +0100)]
Testsuite: platform variances
Jeremy Harris [Tue, 28 May 2019 20:04:47 +0000 (21:04 +0100)]
Testsuite: library variances for ARC testcase
Jeremy Harris [Tue, 28 May 2019 19:02:50 +0000 (20:02 +0100)]
PIPE_CONNECT: promote from experimental
Jeremy Harris [Mon, 27 May 2019 23:26:48 +0000 (00:26 +0100)]
PIPE_CONNECT: avoid using when the transport helo_data uses $sending_ip_address
Jeremy Harris [Mon, 27 May 2019 21:06:10 +0000 (22:06 +0100)]
Testsuite: add missing testcase script
Broken-by: c09dbcfb71
Jeremy Harris [Sun, 26 May 2019 14:42:32 +0000 (15:42 +0100)]
TFO: change the default for hosts_try_fastopen, enabling use by default
Jeremy Harris [Sun, 26 May 2019 15:28:21 +0000 (16:28 +0100)]
Testsuite: workaround older kernels
Broken-by: 38da908828
Jeremy Harris [Sun, 26 May 2019 13:03:00 +0000 (14:03 +0100)]
Testsuite: workaround TFO blackhole detection
Jeremy Harris [Sun, 26 May 2019 12:38:41 +0000 (13:38 +0100)]
Testsuite: ensure TFO not used when not wanted
Jeremy Harris [Sun, 26 May 2019 10:52:55 +0000 (11:52 +0100)]
Debug: align tracing out for TFO connections with plain ones
Jeremy Harris [Sat, 25 May 2019 14:18:19 +0000 (15:18 +0100)]
Logging: avoid claiming a host was used for an addr, when conn refused under TFO
Jeremy Harris [Tue, 21 May 2019 20:32:34 +0000 (21:32 +0100)]
Logging: fix duplicated transport target info under TFO
Jeremy Harris [Sat, 25 May 2019 21:43:23 +0000 (22:43 +0100)]
Callouts: simplfy debug output
Jeremy Harris [Sat, 25 May 2019 14:48:11 +0000 (15:48 +0100)]
Callouts: simplfy logging
Jeremy Harris [Sat, 25 May 2019 13:19:46 +0000 (14:19 +0100)]
Build: libtasn1 and libgcrypt no longer needed for gnutls
Jeremy Harris [Fri, 24 May 2019 15:39:05 +0000 (16:39 +0100)]
TLS: introduce USE_OPENSSL as an explicit requirement for the build
Jeremy Harris [Fri, 24 May 2019 15:09:13 +0000 (16:09 +0100)]
DANE: remove excess compile-time checks
Jeremy Harris [Fri, 24 May 2019 14:57:02 +0000 (15:57 +0100)]
TLS: move from SUPPORT_TLS to DISABLE_TLS macro for the build
Jeremy Harris [Fri, 24 May 2019 13:51:16 +0000 (14:51 +0100)]
Testsuite: cleanup intermediate results during DANE testcase run
Heiko Schlittermann (HS12-RIPE) [Wed, 22 May 2019 22:16:19 +0000 (00:16 +0200)]
Build: Enable SUPPORT_TLS by default
Heiko Schlittermann (HS12-RIPE) [Wed, 22 May 2019 22:13:45 +0000 (00:13 +0200)]
Build: Add gnutls-dane to USE_GNUTLS_PC/TLS_LIBS
Jeremy Harris [Wed, 22 May 2019 09:09:01 +0000 (10:09 +0100)]
Clarify libraries needed for GnuTLS build
Jeremy Harris [Tue, 21 May 2019 18:36:50 +0000 (19:36 +0100)]
Change the default for hosts_try_dane, enabling use by default
Jeremy Harris [Tue, 21 May 2019 20:53:03 +0000 (21:53 +0100)]
Docs: fix syntax
Broken-by: 12e9bb25fc
Jeremy Harris [Tue, 21 May 2019 18:10:48 +0000 (19:10 +0100)]
Expansions: ${sha2_N}
Jeremy Harris [Sun, 19 May 2019 22:02:27 +0000 (23:02 +0100)]
Change the default for hosts_noproxy_tls to unset, enabling continued-TLS deliveries as default
Jeremy Harris [Sun, 19 May 2019 11:12:36 +0000 (12:12 +0100)]
GnuTLS: fix the advertising of acceptable certs by the server. Bug 2389
Jeremy Harris [Fri, 10 May 2019 12:02:28 +0000 (13:02 +0100)]
Utilities: add -G<queuename> option to exiqgrep. Bug 2397
Jeremy Harris [Fri, 10 May 2019 14:18:56 +0000 (15:18 +0100)]
Fix listing a named queue by a non-admin user. Bug 2398
Jeremy Harris [Thu, 9 May 2019 13:10:12 +0000 (14:10 +0100)]
Avoid potential crash in close of a verify callout
Jeremy Harris [Thu, 9 May 2019 11:06:01 +0000 (12:06 +0100)]
Docs: add index entry for string-concatenation
Jeremy Harris [Wed, 8 May 2019 12:28:07 +0000 (13:28 +0100)]
OpenSSL: fix build under older library version
Broken-by: 4f1d23a1aa
Jeremy Harris [Tue, 7 May 2019 21:42:18 +0000 (22:42 +0100)]
GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
Jeremy Harris [Tue, 7 May 2019 21:17:28 +0000 (22:17 +0100)]
OpenSSL: fix tls_out_ocsp under resumption
Jeremy Harris [Mon, 6 May 2019 15:19:15 +0000 (16:19 +0100)]
OpenSSL: fix tls_try_verify_hosts under resumption
Jeremy Harris [Mon, 6 May 2019 12:34:18 +0000 (13:34 +0100)]
TLS: increase resumption ticket lifetime to 2 hours
Jeremy Harris [Mon, 6 May 2019 11:28:14 +0000 (12:28 +0100)]
OpenSSL: discard expired resumption session in client
Heiko Schlittermann (HS12-RIPE) [Tue, 7 May 2019 19:25:41 +0000 (21:25 +0200)]
Add main option exim_version
There might be reasons to cheat about the Exim version you're running.
(Think of stupid security scanners.)
Jeremy Harris [Sun, 5 May 2019 18:23:37 +0000 (19:23 +0100)]
OpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption
Jeremy Harris [Sun, 5 May 2019 17:54:45 +0000 (18:54 +0100)]
Testsuite: check variables under resumption
Jeremy Harris [Sun, 5 May 2019 16:57:42 +0000 (17:57 +0100)]
TLS: resumption notes
Jeremy Harris [Sun, 5 May 2019 15:20:31 +0000 (16:20 +0100)]
OpenSSL: for older library (1.0.2) assume that a ticket callback in client only
happens for a resumable session
Jeremy Harris [Sat, 4 May 2019 15:53:57 +0000 (16:53 +0100)]
OpenSSL: increase STEK strength to 256b
Jeremy Harris [Thu, 2 May 2019 20:01:43 +0000 (21:01 +0100)]
TLS: library version build-time checks for resumption support
Jeremy Harris [Thu, 2 May 2019 17:07:53 +0000 (18:07 +0100)]
Fix build on older OpenSSL
Broken-by: b10c87b38c
Jeremy Harris [Thu, 2 May 2019 17:02:19 +0000 (18:02 +0100)]
Fix build on older GnuTLS
Broken-buy:
b10c87b38c
Jeremy Harris [Thu, 2 May 2019 16:30:33 +0000 (17:30 +0100)]
Debug: restore GnuTLS debug level.
Broken-by: b10c87b38c
Jeremy Harris [Thu, 2 May 2019 16:16:05 +0000 (17:16 +0100)]
TLS: Session resumption, under the EXPERIMENTAL_TLS_RESUME build option.
Jeremy Harris [Sat, 27 Apr 2019 16:40:48 +0000 (17:40 +0100)]
Testsuite: GnuTLS version variances
Jeremy Harris [Sat, 27 Apr 2019 13:52:03 +0000 (14:52 +0100)]
tidying
Jeremy Harris [Sat, 27 Apr 2019 12:22:52 +0000 (13:22 +0100)]
ARC: harden against malformed headers
Jeremy Harris [Fri, 26 Apr 2019 18:36:40 +0000 (19:36 +0100)]
Build: move md5.c from auths library to main; exim_fixdb no longer depends on auths
Jeremy Harris [Fri, 26 Apr 2019 10:16:47 +0000 (11:16 +0100)]
Testsuite: GnuTLS version variances
Jeremy Harris [Thu, 25 Apr 2019 19:03:34 +0000 (20:03 +0100)]
Avoid defining inlinable fn for utilities build
Jeremy Harris [Thu, 25 Apr 2019 18:37:31 +0000 (19:37 +0100)]
Fix build with older GnuTLS, redux
Jeremy Harris [Thu, 25 Apr 2019 18:13:31 +0000 (19:13 +0100)]
Fix build with older GnuTLS
Jeremy Harris [Thu, 25 Apr 2019 17:41:52 +0000 (18:41 +0100)]
Testsuite: avoid recent-perl feature use
Jeremy Harris [Thu, 25 Apr 2019 16:36:06 +0000 (17:36 +0100)]
Testsuite: GnuTLS version variances
Jeremy Harris [Thu, 25 Apr 2019 16:07:35 +0000 (17:07 +0100)]
GnuTLS 3.6.7 cipher strings
Jeremy Harris [Thu, 25 Apr 2019 14:11:42 +0000 (15:11 +0100)]
Avoid defining inlinable fn for MACRO_PREDEF build
Some compilers include them even when unused, and the link stage fails
Jeremy Harris [Thu, 25 Apr 2019 09:35:18 +0000 (10:35 +0100)]
Testsuite: output changes resulting
Broken-by: 67ea939cf0
Jeremy Harris [Thu, 25 Apr 2019 09:26:46 +0000 (10:26 +0100)]
Use unsigned when creating bitmasks in macros
Jeremy Harris [Tue, 23 Apr 2019 22:36:05 +0000 (23:36 +0100)]
GnuTLS: debug output for how to get TLS 1.3 keying
Jeremy Harris [Tue, 23 Apr 2019 23:35:09 +0000 (00:35 +0100)]
Debug: output priv-gid drop
Jeremy Harris [Tue, 23 Apr 2019 10:40:14 +0000 (11:40 +0100)]
Compiler quietening
Heiko Schlittermann (HS12-RIPE) [Mon, 22 Apr 2019 20:20:45 +0000 (22:20 +0200)]
Fix missing return value from exim_chown_failure
Jeremy Harris [Mon, 22 Apr 2019 18:20:15 +0000 (19:20 +0100)]
Compiler quietening
Jeremy Harris [Mon, 22 Apr 2019 17:55:16 +0000 (18:55 +0100)]
Testsuite: output changes resulting
Broken-by: cb80814d14
Heiko Schlittermann (HS12-RIPE) [Wed, 17 Apr 2019 21:33:03 +0000 (23:33 +0200)]
exigrep: do case sensitive option processing again. Closes 2392
-M (--related) was hidden by -m (--man), because of case insensitive
option matching. (4.90 … 4.92 did case insensitive option processing)
Thanks to Andreas Metzler for reporting this issue.
Heiko Schlittermann (HS12-RIPE) [Mon, 4 Feb 2019 21:01:36 +0000 (22:01 +0100)]
Intercept chown()/fchown() failure and emit a pointer to the bugreport. Closes 2391
In a specific NFS setup we experienced a failing chown(). As it is not
clear, whether this was due to a misconfiguration or if this may happen in
other environments too, we behave as usual (abort the operation), but
issue a MAIN_LOG and PANIC_LOG entry pointing to this Bugreport.
You're encouraged to contact the developers, if you hit this issue.
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Apr 2019 10:30:56 +0000 (12:30 +0200)]
Merge branch 'bug/2390-tmpfile-race'
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Apr 2019 09:33:40 +0000 (11:33 +0200)]
testsuite: Update to match the new "hdr.$message_exim_id" tmp file name Bug 2390
Heiko Schlittermann (HS12-RIPE) [Wed, 17 Apr 2019 06:38:19 +0000 (08:38 +0200)]
Use message_id for tempfile creation Closes 2390
Make tempfile names unique across Exim instances running in a cluster on
a shared $spool_directory. (They need to set localhost_number to have
cluster-unique message_exim_ids.)
Jeremy Harris [Mon, 15 Apr 2019 15:46:54 +0000 (16:46 +0100)]
Testsuite: better OpenBSD compatability for IPv6
Jeremy Harris [Sun, 7 Apr 2019 14:23:38 +0000 (15:23 +0100)]
tidying
Heiko Schlittermann (HS12-RIPE) [Fri, 12 Apr 2019 14:16:57 +0000 (16:16 +0200)]
Docs: Remove GNUmake idioms from Makefile, give power to "mv"
On at least one *BSD system, /tmp is owned by root:wheel and
files created there are owned by <creator>:wheel. The following
mv /tmp/<tmpfile> to an existing file with other permissions fails
for the non-privileged user.
Jeremy Harris [Fri, 5 Apr 2019 14:28:36 +0000 (15:28 +0100)]
tidying
Jeremy Harris [Fri, 5 Apr 2019 14:22:20 +0000 (15:22 +0100)]
Logging: close logfile when non-smtp input is taking a long time. Bug 1891
Jeremy Harris [Thu, 4 Apr 2019 13:33:28 +0000 (14:33 +0100)]
SPF: better buld compatibility with OpenBSD
Jeremy Harris [Wed, 3 Apr 2019 19:29:15 +0000 (20:29 +0100)]
OpenSSL: tidy options debug output
Jeremy Harris [Wed, 3 Apr 2019 19:13:22 +0000 (20:13 +0100)]
OpenSSL: tidy coding of session keys debug
Kirill Miazine [Tue, 2 Apr 2019 12:29:39 +0000 (14:29 +0200)]
More fixes to build with DANE support with LibreSSL >= 2.9.0.
Jeremy Harris [Mon, 1 Apr 2019 16:09:59 +0000 (17:09 +0100)]
Fix build with recent LibreSSL, when including DANE. Bug 2386
Heiko Schlittermann (HS12-RIPE) [Sun, 31 Mar 2019 16:04:35 +0000 (18:04 +0200)]
EDITME: Add comment about DMARC_TLD_FILE
Jeremy Harris [Sat, 30 Mar 2019 15:41:52 +0000 (15:41 +0000)]
DMARC: check for empty filename for TLD file. Patch testsuite to not break on missing default TLD file.
Jeremy Harris [Fri, 22 Mar 2019 15:00:23 +0000 (15:00 +0000)]
Fix "-bP smtp_receive_timeout". Bug 2384