Jeremy Harris [Mon, 9 Jan 2017 15:54:26 +0000 (15:54 +0000)]
Split out cutthrough connection-cache / subsequent-rcpt handling, from do_callout()
Jeremy Harris [Mon, 9 Jan 2017 11:46:30 +0000 (11:46 +0000)]
Split out callout-cache handling from do_callout()
Jeremy Harris [Sat, 24 Dec 2016 21:04:20 +0000 (21:04 +0000)]
Use smtp_setup_conn() for verify callout
Jeremy Harris [Sat, 24 Dec 2016 19:24:56 +0000 (19:24 +0000)]
Split out smtp MAIL and RCPT option string building
Jeremy Harris [Mon, 19 Dec 2016 13:10:29 +0000 (13:10 +0000)]
Split out smtp_setup_conn() from smtp_deliver, in the transport
Jeremy Harris [Sat, 21 Jan 2017 18:54:56 +0000 (18:54 +0000)]
Fix DKIM verify operation in -bh test mode. Bug 2017
Heiko Schlittermann (HS12-RIPE) [Wed, 18 Jan 2017 21:33:51 +0000 (22:33 +0100)]
Testsuite: Make patchexim work with dirty tag checkouts
Phil Pennock [Fri, 20 Jan 2017 12:07:54 +0000 (07:07 -0500)]
fix example command-line
Jeremy Harris [Thu, 19 Jan 2017 13:20:47 +0000 (13:20 +0000)]
Testsuite: output changes from
4c04137d7
Jeremy Harris [Thu, 19 Jan 2017 13:12:02 +0000 (13:12 +0000)]
VRFY: advertise in EHLO response, if there is an ACL defined
Jeremy Harris [Thu, 19 Jan 2017 12:26:35 +0000 (12:26 +0000)]
VRFY: add docs note on results, and additional test cases
Jeremy Harris [Tue, 17 Jan 2017 18:03:15 +0000 (18:03 +0000)]
Docs: add note on round-robin DNS problems vs. authentication
Josh Soref [Wed, 18 Jan 2017 23:20:12 +0000 (18:20 -0500)]
spelling: Mavrogiannopoulos
Committer note: the name was spelt as was used by Nikos at the time, but
he's since switched to the other latinization form and is using it
everywhere these days. Part of his response was "Feel free to use the
Mavrogiannopoulos variant everywhere.", so I'm merging this commit too.
Josh Soref [Wed, 18 Jan 2017 17:58:52 +0000 (17:58 +0000)]
replace keept with rotation
Log rotate documentation does not actually give a term for this portion
of a filename, but to the extent that I can find a term, a number of
places call it a "rotation number".
Replacing keept which is inaccurate and misleading with rotation makes
the code a little easier to read.
Phil Pennock [Wed, 18 Jan 2017 16:39:24 +0000 (11:39 -0500)]
Recording merge technique in git history
This is an empty commit which exists for this commit message,
documenting how I handled GitHub PR 52, which was 228 separate commits,
each fixing the spelling of one word. The submitter's approach made it
easy to consider and approve/reject each independently, so was valuable,
but I didn't want so many commits in our history.
A few aspects of the shell commands rely upon Zsh: `read -q` for
getting a single Y/N response; `$IFS` containing ASCII NUL (and
builtins handling NUL inside strings) for parsing `.git/MERGE_RR`;
anonymous function calls so that I could abort cleanly if I wanted to.
git log --pretty=tformat:%h master..github/pr/52 > ../1.consider
touch ../2.keep
for F in $(<../1.consider); do git show $F | cat -v; read -q "keep?Keep $F ? " && echo $F >> ../2.keep; echo; echo =============================; done
That let me iterate through each, selecting 214/228 commits to apply in
one pass. Two PR commits were held for a separate commit, because they
fixed behavioural bugs. So 216/228 were accepted. A couple warranted
minor post-fixing as part of the first PR.
for F in $(<../2.keep ) ; do (){ git cherry-pick -n $F && continue; for junk fn in $(<.git/MERGE_RR); do [[ -n $fn ]] || break; if vi $fn; then git add $fn; else return 1; fi; done } || break; done
vi src/src/filter.c && git add src/src/filter.c
vi src/src/dns.c && git add src/src/dns.c
GIT_AUTHOR_NAME='Josh Soref' GIT_AUTHOR_EMAIL='jsoref@users.noreply.github.com' git commit
and similarly for the second commit.
One more commit from the PR requires chasing with a contributor whose
name is natively in a non-Roman alphabet and who appears to have changed
the Romanisation, to check how they'd like it handled. I will chase
under separate cover.
Josh Soref [Wed, 18 Jan 2017 16:36:24 +0000 (11:36 -0500)]
Bug-fix no_require_dnssec parsing & spelling fixes
Patches from Josh Soref fixing spelling fixed two bugs:
* Parsing `no_require_dnssec` configuration option
* Setting `_HAVE_TRANSPORT_APPEND_MAILDIR` macro (for config parsing)
[ PP pulled these two out into a separate commit to update the ChangeLog
accordingly. ]
Josh Soref [Wed, 18 Jan 2017 16:30:26 +0000 (11:30 -0500)]
214 spelling fixes
Phil Pennock [Fri, 13 Jan 2017 04:37:50 +0000 (23:37 -0500)]
Provide alternative Heimdal pkg-config example
Building Exim against Heimdal 1.5, heimdal-gssapi.pc was needed.
There's been a major version bump in Heimdal, and against 7.1 that
doesn't work; using heimdal-krb5.pc fails on missing `gss_*` functions.
I can find no build documentation for Heimdal which describes what
should be needed. heimdal-gssapi.pc does reference heimdal-krb5.pc
in `Requires.private` but it's not being used by FreeBSD pkgconf in
such a way that it's available when building on FreeBSD 10.3.
Fortunately, our `*_PC` logic works with multiple packages listed,
so provide that example.
Jeremy Harris [Wed, 11 Jan 2017 12:12:49 +0000 (12:12 +0000)]
Docs: add note on DKIM ACL triggers
Jeremy Harris [Wed, 4 Jan 2017 13:58:29 +0000 (13:58 +0000)]
Testsuite: moved output file
Broken-by: f4630439f888
Jeremy Harris [Tue, 3 Jan 2017 20:15:39 +0000 (20:15 +0000)]
CHUNKING: fix non-pipelined synch checks. Bug 2004
Jeremy Harris [Mon, 2 Jan 2017 17:20:26 +0000 (17:20 +0000)]
PROXY: fix v2 protocol decode. Bugs 2003, 1747
Phil Pennock [Mon, 2 Jan 2017 13:59:17 +0000 (08:59 -0500)]
wip: OpenSSL docs on custom install
To fix before merge: ability to use `$ORIGIN` in linker line via Exim
config file.
Jeremy Harris [Sun, 1 Jan 2017 13:21:39 +0000 (13:21 +0000)]
Docs: fix smtp transport TFO option indexing
Phil Pennock [Sun, 1 Jan 2017 04:22:22 +0000 (23:22 -0500)]
Merge remote-tracking branch 'github/pr/50'
GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called
ldap_start_tls_s on ldapi:// connections.
This is obviously a correct change, since above we've avoiding
initializing the TLS state if using ldapi.
Added documentation noting this behaviour.
Jeremy Harris [Sat, 31 Dec 2016 15:24:38 +0000 (15:24 +0000)]
DKIM: Under debug, when signing do an extra check on the dns record that will be
used for verification. Bug 1926
YmrDtnJu [Sat, 31 Dec 2016 12:57:49 +0000 (13:57 +0100)]
Do not call ldap_start_tls_s on ldapi:// connections.
The code already skips the initialisation of TLS on LDAP connections over unix
sockets but the call to ldap_start_tls_s is done nonetheless.
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Dec 2016 13:05:08 +0000 (14:05 +0100)]
Docs: Add .new/wen marker for relative includes (Bug 1971)
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Dec 2016 11:35:47 +0000 (12:35 +0100)]
Tidy and add \0 after string_append() for relative .includes
Jeremy Harris [Tue, 8 Nov 2016 22:41:42 +0000 (22:41 +0000)]
tidying
Jeremy Harris [Mon, 26 Dec 2016 18:05:38 +0000 (18:05 +0000)]
Docs: typoes
Jeremy Harris [Thu, 29 Dec 2016 15:55:45 +0000 (15:55 +0000)]
I18N: avoid trying to downconvert all-ascii domain names.
With the IDNA-2008 handling downconversion results in lowercasing;
so avoid doing that if possible.
Jeremy Harris [Wed, 28 Dec 2016 21:15:49 +0000 (21:15 +0000)]
Testsuite: use custom-munge for dsn-info in 4510
Broken-by: 87cb4a166c47
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 23:15:47 +0000 (23:15 +0000)]
Allow relative file names in .include lines (Closes 1971)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Dec 2016 22:02:20 +0000 (23:02 +0100)]
Doc: Minor fixes
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 10:02:18 +0000 (11:02 +0100)]
Release process: make mk_exim_release more self descriptive
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:25:58 +0000 (10:25 +0100)]
Release process: rename the scripts to be more generic
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:23:47 +0000 (10:23 +0100)]
Release process: sign all *.tar.* under a given dir
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:01:38 +0000 (10:01 +0100)]
Release process: fix the --no-web option
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 22:56:09 +0000 (23:56 +0100)]
Constify config_filename
Jeremy Harris [Tue, 22 Nov 2016 15:22:11 +0000 (15:22 +0000)]
DKIM: More validation of DNS key record. Bug 1926
Jeremy Harris [Sun, 11 Dec 2016 16:36:09 +0000 (16:36 +0000)]
OpenSSL: add detail to certname verify fail log line
Jeremy Harris [Sun, 4 Dec 2016 11:21:55 +0000 (11:21 +0000)]
Pipe transport: expand the path option
Jeremy Harris [Sat, 26 Nov 2016 18:35:48 +0000 (18:35 +0000)]
Testsuite: enhance IDNA examples; move to IDNA-2008 conversions
Jeremy Harris [Tue, 27 Dec 2016 16:47:36 +0000 (16:47 +0000)]
Docs: clarify headers availability in data-time ACLs
Jeremy Harris [Sat, 26 Nov 2016 18:35:48 +0000 (18:35 +0000)]
I18N: support IDNA2008. Bug 1911
Jeremy Harris [Sun, 25 Dec 2016 11:54:37 +0000 (11:54 +0000)]
Docs: Clean for next release
Heiko Schlittermann (HS12-RIPE) [Thu, 22 Dec 2016 11:01:16 +0000 (12:01 +0100)]
Doc: clarify CVE-2016-9963
Heiko Schlittermann (HS12-RIPE) [Sat, 17 Dec 2016 17:15:35 +0000 (18:15 +0100)]
Doc: short description of CVE-2016-9963
Jeremy Harris [Fri, 16 Dec 2016 20:45:44 +0000 (20:45 +0000)]
Fix DKIM information leakage
Jeremy Harris [Fri, 16 Dec 2016 23:05:54 +0000 (23:05 +0000)]
Docs: typo
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Dec 2016 17:40:21 +0000 (18:40 +0100)]
Use long names for the _DRIVER_*, and _OPT_* macros
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 12:18:09 +0000 (13:18 +0100)]
Doc: fix minor typos
Jeremy Harris [Wed, 7 Dec 2016 15:00:37 +0000 (15:00 +0000)]
Testsuite: ipv6 output changes
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Dec 2016 22:34:13 +0000 (23:34 +0100)]
Testsuite: honour the "build" environment variable
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Dec 2016 13:32:08 +0000 (14:32 +0100)]
OpenSSL: default to tls_eccurve = auto
For OpenSSL < 1.0.2: fallback to prime256v1, for newer libraries
rely on auto-selection.
Jeremy Harris [Sun, 4 Dec 2016 13:00:26 +0000 (13:00 +0000)]
Testsuite: more pipe transport / perl cases
Jeremy Harris [Sun, 4 Dec 2016 10:53:17 +0000 (10:53 +0000)]
Testsuite: set path for use of perl by pipe transport
FreeBSD places perl in a nonstandard (for the pipe transport) directory
Jeremy Harris [Sun, 4 Dec 2016 00:12:17 +0000 (00:12 +0000)]
Testsuite: remove outdated flavour result files
Jeremy Harris [Sat, 3 Dec 2016 23:41:13 +0000 (23:41 +0000)]
Testsuite: platform variance for perl utility location
Jeremy Harris [Sat, 3 Dec 2016 23:26:26 +0000 (23:26 +0000)]
Testsuite: ipv6 source address platform variance
Jeremy Harris [Sat, 3 Dec 2016 23:07:12 +0000 (23:07 +0000)]
Testsuite: ensure delivery order
Jeremy Harris [Sat, 3 Dec 2016 21:51:14 +0000 (21:51 +0000)]
Testsuite: OpenSSL error lines change going to 1.1
Jeremy Harris [Sat, 3 Dec 2016 19:37:16 +0000 (19:37 +0000)]
Build: disable OCSP, AUTH_TLS and EXPERIMENTAL_CERTNAMES if SUPPORT_TLS is not enabled
Jeremy Harris [Sat, 3 Dec 2016 19:18:28 +0000 (19:18 +0000)]
Testsuite: OpenSSL info output during conn changes going to 1.1; give up trying to track changes
Heiko Schlittermann (HS12-RIPE) [Tue, 29 Nov 2016 14:57:11 +0000 (15:57 +0100)]
Doc: Add hint about spamd and half-closed connections
Heiko Schlittermann (HS12-RIPE) [Mon, 28 Nov 2016 10:34:57 +0000 (11:34 +0100)]
Doc: Minor corrections/additions
Jeremy Harris [Sat, 26 Nov 2016 18:38:57 +0000 (18:38 +0000)]
Testsuite: annotate I18N conversions
Jeremy Harris [Fri, 25 Nov 2016 12:17:54 +0000 (12:17 +0000)]
Update ChangeLog
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 14:11:12 +0000 (15:11 +0100)]
Testsuite: distribute configure script
configure needs to be created by autoreconf. Autoconf
It is not always available.
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 14:10:06 +0000 (15:10 +0100)]
Testsuite: do not use VPATH and $<
It is not portable, was a GNU extension, available in GNU make
only.
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 12:02:53 +0000 (13:02 +0100)]
Testsuite: patchexim now uses /usr/bin/env
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 11:59:07 +0000 (12:59 +0100)]
Testsuite: ignore run-summary.log
Heiko Schlittermann (HS12-RIPE) [Thu, 24 Nov 2016 11:56:37 +0000 (12:56 +0100)]
Testsuite: fix minor warning in runtest
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 18:51:59 +0000 (19:51 +0100)]
Testsuite: more diag info if initial Exim startup fails
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 16:36:26 +0000 (17:36 +0100)]
Testsuite: show output from failed exim -d -bP exim_user
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 15:04:24 +0000 (16:04 +0100)]
Testsuite: fix warning
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 14:36:51 +0000 (15:36 +0100)]
Revert "Testsuite: Debian8 GnuTLS does not support OCSP. Add flavour files."
This reverts commit
28660ab6ff99d24fdabe3ce0d9feb3478de1015b.
On Debian8 OCSP doesn't work with GnuTLS. Local/Makefile allows
to configure this (DISABLE_OCSP=yes), thus neither it is a test failure,
nor is it a specific flavour, it's just a build mis-configuration.
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 12:42:43 +0000 (13:42 +0100)]
Testsuite: Debian8 GnuTLS does not support OCSP. Add flavour files.
5651 is still unstable.
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 11:02:26 +0000 (12:02 +0100)]
Fix memory leak on (Gnu)TLS close.
This leak doesn't show up under normal operation, as the process
normally dies right after closing the session.
But during callout repetitive TLS sessions are opened and closed from
the same process (the process receiving the message). Depending on
the amount of RAM and the number of callouts the same process does,
this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000
recipients the memory is exhausted.)
Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 09:51:51 +0000 (10:51 +0100)]
Fix crash in (Gnu)TLS debug output
Heiko Schlittermann (HS12-RIPE) [Mon, 21 Nov 2016 22:41:16 +0000 (23:41 +0100)]
Testsuite: prepare shadow (vpath) builds
Jeremy Harris [Sat, 19 Nov 2016 20:58:18 +0000 (20:58 +0000)]
Testsuite: fix for not-previously-existing logfile
Jeremy Harris [Sat, 19 Nov 2016 20:44:05 +0000 (20:44 +0000)]
Testsuite: output a machine-readable results summary file
The intent is for finegrain results display in the buildfarm.
Jeremy Harris [Sat, 19 Nov 2016 17:35:12 +0000 (17:35 +0000)]
Testsuite another platform difference in errstr
Jeremy Harris [Sat, 19 Nov 2016 14:11:03 +0000 (14:11 +0000)]
Testsuite: fix platforn TFO nonsupprt munge
Jeremy Harris [Sat, 19 Nov 2016 13:37:02 +0000 (13:37 +0000)]
Testsuite: Munge for platform TFO nonsupport
Jeremy Harris [Tue, 15 Nov 2016 14:32:40 +0000 (14:32 +0000)]
Callout: wait for response to QUIT before closing
Heiko Schlittermann (HS12-RIPE) [Mon, 14 Nov 2016 21:04:17 +0000 (22:04 +0100)]
Testsuite: tidyup runtest (quotes and some my variables)
Heiko Schlittermann (HS12-RIPE) [Mon, 14 Nov 2016 20:18:01 +0000 (21:18 +0100)]
Testsuite: make 4009,4015 independend on user name length
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 12:42:20 +0000 (13:42 +0100)]
Testsuite: Add verbose comments to 5840
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 12:36:38 +0000 (13:36 +0100)]
Testsuite: enable verbose comments
Comments in script files, matching /^###\s/, will be copied
to test-{stdout,err}{,-server}. This is intended to ease the
mapping between error messages (failed comparisons) to the script part,
causing the failure.
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 12:34:22 +0000 (13:34 +0100)]
Testsuite: tidy-up runtest
This will be done step by step, to get a more readable(?)
version. At least the result will be more consistent in coding style
somewhen
Jeremy Harris [Tue, 8 Nov 2016 23:40:09 +0000 (23:40 +0000)]
Tidying: coverity issues
Jeremy Harris [Sun, 13 Nov 2016 16:33:03 +0000 (16:33 +0000)]
OpenSSL 1.1 - update testsuite for retired ciphers
Heiko Schlittermann (HS12-RIPE) [Sat, 12 Nov 2016 21:48:37 +0000 (22:48 +0100)]
Testsuite: Assume '' for missing VERSION_ID
Jeremy Harris [Sat, 12 Nov 2016 20:50:21 +0000 (20:50 +0000)]
OpenLLS 1.1 - Testsuite
Jeremy Harris [Sat, 12 Nov 2016 20:16:31 +0000 (20:16 +0000)]
DANE: Bitrot: Port to OpenSSL >= 1.1.0
Jeremy Harris [Sat, 12 Nov 2016 19:13:25 +0000 (19:13 +0000)]
OpenSSL 1.1 - STORE_CTX accessor functions
Jeremy Harris [Sat, 12 Nov 2016 15:44:51 +0000 (15:44 +0000)]
OpenSSL 1.1 - rework OCSP proof verification at load time in server