Phil Pennock [Tue, 21 Apr 2020 22:59:15 +0000 (18:59 -0400)]
stop-gap: doc glibc 2.31 RES_TRUSTAD/trust-ad
In glibc from release 2.31 onwards (change added in their commit
446997ff14) setting `dns_dnssec_ok` will not be sufficient. glibc has
added a new `options trust-ad` toggle for `/etc/resolv.conf` and a C
macro `RES_TRUSTAD`.
This will break existing deployments and binaries.
Our current mechanism for enabling DNSSEC is with an option named to
closely match the DNS feature required, so it is probably inappropriate
to tinker with a second option there. Instead we probably need a new
meta-option for the concept of DNSSEC, add the second new flag there,
and move `dns_dnssec_ok` to a legacy deprecated option.
That will only work if the machine Exim is built on has the new C macro,
but will need to be conditional upon that macro being defined, so
binaries built aren't going to be forward-compatible to other systems
with newer glibc. There is no good solution to solve this.
In the meantime, document the issue and point administrators at how to
work around the issue with a setting in `/etc/resolv.conf`
Thanks to Viktor Dukhovni for highlighting the existence of this
problem.
Heiko Schlichting [Mon, 20 Apr 2020 21:21:35 +0000 (22:21 +0100)]
Docs: fix mention of deprecated variables. Bug 2534
Erik Lax [Mon, 20 Apr 2020 20:34:33 +0000 (21:34 +0100)]
Fix spool space check to account for SIZE. Bug 2552
Jeremy Harris [Mon, 20 Apr 2020 10:30:28 +0000 (11:30 +0100)]
OpenSSL: fix bulid on older library versions
Broken-by: a89b6bd32a
Jeremy Harris [Sun, 19 Apr 2020 20:18:21 +0000 (21:18 +0100)]
Events: Fix msg:defer event for the hosts_max_try_hardlimit case. Bug 2554
Jeremy Harris [Sun, 19 Apr 2020 10:32:57 +0000 (11:32 +0100)]
OpenSSL: More info on accept "version too low"
Jeremy Harris [Tue, 14 Apr 2020 20:51:51 +0000 (21:51 +0100)]
Early-pipe: invalidate cache on a failure of required-auth
Jeremy Harris [Mon, 13 Apr 2020 12:17:51 +0000 (13:17 +0100)]
Testsuite: munge for platform variances
Jeremy Harris [Sun, 12 Apr 2020 21:24:21 +0000 (22:24 +0100)]
Better fix for crash
Broken-by: 0b4dfe7aa1
Jeremy Harris [Sun, 12 Apr 2020 15:48:10 +0000 (16:48 +0100)]
OpenSSL: More info on accept "unsupported protocol"
Jeremy Harris [Sun, 12 Apr 2020 16:47:27 +0000 (17:47 +0100)]
Taint: fix parsing of ACL ratelimit condition
Jeremy Harris [Sat, 11 Apr 2020 18:12:57 +0000 (19:12 +0100)]
DKIM: Predefined macro for standard headers, oversigned
Jeremy Harris [Thu, 9 Apr 2020 13:45:31 +0000 (14:45 +0100)]
tidying
Jeremy Harris [Thu, 9 Apr 2020 13:39:03 +0000 (14:39 +0100)]
C99 initialisers
Jeremy Harris [Tue, 7 Apr 2020 18:41:31 +0000 (19:41 +0100)]
tidying
Jeremy Harris [Mon, 6 Apr 2020 19:15:47 +0000 (20:15 +0100)]
Fix crash
Broken-by: 0b4dfe7aa1
Jeremy Harris [Mon, 6 Apr 2020 15:20:35 +0000 (16:20 +0100)]
Expansion item ${listquote }. Bug 1066
Jeremy Harris [Sun, 5 Apr 2020 23:28:06 +0000 (00:28 +0100)]
MySQL, pgsql: per-query server options outside the lookup string. Bug 2546
Jeremy Harris [Sun, 5 Apr 2020 22:21:40 +0000 (23:21 +0100)]
Taint: check on supplied buffer vs. list when extracting elements
Jeremy Harris [Sat, 4 Apr 2020 20:27:30 +0000 (21:27 +0100)]
Avoid the long whats_supported line being mixed with output from other processes
Jeremy Harris [Sat, 4 Apr 2020 13:25:07 +0000 (14:25 +0100)]
tidying: skip_whitespace
Jeremy Harris [Fri, 3 Apr 2020 20:48:21 +0000 (21:48 +0100)]
Log fast-ramp queue-run trigger
Jeremy Harris [Fri, 3 Apr 2020 13:38:31 +0000 (14:38 +0100)]
dsearch: filter-matches option
Jeremy Harris [Fri, 3 Apr 2020 13:36:17 +0000 (14:36 +0100)]
dsearch: full-path return option
Jeremy Harris [Fri, 3 Apr 2020 13:10:43 +0000 (14:10 +0100)]
Lookups: per-searchtype options framework
Jeremy Harris [Wed, 1 Apr 2020 22:29:40 +0000 (23:29 +0100)]
Sqlite: new main option sqlite_dbfile
Jeremy Harris [Mon, 30 Mar 2020 21:26:09 +0000 (22:26 +0100)]
Testsuite: ignore all fork-time debug
Jeremy Harris [Sun, 29 Mar 2020 19:59:49 +0000 (20:59 +0100)]
Dsearch: require absolute dirname
Jeremy Harris [Sun, 29 Mar 2020 18:07:48 +0000 (19:07 +0100)]
constify
Jeremy Harris [Sun, 29 Mar 2020 14:00:07 +0000 (15:00 +0100)]
OpenSSL: under resumption open ticket DB writable, for record delete
Jeremy Harris [Sat, 28 Mar 2020 20:01:10 +0000 (20:01 +0000)]
Taint enforce: directory open backstops, single-key search filename
Jeremy Harris [Sat, 28 Mar 2020 18:22:22 +0000 (18:22 +0000)]
Testsuite: output changes resulting
Broken-by: 836c3e4102
Jeremy Harris [Sat, 28 Mar 2020 16:12:56 +0000 (16:12 +0000)]
Build: fix Solaris
Jeremy Harris [Sat, 28 Mar 2020 16:06:48 +0000 (16:06 +0000)]
Testsuite: ignore fakens fork debug line, avoiding ipv6-support differences
Jeremy Harris [Fri, 27 Mar 2020 21:07:50 +0000 (21:07 +0000)]
OpenSSL: avoid loading server's CA-list-for-client-notification on client
Jeremy Harris [Thu, 26 Mar 2020 16:05:19 +0000 (16:05 +0000)]
Fix argument checking for ${readsocket }
Jeremy Harris [Sun, 22 Mar 2020 20:15:33 +0000 (20:15 +0000)]
Merge branch 'debug_fork'
Jeremy Harris [Sun, 22 Mar 2020 18:30:18 +0000 (18:30 +0000)]
exit-time debug
Jeremy Harris [Fri, 20 Mar 2020 22:48:41 +0000 (22:48 +0000)]
debug tidying
Jeremy Harris [Sat, 21 Mar 2020 23:27:06 +0000 (23:27 +0000)]
pass through exec
Jeremy Harris [Fri, 20 Mar 2020 14:44:07 +0000 (14:44 +0000)]
child-open debug
Jeremy Harris [Sun, 22 Mar 2020 11:13:49 +0000 (11:13 +0000)]
Testsuite: move dsearch-dependent testcase
Jeremy Harris [Sun, 22 Mar 2020 00:55:59 +0000 (00:55 +0000)]
Taint: fix dsearch result to be untainted
Jeremy Harris [Sat, 21 Mar 2020 17:09:53 +0000 (17:09 +0000)]
Taint: mark more command-line arguments
Jeremy Harris [Sun, 15 Mar 2020 14:32:05 +0000 (14:32 +0000)]
tidying
Jeremy Harris [Fri, 20 Mar 2020 19:14:45 +0000 (19:14 +0000)]
Fix segfault on bad cmdline -f (sender) argument. Bug 2541
Jeremy Harris [Wed, 18 Mar 2020 13:47:42 +0000 (13:47 +0000)]
consistent fork-time debug
Testcase issues: 0366 2035
Jeremy Harris [Wed, 18 Mar 2020 12:33:24 +0000 (12:33 +0000)]
fixes
Jeremy Harris [Wed, 18 Mar 2020 11:36:59 +0000 (11:36 +0000)]
tidying
Jeremy Harris [Tue, 17 Mar 2020 12:33:47 +0000 (12:33 +0000)]
Avoid corrupting globals during time-pauses
Jeremy Harris [Sun, 15 Mar 2020 21:08:28 +0000 (21:08 +0000)]
Fix spurious detection of timeout while writing to transport filter
Jeremy Harris [Sun, 15 Mar 2020 17:34:02 +0000 (17:34 +0000)]
labelled-process fork function
Jeremy Harris [Sat, 14 Mar 2020 22:30:45 +0000 (22:30 +0000)]
Testsuite: missing output file
Jeremy Harris [Sat, 14 Mar 2020 22:47:07 +0000 (22:47 +0000)]
Testsuite: use correct client for GnuTLS platform
Jeremy Harris [Sat, 14 Mar 2020 20:50:55 +0000 (20:50 +0000)]
Testsuite: make "client" util TLS variants more similar
Jeremy Harris [Sat, 14 Mar 2020 16:50:28 +0000 (16:50 +0000)]
Testtsuite: portability
Jeremy Harris [Fri, 13 Mar 2020 14:16:15 +0000 (14:16 +0000)]
Testsuite: fix munge
Jeremy Harris [Thu, 12 Mar 2020 20:14:32 +0000 (20:14 +0000)]
Testsuite: fix case for TLS library differences
Jeremy Harris [Thu, 12 Mar 2020 18:00:50 +0000 (18:00 +0000)]
Retry once a single-item delivery from the queue, when lock causes no attempt
Jeremy Harris [Thu, 12 Mar 2020 17:13:47 +0000 (17:13 +0000)]
Debug: _exit() process-termination
Jeremy Harris [Tue, 10 Mar 2020 22:53:31 +0000 (22:53 +0000)]
Testsuite: fix build on non-gnumake platforms
Jeremy Harris [Tue, 10 Mar 2020 22:40:27 +0000 (22:40 +0000)]
Testsuite: fix build on non-gnumake platforms
Broken-by: effbc122d
Jeremy Harris [Tue, 10 Mar 2020 17:06:26 +0000 (17:06 +0000)]
Early-pipe: retry without pipelining on first-response failure
Jeremy Harris [Sun, 8 Mar 2020 22:24:37 +0000 (22:24 +0000)]
Default notifier socket name to spooldir-dependent path even for abstract names
Jeremy Harris [Sun, 8 Mar 2020 20:26:19 +0000 (20:26 +0000)]
Close notifier socket before re-exec of daemon. Bug 2539
Jeremy Harris [Sun, 1 Mar 2020 16:36:19 +0000 (16:36 +0000)]
tidying
Heiko Schlichting [Sun, 8 Mar 2020 19:28:37 +0000 (19:28 +0000)]
Fix parsing of cmdline -os & -pr options. Bug 2538
Incorrect attibution in
305e4faec2 commit
Found & fixed by Heiko; coding massaged by jgh
Broken-by: 777cc7485c
Jeremy Harris [Sun, 8 Mar 2020 18:37:14 +0000 (18:37 +0000)]
Testsuite: better restriction of parallel 2-stage-queue-runners
Heiko Schlittermann (HS12-RIPE) [Sun, 8 Mar 2020 16:00:28 +0000 (16:00 +0000)]
Fix parsing of cmdline -os & -pr options. Bug 2538
Found & fixed by Heiko; coding massaged by jgh
Broken-by: 777cc7485c
Jeremy Harris [Sun, 8 Mar 2020 15:20:10 +0000 (15:20 +0000)]
Testsuite: testcases for bug 2538
Jeremy Harris [Thu, 5 Mar 2020 16:20:26 +0000 (16:20 +0000)]
Taint: track in ${utf8clean:} operator
Jeremy Harris [Wed, 19 Feb 2020 13:19:58 +0000 (13:19 +0000)]
Docs: tidying
David Restall [Sun, 1 Mar 2020 22:10:49 +0000 (22:10 +0000)]
Docs: typo in example config file. Bug 2528
Heiko Schlittermann (HS12-RIPE) [Tue, 3 Mar 2020 07:06:22 +0000 (08:06 +0100)]
Revert "GnuTLS: remove GNUTLS_E_AGAIN handling"
This reverts commit
0b049796b89a59fc322119b54199d92c404ef687.
Thanks to Andreas Metzler for pointing me to:
https://gitlab.com/gnutls/gnutls/issues/644#note_123363338
Heiko Schlittermann (HS12-RIPE) [Mon, 2 Mar 2020 21:56:32 +0000 (22:56 +0100)]
GnuTLS: Do not care about corked data when uncorking
Heiko Schlittermann (HS12-RIPE) [Mon, 2 Mar 2020 21:44:13 +0000 (22:44 +0100)]
GnuTLS: remove GNUTLS_E_AGAIN handling
The AGAIN shouldn't happen, as we are using blocking sockets
Jeremy Harris [Sun, 1 Mar 2020 14:05:43 +0000 (14:05 +0000)]
Fix $mime_part_count for non-mime message on multi-message connection. Bug 2537
Jeremy Harris [Sat, 29 Feb 2020 18:18:46 +0000 (18:18 +0000)]
Testsuite: ignore differentce in libgsasl version
Jeremy Harris [Sat, 29 Feb 2020 16:30:35 +0000 (16:30 +0000)]
Add variables for wildcard portion of local-part affix. Bug 281
Heiko Schlittermann (HS12-RIPE) [Wed, 26 Feb 2020 22:44:31 +0000 (23:44 +0100)]
Testsuite: Move 2040 to 1101 (hanging pipelining connections)
While this was a bug using GnuTLS, the test is rather generic
and the expected behaviour does not depend on the TLS implementation.
Heiko Schlittermann (HS12-RIPE) [Wed, 26 Feb 2020 22:32:46 +0000 (23:32 +0100)]
Testsuite: build a generic tls enabled client: client-anytls
Jeremy Harris [Wed, 26 Feb 2020 10:54:56 +0000 (10:54 +0000)]
Fix ${tr } expansion item. Bug 2533
Broken-by: acec9514b1
Arne Wörner [Mon, 24 Feb 2020 17:07:22 +0000 (17:07 +0000)]
Fix timestamp outputs for TAI timezone. Bug 2530
Jeremy Harris [Sun, 23 Feb 2020 22:35:22 +0000 (22:35 +0000)]
GnuTLS: avoid hang in older library, in selfsigned-cert creation
Jeremy Harris [Sun, 23 Feb 2020 17:36:52 +0000 (17:36 +0000)]
Replace "Try to fix Solaris build" with compatibility compiler flags
This reverts commit
b11989b8d73c17ccb70e22ca7e8a13540ecca73d.
Jeremy Harris [Sun, 23 Feb 2020 17:08:42 +0000 (17:08 +0000)]
Try to fix Solaris build
Jeremy Harris [Sat, 22 Feb 2020 18:49:30 +0000 (18:49 +0000)]
When counting queue, avoid building & sorting list of names
This is worth maybe 30% time of a 10^5-sized queue
Jeremy Harris [Sat, 22 Feb 2020 17:31:33 +0000 (17:31 +0000)]
Handle non-response from daemon for $queue_size
Jeremy Harris [Sat, 22 Feb 2020 17:11:05 +0000 (17:11 +0000)]
Unix socket creds: FreeBSD needs level 0 not SOL_SOCKET
Jeremy Harris [Sat, 22 Feb 2020 15:54:27 +0000 (15:54 +0000)]
Unix socket struct naming: avoid "sun" due to conflict on Solaris
Jeremy Harris [Thu, 20 Feb 2020 14:39:14 +0000 (14:39 +0000)]
Allow for platforms not support abstract naming for Unix sockets
Jeremy Harris [Wed, 19 Feb 2020 17:00:23 +0000 (17:00 +0000)]
Unix socket creds sockopt for BSD-ish platforms
Jeremy Harris [Wed, 19 Feb 2020 13:54:59 +0000 (13:54 +0000)]
Unix socket creds definitions for BSD-ish platforms
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Feb 2020 17:59:49 +0000 (18:59 +0100)]
GnuTLS: tls_write(): wait after uncorking the session
Heiko Schlittermann (HS12-RIPE) [Wed, 12 Feb 2020 22:39:32 +0000 (23:39 +0100)]
GnuTLS: Tweak debug output
Heiko Schlittermann (HS12-RIPE) [Wed, 12 Feb 2020 22:41:03 +0000 (23:41 +0100)]
GnuTLS: Clarify the use of SSLKEYFILE
Jeremy Harris [Sat, 10 Jan 2015 21:39:44 +0000 (21:39 +0000)]
Add queue_size variable. Bug 1406
Jeremy Harris [Tue, 18 Feb 2020 16:47:56 +0000 (16:47 +0000)]
Move notifier socket to general availability
Jeremy Harris [Tue, 18 Feb 2020 16:26:51 +0000 (16:26 +0000)]
Docs: clarify DKIM key generation
Heiko Schlittermann (HS12-RIPE) [Fri, 14 Feb 2020 10:20:39 +0000 (11:20 +0100)]
Testsuite: add test for hanging callout connections
Fixed in
bd95ffc2ba87fbd3c752df17bc8fd9c01586d45a