exim.git
2 years agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Sat, 3 Aug 2019 13:18:38 +0000 (14:18 +0100)]
Build: workaround inlining problems on Solaris
Also fix for difference in syscall types for munmap()

2 years agopreallocate store for config
Jeremy Harris [Sat, 6 Jul 2019 21:17:04 +0000 (22:17 +0100)]
preallocate store for config

2 years agoAuth: handle socket read errors in Dovecot authenticator
Bruce Lee [Tue, 30 Jul 2019 21:43:14 +0000 (22:43 +0100)]
Auth: handle socket read errors in Dovecot authenticator

2 years agotidying
Jeremy Harris [Tue, 30 Jul 2019 21:32:08 +0000 (22:32 +0100)]
tidying

2 years agoFix build on OpenBSD
Jeremy Harris [Mon, 29 Jul 2019 16:11:03 +0000 (17:11 +0100)]
Fix build on OpenBSD

2 years agoFix taint-checking on OpenBSD
Jeremy Harris [Mon, 29 Jul 2019 14:48:05 +0000 (15:48 +0100)]
Fix taint-checking on OpenBSD

2 years agotestsuite: interlock callout tests
Jeremy Harris [Sun, 28 Jul 2019 16:34:23 +0000 (17:34 +0100)]
testsuite: interlock callout tests

2 years agoFix crash after TLS channel shutdown
Jeremy Harris [Sun, 28 Jul 2019 13:47:29 +0000 (14:47 +0100)]
Fix crash after TLS channel shutdown

2 years agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Sat, 27 Jul 2019 16:11:09 +0000 (17:11 +0100)]
Build: workaround inlining problems on Solaris

2 years agoTestsuite: try to trace intermittent callout fails
Jeremy Harris [Sat, 27 Jul 2019 15:14:51 +0000 (16:14 +0100)]
Testsuite: try to trace intermittent callout fails

2 years agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Sat, 27 Jul 2019 14:00:58 +0000 (15:00 +0100)]
Build: workaround inlining problems on Solaris

2 years agoTestsuite: try to trace intermittent callout fails
Jeremy Harris [Thu, 25 Jul 2019 20:42:24 +0000 (21:42 +0100)]
Testsuite: try to trace intermittent callout fails

2 years agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Thu, 25 Jul 2019 19:09:18 +0000 (20:09 +0100)]
Build: workaround inlining problems on Solaris

2 years agoDe-taint library-return string for inet_ntoa() etc
Jeremy Harris [Thu, 25 Jul 2019 18:41:57 +0000 (19:41 +0100)]
De-taint library-return string for inet_ntoa() etc

2 years agoinlining
Jeremy Harris [Thu, 25 Jul 2019 14:34:10 +0000 (15:34 +0100)]
inlining

2 years agoFix dkim_strict expansion. Bug 2413
Ruben Jenster [Fri, 19 Jul 2019 11:56:56 +0000 (12:56 +0100)]
Fix dkim_strict expansion.  Bug 2413

Broken since the introduction of dkim support.
Testsuite additions by jgh

2 years agoTrack tainted data and refuse to expand it
Jeremy Harris [Thu, 25 Jul 2019 11:06:07 +0000 (12:06 +0100)]
Track tainted data and refuse to expand it

2 years agoAvoid re-expansion in ${sort }
Jeremy Harris [Fri, 5 Jul 2019 14:38:15 +0000 (15:38 +0100)]
Avoid re-expansion in ${sort }

2 years agoTestsuite: Debug: indent lowlevel connect result
Jeremy Harris [Mon, 22 Jul 2019 09:13:42 +0000 (10:13 +0100)]
Testsuite: Debug: indent lowlevel connect result

2 years agoTestsuite: better non-TFO-system debug handling
Jeremy Harris [Sat, 20 Jul 2019 21:47:57 +0000 (22:47 +0100)]
Testsuite: better non-TFO-system debug handling

2 years agoDebug: indent lowlevel connect result
Jeremy Harris [Sat, 20 Jul 2019 19:58:24 +0000 (20:58 +0100)]
Debug: indent lowlevel connect result

2 years agoTestsuite: synch log output
Jeremy Harris [Sat, 20 Jul 2019 14:25:23 +0000 (15:25 +0100)]
Testsuite: synch log output

2 years agoDocs: more indexing for sighup
Jeremy Harris [Wed, 17 Jul 2019 09:10:33 +0000 (10:10 +0100)]
Docs: more indexing for sighup

2 years agoRouter variables: change list-separator to semicolon
Jeremy Harris [Mon, 15 Jul 2019 11:51:42 +0000 (12:51 +0100)]
Router variables: change list-separator to semicolon

2 years agoDocs: add note on unusablility of must-staple certs by clients. Bug 2350
Jeremy Harris [Mon, 15 Jul 2019 09:53:35 +0000 (10:53 +0100)]
Docs: add note on unusablility of must-staple certs by clients.  Bug 2350

2 years agoRouter variables: local visibiliity
Jeremy Harris [Thu, 11 Jul 2019 22:35:20 +0000 (23:35 +0100)]
Router variables: local visibiliity

2 years agoKeep router-variables separate on addrs, to avoid taint contamination
Jeremy Harris [Thu, 11 Jul 2019 16:12:26 +0000 (17:12 +0100)]
Keep router-variables separate on addrs, to avoid taint contamination

2 years agotidying
Jeremy Harris [Thu, 11 Jul 2019 15:17:34 +0000 (16:17 +0100)]
tidying

2 years agoDebug: indent lookup operations
Jeremy Harris [Thu, 11 Jul 2019 10:58:07 +0000 (11:58 +0100)]
Debug: indent lookup operations

2 years agoExpansions: acl expansion error detail
Jeremy Harris [Tue, 9 Jul 2019 21:43:18 +0000 (22:43 +0100)]
Expansions: acl expansion error detail

2 years agoRouters: named variables
Jeremy Harris [Mon, 8 Jul 2019 16:34:47 +0000 (17:34 +0100)]
Routers: named variables

2 years agoDocs: more indexing
Jeremy Harris [Mon, 8 Jul 2019 15:39:46 +0000 (16:39 +0100)]
Docs: more indexing

2 years agoMicrofix in SECURITY.md: exim-VERSION+fixes
Heiko Schlittermann (HS12-RIPE) [Sat, 6 Jul 2019 21:34:06 +0000 (23:34 +0200)]
Microfix in SECURITY.md: exim-VERSION+fixes

2 years agomore function attribute annotation
Jeremy Harris [Sat, 6 Jul 2019 19:44:45 +0000 (20:44 +0100)]
more function attribute annotation

2 years agoAdd missing feature lines to prototype Makefile
Jeremy Harris [Tue, 2 Jul 2019 21:23:49 +0000 (22:23 +0100)]
Add missing feature lines to prototype Makefile

2 years agoFix bounce generation under RFC 3461 request. Bug 2411
Jeremy Harris [Sat, 29 Jun 2019 18:31:23 +0000 (19:31 +0100)]
Fix bounce generation under RFC 3461 request.  Bug 2411

Broken-by: ea97267cea
2 years agoBuild: bodge attempt to get Solaris build working
Jeremy Harris [Sat, 29 Jun 2019 13:42:37 +0000 (14:42 +0100)]
Build: bodge attempt to get Solaris build working

2 years agoDocs: add note on effects of disabling IPv6 lookups
Jeremy Harris [Thu, 27 Jun 2019 19:59:26 +0000 (20:59 +0100)]
Docs: add note on effects of disabling IPv6 lookups

2 years agoCompiler quietening
Jeremy Harris [Wed, 26 Jun 2019 11:39:33 +0000 (12:39 +0100)]
Compiler quietening

Trying to set an enum (int-sized) with top bit set, needs a cast to (signed) int.
Broken-by: ae8f9024d8
2 years agoTestsuite: output changes resulting
Jeremy Harris [Wed, 26 Jun 2019 11:36:49 +0000 (12:36 +0100)]
Testsuite: output changes resulting

Broken-by: 436bda2ac0
2 years agoFix DSN Final-Recipient: field
Jeremy Harris [Wed, 26 Jun 2019 09:59:44 +0000 (10:59 +0100)]
Fix DSN Final-Recipient: field

2 years agotidying
Jeremy Harris [Mon, 3 Jun 2019 12:55:04 +0000 (13:55 +0100)]
tidying

2 years agoDebug: more gentle line-drawing chars
Jeremy Harris [Mon, 24 Jun 2019 14:15:55 +0000 (15:15 +0100)]
Debug: more gentle line-drawing chars

2 years agoAdd a security page in a place where GitHub will detect it
Phil Pennock [Wed, 19 Jun 2019 19:37:19 +0000 (15:37 -0400)]
Add a security page in a place where GitHub will detect it

2 years agoInline the smaller string-handling functions
Jeremy Harris [Sun, 16 Jun 2019 17:10:59 +0000 (18:10 +0100)]
Inline the smaller string-handling functions

2 years agoFix detection of 32b platform at build time. Bug 2405
Jeremy Harris [Fri, 7 Jun 2019 10:54:10 +0000 (11:54 +0100)]
Fix detection of 32b platform at build time.  Bug 2405

2 years agoFix smtp response timeout
Jeremy Harris [Mon, 27 May 2019 22:44:31 +0000 (23:44 +0100)]
Fix smtp response timeout

2 years agoUse dsn_from for success-DSN messages. Bug 2404
Jeremy Harris [Tue, 4 Jun 2019 17:13:21 +0000 (18:13 +0100)]
Use dsn_from for success-DSN messages.  Bug 2404

2 years agoUnbreak heimdal_gssapi auth driver
Phil Pennock [Wed, 5 Jun 2019 09:35:28 +0000 (05:35 -0400)]
Unbreak heimdal_gssapi auth driver

Commit 251b9eb46 broke heimdal_gssapi by changing the function
definition in the `.c` without changing the declaration in the `.h`.
Was part of 4.92.

Make corresponding `.h` change to reflect newer internal API.

2 years agoTestsuite: compat vs. older GnuTLS
Jeremy Harris [Tue, 4 Jun 2019 15:06:27 +0000 (16:06 +0100)]
Testsuite: compat vs. older GnuTLS

2 years agoEvents: avoid evaluating intermediates for unneeded events
Jeremy Harris [Tue, 4 Jun 2019 13:18:59 +0000 (14:18 +0100)]
Events: avoid evaluating intermediates for unneeded events

2 years agoTestsuite: platform variances
Jeremy Harris [Wed, 29 May 2019 13:14:24 +0000 (14:14 +0100)]
Testsuite: platform variances

2 years agoTestsuite: platform variances
Jeremy Harris [Tue, 28 May 2019 22:38:34 +0000 (23:38 +0100)]
Testsuite: platform variances

2 years agoTestsuite: library variances for ARC testcase
Jeremy Harris [Tue, 28 May 2019 20:04:47 +0000 (21:04 +0100)]
Testsuite: library variances for ARC testcase

2 years agoPIPE_CONNECT: promote from experimental
Jeremy Harris [Tue, 28 May 2019 19:02:50 +0000 (20:02 +0100)]
PIPE_CONNECT: promote from experimental

2 years agoPIPE_CONNECT: avoid using when the transport helo_data uses $sending_ip_address
Jeremy Harris [Mon, 27 May 2019 23:26:48 +0000 (00:26 +0100)]
PIPE_CONNECT: avoid using when the transport helo_data uses $sending_ip_address

2 years agoTestsuite: add missing testcase script
Jeremy Harris [Mon, 27 May 2019 21:06:10 +0000 (22:06 +0100)]
Testsuite: add missing testcase script

Broken-by: c09dbcfb71
2 years agoTFO: change the default for hosts_try_fastopen, enabling use by default
Jeremy Harris [Sun, 26 May 2019 14:42:32 +0000 (15:42 +0100)]
TFO: change the default for hosts_try_fastopen, enabling use by default

2 years agoTestsuite: workaround older kernels
Jeremy Harris [Sun, 26 May 2019 15:28:21 +0000 (16:28 +0100)]
Testsuite: workaround older kernels

Broken-by: 38da908828
2 years agoTestsuite: workaround TFO blackhole detection
Jeremy Harris [Sun, 26 May 2019 13:03:00 +0000 (14:03 +0100)]
Testsuite: workaround TFO blackhole detection

2 years agoTestsuite: ensure TFO not used when not wanted
Jeremy Harris [Sun, 26 May 2019 12:38:41 +0000 (13:38 +0100)]
Testsuite: ensure TFO not used when not wanted

2 years agoDebug: align tracing out for TFO connections with plain ones
Jeremy Harris [Sun, 26 May 2019 10:52:55 +0000 (11:52 +0100)]
Debug: align tracing out for TFO connections with plain ones

2 years agoLogging: avoid claiming a host was used for an addr, when conn refused under TFO
Jeremy Harris [Sat, 25 May 2019 14:18:19 +0000 (15:18 +0100)]
Logging: avoid claiming a host was used for an addr, when conn refused under TFO

2 years agoLogging: fix duplicated transport target info under TFO
Jeremy Harris [Tue, 21 May 2019 20:32:34 +0000 (21:32 +0100)]
Logging: fix duplicated transport target info under TFO

2 years agoCallouts: simplfy debug output
Jeremy Harris [Sat, 25 May 2019 21:43:23 +0000 (22:43 +0100)]
Callouts: simplfy debug output

2 years agoCallouts: simplfy logging
Jeremy Harris [Sat, 25 May 2019 14:48:11 +0000 (15:48 +0100)]
Callouts: simplfy logging

2 years agoBuild: libtasn1 and libgcrypt no longer needed for gnutls
Jeremy Harris [Sat, 25 May 2019 13:19:46 +0000 (14:19 +0100)]
Build: libtasn1 and libgcrypt no longer needed for gnutls

2 years agoTLS: introduce USE_OPENSSL as an explicit requirement for the build
Jeremy Harris [Fri, 24 May 2019 15:39:05 +0000 (16:39 +0100)]
TLS: introduce USE_OPENSSL as an explicit requirement for the build

2 years agoDANE: remove excess compile-time checks
Jeremy Harris [Fri, 24 May 2019 15:09:13 +0000 (16:09 +0100)]
DANE: remove excess compile-time checks

2 years agoTLS: move from SUPPORT_TLS to DISABLE_TLS macro for the build
Jeremy Harris [Fri, 24 May 2019 14:57:02 +0000 (15:57 +0100)]
TLS: move from SUPPORT_TLS to DISABLE_TLS macro for the build

2 years agoTestsuite: cleanup intermediate results during DANE testcase run
Jeremy Harris [Fri, 24 May 2019 13:51:16 +0000 (14:51 +0100)]
Testsuite: cleanup intermediate results during DANE testcase run

2 years agoBuild: Enable SUPPORT_TLS by default
Heiko Schlittermann (HS12-RIPE) [Wed, 22 May 2019 22:16:19 +0000 (00:16 +0200)]
Build: Enable SUPPORT_TLS by default

2 years agoBuild: Add gnutls-dane to USE_GNUTLS_PC/TLS_LIBS
Heiko Schlittermann (HS12-RIPE) [Wed, 22 May 2019 22:13:45 +0000 (00:13 +0200)]
Build: Add gnutls-dane to USE_GNUTLS_PC/TLS_LIBS

2 years agoClarify libraries needed for GnuTLS build
Jeremy Harris [Wed, 22 May 2019 09:09:01 +0000 (10:09 +0100)]
Clarify libraries needed for GnuTLS build

2 years agoChange the default for hosts_try_dane, enabling use by default
Jeremy Harris [Tue, 21 May 2019 18:36:50 +0000 (19:36 +0100)]
Change the default for hosts_try_dane, enabling use by default

2 years agoDocs: fix syntax
Jeremy Harris [Tue, 21 May 2019 20:53:03 +0000 (21:53 +0100)]
Docs: fix syntax

Broken-by: 12e9bb25fc
2 years agoExpansions: ${sha2_N}
Jeremy Harris [Tue, 21 May 2019 18:10:48 +0000 (19:10 +0100)]
Expansions: ${sha2_N}

2 years agoChange the default for hosts_noproxy_tls to unset, enabling continued-TLS deliveries...
Jeremy Harris [Sun, 19 May 2019 22:02:27 +0000 (23:02 +0100)]
Change the default for hosts_noproxy_tls to unset, enabling continued-TLS deliveries as default

2 years agoGnuTLS: fix the advertising of acceptable certs by the server. Bug 2389
Jeremy Harris [Sun, 19 May 2019 11:12:36 +0000 (12:12 +0100)]
GnuTLS: fix the advertising of acceptable certs by the server.  Bug 2389

2 years agoUtilities: add -G<queuename> option to exiqgrep. Bug 2397
Jeremy Harris [Fri, 10 May 2019 12:02:28 +0000 (13:02 +0100)]
Utilities: add -G<queuename> option to exiqgrep.  Bug 2397

2 years agoFix listing a named queue by a non-admin user. Bug 2398
Jeremy Harris [Fri, 10 May 2019 14:18:56 +0000 (15:18 +0100)]
Fix listing a named queue by a non-admin user.  Bug 2398

2 years agoAvoid potential crash in close of a verify callout
Jeremy Harris [Thu, 9 May 2019 13:10:12 +0000 (14:10 +0100)]
Avoid potential crash in close of a verify callout

2 years agoDocs: add index entry for string-concatenation
Jeremy Harris [Thu, 9 May 2019 11:06:01 +0000 (12:06 +0100)]
Docs: add index entry for string-concatenation

2 years agoOpenSSL: fix build under older library version
Jeremy Harris [Wed, 8 May 2019 12:28:07 +0000 (13:28 +0100)]
OpenSSL: fix build under older library version

Broken-by: 4f1d23a1aa
2 years agoGnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
Jeremy Harris [Tue, 7 May 2019 21:42:18 +0000 (22:42 +0100)]
GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp

2 years agoOpenSSL: fix tls_out_ocsp under resumption
Jeremy Harris [Tue, 7 May 2019 21:17:28 +0000 (22:17 +0100)]
OpenSSL: fix tls_out_ocsp under resumption

2 years agoOpenSSL: fix tls_try_verify_hosts under resumption
Jeremy Harris [Mon, 6 May 2019 15:19:15 +0000 (16:19 +0100)]
OpenSSL: fix tls_try_verify_hosts under resumption

2 years agoTLS: increase resumption ticket lifetime to 2 hours
Jeremy Harris [Mon, 6 May 2019 12:34:18 +0000 (13:34 +0100)]
TLS: increase resumption ticket lifetime to 2 hours

2 years agoOpenSSL: discard expired resumption session in client
Jeremy Harris [Mon, 6 May 2019 11:28:14 +0000 (12:28 +0100)]
OpenSSL: discard expired resumption session in client

2 years agoAdd main option exim_version
Heiko Schlittermann (HS12-RIPE) [Tue, 7 May 2019 19:25:41 +0000 (21:25 +0200)]
Add main option exim_version

There might be reasons to cheat about the Exim version you're running.
(Think of stupid security scanners.)

2 years agoOpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption
Jeremy Harris [Sun, 5 May 2019 18:23:37 +0000 (19:23 +0100)]
OpenSSL: better handling of $tls_{in,out}_certificate_verified under resumption

2 years agoTestsuite: check variables under resumption
Jeremy Harris [Sun, 5 May 2019 17:54:45 +0000 (18:54 +0100)]
Testsuite: check variables under resumption

2 years agoTLS: resumption notes
Jeremy Harris [Sun, 5 May 2019 16:57:42 +0000 (17:57 +0100)]
TLS: resumption notes

2 years agoOpenSSL: for older library (1.0.2) assume that a ticket callback in client only
Jeremy Harris [Sun, 5 May 2019 15:20:31 +0000 (16:20 +0100)]
OpenSSL: for older library (1.0.2) assume that a ticket callback in client only
happens for a resumable session

2 years agoOpenSSL: increase STEK strength to 256b
Jeremy Harris [Sat, 4 May 2019 15:53:57 +0000 (16:53 +0100)]
OpenSSL: increase STEK strength to 256b

2 years agoTLS: library version build-time checks for resumption support
Jeremy Harris [Thu, 2 May 2019 20:01:43 +0000 (21:01 +0100)]
TLS: library version build-time checks for resumption support

2 years agoFix build on older OpenSSL
Jeremy Harris [Thu, 2 May 2019 17:07:53 +0000 (18:07 +0100)]
Fix build on older OpenSSL

Broken-by: b10c87b38c
2 years agoFix build on older GnuTLS
Jeremy Harris [Thu, 2 May 2019 17:02:19 +0000 (18:02 +0100)]
Fix build on older GnuTLS

Broken-buy: b10c87b38c

2 years agoDebug: restore GnuTLS debug level.
Jeremy Harris [Thu, 2 May 2019 16:30:33 +0000 (17:30 +0100)]
Debug: restore GnuTLS debug level.

Broken-by: b10c87b38c
2 years agoTLS: Session resumption, under the EXPERIMENTAL_TLS_RESUME build option.
Jeremy Harris [Thu, 2 May 2019 16:16:05 +0000 (17:16 +0100)]
TLS: Session resumption, under the EXPERIMENTAL_TLS_RESUME build option.