exim.git
10 years agoReport TRUSTED_CONFIG_LIST & WHITELIST_D_MACROS.
Phil Pennock [Sun, 23 Jan 2011 08:26:09 +0000 (03:26 -0500)]
Report TRUSTED_CONFIG_LIST & WHITELIST_D_MACROS.

When invoked { exim -d -bV } show these build-time options that affect
what can be done.

10 years agoDocument 1041 merge (DCC fix).
Phil Pennock [Sun, 23 Jan 2011 08:11:21 +0000 (03:11 -0500)]
Document 1041 merge (DCC fix).

10 years agoMerge branch 'master' of git://git.exim.org/exim
Phil Pennock [Sat, 22 Jan 2011 23:40:43 +0000 (18:40 -0500)]
Merge branch 'master' of git://git.exim.org/exim

10 years agoBugzilla 1041: pull patch id=425, DCC fixes.
Phil Pennock [Sat, 22 Jan 2011 23:33:45 +0000 (18:33 -0500)]
Bugzilla 1041: pull patch id=425, DCC fixes.

DCC return codes were not always correct. Patch from DCC code
maintainer, Wolfgang Breyha.

10 years agoSign Script - Take EXIM_KEY from environ.
Phil Pennock [Sat, 22 Jan 2011 21:52:17 +0000 (21:52 +0000)]
Sign Script - Take EXIM_KEY from environ.

10 years agoReworked changebars (still relative to 4.72) in doc source
Nigel Metheringham [Fri, 21 Jan 2011 12:47:01 +0000 (12:47 +0000)]
Reworked changebars (still relative to 4.72) in doc source

10 years agoUpdate dates. exim-4_74_RC1
Phil Pennock [Fri, 21 Jan 2011 13:07:43 +0000 (08:07 -0500)]
Update dates.

Spec: both doc date and release date (plus copyright year).
Filter: only release date (doc not changed, so neither is copyright year)

10 years agoTest suite: make cf 64-bit compat for -exact.
Phil Pennock [Fri, 21 Jan 2011 12:26:27 +0000 (07:26 -0500)]
Test suite: make cf 64-bit compat for -exact.

I assume stdint.h and intptr_t available for any platform where we're
running the test suite.

10 years agoTests compat. setgid failure / dropped_privilege
Phil Pennock [Fri, 21 Jan 2011 11:10:35 +0000 (06:10 -0500)]
Tests compat. setgid failure / dropped_privilege

If we've *dropped* privilege, it's okay to not abort if setgid fails.

Document some of what's now needed for the test suite.
Adjust the test suide for better post-4.73 compat.

10 years agoBump version to 4.74.
Phil Pennock [Fri, 21 Jan 2011 09:33:49 +0000 (04:33 -0500)]
Bump version to 4.74.

Docs deliberately keep changebars since v4.72 as 4.73 has not been out
for long.

OptionLists updates for dynamic modules and for the security changes
from 4.73.

10 years agoIncompatibleChanges out, README.UPDATING updated.
Phil Pennock [Fri, 21 Jan 2011 09:12:15 +0000 (04:12 -0500)]
IncompatibleChanges out, README.UPDATING updated.

I forgot about README.UPDATING and introduced a new txt file with the
4.73 release, noting incompatible changes. Because these weren't
documented in the normal place, some people missed them. Mea culpa.

Integrated the notes from IncompatibleChanges into README.UPDATING.

Added a note on the ABI of the dynlookups.

10 years agoCheck return values of setgid/setuid.
Phil Pennock [Fri, 21 Jan 2011 08:56:02 +0000 (03:56 -0500)]
Check return values of setgid/setuid.

CVE-2011-0017

One assertion of the unimportance of checking the return value was wrong,
in the event of a compromised exim run-time user.

10 years agoVersion reporting & module ABI change.
Phil Pennock [Fri, 21 Jan 2011 08:25:51 +0000 (03:25 -0500)]
Version reporting & module ABI change.

Debug version display reports library info.

Bumps lookup API magic constant, adds new field to module API.

When invoking { exim -d -bV } we can display more version information.
Show versions for many external libraries, including both compile-time
and run-time information if we can.

Optional for modules, may be NULL.  Implemented for MySQL, SQLite &
Whoson lookups.  For all lookups, if dynamically loaded, report the
Exim version number from the build.  (Packagers will bundle stuff, but
dynamic modules are no longer just available for packagers, so we need
to deal with less managed environments and people forgetting to install
new modules).

Suggest in EDITME that users of modules not using package management
consider embedding a version number in the path to the modules.

Should consider removing the TLS (OpenSSL/GnuTLS) reporting from the
default -bV display and moving it into the debug display.  Not done.

Created version.h, now support a version extension string for
distributors who patch heavily. Henceforth release engineer should
change the version in version.h not version.c.

10 years agoModule loading working on FreeBSD (and unbreak).
Phil Pennock [Mon, 17 Jan 2011 13:43:35 +0000 (08:43 -0500)]
Module loading working on FreeBSD (and unbreak).

(1) Commit eec525c43adade97ff94d839810faf7cb35bd87f broke module
    support, because we *do* still need some exported variable
    definitions, as for a module to actually work, we need the
    per-module _INCLUDE/_LIBS settings.

(2) FreeBSD's nsdispatch() will leave dlerror() returning a complaint
    about "_nss_cache_cycle_prevention_function"; we need to clear the
    error state before the dlsym() call, so that any error found
    afterwards must have come from that dlsym() call.  Fix is just an
    extra call to dlerror(), which should be portable.

I can now use sqlite3 from a module, in FreeBSD.

10 years agoMention new dlopen functionality.
Phil Pennock [Mon, 17 Jan 2011 06:57:28 +0000 (01:57 -0500)]
Mention new dlopen functionality.

10 years agoClarify: tls_verify_certificates is for CA certs.
Phil Pennock [Mon, 17 Jan 2011 03:21:37 +0000 (22:21 -0500)]
Clarify: tls_verify_certificates is for CA certs.

It can be used for individual user certs but is really intended for
CAs.  Note this, and explain that if the tls_verify_certificates value
is a file, then the certs within are sent from the server to clients,
thus is public data.

10 years agoLet /dev/null have normal permissions.
Phil Pennock [Mon, 17 Jan 2011 02:54:53 +0000 (21:54 -0500)]
Let /dev/null have normal permissions.

The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null.  Exempt it from some checks.
Reported by Andreas M. Kirchwitz

10 years agoBug-fix for bash and no-dynamic case.
Phil Pennock [Sun, 16 Jan 2011 23:36:55 +0000 (18:36 -0500)]
Bug-fix for bash and no-dynamic case.

When writing the patch, originally nothing other than a cp was needed if
there were no dynamic modules.  That changed, but the guard at the top
did not.  Remove that check.

bash does not like a block which consists solely of a comment.  Provide
a ':' invocation.

Both problems spotted by Simon Arlott -- thanks.

10 years agoBug 139: portability fixes and documentation.
Phil Pennock [Sun, 16 Jan 2011 07:15:53 +0000 (02:15 -0500)]
Bug 139: portability fixes and documentation.

Document the dynamic lookup module capability in spec.xfpt.
Include a ChangeLog item.

Avoid the GNU-specific "export" make(1) directive.
Build the lookups Makefile using the existing framework.
Build with BSD Make once more.

The src/lookups/Makefile that is used at build time now has the dynamic
content come from scripts/lookups-Makefile.

Add CFLAGS_DYNAMIC support, which can be set in Local/Makefile.
Provide defaults for Linux & FreeBSD.

Ensure that build fails early if a dynamic module is requested but
CFLAGS_DYNAMIC is not defined.

10 years agosrc/deliver.c: log the error message when unlink(spoolname) fails
Tony Finch [Fri, 14 Jan 2011 14:19:40 +0000 (14:19 +0000)]
src/deliver.c: log the error message when unlink(spoolname) fails

10 years agosrc/transports/smtp.c: log LMTP confirmation same as SMTP
Tony Finch [Fri, 14 Jan 2011 14:16:53 +0000 (14:16 +0000)]
src/transports/smtp.c: log LMTP confirmation same as SMTP

10 years agosrc/dbfn.c: write lock aquisition failures to the panic log
Tony Finch [Fri, 14 Jan 2011 14:12:23 +0000 (14:12 +0000)]
src/dbfn.c: write lock aquisition failures to the panic log

10 years agoCONTRIBUTING: correct expansion of GPL
Tony Finch [Fri, 14 Jan 2011 13:44:41 +0000 (13:44 +0000)]
CONTRIBUTING: correct expansion of GPL

10 years agoBugzilla #1067 - DKIM: Fix relaxed header canon for headers ending with whitespace.
Tom Kistner [Wed, 12 Jan 2011 20:48:22 +0000 (20:48 +0000)]
Bugzilla #1067 - DKIM: Fix relaxed header canon for headers ending with whitespace.

10 years agoInclude <dlfcn.h> only when necessary
David Woodhouse [Wed, 5 Jan 2011 23:58:37 +0000 (23:58 +0000)]
Include <dlfcn.h> only when necessary

10 years agoAdd dynamic lookup support
David Woodhouse [Wed, 5 Jan 2011 22:55:50 +0000 (22:55 +0000)]
Add dynamic lookup support

Fixed: bug #139

10 years agoDKIM ACL Documentation exim-4_73
Nigel Metheringham [Sun, 26 Dec 2010 18:17:23 +0000 (18:17 +0000)]
DKIM ACL Documentation

Fixes: bug #929

10 years agoFixes: bug #1002 - Message loss when using multiple deliveries
Miroslav Lichvar [Sun, 26 Dec 2010 18:10:29 +0000 (18:10 +0000)]
Fixes: bug #1002 - Message loss when using multiple deliveries

10 years agoLDAP Authetication documentation example syntax fix
Nigel Metheringham [Sun, 26 Dec 2010 18:04:08 +0000 (18:04 +0000)]
LDAP Authetication documentation example syntax fix

Fixes: bug #999

10 years agoReword BSMTP ACL documentation
Nigel Metheringham [Sun, 26 Dec 2010 18:01:47 +0000 (18:01 +0000)]
Reword BSMTP ACL documentation

Fixes: bug #974

10 years agoEximstats documentstion - s/delivery_time/deliver_time/
Nigel Metheringham [Sun, 26 Dec 2010 17:44:58 +0000 (17:44 +0000)]
Eximstats documentstion - s/delivery_time/deliver_time/

Fixes: bug #1034

10 years agodrop unwanted paragraph break.
Andreas Metzler [Sun, 26 Dec 2010 15:10:51 +0000 (16:10 +0100)]
drop unwanted paragraph break.

Fixes: bug #1052
Signed-off-by: Nigel Metheringham <nigel@exim.org>
10 years agofix grammar error: s/this/that/
Andreas Metzler [Sun, 26 Dec 2010 13:55:59 +0000 (14:55 +0100)]
fix grammar error: s/this/that/

Fixes: bug #1051
Signed-off-by: Nigel Metheringham <nigel@exim.org>
10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim exim-4_73_RC1
Nigel Metheringham [Thu, 23 Dec 2010 14:19:35 +0000 (14:19 +0000)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoDo not refer to TRUSTED_CONFIG_PREFIX_FILE.
Andreas Metzler [Tue, 21 Dec 2010 14:40:42 +0000 (15:40 +0100)]
Do not refer to TRUSTED_CONFIG_PREFIX_FILE.

Refer to TRUSTED_CONFIG_LIST instead of TRUSTED_CONFIG_PREFIX_FILE in
documentation and comments.

10 years agoInserted change notifications into the documentation source
Nigel Metheringham [Sun, 19 Dec 2010 11:05:19 +0000 (11:05 +0000)]
Inserted change notifications into the documentation source

10 years agoMake the documentation cleared that TRUSTED_CONFIG_LIST is pathname one per line
David Woodhouse [Sat, 18 Dec 2010 23:22:17 +0000 (23:22 +0000)]
Make the documentation cleared that TRUSTED_CONFIG_LIST is pathname one per line

10 years agoRelease script now generates the HTML documentation
Nigel Metheringham [Sat, 18 Dec 2010 19:52:54 +0000 (19:52 +0000)]
Release script now generates the HTML documentation

This is really rather crude... but should work.

10 years agoUpdated version numbers of code and documentation exim-4_73_RC00
Nigel Metheringham [Sat, 18 Dec 2010 19:48:06 +0000 (19:48 +0000)]
Updated version numbers of code and documentation

10 years agoMerge branch 'master' of ssh://git.exim.org/home/git/exim
David Woodhouse [Fri, 17 Dec 2010 19:03:37 +0000 (19:03 +0000)]
Merge branch 'master' of ssh://git.exim.org/home/git/exim

10 years agoStripped old HTML doc generation - will add new HTML gen soon exim-4_73_RC0
Nigel Metheringham [Fri, 17 Dec 2010 13:03:21 +0000 (13:03 +0000)]
Stripped old HTML doc generation - will add new HTML gen soon

10 years agoTurn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexes
David Woodhouse [Thu, 16 Dec 2010 22:29:53 +0000 (22:29 +0000)]
Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexes

10 years agoUpdated mk_exim_release.pl to work with git
Nigel Metheringham [Thu, 16 Dec 2010 13:19:14 +0000 (13:19 +0000)]
Updated mk_exim_release.pl to work with git

However this still builds docs as before - ie it does
not use the new HTML generation.  Will work on that next.

10 years agoAllow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C
David Woodhouse [Wed, 15 Dec 2010 13:47:46 +0000 (13:47 +0000)]
Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C

We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing
of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to;
other users don't get to make use of it.

10 years agoKil va_copy(). It isn't present on some ancient systems.
David Woodhouse [Wed, 15 Dec 2010 13:24:00 +0000 (13:24 +0000)]
Kil va_copy(). It isn't present on some ancient systems.

10 years agoImplement -D whitelist invoking user restriction.
Phil Pennock [Wed, 15 Dec 2010 07:43:33 +0000 (02:43 -0500)]
Implement -D whitelist invoking user restriction.

Document WHITELIST_D_MACROS.

10 years agodoc-txt updates for the security changes
Phil Pennock [Wed, 15 Dec 2010 01:02:24 +0000 (20:02 -0500)]
doc-txt updates for the security changes

10 years agoImplement -D filtering, first pass.
Phil Pennock [Tue, 14 Dec 2010 08:42:36 +0000 (03:42 -0500)]
Implement -D filtering, first pass.

10 years agoDocument the change to system_filter_user's default.
Phil Pennock [Tue, 14 Dec 2010 07:17:32 +0000 (02:17 -0500)]
Document the change to system_filter_user's default.

10 years agoChange the default for system_filter_user.
Phil Pennock [Tue, 14 Dec 2010 05:30:30 +0000 (00:30 -0500)]
Change the default for system_filter_user.

If the system filter needs to be run as root, let that be explicitly
configured.  The default is now the Exim run-time user.

Document this, and a couple of other points, in IncompatibleChanges.

10 years agoAllow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leak
David Woodhouse [Sun, 12 Dec 2010 10:18:48 +0000 (10:18 +0000)]
Allow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leak

10 years agoSet FD_CLOEXEC on SMTP sockets after forking to handle the connection.
David Woodhouse [Sun, 12 Dec 2010 02:48:18 +0000 (02:48 +0000)]
Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.

10 years agoAdd TRUSTED_CONFIG_PREFIX_FILE option
David Woodhouse [Sun, 12 Dec 2010 02:41:37 +0000 (02:41 +0000)]
Add TRUSTED_CONFIG_PREFIX_FILE option

(Bug 1044, CVE-2010-4345)

10 years agoRemove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.
David Woodhouse [Sat, 11 Dec 2010 23:39:54 +0000 (23:39 +0000)]
Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.

We *never* want the Exim user to be able to specify arbitrary configuration
files. Don't let them build it that way.

(Bug 1044, CVE-2010-4345)

10 years agoCheck configure file permissions even for non-default files if still privileged
David Woodhouse [Sat, 11 Dec 2010 14:09:17 +0000 (14:09 +0000)]
Check configure file permissions even for non-default files if still privileged

(Bug 1044, CVE-2010-4345)

10 years agoDon't allow a configure file which is writeable by the Exim user or group
David Woodhouse [Sat, 11 Dec 2010 13:44:55 +0000 (13:44 +0000)]
Don't allow a configure file which is writeable by the Exim user or group

(Bug 1044, CVE-2010-4345)

10 years agoAdd Valgrind hooks for memory pools
David Woodhouse [Thu, 9 Dec 2010 16:53:40 +0000 (16:53 +0000)]
Add Valgrind hooks for memory pools

It's useful to tell Valgrind when memory is undefined because it's been
freed by store_reset(), and when it's not supposed to be accessed because
although it's been allocated for the store it hasn't actually been given
out by store_get() yet.

11 years agoOpenSSL and XSL changes documented.
Phil Pennock [Sun, 5 Sep 2010 23:08:48 +0000 (19:08 -0400)]
OpenSSL and XSL changes documented.

Plus typo fixed.

11 years agoDocument the ClamAV ExtendedDetectionInfo response handling.
Phil Pennock [Sun, 5 Sep 2010 22:59:38 +0000 (18:59 -0400)]
Document the ClamAV ExtendedDetectionInfo response handling.

11 years agoOpenSSL 1.0.0 const fix for SSL_get_current_cipher
Phil Pennock [Sun, 11 Jul 2010 07:19:56 +0000 (00:19 -0700)]
OpenSSL 1.0.0 const fix for SSL_get_current_cipher

OpenSSL 1.0.0 changes SSL_get_current_cipher()'s return value to include
const.  It looks like a safe change for older OpenSSL, so treat it
appropriately and cast as needed.

11 years agoGuidance on contributing to Exim.
Phil Pennock [Wed, 7 Jul 2010 21:00:40 +0000 (14:00 -0700)]
Guidance on contributing to Exim.

11 years agoUse public http: URLs for XSL includes.
Phil Pennock [Tue, 6 Jul 2010 03:31:07 +0000 (20:31 -0700)]
Use public http: URLs for XSL includes.

Adjust OS-Fixups, document how this works in HowItWorks.txt

11 years agoRework clamd response handling to be more robust.
Phil Pennock [Sun, 5 Sep 2010 20:29:07 +0000 (16:29 -0400)]
Rework clamd response handling to be more robust.

In particular, clamd's ExtendedDetectionInfo option broke our parsing.

11 years agoMerge ssh://tahini.csx.cam.ac.uk/home/git/exim
John Jetmore [Tue, 20 Jul 2010 02:18:51 +0000 (21:18 -0500)]
Merge ssh://tahini.csx.cam.ac.uk/home/git/exim

11 years agoSomehow in learning how to use git I lost half the changes needed to fix the collisio...
John Jetmore [Tue, 20 Jul 2010 02:10:33 +0000 (21:10 -0500)]
Somehow in learning how to use git I lost half the changes needed to fix the collision between 0383.f and 0383.F on HFS+.  this is the second half of 04a45836676516936d791202928e249b711c03ee

11 years agoBugzilla #1006: Keep EHLO attributes in case STARTTLS errors are ignored
Tom Kistner [Mon, 19 Jul 2010 09:47:27 +0000 (11:47 +0200)]
Bugzilla #1006: Keep EHLO attributes in case STARTTLS errors are ignored

Applied patch submitted by Micha Lenk. Thanks!

11 years agoThe test architecture can't support having the testsuite user and the Exim user the...
John Jetmore [Sat, 17 Jul 2010 02:53:24 +0000 (22:53 -0400)]
The test architecture can't support having the testsuite user and the Exim user the same.  restrict it in runtest and add a note about it in the README

11 years agoChange to allow test 0383 to work on HFS+ (non-case-sensitive FS)
John Jetmore [Fri, 16 Jul 2010 02:20:58 +0000 (03:20 +0100)]
Change to allow test 0383 to work on HFS+ (non-case-sensitive FS)

11 years agoFix malware regression for cmdline scanner introduced in PP/08.
Phil Pennock [Sun, 4 Jul 2010 20:42:34 +0000 (13:42 -0700)]
Fix malware regression for cmdline scanner introduced in PP/08.
Notification from Dr Andrew Aitchison.

(Also: make the PP/08 description more complete)

11 years agoadded expansion tests for bool{} and bool_lax{}
John Jetmore [Mon, 14 Jun 2010 21:07:16 +0000 (21:07 +0000)]
added expansion tests for bool{} and bool_lax{}

11 years agoprint sizeof(off_t) in initial -bV output. Refuse to tun tests is sizeof(off_t)...
John Jetmore [Mon, 14 Jun 2010 20:30:12 +0000 (20:30 +0000)]
print sizeof(off_t) in initial -bV output.  Refuse to tun tests is sizeof(off_t) > 32.

11 years agoClarify that the ACL framework is not invoked for -bmalware, so that using
Phil Pennock [Mon, 14 Jun 2010 18:51:09 +0000 (18:51 +0000)]
Clarify that the ACL framework is not invoked for -bmalware, so that using
ACL variables in av_scanner blindly will not work.

11 years agoRemove logic branch which can use PRIdMAX for SIZE_T_FMT because it fails
Phil Pennock [Sun, 13 Jun 2010 08:26:40 +0000 (08:26 +0000)]
Remove logic branch which can use PRIdMAX for SIZE_T_FMT because it fails
when size_t is 32-bit but the system supports 64-bit integers.

11 years agoaccount for new information TLS log line added in tls-openssl.c 1.23
John Jetmore [Sat, 12 Jun 2010 18:10:00 +0000 (18:10 +0000)]
account for new information TLS log line added in tls-openssl.c 1.23

11 years agoremoved extraneous "\n" from the end of some log_write lines, removed "magic" string...
John Jetmore [Sat, 12 Jun 2010 17:56:32 +0000 (17:56 +0000)]
removed extraneous "\n" from the end of some log_write lines, removed "magic" string " => " from a non-delivery log line

11 years agoAdd tcp_wrappers_daemon_name (closes: bug #278)
John Jetmore [Sat, 12 Jun 2010 15:21:25 +0000 (15:21 +0000)]
Add tcp_wrappers_daemon_name (closes: bug #278)
(I honestly have no memory of writing this patch...)

11 years agoiaddressing bug 966 and my own concerns, stop sending non-panic error to panic log...
John Jetmore [Sat, 12 Jun 2010 13:54:38 +0000 (13:54 +0000)]
iaddressing bug 966 and my own concerns, stop sending non-panic error to panic log in dkim.c

11 years agoMinor doc updates:
Phil Pennock [Wed, 9 Jun 2010 01:30:16 +0000 (01:30 +0000)]
Minor doc updates:
 * -bmalware, note that not running as invoking user and emphasize that it's
   for debugging Exim, not for general scanning.
 * permit_codedump ?  coRedump.
 * Anon SSL lacking cert has been confirmed, fix works, remove the
   "(I believe)" (which also might have been inferred to mean I did the
   diagnosis; I didn't, I just convinced myself that Martin's analysis was
   correct).

11 years agoanother change related to Date/Message-Id order, just took me a while to realize...
John Jetmore [Tue, 8 Jun 2010 13:34:28 +0000 (13:34 +0000)]
another change related to Date/Message-Id order, just took me a while to realize how it was related.

11 years agolog/5101 - header order, plus new wording for appendfile to dir from MBX security...
John Jetmore [Tue, 8 Jun 2010 13:05:51 +0000 (13:05 +0000)]
log/5101 - header order, plus new wording for appendfile to dir from MBX security checks
stdout/0390 - allow for new option permit_coredump in output (from bug 834)

11 years agoRun when EXIM_USER=notroot specified.
Phil Pennock [Mon, 7 Jun 2010 18:25:57 +0000 (18:25 +0000)]
Run when EXIM_USER=notroot specified.

11 years agoFor the new SIZE_T_FMT, if not C99 then our size_t conversion specifier
Phil Pennock [Mon, 7 Jun 2010 18:09:07 +0000 (18:09 +0000)]
For the new SIZE_T_FMT, if not C99 then our size_t conversion specifier
should use PRIdMAX; this was disabled because I was testing the other logic
and forgot to restore before commit.  Bleh, sorry.
Add #if to protect against unused variable complaints for this too.

11 years agoBoth bool{} and bool_lax{} should ignore trailing whitespace.
Phil Pennock [Mon, 7 Jun 2010 08:42:15 +0000 (08:42 +0000)]
Both bool{} and bool_lax{} should ignore trailing whitespace.

11 years agoAdded bool_lax{} expansion operator, which uses Router condition logic to
Phil Pennock [Mon, 7 Jun 2010 08:23:20 +0000 (08:23 +0000)]
Added bool_lax{} expansion operator, which uses Router condition logic to
determine whether or not a string is true.
Switch the multiple-condition logic to use bool_lax{}.
Add note where we combine multiple conditions regarding the memory leak.

11 years agoAllow Routers to have multiple conditions, IF each one yields a strict bool.
Phil Pennock [Mon, 7 Jun 2010 07:09:10 +0000 (07:09 +0000)]
Allow Routers to have multiple conditions, IF each one yields a strict bool.
Fixes: #816

11 years agoClean up compiler warnings from { gcc -Wall }, many of which I introduced with
Phil Pennock [Mon, 7 Jun 2010 00:12:42 +0000 (00:12 +0000)]
Clean up compiler warnings from { gcc -Wall }, many of which I introduced with
the ClamAV and openssl_options patches in this release.

Logic in buildconfig.c for adjusting some print format strings assumed that
long ints were four bytes; adjust to test this against reality, to remove
spurious warnings on my dev box (FreeBSD/amd64).

Note: this commit adds a buildconfig.h dependency upon inttypes.h, which was in
SUSv2, so should be safe.

11 years agoBuild without WITH_CONTENT_SCAN.
Phil Pennock [Sun, 6 Jun 2010 22:46:33 +0000 (22:46 +0000)]
Build without WITH_CONTENT_SCAN.
Broken by -bmalware option added while reworking ClamAV to new API.
Path from Andreas Metzler (adjusted slightly).

11 years agoNo longer permit the exim user to be root. Fixes: #752
Phil Pennock [Sun, 6 Jun 2010 02:46:13 +0000 (02:46 +0000)]
No longer permit the exim user to be root.  Fixes: #752

11 years agoImplement --version. Fixes: #973
Phil Pennock [Sun, 6 Jun 2010 02:08:50 +0000 (02:08 +0000)]
Implement --version.  Fixes: #973

11 years agoLight documentation dusting from patch provided by John Horne.
Phil Pennock [Sun, 6 Jun 2010 01:35:41 +0000 (01:35 +0000)]
Light documentation dusting from patch provided by John Horne.
Fixes: #922

11 years agoImplement "control = debug" ACL control. Fixes: #937
Phil Pennock [Sun, 6 Jun 2010 00:25:46 +0000 (00:25 +0000)]
Implement "control = debug" ACL control.  Fixes: #937

11 years agoNew expansion operator: reverse_ip
Phil Pennock [Sat, 5 Jun 2010 23:50:18 +0000 (23:50 +0000)]
New expansion operator: reverse_ip

11 years agoUpdate OptionLists. (Claim for 4.72 because 4.73 not yet complete and don't
Phil Pennock [Sat, 5 Jun 2010 21:42:53 +0000 (21:42 +0000)]
Update OptionLists.  (Claim for 4.72 because 4.73 not yet complete and don't
want to claim have *more* than we do, but okay to make a lesser claim).

Typo fix in RFC reference in spec.xfpt.

11 years agoClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
Phil Pennock [Sat, 5 Jun 2010 11:13:29 +0000 (11:13 +0000)]
ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
New command-line option, -bmalware (restricted to admin_user).
Fixes: #926

11 years agoDeal with anonymous SSL giving us no peer certificate.
Phil Pennock [Sat, 5 Jun 2010 10:34:29 +0000 (10:34 +0000)]
Deal with anonymous SSL giving us no peer certificate.

11 years agoHandle SASL Initial Response.
Phil Pennock [Sat, 5 Jun 2010 10:16:36 +0000 (10:16 +0000)]
Handle SASL Initial Response.
See discussion at:
  http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html
and the code is "correct by inspection", for whatever that's worth.

11 years agoAdd permit_coredump pipe transport option. Fixes: #834
Phil Pennock [Sat, 5 Jun 2010 10:04:43 +0000 (10:04 +0000)]
Add permit_coredump pipe transport option.  Fixes: #834

11 years agoDoh, fix the error message to say SSL_read not SSL_write.
Phil Pennock [Sat, 5 Jun 2010 09:36:11 +0000 (09:36 +0000)]
Doh, fix the error message to say SSL_read not SSL_write.

11 years agoLog a diagnostic when an SSL write fails, to help admins debug SSL interop issues.
Phil Pennock [Sat, 5 Jun 2010 09:32:31 +0000 (09:32 +0000)]
Log a diagnostic when an SSL write fails, to help admins debug SSL interop issues.
Fixes: #995

11 years agoAdd an openssl_options main configuration option, to allow administrators to
Phil Pennock [Sat, 5 Jun 2010 09:10:08 +0000 (09:10 +0000)]
Add an openssl_options main configuration option, to allow administrators to
shoot themselves in each foot in turn.  The default value is chosen to avoid
a change in behaviour, but since it is disabling a security countermeasure,
I'd like to change the default to be "no options".  Fixes: #994