David Woodhouse [Thu, 9 Dec 2010 16:53:40 +0000 (16:53 +0000)]
Add Valgrind hooks for memory pools
It's useful to tell Valgrind when memory is undefined because it's been
freed by store_reset(), and when it's not supposed to be accessed because
although it's been allocated for the store it hasn't actually been given
out by store_get() yet.
Phil Pennock [Sun, 11 Jul 2010 07:19:56 +0000 (00:19 -0700)]
OpenSSL 1.0.0 const fix for SSL_get_current_cipher
OpenSSL 1.0.0 changes SSL_get_current_cipher()'s return value to include
const. It looks like a safe change for older OpenSSL, so treat it
appropriately and cast as needed.
John Jetmore [Tue, 20 Jul 2010 02:10:33 +0000 (21:10 -0500)]
Somehow in learning how to use git I lost half the changes needed to fix the collision between 0383.f and 0383.F on HFS+. this is the second half of 04a45836676516936d791202928e249b711c03ee
Phil Pennock [Wed, 9 Jun 2010 01:30:16 +0000 (01:30 +0000)]
Minor doc updates:
* -bmalware, note that not running as invoking user and emphasize that it's
for debugging Exim, not for general scanning.
* permit_codedump ? coRedump.
* Anon SSL lacking cert has been confirmed, fix works, remove the
"(I believe)" (which also might have been inferred to mean I did the
diagnosis; I didn't, I just convinced myself that Martin's analysis was
correct).
John Jetmore [Tue, 8 Jun 2010 13:05:51 +0000 (13:05 +0000)]
log/5101 - header order, plus new wording for appendfile to dir from MBX security checks
stdout/0390 - allow for new option permit_coredump in output (from bug 834)
Phil Pennock [Mon, 7 Jun 2010 18:09:07 +0000 (18:09 +0000)]
For the new SIZE_T_FMT, if not C99 then our size_t conversion specifier
should use PRIdMAX; this was disabled because I was testing the other logic
and forgot to restore before commit. Bleh, sorry.
Add #if to protect against unused variable complaints for this too.
Phil Pennock [Mon, 7 Jun 2010 08:23:20 +0000 (08:23 +0000)]
Added bool_lax{} expansion operator, which uses Router condition logic to
determine whether or not a string is true.
Switch the multiple-condition logic to use bool_lax{}.
Add note where we combine multiple conditions regarding the memory leak.
Phil Pennock [Mon, 7 Jun 2010 00:12:42 +0000 (00:12 +0000)]
Clean up compiler warnings from { gcc -Wall }, many of which I introduced with
the ClamAV and openssl_options patches in this release.
Logic in buildconfig.c for adjusting some print format strings assumed that
long ints were four bytes; adjust to test this against reality, to remove
spurious warnings on my dev box (FreeBSD/amd64).
Note: this commit adds a buildconfig.h dependency upon inttypes.h, which was in
SUSv2, so should be safe.
Phil Pennock [Sat, 5 Jun 2010 11:13:29 +0000 (11:13 +0000)]
ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
New command-line option, -bmalware (restricted to admin_user). Fixes: #926
Phil Pennock [Sat, 5 Jun 2010 10:16:36 +0000 (10:16 +0000)]
Handle SASL Initial Response.
See discussion at:
http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html
and the code is "correct by inspection", for whatever that's worth.
Phil Pennock [Sat, 5 Jun 2010 09:10:08 +0000 (09:10 +0000)]
Add an openssl_options main configuration option, to allow administrators to
shoot themselves in each foot in turn. The default value is chosen to avoid
a change in behaviour, but since it is disabling a security countermeasure,
I'd like to change the default to be "no options". Fixes: #994
John Jetmore [Sat, 5 Jun 2010 01:58:39 +0000 (01:58 +0000)]
runtest - trim trailing whitespace from otherwise un-rewritten host lines in munge function
0190, 0244, 0297, 0350, 0430 - standardize trailing whitespace
0403 - lingering header order fix, fix change in lookup type encoding after dkim lookup type removal
John Jetmore [Fri, 4 Jun 2010 18:20:51 +0000 (18:20 +0000)]
With a few minor exceptions for tests that had additional concerns and tests I don't have working in my environment yet, this should be the last of the header-order-related changes
Phil Pennock [Thu, 3 Jun 2010 08:19:13 +0000 (08:19 +0000)]
Include check_rfc2047_length in configure.default to raise the visibility
because we're seeing more Russian administrators get bitten by this.
Idealism says this option is set correctly by default. Pragmatism says not.
There's a good argument for the idealism but if we see the problems escalate
then the idealism will have lost and we should, IMO, switch.
Phil Pennock [Thu, 3 Jun 2010 05:40:27 +0000 (05:40 +0000)]
The Date: and Message-Id: headers should normally be *appended* to a message,
and only *prepended* when are Resent-* headers. Regression was introduced
with the prepend logic in Exim 4.70, for bug #607.
Phil Pennock [Sat, 29 May 2010 12:11:48 +0000 (12:11 +0000)]
Protect against symlink attacks on MBX lockfile in /tmp as best we can:
* if system supports O_NOFOLLOW, use it, protection complete
* else detect the attack "too late" and abort, where at worst an empty file
has been created as the attacked user
Our hands are tied by not changing the locking algorithm.
Michael Haardt [Thu, 18 Feb 2010 12:09:15 +0000 (12:09 +0000)]
Treat the transport option dkim_domain as a colon separated list, not
as a single string, and sign the message with each element, omitting
multiple occurences of the same signer.
The transport option dkim_domain should be renamed to dkim_add_signers.
The values of dkim_selector and dkim_private_key are expanded for
each signer available in $dkim_domain. It is unclear if signatures
for domains that already signed the mail should be omitted and if we
need a new variable for signatures to omit or if it could be hardcoded,
but this question is independent of this patch.
John Jetmore [Mon, 4 Jan 2010 18:16:54 +0000 (18:16 +0000)]
Updating exipick from 20061117.2 to 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixing documentation bugs and typos
projects / user / henk / code / exim.git / log