Phil Pennock [Mon, 7 Jun 2010 00:12:42 +0000 (00:12 +0000)]
Clean up compiler warnings from { gcc -Wall }, many of which I introduced with
the ClamAV and openssl_options patches in this release.
Logic in buildconfig.c for adjusting some print format strings assumed that
long ints were four bytes; adjust to test this against reality, to remove
spurious warnings on my dev box (FreeBSD/amd64).
Note: this commit adds a buildconfig.h dependency upon inttypes.h, which was in
SUSv2, so should be safe.
Phil Pennock [Sat, 5 Jun 2010 11:13:29 +0000 (11:13 +0000)]
ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.
New command-line option, -bmalware (restricted to admin_user). Fixes: #926
Phil Pennock [Sat, 5 Jun 2010 10:16:36 +0000 (10:16 +0000)]
Handle SASL Initial Response.
See discussion at:
http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html
and the code is "correct by inspection", for whatever that's worth.
Phil Pennock [Sat, 5 Jun 2010 09:10:08 +0000 (09:10 +0000)]
Add an openssl_options main configuration option, to allow administrators to
shoot themselves in each foot in turn. The default value is chosen to avoid
a change in behaviour, but since it is disabling a security countermeasure,
I'd like to change the default to be "no options". Fixes: #994
John Jetmore [Sat, 5 Jun 2010 01:58:39 +0000 (01:58 +0000)]
runtest - trim trailing whitespace from otherwise un-rewritten host lines in munge function
0190, 0244, 0297, 0350, 0430 - standardize trailing whitespace
0403 - lingering header order fix, fix change in lookup type encoding after dkim lookup type removal
John Jetmore [Fri, 4 Jun 2010 18:20:51 +0000 (18:20 +0000)]
With a few minor exceptions for tests that had additional concerns and tests I don't have working in my environment yet, this should be the last of the header-order-related changes
Phil Pennock [Thu, 3 Jun 2010 08:19:13 +0000 (08:19 +0000)]
Include check_rfc2047_length in configure.default to raise the visibility
because we're seeing more Russian administrators get bitten by this.
Idealism says this option is set correctly by default. Pragmatism says not.
There's a good argument for the idealism but if we see the problems escalate
then the idealism will have lost and we should, IMO, switch.
Phil Pennock [Thu, 3 Jun 2010 05:40:27 +0000 (05:40 +0000)]
The Date: and Message-Id: headers should normally be *appended* to a message,
and only *prepended* when are Resent-* headers. Regression was introduced
with the prepend logic in Exim 4.70, for bug #607.
Phil Pennock [Sat, 29 May 2010 12:11:48 +0000 (12:11 +0000)]
Protect against symlink attacks on MBX lockfile in /tmp as best we can:
* if system supports O_NOFOLLOW, use it, protection complete
* else detect the attack "too late" and abort, where at worst an empty file
has been created as the attacked user
Our hands are tied by not changing the locking algorithm.
Michael Haardt [Thu, 18 Feb 2010 12:09:15 +0000 (12:09 +0000)]
Treat the transport option dkim_domain as a colon separated list, not
as a single string, and sign the message with each element, omitting
multiple occurences of the same signer.
The transport option dkim_domain should be renamed to dkim_add_signers.
The values of dkim_selector and dkim_private_key are expanded for
each signer available in $dkim_domain. It is unclear if signatures
for domains that already signed the mail should be omitted and if we
need a new variable for signatures to omit or if it could be hardcoded,
but this question is independent of this patch.
John Jetmore [Mon, 4 Jan 2010 18:16:54 +0000 (18:16 +0000)]
Updating exipick from 20061117.2 to 20100104.1, adding $max_received_linelength, $data_path, and $header_path variables; fixing documentation bugs and typos