Todd Lyons [Sat, 30 Nov 2013 19:31:21 +0000 (11:31 -0800)]
Proxy Protocol - Server support
Initial conf setting and expansions
Logging setting whether to record proxy host, off by default
Put PROXY processing before connect ACL
Fix incoming address logging
Add Proxy Protocol to ChangeLog
Set window for Proxy Protocol header to be sent
Update docs and EDITME.
Jeremy Harris [Wed, 20 Nov 2013 14:19:37 +0000 (14:19 +0000)]
Fix testsuite build on Solaris
As of s11, Solaris & derivatives need libsocket and libnsl. Ensure they are searched for
by autoconfig. This seems to be successfully ignored on Linux.
Credit to Dave Edmondson (dme@dme.org) for the fix.
Phil Pennock [Thu, 3 Oct 2013 20:13:52 +0000 (16:13 -0400)]
Finish the xfpt fix.
The readers of the version expect no surrounding whitespace; putting the
content in-place requires macro expansion, which requires that .literal
mode be `layout` or `off`, but either of those will escape the XML angle
brackets. The easiest fix is to generate the XML as part of the macro
definition.
Moved local_params rules out of Makefile and into GenLocalParams
Phil Pennock [Thu, 3 Oct 2013 18:50:09 +0000 (14:50 -0400)]
Unbreak HTML build for RC candidates.
The HTML build now uses the website repo, which extracts the version
number from the XML (generated from the .xfpt). Meanwhile, commit 2aee48d6 made the version number in the build process dynamic, taking
the value from the release script (via an environ variable).
This change fixes the invocation to pass the version _without_ an RC
suffix to the XML build, letting HTML generation happen.
Todd Lyons [Tue, 1 Oct 2013 16:24:19 +0000 (09:24 -0700)]
Bugzilla 1217: Experimental Redis lookup
Add want_experimental() test in the script to create the lookups
Makefile to ease detection of requested Experimental features, and
simplify the #ifdef guards in the redis.c.
Phil Pennock [Mon, 30 Sep 2013 04:57:07 +0000 (00:57 -0400)]
Fix dovecot with empty 334 challenge.
Thomas Morper reported, with 4.82RC1, that he saw "334 NULL" as the
challenge when using AUTH PLAIN to Dovecot when the client does not send
an initial response. I could replicate.
This was caused by commit 3f1df0e3 on 2012-11-19 (PP/13 of 4.82); I was
too cautious in the robustness fixes; the clue came in this line of
debug output:
76430 dovecot: warning: ignoring trailing tab
This change removes that check, and documents in a comment that this
input is acceptable protocol-wise, and why.
Phil Pennock [Thu, 26 Sep 2013 18:18:09 +0000 (11:18 -0700)]
Clarify CL: the CVE security fix already in 4.80.1
On re-reading the text for 4.82, it read as though there were a new
security fix which might require an upgrade. Clarified that this fix
has already been released (in 4.80.1).
Phil Pennock [Wed, 31 Jul 2013 22:50:04 +0000 (18:50 -0400)]
Fix segfault in stdio with non-SMTP MIME ACL.
When injecting a message locally in non-SMTP mode, and with MIME ACLs
configured, if the ACL rejected the message, Exim would try to
`fprintf(NULL, "%s", the_message)`. This fixes that.
Most ACLs are plumbed in SMTP-only and looking through the others in
receive.c, they all appear to be safely guarded, so it was just this one
that slipped through.
Crash report and assistance tracking down the root cause from Warren
Baker.
Jeremy Harris [Sun, 21 Jul 2013 11:50:53 +0000 (12:50 +0100)]
Remove ACL-config skip so that ${acl } expansions work from queue-runs.
Previously we skipped parsing the ACL section when not needed. Now it is
potentially needed in all cases. The skip was ~5% faster than a full parse
so probably not a large part of the exim process startup.
Fix up testsuite output files affected by the removal and add a regression test.
Phil Pennock [Mon, 10 Jun 2013 06:50:18 +0000 (02:50 -0400)]
Guard LDAP TLS usage against Solaris LDAP variant.
PP/22
Report from Prashanth Katuri.
This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.