Phil Pennock [Sun, 30 Jan 2011 08:34:31 +0000 (03:34 -0500)]
sudo !tty_tickets; correct config file list.
sudo needs to permit sudo w/o a TTY.
The config file used is the same for each test, the individual config
files are made available under a particular name. Correct that advice.
Phil Pennock [Sun, 30 Jan 2011 05:21:20 +0000 (00:21 -0500)]
The test suite dislikes USE_READLINE.
There's a lot of copying of stdin to stdout when using readline for -be,
which breaks the test suite. The suite now runs well enough for me to
fix the stuff broken by the debugging changes I introduced.
Phil Pennock [Fri, 28 Jan 2011 00:08:45 +0000 (19:08 -0500)]
Pulled spamd_address-expanded caching fix.
Author: Wolfgang Breyha
Bugzilla: 935
Attachment: 378
(looks like it could do with a strcmp check at the end before the extra
string_copy, but that's a nicety and the author has presumably been
running with this).
Phil Pennock [Fri, 28 Jan 2011 00:07:05 +0000 (19:07 -0500)]
Permit make values to be indented or in env.
It appears some make(1)s are not complaining about variables defined
with leading whitespace on the line. Permit that where we can, for the
lookups, but it's not tenable for CFLAGS_DYNAMIC.
Some people are specifying knobs on the make command-line, so we get
them via the environment.
Tested: indented LOOKUP_CDB and commented out LOOKUP_DNSDB, supplying it
via { make LOOKUP_DNSDB=yes }. { exim -d --version } shows both are
built-in, no results from { fgrep DNSDB build-*/Makefile }.
Phil Pennock [Mon, 24 Jan 2011 21:40:38 +0000 (16:40 -0500)]
Bug-fix the xpg4 Solaris logic.
Should not code at 9am when still awake then.
Should sanity-review such code changes before submitting (after sleep).
Should s,/usr/xpg4/bin/sh,/bin/bash, as a convenient test to confirm
what I suspected. But should do so pre-submit.
Phil Pennock [Sun, 23 Jan 2011 10:41:55 +0000 (05:41 -0500)]
Loadable modules: fix debug invocations
The new code was calling DEBUG(<n>) for values of n including 4, 5, 9;
that was an Exim 3 API, we now use bits; -v sets bit 0x1, -bP implies
-v, so { exim -bP } was pulling up random debug messages.
Switched all the DEBUG checks to be DEBUG(D_lookup).
Phil Pennock [Sun, 23 Jan 2011 10:44:45 +0000 (05:44 -0500)]
Bug 1071: fix delivery logging with untrusted macros.
If dropping privileges for untrusted macros, we disabled normal logging
on the basis that it would fail; for the Exim run-time user, this is not
the case, and it resulted in successful deliveries going unlogged.
Fixed. Reported by Andreas Metzler.
Phil Pennock [Fri, 21 Jan 2011 09:12:15 +0000 (04:12 -0500)]
IncompatibleChanges out, README.UPDATING updated.
I forgot about README.UPDATING and introduced a new txt file with the
4.73 release, noting incompatible changes. Because these weren't
documented in the normal place, some people missed them. Mea culpa.
Integrated the notes from IncompatibleChanges into README.UPDATING.
Phil Pennock [Fri, 21 Jan 2011 08:25:51 +0000 (03:25 -0500)]
Version reporting & module ABI change.
Debug version display reports library info.
Bumps lookup API magic constant, adds new field to module API.
When invoking { exim -d -bV } we can display more version information.
Show versions for many external libraries, including both compile-time
and run-time information if we can.
Optional for modules, may be NULL. Implemented for MySQL, SQLite &
Whoson lookups. For all lookups, if dynamically loaded, report the
Exim version number from the build. (Packagers will bundle stuff, but
dynamic modules are no longer just available for packagers, so we need
to deal with less managed environments and people forgetting to install
new modules).
Suggest in EDITME that users of modules not using package management
consider embedding a version number in the path to the modules.
Should consider removing the TLS (OpenSSL/GnuTLS) reporting from the
default -bV display and moving it into the debug display. Not done.
Created version.h, now support a version extension string for
distributors who patch heavily. Henceforth release engineer should
change the version in version.h not version.c.
Phil Pennock [Mon, 17 Jan 2011 13:43:35 +0000 (08:43 -0500)]
Module loading working on FreeBSD (and unbreak).
(1) Commit eec525c43adade97ff94d839810faf7cb35bd87f broke module
support, because we *do* still need some exported variable
definitions, as for a module to actually work, we need the
per-module _INCLUDE/_LIBS settings.
(2) FreeBSD's nsdispatch() will leave dlerror() returning a complaint
about "_nss_cache_cycle_prevention_function"; we need to clear the
error state before the dlsym() call, so that any error found
afterwards must have come from that dlsym() call. Fix is just an
extra call to dlerror(), which should be portable.
Phil Pennock [Mon, 17 Jan 2011 03:21:37 +0000 (22:21 -0500)]
Clarify: tls_verify_certificates is for CA certs.
It can be used for individual user certs but is really intended for
CAs. Note this, and explain that if the tls_verify_certificates value
is a file, then the certs within are sent from the server to clients,
thus is public data.
Phil Pennock [Mon, 17 Jan 2011 02:54:53 +0000 (21:54 -0500)]
Let /dev/null have normal permissions.
The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null. Exempt it from some checks.
Reported by Andreas M. Kirchwitz
Phil Pennock [Sun, 16 Jan 2011 23:36:55 +0000 (18:36 -0500)]
Bug-fix for bash and no-dynamic case.
When writing the patch, originally nothing other than a cp was needed if
there were no dynamic modules. That changed, but the guard at the top
did not. Remove that check.
bash does not like a block which consists solely of a comment. Provide
a ':' invocation.
David Woodhouse [Wed, 15 Dec 2010 13:47:46 +0000 (13:47 +0000)]
Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C
We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing
of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to;
other users don't get to make use of it.
David Woodhouse [Thu, 9 Dec 2010 16:53:40 +0000 (16:53 +0000)]
Add Valgrind hooks for memory pools
It's useful to tell Valgrind when memory is undefined because it's been
freed by store_reset(), and when it's not supposed to be accessed because
although it's been allocated for the store it hasn't actually been given
out by store_get() yet.
Phil Pennock [Sun, 11 Jul 2010 07:19:56 +0000 (00:19 -0700)]
OpenSSL 1.0.0 const fix for SSL_get_current_cipher
OpenSSL 1.0.0 changes SSL_get_current_cipher()'s return value to include
const. It looks like a safe change for older OpenSSL, so treat it
appropriately and cast as needed.
John Jetmore [Tue, 20 Jul 2010 02:10:33 +0000 (21:10 -0500)]
Somehow in learning how to use git I lost half the changes needed to fix the collision between 0383.f and 0383.F on HFS+. this is the second half of 04a45836676516936d791202928e249b711c03ee