summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-01-22Sign Script - Take EXIM_KEY from environ.Phil Pennock
2011-01-21Reworked changebars (still relative to 4.72) in doc sourceNigel Metheringham
2011-01-21Update dates.exim-4_74_RC1Phil Pennock
Spec: both doc date and release date (plus copyright year). Filter: only release date (doc not changed, so neither is copyright year)
2011-01-21Test suite: make cf 64-bit compat for -exact.Phil Pennock
I assume stdint.h and intptr_t available for any platform where we're running the test suite.
2011-01-21Tests compat. setgid failure / dropped_privilegePhil Pennock
If we've *dropped* privilege, it's okay to not abort if setgid fails. Document some of what's now needed for the test suite. Adjust the test suide for better post-4.73 compat.
2011-01-21Bump version to 4.74.Phil Pennock
Docs deliberately keep changebars since v4.72 as 4.73 has not been out for long. OptionLists updates for dynamic modules and for the security changes from 4.73.
2011-01-21IncompatibleChanges out, README.UPDATING updated.Phil Pennock
I forgot about README.UPDATING and introduced a new txt file with the 4.73 release, noting incompatible changes. Because these weren't documented in the normal place, some people missed them. Mea culpa. Integrated the notes from IncompatibleChanges into README.UPDATING. Added a note on the ABI of the dynlookups.
2011-01-21Check return values of setgid/setuid.Phil Pennock
CVE-2011-0017 One assertion of the unimportance of checking the return value was wrong, in the event of a compromised exim run-time user.
2011-01-21Version reporting & module ABI change.Phil Pennock
Debug version display reports library info. Bumps lookup API magic constant, adds new field to module API. When invoking { exim -d -bV } we can display more version information. Show versions for many external libraries, including both compile-time and run-time information if we can. Optional for modules, may be NULL. Implemented for MySQL, SQLite & Whoson lookups. For all lookups, if dynamically loaded, report the Exim version number from the build. (Packagers will bundle stuff, but dynamic modules are no longer just available for packagers, so we need to deal with less managed environments and people forgetting to install new modules). Suggest in EDITME that users of modules not using package management consider embedding a version number in the path to the modules. Should consider removing the TLS (OpenSSL/GnuTLS) reporting from the default -bV display and moving it into the debug display. Not done. Created version.h, now support a version extension string for distributors who patch heavily. Henceforth release engineer should change the version in version.h not version.c.
2011-01-17Module loading working on FreeBSD (and unbreak).Phil Pennock
(1) Commit eec525c43adade97ff94d839810faf7cb35bd87f broke module support, because we *do* still need some exported variable definitions, as for a module to actually work, we need the per-module _INCLUDE/_LIBS settings. (2) FreeBSD's nsdispatch() will leave dlerror() returning a complaint about "_nss_cache_cycle_prevention_function"; we need to clear the error state before the dlsym() call, so that any error found afterwards must have come from that dlsym() call. Fix is just an extra call to dlerror(), which should be portable. I can now use sqlite3 from a module, in FreeBSD.
2011-01-17Mention new dlopen functionality.Phil Pennock
2011-01-16Clarify: tls_verify_certificates is for CA certs.Phil Pennock
It can be used for individual user certs but is really intended for CAs. Note this, and explain that if the tls_verify_certificates value is a file, then the certs within are sent from the server to clients, thus is public data.
2011-01-16Let /dev/null have normal permissions.Phil Pennock
The 4.73 fixes were a little too stringent and complained about the permissions on /dev/null. Exempt it from some checks. Reported by Andreas M. Kirchwitz
2011-01-16Bug-fix for bash and no-dynamic case.Phil Pennock
When writing the patch, originally nothing other than a cp was needed if there were no dynamic modules. That changed, but the guard at the top did not. Remove that check. bash does not like a block which consists solely of a comment. Provide a ':' invocation. Both problems spotted by Simon Arlott -- thanks.
2011-01-16Bug 139: portability fixes and documentation.Phil Pennock
Document the dynamic lookup module capability in spec.xfpt. Include a ChangeLog item. Avoid the GNU-specific "export" make(1) directive. Build the lookups Makefile using the existing framework. Build with BSD Make once more. The src/lookups/Makefile that is used at build time now has the dynamic content come from scripts/lookups-Makefile. Add CFLAGS_DYNAMIC support, which can be set in Local/Makefile. Provide defaults for Linux & FreeBSD. Ensure that build fails early if a dynamic module is requested but CFLAGS_DYNAMIC is not defined.
2011-01-14src/deliver.c: log the error message when unlink(spoolname) failsTony Finch
2011-01-14src/transports/smtp.c: log LMTP confirmation same as SMTPTony Finch
2011-01-14src/dbfn.c: write lock aquisition failures to the panic logTony Finch
2011-01-14CONTRIBUTING: correct expansion of GPLTony Finch
2011-01-12Bugzilla #1067 - DKIM: Fix relaxed header canon for headers ending with ↵Tom Kistner
whitespace.
2011-01-05Include <dlfcn.h> only when necessaryDavid Woodhouse
2011-01-05Add dynamic lookup supportDavid Woodhouse
Fixed: bug #139
2010-12-26DKIM ACL DocumentationNigel Metheringham
Fixes: bug #929
2010-12-26Fixes: bug #1002 - Message loss when using multiple deliveriesMiroslav Lichvar
2010-12-26LDAP Authetication documentation example syntax fixNigel Metheringham
Fixes: bug #999
2010-12-26Reword BSMTP ACL documentationNigel Metheringham
Fixes: bug #974
2010-12-26Eximstats documentstion - s/delivery_time/deliver_time/Nigel Metheringham
Fixes: bug #1034
2010-12-26drop unwanted paragraph break.Andreas Metzler
Fixes: bug #1052 Signed-off-by: Nigel Metheringham <nigel@exim.org>
2010-12-26fix grammar error: s/this/that/Andreas Metzler
Fixes: bug #1051 Signed-off-by: Nigel Metheringham <nigel@exim.org>
2010-12-23Merge branch 'master' of ssh://git.exim.org/home/git/eximNigel Metheringham
2010-12-21Do not refer to TRUSTED_CONFIG_PREFIX_FILE.Andreas Metzler
Refer to TRUSTED_CONFIG_LIST instead of TRUSTED_CONFIG_PREFIX_FILE in documentation and comments.
2010-12-19Inserted change notifications into the documentation sourceNigel Metheringham
2010-12-18Make the documentation cleared that TRUSTED_CONFIG_LIST is pathname one per lineDavid Woodhouse
2010-12-18Release script now generates the HTML documentationNigel Metheringham
This is really rather crude... but should work.
2010-12-18Updated version numbers of code and documentationNigel Metheringham
2010-12-17Merge branch 'master' of ssh://git.exim.org/home/git/eximDavid Woodhouse
2010-12-17Stripped old HTML doc generation - will add new HTML gen soonNigel Metheringham
2010-12-16Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexesDavid Woodhouse
2010-12-16Updated mk_exim_release.pl to work with gitNigel Metheringham
However this still builds docs as before - ie it does not use the new HTML generation. Will work on that next.
2010-12-15Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -CDavid Woodhouse
We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to; other users don't get to make use of it.
2010-12-15Kil va_copy(). It isn't present on some ancient systems.David Woodhouse
2010-12-15Implement -D whitelist invoking user restriction.Phil Pennock
Document WHITELIST_D_MACROS.
2010-12-14doc-txt updates for the security changesPhil Pennock
2010-12-14Implement -D filtering, first pass.Phil Pennock
2010-12-14Document the change to system_filter_user's default.Phil Pennock
2010-12-14Change the default for system_filter_user.Phil Pennock
If the system filter needs to be run as root, let that be explicitly configured. The default is now the Exim run-time user. Document this, and a couple of other points, in IncompatibleChanges.
2010-12-12Allow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leakDavid Woodhouse
2010-12-12Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.David Woodhouse
2010-12-12Add TRUSTED_CONFIG_PREFIX_FILE optionDavid Woodhouse
(Bug 1044, CVE-2010-4345)
2010-12-12Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.David Woodhouse
We *never* want the Exim user to be able to specify arbitrary configuration files. Don't let them build it that way. (Bug 1044, CVE-2010-4345)