summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-05-25release: no .lz by default for nowPhil Pennock
2012-05-25Doc: Provide context for bare numbers from CHAP/SECT.Phil Pennock
2012-05-25Cyrus SASL auth: SSF retrieval was incorrect.Phil Pennock
Exim thought protection layer was required, which is not implemented. Patch from Wolfgang Breyha. Fixes bug 1254
2012-05-25It's 2012, not 1012. Noted by Jay RoumanPhil Pennock
2012-05-24Added some more .gitignore entriesNigel Metheringham
Ignore more build side effects
2012-05-24Moved pdkim declaration to satisfy older compilersNigel Metheringham
As suggested by Dennis Davis to fix an error with gcc 2.95.2 which threw the following error:- gcc pdkim.c pdkim.c: In function `pdkim_feed_finish': pdkim.c:1389: parse error before `*' pdkim.c:1390: `hdrs' undeclared (first use in this function) pdkim.c:1390: (Each undeclared identifier is reported only once pdkim.c:1390: for each function it appears in.) gmake[2]: *** [pdkim.o] Error 1 See https://lists.exim.org/lurker/message/20120524.094800.89928246.en.html
2012-05-24ReleaseTools: support .lz lzip archivesPhil Pennock
2012-05-23_ISOC99_SOURCE -> _GNU_SOURCEexim-4_80_RC5Phil Pennock
_ISOC99_SOURCE broke build on Linux (Ubuntu 11.10) because it broke <resolv.h>, <arpa/nameser.h>, etc. Their u_char and u_int usage relies upon BSD source being enabled too. So use _GNU_SOURCE.
2012-05-23Define _ISOC99_SOURCE in exim.hPhil Pennock
Done before os.h is pulled in so an OS can override it.
2012-05-23Doc: move -bmalware into alphabetic placePhil Pennock
2012-05-23Doc: s/DNS/domains/ in new textPhil Pennock
2012-05-23Doc: document when dnslookup will declinePhil Pennock
2012-05-23Doc: tls_require_ciphers examplesPhil Pennock
Note how to test strings, provide examples which distinguish port 25 from other ports. Carefully used short examples, but allows two different strings per implementation and demonstrates how the strings are very different.
2012-05-23Manually control locale, setting to "C" in runtest script.Todd Lyons
Fixes the output of 'ls' command to a standard format (test 345).
2012-05-23expanded comment, noting size types and API issuePhil Pennock
2012-05-22README.UPDATING: emphasise more the LDAP issuePhil Pennock
2012-05-22OCSP description: minor nitsPhil Pennock
2012-05-21Enable PCRE_CONFIG by defaultPhil Pennock
With this, src/EDITME as Local/Makefile *only* needs EXIM_USER to be set and EXIM_MONITOR commented out for Exim to build on my box. I think this is a reasonable default; if there are releases of PCRE which do not include pcre-config, then on those boxes a slight change will be needed, but only where the file was already having to be edited anyway.
2012-05-21Guard SNI usage better (client-side)Phil Pennock
2012-05-21Testsuite: more robust fix for SHELL vs /bin/sh, take two.Jeremy Harris
2012-05-21Revert "Testsuite: more robust fix for SHELL vs /bin/sh"Jeremy Harris
This reverts commit 8dedb69a41c30fd82ab6e084fe567f7ee7aaa562. Kills testcase 0137.
2012-05-21Testsuite: more robust fix for SHELL vs /bin/shJeremy Harris
2012-05-21OpenBSD compat, DNS resolver libraryPhil Pennock
Report and point to fix from Dennis Davis.
2012-05-21Update binary's copyright message.Phil Pennock
Rough text per suggestion from Tony. Amended ACKNOWLEDGEMENTS briefly, but need to actually add people. Like, er, me.
2012-05-21avoid NUL in dh params filePhil Pennock
gnutls_dh_params_export_pkcs3() returns 2 different sizes. NUL observed by Janne Snabb
2012-05-21.end -> .wenexim-4_80_RC4Phil Pennock
2012-05-21Add tls_dh_max_bits to OptionLists.txtPhil Pennock
2012-05-21features.h; tls_validate_require_cipher: log flag & testsexim-4_80_RC3Phil Pennock
Pull in <features.h> on Linux. Switch readconf log from D_all (bug) to D_tls (though D_any would have worked). Modified runtest to handle clamped DH bits and tls_validate_require_cipher added debug logging.
2012-05-20only drop privs for TLS if still rootPhil Pennock
2012-05-20Update docs for latest state of TLS affairs.Phil Pennock
gnutls-params bits count no longer necessarily what GnuTLS says to use. The OpenSSL-vs-GnuTLS text needed some updating. Catches a ChangeLog addition made during the previous commit, so not picked up by it.
2012-05-20Added tls_dh_max_bits & check tls_require_ciphers early.Phil Pennock
Janne Snabb tracked down the GnuTLS 2.12 vs NSS (Thunderbird) interop problems to a hard-coded limit of 2236 bits for DH in NSS while GnuTLS was suggesting 2432 bits as normal. Added new global option tls_dh_max_bits to clamp all DH values (client or server); unexpanded integer. Default value to 2236. Apply to both GnuTLS and OpenSSL (which requires tls_dh_params for this). Tired of debugging "SMTP fails TLS" error messages in mailing-lists caused by OpenSSL library/include clashes, and of finding out I typo'd in tls_require_ciphers only at the STARTTLS handshake. During readconf, fork/drop-privs/initialise-TLS-library. In that, if tls_require_ciphers is set, then validate it. The validation child will panic if it can't initialise or if tls_require_ciphers can't be parsed, else it exits 0. If the child exits anything other than 0, the main Exim process will exit.
2012-05-20Guard TLS SNI callback define better.Phil Pennock
Guarded the callback invocation on OpenSSL having TLS extension support. Failed to guard the callback definition. Fixed. Problem spotted by Todd Lyons.
2012-05-20tls_require_ciphers must be assigned to state copyPhil Pennock
2012-05-20Merge branch 'master_testsuite_faq'Todd Lyons
2012-05-20FAQ of running test suiteTodd Lyons
2012-05-20Testsuite: more guidance in READMEJeremy Harris
2012-05-20Typo: PRE_PRERELEASE -> PCRE_PRERELEASEPhil Pennock
Noted by Moritz Wilhelmy.
2012-05-20GnuTLS debug callback: check for existing \nPhil Pennock
2012-05-20"make makfile" -> "make makefile".Phil Pennock
Confirmed typo, rather than QNXism, by grepping tree and finding no other instances. Reported by René Berber.
2012-05-19Cipher munging continues.Phil Pennock
I omitted log/2025 pending further investigation.
2012-05-19HAVE_IPV6=yes in comment; need value!Phil Pennock
2012-05-20Testsuite: munge recorded TLS version &c in output to permit awkward ↵Jeremy Harris
test-host installations.
2012-05-19PRINTF_FUNCTION -> ALMOST_PRINTF.Phil Pennock
WANT_DEEPER_PRINTF_CHECKS guards ALMOST_PRINTF being PRINTF_FUNCTION. Fix some actual issues exposed when I cut down on the spam.
2012-05-19Portability to HP-UX.Phil Pennock
Report and fix from Michael Haardt. The resolver library change's assumed typedef was absent, but the underlying struct __res_state is present. Long type issues for the arithmetic changes.
2012-05-19PCRE_PRERELEASE fix, againPhil Pennock
2012-05-18Torture the English language slightly lessexim-4_80_RC2Phil Pennock
2012-05-18Fix three issues highlighted by clang analyser.Phil Pennock
Only crash-plausible issue would require the Cambridge-specific iplookup router and a misconfiguration. Report from Marcin Mirosław
2012-05-18Test suite fixes, mostly for new certs.Phil Pennock
New cert1 and cert2 but I'd only updated the GnuTLS tests. This fixes OpenSSL ones too. The SHELL vs /bin/sh one also fixed, finally realised that the test output just hadn't been updated to match the munging.
2012-05-18Document DCC in experimental-spec.txtPhil Pennock
Base text from Wolfgang Breyha. I went over it as someone new to it, to make some obvious-to-experts-but-not-me fixes.
2012-05-18Second SPF fix, moved to where type is correct.Phil Pennock
De-initialised "type" var in stack declaration, so a repeat of this mistake would lead to an uninitialized variable usage warning which would have blocked the previous incorrect fix from being committed.