| Age | Commit message (Collapse) | Author |
|---|
|
Docs deliberately keep changebars since v4.72 as 4.73 has not been out
for long.
OptionLists updates for dynamic modules and for the security changes
from 4.73.
|
|
I forgot about README.UPDATING and introduced a new txt file with the
4.73 release, noting incompatible changes. Because these weren't
documented in the normal place, some people missed them. Mea culpa.
Integrated the notes from IncompatibleChanges into README.UPDATING.
Added a note on the ABI of the dynlookups.
|
|
CVE-2011-0017
One assertion of the unimportance of checking the return value was wrong,
in the event of a compromised exim run-time user.
|
|
Debug version display reports library info.
Bumps lookup API magic constant, adds new field to module API.
When invoking { exim -d -bV } we can display more version information.
Show versions for many external libraries, including both compile-time
and run-time information if we can.
Optional for modules, may be NULL. Implemented for MySQL, SQLite &
Whoson lookups. For all lookups, if dynamically loaded, report the
Exim version number from the build. (Packagers will bundle stuff, but
dynamic modules are no longer just available for packagers, so we need
to deal with less managed environments and people forgetting to install
new modules).
Suggest in EDITME that users of modules not using package management
consider embedding a version number in the path to the modules.
Should consider removing the TLS (OpenSSL/GnuTLS) reporting from the
default -bV display and moving it into the debug display. Not done.
Created version.h, now support a version extension string for
distributors who patch heavily. Henceforth release engineer should
change the version in version.h not version.c.
|
|
|
|
It can be used for individual user certs but is really intended for
CAs. Note this, and explain that if the tls_verify_certificates value
is a file, then the certs within are sent from the server to clients,
thus is public data.
|
|
The 4.73 fixes were a little too stringent and complained about the
permissions on /dev/null. Exempt it from some checks.
Reported by Andreas M. Kirchwitz
|
|
Document the dynamic lookup module capability in spec.xfpt.
Include a ChangeLog item.
Avoid the GNU-specific "export" make(1) directive.
Build the lookups Makefile using the existing framework.
Build with BSD Make once more.
The src/lookups/Makefile that is used at build time now has the dynamic
content come from scripts/lookups-Makefile.
Add CFLAGS_DYNAMIC support, which can be set in Local/Makefile.
Provide defaults for Linux & FreeBSD.
Ensure that build fails early if a dynamic module is requested but
CFLAGS_DYNAMIC is not defined.
|
|
|
|
|
|
|
|
Fixes: bug #929
|
|
|
|
Fixes: bug #999
|
|
Fixes: bug #974
|
|
Fixes: bug #1052
Signed-off-by: Nigel Metheringham <nigel@exim.org>
|
|
Fixes: bug #1051
Signed-off-by: Nigel Metheringham <nigel@exim.org>
|
|
|
|
Refer to TRUSTED_CONFIG_LIST instead of TRUSTED_CONFIG_PREFIX_FILE in
documentation and comments.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing
of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to;
other users don't get to make use of it.
|
|
|
|
Document WHITELIST_D_MACROS.
|
|
|
|
|
|
If the system filter needs to be run as root, let that be explicitly
configured. The default is now the Exim run-time user.
Document this, and a couple of other points, in IncompatibleChanges.
|
|
|
|
(Bug 1044, CVE-2010-4345)
|
|
We *never* want the Exim user to be able to specify arbitrary configuration
files. Don't let them build it that way.
(Bug 1044, CVE-2010-4345)
|
|
(Bug 1044, CVE-2010-4345)
|
|
(Bug 1044, CVE-2010-4345)
|
|
It's useful to tell Valgrind when memory is undefined because it's been
freed by store_reset(), and when it's not supposed to be accessed because
although it's been allocated for the store it hasn't actually been given
out by store_get() yet.
|
|
Plus typo fixed.
|
|
|
|
Adjust OS-Fixups, document how this works in HowItWorks.txt
|
|
Notification from Dr Andrew Aitchison.
(Also: make the PP/08 description more complete)
|
|
ACL variables in av_scanner blindly will not work.
|
|
(I honestly have no memory of writing this patch...)
|
|
* -bmalware, note that not running as invoking user and emphasize that it's
for debugging Exim, not for general scanning.
* permit_codedump ? coRedump.
* Anon SSL lacking cert has been confirmed, fix works, remove the
"(I believe)" (which also might have been inferred to mean I did the
diagnosis; I didn't, I just convinced myself that Martin's analysis was
correct).
|
|
|
|
determine whether or not a string is true.
Switch the multiple-condition logic to use bool_lax{}.
Add note where we combine multiple conditions regarding the memory leak.
|
|
Fixes: #816
|
|
Broken by -bmalware option added while reworking ClamAV to new API.
Path from Andreas Metzler (adjusted slightly).
|
|
|
|
|
