summaryrefslogtreecommitdiff
path: root/doc
AgeCommit message (Collapse)Author
2011-06-30More PCRE cleanup.Tony Finch
2011-06-30Remove a few PCRE remnants.Tony Finch
2011-06-29Remove obsolete $Cambridge$ CVS revision strings.Tony Finch
I have also de-CVSed the ABOUT files and cleaned up a few introductory comments.
2011-06-17doc/doc-txt/NewStuff: note the ratelimit changes.Tony Finch
2011-06-17Improved ratelimit ACL condition.Tony Finch
Replace /noupdate with simpler /readonly option. (/noupdate is supported for backwards compatibility but no longer documented.) Better checking of the compatibility between per_* options and the ACL in which the ratelimit condition appears. Better handling of the start of a burst of email and of very low-rate clients. The new /count= option generalizes the per_byte and per_rcpt options. The new /unique= option is a rather groovy use for a Bloom filter.
2011-06-07exiwhat: Ensure the SIGUSR1 signal handler is safe.Tony Finch
exiwhat sends a SIGUSR1 to all exim processes to make them write their status to the process log. This is all done in the signal handler, but the logging code makes a number of calls that are not signal safe. These can all cause crashes or recursive locking in libc. Firstly, obtaining and formatting the timestamp is not safe. Doing so is unnecessary since exiwhat strips off the timestamp. This change removes timestamps from the process log. Secondly, exim closes all the logs after writing the process log. Closing syslog is not signal safe, and isn't necessary. We now only close the process log after writing to it. Thirdly, exim may calculate the process_log_path inside the signal handler which involves some possibly-unsafe string handling code. This change calculates the path when reading the configuration. Fourthly, when exim creates the process log file it might have to call the unsafe directory_create() though this is unlikely in practice. After this change exim only calls log_create() in a subprocess which is safe - it sometimes needs to do so anyway, if it is running as root and needs to drop privileges. The new code has no process log handling in log.c which eliminates some awkward special cases. It uses very simple code to write to the file in the signal handler, so it is obviously safe by inspection.
2011-06-07Ensure we log the error message when unlink() fails.Tony Finch
See also commit ID 0761d44e
2011-06-05DKIM Verification: Fix relaxed canon for empty headers w/oTom Kistner
whitespace trailer
2011-05-09malware.c: avoid arithmetic on a void pointer.Tony Finch
2011-05-09Solaris build fix for Oracle's LDAP libraries.Phil Pennock
Patch from Stephen Usher. fixes 1109
2011-05-08ChangeLog updates for the security issues.exim-4_76_RC2Phil Pennock
2011-05-07Typo fixes from Andreas Metzler.Phil Pennock
fixes bug 1111
2011-05-06Prep for 4.76 release. Version bumps, ChangeLog update.exim-4_76_RC1Phil Pennock
2011-04-26Cond !bool{}/!bool_lax{} did not negate. Fixed.Phil Pennock
Fixes bug: 1104
2011-04-12Catch divide-by-zero in ${eval:...}.Phil Pennock
Fixes 1102
2011-03-24Also memset(.., 0, ..) the pre-TLS input buffer.Phil Pennock
2011-03-24Extra paranoia around STARTTLS-with-data-in-buffer.Phil Pennock
2011-03-22Avoid segfault on ref:name specified as uid.Phil Pennock
If group not also specified, make this a fatal error. If group specified, we'll error out anyway unless the group can be resolved. Approach considered but not followed: fatal config error if built with ref:name where name is a number. fixes bug 1098
2011-03-22Mention dns_use_edns0Phil Pennock
2011-03-22Added dns_use_edns0 main option.Phil Pennock
Is int because need a "do not override default" option, but that stops us from using the bool expansion logic and so we need to explicitly set numbers. Should try to find a way around that.
2011-03-22New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1Phil Pennock
(no changes to any defaults).
2011-03-22Harmonised TLS library version reporting.Phil Pennock
Only show if debugging. Layout now matches that introduced for other libraries in 4.74 PP/03.
2011-03-22Make ldap_require_cert work (not segfault).Phil Pennock
The clang complaint, which also triggered a gcc complaint, was legitimate. My first test, which suggested no problem, was flawed. This: ldap_start_tls ldap_require_cert = demand would cause a segfault on LDAP lookup. fixes bug 230
2011-03-22Set "new since" to the 4.75 release.Phil Pennock
Stripped all .new/.wen except the exemplar. 4.75 was a stabilisation release, reset the accumulation of "this is new".
2011-03-03Another valgrind.h portability fix.Tony Finch
C89 compilers do not support variable argument macros. Our copy of valgrind.h now differs from upstream. Reported-by: Heiko Schlichting <heiko.schlichting@fu-berlin.de>
2011-02-28Fixed previous changelog to Bugzilla 968exim-4_75_RC3Nigel Metheringham
Ugh - typo-ed previous bugzilla id (case of probably shouldn't be let near a keyboard today).
2011-02-28Add missing changelog for Bugzilla 698Nigel Metheringham
2011-02-23DISABLE_DKIM has never worked. Fix that.Phil Pennock
2011-02-23Work on IRIX by setting _XPG=1Phil Pennock
2011-02-21Moved variable decl to start of block for old gccNigel Metheringham
2011-02-21Trivial spelling fix in ChangeLogNigel Metheringham
Thanks to Dennis Davis in full pedant mode!
2011-02-21Fix doc typos. Add freeze_signal to OptionLists.exim-4_75_RC1Phil Pennock
2011-02-21Exim 4.75.Phil Pennock
Exim 4.75, prepping for release. "Previous" version of docs deliberately remains 4.72.
2011-02-21DKIM multiple signature generation fix.Phil Pennock
Patch from Uwe Doering, sign-off by Michael Haardt. fixes bug 1019
2011-02-21maildir_tag hint provided by Heiko Schlittermann.Phil Pennock
(and add .new/.wen to previous change).
2011-02-21Deal with maildir quota file races.Phil Pennock
Based on patch from Heiko Schlittermann. Fixes bug 1086.
2011-02-21Improved spamd server selection.Phil Pennock
Patch from Mark Zealey. Fixes bug 1056.
2011-02-20Update $message_linecount for maildir_tag.Phil Pennock
Patch from Mark Zealey. Fixes bug 1055.
2011-02-20Minor robustness fixes for debugging.Phil Pennock
sig_atomic_t for signal-handlers. getgroups() return value checking. Developed for bug 927.
2011-02-13Move lookup extern decls to file scope.Phil Pennock
Should permit building on old gcc which dislikes extern inside function scope. Patch from Oliver Fleischmann, who encountered this with gcc 2.95.2.
2011-02-13Implement %M datestamping in log filenames.Phil Pennock
Patch from Simon Arlott. fixes bug 486
2011-02-13Don't reveal SQL expansion failure details in SMTP.Phil Pennock
fixes bug 1061
2011-02-13Implement freeze_signal on pipe transport.Phil Pennock
Patch from Jakob Hirsch. fixes bug 1042
2011-02-12Escape lookup deferral error message when logging.Phil Pennock
closes bug 1083 Patch from John Horne.
2011-02-06Fix exiqgrep issue where malformed lines not parsedNigel Metheringham
Fixes bug 943 Lightly tested, but not with report error condition, would like reporter to check this fix on their system.
2011-02-05Strip \x{c2} from .txt files and audit.Phil Pennock
Am unable to keep the build process from inserting spurious \x{c2} characters into the created .txt files. Strip the characters in Tidytxt. Add SanityTestText to do a final audit for non-ASCII characters in the .txt files. Dependency: pcregrep if available, else uses Perl.
2011-02-05LDAP TLS negotiation support.Phil Pennock
closes bug 230 Applies patches provided by Adam Ciarcinski of NetBSD in bug 230. Adds documentation. Tested the negotiation and server verification, not tested the client certificate presentation but looks sane.
2011-01-30Allow underscore in dnslist lookupsNigel Metheringham
Fixes bug 1026 Patch from Graeme Fowler
2011-01-30Added ChangeLog entry for f68cddNigel Metheringham
2011-01-27Use LC_ALL=C for building lookups/Makefile.Phil Pennock