| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-12-15 | Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C | David Woodhouse | |
| We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to; other users don't get to make use of it. | |||
| 2010-12-15 | Kil va_copy(). It isn't present on some ancient systems. | David Woodhouse | |
| 2010-12-15 | Implement -D whitelist invoking user restriction. | Phil Pennock | |
| Document WHITELIST_D_MACROS. | |||
| 2010-12-14 | doc-txt updates for the security changes | Phil Pennock | |
| 2010-12-14 | Document the change to system_filter_user's default. | Phil Pennock | |
| 2010-12-14 | Change the default for system_filter_user. | Phil Pennock | |
| If the system filter needs to be run as root, let that be explicitly configured. The default is now the Exim run-time user. Document this, and a couple of other points, in IncompatibleChanges. | |||
| 2010-12-12 | Set FD_CLOEXEC on SMTP sockets after forking to handle the connection. | David Woodhouse | |
| 2010-12-12 | Add TRUSTED_CONFIG_PREFIX_FILE option | David Woodhouse | |
| (Bug 1044, CVE-2010-4345) | |||
| 2010-12-12 | Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true. | David Woodhouse | |
| We *never* want the Exim user to be able to specify arbitrary configuration files. Don't let them build it that way. (Bug 1044, CVE-2010-4345) | |||
| 2010-12-11 | Check configure file permissions even for non-default files if still privileged | David Woodhouse | |
| (Bug 1044, CVE-2010-4345) | |||
| 2010-12-11 | Don't allow a configure file which is writeable by the Exim user or group | David Woodhouse | |
| (Bug 1044, CVE-2010-4345) | |||
| 2010-12-11 | Add Valgrind hooks for memory pools | David Woodhouse | |
| It's useful to tell Valgrind when memory is undefined because it's been freed by store_reset(), and when it's not supposed to be accessed because although it's been allocated for the store it hasn't actually been given out by store_get() yet. | |||
| 2010-09-05 | OpenSSL and XSL changes documented. | Phil Pennock | |
| Plus typo fixed. | |||
| 2010-09-05 | Document the ClamAV ExtendedDetectionInfo response handling. | Phil Pennock | |
| 2010-09-05 | Use public http: URLs for XSL includes. | Phil Pennock | |
| Adjust OS-Fixups, document how this works in HowItWorks.txt | |||
| 2010-07-04 | Fix malware regression for cmdline scanner introduced in PP/08. | Phil Pennock | |
| Notification from Dr Andrew Aitchison. (Also: make the PP/08 description more complete) | |||
| 2010-06-14 | Clarify that the ACL framework is not invoked for -bmalware, so that using | Phil Pennock | |
| ACL variables in av_scanner blindly will not work. | |||
| 2010-06-12 | Add tcp_wrappers_daemon_name (closes: bug #278) | John Jetmore | |
| (I honestly have no memory of writing this patch...) | |||
| 2010-06-09 | Minor doc updates: | Phil Pennock | |
| * -bmalware, note that not running as invoking user and emphasize that it's for debugging Exim, not for general scanning. * permit_codedump ? coRedump. * Anon SSL lacking cert has been confirmed, fix works, remove the "(I believe)" (which also might have been inferred to mean I did the diagnosis; I didn't, I just convinced myself that Martin's analysis was correct). | |||
| 2010-06-07 | Both bool{} and bool_lax{} should ignore trailing whitespace. | Phil Pennock | |
| 2010-06-07 | Added bool_lax{} expansion operator, which uses Router condition logic to | Phil Pennock | |
| determine whether or not a string is true. Switch the multiple-condition logic to use bool_lax{}. Add note where we combine multiple conditions regarding the memory leak. | |||
| 2010-06-07 | Allow Routers to have multiple conditions, IF each one yields a strict bool. | Phil Pennock | |
| Fixes: #816 | |||
| 2010-06-06 | Build without WITH_CONTENT_SCAN. | Phil Pennock | |
| Broken by -bmalware option added while reworking ClamAV to new API. Path from Andreas Metzler (adjusted slightly). | |||
| 2010-06-06 | No longer permit the exim user to be root. Fixes: #752 | Phil Pennock | |
| 2010-06-06 | Implement --version. Fixes: #973 | Phil Pennock | |
| 2010-06-06 | Light documentation dusting from patch provided by John Horne. | Phil Pennock | |
| Fixes: #922 | |||
| 2010-06-06 | Implement "control = debug" ACL control. Fixes: #937 | Phil Pennock | |
| 2010-06-05 | New expansion operator: reverse_ip | Phil Pennock | |
| 2010-06-05 | Update OptionLists. (Claim for 4.72 because 4.73 not yet complete and don't | Phil Pennock | |
| want to claim have *more* than we do, but okay to make a lesser claim). Typo fix in RFC reference in spec.xfpt. | |||
| 2010-06-05 | ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM. | Phil Pennock | |
| New command-line option, -bmalware (restricted to admin_user). Fixes: #926 | |||
| 2010-06-05 | Deal with anonymous SSL giving us no peer certificate. | Phil Pennock | |
| 2010-06-05 | Handle SASL Initial Response. | Phil Pennock | |
| See discussion at: http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html and the code is "correct by inspection", for whatever that's worth. | |||
| 2010-06-05 | Add permit_coredump pipe transport option. Fixes: #834 | Phil Pennock | |
| 2010-06-05 | Add an openssl_options main configuration option, to allow administrators to | Phil Pennock | |
| shoot themselves in each foot in turn. The default value is chosen to avoid a change in behaviour, but since it is disabling a security countermeasure, I'd like to change the default to be "no options". Fixes: #994 | |||
| 2010-06-03 | Added DISABLE_DKIM option to EDITME, leaving some breadcrumbs about it being ↵ | John Jetmore | |
| turned on by default | |||
| 2010-06-03 | Include check_rfc2047_length in configure.default to raise the visibility | Phil Pennock | |
| because we're seeing more Russian administrators get bitten by this. Idealism says this option is set correctly by default. Pragmatism says not. There's a good argument for the idealism but if we see the problems escalate then the idealism will have lost and we should, IMO, switch. | |||
| 2010-06-03 | Document Date/Message-Id/Resent-* as first 4.73 patch. | Phil Pennock | |
| 2010-06-01 | My understanding of the new dnsdb txt lookup syntax was flawed. | Phil Pennock | |
| Fixed the description and the last example. | |||
| 2010-06-01 | Provide a NewStuff description for 4.72. | Phil Pennock | |
| Don't blame Dan Rosenberg for the incomplete hack I applied to the MBX case. | |||
| 2010-05-30 | Revert previous incorrect change to XSL files. | Nigel Metheringham | |
| 2010-05-30 | Added changelog entry for MBX fix | Nigel Metheringham | |
| 2010-05-29 | Fix documentation version numbers | Nigel Metheringham | |
| 2010-05-29 | DKIM DNS TXT record bug fix. Fixes: #967 | Nigel Metheringham | |
| 2010-05-29 | Null initialise DKIM variable. Fixes: #986 | Nigel Metheringham | |
| 2010-05-29 | Added previously missed changelog entries | Nigel Metheringham | |
| 2010-05-28 | Updates to make doc build on tahini | Nigel Metheringham | |
| 2010-05-26 | Prevent hardlink attack on mbox sticky mail directory. fixes: bug #988 | Nigel Metheringham | |
| 2010-03-23 | JJ/03 installed exipick 20100323.0, fixing doc bug (debian 574778) | John Jetmore | |
| 2010-03-05 | Added umask to procmail example Fixes: #671 | Nigel Metheringham | |
| 2010-03-05 | Fix for unknown responses from Dovecot authenticator. Fixes: #954 | Nigel Metheringham | |
 |
index : user/henk/code/exim.git | |
| [no description] | git repository hosting |
| summaryrefslogtreecommitdiff |