| Age | Commit message (Collapse) | Author |
|---|
|
If using pkg-config to get the paths for various packages and the crypto
library headers are not in the system headers, then the hash work broke
the Exim build by requiring the CFLAGS manipulation for _all_ builds,
not just the TLS libraries.
Shows up on MacOS where there's a system OpenSSL but not system OpenSSL
headers (because only SecureTransport is supported) and using
brew-installed OpenSSL.
I've also coded the fix for GnuTLS on the same basis, but that's
untested.
Fixes bug 1906
|
|
|
|
* Add three new Exim-specific DH parameter constants; state provenance,
but no way for others to verify; this is a signed commit, which is
about as much as we can do for the truly paranoid: provide an audit
trail.
* Add the RFC 7919 DH primes
+ No TLS feature negotiation, per 7919, but the DH primes can be used
if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
+ Turns out, q doesn't affect the PEM and that's not a mistake in my
initialisation; I've checked with a cryptographer, we're losing some
server-side optimizations but not any security properties for our
scenario.
Fixes: 1895
|
|
|
|
|
|
|
|
|
|
|
|
Update current year in docs and banner copyright in src/src/globals.c
Rest of changes from:
vi $(git whatchanged --since=2016-01-01 | grep '^:100' | sed -n 's/^[^M]*M//p' | sort -u | fgrep -v test/)
|
|
|
|
- accept minor version number
- allow to skip the build-of-documentation step
- allow release of "any" version from anywhere
- avoid calling "old" reversion scripts, create version.sh
|
|
Add keep_environment, add_environment.
Change the working directory to "/" during the early startup
phase.
(cherry picked from commit 2b92b67bfc33efe05e6ff2ea3852731ac2273832)
(cherry picked from commit 14b82c8b736c8ed24eda144f57703cb9feac6323)
(cherry picked from commit 9ca92d0c6e9c6f161bd8111366c6952d3a9315e2)
(cherry picked from commit 0020c6d9ecfd98ed7b2b337ed4f898fdc409784b)
(cherry picked from commit e8f96966360ea8867ad6a8b5affda6c37fa4958c)
(cherry picked from commit ef6fb807c1e1a665f444f644c60c77269f7c5209)
|
|
|
|
versions, using libgcrypt and libtasn1 directly. Bug 1772
|
|
We need an incremental build of the hash, and GnuTLS did not expose the
required interfaces until version 2.10.0
|
|
Bug 1192
|
|
The functions previously in the auth directory, which allocate
exim-standard strings for output, are the main pair. The file-IO
variant decode routine use by mime-handling is brought into
the same new source file. The PDKIM functions are dropped.
|
|
Currently this covers HP-UX and older Solaris.
|
|
|
|
This is intended to be a step towards replacing the PolarSSL code
with either OpenSSL of GnuTLS equivalents.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
If we're configured to use pkg-config (or pcre-config) and the tool is
not available or does not know about the package we ask for, that should
be a fatal configuration error.
We should not silently ignore the missing package, then try to compile,
and have missing header warnings from the compiler. Eg, if we're told
to support GSASL, we'll try to compile the client code, and without
compiler flags, we'll either fail to compile (missing headers) or fail
to link, which obscures the source of the errors.
This change will only break people who had builds set to have Exim
depend upon non-existent packages, and that _needs_ to break.
|
|
The "local" builtin is not part of POSIX. We want it. Try harder to
get a vaguely sane shell, rather than just a POSIX shell.
Also, safeguard to error out more gracefully if invoked from outside the
build process.
|
|
|
|
Can disable PKCS11 in Makefile with AVOID_GNUTLS_PKCS11 build flag.
Rename gnutls_enable_pkcs11 option to gnutls_allow_auto_pkcs11.
Update Changelog
|
|
|
|
Add want_experimental() test in the script to create the lookups
Makefile to ease detection of requested Experimental features, and
simplify the #ifdef guards in the redis.c.
|
|
This is gross hackery and somewhat fragile. A better method would
actuallyt compile the 'C' involved and check programmatically.
|
|
|
|
This was noticable when re-building as a non-privileged user
after installing as root; lookups/Makefile had been rebuilt
by root and when it was rebuilt again by the unprivileged user
`mv` demanded confirmation before overwriting the file.
|
|
Set the POSIX -e option on the #! line invoking /bin/sh.
If any of the sub-commands fail, the Configure as a whole should fail.
|
|
|
|
Remove a couple of stray references to PCRE_CFLAGS too (dating from when PCRE was bundled).
|
|
Also: update EDITME to refer to pkg-config & AUTH_HEIMDAL_GSSAPI.
|
|
Not yet working, failing to set keytab.
Also: support (AUTH|LOOKUP)_*_PC=foo to use `pkg-config foo` for cflags/libs.
|
|
Missing: documentation; tests.
Tested: PLAIN auth.
Status: probably buggy
|
|
syntax error
|
|
|
|
|
|
Tested for version.sh in cwd, but used . to source, assuming that
would pull in file from cwd. True on BSD (checked after $PATH) but
not part of POSIX and not true for bash when in POSIX mode.
|
|
Adapted from git itself via unifdef. This does not (yet) include
the equivalent automation for the doc build.
|
|
|
|
I have also de-CVSed the ABOUT files and cleaned up a few
introductory comments.
|
|
|
