| Age | Commit message (Collapse) | Author |
|---|
|
|
|
on auths
|
|
|
|
(cherry picked from commit ffc3d145e3819e1a3762caa1bbe8b07e723fbaf2)
|
|
(cherry picked from commits 854bd65fa7, 11b31159ac, 19cb5e2f14, 9669c6e06f, 6db8b72c86)
|
|
(cherry picked from commit c4a8c663b74a35b547d8320547079ca56b3b772e)
|
|
(cherry picked from commit a310a8d09c56e6049714ae4e4070c16ecb6aa2b1)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This reverts commit 165acdd1ea3b7399b2279f94c881f8e366efaf71.
|
|
Partly change a single year into a range, starting back in 1995, or
later, if indicated by other copyright information.
|
|
|
|
(cherry picked from commit 2dfd20fe244da439b1f6becb4e29c8cb83e2d399)
|
|
GnuTLS version 3.0.0 onwards; still Experimental
|
|
|
|
|
|
This reverts commit 3a40b2f9648ce9737b3f8f542e5079e58c4db3c3.
It didn't work with Pmake (FreeBSD/OpenBSD)
|
|
|
|
|
|
|
|
Otherwise Perl may complain about missing locales, which
in turn confuses the Configure-Makefile script when parsing
the output from Perl
|
|
|
|
If, and _only_ if, $SOURCE_DATE_EPOCH is found in environ during build,
use it to set the timestamp embedded in the binary instead of using
__DATE__ and __TIME__ cpp directives.
This per <https://reproducible-builds.org/specs/source-date-epoch/>
spec. It's sane and sensible, without removing date stamping which
matters. The examples encourage packagers to use timestamps which
do change when they backport patches, so that the date remains useful
for distinguishing builds instead of claiming one date forever across
multiple patchlevels.
This change written so that the old behaviour and code is used if the
environment variable is not found, to better continue to support ancient
platforms with other variants of date(1).
Built with and without an override, on macOS.
|
|
Handle PKG_CONFIG_PATH, stripping whitespace expanding globs, collecting
multiple sets and just build one variable, and use it in environment at
configure time so that the libraries are found.
|
|
If using pkg-config to get the paths for various packages and the crypto
library headers are not in the system headers, then the hash work broke
the Exim build by requiring the CFLAGS manipulation for _all_ builds,
not just the TLS libraries.
Shows up on MacOS where there's a system OpenSSL but not system OpenSSL
headers (because only SecureTransport is supported) and using
brew-installed OpenSSL.
I've also coded the fix for GnuTLS on the same basis, but that's
untested.
Fixes bug 1906
|
|
|
|
* Add three new Exim-specific DH parameter constants; state provenance,
but no way for others to verify; this is a signed commit, which is
about as much as we can do for the truly paranoid: provide an audit
trail.
* Add the RFC 7919 DH primes
+ No TLS feature negotiation, per 7919, but the DH primes can be used
if folks so choose
* Fixed broken format string in util/gen_pkcs3.c
* Tried to make gen_pkcs3.c support q values.
+ Turns out, q doesn't affect the PEM and that's not a mistake in my
initialisation; I've checked with a cryptographer, we're losing some
server-side optimizations but not any security properties for our
scenario.
Fixes: 1895
|
|
|
|
|
|
|
|
|
|
|
|
Update current year in docs and banner copyright in src/src/globals.c
Rest of changes from:
vi $(git whatchanged --since=2016-01-01 | grep '^:100' | sed -n 's/^[^M]*M//p' | sort -u | fgrep -v test/)
|
|
|
|
- accept minor version number
- allow to skip the build-of-documentation step
- allow release of "any" version from anywhere
- avoid calling "old" reversion scripts, create version.sh
|
|
Add keep_environment, add_environment.
Change the working directory to "/" during the early startup
phase.
(cherry picked from commit 2b92b67bfc33efe05e6ff2ea3852731ac2273832)
(cherry picked from commit 14b82c8b736c8ed24eda144f57703cb9feac6323)
(cherry picked from commit 9ca92d0c6e9c6f161bd8111366c6952d3a9315e2)
(cherry picked from commit 0020c6d9ecfd98ed7b2b337ed4f898fdc409784b)
(cherry picked from commit e8f96966360ea8867ad6a8b5affda6c37fa4958c)
(cherry picked from commit ef6fb807c1e1a665f444f644c60c77269f7c5209)
|
|
|
|
versions, using libgcrypt and libtasn1 directly. Bug 1772
|
|
We need an incremental build of the hash, and GnuTLS did not expose the
required interfaces until version 2.10.0
|
|
Bug 1192
|
|
The functions previously in the auth directory, which allocate
exim-standard strings for output, are the main pair. The file-IO
variant decode routine use by mime-handling is brought into
the same new source file. The PDKIM functions are dropped.
|
|
Currently this covers HP-UX and older Solaris.
|
|
|
|
This is intended to be a step towards replacing the PolarSSL code
with either OpenSSL of GnuTLS equivalents.
|
|
|
|
|
