user/henk/code/exim.git - [no description]

Age	Commit message (Collapse)	Author
2010-12-18	Updated version numbers of code and documentation	Nigel Metheringham

2010-12-16	Turn TRUSTED_CONFIG_PREFIX_LIST into TRUSTED_CONFIG_LIST. No prefix or regexes	David Woodhouse

2010-12-15	Allow only Exim or CONFIGURE_OWNER to use whitelisted configs with -C	David Woodhouse
	We only added TRUSTED_CONFIG_PREFIX_FILE to compensate for the enforcing of ALT_CONFIG_ROOT_ONLY. Let's not open it up any further than we need to; other users don't get to make use of it.
2010-12-15	Kil va_copy(). It isn't present on some ancient systems.	David Woodhouse

2010-12-15	Implement -D whitelist invoking user restriction.	Phil Pennock
	Document WHITELIST_D_MACROS.
2010-12-14	Implement -D filtering, first pass.	Phil Pennock

2010-12-14	Change the default for system_filter_user.	Phil Pennock
	If the system filter needs to be run as root, let that be explicitly configured. The default is now the Exim run-time user. Document this, and a couple of other points, in IncompatibleChanges.
2010-12-12	Allow only absolute paths in TRUSTED_CONFIG_PREFIX_LIST, fix store leak	David Woodhouse

2010-12-12	Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.	David Woodhouse

2010-12-12	Add TRUSTED_CONFIG_PREFIX_FILE option	David Woodhouse
	(Bug 1044, CVE-2010-4345)
2010-12-12	Remove ALT_CONFIG_ROOT_ONLY build option, effectively making it always true.	David Woodhouse
	We never want the Exim user to be able to specify arbitrary configuration files. Don't let them build it that way. (Bug 1044, CVE-2010-4345)
2010-12-11	Check configure file permissions even for non-default files if still privileged	David Woodhouse
	(Bug 1044, CVE-2010-4345)
2010-12-11	Don't allow a configure file which is writeable by the Exim user or group	David Woodhouse
	(Bug 1044, CVE-2010-4345)
2010-12-11	Add Valgrind hooks for memory pools	David Woodhouse
	It's useful to tell Valgrind when memory is undefined because it's been freed by store_reset(), and when it's not supposed to be accessed because although it's been allocated for the store it hasn't actually been given out by store_get() yet.
2010-09-05	OpenSSL 1.0.0 const fix for SSL_get_current_cipher	Phil Pennock
	OpenSSL 1.0.0 changes SSL_get_current_cipher()'s return value to include const. It looks like a safe change for older OpenSSL, so treat it appropriately and cast as needed.
2010-09-05	Guidance on contributing to Exim.	Phil Pennock

2010-09-05	Rework clamd response handling to be more robust.	Phil Pennock
	In particular, clamd's ExtendedDetectionInfo option broke our parsing.
2010-07-19	Bugzilla #1006: Keep EHLO attributes in case STARTTLS errors are ignored	Tom Kistner
	Applied patch submitted by Micha Lenk. Thanks!
2010-07-04	Fix malware regression for cmdline scanner introduced in PP/08.	Phil Pennock
	Notification from Dr Andrew Aitchison. (Also: make the PP/08 description more complete)
2010-06-13	Remove logic branch which can use PRIdMAX for SIZE_T_FMT because it fails	Phil Pennock
	when size_t is 32-bit but the system supports 64-bit integers.
2010-06-12	removed extraneous "\n" from the end of some log_write lines, removed ↵	John Jetmore
	"magic" string " => " from a non-delivery log line
2010-06-12	Add tcp_wrappers_daemon_name (closes: bug #278)	John Jetmore
	(I honestly have no memory of writing this patch...)
2010-06-12	iaddressing bug 966 and my own concerns, stop sending non-panic error to ↵	John Jetmore
	panic log in dkim.c
2010-06-07	Run when EXIM_USER=notroot specified.	Phil Pennock

2010-06-07	For the new SIZE_T_FMT, if not C99 then our size_t conversion specifier	Phil Pennock
	should use PRIdMAX; this was disabled because I was testing the other logic and forgot to restore before commit. Bleh, sorry. Add #if to protect against unused variable complaints for this too.
2010-06-07	Both bool{} and bool_lax{} should ignore trailing whitespace.	Phil Pennock

2010-06-07	Added bool_lax{} expansion operator, which uses Router condition logic to	Phil Pennock
	determine whether or not a string is true. Switch the multiple-condition logic to use bool_lax{}. Add note where we combine multiple conditions regarding the memory leak.
2010-06-07	Allow Routers to have multiple conditions, IF each one yields a strict bool.	Phil Pennock
	Fixes: #816
2010-06-07	Clean up compiler warnings from { gcc -Wall }, many of which I introduced with	Phil Pennock
	the ClamAV and openssl_options patches in this release. Logic in buildconfig.c for adjusting some print format strings assumed that long ints were four bytes; adjust to test this against reality, to remove spurious warnings on my dev box (FreeBSD/amd64). Note: this commit adds a buildconfig.h dependency upon inttypes.h, which was in SUSv2, so should be safe.
2010-06-06	Build without WITH_CONTENT_SCAN.	Phil Pennock
	Broken by -bmalware option added while reworking ClamAV to new API. Path from Andreas Metzler (adjusted slightly).
2010-06-06	No longer permit the exim user to be root. Fixes: #752	Phil Pennock

2010-06-06	Implement --version. Fixes: #973	Phil Pennock

2010-06-06	Implement "control = debug" ACL control. Fixes: #937	Phil Pennock

2010-06-05	New expansion operator: reverse_ip	Phil Pennock

2010-06-05	ClamAV INSTREAM scanning by default, unless built with WITH_OLD_CLAMAV_STREAM.	Phil Pennock
	New command-line option, -bmalware (restricted to admin_user). Fixes: #926
2010-06-05	Deal with anonymous SSL giving us no peer certificate.	Phil Pennock

2010-06-05	Handle SASL Initial Response.	Phil Pennock
	See discussion at: http://lists.exim.org/lurker/message/20090125.014515.3746c882.en.html and the code is "correct by inspection", for whatever that's worth.
2010-06-05	Add permit_coredump pipe transport option. Fixes: #834	Phil Pennock

2010-06-05	Doh, fix the error message to say SSL_read not SSL_write.	Phil Pennock

2010-06-05	Log a diagnostic when an SSL write fails, to help admins debug SSL interop ↵	Phil Pennock
	issues. Fixes: #995
2010-06-05	Add an openssl_options main configuration option, to allow administrators to	Phil Pennock
	shoot themselves in each foot in turn. The default value is chosen to avoid a change in behaviour, but since it is disabling a security countermeasure, I'd like to change the default to be "no options". Fixes: #994
2010-06-03	Added DISABLE_DKIM option to EDITME, leaving some breadcrumbs about it being ↵	John Jetmore
	turned on by default
2010-06-03	Include check_rfc2047_length in configure.default to raise the visibility	Phil Pennock
	because we're seeing more Russian administrators get bitten by this. Idealism says this option is set correctly by default. Pragmatism says not. There's a good argument for the idealism but if we see the problems escalate then the idealism will have lost and we should, IMO, switch.
2010-06-03	The Date: and Message-Id: headers should normally be appended to a message,	Phil Pennock
	and only prepended when are Resent-* headers. Regression was introduced with the prepend logic in Exim 4.70, for bug #607.
2010-05-29	DKIM DNS TXT record bug fix. Fixes: #967	Nigel Metheringham

2010-05-29	Null initialise DKIM variable. Fixes: #986	Nigel Metheringham

2010-05-29	Null terminate pdkim string. Fixes: #985	Nigel Metheringham

2010-05-29	Stripped excess debug newline yet again...	Nigel Metheringham

2010-05-29	Protect against symlink attacks on MBX lockfile in /tmp as best we can:	Phil Pennock
	* if system supports O_NOFOLLOW, use it, protection complete * else detect the attack "too late" and abort, where at worst an empty file has been created as the attacked user Our hands are tied by not changing the locking algorithm. fixes: bug #989
2010-05-26	Prevent hardlink attack on mbox sticky mail directory. fixes: bug #988	Nigel Metheringham