Age | Commit message (Collapse) | Author |
|
exiwhat sends a SIGUSR1 to all exim processes to make them write
their status to the process log. This is all done in the signal
handler, but the logging code makes a number of calls that are not
signal safe. These can all cause crashes or recursive locking in
libc.
Firstly, obtaining and formatting the timestamp is not safe.
Doing so is unnecessary since exiwhat strips off the timestamp.
This change removes timestamps from the process log.
Secondly, exim closes all the logs after writing the process
log. Closing syslog is not signal safe, and isn't necessary.
We now only close the process log after writing to it.
Thirdly, exim may calculate the process_log_path inside the signal
handler which involves some possibly-unsafe string handling code.
This change calculates the path when reading the configuration.
Fourthly, when exim creates the process log file it might have to
call the unsafe directory_create() though this is unlikely in
practice. After this change exim only calls log_create() in a
subprocess which is safe - it sometimes needs to do so anyway, if
it is running as root and needs to drop privileges.
The new code has no process log handling in log.c which eliminates
some awkward special cases. It uses very simple code to write to
the file in the signal handler, so it is obviously safe by inspection.
|
|
See also commit ID 0761d44e
|
|
whitespace trailer
|
|
|
|
Patch from Stephen Usher.
fixes 1109
|
|
Dodge a SIGFPE on x86.
|
|
|
|
|
|
fixes bug 1111
|
|
|
|
The "Compiler masochism compliance" patch changed the log_write()
prototype to use "const char *" instead of "char *"; I don't have X11 on
my main box, so neglected to handle exim_monitor's duplicate definition
of log_write().
Fixes bug 1107
|
|
|
|
Fixes bug: 1104
|
|
Pointed out by: Steven A. Reisman
|
|
Fixes 1102
|
|
|
|
This reverts commit 29f20a41029cc5e36a8756ad8dfda64d0ed314ce.
Phil has staged something better.
|
|
|
|
|
|
The const-ness updates broke systems where `os_strsignal()` gets mapped
to `strsignal()`, which does *not* return `const char *` but `char *`.
If we #define away, then there should be a prototype from the system
headers.
|
|
Andreas Metzler for the patch!
|
|
|
|
|
|
If group not also specified, make this a fatal error. If group
specified, we'll error out anyway unless the group can be resolved.
Approach considered but not followed: fatal config error if built with
ref:name where name is a number.
fixes bug 1098
|
|
Is int because need a "do not override default" option, but that stops
us from using the bool expansion logic and so we need to explicitly
set numbers. Should try to find a way around that.
|
|
A couple of debug_printf()s missing trailing \n.
Set the default to 0L and |= the one item we default, rather than
setting outright, in the hopes of soon also |= setting another option if
available (SSL_OP_NO_SSLv2).
|
|
(no changes to any defaults).
|
|
Only show if debugging.
Layout now matches that introduced for other libraries in 4.74 PP/03.
|
|
The clang complaint, which also triggered a gcc complaint, was
legitimate. My first test, which suggested no problem, was flawed.
This:
ldap_start_tls
ldap_require_cert = demand
would cause a segfault on LDAP lookup.
fixes bug 230
|
|
Exim successfully builds with clang, albeit with a number of warnings.
* Our %n usage in printf() calls appears to be correct and safe, AFAICT.
* dummy functions are, unsurprisingly, unused
* Valgrind macros cause vociferous complaints
* Dynamic modules *not* tested
Further clang testing on my part will require an OS update and clang
2.9 to get -rdynamic support.
|
|
Be able to build most of Exim with:
-Werror -Wwrite-strings -Wunused-function -Waddress -Wpointer-sign
-Wformat -Wuninitialized -Winit-self
Skipped a change to auth-spa which I was uncertain of. That is not
the most readable of code.
Temporarily gave up on src/src/pdkim/pdkim.c, as header_name_match()
treats the second param as const or not depending on the third param.
(I hacked the build-*/pdkim/Makefile to continue past this)
Much of this change is const propagation.
|
|
C89 compilers do not support variable argument macros.
Our copy of valgrind.h now differs from upstream.
Reported-by: Heiko Schlichting <heiko.schlichting@fu-berlin.de>
|
|
|
|
|
|
When maildir_ensure_sizefile() returns -2, we still have size
information, so we can still use that. Don't disable quota. As a
result, do refrain from potentially calling close(-2).
Fixes bug 1086
|
|
|
|
Exim 4.75, prepping for release.
"Previous" version of docs deliberately remains 4.72.
|
|
Patch from Uwe Doering, sign-off by Michael Haardt.
fixes bug 1019
|
|
Based on patch from Heiko Schlittermann.
Fixes bug 1086.
|
|
Patch from Mark Zealey.
Fixes bug 1056.
|
|
Patch from Mark Zealey.
Fixes bug 1055.
|
|
sig_atomic_t for signal-handlers.
getgroups() return value checking.
Developed for bug 927.
|
|
|
|
Should permit building on old gcc which dislikes extern inside function
scope.
Patch from Oliver Fleischmann, who encountered this with gcc 2.95.2.
|
|
Patch from Simon Arlott.
fixes bug 486
|
|
fixes bug 1061
|
|
Patch from Jakob Hirsch.
fixes bug 1042
|
|
closes bug 1083
Patch from John Horne.
|
|
Fixes bug 943
Lightly tested, but not with report error condition,
would like reporter to check this fix on their system.
|
|
closes bug 230
Applies patches provided by Adam Ciarcinski of NetBSD in bug 230.
Adds documentation.
Tested the negotiation and server verification, not tested the client
certificate presentation but looks sane.
|