From 2813c06e9d6e591298239bc7dac3fb1b5c778a7c Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Thu, 22 Mar 2018 23:22:44 -0400 Subject: [PATCH] Import Upstream version 4.89 --- .ctags | 2 + .gitignore | 2 +- ACKNOWLEDGMENTS | 3 +- Makefile | 21 +- OS/Makefile-Base | 161 +- OS/Makefile-CYGWIN | 23 +- OS/Makefile-Default | 10 +- OS/Makefile-FreeBSD | 6 +- OS/Makefile-HP-UX | 2 + OS/Makefile-SunOS5 | 2 + OS/os.c-BSDI | 19 + OS/os.c-HP-UX | 16 + OS/os.c-Linux | 2 +- OS/os.c-SunOS5 | 16 + OS/os.c-cygwin | 545 +- OS/os.h-AIX | 4 + OS/os.h-BSDI | 4 + OS/os.h-DGUX | 3 + OS/os.h-Darwin | 3 + OS/os.h-DragonFly | 3 + OS/os.h-FreeBSD | 24 + OS/os.h-GNU | 3 + OS/os.h-GNUkFreeBSD | 3 + OS/os.h-GNUkNetBSD | 3 + OS/os.h-HI-OSF | 3 + OS/os.h-HI-UX | 3 + OS/os.h-HP-UX | 9 +- OS/os.h-HP-UX-9 | 3 + OS/os.h-IRIX | 3 - OS/os.h-IRIX6 | 3 - OS/os.h-IRIX632 | 3 - OS/os.h-IRIX65 | 3 - OS/os.h-Linux | 13 +- OS/os.h-NetBSD | 3 + OS/os.h-OSF1 | 3 - OS/os.h-OpenBSD | 14 + OS/os.h-OpenUNIX | 3 + OS/os.h-QNX | 3 + OS/os.h-SCO | 3 + OS/os.h-SCO_SV | 3 + OS/os.h-SunOS4 | 3 + OS/os.h-SunOS5 | 20 + OS/os.h-SunOS5-hal | 3 + OS/os.h-ULTRIX | 3 + OS/os.h-UNIX_SV | 3 + OS/os.h-USG | 3 + OS/os.h-Unixware7 | 1 - OS/os.h-cygwin | 24 +- OS/os.h-mips | 3 + README.DSN | 2 +- README.UPDATING | 35 +- conf | 2 + doc/ChangeLog | 727 ++- doc/DANE-draft-notes | 11 + doc/Exim3.upgrade | 2 +- doc/Exim4.upgrade | 6 +- doc/NewStuff | 178 +- doc/OptionLists.txt | 9 +- doc/README.SIEVE | 2 +- doc/cve-2016-9663 | 95 + doc/dbm.discuss.txt | 2 +- doc/exim.8 | 55 +- doc/experimental-spec.txt | 632 +-- doc/filter.txt | 8 +- doc/openssl.txt | 117 + doc/spec.txt | 6904 ++++++++++++++--------- exim_monitor/em_StripChart.c | 2 +- exim_monitor/em_TextPop.c | 16 +- exim_monitor/em_globals.c | 12 +- exim_monitor/em_hdr.h | 1 + exim_monitor/em_log.c | 14 +- exim_monitor/em_main.c | 13 +- exim_monitor/em_menu.c | 70 +- exim_monitor/em_queue.c | 42 +- exim_monitor/em_strip.c | 14 +- exim_monitor/em_xs.c | 3 +- scripts/Configure-Makefile | 22 +- scripts/MakeLinks | 406 +- scripts/exim_install | 6 +- scripts/lookups-Makefile | 9 +- scripts/reversion | 14 +- scripts/source_checks | 4 +- src/EDITME | 142 +- src/acl.c | 2216 ++++---- src/auths/Makefile | 10 +- src/auths/auth-spa.c | 344 +- src/auths/b64decode.c | 84 - src/auths/b64encode.c | 74 - src/auths/call_pam.c | 6 +- src/auths/call_pwcheck.c | 6 +- src/auths/call_radius.c | 26 +- src/auths/cram_md5.c | 29 +- src/auths/cyrus_sasl.c | 10 +- src/auths/dovecot.c | 438 +- src/auths/get_data.c | 6 +- src/auths/get_no64_data.c | 2 +- src/auths/gsasl_exim.c | 2 +- src/auths/heimdal_gssapi.c | 6 +- src/auths/plaintext.c | 20 +- src/auths/spa.c | 2 +- src/auths/tls.c | 80 + src/auths/tls.h | 30 + src/base64.c | 285 + src/blob.h | 15 + src/buildconfig.c | 45 +- src/child.c | 26 +- src/cnumber.h | 1 - src/config.h.defaults | 28 +- src/configure.default | 66 +- src/convert4r3.src | 4 +- src/convert4r4.src | 4 +- src/crypt16.c | 42 +- src/daemon.c | 263 +- src/dane-gnu.c | 21 + src/dane-openssl.c | 1719 ++++++ src/dane.c | 50 + src/danessl.h | 47 + src/dbfn.c | 55 +- src/dbfunctions.h | 8 +- src/dbstuff.h | 4 +- src/dcc.c | 91 +- src/debug.c | 38 +- src/deliver.c | 3754 +++++++----- src/demime.c | 1243 ---- src/demime.h | 134 - src/dkim.c | 1247 ++-- src/dkim.h | 8 +- src/dmarc.c | 116 +- src/dmarc.h | 1 - src/dns.c | 987 ++-- src/drtables.c | 184 +- src/enq.c | 54 +- src/environment.c | 72 + src/exicyclog.src | 40 +- src/exigrep.src | 47 +- src/exim.c | 650 ++- src/exim.h | 28 +- src/exim_checkaccess.src | 1 + src/exim_dbmbuild.c | 16 +- src/exim_dbutil.c | 58 +- src/exim_lock.c | 46 +- src/eximon.src | 27 +- src/eximstats.src | 48 +- src/exinext.src | 3 + src/exipick.src | 20 +- src/exiqgrep.src | 4 +- src/exiqsumm.src | 7 +- src/expand.c | 2076 +++++-- src/filter.c | 69 +- src/functions.h | 298 +- src/globals.c | 472 +- src/globals.h | 173 +- src/{auths/sha1.c => hash.c} | 320 +- src/hash.h | 76 + src/header.c | 11 +- src/host.c | 518 +- src/imap_utf7.c | 209 + src/ip.c | 301 +- src/local_scan.h | 12 +- src/log.c | 352 +- src/lookupapi.h | 11 +- src/lookups/Makefile | 2 + src/lookups/README | 7 +- src/lookups/cdb.c | 279 +- src/lookups/dbmdb.c | 16 +- src/lookups/dnsdb.c | 320 +- src/lookups/dsearch.c | 6 +- src/lookups/ibase.c | 25 +- src/lookups/ldap.c | 111 +- src/lookups/ldap.h | 4 +- src/lookups/lf_functions.h | 9 +- src/lookups/lf_quote.c | 20 +- src/lookups/lf_sqlperform.c | 17 +- src/lookups/lmdb.c | 160 + src/lookups/lsearch.c | 28 +- src/lookups/mysql.c | 49 +- src/lookups/nis.c | 6 +- src/lookups/nisplus.c | 21 +- src/lookups/oracle.c | 30 +- src/lookups/passwd.c | 6 +- src/lookups/pgsql.c | 34 +- src/lookups/redis.c | 816 +-- src/lookups/spf.c | 15 +- src/lookups/sqlite.c | 10 +- src/lookups/testdb.c | 8 +- src/lookups/whoson.c | 4 +- src/lss.c | 14 +- src/macros.h | 330 +- src/malware.c | 3715 ++++++------ src/match.c | 80 +- src/memcheck.h | 20 +- src/mime.c | 553 +- src/mime.h | 127 +- src/moan.c | 254 +- src/mytypes.h | 23 +- src/os.c | 50 +- src/osfunctions.h | 8 +- src/parse.c | 112 +- src/pdkim/Makefile | 12 +- src/pdkim/README | 6 +- src/pdkim/base64.c | 181 - src/pdkim/base64.h | 77 - src/pdkim/bignum.c | 1865 ------ src/pdkim/bignum.h | 527 -- src/pdkim/bn_mul.h | 735 --- src/pdkim/config.h | 4 + src/pdkim/crypt_ver.h | 26 + src/pdkim/pdkim.c | 3562 ++++++------ src/pdkim/pdkim.h | 118 +- src/pdkim/pdkim_hash.h | 38 + src/pdkim/rsa.c | 1636 +++--- src/pdkim/rsa.h | 500 +- src/pdkim/sha1.c | 434 -- src/pdkim/sha1.h | 145 - src/pdkim/sha2.c | 441 -- src/pdkim/sha2.h | 153 - src/perl.c | 13 +- src/queue.c | 358 +- src/rda.c | 39 +- src/readconf.c | 960 +++- src/receive.c | 778 ++- src/regex.c | 456 +- src/retry.c | 135 +- src/rewrite.c | 23 +- src/rfc2047.c | 10 +- src/route.c | 412 +- src/routers/README | 2 +- src/routers/accept.c | 8 +- src/routers/dnslookup.c | 74 +- src/routers/dnslookup.h | 5 +- src/routers/ipliteral.c | 27 +- src/routers/iplookup.c | 32 +- src/routers/manualroute.c | 44 +- src/routers/queryprogram.c | 23 +- src/routers/redirect.c | 62 +- src/routers/rf_change_domain.c | 7 +- src/routers/rf_functions.h | 6 +- src/routers/rf_get_errors_address.c | 8 +- src/routers/rf_get_munge_headers.c | 25 +- src/routers/rf_lookup_hostlist.c | 72 +- src/routers/rf_queue_add.c | 12 +- src/search.c | 85 +- src/setenv.c | 59 + src/sha_ver.h | 42 + src/sieve.c | 154 +- src/smtp_in.c | 2382 +++++--- src/smtp_out.c | 271 +- src/spam.c | 1095 ++-- src/spam.h | 22 +- src/spf.c | 8 +- src/spf.h | 8 +- src/spool_in.c | 213 +- src/spool_mbox.c | 457 +- src/spool_out.c | 167 +- src/srs.c | 3 +- src/std-crypto.c | 503 +- src/store.c | 89 +- src/string.c | 299 +- src/structs.h | 141 +- src/tls-gnu.c | 565 +- src/tls-openssl.c | 1214 +++- src/tls.c | 67 +- src/tlscert-gnu.c | 94 +- src/tlscert-openssl.c | 173 +- src/tod.c | 4 +- src/transport-filter.src | 4 +- src/transport.c | 893 +-- src/transports/Makefile | 4 +- src/transports/appendfile.c | 43 +- src/transports/autoreply.c | 35 +- src/transports/lmtp.c | 86 +- src/transports/pipe.c | 118 +- src/transports/queuefile.c | 256 + src/transports/queuefile.h | 29 + src/transports/smtp.c | 3356 ++++++----- src/transports/smtp.h | 105 +- src/transports/smtp_socks.c | 412 ++ src/transports/tf_maildir.c | 8 +- src/tree.c | 4 +- src/utf8.c | 273 + src/valgrind.h | 54 +- src/verify.c | 1947 ++++--- src/version.sh | 8 +- util/.gitignore | 2 + util/chunking_fixqueue_finalnewlines.pl | 160 + util/cramtest.pl | 2 + util/gen_pkcs3.c | 41 +- util/mkcdb.pl | 3 +- util/ocsp_fetch.pl | 1 + util/proxy_protocol_client.pl | 1 + util/ratelimit.pl | 2 + 291 files changed, 37832 insertions(+), 29961 deletions(-) create mode 100644 .ctags create mode 100644 OS/os.c-BSDI create mode 100644 OS/os.c-HP-UX create mode 100644 OS/os.c-SunOS5 create mode 100644 conf create mode 100644 doc/DANE-draft-notes create mode 100644 doc/cve-2016-9663 create mode 100644 doc/openssl.txt rewrite scripts/MakeLinks (86%) delete mode 100644 src/auths/b64decode.c delete mode 100644 src/auths/b64encode.c create mode 100644 src/auths/tls.c create mode 100644 src/auths/tls.h create mode 100644 src/base64.c create mode 100644 src/blob.h delete mode 100644 src/cnumber.h create mode 100644 src/dane-gnu.c create mode 100644 src/dane-openssl.c create mode 100644 src/dane.c create mode 100644 src/danessl.h delete mode 100644 src/demime.c delete mode 100644 src/demime.h rewrite src/dkim.c (94%) create mode 100644 src/environment.c rename src/{auths/sha1.c => hash.c} (88%) create mode 100644 src/hash.h create mode 100644 src/imap_utf7.c create mode 100644 src/lookups/lmdb.c rewrite src/lookups/redis.c (84%) rewrite src/malware.c (83%) rewrite src/mime.h (82%) delete mode 100644 src/pdkim/base64.c delete mode 100644 src/pdkim/base64.h delete mode 100644 src/pdkim/bignum.c delete mode 100644 src/pdkim/bignum.h delete mode 100644 src/pdkim/bn_mul.h create mode 100644 src/pdkim/config.h create mode 100644 src/pdkim/crypt_ver.h rewrite src/pdkim/pdkim.c (88%) create mode 100644 src/pdkim/pdkim_hash.h rewrite src/pdkim/rsa.c (98%) rewrite src/pdkim/rsa.h (99%) delete mode 100644 src/pdkim/sha1.c delete mode 100644 src/pdkim/sha1.h delete mode 100644 src/pdkim/sha2.c delete mode 100644 src/pdkim/sha2.h rewrite src/regex.c (88%) create mode 100644 src/setenv.c create mode 100644 src/sha_ver.h rewrite src/spam.c (88%) rewrite src/spool_mbox.c (86%) create mode 100644 src/transports/queuefile.c create mode 100644 src/transports/queuefile.h create mode 100644 src/transports/smtp_socks.c create mode 100644 src/utf8.c create mode 100644 util/.gitignore create mode 100755 util/chunking_fixqueue_finalnewlines.pl diff --git a/.ctags b/.ctags new file mode 100644 index 0000000..c764086 --- /dev/null +++ b/.ctags @@ -0,0 +1,2 @@ +--recurse +--exclude=build-* diff --git a/.gitignore b/.gitignore index 7839e97..8965c11 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ Local build-* tags -cscope.out +cscope.* diff --git a/ACKNOWLEDGMENTS b/ACKNOWLEDGMENTS index 1c4a934..2e1ede0 100644 --- a/ACKNOWLEDGMENTS +++ b/ACKNOWLEDGMENTS @@ -350,7 +350,7 @@ John Jetmore Tom Kistner DKIM. Content scanning. SPA. Todd Lyons Nigel Metheringham Transitioning out of Default Victim status. -Phil Pennock Release Coordinator. Breaks lots of things. +Phil Pennock Mostly idle; some security bits still. David Woodhouse Dynamic modules. Security. @@ -449,6 +449,7 @@ Jan Srzednicki Patch improving Dovecot authenticator Samuel Thibault Patch fixing IPv6 interface address detection on Hurd Martin Tscholak Reported issue with TLS anonymous ciphersuites Stephen Usher Patch fixing use of Oracle's LDAP libraries on Solaris +Jasper Wallace Patch for LibreSSL compatibility Holger Weiß Patch leting ${run} return more data than OS pipe buffer size Moritz Wilhelmy Pointed out PCRE_PRERELEASE glitch diff --git a/Makefile b/Makefile index 99f4ab3..2a100bb 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # appropriate links, and then creating and running the main makefile in that # directory. -# Copyright (c) University of Cambridge, 1995 - 2014 +# Copyright (c) University of Cambridge, 1995 - 2015 # See the file NOTICE for conditions of use and distribution. # IRIX make uses the shell that is in the SHELL variable, which often defaults @@ -19,8 +19,14 @@ RM_COMMAND=/bin/rm # provide an override for the OS type and architecture type; they still have # to be used for the OS-specific files. To override them, you can set the # shell variables OSTYPE and ARCHTYPE when running make. +# +# EXIM_BUILD_SUFFIX should be used to enable parallel builds on a file +# system shared among different Linux distros (same os-type, same +# arch-type). The ../test/runtest script is expected to honour the +# EXIM_BUILD_SUFFIX when searching the Exim binary. +# NOTE: EXIM_BUILD_SUFFIX is considered *experimental*. -buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`} +buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`}$${EXIM_BUILD_SUFFIX:+.$$EXIM_BUILD_SUFFIX} # The default target checks for the existence of Local/Makefile, that the main # makefile is built and up-to-date, and then it runs it. @@ -28,6 +34,14 @@ buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`} all: Local/Makefile configure @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) + +# This pair for the convenience of of the Debian maintainers +exim: Local/Makefile configure + @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) exim +utils: Local/Makefile configure + @cd build-$(buildname); $(MAKE) SHELL=$(SHELL) $(MFLAGS) utils + + Local/Makefile: @echo "" @echo "*** Please create Local/Makefile by copying src/EDITME and making" @@ -90,9 +104,10 @@ distclean:; $(RM_COMMAND) -rf build-* cscope* cscope.files: FRC echo "-q" > $@ echo "-p3" >> $@ - find src Local OS -name "*.[cshyl]" -print \ + find src Local OS exim_monitor -name "*.[cshyl]" -print \ -o -name "os.h*" -print \ -o -name "*akefile*" -print \ + -o -name config.h.defaults -print \ -o -name EDITME -print >> $@ ls OS/* >> $@ diff --git a/OS/Makefile-Base b/OS/Makefile-Base index 87a8037..f6b42f3 100644 --- a/OS/Makefile-Base +++ b/OS/Makefile-Base @@ -1,12 +1,15 @@ # This file is the basis of the main makefile for Exim and friends. The # makefile at the top level arranges to build the main makefile by calling # scripts/Configure-Makefile from within the build directory. This -# concatentates the configuration settings from Local/Makefile and other, +# concatenates the configuration settings from Local/Makefile and other, # optional, Local/* files at the front of this file, to create Makefile in the # build directory. +# +# Copyright (c) The Exim Maintainers 2016 SHELL = $(MAKE_SHELL) SCRIPTS = ../scripts +O = ../OS EDITME = ../Local/Makefile EXIMON_EDITME = ../Local/eximon.conf @@ -32,10 +35,10 @@ FE = $(FULLECHO) # up-to-date. Then the os-specific source files and the C configuration file # are set up, and finally it goes to the main Exim target. -all: allexim -config: $(EDITME) checklocalmake Makefile os.h os.c config.h version.h +all: utils exim +config: $(EDITME) checklocalmake Makefile os.c config.h version.h -checklocalmake: +checklocalmake: @if $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE) $(EDITME) || \ $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(ARCHTYPE) $(EDITME) || \ $(SHELL) $(SCRIPTS)/newer $(EDITME)-$(OSTYPE)-$(ARCHTYPE) $(EDITME); \ @@ -76,12 +79,29 @@ Makefile: ../OS/Makefile-Base ../OS/Makefile-Default \ # Build (link) the os.h file -os.h: +os.h: $(SCRIPTS)/Configure-os.h \ + $(O)/os.h-AIX $(O)/os.h-BSDI $(O)/os.h-cygwin \ + $(O)/os.h-Darwin $(O)/os.h-DGUX $(O)/os.h-DragonFly \ + $(O)/os.h-FreeBSD $(O)/os.h-GNU $(O)/os.h-GNUkFreeBSD \ + $(O)/os.h-GNUkNetBSD $(O)/os.h-HI-OSF \ + $(O)/os.h-HI-UX $(O)/os.h-HP-UX $(O)/os.h-HP-UX-9 \ + $(O)/os.h-IRIX $(O)/os.h-IRIX6 $(O)/os.h-IRIX632 \ + $(O)/os.h-IRIX65 $(O)/os.h-Linux $(O)/os.h-mips \ + $(O)/os.h-NetBSD $(O)/os.h-NetBSD-a.out \ + $(O)/os.h-OpenBSD $(O)/os.h-OpenUNIX $(O)/os.h-OSF1 \ + $(O)/os.h-QNX $(O)/os.h-SCO $(O)/os.h-SCO_SV \ + $(O)/os.h-SunOS4 $(O)/os.h-SunOS5 $(O)/os.h-SunOS5-hal \ + $(O)/os.h-ULTRIX $(O)/os.h-UNIX_SV \ + $(O)/os.h-Unixware7 $(O)/os.h-USG $(SHELL) $(SCRIPTS)/Configure-os.h # Build the os.c file -os.c: ../src/os.c +os.c: ../src/os.c \ + $(SCRIPTS)/Configure-os.c \ + $(O)/os.c-cygwin $(O)/os.c-GNU $(O)/os.c-HI-OSF \ + $(O)/os.c-IRIX $(O)/os.c-IRIX6 $(O)/os.c-IRIX632 \ + $(O)/os.c-IRIX65 $(O)/os.c-Linux $(O)/os.c-OSF1 $(SHELL) $(SCRIPTS)/Configure-os.c # Build the config.h file. @@ -95,19 +115,16 @@ config.h: Makefile buildconfig ../src/config.h.defaults $(EDITME) # therefore always be run, even if the files exist. This shouldn't in fact be a # problem, but it does no harm. Other make programs will just ignore this. -.PHONY: all config allexim buildauths buildlookups buildpdkim buildrouters \ +.PHONY: all config utils \ + buildauths buildlookups buildpdkim buildrouters \ buildtransports checklocalmake clean -# This is the real default target for all the various exim binaries and -# scripts, once the configuring stuff is done. - -allexim: $(EXIM_MONITOR) exicyclog exinext exiwhat \ +utils: $(EXIM_MONITOR) exicyclog exinext exiwhat \ exigrep eximstats exipick exiqgrep exiqsumm \ transport-filter.pl convert4r3 convert4r4 \ exim_checkaccess \ - exim_dbmbuild exim_dumpdb exim_fixdb exim_tidydb exim_lock \ - exim + exim_dbmbuild exim_dumpdb exim_fixdb exim_tidydb exim_lock # Targets for special-purpose configuration header builders @@ -262,6 +279,7 @@ exipick: Makefile ../src/exipick.src @rm -f exipick @sed -e "s?PERL_COMMAND?$(PERL_COMMAND)?" \ -e "s?SPOOL_DIRECTORY?$(SPOOL_DIRECTORY)?" \ + -e "s?BIN_DIRECTORY?$(BIN_DIRECTORY)?" \ ../src/exipick.src > exipick-t @mv exipick-t exipick @chmod a+x exipick @@ -297,25 +315,32 @@ convert4r4: Makefile ../src/convert4r4.src # are thrown away by the linker. OBJ_WITH_CONTENT_SCAN = malware.o mime.o regex.o spam.o spool_mbox.o -OBJ_WITH_OLD_DEMIME = demime.o -OBJ_EXPERIMENTAL = bmi_spam.o spf.o srs.o dcc.o dmarc.o +OBJ_EXPERIMENTAL = bmi_spam.o \ + dane.o \ + dcc.o \ + dmarc.o \ + imap_utf7.o \ + spf.o \ + srs.o \ + utf8.o # Targets for final binaries; the main one has a build number which is # updated each time. We don't bother with that for the auxiliaries. OBJ_LOOKUPS = lookups/lf_quote.o lookups/lf_check_file.o lookups/lf_sqlperform.o -OBJ_EXIM = acl.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \ +OBJ_EXIM = acl.o base64.o child.o crypt16.o daemon.o dbfn.o debug.o deliver.o \ directory.o dns.o drtables.o enq.o exim.o expand.o filter.o \ - filtertest.o globals.o dkim.o \ + filtertest.o globals.o dkim.o hash.o \ header.o host.o ip.o log.o lss.o match.o moan.o \ os.o parse.o queue.o \ rda.o readconf.o receive.o retry.o rewrite.o rfc2047.o \ route.o search.o sieve.o smtp_in.o smtp_out.o spool_in.o spool_out.o \ std-crypto.o store.o string.o tls.o tod.o transport.o tree.o verify.o \ + environment.o \ $(OBJ_LOOKUPS) \ local_scan.o $(EXIM_PERL) $(OBJ_WITH_CONTENT_SCAN) \ - $(OBJ_WITH_OLD_DEMIME) $(OBJ_EXPERIMENTAL) + $(OBJ_EXPERIMENTAL) exim: buildlookups buildauths pdkim/pdkim.a \ buildrouters buildtransports \ @@ -385,7 +410,7 @@ exim_tidydb: $(OBJ_TIDYDB) exim_dbmbuild: exim_dbmbuild.o @echo "$(LNCC) -o exim_dbmbuild" - $(FE)$(LNCC) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \ + $(FE)$(LNCC) $(CFLAGS) $(INCLUDE) -o exim_dbmbuild $(LFLAGS) exim_dbmbuild.o \ $(LIBS) $(EXTRALIBS) $(DBMLIB) @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ echo $(STRIP_COMMAND) exim_dbmbuild; \ @@ -396,7 +421,7 @@ exim_dbmbuild: exim_dbmbuild.o # The utility for locking a mailbox while messing around with it -exim_lock: exim_lock.c +exim_lock: exim_lock.c os.h @echo "$(CC) exim_lock.c" $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) exim_lock.c @echo "$(LNCC) -o exim_lock" @@ -423,7 +448,13 @@ MONBIN = em_StripChart.o $(EXIMON_TEXTPOP) em_globals.o em_init.o \ # The complete modules list also includes some specially compiled versions of # code from the main Exim source tree. -OBJ_MONBIN = util-spool_in.o util-store.o util-string.o tod.o tree.o $(MONBIN) +OBJ_MONBIN = util-spool_in.o \ + util-store.o \ + util-string.o \ + util-queue.o \ + tod.o \ + tree.o \ + $(MONBIN) eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ ../exim_monitor/em_version.c @@ -432,7 +463,7 @@ eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ $(CFLAGS) $(XINCLUDE) -I. ../exim_monitor/em_version.c @echo "$(LNCC) -o eximon.bin" $(FE)$(PURIFY) $(LNCC) -o eximon.bin em_version.o $(LFLAGS) $(XLFLAGS) \ - $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \ + $(OBJ_MONBIN) -lXaw -lXmu -lXt -lXext -lX11 $(PCRE_LIBS) \ $(LIBS) $(LIBS_EXIMON) $(EXTRALIBS) $(EXTRALIBS_EXIMON) -lc @if [ x"$(STRIP_COMMAND)" != x"" ]; then \ echo $(STRIP_COMMAND) eximon.bin; \ @@ -443,13 +474,36 @@ eximon.bin: $(EXIMON_EDITME) eximon $(OBJ_MONBIN) \ # Compile step for most of the exim modules. HDRS is a list of headers -# which cause everthing to be rebuilt. PHDRS is the same, for the use +# which cause everything to be rebuilt. PHDRS is the same, for the use # of routers, transports, and authenticators. I can't find a way of doing this # in one. This list is overkill, but it doesn't really take much time to # rebuild Exim on a modern computer. -HDRS = config.h dbfunctions.h dbstuff.h exim.h functions.h globals.h local_scan.h macros.h mytypes.h structs.h -PHDRS = ../config.h ../dbfunctions.h ../dbstuff.h ../exim.h ../functions.h ../globals.h ../local_scan.h ../macros.h ../mytypes.h ../structs.h +HDRS = blob.h \ + config.h \ + dbfunctions.h \ + dbstuff.h \ + exim.h \ + functions.h \ + globals.h \ + hash.h \ + local_scan.h \ + macros.h \ + mytypes.h \ + sha_ver.h \ + structs.h \ + os.h +PHDRS = ../config.h \ + ../dbfunctions.h \ + ../dbstuff.h \ + ../exim.h \ + ../functions.h \ + ../globals.h \ + ../local_scan.h \ + ../macros.h \ + ../mytypes.h \ + ../structs.h \ + ../os.h .SUFFIXES: .o .c .c.o:; @echo "$(CC) $*.c" @@ -520,6 +574,10 @@ util-string.o: $(HDRS) string.c @echo "$(CC) -DCOMPILE_UTILITY string.c" $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-string.o string.c +util-queue.o: $(HDRS) queue.c + @echo "$(CC) -DCOMPILE_UTILITY queue.c" + $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY -o util-queue.o queue.c + util-os.o: $(HDRS) os.c @echo "$(CC) -DCOMPILE_UTILITY os.c" $(FE)$(CC) -c $(CFLAGS) $(INCLUDE) \ @@ -538,6 +596,7 @@ local_scan.o: config local_scan.h ../$(LOCAL_SCAN_SOURCE) # Dependencies for the "ordinary" exim modules acl.o: $(HDRS) acl.c +base64.o: $(HDRS) mime.h base64.c child.o: $(HDRS) child.c crypt16.o: $(HDRS) crypt16.c daemon.o: $(HDRS) daemon.c @@ -549,9 +608,11 @@ dns.o: $(HDRS) dns.c enq.o: $(HDRS) enq.c exim.o: $(HDRS) exim.c expand.o: $(HDRS) expand.c +environment.o: $(HDRS) environment.c filter.o: $(HDRS) filter.c filtertest.o: $(HDRS) filtertest.c globals.o: $(HDRS) globals.c +hash.o: $(HDRS) hash.c header.o: $(HDRS) header.c host.o: $(HDRS) host.c ip.o: $(HDRS) ip.c @@ -559,7 +620,7 @@ log.o: $(HDRS) log.c lss.o: $(HDRS) lss.c match.o: $(HDRS) match.c moan.o: $(HDRS) moan.c -os.o: $(HDRS) os.c +os.o: $(HDRS) $(OS_C_INCLUDES) os.c parse.o: $(HDRS) parse.c queue.o: $(HDRS) queue.c rda.o: $(HDRS) rda.c @@ -578,34 +639,34 @@ spool_out.o: $(HDRS) spool_out.c std-crypto.o: $(HDRS) std-crypto.c store.o: $(HDRS) store.c string.o: $(HDRS) string.c -tls.o: $(HDRS) tls.c tls-gnu.c tlscert-gnu.c tls-openssl.c tlscert-openssl.c +tls.o: $(HDRS) tls.c \ + tls-gnu.c tlscert-gnu.c \ + tls-openssl.c tlscert-openssl.c tod.o: $(HDRS) tod.c transport.o: $(HDRS) transport.c tree.o: $(HDRS) tree.c -verify.o: $(HDRS) verify.c -dkim.o: $(HDRS) dkim.c +verify.o: $(HDRS) transports/smtp.h verify.c +dkim.o: $(HDRS) pdkim/pdkim.h dkim.c # Dependencies for WITH_CONTENT_SCAN modules malware.o: $(HDRS) malware.c -mime.o: $(HDRS) mime.c +mime.o: $(HDRS) mime.h mime.c regex.o: $(HDRS) regex.c spam.o: $(HDRS) spam.c spool_mbox.o: $(HDRS) spool_mbox.c -# Dependencies for WITH_OLD_DEMIME modules - -demime.o: $(HDRS) demime.c - - # Dependencies for EXPERIMENTAL_* modules -bmi_spam.o: $(HDRS) bmi_spam.c -spf.o: $(HDRS) spf.h spf.c -srs.o: $(HDRS) srs.h srs.c -dcc.o: $(HDRS) dcc.h dcc.c -dmarc.o: $(HDRS) dmarc.h dmarc.c +bmi_spam.o: $(HDRS) bmi_spam.c +dane.o: $(HDRS) dane.c dane-gnu.c dane-openssl.c +dcc.o: $(HDRS) dcc.h dcc.c +dmarc.o: $(HDRS) pdkim/pdkim.h dmarc.h dmarc.c +imap_utf7.o: $(HDRS) imap_utf7.c +spf.o: $(HDRS) spf.h spf.c +srs.o: $(HDRS) srs.h srs.c +utf8.o: $(HDRS) utf8.c # The module containing tables of available lookups, routers, auths, and # transports must be rebuilt if any of them are. However, because the makefiles @@ -716,12 +777,13 @@ sa-os.o: $(HDRS) os.c # These are the test targets themselves test_dbfn: config.h dbfn.c dummies.o sa-globals.o sa-os.o store.o \ - string.o tod.o version.o + string.o tod.o version.o utf8.o $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE dbfn.c + $(CC) -c $(CFLAGS) $(INCLUDE) -DCOMPILE_UTILITY store.c $(LNCC) -o test_dbfn $(LFLAGS) dbfn.o \ dummies.o sa-globals.o sa-os.o store.o string.o \ - tod.o version.o $(LIBS) $(DBMLIB) - rm -f dbfn.o + tod.o version.o utf8.o $(LIBS) $(DBMLIB) $(LDFLAGS) + rm -f dbfn.o store.o test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \ store.o string.o tod.o tree.o @@ -734,23 +796,24 @@ test_host: config.h child.c host.c dns.c dummies.c sa-globals.o os.o \ tod.o tree.o $(LIBS) $(LIBRESOLV) rm -f child.o dummies.o host.o dns.o -test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o +test_os: os.h os.c dummies.o sa-globals.o store.o string.o tod.o utf8.o $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE os.c $(LNCC) -o test_os $(LFLAGS) os.o dummies.o \ - sa-globals.o store.o string.o tod.o $(LIBS) + sa-globals.o store.o string.o tod.o utf8.o $(LIBS) $(LDFLAGS) rm -f os.o test_parse: config.h parse.c dummies.o sa-globals.o \ - store.o string.o tod.o version.o + store.o string.o tod.o version.o utf8.o $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE parse.c $(LNCC) -o test_parse $(LFLAGS) parse.o \ - dummies.o sa-globals.o store.o string.o tod.o version.o + dummies.o sa-globals.o store.o string.o tod.o version.o \ + utf8.o $(LDFLAGS) rm -f parse.o -test_string: config.h string.c dummies.o sa-globals.o store.o tod.o +test_string: config.h string.c dummies.o sa-globals.o store.o tod.o utf8.o $(CC) -c $(CFLAGS) $(INCLUDE) -DSTAND_ALONE string.c $(LNCC) -o test_string $(LFLAGS) -DSTAND_ALONE string.o \ - dummies.o sa-globals.o store.o tod.o $(LIBS) + dummies.o sa-globals.o store.o tod.o utf8.o $(LIBS) $(LDFLAGS) rm -f string.o # End diff --git a/OS/Makefile-CYGWIN b/OS/Makefile-CYGWIN index 774fa4f..006e9fe 100644 --- a/OS/Makefile-CYGWIN +++ b/OS/Makefile-CYGWIN @@ -2,8 +2,10 @@ # This file provided by Pierre A. Humblet +HAVE_IPV6 = yes HAVE_ICONV = yes -CFLAGS= -g -Wall -O2 +# Use c99 to have %z +CFLAGS= -g -Wall -std=c99 -U __STRICT_ANSI__ LIBS= -lcrypt -lresolv LIBS_EXIM= -liconv EXIWHAT_PS_ARG=-as @@ -24,7 +26,7 @@ LIBS_EXIM +=../Local/exim_res.o ################################################## -# The following is normaly set in local/Makefile. +# The following is normally set in local/Makefile. # Makefile.cygwin provides defaults with which the # precompiled version is built ################################################## @@ -78,7 +80,6 @@ LOOKUP_PASSWD=yes LDAP_LIB_TYPE=OPENLDAP2 LOOKUP_LIBS=-lldap -llber -# WITH_OLD_DEMIME=yes WITH_CONTENT_SCAN=yes # It is important to define these variables but the values are always overridden @@ -98,17 +99,15 @@ ZCAT_COMMAND=/usr/bin/zcat SUPPORT_PAM=yes CFLAGS += -DINCLUDE_PAM -I ../pam -I ../../pam -APPENDFILE_MODE = 0644 # default if no ntsec -APPENDFILE_DIRECTORY_MODE = 0777 -APPENDFILE_LOCKFILE_MODE = 0666 -EXIMDB_DIRECTORY_MODE = 0777 +# All modes are in octal and must start with 0 +EXIMDB_DIRECTORY_MODE = 01777 EXIMDB_MODE = 0666 EXIMDB_LOCKFILE_MODE = 0666 -INPUT_DIRECTORY_MODE = 0777 -LOG_DIRECTORY_MODE = 0777 +INPUT_DIRECTORY_MODE = 01777 +LOG_DIRECTORY_MODE = 01777 LOG_MODE = 0666 -MSGLOG_DIRECTORY_MODE = 0777 -SPOOL_DIRECTORY_MODE = 0777 -SPOOL_MODE = 0666 +MSGLOG_DIRECTORY_MODE = 01777 +SPOOL_DIRECTORY_MODE = 01777 +SPOOL_MODE = 0600 # End diff --git a/OS/Makefile-Default b/OS/Makefile-Default index 60d5ea8..b3990fe 100644 --- a/OS/Makefile-Default +++ b/OS/Makefile-Default @@ -186,14 +186,6 @@ EXIWHAT_KILL_SIGNAL=-USR1 # IPV6_USE_INET_PTON=yes -# Setting the next option brings in support for A6 DNS records for IPV6. These -# were at one time expected to supplant AAAA records, but were eventually -# rejected. The code remains in Exim, but has not been compiled or tested for -# quite some time. Do not set this unless you know what you are doing. - -# SUPPORT_A6=yes - - # HOSTNAME_COMMAND contains the path to the "hostname" command, which varies # from OS to OS. This is used when building the Exim monitor script only. (See # also BASENAME_COMMAND.) If HOSTNAME_COMMAND is set to "look_for_it" then the @@ -294,7 +286,7 @@ LOCAL_SCAN_SOURCE=src/local_scan.c ############################################################################# # The following definitions are relevant only when compiling the Exim monitor -# program, which requires an X11 display. See the varible EXIM_MONITOR in +# program, which requires an X11 display. See the variable EXIM_MONITOR in # src/EDITME for how to suppress this compilation. # X11 contains the location of the X11 libraries and include files. diff --git a/OS/Makefile-FreeBSD b/OS/Makefile-FreeBSD index ebb116b..7c6c064 100644 --- a/OS/Makefile-FreeBSD +++ b/OS/Makefile-FreeBSD @@ -6,12 +6,16 @@ CHOWN_COMMAND=/usr/sbin/chown STRIP_COMMAND=/usr/bin/strip CHMOD_COMMAND=/bin/chmod +# FreeBSD Ports no longer insert compatibility symlinks into /usr/bin for +# scripting languages which traditionally have had them. +PERL_COMMAND=/usr/local/bin/perl + HAVE_SA_LEN=YES # crypt() is in a separate library LIBS=-lcrypt -lm -lutil -# Dynamicly loaded modules need to be built with -fPIC +# Dynamically loaded modules need to be built with -fPIC CFLAGS_DYNAMIC=-shared -rdynamic -fPIC # FreeBSD always ships with Berkeley DB diff --git a/OS/Makefile-HP-UX b/OS/Makefile-HP-UX index 073d67a..ea35144 100644 --- a/OS/Makefile-HP-UX +++ b/OS/Makefile-HP-UX @@ -22,4 +22,6 @@ EXIMON_TEXTPOP= DBMLIB=-lndbm RANLIB=@true +OS_C_INCLUDES=setenv.c + # End diff --git a/OS/Makefile-SunOS5 b/OS/Makefile-SunOS5 index e60a6c0..568e99f 100644 --- a/OS/Makefile-SunOS5 +++ b/OS/Makefile-SunOS5 @@ -19,4 +19,6 @@ XINCLUDE=-I$(X11)/include XLFLAGS=-L$(X11)/lib -R$(X11)/lib X11LIB=$(X11)/lib +OS_C_INCLUDES=setenv.c + # End diff --git a/OS/os.c-BSDI b/OS/os.c-BSDI new file mode 100644 index 0000000..3cef2ac --- /dev/null +++ b/OS/os.c-BSDI @@ -0,0 +1,19 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) 2016 Heiko Schlittermann */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* BSDI-specific code. This is concatenated onto the generic +src/os.c file. */ + +#ifndef OS_UNSETENV +#define OS_UNSETENV + +int +os_unsetenv(const unsigned char * name) +{ +unsetenv((char *)name); +return 0; +} diff --git a/OS/os.c-HP-UX b/OS/os.c-HP-UX new file mode 100644 index 0000000..fdd8708 --- /dev/null +++ b/OS/os.c-HP-UX @@ -0,0 +1,16 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2016 */ +/* Copyright (c) Jeremy Harris 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* HP-UX-specific code. This is concatenated onto the generic +src/os.c file. */ + +#ifndef COMPILE_UTILITY +# include "setenv.c" +#endif + +/* End of os.c-SunHP-UX */ diff --git a/OS/os.c-Linux b/OS/os.c-Linux index df0dff9..4bca776 100644 --- a/OS/os.c-Linux +++ b/OS/os.c-Linux @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge 1997 - 2001 */ +/* Copyright (c) University of Cambridge 1997 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Linux-specific code. This is concatenated onto the generic diff --git a/OS/os.c-SunOS5 b/OS/os.c-SunOS5 new file mode 100644 index 0000000..1624869 --- /dev/null +++ b/OS/os.c-SunOS5 @@ -0,0 +1,16 @@ +/************************************************* +* Exim - an Internet mail transport agent * +*************************************************/ + +/* Copyright (c) University of Cambridge 2016 */ +/* Copyright (c) Jeremy Harris 2016 */ +/* See the file NOTICE for conditions of use and distribution. */ + +/* Solaris-specific code. This is concatenated onto the generic +src/os.c file. */ + +#if defined(MISSING_UNSETENV_3) && !defined(COMPILE_UTILITY) +# include "setenv.c" +#endif + +/* End of os.c-SunOS5 */ diff --git a/OS/os.c-cygwin b/OS/os.c-cygwin index ea17a43..c9464aa 100644 --- a/OS/os.c-cygwin +++ b/OS/os.c-cygwin @@ -2,8 +2,8 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Cygwin-specific code. December 2002 - This is concatenated onto the generic src/os.c file. +/* Cygwin-specific code. December 2002. Updated Jan 2015. + This is prefixed to the src/os.c file. This code was supplied by Pierre A. Humblet */ @@ -18,23 +18,12 @@ int cygwin_mkdir( const char *path, mode_t mode ) return mkdir(p, mode); } -/* We have strsignal but cannot use #define - because types don't match */ -#define OS_STRSIGNAL /* src/os.c need not provide it */ -char * os_strsignal(int sig) -{ - return (char *) strsignal(sig); -} - #ifndef COMPILE_UTILITY /* Utilities don't need special code */ -#ifdef INCLUDE_MINIRES -#include "../minires/minires.c" -#include "../minires/os-interface.c" -#endif #ifdef INCLUDE_PAM #include "../pam/pam.c" #endif +#include unsigned int cygwin_WinVersion; @@ -47,23 +36,25 @@ unsigned int cygwin_WinVersion; #endif #include +#include +#include + #define EqualLuid(Luid1, Luid2) \ ((Luid1.LowPart == Luid2.LowPart) && (Luid1.HighPart == Luid2.HighPart)) #include /* Special static variables */ static BOOL cygwin_debug = FALSE; -static int privileged = 1; /* when not privileged, setuid = noop */ +static int fakesetugid = 1; /* when not privileged, setugid = noop */ #undef setuid int cygwin_setuid(uid_t uid ) { - int res; - if (privileged <= 0) return 0; - else { + int res = 0; + if (fakesetugid == 0) { res = setuid(uid); if (cygwin_debug) - fprintf(stderr, "setuid %lu %lu %d pid: %d\n", + fprintf(stderr, "setuid %u %u %d pid: %d\n", uid, getuid(),res, getpid()); } return res; @@ -72,12 +63,11 @@ int cygwin_setuid(uid_t uid ) #undef setgid int cygwin_setgid(gid_t gid ) { - int res; - if (privileged <= 0) return 0; - else { + int res = 0; + if (fakesetugid == 0) { res = setgid(gid); if (cygwin_debug) - fprintf(stderr, "setgid %lu %lu %d pid: %d\n", + fprintf(stderr, "setgid %u %u %d pid: %d\n", gid, getgid(), res, getpid()); } return res; @@ -97,8 +87,8 @@ static void cygwin_setpriority() Next byte: 0 Next byte: minor version of OS Low byte: major version of OS (3 or 4 for for NT, 5 for 2000 and XP) */ -#define VERSION_IS_58M(x) (x & 0x80000000) /* 95, 98, Me */ -#define VERSION_IS_NT(x) ((x & 0XFF) < 5) /* NT 4 or 3.51 */ +//#define VERSION_IS_58M(x) (x & 0x80000000) /* 95, 98, Me */ +//#define VERSION_IS_NT(x) ((x & 0XFF) < 5) /* NT 4 or 3.51 */ /* Routine to find if process or thread is privileged @@ -106,7 +96,6 @@ static void cygwin_setpriority() enum { CREATE_BIT = 1, - RESTORE_BIT = 2 }; static DWORD get_privileges () @@ -132,15 +121,12 @@ static DWORD get_privileges () for (i = 0; i < privs->PrivilegeCount; i++) { if (EqualLuid(privs->Privileges[i].Luid, cluid)) ret |= CREATE_BIT; - else if (EqualLuid(privs->Privileges[i].Luid, rluid)) - ret |= RESTORE_BIT; - else continue; - if (ret == (CREATE_BIT | RESTORE_BIT)) + if (ret == (CREATE_BIT)) break; } } else - fprintf(stderr, "has_create_token_privilege %ld\n", GetLastError()); + fprintf(stderr, "has_create_token_privilege %u\n", GetLastError()); if (hToken) CloseHandle(hToken); @@ -148,17 +134,18 @@ static DWORD get_privileges () return ret; } -/* We use a special routine to initialize - cygwin_init is called from the OS_INIT macro in main(). */ - -void cygwin_init(int argc, char ** argv, void * rup, - void * eup, void * egp, void * cup, void * cgp) +/* + We use cygwin_premain to fake a few things + and to provide some debug info +*/ +void cygwin_premain2(int argc, char ** argv, struct per_process * ptr) { - int i; + int i, res, is_daemon = 0, is_spoolwritable, is_privileged, is_eximuser; uid_t myuid, systemuid; gid_t mygid, adminsgid; - struct passwd * pwp; - char *cygenv, win32_path[MAX_PATH]; + struct passwd * pwp = NULL; + struct stat buf; + char *cygenv; SID(1, SystemSid, SECURITY_LOCAL_SYSTEM_RID); SID(2, AdminsSid, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS); DWORD priv_flags; @@ -174,77 +161,103 @@ void cygwin_init(int argc, char ** argv, void * rup, for (i = 1; i < argc; i++) { if (argv[i][0] == '-') { if (argv[i][1] == 'c') { + ssize_t size; + wchar_t *win32_path; argv[i][1] = 'n'; /* Replace -c by -n */ cygwin_debug = TRUE; - fprintf(stderr, "CYGWIN = \"%s\".", cygenv); - cygwin_conv_to_win32_path("/", win32_path); - fprintf(stderr, " Root / mapped to %s.\n", win32_path); + fprintf(stderr, "CYGWIN = \"%s\".\n", cygenv); + if (((size = cygwin_conv_path(CCP_POSIX_TO_WIN_W,"/", win32_path, 0)) > 0) + && ((win32_path = malloc(size)) != NULL) + && (cygwin_conv_path(CCP_POSIX_TO_WIN_W,"/", win32_path, size) == 0)) { + fprintf(stderr, " Root / mapped to %ls.\n", win32_path); + free(win32_path); + } } - else if (argv[i][1] == 'b' && argv[i][2] == 'd') + else if (argv[i][1] == 'b' && argv[i][2] == 'd') { + is_daemon = 1; cygwin_setpriority(); } } - if (VERSION_IS_58M(cygwin_WinVersion)) { - * (uid_t *) rup = myuid; /* Pretend we are root */ - * (uid_t *) eup = myuid; /* ... and exim */ - * (gid_t *) egp = mygid; - return; } + /* Nt/2000/XP - We initially set the exim uid & gid to those of the "real exim", + We initially set the exim uid & gid to those of the "exim user", or to the root uid (SYSTEM) and exim gid (ADMINS), If privileged, we setuid to those. We always set the configure uid to the system uid. We always set the root uid to the real uid - to avoid useless execs following forks. + to allow exim imposed restrictions (bypassable by recompiling) + and to avoid exec that cause loss of privilege If not privileged and unable to chown, we set the exim uid to our uid. - If unprivileged, we fake all subsequent setuid. */ + If unprivileged and /var/spool/exim is writable and not running as listening daemon, + we fake all subsequent setuid. */ + + /* Get the system and admins uid from their sids */ + if ((systemuid = cygwin_internal(CW_GET_UID_FROM_SID, & SystemSid)) == -1) { + fprintf(stderr, "Cannot map System sid. Aborting\n"); + exit(1); + } + if ((adminsgid = cygwin_internal(CW_GET_GID_FROM_SID, & AdminsSid)) == -1) { + fprintf(stderr, "Cannot map Admins sid. Aborting\n"); + exit(1); + } priv_flags = get_privileges (); - privileged = !!(priv_flags & CREATE_BIT); - - /* Get the system and admins uid from their sids, - or use the default values from the Makefile. */ - if ((systemuid = cygwin_internal(CW_GET_UID_FROM_SID, & SystemSid)) == -1) - systemuid = * (uid_t *) eup; - if ((adminsgid = cygwin_internal(CW_GET_GID_FROM_SID, & AdminsSid)) == -1) - adminsgid = * (gid_t *) egp; - - if ((pwp = getpwnam("exim")) != NULL) { - * (uid_t *) eup = pwp->pw_uid; /* Set it according to passwd */ - * (gid_t *) egp = pwp->pw_gid; + is_privileged = !!(priv_flags & CREATE_BIT); + + /* Call getpwnam for account exim after getting the local exim name */ + char exim_username[DNLEN + UNLEN + 2]; + if (cygwin_internal(CW_CYGNAME_FROM_WINNAME, "exim", exim_username, sizeof exim_username) != 0) + pwp = getpwnam (exim_username); + + /* If cannot setuid to exim or and is not the daemon (which is assumed to be + able to chown or to be the exim user) set the exim ugid to our ugid to avoid + chown failures after creating files and to be able to setuid to exim in + exim.c ( "privilege not needed" ). */ + if ((is_privileged == 0) && (!is_daemon)) { + exim_uid = myuid; + exim_gid = mygid; + } + else if (pwp != NULL) { + exim_uid = pwp->pw_uid; /* Set it according to passwd */ + exim_gid = pwp->pw_gid; + is_eximuser = 1; } else { - * (uid_t *) eup = systemuid; - * (gid_t *) egp = adminsgid; + exim_uid = systemuid; + exim_gid = adminsgid; + is_eximuser = 0; } - /* Set the configuration uid and gid to the system uid and admins gid. - Note that exim uid is also accepted as owner of exim.conf. */ - * (uid_t *) cup = systemuid; - * (gid_t *) cgp = adminsgid; + res = stat("/var/spool/exim", &buf); + /* Check if writable (and can be stat) */ + is_spoolwritable = ((res == 0) && ((buf.st_mode & S_IWOTH) != 0)); + + fakesetugid = (is_privileged == 0) && (is_daemon == 0) && (is_spoolwritable == 1); - if (privileged) { /* Can setuid */ - if (cygwin_setgid(* (gid_t *) egp) /* Setuid to exim */ - || cygwin_setuid(* (uid_t *) eup)) - privileged = -1; /* Problem... Perhaps not in 544 */ + if (is_privileged) { /* Can setuid */ + if (cygwin_setgid(exim_gid) /* Setuid to exim */ + || cygwin_setuid(exim_uid)) { + fprintf(stderr, "Unable to setuid/gid to exim. priv_flags: %x\n", priv_flags); + exit(0); /* Problem... Perhaps not in 544 */ + } } - /* Pretend we are root to avoid useless execs. - We are limited by file access rights */ - * (uid_t *) rup = getuid (); + /* Set the configuration file uid and gid to the system uid and admins gid. */ + config_uid = systemuid; + config_gid = adminsgid; - /* If we have not setuid to exim and cannot chown, - set the exim uid to our uid to avoid chown failures */ - if (privileged <= 0 && !(priv_flags & RESTORE_BIT)) - * (uid_t *) eup = * (uid_t *) rup; + /* Pretend we are root to avoid useless exec + and avoid exim set limitations. + We are limited by file access rights */ + root_uid = getuid (); if (cygwin_debug) { - fprintf(stderr, "Starting uid %ld, gid %ld, ntsec %lu, privileged %d.\n", - myuid, mygid, cygwin_internal(CW_CHECK_NTSEC, NULL), privileged); - fprintf(stderr, "root_uid %ld, exim_uid %ld, exim_gid %ld, config_uid %ld, config_gid %ld.\n", - * (uid_t *) rup, * (uid_t *) eup, * (gid_t *) egp, * (uid_t *) cup, * (gid_t *) cgp); + fprintf(stderr, "Starting uid %u, gid %u, priv_flags %x, is_privileged %d, is_daemon %d, is_spoolwritable %d.\n", + myuid, mygid, priv_flags, is_privileged, is_daemon, is_spoolwritable); + fprintf(stderr, "root_uid %u, exim_uid %u, exim_gid %u, config_uid %u, config_gid %u, is_eximuser %d.\n", + root_uid, exim_uid, exim_gid, config_uid, config_gid, is_eximuser); } return; } @@ -253,24 +266,15 @@ void cygwin_init(int argc, char ** argv, void * rup, #define OS_LOAD_AVERAGE /* src/os.c need not provide it */ /***************************************************************** - * Functions for average load measurements - There are two methods, which work only on NT. + Uses NtQuerySystemInformation. + This requires definitions that are not part of + standard include files. - The first one uses the HKEY_PERFORMANCE_DATA registry to - get performance data. It is complex but well documented - and works on all NT versions. - - The second one uses NtQuerySystemInformation. - Its use is discouraged starting with WinXP. - - Until 4.43, the Cygwin port of exim was using the first - method. - -*****************************************************************/ -#define PERF_METHOD2 + This is discouraged starting with WinXP. +*************************************************************/ /* Structure to compute the load average efficiently */ typedef struct { DWORD Lock; @@ -279,11 +283,6 @@ typedef struct { unsigned long long LastCounter; /* Last measurement counter */ unsigned long long PerfFreq; /* Perf counter frequency */ int LastLoad; /* Last reported load, or -1 */ -#ifdef PERF_METHOD1 - PPERF_DATA_BLOCK PerfData; /* Pointer to a buffer to get the data */ - DWORD BufferSize; /* Size of PerfData */ - LPSTR * NamesArray; /* Temporary (malloc) buffer for index */ -#endif } cygwin_perf_t; static struct { @@ -292,317 +291,6 @@ static struct { cygwin_perf_t *perf; } cygwin_load = {NULL, 0, NULL}; -#ifdef PERF_METHOD1 -/************************************************************* - METHOD 1 - - Obtaining statistics in Windows is done at a low level by - calling registry functions, in particular the key - HKEY_PERFORMANCE_DATA on NT and successors. - Something equivalent exists on Win95, see Microsoft article - HOWTO: Access the Performance Registry Under Windows 95 (KB 174631) - but it is not implemented here. - - The list of objects to be polled is specified in the string - passed to RegQueryValueEx in ReadStat() below. - On NT, all objects are polled even if info about only one is - required. This is fixed in Windows 2000. See articles - INFO: Perflib Calling Close Procedure in Windows 2000 (KB 270127) - INFO: Performance Data Changes Between Windows NT 4.0 and Windows - 2000 (KB 296523) - - It is unclear to me how the counters are primarily identified. - Whether it's by name strings or by the offset of their strings - as mapped in X:\Winnt\system32\perfc009.dat [or equivalently as - reported by the registry functions in GetNameStrings( ) below]. - Microsoft documentation seems to say that both methods should - work. - - In the interest of speed and language independence, the main - code below relies on offsets. However if debug is enabled, the - code verifies that the names of the corresponding strings are - as expected. - -*****************************************************************/ - -/* Object and counter indices and names */ -#define PROCESSOR_OBJECT_INDEX 238 -#define PROCESSOR_OBJECT_STRING "238" -#define PROCESSOR_OBJECT_NAME "Processor" -#define PROCESSOR_TIME_COUNTER 6 -#define PROCESSOR_TIME_NAME "% Processor Time" - -#define BYTEINCREMENT 800 /* Block to add to PerfData */ - -/***************************************************************** - * - Macros to navigate through the performance data. - - *****************************************************************/ -#define FirstObject(PerfData)\ - ((PPERF_OBJECT_TYPE)((PBYTE)PerfData + PerfData->HeaderLength)) -#define NextObject(PerfObj)\ - ((PPERF_OBJECT_TYPE)((PBYTE)PerfObj + PerfObj->TotalByteLength)) -#define ObjectCounterBlock(PerfObj)\ - ((PPERF_COUNTER_BLOCK)(PBYTE)PerfObj + PerfObj->DefinitionLength ) -#define FirstInstance(PerfObj )\ - ((PPERF_INSTANCE_DEFINITION)((PBYTE)PerfObj + PerfObj->DefinitionLength)) -#define InstanceCounterBlock(PerfInst)\ - ((PPERF_COUNTER_BLOCK) ((PBYTE)PerfInst + PerfInst->ByteLength )) -#define NextInstance(PerfInst )\ - ((PPERF_INSTANCE_DEFINITION)((PBYTE)InstanceCounterBlock(PerfInst) + \ - InstanceCounterBlock(PerfInst)->ByteLength) ) -#define FirstCounter(PerfObj)\ - ((PPERF_COUNTER_DEFINITION) ((PBYTE)PerfObj + PerfObj->HeaderLength)) -#define NextCounter(PerfCntr)\ - ((PPERF_COUNTER_DEFINITION)((PBYTE)PerfCntr + PerfCntr->ByteLength)) - -/***************************************************************** - * - Load the counter and object names from the registry - to cygwin_load.perf->NameStrings - and index them in cygwin_load.perf->NamesArray - - NameStrings seems to be taken from the file - X:\Winnt\system32\perfc009.dat - - This is used only for name verification during initialization, - if DEBUG(D_load) is TRUE. - -*****************************************************************/ -static BOOL GetNameStrings( ) -{ - HKEY hKeyPerflib; // handle to registry key - DWORD dwArraySize; // size for array - DWORD dwNamesSize; // size for strings - LPSTR lpCurrentString; // pointer for enumerating data strings - DWORD dwCounter; // current counter index - LONG res; - - /* Get the number of Counter items into dwArraySize. */ - if ((res = RegOpenKeyEx( HKEY_LOCAL_MACHINE, - "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib", - 0, - KEY_QUERY_VALUE, /* KEY_READ, */ - &hKeyPerflib)) - != ERROR_SUCCESS) { - DEBUG(D_load) debug_printf("RegOpenKeyEx (1): error %ld (Windows)\n", res); - return FALSE; - } - dwNamesSize = sizeof(dwArraySize); /* Temporary reuse */ - if ((res = RegQueryValueEx( hKeyPerflib, - "Last Counter", - NULL, - NULL, - (LPBYTE) &dwArraySize, - &dwNamesSize )) - != ERROR_SUCCESS) { - DEBUG(D_load) debug_printf("RegQueryValueEx (1): error %ld (Windows)\n", res); - return FALSE; - } - RegCloseKey( hKeyPerflib ); - /* Open the key containing the counter and object names. */ - if ((res = RegOpenKeyEx( HKEY_LOCAL_MACHINE, - "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\009", - 0, - KEY_READ, - &hKeyPerflib)) - != ERROR_SUCCESS) { - DEBUG(D_load) debug_printf("RegOpenKeyEx (2): error %ld (Windows)\n", res); - return FALSE; - } - /* Get the size of the Counter value in the key - and then read the value in the tail of NamesArray */ - dwNamesSize = 0; - lpCurrentString = NULL; - while (1) { - res = RegQueryValueEx( hKeyPerflib, - "Counter", - NULL, - NULL, - (unsigned char *) lpCurrentString, - &dwNamesSize); - if ((res == ERROR_SUCCESS) && /* Bug (NT 4.0): SUCCESS was returned on first call */ - (cygwin_load.perf->NamesArray != NULL)) break; - if ((res == ERROR_SUCCESS) || /* but cygwin_load.perf->NamesArrays == NULL */ - (res == ERROR_MORE_DATA)) { - /* Allocate memory BOTH for the names array and for the counter and object names */ - if ((cygwin_load.perf->NamesArray = - (LPSTR *) malloc( (dwArraySize + 1) * sizeof(LPSTR) + dwNamesSize * sizeof(CHAR))) - != NULL) { - /* Point to area for the counter and object names */ - lpCurrentString = (LPSTR) & cygwin_load.perf->NamesArray[dwArraySize + 1]; - continue; - } - DEBUG(D_load) debug_printf("Malloc: errno %d (%s)\n", errno, strerror(errno)); - } - else { /* Serious error */ - DEBUG(D_load) debug_printf("RegQueryValueEx (2): error %ld (Windows)\n", res); - } - return FALSE; - } - RegCloseKey( hKeyPerflib ); - /* Index the names into an array. */ - while (*lpCurrentString) { - dwCounter = atol( lpCurrentString ); - lpCurrentString += (lstrlen(lpCurrentString)+1); - cygwin_load.perf->NamesArray[dwCounter] = lpCurrentString; - lpCurrentString += (strlen(lpCurrentString)+1); - } - return TRUE; -} - -/***************************************************************** - * - Find the value of the Processor Time counter - -*****************************************************************/ -static BOOL ReadTimeCtr(PPERF_OBJECT_TYPE PerfObj, - PPERF_COUNTER_DEFINITION CurCntr, - PPERF_COUNTER_BLOCK PtrToCntr, - unsigned long long * TimePtr){ - int j; - /* Scan all counters. */ - for( j = 0; j < PerfObj->NumCounters; j++ ) { - if (CurCntr->CounterNameTitleIndex == PROCESSOR_TIME_COUNTER) { - /* Verify it is really the proc time counter */ - if ((CurCntr->CounterType != PERF_100NSEC_TIMER_INV) || /* Wrong type */ - ((cygwin_load.perf->NamesArray != NULL) && /* Verify name */ - (strcmp(cygwin_load.perf->NamesArray[CurCntr->CounterNameTitleIndex], - PROCESSOR_TIME_NAME)))) { - log_write(0, LOG_MAIN|LOG_PANIC, - "Incorrect Perf counter type or name %x %s", - (unsigned) CurCntr->CounterType, - cygwin_load.perf->NamesArray[CurCntr->CounterNameTitleIndex]); - return FALSE; - } - *TimePtr += *(unsigned long long int *) ((PBYTE) PtrToCntr + CurCntr->CounterOffset); - return TRUE; /* return TRUE as soon as we found the counter */ - } - /* Get the next counter. */ - CurCntr = NextCounter( CurCntr ); - } - return FALSE; -} - -/***************************************************************** - * - ReadStat() - Measures current Time100ns and IdleCount - Return TRUE if success. - - *****************************************************************/ -static BOOL ReadStat(unsigned long long int *Time100nsPtr, - unsigned long long int * IdleCountPtr) -{ - PPERF_OBJECT_TYPE PerfObj; - PPERF_INSTANCE_DEFINITION PerfInst; - PPERF_COUNTER_DEFINITION PerfCntr; - PPERF_COUNTER_BLOCK PtrToCntr; - DWORD i, k, res; - - /* Get the performance data for the Processor object - There is no need to open a key. - We may need to blindly increase the buffer size. - BufferSize does not return info but may be changed */ - while (1) { - DWORD BufferSize = cygwin_load.perf->BufferSize; - res = RegQueryValueEx( HKEY_PERFORMANCE_DATA, - PROCESSOR_OBJECT_STRING, - NULL, - NULL, - (LPBYTE) cygwin_load.perf->PerfData, - &BufferSize ); - if (res == ERROR_SUCCESS) break; - if (res == ERROR_MORE_DATA ) { - /* Increment if necessary to get a buffer that is big enough. */ - cygwin_load.perf->BufferSize += BYTEINCREMENT; - if ((cygwin_load.perf->PerfData = - (PPERF_DATA_BLOCK) realloc( cygwin_load.perf->PerfData, cygwin_load.perf->BufferSize )) - != NULL) continue; - DEBUG(D_load) debug_printf("Malloc: errno %d (%s)\n", errno, strerror(errno)); - } - else { /* Serious error */ - DEBUG(D_load) debug_printf("RegQueryValueEx (3): error %ld (Windows)\n", res); - } - return FALSE; - } - /* Initialize the counters */ - *Time100nsPtr = 0; - *IdleCountPtr = 0; - /* We should only have one object, but write general code just in case. */ - PerfObj = FirstObject( cygwin_load.perf->PerfData ); - for( i = 0; i < cygwin_load.perf->PerfData->NumObjectTypes; i++ ) { - /* We are only interested in the processor object */ - if ( PerfObj->ObjectNameTitleIndex == PROCESSOR_OBJECT_INDEX) { - /* Possibly verify it is really the Processor object. */ - if ((cygwin_load.perf->NamesArray != NULL) && - (strcmp(cygwin_load.perf->NamesArray[PerfObj->ObjectNameTitleIndex], - PROCESSOR_OBJECT_NAME))) { - log_write(0, LOG_MAIN|LOG_PANIC, - "Incorrect Perf object name %s", - cygwin_load.perf->NamesArray[PerfObj->ObjectNameTitleIndex]); - return FALSE; - } - /* Get the first counter */ - PerfCntr = FirstCounter( PerfObj ); - /* See if the object has instances. - It should, but write general code. */ - if( PerfObj->NumInstances != PERF_NO_INSTANCES ) { - PerfInst = FirstInstance( PerfObj ); - for( k = 0; k < PerfObj->NumInstances; k++ ) { - /* There can be several processors. - Accumulate both the Time100ns and the idle counter. - Starting with Win2000 there is an instance named "_Total". - Do not use it. We only use instances with a single - character in the name. - If we examine the object names, we also look at the instance - names and their lengths and issue reports */ - if ( cygwin_load.perf->NamesArray != NULL) { - CHAR ascii[30]; /* The name is in unicode */ - wsprintf(ascii,"%.29lS", - (char *)((PBYTE)PerfInst + PerfInst->NameOffset)); - log_write(0, LOG_MAIN, - "Perf: Found processor instance \"%s\", length %d", - ascii, PerfInst->NameLength); - if ((PerfInst->NameLength != 4) && - (strcmp(ascii, "_Total") != 0)) { - log_write(0, LOG_MAIN|LOG_PANIC, - "Perf: WARNING: Unexpected processor instance name"); - return FALSE; - } - } - if (PerfInst->NameLength == 4) { - *Time100nsPtr += cygwin_load.perf->PerfData->PerfTime100nSec.QuadPart; - PtrToCntr = InstanceCounterBlock(PerfInst); - if (! ReadTimeCtr(PerfObj, PerfCntr, PtrToCntr, IdleCountPtr)) { - return FALSE; - } - } - PerfInst = NextInstance( PerfInst ); - } - return (*Time100nsPtr != 0); /* Something was read */ - } - else { /* No instance, just the counter data */ - *Time100nsPtr = cygwin_load.perf->PerfData->PerfTime100nSec.QuadPart; - PtrToCntr = ObjectCounterBlock(PerfObj); - return ReadTimeCtr(PerfObj, PerfCntr, PtrToCntr, IdleCountPtr); - } - } - PerfObj = NextObject( PerfObj ); - } - return FALSE; /* Did not find the Processor object */ -} - -#elif defined(PERF_METHOD2) - -/************************************************************* - METHOD 2 - - Uses NtQuerySystemInformation. - This requires definitions that are not part of - standard include files. -*************************************************************/ #include typedef enum _SYSTEM_INFORMATION_CLASS @@ -669,10 +357,9 @@ static BOOL LoadNtdll() return TRUE; DEBUG(D_load) - debug_printf("perf: load: %ld (Windows)\n", GetLastError()); + debug_printf("perf: load: %u (Windows)\n", GetLastError()); return FALSE; } - /***************************************************************** * ReadStat() @@ -694,7 +381,7 @@ static BOOL ReadStat(unsigned long long int *Time100nsPtr, (PVOID) &sbi, sizeof sbi, NULL)) != STATUS_SUCCESS) { DEBUG(D_load) - debug_printf("Perf: NtQuerySystemInformation: %lu (Windows)\n", + debug_printf("Perf: NtQuerySystemInformation: %u (Windows)\n", RtlNtStatusToDosError(ret)); } else if (!(spt = (PSYSTEM_PROCESSOR_TIMES) alloca(sizeof(spt[0]) * sbi.NumberProcessors))) { @@ -705,7 +392,7 @@ static BOOL ReadStat(unsigned long long int *Time100nsPtr, sizeof spt[0] * sbi.NumberProcessors, NULL)) != STATUS_SUCCESS) { DEBUG(D_load) - debug_printf("Perf: NtQuerySystemInformation: %lu (Windows)\n", + debug_printf("Perf: NtQuerySystemInformation: %u (Windows)\n", RtlNtStatusToDosError(ret)); } else { @@ -719,7 +406,6 @@ static BOOL ReadStat(unsigned long long int *Time100nsPtr, } return FALSE; } -#endif /* PERF_METHODX */ /***************************************************************** * @@ -736,14 +422,6 @@ static void InitLoadAvg(cygwin_perf_t *this) QueryPerformanceFrequency((LARGE_INTEGER *)& this->PerfFreq); QueryPerformanceCounter((LARGE_INTEGER *)& this->LastCounter); -#ifdef PERF_METHOD1 - DEBUG(D_load) { - /* Get the name strings through the registry - to verify that the object and counter numbers - have the names we expect */ - success = GetNameStrings(); - } -#endif /* Get initial values for Time100ns and IdleCount */ success = success && ReadStat( & this->Time100ns, @@ -754,13 +432,6 @@ static void InitLoadAvg(cygwin_perf_t *this) log_write(0, LOG_MAIN, "Cannot obtain Load Average"); this->LastLoad = -1; } -#ifdef PERF_METHOD1 - /* Free the buffer created for debug name verification */ - if (this->NamesArray != NULL) { - free(this->NamesArray); - this->NamesArray = NULL; - } -#endif } @@ -791,24 +462,22 @@ int os_getloadavg() BOOL new; cygwin_load.pid = newpid; -#ifdef PERF_METHOD2 if (!LoadNtdll()) { log_write(0, LOG_MAIN, "Cannot obtain Load Average"); cygwin_load.perf = NULL; return -1; } -#endif if ((new = !cygwin_load.handle)) { cygwin_load.handle = CreateFileMapping (INVALID_HANDLE_VALUE, &sa, PAGE_READWRITE, 0, sizeof(cygwin_perf_t), NULL); DEBUG(D_load) - debug_printf("Perf: CreateFileMapping: handle %x\n", (unsigned) cygwin_load.handle); + debug_printf("Perf: CreateFileMapping: handle %p\n", (void *) cygwin_load.handle); } cygwin_load.perf = (cygwin_perf_t *) MapViewOfFile (cygwin_load.handle, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0); DEBUG(D_load) - debug_printf("Perf: MapViewOfFile: addr %x\n", (unsigned) cygwin_load.perf); + debug_printf("Perf: MapViewOfFile: addr %p\n", (void *) cygwin_load.perf); if (new && cygwin_load.perf) InitLoadAvg(cygwin_load.perf); } diff --git a/OS/os.h-AIX b/OS/os.h-AIX index f3a84f2..5cd4501 100644 --- a/OS/os.h-AIX +++ b/OS/os.h-AIX @@ -20,4 +20,8 @@ typedef struct flock flock_t; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + + /* End */ diff --git a/OS/os.h-BSDI b/OS/os.h-BSDI index cd91936..a1705ec 100644 --- a/OS/os.h-BSDI +++ b/OS/os.h-BSDI @@ -5,7 +5,11 @@ #define HAVE_MMAP #define HAVE_SYS_MOUNT_H #define SIOCGIFCONF_GIVES_ADDR +#define OS_UNSETENV typedef struct flock flock_t; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-DGUX b/OS/os.h-DGUX index 838ddd9..9040f0e 100644 --- a/OS/os.h-DGUX +++ b/OS/os.h-DGUX @@ -22,4 +22,7 @@ forego the detection of some source-routing based IP attacks. */ #define NO_IP_OPTIONS +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-Darwin b/OS/os.h-Darwin index 559003f..f408740 100644 --- a/OS/os.h-Darwin +++ b/OS/os.h-Darwin @@ -42,4 +42,7 @@ updating Exim to use the newer interface. */ #define OFF_T_FMT "%lld" #define LONGLONG_T long int +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-DragonFly b/OS/os.h-DragonFly index 669bb23..4c2f1d5 100644 --- a/OS/os.h-DragonFly +++ b/OS/os.h-DragonFly @@ -7,4 +7,7 @@ typedef struct flock flock_t; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-FreeBSD b/OS/os.h-FreeBSD index c5ed042..bf43e0a 100644 --- a/OS/os.h-FreeBSD +++ b/OS/os.h-FreeBSD @@ -10,4 +10,28 @@ typedef struct flock flock_t; +/* iconv arg2 type: libiconv in Ports uses "const char* * inbuf" and was + * traditionally the only approach available. The iconv functionality + * in libc is "char ** restrict src". + * + * + * says that libc has iconv since 2013, in 10-CURRENT. FreeBSD man-pages + * shows it included in 10.0-RELEASE. Writing this in 2017, 10.3 is the + * oldest supported release, so we should assume non-libiconv by default. + * (Actually, people still using old releases past EOL; we shouldn't support + * them but I don't want to deal with howls of complaints because we dare + * to not support the unsupported, so guard this on FreeBSD 10+) + * + * Thus we no longer override iconv. + * + * However, if libiconv is installed, and anything adds /usr/local/include + * to include-path (likely) then we'll get that. So define a variable + * which makes the libiconv try to not interfere with OS iconv. + */ +#if __FreeBSD__ >= 10 +# define LIBICONV_PLUG +#endif +/* for more specific version constraints, include and look at + * __FreeBSD_version */ + /* End */ diff --git a/OS/os.h-GNU b/OS/os.h-GNU index cc4da0e..4499316 100644 --- a/OS/os.h-GNU +++ b/OS/os.h-GNU @@ -17,4 +17,7 @@ typedef struct flock flock_t; /* Hurd-specific bits below */ +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-GNUkFreeBSD b/OS/os.h-GNUkFreeBSD index e60690f..ab35031 100644 --- a/OS/os.h-GNUkFreeBSD +++ b/OS/os.h-GNUkFreeBSD @@ -19,4 +19,7 @@ typedef struct flock flock_t; #define HAVE_SYS_MOUNT_H #define SIOCGIFCONF_GIVES_ADDR +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-GNUkNetBSD b/OS/os.h-GNUkNetBSD index 121f2d3..bc3bc25 100644 --- a/OS/os.h-GNUkNetBSD +++ b/OS/os.h-GNUkNetBSD @@ -19,4 +19,7 @@ typedef struct flock flock_t; #define HAVE_SYS_MOUNT_H #define SIOCGIFCONF_GIVES_ADDR +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-HI-OSF b/OS/os.h-HI-OSF index 76bd429..0f50fb6 100644 --- a/OS/os.h-HI-OSF +++ b/OS/os.h-HI-OSF @@ -6,4 +6,7 @@ typedef struct flock flock_t; #define F_FREESP O_TRUNC #define DN_EXPAND_ARG4_TYPE u_char * +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-HI-UX b/OS/os.h-HI-UX index 97b83ed..f3df963 100644 --- a/OS/os.h-HI-UX +++ b/OS/os.h-HI-UX @@ -15,4 +15,7 @@ typedef struct flock flock_t; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-HP-UX b/OS/os.h-HP-UX index 87e4dfc..4998734 100644 --- a/OS/os.h-HP-UX +++ b/OS/os.h-HP-UX @@ -1,6 +1,5 @@ /* Exim: OS-specific C header file for HP-UX versions greater than 9 */ -#define ICONV_ARG2_TYPE char ** #define EXIM_SOCKLEN_T size_t #define LOAD_AVG_NEEDS_ROOT @@ -24,4 +23,12 @@ typedef struct __res_state *res_state; #define strtoll(a,b,c) strtoimax(a,b,c) +/* Determined by sockaddr_un */ + +struct sockaddr_storage +{ + short ss_family; + char __ss_padding[92]; +}; + /* End */ diff --git a/OS/os.h-HP-UX-9 b/OS/os.h-HP-UX-9 index dab965e..5a260d6 100644 --- a/OS/os.h-HP-UX-9 +++ b/OS/os.h-HP-UX-9 @@ -17,4 +17,7 @@ typedef struct flock flock_t; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-IRIX b/OS/os.h-IRIX index ac5a6b3..1d4bf46 100644 --- a/OS/os.h-IRIX +++ b/OS/os.h-IRIX @@ -14,7 +14,4 @@ #define F_FAVAIL f_favail #define vfork fork -/* Other OS have "const" in here */ -#define ICONV_ARG2_TYPE char ** - /* End */ diff --git a/OS/os.h-IRIX6 b/OS/os.h-IRIX6 index c41a234..bf30767 100644 --- a/OS/os.h-IRIX6 +++ b/OS/os.h-IRIX6 @@ -13,7 +13,4 @@ #define F_FAVAIL f_favail #define vfork fork -/* Other OS have "const" in here */ -#define ICONV_ARG2_TYPE char ** - /* End */ diff --git a/OS/os.h-IRIX632 b/OS/os.h-IRIX632 index 0196931..90f1c58 100644 --- a/OS/os.h-IRIX632 +++ b/OS/os.h-IRIX632 @@ -15,7 +15,4 @@ #define F_FAVAIL f_favail #define vfork fork -/* Other OS have "const" in here */ -#define ICONV_ARG2_TYPE char ** - /* End */ diff --git a/OS/os.h-IRIX65 b/OS/os.h-IRIX65 index 683c66a..4b248fe 100644 --- a/OS/os.h-IRIX65 +++ b/OS/os.h-IRIX65 @@ -13,7 +13,4 @@ #define F_FAVAIL f_favail #define vfork fork -/* Other OS have "const" in here */ -#define ICONV_ARG2_TYPE char ** - /* End */ diff --git a/OS/os.h-Linux b/OS/os.h-Linux index 3fead17..cc1cef9 100644 --- a/OS/os.h-Linux +++ b/OS/os.h-Linux @@ -44,9 +44,6 @@ storage" as quickly as Exim thinks they are. */ #define NEED_SYNC_DIRECTORY -/* Other OS have "const" in here */ -#define ICONV_ARG2_TYPE char ** - #define os_find_running_interfaces os_find_running_interfaces_linux /* Need a prototype for the Linux-specific function. The structure hasn't @@ -68,5 +65,15 @@ then change the 0 to 1 in the next block. */ # define LLONG_MAX LONG_LONG_MAX #endif +#if _POSIX_C_SOURCE >= 200809L || _ATFILE_SOUCE +# define EXIM_HAVE_OPENAT +#endif + +#include /* for TCP_FASTOPEN */ +#include /* for MSG_FASTOPEN */ +#if defined(TCP_FASTOPEN) && !defined(MSG_FASTOPEN) +# define MSG_FASTOPEN 0x20000000 +#endif + /* End */ diff --git a/OS/os.h-NetBSD b/OS/os.h-NetBSD index 19a8ac0..d2d3e0d 100644 --- a/OS/os.h-NetBSD +++ b/OS/os.h-NetBSD @@ -22,4 +22,7 @@ typedef struct flock flock_t; #define HAVE_SYS_STATVFS_H #endif +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-OSF1 b/OS/os.h-OSF1 index f04a5b7..6b5fa49 100644 --- a/OS/os.h-OSF1 +++ b/OS/os.h-OSF1 @@ -13,7 +13,4 @@ changed. */ /* Still not "socklen_t", which is the most common setting */ #define EXIM_SOCKLEN_T int -/* The default for this is "const char **" */ -#define ICONV_ARG2_TYPE char ** - /* End */ diff --git a/OS/os.h-OpenBSD b/OS/os.h-OpenBSD index 55bade6..5d55a96 100644 --- a/OS/os.h-OpenBSD +++ b/OS/os.h-OpenBSD @@ -5,6 +5,13 @@ #define HAVE_SYS_MOUNT_H #define SIOCGIFCONF_GIVES_ADDR #define HAVE_ARC4RANDOM +/* In May 2014, OpenBSD 5.5 was released which cleaned up the arc4random_* API + which removed the arc4random_stir() function. Set NOT_HAVE_ARC4RANDOM_STIR + if the version released is past that point. */ +#include +#if OpenBSD >= 201405 +#define NOT_HAVE_ARC4RANDOM_STIR +#endif typedef struct flock flock_t; @@ -13,4 +20,11 @@ typedef struct flock flock_t; typedef struct __res_state *res_state; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + +#ifndef EPROTO +# define EPROTO 71 +#endif + /* End */ diff --git a/OS/os.h-OpenUNIX b/OS/os.h-OpenUNIX index 90be8d5..67d1063 100644 --- a/OS/os.h-OpenUNIX +++ b/OS/os.h-OpenUNIX @@ -13,4 +13,7 @@ #define _SVID3 #define NEED_H_ERRNO +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-QNX b/OS/os.h-QNX index 106b0a6..798f799 100644 --- a/OS/os.h-QNX +++ b/OS/os.h-QNX @@ -18,4 +18,7 @@ doesn't have/need this header file. From Karsten P. Hoffmann. */ extern int h_errno; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-SCO b/OS/os.h-SCO index 07d21bd..e5e915e 100644 --- a/OS/os.h-SCO +++ b/OS/os.h-SCO @@ -15,4 +15,7 @@ #define _SVID3 #define NEED_H_ERRNO +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-SCO_SV b/OS/os.h-SCO_SV index 486fcbe..0ca29f7 100644 --- a/OS/os.h-SCO_SV +++ b/OS/os.h-SCO_SV @@ -13,4 +13,7 @@ #define _SVID3 #define NEED_H_ERRNO +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-SunOS4 b/OS/os.h-SunOS4 index b0deefc..6555620 100644 --- a/OS/os.h-SunOS4 +++ b/OS/os.h-SunOS4 @@ -33,4 +33,7 @@ flag causes this to get done in exim.h. */ #define FUDGE_GETC_AND_FRIENDS +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-SunOS5 b/OS/os.h-SunOS5 index 8bc0799..dfbd8f1 100644 --- a/OS/os.h-SunOS5 +++ b/OS/os.h-SunOS5 @@ -28,4 +28,24 @@ it seems. */ #define PAM_CONVERSE_ARG2_TYPE struct pam_message + +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + +#if _POSIX_C_SOURCE < 200112L +# define MISSING_UNSETENV_3 +#endif + + +/* SunOS5 doesn't accept getcwd(NULL, 0) to auto-allocate +a buffer */ + +#define OS_GETCWD + + +#ifndef MIN +# define MIN(a,b) (((a)<(b))?(a):(b)) +# define MAX(a,b) (((a)>(b))?(a):(b)) +#endif + /* End */ diff --git a/OS/os.h-SunOS5-hal b/OS/os.h-SunOS5-hal index 044e09b..cd9e877 100644 --- a/OS/os.h-SunOS5-hal +++ b/OS/os.h-SunOS5-hal @@ -8,4 +8,7 @@ #define LOAD_AVG_SYMBOL "avenrun_1min" #define LOAD_AVG_FIELD value.ul +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-ULTRIX b/OS/os.h-ULTRIX index 9985af2..08db5ae 100644 --- a/OS/os.h-ULTRIX +++ b/OS/os.h-ULTRIX @@ -12,4 +12,7 @@ a minority operating system, easiest just to say "no" until someone asks. */ #define NO_OPENLOG typedef struct flock flock_t; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-UNIX_SV b/OS/os.h-UNIX_SV index 9ad824a..4943a07 100644 --- a/OS/os.h-UNIX_SV +++ b/OS/os.h-UNIX_SV @@ -19,4 +19,7 @@ #define _SVID3 #define NEED_H_ERRNO +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-USG b/OS/os.h-USG index 1c780ee..e769220 100644 --- a/OS/os.h-USG +++ b/OS/os.h-USG @@ -13,4 +13,7 @@ #define _SVID3 #define NEED_H_ERRNO +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-Unixware7 b/OS/os.h-Unixware7 index 1592094..4d3ed42 100644 --- a/OS/os.h-Unixware7 +++ b/OS/os.h-Unixware7 @@ -2,7 +2,6 @@ #define NO_SYSEXITS -#define ICONV_ARG2_TYPE char ** #define EXIM_SOCKLEN_T size_t #define LOAD_AVG_NEEDS_ROOT diff --git a/OS/os.h-cygwin b/OS/os.h-cygwin index 740300a..6ef59e0 100644 --- a/OS/os.h-cygwin +++ b/OS/os.h-cygwin @@ -1,19 +1,7 @@ /* Exim: OS-specific C header file for Cygwin */ -/* This code was supplied by Pierre A. Humblet */ - -/* Define the OS_INIT macro that we insert in exim.c:main() - to set the root and exim uid depending on the system */ -/* We use a special routine to initialize */ -void cygwin_init(int, char **, void *, void *, void *, void *, void *); -#define OS_INIT\ - cygwin_init(argc, (char **) argv, &root_uid, &exim_uid, &exim_gid, &config_uid, &config_gid); - -/* We need a special mkdir that - allows names starting with // */ -#include /* Do not redefine mkdir in sys/stat.h */ -int cygwin_mkdir( const char *_path, mode_t __mode ); -#define mkdir cygwin_mkdir /* redefine mkdir elsewhere */ +/* This code was supplied by Pierre A. Humblet + December 2002. Updated Jan 2015. */ /* Redefine the set*id calls to run when faking root */ #include /* Do not redefine in unitsd.h */ @@ -22,8 +10,8 @@ int cygwin_setgid(gid_t gid ); #define setuid cygwin_setuid #define setgid cygwin_setgid -extern unsigned int cygwin_WinVersion; - +#define os_strsignal strsignal +#define OS_STRSIGNAL #define BASE_62 36 /* Windows aliases lower and upper cases in filenames. Consider reducing MAX_LOCALHOST_NUMBER */ #define CRYPT_H @@ -31,7 +19,6 @@ extern unsigned int cygwin_WinVersion; #define HAVE_SYS_VFS_H #define NO_IP_VAR_H #define NO_IP_OPTIONS -#define F_FREESP O_TRUNC /* Defining LOAD_AVG_NEEDS_ROOT causes an initial call to os_getloadavg. In our case this is beneficial because it initializes the counts */ @@ -48,4 +35,7 @@ struct { \ DWORD SubAuthority[n]; \ } name = { SID_REVISION, n, {SECURITY_NT_AUTHORITY}, {sid}} +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/OS/os.h-mips b/OS/os.h-mips index 79f3ff2..325e3a1 100644 --- a/OS/os.h-mips +++ b/OS/os.h-mips @@ -21,4 +21,7 @@ extern char *strerror(int); extern int sys_nerr; extern char *sys_errlist[]; +/* default is non-const */ +#define ICONV_ARG2_TYPE const char ** + /* End */ diff --git a/README.DSN b/README.DSN index 68d1641..d700dd0 100644 --- a/README.DSN +++ b/README.DSN @@ -113,7 +113,7 @@ ChangeLog *) dsn_process switch removed *) every router "processes" DSN by default - *) there is no possibilty to "gag" DSN anymore since this violates RFC + *) there is no possibility to "gag" DSN anymore since this violates RFC *) dsn_lasthop switch added for routers *) if dsn_lasthop is set by a router it is handled as relaying to a non DSN aware relay. success mails are sent if Exim successfully diff --git a/README.UPDATING b/README.UPDATING index 590642f..05b3d9d 100644 --- a/README.UPDATING +++ b/README.UPDATING @@ -26,6 +26,39 @@ The rest of this document contains information about changes in 4.xx releases that might affect a running system. +Exim version 4.89 +----------------- + + * SMTP CHUNKING in Exim 4.88 did not ensure that received mails had a final + newline; attempts to deliver such messages onwards to non-chunking hosts + would probably hang, as Exim does not insert the newline before a ".". + In 4.89, the newline is added upon receipt. For already-received messages + in your queue, try util/chunking_fixqueue_finalnewlines.pl + to walk the queue, fixing any affected messages. Note that because a + delivery attempt will be hanging, attempts to lock the messages for fixing + them will stall; stopping all queue-runners temporarily is recommended. + + * OpenSSL: oldest supported release series is now 1.0.2, which is the oldest + supported by the OpenSSL project. If you can build Exim with an older + release series, congratulations. If you can't, then upgrade. + The file doc/openssl.txt contains instructions for installing a current + OpenSSL outside the system library paths and building Exim to use it. + + * FreeBSD: we now always use the system iconv in libc, as all versions of + FreeBSD supported by the FreeBSD project provide this functionality. + + +Exim version 4.88 +----------------- + + * The "demime" ACL condition, deprecated for the past 10 years, has + now been removed. + + * Old GnuTLS configuration options "gnutls_require_kx", "gnutls_require_mac", + and "gnutls_require_protocols" have now been removed. (Inoperative from + 4.80, per below; logging warnings since 4.83, again per below). + + Exim version 4.83 ----------------- @@ -530,7 +563,7 @@ Version 4.23 3. Version 4.23 saves the contents of the ACL variables with the message, so that they can be used later. If one of these variables contains a newline, there will be a newline character in the spool that will not be interpreted - correctely by a previous version of Exim. (Exim ignores keyed spool file + correctly by a previous version of Exim. (Exim ignores keyed spool file items that it doesn't understand - precisely for this kind of problem - but it expects them all to be on one line.) diff --git a/conf b/conf new file mode 100644 index 0000000..1619c0d --- /dev/null +++ b/conf @@ -0,0 +1,2 @@ +perl_startup = $| = 1; print "<${^TAINT}>\n"; +perl_taintmode = yes diff --git a/doc/ChangeLog b/doc/ChangeLog index bea6b1a..5641694 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,678 @@ Change log file for Exim from version 4.21 -------------------------------------------- +------------------------------------------ +This document describes *changes* to previous versions, that might +affect Exim's operation, with an unchanged configuration file. For new +options, and new features, see the NewStuff file next to this ChangeLog. + + +Exim version 4.89 +----------------- + +JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules + than -2003 did; needs libidn2 in addition to libidn. + +JH/02 The path option on a pipe transport is now expanded before use. + +PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections. + Patch provided by "Björn", documentation fix added too. + +JH/03 Bug 2003: fix Proxy Protocol v2 handling: the address size field was + missing a wire-to-host endian conversion. + +JH/04 Bug 2004: fix CHUNKING in non-PIPELINEING mode. Chunk data following + close after a BDAT command line could be taken as a following command, + giving a synch failure. Fix by only checking for synch immediately + before acknowledging the chunk. + +PP/02 GitHub PR 52: many spelling fixes, which include fixing parsing of + no_require_dnssec option and creation of _HAVE_TRANSPORT_APPEND_MAILDIR + macro. Patches provided by Josh Soref. + +JH/05 Have the EHLO response advertise VRFY, if there is a vrfy ACL defined. + Previously we did not; the RFC seems ambiguous and VRFY is not listed + by IANA as a service extension. However, John Klensin suggests that we + should. + +JH/06 Bug 2017: Fix DKIM verification in -bh test mode. The data feed into + the dkim code may be unix-mode line endings rather than smtp wire-format + CRLF, so prepend a CR to any bare LF. + +JH/07 Rationalise the coding for callout smtp conversations and transport ones. + As a side-benfit, callouts can now use PIPELINING hence fewer round-trips. + +JH/08 Bug 2016: Fix DKIM verification vs. CHUNKING. Any BDAT commands after + the first were themselves being wrongly included in the feed into dkim + processing; with most chunk sizes in use this resulted in an incorrect + body hash calculated value. + +JH/09 Bug 2014: permit inclusion of a DKIM-Signature header in a received + DKIM signature block, for verification. Although advised against by + standards it is specifically not ruled illegal. + +JH/10 Bug 2025: Fix reception of (quoted) local-parts with embedded spaces. + +JH/11 Bug 2029: Fix crash in DKIM verification when a message signature block is + missing a body hash (the bh= tag). + +JH/12 Bug 2018: Re-order Proxy Protocol startup versus TLS-on-connect startup. + It seems that HAProxy sends the Proxy Protocol information in clear and + only then does a TLS startup, so do the same. + +JH/13 Bug 2027: Avoid attempting to use TCP Fast Open for non-transport client + TCP connections (such as for Spamd) unless the daemon successfully set + Fast Open mode on its listening sockets. This fixes breakage seen on + too-old kernels or those not configured for Fast Open, at the cost of + requiring both directions being enabled for TFO, and TFO never being used + by non-daemon-related Exim processes. + +JH/14 Bug 2000: Reject messages recieved with CHUNKING but with malformed line + endings, at least on the first header line. Try to canonify any that get + past that check, despite the cost. + +JH/15 Angle-bracket nesting (an error inserted by broken sendmails) levels are + now limited to an arbitrary five deep, while parsing addresses with the + strip_excess_angle_brackets option enabled. + +PP/03 Bug 2018: For Proxy Protocol and TLS-on-connect, do not over-read and + instead leave the unprompted TLS handshake in socket buffer for the + TLS library to consume. + +PP/04 Bug 2018: Also handle Proxy Protocol v2 safely. + +PP/05 FreeBSD compat: handle that Ports no longer create /usr/bin/perl + +JH/16 Drop variables when they go out of scope. Memory management drops a whole + region in one operation, for speed, and this leaves assigned pointers + dangling. Add checks run only under the testsuite which checks all + variables at a store-reset and panics on a dangling pointer; add code + explicitly nulling out all the variables discovered. Fixes one known + bug: a transport crash, where a dangling pointer for $sending_ip_address + originally assigned in a verify callout, is re-used. + +PP/06 Drop '.' from @INC in various Perl scripts. + +PP/07 Switch FreeBSD iconv to always use the base-system libc functions. + +PP/08 Reduce a number of compilation warnings under clang; building with + CC=clang CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses + should be warning-free. + +JH/17 Fix inbound CHUNKING when DKIM disabled at runtime. + +HS/01 Fix portability problems introduced by PP/08 for platforms where + realloc(NULL) is not equivalent to malloc() [SunOS et al]. + +HS/02 Bug 1974: Fix missing line terminator on the last received BDAT + chunk. This allows us to accept broken chunked messages. We need a more + general solution here. + +PP/09 Wrote util/chunking_fixqueue_finalnewlines.pl to help recover + already-broken messages in the queue. + +JH/18 Bug 2061: Fix ${extract } corrupting an enclosing ${reduce } $value. + +JH/19 Fix reference counting bug in routing-generated-address tracking. + + +Exim version 4.88 +----------------- + +JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination + supports it and a size is available (ie. the sending peer gave us one). + +JH/02 The obsolete acl condition "demime" is removed (finally, after ten + years of being deprecated). The replacements are the ACLs + acl_smtp_mime and acl_not_smtp_mime. + +JH/03 Upgrade security requirements imposed for hosts_try_dane: previously + a downgraded non-dane trust-anchor for the TLS connection (CA-style) + or even an in-clear connection were permitted. Now, if the host lookup + was dnssec and dane was requested then the host is only used if the + TLSA lookup succeeds and is dnssec. Further hosts (eg. lower priority + MXs) will be tried (for hosts_try_dane though not for hosts_require_dane) + if one fails this test. + This means that a poorly-configured remote DNS will make it incommunicado; + but it protects against a DNS-interception attack on it. + +JH/04 Bug 1810: make continued-use of an open smtp transport connection + non-noisy when a race steals the message being considered. + +JH/05 If main configuration option tls_certificate is unset, generate a + self-signed certificate for inbound TLS connections. + +JH/06 Bug 165: hide more cases of password exposure - this time in expansions + in rewrites and routers. + +JH/07 Retire gnutls_require_mac et.al. These were nonfunctional since 4.80 + and logged a warning sing 4.83; now they are a configuration file error. + +JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name + (lacking @domain). Apply the same qualification processing as RCPT. + +JH/09 Bug 1804: Avoid writing msglog files when in -bh or -bhc mode. + +JH/10 Support ${sha256:} applied to a string (as well as the previous + certificate). + +JH/11 Cutthrough: avoid using the callout hints db on a verify callout when + a cutthrough deliver is pending, as we always want to make a connection. + This also avoids re-routing the message when later placing the cutthrough + connection after a verify cache hit. + Do not update it with the verify result either. + +JH/12 Cutthrough: disable when verify option success_on_redirect is used, and + when routing results in more than one destination address. + +JH/13 Cutthrough: expand transport dkim_domain option when testing for dkim + signing (which inhibits the cutthrough capability). Previously only + the presence of an option was tested; now an expansion evaluating as + empty is permissible (obviously it should depend only on data available + when the cutthrough connection is made). + +JH/14 Fix logging of errors under PIPELINING. Previously the log line giving + the relevant preceding SMTP command did not note the pipelining mode. + +JH/15 Fix counting of empty lines in $body_linecount and $message_linecount. + Previously they were not counted. + +JH/16 DANE: treat a TLSA lookup response having all non-TLSA RRs, the same + as one having no matching records. Previously we deferred the message + that needed the lookup. + +JH/17 Fakereject: previously logged as a normal message arrival "<="; now + distinguished as "(=". + +JH/18 Bug 1867: make the fail_defer_domains option on a dnslookup router work + for missing MX records. Previously it only worked for missing A records. + +JH/19 Bug 1850: support Radius libraries that return REJECT_RC. + +JH/20 Bug 1872: Ensure that acl_smtp_notquit is run when the connection drops + after the data-go-ahead and data-ack. Patch from Jason Betts. + +JH/21 Bug 1846: Send DMARC forensic reports for reject and quarantine results, + even for a "none" policy. Patch from Tony Meyer. + +JH/22 Fix continued use of a connection for further deliveries. If a port was + specified by a router, it must also match for the delivery to be + compatible. + +JH/23 Bug 1874: fix continued use of a connection for further deliveries. + When one of the recipients of a message was unsuitable for the connection + (has no matching addresses), we lost track of needing to mark it + deferred. As a result mail would be lost. + +JH/24 Bug 1832: Log EHLO response on getting conn-close response for HELO. + +JH/25 Decoding ACL controls is now done using a binary search; the source code + takes up less space and should be simpler to maintain. Merge the ACL + condition decode tables also, with similar effect. + +JH/26 Fix problem with one_time used on a redirect router which returned the + parent address unchanged. A retry would see the parent address marked as + delivered, so not attempt the (identical) child. As a result mail would + be lost. + +JH/27 Fix a possible security hole, wherein a process operating with the Exim + UID can gain a root shell. Credit to http://www.halfdog.net/ for + discovery and writeup. Ubuntu bug 1580454; no bug raised against Exim + itself :( + +JH/28 Enable {spool,log} filesystem space and inode checks as default. + Main config options check_{log,spool}_{inodes,space} are now + 100 inodes, 10MB unless set otherwise in the configuration. + +JH/29 Fix the connection_reject log selector to apply to the connect ACL. + Previously it only applied to the main-section connection policy + options. + +JH/30 Bug 1897: fix callouts connection fallback from TLS to cleartext. + +PP/01 Changed default Diffie-Hellman parameters to be Exim-specific, created + by me. Added RFC7919 DH primes as an alternative. + +PP/02 Unbreak build via pkg-config with new hash support when crypto headers + are not in the system include path. + +JH/31 Fix longstanding bug with aborted TLS server connection handling. Under + GnuTLS, when a session startup failed (eg because the client disconnected) + Exim did stdio operations after fclose. This was exposed by a recent + change which nulled out the file handle after the fclose. + +JH/32 Bug 1909: Fix OCSP proof verification for cases where the proof is + signed directly by the cert-signing cert, rather than an intermediate + OCSP-signing cert. This is the model used by LetsEncrypt. + +JH/33 Bug 1914: Ensure socket is nonblocking before draining after SMTP QUIT. + +HS/01 Fix leak in verify callout under GnuTLS, about 3MB per recipient on + an incoming connection. + +HS/02 Bug 1802: Do not half-close the connection after sending a request + to rspamd. + +HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2 + fallback to "prime256v1". + +JH/34 SECURITY: Use proper copy of DATA command in error message. + Could leak key material. Remotely exploitable. CVE-2016-9963. + + +Exim version 4.87 +----------------- + +JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16 + and 3.4.4 - once the server is enabled to respond to an OCSP request + it does even when not requested, resulting in a stapling non-aware + client dropping the TLS connection. + +TF/01 Code cleanup: Overhaul the debug_selector and log_selector machinery to + support variable-length bit vectors. No functional change. + +TF/02 Improve the consistency of logging incoming and outgoing interfaces. + The I= interface field on outgoing lines is now after the H= remote + host field, same as incoming lines. There is a separate + outgoing_interface log selector which allows you to disable the + outgoing I= field. + +JH/02 Bug 728: Close logfiles after a daemon-process "exceptional" log write. + If not running log_selector +smtp_connection the mainlog would be held + open indefinitely after a "too many connections" event, including to a + deleted file after a log rotate. Leave the per net connection logging + leaving it open for efficiency as that will be quickly detected by the + check on the next write. + +HS/01 Bug 1671: Fix post transport crash. + Processing the wait- messages could crash the delivery + process if the message IDs didn't exist for some reason. When + using 'split_spool_directory=yes' the construction of the spool + file name failed already, exposing the same netto behaviour. + +JH/03 Bug 425: Capture substrings in $regex1, $regex2 etc from regex & + mime_regex ACL conditions. + +JH/04 Bug 1686: When compiled with EXPERIMENTAL_DSN_INFO: Add extra information + to DSN fail messages (bounces): remote IP, remote greeting, remote response + to HELO, local diagnostic string. + +JH/05 Downgrade message for a TLS-certificate-based authentication fail from + log line to debug. Even when configured with a tls authenticator many + client connections are expected to not authenticate in this way, so + an authenticate fail is not an error. + +HS/02 Add the Exim version string to the process info. This way exiwhat + gives some more detail about the running daemon. + +JH/06 Bug 1395: time-limit caching of DNS lookups, to the TTL value. This may + matter for fast-change records such as DNSBLs. + +JH/07 Bug 1678: Always record an interface option value, if set, as part of a + retry record, even if constant. There may be multiple transports with + different interface settings and the retry behaviour needs to be kept + distinct. + +JH/08 Bug 1586: exiqgrep now refuses to run if there are unexpected arguments. + +JH/09 Bug 1700: ignore space & tab embedded in base64 during decode. + +JH/10 Bug 840: fix log_defer_output option of pipe transport + +JH/11 Bug 830: use same host for all RCPTS of a message, even under + hosts_randomize. This matters a lot when combined with mua_wrapper. + +JH/12 Bug 1706: percent and underbar characters are no longer escaped by the + ${quote_pgsql:} operator. + +JH/13 Bug 1708: avoid misaligned access in cached lookup. + +JH/14 Change header file name for freeradius-client. Relevant if compiling + with Radius support; from the Gentoo tree and checked under Fedora. + +JH/15 Bug 1712: Introduce $prdr_requested flag variable + +JH/16 Bug 1714: Permit an empty string as expansion result for transport + option transport_filter, meaning no filtering. + +JH/17 Bug 1713: Fix non-PDKIM_DEBUG build. Patch from Jasen Betts. + +JH/18 Bug 1709: When built with TLS support, the tls_advertise_hosts option now + defaults to "*" (all hosts). The variable is now available when not built + with TLS, default unset, mainly to enable keeping the testsuite sane. + If a server certificate is not supplied (via tls_certificate) an error is + logged, and clients will find TLS connections fail on startup. Presumably + they will retry in-clear. + Packagers of Exim are strongly encouraged to create a server certificate + at installation time. + +HS/03 Add -bP config_file as a synonym for -bP configure_file, for consistency + with the $config_file variable. + +JH/19 Two additional event types: msg:rcpt:defer and msg:rcpt:host:defer. Both + in transport context, after the attempt, and per-recipient. The latter type + is per host attempted. The event data is the error message, and the errno + information encodes the lookup type (A vs. MX) used for the (first) host, + and the trailing two digits of the smtp 4xx response. + +GF/01 Bug 1715: Fix for race condition in exicyclog, where exim could attempt + to write to mainlog (or rejectlog, paniclog) in the window between file + creation and permissions/ownership being changed. Particularly affects + installations where exicyclog is run as root, rather than exim user; + result is that the running daemon panics and dies. + +JH/20 Bug 1701: For MySQL lookups, support MySQL config file option group names. + +JH/21 Bug 1720: Add support for priority groups and weighted-random proxy + selection for the EXPERIMENTAL_SOCKS feature, via new per-proxy options + "pri" and "weight". Note that the previous implicit priority given by the + list order is no longer honoured. + +JH/22 Bugs 963, 1721: Fix some corner cases in message body canonicalization + for DKIM processing. + +JH/23 Move SOCKS5 support from Experimental to mainline, enabled for a build + by defining SUPPORT_SOCKS. + +JH/26 Move PROXY support from Experimental to mainline, enabled for a build + by defining SUPPORT_PROXY. Note that the proxy_required_hosts option + is renamed to hosts_proxy, and the proxy_{host,target}_{address,port}. + variables are renamed to proxy_{local,external}_{address,port}. + +JH/27 Move Internationalisation support from Experimental to mainline, enabled + for a build by defining SUPPORT_I18N + +JH/28 Bug 1745: Fix redis lookups to handle (quoted) spaces embedded in parts + of the query string, and make ${quote_redis:} do that quoting. + +JH/29 Move Events support from Experimental to mainline, enabled by default + and removable for a build by defining DISABLE_EVENT. + +JH/30 Updated DANE implementation code to current from Viktor Dukhovni. + +JH/31 Fix bug with hosts_connection_nolog and named-lists which were wrongly + cached by the daemon. + +JH/32 Move Redis support from Experimental to mainline, enabled for a build + by defining LOOKUP_REDIS. The libhiredis library is required. + +JH/33 Bug 1748: Permit ACL dnslists= condition in non-smtp ACLs if explicit + keys are given for lookup. + +JH/34 Bug 1192: replace the embedded copy of PolarSSL RSA routines in the DKIM + support, by using OpenSSL or GnuTLS library ones. This means DKIM is + only supported when built with TLS support. The PolarSSL SHA routines + are still used when the TLS library is too old for convenient support. + +JH/35 Require SINGLE_DH_USE by default in OpenSSL (main config option + openssl_options), for security. OpenSSL forces this from version 1.1.0 + server-side so match that on older versions. + +JH/36 Bug 1778: longstanding bug in memory use by the ${run } expansion: A fresh + allocation for $value could be released as the expansion processing + concluded, but leaving the global pointer active for it. + +JH/37 Bug 1769: Permit a VRFY ACL to override the default 252 response, + and to use the domains and local_parts ACL conditions. + +JH/38 Fix cutthrough bug with body lines having a single dot. The dot was + incorrectly not doubled on cutthrough transmission, hence seen as a + body-termination at the receiving system - resulting in truncated mails. + Commonly the sender saw a TCP-level error, and retransmitted the message + via the normal store-and-forward channel. This could result in duplicates + received - but deduplicating mailstores were liable to retain only the + initial truncated version. + +JH/39 Bug 1781: Fix use of DKIM private-keys having trailing '=' in the base-64. + +JH/40 Fix crash in queryprogram router when compiled with EXPERIMENTAL_SRS. + +JH/41 Bug 1792: Fix selection of headers to sign for DKIM: bottom-up. While + we're in there, support oversigning also; bug 1309. + +JH/42 Bug 1796: Fix error logged on a malware scanner connection failure. + +HS/04 Add support for keep_environment and add_environment options. + +JH/43 Tidy coding issues detected by gcc --fsanitize=undefined. Some remain; + either intentional arithmetic overflow during PRNG, or testing config- + induced overflows. + +JH/44 Bug 1800: The combination of a -bhc commandline option and cutthrough + delivery resulted in actual delivery. Cancel cutthrough before DATA + stage. + +JH/45 Fix cutthrough, when connection not opened by verify and target hard- + rejects a recipient: pass the reject to the originator. + +JH/46 Multiple issues raised by Coverity. Some were obvious or plausible bugs. + Many were false-positives and ignorable, but it's worth fixing the + former class. + +JH/47 Fix build on HP-UX and older Solaris, which need (un)setenv now also + for the new environment-manipulation done at startup. Move the routines + from being local to tls.c to being global via the os.c file. + +JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing + an extract embedded as result-arg for a map, the first arg for extract + is unavailable so we cannot tell if this is a numbered or keyed + extraction. Accept either. + + +Exim version 4.86 +----------------- + +JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now + expanded. + +JH/02 The smtp transport option "multi_domain" is now expanded. + +JH/03 The smtp transport now requests PRDR by default, if the server offers + it. + +JH/04 Certificate name checking on server certificates, when exim is a client, + is now done by default. The transport option tls_verify_cert_hostnames + can be used to disable this per-host. The build option + EXPERIMENTAL_CERTNAMES is withdrawn. + +JH/05 The value of the tls_verify_certificates smtp transport and main options + default to the word "system" to access the system default CA bundle. + For GnuTLS, only version 3.0.20 or later. + +JH/06 Verification of the server certificate for a TLS connection is now tried + (but not required) by default. The verification status is now logged by + default, for both outbound TLS and client-certificate supplying inbound + TLS connections + +JH/07 Changed the default rfc1413 lookup settings to disable calls. Few + sites use this now. + +JH/08 The EXPERIMENTAL_DSN compile option is no longer needed; all Delivery + Status Notification (bounce) messages are now MIME format per RFC 3464. + Support for RFC 3461 DSN options NOTIFY,ENVID,RET,ORCPT can be advertised + under the control of the dsn_advertise_hosts option, and routers may + have a dsn_lasthop option. + +JH/09 A timeout of 2 minutes is now applied to all malware scanner types by + default, modifiable by a malware= option. The list separator for + the options can now be changed in the usual way. Bug 68. + +JH/10 The smtp_receive_timeout main option is now expanded before use. + +JH/11 The incoming_interface log option now also enables logging of the + local interface on delivery outgoing connections. + +JH/12 The cutthrough-routing facility now supports multi-recipient mails, + if the interface and destination host and port all match. + +JH/13 Bug 344: The verify = reverse_host_lookup ACL condition now accepts a + /defer_ok option. + +JH/14 Bug 1573: The spam= ACL condition now additionally supports Rspamd. + Patch from Andrew Lewis. + +JH/15 Bug 670: The spamd_address main option (for the spam= ACL condition) + now supports optional time-restrictions, weighting, and priority + modifiers per server. Patch originally by . + +JH/16 The spamd_address main option now supports a mixed list of local + and remote servers. Remote servers can be IPv6 addresses, and + specify a port-range. + +JH/17 Bug 68: The spamd_address main option now supports an optional + timeout value per server. + +JH/18 Bug 1581: Router and transport options headers_add/remove can + now have the list separator specified. + +JH/19 Bug 392: spamd_address, and clamd av_scanner, now support retry + option values. + +JH/20 Bug 1571: Ensure that $tls_in_peerdn is set, when verification fails + under OpenSSL. + +JH/21 Support for the A6 type of dns record is withdrawn. + +JH/22 Bug 608: The result of a QUIT or not-QUIT toplevel ACL now matters + rather than the verbs used. + +JH/23 Bug 1572: Increase limit on SMTP confirmation message copy size + from 255 to 1024 chars. + +JH/24 Verification callouts now attempt to use TLS by default. + +HS/01 DNSSEC options (dnssec_require_domains, dnssec_request_domains) + are generic router options now. The defaults didn't change. + +JH/25 Bug 466: Add RFC2322 support for MIME attachment filenames. + Original patch from Alexander Shikoff, worked over by JH. + +HS/02 Bug 1575: exigrep falls back to autodetection of compressed + files if ZCAT_COMMAND is not executable. + +JH/26 Bug 1539: Add timeout/retry options on dnsdb lookups. + +JH/27 Bug 286: Support SOA lookup in dnsdb lookups. + +JH/28 Bug 1588: Do not use the A lookup following an AAAA for setting the FQDN. + Normally benign, it bites when the pair was led to by a CNAME; + modern usage is to not canonicalize the domain to a CNAME target + (and we were inconsistent anyway for A-only vs AAAA+A). + +JH/29 Bug 1632: Removed the word "rejected" from line logged for ACL discards. + +JH/30 Check the forward DNS lookup for DNSSEC, in addition to the reverse, + when evaluating $sender_host_dnssec. + +JH/31 Check the HELO verification lookup for DNSSEC, adding new + $sender_helo_dnssec variable. + +JH/32 Bug 1397: Enable ECDHE on OpenSSL, just the NIST P-256 curve. + +JH/33 Bug 1346: Note MAIL cmd seen in -bS batch, to avoid smtp_no_mail log. + +JH/34 Bug 1648: Fix a memory leak seen with "mailq" and large queues. + +JH/35 Bug 1642: Fix support of $spam_ variables at delivery time. Was + documented as working, but never had. Support all but $spam_report. + +JH/36 Bug 1659: Guard checking of input smtp commands again pseudo-command + added for tls authenticator. + +HS/03 Add perl_taintmode main config option + + +Exim version 4.85 +----------------- + +TL/01 When running the test suite, the README says that variables such as + no_msglog_check are global and can be placed anywhere in a specific + test's script, however it was observed that placement needed to be near + the beginning for it to behave that way. Changed the runtest perl + script to read through the entire script once to detect and set these + variables, reset to the beginning of the script, and then run through + the script parsing/test process like normal. + +TL/02 The BSD's have an arc4random API. One of the functions to induce + adding randomness was arc4random_stir(), but it has been removed in + OpenBSD 5.5. Detect this OpenBSD version and skip calling this + function when detected. + +JH/01 Expand the EXPERIMENTAL_TPDA feature. Several different events now + cause callback expansion. + +TL/03 Bugzilla 1518: Clarify "condition" processing in routers; that + syntax errors in an expansion can be treated as a string instead of + logging or causing an error, due to the internal use of bool_lax + instead of bool when processing it. + +JH/02 Add EXPERIMENTAL_DANE, allowing for using the DNS as trust-anchor for + server certificates when making smtp deliveries. + +JH/03 Support secondary-separator specifier for MX, SRV, TLSA lookups. + +JH/04 Add ${sort {list}{condition}{extractor}} expansion item. + +TL/04 Bugzilla 1216: Add -M (related messages) option to exigrep. + +TL/05 GitHub Issue 18: Adjust logic testing for true/false in redis lookups. + Merged patch from Sebastian Wiedenroth. + +JH/05 Fix results-pipe from transport process. Several recipients, combined + with certificate use, exposed issues where response data items split + over buffer boundaries were not parsed properly. This eventually + resulted in duplicates being sent. This issue only became common enough + to notice due to the introduction of connection certificate information, + the item size being so much larger. Found and fixed by Wolfgang Breyha. + +JH/06 Bug 1533: Fix truncation of items in headers_remove lists. A fixed + size buffer was used, resulting in syntax errors when an expansion + exceeded it. + +JH/07 Add support for directories of certificates when compiled with a GnuTLS + version 3.3.6 or later. + +JH/08 Rename the TPDA experimental facility to Event Actions. The #ifdef + is EXPERIMENTAL_EVENT, the main-configuration and transport options + both become "event_action", the variables become $event_name, $event_data + and $event_defer_errno. There is a new variable $verify_mode, usable in + routers, transports and related events. The tls:cert event is now also + raised for inbound connections, if the main configuration event_action + option is defined. + +TL/06 In test suite, disable OCSP for old versions of openssl which contained + early OCSP support, but no stapling (appears to be less than 1.0.0). + +JH/09 When compiled with OpenSSL and EXPERIMENTAL_CERTNAMES, the checks on + server certificate names available under the smtp transport option + "tls_verify_cert_hostname" now do not permit multi-component wildcard + matches. + +JH/10 Time-related extraction expansions from certificates now use the main + option "timezone" setting for output formatting, and are consistent + between OpenSSL and GnuTLS compilations. Bug 1541. + +JH/11 Fix a crash in mime ACL when meeting a zero-length, quoted or RFC2047- + encoded parameter in the incoming message. Bug 1558. + +JH/12 Bug 1527: Autogrow buffer used in reading spool files. Since they now + include certificate info, eximon was claiming there were spoolfile + syntax errors. + +JH/13 Bug 1521: Fix ldap lookup for single-attr request, multiple-attr return. + +JH/14 Log delivery-related information more consistently, using the sequence + "H= []" wherever possible. + +TL/07 Bug 1547: Omit RFCs from release. Draft and RFCs have licenses which + are problematic for Debian distribution, omit them from the release + tarball. + +JH/15 Updates and fixes to the EXPERIMENTAL_DSN feature. + +JH/16 Fix string representation of time values on 64bit time_t architectures. + Bug 1561. + +JH/17 Fix a null-indirection in certextract expansions when a nondefault + output list separator was used. Exim version 4.84 @@ -9,12 +682,12 @@ TL/01 Bugzilla 1506: Re-add a 'return NULL' to silence complaints from static return. JH/01 Bug 1513: Fix parsing of quoted parameter values in MIME headers. - This was a regression intruduced in 4.83 by another bugfix. + This was a regression introduced in 4.83 by another bugfix. JH/02 Fix broken compilation when EXPERIMENTAL_DSN is enabled. TL/02 Bug 1509: Fix exipick for enhanced spoolfile specification used when - EXPERIMENTAL_DNS is enabled. Fix from Wolfgang Breyha. + EXPERIMENTAL_DSN is enabled. Fix from Wolfgang Breyha. Exim version 4.83 @@ -340,7 +1013,7 @@ JH/14 SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). advertises the facility. If the client requests PRDR a new acl_data_smtp_prdr ACL is called once for each recipient, after the body content is received and before the acl_smtp_data ACL. - The client is controlled by bolth of: a hosts_try_prdr option + The client is controlled by both of: a hosts_try_prdr option on the smtp transport, and the server advertisement. Default client logging of deliveries and rejections involving PRDR are flagged with the string "PRDR". @@ -368,7 +1041,7 @@ PP/20 Added force_command boolean option to pipe transport. JH/15 AUTH support on callouts (and hence cutthrough-deliveries). Bugzilla 321, 823. -TF/04 Added udpsend ACL modifer and hexquote expansion operator +TF/04 Added udpsend ACL modifier and hexquote expansion operator PP/21 Fix eximon continuous updating with timestamped log-files. Broken in a format-string cleanup in 4.80, missed when I repaired the @@ -487,7 +1160,7 @@ PP/12 MAIL args handles TAB as well as SP, for better interop with Analysis and variant patch by Todd Lyons. NM/04 Bugzilla 1237 - fix cases where printf format usage not indicated - Bug report from Lars Müller (via SUSE), + Bug report from Lars Müller (via SUSE), Patch from Dirk Mueller PP/13 tls_peerdn now print-escaped for spool files. @@ -512,7 +1185,7 @@ PP/15 LDAP: Check for errors of TLS initialisation, to give correct diagnostics. Report and patch from Dmitry Banschikov. -PP/16 Removed "dont_insert_empty_fragments" fron "openssl_options". +PP/16 Removed "dont_insert_empty_fragments" from "openssl_options". Removed SSL_clear() after SSL_new() which led to protocol negotiation failures. We appear to now support TLS1.1+ with Exim. @@ -642,7 +1315,7 @@ TF/04 Improved ratelimit ACL condition. has clearer semantics. The /leaky, /strict, and /readonly update modes are mutually exclusive. The update mode is no longer included in the database key; it just determines when the database is updated. (This - means that when you upgrde Exim will forget old rate measurements.) + means that when you upgrade Exim will forget old rate measurements.) Exim now checks that the per_* options are used with an update mode that makes sense for the current ACL. For example, when Exim is processing a @@ -777,7 +1450,7 @@ PP/09 Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to Exim version 4.75 ----------------- -NM/01 Workround for PCRE version dependency in version reporting +NM/01 Workaround for PCRE version dependency in version reporting Bugzilla 1073 TF/01 Update valgrind.h and memcheck.h to copies from valgrind-3.6.0. @@ -847,7 +1520,7 @@ NM/05 Fix to spam.c to accommodate older gcc versions which dislike variable declaration deep within a block. Bug and patch from Dennis Davis. -PP/15 lookups-Makefile IRIX compatibilty coercion. +PP/15 lookups-Makefile IRIX compatibility coercion. PP/16 Make DISABLE_DKIM build knob functional. @@ -1272,7 +1945,7 @@ PH/02 When an IPv6 address is converted to a string for single-key lookup colons if the lookup type is iplsearch. This is not incompatible, because previously such lookups could never work. - The situation is now rather anomolous, since one *can* have colons in + The situation is now rather anomalous, since one *can* have colons in ordinary lsearch keys. However, making the change in all cases is incompatible and would probably break a number of configurations. @@ -1442,7 +2115,7 @@ PH/19 Change 4.64/PH/36 introduced a bug: when address_retry_include_sender PH/20 Added hosts_avoid_pipelining to the smtp transport. PH/21 Long custom messages for fakedefer and fakereject are now split up - into multiline reponses in the same way that messages for "deny" and + into multiline responses in the same way that messages for "deny" and other ACL rejections are. PH/22 Applied Jori Hamalainen's speed-up changes and typo fixes to exigrep, @@ -1849,7 +2522,7 @@ PH/36 After a 4xx response to a RCPT error, that address was delayed (in queue runs only) independently of the message's sender address. This meant that, if the 4xx error was in fact related to the sender, a different message to the same recipient with a different sender could confuse - things. In particualar, this can happen when sending to a greylisting + things. In particular, this can happen when sending to a greylisting server, but other circumstances could also provoke similar problems. I have changed the default so that the retry time for these errors is now based a combination of the sender and recipient addresses. This change @@ -1918,7 +2591,7 @@ SC/08 Eximstats V1.50 JJ/03 exipick.20061117.2, made header handling as similar to exim as possible (added [br]h_ prefixes, implemented RFC2047 decoding. Fixed - whitesspace changes from 4.64-PH/27 + whitespace changes from 4.64-PH/27 JJ/04 exipick.20061117.2, fixed format and added $message_headers_raw to match 4.64-PH/13 @@ -2240,7 +2913,7 @@ PH/14 When a uid/gid is specified for the queryprogram router, it cannot be (a) Failures to set uid/gid, the current directory, or a process leader in a subprocess such as that created by queryprogram now generate - suitable debugging ouput when -d is set. + suitable debugging output when -d is set. (b) The queryprogram router detects when it is not running as root, outputs suitable debugging information if -d is set, and then runs @@ -2600,7 +3273,7 @@ PH/09 Applied a patch from the Sieve maintainer which: and most important: o fixes a bug in processing the envelope test (when testing - multiple envelope elements, the last element determinted the + multiple envelope elements, the last element determined the result) PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to @@ -2609,7 +3282,7 @@ PH/10 Exim was violating RFC 3834 ("Recommendations for Automatic Responses to Auto-submitted: auto-generated in the messages that it generates (bounce messages and others, such as - warnings). In the case of bounce messages for non-SMTP mesages, there was + warnings). In the case of bounce messages for non-SMTP messages, there was also a typo: it was using "Auto_submitted" (underscore instead of hyphen). Since every message generated by Exim is necessarily in response to another message, thes have all been changed to: @@ -2974,7 +3647,7 @@ TK/03 Merged latest SRS patch from Miles Wilton. PH/05 There's a shambles in IRIX6 - it defines EX_OK in unistd.h which conflicts with the definition in sysexits.h (which is #included earlier). Fortunately, Exim does not actually use EX_OK. The code used to try to - preserve the sysexits.h value, by assumimg that macro definitions were + preserve the sysexits.h value, by assuming that macro definitions were scanned for macro replacements. I have been disabused of this notion, so now the code just undefines EX_OK before #including unistd.h. @@ -2994,7 +3667,7 @@ PH/07 Added "fullpostmaster" verify option, which does a check to SC/01 Eximstats: added -xls and the ability to specify output files (patch written by Frank Heydlauf). -SC/02 Eximstats: use FileHandles for outputing results. +SC/02 Eximstats: use FileHandles for outputting results. SC/03 Eximstats: allow any combination of xls, txt, and html output. @@ -5019,7 +5692,7 @@ Exim version 4.31 58. When a "warn" ACL statement has a log_message modifier, the message is remembered, and not repeated. This is to avoid a lot of repetition when a message has many recipients that cause the same warning to be written. - Howewer, Exim was preserving the list of already written lines for an + However, Exim was preserving the list of already written lines for an entire SMTP session, which doesn't seem right. The memory is now reset if a new message is started. @@ -5109,7 +5782,7 @@ Exim version 4.31 the list was checked. (An example that provoked this was putting <; in the middle of a list instead of at the start.) If this happened during a DATA ACL check, a -D file could be left lying around. This kind of configuration - error no longer causes Exim to die; instead it causes a defer errror. The + error no longer causes Exim to die; instead it causes a defer error. The incident is still logged to the main and panic logs. 74. Buglet left over from Exim 3 conversion. The message "too many messages @@ -5173,7 +5846,7 @@ Exim version 4.30 systems (e.g. Solaris), it also passes back the IP address string as the "host name". However, on others (e.g. Linux), it passes back an empty string. Exim wasn't checking for this, and was changing the host name to an - empty string, assuming it had been canonicized. + empty string, assuming it had been canonicalized. 5. Although rare, it is permitted to have more than one PTR record for a given IP address. I thought that gethostbyaddr() or getipnodebyaddr() always gave @@ -5225,7 +5898,7 @@ Exim version 4.30 13. The install script calls Exim with "-C /dev/null" in order to find the version number. If ALT_CONFIG_PREFIX was set, this caused an error message - to be output. Howeve, since Exim outputs its version number before the + to be output. However, since Exim outputs its version number before the error, it didn't break the script. It just looked ugly. I fixed this by always allowing "-C /dev/null" if the caller is root. @@ -5306,7 +5979,7 @@ Exim version 4.30 34. Testing for a connection timeout using "timeout_connect" in the retry rules did not work. The code looks as if it has *never* worked, though it appears - to have been documented since at least releast 1.62. I have made it work. + to have been documented since at least release 1.62. I have made it work. 35. The "timeout_DNS" error in retry rules, also documented since at least 1.62, also never worked. As it isn't clear exactly what this means, and @@ -5751,7 +6424,7 @@ Exim version 4.21 16. Check for letters, digits, hyphens, and dots in the names of dnslist domains, and warn by logging if others are found. -17. At least on BSD, alignment is not guarenteed for the array of ifreq's +17. At least on BSD, alignment is not guaranteed for the array of ifreq's returned from GIFCONF when Exim is trying to find the list of interfaces on a host. The code in os.c has been modified to copy each ifreq to an aligned structure in all cases. @@ -5785,7 +6458,7 @@ Exim version 4.21 24. Ignore Sendmail's -Ooption=value command line item. 25. When execve() failed while trying to run a command in a pipe transport, - Exim was returning EX_UNAVAILBLE (69) from the subprocess. However, this + Exim was returning EX_UNAVAILABLE (69) from the subprocess. However, this could be confused with a return value of 69 from the command itself. This has been changed to 127, the value the shell returns if it is asked to run a non-existent command. The wording for the related log line suggests a @@ -5898,7 +6571,7 @@ Exim version 4.21 47. Change 50 for 4.20 was a heap of junk. I don't know what I was thinking when I implemented it. It didn't allow for the fact that some option values - may legitimatetly be negative (e.g. size_addition), and it didn't even do + may legitimately be negative (e.g. size_addition), and it didn't even do the right test for positive values. 48. Domain names in DNS records are case-independent. Exim always looks them up diff --git a/doc/DANE-draft-notes b/doc/DANE-draft-notes new file mode 100644 index 0000000..21b3992 --- /dev/null +++ b/doc/DANE-draft-notes @@ -0,0 +1,11 @@ + +draft 11 + +3.1.2 - Para 4 (records with Sel Full(0) are discouraged) +==> There's a matching type Full but not such a Selector type. + Should this be "Cert(0), or Matching Type Full(0)" ? + Suspect the latter. + +3.1.2 Needs a para added regarding certificate date verification, + to contrast with the requirement to NOT check for + DANE-EE defined in 3.1.1 diff --git a/doc/Exim3.upgrade b/doc/Exim3.upgrade index 5c5024a..4ab94c4 100644 --- a/doc/Exim3.upgrade +++ b/doc/Exim3.upgrade @@ -115,7 +115,7 @@ always been set up specifically, as described in the manual. 5. The way in which Exim scans its queue when split_spool_directory is set has changed, but this shouldn't make any noticeable difference. See doc/NewStuff -for defails. +for details. Upgrading from release 3.03 diff --git a/doc/Exim4.upgrade b/doc/Exim4.upgrade index a97d41f..528d94d 100644 --- a/doc/Exim4.upgrade +++ b/doc/Exim4.upgrade @@ -802,7 +802,7 @@ The smtp transport . The authenticate_hosts option has been renamed as hosts_try_auth. A new option called hosts_require_auth has been added; if authentication fails for one of these hosts, Exim does _not_ try to send unauthenticated. It defers - instead. The deferal error is detectable in the retry rules, so this can be + instead. The deferral error is detectable in the retry rules, so this can be turned into a hard failure if required. @@ -1206,7 +1206,7 @@ and the bounce. The logging options that have been abolished are: log_all_parents, log_arguments, log_incoming_port, log_interface, log_ip_options, -log_level, log_queue_run_level, log_received_sender, log_received_rceipients, +log_level, log_queue_run_level, log_received_sender, log_received_recipients, log_rewrites, log_sender_on_delivery, log_smtp_confirmation, log_smtp_connections, log_smtp_syntax_errors, log_subject, tls_log_cipher, tls_log_peerdn. @@ -1323,7 +1323,7 @@ String Expansion . There's a new expansion feature for running commands: - ${run{comand args}{yes}{no}} + ${run{command args}{yes}{no}} Like all the other conditional items, the {yes} and {no} strings are optional. Omitting both is equivalent to {$value}. The standard output of the diff --git a/doc/NewStuff b/doc/NewStuff index 1b7ad35..9d9c817 100644 --- a/doc/NewStuff +++ b/doc/NewStuff @@ -3,9 +3,169 @@ New Features in Exim This file contains descriptions of new features that have been added to Exim. Before a formal release, there may be quite a lot of detail so that people can -test from the snapshots or the CVS before the documentation is updated. Once +test from the snapshots or the Git before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.89 +------------ + + 1. Allow relative config file names for ".include" + + 2. A main-section config option "debug_store" to control the checks on + variable locations during store-reset. Normally false but can be enabled + when a memory corrution issue is suspected on a production system. + + +Version 4.88 +------------ + + 1. The new perl_taintmode option allows to run the embedded perl + interpreter in taint mode. + + 2. New log_selector: dnssec, adds a "DS" tag to acceptance and delivery lines. + + 3. Speculative debugging, via a "kill" option to the "control=debug" ACL + modifier. + + 4. New expansion item ${sha3:} / ${sha3_:}. + N can be 224, 256 (default), 384, 512. + With GnuTLS 3.5.0 or later, only. + + 5. Facility for named queues: A command-line argument can specify + the queue name for a queue operation, and an ACL modifier can set + the queue to be used for a message. A $queue_name variable gives + visibility. + + 6. New expansion operators base32/base32d. + + 7. The CHUNKING ESMTP extension from RFC 3030. May give some slight + performance increase and network load decrease. Main config option + chunking_advertise_hosts, and smtp transport option hosts_try_chunking + for control. + + 8. LMDB lookup support, as Experimental. Patch supplied by Andrew Colin Kissa. + + 9. Expansion operator escape8bit, like escape but not touching newline etc.. + +10. Feature macros, generated from compile options. All start with "_HAVE_" + and go on with some roughly recognisable name. Driver macros, for + router, transport and authentication drivers; names starting with "_DRIVER_". + Option macros, for each configuration-file option; all start with "_OPT_". + Use the "-bP macros" command-line option to see what is present. + +11. Integer values for options can take a "G" multiplier. + +12. defer=pass option for the ACL control cutthrough_delivery, to reflect 4xx + returns from the target back to the initiator, rather than spooling the + message. + +13. New built-in constants available for tls_dhparam and default changed. + +14. If built with EXPERIMENTAL_QUEUEFILE, a queuefile transport, for writing + out copies of the message spool files for use by 3rd-party scanners. + +15. A new option on the smtp transport, hosts_try_fastopen. If the system + supports it (on Linux it must be enabled in the kernel by the sysadmin) + try to use RFC 7413 "TCP Fast Open". No data is sent on the SYN segment + but it permits a peer that also supports the facility to send its SMTP + banner immediately after the SYN,ACK segment rather then waiting for + another ACK - so saving up to one roundtrip time. Because it requires + previous communication with the peer (we save a cookie from it) this + will only become active on frequently-contacted destinations. + +16. A new syslog_pid option to suppress PID duplication in syslog lines. + + +Version 4.87 +------------ + + 1. The ACL conditions regex and mime_regex now capture substrings + into numeric variables $regex1 to 9, like the "match" expansion condition. + + 2. New $callout_address variable records the address used for a spam=, + malware= or verify= callout. + + 3. Transports now take a "max_parallel" option, to limit concurrency. + + 4. Expansion operators ${ipv6norm:} and ${ipv6denorm:}. + The latter expands to a 8-element colon-sep set of hex digits including + leading zeroes. A trailing ipv4-style dotted-decimal set is converted + to hex. Pure ipv4 addresses are converted to IPv4-mapped IPv6. + The former operator strips leading zeroes and collapses the longest + set of 0-groups to a double-colon. + + 5. New "-bP config" support, to dump the effective configuration. + + 6. New $dkim_key_length variable. + + 7. New base64d and base64 expansion items (the existing str2b64 being a + synonym of the latter). Add support in base64 for certificates. + + 8. New main configuration option "bounce_return_linesize_limit" to + avoid oversize bodies in bounces. The default value matches RFC + limits. + + 9. New $initial_cwd expansion variable. + + +Version 4.86 +------------ + + 1. Support for using the system standard CA bundle. + + 2. New expansion items $config_file, $config_dir, containing the file + and directory name of the main configuration file. Also $exim_version. + + 3. New "malware=" support for Avast. + + 4. New "spam=" variant option for Rspamd. + + 5. Assorted options on malware= and spam= scanners. + + 6. A command-line option to write a comment into the logfile. + + 7. If built with EXPERIMENTAL_SOCKS feature enabled, the smtp transport can + be configured to make connections via socks5 proxies. + + 8. If built with EXPERIMENTAL_INTERNATIONAL, support is included for + the transmission of UTF-8 envelope addresses. + + 9. If built with EXPERIMENTAL_INTERNATIONAL, an expansion item for a commonly + used encoding of Maildir folder names. + +10. A logging option for slow DNS lookups. + +11. New ${env {}} expansion. + +12. A non-SMTP authenticator using information from TLS client certificates. + +13. Main option "tls_eccurve" for selecting an Elliptic Curve for TLS. + Patch originally by Wolfgang Breyha. + +14. Main option "dns_trust_aa" for trusting your local nameserver at the + same level as DNSSEC. + + +Version 4.85 +------------ + + 1. If built with EXPERIMENTAL_DANE feature enabled, Exim will follow the + DANE SMTP draft to assess a secure chain of trust of the certificate + used to establish the TLS connection based on a TLSA record in the + domain of the sender. + + 2. The EXPERIMENTAL_TPDA feature has been renamed to EXPERIMENTAL_EVENT + and several new events have been created. The reason is because it has + been expanded beyond just firing events during the transport phase. Any + existing TPDA transport options will have to be rewritten to use a new + $event_name expansion variable in a condition. Refer to the + experimental-spec.txt for details and examples. + + 3. The EXPERIMENTAL_CERTNAMES features is an enhancement to verify that + server certs used for TLS match the result of the MX lookup. It does + not use the same mechanism as DANE. + + Version 4.84 ------------ @@ -28,7 +188,7 @@ Version 4.83 4. New malware type "sock". Talks over a Unix or TCP socket, sending one command line and matching a regex against the return data for trigger - and a second regex to extract malware_name. The mail spoofile name can + and a second regex to extract malware_name. The mail spoolfile name can be included in the command line. 5. The smtp transport now supports options "tls_verify_hosts" and @@ -57,7 +217,7 @@ Version 4.83 12. OCSP stapling is now supported by default. 13. If built with the EXPERIMENTAL_DSN feature enabled, Exim will output - Delivery Status Notification messages in MIME format, and negociate + Delivery Status Notification messages in MIME format, and negotiate DSN features per RFC 3461. @@ -112,20 +272,20 @@ Version 4.82 ignored. 7. New cutthrough routing feature. Requested by a "control = cutthrough_delivery" - ACL modifier; works for single-recipient mails which are recieved on and + ACL modifier; works for single-recipient mails which are received on and deliverable via SMTP. Using the connection made for a recipient verify, if requested before the verify, or a new one made for the purpose while the inbound connection is still active. The bulk of the mail item is copied direct from the inbound socket to the outbound (as well as the spool file). When the source notifies the end of data, the data acceptance by the destination - is negociated before the acceptance is sent to the source. If the destination + is negotiated before the acceptance is sent to the source. If the destination does not accept the mail item, for example due to content-scanning, the item is not accepted from the source and therefore there is no need to generate a bounce mail. This is of benefit when providing a secondary-MX service. The downside is that delays are under the control of the ultimate destination system not your own. - The Recieved-by: header on items delivered by cutthrough is generated + The Received-by: header on items delivered by cutthrough is generated early in reception rather than at the end; this will affect any timestamp included. The log line showing delivery is recorded before that showing reception; it uses a new ">>" tag instead of "=>". @@ -179,14 +339,14 @@ Version 4.82 "aaaa" and "a" lookups is done and the full set of results returned. 14. New expansion variable $headers_added with content from ACL add_header - modifier (but not yet added to messsage). + modifier (but not yet added to message). 15. New 8bitmime status logging option for received messages. Log field "M8S". 16. New authenticated_sender logging option, adding to log field "A". 17. New expansion variables $router_name and $transport_name. Useful - particularly for debug_print as -bt commandline option does not + particularly for debug_print as -bt command-line option does not require privilege whereas -d does. 18. If built with EXPERIMENTAL_PRDR, per-recipient data responses per a @@ -210,7 +370,7 @@ Version 4.82 provided to the authentication method which failed. It is available for use in subsequent ACL processing (typically quit or notquit ACLs). -23. New ACL modifer "udpsend" can construct a UDP packet to send to a given +23. New ACL modifier "udpsend" can construct a UDP packet to send to a given UDP host and port. 24. New ${hexquote:..string..} expansion operator converts non-printable diff --git a/doc/OptionLists.txt b/doc/OptionLists.txt index ef61956..696b5f3 100644 --- a/doc/OptionLists.txt +++ b/doc/OptionLists.txt @@ -54,7 +54,7 @@ acl_not_smtp_mime string* unset main acl_smtp_auth string* unset main 4.00 acl_smtp_connect string* unset main 4.11 acl_smtp_data string* unset main 4.00 -acl_smtp_data_prdr string* unset main 4.82 with expreimental_prdr +acl_smtp_data_prdr string* unset main 4.82 with experimental_prdr acl_smtp_dkim string* unset main 4.70 unless disable_dkim acl_smtp_etrn string* unset main 4.00 acl_smtp_expn string* unset main 4.00 @@ -152,6 +152,7 @@ data_timeout time 5m smtp debug_print string* unset authenticators 4.00 unset routers 4.00 unset transports 2.00 +debug_store boolean false main 4.90 delay_after_cutoff boolean true smtp delay_warning time list 24h main delay_warning_condition string* + main 1.73 @@ -181,6 +182,7 @@ dns_check_names_pattern string + main dns_csa_search_limit integer 5 main 4.60 dns_csa_use_reverse boolean true main 4.60 dns_dnssec_ok integer -1 main 4.82 +dns_dane_ok integer -1 main 4.83 dns_ipv4_lookup boolean false main 3.20 dns_qualify_single boolean true smtp dns_retrans time 0s main 1.60 @@ -299,6 +301,7 @@ hosts_require_ocsp host list unset smtp hosts_require_tls host list unset smtp 3.20 hosts_treat_as_local domain list unset main 1.95 hosts_try_auth host list unset smtp 4.00 +hosts_try_fastopen host list unset smtp 4.88 hosts_try_prdr host list unset smtp 4.82 if experimental_prdr ibase_servers string unset main 4.23 ignore_bounce_errors_after time 0s main 4.00 @@ -868,7 +871,7 @@ EXIM_MONITOR optional set to eximon.bin to compile EXIM_PERL optional EXIM_USER mandatory user to use for Exim EXIWHAT_EGREP_ARG system** to find Exim processes from ps -EXIWHAT_KILL_SIGNAL system** -SIGUSER1 or numerical equivalent +EXIWHAT_KILL_SIGNAL system** -SIGUSR1 or numerical equivalent EXIWHAT_MULTIKILL_CMD system** EXIWHAT_MULTIKILL_ARG system** EXIWHAT_PS_ARG system** to list all processes @@ -967,7 +970,7 @@ TCP_WRAPPERS_DAEMON_NAME system* daemon name used by tcpwrappers librar TIMEZONE_DEFAULT optional default for timezone option TLS_INCLUDE optional path to include files for TLS TLS_LIBS optional additional libraries for TLS -TMPDIR system value for TMPDIR environment variable +EXIM_TMPDIR system value for TMPDIR environment variable TRANSPORT_APPENDFILE driver include appendfile transport TRANSPORT_AUTOREPLY driver include autoreply transport TRANSPORT_LMTP driver include lmtp transport diff --git a/doc/README.SIEVE b/doc/README.SIEVE index 9b22745..d36998f 100644 --- a/doc/README.SIEVE +++ b/doc/README.SIEVE @@ -274,7 +274,7 @@ The draft does not specify how strings using MIME entities are used to compose messages. As a result, different implementations generate different mails. The Exim Sieve implementation splits the reason into header and body. It adds the header to the mail header and uses the body -as mail body. Be aware, that other imlementations compose a multipart +as mail body. Be aware, that other implementations compose a multipart structure with the reason as only part. Both conform to the specification (or lack thereof). diff --git a/doc/cve-2016-9663 b/doc/cve-2016-9663 new file mode 100644 index 0000000..ffff3db --- /dev/null +++ b/doc/cve-2016-9663 @@ -0,0 +1,95 @@ +CVE ID: CVE-2016-9963 +Date: 2016-12-15 +Credits: Bjoern Jacke +Version(s): 4.69 -> 4.87 +Issue: If several conditions are met, Exim leaks private information + to a remote attacker. + +Conditions +========== + +If *all* of the following conditions are met + + Build options + ------------- + + * Exim is built with DKIM enabled (default for newer versions) + exim -bV | grep 'Support.*DKIM' + + Runtime options + --------------- + + * Exim uses DKIM signing (transport options dkim_private_key, + dkim_domain, and other) + + * The dkim_private_key option names a file containing the key. + + exim -bP transports | grep 'dkim_private_key = .' + + * Exim uses PRDR (transport option hosts_try_prdr) (default + since 4.86) + + exim -bP transports | grep 'hosts_try_prdr = .' + + *OR* + + Exim uses the LMTP protocol variant for SMTP transport. + + exim -bP transports | grep 'protocol = lmtp' + + Operation + --------- + + * Exim transports a multi-recipient message + + * The destination host supports PRDR + OR + the message transport uses LMTP + + * One or more recipients are rejected after the DATA phase + +Impact +====== + +Exim leaks the private DKIM signing key to the log files. Additionally, +if the build option EXPERIMENTAL_DSN_INFO=yes is used, the key material +is included in the bounce message. + +Fix +=== + +Install a fixed Exim version: + + 4.88 + 4.87.1 + +If you can't install one of the above versions, ask your package +maintainer for a version containing the backported fix. On request and +depending on our resources we will support you in backporting the fix. +(Please note, that Exim project officially doesn't support versions +prior the current stable version.) + +If you think that you MIGHT be affected, we HIGHLY recommend to create +a new set of DKIM keys and fade out the previous DKIM key soon to make +sure that a possibly leaked DKIM key can not be misused in the future. + + +Workaround +========== + +Disable PRDR in your outgoing transport(s): set hosts_try_prdr to an +empty string. + +AND do not use the LMTP protocol variant of the SMTP driver. + +Indication +========== + +You can check if you where affected already. The mainlog entries look like this: + +2016-12-17 09:44:33 10HmaX-0005vi-00 ** baduser@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]: PRDR error after -----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd\n+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+Y\ndhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB\nAoGAZPokJKQQmRK6a0zn5f8lWemy0airG66KhzDF0Pafb/nWKgDCB02gpJgdw5rJ\nbO7/HI3IeqsfRdYTP7tjfmZtPiPo1mnF7D1rSRspZjOF2yXY/ky7t7c5xChRcSxf\n+69CknwjrfteY9Aj0j6o7N+2w2uvHO+AAq8BHDgXKmPo0SECQQDzQ/glyhNH9tlO\nx+3TTMwwyZUf2mYYosN3Q9NIl3Umz/3+13K5b6Ed6fZvS/XwU55Qf5IBUVj2Fujk\nRv2lbGPpAkEA4okpnzYz5nm1X5WjpJPQPyo8nGEU1A5QfoDbkAvWYvVoYrpWPOx5\nHFpOAHkvSk1Y1vhCUa+zHwiQRBC8OMp6LwJBAOAUK/AjQ792UpWO9DM++pe2F/dP\nZdwrkYG6qFSlrvQhgwXLz5GgkfjMGoRKpDDL1XixCfzMwfVtBPnBqsNGJIECQGYX\nSIGu7L7edMXJ60C9OKluwHf9LGTQuqf4LHsDSq+4Rz3PGhREwePsMqD1/EDxEKt4\noHKtyvyeYF28aQbzARMCQQCRtJlR6vlKhxYL8+xoPrCu3MijKgVruRUcNstXkDZK\nfKQax6vhiMq+0qIiEwLA1wavyLVKZ7Mfag+/4NTcDUVC\n-----END RSA PRIVATE KEY-----\n: 550 PRDR R= refusal + +Even if there is no evidence in the existing log files, that a DKIM key +leakage happened this might have happened in the past, log files might +have been deleted already but a key leak could have ended up via mail +bounce in a user mail box diff --git a/doc/dbm.discuss.txt b/doc/dbm.discuss.txt index e82987b..4de5773 100644 --- a/doc/dbm.discuss.txt +++ b/doc/dbm.discuss.txt @@ -157,7 +157,7 @@ This dbm library can be called by Exim in one of two ways: via the ndbm compatibility interface, or via its own native interface. There are two advantages to doing the latter: (1) you don't run the risk of Exim's seeing the "wrong" version of the ndbm.h header, as described above, and (2) the -performace is better. It is therefore recommended that you set USE_DB=yes in an +performance is better. It is therefore recommended that you set USE_DB=yes in an appropriate Local/Makefile-xxx file. (If you are compiling for just one OS, it can go in Local/Makefile itself.) diff --git a/doc/exim.8 b/doc/exim.8 index 0fccbc7..11f8e6b 100644 --- a/doc/exim.8 +++ b/doc/exim.8 @@ -163,7 +163,7 @@ continuations. As in Exim's run time configuration, white space at the start of continuation lines is ignored. Each argument or data line is passed through the string expansion mechanism, and the result is output. Variable values from the configuration file (for example, \fI$qualify_domain\fP) are available, but no -message\-specific values (such as \fI$sender_domain\fP) are set, because no message +message\-specific values (such as \fI$message_exim_id\fP) are set, because no message is being processed (but see \fB\-bem\fP and \fB\-Mset\fP). .sp \fBNote\fP: If you use this mechanism to test lookups, and you change the data @@ -370,7 +370,8 @@ preference to the address taken from the message. The caller of Exim must be a trusted user for the sender of a message to be set in this way. .TP 10 \fB\-bmalware\fP <\fIfilename\fP> -This debugging option causes Exim to scan the given file, +This debugging option causes Exim to scan the given file or directory +(depending on the used scanner interface), using the malware scanning framework. The option of \fBav_scanner\fP influences this option, so if \fBav_scanner\fP's value is dependent upon an expansion then the expansion should have defaults which apply to this invocation. ACLs are @@ -419,8 +420,12 @@ users, the output is as in this example: .sp mysql_servers = .sp -If \fBconfigure_file\fP is given as an argument, the name of the run time -configuration file is output. +If \fBconfig\fP is given as an argument, the config is +output, as it was parsed, any include file resolved, any comment removed. +.sp +If \fBconfig_file\fP is given as an argument, the name of the run time +configuration file is output. (\fBconfigure_file\fP works too, for +backward compatibility.) If a list of configuration files was supplied, the value that is output here is the name of the file that was actually used. .sp @@ -453,6 +458,10 @@ using one of the words \fBrouter_list\fP, \fBtransport_list\fP, or settings can be obtained by using \fBrouters\fP, \fBtransports\fP, or \fBauthenticators\fP. .sp +If \fBenvironment\fP is given as an argument, the set of environment +variables is output, line by line. Using the \fB\-n\fP flag suppresses the value of the +variables. +.sp If invoked by an admin user, then \fBmacro\fP, \fBmacro_list\fP and \fBmacros\fP are available, similarly to the drivers. Because macros are sometimes used for storing passwords, this option is restricted. @@ -790,6 +799,7 @@ example: exim '\-D ABC = something' ... .sp \fB\-D\fP may be repeated up to 10 times on a command line. +Only macro names up to 22 letters long can be set. .TP 10 \fB\-d\fP<\fIdebug options\fP> This option causes debugging information to be written to the standard @@ -1003,6 +1013,16 @@ This option is not intended for use by external callers. It is used internally by Exim in conjunction with the \fB\-MC\fP option. It signifies that the connection to the remote host has been authenticated. .TP 10 +\fB\-MCD\fP +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the \fB\-MC\fP option. It signifies that the +remote host supports the ESMTP DSN extension. +.TP 10 +\fB\-MCG\fP +This option is not intended for use by external callers. It is used internally +by Exim in conjunction with the \fB\-MC\fP option. It signifies that an +alternate queue is used, named by the following option. +.TP 10 \fB\-MCP\fP This option is not intended for use by external callers. It is used internally by Exim in conjunction with the \fB\-MC\fP option. It signifies that the server to @@ -1141,7 +1161,8 @@ for that message. \fB\-n\fP This option is interpreted by Sendmail to mean "no aliasing". For normal modes of operation, it is ignored by Exim. -When combined with \fB\-bP\fP it suppresses the name of an option from being output. +When combined with \fB\-bP\fP it makes the output more terse (suppresses +option names, environment values and config pretty printing). .TP 10 \fB\-O\fP <\fIdata\fP> This option is interpreted by Sendmail to mean set option. It is ignored by @@ -1404,7 +1425,8 @@ configuration option called \fBprod_requires_admin\fP which can be set false to relax this restriction (and also the same requirement for the \fB\-M\fP, \fB\-R\fP, and \fB\-S\fP options). .sp -The \fB\-q\fP option starts one queue runner process. This scans the queue of +If other commandline options do not specify an action, +the \fB\-q\fP option starts one queue runner process. This scans the queue of waiting messages, and runs a delivery process for each one in turn. It waits for each delivery process to finish before starting the next one. A delivery process may not actually do any deliveries if the retry times for the addresses @@ -1469,6 +1491,21 @@ The \fIl\fP (the letter "ell") flag specifies that only local deliveries are to be done. If a message requires any remote deliveries, it remains on the queue for later delivery. .TP 10 +\fB\-q[q][i][f[f]][l][G[/