| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The main change is the incorporation of the content scanning from
the exiscan patch. (There are over 650 lines of Changes)
Retire exim-exiscan
Update exim-html from 4.40 to 4.50
|
|
- The exim user does not need a fixed uid defined at build time
Noted by Masao Uebayashi some long time ago
|
|
|
|
BDB_DEFAULT points to.
|
|
PR pkg/28606. bump PKGREVISION.
while here, silence the pre-configure and post-build targets.
|
|
Changes in Exim version 4.44
1. Change 4.43/35 introduced a bug that caused file counts to be
incorrectly computed when quota_filecount was set in an appendfile
transport
2. Closing a stable door: arrange to panic-die if setitimer() ever fails. The
bug fixed in 4.43/37 would have been diagnosed quickly if this had been in
place.
3. Give more explanation in the error message when the command for a transport
filter fails to execute.
4. There are several places where Exim runs a non-Exim command in a
subprocess. The SIGUSR1 signal should be disabled for these processes. This
was being done only for the command run by the queryprogram router. It is
now done for all such subprocesses. The other cases are: ${run, transport
filters, and the commands run by the lmtp and pipe transports.
5. Some older OS have a limit of 256 on the maximum number of file
descriptors. Exim was using setrlimit() to set 1000 as a large value
unlikely to be exceeded. Change 4.43/17 caused a lot of logging on these
systems. I've change it so that if it can't get 1000, it tries for 256.
6. "control=submission" was allowed, but had no effect, in a DATA ACL. This
was an oversight, and furthermore, ever since the addition of extra
controls (e.g. 4.43/32), the checks on when to allow different forms of
"control" were broken. There should now be diagnostics for all cases when a
control that does not make sense is encountered.
7. $recipients is now available in the predata ACL (oversight).
8. Tidy the search cache before the fork to do a delivery from a message
received from the command line. Otherwise the child will trigger a lookup
failure and thereby defer the delivery if it tries to use (for example) a
cached ldap connection that the parent has called unbind on.
9. If verify=recipient was followed by verify=sender in a RCPT ACL, the value
of $address_data from the recipient verification was clobbered by the
sender verification.
10. If FIXED_NEVER_USERS was defined, but empty, Exim was assuming the uid 0
was its contents. (It was OK if the option was not defined at all.)
11. A "Completed" log line is now written for messages that are removed from
the spool by the -Mrm option.
12. $host_address is now set to the target address during the checking of
ignore_target_hosts.
13. When checking ignore_target_hosts for an ipliteral router, no host name was
being passed; this would have caused $sender_host_name to have been used if
matching the list had actually called for a host name (not very likely,
since this list is usually IP addresses). A host name is now passed as
"[x.x.x.x]".
14. Changed the calls that set up the SIGCHLD handler in the daemon to use the
code that specifies a non-restarting handler (typically sigaction() in
modern systems) in an attempt to fix a rare and obscure crash bug.
15. Narrowed the window for a race in the daemon that could cause it to ignore
SIGCHLD signals. This is not a major problem, because they are used only to
wake it up if nothing else does.
16. A malformed maildirsize file could cause Exim to calculate negative values
for the mailbox size or file count. Odd effects could occur as a result.
The maildirsize information is now recalculated if the size or filecount
end up negative.
17. Added HAVE_SYS_STATVFS_H to the os.h file for Linux, as it has had this
support for a long time. Removed HAVE_SYS_VFS_H.
18. Updated exipick to current release from John Jetmore.
19. Allow an empty sender to be matched against a lookup in an address list.
Previously the only cases considered were a regular expression, or an
empty pattern.
20. Exim went into a mad DNS lookup loop when doing a callout where the
host was specified on the transport, if the DNS lookup yielded more than
one IP address.
21. The RFC2047 encoding function was originally intended for short strings
such as real names; it was not keeping to the 75-character limit for
encoded words that the RFC imposes. It now respects the limit, and
generates multiple encoded words if necessary. To be on the safe side, I
have increased the buffer size for the ${rfc2047: expansion operator from
1024 to 2048 bytes.
22. Failure to deliver a bounce message always caused it to be frozen, even if
there was an errors_to setting on the router. The errors_to setting is now
respected.
23. If an IPv6 address is given for -bh or -bhc, it is now converted to the
canonical form (fully expanded) before being placed in
$sender_host_address.
24. Updated eximstats to version 1.33
25. Include certificate and key file names in error message when GnuTLS fails
to set them up, because the GnuTLS error message doesn't include the name
of the failing file when there is a problem reading it.
26. Expand error message when OpenSSL has problems setting up cert/key files.
As per change 25.
27. Reset the locale to "C" after calling embedded Perl, in case it was changed
(this can affect the format of dates).
28. exim_tidydb, when checking for the continued existence of a message for
which it has found a message-specific retry record, was not finding
messages that were in split spool directories. Consequently, it was
deleting retry records that should have stayed in existence.
29. eximstats updated to version 1.35
1.34 - allow eximstats to parse syslog lines as well as mainlog lines
1.35 - bugfix such that pie charts by volume are generated correctly
30. The SPA authentication driver was not abandoning authentication and moving
on to the next authenticator when an expansion was forced to fail,
contradicting the general specification for all authenticators. Instead it
was generating a temporary error. It now behaves as specified.
31. The default ordering of permitted cipher suites for GnuTLS was pessimal
(the order specifies the preference for clients). The order is now AES256,
AES128, 3DES, ARCFOUR128.
31. Small patch to Sieve code - explicitly set From: when generating an
autoreply.
32. Exim crashed if a remote delivery caused a very long error message to be
recorded - for instance if somebody sent an entire SpamAssassin report back
as a large number of 550 error lines. This bug was coincidentally fixed by
increasing the size of one of Exim's internal buffers (big_buffer) that
happened as part of the Exiscan merge. However, to be on the safe side, I
have made the code more robust (and fixed the comments that describe what
is going on).
33. Some experimental protocols are using DNS PTR records for new purposes. The
keys for these records are domain names, not reversed IP addresses. The
dnsdb PTR lookup now tests whether its key is an IP address. If not, it
leaves it alone. Component reversal etc. now happens only for IP addresses.
CAN-2005-0021
34. The host_aton() function is supposed to be passed a string that is known
to be a valid IP address. However, in the case of IPv6 addresses, it was
not checking this. This is a hostage to fortune. Exim now panics and dies
if the condition is not met. A case was found where this could be provoked
from a dnsdb PTR lookup with an IPv6 address that had more than 8
components; fortuitously, this particular loophole had already been fixed
by change 4.50/55 or 4.44/33 above.
If there are any other similar loopholes, the new check in host_aton()
itself should stop them being exploited. The report I received stated that
data on the command line could provoke the exploit when Exim was running as
exim, but did not say which command line option was involved. All I could
find was the use of -be with a bad dnsdb PTR lookup, and in that case it is
running as the user.
CAN-2005-0021
35. There was a buffer overflow vulnerability in the SPA authentication code
(which came originally from the Samba project). I have added a test to the
spa_base64_to_bits() function which I hope fixes it.
CAN-2005-0022
36. The daemon start-up calls getloadavg() while still root for those OS that
need the first call to be done as root, but it missed one case: when
deliver_queue_load_max is set with deliver_drop_privilege. This is
necessary for the benefit of the queue runner, because there is no re-exec
when deliver_drop_privilege is set.
37. Caching of lookup data for "hosts =" ACL conditions, when a named host list
was in use, was not putting the data itself into the right store pool;
consequently, it could be overwritten for a subsequent message in the same
SMTP connection. (Fix 4.40/11 dealt with the non-cache case, but overlooked
the caching.)
38. Sometimes the final signoff response after QUIT could fail to get
transmitted in the non-TLS case. Testing !tls_active instead of tls_active
< 0 before doing a fflush(). This bug looks as though it goes back to the
introduction of TLS in release 3.20, but "sometimes" must have been rare
because the tests only now provoked it.
|
|
package-specific Makefile (as mentioned on tech-pkg).
|
|
bump PKGREVISION for dependency change.
|
|
|
|
that contain the correct values of CPPFLAGS, LDFLAGS, and LIBS.
|
|
Update exim-exiscan to 4.43_28nb1
Add back patch to ensure fork() is not called with closed fd 0, 1, or 2
|
|
|
|
No change to default build, so no revision bump
|
|
Update exim-exiscan to 4.43_28 from 4.42_27
Update exim-html to 4.40 from 4.30
exim-exiscan:
28 - Added F-Secure support, thanks to Johan Thelmen <jth@home.se>.
- Upgraded SRS support to libsrs_alt 0.5 via Miles
Wilton's patch.
- REMOVED exiscan-acl implementation of custom header
placement in favor of Philip Hazel's native implementation.
However, a new option option was added for it to
mimic the behaviour of the old header_pos_middle option.
Read section 10 of exiscan-acl-spec.txt.
exim:
1. Fixed a longstanding but relatively impotent bug: a long time ago, before
PIPELINING, the function smtp_write_command() used to return TRUE or FALSE.
Now it returns an integer. A number of calls were still expecting a T/F
return. Fortuitously, in all cases, the tests worked in OK situations,
which is the norm. However, things would have gone wrong on any write
failures on the smtp file descriptor. This function is used when sending
messages over SMTP and also when doing verify callouts.
2. When Exim is called to do synchronous delivery of a locally submitted
message (the -odf or -odi options), it no longer closes stderr before doing
the delivery.
3. Implemented the mua_wrapper option.
4. Implemented mx_fail_domains and srv_fail_domains for the dnslookup router.
5. Implemented the functions header_remove(), header_testname(),
header_add_at_position(), and receive_remove_recipient(), and exported them
to local_scan().
6. If an ACL "warn" statement specified the addition of headers, Exim already
inserted X-ACL-Warn: at the start if there was no header name. However, it
was not making this test for the second and subsequent header lines if
there were newlines in the string. This meant that an invalid header could
be inserted if Exim was badly configured.
7. Allow an ACL "warn" statement to add header lines at the start or after all
the Received: headers, as well as at the end.
8. Added the rcpt_4xx retry error code.
9. Added postmaster_mailfrom=xxx to callout verification option.
10. Added mailfrom=xxxx to the callout verification option, for verify=
header_sender only.
11. ${substr_1_:xxxx} and ${substr__3:xxxx} are now diagnosed as syntax errors
(they previously behaved as ${substr_1_0:xxxx} and ${substr:_0_3:xxxx}).
12. Inserted some casts to stop certain compilers warning when using pointer
differences as field lengths or precisions in printf-type calls (mostly
affecting debugging statements).
13. Added optional readline() support for -be (dynamically loaded).
14. Obscure bug fix: if a message error (e.g. 4xx to MAIL) happened within the
same clock tick as a message's arrival, so that its received time was the
same as the "first fail" time on the retry record, and that message
remained on the queue past the ultimate address timeout, every queue runner
would try a delivery (because it was past the ultimate address timeout) but
after another failure, the ultimate address timeout, which should have then
bounced the address, did not kick in. This was a "< instead of <=" error;
in most cases the first failure would have been in the next clock tick
after the received time, and all would be well.
15. The special items beginning with @ in domain lists (e.g. @mx_any) were not
being recognized when the domain list was tested by the match_domain
condition in an expansion string.
16. Added the ${str2b64: operator.
17. Exim was always calling setrlimit() to set a large limit for the number of
processes, without checking whether the existing limit was already
adequate. (It did check for the limit on file descriptors.) Furthermore,
18. Imported PCRE 5.0.
19. Trivial typo in log message " temporarily refused connection" (the leading
space).
20. If the log selector return_path_on_delivery was set and an address was
redirected to /dev/null, the delivery process crashed because it assumed
that a return path would always be set for a "successful" delivery. In this
case, the whole delivery is bypassed as an optimization, and therefore no
return path is set.
21. Internal re-arrangement: the function for sending a challenge and reading
a response while authentication was assuming a zero-terminated challenge
string. It's now changed to take a pointer and a length, to allow for
binary data in such strings.
22. Added the cyrus_sasl authenticator (code supplied by MBM).
23. Exim was not respecting finduser_retries when seeking the login of the
uid under which it was called; it was always trying 10 times. (The default
setting of finduser_retries is zero.) Also, it was sleeping after the final
failure, which is pointless.
24. Implemented tls_on_connect_ports.
25. Implemented acl_smtp_predata.
26. If the domain in control=submission is set empty, Exim assumes that the
authenticated id is a complete email address when it generates From: or
Sender: header lines.
27. Added "#define SOCKLEN_T int" to OS/os.h-SCO and OS/os.h-SCO_SV. Also added
definitions to OS/Makefile-SCO and OS/Makefile-SCO_SV that put basename,
chown and chgrp in /bin and hostname in /usr/bin.
28. Exim was keeping the "process log" file open after each use, just as it
does for the main log. This opens the possibility of it remaining open for
long periods when the USR1 signal hits a daemon. Occasional processlog
errors were reported, that could have been caused by this. Anyway, it seems
much more sensible not to leave this file open at all, so that is what now
happens.
29. The long-running daemon process does not normally write to the log once it
has entered its main loop, and it closes the log before doing so. This is
so that log files can straightforwardly be renamed and moved. However,
there are a couple of unusual error situations where the daemon does write
log entries, and I had neglected to close the log afterwards.
30. The text of an SMTP error response that was received during a remote
delivery was being truncated at 512 bytes. This is too short for some of
the long messages that one sometimes sees. I've increased the limit to
1024.
31. It is now possible to make retry rules that apply only when a message has a
specific sender, in particular, an empty sender.
32. Added "control = enforce_sync" and "control = no_enforce_sync". This makes
it possible to be selective about when SMTP synchronization is enforced.
33. Added "control = caseful_local_part" and "control = "caselower_local_part".
32. Implemented hosts_connection_nolog.
33. Added an ACL for QUIT.
34. Setting "delay_warning=" to disable warnings was not working; it gave a
syntax error.
35. Added mailbox_size and mailbox_filecount to appendfile.
36. Added control = no_multiline_responses to ACLs.
37. There was a bug in the logic of the code that waits for the clock to tick
in the case where the clock went backwards by a substantial amount such
that the microsecond fraction of "now" was more than the microsecond
fraction of "then" (but the whole seconds number was less).
38. Added support for the libradius Radius client library this is found on
FreeBSD (previously only the radiusclient library was supported).
|
|
Feature changes in exim since 4.34 (bugfixes not listed):
Version 4.42
------------
1. The "personal" filter test is brought up-to-date with
recommendations from the Sieve specification: (a) The list
of non-personal From: addresses now includes "listserv",
"majordomo", and "*-request"; (b) If the message contains
any header line starting with "List=-" it is treated as
non-personal.
2. The Sieve functionality has been extended to support the
"copy" and "vacation" extensions, and comparison tests.
3. There is now an overall timeout for performing a callout
verification. It defaults to 4 times the callout timeout,
which applies to individual SMTP commands during the callout.
The overall timeout applies when there is more than one
host that can be tried. The timeout is checked before trying
the next host. This prevents very long delays if there are
a large number of hosts and all are timing out (e.g. when
the network connections are timing out). The value of the
overall timeout can be changed by specifying an additional
sub-option for "callout", called "maxwait". For example:
verify = sender/callout=5s,maxwait=20s
4. Changes to the "personal" filter test:
(1) The list of non-personal local parts in From: addresses
has been extended to include "listserv", "majordomo",
"*-request", and "owner-*", taken from the Sieve specification
recommendations.
(2) If the message contains any header line starting with
"List-" it is treated as non-personal.
(3) The test for "circular" in the Subject: header line
has been removed because it now seems ill-conceived.
5. The autoreply transport has a new option called never_mail.
This is an address list. If any run of the transport
creates a message with a recipient that matches any item
in the list, that recipient is quietly discarded. If all
recipients are discarded, no message is created.
Version 4.40
------------
The documentation is up-to-date for the 4.40 release. What
follows here is a brief list of the new features that have been
added since 4.30.
1. log_incoming_interface affects more log lines.
2. New ACL modifier "control = submission".
3. CONFIGURE_OWNER can be set at build time to define an
alternative owner for the configuration file, in addition
to root and exim.
4. Added expansion variables $body_zerocount, $recipient_data,
and $sender_data.
5. The time of last modification of the "new" subdirectory is
now used as the "mailbox time last read" when there is a
quota error for a maildir delivery.
6. The special item "+ignore_unknown" may now appear in host
lists.
7. The special domain-matching patterns @mx_any, @mx_primary,
and @mx_secondary can now be followed by "/ignore=<ip list>".
8. New expansion conditions: match_domain, match_address,
match_local_part, lt, lti, le, lei, gt, gti, ge, and new
expansion operators time_interval, eval10, and base62d.
9. New lookup type called "iplsearch".
10. New log selectors ident_timeout, tls_certificate_verified,
queue_time, deliver_time, outgoing_port, return_path_on_delivery.
11. New global options smtp_active_hostname and tls_require_ciphers.
12. Exinext has -C and -D options.
13. "domainlist_cache" forces caching of an apparently variable
list.
14. For compatibility with Sendmail, the command line option
-prval:sval is equivalent to -oMr rval -oMs sval.
15. New callout options use_sender and use_postmaster for use
when verifying recipients.
16. John Jetmore's "exipick" utility has been added to the
distribution.
17. The TLS code now supports CRLs.
18. The dnslookup router and the dnsdb lookup type now support
the use of SRV records.
19. The redirect router has a new option called qualify_domain.
20. exigrep's output now also includes lines that are not
related to any particular message, but which do match the
pattern.
21. New global option write_rejectlog. If it is set false, Exim
no longer writes anything to the reject log.
Changes in exim-exiscan since 4.34_22
27 - Changed algorithm of header_pos_middle to add headers
before the first header which is NOT Received: or
Resent-*:.
exim 4.42 ---------------------------------------------------
26 - Fixed header corruption when using header_pos_top.
(Thanks to Michael Deutschmann).
- Fixed headers being added before any Received-SPF:
header when using header_pos_middle (Thanks to
Michael Deutschmann).
- DrWeb malware support: Add flag to treat .eml file
as plain mail (Thanks to Alex Miller).
25 - Fixed include location of libspf2 headers.
- Added support for Kaspersky AV Version 5 (aveserver).
- Added expansion of av_scanner global variable
when it starts with a dollar sign. This is useful
for implementing multiple malware scanners.
- Added support for adding ACL headers at the beginning
and in the "middle" of the message header block.
(This is a preliminary solution, see comment in SPF
section of exiscan-acl-spec).
24 - Changed documentation to reflect libspf_alt->libspf2
name change.
- Upgraded included SRS patch to 0.3 (author Miles Wilton).
Also added a small doc chapter for SRS.
- Brightmail: put notes for users of new 6.x version in the
docs (search for "BMI6.x").
BMI Version 6 should work OK, an upgraded SDK is now on
Brightmail's download site.
exim 4.41 ----------------------------------------------------
23 - Added patch to support SRS in the redirect router, done
by Miles Wilton. Please check http://srs.mirtol.com/
for more information.
- Fixed the negation operator for SPF support. Thanks
to Michael Haardt for sending a patch.
- Increased buffer size for large SA reports (when using
custom SA rulesets).
- Increased buffer size for large BMI verdicts. Should now
handle large number of recipients gracefully.
|
|
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
|
|
|
|
|
|
Exim changes in 4.34
1. Very minor rewording of debugging text in manualroute to say "list of
hosts" instead of "hostlist".
2. If verify=header_syntax was set, and a header line with an unqualified
address (no domain) and a large number of spaces between the end of the
name and the colon was received, the reception process suffered a buffer
overflow, and (when I tested it) crashed. This was caused by some obsolete
code that should have been removed. The fix is to remove it!
3. When running in the test harness, delay a bit after writing a bounce
message to get a bit more predictability in the log output.
4. Added a call to search_tidyup() just before forking a reception process. In
theory, someone could use a lookup in the expansion of smtp_accept_max_
per_host which, without the tidyup, could leave open a database connection.
5. Added the variables $recipient_data and $sender_data which get set from a
lookup success in an ACL "recipients" or "senders" condition, or a router
"senders" option, similar to $domain_data and $local_part_data.
6. Moved the writing of debug_print from before to after the "senders" test
for routers.
7. Change 4.31/66 (moving the time when the Received: is generated) caused
problems for message scanning, either using a data ACL, or using
local_scan() because the Received: header was not generated till after they
were called (in order to set the time as the time of reception completion).
I have revised the way this works. The header is now generated after the
body is received, but before the ACL or local_scan() are called. After they
are run, the timestamp in the header is updated.
Exim-exiscan version 4.34
22 - added SPF support via libspf_alt. Please read the
docs.
21 - Fix missing fclose() in regex.c. This was causing
scan directories not to be deleted on NFS spools.
- Remove "shutdown socket for writing" from clamd malware
code. It seems to cause problems with the latest
clamd 0.70 release.
- Fix allow tables in acl.c to disallow exiscan conditions
in the RCPT ACL.
- adapted patch to exim 4.34
|
|
This modifies Makefile.common to add "-Wl,${RPATH_FLAG}" to the location
of the chosen library (DB implementation). For example:
-Wl,${RPATH_FLAG}${LOCALBASE}/${BUILDLINK_LIBDIRS.db2}
Also bump PKGREVISIONs for this.
|
|
include location too. This fixes build problem under
Red Hat Enterprise Linux ES release 2.1 which has
its native Berkeley DB header under /usr/include/db1/.
Okay'd by David Brownlee.
|
|
file.
This is probably temporary, because the MESSAGE file needs to
be cleaned up to be correct for rc.d usage. We should have
a consistent message for this that is appended to MESSAGE
when RCD_SCRIPTS is used.
Didn't bump PKGREVISION for this, because was bumped today
and soon the package version will be increased for new exim-4.34.
|
|
use native (since it is the first BDB_ACCEPTED choice). So under
NetBSD this does not change anything.
It can be set to "gdbm" if desiring gdbm as the DB method used.
Else it will use the mk/bdb.buildlink3.mk method.
For example, to choose a specific Berkeley DB implementation
(like DB hash version 7), then do: "make BDB_DEFAULT=db3"
(when EXIM_DB is unset or not set to "gdbm").
Please note that if you change the method, exim may complain
about DB problems. This is okay. You can delete the db files
and regenerate. (exim provides some db management tools too.)
This fixes the problem where exim will not build when
the system's db is not available or correct.
This will close my old PR pkg/19277.
This was discussed with maintainer, David Brownlee.
|
|
|
|
- Fix buffer overflows listed at http://www.guninski.com/exim1.html
Update exim to exim-4.33nb1 (from 4.22nb5)
- Fix buffer overflow listed at http://www.guninski.com/exim1.html
- Leave nb1 to indicate we have a local change from stock 4.33
- 1086 lines of changes - http://www.exim.org/ftp/ChangeLogs/ChangeLog-4.33
- Remove dependancy on exim-user - now looks up EXIM_{USER,GROUP} at runtime
Update exim-exiscan to 4.33_20nb1 (from 4.22-12)
- Fix buffer overflow listed at http://www.guninski.com/exim1.html
- Leave nb1 to indicate we have a local change from stock 4.33_20
- Same exim changes - http://www.exim.org/ftp/ChangeLogs/ChangeLog-4.33
- Changes (http://duncanthrax.net/exiscan-acl/CHANGELOG) include
- added option to use multiple spamd servers
- many mime changes
- Added Brightmail Antispam support
- clamd fixes
Update exim-html to 4.30 (from 4.20)
- Update to latest docs
Delete exim-user
- No longer required - exim now looks up EXIM_{USER,GROUP} at runtime
|
|
|
|
|
|
package, so will let this ride on the update made a few minutes ago.
|
|
Package changes include addition of Makefile.common (to be used by
Upcoming exim-exiscan-acl package), and exim.8
|
