Heiko Schlittermann (HS12-RIPE) [Sun, 15 Oct 2023 16:02:25 +0000 (18:02 +0200)]
update Changelog about 4.96.2+fixes
Heiko Schlittermann (HS12-RIPE) [Sun, 15 Oct 2023 15:57:42 +0000 (17:57 +0200)]
Merge branch 'exim-4.96.1+fixes' into exim-4.96.2+fixes
* exim-4.96.1+fixes:
Fix exit on attempt to rewrite a malformed address. Bug 2903
Fix logging of max-size log line
doc: fixup changelog
fixup Changelog
Fix ${tr...} and empty-strings. Bug 3023
Fix: 3013 (testsuite, bugfix) ${run...} $recipients expansion
Fix $reccipients after ${run...}. Bug 2929
fix: backported essence of
44b6e099b7: fix run
docs: update Changelog
Fix: Build with libopendmarc 1.4.x (fixes 2728)
Heiko Schlittermann (HS12-RIPE) [Sat, 14 Oct 2023 21:55:23 +0000 (23:55 +0200)]
docs: Changelog
Jeremy Harris [Tue, 10 Oct 2023 22:03:28 +0000 (23:03 +0100)]
Harden dnsdb against crafted DNS responses. Bug 3033
(cherry picked from commit
8787c8994f07c23c3664d76926e02f07314d699d)
Jeremy Harris [Tue, 10 Oct 2023 11:45:27 +0000 (12:45 +0100)]
SPF: harden against crafted DNS responses
(cherry picked from commit
4f07f38374f8662c318699fb30432273ffcfe0d3)
Heiko Schlittermann (HS12-RIPE) [Sat, 14 Oct 2023 21:33:07 +0000 (23:33 +0200)]
fix: proxy-protocol (CVE-2023-41227) Bug 3031
* fix-CVE-2023-42117:
fix: string_is_ip_address (CVE-2023-42117) (closes 3031)
Testsuite: Add testcases for string_is_ip_address (CVE-2023-42117)
Heiko Schlittermann (HS12-RIPE) [Thu, 5 Oct 2023 20:49:57 +0000 (22:49 +0200)]
fix: string_is_ip_address (CVE-2023-42117) Bug 3031
Heiko Schlittermann (HS12-RIPE) [Sat, 7 Oct 2023 11:07:59 +0000 (13:07 +0200)]
Testsuite: Add testcases for string_is_ip_address (CVE-2023-42117)
Jeremy Harris [Tue, 12 Jul 2022 21:14:04 +0000 (22:14 +0100)]
Fix exit on attempt to rewrite a malformed address. Bug 2903
(cherry picked from commit
e7ec503729970a03d4509921342bc81313976126)
Jeremy Harris [Mon, 19 Dec 2022 21:09:17 +0000 (21:09 +0000)]
Fix logging of max-size log line
Broken-by: d12746bc15d8
(cherry picked from commit
1ed24e36e279c922d3366f6c3144570cc5f54d7a)
Heiko Schlittermann (HS12-RIPE) [Tue, 3 Oct 2023 18:02:46 +0000 (20:02 +0200)]
doc: fixup changelog
credits: Lutz Pressler
Heiko Schlittermann (HS12-RIPE) [Sun, 1 Oct 2023 21:09:27 +0000 (23:09 +0200)]
fixup Changelog
Jeremy Harris [Mon, 11 Sep 2023 14:50:35 +0000 (15:50 +0100)]
Fix ${tr...} and empty-strings. Bug 3023
(cherry picked from commit
b015574531cf18b2126edb9da5a99dad659207dd)
Jeremy Harris [Thu, 3 Aug 2023 19:52:15 +0000 (20:52 +0100)]
Fix: 3013 (testsuite, bugfix) ${run...} $recipients expansion
(cherry picked from commit
8c5ab0901f665bfd16bb0a0e85cef8b26e4e7818)
Fix $recipients expansion when used within ${run...}. Bug 3013
Broken-by: cfe6acff2ddc
(cherry picked from commit
6707bfa9fb78858de938a1abca2846c820c5ded7)
Ruben Jenster [Thu, 3 Nov 2022 21:38:15 +0000 (21:38 +0000)]
Fix $reccipients after ${run...}. Bug 2929
Broken-by: cfe6acff2d
(cherry picked from commit
6b331d5834d12bdda21857cd6fffac17038ce3c7)
Heiko Schlittermann (HS12-RIPE) [Thu, 27 Jul 2023 22:31:19 +0000 (00:31 +0200)]
fix: backported essence of
44b6e099b7: fix run
Heiko Schlittermann (HS12-RIPE) [Fri, 28 Jul 2023 12:42:21 +0000 (14:42 +0200)]
docs: update Changelog
Heiko Schlittermann (HS12-RIPE) [Sat, 15 Oct 2022 17:30:58 +0000 (19:30 +0200)]
Fix: Build with libopendmarc 1.4.x (fixes 2728)
(cherry picked from commit
1561c5d88b3a23a4348d8e3c1ce28554fcbcfe46)
Heiko Schlittermann (HS12-RIPE) [Sat, 30 Sep 2023 20:52:59 +0000 (22:52 +0200)]
update Changelog about security fixes
Jeremy Harris [Thu, 11 May 2023 20:08:08 +0000 (21:08 +0100)]
Auths: fix possible OOB read in SPA authenticator. Bug 3001
(cherry picked from commit
04107e98d58efb69f7e2d7b81176e5374c7098a3)
Jeremy Harris [Thu, 11 May 2023 18:31:54 +0000 (19:31 +0100)]
Auths: fix possible OOB write in SPA authenticator. Bug 3000
(cherry picked from commit
e17b8b0f19b25a223b0cc41933b881c3a1073e61)
Jeremy Harris [Thu, 11 May 2023 17:53:25 +0000 (18:53 +0100)]
Auths: use uschar more in spa authenticator
(cherry picked from commit
0519dcfb5f149154a416b54865fd8026abb57791)
Jeremy Harris [Thu, 11 May 2023 17:02:43 +0000 (18:02 +0100)]
Auths: fix possible OOB write in external authenticator. Bug 2999
(cherry picked from commit
7bb5bc2c6592e062bf0b514cc71afd2d93e2e0dd)
Jeremy Harris [Thu, 23 Jun 2022 13:41:10 +0000 (14:41 +0100)]
Docs: more indexing
Jeremy Harris [Tue, 7 Jun 2022 17:44:36 +0000 (18:44 +0100)]
Testsuite: OpenSSL version differences
Jeremy Harris [Sat, 4 Jun 2022 14:00:03 +0000 (15:00 +0100)]
tidying
Jeremy Harris [Fri, 3 Jun 2022 14:34:03 +0000 (15:34 +0100)]
SRS: avoid expanding ${srs_encode...} when guarded by ${if...}
Jeremy Harris [Fri, 27 May 2022 22:03:02 +0000 (23:03 +0100)]
Handle a v4mapped sender address given us by a proxy. Bug 2855
Jeremy Harris [Wed, 1 Jun 2022 14:06:31 +0000 (15:06 +0100)]
Unbreak DISABLE_PIPE_CONNECT build
Broken-by: b326f3a87a
Jeremy Harris [Wed, 1 Jun 2022 10:19:05 +0000 (11:19 +0100)]
SRS: fix encode operation for empty sender addresses.
Jeremy Harris [Mon, 30 May 2022 08:40:02 +0000 (09:40 +0100)]
Docs: fix host_require_helo
Broken-by: 2f8e0a5f6b
Jeremy Harris [Thu, 26 May 2022 21:31:35 +0000 (22:31 +0100)]
Fix build with DISABLE_TLS_RESUME
Jeremy Harris [Thu, 26 May 2022 19:11:43 +0000 (20:11 +0100)]
CHUNKING: handle protocol errors during reception
Jeremy Harris [Thu, 26 May 2022 12:46:08 +0000 (13:46 +0100)]
CHUNKING: fix second message on conn when first rejected
Jeremy Harris [Thu, 26 May 2022 11:10:27 +0000 (12:10 +0100)]
DEBUG: clarify multiline smtp responses
Jeremy Harris [Tue, 24 May 2022 19:27:38 +0000 (20:27 +0100)]
TLS resumption: fix for PIPECONNECT
When actively initiating a connection with PIPECONNECT, evaluate
the EHLO response for possible lbserver indication when we do
eventually reap that response, before acting on the STARTTLS response.
Jeremy Harris [Tue, 24 May 2022 11:30:14 +0000 (12:30 +0100)]
typo
Jeremy Harris [Mon, 23 May 2022 14:48:38 +0000 (15:48 +0100)]
Logging: distinguish mem-allocation errors
Jeremy Harris [Mon, 23 May 2022 11:09:43 +0000 (12:09 +0100)]
TLS resumption: disable on continued-connection
When we have an open TCP connection and are start a second TLS session
we do not have the host-lbserver string (being in a freshly exec'd
process) needed for session-cache lookup, so resumptino is not safe.
Jeremy Harris [Fri, 20 May 2022 21:38:09 +0000 (22:38 +0100)]
Docs: more info on PIPECONNECT
Jeremy Harris [Mon, 23 May 2022 13:15:15 +0000 (14:15 +0100)]
Debug: clarify SMTP DATA ops in transport
Jeremy Harris [Thu, 19 May 2022 13:24:48 +0000 (14:24 +0100)]
ARC: reset headers before signing for secondary MX. Bug 2886
Jeremy Harris [Thu, 19 May 2022 13:23:02 +0000 (14:23 +0100)]
GnuTLS: Do not free the cached creds on transport connection close. Bug 2886
Jeremy Harris [Sun, 15 May 2022 16:10:59 +0000 (17:10 +0100)]
Debug: pass ACL-initiated debug through spool residency
Jeremy Harris [Sun, 15 May 2022 11:47:30 +0000 (12:47 +0100)]
Testsuite: munge for recent GnuTLS
Jeremy Harris [Sat, 14 May 2022 19:20:21 +0000 (20:20 +0100)]
tidying
Jeremy Harris [Wed, 11 May 2022 18:42:17 +0000 (19:42 +0100)]
Revert "LibreSSL: maintain buildability on versions after 3.5.0"
Breaks Solaris builds.
This reverts commit
c0418936da7c7ec6674e6d60dac5fa33a84e0618.
Kirill Miazine [Wed, 11 May 2022 13:13:22 +0000 (14:13 +0100)]
LibreSSL: maintain buildability on versions after 3.5.0
Jeremy Harris [Mon, 9 May 2022 13:45:53 +0000 (14:45 +0100)]
Fix string_copyn() for limit greater than actual string length
Broken-by: a76d120aed
Jeremy Harris [Sun, 8 May 2022 13:01:03 +0000 (14:01 +0100)]
Docs: clarify distinction between config file and Makefile, for log_file_path. Bug 2825
Jeremy Harris [Sun, 8 May 2022 12:20:49 +0000 (13:20 +0100)]
Docs: clarify $authentication_failed. Bug 2878
Martin Preen [Sat, 7 May 2022 15:52:05 +0000 (16:52 +0100)]
Fix build with Solaris compiler
Jeremy Harris [Thu, 5 May 2022 15:22:54 +0000 (16:22 +0100)]
Fix dbmjz lookup. Bug 2884
Broken-by: 0cc804c877
Jeremy Harris [Sun, 1 May 2022 17:22:32 +0000 (18:22 +0100)]
Docs: use tables rather than displays
Jeremy Harris [Sat, 30 Apr 2022 22:57:33 +0000 (23:57 +0100)]
Taint: generate detainted $domain_data & $local_part_data from Rverify callout
Jeremy Harris [Sat, 30 Apr 2022 18:11:45 +0000 (19:11 +0100)]
Docs: index detaint methods
Jeremy Harris [Fri, 29 Apr 2022 22:29:47 +0000 (23:29 +0100)]
Docs: more warnings on use of tainted data
Jeremy Harris [Fri, 29 Apr 2022 18:59:36 +0000 (19:59 +0100)]
Docs: mark up known-tainted variables
Jeremy Harris [Mon, 25 Apr 2022 16:53:36 +0000 (17:53 +0100)]
Docs: tidy for taint-check of transport process args
Broken-by: cfe6acff2d
Jeremy Harris [Mon, 25 Apr 2022 15:27:38 +0000 (16:27 +0100)]
Fix DISABLE_EVENT build
Broken-by: ef2e5890df
Jeremy Harris [Sat, 23 Apr 2022 17:28:09 +0000 (18:28 +0100)]
Copyright updates:
vi $(git log --name-status exim-4.95..master | awk '/^M/{print $2}' | grep -v '^test/' | sort -u)
Jeremy Harris [Thu, 21 Apr 2022 19:57:44 +0000 (20:57 +0100)]
Docs: more resumption notes
Jeremy Harris [Tue, 19 Apr 2022 20:44:17 +0000 (21:44 +0100)]
exim_dumpdb: keys-only output option
Jeremy Harris [Fri, 15 Apr 2022 09:36:56 +0000 (10:36 +0100)]
TLS resumption: support Outlook hosts-behind-loadbalancer
Jeremy Harris [Wed, 13 Apr 2022 14:37:56 +0000 (15:37 +0100)]
Add string-hashing interface
Jeremy Harris [Wed, 13 Apr 2022 14:31:57 +0000 (15:31 +0100)]
typo
Jeremy Harris [Tue, 12 Apr 2022 12:27:41 +0000 (13:27 +0100)]
TLS resumption: restrict session re-use
Jeremy Harris [Sun, 10 Apr 2022 15:16:10 +0000 (16:16 +0100)]
tidying
Jeremy Harris [Sun, 10 Apr 2022 21:24:18 +0000 (22:24 +0100)]
Docs: fix description of SNI-under-DANE. Bug 2265
Jeremy Harris [Sat, 9 Apr 2022 13:47:15 +0000 (14:47 +0100)]
DKIM: clarify debug output
Jeremy Harris [Thu, 7 Apr 2022 21:25:27 +0000 (22:25 +0100)]
compiler quietening
Jeremy Harris [Thu, 7 Apr 2022 20:17:38 +0000 (21:17 +0100)]
tidying
Jeremy Harris [Thu, 7 Apr 2022 20:16:48 +0000 (21:16 +0100)]
Openssl client: ocsp stapling on resumed seesion
Jeremy Harris [Sun, 3 Apr 2022 14:29:14 +0000 (15:29 +0100)]
tidying
Jeremy Harris [Sun, 3 Apr 2022 20:37:01 +0000 (21:37 +0100)]
Support PIPECONNECT with helo_data using the local IP, when interface is known.
Jeremy Harris [Mon, 4 Apr 2022 22:12:44 +0000 (23:12 +0100)]
Testsuite: account for changed feature name
Broken-by: a375c22c1d
Jeremy Harris [Sun, 3 Apr 2022 17:10:09 +0000 (18:10 +0100)]
CHUNKING: fix availability on continued-transport
Jeremy Harris [Sun, 3 Apr 2022 15:33:40 +0000 (16:33 +0100)]
Docs: allow for multiple return from dnsdb PTR lookup
Jeremy Harris [Sat, 2 Apr 2022 06:58:36 +0000 (07:58 +0100)]
Revert "Build: remove hints-DB interface from macro-predef phase"
This reverts commit
d518c8b6721ea30a9dc3190e57157edd676234ec.
Jeremy Harris [Fri, 1 Apr 2022 20:18:16 +0000 (21:18 +0100)]
Build: remove hints-DB interface from macro-predef phase
Jeremy Harris [Fri, 1 Apr 2022 13:45:15 +0000 (14:45 +0100)]
c99 / non-gcc compatible inlineable functions
Jeremy Harris [Thu, 31 Mar 2022 17:13:12 +0000 (18:13 +0100)]
designated initializers
Jeremy Harris [Mon, 28 Mar 2022 14:22:13 +0000 (15:22 +0100)]
Compiler quietening
Jeremy Harris [Sat, 19 Mar 2022 19:11:17 +0000 (19:11 +0000)]
Tidying: explicit (de)tainting copies
Jeremy Harris [Sun, 20 Mar 2022 14:20:13 +0000 (14:20 +0000)]
Hints DB interface: convert from macros to inlinable functions.
Testing status: tdb, dbm, gdbm & ndbm build and pass testsuite.
Jeremy Harris [Thu, 24 Mar 2022 22:47:04 +0000 (22:47 +0000)]
Logging: fix crash on local_part utf8-conversion fail
Broken-by: d2f99aad04
Jeremy Harris [Sun, 27 Mar 2022 19:41:05 +0000 (20:41 +0100)]
Taintcheck transport-process arguments
Jeremy Harris [Sat, 19 Mar 2022 19:14:34 +0000 (19:14 +0000)]
Debug: build a summary string tracking transport SMTP commands & responses
Jeremy Harris [Sat, 19 Mar 2022 17:18:30 +0000 (17:18 +0000)]
BDB: specific build-time error for version 1 library
Broken-by: 990ba85353
Jeremy Harris [Sun, 13 Mar 2022 16:23:31 +0000 (16:23 +0000)]
constify
Jeremy Harris [Sun, 13 Mar 2022 16:01:52 +0000 (16:01 +0000)]
tidying
Jeremy Harris [Sun, 13 Mar 2022 15:58:07 +0000 (15:58 +0000)]
refactor
Jeremy Harris [Thu, 10 Mar 2022 15:23:26 +0000 (15:23 +0000)]
OpenSSL: track shutdown calls. Bug 2864
Jeremy Harris [Sun, 13 Mar 2022 01:02:37 +0000 (01:02 +0000)]
TDB: quieten compiler and testsuite
Jeremy Harris [Fri, 11 Mar 2022 15:54:26 +0000 (15:54 +0000)]
Set $value for match_<list-type> and inlist
Jeremy Harris [Fri, 11 Mar 2022 15:25:10 +0000 (15:25 +0000)]
tidying
Jeremy Harris [Thu, 10 Mar 2022 20:27:49 +0000 (20:27 +0000)]
Fix static address-list lookup return
Jeremy Harris [Wed, 9 Mar 2022 14:11:50 +0000 (14:11 +0000)]
Add backstop check for taint of executable name when calling exec()
Jeremy Harris [Wed, 9 Mar 2022 14:11:05 +0000 (14:11 +0000)]
tidying
Jeremy Harris [Sun, 6 Mar 2022 20:06:37 +0000 (20:06 +0000)]
Docs: markup syntax
git://git.exim.org / exim.git / log