Heiko Schlittermann (HS12-RIPE) [Wed, 23 Nov 2016 11:02:26 +0000 (12:02 +0100)]
Fix memory leak on (Gnu)TLS close.
This leak doesn't show up under normal operation, as the process
normally dies right after closing the session.
But during callout repetitive TLS sessions are opened and closed from
the same process (the process receiving the message). Depending on
the amount of RAM and the number of callouts the same process does,
this may be a problem. (On an amd64 machine with 4GB RAM, at about 1000
recipients the memory is exhausted.)
(cherry picked from commit
ed62aae3051c9a713d35c8ae516fbd193d1401ba)
Heiko Schlittermann (HS12-RIPE) [Sun, 29 Nov 2015 00:30:46 +0000 (01:30 +0100)]
LDAP: Fix separator for multiple attrs and ldapm
Schema:
attributetype ( NAME foo … )
attributetype ( NAME foo1 SUP foo …)
attributetype ( NAME foo2 SUP foo …)
Objects in Directory:
dn: …
foo1: foo, bar
foo1: baz
foo2: buz
Query and response:
ldap://<HOST>/<BASE>?foo1?sub?<filter>
-> foo,, bar,baz
ldap://<HOST>/<BASE>?foo2?sub?<filter>
-> buz
ldap://<HOST>/<BASE>?foo1,foo2?sub?<filter>
-> foo1="foo,, bar,baz" foo2="buz"
ldap://<HOST>/<BASE>?foo?sub?<filter>
-> foo,, bar,baz,buz
The same holds for ldam, but with multiple lines, for each
object one single line.
(cherry picked from commit
bb4fd71d9937a07155e89b885d40c96f03700b84)
(cherry picked from commit
9494140a9fbaed32259a60af2b59e6f61f06589c)
(cherry picked from commit
7b48497a8046fdb413b57d1fdd13a2af35537dec)
Heiko Schlittermann (HS12-RIPE) [Tue, 15 Mar 2016 23:09:51 +0000 (00:09 +0100)]
Merge branch 'exim-4_86+CVE-2016-1531' into exim-4_86_2+fixes
Heiko Schlittermann (HS12-RIPE) [Fri, 11 Mar 2016 22:44:53 +0000 (23:44 +0100)]
Don't issue env warning if env is empty
keep_environment needs to be mentioned in the runtime config.
Setting add_environment isn't enough to suppress the warning.
(cherry picked from commit
8e58ed807c77febfde61d3cf47928302f93cc99c)
Heiko Schlittermann (HS12-RIPE) [Wed, 9 Mar 2016 10:13:42 +0000 (11:13 +0100)]
Store the initial working directory, expand $initial_cwd. Bug 1805
(cherry picked from commit
3615fa9a06356891367c66ed284cef9db5cefca3)
(cherry picked from commit
fae3a611be53dbf58cbb7c2c4846081ecb87606e)
Heiko Schlittermann (HS12-RIPE) [Thu, 3 Mar 2016 22:08:44 +0000 (23:08 +0100)]
Testsuite: add keep_environment to confs/0610
Heiko Schlittermann (HS12-RIPE) [Wed, 2 Mar 2016 21:55:12 +0000 (22:55 +0100)]
Merge branch 'exim-4_86+CVE-2016-1531' into exim-4_86_2+fixes
Heiko Schlittermann (HS12-RIPE) [Wed, 2 Mar 2016 17:27:51 +0000 (18:27 +0100)]
Update ChangeLog
Heiko Schlittermann (HS12-RIPE) [Wed, 2 Mar 2016 17:19:53 +0000 (18:19 +0100)]
Merge branch 'exim-4_86_1+fixes' into exim-4_86_2+fixes
Branch exim-4_86_1+fixes will not be maintained anymore!
Heiko Schlittermann (HS12-RIPE) [Tue, 1 Mar 2016 20:11:42 +0000 (21:11 +0100)]
Heiko Schlittermann (HS12-RIPE) [Tue, 23 Feb 2016 22:04:42 +0000 (23:04 +0100)]
Merge branch 'exim-4_86+fixes' into exim-4_86_1+fixes
exim-4_86+fixes will not be maintained anymore!
Heiko Schlittermann (HS12-RIPE) [Fri, 19 Feb 2016 22:18:27 +0000 (23:18 +0100)]
Minor corrections for CVE-2016-1531 backport
Heiko Schlittermann (HS12-RIPE) [Thu, 28 Jan 2016 21:20:33 +0000 (22:20 +0100)]
Fix CVE-2016-1531
Add keep_environment, add_environment.
Change the working directory to "/" during the early startup
phase.
(cherry picked from commit
bc3c7bb7d4aba3e563434e5627fe1f2176aa18c0)
(cherry picked from commit
2b92b67bfc33efe05e6ff2ea3852731ac2273832)
(cherry picked from commit
14b82c8b736c8ed24eda144f57703cb9feac6323)
(cherry picked from commit
9ca92d0c6e9c6f161bd8111366c6952d3a9315e2)
(cherry picked from commit
0020c6d9ecfd98ed7b2b337ed4f898fdc409784b)
(cherry picked from commit
e8f96966360ea8867ad6a8b5affda6c37fa4958c)
(cherry picked from commit
ef6fb807c1e1a665f444f644c60c77269f7c5209)
Heiko Schlittermann (HS12-RIPE) [Thu, 11 Feb 2016 15:38:47 +0000 (16:38 +0100)]
Testsuite: flavourize 3450 3454
Jeremy Harris [Thu, 21 Jan 2016 15:37:08 +0000 (15:37 +0000)]
Cutthrough: Fix bug with dot-only line
(cherry picked from commit
1bc460a64a0de0766d21f4f8660c6597bc410cbc)
Jeremy Harris [Wed, 25 Nov 2015 17:49:03 +0000 (17:49 +0000)]
MIME: fix crash on filenames having null charset. Bug 1730
(cherry picked from commit
622dbd6a512d2c7786125e3b80e96a43e54b8e90)
Jeremy Harris [Thu, 15 Oct 2015 20:40:17 +0000 (21:40 +0100)]
DKIM: ignore space & tab embedded in base64 during decode. Bug 1700
(cherry picked from commit
0f557e9065b0bcfce38ee1fea5fc947bf0c5431c)
Jeremy Harris [Mon, 2 Nov 2015 19:03:26 +0000 (19:03 +0000)]
Avoid misaligned access in cached lookup. Bug 1708
(cherry picked from commit
98b98887f926be87eabccc7919e57ce625c63c03)
Jeremy Harris [Sat, 19 Sep 2015 12:59:22 +0000 (13:59 +0100)]
Retry: always use interface, if set, for retry DB key. Bug 1678
Even constant values must be used, as multiple transports with
different values may be in play and should be kept distinct.
(cherry picked from commit
6f6dedccb47f231a0712d882da20feffbac8d0bc)
Jeremy Harris [Thu, 17 Sep 2015 12:35:16 +0000 (13:35 +0100)]
DNS: time-limit cached returns, using TTL. Bug 1395
This can matter for fast-changing data such as DNSBLs.
(cherry picked from commit
14b3c5bc64a16df07583fe4b5ef2e0129d063893)
DNS: avoid overflow in cache TTL for negative entries. Bug 1395
(cherry picked from commit
e162fc9757d4b8cb41aca74214e968622d6c3dee)
Jeremy Harris [Thu, 17 Sep 2015 08:15:35 +0000 (09:15 +0100)]
Docs: fix example for listextract expansion item
Jeremy Harris [Tue, 25 Aug 2015 09:36:27 +0000 (10:36 +0100)]
Close logs after daemon-process exceptional write. Bug 728
(cherry picked from commit
c8899c20aa08c9ae6a4c291aad23ba90512bebe4)
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Aug 2015 11:37:47 +0000 (13:37 +0200)]
Update ChangeLog about Bug 1671
(cherry picked from commit
f1b81d811582d37370363ba0a7ea3bc2422a5e66)
Heiko Schlittermann (HS12-RIPE) [Tue, 11 Aug 2015 15:36:29 +0000 (17:36 +0200)]
Fix ESMTP MAIL command option processing
If the address containes spaces, the option processing
was confused.
(cherry picked from commit
2ef7ed082481b2dccd3c2e0eae849b24bf0b172a)
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Aug 2015 11:58:06 +0000 (13:58 +0200)]
Fix post-transport-crash: safeguard for missing spool BUG 1671
Based on a proposal from Wolfgang Breyha.
(cherry picked from commit
dadff1d47e54962b0fdf98e8ce5cef42b6cb7fb5)
Heiko Schlittermann (HS12-RIPE) [Wed, 19 Aug 2015 13:22:41 +0000 (15:22 +0200)]
Fix post-transport-crash.
The crash probably was introduced in
a39bd74d3e94 and
needs 'split_spool_directory=yes' to expose.
Thanks to Wolfgang Breyha, who found the same fix.
(cherry picked from commit
6b51df8340eacc95e3def9a4376506610e91996c)
Heiko Schlittermann (HS12-RIPE) [Thu, 23 Jul 2015 21:20:37 +0000 (23:20 +0200)]
Doc: parallel builds (make -j) work
Jeremy Harris [Thu, 16 Jul 2015 15:25:53 +0000 (16:25 +0100)]
Docs: emphasize that the smtp_connection log selector applies to inbound
Jeremy Harris [Wed, 15 Jul 2015 22:45:39 +0000 (23:45 +0100)]
Add check on tls_auth pseudo-command. Bug 1659
Phil Pennock [Sun, 12 Jul 2015 23:28:30 +0000 (23:28 +0000)]
Compile with DISABLE_PRDR set
Andreas Metzler [Sat, 4 Jul 2015 16:07:21 +0000 (18:07 +0200)]
Multiple typo fixes.
Andreas Metzler [Thu, 2 Jul 2015 06:48:58 +0000 (08:48 +0200)]
Bump LOCAL_SCAN_ABI_VERSION.
In 4.86 the size of struct recipient_item changed when EXPERIMENTAL_DSN
was made default. This broke the local scan ABI (rebuild required).
See <http://bugs.debian.org/790616>.
Jeremy Harris [Sat, 27 Jun 2015 15:01:28 +0000 (16:01 +0100)]
Change note
Jeremy Harris [Thu, 25 Jun 2015 16:17:30 +0000 (17:17 +0100)]
Docs: add note on string lists
Jeremy Harris [Sun, 21 Jun 2015 13:36:01 +0000 (14:36 +0100)]
Fix error message for router headers_remove expansion failure
Associated with Bug 1533
Heiko Schlittermann (HS12-RIPE) [Mon, 22 Jun 2015 21:10:13 +0000 (23:10 +0200)]
Doc: Fix typo
Heiko Schlittermann (HS12) [Mon, 22 Jun 2015 20:02:30 +0000 (22:02 +0200)]
Doc: Update dns_trust_aa documentation
Jeremy Harris [Mon, 22 Jun 2015 13:17:07 +0000 (14:17 +0100)]
Docs: mark up with changebars
Jeremy Harris [Mon, 22 Jun 2015 12:21:04 +0000 (13:21 +0100)]
Fix support of $spam_ variables at delivery time. Bug 1647
This change is forced on us by the documentation claiming clearly
the support is there, though the code does not and never has.
The doc change that introduced the claim is
7d9f747b5ef8
Jeremy Harris [Mon, 22 Jun 2015 12:55:12 +0000 (14:55 +0200)]
Testsuite: fix operator precedence in dns_extract_auth_name()
Heiko Schlittermann (HS12) [Mon, 22 Jun 2015 09:44:36 +0000 (11:44 +0200)]
Testsuite: Add a first test for dns_trust_aa
Heiko Schlittermann (HS12) [Mon, 22 Jun 2015 07:57:02 +0000 (09:57 +0200)]
Testsuite: fakens may return AUTHORITY records
If an entry in db.<zone> is prefixed with "AA ", fakens
will put a valid NS record into the AUTHORITY section of the
returned packet. This will be used by dns_trust_aa checks.
Jeremy Harris [Mon, 22 Jun 2015 09:32:01 +0000 (10:32 +0100)]
Before importing a certificate, free any previous one. Bug 1648
Second try
Heiko Schlittermann (HS12) [Sun, 21 Jun 2015 15:06:37 +0000 (17:06 +0200)]
Extract NS/SOA in dns_extract_auth_name() more precisly.
Heiko Schlittermann (HS12) [Sun, 21 Jun 2015 15:03:50 +0000 (17:03 +0200)]
Fix and extend the checks in dns_is_secure()
Jeremy Harris [Sun, 21 Jun 2015 18:07:47 +0000 (19:07 +0100)]
Change note
Jeremy Harris [Sun, 21 Jun 2015 17:17:09 +0000 (18:17 +0100)]
Before importing a certificate, free any previous one. Bug 1648
Because the SSL libraries do not use Exim's heap management
this was a memory-leak in "exim -bp".
Jeremy Harris [Sun, 21 Jun 2015 13:26:16 +0000 (14:26 +0100)]
Docs: add warning on list-sep in headerss_remove
Jeremy Harris [Sat, 20 Jun 2015 16:46:42 +0000 (17:46 +0100)]
Docs typo
Gedalya [Sat, 20 Jun 2015 13:33:14 +0000 (14:33 +0100)]
Fix build script. Bug 1646
Jeremy Harris [Sat, 20 Jun 2015 14:20:54 +0000 (15:20 +0100)]
Add docs and massage coding standards for dns_trust_aa
Heiko Schlittermann (HS12) [Fri, 19 Jun 2015 22:45:00 +0000 (00:45 +0200)]
Add dns_trust_aa
This new global option allows to trust the AA bit for
specific domains the same way we'd trust the AD bit.
Jeremy Harris [Tue, 16 Jun 2015 18:56:28 +0000 (19:56 +0100)]
Docs: clarify notes on .ifdef Bug 1155
Jeremy Harris [Mon, 15 Jun 2015 16:43:43 +0000 (17:43 +0100)]
Docs: clarify notes on Events
Wolfgang Breyha [Mon, 15 Jun 2015 13:52:36 +0000 (14:52 +0100)]
DSN: fix null deref when bounce is due to conn-timeout. Bug 1630
Wolfgang Breyha [Mon, 15 Jun 2015 14:43:43 +0000 (15:43 +0100)]
Clarify that preceding 10ca4f was provided by Wolfgang Breyha
Massaged by JH
Jeremy Harris [Tue, 26 May 2015 15:36:08 +0000 (16:36 +0100)]
Add tls_eccurve main config option. Bug 1397
Patch from Suse, massaged by JH
Jeremy Harris [Fri, 12 Jun 2015 16:19:09 +0000 (17:19 +0100)]
minor tidying
Phil Pennock [Sat, 13 Jun 2015 01:07:05 +0000 (01:07 +0000)]
Doc fix: server_secret expansions should fail
The `cyrusless_sasl` authenticator example failed to explicitly fail if
no result was found from the lookup. Using `server_secret`, we should
_always_ fail instead of expanding to an empty string.
Doc-fix only.
Jeremy Harris [Wed, 10 Jun 2015 20:33:06 +0000 (21:33 +0100)]
Testsuite: additional EC encryptions seen
Jeremy Harris [Wed, 10 Jun 2015 19:37:33 +0000 (20:37 +0100)]
Testsuite: Increase test delays and retry rule times
to allow slow hosts more reliable testing
Jeremy Harris [Tue, 9 Jun 2015 22:00:39 +0000 (23:00 +0100)]
Testsuite: less agressive PID-hiding
Jeremy Harris [Tue, 9 Jun 2015 21:08:49 +0000 (22:08 +0100)]
Testsuite: quietening
Heiko Schlittermann (HS12) [Tue, 9 Jun 2015 20:14:26 +0000 (22:14 +0200)]
Revert "Show the DNSSEC status (ad=) always in -bt/-bv output"
This reverts commit
e7a1b6ff65f1bebbc290f2a4fd7554fde00ae2f6.
It's not production grade, since the wording (ad vs. trusted)
is not final yet.
Jeremy Harris [Tue, 9 Jun 2015 15:46:12 +0000 (16:46 +0100)]
Testsuite: avoid IPv6 to avoid "no route to host" log lines
Jeremy Harris [Tue, 9 Jun 2015 12:02:18 +0000 (13:02 +0100)]
Tighter guard for POLLRDHUP
Jeremy Harris [Mon, 8 Jun 2015 20:48:50 +0000 (21:48 +0100)]
Truncate delay when peer closes connection. Bug 348
This is now possible on Linux, at least.
Jeremy Harris [Sun, 7 Jun 2015 21:07:24 +0000 (22:07 +0100)]
Testsuite: avoid IPv6 interfaces to avoid extra debug stderr lines
Andreas Metzler [Sun, 7 Jun 2015 14:16:35 +0000 (15:16 +0100)]
Content scan: Use ETIMEDOUT not ETIME, as having better portability. Bug 1640
Jeremy Harris [Sat, 6 Jun 2015 20:59:05 +0000 (21:59 +0100)]
PRDR: enable server-side in the default config
Jeremy Harris [Sat, 6 Jun 2015 20:43:29 +0000 (21:43 +0100)]
Logging: add log_selector items in the default config. Bug 1333
Jeremy Harris [Sat, 6 Jun 2015 19:53:21 +0000 (20:53 +0100)]
Doc: Add DKIM info in main sections. Bug 1607
Wolfgang Breyha [Sat, 6 Jun 2015 19:07:04 +0000 (20:07 +0100)]
DSN: fix null deref when bounce is due to conn-timeout. Bug 1630
Jeremy Harris [Sat, 6 Jun 2015 18:35:16 +0000 (19:35 +0100)]
Spamd: add missing initialiser. Rspamd mode was incorrectly sometimes seen.
Reported-by: Andreas Metzler
Jeremy Harris [Fri, 5 Jun 2015 14:30:33 +0000 (15:30 +0100)]
Guard routing against a null-deref. Bug 1639
Phil Pennock [Fri, 5 Jun 2015 04:44:20 +0000 (00:44 -0400)]
release tooling: unbreak website build when not verbose
Phil Pennock [Fri, 5 Jun 2015 03:31:50 +0000 (23:31 -0400)]
release tooling: let make cmd be overriden
Also let tar flag actually take an argument
Phil Pennock [Fri, 5 Jun 2015 02:43:13 +0000 (22:43 -0400)]
Copyright year updates (things touched in 2015)
Update current year in docs and banner copyright in src/src/globals.c
Rest of changes from:
vi $(git whatchanged --since=2015-01-01 | grep '^:100' | sed -n 's/^[^M]*M//p' | sort -u | fgrep -v test/)
Note that there are a lot of changes made because of const propagation;
I opted to include the copyright year updates in that, but we could be
doing a better job with who gets the copyright credit for these changes.
Changes visible with:
git diff $(git rev-list -n1 --before="2015-01-01" master)
Jeremy Harris [Thu, 4 Jun 2015 19:28:25 +0000 (20:28 +0100)]
TLS authenticator
Jeremy Harris [Sun, 31 May 2015 22:04:01 +0000 (23:04 +0100)]
refactor build script
Phil Pennock [Fri, 29 May 2015 19:52:50 +0000 (15:52 -0400)]
Adjust my maintainership status to reflect reality
Phil Pennock [Fri, 29 May 2015 19:46:47 +0000 (15:46 -0400)]
OpenSSL: guard X509_check_host against LibreSSL
LibreSSL's fork does not have this new function; as well as adding a
`LIBRESSL_VERSION_NUMBER` value, that project bumped the OpenSSL version
number in such a way as to conflict with our existing version checks.
* Add a guard.
* Add commentary, suggesting how to avoid getting into twistier knots
with API divergence.
Reported by Jasper Wallace, who provided a slightly different patch.
Fixes bug 1635
Heiko Schlittermann (HS12) [Wed, 27 May 2015 21:41:35 +0000 (23:41 +0200)]
Testsuite: Add $USER to env if missing
Andreas Metzler [Wed, 27 May 2015 12:05:03 +0000 (13:05 +0100)]
Expand docs re. logs dir, and make eximon logs dir match exim's. Bug 1324
Jeremy Harris [Wed, 27 May 2015 11:41:08 +0000 (12:41 +0100)]
Note MAIL commands in -bS batch, to avoid smtp_no_mail logline. Bug 1346
Heiko Schlittermann (HS12) [Tue, 26 May 2015 20:44:23 +0000 (22:44 +0200)]
Fix some typos in EDITME
Phil Pennock [Tue, 26 May 2015 09:48:46 +0000 (10:48 +0100)]
TLS: Enable ECDHE on OpenSSL, just the NIST P-256 curve. Bug 1397
Original by Phil Pennock; tweaked by JH.
Jeremy Harris [Sat, 23 May 2015 20:48:26 +0000 (21:48 +0100)]
New ${env {NAME}} expansion. Bug 1604
Jeremy Harris [Sat, 23 May 2015 17:07:58 +0000 (18:07 +0100)]
Testsuite: move test.again.dns and test.fail.dns handling to fakens
Jeremy Harris [Sat, 23 May 2015 16:45:48 +0000 (17:45 +0100)]
tidying
Jeremy Harris [Fri, 22 May 2015 17:32:04 +0000 (18:32 +0100)]
DANE: do not fail/defer message due to TLSA lookup but dane is only requested
Jeremy Harris [Thu, 21 May 2015 22:22:16 +0000 (23:22 +0100)]
Fix DANE for multiple-MX when all TLSA lookup defer. Bug 1634
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:08:21 +0000 (23:08 +0200)]
Testsuite: Check debug message if we requested AD but got AA
Heiko Schlittermann (HS12) [Wed, 20 May 2015 21:07:33 +0000 (23:07 +0200)]
Testsuite: Add support for authoritive answer to fakens
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requested AD but got AA
If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.
Heiko Schlittermann (HS12) [Wed, 13 May 2015 21:50:23 +0000 (23:50 +0200)]
Add DNS debug aid if we requsted AD but got AA
If the resolver we ask is authoritive (AA) for some domain,
we never ever get the AD (authentic data) bit in the answer.
Jeremy Harris [Tue, 19 May 2015 19:28:42 +0000 (20:28 +0100)]
Change HELO-verify forward case from byname to bydns and add DNSSEC tracking
Jeremy Harris [Tue, 19 May 2015 21:32:38 +0000 (22:32 +0100)]
Change host_lookup re-forward from byname to bydns; checking DNSSEC
Jeremy Harris [Sun, 17 May 2015 20:57:46 +0000 (21:57 +0100)]
struct dnssec_domains
Jeremy Harris [Tue, 19 May 2015 16:41:35 +0000 (17:41 +0100)]
Testsuite: avoid tryng to run in net 10.
git://git.exim.org / exim.git / log