exim.git
5 years agoUse dsn_from for success-DSN messages. Bug 2404
Jeremy Harris [Tue, 4 Jun 2019 17:13:21 +0000 (18:13 +0100)]
Use dsn_from for success-DSN messages.  Bug 2404

(cherry picked from commit 87abcb247b4444bab5fd0bcb212ddb26d5fd9191)
(cherry picked from commit 454bab46ae6812e29652d10c390451c962a6f806)
(cherry picked from commit 9eebb5a0ed51584c18af8b08a27695b806980775)

5 years agoGnuTLS: fix the advertising of acceptable certs by the server. Bug 2389
Jeremy Harris [Sun, 19 May 2019 11:12:36 +0000 (12:12 +0100)]
GnuTLS: fix the advertising of acceptable certs by the server.  Bug 2389

(cherry picked from commit 12d95aa62042377fc9f603245a17a43142972447)
(cherry picked from commit 44893ba5249c6c6d5a0d62a1cc57ba3fbf7185b4)
(cherry picked from commit 7eb6988c118847820de130c9317f851983e0ba8b)

5 years agoFix listing a named queue by a non-admin user. Bug 2398
Jeremy Harris [Fri, 10 May 2019 14:35:58 +0000 (15:35 +0100)]
Fix listing a named queue by a non-admin user.  Bug 2398

(cherry picked from commit e5903596a0)
(cherry picked from commit affc23f0d27bfbca773094146d7e62872ed2895b)
(cherry picked from commit 772e1c684e79465df71157cdccc57739bb841cae)

5 years agoGnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
Jeremy Harris [Tue, 7 May 2019 21:55:41 +0000 (22:55 +0100)]
GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp

(cherry picked from commit 7a501c874f028f689c44999ab05bb0d39da46941)
(cherry picked from commit 5e64b73ef7cdaf20b998b3345a588b462fd30bfb)
(cherry picked from commit 31700e5410af3d27654ff0a32c20d30b1a1e10c3)

5 years agoTestsuite: GnuTLS version variances
Jeremy Harris [Fri, 26 Apr 2019 10:16:47 +0000 (11:16 +0100)]
Testsuite: GnuTLS version variances

(cherry picked from commit e20c4072da517616060d7a6e899b42f65ded4fb0)
(cherry picked from commit 4a7269057fc3bfcb5b19376725431610407e67bc)
(cherry picked from commit d1e5e96dd46f68ee04eb27995c026d5f9ae226f6)

5 years agoTestsuite: avoid recent-perl feature use
Jeremy Harris [Thu, 25 Apr 2019 17:41:52 +0000 (18:41 +0100)]
Testsuite: avoid recent-perl feature use

(cherry picked from commit 6010e708237477b8fab5fbed0a972a937d89fc56)
(cherry picked from commit d4e985be7a3789aa84fb51a0523fc13c7cdff889)
(cherry picked from commit 904909a0f772b918d3ea4fcb600a7b4d6b647bdf)

5 years agoGnuTLS 3.6.7 cipher strings
Jeremy Harris [Thu, 25 Apr 2019 17:24:33 +0000 (18:24 +0100)]
GnuTLS 3.6.7 cipher strings
(cherry picked from commits d9acfc1ce657eb2f6463b9c6f63cd5)

WARNING: This changes user-visible and configuration-visible behaviour.
 Read the ChangeLog!
(cherry picked from commit 656b804e099a4704bd6071241a85bc1e0cc85887)
(cherry picked from commit bf9375eaa85bfa0dbb973aa03accbe5f21808732)

5 years agoTestsuite: output changes resulting
Jeremy Harris [Thu, 25 Apr 2019 09:35:18 +0000 (10:35 +0100)]
Testsuite: output changes resulting

Broken-by: 67ea939cf0
(cherry picked from commit 42e0d3fe36ac7270609a3389f5204a252bcf7d79)
(cherry picked from commit 62e8cac93cff841d8d657363ece7a4367ccc94b3)
(cherry picked from commit abcd3b69cb147bb6206d5a7013b27909c1e0288a)

5 years agoDocs: Remove GNUmake idioms from Makefile, give power to "mv"
Heiko Schlittermann (HS12-RIPE) [Fri, 12 Apr 2019 14:16:57 +0000 (16:16 +0200)]
Docs: Remove GNUmake idioms from Makefile, give power to "mv"

On at least one *BSD system, /tmp is owned by root:wheel and
files created there are owned by <creator>:wheel. The following
mv /tmp/<tmpfile> to an existing file with other permissions fails
for the non-privileged user.

This cherry was picked just for the sake of some build farm animals.

(cherry picked from commit efab32198fdf1a469b2d8b28dcf264d6fc7b8e65)
(cherry picked from commit 8120bdf12e2008621c0a3c4f965075528a0b0005)

5 years agoSPF: better buld compatibility with OpenBSD
Jeremy Harris [Thu, 4 Apr 2019 13:33:28 +0000 (14:33 +0100)]
SPF: better buld compatibility with OpenBSD

(cherry picked from commit bda76da8a9357f4fc525b5f8b925fae262c28010)
(cherry picked from commit 804219086fe9afbc1429c309e339524aaaabcec1)
(cherry picked from commit c26e27d5b81ed5640c00ee87f1d4287fb066dc12)

5 years agoFix build with recent LibreSSL, when including DANE. Bug 2386
Jeremy Harris [Fri, 5 Apr 2019 12:38:54 +0000 (13:38 +0100)]
Fix build with recent LibreSSL, when including DANE.  Bug 2386

(cherry picked from commit c19ab167ac and 1fbf41cdf6
(cherry picked from commit 0d82437ff97668a34a67b4ba398d1294ec016d3a)
(cherry picked from commit 09cc73f04332f420e07f4bc8bb2e2466c2460067)

5 years agoFix "-bP smtp_receive_timeout". Bug 2384
Jeremy Harris [Fri, 22 Mar 2019 15:00:23 +0000 (15:00 +0000)]
Fix "-bP smtp_receive_timeout".  Bug 2384

(cherry picked from commit e6024a5e9e193f559508d05ee401ae8f7f3c25ae)
(cherry picked from commit 2cf1c24f203b3995cfa4434907cff05917a55c90)
(cherry picked from commit 9cfb6ebeb68fcefc83e261cff036aaf444d7d4c5)

5 years agoHarden plaintext authenticator
Jeremy Harris [Thu, 21 Mar 2019 20:01:03 +0000 (20:01 +0000)]
Harden plaintext authenticator

Cherry-picked from: f9fc942757

(cherry picked from commit e5b942ae007d0533fbd599c64d550f3a8355b940)
(cherry picked from commit 7556111f007c98f11adfa27c492d73b775886d9d)

5 years agoOpenSSL: Fix aggregation of messages.
Jeremy Harris [Tue, 19 Mar 2019 15:33:31 +0000 (15:33 +0000)]
OpenSSL: Fix aggregation of messages.

Broken-by: a5ffa9b475
(cherry picked from commit c09dbcfb71f4b9a42cbfd8a20e0be6bfa1b12488)
(cherry picked from commit 332ebeaf8139b2b75f475880fc14b63c7c45c706)
(cherry picked from commit 1bd4207a399775cf842607930e76c14ac54327df)

5 years agoLogging: fix initial listening-on log line
Jeremy Harris [Mon, 18 Mar 2019 00:31:43 +0000 (00:31 +0000)]
Logging: fix initial listening-on log line

(cherry picked from commit 254f38d1c5ada5e4df0bccb385dc466549620c71)
(cherry picked from commit e5be948a65fe601024e5d4256f64efbfed3dd72e)
(cherry picked from commit 8b81ffe198b36c7d3dcaa1697ab71eefa78946ed)

5 years agoFix crash from SRV lookup hitting a CNAME
Jeremy Harris [Thu, 14 Mar 2019 12:26:34 +0000 (12:26 +0000)]
Fix crash from SRV lookup hitting a CNAME

(cherry picked from commit 14bc9cf085aff7bd5147881e5b7068769a29b026)
(cherry picked from commit 09720dd9506176294154dad7152f5f40554046a4)
(cherry picked from commit a189eb636256833f3053d8f2fbb95e51dc0f936c)

5 years agoDocs: Add note on lsearch for IPv4-mapped IPv6 addresses
Jeremy Harris [Tue, 19 Feb 2019 14:45:27 +0000 (14:45 +0000)]
Docs: Add note on lsearch for IPv4-mapped IPv6 addresses

Cherry-picked from: 52af443324c77d3d85fe

(cherry picked from commit 8dde16b89efe2138f92cbfa6c59fb31dc80ec22a)
(cherry picked from commit a457174087afff3685856e295bd8ffcfefe0e05e)

5 years agoFix expansions for RFC 822 addresses having comments in local-part and/or domain...
Jasen Betts [Mon, 18 Feb 2019 13:52:16 +0000 (13:52 +0000)]
Fix expansions for RFC 822 addresses having comments in local-part and/or domain.  Bug 2375

(cherry picked from commit e2ff8e24f41caca3623228b1ec66a3f3961ecad6)
(cherry picked from commit f634b80846cc7ffcab65c9855bcb35312f0232e8)
(cherry picked from commit cebd5bd2ab84c7815a9b99c0f0f16e829af7b4bc)

5 years agoGnuTLS: Fix client detection of server reject of client cert under TLS1.3
Jeremy Harris [Sat, 16 Feb 2019 12:59:23 +0000 (12:59 +0000)]
GnuTLS: Fix client detection of server reject of client cert under TLS1.3

(cherry picked from commit fc243e944ec00b59b75f41d07494116f925d58b4)
(cherry picked from commit c15523829ba17cce5829e2976aa1ff928965d948)
(cherry picked from commit c18e2c3b059f6bfd1c6e9a65ffc8243a4d8034fe)

5 years agoTestsuite: tidying GnuTLS with TLS1.3
Jeremy Harris [Sat, 16 Feb 2019 15:47:52 +0000 (15:47 +0000)]
Testsuite: tidying GnuTLS with TLS1.3

Cherry-picked from: 826cb8c29c,
cbe4bbb27e,
b2ba9267ab

(cherry picked from commit a74adba5fb9459ea7483a5e358d87446e159373b)
(cherry picked from commit dbf07025c150e23e3e1f4c6a382a511a2d5c5270)

5 years agoFix info on using local_scan() in the default Makefile
Jeremy Harris [Thu, 14 Feb 2019 17:14:34 +0000 (17:14 +0000)]
Fix info on using local_scan() in the default Makefile

Broken-by: 9723f96673
(cherry picked from commit 882bc1704d33aa34873e3a0f72e657b0cc2985e5)
(cherry picked from commit cb25b75af850d664fc005d24fbad0e58bf79d4c7)
(cherry picked from commit 2c7c4a9c23950044507a78956ca2c23f9c6a9491)

5 years agoDocs: update DKIM standards info
Jeremy Harris [Thu, 14 Feb 2019 16:44:46 +0000 (16:44 +0000)]
Docs: update DKIM standards info

(cherry picked from commit 27d0d9e6e002b2a9ea9a053e8163523592786ab5)
(cherry picked from commit 13912bf2bc166b324a73b4b5089defa5bb698ae6)
(cherry picked from commit 294f47fdbcbf5534a266d9abfcd1ccb873aff891)

5 years agoFix transport buffer size handling
Jeremy Harris [Tue, 12 Feb 2019 16:52:51 +0000 (16:52 +0000)]
Fix transport buffer size handling

Broken-by: 59932f7dcd
(cherry picked from commit 05bf16f6217e93594929c8bbbbbc852caf3ed374)
(cherry picked from commit 1cfa7822ca8928f95160df8742af11fff888ae7e)
(cherry picked from commit 0654d3440d8735221a58f96f5343fbe243171711)

5 years agoTestsuite: account for (now) properly working Perl locale
Jeremy Harris [Sun, 10 Feb 2019 20:25:59 +0000 (20:25 +0000)]
Testsuite: account for (now) properly working Perl locale

(cherry picked from commit efc8902f16c92a74d06870f2556cb36c84dd4d93)
(cherry picked from commit ec8db648d3af8af2d9e6cbd4896159235c0f1e49)
(cherry picked from commit a8761d62664f96259d815ab84a7a734829972fb3)

5 years agoFix json extract operator for unfound case
Jeremy Harris [Sat, 9 Feb 2019 16:56:59 +0000 (16:56 +0000)]
Fix json extract operator for unfound case

(cherry picked from commit e73798976812e652320f096870359ef35ed069ff)
(cherry picked from commit b2734f7b45111f9b7de790c7b334a2ece47675b5)
(cherry picked from commit b88b6f6f3a29b70cd0b314da8ceab18b0b34eed6)

5 years agostring.c: do not interpret '\\' before '\0' (CVE-2019-15846) exim-4.92.2 exim-4.92.2-RC1
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Aug 2019 12:45:48 +0000 (14:45 +0200)]
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)

Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements

5 years agoUpdate security contact
Heiko Schlittermann (HS12-RIPE) [Sun, 21 Jul 2019 20:58:13 +0000 (22:58 +0200)]
Update security contact

5 years agoAdd security postings for future reference
Heiko Schlittermann (HS12-RIPE) [Sat, 20 Jul 2019 09:43:49 +0000 (11:43 +0200)]
Add security postings for future reference

5 years agoAvoid re-expansion in ${sort } CVE-2019-13917 OVE-20190718-0006 exim-4.92.1 exim-4.92.1-RC2
Jeremy Harris [Fri, 5 Jul 2019 14:38:15 +0000 (15:38 +0100)]
Avoid re-expansion in ${sort } CVE-2019-13917 OVE-20190718-0006

(cherry picked from commit 5c887f836e4d8e3f79da1c15565b56b40d9bd0dd)

5 years agoFix dkim_verify_signers option. Bug 2366 exim-4.92 exim-4.92-RC6 exim-4.92-jgh
Mad Alex [Wed, 30 Jan 2019 13:57:36 +0000 (13:57 +0000)]
Fix dkim_verify_signers option.  Bug 2366
Testsuite coverage by jgh.

Broken-by: d342446f29
5 years agoDocs: clarify quoting for $pipe_addresses
Jeremy Harris [Tue, 29 Jan 2019 15:27:26 +0000 (15:27 +0000)]
Docs: clarify quoting for $pipe_addresses

The texinfo output version has single-quotes round a variable,
so the sentence saying "precisely the text" was difficult to
interpret.

5 years agoDocs: correct spamd port
Odihambo Washington [Tue, 29 Jan 2019 11:10:26 +0000 (11:10 +0000)]
Docs: correct spamd port

5 years agoconfigure.default: spacing, de-tabbing exim-4.92-RC5
Heiko Schlittermann (HS12-RIPE) [Sun, 27 Jan 2019 18:53:31 +0000 (19:53 +0100)]
configure.default: spacing, de-tabbing

5 years agoAdd basic framework for PRDR use with per-user content filters to example config.
Jeremy Harris [Sat, 12 Jan 2019 20:47:23 +0000 (20:47 +0000)]
Add basic framework for PRDR use with per-user content filters to example config.

Mostly commented-out and with dummy lookups since we do not know what sorts
of filtering may be employed.

(cherry picked from commit b220576b3ba5396af6b3e0f45739f269079f8fc5)

5 years agomk_exim_release: tidy
Heiko Schlittermann (HS12-RIPE) [Tue, 22 Jan 2019 21:33:47 +0000 (22:33 +0100)]
mk_exim_release: tidy

5 years agoDocs: crossref list-separator changing
Jeremy Harris [Thu, 24 Jan 2019 21:35:22 +0000 (21:35 +0000)]
Docs: crossref list-separator changing

5 years agoDocs: crossref dlfunc API
Jeremy Harris [Thu, 24 Jan 2019 21:21:29 +0000 (21:21 +0000)]
Docs: crossref dlfunc API

5 years agoMore checks on header line length during reception
Jeremy Harris [Thu, 10 Jan 2019 21:15:11 +0000 (21:15 +0000)]
More checks on header line length during reception

5 years agoDocs: tweak TLS authenticator chapter
Jeremy Harris [Sat, 5 Jan 2019 19:11:18 +0000 (19:11 +0000)]
Docs: tweak TLS authenticator chapter

5 years agoDocs: missing options
Jeremy Harris [Fri, 4 Jan 2019 11:29:19 +0000 (11:29 +0000)]
Docs: missing options

Broken-by: b3ef41c94a
5 years agoDocs: tweak new-drivers chapter
Jeremy Harris [Thu, 3 Jan 2019 21:20:33 +0000 (21:20 +0000)]
Docs: tweak new-drivers chapter

5 years agoPIPE_CONNECT: fix feature-cache refresh
Jeremy Harris [Mon, 31 Dec 2018 13:58:26 +0000 (13:58 +0000)]
PIPE_CONNECT: fix feature-cache refresh

5 years agoDocs: clarify logging from filter
Jeremy Harris [Fri, 28 Dec 2018 20:40:33 +0000 (20:40 +0000)]
Docs: clarify logging from filter

5 years agoUpdate Changelog for GnuTLS and TLS 1.3 Bug 2359 exim-4.92-RC4
Heiko Schlittermann (HS12-RIPE) [Wed, 26 Dec 2018 11:04:29 +0000 (12:04 +0100)]
Update Changelog for GnuTLS and TLS 1.3 Bug 2359

Fix is in 4896a3192ffac48885347460377edcd893eb9600

5 years agoGnuTLS: repeat lowlevel read and write operations while they request retry
Andreas Metzler [Mon, 24 Dec 2018 16:11:41 +0000 (16:11 +0000)]
GnuTLS: repeat lowlevel read and write operations while they request retry

(cherry picked from commit 06faf21f3a84a3ac4aa4f7b1512087423d8c8541)

5 years agomk_exim_release: more perlish
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Dec 2018 19:38:42 +0000 (20:38 +0100)]
mk_exim_release: more perlish

5 years agomk_exim_release: integrate signing and checksumming
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Dec 2018 18:17:12 +0000 (19:17 +0100)]
mk_exim_release: integrate signing and checksumming

5 years agoDKIM: better debug for key/signature size mismatch
Jeremy Harris [Sat, 22 Dec 2018 13:36:07 +0000 (13:36 +0000)]
DKIM: better debug for key/signature size mismatch

5 years agoOpenSSL: clear any leftover errors from the stack after SSL_accept succeeds
Jeremy Harris [Fri, 21 Dec 2018 15:36:42 +0000 (15:36 +0000)]
OpenSSL: clear any leftover errors from the stack after SSL_accept succeeds

5 years agomk_exim_release: output an useful error message when used for older versions
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 22:06:38 +0000 (23:06 +0100)]
mk_exim_release: output an useful error message when used for older versions

Older releases can't be built with the newer mk_exim_release script,
as there are interdependencies with scripts/reversion and version.sh

5 years agoRecent commit is thanks to Josh Soref
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:40:53 +0000 (22:40 +0100)]
Recent commit is thanks to Josh Soref

I managed to drop his name, sorry for that.

5 years agoGrammar changes in docs
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:25:23 +0000 (22:25 +0100)]
Grammar changes in docs

5 years agoFix copyright year and exim website URL schema
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:11:52 +0000 (22:11 +0100)]
Fix copyright year and exim website URL schema

5 years agospelling fixes
klemens [Sun, 16 Apr 2017 18:49:32 +0000 (20:49 +0200)]
spelling fixes

5 years agoDocs: tweaks
Jeremy Harris [Thu, 20 Dec 2018 17:48:52 +0000 (17:48 +0000)]
Docs: tweaks

5 years agoDefault config: use ROUTER_SMARTHOST macro; document exim-4.92-RC3
Phil Pennock [Wed, 19 Dec 2018 00:41:06 +0000 (19:41 -0500)]
Default config: use ROUTER_SMARTHOST macro; document

Work around the `$host` vs CNAME issue for now by re-specifying the
`tls_sni` value on the example `smarthost_smtp` transport, using the
same macro which we use to turn on use of a smarthost.

Uncomment both dnslookup and smarthost routers by default and let the
macro choose between them.

Bring the documentation of the default configuration closer to
up-to-date, on this issue and others which I spotted while in there.

5 years agostats_for_email: Do not auto-select the release directory
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 15:19:11 +0000 (16:19 +0100)]
stats_for_email: Do not auto-select the release directory

5 years agoRe-create test/configure script exim-4.92-RC2
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 14:06:00 +0000 (15:06 +0100)]
Re-create test/configure script

5 years agoUpdate Changelog for Bug 2351
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 14:03:46 +0000 (15:03 +0100)]
Update Changelog for Bug 2351

5 years agoLog failures to extract envelope addresses from message headers. Bug 2351
Jeremy Harris [Sun, 16 Dec 2018 16:33:32 +0000 (16:33 +0000)]
Log failures to extract envelope addresses from message headers.  Bug 2351

(cherry picked from commit 60c02b350a7d325e64ae0a656cfd37a9fbd162a7)

5 years agodoc: gsasl: be clearer that server-side only
Phil Pennock [Sun, 16 Dec 2018 09:29:30 +0000 (04:29 -0500)]
doc: gsasl: be clearer that server-side only

5 years agoFix build with content-scan enabled but all malware types disabled
Jeremy Harris [Sat, 15 Dec 2018 14:25:09 +0000 (14:25 +0000)]
Fix build with content-scan enabled but all malware types disabled

5 years agoFix parsing of option type Kint (integer, stored in K). Bug 2348
Jeremy Harris [Fri, 14 Dec 2018 14:03:18 +0000 (14:03 +0000)]
Fix parsing of option type Kint (integer, stored in K).  Bug 2348

Broken-by: a45431fa71
5 years agosign_exim_package: do not auto-select the packages directory exim-4.92-RC1
Heiko Schlittermann (HS12-RIPE) [Thu, 13 Dec 2018 21:48:08 +0000 (22:48 +0100)]
sign_exim_package: do not auto-select the packages directory

5 years agomk_exim_release: rework for dotted release scheme
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Feb 2018 23:13:40 +0000 (00:13 +0100)]
mk_exim_release: rework for dotted release scheme

5 years agoreversion: Adapt to dotted release scheme
Heiko Schlittermann (HS12-RIPE) [Mon, 3 Dec 2018 15:44:35 +0000 (16:44 +0100)]
reversion: Adapt to dotted release scheme

5 years agoreversion: tidy
Heiko Schlittermann (HS12-RIPE) [Mon, 3 Dec 2018 15:44:05 +0000 (16:44 +0100)]
reversion: tidy

5 years agoDocs: SPF lookup type
Jeremy Harris [Thu, 6 Dec 2018 20:04:29 +0000 (20:04 +0000)]
Docs: SPF lookup type

5 years agoSend delay-MDN for any queurun past delay_warning, even if not retry time yet. Bug...
Jeremy Harris [Wed, 5 Dec 2018 16:09:01 +0000 (16:09 +0000)]
Send delay-MDN for any queurun past delay_warning, even if not retry time yet.  Bug 2341

5 years agotidying
Jeremy Harris [Sun, 2 Dec 2018 01:27:51 +0000 (01:27 +0000)]
tidying

5 years agoMore debug in smtp transport
Jeremy Harris [Sun, 2 Dec 2018 00:29:41 +0000 (00:29 +0000)]
More debug in smtp transport

5 years agoLogging: outgoing_port on temporary errors for non-last hosts
Jeremy Harris [Sat, 1 Dec 2018 16:55:26 +0000 (16:55 +0000)]
Logging: outgoing_port on temporary errors for non-last hosts

Also show nonstandard ports in process info for exiwhat

5 years agoHarden string-list handling
Jeremy Harris [Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)]
Harden string-list handling

5 years agoTestsuite: handle change in GnuTLS cert preference
Jeremy Harris [Thu, 29 Nov 2018 20:46:46 +0000 (20:46 +0000)]
Testsuite: handle change in GnuTLS cert preference

5 years agoTestsuite: output changes resulting
Jeremy Harris [Thu, 29 Nov 2018 19:52:39 +0000 (19:52 +0000)]
Testsuite: output changes resulting

Broken-by: a7a1ad1447
5 years agoGnuTLS: fix build with older libraries
Jeremy Harris [Thu, 29 Nov 2018 10:01:52 +0000 (10:01 +0000)]
GnuTLS: fix build with older libraries

Broken-by: 6aac3239b4
5 years agoTestsuite: regenerate CA trees with 2048-bit keys
Jeremy Harris [Tue, 27 Nov 2018 23:06:16 +0000 (23:06 +0000)]
Testsuite: regenerate CA trees with 2048-bit keys

This is to support RHEL 8.0 where OpenSSL dislikes 1024

5 years agoOpenSSL: fail the handshake when SNI processing hits a problem
Jeremy Harris [Wed, 28 Nov 2018 20:54:53 +0000 (20:54 +0000)]
OpenSSL: fail the handshake when SNI processing hits a problem

5 years agoTLS: Increase RSA keysize of autogen selfsign cert
Jeremy Harris [Wed, 28 Nov 2018 19:45:24 +0000 (19:45 +0000)]
TLS: Increase RSA keysize of autogen selfsign cert

5 years agoTestsuite: switch ciphersuite use
Jeremy Harris [Tue, 27 Nov 2018 20:50:28 +0000 (20:50 +0000)]
Testsuite: switch ciphersuite use

This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA
nor any of the CHACHA20s, but does support DHE Kx + CAMELIA.

All we really wanted was something distinguishable from default
(which is commonly ECDHE-RSA-AUE256-GCM-SHA).

5 years agoTestsuite: ignore OCSP option output; fixes runs on non-OCSP builds
Jeremy Harris [Sun, 25 Nov 2018 21:58:54 +0000 (21:58 +0000)]
Testsuite: ignore OCSP option output; fixes runs on non-OCSP builds

5 years agoFix AUTH_GSASL build
Jeremy Harris [Sat, 24 Nov 2018 15:37:54 +0000 (15:37 +0000)]
Fix AUTH_GSASL build

5 years agoAvoid leaving $domain live with bogus info, during server connection startup
Jeremy Harris [Fri, 23 Nov 2018 23:55:36 +0000 (23:55 +0000)]
Avoid leaving $domain live with bogus info, during server connection startup

Recent efforts to reduce string-copy ops while also avoiding using excessive memory
tripped a check on freeing the still-live variable.  It is unclear why the variable
was set anyway, even though commented.  The use was introduced between Exim 3.36 and 4.0

5 years agonit (typo fix; docs)
Phil Pennock [Thu, 22 Nov 2018 02:07:49 +0000 (21:07 -0500)]
nit (typo fix; docs)

5 years agoFix cyrus-sasl authenticator for $authenticated_fail_id. Bug 2338
Jeremy Harris [Wed, 21 Nov 2018 08:30:20 +0000 (08:30 +0000)]
Fix cyrus-sasl authenticator for $authenticated_fail_id.  Bug 2338

Relabel for commit c0fb53b74e which which had a typo in the commit message.

5 years agoFix cyrus-sasl authenticator for $authenticated_fail_id. Bug 2238
Jeremy Harris [Wed, 21 Nov 2018 00:50:38 +0000 (00:50 +0000)]
Fix cyrus-sasl authenticator for $authenticated_fail_id.  Bug 2238

5 years agoDocs: more on $authenticated_fail_id
Jeremy Harris [Tue, 20 Nov 2018 21:42:48 +0000 (21:42 +0000)]
Docs: more on $authenticated_fail_id

5 years agoTestsuite: document noisy-comment script commands
Jeremy Harris [Sun, 18 Nov 2018 22:11:35 +0000 (22:11 +0000)]
Testsuite: document noisy-comment script commands

5 years agoDocs: add note on manualroute route-lists
Jeremy Harris [Sun, 18 Nov 2018 17:27:38 +0000 (17:27 +0000)]
Docs: add note on manualroute route-lists

5 years agoDocs: indexing of retry final-cutoff
Jeremy Harris [Sun, 18 Nov 2018 16:45:44 +0000 (16:45 +0000)]
Docs: indexing of retry final-cutoff

5 years agotidying
Jeremy Harris [Thu, 15 Nov 2018 15:08:53 +0000 (15:08 +0000)]
tidying

5 years agoLose more string-copy operations
Jeremy Harris [Sat, 17 Nov 2018 19:40:01 +0000 (19:40 +0000)]
Lose more string-copy operations

5 years agoFix growable-string sprintf
Jeremy Harris [Thu, 15 Nov 2018 18:55:51 +0000 (18:55 +0000)]
Fix growable-string sprintf

Broken-by d12746bc15

5 years agoOpenBSD: bump dns-result buffer to 64kB
Jeremy Harris [Thu, 15 Nov 2018 17:21:45 +0000 (17:21 +0000)]
OpenBSD: bump dns-result buffer to 64kB

This just to take out a difference in testsuite behaviour.  Builds
for memory-constrained devices could legitimately use 16kB.

6 years agoRecast more internal string routines to use growable-strings
Jeremy Harris [Wed, 14 Nov 2018 22:32:58 +0000 (22:32 +0000)]
Recast more internal string routines to use growable-strings

6 years agotidying
Jeremy Harris [Wed, 14 Nov 2018 20:22:50 +0000 (20:22 +0000)]
tidying

6 years agoDocs: Add cross-refs for $h_<name>
Jeremy Harris [Tue, 13 Nov 2018 11:50:40 +0000 (11:50 +0000)]
Docs: Add cross-refs for $h_<name>

6 years agoTestsuite: account for hostname-dependent output in debug output
Jeremy Harris [Sun, 11 Nov 2018 18:30:22 +0000 (18:30 +0000)]
Testsuite: account for hostname-dependent output in debug output

6 years agoTestsuite: fix testcases for /etc/services not having smtps
Jeremy Harris [Sun, 11 Nov 2018 18:16:29 +0000 (18:16 +0000)]
Testsuite: fix testcases for /etc/services not having smtps

6 years agoDocs: add notes on smtps
Jeremy Harris [Sun, 11 Nov 2018 18:08:05 +0000 (18:08 +0000)]
Docs: add notes on smtps