Simon Arlott [Thu, 24 Sep 2020 22:03:14 +0000 (23:03 +0100)]
gen_pkcs3: Terminate string before calling BH_hex2bn()
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Fri, 18 Sep 2020 14:25:42 +0000 (10:25 -0400)]
Re-ran the conversion of all DH parameters
I get different results now to those I got before.
Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I
get the results below. The ffdhe2048 value now matches that at
<https://ssl-config.mozilla.org/ffdhe2048.txt>.
I ran the same code yesterday for just the ffdhe2048 item and got code which
seemed to me then to match what was already in the C file. Something hinky is
going on, perhaps with my sanity.
Jeremy Harris [Sun, 20 Sep 2020 22:40:40 +0000 (23:40 +0100)]
Testsuite: avoid cipher vs. cert validity problem
Jeremy Harris [Tue, 15 Sep 2020 13:48:49 +0000 (14:48 +0100)]
Docs: add crossref
Phil Pennock [Thu, 17 Sep 2020 20:44:52 +0000 (16:44 -0400)]
default DH prime choice consistency
A function returning a default and a list which defined the value of "default"
disagreed. Switch both to a macro to make it harder for them to fall out of
sync.
Jeremy Harris [Sat, 12 Sep 2020 21:11:00 +0000 (22:11 +0100)]
eximon: tidying
Richard Clayton [Sat, 12 Sep 2020 21:10:04 +0000 (22:10 +0100)]
eximon: fix FreeBSD build
Heiko Schlittermann (HS12-RIPE) [Fri, 11 Sep 2020 08:41:10 +0000 (10:41 +0200)]
Docs: fix typo.
Credits to u34@net9.ga
Jeremy Harris [Sun, 6 Sep 2020 11:15:10 +0000 (12:15 +0100)]
GnuTLS: clear errno before any data i/o op, so error logging does not see stale values
Jeremy Harris [Tue, 1 Sep 2020 15:17:42 +0000 (16:17 +0100)]
ARC: Add basic error-checking on permitted chars in admd & sel for signing. Bug 2639
Jeremy Harris [Sat, 29 Aug 2020 18:18:35 +0000 (19:18 +0100)]
Taint: enforce checking of directory creates
Jeremy Harris [Sat, 29 Aug 2020 16:39:51 +0000 (17:39 +0100)]
add an internal error code definition
Jeremy Harris [Thu, 27 Aug 2020 20:15:19 +0000 (21:15 +0100)]
Fix non-TLS build
Phil Pennock [Fri, 28 Aug 2020 23:58:36 +0000 (19:58 -0400)]
Fix utilities indexing
It looks like there used to be another level of hierarchy here, with all three
of the hints database commands described in one section. They're now distinct
sections in their own right, so fix how they're linked to.
Reported by: Peter Gervai
Fixes: 2637
Jeremy Harris [Thu, 27 Aug 2020 10:22:55 +0000 (11:22 +0100)]
Docs: add to A= log-line element description
Jeremy Harris [Wed, 26 Aug 2020 22:59:28 +0000 (23:59 +0100)]
Fix non-DANE build
Jeremy Harris [Wed, 26 Aug 2020 22:43:54 +0000 (23:43 +0100)]
DANE: Fix 2 messages from queue case
Jeremy Harris [Mon, 24 Aug 2020 19:15:48 +0000 (20:15 +0100)]
tidying
Jeremy Harris [Mon, 24 Aug 2020 19:14:34 +0000 (20:14 +0100)]
Build: ifdef guard for EXPERIMENTAL_QUEUEFILE
Jeremy Harris [Sun, 23 Aug 2020 16:27:30 +0000 (17:27 +0100)]
Fix non-DANE build
Jeremy Harris [Sun, 23 Aug 2020 14:32:48 +0000 (15:32 +0100)]
DANE: Fix 2-rcpt message, diff domins case. Bug 2265
Jeremy Harris [Sun, 23 Aug 2020 09:02:30 +0000 (10:02 +0100)]
tidying
Jeremy Harris [Sun, 23 Aug 2020 10:40:32 +0000 (11:40 +0100)]
Debug: minor updates
Gavan [Fri, 21 Aug 2020 14:46:01 +0000 (15:46 +0100)]
Taint: fix off-by-one in is_tainted(). Bug 2634
Jeremy Harris [Wed, 19 Aug 2020 20:09:04 +0000 (21:09 +0100)]
DANE: force SNI to use $domain. Bug 2265
Note: this is not a complete fix for the issue
Jeremy Harris [Fri, 14 Aug 2020 12:09:53 +0000 (13:09 +0100)]
Fix ${readsocket } eol-replacement. Bug 2630
Jeremy Harris [Mon, 10 Aug 2020 21:28:48 +0000 (22:28 +0100)]
dnslists: hardwired return value check. Bug 2631
Jeremy Harris [Mon, 10 Aug 2020 18:51:18 +0000 (19:51 +0100)]
Build: Split out dnsbl code
Jeremy Harris [Mon, 10 Aug 2020 19:19:39 +0000 (20:19 +0100)]
Constify
Jeremy Harris [Mon, 10 Aug 2020 19:17:06 +0000 (20:17 +0100)]
Build: tidying
Jeremy Harris [Sun, 9 Aug 2020 00:38:00 +0000 (01:38 +0100)]
Fix spelling of local_part_data in docs and debug output
Jeremy Harris [Sun, 2 Aug 2020 22:56:58 +0000 (23:56 +0100)]
Testsuite: separate cases for TLS resumption with/out OCSP
Jeremy Harris [Sun, 2 Aug 2020 14:25:43 +0000 (15:25 +0100)]
Fix lsearch ret=full
Jeremy Harris [Thu, 30 Jul 2020 19:16:01 +0000 (20:16 +0100)]
Enforce STARTTLS sync point, client side
Tested by appending to the "220 TLS go ahead\r\n" at src/tls-gnu.c line 2500
Testcase 2008, string "synch error before connect" becomes visible in log.
To get the debug output:
Testcase 2008, initial block; add -d+all to the exi -qf
Jeremy Harris [Sat, 1 Aug 2020 20:16:19 +0000 (21:16 +0100)]
SPF: enhance A-R result
Jeremy Harris [Sat, 1 Aug 2020 16:22:48 +0000 (17:22 +0100)]
Testsuite: add EAI local-part testcase
Jeremy Harris [Sat, 25 Jul 2020 22:58:32 +0000 (23:58 +0100)]
GnuTLS: in server, detect TCP RST from client after QUIT under SSL,
and log different message (under new log_selector)
Jeremy Harris [Thu, 23 Jul 2020 15:32:29 +0000 (16:32 +0100)]
OpenSSL: in server, detect TCP RST from client after QUIT under SSL,
and log different message (under new log_selector)
Heiko Schlittermann (HS12-RIPE) [Thu, 16 Jul 2020 21:53:27 +0000 (23:53 +0200)]
debug_print_socket(): output formatting
(cherry picked from exim-4.94+fixes, commit
73b748711caf8a4b18dd1c0d7c662b5d57798dfe)
Heiko Schlittermann (HS12-RIPE) [Thu, 16 Jul 2020 21:45:55 +0000 (23:45 +0200)]
Fix debug_print_socket()
debug_print_socket() crashed on AF_UNIX sockets
(cherry picked from exim-4.94+fixes, commit
81cc39a7f5c17099f93b5c611bde5f58daaab71b)
Heiko Schlittermann (HS12-RIPE) [Thu, 11 Jun 2020 09:42:10 +0000 (11:42 +0200)]
Docs: typos and clarification of DMARC sender
Jeremy Harris [Mon, 13 Jul 2020 12:46:14 +0000 (13:46 +0100)]
Taint: fix ACL "spam" condition, to permit tainted name arguments
Follow-on from:
62b2ccce05
Jeremy Harris [Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)]
Docs: add note on non-functionality of "exists" for de-tainting
Jeremy Harris [Fri, 10 Jul 2020 21:49:56 +0000 (22:49 +0100)]
Release unused memory in parse_quote_2047()
Jeremy Harris [Fri, 10 Jul 2020 12:55:25 +0000 (13:55 +0100)]
Command-line option for no notifier socket. Bug 2616
Jeremy Harris [Thu, 9 Jul 2020 14:30:55 +0000 (15:30 +0100)]
Fix taint trap in parse_fix_phrase(). Bug 2617
Jeremy Harris [Thu, 9 Jul 2020 11:27:12 +0000 (12:27 +0100)]
tidying
Guillaume Outters [Mon, 6 Jul 2020 21:31:51 +0000 (22:31 +0100)]
Fix DKIM signing to always ;-terminate. Bug 2295
Jeremy Harris [Sun, 5 Jul 2020 15:32:27 +0000 (16:32 +0100)]
Support ret-full on lsearch. Bug 2611
Jeremy Harris [Sun, 5 Jul 2020 12:15:00 +0000 (13:15 +0100)]
Move errno-protection into string_open_failed()
Jeremy Harris [Fri, 3 Jul 2020 19:34:37 +0000 (20:34 +0100)]
typoes
Jeremy Harris [Tue, 30 Jun 2020 20:16:42 +0000 (21:16 +0100)]
Fix message-reception clock usage. Bug 2615
Broken-by: 6906c131d1 (4.94)
Jeremy Harris [Mon, 29 Jun 2020 16:14:07 +0000 (17:14 +0100)]
Taint: fix ACL "spam" condition, to permit tainted name arguments.
Jeremy Harris [Sun, 28 Jun 2020 14:24:21 +0000 (15:24 +0100)]
Sqlite: fix segfault on bad/missing sqlite_dbfile. Bug 2606
Jeremy Harris [Sun, 28 Jun 2020 13:59:44 +0000 (14:59 +0100)]
Testsuite: output changes resulting
Jeremy Harris [Sun, 28 Jun 2020 13:16:20 +0000 (14:16 +0100)]
Remove attempts to quieten compiler static-checking (more)
Jeremy Harris [Sat, 27 Jun 2020 13:11:10 +0000 (14:11 +0100)]
Testsuite: munging
Jeremy Harris [Sat, 27 Jun 2020 12:21:59 +0000 (13:21 +0100)]
Remove attempts to quieten compiler static-checking
The rash of output from -Wself-assign on Darwin demonstrates just how pointless this war is
Jeremy Harris [Sat, 27 Jun 2020 11:41:21 +0000 (12:41 +0100)]
Build: separate guard for futimens()
Darwin does not have the data element we manipulate with futimens()
Jeremy Harris [Sat, 27 Jun 2020 11:24:24 +0000 (12:24 +0100)]
typo
Jeremy Harris [Sat, 27 Jun 2020 10:27:59 +0000 (11:27 +0100)]
Fix build for non-Linux platforms having openat.
Broken-by: 1077d3c3f9
Jeremy Harris [Thu, 25 Jun 2020 20:30:43 +0000 (21:30 +0100)]
Docs: list further ways $domain_data &c may be filled in
Jeremy Harris [Thu, 25 Jun 2020 10:16:54 +0000 (11:16 +0100)]
Lookups: Fix "subdir" filter on a dsearch.
Jeremy Harris [Thu, 25 Jun 2020 09:41:49 +0000 (10:41 +0100)]
Build: guards on openat()
Jeremy Harris [Tue, 23 Jun 2020 23:04:13 +0000 (00:04 +0100)]
Handle quoted local_part input to ${srs_encode }. Bug 2607
Jeremy Harris [Mon, 22 Jun 2020 16:27:18 +0000 (17:27 +0100)]
Cutthrough: handle request when a callout-hold is active. Bug 2604
Jeremy Harris [Sun, 21 Jun 2020 11:53:36 +0000 (12:53 +0100)]
Testsuite: the munge for SRS must accept a variable-length timestamp element
Jeremy Harris [Fri, 19 Jun 2020 23:54:05 +0000 (00:54 +0100)]
Fix string_copy() macro to not multiple-eval args. Bug 2603
Broken-by: a76d120aed
Jeremy Harris [Thu, 18 Jun 2020 19:27:52 +0000 (20:27 +0100)]
Docs: tidy more uses of tainted variables
Jeremy Harris [Wed, 17 Jun 2020 20:37:55 +0000 (21:37 +0100)]
Docs: more indexing for SNI
Jeremy Harris [Wed, 17 Jun 2020 15:14:16 +0000 (16:14 +0100)]
Taint: treat $message_body & $message_body_end as tainted
Jeremy Harris [Thu, 11 Jun 2020 19:40:08 +0000 (20:40 +0100)]
Docs: minor tweaks
Jeremy Harris [Sun, 14 Jun 2020 20:29:08 +0000 (21:29 +0100)]
Relax restrictions on which ACLs verify conditions may be used
Jeremy Harris [Sun, 14 Jun 2020 19:43:06 +0000 (20:43 +0100)]
Taint: fix verify. Bug 2598
Jeremy Harris [Fri, 12 Jun 2020 19:17:56 +0000 (20:17 +0100)]
smtp_accept_map_per_host: call search_tidyup in fail path. Bug 2597
Jeremy Harris [Thu, 11 Jun 2020 23:46:34 +0000 (00:46 +0100)]
Taint: fix radius expansion condition
Jeremy Harris [Thu, 11 Jun 2020 20:52:28 +0000 (21:52 +0100)]
GnuTLS: fix build on older library versions
Jeremy Harris [Mon, 8 Jun 2020 10:09:44 +0000 (11:09 +0100)]
GnuTLS: more info on accept zero-error
Jeremy Harris [Thu, 11 Jun 2020 19:21:38 +0000 (20:21 +0100)]
TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug 2594
Heiko Schlittermann (HS12-RIPE) [Thu, 11 Jun 2020 09:37:45 +0000 (11:37 +0200)]
Docs: typo
Jeremy Harris [Mon, 8 Jun 2020 13:24:53 +0000 (14:24 +0100)]
Testsuite: missing file update for
59eee1bc90
Jeremy Harris [Mon, 8 Jun 2020 12:00:55 +0000 (13:00 +0100)]
Filters: fix "vacation" in Exim filter. Bug 2593
Broken-by: cfb9cf20cb (4.90)
Jeremy Harris [Mon, 8 Jun 2020 10:50:37 +0000 (11:50 +0100)]
wip
Jeremy Harris [Sun, 7 Jun 2020 15:38:28 +0000 (16:38 +0100)]
OpenSSL: more info on accept zero-error
Jeremy Harris [Sun, 7 Jun 2020 14:27:12 +0000 (15:27 +0100)]
Testsuite: tidy debug
Jeremy Harris [Sun, 7 Jun 2020 14:26:17 +0000 (15:26 +0100)]
Docs: typoes
Jeremy Harris [Sun, 7 Jun 2020 13:06:27 +0000 (14:06 +0100)]
Copyright year. Bug 2592
Jeremy Harris [Sat, 6 Jun 2020 17:04:36 +0000 (18:04 +0100)]
Sqlite: new-style option to specify db file
Jeremy Harris [Sat, 6 Jun 2020 13:45:47 +0000 (14:45 +0100)]
Refactor lookup argument shuffling
Jeremy Harris [Fri, 5 Jun 2020 09:37:57 +0000 (10:37 +0100)]
Docs: more info on taint
Jeremy Harris [Thu, 4 Jun 2020 12:54:55 +0000 (13:54 +0100)]
Fix -bi. Bug 2590
Actual fix from pierre.labastie@neuf.fr ; additional coding and testcase bu jgh
Broken-by: bdcc6f2bd5
Jeremy Harris [Wed, 3 Jun 2020 11:59:18 +0000 (12:59 +0100)]
tidying
Jeremy Harris [Wed, 3 Jun 2020 10:40:17 +0000 (11:40 +0100)]
Taint: fix multiple ACL actions to properly manage tainted argument data
Jeremy Harris [Tue, 2 Jun 2020 15:35:08 +0000 (16:35 +0100)]
Docs: typoes
Jeremy Harris [Tue, 2 Jun 2020 14:39:27 +0000 (15:39 +0100)]
Docs: fix layout
Patrick Boutilier [Tue, 2 Jun 2020 14:16:10 +0000 (15:16 +0100)]
Docs: fix mistaken variable name
Jeremy Harris [Tue, 2 Jun 2020 14:03:36 +0000 (15:03 +0100)]
Taint: fix listcount expansion operator. Bug 2586
Jeremy Harris [Tue, 2 Jun 2020 13:59:16 +0000 (14:59 +0100)]
tidying
Jeremy Harris [Tue, 2 Jun 2020 13:50:31 +0000 (14:50 +0100)]
Taint: fix pam expansion condition. Bug 2587
Jeremy Harris [Tue, 2 Jun 2020 12:35:06 +0000 (13:35 +0100)]
Docs: ${listitem }