Phil Pennock [Fri, 30 Oct 2020 00:49:49 +0000 (20:49 -0400)]
SECURITY: refuse too small store allocations
Negative sizes are definitely bad.
Optimistically, I'm saying that zero is bad too. But perhaps we have something
doing that, expecting to be able to grow. In which case we'll have to amend
this.
(cherry picked from commit
1c9afcec0043e2fb72607b2addb0613763705549)
Phil Pennock [Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)]
SECURITY: fix Qualys CVE-2020-PFPZA
(cherry picked from commit
29d7a8c25f182c91d5d30f124f9e296dce5c018e)
Phil Pennock [Thu, 29 Oct 2020 23:00:51 +0000 (19:00 -0400)]
SECURITY: fix Qualys CVE-2020-PFPSN
(cherry picked from commit
93b6044e1636404f3463f3e1113098742e295542)
Phil Pennock [Thu, 29 Oct 2020 15:47:58 +0000 (11:47 -0400)]
SECURITY: fix Qualys CVE-2020-SLCWD
(cherry picked from commit
bf5f9d56fadf9be8d947f141d31f7e0e8fa63762)
Phil Pennock [Thu, 29 Oct 2020 22:40:37 +0000 (18:40 -0400)]
SECURITY: pick up more argv length checks
(cherry picked from commit
f28a6a502c7973d8844d11d4b0990d4b0359fb3f)
Phil Pennock [Thu, 29 Oct 2020 22:11:35 +0000 (18:11 -0400)]
SECURITY: length limits on many cmdline options
We'll also now abort upon, rather than silently truncate, a driver name
(router, transport, ACL, etc) encountered in the config which is longer than
the 64-char limit.
(cherry picked from commit
ff8bef9ae2370db4a7873fe2ce573a607fe6999f)
Phil Pennock [Fri, 18 Sep 2020 14:25:42 +0000 (10:25 -0400)]
Re-ran the conversion of all DH parameters
I get different results now to those I got before.
Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I
get the results below. The ffdhe2048 value now matches that at
<https://ssl-config.mozilla.org/ffdhe2048.txt>.
I ran the same code yesterday for just the ffdhe2048 item and got code which
seemed to me then to match what was already in the C file. Something hinky is
going on, perhaps with my sanity.
(the commit IDs changee because of heavy rebasing (heiko))
(cherry picked from commit
76ed8115182e2daaadb437ec9655df8000796ec5)
Simon Arlott [Thu, 24 Sep 2020 22:03:14 +0000 (23:03 +0100)]
gen_pkcs3: Terminate string before calling BH_hex2bn()
Signed-off-by: Phil Pennock <pdp@exim.org>
(cherry picked from commit
1cf66e5872d517b620c308af634e4e26e3547f06)
Phil Pennock [Fri, 30 Oct 2020 02:14:45 +0000 (22:14 -0400)]
Default config: reject on too many bad RCPT
An example exploit failed against my system, because I had this sanity guard in
place; it's not a real security fix since a careful attacker could find enough
valid recipients to hit that problem, but it highlights that this is a useful
enough pattern that we should encourage its wider use.
(cherry picked from commit
2a636a39fff29b7c3da1798767a510dfed982a62)
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Mar 2021 06:56:59 +0000 (07:56 +0100)]
Handle SIGINT as we do with SIGTERM
(cherry picked from commit
cdc5c672e1c309294626cd5ed90acdccb05baaa1)
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Mar 2021 06:59:21 +0000 (07:59 +0100)]
Enforce pid_file_path start at "/"
(cherry picked from commit
60f2a8e797d9ebaea1e3eac4ad28ff64e11bab40)
Heiko Schlittermann (HS12-RIPE) [Mon, 29 Mar 2021 16:17:55 +0000 (18:17 +0200)]
testsuite: tidy logs/4520 and confs/4520
This fixed 4520 failure en-passant, but I'm sure it's a timing issue
here (the order of the mainlog output lines didn't exactly match the
logs/4520)
(cherry picked from commit
95306ca61531d9d79c5dac808a5a571158acd29c)
Heiko Schlittermann (HS12-RIPE) [Tue, 16 Mar 2021 22:44:29 +0000 (23:44 +0100)]
Jeremy Harris [Sat, 27 Feb 2021 19:25:26 +0000 (19:25 +0000)]
Docs: fix description of hosts_try_dane. Bug 2704
Cherry-picked from:
725900cda2
Jeremy Harris [Tue, 23 Feb 2021 18:55:33 +0000 (18:55 +0000)]
Bulid: fix DISABLE_PIPE_CONNECT build. Bug 2703
(cherry picked from commit
a842359f622190904ceccfff1afff021570566eb)
Jeremy Harris [Mon, 22 Feb 2021 21:48:19 +0000 (21:48 +0000)]
Fix list-expansion for various domainlists, having included sublist elements. Bug 2701
(cherry picked from commit
e2be2df5c0760e2b6a7870c88ad486a23f5e4b01)
Jeremy Harris [Sat, 13 Feb 2021 17:26:14 +0000 (17:26 +0000)]
Fix build for platforms not having ulong
(cherry picked from commit
be839a2609381f535f263ed0c459a4ebf3fd5d1d)
Heiko Schlichting [Fri, 19 Feb 2021 11:14:36 +0000 (11:14 +0000)]
Fix weight calculation for socks_proxy. Bug 2694
(cherry picked from commit
83811e3c1b8189c0a725ec53df699730e7767263)
Heiko Schlichting [Fri, 19 Feb 2021 11:11:51 +0000 (11:11 +0000)]
Fix weight calculation for spamd_address. Bug 2694
(cherry picked from commit
6296a393aeab9fecc38916dfcbf1c94d54691650)
Jeremy Harris [Fri, 12 Feb 2021 17:40:28 +0000 (17:40 +0000)]
Fix FreeBSD 13 build
(cherry picked from commit
e8fd2c45ddd6f59f159baaa2c154ced5ce36f3df)
Jeremy Harris [Sat, 6 Feb 2021 22:01:23 +0000 (22:01 +0000)]
Fix handling of server which follows a RCPT 452 with a 250. Bug 26092
(cherry picked from commit
d6870e76cf0b838eab1929e5d5afb486c4e7b448)
Jeremy Harris [Sat, 6 Feb 2021 17:30:37 +0000 (17:30 +0000)]
Fix daemon-SIGHUP on FreeBSD
Cherry-picked from:
beb5d85c7d
Jeremy Harris [Fri, 29 Jan 2021 21:36:15 +0000 (21:36 +0000)]
Testsuite: missing files
Broken-by: 2a57e74079
Jeremy Harris [Fri, 29 Jan 2021 19:54:02 +0000 (19:54 +0000)]
Lookups: fix $local_part_data for a match on a filename list element. Bug 2691
(cherry picked from commit
0c70e694cf1a703798c0778a3236079e1b25c91d)
Jeremy Harris [Tue, 12 Jan 2021 15:36:09 +0000 (15:36 +0000)]
Auths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687
(cherry picked from commit
ca22cc0abe93c28f3d296d99c239413bb0d079c4)
Jeremy Harris [Sat, 9 Jan 2021 13:08:35 +0000 (13:08 +0000)]
Utilities: harden exim_tidydb against corrupt wait-records. Bug 2343
(cherry picked from commit
fc96555ab63243de9d468325aeaaa14cd77b9943)
Jeremy Harris [Sat, 26 Dec 2020 18:55:29 +0000 (18:55 +0000)]
Fix build on GNU/Hurd [supports openat()]. Bug 2608
(cherry picked from commit
5f4ca3541f228b0b9b880406e70342dea5a2a7a9)
Jeremy Harris [Sat, 26 Dec 2020 18:18:33 +0000 (18:18 +0000)]
Fix build warning on 32-bit int platfowms. Bug 2678
(cherry picked from commit
abca11df7f354c123b0ff8a9bfb89a669d7742d4)
Jeremy Harris [Wed, 23 Dec 2020 22:35:04 +0000 (22:35 +0000)]
Fix ${listextract } from a tainted list
(cherry picked from commit
942f0be6c2cd3ec8c39ca234a449561d9d3c1075)
Jeremy Harris [Sun, 20 Dec 2020 15:55:59 +0000 (15:55 +0000)]
Fix local delivery delay when combined with remote callout/hold. Bug 2599
(cherry picked from commit
94ecf089d68ac5b85c2a99177a8e4b4d35d5aa2e)
Jeremy Harris [Thu, 17 Dec 2020 09:59:23 +0000 (09:59 +0000)]
Fix the PIPE_CONNECT feature control in the template Makefile, the
default having changed to "included" for 4.93
Broken-by: 81344b40e3
(cherry picked from commit
46694b802ce0302f3c3344be933cc9737d4d4f4c)
Jeremy Harris [Thu, 17 Dec 2020 09:39:59 +0000 (09:39 +0000)]
Remove the X_ prefix from the PIPE_CONNECT SMTP service extension keyword.
(cherry picked from commit
958af3bdb77dc5c190b7f5117c68d2b0acd7b5bc)
Jeremy Harris [Wed, 16 Dec 2020 20:05:07 +0000 (20:05 +0000)]
Fix matching of long addresses. Bug 2677
(cherry picked from commit
183389fae10672e8d5ffb1f14f23a179798f483a)
Jeremy Harris [Sat, 31 Oct 2020 23:58:11 +0000 (23:58 +0000)]
Pass authenticator pubname through spool. Bug 2648
(cherry picked from commit
a75ebe0dcc5faeb915cacb0d9db66d2475789116)
Jeremy Harris [Fri, 30 Oct 2020 13:58:01 +0000 (13:58 +0000)]
LDAP: fix taint-check in server list walk. Bug 2646
(cherry picked from commit
51b611aa81d7ee01243b196abc34a0e2eabd293c)
Richard Clayton [Sat, 12 Sep 2020 21:10:04 +0000 (22:10 +0100)]
eximon: fix FreeBSD build
(cherry picked from commit
ba00bdd4609501dd3ffe187074ff7f8197a9059f)
Jeremy Harris [Thu, 27 Aug 2020 20:15:19 +0000 (21:15 +0100)]
Fix non-TLS build
(cherry picked from commit
b38a477da0a5248ed1d2b7590922c89c6337ec3b)
Jeremy Harris [Sun, 6 Sep 2020 11:15:10 +0000 (12:15 +0100)]
GnuTLS: clear errno before any data i/o op, so error logging does not see stale values
(cherry picked from commit
d52a8ce8499fbb88f4670623df9f52d3e790292b)
Phil Pennock [Fri, 28 Aug 2020 23:58:36 +0000 (19:58 -0400)]
Fix utilities indexing
It looks like there used to be another level of hierarchy here, with all three
of the hints database commands described in one section. They're now distinct
sections in their own right, so fix how they're linked to.
Reported by: Peter Gervai
Part-fixes: 2637
(cherry picked from commit
d79247e6321bd44f4f21bc1234e0424d0fa558eb)
Jeremy Harris [Wed, 26 Aug 2020 22:59:28 +0000 (23:59 +0100)]
Fix non-DANE build
(cherry picked from commit
651946cbf8e3849687332049730e5fa23d42b4b7)
Jeremy Harris [Wed, 26 Aug 2020 22:43:54 +0000 (23:43 +0100)]
DANE: Fix 2 messages from queue case
(cherry picked from commit
b6054898ace169a0e5143117397a4f666a5e7283)
Jeremy Harris [Sun, 23 Aug 2020 16:27:30 +0000 (17:27 +0100)]
Fix non-DANE build
(cherry picked from commit
79b19a30d9fc64a7b7f70928cdefe4f51064280b)
Jeremy Harris [Sun, 23 Aug 2020 14:32:48 +0000 (15:32 +0100)]
DANE: Fix 2-rcpt message, diff domins case. Bug 2265
(cherry picked from commit
99350dede64ad634300ddf15d0d97a81fd75d330)
Jeremy Harris [Wed, 19 Aug 2020 20:09:04 +0000 (21:09 +0100)]
DANE: force SNI to use $domain. Bug 2265
Note: this is not a complete fix for the issue
(cherry picked from commit
7044dd8fd62e215572ecf5a2c7f1bb9581cf6628)
Gavan [Fri, 21 Aug 2020 14:46:01 +0000 (15:46 +0100)]
Taint: fix off-by-one in is_tainted(). Bug 2634
(cherry picked from commit
e0ae68c8ee6788508da4989ee0d6fcbaf40c7b97)
Jeremy Harris [Mon, 24 Aug 2020 19:14:34 +0000 (20:14 +0100)]
Build: ifdef guard for EXPERIMENTAL_QUEUEFILE
(cherry picked from commit
1f5d0a9551205febf6729c7ee36c27626a76b4a4)
Gavan [Fri, 21 Aug 2020 14:46:01 +0000 (15:46 +0100)]
Taint: fix off-by-one in is_tainted(). Bug 2634
(cherry picked from commit
e0ae68c8ee6788508da4989ee0d6fcbaf40c7b97)
Jeremy Harris [Fri, 14 Aug 2020 12:09:53 +0000 (13:09 +0100)]
Fix ${readsocket } eol-replacement. Bug 2630
(cherry picked from commit
7f83b348ccf4cd815e9758ab9ca1012e66324e9d)
Jeremy Harris [Sun, 9 Aug 2020 00:38:00 +0000 (01:38 +0100)]
Fix spelling of local_part_data in docs and debug output
(cherry picked from commit
ccec2d82e2fda6d764f6cd1a9dd21c4f6285b614)
Heiko Schlittermann (HS12-RIPE) [Thu, 16 Jul 2020 21:53:27 +0000 (23:53 +0200)]
debug_print_socket(): output formatting
Heiko Schlittermann (HS12-RIPE) [Thu, 16 Jul 2020 21:45:55 +0000 (23:45 +0200)]
Fix debug_print_socket()
debug_print_socket() crashed on AF_UNIX sockets
Jeremy Harris [Mon, 13 Jul 2020 12:46:14 +0000 (13:46 +0100)]
Taint: fix ACL "spam" condition, to permit tainted name arguments
Follow-on from:
62b2ccce05
(cherry picked from commit
532800c8bf0e4bc2c27739477e70e0d7eef7df21)
Jeremy Harris [Thu, 9 Jul 2020 14:30:55 +0000 (15:30 +0100)]
Fix taint trap in parse_fix_phrase(). Bug 2617
(cherry picked from commit
3c90bbcdc7cf73298156f7bcd5f5e750e7814e72)
Guillaume Outters [Mon, 6 Jul 2020 21:31:51 +0000 (22:31 +0100)]
Fix DKIM signing to always ;-terminate. Bug 2295
(cherry picked from commit
65fe780259d0009354b5dfc9a4f1b48ad6513db2)
Jeremy Harris [Fri, 3 Jul 2020 19:35:58 +0000 (20:35 +0100)]
typoes
Jeremy Harris [Tue, 30 Jun 2020 20:16:42 +0000 (21:16 +0100)]
Fix message-reception clock usage. Bug 2615
Broken-by: 6906c131d1 (4.94)
(cherry picked from commit
c9bce82e3064126be34d85280d0a7fbf65b3abec)
Jeremy Harris [Mon, 29 Jun 2020 16:26:36 +0000 (17:26 +0100)]
Taint: fix ACL "spam" condition, to permit tainted name arguments.
Cherry-picked from:
62b2ccce05
Jeremy Harris [Sun, 28 Jun 2020 14:24:21 +0000 (15:24 +0100)]
Sqlite: fix segfault on bad/missing sqlite_dbfile. Bug 2606
(cherry picked from commit
3d0472791a0928963a3f8184fe28479e80d1a47d)
Jeremy Harris [Thu, 25 Jun 2020 20:30:43 +0000 (21:30 +0100)]
Docs: list further ways $domain_data &c may be filled in
(cherry picked from commit
f5ee670dc5eb90c68ee684f478598bd9af6fbf36)
Jeremy Harris [Thu, 25 Jun 2020 10:16:54 +0000 (11:16 +0100)]
Lookups: Fix "subdir" filter on a dsearch.
(cherry picked from commit
e0e21929b7426b9b5bbf5e3747797043801b1151)
Jeremy Harris [Mon, 22 Jun 2020 16:27:18 +0000 (17:27 +0100)]
Cutthrough: handle request when a callout-hold is active. Bug 2604
(cherry picked from commit
99bfcf2b678e7bd8125a7eb44409e46549bfc111)
Jeremy Harris [Fri, 19 Jun 2020 23:54:05 +0000 (00:54 +0100)]
Fix string_copy() macro to not multiple-eval args. Bug 2603
Broken-by: a76d120aed
(cherry picked from commit
80c2ec2e47c556daff00c79ee068ce68f25fd264)
Jeremy Harris [Sun, 14 Jun 2020 21:14:11 +0000 (22:14 +0100)]
Taint: fix verify. Bug 2598
(cherry-picked from
2b60ac1021 and
9eed571fd7)
Jeremy Harris [Fri, 12 Jun 2020 19:43:43 +0000 (20:43 +0100)]
smtp_accept_map_per_host: call search_tidyup in fail path. Bug 2597
(cherry-picked from:
d3a538c8fe)
Jeremy Harris [Thu, 11 Jun 2020 23:46:34 +0000 (00:46 +0100)]
Taint: fix radius expansion condition
(cherry picked from commit
f91219c114a3d95792d052555664a5a7a3984a8d)
Jeremy Harris [Thu, 11 Jun 2020 19:45:05 +0000 (20:45 +0100)]
TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. Bug 2594
(cherry picked from commit
0851a3bbf4667081d47f5d85b6b3a5cb33cbdba6)
Jeremy Harris [Mon, 8 Jun 2020 12:00:55 +0000 (13:00 +0100)]
Filters: fix "vacation" in Exim filter. Bug 2593
Broken-by: cfb9cf20cb (4.90)
(cherry picked from commit
59eee1bc902f106d20f507ba16f37cb8ab5a5e8d)
Jeremy Harris [Thu, 4 Jun 2020 14:28:15 +0000 (15:28 +0100)]
Fix -bi. Bug 2590
Actual fix from pierre.labastie@neuf.fr ; additional coding and testcase bu jgh
Broken-by: bdcc6f2bd5
(Cherry-picked from:
0e0e171628)
Jeremy Harris [Wed, 3 Jun 2020 10:40:17 +0000 (11:40 +0100)]
Taint: fix multiple ACL actions to properly manage tainted argument data
(cherry picked from commit
12b7f811de4a540d0724585aecfa33b5881e2a30)
Jeremy Harris [Tue, 2 Jun 2020 15:34:42 +0000 (16:34 +0100)]
Docs: typoes
Cherry-picked from:
1195f8f2a4
Jeremy Harris [Tue, 2 Jun 2020 14:39:27 +0000 (15:39 +0100)]
Docs: fix layout
(cherry picked from commit
7090df68161b4ed1c86e5adde7800d9049c47433)
Patrick Boutilier [Tue, 2 Jun 2020 14:16:10 +0000 (15:16 +0100)]
Docs: fix mistaken variable name
(cherry picked from commit
eb55cb1d2c5552209e24345e9d21f83ec1eaccf6)
Jeremy Harris [Tue, 2 Jun 2020 14:03:36 +0000 (15:03 +0100)]
Taint: fix listcount expansion operator. Bug 2586
(cherry picked from commit
44644c2e404a3ea0191db0b0458e86924fb240bb)
Jeremy Harris [Tue, 2 Jun 2020 13:50:31 +0000 (14:50 +0100)]
Taint: fix pam expansion condition. Bug 2587
(cherry picked from commit
f7f933a199be8bb7362c715e0040545b514cddca)
Jeremy Harris [Tue, 2 Jun 2020 12:35:06 +0000 (13:35 +0100)]
Docs: ${listitem }
(cherry picked from commit
29f5141e7cb1ee65369d8e49250134edc4e6120a)
Jeremy Harris [Sat, 30 May 2020 20:35:38 +0000 (21:35 +0100)]
Testsuite: munge for Postgres version
Jeremy Harris [Sat, 30 May 2020 20:05:25 +0000 (21:05 +0100)]
Testsuite: MySQL: use password on account used for test access
Forced on us by security tightning in Mariadb 10.4
Heiko Schlittermann (HS12-RIPE) [Tue, 26 May 2020 10:28:43 +0000 (12:28 +0200)]
Make def:<var> compatible between "static" and "dynamic" vars.
Some variables are simple pointers to internal memory (e.g.
vtype_stringptr), other variables are dynamically filled with content
(e.g. vtype_string_func).
The static variables contain "" if they're not defined yet.
At least on dynamic variable (recipients, backed by fn_recipients())
returned NULL instead of "", which lead to unexpected results on
def:recipients.
To keep the functions usable in places where it makes sense to return
NULL and "" as distinct values, I didn't touch the functions, but the
evaluation logic in find_variable().
Jeremy Harris [Mon, 25 May 2020 11:41:20 +0000 (12:41 +0100)]
Testsuite: avoid fail on non-TLS bulid
Jeremy Harris [Mon, 25 May 2020 10:38:25 +0000 (11:38 +0100)]
Fix listquote expansion item to handle empty-string input
Heiko Schlittermann (HS12-RIPE) [Sun, 24 May 2020 20:53:01 +0000 (22:53 +0200)]
EDITME: Shorten the explanation of <osname> and <build>
Jeremy Harris [Sun, 24 May 2020 18:17:59 +0000 (19:17 +0100)]
Docs: SPF options
Heiko Schlittermann (HS12-RIPE) [Sat, 23 May 2020 13:50:23 +0000 (15:50 +0200)]
Doc: Clarify variables for spf_smtp_comment_template
Heiko Schlittermann (HS12-RIPE) [Fri, 22 May 2020 15:32:33 +0000 (17:32 +0200)]
SPF: Add main config option "spf_smtp_comment_template
Heiko Schlittermann (HS12-RIPE) [Mon, 18 May 2020 20:40:24 +0000 (22:40 +0200)]
SPF: Remove the parameters of the broken explanation link
The complete www.open-spf.org is a static copy of the formerly working
openspf.org page. The explanation form doesn't work anymore.
Jeremy Harris [Wed, 20 May 2020 21:14:59 +0000 (22:14 +0100)]
OpenSSL: clear error stack before avery I/O operation
Jeremy Harris [Tue, 19 May 2020 00:14:55 +0000 (01:14 +0100)]
Docs: remove reduundant transport configu lines
Jeremy Harris [Sat, 16 May 2020 18:38:59 +0000 (19:38 +0100)]
Docs: options on lookups
Jeremy Harris [Sat, 16 May 2020 15:36:08 +0000 (16:36 +0100)]
Log additional command-history on too-many-syntax-errors
Jeremy Harris [Sat, 16 May 2020 12:27:43 +0000 (13:27 +0100)]
Docs: DMARC options
Andreas Metzler [Sat, 16 May 2020 12:02:17 +0000 (13:02 +0100)]
Docs: another mention of $local_part_verified
Broken-by: d8024efa36
Jeremy Harris [Fri, 15 May 2020 13:15:10 +0000 (14:15 +0100)]
Add debug for lookup ret=key
Jeremy Harris [Wed, 13 May 2020 11:15:57 +0000 (12:15 +0100)]
Debug: quieten DSN
Jeremy Harris [Tue, 12 May 2020 23:58:32 +0000 (00:58 +0100)]
Fix over-long line in DSN
Jeremy Harris [Tue, 12 May 2020 21:20:24 +0000 (22:20 +0100)]
Docs: set message after conditions in ACL verb wherever possible
= Fabian Groffen [Sat, 9 May 2020 14:06:06 +0000 (15:06 +0100)]
Fix build with Radius auth expansion condition support. Bug 2572
Jeremy Harris [Sat, 9 May 2020 14:04:17 +0000 (15:04 +0100)]
Performance: workaround Linux kernel bug
Jeremy Harris [Fri, 8 May 2020 10:47:43 +0000 (11:47 +0100)]
Docs: tweaks
Jeremy Harris [Thu, 7 May 2020 18:02:09 +0000 (19:02 +0100)]
Testsuite: unbreak testcase
Broken-by: 0006e6d8e1
Jeremy Harris [Thu, 7 May 2020 15:38:04 +0000 (16:38 +0100)]
Lookups: ret=key option