Phil Pennock [Mon, 2 Nov 2020 07:23:14 +0000 (02:23 -0500)]
Inline four often-called new functions
The BDAT state switchers should happen so often during SMTP reception that a
compiler hint to inline seems wise.
The length filter checks happen on every start-up, which for Exim is often
enough that I think an inline these is warranted too.
(cherry picked from commit
6e3d0e3f1c8228ef19a3d1ba61f131cef3172ceb)
(cherry picked from commit
6ca5fcba34070f4495a0188f16eb2e4d78f3430a)
Jeremy Harris [Sat, 31 Oct 2020 14:36:55 +0000 (14:36 +0000)]
Phil Pennock [Fri, 30 Oct 2020 03:21:36 +0000 (23:21 -0400)]
SECURITY: rework BDAT receive function handling
(cherry picked from commit
dd1b9b753bb7c42df2b8f48d726b82928b67940b)
(cherry picked from commit
96fb195ebc2eb6790e6ad6dde46d478aee62198d)
Phil Pennock [Fri, 30 Oct 2020 02:40:59 +0000 (22:40 -0400)]
SECURITY: fix SMTP verb option parsing
A boundary case in looking for an opening quote before the closing quote could
walk off the front of the buffer.
(cherry picked from commit
515d8d43a18481d23d7cf410b8dc71b4e254ebb8)
(cherry picked from commit
467948de0c407bd2bbc2e84abbbf09f35b035538)
Phil Pennock [Fri, 30 Oct 2020 01:48:05 +0000 (21:48 -0400)]
SECURITY: Avoid integer overflow on too many recipients
(cherry picked from commit
323ff55e67b44e95f9d3cfaba155e385aa33c4bd)
(cherry picked from commit
3a54fcd1e303bf1cc49beca7ceac35d7448860a9)
Phil Pennock [Fri, 30 Oct 2020 01:38:25 +0000 (21:38 -0400)]
SECURITY: default recipients_max to 50,000
A default of "unlimited" can have unfortunate consequences when people start
putting many millions of recipients on a message.
(cherry picked from commit
1d7780722a66cea8da5fa4ae0775e85d185fbf7e)
(cherry picked from commit
a6e1f69d82adcfd3caab8f228d96750dfddc8f07)
Phil Pennock [Fri, 30 Oct 2020 01:30:04 +0000 (21:30 -0400)]
SECURITY: a second negative store guard
(cherry picked from commit
706864e934c70941ce7a327f97b7649a1e5f5556)
(cherry picked from commit
9f06dcd6848052f2524658bf871c60a8d48c7dbe)
Phil Pennock [Fri, 30 Oct 2020 00:49:49 +0000 (20:49 -0400)]
SECURITY: refuse too small store allocations
Negative sizes are definitely bad.
Optimistically, I'm saying that zero is bad too. But perhaps we have something
doing that, expecting to be able to grow. In which case we'll have to amend
this.
(cherry picked from commit
1c9afcec0043e2fb72607b2addb0613763705549)
(cherry picked from commit
6f5d7e5af8eff688c36f81334e4f063689561963)
Phil Pennock [Fri, 30 Oct 2020 00:42:40 +0000 (20:42 -0400)]
SECURITY: fix Qualys CVE-2020-PFPZA
(cherry picked from commit
29d7a8c25f182c91d5d30f124f9e296dce5c018e)
(cherry picked from commit
0a6a7a3fd8464bae9ce0cf889e8eeb0bf0bab756)
Phil Pennock [Thu, 29 Oct 2020 23:00:51 +0000 (19:00 -0400)]
SECURITY: fix Qualys CVE-2020-PFPSN
(cherry picked from commit
93b6044e1636404f3463f3e1113098742e295542)
(cherry picked from commit
4e59a5d5c448e1fcdcbead268ffe6561adf0224d)
Phil Pennock [Thu, 29 Oct 2020 15:47:58 +0000 (11:47 -0400)]
SECURITY: fix Qualys CVE-2020-SLCWD
(cherry picked from commit
bf5f9d56fadf9be8d947f141d31f7e0e8fa63762)
(cherry picked from commit
6d2cfb575c95c1b81597d6b9eb2904cd695d7e4a)
Phil Pennock [Thu, 29 Oct 2020 22:40:37 +0000 (18:40 -0400)]
SECURITY: pick up more argv length checks
(cherry picked from commit
f28a6a502c7973d8844d11d4b0990d4b0359fb3f)
(cherry picked from commit
7a7136ba7f5c2db33c7e320ffd4675335c4557e5)
Phil Pennock [Thu, 29 Oct 2020 22:11:35 +0000 (18:11 -0400)]
SECURITY: length limits on many cmdline options
We'll also now abort upon, rather than silently truncate, a driver name
(router, transport, ACL, etc) encountered in the config which is longer than
the 64-char limit.
(cherry picked from commit
ff8bef9ae2370db4a7873fe2ce573a607fe6999f)
(cherry picked from commit
a8bd24b96c2027fd839f95a9e6b3282453ae288e)
Phil Pennock [Fri, 18 Sep 2020 14:25:42 +0000 (10:25 -0400)]
Re-ran the conversion of all DH parameters
I get different results now to those I got before.
Now, using gen_pkcs3 linked against OpenSSL 1.1.1f-1ubuntu2 on Focal Fossa, I
get the results below. The ffdhe2048 value now matches that at
<https://ssl-config.mozilla.org/ffdhe2048.txt>.
I ran the same code yesterday for just the ffdhe2048 item and got code which
seemed to me then to match what was already in the C file. Something hinky is
going on, perhaps with my sanity.
(the commit IDs changee because of heavy rebasing (heiko))
(cherry picked from commit
76ed8115182e2daaadb437ec9655df8000796ec5)
(cherry picked from commit
0aafa26a5d3d528e79476c91537c28936154fe04)
Simon Arlott [Thu, 24 Sep 2020 22:03:14 +0000 (23:03 +0100)]
gen_pkcs3: Terminate string before calling BH_hex2bn()
Signed-off-by: Phil Pennock <pdp@exim.org>
(cherry picked from commit
1cf66e5872d517b620c308af634e4e26e3547f06)
(cherry picked from commit
48d8c54ecf9493c709d4305850877b6062f285a7)
Phil Pennock [Fri, 30 Oct 2020 02:14:45 +0000 (22:14 -0400)]
Default config: reject on too many bad RCPT
An example exploit failed against my system, because I had this sanity guard in
place; it's not a real security fix since a careful attacker could find enough
valid recipients to hit that problem, but it highlights that this is a useful
enough pattern that we should encourage its wider use.
(cherry picked from commit
2a636a39fff29b7c3da1798767a510dfed982a62)
(cherry picked from commit
346f96bad326893f9c1fa772a5b8ac35b1f8f7bd)
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Mar 2021 06:56:59 +0000 (07:56 +0100)]
Handle SIGINT as we do with SIGTERM
(cherry picked from commit
cdc5c672e1c309294626cd5ed90acdccb05baaa1)
(cherry picked from commit
f9c8211fb0ad0dd362f471978a5e0abc5dfa71b4)
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Mar 2021 06:59:21 +0000 (07:59 +0100)]
Enforce pid_file_path start at "/"
(cherry picked from commit
60f2a8e797d9ebaea1e3eac4ad28ff64e11bab40)
(cherry picked from commit
6b3d553c733475a1033c8b7a241e6506d7ed73b1)
Heiko Schlittermann (HS12-RIPE) [Mon, 29 Mar 2021 16:17:55 +0000 (18:17 +0200)]
testsuite: tidy logs/4520 and confs/4520
This fixed 4520 failure en-passant, but I'm sure it's a timing issue
here (the order of the mainlog output lines didn't exactly match the
logs/4520)
(cherry picked from commit
95306ca61531d9d79c5dac808a5a571158acd29c)
(cherry picked from commit
0439d2e0566d64c84feaf1434e0e4a3fd8ce29b3)
Heiko Schlittermann (HS12-RIPE) [Tue, 16 Mar 2021 22:44:29 +0000 (23:44 +0100)]
Jeremy Harris [Tue, 25 May 2021 00:35:43 +0000 (01:35 +0100)]
Use separate line in Received: header for timestamp
u34 [Sun, 9 May 2021 09:34:07 +0000 (11:34 +0200)]
Docs: assorted fixes
Closes 2752
Closes 2753
Closes 2658
Closes 2659
Closes 2712
Closes 2720
Closes 2721
Closes 2722
Closes 2746
Closes 2748
Closes 2749
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Oct 2020 19:28:18 +0000 (21:28 +0200)]
Docs: typo
Heiko Schlittermann (HS12-RIPE) [Sun, 16 May 2021 17:11:19 +0000 (19:11 +0200)]
Fix host_name_lookup (Close 2747)
Thanks to Nico R for providing a reproducing configuration.
host_lookup = *
message_size_limit = ${if def:sender_host_name {32M}{32M}}
acl_smtp_connect = acl_smtp_connect
acl_smtp_rcpt = acl_smtp_rcpt
begin acl
acl_smtp_connect:
warn ratelimit = 256 / 1m / per_conn
accept
acl_smtp_rcpt:
accept hosts = 127.0.0.*
begin routers
null:
driver = accept
transport = null
begin transports
null:
driver = appendfile
file = /dev/null
Tested with
swaks -f mailbox@example.org -t mailbox@example.org --pipe 'exim -bh 127.0.0.1 -C /opt/exim/etc/exim-bug.conf'
The IP must have a PTR to "localhost." to reproduce it.
(cherry picked from commit
20812729e3e47a193a21d326ecd036d67a8b2724)
Jeremy Harris [Wed, 12 May 2021 14:01:12 +0000 (15:01 +0100)]
Named Queues: fix immediate-delivery. Bug 2743
Jeremy Harris [Tue, 11 May 2021 12:51:22 +0000 (13:51 +0100)]
OpenBSD: remove redundant platform define
Heiko Schlittermann (HS12-RIPE) [Tue, 11 May 2021 08:48:17 +0000 (10:48 +0200)]
TLS DANE to multiple recipients w/ different DNSSec status
Heiko Schlittermann (HS12-RIPE) [Mon, 3 May 2021 13:53:28 +0000 (15:53 +0200)]
Fix DANE + SNI handling (Bug 2265)
Broken in
d8e99d6047e709b35eabb1395c2046100d1a1dda
Thanks to JGH and Wolfgang Breyha for contributions.
(cherry picked from commit
e8ac8be0a3d56ba0a189fb970c339ac6e84769be)
Jeremy Harris [Sat, 8 May 2021 22:07:34 +0000 (23:07 +0100)]
DNS: Better handling of SOA when negative-caching lookups
Jeremy Harris [Wed, 5 May 2021 19:14:47 +0000 (20:14 +0100)]
wip
Jeremy Harris [Tue, 4 May 2021 15:08:18 +0000 (16:08 +0100)]
Debug: output dmarc library version
Jeremy Harris [Tue, 4 May 2021 12:06:31 +0000 (13:06 +0100)]
Fix ${ipv6norm:}
Heiko Schlittermann (HS12-RIPE) [Tue, 27 Apr 2021 07:31:49 +0000 (09:31 +0200)]
Docs: typo. Closes 2713
Jeremy Harris [Sun, 14 Mar 2021 12:54:11 +0000 (12:54 +0000)]
tidying
Jeremy Harris [Sun, 25 Apr 2021 16:24:31 +0000 (17:24 +0100)]
Testsuite: tidying
Jeremy Harris [Sun, 25 Apr 2021 12:02:01 +0000 (13:02 +0100)]
Taint: enforce untainted ACL text line
Simon Arlott [Wed, 21 Apr 2021 16:11:13 +0000 (17:11 +0100)]
Fix time usage on non-subtick-resolution platforms
Jeremy Harris [Sun, 18 Apr 2021 21:37:10 +0000 (22:37 +0100)]
Docs: note caching of auto-generated server certificate
Jeremy Harris [Sun, 18 Apr 2021 00:51:28 +0000 (01:51 +0100)]
Experimental: ESMTP LIMITS extension
Jeremy Harris [Sat, 17 Apr 2021 23:34:32 +0000 (00:34 +0100)]
Testsuite: output changes arising
Somewhere recently (possibly
3f06b9b4c7) we stopped overwriting errno;
the "Permission denied" seen now in 4520 for the ${bogus} expansion is
as expected.
Jeremy Harris [Sun, 11 Apr 2021 15:39:06 +0000 (16:39 +0100)]
Log queue_time and queue_time_overall exclusive of receive time. Bug 2672
Jeremy Harris [Wed, 14 Apr 2021 21:21:05 +0000 (22:21 +0100)]
taint: allow appendfile create_file option to specify a de-tainting safe path
Heiko Schlittermann (HS12-RIPE) [Mon, 12 Apr 2021 06:41:44 +0000 (08:41 +0200)]
Set mainlog_name and rejectlog_name unconditionally.
Jeremy Harris [Sat, 10 Apr 2021 18:36:17 +0000 (19:36 +0100)]
Logging: better tracking of continued-connection use
Jeremy Harris [Wed, 7 Apr 2021 20:34:42 +0000 (21:34 +0100)]
Pass proxy addresses/ports to continued trasnports. Bug 2710
Jeremy Harris [Mon, 5 Apr 2021 20:23:10 +0000 (21:23 +0100)]
Docs: add warning note on ${listnamed:} operator
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Apr 2021 06:24:19 +0000 (08:24 +0200)]
Docs: mention *_environment in "Misc" section"
Jeremy Harris [Mon, 5 Apr 2021 12:41:50 +0000 (13:41 +0100)]
Disable server-side close timing sophistication on MacOS
Broken-by: 001bf8f587
Jeremy Harris [Mon, 5 Apr 2021 12:06:42 +0000 (13:06 +0100)]
Docs: add example for DKIM dual-signing
Jeremy Harris [Sat, 3 Apr 2021 19:56:50 +0000 (20:56 +0100)]
TLS: harden error-detection in TLS proxy process
Jeremy Harris [Fri, 19 Mar 2021 20:42:25 +0000 (20:42 +0000)]
Make smtp_accept_max_per_connection expanded
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Apr 2021 08:55:03 +0000 (10:55 +0200)]
testsuite: fix runtest (File::Copy used in another place)
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Apr 2021 10:37:15 +0000 (12:37 +0200)]
build: Allow environment EXIM_RELEASE_VERSION
This should easy automated testing where no .git directory
is available (as is happens with git worktrees)
Setting this environment variable makes the reversion script
using it instead of searching for version.sh or using `git describe`.
Jeremy Harris [Fri, 2 Apr 2021 11:11:11 +0000 (12:11 +0100)]
Docs: clarify list-separator requirements
Jeremy Harris [Wed, 31 Mar 2021 09:44:07 +0000 (10:44 +0100)]
typoes
Heiko Schlittermann (HS12-RIPE) [Thu, 1 Apr 2021 09:33:01 +0000 (11:33 +0200)]
testsuite: provide cp() if File::Copy is too old.
Heiko Schlittermann (HS12-RIPE) [Wed, 31 Mar 2021 20:46:27 +0000 (22:46 +0200)]
testsuite: use File::Copy "cp" to copy the permissions (x-bit)
Heiko Schlittermann (HS12-RIPE) [Sun, 28 Mar 2021 17:05:10 +0000 (19:05 +0200)]
testsuite: add --fail-any option to runtest
This option makes runtest's exit status !0 on any failure in any test.
(Useful in -c mode and git-bisect)
Jeremy Harris [Sun, 28 Mar 2021 00:56:14 +0000 (00:56 +0000)]
Memory handling: fix size backoff on store-reset
Jeremy Harris [Sat, 27 Mar 2021 23:49:50 +0000 (23:49 +0000)]
Memory debug: do not try to save allocation bytes used for debug as ACL can modify debugging status
Heiko Schlittermann (HS12-RIPE) [Sat, 27 Mar 2021 11:52:18 +0000 (12:52 +0100)]
testsuite: make runtest exit(!0) on failure in continue mode
This makes it possible to use `runtest -c <xx>` for `git bisect run …`
Heiko Schlittermann (HS12-RIPE) [Sat, 27 Mar 2021 11:51:40 +0000 (12:51 +0100)]
testsuite: tidy runtest
Jeremy Harris [Sat, 27 Mar 2021 17:00:13 +0000 (17:00 +0000)]
GnuTLS: use a less bogus-looking temporary filename for DH-parameters
Jeremy Harris [Tue, 23 Mar 2021 19:43:43 +0000 (19:43 +0000)]
Avoid all tail-end pipelining on retries
Heiko Schlittermann (HS12-RIPE) [Thu, 25 Mar 2021 11:58:50 +0000 (12:58 +0100)]
Build: use PHDRS set in the toplevel Makefile
They're passed as HDRS, but the lookups/Makefile referenced the PHDRS
(which was empty)
E.g. touch src/functions.h didn't force a rebuild of the lookups.a
Jeremy Harris [Tue, 23 Mar 2021 00:39:54 +0000 (00:39 +0000)]
Avoid building routines calling other not incuded in utilities link stage
This should fix a Solaris build error probably inserted by
92583637b2
Jeremy Harris [Mon, 22 Mar 2021 21:47:42 +0000 (21:47 +0000)]
Avoid clearing first_delivery flag on the initial half of a 2-phase queue run
Jeremy Harris [Fri, 19 Mar 2021 00:44:58 +0000 (00:44 +0000)]
Builtin macros for Experimental features
Jeremy Harris [Sun, 21 Mar 2021 00:02:07 +0000 (00:02 +0000)]
DNS: explicit alloc/free of workspace
Jeremy Harris [Sat, 20 Mar 2021 22:41:50 +0000 (22:41 +0000)]
Memory debug: track max pool order, fix nonpool accounting
Jeremy Harris [Sun, 14 Mar 2021 17:45:27 +0000 (17:45 +0000)]
Memory handling: exponentially-increasing alloc size
Jeremy Harris [Sun, 14 Mar 2021 17:37:11 +0000 (17:37 +0000)]
DKIM: Force use of tainted mem for headers
Jeremy Harris [Sun, 14 Mar 2021 15:51:18 +0000 (15:51 +0000)]
Avoid needless alloc for null header
Jeremy Harris [Sun, 14 Mar 2021 17:25:11 +0000 (17:25 +0000)]
DKIM: verify using separate pool-pair, reset per message
Jeremy Harris [Fri, 19 Mar 2021 16:13:51 +0000 (16:13 +0000)]
testsuite output changes resulting
Broken-by: 649c209e19
Jeremy Harris [Wed, 17 Mar 2021 14:33:46 +0000 (14:33 +0000)]
Linux and the BSDs have getifaddrs(). Use it and save a bunch of complex coding.
Jeremy Harris [Wed, 17 Mar 2021 00:03:50 +0000 (00:03 +0000)]
testsuite output changes resulting
Broken-by: 649c209e19
Jeremy Harris [Sun, 14 Mar 2021 20:39:03 +0000 (20:39 +0000)]
Pipeline QUIT after data
Jeremy Harris [Thu, 11 Mar 2021 22:44:27 +0000 (22:44 +0000)]
Debug: tag client SMTP output with buffering qualifier
Heiko Schlittermann (HS12-RIPE) [Sun, 14 Mar 2021 11:16:57 +0000 (12:16 +0100)]
Fix error messages in dbfn_open
Jeremy Harris [Wed, 17 Feb 2021 12:40:02 +0000 (13:40 +0100)]
Doc: more explicit hinting on tls_try_verify_hosts.
Bernd Kuhls [Mon, 8 Mar 2021 12:04:34 +0000 (13:04 +0100)]
Fix uClibc build
structs.h:757:18: error: ‘NS_MAXMSG’ undeclared here (not in a function); did you mean ‘N_MASC’?
uschar answer[NS_MAXMSG]; /* the answer itself */
Jeremy Harris [Wed, 17 Feb 2021 20:00:27 +0000 (20:00 +0000)]
wip
Jeremy Harris [Sun, 7 Mar 2021 00:07:24 +0000 (00:07 +0000)]
Revert "Docs: typos"
This reverts commit
1ad20e19a669731c19852c865facabe4816ae4f9.
These are not typos; "provably" is a real word and accurate in context.
Jim Pazarena [Sat, 6 Mar 2021 23:36:27 +0000 (00:36 +0100)]
Docs: typos
Jeremy Harris [Sat, 27 Feb 2021 19:01:07 +0000 (19:01 +0000)]
Docs: fix description of hosts_try_dane. Bug 2704
Jeremy Harris [Wed, 24 Feb 2021 19:31:48 +0000 (19:31 +0000)]
Queryprogram router: call extract fn directly rather than via string-expansion
This is not only safer (vs. unexpected expansions), but more efficient
Jeremy Harris [Tue, 23 Feb 2021 17:32:04 +0000 (17:32 +0000)]
Bulid: fix DISABLE_PIPE_CONNECT build. Bug 270333
Jeremy Harris [Mon, 22 Feb 2021 21:24:01 +0000 (21:24 +0000)]
Fix list-expansion for various domainlists, having included sublist elements. Bug 2701
Jasen Betts [Mon, 22 Feb 2021 13:37:24 +0000 (13:37 +0000)]
Testsuite: fix error message. Bug 2700
Heiko Schlichting [Fri, 19 Feb 2021 11:18:04 +0000 (11:18 +0000)]
spamd: Use macro for default priority. Bug 2694
Heiko Schlichting [Fri, 19 Feb 2021 11:16:10 +0000 (11:16 +0000)]
Use random_number rather than random, for external server distribution. Bug 2694
Heiko Schlichting [Fri, 19 Feb 2021 11:14:36 +0000 (11:14 +0000)]
Fix weight calculation for socks_proxy. Bug 2694
Heiko Schlichting [Fri, 19 Feb 2021 11:11:51 +0000 (11:11 +0000)]
Fix weight calculation for spamd_address. Bug 2694
Jeremy Harris [Thu, 18 Feb 2021 22:00:46 +0000 (22:00 +0000)]
Docs: yet more on $domain_data
Jim Pazarena [Thu, 18 Feb 2021 21:23:08 +0000 (21:23 +0000)]
Docs: typo
Jeremy Harris [Thu, 18 Feb 2021 21:17:40 +0000 (21:17 +0000)]
Debugging: avoid expansion problem with foolish-length list output
Jeremy Harris [Sat, 13 Feb 2021 20:31:44 +0000 (20:31 +0000)]
Testsuite: when generating a bounce message, allow time for exec to run before before feeding the message
This is to keep debug output in similar order on different platforms
Jeremy Harris [Sat, 13 Feb 2021 17:26:14 +0000 (17:26 +0000)]
Fix build for platforms not having ulong
Jeremy Harris [Mon, 1 Feb 2021 12:51:24 +0000 (12:51 +0000)]
wip
git://git.exim.org / exim.git / log