Heiko Schlittermann (HS12-RIPE) [Sat, 30 Sep 2023 20:52:59 +0000 (22:52 +0200)]
update Changelog about security fixes
Jeremy Harris [Thu, 11 May 2023 20:08:08 +0000 (21:08 +0100)]
Auths: fix possible OOB read in SPA authenticator. Bug 3001
(cherry picked from commit
04107e98d58efb69f7e2d7b81176e5374c7098a3)
Jeremy Harris [Thu, 11 May 2023 18:31:54 +0000 (19:31 +0100)]
Auths: fix possible OOB write in SPA authenticator. Bug 3000
(cherry picked from commit
e17b8b0f19b25a223b0cc41933b881c3a1073e61)
Jeremy Harris [Thu, 11 May 2023 17:53:25 +0000 (18:53 +0100)]
Auths: use uschar more in spa authenticator
(cherry picked from commit
0519dcfb5f149154a416b54865fd8026abb57791)
Jeremy Harris [Thu, 11 May 2023 17:02:43 +0000 (18:02 +0100)]
Auths: fix possible OOB write in external authenticator. Bug 2999
(cherry picked from commit
7bb5bc2c6592e062bf0b514cc71afd2d93e2e0dd)
Jeremy Harris [Thu, 23 Jun 2022 13:41:10 +0000 (14:41 +0100)]
Docs: more indexing
Jeremy Harris [Tue, 7 Jun 2022 17:44:36 +0000 (18:44 +0100)]
Testsuite: OpenSSL version differences
Jeremy Harris [Sat, 4 Jun 2022 14:00:03 +0000 (15:00 +0100)]
tidying
Jeremy Harris [Fri, 3 Jun 2022 14:34:03 +0000 (15:34 +0100)]
SRS: avoid expanding ${srs_encode...} when guarded by ${if...}
Jeremy Harris [Fri, 27 May 2022 22:03:02 +0000 (23:03 +0100)]
Handle a v4mapped sender address given us by a proxy. Bug 2855
Jeremy Harris [Wed, 1 Jun 2022 14:06:31 +0000 (15:06 +0100)]
Unbreak DISABLE_PIPE_CONNECT build
Broken-by: b326f3a87a
Jeremy Harris [Wed, 1 Jun 2022 10:19:05 +0000 (11:19 +0100)]
SRS: fix encode operation for empty sender addresses.
Jeremy Harris [Mon, 30 May 2022 08:40:02 +0000 (09:40 +0100)]
Docs: fix host_require_helo
Broken-by: 2f8e0a5f6b
Jeremy Harris [Thu, 26 May 2022 21:31:35 +0000 (22:31 +0100)]
Fix build with DISABLE_TLS_RESUME
Jeremy Harris [Thu, 26 May 2022 19:11:43 +0000 (20:11 +0100)]
CHUNKING: handle protocol errors during reception
Jeremy Harris [Thu, 26 May 2022 12:46:08 +0000 (13:46 +0100)]
CHUNKING: fix second message on conn when first rejected
Jeremy Harris [Thu, 26 May 2022 11:10:27 +0000 (12:10 +0100)]
DEBUG: clarify multiline smtp responses
Jeremy Harris [Tue, 24 May 2022 19:27:38 +0000 (20:27 +0100)]
TLS resumption: fix for PIPECONNECT
When actively initiating a connection with PIPECONNECT, evaluate
the EHLO response for possible lbserver indication when we do
eventually reap that response, before acting on the STARTTLS response.
Jeremy Harris [Tue, 24 May 2022 11:30:14 +0000 (12:30 +0100)]
typo
Jeremy Harris [Mon, 23 May 2022 14:48:38 +0000 (15:48 +0100)]
Logging: distinguish mem-allocation errors
Jeremy Harris [Mon, 23 May 2022 11:09:43 +0000 (12:09 +0100)]
TLS resumption: disable on continued-connection
When we have an open TCP connection and are start a second TLS session
we do not have the host-lbserver string (being in a freshly exec'd
process) needed for session-cache lookup, so resumptino is not safe.
Jeremy Harris [Fri, 20 May 2022 21:38:09 +0000 (22:38 +0100)]
Docs: more info on PIPECONNECT
Jeremy Harris [Mon, 23 May 2022 13:15:15 +0000 (14:15 +0100)]
Debug: clarify SMTP DATA ops in transport
Jeremy Harris [Thu, 19 May 2022 13:24:48 +0000 (14:24 +0100)]
ARC: reset headers before signing for secondary MX. Bug 2886
Jeremy Harris [Thu, 19 May 2022 13:23:02 +0000 (14:23 +0100)]
GnuTLS: Do not free the cached creds on transport connection close. Bug 2886
Jeremy Harris [Sun, 15 May 2022 16:10:59 +0000 (17:10 +0100)]
Debug: pass ACL-initiated debug through spool residency
Jeremy Harris [Sun, 15 May 2022 11:47:30 +0000 (12:47 +0100)]
Testsuite: munge for recent GnuTLS
Jeremy Harris [Sat, 14 May 2022 19:20:21 +0000 (20:20 +0100)]
tidying
Jeremy Harris [Wed, 11 May 2022 18:42:17 +0000 (19:42 +0100)]
Revert "LibreSSL: maintain buildability on versions after 3.5.0"
Breaks Solaris builds.
This reverts commit
c0418936da7c7ec6674e6d60dac5fa33a84e0618.
Kirill Miazine [Wed, 11 May 2022 13:13:22 +0000 (14:13 +0100)]
LibreSSL: maintain buildability on versions after 3.5.0
Jeremy Harris [Mon, 9 May 2022 13:45:53 +0000 (14:45 +0100)]
Fix string_copyn() for limit greater than actual string length
Broken-by: a76d120aed
Jeremy Harris [Sun, 8 May 2022 13:01:03 +0000 (14:01 +0100)]
Docs: clarify distinction between config file and Makefile, for log_file_path. Bug 2825
Jeremy Harris [Sun, 8 May 2022 12:20:49 +0000 (13:20 +0100)]
Docs: clarify $authentication_failed. Bug 2878
Martin Preen [Sat, 7 May 2022 15:52:05 +0000 (16:52 +0100)]
Fix build with Solaris compiler
Jeremy Harris [Thu, 5 May 2022 15:22:54 +0000 (16:22 +0100)]
Fix dbmjz lookup. Bug 2884
Broken-by: 0cc804c877
Jeremy Harris [Sun, 1 May 2022 17:22:32 +0000 (18:22 +0100)]
Docs: use tables rather than displays
Jeremy Harris [Sat, 30 Apr 2022 22:57:33 +0000 (23:57 +0100)]
Taint: generate detainted $domain_data & $local_part_data from Rverify callout
Jeremy Harris [Sat, 30 Apr 2022 18:11:45 +0000 (19:11 +0100)]
Docs: index detaint methods
Jeremy Harris [Fri, 29 Apr 2022 22:29:47 +0000 (23:29 +0100)]
Docs: more warnings on use of tainted data
Jeremy Harris [Fri, 29 Apr 2022 18:59:36 +0000 (19:59 +0100)]
Docs: mark up known-tainted variables
Jeremy Harris [Mon, 25 Apr 2022 16:53:36 +0000 (17:53 +0100)]
Docs: tidy for taint-check of transport process args
Broken-by: cfe6acff2d
Jeremy Harris [Mon, 25 Apr 2022 15:27:38 +0000 (16:27 +0100)]
Fix DISABLE_EVENT build
Broken-by: ef2e5890df
Jeremy Harris [Sat, 23 Apr 2022 17:28:09 +0000 (18:28 +0100)]
Copyright updates:
vi $(git log --name-status exim-4.95..master | awk '/^M/{print $2}' | grep -v '^test/' | sort -u)
Jeremy Harris [Thu, 21 Apr 2022 19:57:44 +0000 (20:57 +0100)]
Docs: more resumption notes
Jeremy Harris [Tue, 19 Apr 2022 20:44:17 +0000 (21:44 +0100)]
exim_dumpdb: keys-only output option
Jeremy Harris [Fri, 15 Apr 2022 09:36:56 +0000 (10:36 +0100)]
TLS resumption: support Outlook hosts-behind-loadbalancer
Jeremy Harris [Wed, 13 Apr 2022 14:37:56 +0000 (15:37 +0100)]
Add string-hashing interface
Jeremy Harris [Wed, 13 Apr 2022 14:31:57 +0000 (15:31 +0100)]
typo
Jeremy Harris [Tue, 12 Apr 2022 12:27:41 +0000 (13:27 +0100)]
TLS resumption: restrict session re-use
Jeremy Harris [Sun, 10 Apr 2022 15:16:10 +0000 (16:16 +0100)]
tidying
Jeremy Harris [Sun, 10 Apr 2022 21:24:18 +0000 (22:24 +0100)]
Docs: fix description of SNI-under-DANE. Bug 2265
Jeremy Harris [Sat, 9 Apr 2022 13:47:15 +0000 (14:47 +0100)]
DKIM: clarify debug output
Jeremy Harris [Thu, 7 Apr 2022 21:25:27 +0000 (22:25 +0100)]
compiler quietening
Jeremy Harris [Thu, 7 Apr 2022 20:17:38 +0000 (21:17 +0100)]
tidying
Jeremy Harris [Thu, 7 Apr 2022 20:16:48 +0000 (21:16 +0100)]
Openssl client: ocsp stapling on resumed seesion
Jeremy Harris [Sun, 3 Apr 2022 14:29:14 +0000 (15:29 +0100)]
tidying
Jeremy Harris [Sun, 3 Apr 2022 20:37:01 +0000 (21:37 +0100)]
Support PIPECONNECT with helo_data using the local IP, when interface is known.
Jeremy Harris [Mon, 4 Apr 2022 22:12:44 +0000 (23:12 +0100)]
Testsuite: account for changed feature name
Broken-by: a375c22c1d
Jeremy Harris [Sun, 3 Apr 2022 17:10:09 +0000 (18:10 +0100)]
CHUNKING: fix availability on continued-transport
Jeremy Harris [Sun, 3 Apr 2022 15:33:40 +0000 (16:33 +0100)]
Docs: allow for multiple return from dnsdb PTR lookup
Jeremy Harris [Sat, 2 Apr 2022 06:58:36 +0000 (07:58 +0100)]
Revert "Build: remove hints-DB interface from macro-predef phase"
This reverts commit
d518c8b6721ea30a9dc3190e57157edd676234ec.
Jeremy Harris [Fri, 1 Apr 2022 20:18:16 +0000 (21:18 +0100)]
Build: remove hints-DB interface from macro-predef phase
Jeremy Harris [Fri, 1 Apr 2022 13:45:15 +0000 (14:45 +0100)]
c99 / non-gcc compatible inlineable functions
Jeremy Harris [Thu, 31 Mar 2022 17:13:12 +0000 (18:13 +0100)]
designated initializers
Jeremy Harris [Mon, 28 Mar 2022 14:22:13 +0000 (15:22 +0100)]
Compiler quietening
Jeremy Harris [Sat, 19 Mar 2022 19:11:17 +0000 (19:11 +0000)]
Tidying: explicit (de)tainting copies
Jeremy Harris [Sun, 20 Mar 2022 14:20:13 +0000 (14:20 +0000)]
Hints DB interface: convert from macros to inlinable functions.
Testing status: tdb, dbm, gdbm & ndbm build and pass testsuite.
Jeremy Harris [Thu, 24 Mar 2022 22:47:04 +0000 (22:47 +0000)]
Logging: fix crash on local_part utf8-conversion fail
Broken-by: d2f99aad04
Jeremy Harris [Sun, 27 Mar 2022 19:41:05 +0000 (20:41 +0100)]
Taintcheck transport-process arguments
Jeremy Harris [Sat, 19 Mar 2022 19:14:34 +0000 (19:14 +0000)]
Debug: build a summary string tracking transport SMTP commands & responses
Jeremy Harris [Sat, 19 Mar 2022 17:18:30 +0000 (17:18 +0000)]
BDB: specific build-time error for version 1 library
Broken-by: 990ba85353
Jeremy Harris [Sun, 13 Mar 2022 16:23:31 +0000 (16:23 +0000)]
constify
Jeremy Harris [Sun, 13 Mar 2022 16:01:52 +0000 (16:01 +0000)]
tidying
Jeremy Harris [Sun, 13 Mar 2022 15:58:07 +0000 (15:58 +0000)]
refactor
Jeremy Harris [Thu, 10 Mar 2022 15:23:26 +0000 (15:23 +0000)]
OpenSSL: track shutdown calls. Bug 2864
Jeremy Harris [Sun, 13 Mar 2022 01:02:37 +0000 (01:02 +0000)]
TDB: quieten compiler and testsuite
Jeremy Harris [Fri, 11 Mar 2022 15:54:26 +0000 (15:54 +0000)]
Set $value for match_<list-type> and inlist
Jeremy Harris [Fri, 11 Mar 2022 15:25:10 +0000 (15:25 +0000)]
tidying
Jeremy Harris [Thu, 10 Mar 2022 20:27:49 +0000 (20:27 +0000)]
Fix static address-list lookup return
Jeremy Harris [Wed, 9 Mar 2022 14:11:50 +0000 (14:11 +0000)]
Add backstop check for taint of executable name when calling exec()
Jeremy Harris [Wed, 9 Mar 2022 14:11:05 +0000 (14:11 +0000)]
tidying
Jeremy Harris [Sun, 6 Mar 2022 20:06:37 +0000 (20:06 +0000)]
Docs: markup syntax
Jeremy Harris [Sun, 6 Mar 2022 14:25:13 +0000 (14:25 +0000)]
Utilities: fix exiqgrep perl syntax, add testcases. Bug 2821
Broken-by: df618101a5
Jeremy Harris [Sat, 5 Mar 2022 15:25:37 +0000 (15:25 +0000)]
GnuTLS: fix build with older library versions
Jeremy Harris [Thu, 3 Mar 2022 22:23:42 +0000 (22:23 +0000)]
Check query strings of query-style lookups for quoting. Bug 2850
Jeremy Harris [Wed, 2 Mar 2022 17:07:27 +0000 (17:07 +0000)]
Another go at the overlong-addrs versus rewrites problem
Jeremy Harris [Tue, 1 Mar 2022 23:12:53 +0000 (23:12 +0000)]
Jeremy Harris [Tue, 1 Mar 2022 17:08:13 +0000 (17:08 +0000)]
GDBM: fix build
Jeremy Harris [Sun, 27 Feb 2022 14:27:04 +0000 (14:27 +0000)]
Testsuite: fix for ndbm
Jeremy Harris [Sun, 27 Feb 2022 22:34:55 +0000 (22:34 +0000)]
GnuTLS: TLS1.3 channel binding
Jeremy Harris [Sun, 27 Feb 2022 22:32:41 +0000 (22:32 +0000)]
AUTH GSASL SCRAM: handling of error return from library
Jeremy Harris [Sun, 27 Feb 2022 16:33:24 +0000 (16:33 +0000)]
NDBM: check for bogus name given to create call
Jeremy Harris [Sun, 27 Feb 2022 14:11:09 +0000 (14:11 +0000)]
Build: Allow Local/Makefile "USE_NDBM=y" to override OS/Makefile-*
Jeremy Harris [Sun, 27 Feb 2022 12:16:21 +0000 (12:16 +0000)]
Docs: update wrt. BDB versions
Jeremy Harris [Sat, 26 Feb 2022 22:36:59 +0000 (22:36 +0000)]
Testsuite: munge for Cyrus SASL library version output changes
Jeremy Harris [Sat, 26 Feb 2022 22:50:52 +0000 (22:50 +0000)]
Cyrus SASL: keep rejectlog output to single lines
Jeremy Harris [Sat, 26 Feb 2022 20:37:43 +0000 (20:37 +0000)]
OpenBSD: use ndbm for hints DBs
Jeremy Harris [Sat, 26 Feb 2022 16:46:14 +0000 (16:46 +0000)]
Testsuite: Output from newer GSASL library, for SCRAM-SHA-256
Jeremy Harris [Sat, 26 Feb 2022 16:40:15 +0000 (16:40 +0000)]
tidying
Jeremy Harris [Sat, 26 Feb 2022 16:36:35 +0000 (16:36 +0000)]
Remove BDB 1.x & 2.x support