Jeremy Harris [Fri, 20 Sep 2019 09:23:46 +0000 (10:23 +0100)]
Testsuite: avoid picking 0.0.0.0 as the HOSTIPV4; permit 10.0/8 apart from 10.250.0/16
Solaris leaves 0.0.0.0 lying around (for not-UP interfaces)
The suite only needs testspace under 10.250.0/16 so we can permit the ret,
making testing on many NATted 10.0/8 subnets possible.
(cherry picked from commit
5c03403d88afcde2bb3f543296b0fca6f05c9f2c)
Heiko Schlittermann (HS12-RIPE) [Fri, 6 Sep 2019 04:57:11 +0000 (06:57 +0200)]
fixup! exim_dbmbuild: handle { '\\', '\0' } sequence.
Credits to Qualys for double checking and reporting.
Heiko Schlittermann (HS12-RIPE) [Thu, 5 Sep 2019 12:56:22 +0000 (14:56 +0200)]
exim_dbmbuild: handle { '\\', '\0' } sequence.
This fix matches the change introduced for CVE-2019-15846, but
isn't considered as a security issue, exim_dbmbuild is not designed to
to run on untrusted data.
Thanks to Thomas Hoger (RedHat) for pointing out.
Jeremy Harris [Tue, 27 Aug 2019 16:44:52 +0000 (17:44 +0100)]
Fix ${domain:} for a bare local-part input. Bug 2375
Broken-by: cebd5bd2ab
(cherry picked from commit
c5b0340697326238b0e2afd9d341185077d60d35)
(cherry picked from commit
92b922fae5bbd5a70da4c5aa2f43a457842c30eb)
Bruce Lee [Tue, 30 Jul 2019 21:43:14 +0000 (22:43 +0100)]
Auth: handle socket read errors in Dovecot authenticator
(cherry picked from commit
c9f1be94cc304f0343c93b66efa41a747d307fb1)
(cherry picked from commit
4ba26a040b8765dea7134c883d046418a8b053a1)
Jeremy Harris [Sun, 28 Jul 2019 13:47:29 +0000 (14:47 +0100)]
Fix crash after TLS channel shutdown
(cherry picked from commit
bd231acd0f24e4c27c6d6885f48c24360700ec7f)
(cherry picked from commit
513adf9d59bd8d9515a3c6b9c092a2c376cc6102)
Jeremy Harris [Sat, 29 Jun 2019 18:37:57 +0000 (19:37 +0100)]
Fix bounce generation under RFC 3461 request. Bug 2411
Broken-by: ea97267cea
(cherry picked from commit
df98a6ff2e70887890690ffbf8a8ad583d7d7e38)
(cherry picked from commit
b4a37a77271a8f6efc887d68265eb7867eff6170)
(cherry picked from commit
145416c70b2e4422f0ff03f402da33a4a4db29e2)
Jeremy Harris [Wed, 26 Jun 2019 10:17:52 +0000 (11:17 +0100)]
Fix DSN Final-Recipient: field
(cherry picked from commits
436bda2ac0c4 and
98d4eb7a84)
(cherry picked from commit
6b88f51ac13b4fa834796ce12d12c55c95eacc4a)
(cherry picked from commit
ce4d8eca9d3940bb439cdb74a250090fee5538d4)
Phil Pennock [Wed, 5 Jun 2019 09:35:28 +0000 (05:35 -0400)]
Unbreak heimdal_gssapi auth driver
Commit
251b9eb46 broke heimdal_gssapi by changing the function
definition in the `.c` without changing the declaration in the `.h`.
Was part of 4.92.
Make corresponding `.h` change to reflect newer internal API.
(cherry picked from commit
6ee110613402e8562c03b4a11c3ffbdbd47bd153)
(cherry picked from commit
40fe3ea73eb7524a6143755854633ed8392d39b4)
(cherry picked from commit
171adf11d72efb4781a3028a849e0ed6e521a4fa)
Jeremy Harris [Fri, 7 Jun 2019 10:54:10 +0000 (11:54 +0100)]
Fix detection of 32b platform at build time. Bug 2405
(cherry picked from commit
26dd3aa007b3b77969610c031f59388e0953bd00)
(cherry picked from commit
da7f749864e0807f796b8fa19573484c92bdc5c2)
(cherry picked from commit
a8e52cc464c132b8c88718af4367a01538d65b5a)
Jeremy Harris [Tue, 4 Jun 2019 17:13:21 +0000 (18:13 +0100)]
Use dsn_from for success-DSN messages. Bug 2404
(cherry picked from commit
87abcb247b4444bab5fd0bcb212ddb26d5fd9191)
(cherry picked from commit
454bab46ae6812e29652d10c390451c962a6f806)
(cherry picked from commit
9eebb5a0ed51584c18af8b08a27695b806980775)
Jeremy Harris [Sun, 19 May 2019 11:12:36 +0000 (12:12 +0100)]
GnuTLS: fix the advertising of acceptable certs by the server. Bug 2389
(cherry picked from commit
12d95aa62042377fc9f603245a17a43142972447)
(cherry picked from commit
44893ba5249c6c6d5a0d62a1cc57ba3fbf7185b4)
(cherry picked from commit
7eb6988c118847820de130c9317f851983e0ba8b)
Jeremy Harris [Fri, 10 May 2019 14:35:58 +0000 (15:35 +0100)]
Fix listing a named queue by a non-admin user. Bug 2398
(cherry picked from commit
e5903596a0)
(cherry picked from commit
affc23f0d27bfbca773094146d7e62872ed2895b)
(cherry picked from commit
772e1c684e79465df71157cdccc57739bb841cae)
Jeremy Harris [Tue, 7 May 2019 21:55:41 +0000 (22:55 +0100)]
GnuTLS: fix $tls_out_ocsp under hosts_request_ocsp
(cherry picked from commit
7a501c874f028f689c44999ab05bb0d39da46941)
(cherry picked from commit
5e64b73ef7cdaf20b998b3345a588b462fd30bfb)
(cherry picked from commit
31700e5410af3d27654ff0a32c20d30b1a1e10c3)
Jeremy Harris [Fri, 26 Apr 2019 10:16:47 +0000 (11:16 +0100)]
Testsuite: GnuTLS version variances
(cherry picked from commit
e20c4072da517616060d7a6e899b42f65ded4fb0)
(cherry picked from commit
4a7269057fc3bfcb5b19376725431610407e67bc)
(cherry picked from commit
d1e5e96dd46f68ee04eb27995c026d5f9ae226f6)
Jeremy Harris [Thu, 25 Apr 2019 17:41:52 +0000 (18:41 +0100)]
Testsuite: avoid recent-perl feature use
(cherry picked from commit
6010e708237477b8fab5fbed0a972a937d89fc56)
(cherry picked from commit
d4e985be7a3789aa84fb51a0523fc13c7cdff889)
(cherry picked from commit
904909a0f772b918d3ea4fcb600a7b4d6b647bdf)
Jeremy Harris [Thu, 25 Apr 2019 17:24:33 +0000 (18:24 +0100)]
GnuTLS 3.6.7 cipher strings
(cherry picked from commits
d9acfc1ce6,
57eb2f6463,
b9c6f63cd5)
WARNING: This changes user-visible and configuration-visible behaviour.
Read the ChangeLog!
(cherry picked from commit
656b804e099a4704bd6071241a85bc1e0cc85887)
(cherry picked from commit
bf9375eaa85bfa0dbb973aa03accbe5f21808732)
Jeremy Harris [Thu, 25 Apr 2019 09:35:18 +0000 (10:35 +0100)]
Testsuite: output changes resulting
Broken-by: 67ea939cf0
(cherry picked from commit
42e0d3fe36ac7270609a3389f5204a252bcf7d79)
(cherry picked from commit
62e8cac93cff841d8d657363ece7a4367ccc94b3)
(cherry picked from commit
abcd3b69cb147bb6206d5a7013b27909c1e0288a)
Heiko Schlittermann (HS12-RIPE) [Fri, 12 Apr 2019 14:16:57 +0000 (16:16 +0200)]
Docs: Remove GNUmake idioms from Makefile, give power to "mv"
On at least one *BSD system, /tmp is owned by root:wheel and
files created there are owned by <creator>:wheel. The following
mv /tmp/<tmpfile> to an existing file with other permissions fails
for the non-privileged user.
This cherry was picked just for the sake of some build farm animals.
(cherry picked from commit
efab32198fdf1a469b2d8b28dcf264d6fc7b8e65)
(cherry picked from commit
8120bdf12e2008621c0a3c4f965075528a0b0005)
Jeremy Harris [Thu, 4 Apr 2019 13:33:28 +0000 (14:33 +0100)]
SPF: better buld compatibility with OpenBSD
(cherry picked from commit
bda76da8a9357f4fc525b5f8b925fae262c28010)
(cherry picked from commit
804219086fe9afbc1429c309e339524aaaabcec1)
(cherry picked from commit
c26e27d5b81ed5640c00ee87f1d4287fb066dc12)
Jeremy Harris [Fri, 5 Apr 2019 12:38:54 +0000 (13:38 +0100)]
Fix build with recent LibreSSL, when including DANE. Bug 2386
(cherry picked from commit
c19ab167ac and
1fbf41cdf6
(cherry picked from commit
0d82437ff97668a34a67b4ba398d1294ec016d3a)
(cherry picked from commit
09cc73f04332f420e07f4bc8bb2e2466c2460067)
Jeremy Harris [Fri, 22 Mar 2019 15:00:23 +0000 (15:00 +0000)]
Fix "-bP smtp_receive_timeout". Bug 2384
(cherry picked from commit
e6024a5e9e193f559508d05ee401ae8f7f3c25ae)
(cherry picked from commit
2cf1c24f203b3995cfa4434907cff05917a55c90)
(cherry picked from commit
9cfb6ebeb68fcefc83e261cff036aaf444d7d4c5)
Jeremy Harris [Thu, 21 Mar 2019 20:01:03 +0000 (20:01 +0000)]
Harden plaintext authenticator
Cherry-picked from:
f9fc942757
(cherry picked from commit
e5b942ae007d0533fbd599c64d550f3a8355b940)
(cherry picked from commit
7556111f007c98f11adfa27c492d73b775886d9d)
Jeremy Harris [Tue, 19 Mar 2019 15:33:31 +0000 (15:33 +0000)]
OpenSSL: Fix aggregation of messages.
Broken-by: a5ffa9b475
(cherry picked from commit
c09dbcfb71f4b9a42cbfd8a20e0be6bfa1b12488)
(cherry picked from commit
332ebeaf8139b2b75f475880fc14b63c7c45c706)
(cherry picked from commit
1bd4207a399775cf842607930e76c14ac54327df)
Jeremy Harris [Mon, 18 Mar 2019 00:31:43 +0000 (00:31 +0000)]
Logging: fix initial listening-on log line
(cherry picked from commit
254f38d1c5ada5e4df0bccb385dc466549620c71)
(cherry picked from commit
e5be948a65fe601024e5d4256f64efbfed3dd72e)
(cherry picked from commit
8b81ffe198b36c7d3dcaa1697ab71eefa78946ed)
Jeremy Harris [Thu, 14 Mar 2019 12:26:34 +0000 (12:26 +0000)]
Fix crash from SRV lookup hitting a CNAME
(cherry picked from commit
14bc9cf085aff7bd5147881e5b7068769a29b026)
(cherry picked from commit
09720dd9506176294154dad7152f5f40554046a4)
(cherry picked from commit
a189eb636256833f3053d8f2fbb95e51dc0f936c)
Jeremy Harris [Tue, 19 Feb 2019 14:45:27 +0000 (14:45 +0000)]
Docs: Add note on lsearch for IPv4-mapped IPv6 addresses
Cherry-picked from:
52af443324,
c77d3d85fe
(cherry picked from commit
8dde16b89efe2138f92cbfa6c59fb31dc80ec22a)
(cherry picked from commit
a457174087afff3685856e295bd8ffcfefe0e05e)
Jasen Betts [Mon, 18 Feb 2019 13:52:16 +0000 (13:52 +0000)]
Fix expansions for RFC 822 addresses having comments in local-part and/or domain. Bug 2375
(cherry picked from commit
e2ff8e24f41caca3623228b1ec66a3f3961ecad6)
(cherry picked from commit
f634b80846cc7ffcab65c9855bcb35312f0232e8)
(cherry picked from commit
cebd5bd2ab84c7815a9b99c0f0f16e829af7b4bc)
Jeremy Harris [Sat, 16 Feb 2019 12:59:23 +0000 (12:59 +0000)]
GnuTLS: Fix client detection of server reject of client cert under TLS1.3
(cherry picked from commit
fc243e944ec00b59b75f41d07494116f925d58b4)
(cherry picked from commit
c15523829ba17cce5829e2976aa1ff928965d948)
(cherry picked from commit
c18e2c3b059f6bfd1c6e9a65ffc8243a4d8034fe)
Jeremy Harris [Sat, 16 Feb 2019 15:47:52 +0000 (15:47 +0000)]
Testsuite: tidying GnuTLS with TLS1.3
Cherry-picked from:
826cb8c29c,
cbe4bbb27e,
b2ba9267ab
(cherry picked from commit
a74adba5fb9459ea7483a5e358d87446e159373b)
(cherry picked from commit
dbf07025c150e23e3e1f4c6a382a511a2d5c5270)
Jeremy Harris [Thu, 14 Feb 2019 17:14:34 +0000 (17:14 +0000)]
Fix info on using local_scan() in the default Makefile
Broken-by: 9723f96673
(cherry picked from commit
882bc1704d33aa34873e3a0f72e657b0cc2985e5)
(cherry picked from commit
cb25b75af850d664fc005d24fbad0e58bf79d4c7)
(cherry picked from commit
2c7c4a9c23950044507a78956ca2c23f9c6a9491)
Jeremy Harris [Thu, 14 Feb 2019 16:44:46 +0000 (16:44 +0000)]
Jeremy Harris [Tue, 12 Feb 2019 16:52:51 +0000 (16:52 +0000)]
Fix transport buffer size handling
Broken-by: 59932f7dcd
(cherry picked from commit
05bf16f6217e93594929c8bbbbbc852caf3ed374)
(cherry picked from commit
1cfa7822ca8928f95160df8742af11fff888ae7e)
(cherry picked from commit
0654d3440d8735221a58f96f5343fbe243171711)
Jeremy Harris [Sun, 10 Feb 2019 20:25:59 +0000 (20:25 +0000)]
Testsuite: account for (now) properly working Perl locale
(cherry picked from commit
efc8902f16c92a74d06870f2556cb36c84dd4d93)
(cherry picked from commit
ec8db648d3af8af2d9e6cbd4896159235c0f1e49)
(cherry picked from commit
a8761d62664f96259d815ab84a7a734829972fb3)
Jeremy Harris [Sat, 9 Feb 2019 16:56:59 +0000 (16:56 +0000)]
Fix json extract operator for unfound case
(cherry picked from commit
e73798976812e652320f096870359ef35ed069ff)
(cherry picked from commit
b2734f7b45111f9b7de790c7b334a2ece47675b5)
(cherry picked from commit
b88b6f6f3a29b70cd0b314da8ceab18b0b34eed6)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Aug 2019 12:45:48 +0000 (14:45 +0200)]
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements
Heiko Schlittermann (HS12-RIPE) [Sun, 21 Jul 2019 20:58:13 +0000 (22:58 +0200)]
Update security contact
Heiko Schlittermann (HS12-RIPE) [Sat, 20 Jul 2019 09:43:49 +0000 (11:43 +0200)]
Add security postings for future reference
Jeremy Harris [Fri, 5 Jul 2019 14:38:15 +0000 (15:38 +0100)]
Avoid re-expansion in ${sort } CVE-2019-13917 OVE-
20190718-0006
(cherry picked from commit
5c887f836e4d8e3f79da1c15565b56b40d9bd0dd)
Mad Alex [Wed, 30 Jan 2019 13:57:36 +0000 (13:57 +0000)]
Fix dkim_verify_signers option. Bug 2366
Testsuite coverage by jgh.
Broken-by: d342446f29
Jeremy Harris [Tue, 29 Jan 2019 15:27:26 +0000 (15:27 +0000)]
Docs: clarify quoting for $pipe_addresses
The texinfo output version has single-quotes round a variable,
so the sentence saying "precisely the text" was difficult to
interpret.
Odihambo Washington [Tue, 29 Jan 2019 11:10:26 +0000 (11:10 +0000)]
Docs: correct spamd port
Heiko Schlittermann (HS12-RIPE) [Sun, 27 Jan 2019 18:53:31 +0000 (19:53 +0100)]
configure.default: spacing, de-tabbing
Jeremy Harris [Sat, 12 Jan 2019 20:47:23 +0000 (20:47 +0000)]
Add basic framework for PRDR use with per-user content filters to example config.
Mostly commented-out and with dummy lookups since we do not know what sorts
of filtering may be employed.
(cherry picked from commit
b220576b3ba5396af6b3e0f45739f269079f8fc5)
Heiko Schlittermann (HS12-RIPE) [Tue, 22 Jan 2019 21:33:47 +0000 (22:33 +0100)]
mk_exim_release: tidy
Jeremy Harris [Thu, 24 Jan 2019 21:35:22 +0000 (21:35 +0000)]
Docs: crossref list-separator changing
Jeremy Harris [Thu, 24 Jan 2019 21:21:29 +0000 (21:21 +0000)]
Docs: crossref dlfunc API
Jeremy Harris [Thu, 10 Jan 2019 21:15:11 +0000 (21:15 +0000)]
More checks on header line length during reception
Jeremy Harris [Sat, 5 Jan 2019 19:11:18 +0000 (19:11 +0000)]
Docs: tweak TLS authenticator chapter
Jeremy Harris [Fri, 4 Jan 2019 11:29:19 +0000 (11:29 +0000)]
Docs: missing options
Broken-by: b3ef41c94a
Jeremy Harris [Thu, 3 Jan 2019 21:20:33 +0000 (21:20 +0000)]
Docs: tweak new-drivers chapter
Jeremy Harris [Mon, 31 Dec 2018 13:58:26 +0000 (13:58 +0000)]
PIPE_CONNECT: fix feature-cache refresh
Jeremy Harris [Fri, 28 Dec 2018 20:40:33 +0000 (20:40 +0000)]
Docs: clarify logging from filter
Heiko Schlittermann (HS12-RIPE) [Wed, 26 Dec 2018 11:04:29 +0000 (12:04 +0100)]
Update Changelog for GnuTLS and TLS 1.3 Bug 2359
Fix is in
4896a3192ffac48885347460377edcd893eb9600
Andreas Metzler [Mon, 24 Dec 2018 16:11:41 +0000 (16:11 +0000)]
GnuTLS: repeat lowlevel read and write operations while they request retry
(cherry picked from commit
06faf21f3a84a3ac4aa4f7b1512087423d8c8541)
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Dec 2018 19:38:42 +0000 (20:38 +0100)]
mk_exim_release: more perlish
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Dec 2018 18:17:12 +0000 (19:17 +0100)]
mk_exim_release: integrate signing and checksumming
Jeremy Harris [Sat, 22 Dec 2018 13:36:07 +0000 (13:36 +0000)]
DKIM: better debug for key/signature size mismatch
Jeremy Harris [Fri, 21 Dec 2018 15:36:42 +0000 (15:36 +0000)]
OpenSSL: clear any leftover errors from the stack after SSL_accept succeeds
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 22:06:38 +0000 (23:06 +0100)]
mk_exim_release: output an useful error message when used for older versions
Older releases can't be built with the newer mk_exim_release script,
as there are interdependencies with scripts/reversion and version.sh
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:40:53 +0000 (22:40 +0100)]
Recent commit is thanks to Josh Soref
I managed to drop his name, sorry for that.
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:25:23 +0000 (22:25 +0100)]
Grammar changes in docs
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:11:52 +0000 (22:11 +0100)]
Fix copyright year and exim website URL schema
klemens [Sun, 16 Apr 2017 18:49:32 +0000 (20:49 +0200)]
spelling fixes
Jeremy Harris [Thu, 20 Dec 2018 17:48:52 +0000 (17:48 +0000)]
Docs: tweaks
Phil Pennock [Wed, 19 Dec 2018 00:41:06 +0000 (19:41 -0500)]
Default config: use ROUTER_SMARTHOST macro; document
Work around the `$host` vs CNAME issue for now by re-specifying the
`tls_sni` value on the example `smarthost_smtp` transport, using the
same macro which we use to turn on use of a smarthost.
Uncomment both dnslookup and smarthost routers by default and let the
macro choose between them.
Bring the documentation of the default configuration closer to
up-to-date, on this issue and others which I spotted while in there.
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 15:19:11 +0000 (16:19 +0100)]
stats_for_email: Do not auto-select the release directory
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 14:06:00 +0000 (15:06 +0100)]
Re-create test/configure script
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 14:03:46 +0000 (15:03 +0100)]
Update Changelog for Bug 2351
Jeremy Harris [Sun, 16 Dec 2018 16:33:32 +0000 (16:33 +0000)]
Log failures to extract envelope addresses from message headers. Bug 2351
(cherry picked from commit
60c02b350a7d325e64ae0a656cfd37a9fbd162a7)
Phil Pennock [Sun, 16 Dec 2018 09:29:30 +0000 (04:29 -0500)]
doc: gsasl: be clearer that server-side only
Jeremy Harris [Sat, 15 Dec 2018 14:25:09 +0000 (14:25 +0000)]
Fix build with content-scan enabled but all malware types disabled
Jeremy Harris [Fri, 14 Dec 2018 14:03:18 +0000 (14:03 +0000)]
Fix parsing of option type Kint (integer, stored in K). Bug 2348
Broken-by: a45431fa71
Heiko Schlittermann (HS12-RIPE) [Thu, 13 Dec 2018 21:48:08 +0000 (22:48 +0100)]
sign_exim_package: do not auto-select the packages directory
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Feb 2018 23:13:40 +0000 (00:13 +0100)]
mk_exim_release: rework for dotted release scheme
Heiko Schlittermann (HS12-RIPE) [Mon, 3 Dec 2018 15:44:35 +0000 (16:44 +0100)]
reversion: Adapt to dotted release scheme
Heiko Schlittermann (HS12-RIPE) [Mon, 3 Dec 2018 15:44:05 +0000 (16:44 +0100)]
reversion: tidy
Jeremy Harris [Thu, 6 Dec 2018 20:04:29 +0000 (20:04 +0000)]
Docs: SPF lookup type
Jeremy Harris [Wed, 5 Dec 2018 16:09:01 +0000 (16:09 +0000)]
Send delay-MDN for any queurun past delay_warning, even if not retry time yet. Bug 2341
Jeremy Harris [Sun, 2 Dec 2018 01:27:51 +0000 (01:27 +0000)]
tidying
Jeremy Harris [Sun, 2 Dec 2018 00:29:41 +0000 (00:29 +0000)]
More debug in smtp transport
Jeremy Harris [Sat, 1 Dec 2018 16:55:26 +0000 (16:55 +0000)]
Logging: outgoing_port on temporary errors for non-last hosts
Also show nonstandard ports in process info for exiwhat
Jeremy Harris [Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)]
Harden string-list handling
Jeremy Harris [Thu, 29 Nov 2018 20:46:46 +0000 (20:46 +0000)]
Testsuite: handle change in GnuTLS cert preference
Jeremy Harris [Thu, 29 Nov 2018 19:52:39 +0000 (19:52 +0000)]
Testsuite: output changes resulting
Broken-by: a7a1ad1447
Jeremy Harris [Thu, 29 Nov 2018 10:01:52 +0000 (10:01 +0000)]
GnuTLS: fix build with older libraries
Broken-by: 6aac3239b4
Jeremy Harris [Tue, 27 Nov 2018 23:06:16 +0000 (23:06 +0000)]
Testsuite: regenerate CA trees with 2048-bit keys
This is to support RHEL 8.0 where OpenSSL dislikes 1024
Jeremy Harris [Wed, 28 Nov 2018 20:54:53 +0000 (20:54 +0000)]
OpenSSL: fail the handshake when SNI processing hits a problem
Jeremy Harris [Wed, 28 Nov 2018 19:45:24 +0000 (19:45 +0000)]
TLS: Increase RSA keysize of autogen selfsign cert
Jeremy Harris [Tue, 27 Nov 2018 20:50:28 +0000 (20:50 +0000)]
Testsuite: switch ciphersuite use
This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA
nor any of the CHACHA20s, but does support DHE Kx + CAMELIA.
All we really wanted was something distinguishable from default
(which is commonly ECDHE-RSA-AUE256-GCM-SHA).
Jeremy Harris [Sun, 25 Nov 2018 21:58:54 +0000 (21:58 +0000)]
Testsuite: ignore OCSP option output; fixes runs on non-OCSP builds
Jeremy Harris [Sat, 24 Nov 2018 15:37:54 +0000 (15:37 +0000)]
Fix AUTH_GSASL build
Jeremy Harris [Fri, 23 Nov 2018 23:55:36 +0000 (23:55 +0000)]
Avoid leaving $domain live with bogus info, during server connection startup
Recent efforts to reduce string-copy ops while also avoiding using excessive memory
tripped a check on freeing the still-live variable. It is unclear why the variable
was set anyway, even though commented. The use was introduced between Exim 3.36 and 4.0
Phil Pennock [Thu, 22 Nov 2018 02:07:49 +0000 (21:07 -0500)]
nit (typo fix; docs)
Jeremy Harris [Wed, 21 Nov 2018 08:30:20 +0000 (08:30 +0000)]
Fix cyrus-sasl authenticator for $authenticated_fail_id. Bug 2338
Relabel for commit
c0fb53b74e which which had a typo in the commit message.
Jeremy Harris [Wed, 21 Nov 2018 00:50:38 +0000 (00:50 +0000)]
Fix cyrus-sasl authenticator for $authenticated_fail_id. Bug 2238
Jeremy Harris [Tue, 20 Nov 2018 21:42:48 +0000 (21:42 +0000)]
Docs: more on $authenticated_fail_id
Jeremy Harris [Sun, 18 Nov 2018 22:11:35 +0000 (22:11 +0000)]
Testsuite: document noisy-comment script commands
Jeremy Harris [Sun, 18 Nov 2018 17:27:38 +0000 (17:27 +0000)]
Docs: add note on manualroute route-lists
Jeremy Harris [Sun, 18 Nov 2018 16:45:44 +0000 (16:45 +0000)]
Docs: indexing of retry final-cutoff