exim.git
13 months agoTestsuite: Add testcases for string_is_ip_address (CVE-2023-42117)
Heiko Schlittermann (HS12-RIPE) [Sat, 7 Oct 2023 11:07:59 +0000 (13:07 +0200)]
Testsuite: Add testcases for string_is_ip_address (CVE-2023-42117)

13 months agoupdate Changelog about security fixes exim-4.96.1
Heiko Schlittermann (HS12-RIPE) [Sat, 30 Sep 2023 20:52:59 +0000 (22:52 +0200)]
update Changelog about security fixes

13 months agoAuths: fix possible OOB read in SPA authenticator. Bug 3001
Jeremy Harris [Thu, 11 May 2023 20:08:08 +0000 (21:08 +0100)]
Auths: fix possible OOB read in SPA authenticator.  Bug 3001

(cherry picked from commit 04107e98d58efb69f7e2d7b81176e5374c7098a3)

13 months agoAuths: fix possible OOB write in SPA authenticator. Bug 3000
Jeremy Harris [Thu, 11 May 2023 18:31:54 +0000 (19:31 +0100)]
Auths: fix possible OOB write in SPA authenticator.  Bug 3000

(cherry picked from commit e17b8b0f19b25a223b0cc41933b881c3a1073e61)

13 months agoAuths: use uschar more in spa authenticator
Jeremy Harris [Thu, 11 May 2023 17:53:25 +0000 (18:53 +0100)]
Auths: use uschar more in spa authenticator

(cherry picked from commit 0519dcfb5f149154a416b54865fd8026abb57791)

13 months agoAuths: fix possible OOB write in external authenticator. Bug 2999
Jeremy Harris [Thu, 11 May 2023 17:02:43 +0000 (18:02 +0100)]
Auths: fix possible OOB write in external authenticator.  Bug 2999

(cherry picked from commit 7bb5bc2c6592e062bf0b514cc71afd2d93e2e0dd)

2 years agoDocs: more indexing exim-4.96
Jeremy Harris [Thu, 23 Jun 2022 13:41:10 +0000 (14:41 +0100)]
Docs: more indexing

2 years agoTestsuite: OpenSSL version differences exim-4.96-RC2
Jeremy Harris [Tue, 7 Jun 2022 17:44:36 +0000 (18:44 +0100)]
Testsuite: OpenSSL version differences

2 years agotidying
Jeremy Harris [Sat, 4 Jun 2022 14:00:03 +0000 (15:00 +0100)]
tidying

2 years agoSRS: avoid expanding ${srs_encode...} when guarded by ${if...}
Jeremy Harris [Fri, 3 Jun 2022 14:34:03 +0000 (15:34 +0100)]
SRS: avoid expanding ${srs_encode...} when guarded by ${if...}

2 years agoHandle a v4mapped sender address given us by a proxy. Bug 2855
Jeremy Harris [Fri, 27 May 2022 22:03:02 +0000 (23:03 +0100)]
Handle a v4mapped sender address given us by a proxy.  Bug 2855

2 years agoUnbreak DISABLE_PIPE_CONNECT build
Jeremy Harris [Wed, 1 Jun 2022 14:06:31 +0000 (15:06 +0100)]
Unbreak DISABLE_PIPE_CONNECT build

Broken-by: b326f3a87a
2 years agoSRS: fix encode operation for empty sender addresses.
Jeremy Harris [Wed, 1 Jun 2022 10:19:05 +0000 (11:19 +0100)]
SRS: fix encode operation for empty sender addresses.

2 years agoDocs: fix host_require_helo
Jeremy Harris [Mon, 30 May 2022 08:40:02 +0000 (09:40 +0100)]
Docs: fix host_require_helo

Broken-by: 2f8e0a5f6b
2 years agoFix build with DISABLE_TLS_RESUME
Jeremy Harris [Thu, 26 May 2022 21:31:35 +0000 (22:31 +0100)]
Fix build with DISABLE_TLS_RESUME

2 years agoCHUNKING: handle protocol errors during reception
Jeremy Harris [Thu, 26 May 2022 19:11:43 +0000 (20:11 +0100)]
CHUNKING: handle protocol errors during reception

2 years agoCHUNKING: fix second message on conn when first rejected
Jeremy Harris [Thu, 26 May 2022 12:46:08 +0000 (13:46 +0100)]
CHUNKING: fix second message on conn when first rejected

2 years agoDEBUG: clarify multiline smtp responses
Jeremy Harris [Thu, 26 May 2022 11:10:27 +0000 (12:10 +0100)]
DEBUG: clarify multiline smtp responses

2 years agoTLS resumption: fix for PIPECONNECT
Jeremy Harris [Tue, 24 May 2022 19:27:38 +0000 (20:27 +0100)]
TLS resumption: fix for PIPECONNECT

When actively initiating a connection with PIPECONNECT, evaluate
the EHLO response for possible lbserver indication when we do
eventually reap that response, before acting on the STARTTLS response.

2 years agotypo
Jeremy Harris [Tue, 24 May 2022 11:30:14 +0000 (12:30 +0100)]
typo

2 years agoLogging: distinguish mem-allocation errors
Jeremy Harris [Mon, 23 May 2022 14:48:38 +0000 (15:48 +0100)]
Logging: distinguish mem-allocation errors

2 years agoTLS resumption: disable on continued-connection
Jeremy Harris [Mon, 23 May 2022 11:09:43 +0000 (12:09 +0100)]
TLS resumption: disable on continued-connection

When we have an open TCP connection and are start a second TLS session
we do not have the host-lbserver string (being in a freshly exec'd
process) needed for session-cache lookup, so resumptino is not safe.

2 years agoDocs: more info on PIPECONNECT
Jeremy Harris [Fri, 20 May 2022 21:38:09 +0000 (22:38 +0100)]
Docs: more info on PIPECONNECT

2 years agoDebug: clarify SMTP DATA ops in transport
Jeremy Harris [Mon, 23 May 2022 13:15:15 +0000 (14:15 +0100)]
Debug: clarify SMTP DATA ops in transport

2 years agoARC: reset headers before signing for secondary MX. Bug 2886
Jeremy Harris [Thu, 19 May 2022 13:24:48 +0000 (14:24 +0100)]
ARC: reset headers before signing for secondary MX.  Bug 2886

2 years agoGnuTLS: Do not free the cached creds on transport connection close. Bug 2886
Jeremy Harris [Thu, 19 May 2022 13:23:02 +0000 (14:23 +0100)]
GnuTLS: Do not free the cached creds on transport connection close.  Bug 2886

2 years ago Debug: pass ACL-initiated debug through spool residency exim-4.96-RC1
Jeremy Harris [Sun, 15 May 2022 16:10:59 +0000 (17:10 +0100)]
Debug: pass ACL-initiated debug through spool residency

2 years agoTestsuite: munge for recent GnuTLS
Jeremy Harris [Sun, 15 May 2022 11:47:30 +0000 (12:47 +0100)]
Testsuite: munge for recent GnuTLS

2 years agotidying
Jeremy Harris [Sat, 14 May 2022 19:20:21 +0000 (20:20 +0100)]
tidying

2 years agoRevert "LibreSSL: maintain buildability on versions after 3.5.0"
Jeremy Harris [Wed, 11 May 2022 18:42:17 +0000 (19:42 +0100)]
Revert "LibreSSL: maintain buildability on versions after 3.5.0"
Breaks Solaris builds.

This reverts commit c0418936da7c7ec6674e6d60dac5fa33a84e0618.

2 years agoLibreSSL: maintain buildability on versions after 3.5.0
Kirill Miazine [Wed, 11 May 2022 13:13:22 +0000 (14:13 +0100)]
LibreSSL: maintain buildability on versions after 3.5.0

2 years agoFix string_copyn() for limit greater than actual string length
Jeremy Harris [Mon, 9 May 2022 13:45:53 +0000 (14:45 +0100)]
Fix string_copyn() for limit greater than actual string length

Broken-by: a76d120aed
2 years agoDocs: clarify distinction between config file and Makefile, for log_file_path. Bug...
Jeremy Harris [Sun, 8 May 2022 13:01:03 +0000 (14:01 +0100)]
Docs: clarify distinction between config file and Makefile, for log_file_path.  Bug 2825

2 years agoDocs: clarify $authentication_failed. Bug 2878
Jeremy Harris [Sun, 8 May 2022 12:20:49 +0000 (13:20 +0100)]
Docs: clarify $authentication_failed.  Bug 2878

2 years agoFix build with Solaris compiler
Martin Preen [Sat, 7 May 2022 15:52:05 +0000 (16:52 +0100)]
Fix build with Solaris compiler

2 years agoFix dbmjz lookup. Bug 2884
Jeremy Harris [Thu, 5 May 2022 15:22:54 +0000 (16:22 +0100)]
Fix dbmjz lookup.  Bug 2884

Broken-by: 0cc804c877
2 years agoDocs: use tables rather than displays
Jeremy Harris [Sun, 1 May 2022 17:22:32 +0000 (18:22 +0100)]
Docs: use tables rather than displays

2 years agoTaint: generate detainted $domain_data & $local_part_data from Rverify callout
Jeremy Harris [Sat, 30 Apr 2022 22:57:33 +0000 (23:57 +0100)]
Taint: generate detainted $domain_data & $local_part_data from Rverify callout

2 years agoDocs: index detaint methods
Jeremy Harris [Sat, 30 Apr 2022 18:11:45 +0000 (19:11 +0100)]
Docs: index detaint methods

2 years agoDocs: more warnings on use of tainted data
Jeremy Harris [Fri, 29 Apr 2022 22:29:47 +0000 (23:29 +0100)]
Docs: more warnings on use of tainted data

2 years agoDocs: mark up known-tainted variables
Jeremy Harris [Fri, 29 Apr 2022 18:59:36 +0000 (19:59 +0100)]
Docs: mark up known-tainted variables

2 years agoDocs: tidy for taint-check of transport process args
Jeremy Harris [Mon, 25 Apr 2022 16:53:36 +0000 (17:53 +0100)]
Docs: tidy for taint-check of transport process args

Broken-by: cfe6acff2d
2 years agoFix DISABLE_EVENT build
Jeremy Harris [Mon, 25 Apr 2022 15:27:38 +0000 (16:27 +0100)]
Fix DISABLE_EVENT build

Broken-by: ef2e5890df
2 years agoCopyright updates: exim-4.96-RC0
Jeremy Harris [Sat, 23 Apr 2022 17:28:09 +0000 (18:28 +0100)]
Copyright updates:

vi $(git log --name-status exim-4.95..master | awk '/^M/{print $2}' | grep -v '^test/' | sort -u)

2 years agoDocs: more resumption notes
Jeremy Harris [Thu, 21 Apr 2022 19:57:44 +0000 (20:57 +0100)]
Docs: more resumption notes

2 years agoexim_dumpdb: keys-only output option
Jeremy Harris [Tue, 19 Apr 2022 20:44:17 +0000 (21:44 +0100)]
exim_dumpdb: keys-only output option

2 years agoTLS resumption: support Outlook hosts-behind-loadbalancer
Jeremy Harris [Fri, 15 Apr 2022 09:36:56 +0000 (10:36 +0100)]
TLS resumption: support Outlook hosts-behind-loadbalancer

2 years agoAdd string-hashing interface
Jeremy Harris [Wed, 13 Apr 2022 14:37:56 +0000 (15:37 +0100)]
Add string-hashing interface

2 years agotypo
Jeremy Harris [Wed, 13 Apr 2022 14:31:57 +0000 (15:31 +0100)]
typo

2 years agoTLS resumption: restrict session re-use
Jeremy Harris [Tue, 12 Apr 2022 12:27:41 +0000 (13:27 +0100)]
TLS resumption: restrict session re-use

2 years agotidying
Jeremy Harris [Sun, 10 Apr 2022 15:16:10 +0000 (16:16 +0100)]
tidying

2 years agoDocs: fix description of SNI-under-DANE. Bug 2265
Jeremy Harris [Sun, 10 Apr 2022 21:24:18 +0000 (22:24 +0100)]
Docs: fix description of SNI-under-DANE.  Bug 2265

2 years agoDKIM: clarify debug output
Jeremy Harris [Sat, 9 Apr 2022 13:47:15 +0000 (14:47 +0100)]
DKIM: clarify debug output

2 years agocompiler quietening
Jeremy Harris [Thu, 7 Apr 2022 21:25:27 +0000 (22:25 +0100)]
compiler quietening

2 years agotidying
Jeremy Harris [Thu, 7 Apr 2022 20:17:38 +0000 (21:17 +0100)]
tidying

2 years agoOpenssl client: ocsp stapling on resumed seesion
Jeremy Harris [Thu, 7 Apr 2022 20:16:48 +0000 (21:16 +0100)]
Openssl client: ocsp stapling on resumed seesion

2 years agotidying
Jeremy Harris [Sun, 3 Apr 2022 14:29:14 +0000 (15:29 +0100)]
tidying

2 years agoSupport PIPECONNECT with helo_data using the local IP, when interface is known.
Jeremy Harris [Sun, 3 Apr 2022 20:37:01 +0000 (21:37 +0100)]
Support PIPECONNECT with helo_data using the local IP, when interface is known.

2 years agoTestsuite: account for changed feature name
Jeremy Harris [Mon, 4 Apr 2022 22:12:44 +0000 (23:12 +0100)]
Testsuite: account for changed feature name

Broken-by: a375c22c1d
2 years agoCHUNKING: fix availability on continued-transport
Jeremy Harris [Sun, 3 Apr 2022 17:10:09 +0000 (18:10 +0100)]
CHUNKING: fix availability on continued-transport

2 years agoDocs: allow for multiple return from dnsdb PTR lookup
Jeremy Harris [Sun, 3 Apr 2022 15:33:40 +0000 (16:33 +0100)]
Docs: allow for multiple return from dnsdb PTR lookup

2 years agoRevert "Build: remove hints-DB interface from macro-predef phase"
Jeremy Harris [Sat, 2 Apr 2022 06:58:36 +0000 (07:58 +0100)]
Revert "Build: remove hints-DB interface from macro-predef phase"

This reverts commit d518c8b6721ea30a9dc3190e57157edd676234ec.

2 years agoBuild: remove hints-DB interface from macro-predef phase
Jeremy Harris [Fri, 1 Apr 2022 20:18:16 +0000 (21:18 +0100)]
Build: remove hints-DB interface from macro-predef phase

2 years agoc99 / non-gcc compatible inlineable functions
Jeremy Harris [Fri, 1 Apr 2022 13:45:15 +0000 (14:45 +0100)]
c99 / non-gcc compatible inlineable functions

2 years agodesignated initializers
Jeremy Harris [Thu, 31 Mar 2022 17:13:12 +0000 (18:13 +0100)]
designated initializers

2 years agoCompiler quietening
Jeremy Harris [Mon, 28 Mar 2022 14:22:13 +0000 (15:22 +0100)]
Compiler quietening

2 years agoTidying: explicit (de)tainting copies
Jeremy Harris [Sat, 19 Mar 2022 19:11:17 +0000 (19:11 +0000)]
Tidying: explicit (de)tainting copies

2 years agoHints DB interface: convert from macros to inlinable functions.
Jeremy Harris [Sun, 20 Mar 2022 14:20:13 +0000 (14:20 +0000)]
Hints DB interface: convert from macros to inlinable functions.
Testing status: tdb, dbm, gdbm & ndbm build and pass testsuite.

2 years agoLogging: fix crash on local_part utf8-conversion fail
Jeremy Harris [Thu, 24 Mar 2022 22:47:04 +0000 (22:47 +0000)]
Logging: fix crash on local_part utf8-conversion fail

Broken-by: d2f99aad04
2 years agoTaintcheck transport-process arguments
Jeremy Harris [Sun, 27 Mar 2022 19:41:05 +0000 (20:41 +0100)]
Taintcheck transport-process arguments

2 years agoDebug: build a summary string tracking transport SMTP commands & responses
Jeremy Harris [Sat, 19 Mar 2022 19:14:34 +0000 (19:14 +0000)]
Debug: build a summary string tracking transport SMTP commands & responses

2 years agoBDB: specific build-time error for version 1 library
Jeremy Harris [Sat, 19 Mar 2022 17:18:30 +0000 (17:18 +0000)]
BDB: specific build-time error for version 1 library

Broken-by: 990ba85353
2 years agoconstify
Jeremy Harris [Sun, 13 Mar 2022 16:23:31 +0000 (16:23 +0000)]
constify

2 years agotidying
Jeremy Harris [Sun, 13 Mar 2022 16:01:52 +0000 (16:01 +0000)]
tidying

2 years agorefactor
Jeremy Harris [Sun, 13 Mar 2022 15:58:07 +0000 (15:58 +0000)]
refactor

2 years agoOpenSSL: track shutdown calls. Bug 2864
Jeremy Harris [Thu, 10 Mar 2022 15:23:26 +0000 (15:23 +0000)]
OpenSSL: track shutdown calls.  Bug 2864

2 years agoTDB: quieten compiler and testsuite
Jeremy Harris [Sun, 13 Mar 2022 01:02:37 +0000 (01:02 +0000)]
TDB: quieten compiler and testsuite

2 years agoSet $value for match_<list-type> and inlist
Jeremy Harris [Fri, 11 Mar 2022 15:54:26 +0000 (15:54 +0000)]
Set $value for match_<list-type> and inlist

2 years agotidying
Jeremy Harris [Fri, 11 Mar 2022 15:25:10 +0000 (15:25 +0000)]
tidying

2 years agoFix static address-list lookup return
Jeremy Harris [Thu, 10 Mar 2022 20:27:49 +0000 (20:27 +0000)]
Fix static address-list lookup return

2 years agoAdd backstop check for taint of executable name when calling exec()
Jeremy Harris [Wed, 9 Mar 2022 14:11:50 +0000 (14:11 +0000)]
Add backstop check for taint of executable name when calling exec()

2 years agotidying
Jeremy Harris [Wed, 9 Mar 2022 14:11:05 +0000 (14:11 +0000)]
tidying

2 years agoDocs: markup syntax
Jeremy Harris [Sun, 6 Mar 2022 20:06:37 +0000 (20:06 +0000)]
Docs: markup syntax

2 years agoUtilities: fix exiqgrep perl syntax, add testcases. Bug 2821
Jeremy Harris [Sun, 6 Mar 2022 14:25:13 +0000 (14:25 +0000)]
Utilities: fix exiqgrep perl syntax, add testcases.  Bug 2821

Broken-by: df618101a5
2 years agoGnuTLS: fix build with older library versions
Jeremy Harris [Sat, 5 Mar 2022 15:25:37 +0000 (15:25 +0000)]
GnuTLS: fix build with older library versions

2 years agoCheck query strings of query-style lookups for quoting. Bug 2850
Jeremy Harris [Thu, 3 Mar 2022 22:23:42 +0000 (22:23 +0000)]
Check query strings of query-style lookups for quoting.  Bug 2850

2 years agoAnother go at the overlong-addrs versus rewrites problem
Jeremy Harris [Wed, 2 Mar 2022 17:07:27 +0000 (17:07 +0000)]
Another go at the overlong-addrs versus rewrites problem

2 years agoRevert introduction of alloc_insecure_tainted_data
Jeremy Harris [Tue, 1 Mar 2022 23:12:53 +0000 (23:12 +0000)]
Revert introduction of alloc_insecure_tainted_data

    tidy log.c

    (cherry picked from commit 0327b6460eec64da6b0c1543c7e9b3d0f8cb9294)
    (cherry picked from commit 8021b95c2e266861aba29c97b4bb90dc6f7637a2)

    This reverts commit f9a3fcddba223133019368e7cd6d51449fc54e7b.
    This reverts commit 8fc13e4adcdf5d0cec382c401ce72592569084fe.
    This reverts commit 2382cd3e81838709abd3b0c1b410f65274d90e25.
    This reverts commit ace68726852d08deec815a37f369a4e31be77813.
    This reverts commit 4a2bd5dc2f157c50b7e4e7491eac1c930efd2100.
    This reverts commit e8b8b133c685e7b09f672016d117c7d8b49e70b1.
    This reverts commit f7509ba6fb5e1033c1406b87f057c9c48a217d27.
    This reverts commit dbac5a049acbe645a816b4a5e895c5be0de53483.
    This reverts commit f7da81e789e2f20b00f46f07260488f337984b84.
    This reverts commit f7c791b769a3a5395d92d29d27aa58f9d442373c.
    This reverts commit 0fa46a83a55054c65ffc539405f62bf86aac5b44.
    This reverts commit ec7e44dc9134307d74afa4b07f09afbdd019282c.
    This reverts commit ee4924bc711f54a751448fb5cee5ec4fc9c96196.
    This reverts commit 951b668a191ef510a4e27d8204c5fa82ca957a07.
    This reverts commit 18d243312bf3a23bd0f464fac44797e2720e03ec.
    This reverts commit 16c884a4818594069253de460bf9926f69d50fe5.
    This reverts commit 368ecb000c58995c5f61443d45d43942f1f431d0.
    This reverts commit 331817e995b05793ec840476fac67e8f7c638a47.
    This reverts commit 07343a5b1968f4f5e41664c15fd636bdb6a6cc48.
    This reverts commit 060cf1e3c9a0a6960b771cdff6f0a5a2ca9b114c.
    This reverts commit 28d2eab1414ef8d20ff0fde7026aa52fd01ef795.
    This reverts commit b6b4b129892a99747a586e5d4acb68fe7176ab4b.
    This reverts commit 77b478579a0029def01d1b3a4ea591eac447832a.
    This reverts commit 0103b34645278151851c31cf1c1976150d907bb4.
    This reverts commit f94ca3e3ed2bc5a68ac54c5487e0216ea8db8470.
    This reverts commit 7a33a3fc2c1ae4df30eaabaf25fc59e2d6ab5d6c.
    This reverts commit 305c0579ab4286b464c2cd589843a7e60f59dfaf.

2 years agoGDBM: fix build
Jeremy Harris [Tue, 1 Mar 2022 17:08:13 +0000 (17:08 +0000)]
GDBM: fix build

2 years agoTestsuite: fix for ndbm
Jeremy Harris [Sun, 27 Feb 2022 14:27:04 +0000 (14:27 +0000)]
Testsuite: fix for ndbm

2 years agoGnuTLS: TLS1.3 channel binding
Jeremy Harris [Sun, 27 Feb 2022 22:34:55 +0000 (22:34 +0000)]
GnuTLS: TLS1.3 channel binding

2 years agoAUTH GSASL SCRAM: handling of error return from library
Jeremy Harris [Sun, 27 Feb 2022 22:32:41 +0000 (22:32 +0000)]
AUTH GSASL SCRAM: handling of error return from library

2 years agoNDBM: check for bogus name given to create call
Jeremy Harris [Sun, 27 Feb 2022 16:33:24 +0000 (16:33 +0000)]
NDBM: check for bogus name given to create call

2 years agoBuild: Allow Local/Makefile "USE_NDBM=y" to override OS/Makefile-*
Jeremy Harris [Sun, 27 Feb 2022 14:11:09 +0000 (14:11 +0000)]
Build: Allow Local/Makefile "USE_NDBM=y" to override OS/Makefile-*

2 years agoDocs: update wrt. BDB versions
Jeremy Harris [Sun, 27 Feb 2022 12:16:21 +0000 (12:16 +0000)]
Docs: update wrt. BDB versions

2 years agoTestsuite: munge for Cyrus SASL library version output changes
Jeremy Harris [Sat, 26 Feb 2022 22:36:59 +0000 (22:36 +0000)]
Testsuite: munge for Cyrus SASL library version output changes

2 years agoCyrus SASL: keep rejectlog output to single lines
Jeremy Harris [Sat, 26 Feb 2022 22:50:52 +0000 (22:50 +0000)]
Cyrus SASL: keep rejectlog output to single lines

2 years agoOpenBSD: use ndbm for hints DBs
Jeremy Harris [Sat, 26 Feb 2022 20:37:43 +0000 (20:37 +0000)]
OpenBSD: use ndbm for hints DBs

2 years agoTestsuite: Output from newer GSASL library, for SCRAM-SHA-256
Jeremy Harris [Sat, 26 Feb 2022 16:46:14 +0000 (16:46 +0000)]
Testsuite: Output from newer GSASL library, for SCRAM-SHA-256

2 years agotidying
Jeremy Harris [Sat, 26 Feb 2022 16:40:15 +0000 (16:40 +0000)]
tidying