Jeremy Harris [Thu, 7 Nov 2019 17:32:49 +0000 (17:32 +0000)]
Dsearch: Fix taint-handling in lookup. Bug 2465
(cherry picked from commit
13e70f5530fc3fd376e1397c76e073a339e738aa)
Jeremy Harris [Fri, 8 Nov 2019 22:30:04 +0000 (22:30 +0000)]
Regard command-line recipients as tainted
Jeremy Harris [Tue, 5 Nov 2019 21:13:41 +0000 (21:13 +0000)]
DKIM/CHUNKING: support CHUNKING when a transport_filter is used, if DKIM signing is being done
Jeremy Harris [Wed, 23 Oct 2019 12:27:06 +0000 (13:27 +0100)]
DKIM: disallow default acceptance of sha1 for verify
Jeremy Harris [Tue, 22 Oct 2019 12:24:47 +0000 (13:24 +0100)]
Testsuite: munge for WITH_LOCAL_SCAN
Jeremy Harris [Tue, 22 Oct 2019 12:19:51 +0000 (13:19 +0100)]
Testsuite: munge for WITH_LOCAL_SCAN
Jeremy Harris [Sat, 19 Oct 2019 23:10:20 +0000 (00:10 +0100)]
Build: include early-pipelining unless disabled
Jeremy Harris [Sat, 19 Oct 2019 18:55:39 +0000 (19:55 +0100)]
Fix HAVE_LOCAL_SCAN build. Bug 2457
Broken-by: f3ebb786e4
(cherry picked from commits
d48326c00b,
1352e600b8)
Jeremy Harris [Sun, 13 Oct 2019 19:41:39 +0000 (20:41 +0100)]
Testsuite: munging for SRS testcase
Jeremy Harris [Sun, 13 Oct 2019 19:32:38 +0000 (20:32 +0100)]
Testsuite: output changes resulting
Jeremy Harris [Sun, 13 Oct 2019 19:23:07 +0000 (20:23 +0100)]
Fix no-ssl build
Broken-by: d85cdeb5e5
Jeremy Harris [Sun, 13 Oct 2019 14:50:46 +0000 (15:50 +0100)]
SRS: native implementation. Bug 1649
Jeremy Harris [Sat, 12 Oct 2019 18:03:30 +0000 (19:03 +0100)]
Dummies for Solaris build
Jeremy Harris [Sat, 12 Oct 2019 11:48:44 +0000 (12:48 +0100)]
Reduce delivery process startup time
Jeremy Harris [Sat, 12 Oct 2019 13:22:25 +0000 (14:22 +0100)]
Dummies for Solaris build
Jeremy Harris [Sat, 12 Oct 2019 13:12:56 +0000 (14:12 +0100)]
Fix errorcheck in smtp transport
Jeremy Harris [Sat, 12 Oct 2019 13:01:18 +0000 (14:01 +0100)]
SRS: add basic documentation
Jeremy Harris [Sat, 12 Oct 2019 11:39:49 +0000 (12:39 +0100)]
Performance timing measurements
Jeremy Harris [Sun, 6 Oct 2019 22:28:25 +0000 (23:28 +0100)]
Testsuite: handle OpenBSD version of ifconfig
Jeremy Harris [Sun, 6 Oct 2019 19:48:28 +0000 (20:48 +0100)]
Testsuite: interface number is optional
Jeremy Harris [Sun, 6 Oct 2019 16:25:07 +0000 (17:25 +0100)]
OpenSSL: explicit add for sha256 digest method no longer needed for recent library versions
Jeremy Harris [Sun, 6 Oct 2019 15:35:26 +0000 (16:35 +0100)]
GnuTLS: pkcs11-init no longer needed for recent library versions
Jeremy Harris [Sun, 6 Oct 2019 15:23:23 +0000 (16:23 +0100)]
GnuTLS: global-init call not needed for recent library versions
Jeremy Harris [Sun, 6 Oct 2019 14:55:57 +0000 (15:55 +0100)]
Docs: fix syntax
Jeremy Harris [Sun, 6 Oct 2019 14:36:25 +0000 (15:36 +0100)]
GnuTLS: lose DH-param setup, for recent library versions where no longer needed
Jeremy Harris [Fri, 4 Oct 2019 11:46:04 +0000 (12:46 +0100)]
Testsuite: output changes resulting
Broken-by: 8e78571a8b
Heiko Schlittermann (HS12-RIPE) [Sat, 5 Oct 2019 14:54:09 +0000 (16:54 +0200)]
release process: bzip is actually bzip2
Heiko Schlittermann (HS12-RIPE) [Sat, 5 Oct 2019 14:43:36 +0000 (16:43 +0200)]
release process: Use --use-compress-program for tar.
Gzip declares the use of environment variables as deprecated.
Jeremy Harris [Thu, 3 Oct 2019 19:57:40 +0000 (20:57 +0100)]
Events: Add smtp:ehlo event
Jeremy Harris [Thu, 3 Oct 2019 18:25:18 +0000 (19:25 +0100)]
PRDR: add implementation notes in sample configuration
Jeremy Harris [Thu, 3 Oct 2019 14:44:24 +0000 (15:44 +0100)]
Testsuite: use a %ifname appended to fe80:: ipv6 address when using such
Jeremy Harris [Wed, 2 Oct 2019 13:49:55 +0000 (14:49 +0100)]
DSN: add References: header. Bug 2452
Jeremy Harris [Tue, 1 Oct 2019 20:36:33 +0000 (21:36 +0100)]
Testsuite: take care with the net-10 zonefile when operating in that area
Jeremy Harris [Tue, 1 Oct 2019 13:01:00 +0000 (14:01 +0100)]
OpenSSL: clearer log message for TCP conn close at SSL_accept
Jeremy Harris [Sun, 29 Sep 2019 14:55:16 +0000 (15:55 +0100)]
tidying
Martin Preen [Mon, 30 Sep 2019 15:49:44 +0000 (16:49 +0100)]
Testsuite: dynamic libraries are usable on Solaris
Jeremy Harris [Sun, 29 Sep 2019 17:16:12 +0000 (18:16 +0100)]
Build: linux only needs libnsl for LOOKUP_NIS
Jeremy Harris [Sun, 29 Sep 2019 14:20:31 +0000 (15:20 +0100)]
OpenSSL: fix build on earlier library versions
Jeremy Harris [Sun, 29 Sep 2019 13:16:36 +0000 (14:16 +0100)]
OpenSSL: support OCSP stapling on multi-cert servers
Jeremy Harris [Thu, 19 Sep 2019 17:41:42 +0000 (18:41 +0100)]
tidying
Jeremy Harris [Sun, 29 Sep 2019 11:49:34 +0000 (12:49 +0100)]
DKIM: fix errorcheck in signing, lilbgcrypt version. Bug 2450
Heiko Schlittermann (HS12-RIPE) [Sat, 28 Sep 2019 16:50:26 +0000 (18:50 +0200)]
Testsuite: src/client.c: handle long lines read back from the server
Increase the buffer for reading data back from the server, and read
at least until a '\n' appears in the input.
Heiko Schlittermann (HS12-RIPE) [Sat, 21 Sep 2019 15:31:03 +0000 (17:31 +0200)]
Docs: add dmarc_tld_file link
Jeremy Harris [Fri, 27 Sep 2019 11:21:49 +0000 (12:21 +0100)]
Testsuite: regression-test for bug. Bug 2449
Jeremy Harris [Thu, 26 Sep 2019 21:36:38 +0000 (22:36 +0100)]
Testsuite: disallow :: as a usable ipv6 address
Jeremy Harris [Thu, 26 Sep 2019 19:29:36 +0000 (20:29 +0100)]
Testsuite: output changes resulting
Broken-by: e326959e5e
Jeremy Harris [Thu, 26 Sep 2019 18:28:53 +0000 (19:28 +0100)]
GnuTLS: full-chain OCSP stapling. Bug 1466
Simon Arlott [Sun, 22 Sep 2019 17:45:18 +0000 (18:45 +0100)]
DNS: do not skip initial two components of SRV & TLSA lookups before checking name syntax.
The introduction of DKIM added _ to the permitted chars, so those components will pass.
Jeremy Harris [Sun, 22 Sep 2019 14:43:37 +0000 (15:43 +0100)]
DMARC: promote the support from Experimental to mainline
Jeremy Harris [Sun, 22 Sep 2019 13:57:16 +0000 (14:57 +0100)]
Docs: expansion items should use &%name%&
Jeremy Harris [Sun, 22 Sep 2019 11:18:54 +0000 (12:18 +0100)]
Testsuite: handle non-exim-writable testcase spoolfiles
Jeremy Harris [Sun, 22 Sep 2019 09:56:31 +0000 (10:56 +0100)]
Fix taint-checking on Solaris
Jeremy Harris [Sun, 22 Sep 2019 09:46:39 +0000 (10:46 +0100)]
Testsuite: strip trailing / from "pwd" output
Jeremy Harris [Sat, 21 Sep 2019 22:27:03 +0000 (23:27 +0100)]
GnuTLS: fix build on older libraries
Jeremy Harris [Sat, 21 Sep 2019 22:16:16 +0000 (23:16 +0100)]
Testsuite: comment future work
Jeremy Harris [Sat, 21 Sep 2019 21:22:50 +0000 (22:22 +0100)]
Docs: usability of malware ACL condition
Jeremy Harris [Sat, 21 Sep 2019 16:52:56 +0000 (17:52 +0100)]
GnuTLS: fix build on intermediate-age libraries
Broken-by: e54893330b
Jeremy Harris [Fri, 20 Sep 2019 14:53:01 +0000 (15:53 +0100)]
GnuTLS: fix non-OCSP bulid
Broken-by: 7613df821d
Jeremy Harris [Tue, 27 Aug 2019 16:24:23 +0000 (17:24 +0100)]
GnuTLS: Move to more-modern stapling API
Jeremy Harris [Fri, 20 Sep 2019 09:23:46 +0000 (10:23 +0100)]
Testsuite: avoid picking 0.0.0.0 as the HOSTIPV4; permit 10.0/8 apart from 10.250.0/16
Solaris leaves 0.0.0.0 lying around (for not-UP interfaces)
The suite only needs testspace under 10.250.0/16 so we can permit the ret,
making testing on many NATted 10.0/8 subnets possible.
Jeremy Harris [Thu, 19 Sep 2019 21:14:03 +0000 (22:14 +0100)]
Fix taint-checking on Solaris
Martin Preen [Thu, 19 Sep 2019 17:45:04 +0000 (18:45 +0100)]
Build: Solaris workarounds
Jeremy Harris [Thu, 19 Sep 2019 09:10:57 +0000 (10:10 +0100)]
Docs: more detail on log_file_path, in the main-config chapter
Heiko Schlittermann (HS12-RIPE) [Tue, 17 Sep 2019 20:35:00 +0000 (22:35 +0200)]
Docs: Adjust on TLSA, dnssec_request_domains
Heiko Schlittermann (HS12-RIPE) [Sun, 15 Sep 2019 19:43:06 +0000 (21:43 +0200)]
Consistent logging, always use DKIM instead of mixed DKIM/PDKIM
Heiko Schlittermann (HS12-RIPE) [Mon, 16 Sep 2019 10:49:31 +0000 (12:49 +0200)]
Testsuite: do not use trailing spaces in runtest
Some editors may swallow it. Encode trailing space as \x20.
Jeremy Harris [Sun, 15 Sep 2019 21:06:59 +0000 (22:06 +0100)]
Testsuite: bump timeouts, for slower platforms
Heiko Schlittermann (HS12-RIPE) [Sun, 15 Sep 2019 10:31:24 +0000 (12:31 +0200)]
Doc: Improve pointer to DKIM signing options
Heiko Schlittermann (HS12-RIPE) [Fri, 13 Sep 2019 14:32:25 +0000 (16:32 +0200)]
Doc: Typos
Jeremy Harris [Tue, 10 Sep 2019 11:29:12 +0000 (12:29 +0100)]
Refuse to open a msglog file with .. in the path.
Recent exploits have use this as a step for overwriting system files,
and msglog file should always be under the spooldir, so add this as
a defence-in-depth tactic
Jeremy Harris [Tue, 10 Sep 2019 11:28:44 +0000 (12:28 +0100)]
tidying
Heiko Schlittermann (HS12-RIPE) [Tue, 10 Sep 2019 10:49:32 +0000 (12:49 +0200)]
Move the regression test for CVE-2019-15846 to 1100-Basic-TLS/1100
Jeremy Harris [Sun, 8 Sep 2019 17:16:02 +0000 (18:16 +0100)]
Testsuite: munge for timing variance
Jeremy Harris [Sun, 8 Sep 2019 13:41:48 +0000 (14:41 +0100)]
Fix unaligned access (more cleanly) in DNS regative-caching
Jeremy Harris [Sun, 8 Sep 2019 11:11:16 +0000 (12:11 +0100)]
Fix unaligned access in DNS negative-caching
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Aug 2019 12:45:48 +0000 (14:45 +0200)]
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements
(cherry picked from commit
2600301ba6dbac5c9d640c87007a07ee6dcea1f4,
6693563381 and
cdc7f9a966)
Jeremy Harris [Sat, 7 Sep 2019 19:52:33 +0000 (20:52 +0100)]
Testsuite: increase RBL record TTL
Jeremy Harris [Thu, 5 Sep 2019 15:47:41 +0000 (16:47 +0100)]
Testsuite: drop test.ex domain neg-cache ttl to 3000
Jeremy Harris [Thu, 5 Sep 2019 09:31:57 +0000 (10:31 +0100)]
Support TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists. Bug 1395
Jeremy Harris [Thu, 5 Sep 2019 09:32:46 +0000 (10:32 +0100)]
Build: do not override the system "cc", on Linux and OpenBSD
Jeremy Harris [Wed, 4 Sep 2019 14:19:42 +0000 (15:19 +0100)]
tidying
Jeremy Harris [Wed, 4 Sep 2019 10:07:34 +0000 (11:07 +0100)]
Fix taint-checking on FreeBSD
Jeremy Harris [Tue, 3 Sep 2019 20:49:58 +0000 (21:49 +0100)]
tidying
Jeremy Harris [Mon, 2 Sep 2019 11:33:29 +0000 (12:33 +0100)]
Testsuite: platform differences for resolver flags bits
Jeremy Harris [Mon, 2 Sep 2019 10:18:48 +0000 (11:18 +0100)]
Build: another go at Solaris workarounds
Jeremy Harris [Sun, 1 Sep 2019 22:45:43 +0000 (23:45 +0100)]
Testsuite: keep noqualify testcase from using external DNS
Jeremy Harris [Sun, 1 Sep 2019 20:47:11 +0000 (21:47 +0100)]
Testsuite: platform differences for resolver flags bits
Jeremy Harris [Sun, 1 Sep 2019 19:43:02 +0000 (20:43 +0100)]
Testsuite: fix non-ipv6 platforms
Broken-by: 7d8d08c484
Jeremy Harris [Sun, 1 Sep 2019 18:44:31 +0000 (19:44 +0100)]
Support TTL from SOA for NXDOMAIN & NODATA cache entries. Bug 1395
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Aug 2019 11:44:01 +0000 (13:44 +0200)]
Always check return from tls_export_cert()
Invert the meaning of the return.
Heiko Schlittermann (HS12-RIPE) [Tue, 27 Aug 2019 19:58:27 +0000 (21:58 +0200)]
Testcase for handling of -H files for excessive long '-KEY' lines
Thanks to Qualys for their analysis. This bug was fixed independently
by JGH.
Tidy.
Jeremy Harris [Tue, 27 Aug 2019 16:44:52 +0000 (17:44 +0100)]
Fix ${domain:} for a bare local-part input. Bug 2375
Broken-by: e2ff8e24f4
Jeremy Harris [Mon, 19 Aug 2019 19:06:32 +0000 (20:06 +0100)]
typos
Jeremy Harris [Mon, 19 Aug 2019 18:32:01 +0000 (19:32 +0100)]
Build: workaround inlining problems on Solaris
Jeremy Harris [Mon, 19 Aug 2019 14:50:57 +0000 (15:50 +0100)]
taint SNI values supplied by client
Jeremy Harris [Mon, 19 Aug 2019 14:25:38 +0000 (15:25 +0100)]
Build: workaround inlining problems on Solaris
Jeremy Harris [Mon, 19 Aug 2019 13:23:11 +0000 (14:23 +0100)]
Testsuite: DNS lookup notes
Jeremy Harris [Mon, 19 Aug 2019 11:03:46 +0000 (12:03 +0100)]
taint nonrcpt names read from spool
Jeremy Harris [Mon, 19 Aug 2019 10:51:43 +0000 (11:51 +0100)]
inlining
Jeremy Harris [Thu, 15 Aug 2019 12:47:04 +0000 (13:47 +0100)]
Appendfile: when evaluating quota use attemd to link counts