users/heiko/exim.git
5 years agoDsearch: Fix taint-handling in lookup. Bug 2465
Jeremy Harris [Thu, 7 Nov 2019 17:32:49 +0000 (17:32 +0000)]
Dsearch: Fix taint-handling in lookup.  Bug 2465

(cherry picked from commit 13e70f5530fc3fd376e1397c76e073a339e738aa)

5 years agoRegard command-line recipients as tainted
Jeremy Harris [Fri, 8 Nov 2019 22:30:04 +0000 (22:30 +0000)]
Regard command-line recipients as tainted

5 years agoDKIM/CHUNKING: support CHUNKING when a transport_filter is used, if DKIM signing...
Jeremy Harris [Tue, 5 Nov 2019 21:13:41 +0000 (21:13 +0000)]
DKIM/CHUNKING: support CHUNKING when a transport_filter is used, if DKIM signing is being done

5 years agoDKIM: disallow default acceptance of sha1 for verify
Jeremy Harris [Wed, 23 Oct 2019 12:27:06 +0000 (13:27 +0100)]
DKIM: disallow default acceptance of sha1 for verify

5 years agoTestsuite: munge for WITH_LOCAL_SCAN
Jeremy Harris [Tue, 22 Oct 2019 12:24:47 +0000 (13:24 +0100)]
Testsuite: munge for WITH_LOCAL_SCAN

5 years agoTestsuite: munge for WITH_LOCAL_SCAN
Jeremy Harris [Tue, 22 Oct 2019 12:19:51 +0000 (13:19 +0100)]
Testsuite: munge for WITH_LOCAL_SCAN

5 years agoBuild: include early-pipelining unless disabled
Jeremy Harris [Sat, 19 Oct 2019 23:10:20 +0000 (00:10 +0100)]
Build: include early-pipelining unless disabled

5 years agoFix HAVE_LOCAL_SCAN build. Bug 2457
Jeremy Harris [Sat, 19 Oct 2019 18:55:39 +0000 (19:55 +0100)]
Fix HAVE_LOCAL_SCAN build.  Bug 2457

Broken-by: f3ebb786e4
(cherry picked from commits d48326c00b1352e600b8)

5 years agoTestsuite: munging for SRS testcase
Jeremy Harris [Sun, 13 Oct 2019 19:41:39 +0000 (20:41 +0100)]
Testsuite: munging for SRS testcase

5 years agoTestsuite: output changes resulting
Jeremy Harris [Sun, 13 Oct 2019 19:32:38 +0000 (20:32 +0100)]
Testsuite: output changes resulting

5 years agoFix no-ssl build
Jeremy Harris [Sun, 13 Oct 2019 19:23:07 +0000 (20:23 +0100)]
Fix no-ssl build

Broken-by: d85cdeb5e5
5 years agoSRS: native implementation. Bug 1649
Jeremy Harris [Sun, 13 Oct 2019 14:50:46 +0000 (15:50 +0100)]
SRS: native implementation.  Bug 1649

5 years agoDummies for Solaris build
Jeremy Harris [Sat, 12 Oct 2019 18:03:30 +0000 (19:03 +0100)]
Dummies for Solaris build

5 years agoReduce delivery process startup time
Jeremy Harris [Sat, 12 Oct 2019 11:48:44 +0000 (12:48 +0100)]
Reduce delivery process startup time

5 years agoDummies for Solaris build
Jeremy Harris [Sat, 12 Oct 2019 13:22:25 +0000 (14:22 +0100)]
Dummies for Solaris build

5 years agoFix errorcheck in smtp transport
Jeremy Harris [Sat, 12 Oct 2019 13:12:56 +0000 (14:12 +0100)]
Fix errorcheck in smtp transport

5 years agoSRS: add basic documentation
Jeremy Harris [Sat, 12 Oct 2019 13:01:18 +0000 (14:01 +0100)]
SRS: add basic documentation

5 years agoPerformance timing measurements
Jeremy Harris [Sat, 12 Oct 2019 11:39:49 +0000 (12:39 +0100)]
Performance timing measurements

5 years agoTestsuite: handle OpenBSD version of ifconfig
Jeremy Harris [Sun, 6 Oct 2019 22:28:25 +0000 (23:28 +0100)]
Testsuite: handle OpenBSD version of ifconfig

5 years agoTestsuite: interface number is optional
Jeremy Harris [Sun, 6 Oct 2019 19:48:28 +0000 (20:48 +0100)]
Testsuite: interface number is optional

5 years agoOpenSSL: explicit add for sha256 digest method no longer needed for recent library...
Jeremy Harris [Sun, 6 Oct 2019 16:25:07 +0000 (17:25 +0100)]
OpenSSL: explicit add for sha256 digest method no longer needed for recent library versions

5 years agoGnuTLS: pkcs11-init no longer needed for recent library versions
Jeremy Harris [Sun, 6 Oct 2019 15:35:26 +0000 (16:35 +0100)]
GnuTLS: pkcs11-init no longer needed for recent library versions

5 years agoGnuTLS: global-init call not needed for recent library versions
Jeremy Harris [Sun, 6 Oct 2019 15:23:23 +0000 (16:23 +0100)]
GnuTLS: global-init call not needed for recent library versions

5 years agoDocs: fix syntax
Jeremy Harris [Sun, 6 Oct 2019 14:55:57 +0000 (15:55 +0100)]
Docs: fix syntax

5 years agoGnuTLS: lose DH-param setup, for recent library versions where no longer needed
Jeremy Harris [Sun, 6 Oct 2019 14:36:25 +0000 (15:36 +0100)]
GnuTLS: lose DH-param setup, for recent library versions where no longer needed

5 years agoTestsuite: output changes resulting
Jeremy Harris [Fri, 4 Oct 2019 11:46:04 +0000 (12:46 +0100)]
Testsuite: output changes resulting

Broken-by: 8e78571a8b
5 years agorelease process: bzip is actually bzip2
Heiko Schlittermann (HS12-RIPE) [Sat, 5 Oct 2019 14:54:09 +0000 (16:54 +0200)]
release process: bzip is actually bzip2

5 years agorelease process: Use --use-compress-program for tar.
Heiko Schlittermann (HS12-RIPE) [Sat, 5 Oct 2019 14:43:36 +0000 (16:43 +0200)]
release process: Use --use-compress-program for tar.

Gzip declares the use of environment variables as deprecated.

5 years agoEvents: Add smtp:ehlo event
Jeremy Harris [Thu, 3 Oct 2019 19:57:40 +0000 (20:57 +0100)]
Events: Add smtp:ehlo event

5 years agoPRDR: add implementation notes in sample configuration
Jeremy Harris [Thu, 3 Oct 2019 18:25:18 +0000 (19:25 +0100)]
PRDR: add implementation notes in sample configuration

5 years agoTestsuite: use a %ifname appended to fe80:: ipv6 address when using such
Jeremy Harris [Thu, 3 Oct 2019 14:44:24 +0000 (15:44 +0100)]
Testsuite: use a %ifname appended to fe80:: ipv6 address when using such

5 years agoDSN: add References: header. Bug 2452
Jeremy Harris [Wed, 2 Oct 2019 13:49:55 +0000 (14:49 +0100)]
DSN: add References: header.  Bug 2452

5 years agoTestsuite: take care with the net-10 zonefile when operating in that area
Jeremy Harris [Tue, 1 Oct 2019 20:36:33 +0000 (21:36 +0100)]
Testsuite: take care with the net-10 zonefile when operating in that area

5 years agoOpenSSL: clearer log message for TCP conn close at SSL_accept
Jeremy Harris [Tue, 1 Oct 2019 13:01:00 +0000 (14:01 +0100)]
OpenSSL: clearer log message for TCP conn close at SSL_accept

5 years agotidying
Jeremy Harris [Sun, 29 Sep 2019 14:55:16 +0000 (15:55 +0100)]
tidying

5 years agoTestsuite: dynamic libraries are usable on Solaris
Martin Preen [Mon, 30 Sep 2019 15:49:44 +0000 (16:49 +0100)]
Testsuite: dynamic libraries are usable on Solaris

5 years agoBuild: linux only needs libnsl for LOOKUP_NIS
Jeremy Harris [Sun, 29 Sep 2019 17:16:12 +0000 (18:16 +0100)]
Build: linux only needs libnsl for LOOKUP_NIS

5 years agoOpenSSL: fix build on earlier library versions
Jeremy Harris [Sun, 29 Sep 2019 14:20:31 +0000 (15:20 +0100)]
OpenSSL: fix build on earlier library versions

5 years agoOpenSSL: support OCSP stapling on multi-cert servers
Jeremy Harris [Sun, 29 Sep 2019 13:16:36 +0000 (14:16 +0100)]
OpenSSL: support OCSP stapling on multi-cert servers

5 years agotidying
Jeremy Harris [Thu, 19 Sep 2019 17:41:42 +0000 (18:41 +0100)]
tidying

5 years agoDKIM: fix errorcheck in signing, lilbgcrypt version. Bug 2450
Jeremy Harris [Sun, 29 Sep 2019 11:49:34 +0000 (12:49 +0100)]
DKIM: fix errorcheck in signing, lilbgcrypt version.  Bug 2450

5 years agoTestsuite: src/client.c: handle long lines read back from the server
Heiko Schlittermann (HS12-RIPE) [Sat, 28 Sep 2019 16:50:26 +0000 (18:50 +0200)]
Testsuite: src/client.c: handle long lines read back from the server

Increase the buffer for reading data back from the server, and read
at least until a '\n' appears in the input.

5 years agoDocs: add dmarc_tld_file link
Heiko Schlittermann (HS12-RIPE) [Sat, 21 Sep 2019 15:31:03 +0000 (17:31 +0200)]
Docs: add dmarc_tld_file link

5 years agoTestsuite: regression-test for bug. Bug 2449
Jeremy Harris [Fri, 27 Sep 2019 11:21:49 +0000 (12:21 +0100)]
Testsuite: regression-test for bug.  Bug 2449

5 years agoTestsuite: disallow :: as a usable ipv6 address
Jeremy Harris [Thu, 26 Sep 2019 21:36:38 +0000 (22:36 +0100)]
Testsuite: disallow :: as a usable ipv6 address

5 years agoTestsuite: output changes resulting
Jeremy Harris [Thu, 26 Sep 2019 19:29:36 +0000 (20:29 +0100)]
Testsuite: output changes resulting

Broken-by: e326959e5e
5 years agoGnuTLS: full-chain OCSP stapling. Bug 1466
Jeremy Harris [Thu, 26 Sep 2019 18:28:53 +0000 (19:28 +0100)]
GnuTLS: full-chain OCSP stapling.  Bug 1466

5 years agoDNS: do not skip initial two components of SRV & TLSA lookups before checking name...
Simon Arlott [Sun, 22 Sep 2019 17:45:18 +0000 (18:45 +0100)]
DNS: do not skip initial two components of SRV & TLSA lookups before checking name syntax.
The introduction of DKIM added _ to the permitted chars, so those components will pass.

5 years agoDMARC: promote the support from Experimental to mainline
Jeremy Harris [Sun, 22 Sep 2019 14:43:37 +0000 (15:43 +0100)]
DMARC: promote the support from Experimental to mainline

5 years agoDocs: expansion items should use &%name%&
Jeremy Harris [Sun, 22 Sep 2019 13:57:16 +0000 (14:57 +0100)]
Docs: expansion items should use &%name%&

5 years agoTestsuite: handle non-exim-writable testcase spoolfiles
Jeremy Harris [Sun, 22 Sep 2019 11:18:54 +0000 (12:18 +0100)]
Testsuite: handle non-exim-writable testcase spoolfiles

5 years agoFix taint-checking on Solaris
Jeremy Harris [Sun, 22 Sep 2019 09:56:31 +0000 (10:56 +0100)]
Fix taint-checking on Solaris

5 years agoTestsuite: strip trailing / from "pwd" output
Jeremy Harris [Sun, 22 Sep 2019 09:46:39 +0000 (10:46 +0100)]
Testsuite: strip trailing / from "pwd" output

5 years agoGnuTLS: fix build on older libraries
Jeremy Harris [Sat, 21 Sep 2019 22:27:03 +0000 (23:27 +0100)]
GnuTLS: fix build on older libraries

5 years agoTestsuite: comment future work
Jeremy Harris [Sat, 21 Sep 2019 22:16:16 +0000 (23:16 +0100)]
Testsuite: comment future work

5 years agoDocs: usability of malware ACL condition
Jeremy Harris [Sat, 21 Sep 2019 21:22:50 +0000 (22:22 +0100)]
Docs: usability of malware ACL condition

5 years agoGnuTLS: fix build on intermediate-age libraries
Jeremy Harris [Sat, 21 Sep 2019 16:52:56 +0000 (17:52 +0100)]
GnuTLS: fix build on intermediate-age libraries

Broken-by: e54893330b
5 years agoGnuTLS: fix non-OCSP bulid
Jeremy Harris [Fri, 20 Sep 2019 14:53:01 +0000 (15:53 +0100)]
GnuTLS: fix non-OCSP bulid

Broken-by: 7613df821d
5 years agoGnuTLS: Move to more-modern stapling API
Jeremy Harris [Tue, 27 Aug 2019 16:24:23 +0000 (17:24 +0100)]
GnuTLS: Move to more-modern stapling API

5 years agoTestsuite: avoid picking 0.0.0.0 as the HOSTIPV4; permit 10.0/8 apart from 10.250...
Jeremy Harris [Fri, 20 Sep 2019 09:23:46 +0000 (10:23 +0100)]
Testsuite: avoid picking 0.0.0.0 as the HOSTIPV4; permit 10.0/8 apart from 10.250.0/16

Solaris leaves 0.0.0.0 lying around (for not-UP interfaces)
The suite only needs testspace under 10.250.0/16 so we can permit the ret,
making testing on many NATted 10.0/8 subnets possible.

5 years agoFix taint-checking on Solaris
Jeremy Harris [Thu, 19 Sep 2019 21:14:03 +0000 (22:14 +0100)]
Fix taint-checking on Solaris

5 years agoBuild: Solaris workarounds
Martin Preen [Thu, 19 Sep 2019 17:45:04 +0000 (18:45 +0100)]
Build: Solaris workarounds

5 years agoDocs: more detail on log_file_path, in the main-config chapter
Jeremy Harris [Thu, 19 Sep 2019 09:10:57 +0000 (10:10 +0100)]
Docs: more detail on log_file_path, in the main-config chapter

5 years agoDocs: Adjust on TLSA, dnssec_request_domains
Heiko Schlittermann (HS12-RIPE) [Tue, 17 Sep 2019 20:35:00 +0000 (22:35 +0200)]
Docs: Adjust on TLSA, dnssec_request_domains

5 years agoConsistent logging, always use DKIM instead of mixed DKIM/PDKIM
Heiko Schlittermann (HS12-RIPE) [Sun, 15 Sep 2019 19:43:06 +0000 (21:43 +0200)]
Consistent logging, always use DKIM instead of mixed DKIM/PDKIM

5 years agoTestsuite: do not use trailing spaces in runtest
Heiko Schlittermann (HS12-RIPE) [Mon, 16 Sep 2019 10:49:31 +0000 (12:49 +0200)]
Testsuite: do not use trailing spaces in runtest

Some editors may swallow it. Encode trailing space as \x20.

5 years agoTestsuite: bump timeouts, for slower platforms
Jeremy Harris [Sun, 15 Sep 2019 21:06:59 +0000 (22:06 +0100)]
Testsuite: bump timeouts, for slower platforms

5 years agoDoc: Improve pointer to DKIM signing options
Heiko Schlittermann (HS12-RIPE) [Sun, 15 Sep 2019 10:31:24 +0000 (12:31 +0200)]
Doc: Improve pointer to DKIM signing options

5 years agoDoc: Typos
Heiko Schlittermann (HS12-RIPE) [Fri, 13 Sep 2019 14:32:25 +0000 (16:32 +0200)]
Doc: Typos

5 years agoRefuse to open a msglog file with .. in the path.
Jeremy Harris [Tue, 10 Sep 2019 11:29:12 +0000 (12:29 +0100)]
Refuse to open a msglog file with .. in the path.

Recent exploits have use this as a step for overwriting system files,
and msglog file should always be under the spooldir, so add this as
a defence-in-depth tactic

5 years agotidying
Jeremy Harris [Tue, 10 Sep 2019 11:28:44 +0000 (12:28 +0100)]
tidying

5 years agoMove the regression test for CVE-2019-15846 to 1100-Basic-TLS/1100
Heiko Schlittermann (HS12-RIPE) [Tue, 10 Sep 2019 10:49:32 +0000 (12:49 +0200)]
Move the regression test for CVE-2019-15846 to 1100-Basic-TLS/1100

5 years agoTestsuite: munge for timing variance
Jeremy Harris [Sun, 8 Sep 2019 17:16:02 +0000 (18:16 +0100)]
Testsuite: munge for timing variance

5 years agoFix unaligned access (more cleanly) in DNS regative-caching
Jeremy Harris [Sun, 8 Sep 2019 13:41:48 +0000 (14:41 +0100)]
Fix unaligned access (more cleanly) in DNS regative-caching

5 years agoFix unaligned access in DNS negative-caching
Jeremy Harris [Sun, 8 Sep 2019 11:11:16 +0000 (12:11 +0100)]
Fix unaligned access in DNS negative-caching

5 years agostring.c: do not interpret '\\' before '\0' (CVE-2019-15846)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Aug 2019 12:45:48 +0000 (14:45 +0200)]
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)

Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements

(cherry picked from commit 2600301ba6dbac5c9d640c87007a07ee6dcea1f46693563381 and cdc7f9a966)

5 years agoTestsuite: increase RBL record TTL
Jeremy Harris [Sat, 7 Sep 2019 19:52:33 +0000 (20:52 +0100)]
Testsuite: increase RBL record TTL

5 years agoTestsuite: drop test.ex domain neg-cache ttl to 3000
Jeremy Harris [Thu, 5 Sep 2019 15:47:41 +0000 (16:47 +0100)]
Testsuite: drop test.ex domain neg-cache ttl to 3000

5 years agoSupport TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists. Bug 1395
Jeremy Harris [Thu, 5 Sep 2019 09:31:57 +0000 (10:31 +0100)]
Support TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists.  Bug 1395

5 years agoBuild: do not override the system "cc", on Linux and OpenBSD
Jeremy Harris [Thu, 5 Sep 2019 09:32:46 +0000 (10:32 +0100)]
Build: do not override the system "cc", on Linux and OpenBSD

5 years agotidying
Jeremy Harris [Wed, 4 Sep 2019 14:19:42 +0000 (15:19 +0100)]
tidying

5 years agoFix taint-checking on FreeBSD
Jeremy Harris [Wed, 4 Sep 2019 10:07:34 +0000 (11:07 +0100)]
Fix taint-checking on FreeBSD

5 years agotidying
Jeremy Harris [Tue, 3 Sep 2019 20:49:58 +0000 (21:49 +0100)]
tidying

5 years agoTestsuite: platform differences for resolver flags bits
Jeremy Harris [Mon, 2 Sep 2019 11:33:29 +0000 (12:33 +0100)]
Testsuite: platform differences for resolver flags bits

5 years agoBuild: another go at Solaris workarounds
Jeremy Harris [Mon, 2 Sep 2019 10:18:48 +0000 (11:18 +0100)]
Build: another go at Solaris workarounds

5 years agoTestsuite: keep noqualify testcase from using external DNS
Jeremy Harris [Sun, 1 Sep 2019 22:45:43 +0000 (23:45 +0100)]
Testsuite: keep noqualify testcase from using external DNS

5 years agoTestsuite: platform differences for resolver flags bits
Jeremy Harris [Sun, 1 Sep 2019 20:47:11 +0000 (21:47 +0100)]
Testsuite: platform differences for resolver flags bits

5 years agoTestsuite: fix non-ipv6 platforms
Jeremy Harris [Sun, 1 Sep 2019 19:43:02 +0000 (20:43 +0100)]
Testsuite: fix non-ipv6 platforms

Broken-by: 7d8d08c484
5 years agoSupport TTL from SOA for NXDOMAIN & NODATA cache entries. Bug 1395
Jeremy Harris [Sun, 1 Sep 2019 18:44:31 +0000 (19:44 +0100)]
Support TTL from SOA for NXDOMAIN & NODATA cache entries.  Bug 1395

5 years agoAlways check return from tls_export_cert()
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Aug 2019 11:44:01 +0000 (13:44 +0200)]
Always check return from tls_export_cert()

Invert the meaning of the return.

5 years agoTestcase for handling of -H files for excessive long '-KEY' lines
Heiko Schlittermann (HS12-RIPE) [Tue, 27 Aug 2019 19:58:27 +0000 (21:58 +0200)]
Testcase for handling of -H files for excessive long '-KEY' lines

Thanks to Qualys for their analysis. This bug was fixed independently
by JGH.

Tidy.

5 years agoFix ${domain:} for a bare local-part input. Bug 2375
Jeremy Harris [Tue, 27 Aug 2019 16:44:52 +0000 (17:44 +0100)]
Fix ${domain:} for a bare local-part input.  Bug 2375

Broken-by: e2ff8e24f4
5 years agotypos
Jeremy Harris [Mon, 19 Aug 2019 19:06:32 +0000 (20:06 +0100)]
typos

5 years agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Mon, 19 Aug 2019 18:32:01 +0000 (19:32 +0100)]
Build: workaround inlining problems on Solaris

5 years agotaint SNI values supplied by client
Jeremy Harris [Mon, 19 Aug 2019 14:50:57 +0000 (15:50 +0100)]
taint SNI values supplied by client

5 years agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Mon, 19 Aug 2019 14:25:38 +0000 (15:25 +0100)]
Build: workaround inlining problems on Solaris

5 years agoTestsuite: DNS lookup notes
Jeremy Harris [Mon, 19 Aug 2019 13:23:11 +0000 (14:23 +0100)]
Testsuite: DNS lookup notes

5 years agotaint nonrcpt names read from spool
Jeremy Harris [Mon, 19 Aug 2019 11:03:46 +0000 (12:03 +0100)]
taint nonrcpt names read from spool

5 years agoinlining
Jeremy Harris [Mon, 19 Aug 2019 10:51:43 +0000 (11:51 +0100)]
inlining

5 years agoAppendfile: when evaluating quota use attemd to link counts
Jeremy Harris [Thu, 15 Aug 2019 12:47:04 +0000 (13:47 +0100)]
Appendfile: when evaluating quota use attemd to link counts