Jeremy Harris [Mon, 25 Jan 2021 14:55:06 +0000 (14:55 +0000)]
AUTH: avoid logging creds on ACL denial
Jeremy Harris [Sat, 23 Jan 2021 23:15:58 +0000 (23:15 +0000)]
TFO: cleanup the TCP pure ack of SMTP banner
Jeremy Harris [Sat, 23 Jan 2021 21:28:28 +0000 (21:28 +0000)]
Move QUICKACK disable as early as possible in server handling
Jeremy Harris [Fri, 22 Jan 2021 19:58:54 +0000 (19:58 +0000)]
Fix getting non-TLS QUIT in FIN segment
Linux was behaving oddly with the TCP_CORK method, and using MSG_MORE
is one fewer syscall.
Jeremy Harris [Thu, 21 Jan 2021 22:02:18 +0000 (22:02 +0000)]
TLS: on Linux when sockopt TCP_FASTOPEN_CONNECT is available, use TFO for TLS-on-connect client connections
Jeremy Harris [Thu, 21 Jan 2021 17:34:55 +0000 (17:34 +0000)]
Avoid bare TCP ACKs during TLS-on-connect startup.
We can't get the QUICKACK turned off on the accepted socket fast enough to
stop the ACK for the ClientHello - but we get the rest, under OpenSSL.
Jeremy Harris [Thu, 21 Jan 2021 13:06:31 +0000 (13:06 +0000)]
Testsuite: TLS server testcase consolidation
Jeremy Harris [Thu, 21 Jan 2021 12:23:41 +0000 (12:23 +0000)]
Testsuite: shuffling
Jeremy Harris [Wed, 20 Jan 2021 20:44:21 +0000 (20:44 +0000)]
Testsuite: TLS client testcase consolidation
Jeremy Harris [Tue, 19 Jan 2021 22:12:16 +0000 (22:12 +0000)]
Testsuite: case for TLS client tls-on-connect
Jeremy Harris [Sun, 17 Jan 2021 20:42:10 +0000 (20:42 +0000)]
malware: use sendfile for ClamAV TCP
Jeremy Harris [Sun, 17 Jan 2021 19:59:51 +0000 (19:59 +0000)]
Testsuite: testcase for ClamAV over TCP
Jeremy Harris [Sat, 16 Jan 2021 21:00:34 +0000 (21:00 +0000)]
malware: fix ClamAV file send corking
Jeremy Harris [Sat, 16 Jan 2021 12:59:19 +0000 (12:59 +0000)]
docs infrastructure notes
Jeremy Harris [Sat, 16 Jan 2021 11:46:56 +0000 (11:46 +0000)]
Docs: indexing
Jeremy Harris [Mon, 11 Jan 2021 19:48:12 +0000 (19:48 +0000)]
Hints DB: harden against corrupt files by ignoring unexpected size records
Jeremy Harris [Tue, 12 Jan 2021 15:36:09 +0000 (15:36 +0000)]
Auths: in plaintext authenticator, fix parsing of consecutive circuflex. Bug 2687
Jeremy Harris [Tue, 12 Jan 2021 15:33:54 +0000 (15:33 +0000)]
Docs: change note
Jeremy Harris [Sun, 10 Jan 2021 20:10:21 +0000 (20:10 +0000)]
channel binding notes
Jeremy Harris [Sat, 9 Jan 2021 13:08:35 +0000 (13:08 +0000)]
Utilities: harden exim_tidydb against corrupt wait-records. Bug 2343
Jeremy Harris [Mon, 4 Jan 2021 17:59:23 +0000 (17:59 +0000)]
BSD: avoid delay on continued-connection
Broken-by: 6454662ecb
Jeremy Harris [Fri, 1 Jan 2021 17:31:04 +0000 (17:31 +0000)]
Authenticators: feature handling for upcoming GSASL version
Jeremy Harris [Fri, 1 Jan 2021 14:43:04 +0000 (14:43 +0000)]
FreeBSD: packet coalescing
Jeremy Harris [Fri, 1 Jan 2021 14:31:14 +0000 (14:31 +0000)]
malware: avoid partial packets, sending to ClamAV
Jeremy Harris [Fri, 1 Jan 2021 13:25:29 +0000 (13:25 +0000)]
FreeBSD: harden against ClamAV connection errors
Jeremy Harris [Fri, 1 Jan 2021 12:09:37 +0000 (12:09 +0000)]
Avoid needless socket close
Jeremy Harris [Thu, 31 Dec 2020 22:18:30 +0000 (22:18 +0000)]
malware: avoid slurping entire spoolfile for sending to ClamAV
Jeremy Harris [Thu, 31 Dec 2020 21:52:02 +0000 (21:52 +0000)]
TFO: better observability (slightly) on FreeBSD
Jeremy Harris [Mon, 28 Dec 2020 20:20:44 +0000 (20:20 +0000)]
typo
Jeremy Harris [Mon, 28 Dec 2020 18:31:24 +0000 (18:31 +0000)]
Logging: make placement of continued-delivery asterisk consistent
Jeremy Harris [Sun, 27 Dec 2020 20:51:42 +0000 (20:51 +0000)]
GSASL: More recent versions of the library no longer need a hack for channel-binding
Jeremy Harris [Sat, 26 Dec 2020 18:55:29 +0000 (18:55 +0000)]
Fix build on GNU/Hurd [supports openat()]. Bug 2608
Jeremy Harris [Sat, 26 Dec 2020 18:18:33 +0000 (18:18 +0000)]
Fix build warning on 32-bit int platfowms. Bug 2678
Jeremy Harris [Thu, 24 Dec 2020 21:05:40 +0000 (21:05 +0000)]
Expansions: Reduce memory use of ${listcount }
Jeremy Harris [Thu, 24 Dec 2020 21:04:34 +0000 (21:04 +0000)]
Replace internal string-expansion call with a direct recursion
Jeremy Harris [Thu, 24 Dec 2020 20:59:29 +0000 (20:59 +0000)]
Convert more cases of list-walking to use self-assigned memory for the list-item
Jeremy Harris [Wed, 23 Dec 2020 22:35:04 +0000 (22:35 +0000)]
Fix ${listextract } from a tainted list
Jeremy Harris [Sun, 20 Dec 2020 15:49:39 +0000 (15:49 +0000)]
Fix local delivery delay when combined with remote callout/hold. Bug 2599
Jeremy Harris [Thu, 17 Dec 2020 09:59:23 +0000 (09:59 +0000)]
Fix the PIPE_CONNECT feature control in the template Makefile, the
default having changed to "included" for 4.93
Broken-by: 81344b40e3
Jeremy Harris [Thu, 17 Dec 2020 09:39:59 +0000 (09:39 +0000)]
Remove the X_ prefix from the PIPE_CONNECT SMTP service extension keyword.
Jeremy Harris [Wed, 16 Dec 2020 19:07:51 +0000 (19:07 +0000)]
Fix matching of long addresses. Bug 2677
Jeremy Harris [Wed, 2 Dec 2020 10:14:23 +0000 (10:14 +0000)]
Docs: add info on router variable evaluation order
Jeremy Harris [Tue, 24 Nov 2020 22:11:09 +0000 (22:11 +0000)]
ARC: harden parsing of signing spec. Bug 2639
u34 [Tue, 24 Nov 2020 21:53:48 +0000 (21:53 +0000)]
Docs: wording fixes.
Jeremy Harris [Mon, 23 Nov 2020 12:17:14 +0000 (12:17 +0000)]
Docs: list $spam_ variables in expansions chapter
Jeremy Harris [Thu, 19 Nov 2020 19:05:54 +0000 (19:05 +0000)]
Logging: add I= element to transport-defer lines. Bug 2675
Jeremy Harris [Thu, 12 Nov 2020 22:16:50 +0000 (22:16 +0000)]
More taint notes
Jeremy Harris [Tue, 10 Nov 2020 22:33:40 +0000 (22:33 +0000)]
Docs: clarify client-side auth options for smtp transport
Jeremy Harris [Tue, 10 Nov 2020 21:10:56 +0000 (21:10 +0000)]
More taint discussion in docs
Jeremy Harris [Wed, 28 Oct 2020 19:52:12 +0000 (19:52 +0000)]
tidying
Jeremy Harris [Tue, 3 Nov 2020 13:15:15 +0000 (13:15 +0000)]
Testsuite: ignore cert-rotation debug output
Jeremy Harris [Tue, 3 Nov 2020 13:14:11 +0000 (13:14 +0000)]
Fix spurious logging of select error
Jeremy Harris [Mon, 2 Nov 2020 22:34:54 +0000 (22:34 +0000)]
typo
Jeremy Harris [Mon, 2 Nov 2020 22:31:34 +0000 (22:31 +0000)]
kevent: handle OpenBSD API anomaly, redux
Jeremy Harris [Sat, 31 Oct 2020 23:58:11 +0000 (23:58 +0000)]
Pass authenticator pubname through spool. Bug 2648
Jeremy Harris [Fri, 30 Oct 2020 12:46:05 +0000 (12:46 +0000)]
LDAP: fix taint-check in server list walk. Bug 2646
Jeremy Harris [Fri, 30 Oct 2020 12:43:39 +0000 (12:43 +0000)]
Fix build on platforms lacking TIOCOUTQ ioctl
Jeremy Harris [Thu, 29 Oct 2020 21:37:42 +0000 (21:37 +0000)]
Fix build on platforms lacking TIOCOUTQ ioctl
Jeremy Harris [Thu, 29 Oct 2020 20:09:25 +0000 (20:09 +0000)]
Debug: show stalled send-data count on message-errors
Jeremy Harris [Wed, 28 Oct 2020 18:36:34 +0000 (18:36 +0000)]
Docs: index smtp transport timeouts
Jeremy Harris [Wed, 28 Oct 2020 00:43:53 +0000 (00:43 +0000)]
Avoid manually-counted long strings
Jeremy Harris [Mon, 26 Oct 2020 17:55:53 +0000 (17:55 +0000)]
Docs: another detaint mention
Jeremy Harris [Tue, 13 Oct 2020 19:06:08 +0000 (20:06 +0100)]
Revert "Testsuite: allow 1s timing slop in dumpdb output"
This reverts commit
625cd9501315e1010ecbf8718c88c8b79ce09e94.
Jeremy Harris [Tue, 13 Oct 2020 18:59:43 +0000 (19:59 +0100)]
Testsuite: munge & delay for early selfsign generate
Broken-by: 48e9099006
Jeremy Harris [Tue, 13 Oct 2020 16:12:33 +0000 (17:12 +0100)]
TLS: pre-generate and load server selfsigned cert, when one is to be used
Jeremy Harris [Sun, 11 Oct 2020 11:42:20 +0000 (12:42 +0100)]
Testsuite: case-number shuffling
Jeremy Harris [Sun, 11 Oct 2020 09:50:35 +0000 (10:50 +0100)]
Testsuite: more time for loaded test platforms
Heiko Schlittermann (HS12-RIPE) [Sat, 10 Oct 2020 16:56:50 +0000 (18:56 +0200)]
Docs: Mention issues with TLS client cert and Exim <= 4.85
*
cb1d783072c488a4a558607b2ee122efba95aa4b
*
8c40856083f3a2e89350ab3aacfb95256fbadd9d
> Author: Jeremy Harris <jgh146exb@wizmail.org>
> Date: Sun Nov 23 16:10:30 2014 +0000
>
> Support use of system default CA bundle
Jeremy Harris [Sat, 10 Oct 2020 17:18:01 +0000 (18:18 +0100)]
Testsuite & OpenSSL debug: regularise debug output, and fix test munging
Jeremy Harris [Sat, 10 Oct 2020 15:06:02 +0000 (16:06 +0100)]
kevent: handle OpenBSD API anomaly
Jeremy Harris [Sat, 10 Oct 2020 14:04:53 +0000 (15:04 +0100)]
kevent: fix directory check
Jeremy Harris [Sat, 10 Oct 2020 09:25:40 +0000 (10:25 +0100)]
OpenBSD, NetBSD: TLS preload
NetBSD is not actually really supported by the project, but a user
did pop up this year asking for a build
Jeremy Harris [Sat, 10 Oct 2020 09:02:53 +0000 (10:02 +0100)]
More debug for fail cases in kevent set-watch
Jeremy Harris [Fri, 9 Oct 2020 22:01:14 +0000 (23:01 +0100)]
Unbreak no-TLS build
Broken-by: dc4ab0a186
Jeremy Harris [Thu, 8 Oct 2020 12:30:41 +0000 (13:30 +0100)]
FreeBSD: TLS: preload configuration items
Jeremy Harris [Thu, 8 Oct 2020 09:24:59 +0000 (10:24 +0100)]
Testsuite: allow 1s timing slop in dumpdb output
Jeremy Harris [Mon, 5 Oct 2020 16:52:04 +0000 (17:52 +0100)]
Unbreak non-ipv6 build
Broken-by: 261fc93208
Jeremy Harris [Sun, 4 Oct 2020 22:08:45 +0000 (23:08 +0100)]
GnuTLS: when library too old for system CA bundle support, do not default options to using it
Jeremy Harris [Mon, 5 Oct 2020 14:28:10 +0000 (15:28 +0100)]
Debug output: regularise host lookup tracing
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Oct 2020 10:22:01 +0000 (12:22 +0200)]
Add proxy_protocol_timeout main config option.
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Oct 2020 06:59:25 +0000 (08:59 +0200)]
Testsuite: Allow input lines starting with ":<cmd>:", like ":sleep:".
This somehow mimics the behaviour of the client tool, but works for
*any* input line that is sent to the application. This reverts the
unfortunate take abusing the client's special notation '>>> '.
Currently implemented:
- :eval:
- :neol:
- :sleep:
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Oct 2020 06:59:16 +0000 (08:59 +0200)]
Testsuite: README: improve searchability of ">>> ", "??? ", …
Jeremy Harris [Sun, 4 Oct 2020 16:16:37 +0000 (17:16 +0100)]
Testsuite: missing stdout file
Testsuite: library version variances
Broken-by: 6a9cf7f890
Jeremy Harris [Sun, 4 Oct 2020 14:34:29 +0000 (15:34 +0100)]
Unbreak build on non-inotify platforms
Broken-by: 6a9cf7f890
Jeremy Harris [Sun, 4 Oct 2020 13:15:09 +0000 (14:15 +0100)]
Fix build on earlier library version
Broken-by: 6a9cf7f890
Jeremy Harris [Sun, 4 Oct 2020 11:48:33 +0000 (12:48 +0100)]
Testsuite: missing log file
Broken-by: 6a9cf7f890
Jeremy Harris [Sun, 4 Oct 2020 11:37:12 +0000 (12:37 +0100)]
Fix non-OCSP build
Broken-by: 6a9cf7f890
Jeremy Harris [Sun, 4 Oct 2020 11:00:00 +0000 (12:00 +0100)]
Testsuite: TLS system CA dirs vary across platforms
Broken-by: 6a9cf7f890
Jeremy Harris [Sun, 4 Oct 2020 10:43:04 +0000 (11:43 +0100)]
GnuTLS: fix build on earlier library version.
Broken-by: 6a9cf7f890
Heiko Schlittermann (HS12-RIPE) [Sun, 4 Oct 2020 10:33:18 +0000 (12:33 +0200)]
Merge branch 'hs/fix-proxy-bh' (Closes 2656)
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 16:58:11 +0000 (18:58 +0200)]
Testsuite: Add test for proxy and -bh (Bug 2656)
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Oct 2020 06:19:12 +0000 (08:19 +0200)]
Use ALARM() to set deadline on reading the proxy header (Bug 2656)
Heiko Schlittermann (HS12-RIPE) [Fri, 2 Oct 2020 06:17:39 +0000 (08:17 +0200)]
Replace recv() by read() (Bug 2656)
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 17:43:48 +0000 (19:43 +0200)]
Testsuite: Provide '>>> ' for script input to allow binary data (take 2)
This mimics the '>>> ' prefix known for the test client. Any line prefixed
with '>>> ' will be processed by Perl's string eval().
As '>>> ' is generic and documented, it replaces the (undocumented)
'\NONL\' tag.
The client input lines starting with '>>> ' are now changed to '\>>> '
to avoid evaluation by the runtest script. (Test 4030, 1101).
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 21:32:56 +0000 (23:32 +0200)]
Testsuite: add .editorconfig to keep the trailing spaces
Jeremy Harris [Sat, 3 Oct 2020 19:59:15 +0000 (20:59 +0100)]
TLS: preload configuration items
Jeremy Harris [Mon, 7 Sep 2020 18:56:49 +0000 (19:56 +0100)]
tidying
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 13:24:31 +0000 (15:24 +0200)]
Testsuite: Use 127.x.x.x for PROXY v2
This avoids depencies on DNS timeouts on the host running the testsuite.
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 18:00:21 +0000 (20:00 +0200)]
Revert "Testsuite: Provide '>>> ' for script input to allow binary data"
This reverts commit
f7ec095232186edba2b7137594bfdd7d7b7f9504.
Heiko Schlittermann (HS12-RIPE) [Sat, 3 Oct 2020 17:43:48 +0000 (19:43 +0200)]
Testsuite: Provide '>>> ' for script input to allow binary data
This mimics the '>>> ' prefix for the test client. Any line prefixed
with '>>> ' will be processed by Perl's string eval().
As '>>> ' is generic and documented, it replaces the
(undocumented) '\NONL\' tag.