Phil Pennock [Tue, 31 Jan 2017 00:51:01 +0000 (19:51 -0500)]
Avoid reading too much data before TLS handshake
Phil Pennock [Mon, 30 Jan 2017 23:38:16 +0000 (18:38 -0500)]
Fix size calculation, log unhandled amount.
We did a `string_copy()` so `hdr.v1.line` is not the right base for an
accurate size. Fix.
Log unhanded amount. For clients waiting on the server before sending,
this has to be 0. For clients speaking first (TLS) this can be
non-zero.
Jeremy Harris [Mon, 30 Jan 2017 15:37:50 +0000 (15:37 +0000)]
Restrict address-parsing to a maximum of five layers of nested angle-brackets,
under main-option strip_excess_angle_brackets
Jeremy Harris [Sun, 29 Jan 2017 22:58:47 +0000 (22:58 +0000)]
Tidying: Coverity
Jeremy Harris [Sun, 29 Jan 2017 20:18:07 +0000 (20:18 +0000)]
Testsuite: add missing output file.
Broken-by: 560e71cc5451
Jeremy Harris [Sun, 29 Jan 2017 19:15:12 +0000 (19:15 +0000)]
Update change log
Jeremy Harris [Sun, 29 Jan 2017 18:03:40 +0000 (18:03 +0000)]
CHUNKING: Reject messages with malformed line ending. Bug 2000
Actually test only the first header line, but still do full line-ending canonicalisation on the
remainder of the message in case a Evil Person slips past that.
Jeremy Harris [Sun, 29 Jan 2017 15:30:28 +0000 (15:30 +0000)]
Docs: add note on verify = senders= . Bug 2028
Jeremy Harris [Thu, 26 Jan 2017 20:21:57 +0000 (20:21 +0000)]
TFO: remember setsockopt results, to condition non-transport client use. Bug 2027
Jeremy Harris [Tue, 17 Jan 2017 00:39:41 +0000 (00:39 +0000)]
Shuffle proxy-protocol to wrap TLS-on-connect startup. Bug 2018
Kirill Miazine [Sun, 29 Jan 2017 14:55:58 +0000 (14:55 +0000)]
DANE: fix build under LibreSSL. Bug 2020
Jeremy Harris [Sat, 28 Jan 2017 17:53:29 +0000 (17:53 +0000)]
Testsuite: add dnsdb testcase for defer when used in ACL
Jeremy Harris [Sat, 28 Jan 2017 16:13:26 +0000 (16:13 +0000)]
Docs: add note on system_filter forced expansion fail
Jeremy Harris [Sat, 28 Jan 2017 15:08:22 +0000 (15:08 +0000)]
LMDB: include filename in open-error message
Jeremy Harris [Sat, 28 Jan 2017 12:30:29 +0000 (12:30 +0000)]
DKIM: check pointer to calculated body hash before verify comparison. Bug 2029
We can have a missing body hash from a malformed DKIM-Signature: header
Jeremy Harris [Sat, 28 Jan 2017 14:21:19 +0000 (14:21 +0000)]
Testsuite: testcase for DKIM bug 2029
Jeremy Harris [Sat, 28 Jan 2017 12:29:47 +0000 (12:29 +0000)]
DKIM: rename variables for clarity
Jeremy Harris [Wed, 25 Jan 2017 17:08:53 +0000 (17:08 +0000)]
Testsuite: get same certextract samples for GnuTLS and OpenSSL
Jeremy Harris [Tue, 24 Jan 2017 21:01:04 +0000 (21:01 +0000)]
Testsuite: output file changes from
d7a2c8337f7b
Jeremy Harris [Tue, 24 Jan 2017 20:46:47 +0000 (20:46 +0000)]
Testsuite: fix delay-dependent testcase for really slow systems
Jeremy Harris [Tue, 24 Jan 2017 19:46:36 +0000 (19:46 +0000)]
Testsuite: missing output files
Jeremy Harris [Tue, 24 Jan 2017 18:17:10 +0000 (18:17 +0000)]
Fix reception of (quoted) local-parts with embedded spaces. Bug 2025
Jeremy Harris [Tue, 24 Jan 2017 16:52:01 +0000 (16:52 +0000)]
TFO: Support compilation on Linus platforms which define TCP_FASTOPEN but not MSG_FASTOPEN
Jeremy Harris [Tue, 24 Jan 2017 15:03:03 +0000 (15:03 +0000)]
Define MIN and MAX for Solaris
Jeremy Harris [Mon, 23 Jan 2017 19:12:37 +0000 (19:12 +0000)]
Fix build with OpenSSL, EXPERIMENTAL_DANE and DISABLE_EVENT
Phil Pennock [Mon, 23 Jan 2017 02:36:21 +0000 (21:36 -0500)]
Document OpenBSD resolver ignoring EDNS0
Jeremy Harris [Sun, 22 Jan 2017 17:35:08 +0000 (17:35 +0000)]
DKIM: permit verify of sig blocks that sign other sig blocks. Bug 2014
Jeremy Harris [Sun, 22 Jan 2017 14:05:38 +0000 (14:05 +0000)]
Merge branch 'fix-2016-dkim'
Jeremy Harris [Thu, 19 Jan 2017 15:37:16 +0000 (15:37 +0000)]
Fix DKIM verify when used with CHUNKING. Bug 2016
Heiko Schlittermann (HS12-RIPE) [Wed, 18 Jan 2017 21:31:05 +0000 (22:31 +0100)]
Testsuite: Add DKIM Chunking test
Heiko Schlittermann (HS12-RIPE) [Wed, 18 Jan 2017 21:27:45 +0000 (22:27 +0100)]
Testsuite: Rename 4500-Domain-Keys-Identified-Mail for consistency
Heiko Schlittermann (HS12-RIPE) [Wed, 18 Jan 2017 21:25:20 +0000 (22:25 +0100)]
Testsuite: Rename 4510-DKIM
We need some additional tests in 4500
Jeremy Harris [Sat, 21 Jan 2017 22:30:00 +0000 (22:30 +0000)]
Merge branch 'callout_smtp_tpt_merge'
Jeremy Harris [Sat, 14 Jan 2017 17:34:57 +0000 (17:34 +0000)]
Testcases for pipelined callout
Jeremy Harris [Tue, 10 Jan 2017 23:04:49 +0000 (23:04 +0000)]
Use smtp_write_mail_and_rcpt_cmds() for verify callout
Jeremy Harris [Wed, 11 Jan 2017 20:22:42 +0000 (20:22 +0000)]
use smtp_context struct for sync_responses()
Jeremy Harris [Tue, 10 Jan 2017 19:22:04 +0000 (19:22 +0000)]
Split out smtp_write_mail_and_rcpt_cmds() from smtp_deliver()
Jeremy Harris [Mon, 9 Jan 2017 15:54:26 +0000 (15:54 +0000)]
Split out cutthrough connection-cache / subsequent-rcpt handling, from do_callout()
Jeremy Harris [Mon, 9 Jan 2017 11:46:30 +0000 (11:46 +0000)]
Split out callout-cache handling from do_callout()
Jeremy Harris [Sat, 24 Dec 2016 21:04:20 +0000 (21:04 +0000)]
Use smtp_setup_conn() for verify callout
Jeremy Harris [Sat, 24 Dec 2016 19:24:56 +0000 (19:24 +0000)]
Split out smtp MAIL and RCPT option string building
Jeremy Harris [Mon, 19 Dec 2016 13:10:29 +0000 (13:10 +0000)]
Split out smtp_setup_conn() from smtp_deliver, in the transport
Jeremy Harris [Sat, 21 Jan 2017 18:54:56 +0000 (18:54 +0000)]
Fix DKIM verify operation in -bh test mode. Bug 2017
Heiko Schlittermann (HS12-RIPE) [Wed, 18 Jan 2017 21:33:51 +0000 (22:33 +0100)]
Testsuite: Make patchexim work with dirty tag checkouts
Phil Pennock [Fri, 20 Jan 2017 12:07:54 +0000 (07:07 -0500)]
fix example command-line
Jeremy Harris [Thu, 19 Jan 2017 13:20:47 +0000 (13:20 +0000)]
Testsuite: output changes from
4c04137d7
Jeremy Harris [Thu, 19 Jan 2017 13:12:02 +0000 (13:12 +0000)]
VRFY: advertise in EHLO response, if there is an ACL defined
Jeremy Harris [Thu, 19 Jan 2017 12:26:35 +0000 (12:26 +0000)]
VRFY: add docs note on results, and additional test cases
Jeremy Harris [Tue, 17 Jan 2017 18:03:15 +0000 (18:03 +0000)]
Docs: add note on round-robin DNS problems vs. authentication
Josh Soref [Wed, 18 Jan 2017 23:20:12 +0000 (18:20 -0500)]
spelling: Mavrogiannopoulos
Committer note: the name was spelt as was used by Nikos at the time, but
he's since switched to the other latinization form and is using it
everywhere these days. Part of his response was "Feel free to use the
Mavrogiannopoulos variant everywhere.", so I'm merging this commit too.
Josh Soref [Wed, 18 Jan 2017 17:58:52 +0000 (17:58 +0000)]
replace keept with rotation
Log rotate documentation does not actually give a term for this portion
of a filename, but to the extent that I can find a term, a number of
places call it a "rotation number".
Replacing keept which is inaccurate and misleading with rotation makes
the code a little easier to read.
Phil Pennock [Wed, 18 Jan 2017 16:39:24 +0000 (11:39 -0500)]
Recording merge technique in git history
This is an empty commit which exists for this commit message,
documenting how I handled GitHub PR 52, which was 228 separate commits,
each fixing the spelling of one word. The submitter's approach made it
easy to consider and approve/reject each independently, so was valuable,
but I didn't want so many commits in our history.
A few aspects of the shell commands rely upon Zsh: `read -q` for
getting a single Y/N response; `$IFS` containing ASCII NUL (and
builtins handling NUL inside strings) for parsing `.git/MERGE_RR`;
anonymous function calls so that I could abort cleanly if I wanted to.
git log --pretty=tformat:%h master..github/pr/52 > ../1.consider
touch ../2.keep
for F in $(<../1.consider); do git show $F | cat -v; read -q "keep?Keep $F ? " && echo $F >> ../2.keep; echo; echo =============================; done
That let me iterate through each, selecting 214/228 commits to apply in
one pass. Two PR commits were held for a separate commit, because they
fixed behavioural bugs. So 216/228 were accepted. A couple warranted
minor post-fixing as part of the first PR.
for F in $(<../2.keep ) ; do (){ git cherry-pick -n $F && continue; for junk fn in $(<.git/MERGE_RR); do [[ -n $fn ]] || break; if vi $fn; then git add $fn; else return 1; fi; done } || break; done
vi src/src/filter.c && git add src/src/filter.c
vi src/src/dns.c && git add src/src/dns.c
GIT_AUTHOR_NAME='Josh Soref' GIT_AUTHOR_EMAIL='jsoref@users.noreply.github.com' git commit
and similarly for the second commit.
One more commit from the PR requires chasing with a contributor whose
name is natively in a non-Roman alphabet and who appears to have changed
the Romanisation, to check how they'd like it handled. I will chase
under separate cover.
Josh Soref [Wed, 18 Jan 2017 16:36:24 +0000 (11:36 -0500)]
Bug-fix no_require_dnssec parsing & spelling fixes
Patches from Josh Soref fixing spelling fixed two bugs:
* Parsing `no_require_dnssec` configuration option
* Setting `_HAVE_TRANSPORT_APPEND_MAILDIR` macro (for config parsing)
[ PP pulled these two out into a separate commit to update the ChangeLog
accordingly. ]
Josh Soref [Wed, 18 Jan 2017 16:30:26 +0000 (11:30 -0500)]
214 spelling fixes
Phil Pennock [Fri, 13 Jan 2017 04:37:50 +0000 (23:37 -0500)]
Provide alternative Heimdal pkg-config example
Building Exim against Heimdal 1.5, heimdal-gssapi.pc was needed.
There's been a major version bump in Heimdal, and against 7.1 that
doesn't work; using heimdal-krb5.pc fails on missing `gss_*` functions.
I can find no build documentation for Heimdal which describes what
should be needed. heimdal-gssapi.pc does reference heimdal-krb5.pc
in `Requires.private` but it's not being used by FreeBSD pkgconf in
such a way that it's available when building on FreeBSD 10.3.
Fortunately, our `*_PC` logic works with multiple packages listed,
so provide that example.
Jeremy Harris [Wed, 11 Jan 2017 12:12:49 +0000 (12:12 +0000)]
Docs: add note on DKIM ACL triggers
Jeremy Harris [Wed, 4 Jan 2017 13:58:29 +0000 (13:58 +0000)]
Testsuite: moved output file
Broken-by: f4630439f888
Jeremy Harris [Tue, 3 Jan 2017 20:15:39 +0000 (20:15 +0000)]
CHUNKING: fix non-pipelined synch checks. Bug 2004
Jeremy Harris [Mon, 2 Jan 2017 17:20:26 +0000 (17:20 +0000)]
PROXY: fix v2 protocol decode. Bugs 2003, 1747
Phil Pennock [Mon, 2 Jan 2017 13:59:17 +0000 (08:59 -0500)]
wip: OpenSSL docs on custom install
To fix before merge: ability to use `$ORIGIN` in linker line via Exim
config file.
Jeremy Harris [Sun, 1 Jan 2017 13:21:39 +0000 (13:21 +0000)]
Docs: fix smtp transport TFO option indexing
Phil Pennock [Sun, 1 Jan 2017 04:22:22 +0000 (23:22 -0500)]
Merge remote-tracking branch 'github/pr/50'
GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called
ldap_start_tls_s on ldapi:// connections.
This is obviously a correct change, since above we've avoiding
initializing the TLS state if using ldapi.
Added documentation noting this behaviour.
Jeremy Harris [Sat, 31 Dec 2016 15:24:38 +0000 (15:24 +0000)]
DKIM: Under debug, when signing do an extra check on the dns record that will be
used for verification. Bug 1926
YmrDtnJu [Sat, 31 Dec 2016 12:57:49 +0000 (13:57 +0100)]
Do not call ldap_start_tls_s on ldapi:// connections.
The code already skips the initialisation of TLS on LDAP connections over unix
sockets but the call to ldap_start_tls_s is done nonetheless.
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Dec 2016 13:05:08 +0000 (14:05 +0100)]
Docs: Add .new/wen marker for relative includes (Bug 1971)
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Dec 2016 11:35:47 +0000 (12:35 +0100)]
Tidy and add \0 after string_append() for relative .includes
Jeremy Harris [Tue, 8 Nov 2016 22:41:42 +0000 (22:41 +0000)]
tidying
Jeremy Harris [Mon, 26 Dec 2016 18:05:38 +0000 (18:05 +0000)]
Docs: typoes
Jeremy Harris [Thu, 29 Dec 2016 15:55:45 +0000 (15:55 +0000)]
I18N: avoid trying to downconvert all-ascii domain names.
With the IDNA-2008 handling downconversion results in lowercasing;
so avoid doing that if possible.
Jeremy Harris [Wed, 28 Dec 2016 21:15:49 +0000 (21:15 +0000)]
Testsuite: use custom-munge for dsn-info in 4510
Broken-by: 87cb4a166c47
Jeremy Harris [Thu, 29 Dec 2016 20:34:10 +0000 (20:34 +0000)]
Sync 4.next from master
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 23:15:47 +0000 (23:15 +0000)]
Allow relative file names in .include lines (Closes 1971)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Dec 2016 22:02:20 +0000 (23:02 +0100)]
Doc: Minor fixes
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 10:02:18 +0000 (11:02 +0100)]
Release process: make mk_exim_release more self descriptive
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:25:58 +0000 (10:25 +0100)]
Release process: rename the scripts to be more generic
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:23:47 +0000 (10:23 +0100)]
Release process: sign all *.tar.* under a given dir
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:01:38 +0000 (10:01 +0100)]
Release process: fix the --no-web option
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 22:56:09 +0000 (23:56 +0100)]
Constify config_filename
Jeremy Harris [Tue, 22 Nov 2016 15:22:11 +0000 (15:22 +0000)]
DKIM: More validation of DNS key record. Bug 1926
Jeremy Harris [Sun, 11 Dec 2016 16:36:09 +0000 (16:36 +0000)]
OpenSSL: add detail to certname verify fail log line
Jeremy Harris [Sun, 4 Dec 2016 11:21:55 +0000 (11:21 +0000)]
Pipe transport: expand the path option
Jeremy Harris [Sat, 26 Nov 2016 18:35:48 +0000 (18:35 +0000)]
Testsuite: enhance IDNA examples; move to IDNA-2008 conversions
Heiko Schlittermann (HS12-RIPE) [Wed, 28 Dec 2016 15:40:44 +0000 (16:40 +0100)]
Testsuite: fix 0290 for permitted relative paths
Heiko Schlittermann (HS12-RIPE) [Wed, 28 Dec 2016 15:11:34 +0000 (16:11 +0100)]
Testsuite: fix 0173 + 2100+, take 2
Heiko Schlittermann (HS12-RIPE) [Wed, 28 Dec 2016 11:08:47 +0000 (12:08 +0100)]
Testsuite: fix 0173 and related
Import the system PATH via keep_environment
Heiko Schlittermann (HS12-RIPE) [Tue, 27 Dec 2016 22:07:55 +0000 (23:07 +0100)]
Testsuite: fix 0903
Jeremy Harris [Tue, 27 Dec 2016 16:47:36 +0000 (16:47 +0000)]
Docs: clarify headers availability in data-time ACLs
Jeremy Harris [Sat, 26 Nov 2016 18:35:48 +0000 (18:35 +0000)]
I18N: support IDNA2008. Bug 1911
Jeremy Harris [Sun, 25 Dec 2016 11:54:37 +0000 (11:54 +0000)]
Docs: Clean for next release
Heiko Schlittermann (HS12-RIPE) [Thu, 22 Dec 2016 11:01:16 +0000 (12:01 +0100)]
Doc: clarify CVE-2016-9963
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 23:15:47 +0000 (00:15 +0100)]
Allow relative file names in .include lines (Closes 1971)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Dec 2016 22:02:20 +0000 (23:02 +0100)]
Doc: Minor fixes
Heiko Schlittermann (HS12-RIPE) [Sat, 17 Dec 2016 17:15:35 +0000 (18:15 +0100)]
Doc: short description of CVE-2016-9963
Jeremy Harris [Fri, 16 Dec 2016 20:45:44 +0000 (20:45 +0000)]
Fix DKIM information leakage
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 10:02:18 +0000 (11:02 +0100)]
Release process: make mk_exim_release more self descriptive
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:25:58 +0000 (10:25 +0100)]
Release process: rename the scripts to be more generic
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:23:47 +0000 (10:23 +0100)]
Release process: sign all *.tar.* under a given dir
Heiko Schlittermann (HS12-RIPE) [Sun, 18 Dec 2016 09:01:38 +0000 (10:01 +0100)]
Release process: fix the --no-web option
Heiko Schlittermann (HS12-RIPE) [Fri, 9 Dec 2016 22:56:09 +0000 (23:56 +0100)]
Constify config_filename
Jeremy Harris [Tue, 22 Nov 2016 15:22:11 +0000 (15:22 +0000)]
DKIM: More validation of DNS key record. Bug 1926