users/heiko/exim.git
6 years agoARC: enhance debug for signing; explicitly init signing context
Jeremy Harris [Tue, 27 Mar 2018 21:01:03 +0000 (22:01 +0100)]
ARC: enhance debug for signing; explicitly init signing context

6 years agoFix non-ARC build
Jeremy Harris [Mon, 26 Mar 2018 17:44:33 +0000 (18:44 +0100)]
Fix non-ARC build

6 years agoARC: add guard in verify against lack of the dkim-verify context
Jeremy Harris [Mon, 26 Mar 2018 16:30:47 +0000 (17:30 +0100)]
ARC: add guard in verify against lack of the dkim-verify context
needed for body-hashing

6 years agoARC: cutthrough delivery may not be used with ARC signing
Jeremy Harris [Mon, 26 Mar 2018 14:59:25 +0000 (15:59 +0100)]
ARC: cutthrough delivery may not be used with ARC signing

6 years agoCutthrough: enforce non-use in combination with DKIM signing or transport filter
Jeremy Harris [Mon, 26 Mar 2018 14:53:49 +0000 (15:53 +0100)]
Cutthrough: enforce non-use in combination with DKIM signing or transport filter

Broken-by: 02b41d7106
6 years agoAdd ARC signing caveats
Phil Pennock [Mon, 26 Mar 2018 16:24:48 +0000 (12:24 -0400)]
Add ARC signing caveats

6 years agoARC: give more detail with "bad signing-spec" message
Jeremy Harris [Sat, 24 Mar 2018 13:53:50 +0000 (13:53 +0000)]
ARC: give more detail with "bad signing-spec" message

6 years agoARC: For signing, accept A-R header lacking ARC info as equivalent to "none"
Jeremy Harris [Fri, 23 Mar 2018 16:45:03 +0000 (16:45 +0000)]
ARC: For signing, accept A-R header lacking ARC info as equivalent to "none"

6 years agoARC: add independent-source testcase. Fix signatures by not line-terminating
Jeremy Harris [Fri, 23 Mar 2018 11:06:35 +0000 (11:06 +0000)]
ARC: add independent-source testcase.  Fix signatures by not line-terminating
last header line being hashed.

6 years agoARC: AS header should have no c= tag
Jeremy Harris [Tue, 20 Mar 2018 22:11:24 +0000 (22:11 +0000)]
ARC: AS header should have no c= tag

6 years agoARC: on the smtp transport option take empty or forced-fail to disable signing
Jeremy Harris [Tue, 20 Mar 2018 19:58:00 +0000 (19:58 +0000)]
ARC: on the smtp transport option take empty or forced-fail to disable signing

6 years agoTestsuite: output changes arising
Jeremy Harris [Sat, 31 Mar 2018 13:21:36 +0000 (14:21 +0100)]
Testsuite: output changes arising

6 years agoAvoid doing logging in signal-handlers. Bug 1007
Jeremy Harris [Fri, 30 Mar 2018 21:54:55 +0000 (22:54 +0100)]
Avoid doing logging in signal-handlers.  Bug 1007

6 years agoTestsuite: avoid ipv6 use in dane_require_tls_ciphers testcases
Jeremy Harris [Fri, 30 Mar 2018 16:36:30 +0000 (17:36 +0100)]
Testsuite: avoid ipv6 use in dane_require_tls_ciphers testcases

6 years agoDANE: smtp transport option dane_require_tls_ciphers
Jeremy Harris [Fri, 30 Mar 2018 15:08:56 +0000 (16:08 +0100)]
DANE: smtp transport option dane_require_tls_ciphers

6 years agoARC: add $arc_state, $arc_state_reason and add reason to authres string
Jeremy Harris [Tue, 13 Mar 2018 20:04:03 +0000 (20:04 +0000)]
ARC: add $arc_state, $arc_state_reason and add reason to authres string

6 years agoMark variables unused before release of store in the queue-runner loop
Jeremy Harris [Tue, 13 Mar 2018 16:27:54 +0000 (16:27 +0000)]
Mark variables unused before release of store in the queue-runner loop

6 years agotidying
Jeremy Harris [Tue, 13 Mar 2018 15:01:42 +0000 (15:01 +0000)]
tidying

6 years agoMark variables unused before release of store in the daemon loop
Jeremy Harris [Tue, 13 Mar 2018 13:52:26 +0000 (13:52 +0000)]
Mark variables unused before release of store in the daemon loop

6 years agoCompiler quietening
Jeremy Harris [Mon, 12 Mar 2018 14:04:11 +0000 (14:04 +0000)]
Compiler quietening

6 years agoFix memory leak during build process (Bug 2183)
Heiko Schlittermann (HS12-RIPE) [Mon, 12 Mar 2018 22:53:13 +0000 (23:53 +0100)]
Fix memory leak during build process (Bug 2183)

(Normally we don't care about leaks in short lived processes we use
during build time. But as -fsanitize=address breaks the build in an
early stage, the leak is fixed now.)

Thanks to Andrew Aitchison.

6 years agoFix dec64table[] OOB read in b64decode()
Tomas Hoger [Wed, 7 Mar 2018 10:30:18 +0000 (11:30 +0100)]
Fix dec64table[] OOB read in b64decode()

Possible values for y at this point are 0..255.  However, dec64table[]
only has 128 entries and hence valid indexes are 0..127.  The values of
y greater than 127 trigger out of bounds read.  As dec64table[] is in
the data segment, the OOB access is not detected by tools as valgrind or
ASAN.  This adds a check to ensure y is less than or equal to 127, just
like in other cases where dec64table[] is accessed.

Note that removal of the y == 0 condition is not a problem, as
dec64table[0] == 255, so the second part of the condition is true.

6 years agoUpdate to protocol used by avast 2.2.0 (Multiline responses) (Bug 2112)
Heiko Schlittermann (HS12-RIPE) [Sat, 10 Mar 2018 03:30:56 +0000 (04:30 +0100)]
Update to protocol used by avast 2.2.0 (Multiline responses) (Bug 2112)

Based on a patch by Victor Ustugov.

6 years agoARC: options on the verify
Jeremy Harris [Sun, 11 Mar 2018 21:38:57 +0000 (21:38 +0000)]
ARC: options on the verify

6 years agoFix ldap lookups for zero-length attribute value. Bug 2251
Jeremy Harris [Sun, 11 Mar 2018 18:46:23 +0000 (18:46 +0000)]
Fix ldap lookups for zero-length attribute value.  Bug 2251

Broken-by: acec9514b1
6 years agotidying
Jeremy Harris [Sun, 11 Mar 2018 18:52:54 +0000 (18:52 +0000)]
tidying

6 years agoARC: compiler quietening
Jeremy Harris [Sun, 11 Mar 2018 17:18:01 +0000 (17:18 +0000)]
ARC: compiler quietening

6 years agoPRDR: append overall DATA acceptance message to delivery log line "C=" item. Bug...
Simon Arlott [Sun, 11 Mar 2018 16:25:28 +0000 (16:25 +0000)]
PRDR: append overall DATA acceptance message to delivery log line "C=" item.  Bug 2253
It can have useful tracking info from the destination, eg. their message Id.

6 years agoExtra checks on inbound SMTP stream buffer refill
Jeremy Harris [Fri, 9 Mar 2018 16:34:08 +0000 (16:34 +0000)]
Extra checks on inbound SMTP stream buffer refill

6 years agoDo not use bashism in /bin/sh scrit (Bug 2249)
Heiko Schlittermann (HS12-RIPE) [Sat, 10 Mar 2018 00:51:20 +0000 (01:51 +0100)]
Do not use bashism in /bin/sh scrit (Bug 2249)

6 years agoCopy/paste fail on end of Perl line (thanks JGH)
Graeme Fowler [Fri, 9 Mar 2018 17:32:55 +0000 (17:32 +0000)]
Copy/paste fail on end of Perl line (thanks JGH)

6 years agoHandle testsuite dual-daemon redis start/reap
Graeme Fowler [Fri, 9 Mar 2018 15:34:13 +0000 (15:34 +0000)]
Handle testsuite dual-daemon redis start/reap

6 years agoRedis cluster DEFER & test results corrected
Graeme Fowler [Wed, 7 Mar 2018 17:41:23 +0000 (17:41 +0000)]
Redis cluster DEFER & test results corrected

6 years agoDANE: add dane:fail event
Jeremy Harris [Tue, 6 Mar 2018 12:13:14 +0000 (12:13 +0000)]
DANE: add dane:fail event

6 years agoTestsuite: GnuTLS version of DANE/events testcase
Jeremy Harris [Tue, 6 Mar 2018 16:23:31 +0000 (16:23 +0000)]
Testsuite: GnuTLS version of DANE/events testcase

Followon from: c0635b6dfe

6 years agoDocs: expand DKIM verification notes
Jeremy Harris [Mon, 5 Mar 2018 11:14:28 +0000 (11:14 +0000)]
Docs: expand DKIM verification notes

6 years agoTest suite case for redis cluster MOVED response
Graeme Fowler [Tue, 6 Mar 2018 15:38:31 +0000 (15:38 +0000)]
Test suite case for redis cluster MOVED response

6 years agoCorrection on string comparison
Graeme Fowler [Tue, 6 Mar 2018 15:36:55 +0000 (15:36 +0000)]
Correction on string comparison

6 years agoChangelog entry for redis cluster MOVED handling
Graeme Fowler [Tue, 6 Mar 2018 11:32:08 +0000 (11:32 +0000)]
Changelog entry for redis cluster MOVED handling

6 years agoCheap method to follow redis cluster MOVED replies
Graeme Fowler [Tue, 6 Mar 2018 11:24:10 +0000 (11:24 +0000)]
Cheap method to follow redis cluster MOVED replies

6 years agoTestsuite: make 4560 more testhost-name independent
Jeremy Harris [Sun, 4 Mar 2018 15:48:32 +0000 (15:48 +0000)]
Testsuite: make 4560 more testhost-name independent

6 years agoTestsuite: for DKIM sha512 verify, use a test signed mail produced by Exim
Jeremy Harris [Sat, 3 Mar 2018 18:45:23 +0000 (18:45 +0000)]
Testsuite: for DKIM sha512 verify, use a test signed mail produced by Exim

This is a temporary measure until Mail::DKIM::Signer can handle rsa-sha512 -
it gives us the internal consistency check but not we would like the independent
confirmation of correctness

6 years agoTestsuite: for DKIM signing, store resulting mail for comparison
Jeremy Harris [Sat, 3 Mar 2018 18:13:58 +0000 (18:13 +0000)]
Testsuite: for DKIM signing, store resulting mail for comparison

6 years agoARC initial implementation. Experimental. Bug 2162
Jeremy Harris [Fri, 2 Mar 2018 23:53:32 +0000 (23:53 +0000)]
ARC initial implementation.  Experimental.  Bug 2162

6 years agoTestsuite: ensure logging path is set
Jeremy Harris [Mon, 26 Feb 2018 14:55:31 +0000 (14:55 +0000)]
Testsuite: ensure logging path is set

6 years agoAuths: for A-R header, and SMTP auth, note the public-name not the authenticator...
Jeremy Harris [Sun, 25 Feb 2018 15:24:26 +0000 (15:24 +0000)]
Auths: for A-R header, and SMTP auth, note the public-name not the authenticator name
       Also, for TLS auth use a custom propspec

6 years agometa: git controls for text changelogs; github controls
Phil Pennock [Sun, 25 Feb 2018 07:51:22 +0000 (02:51 -0500)]
meta: git controls for text changelogs; github controls

For the ChangeLog and files like it, use `merge=union` to bring in
content from both sides instead of having conflicts block merges because
someone else added a feature.

For GitHub, provide some "templates" which really just point people in
the right direction, but if the repointing fails, at least reduces the
pain a little.

6 years agoI18N: Fix utf8_downconvert propagation through a redirect router
Jeremy Harris [Sat, 24 Feb 2018 20:04:25 +0000 (20:04 +0000)]
I18N: Fix utf8_downconvert propagation through a redirect router

6 years agoOpenSSL: revert needless free of certificate list. The library handlies it internally.
Jeremy Harris [Thu, 22 Feb 2018 23:52:17 +0000 (23:52 +0000)]
OpenSSL: revert needless free of certificate list.  The library handlies it internally.

Reported-by: Torsten Tributh
6 years agoWIP
Jeremy Harris [Thu, 22 Feb 2018 14:26:57 +0000 (14:26 +0000)]
WIP

6 years agoTestsuite: output changes in SPF testcase
Jeremy Harris [Thu, 22 Feb 2018 12:15:35 +0000 (12:15 +0000)]
Testsuite: output changes in SPF testcase

6 years agoFix exim_dbmbuild to permit directoryless filenames. Bug 2242
Jeremy Harris [Thu, 22 Feb 2018 11:26:34 +0000 (11:26 +0000)]
Fix exim_dbmbuild to permit directoryless filenames.  Bug 2242

Broken-by: 0a6c178c6c
6 years agoOpenSSL: Fix memory leak during multi-message connections using STARTTLS
Wolfgang Breyha [Mon, 19 Feb 2018 18:27:55 +0000 (18:27 +0000)]
OpenSSL: Fix memory leak during multi-message connections using STARTTLS

Reported-by: Wolfgang Breyha
Fix-by: Wolfgang Breyha, with additions from Jeremy Harris
6 years agoExpansions: make ${authresults } usable in a named ACL
Jeremy Harris [Sun, 18 Feb 2018 16:22:52 +0000 (16:22 +0000)]
Expansions: make ${authresults } usable in a named ACL

This will be more common than directly in the acl_smtp_data option,
and suffers one less expansion in operation.

6 years agoDebug: fix output for acl add_header
Jeremy Harris [Sun, 18 Feb 2018 15:52:33 +0000 (15:52 +0000)]
Debug: fix output for acl add_header

6 years agotypo
Jeremy Harris [Sun, 18 Feb 2018 12:17:30 +0000 (12:17 +0000)]
typo

6 years ago DMARC: fix result reporting when a DKIM ACL overrides the verify result. Bug...
Jeremy Harris [Sun, 18 Feb 2018 11:25:33 +0000 (11:25 +0000)]
DMARC: fix result reporting when a DKIM ACL overrides the verify result.  Bug 2236

6 years agoExpansions: new ${authresults {mch}} for an Authentication-Results header
Jeremy Harris [Sun, 18 Feb 2018 00:33:28 +0000 (00:33 +0000)]
Expansions: new ${authresults {mch}} for an Authentication-Results header

6 years agoFix memory leak during multi-message reception using STARTTLS
Jeremy Harris [Sat, 17 Feb 2018 16:53:27 +0000 (16:53 +0000)]
Fix memory leak during multi-message reception using STARTTLS

Reported-by: Wolfgang Breyha
6 years agoAvoid minor memleak during multi-message STARTTLS'd conns
Jeremy Harris [Sat, 17 Feb 2018 16:44:47 +0000 (16:44 +0000)]
Avoid minor memleak during multi-message STARTTLS'd conns
As STARTTLS/EHLO is repeated per message, we should free mem used for EHLO-dependent hostnames

6 years agotidying
Jeremy Harris [Sat, 17 Feb 2018 16:43:44 +0000 (16:43 +0000)]
tidying

6 years agoTestsuite: munge for no-DKIM builds
Jeremy Harris [Sat, 17 Feb 2018 15:21:53 +0000 (15:21 +0000)]
Testsuite: munge for no-DKIM builds

6 years agoDANE: move to mainline
Jeremy Harris [Thu, 15 Feb 2018 21:32:30 +0000 (21:32 +0000)]
DANE: move to mainline

6 years agocompiler quietening
Jeremy Harris [Wed, 14 Feb 2018 14:51:14 +0000 (14:51 +0000)]
compiler quietening

6 years agoMacros: speedup expansion processing
Jeremy Harris [Wed, 14 Feb 2018 14:08:08 +0000 (14:08 +0000)]
Macros: speedup expansion processing

6 years agotypo
Jeremy Harris [Tue, 13 Feb 2018 19:18:02 +0000 (19:18 +0000)]
typo

6 years agoACL: Enforce non-usability of control=utf8_downconvert in MAIL ACL. Bug 2239
Jeremy Harris [Mon, 12 Feb 2018 17:29:22 +0000 (17:29 +0000)]
ACL: Enforce non-usability of control=utf8_downconvert in MAIL ACL.  Bug 2239

6 years agoDebug: more detail in dkim processing
Jeremy Harris [Mon, 12 Feb 2018 16:27:09 +0000 (16:27 +0000)]
Debug: more detail in dkim processing

6 years agoRevert "Macros: convert to tree for speed of lookup"
Jeremy Harris [Sun, 11 Feb 2018 23:16:02 +0000 (23:16 +0000)]
Revert "Macros: convert to tree for speed of lookup"

This reverts commit 165acdd1ea3b7399b2279f94c881f8e366efaf71.

6 years agoSolaris 10 compatability, try two
Jeremy Harris [Sun, 11 Feb 2018 00:39:46 +0000 (00:39 +0000)]
Solaris 10 compatability, try two

6 years agoSolaris 10 compatability
Jeremy Harris [Sun, 11 Feb 2018 00:10:36 +0000 (00:10 +0000)]
Solaris 10 compatability

6 years agoUpdate copyright year to 2018
Heiko Schlittermann (HS12-RIPE) [Sat, 10 Feb 2018 22:32:34 +0000 (23:32 +0100)]
Update copyright year to 2018

Partly change a single year into a range, starting back in 1995, or
later, if indicated by other copyright information.

6 years agoFix base64d() buffer size (CVE-2018-6789)
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Feb 2018 21:23:32 +0000 (22:23 +0100)]
Fix base64d() buffer size (CVE-2018-6789)

Credits for discovering this bug: Meh Chang <meh@devco.re>

(cherry picked from commit 062990cc1b2f9e5d82a413b53c8f0569075de700)

6 years agoCompiler-quietening
Jeremy Harris [Sat, 10 Feb 2018 20:06:08 +0000 (20:06 +0000)]
Compiler-quietening

6 years agoTestsuite: move DKIM Ed25519 testcases to seperate feature-test group
Jeremy Harris [Sat, 10 Feb 2018 17:29:38 +0000 (17:29 +0000)]
Testsuite: move DKIM Ed25519 testcases to seperate feature-test group

6 years agoTestsuite: move sha3 tests to separate testcase
Jeremy Harris [Sat, 10 Feb 2018 17:01:10 +0000 (17:01 +0000)]
Testsuite: move sha3 tests to separate testcase

6 years agoMacros: return macro-presence status from "exim -bP macro <name>"
Jeremy Harris [Sat, 10 Feb 2018 16:00:45 +0000 (16:00 +0000)]
Macros: return macro-presence status from "exim -bP macro <name>"

6 years agoBuiltin macros for sha3-hash and ed25519-signing support
Jeremy Harris [Fri, 9 Feb 2018 21:59:49 +0000 (21:59 +0000)]
Builtin macros for sha3-hash and ed25519-signing support

6 years agoMacros: convert to tree for speed of lookup
Jeremy Harris [Fri, 9 Feb 2018 21:42:32 +0000 (21:42 +0000)]
Macros: convert to tree for speed of lookup

6 years agoLose outdated builtin-macro warning
Jeremy Harris [Fri, 9 Feb 2018 21:14:51 +0000 (21:14 +0000)]
Lose outdated builtin-macro warning

6 years agoFix conversation closedown with the Avast malware scanner. Bug 2113
Jeremy Harris [Sun, 31 Dec 2017 17:40:55 +0000 (17:40 +0000)]
Fix conversation closedown with the Avast malware scanner.  Bug 2113

6 years agoRepair Heimdal GSSAPI authenticator init part 2
Phil Pennock [Thu, 8 Feb 2018 04:15:37 +0000 (23:15 -0500)]
Repair Heimdal GSSAPI authenticator init part 2

Broken-by: d185889f4
6 years agoRepair Heimdal GSSAPI authenticator init
Phil Pennock [Thu, 8 Feb 2018 03:59:03 +0000 (22:59 -0500)]
Repair Heimdal GSSAPI authenticator init

Broken-by: f2ed27cf5f
6 years agoDKIM: fix buffer overflow in verify
Jeremy Harris [Wed, 7 Feb 2018 23:09:55 +0000 (23:09 +0000)]
DKIM: fix buffer overflow in verify

Caused crash in free() by corrupting malloc metadata.

Reported-by: University of Cambridge
Broken-by: 80a47a2c96
6 years agoCutthrough: silently ignore ACL control when the message cannot be cutthrough-routed
Jeremy Harris [Wed, 7 Feb 2018 12:11:22 +0000 (12:11 +0000)]
Cutthrough: silently ignore ACL control when the message cannot be cutthrough-routed

6 years agoTestsuite: ignore more SSL library output variances
Jeremy Harris [Tue, 6 Feb 2018 19:29:14 +0000 (19:29 +0000)]
Testsuite: ignore more SSL library output variances

6 years agoDKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)
Jeremy Harris [Tue, 6 Feb 2018 14:24:23 +0000 (14:24 +0000)]
DKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)

6 years agoDebug: more info for string-expansion troubles
Jeremy Harris [Sat, 3 Feb 2018 23:13:53 +0000 (23:13 +0000)]
Debug: more info for string-expansion troubles

6 years agoDocs: Spell-check spec.xfpt
Vladimir Panteleev [Sat, 3 Feb 2018 05:07:49 +0000 (05:07 +0000)]
Docs: Spell-check spec.xfpt

6 years agoDocs: Fix formatting of $dkim_verify_status variable description
Vladimir Panteleev [Sat, 3 Feb 2018 04:55:06 +0000 (04:55 +0000)]
Docs: Fix formatting of $dkim_verify_status variable description

6 years agoDocs: Fix syntax in ${filter} example
Vladimir Panteleev [Sat, 3 Feb 2018 04:54:27 +0000 (04:54 +0000)]
Docs: Fix syntax in ${filter} example

6 years agoProtect build against LibreSSL.
Jeremy Harris [Fri, 2 Feb 2018 10:38:39 +0000 (10:38 +0000)]
Protect build against LibreSSL.

Broken-by: 9c29c48f83
6 years agoString expansions: support sha3 under OpenSSL (1.1.1+)
Jeremy Harris [Thu, 1 Feb 2018 23:03:25 +0000 (23:03 +0000)]
String expansions: support sha3 under OpenSSL (1.1.1+)

6 years agoDoc update: RFC 8314 submissions service
Phil Pennock [Wed, 31 Jan 2018 21:47:46 +0000 (16:47 -0500)]
Doc update: RFC 8314 submissions service

Using TLS-on-connect is no longer a legacy mode for bad clients, but
instead standards-track-RFC-compliant best current practice.

Plus ça change, plus c'est la même chose.

6 years agoDKIM: share body-hash calculation between multiple signatures for verification
Jeremy Harris [Wed, 31 Jan 2018 18:31:05 +0000 (18:31 +0000)]
DKIM: share body-hash calculation between multiple signatures for verification

6 years agoRouting: dnslookup and manualroute routers: ipv4_only, ipv4_prefer options. Bug...
Jeremy Harris [Sun, 28 Jan 2018 12:42:01 +0000 (12:42 +0000)]
Routing: dnslookup and manualroute routers: ipv4_only, ipv4_prefer options.  Bug 2149

6 years agoDebugging: fix potential null-derefs in DSN debug_printfs
Jeremy Harris [Sun, 28 Jan 2018 17:39:38 +0000 (17:39 +0000)]
Debugging: fix potential null-derefs in DSN debug_printfs

6 years agoBuild: .git may be a file when this repo is a submodule
Heiko Schlittermann (HS12-RIPE) [Sat, 27 Jan 2018 21:58:03 +0000 (22:58 +0100)]
Build: .git may be a file when this repo is a submodule

(cherry picked from commit 2dfd20fe244da439b1f6becb4e29c8cb83e2d399)

6 years agoTestsuite: locate.pl: do not try folders we do not have permissions for
Heiko Schlittermann (HS12-RIPE) [Fri, 19 Jan 2018 08:40:24 +0000 (09:40 +0100)]
Testsuite: locate.pl: do not try folders we do not have permissions for

6 years agoGnuTLS: fix to ignore timeout on unrelated callout connection. Bug 2174
Jeremy Harris [Sat, 27 Jan 2018 15:03:01 +0000 (15:03 +0000)]
GnuTLS: fix to ignore timeout on unrelated callout connection.  Bug 2174