J. Nick Koston [Mon, 14 Oct 2019 13:40:57 +0000 (15:40 +0200)]
Docs: Update text about lazy init
Heiko Schlittermann (HS12-RIPE) [Fri, 4 Oct 2019 21:14:49 +0000 (23:14 +0200)]
Add generic main config option lazy_init
lazy_init = <string list or "*">
Valid list elements are "tls", and "dkim"
J. Nick Koston [Wed, 2 Oct 2019 08:18:52 +0000 (03:18 -0500)]
Defer loading crypto strings for DKIM until needed to improve startup time
Heiko Schlittermann (HS12-RIPE) [Thu, 26 Sep 2019 23:35:19 +0000 (01:35 +0200)]
Add tls_pre_flight_checks main config option
This option controls, if during readonf time we do start a TLS check
in a subprocess. The option defaults to TRUE, for backward
compatibility.
No tests introduced to the testsuite, as exactly the message about
the created child process gets filtered out by the munger of runtest
Heiko Schlittermann (HS12-RIPE) [Sat, 28 Sep 2019 21:17:41 +0000 (23:17 +0200)]
Docs: Update CVE text about the 4.92.3 release CVE-2019-16928
Heiko Schlittermann (HS12-RIPE) [Sat, 28 Sep 2019 16:50:26 +0000 (18:50 +0200)]
Testsuite: src/client.c: handle long lines read back from the server
Increase the buffer for reading data back from the server, and read
at least until a '\n' appears in the input.
(cherry picked from commit
bb71a66f55c3dd047dd5973c08365a967910f5e1)
Jeremy Harris [Fri, 27 Sep 2019 11:21:49 +0000 (12:21 +0100)]
Fix buffer overflow in string_vformat. CVE-2019-16928 Bug 2449
Add CVE announcement
(cherry picked from commit
478effbfd9c3cc5a627fc671d4bf94d13670d65f)
(cherry picked from commit
c34650401d2d35a6ec3ba1c1a88d395f77030300)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Aug 2019 12:45:48 +0000 (14:45 +0200)]
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)
Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements
Heiko Schlittermann (HS12-RIPE) [Sun, 21 Jul 2019 20:58:13 +0000 (22:58 +0200)]
Update security contact
Heiko Schlittermann (HS12-RIPE) [Sat, 20 Jul 2019 09:43:49 +0000 (11:43 +0200)]
Add security postings for future reference
Jeremy Harris [Fri, 5 Jul 2019 14:38:15 +0000 (15:38 +0100)]
Avoid re-expansion in ${sort } CVE-2019-13917 OVE-
20190718-0006
(cherry picked from commit
5c887f836e4d8e3f79da1c15565b56b40d9bd0dd)
Mad Alex [Wed, 30 Jan 2019 13:57:36 +0000 (13:57 +0000)]
Fix dkim_verify_signers option. Bug 2366
Testsuite coverage by jgh.
Broken-by: d342446f29
Jeremy Harris [Tue, 29 Jan 2019 15:27:26 +0000 (15:27 +0000)]
Docs: clarify quoting for $pipe_addresses
The texinfo output version has single-quotes round a variable,
so the sentence saying "precisely the text" was difficult to
interpret.
Odihambo Washington [Tue, 29 Jan 2019 11:10:26 +0000 (11:10 +0000)]
Docs: correct spamd port
Heiko Schlittermann (HS12-RIPE) [Sun, 27 Jan 2019 18:53:31 +0000 (19:53 +0100)]
configure.default: spacing, de-tabbing
Jeremy Harris [Sat, 12 Jan 2019 20:47:23 +0000 (20:47 +0000)]
Add basic framework for PRDR use with per-user content filters to example config.
Mostly commented-out and with dummy lookups since we do not know what sorts
of filtering may be employed.
(cherry picked from commit
b220576b3ba5396af6b3e0f45739f269079f8fc5)
Heiko Schlittermann (HS12-RIPE) [Tue, 22 Jan 2019 21:33:47 +0000 (22:33 +0100)]
mk_exim_release: tidy
Jeremy Harris [Thu, 24 Jan 2019 21:35:22 +0000 (21:35 +0000)]
Docs: crossref list-separator changing
Jeremy Harris [Thu, 24 Jan 2019 21:21:29 +0000 (21:21 +0000)]
Docs: crossref dlfunc API
Jeremy Harris [Thu, 10 Jan 2019 21:15:11 +0000 (21:15 +0000)]
More checks on header line length during reception
Jeremy Harris [Sat, 5 Jan 2019 19:11:18 +0000 (19:11 +0000)]
Docs: tweak TLS authenticator chapter
Jeremy Harris [Fri, 4 Jan 2019 11:29:19 +0000 (11:29 +0000)]
Docs: missing options
Broken-by: b3ef41c94a
Jeremy Harris [Thu, 3 Jan 2019 21:20:33 +0000 (21:20 +0000)]
Docs: tweak new-drivers chapter
Jeremy Harris [Mon, 31 Dec 2018 13:58:26 +0000 (13:58 +0000)]
PIPE_CONNECT: fix feature-cache refresh
Jeremy Harris [Fri, 28 Dec 2018 20:40:33 +0000 (20:40 +0000)]
Docs: clarify logging from filter
Heiko Schlittermann (HS12-RIPE) [Wed, 26 Dec 2018 11:04:29 +0000 (12:04 +0100)]
Update Changelog for GnuTLS and TLS 1.3 Bug 2359
Fix is in
4896a3192ffac48885347460377edcd893eb9600
Andreas Metzler [Mon, 24 Dec 2018 16:11:41 +0000 (16:11 +0000)]
GnuTLS: repeat lowlevel read and write operations while they request retry
(cherry picked from commit
06faf21f3a84a3ac4aa4f7b1512087423d8c8541)
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Dec 2018 19:38:42 +0000 (20:38 +0100)]
mk_exim_release: more perlish
Heiko Schlittermann (HS12-RIPE) [Tue, 25 Dec 2018 18:17:12 +0000 (19:17 +0100)]
mk_exim_release: integrate signing and checksumming
Jeremy Harris [Sat, 22 Dec 2018 13:36:07 +0000 (13:36 +0000)]
DKIM: better debug for key/signature size mismatch
Jeremy Harris [Fri, 21 Dec 2018 15:36:42 +0000 (15:36 +0000)]
OpenSSL: clear any leftover errors from the stack after SSL_accept succeeds
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 22:06:38 +0000 (23:06 +0100)]
mk_exim_release: output an useful error message when used for older versions
Older releases can't be built with the newer mk_exim_release script,
as there are interdependencies with scripts/reversion and version.sh
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:40:53 +0000 (22:40 +0100)]
Recent commit is thanks to Josh Soref
I managed to drop his name, sorry for that.
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:25:23 +0000 (22:25 +0100)]
Grammar changes in docs
Heiko Schlittermann (HS12-RIPE) [Thu, 20 Dec 2018 21:11:52 +0000 (22:11 +0100)]
Fix copyright year and exim website URL schema
klemens [Sun, 16 Apr 2017 18:49:32 +0000 (20:49 +0200)]
spelling fixes
Jeremy Harris [Thu, 20 Dec 2018 17:48:52 +0000 (17:48 +0000)]
Docs: tweaks
Phil Pennock [Wed, 19 Dec 2018 00:41:06 +0000 (19:41 -0500)]
Default config: use ROUTER_SMARTHOST macro; document
Work around the `$host` vs CNAME issue for now by re-specifying the
`tls_sni` value on the example `smarthost_smtp` transport, using the
same macro which we use to turn on use of a smarthost.
Uncomment both dnslookup and smarthost routers by default and let the
macro choose between them.
Bring the documentation of the default configuration closer to
up-to-date, on this issue and others which I spotted while in there.
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 15:19:11 +0000 (16:19 +0100)]
stats_for_email: Do not auto-select the release directory
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 14:06:00 +0000 (15:06 +0100)]
Re-create test/configure script
Heiko Schlittermann (HS12-RIPE) [Tue, 18 Dec 2018 14:03:46 +0000 (15:03 +0100)]
Update Changelog for Bug 2351
Jeremy Harris [Sun, 16 Dec 2018 16:33:32 +0000 (16:33 +0000)]
Log failures to extract envelope addresses from message headers. Bug 2351
(cherry picked from commit
60c02b350a7d325e64ae0a656cfd37a9fbd162a7)
Phil Pennock [Sun, 16 Dec 2018 09:29:30 +0000 (04:29 -0500)]
doc: gsasl: be clearer that server-side only
Jeremy Harris [Sat, 15 Dec 2018 14:25:09 +0000 (14:25 +0000)]
Fix build with content-scan enabled but all malware types disabled
Jeremy Harris [Fri, 14 Dec 2018 14:03:18 +0000 (14:03 +0000)]
Fix parsing of option type Kint (integer, stored in K). Bug 2348
Broken-by: a45431fa71
Heiko Schlittermann (HS12-RIPE) [Thu, 13 Dec 2018 21:48:08 +0000 (22:48 +0100)]
sign_exim_package: do not auto-select the packages directory
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Feb 2018 23:13:40 +0000 (00:13 +0100)]
mk_exim_release: rework for dotted release scheme
Heiko Schlittermann (HS12-RIPE) [Mon, 3 Dec 2018 15:44:35 +0000 (16:44 +0100)]
reversion: Adapt to dotted release scheme
Heiko Schlittermann (HS12-RIPE) [Mon, 3 Dec 2018 15:44:05 +0000 (16:44 +0100)]
reversion: tidy
Jeremy Harris [Thu, 6 Dec 2018 20:04:29 +0000 (20:04 +0000)]
Docs: SPF lookup type
Jeremy Harris [Wed, 5 Dec 2018 16:09:01 +0000 (16:09 +0000)]
Send delay-MDN for any queurun past delay_warning, even if not retry time yet. Bug 2341
Jeremy Harris [Sun, 2 Dec 2018 01:27:51 +0000 (01:27 +0000)]
tidying
Jeremy Harris [Sun, 2 Dec 2018 00:29:41 +0000 (00:29 +0000)]
More debug in smtp transport
Jeremy Harris [Sat, 1 Dec 2018 16:55:26 +0000 (16:55 +0000)]
Logging: outgoing_port on temporary errors for non-last hosts
Also show nonstandard ports in process info for exiwhat
Jeremy Harris [Sat, 1 Dec 2018 16:49:50 +0000 (16:49 +0000)]
Harden string-list handling
Jeremy Harris [Thu, 29 Nov 2018 20:46:46 +0000 (20:46 +0000)]
Testsuite: handle change in GnuTLS cert preference
Jeremy Harris [Thu, 29 Nov 2018 19:52:39 +0000 (19:52 +0000)]
Testsuite: output changes resulting
Broken-by: a7a1ad1447
Jeremy Harris [Thu, 29 Nov 2018 10:01:52 +0000 (10:01 +0000)]
GnuTLS: fix build with older libraries
Broken-by: 6aac3239b4
Jeremy Harris [Tue, 27 Nov 2018 23:06:16 +0000 (23:06 +0000)]
Testsuite: regenerate CA trees with 2048-bit keys
This is to support RHEL 8.0 where OpenSSL dislikes 1024
Jeremy Harris [Wed, 28 Nov 2018 20:54:53 +0000 (20:54 +0000)]
OpenSSL: fail the handshake when SNI processing hits a problem
Jeremy Harris [Wed, 28 Nov 2018 19:45:24 +0000 (19:45 +0000)]
TLS: Increase RSA keysize of autogen selfsign cert
Jeremy Harris [Tue, 27 Nov 2018 20:50:28 +0000 (20:50 +0000)]
Testsuite: switch ciphersuite use
This is to accomodate RHEL 7, where openssl seems to not support ECDHE Kx + CAMELIA
nor any of the CHACHA20s, but does support DHE Kx + CAMELIA.
All we really wanted was something distinguishable from default
(which is commonly ECDHE-RSA-AUE256-GCM-SHA).
Jeremy Harris [Sun, 25 Nov 2018 21:58:54 +0000 (21:58 +0000)]
Testsuite: ignore OCSP option output; fixes runs on non-OCSP builds
Jeremy Harris [Sat, 24 Nov 2018 15:37:54 +0000 (15:37 +0000)]
Fix AUTH_GSASL build
Jeremy Harris [Fri, 23 Nov 2018 23:55:36 +0000 (23:55 +0000)]
Avoid leaving $domain live with bogus info, during server connection startup
Recent efforts to reduce string-copy ops while also avoiding using excessive memory
tripped a check on freeing the still-live variable. It is unclear why the variable
was set anyway, even though commented. The use was introduced between Exim 3.36 and 4.0
Phil Pennock [Thu, 22 Nov 2018 02:07:49 +0000 (21:07 -0500)]
nit (typo fix; docs)
Jeremy Harris [Wed, 21 Nov 2018 08:30:20 +0000 (08:30 +0000)]
Fix cyrus-sasl authenticator for $authenticated_fail_id. Bug 2338
Relabel for commit
c0fb53b74e which which had a typo in the commit message.
Jeremy Harris [Wed, 21 Nov 2018 00:50:38 +0000 (00:50 +0000)]
Fix cyrus-sasl authenticator for $authenticated_fail_id. Bug 2238
Jeremy Harris [Tue, 20 Nov 2018 21:42:48 +0000 (21:42 +0000)]
Docs: more on $authenticated_fail_id
Jeremy Harris [Sun, 18 Nov 2018 22:11:35 +0000 (22:11 +0000)]
Testsuite: document noisy-comment script commands
Jeremy Harris [Sun, 18 Nov 2018 17:27:38 +0000 (17:27 +0000)]
Docs: add note on manualroute route-lists
Jeremy Harris [Sun, 18 Nov 2018 16:45:44 +0000 (16:45 +0000)]
Docs: indexing of retry final-cutoff
Jeremy Harris [Thu, 15 Nov 2018 15:08:53 +0000 (15:08 +0000)]
tidying
Jeremy Harris [Sat, 17 Nov 2018 19:40:01 +0000 (19:40 +0000)]
Lose more string-copy operations
Jeremy Harris [Thu, 15 Nov 2018 18:55:51 +0000 (18:55 +0000)]
Fix growable-string sprintf
Broken-by
d12746bc15
Jeremy Harris [Thu, 15 Nov 2018 17:21:45 +0000 (17:21 +0000)]
OpenBSD: bump dns-result buffer to 64kB
This just to take out a difference in testsuite behaviour. Builds
for memory-constrained devices could legitimately use 16kB.
Jeremy Harris [Wed, 14 Nov 2018 22:32:58 +0000 (22:32 +0000)]
Recast more internal string routines to use growable-strings
Jeremy Harris [Wed, 14 Nov 2018 20:22:50 +0000 (20:22 +0000)]
tidying
Jeremy Harris [Tue, 13 Nov 2018 11:50:40 +0000 (11:50 +0000)]
Docs: Add cross-refs for $h_<name>
Jeremy Harris [Sun, 11 Nov 2018 18:30:22 +0000 (18:30 +0000)]
Testsuite: account for hostname-dependent output in debug output
Jeremy Harris [Sun, 11 Nov 2018 18:16:29 +0000 (18:16 +0000)]
Testsuite: fix testcases for /etc/services not having smtps
Jeremy Harris [Sun, 11 Nov 2018 18:08:05 +0000 (18:08 +0000)]
Docs: add notes on smtps
Jeremy Harris [Sat, 10 Nov 2018 20:37:31 +0000 (20:37 +0000)]
Testsuite: increase retry time (for really slow test host)
Jeremy Harris [Fri, 9 Nov 2018 19:56:32 +0000 (19:56 +0000)]
Testsuite: avoid time-quantization issue
Jeremy Harris [Fri, 9 Nov 2018 17:12:09 +0000 (17:12 +0000)]
Testsuite: avoid time-quantization issue
Jeremy Harris [Thu, 8 Nov 2018 12:58:27 +0000 (12:58 +0000)]
Testsuite: check for conflicting host name
Jeremy Harris [Sat, 27 Oct 2018 16:03:09 +0000 (17:03 +0100)]
tidying
Jeremy Harris [Tue, 6 Nov 2018 16:00:26 +0000 (16:00 +0000)]
Fix build on FreeBSD 11
Jeremy Harris [Tue, 6 Nov 2018 15:18:05 +0000 (15:18 +0000)]
Testsuite: rework testcases for DSN RCPT options
Jeremy Harris [Mon, 5 Nov 2018 18:51:16 +0000 (18:51 +0000)]
MacOS: fix build
Broken-by: ee8b809061
Jeremy Harris [Mon, 5 Nov 2018 18:26:18 +0000 (18:26 +0000)]
Fix mis-merge
Broken-by
ee8b809061
Jeremy Harris [Mon, 5 Nov 2018 17:11:27 +0000 (17:11 +0000)]
Unbreak non-PIPE_CONNECT build
Broken-by: ee8b809061
Jeremy Harris [Sat, 3 Nov 2018 23:13:34 +0000 (23:13 +0000)]
Squashed commit of PIPE_CONNECT
Jeremy Harris [Tue, 30 Oct 2018 22:09:15 +0000 (22:09 +0000)]
MacOS: TCP Fast Open
Jeremy Harris [Tue, 30 Oct 2018 18:43:34 +0000 (18:43 +0000)]
Testsuite: adjust for 64b-int compatability
Jeremy Harris [Tue, 30 Oct 2018 14:00:24 +0000 (14:00 +0000)]
Testsuite: more detail in dsearch testcase output
Jeremy Harris [Tue, 30 Oct 2018 13:59:18 +0000 (13:59 +0000)]
Testsuite: ignore TCP Fast Open probe debug output
Jeremy Harris [Sun, 21 May 2017 13:09:43 +0000 (14:09 +0100)]
Increase size of variables for check_spool_space and check_log_space
Jeremy Harris [Sat, 27 Oct 2018 18:28:03 +0000 (19:28 +0100)]
Avoid trying to talk TLS over a known-closed channel
Jeremy Harris [Sat, 27 Oct 2018 17:06:42 +0000 (18:06 +0100)]
Testsuite: fix cmdline option for test flavour