users/jgh/exim.git
6 years agoFix crash associated with dnsdb lookup done from DKIM ACL. Bug 2215
Jeremy Harris [Thu, 28 Dec 2017 20:09:05 +0000 (20:09 +0000)]
Fix crash associated with dnsdb lookup done from DKIM ACL.  Bug 2215

Broken-by: cc55f4208e
6 years agoUse common routine for building tagstring for dns-fail cache
Jeremy Harris [Thu, 28 Dec 2017 21:28:01 +0000 (21:28 +0000)]
Use common routine for building tagstring for dns-fail cache

6 years agoDebug: enhance output from smtp transport entry
Jeremy Harris [Wed, 27 Dec 2017 17:22:26 +0000 (17:22 +0000)]
Debug: enhance output from smtp transport entry

6 years agoDKIM: tighter checking while parsing signature headers. Bug 2217
Jeremy Harris [Thu, 28 Dec 2017 20:51:28 +0000 (20:51 +0000)]
DKIM: tighter checking while parsing signature headers.  Bug 2217

6 years agoCheck ARGV before subscripting it
Geraint Edwards [Thu, 28 Dec 2017 15:53:51 +0000 (15:53 +0000)]
Check ARGV before subscripting it

6 years agoTesttsuite: output changes resulting
Jeremy Harris [Wed, 27 Dec 2017 14:10:44 +0000 (14:10 +0000)]
Testtsuite: output changes resulting

6 years agoTestsuite: better portability of postgresq test vs. postgresql versions
Jeremy Harris [Wed, 27 Dec 2017 11:11:17 +0000 (11:11 +0000)]
Testsuite: better portability of postgresq test vs. postgresql versions

6 years agoLookups: fix pgsql multiple-row, single-column return
Jeremy Harris [Sun, 24 Dec 2017 16:42:04 +0000 (16:42 +0000)]
Lookups: fix pgsql multiple-row, single-column return

Report & fix from James <list@xdrv.co.uk>; additional tidying and testcase by JGH

Broken-by: acec9514b1
6 years agoTestsuite: shift pgsql tests to the standard-run set
Jeremy Harris [Sun, 24 Dec 2017 20:46:56 +0000 (20:46 +0000)]
Testsuite: shift pgsql tests to the standard-run set

6 years agoTestsuite: convert posgreql testing to standalone
Jeremy Harris [Sun, 24 Dec 2017 20:35:24 +0000 (20:35 +0000)]
Testsuite: convert posgreql testing to standalone

6 years agoDelivery: remove restriction on dirname length on having to create directories. ...
Jeremy Harris [Sat, 23 Dec 2017 17:46:10 +0000 (17:46 +0000)]
Delivery: remove restriction on dirname length on having to create directories.  Bug 2213

6 years agoDANE/GnuTLS: split verification of mixed sets of TLSA records by usage
Jeremy Harris [Fri, 22 Dec 2017 17:19:37 +0000 (17:19 +0000)]
DANE/GnuTLS: split verification of mixed sets of TLSA records by usage

This is because we cannot do the required CA-anchor and names checks for TA-mode
and not for EE-mode, without knowing which usage TLSA was used.

6 years agoConstification
Jeremy Harris [Fri, 22 Dec 2017 11:34:20 +0000 (11:34 +0000)]
Constification

6 years agoFix const issue in nisplus lookup
Jeremy Harris [Fri, 22 Dec 2017 10:25:56 +0000 (10:25 +0000)]
Fix const issue in nisplus lookup

6 years agoFix build of nisplus lookup
Andreas Piesk [Fri, 22 Dec 2017 10:05:02 +0000 (10:05 +0000)]
Fix build of nisplus lookup

6 years agoexim: regularize exim -bI:help output
Josh Soref [Thu, 14 Dec 2017 04:25:04 +0000 (04:25 +0000)]
exim: regularize exim -bI:help output

6 years agoexiwhat: use RM_COMMAND
tv [Wed, 20 Dec 2017 22:59:50 +0000 (23:59 +0100)]
exiwhat: use RM_COMMAND

6 years agoDANE/GnuTLS: filter TLSA records for usability
Jeremy Harris [Wed, 20 Dec 2017 23:12:07 +0000 (23:12 +0000)]
DANE/GnuTLS: filter TLSA records for usability

6 years agoDANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode
Jeremy Harris [Wed, 20 Dec 2017 21:14:06 +0000 (21:14 +0000)]
DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE mode

Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing

6 years agoACL: Disallow '/' characters in queue names specified for "queue="
Jeremy Harris [Wed, 20 Dec 2017 11:34:47 +0000 (11:34 +0000)]
ACL: Disallow '/' characters in queue names specified for "queue="

6 years agoMerge branch '4.next'
Jeremy Harris [Tue, 19 Dec 2017 22:14:18 +0000 (22:14 +0000)]
Merge branch '4.next'

6 years agoDocs: clean for next release
Jeremy Harris [Tue, 19 Dec 2017 21:54:37 +0000 (21:54 +0000)]
Docs: clean for next release

6 years agoFix nossl build
Jeremy Harris [Tue, 19 Dec 2017 16:27:44 +0000 (16:27 +0000)]
Fix nossl build

6 years agoDANE: support under GnuTLS. Bug 1523
Jeremy Harris [Tue, 19 Dec 2017 15:06:49 +0000 (15:06 +0000)]
DANE: support under GnuTLS.  Bug 1523

GnuTLS version 3.0.0 onwards; still Experimental

6 years agoTestsuite: move CRL testcases away from using SHA1-signed certs
Jeremy Harris [Mon, 18 Dec 2017 15:38:54 +0000 (15:38 +0000)]
Testsuite: move CRL testcases away from using SHA1-signed certs

6 years agoTestsuite: output changes arising
Jeremy Harris [Sat, 16 Dec 2017 20:52:54 +0000 (20:52 +0000)]
Testsuite: output changes arising

6 years agoTestsuite: regenerate certs tree
Jeremy Harris [Sat, 16 Dec 2017 20:49:28 +0000 (20:49 +0000)]
Testsuite: regenerate certs tree

6 years agoTestsuite: restore generation of OCSP status for EC certs
Jeremy Harris [Sat, 16 Dec 2017 20:45:18 +0000 (20:45 +0000)]
Testsuite: restore generation of OCSP status for EC certs

Broken-by: 854586e149
6 years agoTestsuite: do not bother with cert hostnames when testing OCSP
Jeremy Harris [Sat, 16 Dec 2017 20:41:27 +0000 (20:41 +0000)]
Testsuite: do not bother with cert hostnames when testing OCSP

6 years agoTestsuite: restore lost dns config for DKIM extra-txt-records testcase
Jeremy Harris [Sat, 16 Dec 2017 19:45:30 +0000 (19:45 +0000)]
Testsuite: restore lost dns config for DKIM extra-txt-records testcase

Broken-by: 854586e149
6 years agoTestsuite output changes arising
Jeremy Harris [Sat, 16 Dec 2017 14:17:13 +0000 (14:17 +0000)]
Testsuite output changes arising

Broken-by: 854586e149
6 years agoDANE: fix type-2xx TLSA under older OpenSSL versions Bug 2198
Viktor Dukhovni [Fri, 1 Dec 2017 22:13:19 +0000 (22:13 +0000)]
DANE: fix type-2xx TLSA under older OpenSSL versions  Bug 2198
OpenSSL 1.0.1t is known bad.  1.0.2 and 1.1.0 are apparently ok.

6 years agoTestsuite: testcase for Bug 2198
Jeremy Harris [Sat, 16 Dec 2017 02:05:13 +0000 (02:05 +0000)]
Testsuite: testcase for Bug 2198

6 years agoCHUNKING: flush input stream after message-fatal error detection. Bug 2201
Jeremy Harris [Tue, 12 Dec 2017 21:52:33 +0000 (21:52 +0000)]
CHUNKING: flush input stream after message-fatal error detection.  Bug 2201

6 years agoTestsuite: regen TLSA records, to match cert tree
Jeremy Harris [Sat, 9 Dec 2017 15:05:14 +0000 (15:05 +0000)]
Testsuite: regen TLSA records, to match cert tree

6 years agoTestsuite: regen TLSA records, to match cert tree
Jeremy Harris [Sat, 9 Dec 2017 14:57:38 +0000 (14:57 +0000)]
Testsuite: regen TLSA records, to match cert tree

6 years agoopenssl guidance: install shared libraries too
Phil Pennock [Fri, 8 Dec 2017 19:21:45 +0000 (14:21 -0500)]
openssl guidance: install shared libraries too

6 years agotidying
Jeremy Harris [Tue, 5 Dec 2017 20:55:19 +0000 (20:55 +0000)]
tidying

6 years agoAdd compile-time guard against BDB library version 6
Jeremy Harris [Fri, 8 Dec 2017 12:55:25 +0000 (12:55 +0000)]
Add compile-time guard against BDB library version 6

6 years agoFix non-OCSP OpenSSL build
Jeremy Harris [Mon, 4 Dec 2017 14:32:44 +0000 (14:32 +0000)]
Fix non-OCSP OpenSSL build

Issue found by: Frank Elsner

6 years agoDocs: amend warning on on lack of multiple-OCSP-proof support
Jeremy Harris [Sun, 3 Dec 2017 23:57:11 +0000 (23:57 +0000)]
Docs: amend warning on on lack of multiple-OCSP-proof support

6 years agoGnuTLS: multiple server certs, OCSP stapling. Bug 2092
Jeremy Harris [Sun, 3 Dec 2017 22:40:43 +0000 (22:40 +0000)]
GnuTLS: multiple server certs, OCSP stapling.  Bug 2092

6 years agoTestsuite: regen certs trees, now with OCSP response for one EC cert
Jeremy Harris [Sun, 3 Dec 2017 23:54:13 +0000 (23:54 +0000)]
Testsuite: regen certs trees, now with OCSP response for one EC cert

6 years agoDocs: clarify smtp transport tls_verify_certificates option
Jeremy Harris [Sun, 3 Dec 2017 20:36:12 +0000 (20:36 +0000)]
Docs: clarify smtp transport tls_verify_certificates option

6 years agoDKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207
Heiko Schlittermann (HS12-RIPE) [Sun, 3 Dec 2017 17:17:43 +0000 (18:17 +0100)]
DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207

6 years agoFix initialiser in smtp transport
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport

Broken-by: 838d897c8e
6 years agoDocs: add notes on lack of multiple-OCSP-proof support
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation

6 years agoChange log update
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update

6 years agoChunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201

6 years agoLogging: fix log line for local_scan() rejection
Jeremy Harris [Sun, 26 Nov 2017 15:28:26 +0000 (15:28 +0000)]
Logging: fix log line for local_scan() rejection

6 years agoDKIM: fix tolerating spaces round tag values
Jeremy Harris [Sun, 26 Nov 2017 15:26:42 +0000 (15:26 +0000)]
DKIM: fix tolerating spaces round tag values

6 years agoFix filename length check in mime-handling
Jeremy Harris [Sun, 26 Nov 2017 15:22:38 +0000 (15:22 +0000)]
Fix filename length check in mime-handling

6 years agotidying
Jeremy Harris [Sun, 26 Nov 2017 15:20:04 +0000 (15:20 +0000)]
tidying

6 years agoFix initialiser in smtp transport
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport

Broken-by: 838d897c8e
6 years agoDocs: add notes on lack of multiple-OCSP-proof support
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support

This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation

6 years agoDebug: fix coding in dnssec reporting. Bug 2205
Jeremy Harris [Fri, 1 Dec 2017 22:43:19 +0000 (22:43 +0000)]
Debug: fix coding in dnssec reporting.  Bug 2205

6 years agoTLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured
Jeremy Harris [Wed, 29 Nov 2017 23:22:34 +0000 (23:22 +0000)]
TLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured

6 years agoTLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS. Bug 2203
Jeremy Harris [Wed, 29 Nov 2017 22:18:18 +0000 (22:18 +0000)]
TLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS.  Bug 2203

6 years agoChange log update
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update

6 years agoChunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201

6 years agoLogging: fix log line for local_scan() rejection
Jeremy Harris [Sun, 26 Nov 2017 15:28:26 +0000 (15:28 +0000)]
Logging: fix log line for local_scan() rejection

6 years agoDKIM: fix tolerating spaces round tag values
Jeremy Harris [Sun, 26 Nov 2017 15:26:42 +0000 (15:26 +0000)]
DKIM: fix tolerating spaces round tag values

6 years agoFix filename length check in mime-handling
Jeremy Harris [Sun, 26 Nov 2017 15:22:38 +0000 (15:22 +0000)]
Fix filename length check in mime-handling

6 years agotidying
Jeremy Harris [Sun, 26 Nov 2017 15:20:04 +0000 (15:20 +0000)]
tidying

6 years agotidying
Jeremy Harris [Sat, 25 Nov 2017 21:05:53 +0000 (21:05 +0000)]
tidying

6 years agoReplace the store_release() internal interface, which was excessively unsafe.
Jeremy Harris [Sat, 25 Nov 2017 20:24:00 +0000 (20:24 +0000)]
Replace the store_release() internal interface, which was excessively unsafe.
The new store_newblock() includes the required safety checck, plus the alocate
and data-copy operations.

6 years agoMerge branch 'master' into 4.next
Jeremy Harris [Sat, 25 Nov 2017 19:39:32 +0000 (19:39 +0000)]
Merge branch 'master' into 4.next

6 years agoChange note for 445d03d4ea
Jeremy Harris [Sat, 25 Nov 2017 16:21:14 +0000 (16:21 +0000)]
Change note for 445d03d4ea

6 years agoAvoid release of store if there have been later allocations. Bug 2199
Jeremy Harris [Fri, 24 Nov 2017 20:22:33 +0000 (20:22 +0000)]
Avoid release of store if there have been later allocations.  Bug 2199

6 years agoAdd comment on GnuTLS library debugging facility
Jeremy Harris [Fri, 24 Nov 2017 20:24:40 +0000 (20:24 +0000)]
Add comment on GnuTLS library debugging facility

6 years agoTestsuite: more pre-run configuration checks
Jeremy Harris [Sat, 18 Nov 2017 15:22:48 +0000 (15:22 +0000)]
Testsuite: more pre-run configuration checks

6 years agotidying
Jeremy Harris [Thu, 16 Nov 2017 20:46:10 +0000 (20:46 +0000)]
tidying

6 years agoTestsuite: delays for debug output ordering (again)
Jeremy Harris [Thu, 16 Nov 2017 18:31:23 +0000 (18:31 +0000)]
Testsuite: delays for debug output ordering (again)

6 years agoOpenSSL: avoid using now-deprecated routines on newer versions
Jeremy Harris [Thu, 16 Nov 2017 12:12:48 +0000 (12:12 +0000)]
OpenSSL: avoid using now-deprecated routines on newer versions

6 years agoTestsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 23:24:23 +0000 (23:24 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances

6 years agoTestsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 22:09:10 +0000 (22:09 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances

6 years agoTestsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 20:38:19 +0000 (20:38 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances

6 years agoTestsuite: better debug output from "server" script-runner
Jeremy Harris [Wed, 15 Nov 2017 19:06:00 +0000 (19:06 +0000)]
Testsuite: better debug output from "server" script-runner

6 years agoTestsuite: delays for debug output ordering
Jeremy Harris [Wed, 15 Nov 2017 18:56:21 +0000 (18:56 +0000)]
Testsuite: delays for debug output ordering

OpenBSD seems to prioritize the child of a fork; Linux & FreeBSD the parent

6 years agoTestsuite: force RSA auth for testcase loading dual certs
Jeremy Harris [Wed, 15 Nov 2017 18:38:44 +0000 (18:38 +0000)]
Testsuite: force RSA auth for testcase loading dual certs

More recent OpenSSL versions (1.1.0) reasonably prefer ECDSA when available,
where older (1.0.2) preferred RSA

6 years agoTypo in sample configuration
Jeremy Harris [Wed, 15 Nov 2017 17:48:55 +0000 (17:48 +0000)]
Typo in sample configuration

6 years agoDocs: PRVS validity. Bug 2033
Jeremy Harris [Sun, 12 Nov 2017 19:08:43 +0000 (19:08 +0000)]
Docs: PRVS validity.  Bug 2033

6 years agoTestsuite output updates
Jeremy Harris [Tue, 14 Nov 2017 19:32:50 +0000 (19:32 +0000)]
Testsuite output updates

7 years agoAdd host detail on all deferred deliveries, not only the last one
Heiko Schlittermann (HS12-RIPE) [Sun, 5 Nov 2017 22:57:16 +0000 (23:57 +0100)]
Add host detail on all deferred deliveries, not only the last one

7 years agoTestsuite: another go at munging cipher-suite strings
Jeremy Harris [Sat, 11 Nov 2017 21:19:50 +0000 (21:19 +0000)]
Testsuite: another go at munging cipher-suite strings

7 years agoDebug: remove router DSN config dump on startup
Jeremy Harris [Sat, 11 Nov 2017 21:04:21 +0000 (21:04 +0000)]
Debug: remove router DSN config dump on startup

7 years agoTestsuite: another go at munging cipher-suite strings
Jeremy Harris [Sat, 11 Nov 2017 18:39:09 +0000 (18:39 +0000)]
Testsuite: another go at munging cipher-suite strings

7 years agoMerge branch 'master' into 4.next
Jeremy Harris [Sat, 11 Nov 2017 16:20:02 +0000 (16:20 +0000)]
Merge branch 'master' into 4.next

7 years agoDowngrade an unfound-list name from panic to DEFER. Bug 1645
Jeremy Harris [Sat, 11 Nov 2017 16:11:06 +0000 (16:11 +0000)]
Downgrade an unfound-list name from panic to DEFER.  Bug 1645

7 years agoTestsuite: another go at munging cipher-suite strings
Jeremy Harris [Thu, 9 Nov 2017 21:35:08 +0000 (21:35 +0000)]
Testsuite: another go at munging cipher-suite strings

7 years agoTestsuite: another go at munging cipher-suite strings
Jeremy Harris [Thu, 9 Nov 2017 19:49:49 +0000 (19:49 +0000)]
Testsuite: another go at munging cipher-suite strings

7 years agodocs: typo
Jeremy Harris [Wed, 8 Nov 2017 12:37:22 +0000 (12:37 +0000)]
docs: typo

7 years agotidying
Jeremy Harris [Wed, 8 Nov 2017 12:01:20 +0000 (12:01 +0000)]
tidying

7 years agoDKIM: call ACL once for each signature matching the identity from dkim_verify_signers...
Jeremy Harris [Wed, 8 Nov 2017 10:43:28 +0000 (10:43 +0000)]
DKIM: call ACL once for each signature matching the identity from dkim_verify_signers.  Bug 2189

7 years agoDKIM: make verification results visible in data ACL
Jeremy Harris [Tue, 7 Nov 2017 21:40:19 +0000 (21:40 +0000)]
DKIM: make verification results visible in data ACL

7 years agoDKIM: Allow the DKIM ACL to override verification results. Bug 2186
Jeremy Harris [Tue, 7 Nov 2017 19:01:42 +0000 (19:01 +0000)]
DKIM: Allow the DKIM ACL to override verification results.  Bug 2186

This provides generic support, though is covers the need introduced
by https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/?include_text=1
(deprecating sha-1 and RSA keys shorter than 1024 bits).

7 years agoTLS: support multiple certificate files in server. Bug 2092
Jeremy Harris [Tue, 7 Nov 2017 16:09:28 +0000 (16:09 +0000)]
TLS: support multiple certificate files in server.  Bug 2092

7 years agoDocs: add index entry
Jeremy Harris [Fri, 3 Nov 2017 13:05:16 +0000 (13:05 +0000)]
Docs: add index entry

7 years agoDKIM: better syntax for control of oversigning. Bug 2180
Jeremy Harris [Fri, 3 Nov 2017 11:02:19 +0000 (11:02 +0000)]
DKIM: better syntax for control of oversigning.  Bug 2180

7 years agoUse LDFLAGS not EXTRALIBS_EXIM; 1.0.2 needs ldl too
Phil Pennock [Thu, 2 Nov 2017 18:48:30 +0000 (14:48 -0400)]
Use LDFLAGS not EXTRALIBS_EXIM; 1.0.2 needs ldl too