Jeremy Harris [Sat, 27 Jan 2018 15:03:01 +0000 (15:03 +0000)]
GnuTLS: fix to ignore timeout on unrelated callout connection. Bug 2174
Jeremy Harris [Fri, 26 Jan 2018 18:40:41 +0000 (18:40 +0000)]
Cutthrough: fix for port-number defined by router. Bug 2229
Jeremy Harris [Thu, 25 Jan 2018 21:27:00 +0000 (21:27 +0000)]
Cutthrough: fix multi-message initiating connections. Bug 2230
Jeremy Harris [Sat, 20 Jan 2018 13:13:52 +0000 (13:13 +0000)]
Docs: Update DKIM section with RFC 8301 requirements
Jeremy Harris [Sun, 14 Jan 2018 18:40:50 +0000 (18:40 +0000)]
DKIM: DNS records having no v= tag are acceptable. Bug 2207
Broken-by
c73a4d073e
Heiko Schlittermann (HS12-RIPE) [Tue, 16 Jan 2018 15:06:24 +0000 (16:06 +0100)]
Fix %D string expansion to not use millisec
log_selector +millisec should not change the expansion of %D
(used in log_file_path and maybe other places)
Jeremy Harris [Sat, 13 Jan 2018 18:11:21 +0000 (18:11 +0000)]
Lookups: fix mysql lookup returns for no-data "queries",
when the number of rows affected is returned. Bug 2223
Broken-by: acec9514b1
Also enhance the testsuite mysql testcase to be standalone and move to standard-run set
and add a specific testcase for this bug.
Testcase working on Fedora at least - we'll see what happens on other platforms
where executable locaation may vary.
Jeremy Harris [Sun, 7 Jan 2018 15:03:25 +0000 (15:03 +0000)]
DKIM: permit dkim_private_key to override dkim_strict on signing. Bug 2220
Jeremy Harris [Sat, 30 Dec 2017 13:55:54 +0000 (13:55 +0000)]
MIME ACL: fix SMTP response for non-accept result of the ACL. Bug 2214.
As far as I can see this was broken back in 2013,
f4c1088 for 4.82
Jeremy Harris [Wed, 27 Dec 2017 23:32:02 +0000 (23:32 +0000)]
Fix issue with continued-connections when the DNS shifts unreliably
Jeremy Harris [Thu, 28 Dec 2017 20:09:05 +0000 (20:09 +0000)]
Fix crash associated with dnsdb lookup done from DKIM ACL. Bug 2215
Broken-by: cc55f4208e
Jeremy Harris [Thu, 28 Dec 2017 20:51:28 +0000 (20:51 +0000)]
DKIM: tighter checking while parsing signature headers. Bug 2217
Jeremy Harris [Sun, 24 Dec 2017 21:30:20 +0000 (21:30 +0000)]
Lookups: fix pgsql multiple-row, single-column return
Report & fix from James <list@xdrv.co.uk>; additional tidying and testcase by JGH
Broken-by: acec9514b1
Jeremy Harris [Fri, 22 Dec 2017 10:25:56 +0000 (10:25 +0000)]
Fix const issue in nisplus lookup
Andreas Piesk [Fri, 22 Dec 2017 10:05:02 +0000 (10:05 +0000)]
Fix build of nisplus lookup
Heiko Schlittermann (HS12-RIPE) [Sun, 3 Dec 2017 17:17:43 +0000 (18:17 +0100)]
DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207
Jeremy Harris [Fri, 1 Dec 2017 22:43:19 +0000 (22:43 +0000)]
Debug: fix coding in dnssec reporting. Bug 2205
Jeremy Harris [Wed, 29 Nov 2017 23:22:34 +0000 (23:22 +0000)]
TLS: avoid calling smtp_auth_acl on client cert when no tls authenticator is configured
Jeremy Harris [Wed, 29 Nov 2017 22:18:18 +0000 (22:18 +0000)]
TLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS. Bug 2203
Jeremy Harris [Tue, 12 Dec 2017 21:52:33 +0000 (21:52 +0000)]
CHUNKING: flush input stream after message-fatal error detection. Bug 2201
Jeremy Harris [Sat, 9 Dec 2017 15:05:14 +0000 (15:05 +0000)]
Testsuite: regen TLSA records, to match cert tree
Phil Pennock [Fri, 8 Dec 2017 19:21:45 +0000 (14:21 -0500)]
openssl guidance: install shared libraries too
Jeremy Harris [Mon, 4 Dec 2017 14:32:44 +0000 (14:32 +0000)]
Fix non-OCSP OpenSSL build
Issue found by: Frank Elsner
Jeremy Harris [Sun, 3 Dec 2017 20:36:12 +0000 (20:36 +0000)]
Docs: clarify smtp transport tls_verify_certificates option
Jeremy Harris [Sat, 2 Dec 2017 21:11:46 +0000 (21:11 +0000)]
Fix initialiser in smtp transport
Broken-by: 838d897c8e
Jeremy Harris [Sat, 2 Dec 2017 20:10:18 +0000 (20:10 +0000)]
Docs: add notes on lack of multiple-OCSP-proof support
This would be wanted for server OCSP stapling in a dual RSA/ECDSA certificate installation
Jeremy Harris [Tue, 28 Nov 2017 20:44:14 +0000 (20:44 +0000)]
Change log update
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
Jeremy Harris [Sun, 26 Nov 2017 15:28:26 +0000 (15:28 +0000)]
Logging: fix log line for local_scan() rejection
Jeremy Harris [Sun, 26 Nov 2017 15:26:42 +0000 (15:26 +0000)]
DKIM: fix tolerating spaces round tag values
Jeremy Harris [Sun, 26 Nov 2017 15:22:38 +0000 (15:22 +0000)]
Fix filename length check in mime-handling
Jeremy Harris [Sun, 26 Nov 2017 15:20:04 +0000 (15:20 +0000)]
tidying
Jeremy Harris [Sat, 25 Nov 2017 16:21:14 +0000 (16:21 +0000)]
Change note for
445d03d4ea
Jeremy Harris [Fri, 24 Nov 2017 20:22:33 +0000 (20:22 +0000)]
Avoid release of store if there have been later allocations. Bug 2199
Jeremy Harris [Fri, 24 Nov 2017 20:24:40 +0000 (20:24 +0000)]
Add comment on GnuTLS library debugging facility
Jeremy Harris [Sat, 18 Nov 2017 15:22:48 +0000 (15:22 +0000)]
Testsuite: more pre-run configuration checks
Jeremy Harris [Thu, 16 Nov 2017 20:46:10 +0000 (20:46 +0000)]
tidying
Jeremy Harris [Thu, 16 Nov 2017 18:31:23 +0000 (18:31 +0000)]
Testsuite: delays for debug output ordering (again)
Jeremy Harris [Thu, 16 Nov 2017 12:12:48 +0000 (12:12 +0000)]
OpenSSL: avoid using now-deprecated routines on newer versions
Jeremy Harris [Wed, 15 Nov 2017 23:24:23 +0000 (23:24 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 22:09:10 +0000 (22:09 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 20:38:19 +0000 (20:38 +0000)]
Testsuite: OpenSSL/LibreSSL version output variances
Jeremy Harris [Wed, 15 Nov 2017 19:06:00 +0000 (19:06 +0000)]
Testsuite: better debug output from "server" script-runner
Jeremy Harris [Wed, 15 Nov 2017 18:56:21 +0000 (18:56 +0000)]
Testsuite: delays for debug output ordering
OpenBSD seems to prioritize the child of a fork; Linux & FreeBSD the parent
Jeremy Harris [Wed, 15 Nov 2017 18:38:44 +0000 (18:38 +0000)]
Testsuite: force RSA auth for testcase loading dual certs
More recent OpenSSL versions (1.1.0) reasonably prefer ECDSA when available,
where older (1.0.2) preferred RSA
Jeremy Harris [Wed, 15 Nov 2017 17:48:55 +0000 (17:48 +0000)]
Typo in sample configuration
Jeremy Harris [Sun, 12 Nov 2017 19:08:43 +0000 (19:08 +0000)]
Docs: PRVS validity. Bug 2033
Jeremy Harris [Tue, 14 Nov 2017 19:32:50 +0000 (19:32 +0000)]
Testsuite output updates
Heiko Schlittermann (HS12-RIPE) [Sun, 5 Nov 2017 22:57:16 +0000 (23:57 +0100)]
Add host detail on all deferred deliveries, not only the last one
Jeremy Harris [Sat, 11 Nov 2017 21:19:50 +0000 (21:19 +0000)]
Testsuite: another go at munging cipher-suite strings
Jeremy Harris [Sat, 11 Nov 2017 21:04:21 +0000 (21:04 +0000)]
Debug: remove router DSN config dump on startup
Jeremy Harris [Sat, 11 Nov 2017 18:39:09 +0000 (18:39 +0000)]
Testsuite: another go at munging cipher-suite strings
Jeremy Harris [Sat, 11 Nov 2017 16:11:06 +0000 (16:11 +0000)]
Downgrade an unfound-list name from panic to DEFER. Bug 1645
Jeremy Harris [Thu, 9 Nov 2017 21:35:08 +0000 (21:35 +0000)]
Testsuite: another go at munging cipher-suite strings
Jeremy Harris [Thu, 9 Nov 2017 19:49:49 +0000 (19:49 +0000)]
Testsuite: another go at munging cipher-suite strings
Jeremy Harris [Wed, 8 Nov 2017 12:37:22 +0000 (12:37 +0000)]
docs: typo
Jeremy Harris [Wed, 8 Nov 2017 12:01:20 +0000 (12:01 +0000)]
tidying
Jeremy Harris [Wed, 8 Nov 2017 10:43:28 +0000 (10:43 +0000)]
DKIM: call ACL once for each signature matching the identity from dkim_verify_signers. Bug 2189
Jeremy Harris [Tue, 7 Nov 2017 21:40:19 +0000 (21:40 +0000)]
DKIM: make verification results visible in data ACL
Jeremy Harris [Tue, 7 Nov 2017 19:01:42 +0000 (19:01 +0000)]
DKIM: Allow the DKIM ACL to override verification results. Bug 2186
This provides generic support, though is covers the need introduced
by https://datatracker.ietf.org/doc/draft-ietf-dcrup-dkim-usage/?include_text=1
(deprecating sha-1 and RSA keys shorter than 1024 bits).
Jeremy Harris [Tue, 7 Nov 2017 16:09:28 +0000 (16:09 +0000)]
TLS: support multiple certificate files in server. Bug 2092
Jeremy Harris [Fri, 3 Nov 2017 13:05:16 +0000 (13:05 +0000)]
Docs: add index entry
Jeremy Harris [Fri, 3 Nov 2017 11:02:19 +0000 (11:02 +0000)]
DKIM: better syntax for control of oversigning. Bug 2180
Phil Pennock [Thu, 2 Nov 2017 18:48:30 +0000 (14:48 -0400)]
Use LDFLAGS not EXTRALIBS_EXIM; 1.0.2 needs ldl too
Heiko Schlittermann (HS12-RIPE) [Wed, 1 Nov 2017 21:38:43 +0000 (22:38 +0100)]
exigrep: we need to run with perl 5.8.x
The defined-or operator '//' does not exist yet.
Jeremy Harris [Wed, 1 Nov 2017 12:32:13 +0000 (12:32 +0000)]
Use back-compatible variable for perl version
The modern $^V is not present in some buildfarm animals' perl versions.
Heiko Schlittermann (HS12-RIPE) [Wed, 1 Nov 2017 06:45:55 +0000 (07:45 +0100)]
Testsuite: Output the --version from exigrep, exinext, eximstats
Heiko Schlittermann (HS12-RIPE) [Wed, 1 Nov 2017 06:45:14 +0000 (07:45 +0100)]
Add --version to all installed Perl and Shell scripts.
This option outputs the build info, and for Perl scripts it additionally
outputs the Perl version that is running the current script.
Jeremy Harris [Tue, 31 Oct 2017 16:31:34 +0000 (16:31 +0000)]
Lose extraneous line
Broken-by: 9650d98a07
Jeremy Harris [Tue, 31 Oct 2017 15:31:50 +0000 (15:31 +0000)]
Add macro support to -be expansion test mode. Bug 1623
Jeremy Harris [Mon, 30 Oct 2017 10:15:26 +0000 (10:15 +0000)]
Testsuite: notify perl version at runtest startup
Andreas Metzler [Sat, 28 Oct 2017 17:45:30 +0000 (19:45 +0200)]
Make exim_monitor build reproducible.
Adapt changes to exim for SOURCE_DATE_EPOCH from exim
6e411084a29a7658f7bc88aa5a62ab9016c22c79 to exim_monitor.
Jeremy Harris [Sat, 28 Oct 2017 14:09:05 +0000 (15:09 +0100)]
Do not exit when cwd has no name. Bug 2078
Andreas Metzler [Sat, 28 Oct 2017 13:23:50 +0000 (14:23 +0100)]
Build: fix repeatable-build typo
Jeremy Harris [Sat, 28 Oct 2017 13:04:12 +0000 (14:04 +0100)]
Fix build warning. Bug 2181
Andreas Metzler [Sat, 28 Oct 2017 12:26:48 +0000 (14:26 +0200)]
Correct typo "psuedo" in exipick documentation.
Phil Pennock [Fri, 27 Oct 2017 17:07:48 +0000 (13:07 -0400)]
nit: typo-fix in comment (my goof)
Jeremy Harris [Thu, 26 Oct 2017 20:48:12 +0000 (21:48 +0100)]
Copyright year bumps for substantive changes 2017
Jeremy Harris [Thu, 26 Oct 2017 19:20:41 +0000 (20:20 +0100)]
Testsuite: OpenSSL version output variances
Jeremy Harris [Thu, 26 Oct 2017 17:43:55 +0000 (18:43 +0100)]
Testsuite: support platform variance in debug output
Solaris printf %p gives hex without a leading 0x
Jeremy Harris [Thu, 26 Oct 2017 17:34:48 +0000 (18:34 +0100)]
Testsuite: add missing testcase files
Jeremy Harris [Thu, 26 Oct 2017 17:26:37 +0000 (18:26 +0100)]
Testsuite: create test db on-the-fliy for LMDB testcase
Jeremy Harris [Thu, 26 Oct 2017 16:17:22 +0000 (17:17 +0100)]
Testsuite: more time for slow test platform
Jeremy Harris [Thu, 26 Oct 2017 13:54:02 +0000 (14:54 +0100)]
Revert "Build: tidying"
This reverts commit
3a40b2f9648ce9737b3f8f542e5079e58c4db3c3.
It didn't work with Pmake (FreeBSD/OpenBSD)
Jeremy Harris [Thu, 26 Oct 2017 13:47:11 +0000 (14:47 +0100)]
Debug: add trace in the inlist expansion condition
Jeremy Harris [Wed, 25 Oct 2017 17:13:19 +0000 (18:13 +0100)]
Build: tidying
Jeremy Harris [Wed, 25 Oct 2017 15:59:30 +0000 (16:59 +0100)]
Testsuite: more time for slow test platform
Jeremy Harris [Wed, 25 Oct 2017 14:54:31 +0000 (15:54 +0100)]
Docs: clarify DKIM default signing. Bug 2179
Jeremy Harris [Wed, 25 Oct 2017 14:19:32 +0000 (15:19 +0100)]
Testsuite: ignore timezone-specific debug output
Jeremy Harris [Wed, 25 Oct 2017 13:51:17 +0000 (14:51 +0100)]
Unbreak non-DKIM build
Jeremy Harris [Wed, 25 Oct 2017 09:58:18 +0000 (10:58 +0100)]
DKIM: add builtin macro with default list of headers for signing
Jeremy Harris [Sun, 22 Oct 2017 19:40:11 +0000 (20:40 +0100)]
Docs: expand TFO information
Jeremy Harris [Sun, 22 Oct 2017 14:47:13 +0000 (15:47 +0100)]
Testsuite: ignore optional-config output
Jeremy Harris [Sat, 21 Oct 2017 20:52:54 +0000 (21:52 +0100)]
tidying
Jeremy Harris [Sat, 21 Oct 2017 20:20:46 +0000 (21:20 +0100)]
tidying
Jeremy Harris [Sat, 21 Oct 2017 19:29:25 +0000 (20:29 +0100)]
Add equivalent for missing poll(2) #define
Needed in FreeBSD and OpenBSD, and probably Solaris
Jeremy Harris [Sat, 21 Oct 2017 18:27:01 +0000 (19:27 +0100)]
CHUNKING: Fix flush of chunk on error
Jeremy Harris [Sat, 21 Oct 2017 17:36:31 +0000 (18:36 +0100)]
Testsuite: make debug output for proxied TLS less indeterminate
Jeremy Harris [Fri, 20 Oct 2017 22:21:27 +0000 (23:21 +0100)]
Use safer routine for possibly-overlapping copy
Fixes a logging bug seen on aarch64
Jeremy Harris [Fri, 20 Oct 2017 22:20:57 +0000 (23:20 +0100)]
Testsuite: make debug output for proxied TLS less indeterminate