exim.git
6 years agoOpenSSL: Fix memory leak during multi-message connections using STARTTLS
Wolfgang Breyha [Mon, 19 Feb 2018 18:27:55 +0000 (18:27 +0000)]
OpenSSL: Fix memory leak during multi-message connections using STARTTLS

Reported-by: Wolfgang Breyha
Fix-by: Wolfgang Breyha, with additions from Jeremy Harris
6 years agoExpansions: make ${authresults } usable in a named ACL
Jeremy Harris [Sun, 18 Feb 2018 16:22:52 +0000 (16:22 +0000)]
Expansions: make ${authresults } usable in a named ACL

This will be more common than directly in the acl_smtp_data option,
and suffers one less expansion in operation.

6 years agoDebug: fix output for acl add_header
Jeremy Harris [Sun, 18 Feb 2018 15:52:33 +0000 (15:52 +0000)]
Debug: fix output for acl add_header

6 years agotypo
Jeremy Harris [Sun, 18 Feb 2018 12:17:30 +0000 (12:17 +0000)]
typo

6 years ago DMARC: fix result reporting when a DKIM ACL overrides the verify result. Bug...
Jeremy Harris [Sun, 18 Feb 2018 11:25:33 +0000 (11:25 +0000)]
DMARC: fix result reporting when a DKIM ACL overrides the verify result.  Bug 2236

6 years agoExpansions: new ${authresults {mch}} for an Authentication-Results header
Jeremy Harris [Sun, 18 Feb 2018 00:33:28 +0000 (00:33 +0000)]
Expansions: new ${authresults {mch}} for an Authentication-Results header

6 years agoFix memory leak during multi-message reception using STARTTLS
Jeremy Harris [Sat, 17 Feb 2018 16:53:27 +0000 (16:53 +0000)]
Fix memory leak during multi-message reception using STARTTLS

Reported-by: Wolfgang Breyha
6 years agoAvoid minor memleak during multi-message STARTTLS'd conns
Jeremy Harris [Sat, 17 Feb 2018 16:44:47 +0000 (16:44 +0000)]
Avoid minor memleak during multi-message STARTTLS'd conns
As STARTTLS/EHLO is repeated per message, we should free mem used for EHLO-dependent hostnames

6 years agotidying
Jeremy Harris [Sat, 17 Feb 2018 16:43:44 +0000 (16:43 +0000)]
tidying

6 years agoTestsuite: munge for no-DKIM builds
Jeremy Harris [Sat, 17 Feb 2018 15:21:53 +0000 (15:21 +0000)]
Testsuite: munge for no-DKIM builds

6 years agoDANE: move to mainline
Jeremy Harris [Thu, 15 Feb 2018 21:32:30 +0000 (21:32 +0000)]
DANE: move to mainline

6 years agocompiler quietening
Jeremy Harris [Wed, 14 Feb 2018 14:51:14 +0000 (14:51 +0000)]
compiler quietening

6 years agoMacros: speedup expansion processing
Jeremy Harris [Wed, 14 Feb 2018 14:08:08 +0000 (14:08 +0000)]
Macros: speedup expansion processing

6 years agotypo
Jeremy Harris [Tue, 13 Feb 2018 19:18:02 +0000 (19:18 +0000)]
typo

6 years agoACL: Enforce non-usability of control=utf8_downconvert in MAIL ACL. Bug 2239
Jeremy Harris [Mon, 12 Feb 2018 17:29:22 +0000 (17:29 +0000)]
ACL: Enforce non-usability of control=utf8_downconvert in MAIL ACL.  Bug 2239

6 years agoDebug: more detail in dkim processing
Jeremy Harris [Mon, 12 Feb 2018 16:27:09 +0000 (16:27 +0000)]
Debug: more detail in dkim processing

6 years agoRevert "Macros: convert to tree for speed of lookup"
Jeremy Harris [Sun, 11 Feb 2018 23:16:02 +0000 (23:16 +0000)]
Revert "Macros: convert to tree for speed of lookup"

This reverts commit 165acdd1ea3b7399b2279f94c881f8e366efaf71.

6 years agoSolaris 10 compatability, try two
Jeremy Harris [Sun, 11 Feb 2018 00:39:46 +0000 (00:39 +0000)]
Solaris 10 compatability, try two

6 years agoSolaris 10 compatability
Jeremy Harris [Sun, 11 Feb 2018 00:10:36 +0000 (00:10 +0000)]
Solaris 10 compatability

6 years agoUpdate copyright year to 2018
Heiko Schlittermann (HS12-RIPE) [Sat, 10 Feb 2018 22:32:34 +0000 (23:32 +0100)]
Update copyright year to 2018

Partly change a single year into a range, starting back in 1995, or
later, if indicated by other copyright information.

6 years agoFix base64d() buffer size (CVE-2018-6789)
Heiko Schlittermann (HS12-RIPE) [Mon, 5 Feb 2018 21:23:32 +0000 (22:23 +0100)]
Fix base64d() buffer size (CVE-2018-6789)

Credits for discovering this bug: Meh Chang <meh@devco.re>

(cherry picked from commit 062990cc1b2f9e5d82a413b53c8f0569075de700)

6 years agoCompiler-quietening
Jeremy Harris [Sat, 10 Feb 2018 20:06:08 +0000 (20:06 +0000)]
Compiler-quietening

6 years agoTestsuite: move DKIM Ed25519 testcases to seperate feature-test group
Jeremy Harris [Sat, 10 Feb 2018 17:29:38 +0000 (17:29 +0000)]
Testsuite: move DKIM Ed25519 testcases to seperate feature-test group

6 years agoTestsuite: move sha3 tests to separate testcase
Jeremy Harris [Sat, 10 Feb 2018 17:01:10 +0000 (17:01 +0000)]
Testsuite: move sha3 tests to separate testcase

6 years agoMacros: return macro-presence status from "exim -bP macro <name>"
Jeremy Harris [Sat, 10 Feb 2018 16:00:45 +0000 (16:00 +0000)]
Macros: return macro-presence status from "exim -bP macro <name>"

6 years agoBuiltin macros for sha3-hash and ed25519-signing support
Jeremy Harris [Fri, 9 Feb 2018 21:59:49 +0000 (21:59 +0000)]
Builtin macros for sha3-hash and ed25519-signing support

6 years agoMacros: convert to tree for speed of lookup
Jeremy Harris [Fri, 9 Feb 2018 21:42:32 +0000 (21:42 +0000)]
Macros: convert to tree for speed of lookup

6 years agoLose outdated builtin-macro warning
Jeremy Harris [Fri, 9 Feb 2018 21:14:51 +0000 (21:14 +0000)]
Lose outdated builtin-macro warning

6 years agoFix conversation closedown with the Avast malware scanner. Bug 2113
Jeremy Harris [Sun, 31 Dec 2017 17:40:55 +0000 (17:40 +0000)]
Fix conversation closedown with the Avast malware scanner.  Bug 2113

6 years agoRepair Heimdal GSSAPI authenticator init part 2
Phil Pennock [Thu, 8 Feb 2018 04:15:37 +0000 (23:15 -0500)]
Repair Heimdal GSSAPI authenticator init part 2

Broken-by: d185889f4
6 years agoRepair Heimdal GSSAPI authenticator init
Phil Pennock [Thu, 8 Feb 2018 03:59:03 +0000 (22:59 -0500)]
Repair Heimdal GSSAPI authenticator init

Broken-by: f2ed27cf5f
6 years agoDKIM: fix buffer overflow in verify
Jeremy Harris [Wed, 7 Feb 2018 23:09:55 +0000 (23:09 +0000)]
DKIM: fix buffer overflow in verify

Caused crash in free() by corrupting malloc metadata.

Reported-by: University of Cambridge
Broken-by: 80a47a2c96
6 years agoCutthrough: silently ignore ACL control when the message cannot be cutthrough-routed
Jeremy Harris [Wed, 7 Feb 2018 12:11:22 +0000 (12:11 +0000)]
Cutthrough: silently ignore ACL control when the message cannot be cutthrough-routed

6 years agoTestsuite: ignore more SSL library output variances
Jeremy Harris [Tue, 6 Feb 2018 19:29:14 +0000 (19:29 +0000)]
Testsuite: ignore more SSL library output variances

6 years agoDKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)
Jeremy Harris [Tue, 6 Feb 2018 14:24:23 +0000 (14:24 +0000)]
DKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)

6 years agoDebug: more info for string-expansion troubles
Jeremy Harris [Sat, 3 Feb 2018 23:13:53 +0000 (23:13 +0000)]
Debug: more info for string-expansion troubles

6 years agoDocs: Spell-check spec.xfpt
Vladimir Panteleev [Sat, 3 Feb 2018 05:07:49 +0000 (05:07 +0000)]
Docs: Spell-check spec.xfpt

6 years agoDocs: Fix formatting of $dkim_verify_status variable description
Vladimir Panteleev [Sat, 3 Feb 2018 04:55:06 +0000 (04:55 +0000)]
Docs: Fix formatting of $dkim_verify_status variable description

6 years agoDocs: Fix syntax in ${filter} example
Vladimir Panteleev [Sat, 3 Feb 2018 04:54:27 +0000 (04:54 +0000)]
Docs: Fix syntax in ${filter} example

6 years agoProtect build against LibreSSL.
Jeremy Harris [Fri, 2 Feb 2018 10:38:39 +0000 (10:38 +0000)]
Protect build against LibreSSL.

Broken-by: 9c29c48f83
6 years agoString expansions: support sha3 under OpenSSL (1.1.1+)
Jeremy Harris [Thu, 1 Feb 2018 23:03:25 +0000 (23:03 +0000)]
String expansions: support sha3 under OpenSSL (1.1.1+)

6 years agoDoc update: RFC 8314 submissions service
Phil Pennock [Wed, 31 Jan 2018 21:47:46 +0000 (16:47 -0500)]
Doc update: RFC 8314 submissions service

Using TLS-on-connect is no longer a legacy mode for bad clients, but
instead standards-track-RFC-compliant best current practice.

Plus ça change, plus c'est la même chose.

6 years agoDKIM: share body-hash calculation between multiple signatures for verification
Jeremy Harris [Wed, 31 Jan 2018 18:31:05 +0000 (18:31 +0000)]
DKIM: share body-hash calculation between multiple signatures for verification

6 years agoRouting: dnslookup and manualroute routers: ipv4_only, ipv4_prefer options. Bug...
Jeremy Harris [Sun, 28 Jan 2018 12:42:01 +0000 (12:42 +0000)]
Routing: dnslookup and manualroute routers: ipv4_only, ipv4_prefer options.  Bug 2149

6 years agoDebugging: fix potential null-derefs in DSN debug_printfs
Jeremy Harris [Sun, 28 Jan 2018 17:39:38 +0000 (17:39 +0000)]
Debugging: fix potential null-derefs in DSN debug_printfs

6 years agoBuild: .git may be a file when this repo is a submodule
Heiko Schlittermann (HS12-RIPE) [Sat, 27 Jan 2018 21:58:03 +0000 (22:58 +0100)]
Build: .git may be a file when this repo is a submodule

(cherry picked from commit 2dfd20fe244da439b1f6becb4e29c8cb83e2d399)

6 years agoTestsuite: locate.pl: do not try folders we do not have permissions for
Heiko Schlittermann (HS12-RIPE) [Fri, 19 Jan 2018 08:40:24 +0000 (09:40 +0100)]
Testsuite: locate.pl: do not try folders we do not have permissions for

6 years agoGnuTLS: fix to ignore timeout on unrelated callout connection. Bug 2174
Jeremy Harris [Sat, 27 Jan 2018 15:03:01 +0000 (15:03 +0000)]
GnuTLS: fix to ignore timeout on unrelated callout connection.  Bug 2174

6 years agoCutthrough: fix for port-number defined by router. Bug 2229
Jeremy Harris [Fri, 26 Jan 2018 18:40:41 +0000 (18:40 +0000)]
Cutthrough: fix for port-number defined by router.  Bug 2229

6 years agoCutthrough: fix multi-message initiating connections. Bug 2230
Jeremy Harris [Thu, 25 Jan 2018 21:27:00 +0000 (21:27 +0000)]
Cutthrough: fix multi-message initiating connections.  Bug 2230

6 years agoDKIM: use string-allocate facilities for DNS lookup
Jeremy Harris [Sun, 21 Jan 2018 14:51:45 +0000 (14:51 +0000)]
DKIM: use string-allocate facilities for DNS lookup

6 years agoUse bitfield macros for acl-where
Jeremy Harris [Sat, 20 Jan 2018 17:55:51 +0000 (17:55 +0000)]
Use bitfield macros for acl-where

6 years agoDocs: Update DKIM section with RFC 8301 requirements
Jeremy Harris [Sat, 20 Jan 2018 13:13:52 +0000 (13:13 +0000)]
Docs: Update DKIM section with RFC 8301 requirements

6 years agoTestsuite: munge output for platform variances in postgres server binary location
Jeremy Harris [Thu, 18 Jan 2018 11:58:10 +0000 (11:58 +0000)]
Testsuite: munge output for platform variances in postgres server binary location

6 years agoTestsuite: Try harder to locate the tools
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Jan 2018 21:55:15 +0000 (22:55 +0100)]
Testsuite: Try harder to locate the tools

6 years agoTestsuite: Use cp+chmod instead of install
Heiko Schlittermann (HS12-RIPE) [Thu, 18 Jan 2018 16:34:15 +0000 (17:34 +0100)]
Testsuite: Use cp+chmod instead of install

On Solaris, install doesn't seem to behave as expected.
(Or, it has different installs and we call the wrong one)

6 years agoTestsuite: Use more force to find postgresql binaries
Heiko Schlittermann (HS12-RIPE) [Wed, 17 Jan 2018 23:43:40 +0000 (00:43 +0100)]
Testsuite: Use more force to find postgresql binaries

6 years agoTestsuite: interlock Postgres server startup
Jeremy Harris [Wed, 17 Jan 2018 20:23:31 +0000 (20:23 +0000)]
Testsuite: interlock Postgres server startup

6 years agoDB: show the Berkeley DB runtime library version, for "-d -bV"
Jeremy Harris [Wed, 17 Jan 2018 11:46:01 +0000 (11:46 +0000)]
DB: show the Berkeley DB runtime library version, for "-d -bV"

6 years agoTestsuite: MySQL portability
Jeremy Harris [Tue, 16 Jan 2018 23:14:49 +0000 (23:14 +0000)]
Testsuite: MySQL portability

Community-mysql has no mysqld-safe script, and mysqld has varying locations.

6 years agoLogging: Receive duration on <= lines. Bug 353
Jeremy Harris [Tue, 16 Jan 2018 21:31:28 +0000 (21:31 +0000)]
Logging: Receive duration on <= lines.  Bug 353

6 years agoTestsuite: MySQL portability
Jeremy Harris [Tue, 16 Jan 2018 17:04:14 +0000 (17:04 +0000)]
Testsuite: MySQL portability

Pre-version-10.1.3 MariaDB has no "IF NOT EXISTS" on "CREATE USER"

6 years agoFix %D string expansion to not use millisec
Heiko Schlittermann (HS12-RIPE) [Tue, 16 Jan 2018 15:06:24 +0000 (16:06 +0100)]
Fix %D string expansion to not use millisec

log_selector +millisec should not change the expansion of %D
(used in log_file_path and maybe other places)

(cherry picked from commit d2fe8622a815e36bf66b04eb772d5ec0ba8e13af)

6 years agoDKIM: DNS records having no v= tag are acceptable. Bug 2207
Jeremy Harris [Sun, 14 Jan 2018 18:40:50 +0000 (18:40 +0000)]
DKIM: DNS records having no v= tag are acceptable.  Bug 2207

Broken-by c73a4d073e

6 years agoTestsuite: MySQL portability
Jeremy Harris [Sun, 14 Jan 2018 15:02:28 +0000 (15:02 +0000)]
Testsuite: MySQL portability

6 years agoTestsuite: wait for MySQL DB startup before inserting data
Jeremy Harris [Sun, 14 Jan 2018 14:51:36 +0000 (14:51 +0000)]
Testsuite: wait for MySQL DB startup before inserting data

6 years agoLookups: fix mysql lookup returns for no-data "queries",
Jeremy Harris [Sat, 13 Jan 2018 18:11:21 +0000 (18:11 +0000)]
Lookups: fix mysql lookup returns for no-data "queries",
when the number of rows affected is returned.  Bug 2223

Broken-by: acec9514b1
Also enhance the testsuite mysql testcase to be standalone and move to standard-run set
and add a specific testcase for this bug.

Testcase working on Fedora at least - we'll see what happens on other platforms
where executable locaation may vary.

6 years agoDocs: SPF no longer Experimental
Jeremy Harris [Sat, 13 Jan 2018 18:07:10 +0000 (18:07 +0000)]
Docs: SPF no longer Experimental

6 years agoOpenSSL: fix OCSP stapling under DANE
Jeremy Harris [Sun, 7 Jan 2018 22:18:55 +0000 (22:18 +0000)]
OpenSSL: fix OCSP stapling under DANE

6 years agoOpenSSL: better debug info for OCSP
Jeremy Harris [Sun, 7 Jan 2018 20:24:46 +0000 (20:24 +0000)]
OpenSSL: better debug info for OCSP

6 years agoDKIM: permit dkim_private_key to override dkim_strict on signing. Bug 2220
Jeremy Harris [Sun, 7 Jan 2018 15:03:25 +0000 (15:03 +0000)]
DKIM: permit dkim_private_key to override dkim_strict on signing.  Bug 2220

6 years agoLogging: disable the verbose DKIM verification line by default; add a tag to <= lines.
Jeremy Harris [Sat, 6 Jan 2018 14:48:35 +0000 (14:48 +0000)]
Logging: disable the verbose DKIM verification line by default; add a tag to <= lines.
New log_selector controls "dkim" and "dkim_verbose".

6 years agoSPF: promote from Experimental to mainline status
Jeremy Harris [Fri, 5 Jan 2018 13:33:42 +0000 (13:33 +0000)]
SPF: promote from Experimental to mainline status

6 years agoDocs: remove extraneous options from variables index
Jeremy Harris [Fri, 5 Jan 2018 13:48:08 +0000 (13:48 +0000)]
Docs: remove extraneous options from variables index

6 years agotidying
Jeremy Harris [Tue, 2 Jan 2018 14:29:29 +0000 (14:29 +0000)]
tidying

6 years agoTestsuite: Better platform portability by searching for Postgres server binaries
Jeremy Harris [Wed, 3 Jan 2018 15:11:48 +0000 (15:11 +0000)]
Testsuite:  Better platform portability by searching for Postgres server binaries

6 years agoTestsuite: SPF testcases. Bug 1789
Jeremy Harris [Tue, 2 Jan 2018 19:57:15 +0000 (19:57 +0000)]
Testsuite: SPF testcases.  Bug 1789

6 years agocoding standards
Jeremy Harris [Tue, 2 Jan 2018 14:29:45 +0000 (14:29 +0000)]
coding standards

6 years agoDocs: remove mention of the ClamAV "STREAM" method
Jeremy Harris [Mon, 1 Jan 2018 18:08:15 +0000 (18:08 +0000)]
Docs: remove mention of the ClamAV "STREAM" method

6 years agoContent scan: Remove support for the 7-year deprecated ClamAV "STREAM" method
Jeremy Harris [Mon, 1 Jan 2018 17:41:56 +0000 (17:41 +0000)]
Content scan:  Remove support for the 7-year deprecated ClamAV "STREAM" method

6 years agoContent scan: Disable "aveserver", "kavdaemon" and "mksd" in the template makefile...
Jeremy Harris [Mon, 1 Jan 2018 17:28:46 +0000 (17:28 +0000)]
Content scan:  Disable "aveserver", "kavdaemon" and "mksd" in the template makefile.  Bugs 1143, 1594

6 years agoFeature macros, show-supported and build-time selection for malware interfaces
Jeremy Harris [Mon, 1 Jan 2018 13:14:41 +0000 (13:14 +0000)]
Feature macros, show-supported and build-time selection for malware interfaces

6 years agorefactor show-supported coding
Jeremy Harris [Mon, 1 Jan 2018 13:47:26 +0000 (13:47 +0000)]
refactor show-supported coding

6 years agotidying
Jeremy Harris [Sat, 30 Dec 2017 15:32:57 +0000 (15:32 +0000)]
tidying

6 years agoEnable header_syntax verify in the example config
Jeremy Harris [Sun, 31 Dec 2017 11:12:50 +0000 (11:12 +0000)]
Enable header_syntax verify in the example config

6 years agoMIME ACL: fix SMTP response for non-accept result of the ACL. Bug 2214.
Jeremy Harris [Sat, 30 Dec 2017 13:55:54 +0000 (13:55 +0000)]
MIME ACL: fix SMTP response for non-accept result of the ACL.  Bug 2214.

As far as I can see this was broken back in 2013, f4c1088 for 4.82

6 years agoFix issue with continued-connections when the DNS shifts unreliably
Jeremy Harris [Wed, 27 Dec 2017 23:32:02 +0000 (23:32 +0000)]
Fix issue with continued-connections when the DNS shifts unreliably

6 years agoFix crash associated with dnsdb lookup done from DKIM ACL. Bug 2215
Jeremy Harris [Thu, 28 Dec 2017 20:09:05 +0000 (20:09 +0000)]
Fix crash associated with dnsdb lookup done from DKIM ACL.  Bug 2215

Broken-by: cc55f4208e
6 years agoUse common routine for building tagstring for dns-fail cache
Jeremy Harris [Thu, 28 Dec 2017 21:28:01 +0000 (21:28 +0000)]
Use common routine for building tagstring for dns-fail cache

6 years agoDebug: enhance output from smtp transport entry
Jeremy Harris [Wed, 27 Dec 2017 17:22:26 +0000 (17:22 +0000)]
Debug: enhance output from smtp transport entry

6 years agoDKIM: tighter checking while parsing signature headers. Bug 2217
Jeremy Harris [Thu, 28 Dec 2017 20:51:28 +0000 (20:51 +0000)]
DKIM: tighter checking while parsing signature headers.  Bug 2217

6 years agoCheck ARGV before subscripting it
Geraint Edwards [Thu, 28 Dec 2017 15:53:51 +0000 (15:53 +0000)]
Check ARGV before subscripting it

6 years agoTesttsuite: output changes resulting
Jeremy Harris [Wed, 27 Dec 2017 14:10:44 +0000 (14:10 +0000)]
Testtsuite: output changes resulting

6 years agoTestsuite: better portability of postgresq test vs. postgresql versions
Jeremy Harris [Wed, 27 Dec 2017 11:11:17 +0000 (11:11 +0000)]
Testsuite: better portability of postgresq test vs. postgresql versions

6 years agoLookups: fix pgsql multiple-row, single-column return
Jeremy Harris [Sun, 24 Dec 2017 16:42:04 +0000 (16:42 +0000)]
Lookups: fix pgsql multiple-row, single-column return

Report & fix from James <list@xdrv.co.uk>; additional tidying and testcase by JGH

Broken-by: acec9514b1
6 years agoTestsuite: shift pgsql tests to the standard-run set
Jeremy Harris [Sun, 24 Dec 2017 20:46:56 +0000 (20:46 +0000)]
Testsuite: shift pgsql tests to the standard-run set

6 years agoTestsuite: convert posgreql testing to standalone
Jeremy Harris [Sun, 24 Dec 2017 20:35:24 +0000 (20:35 +0000)]
Testsuite: convert posgreql testing to standalone

6 years agoDelivery: remove restriction on dirname length on having to create directories. ...
Jeremy Harris [Sat, 23 Dec 2017 17:46:10 +0000 (17:46 +0000)]
Delivery: remove restriction on dirname length on having to create directories.  Bug 2213

6 years agoDANE/GnuTLS: split verification of mixed sets of TLSA records by usage
Jeremy Harris [Fri, 22 Dec 2017 17:19:37 +0000 (17:19 +0000)]
DANE/GnuTLS: split verification of mixed sets of TLSA records by usage

This is because we cannot do the required CA-anchor and names checks for TA-mode
and not for EE-mode, without knowing which usage TLSA was used.

6 years agoConstification
Jeremy Harris [Fri, 22 Dec 2017 11:34:20 +0000 (11:34 +0000)]
Constification