exim.git
19 months agoDoc: Typos
Heiko Schlittermann (HS12-RIPE) [Fri, 13 Sep 2019 14:32:25 +0000 (16:32 +0200)]
Doc: Typos

20 months agoRefuse to open a msglog file with .. in the path.
Jeremy Harris [Tue, 10 Sep 2019 11:29:12 +0000 (12:29 +0100)]
Refuse to open a msglog file with .. in the path.

Recent exploits have use this as a step for overwriting system files,
and msglog file should always be under the spooldir, so add this as
a defence-in-depth tactic

20 months agotidying
Jeremy Harris [Tue, 10 Sep 2019 11:28:44 +0000 (12:28 +0100)]
tidying

20 months agoMove the regression test for CVE-2019-15846 to 1100-Basic-TLS/1100
Heiko Schlittermann (HS12-RIPE) [Tue, 10 Sep 2019 10:49:32 +0000 (12:49 +0200)]
Move the regression test for CVE-2019-15846 to 1100-Basic-TLS/1100

20 months agoTestsuite: munge for timing variance
Jeremy Harris [Sun, 8 Sep 2019 17:16:02 +0000 (18:16 +0100)]
Testsuite: munge for timing variance

20 months agoFix unaligned access (more cleanly) in DNS regative-caching
Jeremy Harris [Sun, 8 Sep 2019 13:41:48 +0000 (14:41 +0100)]
Fix unaligned access (more cleanly) in DNS regative-caching

20 months agoFix unaligned access in DNS negative-caching
Jeremy Harris [Sun, 8 Sep 2019 11:11:16 +0000 (12:11 +0100)]
Fix unaligned access in DNS negative-caching

20 months agostring.c: do not interpret '\\' before '\0' (CVE-2019-15846)
Heiko Schlittermann (HS12-RIPE) [Mon, 19 Aug 2019 12:45:48 +0000 (14:45 +0200)]
string.c: do not interpret '\\' before '\0' (CVE-2019-15846)

Add documents about CVE-2019-15846
Add testcase for CVE-2019-15846
Update Changelog
Add Announcements

(cherry picked from commit 2600301ba6dbac5c9d640c87007a07ee6dcea1f46693563381 and cdc7f9a966)

20 months agoTestsuite: increase RBL record TTL
Jeremy Harris [Sat, 7 Sep 2019 19:52:33 +0000 (20:52 +0100)]
Testsuite: increase RBL record TTL

20 months agoTestsuite: drop test.ex domain neg-cache ttl to 3000
Jeremy Harris [Thu, 5 Sep 2019 15:47:41 +0000 (16:47 +0100)]
Testsuite: drop test.ex domain neg-cache ttl to 3000

20 months agoSupport TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists. Bug 1395
Jeremy Harris [Thu, 5 Sep 2019 09:31:57 +0000 (10:31 +0100)]
Support TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists.  Bug 1395

20 months agoBuild: do not override the system "cc", on Linux and OpenBSD
Jeremy Harris [Thu, 5 Sep 2019 09:32:46 +0000 (10:32 +0100)]
Build: do not override the system "cc", on Linux and OpenBSD

20 months agotidying
Jeremy Harris [Wed, 4 Sep 2019 14:19:42 +0000 (15:19 +0100)]
tidying

20 months agoFix taint-checking on FreeBSD
Jeremy Harris [Wed, 4 Sep 2019 10:07:34 +0000 (11:07 +0100)]
Fix taint-checking on FreeBSD

20 months agotidying
Jeremy Harris [Tue, 3 Sep 2019 20:49:58 +0000 (21:49 +0100)]
tidying

20 months agoTestsuite: platform differences for resolver flags bits
Jeremy Harris [Mon, 2 Sep 2019 11:33:29 +0000 (12:33 +0100)]
Testsuite: platform differences for resolver flags bits

20 months agoBuild: another go at Solaris workarounds
Jeremy Harris [Mon, 2 Sep 2019 10:18:48 +0000 (11:18 +0100)]
Build: another go at Solaris workarounds

20 months agoTestsuite: keep noqualify testcase from using external DNS
Jeremy Harris [Sun, 1 Sep 2019 22:45:43 +0000 (23:45 +0100)]
Testsuite: keep noqualify testcase from using external DNS

20 months agoTestsuite: platform differences for resolver flags bits
Jeremy Harris [Sun, 1 Sep 2019 20:47:11 +0000 (21:47 +0100)]
Testsuite: platform differences for resolver flags bits

20 months agoTestsuite: fix non-ipv6 platforms
Jeremy Harris [Sun, 1 Sep 2019 19:43:02 +0000 (20:43 +0100)]
Testsuite: fix non-ipv6 platforms

Broken-by: 7d8d08c484
20 months agoSupport TTL from SOA for NXDOMAIN & NODATA cache entries. Bug 1395
Jeremy Harris [Sun, 1 Sep 2019 18:44:31 +0000 (19:44 +0100)]
Support TTL from SOA for NXDOMAIN & NODATA cache entries.  Bug 1395

20 months agoAlways check return from tls_export_cert()
Heiko Schlittermann (HS12-RIPE) [Fri, 30 Aug 2019 11:44:01 +0000 (13:44 +0200)]
Always check return from tls_export_cert()

Invert the meaning of the return.

20 months agoTestcase for handling of -H files for excessive long '-KEY' lines
Heiko Schlittermann (HS12-RIPE) [Tue, 27 Aug 2019 19:58:27 +0000 (21:58 +0200)]
Testcase for handling of -H files for excessive long '-KEY' lines

Thanks to Qualys for their analysis. This bug was fixed independently
by JGH.

Tidy.

20 months agoFix ${domain:} for a bare local-part input. Bug 2375
Jeremy Harris [Tue, 27 Aug 2019 16:44:52 +0000 (17:44 +0100)]
Fix ${domain:} for a bare local-part input.  Bug 2375

Broken-by: e2ff8e24f4
20 months agotypos
Jeremy Harris [Mon, 19 Aug 2019 19:06:32 +0000 (20:06 +0100)]
typos

20 months agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Mon, 19 Aug 2019 18:32:01 +0000 (19:32 +0100)]
Build: workaround inlining problems on Solaris

20 months agotaint SNI values supplied by client
Jeremy Harris [Mon, 19 Aug 2019 14:50:57 +0000 (15:50 +0100)]
taint SNI values supplied by client

20 months agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Mon, 19 Aug 2019 14:25:38 +0000 (15:25 +0100)]
Build: workaround inlining problems on Solaris

20 months agoTestsuite: DNS lookup notes
Jeremy Harris [Mon, 19 Aug 2019 13:23:11 +0000 (14:23 +0100)]
Testsuite: DNS lookup notes

20 months agotaint nonrcpt names read from spool
Jeremy Harris [Mon, 19 Aug 2019 11:03:46 +0000 (12:03 +0100)]
taint nonrcpt names read from spool

20 months agoinlining
Jeremy Harris [Mon, 19 Aug 2019 10:51:43 +0000 (11:51 +0100)]
inlining

20 months agoAppendfile: when evaluating quota use attemd to link counts
Jeremy Harris [Thu, 15 Aug 2019 12:47:04 +0000 (13:47 +0100)]
Appendfile: when evaluating quota use attemd to link counts

20 months agoTestsuite: not all builds include SPF
Jeremy Harris [Wed, 14 Aug 2019 12:32:11 +0000 (13:32 +0100)]
Testsuite: not all builds include SPF

20 months agoSPF: split library init from per-connection init
Jeremy Harris [Tue, 13 Aug 2019 21:33:50 +0000 (22:33 +0100)]
SPF: split library init from per-connection init

21 months agoDMARC: Use exim facilities for DNS lookups
Jeremy Harris [Tue, 13 Aug 2019 12:34:30 +0000 (13:34 +0100)]
DMARC: Use exim facilities for DNS lookups

This enables teststing with the testsuite

21 months agoDNS: use tainted memory for all lookups
Jeremy Harris [Tue, 13 Aug 2019 11:50:38 +0000 (12:50 +0100)]
DNS: use tainted memory for all lookups

21 months agoSPF: use exim facilities for DNS lookups
Jeremy Harris [Tue, 13 Aug 2019 10:58:10 +0000 (11:58 +0100)]
SPF: use exim facilities for DNS lookups

This enables testing with the testsuite

21 months agoDKIM: preferences for verify algorithms
Jeremy Harris [Sat, 10 Aug 2019 16:58:22 +0000 (17:58 +0100)]
DKIM: preferences for verify algorithms

21 months agoRouters: make retry_use_local_part default true when any non-domain condition is...
Jeremy Harris [Thu, 1 Aug 2019 18:31:36 +0000 (19:31 +0100)]
Routers: make retry_use_local_part default true when any non-domain condition is present.  Bug 2408

21 months agoFix ipv6-less build
Jeremy Harris [Sat, 10 Aug 2019 17:29:26 +0000 (18:29 +0100)]
Fix ipv6-less build

Broken-by: de2e5b3dc6
21 months agoDKIM: use tainted mem for dns lookup
Jeremy Harris [Sat, 10 Aug 2019 16:56:30 +0000 (17:56 +0100)]
DKIM: use tainted mem for dns lookup

21 months agoconstify
Jeremy Harris [Sat, 10 Aug 2019 16:55:16 +0000 (17:55 +0100)]
constify

21 months agoLookups: support IPv6 addresses in the spf lookup type. Bug 2378
Jeremy Harris [Sun, 4 Aug 2019 13:38:18 +0000 (14:38 +0100)]
Lookups: support IPv6 addresses in the spf lookup type.  Bug 2378

21 months agoCallouts: filter smtp response for bad chars before using in our smtp response. ...
Jeremy Harris [Sat, 3 Aug 2019 21:22:58 +0000 (22:22 +0100)]
Callouts: filter smtp response for bad chars before using in our smtp response.  Bug 2409

21 months agocompiler quietening
Jeremy Harris [Sat, 3 Aug 2019 15:42:19 +0000 (16:42 +0100)]
compiler quietening

21 months agoFix bogus taint coding in setenv
Jeremy Harris [Sat, 3 Aug 2019 15:40:14 +0000 (16:40 +0100)]
Fix bogus taint coding in setenv

This probably only affects Solaris; where it broke the build

21 months agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Sat, 3 Aug 2019 13:18:38 +0000 (14:18 +0100)]
Build: workaround inlining problems on Solaris
Also fix for difference in syscall types for munmap()

21 months agopreallocate store for config
Jeremy Harris [Sat, 6 Jul 2019 21:17:04 +0000 (22:17 +0100)]
preallocate store for config

21 months agoAuth: handle socket read errors in Dovecot authenticator
Bruce Lee [Tue, 30 Jul 2019 21:43:14 +0000 (22:43 +0100)]
Auth: handle socket read errors in Dovecot authenticator

21 months agotidying
Jeremy Harris [Tue, 30 Jul 2019 21:32:08 +0000 (22:32 +0100)]
tidying

21 months agoFix build on OpenBSD
Jeremy Harris [Mon, 29 Jul 2019 16:11:03 +0000 (17:11 +0100)]
Fix build on OpenBSD

21 months agoFix taint-checking on OpenBSD
Jeremy Harris [Mon, 29 Jul 2019 14:48:05 +0000 (15:48 +0100)]
Fix taint-checking on OpenBSD

21 months agotestsuite: interlock callout tests
Jeremy Harris [Sun, 28 Jul 2019 16:34:23 +0000 (17:34 +0100)]
testsuite: interlock callout tests

21 months agoFix crash after TLS channel shutdown
Jeremy Harris [Sun, 28 Jul 2019 13:47:29 +0000 (14:47 +0100)]
Fix crash after TLS channel shutdown

21 months agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Sat, 27 Jul 2019 16:11:09 +0000 (17:11 +0100)]
Build: workaround inlining problems on Solaris

21 months agoTestsuite: try to trace intermittent callout fails
Jeremy Harris [Sat, 27 Jul 2019 15:14:51 +0000 (16:14 +0100)]
Testsuite: try to trace intermittent callout fails

21 months agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Sat, 27 Jul 2019 14:00:58 +0000 (15:00 +0100)]
Build: workaround inlining problems on Solaris

21 months agoTestsuite: try to trace intermittent callout fails
Jeremy Harris [Thu, 25 Jul 2019 20:42:24 +0000 (21:42 +0100)]
Testsuite: try to trace intermittent callout fails

21 months agoBuild: workaround inlining problems on Solaris
Jeremy Harris [Thu, 25 Jul 2019 19:09:18 +0000 (20:09 +0100)]
Build: workaround inlining problems on Solaris

21 months agoDe-taint library-return string for inet_ntoa() etc
Jeremy Harris [Thu, 25 Jul 2019 18:41:57 +0000 (19:41 +0100)]
De-taint library-return string for inet_ntoa() etc

21 months agoinlining
Jeremy Harris [Thu, 25 Jul 2019 14:34:10 +0000 (15:34 +0100)]
inlining

21 months agoFix dkim_strict expansion. Bug 2413
Ruben Jenster [Fri, 19 Jul 2019 11:56:56 +0000 (12:56 +0100)]
Fix dkim_strict expansion.  Bug 2413

Broken since the introduction of dkim support.
Testsuite additions by jgh

21 months agoTrack tainted data and refuse to expand it
Jeremy Harris [Thu, 25 Jul 2019 11:06:07 +0000 (12:06 +0100)]
Track tainted data and refuse to expand it

21 months agoAvoid re-expansion in ${sort }
Jeremy Harris [Fri, 5 Jul 2019 14:38:15 +0000 (15:38 +0100)]
Avoid re-expansion in ${sort }

21 months agoTestsuite: Debug: indent lowlevel connect result
Jeremy Harris [Mon, 22 Jul 2019 09:13:42 +0000 (10:13 +0100)]
Testsuite: Debug: indent lowlevel connect result

21 months agoTestsuite: better non-TFO-system debug handling
Jeremy Harris [Sat, 20 Jul 2019 21:47:57 +0000 (22:47 +0100)]
Testsuite: better non-TFO-system debug handling

21 months agoDebug: indent lowlevel connect result
Jeremy Harris [Sat, 20 Jul 2019 19:58:24 +0000 (20:58 +0100)]
Debug: indent lowlevel connect result

21 months agoTestsuite: synch log output
Jeremy Harris [Sat, 20 Jul 2019 14:25:23 +0000 (15:25 +0100)]
Testsuite: synch log output

21 months agoDocs: more indexing for sighup
Jeremy Harris [Wed, 17 Jul 2019 09:10:33 +0000 (10:10 +0100)]
Docs: more indexing for sighup

21 months agoRouter variables: change list-separator to semicolon
Jeremy Harris [Mon, 15 Jul 2019 11:51:42 +0000 (12:51 +0100)]
Router variables: change list-separator to semicolon

21 months agoDocs: add note on unusablility of must-staple certs by clients. Bug 2350
Jeremy Harris [Mon, 15 Jul 2019 09:53:35 +0000 (10:53 +0100)]
Docs: add note on unusablility of must-staple certs by clients.  Bug 2350

22 months agoRouter variables: local visibiliity
Jeremy Harris [Thu, 11 Jul 2019 22:35:20 +0000 (23:35 +0100)]
Router variables: local visibiliity

22 months agoKeep router-variables separate on addrs, to avoid taint contamination
Jeremy Harris [Thu, 11 Jul 2019 16:12:26 +0000 (17:12 +0100)]
Keep router-variables separate on addrs, to avoid taint contamination

22 months agotidying
Jeremy Harris [Thu, 11 Jul 2019 15:17:34 +0000 (16:17 +0100)]
tidying

22 months agoDebug: indent lookup operations
Jeremy Harris [Thu, 11 Jul 2019 10:58:07 +0000 (11:58 +0100)]
Debug: indent lookup operations

22 months agoExpansions: acl expansion error detail
Jeremy Harris [Tue, 9 Jul 2019 21:43:18 +0000 (22:43 +0100)]
Expansions: acl expansion error detail

22 months agoRouters: named variables
Jeremy Harris [Mon, 8 Jul 2019 16:34:47 +0000 (17:34 +0100)]
Routers: named variables

22 months agoDocs: more indexing
Jeremy Harris [Mon, 8 Jul 2019 15:39:46 +0000 (16:39 +0100)]
Docs: more indexing

22 months agoMicrofix in SECURITY.md: exim-VERSION+fixes
Heiko Schlittermann (HS12-RIPE) [Sat, 6 Jul 2019 21:34:06 +0000 (23:34 +0200)]
Microfix in SECURITY.md: exim-VERSION+fixes

22 months agomore function attribute annotation
Jeremy Harris [Sat, 6 Jul 2019 19:44:45 +0000 (20:44 +0100)]
more function attribute annotation

22 months agoAdd missing feature lines to prototype Makefile
Jeremy Harris [Tue, 2 Jul 2019 21:23:49 +0000 (22:23 +0100)]
Add missing feature lines to prototype Makefile

22 months agoFix bounce generation under RFC 3461 request. Bug 2411
Jeremy Harris [Sat, 29 Jun 2019 18:31:23 +0000 (19:31 +0100)]
Fix bounce generation under RFC 3461 request.  Bug 2411

Broken-by: ea97267cea
22 months agoBuild: bodge attempt to get Solaris build working
Jeremy Harris [Sat, 29 Jun 2019 13:42:37 +0000 (14:42 +0100)]
Build: bodge attempt to get Solaris build working

22 months agoDocs: add note on effects of disabling IPv6 lookups
Jeremy Harris [Thu, 27 Jun 2019 19:59:26 +0000 (20:59 +0100)]
Docs: add note on effects of disabling IPv6 lookups

22 months agoCompiler quietening
Jeremy Harris [Wed, 26 Jun 2019 11:39:33 +0000 (12:39 +0100)]
Compiler quietening

Trying to set an enum (int-sized) with top bit set, needs a cast to (signed) int.
Broken-by: ae8f9024d8
22 months agoTestsuite: output changes resulting
Jeremy Harris [Wed, 26 Jun 2019 11:36:49 +0000 (12:36 +0100)]
Testsuite: output changes resulting

Broken-by: 436bda2ac0
22 months agoFix DSN Final-Recipient: field
Jeremy Harris [Wed, 26 Jun 2019 09:59:44 +0000 (10:59 +0100)]
Fix DSN Final-Recipient: field

22 months agotidying
Jeremy Harris [Mon, 3 Jun 2019 12:55:04 +0000 (13:55 +0100)]
tidying

22 months agoDebug: more gentle line-drawing chars
Jeremy Harris [Mon, 24 Jun 2019 14:15:55 +0000 (15:15 +0100)]
Debug: more gentle line-drawing chars

22 months agoAdd a security page in a place where GitHub will detect it
Phil Pennock [Wed, 19 Jun 2019 19:37:19 +0000 (15:37 -0400)]
Add a security page in a place where GitHub will detect it

22 months agoInline the smaller string-handling functions
Jeremy Harris [Sun, 16 Jun 2019 17:10:59 +0000 (18:10 +0100)]
Inline the smaller string-handling functions

23 months agoFix detection of 32b platform at build time. Bug 2405
Jeremy Harris [Fri, 7 Jun 2019 10:54:10 +0000 (11:54 +0100)]
Fix detection of 32b platform at build time.  Bug 2405

23 months agoFix smtp response timeout
Jeremy Harris [Mon, 27 May 2019 22:44:31 +0000 (23:44 +0100)]
Fix smtp response timeout

23 months agoUse dsn_from for success-DSN messages. Bug 2404
Jeremy Harris [Tue, 4 Jun 2019 17:13:21 +0000 (18:13 +0100)]
Use dsn_from for success-DSN messages.  Bug 2404

23 months agoUnbreak heimdal_gssapi auth driver
Phil Pennock [Wed, 5 Jun 2019 09:35:28 +0000 (05:35 -0400)]
Unbreak heimdal_gssapi auth driver

Commit 251b9eb46 broke heimdal_gssapi by changing the function
definition in the `.c` without changing the declaration in the `.h`.
Was part of 4.92.

Make corresponding `.h` change to reflect newer internal API.

23 months agoTestsuite: compat vs. older GnuTLS
Jeremy Harris [Tue, 4 Jun 2019 15:06:27 +0000 (16:06 +0100)]
Testsuite: compat vs. older GnuTLS

23 months agoEvents: avoid evaluating intermediates for unneeded events
Jeremy Harris [Tue, 4 Jun 2019 13:18:59 +0000 (14:18 +0100)]
Events: avoid evaluating intermediates for unneeded events

23 months agoTestsuite: platform variances
Jeremy Harris [Wed, 29 May 2019 13:14:24 +0000 (14:14 +0100)]
Testsuite: platform variances

23 months agoTestsuite: platform variances
Jeremy Harris [Tue, 28 May 2019 22:38:34 +0000 (23:38 +0100)]
Testsuite: platform variances

23 months agoTestsuite: library variances for ARC testcase
Jeremy Harris [Tue, 28 May 2019 20:04:47 +0000 (21:04 +0100)]
Testsuite: library variances for ARC testcase