Heiko Schlittermann (HS12-RIPE) [Wed, 29 Nov 2017 15:06:29 +0000 (16:06 +0100)]
Update Changelog to 4.89.1
Heiko Schlittermann (HS12-RIPE) [Mon, 27 Nov 2017 21:42:33 +0000 (22:42 +0100)]
Chunking: do not treat the first lonely dot special. CVE-2017-16944, Bug 2201
(cherry picked from commit
178ecb70987f024f0e775d87c2f8b2cf587dd542)
Change log update
(cherry picked from commit
b488395f4d99d44a950073a64b35ec8729102782)
Jeremy Harris [Fri, 24 Nov 2017 20:22:33 +0000 (20:22 +0000)]
Avoid release of store if there have been later allocations. Bug 2199
Heiko Schlittermann (HS12-RIPE) [Fri, 13 Oct 2017 22:24:54 +0000 (00:24 +0200)]
Fix mariadb/mysql macro confusion
Jeremy Harris [Fri, 20 Oct 2017 22:21:27 +0000 (23:21 +0100)]
Use safer routine for possibly-overlapping copy
Fixes a logging bug seen on aarch64
Jeremy Harris [Thu, 12 Oct 2017 13:03:08 +0000 (14:03 +0100)]
Fix queue_run_in_order to ignore the PID portion of the message ID
Jeremy Harris [Sat, 3 Jun 2017 12:39:18 +0000 (13:39 +0100)]
Fix crash in transport, on second smtp-connect fail for a list of target hosts
Reported as the sequence:
1MX: 554 on connect (banner)
2MX: TCP conn timeout
(cherry picked from commit
e69636bc9ddf3617be688b07941d7d659d50eaa7)
Jeremy Harris [Mon, 18 Sep 2017 16:47:52 +0000 (17:47 +0100)]
SOCKS: fix unitialized-pointer
Jeremy Harris [Sun, 10 Sep 2017 19:23:21 +0000 (20:23 +0100)]
DKIM: fix signing bug induced by total size of parameter text
causing header-line fold between "b=" and terminating ";" of
pseudo-header.
Jeremy Harris [Sun, 13 Aug 2017 10:07:33 +0000 (11:07 +0100)]
Document CVE assignment for Berkeley DB issue
Jeremy Harris [Sun, 16 Jul 2017 12:52:57 +0000 (13:52 +0100)]
Fix build for earlier version Berkeley DB
Jeremy Harris [Sat, 22 Jul 2017 15:38:08 +0000 (16:38 +0100)]
On callout avoid SIZE every time but noncacheable rcpt main-verify. Bug 2151
Jeremy Harris [Tue, 18 Jul 2017 22:10:33 +0000 (23:10 +0100)]
Fix cache-cold random callout verify. Bug 2147
Jeremy Harris [Sat, 15 Jul 2017 19:06:01 +0000 (20:06 +0100)]
Use the BDB "environment" so that a database config file is not looked for. Bug 2141
This is a squashed pair,
cfb9cf20cb and
0a6c178c6c, picked from the master branch.
Jeremy Harris [Thu, 29 Jun 2017 20:14:40 +0000 (21:14 +0100)]
Transport: fix smtp under combo of mua_wrapper and limited max_rcpt
Fix mis-merge
Jeremy Harris [Thu, 29 Jun 2017 19:34:20 +0000 (20:34 +0100)]
Openssl: disable session-tickets by default and session-cache always
This reverts the changes in tls-openssl.c tls_init() to the minimal set needed for the fix
Heiko Schlittermann (HS12-RIPE) [Wed, 28 Jun 2017 21:42:17 +0000 (23:42 +0200)]
testsuite: don't break on '+' in trusted-config-list path
(cherry picked from commit
93d55ee3221f7802c9329576575322f4764b5211)
Jeremy Harris [Sat, 15 Apr 2017 15:22:52 +0000 (16:22 +0100)]
Transport: fix smtp under combo of mua_wrapper and limited max_rcpt
(cherry picked from commit
4c2471caf34b901ee481cd1e742b3620e734b16b)
Jeremy Harris [Sun, 2 Apr 2017 13:54:39 +0000 (14:54 +0100)]
Openssl: disable session-tickets by default and session-cache always
(cherry picked from commit
7006ee24ecfd9d8f405f70d38cc36bdd91f8de87)
Heiko Schlittermann (HS12-RIPE) [Tue, 13 Jun 2017 15:36:44 +0000 (17:36 +0200)]
Fix log line corruption for DKIM status
(cherry picked from commit
31323b30449a59713ed7a99f86e356cb1b9d0fb7)
Heiko Schlittermann (HS12-RIPE) [Wed, 31 May 2017 21:08:56 +0000 (23:08 +0200)]
Cleanup (prevent repeated use of -p/-oMr to avoid mem leak)
(cherry picked from commit
65e061b76867a9ea7aeeb535341b790b90ae6c21)
(cherry picked from commit
35a043657fa583a0ce96be9da4fff22cb0232c4e)
Heiko Schlittermann (HS12-RIPE) [Wed, 28 Jun 2017 08:55:42 +0000 (10:55 +0200)]
Start exim-4_89+fixes to cherry pick some commits from the master branch
Jeremy Harris [Mon, 27 Feb 2017 13:38:53 +0000 (13:38 +0000)]
Testsuite: reduce trailing 0372 subtest to queue-only
Suboptimal, but sufficient to regression-test the reason it was added (a live acl_m_
variable being store_reset over, after reception (and ACLs) and then referenced
later. The problem was, child procs of the daemon were still running as the following
0373 started up, and left unexpected output files there.
(cherry picked from commit
ea89f8337e9b47b7d9f986e07437a1002351855c)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Fri, 10 Feb 2017 11:36:52 +0000 (11:36 +0000)]
Testsuite: fix munging of now-indented date in stdout
Broken-by: e1d04f48a45c
(cherry picked from commit
e51462229029e40afa0932dd9c6337192a0dc70b)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Fri, 3 Mar 2017 07:24:11 +0000 (02:24 -0500)]
openssl.txt: stamp RPATH into library too
(cherry picked from commit
8d3bb6f58c24666b105820044fdaa4dff49dd661)
Signed-off-by: Phil Pennock <pdp@exim.org>
Heiko Schlittermann (HS12-RIPE) [Sun, 26 Feb 2017 22:22:18 +0000 (23:22 +0100)]
Testsuite: Terminate the client input properly
(cherry picked from commit
1150adb2d5e67c579ac09b5266b6a815fa8ae2f3)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Tue, 28 Feb 2017 23:57:36 +0000 (23:57 +0000)]
Coverity fixes
(cherry picked from commit
59d9803955886f56f67e3ceff5632b704e4c5548)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Tue, 28 Feb 2017 23:15:41 +0000 (23:15 +0000)]
Memory Management: drop another variable ($callout_address) as it goes out of scope.
[committer note: dropped extra whitespace changes]
(cherry picked from commit
8c0d5ae8fdf1c1fed2ada225e345e72884774042)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Tue, 28 Feb 2017 22:39:33 +0000 (17:39 -0500)]
Document Jeremy's ref-count bug-fix as 4.89 JH/19
Jeremy Harris [Tue, 28 Feb 2017 18:24:40 +0000 (18:24 +0000)]
Fix child-address counting.
When a new address was created by a routing step it was possible for the parent address in the tree to
be marked as having zero children, despite the new child having a pointer to the parent. When the child
was then delivered, the count on the parent could go negative or, if other children had been added which
correctly incremented the count, arrive at zero while some children were outstanding. Fix this to
maintin the invariant. While there, make the counter unsigned.
(cherry picked from commit
82f90600647a5322e9e7b58fc127eb8be839165c)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Tue, 28 Feb 2017 09:40:04 +0000 (09:40 +0000)]
Docs: add more Redis info
(cherry picked from commit
d5d82b8443e2604e7b0729ecbb3b2041ce176189)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sun, 26 Feb 2017 18:31:28 +0000 (13:31 -0500)]
ChangeLog entry JH/18; applying to 4.89 release
(cherry picked from commit
4bb432cb42d990bc40665d38aedbf02b00128df7)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Sun, 26 Feb 2017 01:07:47 +0000 (01:07 +0000)]
Fix ${extract } corrupting an enclosing ${reduce } $value. Bug 2061
Broken-by: 20fcb1e7be45 - Bug 1870
(cherry picked from commit
9e09521e621d852ac4828f1865b4ccb01568d9ee)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sat, 25 Feb 2017 03:39:02 +0000 (22:39 -0500)]
Pull in vdukhovni/ssl_dane
8270afba fix
Negating an int and comparing to another int was a bug which we got
lucky on.
Jeremy Harris [Fri, 24 Feb 2017 15:00:40 +0000 (15:00 +0000)]
Memory management: drop $acl_m_ variables explicitly as they go out-of-scope
between message receptions in an SMTP connection
(cherry picked from commit
b83fa5fa89071dab0637c0e58ba8e5c1b829149b)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Thu, 23 Feb 2017 02:24:03 +0000 (21:24 -0500)]
Move bdat_ungetc decl to hdr ∵ receive.c uses too
(cherry picked from commit
f6f4a58dcac2a21f4104bb8d7e580e90ba6bf3f4)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Sat, 11 Feb 2017 16:36:23 +0000 (16:36 +0000)]
Memory Managment: new main-section config option "debug_store" to control extra internal checking
(cherry picked from commit
10919584f8ad580434442c7d971083f91c315bc0)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sun, 19 Feb 2017 22:27:11 +0000 (17:27 -0500)]
releng: able to use gnupg default keys for signing
Git and our previous "must specify one keyid" approach is more
constraining than GnuPG allows; cleanest and simplest way, without
breaking support for people with multiple keys and such like, is to just
provide a way to break out of our logic and say "use the configured
default GnuPG keys".
My PGP key has multiple signing subkeys, one RSA and one
Ed25519; I
think I might try a dual-signature in an upcoming RC to see how many
people scream with broken OpenPGP clients.
(cherry picked from commit
b7e8c96e9bfd6fe9505230359138f59b731054e5)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Wed, 15 Feb 2017 03:22:17 +0000 (22:22 -0500)]
Fix broken-in-queue messages predating CHUNKING fix
util/chunking_fixqueue_finalnewlines.pl walks the queue, fixing any
affected messages; see README.UPDATING.
We're extremely cautious about operation failure.
We do one check without locking messages, so that we can quickly skip
past before trying to lock and contending with an actual delivery. Then
we lock and do another fix.
Note that we use flock, not fcntl, because that's what Perl makes
readily available; we use an OS-guard to barf if the OS is not handled.
(cherry picked from commit
7dc5f827a629b06afcba5a1a52184084c5214c98)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Tue, 14 Feb 2017 23:20:52 +0000 (18:20 -0500)]
nit: document that `fout` must be open for reading too
(cherry picked from commit
544dd905b208164eaae771ab6d2a198b4c67aa0c)
Signed-off-by: Phil Pennock <pdp@exim.org>
Heiko Schlittermann (HS12-RIPE) [Tue, 14 Feb 2017 18:38:41 +0000 (19:38 +0100)]
Fix missing line termination on the last received BDAT chunk (Bug 1974)
(cherry picked from commit
d953610fa77ec9a08fad9c1a183181079a79674e)
Signed-off-by: Phil Pennock <pdp@exim.org>
Heiko Schlittermann (HS12-RIPE) [Tue, 14 Feb 2017 18:37:28 +0000 (19:37 +0100)]
Use enum { SEEN_LF, …} for ch_state(s)
(cherry picked from commit
cff70eb1c1eb494ee5964dca33dc115181baafd7)
Signed-off-by: Phil Pennock <pdp@exim.org>
Heiko Schlittermann (HS12-RIPE) [Sun, 12 Feb 2017 21:50:18 +0000 (16:50 -0500)]
os_getcwd(): do not realloc if there was no malloc().
(cherry picked from commit
4a5ee04fd186cb7d86a4f70821dacc55f8cce98d)
(changelog added)
Signed-off-by: Phil Pennock <pdp@exim.org>
Jeremy Harris [Sun, 12 Feb 2017 21:46:30 +0000 (16:46 -0500)]
DKIM: fix crash with a verification when dkim disabled, under CHUNKING
(cherry picked from commit
79de4f370f306869887e1714ff4ecef5bfc93fa5)
(changelog added)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sun, 12 Feb 2017 11:52:36 +0000 (06:52 -0500)]
FreeBSD: only assume iconv for FreeBSD >= 10
Since FreeBSD 10 is the oldest version of the OS supported by the
FreeBSD Project, we shouldn't need this. But people are still using
older versions. On closer examination, it's only been 6 weeks since 9.3
stopped being supported. People ignoring the status are playing with
fire, getting no security updates, but let's not make that _our_
problem.
Guard the "use system iconv" #define for the libiconv package with an OS
version #ifdef.
(cherry picked from commit
852e25c532665a5523f07930030199666aef996c)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sun, 12 Feb 2017 00:56:50 +0000 (19:56 -0500)]
Fix missing Changelog entries for recent work
(cherry picked from commit
1ec2ab360cdac80529cfb597a1efa6c3fc9ea9b8)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sun, 12 Feb 2017 00:37:04 +0000 (19:37 -0500)]
Unbreak test_dbfn make-target
doc/dbm.discuss.txt describes how to make and use `test_dbfn` for
testing DB functionality.
Commit
cf0812d5 adds a call to assert_no_variables into store.c which
depends upon expand.c functionality and we can't link that in for
test_dbfn without pulling in half of Exim.
So adjust the test_dbfn target to rebuild store.o in COMPILE_UTILITY
mode and link against that variant, then remove the custom-built store.o
after the executable has been linked.
(cherry picked from commit
92e840383faa41c28f4ef099ee5fe0b6b18c2738)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sat, 11 Feb 2017 21:10:16 +0000 (16:10 -0500)]
Mention FreeBSD/iconv in README.UPDATING
(cherry picked from commit
0aaf76a49ec6e788d56b3b2100436f3641284532)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Sat, 11 Feb 2017 02:00:02 +0000 (21:00 -0500)]
Compilation warnings shushing
With this patch, in clang 3.4.1 we get no compilation complaints if
Local/Makefile contains:
CC=clang
CFLAGS+=-Wno-dangling-else -Wno-logical-op-parentheses
* In hash.c, for the OpenSSL case, use assert() to guard the paths which
can't happen, instead of just assuming that the calling code never has
a mistake
* Fix some signed/unsigned issues
* Be explicit about some ignored return values
* Some parens around bit-twiddling
* Use our os_getcwd with its extra guards in one place where getcwd was
called
* FreeBSD: use system iconv, safely, always
Phil Pennock [Sat, 11 Feb 2017 00:37:44 +0000 (19:37 -0500)]
perl paranoia about @INC
(cherry picked from commit
4d3d955f2791199b35704c3e9784dc99fd229696)
Signed-off-by: Phil Pennock <pdp@exim.org>
Phil Pennock [Fri, 10 Feb 2017 03:42:00 +0000 (22:42 -0500)]
RELEASE EXPERIMENT: tarball ownership, fix RC version
The ability to release 4.XX.Y via hardcoding a version.sh as part of
release broke the ability to do properly versioned RC releases. Fix
that.
Try to fix ownership of files in tarballs to not be local system user.
Phil Pennock [Thu, 2 Feb 2017 20:38:14 +0000 (15:38 -0500)]
Release packaging & scripting improvements.
* Make the .xz tarball variant too, and work harder on compressing our
files for distribution.
+ The .xz files have gained more positive feedback than any other part
of the 4.89 release.
* Drop usercodes from tarball
+ We shouldn't be embedding own-system-specifc ownership information
into software release tarballs. That's for local system backups,
not distribution.
* Script for the size/checksums
+ We include checksums in the mail; this gets the format fixed and not
including checksums-of-signatures, etc. I've also experimented with
including the size, so let's script that to be portably generated.
* Better tarball signing script
+ Automatically find the signing directory (if not already in it)
+ Sign all files, properly skipping existing .asc files
+ Find the signing key from git config, if available, else error out
(Nigel is not on the hook as the default victim now)
+ Show what we're doing as we do it
All changes made on the original `release_4_89` branch with
`RELEASE EXPERIMENT` subject tags.
Jeremy Harris [Wed, 8 Feb 2017 17:31:37 +0000 (17:31 +0000)]
Fix DKIM/GnuTLS build
Broken-by: e1d04f48a45c
Jeremy Harris [Sun, 5 Feb 2017 23:19:56 +0000 (23:19 +0000)]
Debug: indent ACL and expreassion tracing by evaluation depth
Jeremy Harris [Wed, 8 Feb 2017 14:04:47 +0000 (14:04 +0000)]
DKIM: trim debug verbosity
This tidies some buildfarm fails on animals buildding without DKIM
Jeremy Harris [Wed, 8 Feb 2017 10:48:33 +0000 (10:48 +0000)]
Fix non-contentscan build
Broken-by: 90341c71c19c
Jeremy Harris [Wed, 8 Feb 2017 01:19:39 +0000 (01:19 +0000)]
Memory management: drop variables identified as going out-of-scope
Fixes crash in transport re-using bad $sender_ip_address from callout
Jeremy Harris [Tue, 7 Feb 2017 21:48:48 +0000 (21:48 +0000)]
Memory management: when running under the testsuite, check every string variable on store_reset
On spotting data in a region being freed, panic
Heiko Schlittermann (HS12-RIPE) [Tue, 7 Feb 2017 19:08:58 +0000 (20:08 +0100)]
DocÖ Fix typo about spf lookup (experimental)
Heiko Schlittermann (HS12-RIPE) [Thu, 2 Feb 2017 08:21:13 +0000 (09:21 +0100)]
Testsuite: tidy generation and sorting of exim -bp output
The root cause is, that exim -bp doesn't always return the message
ids in the order they were created, but sorted. The 2nd
part of the message id (PID) can be random on *BSD.
Phil Pennock [Mon, 6 Feb 2017 18:25:30 +0000 (13:25 -0500)]
doc-fix: reference current libsrs_alt availability
Matches site from Wiki, from Google SERP, etc.
Jeremy Harris [Mon, 6 Feb 2017 14:16:14 +0000 (14:16 +0000)]
CHUNKING: fix transport crash on temp-reject of pipelined non-first chunk
Jeremy Harris [Fri, 3 Feb 2017 13:55:58 +0000 (13:55 +0000)]
DKIM: more care over untrustworthy data during verify
Jeremy Harris [Fri, 3 Feb 2017 14:00:40 +0000 (14:00 +0000)]
Fix no-SSL build
Phil Pennock [Thu, 2 Feb 2017 21:02:40 +0000 (16:02 -0500)]
FreeBSD: Perl no longer in /usr/bin from Ports
FreeBSD Ports by policy no longer allows symlinks in /usr/bin for things
like Perl, so we have to look in /usr/local/bin for it instead.
Phil Pennock [Thu, 2 Feb 2017 20:13:53 +0000 (15:13 -0500)]
Spec docs for IDNA2008 support
Jeremy Harris [Thu, 2 Feb 2017 14:22:07 +0000 (14:22 +0000)]
GnuTLS: fix use of SHA3 hashes
Heiko Schlittermann (HS12-RIPE) [Thu, 2 Feb 2017 00:32:21 +0000 (01:32 +0100)]
Testsuite: Fix 0207 (message order)
Message ids are not always in ascending order (PIDs may be randomized)
Thanks to Kirill Miazine.
Jeremy Harris [Wed, 1 Feb 2017 17:46:26 +0000 (17:46 +0000)]
Testsuite: output changes from
a26fb6a77384
Phil Pennock [Wed, 1 Feb 2017 17:34:52 +0000 (12:34 -0500)]
bug-fix test-driving input
The client driver is a little restrictive in the escape sequences it
handles; two octets here were missing the `x` after the `\`, so `\05` is
two octets, a 0 and then a 5, where `\x05` would be one octet.
So we were sending two more octets than expected, not catching that Exim
was parsing the wrong IP/port at the end, and now that Exim only reads
as much of the proxy protocol header as belongs in it, instead of "up to
the largest it could be", this test-bug has been exposed.
Phil Pennock [Wed, 1 Feb 2017 04:55:51 +0000 (23:55 -0500)]
Proxy clarification & nit fixes.
Release: should be cherry-picked into 4.89RC series
Phil Pennock [Wed, 1 Feb 2017 03:15:55 +0000 (22:15 -0500)]
Handle Proxy Protocol v2 safely as well.
We had test suite failures (test suite success!) because Proxy Protocol
v2 (PPv2) wasn't being detected; by only reading 12 octets, the >= 16
check was failing. But in fact I had previously only fixed reading
"only enough" for PPv1.
Handling both PPv1 and PPv2 is complicated because the minimum valid
length for PPv1 is 15 octets but for PPv2 the size to read is in the
15th and 16th octets.
So refactored a little and we now use a total of 3 reads for the PPv2
case (assuming no fragmentation, etc; we'll actually keep reading now
instead of aborting) to get the entire PPv2 header of exactly the right
size, so that TLS handshake immediately following the PP header is not
also swallowed.
Fixes: 2018
Tested: manually, TLS and non-TLS, PPv1 and PPv2, all ways.
Release: should be cherry-picked into 4.89RC series
Jeremy Harris [Tue, 31 Jan 2017 21:38:22 +0000 (21:38 +0000)]
Fix error logged for send failure
Broken-by: de6273b487f1
Jeremy Harris [Tue, 31 Jan 2017 17:45:51 +0000 (17:45 +0000)]
Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit clamp on small-size_t platforms
Jeremy Harris [Tue, 31 Jan 2017 16:00:54 +0000 (16:00 +0000)]
Callouts: fix recipient verify/random
Broken-by: e9166683487c
Jeremy Harris [Tue, 31 Jan 2017 01:22:17 +0000 (01:22 +0000)]
Fix logging of drop-after-EHLO-reject.
An unset variable went wrong with clang, was fortuitously right with gcc.
Jeremy Harris [Mon, 30 Jan 2017 17:52:50 +0000 (17:52 +0000)]
Testsuite: perl may live in /usr/local/bin
Jeremy Harris [Mon, 30 Jan 2017 17:27:15 +0000 (17:27 +0000)]
Avoid using "-w" option in perl script shebang lines, being incompatible with "env perl"
Phil Pennock [Tue, 31 Jan 2017 03:57:52 +0000 (22:57 -0500)]
Abort release process if generated .txt empty
Phil Pennock [Tue, 31 Jan 2017 03:44:45 +0000 (22:44 -0500)]
Open umask before creating release packages
Phil Pennock [Tue, 31 Jan 2017 01:41:31 +0000 (20:41 -0500)]
Copyright year bumps for substantive changes 2017
Phil Pennock [Tue, 31 Jan 2017 00:54:47 +0000 (19:54 -0500)]
Document that fixed 2018
Fixes: 2018
Phil Pennock [Tue, 31 Jan 2017 00:51:01 +0000 (19:51 -0500)]
Avoid reading too much data before TLS handshake
Phil Pennock [Mon, 30 Jan 2017 23:38:16 +0000 (18:38 -0500)]
Fix size calculation, log unhandled amount.
We did a `string_copy()` so `hdr.v1.line` is not the right base for an
accurate size. Fix.
Log unhanded amount. For clients waiting on the server before sending,
this has to be 0. For clients speaking first (TLS) this can be
non-zero.
Jeremy Harris [Mon, 30 Jan 2017 15:37:50 +0000 (15:37 +0000)]
Restrict address-parsing to a maximum of five layers of nested angle-brackets,
under main-option strip_excess_angle_brackets
Jeremy Harris [Sun, 29 Jan 2017 22:58:47 +0000 (22:58 +0000)]
Tidying: Coverity
Jeremy Harris [Sun, 29 Jan 2017 20:18:07 +0000 (20:18 +0000)]
Testsuite: add missing output file.
Broken-by: 560e71cc5451
Jeremy Harris [Sun, 29 Jan 2017 19:15:12 +0000 (19:15 +0000)]
Update change log
Jeremy Harris [Sun, 29 Jan 2017 18:03:40 +0000 (18:03 +0000)]
CHUNKING: Reject messages with malformed line ending. Bug 2000
Actually test only the first header line, but still do full line-ending canonicalisation on the
remainder of the message in case a Evil Person slips past that.
Jeremy Harris [Sun, 29 Jan 2017 15:30:28 +0000 (15:30 +0000)]
Docs: add note on verify = senders= . Bug 2028
Jeremy Harris [Thu, 26 Jan 2017 20:21:57 +0000 (20:21 +0000)]
TFO: remember setsockopt results, to condition non-transport client use. Bug 2027
Jeremy Harris [Tue, 17 Jan 2017 00:39:41 +0000 (00:39 +0000)]
Shuffle proxy-protocol to wrap TLS-on-connect startup. Bug 2018
Kirill Miazine [Sun, 29 Jan 2017 14:55:58 +0000 (14:55 +0000)]
DANE: fix build under LibreSSL. Bug 2020
Jeremy Harris [Sat, 28 Jan 2017 17:53:29 +0000 (17:53 +0000)]
Testsuite: add dnsdb testcase for defer when used in ACL
Jeremy Harris [Sat, 28 Jan 2017 16:13:26 +0000 (16:13 +0000)]
Docs: add note on system_filter forced expansion fail
Jeremy Harris [Sat, 28 Jan 2017 15:08:22 +0000 (15:08 +0000)]
LMDB: include filename in open-error message
Jeremy Harris [Sat, 28 Jan 2017 12:30:29 +0000 (12:30 +0000)]
DKIM: check pointer to calculated body hash before verify comparison. Bug 2029
We can have a missing body hash from a malformed DKIM-Signature: header
Jeremy Harris [Sat, 28 Jan 2017 14:21:19 +0000 (14:21 +0000)]
Testsuite: testcase for DKIM bug 2029
Jeremy Harris [Sat, 28 Jan 2017 12:29:47 +0000 (12:29 +0000)]
DKIM: rename variables for clarity
Jeremy Harris [Wed, 25 Jan 2017 17:08:53 +0000 (17:08 +0000)]
Testsuite: get same certextract samples for GnuTLS and OpenSSL
projects / exim.git / log