summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-02-03DKIM: more care over untrustworthy data during verifyJeremy Harris
2017-02-03Fix no-SSL buildJeremy Harris
2017-02-02FreeBSD: Perl no longer in /usr/bin from PortsPhil Pennock
FreeBSD Ports by policy no longer allows symlinks in /usr/bin for things like Perl, so we have to look in /usr/local/bin for it instead.
2017-02-02Spec docs for IDNA2008 supportPhil Pennock
2017-02-02GnuTLS: fix use of SHA3 hashesJeremy Harris
2017-02-02Testsuite: Fix 0207 (message order)Heiko Schlittermann (HS12-RIPE)
Message ids are not always in ascending order (PIDs may be randomized) Thanks to Kirill Miazine.
2017-02-01Testsuite: output changes from a26fb6a77384Jeremy Harris
2017-02-01bug-fix test-driving inputPhil Pennock
The client driver is a little restrictive in the escape sequences it handles; two octets here were missing the `x` after the `\`, so `\05` is two octets, a 0 and then a 5, where `\x05` would be one octet. So we were sending two more octets than expected, not catching that Exim was parsing the wrong IP/port at the end, and now that Exim only reads as much of the proxy protocol header as belongs in it, instead of "up to the largest it could be", this test-bug has been exposed.
2017-01-31Proxy clarification & nit fixes.Phil Pennock
Release: should be cherry-picked into 4.89RC series
2017-01-31Handle Proxy Protocol v2 safely as well.Phil Pennock
We had test suite failures (test suite success!) because Proxy Protocol v2 (PPv2) wasn't being detected; by only reading 12 octets, the >= 16 check was failing. But in fact I had previously only fixed reading "only enough" for PPv1. Handling both PPv1 and PPv2 is complicated because the minimum valid length for PPv1 is 15 octets but for PPv2 the size to read is in the 15th and 16th octets. So refactored a little and we now use a total of 3 reads for the PPv2 case (assuming no fragmentation, etc; we'll actually keep reading now instead of aborting) to get the entire PPv2 header of exactly the right size, so that TLS handshake immediately following the PP header is not also swallowed. Fixes: 2018 Tested: manually, TLS and non-TLS, PPv1 and PPv2, all ways. Release: should be cherry-picked into 4.89RC series
2017-01-31Fix error logged for send failureJeremy Harris
Broken-by: de6273b487f1
2017-01-31Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit ↵Jeremy Harris
clamp on small-size_t platforms
2017-01-31Callouts: fix recipient verify/randomJeremy Harris
Broken-by: e9166683487c
2017-01-31Fix logging of drop-after-EHLO-reject.Jeremy Harris
An unset variable went wrong with clang, was fortuitously right with gcc.
2017-01-31Testsuite: perl may live in /usr/local/binJeremy Harris
2017-01-31Avoid using "-w" option in perl script shebang lines, being incompatible ↵Jeremy Harris
with "env perl"
2017-01-30Abort release process if generated .txt emptyPhil Pennock
2017-01-30Open umask before creating release packagesPhil Pennock
2017-01-30Copyright year bumps for substantive changes 2017exim-4_89_RC1Phil Pennock
2017-01-30Document that fixed 2018Phil Pennock
Fixes: 2018
2017-01-30Avoid reading too much data before TLS handshakePhil Pennock
2017-01-30Fix size calculation, log unhandled amount.Phil Pennock
We did a `string_copy()` so `hdr.v1.line` is not the right base for an accurate size. Fix. Log unhanded amount. For clients waiting on the server before sending, this has to be 0. For clients speaking first (TLS) this can be non-zero.
2017-01-30Restrict address-parsing to a maximum of five layers of nested angle-brackets,Jeremy Harris
under main-option strip_excess_angle_brackets
2017-01-30Tidying: CoverityJeremy Harris
2017-01-29Testsuite: add missing output file.Jeremy Harris
Broken-by: 560e71cc5451
2017-01-29Update change logJeremy Harris
2017-01-29CHUNKING: Reject messages with malformed line ending. Bug 2000Jeremy Harris
Actually test only the first header line, but still do full line-ending canonicalisation on the remainder of the message in case a Evil Person slips past that.
2017-01-29Docs: add note on verify = senders= . Bug 2028Jeremy Harris
2017-01-29TFO: remember setsockopt results, to condition non-transport client use. ↵Jeremy Harris
Bug 2027
2017-01-29Shuffle proxy-protocol to wrap TLS-on-connect startup. Bug 2018Jeremy Harris
2017-01-29DANE: fix build under LibreSSL. Bug 2020Kirill Miazine
2017-01-28Testsuite: add dnsdb testcase for defer when used in ACLJeremy Harris
2017-01-28Docs: add note on system_filter forced expansion failJeremy Harris
2017-01-28LMDB: include filename in open-error messageJeremy Harris
2017-01-28DKIM: check pointer to calculated body hash before verify comparison. Bug 2029Jeremy Harris
We can have a missing body hash from a malformed DKIM-Signature: header
2017-01-28Testsuite: testcase for DKIM bug 2029Jeremy Harris
2017-01-28DKIM: rename variables for clarityJeremy Harris
2017-01-25Testsuite: get same certextract samples for GnuTLS and OpenSSLJeremy Harris
2017-01-24Testsuite: output file changes from d7a2c8337f7bJeremy Harris
2017-01-24Testsuite: fix delay-dependent testcase for really slow systemsJeremy Harris
2017-01-24Testsuite: missing output filesJeremy Harris
2017-01-24Fix reception of (quoted) local-parts with embedded spaces. Bug 2025Jeremy Harris
2017-01-24TFO: Support compilation on Linus platforms which define TCP_FASTOPEN but ↵Jeremy Harris
not MSG_FASTOPEN
2017-01-24Define MIN and MAX for SolarisJeremy Harris
2017-01-23Fix build with OpenSSL, EXPERIMENTAL_DANE and DISABLE_EVENTJeremy Harris
2017-01-22Document OpenBSD resolver ignoring EDNS0Phil Pennock
2017-01-22DKIM: permit verify of sig blocks that sign other sig blocks. Bug 2014Jeremy Harris
2017-01-22Merge branch 'fix-2016-dkim'Jeremy Harris
2017-01-21Fix DKIM verify when used with CHUNKING. Bug 2016Jeremy Harris
2017-01-21Testsuite: Add DKIM Chunking testHeiko Schlittermann (HS12-RIPE)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 21:16:12 +0000