| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-02-12 | Forward-port ChangeLog entries written for release branchexim-4.90devstart | Phil Pennock | |
| 2017-02-12 | 4.89 JH/17 -> 4.90 JH/01 | Phil Pennock | |
| 2017-02-11 | Fix missing Changelog entries for recent work | Phil Pennock | |
| 2017-02-10 | TLS: rework error logging to pass more string back to caller for logging | Jeremy Harris | |
| This permits a library-sourced error to be associated with an address being delivered, collapsing pairs of log lines | |||
| 2017-02-08 | Memory management: drop variables identified as going out-of-scope | Jeremy Harris | |
| Fixes crash in transport re-using bad $sender_ip_address from callout | |||
| 2017-02-07 | DocÖ Fix typo about spf lookup (experimental) | Heiko Schlittermann (HS12-RIPE) | |
| 2017-02-06 | doc-fix: reference current libsrs_alt availability | Phil Pennock | |
| Matches site from Wiki, from Google SERP, etc. | |||
| 2017-02-02 | FreeBSD: Perl no longer in /usr/bin from Ports | Phil Pennock | |
| FreeBSD Ports by policy no longer allows symlinks in /usr/bin for things like Perl, so we have to look in /usr/local/bin for it instead. | |||
| 2017-01-31 | Handle Proxy Protocol v2 safely as well. | Phil Pennock | |
| We had test suite failures (test suite success!) because Proxy Protocol v2 (PPv2) wasn't being detected; by only reading 12 octets, the >= 16 check was failing. But in fact I had previously only fixed reading "only enough" for PPv1. Handling both PPv1 and PPv2 is complicated because the minimum valid length for PPv1 is 15 octets but for PPv2 the size to read is in the 15th and 16th octets. So refactored a little and we now use a total of 3 reads for the PPv2 case (assuming no fragmentation, etc; we'll actually keep reading now instead of aborting) to get the entire PPv2 header of exactly the right size, so that TLS handshake immediately following the PP header is not also swallowed. Fixes: 2018 Tested: manually, TLS and non-TLS, PPv1 and PPv2, all ways. Release: should be cherry-picked into 4.89RC series | |||
| 2017-01-30 | Document that fixed 2018 | Phil Pennock | |
| Fixes: 2018 | |||
| 2017-01-30 | Restrict address-parsing to a maximum of five layers of nested angle-brackets, | Jeremy Harris | |
| under main-option strip_excess_angle_brackets | |||
| 2017-01-29 | Update change log | Jeremy Harris | |
| 2017-01-22 | DKIM: permit verify of sig blocks that sign other sig blocks. Bug 2014 | Jeremy Harris | |
| 2017-01-21 | Fix DKIM verify when used with CHUNKING. Bug 2016 | Jeremy Harris | |
| 2017-01-21 | Testcases for pipelined callout | Jeremy Harris | |
| 2017-01-21 | Fix DKIM verify operation in -bh test mode. Bug 2017 | Jeremy Harris | |
| 2017-01-20 | fix example command-line | Phil Pennock | |
| 2017-01-18 | Bug-fix no_require_dnssec parsing & spelling fixes | Josh Soref | |
| Patches from Josh Soref fixing spelling fixed two bugs: * Parsing `no_require_dnssec` configuration option * Setting `_HAVE_TRANSPORT_APPEND_MAILDIR` macro (for config parsing) [ PP pulled these two out into a separate commit to update the ChangeLog accordingly. ] | |||
| 2017-01-18 | 214 spelling fixes | Josh Soref | |
| 2017-01-03 | CHUNKING: fix non-pipelined synch checks. Bug 2004 | Jeremy Harris | |
| 2017-01-02 | PROXY: fix v2 protocol decode. Bugs 2003, 1747 | Jeremy Harris | |
| 2017-01-02 | wip: OpenSSL docs on custom install | Phil Pennock | |
| To fix before merge: ability to use `$ORIGIN` in linker line via Exim config file. | |||
| 2016-12-31 | Merge remote-tracking branch 'github/pr/50' | Phil Pennock | |
| GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called ldap_start_tls_s on ldapi:// connections. This is obviously a correct change, since above we've avoiding initializing the TLS state if using ldapi. Added documentation noting this behaviour. | |||
| 2016-12-30 | Docs: Add .new/wen marker for relative includes (Bug 1971) | Heiko Schlittermann (HS12-RIPE) | |
| 2016-12-29 | Pipe transport: expand the path option | Jeremy Harris | |
| 2016-12-26 | I18N: support IDNA2008. Bug 1911 | Jeremy Harris | |
| 2016-12-25 | Docs: Clean for next release | Jeremy Harris | |
| 2016-12-22 | Doc: clarify CVE-2016-9963 | Heiko Schlittermann (HS12-RIPE) | |
| 2016-12-18 | Doc: short description of CVE-2016-9963exim-4_88 | Heiko Schlittermann (HS12-RIPE) | |
| 2016-12-18 | Fix DKIM information leakage | Jeremy Harris | |
| 2016-12-13 | Use long names for the _DRIVER_*, and _OPT_* macros | Heiko Schlittermann (HS12-RIPE) | |
| 2016-12-04 | OpenSSL: default to tls_eccurve = auto | Heiko Schlittermann (HS12-RIPE) | |
| For OpenSSL < 1.0.2: fallback to prime256v1, for newer libraries rely on auto-selection. | |||
| 2016-11-28 | Doc: Minor corrections/additions | Heiko Schlittermann (HS12-RIPE) | |
| 2016-11-25 | Update ChangeLog | Jeremy Harris | |
| 2016-11-08 | Ensure socket is nonblocking before draining. Bug 1914 | Jeremy Harris | |
| 2016-11-02 | Fix OCSP proof verification for direct-signed proofs. Bug 1909 | Jeremy Harris | |
| 2016-10-23 | Update README.UPDATING; fix typos in ChangeLog/NewStuff | Phil Pennock | |
| 2016-10-23 | Fix bug with aborted server TLS connection, under GnuTLS | Jeremy Harris | |
| Longstanding, but exposed by 60d10ce | |||
| 2016-10-22 | TCP Fast Open | Jeremy Harris | |
| 2016-10-18 | Unbreak build: crypto hdrs not in system includes | Phil Pennock | |
| If using pkg-config to get the paths for various packages and the crypto library headers are not in the system headers, then the hash work broke the Exim build by requiring the CFLAGS manipulation for _all_ builds, not just the TLS libraries. Shows up on MacOS where there's a system OpenSSL but not system OpenSSL headers (because only SecureTransport is supported) and using brew-installed OpenSSL. I've also coded the fix for GnuTLS on the same basis, but that's untested. Fixes bug 1906 | |||
| 2016-10-15 | New: queuefile transport, under EXPERIMENTAL_QUEUEFILE | Andrew Colin Kissa | |
| 2016-10-08 | DH parameters update, new values & defaultexim-4_88_RC2 | Phil Pennock | |
| * Add three new Exim-specific DH parameter constants; state provenance, but no way for others to verify; this is a signed commit, which is about as much as we can do for the truly paranoid: provide an audit trail. * Add the RFC 7919 DH primes + No TLS feature negotiation, per 7919, but the DH primes can be used if folks so choose * Fixed broken format string in util/gen_pkcs3.c * Tried to make gen_pkcs3.c support q values. + Turns out, q doesn't affect the PEM and that's not a mistake in my initialisation; I've checked with a cryptographer, we're losing some server-side optimizations but not any security properties for our scenario. Fixes: 1895 | |||
| 2016-10-08 | Fix callouts connection fallback from TLS to cleartext. Bug 1897 | Jeremy Harris | |
| 2016-10-02 | Logging: connection_reject log selector should apply also to the connect acl | Jeremy Harris | |
| 2016-09-28 | Refactor driver feature-macro generation to be driven by existing tables | Jeremy Harris | |
| Would like to do lookup drivers too but unsure about dyn-linked variants | |||
| 2016-09-28 | Default to filesystem space/inode checking enabled | Jeremy Harris | |
| 2016-09-25 | Add automatic macros for config-file options. Bug 1819 | Jeremy Harris | |
| 2016-09-22 | Defend against symlink attack by another process running as exim | Jeremy Harris | |
| Reported-by: http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/ | |||
| 2016-09-22 | Routing: avoid doing the one_time replacement operation when a redirect ↵ | Jeremy Harris | |
| leaves the address unchanged When done, in combination with a defer the retry would see the address as delivered, hence losing mail. | |||
| 2016-09-18 | ACL: merge the tables used for codition/modifier decode | Jeremy Harris | |
 |
index : user/henk/code/exim.git | |
| [no description] | git repository hosting |
| summaryrefslogtreecommitdiff |