summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2021-06-24Fix logging with build-time config and empty elements (Closes 2733)Heiko Schlittermann (HS12-RIPE)
(cherry picked from commit 66392b270e3a6c8202e4626d43bbc9b77545ae23)
2021-06-24Fix logging with empty element in log_file_path (Bug 2733)Jeremy Harris
(cherry picked from commit e19790f7707cc901435849e78d20f249056c16b5)
2021-06-24Silence the compilerHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 33d5b8e8e4c2f23b4e834e3a095e3c9dd9f0686b)
2021-06-24Do not close the (main)_log, if we do not see a chance to open it again.Heiko Schlittermann (HS12-RIPE)
The process doing local deliveries runs as an unprivileged user. If this process needs to log failures or warnings (as caused by the is_tainting2() function), it can't re-open the main_log and just exits. (cherry picked from commit 235c7030ee9ee1c1aad507786506a470b580bfe2)
2021-06-24Silence compilerHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 2c9869d0622cc690b424cc74166d4a8393017ece)
2021-06-24tidy log.cHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 0327b6460eec64da6b0c1543c7e9b3d0f8cb9294) (cherry picked from commit 8021b95c2e266861aba29c97b4bb90dc6f7637a2)
2021-06-24smtpHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 8b7d4ba8903ace7e3e3db70343798a5a0b7cea23)
2021-06-24smtp_outHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit b9b967cca71a4da51506f8ba596b9ae40cfcef57)
2021-06-24deliverHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 2bafe3fc82cf62f0c21f939f5891b8d067f3abc7)
2021-06-24rf_get_transportHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 015fff57c854184f8bce61476c46a2830a97daf8)
2021-06-24lf_sqlperformHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 9810dfc25d8b9687b46e57963a3ac30bf5c9b2c9)
2021-06-24expandHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit c02ea85f525ff256d78e084d6f76fe3032fd52e1)
2021-06-24directoryHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 5f41e800ce9cc7ad154047298914df955e905bf4)
2021-06-24deliverHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 2fee91ae42e974c21202e0b5e17185f6a87bf8af)
2021-06-24pipeHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit f9628406706112be459adb3f121db8e6cf282c2d)
2021-06-24autoreplyHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 26de37d8960da80473866fb59b9dfd10a5761538)
2021-06-24rdaHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit a6da9c67acaee699616516be141d600cc178a633)
2021-06-24parseHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 7eeeb6f26af05322814ecc77c87f09c72ab2216a)
2021-06-24aclHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 44fd80ad8abcd885fc1c8dbb294fc2140e4ef481)
2021-06-24dbstuffHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit 35b11dd0e52b5ac176849f807cca8898bcaf0c3d)
2021-06-24searchHeiko Schlittermann (HS12-RIPE)
(cherry picked from commit b71d675f695c2cf17357b190476129535d5f446c)
2021-06-24Introduce main config option allow_insecure_tainted_dataHeiko Schlittermann (HS12-RIPE)
This option is deprecated already now. (cherry picked from commit ec06d64532e4952fc36429f73e0222d26997ef7c)
2021-06-22GnuTLS: fix build with older GnuTLSJeremy Harris
The ALPN handling we need requires later features than the basic functions. Broken-byu: f50a063dc0
2021-06-22TLS: as server, reject connections with ALPN indicating non-smtp useJeremy Harris
2021-06-21Compiler quieteningJeremy Harris
Stupid static analysis failing to track crontrol dependencies
2021-06-19OpenSSL: on library versions too old to support session ticketsJeremy Harris
client-side limit the valid lifetime of resumable sessions
2021-06-17OpenSSL: fix verify-certs stack initializationJeremy Harris
2021-06-15hosts_require_heloJeremy Harris
2021-06-08Fix server creds cache invalidationJeremy Harris
Broken-by: 5fd673807d
2021-06-07compiler quieteningJeremy Harris
2021-06-07Re-fix non-Linux buildJeremy Harris
2021-06-06tidyingJeremy Harris
Vroken-by: ef77ddc923
2021-06-06Fix non-Linux buildJeremy Harris
2021-06-06Observability: listen queue backlogJeremy Harris
2021-06-06Avoid rescanning listen select setJeremy Harris
2021-06-06Compute select fd_set outside daemon loopJeremy Harris
2021-06-05Fix SSL creds file watching on kevent platforms (BSDs) for symlinksJeremy Harris
2021-06-04DMARC: note unsupported library versions issueJeremy Harris
2021-06-04debug: fix openssl outputJeremy Harris
2021-06-03DKIM: under GnuTLS, permit weak algorithmsJeremy Harris
Recent versions of GnuTLS by default disallow use of some methods now regarded as weak. This probably mean sha1, which is deprecated per DKIM standards.
2021-05-28tidyingJeremy Harris
2021-05-28tidyingJeremy Harris
2021-05-28Logging: avoid pause during log-open under testsuiteJeremy Harris
It results in rearranged logging output, causing testsuite case failures The downside is that we lose debug visbility of the extra process startup Broken-by: b6c1434e47
2021-05-28Fix dmarc buildJeremy Harris
Broken-by: b6c1434e47
2021-05-27Fix BDAT issue for body w/o trailing CRLF (again Bug 1974)Heiko Schlittermann (HS12-RIPE)
(cherry picked from commit 919111edac911ba9c15422eafd7c5bf14d416d26)
2021-05-27rewrite: revert to unchecked result of parse_extract_address()Heiko Schlittermann (HS12-RIPE)
Now it breaks 471, and overlong addresses won't make it into the rewrite process, as they are handled as empty. (cherry picked from commit 506286c62b8786a926dafb5bb05d3103492b86bc)
2021-05-27Honour the outcome of parse_extract_address(), testsuite 471Heiko Schlittermann (HS12-RIPE)
(cherry picked from commit 39d83bf19fc0c4364e0a665360b14194c62e4ab4)
2021-05-27Update upgrade notes and source about use of seteuid()Heiko Schlittermann (HS12-RIPE)
(cherry picked from commit bc13bbca6e07267dfe0c4d275bb0a2e9aabf1dfb) (cherry picked from commit fee1a06ec05e58e0cda8cf04f28240688736f945)
2021-05-27CVE-2020-28007: Link attack in Exim's log directoryQualys Security Advisory
We patch this vulnerability by opening (instead of just creating) the log file in an unprivileged (exim) child process, and by passing this file descriptor back to the privileged (root) parent process. The two functions log_send_fd() and log_recv_fd() are inspired by OpenSSH's functions mm_send_fd() and mm_receive_fd(); thanks! This patch also fixes: - a NULL-pointer dereference in usr1_handler() (this signal handler is installed before process_log_path is initialized); - a file-descriptor leak in dmarc_write_history_file() (two return paths did not close history_file_fd). Note: the use of log_open_as_exim() in dmarc_write_history_file() should be fine because the documentation explicitly states "Make sure the directory of this file is writable by the user exim runs as." (cherry picked from commit 2502cc41d1d92c1413eca6a4ba035c21162662bd) (cherry picked from commit 93e9a18fbf09deb59bd133986f4c89aeb2d2d86a)
2021-05-27CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()Heiko Schlittermann (HS12-RIPE)
Based on Phil Pennock's commit 76a1ce77. Modified by Qualys. (cherry picked from commit f218fef171cbe9e61d10f15399aab8fa6956535b) (cherry picked from commit 8b1e9bc2cac17ee24d595c97dcf97d9b016f8a46)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 10:12:45 +0000