Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-05-27 | testsuite: reproduce BDAT with missing eol (Bug 1974) | Heiko Schlittermann (HS12-RIPE) | |
(cherry picked from commit e9cecc465a570c1a4f34b199eae6bdd0a52ee2b0) | |||
2021-05-27 | Honour the outcome of parse_extract_address(), testsuite 471 | Heiko Schlittermann (HS12-RIPE) | |
(cherry picked from commit 39d83bf19fc0c4364e0a665360b14194c62e4ab4) | |||
2021-05-27 | CVE-2020-28007: Link attack in Exim's log directory | Qualys Security Advisory | |
We patch this vulnerability by opening (instead of just creating) the log file in an unprivileged (exim) child process, and by passing this file descriptor back to the privileged (root) parent process. The two functions log_send_fd() and log_recv_fd() are inspired by OpenSSH's functions mm_send_fd() and mm_receive_fd(); thanks! This patch also fixes: - a NULL-pointer dereference in usr1_handler() (this signal handler is installed before process_log_path is initialized); - a file-descriptor leak in dmarc_write_history_file() (two return paths did not close history_file_fd). Note: the use of log_open_as_exim() in dmarc_write_history_file() should be fine because the documentation explicitly states "Make sure the directory of this file is writable by the user exim runs as." (cherry picked from commit 2502cc41d1d92c1413eca6a4ba035c21162662bd) (cherry picked from commit 93e9a18fbf09deb59bd133986f4c89aeb2d2d86a) | |||
2021-05-27 | CVE-2020-28014, CVE-2021-27216: PID file handling | Heiko Schlittermann (HS12-RIPE) | |
Arbitrary PID file creation, clobbering, and deletion. Patch provided by Qualys. (cherry picked from commit 974f32939a922512b27d9f0a8a1cb5dec60e7d37) (cherry picked from commit 43c6f0b83200b7082353c50187ef75de3704580a) | |||
2021-05-27 | Add priv.c: reworked version of priv dropping code | Heiko Schlittermann (HS12-RIPE) | |
(cherry picked from commit 82b545236e6dc82b7af34528c532811bfc74ea19) (cherry picked from commit be31ef213f118abe5fc68732f5492b6b16d28b87) | |||
2021-05-27 | Handle SIGINT as we do with SIGTERM | Heiko Schlittermann (HS12-RIPE) | |
(cherry picked from commit cdc5c672e1c309294626cd5ed90acdccb05baaa1) (cherry picked from commit f9c8211fb0ad0dd362f471978a5e0abc5dfa71b4) | |||
2021-05-27 | testsuite: tidy logs/4520 and confs/4520 | Heiko Schlittermann (HS12-RIPE) | |
This fixed 4520 failure en-passant, but I'm sure it's a timing issue here (the order of the mainlog output lines didn't exactly match the logs/4520) (cherry picked from commit 95306ca61531d9d79c5dac808a5a571158acd29c) (cherry picked from commit 0439d2e0566d64c84feaf1434e0e4a3fd8ce29b3) | |||
2021-05-25 | Use separate line in Received: header for timestamp | Jeremy Harris | |
2021-05-12 | Named Queues: fix immediate-delivery. Bug 2743 | Jeremy Harris | |
2021-05-11 | TLS DANE to multiple recipients w/ different DNSSec status | Heiko Schlittermann (HS12-RIPE) | |
2021-05-11 | Fix DANE + SNI handling (Bug 2265) | Heiko Schlittermann (HS12-RIPE) | |
Broken in d8e99d6047e709b35eabb1395c2046100d1a1dda Thanks to JGH and Wolfgang Breyha for contributions. (cherry picked from commit e8ac8be0a3d56ba0a189fb970c339ac6e84769be) | |||
2021-05-08 | DNS: Better handling of SOA when negative-caching lookups | Jeremy Harris | |
2021-05-05 | wip | Jeremy Harris | |
2021-05-04 | Fix ${ipv6norm:} | Jeremy Harris | |
2021-04-25 | Testsuite: tidying | Jeremy Harris | |
2021-04-18 | Experimental: ESMTP LIMITS extension | Jeremy Harris | |
2021-04-18 | Testsuite: output changes arising | Jeremy Harris | |
Somewhere recently (possibly 3f06b9b4c7) we stopped overwriting errno; the "Permission denied" seen now in 4520 for the ${bogus} expansion is as expected. | |||
2021-04-16 | Log queue_time and queue_time_overall exclusive of receive time. Bug 2672 | Jeremy Harris | |
2021-04-14 | taint: allow appendfile create_file option to specify a de-tainting safe ↵ | Jeremy Harris | |
path | |||
2021-04-10 | Logging: better tracking of continued-connection use | Jeremy Harris | |
2021-04-07 | Pass proxy addresses/ports to continued trasnports. Bug 2710 | Jeremy Harris | |
2021-04-03 | testsuite: fix runtest (File::Copy used in another place) | Heiko Schlittermann (HS12-RIPE) | |
2021-04-01 | testsuite: provide cp() if File::Copy is too old. | Heiko Schlittermann (HS12-RIPE) | |
2021-03-31 | testsuite: use File::Copy "cp" to copy the permissions (x-bit) | Heiko Schlittermann (HS12-RIPE) | |
2021-03-28 | testsuite: add --fail-any option to runtest | Heiko Schlittermann (HS12-RIPE) | |
This option makes runtest's exit status !0 on any failure in any test. (Useful in -c mode and git-bisect) | |||
2021-03-27 | testsuite: make runtest exit(!0) on failure in continue mode | Heiko Schlittermann (HS12-RIPE) | |
This makes it possible to use `runtest -c <xx>` for `git bisect run …` | |||
2021-03-27 | testsuite: tidy runtest | Heiko Schlittermann (HS12-RIPE) | |
2021-03-19 | testsuite output changes resulting | Jeremy Harris | |
Broken-by: 649c209e19 | |||
2021-03-17 | testsuite output changes resulting | Jeremy Harris | |
Broken-by: 649c209e19 | |||
2021-03-16 | Pipeline QUIT after data | Jeremy Harris | |
2021-03-16 | Debug: tag client SMTP output with buffering qualifier | Jeremy Harris | |
2021-03-15 | Fix error messages in dbfn_open | Heiko Schlittermann (HS12-RIPE) | |
2021-03-07 | wip | Jeremy Harris | |
2021-02-22 | Testsuite: fix error message. Bug 2700 | Jasen Betts | |
2021-02-13 | Testsuite: when generating a bounce message, allow time for exec to run ↵ | Jeremy Harris | |
before before feeding the message This is to keep debug output in similar order on different platforms | |||
2021-02-13 | wip | Jeremy Harris | |
2021-02-08 | Testsuite: expand testcase. Bug 2693 | Simon Arlott | |
2021-02-07 | Testsuite: missing file | Jeremy Harris | |
Broken-by: d6870e76cf | |||
2021-02-06 | Fix handling of server which follows a RCPT 452 with a 250. Bug 26092 | Jeremy Harris | |
2021-02-06 | Fix daemon-SIGHUP on FreeBSD | Jeremy Harris | |
2021-02-02 | Testsuite: fix testcase for SPF empty-mailfrom-use-helo. Bug 467 | Jeremy Harris | |
2021-01-29 | Lookups: fix $local_part_data for a match on a filename list element. Bug 2691 | Jeremy Harris | |
2021-01-25 | AUTH: avoid logging creds on ACL denial | Jeremy Harris | |
2021-01-22 | Fix getting non-TLS QUIT in FIN segment | Jeremy Harris | |
Linux was behaving oddly with the TCP_CORK method, and using MSG_MORE is one fewer syscall. | |||
2021-01-22 | TLS: on Linux when sockopt TCP_FASTOPEN_CONNECT is available, use TFO for ↵ | Jeremy Harris | |
TLS-on-connect client connections | |||
2021-01-21 | Avoid bare TCP ACKs during TLS-on-connect startup. | Jeremy Harris | |
We can't get the QUICKACK turned off on the accepted socket fast enough to stop the ACK for the ClientHello - but we get the rest, under OpenSSL. | |||
2021-01-21 | Testsuite: TLS server testcase consolidation | Jeremy Harris | |
2021-01-21 | Testsuite: shuffling | Jeremy Harris | |
2021-01-21 | Testsuite: TLS client testcase consolidation | Jeremy Harris | |
2021-01-19 | Testsuite: case for TLS client tls-on-connect | Jeremy Harris | |