Phil Pennock [Thu, 26 Sep 2013 18:18:09 +0000 (11:18 -0700)]
Clarify CL: the CVE security fix already in 4.80.1
On re-reading the text for 4.82, it read as though there were a new
security fix which might require an upgrade. Clarified that this fix
has already been released (in 4.80.1).
Phil Pennock [Wed, 31 Jul 2013 22:50:04 +0000 (18:50 -0400)]
Fix segfault in stdio with non-SMTP MIME ACL.
When injecting a message locally in non-SMTP mode, and with MIME ACLs
configured, if the ACL rejected the message, Exim would try to
`fprintf(NULL, "%s", the_message)`. This fixes that.
Most ACLs are plumbed in SMTP-only and looking through the others in
receive.c, they all appear to be safely guarded, so it was just this one
that slipped through.
Crash report and assistance tracking down the root cause from Warren
Baker.
Jeremy Harris [Sun, 21 Jul 2013 11:50:53 +0000 (12:50 +0100)]
Remove ACL-config skip so that ${acl } expansions work from queue-runs.
Previously we skipped parsing the ACL section when not needed. Now it is
potentially needed in all cases. The skip was ~5% faster than a full parse
so probably not a large part of the exim process startup.
Fix up testsuite output files affected by the removal and add a regression test.
Phil Pennock [Mon, 10 Jun 2013 06:50:18 +0000 (02:50 -0400)]
Guard LDAP TLS usage against Solaris LDAP variant.
PP/22
Report from Prashanth Katuri.
This variant ensures that if TLS won't be activated because of
compile-time guards, but was requested, then we at least debug-log _why_
we're not doing anything.
Phil Pennock [Tue, 2 Apr 2013 16:37:03 +0000 (12:37 -0400)]
Ensure OpenSSL entropy state reset across forks.
Note that this function is never going to be called pre-fork unless the
admin is doing something highly unusual with ${randint:..} in a context
evaluated in the listening daemon. Other forks should result in a
re-exec(), thus resetting state.
Nonetheless, be more cautious, explicitly reset state.
Fix per PostgreSQL.
PS: why does OpenSSL not document RAND_cleanup() on the same page as all
the other entropy pool maintenance functions?
J. Nick Koston [Sat, 30 Mar 2013 07:22:53 +0000 (02:22 -0500)]
Add the force_command option to the pipe transport
Normally when a router redirects an address directly to a pipe command
the command option on the transport is ignored. If force_command
is set, the command option will expanded and used. This is especially
useful for forcing a wrapper or additional argument to be added to the
command.
Jeremy Harris [Sun, 24 Mar 2013 21:49:12 +0000 (21:49 +0000)]
OCSP-stapling enhancement and testing.
Server:
Honor environment variable as well as running_in_test_harness in permitting bogus staplings
Update server tests
Add "-ocsp" option to client-ssl.
Server side: add verification of stapled status.
First cut server-mode ocsp testing.
Fix some uninitialized ocsp-related data.
Client (new):
Verify stapling using only the chain that verified the server cert, not any acceptable chain.
Add check for multiple responses in a stapling, which is not handled
Refuse verification on expired and revoking staplings.
Handle OCSP client refusal on lack of stapling from server.
More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
Add transport hosts_require_ocsp option.
Log stapling responses.
Start on tests for client-side.
Testing support:
Add CRL generation code and documentation update
Initial CA & certificate set for testing.
BUGFIX:
Once a single OCSP response has been extracted the validation
routine return code is no longer about the structure, but the actual
returned OCSP status.
Phil Pennock [Wed, 13 Mar 2013 23:48:22 +0000 (19:48 -0400)]
OpenSSL fix empty tls_verify_certificates.
New behaviour matches GnuTLS handling, and is documented.
Previously, a tls_verify_certificates expansion forced failure was the
only portable way to avoid setting this option. Now, an empty string is
equivalent.
Phil Pennock [Sun, 23 Dec 2012 19:23:01 +0000 (14:23 -0500)]
gen_pkcs3: add comment explaining rationale
Wondering why you wrote some code and having to grep the source code to find out,
in the same year that you wrote it, is generally a sign of missing information.
Phil Pennock [Mon, 10 Dec 2012 00:23:06 +0000 (19:23 -0500)]
OCSP/SNI: set correct callback.
Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work
had just renamed the variables and theoretically made it more visible.
I still missed it.
The server_sni context initialisation was setting the OCSP status
callback context parameter back on the original server_ctx instead of
the new server_sni context.
I guess OCSP and SNI aren't being used together in Exim much yet.
Tony Finch [Fri, 7 Dec 2012 17:44:42 +0000 (17:44 +0000)]
Avoid spurious rebuilds of the dynamic lookups Makefile.
This was noticable when re-building as a non-privileged user
after installing as root; lookups/Makefile had been rebuilt
by root and when it was rebuilt again by the unprivileged user
`mv` demanded confirmation before overwriting the file.
Tony Finch [Fri, 7 Dec 2012 11:49:15 +0000 (11:49 +0000)]
More test updates following the retry fix.
Most of these are due to the changes in the logging of
ultimate timeout checks.
Test 0548 is more meaningfully affected. The test originally
failed to spot that the recipient-specific deferrals pushed
past the ultimate retry timeout.
Tony Finch [Thu, 6 Dec 2012 19:28:27 +0000 (19:28 +0000)]
Fix my earlier "fix" for intermittently deliverable recipients.
Only do the ultimate address timeout check if there is an address
retry record and there is not a domain retry record; this implies
that previous attempts to handle the address had the retry_use_local_parts
option turned on. We use this as an approximation for the destination
being like a local delivery, as in LMTP.
Tony Finch [Thu, 6 Dec 2012 19:11:28 +0000 (19:11 +0000)]
Correct gecos expansion when From: is a prefix of the username.
Test 0254 submits a message to Exim with the header
Resent-From: f
When I ran the test suite under the user fanf2, Exim expanded
the header to contain my full name, whereas it should have added
a Resent-Sender: header. It erroneously treats any prefix of the
username as equal to the username.