summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix typoexim-4_80_1+CVE-2016-1531Heiko Schlittermann (HS12-RIPE)2016-03-141-1/+1
| | | | Ustcpy() doesn't exit. Thanks: Salvatore Bonaccorso
* Repair cherry-picked 3615fa9 "cwd= (failed)"Heiko Schlittermann (HS12-RIPE)2016-03-141-2/+1
| | | | Thanks: Marc Deslauriers
* Store the initial working directory, expand $initial_cwd. Bug 1805Heiko Schlittermann (HS12-RIPE)2016-03-126-1/+21
| | | | | (cherry picked from commit 3615fa9a06356891367c66ed284cef9db5cefca3) (cherry picked from commit fae3a611be53dbf58cbb7c2c4846081ecb87606e)
* Don't issue env warning if env is emptyHeiko Schlittermann (HS12-RIPE)2016-03-124-18/+16
| | | | | | | keep_environment needs to be mentioned in the runtime config. Setting add_environment isn't enough to suppress the warning. (cherry picked from commit 8e58ed807c77febfde61d3cf47928302f93cc99c)
* Fix CVE-2016-1531Heiko Schlittermann (HS12-RIPE)2016-03-12772-49/+1057
| | | | | | | | | | | | | | | | | | Add keep_environment, add_environment. Change the working directory to "/" during the early startup phase. (cherry picked from commit 451686a85b4706616f8233a6ac306318f7a56cf6) (cherry picked from commit 4af6f9baeffc937b4de28b9ce371e697a1609632) (cherry picked from commit 0c8892dc00bf2223dffe18be12f07d8c4549b913) (cherry picked from commit fa927caf12b309a2c984ddff1adf4a299186d887) (cherry picked from commit bc3c7bb7d4aba3e563434e5627fe1f2176aa18c0) (cherry picked from commit 2b92b67bfc33efe05e6ff2ea3852731ac2273832) (cherry picked from commit 14b82c8b736c8ed24eda144f57703cb9feac6323) (cherry picked from commit 9ca92d0c6e9c6f161bd8111366c6952d3a9315e2) (cherry picked from commit 0020c6d9ecfd98ed7b2b337ed4f898fdc409784b) (cherry picked from commit e8f96966360ea8867ad6a8b5affda6c37fa4958c) (cherry picked from commit ef6fb807c1e1a665f444f644c60c77269f7c5209)
* Version 4.80.1exim-4_80_1Phil Pennock2012-10-242-18/+20
| | | | | Hack reversion to state this version, for this branched build. Adjust spec.xfpt.
* SECURITY: DKIM DNS buffer overflow protectionPhil Pennock2012-10-243-2/+13
| | | | | | | | | CVE-2012-5671 malloc/heap overflow, with a 60kB window of overwrite. Requires DNS under control of person sending email, leaves plenty of evidence, but is very likely exploitable on OSes that have not been well hardened.
* Revert "Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512."exim-4_80Phil Pennock2012-05-303-11/+3
| | | | | | | | | | | | | This reverts commit 83f4c7515f3eb06dc070e78edd2694c1d088e5fd. This was not a new check! The call to gnutls_dh_set_prime_bits() was made with DH_BITS in Exim 4.77, so the only difference is that now an administrator can choose at compile time to change the lower bound. So keeping this at 1024 is not a regression and if we can't talk to them now, we couldn't before, and we shouldn't lower security by default. The reverted commit was only acceptable IF it was still better than what we had in Exim 4.77.
* Lower EXIM_CLIENT_DH_MIN_BITS 1024 -> 512.Phil Pennock2012-05-303-3/+11
| | | | Wolfgang Breyha saw a real-world site using 768 bits.
* Merge openssl_disable_ssl2 branchexim-4_80_RC7Phil Pennock2012-05-286-5/+27
|\
| * Disable SSLv2 by default.Phil Pennock2012-05-066-5/+27
| |
* | typo fix: "overriden" -> "overridden" from Andreas MetzlerPhil Pennock2012-05-273-3/+3
| |
* | release: don't try to sign .tar.lz filesPhil Pennock2012-05-271-1/+1
| |
* | Test: update for new tls_dhparam (suite used on Scientific Linux 6 test host).Jeremy Harris2012-05-272-0/+2
| |
* | Doc: fix glitchexim-4_80_RC6Phil Pennock2012-05-271-1/+1
| |
* | Test: update for new tls_dhparamPhil Pennock2012-05-2720-4/+38
| |
* | Doc: SECTgnutlsparam referencing tls_dhparamPhil Pennock2012-05-271-0/+10
| |
* | For DH, use standard primes from RFCsPhil Pennock2012-05-2712-57/+958
| |
* | ">" -> ">=" for EXIM_CLIENT_DH_MIN_BITS+10Phil Pennock2012-05-271-1/+1
| |
* | Deal with GnuTLS DH generation overshootPhil Pennock2012-05-273-4/+68
| |
* | FAQ for GnuTLSPhil Pennock2012-05-261-0/+368
| |
* | teach sprint_vformat() size_t z modifier (jgh)Phil Pennock2012-05-261-2/+6
| | | | | | | | Jeremy wrote this, mostly; I just fixed up a comment and pedantically numbered the enum values
* | fix size param for gnutls_dh_params_export_pkcs3() againPhil Pennock2012-05-261-6/+3
| |
* | Ignore vim swap files and test/* temporary files/dirsTodd Lyons2012-05-252-0/+12
| |
* | release: no .lz by default for nowPhil Pennock2012-05-251-3/+3
| |
* | Doc: Provide context for bare numbers from CHAP/SECT.Phil Pennock2012-05-251-4/+4
| |
* | Cyrus SASL auth: SSF retrieval was incorrect.Phil Pennock2012-05-252-3/+8
| | | | | | | | | | | | | | Exim thought protection layer was required, which is not implemented. Patch from Wolfgang Breyha. Fixes bug 1254
* | It's 2012, not 1012. Noted by Jay RoumanPhil Pennock2012-05-251-1/+1
| |
* | Added some more .gitignore entriesNigel Metheringham2012-05-242-0/+8
| | | | | | | | Ignore more build side effects
* | Moved pdkim declaration to satisfy older compilersNigel Metheringham2012-05-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As suggested by Dennis Davis to fix an error with gcc 2.95.2 which threw the following error:- gcc pdkim.c pdkim.c: In function `pdkim_feed_finish': pdkim.c:1389: parse error before `*' pdkim.c:1390: `hdrs' undeclared (first use in this function) pdkim.c:1390: (Each undeclared identifier is reported only once pdkim.c:1390: for each function it appears in.) gmake[2]: *** [pdkim.o] Error 1 See https://lists.exim.org/lurker/message/20120524.094800.89928246.en.html
* | ReleaseTools: support .lz lzip archivesPhil Pennock2012-05-242-4/+63
| |
* | _ISOC99_SOURCE -> _GNU_SOURCEexim-4_80_RC5Phil Pennock2012-05-232-3/+5
| | | | | | | | | | _ISOC99_SOURCE broke build on Linux (Ubuntu 11.10) because it broke <resolv.h>, <arpa/nameser.h>, etc. Their u_char and u_int usage relies upon BSD source being enabled too. So use _GNU_SOURCE.
* | Define _ISOC99_SOURCE in exim.hPhil Pennock2012-05-233-3/+13
| | | | | | | | Done before os.h is pulled in so an OS can override it.
* | Doc: move -bmalware into alphabetic placePhil Pennock2012-05-231-20/+20
| |
* | Doc: s/DNS/domains/ in new textPhil Pennock2012-05-231-1/+1
| |
* | Doc: document when dnslookup will declinePhil Pennock2012-05-231-0/+34
| |
* | Doc: tls_require_ciphers examplesPhil Pennock2012-05-231-2/+41
| | | | | | | | | | | | Note how to test strings, provide examples which distinguish port 25 from other ports. Carefully used short examples, but allows two different strings per implementation and demonstrates how the strings are very different.
* | Manually control locale, setting to "C" in runtest script.Todd Lyons2012-05-231-0/+3
| | | | | | | | Fixes the output of 'ls' command to a standard format (test 345).
* | expanded comment, noting size types and API issuePhil Pennock2012-05-231-1/+5
| |
* | README.UPDATING: emphasise more the LDAP issuePhil Pennock2012-05-221-0/+7
| |
* | OCSP description: minor nitsPhil Pennock2012-05-221-2/+3
| |
* | Enable PCRE_CONFIG by defaultPhil Pennock2012-05-211-1/+1
| | | | | | | | | | | | | | | | | | With this, src/EDITME as Local/Makefile *only* needs EXIM_USER to be set and EXIM_MONITOR commented out for Exim to build on my box. I think this is a reasonable default; if there are releases of PCRE which do not include pcre-config, then on those boxes a slight change will be needed, but only where the file was already having to be edited anyway.
* | Guard SNI usage better (client-side)Phil Pennock2012-05-211-0/+8
| |
* | Testsuite: more robust fix for SHELL vs /bin/sh, take two.Jeremy Harris2012-05-213-13/+14
| |
* | Revert "Testsuite: more robust fix for SHELL vs /bin/sh"Jeremy Harris2012-05-212-8/+8
| | | | | | | | | | This reverts commit 8dedb69a41c30fd82ab6e084fe567f7ee7aaa562. Kills testcase 0137.
* | Testsuite: more robust fix for SHELL vs /bin/shJeremy Harris2012-05-212-8/+8
| |
* | OpenBSD compat, DNS resolver libraryPhil Pennock2012-05-211-0/+2
| | | | | | | | Report and point to fix from Dennis Davis.
* | Update binary's copyright message.Phil Pennock2012-05-212-2/+8
| | | | | | | | | | Rough text per suggestion from Tony. Amended ACKNOWLEDGEMENTS briefly, but need to actually add people. Like, er, me.
* | avoid NUL in dh params filePhil Pennock2012-05-211-1/+2
| | | | | | | | | | gnutls_dh_params_export_pkcs3() returns 2 different sizes. NUL observed by Janne Snabb
* | .end -> .wenexim-4_80_RC4Phil Pennock2012-05-211-1/+1
| |
View Lorry Controller Status