src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-07-08	update filter configuration parsing (not plugged yet)	Eric Faurot

2014-07-08	send correct imsg when enabling profiling at runtime	Eric Faurot

2014-07-08	partially revert bogus commit	Eric Faurot

2014-07-08	get rid of mfa leftovers	Eric Faurot

2014-07-08	various queue improvements:	Eric Faurot
	- add a "close" hook to the backend API. - improve the sync() pattern in queue_fs: only sync at commit time and not for every envelope creation - various fixes to the experimental external queue API.
2014-07-08	remove dead code. these imsgs are handled in pony.c.	Eric Faurot

2014-07-08	make the filter API move forward (still not plugged).	Eric Faurot

2014-07-08	zap trailing tab	Eric Faurot

2014-07-08	Update the table API: lookup functions can take an optional parameters	Eric Faurot
	dictionnary (currently not set). While there, add a helper for forking external backends, and remove unused table functions. ok gilles@
2014-07-08	make sure to clear the WAIT flag when cancelling the connector timeout.	Eric Faurot

2014-07-08	fatalx(errorstr) -> fatalx("%s", errorstr)	Eric Faurot
	add missing include and remove redundant debug trace while here.
2014-07-08	Change fatal/fatalx to use a format string. Expand in a static buffer	Eric Faurot
	to cope with low-memory situations. ok gilles@ chl@
2014-07-08	no need to send a stat update message when {inc,dec}rementing by 0.	Eric Faurot

2014-07-08	fix typos.	Igor Sobrado
	ok jmc@
2014-07-08	improve indentation.	Igor Sobrado
	ok jmc@
2014-07-07	Allow to enable profiling at runtime and fix timings output.	Eric Faurot
	ok gilles@
2014-07-04	It makes much more sense to do the loop checking on incoming mails rather	Eric Faurot
	than on outgoing mails... ok gilles@
2014-07-04	always attempt to use tls for relaying to the primary server when	Eric Faurot
	acting as a backup mx. reported by otto@. ok gilles@
2014-07-01	Fix snprintf() return value tests. ok gilles@	Matthieu Herrb

2014-06-10	we should really zero a buffer we strlcat to otherwise aliases resolution	Gilles Chehade
	really resolves nothing :-)
2014-06-07	Clint Pachl points out "authtable" is optional;	Jason McIntyre

2014-06-06	when relying on the local enqueuer, fix an issue with long To and Cc lines	Gilles Chehade
	that can lead to broken headers and confuse some MUA issue spotted by tedu@
2014-05-28	remove an errant semicolon.	Daniel Dickman
	ok gilles@
2014-05-25	use reallocarray.	Marc Espie
	okay gilles@
2014-05-23	use reallocarray	Marc Espie
	okay gilles@
2014-05-22	when we reduced the number of iovec's we passed through an imsg, the iovec	Gilles Chehade
	declaration was not bumped down causing us to pass extra junk leading to a crash in the pki lookup code. i'm amazed no one else crashed on that :-/ reported by Olivier Antoine who kindly provided access to his box
2014-05-20	format string cleanup: change "%i" to "%d" and fix a few typos	Eric Faurot

2014-05-20	Unify the SSL privsep key loading functions.	Reyk Floeter
	ok eric@
2014-05-20	Deep down inside OpenSSL, err... LibreSSL, RSA_set_ex_data attempts to	Reyk Floeter
	free() the external data when releasing the RSA object. The RSA_GET_EX_NEW_INDEX(3) manual page doesn't mention that this is the default behaviour - it just describes the possible free_func() callback - and the code path in libcrypto is hiding the fact behind layers of abstraction. Fix possible double free by allocating and copying the external data reference that is used for RSA privsep (pkiname in smtpd's case). ok eric@ gilles@
2014-05-20	remove dead files	Eric Faurot

2014-05-17	add missing header needed by str* and mem* functions	Charles Longeau
	ok gilles@
2014-05-15	use <> for tables;	Jason McIntyre
	original report from creamy; diff from Frank Brodbeck, tweaked
2014-05-12	fix a possible double free when tls is required but not advertised by	Eric Faurot
	the server. ok gilles@
2014-05-10	fix typo in function prototype	Charles Longeau
	ok gilles@
2014-05-10	Fix SSL breakage that I accidentally introduced with my previous commit.	Reyk Floeter

2014-05-09	stop casting sizeof to int	Ted Unangst

2014-05-06	Fix two memory leaks: EVP_PKEY_get1_RSA() returns a referenced key	Reyk Floeter
	that requires to call RSA_free() to dereference it after use. Also free a temporary key that was read by PEM_read_PrivateKey() and immediately written into a bio. ok markus@
2014-05-04	Create a new default RSA engine instead of patching the existing one	Reyk Floeter
	if none is available. Fixes SSL/TLS and a possible fatalx() on machines without a default RSA engine. Thanks to Bjorn Ketelaars for reporting and testing. ok gilles@ (for the relayd part)
2014-05-01	Move RSA keys from "lka" to a new dedicated "ca" process because lka	Reyk Floeter
	is handling some async requests and shouldn't be busy with sync RSA. ok gilles@
2014-04-30	when doing opportunistic TLS, do not only downgrade during negotiation, but	Gilles Chehade
	also downgrade if a TLS error happens during the session. ok eric@ who helped me with this
2014-04-30	when using maildir, do not create automatically create folders to match tag	Gilles Chehade
	in email address (ie: gilles+tag => ~/Maildir/.tag), instead use the folder if it already exists and deliver to the mail Maildir otherwise. ok eric@ and chl@
2014-04-30	The RSA engine (used by pony) has to wait for a response from the	Reyk Floeter
	privileged process (lka) and receive the imsgs in a while loop synchronously. But the lka also sends other imsgs (DNS etc.) that can still be queued up in the buffer when waiting for the RSA response. This only happens under load with many concurrent connections. For now, we just call the pony imsg handler for non-RSA imsgs that are already in the buffer. ok gilles@ eric@ blambert@
2014-04-29	For RSA private key privsep, only ever load the keys after forking the	Reyk Floeter
	separated process. This improves the previous because we don't trust the PEM and BIO routines to cleanup the keys correctly. ok gilles@
2014-04-29	Implement RSA privilege separation for OpenSMTPD, based on my previous	Reyk Floeter
	implementation for relayd(8). The smtpd(8) pony processes (mta client, smtp server) don't keep the private keys in memory but send their private key operations as imsgs to the "lookup"/mta process. It's worth mentioning that this prevents acidental private key leakage as it could have been caused by "Heartbleed". ok gilles@
2014-04-29	when a session fails due to a TLS error in a smtp+tls:// connection, try	Gilles Chehade
	plain before giving up ok eric@
2014-04-29	Remove unused arguments from ssl_smtp_init()	Reyk Floeter
	ok gilles@
2014-04-29	use explicit_bzero() instead of memset() to clear out sensitive data.	Reyk Floeter
	ok gilles@
2014-04-29	It is only required to load the keys and certs into the same SSL	Reyk Floeter
	context once. Simplify the code path by moving the loading from three different places into ssl_ctx_create(): ok gilles@
2014-04-22	malloc -> calloc	Gilles Chehade

2014-04-19	these snprintf() calls can't possibly truncate because they copy data from	Gilles Chehade
	buffers that are already protected against truncation and that do not exceed the destination buffer size when copied together ... however, i think we should add checks here too because it'll help us catch errors in table backends when adding new ones if we miss a truncation check there.