src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-07-04	It makes much more sense to do the loop checking on incoming mails rather	Eric Faurot
	than on outgoing mails... ok gilles@
2014-07-04	always attempt to use tls for relaying to the primary server when	Eric Faurot
	acting as a backup mx. reported by otto@. ok gilles@
2014-07-01	Fix snprintf() return value tests. ok gilles@	Matthieu Herrb

2014-06-10	we should really zero a buffer we strlcat to otherwise aliases resolution	Gilles Chehade
	really resolves nothing :-)
2014-06-07	Clint Pachl points out "authtable" is optional;	Jason McIntyre

2014-06-06	when relying on the local enqueuer, fix an issue with long To and Cc lines	Gilles Chehade
	that can lead to broken headers and confuse some MUA issue spotted by tedu@
2014-05-28	remove an errant semicolon.	Daniel Dickman
	ok gilles@
2014-05-25	use reallocarray.	Marc Espie
	okay gilles@
2014-05-23	use reallocarray	Marc Espie
	okay gilles@
2014-05-22	when we reduced the number of iovec's we passed through an imsg, the iovec	Gilles Chehade
	declaration was not bumped down causing us to pass extra junk leading to a crash in the pki lookup code. i'm amazed no one else crashed on that :-/ reported by Olivier Antoine who kindly provided access to his box
2014-05-20	format string cleanup: change "%i" to "%d" and fix a few typos	Eric Faurot

2014-05-20	Unify the SSL privsep key loading functions.	Reyk Floeter
	ok eric@
2014-05-20	Deep down inside OpenSSL, err... LibreSSL, RSA_set_ex_data attempts to	Reyk Floeter
	free() the external data when releasing the RSA object. The RSA_GET_EX_NEW_INDEX(3) manual page doesn't mention that this is the default behaviour - it just describes the possible free_func() callback - and the code path in libcrypto is hiding the fact behind layers of abstraction. Fix possible double free by allocating and copying the external data reference that is used for RSA privsep (pkiname in smtpd's case). ok eric@ gilles@
2014-05-20	remove dead files	Eric Faurot

2014-05-17	add missing header needed by str* and mem* functions	Charles Longeau
	ok gilles@
2014-05-15	use <> for tables;	Jason McIntyre
	original report from creamy; diff from Frank Brodbeck, tweaked
2014-05-12	fix a possible double free when tls is required but not advertised by	Eric Faurot
	the server. ok gilles@
2014-05-10	fix typo in function prototype	Charles Longeau
	ok gilles@
2014-05-10	Fix SSL breakage that I accidentally introduced with my previous commit.	Reyk Floeter

2014-05-09	stop casting sizeof to int	Ted Unangst

2014-05-06	Fix two memory leaks: EVP_PKEY_get1_RSA() returns a referenced key	Reyk Floeter
	that requires to call RSA_free() to dereference it after use. Also free a temporary key that was read by PEM_read_PrivateKey() and immediately written into a bio. ok markus@
2014-05-04	Create a new default RSA engine instead of patching the existing one	Reyk Floeter
	if none is available. Fixes SSL/TLS and a possible fatalx() on machines without a default RSA engine. Thanks to Bjorn Ketelaars for reporting and testing. ok gilles@ (for the relayd part)
2014-05-01	Move RSA keys from "lka" to a new dedicated "ca" process because lka	Reyk Floeter
	is handling some async requests and shouldn't be busy with sync RSA. ok gilles@
2014-04-30	when doing opportunistic TLS, do not only downgrade during negotiation, but	Gilles Chehade
	also downgrade if a TLS error happens during the session. ok eric@ who helped me with this
2014-04-30	when using maildir, do not create automatically create folders to match tag	Gilles Chehade
	in email address (ie: gilles+tag => ~/Maildir/.tag), instead use the folder if it already exists and deliver to the mail Maildir otherwise. ok eric@ and chl@
2014-04-30	The RSA engine (used by pony) has to wait for a response from the	Reyk Floeter
	privileged process (lka) and receive the imsgs in a while loop synchronously. But the lka also sends other imsgs (DNS etc.) that can still be queued up in the buffer when waiting for the RSA response. This only happens under load with many concurrent connections. For now, we just call the pony imsg handler for non-RSA imsgs that are already in the buffer. ok gilles@ eric@ blambert@
2014-04-29	For RSA private key privsep, only ever load the keys after forking the	Reyk Floeter
	separated process. This improves the previous because we don't trust the PEM and BIO routines to cleanup the keys correctly. ok gilles@
2014-04-29	Implement RSA privilege separation for OpenSMTPD, based on my previous	Reyk Floeter
	implementation for relayd(8). The smtpd(8) pony processes (mta client, smtp server) don't keep the private keys in memory but send their private key operations as imsgs to the "lookup"/mta process. It's worth mentioning that this prevents acidental private key leakage as it could have been caused by "Heartbleed". ok gilles@
2014-04-29	when a session fails due to a TLS error in a smtp+tls:// connection, try	Gilles Chehade
	plain before giving up ok eric@
2014-04-29	Remove unused arguments from ssl_smtp_init()	Reyk Floeter
	ok gilles@
2014-04-29	use explicit_bzero() instead of memset() to clear out sensitive data.	Reyk Floeter
	ok gilles@
2014-04-29	It is only required to load the keys and certs into the same SSL	Reyk Floeter
	context once. Simplify the code path by moving the loading from three different places into ssl_ctx_create(): ok gilles@
2014-04-22	malloc -> calloc	Gilles Chehade

2014-04-19	these snprintf() calls can't possibly truncate because they copy data from	Gilles Chehade
	buffers that are already protected against truncation and that do not exceed the destination buffer size when copied together ... however, i think we should add checks here too because it'll help us catch errors in table backends when adding new ones if we miss a truncation check there.
2014-04-19	(void) cast snprintf() that cannot truncate	Gilles Chehade

2014-04-19	(void) cast snprintf() call used to craft fatalx() message from within	Gilles Chehade
	smtpd, buffer is large enough and truncation harmless, we want to avoid memory allocation in that case and use a best-effort
2014-04-19	(void) cast snprintf calls that cannot truncate or for which earlier checks	Gilles Chehade
	ensure the copy won't fail
2014-04-19	(void) cast snprintf() calls that cannot truncate (and would be harmless	Gilles Chehade
	otherwise)
2014-04-19	remove dead code ... in code that's not plugged in yet ;-)	Gilles Chehade

2014-04-19	(void) cast snprintf that cannot truncate	Gilles Chehade

2014-04-19	(void) cast snprintf calls that cannot truncate	Gilles Chehade

2014-04-19	(void) cast snprintf call that cannot truncate	Gilles Chehade

2014-04-19	(void) cast snprintf() calls that cannot truncate	Gilles Chehade

2014-04-19	replace warnx message	Gilles Chehade

2014-04-19	add missing strlcpy() check in create_filter_chain() that would cause smtpd	Gilles Chehade
	to fatal at startup if truncation occured and we had enabled filters (void) cast a strlcpy() that cannot truncate
2014-04-19	add missing strlcpy() checks in create_filter() that would cause smtpd to	Gilles Chehade
	fatal at startup if truncation occured and we had enabled filters
2014-04-19	add missing strlcpy() check in is_if_in_group() to detect and warn about	Gilles Chehade
	the truncation rather than failing the ioctl() call that follows.
2014-04-19	add missing strlcpy() check when parsing "backup hostname" in smtpd.conf,	Gilles Chehade
	it could lead to smtpd not finding itself in a MX lookup if a hostname is specified that exceeds the max hostname len. while at it, add a missing free()
2014-04-19	(void) cast strlcpy() calls that cannot truncate	Gilles Chehade

2014-04-19	certs are looked up by hostname, the size of the buffer should use the	Gilles Chehade
	max hostname len, not max pathname len as before