src - OpenBSD base system

Age	Commit message (Collapse)	Author
2015-05-06	use res_hnok() to valid domain part in valid_domain()	Gilles Chehade
	ok eric@
2015-05-03	S was misplaced in r1.89, the optarg that was removed was actually needed	Gilles Chehade
	by R, so reintroduce it in the proper place. spotted and diff by Sunil Nimmagadda
2015-05-03	smtpd enqueue -S does not take an argument, fix optstring accordingly	Gilles Chehade
	fix by Nathanael Rensen
2015-04-19	Incorrect logic in smtpd(8) can lead to unexpected client disconnect, invalid	Gilles Chehade
	certificate in SNI negotiation or server crash. spotted by Edwin Torok
2015-04-06	remove superfluous ';' in Received lines	Gilles Chehade

2015-03-13	typo	Eric Faurot

2015-03-13	Missing free(3) in error path	Giovanni Bechis

2015-03-06	Document how to use anti-spoofing rules to reject spam.	Todd C. Miller
	OK deraadt@ gilles@ phessler@
2015-03-02	Cleanup smtpd.conf(5).	Anthony J. Bentley
	- use literal <> around smtpd tables instead of Aq - mark up some directives as Ic (previously Ar or unmarked) - use Dq/Sq instead of " in a few appropriate places - use Bl -column instead of Bd -literal for tables ok schwarze@
2015-02-27	Do not use the name returned by getlogin() when pw_uid from	Todd C. Miller
	getpwnam(getlogin()) doesn't match the real uid, unless the real uid is 0. This matches the behavior of sendmail and gives the corrent sender for mail sent by daemons that got started by a user who su'd or used sudo. OK dlg@ gilles@
2015-02-12	ber_printf_elements should return NULL if any of its parts fail.	Martin Pelikan
	Leave the error handling up to its callers. ok reyk
2015-02-08	Use AI_ADDRCONFIG when resolv hosts on startup.	Reyk Floeter
	OK henning@
2015-02-06	Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().	Reyk Floeter
	As discussed with beck@ jsing@ and others OK beck@
2015-01-22	LibreSSL now supports loading of CA certificates from memory, replace	Reyk Floeter
	the internal and long-serving ssl_ctx_load_verify_memory() function with a call to the SSL_CTX_load_verify_mem() API function. The ssl_privsep.c file with hacks for using OpenSSL in privsep'ed processes can now go away; portable versions of smtpd and relayd should start depending on LibreSSL or they have to carry ssl_privsep.c in openbsd-compat to work with legacy OpenSSL. No functional change. Based on previous discussions with gilles@ bluhm@ and many others OK bluhm@ (as part of the libcrypto/libssl/libtls diff)
2015-01-20	use <limits.h> comprehensively. For now try to push <> includes to	Theo de Raadt
	each .c file, and out of the .h files. To avoid overinclude. ok gilles, in principle. If this has been done right, -portable should become easier to maintain.
2015-01-16	SSL_CTX_use_certificate_chain() has been added to LibreSSL and there	Reyk Floeter
	is no need to keep a local copy in ssl_privsep.c. This adds a little burden on OpenSMTPD-portable because it will have to put it in openbsd-compat for compatibility with legacy OpenSSL. OK gilles@
2015-01-16	The SSL/TLS session Id context is limited to 32 bytes. Instead of	Reyk Floeter
	using the name of relayd relay or smtpd pki, use a 32 byte arc4random buffer that should be unique for the context. This fixes an issue in OpenSMTPD when a long pki name could break the configuration. OK gilles@ benno@
2015-01-16	Replace <sys/param.h> with <limits.h> and other less dirty headers where	Theo de Raadt
	possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2015-01-15	when enqueueing offline mails from within the daemon session, we should not	Gilles Chehade
	rely on getlogin() otherwise mail will end up enqueued as coming from user who started smtpd. bug spotted by deraadt@, diff ok todd@
2015-01-14	recipient and sender lists now support the user+TAG notation, allowing	Gilles Chehade
	among other things a secondary MX to filter recipients to be relayed to a primary MX even if they are using tags. there are other nice things to do with that feature, use your imagination. tested and ok florian@, tested by several users for a few days too
2015-01-14	bring back reverted commits, the crash was unrelated	Gilles Chehade

2015-01-11	revert two latest commits until a crash is fixed	Gilles Chehade

2015-01-11	unbreak the delivery_filename backend, now that it no longer prepends the	Gilles Chehade
	From separator line but gets it injected in its iobuf by the mda process, we need to make sure not to escape the first 'From ' we receive. spotted by deraadt@
2015-01-09	rename a variable to avoid a warning	Gilles Chehade
	spotted by deraadt@
2015-01-07	fix ctype casting bug spotted by Jonas 'Sortie' Termansen	Gilles Chehade

2015-01-06	move the message parser init earlier to avoid a possible use after free in	Gilles Chehade
	an unlikely error code path
2015-01-06	fix whitespace and indentation, by Kyle Milz	Gilles Chehade

2015-01-05	some third-party mda require a prepended From separator line, so remove the	Gilles Chehade
	prepending from delivery_filename backend and prepend conditionally earlier in the code path if delivery method is through mda or filename. ok eric@
2014-12-24	bump version	Eric Faurot

2014-12-24	Correctly fallback to PLAIN if opportunistics TLS fails during TLS handshake.	Eric Faurot
	fix by Stefan Sieg ok gilles
2014-12-24	missing include	Eric Faurot

2014-12-17	Use log_warnx() not log_warn() for mail loop warning since errno	Todd C. Miller
	is not set. OK gilles@
2014-12-14	these are no longer used, remove	Gilles Chehade

2014-12-13	Add DKIM signing example based on eric@'s asiabsdcon slides	Todd C. Miller
	OK gilles@ jmc@
2014-12-08	no need for arc4random_uniform() here, arc4random() does the job	Gilles Chehade
	spotted by deraadt@, ok eric@
2014-11-23	some third-party applications generate malformed headers which we can still	Gilles Chehade
	parse correctly, do not reject message as malformed in this case
2014-11-20	Don't allow embedded nul characters in strings.	Jonathan Gray
	Fixes a pfctl crash with an anchor name containing an embedded nul found with the afl fuzzer. pfctl parse.y patch from and ok deraadt@
2014-11-19	two obvious markup fixes; from frankgroeneveld dot nl	Ingo Schwarze

2014-11-16	Convert the logic in yyerror(). Instead of creating a temporary	Alexander Bluhm
	format string, create a temporary message. OK doug@
2014-11-14	Add gcc printf format attributes to yyerror() in parse.y files.	Doug Hogan
	No yyerror() calls needed to be changed. ok bluhm@
2014-11-12	truncate dead.letter	Gilles Chehade

2014-11-06	since domain appending is handled at the daemon level, don't try to do it	Gilles Chehade
	in the enqueuer itself, it leads to broken headers
2014-11-05	stop prepending the user id in local enqueuing Received line	Gilles Chehade

2014-11-02	increment s->datalen counter in append domain code to correctly account for	Gilles Chehade
	the data we wrote
2014-11-02	rework domain append by locating either the brackets or the last component	Gilles Chehade
	of an address and appending domain if not already there. this works better than trying to parse addresses and render them back, while allowing us to do the append "in place" and cope nicely with multi-line addresses.
2014-10-26	when using the local enqueuer, if the internal SMTP session fails, copy the	Gilles Chehade
	original message to ~/dead.letter so it's not lost
2014-10-25	newaliases / makemap should parse multi-line aliases entries	Gilles Chehade

2014-10-16	disable SSLv3	Gilles Chehade
	ok jsing@
2014-10-15	- allow empty headers	Gilles Chehade

2014-10-15	when From, To and Cc headers present users without domains, append the	Gilles Chehade
	listener hostname to avoid smtpd relaying a header that will be rewritten by the destination MX. ok eric@