Hi Lorenz,
Lorenz Brun via Exim-dev (Fr 14 Okt 2022 21:02:51 CEST):
> This fixes a use-after-free in dmarc_dns_lookup where the result
> of dns_lookup in dnsa is freed before the required data is copied out.
>
> Fixes: 9258363 ("DNS: explicit alloc/free of workspace")
…
Thanks for the fix, it
Andreas Metzler via Exim-dev (Sa 30 Apr 2022 10:34:23 CEST):
>
> People upgrading directly from < 4.93 to 4.96 would still have to deal
> with hard breakage on upgrades, but requirig a two step upgrade might be
> considered a fair compromise.
Yes, that's something I'm thinking about too.
4.95:
https://bugs.exim.org/show_bug.cgi?id=2855#c4
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -185,7 +185,7 @@ if (sender_helo_name) spool_var_write(fp, US"helo_name",
sender_helo_name);
if (sender_host_address)
{
if (is_tainted(sender_host_address)) putc('-', fp);
- fprintf(fp,
Hi *@{outlook,hotmail}.com,
unfortunately the IP, our new infrastructure server is sending the list
mails from, seems to be on a MS blacklist.
Some (if not all) of our subscribers using hotmail.com or outlook.com
addresses where unsubscribed automatically, as the messages bounced.
While Graeme
Heiko Schlittermann via Exim-dev (Do 13 Mai 2021 10:13:31
CEST):
> I merged 4.94+fixes into 4.94.2+fixes (again).
Not pushed yet, it's running the testsuite locally.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev E
Good morning,
Andreas Metzler via Exim-dev (Mi 12 Mai 2021 20:08:52 CEST):
> Thanks, seems to have happened again with
> c1faf04b865465894c7ca41ab4585fb69d4a5936. How about closing this branch
> e.g. with a commit deleting all files?
How to "close" a branch in Git?
There seem to be many ways.
Andreas Metzler via Exim-dev (Mi 12 Mai 2021 20:08:52 CEST):
> On 2021-05-09 Heiko Schlittermann via Exim-dev wrote:
>
> Thanks, seems to have happened again with
> c1faf04b865465894c7ca41ab4585fb69d4a5936. How about closing this branch
> e.g. with a commit deleting all files?
Andreas Metzler via Exim-dev (So 09 Mai 2021 08:06:11 CEST):
> Hello,
>
> there is a patch on exim-4.94+fixes which was applied after 4.94.2, it
> is therefore missing on exim-4.94.2+fixes.
>
> ed64b5c2f0f44db27ae48128fc97d5ad8406a28e Fix ${ipv6norm:}
Thank you, it is merged now into
Viktor Dukhovni via Exim-dev (So 14 Mär 2021 14:33:21 CET):
> For the record, the expectation is:
>
> - Absent DANE TLSA records, the literal MX hostname, which is
>of course insecurely obtained from MX records, so validation
>is mostly an exercise in futility. It would only mean
Hello,
more than 6 months passed since the release of Exim 4.94. We (mostly Jeremy)
put a lot of effort and work in improving the functionality, stability
and security of Exim.
Before publishing the next release of Exim we'd like to sort out some things
first, most notably:
- how to proceed
u34--- via Exim-dev (Do 10 Sep 2020 18:25:06 CEST):
> http://exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html#ratoptmea
> has the following duplication:
…
> The dupliaction is that acl_smtp_rcpt is mentioned twice.
Thanks. Fixed. Committed. Pushed.
--
Heiko
Hello,
I'm referring to https://bugs.exim.org/show_bug.cgi?id=2585
The -std=c99 flag causes the build to fail. Is this expected behaviour?
Or should we build cleanly using this flag too?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
admin--- via Exim-dev (Do 26 Mär 2020 18:30:27 CET):
> So there should be a way to disable the warning or perhaps it should not be
> shown at all, or at least only once a day.
I can imagine an at-startup warning if tls_advertise_hosts is non-empty
and no tls_certificate/tls_privatekey is
David Saez Padros via Exim-dev (Fr 20 Dez 2019 08:46:10
CET):
> Hi
>
> i'm a bit confused, exim is using libspf2 like spfquery.libspf2
> does and both return different results, not sure why exim is doing
> dns queries itself to interpret spf, the libspf2 documentation gives
> a very simple
Nick,
at the following GIT URL you'll find a branch heiko/x/cpanel/pre-flight
git://git.exim.org/~heiko/exim.git
Please be prepared that I'may change the history of this repo
without notice. This is no official repository, though it is
publicly available.
The branch
Andreas Metzler via Exim-dev (Mo 11 Mär 2019 19:34:50 CET):
> Hello,
>
> Thanks, the description of what to do is great, but the imho the
> rationale (what breaks?) should stay.
a23acfd5c4366f1c4d97e87ac61ee841f39b819a
--
Heiko
signature.asc
Description: PGP signature
--
## List details at
Andreas Metzler via Exim-dev (Sa 09 Mär 2019 17:49:28 CET):
> Hello,
>
> 52af44332434a2a34ae30f3d0ac3b549d512e4cc and the latest commit on 4.92
> fixes adds this change to spec:
>
> +&*Warning 3*&: Do not use an IPv4-mapped IPv6 address for a key; use the
> +IPv4. Such addresses being searched
Larry,
do you agree with this commit? Especially with the commit message, as it
mentions
your name and address.
Author: Heiko Schlittermann (HS12-RIPE)
Date: Fri Mar 8 18:29:20 2019 +0100
Add missing colon when logging outgoing I=
Credits to Larry Rosenman for
Larry Rosenman via Exim-dev (Fr 08 Mär 2019 17:51:03 CET):
> I just noticed that Exim 4.92 is missing the colon between the port and the
> address for the I= log line:
>
> Mar 8 10:28:40 thebighonker exim[98334]: 1h2IMP-000Pa0-Qe =>
> R=dnslookup T=remote_smtp S=2196
admin--- via Exim-dev (Mo 18 Feb 2019 07:30:24 CET):
> For example:
>
> acl_notquit:
> accept authenticated = *
>
> warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
> log_message = "Connection Ratelimit - $sender_fullhost because
> of notquit:
Hi,
we need you.
I've just packaged a new release candidate exim-4.92-RC3.
Please download, build, and test.
The only change to RC2 is in the example configuration. So this
change may affect packagers that auto-generated theire initial
configurations from the example config.
The original
Paul Hecker via Exim-dev (So 16 Dez 2018 19:52:45 CET):
> Hi,
> for sure, thanks!
exim 4.92-RC2 should work for you, doesn't it?
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
Hello,
a new release candidate has been released: 4.92-RC2
It contains the following fixes since RC1
fa287dc3 Re-create test/configure script
aaf3e414 Update Changelog for Bug 2351
569a8b23 Log failures to extract envelope addresses from message headers.
Bug 2351
22d6c944 doc:
Please do not cross-post to lists and private addresses.
Paul Hecker (Fr 14 Dez 2018 16:24:43 CET):
> can no longer compile this version with my current Makefile as there is
> WITH_CONTENT_SCAN=yes
> enabled and all other scanner interfaces disabled (as DISABLE_MAL_CLAM=yes,
>
I've built and uploaded Exim 4.92-RC1 to
https://ftp.exim.org/pub/exim/exim4/test
The current ChangeLog (since 4.91) and NewStuff files are attached to
this message. The tree is still open for commits. Please check if
you've any pending bugfixes or additions.
We need you: Please download,
Hi,
after a short chat with Jeremy we agreed, that I'll start the release
process. More than 6 months since the last release are over and there
is a bunch of additions, improvements, bug fixes.
If any of you has some committs not pushed yet, please integrate them
into the master branch until
Phil Pennock via Exim-dev (Sa 22 Sep 2018 07:06:21 CEST):
>
> I can't reach the box right now :\ Did you do anything like reboot it?
> Otherwise, it's support ticket time if it doesn't come back.
No, I just pulled the changes I pushed to the branch you created.
And I started the run-whatever
Heiko Schlittermann via Exim-dev (Mi 19 Sep 2018 11:46:52
CEST):
> I'll do so this evening (roughly UTC).
Almost ….
I made the changes, pushed it and pulled it into macstadiums
/opt/buildfarm/home/code and started ./invoke.buildfarm
But I do not see how you use test_configure_
Phil Pennock via Exim-dev (Di 18 Sep 2018 20:31:41 CEST):
> On 2018-09-16 at 12:49 +0100, Jeremy Harris via Exim-dev wrote:
> > The code addition looks reasonable on the surface. Go head and
> > push it to master.
>
> I'm going to let Heiko make his suggested improvements.
I'll do so this
Phil Pennock via Exim-dev (Sa 15 Sep 2018 03:34:35 CEST):
> I've made the buildfarm repos visible† on git.exim.org since there's
> nothing secret in them and we point folks to them on public wiki pages,
> and all the repos can be cloned without authentication.
>
> I've pushed to
Heiko Schlittermann (Sa 18 Aug 2018 09:29:50 CEST):
> > This.
> >
> > Add new operators, or options on current ones; don't
> > change how they currently work (barring bugs).
>
> +1
After a little bit more thinking
${astrlen:Ötzi} yields 5
${ustrlen:Ötzi} yields 4
${strlen:…} is
Jeremy Harris via Exim-dev (Fr 17 Aug 2018 13:03:33 CEST):
> On 08/17/2018 05:03 AM, Phil Pennock via Exim-dev wrote:
> > Anyone have strong feelings on how Exim should handle UTF-8 with
> > operators such as ${length_1:STR} ?
> >
> > Document that the current operators work on bytes
>
> This.
>
Renaud Allard via Exim-dev (Di 24 Apr 2018 00:05:08 CEST):
>
> Do you release a downloadable tar.gz archive of that branch? This would be
> interesting for maintainers which are using a "ports" system like the BSDs.
Currently not. But I'm thinking about it. But please, do not
admin--- via Exim-dev (Do 08 Mär 2018 14:24:47 CET):
> https://bugs.exim.org/show_bug.cgi?id=2250
>
> --- Comment #10 from David Carter ---
> I guess I will need to try bisection with the 4xy suggestion to minimise
> fallout.
>
> Any obvious points between
Phil Pennock (Di 13 Feb 2018 00:08:50 CET):
> On 2018-02-09 at 15:32 +, Vsevolod Stakhov via Exim-dev wrote:
> > It seems that FreeBSD is no longer considered in CVE early disclosure,
> > isn't it?
>
> There has been no change from Exim's side in how this was communicated.
>
Andreas Metzler (Sa 03 Feb 2018 18:57:19 CET):
…
> I googled in vain and experimented a bit. Using cherry-pick instead of
> merge seemed to work for me to change the committer.
>
> instead of git merge --ff
> use git cherry-pick ..
Yeah, probably I did exactly
Jeremy Harris (Sa 03 Feb 2018 18:03:18 CET):
…
> Previouly for commits done using content supplied by other people
> we have set the Author and left the Committer saying who did
> the commit. I'd like that to continue.
Yes, that was my intention too, but I didn't check if the
On 030caf2a9 it worked another way, there
I'm the committer, as I'd have expected.
I'm not sure anymore how I did it with 030caf2a9.
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at
Jeremy Harris (Sa 03 Feb 2018 17:41:07 CET):
> Who is "Vladimir Panteleev "
> and how did he acquire commit rights?
I merged his pull request from github. And I suppsed that I'll be the committer
then. Doesn't seem to have worked that way.
What did I
Hi,
sorry, if my questions weren't precise enough
ad...@bugs.exim.org (Mo 04 Dez 2017 07:21:39 CET):
> https://bugs.exim.org/show_bug.cgi?id=2206
>
> --- Comment #2 from Axel Reinhold ---
> > Did you compile it from the sources?
> yes - compiled from
ad...@bugs.exim.org (So 03 Dez 2017 09:28:01 CET):
…
> after update from 4.89 to 4.89.1 i get lots of errors in mailmainlog:
>
> 2017-12-03 09:07:11 1eLPIr-0006T7-29 Berkeley DB error: BDB1565 DB->pget:
> method not permitted before handle's open method
> 2017-12-03 09:07:11
Exim developers,
We have released a security release today.
The latest Exim release is now 4.89.1
This release contains all fixes we did on the exim-4_89+fixes branch
since the exim-4_89 release. This includes the fixes for
CVE-2017-16943 and CVE-2017-16944.
Tarballs are in the usual places
Both issues are fixed now.
CVE-2017-16943 (RCE) Exim Bug 2199
master: 4e6ae6235c68de243b1c2419027472d7659aa2b4
exim-4_89+fixes:4090d62a4b25782129cc1643596dc2f6e8f63bde
Fix done by Jeremy Harris
CVE-2017-16944 (DoS) Exim Bug 2201
Andreas Metzler (Sa 28 Okt 2017 13:22:31 CEST):
> Hello,
>
> find atached a trivial patch to fix a typo in exipick's documentation.
Thankyou (5dda37a2ea959801a0836097dc1e4ba43d78170b)
--
Heiko
signature.asc
Description: PGP signature
--
## List details at
Hi,
Rob McEwen (Sa 09 Sep 2017 20:59:01 CEST):
> What I want to accomplish is this: provide subscribers to the invaluement
> anti-spam blacklist... who use exim... the ability to have their DNS queries
> to DNSBLs... come directly from Exim, skipping the normal DNS
Andrew C Aitchison (Mi 05 Jul 2017 16:54:30 CEST):
> On Wed, 5 Jul 2017, ad...@bugs.exim.org wrote:
I reformatted the entry to match the original long lines:
> 2017-07-05 14:47:13 [19866] 1dSji4-0005AQ-GR <= h...@schlittermann.de
> H=(blade.schlittermann.de)
Hi James,
James C. McPherson (Mo 03 Jul 2017 23:34:48 CEST):
…
> Both readv and writev are POSIX-standard functions, so they
> should be available on all UNIX and UNIX-like systems.
>
> http://pubs.opengroup.org/onlinepubs/9699919799/functions/readv.html
>
Hi,
I get the feeling that with distribution of 4.89 the pressure to release
some small fixes raises.
I've prepared already a exim-4_89+fixes branch on
git://git.exim.org/~heiko/exim.git
It should include the following fixes as recommended by Jeremy
65e061b76867fix log line corruption
Heiko Schlittermann via Exim-dev <exim-dev@exim.org> (Mi 28 Jun 2017 00:16:11
CEST):
> Hi,
>
> I'm sitting with bug 2130 and I'm wondering if anybody knows how
> portable readv(2) and writev(2) are, on the platforms we'd like to
> support.
pwcheck.c uses writev(2) as does m
Hi,
I'm sitting with bug 2130 and I'm wondering if anybody knows how
portable readv(2) and writev(2) are, on the platforms we'd like to
support.
Any hints?
--
Heiko
signature.asc
Description: PGP signature
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details
Hello Exim Users and Exim Developers,
some of you may have noticed already CVE-2017-1000369. It is related
to a stack/heap clash. For more information see
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
As it is possible to abuse Exim as a tool to exploit this vulnerability
in
Viktor Dukhovni (Sa 06 Mai 2017 01:33:17 CEST):
>
> One workaround would be to only process "-be" when invoked as "exim", ...
> and not when the last path component argv[0] is "sendmail".
I'm working on a "sendmail" to be shipped with Exim, replacing
the current
52 matches
Mail list logo