-
Notifications
You must be signed in to change notification settings - Fork 1
/
CHANGES.TXT
executable file
·6557 lines (4465 loc) · 230 KB
/
CHANGES.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
-------
The major number changes for such things as code rewrites, changes in
syntax, and/or dramatic changes in functionality. The minor number
changes for corrections, enhancements, etc. made to the code. There
is no set schedule for releases.
--TODO--
+ smdb.c: parseCfAliasFile() should support multiple AliasFile
options and database access type as described in the Bat Book
3e. Requested by Didi Rieder.
+ Add an API that returns a vector of all the IP addresses,
machine name aliases, from across all interfaces.
+ With gcc 4.0 or -fstrict-aliasing turned on kvm.c reports
several warning concerning the (DBT185 *) pointer casts. This
should be fixed probably with a union type for dual mode, and
the proper type without casts for db 1.85.
? mcc: pthread_exit/pthread_cancel portability issues to Win32.
? mcc: appears to hang on exit when input piped from standard in.
? mime.c, uri.c: Fix message/rfc822 hack.
? Add a minimum size limit for conditional extraction of a MIME
part. Requested by AlexB.
--1.76.1
* Upgraded SQLite to 3.38.2. Note this might be the last update to
include it. It was needed when SQLite did not default to a threaded
build for BarricadeMX and milters.
! Update TLDs.
! Add -r option to secho test tool for servers that send a welcome
banner, like SMTP.
! Check for location of OpenSSL configuration directory.
! Fix jspr when the last label is an index into an array and the
index is beyond the end of the array, it should return nothing.
! socketAddress.h needs to include network.h for some #define.
--1.76.0
* Upgraded SQLite to 3.38.1.
! Fix show -f behaviour.
! Add senver.sh -u option.
! Fix major typos time62.c, reported by Florian Kirstein.
! Add a `rot` tool just because.
--1.75.58
* Upgraded SQLite to 3.30.1.
! More build related fixes and tweaks.
--1.75.57
* Upgraded SQLite to 3.28.0.
+ Add utility script semver.sh.
+ Add jspr.
--1.75.56
! Updated TLD list.
--1.75.55
* Upgraded SQLite to 3.26.0.
! Fix socket3_basic_connect() to use socketAddressCreate() to allow
opening hosts with a port and/or domain-literal brackets.
--1.75.54--
+ Add --enable-32bit flag for SunOS.
--1.75.53--
** Configure and build fixes for SunOS. Reported by warwick.ac.uk.
--1.75.52--
* Upgraded SQLite to 3.23.1.
! Updated TLD list.
** Fix guard bug in socket3_write_fd() where zero bytes resulted
in an error return instead of simply zero count. Reported by
Chris C.
* Fix smdb logging bug where a milter with verbose=database wasn't
logging the lookups.
--1.75.51--
* Upgraded SQLite to 3.15.2.
+ Added inplace tool.
+ Added od-like bitdump tool.
+ Added inetd myip service tool and check_myip.sh dynamic DNS script.
+ Fix some makefile build issues.
--1.75.50--
+ Add support to smtp2 API to pass in the HELO argument, fix the
logging, and add -e and -H options to smtp2 CLI for envelope
testing and HELO argument.
! Fix socket3_client() handling of ETIMEOUT reporting.
+ Add addpasswd.sh for Nginx password files.
! Fix flip tool handling of temporary file name to avoid name
collisions if multiple instances run at the same time. Also
replace custom error reporting code in favour of err.h.
+ Simple inetd service (myip) reports IPv4 or IPv6 address and
port number. If the server port is 80 or any port between
8000..8999, then treat it as an HTTP request.
--1.75.49--
* Upgraded SQLite to 3.9.2
! Updated TLD list.
+ Add functions to read/write UTF8 file streams.
+ Add string search functions based on Horspool, Sunday, and Smith.
+ Add .onion to RFC2606 reserved list.
+ Add basic err.h for Windows native.
! Fixed my version of cmp -l option to behave like normal cmp(1).
! Fix TokenNext handling of empty string from command line, ie. '\0'.
! Fixed option usage dump to allow for empty list items and handling
of escaped semi-colon in a list item.
--1.75.48--
+ Added pdqIgnoreTCP() and dns-ignore-tcp option for PDQ API.
pdq CLI now has -T option to disable TCP lookups. Requested
by Alex Broens.
! When making a TCP query, assert the TC bit is off.
! Some cosmetic changes to PDQ logging.
--1.75.47--
! Modify makefiles and version.sh.in to correspond with recent
switch to acsite.m4 and renaming of some macros.
!! Fixed memory leak in pdqRootGetNS().
! Modified dnsListQueryNs() to use pdqRootGetNS() instead of
pdqRootGet().
--1.75.46--
* Upgraded SQLite to 3.8.10.2
+ Added pdqListPruneSection().
! Modified pdqLog() to take a prefix string to improve log detail.
!! Fixed pdqInit() bug when the DNS server does not recurse and
we are using pdqSetShortQuery(1) to skip our own recursion.
Can't use pdqListPruneMatch() nor pdqListPrune() as it will
discard some or all of root_hints list. pdqRootGetNS() will
fetch an NS's 5A records on-demand as needed, so an incomplete
root_hints is not critical.
!! Fixed pdqRootGetNS() to correctly handle "glue record" results
when querying the root NS servers, which return no answer
records, only authority NS records. Impacted dnsListQueryNs()
and so uri and milter-link NS BL related options. Reported by
Alex Broens.
--1.75.45--
+ Added ulong_format, slong_format, ulong_tostring, slong_tostring.
! Fix dnsListCreate() to support both semi-colon and comma
separated list items. Reported by Alex Broens.
--1.75.44--
! Fixed potential leaks smfAccessMail2() and smfAccessRcpt2() on
buffer overflow error when forming combo tags.
! Fixed sys/malloc.c and sys/track.c handling of realloc().
! Always build alt_daemon(), especially for milters. Our version
uses exit() to terminate the parent so that atexit() handlers
are processed, while NetBSD (maybe others) use _exit().
--1.75.43--
! Fixed NET_GET_LONG() macro sign-extension bug when an unsigned
long is 64 bits.
! Fixed parsepath -t regression test to include the STRICT_ flags
by name.
! Fix uriParse2() handling of mail address containing plus-signs.
Plus-signs are permitted in the local-part of a mail address and
should not be URI decoded. Reported by Alex Broens.
! Replaced the alt_malloc stuff, which was ill-conceived anyway,
with newer debugging malloc replacement code to replace the
older DebugMalloc.
+ Add simplified memory leak tracking to replace DebugMalloc.
- Drop DebugMalloc from LibSnert.
! Moved free_clear() into a separate file separating it from
sys/malloc.c so that the pthread_cleanup_push/pop macros
continue to work.
+ Added --enable-track and fixed the build so that early
dependencies, such as getopt$O and track$O, are built in advance
of tools that rely on them, eg. Luhn.
! Modified TextSplit CLI test to take command line arguments for
individual tests separated from the old test suite (-t).
! Fixed mime CLI -p option part extraction should not include
headers.
! Exposed the mime CLI -B test option and mime-test.sh review.
! Vector element cleanup now defaults to free() instead of
FreeStub, since its the most common and avoids potential leaks.
Fixed Vector to work with -DTRACK so that when free() is
replaced by a macro, element cleanup still works through the
debug memory tracking.
! Fix smfAtExitCleanUp() to insure it cleans up smfOptTable on
exit. Also fixed option CLI test to clean up table0 and table1
on exit.
! Fix a very tiny leak in smf.c getMyDetails() related to option
handling.
! Replaced smfStartBackgroundProcess() by a macro using daemon()
instead and remove the SMF_STDIO_ disposition code, since daemon
handles standard I/O.
- Removed smfOptions() since it has been replaced for a long time
by smfOptTable and options API.
--1.75.42--
! Refactored SNERT_PTHREAD to use SNERT_CHECK_PACKAGE. Added
SNERT_SCHED.
! Fix VectorUniq() to compare against previous array value.
! Removed replyLine from smfWork object and modified smfReplyV()
to use a stack based buffer instead.
--1.75.41--
! Updated TLD list.
! Added .arpa to isReservedTLD().
+ Add smfAccessMail2() and smfAccessRcpt2() to allow passing of
parsePath() flags, instead of a global variable.
--1.75.40--
! Updated TLD list.
--1.75.39--
* Upgraded SQLite to 3.8.7.4
! Fix handling of EOF in mimeDoHookOctet(). Found while testing
enhancements to dnsList API and uri(1) command line string
arguments.
+ Implement (finally) support for SpamHaus multi-home A records
used to indicate membership is different lists. Requested by
Alex Broens.
--1.75.38--
! Minor changes to mcc test tool use named constants for command
indices.
! Minor fix to test mcc tool: Get a database handle. If database
doesn't exist it will be created while we're still single
threaded. mccCreate is also called by mcc_listener_thread to
get a handle, however, the database should already be created
to avoid locking conflict between threads.
+ Add DKIM hash tool and related testing files. This is a state
machine handling the header/body relaxed/simple parsing rules.
--1.75.37--
! Fix PTHEAD_FREE_PUSH and PTHEAD_FREE_POP macros to NULL the pointer
variable when PTHEAD_FREE_POP(!0) is executed.
! Fix mcc_listener_thread() to check for an existing key before
a PUT in order to preserve the "created" field.
--1.75.36--
! Added grey-test.sh
! Assert in mcc_listener_thread() that a received MCC packet sets
the "created" field.
--1.75.35--
* Upgraded SQLite to 3.8.6
+ Added TOKEN_KEEP_QUOTES to TokenNext; slightly different from
TOKEN_IGNORE_QUOTES. Used by mime -j parsing of very long To:
headers and splitting an unfolded header of mail addresses.
! Fixed mime -j handling of very long headers that span more than
one source buffer and fixed use of source_flash hook. Reported
by Vikas Singla concerning problem with parsing very long To:
header.
--1.75.34--
! Fix several Cygwin gcc compiler warnings.
! Add LIBSNERT_NUMBER numeric representation of the version.
! Fix MIME API handling of message/rfc822. Reported by Vikas Singla.
! Fix MIME API handling of To: and Received: headers within
message/rfc822 parts. Reported by Vikas Singla.
--1.75.33--
* Upgraded SQLite to 3.8.5
+ Added to the mime tool -B option for testing boundary matching
heuristics.
+ Added -N option to the mime tool to strip newlines (whitespace)
from JSON dumps of encoded Base64 parts. Commissined by Vikas
Singla.
! Modified TextTransliterate() to behave more like tr(1), all
except for -s. Function signature changed.
! Renamed (again) asEscape, asCarat, asControl, and asJson to
escapeC, escapeCarat, escapeAscii, and escapeJson respectively.
Also exposed escapeMapping() to allow for more variations.
--1.75.32--
+ MIME API hook source_octet, complement to decoded_octet.
! mime -j now dumps the source body by default; use -d option
to dump the decoded body with -j.
! Switch back to using the strict MIME boundary from RFC 2046
section 5.1.1 from the relaxed version introduced in 1.75.19
based on spam samples from AlexB. The relaxed version
mishandles too many lines that are clearly not boundaries,
such as:
- HTML part with a end HTML comment "-->" string at the
start of the line.
- Text heading "------ original ------" or cut here lines
like "---->8---->8----".
! Fixed uri_mime_header() to also flag a multipart/* body before
any interior subpart for URI. Spam sample had multipart/alternative
message with text, but no subparts. Such malformed messages don't
display in Thunderbird, but still useful to catch. Reported by
Alex Broens.
--1.75.31--
* Updated the TLD list.
! In pdqListFindName() assume CNAME lookups happen in order, so no
need to restart searches from the top for next CNAME in the chain
or the desire target record.
! cppcheck the code. Fixed minor leaks in some error code. Removed
dead code that only served as reminders what not to do.
! Complete replacement of cipher API based on previous IOCCC entry.
! Added extra hooks to MIME API. Added -j option to mime tool to
dump email message as JSON output. Commissined by Vikas Singla.
! Revised behaviour of TOKEN_KEEP_BACKSLASH and TOKEN_KEEP_QOUTES
to be more clear and renamed the constants. Added
TOKEN_KEEP_BRACKETS.
+ Added hash2.c/h for a new simplified hash table without all the
object nonsense.
+ Add uriFormat() to handle RFC 6570 level 3 URI Templates.
- Remove unused object/* code from libsnert distribution.
! Updated configure, aclocal.m4, and makefile.in to support out of
source build directory (finally). Thanks Micah N Gorrell for the
nudge.
+ Add alt_realloc() sys/malloc.c. Changed call signature of
alt_malloc().
+ Added printVar(), which has been repeated into far too many
programs. Also added snertPrintVersion(), snertPrintInfo() to
simplify printVersion() and printInfo() in those same programs.
--1.75.30--
! Fixed pdqGet() to address the original CNAME->MX lookup issue
reported by Steve Fregard for 1.75.19. Updated test.snert.net
to better exercise these cases:
pdq mx chain0.test.snert.net
pdq mx chain1.test.snert.net
! Added .home to list of reserved TLDs.
--1.75.29--
* Upgraded SQLite to 3.8.4.3
!! Back out a PDQ change from 1.75.19 (b8ea01d8d3b) for CNAME->MX
chain processing that broke CNAME loop and depth detection
and caused an infinite loop crash. Reported by Steve Freegard.
!! Fix mccPutRowLocal() to always include the created timestamp.
The SQLite behaviour for "INSERT OR REPLACE" is NOT the same as
"INSERT" or "UPDATE"; the missing columns during a REPLACE subject
to any CREATE TABLE defaults. Reported by Steve Freegard.
--1.75.28--
* Upgraded SQLite to 3.8.4.2
* Updated the TLD list.
! Added configure checks for some newer C99/C11 int types.
!! Fix problem with socket3_end_tls() handling of SSL_shutdown()
driving CPU high on some systems.
--1.75.27--
!! Fix socket3_close_tls() and socket3_shutdown_tls() to both use
socket3_end_tls() when terminating TLS connections.
! Fixed socket3_close_fd() read/discard loop to use socket3_read_fd(),
instead of socket3_read() to avoid the read hook call.
--1.75.26--
* Upgraded SQLite to 3.8.1.0
! Minor fixes to aclocal.m4 libmilter detection for debian.
!! Fix numerous gcc compiler warnings. In particular fixed
potential SPF seg.fault due to uninitialised variable. Also
fixed potential seg.fault or inifinite loop in events_wait_*()
when an error happens and longjmp is performed to process the
next event. Reported by Guenter Grodotzki.
--1.75.25--
! Fix SNERT_BERKELEY_DB handling of $d/include when there are no
child db directories; particularly relevant when only BDB 1.85
is installed (FreeBSD, NetBSD) caused and empty shell variable
to generate an error.
! Added packet dump logging in pdq_name_copy() for buffer under/over
errors in order to determine whether packets are mailformed (OxC0
compression) or internal error. Reported by Alex Broens.
--1.75.24--
* Upgraded SQLite to 3.8.0.2
! Updated SNERT_BUILD_THREADED_SQLITE3 for latest SQLite build.
! Minor addition to ansi tool.
! Fix bug where an email address in the URI path info would be
mistaken for URI authority and so cause a mis-parse of the URI.
eg:
http://scoaladesucces.ro/visa/acaro@gmx.de
Reported by Alex Broens.
--1.75.23--
! Fix socket3_close() to address TIME_WAIT (socket zombie) issue
by not calling shutdown SHUT_WR. Leave that to the application.
TIME_WAIT handled by proper use of linger timeout.
In the case of BarricadeMX:
1. Make sure that socke close functions no longer do a shutdown
SHUT_WR as a default matter of course.
2. Set linger timeout to 0 on new client connections, assumes
most connections drop by client or if dropped by application.
3. On SMTP QUIT set the linger timeout to about 3 or so seconds
for a clean close.
This LONG article helps clarify things...
http://www.serverframework.com/asynchronousevents/2011/01/time-wait-and-its-design-implications-for-protocols-and-scalable-servers.html
Thsi one explained linger more clearly...
http://alas.matf.bg.ac.rs/manuals/lspe/snode=105.html
- Removed socketFdClose(); not required with socketClose() and
socket3_close() changes above with respect to shutdown.
! Fix socket3_set_ca_certs() to check if the cert_dir and ca_chain
exist before calling SSL_CTX_load_verify_locations().
+ Added support for ISO 8601 format to convertDate().
! Minor change to uriParse2() to allow scheme:/scheme-info, ie. :/
vs :// when parsing http schemes; allows milter-link, BarricadeMX
to catch bogus / spam URLs. This is a non-standard URI based on
RFC 3986 and 2616. Reported by Alex Broens.
! Updated uri.txt to clarify some test cases; also add Alex Broens
"http:/" spam example.
! Minor change to playfair CLI to use getopt().
! Refactored DebugMalloc pthread support. Should now detect memory
leaks per thread.
!! Fixed memory leak of PDQ_SECTION_QUERY in pdqListPruneMatch().
!! Fixed memory leak in socketClose() due to socket3 converion.
! Updated IANA TLD list.
+ Added binary search tree API.
+ Added pthread_spin_* API detection.
! Renamed optionInitOption() to optionResetOption; since it has
always restored the Option to initial state, freeing previous
values.
--1.75.22--
* Upgraded SQLite to 3.7.17
! Fixed socket3_connect() handling of ECONNREFUSED, particularly
so that connections to a host with both an AAAA and A records
ie. localhost where a service isn't available on IPv6, then
falls back to the IPv4.
! Fixed secho CLI to work with IMAP STARTTLS and handling lengthy
replies from POP and IMAP commands, such as LIST, UIDL, LSUB,
etc.
! Fixed show tool's handling of -f follow option and removed old
UNBUFFERED code blocks in favour of stdio. Apply similar -f
fixes to sift tool.
! Prelimiary and untested code for sift -C option.
! Fix SPF bug where two or more SPF (TXT) records must return
PermError. Reported by Steve Freegard.
spf 147.143.7.63 bangor.ac.uk
The SPF test incorrectly toggles between returning Pass and Fail,
because bangor.ac.uk has 2 SPF TXT records. The correct answer is
PermError.
RFC 4408 section 3.1.3 talks about multiple strings in a TXT
record. Section 4.5 covers selecting records:
If there are two or more records remaining, then check_host()
exits immediately with the result of "PermError".
--1.75.21--
* Upgraded SQLite to 3.7.16.1
! Fix spfCheck() double free of target introduced in 1.75.20. Also
simplified spfMacro() to always return a malloc'd string, instead
of either malloc'd string or domain argument.
--1.75.20--
* Upgraded SQLite to 3.7.15.2
!! Fix seg.fault in SPF for IP or mail/domain parsing error.
! When an alternate SPF TXT recorded is supplied, then the default
result should be Neutral, instead of None. eg. -t "v=spf1"
! Fix SPF %{i} handling of IPv6 address.
! Fix SPF handling of %{l+}; plus-sign was being treated as a
Sendmail special delimiter, instead of just a literal.
! Add support for SPF RR type 99.
+ Add spf-test.sh RFC conformance test script.
--1.75.19--
! Add highwater and lifetime counters to "sift" database.
! Fix parseIPv6() for "1:2:3:4:5:6:7::".
! Fix formatIP() compact formatting of "1:2:3:4:5:6:7:0".
! Fix formatIP() buffer overflow by one when the buffer size is
IPV6_STRING_LENGTH for a full length IPv6 address that cannot
be compressed, eg. 1234:5678:9ABC:DEF0:1234:5678:9ABC:DEF0.
! Fix off-by-one bugs in in disrupted_transposition().
! uri now includes data: in scheme-to-port table.
! Added more HTTP_ API status codes.
! Fixed isReservedIPv6() handling of IS_IP_V6_RESERVED, introduced
in 1.75.17, as being part of IS_IP_RESTRICTED; broke pdq pruning
code. Restored IS_IP_V6_COMPATIBLE.
! Fixed pdq handling of MX/CNAME lookup per RFC 5321 section 5.1.
! Fix berkeley_db.h related macros for DB 5.x. Reported by Ben Parker.
! Relaxed the handling of MIME boundaries to allow any printable
ASCII character to be used following the initial "--". RFC 2046
section 5.1.1 limits the set of boundary characters to those
that are safe for mail gateways. However, Thunderbird MTA is
permissive about boundary characters and possibly other MUAs.
So milter-link or smtpf failing to parse a message with unusual
MIME boundaries could mean failing to detect spam messages that
would go on to be displayed by an MUA. Reported by Alex Broens.
! Fix isCharURI() by weakening the set of bytes allowed in a URI
in order to handle URI within a non-english multibyte string,
which was originally fixed in 1.66. For example:
^[$B%Q%=%3%s!&7HBS!!^[(Bhttp://www.c-evian.com
Suspect this has been broken for some time.
! Fixed uri seg.fault on exit due to some short-name CLI options,
which mapped onto long-name CGI options, that needed to be
dynamic strings, instead of static, so that at_exit_cleanup()
would work correctly.
! Fixed uri_mime_decoded_octet() such that is treated like
normal white space and thus a delimiter separating URI.
! htmlEntityDecode() no longer discards ­ (soft-hyphen) as
implemented in 1.74.13. Now its the caller's responsiblity, in
this case uri_mime_decoded_octet(), to remove or otherwise take
action on the 0xAD character code. This ensures proper
separation between decode/encode and action/display.
+ Add pad CLI tool.
! smdbAccessIsOk() no longer remaps SMDB_ACCESS_DISCARD to
SMDB_ACCESS_OK, so that milters return SMFIS_DISCARD.
! Fix MIME API and tool to handle parsing of Unix style mailbox
file with the prepended "From $sender $ctime" line. Added by
Sendmail and/or procmail when piping to a mail delivery agent.
Reported by Alex Broens.
+ Add natsort.c from http://sourcefrog.net/projects/natsort/ by
Martin Pool, author of strnatcmp.c.
--1.75.18--
! Finish modifications to MCC broadcast-only protocol to support
update in smtpf. Remove need for two listener threads (multicast
and unicast) since it possible for one socket to handle both.
! Modify socket2 and socket3 APIs to support IPv6 multicasting
used by multicast cache API. Note Linux and FreeBSD support
hybrid IP stack allows one sokcet to handle both IPv6 and IPv4.
--1.75.17--
* Upgraded SQLite to 3.7.12.1
! Fix typos in cipher.c base36[] and version.h.in.in.
! Updated isReservedIP functions for changes given by RFC 4291, 5735.
! Modified MCC to be broadcast-only protocol for improved performance.
Not finished yet; mcc_listener() to do. See USE_MCC2 blocks.
+ Added convertSyslog(), convertCtime(), convertToGmt().
+ Added token_bucket API.
! Replaced TextSplit() and TokenNext() returnEmptyToken parameter
with OR'ed set of flags: TOKEN_KEEP_EMPTY, TOKEN_KEEP_ESCAPES.
! Modifed LogOpen() and LogClose() to support standard output.
! Fixed potential memory leak in _pthread_cleanup_push() for Windows.
! Fixed leading zero bug in BufAddUnsigned().
! Renamed HTTP API's internal HTTP_CONTINUE with HTTP_GO, since
HTTP/1.1 has a 100 CONTINUE status code. Added two missing
status codes 100 and 101.
! Modified cipher to support block encrypting of a text file. Also
remove -B option; added -A option.
--1.75.16--
! Update the gTLD, ccTLD, and 2-level TLD lists. Added the 3-level
TLD list supplied by SURBL and updated tlds CLI to test 3 levels.
--1.75.15--
! Fixes for FreeBSD detecting POSIX Semaphore API and Berkeley DB
after changes in the configure script since 1.75.0. Reported by
Panagiotis Christias.
--1.75.14--
! Fixed MIME API parsing of MIME parts. Five of the following
six cases had to be fixed. Despite three of these case being
invalid, support for them was added.
A. With headers, end-of-header (EOH) line, and with content;
most common case, always worked, no change.
B. With headers, no EOH (invalid), and with content; fixed.
Thunderbird 11 will not parse these parts. Reported spam
samples from Alex Broens.
C. No headers (allowed, RFC 2046 section 5.1.1 paragraph 6),
with EOH, and with content; fixed.
D. No headers, no EOH (invalid), and with content; fixed. This
used to be a bug in Lotus Notes as I recall several years
ago and so had to be supported
E. No headers, with EOH, no content (empty part); fixed.
F. No headers, no EOH (invalid), no content (empty part); fixed.
Also added optional means to throw an error for invalid cases
that an application can detect if desired. Requested by Alex
Broens.
--1.75.13--
! Weakened spanHost() and spanDomain() to allow high-bit bytes in
the host / domain name based on spam samples from Alex Broens.
h t t p : / / e1 bd 9f e1 ba 8e e1 bd
8b e1 bc 9d c9 b2 . e1 bc 99 ce 91 e1 bf a9 c3
8c d1 90 . l h r s . t e p d t . c
o m / c8 99 e1 b8 b3 e1 be 8f - e1 bf ab G
K c4 a1 + m w m g
This change raises some concerns about the bluring of boundaries
between text and URI strings through weakened application of RFC
definitions of DNS names and URI strings (see similar issue with
isCharURI()).
--1.75.12--
! Fixed URI parsing of strings with junk high-bit bytes prefixing
a URI scheme. For example the following od(1) dump:
e2 85 bf c6 b4 h t t p : / / e2 84 8f
. p a f l a g . r u / / 6 s n b
n 4 3 . x v r
The spanScheme(), spanQuery(), spanFragment(), and spanURI() took
a "const char *" argument, but the ctype functions like isalnum()
take an "int" type. C type protomotion rules here would treat 0xE2
as -30 and so return undefined values outside the input range of
-1 to 255. To correct this, the span*() functions now take an
"const unsigned char *".
Reported by Alex Broens.
--1.75.11--
! Enhanced cipher API and CLI to support CT46 (-c 46), CT28 ASCII
Subset (-c 56), and CT37 Printable ASCII (-c 111), which use
shift and escape codes to extend the conversion tables. Removed
CT28 normalisation code. Assorted fixes.
! Fixed socketReadLine2() and socket3_read_line() (see popin.c) so
as to not read passed the newline.
! It should be the application to decide whether to disable linger
and/or set FD_CLOEXEC. Removed from sessionStart().
! Fixed uri API to parse attachments marked as:
Content-Type: application/octet-stream; name="file.htm"
Content-Type: application/octet-stream; name="file.txt"
Reported by Alex Broens.
+ Enhanced uri CLI to work as a CGI or as a specialised HTTP
daemon. Commissioned work. See util/uri-cgi.txt.
! Fixed inclusion of -lrt for clock_gettime() in Linux builds.
! Simplified socketAddressGetName() when the address is ::0 or
0.0.0.0; use the machine's assigned name.
--1.75.10--
* Upgraded SQLite to 3.7.10
! Modified spanDomain() to use the weaker label rules from uri.c
(see 1.75.1). In addition allow underscore in domain labels:
RFC 1035 section 2.3.1. Preferred name syntax grammar only
allows for alphanumeric, hyphen, and dot in domain names.
However, the DNS system does not disallow other characters from
actually being used in certain record types and in fact the SPF
RFC 4408 suggests utility labels like "_spf".
Reported by Alex Broens.
--1.75.9--
! Update smtp2 API function signatures to use the SMTP_Reply_Code
instead of a generic int type. The SMTP_Reply_Code enumeration
has been available for sometime, just not applied to the API
signatures until now.
! Fixed socket3_read_fd() and socket3_peek_fd() where it was
failing to save the sender address due to incorrect socket
length setting for the address structure.
! Updated TLD and 2-level TLDS lists.
+ Added pdqListFindQuery().
! Tweaked dnsListIsNameListed() to insure a failed query section
is completely skipped over.
--1.75.8--
! Fixed potential seg.fault in smfAccessPattern(); moved NULL
guard for ``actionp'' ahead of the NULL guard for the other
arguments.
! Changed URI API to allow for 8-bit characters in the URI. Also
detect and replace Big5 0xA143, 0xA144, 0xA14F representations
of dot with an ASCII dot; see RFC 3986 section 2 "Characters".
Reported by AlexB.
--1.75.7--
! Fix pdqGet() returning PDQ_TXT record with a NULL pointer for
the text string due to packet parse error. The caller might
neglect to verify the pointer is not NULL before accessing it.
Now if pdq_txt_create() returns an error (when string length
exceeds the packet data length) then the whole result list is
discarded.
--1.75.6--
! Minor change to pdqGet() to avoid performing unnecessary lookups
for related A/AAAA when an MX / NS / SOA lookup fails.
--1.75.5--
* Upgraded SQLite to 3.7.9
! Modified the pdqGet() MX 0 rule logic to better reflect the
wording in RFC 5321 section 5.1 paragraphs 2 and 3.
!! Fix a bug with PDQ reporting of timeouts. PDQ_QUERY records were
introduced in 1.75.0 (for IO event handling) as delimiter record
between parallel DNS queries in the same returned RR list. When
a query timed out in the old code, a simple PDQ_rr structure was
added to the RR list to carry PDQ_RCODE_TIMEDOUT. The new code
failed to change the structure used to PDQ_QUERY, and because of
structure size differences may have caused memory corruption,
segmentation faults, and/or double-frees.
! Fixed pdqListPruneMatch() to remove failed queries instead of
skipping the PDQ_QUERY record. This should return a list
consisting only of successful queries and related matching
records.
--1.75.4--
! Assert that mccStartUnicast() NULL terminates the unicast_ip host
array, as some entries may be discarded for the broadcast-to-self
case. Avoids a double-free abort by mccStopUnicast().
--1.75.3--
! Some of the configuration script and makefile changes done in
1.75.2 dropped the -pthread compiler/linker flag in certain
cases. This is meant to assert that the entire library is built
thread safe, unless --without-pthread given.
! Fixed socketReadLine2() to behave as before prior to the socket3
/ OpenSSL conversion. In particular assert that ENOTCONN is
returned for a read of zero (0) bytes; Linux and *BSD systems
set errno differently causing debug log confusion.
! Fixed handshake and buffering issue in socket3_start_tls(),
socket3_end_tls(), socket3_peek_tls(), socket3_read_tls(), and
socket3_write_tls() to correctly handle SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE conditions.
! Changed socket3_wait() for with and without TLS support. In
particular when there is data waiting in the TLS read buffer.
+ Added handling of thread-id for OpenSSL version 0.9.8 or older.
Also added OpenSSL dynamic lock call-backs for threads.
+ Added socket3_get_cipher_tls(), socket3_get_issuer_tls() and
socket3_get_subject_tls() to extract TLS and peer certificate
information for logging and/or testing.
+ Added socket3_get_error_tls() for better error logging by an
application, instead of being confined to the socket3 API layer.
+ Added default session-id-context for TLS renegotiation and
session caching. Also socket3_set_sess_id_ctx().
! Minor correction to socket3_is_peer_ok() and socket3_is_cn_tls()
to assert that a peer certificate was given and passed
validation.
! Fixed initialisation issues with socket3_init() and pdqInit()
related to TLS changes.
! Fixed two potential seg. faults in pdqEqual() and pdqGet()
related to PDQ_QUERY records introduced in 1.75.0.
! Fixed issues related to skipping of PDQ_QUERY records in
pdqListFindName() and fix handling of MX 0 rule in pdqGet(),
and pdq_create_rr().
! Fixed spfCheck() memory leaks related to A, MX, and PTR checks
and the handling of PDQ_QUERY records introduced in 1.75.0.
! Fixed pdqGetMX(), pdqListPrune5A, and pdqListPruneMatch() in
correct handling of PDQ_QUERY records causing memory leaks.