kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

comms/sendmail: update to 8.16.1

Browse source 
8.16.1/8.16.1	2020/07/05
	SECURITY: If sendmail tried to reuse an SMTP session which had
		already been closed by the server, then the connection
		cache could have invalid information about the session.
		One possible consequence was that STARTTLS was not
		used even if offered.  This problem has been fixed
		by clearing out all relevant status information
		when a closed session is encountered.
	OpenSSL versions before 0.9.8 are no longer supported.
	OpenSSL version 1.1.0 and 1.1.1 are supported.
	Initial support for DANE (see RFC 7672 et.al.) is available if
		the compile time option DANE is set.  Only TLSA RR 3-1-x
		is currently implemented.
	New options SSLEngine and SSLEnginePath to support OpenSSL engines.
		Note: this feature has so far only been tested with the
		"chil" engine; please report problems with other engines
		if you encounter any.
	New option CRLPath to specify a directory which contains
		hashes pointing to certificate revocations files.
		Based on patch from Al Smith.
	New rulesets tls_srv_features and tls_clt_features which
		can return a (semicolon separated) list of TLS related
		options, e.g., CipherList, CertFile, KeyFile,
		see doc/op/op.me for details.
	To automatically handle TLS interoperability problems for outgoing
		mail, sendmail can now immediately try a connection again
		without STARTTLS after a TLS handshake failure.
		This can be configured globally via the option
		TLSFallbacktoClear or per session via the 'C' flag
		of tls_clt_features.
		This also adds the new value "CLEAR" for the macro
		{verify}: STARTTLS has been disabled internally for
		a clear text delivery attempt.
	Apply Timeout.starttls also to the server waiting for the TLS
		handshake to begin.  Based on patch from Simon Hradecky.
	New compile time option TLS_EC to enable the use of elliptic
		curve cryptography in STARTTLS (previously available as
		_FFR_TLS_EC).
	Handle MIME boundaries specified in headers which contain CRLF.
	Fix detection of loopback net (it was broken when compiled
		with NETINET6) and only set the macros {if_addr_out}
		and {if_family_out} if the interface of the outgoing
		connection does not belong to the loopback net.
	Fix logic to enable a milter to delete a recipient in
		DeliveryMode=interactive even if it might be subject
		to alias expansion.
	Log name of a milter making changes (this was missing for
		some functions).
	Log the actual reply of a server when an SMTP delivery problem
		occurs in a "reply=" field if possible.
	Log user= for failed AUTH attempts if possible.  Based on
		patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
		and Joe Quinn.
	Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
		no changes can be made after it is created, hence it
		does not work with vacation(1) nor editmap(8) (except
		for query mode).
	Fix some memory leaks (mostly in error cases) and properly handle
		copied varargs in sm_io_vfprintf(). The issues were found
		using Coverity Scan and reported (including patches) by
		Ondřej Lysoněk of Red Hat.
	Do not override ServerSSLOptions and ClientSSLOptions when they
		are specified on the command line.  Based on patch from
		Hiroki Sato.
	Add RFC7505 Null MX support for domains that declare they do not
		accept mail.
	New compile time option LDAP_NETWORK_TIMEOUT which is set
		automatically when LDAPMAP is used and
		LDAP_OPT_NETWORK_TIMEOUT is available to enable the
		new -c option for LDAP maps to specify the network timeout.
	CONFIG: New FEATURE(`tls_session_features') to enable standard
		rules for tls_srv_features and tls_clt_features; for
		details see cf/README.
	CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
		for SSLEngine and SSLEnginePath, respectively.
	CONFIG: New options confDANE to enable DANE support.
	CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
	CONFIG: New extension CITag: for TLS restrictions, see cf/README
		for details.
	CONFIG: FEATURE(`blacklist_recipients') renamed to
		FEATURE(`blocklist_recipients').
	CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
		canonicalize IPv6 addresses; if cidrexpand is used with IPv6
		addresses then UseCompressedIPv6Addresses must be disabled.
	DOC: The dns map can return multiple values in a single result
		if the -z option is used.
	DOC: Note to set MustQuoteChars=. due to DKIM signatures.
	LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
		of Alcatel-Lucent.
	LIBMILTER: Fix reference in xxfi_negotiate documentation.
		Patch from Sven Neuhaus.
	LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
		Patch from G.W. Haywood.
	LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
		Patch from Martin Svec.
	MAKEMAP: New map type "implicit" refers to the first available type,
		i.e., it depends on the compile time options NEWDB, DBM,
		and CDB. This can be used in conjunction with the
		"implicit" map type in sendmail.cf.
		Note: makemap, libsmdb, and sendmail must be compiled
		with the same options (and library versions of course).
	Portability:
		Add support for Darwin 14-18 (Mac OS X 10.x).
		New option HAS_GETHOSTBYNAME2: set if your system
		supports gethostbyname2(2).
		Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
		changes in sys/sem.h
		On Linux set MAXHOSTNAMELEN (the maximum length
		of a FQHN) to 256 if it is less than that value.
	Added Files:
		cf/feature/blocklist_recipients.m4
		cf/feature/tls_failures.m4
		devtools/OS/Darwin.14.x
		devtools/OS/Darwin.15.x
		devtools/OS/Darwin.16.x
		libsmdb/smcdb.c
		sendmail/ratectrl.h
This commit is contained in:
jnemeth 2021-07-04 07:57:13 +00:00
parent 448b5c7319
commit 1a1e994dc1
24 changed files with 387 additions and 588 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
mail/sendmail/Makefile
View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.138 2020/05/16 15:36:24 rillig Exp $
# $NetBSD: Makefile,v 1.139 2021/07/04 07:57:13 jnemeth Exp $
PKGNAME= sendmail-${DIST_VERS}
PKGREVISION= 9
#PKGREVISION= 9
COMMENT= The well known Mail Transport Agent
CONFLICTS+= courier-mta-[0-9]* fastforward>=0.51nb2 postfix-[0-9]*
@ -55,10 +55,11 @@ SUBST_STAGE.cf-paths= pre-build
cf/feature/msp.m4 cf/feature/smrsh.m4 cf/m4/proto.m4 \
cf/mailer/pop.m4 cf/mailer/usenet.m4 cf/ostype/a-ux.m4 \
cf/ostype/aix3.m4 cf/ostype/aix4.m4 cf/ostype/aix5.m4 \
cf/ostype/amdahl-uts.m4 cf/ostype/darwin.m4 cf/ostype/dgux.m4 \
cf/ostype/domainos.m4 cf/ostype/dragonfly.m4 \
cf/ostype/dynix3.2.m4 cf/ostype/freebsd4.m4 \
cf/ostype/freebsd5.m4 cf/ostype/freebsd6.m4 cf/ostype/hpux10.m4 \
cf/ostype/altos.m4 cf/ostype/amdahl-uts.m4 cf/ostype/bsd4.4.m4 \
cf/ostype/darwin.m4 cf/ostype/dgux.m4 cf/ostype/domainos.m4 \
cf/ostype/dragonfly.m4 cf/ostype/dynix3.2.m4 \
cf/ostype/freebsd4.m4 cf/ostype/freebsd5.m4 \
cf/ostype/freebsd6.m4 cf/ostype/hpux10.m4 cf/ostype/hpux9.m4 \
cf/ostype/irix4.m4 cf/ostype/irix5.m4 cf/ostype/irix6.m4 \
cf/ostype/isc4.1.m4 cf/ostype/maxion.m4 cf/ostype/nextstep.m4 \
cf/ostype/openbsd.m4 cf/ostype/ptx2.m4 cf/ostype/riscos4.5.m4 \
@ -75,7 +76,6 @@ SUBST_SED.cf-paths+= -e "s|/var/spool|${VARBASE}/spool|g"
SUBST_SED.cf-paths+= -e "s|/var/run|${VARBASE}/run|g"
SUBST_SED.cf-paths+= -e "s|/usr/libexec|${PREFIX}/libexec/sendmail|g"
SUBST_SED.cf-paths+= -e "s|/usr/lib|${PREFIX}/libexec/sendmail|g"
SUBST_SED.cf-paths+= -e "s|/system/volatile|${VARBASE}/run|g"
SUBST_NOOP_OK.cf-paths= yes # some files contain only /var
REPLACE_PERL= contrib/socketmapClient.pl contrib/socketmapServer.pl

4
mail/sendmail/Makefile.common
View file

@ -1,4 +1,4 @@
# $NetBSD: Makefile.common,v 1.66 2019/12/03 18:51:02 bouyer Exp $
# $NetBSD: Makefile.common,v 1.67 2021/07/04 07:57:13 jnemeth Exp $
#
# used by mail/libmilter/Makefile
# used by mail/sendmail/Makefile
@ -22,7 +22,7 @@ PATCHDIR= ${.CURDIR}/../../mail/sendmail/patches
USE_LANGUAGES= c99
DIST_VERS= 8.15.2
DIST_VERS= 8.16.1
MAKE_ENV+= BSD_BINOWN=${BINOWN} BSD_BINGRP=${BINGRP} \
BSD_MANOWN=${MANOWN} BSD_MANGRP=${MANGRP} \

5
mail/sendmail/PLIST
View file

@ -1,4 +1,4 @@
@comment $NetBSD: PLIST,v 1.24 2015/07/11 10:08:32 jnemeth Exp $
@comment $NetBSD: PLIST,v 1.25 2021/07/04 07:57:13 jnemeth Exp $
bin/hoststat
bin/mailq
bin/newaliases
@ -101,6 +101,8 @@ share/sendmail/feature/bestmx_is_local.m4
share/sendmail/feature/bitdomain.m4
share/sendmail/feature/blacklist_recipients.m4
share/sendmail/feature/block_bad_helo.m4
share/sendmail/feature/blocklist_recipients.m4
share/sendmail/feature/check_cert_altnames.m4
share/sendmail/feature/compat_check.m4
share/sendmail/feature/conncontrol.m4
share/sendmail/feature/delay_checks.m4
@ -143,6 +145,7 @@ share/sendmail/feature/relay_mail_from.m4
share/sendmail/feature/require_rdns.m4
share/sendmail/feature/smrsh.m4
share/sendmail/feature/stickyhost.m4
share/sendmail/feature/tls_failures.m4
share/sendmail/feature/tls_session_features.m4
share/sendmail/feature/use_client_ptr.m4
share/sendmail/feature/use_ct_file.m4

47
mail/sendmail/distinfo
View file

@ -1,41 +1,40 @@
$NetBSD: distinfo,v 1.63 2020/04/24 14:33:08 manu Exp $
$NetBSD: distinfo,v 1.64 2021/07/04 07:57:13 jnemeth Exp $
SHA1 (sendmail.8.15.2.tar.gz) = 5801d4b06f4e38ef228a5954a44d17636eaa5a16
RMD160 (sendmail.8.15.2.tar.gz) = 1fe2210e1ded1fe2ee640fceb1de29f19ceaa8e4
SHA512 (sendmail.8.15.2.tar.gz) = 04feb37316c13b66b1518596507a7da7c16cb0bf1abf10367f7fd888a428fadb093a9efa55342fa55b936c3f0cbdc63b9e2505cd99201a69a0c05b8ad65f49f9
Size (sendmail.8.15.2.tar.gz) = 2207417 bytes
SHA1 (sendmail.8.16.1.tar.gz) = 748b6dfc47dfbb83ebfdd2e334c87032c4698eab
RMD160 (sendmail.8.16.1.tar.gz) = f128a52f67d29b1af318cfa345971ade37554894
SHA512 (sendmail.8.16.1.tar.gz) = d7d4aac3c6d7505782abdb166204901b8b51cac000d610dfe40eda9eef7441a073af9e8e0b14c8719b07b445f55a1e2c28ac63d663d0daa7f1eafc5a101788b2
Size (sendmail.8.16.1.tar.gz) = 2236402 bytes
SHA1 (patch-aa) = bd1ab754f7146d002eaf8c0347e114b4049a7776
SHA1 (patch-af) = bd3e26b0e78eadd610713430ae6deac888176442
SHA1 (patch-ag) = f76de45c7e8d16207670e151265b7edbca4c045c
SHA1 (patch-af) = 21f8c93a13d038fe49f0acbe38ad1453eb67788b
SHA1 (patch-ag) = 6dcca8944aa854f1767c7ee12fe14872a4e14d2e
SHA1 (patch-ah) = e6be09008b9230ffdd1560aaacbdbb2ee4fb8028
SHA1 (patch-ai) = 0bd3676dce988cf1167fae09443da0d1a1363abb
SHA1 (patch-ai) = 7a306d7239f4036cd8d80d6dbe2a07eb80f02d13
SHA1 (patch-aj) = e65e6fe44380de2f9c397c1a97677eb4ad285433
SHA1 (patch-an) = 56b8b82880b9ef8fefd7cbbe98dad30b8db753f1
SHA1 (patch-an) = 1481dd98d6aae000e71ba1c42f3d84197a4e4dc0
SHA1 (patch-ao) = 88dd76b71ad57a8d0efdb6e8518ff01689ecf634
SHA1 (patch-ap) = 9c83d9ed1b4d8c851c106597638763515923a4ab
SHA1 (patch-aq) = 722382daf085ac2f4a06d0c812bb00f49bcdfd2c
SHA1 (patch-ar) = 1ecf39ddded8504079c5c446625bf9ad9497044f
SHA1 (patch-as) = 652b107d5f68507a0b2fb7c5402186eff96c6bc0
SHA1 (patch-at) = 7c206df88d29671faef950276a5119ef2f525f4b
SHA1 (patch-au) = 87e907f36482f3ca03754160bc1ee106e17e3aaa
SHA1 (patch-av) = 1b6bd4547930507ab67427bcf8a390c0afce0fb0
SHA1 (patch-aw) = 2fb31bda2cafb41347c80e0809976f4d24fa169a
SHA1 (patch-ax) = adba9177404e10d5f461e1e8f0c4dd5840d78dd1
SHA1 (patch-ay) = 94f9c633c1d15037ddd0a6ed46a4f3aaec236fc2
SHA1 (patch-az) = 5885c524fcae3a314c07eadf661bbe6ae1c081e7
SHA1 (patch-ap) = 60745f30d1e8c13beeb8a3acb07c51fd2f8fac22
SHA1 (patch-aq) = 5c083d9f9f71bcc42811a3d085e936eaaa404c96
SHA1 (patch-ar) = 4e9162c96329716f844c0c64efb9d0a2915ad1cb
SHA1 (patch-as) = a36d4bf90f6803734bb686d5809a18ac6d8314ce
SHA1 (patch-at) = d0fd0f3826e2309f14fefde65a8653e01cae058e
SHA1 (patch-au) = 08a96e145a9c37ba1ba836457157f1ab781380dc
SHA1 (patch-av) = bb6ecd69f6b0db22056b492890d2c6369cd08977
SHA1 (patch-aw) = 89a0f2c3102f6baea966c8e604f642229ad41dc3
SHA1 (patch-ax) = 771c9c8a951a09c80eb85233986af1fc7fedbe77
SHA1 (patch-ay) = af4c41b9f7671920cd3db95552dc67edffaf729a
SHA1 (patch-az) = 53738dc9d3618838a6e6fd2f0ec9c4fd1f19ae2e
SHA1 (patch-ba) = c190b11b9874f00a18b9c75b6e734f4a9dd3f68f
SHA1 (patch-bb) = 6c86a60af25b02fc0389f1d40f59c5031d9679f1
SHA1 (patch-bc) = 9e7346342dfe1ca5d84053b913df4be41a979683
SHA1 (patch-bd) = 1a6d035c585838e771a1a677892b95bb82000a7b
SHA1 (patch-be) = d2f3397b7880f23f8cbd5d3c4eb5ccfe6a6ca75b
SHA1 (patch-bf) = 9c5faf5b38c18623e5ce4ffafc00a4430965e41a
SHA1 (patch-bg) = 17b750d84333eacd39a23aa313d5ba24dc7d2156
SHA1 (patch-bk) = 0b0b85fb6c5c80c8419c783dc3e35d28edbdb70b
SHA1 (patch-bg) = 716c90ff76edbdcb223111412bdd011d4a252ca6
SHA1 (patch-bl) = 4fff262691deb2fcacf5013bfeb5aede45783dcd
SHA1 (patch-bm) = b1ec82ab5a97c2dc7f7230d31e47c89b7b5ac1d9
SHA1 (patch-bn) = 3af37c9d3523d6093181ae3b7d4c25bc8173b7f9
SHA1 (patch-bo) = d338b035b54f87fc2e786ed85204c565fcc2c140
SHA1 (patch-bo) = ca819c8f8de9bd67b7e6d5738020c90b03c6fad8
SHA1 (patch-bp) = 9a1daac264aba6c4fc39a63a464b942dd25b06eb
SHA1 (patch-bq) = 548bf6d373cb49958437548a65803b6f3c6b35d2
SHA1 (patch-br) = 1f0b9716906b91ce2b867bf65e5c06ad16749e36
SHA1 (patch-sendmail_domain.c) = fafb14fb647d2f1600895aa8dc9464106906b447
SHA1 (patch-bs) = f73a66b3f747480505b26876430135364e9aa99e

35
mail/sendmail/patches/patch-af
View file

@ -1,10 +1,10 @@
$NetBSD: patch-af,v 1.12 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-af,v 1.13 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/conf.c.orig 2014-05-20 17:24:39.000000000 +0000
--- sendmail/conf.c.orig 2020-06-04 06:27:49.000000000 +0000
+++ sendmail/conf.c
@@ -43,6 +43,10 @@ SM_RCSID("@(#)$Id: conf.c,v 8.1191 2014-
# include <ulimit.h>
#endif /* HASULIMIT && defined(HPUX11) */
@@ -47,6 +47,10 @@ SM_RCSID("@(#)$Id: conf.c,v 8.1192 2014-
# include "tls.h"
#endif
+#if !HAS_GETHOSTBYNAME2
+extern struct __res_state sm_res;
@ -13,7 +13,7 @@ $NetBSD: patch-af,v 1.12 2014/06/15 20:48:50 jnemeth Exp $
static void setupmaps __P((void));
static void setupmailers __P((void));
static void setupqueues __P((void));
@@ -4242,13 +4246,13 @@ sm_getipnodebyname(name, family, flags,
@@ -4312,15 +4316,15 @@ sm_getipnodebyname(name, family, flags,
if (family == AF_INET6)
{
/* From RFC2133, section 6.1 */
@ -22,15 +22,17 @@ $NetBSD: patch-af,v 1.12 2014/06/15 20:48:50 jnemeth Exp $
+ resv6 = bitset(RES_USE_INET6, sm_res.options);
+ sm_res.options |= RES_USE_INET6;
}
# endif /* RES_USE_INET6 */
SM_SET_H_ERRNO(0);
h = gethostbyname(name);
# ifdef RES_USE_INET6
if (!resv6)
- _res.options &= ~RES_USE_INET6;
+ sm_res.options &= ~RES_USE_INET6;
# endif
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
@@ -4463,7 +4467,8 @@ sm_gethostbyaddr(addr, len, type)
@@ -4536,7 +4540,8 @@ sm_gethostbyaddr(addr, len, type)
#if NETINET6
if (type == AF_INET6 &&
@ -40,3 +42,20 @@ $NetBSD: patch-af,v 1.12 2014/06/15 20:48:50 jnemeth Exp $
{
/* Avoid reverse lookup for IPv6 unspecified address */
SM_SET_H_ERRNO(HOST_NOT_FOUND);
@@ -5690,13 +5695,13 @@ local_hostname_length(hostname)
{
size_t len_host, len_domain;
- if (!*_res.defdname)
+ if (!*sm_res.defdname)
res_init();
len_host = strlen(hostname);
- len_domain = strlen(_res.defdname);
+ len_domain = strlen(sm_res.defdname);
if (len_host > len_domain &&
(sm_strcasecmp(hostname + len_host - len_domain,
- _res.defdname) == 0) &&
+ sm_res.defdname) == 0) &&
hostname[len_host - len_domain - 1] == '.')
return len_host - len_domain - 1;
else

16
mail/sendmail/patches/patch-ag
View file

@ -1,25 +1,25 @@
$NetBSD: patch-ag,v 1.14 2012/03/12 12:53:13 fhajny Exp $
$NetBSD: patch-ag,v 1.15 2021/07/04 07:57:13 jnemeth Exp $
--- include/sm/conf.h.orig 2011-05-03 16:24:00.000000000 +0000
--- include/sm/conf.h.orig 2020-06-04 06:27:49.000000000 +0000
+++ include/sm/conf.h
@@ -381,7 +381,7 @@ typedef int pid_t;
# ifndef __svr4__
# define __svr4__ /* use all System V Release 4 defines below */
# endif /* ! __svr4__ */
# endif
-# if SOLARIS >= 21100
+# if SOLARIS >= 21100 && defined(SOLARIS_HAS_PATHS_H)
# include <paths.h>
# endif /* SOLARIS >= 21100 */
# endif
# ifndef _PATH_VARRUN
@@ -818,7 +818,11 @@ extern unsigned int sleepX __P((unsigned
@@ -827,7 +827,11 @@ extern unsigned int sleepX __P((unsigned
# ifndef LA_TYPE
# define LA_TYPE LA_SUBR
# endif /* ! LA_TYPE */
# endif
-# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
+# if defined(__NetBSD__) && (__NetBSD_Version__ > 299000900)
+# define SFS_TYPE SFS_STATVFS /* use <sys/statvfs.h> statfs() impl */
+# define SFS_TYPE SFS_STATVFS /* use <sys/statvfs.h> statfs() impl */
+# else
+# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
+# define SFS_TYPE SFS_MOUNT /* use <sys/mount.h> statfs() impl */
+# endif
# define SPT_TYPE SPT_PSSTRINGS /* use PS_STRINGS pointer */
# endif /* defined(BSD4_4) && !defined(__bsdi__) && !defined(__GNU__) && !defined(DARWIN)*/

14
mail/sendmail/patches/patch-ai
View file

@ -1,16 +1,16 @@
$NetBSD: patch-ai,v 1.9 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-ai,v 1.10 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/mci.c.orig 2014-03-06 17:31:31.000000000 +0000
--- sendmail/mci.c.orig 2020-05-19 19:54:33.000000000 +0000
+++ sendmail/mci.c
@@ -20,6 +20,7 @@ SM_RCSID("@(#)$Id: mci.c,v 8.225 2013-11
#endif /* NETINET || NETINET6 */
#endif
#include <dirent.h>
+#include <limits.h>
static int mci_generate_persistent_path __P((const char *, char *,
int, bool));
@@ -744,7 +745,11 @@ mci_lock_host_statfile(mci)
#if STARTTLS
# include <tls.h>
#endif
@@ -788,7 +789,11 @@ mci_lock_host_statfile(mci)
{
int save_errno = errno;
int retVal = EX_OK;

6
mail/sendmail/patches/patch-an
View file

@ -1,6 +1,6 @@
$NetBSD: patch-an,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
$NetBSD: patch-an,v 1.4 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/Makefile.m4.orig 2015-06-19 12:59:29.000000000 +0000
--- sendmail/Makefile.m4.orig 2020-06-08 08:35:03.000000000 +0000
+++ sendmail/Makefile.m4
@@ -4,9 +4,10 @@ include(confBUILDTOOLSDIR`/M4/switch.m4'
define(`confREQUIRE_LIBSM', `true')
@ -9,7 +9,7 @@ $NetBSD: patch-an,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
-define(`bldBIN_TYPE', `G')
+dnl define(`bldBIN_TYPE', `G')
define(`bldINSTALL_DIR', `')
define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
+APPENDDEF(`bldSOURCES',`blacklist.c ')
PREPENDDEF(`confENVDEF', `confMAPDEF')
bldPUSH_SMLIB(`sm')

33
mail/sendmail/patches/patch-ap
View file

@ -1,28 +1,23 @@
$NetBSD: patch-ap,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-ap,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- libmilter/sm_gethost.c.orig 2014-03-06 17:31:30.000000000 +0000
--- libmilter/sm_gethost.c.orig 2020-05-19 19:54:32.000000000 +0000
+++ libmilter/sm_gethost.c
@@ -49,19 +49,14 @@ sm_getipnodebyname(name, family, flags,
int flags;
int *err;
{
- bool resv6 = true;
struct hostent *h;
- if (family == AF_INET6)
- {
- /* From RFC2133, section 6.1 */
@@ -64,15 +64,15 @@ sm_getipnodebyname(name, family, flags,
if (family == AF_INET6)
{
/* From RFC2133, section 6.1 */
- resv6 = bitset(RES_USE_INET6, _res.options);
- _res.options |= RES_USE_INET6;
- }
+ resv6 = bitset(RES_USE_INET6, sm_res.options);
+ sm_res.options |= RES_USE_INET6;
}
# endif /* RES_USE_INET6 */
SM_SET_H_ERRNO(0);
+# if NETINET6
+ h = gethostbyname2(name, family);
+# else
h = gethostbyname(name);
- if (family == AF_INET6 && !resv6)
# ifdef RES_USE_INET6
if (!resv6)
- _res.options &= ~RES_USE_INET6;
+# endif
+ sm_res.options &= ~RES_USE_INET6;
# endif
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)

8
mail/sendmail/patches/patch-aq
View file

@ -1,10 +1,10 @@
$NetBSD: patch-aq,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-aq,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/conf.h.orig 2014-03-06 17:31:31.000000000 +0000
--- sendmail/conf.h.orig 2020-05-19 19:54:33.000000000 +0000
+++ sendmail/conf.h
@@ -234,6 +234,10 @@ struct rusage; /* forward declaration to
@@ -236,6 +236,10 @@ struct rusage; /* forward declaration to
# define PIPELINING 1 /* SMTP PIPELINING */
#endif /* PIPELINING */
#endif
+#ifndef NAMED_RESN
+# define NAMED_RESN 1 /* res_n* functions are available */

30
mail/sendmail/patches/patch-ar
View file

@ -1,8 +1,8 @@
$NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
$NetBSD: patch-ar,v 1.3 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/daemon.c.orig 2015-02-28 00:50:03.000000000 +0000
--- sendmail/daemon.c.orig 2020-06-02 09:41:43.000000000 +0000
+++ sendmail/daemon.c
@@ -57,6 +57,10 @@ SM_RCSID("@(#)$Id: daemon.c,v 8.698 2013
@@ -75,6 +75,10 @@ SM_RCSID("@(#)$Id: daemon.c,v 8.698 2013
# endif /* HAS_IN_H */
#endif /* IP_SRCROUTE && NETINET */
@ -12,8 +12,8 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
+
#include <sm/fdset.h>
#define DAEMON_C 1
@@ -754,6 +758,8 @@ getrequests(e)
#include <ratectrl.h>
@@ -774,6 +778,8 @@ getrequests(e)
anynet_ntoa(&RealHostAddr));
}
@ -22,7 +22,7 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
if (pipefd[0] != -1)
{
auto char c;
@@ -2298,16 +2304,16 @@ makeconnection(host, port, mci, e, enoug
@@ -2335,16 +2341,16 @@ makeconnection(host, port, mci, e, enoug
if (hp == NULL && p[-1] == '.')
{
#if NAMED_BIND
@ -39,10 +39,10 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
#if NAMED_BIND
- _res.options = oldopts;
+ sm_res.options = oldopts;
#endif /* NAMED_BIND */
#endif
}
*p = ']';
@@ -2336,15 +2342,15 @@ makeconnection(host, port, mci, e, enoug
@@ -2420,15 +2426,15 @@ makeconnection(host, port, mci, e, enoug
if (hp == NULL && *p == '.')
{
#if NAMED_BIND
@ -51,17 +51,17 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
- _res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
+ sm_res.options &= ~(RES_DEFNAMES|RES_DNSRCH);
#endif /* NAMED_BIND */
#endif
*p = '\0';
hp = sm_gethostbyname(host, family);
*p = '.';
#if NAMED_BIND
- _res.options = oldopts;
+ sm_res.options = oldopts;
#endif /* NAMED_BIND */
#endif
}
}
@@ -4007,13 +4013,13 @@ host_map_lookup(map, name, av, statp)
@@ -4136,13 +4142,13 @@ host_map_lookup(map, name, av, statp)
#if NAMED_BIND
if (map->map_timeout > 0)
{
@ -79,7 +79,7 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
}
#endif /* NAMED_BIND */
@@ -4076,9 +4082,9 @@ host_map_lookup(map, name, av, statp)
@@ -4220,9 +4226,9 @@ host_map_lookup(map, name, av, statp)
}
#if NAMED_BIND
if (map->map_timeout > 0)
@ -91,7 +91,7 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
#endif /* NAMED_BIND */
s->s_namecanon.nc_flags |= NCF_VALID; /* will be soon */
@@ -4407,11 +4413,11 @@ hostnamebyanyaddr(sap)
@@ -4551,11 +4557,11 @@ hostnamebyanyaddr(sap)
# if NAMED_BIND
/* shorten name server timeout to avoid higher level timeouts */
@ -108,12 +108,12 @@ $NetBSD: patch-ar,v 1.2 2019/07/15 04:32:49 jnemeth Exp $
# endif /* NAMED_BIND */
switch (sap->sa.sa_family)
@@ -4450,7 +4456,7 @@ hostnamebyanyaddr(sap)
@@ -4594,7 +4600,7 @@ hostnamebyanyaddr(sap)
}
# if NAMED_BIND
- _res.retry = saveretry;
+ sm_res.retry = saveretry;
# endif /* NAMED_BIND */
# endif
# if NETINET || NETINET6

24
mail/sendmail/patches/patch-as
View file

@ -1,10 +1,10 @@
$NetBSD: patch-as,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-as,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/deliver.c.orig 2014-05-16 20:40:15.000000000 +0000
--- sendmail/deliver.c.orig 2020-06-03 05:48:46.000000000 +0000
+++ sendmail/deliver.c
@@ -28,6 +28,10 @@ SM_RCSID("@(#)$Id: deliver.c,v 8.1030 20
# include "sfsasl.h"
#endif /* STARTTLS || SASL */
@@ -29,6 +29,10 @@ SM_RCSID("@(#)$Id: deliver.c,v 8.1030 20
# include "tls.h"
#endif
+#if NAMED_BIND
+extern struct __res_state sm_res;
@ -13,25 +13,25 @@ $NetBSD: patch-as,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
static int deliver __P((ENVELOPE *, ADDRESS *));
static void dup_queue_file __P((ENVELOPE *, ENVELOPE *, int));
static void mailfiletimeout __P((int));
@@ -1858,7 +1862,7 @@ deliver(e, firstto)
@@ -1909,7 +1913,7 @@ deliver(e, firstto)
#if NAMED_BIND
if (ConfigLevel < 2)
- _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
+ sm_res.options &= ~(RES_DEFNAMES | RES_DNSRCH); /* XXX */
#endif /* NAMED_BIND */
#endif
if (tTd(11, 1))
@@ -3438,7 +3442,7 @@ do_transfer:
@@ -3621,7 +3625,7 @@ do_transfer:
}
#if NAMED_BIND
if (ConfigLevel < 2)
- _res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
+ sm_res.options |= RES_DEFNAMES | RES_DNSRCH; /* XXX */
#endif /* NAMED_BIND */
#endif
if (tTd(62, 1))
@@ -5710,7 +5714,7 @@ hostsignature(m, host)
@@ -6017,7 +6021,7 @@ hostsignature(m, host, ad)
int hl;
char *hp;
char *endp;
@ -40,7 +40,7 @@ $NetBSD: patch-as,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
char *mxhosts[MAXMXHOSTS + 1];
unsigned short mxprefs[MAXMXHOSTS + 1];
#endif /* NAMED_BIND */
@@ -5780,7 +5784,7 @@ hostsignature(m, host)
@@ -6087,7 +6091,7 @@ hostsignature(m, host, ad)
#if NAMED_BIND
if (ConfigLevel < 2)
@ -49,7 +49,7 @@ $NetBSD: patch-as,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
for (hp = host; hp != NULL; hp = endp)
{
@@ -5908,7 +5912,7 @@ hostsignature(m, host)
@@ -6220,7 +6224,7 @@ hostsignature(m, host, ad)
}
makelower(s->s_hostsig.hs_sig);
if (ConfigLevel < 2)

180
mail/sendmail/patches/patch-at
View file

@ -1,77 +1,63 @@
$NetBSD: patch-at,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-at,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/domain.c.orig 2014-03-06 17:31:31.000000000 +0000
--- sendmail/domain.c.orig 2020-06-02 09:41:43.000000000 +0000
+++ sendmail/domain.c
@@ -39,7 +39,7 @@ static char MXHostBuf[MXHOSTBUFSIZE];
# endif /* ! MAXDNSRCH */
@@ -25,6 +25,8 @@ SM_RCSID("@(#)$Id: domain.c,v 8.205 2013
#if NAMED_BIND
+extern struct __res_state sm_res;
+
# include <arpa/inet.h>
# include <sm_resolve.h>
# if DANE
@@ -49,7 +51,7 @@ static char MXHostBuf[MXHOSTBUFSIZE];
# endif
# ifndef RES_DNSRCH_VARIABLE
-# define RES_DNSRCH_VARIABLE _res.dnsrch
+# define RES_DNSRCH_VARIABLE sm_res.dnsrch
# endif /* ! RES_DNSRCH_VARIABLE */
# endif
# ifndef NO_DATA
@@ -58,6 +58,8 @@ static char MXHostBuf[MXHOSTBUFSIZE];
# define RES_UNC_T unsigned char *
# endif /* defined(__RES) && (__RES >= 19940415) */
@@ -573,9 +575,9 @@ getmxrr(host, mxhosts, mxprefs, flags, r
# if DANE
cname2mx = false;
qname[0] = '\0';
- old_options = _res.options;
+ old_options = sm_res.options;
if (ad)
- _res.options |= SM_RES_DNSSEC;
+ sm_res.options |= SM_RES_DNSSEC;
# endif
+extern struct __res_state sm_res;
+
static int mxrand __P((char *));
static int fallbackmxrr __P((int, unsigned short *, char **));
@@ -205,11 +207,9 @@ getmxrr(host, mxhosts, mxprefs, droploca
char *fallbackMX = FallbackMX;
bool trycanon = false;
unsigned short *prefs;
- int (*resfunc) __P((const char *, int, int, u_char *, int));
unsigned short prefer[MAXMXHOSTS];
int weight[MAXMXHOSTS];
int ttl = 0;
- extern int res_query(), res_search();
if (tTd(8, 2))
sm_dprintf("getmxrr(%s, droplocalhost=%d)\n",
@@ -246,14 +246,24 @@ getmxrr(host, mxhosts, mxprefs, droploca
if (!UseNameServer)
goto punt;
- if (HasWildcardMX && ConfigLevel >= 6)
- resfunc = res_query;
- else
- resfunc = res_search;
errno = 0;
- n = (*resfunc)(host, C_IN, T_MX, (unsigned char *) &answer,
+ if (HasWildcardMX && ConfigLevel >= 6)
+#if NAMED_RESN
+ n = res_nquery(&sm_res, host, C_IN, T_MX,
+ (unsigned char *) &answer, sizeof(answer));
+#else
+ n = res_query(host, C_IN, T_MX, (unsigned char *) &answer,
+ sizeof(answer));
+#endif
+ else
+#if NAMED_RESN
+ n = res_nsearch(&sm_res, host, C_IN, T_MX,
+ (unsigned char *) &answer, sizeof(answer));
+#else
+ n = res_search(host, C_IN, T_MX, (unsigned char *) &answer,
sizeof(answer));
+#endif
if (n < 0)
{
if (tTd(8, 1))
@@ -337,7 +347,7 @@ getmxrr(host, mxhosts, mxprefs, droploca
GETSHORT(n, cp); /* rdlength */
if ((fallbackMX != NULL && (flags & DROPLOCALHOST) != 0 &&
@@ -743,7 +745,7 @@ getmxrr(host, mxhosts, mxprefs, flags, r
# endif
if (type != T_MX)
{
- if (tTd(8, 8) || _res.options & RES_DEBUG)
+ if (tTd(8, 8) || sm_res.options & RES_DEBUG)
sm_dprintf("unexpected answer type %d, size %d\n",
type, n);
cp += n;
@@ -635,7 +645,7 @@ bestmx_map_lookup(map, name, av, statp)
- if ((tTd(8, 8) || _res.options & RES_DEBUG)
+ if ((tTd(8, 8) || sm_res.options & RES_DEBUG)
# if DANE
&& type != T_RRSIG
# endif
@@ -1042,13 +1044,13 @@ punt:
}
done:
# if DANE
- _res.options = old_options;
+ sm_res.options = old_options;
# endif
return nmx;
error:
# if DANE
- _res.options = old_options;
+ sm_res.options = old_options;
# endif
return -1;
}
@@ -1118,7 +1120,7 @@ bestmx_map_lookup(map, name, av, statp)
int *statp;
{
int nmx;
@ -80,27 +66,27 @@ $NetBSD: patch-at,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
int i;
ssize_t len = 0;
char *result;
@@ -647,9 +657,9 @@ bestmx_map_lookup(map, name, av, statp)
@@ -1130,9 +1132,9 @@ bestmx_map_lookup(map, name, av, statp)
char buf[PSBUFSIZE / 2];
#endif /* _FFR_BESTMX_BETTER_TRUNCATION */
# endif
- _res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
+ sm_res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
nmx = getmxrr(name, mxhosts, NULL, false, statp, false, NULL);
nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1);
- _res.options = saveopts;
+ sm_res.options = saveopts;
if (nmx <= 0)
return NULL;
if (bitset(MF_MATCHONLY, map->map_mflags))
@@ -793,10 +803,15 @@ dns_getcanonname(host, hbsize, trymx, st
@@ -1282,16 +1284,22 @@ dns_getcanonname(host, hbsize, trymx, st
if (tTd(8, 2))
sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx);
- if ((_res.options & RES_INIT) == 0 && res_init() == -1)
- {
- *statp = EX_UNAVAILABLE;
- return false;
+ if ((sm_res.options & RES_INIT) == 0)
- return HOST_NOTFOUND;
+ if ((sm_res.options & RES_INIT) == 0) {
+# if NAMED_RESN
+ memset(&sm_res, 0, sizeof(sm_res));
+ if (res_ninit(&sm_res) == -1) {
@ -109,41 +95,53 @@ $NetBSD: patch-at,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
+# endif
+ *statp = EX_UNAVAILABLE;
+ return false;
+ }
}
# if DANE
- old_options = _res.options;
+ old_options = sm_res.options;
if (DANE_SECURE == Dane)
- _res.options |= SM_RES_DNSSEC;
+ sm_res.options |= SM_RES_DNSSEC;
# endif
*statp = EX_OK;
@@ -834,7 +849,7 @@ cnameloop:
dp = searchlist;
if (n > 0)
*dp++ = "";
@@ -1341,7 +1349,7 @@ cnameloop:
searchlist[sli++] = NameSearchList;
}
# endif
- if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options))
+ if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, sm_res.options))
{
/* make sure there are less than MAXDNSRCH domains */
for (domain = RES_DNSRCH_VARIABLE, ret = 0;
@@ -842,9 +857,9 @@ cnameloop:
@@ -1349,10 +1357,10 @@ cnameloop:
ret++)
*dp++ = *domain++;
searchlist[sli++] = *domain++;
}
- else if (n == 0 && bitset(RES_DEFNAMES, _res.options))
+ else if (n == 0 && bitset(RES_DEFNAMES, sm_res.options))
{
- *dp++ = _res.defdname;
+ *dp++ = sm_res.defdname;
SM_ASSERT(sli < SLSIZE);
- searchlist[sli++] = _res.defdname;
+ searchlist[sli++] = sm_res.defdname;
}
else if (*cp == '.')
{
@@ -879,8 +894,13 @@ cnameloop:
qtype == T_MX ? "MX" :
"???");
errno = 0;
+# if NAMED_RESN
+ ret = res_nquerydomain(&sm_res, host, *dp, C_IN, qtype,
+ answer.qb2, sizeof(answer.qb2));
+# else
ret = res_querydomain(host, *dp, C_IN, qtype,
answer.qb2, sizeof(answer.qb2));
+# endif
if (ret <= 0)
{
int save_errno = errno;
@@ -1658,13 +1666,13 @@ nexttype:
if (ttl > 0 && pttl != NULL)
*pttl = ttl;
# if DANE
- _res.options = old_options;
+ sm_res.options = old_options;
# endif
return ad ? HOST_SECURE : HOST_OK;
error:
# if DANE
- _res.options = old_options;
+ sm_res.options = old_options;
# endif
return HOST_NOTFOUND;
}

22
mail/sendmail/patches/patch-au
View file

@ -1,8 +1,8 @@
$NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
$NetBSD: patch-au,v 1.3 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/main.c.orig 2014-05-16 20:40:15.000000000 +0000
--- sendmail/main.c.orig 2020-06-02 09:41:43.000000000 +0000
+++ sendmail/main.c
@@ -148,6 +148,10 @@ int SyslogPrefixLen; /* estimated lengt
@@ -153,6 +153,10 @@ int SyslogPrefixLen; /* estimated lengt
} \
}
@ -13,9 +13,9 @@ $NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
int
main(argc, argv, envp)
int argc;
@@ -210,6 +214,15 @@ main(argc, argv, envp)
@@ -215,6 +219,15 @@ main(argc, argv, envp)
envp = environ;
#endif /* USE_ENVIRON */
#endif
+#if NAMED_BIND
+# if NAMED_RESN
@ -29,7 +29,7 @@ $NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
/* turn off profiling */
SM_PROF(0);
@@ -683,21 +696,25 @@ main(argc, argv, envp)
@@ -697,21 +710,25 @@ main(argc, argv, envp)
*/
#if NAMED_BIND
@ -49,7 +49,7 @@ $NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
# ifdef RES_NOALIASES
- _res.options |= RES_NOALIASES;
+ sm_res.options |= RES_NOALIASES;
# endif /* RES_NOALIASES */
# endif
- TimeOuts.res_retry[RES_TO_DEFAULT] = _res.retry;
- TimeOuts.res_retry[RES_TO_FIRST] = _res.retry;
- TimeOuts.res_retry[RES_TO_NORMAL] = _res.retry;
@ -65,7 +65,7 @@ $NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
#endif /* NAMED_BIND */
errno = 0;
@@ -1380,8 +1397,8 @@ main(argc, argv, envp)
@@ -1394,8 +1411,8 @@ main(argc, argv, envp)
}
#if NAMED_BIND
@ -73,10 +73,10 @@ $NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
- _res.retrans = TimeOuts.res_retrans[RES_TO_DEFAULT];
+ sm_res.retry = TimeOuts.res_retry[RES_TO_DEFAULT];
+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_DEFAULT];
#endif /* NAMED_BIND */
#endif
/*
@@ -2884,8 +2901,8 @@ main(argc, argv, envp)
@@ -2944,8 +2961,8 @@ main(argc, argv, envp)
sm_getla();
GrabTo = false;
#if NAMED_BIND
@ -84,6 +84,6 @@ $NetBSD: patch-au,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
- _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+ sm_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
#endif /* NAMED_BIND */
#endif
next = e->e_sibling;
e->e_sibling = NULL;

8
mail/sendmail/patches/patch-av
View file

@ -1,10 +1,10 @@
$NetBSD: patch-av,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-av,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/queue.c.orig 2014-05-16 20:40:15.000000000 +0000
--- sendmail/queue.c.orig 2020-05-27 16:32:09.000000000 +0000
+++ sendmail/queue.c
@@ -34,6 +34,10 @@ SM_RCSID("@(#)$Id: queue.c,v 8.1000 2013
# define SM_OPEN_EXLOCK 0
#endif /* ! SM_OPEN_EXLOCK */
#endif
+#if NAMED_BIND
+extern struct __res_state sm_res;
@ -13,7 +13,7 @@ $NetBSD: patch-av,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
/*
** Historical notes:
** QF_VERSION == 4 was sendmail 8.10/8.11 without _FFR_QUEUEDELAY
@@ -4360,13 +4364,13 @@ readqf(e, openonly)
@@ -4394,13 +4398,13 @@ readqf(e, openonly)
/* adjust BIND parameters immediately */
if (e->e_ntries == 0)
{

27
mail/sendmail/patches/patch-aw
View file

@ -1,10 +1,10 @@
$NetBSD: patch-aw,v 1.6 2020/04/12 09:11:42 jnemeth Exp $
$NetBSD: patch-aw,v 1.7 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/readcf.c.orig 2015-06-17 16:51:58.000000000 +0000
--- sendmail/readcf.c.orig 2020-06-02 09:41:43.000000000 +0000
+++ sendmail/readcf.c
@@ -20,6 +20,10 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013
@@ -26,6 +26,10 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013
# include <arpa/inet.h>
#endif /* NETINET || NETINET6 */
#endif
+#if NAMED_BIND
+extern struct __res_state sm_res;
@ -13,16 +13,16 @@ $NetBSD: patch-aw,v 1.6 2020/04/12 09:11:42 jnemeth Exp $
#define SECONDS
#define MINUTES * 60
@@ -2910,6 +2914,8 @@ static struct optioninfo
@@ -2979,6 +2983,8 @@ static struct optioninfo
{ "SetCertAltnames", O_CHECKALTNAMES, OI_NONE },
#endif
#define O_USECOMPRESSEDIPV6ADDRESSES 0xec
{ "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE },
+# define O_BLACKLIST 0xf2
+ { "UseBlacklist", O_BLACKLIST, OI_NONE },
+# define O_BLACKLIST 0xf8
+ { "UseBlacklist", O_BLACKLIST, OI_NONE },
{ NULL, '\0', OI_NONE }
};
@@ -3318,13 +3324,13 @@ setoption(opt, val, safe, sticky, e)
@@ -3386,13 +3392,13 @@ setoption(opt, val, safe, sticky, e)
if (rfp->rf_name == NULL)
syserr("readcf: I option value %s unrecognized", q);
else if (clearmode)
@ -33,15 +33,16 @@ $NetBSD: patch-aw,v 1.6 2020/04/12 09:11:42 jnemeth Exp $
+ sm_res.options |= rfp->rf_bits;
}
if (tTd(8, 2))
sm_dprintf("_res.options = %x, HasWildcardMX = %d\n",
- sm_dprintf("_res.options = %x, HasWildcardMX = %d\n",
- (unsigned int) _res.options, HasWildcardMX);
+ sm_dprintf("sm_res.options = %x, HasWildcardMX = %d\n",
+ (unsigned int) sm_res.options, HasWildcardMX);
#else /* NAMED_BIND */
usrerr("name server (I option) specified but BIND not compiled in");
#endif /* NAMED_BIND */
@@ -4540,6 +4546,10 @@ setoption(opt, val, safe, sticky, e)
UseCompressedIPv6Addresses = atobool(val);
@@ -4679,6 +4685,10 @@ setoption(opt, val, safe, sticky, e)
break;
# endif
+ case O_BLACKLIST:
+ UseBlacklist = atobool(val);

8
mail/sendmail/patches/patch-ax
View file

@ -1,6 +1,6 @@
$NetBSD: patch-ax,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
$NetBSD: patch-ax,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/savemail.c.orig 2014-05-16 20:40:15.000000000 +0000
--- sendmail/savemail.c.orig 2020-06-08 08:35:03.000000000 +0000
+++ sendmail/savemail.c
@@ -17,2 +17,6 @@ SM_RCSID("@(#)$Id: savemail.c,v 8.319 20
@ -9,10 +9,10 @@ $NetBSD: patch-ax,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
+#endif
+
static bool errbody __P((MCI *, ENVELOPE *, char *));
@@ -594,4 +598,4 @@ returntosender(msg, returnq, flags, e)
@@ -598,4 +602,4 @@ returntosender(msg, returnq, flags, e)
#if NAMED_BIND
- _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
- _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+ sm_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
#endif /* NAMED_BIND */
#endif

118
mail/sendmail/patches/patch-ay
View file

@ -1,63 +1,121 @@
$NetBSD: patch-ay,v 1.2 2014/06/20 05:24:32 jnemeth Exp $
$NetBSD: patch-ay,v 1.3 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/sm_resolve.c.orig 2014-05-16 20:40:15.000000000 +0000
--- sendmail/sm_resolve.c.orig 2020-06-08 08:35:03.000000000 +0000
+++ sendmail/sm_resolve.c
@@ -54,2 +54,6 @@ SM_RCSID("$Id: sm_resolve.c,v 8.40 2013-
@@ -57,2 +57,6 @@ SM_RCSID("$Id: sm_resolve.c,v 8.40 2013-
+#if NAMED_BIND
+extern struct __res_state sm_res;
+#endif
+
static struct stot
@@ -410,4 +414,4 @@ dns_lookup_int(domain, rr_class, rr_type
@@ -771,3 +775,3 @@ nsportip(p)
{
- if ((_res.options & RES_INIT) == 0)
+ if ((sm_res.options & RES_INIT) == 0)
(void) res_init();
@@ -796,7 +800,7 @@ dns_setns(ns, port)
{
- _res.nsaddr_list[0].sin_family = AF_INET;
- _res.nsaddr_list[0].sin_addr = *ns;
+ sm_res.nsaddr_list[0].sin_family = AF_INET;
+ sm_res.nsaddr_list[0].sin_addr = *ns;
if (port != 0)
- _res.nsaddr_list[0].sin_port = htons(port);
- _res.nscount = 1;
+ sm_res.nsaddr_list[0].sin_port = htons(port);
+ sm_res.nscount = 1;
if (tTd(8, 61))
@@ -945,3 +949,3 @@ dnscrtrr(domain, query, qtype, value, rr
- adflag = (_res.options & RES_USE_DNSSEC) != 0;
+ adflag = (sm_res.options & RES_USE_DNSSEC) != 0;
@@ -1289,3 +1293,2 @@ dns_lookup_int(domain, rr_class, rr_type
unsigned char *reply;
- int (*resfunc) __P((const char *, int, int, u_char *, int));
@@ -1296,10 +1299,4 @@ dns_lookup_int(domain, rr_class, rr_type
- resfunc = res_search;
-# if DNSSEC_TEST
- if (tTd(8, 110))
- resfunc = tstdns_search;
-# endif
-
- old_options = _res.options;
- _res.options |= options;
+ old_options = sm_res.options;
+ sm_res.options |= options;
if (err != NULL)
@@ -1310,3 +1307,3 @@ dns_lookup_int(domain, rr_class, rr_type
{
- old_options = _res.options;
- _res.options |= RES_DEBUG;
+ old_options = sm_res.options;
+ sm_res.options |= RES_DEBUG;
sm_dprintf("dns_lookup(%s, %d, %s)\n", domain,
@@ -417,4 +421,4 @@ dns_lookup_int(domain, rr_class, rr_type
sm_dprintf("dns_lookup_int(%s, %d, %s, %x)\n", domain,
@@ -1317,4 +1314,4 @@ dns_lookup_int(domain, rr_class, rr_type
sm_dprintf("NS=%s, port=%d\n",
- inet_ntoa(_res.nsaddr_list[0].sin_addr),
- ntohs(_res.nsaddr_list[0].sin_port));
+ inet_ntoa(sm_res.nsaddr_list[0].sin_addr),
+ ntohs(sm_res.nsaddr_list[0].sin_port));
# endif
@@ -1322,4 +1319,4 @@ dns_lookup_int(domain, rr_class, rr_type
{
- save_retrans = _res.retrans;
- _res.retrans = retrans;
+ save_retrans = sm_res.retrans;
+ sm_res.retrans = retrans;
}
@@ -422,4 +426,4 @@ dns_lookup_int(domain, rr_class, rr_type
@@ -1327,4 +1324,4 @@ dns_lookup_int(domain, rr_class, rr_type
{
- save_retry = _res.retry;
- _res.retry = retry;
+ save_retry = sm_res.retry;
+ sm_res.retry = retry;
}
@@ -428,3 +432,7 @@ dns_lookup_int(domain, rr_class, rr_type
@@ -1333,3 +1330,12 @@ dns_lookup_int(domain, rr_class, rr_type
reply = (unsigned char *)&reply_buf;
+#if NAMED_RESN
- len = (*resfunc)(domain, rr_class, rr_type, reply, SMRBSIZE);
+# if DNSSEC_TEST
+ if (tTd(8, 110))
+ len = tstdns_search(domain, rr_class, rr_type, reply, SMRBSIZE);
+ else
+# endif
+# if NAMED_RESN
+ len = res_nsearch(&sm_res, domain, rr_class, rr_type, reply, SMRBSIZE);
+#else
len = res_search(domain, rr_class, rr_type, reply, SMRBSIZE);
+#endif
+# else
+ len = res_search(domain, rr_class, rr_type, reply, SMRBSIZE);
+# endif
if (len >= SMRBSIZE)
@@ -448,4 +456,9 @@ dns_lookup_int(domain, rr_class, rr_type
else
+#if NAMED_RESN
@@ -1353,4 +1359,15 @@ dns_lookup_int(domain, rr_class, rr_type
SM_SET_H_ERRNO(0);
- len = (*resfunc)(domain, rr_class, rr_type,
- reply, IP_MAXPACKET);
+# if DNSSEC_TEST
+ if (tTd(8, 110))
+ len = tstdns_search(domain, rr_class,
+ rr_type, reply, IP_MAXPACKET);
+ else
+# endif
+# if NAMED_RESN
+ len = res_nsearch(&sm_res, domain, rr_class,
+ rr_type, reply, IP_MAXPACKET);
+#else
len = res_search(domain, rr_class, rr_type,
reply, IP_MAXPACKET);
+#endif
}
@@ -454,3 +467,3 @@ dns_lookup_int(domain, rr_class, rr_type
{
- _res.options = old_options;
+ sm_res.options = old_options;
sm_dprintf("dns_lookup(%s, %d, %s) --> %d\n",
@@ -466,5 +479,5 @@ dns_lookup_int(domain, rr_class, rr_type
+ rr_type, reply, IP_MAXPACKET);
+# else
+ len = res_search(domain, rr_class, rr_type,
+ reply, IP_MAXPACKET);
+# endif
}
@@ -1358,3 +1375,3 @@ dns_lookup_int(domain, rr_class, rr_type
}
- _res.options = old_options;
+ sm_res.options = old_options;
if (len < 0)
@@ -1394,5 +1411,5 @@ dns_lookup_int(domain, rr_class, rr_type
if (retrans > 0)
- _res.retrans = save_retrans;
+ sm_res.retrans = save_retrans;
if (retry > 0)
- _res.retry = save_retry;
+ sm_res.retry = save_retry;
return r;
return dr;

48
mail/sendmail/patches/patch-az
View file

@ -1,10 +1,10 @@
$NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
$NetBSD: patch-az,v 1.4 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/srvrsmtp.c.orig 2015-03-18 11:47:12.000000000 +0000
--- sendmail/srvrsmtp.c.orig 2020-06-08 08:35:03.000000000 +0000
+++ sendmail/srvrsmtp.c
@@ -46,6 +46,10 @@ static bool tls_ok_srv = false;
@@ -48,6 +48,10 @@ static bool tls_ok_srv = false;
static bool NotFirstDelivery = false;
#endif /* _FFR_DM_ONE */
#endif
+#if NAMED_BIND
+extern struct __res_state sm_res;
@ -13,7 +13,7 @@ $NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
/* server features */
#define SRV_NONE 0x0000 /* none... */
#define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
@@ -1328,6 +1332,7 @@ smtp(nullserver, d_flags, e)
@@ -1408,6 +1412,7 @@ smtp(nullserver, d_flags, e)
(int) tp.tv_sec +
(tp.tv_usec >= 500000 ? 1 : 0)
);
@ -21,7 +21,7 @@ $NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
}
}
}
@@ -1589,7 +1594,12 @@ smtp(nullserver, d_flags, e)
@@ -1680,7 +1685,12 @@ smtp(nullserver, d_flags, e)
/* get an OK if we're done */
if (result == SASL_OK)
{
@ -34,20 +34,26 @@ $NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
message("235 2.0.0 OK Authenticated");
authenticating = SASL_IS_AUTH;
macdefine(&BlankEnvelope.e_macro, A_TEMP,
@@ -1721,8 +1731,12 @@ smtp(nullserver, d_flags, e)
}
else
{
+ int fd;
@@ -1825,6 +1835,7 @@ smtp(nullserver, d_flags, e)
{ \
SET_AUTH_USER_CONDITIONALLY \
message("535 5.7.0 authentication failed"); \
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL), "AUTH FAIL"); \
if (LogLevel >= 9) \
sm_syslog(LOG_WARNING, e->e_id, \
"AUTH failure (%s): %s (%d) %s%s%.*s, relay=%.100s", \
@@ -1940,6 +1951,10 @@ smtp(nullserver, d_flags, e)
if (nullserver != NULL &&
++n_badcmds > MAXBADCOMMANDS)
{
+ int fd;
+
/* not SASL_OK or SASL_CONT */
message("535 5.7.0 authentication failed");
+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL");
if (LogLevel > 9)
sm_syslog(LOG_WARNING, e->e_id,
"AUTH failure (%s): %s (%d) %s, relay=%.100s",
@@ -3523,7 +3537,11 @@ doquit:
+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
+ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands");
message("421 4.7.0 %s Too many bad commands; closing connection",
MyHostName);
@@ -3663,7 +3678,11 @@ doquit:
#if MAXBADCOMMANDS > 0
if (++n_badcmds > MAXBADCOMMANDS)
{
@ -59,7 +65,7 @@ $NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
message("421 4.7.0 %s Too many bad commands; closing connection",
MyHostName);
@@ -3992,8 +4010,8 @@ smtp_data(smtp, e)
@@ -4136,8 +4155,8 @@ smtp_data(smtp, e)
id = e->e_id;
#if NAMED_BIND
@ -67,6 +73,6 @@ $NetBSD: patch-az,v 1.3 2019/07/15 04:32:49 jnemeth Exp $
- _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
+ sm_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
#endif /* NAMED_BIND */
#endif
#if _FFR_PROXY

19
mail/sendmail/patches/patch-bg
View file

@ -1,24 +1,13 @@
$NetBSD: patch-bg,v 1.1 2014/09/19 21:24:05 jnemeth Exp $
$NetBSD: patch-bg,v 1.2 2021/07/04 07:57:13 jnemeth Exp $
--- include/sm/config.h.orig 2014-03-06 17:31:29.000000000 +0000
--- include/sm/config.h.orig 2020-05-19 19:54:32.000000000 +0000
+++ include/sm/config.h
@@ -24,16 +24,14 @@
/*
** SM_CONF_STDBOOL_H is 1 if <stdbool.h> exists
-**
-** Note, unlike gcc, clang doesn't apply full prototypes to K&R definitions.
@@ -29,7 +29,7 @@
*/
# ifndef SM_CONF_STDBOOL_H
-# if !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
# define SM_CONF_STDBOOL_H 1
-# else /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
+# else /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# else
# define SM_CONF_STDBOOL_H 0
-# endif /* !defined(__clang__) && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
+# endif /* defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L */
# endif /* ! SM_CONF_STDBOOL_H */
/*

250
mail/sendmail/patches/patch-bk
View file

@ -1,250 +0,0 @@
$NetBSD: patch-bk,v 1.1 2018/12/05 12:10:21 bsiegert Exp $
From 02edb8d94682fcf13a7e98618294e06f728e66e6 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sat, 10 Sep 2016 19:27:17 +0000
Subject: [PATCH] sendmail: compile against openssl 1.1.0
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
debian/configure.ac | 13 +++--
sendmail/tls.c | 165 +++++++++++++++++++++++++++++++++++++++-------------
2 files changed, 132 insertions(+), 46 deletions(-)
diff --git a/sendmail/tls.c b/sendmail/tls.c
index 6b0ea25..6a10890 100644
--- sendmail/tls.c
+++ sendmail/tls.c
@@ -60,18 +60,58 @@ static unsigned char dh512_g[] =
0x02
};
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free(dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free(dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+#endif
+
static DH *
get_dh512()
{
DH *dh = NULL;
-
- if ((dh = DH_new()) == NULL)
- return NULL;
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return NULL;
+ BIGNUM *p;
+ BIGNUM *g;
+
+ dh = DH_new();
+ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if (!dh || !p || !g)
+ goto err;
+ if (!DH_set0_pqg(dh, p, NULL, g))
+ goto err;
return dh;
+err:
+ DH_free(dh);
+ BN_free(p);
+ BN_free(g);
+ return NULL;
}
# if 0
@@ -117,17 +157,22 @@ get_dh2048()
};
static unsigned char dh2048_g[]={ 0x02, };
DH *dh;
-
- if ((dh=DH_new()) == NULL)
- return(NULL);
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- {
- DH_free(dh);
- return(NULL);
- }
+ BIGNUM *p;
+ BIGNUM *g;
+
+ dh = DH_new();
+ p = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ g = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if (!dh || !p || !g)
+ goto err;
+ if (!DH_set0_pqg(dh, p, NULL, g))
+ goto err;
return(dh);
+err:
+ DH_free(dh);
+ BN_free(p);
+ BN_free(g);
+ return NULL;
}
# endif /* !NO_DH */
@@ -926,7 +971,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
{
/* get a pointer to the current certificate validation store */
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
- crl_file = BIO_new(BIO_s_file_internal());
+ crl_file = BIO_new(BIO_s_file());
if (crl_file != NULL)
{
if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1000,26 +1045,41 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
** maybe we should do it only on demand...
*/
- if (bitset(TLS_I_RSA_TMP, req)
# if SM_CONF_SHM
- && ShmId != SM_SHM_NO_ID &&
- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
- NULL)) == NULL
-# else /* SM_CONF_SHM */
- && 0 /* no shared memory: no need to generate key now */
-# endif /* SM_CONF_SHM */
- )
+ if (bitset(TLS_I_RSA_TMP, req)
+ && ShmId != SM_SHM_NO_ID)
{
- if (LogLevel > 7)
+ BIGNUM *bn;
+
+ bn = BN_new();
+ rsa_tmp = RSA_new();
+ if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ if (rsa_tmp)
{
- sm_syslog(LOG_WARNING, NOQID,
- "STARTTLS=%s, error: RSA_generate_key failed",
- who);
- if (LogLevel > 9)
- tlslogerr(LOG_WARNING, who);
+ if (!RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL))
+ {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ }
+ BN_free(bn);
+ if (!rsa_tmp)
+ {
+ if (LogLevel > 7)
+ {
+ sm_syslog(LOG_WARNING, NOQID,
+ "STARTTLS=%s, error: RSA_generate_key failed",
+ who);
+ if (LogLevel > 9)
+ tlslogerr(LOG_WARNING, who);
+ }
+ return false;
}
- return false;
}
+# endif /* SM_CONF_SHM */
# endif /* !TLS_NO_RSA */
/*
@@ -1210,9 +1270,15 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
/* this takes a while! */
- dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
- NULL, 0, NULL);
- dh = DSA_dup_DH(dsa);
+ dsa = DSA_new();
+ if (dsa) {
+ int r;
+
+ r = DSA_generate_parameters_ex(dsa, bits, NULL, 0,
+ NULL, NULL, NULL);
+ if (r != 0)
+ dh = DSA_dup_DH(dsa);
+ }
DSA_free(dsa);
}
else if (dh == NULL && bitset(TLS_I_DHFIXED, req))
@@ -1733,6 +1799,9 @@ tmp_rsa_key(s, export, keylength)
int export;
int keylength;
{
+ BIGNUM *bn;
+ int ret;
+
# if SM_CONF_SHM
extern int ShmId;
extern int *PRSATmpCnt;
@@ -1742,10 +1811,22 @@ tmp_rsa_key(s, export, keylength)
return rsa_tmp;
# endif /* SM_CONF_SHM */
- if (rsa_tmp != NULL)
- RSA_free(rsa_tmp);
- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
- if (rsa_tmp == NULL)
+ if (rsa_tmp == NULL) {
+ rsa_tmp = RSA_new();
+ if (!rsa_tmp)
+ return NULL;
+ }
+
+ bn = BN_new();
+ if (!bn)
+ return NULL;
+ if (!BN_set_word(bn, RSA_F4)) {
+ BN_free(bn);
+ return NULL;
+ }
+ ret = RSA_generate_key_ex(rsa_tmp, RSA_KEYLENGTH, bn, NULL);
+ BN_free(bn);
+ if (!ret)
{
if (LogLevel > 0)
sm_syslog(LOG_ERR, NOQID,
@@ -1971,9 +2052,9 @@ x509_verify_cb(ok, ctx)
{
if (LogLevel > 13)
tls_verify_log(ok, ctx, "x509");
- if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
{
- ctx->error = 0;
+ X509_STORE_CTX_set_error(ctx, 0);
return 1; /* override it */
}
}

16
mail/sendmail/patches/patch-bo
View file

@ -1,9 +1,9 @@
$NetBSD: patch-bo,v 1.3 2020/04/12 09:11:42 jnemeth Exp $
$NetBSD: patch-bo,v 1.4 2021/07/04 07:57:13 jnemeth Exp $
--- sendmail/sendmail.h.orig 2015-06-19 12:59:29.000000000 +0000
--- sendmail/sendmail.h.orig 2020-07-02 05:00:37.000000000 +0000
+++ sendmail/sendmail.h
@@ -57,6 +57,10 @@ SM_UNUSED(static char SmailId[]) = "@(#)
#endif /* _DEFINE */
@@ -63,6 +63,10 @@ SM_UNUSED(static char SmailId[]) = "@(#)
#endif
#include "bf.h"
+#ifdef USE_BLACKLIST
@ -13,11 +13,11 @@ $NetBSD: patch-bo,v 1.3 2020/04/12 09:11:42 jnemeth Exp $
#include "timers.h"
#include <sm/exc.h>
#include <sm/heap.h>
@@ -2544,6 +2548,8 @@ EXTERN int ConnectionRateWindowSize;
EXTERN bool SSLEngineInitialized;
#endif /* STARTTLS && USE_OPENSSL_ENGINE */
@@ -2576,6 +2580,8 @@ EXTERN int Hacks; /* bit field of run-ti
+EXTERN bool UseBlacklist;
EXTERN int ConnectionRateWindowSize;
+EXTERN bool UseBlacklist;
+
/*
** Declarations of useful functions

12
mail/sendmail/patches/patch-bs Normal file
View file

@ -0,0 +1,12 @@
$NetBSD: patch-bs,v 1.1 2021/07/04 07:57:13 jnemeth Exp $
--- libsm/notify.c.orig 2020-05-19 19:54:32.000000000 +0000
+++ libsm/notify.c
@@ -15,6 +15,7 @@
#include <sm/assert.h>
#include <sm/notify.h>
+#include <sys/select.h>
#include <sys/types.h>
#include <signal.h>
#include <stdio.h>

31
mail/sendmail/patches/patch-sendmail_domain.c
View file

@ -1,31 +0,0 @@
$NetBSD: patch-sendmail_domain.c,v 1.1 2020/04/24 14:33:08 manu Exp $
Add missing curly brackets that caused res_ninit() to be called
with non-zeroed state structure. In NetBSD, res_ninit() detects
the mistake and quickly calls res_ndestroy(), which will close file
descriptors based on the random data provided in the state structure.
The result at mine is sendmail going mute after the MAIL FROM
command.
--- sendmail/domain.c.orig
+++ sendmail/domain.c
@@ -802,17 +802,18 @@
if (tTd(8, 2))
sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx);
- if ((sm_res.options & RES_INIT) == 0)
+ if ((sm_res.options & RES_INIT) == 0) {
# if NAMED_RESN
memset(&sm_res, 0, sizeof(sm_res));
if (res_ninit(&sm_res) == -1) {
# else
if (res_init() == -1) {
# endif
*statp = EX_UNAVAILABLE;
return false;
+ }
}
*statp = EX_OK;