Apply patch (requested by tron in ticket #556): Update Postfix to 2.11.4.diff -r1.1145.2.8 -r1.1145.2.9 src/doc/3RDPARTY
(snj)
--- src/doc/3RDPARTY 2015/02/05 15:13:12 1.1145.2.8
+++ src/doc/3RDPARTY 2015/03/03 07:11:08 1.1145.2.9
@@ -1,1552 +1,1552 @@ | @@ -1,1552 +1,1552 @@ | |||
1 | # $NetBSD: 3RDPARTY,v 1.1145.2.8 2015/02/05 15:13:12 martin Exp $ | 1 | # $NetBSD: 3RDPARTY,v 1.1145.2.9 2015/03/03 07:11:08 snj Exp $ | |
2 | # | 2 | # | |
3 | # This file contains a list of the software that has been integrated into | 3 | # This file contains a list of the software that has been integrated into | |
4 | # NetBSD where we are not the primary maintainer. | 4 | # NetBSD where we are not the primary maintainer. | |
5 | # | 5 | # | |
6 | # When you make changes to this software, be sure to discuss it with the | 6 | # When you make changes to this software, be sure to discuss it with the | |
7 | # maintainer and contribute your patches. Divergence from the official | 7 | # maintainer and contribute your patches. Divergence from the official | |
8 | # sources is not desirable, and should be avoided as much as possible. | 8 | # sources is not desirable, and should be avoided as much as possible. | |
9 | # | 9 | # | |
10 | # When importing, please deal with the RCS IDs in this way: | 10 | # When importing, please deal with the RCS IDs in this way: | |
11 | # 1. Preserve the RCS IDs in the files by removing the $ signs from | 11 | # 1. Preserve the RCS IDs in the files by removing the $ signs from | |
12 | # the IDs before you do the import. | 12 | # the IDs before you do the import. | |
13 | # 2. After the import, add NetBSD RCS IDs to all of the files. | 13 | # 2. After the import, add NetBSD RCS IDs to all of the files. | |
14 | # | 14 | # | |
15 | # A few notes on the format of this file (for the benefit of | 15 | # A few notes on the format of this file (for the benefit of | |
16 | # 3rdparty2html): | 16 | # 3rdparty2html): | |
17 | # | 17 | # | |
18 | # 1.) Any line whose first non-whitespace character is # is a comment; | 18 | # 1.) Any line whose first non-whitespace character is # is a comment; | |
19 | # 2.) Entries are separated by blank lines; | 19 | # 2.) Entries are separated by blank lines; | |
20 | # 3.) Every package needs at least the Package, Version, Current Vers, | 20 | # 3.) Every package needs at least the Package, Version, Current Vers, | |
21 | # and Maintainer fields; | 21 | # and Maintainer fields; | |
22 | # 4.) Where a field has multiple lines of information, the field tag | 22 | # 4.) Where a field has multiple lines of information, the field tag | |
23 | # should be repeated on each line, except: | 23 | # should be repeated on each line, except: | |
24 | # 5.) The Notes: field tag should appear on a line by itself; all | 24 | # 5.) The Notes: field tag should appear on a line by itself; all | |
25 | # remaining lines until the end of the record are notes. | 25 | # remaining lines until the end of the record are notes. | |
26 | # | 26 | # | |
27 | # Package: name or brief description (required, must be first) | 27 | # Package: name or brief description (required, must be first) | |
28 | # Version: version that is included with NetBSD (required) | 28 | # Version: version that is included with NetBSD (required) | |
29 | # Current Vers: version that is available upstream (required) | 29 | # Current Vers: version that is available upstream (required) | |
30 | # Maintainer: name and/or email address of upstream maintainer (required) | 30 | # Maintainer: name and/or email address of upstream maintainer (required) | |
31 | # Archive Site: URL to archive of upstream releases | 31 | # Archive Site: URL to archive of upstream releases | |
32 | # Home Page: URL to web page for upstream project | 32 | # Home Page: URL to web page for upstream project | |
33 | # Mailing List: email address or URL related to upstream mailing list | 33 | # Mailing List: email address or URL related to upstream mailing list | |
34 | # License: description of license | 34 | # License: description of license | |
35 | # Responsible: comma-separated list of NetBSD developers | 35 | # Responsible: comma-separated list of NetBSD developers | |
36 | # Location: comma-separated list of subdirectories in the NetBSD src tree | 36 | # Location: comma-separated list of subdirectories in the NetBSD src tree | |
37 | # Notes: | 37 | # Notes: | |
38 | # Multiple lines of free-form text, | 38 | # Multiple lines of free-form text, | |
39 | # Must be last. | 39 | # Must be last. | |
40 | # | 40 | # | |
41 | 41 | |||
42 | Package: acpica | 42 | Package: acpica | |
43 | Version: 20131218 | 43 | Version: 20131218 | |
44 | Current Vers: 20140627 | 44 | Current Vers: 20140627 | |
45 | Maintainer: Intel | 45 | Maintainer: Intel | |
46 | Archive Site: http://www.acpica.org/downloads/ | 46 | Archive Site: http://www.acpica.org/downloads/ | |
47 | Home Page: http://www.acpica.org/ | 47 | Home Page: http://www.acpica.org/ | |
48 | Mailing List: devel@acpica.org | 48 | Mailing List: devel@acpica.org | |
49 | License: BSD-like | 49 | License: BSD-like | |
50 | Responsible: jruoho | 50 | Responsible: jruoho | |
51 | Location: sys/external/bsd/acpica/dist | 51 | Location: sys/external/bsd/acpica/dist | |
52 | Notes: | 52 | Notes: | |
53 | You want the unix2 (dual-licensed) tar file. | 53 | You want the unix2 (dual-licensed) tar file. | |
54 | Please read src/sys/dev/acpi/acpica/README before any modification. | 54 | Please read src/sys/dev/acpi/acpica/README before any modification. | |
55 | 55 | |||
56 | Package: am-utils [amd] | 56 | Package: am-utils [amd] | |
57 | Version: 6.2 | 57 | Version: 6.2 | |
58 | Current Vers: 6.2rc1 | 58 | Current Vers: 6.2rc1 | |
59 | Maintainer: Erez Zadok <ezk@cs.columbia.edu> | 59 | Maintainer: Erez Zadok <ezk@cs.columbia.edu> | |
60 | Archive Site: ftp://ftp.am-utils.org/pub/am-utils/ | 60 | Archive Site: ftp://ftp.am-utils.org/pub/am-utils/ | |
61 | Home Page: http://www.am-utils.org/ | 61 | Home Page: http://www.am-utils.org/ | |
62 | Mailing List: am-utils | 62 | Mailing List: am-utils | |
63 | Responsible: christos | 63 | Responsible: christos | |
64 | License: BSD (4-clause) | 64 | License: BSD (4-clause) | |
65 | Location: external/bsd/am-utils/dist | 65 | Location: external/bsd/am-utils/dist | |
66 | Notes: | 66 | Notes: | |
67 | Amd2netbsd script to convert to BSD make system and remove unneeded files. | 67 | Amd2netbsd script to convert to BSD make system and remove unneeded files. | |
68 | Fix symbolic links before import. | 68 | Fix symbolic links before import. | |
69 | Check external/bsd/am-utils/include/config.h is correct after import. | 69 | Check external/bsd/am-utils/include/config.h is correct after import. | |
70 | 70 | |||
71 | Package: Automated Testing Framework (ATF) | 71 | Package: Automated Testing Framework (ATF) | |
72 | Version: 0.20 | 72 | Version: 0.20 | |
73 | Current Vers: 0.20 | 73 | Current Vers: 0.20 | |
74 | Maintainer: Julio Merino <jmmv@NetBSD.org> | 74 | Maintainer: Julio Merino <jmmv@NetBSD.org> | |
75 | Archive site: https://github.com/jmmv/atf/releases | 75 | Archive site: https://github.com/jmmv/atf/releases | |
76 | Home page: https://github.com/jmmv/atf | 76 | Home page: https://github.com/jmmv/atf | |
77 | Mailing List: atf-devel@NetBSD.org | 77 | Mailing List: atf-devel@NetBSD.org | |
78 | Responsible: jmmv | 78 | Responsible: jmmv | |
79 | License: The NetBSD Foundation's license (BSD 2-clause) | 79 | License: The NetBSD Foundation's license (BSD 2-clause) | |
80 | Location: external/bsd/atf/dist | 80 | Location: external/bsd/atf/dist | |
81 | Notes: | 81 | Notes: | |
82 | The source files are in external/bsd/atf/dist. | 82 | The source files are in external/bsd/atf/dist. | |
83 | Use external/bsd/atf/prepare-import.sh to regenerate the dist/ directory. | 83 | Use external/bsd/atf/prepare-import.sh to regenerate the dist/ directory. | |
84 | Please avoid performing local changes to this package without discussing | 84 | Please avoid performing local changes to this package without discussing | |
85 | them with the responsible person and/or the mailing list shown above. | 85 | them with the responsible person and/or the mailing list shown above. | |
86 | Note that the external/bsd/atf/dist/tools is owned by NetBSD and does not | 86 | Note that the external/bsd/atf/dist/tools is owned by NetBSD and does not | |
87 | exist upstream; however, please continue to discuss any desired changes | 87 | exist upstream; however, please continue to discuss any desired changes | |
88 | upfront. | 88 | upfront. | |
89 | 89 | |||
90 | Package: ath-hal | 90 | Package: ath-hal | |
91 | Version: FreeBSD SVN revision number 185521 | 91 | Version: FreeBSD SVN revision number 185521 | |
92 | Current Vers: FreeBSD SVN revision number 185521 | 92 | Current Vers: FreeBSD SVN revision number 185521 | |
93 | Maintainer: Sam Leffler <sam@errno.com> | 93 | Maintainer: Sam Leffler <sam@errno.com> | |
94 | Archive Site: none | 94 | Archive Site: none | |
95 | Home Page: none | 95 | Home Page: none | |
96 | Mailing List: none | 96 | Mailing List: none | |
97 | Responsible: sam, alc | 97 | Responsible: sam, alc | |
98 | License: BSD-like (2-clause), ISC | 98 | License: BSD-like (2-clause), ISC | |
99 | Location: sys/external/isc/atheros_hal/dist | 99 | Location: sys/external/isc/atheros_hal/dist | |
100 | Notes: | 100 | Notes: | |
101 | 101 | |||
102 | Package: bc | 102 | Package: bc | |
103 | Version: 1.06 | 103 | Version: 1.06 | |
104 | Current Vers: 1.06 | 104 | Current Vers: 1.06 | |
105 | Maintainer: Phil Nelson <phil@cs.wwu.edu> | 105 | Maintainer: Phil Nelson <phil@cs.wwu.edu> | |
106 | Archive Site: ftp://ftp.gnu.org/gnu/bc/ | 106 | Archive Site: ftp://ftp.gnu.org/gnu/bc/ | |
107 | Home Page: http://www.gnu.org/software/bc/ | 107 | Home Page: http://www.gnu.org/software/bc/ | |
108 | Mailing List: bug-bc@gnu.org | 108 | Mailing List: bug-bc@gnu.org | |
109 | Responsible: phil, simonb | 109 | Responsible: phil, simonb | |
110 | License: GPLv2, LGPGv2.1 | 110 | License: GPLv2, LGPGv2.1 | |
111 | Location: gnu/dist/bc | 111 | Location: gnu/dist/bc | |
112 | Notes: | 112 | Notes: | |
113 | bc includes dc, both of which are in the NetBSD tree. | 113 | bc includes dc, both of which are in the NetBSD tree. | |
114 | 114 | |||
115 | Package: bind [named and utils] | 115 | Package: bind [named and utils] | |
116 | Version: 9.10.1-P1 | 116 | Version: 9.10.1-P1 | |
117 | Current Vers: 9.10.1-P1 | 117 | Current Vers: 9.10.1-P1 | |
118 | Maintainer: Paul Vixie <vixie@vix.com> | 118 | Maintainer: Paul Vixie <vixie@vix.com> | |
119 | Archive Site: ftp://ftp.isc.org/isc/bind9/ | 119 | Archive Site: ftp://ftp.isc.org/isc/bind9/ | |
120 | Home Page: http://www.isc.org/software/bind/ | 120 | Home Page: http://www.isc.org/software/bind/ | |
121 | Mailing List: https://lists.isc.org/mailman/listinfo/bind-announce | 121 | Mailing List: https://lists.isc.org/mailman/listinfo/bind-announce | |
122 | Mailing List: https://lists.isc.org/mailman/listinfo/bind-users | 122 | Mailing List: https://lists.isc.org/mailman/listinfo/bind-users | |
123 | Responsible: vixie, christos | 123 | Responsible: vixie, christos | |
124 | License: BSD-like (2-clause) | 124 | License: BSD-like (2-clause) | |
125 | Location: external/bsd/bind/dist | 125 | Location: external/bsd/bind/dist | |
126 | Notes: | 126 | Notes: | |
127 | First bind2netbsd script to import into src/external/bsd/bind/dist. | 127 | First bind2netbsd script to import into src/external/bsd/bind/dist. | |
128 | The Makefiles in src/external/bsd/bind are not handled by the script. | 128 | The Makefiles in src/external/bsd/bind are not handled by the script. | |
129 | Build bind to generate the include files. | 129 | Build bind to generate the include files. | |
130 | Then binclude4netbsd script to import into src/external/bsd/bind/include. | 130 | Then binclude4netbsd script to import into src/external/bsd/bind/include. | |
131 | The libc and include parts of the resolver are now part of libbind. | 131 | The libc and include parts of the resolver are now part of libbind. | |
132 | 132 | |||
133 | Package: libbind [libc resolver and includes] | 133 | Package: libbind [libc resolver and includes] | |
134 | Version: libbind-6.0-rc1 | 134 | Version: libbind-6.0-rc1 | |
135 | Current Vers: libbind-6.0 | 135 | Current Vers: libbind-6.0 | |
136 | Maintainer: Paul Vixie <vixie@vix.com> | 136 | Maintainer: Paul Vixie <vixie@vix.com> | |
137 | Archive Site: ftp://ftp.isc.org/isc/libbind/ | 137 | Archive Site: ftp://ftp.isc.org/isc/libbind/ | |
138 | Home Page: http://www.isc.org/software/libbind/ | 138 | Home Page: http://www.isc.org/software/libbind/ | |
139 | Mailing List: https://lists.isc.org/mailman/listinfo/bind-workers | 139 | Mailing List: https://lists.isc.org/mailman/listinfo/bind-workers | |
140 | Responsible: vixie, christos | 140 | Responsible: vixie, christos | |
141 | License: BSD-like (2-clause) | 141 | License: BSD-like (2-clause) | |
142 | Location: external/bsd/libbind/dist | 142 | Location: external/bsd/libbind/dist | |
143 | Notes: | 143 | Notes: | |
144 | First libbind2netbsd script to import into src/external/bsd/libbind/dist. | 144 | First libbind2netbsd script to import into src/external/bsd/libbind/dist. | |
145 | Then include4netbsd script to import into src/include. | 145 | Then include4netbsd script to import into src/include. | |
146 | Then libc4netbsd script to update the resolver in libc. | 146 | Then libc4netbsd script to update the resolver in libc. | |
147 | Todo[1]: Update libresolv if needed. | 147 | Todo[1]: Update libresolv if needed. | |
148 | Todo[2]: A few files in libc/net were imported in the ISC branch but now | 148 | Todo[2]: A few files in libc/net were imported in the ISC branch but now | |
149 | they are too different or do not exist anymore: | 149 | they are too different or do not exist anymore: | |
150 | gethnamaddr.c getnetent.c getnetnamadr.c sethostent.c | 150 | gethnamaddr.c getnetent.c getnetnamadr.c sethostent.c | |
151 | Others like getaddrinfo.c could be merged with isc, but it seems | 151 | Others like getaddrinfo.c could be merged with isc, but it seems | |
152 | that ours is from a more recent version of KAME? | 152 | that ours is from a more recent version of KAME? | |
153 | Todo[3]: net/base64.c is imported from bind but should be moved from net | 153 | Todo[3]: net/base64.c is imported from bind but should be moved from net | |
154 | to isc/base64.c. | 154 | to isc/base64.c. | |
155 | Todo[4]: Re-entrant functions of net/* | 155 | Todo[4]: Re-entrant functions of net/* | |
156 | Todo[5]: Reconcile the doc directory. | 156 | Todo[5]: Reconcile the doc directory. | |
157 | 157 | |||
158 | Package: binutils | 158 | Package: binutils | |
159 | Version: 2.23.2 | 159 | Version: 2.23.2 | |
160 | Current Vers: 2.24 | 160 | Current Vers: 2.24 | |
161 | Maintainer: FSF | 161 | Maintainer: FSF | |
162 | Archive Site: ftp://ftp.gnu.org/gnu/binutils/ | 162 | Archive Site: ftp://ftp.gnu.org/gnu/binutils/ | |
163 | Home Page: http://www.gnu.org/software/binutils/ | 163 | Home Page: http://www.gnu.org/software/binutils/ | |
164 | Mailing List: bug-gnu-utils@gnu.org | 164 | Mailing List: bug-gnu-utils@gnu.org | |
165 | Responsible: thorpej, mrg | 165 | Responsible: thorpej, mrg | |
166 | License: GPLv3, LGPLv3, GPLv2, LGPLv2, BSD | 166 | License: GPLv3, LGPLv3, GPLv2, LGPLv2, BSD | |
167 | Location: external/gpl3/binutils/dist | 167 | Location: external/gpl3/binutils/dist | |
168 | Notes: | 168 | Notes: | |
169 | 169 | |||
170 | Package: bozohttpd | 170 | Package: bozohttpd | |
171 | Version: 20100617 | 171 | Version: 20100617 | |
172 | Current Vers: 20100617 | 172 | Current Vers: 20100617 | |
173 | Maintainer: mrg@eterna.com.au | 173 | Maintainer: mrg@eterna.com.au | |
174 | Archive Site: ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/LOCAL_PORTS/ | 174 | Archive Site: ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/LOCAL_PORTS/ | |
175 | Home Page: http://eterna.com.au/bozohttpd/ | 175 | Home Page: http://eterna.com.au/bozohttpd/ | |
176 | Mailing List: | 176 | Mailing List: | |
177 | Responsible: mrg | 177 | Responsible: mrg | |
178 | License: BSD | 178 | License: BSD | |
179 | Location: libexec/httpd | 179 | Location: libexec/httpd | |
180 | Notes: | 180 | Notes: | |
181 | Delete "queue.h" from the distribution. | 181 | Delete "queue.h" from the distribution. | |
182 | 182 | |||
183 | Package: bsd-family-tree | 183 | Package: bsd-family-tree | |
184 | Version: 1.151 | 184 | Version: 1.151 | |
185 | Current Vers: 1.156 | 185 | Current Vers: 1.156 | |
186 | Maintainer: The FreeBSD Project | 186 | Maintainer: The FreeBSD Project | |
187 | Archive Site: http://www.freebsd.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree | 187 | Archive Site: http://www.freebsd.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree | |
188 | Home Page: http://www.freebsd.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree | 188 | Home Page: http://www.freebsd.org/cgi/cvsweb.cgi/src/share/misc/bsd-family-tree | |
189 | Mailing List: | 189 | Mailing List: | |
190 | Responsible: | 190 | Responsible: | |
191 | License: BSD (2-clause) (see http://www.freebsd.org/cgi/cvsweb.cgi/src/COPYRIGHT) | 191 | License: BSD (2-clause) (see http://www.freebsd.org/cgi/cvsweb.cgi/src/COPYRIGHT) | |
192 | Location: share/misc/bsd-family-tree | 192 | Location: share/misc/bsd-family-tree | |
193 | Notes: | 193 | Notes: | |
194 | Please send all updates upstream. Eitan Adler <lists@eitanadler.com> | 194 | Please send all updates upstream. Eitan Adler <lists@eitanadler.com> | |
195 | is a FreeBSD committer who has been helpful with incorporating changes | 195 | is a FreeBSD committer who has been helpful with incorporating changes | |
196 | in the past. | 196 | in the past. | |
197 | 197 | |||
198 | Package: byacc | 198 | Package: byacc | |
199 | Version: 20130304 | 199 | Version: 20130304 | |
200 | Current Vers: 20130925 | 200 | Current Vers: 20130925 | |
201 | Maintainer: Thomas Dickey <dickey@invisible-island.net> | 201 | Maintainer: Thomas Dickey <dickey@invisible-island.net> | |
202 | Archive Site: http://www.invisible-island.net/byacc/byacc.html | 202 | Archive Site: http://www.invisible-island.net/byacc/byacc.html | |
203 | Home Page: http://www.invisible-island.net/byacc/byacc.html | 203 | Home Page: http://www.invisible-island.net/byacc/byacc.html | |
204 | Mailing List: | 204 | Mailing List: | |
205 | Responsible: christos | 205 | Responsible: christos | |
206 | License: Public Domain | 206 | License: Public Domain | |
207 | Location: external/bsd/byacc/dist | 207 | Location: external/bsd/byacc/dist | |
208 | Notes: | 208 | Notes: | |
209 | See /usr/src/external/bsd/byacc/byacc2netbsd for update instructions. | 209 | See /usr/src/external/bsd/byacc/byacc2netbsd for update instructions. | |
210 | 210 | |||
211 | Package: bzip2 | 211 | Package: bzip2 | |
212 | Version: 1.0.6 | 212 | Version: 1.0.6 | |
213 | Current Vers: 1.0.6 | 213 | Current Vers: 1.0.6 | |
214 | Maintainer: Julian Seward <jseward@acm.org> | 214 | Maintainer: Julian Seward <jseward@acm.org> | |
215 | Archive Site: http://sources.redhat.com/bzip2/ | 215 | Archive Site: http://sources.redhat.com/bzip2/ | |
216 | Home Page: http://www.bzip.org/ | 216 | Home Page: http://www.bzip.org/ | |
217 | Mailing List: | 217 | Mailing List: | |
218 | Responsible: | 218 | Responsible: | |
219 | License: BSD (4-clause) | 219 | License: BSD (4-clause) | |
220 | Location: external/bsd/bzip2 | 220 | Location: external/bsd/bzip2 | |
221 | Notes: | 221 | Notes: | |
222 | See /usr/src/external/bsd/bzip2/bzip2netbsd for update instructions. | 222 | See /usr/src/external/bsd/bzip2/bzip2netbsd for update instructions. | |
223 | 223 | |||
224 | Package: Citrus XPG4DL | 224 | Package: Citrus XPG4DL | |
225 | Version: | 225 | Version: | |
226 | Current Vers: | 226 | Current Vers: | |
227 | Maintainer: Citrus | 227 | Maintainer: Citrus | |
228 | Archive Site: http://citrus.bsdclub.org/ | 228 | Archive Site: http://citrus.bsdclub.org/ | |
229 | Home Page: http://citrus.bsdclub.org/ | 229 | Home Page: http://citrus.bsdclub.org/ | |
230 | Mailing List: bsd-locale@hauN.org | 230 | Mailing List: bsd-locale@hauN.org | |
231 | Responsible: tshiozak | 231 | Responsible: tshiozak | |
232 | License: Ambiguous. Either BSD or Perl Artistic License | 232 | License: Ambiguous. Either BSD or Perl Artistic License | |
233 | See http://citrus.bsdclub.org/#pol_license for more info. | 233 | See http://citrus.bsdclub.org/#pol_license for more info. | |
234 | Location: lib | 234 | Location: lib | |
235 | Notes: | 235 | Notes: | |
236 | language C multilingualization support suite using wchar_t and other standards. | 236 | language C multilingualization support suite using wchar_t and other standards. | |
237 | The main development playground of Citrus is in NetBSD CVS, so you don't | 237 | The main development playground of Citrus is in NetBSD CVS, so you don't | |
238 | need to look for other CVS tree (like citrus CVS tree) | 238 | need to look for other CVS tree (like citrus CVS tree) | |
239 | main trunc has Citrus code in the following places: | 239 | main trunc has Citrus code in the following places: | |
240 | - src/lib/libc/locale, LC_CTYPE: single/multibyte support | 240 | - src/lib/libc/locale, LC_CTYPE: single/multibyte support | |
241 | - src/lib/libintl: GNU libc compatible gettext(3) implementation. | 241 | - src/lib/libintl: GNU libc compatible gettext(3) implementation. | |
242 | - src/lib/libc/citrus: multibyte LC_CTYPE handling and iconv(3) lower layer | 242 | - src/lib/libc/citrus: multibyte LC_CTYPE handling and iconv(3) lower layer | |
243 | - src/lib/libc/iconv: iconv(3) | 243 | - src/lib/libc/iconv: iconv(3) | |
244 | 244 | |||
245 | Package: cron | 245 | Package: cron | |
246 | Version: 4.1 | 246 | Version: 4.1 | |
247 | Current Vers: 4.1 | 247 | Current Vers: 4.1 | |
248 | Maintainer: Paul Vixie <vixie@vix.com> | 248 | Maintainer: Paul Vixie <vixie@vix.com> | |
249 | Archive Site: ftp://ftp.isc.org/isc/cron/ | 249 | Archive Site: ftp://ftp.isc.org/isc/cron/ | |
250 | Home Page: | 250 | Home Page: | |
251 | Mailing List: | 251 | Mailing List: | |
252 | Responsible: | 252 | Responsible: | |
253 | License: BSD-like | 253 | License: BSD-like | |
254 | Location: external/bsd/cron/dist | 254 | Location: external/bsd/cron/dist | |
255 | Notes: | 255 | Notes: | |
256 | 256 | |||
257 | Package: cvs | 257 | Package: cvs | |
258 | Version: 1.12.13 | 258 | Version: 1.12.13 | |
259 | Current Vers: 1.12.13 | 259 | Current Vers: 1.12.13 | |
260 | Maintainer: cvshome | 260 | Maintainer: cvshome | |
261 | Archive Site: http://ftp.gnu.org/non-gnu/cvs/ | 261 | Archive Site: http://ftp.gnu.org/non-gnu/cvs/ | |
262 | Home Page: http://cvs.nongnu.org/ | 262 | Home Page: http://cvs.nongnu.org/ | |
263 | Mailing List: bug-cvs@gnu.org | 263 | Mailing List: bug-cvs@gnu.org | |
264 | Responsible: christos | 264 | Responsible: christos | |
265 | License: GPLv1, LGPLv2 | 265 | License: GPLv1, LGPLv2 | |
266 | Location: external/gpl2/xcvs/dist | 266 | Location: external/gpl2/xcvs/dist | |
267 | Notes: | 267 | Notes: | |
268 | Use external/gpl2/xcvs/dist/cvs2netbsd for preparing the source tree | 268 | Use external/gpl2/xcvs/dist/cvs2netbsd for preparing the source tree | |
269 | for the import. | 269 | for the import. | |
270 | Do not forget to update external/gpl2/xcvs/include/config.h to match | 270 | Do not forget to update external/gpl2/xcvs/include/config.h to match | |
271 | external/gpl2/xcvs/dist/config.h.in. | 271 | external/gpl2/xcvs/dist/config.h.in. | |
272 | 272 | |||
273 | Package: db | 273 | Package: db | |
274 | Version: 1.85 | 274 | Version: 1.85 | |
275 | Current Vers: 1.86/4.7.25 | 275 | Current Vers: 1.86/4.7.25 | |
276 | Maintainer: Keith Bostic <bostic@vangogh.cs.berkeley.edu> | 276 | Maintainer: Keith Bostic <bostic@vangogh.cs.berkeley.edu> | |
277 | Archive Site: http://www.oracle.com/technology/software/products/berkeley-db/ | 277 | Archive Site: http://www.oracle.com/technology/software/products/berkeley-db/ | |
278 | Home Page: http://www.oracle.com/database/berkeley-db/ | 278 | Home Page: http://www.oracle.com/database/berkeley-db/ | |
279 | Mailing List: | 279 | Mailing List: | |
280 | Responsible: | 280 | Responsible: | |
281 | License: BSD or Oracle Commercial License | 281 | License: BSD or Oracle Commercial License | |
282 | Location: lib/libc/db | 282 | Location: lib/libc/db | |
283 | Notes: | 283 | Notes: | |
284 | Note that we cannot use db 2.x for license reasons. | 284 | Note that we cannot use db 2.x for license reasons. | |
285 | Three bug fixes against 1.85 sent back to bostic. Changes to | 285 | Three bug fixes against 1.85 sent back to bostic. Changes to | |
286 | man/recno.3, hash/hsearch.c, and hash/ndbm.c (serious). | 286 | man/recno.3, hash/hsearch.c, and hash/ndbm.c (serious). | |
287 | Import of DB 1.85 was done via a sh script which converted the | 287 | Import of DB 1.85 was done via a sh script which converted the | |
288 | distribution into the netbsd format. The script can be found in | 288 | distribution into the netbsd format. The script can be found in | |
289 | src/lib/libc/db/db2netbsd. | 289 | src/lib/libc/db/db2netbsd. | |
290 | 290 | |||
291 | Package: dhcp | 291 | Package: dhcp | |
292 | Version: 4.3.0 | 292 | Version: 4.3.0 | |
293 | Current Vers: 4.3.0 | 293 | Current Vers: 4.3.0 | |
294 | Maintainer: mellon | 294 | Maintainer: mellon | |
295 | Archive Site: ftp://ftp.isc.org/isc/dhcp/ | 295 | Archive Site: ftp://ftp.isc.org/isc/dhcp/ | |
296 | Home Page: http://www.isc.org/software/dhcp/ | 296 | Home Page: http://www.isc.org/software/dhcp/ | |
297 | Mailing List: dhcp-server@isc.org | 297 | Mailing List: dhcp-server@isc.org | |
298 | Mailing List: dhcp-client@isc.org | 298 | Mailing List: dhcp-client@isc.org | |
299 | Mailing List: dhcp-announce@isc.org | 299 | Mailing List: dhcp-announce@isc.org | |
300 | Mailing List: dhcp-bugs@isc.org | 300 | Mailing List: dhcp-bugs@isc.org | |
301 | Responsible: mellon | 301 | Responsible: mellon | |
302 | License: BSD (3-clause) | 302 | License: BSD (3-clause) | |
303 | Location: external/bsd/dhcp | 303 | Location: external/bsd/dhcp | |
304 | Notes: | 304 | Notes: | |
305 | Use the dhcp2netbsd script. | 305 | Use the dhcp2netbsd script. | |
306 | 306 | |||
307 | Package: dhcpcd | 307 | Package: dhcpcd | |
308 | Version: 6.7.1 | 308 | Version: 6.7.1 | |
309 | Current Vers: 6.7.1 | 309 | Current Vers: 6.7.1 | |
310 | Maintainer: roy | 310 | Maintainer: roy | |
311 | Archive Site: ftp://roy.marples.name/pub/dhcpcd/ | 311 | Archive Site: ftp://roy.marples.name/pub/dhcpcd/ | |
312 | Home Page: http://roy.marples.name/projects/dhcpcd/ | 312 | Home Page: http://roy.marples.name/projects/dhcpcd/ | |
313 | Mailing List: dhcpcd-discuss@marples.name | 313 | Mailing List: dhcpcd-discuss@marples.name | |
314 | License: BSD (2-clause) | 314 | License: BSD (2-clause) | |
315 | Location: external/bsd/dhcpcd/dist | 315 | Location: external/bsd/dhcpcd/dist | |
316 | Notes: | 316 | Notes: | |
317 | Please submit all changes to the author. | 317 | Please submit all changes to the author. | |
318 | The distribution doesn't include the Linux specific bits or build system. | 318 | The distribution doesn't include the Linux specific bits or build system. | |
319 | 319 | |||
320 | Package: diffutils | 320 | Package: diffutils | |
321 | Version: 2.8.1 | 321 | Version: 2.8.1 | |
322 | Current Vers: 3.3 | 322 | Current Vers: 3.3 | |
323 | Maintainer: FSF | 323 | Maintainer: FSF | |
324 | Archive Site: ftp://ftp.gnu.org/gnu/diffutils/ | 324 | Archive Site: ftp://ftp.gnu.org/gnu/diffutils/ | |
325 | Home Page: http://www.gnu.org/software/diffutils/ | 325 | Home Page: http://www.gnu.org/software/diffutils/ | |
326 | Mailing List: bug-diffutils@gnu.org | 326 | Mailing List: bug-diffutils@gnu.org | |
327 | Responsible: | 327 | Responsible: | |
328 | License: GPLv2+ (2.8.1), GPLv3+ (2.9 and later) | 328 | License: GPLv2+ (2.8.1), GPLv3+ (2.9 and later) | |
329 | Location: gnu/dist/diffutils | 329 | Location: gnu/dist/diffutils | |
330 | Notes: | 330 | Notes: | |
331 | Use src/gnu/dist/diffutils/diffutils2netbsd for preparing the source tree | 331 | Use src/gnu/dist/diffutils/diffutils2netbsd for preparing the source tree | |
332 | for the import. | 332 | for the import. | |
333 | 333 | |||
334 | Package: ekermit | 334 | Package: ekermit | |
335 | Version: 1.7 | 335 | Version: 1.7 | |
336 | Current Vers: 1.7 | 336 | Current Vers: 1.7 | |
337 | Maintainer: Kermit Project | 337 | Maintainer: Kermit Project | |
338 | Archive Site: ftp://ftp.kermitproject.org/kermit/ekermit/ | 338 | Archive Site: ftp://ftp.kermitproject.org/kermit/ekermit/ | |
339 | Home Page: http://www.kermitproject.org/ek.html | 339 | Home Page: http://www.kermitproject.org/ek.html | |
340 | Mailing List: | 340 | Mailing List: | |
341 | Responsible: apb | 341 | Responsible: apb | |
342 | License: BSD (3 clause) | 342 | License: BSD (3 clause) | |
343 | Location: external/bsd/ekermit | 343 | Location: external/bsd/ekermit | |
344 | Notes: | 344 | Notes: | |
345 | 345 | |||
346 | Package: expat | 346 | Package: expat | |
347 | Version: 2.1.0 | 347 | Version: 2.1.0 | |
348 | Current Vers: 2.1.0 | 348 | Current Vers: 2.1.0 | |
349 | Maintainer: mrg | 349 | Maintainer: mrg | |
350 | Archive Site: http://sourceforge.net/projects/expat/files/expat/ | 350 | Archive Site: http://sourceforge.net/projects/expat/files/expat/ | |
351 | Home Page: http://www.libexpat.org/ | 351 | Home Page: http://www.libexpat.org/ | |
352 | Mailing List: expat-discuss@libexpat.org | 352 | Mailing List: expat-discuss@libexpat.org | |
353 | Responsible: | 353 | Responsible: | |
354 | License: MIT | 354 | License: MIT | |
355 | Location: src/external/mit/expat/dist | 355 | Location: src/external/mit/expat/dist | |
356 | Notes: | 356 | Notes: | |
357 | Please use "expat" as the vendor tag for CVS imports. | 357 | Please use "expat" as the vendor tag for CVS imports. | |
358 | 358 | |||
359 | Package: file | 359 | Package: file | |
360 | Version: 5.19 | 360 | Version: 5.19 | |
361 | Current Vers: 5.19 | 361 | Current Vers: 5.19 | |
362 | Maintainer: Christos Zoulas <christos@zoulas.com> | 362 | Maintainer: Christos Zoulas <christos@zoulas.com> | |
363 | Archive Site: ftp://ftp.astron.com/pub/file/ | 363 | Archive Site: ftp://ftp.astron.com/pub/file/ | |
364 | Home Page: http://www.darwinsys.com/file/ | 364 | Home Page: http://www.darwinsys.com/file/ | |
365 | Mailing List: file@mx.gw.com | 365 | Mailing List: file@mx.gw.com | |
366 | Responsible: christos, pooka | 366 | Responsible: christos, pooka | |
367 | License: BSD (2-clause) | 367 | License: BSD (2-clause) | |
368 | Location: external/bsd/file/dist | 368 | Location: external/bsd/file/dist | |
369 | Notes: | 369 | Notes: | |
370 | use file2netbsd | 370 | use file2netbsd | |
371 | 371 | |||
372 | Package: flex | 372 | Package: flex | |
373 | Version: 2.5.37 | 373 | Version: 2.5.37 | |
374 | Current Vers: 2.5.37 | 374 | Current Vers: 2.5.37 | |
375 | Maintainer: Will Estes <wlestes@users.sourceforge.net> | 375 | Maintainer: Will Estes <wlestes@users.sourceforge.net> | |
376 | Archive Site: http://flex.sourceforge.net/ | 376 | Archive Site: http://flex.sourceforge.net/ | |
377 | Home Page: http://flex.sourceforge.net/ | 377 | Home Page: http://flex.sourceforge.net/ | |
378 | Mailing List: http://lists.sourceforge.net/mailman/listinfo/flex-announce | 378 | Mailing List: http://lists.sourceforge.net/mailman/listinfo/flex-announce | |
379 | Responsible: | 379 | Responsible: | |
380 | License: BSD-like | 380 | License: BSD-like | |
381 | Location: external/bsd/flex/dist | 381 | Location: external/bsd/flex/dist | |
382 | Notes: | 382 | Notes: | |
383 | There is a flex2netbsd script to help newer imports. | 383 | There is a flex2netbsd script to help newer imports. | |
384 | 384 | |||
385 | Package: gcc | 385 | Package: gcc | |
386 | Version: 4.1.3-20080831/4.5.4/4.8.3 | 386 | Version: 4.1.3-20080831/4.5.4/4.8.3 | |
387 | Current Vers: 4.8.3 | 387 | Current Vers: 4.8.3 | |
388 | Maintainer: FSF | 388 | Maintainer: FSF | |
389 | Archive Site: ftp://ftp.gnu.org/gnu/gcc/ | 389 | Archive Site: ftp://ftp.gnu.org/gnu/gcc/ | |
390 | Home Page: http://www.gnu.org/software/gcc/ | 390 | Home Page: http://www.gnu.org/software/gcc/ | |
391 | Mailing List: gcc-bugs@gnu.org | 391 | Mailing List: gcc-bugs@gnu.org | |
392 | Responsible: thorpej, mrg | 392 | Responsible: thorpej, mrg | |
393 | License: GPLv3, LGPLv3.1 | 393 | License: GPLv3, LGPLv3.1 | |
394 | Location: gnu/dist/gcc4 | 394 | Location: gnu/dist/gcc4 | |
395 | Location: external/gpl3/gcc.old/dist | 395 | Location: external/gpl3/gcc.old/dist | |
396 | Location: external/gpl3/gcc/dist | 396 | Location: external/gpl3/gcc/dist | |
397 | Notes: | 397 | Notes: | |
398 | As of April 2014, there are three versions of gcc in the NetBSD tree. | 398 | As of April 2014, there are three versions of gcc in the NetBSD tree. | |
399 | In the long term, we expect that there will often be two versions, | 399 | In the long term, we expect that there will often be two versions, | |
400 | in the "gcc" and "gcc.old" directories. Having two versions allows | 400 | in the "gcc" and "gcc.old" directories. Having two versions allows | |
401 | migration from one version of gcc to another to happen for one port | 401 | migration from one version of gcc to another to happen for one port | |
402 | at a time, instead of for all ports simultaneously. | 402 | at a time, instead of for all ports simultaneously. | |
403 | When importing a new version of external/gpl3/gcc.old: | 403 | When importing a new version of external/gpl3/gcc.old: | |
404 | - copy the current version of external/gpl3/gcc | 404 | - copy the current version of external/gpl3/gcc | |
405 | - import it to a "NETBSD" vendor branch in externalgpl3/gcc.old | 405 | - import it to a "NETBSD" vendor branch in externalgpl3/gcc.old | |
406 | Before importing a new version of external/gpl3/gcc: | 406 | Before importing a new version of external/gpl3/gcc: | |
407 | - delete all .cvsignore and .gitignore files | 407 | - delete all .cvsignore and .gitignore files | |
408 | - delete java ada fortran their libraries and testsuites | 408 | - delete java ada fortran their libraries and testsuites | |
409 | - delete libffi zlib boehm-gc | 409 | - delete libffi zlib boehm-gc | |
410 | - update gcc/version.c for the NetBSD GCC date | 410 | - update gcc/version.c for the NetBSD GCC date | |
411 | - use core/c++/objc/testsuite tarballs | 411 | - use core/c++/objc/testsuite tarballs | |
412 | - you can use the gcc2netbsd script for the above (except version) | 412 | - you can use the gcc2netbsd script for the above (except version) | |
413 | 413 | |||
414 | Package: gdb | 414 | Package: gdb | |
415 | Version: 7.7.1 | 415 | Version: 7.7.1 | |
416 | Current Vers: 7.7.1 | 416 | Current Vers: 7.7.1 | |
417 | Maintainer: FSF | 417 | Maintainer: FSF | |
418 | Archive Site: ftp://ftp.gnu.org/gnu/gdb/ | 418 | Archive Site: ftp://ftp.gnu.org/gnu/gdb/ | |
419 | Home Page: http://www.gnu.org/software/gdb/ | 419 | Home Page: http://www.gnu.org/software/gdb/ | |
420 | Mailing List: bug-gdb@gnu.org | 420 | Mailing List: bug-gdb@gnu.org | |
421 | Responsible: christos | 421 | Responsible: christos | |
422 | License: GPLv3, LGPLv3.1 | 422 | License: GPLv3, LGPLv3.1 | |
423 | Location: external/gpl3/gdb/dist | 423 | Location: external/gpl3/gdb/dist | |
424 | Notes: | 424 | Notes: | |
425 | When updating GDB, it is imperative to test that: | 425 | When updating GDB, it is imperative to test that: | |
426 | - Debugging of kernel cores ("target kvm") works correctly | 426 | - Debugging of kernel cores ("target kvm") works correctly | |
427 | - Support for our kernel's remote serial debugging protocol | 427 | - Support for our kernel's remote serial debugging protocol | |
428 | ("options KGDB") works correctly. | 428 | ("options KGDB") works correctly. | |
429 | 429 | |||
430 | Package: gdtoa | 430 | Package: gdtoa | |
431 | Version: 2011-03-19 | 431 | Version: 2011-03-19 | |
432 | Current Vers: $(date) | 432 | Current Vers: $(date) | |
433 | Maintainer: David M. Gay <dmg@acm.org> | 433 | Maintainer: David M. Gay <dmg@acm.org> | |
434 | Archive Site: http://www.netlib.org/fp/ | 434 | Archive Site: http://www.netlib.org/fp/ | |
435 | Home Page: http://www.netlib.org/fp/ | 435 | Home Page: http://www.netlib.org/fp/ | |
436 | Mailing List: none | 436 | Mailing List: none | |
437 | Responsible: kleink | 437 | Responsible: kleink | |
438 | License: BSD-like | 438 | License: BSD-like | |
439 | Location: lib/libc/gdtoa | 439 | Location: lib/libc/gdtoa | |
440 | Notes: | 440 | Notes: | |
441 | Test suite integrated at this time, but not built (and fails to run). | 441 | Test suite integrated at this time, but not built (and fails to run). | |
442 | No hexadecimal floating-point string conversion for VAX FP yet. | 442 | No hexadecimal floating-point string conversion for VAX FP yet. | |
443 | Only double-precision addressed at this time. | 443 | Only double-precision addressed at this time. | |
444 | 444 | |||
445 | Package: gettext | 445 | Package: gettext | |
446 | Version: 0.14.4 | 446 | Version: 0.14.4 | |
447 | Current Vers: 0.18 | 447 | Current Vers: 0.18 | |
448 | Maintainer: FSF | 448 | Maintainer: FSF | |
449 | Archive Site: ftp://ftp.gnu.org/gnu/gettext/ | 449 | Archive Site: ftp://ftp.gnu.org/gnu/gettext/ | |
450 | Home Page: http://www.gnu.org/software/gettext/ | 450 | Home Page: http://www.gnu.org/software/gettext/ | |
451 | Mailing List: bug-gnu-utils@gnu.org | 451 | Mailing List: bug-gnu-utils@gnu.org | |
452 | Responsible: | 452 | Responsible: | |
453 | License: GPLv2 | 453 | License: GPLv2 | |
454 | Location: gnu/dist/gettext | 454 | Location: gnu/dist/gettext | |
455 | Notes: | 455 | Notes: | |
456 | GNU gettext is used for userland tools like msgfmt(1) only. For libintl, | 456 | GNU gettext is used for userland tools like msgfmt(1) only. For libintl, | |
457 | we use BSD-licensed implementation from Citrus project (see entry for | 457 | we use BSD-licensed implementation from Citrus project (see entry for | |
458 | "Citrus XPG4DL"). We hope to replace userland tools with BSD-licensed one. | 458 | "Citrus XPG4DL"). We hope to replace userland tools with BSD-licensed one. | |
459 | 459 | |||
460 | Package: grep | 460 | Package: grep | |
461 | Version: 2.5.1 | 461 | Version: 2.5.1 | |
462 | Current Vers: 2.19 | 462 | Current Vers: 2.19 | |
463 | Maintainer: FSF | 463 | Maintainer: FSF | |
464 | Archive Site: ftp://ftp.gnu.org/gnu/grep/ | 464 | Archive Site: ftp://ftp.gnu.org/gnu/grep/ | |
465 | Home Page: http://www.gnu.org/software/grep/ | 465 | Home Page: http://www.gnu.org/software/grep/ | |
466 | Mailing List: bug-gnu-utils@gnu.org | 466 | Mailing List: bug-gnu-utils@gnu.org | |
467 | Responsible: simonb | 467 | Responsible: simonb | |
468 | License: GPLv2+ (2.5.1), GPLv3+ (2.5.3 and later) | 468 | License: GPLv2+ (2.5.1), GPLv3+ (2.5.3 and later) | |
469 | Location: gnu/dist/grep | 469 | Location: gnu/dist/grep | |
470 | Notes: | 470 | Notes: | |
471 | Use src/gnu/dist/grep/grep2netbsd for preparing the source tree | 471 | Use src/gnu/dist/grep/grep2netbsd for preparing the source tree | |
472 | for the import. | 472 | for the import. | |
473 | On 2 Jan 2004, a non-GNU grep (FreeGrep, https://github.com/howardjp/freegrep; | 473 | On 2 Jan 2004, a non-GNU grep (FreeGrep, https://github.com/howardjp/freegrep; | |
474 | see also http://www.monkey.org/openbsd/archive/tech/0306/msg00129.html) | 474 | see also http://www.monkey.org/openbsd/archive/tech/0306/msg00129.html) | |
475 | was imported into src/usr.bin/grep; | 475 | was imported into src/usr.bin/grep; | |
476 | on 16 Feb 2011, the BSD grep implementation from FreeBSD was imported | 476 | on 16 Feb 2011, the BSD grep implementation from FreeBSD was imported | |
477 | in src/usr.bin/grep, replacing FreeGrep | 477 | in src/usr.bin/grep, replacing FreeGrep | |
478 | (http://mail-index.NetBSD.org/source-changes/2011/02/16/msg018643.html). | 478 | (http://mail-index.NetBSD.org/source-changes/2011/02/16/msg018643.html). | |
479 | 479 | |||
480 | Package: groff | 480 | Package: groff | |
481 | Version: 1.19.2 | 481 | Version: 1.19.2 | |
482 | Current Vers: 1.22.2 | 482 | Current Vers: 1.22.2 | |
483 | Maintainer: Werner Lemberg/FSF | 483 | Maintainer: Werner Lemberg/FSF | |
484 | Archive Site: ftp://ftp.gnu.org/gnu/groff/ | 484 | Archive Site: ftp://ftp.gnu.org/gnu/groff/ | |
485 | Home Page: http://www.gnu.org/software/groff/ | 485 | Home Page: http://www.gnu.org/software/groff/ | |
486 | Mailing List: bug-groff@gnu.org | 486 | Mailing List: bug-groff@gnu.org | |
487 | Responsible: | 487 | Responsible: | |
488 | License: GPLv2 | 488 | License: GPLv2 | |
489 | Location: gnu/dist/groff | 489 | Location: gnu/dist/groff | |
490 | Notes: | 490 | Notes: | |
491 | Use groff2netbsd from src/gnu/dist/groff to prepare the distribution | 491 | Use groff2netbsd from src/gnu/dist/groff to prepare the distribution | |
492 | for import. | 492 | for import. | |
493 | 493 | |||
494 | Package: heimdal | 494 | Package: heimdal | |
495 | Version: 1.5.3 | 495 | Version: 1.5.3 | |
496 | Current Vers: 1.5.3 | 496 | Current Vers: 1.5.3 | |
497 | Maintainer: Heimdal <heimdal@pdc.kth.se> | 497 | Maintainer: Heimdal <heimdal@pdc.kth.se> | |
498 | Archive Site: ftp://ftp.pdc.kth.se/pub/heimdal/src/ | 498 | Archive Site: ftp://ftp.pdc.kth.se/pub/heimdal/src/ | |
499 | Home Page: http://www.pdc.kth.se/heimdal/ | 499 | Home Page: http://www.pdc.kth.se/heimdal/ | |
500 | Mailing List: heimdal-discuss@pdc.kth.se | 500 | Mailing List: heimdal-discuss@pdc.kth.se | |
501 | Responsible: joda, lha | 501 | Responsible: joda, lha | |
502 | License: BSD | 502 | License: BSD | |
503 | Location: crypto/external/bsd/heimdal/dist | 503 | Location: crypto/external/bsd/heimdal/dist | |
504 | Notes: | 504 | Notes: | |
505 | 505 | |||
506 | Package: hunt | 506 | Package: hunt | |
507 | Version: 2003-04-16 | 507 | Version: 2003-04-16 | |
508 | Current Vers: 2003-04-16 | 508 | Current Vers: 2003-04-16 | |
509 | Maintainer: Greg Couch <gregc@cgl.ucsf.edu> | 509 | Maintainer: Greg Couch <gregc@cgl.ucsf.edu> | |
510 | Archive Site: ftp://ftp.cgl.ucsf.edu/pub/hunt.shar.Z | 510 | Archive Site: ftp://ftp.cgl.ucsf.edu/pub/hunt.shar.Z | |
511 | Home Page: http://www.cgl.ucsf.edu/home/gregc/oss.html | 511 | Home Page: http://www.cgl.ucsf.edu/home/gregc/oss.html | |
512 | Responsible: mrg | 512 | Responsible: mrg | |
513 | License: BSD (3-clause) | 513 | License: BSD (3-clause) | |
514 | Location: games/hunt | 514 | Location: games/hunt | |
515 | Notes: | 515 | Notes: | |
516 | 516 | |||
517 | Package: ipf | 517 | Package: ipf | |
518 | Version: 5.1.1 | 518 | Version: 5.1.1 | |
519 | Current Vers: 5.1.2 | 519 | Current Vers: 5.1.2 | |
520 | Maintainer: Darren Reed | 520 | Maintainer: Darren Reed | |
521 | Archive Site: http://coombs.anu.edu.au/~avalon/ | 521 | Archive Site: http://coombs.anu.edu.au/~avalon/ | |
522 | Home Page: http://coombs.anu.edu.au/~avalon/ | 522 | Home Page: http://coombs.anu.edu.au/~avalon/ | |
523 | Mailing List: ipfilter@postbox.anu.edu.au | 523 | Mailing List: ipfilter@postbox.anu.edu.au | |
524 | Responsible: darrenr, christos | 524 | Responsible: darrenr, christos | |
525 | License: BSD-based; see src/external/ipf/dist/IPFILTER.LICENCE | 525 | License: BSD-based; see src/external/ipf/dist/IPFILTER.LICENCE | |
526 | Location: external/bsd/ipf,sys/external/bsd/ipf | 526 | Location: external/bsd/ipf,sys/external/bsd/ipf | |
527 | Notes: | 527 | Notes: | |
528 | ipf2netbsd should be used on a virgin ipfilter source tree. | 528 | ipf2netbsd should be used on a virgin ipfilter source tree. | |
529 | 529 | |||
530 | Package: ipsec-tools | 530 | Package: ipsec-tools | |
531 | Version: (ipsec-tools head is NetBSD-current head) | 531 | Version: (ipsec-tools head is NetBSD-current head) | |
532 | Maintainer: IPsec-Tools project <ipsec-tools-core@lists.sourceforge.net> | 532 | Maintainer: IPsec-Tools project <ipsec-tools-core@lists.sourceforge.net> | |
533 | Archive Site: http://ipsec-tools.sourceforge.net | 533 | Archive Site: http://ipsec-tools.sourceforge.net | |
534 | Home Page: http://ipsec-tools.sourceforge.net | 534 | Home Page: http://ipsec-tools.sourceforge.net | |
535 | Mailing List: ipsec-tools-devel@lists.sourceforge.net | 535 | Mailing List: ipsec-tools-devel@lists.sourceforge.net | |
536 | Responsible: manu, vanhu, mgrooms | 536 | Responsible: manu, vanhu, mgrooms | |
537 | License: BSD (3-clause) | 537 | License: BSD (3-clause) | |
538 | Location: crypto/dist/ipsec-tools | 538 | Location: crypto/dist/ipsec-tools | |
539 | Notes: | 539 | Notes: | |
540 | ipsec-tools is maintained within NetBSD src tree in src/crypto/dist/ipsec-tools | 540 | ipsec-tools is maintained within NetBSD src tree in src/crypto/dist/ipsec-tools | |
541 | We don't run ipsec-tools' configure as part of the NetBSD build. configure | 541 | We don't run ipsec-tools' configure as part of the NetBSD build. configure | |
542 | generated files are available in the NetBSD source tree at: | 542 | generated files are available in the NetBSD source tree at: | |
543 | src/lib/libipsec/config.h | 543 | src/lib/libipsec/config.h | |
544 | src/lib/libipsec/package_version.h | 544 | src/lib/libipsec/package_version.h | |
545 | When configure.ac is updated, run the following: | 545 | When configure.ac is updated, run the following: | |
546 | cd src/crypto/dist/ipsec-tools | 546 | cd src/crypto/dist/ipsec-tools | |
547 | ./bootstrap | 547 | ./bootstrap | |
548 | ./configure --enable-adminport --enable-hybrid --enable-frag \ | 548 | ./configure --enable-adminport --enable-hybrid --enable-frag \ | |
549 | --enable-natt --enable-dpd | 549 | --enable-natt --enable-dpd | |
550 | Then copy package_version.h to src/lib/libipsec and merge config.h with | 550 | Then copy package_version.h to src/lib/libipsec and merge config.h with | |
551 | src/lib/libipsec/config.h (it needs some manual tweaking) | 551 | src/lib/libipsec/config.h (it needs some manual tweaking) | |
552 | 552 | |||
553 | NOTE: As NetBSD HEAD and ipsec-tools HEAD are just the same thing, | 553 | NOTE: As NetBSD HEAD and ipsec-tools HEAD are just the same thing, | |
554 | NetBSD-current always contains latest ipsec-tools code. On the other hand, | 554 | NetBSD-current always contains latest ipsec-tools code. On the other hand, | |
555 | ipsec-tools has stable branches (e.g.: ipsec-tools-0_7-branch), which | 555 | ipsec-tools has stable branches (e.g.: ipsec-tools-0_7-branch), which | |
556 | are manually pulled up to NetBSD stable branches (e.g.: netbsd-4 is regularly | 556 | are manually pulled up to NetBSD stable branches (e.g.: netbsd-4 is regularly | |
557 | sync with ipsec-tools-0_7-branch) | 557 | sync with ipsec-tools-0_7-branch) | |
558 | 558 | |||
559 | Package: KAME IPv6 | 559 | Package: KAME IPv6 | |
560 | Version: KAME/NetBSD SNAP kit | 560 | Version: KAME/NetBSD SNAP kit | |
561 | Current Vers: KAME/NetBSD SNAP kit (shipped every week) | 561 | Current Vers: KAME/NetBSD SNAP kit (shipped every week) | |
562 | Maintainer: KAME Project <kame@kame.net> | 562 | Maintainer: KAME Project <kame@kame.net> | |
563 | Archive Site: http://www.kame.net/ | 563 | Archive Site: http://www.kame.net/ | |
564 | Home Page: http://www.kame.net/ | 564 | Home Page: http://www.kame.net/ | |
565 | Mailing List: snap-users@kame.net | 565 | Mailing List: snap-users@kame.net | |
566 | Responsible: | 566 | Responsible: | |
567 | License: BSD (3-clause) | 567 | License: BSD (3-clause) | |
568 | Location: sys/netinet6 | 568 | Location: sys/netinet6 | |
569 | Notes: | 569 | Notes: | |
570 | IPv6 part is based on KAME/NetBSD142 SNAP as of early June 2000, with | 570 | IPv6 part is based on KAME/NetBSD142 SNAP as of early June 2000, with | |
571 | more conservative implementation policy. | 571 | more conservative implementation policy. | |
572 | IPsec part is based on KAME/NetBSD14 SNAP as of 12 June 2000. | 572 | IPsec part is based on KAME/NetBSD14 SNAP as of 12 June 2000. | |
573 | Please do not make too many diff-unfriendly changes (like indentation change, | 573 | Please do not make too many diff-unfriendly changes (like indentation change, | |
574 | KNF police). We need to take diffs across KAME snapshots on upgrades. | 574 | KNF police). We need to take diffs across KAME snapshots on upgrades. | |
575 | To identify kernel version, check net.inet6.ip6.kame_version, or KAME_VERSION | 575 | To identify kernel version, check net.inet6.ip6.kame_version, or KAME_VERSION | |
576 | in sys/netinet6/in6.h. No script is available for upgrades. | 576 | in sys/netinet6/in6.h. No script is available for upgrades. | |
577 | "KAME" branch is used for kernel merge work purposes. | 577 | "KAME" branch is used for kernel merge work purposes. | |
578 | http://www.kame.net/dev/cvsweb.cgi/kame/COVERAGE has functionality comparison | 578 | http://www.kame.net/dev/cvsweb.cgi/kame/COVERAGE has functionality comparison | |
579 | among KAME/*BSD, *BSD-current and recent *BSD releases. | 579 | among KAME/*BSD, *BSD-current and recent *BSD releases. | |
580 | 580 | |||
581 | Package: kyua-atf-compat | 581 | Package: kyua-atf-compat | |
582 | Version: 0.1 | 582 | Version: 0.1 | |
583 | Current Vers: 0.1 | 583 | Current Vers: 0.1 | |
584 | Maintainer: Julio Merino <jmmv@NetBSD.org> | 584 | Maintainer: Julio Merino <jmmv@NetBSD.org> | |
585 | Archive site: http://code.google.com/p/kyua/downloads/list?can=1 | 585 | Archive site: http://code.google.com/p/kyua/downloads/list?can=1 | |
586 | Home page: http://code.google.com/p/kyua/ | 586 | Home page: http://code.google.com/p/kyua/ | |
587 | Mailing List: kyua-discuss@googlegroups.com | 587 | Mailing List: kyua-discuss@googlegroups.com | |
588 | Responsible: jmmv | 588 | Responsible: jmmv | |
589 | License: BSD 3-clause | 589 | License: BSD 3-clause | |
590 | Location: external/bsd/kyua-atf-compat/dist | 590 | Location: external/bsd/kyua-atf-compat/dist | |
591 | Notes: | 591 | Notes: | |
592 | The source files are in external/bsd/kyua-atf-compat/dist. | 592 | The source files are in external/bsd/kyua-atf-compat/dist. | |
593 | Use external/bsd/kyua-atf-compat/prepare-import.sh to regenerate the dist/ | 593 | Use external/bsd/kyua-atf-compat/prepare-import.sh to regenerate the dist/ | |
594 | directory. | 594 | directory. | |
595 | 595 | |||
596 | Package: kyua-cli | 596 | Package: kyua-cli | |
597 | Version: 0.7 | 597 | Version: 0.7 | |
598 | Current Vers: 0.7 | 598 | Current Vers: 0.7 | |
599 | Maintainer: Julio Merino <jmmv@NetBSD.org> | 599 | Maintainer: Julio Merino <jmmv@NetBSD.org> | |
600 | Archive site: http://code.google.com/p/kyua/downloads/list?can=1 | 600 | Archive site: http://code.google.com/p/kyua/downloads/list?can=1 | |
601 | Home page: http://code.google.com/p/kyua/ | 601 | Home page: http://code.google.com/p/kyua/ | |
602 | Mailing List: kyua-discuss@googlegroups.com | 602 | Mailing List: kyua-discuss@googlegroups.com | |
603 | Responsible: jmmv | 603 | Responsible: jmmv | |
604 | License: BSD 3-clause | 604 | License: BSD 3-clause | |
605 | Location: external/bsd/kyua-cli/dist | 605 | Location: external/bsd/kyua-cli/dist | |
606 | Notes: | 606 | Notes: | |
607 | The source files are in external/bsd/kyua-cli/dist. | 607 | The source files are in external/bsd/kyua-cli/dist. | |
608 | Use external/bsd/kyua-cli/prepare-import.sh to regenerate the dist/ directory. | 608 | Use external/bsd/kyua-cli/prepare-import.sh to regenerate the dist/ directory. | |
609 | 609 | |||
610 | Package: kyua-testers | 610 | Package: kyua-testers | |
611 | Version: 0.1 | 611 | Version: 0.1 | |
612 | Current Vers: 0.1 | 612 | Current Vers: 0.1 | |
613 | Maintainer: Julio Merino <jmmv@NetBSD.org> | 613 | Maintainer: Julio Merino <jmmv@NetBSD.org> | |
614 | Archive site: http://code.google.com/p/kyua/downloads/list?can=1 | 614 | Archive site: http://code.google.com/p/kyua/downloads/list?can=1 | |
615 | Home page: http://code.google.com/p/kyua/ | 615 | Home page: http://code.google.com/p/kyua/ | |
616 | Mailing List: kyua-discuss@googlegroups.com | 616 | Mailing List: kyua-discuss@googlegroups.com | |
617 | Responsible: jmmv | 617 | Responsible: jmmv | |
618 | License: BSD 3-clause | 618 | License: BSD 3-clause | |
619 | Location: external/bsd/kyua-testers/dist | 619 | Location: external/bsd/kyua-testers/dist | |
620 | Notes: | 620 | Notes: | |
621 | The source files are in external/bsd/kyua-testers/dist. | 621 | The source files are in external/bsd/kyua-testers/dist. | |
622 | Use external/bsd/kyua-testers/prepare-import.sh to regenerate the dist/ | 622 | Use external/bsd/kyua-testers/prepare-import.sh to regenerate the dist/ | |
623 | directory. | 623 | directory. | |
624 | 624 | |||
625 | Package: less | 625 | Package: less | |
626 | Version: less-458 | 626 | Version: less-458 | |
627 | Current Vers: less-458 | 627 | Current Vers: less-458 | |
628 | Maintainer: Mark Nudelman <markn@greenwoodsoftware.com> | 628 | Maintainer: Mark Nudelman <markn@greenwoodsoftware.com> | |
629 | Archive Site: http://www.greenwoodsoftware.com/less/download.html | 629 | Archive Site: http://www.greenwoodsoftware.com/less/download.html | |
630 | Home Page: http://www.greenwoodsoftware.com/less/ | 630 | Home Page: http://www.greenwoodsoftware.com/less/ | |
631 | Mailing List: less-announce-request@greenwoodsoftware.com | 631 | Mailing List: less-announce-request@greenwoodsoftware.com | |
632 | Responsible: mrg | 632 | Responsible: mrg | |
633 | License: Less License (BSD 2-clause) or GPLv3 (v2 prior to less-418) | 633 | License: Less License (BSD 2-clause) or GPLv3 (v2 prior to less-418) | |
634 | Location: external/bsd/less/dist | 634 | Location: external/bsd/less/dist | |
635 | Notes: | 635 | Notes: | |
636 | Many changes to make less act as more when invoked as more. Beware. | 636 | Many changes to make less act as more when invoked as more. Beware. | |
637 | Use the "src/external/bsd/less/less2netbsd" script to prepare source tree | 637 | Use the "src/external/bsd/less/less2netbsd" script to prepare source tree | |
638 | for importation. Run ./configure beforehand to generate "defines.h". | 638 | for importation. Run ./configure beforehand to generate "defines.h". | |
639 | Talk to mrg before importing any new version. | 639 | Talk to mrg before importing any new version. | |
640 | 640 | |||
641 | Package: libarchive | 641 | Package: libarchive | |
642 | Version: 2.8.4 | 642 | Version: 2.8.4 | |
643 | Current Vers: 2.8.5 (legacy) / 3.0.4 (stable) | 643 | Current Vers: 2.8.5 (legacy) / 3.0.4 (stable) | |
644 | Maintainer: kientzle@freebsd.org, joerg@NetBSD.org | 644 | Maintainer: kientzle@freebsd.org, joerg@NetBSD.org | |
645 | Archive Site: https://github.com/libarchive/libarchive/downloads | 645 | Archive Site: https://github.com/libarchive/libarchive/downloads | |
646 | Home Page: http://libarchive.github.com/ | 646 | Home Page: http://libarchive.github.com/ | |
647 | Responsible: joerg | 647 | Responsible: joerg | |
648 | License: BSD (2-clause) | 648 | License: BSD (2-clause) | |
649 | Location: external/bsd/libarchive/dist | 649 | Location: external/bsd/libarchive/dist | |
650 | Notes: | 650 | Notes: | |
651 | Distribution is stripped down to the relevant part. | 651 | Distribution is stripped down to the relevant part. | |
652 | 652 | |||
653 | Package: libdevmapper | 653 | Package: libdevmapper | |
654 | Version: 1.02.40 | 654 | Version: 1.02.40 | |
655 | Current Vers: 2.02.98 | 655 | Current Vers: 2.02.98 | |
656 | Maintainer: lvm-devel@redhat.com | 656 | Maintainer: lvm-devel@redhat.com | |
657 | Archive Site: ftp://sources.redhat.com/pub/lvm2/ | 657 | Archive Site: ftp://sources.redhat.com/pub/lvm2/ | |
658 | Home Page: http://sources.redhat.com/lvm2/ | 658 | Home Page: http://sources.redhat.com/lvm2/ | |
659 | Responsible: haad | 659 | Responsible: haad | |
660 | License: LGPLv2.1 | 660 | License: LGPLv2.1 | |
661 | Location: external/gpl2/lvm2/dist/libdm | 661 | Location: external/gpl2/lvm2/dist/libdm | |
662 | Notes: | 662 | Notes: | |
663 | The lvm2tools and the libdevmapper are now distributed as one source | 663 | The lvm2tools and the libdevmapper are now distributed as one source | |
664 | repository. See the lvm2tools Notes for more information. | 664 | repository. See the lvm2tools Notes for more information. | |
665 | 665 | |||
666 | Package: libevent | 666 | Package: libevent | |
667 | Version: 2.0.21-stable | 667 | Version: 2.0.21-stable | |
668 | Current Vers: 2.0.21-stable | 668 | Current Vers: 2.0.21-stable | |
669 | Maintainer: Niels Provos <provos@citi.umich.edu> | 669 | Maintainer: Niels Provos <provos@citi.umich.edu> | |
670 | Archive Site: http://www.monkey.org/~provos/libevent/ | 670 | Archive Site: http://www.monkey.org/~provos/libevent/ | |
671 | Home Page: http://www.monkey.org/~provos/libevent/ | 671 | Home Page: http://www.monkey.org/~provos/libevent/ | |
672 | Responsible: provos | 672 | Responsible: provos | |
673 | License: BSD (3/4-clause) | 673 | License: BSD (3/4-clause) | |
674 | Location: external/bsd/libevent/dist | 674 | Location: external/bsd/libevent/dist | |
675 | Notes: | 675 | Notes: | |
676 | - Run the libevent2netbsd script | 676 | - Run the libevent2netbsd script | |
677 | - Build the doxygen man pages. Edit the Doxyfile to GENERATE_MAN=yes. | 677 | - Build the doxygen man pages. Edit the Doxyfile to GENERATE_MAN=yes. | |
678 | man pages are in doxygen/man/man3. Remove the extra man pages that are | 678 | man pages are in doxygen/man/man3. Remove the extra man pages that are | |
679 | .so'ing only. Copy the rest to man. | 679 | .so'ing only. Copy the rest to man. | |
680 | 680 | |||
681 | Package: llvm | 681 | Package: llvm | |
682 | Version: 3.4rc1 (r195771) | 682 | Version: 3.4rc1 (r195771) | |
683 | Current Vers.: 3.4rc1 | 683 | Current Vers.: 3.4rc1 | |
684 | Maintainer: llvmdev@cs.uiuc.edu | 684 | Maintainer: llvmdev@cs.uiuc.edu | |
685 | Home Page: http://llvm.org | 685 | Home Page: http://llvm.org | |
686 | Responsible: joerg | 686 | Responsible: joerg | |
687 | License: BSD/MIT | 687 | License: BSD/MIT | |
688 | Location: external/bsd/llvm/dist | 688 | Location: external/bsd/llvm/dist | |
689 | Notes: | 689 | Notes: | |
690 | A CVS ACL is in place for the location to prevent unintentioned commits. | 690 | A CVS ACL is in place for the location to prevent unintentioned commits. | |
691 | All changes should come via import from upstream SVN. | 691 | All changes should come via import from upstream SVN. | |
692 | 692 | |||
693 | Package: lvm2tools | 693 | Package: lvm2tools | |
694 | Version: 2.02.56 | 694 | Version: 2.02.56 | |
695 | Current Vers: 2.02.56 | 695 | Current Vers: 2.02.56 | |
696 | Maintainer: lvm-devel@redhat.com | 696 | Maintainer: lvm-devel@redhat.com | |
697 | Archive Site: ftp://sources.redhat.com/pub/lvm2/ | 697 | Archive Site: ftp://sources.redhat.com/pub/lvm2/ | |
698 | Home Page: http://sources.redhat.com/lvm2/ | 698 | Home Page: http://sources.redhat.com/lvm2/ | |
699 | Responsible: haad | 699 | Responsible: haad | |
700 | License: GPLv2 | 700 | License: GPLv2 | |
701 | Location: external/gpl2/lvm2/dist | 701 | Location: external/gpl2/lvm2/dist | |
702 | Notes: | 702 | Notes: | |
703 | Use the src/external/gpl2/lvm2tools/dist/lvm2netbsd script to prepare source tree | 703 | Use the src/external/gpl2/lvm2tools/dist/lvm2netbsd script to prepare source tree | |
704 | for import. Keep eye on dist/include/configure.h it migh change over the releases. | 704 | for import. Keep eye on dist/include/configure.h it migh change over the releases. | |
705 | We maintain our own version of libdevmapper ioctl protocol code, therefore we | 705 | We maintain our own version of libdevmapper ioctl protocol code, therefore we | |
706 | should test it before import. Talk to haad before importing new version. | 706 | should test it before import. Talk to haad before importing new version. | |
707 | 707 | |||
708 | Package: libpcap | 708 | Package: libpcap | |
709 | Version: 1.5.2 | 709 | Version: 1.5.2 | |
710 | Current Vers: 1.5.2 | 710 | Current Vers: 1.5.2 | |
711 | Maintainer: tcpdump-workers@tcpdump.org | 711 | Maintainer: tcpdump-workers@tcpdump.org | |
712 | Archive Site: http://www.tcpdump.org/release/ | 712 | Archive Site: http://www.tcpdump.org/release/ | |
713 | Home Page: http://www.tcpdump.org/ | 713 | Home Page: http://www.tcpdump.org/ | |
714 | Mailing List: tcpdump-workers@tcpdump.org | 714 | Mailing List: tcpdump-workers@tcpdump.org | |
715 | Responsible: dyoung | 715 | Responsible: dyoung | |
716 | License: BSD (3/4-clause) | 716 | License: BSD (3/4-clause) | |
717 | Location: external/bsd/libpcap/dist | 717 | Location: external/bsd/libpcap/dist | |
718 | Notes: | 718 | Notes: | |
719 | Use the src/external/bsd/libpcap/libpcap2netbsd script to prepare source | 719 | Use the src/external/bsd/libpcap/libpcap2netbsd script to prepare source | |
720 | tree. sys/net/dlt.h is a copy of the dlt constants from pcap.h | 720 | tree. sys/net/dlt.h is a copy of the dlt constants from pcap.h | |
721 | 721 | |||
722 | Package: libwrap | 722 | Package: libwrap | |
723 | Version: tcp_wrappers 7.6 w/ large amount of IPv6 changes | 723 | Version: tcp_wrappers 7.6 w/ large amount of IPv6 changes | |
724 | Current Vers: tcp_wrappers 7.6-ipv6.4 | 724 | Current Vers: tcp_wrappers 7.6-ipv6.4 | |
725 | Maintainer: Wietse Venema <wietse@porcupine.org> | 725 | Maintainer: Wietse Venema <wietse@porcupine.org> | |
726 | Archive Site: ftp://ftp.porcupine.org/pub/security/ | 726 | Archive Site: ftp://ftp.porcupine.org/pub/security/ | |
727 | Home Page: ftp://ftp.porcupine.org/pub/security/ | 727 | Home Page: ftp://ftp.porcupine.org/pub/security/ | |
728 | Mailing List: | 728 | Mailing List: | |
729 | Responsible: cjs | 729 | Responsible: cjs | |
730 | License: BSD-like | 730 | License: BSD-like | |
731 | Location: lib/libwrap | 731 | Location: lib/libwrap | |
732 | Notes: | 732 | Notes: | |
733 | We import only libwrap (under src/lib), tcpdchk and tcpdmatch (both | 733 | We import only libwrap (under src/lib), tcpdchk and tcpdmatch (both | |
734 | under src/usr.sbin). We don't use tcpd; that functionality is built | 734 | under src/usr.sbin). We don't use tcpd; that functionality is built | |
735 | into inetd. The provided libwrap2netbsd script handles just libwrap. | 735 | into inetd. The provided libwrap2netbsd script handles just libwrap. | |
736 | 736 | |||
737 | Package: Lua | 737 | Package: Lua | |
738 | Version: Lua 5.1.5 | 738 | Version: Lua 5.1.5 | |
739 | Current Vers: Lua 5.2.2 | 739 | Current Vers: Lua 5.2.2 | |
740 | Maintainer: PUC Rio | 740 | Maintainer: PUC Rio | |
741 | Home Page: http://www.lua.org/ | 741 | Home Page: http://www.lua.org/ | |
742 | Mailing List: | 742 | Mailing List: | |
743 | Responsible: mbalmer | 743 | Responsible: mbalmer | |
744 | License: MIT | 744 | License: MIT | |
745 | Location: external/mit/lua/dist | 745 | Location: external/mit/lua/dist | |
746 | Notes: | 746 | Notes: | |
747 | The default module paths have been changed to not include the current | 747 | The default module paths have been changed to not include the current | |
748 | working directory '.' to avoid potential security problems. | 748 | working directory '.' to avoid potential security problems. | |
749 | 749 | |||
750 | Package: Lutok | 750 | Package: Lutok | |
751 | Version: 0.3 | 751 | Version: 0.3 | |
752 | Current Vers: 0.3 | 752 | Current Vers: 0.3 | |
753 | Maintainer: Julio Merino <jmmv@NetBSD.org> | 753 | Maintainer: Julio Merino <jmmv@NetBSD.org> | |
754 | Archive site: http://code.google.com/p/lutok/downloads/list?can=1 | 754 | Archive site: http://code.google.com/p/lutok/downloads/list?can=1 | |
755 | Home page: http://code.google.com/p/lutok/ | 755 | Home page: http://code.google.com/p/lutok/ | |
756 | Mailing List: lutok-discuss@googlegroups.com | 756 | Mailing List: lutok-discuss@googlegroups.com | |
757 | Responsible: jmmv | 757 | Responsible: jmmv | |
758 | License: BSD 3-clause | 758 | License: BSD 3-clause | |
759 | Location: external/bsd/lutok/dist | 759 | Location: external/bsd/lutok/dist | |
760 | Notes: | 760 | Notes: | |
761 | The source files are in external/bsd/lutok/dist. | 761 | The source files are in external/bsd/lutok/dist. | |
762 | Use external/bsd/lutok/prepare-import.sh to regenerate the dist/ directory. | 762 | Use external/bsd/lutok/prepare-import.sh to regenerate the dist/ directory. | |
763 | 763 | |||
764 | Package: m4 | 764 | Package: m4 | |
765 | Version: 20091026 | 765 | Version: 20091026 | |
766 | Current Vers: 20091026 | 766 | Current Vers: 20091026 | |
767 | Maintainer: The OpenBSD Project | 767 | Maintainer: The OpenBSD Project | |
768 | Archive Site: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/m4 | 768 | Archive Site: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/m4 | |
769 | Home Page: http://www.openbsd.org/ | 769 | Home Page: http://www.openbsd.org/ | |
770 | Mailing List: | 770 | Mailing List: | |
771 | License: BSD 3-clause like (dns-sd) | 771 | License: BSD 3-clause like (dns-sd) | |
772 | Responsible: christos | 772 | Responsible: christos | |
773 | Location: usr.bin/m4 | 773 | Location: usr.bin/m4 | |
774 | Notes: | 774 | Notes: | |
775 | Uses libc's ohash, and strtonum | 775 | Uses libc's ohash, and strtonum | |
776 | 776 | |||
777 | Package: mDNSResponder | 777 | Package: mDNSResponder | |
778 | Version: 320.16 | 778 | Version: 320.16 | |
779 | Current Vers: 541 | 779 | Current Vers: 541 | |
780 | Maintainer: Apple | 780 | Maintainer: Apple | |
781 | Archive Site: http://www.opensource.apple.com/tarballs/mDNSResponder/ | 781 | Archive Site: http://www.opensource.apple.com/tarballs/mDNSResponder/ | |
782 | Home Page: http://developer.apple.com/opensource/internet/bonjour.html | 782 | Home Page: http://developer.apple.com/opensource/internet/bonjour.html | |
783 | Mailing List: bonjour-dev@lists.apple.com | 783 | Mailing List: bonjour-dev@lists.apple.com | |
784 | License: Apache2 (mdnsd), BSD 3-clause (libdns_sd), | 784 | License: Apache2 (mdnsd), BSD 3-clause (libdns_sd), | |
785 | BSD 3-clause like (dns-sd) | 785 | BSD 3-clause like (dns-sd) | |
786 | Responsible: tsarna | 786 | Responsible: tsarna | |
787 | Location: external/apache2/mDNSResponder/dist | 787 | Location: external/apache2/mDNSResponder/dist | |
788 | Notes: | 788 | Notes: | |
789 | 789 | |||
790 | Package: mdocml | 790 | Package: mdocml | |
791 | Version: 1.12.1 | 791 | Version: 1.12.1 | |
792 | Current Vers: 1.13.1 | 792 | Current Vers: 1.13.1 | |
793 | Maintainer: Kristaps Džonsons | 793 | Maintainer: Kristaps Džonsons | |
794 | Archive Site: http://mdocml.bsd.lv/snapshots/ | 794 | Archive Site: http://mdocml.bsd.lv/snapshots/ | |
795 | Home Page: http://mdocml.bsd.lv/ | 795 | Home Page: http://mdocml.bsd.lv/ | |
796 | Mailing List: | 796 | Mailing List: | |
797 | Responsible: joerg | 797 | Responsible: joerg | |
798 | License: BSD (2-clause) | 798 | License: BSD (2-clause) | |
799 | Location: external/bsd/mdocml/dist | 799 | Location: external/bsd/mdocml/dist | |
800 | Notes: | 800 | Notes: | |
801 | 801 | |||
802 | Package: mesa-demos | 802 | Package: mesa-demos | |
803 | Version: 8.1.0 | 803 | Version: 8.1.0 | |
804 | Current Vers: 8.2.0 | 804 | Current Vers: 8.2.0 | |
805 | Maintainer: mesa-git@? | 805 | Maintainer: mesa-git@? | |
806 | Archive Site: ftp://ftp.freedesktop.org/pub/mesa/demos/ | 806 | Archive Site: ftp://ftp.freedesktop.org/pub/mesa/demos/ | |
807 | Home Page: http://www.mesa3d.org/ | 807 | Home Page: http://www.mesa3d.org/ | |
808 | Mailing List: | 808 | Mailing List: | |
809 | Responsible: riastradh, mrg | 809 | Responsible: riastradh, mrg | |
810 | License: ISC | 810 | License: ISC | |
811 | Location: xsrc/external/mit/MesaDemos/dist | 811 | Location: xsrc/external/mit/MesaDemos/dist | |
812 | Notes: | 812 | Notes: | |
813 | We use only glxinfo and glxgears. Delete all else on import. | 813 | We use only glxinfo and glxgears. Delete all else on import. | |
814 | Vendor tag: xorg | 814 | Vendor tag: xorg | |
815 | Release tag: mesa-demos-X-Y-Z | 815 | Release tag: mesa-demos-X-Y-Z | |
816 | 816 | |||
817 | Package: mesa-drm | 817 | Package: mesa-drm | |
818 | Version: git 85b9f737db0d2a845e4d7e2bbf9ad12ff9e2227c | 818 | Version: git 85b9f737db0d2a845e4d7e2bbf9ad12ff9e2227c | |
819 | Current Vers: | 819 | Current Vers: | |
820 | Maintainer: mesa-git@? | 820 | Maintainer: mesa-git@? | |
821 | Archive Site: git://anongit.freedesktop.org/git/mesa/drm | 821 | Archive Site: git://anongit.freedesktop.org/git/mesa/drm | |
822 | Home Page: http://cgit.freedesktop.org/mesa/drm/ | 822 | Home Page: http://cgit.freedesktop.org/mesa/drm/ | |
823 | Mailing List: | 823 | Mailing List: | |
824 | Responsible: mrg, bjs | 824 | Responsible: mrg, bjs | |
825 | License: BSD | 825 | License: BSD | |
826 | Location: sys/external/bsd/drm/dist | 826 | Location: sys/external/bsd/drm/dist | |
827 | Notes: | 827 | Notes: | |
828 | 828 | |||
829 | Package: MesaLib | 829 | Package: MesaLib | |
830 | Version: 7.11.2 | 830 | Version: 7.11.2 | |
831 | Current Vers: 10.2.3 | 831 | Current Vers: 10.2.3 | |
832 | Maintainer: mesa-git@? | 832 | Maintainer: mesa-git@? | |
833 | Archive Site: ftp://ftp.freedesktop.org/pub/mesa/ | 833 | Archive Site: ftp://ftp.freedesktop.org/pub/mesa/ | |
834 | Home Page: http://www.mesa3d.org/ | 834 | Home Page: http://www.mesa3d.org/ | |
835 | Mailing List: | 835 | Mailing List: | |
836 | Responsible: riastradh, mrg | 836 | Responsible: riastradh, mrg | |
837 | License: ISC | 837 | License: ISC | |
838 | Location: xsrc/external/mit/MesaLib/dist | 838 | Location: xsrc/external/mit/MesaLib/dist | |
839 | Notes: | 839 | Notes: | |
840 | Vendor tag: xorg | 840 | Vendor tag: xorg | |
841 | Release tag: MesaLib-X-Y-Z | 841 | Release tag: MesaLib-X-Y-Z | |
842 | 842 | |||
843 | Package: mopd | 843 | Package: mopd | |
844 | Version: 2.5.3 | 844 | Version: 2.5.3 | |
845 | Current Vers: 2.5.3 | 845 | Current Vers: 2.5.3 | |
846 | Maintainer: Mats O Jansson <maja@celsiustech.se> | 846 | Maintainer: Mats O Jansson <maja@celsiustech.se> | |
847 | Archive Site: http://www.stacken.kth.se/~moj/mopd.html | 847 | Archive Site: http://www.stacken.kth.se/~moj/mopd.html | |
848 | Home Page: http://www.stacken.kth.se/~moj/mopd.html | 848 | Home Page: http://www.stacken.kth.se/~moj/mopd.html | |
849 | Mailing List: | 849 | Mailing List: | |
850 | Responsible: cjs | 850 | Responsible: cjs | |
851 | License: BSD (4-clause) | 851 | License: BSD (4-clause) | |
852 | Location: usr.sbin/mopd | 852 | Location: usr.sbin/mopd | |
853 | Notes: | 853 | Notes: | |
854 | Delete the otherOS directory before importing. | 854 | Delete the otherOS directory before importing. | |
855 | 855 | |||
856 | Package: nawk | 856 | Package: nawk | |
857 | Version: 2012-12-20 | 857 | Version: 2012-12-20 | |
858 | Current Vers: 2012-12-20 | 858 | Current Vers: 2012-12-20 | |
859 | Maintainer: Brian Kernighan <bwk@princeton.edu> | 859 | Maintainer: Brian Kernighan <bwk@princeton.edu> | |
860 | Archive Site: http://www.cs.princeton.edu/~bwk/btl.mirror/ | 860 | Archive Site: http://www.cs.princeton.edu/~bwk/btl.mirror/ | |
861 | Home Page: http://www.cs.princeton.edu/~bwk/btl.mirror/ | 861 | Home Page: http://www.cs.princeton.edu/~bwk/btl.mirror/ | |
862 | Mailing List: | 862 | Mailing List: | |
863 | Responsible: jdolecek | 863 | Responsible: jdolecek | |
864 | License: BSD-like | 864 | License: BSD-like | |
865 | Location: external/historical/nawk/dist | 865 | Location: external/historical/nawk/dist | |
866 | Notes: | 866 | Notes: | |
867 | Build maketab from nawk sources and generate proctab.c. | 867 | Build maketab from nawk sources and generate proctab.c. | |
868 | Remove buildwin.bat, missing95.c, ytab.[ch], ytab?.bak, vcvars.bat makefile.win | 868 | Remove buildwin.bat, missing95.c, ytab.[ch], ytab?.bak, vcvars.bat makefile.win | |
869 | then import to src/external/historical/nawk/dist. | 869 | then import to src/external/historical/nawk/dist. | |
870 | 870 | |||
871 | Package: ndbootd | 871 | Package: ndbootd | |
872 | Version: 0.5 | 872 | Version: 0.5 | |
873 | Current Vers: 0.5 | 873 | Current Vers: 0.5 | |
874 | Maintainer: Matt Fredette <fredette@alum.mit.edu> | 874 | Maintainer: Matt Fredette <fredette@alum.mit.edu> | |
875 | Archive Site: | 875 | Archive Site: | |
876 | Home Page: | 876 | Home Page: | |
877 | Responsible: fredette | 877 | Responsible: fredette | |
878 | License: BSD (4-clause) | 878 | License: BSD (4-clause) | |
879 | Location: usr.sbin/ndbootd | 879 | Location: usr.sbin/ndbootd | |
880 | Notes: | 880 | Notes: | |
881 | Run ./configure, save config.h, make distclean, rm all autoconf/automake | 881 | Run ./configure, save config.h, make distclean, rm all autoconf/automake | |
882 | and ndbootd-raw.c. Restore saved config.h, and force it to define | 882 | and ndbootd-raw.c. Restore saved config.h, and force it to define | |
883 | HAVE_STRICT_ALIGNMENT. Fix RCS IDs, import. | 883 | HAVE_STRICT_ALIGNMENT. Fix RCS IDs, import. | |
884 | 884 | |||
885 | Package: ntp | 885 | Package: ntp | |
886 | Version: 4.2.7p404 | 886 | Version: 4.2.7p404 | |
887 | Current Vers: 4.2.6p5/4.2.7p404 | 887 | Current Vers: 4.2.6p5/4.2.7p404 | |
888 | Maintainer: David L. Mills <mills@udel.edu> | 888 | Maintainer: David L. Mills <mills@udel.edu> | |
889 | Archive Site: http://www.ntp.org/ | 889 | Archive Site: http://www.ntp.org/ | |
890 | Home Page: http://www.ntp.org/, http://support.ntp.org/ | 890 | Home Page: http://www.ntp.org/, http://support.ntp.org/ | |
891 | Mailing List: | 891 | Mailing List: | |
892 | Responsible: simonb, jonathan, kardel | 892 | Responsible: simonb, jonathan, kardel | |
893 | License: BSD-like | 893 | License: BSD-like | |
894 | Location: external/bsd/ntp/dist | 894 | Location: external/bsd/ntp/dist | |
895 | Notes: | 895 | Notes: | |
896 | See /usr/src/dist/ntp/ntp2netbsd for update instructions. | 896 | See /usr/src/dist/ntp/ntp2netbsd for update instructions. | |
897 | 897 | |||
898 | Package: nvi | 898 | Package: nvi | |
899 | Version: 1.81.6, HEAD as of 2013-11-20 | 899 | Version: 1.81.6, HEAD as of 2013-11-20 | |
900 | Current Vers: 1.81.6 | 900 | Current Vers: 1.81.6 | |
901 | Maintainer: Sven Verdoolaege <skimo@kotnet.org>, Keith Bostic | 901 | Maintainer: Sven Verdoolaege <skimo@kotnet.org>, Keith Bostic | |
902 | Archive Site: git://repo.or.cz/nvi.git, ftp://ftp.bostic.com/pub/ | 902 | Archive Site: git://repo.or.cz/nvi.git, ftp://ftp.bostic.com/pub/ | |
903 | Home Page: https://repo.or.cz/w/nvi.git http://www.bostic.com/vi/ | 903 | Home Page: https://repo.or.cz/w/nvi.git http://www.bostic.com/vi/ | |
904 | Mailing List: | 904 | Mailing List: | |
905 | Responsible: christos | 905 | Responsible: christos | |
906 | License: BSD (3/4-clause) | 906 | License: BSD (3/4-clause) | |
907 | Location: external/bsd/nvi/dist | 907 | Location: external/bsd/nvi/dist | |
908 | Notes: | 908 | Notes: | |
909 | We have lots of local fixes. | 909 | We have lots of local fixes. | |
910 | 910 | |||
911 | Package: OpenLDAP | 911 | Package: OpenLDAP | |
912 | Version: 2.4.39 | 912 | Version: 2.4.39 | |
913 | Current Vers: 2.4.39 | 913 | Current Vers: 2.4.39 | |
914 | Maintainer: OpenLDAP Foundation | 914 | Maintainer: OpenLDAP Foundation | |
915 | Archive Site: http://www.openldap.org/ | 915 | Archive Site: http://www.openldap.org/ | |
916 | Home Page: http://www.openldap.org/ | 916 | Home Page: http://www.openldap.org/ | |
917 | Mailing List: | 917 | Mailing List: | |
918 | Responsible: | 918 | Responsible: | |
919 | License: BSD (3-clause) | 919 | License: BSD (3-clause) | |
920 | Location: external/bsd/openldap/dist | 920 | Location: external/bsd/openldap/dist | |
921 | Notes: | 921 | Notes: | |
922 | 922 | |||
923 | Package: OpenPAM | 923 | Package: OpenPAM | |
924 | Version: 20130907 (Nummularia) | 924 | Version: 20130907 (Nummularia) | |
925 | Current Vers: 20130907 (Nummularia) | 925 | Current Vers: 20130907 (Nummularia) | |
926 | Maintainer: Dag-Erling Smørgrav <des@FreeBSD.org> | 926 | Maintainer: Dag-Erling Smørgrav <des@FreeBSD.org> | |
927 | Archive Site: http://www.openpam.org/ | 927 | Archive Site: http://www.openpam.org/ | |
928 | Home Page: http://www.openpam.org/ | 928 | Home Page: http://www.openpam.org/ | |
929 | Mailing List: | 929 | Mailing List: | |
930 | Responsible: christos | 930 | Responsible: christos | |
931 | License: BSD (3-clause) | 931 | License: BSD (3-clause) | |
932 | Location: external/bsd/openpam/dist | 932 | Location: external/bsd/openpam/dist | |
933 | Notes: | 933 | Notes: | |
934 | Next import will need moving lib sources to lib/libpam | 934 | Next import will need moving lib sources to lib/libpam | |
935 | 935 | |||
936 | Package: openresolv | 936 | Package: openresolv | |
937 | Version: 3.5.6 | 937 | Version: 3.5.6 | |
938 | Current Vers: 3.5.6 | 938 | Current Vers: 3.5.6 | |
939 | Maintainer: roy | 939 | Maintainer: roy | |
940 | Archive Site: ftp://roy.marples.name/pub/openresolv/ | 940 | Archive Site: ftp://roy.marples.name/pub/openresolv/ | |
941 | Home Page: http://roy.marples.name/projects/openresolv/ | 941 | Home Page: http://roy.marples.name/projects/openresolv/ | |
942 | Mailing List: openresolv-discuss@marples.name | 942 | Mailing List: openresolv-discuss@marples.name | |
943 | License: BSD (2-clause) | 943 | License: BSD (2-clause) | |
944 | Location: external/bsd/openresolv/dist | 944 | Location: external/bsd/openresolv/dist | |
945 | Notes: | 945 | Notes: | |
946 | Please submit all changes to the author. | 946 | Please submit all changes to the author. | |
947 | 947 | |||
948 | Package: HPN-SSH | 948 | Package: HPN-SSH | |
949 | Version: 6.1p1 13 v14 | 949 | Version: 6.1p1 13 v14 | |
950 | Current Vers: 6.3p1 v14 | 950 | Current Vers: 6.3p1 v14 | |
951 | Maintainer: www.psc.edu | 951 | Maintainer: www.psc.edu | |
952 | Archive Site: No direct link anymore, @#$#$ psc. | 952 | Archive Site: No direct link anymore, @#$#$ psc. | |
953 | Home Page: http://www.psc.edu/index.php/hpn-ssh | 953 | Home Page: http://www.psc.edu/index.php/hpn-ssh | |
954 | Mailing List: | 954 | Mailing List: | |
955 | Responsible: christos | 955 | Responsible: christos | |
956 | License: | 956 | License: | |
957 | Location: crypto/external/bsd/openssh/dist | 957 | Location: crypto/external/bsd/openssh/dist | |
958 | Notes: | 958 | Notes: | |
959 | Patch applied after OpenSSH import. | 959 | Patch applied after OpenSSH import. | |
960 | 960 | |||
961 | Package: OpenSSH | 961 | Package: OpenSSH | |
962 | Version: 6.4 | 962 | Version: 6.4 | |
963 | Current Vers: 6.4 / portable 6.4p1 | 963 | Current Vers: 6.4 / portable 6.4p1 | |
964 | Maintainer: OpenSSH | 964 | Maintainer: OpenSSH | |
965 | Archive Site: http://www.openssh.com/ftp.html | 965 | Archive Site: http://www.openssh.com/ftp.html | |
966 | Home Page: http://www.openssh.com/portable.html | 966 | Home Page: http://www.openssh.com/portable.html | |
967 | Mailing List: openssh-unix-announce@mindrot.org | 967 | Mailing List: openssh-unix-announce@mindrot.org | |
968 | Responsible: thorpej, christos, elric | 968 | Responsible: thorpej, christos, elric | |
969 | License: BSD. See src/crypto/external/bsd/openssh/dist/LICENSE | 969 | License: BSD. See src/crypto/external/bsd/openssh/dist/LICENSE | |
970 | Location: crypto/external/bsd/openssh/dist | 970 | Location: crypto/external/bsd/openssh/dist | |
971 | Notes: | 971 | Notes: | |
972 | imported from OpenBSD ssh -- is not from the portable OpenSSH | 972 | imported from OpenBSD ssh -- is not from the portable OpenSSH | |
973 | use openssh2netbsd before import. | 973 | use openssh2netbsd before import. | |
974 | local changes (should always try to bring them back to master openssh tree, | 974 | local changes (should always try to bring them back to master openssh tree, | |
975 | markus is very cooperative about it): | 975 | markus is very cooperative about it): | |
976 | - default for PermitRootLogin is set to "no" | 976 | - default for PermitRootLogin is set to "no" | |
977 | - IgnoreRootRhosts added | 977 | - IgnoreRootRhosts added | |
978 | - look at login.conf to check valid user/access list | 978 | - look at login.conf to check valid user/access list | |
979 | - krb5 support re-added | 979 | - krb5 support re-added | |
980 | - hack in cipher.c #ifdef ACCS because we are missing EVP_acss | 980 | - hack in cipher.c #ifdef ACCS because we are missing EVP_acss | |
981 | when someone imports openssl, we can remove this. | 981 | when someone imports openssl, we can remove this. | |
982 | - added moduli from portable openssh | 982 | - added moduli from portable openssh | |
983 | - added USE_PAM patches and auth_pam.[ch] from portable openssh | 983 | - added USE_PAM patches and auth_pam.[ch] from portable openssh | |
984 | (see if there is any difference between the current version of opensshX.Yp1 | 984 | (see if there is any difference between the current version of opensshX.Yp1 | |
985 | and the new opensshZ.Wp1) and apply them. | 985 | and the new opensshZ.Wp1) and apply them. | |
986 | - conditionalize login_cap | 986 | - conditionalize login_cap | |
987 | - conditionalize bsd_auth | 987 | - conditionalize bsd_auth | |
988 | - restore krb5, krb4, afs, skey | 988 | - restore krb5, krb4, afs, skey | |
989 | - bring in hpn patches, disable mt aes cipher, keep speedups and cipher none | 989 | - bring in hpn patches, disable mt aes cipher, keep speedups and cipher none | |
990 | - fix ctype macro arguments | 990 | - fix ctype macro arguments | |
991 | - umac is broken, disable it | 991 | - umac is broken, disable it | |
992 | - better ~homedir handling | 992 | - better ~homedir handling | |
993 | - netbsd style tunnels | 993 | - netbsd style tunnels | |
994 | - urandom, xhome, chrootdir, rescuedir NetBSD handling | 994 | - urandom, xhome, chrootdir, rescuedir NetBSD handling | |
995 | - utmp/utmpx handling | 995 | - utmp/utmpx handling | |
996 | - handle tty posix_vdisable properly | 996 | - handle tty posix_vdisable properly | |
997 | - handle setuid and unsetuid the posix way instead of setresuid() | 997 | - handle setuid and unsetuid the posix way instead of setresuid() | |
998 | - add all missing functions | 998 | - add all missing functions | |
999 | - always bump major when importing to avoid api problems. | 999 | - always bump major when importing to avoid api problems. | |
1000 | - make compile with gcc-4.5; const fixes, fileno() checks, shadow fixes. | 1000 | - make compile with gcc-4.5; const fixes, fileno() checks, shadow fixes. | |
1001 | 1001 | |||
1002 | Package: OpenSSL | 1002 | Package: OpenSSL | |
1003 | Version: 1.0.1k | 1003 | Version: 1.0.1k | |
1004 | Current Vers: 1.0.1k | 1004 | Current Vers: 1.0.1k | |
1005 | Maintainer: The OpenSSL Project | 1005 | Maintainer: The OpenSSL Project | |
1006 | Archive Site: ftp://ftp.openssl.org/source/ | 1006 | Archive Site: ftp://ftp.openssl.org/source/ | |
1007 | Home Page: http://www.openssl.org/ | 1007 | Home Page: http://www.openssl.org/ | |
1008 | Mailing List: openssl-announce@openssl.org | 1008 | Mailing List: openssl-announce@openssl.org | |
1009 | Responsible: christos, mjf, tls, riastradh, spz | 1009 | Responsible: christos, mjf, tls, riastradh, spz | |
1010 | License: OpenSSL and SSLeay license (both BSD-like) | 1010 | License: OpenSSL and SSLeay license (both BSD-like) | |
1011 | Location: crypto/external/bsd/openssl/dist | 1011 | Location: crypto/external/bsd/openssl/dist | |
1012 | Notes: | 1012 | Notes: | |
1013 | - Run openssl2netbsd to get rid of the RCSID identifiers | 1013 | - Run openssl2netbsd to get rid of the RCSID identifiers | |
1014 | - run make in /usr/src/crypto/external/bsd/openssl/lib/libcrypto/man | 1014 | - run make in /usr/src/crypto/external/bsd/openssl/lib/libcrypto/man | |
1015 | to regen man pages. | 1015 | to regen man pages. | |
1016 | - run make in /usr/src/crypto/external/bsd/openssl/lib/libcrypto/arch/* | 1016 | - run make in /usr/src/crypto/external/bsd/openssl/lib/libcrypto/arch/* | |
1017 | to regen assembly files | 1017 | to regen assembly files | |
1018 | 1018 | |||
1019 | Package: pcc | 1019 | Package: pcc | |
1020 | Version: 1.1.0.DEVEL 20120325 | 1020 | Version: 1.1.0.DEVEL 20120325 | |
1021 | Current Vers: 1.1.0.DEVEL 20120325 | 1021 | Current Vers: 1.1.0.DEVEL 20120325 | |
1022 | Maintainer: Anders Magnusson <ragge@NetBSD.org> | 1022 | Maintainer: Anders Magnusson <ragge@NetBSD.org> | |
1023 | Archive Site: ftp://pcc.ludd.ltu.se/pub/pcc/ | 1023 | Archive Site: ftp://pcc.ludd.ltu.se/pub/pcc/ | |
1024 | Home Page: http://pcc.ludd.ltu.se/ | 1024 | Home Page: http://pcc.ludd.ltu.se/ | |
1025 | Mailing List: pcc-list@ludd.ltu.se | 1025 | Mailing List: pcc-list@ludd.ltu.se | |
1026 | Responsible: plunky | 1026 | Responsible: plunky | |
1027 | License: BSD | 1027 | License: BSD | |
1028 | Location: external/bsd/pcc/dist | 1028 | Location: external/bsd/pcc/dist | |
1029 | Notes: | 1029 | Notes: | |
1030 | This is a development snapshot. See the src/external/bsd/pcc/prepare-import.sh | 1030 | This is a development snapshot. See the src/external/bsd/pcc/prepare-import.sh | |
1031 | file for details about how to get the latest version from the upstream server | 1031 | file for details about how to get the latest version from the upstream server | |
1032 | and import it. | 1032 | and import it. | |
1033 | 1033 | |||
1034 | Package: pdisk | 1034 | Package: pdisk | |
1035 | Version: 0.8a2 | 1035 | Version: 0.8a2 | |
1036 | Current Vers: 0.8a2 | 1036 | Current Vers: 0.8a2 | |
1037 | Maintainer: Eryk Vershen <eryk@cfcl.com> | 1037 | Maintainer: Eryk Vershen <eryk@cfcl.com> | |
1038 | Archive Site: http://cantaforda.com/cfcl/eryk/linux/pdisk/index.html | 1038 | Archive Site: http://cantaforda.com/cfcl/eryk/linux/pdisk/index.html | |
1039 | Home Page: http://cantaforda.com/cfcl/eryk/linux/pdisk/index.html | 1039 | Home Page: http://cantaforda.com/cfcl/eryk/linux/pdisk/index.html | |
1040 | Mailing List: | 1040 | Mailing List: | |
1041 | Responsible: dbj | 1041 | Responsible: dbj | |
1042 | License: BSD-like | 1042 | License: BSD-like | |
1043 | Location: external/bsd/pdisk | 1043 | Location: external/bsd/pdisk | |
1044 | Notes: | 1044 | Notes: | |
1045 | This is the disk partition utility used by Apple's mkLinux and OS X | 1045 | This is the disk partition utility used by Apple's mkLinux and OS X | |
1046 | It is imported into external/bsd/pdisk. | 1046 | It is imported into external/bsd/pdisk. | |
1047 | 1047 | |||
1048 | Package: pdksh | 1048 | Package: pdksh | |
1049 | Version: 5.2.14p2 | 1049 | Version: 5.2.14p2 | |
1050 | Current Vers: 5.2.14p2 | 1050 | Current Vers: 5.2.14p2 | |
1051 | Maintainer: Michael Rendell <michael@cs.mun.ca> | 1051 | Maintainer: Michael Rendell <michael@cs.mun.ca> | |
1052 | Archive Site: ftp://ftp.cs.mun.ca/pub/pdksh/ | 1052 | Archive Site: ftp://ftp.cs.mun.ca/pub/pdksh/ | |
1053 | Home Page: http://www.cs.mun.ca/~michael/pdksh/ | 1053 | Home Page: http://www.cs.mun.ca/~michael/pdksh/ | |
1054 | Mailing List: | 1054 | Mailing List: | |
1055 | Responsible: jdolecek | 1055 | Responsible: jdolecek | |
1056 | License: Public domain | 1056 | License: Public domain | |
1057 | Location: bin/ksh | 1057 | Location: bin/ksh | |
1058 | Notes: | 1058 | Notes: | |
1059 | pdksh-5.2.14-patches.1 and pdksh-5.2.14-patches.2 have been applied. | 1059 | pdksh-5.2.14-patches.1 and pdksh-5.2.14-patches.2 have been applied. | |
1060 | 1060 | |||
1061 | Package: PF (openbsd packet filter) | 1061 | Package: PF (openbsd packet filter) | |
1062 | Version: OpenBSD 4.2 | 1062 | Version: OpenBSD 4.2 | |
1063 | Current Vers: OpenBSD 4.3-current | 1063 | Current Vers: OpenBSD 4.3-current | |
1064 | Maintainer: The OpenBSD Project | 1064 | Maintainer: The OpenBSD Project | |
1065 | Archive Site: ftp://ftp.openbsd.org/ | 1065 | Archive Site: ftp://ftp.openbsd.org/ | |
1066 | Home Page: http://www.openbsd.org/faq/pf/ | 1066 | Home Page: http://www.openbsd.org/faq/pf/ | |
1067 | Mailing List: pf@benzedrine.cx or appropriate OpenBSD mailing list | 1067 | Mailing List: pf@benzedrine.cx or appropriate OpenBSD mailing list | |
1068 | Responsible: peter, yamt | 1068 | Responsible: peter, yamt | |
1069 | License: BSD (2-clause) | 1069 | License: BSD (2-clause) | |
1070 | Location: dist/pf,sys/dist/pf | 1070 | Location: dist/pf,sys/dist/pf | |
1071 | Notes: | 1071 | Notes: | |
1072 | kernel code is imported into src/sys/dist/pf and src/sys/net has reachover | 1072 | kernel code is imported into src/sys/dist/pf and src/sys/net has reachover | |
1073 | definition (files.pf). userland code is imported into src/dist/pf, and | 1073 | definition (files.pf). userland code is imported into src/dist/pf, and | |
1074 | reachover Makefiles are in src/usr.sbin/pf. | 1074 | reachover Makefiles are in src/usr.sbin/pf. | |
1075 | 1075 | |||
1076 | Package: pkg_install | 1076 | Package: pkg_install | |
1077 | Version: 20120221 | 1077 | Version: 20120221 | |
1078 | Current Vers: 20120221 | 1078 | Current Vers: 20120221 | |
1079 | Maintainer: The pkgsrc developers | 1079 | Maintainer: The pkgsrc developers | |
1080 | Home Page: http://www.pkgsrc.org/ | 1080 | Home Page: http://www.pkgsrc.org/ | |
1081 | Mailing List: tech-pkg@NetBSD.org | 1081 | Mailing List: tech-pkg@NetBSD.org | |
1082 | Responsible: joerg | 1082 | Responsible: joerg | |
1083 | License: BSD | 1083 | License: BSD | |
1084 | Location: external/bsd/pkg_install/dist | 1084 | Location: external/bsd/pkg_install/dist | |
1085 | Notes: | 1085 | Notes: | |
1086 | The authoritative version is in pkgsrc/pkgtools/pkg_install. | 1086 | The authoritative version is in pkgsrc/pkgtools/pkg_install. | |
1087 | 1087 | |||
1088 | Package: ping | 1088 | Package: ping | |
1089 | Version: 980911 | 1089 | Version: 980911 | |
1090 | Current Vers: 980911 | 1090 | Current Vers: 980911 | |
1091 | Maintainer: Mike Muuss | 1091 | Maintainer: Mike Muuss | |
1092 | Archive Site: | 1092 | Archive Site: | |
1093 | Home Page: http://ftp.arl.mil/mike/ping.html | 1093 | Home Page: http://ftp.arl.mil/mike/ping.html | |
1094 | Mailing List: | 1094 | Mailing List: | |
1095 | Responsible: christos | 1095 | Responsible: christos | |
1096 | License: BSD (3-clause) | 1096 | License: BSD (3-clause) | |
1097 | Location: sbin/ping | 1097 | Location: sbin/ping | |
1098 | Notes: | 1098 | Notes: | |
1099 | We use err() and friends. We have changes for snprintf, extra | 1099 | We use err() and friends. We have changes for snprintf, extra | |
1100 | formatting in man pages, disallowing flood pinging, alignment fixes, | 1100 | formatting in man pages, disallowing flood pinging, alignment fixes, | |
1101 | and more. Vern's ping is gone. We are too different from everyone else | 1101 | and more. Vern's ping is gone. We are too different from everyone else | |
1102 | now to do a new import. | 1102 | now to do a new import. | |
1103 | 1103 | |||
1104 | Package: Postfix | 1104 | Package: Postfix | |
1105 | Version: 2.11.3 | 1105 | Version: 3.0 | |
1106 | Current Vers: 2.11.3 | 1106 | Current Vers: 2.11.4 | |
1107 | Maintainer: Wietse Venema <wietse@porcupine.org> | 1107 | Maintainer: Wietse Venema <wietse@porcupine.org> | |
1108 | Archive Site: ftp://postfix.cloud9.net/official/ | 1108 | Archive Site: ftp://postfix.cloud9.net/official/ | |
1109 | Home Page: http://www.postfix.org/ | 1109 | Home Page: http://www.postfix.org/ | |
1110 | Mailing List: postfix-users@postfix.org | 1110 | Mailing List: postfix-users@postfix.org | |
1111 | Responsible: christos, tron | 1111 | Responsible: christos, tron | |
1112 | License: IBM Public License. See also src/external/ibm-public/postfix/dist. | 1112 | License: IBM Public License. See also src/external/ibm-public/postfix/dist. | |
1113 | Location: external/ibm-public/postfix/dist | 1113 | Location: external/ibm-public/postfix/dist | |
1114 | Notes: | 1114 | Notes: | |
1115 | HTML documentation should be kept in sync with the README_FILES. | 1115 | HTML documentation should be kept in sync with the README_FILES. | |
1116 | src/gnu/dist/postfix/conf/postfix-files must be kept in sync with our | 1116 | src/gnu/dist/postfix/conf/postfix-files must be kept in sync with our | |
1117 | directory layout (the easiest way to check is by running ``postfix | 1117 | directory layout (the easiest way to check is by running ``postfix | |
1118 | set-permissions''). | 1118 | set-permissions''). | |
1119 | 1119 | |||
1120 | Package: ppp | 1120 | Package: ppp | |
1121 | Version: 2.4.7 | 1121 | Version: 2.4.7 | |
1122 | Current Vers: 2.4.7 | 1122 | Current Vers: 2.4.7 | |
1123 | Maintainer: Paul Mackerras <paulus@samba.org> | 1123 | Maintainer: Paul Mackerras <paulus@samba.org> | |
1124 | Archive Site: ftp://ftp.samba.org/pub/ppp/ | 1124 | Archive Site: ftp://ftp.samba.org/pub/ppp/ | |
1125 | Home Page: | 1125 | Home Page: | |
1126 | GIT root: git://ozlabs.org/~paulus/ppp.git | 1126 | GIT root: git://ozlabs.org/~paulus/ppp.git | |
1127 | Mailing List: | 1127 | Mailing List: | |
1128 | Responsible: christos, cube | 1128 | Responsible: christos, cube | |
1129 | License: BSD (3-clause) | 1129 | License: BSD (3-clause) | |
1130 | Location: external/bsd/ppp/dist | 1130 | Location: external/bsd/ppp/dist | |
1131 | Notes: | 1131 | Notes: | |
1132 | BSD support was removed from 2.4.0; I added it back and removed | 1132 | BSD support was removed from 2.4.0; I added it back and removed | |
1133 | some GPL pieces. Multilink support is missing. Repeated pings to | 1133 | some GPL pieces. Multilink support is missing. Repeated pings to | |
1134 | Paulus have not yielded results. I've retrofitted pppdump to use | 1134 | Paulus have not yielded results. I've retrofitted pppdump to use | |
1135 | net/zlib, and <net/ppp-comp.h> and I now maintain sys-bsd.c. This | 1135 | net/zlib, and <net/ppp-comp.h> and I now maintain sys-bsd.c. This | |
1136 | is clearly a pain. I have not tested the modules code, neither our | 1136 | is clearly a pain. I have not tested the modules code, neither our | |
1137 | makefiles make it easy to construct a module, but I left one there | 1137 | makefiles make it easy to construct a module, but I left one there | |
1138 | as an example. | 1138 | as an example. | |
1139 | TDB code as found in 2.4.x, x>1 is under the GPL. Therefore, we're | 1139 | TDB code as found in 2.4.x, x>1 is under the GPL. Therefore, we're | |
1140 | using the version found in 2.4.1. | 1140 | using the version found in 2.4.1. | |
1141 | 1141 | |||
1142 | Package: rcs | 1142 | Package: rcs | |
1143 | Version: 5.7 | 1143 | Version: 5.7 | |
1144 | Current Vers: 5.9.2 | 1144 | Current Vers: 5.9.2 | |
1145 | Maintainer: FSF | 1145 | Maintainer: FSF | |
1146 | Archive Site: ftp://ftp.gnu.org/gnu/rcs/ | 1146 | Archive Site: ftp://ftp.gnu.org/gnu/rcs/ | |
1147 | Mailing List: bug-gnu-utils@gnu.org | 1147 | Mailing List: bug-gnu-utils@gnu.org | |
1148 | Home Page: http://www.gnu.org/software/rcs/ | 1148 | Home Page: http://www.gnu.org/software/rcs/ | |
1149 | Responsible: agc | 1149 | Responsible: agc | |
1150 | License: GPLv2+ (5.7), GPLv3+ (5.8 and later) | 1150 | License: GPLv2+ (5.7), GPLv3+ (5.8 and later) | |
1151 | Location: gnu/usr.bin/rcs | 1151 | Location: gnu/usr.bin/rcs | |
1152 | Notes: | 1152 | Notes: | |
1153 | Old versions are available from Purdue (ftp.cs.purdue.edu:/pub/RCS). | 1153 | Old versions are available from Purdue (ftp.cs.purdue.edu:/pub/RCS). | |
1154 | 1154 | |||
1155 | Package: root.cache | 1155 | Package: root.cache | |
1156 | Version: 2014060201 (June 2, 2014) | 1156 | Version: 2014060201 (June 2, 2014) | |
1157 | Current Vers: 2014060201 (June 2, 2014) | 1157 | Current Vers: 2014060201 (June 2, 2014) | |
1158 | Maintainer: InterNIC | 1158 | Maintainer: InterNIC | |
1159 | Archive Site: ftp://ftp.internic.net/domain/named.root | 1159 | Archive Site: ftp://ftp.internic.net/domain/named.root | |
1160 | Home Page: ftp://ftp.internic.net/domain/named.root | 1160 | Home Page: ftp://ftp.internic.net/domain/named.root | |
1161 | Mailing List: | 1161 | Mailing List: | |
1162 | Responsible: thorpej | 1162 | Responsible: thorpej | |
1163 | License: Public domain | 1163 | License: Public domain | |
1164 | Location: etc/namedb | 1164 | Location: etc/namedb | |
1165 | Notes: | 1165 | Notes: | |
1166 | The root server cache is also included with BIND. However, the | 1166 | The root server cache is also included with BIND. However, the | |
1167 | InterNIC version is usually more up to date. | 1167 | InterNIC version is usually more up to date. | |
1168 | 1168 | |||
1169 | Package: routed | 1169 | Package: routed | |
1170 | Version: 2.32 | 1170 | Version: 2.32 | |
1171 | Current Vers: 2.32 | 1171 | Current Vers: 2.32 | |
1172 | Maintainer: Vernon Schryver <vjs@rhyolite.com> | 1172 | Maintainer: Vernon Schryver <vjs@rhyolite.com> | |
1173 | Archive Site: ftp://ftp.rhyolite.com/src/ | 1173 | Archive Site: ftp://ftp.rhyolite.com/src/ | |
1174 | Home Page: http://www.rhyolite.com/src/ | 1174 | Home Page: http://www.rhyolite.com/src/ | |
1175 | Mailing List: | 1175 | Mailing List: | |
1176 | Responsible: christos | 1176 | Responsible: christos | |
1177 | License: BSD (4-clause) | 1177 | License: BSD (4-clause) | |
1178 | Location: sbin/routed | 1178 | Location: sbin/routed | |
1179 | Notes: | 1179 | Notes: | |
1180 | We use the md5 code from libc | 1180 | We use the md5 code from libc | |
1181 | We don't allow RIP_TRACEON and RIP_TRACEOFF | 1181 | We don't allow RIP_TRACEON and RIP_TRACEOFF | |
1182 | We use arc4random | 1182 | We use arc4random | |
1183 | We use strlcpy/snprintf | 1183 | We use strlcpy/snprintf | |
1184 | 1184 | |||
1185 | Package: send-pr (part of GNATS) | 1185 | Package: send-pr (part of GNATS) | |
1186 | Version: 3.95 | 1186 | Version: 3.95 | |
1187 | Current Vers: 4.1 | 1187 | Current Vers: 4.1 | |
1188 | Maintainer: FSF | 1188 | Maintainer: FSF | |
1189 | Archive Site: ftp://ftp.gnu.org/gnu/gnats/ | 1189 | Archive Site: ftp://ftp.gnu.org/gnu/gnats/ | |
1190 | Home Page: http://www.gnu.org/software/gnats/ | 1190 | Home Page: http://www.gnu.org/software/gnats/ | |
1191 | Mailing List: bug-gnats@gnu.org | 1191 | Mailing List: bug-gnats@gnu.org | |
1192 | License: GPLv2 | 1192 | License: GPLv2 | |
1193 | Responsible: | 1193 | Responsible: | |
1194 | Location: gnu/usr.bin/send-pr | 1194 | Location: gnu/usr.bin/send-pr | |
1195 | Notes: | 1195 | Notes: | |
1196 | 1196 | |||
1197 | Package: SoftFloat | 1197 | Package: SoftFloat | |
1198 | Version: 2a | 1198 | Version: 2a | |
1199 | Current Vers: 2b | 1199 | Current Vers: 2b | |
1200 | Maintainer: John Hauser <jhauser@jhauser.us> | 1200 | Maintainer: John Hauser <jhauser@jhauser.us> | |
1201 | Archive Site: http://www.jhauser.us/arithmetic/SoftFloat.html | 1201 | Archive Site: http://www.jhauser.us/arithmetic/SoftFloat.html | |
1202 | Home Page: http://www.jhauser.us/arithmetic/SoftFloat.html | 1202 | Home Page: http://www.jhauser.us/arithmetic/SoftFloat.html | |
1203 | Mailing List: | 1203 | Mailing List: | |
1204 | Responsible: bjh21 | 1204 | Responsible: bjh21 | |
1205 | License: Public domain | 1205 | License: Public domain | |
1206 | Location: lib/libc/softfloat | 1206 | Location: lib/libc/softfloat | |
1207 | Notes: | 1207 | Notes: | |
1208 | Heavily modified for use as a soft float library for GCC. The actual | 1208 | Heavily modified for use as a soft float library for GCC. The actual | |
1209 | arithmetic code is unchanged, though, and should behave exactly like the | 1209 | arithmetic code is unchanged, though, and should behave exactly like the | |
1210 | original. | 1210 | original. | |
1211 | 1211 | |||
1212 | Package: sqlite | 1212 | Package: sqlite | |
1213 | Version: 3.8.3.1 | 1213 | Version: 3.8.3.1 | |
1214 | Current Vers: 3.8.3.1 | 1214 | Current Vers: 3.8.3.1 | |
1215 | Maintainer: Richard Hipp <drh@sqlite.org> | 1215 | Maintainer: Richard Hipp <drh@sqlite.org> | |
1216 | Home Page: http://www.sqlite.org | 1216 | Home Page: http://www.sqlite.org | |
1217 | Responsible: joerg | 1217 | Responsible: joerg | |
1218 | License: Public domain | 1218 | License: Public domain | |
1219 | Location: external/public-domain/sqlite/dist | 1219 | Location: external/public-domain/sqlite/dist | |
1220 | Notes: | 1220 | Notes: | |
1221 | Run cleantags before inporting because sqlite3.c has an RCSID | 1221 | Run cleantags before inporting because sqlite3.c has an RCSID | |
1222 | 1222 | |||
1223 | Package: tcpdump | 1223 | Package: tcpdump | |
1224 | Version: 4.5.1 | 1224 | Version: 4.5.1 | |
1225 | Current Vers: 4.5.1 | 1225 | Current Vers: 4.5.1 | |
1226 | Maintainer: tcpdump-workers@lists.tcpdump.org | 1226 | Maintainer: tcpdump-workers@lists.tcpdump.org | |
1227 | Archive Site: http://www.tcpdump.org/release/ | 1227 | Archive Site: http://www.tcpdump.org/release/ | |
1228 | Home Page: http://www.tcpdump.org/ | 1228 | Home Page: http://www.tcpdump.org/ | |
1229 | Mailing List: tcpdump-workers@lists.tcpdump.org | 1229 | Mailing List: tcpdump-workers@lists.tcpdump.org | |
1230 | Responsible: | 1230 | Responsible: | |
1231 | License: BSD (3-clause) | 1231 | License: BSD (3-clause) | |
1232 | Location: external/bsd/tcpdump/dist | 1232 | Location: external/bsd/tcpdump/dist | |
1233 | Notes: | 1233 | Notes: | |
1234 | Use the src/external/bsd/tcpdump/tcpdump2netbsd script to prepare source | 1234 | Use the src/external/bsd/tcpdump/tcpdump2netbsd script to prepare source | |
1235 | tree. | 1235 | tree. | |
1236 | 1236 | |||
1237 | Package: TestFloat | 1237 | Package: TestFloat | |
1238 | Version: 2a | 1238 | Version: 2a | |
1239 | Current Vers: 2a | 1239 | Current Vers: 2a | |
1240 | Maintainer: John Hauser <jhauser@jhauser.us> | 1240 | Maintainer: John Hauser <jhauser@jhauser.us> | |
1241 | Archive Site: http://www.jhauser.us/arithmetic/TestFloat.html | 1241 | Archive Site: http://www.jhauser.us/arithmetic/TestFloat.html | |
1242 | Home Page: http://www.jhauser.us/arithmetic/TestFloat.html | 1242 | Home Page: http://www.jhauser.us/arithmetic/TestFloat.html | |
1243 | Mailing List: | 1243 | Mailing List: | |
1244 | Responsible: ross | 1244 | Responsible: ross | |
1245 | License: BSD (4-clause) | 1245 | License: BSD (4-clause) | |
1246 | Location: regress/lib/libc/ieeefp/testfloat | 1246 | Location: regress/lib/libc/ieeefp/testfloat | |
1247 | Notes: | 1247 | Notes: | |
1248 | 1248 | |||
1249 | Package: texinfo | 1249 | Package: texinfo | |
1250 | Version: 4.8 | 1250 | Version: 4.8 | |
1251 | Current Vers: 5.2 | 1251 | Current Vers: 5.2 | |
1252 | Maintainer: FSF | 1252 | Maintainer: FSF | |
1253 | Archive Site: ftp://ftp.gnu.org/gnu/texinfo/ | 1253 | Archive Site: ftp://ftp.gnu.org/gnu/texinfo/ | |
1254 | Home Page: http://www.gnu.org/software/texinfo/ | 1254 | Home Page: http://www.gnu.org/software/texinfo/ | |
1255 | Mailing List: bug-texinfo@gnu.org | 1255 | Mailing List: bug-texinfo@gnu.org | |
1256 | Responsible: | 1256 | Responsible: | |
1257 | License: GPLv2+ (4.8), GPLv3+ (4.9 and later) | 1257 | License: GPLv2+ (4.8), GPLv3+ (4.9 and later) | |
1258 | Location: gnu/dist/texinfo | 1258 | Location: gnu/dist/texinfo | |
1259 | Notes: | 1259 | Notes: | |
1260 | Use src/gnu/dist/texinfo/texinfo2netbsd for preparing the source tree | 1260 | Use src/gnu/dist/texinfo/texinfo2netbsd for preparing the source tree | |
1261 | for the import. | 1261 | for the import. | |
1262 | 1262 | |||
1263 | Package: tmux | 1263 | Package: tmux | |
1264 | Version: 1.9a | 1264 | Version: 1.9a | |
1265 | Current Vers: 1.9a | 1265 | Current Vers: 1.9a | |
1266 | Maintainer: Nicholas Marriott <nicm@users.sourceforge.net> | 1266 | Maintainer: Nicholas Marriott <nicm@users.sourceforge.net> | |
1267 | Archive site: http://downloads.sourceforge.net/tmux/ | 1267 | Archive site: http://downloads.sourceforge.net/tmux/ | |
1268 | Home page: http://tmux.sourceforge.net/ | 1268 | Home page: http://tmux.sourceforge.net/ | |
1269 | Mailing List: tmux-users@lists.sourceforge.net | 1269 | Mailing List: tmux-users@lists.sourceforge.net | |
1270 | Responsible: jmmv | 1270 | Responsible: jmmv | |
1271 | License: BSD | 1271 | License: BSD | |
1272 | Location: external/bsd/tmux/dist | 1272 | Location: external/bsd/tmux/dist | |
1273 | Notes: | 1273 | Notes: | |
1274 | See src/external/bsd/tmux/README for instructions on how to import a | 1274 | See src/external/bsd/tmux/README for instructions on how to import a | |
1275 | new tmux release. | 1275 | new tmux release. | |
1276 | 1276 | |||
1277 | Package: top | 1277 | Package: top | |
1278 | Version: 3.8beta1 | 1278 | Version: 3.8beta1 | |
1279 | Current Vers: 3.8beta1 | 1279 | Current Vers: 3.8beta1 | |
1280 | Maintainer: William LeFebvre <wnl@groupsys.com> | 1280 | Maintainer: William LeFebvre <wnl@groupsys.com> | |
1281 | Archive Site: http://www.unixtop.org/dist/top-3.8beta1.tar.gz | 1281 | Archive Site: http://www.unixtop.org/dist/top-3.8beta1.tar.gz | |
1282 | Home Page: http://www.unixtop.org/ | 1282 | Home Page: http://www.unixtop.org/ | |
1283 | Mailing List: top-spinners@ocee.groupsys.com | 1283 | Mailing List: top-spinners@ocee.groupsys.com | |
1284 | Responsible: simonb, christos | 1284 | Responsible: simonb, christos | |
1285 | License: BSD (2-clause) | 1285 | License: BSD (2-clause) | |
1286 | Location: external/bsd/top/dist | 1286 | Location: external/bsd/top/dist | |
1287 | Notes: | 1287 | Notes: | |
1288 | 1288 | |||
1289 | Package: traceroute | 1289 | Package: traceroute | |
1290 | Version: 1.4a12 | 1290 | Version: 1.4a12 | |
1291 | Current Vers: 1.4a12 | 1291 | Current Vers: 1.4a12 | |
1292 | Maintainer: traceroute@ee.lbl.gov | 1292 | Maintainer: traceroute@ee.lbl.gov | |
1293 | Archive Site: ftp://ftp.ee.lbl.gov/ | 1293 | Archive Site: ftp://ftp.ee.lbl.gov/ | |
1294 | Home Page: http://ftp.ee.lbl.gov/ | 1294 | Home Page: http://ftp.ee.lbl.gov/ | |
1295 | Mailing List: | 1295 | Mailing List: | |
1296 | Responsible: | 1296 | Responsible: | |
1297 | License: BSD (4-clause) | 1297 | License: BSD (4-clause) | |
1298 | Location: usr.sbin/traceroute | 1298 | Location: usr.sbin/traceroute | |
1299 | Notes: | 1299 | Notes: | |
1300 | Added changes from a5 -> a12 manually. | 1300 | Added changes from a5 -> a12 manually. | |
1301 | 1301 | |||
1302 | Package: tz | 1302 | Package: tz | |
1303 | Version: tzcode2014j / tzdata2014j | 1303 | Version: tzcode2014j / tzdata2014j | |
1304 | Current Vers: tzcode2014j / tzdata2014j | 1304 | Current Vers: tzcode2014j / tzdata2014j | |
1305 | Maintainer: Paul Eggert <eggert@cs.ucla.edu> | 1305 | Maintainer: Paul Eggert <eggert@cs.ucla.edu> | |
1306 | Archive Site: ftp://ftp.iana.org/tz/releases/ | 1306 | Archive Site: ftp://ftp.iana.org/tz/releases/ | |
1307 | Archive Site: ftp://munnari.oz.au/pub/oldtz/ | 1307 | Archive Site: ftp://munnari.oz.au/pub/oldtz/ | |
1308 | Old Archive Site: ftp://elsie.nci.nih.gov/pub/ | 1308 | Old Archive Site: ftp://elsie.nci.nih.gov/pub/ | |
1309 | Home Page: http://www.iana.org/time-zones | 1309 | Home Page: http://www.iana.org/time-zones | |
1310 | Mailing List: tz@iana.org | 1310 | Mailing List: tz@iana.org | |
1311 | Responsible: kleink, christos, apb | 1311 | Responsible: kleink, christos, apb | |
1312 | License: Public domain | 1312 | License: Public domain | |
1313 | Location: lib/libc/time/zoneinfo, external/public-domain/tz/share | 1313 | Location: lib/libc/time/zoneinfo, external/public-domain/tz/share | |
1314 | Notes: | 1314 | Notes: | |
1315 | Don't use src/lib/libc/time/tzcode2netbsd to prepare the source tree for import. | 1315 | Don't use src/lib/libc/time/tzcode2netbsd to prepare the source tree for import. | |
1316 | Diffs are now applied by hand, since we have too many diffs (re-entrant tzcode, | 1316 | Diffs are now applied by hand, since we have too many diffs (re-entrant tzcode, | |
1317 | register removal) to apply. The diffs have been submitted upstream but there | 1317 | register removal) to apply. The diffs have been submitted upstream but there | |
1318 | is too much inertia to apply them. Check for .gitignore files. | 1318 | is too much inertia to apply them. Check for .gitignore files. | |
1319 | For the data files, do use external/public-domain/tz/tzdata2netbsd. | 1319 | For the data files, do use external/public-domain/tz/tzdata2netbsd. | |
1320 | 1320 | |||
1321 | Package: wpa_supplicant/hostapd | 1321 | Package: wpa_supplicant/hostapd | |
1322 | Version: 2.0 | 1322 | Version: 2.0 | |
1323 | Current Vers: 2.2 | 1323 | Current Vers: 2.2 | |
1324 | Maintainer: Jouni Malinen <jkmaline@cc.hut.fi> | 1324 | Maintainer: Jouni Malinen <jkmaline@cc.hut.fi> | |
1325 | Archive Site: http://hostap.epitest.fi/releases/ | 1325 | Archive Site: http://hostap.epitest.fi/releases/ | |
1326 | Home Page: http://hostap.epitest.fi/wpa_supplicant/ | 1326 | Home Page: http://hostap.epitest.fi/wpa_supplicant/ | |
1327 | Mailing List: | 1327 | Mailing List: | |
1328 | Responsible: scw, dyoung, christos | 1328 | Responsible: scw, dyoung, christos | |
1329 | License: BSD or GPLv2 | 1329 | License: BSD or GPLv2 | |
1330 | Location: external/bsd/wpa/dist | 1330 | Location: external/bsd/wpa/dist | |
1331 | Notes: | 1331 | Notes: | |
1332 | See /usr/src/external/bsd/wpa/NetBSD-upgrade for update instructions. | 1332 | See /usr/src/external/bsd/wpa/NetBSD-upgrade for update instructions. | |
1333 | 1333 | |||
1334 | Package: XFree86 | 1334 | Package: XFree86 | |
1335 | Version: 4.5.0 | 1335 | Version: 4.5.0 | |
1336 | Current Vers: 4.8.0 | 1336 | Current Vers: 4.8.0 | |
1337 | Maintainer: XFree86 Project, Inc. | 1337 | Maintainer: XFree86 Project, Inc. | |
1338 | Archive Site: ftp://ftp.xfree86.org/pub/XFree86/ | 1338 | Archive Site: ftp://ftp.xfree86.org/pub/XFree86/ | |
1339 | Home Page: http://www.xfree86.org/ | 1339 | Home Page: http://www.xfree86.org/ | |
1340 | Mailing List: devel@xfree86.org | 1340 | Mailing List: devel@xfree86.org | |
1341 | Responsible: tron | 1341 | Responsible: tron | |
1342 | License: XFree | 1342 | License: XFree | |
1343 | Location: (xsrc) | 1343 | Location: (xsrc) | |
1344 | Notes: | 1344 | Notes: | |
1345 | 4.x: | 1345 | 4.x: | |
1346 | Only X4??src-1 to X4??src-6 were imported. X4??src-7 contains postscript | 1346 | Only X4??src-1 to X4??src-6 were imported. X4??src-7 contains postscript | |
1347 | files which we don't need in our tree. | 1347 | files which we don't need in our tree. | |
1348 | ALL changes must be sent back to the XFree86 repository. Patches should | 1348 | ALL changes must be sent back to the XFree86 repository. Patches should | |
1349 | be submitted back via http://bugzilla.xfree86.org. | 1349 | be submitted back via http://bugzilla.xfree86.org. | |
1350 | 1350 | |||
1351 | Package: zlib | 1351 | Package: zlib | |
1352 | Version: 1.2.3 | 1352 | Version: 1.2.3 | |
1353 | Current Vers: 1.2.8 | 1353 | Current Vers: 1.2.8 | |
1354 | Maintainer: Jean-loup Gailly and Mark Adler <zlib@gzip.org> | 1354 | Maintainer: Jean-loup Gailly and Mark Adler <zlib@gzip.org> | |
1355 | Archive Site: http://www.zlib.net/ | 1355 | Archive Site: http://www.zlib.net/ | |
1356 | Home Page: http://www.zlib.net/ | 1356 | Home Page: http://www.zlib.net/ | |
1357 | Mailing List: | 1357 | Mailing List: | |
1358 | Responsible: gwr, tron, christos | 1358 | Responsible: gwr, tron, christos | |
1359 | License: BSD (3-clause) | 1359 | License: BSD (3-clause) | |
1360 | Location: common/dist/zlib | 1360 | Location: common/dist/zlib | |
1361 | Notes: | 1361 | Notes: | |
1362 | Imported to src/common/dist/zlib and shared by the kernel and userland. | 1362 | Imported to src/common/dist/zlib and shared by the kernel and userland. | |
1363 | 1363 | |||
1364 | Package: services, protocols | 1364 | Package: services, protocols | |
1365 | Version: 2013-02-21 (services), 2013-02-17 (protocols) | 1365 | Version: 2013-02-21 (services), 2013-02-17 (protocols) | |
1366 | Current Vers: 2013-11-27 (services), 2013-11-12 (protocols) | 1366 | Current Vers: 2013-11-27 (services), 2013-11-12 (protocols) | |
1367 | Maintainer: IANA | 1367 | Maintainer: IANA | |
1368 | Archive Site: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt (services) | 1368 | Archive Site: http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt (services) | |
1369 | Archive Site: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.txt (protocols) | 1369 | Archive Site: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.txt (protocols) | |
1370 | Home Page: http://www.iana.org/ | 1370 | Home Page: http://www.iana.org/ | |
1371 | Mailing List: | 1371 | Mailing List: | |
1372 | Responsible: christos | 1372 | Responsible: christos | |
1373 | License: None | 1373 | License: None | |
1374 | Location: etc | 1374 | Location: etc | |
1375 | Notes: | 1375 | Notes: | |
1376 | 1. Build package net/iana-etc | 1376 | 1. Build package net/iana-etc | |
1377 | 2. Add NetBSD rcsid to the generated protocols and services in the package | 1377 | 2. Add NetBSD rcsid to the generated protocols and services in the package | |
1378 | work area. | 1378 | work area. | |
1379 | 3. Append the local services from the current services file. | 1379 | 3. Append the local services from the current services file. | |
1380 | 4. Run: | 1380 | 4. Run: | |
1381 | services_mkdb -u services > /usr/src/etc/services | 1381 | services_mkdb -u services > /usr/src/etc/services | |
1382 | cp protocols /usr/src/etc/protocols | 1382 | cp protocols /usr/src/etc/protocols | |
1383 | 5. Fix protocols | 1383 | 5. Fix protocols | |
1384 | - fix manet alias to MANET; giving an alias with the same name is a no/op | 1384 | - fix manet alias to MANET; giving an alias with the same name is a no/op | |
1385 | - protocol 84 is defined for as ttp and iptm, merge the two entries since | 1385 | - protocol 84 is defined for as ttp and iptm, merge the two entries since | |
1386 | libc getprotoent() does not read the whole file and merge in the "files" | 1386 | libc getprotoent() does not read the whole file and merge in the "files" | |
1387 | implementation. | 1387 | implementation. | |
1388 | 1388 | |||
1389 | Package: pigz | 1389 | Package: pigz | |
1390 | Version: 2.3.1 | 1390 | Version: 2.3.1 | |
1391 | Current Vers: 2.3.1 | 1391 | Current Vers: 2.3.1 | |
1392 | Maintainer: Mark Adler <madler@alumni.caltech.edu> | 1392 | Maintainer: Mark Adler <madler@alumni.caltech.edu> | |
1393 | Archive Site: http://zlib.net/pigz/ | 1393 | Archive Site: http://zlib.net/pigz/ | |
1394 | Home Page: http://zlib.net/pigz/ | 1394 | Home Page: http://zlib.net/pigz/ | |
1395 | Mailing List: http://mail.zlib.net/mailman/listinfo/pigz-announce_zlib.net | 1395 | Mailing List: http://mail.zlib.net/mailman/listinfo/pigz-announce_zlib.net | |
1396 | Responsible: mrg, tls | 1396 | Responsible: mrg, tls | |
1397 | License: zlib | 1397 | License: zlib | |
1398 | Location: external/zlib/pigz/dist | 1398 | Location: external/zlib/pigz/dist | |
1399 | Notes: | 1399 | Notes: | |
1400 | 1400 | |||
1401 | Package: xz | 1401 | Package: xz | |
1402 | Version: 5.0.0 | 1402 | Version: 5.0.0 | |
1403 | Current Vers: 5.0.5 (stable) / 5.1.3alpha (devel) | 1403 | Current Vers: 5.0.5 (stable) / 5.1.3alpha (devel) | |
1404 | Maintainer: Lasse Collin <lasse.collin@tukanni.org> | 1404 | Maintainer: Lasse Collin <lasse.collin@tukanni.org> | |
1405 | Archive Site: http://tukaani.org/xz/ | 1405 | Archive Site: http://tukaani.org/xz/ | |
1406 | Home Page: http://tukaani.org/xz/ | 1406 | Home Page: http://tukaani.org/xz/ | |
1407 | Responsible: joerg | 1407 | Responsible: joerg | |
1408 | License: public-domain | 1408 | License: public-domain | |
1409 | Location: external/public-domain/xz/dist | 1409 | Location: external/public-domain/xz/dist | |
1410 | Notes: | 1410 | Notes: | |
1411 | 1. See prepare-import script for stripping down the distribution. | 1411 | 1. See prepare-import script for stripping down the distribution. | |
1412 | 2. Update configure.ac and use it to generate include/config.h. | 1412 | 2. Update configure.ac and use it to generate include/config.h. | |
1413 | 3. Carefully check for GPL components leaked into the dist area. | 1413 | 3. Carefully check for GPL components leaked into the dist area. | |
1414 | 1414 | |||
1415 | Package: mpc | 1415 | Package: mpc | |
1416 | Version: 1.0.1 | 1416 | Version: 1.0.1 | |
1417 | Current Vers: 1.0.1 | 1417 | Current Vers: 1.0.1 | |
1418 | Maintainer: | 1418 | Maintainer: | |
1419 | Archive Site: http://www.multiprecision.org/mpc/download/ | 1419 | Archive Site: http://www.multiprecision.org/mpc/download/ | |
1420 | Home Page: http://www.multiprecision.org/mpc/ | 1420 | Home Page: http://www.multiprecision.org/mpc/ | |
1421 | Mailing List: http://www.multiprecision.org/index.php?prog=mpc&page=development | 1421 | Mailing List: http://www.multiprecision.org/index.php?prog=mpc&page=development | |
1422 | Responsible: mrg | 1422 | Responsible: mrg | |
1423 | License: LGPL3 | 1423 | License: LGPL3 | |
1424 | Location: external/lgpl3/mpc/dist | 1424 | Location: external/lgpl3/mpc/dist | |
1425 | Notes: | 1425 | Notes: | |
1426 | 1426 | |||
1427 | Package: mpfr | 1427 | Package: mpfr | |
1428 | Version: 3.1.2 | 1428 | Version: 3.1.2 | |
1429 | Current Vers: 3.1.2 | 1429 | Current Vers: 3.1.2 | |
1430 | Maintainer: | 1430 | Maintainer: | |
1431 | Archive Site: http://www.mpfr.org/mpfr-current/ | 1431 | Archive Site: http://www.mpfr.org/mpfr-current/ | |
1432 | Home Page: http://www.mpfr.org/ | 1432 | Home Page: http://www.mpfr.org/ | |
1433 | Mailing List: http://websympa.loria.fr/wwsympa/arc/mpfr-announce | 1433 | Mailing List: http://websympa.loria.fr/wwsympa/arc/mpfr-announce | |
1434 | Responsible: mrg | 1434 | Responsible: mrg | |
1435 | License: LGPL3 | 1435 | License: LGPL3 | |
1436 | Location: external/lgpl3/mpfr/dist | 1436 | Location: external/lgpl3/mpfr/dist | |
1437 | Notes: | 1437 | Notes: | |
1438 | 1438 | |||
1439 | Package: GNU MP | 1439 | Package: GNU MP | |
1440 | Version: 5.1.3 | 1440 | Version: 5.1.3 | |
1441 | Current Vers: 5.1.3 | 1441 | Current Vers: 5.1.3 | |
1442 | Maintainer: http://gmplib.org/mailman/listinfo/gmp-devel | 1442 | Maintainer: http://gmplib.org/mailman/listinfo/gmp-devel | |
1443 | Archive Site: http://gmplib.org/ | 1443 | Archive Site: http://gmplib.org/ | |
1444 | Home Page: http://gmplib.org/ | 1444 | Home Page: http://gmplib.org/ | |
1445 | Mailing List: http://gmplib.org/mailman/listinfo/gmp-announce | 1445 | Mailing List: http://gmplib.org/mailman/listinfo/gmp-announce | |
1446 | Responsible: mrg | 1446 | Responsible: mrg | |
1447 | License: LGPL3 | 1447 | License: LGPL3 | |
1448 | Location: external/lgpl3/gmp/dist | 1448 | Location: external/lgpl3/gmp/dist | |
1449 | Notes: | 1449 | Notes: | |
1450 | 1450 | |||
1451 | Package: osnet | 1451 | Package: osnet | |
1452 | Version: osnet-20100224 | 1452 | Version: osnet-20100224 | |
1453 | Current Vers: ? | 1453 | Current Vers: ? | |
1454 | Maintainer: ? | 1454 | Maintainer: ? | |
1455 | Archive Site: ? | 1455 | Archive Site: ? | |
1456 | Home Page: ? | 1456 | Home Page: ? | |
1457 | Mailing List: ? | 1457 | Mailing List: ? | |
1458 | Responsible: ? | 1458 | Responsible: ? | |
1459 | License: CDDL | 1459 | License: CDDL | |
1460 | Location: external/cddl/osnet | 1460 | Location: external/cddl/osnet | |
1461 | Notes: | 1461 | Notes: | |
1462 | 1462 | |||
1463 | Package: sljit | 1463 | Package: sljit | |
1464 | Version: 0.91 (svn revision 257) | 1464 | Version: 0.91 (svn revision 257) | |
1465 | Current Vers: svn revision 268 | 1465 | Current Vers: svn revision 268 | |
1466 | Maintainer: Zoltán Herczeg <hzmester@freemail.hu | 1466 | Maintainer: Zoltán Herczeg <hzmester@freemail.hu | |
1467 | Archive Site: http://sourceforge.net/projects/sljit/ | 1467 | Archive Site: http://sourceforge.net/projects/sljit/ | |
1468 | Home Page: http://sljit.sourceforge.net/ | 1468 | Home Page: http://sljit.sourceforge.net/ | |
1469 | Mailing List: none | 1469 | Mailing List: none | |
1470 | Responsible: alnsn | 1470 | Responsible: alnsn | |
1471 | License: BSD (2-clause) | 1471 | License: BSD (2-clause) | |
1472 | Location: sys/external/bsd/sljit/dist | 1472 | Location: sys/external/bsd/sljit/dist | |
1473 | Notes: | 1473 | Notes: | |
1474 | Need to feed back local changes | 1474 | Need to feed back local changes | |
1475 | 1475 | |||
1476 | Package: tre | 1476 | Package: tre | |
1477 | Version: 0.8.0 | 1477 | Version: 0.8.0 | |
1478 | Current Vers: 0.8.0 | 1478 | Current Vers: 0.8.0 | |
1479 | Maintainer: http://laurikari.net/tre | 1479 | Maintainer: http://laurikari.net/tre | |
1480 | Archive Site: http://laurikari.net/tre | 1480 | Archive Site: http://laurikari.net/tre | |
1481 | Home Page: http://laurikari.net/tre | 1481 | Home Page: http://laurikari.net/tre | |
1482 | Mailing List: | 1482 | Mailing List: | |
1483 | Responsible: agc, christos | 1483 | Responsible: agc, christos | |
1484 | License: BSD (2-clause) | 1484 | License: BSD (2-clause) | |
1485 | Location: external/bsd/tre/dist | 1485 | Location: external/bsd/tre/dist | |
1486 | Notes: | 1486 | Notes: | |
1487 | Need to feed back local changes | 1487 | Need to feed back local changes | |
1488 | 1488 | |||
1489 | Package: TrouSerS | 1489 | Package: TrouSerS | |
1490 | Version: 0.3.8 | 1490 | Version: 0.3.8 | |
1491 | Current Vers: 0.3.8 | 1491 | Current Vers: 0.3.8 | |
1492 | Maintainer: http://trousers.sourceforge.net | 1492 | Maintainer: http://trousers.sourceforge.net | |
1493 | Archive Site: http://trousers.sourceforge.net | 1493 | Archive Site: http://trousers.sourceforge.net | |
1494 | Home Page: http://trousers.sourceforge.net | 1494 | Home Page: http://trousers.sourceforge.net | |
1495 | Mailing List: http://trousers.sourceforge.net | 1495 | Mailing List: http://trousers.sourceforge.net | |
1496 | Responsible: christos | 1496 | Responsible: christos | |
1497 | License: CPL | 1497 | License: CPL | |
1498 | Location: crypto/external/cpl/trousers/dist | 1498 | Location: crypto/external/cpl/trousers/dist | |
1499 | Notes: | 1499 | Notes: | |
1500 | Need to feed back local changes | 1500 | Need to feed back local changes | |
1501 | 1501 | |||
1502 | Package: tpm-tools | 1502 | Package: tpm-tools | |
1503 | Version: 1.3.7.1 | 1503 | Version: 1.3.7.1 | |
1504 | Current Vers: 1.3.7.1 | 1504 | Current Vers: 1.3.7.1 | |
1505 | Maintainer: http://trousers.sourceforge.net | 1505 | Maintainer: http://trousers.sourceforge.net | |
1506 | Archive Site: http://trousers.sourceforge.net | 1506 | Archive Site: http://trousers.sourceforge.net | |
1507 | Home Page: http://trousers.sourceforge.net | 1507 | Home Page: http://trousers.sourceforge.net | |
1508 | Mailing List: http://trousers.sourceforge.net | 1508 | Mailing List: http://trousers.sourceforge.net | |
1509 | Responsible: christos | 1509 | Responsible: christos | |
1510 | License: CPL | 1510 | License: CPL | |
1511 | Location: crypto/external/cpl/tpm-tools/dist | 1511 | Location: crypto/external/cpl/tpm-tools/dist | |
1512 | Notes: | 1512 | Notes: | |
1513 | Need to feed back local changes | 1513 | Need to feed back local changes | |
1514 | 1514 | |||
1515 | Package: elftoolchain (libelf/libdwarf) | 1515 | Package: elftoolchain (libelf/libdwarf) | |
1516 | Version: FreeBSD-2014-03-08 | 1516 | Version: FreeBSD-2014-03-08 | |
1517 | Current Vers: FreeBSD-XXXX-YY-ZZ | 1517 | Current Vers: FreeBSD-XXXX-YY-ZZ | |
1518 | Maintainer: Joseph Koshi <jkoshi@freebsd.org> | 1518 | Maintainer: Joseph Koshi <jkoshi@freebsd.org> | |
1519 | Archive Site: none | 1519 | Archive Site: none | |
1520 | Home Page: none | 1520 | Home Page: none | |
1521 | Mailing List: none | 1521 | Mailing List: none | |
1522 | Responsible: christos | 1522 | Responsible: christos | |
1523 | License: BSD-like (2-clause) | 1523 | License: BSD-like (2-clause) | |
1524 | Location: sys/external/bsd/elftoolchain/dist | 1524 | Location: sys/external/bsd/elftoolchain/dist | |
1525 | Notes: | 1525 | Notes: | |
1526 | Run prepare-import.sh; next time use svn id. | 1526 | Run prepare-import.sh; next time use svn id. | |
1527 | 1527 | |||
1528 | Package: smbfs | 1528 | Package: smbfs | |
1529 | Version: smbfs-1.4.1.tar.gz + FreeBSD-2003-02-16 | 1529 | Version: smbfs-1.4.1.tar.gz + FreeBSD-2003-02-16 | |
1530 | Current Vers: FreeBSD-XXXX-YY-ZZ | 1530 | Current Vers: FreeBSD-XXXX-YY-ZZ | |
1531 | Maintainer: Boris Popov <bp@FreeBSD.org> | 1531 | Maintainer: Boris Popov <bp@FreeBSD.org> | |
1532 | Archive Site: none | 1532 | Archive Site: none | |
1533 | Home Page: http://people.freebsd.org/~bp/pub/smbfs/smbfs-1.4.1.tar.gz | 1533 | Home Page: http://people.freebsd.org/~bp/pub/smbfs/smbfs-1.4.1.tar.gz | |
1534 | Mailing List: ? | 1534 | Mailing List: ? | |
1535 | Responsible: christos | 1535 | Responsible: christos | |
1536 | License: BSD-like (4-clause) | 1536 | License: BSD-like (4-clause) | |
1537 | Location: external/bsd/smbfs | 1537 | Location: external/bsd/smbfs | |
1538 | Notes: | 1538 | Notes: | |
1539 | The kernel portion has been removed from the tar file. | 1539 | The kernel portion has been removed from the tar file. | |
1540 | Our kernel smbfs and netsmb directories could move to | 1540 | Our kernel smbfs and netsmb directories could move to | |
1541 | external, but this is just make-work. | 1541 | external, but this is just make-work. | |
1542 | 1542 | |||
1543 | Package: timeout | 1543 | Package: timeout | |
1544 | Version: FreeBSD-2014-08-01 | 1544 | Version: FreeBSD-2014-08-01 | |
1545 | Current Vers: FreeBSD-XXXX-YY-ZZ | 1545 | Current Vers: FreeBSD-XXXX-YY-ZZ | |
1546 | Maintainer: Baptiste Daroussin <bapt@FreeBSD.org> | 1546 | Maintainer: Baptiste Daroussin <bapt@FreeBSD.org> | |
1547 | Archive Site: none | 1547 | Archive Site: none | |
1548 | Home Page: none | 1548 | Home Page: none | |
1549 | Mailing List: none | 1549 | Mailing List: none | |
1550 | Responsible: christos | 1550 | Responsible: christos | |
1551 | License: BSD-like (2-clause) | 1551 | License: BSD-like (2-clause) | |
1552 | Location: usr.bin/timeout | 1552 | Location: usr.bin/timeout |
--- src/external/ibm-public/postfix/dist/HISTORY 2015/01/27 08:14:03 1.1.1.21.2.1
+++ src/external/ibm-public/postfix/dist/HISTORY 2015/03/03 07:11:08 1.1.1.21.2.2
@@ -18622,999 +18622,1022 @@ Apologies for any names omitted. | @@ -18622,999 +18622,1022 @@ Apologies for any names omitted. | |||
18622 | Bugfix (introduced: 20130512): postscreen logged no "PASS | 18622 | Bugfix (introduced: 20130512): postscreen logged no "PASS | |
18623 | NEW" event when the pregreet tests were turned off and the | 18623 | NEW" event when the pregreet tests were turned off and the | |
18624 | postscreen_dnsbl_whitelist_treshold feature was turned on. | 18624 | postscreen_dnsbl_whitelist_treshold feature was turned on. | |
18625 | Reported by Rob McGee (/dev/rob0). Files: postscreen/postscreen.h, | 18625 | Reported by Rob McGee (/dev/rob0). Files: postscreen/postscreen.h, | |
18626 | postscreen/postscreen_early.c. | 18626 | postscreen/postscreen_early.c. | |
18627 | 18627 | |||
18628 | Bugfix (introduced: 20130512): postscreen panic because the | 18628 | Bugfix (introduced: 20130512): postscreen panic because the | |
18629 | logic for dnsbl result retrieval was changed. Reported by | 18629 | logic for dnsbl result retrieval was changed. Reported by | |
18630 | Noel Jones. File: postscreen/postscreen_early.c. | 18630 | Noel Jones. File: postscreen/postscreen_early.c. | |
18631 | 18631 | |||
18632 | 20130517 | 18632 | 20130517 | |
18633 | 18633 | |||
18634 | Cleanup: just like the postscreen DNS block test will use | 18634 | Cleanup: just like the postscreen DNS block test will use | |
18635 | partial scores when some DNS lookup result is unavailable, | 18635 | partial scores when some DNS lookup result is unavailable, | |
18636 | the postscreen_dnsbl_whitelist_treshold feature will now | 18636 | the postscreen_dnsbl_whitelist_treshold feature will now | |
18637 | use partial scores instead of ignoring them. File: | 18637 | use partial scores instead of ignoring them. File: | |
18638 | postscreen/postscreen_early.c. | 18638 | postscreen/postscreen_early.c. | |
18639 | 18639 | |||
18640 | 20130518 | 18640 | 20130518 | |
18641 | 18641 | |||
18642 | Bugfix (introduced: 1997): memory leak after error while | 18642 | Bugfix (introduced: 1997): memory leak after error while | |
18643 | forwarding mail through the cleanup server. Viktor found | 18643 | forwarding mail through the cleanup server. Viktor found | |
18644 | one, Wietse eliminated the rest. File: local/forward.c. | 18644 | one, Wietse eliminated the rest. File: local/forward.c. | |
18645 | 18645 | |||
18646 | Feature: posttls-finger protocol and cipher grade selection | 18646 | Feature: posttls-finger protocol and cipher grade selection | |
18647 | options. Leave protocol debug flags active across reconnects, | 18647 | options. Leave protocol debug flags active across reconnects, | |
18648 | only suppress redundant logging of the certificate details. | 18648 | only suppress redundant logging of the certificate details. | |
18649 | Viktor Dukhovni. File: posttls-finger/posttls-finger.c. | 18649 | Viktor Dukhovni. File: posttls-finger/posttls-finger.c. | |
18650 | 18650 | |||
18651 | Robustness: send SNI even when trying to reuse a DANE | 18651 | Robustness: send SNI even when trying to reuse a DANE | |
18652 | session, because a new session may be negotiated anyway. | 18652 | session, because a new session may be negotiated anyway. | |
18653 | Viktor Dukhovni. File: tls/tls_client.c. | 18653 | Viktor Dukhovni. File: tls/tls_client.c. | |
18654 | 18654 | |||
18655 | Cleanup: eliminate variable that is redundant with respect | 18655 | Cleanup: eliminate variable that is redundant with respect | |
18656 | to more authoritative state. Viktor Dukhovni. File: | 18656 | to more authoritative state. Viktor Dukhovni. File: | |
18657 | posttls-finger/posttls-finger.c. | 18657 | posttls-finger/posttls-finger.c. | |
18658 | 18658 | |||
18659 | Feature: new tls_ssl_options parameter to enable OpenSSL | 18659 | Feature: new tls_ssl_options parameter to enable OpenSSL | |
18660 | features (as opposed to tls_disable_workarounds which is | 18660 | features (as opposed to tls_disable_workarounds which is | |
18661 | disables bug workarounds that are on by default). Viktor | 18661 | disables bug workarounds that are on by default). Viktor | |
18662 | Dukhovni. Files: proto/TLS_README.html, proto/postconf.proto, | 18662 | Dukhovni. Files: proto/TLS_README.html, proto/postconf.proto, | |
18663 | src/global/mail_params.h, src/tls/tls.h, src/tls/tls_client.c, | 18663 | src/global/mail_params.h, src/tls/tls.h, src/tls/tls_client.c, | |
18664 | src/tls/tls_misc.c. | 18664 | src/tls/tls_misc.c. | |
18665 | 18665 | |||
18666 | 20130520 | 18666 | 20130520 | |
18667 | 18667 | |||
18668 | Documentation: removed resolve_null_domain from the list | 18668 | Documentation: removed resolve_null_domain from the list | |
18669 | of smtpd(8) parameters. File: smtpd/smtpd.c. | 18669 | of smtpd(8) parameters. File: smtpd/smtpd.c. | |
18670 | 18670 | |||
18671 | 20130523 | 18671 | 20130523 | |
18672 | 18672 | |||
18673 | Documentation: add cidr: and texthash: to the list of maps | 18673 | Documentation: add cidr: and texthash: to the list of maps | |
18674 | that don't have automatic change detection. File: | 18674 | that don't have automatic change detection. File: | |
18675 | proto/DATABASE_README.html. | 18675 | proto/DATABASE_README.html. | |
18676 | 18676 | |||
18677 | Documentation: define the netmask format of CIDR maps. | 18677 | Documentation: define the netmask format of CIDR maps. | |
18678 | File: proto/cidr_table. | 18678 | File: proto/cidr_table. | |
18679 | 18679 | |||
18680 | 20130530 | 18680 | 20130530 | |
18681 | 18681 | |||
18682 | Cleanup: replace alloca() with mymalloc()/myfree() for | 18682 | Cleanup: replace alloca() with mymalloc()/myfree() for | |
18683 | better error handling. Reported by Bill Parker. File: | 18683 | better error handling. Reported by Bill Parker. File: | |
18684 | util/dict_ni.c (does anyone still use this code?). | 18684 | util/dict_ni.c (does anyone still use this code?). | |
18685 | 18685 | |||
18686 | 20130531 | 18686 | 20130531 | |
18687 | 18687 | |||
18688 | Feature: tls_wildcard_matches_multiple_labels (default: | 18688 | Feature: tls_wildcard_matches_multiple_labels (default: | |
18689 | yes) to match multiple DNS labels with "*" in wildcard | 18689 | yes) to match multiple DNS labels with "*" in wildcard | |
18690 | certificates. Viktor Dukhovni. Files: proto/postconf.proto, | 18690 | certificates. Viktor Dukhovni. Files: proto/postconf.proto, | |
18691 | mantools/postlink, global/mail_params.h, tls/tls_client.c, | 18691 | mantools/postlink, global/mail_params.h, tls/tls_client.c, | |
18692 | tls/tls_misc.c. | 18692 | tls/tls_misc.c. | |
18693 | 18693 | |||
18694 | 20130607 | 18694 | 20130607 | |
18695 | 18695 | |||
18696 | Bugfix (DANE support): with multiple TLSA RR that carry "x | 18696 | Bugfix (DANE support): with multiple TLSA RR that carry "x | |
18697 | 0 0" certificates or "x 1 0" keys, Postfix failed to reset | 18697 | 0 0" certificates or "x 1 0" keys, Postfix failed to reset | |
18698 | the cert/key pointer before calling d2i_mumble(), causing | 18698 | the cert/key pointer before calling d2i_mumble(), causing | |
18699 | OpenSSL to clobber the previous cert or key. Viktor Dukhovni. | 18699 | OpenSSL to clobber the previous cert or key. Viktor Dukhovni. | |
18700 | tls/tls_dane.c. | 18700 | tls/tls_dane.c. | |
18701 | 18701 | |||
18702 | Robustness: check that TLSA-supplied certs have valid keys. | 18702 | Robustness: check that TLSA-supplied certs have valid keys. | |
18703 | It is not clear whether that check is performed in d2i(). | 18703 | It is not clear whether that check is performed in d2i(). | |
18704 | Viktor Dukhovni. tls/tls_dane.c. | 18704 | Viktor Dukhovni. tls/tls_dane.c. | |
18705 | 18705 | |||
18706 | 20130608 | 18706 | 20130608 | |
18707 | 18707 | |||
18708 | Cleanup (DANE support): be more explicit in the logging of | 18708 | Cleanup (DANE support): be more explicit in the logging of | |
18709 | object digests. Viktor Dukhovni. tls/tls_dane.c. | 18709 | object digests. Viktor Dukhovni. tls/tls_dane.c. | |
18710 | 18710 | |||
18711 | 20100613 | 18711 | 20100613 | |
18712 | 18712 | |||
18713 | Workaround: unhelpful down-stream maintainers fail to install | 18713 | Workaround: unhelpful down-stream maintainers fail to install | |
18714 | the new smtpd_relay_restrictions safety net, causing breakage | 18714 | the new smtpd_relay_restrictions safety net, causing breakage | |
18715 | that could have been avoided. We now hard-code the safety | 18715 | that could have been avoided. We now hard-code the safety | |
18716 | net instead. Files: global/mail_params.h, conf/post-install, | 18716 | net instead. Files: global/mail_params.h, conf/post-install, | |
18717 | RELEASE_NOTES_2.10. | 18717 | RELEASE_NOTES_2.10. | |
18718 | 18718 | |||
18719 | Bugfix (DANE support): when TLSA records are insecure, | 18719 | Bugfix (DANE support): when TLSA records are insecure, | |
18720 | report that none are found. Viktor Dukhovni. Files: | 18720 | report that none are found. Viktor Dukhovni. Files: | |
18721 | posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c, | 18721 | posttls-finger/posttls-finger.c, smtp/smtp_tls_policy.c, | |
18722 | tls/tls_dane.c. | 18722 | tls/tls_dane.c. | |
18723 | 18723 | |||
18724 | 20130615 | 18724 | 20130615 | |
18725 | 18725 | |||
18726 | TLS Interoperability: turn on SHA-2 digests by force. This | 18726 | TLS Interoperability: turn on SHA-2 digests by force. This | |
18727 | improves interoperability with clients and servers that | 18727 | improves interoperability with clients and servers that | |
18728 | deploy SHA-2 digests without the required support for | 18728 | deploy SHA-2 digests without the required support for | |
18729 | TLSv1.2-style digest negotiation. Based on patch by Viktor | 18729 | TLSv1.2-style digest negotiation. Based on patch by Viktor | |
18730 | Dukhovni. Files: tls/tls_client.c, tls/tls_server.c. | 18730 | Dukhovni. Files: tls/tls_client.c, tls/tls_server.c. | |
18731 | 18731 | |||
18732 | 20130616 | 18732 | 20130616 | |
18733 | 18733 | |||
18734 | Workaround: The Postfix SMTP server TLS session cache was | 18734 | Workaround: The Postfix SMTP server TLS session cache was | |
18735 | broken because OpenSSL now enables session tickets by | 18735 | broken because OpenSSL now enables session tickets by | |
18736 | default, resulting in different ticket encryption key for | 18736 | default, resulting in different ticket encryption key for | |
18737 | each smtpd(8) process. the workaround turns off session | 18737 | each smtpd(8) process. the workaround turns off session | |
18738 | tickets. In 2.11 we'll enable session tickets properly. | 18738 | tickets. In 2.11 we'll enable session tickets properly. | |
18739 | Viktor Dukhovni. File: tls/tls_server.c. | 18739 | Viktor Dukhovni. File: tls/tls_server.c. | |
18740 | 18740 | |||
18741 | Updated DANE support (trust in DNS instead of PKI). With | 18741 | Updated DANE support (trust in DNS instead of PKI). With | |
18742 | OpenSSL 1.0.2 (under development) trusted certificates don't | 18742 | OpenSSL 1.0.2 (under development) trusted certificates don't | |
18743 | need to be self-signed roots. Otherwise we use an ephemeral | 18743 | need to be self-signed roots. Otherwise we use an ephemeral | |
18744 | root certificate to sign the trust anchor. Viktor Dukhovni. | 18744 | root certificate to sign the trust anchor. Viktor Dukhovni. | |
18745 | Files: posttls-finger/posttls-finger.c, smtp/smtp_proto.c, | 18745 | Files: posttls-finger/posttls-finger.c, smtp/smtp_proto.c, | |
18746 | smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, | 18746 | smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c, | |
18747 | tls/tls_dane.c, tls/tls_fprint.c, tls/tls_misc.c, | 18747 | tls/tls_dane.c, tls/tls_fprint.c, tls/tls_misc.c, | |
18748 | tls/tls_verify.c. | 18748 | tls/tls_verify.c. | |
18749 | 18749 | |||
18750 | 20130619 | 18750 | 20130619 | |
18751 | 18751 | |||
18752 | Documentation: troff lint. Patch by ES Raymond's bot. File: | 18752 | Documentation: troff lint. Patch by ES Raymond's bot. File: | |
18753 | proto/header_checks. | 18753 | proto/header_checks. | |
18754 | 18754 | |||
18755 | Cleanup: enforce smtpd_client_recipient_rate_limit for VRFY | 18755 | Cleanup: enforce smtpd_client_recipient_rate_limit for VRFY | |
18756 | commands. File: smtpd/smtpd.c. | 18756 | commands. File: smtpd/smtpd.c. | |
18757 | 18757 | |||
18758 | 20130622 | 18758 | 20130622 | |
18759 | 18759 | |||
18760 | Bugfix: typo in the 20130613 smtpd_relay_restrictions default | 18760 | Bugfix: typo in the 20130613 smtpd_relay_restrictions default | |
18761 | setting. File: global/mail_params.h. | 18761 | setting. File: global/mail_params.h. | |
18762 | 18762 | |||
18763 | 20130623 | 18763 | 20130623 | |
18764 | 18764 | |||
18765 | Cleanup: configurable tlsmgr(8) service name. Files: | 18765 | Cleanup: configurable tlsmgr(8) service name. Files: | |
18766 | mantools/postlink, proto/postconf.proto, tls/tls_mgr.c, | 18766 | mantools/postlink, proto/postconf.proto, tls/tls_mgr.c, | |
18767 | tls/tls_misc.c, tlsproxy/tls-proxy.c, smtp/smtp.c, | 18767 | tls/tls_misc.c, tlsproxy/tls-proxy.c, smtp/smtp.c, | |
18768 | smtpd/smtpd.c. | 18768 | smtpd/smtpd.c. | |
18769 | 18769 | |||
18770 | 20130629 | 18770 | 20130629 | |
18771 | 18771 | |||
18772 | Cleanup: documentation. Files: proto/CONNECTION_CACHE_README.html, | 18772 | Cleanup: documentation. Files: proto/CONNECTION_CACHE_README.html, | |
18773 | proto/SCHEDULER_README.html. | 18773 | proto/SCHEDULER_README.html. | |
18774 | 18774 | |||
18775 | 20130708 | 18775 | 20130708 | |
18776 | 18776 | |||
18777 | Cleanup: postscreen_upstream_proxy_protocol setting. Files: | 18777 | Cleanup: postscreen_upstream_proxy_protocol setting. Files: | |
18778 | global/mail_params.h, postscreen/postscreen_endpt.c. | 18778 | global/mail_params.h, postscreen/postscreen_endpt.c. | |
18779 | 18779 | |||
18780 | 20130709 | 18780 | 20130709 | |
18781 | 18781 | |||
18782 | Cleanup: qmgr documentation clarification by Patrik Rak. | 18782 | Cleanup: qmgr documentation clarification by Patrik Rak. | |
18783 | Files: proto/SCHEDULER_README.html, qmgr/qmgr_job.c. | 18783 | Files: proto/SCHEDULER_README.html, qmgr/qmgr_job.c. | |
18784 | 18784 | |||
18785 | Cleanup: re-indented code. File: qmgr/qmgr_job.c. | 18785 | Cleanup: re-indented code. File: qmgr/qmgr_job.c. | |
18786 | 18786 | |||
18787 | Logging: minimal DNAME support. Viktor Dukhovni. dns/dns.h, | 18787 | Logging: minimal DNAME support. Viktor Dukhovni. dns/dns.h, | |
18788 | dns/dns_lookup.c, dns/dns_strtype.c, dns/test_dns_lookup.c. | 18788 | dns/dns_lookup.c, dns/dns_strtype.c, dns/test_dns_lookup.c. | |
18789 | 18789 | |||
18790 | 20130710 | 18790 | 20130710 | |
18791 | 18791 | |||
18792 | Workaround: smtp_connection_reuse_count_limit (default 0, | 18792 | Workaround: smtp_connection_reuse_count_limit (default 0, | |
18793 | i.e. unlimited) for sites that must deal with hostile | 18793 | i.e. unlimited) for sites that must deal with hostile | |
18794 | connection reuse policies. The documentation comes with a | 18794 | connection reuse policies. The documentation comes with a | |
18795 | warning that this feature introduces a "fatal attractor" | 18795 | warning that this feature introduces a "fatal attractor" | |
18796 | failure mode. Files: global/mail_params.h, mantools/postlink, | 18796 | failure mode. Files: global/mail_params.h, mantools/postlink, | |
18797 | proto/postconf.proto, smtp/smtp.c, smtp/smtp_params.c, | 18797 | proto/postconf.proto, smtp/smtp.c, smtp/smtp_params.c, | |
18798 | smtp/lmtp_params.c, smtp/smtp.h. | 18798 | smtp/lmtp_params.c, smtp/smtp.h. | |
18799 | 18799 | |||
18800 | Workaround: FreeBSD9 nroff outputs ANSI escape sequences | 18800 | Workaround: FreeBSD9 nroff outputs ANSI escape sequences | |
18801 | instead of overstrike sequences. To make matters worse, it | 18801 | instead of overstrike sequences. To make matters worse, it | |
18802 | uses the ESC[0m sequence sometimes for end-of-bold and | 18802 | uses the ESC[0m sequence sometimes for end-of-bold and | |
18803 | sometimes for end-of-italic. File: mantools/man2html. | 18803 | sometimes for end-of-italic. File: mantools/man2html. | |
18804 | 18804 | |||
18805 | 20130714 | 18805 | 20130714 | |
18806 | 18806 | |||
18807 | Cleanup: added smtpd_relay_restrictions entries to the | 18807 | Cleanup: added smtpd_relay_restrictions entries to the | |
18808 | default master.cf file, so that main.cf settings won't | 18808 | default master.cf file, so that main.cf settings won't | |
18809 | affect the submission and smtps services. Simon Matter. | 18809 | affect the submission and smtps services. Simon Matter. | |
18810 | File: conf/master.cf. | 18810 | File: conf/master.cf. | |
18811 | 18811 | |||
18812 | 20130728 | 18812 | 20130728 | |
18813 | 18813 | |||
18814 | Cleanup: wrong function name in error message. John Fawcett. | 18814 | Cleanup: wrong function name in error message. John Fawcett. | |
18815 | File: util/vstring_vstream.c. | 18815 | File: util/vstring_vstream.c. | |
18816 | 18816 | |||
18817 | 20130801 | 18817 | 20130801 | |
18818 | 18818 | |||
18819 | Cleanup: with ``make makefiles CCARGS="-DHAS_DB...'', the | 18819 | Cleanup: with ``make makefiles CCARGS="-DHAS_DB...'', the | |
18820 | makedefs script no longer tries to locate the Linux Berkeley | 18820 | makedefs script no longer tries to locate the Linux Berkeley | |
18821 | DB include and library files. Instead it assumes that the | 18821 | DB include and library files. Instead it assumes that the | |
18822 | locations are given on the command line, as shown in the | 18822 | locations are given on the command line, as shown in the | |
18823 | DB_README examples. Leo Baltus. File: makedefs. | 18823 | DB_README examples. Leo Baltus. File: makedefs. | |
18824 | 18824 | |||
18825 | 20130805 | 18825 | 20130805 | |
18826 | 18826 | |||
18827 | Documentation: clarified reject_non_fqdn_helo_hostname. | 18827 | Documentation: clarified reject_non_fqdn_helo_hostname. | |
18828 | File: proto/postconf.proto. | 18828 | File: proto/postconf.proto. | |
18829 | 18829 | |||
18830 | 20130809 | 18830 | 20130809 | |
18831 | 18831 | |||
18832 | Cleanup: the lmdb_map_size parameter is now a long integer. | 18832 | Cleanup: the lmdb_map_size parameter is now a long integer. | |
18833 | Howard Chu. Files: global/mail_params.[hc]. | 18833 | Howard Chu. Files: global/mail_params.[hc]. | |
18834 | 18834 | |||
18835 | 20130815 | 18835 | 20130815 | |
18836 | 18836 | |||
18837 | Documentation: added pointer to Dovecot 2 configuration. | 18837 | Documentation: added pointer to Dovecot 2 configuration. | |
18838 | File: proto/SASL_README.html | 18838 | File: proto/SASL_README.html | |
18839 | 18839 | |||
18840 | 20130818 | 18840 | 20130818 | |
18841 | 18841 | |||
18842 | Update: LMDB client updated to LMDB 0.9.7, which hopefully | 18842 | Update: LMDB client updated to LMDB 0.9.7, which hopefully | |
18843 | fixes the unrecoverable "transaction full" error. With a | 18843 | fixes the unrecoverable "transaction full" error. With a | |
18844 | new MDB_MAP_FULL workaround by Howard Chu that ensures that | 18844 | new MDB_MAP_FULL workaround by Howard Chu that ensures that | |
18845 | postfix will make progress as long as the disk is not full. | 18845 | postfix will make progress as long as the disk is not full. | |
18846 | File: util/dict_lmdb.c. | 18846 | File: util/dict_lmdb.c. | |
18847 | 18847 | |||
18848 | 20130822 | 18848 | 20130822 | |
18849 | 18849 | |||
18850 | The status of LMDB databases is "not recommended". Unlike | 18850 | The status of LMDB databases is "not recommended". Unlike | |
18851 | other Postfix databases, LMDB does not grow beyond a specified | 18851 | other Postfix databases, LMDB does not grow beyond a specified | |
18852 | limit even when the file system has room. This show-stopper | 18852 | limit even when the file system has room. This show-stopper | |
18853 | bug breaks applications whose requirements grow with load: | 18853 | bug breaks applications whose requirements grow with load: | |
18854 | postscreen(8), greylisting, tlsmgr(8) and verify(8). | 18854 | postscreen(8), greylisting, tlsmgr(8) and verify(8). | |
18855 | 18855 | |||
18856 | 20130825 | 18856 | 20130825 | |
18857 | 18857 | |||
18858 | Bitrot: Arrange for shared keys in SMTP server session | 18858 | Bitrot: Arrange for shared keys in SMTP server session | |
18859 | tickets. Otherwise, with clients that enable session | 18859 | tickets. Otherwise, with clients that enable session | |
18860 | tickets, the SMTP session cache is per-process and largely | 18860 | tickets, the SMTP session cache is per-process and largely | |
18861 | ineffective. Older releases should add SSL_OP_NO_TICKET | 18861 | ineffective. Older releases should add SSL_OP_NO_TICKET | |
18862 | to the SSL options bit mask in the SMTP server only. The | 18862 | to the SSL options bit mask in the SMTP server only. The | |
18863 | session ticket key validity interval (sum of initial issuing | 18863 | session ticket key validity interval (sum of initial issuing | |
18864 | and retired key validation intervals) must not exceed the | 18864 | and retired key validation intervals) must not exceed the | |
18865 | SSL session lifetime. Otherwise, clients may send valid | 18865 | SSL session lifetime. Otherwise, clients may send valid | |
18866 | tickets for expired sessions, which the OpenSSL server code | 18866 | tickets for expired sessions, which the OpenSSL server code | |
18867 | mishandles (does not send a replacement ticket, patch | 18867 | mishandles (does not send a replacement ticket, patch | |
18868 | pending...). | 18868 | pending...). | |
18869 | 18869 | |||
18870 | We set the session lifetime to 2 times the configured cache | 18870 | We set the session lifetime to 2 times the configured cache | |
18871 | lifetime which is also the ticket issuing and retired | 18871 | lifetime which is also the ticket issuing and retired | |
18872 | validation lifetime, so ticketed sessions last 1 to 2 times | 18872 | validation lifetime, so ticketed sessions last 1 to 2 times | |
18873 | the configured session lifetime and never longer than a | 18873 | the configured session lifetime and never longer than a | |
18874 | session's expiration time. | 18874 | session's expiration time. | |
18875 | 18875 | |||
18876 | Code by Viktor Dukhovni. Files: .indent.pro, mantools/postlink, | 18876 | Code by Viktor Dukhovni. Files: .indent.pro, mantools/postlink, | |
18877 | proto/TLS_README.html, proto/postconf.proto, global/mail_params.h, | 18877 | proto/TLS_README.html, proto/postconf.proto, global/mail_params.h, | |
18878 | posttls-finger/posttls-finger.c, posttls-finger/tlsmgrmem.c, | 18878 | posttls-finger/posttls-finger.c, posttls-finger/tlsmgrmem.c, | |
18879 | smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_mgr.c, | 18879 | smtpd/smtpd.c, tls/tls.h, tls/tls_client.c, tls/tls_mgr.c, | |
18880 | tls/tls_mgr.h, tls/tls_scache.c, tls/tls_scache.h, | 18880 | tls/tls_mgr.h, tls/tls_scache.c, tls/tls_scache.h, | |
18881 | tls/tls_server.c, tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c. | 18881 | tls/tls_server.c, tlsmgr/tlsmgr.c, tlsproxy/tlsproxy.c. | |
18882 | 18882 | |||
18883 | Robustness: Search for TLSA RRs at the resolved server name | 18883 | Robustness: Search for TLSA RRs at the resolved server name | |
18884 | (rname) and failing that request server name (qname), and | 18884 | (rname) and failing that request server name (qname), and | |
18885 | use whichever was found as the TLSA base domain for certificate | 18885 | use whichever was found as the TLSA base domain for certificate | |
18886 | matching. | 18886 | matching. | |
18887 | 18887 | |||
18888 | When we find a DNSSEC validated MX RRset, and the initial | 18888 | When we find a DNSSEC validated MX RRset, and the initial | |
18889 | next-hop domain is a CNAME, include both the initial and | 18889 | next-hop domain is a CNAME, include both the initial and | |
18890 | final (the one with the actual MX RRs) domains in the list | 18890 | final (the one with the actual MX RRs) domains in the list | |
18891 | of valid server certificate names. | 18891 | of valid server certificate names. | |
18892 | 18892 | |||
18893 | When we find no MX records, then the initial next-hop domain | 18893 | When we find no MX records, then the initial next-hop domain | |
18894 | is obtained securely from the recipient domain or transport | 18894 | is obtained securely from the recipient domain or transport | |
18895 | next-hop. Without MX records, this is a destination hostname, | 18895 | next-hop. Without MX records, this is a destination hostname, | |
18896 | so we should generally do a TLSA lookup. If however the | 18896 | so we should generally do a TLSA lookup. If however the | |
18897 | address lookup yields an insecure result, and its rname is | 18897 | address lookup yields an insecure result, and its rname is | |
18898 | equal to its qname (no CNAMEs), we reasonably assume that | 18898 | equal to its qname (no CNAMEs), we reasonably assume that | |
18899 | the its child "_port._tcp" sub-domain is likewise insecure | 18899 | the its child "_port._tcp" sub-domain is likewise insecure | |
18900 | (security here would require DLV just for this sub-domain). | 18900 | (security here would require DLV just for this sub-domain). | |
18901 | This allows us to skip futile TLSA queries for most non-MX | 18901 | This allows us to skip futile TLSA queries for most non-MX | |
18902 | destinations (those that are in insecure zones and are not | 18902 | destinations (those that are in insecure zones and are not | |
18903 | CNAMEs). This heuristic can be disabled by setting the new | 18903 | CNAMEs). This heuristic can be disabled by setting the new | |
18904 | main.cf parameter smtp_tls_force_insecure_host_tlsa_lookup | 18904 | main.cf parameter smtp_tls_force_insecure_host_tlsa_lookup | |
18905 | to "yes", the default is "no". | 18905 | to "yes", the default is "no". | |
18906 | 18906 | |||
18907 | Finally, with MX hostnames, if the MX RRset is secure, we | 18907 | Finally, with MX hostnames, if the MX RRset is secure, we | |
18908 | look for TLSA RRs at the qname only when the MX host is an | 18908 | look for TLSA RRs at the qname only when the MX host is an | |
18909 | alias with an insecure rname. If both the qname and the | 18909 | alias with an insecure rname. If both the qname and the | |
18910 | rname are secure, as before we prefer the rname, but when | 18910 | rname are secure, as before we prefer the rname, but when | |
18911 | nothing is found there, fall back to the qname. | 18911 | nothing is found there, fall back to the qname. | |
18912 | 18912 | |||
18913 | Code by Viktor Dukhovni. Files: mantools/postlink, | 18913 | Code by Viktor Dukhovni. Files: mantools/postlink, | |
18914 | proto/postconf.proto, src/global/mail_params.h, | 18914 | proto/postconf.proto, src/global/mail_params.h, | |
18915 | src/posttls-finger/posttls-finger.c, src/smtp/lmtp_params.c, | 18915 | src/posttls-finger/posttls-finger.c, src/smtp/lmtp_params.c, | |
18916 | src/smtp/smtp.c, src/smtp/smtp.h, src/smtp/smtp_addr.c, | 18916 | src/smtp/smtp.c, src/smtp/smtp.h, src/smtp/smtp_addr.c, | |
18917 | src/smtp/smtp_addr.h, src/smtp/smtp_connect.c, | 18917 | src/smtp/smtp_addr.h, src/smtp/smtp_connect.c, | |
18918 | src/smtp/smtp_params.c, src/smtp/smtp_tls_policy.c, | 18918 | src/smtp/smtp_params.c, src/smtp/smtp_tls_policy.c, | |
18919 | src/tls/tls.h, src/tls/tls_dane.c. | 18919 | src/tls/tls.h, src/tls/tls_dane.c. | |
18920 | 18920 | |||
18921 | 20130826 | 18921 | 20130826 | |
18922 | 18922 | |||
18923 | Documentation: re-ordered STRESS_README, now that all | 18923 | Documentation: re-ordered STRESS_README, now that all | |
18924 | supported releases have stress-adaptive behavior built in. | 18924 | supported releases have stress-adaptive behavior built in. | |
18925 | File: proto/STRESS_README.html. | 18925 | File: proto/STRESS_README.html. | |
18926 | 18926 | |||
18927 | 20130903 | 18927 | 20130903 | |
18928 | 18928 | |||
18929 | Cleanup: made the default_database_type compile-time | 18929 | Cleanup: made the default_database_type compile-time | |
18930 | configurable. Files: util/sys_defs.h, makedefs, proto/INSTALL. | 18930 | configurable. Files: util/sys_defs.h, makedefs, proto/INSTALL. | |
18931 | 18931 | |||
18932 | 20130916 | 18932 | 20130916 | |
18933 | 18933 | |||
18934 | Feature: reject_known_sender_login_mismatch, which applies | 18934 | Feature: reject_known_sender_login_mismatch, which applies | |
18935 | reject_sender_login_mismatch only to MAIL FROM addresses | 18935 | reject_sender_login_mismatch only to MAIL FROM addresses | |
18936 | that are known in $smtpd_sender_login_maps. Viktor & Wietse. | 18936 | that are known in $smtpd_sender_login_maps. Viktor & Wietse. | |
18937 | Files: mantools/postlink, proto/SASL_README.html, | 18937 | Files: mantools/postlink, proto/SASL_README.html, | |
18938 | proto/postconf.proto, global/mail_params.h, smtpd/smtpd_check.c. | 18938 | proto/postconf.proto, global/mail_params.h, smtpd/smtpd_check.c. | |
18939 | 18939 | |||
18940 | 20130927 | 18940 | 20130927 | |
18941 | 18941 | |||
18942 | Cleanup: no more LMDB "database full" errors. Postfix now | 18942 | Cleanup: no more LMDB "database full" errors. Postfix now | |
18943 | requires LMDB >= 0.9.8 which supports on-the-fly database | 18943 | requires LMDB >= 0.9.8 which supports on-the-fly database | |
18944 | resizing. When a database becomes full, its size limit is | 18944 | resizing. When a database becomes full, its size limit is | |
18945 | automatically doubled, and other processes automatically | 18945 | automatically doubled, and other processes automatically | |
18946 | pick up the new database size limit. Files: util/dict.h, | 18946 | pick up the new database size limit. Files: util/dict.h, | |
18947 | util/dict_open.c, util/dict_alloc.c, util/dict_lmdb.c, | 18947 | util/dict_open.c, util/dict_alloc.c, util/dict_lmdb.c, | |
18948 | postmap/postmap.c, postalias/postalias.c, proto/LMDB_README.html, | 18948 | postmap/postmap.c, postalias/postalias.c, proto/LMDB_README.html, | |
18949 | proto/postconf.proto. | 18949 | proto/postconf.proto. | |
18950 | 18950 | |||
18951 | 20130928 | 18951 | 20130928 | |
18952 | 18952 | |||
18953 | Cleanup: the lmdb_max_readers property is now configurable. | 18953 | Cleanup: the lmdb_max_readers property is now configurable. | |
18954 | This is a hard limit built into the OpenLDAP library that | 18954 | This is a hard limit built into the OpenLDAP library that | |
18955 | causes requests to fail when the number of open read | 18955 | causes requests to fail when the number of open read | |
18956 | transactions exceeds the limit. When this happens the LMDB | 18956 | transactions exceeds the limit. When this happens the LMDB | |
18957 | client logs an MDB_READERS_FULL warning and continues with | 18957 | client logs an MDB_READERS_FULL warning and continues with | |
18958 | reduced performance. Files: util/dict_lmdb.c, util/dict_lmdb.h, | 18958 | reduced performance. Files: util/dict_lmdb.c, util/dict_lmdb.h, | |
18959 | global/mail_params.h, global/mail_params.c, proto/postconf.proto, | 18959 | global/mail_params.h, global/mail_params.c, proto/postconf.proto, | |
18960 | proto/LMDB_README.html. | 18960 | proto/LMDB_README.html. | |
18961 | 18961 | |||
18962 | 20130929 | 18962 | 20130929 | |
18963 | 18963 | |||
18964 | Security violation: LMDB opens files with read/write access | 18964 | Security violation: LMDB opens files with read/write access | |
18965 | for lock management purposes. This gives unprivileged | 18965 | for lock management purposes. This gives unprivileged | |
18966 | daemon processes read/write file handles for root-owned | 18966 | daemon processes read/write file handles for root-owned | |
18967 | files under /etc/postfix. This also breaks when a non-root | 18967 | files under /etc/postfix. This also breaks when a non-root | |
18968 | process needs to access a root-owned database. Even if | 18968 | process needs to access a root-owned database. Even if | |
18969 | LMDB lock files were world-writable, and kept in a dedicated | 18969 | LMDB lock files were world-writable, and kept in a dedicated | |
18970 | directory, they would still violate the principle of least | 18970 | directory, they would still violate the principle of least | |
18971 | privilege. For all these reasons, support to create LMDB | 18971 | privilege. For all these reasons, support to create LMDB | |
18972 | files is removed from the postmap and postalias commands. | 18972 | files is removed from the postmap and postalias commands. | |
18973 | LMDB files can still be created by unprivileged Postfix | 18973 | LMDB files can still be created by unprivileged Postfix | |
18974 | daemon processes under the postfix-owned data_directory. | 18974 | daemon processes under the postfix-owned data_directory. | |
18975 | Files: proto/LMDB_README.html, global/mkmap.c. | 18975 | Files: proto/LMDB_README.html, global/mkmap.c. | |
18976 | 18976 | |||
18977 | 20131001 | 18977 | 20131001 | |
18978 | 18978 | |||
18979 | Cleanup: LMDB support is forbidden due to problems with | 18979 | Cleanup: LMDB support is forbidden due to problems with | |
18980 | LMDB lock management. These problems hinder error recovery | 18980 | LMDB lock management. These problems hinder error recovery | |
18981 | in multi-programmed systems, and prohibit database sharing | 18981 | in multi-programmed systems, and prohibit database sharing | |
18982 | between privileged writer processes and unprivileged reader | 18982 | between privileged writer processes and unprivileged reader | |
18983 | processes. | 18983 | processes. | |
18984 | 18984 | |||
18985 | 20131009 | 18985 | 20131009 | |
18986 | 18986 | |||
18987 | Documentation: inet_protols description was not updated | 18987 | Documentation: inet_protols description was not updated | |
18988 | when smtp_address_preference was added. File: proto/postconf.proto | 18988 | when smtp_address_preference was added. File: proto/postconf.proto | |
18989 | 18989 | |||
18990 | 20131013 | 18990 | 20131013 | |
18991 | 18991 | |||
18992 | Documentation: why postscreen(8) uses hash-table lookups | 18992 | Documentation: why postscreen(8) uses hash-table lookups | |
18993 | instead of direct pointers to find the DNSBL lookup result | 18993 | instead of direct pointers to find the DNSBL lookup result | |
18994 | for a specific session. File: postscreen/postscreen_early.c. | 18994 | for a specific session. File: postscreen/postscreen_early.c. | |
18995 | 18995 | |||
18996 | 20131022 | 18996 | 20131022 | |
18997 | 18997 | |||
18998 | Cleanup: add more &code; to postconf2man. Someone has been | 18998 | Cleanup: add more &code; to postconf2man. Someone has been | |
18999 | writing documentation without checking the result, File: | 18999 | writing documentation without checking the result, File: | |
19000 | mantools/postconf2man. | 19000 | mantools/postconf2man. | |
19001 | 19001 | |||
19002 | Documentation: in the discard(8) manpage, the reason is not | 19002 | Documentation: in the discard(8) manpage, the reason is not | |
19003 | a host or domain name. File: discard/discard.c. | 19003 | a host or domain name. File: discard/discard.c. | |
19004 | 19004 | |||
19005 | 20131025 | 19005 | 20131025 | |
19006 | 19006 | |||
19007 | Documentation: specify the expected result format with | 19007 | Documentation: specify the expected result format with | |
19008 | "list" tables. File: proto/DATABASE_README.html. | 19008 | "list" tables. File: proto/DATABASE_README.html. | |
19009 | 19009 | |||
19010 | 20131026 | 19010 | 20131026 | |
19011 | 19011 | |||
19012 | Future proofing: API changes in the PCRE library. File: | 19012 | Future proofing: API changes in the PCRE library. File: | |
19013 | util/dict_pcre.c. | 19013 | util/dict_pcre.c. | |
19014 | 19014 | |||
19015 | 20131028 | 19015 | 20131028 | |
19016 | 19016 | |||
19017 | Feature: check_sasl_access to block hijacked logins. Files: | 19017 | Feature: check_sasl_access to block hijacked logins. Files: | |
19018 | mantools/postlink, proto/postconf.proto, global/mail_params.h, | 19018 | mantools/postlink, proto/postconf.proto, global/mail_params.h, | |
19019 | smtpd/smtpd_check.c, smtpd/smtpd_dsn_fix.h. | 19019 | smtpd/smtpd_check.c, smtpd/smtpd_dsn_fix.h. | |
19020 | 19020 | |||
19021 | 20131029-31 | 19021 | 20131029-31 | |
19022 | 19022 | |||
19023 | Cleanup: slmdb(3) simplified LMDB API that hides recoverable | 19023 | Cleanup: slmdb(3) simplified LMDB API that hides recoverable | |
19024 | LMDB errors from applications so that they can focus on | 19024 | LMDB errors from applications so that they can focus on | |
19025 | their own job. Files: util/slmdb.[hc]. | 19025 | their own job. Files: util/slmdb.[hc]. | |
19026 | 19026 | |||
19027 | Cleanup: LMDB functionality restored, after elimination of | 19027 | Cleanup: LMDB functionality restored, after elimination of | |
19028 | 1) world-writable lockfiles, 2) hard limits on the number | 19028 | 1) world-writable lockfiles, 2) hard limits on the number | |
19029 | of concurrent readers, and 3) hard-coded database file inode | 19029 | of concurrent readers, and 3) hard-coded database file inode | |
19030 | numbers in lockfiles that can prevent automatic crash | 19030 | numbers in lockfiles that can prevent automatic crash | |
19031 | recovery. Files: proto/LMDB_README.html, proto/postconf.proto, | 19031 | recovery. Files: proto/LMDB_README.html, proto/postconf.proto, | |
19032 | mantools/postlink, util/dict_lmdb.c. | 19032 | mantools/postlink, util/dict_lmdb.c. | |
19033 | 19033 | |||
19034 | 20131101 | 19034 | 20131101 | |
19035 | 19035 | |||
19036 | Cleanup: restore ability to build without LMDB support; | 19036 | Cleanup: restore ability to build without LMDB support; | |
19037 | further slmdb API streamlining. Files: util/slmdb.[hc], | 19037 | further slmdb API streamlining. Files: util/slmdb.[hc], | |
19038 | util/dict_lmdb.c. | 19038 | util/dict_lmdb.c. | |
19039 | 19039 | |||
19040 | Bugfix: uninitialized variable. File: util/slmdb.c. | 19040 | Bugfix: uninitialized variable. File: util/slmdb.c. | |
19041 | 19041 | |||
19042 | Documentation: added SASL_README example for check_sasl_access. | 19042 | Documentation: added SASL_README example for check_sasl_access. | |
19043 | File: proto/SASL_README.html. | 19043 | File: proto/SASL_README.html. | |
19044 | 19044 | |||
19045 | 20131102-3 | 19045 | 20131102-3 | |
19046 | 19046 | |||
19047 | Security violation: by default, LMDB 0.9.9 writes uninitialized | 19047 | Security violation: by default, LMDB 0.9.9 writes uninitialized | |
19048 | heap memory to a world-readable database file, as chunks | 19048 | heap memory to a world-readable database file, as chunks | |
19049 | of up to 4096 bytes. This is a huge memory disclosure | 19049 | of up to 4096 bytes. This is a huge memory disclosure | |
19050 | vulnerability: memory content that a program does not intend | 19050 | vulnerability: memory content that a program does not intend | |
19051 | to share ends up in a world-readable file. The content of | 19051 | to share ends up in a world-readable file. The content of | |
19052 | uninitialized heap memory depends on program execution | 19052 | uninitialized heap memory depends on program execution | |
19053 | history. That history includes code execution in other | 19053 | history. That history includes code execution in other | |
19054 | libraries that are linked into the program. | 19054 | libraries that are linked into the program. | |
19055 | 19055 | |||
19056 | This is a problem whenever the user who writes the database | 19056 | This is a problem whenever the user who writes the database | |
19057 | file differs from the user who reads the database file. For | 19057 | file differs from the user who reads the database file. For | |
19058 | example, a privileged writer and an unprivileged reader. | 19058 | example, a privileged writer and an unprivileged reader. | |
19059 | In the case of Postfix, the postmap(1) and postalias(1) | 19059 | In the case of Postfix, the postmap(1) and postalias(1) | |
19060 | commands would leak uninitialized heap memory, as chunks | 19060 | commands would leak uninitialized heap memory, as chunks | |
19061 | of up to 4096 bytes, from a root-privileged process that | 19061 | of up to 4096 bytes, from a root-privileged process that | |
19062 | writes to a database file, to unprivileged processes that | 19062 | writes to a database file, to unprivileged processes that | |
19063 | read from that database file. | 19063 | read from that database file. | |
19064 | 19064 | |||
19065 | To work around this problem the postmap(1) and postalias(1) | 19065 | To work around this problem the postmap(1) and postalias(1) | |
19066 | commands disable the use of malloc() in LMDB. However, that | 19066 | commands disable the use of malloc() in LMDB. However, that | |
19067 | does not address several disclosures of stack memory. Other | 19067 | does not address several disclosures of stack memory. Other | |
19068 | Postfix databases do not need this workaround: those databases | 19068 | Postfix databases do not need this workaround: those databases | |
19069 | are maintained by Postfix daemon processes, and are accessible | 19069 | are maintained by Postfix daemon processes, and are accessible | |
19070 | only by the postfix user. File: util/dict_lmdb.c. | 19070 | only by the postfix user. File: util/dict_lmdb.c. | |
19071 | 19071 | |||
19072 | 20131102-3 | 19072 | 20131102-3 | |
19073 | 19073 | |||
19074 | Cleanup: expand TAB characters when generating documentation. | 19074 | Cleanup: expand TAB characters when generating documentation. | |
19075 | This was primarily an issue with non-HTML output, but it does | 19075 | This was primarily an issue with non-HTML output, but it does | |
19076 | not hurt to do this also for HTML. Files: proto/Makefile.in, | 19076 | not hurt to do this also for HTML. Files: proto/Makefile.in, | |
19077 | proto/MULTI_INSTANCE_README.html. | 19077 | proto/MULTI_INSTANCE_README.html. | |
19078 | 19078 | |||
19079 | 20131104 | 19079 | 20131104 | |
19080 | 19080 | |||
19081 | Feature: ${queue_id} macro support for the pipe(8) delivery | 19081 | Feature: ${queue_id} macro support for the pipe(8) delivery | |
19082 | agent by Andreas Schulze. File: pipe/pipe.c. | 19082 | agent by Andreas Schulze. File: pipe/pipe.c. | |
19083 | 19083 | |||
19084 | 20131107 | 19084 | 20131107 | |
19085 | 19085 | |||
19086 | Cleanup: after 16 years the SKIP() and TRIM() macros were | 19086 | Cleanup: after 16 years the SKIP() and TRIM() macros were | |
19087 | triggering compiler warnings. Files: global/mail_params.c, | 19087 | triggering compiler warnings. Files: global/mail_params.c, | |
19088 | smtpstone/smtp-sink.c, util/mac_parse.c, util/split_nameval.c. | 19088 | smtpstone/smtp-sink.c, util/mac_parse.c, util/split_nameval.c. | |
19089 | 19089 | |||
19090 | 20131110 | 19090 | 20131110 | |
19091 | 19091 | |||
19092 | Bugfix (introduced Oct 26 1997): don't clobber errno before | 19092 | Bugfix (introduced Oct 26 1997): don't clobber errno before | |
19093 | expanding %m. File: util/vbuf_print.c. | 19093 | expanding %m. File: util/vbuf_print.c. | |
19094 | 19094 | |||
19095 | 20131114 | 19095 | 20131114 | |
19096 | 19096 | |||
19097 | Cleanup: LMDB >= 0.9.10 does not need the MDB_WRITEMAP | 19097 | Cleanup: LMDB >= 0.9.10 does not need the MDB_WRITEMAP | |
19098 | workaround to avoid heap memory information leaks. File: | 19098 | workaround to avoid heap memory information leaks. File: | |
19099 | util/dict_lmdb.c. | 19099 | util/dict_lmdb.c. | |
19100 | 19100 | |||
19101 | 20131114 | 19101 | 20131114 | |
19102 | 19102 | |||
19103 | Cleanup: Coverity found a harmless memory leak in the | 19103 | Cleanup: Coverity found a harmless memory leak in the | |
19104 | postconf master.cf parser. Reported by Christos Zoulas, | 19104 | postconf master.cf parser. Reported by Christos Zoulas, | |
19105 | NetBSD. File: postconf/postconf_master.c. | 19105 | NetBSD. File: postconf/postconf_master.c. | |
19106 | 19106 | |||
19107 | Cleanup: graceful degradation after database open() error. | 19107 | Cleanup: graceful degradation after database open() error. | |
19108 | Several instances of that code introduced a harmless memory | 19108 | Several instances of that code introduced a harmless memory | |
19109 | leak, and Coverity complained about one of them (Christos | 19109 | leak, and Coverity complained about one of them (Christos | |
19110 | Zoulas, NetBSD). Instead of adding random code in random | 19110 | Zoulas, NetBSD). Instead of adding random code in random | |
19111 | places, restructured dict_foo_open() routines with consistent | 19111 | places, restructured dict_foo_open() routines with consistent | |
19112 | code to dispose of memory or file handles. Files: dict_thash.c, | 19112 | code to dispose of memory or file handles. Files: dict_thash.c, | |
19113 | dict_sockmap.c, dict_regexp.c, dict_pcre.c, dict_lmdb.c, | 19113 | dict_sockmap.c, dict_regexp.c, dict_pcre.c, dict_lmdb.c, | |
19114 | dict_dbm.c, dict_cidr.c, dict_cdb.c. | 19114 | dict_dbm.c, dict_cidr.c, dict_cdb.c. | |
19115 | 19115 | |||
19116 | Cleanup: warning message after canonical/virtal/etc. | 19116 | Cleanup: warning message after canonical/virtal/etc. | |
19117 | table lookup error. Files: cleanup/cleanup_addr.c, | 19117 | table lookup error. Files: cleanup/cleanup_addr.c, | |
19118 | cleanup/cleanup_map11.c, cleanup/cleanup_map1n.c, | 19118 | cleanup/cleanup_map11.c, cleanup/cleanup_map1n.c, | |
19119 | cleanup/cleanup_masquerade.c, cleanup/cleanup_message.c, | 19119 | cleanup/cleanup_masquerade.c, cleanup/cleanup_message.c, | |
19120 | cleanup/cleanup_milter.c. | 19120 | cleanup/cleanup_milter.c. | |
19121 | 19121 | |||
19122 | 20131116 | 19122 | 20131116 | |
19123 | 19123 | |||
19124 | Feature: MySQL client support for option_file, option_group, | 19124 | Feature: MySQL client support for option_file, option_group, | |
19125 | tls_cert_file, tls_key_file, tls_CAfile, tls_CApath, | 19125 | tls_cert_file, tls_key_file, tls_CAfile, tls_CApath, | |
19126 | tls_verify_cert. See mysql_table(5). Code by Gareth Palmer. | 19126 | tls_verify_cert. See mysql_table(5). Code by Gareth Palmer. | |
19127 | Files: proto/mysql_table, global/dict_mysql.c. | 19127 | Files: proto/mysql_table, global/dict_mysql.c. | |
19128 | 19128 | |||
19129 | Cleanup: DANE support. Keep the attributes of TA certificates | 19129 | Cleanup: DANE support. Keep the attributes of TA certificates | |
19130 | obtained via "IN TLSA 2 0 X" RRs, while continuing to only | 19130 | obtained via "IN TLSA 2 0 X" RRs, while continuing to only | |
19131 | use the key from "IN TLSA 2 1 X" RRs. This means in the | 19131 | use the key from "IN TLSA 2 1 X" RRs. This means in the | |
19132 | "2 0 X" case that we re-sign the TA certificate in place, | 19132 | "2 0 X" case that we re-sign the TA certificate in place, | |
19133 | rather than synthesize a vanilla cert around just the key. | 19133 | rather than synthesize a vanilla cert around just the key. | |
19134 | Viktor Dukhovni. File: tls/tls_dane.c. | 19134 | Viktor Dukhovni. File: tls/tls_dane.c. | |
19135 | 19135 | |||
19136 | Bugfix: posttls-finger parsing of destination and optional | 19136 | Bugfix: posttls-finger parsing of destination and optional | |
19137 | match values. Viktor Dukhovni. File: | 19137 | match values. Viktor Dukhovni. File: | |
19138 | posttls-finger/posttls-finger.c. | 19138 | posttls-finger/posttls-finger.c. | |
19139 | 19139 | |||
19140 | Cleanup: When wrap_signed is false (OpenSSL 1.0.2 some day), | 19140 | Cleanup: When wrap_signed is false (OpenSSL 1.0.2 some day), | |
19141 | we don't have to sign trust anchors, and don't generate a | 19141 | we don't have to sign trust anchors, and don't generate a | |
19142 | key to do so. Thus don't attempt to re-sign trust-anchor | 19142 | key to do so. Thus don't attempt to re-sign trust-anchor | |
19143 | certificates (IN TLSA 2 0 X) in this case. Viktor Dukhovni. | 19143 | certificates (IN TLSA 2 0 X) in this case. Viktor Dukhovni. | |
19144 | File: tls/tls_dane.c. | 19144 | File: tls/tls_dane.c. | |
19145 | 19145 | |||
19146 | Feature: configurable DANE digest algorithm priority. Use | 19146 | Feature: configurable DANE digest algorithm priority. Use | |
19147 | only the most-preferred, shared, digest algorithm for any | 19147 | only the most-preferred, shared, digest algorithm for any | |
19148 | give (usage, selector) combination. Viktor Dukhovni. | 19148 | give (usage, selector) combination. Viktor Dukhovni. | |
19149 | mantools/postlink, proto/postconf.proto, global/mail_params.h, | 19149 | mantools/postlink, proto/postconf.proto, global/mail_params.h, | |
19150 | tls/tls_dane.c, tls/tls_misc.c. | 19150 | tls/tls_dane.c, tls/tls_misc.c. | |
19151 | 19151 | |||
19152 | Bugfix: FreeBSD nroff workaround messed up. File: | 19152 | Bugfix: FreeBSD nroff workaround messed up. File: | |
19153 | mantools/postlink. | 19153 | mantools/postlink. | |
19154 | 19154 | |||
19155 | 20131118 | 19155 | 20131118 | |
19156 | 19156 | |||
19157 | Cleanup: FreeBSD nroff workaround. Files: man/Makefile.in, | 19157 | Cleanup: FreeBSD nroff workaround. Files: man/Makefile.in, | |
19158 | proto/Makefile.in. | 19158 | proto/Makefile.in. | |
19159 | 19159 | |||
19160 | Cleanup: the smtpd_proxy_filter client now sends QUIT before | 19160 | Cleanup: the smtpd_proxy_filter client now sends QUIT before | |
19161 | closing the connection to a content filter. Files: | 19161 | closing the connection to a content filter. Files: | |
19162 | smtpd/smtpd_proxy.c, smtpd/smtpd.c. | 19162 | smtpd/smtpd_proxy.c, smtpd/smtpd.c. | |
19163 | 19163 | |||
19164 | Portability: C99 va_copy() compatibility, in case some | 19164 | Portability: C99 va_copy() compatibility, in case some | |
19165 | implementation does not permit multiple va_start() calls | 19165 | implementation does not permit multiple va_start() calls | |
19166 | on the same argument list. Files: global/memcache_proto.c, | 19166 | on the same argument list. Files: global/memcache_proto.c, | |
19167 | milter/milter8.c, smtpstone/smtp-source.c, util/attr_clnt.c, | 19167 | milter/milter8.c, smtpstone/smtp-source.c, util/attr_clnt.c, | |
19168 | util/concatenate.c, util/dict_surrogate.c, util/netstring.c, | 19168 | util/concatenate.c, util/dict_surrogate.c, util/netstring.c, | |
19169 | util/compat_va_copy.h. | 19169 | util/compat_va_copy.h. | |
19170 | 19170 | |||
19171 | Cleanup: comment formatting. Viktor Dukhovni. File: dns/dns.h. | 19171 | Cleanup: comment formatting. Viktor Dukhovni. File: dns/dns.h. | |
19172 | 19172 | |||
19173 | Cleanup: removed redundant sort operation. Viktor Dukhovni. | 19173 | Cleanup: removed redundant sort operation. Viktor Dukhovni. | |
19174 | File: tls/tls_dane.c. | 19174 | File: tls/tls_dane.c. | |
19175 | 19175 | |||
19176 | 20131119 | 19176 | 20131119 | |
19177 | 19177 | |||
19178 | Feature: a Postfix LMDB database can now be used as shared | 19178 | Feature: a Postfix LMDB database can now be used as shared | |
19179 | persistent cache with multiple postscreen(8) or verify(8) | 19179 | persistent cache with multiple postscreen(8) or verify(8) | |
19180 | daemons (but not both), without the need for a shared | 19180 | daemons (but not both), without the need for a shared | |
19181 | proxymap server. Files: util/dict.h, util/dict_alloc.c, | 19181 | proxymap server. Files: util/dict.h, util/dict_alloc.c, | |
19182 | util/dict_open.c, util/dict_lmdb.c. | 19182 | util/dict_open.c, util/dict_lmdb.c. | |
19183 | 19183 | |||
19184 | Internal: DNS client support to report reply RCODE information, | 19184 | Internal: DNS client support to report reply RCODE information, | |
19185 | in addition to the simplified DNS_NOTFOUND, DNS_RETRY etc. | 19185 | in addition to the simplified DNS_NOTFOUND, DNS_RETRY etc. | |
19186 | Portability note: this requires the C99 __VA_ARGS__ feature. | 19186 | Portability note: this requires the C99 __VA_ARGS__ feature. | |
19187 | Files: dns/dns.h. dns/dns_lookup.c, dns/test_dns_lookup.c. | 19187 | Files: dns/dns.h. dns/dns_lookup.c, dns/test_dns_lookup.c. | |
19188 | 19188 | |||
19189 | 20131120 | 19189 | 20131120 | |
19190 | 19190 | |||
19191 | Cleanup: reduced the code footprint for the LMDB < 0.9.10 | 19191 | Cleanup: reduced the code footprint for the LMDB < 0.9.10 | |
19192 | heap-to-file information leak workaround, and simplified | 19192 | heap-to-file information leak workaround, and simplified | |
19193 | the implementation to "good enough". Files: util/dict.h, | 19193 | the implementation to "good enough". Files: util/dict.h, | |
19194 | util/dict.c, util/dict_lmdb.c, postalias/postalias.c, | 19194 | util/dict.c, util/dict_lmdb.c, postalias/postalias.c, | |
19195 | postmap/postmap.c. | 19195 | postmap/postmap.c. | |
19196 | 19196 | |||
19197 | Cleanup: reduced the code footprint for the handling of | 19197 | Cleanup: reduced the code footprint for the handling of | |
19198 | multi-writer safe maps. A map only needs to assert that it | 19198 | multi-writer safe maps. A map only needs to assert that it | |
19199 | is multi-writer safe, and the rest just happens. Files: | 19199 | is multi-writer safe, and the rest just happens. Files: | |
19200 | util/dict.h, util/dict_open.c, util/dict_lmdb.c, | 19200 | util/dict.h, util/dict_open.c, util/dict_lmdb.c, | |
19201 | global/dict_memcache.c. | 19201 | global/dict_memcache.c. | |
19202 | 19202 | |||
19203 | Cleanup: Postfix daemons no longer restart when a multi-writer | 19203 | Cleanup: Postfix daemons no longer restart when a multi-writer | |
19204 | safe map is updated. File: util/dict.c. | 19204 | safe map is updated. File: util/dict.c. | |
19205 | 19205 | |||
19206 | Documentation: sharing an LMDB cache between multiple | 19206 | Documentation: sharing an LMDB cache between multiple | |
19207 | verify(8) or postscreen(8) servers (but not both). Files: | 19207 | verify(8) or postscreen(8) servers (but not both). Files: | |
19208 | proto/ADDRESS_VERIFICATION_README.html, | 19208 | proto/ADDRESS_VERIFICATION_README.html, | |
19209 | proto/POSTSCREEN_README.html. | 19209 | proto/POSTSCREEN_README.html. | |
19210 | 19210 | |||
19211 | Cleanup: improve suppression of TLSA lookups in insecure | 19211 | Cleanup: improve suppression of TLSA lookups in insecure | |
19212 | zones. This is now applied not only to non-MX destinations, | 19212 | zones. This is now applied not only to non-MX destinations, | |
19213 | but also to each MX record. Viktor Dukhovni. Files: | 19213 | but also to each MX record. Viktor Dukhovni. Files: | |
19214 | src/posttls-finger/posttls-finger.c, src/smtp/smtp_tls_policy.c, | 19214 | src/posttls-finger/posttls-finger.c, src/smtp/smtp_tls_policy.c, | |
19215 | src/tls/tls.h, src/tls/tls_dane.c. | 19215 | src/tls/tls.h, src/tls/tls_dane.c. | |
19216 | 19216 | |||
19217 | Workaround: increased the 5s connection timeout to 30s. | 19217 | Workaround: increased the 5s connection timeout to 30s. | |
19218 | Viktor Dukhovni. File: posttls-finger/posttls-finger.c. | 19218 | Viktor Dukhovni. File: posttls-finger/posttls-finger.c. | |
19219 | 19219 | |||
19220 | 20131121 | 19220 | 20131121 | |
19221 | 19221 | |||
19222 | Documentation: new socketmap_table(5) and lmdb_table(5) | 19222 | Documentation: new socketmap_table(5) and lmdb_table(5) | |
19223 | manpages. Files: mantools/postlink, conf/postfix-files, | 19223 | manpages. Files: mantools/postlink, conf/postfix-files, | |
19224 | html/Makefile.in, man/Makefile.in, proto/DATABASE_README.html, | 19224 | html/Makefile.in, man/Makefile.in, proto/DATABASE_README.html, | |
19225 | postconf/postconf.c, proto/socketmap_table, proto/lmdb_table. | 19225 | postconf/postconf.c, proto/socketmap_table, proto/lmdb_table. | |
19226 | 19226 | |||
19227 | 20131122 | 19227 | 20131122 | |
19228 | 19228 | |||
19229 | Documentation: missing database hyperlinks, refined text | 19229 | Documentation: missing database hyperlinks, refined text | |
19230 | about partial lookup keys. Files: mantools/postlink, | 19230 | about partial lookup keys. Files: mantools/postlink, | |
19231 | proto/DATABASE_README.html, proto/lmdb_table, | 19231 | proto/DATABASE_README.html, proto/lmdb_table, | |
19232 | proto/socketmap_table. | 19232 | proto/socketmap_table. | |
19233 | 19233 | |||
19234 | 20131123 | 19234 | 20131123 | |
19235 | 19235 | |||
19236 | Feature: support for NOTIFY parameter in the Milter | 19236 | Feature: support for NOTIFY parameter in the Milter | |
19237 | SMFIR_ADDRCPT_PAR request. Contributed by by Andrew Ayer. | 19237 | SMFIR_ADDRCPT_PAR request. Contributed by by Andrew Ayer. | |
19238 | Wietse added support for ORCPT. Files: cleanup/cleanup.h, | 19238 | Wietse added support for ORCPT. Files: cleanup/cleanup.h, | |
19239 | cleanup/cleanup_milter.c, cleanup/cleanup_state.c, | 19239 | cleanup/cleanup_milter.c, cleanup/cleanup_state.c, | |
19240 | global/xtext.c, global/xtext.h, milter/test-milter.c. | 19240 | global/xtext.c, global/xtext.h, milter/test-milter.c. | |
19241 | 19241 | |||
19242 | 20131122 | 19242 | 20131122 | |
19243 | 19243 | |||
19244 | Feature: "postconf -Fe service/type/attribute = value" edits | 19244 | Feature: "postconf -Fe service/type/attribute = value" edits | |
19245 | master.cf attribute values. The -e is optional. Example: | 19245 | master.cf attribute values. The -e is optional. Example: | |
19246 | use "postconf -F "*/*/chroot = n" to turn off chroot on all | 19246 | use "postconf -F "*/*/chroot = n" to turn off chroot on all | |
19247 | master.cf services. Files: postconf/postconf.h, | 19247 | master.cf services. Files: postconf/postconf.h, | |
19248 | postconf/postconf.c, postconf/postcof_master.c, | 19248 | postconf/postconf.c, postconf/postcof_master.c, | |
19249 | postconf/postconf_edit.c. | 19249 | postconf/postconf_edit.c. | |
19250 | 19250 | |||
19251 | 20131124 | 19251 | 20131124 | |
19252 | 19252 | |||
19253 | Cleanup: remove extra blank line from ccformat output, | 19253 | Cleanup: remove extra blank line from ccformat output, | |
19254 | making it compatible with the script that Wietse actually | 19254 | making it compatible with the script that Wietse actually | |
19255 | uses (this line was part of a test to detect file truncation, | 19255 | uses (this line was part of a test to detect file truncation, | |
19256 | but it is now obsolete). File: mantools/ccformat. | 19256 | but it is now obsolete). File: mantools/ccformat. | |
19257 | 19257 | |||
19258 | Feature: master.cf parameter namespace. "postconf -P" shows | 19258 | Feature: master.cf parameter namespace. "postconf -P" shows | |
19259 | master.cf parameter settings as "service/type/parameter = | 19259 | master.cf parameter settings as "service/type/parameter = | |
19260 | value". This is applicable only to parameter settings in | 19260 | value". This is applicable only to parameter settings in | |
19261 | master.cf. Files: postconf/postconf.h, postconf/postconf.c, | 19261 | master.cf. Files: postconf/postconf.h, postconf/postconf.c, | |
19262 | postconf/postcof_master.c, postconf/postconf_print.c. | 19262 | postconf/postcof_master.c, postconf/postconf_print.c. | |
19263 | 19263 | |||
19264 | Incompatibility: the master_service_disable syntax has | 19264 | Incompatibility: the master_service_disable syntax has | |
19265 | changed: use "service/type" instead of "service.type". The | 19265 | changed: use "service/type" instead of "service.type". The | |
19266 | new form is consistent with master.cf parameter namespaces. | 19266 | new form is consistent with master.cf parameter namespaces. | |
19267 | The old form is still supported to avoid breaking existing | 19267 | The old form is still supported to avoid breaking existing | |
19268 | configurations. Files: global/master_service.c, | 19268 | configurations. Files: global/master_service.c, | |
19269 | master/master_ent.c. | 19269 | master/master_ent.c. | |
19270 | 19270 | |||
19271 | 20131125 | 19271 | 20131125 | |
19272 | 19272 | |||
19273 | Feature: change, add or delete "-o parameter=value" setting | 19273 | Feature: change, add or delete "-o parameter=value" setting | |
19274 | in master.cf. Examples: "postconf -P smtp/inet/parameter=value" | 19274 | in master.cf. Examples: "postconf -P smtp/inet/parameter=value" | |
19275 | (add or modify "-o name=value" setting) and "postconf -P | 19275 | (add or modify "-o name=value" setting) and "postconf -P | |
19276 | smtp/inet/parameter" (delete "-o parameter=value" setting). | 19276 | smtp/inet/parameter" (delete "-o parameter=value" setting). | |
19277 | Files: util/argv.[hc], postconf/postconf.h, | 19277 | Files: util/argv.[hc], postconf/postconf.h, | |
19278 | postconf/postconf_edit.c, postconf_master.c. | 19278 | postconf/postconf_edit.c, postconf_master.c. | |
19279 | 19279 | |||
19280 | 20131126 | 19280 | 20131126 | |
19281 | 19281 | |||
19282 | Cleanup: Leave SSLv3 enabled with DANE. Viktor Dukhovni. | 19282 | Cleanup: Leave SSLv3 enabled with DANE. Viktor Dukhovni. | |
19283 | Files: proto/TLS_README.html proto/postconf.proto | 19283 | Files: proto/TLS_README.html proto/postconf.proto | |
19284 | tls/tls_client.c. | 19284 | tls/tls_client.c. | |
19285 | 19285 | |||
19286 | Cleanup: DANE support: Drop support for usage 0. It SHOULD | 19286 | Cleanup: DANE support: Drop support for usage 0. It SHOULD | |
19287 | NOT be supported in DANE with SMTP, and we already don't | 19287 | NOT be supported in DANE with SMTP, and we already don't | |
19288 | support digest TLSA RRs in this case, while full content | 19288 | support digest TLSA RRs in this case, while full content | |
19289 | TLSA RRs are not recommended for DNS bloat reasons. Viktor | 19289 | TLSA RRs are not recommended for DNS bloat reasons. Viktor | |
19290 | Dukhovni. Files: proto/postconf.proto src/global/mail_params.h | 19290 | Dukhovni. Files: proto/postconf.proto src/global/mail_params.h | |
19291 | src/smtp/smtp.c src/tls/tls_dane.c src/tls/tls_misc.c. | 19291 | src/smtp/smtp.c src/tls/tls_dane.c src/tls/tls_misc.c. | |
19292 | 19292 | |||
19293 | Feature: TLS support: Support future digest algorithms | 19293 | Feature: TLS support: Support future digest algorithms | |
19294 | without re-compilation. Viktor Dukhovni. Files: .indent.pro | 19294 | without re-compilation. Viktor Dukhovni. Files: .indent.pro | |
19295 | proto/postconf.proto src/tls/tls_dane.c. | 19295 | proto/postconf.proto src/tls/tls_dane.c. | |
19296 | 19296 | |||
19297 | Feature: DNS support: New configurable digest agility. | 19297 | Feature: DNS support: New configurable digest agility. | |
19298 | Viktor Dukhovni. Files: .indent.pro proto/TLS_README.html | 19298 | Viktor Dukhovni. Files: .indent.pro proto/TLS_README.html | |
19299 | proto/postconf.proto src/global/mail_params.h src/tls/tls_dane.c | 19299 | proto/postconf.proto src/global/mail_params.h src/tls/tls_dane.c | |
19300 | src/tls/tls_misc.c. | 19300 | src/tls/tls_misc.c. | |
19301 | 19301 | |||
19302 | 20131127 | 19302 | 20131127 | |
19303 | 19303 | |||
19304 | Bugfix (introduced: 20090106): the postconf '-#' option | 19304 | Bugfix (introduced: 20090106): the postconf '-#' option | |
19305 | erased prior options. File: postconf/postconf.c. | 19305 | erased prior options. File: postconf/postconf.c. | |
19306 | 19306 | |||
19307 | 20131129 | 19307 | 20131129 | |
19308 | 19308 | |||
19309 | Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor | 19309 | Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor | |
19310 | Dukhovni. File: proto/MULTI_INSTANCE_README.html. | 19310 | Dukhovni. File: proto/MULTI_INSTANCE_README.html. | |
19311 | 19311 | |||
19312 | 20131130 | 19312 | 20131130 | |
19313 | 19313 | |||
19314 | Cleanup: simplify fingerprint security level implementation | 19314 | Cleanup: simplify fingerprint security level implementation | |
19315 | in new DANE code. Viktor Dukhovni. Files: src/tls/tls.h | 19315 | in new DANE code. Viktor Dukhovni. Files: src/tls/tls.h | |
19316 | src/smtp/smtp_tls_policy.c src/tls/tls_dane.c | 19316 | src/smtp/smtp_tls_policy.c src/tls/tls_dane.c | |
19317 | src/posttls-finger/posttls-finger.c. | 19317 | src/posttls-finger/posttls-finger.c. | |
19318 | 19318 | |||
19319 | 20131209 | 19319 | 20131209 | |
19320 | 19320 | |||
19321 | Cleanup: safe_strtoul() did not report an error for empty | 19321 | Cleanup: safe_strtoul() did not report an error for empty | |
19322 | or all-space input (the code to report this was in the wrong | 19322 | or all-space input (the code to report this was in the wrong | |
19323 | place). This was not a problem as long as safe_strtoul() | 19323 | place). This was not a problem as long as safe_strtoul() | |
19324 | was used only for output from safe_ultostr(). Files: | 19324 | was used only for output from safe_ultostr(). Files: | |
19325 | global/safe_ultostr.c, global/safe_ultostr.in, | 19325 | global/safe_ultostr.c, global/safe_ultostr.in, | |
19326 | global/safe_ultostr.ref. | 19326 | global/safe_ultostr.ref. | |
19327 | 19327 | |||
19328 | 20131210 | 19328 | 20131210 | |
19329 | 19329 | |||
19330 | Documentation: updated description of SSL protocol controls. | 19330 | Documentation: updated description of SSL protocol controls. | |
19331 | In particular, enabled protocols are part of a contiguous | 19331 | In particular, enabled protocols are part of a contiguous | |
19332 | range. Viktor Dukhovni. Files: proto/TLS_README.html, | 19332 | range. Viktor Dukhovni. Files: proto/TLS_README.html, | |
19333 | proto/postconf.proto. | 19333 | proto/postconf.proto. | |
19334 | 19334 | |||
19335 | Bugfix: DANE support: handle OpenSSL memory allocation | 19335 | Bugfix: DANE support: handle OpenSSL memory allocation | |
19336 | error. Viktor Dukhovni. File: tls/tls_dane.c. | 19336 | error. Viktor Dukhovni. File: tls/tls_dane.c. | |
19337 | 19337 | |||
19338 | Cleanup: LMDB_README was not installed. File: conf/postfix-files. | 19338 | Cleanup: LMDB_README was not installed. File: conf/postfix-files. | |
19339 | 19339 | |||
19340 | 20131214 | 19340 | 20131214 | |
19341 | 19341 | |||
19342 | Portability: on some platforms posttls-finger now requires | 19342 | Portability: on some platforms posttls-finger now requires | |
19343 | explicitly linking libdl. File: posttls-finger/Makefile.in. | 19343 | explicitly linking libdl. File: posttls-finger/Makefile.in. | |
19344 | 19344 | |||
19345 | Cleanup: DANE support: extension gymnastics. Viktor Dukhovni. | 19345 | Cleanup: DANE support: extension gymnastics. Viktor Dukhovni. | |
19346 | File: tls/tls_dane.c. | 19346 | File: tls/tls_dane.c. | |
19347 | 19347 | |||
19348 | Bugfix: DANE support: the wrap_cert() and wrap_key() calls | 19348 | Bugfix: DANE support: the wrap_cert() and wrap_key() calls | |
19349 | should never fail, but some callers ignored the return | 19349 | should never fail, but some callers ignored the return | |
19350 | value. The only failure is for lack of memory, so we use | 19350 | value. The only failure is for lack of memory, so we use | |
19351 | msg_fatal() internally and change wrap_cert() and wrap_key() | 19351 | msg_fatal() internally and change wrap_cert() and wrap_key() | |
19352 | to return void. Viktor Dukhovni. File: tls/tls_dane.c. | 19352 | to return void. Viktor Dukhovni. File: tls/tls_dane.c. | |
19353 | 19353 | |||
19354 | Bugfix: DANE support: avoid making DANE certificates with | 19354 | Bugfix: DANE support: avoid making DANE certificates with | |
19355 | replaced public-keys appear as if they were self-signed. | 19355 | replaced public-keys appear as if they were self-signed. | |
19356 | Viktor Dukhovni. File: tls/tls_dane.c. | 19356 | Viktor Dukhovni. File: tls/tls_dane.c. | |
19357 | 19357 | |||
19358 | Cleanup: DANE support: simplify grow_chain() to always apply | 19358 | Cleanup: DANE support: simplify grow_chain() to always apply | |
19359 | trust consistently. Viktor Dukhovni. File: tls/tls_dane.c. | 19359 | trust consistently. Viktor Dukhovni. File: tls/tls_dane.c. | |
19360 | 19360 | |||
19361 | Bugfix: DANE support: backport fixes from OpenSSL DANE | 19361 | Bugfix: DANE support: backport fixes from OpenSSL DANE | |
19362 | testing. Discard errors generated by raw TA key signature | 19362 | testing. Discard errors generated by raw TA key signature | |
19363 | checks. Record the tadepth as zero with self-signed depth | 19363 | checks. Record the tadepth as zero with self-signed depth | |
19364 | 0 TAs. Robustness: Though it should never happen, don't | 19364 | 0 TAs. Robustness: Though it should never happen, don't | |
19365 | update the tadepth if already set. Viktor Dukhovni. Files: | 19365 | update the tadepth if already set. Viktor Dukhovni. Files: | |
19366 | tls/tls_dane.c, tls/tls_server.c. | 19366 | tls/tls_dane.c, tls/tls_server.c. | |
19367 | 19367 | |||
19368 | 20131215 | 19368 | 20131215 | |
19369 | 19369 | |||
19370 | Cleanup: OpenSSL "const" declarations have changed over | 19370 | Cleanup: OpenSSL "const" declarations have changed over | |
19371 | time. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, | 19371 | time. Viktor Dukhovni. Files: src/tls/tls.h, src/tls/tls_client.c, | |
19372 | src/tls/tls_dane.c, src/tls/tls_server.c. | 19372 | src/tls/tls_dane.c, src/tls/tls_server.c. | |
19373 | 19373 | |||
19374 | 20131216 | 19374 | 20131216 | |
19375 | 19375 | |||
19376 | Cleanup: TLS support. Eliminate calls of deprecated functions | 19376 | Cleanup: TLS support. Eliminate calls of deprecated functions | |
19377 | before they are removed from OpenSSL. CRYPTO_thread_id is | 19377 | before they are removed from OpenSSL. CRYPTO_thread_id is | |
19378 | deprecated and we don't need it. Replace the deprecated | 19378 | deprecated and we don't need it. Replace the deprecated | |
19379 | ERR_remove_state() call with ERR_remove_thread_state(), and | 19379 | ERR_remove_state() call with ERR_remove_thread_state(), and | |
19380 | use RSA_generate_key_ex(). Viktor Dukhovni. Files: | 19380 | use RSA_generate_key_ex(). Viktor Dukhovni. Files: | |
19381 | posttls-finger/posttls-finger.c, tls/tls_misc.c, tls/tls_rsa.c. | 19381 | posttls-finger/posttls-finger.c, tls/tls_misc.c, tls/tls_rsa.c. | |
19382 | 19382 | |||
19383 | Cleanup: DANE support: Reduce #ifdef clutter to improve | 19383 | Cleanup: DANE support: Reduce #ifdef clutter to improve | |
19384 | redability and maintability. Viktor Dukhovni. File: | 19384 | redability and maintability. Viktor Dukhovni. File: | |
19385 | tls/tls_dane.c. | 19385 | tls/tls_dane.c. | |
19386 | 19386 | |||
19387 | Future proofing: Tolerate disappearance of named bug-workaround | 19387 | Future proofing: Tolerate disappearance of named bug-workaround | |
19388 | bits without invalidating user configurations. When support | 19388 | bits without invalidating user configurations. When support | |
19389 | for a bug workaround is removed from OpenSSL, the corresponding | 19389 | for a bug workaround is removed from OpenSSL, the corresponding | |
19390 | bit is defined as zero (i.e. NOOP) intstead of causing | 19390 | bit is defined as zero (i.e. NOOP) intstead of causing | |
19391 | programs to break. Viktor Dukhovni. File: tls/tls_misc.c. | 19391 | programs to break. Viktor Dukhovni. File: tls/tls_misc.c. | |
19392 | 19392 | |||
19393 | 20131217 | 19393 | 20131217 | |
19394 | 19394 | |||
19395 | Portability: RSA_generate_key_ex() is not available on all | 19395 | Portability: RSA_generate_key_ex() is not available on all | |
19396 | supported platforms, so this change is made conditional. | 19396 | supported platforms, so this change is made conditional. | |
19397 | Enforce that this function will be used only for creating | 19397 | Enforce that this function will be used only for creating | |
19398 | a 512-bit ephemeral RSA key. Viktor Dukhovni. File: | 19398 | a 512-bit ephemeral RSA key. Viktor Dukhovni. File: | |
19399 | tls/tls_rsa.c. | 19399 | tls/tls_rsa.c. | |
19400 | 19400 | |||
19401 | 20131218 | 19401 | 20131218 | |
19402 | 19402 | |||
19403 | Documentation: new document FORWARD_SECRECY_README that | 19403 | Documentation: new document FORWARD_SECRECY_README that | |
19404 | describes how different versions of Postfix >= 2.2 implement | 19404 | describes how different versions of Postfix >= 2.2 implement | |
19405 | "perfect" forward secrecy. Viktor Dukhovni. File: | 19405 | "perfect" forward secrecy. Viktor Dukhovni. File: | |
19406 | proto/FORWARD_SECRECY_README.html, proto/Makefile.in, | 19406 | proto/FORWARD_SECRECY_README.html, proto/Makefile.in, | |
19407 | conf/postfix-files, html/index.html. | 19407 | conf/postfix-files, html/index.html. | |
19408 | 19408 | |||
19409 | 20131219 | 19409 | 20131219 | |
19410 | 19410 | |||
19411 | Cleanup: renamed postconf(1) internal identifiers according | 19411 | Cleanup: renamed postconf(1) internal identifiers according | |
19412 | to a consistent scheme, to avoid future name conflicts as | 19412 | to a consistent scheme, to avoid future name conflicts as | |
19413 | Postfix evolves. This is a no-feature change. Files: | 19413 | Postfix evolves. This is a no-feature change. Files: | |
19414 | postconf/*.[hc], postconf/extract.awk. | 19414 | postconf/*.[hc], postconf/extract.awk. | |
19415 | 19415 | |||
19416 | Documentation: linearized the order of exposition in | 19416 | Documentation: linearized the order of exposition in | |
19417 | FORWARD_SECRECY_README. File: proto/FORWARD_SECRECY_README.html. | 19417 | FORWARD_SECRECY_README. File: proto/FORWARD_SECRECY_README.html. | |
19418 | 19418 | |||
19419 | 20131220 | 19419 | 20131220 | |
19420 | 19420 | |||
19421 | Bugfix: DANE support: segfault. Viktor Dukhovni. File: | 19421 | Bugfix: DANE support: segfault. Viktor Dukhovni. File: | |
19422 | tls/tls_dane.c. | 19422 | tls/tls_dane.c. | |
19423 | 19423 | |||
19424 | Documentation: typo in SASL_README. Patrick Ben Koetter. | 19424 | Documentation: typo in SASL_README. Patrick Ben Koetter. | |
19425 | File: proto/SASL_README.html. | 19425 | File: proto/SASL_README.html. | |
19426 | 19426 | |||
19427 | Documentation: increased the *.[0-9].html manpage width | 19427 | Documentation: increased the *.[0-9].html manpage width | |
19428 | from the historical 65 columns to the more contemporary 78 | 19428 | from the historical 65 columns to the more contemporary 78 | |
19429 | columns, and future-proofed the pattern that eliminates | 19429 | columns, and future-proofed the pattern that eliminates | |
19430 | redundant text from the "README FILES" section. Files: | 19430 | redundant text from the "README FILES" section. Files: | |
19431 | mantools/postlink, mantools/man2html, man/Makefile.in. | 19431 | mantools/postlink, mantools/man2html, man/Makefile.in. | |
19432 | 19432 | |||
19433 | Documentation: misc manual page cleanups. Files: | 19433 | Documentation: misc manual page cleanups. Files: | |
19434 | postconf/postconf.c, postmulti/postmulti.c. | 19434 | postconf/postconf.c, postmulti/postmulti.c. | |
19435 | 19435 | |||
19436 | 20131221 | 19436 | 20131221 | |
19437 | 19437 | |||
19438 | Testbed: TLS support. Viktor Dukhovni. Files: tls/Makefile.in, | 19438 | Testbed: TLS support. Viktor Dukhovni. Files: tls/Makefile.in, | |
19439 | tls/tls_dane.c, tls/tls_dane.sh, tls/tls_mgr.c, .indent.pro. | 19439 | tls/tls_dane.c, tls/tls_dane.sh, tls/tls_mgr.c, .indent.pro. | |
19440 | 19440 | |||
19441 | Documentation: added section on how to verify that forward | 19441 | Documentation: added section on how to verify that forward | |
19442 | secrecy works. File: proto/FORWARD_SECRECY_README.html. | 19442 | secrecy works. File: proto/FORWARD_SECRECY_README.html. | |
19443 | 19443 | |||
19444 | 20131222 | 19444 | 20131222 | |
19445 | 19445 | |||
19446 | Documentation: forward secrecy, with feedback from Adam | 19446 | Documentation: forward secrecy, with feedback from Adam | |
19447 | Shostack. Viktor Dukhovni and Wietse Venema. File: | 19447 | Shostack. Viktor Dukhovni and Wietse Venema. File: | |
19448 | proto/FORWARD_SECRECY_README.html. | 19448 | proto/FORWARD_SECRECY_README.html. | |
19449 | 19449 | |||
19450 | 20131224 | 19450 | 20131224 | |
19451 | 19451 | |||
19452 | Feature: smtpd_sasl_service (until now, this was hard-coded | 19452 | Feature: smtpd_sasl_service (until now, this was hard-coded | |
19453 | internally as "smtp"). On request by Michal (sksoft.cz). | 19453 | internally as "smtp"). On request by Michal (sksoft.cz). | |
19454 | Files: global/mail_params.h, proto/postconf.proto, | 19454 | Files: global/mail_params.h, proto/postconf.proto, | |
19455 | mantools/postlink, smtpd/smtpd.c, smtpd/smtpd_sasl_glue.c. | 19455 | mantools/postlink, smtpd/smtpd.c, smtpd/smtpd_sasl_glue.c. | |
19456 | 19456 | |||
19457 | Documentation: updated example to Dovecot version 2 syntax. | 19457 | Documentation: updated example to Dovecot version 2 syntax. | |
19458 | File: proto/SASL_README/html. | 19458 | File: proto/SASL_README/html. | |
19459 | 19459 | |||
19460 | 20131228 | 19460 | 20131228 | |
19461 | 19461 | |||
19462 | Cleanup: DANE support: test script. Viktor Dukhovni. File | 19462 | Cleanup: DANE support: test script. Viktor Dukhovni. File | |
19463 | tls/tls_dane.sh. | 19463 | tls/tls_dane.sh. | |
19464 | 19464 | |||
19465 | Debugging: test driver for LMDB debugging and stress testing. | 19465 | Debugging: test driver for LMDB debugging and stress testing. | |
19466 | Shockingly, LMDB terminates the postscreen daemon without | 19466 | Shockingly, LMDB terminates the postscreen daemon without | |
19467 | logfile record. File: util/dict_cache.c. | 19467 | logfile record. File: util/dict_cache.c. | |
19468 | 19468 | |||
19469 | 20140102 | 19469 | 20140102 | |
19470 | 19470 | |||
19471 | Bugfix: close the LMDB database cursor's read transaction | 19471 | Bugfix: close the LMDB database cursor's read transaction | |
19472 | before writing with MDB_NOLOCK and before changing the | 19472 | before writing with MDB_NOLOCK and before changing the | |
19473 | database memory map size. File: util/slmdb.c. | 19473 | database memory map size. File: util/slmdb.c. | |
19474 | 19474 | |||
19475 | 20140103 | 19475 | 20140103 | |
19476 | 19476 | |||
19477 | Cleanup: eliminated data duplication from the new SMTP_ITERATOR | 19477 | Cleanup: eliminated data duplication from the new SMTP_ITERATOR | |
19478 | structure to the old SMTP_SESSION structure. The SMTP_ITERATOR | 19478 | structure to the old SMTP_SESSION structure. The SMTP_ITERATOR | |
19479 | structure now maintains the sole copy. Files: smtp/smtp.h, | 19479 | structure now maintains the sole copy. Files: smtp/smtp.h, | |
19480 | smtp_sasl_auth_cache.c, smtp_reuse.c, smtp_sasl_glue.c, | 19480 | smtp_sasl_auth_cache.c, smtp_reuse.c, smtp_sasl_glue.c, | |
19481 | smtp_rcpt.c, smtp_session.c, smtp_chat.c, smtp_proto.c, | 19481 | smtp_rcpt.c, smtp_session.c, smtp_chat.c, smtp_proto.c, | |
19482 | smtp_connect.c. | 19482 | smtp_connect.c. | |
19483 | 19483 | |||
19484 | 20140104 | 19484 | 20140104 | |
19485 | 19485 | |||
19486 | Feature: support for optional configuration files | 19486 | Feature: support for optional configuration files | |
19487 | "$daemon-directory/postfix-files.d/*". These are processed | 19487 | "$daemon-directory/postfix-files.d/*". These are processed | |
19488 | in sorted order after "$daemon-directory/postfix-files", | 19488 | in sorted order after "$daemon-directory/postfix-files", | |
19489 | This avoids breaking "postfix set-permissions" etc. when a | 19489 | This avoids breaking "postfix set-permissions" etc. when a | |
19490 | Postfix distribution comes in multiple packages. File: | 19490 | Postfix distribution comes in multiple packages. File: | |
19491 | conf/post-install. | 19491 | conf/post-install. | |
19492 | 19492 | |||
19493 | 20140107 | 19493 | 20140107 | |
19494 | 19494 | |||
19495 | Feature: LMDB 0.9.11 allows Postfix daemons to log an LMDB | 19495 | Feature: LMDB 0.9.11 allows Postfix daemons to log an LMDB | |
19496 | error message, instead of falling out of the sky without | 19496 | error message, instead of falling out of the sky without | |
19497 | any notification. Files: util/slmdb.[hc], util/dict_lmdb.c. | 19497 | any notification. Files: util/slmdb.[hc], util/dict_lmdb.c. | |
19498 | 19498 | |||
19499 | 20140108 | 19499 | 20140108 | |
19500 | 19500 | |||
19501 | Bugfix: every Postfix LMDB transaction is now protected by | 19501 | Bugfix: every Postfix LMDB transaction is now protected by | |
19502 | an external lock for its entire life time. File: util/slmdb.c. | 19502 | an external lock for its entire life time. File: util/slmdb.c. | |
19503 | 19503 | |||
19504 | 20140109 | 19504 | 20140109 | |
19505 | 19505 | |||
19506 | Cleanup: turn off DNSSEC lookup after CNAME redirection to | 19506 | Cleanup: turn off DNSSEC lookup after CNAME redirection to | |
19507 | an insecure zone. This is an optimization for resolvers | 19507 | an insecure zone. This is an optimization for resolvers | |
19508 | that do not automatically resolve CNAME chains. Viktor | 19508 | that do not automatically resolve CNAME chains. Viktor | |
19509 | Dukhovni. File: dns/dns_lookup.c. | 19509 | Dukhovni. File: dns/dns_lookup.c. | |
19510 | 19510 | |||
19511 | Cleanup: do not salt the SMTP TLS policy lookup cache key | 19511 | Cleanup: do not salt the SMTP TLS policy lookup cache key | |
19512 | with the DNSSEC status. The DNSSEC status will not change | 19512 | with the DNSSEC status. The DNSSEC status will not change | |
19513 | when the same nexthop/host pair is looked up repeatedly. | 19513 | when the same nexthop/host pair is looked up repeatedly. | |
19514 | Viktor Dukhovni. File: smtp/smtp_tls_policy.c. | 19514 | Viktor Dukhovni. File: smtp/smtp_tls_policy.c. | |
19515 | 19515 | |||
19516 | Robustness: Suppress TLSA lookups only when the qname zone | 19516 | Robustness: Suppress TLSA lookups only when the qname zone | |
19517 | is insecure, not just because the rname zone is insecure. | 19517 | is insecure, not just because the rname zone is insecure. | |
19518 | This requires an extra T_CNAME lookup for the qname, since | 19518 | This requires an extra T_CNAME lookup for the qname, since | |
19519 | nameservers are often "too helpful" and report CNAME records | 19519 | nameservers are often "too helpful" and report CNAME records | |
19520 | together with the CNAME targets. When the targets are | 19520 | together with the CNAME targets. When the targets are | |
19521 | insecure the whole reply is marked as insecure. Viktor | 19521 | insecure the whole reply is marked as insecure. Viktor | |
19522 | Dukhovni. File: tls/tls_dane.c. | 19522 | Dukhovni. File: tls/tls_dane.c. | |
19523 | 19523 | |||
19524 | Cleanup: Unify/simplify reporting of configuration or other | 19524 | Cleanup: Unify/simplify reporting of configuration or other | |
19525 | conditions that prevent DANE security. Viktor Dukhovni. | 19525 | conditions that prevent DANE security. Viktor Dukhovni. | |
19526 | Files: global/dsn_buf.[hc], tls/tls_dane.c, smtp/smtp_tls_policy.c. | 19526 | Files: global/dsn_buf.[hc], tls/tls_dane.c, smtp/smtp_tls_policy.c. | |
19527 | 19527 | |||
19528 | 20140110-15 | 19528 | 20140110-15 | |
19529 | 19529 | |||
19530 | Miscellaneous documentation cleanups. | 19530 | Miscellaneous documentation cleanups. | |
19531 | 19531 | |||
19532 | 20140116 | 19532 | 20140116 | |
19533 | 19533 | |||
19534 | Workaround: prepend "-I. -I../../include" to CCARGS, to | 19534 | Workaround: prepend "-I. -I../../include" to CCARGS, to | |
19535 | avoid name clashes with non-Postfix header files. File: | 19535 | avoid name clashes with non-Postfix header files. File: | |
19536 | makedefs. | 19536 | makedefs. | |
19537 | 19537 | |||
19538 | 20140125 | 19538 | 20140125 | |
19539 | 19539 | |||
19540 | Cleanup: postconf(1) manpage missing version attribution | 19540 | Cleanup: postconf(1) manpage missing version attribution | |
19541 | and incorrect "author" formatting. File: postconf/postconf.c. | 19541 | and incorrect "author" formatting. File: postconf/postconf.c. | |
19542 | 19542 | |||
19543 | 20140223 | 19543 | 20140223 | |
19544 | 19544 | |||
19545 | Logging: the TLS client logged that an "Untrusted" TLS | 19545 | Logging: the TLS client logged that an "Untrusted" TLS | |
19546 | connection was established instead of "Anonymous". Viktor | 19546 | connection was established instead of "Anonymous". Viktor | |
19547 | Dukhovni. File: tls/tls_client.c. | 19547 | Dukhovni. File: tls/tls_client.c. | |
19548 | 19548 | |||
19549 | 20140227 | 19549 | 20140227 | |
19550 | 19550 | |||
19551 | Bugfix: Enforce TLS when TLSA records exist, but all are | 19551 | Bugfix: Enforce TLS when TLSA records exist, but all are | |
19552 | unusable; Don't leak dane handle when all TLSA records are | 19552 | unusable; Don't leak dane handle when all TLSA records are | |
19553 | unusable. Viktor Dukhovni. File: smtp/smtp_tls_policy.c. | 19553 | unusable. Viktor Dukhovni. File: smtp/smtp_tls_policy.c. | |
19554 | 19554 | |||
19555 | Cleanup: log TLS policy lookup errors as warnings. Viktor | 19555 | Cleanup: log TLS policy lookup errors as warnings. Viktor | |
19556 | Dukhovni. File: smtp/smtp_connect.c. | 19556 | Dukhovni. File: smtp/smtp_connect.c. | |
19557 | 19557 | |||
19558 | 20140407 | 19558 | 20140407 | |
19559 | 19559 | |||
19560 | Documentation: the documentation for Postfix > 2.8 TLS | 19560 | Documentation: the documentation for Postfix > 2.8 TLS | |
19561 | activity logging was incorrect. Loglevel 0 produces no | 19561 | activity logging was incorrect. Loglevel 0 produces no | |
19562 | logging. Instead, information is logged only with loglevel | 19562 | logging. Instead, information is logged only with loglevel | |
19563 | 1 or higher. Viktor Dukhovni. Files: proto/TLS_README.html, | 19563 | 1 or higher. Viktor Dukhovni. Files: proto/TLS_README.html, | |
19564 | proto/postconf.proto. | 19564 | proto/postconf.proto. | |
19565 | 19565 | |||
19566 | 20140507 | 19566 | 20140507 | |
19567 | 19567 | |||
19568 | Bugfix (introduced: Postfix 2.11): with connection caching | 19568 | Bugfix (introduced: Postfix 2.11): with connection caching | |
19569 | enabled (the default), recipients could be given to the | 19569 | enabled (the default), recipients could be given to the | |
19570 | wrong mail server. Root cause: due to an incorrect predicate, | 19570 | wrong mail server. Root cause: due to an incorrect predicate, | |
19571 | the Postfix SMTP client could save and restore plaintext | 19571 | the Postfix SMTP client could save and restore plaintext | |
19572 | connections that should not be cached, under nonsensical | 19572 | connections that should not be cached, under nonsensical | |
19573 | lookup keys that did not distinguish by destination. Problem | 19573 | lookup keys that did not distinguish by destination. Problem | |
19574 | reported by Sahil Tandon, predicate error found by Viktor, | 19574 | reported by Sahil Tandon, predicate error found by Viktor, | |
19575 | redundant connection restore request eliminated by Wietse. | 19575 | redundant connection restore request eliminated by Wietse. | |
19576 | File: smtp/smtp_connect.c. | 19576 | File: smtp/smtp_connect.c. | |
19577 | 19577 | |||
19578 | 20140619 | 19578 | 20140619 | |
19579 | 19579 | |||
19580 | Bugfix (introduced: 2001): qmqpd null pointer bug when it | 19580 | Bugfix (introduced: 2001): qmqpd null pointer bug when it | |
19581 | logs a lost connection while not in a mail transaction. | 19581 | logs a lost connection while not in a mail transaction. | |
19582 | Reported by Michal Adamek. File: qmqpd/qmqpd.c. | 19582 | Reported by Michal Adamek. File: qmqpd/qmqpd.c. | |
19583 | 19583 | |||
19584 | 20140920 | 19584 | 20140920 | |
19585 | 19585 | |||
19586 | Bugfix (introduced: 20080212): incorrect client name in | 19586 | Bugfix (introduced: 20080212): incorrect client name in | |
19587 | reject messages from check_reverse_client_hostname_access | 19587 | reject messages from check_reverse_client_hostname_access | |
19588 | and check_reverse_client_hostname_{mx,ns}_access. They | 19588 | and check_reverse_client_hostname_{mx,ns}_access. They | |
19589 | replied with the verified client name, instead of the name | 19589 | replied with the verified client name, instead of the name | |
19590 | that was rejected. Problem reported by Reindl Harald. File: | 19590 | that was rejected. Problem reported by Reindl Harald. File: | |
19591 | smtpd/smtpd_check.c. | 19591 | smtpd/smtpd_check.c. | |
19592 | 19592 | |||
19593 | 20141012 | 19593 | 20141012 | |
19594 | 19594 | |||
19595 | Bugfix (introduced: Postfix 2.3): the PREPEND access/policy | 19595 | Bugfix (introduced: Postfix 2.3): the PREPEND access/policy | |
19596 | action added headers ABOVE Postfix's own Received: header, | 19596 | action added headers ABOVE Postfix's own Received: header, | |
19597 | exposing Postfix's own Received: header to Milters (protocol | 19597 | exposing Postfix's own Received: header to Milters (protocol | |
19598 | violation) and hiding the PREPENDed header from Milters. | 19598 | violation) and hiding the PREPENDed header from Milters. | |
19599 | The latter caused problems for DMARC implementations with | 19599 | The latter caused problems for DMARC implementations with | |
19600 | SPF policy plus DKIM Milter. PREPENDed headers are now | 19600 | SPF policy plus DKIM Milter. PREPENDed headers are now | |
19601 | added BELOW Postfix's own Received: header and remain visible | 19601 | added BELOW Postfix's own Received: header and remain visible | |
19602 | to Milters. File: smtpd/smtpd.c. | 19602 | to Milters. File: smtpd/smtpd.c. | |
19603 | 19603 | |||
19604 | 20141014 | 19604 | 20141014 | |
19605 | 19605 | |||
19606 | Portability: Darwin 11.x needs to link with -lresolv. Viktor | 19606 | Portability: Darwin 11.x needs to link with -lresolv. Viktor | |
19607 | Dukhovni. File: makedefs. | 19607 | Dukhovni. File: makedefs. | |
19608 | 19608 | |||
19609 | 20141018 | 19609 | 20141018 | |
19610 | 19610 | |||
19611 | Bugfix (introduced: Postfix 2.3): when a Milter inserted a | 19611 | Bugfix (introduced: Postfix 2.3): when a Milter inserted a | |
19612 | header ABOVE Postfix's own Received: header, Postfix would | 19612 | header ABOVE Postfix's own Received: header, Postfix would | |
19613 | expose its own Received: header to Milters (violating | 19613 | expose its own Received: header to Milters (violating | |
19614 | protocol) and hide the Milter-inserted header from Milters | 19614 | protocol) and hide the Milter-inserted header from Milters | |
19615 | (wtf). Files: cleanup/cleanup.h, cleanup/cleanup_message.c, | 19615 | (wtf). Files: cleanup/cleanup.h, cleanup/cleanup_message.c, | |
19616 | cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c. | 19616 | cleanup/cleanup_state.c, milter/milter.[hc], milter/milter8.c. | |
19617 | 19617 | |||
19618 | Cleanup: revert the workaround that places headers inserted | 19618 | Cleanup: revert the workaround that places headers inserted | |
19619 | with PREPEND actions or policy requests BELOW Postfix's own | 19619 | with PREPEND actions or policy requests BELOW Postfix's own | |
19620 | Received: message header. File: smtpd/smtpd.c. | 19620 | Received: message header. File: smtpd/smtpd.c. | |
19621 | ||||
19622 | 20141025 | |||
19623 | ||||
19624 | Bugfix (introduced: Postfix 2.11): core dump when | |||
19625 | smtp_policy_maps specifies an invalid TLS level. Viktor | |||
19626 | Dukhovni. File: smtp/smtp_tls_policy.c. | |||
19627 | ||||
19628 | 20150106 | |||
19629 | ||||
19630 | Robustness: don't segfault due to excessive recursion after | |||
19631 | a faulty configuration runs into the virtual_alias_recursion_limit. | |||
19632 | File: global/tok822_tree.c. | |||
19633 | ||||
19634 | 20150115 | |||
19635 | ||||
19636 | Safety: stop aliasing loops that exponentially increase the | |||
19637 | address length with each iteration. Back-ported from Postfix | |||
19638 | 3.0. File: cleanup/cleanup_map1n.c. | |||
19639 | ||||
19640 | 20150117 | |||
19641 | ||||
19642 | Cleanup: missing " in \%s\" in postconf(1) fatal error | |||
19643 | messages. Iain Hibbert. File: postconf/postconf_master.c. |
--- src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c 2014/07/06 19:27:49 1.1.1.4
+++ src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c 2015/03/03 07:11:08 1.1.1.4.2.1
@@ -1,174 +1,183 @@ | @@ -1,174 +1,183 @@ | |||
1 | /* $NetBSD: cleanup_map1n.c,v 1.1.1.4 2014/07/06 19:27:49 tron Exp $ */ | 1 | /* $NetBSD: cleanup_map1n.c,v 1.1.1.4.2.1 2015/03/03 07:11:08 snj Exp $ */ | |
2 | 2 | |||
3 | /*++ | 3 | /*++ | |
4 | /* NAME | 4 | /* NAME | |
5 | /* cleanup_map1n 3 | 5 | /* cleanup_map1n 3 | |
6 | /* SUMMARY | 6 | /* SUMMARY | |
7 | /* one-to-many address mapping | 7 | /* one-to-many address mapping | |
8 | /* SYNOPSIS | 8 | /* SYNOPSIS | |
9 | /* #include <cleanup.h> | 9 | /* #include <cleanup.h> | |
10 | /* | 10 | /* | |
11 | /* ARGV *cleanup_map1n_internal(state, addr, maps, propagate) | 11 | /* ARGV *cleanup_map1n_internal(state, addr, maps, propagate) | |
12 | /* CLEANUP_STATE *state; | 12 | /* CLEANUP_STATE *state; | |
13 | /* const char *addr; | 13 | /* const char *addr; | |
14 | /* MAPS *maps; | 14 | /* MAPS *maps; | |
15 | /* int propagate; | 15 | /* int propagate; | |
16 | /* DESCRIPTION | 16 | /* DESCRIPTION | |
17 | /* This module implements one-to-many table mapping via table lookup. | 17 | /* This module implements one-to-many table mapping via table lookup. | |
18 | /* Table lookups are done with quoted (externalized) address forms. | 18 | /* Table lookups are done with quoted (externalized) address forms. | |
19 | /* The process is recursive. The recursion terminates when the | 19 | /* The process is recursive. The recursion terminates when the | |
20 | /* left-hand side appears in its own expansion. | 20 | /* left-hand side appears in its own expansion. | |
21 | /* | 21 | /* | |
22 | /* cleanup_map1n_internal() is the interface for addresses in | 22 | /* cleanup_map1n_internal() is the interface for addresses in | |
23 | /* internal (unquoted) form. | 23 | /* internal (unquoted) form. | |
24 | /* DIAGNOSTICS | 24 | /* DIAGNOSTICS | |
25 | /* When the maximal expansion or recursion limit is reached, | 25 | /* When the maximal expansion or recursion limit is reached, | |
26 | /* the alias is not expanded and the CLEANUP_STAT_DEFER error | 26 | /* the alias is not expanded and the CLEANUP_STAT_DEFER error | |
27 | /* is raised with reason "4.6.0 Alias expansion error". | 27 | /* is raised with reason "4.6.0 Alias expansion error". | |
28 | /* | 28 | /* | |
29 | /* When table lookup fails, the alias is not expanded and the | 29 | /* When table lookup fails, the alias is not expanded and the | |
30 | /* CLEANUP_STAT_WRITE error is raised with reason "4.6.0 Alias | 30 | /* CLEANUP_STAT_WRITE error is raised with reason "4.6.0 Alias | |
31 | /* expansion error". | 31 | /* expansion error". | |
32 | /* SEE ALSO | 32 | /* SEE ALSO | |
33 | /* mail_addr_map(3) address mappings | 33 | /* mail_addr_map(3) address mappings | |
34 | /* mail_addr_find(3) address lookups | 34 | /* mail_addr_find(3) address lookups | |
35 | /* LICENSE | 35 | /* LICENSE | |
36 | /* .ad | 36 | /* .ad | |
37 | /* .fi | 37 | /* .fi | |
38 | /* The Secure Mailer license must be distributed with this software. | 38 | /* The Secure Mailer license must be distributed with this software. | |
39 | /* AUTHOR(S) | 39 | /* AUTHOR(S) | |
40 | /* Wietse Venema | 40 | /* Wietse Venema | |
41 | /* IBM T.J. Watson Research | 41 | /* IBM T.J. Watson Research | |
42 | /* P.O. Box 704 | 42 | /* P.O. Box 704 | |
43 | /* Yorktown Heights, NY 10598, USA | 43 | /* Yorktown Heights, NY 10598, USA | |
44 | /*--*/ | 44 | /*--*/ | |
45 | 45 | |||
46 | /* System library. */ | 46 | /* System library. */ | |
47 | 47 | |||
48 | #include <sys_defs.h> | 48 | #include <sys_defs.h> | |
49 | #include <string.h> | 49 | #include <string.h> | |
50 | 50 | |||
51 | #ifdef STRCASECMP_IN_STRINGS_H | 51 | #ifdef STRCASECMP_IN_STRINGS_H | |
52 | #include <strings.h> | 52 | #include <strings.h> | |
53 | #endif | 53 | #endif | |
54 | 54 | |||
55 | /* Utility library. */ | 55 | /* Utility library. */ | |
56 | 56 | |||
57 | #include <mymalloc.h> | 57 | #include <mymalloc.h> | |
58 | #include <msg.h> | 58 | #include <msg.h> | |
59 | #include <argv.h> | 59 | #include <argv.h> | |
60 | #include <vstring.h> | 60 | #include <vstring.h> | |
61 | #include <dict.h> | 61 | #include <dict.h> | |
62 | 62 | |||
63 | /* Global library. */ | 63 | /* Global library. */ | |
64 | 64 | |||
65 | #include <mail_params.h> | 65 | #include <mail_params.h> | |
66 | #include <mail_addr_map.h> | 66 | #include <mail_addr_map.h> | |
67 | #include <cleanup_user.h> | 67 | #include <cleanup_user.h> | |
68 | #include <quote_822_local.h> | 68 | #include <quote_822_local.h> | |
69 | #include <been_here.h> | 69 | #include <been_here.h> | |
70 | 70 | |||
71 | /* Application-specific. */ | 71 | /* Application-specific. */ | |
72 | 72 | |||
73 | #include "cleanup.h" | 73 | #include "cleanup.h" | |
74 | 74 | |||
75 | /* cleanup_map1n_internal - one-to-many table lookups */ | 75 | /* cleanup_map1n_internal - one-to-many table lookups */ | |
76 | 76 | |||
77 | ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr, | 77 | ARGV *cleanup_map1n_internal(CLEANUP_STATE *state, const char *addr, | |
78 | MAPS *maps, int propagate) | 78 | MAPS *maps, int propagate) | |
79 | { | 79 | { | |
80 | ARGV *argv; | 80 | ARGV *argv; | |
81 | ARGV *lookup; | 81 | ARGV *lookup; | |
82 | int count; | 82 | int count; | |
83 | int i; | 83 | int i; | |
84 | int arg; | 84 | int arg; | |
85 | BH_TABLE *been_here; | 85 | BH_TABLE *been_here; | |
86 | char *saved_lhs; | 86 | char *saved_lhs; | |
87 | 87 | |||
88 | /* | 88 | /* | |
89 | * Initialize. | 89 | * Initialize. | |
90 | */ | 90 | */ | |
91 | argv = argv_alloc(1); | 91 | argv = argv_alloc(1); | |
92 | argv_add(argv, addr, ARGV_END); | 92 | argv_add(argv, addr, ARGV_END); | |
93 | argv_terminate(argv); | 93 | argv_terminate(argv); | |
94 | been_here = been_here_init(0, BH_FLAG_FOLD); | 94 | been_here = been_here_init(0, BH_FLAG_FOLD); | |
95 | 95 | |||
96 | /* | 96 | /* | |
97 | * Rewrite the address vector in place. With each map lookup result, | 97 | * Rewrite the address vector in place. With each map lookup result, | |
98 | * split it into separate addresses, then rewrite and flatten each | 98 | * split it into separate addresses, then rewrite and flatten each | |
99 | * address, and repeat the process. Beware: argv is being changed, so we | 99 | * address, and repeat the process. Beware: argv is being changed, so we | |
100 | * must index the array explicitly, instead of running along it with a | 100 | * must index the array explicitly, instead of running along it with a | |
101 | * pointer. | 101 | * pointer. | |
102 | */ | 102 | */ | |
103 | #define UPDATE(ptr,new) do { \ | 103 | #define UPDATE(ptr,new) do { \ | |
104 | if (ptr) myfree(ptr); ptr = mystrdup(new); \ | 104 | if (ptr) myfree(ptr); ptr = mystrdup(new); \ | |
105 | } while (0) | 105 | } while (0) | |
106 | #define STR vstring_str | 106 | #define STR vstring_str | |
107 | #define RETURN(x) do { \ | 107 | #define RETURN(x) do { \ | |
108 | been_here_free(been_here); return (x); \ | 108 | been_here_free(been_here); return (x); \ | |
109 | } while (0) | 109 | } while (0) | |
110 | #define UNEXPAND(argv, addr) do { \ | 110 | #define UNEXPAND(argv, addr) do { \ | |
111 | argv_truncate((argv), 0); argv_add((argv), (addr), (char *) 0); \ | 111 | argv_truncate((argv), 0); argv_add((argv), (addr), (char *) 0); \ | |
112 | } while (0) | 112 | } while (0) | |
113 | 113 | |||
114 | for (arg = 0; arg < argv->argc; arg++) { | 114 | for (arg = 0; arg < argv->argc; arg++) { | |
115 | if (argv->argc > var_virt_expan_limit) { | 115 | if (argv->argc > var_virt_expan_limit) { | |
116 | msg_warn("%s: unreasonable %s map expansion size for %s -- " | 116 | msg_warn("%s: unreasonable %s map expansion size for %s -- " | |
117 | "message not accepted, try again later", | 117 | "message not accepted, try again later", | |
118 | state->queue_id, maps->title, addr); | 118 | state->queue_id, maps->title, addr); | |
119 | state->errs |= CLEANUP_STAT_DEFER; | 119 | state->errs |= CLEANUP_STAT_DEFER; | |
120 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | 120 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | |
121 | UNEXPAND(argv, addr); | 121 | UNEXPAND(argv, addr); | |
122 | RETURN(argv); | 122 | RETURN(argv); | |
123 | } | 123 | } | |
124 | for (count = 0; /* void */ ; count++) { | 124 | for (count = 0; /* void */ ; count++) { | |
125 | 125 | |||
126 | /* | 126 | /* | |
127 | * Don't expand an address that already expanded into itself. | 127 | * Don't expand an address that already expanded into itself. | |
128 | */ | 128 | */ | |
129 | if (been_here_check_fixed(been_here, argv->argv[arg]) != 0) | 129 | if (been_here_check_fixed(been_here, argv->argv[arg]) != 0) | |
130 | break; | 130 | break; | |
131 | if (count >= var_virt_recur_limit) { | 131 | if (count >= var_virt_recur_limit) { | |
132 | msg_warn("%s: unreasonable %s map nesting for %s -- " | 132 | msg_warn("%s: unreasonable %s map nesting for %s -- " | |
133 | "message not accepted, try again later", | 133 | "message not accepted, try again later", | |
134 | state->queue_id, maps->title, addr); | 134 | state->queue_id, maps->title, addr); | |
135 | state->errs |= CLEANUP_STAT_DEFER; | 135 | state->errs |= CLEANUP_STAT_DEFER; | |
136 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | 136 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | |
137 | UNEXPAND(argv, addr); | 137 | UNEXPAND(argv, addr); | |
138 | RETURN(argv); | 138 | RETURN(argv); | |
139 | } | 139 | } | |
140 | quote_822_local(state->temp1, argv->argv[arg]); | 140 | quote_822_local(state->temp1, argv->argv[arg]); | |
141 | if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) { | 141 | if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) { | |
142 | saved_lhs = mystrdup(argv->argv[arg]); | 142 | saved_lhs = mystrdup(argv->argv[arg]); | |
143 | for (i = 0; i < lookup->argc; i++) { | 143 | for (i = 0; i < lookup->argc; i++) { | |
144 | if (strlen(lookup->argv[i]) > var_line_limit) { | |||
145 | msg_warn("%s: unreasonable %s result %.300s... -- " | |||
146 | "message not accepted, try again later", | |||
147 | state->queue_id, maps->title, lookup->argv[i]); | |||
148 | state->errs |= CLEANUP_STAT_DEFER; | |||
149 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | |||
150 | UNEXPAND(argv, addr); | |||
151 | RETURN(argv); | |||
152 | } | |||
144 | unquote_822_local(state->temp1, lookup->argv[i]); | 153 | unquote_822_local(state->temp1, lookup->argv[i]); | |
145 | if (i == 0) { | 154 | if (i == 0) { | |
146 | UPDATE(argv->argv[arg], STR(state->temp1)); | 155 | UPDATE(argv->argv[arg], STR(state->temp1)); | |
147 | } else { | 156 | } else { | |
148 | argv_add(argv, STR(state->temp1), ARGV_END); | 157 | argv_add(argv, STR(state->temp1), ARGV_END); | |
149 | argv_terminate(argv); | 158 | argv_terminate(argv); | |
150 | } | 159 | } | |
151 | 160 | |||
152 | /* | 161 | /* | |
153 | * Allow an address to expand into itself once. | 162 | * Allow an address to expand into itself once. | |
154 | */ | 163 | */ | |
155 | if (strcasecmp(saved_lhs, STR(state->temp1)) == 0) | 164 | if (strcasecmp(saved_lhs, STR(state->temp1)) == 0) | |
156 | been_here_fixed(been_here, saved_lhs); | 165 | been_here_fixed(been_here, saved_lhs); | |
157 | } | 166 | } | |
158 | myfree(saved_lhs); | 167 | myfree(saved_lhs); | |
159 | argv_free(lookup); | 168 | argv_free(lookup); | |
160 | } else if (maps->error != 0) { | 169 | } else if (maps->error != 0) { | |
161 | msg_warn("%s: %s map lookup problem for %s -- " | 170 | msg_warn("%s: %s map lookup problem for %s -- " | |
162 | "message not accepted, try again later", | 171 | "message not accepted, try again later", | |
163 | state->queue_id, maps->title, addr); | 172 | state->queue_id, maps->title, addr); | |
164 | state->errs |= CLEANUP_STAT_WRITE; | 173 | state->errs |= CLEANUP_STAT_WRITE; | |
165 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | 174 | UPDATE(state->reason, "4.6.0 Alias expansion error"); | |
166 | UNEXPAND(argv, addr); | 175 | UNEXPAND(argv, addr); | |
167 | RETURN(argv); | 176 | RETURN(argv); | |
168 | } else { | 177 | } else { | |
169 | break; | 178 | break; | |
170 | } | 179 | } | |
171 | } | 180 | } | |
172 | } | 181 | } | |
173 | RETURN(argv); | 182 | RETURN(argv); | |
174 | } | 183 | } |
--- src/external/ibm-public/postfix/dist/src/global/mail_version.h 2015/01/27 08:14:03 1.1.1.21.2.1
+++ src/external/ibm-public/postfix/dist/src/global/mail_version.h 2015/03/03 07:11:08 1.1.1.21.2.2
@@ -1,106 +1,106 @@ | @@ -1,106 +1,106 @@ | |||
1 | /* $NetBSD: mail_version.h,v 1.1.1.21.2.1 2015/01/27 08:14:03 martin Exp $ */ | 1 | /* $NetBSD: mail_version.h,v 1.1.1.21.2.2 2015/03/03 07:11:08 snj Exp $ */ | |
2 | 2 | |||
3 | #ifndef _MAIL_VERSION_H_INCLUDED_ | 3 | #ifndef _MAIL_VERSION_H_INCLUDED_ | |
4 | #define _MAIL_VERSION_H_INCLUDED_ | 4 | #define _MAIL_VERSION_H_INCLUDED_ | |
5 | 5 | |||
6 | /*++ | 6 | /*++ | |
7 | /* NAME | 7 | /* NAME | |
8 | /* mail_version 3h | 8 | /* mail_version 3h | |
9 | /* SUMMARY | 9 | /* SUMMARY | |
10 | /* globally configurable parameters | 10 | /* globally configurable parameters | |
11 | /* SYNOPSIS | 11 | /* SYNOPSIS | |
12 | /* #include <mail_version.h> | 12 | /* #include <mail_version.h> | |
13 | /* DESCRIPTION | 13 | /* DESCRIPTION | |
14 | /* .nf | 14 | /* .nf | |
15 | 15 | |||
16 | /* | 16 | /* | |
17 | * Version of this program. Official versions are called a.b.c, and | 17 | * Version of this program. Official versions are called a.b.c, and | |
18 | * snapshots are called a.b-yyyymmdd, where a=major release number, b=minor | 18 | * snapshots are called a.b-yyyymmdd, where a=major release number, b=minor | |
19 | * release number, c=patchlevel, and yyyymmdd is the release date: | 19 | * release number, c=patchlevel, and yyyymmdd is the release date: | |
20 | * yyyy=year, mm=month, dd=day. | 20 | * yyyy=year, mm=month, dd=day. | |
21 | * | 21 | * | |
22 | * Patches change both the patchlevel and the release date. Snapshots have no | 22 | * Patches change both the patchlevel and the release date. Snapshots have no | |
23 | * patchlevel; they change the release date only. | 23 | * patchlevel; they change the release date only. | |
24 | */ | 24 | */ | |
25 | #define MAIL_RELEASE_DATE "20141019" | 25 | #define MAIL_RELEASE_DATE "20150208" | |
26 | #define MAIL_VERSION_NUMBER "2.11.3" | 26 | #define MAIL_VERSION_NUMBER "2.11.4" | |
27 | 27 | |||
28 | #ifdef SNAPSHOT | 28 | #ifdef SNAPSHOT | |
29 | #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE | 29 | #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE | |
30 | #else | 30 | #else | |
31 | #define MAIL_VERSION_DATE "" | 31 | #define MAIL_VERSION_DATE "" | |
32 | #endif | 32 | #endif | |
33 | 33 | |||
34 | #ifdef NONPROD | 34 | #ifdef NONPROD | |
35 | #define MAIL_VERSION_PROD "-nonprod" | 35 | #define MAIL_VERSION_PROD "-nonprod" | |
36 | #else | 36 | #else | |
37 | #define MAIL_VERSION_PROD "" | 37 | #define MAIL_VERSION_PROD "" | |
38 | #endif | 38 | #endif | |
39 | 39 | |||
40 | #define VAR_MAIL_VERSION "mail_version" | 40 | #define VAR_MAIL_VERSION "mail_version" | |
41 | #define DEF_MAIL_VERSION MAIL_VERSION_NUMBER MAIL_VERSION_DATE MAIL_VERSION_PROD | 41 | #define DEF_MAIL_VERSION MAIL_VERSION_NUMBER MAIL_VERSION_DATE MAIL_VERSION_PROD | |
42 | 42 | |||
43 | extern char *var_mail_version; | 43 | extern char *var_mail_version; | |
44 | 44 | |||
45 | /* | 45 | /* | |
46 | * Release date. | 46 | * Release date. | |
47 | */ | 47 | */ | |
48 | #define VAR_MAIL_RELEASE "mail_release_date" | 48 | #define VAR_MAIL_RELEASE "mail_release_date" | |
49 | #define DEF_MAIL_RELEASE MAIL_RELEASE_DATE | 49 | #define DEF_MAIL_RELEASE MAIL_RELEASE_DATE | |
50 | extern char *var_mail_release; | 50 | extern char *var_mail_release; | |
51 | 51 | |||
52 | /* | 52 | /* | |
53 | * The following macros stamp executable files as well as core dumps. This | 53 | * The following macros stamp executable files as well as core dumps. This | |
54 | * information helps to answer the following questions: | 54 | * information helps to answer the following questions: | |
55 | * | 55 | * | |
56 | * - What Postfix versions(s) are installed on this machine? | 56 | * - What Postfix versions(s) are installed on this machine? | |
57 | * | 57 | * | |
58 | * - Is this installation mixing multiple Postfix versions? | 58 | * - Is this installation mixing multiple Postfix versions? | |
59 | * | 59 | * | |
60 | * - What Postfix version generated this core dump? | 60 | * - What Postfix version generated this core dump? | |
61 | * | 61 | * | |
62 | * To find out: strings -f file... | grep mail_version= | 62 | * To find out: strings -f file... | grep mail_version= | |
63 | */ | 63 | */ | |
64 | #include <string.h> | 64 | #include <string.h> | |
65 | 65 | |||
66 | #define MAIL_VERSION_STAMP_DECLARE \ | 66 | #define MAIL_VERSION_STAMP_DECLARE \ | |
67 | char *mail_version_stamp | 67 | char *mail_version_stamp | |
68 | 68 | |||
69 | #define MAIL_VERSION_STAMP_ALLOCATE \ | 69 | #define MAIL_VERSION_STAMP_ALLOCATE \ | |
70 | mail_version_stamp = strdup(VAR_MAIL_VERSION "=" DEF_MAIL_VERSION) | 70 | mail_version_stamp = strdup(VAR_MAIL_VERSION "=" DEF_MAIL_VERSION) | |
71 | 71 | |||
72 | /* | 72 | /* | |
73 | * Mail version string parser, plus support to compare the compile-time | 73 | * Mail version string parser, plus support to compare the compile-time | |
74 | * version string of a Postfix program with the run-time version string of a | 74 | * version string of a Postfix program with the run-time version string of a | |
75 | * Postfix shared library. When programs are not updated, they may fail in | 75 | * Postfix shared library. When programs are not updated, they may fail in | |
76 | * erratic ways when linked against a newer run-time library. Of course the | 76 | * erratic ways when linked against a newer run-time library. Of course the | |
77 | * right solution is so-number versioning of the Postfix run-time library. | 77 | * right solution is so-number versioning of the Postfix run-time library. | |
78 | */ | 78 | */ | |
79 | typedef struct { | 79 | typedef struct { | |
80 | char *program; /* postfix */ | 80 | char *program; /* postfix */ | |
81 | int major; /* 2 */ | 81 | int major; /* 2 */ | |
82 | int minor; /* 9 */ | 82 | int minor; /* 9 */ | |
83 | int patch; /* null */ | 83 | int patch; /* null */ | |
84 | char *snapshot; /* 20111209-nonprod */ | 84 | char *snapshot; /* 20111209-nonprod */ | |
85 | } MAIL_VERSION; | 85 | } MAIL_VERSION; | |
86 | 86 | |||
87 | extern MAIL_VERSION *mail_version_parse(const char *, const char **); | 87 | extern MAIL_VERSION *mail_version_parse(const char *, const char **); | |
88 | extern void mail_version_free(MAIL_VERSION *); | 88 | extern void mail_version_free(MAIL_VERSION *); | |
89 | extern const char *get_mail_version(void); | 89 | extern const char *get_mail_version(void); | |
90 | extern void check_mail_version(const char *); | 90 | extern void check_mail_version(const char *); | |
91 | 91 | |||
92 | #define MAIL_VERSION_CHECK \ | 92 | #define MAIL_VERSION_CHECK \ | |
93 | check_mail_version(DEF_MAIL_VERSION) | 93 | check_mail_version(DEF_MAIL_VERSION) | |
94 | 94 | |||
95 | /* LICENSE | 95 | /* LICENSE | |
96 | /* .ad | 96 | /* .ad | |
97 | /* .fi | 97 | /* .fi | |
98 | /* The Secure Mailer license must be distributed with this software. | 98 | /* The Secure Mailer license must be distributed with this software. | |
99 | /* AUTHOR(S) | 99 | /* AUTHOR(S) | |
100 | /* Wietse Venema | 100 | /* Wietse Venema | |
101 | /* IBM T.J. Watson Research | 101 | /* IBM T.J. Watson Research | |
102 | /* P.O. Box 704 | 102 | /* P.O. Box 704 | |
103 | /* Yorktown Heights, NY 10598, USA | 103 | /* Yorktown Heights, NY 10598, USA | |
104 | /*--*/ | 104 | /*--*/ | |
105 | 105 | |||
106 | #endif | 106 | #endif |
--- src/external/ibm-public/postfix/dist/src/global/tok822_tree.c 2009/06/23 10:08:48 1.1.1.1
+++ src/external/ibm-public/postfix/dist/src/global/tok822_tree.c 2015/03/03 07:11:08 1.1.1.1.28.1
@@ -1,309 +1,310 @@ | @@ -1,309 +1,310 @@ | |||
1 | /* $NetBSD: tok822_tree.c,v 1.1.1.1 2009/06/23 10:08:48 tron Exp $ */ | 1 | /* $NetBSD: tok822_tree.c,v 1.1.1.1.28.1 2015/03/03 07:11:08 snj Exp $ */ | |
2 | 2 | |||
3 | /*++ | 3 | /*++ | |
4 | /* NAME | 4 | /* NAME | |
5 | /* tok822_tree 3 | 5 | /* tok822_tree 3 | |
6 | /* SUMMARY | 6 | /* SUMMARY | |
7 | /* assorted token tree operators | 7 | /* assorted token tree operators | |
8 | /* SYNOPSIS | 8 | /* SYNOPSIS | |
9 | /* #include <tok822.h> | 9 | /* #include <tok822.h> | |
10 | /* | 10 | /* | |
11 | /* TOK822 *tok822_append(t1, t2) | 11 | /* TOK822 *tok822_append(t1, t2) | |
12 | /* TOK822 *t1; | 12 | /* TOK822 *t1; | |
13 | /* TOK822 *t2; | 13 | /* TOK822 *t2; | |
14 | /* | 14 | /* | |
15 | /* TOK822 *tok822_prepend(t1, t2) | 15 | /* TOK822 *tok822_prepend(t1, t2) | |
16 | /* TOK822 *t1; | 16 | /* TOK822 *t1; | |
17 | /* TOK822 *t2; | 17 | /* TOK822 *t2; | |
18 | /* | 18 | /* | |
19 | /* TOK822 *tok822_cut_before(tp) | 19 | /* TOK822 *tok822_cut_before(tp) | |
20 | /* TOK822 *tp; | 20 | /* TOK822 *tp; | |
21 | /* | 21 | /* | |
22 | /* TOK822 *tok822_cut_after(tp) | 22 | /* TOK822 *tok822_cut_after(tp) | |
23 | /* TOK822 *tp; | 23 | /* TOK822 *tp; | |
24 | /* | 24 | /* | |
25 | /* TOK822 *tok822_unlink(tp) | 25 | /* TOK822 *tok822_unlink(tp) | |
26 | /* TOK822 *tp; | 26 | /* TOK822 *tp; | |
27 | /* | 27 | /* | |
28 | /* TOK822 *tok822_sub_append(t1, t2) | 28 | /* TOK822 *tok822_sub_append(t1, t2) | |
29 | /* TOK822 *t1; | 29 | /* TOK822 *t1; | |
30 | /* | 30 | /* | |
31 | /* TOK822 *tok822_sub_prepend(t1, t2) | 31 | /* TOK822 *tok822_sub_prepend(t1, t2) | |
32 | /* TOK822 *t1; | 32 | /* TOK822 *t1; | |
33 | /* TOK822 *t2; | 33 | /* TOK822 *t2; | |
34 | /* | 34 | /* | |
35 | /* TOK822 *tok822_sub_keep_before(t1, t2) | 35 | /* TOK822 *tok822_sub_keep_before(t1, t2) | |
36 | /* TOK822 *tp; | 36 | /* TOK822 *tp; | |
37 | /* | 37 | /* | |
38 | /* TOK822 *tok822_sub_keep_after(t1, t2) | 38 | /* TOK822 *tok822_sub_keep_after(t1, t2) | |
39 | /* TOK822 *tp; | 39 | /* TOK822 *tp; | |
40 | /* | 40 | /* | |
41 | /* int tok822_apply(list, type, action) | 41 | /* int tok822_apply(list, type, action) | |
42 | /* TOK822 *list; | 42 | /* TOK822 *list; | |
43 | /* int type; | 43 | /* int type; | |
44 | /* int (*action)(TOK822 *token); | 44 | /* int (*action)(TOK822 *token); | |
45 | /* | 45 | /* | |
46 | /* int tok822_grep(list, type) | 46 | /* int tok822_grep(list, type) | |
47 | /* TOK822 *list; | 47 | /* TOK822 *list; | |
48 | /* int type; | 48 | /* int type; | |
49 | /* | 49 | /* | |
50 | /* TOK822 *tok822_free_tree(tp) | 50 | /* TOK822 *tok822_free_tree(tp) | |
51 | /* TOK822 *tp; | 51 | /* TOK822 *tp; | |
52 | /* DESCRIPTION | 52 | /* DESCRIPTION | |
53 | /* This module manipulates trees of token structures. Trees grow | 53 | /* This module manipulates trees of token structures. Trees grow | |
54 | /* to the right or downwards. Operators are provided to cut and | 54 | /* to the right or downwards. Operators are provided to cut and | |
55 | /* combine trees in various manners. | 55 | /* combine trees in various manners. | |
56 | /* | 56 | /* | |
57 | /* tok822_append() appends the token list \fIt2\fR to the right | 57 | /* tok822_append() appends the token list \fIt2\fR to the right | |
58 | /* of token list \fIt1\fR. The result is the last token in \fIt2\fR. | 58 | /* of token list \fIt1\fR. The result is the last token in \fIt2\fR. | |
59 | /* The appended list inherits the \fIowner\fR attribute from \fIt1\fR. | 59 | /* The appended list inherits the \fIowner\fR attribute from \fIt1\fR. | |
60 | /* The parent node, if any, is not updated. | 60 | /* The parent node, if any, is not updated. | |
61 | /* | 61 | /* | |
62 | /* tok822_prepend() inserts the token list \fIt2\fR to the left | 62 | /* tok822_prepend() inserts the token list \fIt2\fR to the left | |
63 | /* of token \fIt1\fR. The result is the last token in \fIt2\fR. | 63 | /* of token \fIt1\fR. The result is the last token in \fIt2\fR. | |
64 | /* The appended list inherits the \fIowner\fR attribute from \fIt1\fR. | 64 | /* The appended list inherits the \fIowner\fR attribute from \fIt1\fR. | |
65 | /* The parent node, if any, is not updated. | 65 | /* The parent node, if any, is not updated. | |
66 | /* | 66 | /* | |
67 | /* tok822_cut_before() breaks a token list on the left side of \fItp\fR | 67 | /* tok822_cut_before() breaks a token list on the left side of \fItp\fR | |
68 | /* and returns the left neighbor of \tItp\fR. | 68 | /* and returns the left neighbor of \tItp\fR. | |
69 | /* | 69 | /* | |
70 | /* tok822_cut_after() breaks a token list on the right side of \fItp\fR | 70 | /* tok822_cut_after() breaks a token list on the right side of \fItp\fR | |
71 | /* and returns the right neighbor of \tItp\fR. | 71 | /* and returns the right neighbor of \tItp\fR. | |
72 | /* | 72 | /* | |
73 | /* tok822_unlink() disconnects a token from its left and right neighbors | 73 | /* tok822_unlink() disconnects a token from its left and right neighbors | |
74 | /* and returns the left neighbor of \tItp\fR. | 74 | /* and returns the left neighbor of \tItp\fR. | |
75 | /* | 75 | /* | |
76 | /* tok822_sub_append() appends the token list \fIt2\fR to the right | 76 | /* tok822_sub_append() appends the token list \fIt2\fR to the right | |
77 | /* of the token list below \fIt1\fR. The result is the last token | 77 | /* of the token list below \fIt1\fR. The result is the last token | |
78 | /* in \fIt2\fR. | 78 | /* in \fIt2\fR. | |
79 | /* | 79 | /* | |
80 | /* tok822_sub_prepend() prepends the token list \fIt2\fR to the left | 80 | /* tok822_sub_prepend() prepends the token list \fIt2\fR to the left | |
81 | /* of the token list below \fIt1\fR. The result is the last token | 81 | /* of the token list below \fIt1\fR. The result is the last token | |
82 | /* in \fIt2\fR. | 82 | /* in \fIt2\fR. | |
83 | /* | 83 | /* | |
84 | /* tok822_sub_keep_before() keeps the token list below \fIt1\fR on the | 84 | /* tok822_sub_keep_before() keeps the token list below \fIt1\fR on the | |
85 | /* left side of \fIt2\fR and returns the tail of the disconnected list. | 85 | /* left side of \fIt2\fR and returns the tail of the disconnected list. | |
86 | /* | 86 | /* | |
87 | /* tok822_sub_keep_after() keeps the token list below \fIt1\fR on the | 87 | /* tok822_sub_keep_after() keeps the token list below \fIt1\fR on the | |
88 | /* right side of \fIt2\fR and returns the head of the disconnected list. | 88 | /* right side of \fIt2\fR and returns the head of the disconnected list. | |
89 | /* | 89 | /* | |
90 | /* tok822_apply() applies the specified action routine to all tokens | 90 | /* tok822_apply() applies the specified action routine to all tokens | |
91 | /* matching the given type (to all tokens when a null type is given). | 91 | /* matching the given type (to all tokens when a null type is given). | |
92 | /* Processing terminates when the action routine returns a non-zero | 92 | /* Processing terminates when the action routine returns a non-zero | |
93 | /* value. The result is the last result returned by the action routine. | 93 | /* value. The result is the last result returned by the action routine. | |
94 | /* tok822_apply() does not traverse vertical links. | 94 | /* tok822_apply() does not traverse vertical links. | |
95 | /* | 95 | /* | |
96 | /* tok822_grep() returns a null-terminated array of pointers to tokens | 96 | /* tok822_grep() returns a null-terminated array of pointers to tokens | |
97 | /* matching the specified type (all tokens when a null type is given). | 97 | /* matching the specified type (all tokens when a null type is given). | |
98 | /* tok822_grep() does not traverse vertical links. The result must be | 98 | /* tok822_grep() does not traverse vertical links. The result must be | |
99 | /* given to myfree(). | 99 | /* given to myfree(). | |
100 | /* | 100 | /* | |
101 | /* tok822_free_tree() destroys a tree of token structures and | 101 | /* tok822_free_tree() destroys a tree of token structures and | |
102 | /* conveniently returns a null pointer. | 102 | /* conveniently returns a null pointer. | |
103 | /* LICENSE | 103 | /* LICENSE | |
104 | /* .ad | 104 | /* .ad | |
105 | /* .fi | 105 | /* .fi | |
106 | /* The Secure Mailer license must be distributed with this software. | 106 | /* The Secure Mailer license must be distributed with this software. | |
107 | /* AUTHOR(S) | 107 | /* AUTHOR(S) | |
108 | /* Wietse Venema | 108 | /* Wietse Venema | |
109 | /* IBM T.J. Watson Research | 109 | /* IBM T.J. Watson Research | |
110 | /* P.O. Box 704 | 110 | /* P.O. Box 704 | |
111 | /* Yorktown Heights, NY 10598, USA | 111 | /* Yorktown Heights, NY 10598, USA | |
112 | /*--*/ | 112 | /*--*/ | |
113 | 113 | |||
114 | /* System library. */ | 114 | /* System library. */ | |
115 | 115 | |||
116 | #include <sys_defs.h> | 116 | #include <sys_defs.h> | |
117 | 117 | |||
118 | /* Utility library. */ | 118 | /* Utility library. */ | |
119 | 119 | |||
120 | #include <mymalloc.h> | 120 | #include <mymalloc.h> | |
121 | #include <vstring.h> | 121 | #include <vstring.h> | |
122 | 122 | |||
123 | /* Global library. */ | 123 | /* Global library. */ | |
124 | 124 | |||
125 | #include "tok822.h" | 125 | #include "tok822.h" | |
126 | 126 | |||
127 | /* tok822_append - insert token list, return end of inserted list */ | 127 | /* tok822_append - insert token list, return end of inserted list */ | |
128 | 128 | |||
129 | TOK822 *tok822_append(TOK822 *t1, TOK822 *t2) | 129 | TOK822 *tok822_append(TOK822 *t1, TOK822 *t2) | |
130 | { | 130 | { | |
131 | TOK822 *next = t1->next; | 131 | TOK822 *next = t1->next; | |
132 | 132 | |||
133 | t1->next = t2; | 133 | t1->next = t2; | |
134 | t2->prev = t1; | 134 | t2->prev = t1; | |
135 | 135 | |||
136 | t2->owner = t1->owner; | 136 | t2->owner = t1->owner; | |
137 | while (t2->next) | 137 | while (t2->next) | |
138 | (t2 = t2->next)->owner = t1->owner; | 138 | (t2 = t2->next)->owner = t1->owner; | |
139 | 139 | |||
140 | t2->next = next; | 140 | t2->next = next; | |
141 | if (next) | 141 | if (next) | |
142 | next->prev = t2; | 142 | next->prev = t2; | |
143 | return (t2); | 143 | return (t2); | |
144 | } | 144 | } | |
145 | 145 | |||
146 | /* tok822_prepend - insert token list, return end of inserted list */ | 146 | /* tok822_prepend - insert token list, return end of inserted list */ | |
147 | 147 | |||
148 | TOK822 *tok822_prepend(TOK822 *t1, TOK822 *t2) | 148 | TOK822 *tok822_prepend(TOK822 *t1, TOK822 *t2) | |
149 | { | 149 | { | |
150 | TOK822 *prev = t1->prev; | 150 | TOK822 *prev = t1->prev; | |
151 | 151 | |||
152 | if (prev) | 152 | if (prev) | |
153 | prev->next = t2; | 153 | prev->next = t2; | |
154 | t2->prev = prev; | 154 | t2->prev = prev; | |
155 | 155 | |||
156 | t2->owner = t1->owner; | 156 | t2->owner = t1->owner; | |
157 | while (t2->next) | 157 | while (t2->next) | |
158 | (t2 = t2->next)->owner = t1->owner; | 158 | (t2 = t2->next)->owner = t1->owner; | |
159 | 159 | |||
160 | t2->next = t1; | 160 | t2->next = t1; | |
161 | t1->prev = t2; | 161 | t1->prev = t2; | |
162 | return (t2); | 162 | return (t2); | |
163 | } | 163 | } | |
164 | 164 | |||
165 | /* tok822_cut_before - split list before token, return predecessor token */ | 165 | /* tok822_cut_before - split list before token, return predecessor token */ | |
166 | 166 | |||
167 | TOK822 *tok822_cut_before(TOK822 *tp) | 167 | TOK822 *tok822_cut_before(TOK822 *tp) | |
168 | { | 168 | { | |
169 | TOK822 *prev = tp->prev; | 169 | TOK822 *prev = tp->prev; | |
170 | 170 | |||
171 | if (prev) { | 171 | if (prev) { | |
172 | prev->next = 0; | 172 | prev->next = 0; | |
173 | tp->prev = 0; | 173 | tp->prev = 0; | |
174 | } | 174 | } | |
175 | return (prev); | 175 | return (prev); | |
176 | } | 176 | } | |
177 | 177 | |||
178 | /* tok822_cut_after - split list after token, return successor token */ | 178 | /* tok822_cut_after - split list after token, return successor token */ | |
179 | 179 | |||
180 | TOK822 *tok822_cut_after(TOK822 *tp) | 180 | TOK822 *tok822_cut_after(TOK822 *tp) | |
181 | { | 181 | { | |
182 | TOK822 *next = tp->next; | 182 | TOK822 *next = tp->next; | |
183 | 183 | |||
184 | if (next) { | 184 | if (next) { | |
185 | next->prev = 0; | 185 | next->prev = 0; | |
186 | tp->next = 0; | 186 | tp->next = 0; | |
187 | } | 187 | } | |
188 | return (next); | 188 | return (next); | |
189 | } | 189 | } | |
190 | 190 | |||
191 | /* tok822_unlink - take token away from list, return predecessor token */ | 191 | /* tok822_unlink - take token away from list, return predecessor token */ | |
192 | 192 | |||
193 | TOK822 *tok822_unlink(TOK822 *tp) | 193 | TOK822 *tok822_unlink(TOK822 *tp) | |
194 | { | 194 | { | |
195 | TOK822 *prev = tp->prev; | 195 | TOK822 *prev = tp->prev; | |
196 | TOK822 *next = tp->next; | 196 | TOK822 *next = tp->next; | |
197 | 197 | |||
198 | if (prev) | 198 | if (prev) | |
199 | prev->next = next; | 199 | prev->next = next; | |
200 | if (next) | 200 | if (next) | |
201 | next->prev = prev; | 201 | next->prev = prev; | |
202 | tp->prev = tp->next = 0; | 202 | tp->prev = tp->next = 0; | |
203 | return (prev); | 203 | return (prev); | |
204 | } | 204 | } | |
205 | 205 | |||
206 | /* tok822_sub_append - append sublist, return end of appended list */ | 206 | /* tok822_sub_append - append sublist, return end of appended list */ | |
207 | 207 | |||
208 | TOK822 *tok822_sub_append(TOK822 *t1, TOK822 *t2) | 208 | TOK822 *tok822_sub_append(TOK822 *t1, TOK822 *t2) | |
209 | { | 209 | { | |
210 | if (t1->head) { | 210 | if (t1->head) { | |
211 | return (t1->tail = tok822_append(t1->tail, t2)); | 211 | return (t1->tail = tok822_append(t1->tail, t2)); | |
212 | } else { | 212 | } else { | |
213 | t1->head = t2; | 213 | t1->head = t2; | |
214 | while (t2->next) | 214 | while (t2->next) | |
215 | (t2 = t2->next)->owner = t1; | 215 | (t2 = t2->next)->owner = t1; | |
216 | return (t1->tail = t2); | 216 | return (t1->tail = t2); | |
217 | } | 217 | } | |
218 | } | 218 | } | |
219 | 219 | |||
220 | /* tok822_sub_prepend - prepend sublist, return end of prepended list */ | 220 | /* tok822_sub_prepend - prepend sublist, return end of prepended list */ | |
221 | 221 | |||
222 | TOK822 *tok822_sub_prepend(TOK822 *t1, TOK822 *t2) | 222 | TOK822 *tok822_sub_prepend(TOK822 *t1, TOK822 *t2) | |
223 | { | 223 | { | |
224 | TOK822 *tp; | 224 | TOK822 *tp; | |
225 | 225 | |||
226 | if (t1->head) { | 226 | if (t1->head) { | |
227 | tp = tok822_prepend(t1->head, t2); | 227 | tp = tok822_prepend(t1->head, t2); | |
228 | t1->head = t2; | 228 | t1->head = t2; | |
229 | return (tp); | 229 | return (tp); | |
230 | } else { | 230 | } else { | |
231 | t1->head = t2; | 231 | t1->head = t2; | |
232 | while (t2->next) | 232 | while (t2->next) | |
233 | (t2 = t2->next)->owner = t1; | 233 | (t2 = t2->next)->owner = t1; | |
234 | return (t1->tail = t2); | 234 | return (t1->tail = t2); | |
235 | } | 235 | } | |
236 | } | 236 | } | |
237 | 237 | |||
238 | /* tok822_sub_keep_before - cut sublist, return tail of disconnected list */ | 238 | /* tok822_sub_keep_before - cut sublist, return tail of disconnected list */ | |
239 | 239 | |||
240 | TOK822 *tok822_sub_keep_before(TOK822 *t1, TOK822 *t2) | 240 | TOK822 *tok822_sub_keep_before(TOK822 *t1, TOK822 *t2) | |
241 | { | 241 | { | |
242 | TOK822 *tail = t1->tail; | 242 | TOK822 *tail = t1->tail; | |
243 | 243 | |||
244 | if ((t1->tail = tok822_cut_before(t2)) == 0) | 244 | if ((t1->tail = tok822_cut_before(t2)) == 0) | |
245 | t1->head = 0; | 245 | t1->head = 0; | |
246 | return (tail); | 246 | return (tail); | |
247 | } | 247 | } | |
248 | 248 | |||
249 | /* tok822_sub_keep_after - cut sublist, return head of disconnected list */ | 249 | /* tok822_sub_keep_after - cut sublist, return head of disconnected list */ | |
250 | 250 | |||
251 | TOK822 *tok822_sub_keep_after(TOK822 *t1, TOK822 *t2) | 251 | TOK822 *tok822_sub_keep_after(TOK822 *t1, TOK822 *t2) | |
252 | { | 252 | { | |
253 | TOK822 *head = t1->head; | 253 | TOK822 *head = t1->head; | |
254 | 254 | |||
255 | if ((t1->head = tok822_cut_after(t2)) == 0) | 255 | if ((t1->head = tok822_cut_after(t2)) == 0) | |
256 | t1->tail = 0; | 256 | t1->tail = 0; | |
257 | return (head); | 257 | return (head); | |
258 | } | 258 | } | |
259 | 259 | |||
260 | /* tok822_free_tree - destroy token tree */ | 260 | /* tok822_free_tree - destroy token tree */ | |
261 | 261 | |||
262 | TOK822 *tok822_free_tree(TOK822 *tp) | 262 | TOK822 *tok822_free_tree(TOK822 *tp) | |
263 | { | 263 | { | |
264 | if (tp) { | 264 | TOK822 *next; | |
265 | if (tp->next) | 265 | ||
266 | tok822_free_tree(tp->next); | 266 | for (/* void */; tp != 0; tp = next) { | |
267 | if (tp->head) | 267 | if (tp->head) | |
268 | tok822_free_tree(tp->head); | 268 | tok822_free_tree(tp->head); | |
269 | next = tp->next; | |||
269 | tok822_free(tp); | 270 | tok822_free(tp); | |
270 | } | 271 | } | |
271 | return (0); | 272 | return (0); | |
272 | } | 273 | } | |
273 | 274 | |||
274 | /* tok822_apply - apply action to specified tokens */ | 275 | /* tok822_apply - apply action to specified tokens */ | |
275 | 276 | |||
276 | int tok822_apply(TOK822 *tree, int type, TOK822_ACTION action) | 277 | int tok822_apply(TOK822 *tree, int type, TOK822_ACTION action) | |
277 | { | 278 | { | |
278 | TOK822 *tp; | 279 | TOK822 *tp; | |
279 | int result = 0; | 280 | int result = 0; | |
280 | 281 | |||
281 | for (tp = tree; tp; tp = tp->next) { | 282 | for (tp = tree; tp; tp = tp->next) { | |
282 | if (type == 0 || tp->type == type) | 283 | if (type == 0 || tp->type == type) | |
283 | if ((result = action(tp)) != 0) | 284 | if ((result = action(tp)) != 0) | |
284 | break; | 285 | break; | |
285 | } | 286 | } | |
286 | return (result); | 287 | return (result); | |
287 | } | 288 | } | |
288 | 289 | |||
289 | /* tok822_grep - list matching tokens */ | 290 | /* tok822_grep - list matching tokens */ | |
290 | 291 | |||
291 | TOK822 **tok822_grep(TOK822 *tree, int type) | 292 | TOK822 **tok822_grep(TOK822 *tree, int type) | |
292 | { | 293 | { | |
293 | TOK822 **list; | 294 | TOK822 **list; | |
294 | TOK822 *tp; | 295 | TOK822 *tp; | |
295 | int count; | 296 | int count; | |
296 | 297 | |||
297 | for (count = 0, tp = tree; tp; tp = tp->next) | 298 | for (count = 0, tp = tree; tp; tp = tp->next) | |
298 | if (type == 0 || tp->type == type) | 299 | if (type == 0 || tp->type == type) | |
299 | count++; | 300 | count++; | |
300 | 301 | |||
301 | list = (TOK822 **) mymalloc(sizeof(*list) * (count + 1)); | 302 | list = (TOK822 **) mymalloc(sizeof(*list) * (count + 1)); | |
302 | 303 | |||
303 | for (count = 0, tp = tree; tp; tp = tp->next) | 304 | for (count = 0, tp = tree; tp; tp = tp->next) | |
304 | if (type == 0 || tp->type == type) | 305 | if (type == 0 || tp->type == type) | |
305 | list[count++] = tp; | 306 | list[count++] = tp; | |
306 | 307 | |||
307 | list[count] = 0; | 308 | list[count] = 0; | |
308 | return (list); | 309 | return (list); | |
309 | } | 310 | } |
--- src/external/ibm-public/postfix/dist/src/postconf/postconf_master.c 2014/07/06 19:45:50 1.3
+++ src/external/ibm-public/postfix/dist/src/postconf/postconf_master.c 2015/03/03 07:11:08 1.3.2.1
@@ -1,1003 +1,1003 @@ | @@ -1,1003 +1,1003 @@ | |||
1 | /* $NetBSD: postconf_master.c,v 1.3 2014/07/06 19:45:50 tron Exp $ */ | 1 | /* $NetBSD: postconf_master.c,v 1.3.2.1 2015/03/03 07:11:08 snj Exp $ */ | |
2 | 2 | |||
3 | /*++ | 3 | /*++ | |
4 | /* NAME | 4 | /* NAME | |
5 | /* postconf_master 3 | 5 | /* postconf_master 3 | |
6 | /* SUMMARY | 6 | /* SUMMARY | |
7 | /* support for master.cf | 7 | /* support for master.cf | |
8 | /* SYNOPSIS | 8 | /* SYNOPSIS | |
9 | /* #include <postconf.h> | 9 | /* #include <postconf.h> | |
10 | /* | 10 | /* | |
11 | /* const char pcf_daemon_options_expecting_value[]; | 11 | /* const char pcf_daemon_options_expecting_value[]; | |
12 | /* | 12 | /* | |
13 | /* void pcf_read_master(fail_on_open) | 13 | /* void pcf_read_master(fail_on_open) | |
14 | /* int fail_on_open; | 14 | /* int fail_on_open; | |
15 | /* | 15 | /* | |
16 | /* void pcf_show_master_entries(fp, mode, service_filters) | 16 | /* void pcf_show_master_entries(fp, mode, service_filters) | |
17 | /* VSTREAM *fp; | 17 | /* VSTREAM *fp; | |
18 | /* int mode; | 18 | /* int mode; | |
19 | /* char **service_filters; | 19 | /* char **service_filters; | |
20 | /* | 20 | /* | |
21 | /* void pcf_show_master_fields(fp, mode, n_filters, field_filters) | 21 | /* void pcf_show_master_fields(fp, mode, n_filters, field_filters) | |
22 | /* VSTREAM *fp; | 22 | /* VSTREAM *fp; | |
23 | /* int mode; | 23 | /* int mode; | |
24 | /* int n_filters; | 24 | /* int n_filters; | |
25 | /* char **field_filters; | 25 | /* char **field_filters; | |
26 | /* | 26 | /* | |
27 | /* void pcf_edit_master_field(masterp, field, new_value) | 27 | /* void pcf_edit_master_field(masterp, field, new_value) | |
28 | /* PCF_MASTER_ENT *masterp; | 28 | /* PCF_MASTER_ENT *masterp; | |
29 | /* int field; | 29 | /* int field; | |
30 | /* const char *new_value; | 30 | /* const char *new_value; | |
31 | /* | 31 | /* | |
32 | /* void pcf_show_master_params(fp, mode, argc, **param_filters) | 32 | /* void pcf_show_master_params(fp, mode, argc, **param_filters) | |
33 | /* VSTREAM *fp; | 33 | /* VSTREAM *fp; | |
34 | /* int mode; | 34 | /* int mode; | |
35 | /* int argc; | 35 | /* int argc; | |
36 | /* char **param_filters; | 36 | /* char **param_filters; | |
37 | /* | 37 | /* | |
38 | /* void pcf_edit_master_param(masterp, mode, param_name, param_value) | 38 | /* void pcf_edit_master_param(masterp, mode, param_name, param_value) | |
39 | /* PCF_MASTER_ENT *masterp; | 39 | /* PCF_MASTER_ENT *masterp; | |
40 | /* int mode; | 40 | /* int mode; | |
41 | /* const char *param_name; | 41 | /* const char *param_name; | |
42 | /* const char *param_value; | 42 | /* const char *param_value; | |
43 | /* AUXILIARY FUNCTIONS | 43 | /* AUXILIARY FUNCTIONS | |
44 | /* const char *pcf_parse_master_entry(masterp, buf) | 44 | /* const char *pcf_parse_master_entry(masterp, buf) | |
45 | /* PCF_MASTER_ENT *masterp; | 45 | /* PCF_MASTER_ENT *masterp; | |
46 | /* const char *buf; | 46 | /* const char *buf; | |
47 | /* | 47 | /* | |
48 | /* void pcf_print_master_entry(fp, mode, masterp) | 48 | /* void pcf_print_master_entry(fp, mode, masterp) | |
49 | /* VSTREAM *fp; | 49 | /* VSTREAM *fp; | |
50 | /* int mode; | 50 | /* int mode; | |
51 | /* PCF_MASTER_ENT *masterp; | 51 | /* PCF_MASTER_ENT *masterp; | |
52 | /* | 52 | /* | |
53 | /* void pcf_free_master_entry(masterp) | 53 | /* void pcf_free_master_entry(masterp) | |
54 | /* PCF_MASTER_ENT *masterp; | 54 | /* PCF_MASTER_ENT *masterp; | |
55 | /* DESCRIPTION | 55 | /* DESCRIPTION | |
56 | /* pcf_read_master() reads entries from master.cf into memory. | 56 | /* pcf_read_master() reads entries from master.cf into memory. | |
57 | /* | 57 | /* | |
58 | /* pcf_show_master_entries() writes the entries in the master.cf | 58 | /* pcf_show_master_entries() writes the entries in the master.cf | |
59 | /* file to the specified stream. | 59 | /* file to the specified stream. | |
60 | /* | 60 | /* | |
61 | /* pcf_show_master_fields() writes name/type/field=value records | 61 | /* pcf_show_master_fields() writes name/type/field=value records | |
62 | /* to the specified stream. | 62 | /* to the specified stream. | |
63 | /* | 63 | /* | |
64 | /* pcf_edit_master_field() updates the value of a single-column | 64 | /* pcf_edit_master_field() updates the value of a single-column | |
65 | /* or multi-column attribute. | 65 | /* or multi-column attribute. | |
66 | /* | 66 | /* | |
67 | /* pcf_show_master_params() writes name/type/parameter=value | 67 | /* pcf_show_master_params() writes name/type/parameter=value | |
68 | /* records to the specified stream. | 68 | /* records to the specified stream. | |
69 | /* | 69 | /* | |
70 | /* pcf_edit_master_param() updates, removes or adds the named | 70 | /* pcf_edit_master_param() updates, removes or adds the named | |
71 | /* parameter in a master.cf entry (the remove request ignores | 71 | /* parameter in a master.cf entry (the remove request ignores | |
72 | /* the parameter value). | 72 | /* the parameter value). | |
73 | /* | 73 | /* | |
74 | /* pcf_daemon_options_expecting_value[] is an array of master.cf | 74 | /* pcf_daemon_options_expecting_value[] is an array of master.cf | |
75 | /* daemon command-line options that expect an option value. | 75 | /* daemon command-line options that expect an option value. | |
76 | /* | 76 | /* | |
77 | /* pcf_parse_master_entry() parses a (perhaps multi-line) | 77 | /* pcf_parse_master_entry() parses a (perhaps multi-line) | |
78 | /* string that contains a complete master.cf entry, and | 78 | /* string that contains a complete master.cf entry, and | |
79 | /* normalizes daemon command-line options to simplify further | 79 | /* normalizes daemon command-line options to simplify further | |
80 | /* handling. | 80 | /* handling. | |
81 | /* | 81 | /* | |
82 | /* pcf_print_master_entry() prints a parsed master.cf entry. | 82 | /* pcf_print_master_entry() prints a parsed master.cf entry. | |
83 | /* | 83 | /* | |
84 | /* pcf_free_master_entry() returns storage to the heap that | 84 | /* pcf_free_master_entry() returns storage to the heap that | |
85 | /* was allocated by pcf_parse_master_entry(). | 85 | /* was allocated by pcf_parse_master_entry(). | |
86 | /* | 86 | /* | |
87 | /* Arguments | 87 | /* Arguments | |
88 | /* .IP fail_on_open | 88 | /* .IP fail_on_open | |
89 | /* Specify FAIL_ON_OPEN if open failure is a fatal error, | 89 | /* Specify FAIL_ON_OPEN if open failure is a fatal error, | |
90 | /* WARN_ON_OPEN if a warning should be logged instead. | 90 | /* WARN_ON_OPEN if a warning should be logged instead. | |
91 | /* .IP fp | 91 | /* .IP fp | |
92 | /* Output stream. | 92 | /* Output stream. | |
93 | /* .IP mode | 93 | /* .IP mode | |
94 | /* Bit-wise OR of flags. Flags other than the following are | 94 | /* Bit-wise OR of flags. Flags other than the following are | |
95 | /* ignored. | 95 | /* ignored. | |
96 | /* .RS | 96 | /* .RS | |
97 | /* .IP PCF_FOLD_LINE | 97 | /* .IP PCF_FOLD_LINE | |
98 | /* Wrap long output lines. | 98 | /* Wrap long output lines. | |
99 | /* .IP PCF_SHOW_EVAL | 99 | /* .IP PCF_SHOW_EVAL | |
100 | /* Expand $name in parameter values. | 100 | /* Expand $name in parameter values. | |
101 | /* .IP PCF_EDIT_EXCL | 101 | /* .IP PCF_EDIT_EXCL | |
102 | /* Request that pcf_edit_master_param() removes the parameter. | 102 | /* Request that pcf_edit_master_param() removes the parameter. | |
103 | /* .RE | 103 | /* .RE | |
104 | /* .IP n_filters | 104 | /* .IP n_filters | |
105 | /* The number of command-line filters. | 105 | /* The number of command-line filters. | |
106 | /* .IP field_filters | 106 | /* .IP field_filters | |
107 | /* A list of zero or more service field patterns (name/type/field). | 107 | /* A list of zero or more service field patterns (name/type/field). | |
108 | /* The output is formatted as "name/type/field = value". If | 108 | /* The output is formatted as "name/type/field = value". If | |
109 | /* no filters are specified, pcf_show_master_fields() outputs | 109 | /* no filters are specified, pcf_show_master_fields() outputs | |
110 | /* the fields of all master.cf entries in the specified order. | 110 | /* the fields of all master.cf entries in the specified order. | |
111 | /* .IP param_filters | 111 | /* .IP param_filters | |
112 | /* A list of zero or more service parameter patterns | 112 | /* A list of zero or more service parameter patterns | |
113 | /* (name/type/parameter). The output is formatted as | 113 | /* (name/type/parameter). The output is formatted as | |
114 | /* "name/type/parameter = value". If no filters are specified, | 114 | /* "name/type/parameter = value". If no filters are specified, | |
115 | /* pcf_show_master_params() outputs the parameters of all | 115 | /* pcf_show_master_params() outputs the parameters of all | |
116 | /* master.cf entries in sorted order. | 116 | /* master.cf entries in sorted order. | |
117 | /* .IP service_filters | 117 | /* .IP service_filters | |
118 | /* A list of zero or more service patterns (name or name/type). | 118 | /* A list of zero or more service patterns (name or name/type). | |
119 | /* If no filters are specified, pcf_show_master_entries() | 119 | /* If no filters are specified, pcf_show_master_entries() | |
120 | /* outputs all master.cf entries in the specified order. | 120 | /* outputs all master.cf entries in the specified order. | |
121 | /* .IP field | 121 | /* .IP field | |
122 | /* Index into parsed master.cf entry. | 122 | /* Index into parsed master.cf entry. | |
123 | /* .IP new_value | 123 | /* .IP new_value | |
124 | /* Replacement value for the specified field. It is split in | 124 | /* Replacement value for the specified field. It is split in | |
125 | /* whitespace in case of a multi-field attribute. | 125 | /* whitespace in case of a multi-field attribute. | |
126 | /* DIAGNOSTICS | 126 | /* DIAGNOSTICS | |
127 | /* Problems are reported to the standard error stream. | 127 | /* Problems are reported to the standard error stream. | |
128 | /* LICENSE | 128 | /* LICENSE | |
129 | /* .ad | 129 | /* .ad | |
130 | /* .fi | 130 | /* .fi | |
131 | /* The Secure Mailer license must be distributed with this software. | 131 | /* The Secure Mailer license must be distributed with this software. | |
132 | /* AUTHOR(S) | 132 | /* AUTHOR(S) | |
133 | /* Wietse Venema | 133 | /* Wietse Venema | |
134 | /* IBM T.J. Watson Research | 134 | /* IBM T.J. Watson Research | |
135 | /* P.O. Box 704 | 135 | /* P.O. Box 704 | |
136 | /* Yorktown Heights, NY 10598, USA | 136 | /* Yorktown Heights, NY 10598, USA | |
137 | /*--*/ | 137 | /*--*/ | |
138 | 138 | |||
139 | /* System library. */ | 139 | /* System library. */ | |
140 | 140 | |||
141 | #include <sys_defs.h> | 141 | #include <sys_defs.h> | |
142 | #include <string.h> | 142 | #include <string.h> | |
143 | #include <stdlib.h> | 143 | #include <stdlib.h> | |
144 | #include <stdarg.h> | 144 | #include <stdarg.h> | |
145 | 145 | |||
146 | /* Utility library. */ | 146 | /* Utility library. */ | |
147 | 147 | |||
148 | #include <msg.h> | 148 | #include <msg.h> | |
149 | #include <mymalloc.h> | 149 | #include <mymalloc.h> | |
150 | #include <vstring.h> | 150 | #include <vstring.h> | |
151 | #include <argv.h> | 151 | #include <argv.h> | |
152 | #include <vstream.h> | 152 | #include <vstream.h> | |
153 | #include <readlline.h> | 153 | #include <readlline.h> | |
154 | #include <stringops.h> | 154 | #include <stringops.h> | |
155 | #include <split_at.h> | 155 | #include <split_at.h> | |
156 | 156 | |||
157 | /* Global library. */ | 157 | /* Global library. */ | |
158 | 158 | |||
159 | #include <mail_params.h> | 159 | #include <mail_params.h> | |
160 | 160 | |||
161 | /* Master library. */ | 161 | /* Master library. */ | |
162 | 162 | |||
163 | #include <master_proto.h> | 163 | #include <master_proto.h> | |
164 | 164 | |||
165 | /* Application-specific. */ | 165 | /* Application-specific. */ | |
166 | 166 | |||
167 | #include <postconf.h> | 167 | #include <postconf.h> | |
168 | 168 | |||
169 | const char pcf_daemon_options_expecting_value[] = "o"; | 169 | const char pcf_daemon_options_expecting_value[] = "o"; | |
170 | 170 | |||
171 | /* | 171 | /* | |
172 | * Data structure to capture a command-line service field filter. | 172 | * Data structure to capture a command-line service field filter. | |
173 | */ | 173 | */ | |
174 | typedef struct { | 174 | typedef struct { | |
175 | int match_count; /* hit count */ | 175 | int match_count; /* hit count */ | |
176 | const char *raw_text; /* full pattern text */ | 176 | const char *raw_text; /* full pattern text */ | |
177 | ARGV *service_pattern; /* parsed service name, type, ... */ | 177 | ARGV *service_pattern; /* parsed service name, type, ... */ | |
178 | int field_pattern; /* parsed field pattern */ | 178 | int field_pattern; /* parsed field pattern */ | |
179 | const char *param_pattern; /* parameter pattern */ | 179 | const char *param_pattern; /* parameter pattern */ | |
180 | } PCF_MASTER_FLD_REQ; | 180 | } PCF_MASTER_FLD_REQ; | |
181 | 181 | |||
182 | /* | 182 | /* | |
183 | * Valid inputs. | 183 | * Valid inputs. | |
184 | */ | 184 | */ | |
185 | static const char *pcf_valid_master_types[] = { | 185 | static const char *pcf_valid_master_types[] = { | |
186 | MASTER_XPORT_NAME_UNIX, | 186 | MASTER_XPORT_NAME_UNIX, | |
187 | MASTER_XPORT_NAME_FIFO, | 187 | MASTER_XPORT_NAME_FIFO, | |
188 | MASTER_XPORT_NAME_INET, | 188 | MASTER_XPORT_NAME_INET, | |
189 | MASTER_XPORT_NAME_PASS, | 189 | MASTER_XPORT_NAME_PASS, | |
190 | 0, | 190 | 0, | |
191 | }; | 191 | }; | |
192 | 192 | |||
193 | static const char pcf_valid_bool_types[] = "yn-"; | 193 | static const char pcf_valid_bool_types[] = "yn-"; | |
194 | 194 | |||
195 | #define STR(x) vstring_str(x) | 195 | #define STR(x) vstring_str(x) | |
196 | 196 | |||
197 | /* pcf_normalize_options - bring options into canonical form */ | 197 | /* pcf_normalize_options - bring options into canonical form */ | |
198 | 198 | |||
199 | static void pcf_normalize_options(ARGV *argv) | 199 | static void pcf_normalize_options(ARGV *argv) | |
200 | { | 200 | { | |
201 | int field; | 201 | int field; | |
202 | char *arg; | 202 | char *arg; | |
203 | char *cp; | 203 | char *cp; | |
204 | char *junk; | 204 | char *junk; | |
205 | 205 | |||
206 | /* | 206 | /* | |
207 | * Normalize options to simplify later processing. | 207 | * Normalize options to simplify later processing. | |
208 | */ | 208 | */ | |
209 | for (field = PCF_MASTER_MIN_FIELDS; argv->argv[field] != 0; field++) { | 209 | for (field = PCF_MASTER_MIN_FIELDS; argv->argv[field] != 0; field++) { | |
210 | arg = argv->argv[field]; | 210 | arg = argv->argv[field]; | |
211 | if (arg[0] != '-' || strcmp(arg, "--") == 0) | 211 | if (arg[0] != '-' || strcmp(arg, "--") == 0) | |
212 | break; | 212 | break; | |
213 | for (cp = arg + 1; *cp; cp++) { | 213 | for (cp = arg + 1; *cp; cp++) { | |
214 | if (strchr(pcf_daemon_options_expecting_value, *cp) != 0 | 214 | if (strchr(pcf_daemon_options_expecting_value, *cp) != 0 | |
215 | && cp > arg + 1) { | 215 | && cp > arg + 1) { | |
216 | /* Split "-stuffozz" into "-stuff" and "-ozz". */ | 216 | /* Split "-stuffozz" into "-stuff" and "-ozz". */ | |
217 | junk = concatenate("-", cp, (char *) 0); | 217 | junk = concatenate("-", cp, (char *) 0); | |
218 | argv_insert_one(argv, field + 1, junk); | 218 | argv_insert_one(argv, field + 1, junk); | |
219 | myfree(junk); | 219 | myfree(junk); | |
220 | *cp = 0; /* XXX argv_replace_one() */ | 220 | *cp = 0; /* XXX argv_replace_one() */ | |
221 | break; | 221 | break; | |
222 | } | 222 | } | |
223 | } | 223 | } | |
224 | if (strchr(pcf_daemon_options_expecting_value, arg[1]) == 0) | 224 | if (strchr(pcf_daemon_options_expecting_value, arg[1]) == 0) | |
225 | /* Option requires no value. */ | 225 | /* Option requires no value. */ | |
226 | continue; | 226 | continue; | |
227 | if (arg[2] != 0) { | 227 | if (arg[2] != 0) { | |
228 | /* Split "-oname=value" into "-o" "name=value". */ | 228 | /* Split "-oname=value" into "-o" "name=value". */ | |
229 | argv_insert_one(argv, field + 1, arg + 2); | 229 | argv_insert_one(argv, field + 1, arg + 2); | |
230 | arg[2] = 0; /* XXX argv_replace_one() */ | 230 | arg[2] = 0; /* XXX argv_replace_one() */ | |
231 | field += 1; | 231 | field += 1; | |
232 | } else if (argv->argv[field + 1] != 0) { | 232 | } else if (argv->argv[field + 1] != 0) { | |
233 | /* Already in "-o" "name=value" form. */ | 233 | /* Already in "-o" "name=value" form. */ | |
234 | field += 1; | 234 | field += 1; | |
235 | } | 235 | } | |
236 | } | 236 | } | |
237 | } | 237 | } | |
238 | 238 | |||
239 | /* pcf_fix_fatal - fix multiline text before release */ | 239 | /* pcf_fix_fatal - fix multiline text before release */ | |
240 | 240 | |||
241 | static NORETURN PRINTFLIKE(1, 2) pcf_fix_fatal(const char *fmt,...) | 241 | static NORETURN PRINTFLIKE(1, 2) pcf_fix_fatal(const char *fmt,...) | |
242 | { | 242 | { | |
243 | VSTRING *buf = vstring_alloc(100); | 243 | VSTRING *buf = vstring_alloc(100); | |
244 | va_list ap; | 244 | va_list ap; | |
245 | 245 | |||
246 | /* | 246 | /* | |
247 | * Replace newline with whitespace. | 247 | * Replace newline with whitespace. | |
248 | */ | 248 | */ | |
249 | va_start(ap, fmt); | 249 | va_start(ap, fmt); | |
250 | vstring_vsprintf(buf, fmt, ap); | 250 | vstring_vsprintf(buf, fmt, ap); | |
251 | va_end(ap); | 251 | va_end(ap); | |
252 | translit(STR(buf), "\n", " "); | 252 | translit(STR(buf), "\n", " "); | |
253 | msg_fatal("%s", STR(buf)); | 253 | msg_fatal("%s", STR(buf)); | |
254 | /* NOTREACHED */ | 254 | /* NOTREACHED */ | |
255 | } | 255 | } | |
256 | 256 | |||
257 | /* pcf_check_master_entry - sanity check master.cf entry */ | 257 | /* pcf_check_master_entry - sanity check master.cf entry */ | |
258 | 258 | |||
259 | static void pcf_check_master_entry(ARGV *argv, const char *raw_text) | 259 | static void pcf_check_master_entry(ARGV *argv, const char *raw_text) | |
260 | { | 260 | { | |
261 | const char **cpp; | 261 | const char **cpp; | |
262 | char *cp; | 262 | char *cp; | |
263 | int len; | 263 | int len; | |
264 | int field; | 264 | int field; | |
265 | 265 | |||
266 | cp = argv->argv[PCF_MASTER_FLD_TYPE]; | 266 | cp = argv->argv[PCF_MASTER_FLD_TYPE]; | |
267 | for (cpp = pcf_valid_master_types; /* see below */ ; cpp++) { | 267 | for (cpp = pcf_valid_master_types; /* see below */ ; cpp++) { | |
268 | if (*cpp == 0) | 268 | if (*cpp == 0) | |
269 | pcf_fix_fatal("invalid " PCF_MASTER_NAME_TYPE " field \"%s\" in \"%s\"", | 269 | pcf_fix_fatal("invalid " PCF_MASTER_NAME_TYPE " field \"%s\" in \"%s\"", | |
270 | cp, raw_text); | 270 | cp, raw_text); | |
271 | if (strcmp(*cpp, cp) == 0) | 271 | if (strcmp(*cpp, cp) == 0) | |
272 | break; | 272 | break; | |
273 | } | 273 | } | |
274 | 274 | |||
275 | for (field = PCF_MASTER_FLD_PRIVATE; field <= PCF_MASTER_FLD_CHROOT; field++) { | 275 | for (field = PCF_MASTER_FLD_PRIVATE; field <= PCF_MASTER_FLD_CHROOT; field++) { | |
276 | cp = argv->argv[field]; | 276 | cp = argv->argv[field]; | |
277 | if (cp[1] != 0 || strchr(pcf_valid_bool_types, *cp) == 0) | 277 | if (cp[1] != 0 || strchr(pcf_valid_bool_types, *cp) == 0) | |
278 | pcf_fix_fatal("invalid %s field \%s\" in \"%s\"", | 278 | pcf_fix_fatal("invalid %s field \"%s\" in \"%s\"", | |
279 | pcf_str_field_pattern(field), cp, raw_text); | 279 | pcf_str_field_pattern(field), cp, raw_text); | |
280 | } | 280 | } | |
281 | 281 | |||
282 | cp = argv->argv[PCF_MASTER_FLD_WAKEUP]; | 282 | cp = argv->argv[PCF_MASTER_FLD_WAKEUP]; | |
283 | len = strlen(cp); | 283 | len = strlen(cp); | |
284 | if (len > 0 && cp[len - 1] == '?') | 284 | if (len > 0 && cp[len - 1] == '?') | |
285 | len--; | 285 | len--; | |
286 | if (!(cp[0] == '-' && len == 1) && strspn(cp, "0123456789") != len) | 286 | if (!(cp[0] == '-' && len == 1) && strspn(cp, "0123456789") != len) | |
287 | pcf_fix_fatal("invalid " PCF_MASTER_NAME_WAKEUP " field \%s\" in \"%s\"", | 287 | pcf_fix_fatal("invalid " PCF_MASTER_NAME_WAKEUP " field \"%s\" in \"%s\"", | |
288 | cp, raw_text); | 288 | cp, raw_text); | |
289 | 289 | |||
290 | cp = argv->argv[PCF_MASTER_FLD_MAXPROC]; | 290 | cp = argv->argv[PCF_MASTER_FLD_MAXPROC]; | |
291 | if (strcmp("-", cp) != 0 && cp[strspn(cp, "0123456789")] != 0) | 291 | if (strcmp("-", cp) != 0 && cp[strspn(cp, "0123456789")] != 0) | |
292 | pcf_fix_fatal("invalid " PCF_MASTER_NAME_MAXPROC " field \%s\" in \"%s\"", | 292 | pcf_fix_fatal("invalid " PCF_MASTER_NAME_MAXPROC " field \"%s\" in \"%s\"", | |
293 | cp, raw_text); | 293 | cp, raw_text); | |
294 | } | 294 | } | |
295 | 295 | |||
296 | /* pcf_free_master_entry - destroy parsed entry */ | 296 | /* pcf_free_master_entry - destroy parsed entry */ | |
297 | 297 | |||
298 | void pcf_free_master_entry(PCF_MASTER_ENT *masterp) | 298 | void pcf_free_master_entry(PCF_MASTER_ENT *masterp) | |
299 | { | 299 | { | |
300 | /* XX Fixme: allocation/deallocation asymmetry. */ | 300 | /* XX Fixme: allocation/deallocation asymmetry. */ | |
301 | myfree(masterp->name_space); | 301 | myfree(masterp->name_space); | |
302 | argv_free(masterp->argv); | 302 | argv_free(masterp->argv); | |
303 | if (masterp->valid_names) | 303 | if (masterp->valid_names) | |
304 | htable_free(masterp->valid_names, myfree); | 304 | htable_free(masterp->valid_names, myfree); | |
305 | if (masterp->all_params) | 305 | if (masterp->all_params) | |
306 | dict_free(masterp->all_params); | 306 | dict_free(masterp->all_params); | |
307 | myfree((char *) masterp); | 307 | myfree((char *) masterp); | |
308 | } | 308 | } | |
309 | 309 | |||
310 | /* pcf_parse_master_entry - parse one master line */ | 310 | /* pcf_parse_master_entry - parse one master line */ | |
311 | 311 | |||
312 | const char *pcf_parse_master_entry(PCF_MASTER_ENT *masterp, const char *buf) | 312 | const char *pcf_parse_master_entry(PCF_MASTER_ENT *masterp, const char *buf) | |
313 | { | 313 | { | |
314 | ARGV *argv; | 314 | ARGV *argv; | |
315 | 315 | |||
316 | /* | 316 | /* | |
317 | * We can't use the master daemon's master_ent routines in their current | 317 | * We can't use the master daemon's master_ent routines in their current | |
318 | * form. They convert everything to internal form, and they skip disabled | 318 | * form. They convert everything to internal form, and they skip disabled | |
319 | * services. | 319 | * services. | |
320 | * | 320 | * | |
321 | * The postconf command needs to show default fields as "-", and needs to | 321 | * The postconf command needs to show default fields as "-", and needs to | |
322 | * know about all service names so that it can generate service-dependent | 322 | * know about all service names so that it can generate service-dependent | |
323 | * parameter names (transport-dependent etc.). | 323 | * parameter names (transport-dependent etc.). | |
324 | * | 324 | * | |
325 | * XXX Do per-field sanity checks. | 325 | * XXX Do per-field sanity checks. | |
326 | */ | 326 | */ | |
327 | argv = argv_split(buf, PCF_MASTER_BLANKS); | 327 | argv = argv_split(buf, PCF_MASTER_BLANKS); | |
328 | if (argv->argc < PCF_MASTER_MIN_FIELDS) { | 328 | if (argv->argc < PCF_MASTER_MIN_FIELDS) { | |
329 | argv_free(argv); /* Coverity 201311 */ | 329 | argv_free(argv); /* Coverity 201311 */ | |
330 | return ("bad field count"); | 330 | return ("bad field count"); | |
331 | } | 331 | } | |
332 | pcf_check_master_entry(argv, buf); | 332 | pcf_check_master_entry(argv, buf); | |
333 | pcf_normalize_options(argv); | 333 | pcf_normalize_options(argv); | |
334 | masterp->name_space = | 334 | masterp->name_space = | |
335 | concatenate(argv->argv[0], PCF_NAMESP_SEP_STR, argv->argv[1], (char *) 0); | 335 | concatenate(argv->argv[0], PCF_NAMESP_SEP_STR, argv->argv[1], (char *) 0); | |
336 | masterp->argv = argv; | 336 | masterp->argv = argv; | |
337 | masterp->valid_names = 0; | 337 | masterp->valid_names = 0; | |
338 | masterp->all_params = 0; | 338 | masterp->all_params = 0; | |
339 | return (0); | 339 | return (0); | |
340 | } | 340 | } | |
341 | 341 | |||
342 | /* pcf_read_master - read and digest the master.cf file */ | 342 | /* pcf_read_master - read and digest the master.cf file */ | |
343 | 343 | |||
344 | void pcf_read_master(int fail_on_open_error) | 344 | void pcf_read_master(int fail_on_open_error) | |
345 | { | 345 | { | |
346 | const char *myname = "pcf_read_master"; | 346 | const char *myname = "pcf_read_master"; | |
347 | char *path; | 347 | char *path; | |
348 | VSTRING *buf; | 348 | VSTRING *buf; | |
349 | VSTREAM *fp; | 349 | VSTREAM *fp; | |
350 | const char *err; | 350 | const char *err; | |
351 | int entry_count = 0; | 351 | int entry_count = 0; | |
352 | int line_count = 0; | 352 | int line_count = 0; | |
353 | 353 | |||
354 | /* | 354 | /* | |
355 | * Sanity check. | 355 | * Sanity check. | |
356 | */ | 356 | */ | |
357 | if (pcf_master_table != 0) | 357 | if (pcf_master_table != 0) | |
358 | msg_panic("%s: master table is already initialized", myname); | 358 | msg_panic("%s: master table is already initialized", myname); | |
359 | 359 | |||
360 | /* | 360 | /* | |
361 | * Get the location of master.cf. | 361 | * Get the location of master.cf. | |
362 | */ | 362 | */ | |
363 | if (var_config_dir == 0) | 363 | if (var_config_dir == 0) | |
364 | pcf_set_config_dir(); | 364 | pcf_set_config_dir(); | |
365 | path = concatenate(var_config_dir, "/", MASTER_CONF_FILE, (char *) 0); | 365 | path = concatenate(var_config_dir, "/", MASTER_CONF_FILE, (char *) 0); | |
366 | 366 | |||
367 | /* | 367 | /* | |
368 | * Initialize the in-memory master table. | 368 | * Initialize the in-memory master table. | |
369 | */ | 369 | */ | |
370 | pcf_master_table = (PCF_MASTER_ENT *) mymalloc(sizeof(*pcf_master_table)); | 370 | pcf_master_table = (PCF_MASTER_ENT *) mymalloc(sizeof(*pcf_master_table)); | |
371 | 371 | |||
372 | /* | 372 | /* | |
373 | * Skip blank lines and comment lines. Degrade gracefully if master.cf is | 373 | * Skip blank lines and comment lines. Degrade gracefully if master.cf is | |
374 | * not available, and master.cf is not the primary target. | 374 | * not available, and master.cf is not the primary target. | |
375 | */ | 375 | */ | |
376 | if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0) { | 376 | if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0) { | |
377 | if (fail_on_open_error) | 377 | if (fail_on_open_error) | |
378 | msg_fatal("open %s: %m", path); | 378 | msg_fatal("open %s: %m", path); | |
379 | msg_warn("open %s: %m", path); | 379 | msg_warn("open %s: %m", path); | |
380 | } else { | 380 | } else { | |
381 | buf = vstring_alloc(100); | 381 | buf = vstring_alloc(100); | |
382 | while (readlline(buf, fp, &line_count) != 0) { | 382 | while (readlline(buf, fp, &line_count) != 0) { | |
383 | pcf_master_table = (PCF_MASTER_ENT *) myrealloc((char *) pcf_master_table, | 383 | pcf_master_table = (PCF_MASTER_ENT *) myrealloc((char *) pcf_master_table, | |
384 | (entry_count + 2) * sizeof(*pcf_master_table)); | 384 | (entry_count + 2) * sizeof(*pcf_master_table)); | |
385 | if ((err = pcf_parse_master_entry(pcf_master_table + entry_count, | 385 | if ((err = pcf_parse_master_entry(pcf_master_table + entry_count, | |
386 | STR(buf))) != 0) | 386 | STR(buf))) != 0) | |
387 | msg_fatal("file %s: line %d: %s", path, line_count, err); | 387 | msg_fatal("file %s: line %d: %s", path, line_count, err); | |
388 | entry_count += 1; | 388 | entry_count += 1; | |
389 | } | 389 | } | |
390 | vstream_fclose(fp); | 390 | vstream_fclose(fp); | |
391 | vstring_free(buf); | 391 | vstring_free(buf); | |
392 | } | 392 | } | |
393 | 393 | |||
394 | /* | 394 | /* | |
395 | * Null-terminate the master table and clean up. | 395 | * Null-terminate the master table and clean up. | |
396 | */ | 396 | */ | |
397 | pcf_master_table[entry_count].argv = 0; | 397 | pcf_master_table[entry_count].argv = 0; | |
398 | myfree(path); | 398 | myfree(path); | |
399 | } | 399 | } | |
400 | 400 | |||
401 | /* pcf_print_master_entry - print one master line */ | 401 | /* pcf_print_master_entry - print one master line */ | |
402 | 402 | |||
403 | void pcf_print_master_entry(VSTREAM *fp, int mode, PCF_MASTER_ENT *masterp) | 403 | void pcf_print_master_entry(VSTREAM *fp, int mode, PCF_MASTER_ENT *masterp) | |
404 | { | 404 | { | |
405 | char **argv = masterp->argv->argv; | 405 | char **argv = masterp->argv->argv; | |
406 | const char *arg; | 406 | const char *arg; | |
407 | const char *aval; | 407 | const char *aval; | |
408 | int arg_len; | 408 | int arg_len; | |
409 | int line_len; | 409 | int line_len; | |
410 | int field; | 410 | int field; | |
411 | int in_daemon_options; | 411 | int in_daemon_options; | |
412 | static int column_goal[] = { | 412 | static int column_goal[] = { | |
413 | 0, /* service */ | 413 | 0, /* service */ | |
414 | 11, /* type */ | 414 | 11, /* type */ | |
415 | 17, /* private */ | 415 | 17, /* private */ | |
416 | 25, /* unpriv */ | 416 | 25, /* unpriv */ | |
417 | 33, /* chroot */ | 417 | 33, /* chroot */ | |
418 | 41, /* wakeup */ | 418 | 41, /* wakeup */ | |
419 | 49, /* maxproc */ | 419 | 49, /* maxproc */ | |
420 | 57, /* command */ | 420 | 57, /* command */ | |
421 | }; | 421 | }; | |
422 | 422 | |||
423 | #define ADD_TEXT(text, len) do { \ | 423 | #define ADD_TEXT(text, len) do { \ | |
424 | vstream_fputs(text, fp); line_len += len; } \ | 424 | vstream_fputs(text, fp); line_len += len; } \ | |
425 | while (0) | 425 | while (0) | |
426 | #define ADD_SPACE ADD_TEXT(" ", 1) | 426 | #define ADD_SPACE ADD_TEXT(" ", 1) | |
427 | 427 | |||
428 | /* | 428 | /* | |
429 | * Show the standard fields at their preferred column position. Use at | 429 | * Show the standard fields at their preferred column position. Use at | |
430 | * least one-space column separation. | 430 | * least one-space column separation. | |
431 | */ | 431 | */ | |
432 | for (line_len = 0, field = 0; field < PCF_MASTER_MIN_FIELDS; field++) { | 432 | for (line_len = 0, field = 0; field < PCF_MASTER_MIN_FIELDS; field++) { | |
433 | arg = argv[field]; | 433 | arg = argv[field]; | |
434 | if (line_len > 0) { | 434 | if (line_len > 0) { | |
435 | do { | 435 | do { | |
436 | ADD_SPACE; | 436 | ADD_SPACE; | |
437 | } while (line_len < column_goal[field]); | 437 | } while (line_len < column_goal[field]); | |
438 | } | 438 | } | |
439 | ADD_TEXT(arg, strlen(arg)); | 439 | ADD_TEXT(arg, strlen(arg)); | |
440 | } | 440 | } | |
441 | 441 | |||
442 | /* | 442 | /* | |
443 | * Format the daemon command-line options and non-option arguments. Here, | 443 | * Format the daemon command-line options and non-option arguments. Here, | |
444 | * we have no data-dependent preference for column positions, but we do | 444 | * we have no data-dependent preference for column positions, but we do | |
445 | * have argument grouping preferences. | 445 | * have argument grouping preferences. | |
446 | */ | 446 | */ | |
447 | in_daemon_options = 1; | 447 | in_daemon_options = 1; | |
448 | for ( /* void */ ; (arg = argv[field]) != 0; field++) { | 448 | for ( /* void */ ; (arg = argv[field]) != 0; field++) { | |
449 | arg_len = strlen(arg); | 449 | arg_len = strlen(arg); | |
450 | aval = 0; | 450 | aval = 0; | |
451 | if (in_daemon_options) { | 451 | if (in_daemon_options) { | |
452 | 452 | |||
453 | /* | 453 | /* | |
454 | * Try to show the generic options (-v -D) on the first line, and | 454 | * Try to show the generic options (-v -D) on the first line, and | |
455 | * non-options on a later line. | 455 | * non-options on a later line. | |
456 | */ | 456 | */ | |
457 | if (arg[0] != '-' || strcmp(arg, "--") == 0) { | 457 | if (arg[0] != '-' || strcmp(arg, "--") == 0) { | |
458 | in_daemon_options = 0; | 458 | in_daemon_options = 0; | |
459 | #if 0 | 459 | #if 0 | |
460 | if (mode & PCF_FOLD_LINE) | 460 | if (mode & PCF_FOLD_LINE) | |
461 | /* Force line wrap. */ | 461 | /* Force line wrap. */ | |
462 | line_len = PCF_LINE_LIMIT; | 462 | line_len = PCF_LINE_LIMIT; | |
463 | #endif | 463 | #endif | |
464 | } | 464 | } | |
465 | 465 | |||
466 | /* | 466 | /* | |
467 | * Special processing for options that require a value. | 467 | * Special processing for options that require a value. | |
468 | */ | 468 | */ | |
469 | else if (strchr(pcf_daemon_options_expecting_value, arg[1]) != 0 | 469 | else if (strchr(pcf_daemon_options_expecting_value, arg[1]) != 0 | |
470 | && (aval = argv[field + 1]) != 0) { | 470 | && (aval = argv[field + 1]) != 0) { | |
471 | 471 | |||
472 | /* Force line wrap before option with value. */ | 472 | /* Force line wrap before option with value. */ | |
473 | line_len = PCF_LINE_LIMIT; | 473 | line_len = PCF_LINE_LIMIT; | |
474 | 474 | |||
475 | /* | 475 | /* | |
476 | * Optionally, expand $name in parameter value. | 476 | * Optionally, expand $name in parameter value. | |
477 | */ | 477 | */ | |
478 | if (strcmp(arg, "-o") == 0 | 478 | if (strcmp(arg, "-o") == 0 | |
479 | && (mode & PCF_SHOW_EVAL) != 0) | 479 | && (mode & PCF_SHOW_EVAL) != 0) | |
480 | aval = pcf_expand_parameter_value((VSTRING *) 0, mode, | 480 | aval = pcf_expand_parameter_value((VSTRING *) 0, mode, | |
481 | aval, masterp); | 481 | aval, masterp); | |
482 | 482 | |||
483 | /* | 483 | /* | |
484 | * Keep option and value on the same line. | 484 | * Keep option and value on the same line. | |
485 | */ | 485 | */ | |
486 | arg_len += strlen(aval) + 1; | 486 | arg_len += strlen(aval) + 1; | |
487 | } | 487 | } | |
488 | } | 488 | } | |
489 | 489 | |||
490 | /* | 490 | /* | |
491 | * Insert a line break when the next item won't fit. | 491 | * Insert a line break when the next item won't fit. | |
492 | */ | 492 | */ | |
493 | if (line_len > PCF_INDENT_LEN) { | 493 | if (line_len > PCF_INDENT_LEN) { | |
494 | if ((mode & PCF_FOLD_LINE) == 0 | 494 | if ((mode & PCF_FOLD_LINE) == 0 | |
495 | || line_len + 1 + arg_len < PCF_LINE_LIMIT) { | 495 | || line_len + 1 + arg_len < PCF_LINE_LIMIT) { | |
496 | ADD_SPACE; | 496 | ADD_SPACE; | |
497 | } else { | 497 | } else { | |
498 | vstream_fputs("\n" PCF_INDENT_TEXT, fp); | 498 | vstream_fputs("\n" PCF_INDENT_TEXT, fp); | |
499 | line_len = PCF_INDENT_LEN; | 499 | line_len = PCF_INDENT_LEN; | |
500 | } | 500 | } | |
501 | } | 501 | } | |
502 | ADD_TEXT(arg, strlen(arg)); | 502 | ADD_TEXT(arg, strlen(arg)); | |
503 | if (aval) { | 503 | if (aval) { | |
504 | ADD_SPACE; | 504 | ADD_SPACE; | |
505 | ADD_TEXT(aval, strlen(aval)); | 505 | ADD_TEXT(aval, strlen(aval)); | |
506 | field += 1; | 506 | field += 1; | |
507 | 507 | |||
508 | /* Force line wrap after option with value. */ | 508 | /* Force line wrap after option with value. */ | |
509 | line_len = PCF_LINE_LIMIT; | 509 | line_len = PCF_LINE_LIMIT; | |
510 | 510 | |||
511 | } | 511 | } | |
512 | } | 512 | } | |
513 | vstream_fputs("\n", fp); | 513 | vstream_fputs("\n", fp); | |
514 | 514 | |||
515 | if (msg_verbose) | 515 | if (msg_verbose) | |
516 | vstream_fflush(fp); | 516 | vstream_fflush(fp); | |
517 | } | 517 | } | |
518 | 518 | |||
519 | /* pcf_show_master_entries - show master.cf entries */ | 519 | /* pcf_show_master_entries - show master.cf entries */ | |
520 | 520 | |||
521 | void pcf_show_master_entries(VSTREAM *fp, int mode, int argc, char **argv) | 521 | void pcf_show_master_entries(VSTREAM *fp, int mode, int argc, char **argv) | |
522 | { | 522 | { | |
523 | PCF_MASTER_ENT *masterp; | 523 | PCF_MASTER_ENT *masterp; | |
524 | PCF_MASTER_FLD_REQ *field_reqs; | 524 | PCF_MASTER_FLD_REQ *field_reqs; | |
525 | PCF_MASTER_FLD_REQ *req; | 525 | PCF_MASTER_FLD_REQ *req; | |
526 | 526 | |||
527 | /* | 527 | /* | |
528 | * Parse the filter expressions. | 528 | * Parse the filter expressions. | |
529 | */ | 529 | */ | |
530 | if (argc > 0) { | 530 | if (argc > 0) { | |
531 | field_reqs = (PCF_MASTER_FLD_REQ *) | 531 | field_reqs = (PCF_MASTER_FLD_REQ *) | |
532 | mymalloc(sizeof(*field_reqs) * argc); | 532 | mymalloc(sizeof(*field_reqs) * argc); | |
533 | for (req = field_reqs; req < field_reqs + argc; req++) { | 533 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
534 | req->match_count = 0; | 534 | req->match_count = 0; | |
535 | req->raw_text = *argv++; | 535 | req->raw_text = *argv++; | |
536 | req->service_pattern = | 536 | req->service_pattern = | |
537 | pcf_parse_service_pattern(req->raw_text, 1, 2); | 537 | pcf_parse_service_pattern(req->raw_text, 1, 2); | |
538 | if (req->service_pattern == 0) | 538 | if (req->service_pattern == 0) | |
539 | msg_fatal("-M option requires service_name[/type]"); | 539 | msg_fatal("-M option requires service_name[/type]"); | |
540 | } | 540 | } | |
541 | } | 541 | } | |
542 | 542 | |||
543 | /* | 543 | /* | |
544 | * Iterate over the master table. | 544 | * Iterate over the master table. | |
545 | */ | 545 | */ | |
546 | for (masterp = pcf_master_table; masterp->argv != 0; masterp++) { | 546 | for (masterp = pcf_master_table; masterp->argv != 0; masterp++) { | |
547 | if (argc > 0) { | 547 | if (argc > 0) { | |
548 | for (req = field_reqs; req < field_reqs + argc; req++) { | 548 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
549 | if (PCF_MATCH_SERVICE_PATTERN(req->service_pattern, | 549 | if (PCF_MATCH_SERVICE_PATTERN(req->service_pattern, | |
550 | masterp->argv->argv[0], | 550 | masterp->argv->argv[0], | |
551 | masterp->argv->argv[1])) { | 551 | masterp->argv->argv[1])) { | |
552 | req->match_count++; | 552 | req->match_count++; | |
553 | pcf_print_master_entry(fp, mode, masterp); | 553 | pcf_print_master_entry(fp, mode, masterp); | |
554 | } | 554 | } | |
555 | } | 555 | } | |
556 | } else { | 556 | } else { | |
557 | pcf_print_master_entry(fp, mode, masterp); | 557 | pcf_print_master_entry(fp, mode, masterp); | |
558 | } | 558 | } | |
559 | } | 559 | } | |
560 | 560 | |||
561 | /* | 561 | /* | |
562 | * Cleanup. | 562 | * Cleanup. | |
563 | */ | 563 | */ | |
564 | if (argc > 0) { | 564 | if (argc > 0) { | |
565 | for (req = field_reqs; req < field_reqs + argc; req++) { | 565 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
566 | if (req->match_count == 0) | 566 | if (req->match_count == 0) | |
567 | msg_warn("unmatched request: \"%s\"", req->raw_text); | 567 | msg_warn("unmatched request: \"%s\"", req->raw_text); | |
568 | argv_free(req->service_pattern); | 568 | argv_free(req->service_pattern); | |
569 | } | 569 | } | |
570 | myfree((char *) field_reqs); | 570 | myfree((char *) field_reqs); | |
571 | } | 571 | } | |
572 | } | 572 | } | |
573 | 573 | |||
574 | /* pcf_print_master_field - scaffolding */ | 574 | /* pcf_print_master_field - scaffolding */ | |
575 | 575 | |||
576 | static void pcf_print_master_field(VSTREAM *fp, int mode, | 576 | static void pcf_print_master_field(VSTREAM *fp, int mode, | |
577 | PCF_MASTER_ENT *masterp, | 577 | PCF_MASTER_ENT *masterp, | |
578 | int field) | 578 | int field) | |
579 | { | 579 | { | |
580 | char **argv = masterp->argv->argv; | 580 | char **argv = masterp->argv->argv; | |
581 | const char *arg; | 581 | const char *arg; | |
582 | const char *aval; | 582 | const char *aval; | |
583 | int arg_len; | 583 | int arg_len; | |
584 | int line_len; | 584 | int line_len; | |
585 | int in_daemon_options; | 585 | int in_daemon_options; | |
586 | 586 | |||
587 | /* | 587 | /* | |
588 | * Show the field value, or the first value in the case of a multi-column | 588 | * Show the field value, or the first value in the case of a multi-column | |
589 | * field. | 589 | * field. | |
590 | */ | 590 | */ | |
591 | #define ADD_CHAR(ch) ADD_TEXT((ch), 1) | 591 | #define ADD_CHAR(ch) ADD_TEXT((ch), 1) | |
592 | 592 | |||
593 | line_len = 0; | 593 | line_len = 0; | |
594 | if ((mode & PCF_HIDE_NAME) == 0) { | 594 | if ((mode & PCF_HIDE_NAME) == 0) { | |
595 | ADD_TEXT(argv[0], strlen(argv[0])); | 595 | ADD_TEXT(argv[0], strlen(argv[0])); | |
596 | ADD_CHAR(PCF_NAMESP_SEP_STR); | 596 | ADD_CHAR(PCF_NAMESP_SEP_STR); | |
597 | ADD_TEXT(argv[1], strlen(argv[1])); | 597 | ADD_TEXT(argv[1], strlen(argv[1])); | |
598 | ADD_CHAR(PCF_NAMESP_SEP_STR); | 598 | ADD_CHAR(PCF_NAMESP_SEP_STR); | |
599 | ADD_TEXT(pcf_str_field_pattern(field), strlen(pcf_str_field_pattern(field))); | 599 | ADD_TEXT(pcf_str_field_pattern(field), strlen(pcf_str_field_pattern(field))); | |
600 | ADD_TEXT(" = ", 3); | 600 | ADD_TEXT(" = ", 3); | |
601 | if (line_len + strlen(argv[field]) > PCF_LINE_LIMIT) { | 601 | if (line_len + strlen(argv[field]) > PCF_LINE_LIMIT) { | |
602 | vstream_fputs("\n" PCF_INDENT_TEXT, fp); | 602 | vstream_fputs("\n" PCF_INDENT_TEXT, fp); | |
603 | line_len = PCF_INDENT_LEN; | 603 | line_len = PCF_INDENT_LEN; | |
604 | } | 604 | } | |
605 | } | 605 | } | |
606 | ADD_TEXT(argv[field], strlen(argv[field])); | 606 | ADD_TEXT(argv[field], strlen(argv[field])); | |
607 | 607 | |||
608 | /* | 608 | /* | |
609 | * Format the daemon command-line options and non-option arguments. Here, | 609 | * Format the daemon command-line options and non-option arguments. Here, | |
610 | * we have no data-dependent preference for column positions, but we do | 610 | * we have no data-dependent preference for column positions, but we do | |
611 | * have argument grouping preferences. | 611 | * have argument grouping preferences. | |
612 | */ | 612 | */ | |
613 | if (field == PCF_MASTER_FLD_CMD) { | 613 | if (field == PCF_MASTER_FLD_CMD) { | |
614 | in_daemon_options = 1; | 614 | in_daemon_options = 1; | |
615 | for (field += 1; (arg = argv[field]) != 0; field++) { | 615 | for (field += 1; (arg = argv[field]) != 0; field++) { | |
616 | arg_len = strlen(arg); | 616 | arg_len = strlen(arg); | |
617 | aval = 0; | 617 | aval = 0; | |
618 | if (in_daemon_options) { | 618 | if (in_daemon_options) { | |
619 | 619 | |||
620 | /* | 620 | /* | |
621 | * We make no special case for generic options (-v -D) | 621 | * We make no special case for generic options (-v -D) | |
622 | * options. | 622 | * options. | |
623 | */ | 623 | */ | |
624 | if (arg[0] != '-' || strcmp(arg, "--") == 0) { | 624 | if (arg[0] != '-' || strcmp(arg, "--") == 0) { | |
625 | in_daemon_options = 0; | 625 | in_daemon_options = 0; | |
626 | } else if (strchr(pcf_daemon_options_expecting_value, arg[1]) != 0 | 626 | } else if (strchr(pcf_daemon_options_expecting_value, arg[1]) != 0 | |
627 | && (aval = argv[field + 1]) != 0) { | 627 | && (aval = argv[field + 1]) != 0) { | |
628 | 628 | |||
629 | /* Force line break before option with value. */ | 629 | /* Force line break before option with value. */ | |
630 | line_len = PCF_LINE_LIMIT; | 630 | line_len = PCF_LINE_LIMIT; | |
631 | 631 | |||
632 | /* | 632 | /* | |
633 | * Optionally, expand $name in parameter value. | 633 | * Optionally, expand $name in parameter value. | |
634 | */ | 634 | */ | |
635 | if (strcmp(arg, "-o") == 0 | 635 | if (strcmp(arg, "-o") == 0 | |
636 | && (mode & PCF_SHOW_EVAL) != 0) | 636 | && (mode & PCF_SHOW_EVAL) != 0) | |
637 | aval = pcf_expand_parameter_value((VSTRING *) 0, mode, | 637 | aval = pcf_expand_parameter_value((VSTRING *) 0, mode, | |
638 | aval, masterp); | 638 | aval, masterp); | |
639 | 639 | |||
640 | /* | 640 | /* | |
641 | * Keep option and value on the same line. | 641 | * Keep option and value on the same line. | |
642 | */ | 642 | */ | |
643 | arg_len += strlen(aval) + 1; | 643 | arg_len += strlen(aval) + 1; | |
644 | } | 644 | } | |
645 | } | 645 | } | |
646 | 646 | |||
647 | /* | 647 | /* | |
648 | * Insert a line break when the next item won't fit. | 648 | * Insert a line break when the next item won't fit. | |
649 | */ | 649 | */ | |
650 | if (line_len > PCF_INDENT_LEN) { | 650 | if (line_len > PCF_INDENT_LEN) { | |
651 | if ((mode & PCF_FOLD_LINE) == 0 | 651 | if ((mode & PCF_FOLD_LINE) == 0 | |
652 | || line_len + 1 + arg_len < PCF_LINE_LIMIT) { | 652 | || line_len + 1 + arg_len < PCF_LINE_LIMIT) { | |
653 | ADD_SPACE; | 653 | ADD_SPACE; | |
654 | } else { | 654 | } else { | |
655 | vstream_fputs("\n" PCF_INDENT_TEXT, fp); | 655 | vstream_fputs("\n" PCF_INDENT_TEXT, fp); | |
656 | line_len = PCF_INDENT_LEN; | 656 | line_len = PCF_INDENT_LEN; | |
657 | } | 657 | } | |
658 | } | 658 | } | |
659 | ADD_TEXT(arg, strlen(arg)); | 659 | ADD_TEXT(arg, strlen(arg)); | |
660 | if (aval) { | 660 | if (aval) { | |
661 | ADD_SPACE; | 661 | ADD_SPACE; | |
662 | ADD_TEXT(aval, strlen(aval)); | 662 | ADD_TEXT(aval, strlen(aval)); | |
663 | field += 1; | 663 | field += 1; | |
664 | 664 | |||
665 | /* Force line break after option with value. */ | 665 | /* Force line break after option with value. */ | |
666 | line_len = PCF_LINE_LIMIT; | 666 | line_len = PCF_LINE_LIMIT; | |
667 | } | 667 | } | |
668 | } | 668 | } | |
669 | } | 669 | } | |
670 | vstream_fputs("\n", fp); | 670 | vstream_fputs("\n", fp); | |
671 | 671 | |||
672 | if (msg_verbose) | 672 | if (msg_verbose) | |
673 | vstream_fflush(fp); | 673 | vstream_fflush(fp); | |
674 | } | 674 | } | |
675 | 675 | |||
676 | /* pcf_show_master_fields - show master.cf fields */ | 676 | /* pcf_show_master_fields - show master.cf fields */ | |
677 | 677 | |||
678 | void pcf_show_master_fields(VSTREAM *fp, int mode, int argc, char **argv) | 678 | void pcf_show_master_fields(VSTREAM *fp, int mode, int argc, char **argv) | |
679 | { | 679 | { | |
680 | const char *myname = "pcf_show_master_fields"; | 680 | const char *myname = "pcf_show_master_fields"; | |
681 | PCF_MASTER_ENT *masterp; | 681 | PCF_MASTER_ENT *masterp; | |
682 | PCF_MASTER_FLD_REQ *field_reqs; | 682 | PCF_MASTER_FLD_REQ *field_reqs; | |
683 | PCF_MASTER_FLD_REQ *req; | 683 | PCF_MASTER_FLD_REQ *req; | |
684 | int field; | 684 | int field; | |
685 | 685 | |||
686 | /* | 686 | /* | |
687 | * Parse the filter expressions. | 687 | * Parse the filter expressions. | |
688 | */ | 688 | */ | |
689 | if (argc > 0) { | 689 | if (argc > 0) { | |
690 | field_reqs = (PCF_MASTER_FLD_REQ *) | 690 | field_reqs = (PCF_MASTER_FLD_REQ *) | |
691 | mymalloc(sizeof(*field_reqs) * argc); | 691 | mymalloc(sizeof(*field_reqs) * argc); | |
692 | for (req = field_reqs; req < field_reqs + argc; req++) { | 692 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
693 | req->match_count = 0; | 693 | req->match_count = 0; | |
694 | req->raw_text = *argv++; | 694 | req->raw_text = *argv++; | |
695 | req->service_pattern = | 695 | req->service_pattern = | |
696 | pcf_parse_service_pattern(req->raw_text, 1, 3); | 696 | pcf_parse_service_pattern(req->raw_text, 1, 3); | |
697 | if (req->service_pattern == 0) | 697 | if (req->service_pattern == 0) | |
698 | msg_fatal("-F option requires service_name[/type[/field]]"); | 698 | msg_fatal("-F option requires service_name[/type[/field]]"); | |
699 | field = req->field_pattern = | 699 | field = req->field_pattern = | |
700 | pcf_parse_field_pattern(req->service_pattern->argv[2]); | 700 | pcf_parse_field_pattern(req->service_pattern->argv[2]); | |
701 | if (pcf_is_magic_field_pattern(field) == 0 | 701 | if (pcf_is_magic_field_pattern(field) == 0 | |
702 | && (field < 0 || field > PCF_MASTER_FLD_CMD)) | 702 | && (field < 0 || field > PCF_MASTER_FLD_CMD)) | |
703 | msg_panic("%s: bad attribute field index: %d", | 703 | msg_panic("%s: bad attribute field index: %d", | |
704 | myname, field); | 704 | myname, field); | |
705 | } | 705 | } | |
706 | } | 706 | } | |
707 | 707 | |||
708 | /* | 708 | /* | |
709 | * Iterate over the master table. | 709 | * Iterate over the master table. | |
710 | */ | 710 | */ | |
711 | for (masterp = pcf_master_table; masterp->argv != 0; masterp++) { | 711 | for (masterp = pcf_master_table; masterp->argv != 0; masterp++) { | |
712 | if (argc > 0) { | 712 | if (argc > 0) { | |
713 | for (req = field_reqs; req < field_reqs + argc; req++) { | 713 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
714 | if (PCF_MATCH_SERVICE_PATTERN(req->service_pattern, | 714 | if (PCF_MATCH_SERVICE_PATTERN(req->service_pattern, | |
715 | masterp->argv->argv[0], | 715 | masterp->argv->argv[0], | |
716 | masterp->argv->argv[1])) { | 716 | masterp->argv->argv[1])) { | |
717 | req->match_count++; | 717 | req->match_count++; | |
718 | field = req->field_pattern; | 718 | field = req->field_pattern; | |
719 | if (pcf_is_magic_field_pattern(field)) { | 719 | if (pcf_is_magic_field_pattern(field)) { | |
720 | for (field = 0; field <= PCF_MASTER_FLD_CMD; field++) | 720 | for (field = 0; field <= PCF_MASTER_FLD_CMD; field++) | |
721 | pcf_print_master_field(fp, mode, masterp, field); | 721 | pcf_print_master_field(fp, mode, masterp, field); | |
722 | } else { | 722 | } else { | |
723 | pcf_print_master_field(fp, mode, masterp, field); | 723 | pcf_print_master_field(fp, mode, masterp, field); | |
724 | } | 724 | } | |
725 | } | 725 | } | |
726 | } | 726 | } | |
727 | } else { | 727 | } else { | |
728 | for (field = 0; field <= PCF_MASTER_FLD_CMD; field++) | 728 | for (field = 0; field <= PCF_MASTER_FLD_CMD; field++) | |
729 | pcf_print_master_field(fp, mode, masterp, field); | 729 | pcf_print_master_field(fp, mode, masterp, field); | |
730 | } | 730 | } | |
731 | } | 731 | } | |
732 | 732 | |||
733 | /* | 733 | /* | |
734 | * Cleanup. | 734 | * Cleanup. | |
735 | */ | 735 | */ | |
736 | if (argc > 0) { | 736 | if (argc > 0) { | |
737 | for (req = field_reqs; req < field_reqs + argc; req++) { | 737 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
738 | if (req->match_count == 0) | 738 | if (req->match_count == 0) | |
739 | msg_warn("unmatched request: \"%s\"", req->raw_text); | 739 | msg_warn("unmatched request: \"%s\"", req->raw_text); | |
740 | argv_free(req->service_pattern); | 740 | argv_free(req->service_pattern); | |
741 | } | 741 | } | |
742 | myfree((char *) field_reqs); | 742 | myfree((char *) field_reqs); | |
743 | } | 743 | } | |
744 | } | 744 | } | |
745 | 745 | |||
746 | /* pcf_edit_master_field - replace master.cf field value. */ | 746 | /* pcf_edit_master_field - replace master.cf field value. */ | |
747 | 747 | |||
748 | void pcf_edit_master_field(PCF_MASTER_ENT *masterp, int field, | 748 | void pcf_edit_master_field(PCF_MASTER_ENT *masterp, int field, | |
749 | const char *new_value) | 749 | const char *new_value) | |
750 | { | 750 | { | |
751 | 751 | |||
752 | /* | 752 | /* | |
753 | * Replace multi-column attribute. | 753 | * Replace multi-column attribute. | |
754 | */ | 754 | */ | |
755 | if (field == PCF_MASTER_FLD_CMD) { | 755 | if (field == PCF_MASTER_FLD_CMD) { | |
756 | argv_truncate(masterp->argv, PCF_MASTER_FLD_CMD); | 756 | argv_truncate(masterp->argv, PCF_MASTER_FLD_CMD); | |
757 | argv_split_append(masterp->argv, new_value, PCF_MASTER_BLANKS); | 757 | argv_split_append(masterp->argv, new_value, PCF_MASTER_BLANKS); | |
758 | } | 758 | } | |
759 | 759 | |||
760 | /* | 760 | /* | |
761 | * Replace single-column attribute. | 761 | * Replace single-column attribute. | |
762 | */ | 762 | */ | |
763 | else { | 763 | else { | |
764 | argv_replace_one(masterp->argv, field, new_value); | 764 | argv_replace_one(masterp->argv, field, new_value); | |
765 | } | 765 | } | |
766 | 766 | |||
767 | /* | 767 | /* | |
768 | * Do per-field sanity checks. | 768 | * Do per-field sanity checks. | |
769 | */ | 769 | */ | |
770 | pcf_check_master_entry(masterp->argv, new_value); | 770 | pcf_check_master_entry(masterp->argv, new_value); | |
771 | } | 771 | } | |
772 | 772 | |||
773 | /* pcf_print_master_param - scaffolding */ | 773 | /* pcf_print_master_param - scaffolding */ | |
774 | 774 | |||
775 | static void pcf_print_master_param(VSTREAM *fp, int mode, | 775 | static void pcf_print_master_param(VSTREAM *fp, int mode, | |
776 | PCF_MASTER_ENT *masterp, | 776 | PCF_MASTER_ENT *masterp, | |
777 | const char *param_name, | 777 | const char *param_name, | |
778 | const char *param_value) | 778 | const char *param_value) | |
779 | { | 779 | { | |
780 | if ((mode & PCF_SHOW_EVAL) != 0) | 780 | if ((mode & PCF_SHOW_EVAL) != 0) | |
781 | param_value = pcf_expand_parameter_value((VSTRING *) 0, mode, | 781 | param_value = pcf_expand_parameter_value((VSTRING *) 0, mode, | |
782 | param_value, masterp); | 782 | param_value, masterp); | |
783 | if ((mode & PCF_HIDE_NAME) == 0) { | 783 | if ((mode & PCF_HIDE_NAME) == 0) { | |
784 | pcf_print_line(fp, mode, "%s%c%s = %s\n", | 784 | pcf_print_line(fp, mode, "%s%c%s = %s\n", | |
785 | masterp->name_space, PCF_NAMESP_SEP_CH, | 785 | masterp->name_space, PCF_NAMESP_SEP_CH, | |
786 | param_name, param_value); | 786 | param_name, param_value); | |
787 | } else { | 787 | } else { | |
788 | pcf_print_line(fp, mode, "%s\n", param_value); | 788 | pcf_print_line(fp, mode, "%s\n", param_value); | |
789 | } | 789 | } | |
790 | if (msg_verbose) | 790 | if (msg_verbose) | |
791 | vstream_fflush(fp); | 791 | vstream_fflush(fp); | |
792 | } | 792 | } | |
793 | 793 | |||
794 | /* pcf_sort_argv_cb - sort argv call-back */ | 794 | /* pcf_sort_argv_cb - sort argv call-back */ | |
795 | 795 | |||
796 | static int pcf_sort_argv_cb(const void *a, const void *b) | 796 | static int pcf_sort_argv_cb(const void *a, const void *b) | |
797 | { | 797 | { | |
798 | return (strcmp(*(char **) a, *(char **) b)); | 798 | return (strcmp(*(char **) a, *(char **) b)); | |
799 | } | 799 | } | |
800 | 800 | |||
801 | /* pcf_show_master_any_param - show any parameter in master.cf service entry */ | 801 | /* pcf_show_master_any_param - show any parameter in master.cf service entry */ | |
802 | 802 | |||
803 | static void pcf_show_master_any_param(VSTREAM *fp, int mode, | 803 | static void pcf_show_master_any_param(VSTREAM *fp, int mode, | |
804 | PCF_MASTER_ENT *masterp) | 804 | PCF_MASTER_ENT *masterp) | |
805 | { | 805 | { | |
806 | const char *myname = "pcf_show_master_any_param"; | 806 | const char *myname = "pcf_show_master_any_param"; | |
807 | ARGV *argv = argv_alloc(10); | 807 | ARGV *argv = argv_alloc(10); | |
808 | DICT *dict = masterp->all_params; | 808 | DICT *dict = masterp->all_params; | |
809 | const char *param_name; | 809 | const char *param_name; | |
810 | const char *param_value; | 810 | const char *param_value; | |
811 | int param_count = 0; | 811 | int param_count = 0; | |
812 | int how; | 812 | int how; | |
813 | char **cpp; | 813 | char **cpp; | |
814 | 814 | |||
815 | /* | 815 | /* | |
816 | * Print parameters in sorted order. The number of parameters per | 816 | * Print parameters in sorted order. The number of parameters per | |
817 | * master.cf entry is small, so we optmiize for code simplicity and don't | 817 | * master.cf entry is small, so we optmiize for code simplicity and don't | |
818 | * worry about the cost of double lookup. | 818 | * worry about the cost of double lookup. | |
819 | */ | 819 | */ | |
820 | 820 | |||
821 | /* Look up the parameter names and ignore the values. */ | 821 | /* Look up the parameter names and ignore the values. */ | |
822 | 822 | |||
823 | for (how = DICT_SEQ_FUN_FIRST; | 823 | for (how = DICT_SEQ_FUN_FIRST; | |
824 | dict->sequence(dict, how, ¶m_name, ¶m_value) == 0; | 824 | dict->sequence(dict, how, ¶m_name, ¶m_value) == 0; | |
825 | how = DICT_SEQ_FUN_NEXT) { | 825 | how = DICT_SEQ_FUN_NEXT) { | |
826 | argv_add(argv, param_name, ARGV_END); | 826 | argv_add(argv, param_name, ARGV_END); | |
827 | param_count++; | 827 | param_count++; | |
828 | } | 828 | } | |
829 | 829 | |||
830 | /* Print the parameters in sorted order. */ | 830 | /* Print the parameters in sorted order. */ | |
831 | 831 | |||
832 | qsort(argv->argv, param_count, sizeof(argv->argv[0]), pcf_sort_argv_cb); | 832 | qsort(argv->argv, param_count, sizeof(argv->argv[0]), pcf_sort_argv_cb); | |
833 | for (cpp = argv->argv; (param_name = *cpp) != 0; cpp++) { | 833 | for (cpp = argv->argv; (param_name = *cpp) != 0; cpp++) { | |
834 | if ((param_value = dict_get(dict, param_name)) == 0) | 834 | if ((param_value = dict_get(dict, param_name)) == 0) | |
835 | msg_panic("%s: parameter name not found: %s", myname, param_name); | 835 | msg_panic("%s: parameter name not found: %s", myname, param_name); | |
836 | pcf_print_master_param(fp, mode, masterp, param_name, param_value); | 836 | pcf_print_master_param(fp, mode, masterp, param_name, param_value); | |
837 | } | 837 | } | |
838 | 838 | |||
839 | /* | 839 | /* | |
840 | * Clean up. | 840 | * Clean up. | |
841 | */ | 841 | */ | |
842 | argv_free(argv); | 842 | argv_free(argv); | |
843 | } | 843 | } | |
844 | 844 | |||
845 | /* pcf_show_master_params - show master.cf params */ | 845 | /* pcf_show_master_params - show master.cf params */ | |
846 | 846 | |||
847 | void pcf_show_master_params(VSTREAM *fp, int mode, int argc, char **argv) | 847 | void pcf_show_master_params(VSTREAM *fp, int mode, int argc, char **argv) | |
848 | { | 848 | { | |
849 | PCF_MASTER_ENT *masterp; | 849 | PCF_MASTER_ENT *masterp; | |
850 | PCF_MASTER_FLD_REQ *field_reqs; | 850 | PCF_MASTER_FLD_REQ *field_reqs; | |
851 | PCF_MASTER_FLD_REQ *req; | 851 | PCF_MASTER_FLD_REQ *req; | |
852 | DICT *dict; | 852 | DICT *dict; | |
853 | const char *param_value; | 853 | const char *param_value; | |
854 | 854 | |||
855 | /* | 855 | /* | |
856 | * Parse the filter expressions. | 856 | * Parse the filter expressions. | |
857 | */ | 857 | */ | |
858 | if (argc > 0) { | 858 | if (argc > 0) { | |
859 | field_reqs = (PCF_MASTER_FLD_REQ *) | 859 | field_reqs = (PCF_MASTER_FLD_REQ *) | |
860 | mymalloc(sizeof(*field_reqs) * argc); | 860 | mymalloc(sizeof(*field_reqs) * argc); | |
861 | for (req = field_reqs; req < field_reqs + argc; req++) { | 861 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
862 | req->match_count = 0; | 862 | req->match_count = 0; | |
863 | req->raw_text = *argv++; | 863 | req->raw_text = *argv++; | |
864 | req->service_pattern = | 864 | req->service_pattern = | |
865 | pcf_parse_service_pattern(req->raw_text, 1, 3); | 865 | pcf_parse_service_pattern(req->raw_text, 1, 3); | |
866 | if (req->service_pattern == 0) | 866 | if (req->service_pattern == 0) | |
867 | msg_fatal("-P option requires service_name[/type[/parameter]]"); | 867 | msg_fatal("-P option requires service_name[/type[/parameter]]"); | |
868 | req->param_pattern = req->service_pattern->argv[2]; | 868 | req->param_pattern = req->service_pattern->argv[2]; | |
869 | } | 869 | } | |
870 | } | 870 | } | |
871 | 871 | |||
872 | /* | 872 | /* | |
873 | * Iterate over the master table. | 873 | * Iterate over the master table. | |
874 | */ | 874 | */ | |
875 | for (masterp = pcf_master_table; masterp->argv != 0; masterp++) { | 875 | for (masterp = pcf_master_table; masterp->argv != 0; masterp++) { | |
876 | if ((dict = masterp->all_params) != 0) { | 876 | if ((dict = masterp->all_params) != 0) { | |
877 | if (argc > 0) { | 877 | if (argc > 0) { | |
878 | for (req = field_reqs; req < field_reqs + argc; req++) { | 878 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
879 | if (PCF_MATCH_SERVICE_PATTERN(req->service_pattern, | 879 | if (PCF_MATCH_SERVICE_PATTERN(req->service_pattern, | |
880 | masterp->argv->argv[0], | 880 | masterp->argv->argv[0], | |
881 | masterp->argv->argv[1])) { | 881 | masterp->argv->argv[1])) { | |
882 | if (PCF_IS_MAGIC_PARAM_PATTERN(req->param_pattern)) { | 882 | if (PCF_IS_MAGIC_PARAM_PATTERN(req->param_pattern)) { | |
883 | pcf_show_master_any_param(fp, mode, masterp); | 883 | pcf_show_master_any_param(fp, mode, masterp); | |
884 | req->match_count += 1; | 884 | req->match_count += 1; | |
885 | } else if ((param_value = dict_get(dict, | 885 | } else if ((param_value = dict_get(dict, | |
886 | req->param_pattern)) != 0) { | 886 | req->param_pattern)) != 0) { | |
887 | pcf_print_master_param(fp, mode, masterp, | 887 | pcf_print_master_param(fp, mode, masterp, | |
888 | req->param_pattern, | 888 | req->param_pattern, | |
889 | param_value); | 889 | param_value); | |
890 | req->match_count += 1; | 890 | req->match_count += 1; | |
891 | } | 891 | } | |
892 | } | 892 | } | |
893 | } | 893 | } | |
894 | } else { | 894 | } else { | |
895 | pcf_show_master_any_param(fp, mode, masterp); | 895 | pcf_show_master_any_param(fp, mode, masterp); | |
896 | } | 896 | } | |
897 | } | 897 | } | |
898 | } | 898 | } | |
899 | 899 | |||
900 | /* | 900 | /* | |
901 | * Cleanup. | 901 | * Cleanup. | |
902 | */ | 902 | */ | |
903 | if (argc > 0) { | 903 | if (argc > 0) { | |
904 | for (req = field_reqs; req < field_reqs + argc; req++) { | 904 | for (req = field_reqs; req < field_reqs + argc; req++) { | |
905 | if (req->match_count == 0) | 905 | if (req->match_count == 0) | |
906 | msg_warn("unmatched request: \"%s\"", req->raw_text); | 906 | msg_warn("unmatched request: \"%s\"", req->raw_text); | |
907 | argv_free(req->service_pattern); | 907 | argv_free(req->service_pattern); | |
908 | } | 908 | } | |
909 | myfree((char *) field_reqs); | 909 | myfree((char *) field_reqs); | |
910 | } | 910 | } | |
911 | } | 911 | } | |
912 | 912 | |||
913 | /* pcf_edit_master_param - update, add or remove -o parameter=value */ | 913 | /* pcf_edit_master_param - update, add or remove -o parameter=value */ | |
914 | 914 | |||
915 | void pcf_edit_master_param(PCF_MASTER_ENT *masterp, int mode, | 915 | void pcf_edit_master_param(PCF_MASTER_ENT *masterp, int mode, | |
916 | const char *param_name, | 916 | const char *param_name, | |
917 | const char *param_value) | 917 | const char *param_value) | |
918 | { | 918 | { | |
919 | const char *myname = "pcf_edit_master_param"; | 919 | const char *myname = "pcf_edit_master_param"; | |
920 | ARGV *argv = masterp->argv; | 920 | ARGV *argv = masterp->argv; | |
921 | const char *arg; | 921 | const char *arg; | |
922 | const char *aval; | 922 | const char *aval; | |
923 | int param_match = 0; | 923 | int param_match = 0; | |
924 | int name_len = strlen(param_name); | 924 | int name_len = strlen(param_name); | |
925 | int field; | 925 | int field; | |
926 | 926 | |||
927 | for (field = PCF_MASTER_MIN_FIELDS; argv->argv[field] != 0; field++) { | 927 | for (field = PCF_MASTER_MIN_FIELDS; argv->argv[field] != 0; field++) { | |
928 | arg = argv->argv[field]; | 928 | arg = argv->argv[field]; | |
929 | 929 | |||
930 | /* | 930 | /* | |
931 | * Stop at the first non-option argument or end-of-list. | 931 | * Stop at the first non-option argument or end-of-list. | |
932 | */ | 932 | */ | |
933 | if (arg[0] != '-' || strcmp(arg, "--") == 0) { | 933 | if (arg[0] != '-' || strcmp(arg, "--") == 0) { | |
934 | break; | 934 | break; | |
935 | } | 935 | } | |
936 | 936 | |||
937 | /* | 937 | /* | |
938 | * Zoom in on command-line options with a value. | 938 | * Zoom in on command-line options with a value. | |
939 | */ | 939 | */ | |
940 | else if (strchr(pcf_daemon_options_expecting_value, arg[1]) != 0 | 940 | else if (strchr(pcf_daemon_options_expecting_value, arg[1]) != 0 | |
941 | && (aval = argv->argv[field + 1]) != 0) { | 941 | && (aval = argv->argv[field + 1]) != 0) { | |
942 | 942 | |||
943 | /* | 943 | /* | |
944 | * Zoom in on "-o parameter=value". | 944 | * Zoom in on "-o parameter=value". | |
945 | */ | 945 | */ | |
946 | if (strcmp(arg, "-o") == 0) { | 946 | if (strcmp(arg, "-o") == 0) { | |
947 | if (strncmp(aval, param_name, name_len) == 0 | 947 | if (strncmp(aval, param_name, name_len) == 0 | |
948 | && aval[name_len] == '=') { | 948 | && aval[name_len] == '=') { | |
949 | param_match = 1; | 949 | param_match = 1; | |
950 | switch (mode & (PCF_EDIT_CONF | PCF_EDIT_EXCL)) { | 950 | switch (mode & (PCF_EDIT_CONF | PCF_EDIT_EXCL)) { | |
951 | 951 | |||
952 | /* | 952 | /* | |
953 | * Update parameter=value. | 953 | * Update parameter=value. | |
954 | */ | 954 | */ | |
955 | case PCF_EDIT_CONF: | 955 | case PCF_EDIT_CONF: | |
956 | aval = concatenate(param_name, "=", | 956 | aval = concatenate(param_name, "=", | |
957 | param_value, (char *) 0); | 957 | param_value, (char *) 0); | |
958 | argv_replace_one(argv, field + 1, aval); | 958 | argv_replace_one(argv, field + 1, aval); | |
959 | myfree((char *) aval); | 959 | myfree((char *) aval); | |
960 | if (masterp->all_params) | 960 | if (masterp->all_params) | |
961 | dict_put(masterp->all_params, param_name, param_value); | 961 | dict_put(masterp->all_params, param_name, param_value); | |
962 | /* XXX Update parameter "used/defined" status. */ | 962 | /* XXX Update parameter "used/defined" status. */ | |
963 | break; | 963 | break; | |
964 | 964 | |||
965 | /* | 965 | /* | |
966 | * Delete parameter=value. | 966 | * Delete parameter=value. | |
967 | */ | 967 | */ | |
968 | case PCF_EDIT_EXCL: | 968 | case PCF_EDIT_EXCL: | |
969 | argv_delete(argv, field, 2); | 969 | argv_delete(argv, field, 2); | |
970 | if (masterp->all_params) | 970 | if (masterp->all_params) | |
971 | dict_del(masterp->all_params, param_name); | 971 | dict_del(masterp->all_params, param_name); | |
972 | /* XXX Update parameter "used/defined" status. */ | 972 | /* XXX Update parameter "used/defined" status. */ | |
973 | field -= 2; | 973 | field -= 2; | |
974 | break; | 974 | break; | |
975 | default: | 975 | default: | |
976 | msg_panic("%s: unexpected mode: %d", myname, mode); | 976 | msg_panic("%s: unexpected mode: %d", myname, mode); | |
977 | } | 977 | } | |
978 | } | 978 | } | |
979 | } | 979 | } | |
980 | 980 | |||
981 | /* | 981 | /* | |
982 | * Skip over the command-line option value. | 982 | * Skip over the command-line option value. | |
983 | */ | 983 | */ | |
984 | field += 1; | 984 | field += 1; | |
985 | } | 985 | } | |
986 | } | 986 | } | |
987 | 987 | |||
988 | /* | 988 | /* | |
989 | * Add unmatched parameter. | 989 | * Add unmatched parameter. | |
990 | */ | 990 | */ | |
991 | if ((mode & PCF_EDIT_CONF) && param_match == 0) { | 991 | if ((mode & PCF_EDIT_CONF) && param_match == 0) { | |
992 | /* XXX Generalize: argv_insert(argv, where, list...) */ | 992 | /* XXX Generalize: argv_insert(argv, where, list...) */ | |
993 | argv_insert_one(argv, field, "-o"); | 993 | argv_insert_one(argv, field, "-o"); | |
994 | aval = concatenate(param_name, "=", | 994 | aval = concatenate(param_name, "=", | |
995 | param_value, (char *) 0); | 995 | param_value, (char *) 0); | |
996 | argv_insert_one(argv, field + 1, aval); | 996 | argv_insert_one(argv, field + 1, aval); | |
997 | if (masterp->all_params) | 997 | if (masterp->all_params) | |
998 | dict_put(masterp->all_params, param_name, param_value); | 998 | dict_put(masterp->all_params, param_name, param_value); | |
999 | /* XXX May affect parameter "used/defined" status. */ | 999 | /* XXX May affect parameter "used/defined" status. */ | |
1000 | myfree((char *) aval); | 1000 | myfree((char *) aval); | |
1001 | param_match = 1; | 1001 | param_match = 1; | |
1002 | } | 1002 | } | |
1003 | } | 1003 | } |
--- src/external/ibm-public/postfix/dist/src/smtp/smtp_tls_policy.c 2014/07/06 19:27:56 1.1.1.1
+++ src/external/ibm-public/postfix/dist/src/smtp/smtp_tls_policy.c 2015/03/03 07:11:08 1.1.1.1.4.1
@@ -1,847 +1,849 @@ | @@ -1,847 +1,849 @@ | |||
1 | /* $NetBSD: smtp_tls_policy.c,v 1.1.1.1 2014/07/06 19:27:56 tron Exp $ */ | 1 | /* $NetBSD: smtp_tls_policy.c,v 1.1.1.1.4.1 2015/03/03 07:11:08 snj Exp $ */ | |
2 | 2 | |||
3 | /*++ | 3 | /*++ | |
4 | /* NAME | 4 | /* NAME | |
5 | /* smtp_tls_policy 3 | 5 | /* smtp_tls_policy 3 | |
6 | /* SUMMARY | 6 | /* SUMMARY | |
7 | /* SMTP_TLS_POLICY structure management | 7 | /* SMTP_TLS_POLICY structure management | |
8 | /* SYNOPSIS | 8 | /* SYNOPSIS | |
9 | /* #include "smtp.h" | 9 | /* #include "smtp.h" | |
10 | /* | 10 | /* | |
11 | /* void smtp_tls_list_init() | 11 | /* void smtp_tls_list_init() | |
12 | /* | 12 | /* | |
13 | /* int smtp_tls_policy_cache_query(why, tls, iter) | 13 | /* int smtp_tls_policy_cache_query(why, tls, iter) | |
14 | /* DSN_BUF *why; | 14 | /* DSN_BUF *why; | |
15 | /* SMTP_TLS_POLICY *tls; | 15 | /* SMTP_TLS_POLICY *tls; | |
16 | /* SMTP_ITERATOR *iter; | 16 | /* SMTP_ITERATOR *iter; | |
17 | /* | 17 | /* | |
18 | /* void smtp_tls_policy_dummy(tls) | 18 | /* void smtp_tls_policy_dummy(tls) | |
19 | /* SMTP_TLS_POLICY *tls; | 19 | /* SMTP_TLS_POLICY *tls; | |
20 | /* | 20 | /* | |
21 | /* void smtp_tls_policy_cache_flush() | 21 | /* void smtp_tls_policy_cache_flush() | |
22 | /* DESCRIPTION | 22 | /* DESCRIPTION | |
23 | /* smtp_tls_list_init() initializes lookup tables used by the TLS | 23 | /* smtp_tls_list_init() initializes lookup tables used by the TLS | |
24 | /* policy engine. | 24 | /* policy engine. | |
25 | /* | 25 | /* | |
26 | /* smtp_tls_policy_cache_query() returns a shallow copy of the | 26 | /* smtp_tls_policy_cache_query() returns a shallow copy of the | |
27 | /* cached SMTP_TLS_POLICY structure for the iterator's | 27 | /* cached SMTP_TLS_POLICY structure for the iterator's | |
28 | /* destination, host, port and DNSSEC validation status. | 28 | /* destination, host, port and DNSSEC validation status. | |
29 | /* This copy is guaranteed to be valid until the next | 29 | /* This copy is guaranteed to be valid until the next | |
30 | /* smtp_tls_policy_cache_query() or smtp_tls_policy_cache_flush() | 30 | /* smtp_tls_policy_cache_query() or smtp_tls_policy_cache_flush() | |
31 | /* call. The caller can override the TLS security level without | 31 | /* call. The caller can override the TLS security level without | |
32 | /* corrupting the policy cache. | 32 | /* corrupting the policy cache. | |
33 | /* When any required table or DNS lookups fail, the TLS level | 33 | /* When any required table or DNS lookups fail, the TLS level | |
34 | /* is set to TLS_LEV_INVALID, the "why" argument is updated | 34 | /* is set to TLS_LEV_INVALID, the "why" argument is updated | |
35 | /* with the error reason and the result value is zero (false). | 35 | /* with the error reason and the result value is zero (false). | |
36 | /* | 36 | /* | |
37 | /* smtp_tls_policy_dummy() initializes a trivial, non-cached, | 37 | /* smtp_tls_policy_dummy() initializes a trivial, non-cached, | |
38 | /* policy with TLS disabled. | 38 | /* policy with TLS disabled. | |
39 | /* | 39 | /* | |
40 | /* smtp_tls_policy_cache_flush() destroys the TLS policy cache | 40 | /* smtp_tls_policy_cache_flush() destroys the TLS policy cache | |
41 | /* and contents. | 41 | /* and contents. | |
42 | /* | 42 | /* | |
43 | /* Arguments: | 43 | /* Arguments: | |
44 | /* .IP why | 44 | /* .IP why | |
45 | /* A pointer to a DSN_BUF which holds error status information when | 45 | /* A pointer to a DSN_BUF which holds error status information when | |
46 | /* the TLS policy lookup fails. | 46 | /* the TLS policy lookup fails. | |
47 | /* .IP tls | 47 | /* .IP tls | |
48 | /* Pointer to TLS policy storage. | 48 | /* Pointer to TLS policy storage. | |
49 | /* .IP iter | 49 | /* .IP iter | |
50 | /* The literal next-hop or fall-back destination including | 50 | /* The literal next-hop or fall-back destination including | |
51 | /* the optional [] and including the :port or :service; | 51 | /* the optional [] and including the :port or :service; | |
52 | /* the name of the remote host after MX and CNAME expansions | 52 | /* the name of the remote host after MX and CNAME expansions | |
53 | /* (see smtp_cname_overrides_servername for the handling | 53 | /* (see smtp_cname_overrides_servername for the handling | |
54 | /* of hostnames that resolve to a CNAME record); | 54 | /* of hostnames that resolve to a CNAME record); | |
55 | /* the printable address of the remote host; | 55 | /* the printable address of the remote host; | |
56 | /* the remote port in network byte order; | 56 | /* the remote port in network byte order; | |
57 | /* the DNSSEC validation status of the host name lookup after | 57 | /* the DNSSEC validation status of the host name lookup after | |
58 | /* MX and CNAME expansions. | 58 | /* MX and CNAME expansions. | |
59 | /* LICENSE | 59 | /* LICENSE | |
60 | /* .ad | 60 | /* .ad | |
61 | /* .fi | 61 | /* .fi | |
62 | /* This software is free. You can do with it whatever you want. | 62 | /* This software is free. You can do with it whatever you want. | |
63 | /* The original author kindly requests that you acknowledge | 63 | /* The original author kindly requests that you acknowledge | |
64 | /* the use of his software. | 64 | /* the use of his software. | |
65 | /* AUTHOR(S) | 65 | /* AUTHOR(S) | |
66 | /* TLS support originally by: | 66 | /* TLS support originally by: | |
67 | /* Lutz Jaenicke | 67 | /* Lutz Jaenicke | |
68 | /* BTU Cottbus | 68 | /* BTU Cottbus | |
69 | /* Allgemeine Elektrotechnik | 69 | /* Allgemeine Elektrotechnik | |
70 | /* Universitaetsplatz 3-4 | 70 | /* Universitaetsplatz 3-4 | |
71 | /* D-03044 Cottbus, Germany | 71 | /* D-03044 Cottbus, Germany | |
72 | /* | 72 | /* | |
73 | /* Updated by: | 73 | /* Updated by: | |
74 | /* Wietse Venema | 74 | /* Wietse Venema | |
75 | /* IBM T.J. Watson Research | 75 | /* IBM T.J. Watson Research | |
76 | /* P.O. Box 704 | 76 | /* P.O. Box 704 | |
77 | /* Yorktown Heights, NY 10598, USA | 77 | /* Yorktown Heights, NY 10598, USA | |
78 | /* | 78 | /* | |
79 | /* Viktor Dukhovni | 79 | /* Viktor Dukhovni | |
80 | /*--*/ | 80 | /*--*/ | |
81 | 81 | |||
82 | /* System library. */ | 82 | /* System library. */ | |
83 | 83 | |||
84 | #include <sys_defs.h> | 84 | #include <sys_defs.h> | |
85 | 85 | |||
86 | #ifdef USE_TLS | 86 | #ifdef USE_TLS | |
87 | 87 | |||
88 | #include <netinet/in.h> /* ntohs() for Solaris or BSD */ | 88 | #include <netinet/in.h> /* ntohs() for Solaris or BSD */ | |
89 | #include <arpa/inet.h> /* ntohs() for Linux or BSD */ | 89 | #include <arpa/inet.h> /* ntohs() for Linux or BSD */ | |
90 | #include <stdlib.h> | 90 | #include <stdlib.h> | |
91 | #include <string.h> | 91 | #include <string.h> | |
92 | 92 | |||
93 | #ifdef STRCASECMP_IN_STRINGS_H | 93 | #ifdef STRCASECMP_IN_STRINGS_H | |
94 | #include <strings.h> | 94 | #include <strings.h> | |
95 | #endif | 95 | #endif | |
96 | 96 | |||
97 | /* Utility library. */ | 97 | /* Utility library. */ | |
98 | 98 | |||
99 | #include <msg.h> | 99 | #include <msg.h> | |
100 | #include <mymalloc.h> | 100 | #include <mymalloc.h> | |
101 | #include <vstring.h> | 101 | #include <vstring.h> | |
102 | #include <stringops.h> | 102 | #include <stringops.h> | |
103 | #include <valid_hostname.h> | 103 | #include <valid_hostname.h> | |
104 | #include <ctable.h> | 104 | #include <ctable.h> | |
105 | 105 | |||
106 | /* Global library. */ | 106 | /* Global library. */ | |
107 | 107 | |||
108 | #include <mail_params.h> | 108 | #include <mail_params.h> | |
109 | #include <maps.h> | 109 | #include <maps.h> | |
110 | #include <dsn_buf.h> | 110 | #include <dsn_buf.h> | |
111 | 111 | |||
112 | /* DNS library. */ | 112 | /* DNS library. */ | |
113 | 113 | |||
114 | #include <dns.h> | 114 | #include <dns.h> | |
115 | 115 | |||
116 | /* Application-specific. */ | 116 | /* Application-specific. */ | |
117 | 117 | |||
118 | #include "smtp.h" | 118 | #include "smtp.h" | |
119 | 119 | |||
120 | /* XXX Cache size should scale with [sl]mtp_mx_address_limit. */ | 120 | /* XXX Cache size should scale with [sl]mtp_mx_address_limit. */ | |
121 | #define CACHE_SIZE 20 | 121 | #define CACHE_SIZE 20 | |
122 | static CTABLE *policy_cache; | 122 | static CTABLE *policy_cache; | |
123 | 123 | |||
124 | static int global_tls_level(void); | 124 | static int global_tls_level(void); | |
125 | static void dane_init(SMTP_TLS_POLICY *, SMTP_ITERATOR *); | 125 | static void dane_init(SMTP_TLS_POLICY *, SMTP_ITERATOR *); | |
126 | 126 | |||
127 | static MAPS *tls_policy; /* lookup table(s) */ | 127 | static MAPS *tls_policy; /* lookup table(s) */ | |
128 | static MAPS *tls_per_site; /* lookup table(s) */ | 128 | static MAPS *tls_per_site; /* lookup table(s) */ | |
129 | 129 | |||
130 | /* smtp_tls_list_init - initialize per-site policy lists */ | 130 | /* smtp_tls_list_init - initialize per-site policy lists */ | |
131 | 131 | |||
132 | void smtp_tls_list_init(void) | 132 | void smtp_tls_list_init(void) | |
133 | { | 133 | { | |
134 | if (*var_smtp_tls_policy) { | 134 | if (*var_smtp_tls_policy) { | |
135 | tls_policy = maps_create(SMTP_X(TLS_POLICY), var_smtp_tls_policy, | 135 | tls_policy = maps_create(SMTP_X(TLS_POLICY), var_smtp_tls_policy, | |
136 | DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); | 136 | DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); | |
137 | if (*var_smtp_tls_per_site) | 137 | if (*var_smtp_tls_per_site) | |
138 | msg_warn("%s ignored when %s is not empty.", | 138 | msg_warn("%s ignored when %s is not empty.", | |
139 | SMTP_X(TLS_PER_SITE), SMTP_X(TLS_POLICY)); | 139 | SMTP_X(TLS_PER_SITE), SMTP_X(TLS_POLICY)); | |
140 | return; | 140 | return; | |
141 | } | 141 | } | |
142 | if (*var_smtp_tls_per_site) { | 142 | if (*var_smtp_tls_per_site) { | |
143 | tls_per_site = maps_create(SMTP_X(TLS_PER_SITE), var_smtp_tls_per_site, | 143 | tls_per_site = maps_create(SMTP_X(TLS_PER_SITE), var_smtp_tls_per_site, | |
144 | DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); | 144 | DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); | |
145 | } | 145 | } | |
146 | } | 146 | } | |
147 | 147 | |||
148 | /* policy_name - printable tls policy level */ | 148 | /* policy_name - printable tls policy level */ | |
149 | 149 | |||
150 | static const char *policy_name(int tls_level) | 150 | static const char *policy_name(int tls_level) | |
151 | { | 151 | { | |
152 | const char *name = str_tls_level(tls_level); | 152 | const char *name = str_tls_level(tls_level); | |
153 | 153 | |||
154 | if (name == 0) | 154 | if (name == 0) | |
155 | name = "unknown"; | 155 | name = "unknown"; | |
156 | return name; | 156 | return name; | |
157 | } | 157 | } | |
158 | 158 | |||
159 | #define MARK_INVALID(why, levelp) do { \ | 159 | #define MARK_INVALID(why, levelp) do { \ | |
160 | dsb_simple((why), "4.7.5", "client TLS configuration problem"); \ | 160 | dsb_simple((why), "4.7.5", "client TLS configuration problem"); \ | |
161 | *(levelp) = TLS_LEV_INVALID; } while (0) | 161 | *(levelp) = TLS_LEV_INVALID; } while (0) | |
162 | 162 | |||
163 | /* tls_site_lookup - look up per-site TLS security level */ | 163 | /* tls_site_lookup - look up per-site TLS security level */ | |
164 | 164 | |||
165 | static void tls_site_lookup(SMTP_TLS_POLICY *tls, int *site_level, | 165 | static void tls_site_lookup(SMTP_TLS_POLICY *tls, int *site_level, | |
166 | const char *site_name, const char *site_class) | 166 | const char *site_name, const char *site_class) | |
167 | { | 167 | { | |
168 | const char *lookup; | 168 | const char *lookup; | |
169 | 169 | |||
170 | /* | 170 | /* | |
171 | * Look up a non-default policy. In case of multiple lookup results, the | 171 | * Look up a non-default policy. In case of multiple lookup results, the | |
172 | * precedence order is a permutation of the TLS enforcement level order: | 172 | * precedence order is a permutation of the TLS enforcement level order: | |
173 | * VERIFY, ENCRYPT, NONE, MAY, NOTFOUND. I.e. we override MAY with a more | 173 | * VERIFY, ENCRYPT, NONE, MAY, NOTFOUND. I.e. we override MAY with a more | |
174 | * specific policy including NONE, otherwise we choose the stronger | 174 | * specific policy including NONE, otherwise we choose the stronger | |
175 | * enforcement level. | 175 | * enforcement level. | |
176 | */ | 176 | */ | |
177 | if ((lookup = maps_find(tls_per_site, site_name, 0)) != 0) { | 177 | if ((lookup = maps_find(tls_per_site, site_name, 0)) != 0) { | |
178 | if (!strcasecmp(lookup, "NONE")) { | 178 | if (!strcasecmp(lookup, "NONE")) { | |
179 | /* NONE overrides MAY or NOTFOUND. */ | 179 | /* NONE overrides MAY or NOTFOUND. */ | |
180 | if (*site_level <= TLS_LEV_MAY) | 180 | if (*site_level <= TLS_LEV_MAY) | |
181 | *site_level = TLS_LEV_NONE; | 181 | *site_level = TLS_LEV_NONE; | |
182 | } else if (!strcasecmp(lookup, "MAY")) { | 182 | } else if (!strcasecmp(lookup, "MAY")) { | |
183 | /* MAY overrides NOTFOUND but not NONE. */ | 183 | /* MAY overrides NOTFOUND but not NONE. */ | |
184 | if (*site_level < TLS_LEV_NONE) | 184 | if (*site_level < TLS_LEV_NONE) | |
185 | *site_level = TLS_LEV_MAY; | 185 | *site_level = TLS_LEV_MAY; | |
186 | } else if (!strcasecmp(lookup, "MUST_NOPEERMATCH")) { | 186 | } else if (!strcasecmp(lookup, "MUST_NOPEERMATCH")) { | |
187 | if (*site_level < TLS_LEV_ENCRYPT) | 187 | if (*site_level < TLS_LEV_ENCRYPT) | |
188 | *site_level = TLS_LEV_ENCRYPT; | 188 | *site_level = TLS_LEV_ENCRYPT; | |
189 | } else if (!strcasecmp(lookup, "MUST")) { | 189 | } else if (!strcasecmp(lookup, "MUST")) { | |
190 | if (*site_level < TLS_LEV_VERIFY) | 190 | if (*site_level < TLS_LEV_VERIFY) | |
191 | *site_level = TLS_LEV_VERIFY; | 191 | *site_level = TLS_LEV_VERIFY; | |
192 | } else { | 192 | } else { | |
193 | msg_warn("%s: unknown TLS policy '%s' for %s %s", | 193 | msg_warn("%s: unknown TLS policy '%s' for %s %s", | |
194 | tls_per_site->title, lookup, site_class, site_name); | 194 | tls_per_site->title, lookup, site_class, site_name); | |
195 | MARK_INVALID(tls->why, site_level); | 195 | MARK_INVALID(tls->why, site_level); | |
196 | return; | 196 | return; | |
197 | } | 197 | } | |
198 | } else if (tls_per_site->error) { | 198 | } else if (tls_per_site->error) { | |
199 | msg_warn("%s: %s \"%s\": per-site table lookup error", | 199 | msg_warn("%s: %s \"%s\": per-site table lookup error", | |
200 | tls_per_site->title, site_class, site_name); | 200 | tls_per_site->title, site_class, site_name); | |
201 | dsb_simple(tls->why, "4.3.0", "Temporary lookup error"); | 201 | dsb_simple(tls->why, "4.3.0", "Temporary lookup error"); | |
202 | *site_level = TLS_LEV_INVALID; | 202 | *site_level = TLS_LEV_INVALID; | |
203 | return; | 203 | return; | |
204 | } | 204 | } | |
205 | return; | 205 | return; | |
206 | } | 206 | } | |
207 | 207 | |||
208 | /* tls_policy_lookup_one - look up destination TLS policy */ | 208 | /* tls_policy_lookup_one - look up destination TLS policy */ | |
209 | 209 | |||
210 | static void tls_policy_lookup_one(SMTP_TLS_POLICY *tls, int *site_level, | 210 | static void tls_policy_lookup_one(SMTP_TLS_POLICY *tls, int *site_level, | |
211 | const char *site_name, | 211 | const char *site_name, | |
212 | const char *site_class) | 212 | const char *site_class) | |
213 | { | 213 | { | |
214 | const char *lookup; | 214 | const char *lookup; | |
215 | char *policy; | 215 | char *policy; | |
216 | char *saved_policy; | 216 | char *saved_policy; | |
217 | char *tok; | 217 | char *tok; | |
218 | const char *err; | 218 | const char *err; | |
219 | char *name; | 219 | char *name; | |
220 | char *val; | 220 | char *val; | |
221 | static VSTRING *cbuf; | 221 | static VSTRING *cbuf; | |
222 | 222 | |||
223 | #undef FREE_RETURN | 223 | #undef FREE_RETURN | |
224 | #define FREE_RETURN do { myfree(saved_policy); return; } while (0) | 224 | #define FREE_RETURN do { myfree(saved_policy); return; } while (0) | |
225 | 225 | |||
226 | #define INVALID_RETURN(why, levelp) do { \ | 226 | #define INVALID_RETURN(why, levelp) do { \ | |
227 | MARK_INVALID((why), (levelp)); FREE_RETURN; } while (0) | 227 | MARK_INVALID((why), (levelp)); FREE_RETURN; } while (0) | |
228 | 228 | |||
229 | #define WHERE \ | 229 | #define WHERE \ | |
230 | STR(vstring_sprintf(cbuf, "%s, %s \"%s\"", \ | 230 | STR(vstring_sprintf(cbuf, "%s, %s \"%s\"", \ | |
231 | tls_policy->title, site_class, site_name)) | 231 | tls_policy->title, site_class, site_name)) | |
232 | 232 | |||
233 | if (cbuf == 0) | 233 | if (cbuf == 0) | |
234 | cbuf = vstring_alloc(10); | 234 | cbuf = vstring_alloc(10); | |
235 | 235 | |||
236 | if ((lookup = maps_find(tls_policy, site_name, 0)) == 0) { | 236 | if ((lookup = maps_find(tls_policy, site_name, 0)) == 0) { | |
237 | if (tls_policy->error) { | 237 | if (tls_policy->error) { | |
238 | msg_warn("%s: policy table lookup error", WHERE); | 238 | msg_warn("%s: policy table lookup error", WHERE); | |
239 | MARK_INVALID(tls->why, site_level); | 239 | MARK_INVALID(tls->why, site_level); | |
240 | } | 240 | } | |
241 | return; | 241 | return; | |
242 | } | 242 | } | |
243 | saved_policy = policy = mystrdup(lookup); | 243 | saved_policy = policy = mystrdup(lookup); | |
244 | 244 | |||
245 | if ((tok = mystrtok(&policy, "\t\n\r ,")) == 0) { | 245 | if ((tok = mystrtok(&policy, "\t\n\r ,")) == 0) { | |
246 | msg_warn("%s: invalid empty policy", WHERE); | 246 | msg_warn("%s: invalid empty policy", WHERE); | |
247 | INVALID_RETURN(tls->why, site_level); | 247 | INVALID_RETURN(tls->why, site_level); | |
248 | } | 248 | } | |
249 | *site_level = tls_level_lookup(tok); | 249 | *site_level = tls_level_lookup(tok); | |
250 | if (*site_level == TLS_LEV_INVALID) { | 250 | if (*site_level == TLS_LEV_INVALID) { | |
251 | /* tls_level_lookup() logs no warning. */ | 251 | /* tls_level_lookup() logs no warning. */ | |
252 | msg_warn("%s: invalid security level \"%s\"", WHERE, tok); | 252 | msg_warn("%s: invalid security level \"%s\"", WHERE, tok); | |
253 | INVALID_RETURN(tls->why, site_level); | 253 | INVALID_RETURN(tls->why, site_level); | |
254 | } | 254 | } | |
255 | 255 | |||
256 | /* | 256 | /* | |
257 | * Warn about ignored attributes when TLS is disabled. | 257 | * Warn about ignored attributes when TLS is disabled. | |
258 | */ | 258 | */ | |
259 | if (*site_level < TLS_LEV_MAY) { | 259 | if (*site_level < TLS_LEV_MAY) { | |
260 | while ((tok = mystrtok(&policy, "\t\n\r ,")) != 0) | 260 | while ((tok = mystrtok(&policy, "\t\n\r ,")) != 0) | |
261 | msg_warn("%s: ignoring attribute \"%s\" with TLS disabled", | 261 | msg_warn("%s: ignoring attribute \"%s\" with TLS disabled", | |
262 | WHERE, tok); | 262 | WHERE, tok); | |
263 | FREE_RETURN; | 263 | FREE_RETURN; | |
264 | } | 264 | } | |
265 | 265 | |||
266 | /* | 266 | /* | |
267 | * Errors in attributes may have security consequences, don't ignore | 267 | * Errors in attributes may have security consequences, don't ignore | |
268 | * errors that can degrade security. | 268 | * errors that can degrade security. | |
269 | */ | 269 | */ | |
270 | while ((tok = mystrtok(&policy, "\t\n\r ,")) != 0) { | 270 | while ((tok = mystrtok(&policy, "\t\n\r ,")) != 0) { | |
271 | if ((err = split_nameval(tok, &name, &val)) != 0) { | 271 | if ((err = split_nameval(tok, &name, &val)) != 0) { | |
272 | msg_warn("%s: malformed attribute/value pair \"%s\": %s", | 272 | msg_warn("%s: malformed attribute/value pair \"%s\": %s", | |
273 | WHERE, tok, err); | 273 | WHERE, tok, err); | |
274 | INVALID_RETURN(tls->why, site_level); | 274 | INVALID_RETURN(tls->why, site_level); | |
275 | } | 275 | } | |
276 | /* Only one instance per policy. */ | 276 | /* Only one instance per policy. */ | |
277 | if (!strcasecmp(name, "ciphers")) { | 277 | if (!strcasecmp(name, "ciphers")) { | |
278 | if (*val == 0) { | 278 | if (*val == 0) { | |
279 | msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); | 279 | msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); | |
280 | INVALID_RETURN(tls->why, site_level); | 280 | INVALID_RETURN(tls->why, site_level); | |
281 | } | 281 | } | |
282 | if (tls->grade) { | 282 | if (tls->grade) { | |
283 | msg_warn("%s: attribute \"%s\" is specified multiple times", | 283 | msg_warn("%s: attribute \"%s\" is specified multiple times", | |
284 | WHERE, name); | 284 | WHERE, name); | |
285 | INVALID_RETURN(tls->why, site_level); | 285 | INVALID_RETURN(tls->why, site_level); | |
286 | } | 286 | } | |
287 | tls->grade = mystrdup(val); | 287 | tls->grade = mystrdup(val); | |
288 | continue; | 288 | continue; | |
289 | } | 289 | } | |
290 | /* Only one instance per policy. */ | 290 | /* Only one instance per policy. */ | |
291 | if (!strcasecmp(name, "protocols")) { | 291 | if (!strcasecmp(name, "protocols")) { | |
292 | if (tls->protocols) { | 292 | if (tls->protocols) { | |
293 | msg_warn("%s: attribute \"%s\" is specified multiple times", | 293 | msg_warn("%s: attribute \"%s\" is specified multiple times", | |
294 | WHERE, name); | 294 | WHERE, name); | |
295 | INVALID_RETURN(tls->why, site_level); | 295 | INVALID_RETURN(tls->why, site_level); | |
296 | } | 296 | } | |
297 | tls->protocols = mystrdup(val); | 297 | tls->protocols = mystrdup(val); | |
298 | continue; | 298 | continue; | |
299 | } | 299 | } | |
300 | /* Multiple instances per policy. */ | 300 | /* Multiple instances per policy. */ | |
301 | if (!strcasecmp(name, "match")) { | 301 | if (!strcasecmp(name, "match")) { | |
302 | if (*val == 0) { | 302 | if (*val == 0) { | |
303 | msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); | 303 | msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); | |
304 | INVALID_RETURN(tls->why, site_level); | 304 | INVALID_RETURN(tls->why, site_level); | |
305 | } | 305 | } | |
306 | switch (*site_level) { | 306 | switch (*site_level) { | |
307 | default: | 307 | default: | |
308 | msg_warn("%s: attribute \"%s\" invalid at security level " | 308 | msg_warn("%s: attribute \"%s\" invalid at security level " | |
309 | "\"%s\"", WHERE, name, policy_name(*site_level)); | 309 | "\"%s\"", WHERE, name, policy_name(*site_level)); | |
310 | INVALID_RETURN(tls->why, site_level); | 310 | INVALID_RETURN(tls->why, site_level); | |
311 | break; | 311 | break; | |
312 | case TLS_LEV_FPRINT: | 312 | case TLS_LEV_FPRINT: | |
313 | if (!tls->dane) | 313 | if (!tls->dane) | |
314 | tls->dane = tls_dane_alloc(); | 314 | tls->dane = tls_dane_alloc(); | |
315 | tls_dane_add_ee_digests(tls->dane, | 315 | tls_dane_add_ee_digests(tls->dane, | |
316 | var_smtp_tls_fpt_dgst, val, "|"); | 316 | var_smtp_tls_fpt_dgst, val, "|"); | |
317 | break; | 317 | break; | |
318 | case TLS_LEV_VERIFY: | 318 | case TLS_LEV_VERIFY: | |
319 | case TLS_LEV_SECURE: | 319 | case TLS_LEV_SECURE: | |
320 | if (tls->matchargv == 0) | 320 | if (tls->matchargv == 0) | |
321 | tls->matchargv = argv_split(val, ":"); | 321 | tls->matchargv = argv_split(val, ":"); | |
322 | else | 322 | else | |
323 | argv_split_append(tls->matchargv, val, ":"); | 323 | argv_split_append(tls->matchargv, val, ":"); | |
324 | break; | 324 | break; | |
325 | } | 325 | } | |
326 | continue; | 326 | continue; | |
327 | } | 327 | } | |
328 | /* Only one instance per policy. */ | 328 | /* Only one instance per policy. */ | |
329 | if (!strcasecmp(name, "exclude")) { | 329 | if (!strcasecmp(name, "exclude")) { | |
330 | if (tls->exclusions) { | 330 | if (tls->exclusions) { | |
331 | msg_warn("%s: attribute \"%s\" is specified multiple times", | 331 | msg_warn("%s: attribute \"%s\" is specified multiple times", | |
332 | WHERE, name); | 332 | WHERE, name); | |
333 | INVALID_RETURN(tls->why, site_level); | 333 | INVALID_RETURN(tls->why, site_level); | |
334 | } | 334 | } | |
335 | tls->exclusions = vstring_strcpy(vstring_alloc(10), val); | 335 | tls->exclusions = vstring_strcpy(vstring_alloc(10), val); | |
336 | continue; | 336 | continue; | |
337 | } | 337 | } | |
338 | /* Multiple instances per policy. */ | 338 | /* Multiple instances per policy. */ | |
339 | if (!strcasecmp(name, "tafile")) { | 339 | if (!strcasecmp(name, "tafile")) { | |
340 | /* Only makes sense if we're using CA-based trust */ | 340 | /* Only makes sense if we're using CA-based trust */ | |
341 | if (!TLS_MUST_PKIX(*site_level)) { | 341 | if (!TLS_MUST_PKIX(*site_level)) { | |
342 | msg_warn("%s: attribute \"%s\" invalid at security level" | 342 | msg_warn("%s: attribute \"%s\" invalid at security level" | |
343 | " \"%s\"", WHERE, name, policy_name(*site_level)); | 343 | " \"%s\"", WHERE, name, policy_name(*site_level)); | |
344 | INVALID_RETURN(tls->why, site_level); | 344 | INVALID_RETURN(tls->why, site_level); | |
345 | } | 345 | } | |
346 | if (*val == 0) { | 346 | if (*val == 0) { | |
347 | msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); | 347 | msg_warn("%s: attribute \"%s\" has empty value", WHERE, name); | |
348 | INVALID_RETURN(tls->why, site_level); | 348 | INVALID_RETURN(tls->why, site_level); | |
349 | } | 349 | } | |
350 | if (!tls->dane) | 350 | if (!tls->dane) | |
351 | tls->dane = tls_dane_alloc(); | 351 | tls->dane = tls_dane_alloc(); | |
352 | if (!tls_dane_load_trustfile(tls->dane, val)) { | 352 | if (!tls_dane_load_trustfile(tls->dane, val)) { | |
353 | INVALID_RETURN(tls->why, site_level); | 353 | INVALID_RETURN(tls->why, site_level); | |
354 | } | 354 | } | |
355 | continue; | 355 | continue; | |
356 | } | 356 | } | |
357 | msg_warn("%s: invalid attribute name: \"%s\"", WHERE, name); | 357 | msg_warn("%s: invalid attribute name: \"%s\"", WHERE, name); | |
358 | INVALID_RETURN(tls->why, site_level); | 358 | INVALID_RETURN(tls->why, site_level); | |
359 | } | 359 | } | |
360 | 360 | |||
361 | FREE_RETURN; | 361 | FREE_RETURN; | |
362 | } | 362 | } | |
363 | 363 | |||
364 | /* tls_policy_lookup - look up destination TLS policy */ | 364 | /* tls_policy_lookup - look up destination TLS policy */ | |
365 | 365 | |||
366 | static void tls_policy_lookup(SMTP_TLS_POLICY *tls, int *site_level, | 366 | static void tls_policy_lookup(SMTP_TLS_POLICY *tls, int *site_level, | |
367 | const char *site_name, | 367 | const char *site_name, | |
368 | const char *site_class) | 368 | const char *site_class) | |
369 | { | 369 | { | |
370 | 370 | |||
371 | /* | 371 | /* | |
372 | * Only one lookup with [nexthop]:port, [nexthop] or nexthop:port These | 372 | * Only one lookup with [nexthop]:port, [nexthop] or nexthop:port These | |
373 | * are never the domain part of localpart@domain, rather they are | 373 | * are never the domain part of localpart@domain, rather they are | |
374 | * explicit nexthops from transport:nexthop, and match only the | 374 | * explicit nexthops from transport:nexthop, and match only the | |
375 | * corresponding policy. Parent domain matching (below) applies only to | 375 | * corresponding policy. Parent domain matching (below) applies only to | |
376 | * sub-domains of the recipient domain. | 376 | * sub-domains of the recipient domain. | |
377 | * | 377 | * | |
378 | * XXX UNIX-domain connections query with the pathname as destination. | 378 | * XXX UNIX-domain connections query with the pathname as destination. | |
379 | */ | 379 | */ | |
380 | if (!valid_hostname(site_name, DONT_GRIPE)) { | 380 | if (!valid_hostname(site_name, DONT_GRIPE)) { | |
381 | tls_policy_lookup_one(tls, site_level, site_name, site_class); | 381 | tls_policy_lookup_one(tls, site_level, site_name, site_class); | |
382 | return; | 382 | return; | |
383 | } | 383 | } | |
384 | do { | 384 | do { | |
385 | tls_policy_lookup_one(tls, site_level, site_name, site_class); | 385 | tls_policy_lookup_one(tls, site_level, site_name, site_class); | |
386 | } while (*site_level == TLS_LEV_NOTFOUND | 386 | } while (*site_level == TLS_LEV_NOTFOUND | |
387 | && (site_name = strchr(site_name + 1, '.')) != 0); | 387 | && (site_name = strchr(site_name + 1, '.')) != 0); | |
388 | } | 388 | } | |
389 | 389 | |||
390 | /* load_tas - load one or more ta files */ | 390 | /* load_tas - load one or more ta files */ | |
391 | 391 | |||
392 | static int load_tas(TLS_DANE *dane, const char *files) | 392 | static int load_tas(TLS_DANE *dane, const char *files) | |
393 | { | 393 | { | |
394 | int ret = 0; | 394 | int ret = 0; | |
395 | char *save = mystrdup(files); | 395 | char *save = mystrdup(files); | |
396 | char *buf = save; | 396 | char *buf = save; | |
397 | char *file; | 397 | char *file; | |
398 | 398 | |||
399 | do { | 399 | do { | |
400 | if ((file = mystrtok(&buf, "\t\n\r ,")) != 0) | 400 | if ((file = mystrtok(&buf, "\t\n\r ,")) != 0) | |
401 | ret = tls_dane_load_trustfile(dane, file); | 401 | ret = tls_dane_load_trustfile(dane, file); | |
402 | } while (file && ret); | 402 | } while (file && ret); | |
403 | 403 | |||
404 | myfree(save); | 404 | myfree(save); | |
405 | return (ret); | 405 | return (ret); | |
406 | } | 406 | } | |
407 | 407 | |||
408 | /* set_cipher_grade - Set cipher grade and exclusions */ | 408 | /* set_cipher_grade - Set cipher grade and exclusions */ | |
409 | 409 | |||
410 | static void set_cipher_grade(SMTP_TLS_POLICY *tls) | 410 | static void set_cipher_grade(SMTP_TLS_POLICY *tls) | |
411 | { | 411 | { | |
412 | const char *mand_exclude = ""; | 412 | const char *mand_exclude = ""; | |
413 | const char *also_exclude = ""; | 413 | const char *also_exclude = ""; | |
414 | 414 | |||
415 | /* | 415 | /* | |
416 | * Use main.cf cipher level if no per-destination value specified. With | 416 | * Use main.cf cipher level if no per-destination value specified. With | |
417 | * mandatory encryption at least encrypt, and with mandatory verification | 417 | * mandatory encryption at least encrypt, and with mandatory verification | |
418 | * at least authenticate! | 418 | * at least authenticate! | |
419 | */ | 419 | */ | |
420 | switch (tls->level) { | 420 | switch (tls->level) { | |
421 | case TLS_LEV_INVALID: | 421 | case TLS_LEV_INVALID: | |
422 | case TLS_LEV_NONE: | 422 | case TLS_LEV_NONE: | |
423 | return; | 423 | return; | |
424 | 424 | |||
425 | case TLS_LEV_MAY: | 425 | case TLS_LEV_MAY: | |
426 | if (tls->grade == 0) | 426 | if (tls->grade == 0) | |
427 | tls->grade = mystrdup(var_smtp_tls_ciph); | 427 | tls->grade = mystrdup(var_smtp_tls_ciph); | |
428 | break; | 428 | break; | |
429 | 429 | |||
430 | case TLS_LEV_ENCRYPT: | 430 | case TLS_LEV_ENCRYPT: | |
431 | if (tls->grade == 0) | 431 | if (tls->grade == 0) | |
432 | tls->grade = mystrdup(var_smtp_tls_mand_ciph); | 432 | tls->grade = mystrdup(var_smtp_tls_mand_ciph); | |
433 | mand_exclude = var_smtp_tls_mand_excl; | 433 | mand_exclude = var_smtp_tls_mand_excl; | |
434 | also_exclude = "eNULL"; | 434 | also_exclude = "eNULL"; | |
435 | break; | 435 | break; | |
436 | 436 | |||
437 | case TLS_LEV_DANE: | 437 | case TLS_LEV_DANE: | |
438 | case TLS_LEV_FPRINT: | 438 | case TLS_LEV_FPRINT: | |
439 | case TLS_LEV_VERIFY: | 439 | case TLS_LEV_VERIFY: | |
440 | case TLS_LEV_SECURE: | 440 | case TLS_LEV_SECURE: | |
441 | if (tls->grade == 0) | 441 | if (tls->grade == 0) | |
442 | tls->grade = mystrdup(var_smtp_tls_mand_ciph); | 442 | tls->grade = mystrdup(var_smtp_tls_mand_ciph); | |
443 | mand_exclude = var_smtp_tls_mand_excl; | 443 | mand_exclude = var_smtp_tls_mand_excl; | |
444 | also_exclude = "aNULL"; | 444 | also_exclude = "aNULL"; | |
445 | break; | 445 | break; | |
446 | } | 446 | } | |
447 | 447 | |||
448 | #define ADD_EXCLUDE(vstr, str) \ | 448 | #define ADD_EXCLUDE(vstr, str) \ | |
449 | do { \ | 449 | do { \ | |
450 | if (*(str)) \ | 450 | if (*(str)) \ | |
451 | vstring_sprintf_append((vstr), "%s%s", \ | 451 | vstring_sprintf_append((vstr), "%s%s", \ | |
452 | VSTRING_LEN(vstr) ? " " : "", (str)); \ | 452 | VSTRING_LEN(vstr) ? " " : "", (str)); \ | |
453 | } while (0) | 453 | } while (0) | |
454 | 454 | |||
455 | /* | 455 | /* | |
456 | * The "exclude" policy table attribute overrides main.cf exclusion | 456 | * The "exclude" policy table attribute overrides main.cf exclusion | |
457 | * lists. | 457 | * lists. | |
458 | */ | 458 | */ | |
459 | if (tls->exclusions == 0) { | 459 | if (tls->exclusions == 0) { | |
460 | tls->exclusions = vstring_alloc(10); | 460 | tls->exclusions = vstring_alloc(10); | |
461 | ADD_EXCLUDE(tls->exclusions, var_smtp_tls_excl_ciph); | 461 | ADD_EXCLUDE(tls->exclusions, var_smtp_tls_excl_ciph); | |
462 | ADD_EXCLUDE(tls->exclusions, mand_exclude); | 462 | ADD_EXCLUDE(tls->exclusions, mand_exclude); | |
463 | } | 463 | } | |
464 | ADD_EXCLUDE(tls->exclusions, also_exclude); | 464 | ADD_EXCLUDE(tls->exclusions, also_exclude); | |
465 | } | 465 | } | |
466 | 466 | |||
467 | /* policy_create - create SMTP TLS policy cache object (ctable call-back) */ | 467 | /* policy_create - create SMTP TLS policy cache object (ctable call-back) */ | |
468 | 468 | |||
469 | static void *policy_create(const char *unused_key, void *context) | 469 | static void *policy_create(const char *unused_key, void *context) | |
470 | { | 470 | { | |
471 | SMTP_ITERATOR *iter = (SMTP_ITERATOR *) context; | 471 | SMTP_ITERATOR *iter = (SMTP_ITERATOR *) context; | |
472 | int site_level; | 472 | int site_level; | |
473 | const char *dest = STR(iter->dest); | 473 | const char *dest = STR(iter->dest); | |
474 | const char *host = STR(iter->host); | 474 | const char *host = STR(iter->host); | |
475 | 475 | |||
476 | /* | 476 | /* | |
477 | * Prepare a pristine policy object. | 477 | * Prepare a pristine policy object. | |
478 | */ | 478 | */ | |
479 | SMTP_TLS_POLICY *tls = (SMTP_TLS_POLICY *) mymalloc(sizeof(*tls)); | 479 | SMTP_TLS_POLICY *tls = (SMTP_TLS_POLICY *) mymalloc(sizeof(*tls)); | |
480 | 480 | |||
481 | smtp_tls_policy_init(tls, dsb_create()); | 481 | smtp_tls_policy_init(tls, dsb_create()); | |
482 | 482 | |||
483 | /* | 483 | /* | |
484 | * Compute the per-site TLS enforcement level. For compatibility with the | 484 | * Compute the per-site TLS enforcement level. For compatibility with the | |
485 | * original TLS patch, this algorithm is gives equal precedence to host | 485 | * original TLS patch, this algorithm is gives equal precedence to host | |
486 | * and next-hop policies. | 486 | * and next-hop policies. | |
487 | */ | 487 | */ | |
488 | tls->level = global_tls_level(); | 488 | tls->level = global_tls_level(); | |
489 | site_level = TLS_LEV_NOTFOUND; | 489 | site_level = TLS_LEV_NOTFOUND; | |
490 | 490 | |||
491 | if (tls_policy) { | 491 | if (tls_policy) { | |
492 | tls_policy_lookup(tls, &site_level, dest, "next-hop destination"); | 492 | tls_policy_lookup(tls, &site_level, dest, "next-hop destination"); | |
493 | } else if (tls_per_site) { | 493 | } else if (tls_per_site) { | |
494 | tls_site_lookup(tls, &site_level, dest, "next-hop destination"); | 494 | tls_site_lookup(tls, &site_level, dest, "next-hop destination"); | |
495 | if (site_level != TLS_LEV_INVALID | 495 | if (site_level != TLS_LEV_INVALID | |
496 | && strcasecmp(dest, host) != 0) | 496 | && strcasecmp(dest, host) != 0) | |
497 | tls_site_lookup(tls, &site_level, host, "server hostname"); | 497 | tls_site_lookup(tls, &site_level, host, "server hostname"); | |
498 | 498 | |||
499 | /* | 499 | /* | |
500 | * Override a wild-card per-site policy with a more specific global | 500 | * Override a wild-card per-site policy with a more specific global | |
501 | * policy. | 501 | * policy. | |
502 | * | 502 | * | |
503 | * With the original TLS patch, 1) a per-site ENCRYPT could not override | 503 | * With the original TLS patch, 1) a per-site ENCRYPT could not override | |
504 | * a global VERIFY, and 2) a combined per-site (NONE+MAY) policy | 504 | * a global VERIFY, and 2) a combined per-site (NONE+MAY) policy | |
505 | * produced inconsistent results: it changed a global VERIFY into | 505 | * produced inconsistent results: it changed a global VERIFY into | |
506 | * NONE, while producing MAY with all weaker global policy settings. | 506 | * NONE, while producing MAY with all weaker global policy settings. | |
507 | * | 507 | * | |
508 | * With the current implementation, a combined per-site (NONE+MAY) | 508 | * With the current implementation, a combined per-site (NONE+MAY) | |
509 | * consistently overrides global policy with NONE, and global policy | 509 | * consistently overrides global policy with NONE, and global policy | |
510 | * can override only a per-site MAY wildcard. That is, specific | 510 | * can override only a per-site MAY wildcard. That is, specific | |
511 | * policies consistently override wildcard policies, and | 511 | * policies consistently override wildcard policies, and | |
512 | * (non-wildcard) per-site policies consistently override global | 512 | * (non-wildcard) per-site policies consistently override global | |
513 | * policies. | 513 | * policies. | |
514 | */ | 514 | */ | |
515 | if (site_level == TLS_LEV_MAY && tls->level > TLS_LEV_MAY) | 515 | if (site_level == TLS_LEV_MAY && tls->level > TLS_LEV_MAY) | |
516 | site_level = tls->level; | 516 | site_level = tls->level; | |
517 | } | 517 | } | |
518 | switch (site_level) { | 518 | switch (site_level) { | |
519 | default: | 519 | default: | |
520 | tls->level = site_level; | 520 | tls->level = site_level; | |
521 | /* FALLTHROUGH */ | |||
521 | case TLS_LEV_NOTFOUND: | 522 | case TLS_LEV_NOTFOUND: | |
522 | break; | 523 | break; | |
523 | case TLS_LEV_INVALID: | 524 | case TLS_LEV_INVALID: | |
525 | tls->level = site_level; | |||
524 | return ((void *) tls); | 526 | return ((void *) tls); | |
525 | } | 527 | } | |
526 | 528 | |||
527 | /* | 529 | /* | |
528 | * DANE initialization may change the security level to something else, | 530 | * DANE initialization may change the security level to something else, | |
529 | * so do this early, so that we use the right level below. Note that | 531 | * so do this early, so that we use the right level below. Note that | |
530 | * "dane-only" changes to "dane" once we obtain the requisite TLSA | 532 | * "dane-only" changes to "dane" once we obtain the requisite TLSA | |
531 | * records. | 533 | * records. | |
532 | */ | 534 | */ | |
533 | if (tls->level == TLS_LEV_DANE || tls->level == TLS_LEV_DANE_ONLY) | 535 | if (tls->level == TLS_LEV_DANE || tls->level == TLS_LEV_DANE_ONLY) | |
534 | dane_init(tls, iter); | 536 | dane_init(tls, iter); | |
535 | if (tls->level == TLS_LEV_INVALID) | 537 | if (tls->level == TLS_LEV_INVALID) | |
536 | return ((void *) tls); | 538 | return ((void *) tls); | |
537 | 539 | |||
538 | /* | 540 | /* | |
539 | * Use main.cf protocols setting if not set in per-destination table. | 541 | * Use main.cf protocols setting if not set in per-destination table. | |
540 | */ | 542 | */ | |
541 | if (tls->level > TLS_LEV_NONE && tls->protocols == 0) | 543 | if (tls->level > TLS_LEV_NONE && tls->protocols == 0) | |
542 | tls->protocols = | 544 | tls->protocols = | |
543 | mystrdup((tls->level == TLS_LEV_MAY) ? | 545 | mystrdup((tls->level == TLS_LEV_MAY) ? | |
544 | var_smtp_tls_proto : var_smtp_tls_mand_proto); | 546 | var_smtp_tls_proto : var_smtp_tls_mand_proto); | |
545 | 547 | |||
546 | /* | 548 | /* | |
547 | * Compute cipher grade (if set in per-destination table, else | 549 | * Compute cipher grade (if set in per-destination table, else | |
548 | * set_cipher() uses main.cf settings) and security level dependent | 550 | * set_cipher() uses main.cf settings) and security level dependent | |
549 | * cipher exclusion list. | 551 | * cipher exclusion list. | |
550 | */ | 552 | */ | |
551 | set_cipher_grade(tls); | 553 | set_cipher_grade(tls); | |
552 | 554 | |||
553 | /* | 555 | /* | |
554 | * Use main.cf cert_match setting if not set in per-destination table. | 556 | * Use main.cf cert_match setting if not set in per-destination table. | |
555 | */ | 557 | */ | |
556 | switch (tls->level) { | 558 | switch (tls->level) { | |
557 | case TLS_LEV_INVALID: | 559 | case TLS_LEV_INVALID: | |
558 | case TLS_LEV_NONE: | 560 | case TLS_LEV_NONE: | |
559 | case TLS_LEV_MAY: | 561 | case TLS_LEV_MAY: | |
560 | case TLS_LEV_ENCRYPT: | 562 | case TLS_LEV_ENCRYPT: | |
561 | case TLS_LEV_DANE: | 563 | case TLS_LEV_DANE: | |
562 | break; | 564 | break; | |
563 | case TLS_LEV_FPRINT: | 565 | case TLS_LEV_FPRINT: | |
564 | if (tls->dane == 0) | 566 | if (tls->dane == 0) | |
565 | tls->dane = tls_dane_alloc(); | 567 | tls->dane = tls_dane_alloc(); | |
566 | if (!TLS_DANE_HASEE(tls->dane)) { | 568 | if (!TLS_DANE_HASEE(tls->dane)) { | |
567 | tls_dane_add_ee_digests(tls->dane, var_smtp_tls_fpt_dgst, | 569 | tls_dane_add_ee_digests(tls->dane, var_smtp_tls_fpt_dgst, | |
568 | var_smtp_tls_fpt_cmatch, "\t\n\r, "); | 570 | var_smtp_tls_fpt_cmatch, "\t\n\r, "); | |
569 | if (!TLS_DANE_HASEE(tls->dane)) { | 571 | if (!TLS_DANE_HASEE(tls->dane)) { | |
570 | msg_warn("nexthop domain %s: configured at fingerprint " | 572 | msg_warn("nexthop domain %s: configured at fingerprint " | |
571 | "security level, but with no fingerprints to match.", | 573 | "security level, but with no fingerprints to match.", | |
572 | dest); | 574 | dest); | |
573 | MARK_INVALID(tls->why, &tls->level); | 575 | MARK_INVALID(tls->why, &tls->level); | |
574 | return ((void *) tls); | 576 | return ((void *) tls); | |
575 | } | 577 | } | |
576 | } | 578 | } | |
577 | break; | 579 | break; | |
578 | case TLS_LEV_VERIFY: | 580 | case TLS_LEV_VERIFY: | |
579 | case TLS_LEV_SECURE: | 581 | case TLS_LEV_SECURE: | |
580 | if (tls->matchargv == 0) | 582 | if (tls->matchargv == 0) | |
581 | tls->matchargv = | 583 | tls->matchargv = | |
582 | argv_split(tls->level == TLS_LEV_VERIFY ? | 584 | argv_split(tls->level == TLS_LEV_VERIFY ? | |
583 | var_smtp_tls_vfy_cmatch : var_smtp_tls_sec_cmatch, | 585 | var_smtp_tls_vfy_cmatch : var_smtp_tls_sec_cmatch, | |
584 | "\t\n\r, :"); | 586 | "\t\n\r, :"); | |
585 | if (*var_smtp_tls_tafile) { | 587 | if (*var_smtp_tls_tafile) { | |
586 | if (tls->dane == 0) | 588 | if (tls->dane == 0) | |
587 | tls->dane = tls_dane_alloc(); | 589 | tls->dane = tls_dane_alloc(); | |
588 | if (!TLS_DANE_HASTA(tls->dane) | 590 | if (!TLS_DANE_HASTA(tls->dane) | |
589 | && !load_tas(tls->dane, var_smtp_tls_tafile)) { | 591 | && !load_tas(tls->dane, var_smtp_tls_tafile)) { | |
590 | MARK_INVALID(tls->why, &tls->level); | 592 | MARK_INVALID(tls->why, &tls->level); | |
591 | return ((void *) tls); | 593 | return ((void *) tls); | |
592 | } | 594 | } | |
593 | } | 595 | } | |
594 | break; | 596 | break; | |
595 | default: | 597 | default: | |
596 | msg_panic("unexpected TLS security level: %d", tls->level); | 598 | msg_panic("unexpected TLS security level: %d", tls->level); | |
597 | } | 599 | } | |
598 | 600 | |||
599 | if (msg_verbose && tls->level != global_tls_level()) | 601 | if (msg_verbose && tls->level != global_tls_level()) | |
600 | msg_info("%s TLS level: %s", "effective", policy_name(tls->level)); | 602 | msg_info("%s TLS level: %s", "effective", policy_name(tls->level)); | |
601 | 603 | |||
602 | return ((void *) tls); | 604 | return ((void *) tls); | |
603 | } | 605 | } | |
604 | 606 | |||
605 | /* policy_delete - free no longer cached policy (ctable call-back) */ | 607 | /* policy_delete - free no longer cached policy (ctable call-back) */ | |
606 | 608 | |||
607 | static void policy_delete(void *item, void *unused_context) | 609 | static void policy_delete(void *item, void *unused_context) | |
608 | { | 610 | { | |
609 | SMTP_TLS_POLICY *tls = (SMTP_TLS_POLICY *) item; | 611 | SMTP_TLS_POLICY *tls = (SMTP_TLS_POLICY *) item; | |
610 | 612 | |||
611 | if (tls->protocols) | 613 | if (tls->protocols) | |
612 | myfree(tls->protocols); | 614 | myfree(tls->protocols); | |
613 | if (tls->grade) | 615 | if (tls->grade) | |
614 | myfree(tls->grade); | 616 | myfree(tls->grade); | |
615 | if (tls->exclusions) | 617 | if (tls->exclusions) | |
616 | vstring_free(tls->exclusions); | 618 | vstring_free(tls->exclusions); | |
617 | if (tls->matchargv) | 619 | if (tls->matchargv) | |
618 | argv_free(tls->matchargv); | 620 | argv_free(tls->matchargv); | |
619 | if (tls->dane) | 621 | if (tls->dane) | |
620 | tls_dane_free(tls->dane); | 622 | tls_dane_free(tls->dane); | |
621 | dsb_free(tls->why); | 623 | dsb_free(tls->why); | |
622 | 624 | |||
623 | myfree((char *) tls); | 625 | myfree((char *) tls); | |
624 | } | 626 | } | |
625 | 627 | |||
626 | /* smtp_tls_policy_cache_query - cached lookup of TLS policy */ | 628 | /* smtp_tls_policy_cache_query - cached lookup of TLS policy */ | |
627 | 629 | |||
628 | int smtp_tls_policy_cache_query(DSN_BUF *why, SMTP_TLS_POLICY *tls, | 630 | int smtp_tls_policy_cache_query(DSN_BUF *why, SMTP_TLS_POLICY *tls, | |
629 | SMTP_ITERATOR *iter) | 631 | SMTP_ITERATOR *iter) | |
630 | { | 632 | { | |
631 | VSTRING *key; | 633 | VSTRING *key; | |
632 | 634 | |||
633 | /* | 635 | /* | |
634 | * Create an empty TLS Policy cache on the fly. | 636 | * Create an empty TLS Policy cache on the fly. | |
635 | */ | 637 | */ | |
636 | if (policy_cache == 0) | 638 | if (policy_cache == 0) | |
637 | policy_cache = | 639 | policy_cache = | |
638 | ctable_create(CACHE_SIZE, policy_create, policy_delete, (void *) 0); | 640 | ctable_create(CACHE_SIZE, policy_create, policy_delete, (void *) 0); | |
639 | 641 | |||
640 | /* | 642 | /* | |
641 | * Query the TLS Policy cache, with a search key that reflects our shared | 643 | * Query the TLS Policy cache, with a search key that reflects our shared | |
642 | * values that also appear in other cache and table search keys. | 644 | * values that also appear in other cache and table search keys. | |
643 | */ | 645 | */ | |
644 | key = vstring_alloc(100); | 646 | key = vstring_alloc(100); | |
645 | smtp_key_prefix(key, ":", iter, SMTP_KEY_FLAG_NEXTHOP | 647 | smtp_key_prefix(key, ":", iter, SMTP_KEY_FLAG_NEXTHOP | |
646 | | SMTP_KEY_FLAG_HOSTNAME | 648 | | SMTP_KEY_FLAG_HOSTNAME | |
647 | | SMTP_KEY_FLAG_PORT); | 649 | | SMTP_KEY_FLAG_PORT); | |
648 | ctable_newcontext(policy_cache, (void *) iter); | 650 | ctable_newcontext(policy_cache, (void *) iter); | |
649 | *tls = *(SMTP_TLS_POLICY *) ctable_locate(policy_cache, STR(key)); | 651 | *tls = *(SMTP_TLS_POLICY *) ctable_locate(policy_cache, STR(key)); | |
650 | vstring_free(key); | 652 | vstring_free(key); | |
651 | 653 | |||
652 | /* | 654 | /* | |
653 | * Report errors. Both error and non-error results are cached. We must | 655 | * Report errors. Both error and non-error results are cached. We must | |
654 | * therefore copy the cached DSN buffer content to the caller's buffer. | 656 | * therefore copy the cached DSN buffer content to the caller's buffer. | |
655 | */ | 657 | */ | |
656 | if (tls->level == TLS_LEV_INVALID) { | 658 | if (tls->level == TLS_LEV_INVALID) { | |
657 | /* XXX Simplify this by implementing a "copy" primitive. */ | 659 | /* XXX Simplify this by implementing a "copy" primitive. */ | |
658 | dsb_update(why, | 660 | dsb_update(why, | |
659 | STR(tls->why->status), STR(tls->why->action), | 661 | STR(tls->why->status), STR(tls->why->action), | |
660 | STR(tls->why->mtype), STR(tls->why->mname), | 662 | STR(tls->why->mtype), STR(tls->why->mname), | |
661 | STR(tls->why->dtype), STR(tls->why->dtext), | 663 | STR(tls->why->dtype), STR(tls->why->dtext), | |
662 | "%s", STR(tls->why->reason)); | 664 | "%s", STR(tls->why->reason)); | |
663 | return (0); | 665 | return (0); | |
664 | } else { | 666 | } else { | |
665 | return (1); | 667 | return (1); | |
666 | } | 668 | } | |
667 | } | 669 | } | |
668 | 670 | |||
669 | /* smtp_tls_policy_cache_flush - flush TLS policy cache */ | 671 | /* smtp_tls_policy_cache_flush - flush TLS policy cache */ | |
670 | 672 | |||
671 | void smtp_tls_policy_cache_flush(void) | 673 | void smtp_tls_policy_cache_flush(void) | |
672 | { | 674 | { | |
673 | if (policy_cache != 0) { | 675 | if (policy_cache != 0) { | |
674 | ctable_free(policy_cache); | 676 | ctable_free(policy_cache); | |
675 | policy_cache = 0; | 677 | policy_cache = 0; | |
676 | } | 678 | } | |
677 | } | 679 | } | |
678 | 680 | |||
679 | /* global_tls_level - parse and cache var_smtp_tls_level */ | 681 | /* global_tls_level - parse and cache var_smtp_tls_level */ | |
680 | 682 | |||
681 | static int global_tls_level(void) | 683 | static int global_tls_level(void) | |
682 | { | 684 | { | |
683 | static int l = TLS_LEV_NOTFOUND; | 685 | static int l = TLS_LEV_NOTFOUND; | |
684 | 686 | |||
685 | if (l != TLS_LEV_NOTFOUND) | 687 | if (l != TLS_LEV_NOTFOUND) | |
686 | return l; | 688 | return l; | |
687 | 689 | |||
688 | /* | 690 | /* | |
689 | * Compute the global TLS policy. This is the default policy level when | 691 | * Compute the global TLS policy. This is the default policy level when | |
690 | * no per-site policy exists. It also is used to override a wild-card | 692 | * no per-site policy exists. It also is used to override a wild-card | |
691 | * per-site policy. | 693 | * per-site policy. | |
692 | * | 694 | * | |
693 | * We require that the global level is valid on startup. | 695 | * We require that the global level is valid on startup. | |
694 | */ | 696 | */ | |
695 | if (*var_smtp_tls_level) { | 697 | if (*var_smtp_tls_level) { | |
696 | if ((l = tls_level_lookup(var_smtp_tls_level)) == TLS_LEV_INVALID) | 698 | if ((l = tls_level_lookup(var_smtp_tls_level)) == TLS_LEV_INVALID) | |
697 | msg_fatal("invalid tls security level: \"%s\"", var_smtp_tls_level); | 699 | msg_fatal("invalid tls security level: \"%s\"", var_smtp_tls_level); | |
698 | } else if (var_smtp_enforce_tls) | 700 | } else if (var_smtp_enforce_tls) | |
699 | l = var_smtp_tls_enforce_peername ? TLS_LEV_VERIFY : TLS_LEV_ENCRYPT; | 701 | l = var_smtp_tls_enforce_peername ? TLS_LEV_VERIFY : TLS_LEV_ENCRYPT; | |
700 | else | 702 | else | |
701 | l = var_smtp_use_tls ? TLS_LEV_MAY : TLS_LEV_NONE; | 703 | l = var_smtp_use_tls ? TLS_LEV_MAY : TLS_LEV_NONE; | |
702 | 704 | |||
703 | if (msg_verbose) | 705 | if (msg_verbose) | |
704 | msg_info("%s TLS level: %s", "global", policy_name(l)); | 706 | msg_info("%s TLS level: %s", "global", policy_name(l)); | |
705 | 707 | |||
706 | return l; | 708 | return l; | |
707 | } | 709 | } | |
708 | 710 | |||
709 | #define NONDANE_CONFIG 0 /* Administrator's fault */ | 711 | #define NONDANE_CONFIG 0 /* Administrator's fault */ | |
710 | #define NONDANE_DEST 1 /* Remote server's fault */ | 712 | #define NONDANE_DEST 1 /* Remote server's fault */ | |
711 | #define DANE_UNUSABLE 2 /* Remote server's fault */ | 713 | #define DANE_UNUSABLE 2 /* Remote server's fault */ | |
712 | 714 | |||
713 | static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls, | 715 | static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls, | |
714 | SMTP_ITERATOR *iter, | 716 | SMTP_ITERATOR *iter, | |
715 | int errtype, | 717 | int errtype, | |
716 | const char *fmt,...) | 718 | const char *fmt,...) | |
717 | { | 719 | { | |
718 | va_list ap; | 720 | va_list ap; | |
719 | 721 | |||
720 | va_start(ap, fmt); | 722 | va_start(ap, fmt); | |
721 | if (tls->level == TLS_LEV_DANE) { | 723 | if (tls->level == TLS_LEV_DANE) { | |
722 | tls->level = (errtype == DANE_UNUSABLE) ? TLS_LEV_ENCRYPT : TLS_LEV_MAY; | 724 | tls->level = (errtype == DANE_UNUSABLE) ? TLS_LEV_ENCRYPT : TLS_LEV_MAY; | |
723 | if (errtype == NONDANE_CONFIG) | 725 | if (errtype == NONDANE_CONFIG) | |
724 | vmsg_warn(fmt, ap); | 726 | vmsg_warn(fmt, ap); | |
725 | else if (msg_verbose) | 727 | else if (msg_verbose) | |
726 | vmsg_info(fmt, ap); | 728 | vmsg_info(fmt, ap); | |
727 | } else { /* dane-only */ | 729 | } else { /* dane-only */ | |
728 | if (errtype == NONDANE_CONFIG) { | 730 | if (errtype == NONDANE_CONFIG) { | |
729 | vmsg_warn(fmt, ap); | 731 | vmsg_warn(fmt, ap); | |
730 | MARK_INVALID(tls->why, &tls->level); | 732 | MARK_INVALID(tls->why, &tls->level); | |
731 | } else { | 733 | } else { | |
732 | tls->level = TLS_LEV_INVALID; | 734 | tls->level = TLS_LEV_INVALID; | |
733 | vdsb_simple(tls->why, "4.7.5", fmt, ap); | 735 | vdsb_simple(tls->why, "4.7.5", fmt, ap); | |
734 | } | 736 | } | |
735 | } | 737 | } | |
736 | va_end(ap); | 738 | va_end(ap); | |
737 | } | 739 | } | |
738 | 740 | |||
739 | /* dane_init - special initialization for "dane" security level */ | 741 | /* dane_init - special initialization for "dane" security level */ | |
740 | 742 | |||
741 | static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter) | 743 | static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter) | |
742 | { | 744 | { | |
743 | TLS_DANE *dane; | 745 | TLS_DANE *dane; | |
744 | 746 | |||
745 | if (!iter->port) { | 747 | if (!iter->port) { | |
746 | msg_warn("%s: the \"dane\" security level is invalid for delivery via" | 748 | msg_warn("%s: the \"dane\" security level is invalid for delivery via" | |
747 | " unix-domain sockets", STR(iter->dest)); | 749 | " unix-domain sockets", STR(iter->dest)); | |
748 | MARK_INVALID(tls->why, &tls->level); | 750 | MARK_INVALID(tls->why, &tls->level); | |
749 | return; | 751 | return; | |
750 | } | 752 | } | |
751 | if (!tls_dane_avail()) { | 753 | if (!tls_dane_avail()) { | |
752 | dane_incompat(tls, iter, NONDANE_CONFIG, | 754 | dane_incompat(tls, iter, NONDANE_CONFIG, | |
753 | "%s: %s configured, but no requisite library support", | 755 | "%s: %s configured, but no requisite library support", | |
754 | STR(iter->dest), policy_name(tls->level)); | 756 | STR(iter->dest), policy_name(tls->level)); | |
755 | return; | 757 | return; | |
756 | } | 758 | } | |
757 | if (!(smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) | 759 | if (!(smtp_host_lookup_mask & SMTP_HOST_FLAG_DNS) | |
758 | || smtp_dns_support != SMTP_DNS_DNSSEC) { | 760 | || smtp_dns_support != SMTP_DNS_DNSSEC) { | |
759 | dane_incompat(tls, iter, NONDANE_CONFIG, | 761 | dane_incompat(tls, iter, NONDANE_CONFIG, | |
760 | "%s: %s configured with dnssec lookups disabled", | 762 | "%s: %s configured with dnssec lookups disabled", | |
761 | STR(iter->dest), policy_name(tls->level)); | 763 | STR(iter->dest), policy_name(tls->level)); | |
762 | return; | 764 | return; | |
763 | } | 765 | } | |
764 | 766 | |||
765 | /* | 767 | /* | |
766 | * If we ignore MX lookup errors, we also ignore DNSSEC security problems | 768 | * If we ignore MX lookup errors, we also ignore DNSSEC security problems | |
767 | * and thus avoid any reasonable expectation that we get the right DANE | 769 | * and thus avoid any reasonable expectation that we get the right DANE | |
768 | * key material. | 770 | * key material. | |
769 | */ | 771 | */ | |
770 | if (smtp_mode && var_ign_mx_lookup_err) { | 772 | if (smtp_mode && var_ign_mx_lookup_err) { | |
771 | dane_incompat(tls, iter, NONDANE_CONFIG, | 773 | dane_incompat(tls, iter, NONDANE_CONFIG, | |
772 | "%s: %s configured with MX lookup errors ignored", | 774 | "%s: %s configured with MX lookup errors ignored", | |
773 | STR(iter->dest), policy_name(tls->level)); | 775 | STR(iter->dest), policy_name(tls->level)); | |
774 | return; | 776 | return; | |
775 | } | 777 | } | |
776 | 778 | |||
777 | /* | 779 | /* | |
778 | * This is not optional, code in tls_dane.c assumes that the nexthop | 780 | * This is not optional, code in tls_dane.c assumes that the nexthop | |
779 | * qname is already an fqdn. If we're using these flags to go from qname | 781 | * qname is already an fqdn. If we're using these flags to go from qname | |
780 | * to rname, the assumption is invalid. Likewise we cannot add the qname | 782 | * to rname, the assumption is invalid. Likewise we cannot add the qname | |
781 | * to certificate name checks, ... | 783 | * to certificate name checks, ... | |
782 | */ | 784 | */ | |
783 | if (smtp_dns_res_opt & (RES_DEFNAMES | RES_DNSRCH)) { | 785 | if (smtp_dns_res_opt & (RES_DEFNAMES | RES_DNSRCH)) { | |
784 | dane_incompat(tls, iter, NONDANE_CONFIG, | 786 | dane_incompat(tls, iter, NONDANE_CONFIG, | |
785 | "%s: dns resolver options incompatible with %s TLS", | 787 | "%s: dns resolver options incompatible with %s TLS", | |
786 | STR(iter->dest), policy_name(tls->level)); | 788 | STR(iter->dest), policy_name(tls->level)); | |
787 | return; | 789 | return; | |
788 | } | 790 | } | |
789 | /* When the MX name is present and insecure, DANE does not apply. */ | 791 | /* When the MX name is present and insecure, DANE does not apply. */ | |
790 | if (iter->mx && !iter->mx->dnssec_valid) { | 792 | if (iter->mx && !iter->mx->dnssec_valid) { | |
791 | dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination"); | 793 | dane_incompat(tls, iter, NONDANE_DEST, "non DNSSEC destination"); | |
792 | return; | 794 | return; | |
793 | } | 795 | } | |
794 | /* When TLSA lookups fail, we defer the message */ | 796 | /* When TLSA lookups fail, we defer the message */ | |
795 | if ((dane = tls_dane_resolve(iter->port, "tcp", iter->rr, | 797 | if ((dane = tls_dane_resolve(iter->port, "tcp", iter->rr, | |
796 | var_smtp_tls_force_tlsa)) == 0) { | 798 | var_smtp_tls_force_tlsa)) == 0) { | |
797 | tls->level = TLS_LEV_INVALID; | 799 | tls->level = TLS_LEV_INVALID; | |
798 | dsb_simple(tls->why, "4.7.5", "TLSA lookup error for %s:%u", | 800 | dsb_simple(tls->why, "4.7.5", "TLSA lookup error for %s:%u", | |
799 | STR(iter->host), ntohs(iter->port)); | 801 | STR(iter->host), ntohs(iter->port)); | |
800 | return; | 802 | return; | |
801 | } | 803 | } | |
802 | if (tls_dane_notfound(dane)) { | 804 | if (tls_dane_notfound(dane)) { | |
803 | dane_incompat(tls, iter, NONDANE_DEST, "no TLSA records found"); | 805 | dane_incompat(tls, iter, NONDANE_DEST, "no TLSA records found"); | |
804 | tls_dane_free(dane); | 806 | tls_dane_free(dane); | |
805 | return; | 807 | return; | |
806 | } | 808 | } | |
807 | 809 | |||
808 | /* | 810 | /* | |
809 | * Some TLSA records found, but none usable, per | 811 | * Some TLSA records found, but none usable, per | |
810 | * | 812 | * | |
811 | * https://tools.ietf.org/html/draft-ietf-dane-srv-02#section-4 | 813 | * https://tools.ietf.org/html/draft-ietf-dane-srv-02#section-4 | |
812 | * | 814 | * | |
813 | * we MUST use TLS, and SHALL use full PKIX certificate checks. The latter | 815 | * we MUST use TLS, and SHALL use full PKIX certificate checks. The latter | |
814 | * would be unwise for SMTP: no human present to "click ok" and risk of | 816 | * would be unwise for SMTP: no human present to "click ok" and risk of | |
815 | * non-delivery in most cases exceeds risk of interception. | 817 | * non-delivery in most cases exceeds risk of interception. | |
816 | * | 818 | * | |
817 | * We also have a form of Goedel's incompleteness theorem in play: any list | 819 | * We also have a form of Goedel's incompleteness theorem in play: any list | |
818 | * of public root CA certs is either incomplete or inconsistent (for any | 820 | * of public root CA certs is either incomplete or inconsistent (for any | |
819 | * given verifier some of the CAs are surely not trustworthy). | 821 | * given verifier some of the CAs are surely not trustworthy). | |
820 | */ | 822 | */ | |
821 | if (tls_dane_unusable(dane)) { | 823 | if (tls_dane_unusable(dane)) { | |
822 | dane_incompat(tls, iter, DANE_UNUSABLE, "TLSA records unusable"); | 824 | dane_incompat(tls, iter, DANE_UNUSABLE, "TLSA records unusable"); | |
823 | tls_dane_free(dane); | 825 | tls_dane_free(dane); | |
824 | return; | 826 | return; | |
825 | } | 827 | } | |
826 | 828 | |||
827 | /* | 829 | /* | |
828 | * With DANE trust anchors, peername matching is not configurable. | 830 | * With DANE trust anchors, peername matching is not configurable. | |
829 | */ | 831 | */ | |
830 | if (TLS_DANE_HASTA(dane)) { | 832 | if (TLS_DANE_HASTA(dane)) { | |
831 | tls->matchargv = argv_alloc(2); | 833 | tls->matchargv = argv_alloc(2); | |
832 | argv_add(tls->matchargv, dane->base_domain, ARGV_END); | 834 | argv_add(tls->matchargv, dane->base_domain, ARGV_END); | |
833 | if (iter->mx) { | 835 | if (iter->mx) { | |
834 | if (strcmp(iter->mx->qname, iter->mx->rname) == 0) | 836 | if (strcmp(iter->mx->qname, iter->mx->rname) == 0) | |
835 | argv_add(tls->matchargv, iter->mx->qname, ARGV_END); | 837 | argv_add(tls->matchargv, iter->mx->qname, ARGV_END); | |
836 | else | 838 | else | |
837 | argv_add(tls->matchargv, iter->mx->rname, | 839 | argv_add(tls->matchargv, iter->mx->rname, | |
838 | iter->mx->qname, ARGV_END); | 840 | iter->mx->qname, ARGV_END); | |
839 | } | 841 | } | |
840 | } else if (!TLS_DANE_HASEE(dane)) | 842 | } else if (!TLS_DANE_HASEE(dane)) | |
841 | msg_panic("empty DANE match list"); | 843 | msg_panic("empty DANE match list"); | |
842 | tls->dane = dane; | 844 | tls->dane = dane; | |
843 | tls->level = TLS_LEV_DANE; | 845 | tls->level = TLS_LEV_DANE; | |
844 | return; | 846 | return; | |
845 | } | 847 | } | |
846 | 848 | |||
847 | #endif | 849 | #endif |