Displaying 1 51 of 5,000 commits (0.019s)

OpenBSD — usr.sbin/smtpd control.c mproc.c

local user can cause smtpd to fail by sending invalid imsg to control sock

OpenBSD — usr.sbin/smtpd smtpd.conf.5

spacing, makes example fit on display.

no objection from gilles@
Delta File
+6 -6 usr.sbin/smtpd/smtpd.conf.5
+6 -6 1 file

OpenBSD — lib/libc/gen getpwent.c getgrouplist.c, lib/libutil pidfile.c

Do not assume that asprintf() clears the pointer on failure, which
is non-portable.  Also add missing asprintf() return value checks.
OK deraadt@ guenther@ doug@

OpenBSD — usr.sbin/smtpd control.c

Do not try to unlink the control socket in an unprivileged child
process on shutdown.
Found while working on tame(2).
OK gilles@
Delta File
+1 -2 usr.sbin/smtpd/control.c
+1 -2 1 file

OpenBSD — usr.sbin/smtpd smtp_session.c

the code to prevent AUTH PLAIN from logging credentials upon authentication
failure does not catch the AUTH LOGIN case. rework to use the session state
rather than using the session command.

spotted by pkern at debian.org
Delta File
+11 -3 usr.sbin/smtpd/smtp_session.c
+11 -3 1 file

OpenBSD — usr.sbin/smtpd enqueue.c

The enqueuer should never encouter the "From " separator in its headers, as
it is added by the mda. If it sees one, it means that the enqueuer was used
as the mda and it needs to strip it otherwise the message will end with two
delimiters later down the road. Same applies to "Return-Path".

bug experienced by James Turner, confirmed by Giovanni.
fix suggested by Todd Miller, diff ok eric@
Delta File
+8 -1 usr.sbin/smtpd/enqueue.c
+8 -1 1 file

FreeBSD Ports — head/mail/postfix-current Makefile pkg-plist, head/mail/postfix-current/files pkg-install.in

- update to version 3.0.1
- rename OPTIONS to match default name of most ports
  - SASL2 -> SASL
  - OPENLDAP -> LDAP
- install main.cf and master.cf with the @sample macro
- rework pkg-install
- fix wrong permission for /var/db/postfix [1]
- sets WANT_OPENLDAP_SASL option for openldap port when
  postfix LDAP_SASL option is set [2]
- make usage of new ${opt}_DEPENDS notation

Release 3.0.1 or 3.0.2 is now a strong candidate to become the new
default mail/postfix port (missing components are VDA and SPF).

Changelog:
20150211
        Cleanup: strncasecmp_utf8() streamlining. Files: util/stringops.h,
        util/allascii.c, util/strcasecmp_utf8.c.

20150214
        Bugfix (introduced: Postfix 3.0): missing #ifdef USE_TLS
        inside #ifdef USE_SASL_AUTH.  Viktor Dukhovni. File:
        smtpd/smtpd.c.

20150217

    [36 lines not shown]

OpenBSD — usr.sbin/smtpd util.c

use res_hnok() to valid domain part in valid_domain()

ok eric@
Delta File
+3 -19 usr.sbin/smtpd/util.c
+3 -19 1 file

OpenBSD — usr.sbin/smtpd enqueue.c

S was misplaced in r1.89, the optarg that was removed was actually needed
by R, so reintroduce it in the proper place.

spotted and diff by Sunil Nimmagadda
Delta File
+2 -2 usr.sbin/smtpd/enqueue.c
+2 -2 1 file

OpenBSD — usr.sbin/smtpd enqueue.c

smtpd enqueue -S does not take an argument, fix optstring accordingly

fix by Nathanael Rensen
Delta File
+2 -2 usr.sbin/smtpd/enqueue.c
+2 -2 1 file

OpenBSD — etc/mtree 4.4BSD.dist

Add smtpd(8) spool directories so that they are registered as part of base.

ok henning@ gilles@ deraadt@
Delta File
+14 -1 etc/mtree/4.4BSD.dist
+14 -1 1 file

OpenBSD — usr.sbin/smtpd smtp_session.c ssl_smtpd.c

Incorrect logic in smtpd(8) can lead to unexpected client disconnect, invalid
certificate in SNI negotiation or server crash.

spotted by Edwin Torok

OpenBSD — usr.sbin/smtpd smtp_session.c

remove superfluous ';' in Received lines
Delta File
+6 -6 usr.sbin/smtpd/smtp_session.c
+6 -6 1 file

OpenBSD — usr.sbin/smtpd forward.5

typo
Delta File
+3 -3 usr.sbin/smtpd/forward.5
+3 -3 1 file

OpenBSD — usr.sbin/smtpd ssl.c

Missing free(3) in error path
Delta File
+2 -1 usr.sbin/smtpd/ssl.c
+2 -1 1 file

OpenBSD — usr.sbin/smtpd smtpd.conf.5

Document how to use anti-spoofing rules to reject spam.
OK deraadt@ gilles@ phessler@
Delta File
+26 -3 usr.sbin/smtpd/smtpd.conf.5
+26 -3 1 file

Bitrig — usr.sbin/smtpd smtpd.conf.5

Document how to use anti-spoofing rules to reject spam.
OK deraadt@ gilles@ phessler@
Delta File
+26 -3 usr.sbin/smtpd/smtpd.conf.5
+26 -3 1 file

OpenBSD — usr.sbin/smtpd smtpd.conf.5

Cleanup smtpd.conf(5).

 - use literal <> around smtpd tables instead of Aq
 - mark up some directives as Ic (previously Ar or unmarked)
 - use Dq/Sq instead of " in a few appropriate places
 - use Bl -column instead of Bd -literal for tables

ok schwarze@
Delta File
+78 -66 usr.sbin/smtpd/smtpd.conf.5
+78 -66 1 file

Bitrig — usr.sbin/smtpd smtpd.conf.5

Cleanup smtpd.conf(5).

 - use literal <> around smtpd tables instead of Aq
 - mark up some directives as Ic (previously Ar or unmarked)
 - use Dq/Sq instead of " in a few appropriate places
 - use Bl -column instead of Bd -literal for tables

ok schwarze@
Delta File
+78 -66 usr.sbin/smtpd/smtpd.conf.5
+78 -66 1 file

OpenBSD — usr.sbin/smtpd enqueue.c

Do not use the name returned by getlogin() when pw_uid from
getpwnam(getlogin()) doesn't match the real uid, unless the real
uid is 0.  This matches the behavior of sendmail and gives the
corrent sender for mail sent by daemons that got started by a
user who su'd or used sudo.  OK dlg@ gilles@
Delta File
+9 -4 usr.sbin/smtpd/enqueue.c
+9 -4 1 file

Bitrig — usr.sbin/smtpd enqueue.c

Do not use the name returned by getlogin() when pw_uid from
getpwnam(getlogin()) doesn't match the real uid, unless the real
uid is 0.  This matches the behavior of sendmail and gives the
corrent sender for mail sent by daemons that got started by a
user who su'd or used sudo.  OK dlg@ gilles@
Delta File
+9 -4 usr.sbin/smtpd/enqueue.c
+9 -4 1 file

Bitrig — usr.sbin/ldapd ber.c, usr.sbin/smtpd ber.c

ber_printf_elements should return NULL if any of its parts fail.

Leave the error handling up to its callers.

ok reyk

OpenBSD — usr.sbin/ldapd ber.c, usr.sbin/smtpd ber.c

ber_printf_elements should return NULL if any of its parts fail.

Leave the error handling up to its callers.

ok reyk

OpenBSD — sbin/iked parse.y, usr.sbin/httpd parse.y

Use AI_ADDRCONFIG when resolv hosts on startup.

OK henning@

Bitrig — sbin/iked parse.y, usr.sbin/httpd parse.y

Use AI_ADDRCONFIG when resolv hosts on startup.

OK henning@

Bitrig — lib/libssl/man Makefile, lib/libssl/src/doc/ssl SSL_CTX_use_certificate.3

Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().

As discussed with beck@ jsing@ and others
OK beck@

OpenBSD — lib/libssl/man Makefile, lib/libssl/src/doc/ssl SSL_CTX_use_certificate.3

Rename SSL_CTX_use_certificate_chain() to SSL_CTX_use_certificate_chain_mem().

As discussed with beck@ jsing@ and others
OK beck@

EdgeBSD — doc 3RDPARTY, external/ibm-public/postfix/dist HISTORY makedefs

Pullup the following, requested by tron in ticket #459:

        doc/3RDPARTY                                        1.1195
        external/ibm-public/postfix/dist/HISTORY        patch
        external/ibm-public/postfix/dist/makedefs        patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup.h patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup_message.c patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup_state.c patch
        external/ibm-public/postfix/dist/src/global/mail_version.h patch
        external/ibm-public/postfix/dist/src/milter/milter.c patch
        external/ibm-public/postfix/dist/src/milter/milter.h patch
        external/ibm-public/postfix/dist/src/milter/milter8.c patch
        external/ibm-public/postfix/dist/src/qmqpd/qmqpd.c patch
        external/ibm-public/postfix/dist/src/smtpd/smtpd.c patch
        external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c patch

Import Postfix 2.11.3. Changes since version 2.11.1:
- Fix for DMARC implementations based on SPF policy plus DKIM Milter.
  The PREPEND access/policy action added headers ABOVE Postfix's own
  Received: header, exposing Postfix's own Received: header to Milters
  (protocol violation) and hiding the PREPENDed header from Milters.
  PREPENDed headers are now added BELOW Postfix's own Received: header
  and remain visible to Milters.
- The Postfix SMTP server logged an incorrect client name in reject

    [11 lines not shown]

NetBSD — doc 3RDPARTY, external/ibm-public/postfix/dist HISTORY makedefs

Pullup the following, requested by tron in ticket #459:

        doc/3RDPARTY                                        1.1195
        external/ibm-public/postfix/dist/HISTORY        patch
        external/ibm-public/postfix/dist/makedefs        patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup.h patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup_message.c patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup_milter.c patch
        external/ibm-public/postfix/dist/src/cleanup/cleanup_state.c patch
        external/ibm-public/postfix/dist/src/global/mail_version.h patch
        external/ibm-public/postfix/dist/src/milter/milter.c patch
        external/ibm-public/postfix/dist/src/milter/milter.h patch
        external/ibm-public/postfix/dist/src/milter/milter8.c patch
        external/ibm-public/postfix/dist/src/qmqpd/qmqpd.c patch
        external/ibm-public/postfix/dist/src/smtpd/smtpd.c patch
        external/ibm-public/postfix/dist/src/smtpd/smtpd_check.c patch

Import Postfix 2.11.3. Changes since version 2.11.1:
- Fix for DMARC implementations based on SPF policy plus DKIM Milter.
  The PREPEND access/policy action added headers ABOVE Postfix's own
  Received: header, exposing Postfix's own Received: header to Milters
  (protocol violation) and hiding the PREPENDed header from Milters.
  PREPENDed headers are now added BELOW Postfix's own Received: header
  and remain visible to Milters.
- The Postfix SMTP server logged an incorrect client name in reject

    [11 lines not shown]

NetBSD — external/ibm-public/postfix/dist makedefs, external/ibm-public/postfix/dist/src/cleanup cleanup.h

Resolve conflicts from last import.

EdgeBSD — external/ibm-public/postfix/dist makedefs, external/ibm-public/postfix/dist/src/cleanup cleanup.h

Resolve conflicts from last import.

EdgeBSD — external/ibm-public/postfix/dist HISTORY, external/ibm-public/postfix/dist/src/cleanup cleanup_message.c cleanup_state.c

Import Postfix 2.11.3. Changes since version 2.11.1:
- Fix for DMARC implementations based on SPF policy plus DKIM Milter. The
  PREPEND access/policy action added headers ABOVE Postfix's own Received:
  header, exposing Postfix's own Received: header to Milters (protocol
  violation) and hiding the PREPENDed header from Milters. PREPENDed
  headers are now added BELOW Postfix's own Received: header and remain
  visible to Milters.
- The Postfix SMTP server logged an incorrect client name in reject
  messages for check_reverse_client_hostname_access and
  check_reverse_client_hostname_{mx,ns}_access. They replied with the
  verified client name, instead of the name that was rejected.
- The TLS client logged that an anonymous TLS connection was "Untrusted",
  instead of "Anonymous".
- Fix for configurations that prepend message headers with Postfix access
  maps, policy servers or Milter applications. Postfix now hides its own
  Received: header from Milters and exposes prepended headers to Milters,
  regardless of the mechanism used to prepend a header. This fix reverts
  a partial solution that was released on October 13, 2014, and replaces
  it with a complete solution.

NetBSD — external/ibm-public/postfix/dist HISTORY makedefs, external/ibm-public/postfix/dist/src/cleanup cleanup_message.c cleanup_state.c

Import Postfix 2.11.3. Changes since version 2.11.1:
- Fix for DMARC implementations based on SPF policy plus DKIM Milter. The
  PREPEND access/policy action added headers ABOVE Postfix's own Received:
  header, exposing Postfix's own Received: header to Milters (protocol
  violation) and hiding the PREPENDed header from Milters. PREPENDed
  headers are now added BELOW Postfix's own Received: header and remain
  visible to Milters.
- The Postfix SMTP server logged an incorrect client name in reject
  messages for check_reverse_client_hostname_access and
  check_reverse_client_hostname_{mx,ns}_access. They replied with the
  verified client name, instead of the name that was rejected.
- The TLS client logged that an anonymous TLS connection was "Untrusted",
  instead of "Anonymous".
- Fix for configurations that prepend message headers with Postfix access
  maps, policy servers or Milter applications. Postfix now hides its own
  Received: header from Milters and exposes prepended headers to Milters,
  regardless of the mechanism used to prepend a header. This fix reverts
  a partial solution that was released on October 13, 2014, and replaces
  it with a complete solution.

NetBSD — external/ibm-public/postfix/dist HISTORY, external/ibm-public/postfix/dist/src/cleanup cleanup_message.c cleanup_state.c

Import Postfix 2.11.3. Changes since version 2.11.1:
- Fix for DMARC implementations based on SPF policy plus DKIM Milter. The
  PREPEND access/policy action added headers ABOVE Postfix's own Received:
  header, exposing Postfix's own Received: header to Milters (protocol
  violation) and hiding the PREPENDed header from Milters. PREPENDed
  headers are now added BELOW Postfix's own Received: header and remain
  visible to Milters.
- The Postfix SMTP server logged an incorrect client name in reject
  messages for check_reverse_client_hostname_access and
  check_reverse_client_hostname_{mx,ns}_access. They replied with the
  verified client name, instead of the name that was rejected.
- The TLS client logged that an anonymous TLS connection was "Untrusted",
  instead of "Anonymous".
- Fix for configurations that prepend message headers with Postfix access
  maps, policy servers or Milter applications. Postfix now hides its own
  Received: header from Milters and exposes prepended headers to Milters,
  regardless of the mechanism used to prepend a header. This fix reverts
  a partial solution that was released on October 13, 2014, and replaces
  it with a complete solution.

Bitrig — usr.sbin/relayd ssl_privsep.c relayd.h, usr.sbin/smtpd ssl_privsep.c ssl.h

LibreSSL now supports loading of CA certificates from memory, replace
the internal and long-serving ssl_ctx_load_verify_memory() function
with a call to the SSL_CTX_load_verify_mem() API function.  The
ssl_privsep.c file with hacks for using OpenSSL in privsep'ed
processes can now go away; portable versions of smtpd and relayd
should start depending on LibreSSL or they have to carry ssl_privsep.c
in openbsd-compat to work with legacy OpenSSL.  No functional change.

Based on previous discussions with gilles@ bluhm@ and many others
OK bluhm@ (as part of the libcrypto/libssl/libtls diff)

OpenBSD — usr.sbin/relayd ssl_privsep.c relayd.h, usr.sbin/smtpd ssl_privsep.c ssl.h

LibreSSL now supports loading of CA certificates from memory, replace
the internal and long-serving ssl_ctx_load_verify_memory() function
with a call to the SSL_CTX_load_verify_mem() API function.  The
ssl_privsep.c file with hacks for using OpenSSL in privsep'ed
processes can now go away; portable versions of smtpd and relayd
should start depending on LibreSSL or they have to carry ssl_privsep.c
in openbsd-compat to work with legacy OpenSSL.  No functional change.

Based on previous discussions with gilles@ bluhm@ and many others
OK bluhm@ (as part of the libcrypto/libssl/libtls diff)

Bitrig — usr.sbin/smtpd smtpd.h queue_fs.c

use <limits.h> comprehensively.  For now try to push <> includes to
each .c file, and out of the .h files.  To avoid overinclude.
ok gilles, in principle.  If this has been done right, -portable should
become easier to maintain.
Delta File
+38 -38 usr.sbin/smtpd/smtpd.h
+16 -16 usr.sbin/smtpd/queue_fs.c
+14 -14 usr.sbin/smtpd/smtp_session.c
+10 -10 usr.sbin/smtpd/smtpd.c
+9 -7 usr.sbin/smtpd/table.c
+8 -8 usr.sbin/smtpd/mta.c
+198 -131 61 files not shown
+293 -224 67 files

OpenBSD — usr.sbin/smtpd smtpd.h queue_fs.c

use <limits.h> comprehensively.  For now try to push <> includes to
each .c file, and out of the .h files.  To avoid overinclude.
ok gilles, in principle.  If this has been done right, -portable should
become easier to maintain.
Delta File
+38 -38 usr.sbin/smtpd/smtpd.h
+16 -16 usr.sbin/smtpd/queue_fs.c
+14 -14 usr.sbin/smtpd/smtp_session.c
+10 -10 usr.sbin/smtpd/smtpd.c
+9 -7 usr.sbin/smtpd/table.c
+8 -8 usr.sbin/smtpd/mta.c
+198 -131 61 files not shown
+293 -224 67 files

OpenBSD — usr.sbin/relayd ssl_privsep.c relay.c, usr.sbin/smtpd ssl_privsep.c ssl.c

SSL_CTX_use_certificate_chain() has been added to LibreSSL and there
is no need to keep a local copy in ssl_privsep.c.  This adds a little
burden on OpenSMTPD-portable because it will have to put it in
openbsd-compat for compatibility with legacy OpenSSL.

OK gilles@

Bitrig — usr.sbin/relayd ssl_privsep.c relay.c, usr.sbin/smtpd ssl_privsep.c ssl.c

SSL_CTX_use_certificate_chain() has been added to LibreSSL and there
is no need to keep a local copy in ssl_privsep.c.  This adds a little
burden on OpenSMTPD-portable because it will have to put it in
openbsd-compat for compatibility with legacy OpenSSL.

OK gilles@

OpenBSD — lib/libtls tls_server.c, usr.sbin/relayd relay.c

The SSL/TLS session Id context is limited to 32 bytes.  Instead of
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context.  This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.

OK gilles@ benno@

Bitrig — lib/libtls tls_server.c, usr.sbin/relayd relay.c

The SSL/TLS session Id context is limited to 32 bytes.  Instead of
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context.  This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.

OK gilles@ benno@

OpenBSD — bin/cat cat.c, bin/cp cp.c utils.c

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible.  Annotate <sys/param.h> lines with their current reasons.  Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc.  Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution.  These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
Delta File
+22 -22 usr.bin/cvs/client.c
+21 -21 usr.bin/cvs/file.c
+20 -20 usr.bin/cvs/server.c
+18 -18 libexec/ftpd/ftpd.c
+18 -17 usr.sbin/crunchgen/crunchgen.c
+16 -16 usr.bin/cvs/add.c
+2,090 -2,106 663 files not shown
+2,205 -2,220 669 files

Bitrig — bin/cat cat.c, bin/cp cp.c utils.c

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible.  Annotate <sys/param.h> lines with their current reasons.  Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc.  Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution.  These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
Delta File
+18 -18 libexec/ftpd/ftpd.c
+18 -17 usr.sbin/crunchgen/crunchgen.c
+13 -15 usr.sbin/pppd/main.c
+15 -12 usr.bin/diff/diffreg.c
+13 -13 usr.bin/rdist/client.c
+13 -13 sbin/pfctl/pfctl.c
+1,795 -1,817 603 files not shown
+1,885 -1,905 609 files

OpenBSD — usr.sbin/smtpd enqueue.c smtpd.c

when enqueueing offline mails from within the daemon session, we should not
rely on getlogin() otherwise mail will end up enqueued as coming from user
who started smtpd.

bug spotted by deraadt@, diff ok todd@

Bitrig — usr.sbin/smtpd enqueue.c smtpd.c

when enqueueing offline mails from within the daemon session, we should not
rely on getlogin() otherwise mail will end up enqueued as coming from user
who started smtpd.

bug spotted by deraadt@, diff ok todd@

Bitrig — usr.sbin/smtpd table.c

recipient and sender lists now support the user+TAG notation, allowing
among other things a secondary MX to filter recipients to be relayed to a
primary MX even if they are using tags. there are other nice things to do
with that feature, use your imagination.

tested and ok florian@, tested by several users for a few days too
Delta File
+17 -2 usr.sbin/smtpd/table.c
+17 -2 1 file

OpenBSD — usr.sbin/smtpd table.c

recipient and sender lists now support the user+TAG notation, allowing
among other things a secondary MX to filter recipients to be relayed to a
primary MX even if they are using tags. there are other nice things to do
with that feature, use your imagination.

tested and ok florian@, tested by several users for a few days too
Delta File
+17 -2 usr.sbin/smtpd/table.c
+17 -2 1 file

Bitrig — usr.sbin/smtpd smtp_session.c

bring back reverted commits, the crash was unrelated
Delta File
+23 -17 usr.sbin/smtpd/smtp_session.c
+23 -17 1 file

OpenBSD — usr.sbin/smtpd smtp_session.c

bring back reverted commits, the crash was unrelated
Delta File
+23 -17 usr.sbin/smtpd/smtp_session.c
+23 -17 1 file