diff -uNr a/BUILD b/BUILD --- a/BUILD 1970-01-01 00:00:00 +0000 +++ b/BUILD 1970-01-01 00:00:00 +0000 @@ -44,7 +44,7 @@ 0. Prerequisites A copy of this repository - Upstream sources as listed in base/src.sha512 (see the gports/gales-util/gales-mirror-sync script - described at http://fixpoint.welshcomputing.com/2019/gales-linux-initial-release/ - for how to obtain these) + Upstream sources as listed in base/src.sha512 (see the gports/gales-util/gales-mirror-sync script - described at http://jfxpt.com/2019/gales-linux-initial-release/ - for how to obtain these) ISO C90 compiler (probably needs to be gcc 2.95+) /bin/sh (bash or ksh required for the brace expansions below. BusyBox ash as of 1.24.2 is known to fail on binutils and musl configure scripts; dash 0.5.9.1 works) GNU make (3.80+ for gcc) @@ -319,7 +319,7 @@ Use internal crypt functions: y Default password encryption method: sha512 Linux Module Utilities: insmod rmmod lsmod modprobe depmod - Linux System Utilities: blockdev fstrim mount rev dmesg fbset fdisk flock mkfs_vfat hexdump hwclock ipcrm ipcs losetup lspci lsusb mkswap more script scriptreplay swaponoff switch_root umount + Linux System Utilities: blockdev fallocate fstrim mount rev dmesg fbset fdisk flock mkfs_vfat hexdump hwclock ipcrm ipcs losetup lspci lsusb mkswap more script scriptreplay swaponoff switch_root umount Support specifying devices by label or UUID: n Support GPT disklabels: y Misc Utilities: setserial beep eject hdparm setsid time timeout @@ -493,7 +493,7 @@ A1. Helpful resources http://jwrd.net/ - http://fixpoint.welshcomputing.com/category/gales-linux/ + http://jfxpt.com/category/gales-linux/ http://www.musl-libc.org/doc/1.0.0/manual.html http://www.musl-libc.org/faq.html http://gcc.gnu.org/install/configure.html diff -uNr a/PORTS b/PORTS --- a/PORTS 1970-01-01 00:00:00 +0000 +++ b/PORTS 1970-01-01 00:00:00 +0000 @@ -49,6 +49,7 @@ bc (automake readline) bison (automake m4) libtool (automake) +strace (autoconf automake) sqlite (readline ncurses) sqlite-doc @@ -67,7 +68,7 @@ python-docs 5: -openssh (autoconf libressl zlib) +openssh (autoconf automake libressl zlib) tmux (libevent ncurses) gdb (flex bison readline) sbcl (clisp) diff -uNr a/VERSION b/VERSION --- a/VERSION 1970-01-01 00:00:00 +0000 +++ b/VERSION 1970-01-01 00:00:00 +0000 @@ -1,4 +1,4 @@ -23 +23.3 The major version is the year of release, minus 2000. A new base tarball is published for each major release. diff -uNr a/gports/djbdns/README.gales b/gports/djbdns/README.gales --- a/gports/djbdns/README.gales 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/README.gales 1970-01-01 00:00:00 +0000 @@ -0,0 +1,25 @@ +This is a lightly patched port, resolving a short list of bugs and portability issues discovered since the last release of djbdns in 2001. + +To create the required system user and group for the dnscache daemon, use: + + # addgroup -S dnscache + # adduser -SH -h / -g 'djbdns cache' -s /bin/false -G dnscache dnscache + +Or for tinydns, use: + + # addgroup -S tinydns + # adduser -SH -h / -g 'djbdns authoritative nameserver' -s /bin/false -G tinydns tinydns + +Program and data format documentation is online at: http://cr.yp.to/djbdns.html + +Example service definitions are provided; the recommendation is to get started in the usual Gales way by copying them into place: + + # cp -r /etc/examples/svc/dnscache /etc/svc/ + +and/or + + # cp -r /etc/examples/svc/tinydns /etc/svc/ + +then editing to suit your needs and finally symlinking to /service. For tinydns in particular you'll need to set /etc/svc/tinydns/env/IP to your actual public IP address to bind. If the same machine also runs a cache, the two must be on different IPs. + +The dnscache-conf and tinydns-conf programs are still included for those who may be accustomed to them; they should work but are not fully assimilated into Gales conventions. For dnscache-conf you'll need to first copy /etc/examples/dnsroots.global to /etc/, and note that its generated run script uses the default (weak) random seed file mechanism. diff -uNr a/gports/djbdns/build.sh b/gports/djbdns/build.sh --- a/gports/djbdns/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/build.sh 1970-01-01 00:00:00 +0000 @@ -0,0 +1,110 @@ +# Work in progress +P=djbdns +V=1.05 +MAJOR=0 +MINOR=0 + +S=" +$P-$V.tar.gz http://cr.yp.to/djbdns/$P-$V.tar.gz +README.gales +djbdns-1.05.CVE-2012-1911-query-ns.patch +djbdns-1.05.build-flags-warnings.patch +djbdns-1.05.dempsky-axfr-subdomain.patch +djbdns-1.05.dnscache-sigpipe.patch +djbdns-1.05.errno.patch +djbdns-1.05.tinydns-data-long64.patch +dnsroots.global +dnscache.run +tinydns.run +" + +SHA512=" +20f066402801d7bec183cb710a5bc51e41f1410024741e5803e26f68f2c13567e48eba793f233dfab903459c3335bc169e24b99d66a4c64e617e1f0779732fa9 djbdns-1.05.tar.gz +" + +build () { + root=$PWD/root + tar xzf $P-$V.tar.gz + cd $P-$V + # To refresh the root servers list: dnsip `dnsqr ns . | awk '/answer:/ { print $5 }' | sort` + cp ../dnsroots.global . + patch -p1 <../djbdns-1.05.errno.patch + patch -p1 <../djbdns-1.05.CVE-2012-1911-query-ns.patch + patch -p0 <../djbdns-1.05.dempsky-axfr-subdomain.patch + patch -p1 <../djbdns-1.05.dnscache-sigpipe.patch + patch -p1 <../djbdns-1.05.tinydns-data-long64.patch + patch -p1 <../djbdns-1.05.build-flags-warnings.patch + echo "/gales/pkg/$Q" >conf-home + make -j$JOBS + + # assemble example dnscache service configuration, replacing dnscache-conf + mkdir svcdnscache + cd svcdnscache + cp ../../dnscache.run run + chmod 755 run + + mkdir log + ln -s /etc/svc.defs/multilog log/run + + mkdir env + echo /etc/svc/dnscache/root >env/ROOT + echo 127.0.0.1 >env/IP + echo 0.0.0.0 >env/IPSEND + echo 1000000 >env/CACHESIZE + echo 3000000 >env/DATALIMIT + + mkdir root root/ip root/servers + echo 'This directory lists allowed client IPs or prefixes based on file existence.' >root/ip/127.0.0.1 + cp ../dnsroots.global root/servers/@ + + # assemble example tinydns service configuration, replacing tinydns-conf + cd .. + mkdir svctinydns + cd svctinydns + cp ../../tinydns.run run + chmod 755 run + + mkdir log + ln -s /etc/svc.defs/multilog log/run + + mkdir env + echo /etc/svc/tinydns/root >env/ROOT + echo 127.0.0.1 >env/IP + + mkdir root + >root/data + for type in ns alias childns host alias mx ; do + printf '#!/bin/sh\nexec /gales/pkg/djbdns/bin/tinydns-edit data data.new add %s ${1+"$@"}\n' $type >root/add-$type + chmod 755 root/add-$type + done + printf 'data.cdb: data\n\t/gales/pkg/djbdns/bin/tinydns-data\n' >root/Makefile +} + +package () { + f gales/pkg/$Q/doc/README.gales + cd $P-$V + for f in CHANGES README TINYDNS TODO ; do + f gales/pkg/$Q/doc/$f + done + a etc/examples/svc/dnscache svcdnscache + a etc/examples/svc/tinydns svctinydns + + # per hier.c + f etc/examples/dnsroots.global + for f in \ + dnscache-conf tinydns-conf walldns-conf rbldns-conf pickdns-conf axfrdns-conf \ + dnscache tinydns walldns rbldns pickdns axfrdns \ + tinydns-get tinydns-data tinydns-edit rbldns-data pickdns-data axfr-get \ + dnsip dnsipq dnsname dnstxt dnsmx dnsfilter random-ip dnsqr dnsq dnstrace + do + X gales/pkg/$Q/bin/$f + l gales/command/$f ../pkg/$P/bin/$f + done + for f in dnstracesort ; do + x gales/pkg/$Q/bin/$f + l gales/command/$f ../pkg/$P/bin/$f + done + + l gales/pkg/$P $Q + l gales/doc/$P ../pkg/$P/doc +} diff -uNr a/gports/djbdns/djbdns-1.05.CVE-2012-1911-query-ns.patch b/gports/djbdns/djbdns-1.05.CVE-2012-1911-query-ns.patch --- a/gports/djbdns/djbdns-1.05.CVE-2012-1911-query-ns.patch 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/djbdns-1.05.CVE-2012-1911-query-ns.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,20 @@ +# Created 2012 by Peter Conrad +# +# This patch is public domain. +# + +This is believed to resolve the problem described at http://jfxpt.com/2023/dns-kiting/ in which a no-longer-delegated nameserver can keep itself cached indefinitely. The idea is to ignore NS records received from a domain's own nameservers, i.e. to refresh them only when received from the delegating parent. -jfw + +--- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200 ++++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200 +@@ -578,6 +578,10 @@ + } + + if (!dns_domain_suffix(t1,control)) { i = j; continue; } ++ if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) { ++ char dummy[256]; ++ if (!roots(dummy,control)) { i = j; continue; } ++ } + if (!roots_same(t1,control)) { i = j; continue; } + + if (byte_equal(type,2,DNS_T_ANY)) diff -uNr a/gports/djbdns/djbdns-1.05.build-flags-warnings.patch b/gports/djbdns/djbdns-1.05.build-flags-warnings.patch --- a/gports/djbdns/djbdns-1.05.build-flags-warnings.patch 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/djbdns-1.05.build-flags-warnings.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,684 @@ +This gets me a warning-free build, even with non-default warnings enabled except for the explicit list. + +Possibly significant changes are the addition of -fno-builtin-puts (auto-str.c defines its own "puts" function), and the switch to unsigned for size/length/index variables where appropriate. + +Optimization level is reduced to 1 for compiler security conservatism. + + -jfw + +diff -ur a/axfr-get.c b/axfr-get.c +--- a/axfr-get.c 2001-02-11 21:11:45 +0000 ++++ b/axfr-get.c 2023-10-29 00:58:14 +0000 +@@ -229,16 +229,16 @@ + pos = x_copy(buf,len,pos,data,1); + ch = data[0]; + if (printable(ch)) { +- if (!stralloc_catb(&line,&ch,1)) return 0; ++ if (!stralloc_catb(&line,(char *)&ch,1)) return 0; + } + else { + if (!stralloc_cats(&line,"\\")) return 0; + ch2 = '0' + ((ch >> 6) & 7); +- if (!stralloc_catb(&line,&ch2,1)) return 0; ++ if (!stralloc_catb(&line,(char *)&ch2,1)) return 0; + ch2 = '0' + ((ch >> 3) & 7); +- if (!stralloc_catb(&line,&ch2,1)) return 0; ++ if (!stralloc_catb(&line,(char *)&ch2,1)) return 0; + ch2 = '0' + (ch & 7); +- if (!stralloc_catb(&line,&ch2,1)) return 0; ++ if (!stralloc_catb(&line,(char *)&ch2,1)) return 0; + } + } + } +diff -ur a/buffer_put.c b/buffer_put.c +--- a/buffer_put.c 2001-02-11 21:11:45 +0000 ++++ b/buffer_put.c 2023-10-29 02:07:43 +0000 +@@ -13,7 +13,7 @@ + if (errno == error_intr) continue; + return -1; /* note that some data may have been written */ + } +- if (w == 0) ; /* luser's fault */ ++ /* if (w == 0) ; luser's fault */ + buf += w; + len -= w; + } +diff -ur a/cdb.c b/cdb.c +--- a/cdb.c 2001-02-11 21:11:45 +0000 ++++ b/cdb.c 2023-10-29 01:37:19 +0000 +@@ -70,7 +70,7 @@ + static int match(struct cdb *c,const char *key,unsigned int len,uint32 pos) + { + char buf[32]; +- int n; ++ unsigned int n; + + while (len > 0) { + n = sizeof buf; +diff -ur a/chkshsgr.c b/chkshsgr.c +--- a/chkshsgr.c 2001-02-11 21:11:45 +0000 ++++ b/chkshsgr.c 2023-10-28 21:53:19 +0000 +@@ -1,10 +1,11 @@ ++#include + #include "exit.h" + + int main() + { +- short x[4]; ++ gid_t x[1]; + +- x[0] = x[1] = 0; ++ x[0] = 0; + if (getgroups(1,x) == 0) if (setgroups(1,x) == -1) _exit(1); + _exit(0); + } +diff -ur a/conf-cc b/conf-cc +--- a/conf-cc 2001-02-11 21:11:45 +0000 ++++ b/conf-cc 2023-10-29 02:08:58 +0000 +@@ -1,3 +1,3 @@ +-gcc -O2 -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings ++gcc -O1 -fno-builtin-puts -Wall -Wextra -Wno-unused-but-set-variable -Wno-parentheses -Wno-unused-parameter + + This will be used to compile .c files. +diff -ur a/dns_rcip.c b/dns_rcip.c +--- a/dns_rcip.c 2001-02-11 21:11:45 +0000 ++++ b/dns_rcip.c 2023-10-29 01:11:15 +0000 +@@ -9,8 +9,8 @@ + + static int init(char ip[64]) + { +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + int iplen = 0; + char *x; + +@@ -28,9 +28,9 @@ + } + + if (!iplen) { +- i = openreadclose("/etc/resolv.conf",&data,64); +- if (i == -1) return -1; +- if (i) { ++ int r = openreadclose("/etc/resolv.conf",&data,64); ++ if (r == -1) return -1; ++ if (r) { + if (!stralloc_append(&data,"\n")) return -1; + i = 0; + for (j = 0;j < data.len;++j) +diff -ur a/dns_rcrw.c b/dns_rcrw.c +--- a/dns_rcrw.c 2001-02-11 21:11:45 +0000 ++++ b/dns_rcrw.c 2023-10-29 01:15:09 +0000 +@@ -12,19 +12,20 @@ + { + char host[256]; + const char *x; +- int i; +- int j; +- int k; ++ unsigned int i; ++ unsigned int j; ++ unsigned int k; ++ int r; + + if (!stralloc_copys(rules,"")) return -1; + + x = env_get("DNSREWRITEFILE"); + if (!x) x = "/etc/dnsrewrite"; + +- i = openreadclose(x,&data,64); +- if (i == -1) return -1; ++ r = openreadclose(x,&data,64); ++ if (r == -1) return -1; + +- if (i) { ++ if (r) { + if (!stralloc_append(&data,"\n")) return -1; + i = 0; + for (j = 0;j < data.len;++j) +@@ -61,10 +62,10 @@ + return 0; + } + +- i = openreadclose("/etc/resolv.conf",&data,64); +- if (i == -1) return -1; ++ r = openreadclose("/etc/resolv.conf",&data,64); ++ if (r == -1) return -1; + +- if (i) { ++ if (r) { + if (!stralloc_append(&data,"\n")) return -1; + i = 0; + for (j = 0;j < data.len;++j) +diff -ur a/dns_transmit.c b/dns_transmit.c +--- a/dns_transmit.c 2001-02-11 21:11:45 +0000 ++++ b/dns_transmit.c 2023-10-29 01:15:57 +0000 +@@ -265,7 +265,7 @@ + if (errno == error_connrefused) if (d->udploop == 2) return 0; + return nextudp(d); + } +- if (r + 1 > sizeof udpbuf) return 0; ++ if (r + 1 > (ssize_t) sizeof udpbuf) return 0; + + if (irrelevant(d,udpbuf,r)) return 0; + if (serverwantstcp(udpbuf,r)) return firsttcp(d); +diff -ur a/dnscache.c b/dnscache.c +--- a/dnscache.c 2023-10-28 21:53:08 +0000 ++++ b/dnscache.c 2023-10-29 01:01:12 +0000 +@@ -112,7 +112,7 @@ + + len = socket_recv4(udp53,buf,sizeof buf,x->ip,&x->port); + if (len == -1) return; +- if (len >= sizeof buf) return; ++ if (len >= (int) sizeof buf) return; + if (x->port < 1024) if (x->port != 53) return; + if (!okclient(x->ip)) return; + +@@ -446,4 +446,5 @@ + + log_startup(); + doit(); ++ return 0; + } +diff -ur a/dnsfilter.c b/dnsfilter.c +--- a/dnsfilter.c 2001-02-11 21:11:45 +0000 ++++ b/dnsfilter.c 2023-10-29 01:52:11 +0000 +@@ -37,7 +37,7 @@ + static stralloc partial; + + char inbuf[1024]; +-int inbuflen = 0; ++unsigned int inbuflen = 0; + iopause_fd *inio; + int flag0 = 1; + +@@ -48,9 +48,9 @@ + char ip[4]; + char name[DNS_NAME4_DOMAIN]; + +-void errout(int i) ++void errout(unsigned int i) + { +- int j; ++ unsigned int j; + + if (!stralloc_copys(&x[i].middle,":")) nomem(); + if (!stralloc_cats(&x[i].middle,error_str(errno))) nomem(); +@@ -65,8 +65,8 @@ + struct taia deadline; + int opt; + unsigned long u; +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + int r; + + while ((opt = getopt(argc,argv,"c:l:")) != opteof) +diff -ur a/dnsip.c b/dnsip.c +--- a/dnsip.c 2001-02-11 21:11:45 +0000 ++++ b/dnsip.c 2023-10-29 01:45:32 +0000 +@@ -14,7 +14,7 @@ + + int main(int argc,char **argv) + { +- int i; ++ unsigned int i; + + dns_random_init(seed); + +diff -ur a/dnsipq.c b/dnsipq.c +--- a/dnsipq.c 2001-02-11 21:11:45 +0000 ++++ b/dnsipq.c 2023-10-29 01:45:56 +0000 +@@ -15,7 +15,7 @@ + + int main(int argc,char **argv) + { +- int i; ++ unsigned int i; + + dns_random_init(seed); + +diff -ur a/dnsmx.c b/dnsmx.c +--- a/dnsmx.c 2001-02-11 21:11:45 +0000 ++++ b/dnsmx.c 2023-10-29 01:46:34 +0000 +@@ -23,8 +23,8 @@ + + int main(int argc,char **argv) + { +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + uint16 pref; + + dns_random_init(seed); +diff -ur a/dnsq.c b/dnsq.c +--- a/dnsq.c 2001-02-11 21:11:45 +0000 ++++ b/dnsq.c 2023-10-28 21:57:07 +0000 +@@ -10,6 +10,7 @@ + #include "printpacket.h" + #include "parsetype.h" + #include "dns.h" ++#include "exit.h" + + #define FATAL "dnsq: fatal: " + +diff -ur a/dnsqr.c b/dnsqr.c +--- a/dnsqr.c 2001-02-11 21:11:45 +0000 ++++ b/dnsqr.c 2023-10-28 21:56:49 +0000 +@@ -9,6 +9,7 @@ + #include "printpacket.h" + #include "parsetype.h" + #include "dns.h" ++#include "exit.h" + + #define FATAL "dnsqr: fatal: " + +diff -ur a/dnstrace.c b/dnstrace.c +--- a/dnstrace.c 2001-02-11 21:11:45 +0000 ++++ b/dnstrace.c 2023-10-29 01:56:37 +0000 +@@ -129,7 +129,7 @@ + void qt_add(const char *q,const char type[2],const char *control,const char ip[4]) + { + struct qt x; +- int i; ++ unsigned int i; + + if (!*q) return; /* don't ask the roots about our artificial . host */ + +@@ -151,8 +151,8 @@ + void query_add(const char *owner,const char type[2]) + { + struct query x; +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + + for (i = 0;i < query.len;++i) + if (dns_domain_equal(query.s[i].owner,owner)) +@@ -174,8 +174,8 @@ + void ns_add(const char *owner,const char *server) + { + struct ns x; +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + + buffer_put(buffer_1,querystr.s,querystr.len); + buffer_puts(buffer_1,"NS:"); +@@ -206,8 +206,8 @@ + void address_add(const char *owner,const char ip[4]) + { + struct address x; +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + + buffer_put(buffer_1,querystr.s,querystr.len); + buffer_puts(buffer_1,"A:"); +@@ -262,7 +262,7 @@ + int flagcname; + int flagreferral; + int flagsoa; +- int j; ++ unsigned int j; + const char *x; + + pos = dns_packet_copy(buf,len,0,header,12); if (!pos) goto DIE; +@@ -320,7 +320,7 @@ + } + + pos = posanswers; +- for (j = 0;j < numanswers + numauthority + numglue;++j) { ++ for (j = 0;j < (unsigned int) numanswers + numauthority + numglue;++j) { + pos = dns_packet_getname(buf,len,pos,&t1); if (!pos) goto DIE; + pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE; + uint16_unpack_big(header + 8,&datalen); +@@ -359,7 +359,7 @@ + return; + } + pos = posanswers; +- for (j = 0;j < numanswers + numauthority + numglue;++j) { ++ for (j = 0;j < (unsigned int) numanswers + numauthority + numglue;++j) { + pos = printrecord(&tmp,buf,len,pos,d,dtype); + if (!pos) goto DIE; + if (tmp.len) { +@@ -395,7 +395,7 @@ + char *control; + char type[2]; + char ip[64]; +- int i; ++ unsigned int i; + uint16 u16; + + dns_random_init(seed); +diff -ur a/droproot.c b/droproot.c +--- a/droproot.c 2001-02-11 21:11:45 +0000 ++++ b/droproot.c 2023-10-29 00:52:23 +0000 +@@ -21,13 +21,13 @@ + if (!x) + strerr_die2x(111,fatal,"$GID not set"); + scan_ulong(x,&id); +- if (prot_gid((int) id) == -1) ++ if (prot_gid(id) == -1) + strerr_die2sys(111,fatal,"unable to setgid: "); + + x = env_get("UID"); + if (!x) + strerr_die2x(111,fatal,"$UID not set"); + scan_ulong(x,&id); +- if (prot_uid((int) id) == -1) ++ if (prot_uid(id) == -1) + strerr_die2sys(111,fatal,"unable to setuid: "); + } +diff -ur a/getln2.c b/getln2.c +--- a/getln2.c 2001-02-11 21:11:45 +0000 ++++ b/getln2.c 2023-10-29 01:18:01 +0000 +@@ -16,7 +16,7 @@ + if (n == 0) { *clen = 0; return 0; } + x = buffer_PEEK(ss); + i = byte_chr(x,n,sep); +- if (i < n) { buffer_SEEK(ss,*clen = i + 1); *cont = x; return 0; } ++ if (i < (unsigned int) n) { buffer_SEEK(ss,*clen = i + 1); *cont = x; return 0; } + if (!stralloc_readyplus(sa,n)) return -1; + i = sa->len; + sa->len = i + buffer_get(ss,sa->s + i,n); +diff -ur a/hier.c b/hier.c +--- a/hier.c 2001-02-11 21:11:45 +0000 ++++ b/hier.c 2023-10-29 00:25:18 +0000 +@@ -1,4 +1,7 @@ + #include "auto_home.h" ++void h(const char *,int,int,int); ++void d(const char *,const char *,int,int,int); ++void c(const char *,const char *,const char *,int,int,int); + + void hier() + { +diff -ur a/instcheck.c b/instcheck.c +--- a/instcheck.c 2001-02-11 21:11:45 +0000 ++++ b/instcheck.c 2023-10-29 02:03:50 +0000 +@@ -30,13 +30,13 @@ + return; + } + +- if ((uid != -1) && (st.st_uid != uid)) ++ if ((uid != -1) && (st.st_uid != (uid_t) uid)) + strerr_warn6(WARNING,prefix1,prefix2,prefix3,file," has wrong owner",0); +- if ((gid != -1) && (st.st_gid != gid)) ++ if ((gid != -1) && (st.st_gid != (gid_t) gid)) + strerr_warn6(WARNING,prefix1,prefix2,prefix3,file," has wrong group",0); +- if ((st.st_mode & 07777) != mode) ++ if ((st.st_mode & 07777) != (mode_t) mode) + strerr_warn6(WARNING,prefix1,prefix2,prefix3,file," has wrong permissions",0); +- if ((st.st_mode & S_IFMT) != type) ++ if ((st.st_mode & S_IFMT) != (mode_t) type) + strerr_warn6(WARNING,prefix1,prefix2,prefix3,file," has wrong type",0); + } + +diff -ur a/iopause.c b/iopause.c +--- a/iopause.c 2001-02-11 21:11:45 +0000 ++++ b/iopause.c 2023-10-29 01:06:01 +0000 +@@ -7,7 +7,7 @@ + struct taia t; + int millisecs; + double d; +- int i; ++ unsigned int i; + + if (taia_less(deadline,stamp)) + millisecs = 0; +@@ -45,7 +45,7 @@ + for (i = 0;i < len;++i) { + fd = x[i].fd; + if (fd < 0) continue; +- if (fd >= 8 * sizeof(fd_set)) continue; /*XXX*/ ++ if (fd >= 8 * (int) sizeof(fd_set)) continue; /*XXX*/ + + if (fd >= nfds) nfds = fd + 1; + if (x[i].events & IOPAUSE_READ) FD_SET(fd,&rfds); +@@ -62,7 +62,7 @@ + for (i = 0;i < len;++i) { + fd = x[i].fd; + if (fd < 0) continue; +- if (fd >= 8 * sizeof(fd_set)) continue; /*XXX*/ ++ if (fd >= 8 * (int) sizeof(fd_set)) continue; /*XXX*/ + + if (x[i].events & IOPAUSE_READ) + if (FD_ISSET(fd,&rfds)) x[i].revents |= IOPAUSE_READ; +diff -ur a/log.c b/log.c +--- a/log.c 2001-02-11 21:11:45 +0000 ++++ b/log.c 2023-10-29 01:01:55 +0000 +@@ -207,7 +207,7 @@ + + void log_rr(const char server[4],const char *q,const char type[2],const char *buf,unsigned int len,unsigned int ttl) + { +- int i; ++ unsigned int i; + + string("rr "); ip(server); space(); number(ttl); space(); + logtype(type); space(); name(q); space(); +diff -ur a/pickdns-data.c b/pickdns-data.c +--- a/pickdns-data.c 2001-02-11 21:11:45 +0000 ++++ b/pickdns-data.c 2023-10-29 01:41:35 +0000 +@@ -129,9 +129,9 @@ + int main() + { + struct address t; +- int i; +- int j; +- int k; ++ unsigned int i; ++ unsigned int j; ++ unsigned int k; + char ch; + + umask(022); +diff -ur a/prot.c b/prot.c +--- a/prot.c 2001-02-11 21:11:45 +0000 ++++ b/prot.c 2023-10-29 00:51:34 +0000 +@@ -1,7 +1,8 @@ ++#include + #include "hasshsgr.h" + #include "prot.h" + +-int prot_gid(int gid) ++int prot_gid(gid_t gid) + { + #ifdef HASSHORTSETGROUPS + short x[2]; +@@ -13,7 +14,7 @@ + return setgid(gid); /* _should_ be redundant, but on some systems it isn't */ + } + +-int prot_uid(int uid) ++int prot_uid(uid_t uid) + { + return setuid(uid); + } +diff -ur a/prot.h b/prot.h +--- a/prot.h 2001-02-11 21:11:45 +0000 ++++ b/prot.h 2023-10-29 00:51:49 +0000 +@@ -1,7 +1,7 @@ + #ifndef PROT_H + #define PROT_H + +-extern int prot_gid(int); +-extern int prot_uid(int); ++extern int prot_gid(gid_t); ++extern int prot_uid(uid_t); + + #endif +diff -ur a/roots.c b/roots.c +--- a/roots.c 2001-02-11 21:11:45 +0000 ++++ b/roots.c 2023-10-29 01:03:39 +0000 +@@ -14,8 +14,8 @@ + + static int roots_find(char *q) + { +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + + i = 0; + while (i < data.len) { +@@ -62,8 +62,8 @@ + static stralloc text; + char servers[64]; + int serverslen; +- int i; +- int j; ++ unsigned int i; ++ unsigned int j; + + for (;;) { + errno = 0; +diff -ur a/seek_set.c b/seek_set.c +--- a/seek_set.c 2001-02-11 21:11:45 +0000 ++++ b/seek_set.c 2023-10-28 21:53:19 +0000 +@@ -1,7 +1,6 @@ + #include ++#include + #include "seek.h" + +-#define SET 0 /* sigh */ +- + int seek_set(int fd,seek_pos pos) +-{ if (lseek(fd,(off_t) pos,SET) == -1) return -1; return 0; } ++{ if (lseek(fd,(off_t) pos,SEEK_SET) == -1) return -1; return 0; } +diff -ur a/server.c b/server.c +--- a/server.c 2001-02-11 21:11:45 +0000 ++++ b/server.c 2023-10-29 02:14:52 +0000 +@@ -21,7 +21,7 @@ + static uint16 port; + + static char buf[513]; +-static int len; ++static unsigned int len; + + static char *q; + +@@ -106,8 +106,9 @@ + buffer_putsflush(buffer_2,starting); + + for (;;) { +- len = socket_recv4(udp53,buf,sizeof buf,ip,&port); +- if (len < 0) continue; ++ int r = socket_recv4(udp53,buf,sizeof buf,ip,&port); ++ if (r < 0) continue; ++ len = r; + if (!doit()) continue; + if (response_len > 512) response_tc(); + socket_send4(udp53,response,response_len,ip,port); +diff -ur a/socket_accept.c b/socket_accept.c +--- a/socket_accept.c 2001-02-11 21:11:45 +0000 ++++ b/socket_accept.c 2023-10-29 00:43:03 +0000 +@@ -8,7 +8,7 @@ + int socket_accept4(int s,char ip[4],uint16 *port) + { + struct sockaddr_in sa; +- int dummy = sizeof sa; ++ socklen_t dummy = sizeof sa; + int fd; + + fd = accept(s,(struct sockaddr *) &sa,&dummy); +diff -ur a/socket_conn.c b/socket_conn.c +--- a/socket_conn.c 2001-02-11 21:11:45 +0000 ++++ b/socket_conn.c 2023-10-29 00:43:46 +0000 +@@ -21,7 +21,7 @@ + int socket_connected(int s) + { + struct sockaddr_in sa; +- int dummy; ++ socklen_t dummy; + char ch; + + dummy = sizeof sa; +diff -ur a/socket_recv.c b/socket_recv.c +--- a/socket_recv.c 2001-02-11 21:11:45 +0000 ++++ b/socket_recv.c 2023-10-29 00:44:48 +0000 +@@ -8,7 +8,7 @@ + int socket_recv4(int s,char *buf,int len,char ip[4],uint16 *port) + { + struct sockaddr_in sa; +- int dummy = sizeof sa; ++ socklen_t dummy = sizeof sa; + int r; + + r = recvfrom(s,buf,len,0,(struct sockaddr *) &sa,&dummy); +diff -ur a/tinydns-data.c b/tinydns-data.c +--- a/tinydns-data.c 2023-10-28 21:53:08 +0000 ++++ b/tinydns-data.c 2023-10-29 01:43:41 +0000 +@@ -184,9 +184,9 @@ + int main() + { + int fddata; +- int i; +- int j; +- int k; ++ unsigned int i; ++ unsigned int j; ++ unsigned int k; + char ch; + unsigned long ttl; + char ttd[8]; +diff -ur a/tinydns-edit.c b/tinydns-edit.c +--- a/tinydns-edit.c 2001-02-11 21:11:45 +0000 ++++ b/tinydns-edit.c 2023-10-29 01:45:08 +0000 +@@ -76,9 +76,9 @@ + { + unsigned long ttl; + struct stat st; +- int i; +- int j; +- int k; ++ unsigned int i; ++ unsigned int j; ++ unsigned int k; + char ch; + + if (!*argv) die_usage(); +diff -ur a/tryshsgr.c b/tryshsgr.c +--- a/tryshsgr.c 2001-02-11 21:11:45 +0000 ++++ b/tryshsgr.c 2023-10-28 21:53:19 +0000 +@@ -1,3 +1,7 @@ ++/* Expected behavior on Linux: compiles (with warnings) and exits 1 (failure) because gid_t is larger than short; thus HASSHORTSETGROUPS must not be defined. ++ * -jfw ++ */ ++ + int main() + { + short x[4]; +diff -ur a/utime.c b/utime.c +--- a/utime.c 2001-02-11 21:11:45 +0000 ++++ b/utime.c 2023-10-28 22:19:07 +0000 +@@ -1,5 +1,6 @@ + #include + #include ++#include + #include "scan.h" + #include "exit.h" + +@@ -7,7 +8,7 @@ + + char *ustr; + unsigned long u; +-time_t ut[2]; ++struct utimbuf ut; + + int main(int argc,char **argv) + { +@@ -18,7 +19,7 @@ + if (!ustr) _exit(100); + scan_ulong(ustr,&u); + +- ut[0] = ut[1] = u; +- if (utime(fn,ut) == -1) _exit(111); ++ ut.actime = ut.modtime = u; ++ if (utime(fn,&ut) == -1) _exit(111); + _exit(0); + } diff -uNr a/gports/djbdns/djbdns-1.05.dempsky-axfr-subdomain.patch b/gports/djbdns/djbdns-1.05.dempsky-axfr-subdomain.patch --- a/gports/djbdns/djbdns-1.05.dempsky-axfr-subdomain.patch 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/djbdns-1.05.dempsky-axfr-subdomain.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,41 @@ +From: "D. J. Bernstein" +Date: Wed, 04 Mar 2009 01:34:21 +0000 +To: djbdns +Subject: djbdns<=1.05 lets AXFRed subdomains overwrite domains +Message-Id: <20090304013421.60368.qmail () cr ! yp ! to> +X-MARC-Message: https://marc.info/?l=djbdns&m=123613000920446 + +If the administrator of example.com publishes the example.com DNS data +through tinydns and axfrdns, and includes data for sub.example.com +transferred from an untrusted third party, then that third party can +control cache entries for example.com, not just sub.example.com. This is +the result of a bug in djbdns pointed out by Matthew Dempsky. (In short, +axfrdns compresses some outgoing DNS packets incorrectly.) + +Even though this bug affects very few users, it is a violation of the +expected security policy in a reasonable situation, so it is a security +hole in djbdns. Third-party DNS service is discouraged in the djbdns +documentation but is nevertheless supported. Dempsky is hereby awarded +$1000. + +The next release of djbdns will be backed by a new security guarantee. +In the meantime, if any users are in the situation described above, +those users are advised to apply Dempsky's patch and requested to accept +my apologies. The patch is also recommended for other users; it corrects +the bug without any side effects. A copy of the patch appears below. + + --D. J. Bernstein + Research Professor, Computer Science, University of Illinois at Chicago + + +--- response.c.orig 2009-02-24 21:04:06.000000000 -0800 ++++ response.c 2009-02-24 21:04:25.000000000 -0800 +@@ -34,7 +34,7 @@ + uint16_pack_big(buf,49152 + name_ptr[i]); + return response_addbytes(buf,2); + } +- if (dlen <= 128) ++ if ((dlen <= 128) && (response_len < 16384)) + if (name_num < NAMES) { + byte_copy(name[name_num],dlen,d); + name_ptr[name_num] = response_len; diff -uNr a/gports/djbdns/djbdns-1.05.dnscache-sigpipe.patch b/gports/djbdns/djbdns-1.05.dnscache-sigpipe.patch --- a/gports/djbdns/djbdns-1.05.dnscache-sigpipe.patch 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/djbdns-1.05.dnscache-sigpipe.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,23 @@ +https://marc.info/?l=djbdns&m=104804013229536&w=2 + +dnscache can receive SIGPIPE when responding to a TCP query and the requesting client closes the connection. + +Patch from Mark Delany reformatted by jfw. + +diff -ur a/dnscache.c b/dnscache.c +--- a/dnscache.c 2001-02-11 21:11:45 +0000 ++++ b/dnscache.c 2023-10-26 22:31:10 +0000 +@@ -1,4 +1,5 @@ + #include ++#include + #include "env.h" + #include "exit.h" + #include "scan.h" +@@ -391,6 +392,7 @@ + char *x; + unsigned long cachesize; + ++ signal(SIGPIPE,SIG_IGN); + x = env_get("IP"); + if (!x) + strerr_die2x(111,FATAL,"$IP not set"); diff -uNr a/gports/djbdns/djbdns-1.05.errno.patch b/gports/djbdns/djbdns-1.05.errno.patch --- a/gports/djbdns/djbdns-1.05.errno.patch 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/djbdns-1.05.errno.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,12 @@ +diff -u djbdns-1.05.old/error.h djbdns-1.05/error.h +--- djbdns-1.05.old/error.h 2001-02-11 15:11:23.000000000 -0600 ++++ djbdns-1.05/error.h 2003-01-08 16:08:42.000000000 -0600 +@@ -1,7 +1,7 @@ + #ifndef ERROR_H + #define ERROR_H + +-extern int errno; ++#include + + extern int error_intr; + extern int error_nomem; diff -uNr a/gports/djbdns/djbdns-1.05.tinydns-data-long64.patch b/gports/djbdns/djbdns-1.05.tinydns-data-long64.patch --- a/gports/djbdns/djbdns-1.05.tinydns-data-long64.patch 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/djbdns-1.05.tinydns-data-long64.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,40 @@ +Using uint32_unpack_big into an unsigned long is incorrect for systems with 64-bit longs, with the problem manifesting at least on big-endian as bad SOA data. Found by compiler warnings; previously reported for instance at https://marc.info/?l=djbdns&m=110845281123105&w=2 for sparc64. + + -jfw + +diff -ur a/tinydns-data.c b/tinydns-data.c +--- a/tinydns-data.c 2001-02-11 21:11:45 +0000 ++++ b/tinydns-data.c 2023-10-28 21:49:40 +0000 +@@ -191,6 +191,7 @@ + unsigned long ttl; + char ttd[8]; + char loc[2]; ++ uint32 t; + unsigned long u; + char ip[4]; + char type[2]; +@@ -251,19 +252,19 @@ + if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem(); + + if (!stralloc_0(&f[3])) nomem(); +- if (!scan_ulong(f[3].s,&u)) uint32_unpack_big(defaultsoa,&u); ++ if (!scan_ulong(f[3].s,&u)) { uint32_unpack_big(defaultsoa,&t); u = t; } + uint32_pack_big(soa,u); + if (!stralloc_0(&f[4])) nomem(); +- if (!scan_ulong(f[4].s,&u)) uint32_unpack_big(defaultsoa + 4,&u); ++ if (!scan_ulong(f[4].s,&u)) { uint32_unpack_big(defaultsoa + 4,&t); u = t; } + uint32_pack_big(soa + 4,u); + if (!stralloc_0(&f[5])) nomem(); +- if (!scan_ulong(f[5].s,&u)) uint32_unpack_big(defaultsoa + 8,&u); ++ if (!scan_ulong(f[5].s,&u)) { uint32_unpack_big(defaultsoa + 8,&t); u = t; } + uint32_pack_big(soa + 8,u); + if (!stralloc_0(&f[6])) nomem(); +- if (!scan_ulong(f[6].s,&u)) uint32_unpack_big(defaultsoa + 12,&u); ++ if (!scan_ulong(f[6].s,&u)) { uint32_unpack_big(defaultsoa + 12,&t); u = t; } + uint32_pack_big(soa + 12,u); + if (!stralloc_0(&f[7])) nomem(); +- if (!scan_ulong(f[7].s,&u)) uint32_unpack_big(defaultsoa + 16,&u); ++ if (!scan_ulong(f[7].s,&u)) { uint32_unpack_big(defaultsoa + 16,&t); u = t; } + uint32_pack_big(soa + 16,u); + + if (!stralloc_0(&f[8])) nomem(); diff -uNr a/gports/djbdns/dnscache.run b/gports/djbdns/dnscache.run --- a/gports/djbdns/dnscache.run 1970-01-01 00:00:00 +0000 +++ b/gports/djbdns/dnscache.run 1970-01-01 00:00:00 +0000 @@ -0,0 +1,5 @@ +#!/bin/sh +exec 2>&1 +exec envdir ./env sh -c ' + exec envuidgid dnscache softlimit -o250 -d "$DATALIMIT" /gales/pkg/djbdns/bin/dnscache &1 +exec envuidgid tinydns envdir ./env softlimit -d300000 /gales/pkg/djbdns/bin/tinydns diff -uNr a/gports/dovecot/build.sh b/gports/dovecot/build.sh --- a/gports/dovecot/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/dovecot/build.sh 1970-01-01 00:00:00 +0000 @@ -1,13 +1,15 @@ P=dovecot V=2.4.0 MAJOR=0 -MINOR=0 +MINOR=1 # Build requires: flex bison perl # Bundled databases: src/lib/UnicodeData.txt src/lib-fts/WordBreakProperty.txt src/lib-fts/PropList.txt S=" jwrd-dovecot-$V.tar.gz +kill-auth-penalty.patch +make-parallel-within-subdirs.patch dovecot.conf run " @@ -20,6 +22,8 @@ root=$PWD/root tar xzf jwrd-dovecot-$V.tar.gz cd jwrd-dovecot-$V + patch -E -p1 < ../kill-auth-penalty.patch + patch -p1 <../make-parallel-within-subdirs.patch # Default CFLAGS include -O1 and no -g. # Security sensitive, so keep low optimization. diff -uNr a/gports/dovecot/dovecot.conf b/gports/dovecot/dovecot.conf --- a/gports/dovecot/dovecot.conf 1970-01-01 00:00:00 +0000 +++ b/gports/dovecot/dovecot.conf 1970-01-01 00:00:00 +0000 @@ -1,5 +1,5 @@ # Basic starting configuration for Dovecot on Gales Linux. -# Some defaults of possible interst are shown commented. There are many more: see `doveconf`. +# Some defaults of possible interest are shown commented. There are many more: see `doveconf`. #default_login_user = dovenull #default_internal_user = dovecot diff -uNr a/gports/dovecot/kill-auth-penalty.patch b/gports/dovecot/kill-auth-penalty.patch --- a/gports/dovecot/kill-auth-penalty.patch 1970-01-01 00:00:00 +0000 +++ b/gports/dovecot/kill-auth-penalty.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,1194 @@ +commit f3f2d74c590e7540e364dfa888065ad54f1a92f3 +Author: Jacob Welsh +AuthorDate: Fri Sep 8 02:38:27 2023 +0000 +Commit: Jacob Welsh +CommitDate: Fri Sep 8 02:45:42 2023 +0000 + + auth, anvil: remove ill-conceived and ill-functioning feature for penalizing failed logins with delayed responses. + + It's an open invitation to denial-of-service attack, especially when used behind a webmail or similar gateway, and the workarounds suggested for supporting that use case are variously broken and ridiculous. + + Some related pieces are not fully removed, search on "penalty" for details, but everything builds. + + http://jfxpt.com/2023/jwrd-logs-for-Sep-2023/#9198 + +diff --git a/src/Makefile b/src/Makefile +index 0776828456..7573d8b387 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -140,7 +140,6 @@ LIBEXEC_PROGS = \ + util/script-login \ + + TEST_PROGS = \ +- anvil/test-penalty \ + auth/test-libpassword \ + auth/test-auth-cache \ + auth/test-auth \ +@@ -626,7 +625,6 @@ LIBDOVECOT_OBJS += \ + auth/auth-client-connection.o \ + auth/auth-fields.o \ + auth/auth-master-connection.o \ +- auth/auth-penalty.o \ + auth/auth-policy.o \ + auth/auth-request-fields.o \ + auth/auth-request-handler.o \ +@@ -1525,10 +1523,8 @@ anvil/anvil: \ + anvil/anvil-connection.o \ + anvil/anvil-settings.o \ + anvil/connect-limit.o \ +- anvil/main.o \ +- anvil/penalty.o ++ anvil/main.o + $(LINK) +-anvil/test-penalty: anvil/test-penalty.o anvil/penalty.o + + auth/auth: auth/main.o + $(LINK) +diff --git a/src/anvil/anvil-connection.c b/src/anvil/anvil-connection.c +index 20e859b5c3..69767add88 100644 +--- a/src/anvil/anvil-connection.c ++++ b/src/anvil/anvil-connection.c +@@ -8,7 +8,6 @@ + #include "master-service.h" + #include "master-interface.h" + #include "connect-limit.h" +-#include "penalty.h" + #include "anvil-connection.h" + + #include +@@ -48,8 +47,7 @@ anvil_connection_request(struct anvil_connection *conn, + const char *const *args, const char **error_r) + { + const char *cmd = args[0]; +- unsigned int value, checksum; +- time_t stamp; ++ unsigned int value; + pid_t pid; + + args++; +@@ -101,36 +99,9 @@ anvil_connection_request(struct anvil_connection *conn, + value = connect_limit_lookup(connect_limit, args[0]); + o_stream_nsend_str(conn->output, + t_strdup_printf("%u\n", value)); +- } else if (strcmp(cmd, "PENALTY-GET") == 0) { +- if (args[0] == NULL) { +- *error_r = "PENALTY-GET: Not enough parameters"; +- return -1; +- } +- value = penalty_get(penalty, args[0], &stamp); +- o_stream_nsend_str(conn->output, +- t_strdup_printf("%u %s\n", value, dec2str(stamp))); +- } else if (strcmp(cmd, "PENALTY-INC") == 0) { +- if (args[0] == NULL || args[1] == NULL || args[2] == NULL) { +- *error_r = "PENALTY-INC: Not enough parameters"; +- return -1; +- } +- if (str_to_uint(args[1], &checksum) < 0 || +- str_to_uint(args[2], &value) < 0 || +- value > PENALTY_MAX_VALUE || +- (value == 0 && checksum != 0)) { +- *error_r = "PENALTY-INC: Invalid parameters"; +- return -1; +- } +- penalty_inc(penalty, args[0], checksum, value); +- } else if (strcmp(cmd, "PENALTY-SET-EXPIRE-SECS") == 0) { +- if (args[0] == NULL || str_to_uint(args[0], &value) < 0) { +- *error_r = "PENALTY-SET-EXPIRE-SECS: " +- "Invalid parameters"; +- return -1; +- } +- penalty_set_expire_secs(penalty, value); + } else if (strcmp(cmd, "PENALTY-DUMP") == 0) { +- penalty_dump(penalty, conn->output); ++ /* Penalty interface removed but 'doveadm penalty' could still query it, so return an empty result. We could perhaps stub out the doveadm command too. */ ++ o_stream_nsend(conn->output, "\n", 1); + } else { + *error_r = t_strconcat("Unknown command: ", cmd, NULL); + return -1; +diff --git a/src/anvil/anvil-settings.c b/src/anvil/anvil-settings.c +index a94823e02f..51529ff449 100644 +--- a/src/anvil/anvil-settings.c ++++ b/src/anvil/anvil-settings.c +@@ -10,11 +10,9 @@ + /* */ + static struct file_listener_settings anvil_unix_listeners_array[] = { + { "anvil", 0600, "", "" }, +- { "anvil-auth-penalty", 0600, "", "" } + }; + static struct file_listener_settings *anvil_unix_listeners[] = { +- &anvil_unix_listeners_array[0], +- &anvil_unix_listeners_array[1] ++ &anvil_unix_listeners_array[0] + }; + static buffer_t anvil_unix_listeners_buf = { + { { anvil_unix_listeners, sizeof(anvil_unix_listeners) } } +diff --git a/src/anvil/common.h b/src/anvil/common.h +index f9a44bd576..4f3b3da1e1 100644 +--- a/src/anvil/common.h ++++ b/src/anvil/common.h +@@ -4,7 +4,6 @@ + #include "lib.h" + + extern struct connect_limit *connect_limit; +-extern struct penalty *penalty; + extern bool anvil_restarted; + + #endif +diff --git a/src/anvil/main.c b/src/anvil/main.c +index 7e4050bc59..8d7cf0cc2f 100644 +--- a/src/anvil/main.c ++++ b/src/anvil/main.c +@@ -10,13 +10,11 @@ + #include "master-service-settings.h" + #include "master-interface.h" + #include "connect-limit.h" +-#include "penalty.h" + #include "anvil-connection.h" + + #include + + struct connect_limit *connect_limit; +-struct penalty *penalty; + bool anvil_restarted; + static struct io *log_fdpass_io; + +@@ -74,7 +72,6 @@ int main(int argc, char *argv[]) + master_service_set_die_with_master(master_service, FALSE); + + connect_limit = connect_limit_init(); +- penalty = penalty_init(); + log_fdpass_io = io_add(MASTER_ANVIL_LOG_FDPASS_FD, IO_READ, + log_fdpass_input, NULL); + master_service_init_finish(master_service); +@@ -82,7 +79,6 @@ int main(int argc, char *argv[]) + master_service_run(master_service, client_connected); + + io_remove(&log_fdpass_io); +- penalty_deinit(&penalty); + connect_limit_deinit(&connect_limit); + anvil_connections_destroy_all(); + master_service_deinit(&master_service); +diff --git a/src/anvil/penalty.c b/src/anvil/penalty.c +deleted file mode 100644 +index 2ab6da16aa..0000000000 +--- a/src/anvil/penalty.c ++++ /dev/null +@@ -1,273 +0,0 @@ +-/* Copyright (c) 2009-2018 Dovecot authors, see the included COPYING file */ +- +-/* The idea behind checksums is that the same username+password doesn't +- increase the penalty, because it's most likely a user with a misconfigured +- account. */ +- +-#include "lib.h" +-#include "ioloop.h" +-#include "hash.h" +-#include "str.h" +-#include "strescape.h" +-#include "llist.h" +-#include "ostream.h" +-#include "penalty.h" +- +-#include +- +-#define PENALTY_DEFAULT_EXPIRE_SECS (60*60) +-#define PENALTY_CHECKSUM_SAVE_COUNT +-#define CHECKSUM_VALUE_COUNT 2 +-#define CHECKSUM_VALUE_PTR_COUNT 10 +- +-#define LAST_UPDATE_BITS 15 +- +-struct penalty_rec { +- /* ordered by last_update */ +- struct penalty_rec *prev, *next; +- +- char *ident; +- unsigned int last_penalty; +- +- unsigned int penalty:16; +- unsigned int last_update:LAST_UPDATE_BITS; /* last_penalty + n */ +- bool checksum_is_pointer:1; +- /* we use value up to two different checksums. +- after that switch to pointer. */ +- union { +- unsigned int value[CHECKSUM_VALUE_COUNT]; +- unsigned int *value_ptr; +- } checksum; +-}; +- +-struct penalty { +- /* ident => penalty_rec */ +- HASH_TABLE(char *, struct penalty_rec *) hash; +- struct penalty_rec *oldest, *newest; +- +- unsigned int expire_secs; +- struct timeout *to; +-}; +- +-struct penalty *penalty_init(void) +-{ +- struct penalty *penalty; +- +- penalty = i_new(struct penalty, 1); +- hash_table_create(&penalty->hash, default_pool, 0, str_hash, strcmp); +- penalty->expire_secs = PENALTY_DEFAULT_EXPIRE_SECS; +- return penalty; +-} +- +-static void penalty_rec_free(struct penalty *penalty, struct penalty_rec *rec) +-{ +- DLLIST2_REMOVE(&penalty->oldest, &penalty->newest, rec); +- if (rec->checksum_is_pointer) +- i_free(rec->checksum.value_ptr); +- i_free(rec->ident); +- i_free(rec); +-} +- +-void penalty_deinit(struct penalty **_penalty) +-{ +- struct penalty *penalty = *_penalty; +- +- *_penalty = NULL; +- +- while (penalty->oldest != NULL) +- penalty_rec_free(penalty, penalty->oldest); +- hash_table_destroy(&penalty->hash); +- +- timeout_remove(&penalty->to); +- i_free(penalty); +-} +- +-void penalty_set_expire_secs(struct penalty *penalty, unsigned int expire_secs) +-{ +- penalty->expire_secs = expire_secs; +-} +- +-static bool +-penalty_bump_checksum(struct penalty_rec *rec, unsigned int checksum) +-{ +- unsigned int *checksums; +- unsigned int i, count; +- +- if (!rec->checksum_is_pointer) { +- checksums = rec->checksum.value; +- count = CHECKSUM_VALUE_COUNT; +- } else { +- checksums = rec->checksum.value_ptr; +- count = CHECKSUM_VALUE_PTR_COUNT; +- } +- +- for (i = 0; i < count; i++) { +- if (checksums[i] == checksum) { +- if (i > 0) { +- memmove(checksums + 1, checksums, +- sizeof(checksums[0]) * i); +- checksums[0] = checksum; +- } +- return TRUE; +- } +- } +- return FALSE; +-} +- +-static void penalty_add_checksum(struct penalty_rec *rec, unsigned int checksum) +-{ +- unsigned int *checksums; +- +- i_assert(checksum != 0); +- +- if (!rec->checksum_is_pointer) { +- if (rec->checksum.value[CHECKSUM_VALUE_COUNT-1] == 0) { +- memcpy(rec->checksum.value + 1, rec->checksum.value, +- sizeof(rec->checksum.value[0]) * +- (CHECKSUM_VALUE_COUNT-1)); +- rec->checksum.value[0] = checksum; +- return; +- } +- +- /* switch to using a pointer */ +- checksums = i_new(unsigned int, CHECKSUM_VALUE_PTR_COUNT); +- memcpy(checksums, rec->checksum.value, +- sizeof(checksums[0]) * CHECKSUM_VALUE_COUNT); +- rec->checksum.value_ptr = checksums; +- rec->checksum_is_pointer = TRUE; +- } +- +- memmove(rec->checksum.value_ptr + 1, rec->checksum.value_ptr, +- sizeof(rec->checksum.value_ptr[0]) * +- (CHECKSUM_VALUE_PTR_COUNT-1)); +- rec->checksum.value_ptr[0] = checksum; +-} +- +-unsigned int penalty_get(struct penalty *penalty, const char *ident, +- time_t *last_penalty_r) +-{ +- struct penalty_rec *rec; +- +- rec = hash_table_lookup(penalty->hash, ident); +- if (rec == NULL) { +- *last_penalty_r = 0; +- return 0; +- } +- +- *last_penalty_r = rec->last_penalty; +- return rec->penalty; +-} +- +-static void penalty_timeout(struct penalty *penalty) +-{ +- struct penalty_rec *rec; +- time_t rec_last_update, expire_time; +- unsigned int diff; +- +- timeout_remove(&penalty->to); +- +- expire_time = ioloop_time - penalty->expire_secs; +- while (penalty->oldest != NULL) { +- rec = penalty->oldest; +- +- rec_last_update = rec->last_penalty + rec->last_update; +- if (rec_last_update > expire_time) { +- diff = rec_last_update - expire_time; +- penalty->to = timeout_add(diff * 1000, +- penalty_timeout, penalty); +- break; +- } +- hash_table_remove(penalty->hash, rec->ident); +- penalty_rec_free(penalty, rec); +- } +-} +- +-void penalty_inc(struct penalty *penalty, const char *ident, +- unsigned int checksum, unsigned int value) +-{ +- struct penalty_rec *rec; +- time_t diff; +- +- i_assert(value > 0 || checksum == 0); +- i_assert(value <= INT_MAX); +- +- rec = hash_table_lookup(penalty->hash, ident); +- if (rec == NULL) { +- rec = i_new(struct penalty_rec, 1); +- rec->ident = i_strdup(ident); +- hash_table_insert(penalty->hash, rec->ident, rec); +- } else { +- DLLIST2_REMOVE(&penalty->oldest, &penalty->newest, rec); +- } +- +- if (checksum == 0) { +- rec->penalty = value; +- rec->last_penalty = ioloop_time; +- } else { +- if (penalty_bump_checksum(rec, checksum)) +- rec->penalty = value - 1; +- else { +- penalty_add_checksum(rec, checksum); +- rec->penalty = value; +- rec->last_penalty = ioloop_time; +- } +- } +- +- diff = ioloop_time - rec->last_penalty; +- if (diff >= (1 << LAST_UPDATE_BITS)) { +- rec->last_update = (1 << LAST_UPDATE_BITS) - 1; +- rec->last_penalty = ioloop_time - rec->last_update; +- } else { +- rec->last_update = diff; +- } +- +- DLLIST2_APPEND(&penalty->oldest, &penalty->newest, rec); +- +- if (penalty->to == NULL) { +- penalty->to = timeout_add(penalty->expire_secs * 1000, +- penalty_timeout, penalty); +- } +-} +- +-bool penalty_has_checksum(struct penalty *penalty, const char *ident, +- unsigned int checksum) +-{ +- struct penalty_rec *rec; +- const unsigned int *checksums; +- unsigned int i, count; +- +- rec = hash_table_lookup(penalty->hash, ident); +- if (rec == NULL) +- return FALSE; +- +- if (!rec->checksum_is_pointer) { +- checksums = rec->checksum.value; +- count = CHECKSUM_VALUE_COUNT; +- } else { +- checksums = rec->checksum.value_ptr; +- count = CHECKSUM_VALUE_PTR_COUNT; +- } +- +- for (i = 0; i < count; i++) { +- if (checksums[i] == checksum) +- return TRUE; +- } +- return FALSE; +-} +- +-void penalty_dump(struct penalty *penalty, struct ostream *output) +-{ +- const struct penalty_rec *rec; +- string_t *str = t_str_new(256); +- +- for (rec = penalty->oldest; rec != NULL; rec = rec->next) { +- str_truncate(str, 0); +- str_append_tabescaped(str, rec->ident); +- str_printfa(str, "\t%u\t%u\t%u\n", +- rec->penalty, rec->last_penalty, +- rec->last_penalty + rec->last_update); +- if (o_stream_send(output, str_data(str), str_len(str)) < 0) +- break; +- } +- o_stream_nsend(output, "\n", 1); +-} +diff --git a/src/anvil/penalty.h b/src/anvil/penalty.h +deleted file mode 100644 +index 23a182cde4..0000000000 +--- a/src/anvil/penalty.h ++++ /dev/null +@@ -1,22 +0,0 @@ +-#ifndef PENALTY_H +-#define PENALTY_H +- +-#define PENALTY_MAX_VALUE ((1 << 16)-1) +- +-struct penalty *penalty_init(void); +-void penalty_deinit(struct penalty **penalty); +- +-void penalty_set_expire_secs(struct penalty *penalty, unsigned int expire_secs); +- +-unsigned int penalty_get(struct penalty *penalty, const char *ident, +- time_t *last_penalty_r); +-/* if checksum is non-zero and it already exists for ident, the value +- is set to "value-1", otherwise it's set to "value". */ +-void penalty_inc(struct penalty *penalty, const char *ident, +- unsigned int checksum, unsigned int value); +- +-bool penalty_has_checksum(struct penalty *penalty, const char *ident, +- unsigned int checksum); +-void penalty_dump(struct penalty *penalty, struct ostream *output); +- +-#endif +diff --git a/src/anvil/test-penalty.c b/src/anvil/test-penalty.c +deleted file mode 100644 +index 438bf9eb0a..0000000000 +--- a/src/anvil/test-penalty.c ++++ /dev/null +@@ -1,64 +0,0 @@ +-/* Copyright (c) 2010-2018 Dovecot authors, see the included COPYING file */ +- +-#include "lib.h" +-#include "ioloop.h" +-#include "penalty.h" +-#include "test-common.h" +- +-static void test_penalty_checksum(void) +-{ +- struct penalty *penalty; +- struct ioloop *ioloop; +- time_t t; +- unsigned int i, j; +- +- test_begin("penalty"); +- +- ioloop = io_loop_create(); +- penalty = penalty_init(); +- +- test_assert(penalty_get(penalty, "foo", &t) == 0); +- for (i = 1; i <= 10; i++) { +- ioloop_time = 12345678 + i; +- penalty_inc(penalty, "foo", i, 5+i); +- +- for (j = I_MIN(1, i-1); j <= i; j++) { +- test_assert(penalty_get(penalty, "foo", &t) == 5+i); +- test_assert(t == (time_t)(12345678 + i)); +- test_assert(penalty_has_checksum(penalty, "foo", i)); +- } +- test_assert(penalty_get(penalty, "foo", &t) == 5+i); +- test_assert(t == (time_t)(12345678 + i)); +- test_assert(!penalty_has_checksum(penalty, "foo", j)); +- } +- test_assert(penalty_get(penalty, "foo2", &t) == 0); +- +- /* overflows checksum array */ +- ioloop_time = 12345678 + i; +- penalty_inc(penalty, "foo", i, 5 + i); +- penalty_inc(penalty, "foo", i, 5 + i); +- penalty_inc(penalty, "foo", 0, 5 + i); +- +- test_assert(penalty_get(penalty, "foo", &t) == 5+i); +- test_assert(t == (time_t)(12345678 + i)); +- test_assert(!penalty_has_checksum(penalty, "foo", 1)); +- +- for (j = 2; j <= i; j++) { +- test_assert(penalty_get(penalty, "foo", &t) == 5+i); +- test_assert(t == (time_t)(12345678 + i)); +- test_assert(penalty_has_checksum(penalty, "foo", i)); +- } +- +- penalty_deinit(&penalty); +- io_loop_destroy(&ioloop); +- test_end(); +-} +- +-int main(void) +-{ +- static void (*const test_functions[])(void) = { +- test_penalty_checksum, +- NULL +- }; +- return test_run(test_functions); +-} +diff --git a/src/auth/auth-common.h b/src/auth/auth-common.h +index 5ebe8c489a..75385594b0 100644 +--- a/src/auth/auth-common.h ++++ b/src/auth/auth-common.h +@@ -6,7 +6,6 @@ + + extern bool worker, worker_restart_request; + extern time_t process_start_time; +-extern struct auth_penalty *auth_penalty; + extern struct event_category event_category_auth; + extern struct event *auth_event; + +diff --git a/src/auth/auth-penalty.c b/src/auth/auth-penalty.c +deleted file mode 100644 +index 3816902a0a..0000000000 +--- a/src/auth/auth-penalty.c ++++ /dev/null +@@ -1,176 +0,0 @@ +-/* Copyright (c) 2009-2018 Dovecot authors, see the included COPYING file */ +- +-#include "lib.h" +-#include "ioloop.h" +-#include "net.h" +-#include "crc32.h" +-#include "master-service.h" +-#include "anvil-client.h" +-#include "auth-request.h" +-#include "auth-penalty.h" +- +-#include +- +-/* We don't want IPv6 hosts being able to flood our penalty +- tracking with tons of different IPs. */ +-#define PENALTY_IPV6_MASK_BITS 48 +- +-struct auth_penalty_request { +- struct auth_request *auth_request; +- struct anvil_client *client; +- auth_penalty_callback_t *callback; +-}; +- +-struct auth_penalty { +- struct anvil_client *client; +- +- bool disabled:1; +-}; +- +-struct auth_penalty *auth_penalty_init(const char *path) +-{ +- struct auth_penalty *penalty; +- +- penalty = i_new(struct auth_penalty, 1); +- penalty->client = anvil_client_init(path, NULL, +- ANVIL_CLIENT_FLAG_HIDE_ENOENT); +- if (anvil_client_connect(penalty->client, TRUE) < 0) +- penalty->disabled = TRUE; +- else { +- anvil_client_cmd(penalty->client, t_strdup_printf( +- "PENALTY-SET-EXPIRE-SECS\t%u", AUTH_PENALTY_TIMEOUT)); +- } +- return penalty; +-} +- +-void auth_penalty_deinit(struct auth_penalty **_penalty) +-{ +- struct auth_penalty *penalty = *_penalty; +- +- *_penalty = NULL; +- anvil_client_deinit(&penalty->client); +- i_free(penalty); +-} +- +-unsigned int auth_penalty_to_secs(unsigned int penalty) +-{ +- unsigned int i, secs = AUTH_PENALTY_INIT_SECS; +- +- for (i = 0; i < penalty; i++) +- secs *= 2; +- return secs < AUTH_PENALTY_MAX_SECS ? secs : AUTH_PENALTY_MAX_SECS; +-} +- +-static void auth_penalty_anvil_callback(const char *reply, void *context) +-{ +- struct auth_penalty_request *request = context; +- unsigned int penalty = 0; +- unsigned long last_penalty = 0; +- unsigned int secs, drop_penalty; +- +- if (reply == NULL) { +- /* internal failure. */ +- if (!anvil_client_is_connected(request->client)) { +- /* we probably didn't have permissions to reconnect +- back to anvil. need to restart ourself. */ +- master_service_stop(master_service); +- } +- } else if (sscanf(reply, "%u %lu", &penalty, &last_penalty) != 2) { +- e_error(request->auth_request->event, +- "Invalid PENALTY-GET reply: %s", reply); +- } else { +- if ((time_t)last_penalty > ioloop_time) { +- /* time moved backwards? */ +- last_penalty = ioloop_time; +- } +- +- /* update penalty. */ +- drop_penalty = AUTH_PENALTY_MAX_PENALTY; +- while (penalty > 0) { +- secs = auth_penalty_to_secs(drop_penalty); +- if (ioloop_time - last_penalty < secs) +- break; +- drop_penalty--; +- penalty--; +- } +- } +- +- request->callback(penalty, request->auth_request); +- auth_request_unref(&request->auth_request); +- i_free(request); +-} +- +-static const char * +-auth_penalty_get_ident(struct auth_request *auth_request) +-{ +- struct ip_addr ip; +- +- ip = auth_request->fields.remote_ip; +- if (IPADDR_IS_V6(&ip)) { +- memset(ip.u.ip6.s6_addr + PENALTY_IPV6_MASK_BITS/CHAR_BIT, 0, +- sizeof(ip.u.ip6.s6_addr) - +- PENALTY_IPV6_MASK_BITS/CHAR_BIT); +- } +- return net_ip2addr(&ip); +-} +- +-void auth_penalty_lookup(struct auth_penalty *penalty, +- struct auth_request *auth_request, +- auth_penalty_callback_t *callback) +-{ +- struct auth_penalty_request *request; +- const char *ident; +- +- ident = auth_penalty_get_ident(auth_request); +- if (penalty->disabled || ident == NULL || +- auth_request->fields.no_penalty) { +- callback(0, auth_request); +- return; +- } +- +- request = i_new(struct auth_penalty_request, 1); +- request->auth_request = auth_request; +- request->client = penalty->client; +- request->callback = callback; +- auth_request_ref(auth_request); +- +- T_BEGIN { +- anvil_client_query(penalty->client, +- t_strdup_printf("PENALTY-GET\t%s", ident), +- auth_penalty_anvil_callback, request); +- } T_END; +-} +- +-static unsigned int +-get_userpass_checksum(struct auth_request *auth_request) +-{ +- return auth_request->mech_password == NULL ? 0 : +- crc32_str_more(crc32_str(auth_request->mech_password), +- auth_request->fields.user); +-} +- +-void auth_penalty_update(struct auth_penalty *penalty, +- struct auth_request *auth_request, unsigned int value) +-{ +- const char *ident; +- +- ident = auth_penalty_get_ident(auth_request); +- if (penalty->disabled || ident == NULL || +- auth_request->fields.no_penalty) +- return; +- +- if (value > AUTH_PENALTY_MAX_PENALTY) { +- /* even if the actual value doesn't change, the last_change +- timestamp does. */ +- value = AUTH_PENALTY_MAX_PENALTY; +- } +- T_BEGIN { +- const char *cmd; +- unsigned int checksum; +- +- checksum = value == 0 ? 0 : get_userpass_checksum(auth_request); +- cmd = t_strdup_printf("PENALTY-INC\t%s\t%u\t%u", +- ident, checksum, value); +- anvil_client_cmd(penalty->client, cmd); +- } T_END; +-} +diff --git a/src/auth/auth-penalty.h b/src/auth/auth-penalty.h +deleted file mode 100644 +index 96783e4f58..0000000000 +--- a/src/auth/auth-penalty.h ++++ /dev/null +@@ -1,28 +0,0 @@ +-#ifndef AUTH_PENALTY_H +-#define AUTH_PENALTY_H +- +-struct auth_request; +- +-#define AUTH_PENALTY_INIT_SECS 2 +-#define AUTH_PENALTY_MAX_SECS 15 +-/* timeout specifies how long it takes for penalty to be irrelevant. */ +-#define AUTH_PENALTY_TIMEOUT \ +- (AUTH_PENALTY_INIT_SECS + 4 + 8 + AUTH_PENALTY_MAX_SECS) +-#define AUTH_PENALTY_MAX_PENALTY 4 +- +-/* If lookup failed, penalty and last_update are both zero */ +-typedef void auth_penalty_callback_t(unsigned int penalty, +- struct auth_request *request); +- +-struct auth_penalty *auth_penalty_init(const char *path); +-void auth_penalty_deinit(struct auth_penalty **penalty); +- +-unsigned int auth_penalty_to_secs(unsigned int penalty); +- +-void auth_penalty_lookup(struct auth_penalty *penalty, +- struct auth_request *auth_request, +- auth_penalty_callback_t *callback); +-void auth_penalty_update(struct auth_penalty *penalty, +- struct auth_request *auth_request, unsigned int value); +- +-#endif +diff --git a/src/auth/auth-policy.c b/src/auth/auth-policy.c +index 951f85e6f8..de70b533ab 100644 +--- a/src/auth/auth-policy.c ++++ b/src/auth/auth-policy.c +@@ -14,7 +14,6 @@ + #include "master-service.h" + #include "master-service-ssl-settings.h" + #include "auth-request.h" +-#include "auth-penalty.h" + #include "auth-settings.h" + #include "auth-policy.h" + #include "auth-common.h" +diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c +index d4bf53c276..646766633c 100644 +--- a/src/auth/auth-request-handler.c ++++ b/src/auth/auth-request-handler.c +@@ -2,8 +2,6 @@ + + #include "auth-common.h" + #include "ioloop.h" +-#include "array.h" +-#include "aqueue.h" + #include "base64.h" + #include "hash.h" + #include "net.h" +@@ -11,7 +9,6 @@ + #include "strescape.h" + #include "str-sanitize.h" + #include "master-interface.h" +-#include "auth-penalty.h" + #include "auth-request.h" + #include "auth-token.h" + #include "auth-client-connection.h" +@@ -20,14 +17,6 @@ + #include "auth-request-handler-private.h" + #include "auth-policy.h" + +-#define AUTH_FAILURE_DELAY_CHECK_MSECS 500 +-static ARRAY(struct auth_request *) auth_failures_arr; +-static struct aqueue *auth_failures; +-static struct timeout *to_auth_failures; +- +-static void auth_failure_timeout(void *context) ATTR_NULL(1); +- +- + static void + auth_request_handler_default_reply_callback(struct auth_request *request, + enum auth_client_result result, +@@ -221,12 +210,6 @@ auth_request_handle_failure(struct auth_request *request, const char *reply) + /* handle failure here */ + auth_request_log_finished(request); + +- if (request->in_delayed_failure_queue) { +- /* we came here from flush_failures() */ +- handler->callback(reply, handler->conn); +- return; +- } +- + /* remove the request from requests-list */ + auth_request_ref(request); + auth_request_handler_remove(handler, request); +@@ -234,30 +217,8 @@ auth_request_handle_failure(struct auth_request *request, const char *reply) + if (request->set->policy_report_after_auth) + auth_policy_report(request); + +- if (auth_fields_exists(request->fields.extra_fields, "nodelay")) { +- /* passdb specifically requested not to delay the reply. */ +- handler->callback(reply, handler->conn); +- auth_request_unref(&request); +- return; +- } +- +- /* failure. don't announce it immediately to avoid +- a) timing attacks, b) flooding */ +- request->in_delayed_failure_queue = TRUE; +- handler->refcount++; +- +- if (auth_penalty != NULL) { +- auth_penalty_update(auth_penalty, request, +- request->last_penalty + 1); +- } +- +- auth_request_refresh_last_access(request); +- aqueue_append(auth_failures, &request); +- if (to_auth_failures == NULL) { +- to_auth_failures = +- timeout_add_short(AUTH_FAILURE_DELAY_CHECK_MSECS, +- auth_failure_timeout, NULL); +- } ++ handler->callback(reply, handler->conn); ++ auth_request_unref(&request); + } + + static void +@@ -268,11 +229,6 @@ auth_request_handler_reply_success_finish(struct auth_request *request) + + auth_request_log_finished(request); + +- if (request->last_penalty != 0 && auth_penalty != NULL) { +- /* reset penalty */ +- auth_penalty_update(auth_penalty, request, 0); +- } +- + /* sanitize these fields, since the login code currently assumes they + are exactly in this format. */ + auth_fields_booleanize(request->fields.extra_fields, "nologin"); +@@ -336,11 +292,6 @@ auth_request_handler_reply_failure_finish(struct auth_request *request) + } + } + +- if (auth_fields_exists(request->fields.extra_fields, "nodelay")) { +- /* this is normally a hidden field, need to add it explicitly */ +- str_append(str, "\tnodelay"); +- } +- + if (code != NULL) { + str_append(str, "\tcode="); + str_append(str, code); +@@ -368,7 +319,6 @@ void auth_request_handler_reply(struct auth_request *request, + { + struct auth_request_handler *handler = request->handler; + +- request->handler_pending_reply = FALSE; + handler->reply_callback(request, result, auth_reply, reply_size); + } + +@@ -442,15 +392,6 @@ auth_request_handler_default_reply_continue(struct auth_request *request, + reply, reply_size); + } + +-void auth_request_handler_abort(struct auth_request *request) +-{ +- i_assert(request->handler_pending_reply); +- +- /* request destroyed while waiting for auth_request_penalty_finish() +- to be called. */ +- auth_request_handler_unref(&request->handler); +-} +- + static void + auth_request_handler_auth_fail_code(struct auth_request_handler *handler, + struct auth_request *request, +@@ -497,29 +438,6 @@ static void auth_request_timeout(struct auth_request *request) + auth_request_handler_remove(request->handler, request); + } + +-static void auth_request_penalty_finish(struct auth_request *request) +-{ +- timeout_remove(&request->to_penalty); +- auth_request_initial(request); +-} +- +-static void +-auth_penalty_callback(unsigned int penalty, struct auth_request *request) +-{ +- unsigned int secs; +- +- request->last_penalty = penalty; +- +- if (penalty == 0) +- auth_request_initial(request); +- else { +- secs = auth_penalty_to_secs(penalty); +- request->to_penalty = timeout_add(secs * 1000, +- auth_request_penalty_finish, +- request); +- } +-} +- + bool auth_request_handler_auth_begin(struct auth_request_handler *handler, + const char *args) + { +@@ -683,10 +601,8 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler, + /* handler is referenced until auth_request_handler_reply() + is called. */ + handler->refcount++; +- request->handler_pending_reply = TRUE; + +- /* before we start authenticating, see if we need to wait first */ +- auth_penalty_lookup(auth_penalty, request, auth_penalty_callback); ++ auth_request_initial(request); + return TRUE; + } + +@@ -911,75 +827,3 @@ void auth_request_handler_cancel_request(struct auth_request_handler *handler, + if (request != NULL) + auth_request_handler_remove(handler, request); + } +- +-void auth_request_handler_flush_failures(bool flush_all) +-{ +- struct auth_request **auth_requests, *auth_request; +- unsigned int i, j, count; +- time_t diff; +- +- count = aqueue_count(auth_failures); +- if (count == 0) { +- timeout_remove(&to_auth_failures); +- return; +- } +- +- auth_requests = array_front_modifiable(&auth_failures_arr); +- /* count the number of requests that we need to flush */ +- for (i = 0; i < count; i++) { +- auth_request = auth_requests[aqueue_idx(auth_failures, i)]; +- +- /* FIXME: assumes that failure_delay is always the same. */ +- diff = ioloop_time - auth_request->last_access; +- if (diff < (time_t)auth_request->set->failure_delay && +- !flush_all) +- break; +- } +- +- /* shuffle these requests to try to prevent any kind of timing attacks +- where attacker performs multiple requests in parallel and attempts +- to figure out results based on the order of replies. */ +- count = i; +- for (i = 0; i < count; i++) { +- j = random() % (count - i) + i; +- auth_request = auth_requests[aqueue_idx(auth_failures, i)]; +- +- /* swap i & j */ +- auth_requests[aqueue_idx(auth_failures, i)] = +- auth_requests[aqueue_idx(auth_failures, j)]; +- auth_requests[aqueue_idx(auth_failures, j)] = auth_request; +- } +- +- /* flush the requests */ +- for (i = 0; i < count; i++) { +- auth_request = auth_requests[aqueue_idx(auth_failures, 0)]; +- aqueue_delete_tail(auth_failures); +- +- i_assert(auth_request != NULL); +- i_assert(auth_request->state == AUTH_REQUEST_STATE_FINISHED); +- auth_request_handler_reply(auth_request, +- AUTH_CLIENT_RESULT_FAILURE, +- uchar_empty_ptr, 0); +- auth_request_unref(&auth_request); +- } +-} +- +-static void auth_failure_timeout(void *context ATTR_UNUSED) +-{ +- auth_request_handler_flush_failures(FALSE); +-} +- +-void auth_request_handler_init(void) +-{ +- i_array_init(&auth_failures_arr, 128); +- auth_failures = aqueue_init(&auth_failures_arr.arr); +-} +- +-void auth_request_handler_deinit(void) +-{ +- auth_request_handler_flush_failures(TRUE); +- array_free(&auth_failures_arr); +- aqueue_deinit(&auth_failures); +- +- timeout_remove(&to_auth_failures); +-} +diff --git a/src/auth/auth-request-handler.h b/src/auth/auth-request-handler.h +index ceba9356c5..780e8d236a 100644 +--- a/src/auth/auth-request-handler.h ++++ b/src/auth/auth-request-handler.h +@@ -50,7 +50,6 @@ void auth_request_handler_reply(struct auth_request *request, + const void *reply, size_t reply_size); + void auth_request_handler_reply_continue(struct auth_request *request, + const void *reply, size_t reply_size); +-void auth_request_handler_abort(struct auth_request *request); + + unsigned int + auth_request_handler_get_request_count(struct auth_request_handler *handler); +@@ -61,9 +60,4 @@ bool auth_request_handler_master_request(struct auth_request_handler *handler, + void auth_request_handler_cancel_request(struct auth_request_handler *handler, + unsigned int client_id); + +-void auth_request_handler_flush_failures(bool flush_all); +- +-void auth_request_handler_init(void); +-void auth_request_handler_deinit(void); +- + #endif +diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c +index ee89e75308..7aa5f97022 100644 +--- a/src/auth/auth-request.c ++++ b/src/auth/auth-request.c +@@ -331,9 +331,6 @@ void auth_request_unref(struct auth_request **_request) + + i_assert(array_count(&request->authdb_event) == 0); + +- if (request->handler_pending_reply) +- auth_request_handler_abort(request); +- + event_unref(&request->mech_event); + event_unref(&request->event); + auth_request_stats_send(request); +diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h +index 79cf76b585..9dba941646 100644 +--- a/src/auth/auth-request.h ++++ b/src/auth/auth-request.h +@@ -139,7 +139,6 @@ struct auth_request { + + struct timeout *to_abort, *to_penalty; + unsigned int policy_penalty; +- unsigned int last_penalty; + size_t initial_response_len; + const unsigned char *initial_response; + +@@ -185,10 +184,8 @@ struct auth_request { + bool userdbs_seen_internal_failure:1; + + /* current state: */ +- bool handler_pending_reply:1; + bool accept_cont_input:1; + bool prefer_plain_credentials:1; +- bool in_delayed_failure_queue:1; + bool removed_from_handler:1; + bool snapshot_have_userdb_prefetch_set:1; + /* username was changed by this passdb/userdb lookup. Used by +diff --git a/src/auth/auth.h b/src/auth/auth.h +index 3ca5a9bb12..aab6f07bd2 100644 +--- a/src/auth/auth.h ++++ b/src/auth/auth.h +@@ -76,8 +76,6 @@ struct auth { + struct auth_userdb *userdbs; + }; + +-extern struct auth_penalty *auth_penalty; +- + struct auth *auth_find_service(const char *name); + struct auth *auth_default_service(void); + +diff --git a/src/auth/main.c b/src/auth/main.c +index de4a8263cc..b2ec7f81ea 100644 +--- a/src/auth/main.c ++++ b/src/auth/main.c +@@ -22,7 +22,6 @@ + #include "otp.h" + #include "mech-otp-common.h" + #include "auth.h" +-#include "auth-penalty.h" + #include "auth-token.h" + #include "auth-request-handler.h" + #include "auth-request-stats.h" +@@ -35,8 +34,6 @@ + #include + #include + +-#define AUTH_PENALTY_ANVIL_PATH "anvil-auth-penalty" +- + enum auth_socket_type { + AUTH_SOCKET_UNKNOWN = 0, + AUTH_SOCKET_CLIENT, +@@ -55,7 +52,6 @@ struct auth_socket_listener { + + bool worker = FALSE, worker_restart_request = FALSE; + time_t process_start_time; +-struct auth_penalty *auth_penalty; + + static pool_t auth_set_pool; + static struct module *modules = NULL; +@@ -172,8 +168,6 @@ static void main_preinit(void) + + services = read_global_settings(); + +- if (!worker) +- auth_penalty = auth_penalty_init(AUTH_PENALTY_ANVIL_PATH); + auth_request_stats_init(); + mech_init(global_auth_settings); + mech_reg = mech_register_init(global_auth_settings); +@@ -211,7 +205,6 @@ static void main_init(void) + child_wait_init(); + auth_worker_server_init(); + auths_init(); +- auth_request_handler_init(); + auth_policy_init(); + + if (worker) { +@@ -232,16 +225,10 @@ static void main_deinit(void) + { + struct auth_socket_listener *l; + +- if (auth_penalty != NULL) { +- /* cancel all pending anvil penalty lookups */ +- auth_penalty_deinit(&auth_penalty); +- } + /* deinit auth workers, which aborts pending requests */ + auth_worker_server_deinit(); + /* deinit passdbs and userdbs. it aborts any pending async requests. */ + auths_deinit(); +- /* flush pending requests */ +- auth_request_handler_deinit(); + /* there are no more auth requests */ + auths_free(); + dict_drivers_unregister_builtin(); +diff --git a/src/auth/test-mech.c b/src/auth/test-mech.c +index 265ed37cf3..ad77458e1c 100644 +--- a/src/auth/test-mech.c ++++ b/src/auth/test-mech.c +@@ -145,6 +145,7 @@ static void test_mech_prepare_request(struct auth_request **request_r, + request->userdb = auth->userdbs; + handler->refcount = 1; + ++ /* nodelay is no longer meaningful (we no longer indulge in the rude security theatrics of delayed reporting of login failure), but it might as well stay in the test code since it might be used by existing systems. */ + auth_fields_add(request->fields.extra_fields, "nodelay", "", 0); + auth_request_ref(request); + auth_request_state_count[AUTH_REQUEST_STATE_NEW] = 1; +diff --git a/src/auth/test-mock.c b/src/auth/test-mock.c +index 9584912f35..cdfe91c30c 100644 +--- a/src/auth/test-mock.c ++++ b/src/auth/test-mock.c +@@ -4,7 +4,6 @@ + #include "auth-common.h" + #include "passdb.h" + +-struct auth_penalty *auth_penalty; + time_t process_start_time; + bool worker, worker_restart_request; + static struct passdb_module *mock_passdb_mod = NULL; diff -uNr a/gports/dovecot/make-parallel-within-subdirs.patch b/gports/dovecot/make-parallel-within-subdirs.patch --- a/gports/dovecot/make-parallel-within-subdirs.patch 1970-01-01 00:00:00 +0000 +++ b/gports/dovecot/make-parallel-within-subdirs.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,40 @@ +commit f66ea739a938bb3b4eec0bf53006e05420487b79 +Author: Jacob Welsh +AuthorDate: Thu Sep 28 15:29:51 2023 +0000 +Commit: Jacob Welsh +CommitDate: Thu Sep 28 15:29:51 2023 +0000 + + fix parallel build from top-level Makefile + + When $(MAKE) is expanded from another variable, it breaks some required magic and make complains with "warning: jobserver unavailable: using -j1. Add '+' to parent make rule." + + Rather than adding even more obscure magic and prefixing the recipes with +, just expand them out since there's not that many subdirs. + + Still suboptimal, in that the sub-makes are still forced to complete sequentially (one subdir before the other). I'm not as yet seeing a tidy solution here, without exploding even more phony targets. + +diff --git a/Makefile b/Makefile +index 314edad444..c4a9040c53 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,13 +1,15 @@ +-MAKE_SUBDIRS = $(MAKE) -C src $@ && $(MAKE) -C doc $@ +- + all: +- $(MAKE_SUBDIRS) ++ $(MAKE) -C src all ++ $(MAKE) -C doc all + + check: +- $(MAKE_SUBDIRS) ++ $(MAKE) -C src check ++ $(MAKE) -C doc check + + install: +- $(MAKE_SUBDIRS) ++ $(MAKE) -C src install ++ $(MAKE) -C doc install + + clean: +- $(MAKE_SUBDIRS) ++ $(MAKE) -C src clean ++ $(MAKE) -C doc clean diff -uNr a/gports/libusb/Makefile b/gports/libusb/Makefile --- a/gports/libusb/Makefile 1970-01-01 00:00:00 +0000 +++ b/gports/libusb/Makefile 1970-01-01 00:00:00 +0000 @@ -1,4 +1,7 @@ -OBJS = core.o descriptor.o hotplug.o io.o strerror.o sync.o os/poll_posix.o os/threads_posix.o os/linux_netlink.o compat/core.o +CPPFLAGS = -I. +CFLAGS = -fvisibility=hidden -g -O1 -Wall -Wextra -Wno-pointer-sign + +OBJS = core.o descriptor.o hotplug.o io.o strerror.o sync.o os/poll_posix.o os/threads_posix.o os/linux_usbfs.o os/linux_netlink.o compat/core.o libusb.a: $(OBJS) $(AR) -rcs $@ $^ diff -uNr a/gports/libusb/build.sh b/gports/libusb/build.sh --- a/gports/libusb/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/libusb/build.sh 1970-01-01 00:00:00 +0000 @@ -1,12 +1,9 @@ P=libusb V=1.0.21 MAJOR=0 -MINOR=0 +MINOR=1 -# We don't use the upstream libusb-1.0/libusb name split: the 0.1 compat lib is -# small and needs to link with 1.0 anyway, so they can perfectly well coexist -# in one library file. With static linking, this costs the application nothing -# in code size or address space if it doesn't use the compat functions. +# We don't use the upstream libusb-1.0/libusb name split: the 0.1 compat lib is small and needs to link with 1.0 anyway, so they can perfectly well coexist in one library file. With static linking, this costs the application nothing in code size or address space if it doesn't use the compat functions. S=" $P-$V.tar.bz2 @@ -25,27 +22,36 @@ build () { tar xjf $P-$V.tar.bz2 tar xjf $P-compat-0.1.5.tar.bz2 + cd $P-compat-0.1.5 patch -p1 <../libusb-0.1-ansi.patch mv libusb ../$P-$V/libusb/compat - cd ../$P-$V - cp ../config.h ../Makefile libusb - cp ../compat-config.h libusb/compat/config.h + mv ChangeLog ../$P-$V/ChangeLog.compat + mv README ../$P-$V/README.compat + cd .. + + rm -r $P-compat-0.1.5 + + cd $P-$V + rm Makefile.am Makefile.in aclocal.m4 compile config.guess config.sub configure configure.ac depcomp install-sh ltmain.sh missing + rm -r m4 + cd libusb + cp ../../config.h ../../Makefile . + cp ../../compat-config.h compat/config.h sed -i -e 's//"config.h"/' compat/core.c - make -j$JOBS CPPFLAGS='-I.' \ - CFLAGS='-fvisibility=hidden -g -O1 -Wall -Wextra -Wno-pointer-sign' + + make -j$JOBS } package () { r=gales/pkg/$Q - cd $P-compat-0.1.5 - f $r/doc/ChangeLog.compat ChangeLog - f $r/doc/README.compat README - cd ../$P-$V + cd $P-$V f $r/doc/AUTHORS f $r/doc/ChangeLog + f $r/doc/ChangeLog.compat f $r/doc/README + f $r/doc/README.compat cd libusb f $r/include/usb.h compat/usb.h f $r/include/libusb.h diff -uNr a/gports/openssh/build.sh b/gports/openssh/build.sh --- a/gports/openssh/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/openssh/build.sh 1970-01-01 00:00:00 +0000 @@ -1,12 +1,13 @@ P=openssh V=7.5p1 MAJOR=0 -MINOR=1 +MINOR=2 -# Build requires: autoconf libressl zlib +# Build requires: autoconf automake libressl zlib S=" $P-$V.tar.gz http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/$P-$V.tar.gz +openssh-7.5p1-sftp-flush-prompt.patch sshd.run sshd_config_gales " @@ -20,13 +21,18 @@ root=$PWD/root tar xf $P-$V.tar.gz cd $P-$V + patch -p1 <../openssh-7.5p1-sftp-flush-prompt.patch rm configure config.h.in - # FIXME: these are copied generic files, but even "autoreconf -fis" fails to detect that they're needed so as to install the standard ones - #rm config.guess install-sh mkinstalldirs + # Use standard/system versions of these generic scripts. (Sometimes `autoreconf -fi` seems able to do this automatically, but not here. `automake --add-missing` also fails because this isn't otherwise an automake project.) + for f in config.guess config.sub install-sh mkinstalldirs ; do + rm $f + cp /gales/pkg/automake/automake-1.15/$f . + # XXX what if /gales/pkg/automake is a different version? Do we scan automake* here looking for the automake-1.15 subdir? Symlink it at a higher level in the automake port so multiple versions can be referenced at fixed paths? Symlink it to an unversioned "automake" subdir in the automake port so "the current active version" can be referenced at a fixed path? I like the last one : if we update automake, it will be for a reason so presumably we'd want everything to use the new version where possible. + done autoconf autoheader # Low optimization as this is security-critical - CFLAGS=-O1 ./configure --prefix=/gales/pkg/$Q --sysconfdir=/etc/ssh \ + CFLAGS="-O1 -g" ./configure --prefix=/gales/pkg/$Q --sysconfdir=/etc/ssh \ --disable-pkcs11 \ --disable-etc-default-login \ --with-pie \ @@ -34,6 +40,7 @@ --with-zlib=/gales/pkg/zlib \ --with-ssl-dir=/gales/pkg/libressl \ --disable-lastlog \ + --disable-strip \ --disable-utmp \ --disable-utmpx \ --disable-wtmp \ diff -uNr a/gports/openssh/openssh-7.5p1-sftp-flush-prompt.patch b/gports/openssh/openssh-7.5p1-sftp-flush-prompt.patch --- a/gports/openssh/openssh-7.5p1-sftp-flush-prompt.patch 1970-01-01 00:00:00 +0000 +++ b/gports/openssh/openssh-7.5p1-sftp-flush-prompt.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,15 @@ +diff -ur a/sftp.c b/sftp.c +--- a/sftp.c 2017-03-20 02:39:27 +0000 ++++ b/sftp.c 2023-09-18 00:37:24 +0000 +@@ -2124,8 +2124,10 @@ + signal(SIGINT, SIG_IGN); + + if (el == NULL) { +- if (interactive) ++ if (interactive) { + printf("sftp> "); ++ fflush(stdout); ++ } + if (fgets(cmd, sizeof(cmd), infile) == NULL) { + if (interactive) + printf("\n"); diff -uNr a/gports/pcre/Makefile b/gports/pcre/Makefile --- a/gports/pcre/Makefile 1970-01-01 00:00:00 +0000 +++ b/gports/pcre/Makefile 1970-01-01 00:00:00 +0000 @@ -0,0 +1,54 @@ +# Constructed following docs in NON-AUTOTOOLS-BUILD. +# Not building: 16- and 32-bit character versions (libpcre16, libpcre32); POSIX wrappers (libpcreposix); C++ wrappers (libpcrecpp); pcregrep. + +# for cross compiling: +BUILD_CC = $(CC) + +CFLAGS = -g -O1 -ansi -Wall -Wextra +CPPFLAGS = -DHAVE_CONFIG_H -I. + +all: libpcre.a pcretest + +dftables: dftables.c + $(BUILD_CC) $(CFLAGS) $(CPPFLAGS) -o $@ $^ + +pcre_chartables.c: dftables + ./dftables $@ + +PCRE8_OBJS = \ + pcre_byte_order.o \ + pcre_chartables.o \ + pcre_compile.o \ + pcre_config.o \ + pcre_dfa_exec.o \ + pcre_exec.o \ + pcre_fullinfo.o \ + pcre_get.o \ + pcre_globals.o \ + pcre_jit_compile.o \ + pcre_maketables.o \ + pcre_newline.o \ + pcre_ord2utf8.o \ + pcre_refcount.o \ + pcre_string_utils.o \ + pcre_study.o \ + pcre_tables.o \ + pcre_ucd.o \ + pcre_valid_utf8.o \ + pcre_version.o \ + pcre_xclass.o \ + +libpcre.a: $(PCRE8_OBJS) + $(AR) -rcs $@ $^ + +pcretest.o: pcretest.c + $(CC) $(CFLAGS) $(CPPFLAGS) -DNOPOSIX -c -o $@ $^ + +pcretest: pcretest.o pcre_printint.o libpcre.a + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + +check: pcretest + ./RunTest + +clean: + rm -f libpcre.a pcretest dftables pcre_chartables.c $(PCRE8_OBJS) diff -uNr a/gports/pcre/build.sh b/gports/pcre/build.sh --- a/gports/pcre/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/pcre/build.sh 1970-01-01 00:00:00 +0000 @@ -0,0 +1,52 @@ +P=pcre +V=8.45 +MAJOR=0 +MINOR=0 + +# So far we try to get away without UTF8 decoding, Unicode character properties, 16- or 32-bit character support, POSIX regex API wrappers, C++ wrappers, or the user programs (pcre-config pcregrep pcretest). + +S=" +$P-$V.tar.bz2 +Makefile +config.h +pcre-drop-slashp-tests.patch +" + +SHA512=" +91bff52eed4a2dfc3f3bfdc9c672b88e7e2ffcf3c4b121540af8a4ae8c1ce05178430aa6b8000658b9bb7b4252239357250890e20ceb84b79cdfcde05154061a pcre-8.45.tar.bz2 +" + +build () { + root=$PWD/root + tar xjf $P-$V.tar.bz2 + cd $P-$V + patch -p1 <../pcre-drop-slashp-tests.patch + cp ../Makefile ../config.h . + mv pcre.h.generic pcre.h + make -j$JOBS +} + +check () { + cd $P-$V + make check +} + +package () { + cd $P-$V + f gales/pkg/$Q/doc/AUTHORS + f gales/pkg/$Q/doc/ChangeLog + f gales/pkg/$Q/doc/LICENCE + f gales/pkg/$Q/doc/NEWS + f gales/pkg/$Q/doc/README + f gales/pkg/$Q/include/pcre.h + F gales/pkg/$Q/lib/libpcre.a + cd doc + for f in *.3 ; do + f gales/pkg/$Q/man/man3/$f + done + # Skipping *.1 as we're not presently installing any user programs. + # There's also doc/*.txt and doc/html but these are generated from the man pages. + l gales/pkg/$P $Q + l gales/doc/$P ../pkg/$P/doc + l gales/man/$P ../pkg/$P/man +} diff -uNr a/gports/pcre/config.h b/gports/pcre/config.h --- a/gports/pcre/config.h 1970-01-01 00:00:00 +0000 +++ b/gports/pcre/config.h 1970-01-01 00:00:00 +0000 @@ -0,0 +1,56 @@ +/* Distilled from config.h.generic and autoconf output */ + +/* #undef BSR_ANYCRLF */ +/* #undef EBCDIC */ +/* #undef EBCDIC_NL25 */ +#define HAVE_BCOPY 1 +#define HAVE_DIRENT_H 1 +/* #undef HAVE_EDITLINE_READLINE_H */ +/* #undef HAVE_EDIT_READLINE_READLINE_H */ +#define HAVE_INTTYPES_H 1 +#define HAVE_LONG_LONG 1 +#define HAVE_MEMMOVE 1 +/* #undef HAVE_READLINE_HISTORY_H */ +/* #undef HAVE_READLINE_READLINE_H */ +#define HAVE_STDINT_H 1 +#define HAVE_STRERROR 1 +/* #undef HAVE_STRTOIMAX */ +#define HAVE_STRTOLL 1 +/* #undef HAVE_STRTOQ */ +#define HAVE_SYS_STAT_H 1 +#define HAVE_SYS_TYPES_H 1 +/* #undef HAVE_TYPE_TRAITS_H */ +#define HAVE_UNISTD_H 1 +#define HAVE_UNSIGNED_LONG_LONG 1 +/* #undef HAVE_WINDOWS_H */ +/* #undef HAVE__STRTOI64 */ +#define LINK_SIZE 2 +#define MATCH_LIMIT 10000000 +#define MATCH_LIMIT_RECURSION MATCH_LIMIT +#define MAX_NAME_COUNT 10000 +#define MAX_NAME_SIZE 32 +#define NEWLINE 10 +/* #undef NO_RECURSE */ +#define PARENS_NEST_LIMIT 250 +#define PCRECPP_EXP_DECL extern __attribute__ ((visibility ("default"))) +#define PCRECPP_EXP_DEFN __attribute__ ((visibility ("default"))) +#define PCREPOSIX_EXP_DECL extern __attribute__ ((visibility ("default"))) +#define PCREPOSIX_EXP_DEFN extern __attribute__ ((visibility ("default"))) +#define PCRE_EXP_DATA_DEFN __attribute__ ((visibility ("default"))) +#define PCRE_EXP_DECL extern __attribute__ ((visibility ("default"))) +#define PCRE_EXP_DEFN __attribute__ ((visibility ("default"))) +#define PCREGREP_BUFSIZE 20480 +#define PCRE_STATIC 1 +#define POSIX_MALLOC_THRESHOLD 10 +/* #undef SUPPORT_JIT */ +/* #undef SUPPORT_LIBBZ2 */ +/* #undef SUPPORT_LIBEDIT */ +/* #undef SUPPORT_LIBREADLINE */ +/* #undef SUPPORT_LIBZ */ +/* #undef SUPPORT_PCRE16 */ +/* #undef SUPPORT_PCRE32 */ +#define SUPPORT_PCRE8 1 +/* #undef SUPPORT_PCREGREP_JIT */ +/* #undef SUPPORT_UCP */ +/* #undef SUPPORT_UTF */ +/* #undef SUPPORT_VALGRIND */ diff -uNr a/gports/pcre/pcre-drop-slashp-tests.patch b/gports/pcre/pcre-drop-slashp-tests.patch --- a/gports/pcre/pcre-drop-slashp-tests.patch 1970-01-01 00:00:00 +0000 +++ b/gports/pcre/pcre-drop-slashp-tests.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,245 @@ +We're not building the POSIX wrapper interfaces library, so /P doesn't work and throws "** Unknown modifier 'P'". + -jfw + +diff -ur a/testdata/testinput14 b/testdata/testinput14 +--- a/testdata/testinput14 2023-08-24 05:04:11 +0000 ++++ b/testdata/testinput14 2023-08-24 05:05:02 +0000 +@@ -1,88 +1,9 @@ + /-- This set of tests is run only with the 8-bit library. They do not require +- UTF-8 or Unicode property support. The file starts with all the tests of +- the POSIX interface, because that is supported only with the 8-bit library. ++ UTF-8 or Unicode property support. + --/ + + < forbid 8W + +-/abc/P +- abc +- *** Failers +- +-/^abc|def/P +- abcdef +- abcdef\B +- +-/.*((abc)$|(def))/P +- defabc +- \Zdefabc +- +-/the quick brown fox/P +- the quick brown fox +- *** Failers +- The Quick Brown Fox +- +-/the quick brown fox/Pi +- the quick brown fox +- The Quick Brown Fox +- +-/abc.def/P +- *** Failers +- abc\ndef +- +-/abc$/P +- abc +- abc\n +- +-/(abc)\2/P +- +-/(abc\1)/P +- abc +- +-/a*(b+)(z)(z)/P +- aaaabbbbzzzz +- aaaabbbbzzzz\O0 +- aaaabbbbzzzz\O1 +- aaaabbbbzzzz\O2 +- aaaabbbbzzzz\O3 +- aaaabbbbzzzz\O4 +- aaaabbbbzzzz\O5 +- +-/ab.cd/P +- ab-cd +- ab=cd +- ** Failers +- ab\ncd +- +-/ab.cd/Ps +- ab-cd +- ab=cd +- ab\ncd +- +-/a(b)c/PN +- abc +- +-/a(?Pb)c/PN +- abc +- +-/a?|b?/P +- abc +- ** Failers +- ddd\N +- +-/\w+A/P +- CDAAAAB +- +-/\w+A/PU +- CDAAAAB +- +-/\Biss\B/I+P +- Mississippi +- +-/abc/\P +- +-/-- End of POSIX tests --/ +- + /a\Cb/ + aXb + a\nb +diff -ur a/testdata/testoutput14 b/testdata/testoutput14 +--- a/testdata/testoutput14 2023-08-24 05:05:18 +0000 ++++ b/testdata/testoutput14 2023-08-24 05:05:36 +0000 +@@ -1,144 +1,9 @@ + /-- This set of tests is run only with the 8-bit library. They do not require +- UTF-8 or Unicode property support. The file starts with all the tests of +- the POSIX interface, because that is supported only with the 8-bit library. ++ UTF-8 or Unicode property support. + --/ + + < forbid 8W + +-/abc/P +- abc +- 0: abc +- *** Failers +-No match: POSIX code 17: match failed +- +-/^abc|def/P +- abcdef +- 0: abc +- abcdef\B +- 0: def +- +-/.*((abc)$|(def))/P +- defabc +- 0: defabc +- 1: abc +- 2: abc +- \Zdefabc +- 0: def +- 1: def +- 3: def +- +-/the quick brown fox/P +- the quick brown fox +- 0: the quick brown fox +- *** Failers +-No match: POSIX code 17: match failed +- The Quick Brown Fox +-No match: POSIX code 17: match failed +- +-/the quick brown fox/Pi +- the quick brown fox +- 0: the quick brown fox +- The Quick Brown Fox +- 0: The Quick Brown Fox +- +-/abc.def/P +- *** Failers +-No match: POSIX code 17: match failed +- abc\ndef +-No match: POSIX code 17: match failed +- +-/abc$/P +- abc +- 0: abc +- abc\n +- 0: abc +- +-/(abc)\2/P +-Failed: POSIX code 15: bad back reference at offset 7 +- +-/(abc\1)/P +- abc +-No match: POSIX code 17: match failed +- +-/a*(b+)(z)(z)/P +- aaaabbbbzzzz +- 0: aaaabbbbzz +- 1: bbbb +- 2: z +- 3: z +- aaaabbbbzzzz\O0 +- aaaabbbbzzzz\O1 +- 0: aaaabbbbzz +- aaaabbbbzzzz\O2 +- 0: aaaabbbbzz +- 1: bbbb +- aaaabbbbzzzz\O3 +- 0: aaaabbbbzz +- 1: bbbb +- 2: z +- aaaabbbbzzzz\O4 +- 0: aaaabbbbzz +- 1: bbbb +- 2: z +- 3: z +- aaaabbbbzzzz\O5 +- 0: aaaabbbbzz +- 1: bbbb +- 2: z +- 3: z +- +-/ab.cd/P +- ab-cd +- 0: ab-cd +- ab=cd +- 0: ab=cd +- ** Failers +-No match: POSIX code 17: match failed +- ab\ncd +-No match: POSIX code 17: match failed +- +-/ab.cd/Ps +- ab-cd +- 0: ab-cd +- ab=cd +- 0: ab=cd +- ab\ncd +- 0: ab\x0acd +- +-/a(b)c/PN +- abc +-Matched with REG_NOSUB +- +-/a(?Pb)c/PN +- abc +-Matched with REG_NOSUB +- +-/a?|b?/P +- abc +- 0: a +- ** Failers +- 0: +- ddd\N +-No match: POSIX code 17: match failed +- +-/\w+A/P +- CDAAAAB +- 0: CDAAAA +- +-/\w+A/PU +- CDAAAAB +- 0: CDA +- +-/\Biss\B/I+P +- Mississippi +- 0: iss +- 0+ issippi +- +-/abc/\P +-Failed: POSIX code 9: bad escape sequence at offset 4 +- +-/-- End of POSIX tests --/ +- + /a\Cb/ + aXb + 0: aXb diff -uNr a/gports/qmail/build.sh b/gports/qmail/build.sh --- a/gports/qmail/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/build.sh 1970-01-01 00:00:00 +0000 @@ -1,9 +1,9 @@ P=qmail V=1.03 MAJOR=0 -MINOR=0 +MINOR=2 -# Recommended: ucspi-tcp [for smtp] +# TODO refresh & document what & why of no-cname patch S=" $P-$V.tar.gz http://cr.yp.to/software/$P-$V.tar.gz @@ -13,6 +13,15 @@ qmail-1.03.smtpd-blast.patch qmail-1.03.zero-localhost.patch qmail-1.03.alloc-prototype.patch +qmail-1.03.qmtpd-netstring.patch +qmail-1.03.build-flags-warnings.patch +qmail-1.03.syncdir.patch +qmail-1.03.no-man-pregen.patch +syncdir.c +qmail.run +smtp.run +submission.run +wrap-qmail-remote.sh " SHA512=" @@ -22,88 +31,39 @@ build () { tar xzf $P-$V.tar.gz cd $P-$V - patch -p1 <../qmail-1.03.errno.patch - patch -p1 <../qmail-1.03.no-cname.jfw.patch - patch -p1 <../qmail-1.03.qmail_local.patch - patch -p1 <../qmail-1.03.smtpd-blast.patch - patch -p1 <../qmail-1.03.zero-localhost.patch - patch -p1 <../qmail-1.03.alloc-prototype.patch - make - make dot-qmail.5 qmail-control.5 qmail-getpw.8 qmail-limits.7 qmail-newmrh.8 qmail-newu.8 qmail-pw2u.8 qmail-send.8 qmail-start.8 qmail-users.5 - dd if=/dev/zero of=tcpto bs=1 count=1024 - true >sendmutex + cp ../syncdir.c . + patch -E -p1 <../qmail-1.03.errno.patch + patch -E -p1 <../qmail-1.03.no-cname.jfw.patch + patch -E -p1 <../qmail-1.03.qmail_local.patch + patch -E -p1 <../qmail-1.03.smtpd-blast.patch + patch -E -p1 <../qmail-1.03.zero-localhost.patch + patch -E -p1 <../qmail-1.03.alloc-prototype.patch + patch -E -p1 <../qmail-1.03.qmtpd-netstring.patch + patch -E -p1 <../qmail-1.03.build-flags-warnings.patch + patch -E -p1 <../qmail-1.03.syncdir.patch + patch -E -p1 <../qmail-1.03.no-man-pregen.patch + # Qmail seems intended to live on the final system in source code form, for instance because some reconfiguration (UID/GID numbers, QUEUE_EXTRA) can only be done at compile time. So we just make our additions and install the source to a known location, leaving the user to complete the build and install using qmail's normal mechanism. } package () { - cd $P-$V - # per hier.c - d var/qmail 755 root:qmail - for f in control users bin boot doc man man/man1 man/man5 man/man7 man/man8 ; do - d var/qmail/$f 755 root:qmail - done - d var/qmail/alias 2755 alias:qmail - d var/qmail/queue 750 qmailq:qmail - d var/qmail/queue/pid 700 qmailq:qmail - d var/qmail/queue/intd 700 qmailq:qmail - d var/qmail/queue/todo 750 qmailq:qmail - d var/qmail/queue/bounce 700 qmails:qmail - dsplit mess 750 qmailq:qmail - dsplit info 700 qmails:qmail - dsplit local 700 qmails:qmail - dsplit remote 700 qmails:qmail - d var/qmail/queue/lock 750 qmailq:qmail - F var/qmail/queue/lock/tcpto tcpto 644 qmailr:qmail - F var/qmail/queue/lock/sendmutex sendmutex 600 qmails:qmail - p var/qmail/queue/lock/trigger 622 qmails:qmail - for f in home home+df proc proc+df binm1 binm1+df binm2 binm2+df binm3 binm3+df ; do - x var/qmail/boot/$f $f 755 root:qmail - done - for f in FAQ UPGRADE SENDMAIL INSTALL INSTALL.alias INSTALL.ctl INSTALL.ids INSTALL.maildir INSTALL.mbox INSTALL.vsm TEST.deliver TEST.receive REMOVE.sendmail REMOVE.binmail PIC.local2alias PIC.local2ext PIC.local2local PIC.local2rem PIC.local2virt PIC.nullclient PIC.relaybad PIC.relaygood PIC.rem2local ; do - f var/qmail/doc/$f $f 644 root:qmail - done - X var/qmail/bin/qmail-queue qmail-queue 4711 qmailq:qmail - for f in qmail-lspawn qmail-start qmail-newu qmail-newmrh ; do - X var/qmail/bin/$f $f 700 root:qmail - done - for f in qmail-getpw qmail-local qmail-remote qmail-rspawn qmail-clean qmail-send splogger qmail-pw2u qmail-popup ; do - X var/qmail/bin/$f $f 711 root:qmail - done - for f in qmail-inject predate qmail-showctl qmail-qread qmail-tcpto qmail-tcpok qmail-pop3d qmail-qmqpc qmail-qmqpd qmail-qmtpd qmail-smtpd sendmail tcp-env qreceipt qsmhook qbiff forward preline condredirect bouncesaying except maildirmake maildir2mbox maildirwatch ; do - X var/qmail/bin/$f $f 755 root:qmail - done - for f in datemail mailsubj qmail-qstat qail elq pinq ; do - x var/qmail/bin/$f $f 755 root:qmail - done - for f in addresses envelopes maildir mbox dot-qmail qmail-control qmail-header qmail-log qmail-users tcp-environ ; do - f var/qmail/man/man5/$f.5 $f.5 644 root:qmail - done - for f in forgeries qmail-limits qmail ; do - f var/qmail/man/man7/$f.7 $f.7 644 root:qmail - done - for f in forward condredirect bouncesaying except maildirmake maildir2mbox maildirwatch mailsubj qreceipt qbiff preline tcp-env ; do - f var/qmail/man/man1/$f.1 $f.1 644 root:qmail - done - for f in qmail-local qmail-lspawn qmail-getpw qmail-remote qmail-rspawn qmail-clean qmail-send qmail-start splogger qmail-queue qmail-inject qmail-showctl qmail-newmrh qmail-newu qmail-pw2u qmail-qread qmail-qstat qmail-tcpok qmail-tcpto qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd qmail-smtpd qmail-command ; do - f var/qmail/man/man8/$f.8 $f.8 644 root:qmail - done - - # stuff not installed by the original 'make setup' but that should probably still be included - x var/qmail/bin/config - x var/qmail/bin/config-fast - for f in BLURB BLURB2 BLURB3 BLURB4 CHANGES INTERNALS README SECURITY THANKS THOUGHTS TODO VERSION ; do - f var/qmail/doc/$f - done + x etc/examples/svc/qmail/run qmail.run + l etc/examples/svc/qmail/log/run /etc/svc.defs/multilog - l gales/doc/qmail /var/qmail/doc - l gales/man/qmail /var/qmail/man -} + x etc/examples/svc/qmail-smtp/run smtp.run + l etc/examples/svc/qmail-smtp/log/run /etc/svc.defs/multilog + + x etc/examples/svc/qmail-submission/run submission.run + l etc/examples/svc/qmail-submission/log/run /etc/svc.defs/multilog + + x var/qmail/wrap/qmail-remote wrap-qmail-remote.sh + + a var/qmail/src $P-$V + + l gales/doc/qmail ../../var/qmail/doc + l gales/man/qmail ../../var/qmail/man + l bin/sendmail ../var/qmail/bin/sendmail -dsplit () { - base=$1 ; shift - split=`head -1 conf-split` - split=`expr "$split" - 1` - d var/qmail/queue/$base "$@" - for i in `seq 0 $split` ; do - d var/qmail/queue/$base/$i "$@" - done + i 'This package includes example services and source code only. Enter /var/qmail/src and run "make setup check" to build and install.' + i 'Binaries will go in /var/qmail/bin including the setuid qmail-queue.' + i '"/var/qmail/src/config-fast HOSTNAME" can initialize control files: see /var/qmail/src/INSTALL.ctl.' } diff -uNr a/gports/qmail/qmail-1.03.alloc-prototype.patch b/gports/qmail/qmail-1.03.alloc-prototype.patch --- a/gports/qmail/qmail-1.03.alloc-prototype.patch 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/qmail-1.03.alloc-prototype.patch 1970-01-01 00:00:00 +0000 @@ -1,6 +1,9 @@ -qmail-rspawn can segfault at startup (spawn.c line 194) due to a 64-bit pointer -not fitting in the implicit "int" return type without the "alloc" prototype. -(To my knowledge, first reported by "Jan" on the qmail list in 2007.) +qmail-rspawn and possibly qmail-lspawn can segfault at startup (spawn.c line 194) due to a 64-bit pointer not fitting in the implicit "int" return type without the "alloc" prototype. + +To my knowledge, this was first noted and fixed in the "isoc" patch from James Craig Burley in 2004; it was also reported by "Jan" on the qmail list in 2007. + +I have reviewed a copy of the full "isoc" patch, finding nothing else of interest besides this and the "Guninski bug" fix captured in this collection as qmail-1.03.smtpd-blast.patch. + -jfw diff -ur a/spawn.c b/spawn.c diff -uNr a/gports/qmail/qmail-1.03.build-flags-warnings.patch b/gports/qmail/qmail-1.03.build-flags-warnings.patch --- a/gports/qmail/qmail-1.03.build-flags-warnings.patch 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/qmail-1.03.build-flags-warnings.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,105 @@ +This gets me a warning-free build, even with non-default warnings enabled except for the explicit list. + +The possibly significant change is the addition of -fno-builtin-* switches, which prevent gcc from possibly inlining code for its builtin puts and log2 implementations, because the code defines its own functions with those names. + +Optimization level is reduced to 1 for compiler security conservatism. + + -jfw + +diff -ur a/alloc.c b/alloc.c +--- a/alloc.c 1998-06-15 10:53:16 +0000 ++++ b/alloc.c 2023-09-20 01:59:45 +0000 +@@ -1,6 +1,6 @@ + #include "alloc.h" + #include "error.h" +-extern char *malloc(); ++extern void *malloc(); + extern void free(); + + #define ALIGNMENT 16 /* XXX: assuming that this alignment is enough */ +diff -ur a/conf-cc b/conf-cc +--- a/conf-cc 1998-06-15 10:53:16 +0000 ++++ b/conf-cc 2023-09-20 01:59:45 +0000 +@@ -1,3 +1,3 @@ +-cc -O2 ++cc -O1 -std=gnu89 -fno-builtin-puts -fno-builtin-log2 -Wall -Wextra -Wno-main -Wno-implicit-function-declaration -Wno-parentheses -Wno-pointer-sign -Wno-sign-compare -Wno-empty-body -Wno-unused-parameter -Wno-missing-field-initializers + + This will be used to compile .c files. +diff -ur a/maildir.c b/maildir.c +--- a/maildir.c 1998-06-15 10:53:16 +0000 ++++ b/maildir.c 2023-09-20 01:59:45 +0000 +@@ -95,7 +95,6 @@ + { + struct prioq_elt pe; + datetime_sec time; +- int r; + + if (!stralloc_copys(filenames,"")) return 0; + while (prioq_min(pq,&pe)) prioq_delmin(pq); +diff -ur a/qmail-pw2u.c b/qmail-pw2u.c +--- a/qmail-pw2u.c 1998-06-15 10:53:16 +0000 ++++ b/qmail-pw2u.c 2023-09-20 01:59:45 +0000 +@@ -16,6 +16,7 @@ + #include "auto_break.h" + #include "auto_qmail.h" + #include "auto_usera.h" ++#include "exit.h" + + void die_chdir() + { +diff -ur a/qmail-qmqpc.c b/qmail-qmqpc.c +--- a/qmail-qmqpc.c 1998-06-15 10:53:16 +0000 ++++ b/qmail-qmqpc.c 2023-09-20 01:59:45 +0000 +@@ -135,7 +135,7 @@ + + stralloc servers = {0}; + +-main() ++int main() + { + int i; + int j; +diff -ur a/qmail-qmqpd.c b/qmail-qmqpd.c +--- a/qmail-qmqpd.c 1998-06-15 10:53:16 +0000 ++++ b/qmail-qmqpd.c 2023-09-20 01:59:45 +0000 +@@ -105,7 +105,7 @@ + + int flagok = 1; + +-main() ++int main() + { + char *result; + unsigned long qp; +diff -ur a/qmail-qmtpd.c b/qmail-qmtpd.c +--- a/qmail-qmtpd.c 2023-09-20 01:59:32 +0000 ++++ b/qmail-qmtpd.c 2023-09-20 01:59:45 +0000 +@@ -11,6 +11,7 @@ + #include "readwrite.h" + #include "control.h" + #include "received.h" ++#include "exit.h" + + void badproto() { _exit(100); } + void resources() { _exit(111); } +@@ -76,7 +77,7 @@ + char *relayclient; + int relayclientlen; + +-main() ++int main() + { + char ch; + int i; +diff -ur a/tcpto.c b/tcpto.c +--- a/tcpto.c 1998-06-15 10:53:16 +0000 ++++ b/tcpto.c 2023-09-20 01:59:45 +0000 +@@ -73,7 +73,7 @@ + int i; + char *record; + datetime_sec when; +- datetime_sec firstwhen; ++ datetime_sec firstwhen = 0; /* initialization not strictly required, but satisfies "may be used uninitialized" warning */ + int firstpos; + datetime_sec lastwhen; + diff -uNr a/gports/qmail/qmail-1.03.no-man-pregen.patch b/gports/qmail/qmail-1.03.no-man-pregen.patch --- a/gports/qmail/qmail-1.03.no-man-pregen.patch 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/qmail-1.03.no-man-pregen.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,906 @@ +Preformatting of man pages doesn't make much sense these days, and Gales uses mandoc which doesn't provide nroff, so this fixes "make setup check". + -jfw + +diff -ur a/Makefile b/Makefile +--- a/Makefile 2023-12-01 22:48:23 +0000 ++++ b/Makefile 2023-12-01 23:13:46 +0000 +@@ -4,10 +4,6 @@ + + default: it + +-addresses.0: \ +-addresses.5 +- nroff -man addresses.5 > addresses.0 +- + alloc.a: \ + makelib alloc.o alloc_re.o + ./makelib alloc.a alloc.o alloc_re.o +@@ -183,10 +179,6 @@ + ./load bouncesaying strerr.a error.a substdio.a str.a \ + wait.a + +-bouncesaying.0: \ +-bouncesaying.1 +- nroff -man bouncesaying.1 > bouncesaying.0 +- + bouncesaying.o: \ + compile bouncesaying.c fork.h strerr.h error.h wait.h sig.h exit.h + ./compile bouncesaying.c +@@ -325,10 +317,6 @@ + ./load condredirect qmail.o strerr.a fd.a sig.a wait.a \ + seek.a env.a substdio.a error.a str.a fs.a auto_qmail.o + +-condredirect.0: \ +-condredirect.1 +- nroff -man condredirect.1 > condredirect.0 +- + condredirect.o: \ + compile condredirect.c sig.h readwrite.h exit.h env.h error.h fork.h \ + wait.h seek.h qmail.h substdio.h strerr.h substdio.h fmt.h +@@ -459,10 +447,6 @@ + str.h scan.h dns.h dnsdoe.h ip.h exit.h + ./compile dnsptr.c + +-dot-qmail.0: \ +-dot-qmail.5 +- nroff -man dot-qmail.5 > dot-qmail.0 +- + dot-qmail.5: \ + dot-qmail.9 conf-break conf-spawn + cat dot-qmail.9 \ +@@ -488,10 +472,6 @@ + compile env.c str.h alloc.h env.h + ./compile env.c + +-envelopes.0: \ +-envelopes.5 +- nroff -man envelopes.5 > envelopes.0 +- + envread.o: \ + compile envread.c env.h str.h + ./compile envread.c +@@ -516,10 +496,6 @@ + load except.o strerr.a error.a substdio.a str.a wait.a + ./load except strerr.a error.a substdio.a str.a wait.a + +-except.0: \ +-except.1 +- nroff -man except.1 > except.0 +- + except.o: \ + compile except.c fork.h strerr.h wait.h error.h exit.h + ./compile except.c +@@ -569,10 +545,6 @@ + compile fmtqfn.c fmtqfn.h fmt.h auto_split.h + ./compile fmtqfn.c + +-forgeries.0: \ +-forgeries.7 +- nroff -man forgeries.7 > forgeries.0 +- + fork.h: \ + compile load tryvfork.c fork.h1 fork.h2 + ( ( ./compile tryvfork.c && ./load tryvfork ) >/dev/null \ +@@ -586,10 +558,6 @@ + ./load forward qmail.o strerr.a alloc.a fd.a wait.a sig.a \ + env.a substdio.a error.a str.a fs.a auto_qmail.o + +-forward.0: \ +-forward.1 +- nroff -man forward.1 > forward.0 +- + forward.o: \ + compile forward.c sig.h readwrite.h exit.h env.h qmail.h substdio.h \ + strerr.h substdio.h fmt.h +@@ -823,10 +791,6 @@ + compile lock_un.c hasflock.h lock.h + ./compile lock_un.c + +-maildir.0: \ +-maildir.5 +- nroff -man maildir.5 > maildir.0 +- + maildir.o: \ + compile maildir.c prioq.h datetime.h gen_alloc.h env.h stralloc.h \ + gen_alloc.h direntry.h datetime.h now.h datetime.h str.h maildir.h \ +@@ -841,10 +805,6 @@ + gfrom.o lock.a getln.a env.a open.a strerr.a stralloc.a \ + alloc.a substdio.a error.a str.a fs.a datetime.a + +-maildir2mbox.0: \ +-maildir2mbox.1 +- nroff -man maildir2mbox.1 > maildir2mbox.0 +- + maildir2mbox.o: \ + compile maildir2mbox.c readwrite.h prioq.h datetime.h gen_alloc.h \ + env.h stralloc.h gen_alloc.h subfd.h substdio.h substdio.h getln.h \ +@@ -856,10 +816,6 @@ + load maildirmake.o strerr.a substdio.a error.a str.a + ./load maildirmake strerr.a substdio.a error.a str.a + +-maildirmake.0: \ +-maildirmake.1 +- nroff -man maildirmake.1 > maildirmake.0 +- + maildirmake.o: \ + compile maildirmake.c strerr.h exit.h + ./compile maildirmake.c +@@ -872,10 +828,6 @@ + prioq.o now.o getln.a env.a open.a strerr.a stralloc.a \ + alloc.a substdio.a error.a str.a + +-maildirwatch.0: \ +-maildirwatch.1 +- nroff -man maildirwatch.1 > maildirwatch.0 +- + maildirwatch.o: \ + compile maildirwatch.c getln.h substdio.h subfd.h substdio.h prioq.h \ + datetime.h gen_alloc.h stralloc.h gen_alloc.h str.h exit.h hfield.h \ +@@ -891,10 +843,6 @@ + > mailsubj + chmod 755 mailsubj + +-mailsubj.0: \ +-mailsubj.1 +- nroff -man mailsubj.1 > mailsubj.0 +- + make-compile: \ + make-compile.sh auto-ccld.sh + cat auto-ccld.sh make-compile.sh > make-compile +@@ -917,21 +865,7 @@ + chmod 755 makelib + + man: \ +-qmail-local.0 qmail-lspawn.0 qmail-getpw.0 qmail-remote.0 \ +-qmail-rspawn.0 qmail-clean.0 qmail-send.0 qmail-start.0 splogger.0 \ +-qmail-queue.0 qmail-inject.0 mailsubj.0 qmail-showctl.0 qmail-newu.0 \ +-qmail-pw2u.0 qmail-qread.0 qmail-qstat.0 qmail-tcpto.0 qmail-tcpok.0 \ +-qmail-pop3d.0 qmail-popup.0 qmail-qmqpc.0 qmail-qmqpd.0 qmail-qmtpd.0 \ +-qmail-smtpd.0 tcp-env.0 qmail-newmrh.0 qreceipt.0 qbiff.0 forward.0 \ +-preline.0 condredirect.0 bouncesaying.0 except.0 maildirmake.0 \ +-maildir2mbox.0 maildirwatch.0 qmail.0 qmail-limits.0 qmail-log.0 \ +-qmail-control.0 qmail-header.0 qmail-users.0 dot-qmail.0 \ +-qmail-command.0 tcp-environ.0 maildir.0 mbox.0 addresses.0 \ +-envelopes.0 forgeries.0 +- +-mbox.0: \ +-mbox.5 +- nroff -man mbox.5 > mbox.0 ++dot-qmail.5 qmail-control.5 qmail-getpw.8 qmail-limits.7 qmail-newmrh.8 qmail-newu.8 qmail-pw2u.8 qmail-send.8 qmail-start.8 qmail-users.5 + + myctime.o: \ + compile myctime.c datetime.h fmt.h myctime.h +@@ -1010,10 +944,6 @@ + ./load preline strerr.a fd.a wait.a sig.a env.a getopt.a \ + substdio.a error.a str.a + +-preline.0: \ +-preline.1 +- nroff -man preline.1 > preline.0 +- + preline.o: \ + compile preline.c fd.h sgetopt.h subgetopt.h readwrite.h strerr.h \ + substdio.h exit.h fork.h wait.h env.h sig.h error.h +@@ -1057,10 +987,6 @@ + ./load qbiff headerbody.o hfield.o getln.a env.a open.a \ + stralloc.a alloc.a substdio.a error.a str.a + +-qbiff.0: \ +-qbiff.1 +- nroff -man qbiff.1 > qbiff.0 +- + qbiff.o: \ + compile qbiff.c readwrite.h stralloc.h gen_alloc.h substdio.h subfd.h \ + substdio.h open.h byte.h str.h headerbody.h hfield.h env.h exit.h +@@ -1073,24 +999,12 @@ + alloc.a substdio.a error.a str.a fs.a auto_qmail.o \ + auto_split.o + +-qmail-clean.0: \ +-qmail-clean.8 +- nroff -man qmail-clean.8 > qmail-clean.0 +- + qmail-clean.o: \ + compile qmail-clean.c readwrite.h sig.h now.h datetime.h str.h \ + direntry.h getln.h stralloc.h gen_alloc.h substdio.h subfd.h \ + substdio.h byte.h scan.h fmt.h error.h exit.h fmtqfn.h auto_qmail.h + ./compile qmail-clean.c + +-qmail-command.0: \ +-qmail-command.8 +- nroff -man qmail-command.8 > qmail-command.0 +- +-qmail-control.0: \ +-qmail-control.5 +- nroff -man qmail-control.5 > qmail-control.0 +- + qmail-control.5: \ + qmail-control.9 conf-break conf-spawn + cat qmail-control.9 \ +@@ -1105,10 +1019,6 @@ + ./load qmail-getpw case.a substdio.a error.a str.a fs.a \ + auto_break.o auto_usera.o + +-qmail-getpw.0: \ +-qmail-getpw.8 +- nroff -man qmail-getpw.8 > qmail-getpw.0 +- + qmail-getpw.8: \ + qmail-getpw.9 conf-break conf-spawn + cat qmail-getpw.9 \ +@@ -1123,10 +1033,6 @@ + qlx.h + ./compile qmail-getpw.c + +-qmail-header.0: \ +-qmail-header.5 +- nroff -man qmail-header.5 > qmail-header.0 +- + qmail-inject: \ + load qmail-inject.o headerbody.o hfield.o newfield.o quote.o now.o \ + control.o date822fmt.o constmap.o qmail.o case.a fd.a wait.a open.a \ +@@ -1138,10 +1044,6 @@ + token822.o env.a stralloc.a alloc.a substdio.a error.a \ + str.a fs.a auto_qmail.o + +-qmail-inject.0: \ +-qmail-inject.8 +- nroff -man qmail-inject.8 > qmail-inject.0 +- + qmail-inject.o: \ + compile qmail-inject.c sig.h substdio.h stralloc.h gen_alloc.h \ + subfd.h substdio.h sgetopt.h subgetopt.h getln.h alloc.h str.h fmt.h \ +@@ -1150,10 +1052,6 @@ + quote.h headerbody.h auto_qmail.h newfield.h stralloc.h constmap.h + ./compile qmail-inject.c + +-qmail-limits.0: \ +-qmail-limits.7 +- nroff -man qmail-limits.7 > qmail-limits.0 +- + qmail-limits.7: \ + qmail-limits.9 conf-break conf-spawn + cat qmail-limits.9 \ +@@ -1173,10 +1071,6 @@ + substdio.a error.a str.a fs.a datetime.a auto_qmail.o \ + auto_patrn.o `cat socket.lib` + +-qmail-local.0: \ +-qmail-local.8 +- nroff -man qmail-local.8 > qmail-local.0 +- + qmail-local.o: \ + compile qmail-local.c readwrite.h sig.h env.h byte.h exit.h fork.h \ + open.h wait.h lock.h seek.h substdio.h getln.h strerr.h subfd.h \ +@@ -1185,10 +1079,6 @@ + substdio.h slurpclose.h myctime.h gfrom.h auto_patrn.h + ./compile qmail-local.c + +-qmail-log.0: \ +-qmail-log.5 +- nroff -man qmail-log.5 > qmail-log.0 +- + qmail-lspawn: \ + load qmail-lspawn.o spawn.o prot.o slurpclose.o coe.o sig.a wait.a \ + case.a cdb.a fd.a open.a stralloc.a alloc.a substdio.a error.a str.a \ +@@ -1198,10 +1088,6 @@ + substdio.a error.a str.a fs.a auto_qmail.o auto_uids.o \ + auto_spawn.o + +-qmail-lspawn.0: \ +-qmail-lspawn.8 +- nroff -man qmail-lspawn.8 > qmail-lspawn.0 +- + qmail-lspawn.o: \ + compile qmail-lspawn.c fd.h wait.h prot.h substdio.h stralloc.h \ + gen_alloc.h scan.h exit.h fork.h error.h cdb.h uint32.h case.h \ +@@ -1215,10 +1101,6 @@ + seek.a case.a stralloc.a alloc.a strerr.a substdio.a \ + error.a str.a auto_qmail.o + +-qmail-newmrh.0: \ +-qmail-newmrh.8 +- nroff -man qmail-newmrh.8 > qmail-newmrh.0 +- + qmail-newmrh.8: \ + qmail-newmrh.9 conf-break conf-spawn + cat qmail-newmrh.9 \ +@@ -1240,10 +1122,6 @@ + case.a stralloc.a alloc.a substdio.a error.a str.a \ + auto_qmail.o + +-qmail-newu.0: \ +-qmail-newu.8 +- nroff -man qmail-newu.8 > qmail-newu.0 +- + qmail-newu.8: \ + qmail-newu.9 conf-break conf-spawn + cat qmail-newu.9 \ +@@ -1267,10 +1145,6 @@ + open.a getln.a stralloc.a alloc.a substdio.a error.a str.a \ + fs.a `cat socket.lib` + +-qmail-pop3d.0: \ +-qmail-pop3d.8 +- nroff -man qmail-pop3d.8 > qmail-pop3d.0 +- + qmail-pop3d.o: \ + compile qmail-pop3d.c commands.h sig.h getln.h stralloc.h gen_alloc.h \ + substdio.h alloc.h open.h prioq.h datetime.h gen_alloc.h scan.h fmt.h \ +@@ -1286,10 +1160,6 @@ + now.o case.a fd.a sig.a wait.a stralloc.a alloc.a \ + substdio.a error.a str.a fs.a `cat socket.lib` + +-qmail-popup.0: \ +-qmail-popup.8 +- nroff -man qmail-popup.8 > qmail-popup.0 +- + qmail-popup.o: \ + compile qmail-popup.c commands.h fd.h sig.h stralloc.h gen_alloc.h \ + substdio.h alloc.h wait.h str.h byte.h now.h datetime.h fmt.h exit.h \ +@@ -1304,10 +1174,6 @@ + case.a getopt.a stralloc.a alloc.a substdio.a error.a str.a \ + fs.a auto_usera.o auto_break.o auto_qmail.o + +-qmail-pw2u.0: \ +-qmail-pw2u.8 +- nroff -man qmail-pw2u.8 > qmail-pw2u.0 +- + qmail-pw2u.8: \ + qmail-pw2u.9 conf-break conf-spawn + cat qmail-pw2u.9 \ +@@ -1332,10 +1198,6 @@ + sig.a ndelay.a open.a getln.a substdio.a stralloc.a alloc.a \ + error.a str.a fs.a `cat socket.lib` + +-qmail-qmqpc.0: \ +-qmail-qmqpc.8 +- nroff -man qmail-qmqpc.8 > qmail-qmqpc.0 +- + qmail-qmqpc.o: \ + compile qmail-qmqpc.c substdio.h getln.h readwrite.h exit.h \ + stralloc.h gen_alloc.h slurpclose.h error.h sig.h ip.h timeoutconn.h \ +@@ -1349,10 +1211,6 @@ + auto_qmail.o env.a substdio.a sig.a error.a wait.a fd.a \ + str.a datetime.a fs.a + +-qmail-qmqpd.0: \ +-qmail-qmqpd.8 +- nroff -man qmail-qmqpd.8 > qmail-qmqpd.0 +- + qmail-qmqpd.o: \ + compile qmail-qmqpd.c auto_qmail.h qmail.h substdio.h received.h \ + sig.h substdio.h readwrite.h exit.h now.h datetime.h fmt.h env.h +@@ -1368,10 +1226,6 @@ + datetime.a open.a getln.a sig.a case.a env.a stralloc.a \ + alloc.a substdio.a error.a str.a fs.a auto_qmail.o + +-qmail-qmtpd.0: \ +-qmail-qmtpd.8 +- nroff -man qmail-qmtpd.8 > qmail-qmtpd.0 +- + qmail-qmtpd.o: \ + compile qmail-qmtpd.c stralloc.h gen_alloc.h substdio.h qmail.h \ + substdio.h now.h datetime.h str.h fmt.h env.h sig.h rcpthosts.h \ +@@ -1386,10 +1240,6 @@ + datetime.a open.a getln.a stralloc.a alloc.a substdio.a \ + error.a str.a fs.a auto_qmail.o auto_split.o + +-qmail-qread.0: \ +-qmail-qread.8 +- nroff -man qmail-qread.8 > qmail-qread.0 +- + qmail-qread.o: \ + compile qmail-qread.c stralloc.h gen_alloc.h substdio.h subfd.h \ + substdio.h fmt.h str.h getln.h fmtqfn.h readsubdir.h direntry.h \ +@@ -1406,10 +1256,6 @@ + > qmail-qstat + chmod 755 qmail-qstat + +-qmail-qstat.0: \ +-qmail-qstat.8 +- nroff -man qmail-qstat.8 > qmail-qstat.0 +- + qmail-queue: \ + load qmail-queue.o triggerpull.o fmtqfn.o now.o date822fmt.o \ + datetime.a seek.a ndelay.a open.a sig.a alloc.a substdio.a error.a \ +@@ -1419,10 +1265,6 @@ + alloc.a substdio.a error.a str.a fs.a auto_qmail.o \ + auto_split.o auto_uids.o + +-qmail-queue.0: \ +-qmail-queue.8 +- nroff -man qmail-queue.8 > qmail-queue.0 +- + qmail-queue.o: \ + compile qmail-queue.c readwrite.h sig.h exit.h open.h seek.h fmt.h \ + alloc.h substdio.h datetime.h now.h datetime.h triggerpull.h extra.h \ +@@ -1440,10 +1282,6 @@ + lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \ + str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib` + +-qmail-remote.0: \ +-qmail-remote.8 +- nroff -man qmail-remote.8 > qmail-remote.0 +- + qmail-remote.o: \ + compile qmail-remote.c sig.h stralloc.h gen_alloc.h substdio.h \ + subfd.h substdio.h scan.h case.h error.h auto_qmail.h control.h dns.h \ +@@ -1461,10 +1299,6 @@ + substdio.a error.a str.a auto_qmail.o auto_uids.o \ + auto_spawn.o + +-qmail-rspawn.0: \ +-qmail-rspawn.8 +- nroff -man qmail-rspawn.8 > qmail-rspawn.0 +- + qmail-rspawn.o: \ + compile qmail-rspawn.c fd.h wait.h substdio.h exit.h fork.h error.h \ + tcpto.h +@@ -1482,10 +1316,6 @@ + wait.a seek.a fd.a sig.a open.a lock.a stralloc.a alloc.a \ + substdio.a error.a str.a fs.a auto_qmail.o auto_split.o + +-qmail-send.0: \ +-qmail-send.8 +- nroff -man qmail-send.8 > qmail-send.0 +- + qmail-send.8: \ + qmail-send.9 conf-break conf-spawn + cat qmail-send.9 \ +@@ -1512,10 +1342,6 @@ + auto_qmail.o auto_break.o auto_patrn.o auto_spawn.o \ + auto_split.o + +-qmail-showctl.0: \ +-qmail-showctl.8 +- nroff -man qmail-showctl.8 > qmail-showctl.0 +- + qmail-showctl.o: \ + compile qmail-showctl.c substdio.h subfd.h substdio.h exit.h fmt.h \ + str.h control.h constmap.h stralloc.h gen_alloc.h direntry.h \ +@@ -1536,10 +1362,6 @@ + alloc.a substdio.a error.a str.a fs.a auto_qmail.o `cat \ + socket.lib` + +-qmail-smtpd.0: \ +-qmail-smtpd.8 +- nroff -man qmail-smtpd.8 > qmail-smtpd.0 +- + qmail-smtpd.o: \ + compile qmail-smtpd.c sig.h readwrite.h stralloc.h gen_alloc.h \ + substdio.h alloc.h auto_qmail.h control.h received.h constmap.h \ +@@ -1552,10 +1374,6 @@ + load qmail-start.o prot.o fd.a auto_uids.o + ./load qmail-start prot.o fd.a auto_uids.o + +-qmail-start.0: \ +-qmail-start.8 +- nroff -man qmail-start.8 > qmail-start.0 +- + qmail-start.8: \ + qmail-start.9 conf-break conf-spawn + cat qmail-start.9 \ +@@ -1574,10 +1392,6 @@ + ./load qmail-tcpok open.a lock.a strerr.a substdio.a \ + error.a str.a auto_qmail.o + +-qmail-tcpok.0: \ +-qmail-tcpok.8 +- nroff -man qmail-tcpok.8 > qmail-tcpok.0 +- + qmail-tcpok.o: \ + compile qmail-tcpok.c strerr.h substdio.h lock.h open.h readwrite.h \ + auto_qmail.h exit.h +@@ -1589,10 +1403,6 @@ + ./load qmail-tcpto ip.o now.o open.a lock.a substdio.a \ + error.a str.a fs.a auto_qmail.o + +-qmail-tcpto.0: \ +-qmail-tcpto.8 +- nroff -man qmail-tcpto.8 > qmail-tcpto.0 +- + qmail-tcpto.o: \ + compile qmail-tcpto.c substdio.h subfd.h substdio.h auto_qmail.h \ + fmt.h ip.h lock.h error.h exit.h datetime.h now.h datetime.h +@@ -1607,10 +1417,6 @@ + > qmail-upq + chmod 755 qmail-upq + +-qmail-users.0: \ +-qmail-users.5 +- nroff -man qmail-users.5 > qmail-users.0 +- + qmail-users.5: \ + qmail-users.9 conf-break conf-spawn + cat qmail-users.9 \ +@@ -1619,10 +1425,6 @@ + | sed s}SPAWN}"`head -1 conf-spawn`"}g \ + > qmail-users.5 + +-qmail.0: \ +-qmail.7 +- nroff -man qmail.7 > qmail.0 +- + qmail.o: \ + compile qmail.c substdio.h readwrite.h wait.h exit.h fork.h fd.h \ + qmail.h substdio.h auto_qmail.h +@@ -1636,10 +1438,6 @@ + qmail.o getln.a fd.a wait.a sig.a env.a stralloc.a alloc.a \ + substdio.a error.a str.a auto_qmail.o + +-qreceipt.0: \ +-qreceipt.1 +- nroff -man qreceipt.1 > qreceipt.0 +- + qreceipt.o: \ + compile qreceipt.c sig.h env.h substdio.h stralloc.h gen_alloc.h \ + subfd.h substdio.h getln.h alloc.h str.h hfield.h token822.h \ +@@ -1894,10 +1692,6 @@ + ./load splogger substdio.a error.a str.a fs.a `cat \ + syslog.lib` `cat socket.lib` + +-splogger.0: \ +-splogger.8 +- nroff -man splogger.8 > splogger.0 +- + splogger.o: \ + compile splogger.c error.h substdio.h subfd.h substdio.h exit.h str.h \ + scan.h fmt.h +@@ -2069,19 +1863,11 @@ + sig.a env.a getopt.a stralloc.a alloc.a substdio.a error.a \ + str.a fs.a `cat dns.lib` `cat socket.lib` + +-tcp-env.0: \ +-tcp-env.1 +- nroff -man tcp-env.1 > tcp-env.0 +- + tcp-env.o: \ + compile tcp-env.c sig.h stralloc.h gen_alloc.h str.h env.h fmt.h \ + scan.h subgetopt.h ip.h dns.h byte.h remoteinfo.h exit.h case.h + ./compile tcp-env.c + +-tcp-environ.0: \ +-tcp-environ.5 +- nroff -man tcp-environ.5 > tcp-environ.0 +- + tcpto.o: \ + compile tcpto.c tcpto.h open.h lock.h seek.h now.h datetime.h ip.h \ + byte.h datetime.h readwrite.h +diff -ur a/TARGETS b/TARGETS +--- a/TARGETS 2023-12-01 22:48:23 +0000 ++++ b/TARGETS 2023-12-01 23:28:04 +0000 +@@ -319,67 +319,16 @@ + binm3 + binm3+df + it +-qmail-local.0 +-qmail-lspawn.0 + qmail-getpw.8 +-qmail-getpw.0 +-qmail-remote.0 +-qmail-rspawn.0 +-qmail-clean.0 + qmail-send.8 +-qmail-send.0 + qmail-start.8 +-qmail-start.0 +-splogger.0 +-qmail-queue.0 +-qmail-inject.0 +-mailsubj.0 +-qmail-showctl.0 + qmail-newu.8 +-qmail-newu.0 + qmail-pw2u.8 +-qmail-pw2u.0 +-qmail-qread.0 +-qmail-qstat.0 +-qmail-tcpto.0 +-qmail-tcpok.0 +-qmail-pop3d.0 +-qmail-popup.0 +-qmail-qmqpc.0 +-qmail-qmqpd.0 +-qmail-qmtpd.0 +-qmail-smtpd.0 +-tcp-env.0 + qmail-newmrh.8 +-qmail-newmrh.0 +-qreceipt.0 +-qbiff.0 +-forward.0 +-preline.0 +-condredirect.0 +-bouncesaying.0 +-except.0 +-maildirmake.0 +-maildir2mbox.0 +-maildirwatch.0 +-qmail.0 + qmail-limits.7 +-qmail-limits.0 +-qmail-log.0 + qmail-control.5 +-qmail-control.0 +-qmail-header.0 + qmail-users.5 +-qmail-users.0 + dot-qmail.5 +-dot-qmail.0 +-qmail-command.0 +-tcp-environ.0 +-maildir.0 +-mbox.0 +-addresses.0 +-envelopes.0 +-forgeries.0 + man + setup + check +diff -ur a/hier.c b/hier.c +--- a/hier.c 1998-06-15 10:53:16 +0000 ++++ b/hier.c 2023-12-01 23:31:51 +0000 +@@ -37,10 +37,6 @@ + d(auto_qmail,"boot",auto_uido,auto_gidq,0755); + d(auto_qmail,"doc",auto_uido,auto_gidq,0755); + d(auto_qmail,"man",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat1",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat5",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat7",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat8",auto_uido,auto_gidq,0755); + d(auto_qmail,"man/man1",auto_uido,auto_gidq,0755); + d(auto_qmail,"man/man5",auto_uido,auto_gidq,0755); + d(auto_qmail,"man/man7",auto_uido,auto_gidq,0755); +@@ -145,108 +141,57 @@ + c(auto_qmail,"bin","pinq",auto_uido,auto_gidq,0755); + + c(auto_qmail,"man/man5","addresses.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","addresses.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","envelopes.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","envelopes.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","maildir.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","maildir.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","mbox.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","mbox.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","dot-qmail.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","dot-qmail.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-control.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-control.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-header.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-header.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-log.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-log.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-users.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-users.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","tcp-environ.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","tcp-environ.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"man/man7","forgeries.7",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat7","forgeries.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man7","qmail-limits.7",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat7","qmail-limits.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man7","qmail.7",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat7","qmail.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"man/man1","forward.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","forward.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","condredirect.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","condredirect.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","bouncesaying.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","bouncesaying.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","except.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","except.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","maildirmake.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","maildirmake.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","maildir2mbox.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","maildir2mbox.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","maildirwatch.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","maildirwatch.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","mailsubj.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","mailsubj.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","qreceipt.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","qreceipt.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","qbiff.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","qbiff.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","preline.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","preline.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","tcp-env.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","tcp-env.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"man/man8","qmail-local.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-local.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-lspawn.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-lspawn.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-getpw.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-getpw.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-remote.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-remote.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-rspawn.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-rspawn.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-clean.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-clean.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-send.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-send.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-start.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-start.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","splogger.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","splogger.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-queue.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-queue.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-inject.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-inject.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-showctl.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-showctl.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-newmrh.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-newmrh.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-newu.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-newu.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-pw2u.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-pw2u.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qread.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qread.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qstat.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qstat.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-tcpok.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-tcpok.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-tcpto.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-tcpto.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-pop3d.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-pop3d.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-popup.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-popup.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qmqpc.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qmqpc.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qmqpd.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qmqpd.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qmtpd.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qmtpd.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-smtpd.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-smtpd.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-command.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-command.0",auto_uido,auto_gidq,0644); + } +diff -ur a/install-big.c b/install-big.c +--- a/install-big.c 1998-06-15 10:53:16 +0000 ++++ b/install-big.c 2023-12-01 23:31:05 +0000 +@@ -37,10 +37,6 @@ + d(auto_qmail,"boot",auto_uido,auto_gidq,0755); + d(auto_qmail,"doc",auto_uido,auto_gidq,0755); + d(auto_qmail,"man",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat1",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat5",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat7",auto_uido,auto_gidq,0755); +- d(auto_qmail,"man/cat8",auto_uido,auto_gidq,0755); + d(auto_qmail,"man/man1",auto_uido,auto_gidq,0755); + d(auto_qmail,"man/man5",auto_uido,auto_gidq,0755); + d(auto_qmail,"man/man7",auto_uido,auto_gidq,0755); +@@ -145,115 +141,63 @@ + c(auto_qmail,"bin","pinq",auto_uido,auto_gidq,0755); + + c(auto_qmail,"man/man5","addresses.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","addresses.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","envelopes.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","envelopes.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","maildir.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","maildir.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","mbox.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","mbox.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","dot-qmail.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","dot-qmail.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-control.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-control.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-header.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-header.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-log.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-log.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","qmail-users.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","qmail-users.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man5","tcp-environ.5",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat5","tcp-environ.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"man/man7","forgeries.7",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat7","forgeries.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man7","qmail-limits.7",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat7","qmail-limits.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man7","qmail.7",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat7","qmail.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"man/man1","forward.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","forward.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","condredirect.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","condredirect.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","bouncesaying.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","bouncesaying.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","except.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","except.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","maildirmake.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","maildirmake.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","maildir2mbox.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","maildir2mbox.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","maildirwatch.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","maildirwatch.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","mailsubj.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","mailsubj.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","qreceipt.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","qreceipt.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","qbiff.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","qbiff.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","preline.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","preline.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","tcp-env.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","tcp-env.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"man/man8","qmail-local.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-local.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-lspawn.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-lspawn.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-getpw.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-getpw.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-remote.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-remote.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-rspawn.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-rspawn.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-clean.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-clean.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-send.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-send.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-start.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-start.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","splogger.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","splogger.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-queue.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-queue.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-inject.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-inject.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-showctl.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-showctl.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-newmrh.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-newmrh.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-newu.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-newu.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-pw2u.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-pw2u.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qread.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qread.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qstat.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qstat.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-tcpok.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-tcpok.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-tcpto.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-tcpto.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-pop3d.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-pop3d.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-popup.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-popup.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qmqpc.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qmqpc.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qmqpd.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qmqpd.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-qmtpd.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-qmtpd.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-smtpd.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-smtpd.0",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man8","qmail-command.8",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat8","qmail-command.0",auto_uido,auto_gidq,0644); + + c(auto_qmail,"bin","dot-forward",auto_uido,auto_gidq,0755); + + c(auto_qmail,"man/man1","dot-forward.1",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","dot-forward.0",auto_uido,auto_gidq,0644); + + d(auto_qmail,"doc/fastforward",auto_uido,auto_gidq,0755); + +@@ -274,12 +218,4 @@ + c(auto_qmail,"man/man1","printmaillist.1",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","setmaillist.1",auto_uido,auto_gidq,0644); + c(auto_qmail,"man/man1","newinclude.1",auto_uido,auto_gidq,0644); +- +- c(auto_qmail,"man/cat1","fastforward.0",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","printforward.0",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","setforward.0",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","newaliases.0",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","printmaillist.0",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","setmaillist.0",auto_uido,auto_gidq,0644); +- c(auto_qmail,"man/cat1","newinclude.0",auto_uido,auto_gidq,0644); + } diff -uNr a/gports/qmail/qmail-1.03.qmtpd-netstring.patch b/gports/qmail/qmail-1.03.qmtpd-netstring.patch --- a/gports/qmail/qmail-1.03.qmtpd-netstring.patch 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/qmail-1.03.qmtpd-netstring.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,51 @@ +# qmail-1.03.qmtpd-netstring.patch +# +# This patch corrects a programming error in +# the getlen() and main() routines of qmail-qmtpd.c. +# +# These routines read input length in netstring format. +# But the original code does not test for numeric validity +# in the length field of the netstring. +# +# As a consquence, it is possible for an attacker to design +# input to create a buffer overflow. +# +# This patch modifies the original to perform validity +# checking when reading the length field of the netstring. +# +# George Guninski documents this bug at: +# +# http://www.guninski.com/qmail-qmtpd.html +# +# For additional information about qmail and patches, +# see: +# +# http://www.thedjbway.org/qmail/patches.html +# +# PUBLIC DOMAIN. +# NO WARRANTY. +# USE AT YOUR OWN RISK. Etc, etc., etc. +# +# wcm, 2004.10.04 - 2004.10.04 +# === +diff -u qmail-1.03.orig/qmail-qmtpd.c qmail-1.03/qmail-qmtpd.c +--- qmail-1.03.orig/qmail-qmtpd.c Mon Jun 15 03:52:55 1998 ++++ qmail-1.03/qmail-qmtpd.c Mon Oct 4 11:46:03 2004 +@@ -45,6 +45,8 @@ + for (;;) { + substdio_get(&ssin,&ch,1); + if (ch == ':') return len; ++ /* trap non-numeric input in netstring: */ ++ if ((ch < '0') || (ch > '9')) badproto(); + if (len > 200000000) resources(); + len = 10 * len + (ch - '0'); + } +@@ -193,6 +195,8 @@ + substdio_get(&ssin,&ch,1); + --biglen; + if (ch == ':') break; ++ /* trap non-numeric input in netstring: */ ++ if ((ch < '0') || (ch > '9')) badproto(); + if (len > 200000000) resources(); + len = 10 * len + (ch - '0'); + } diff -uNr a/gports/qmail/qmail-1.03.syncdir.patch b/gports/qmail/qmail-1.03.syncdir.patch --- a/gports/qmail/qmail-1.03.syncdir.patch 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/qmail-1.03.syncdir.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,35 @@ +diff -ur a/Makefile b/Makefile +--- a/Makefile 2023-09-26 21:48:45 +0000 ++++ b/Makefile 2023-09-26 21:50:55 +0000 +@@ -798,8 +798,12 @@ + instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \ + binm3 binm3+df + ++libsyncdir.a: \ ++makelib syncdir.o ++ ./makelib libsyncdir.a syncdir.o ++ + load: \ +-make-load warn-auto.sh systype ++make-load warn-auto.sh systype libsyncdir.a + ( cat warn-auto.sh; ./make-load "`cat systype`" ) > load + chmod 755 load + +@@ -2041,6 +2045,10 @@ + compile substdo.c substdio.h str.h byte.h error.h + ./compile substdo.c + ++syncdir.o: \ ++compile syncdir.c ++ ./compile syncdir.c ++ + syslog.lib: \ + trysyslog.c compile load + ( ( ./compile trysyslog.c && \ +diff -ur a/make-load.sh b/make-load.sh +--- a/make-load.sh 1998-06-15 10:53:16 +0000 ++++ b/make-load.sh 2023-09-26 21:51:05 +0000 +@@ -1,2 +1,2 @@ + echo 'main="$1"; shift' +-echo exec "$LD" '-o "$main" "$main".o ${1+"$@"}' ++echo exec "$LD" '-o "$main" "$main".o ${1+"$@"} -L. -lsyncdir' diff -uNr a/gports/qmail/qmail.run b/gports/qmail/qmail.run --- a/gports/qmail/qmail.run 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/qmail.run 1970-01-01 00:00:00 +0000 @@ -0,0 +1,2 @@ +#!/bin/sh +PATH=/var/qmail/wrap:/var/qmail/bin:$PATH exec qmail-start ./Maildir/ 2>&1 diff -uNr a/gports/qmail/smtp.run b/gports/qmail/smtp.run --- a/gports/qmail/smtp.run 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/smtp.run 1970-01-01 00:00:00 +0000 @@ -0,0 +1,2 @@ +#!/bin/sh +exec tcpsvd -l 0 -u qmaild -v 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 diff -uNr a/gports/qmail/submission.run b/gports/qmail/submission.run --- a/gports/qmail/submission.run 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/submission.run 1970-01-01 00:00:00 +0000 @@ -0,0 +1,4 @@ +#!/bin/sh +RELAYCLIENT= exec tcpsvd -l 0 -u qmaild -v 0 submission /var/qmail/bin/qmail-smtpd 2>&1 +# !! IMPORTANT !! +# Restrict 'submission' port to trusted networks to prevent open relay. diff -uNr a/gports/qmail/syncdir.c b/gports/qmail/syncdir.c --- a/gports/qmail/syncdir.c 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/syncdir.c 1970-01-01 00:00:00 +0000 @@ -0,0 +1,95 @@ +/* syncdir -- emulate synchronous directories + This is free and unencumbered software released into the public domain. + [ from Bruce Guenter, http://untroubled.org/syncdir/ ] +*/ + +#include +#include +#define open XXX_open +#include +#undef open +#include +#include +#include +#include +#include + +#define SYS_OPEN(FILE,FLAG,MODE) syscall(SYS_open, FILE, FLAG, MODE) +#define SYS_CLOSE(FD) syscall(SYS_close, FD) +#define SYS_LINK(OLD,NEW) syscall(SYS_link, OLD, NEW) +#define SYS_UNLINK(PATH) syscall(SYS_unlink, PATH) +#define SYS_RENAME(OLD,NEW) syscall(SYS_rename, OLD, NEW) +#define SYS_FSYNC(FD) syscall(SYS_fsync, FD) + +static int fdirsync(const char* filename, unsigned length) +{ + char dirname[length+1]; + /* This could also be: + * char* dirname = alloca(length+1); */ + int dirfd; + int retval; + memcpy(dirname, filename, length); + dirname[length] = 0; + if((dirfd = SYS_OPEN(dirname,O_RDONLY,0)) == -1) + return -1; + retval = (SYS_FSYNC(dirfd) == -1 && errno == EIO) ? -1 : 0; + SYS_CLOSE(dirfd); + return retval; +} + +static int fdirsyncfn(const char *filename) +{ + const char *slash = filename+strlen(filename)-1; + + /* Skip over trailing slashes, which would be ignored by some + * operations */ + while(slash > filename && *slash == '/') + --slash; + + /* Skip back to the next slash */ + while(slash > filename && *slash != '/') + --slash; + + /* slash now either points to a '/' character, or no slash was found */ + if(*slash == '/') + return fdirsync(filename, + (slash == filename) ? 1 : slash-filename); + else + return fdirsync(".", 1); +} + +int open(const char *file,int oflag,mode_t mode) +{ + int fd = SYS_OPEN(file, oflag, mode); + if(fd == -1) + return fd; + if(oflag & O_CREAT) + if(fdirsyncfn(file) == -1) { + SYS_CLOSE(fd); + return -1; + } + return fd; +} + +int link(const char *oldpath,const char *newpath) +{ + if(SYS_LINK(oldpath,newpath) == -1) + return -1; + return fdirsyncfn(newpath); +} + +int unlink(const char *path) +{ + if(SYS_UNLINK(path) == -1) + return -1; + return fdirsyncfn(path); +} + +int rename(const char *oldpath,const char *newpath) +{ + if(SYS_RENAME(oldpath,newpath) == -1) + return -1; + if(fdirsyncfn(newpath) == -1) + return -1; + return fdirsyncfn(oldpath); +} diff -uNr a/gports/qmail/wrap-qmail-remote.sh b/gports/qmail/wrap-qmail-remote.sh --- a/gports/qmail/wrap-qmail-remote.sh 1970-01-01 00:00:00 +0000 +++ b/gports/qmail/wrap-qmail-remote.sh 1970-01-01 00:00:00 +0000 @@ -0,0 +1,13 @@ +#!/bin/sh + +# Install as /var/qmail/wrap/qmail-remote, with /var/qmail/wrap in qmail-send's $PATH before /var/qmail/bin. + +# This drops bounce messages (empty envelope sender) destined for "external" domains as delineated by rcpthosts (messages to locals are passed to qmail-local, not qmail-remote, so they don't enter here at all). It's a crude measure against backscatter spam, preventing us from being usable as an open relay/traffic reflector by way of forged SMTP return paths. A smarter solution would be to implement SPF or similar sender IP checking on the SMTP intake side, to address the root problem of easy sender forgery. + +host=$1 +sender=$2 +if [ -z "$sender" ] && ! grep -Fixq "$host" /var/qmail/control/rcpthosts; then + printf 'Kdropped external bounce\0' + exit 0 +fi +exec /var/qmail/bin/qmail-remote "$@" diff -uNr a/gports/strace/build.sh b/gports/strace/build.sh --- a/gports/strace/build.sh 1970-01-01 00:00:00 +0000 +++ b/gports/strace/build.sh 1970-01-01 00:00:00 +0000 @@ -11,6 +11,7 @@ generate_mpers_am.sh strace-4.16-futex-test-einval.patch strace-4.16-xlat-gen-ksh.patch +strace-4.16-sendfile-test-socket-blocked.patch " SHA512=" @@ -23,6 +24,7 @@ cd $P-$V patch -p1 <../strace-4.16-futex-test-einval.patch patch -p1 <../strace-4.16-xlat-gen-ksh.patch + patch -p1 <../strace-4.16-sendfile-test-socket-blocked.patch # broken-by-design test that fails after the release year rm tests/strace-V.test sed -i '/strace-V.test/d' tests/Makefile.am @@ -39,7 +41,7 @@ check () { cd $P-$V - make check + make check -j$JOBS } package () { diff -uNr a/gports/strace/strace-4.16-sendfile-test-socket-blocked.patch b/gports/strace/strace-4.16-sendfile-test-socket-blocked.patch --- a/gports/strace/strace-4.16-sendfile-test-socket-blocked.patch 1970-01-01 00:00:00 +0000 +++ b/gports/strace/strace-4.16-sendfile-test-socket-blocked.patch 1970-01-01 00:00:00 +0000 @@ -0,0 +1,241 @@ +commit 0af432af9b4496a8648bfe69a5b38c961ace1b4e +Author: Dmitry V. Levin +AuthorDate: Sun Jun 4 21:17:15 2017 +0000 +Commit: Jacob Welsh +CommitDate: Tue Sep 12 00:36:28 2023 +0000 + + tests: avoid hitting SO_SNDBUF limit in sendfile/sendfile64 tests + + Do not assume that an executable is small enough and SO_SNDBUF is large + enough so that the executable could be sendfile'ed into a socket pair. + + * tests/sendfile.c (main): Create a regular file of the right size + to avoid hitting SO_SNDBUF limit. + * tests/sendfile64.c: Likewise. + + Reported-by: Andreas Schwab + +diff --git a/tests/sendfile.c b/tests/sendfile.c +index 23f096b62..b6ac31f35 100644 +--- a/tests/sendfile.c ++++ b/tests/sendfile.c +@@ -35,15 +35,13 @@ + # include + # include + # include ++# include + # include + # include +-# include + + int +-main(int ac, const char **av) ++main(void) + { +- assert(ac == 1); +- + (void) close(0); + if (open("/dev/zero", O_RDONLY) != 0) + perror_msg_and_skip("open: %s", "/dev/zero"); +@@ -52,58 +50,62 @@ main(int ac, const char **av) + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv)) + perror_msg_and_skip("socketpair"); + +- int reg_in = open(av[0], O_RDONLY); +- if (reg_in < 0) +- perror_msg_and_fail("open: %s", av[0]); +- +- struct stat stb; +- assert(fstat(reg_in, &stb) == 0); +- const size_t blen = stb.st_size / 3; +- const size_t alen = stb.st_size - blen; +- assert(S_ISREG(stb.st_mode) && blen > 0); +- +- const size_t page_len = get_page_size(); +- assert(syscall(__NR_sendfile, 0, 1, NULL, page_len) == -1); ++ const unsigned int page_size = get_page_size(); ++ assert(syscall(__NR_sendfile, 0, 1, NULL, page_size) == -1); + if (EBADF != errno) + perror_msg_and_skip("sendfile"); +- printf("sendfile(0, 1, NULL, %lu) = -1 EBADF (%m)\n", +- (unsigned long) page_len); ++ printf("sendfile(0, 1, NULL, %u) = -1 EBADF (%m)\n", page_size); ++ ++ unsigned int file_size = 0; ++ socklen_t optlen = sizeof(file_size); ++ if (getsockopt(sv[1], SOL_SOCKET, SO_SNDBUF, &file_size, &optlen)) ++ perror_msg_and_fail("getsockopt"); ++ if (file_size < 1024) ++ error_msg_and_skip("SO_SNDBUF too small: %u", file_size); ++ ++ file_size /= 4; ++ if (file_size / 16 > page_size) ++ file_size = page_size * 16; ++ const unsigned int blen = file_size / 3; ++ const unsigned int alen = file_size - blen; ++ ++ static const char fname[] = "sendfile-tmpfile"; ++ int reg_in = open(fname, O_RDWR | O_CREAT | O_TRUNC, 0600); ++ if (reg_in < 0) ++ perror_msg_and_fail("open: %s", fname); ++ if (unlink(fname)) ++ perror_msg_and_fail("unlink: %s", fname); ++ if (ftruncate(reg_in, file_size)) ++ perror_msg_and_fail("ftruncate: %s", fname); + + uint32_t *p_off = tail_alloc(sizeof(uint32_t)); + void *p = p_off + 1; + *p_off = 0; + +- assert(syscall(__NR_sendfile, 0, 1, p, page_len) == -1); +- printf("sendfile(0, 1, %#lx, %lu) = -1 EFAULT (%m)\n", +- (unsigned long) p, (unsigned long) page_len); ++ assert(syscall(__NR_sendfile, 0, 1, p, page_size) == -1); ++ printf("sendfile(0, 1, %p, %u) = -1 EFAULT (%m)\n", p, page_size); + + assert(syscall(__NR_sendfile, sv[1], reg_in, NULL, alen) + == (long) alen); +- printf("sendfile(%d, %d, NULL, %lu) = %lu\n", +- sv[1], reg_in, (unsigned long) alen, +- (unsigned long) alen); ++ printf("sendfile(%d, %d, NULL, %u) = %u\n", ++ sv[1], reg_in, alen, alen); + + p = p_off; + if (syscall(__NR_sendfile, sv[1], reg_in, p_off, alen) != (long) alen) { +- printf("sendfile(%d, %d, %#lx, %lu) = -1 EFAULT (%m)\n", +- sv[1], reg_in, (unsigned long) p_off, +- (unsigned long) alen); ++ printf("sendfile(%d, %d, %#lx, %u) = -1 EFAULT (%m)\n", ++ sv[1], reg_in, (unsigned long) p_off, alen); + --p_off; + *p_off = 0; + assert(syscall(__NR_sendfile, sv[1], reg_in, p_off, alen) + == (long) alen); + } +- printf("sendfile(%d, %d, [0] => [%lu], %lu) = %lu\n", +- sv[1], reg_in, (unsigned long) alen, +- (unsigned long) alen, (unsigned long) alen); ++ printf("sendfile(%d, %d, [0] => [%u], %u) = %u\n", ++ sv[1], reg_in, alen, alen, alen); + +- assert(syscall(__NR_sendfile, sv[1], reg_in, p_off, stb.st_size + 1) ++ assert(syscall(__NR_sendfile, sv[1], reg_in, p_off, file_size + 1) + == (long) blen); +- printf("sendfile(%d, %d, [%lu] => [%lu], %lu) = %lu\n", +- sv[1], reg_in, (unsigned long) alen, +- (unsigned long) stb.st_size, +- (unsigned long) stb.st_size + 1, +- (unsigned long) blen); ++ printf("sendfile(%d, %d, [%u] => [%u], %u) = %u\n", ++ sv[1], reg_in, alen, file_size, file_size + 1, blen); + + if (p_off != p) { + uint64_t *p_off64 = (uint64_t *) p_off; +diff --git a/tests/sendfile64.c b/tests/sendfile64.c +index 7208c3006..37b842b9a 100644 +--- a/tests/sendfile64.c ++++ b/tests/sendfile64.c +@@ -35,15 +35,13 @@ + # include + # include + # include ++# include + # include + # include +-# include + + int +-main(int ac, const char **av) ++main(void) + { +- assert(ac == 1); +- + (void) close(0); + if (open("/dev/zero", O_RDONLY) != 0) + perror_msg_and_skip("open: %s", "/dev/zero"); +@@ -52,50 +50,55 @@ main(int ac, const char **av) + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv)) + perror_msg_and_skip("socketpair"); + +- int reg_in = open(av[0], O_RDONLY); +- if (reg_in < 0) +- perror_msg_and_fail("open: %s", av[0]); +- +- struct stat stb; +- assert(fstat(reg_in, &stb) == 0); +- const size_t blen = stb.st_size / 3; +- const size_t alen = stb.st_size - blen; +- assert(S_ISREG(stb.st_mode) && blen > 0); +- +- const size_t page_len = get_page_size(); +- assert(syscall(__NR_sendfile64, 0, 1, NULL, page_len) == -1); ++ const unsigned int page_size = get_page_size(); ++ assert(syscall(__NR_sendfile64, 0, 1, NULL, page_size) == -1); + if (EBADF != errno) + perror_msg_and_skip("sendfile64"); +- printf("sendfile64(0, 1, NULL, %lu) = -1 EBADF (%m)\n", +- (unsigned long) page_len); ++ printf("sendfile64(0, 1, NULL, %u) = -1 EBADF (%m)\n", page_size); ++ ++ unsigned int file_size = 0; ++ socklen_t optlen = sizeof(file_size); ++ if (getsockopt(sv[1], SOL_SOCKET, SO_SNDBUF, &file_size, &optlen)) ++ perror_msg_and_fail("getsockopt"); ++ if (file_size < 1024) ++ error_msg_and_skip("SO_SNDBUF too small: %u", file_size); ++ ++ file_size /= 4; ++ if (file_size / 16 > page_size) ++ file_size = page_size * 16; ++ const unsigned int blen = file_size / 3; ++ const unsigned int alen = file_size - blen; ++ ++ static const char fname[] = "sendfile64-tmpfile"; ++ int reg_in = open(fname, O_RDWR | O_CREAT | O_TRUNC, 0600); ++ if (reg_in < 0) ++ perror_msg_and_fail("open: %s", fname); ++ if (unlink(fname)) ++ perror_msg_and_fail("unlink: %s", fname); ++ if (ftruncate(reg_in, file_size)) ++ perror_msg_and_fail("ftruncate: %s", fname); + + uint64_t *p_off = tail_alloc(sizeof(uint64_t)); + void *p = p_off + 1; + *p_off = 0; + +- assert(syscall(__NR_sendfile64, 0, 1, p, page_len) == -1); +- printf("sendfile64(0, 1, %#lx, %lu) = -1 EFAULT (%m)\n", +- (unsigned long) p, (unsigned long) page_len); ++ assert(syscall(__NR_sendfile64, 0, 1, p, page_size) == -1); ++ printf("sendfile64(0, 1, %p, %u) = -1 EFAULT (%m)\n", p, page_size); + + assert(syscall(__NR_sendfile64, sv[1], reg_in, NULL, alen) + == (long) alen); +- printf("sendfile64(%d, %d, NULL, %lu) = %lu\n", +- sv[1], reg_in, (unsigned long) alen, +- (unsigned long) alen); ++ printf("sendfile64(%d, %d, NULL, %u) = %u\n", ++ sv[1], reg_in, alen, alen); + + assert(syscall(__NR_sendfile64, sv[1], reg_in, p_off, alen) + == (long) alen); +- printf("sendfile64(%d, %d, [0] => [%lu], %lu) = %lu\n", +- sv[1], reg_in, (unsigned long) alen, +- (unsigned long) alen, (unsigned long) alen); ++ printf("sendfile64(%d, %d, [0] => [%u], %u) = %u\n", ++ sv[1], reg_in, alen, alen, alen); + +- assert(syscall(__NR_sendfile64, sv[1], reg_in, p_off, stb.st_size + 1) ++ assert(syscall(__NR_sendfile64, sv[1], reg_in, p_off, file_size + 1) + == (long) blen); +- printf("sendfile64(%d, %d, [%lu] => [%lu], %lu) = %lu\n", +- sv[1], reg_in, (unsigned long) alen, +- (unsigned long) stb.st_size, +- (unsigned long) stb.st_size + 1, +- (unsigned long) blen); ++ printf("sendfile64(%d, %d, [%u] => [%u], %u) = %u\n", ++ sv[1], reg_in, alen, file_size, file_size + 1, blen); + + *p_off = 0xcafef00dfacefeedULL; + assert(syscall(__NR_sendfile64, sv[1], reg_in, p_off, 1) == -1); diff -uNr a/kconfig/linux-4.9-x86_64-amd-server.config b/kconfig/linux-4.9-x86_64-amd-server.config --- a/kconfig/linux-4.9-x86_64-amd-server.config 1970-01-01 00:00:00 +0000 +++ b/kconfig/linux-4.9-x86_64-amd-server.config 1970-01-01 00:00:00 +0000 @@ -383,7 +383,7 @@ CONFIG_IOMMU_HELPER=y # CONFIG_MAXSMP is not set CONFIG_NR_CPUS=64 -# CONFIG_SCHED_SMT is not set +CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y # CONFIG_PREEMPT_NONE is not set # CONFIG_PREEMPT_VOLUNTARY is not set diff -uNr a/kconfig/seabios-1.9.3-qemu.config b/kconfig/seabios-1.9.3-qemu.config --- a/kconfig/seabios-1.9.3-qemu.config 1970-01-01 00:00:00 +0000 +++ b/kconfig/seabios-1.9.3-qemu.config 1970-01-01 00:00:00 +0000 @@ -0,0 +1,109 @@ +# +# Automatically generated file; DO NOT EDIT. +# SeaBIOS Configuration +# + +# +# General Features +# +# CONFIG_COREBOOT is not set +CONFIG_QEMU=y +# CONFIG_CSM is not set +CONFIG_QEMU_HARDWARE=y +CONFIG_XEN=y +# CONFIG_THREADS is not set +CONFIG_RELOCATE_INIT=y +CONFIG_BOOTMENU=y +# CONFIG_BOOTSPLASH is not set +# CONFIG_BOOTORDER is not set +# CONFIG_ENTRY_EXTRASTACK is not set +CONFIG_MALLOC_UPPERMEMORY=y +CONFIG_ROM_SIZE=0 + +# +# Hardware support +# +CONFIG_ATA=y +# CONFIG_ATA_DMA is not set +# CONFIG_ATA_PIO32 is not set +CONFIG_AHCI=y +CONFIG_SDCARD=y +CONFIG_VIRTIO_BLK=y +CONFIG_VIRTIO_SCSI=y +CONFIG_PVSCSI=y +CONFIG_ESP_SCSI=y +CONFIG_LSI_SCSI=y +# CONFIG_MEGASAS is not set +# CONFIG_FLOPPY is not set +# CONFIG_FLASH_FLOPPY is not set +CONFIG_PS2PORT=y +CONFIG_USB=y +CONFIG_USB_UHCI=y +CONFIG_USB_OHCI=y +CONFIG_USB_EHCI=y +# CONFIG_USB_XHCI is not set +CONFIG_USB_MSC=y +CONFIG_USB_UAS=y +CONFIG_USB_HUB=y +CONFIG_USB_KEYBOARD=y +CONFIG_SERIAL=y +# CONFIG_LPT is not set +CONFIG_RTC_TIMER=y +CONFIG_HARDWARE_IRQ=y +CONFIG_USE_SMM=y +CONFIG_CALL32_SMM=y +CONFIG_MTRR_INIT=y +# CONFIG_PMTIMER is not set +CONFIG_TSC_TIMER=y + +# +# BIOS interfaces +# +CONFIG_DRIVES=y +CONFIG_CDROM_BOOT=y +CONFIG_CDROM_EMU=y +CONFIG_PCIBIOS=y +CONFIG_APMBIOS=y +CONFIG_PNPBIOS=y +CONFIG_OPTIONROMS=y +# CONFIG_OPTIONROMS_DEPLOYED is not set +CONFIG_PMM=y +CONFIG_BOOT=y +CONFIG_KEYBOARD=y +CONFIG_KBD_CALL_INT15_4F=y +# CONFIG_MOUSE is not set +CONFIG_S3_RESUME=y +CONFIG_VGAHOOKS=y +# CONFIG_DISABLE_A20 is not set +# CONFIG_WRITABLE_UPPERMEMORY is not set +# CONFIG_TCGBIOS is not set + +# +# BIOS Tables +# +CONFIG_PIRTABLE=y +CONFIG_MPTABLE=y +CONFIG_SMBIOS=y +CONFIG_ACPI=y +CONFIG_ACPI_DSDT=y +CONFIG_FW_ROMFILE_LOAD=y + +# +# VGA ROM +# +CONFIG_NO_VGABIOS=y +# CONFIG_VGA_STANDARD_VGA is not set +# CONFIG_VGA_CIRRUS is not set +# CONFIG_VGA_BOCHS is not set +# CONFIG_VGA_GEODEGX2 is not set +# CONFIG_VGA_GEODELX is not set +# CONFIG_BUILD_VGABIOS is not set +CONFIG_VGA_EXTRA_STACK_SIZE=512 + +# +# Debugging +# +CONFIG_DEBUG_LEVEL=1 +CONFIG_DEBUG_SERIAL=y +CONFIG_DEBUG_SERIAL_PORT=0x3f8 +CONFIG_DEBUG_IO=y