From: Wietse Venema Date: Sat, 6 Feb 2016 05:00:00 +0000 (-0500) Subject: postfix-3.1-20160206 X-Git-Tag: v3.1.0-RC1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f80c418ec55669c8b4da60830be8dfd3a97f565;p=thirdparty%2Fpostfix.git postfix-3.1-20160206 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index c881e8b67..e6137ac5f 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -22128,3 +22128,21 @@ Apologies for any names omitted. Robustness: force html2text to produce ASCII output. File: mantools/html2readme. + +20150118 + + Bitrot: OpenSSL 1.1.0-dev (aka the "master" branch) has new + security levels ranging from 0 to 5. Level "0" is backwards + compatible, and other levels are increasingly restrictive. + Viktor Dukhovni. Files: tls/tls_server.c, tls/tls_client.c. + +20161205 + + Portability: Postfix TLS support uses /dev/urandom if + available and no system-specific setting exists in sys_defs.h. + Files: makedefs, util/sys_defs.h. + +20161206 + + Portability: added a tls_random_source default setting for + MacOS X. Viktor Dukhovni. File: util/sys_defs.h. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 28b6b8808..5483dda1a 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -6,6 +6,11 @@ Wish list: Disable -DSNAPSHOT and -DNONPROD in makedefs. + Fix bold "[" and "]" in manpages; these are not part of the + command line. + + Add Google credits to manpages. + Remove this file from the stable release. Things to do after the stable release: @@ -13,12 +18,9 @@ Wish list: Specify WARN_UNUSED_RESULT for all library functions that pass, deliver, bounce or defer a delivery request. - Specify WARN_UNUSED_RESULT for mac_expand(), after making - smtp_reply_footer() undoable. - - Type-checking wrappers for htable(3), ctable(3) and other - modules that take and return a void* pointer. This is - the next best thing to C++ style HTABLE. + Invent some kind of type-checking wrappers for htable(3), + ctable(3) and other modules that take and return a void* + pointer. We already did that for variadic functions. TLS certificate provenance: indicate whether a subject name/issuer are verified or not (for example, change the diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 225f590f0..329115f7e 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -505,5 +505,10 @@ CLEANUP(8) CLEANUP(8) P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + CLEANUP(8) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 986a82296..71efd79ab 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4094,7 +4094,7 @@ configuration parameter. See there for details.

lmtp_address_verify_target (default: rcpt)
-

The LMTP-specific version of the smtp_dns_support_level +

The LMTP-specific version of the smtp_address_verify_target configuration parameter. See there for details.

This feature is available in Postfix 3.0 and later.

diff --git a/postfix/html/postfix.1.html b/postfix/html/postfix.1.html index 2107ca25f..2faefd2ed 100644 --- a/postfix/html/postfix.1.html +++ b/postfix/html/postfix.1.html @@ -60,7 +60,7 @@ POSTFIX(1) POSTFIX(1) status Indicate if the Postfix mail system is currently running. - set-permissions [name=value ...] + set-permissions [name=value ...] Set the ownership and permissions of Postfix related files and directories, as specified in the postfix-files file. @@ -73,7 +73,7 @@ POSTFIX(1) POSTFIX(1) fix 2.0 and earlier, use "$config_directory/post-install set-permissions". - upgrade-configuration [name=value ...] + upgrade-configuration [name=value ...] Update the main.cf and master.cf files with information that Postfix needs in order to run: add or update services, and add or update configuration parameter settings. @@ -339,6 +339,11 @@ POSTFIX(1) POSTFIX(1) P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + TLS support by: Lutz Jaenicke Brandenburg University of Technology diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 87d9a2e10..c0679b100 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -1292,6 +1292,11 @@ SMTPD(8) SMTPD(8) P.O. Box 704 Yorktown Heights, NY 10598, USA + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + SASL support originally by: Till Franke SuSE Rhein/Main AG diff --git a/postfix/makedefs b/postfix/makedefs index be79708ee..aefe63acd 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -798,6 +798,11 @@ esac # ;; #esac +# +# We don't know all systems that have /dev/urandom, so we probe. +# +test -r /dev/urandom && CCARGS="$CCARGS -DHAS_DEV_URANDOM" + # # PCRE 3.x has a pcre-config utility so we don't have to guess. # diff --git a/postfix/man/man1/postfix.1 b/postfix/man/man1/postfix.1 index dec2fafcf..c01a8445e 100644 --- a/postfix/man/man1/postfix.1 +++ b/postfix/man/man1/postfix.1 @@ -60,7 +60,7 @@ Re\-read configuration files. Running processes terminate at their earliest convenience. .IP \fBstatus\fR Indicate if the Postfix mail system is currently running. -.IP "\fBset\-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +.IP "\fBset\-permissions\fR [\fIname\fR=\fIvalue ...\fR] Set the ownership and permissions of Postfix related files and directories, as specified in the \fBpostfix\-files\fR file. .sp @@ -72,7 +72,7 @@ already installed Postfix system. This feature is available in Postfix 2.1 and later. With Postfix 2.0 and earlier, use "\fB$config_directory/post\-install set\-permissions\fR". -.IP "\fBupgrade\-configuration\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +.IP "\fBupgrade\-configuration\fR [\fIname\fR=\fIvalue ...\fR] Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information that Postfix needs in order to run: add or update services, and add or update configuration parameter settings. @@ -333,6 +333,11 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + TLS support by: Lutz Jaenicke Brandenburg University of Technology diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 8f3666235..938fdf7f9 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2525,7 +2525,7 @@ configuration parameter. See there for details. .PP This feature is available in Postfix 2.8 and later. .SH lmtp_address_verify_target (default: rcpt) -The LMTP\-specific version of the smtp_dns_support_level +The LMTP\-specific version of the smtp_address_verify_target configuration parameter. See there for details. .PP This feature is available in Postfix 3.0 and later. diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index f59a0da12..18d32beaf 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -461,3 +461,8 @@ Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 5e4b86a56..0057c5478 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -1139,6 +1139,11 @@ IBM T.J. Watson Research P.O. Box 704 Yorktown Heights, NY 10598, USA +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + SASL support originally by: Till Franke SuSE Rhein/Main AG diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 09e5f0ebb..21b3c47a4 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -15571,7 +15571,7 @@ SMTP/LMTP servers.

%PARAM lmtp_address_verify_target rcpt -

The LMTP-specific version of the smtp_dns_support_level +

The LMTP-specific version of the smtp_address_verify_target configuration parameter. See there for details.

This feature is available in Postfix 3.0 and later.

diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index ffd448bf2..59b29eb97 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -419,6 +419,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c index 5bae3587b..20e14676c 100644 --- a/postfix/src/cleanup/cleanup_init.c +++ b/postfix/src/cleanup/cleanup_init.c @@ -71,6 +71,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index fb371222e..b7a279e97 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -72,6 +72,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/dns/dns_strrecord.c b/postfix/src/dns/dns_strrecord.c index 370850917..6b8e9893e 100644 --- a/postfix/src/dns/dns_strrecord.c +++ b/postfix/src/dns/dns_strrecord.c @@ -24,6 +24,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/dns/test_dns_lookup.c b/postfix/src/dns/test_dns_lookup.c index e927eda24..ee5863bda 100644 --- a/postfix/src/dns/test_dns_lookup.c +++ b/postfix/src/dns/test_dns_lookup.c @@ -19,6 +19,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/global/conv_time.c b/postfix/src/global/conv_time.c index 313ac1fdd..78a40b565 100644 --- a/postfix/src/global/conv_time.c +++ b/postfix/src/global/conv_time.c @@ -35,6 +35,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/global/mail_conf_time.c b/postfix/src/global/mail_conf_time.c index 0d9118a36..7829c8929 100644 --- a/postfix/src/global/mail_conf_time.c +++ b/postfix/src/global/mail_conf_time.c @@ -78,6 +78,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ef709a4ba..542d39985 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20160117" +#define MAIL_RELEASE_DATE "20160206" #define MAIL_VERSION_NUMBER "3.1" #ifdef SNAPSHOT diff --git a/postfix/src/global/smtp_reply_footer.c b/postfix/src/global/smtp_reply_footer.c index ee3f3bf85..ad41a7793 100644 --- a/postfix/src/global/smtp_reply_footer.c +++ b/postfix/src/global/smtp_reply_footer.c @@ -233,7 +233,7 @@ struct test_case { #define BAD_SMTP (-1) #define BAD_MACRO (-2) -static struct test_case test_cases[] = { +static const struct test_case test_cases[] = { {"missing reply", "", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0}, {"long smtp_code", "1234 foo", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0}, {"short smtp_code", "12 foo", NO_TEMPLATE, NO_FILTER, BAD_SMTP, 0}, diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c index 969feef35..64836d463 100644 --- a/postfix/src/milter/milter.c +++ b/postfix/src/milter/milter.c @@ -230,6 +230,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/milter/milter.h b/postfix/src/milter/milter.h index 9ef5d35cb..9ce7f40ae 100644 --- a/postfix/src/milter/milter.h +++ b/postfix/src/milter/milter.h @@ -209,6 +209,11 @@ extern void milter_free(MILTERS *); /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ #endif diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 7e50fdbc0..f304a4a3f 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -54,7 +54,7 @@ /* earliest convenience. /* .IP \fBstatus\fR /* Indicate if the Postfix mail system is currently running. -/* .IP "\fBset-permissions\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +/* .IP "\fBset-permissions\fR [\fIname\fR=\fIvalue ...\fR] /* Set the ownership and permissions of Postfix related files and /* directories, as specified in the \fBpostfix-files\fR file. /* .sp @@ -66,7 +66,7 @@ /* This feature is available in Postfix 2.1 and later. With /* Postfix 2.0 and earlier, use "\fB$config_directory/post-install /* set-permissions\fR". -/* .IP "\fBupgrade-configuration\fR \fB[\fIname\fR=\fIvalue ...\fB]\fR +/* .IP "\fBupgrade-configuration\fR [\fIname\fR=\fIvalue ...\fR] /* Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information /* that Postfix needs in order to run: add or update services, and add /* or update configuration parameter settings. @@ -313,6 +313,11 @@ /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/* /* TLS support by: /* Lutz Jaenicke /* Brandenburg University of Technology diff --git a/postfix/src/postscreen/postscreen.h b/postfix/src/postscreen/postscreen.h index ceb2a2571..2e4585b5c 100644 --- a/postfix/src/postscreen/postscreen.h +++ b/postfix/src/postscreen/postscreen.h @@ -582,4 +582,9 @@ extern void psc_endpt_lookup(VSTREAM *, PSC_ENDPT_LOOKUP_FN); /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ diff --git a/postfix/src/postscreen/postscreen_early.c b/postfix/src/postscreen/postscreen_early.c index c4e1a80d7..36c3d5cd6 100644 --- a/postfix/src/postscreen/postscreen_early.c +++ b/postfix/src/postscreen/postscreen_early.c @@ -25,6 +25,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index e19a586bf..c34ab633a 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1073,6 +1073,11 @@ /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA +/* /* SASL support originally by: /* Till Franke /* SuSE Rhein/Main AG diff --git a/postfix/src/smtpd/smtpd_milter.c b/postfix/src/smtpd/smtpd_milter.c index bd0fb2c13..5e421e9ca 100644 --- a/postfix/src/smtpd/smtpd_milter.c +++ b/postfix/src/smtpd/smtpd_milter.c @@ -25,6 +25,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index b536e82c6..3dcd18fe6 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -115,6 +115,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h index 17c461386..768dc1459 100644 --- a/postfix/src/tls/tls.h +++ b/postfix/src/tls/tls.h @@ -89,11 +89,10 @@ extern const char *str_tls_level(int); #endif /* Backwards compatibility with OpenSSL < 1.1.0 */ -#ifdef SSLEAY_VERSION_NUMBER -#define OpenSSL_version_num SSLeay -#endif - #if OPENSSL_VERSION_NUMBER < 0x10100000L +#define OpenSSL_version_num SSLeay +#define OpenSSL_version SSLeay_version +#define OPENSSL_VERSION SSLEAY_VERSION #define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #endif @@ -308,7 +307,6 @@ extern void tls_free_app_context(TLS_APPL_STATE *); /* * tls_misc.c */ - extern void tls_param_init(void); /* diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 6cb39559d..24a4fc558 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -364,6 +364,11 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) return (0); } +#ifdef SSL_SECOP_PEER + /* Backwards compatible security as a base for opportunistic TLS. */ + SSL_CTX_set_security_level(client_ctx, 0); +#endif + /* * See the verify callback in tls_verify.c */ @@ -946,6 +951,12 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) if (protomask != 0) SSL_set_options(TLScontext->con, TLS_SSL_OP_PROTOMASK(protomask)); +#ifdef SSL_SECOP_PEER + /* When authenticating the peer, use 80-bit plus OpenSSL security level */ + if (TLS_MUST_MATCH(props->tls_level)) + SSL_set_security_level(TLScontext->con, 1); +#endif + /* * XXX To avoid memory leaks we must always call SSL_SESSION_free() after * calling SSL_set_session(), regardless of whether or not the session diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 0a78ae653..44146bbbc 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -446,6 +446,11 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) return (0); } +#ifdef SSL_SECOP_PEER + /* Backwards compatible security as a base for opportunistic TLS. */ + SSL_CTX_set_security_level(server_ctx, 0); +#endif + /* * See the verify callback in tls_verify.c */ @@ -754,6 +759,12 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props) return (0); } +#ifdef SSL_SECOP_PEER + /* When authenticating the peer, use 80-bit plus OpenSSL security level */ + if (props->requirecert) + SSL_set_security_level(TLScontext->con, 1); +#endif + /* * Before really starting anything, try to seed the PRNG a little bit * more. @@ -883,6 +894,22 @@ TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext) TLScontext->peer_pkey_fprint); } X509_free(peer); + + /* + * Give them a clue. Problems with trust chain verification are logged + * when the session is first negotiated, before the session is stored + * into the cache. We don't want mystery failures, so log the fact the + * real problem is to be found in the past. + */ + if (!TLS_CERT_IS_TRUSTED(TLScontext) + && (TLScontext->log_mask & TLS_LOG_UNTRUSTED)) { + if (TLScontext->session_reused == 0) + tls_log_verify_error(TLScontext); + else + msg_info("%s: re-using session with untrusted certificate, " + "look for details earlier in the log", + TLScontext->namaddr); + } } else { TLScontext->peer_CN = mystrdup(""); TLScontext->issuer_CN = mystrdup(""); diff --git a/postfix/src/trivial-rewrite/resolve.c b/postfix/src/trivial-rewrite/resolve.c index 2c65c2caf..70c3fdcaa 100644 --- a/postfix/src/trivial-rewrite/resolve.c +++ b/postfix/src/trivial-rewrite/resolve.c @@ -44,6 +44,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/util/attr_print0.c b/postfix/src/util/attr_print0.c index a916bca7b..27fb7beac 100644 --- a/postfix/src/util/attr_print0.c +++ b/postfix/src/util/attr_print0.c @@ -80,6 +80,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/util/attr_print64.c b/postfix/src/util/attr_print64.c index fc3442ec9..b2181d740 100644 --- a/postfix/src/util/attr_print64.c +++ b/postfix/src/util/attr_print64.c @@ -80,6 +80,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/util/attr_print_plain.c b/postfix/src/util/attr_print_plain.c index 12cde7235..fef0def3d 100644 --- a/postfix/src/util/attr_print_plain.c +++ b/postfix/src/util/attr_print_plain.c @@ -80,6 +80,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/util/mac_expand.h b/postfix/src/util/mac_expand.h index 5efc3965b..f65e63cc6 100644 --- a/postfix/src/util/mac_expand.h +++ b/postfix/src/util/mac_expand.h @@ -8,8 +8,8 @@ /* expand macro references in string /* SYNOPSIS /* #include - DESCRIPTION - .nf +/* DESCRIPTION +/* .nf /* * Utility library. diff --git a/postfix/src/util/mac_parse.h b/postfix/src/util/mac_parse.h index e016ea792..2d7b4ad48 100644 --- a/postfix/src/util/mac_parse.h +++ b/postfix/src/util/mac_parse.h @@ -8,8 +8,8 @@ /* locate macro references in string /* SYNOPSIS /* #include - DESCRIPTION - .nf +/* DESCRIPTION +/* .nf /* * Utility library. diff --git a/postfix/src/util/scan_dir.c b/postfix/src/util/scan_dir.c index 432c9f4f6..d94c67469 100644 --- a/postfix/src/util/scan_dir.c +++ b/postfix/src/util/scan_dir.c @@ -58,6 +58,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/util/strcasecmp_utf8.c b/postfix/src/util/strcasecmp_utf8.c index 07e576a55..e3f20dfb4 100644 --- a/postfix/src/util/strcasecmp_utf8.c +++ b/postfix/src/util/strcasecmp_utf8.c @@ -59,6 +59,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index 569289eb1..a33fa94fe 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -260,6 +260,7 @@ #define HAVE_POSIX_GETPW_R #endif #define HAS_DLOPEN +#define PREFERRED_RAND_SOURCE "dev:/dev/urandom" #endif /* @@ -1374,6 +1375,14 @@ extern int inet_pton(int, const char *, void *); */ #ifndef NO_WATCHDOG_PIPE #define USE_WATCHDOG_PIPE +#endif + + /* + * If we don't have defined a preferred random device above, but the system + * has /dev/urandom, then we use that. + */ +#if !defined(PREFERRED_RAND_SOURCE) && defined(HAS_DEV_URANDOM) +#define PREFERRED_RAND_SOURCE "dev:/dev/urandom" #endif /* diff --git a/postfix/src/xsasl/xsasl.h b/postfix/src/xsasl/xsasl.h index ead9a9b3e..976a676ae 100644 --- a/postfix/src/xsasl/xsasl.h +++ b/postfix/src/xsasl/xsasl.h @@ -132,6 +132,11 @@ extern ARGV *xsasl_client_types(void); /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ #endif diff --git a/postfix/src/xsasl/xsasl_cyrus_server.c b/postfix/src/xsasl/xsasl_cyrus_server.c index 4d61b457c..95c470d32 100644 --- a/postfix/src/xsasl/xsasl_cyrus_server.c +++ b/postfix/src/xsasl/xsasl_cyrus_server.c @@ -47,6 +47,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */ diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c index 643c84349..226cf11a6 100644 --- a/postfix/src/xsasl/xsasl_dovecot_server.c +++ b/postfix/src/xsasl/xsasl_dovecot_server.c @@ -41,6 +41,11 @@ /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA +/* +/* Wietse Venema +/* Google, Inc. +/* 111 8th Avenue +/* New York, NY 10011, USA /*--*/ /* System library. */