CVS commit: pkgsrc/mail/spamdyke

["Amitai Schlair" <schmonz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   schmonz
Date:           Sun May  3 14:22:08 UTC 2015

Modified Files:
        pkgsrc/mail/spamdyke: Makefile distinfo
        pkgsrc/mail/spamdyke/patches: patch-aa

Log Message:
Update to 5.0.1. From the changelog:

Fixed a typo in the README file for the OpenSSL "dhparam" command.  Thanks to
  Eric Shubert for reporting this one.
Removed unused variables from the dns* commands in the utils folder to fix
  compiler warnings.
Fixed a bug in read_file() that returned uninitialized pointers if a file
  contained blank lines or comments at the top, causing segfaults when they
  were free()d.  Thanks to Jeffrey Gordon and Quinn Comendant for reporting
  this one.
Changed the directory naming scheme in the "generator" program to include the
  flowchart step numbers in the name.  The old pattern was just too hard to
  follow visually and far too difficult to search for a specific test.
Added more steps to the recipient validation flowchart and spamdyke-qrv's
  recipient validation filter to correctly handle addresses that are forwarded
  to an external address.  Thanks to Stephen Marley for reporting this one.
Changed search_file() in spamdyke-qrv to return a "not found" result when the
  file does not exist, instead of an error.
Added a delay loop to exec_command_argv() in spamdyke and spamdyke-qrv to work
  around a race condition -- sometimes the child process will close its pipes
  in preparation for exiting and the parent's waitpid() will fire before the
  child has fully exited. This leads to erroneous returns showing the child
  has not exited when it really only needed another timeslice or two.  This is
  fixed by looping with nanosleep() to wait a few tenths of a second after
  seeing this return code.
Added a way to stop a test script run by creating a file named "stop".  This
  allows it to be stopped without killing the process and potentially leaving
  the test platform in a partially (mis)configured state.
Fixed the accessor function for the header-blacklist-entry and
  header-blacklist-file options to find their data in the filter_settings
  object instead of the option_set object.  This is because the data is moved
  from the option_set immediately after it is set so the blacklist effect is
  cumulative when set from configuration directories.  Reading from the wrong
  location meant the config-test feature was never testing those options at
  all.  Thanks to Stefan for reporting this one.
Fixed a pair of bugs in process_config_file(): one that would add empty values
  to the end of a list of blacklist/whitelist files if a directive was
  followed by a blank line and a commented-out directive (causing errors when
  the values are used), the other that would throw errors if a line in a
  configuration file contained only one space.  Thanks to Les Fenison for
  reporting these.
Fixed a bug in middleman() that would return an improper greeting when
  injecting both AUTH and STARTTLS banners into the EHLO response.  Clients
  seeing this improper greeting would hang forever and eventually timeout.
  Thanks to Elliot Denk for reporting this one and sending a patch!
Fixed a major thinko in smtp_filter that was carrying over the rejection data
  between recipients, even if a recipient had a configuration directory file
  that altered the overall configuration.  This was leading to some
  recipients being incorrectly rejected under very specific (and likely very
  rare) conditions, which just happened to be met on my own server.
Fixed a bug in copy_base_options that was not copying the "reason" data from
  the last rejection.
Fixed an infinite loop in dnsdummy when priorities over 0 are used.
Fixed a typo in dnsdummy that was truncating data when the verbose flags were
  used (weird, yes).
Changed dnsdummy to fork a child process to return each query.  This was the
  easiest solution to implement to allow new queries to be processed while
  waiting n seconds to send answers to previous queries.  This is a fragile
  and wasteful solution -- if dnsdummy were intended for production use, a
  queue would be a much better solution.
Changed all of the "verbose"-level error messages to include the name of the
  function, file and line that generated it.  Every other message prefixed
  with "ERROR" already did this, so this makes things more consistent.
Renamed all of the "FILTER" messages and added a new logging macro to print
  them named SPAMDYKE_LOG_FILTER().  This way they can continue to be output
  without function, file and line information.
Renamed the SPAMDYKE_LOG_CONFIG_TEST() macro to
  SPAMDYKE_LOG_CONFIG_TEST_ERROR() and changed it to use LOG_LEVEL_ERROR
  instead of having a special LOG_LEVEL_CONFIG_TEST setting.  This way the
  config-test messages can be changed to emit file, function and lines if
  needed (or not).
Added SPAMDYKE_LOG_CONFIG_TEST_INFO() and SPAMDYKE_LOG_CONFIG_TEST_VERBOSE()
  as analogs to SPAMDYKE_LOG_CONFIG_TEST_ERROR().
Changed dnsdummy to encode multiple answers in the same response, if its
  config file contains multiple matches for the same query.
Fixed a bug in dnsdummy that was adding extra bytes to the end of each
  answer.  This turned out to be covering a matching (compensating) bug in
  spamdyke's DNS parsing code.  I really hate it when that happens!
Fixed a serious bug in nihdns_expand() that was causing spamdyke to
  incorrectly parse DNS responses with multiple answers; it would use the
  first answer, then skip the wrong number of bytes, causing it to conclude
  any subsequent answers were corrupted.
Changed nihdns_expand() to return separate values for the number of bytes in
  the decoded string and the number of bytes the string occupies in the DNS
  packet.  Due to packet compression, the numbers can be very different.
Changed generator to add records to the named configuration so domains will
  resolve correctly during testing.  Since using port numbers in resolv.conf
  is not allowed, there is no easy way to use dnsdummy for these tests.
Discovered qmail-send does not check the percenthack or virtualdomains files
  when resolving forward addresses, only locals and assign.  Updated
  spamdyke-qrv to behave the same way.
Refined the success/failure detection in generator after learning more about
  qmail's behavior.  If only it had some kind of accurate documentation...
Extended the tests created by generator to also test conditions where
  spamdyke-qrv calls vpopmail to look up addresses.  This increased the
  number of spamdyke-qrv tests more than tenfold!
Added a "diagnostic output" flag to spamdyke-qrv to print the decision path
  it used to evaluate the address.  Also added a test to the test generator
  to compare the diagnostic output with the expected decision path, to
  catch tests that may be producing the desired effect for the wrong reason.
Fixed a bug in set_config_value() to make it possible to set
  CONFIG_TYPE_NAME_MULTIPLE options to "none" or unset specific values.
  Thanks to Konstantin for reporting this one.
Added flags to smtpdummy to advertise STARTTLS support in response to EHLO.
  It doesn't actually do TLS, it just advertises it.
Fixed smtp_filter() to block a client's STARTTLS command if tls-level is
  "none".  Thanks to Les Fenison for reporting this one.
Added a flag to the configure script for both spamdyke and spamdyke-qrv to
  compile with the address sanitizer library to catch memory access errors.
  Adjusted the version string to show when the sanitizer is in use.
Changed the test scripts to always compile spamdyke with the address
  sanitizer (if available) when testing.  The tests run a lot slower, but
  the sanitizer is too awesome to not use.
Fixed a buffer underrun in examine_entry that was causing segfaults when
  searching files where wildcards are allowed at the beginning of the lines.
  Thanks to Dirk Kannapinn for reporting this one.
Discovered a horrible problem with snprintf()'s %n format -- it returns the
  number of bytes it _would_have_ written *if* there were infinite space, not
  the number of bytes *actually* written as the man page states.  So using %n
  at the end of the format string as a substitute for immediately calling
  strlen() is not safe.  Good thing I don't ever do that, right? ...wait,
  I use that feature EVERYWHERE! (grrrrr)  Thanks to the Google Address
  Sanitizer team for finding this one.  Whoever implemented the %n feature
  in glibc can report to me any time for a free punch in the throat.
  I want my weekend back.
Reverted the (apparently) useless change from 4.3.0 to use %n in snprintf()
  instead of the return value and replaced snprintf() with a macro named
  SNPRINTF() that explicitly compares the return value with the size of the
  buffer and returns the number of bytes ACTUALLY written.
Fixed a harmless buffer overrun in sub_examine_tcprules_entry() that could
  have overwritten one byte of another variable on the stack with a null
  byte.  Since the address was valid and that other variable is set just
  after the overwrite anyway, it wasn't actually a problem.  But fixing it
  makes the address sanitizer happy, so it's fixed.
Fixed a pair of huge buffer overruns in config_test_file_read() and
  config_test_file_read_write() that could load 63K of file contents past
  the end of the buffer (on the stack).  Fortunately, these functions are
  only used by the config-test feature, never during normal operation.
Fixed a buffer overflow in find_address() that would overwrite a single byte
  in the caller's stack with a null byte when parsing BATV addresses.  From
  what I can tell, the effect of this bug would be to either truncate the
  parsed address or cause a segfault.
Added undo_softlimit() to try to increase the "soft" limits on address space,
  stack size and memory size to maximum if they are less than infinite (and
  squawk if they cannot be reset to maximum).  This will (hopefully) prevent
  problems caused by DJB's "softlimit" program, which is a useless piece of
  trash many qmail install guides *still* recommend using.
Fixed a bug in the logging code of tls_read() that was using an "error"
  message to log at "verbose" level.  The error message had more printf()
  format specifiers than the verbose logger was providing, which was leading
  to segfaults when the message was printed.  Many thanks to Konstanin for
  a lot of help tracking this one down.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/mail/spamdyke/Makefile
cvs rdiff -u -r1.29 -r1.30 pkgsrc/mail/spamdyke/distinfo
cvs rdiff -u -r1.11 -r1.12 pkgsrc/mail/spamdyke/patches/patch-aa

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.