head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.156 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.154 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.152 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.150 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.148 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.146 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.144 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.142 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.140 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.138 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.136 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.134 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.132 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.130 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.128 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.126 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.124 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.122 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.120 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.118 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.3.0.116 pkgsrc-2021Q1-base:1.3 pkgsrc-2020Q4:1.3.0.114 pkgsrc-2020Q4-base:1.3 pkgsrc-2020Q3:1.3.0.112 pkgsrc-2020Q3-base:1.3 pkgsrc-2020Q2:1.3.0.108 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.3.0.88 pkgsrc-2020Q1-base:1.3 pkgsrc-2019Q4:1.3.0.110 pkgsrc-2019Q4-base:1.3 pkgsrc-2019Q3:1.3.0.106 pkgsrc-2019Q3-base:1.3 pkgsrc-2019Q2:1.3.0.104 pkgsrc-2019Q2-base:1.3 pkgsrc-2019Q1:1.3.0.102 pkgsrc-2019Q1-base:1.3 pkgsrc-2018Q4:1.3.0.100 pkgsrc-2018Q4-base:1.3 pkgsrc-2018Q3:1.3.0.98 pkgsrc-2018Q3-base:1.3 pkgsrc-2018Q2:1.3.0.96 pkgsrc-2018Q2-base:1.3 pkgsrc-2018Q1:1.3.0.94 pkgsrc-2018Q1-base:1.3 pkgsrc-2017Q4:1.3.0.92 pkgsrc-2017Q4-base:1.3 pkgsrc-2017Q3:1.3.0.90 pkgsrc-2017Q3-base:1.3 pkgsrc-2017Q2:1.3.0.86 pkgsrc-2017Q2-base:1.3 pkgsrc-2017Q1:1.3.0.84 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.82 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.80 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.78 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.3.0.76 pkgsrc-2016Q1-base:1.3 pkgsrc-2015Q4:1.3.0.74 pkgsrc-2015Q4-base:1.3 pkgsrc-2015Q3:1.3.0.72 pkgsrc-2015Q3-base:1.3 pkgsrc-2015Q2:1.3.0.70 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.68 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.66 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.64 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.62 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.60 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.58 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.56 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.54 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.52 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.50 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.48 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.46 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.44 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.42 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.40 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.38 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.36 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.34 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.32 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.30 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.28 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.26 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.24 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.22 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.20 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.18 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.16 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.14 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.12 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.10 pkgsrc-2008Q1:1.3.0.8 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.6 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.4 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.2 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.2.0.10 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.8 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.6 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.4 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.0.8 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.6 pkgsrc-2005Q3-base:1.1 pkgsrc-2005Q2:1.1.0.4 pkgsrc-2005Q2-base:1.1 pkgsrc-2005Q1:1.1.0.2; locks; strict; comment @# @; 1.3 date 2007.04.18.17.06.16; author ghen; state Exp; branches; next 1.2; 1.2 date 2006.03.02.21.03.39; author wiz; state Exp; branches; next 1.1; 1.1 date 2005.04.13.16.36.07; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.04.13.16.36.07; author snj; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.04.14.04.42.23; author snj; state Exp; branches; next ; desc @@ 1.3 log @Update to gld-1.7. Only one change over 1.6: Removed the KEEPDBOPEN option as it could lead to multiple instance of gld running when mail traffic is low and thus father process MYSQL connection timeout. Furthermore, after tests, efficency is the same. KEEPDBOPEN option is now silently ignored to forced to NO. @ text @$NetBSD$ --- server.c.orig 2006-05-01 22:43:10.000000000 +0200 +++ server.c @@@@ -210,7 +210,7 @@@@ if(SQLConnect(cnf->sqlhost,cnf->sqluser, return(-1); } -GetPeerIp(s,ip,buff); +GetPeerIp(s,ip,BLEN,buff,BLEN); // // We check if this IP is authorized to connect to us @@@@ -265,21 +265,34 @@@@ while(1==1) // Now, we are sure our buffer string length is no more than BLEN // as all parameters are defined also as buffers with a BLEN size // no buffer overflow is possible using strcpy . + // But what's the point. Protect it anyway. // if(strcmp(buff,"")==0) break; if(strncmp(buff,"request=",8)==0) - strcpy(request,buff+8); + { + strncpy(request,buff+8, sizeof(request)-1); + request[sizeof(request)-1] = '\0'; + } if(strncmp(buff,"sender=",7)==0) - strcpy(sender,buff+7); + { + strncpy(sender,buff+7, sizeof(sender)-1); + sender[sizeof(sender)-1] = '\0'; + } if(strncmp(buff,"recipient=",10)==0) - strcpy(recipient,buff+10); + { + strncpy(recipient,buff+10, sizeof(recipient)-1); + recipient[sizeof(recipient)-1] = '\0'; + } if(strncmp(buff,"client_address=",15)==0) - strcpy(ip,buff+15); + { + strncpy(ip,buff+15,sizeof(ip)-1); + ip[sizeof(ip)-1] = '\0'; + } } @@@@ -304,7 +317,11 @@@@ Quote(sender); // Now, we can safely use, str** functions // -if(sender[0]==0) strcpy(sender,"void@@void"); +if(sender[0]==0) + { + strncpy(sender,"void@@void",sizeof(sender)-1); + sender[sizeof(sender)-1] = '\0'; + } if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0) { @ 1.2 log @Update to 1.6: 16/09/2005 : V 1.6 - Removed the algorithm lightgreydomain as the new mxgrey does better and simpler - Removed the UPDATE option, now gld always update triplets. - Fixed a minor flaw in the MXGREY algorithm. - Now you can configure MXGREY to consider an ip as a safe MX after X succesful greylists instead of only 1 . (read gld.conf for details) - Now gld updates the counters only when mail is not greylisted - Added Training mode, read gld.conf for details - Now gld verify that if you supply a custom smtp code, it's a 4XX code otherwise gld discard it and use 450 . - If gld cannot connect to MySQL server on startup it will not refuse to run anymore, but will set keepdbopen to 0 and accept to run . - The sample config file provided now only listen to loopback only accept connection from localhost and runs as nobody/ nobody. WARNING: if you were using lightgreydomain algorithm, it has been discontinued use MXGREY in place, please read gld.conf for details. @ text @d1 1 a1 1 $NetBSD: patch-ad,v 1.1 2005/04/13 16:36:07 salo Exp $ d3 1 a3 1 --- server.c.orig 2005-09-16 12:17:59.000000000 +0200 d5 3 a7 2 @@@@ -208,7 +208,7 @@@@ long ts; int pid; a8 1 pid=getpid(); d14 1 a14 1 @@@@ -261,21 +261,34 @@@@ while(1==1) d53 1 a53 1 @@@@ -300,7 +313,11 @@@@ Quote(sender); @ 1.1 log @Split patch-ab to one patch per file. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- server.c.orig 2005-04-13 03:28:29.000000000 -0400 +++ server.c 2005-04-13 12:15:36.000000000 -0400 @@@@ -208,7 +208,7 @@@@ d14 1 a14 1 @@@@ -261,21 +261,34 @@@@ d53 1 a53 1 @@@@ -300,7 +313,11 @@@@ @ 1.1.2.1 log @file patch-ad was added on branch pkgsrc-2005Q1 on 2005-04-13 16:36:07 +0000 @ text @d1 65 @ 1.1.2.2 log @Pullup ticket 440 - requested by Lubomir Sedlacik security fix for gld Revisions pulled up: - pkgsrc/mail/gld/Makefile 1.5, 1.6 - pkgsrc/mail/gld/MESSAGE 1.4 - pkgsrc/mail/gld/PLIST 1.2 - pkgsrc/mail/gld/distinfo 1.3, 1.4, 1.5, 1.6, 1.7, 1.8 - pkgsrc/mail/gld/patches/patch-aa 1.2, 1.3, 1.4, 1.5 - pkgsrc/mail/gld/patches/patch-ab 1.1, 1.2, 1.3 - pkgsrc/mail/gld/patches/patch-ac 1.1 - pkgsrc/mail/gld/patches/patch-ad 1.1 - pkgsrc/mail/gld/patches/patch-ae 1.1 - pkgsrc/mail/gld/patches/patch-af 1.1 Module Name: pkgsrc Committed By: christos Date: Wed Apr 13 16:19:59 UTC 2005 Modified Files: pkgsrc/mail/gld: Makefile distinfo pkgsrc/mail/gld/patches: patch-aa Added Files: pkgsrc/mail/gld/patches: patch-ab Log Message: Update to 1.5 to fix security vulnerability issues. - Add more patches to totally eliminate strcpy(); this code is horrible. ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 16:36:07 UTC 2005 Modified Files: pkgsrc/mail/gld: distinfo pkgsrc/mail/gld/patches: patch-ab Added Files: pkgsrc/mail/gld/patches: patch-ac patch-ad patch-ae patch-af Log Message: Split patch-ab to one patch per file. ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 16:42:43 UTC 2005 Modified Files: pkgsrc/mail/gld: Makefile Log Message: Remove PKGREVISION. ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 17:00:14 UTC 2005 Modified Files: pkgsrc/mail/gld: distinfo pkgsrc/mail/gld/patches: patch-ab Log Message: Put the correct content into patch-ab.. *sigh* ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 17:07:49 UTC 2005 Modified Files: pkgsrc/mail/gld: PLIST distinfo pkgsrc/mail/gld/patches: patch-aa Log Message: Fix installation of sql scripts. This package needs more work.. (e.g., pgsql support) ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 17:12:08 UTC 2005 Modified Files: pkgsrc/mail/gld: distinfo pkgsrc/mail/gld/patches: patch-aa Log Message: Install all the correct files.. ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 17:14:01 UTC 2005 Modified Files: pkgsrc/mail/gld: distinfo pkgsrc/mail/gld/patches: patch-aa Log Message: Add rcsid. ---- Module Name: pkgsrc Committed By: salo Date: Wed Apr 13 17:30:28 UTC 2005 Modified Files: pkgsrc/mail/gld: MESSAGE Log Message: Point to the correct sql script. XXX: this should be reworked when pgsql support is added Style. @ text @a0 65 $NetBSD: patch-ad,v 1.1.2.1 2005/04/14 04:42:23 snj Exp $ --- server.c.orig 2005-04-13 03:28:29.000000000 -0400 +++ server.c 2005-04-13 12:15:36.000000000 -0400 @@@@ -208,7 +208,7 @@@@ int pid; pid=getpid(); -GetPeerIp(s,ip,buff); +GetPeerIp(s,ip,BLEN,buff,BLEN); // // We check if this IP is authorized to connect to us @@@@ -261,21 +261,34 @@@@ // Now, we are sure our buffer string length is no more than BLEN // as all parameters are defined also as buffers with a BLEN size // no buffer overflow is possible using strcpy . + // But what's the point. Protect it anyway. // if(strcmp(buff,"")==0) break; if(strncmp(buff,"request=",8)==0) - strcpy(request,buff+8); + { + strncpy(request,buff+8, sizeof(request)-1); + request[sizeof(request)-1] = '\0'; + } if(strncmp(buff,"sender=",7)==0) - strcpy(sender,buff+7); + { + strncpy(sender,buff+7, sizeof(sender)-1); + sender[sizeof(sender)-1] = '\0'; + } if(strncmp(buff,"recipient=",10)==0) - strcpy(recipient,buff+10); + { + strncpy(recipient,buff+10, sizeof(recipient)-1); + recipient[sizeof(recipient)-1] = '\0'; + } if(strncmp(buff,"client_address=",15)==0) - strcpy(ip,buff+15); + { + strncpy(ip,buff+15,sizeof(ip)-1); + ip[sizeof(ip)-1] = '\0'; + } } @@@@ -300,7 +313,11 @@@@ // Now, we can safely use, str** functions // -if(sender[0]==0) strcpy(sender,"void@@void"); +if(sender[0]==0) + { + strncpy(sender,"void@@void",sizeof(sender)-1); + sender[sizeof(sender)-1] = '\0'; + } if(strcmp(request,REQ)!=0 || recipient[0]==0 || ip[0]==0) { @