- update to 8.16.1

author: Dirk Meyer <dinoex@FreeBSD.org> 2020-07-05 14:13:41 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2020-07-05 14:13:41 +0000
commit: 7dca9547aa6ca885de53a2f5e7ba6d1938cf8293 (patch)
tree: 7fa904c9d9e0aa9212692ace3cb8f8c0457af52c /mail/sendmail/files
parent: - keep STAGEDIR clean (diff)
13 files changed, 62 insertions, 837 deletions
diff --git a/mail/sendmail/files/patch-FreeBSD b/mail/sendmail/files/patch-FreeBSD
index 774593e6bc7a..af2de14b88e2 100644
--- a/mail/sendmail/files/patch-FreeBSD
+++ b/mail/sendmail/files/patch-FreeBSD
@@ -1,6 +1,6 @@
---- devtools/OS/FreeBSD.orig	2014-03-05 00:59:45 UTC
+--- devtools/OS/FreeBSD.orig	2020-05-19 19:54:32 UTC
 +++ devtools/OS/FreeBSD
-@@ -6,7 +6,7 @@ dnl	Place personal settings in devtools/
+@@ -6,7 +6,7 @@ dnl	Place personal settings in devtools/Site/site.conf
  define(`confMAPDEF', `-DNEWDB -DNIS -DMAP_REGEX')
  define(`confLIBS', `-lutil')
  
diff --git a/mail/sendmail/files/patch-Makefile.m4 b/mail/sendmail/files/patch-Makefile.m4
index a7c131221be2..7f14fa5534f9 100644
--- a/mail/sendmail/files/patch-Makefile.m4
+++ b/mail/sendmail/files/patch-Makefile.m4
@@ -1,9 +1,9 @@
---- sendmail/Makefile.m4.orig	2015-06-19 12:59:29 UTC
+--- sendmail/Makefile.m4.orig	2020-06-08 08:35:03 UTC
 +++ sendmail/Makefile.m4
-@@ -7,14 +7,14 @@ bldPRODUCT_START(`executable', `sendmail
+@@ -7,14 +7,14 @@ bldPRODUCT_START(`executable', `sendmail')
  define(`bldBIN_TYPE', `G')
  define(`bldINSTALL_DIR', `')
- define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
+ define(`bldSOURCES', `main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c ')
 +APPENDDEF(`bldSOURCES',`blacklist.c ')
  PREPENDDEF(`confENVDEF', `confMAPDEF')
  bldPUSH_SMLIB(`sm')
diff --git a/mail/sendmail/files/patch-cfhead.m4 b/mail/sendmail/files/patch-cfhead.m4
index ee63fbdb26f4..4d24bce603ea 100644
--- a/mail/sendmail/files/patch-cfhead.m4
+++ b/mail/sendmail/files/patch-cfhead.m4
@@ -1,6 +1,6 @@
---- cf/m4/cfhead.m4.orig	2015-02-28 00:20:38 UTC
+--- cf/m4/cfhead.m4.orig	2020-05-19 19:54:31 UTC
 +++ cf/m4/cfhead.m4
-@@ -269,7 +269,8 @@ define(`_REC_AUTH_', `$.$?{auth_type}(au
+@@ -278,7 +278,8 @@ define(`_REC_AUTH_', `$.$?{auth_type}(authenticated')
  define(`_REC_FULL_AUTH_', `$.$?{auth_type}(user=${auth_authen} $?{auth_author}author=${auth_author} $.mech=${auth_type}')
  define(`_REC_HDR_', `$?sfrom $s $.$?_($?s$|from $.$_)')
  define(`_REC_END_', `for $u; $|;
diff --git a/mail/sendmail/files/patch-mail.local.c b/mail/sendmail/files/patch-mail.local.c
index 5e7b7daaa652..dc0870d26581 100644
--- a/mail/sendmail/files/patch-mail.local.c
+++ b/mail/sendmail/files/patch-mail.local.c
@@ -1,6 +1,6 @@
---- mail.local/mail.local.c.orig	2014-06-12 17:30:47 UTC
+--- mail.local/mail.local.c.orig	2020-04-30 11:52:48 UTC
 +++ mail.local/mail.local.c
-@@ -153,6 +153,8 @@ int	ExitVal = EX_OK;		/* sysexits.h erro
+@@ -153,6 +153,8 @@ int	ExitVal = EX_OK;		/* sysexits.h error value. */
  bool	HoldErrs = false;		/* Hold errors in ErrBuf */
  bool	LMTPMode = false;
  bool	BounceQuota = false;		/* permanent error when over quota */
@@ -19,10 +19,10 @@
  #  if _FFR_SPOOL_PATH
 -	while ((ch = getopt(argc, argv, "7bdD:f:h:r:lp:")) != -1)
 +	while ((ch = getopt(argc, argv, "7bBdD:f:h:r:lsp:")) != -1)
- #  else /* _FFR_SPOOL_PATH */
+ #  else
 -	while ((ch = getopt(argc, argv, "7bdD:f:h:r:l")) != -1)
 +	while ((ch = getopt(argc, argv, "7bBdD:f:h:r:ls")) != -1)
- #  endif /* _FFR_SPOOL_PATH */
+ #  endif
  #endif /* HASHSPOOL */
  	{
 @@ -249,6 +251,10 @@ main(argc, argv)
@@ -89,9 +89,9 @@
  # if _FFR_SPOOL_PATH
 -	mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] [-p path] user ...");
 +	mailerr(NULL, "usage: mail.local [-7] [-b] [-B] [-d] [-l] [-s] [-f from|-r from] [-h filename] [-p path] user ...");
- # else /* _FFR_SPOOL_PATH */
+ # else
 -	mailerr(NULL, "usage: mail.local [-7] [-b] [-d] [-l] [-f from|-r from] [-h filename] user ...");
 +	mailerr(NULL, "usage: mail.local [-7] [-b] [-B] [-d] [-l] [-s] [-f from|-r from] [-h filename] user ...");
- # endif /* _FFR_SPOOL_PATH */
+ # endif
  	sm_exit(ExitVal);
  }
diff --git a/mail/sendmail/files/patch-readcf.c b/mail/sendmail/files/patch-readcf.c
index a6aad5c00495..3eb727ec8127 100644
--- a/mail/sendmail/files/patch-readcf.c
+++ b/mail/sendmail/files/patch-readcf.c
@@ -1,26 +1,26 @@
---- sendmail/readcf.c.orig	2015-06-17 16:51:58 UTC
+--- sendmail/readcf.c.orig	2020-06-02 09:41:43 UTC
 +++ sendmail/readcf.c
-@@ -2910,6 +2910,10 @@ static struct optioninfo
+@@ -2979,6 +2979,10 @@ static struct optioninfo
+ 	{ "SetCertAltnames",			O_CHECKALTNAMES, OI_NONE },
  #endif
- #define O_USECOMPRESSEDIPV6ADDRESSES 0xec
- 	{ "UseCompressedIPv6Addresses",	O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE },
+ 
 +#if USE_BLACKLIST
 +# define O_BLACKLIST		0xf2
 +	{ "UseBlacklist",	O_BLACKLIST,	OI_NONE	},
 +#endif
- 
  	{ NULL,				'\0',		OI_NONE	}
  };
-@@ -4540,6 +4544,12 @@ setoption(opt, val, safe, sticky, e)
- 		UseCompressedIPv6Addresses = atobool(val);
- 		break;
  
+@@ -4678,6 +4682,12 @@ setoption(opt, val, safe, sticky, e)
+ 		SetCertAltnames = atobool(val);
+ 		break;
+ # endif
++
 +#if USE_BLACKLIST
 +	  case O_BLACKLIST:
 +		UseBlacklist = atobool(val);
 +		break;
 +#endif
-+
+ 
  	  default:
  		if (tTd(37, 1))
- 		{
diff --git a/mail/sendmail/files/patch-sendmail.h b/mail/sendmail/files/patch-sendmail.h
index 17e55f10fcf3..311efa6e5e43 100644
--- a/mail/sendmail/files/patch-sendmail.h
+++ b/mail/sendmail/files/patch-sendmail.h
@@ -1,7 +1,7 @@
---- sendmail/sendmail.h.orig	2015-06-19 12:59:29 UTC
+--- sendmail/sendmail.h.orig	2020-07-02 05:00:37 UTC
 +++ sendmail/sendmail.h
-@@ -57,6 +57,10 @@ SM_UNUSED(static char SmailId[]) = "@(#)
- #endif /* _DEFINE */
+@@ -63,6 +63,10 @@ SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.
+ #endif
  
  #include "bf.h"
 +#if USE_BLACKLIST
@@ -11,14 +11,14 @@
  #include "timers.h"
  #include <sm/exc.h>
  #include <sm/heap.h>
-@@ -2544,6 +2548,10 @@ EXTERN int ConnectionRateWindowSize;
- EXTERN bool	SSLEngineInitialized;
- #endif /* STARTTLS && USE_OPENSSL_ENGINE */
+@@ -2575,6 +2579,10 @@ EXTERN int Hacks;	/* bit field of run-time enabled "ha
+ #endif
  
+ EXTERN int ConnectionRateWindowSize;
++
 +#if USE_BLACKLIST
 +EXTERN bool	UseBlacklist;
 +#endif
-+
+ 
  /*
  **  Declarations of useful functions
- */
diff --git a/mail/sendmail/files/patch-sm_os_freebsd.h b/mail/sendmail/files/patch-sm_os_freebsd.h
deleted file mode 100644
index 61252bd01116..000000000000
--- a/mail/sendmail/files/patch-sm_os_freebsd.h
+++ /dev/null
@@ -1,14 +0,0 @@
---- include/sm/os/sm_os_freebsd.h.orig	2014-03-05 00:59:45 UTC
-+++ include/sm/os/sm_os_freebsd.h
-@@ -34,7 +34,11 @@
- # define SM_CONF_SHM	1
- #endif /* SM_CONF_SHM */
- #ifndef SM_CONF_SEM
-+#if __FreeBSD_version < 1200059
- # define SM_CONF_SEM	1
-+#else
-+# define SM_CONF_SEM	2
-+#endif
- #endif /* SM_CONF_SEM */
- #ifndef SM_CONF_MSG
- # define SM_CONF_MSG	1
diff --git a/mail/sendmail/files/patch-smrsh.8 b/mail/sendmail/files/patch-smrsh.8
index 5ca6c4c08f98..57ec6349f31e 100644
--- a/mail/sendmail/files/patch-smrsh.8
+++ b/mail/sendmail/files/patch-smrsh.8
@@ -1,4 +1,4 @@
---- smrsh/smrsh.8.orig	2014-03-05 00:59:45 UTC
+--- smrsh/smrsh.8.orig	2020-05-19 19:54:33 UTC
 +++ smrsh/smrsh.8
 @@ -39,7 +39,7 @@ Briefly,
  .I smrsh
@@ -9,7 +9,7 @@
  allowing the system administrator to choose the set of acceptable commands,
  and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
  It also rejects any commands with the characters
-@@ -50,13 +50,12 @@ It allows ``||'' and ``&&'' to enable co
+@@ -50,13 +50,12 @@ It allows ``||'' and ``&&'' to enable commands like:
  ``"|exec /usr/local/bin/filter || exit 75"''
  .PP
  Initial pathnames on programs are stripped,
diff --git a/mail/sendmail/files/patch-srvrsmtp.c b/mail/sendmail/files/patch-srvrsmtp.c
index bf17a35e1e3b..68a6cc63e15f 100644
--- a/mail/sendmail/files/patch-srvrsmtp.c
+++ b/mail/sendmail/files/patch-srvrsmtp.c
@@ -1,16 +1,16 @@
---- sendmail/srvrsmtp.c.orig	2015-03-18 11:47:12 UTC
+--- sendmail/srvrsmtp.c.orig	2020-06-08 08:35:03 UTC
 +++ sendmail/srvrsmtp.c
-@@ -831,6 +831,9 @@ smtp(nullserver, d_flags, e)
+@@ -906,6 +906,9 @@ smtp(nullserver, d_flags, e)
  #if _FFR_BADRCPT_SHUTDOWN
  	int n_badrcpts_adj;
- #endif /* _FFR_BADRCPT_SHUTDOWN */
+ #endif
 +#ifdef USE_BLACKLIST
 +	int saved_bl_fd;
 +#endif
  
+ 	RESET_AUTH_FAIL_LOG_USER;
  	SevenBitInput_Saved = SevenBitInput;
- 	smtp.sm_nrcpts = 0;
-@@ -1328,6 +1331,7 @@ smtp(nullserver, d_flags, e)
+@@ -1408,6 +1411,7 @@ smtp(nullserver, d_flags, e)
  					  (int) tp.tv_sec +
  						(tp.tv_usec >= 500000 ? 1 : 0)
  					 );
@@ -18,7 +18,7 @@
  			}
  		}
  	}
-@@ -1421,6 +1425,10 @@ smtp(nullserver, d_flags, e)
+@@ -1510,6 +1514,10 @@ smtp(nullserver, d_flags, e)
  		SmtpPhase = "server cmd read";
  		sm_setproctitle(true, e, "server %s cmd read", CurSmtpClient);
  
@@ -29,19 +29,19 @@
  		/* handle errors */
  		if (sm_io_error(OutChannel) ||
  		    (p = sfgets(inp, sizeof(inp), InChannel,
-@@ -1721,8 +1729,11 @@ smtp(nullserver, d_flags, e)
- 			}
- 			else
- 			{
-+				int fd;
- 				/* not SASL_OK or SASL_CONT */
- 				message("535 5.7.0 authentication failed");
-+				fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
-+				BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL");
- 				if (LogLevel > 9)
- 					sm_syslog(LOG_WARNING, e->e_id,
- 						  "AUTH failure (%s): %s (%d) %s, relay=%.100s",
-@@ -1867,6 +1878,9 @@ smtp(nullserver, d_flags, e)
+@@ -1823,8 +1831,11 @@ smtp(nullserver, d_flags, e)
+ #define LOGAUTHFAIL	\
+ 	do	\
+ 	{	\
++		int fd;	\
+ 		SET_AUTH_USER_CONDITIONALLY	\
+ 		message("535 5.7.0 authentication failed");	\
++		fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);	\
++		BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "AUTH FAIL");	\
+ 		if (LogLevel >= 9)	\
+ 			sm_syslog(LOG_WARNING, e->e_id,	\
+ 				  "AUTH failure (%s): %s (%d) %s%s%.*s, relay=%.100s",	\
+@@ -1974,6 +1985,9 @@ smtp(nullserver, d_flags, e)
  			DELAY_CONN("AUTH");
  			if (!sasl_ok || n_mechs <= 0)
  			{
@@ -51,7 +51,7 @@
  				message("503 5.3.3 AUTH not available");
  				break;
  			}
-@@ -3462,10 +3476,17 @@ doquit:
+@@ -3602,10 +3616,17 @@ doquit:
  				**  timeouts for the same connection.
  				*/
  
@@ -69,7 +69,7 @@
  			if (tTd(93, 100))
  			{
  				/* return to handle next connection */
-@@ -3523,7 +3544,10 @@ doquit:
+@@ -3663,7 +3684,10 @@ doquit:
  #if MAXBADCOMMANDS > 0
  			if (++n_badcmds > MAXBADCOMMANDS)
  			{
@@ -80,13 +80,13 @@
  				message("421 4.7.0 %s Too many bad commands; closing connection",
  					MyHostName);
  
-@@ -3575,6 +3599,9 @@ doquit:
+@@ -3714,6 +3738,9 @@ doquit:
+ 		}
  #if SASL
  		}
- #endif /* SASL */
++#endif
 +#ifdef USE_BLACKLIST
 +		close(saved_bl_fd);
-+#endif
+ #endif
  	    }
  	    SM_EXCEPT(exc, "[!F]*")
- 	    {
diff --git a/mail/sendmail/files/patch-tls.c b/mail/sendmail/files/patch-tls.c
deleted file mode 100644
index 6622c51afe3a..000000000000
--- a/mail/sendmail/files/patch-tls.c
+++ /dev/null
@@ -1,161 +0,0 @@
---- sendmail/tls.c.orig	2015-06-20 01:37:28 UTC
-+++ sendmail/tls.c
-@@ -16,6 +16,9 @@ SM_RCSID("@(#)$Id: tls.c,v 8.127 2013-11-27 02:51:11 g
- # include <openssl/err.h>
- # include <openssl/bio.h>
- # include <openssl/pem.h>
-+# if !NO_DH
-+# include <openssl/dh.h>
-+# endif /* !NO_DH */
- # ifndef HASURANDOMDEV
- #  include <openssl/rand.h>
- # endif /* ! HASURANDOMDEV */
-@@ -44,6 +47,23 @@ static bool	tls_safe_f __P((char *, long, bool));
- static int	tls_verify_log __P((int, X509_STORE_CTX *, const char *));
- 
- # if !NO_DH
-+# if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100001L || \
-+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
-+static int
-+DH_set0_pqg(dh, p, q, g)
-+	DH *dh;
-+	BIGNUM *p;
-+	BIGNUM *q;
-+	BIGNUM *g;
-+{
-+	dh->p=p;
-+	if (q != NULL)
-+		dh->q=q;
-+	dh->g=g;
-+	return 1; /* success */
-+}
-+# endif /* !defined() || OPENSSL_VERSION_NUMBER < 0x00907000L */
-+
- static DH *get_dh512 __P((void));
- 
- static unsigned char dh512_p[] =
-@@ -64,13 +84,17 @@ static DH *
- get_dh512()
- {
- 	DH *dh = NULL;
-+	BIGNUM *dhp_bn, *dhg_bn;
- 
- 	if ((dh = DH_new()) == NULL)
- 		return NULL;
--	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
--	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
--	if ((dh->p == NULL) || (dh->g == NULL))
-+	dhp_bn = BN_bin2bn(dh512_p, sizeof (dh512_p), NULL);
-+	dhg_bn = BN_bin2bn(dh512_g, sizeof (dh512_g), NULL);
-+	if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
-+	{
-+		DH_free(dh);
- 		return NULL;
-+	}
- 	return dh;
- }
- 
-@@ -117,15 +141,16 @@ get_dh2048()
- 		};
- 	static unsigned char dh2048_g[]={ 0x02, };
- 	DH *dh;
-+	BIGNUM *dhp_bn, *dhg_bn;
- 
- 	if ((dh=DH_new()) == NULL)
- 		return(NULL);
--	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
--	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
--	if ((dh->p == NULL) || (dh->g == NULL))
-+	dhp_bn = BN_bin2bn(dh2048_p, sizeof (dh2048_p), NULL);
-+	dhg_bn = BN_bin2bn(dh2048_g, sizeof (dh2048_g), NULL);
-+	if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
- 	{
- 		DH_free(dh);
--		return(NULL);
-+		return NULL;
- 	}
- 	return(dh);
- }
-@@ -708,6 +733,29 @@ load_certkey(ssl, srv, certfile, keyfile)
- 
- static char server_session_id_context[] = "sendmail8";
- 
-+# if !TLS_NO_RSA
-+static RSA *
-+sm_RSA_generate_key(num, e)
-+	int num;
-+	unsigned long e;
-+{
-+	RSA *rsa = NULL;
-+	BIGNUM *bn_rsa_r4;
-+
-+	bn_rsa_r4 = BN_new();
-+	if ((bn_rsa_r4 != NULL) && BN_set_word(bn_rsa_r4, e) && (rsa = RSA_new()) != NULL)
-+	{
-+		if (!RSA_generate_key_ex(rsa, num, bn_rsa_r4, NULL))
-+		{
-+			RSA_free(rsa);
-+			rsa = NULL;
-+		}
-+	}
-+	BN_free(bn_rsa_r4);
-+	return rsa;
-+}
-+# endif /* !TLS_NO_RSA */
-+
- /* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
- #if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
- # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	1
-@@ -926,7 +974,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
- 	{
- 		/* get a pointer to the current certificate validation store */
- 		store = SSL_CTX_get_cert_store(*ctx);	/* does not fail */
--		crl_file = BIO_new(BIO_s_file_internal());
-+		crl_file = BIO_new(BIO_s_file());
- 		if (crl_file != NULL)
- 		{
- 			if (BIO_read_filename(crl_file, CRLFile) >= 0)
-@@ -1003,8 +1051,7 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
- 	if (bitset(TLS_I_RSA_TMP, req)
- #  if SM_CONF_SHM
- 	    && ShmId != SM_SHM_NO_ID &&
--	    (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
--					NULL)) == NULL
-+	    (rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4)) == NULL
- #  else /* SM_CONF_SHM */
- 	    && 0	/* no shared memory: no need to generate key now */
- #  endif /* SM_CONF_SHM */
-@@ -1209,9 +1256,10 @@ inittls(ctx, req, options, srv, certfile, keyfile, cac
- 			if (tTd(96, 2))
- 				sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
- 
-+			dsa=DSA_new();
- 			/* this takes a while! */
--			dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
--						      NULL, 0, NULL);
-+			(void)DSA_generate_parameters_ex(dsa, bits, NULL, 0,
-+							 NULL, NULL, NULL);
- 			dh = DSA_dup_DH(dsa);
- 			DSA_free(dsa);
- 		}
-@@ -1744,7 +1792,7 @@ tmp_rsa_key(s, export, keylength)
- 
- 	if (rsa_tmp != NULL)
- 		RSA_free(rsa_tmp);
--	rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
-+	rsa_tmp = sm_RSA_generate_key(RSA_KEYLENGTH, RSA_F4);
- 	if (rsa_tmp == NULL)
- 	{
- 		if (LogLevel > 0)
-@@ -1971,9 +2019,9 @@ x509_verify_cb(ok, ctx)
- 	{
- 		if (LogLevel > 13)
- 			tls_verify_log(ok, ctx, "x509");
--		if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
-+		if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL)
- 		{
--			ctx->error = 0;
-+			X509_STORE_CTX_set_error(ctx, 0);
- 			return 1;	/* override it */
- 		}
- 	}
diff --git a/mail/sendmail/files/patch-usersmtp.c b/mail/sendmail/files/patch-usersmtp.c
index a50a11f3787e..30898406c1b6 100644
--- a/mail/sendmail/files/patch-usersmtp.c
+++ b/mail/sendmail/files/patch-usersmtp.c
@@ -1,6 +1,6 @@
---- sendmail/usersmtp.c.orig	2014-12-05 15:42:28 UTC
+--- sendmail/usersmtp.c.orig	2020-06-03 05:48:46 UTC
 +++ sendmail/usersmtp.c
-@@ -1825,6 +1825,9 @@ attemptauth(m, mci, e, sai)
+@@ -1842,6 +1842,9 @@ attemptauth(m, mci, e, sai)
  
  		if (saslresult != SASL_OK && saslresult != SASL_CONTINUE)
  		{
@@ -10,7 +10,7 @@
  			if (tTd(95, 5))
  				sm_dprintf("AUTH FAIL=%s (%d)\n",
  					sasl_errstring(saslresult, NULL, NULL),
-@@ -1970,9 +1973,11 @@ smtpauth(m, mci, e)
+@@ -1987,9 +1990,11 @@ smtpauth(m, mci, e)
  	do
  	{
  		result = attemptauth(m, mci, e, &(mci->mci_sai));
diff --git a/mail/sendmail/files/site.config.m4.tls b/mail/sendmail/files/site.config.m4.tls
index c5c28b3ec328..ec8a57bdbee1 100644
--- a/mail/sendmail/files/site.config.m4.tls
+++ b/mail/sendmail/files/site.config.m4.tls
@@ -1,2 +1,2 @@
-APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -D_FFR_TLS_EC -D_FFR_TLS_SE_OPTS')
+APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DTLS_EC')
 APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto')
diff --git a/mail/sendmail/files/smtputf8.patch b/mail/sendmail/files/smtputf8.patch
deleted file mode 100644
index ff107c3e2c43..000000000000
--- a/mail/sendmail/files/smtputf8.patch
+++ /dev/null
@@ -1,600 +0,0 @@
-diff --git a/sendmail/conf.c b/sendmail/conf.c
-index c73334e..28328e6 100644
---- sendmail/conf.c.orig
-+++ sendmail/conf.c
-@@ -314,6 +314,9 @@ setdefaults(e)
- 	e->e_xfqgrp = NOQGRP;
- 	e->e_xfqdir = NOQDIR;
- 	e->e_ctime = curtime();
-+#if _FFR_EAI
-+	e->e_smtputf8 = false;
-+#endif
- 	SevenBitInput = false;			/* option 7 */
- 	MaxMciCache = 1;			/* option k */
- 	MciCacheTimeout = 5 MINUTES;		/* option K */
-@@ -5746,6 +5749,9 @@ char	*CompileOptions[] =
- 	"DNSMAP",
- # endif
- #endif
-+#if _FFR_EAI
-+	"EAI",
-+#endif
- #if EGD
- 	"EGD",
- #endif
-@@ -6590,3 +6596,6 @@ char	*FFRCompileOptions[] =
- 	NULL
- };
-
-+#if _FFR_EAI && _FFR_EIGHT_BIT_ADDR_OK
-+#error "Cannot enable both of these FFRs"
-+#endif
-diff --git a/sendmail/domain.c b/sendmail/domain.c
-index 4d1b92d..adaa6ac 100644
---- sendmail/domain.c.orig
-+++ sendmail/domain.c
-@@ -13,6 +13,9 @@
-
- #include <sendmail.h>
- #include "map.h"
-+#if _FFR_EAI
-+#include <unicode/uidna.h>
-+#endif
-
- #if NAMED_BIND
- SM_RCSID("@(#)$Id: domain.c,v 8.205 2013-11-22 20:51:55 ca Exp $ (with name server)")
-@@ -236,6 +239,26 @@ getmxrr(host, mxhosts, mxprefs, droplocalhost, rcode, tryfallback, pttl)
- 	if (host[0] == '[')
- 		goto punt;
-
-+#if _FFR_EAI
-+	if (!addr_is_ascii(host))
-+	{
-+		char buf[1024];
-+		UErrorCode error = U_ZERO_ERROR;
-+		UIDNAInfo info = UIDNA_INFO_INITIALIZER;
-+		UIDNA *idna;
-+		int anl;
-+
-+		idna = uidna_openUTS46(UIDNA_NONTRANSITIONAL_TO_ASCII, &error);
-+		anl = uidna_nameToASCII_UTF8(idna,
-+					     host, strlen(host),
-+					     buf, sizeof(buf) - 1,
-+					     &info,
-+					     &error);
-+		uidna_close(idna);
-+		host = sm_rpool_strdup_x(CurEnv->e_rpool, buf);
-+	}
-+#endif /* _FFR_EAI */
-+
- 	/*
- 	**  If we don't have MX records in our host switch, don't
- 	**  try for MX records.  Note that this really isn't "right",
-diff --git a/sendmail/err.c b/sendmail/err.c
-index 0594eb9..67d0d09 100644
---- sendmail/err.c.orig
-+++ sendmail/err.c
-@@ -1010,15 +1010,23 @@ fmtmsg(eb, to, num, enhsc, eno, fmt, ap)
- 		(void) sm_strlcpyn(eb, spaceleft, 2,
- 				   shortenstring(to, MAXSHORTSTR), "... ");
- 		spaceleft -= strlen(eb);
-+#if _FFR_EAI
-+		eb += strlen(eb);
-+#else
- 		while (*eb != '\0')
- 			*eb++ &= 0177;
-+#endif
- 	}
-
- 	/* output the message */
- 	(void) sm_vsnprintf(eb, spaceleft, fmt, ap);
- 	spaceleft -= strlen(eb);
-+#if _FFR_EAI
-+	eb += strlen(eb);
-+#else
- 	while (*eb != '\0')
- 		*eb++ &= 0177;
-+#endif
-
- 	/* output the error code, if any */
- 	if (eno != 0)
-diff --git a/sendmail/main.c b/sendmail/main.c
-index 38eebbf..43e17a5 100644
---- sendmail/main.c.orig
-+++ sendmail/main.c
-@@ -1854,6 +1854,9 @@ main(argc, argv, envp)
-
- 	/* MIME message/xxx subtypes that can be treated as messages */
- 	setclass('s', "rfc822");
-+#ifdef _FFR_EAI
-+	setclass('s', "global");
-+#endif
-
- 	/* MIME Content-Transfer-Encodings that can be encoded */
- 	setclass('e', "7bit");
-diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c
-index 2adb39c..9ab0729 100644
---- sendmail/parseaddr.c.orig
-+++ sendmail/parseaddr.c
-@@ -273,12 +273,14 @@ invalidaddr(addr, delimptr, isrcpt)
- 	}
- 	for (; *addr != '\0'; addr++)
- 	{
-+#ifndef _FFR_EAI
- 		if (!EightBitAddrOK && (*addr & 0340) == 0200)
- 		{
- 			setstat(EX_USAGE);
- 			result = true;
- 			*addr = BAD_CHAR_REPLACEMENT;
- 		}
-+#endif
- 		if (++len > MAXNAME - 1)
- 		{
- 			char saved = *addr;
-@@ -350,7 +352,7 @@ hasctrlchar(addr, isrcpt, complain)
- 			}
- 			result = "too long";
- 		}
--		if (!EightBitAddrOK && !quoted && (*addr < 32 || *addr == 127))
-+		if (!quoted && ((unsigned char)*addr < 32 || *addr == 127))
- 		{
- 			result = "non-printable character";
- 			*addr = BAD_CHAR_REPLACEMENT;
-@@ -368,6 +370,7 @@ hasctrlchar(addr, isrcpt, complain)
- 				break;
- 			}
- 		}
-+#ifndef _FFR_EAI
- 		if (!EightBitAddrOK && (*addr & 0340) == 0200)
- 		{
- 			setstat(EX_USAGE);
-@@ -375,6 +378,7 @@ hasctrlchar(addr, isrcpt, complain)
- 			*addr = BAD_CHAR_REPLACEMENT;
- 			continue;
- 		}
-+#endif
- 	}
- 	if (quoted)
- 		result = "unbalanced quote"; /* unbalanced quote */
-diff --git a/sendmail/queue.c b/sendmail/queue.c
-index a323301..95344d3 100644
---- sendmail/queue.c.orig
-+++ sendmail/queue.c
-@@ -665,6 +665,10 @@ queueup(e, announce, msync)
- 		*p++ = 'n';
- 	if (bitset(EF_SPLIT, e->e_flags))
- 		*p++ = 's';
-+#if _FFR_EAI
-+	if (e->e_smtputf8)
-+		*p++ = 'e';
-+#endif
- 	*p++ = '\0';
- 	if (buf[0] != '\0')
- 		(void) sm_io_fprintf(tfp, SM_TIME_DEFAULT, "F%s\n", buf);
-@@ -4285,6 +4289,12 @@ readqf(e, openonly)
- 				  case 'w':	/* warning sent */
- 					e->e_flags |= EF_WARNING;
- 					break;
-+
-+#if _FFR_EAI
-+				  case 'e':	/* message requires EAI */
-+					e->e_smtputf8 = true;
-+					break;
-+#endif /* _FFR_EAI */
- 				}
- 			}
- 			break;
-@@ -4550,6 +4560,23 @@ readqf(e, openonly)
- 	/* other checks? */
- #endif /* _FFR_QF_PARANOIA */
-
-+#if _FFR_EAI
-+	/*
-+	** If this message originates from something other than
-+	** srvrsmtp.c, then it might use UTF8 addresses but not be
-+	** marked.  We'll just add the mark so we're sure that it
-+	** either can be delivered or will be returned.
-+	*/
-+	if (!e->e_smtputf8) {
-+		ADDRESS *q;
-+		for (q = e->e_sendqueue; q != NULL; q = q->q_next)
-+			if (!addr_is_ascii(q->q_paddr) && !e->e_smtputf8)
-+				e->e_smtputf8 = true;
-+		if (!addr_is_ascii(e->e_from.q_paddr) && !e->e_smtputf8)
-+			e->e_smtputf8 = true;
-+	}
-+#endif /* _FFR_EAI */
-+
- 	/* possibly set ${dsn_ret} macro */
- 	if (bitset(EF_RET_PARAM, e->e_flags))
- 	{
-diff --git a/sendmail/recipient.c b/sendmail/recipient.c
-index 3fad957..09eac64 100644
---- sendmail/recipient.c.orig
-+++ sendmail/recipient.c
-@@ -508,6 +508,11 @@ recipient(new, sendq, aliaslevel, e)
- 		p = e->e_from.q_mailer->m_addrtype;
- 		if (p == NULL)
- 			p = "rfc822";
-+#ifdef _FFR_EAI
-+		if (sm_strcasecmp(p, "rfc822") == 0 &&
-+		    !addr_is_ascii(q->q_user))
-+			p = "utf-8";
-+#endif
- 		if (sm_strcasecmp(p, "rfc822") != 0)
- 		{
- 			(void) sm_snprintf(frbuf, sizeof(frbuf), "%s; %.800s",
-diff --git a/sendmail/savemail.c b/sendmail/savemail.c
-index 6de8f2f..8a9df36 100644
---- sendmail/savemail.c.orig
-+++ sendmail/savemail.c
-@@ -744,6 +744,34 @@ returntosender(msg, returnq, flags, e)
- 	return ret;
- }
-
-+
-+/*
-+** DSNTYPENAME -- Returns the DSN name of the addrtype for this address
-+**
-+**	Sendmail's addrtypes are largely in different universes, and
-+**	'fred' may be a valid address in different addrtype
-+**	universes.
-+**
-+**	EAI extends the rfc822 universe rather than introduce a new
-+**	universe.  Because of that, sendmail uses the rfc822 addrtype,
-+**	but names it utf-8 when the EAI DSN extension requires that.
-+*/
-+
-+const char *
-+dsntypename(addrtype, addr)
-+	const char * addrtype;
-+	const char * addr;
-+{
-+	if (sm_strcasecmp(addrtype, "rfc822") != 0)
-+		return addrtype;
-+#ifdef _FFR_EAI
-+	if (!addr_is_ascii(addr))
-+		return "utf-8";
-+#endif
-+	return "rfc822";
-+}
-+
-+
- /*
- **  ERRBODY -- output the body of an error message.
- **
-@@ -1082,7 +1110,13 @@ errbody(mci, e, separator)
- 		(void) sm_strlcpyn(buf, sizeof(buf), 2, "--", e->e_msgboundary);
- 		if (!putline("", mci) ||
- 		    !putline(buf, mci) ||
-+#ifdef _FFR_EAI
-+		    !putline(e->e_parent->e_smtputf8
-+			     ? "Content-Type: message/global-delivery-status"
-+			     : "Content-Type: message/delivery-status", mci) ||
-+#else
- 		    !putline("Content-Type: message/delivery-status", mci) ||
-+#endif
- 		    !putline("", mci))
- 			goto writeerr;
-
-@@ -1223,7 +1257,8 @@ errbody(mci, e, separator)
- 					(void) sm_snprintf(actual,
- 							   sizeof(actual),
- 							   "%s; %.700s@%.100s",
--							   p, q->q_user,
-+							   dsntypename(p, q->q_user),
-+							   q->q_user,
- 							   MyHostName);
- 				}
- 				else
-@@ -1231,7 +1266,8 @@ errbody(mci, e, separator)
- 					(void) sm_snprintf(actual,
- 							   sizeof(actual),
- 							   "%s; %.800s",
--							   p, q->q_user);
-+							   dsntypename(p, q->q_user),
-+							   q->q_user);
- 				}
- 			}
-
-@@ -1248,6 +1284,21 @@ errbody(mci, e, separator)
- 									   actual);
- 			}
-
-+#ifdef _FFR_EAI
-+			if (sm_strncasecmp("rfc822;", q->q_finalrcpt, 7) == 0 &&
-+			    !addr_is_ascii(q->q_user)) {
-+			        char utf8rcpt[1024];
-+				char * a;
-+				a = strchr(q->q_finalrcpt, ';');
-+				while(*a == ';' || *a == ' ')
-+					a++;
-+				sm_snprintf(utf8rcpt, 1023,
-+					    "utf-8; %.800s", a);
-+				q->q_finalrcpt = sm_rpool_strdup_x(e->e_rpool,
-+								   utf8rcpt);
-+			}
-+#endif
-+
- 			if (q->q_finalrcpt != NULL)
- 			{
- 				(void) sm_snprintf(buf, sizeof(buf),
-@@ -1373,9 +1424,21 @@ errbody(mci, e, separator)
-
- 			if (!putline(buf, mci))
- 				goto writeerr;
-+#ifdef _FFR_EAI
-+			if (e->e_parent->e_smtputf8)
-+				(void) sm_strlcpyn(buf, sizeof(buf), 2,
-+						   "Content-Type: message/global",
-+						   sendbody ? "" : "-headers");
-+			else
-+				(void) sm_strlcpyn(buf, sizeof(buf), 2,
-+						   "Content-Type: ",
-+						sendbody ? "message/rfc822"
-+							 : "text/rfc822-headers");
-+#else
- 			(void) sm_strlcpyn(buf, sizeof(buf), 2, "Content-Type: ",
- 					sendbody ? "message/rfc822"
- 						 : "text/rfc822-headers");
-+#endif
- 			if (!putline(buf, mci))
- 				goto writeerr;
-
-diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h
-index b2d0211..63a2378 100644
---- sendmail/sendmail.h.orig
-+++ sendmail/sendmail.h
-@@ -781,8 +781,13 @@ MCI
- #else
- # define MCIF_NOTSTICKY	0
- #endif
-+#if _FFR_EAI
-+#define MCIF_EAI	0x40000000	/* SMTPUTF8 supported */
-+#else
-+#define MCIF_EAI	0x00000000	/* for MCIF_EXTENS */
-+#endif /* _FFR_EAI */
-
--#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS | MCIF_AUTH2)
-+#define MCIF_EXTENS	(MCIF_EXPN | MCIF_SIZE | MCIF_8BITMIME | MCIF_DSN | MCIF_8BITOK | MCIF_AUTH | MCIF_ENHSTAT | MCIF_TLS | MCIF_AUTH2 | MCIF_EAI)
-
- /* states */
- #define MCIS_CLOSED	0		/* no traffic on this connection */
-@@ -921,6 +926,9 @@ struct envelope
- 	ADDRESS		e_from;		/* the person it is from */
- 	char		*e_sender;	/* e_from.q_paddr w comments stripped */
- 	char		**e_fromdomain;	/* the domain part of the sender */
-+#if _FFR_EAI
-+	bool		e_smtputf8;	/* whether the sender demanded SMTPUTF8 */
-+#endif
- 	ADDRESS		*e_sendqueue;	/* list of message recipients */
- 	ADDRESS		*e_errorqueue;	/* the queue for error responses */
-
-@@ -1928,6 +1936,9 @@ struct termescape
- #define D_CANONREQ	'c'	/* canonification required (cf) */
- #define D_IFNHELO	'h'	/* use if name for HELO */
- #define D_FQMAIL	'f'	/* fq sender address required (cf) */
-+#if _FFR_EAI
-+#define D_EAI		'I'	/* EAI supported */
-+#endif
- #define D_FQRCPT	'r'	/* fq recipient address required (cf) */
- #define D_SMTPS		's'	/* SMTP over SSL (smtps) */
- #define D_UNQUALOK	'u'	/* unqualified address is ok (cf) */
-@@ -2355,7 +2366,7 @@ EXTERN bool	ForkQueueRuns;	/* fork for each job when running the queue */
- EXTERN bool	FromFlag;	/* if set, "From" person is explicit */
- EXTERN bool	FipsMode;
- EXTERN bool	GrabTo;		/* if set, get recipients from msg */
--EXTERN bool	EightBitAddrOK;	/* we'll let 8-bit addresses through */
-+EXTERN bool	EightBitAddrOK; /* we'll let 8-bit addresses through */
- EXTERN bool	HasEightBits;	/* has at least one eight bit input byte */
- EXTERN bool	HasWildcardMX;	/* don't use MX records when canonifying */
- EXTERN bool	HoldErrs;	/* only output errors to transcript */
-@@ -2855,6 +2866,10 @@ extern bool	xtextok __P((char *));
- extern int	xunlink __P((char *));
- extern char	*xuntextify __P((char *));
-
-+#if _FFR_EAI
-+extern bool	addr_is_ascii __P((const char *));
-+#endif
-+
- #if _FFR_RCPTFLAGS
- extern bool	newmodmailer __P((ADDRESS *, int));
- #endif
-diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
-index b05348d..91e6956 100644
---- sendmail/srvrsmtp.c.orig
-+++ sendmail/srvrsmtp.c
-@@ -65,6 +65,9 @@ static bool	NotFirstDelivery = false;
- #define SRV_REQ_AUTH	0x0400	/* require AUTH */
- #define SRV_REQ_SEC	0x0800	/* require security - equiv to AuthOptions=p */
- #define SRV_TMP_FAIL	0x1000	/* ruleset caused a temporary failure */
-+#if _FFR_EAI
-+# define SRV_OFFER_EAI	0x2000	/* offer SMTPUTF* */
-+#endif
-
- static unsigned int	srvfeatures __P((ENVELOPE *, char *, unsigned int));
-
-@@ -122,6 +125,29 @@ extern ENVELOPE	BlankEnvelope;
- #define SKIP_SPACE(s)	while (isascii(*s) && isspace(*s))	\
- 				(s)++
-
-+#if _FFR_EAI
-+/*
-+** ADDR_IS_ASCII -- check whether an address is 100% printable ASCII
-+**
-+**	Parameters:
-+**		a -- an address (or other string)
-+**
-+**	Returns:
-+**		TRUE if a is non-NULL and points to only printable ASCII
-+**		FALSE if a is NULL and points to printable ASCII
-+**		FALSE if a is non-NULL and points to something containing 8-bittery
-+*/
-+
-+bool
-+addr_is_ascii(a)
-+	const char * a;
-+{
-+	while (a != NULL && *a != '\0' && *a >= ' ' && (unsigned char)*a < 127)
-+		a++;
-+	return (a != NULL && *a == '\0');
-+}
-+#endif
-+
- /*
- **  PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT)
- **
-@@ -722,10 +748,21 @@ do								\
- #else
- # define auth_active	false
- #endif
-+#ifdef _FFR_EAI
-+#define GET_PROTOCOL()					\
-+	(e->e_smtputf8					\
-+	    ? (auth_active				\
-+		? (tls_active ? "UTF8SMTPSA" : "UTF8SMTPA") \
-+		: (tls_active ? "UTF8SMTPS"  : "UTF8SMTP")) \
-+            : (auth_active				\
-+		? (tls_active ? "ESMTPSA" : "ESMTPA")	\
-+		: (tls_active ? "ESMTPS"  : "ESMTP")))
-+#else
- #define GET_PROTOCOL()					\
- 	(auth_active					\
- 	    ? (tls_active ? "ESMTPSA" : "ESMTPA")	\
- 	    : (tls_active ? "ESMTPS"  : "ESMTP"))
-+#endif
-
- static bool SevenBitInput_Saved;	/* saved version of SevenBitInput */
-
-@@ -898,6 +935,9 @@ smtp(nullserver, d_flags, e)
- 		| (bitset(TLS_I_NO_VRFY, TLS_Srv_Opts) ? SRV_NONE
- 						       : SRV_VRFY_CLT)
- #endif /* STARTTLS */
-+#if _FFR_EAI
-+		| SRV_OFFER_EAI
-+#endif /* _FFR_EAI */
- 		;
- 	if (nullserver == NULL)
- 	{
-@@ -2523,6 +2563,10 @@ smtp(nullserver, d_flags, e)
- 			if (SendMIMEErrors && bitset(SRV_OFFER_DSN, features))
- 				message("250-DSN");
- #endif /* DSN */
-+#if _FFR_EAI
-+			if (bitset(SRV_OFFER_EAI, features))
-+				message("250-SMTPUTF8");
-+#endif /* _FFR_EAI */
- 			if (bitset(SRV_OFFER_ETRN, features))
- 				message("250-ETRN");
- #if SASL
-@@ -2696,6 +2740,18 @@ smtp(nullserver, d_flags, e)
- 			if (Errors > 0)
- 				sm_exc_raisenew_x(&EtypeQuickAbort, 1);
-
-+#if _FFR_EAI
-+			if (e->e_smtputf8) {
-+				protocol = GET_PROTOCOL();
-+				macdefine(&e->e_macro, A_PERM, 'r', protocol);
-+			}
-+			/* UTF8 addresses are only legal with SMTPUTF8 */
-+			if (!e->e_smtputf8 && !addr_is_ascii(e->e_from.q_paddr)) {
-+				usrerr("553 5.6.7 That address requires SMTPUTF8");
-+				sm_exc_raisenew_x(&EtypeQuickAbort, 1);
-+			}
-+#endif
-+
- #if SASL
- # if _FFR_AUTH_PASSING
- 			/* set the default AUTH= if the sender didn't */
-@@ -2933,6 +2989,13 @@ smtp(nullserver, d_flags, e)
- 				usrerr("501 5.0.0 Missing recipient");
- 				goto rcpt_done;
- 			}
-+#if _FFR_EAI
-+			if (!e->e_smtputf8 && !addr_is_ascii(a->q_paddr))
-+			{
-+				usrerr("553 5.6.7 Address requires SMTPUTF8");
-+				goto rcpt_done;
-+			}
-+#endif
-
- 			if (delimptr != NULL && *delimptr != '\0')
- 				*delimptr++ = '\0';
-@@ -4820,6 +4883,17 @@ mail_esmtp_args(a, kp, vp, e)
-
- 		/* XXX: check whether more characters follow? */
- 	}
-+#if _FFR_EAI
-+	else if (sm_strcasecmp(kp, "smtputf8") == 0)
-+	{
-+		if (!bitset(SRV_OFFER_EAI, e->e_features))
-+		{
-+			usrerr("504 5.7.0 Sorry, SMTPUTF8 not supported/enabled");
-+			/* NOTREACHED */
-+		}
-+		e->e_smtputf8 = true;
-+	}
-+#endif
- 	else
- 	{
- 		usrerr("555 5.5.4 %s parameter unrecognized", kp);
-@@ -5174,6 +5248,9 @@ static struct
- 	{ 'C',	SRV_REQ_SEC	},
- 	{ 'D',	SRV_OFFER_DSN	},
- 	{ 'E',	SRV_OFFER_ETRN	},
-+#if _FFR_EAI
-+	{ 'I',	SRV_OFFER_EAI	},
-+#endif
- 	{ 'L',	SRV_REQ_AUTH	},
- #if PIPELINING
- # if _FFR_NO_PIPE
-diff --git a/sendmail/usersmtp.c b/sendmail/usersmtp.c
-index 24d38ee..cbc6bb7 100644
---- sendmail/usersmtp.c.orig
-+++ sendmail/usersmtp.c
-@@ -465,6 +465,10 @@ helo_options(line, firstline, m, mci, e)
- 		mci->mci_flags |= MCIF_PIPELINED;
- 	else if (sm_strcasecmp(line, "verb") == 0)
- 		mci->mci_flags |= MCIF_VERB;
-+#if _FFR_EAI
-+	else if (sm_strcasecmp(line, "smtputf8") == 0)
-+		mci->mci_flags |= MCIF_EAI;
-+#endif /* _FFR_EAI */
- #if STARTTLS
- 	else if (sm_strcasecmp(line, "starttls") == 0)
- 		mci->mci_flags |= MCIF_TLS;
-@@ -2027,6 +2031,19 @@ smtpmailfrom(m, mci, e)
- 		return EX_TEMPFAIL;
- 	}
-
-+#if _FFR_EAI
-+	/*
-+	**  Abort right away if the message needs SMTPUTF8 and the
-+	**  server does not advertise SMTPUTF8.
-+	*/
-+
-+	if (e->e_smtputf8 && !bitset(MCIF_EAI, mci->mci_flags)) {
-+		usrerrenh("5.6.7", "%s does not support SMTPUTF8", CurHostName);
-+		mci_setstat(mci, EX_NOTSTICKY, "5.6.7", NULL);
-+		return EX_DATAERR;
-+	}
-+#endif /* _FFR_EAI */
-+
- 	/* set up appropriate options to include */
- 	if (bitset(MCIF_SIZE, mci->mci_flags) && e->e_msgsize > 0)
- 	{
-@@ -2040,6 +2057,14 @@ smtpmailfrom(m, mci, e)
- 		bufp = optbuf;
- 	}
-
-+#if _FFR_EAI
-+	if (e->e_smtputf8) {
-+		(void) sm_snprintf(bufp, SPACELEFT(optbuf, bufp),
-+				 " SMTPUTF8");
-+		bufp += strlen(bufp);
-+	}
-+#endif /* _FFR_EAI */
-+
- 	bodytype = e->e_bodytype;
- 	if (bitset(MCIF_8BITMIME, mci->mci_flags))
- 	{
author	Dirk Meyer <dinoex@FreeBSD.org>	2020-07-05 14:13:41 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2020-07-05 14:13:41 +0000
commit	7dca9547aa6ca885de53a2f5e7ba6d1938cf8293 (patch)
tree	7fa904c9d9e0aa9212692ace3cb8f8c0457af52c /mail/sendmail/files
parent	- keep STAGEDIR clean (diff)