diff options
-rw-r--r-- | doc/doc-txt/ChangeLog | 5 | ||||
-rw-r--r-- | doc/doc-txt/NewStuff | 7 | ||||
-rw-r--r-- | doc/doc-txt/OptionLists.txt | 1 | ||||
-rw-r--r-- | src/OS/Makefile-FreeBSD | 3 | ||||
-rw-r--r-- | src/src/config.h.defaults | 2 | ||||
-rw-r--r-- | src/src/expand.c | 2 |
6 files changed, 20 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index e41dc3e02..8a2773759 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -82,6 +82,11 @@ TL/07 Add new dmarc expansion variable $dmarc_domain_policy to directly is a combined value of both the record presence and the result of the analysis. +PP/02 Add new ALLOW_SYSTEM_CRYPT_BRACES option, enable by default for FreeBSD, + letting crypteq comparisons pass unrecognised {..} prefices through to + system crypt. + + Exim version 4.82 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index c168cf2a7..07c8c3285 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -32,6 +32,13 @@ Version 4.83 is split from the encryption operation. The default remains that a failed verification cancels the encryption. + 6. If your system's crypt() supports {hashtype} prefices unknown to Exim, + ensure that the compile-time "ALLOW_SYSTEM_CRYPT_BRACES" is defined (it + might be by default for your OS). Without this, Exim rejects unrecognised + hashtypes, as it always has. With this, the default handling passes the + value onto the system crypt(). This is necessary for FreeBSD {sha512} + support. + Version 4.82 ------------ diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 4ad112180..e8215d14d 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -815,6 +815,7 @@ only listed below for the TLS implementation cases. Option Type Description ------------------------------------------------------------------------------ +ALLOW_SYSTEM_CRYPT_BRACES system** system crypt() can handle {hashtype} ALT_CONFIG_PREFIX optional restricts location of -C files APPENDFILE_MODE optional* APPENDFILE_DIRECTORY_MODE optional* diff --git a/src/OS/Makefile-FreeBSD b/src/OS/Makefile-FreeBSD index ebb116bf2..ab0918366 100644 --- a/src/OS/Makefile-FreeBSD +++ b/src/OS/Makefile-FreeBSD @@ -8,6 +8,9 @@ CHMOD_COMMAND=/bin/chmod HAVE_SA_LEN=YES +# FreeBSD has switched to {sha512} as the default hash-type. +ALLOW_SYSTEM_CRYPT_BRACES=YES + # crypt() is in a separate library LIBS=-lcrypt -lm -lutil diff --git a/src/src/config.h.defaults b/src/src/config.h.defaults index 962b90d68..6b2bec047 100644 --- a/src/src/config.h.defaults +++ b/src/src/config.h.defaults @@ -13,6 +13,8 @@ it's a default value. */ #define ALT_CONFIG_PREFIX #define TRUSTED_CONFIG_LIST +#define ALLOW_SYSTEM_CRYPT_BRACES + #define APPENDFILE_MODE 0600 #define APPENDFILE_DIRECTORY_MODE 0700 #define APPENDFILE_LOCKFILE_MODE 0600 diff --git a/src/src/expand.c b/src/src/expand.c index d2ac8ca79..afe60efc3 100644 --- a/src/src/expand.c +++ b/src/src/expand.c @@ -2616,12 +2616,14 @@ switch(cond_type) sub[1] += 9; which = 2; } +#ifndef ALLOW_SYSTEM_CRYPT_BRACES else if (sub[1][0] == '{') /* }-for-text-editors */ { expand_string_message = string_sprintf("unknown encryption mechanism " "in \"%s\"", sub[1]); return NULL; } +#endif switch(which) { |