aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mail/exim/Makefile4
-rw-r--r--mail/exim/distinfo8
-rw-r--r--mail/exim/files/patch-doc::spec.txt12
-rw-r--r--mail/exim/files/patch-mbx_lock67
-rw-r--r--mail/exim/files/patch-scripts::exim_install12
-rw-r--r--mail/exim/files/patch-src::configure.default18
-rw-r--r--mail/exim/files/patch-src::verify.c68
-rw-r--r--mail/exim/files/wishlist-iplsearch.patch395
8 files changed, 27 insertions, 557 deletions
diff --git a/mail/exim/Makefile b/mail/exim/Makefile
index 052bbb637770..ea3a054e78fc 100644
--- a/mail/exim/Makefile
+++ b/mail/exim/Makefile
@@ -24,8 +24,8 @@ PATCH_DIST_STRIP= -p1
MAINTAINER= eik@FreeBSD.org
COMMENT?= High performance MTA for Unix systems on the Internet
-EXIM_VERSION= 4.32
-EXISCAN_VERSION=19
+EXIM_VERSION= 4.33
+EXISCAN_VERSION=20
.if !defined(EXIMON_ONLY)
.if defined(PKGNAMESUFFIX)
diff --git a/mail/exim/distinfo b/mail/exim/distinfo
index 56208d425b5f..70f24c41f0a3 100644
--- a/mail/exim/distinfo
+++ b/mail/exim/distinfo
@@ -1,4 +1,4 @@
-MD5 (exim/exim-4.32.tar.bz2) = f2dcbca57a8051c4d89d2cc8d96efd94
-SIZE (exim/exim-4.32.tar.bz2) = 1321711
-MD5 (exim/exiscan-acl-4.32-19.patch.bz2) = d1a3e095ab8c0733bc242155437d1729
-SIZE (exim/exiscan-acl-4.32-19.patch.bz2) = 73403
+MD5 (exim/exim-4.33.tar.bz2) = 8514c800172e4ab4e9cb90553605e1f2
+SIZE (exim/exim-4.33.tar.bz2) = 1327741
+MD5 (exim/exiscan-acl-4.33-20.patch.bz2) = 30a3ec5845f02a564c2300290371c475
+SIZE (exim/exiscan-acl-4.33-20.patch.bz2) = 74187
diff --git a/mail/exim/files/patch-doc::spec.txt b/mail/exim/files/patch-doc::spec.txt
index 4d7ad28cf598..5293ecc1b7b4 100644
--- a/mail/exim/files/patch-doc::spec.txt
+++ b/mail/exim/files/patch-doc::spec.txt
@@ -1,8 +1,8 @@
---- doc/spec.txt.orig Wed Dec 19 13:50:32 2001
-+++ doc/spec.txt Tue Jan 15 15:52:05 2002
-@@ -14403,6 +14403,19 @@
- be adequate for all your requirements if you are mainly interested in
- encrypting transfers, and not in secure identification.
+--- doc/spec.txt.orig Wed May 5 12:08:37 2004
++++ doc/spec.txt Wed May 5 15:10:17 2004
+@@ -14432,6 +14432,19 @@
+ message_prefix = "\1\1\1\1\n"
+ message_suffix = "\1\1\1\1\n"
+However, many clients require that the certificate presented by Exim be a user
+(also called "leaf" or "site") certificate, and not a self-signed certificate.
@@ -18,5 +18,5 @@
+ http://ospkibook.sourceforge.net/
+
+ create_directory Type: boolean Default: true
- 39. CUSTOMIZING ERROR AND WARNING MESSAGES
diff --git a/mail/exim/files/patch-mbx_lock b/mail/exim/files/patch-mbx_lock
deleted file mode 100644
index 72d5886212a2..000000000000
--- a/mail/exim/files/patch-mbx_lock
+++ /dev/null
@@ -1,67 +0,0 @@
-#
-# Race condition in MBX locking
-# http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040419/070394.html
-#
---- src/exim_lock.c 2004-04-15 09:27:01.000000000 +0100
-+++ src/exim_lock.c 2004-04-22 15:34:29.000000000 +0100
-@@ -308,7 +308,7 @@
- for (j = 0; j < lock_retries; j++)
- {
- int sleep_before_retry = TRUE;
-- struct stat statbuf;
-+ struct stat statbuf, ostatbuf;
-
- /* Try to build a lock file if so configured */
-
-@@ -395,7 +395,7 @@
- if (use_fcntl)
- printf("exim_lock: fcntl() read lock successfully applied\n");
- if (use_flock)
-- printf("exim_lock: fcntl() read lock successfully applied\n");
-+ printf("exim_lock: flock() read lock successfully applied\n");
- }
- }
- else goto RETRY; /* Message already output */
-@@ -451,7 +451,16 @@
- printf("exim_lock: flock() lock successfully applied to mbx "
- "lock file %s\n", tempname);
- }
-- break;
-+
-+ if (lstat(tempname, &statbuf) || fstat(md, &ostatbuf) ||
-+ (statbuf.st_dev != ostatbuf.st_dev) ||
-+ (statbuf.st_ino != ostatbuf.st_ino))
-+ {
-+ if (!quiet) printf("exim_lock: mbx lock file %s changed between "
-+ "creation and locking\n", tempname);
-+ goto RETRY;
-+ }
-+ else break;
- }
- else goto RETRY; /* Message already output */
- }
---- src/transports/appendfile.c 2004-04-15 09:27:01.000000000 +0100
-+++ src/transports/appendfile.c 2004-04-22 15:46:41.000000000 +0100
-@@ -1971,7 +1971,20 @@
-
- if (apply_lock(mbx_lockfd, F_WRLCK, ob->use_fcntl,
- ob->lock_fcntl_timeout, ob->use_flock, ob->lock_flock_timeout) >= 0)
-- break;
-+ {
-+ struct stat ostatbuf;
-+ if (lstat(mbx_lockname, &statbuf) ||
-+ fstat(mbx_lockfd, &ostatbuf) ||
-+ (statbuf.st_dev != ostatbuf.st_dev) ||
-+ (statbuf.st_ino != ostatbuf.st_ino))
-+ {
-+ DEBUG(D_transport) debug_printf("MBX lockfile %s changed "
-+ "between creation and locking\n", mbx_lockname);
-+ close(mbx_lockfd);
-+ mbx_lockfd = -1;
-+ }
-+ else break;
-+ }
-
- DEBUG(D_transport) debug_printf("failed to lock %s: %s\n", mbx_lockname,
- strerror(errno));
-
diff --git a/mail/exim/files/patch-scripts::exim_install b/mail/exim/files/patch-scripts::exim_install
index c60ee094efac..7874ce90e902 100644
--- a/mail/exim/files/patch-scripts::exim_install
+++ b/mail/exim/files/patch-scripts::exim_install
@@ -1,6 +1,6 @@
---- scripts/exim_install.orig Wed Dec 18 12:28:00 2002
-+++ scripts/exim_install Mon Jan 6 11:11:46 2003
-@@ -330,9 +330,8 @@
+--- scripts/exim_install.orig Wed May 5 12:08:35 2004
++++ scripts/exim_install Wed May 5 15:07:53 2004
+@@ -357,9 +357,8 @@
echo $com ' ' ${CONFIGURE_FILE}
echo $com Therefore, skipping automatic installation.
@@ -12,7 +12,7 @@
if [ "${SYSTEM_ALIASES_FILE}" = "" ] ; then
SYSTEM_ALIASES_FILE=/etc/aliases
echo $com This configuration has system aliases in ${SYSTEM_ALIASES_FILE}.
-@@ -343,7 +342,7 @@
+@@ -370,7 +369,7 @@
echo sed -e '\\'
echo " \"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'\"" '\\'
@@ -21,7 +21,7 @@
# I can't find a way of writing this using the ${real} feature because
# it seems that the output redirection always happens, even when -n was
-@@ -352,7 +351,7 @@
+@@ -379,7 +378,7 @@
if [ "$real" = "" ] ; then
sed -e \
"/SYSTEM_ALIASES_FILE/ s'SYSTEM_ALIASES_FILE'${ACTUAL_SYSTEM_ALIASES_FILE}'" \
@@ -30,7 +30,7 @@
else
true
fi
-@@ -372,8 +371,6 @@
+@@ -399,8 +398,6 @@
${real} ${CP} ../src/aliases.default ${SYSTEM_ALIASES_FILE}
fi
diff --git a/mail/exim/files/patch-src::configure.default b/mail/exim/files/patch-src::configure.default
index 56a0a114432b..de3f6dc6b853 100644
--- a/mail/exim/files/patch-src::configure.default
+++ b/mail/exim/files/patch-src::configure.default
@@ -1,5 +1,5 @@
---- src/configure.default.orig Mon May 12 15:39:18 2003
-+++ src/configure.default Thu Jun 12 16:40:25 2003
+--- src/configure.default.orig Wed May 5 12:08:35 2004
++++ src/configure.default Wed May 5 15:09:40 2004
@@ -56,7 +56,7 @@
domainlist local_domains = @
@@ -9,16 +9,16 @@
# Most straightforward access control requirements can be obtained by
# appropriate settings of the above options. In more complicated situations, you
-@@ -147,6 +147,8 @@
- # were a normal user. This isn't usually a problem, as most sites have an alias
- # for root that redirects such mail to a human administrator.
+@@ -153,6 +153,8 @@
+ # as if it were a normal user. This isn't usually a problem, as most sites have
+ # an alias for root that redirects such mail to a human administrator.
+exim_user = XX_EXIM_USER_XX
+exim_group = XX_EXIM_GROUP_XX
never_users = root
-@@ -378,7 +380,8 @@
+@@ -412,7 +414,8 @@
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}}
@@ -28,15 +28,15 @@
file_transport = address_file
pipe_transport = address_pipe
-@@ -412,6 +415,7 @@
+@@ -446,6 +449,7 @@
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
+ condition = ${if exists{$home/.forward} {yes} {no} }
- # This router matches local user mailboxes.
-@@ -455,8 +459,10 @@
+ # This router matches local user mailboxes. If the router fails, the error
+@@ -491,8 +495,10 @@
delivery_date_add
envelope_to_add
return_path_add
diff --git a/mail/exim/files/patch-src::verify.c b/mail/exim/files/patch-src::verify.c
deleted file mode 100644
index 848c864442c1..000000000000
--- a/mail/exim/files/patch-src::verify.c
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# A rewrite-influenced bug was introduced in 4.31.
-# http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040419/070387.html
-#
-*** src/verify.c Thu Apr 15 09:27:01 2004
---- verify.c Wed Apr 21 16:28:18 2004
-***************
-*** 758,764 ****
- address_item *addr_succeed = NULL;
- uschar *ko_prefix, *cr;
- uschar *address = vaddr->address;
-! uschar *save_sender = sender_address;
- uschar null_sender[] = { 0 }; /* Ensure writeable memory */
-
- /* Set up a prefix and suffix for error message which allow us to use the same
---- 758,764 ----
- address_item *addr_succeed = NULL;
- uschar *ko_prefix, *cr;
- uschar *address = vaddr->address;
-! uschar *save_sender;
- uschar null_sender[] = { 0 }; /* Ensure writeable memory */
-
- /* Set up a prefix and suffix for error message which allow us to use the same
-***************
-*** 816,825 ****
-
- /* If the address was rewritten to <> no verification can be done, and we have
- to return OK. This rewriting is permitted only for sender addresses; for other
-! addresses, such rewriting faile. */
-
- if (address[0] == 0) return OK;
-
- /* Update the address structure with the possibly qualified and rewritten
- address. Set it up as the starting address on the chain of new addresses. */
-
---- 816,830 ----
-
- /* If the address was rewritten to <> no verification can be done, and we have
- to return OK. This rewriting is permitted only for sender addresses; for other
-! addresses, such rewriting fails. */
-
- if (address[0] == 0) return OK;
-
-+ /* Save a copy of the sender address for re-instating if we change it to <>
-+ while verifying a sender address (a nice bit of self-reference there). */
-+
-+ save_sender = sender_address;
-+
- /* Update the address structure with the possibly qualified and rewritten
- address. Set it up as the starting address on the chain of new addresses. */
-
-***************
-*** 898,904 ****
- if (!is_recipient) sender_address = null_sender;
- rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
- &addr_succeed, verify_type);
-! sender_address = save_sender;
- }
-
- /* If routing an address succeeded, set the flag that remembers, for use when
---- 903,909 ----
- if (!is_recipient) sender_address = null_sender;
- rc = route_address(addr, &addr_local, &addr_remote, &addr_new,
- &addr_succeed, verify_type);
-! sender_address = save_sender; /* Put back the real sender */
- }
-
- /* If routing an address succeeded, set the flag that remembers, for use when
diff --git a/mail/exim/files/wishlist-iplsearch.patch b/mail/exim/files/wishlist-iplsearch.patch
deleted file mode 100644
index 72083ae22250..000000000000
--- a/mail/exim/files/wishlist-iplsearch.patch
+++ /dev/null
@@ -1,395 +0,0 @@
-#
-# Wishlist #254 (2) iplsearch
-# http://www.exim.org/pipermail/exim-users/Week-of-Mon-20040419/070420.html
-#
-diff -uNr src/drtables.c exim-4.32.with-iplsearch/src/drtables.c
---- src/drtables.c 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/drtables.c 2004-04-23 16:16:53.000000000 +0200
-@@ -212,6 +212,23 @@
- #endif
- },
-
-+/* Linear search of single file with ip-addresses and networks */
-+
-+ {
-+ US"iplsearch", /* lookup name */
-+ lookup_absfile, /* uses absolute file name */
-+#ifdef LOOKUP_LSEARCH
-+ lsearch_open, /* open function */
-+ lsearch_check, /* check function */
-+ iplsearch_find, /* find function */
-+ lsearch_close, /* close function */
-+ NULL, /* no tidy function */
-+ NULL /* no quoting function */
-+#else
-+ NULL, NULL, NULL, NULL, NULL, NULL /* lookup not present */
-+#endif
-+ },
-+
- /* LDAP lookup, allowing data from only one entry to be returned */
-
- {
-diff -uNr src/exim.c exim-4.32.with-iplsearch/src/exim.c
---- src/exim.c 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/exim.c 2004-04-23 16:17:14.000000000 +0200
-@@ -814,7 +814,7 @@
-
- fprintf(f, "Lookups:");
- #ifdef LOOKUP_LSEARCH
-- fprintf(f, " lsearch wildlsearch nwildlsearch");
-+ fprintf(f, " lsearch wildlsearch nwildlsearch iplsearch");
- #endif
- #ifdef LOOKUP_CDB
- fprintf(f, " cdb");
-diff -uNr src/functions.h exim-4.32.with-iplsearch/src/functions.h
---- src/functions.h 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/functions.h 2004-04-23 16:01:44.000000000 +0200
-@@ -104,6 +104,7 @@
- extern int host_find_bydns(host_item *, uschar *, int, uschar *, BOOL, BOOL,
- uschar **, BOOL *);
- extern ip_address_item *host_find_interfaces(void);
-+extern BOOL host_is_in_net(uschar *, uschar *);
- extern void host_mask(int, int *, int);
- extern int host_name_lookup(void);
- extern int host_nmtoa(int, int *, int, uschar *);
-diff -uNr src/host.c exim-4.32.with-iplsearch/src/host.c
---- src/host.c 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/host.c 2004-04-23 16:29:34.000000000 +0200
-@@ -2689,7 +2689,84 @@
- return yield;
- }
-
-+/***********************************
-+* host_is_in_net *
-+***********************************/
-+
-+/* Checks an host to be part of a network.
-+
-+Arguments:
-+ host The string representation of the ip-address to check
-+ net The string representation of the network, with optional
-+ cidr-mask
-+
-+Returns:
-+ TRUE if the host is inside the network
-+ FALSE if the host is NOT inside the network
-+*/
-
-+BOOL
-+host_is_in_net(uschar *host, uschar *net)
-+{
-+int maskoffset;
-+int i;
-+int address[4];
-+int incoming[4];
-+int mlen;
-+int size = host_aton(net, address);
-+int insize;
-+
-+if (!string_is_ip_address(net, &maskoffset)) return FALSE;
-+
-+/* No mask => all bits to be checked */
-+
-+if (maskoffset == 0) mlen = 99999; /* Big number */
-+else
-+ {
-+ mlen = Uatoi(net + maskoffset + 1);
-+ net[maskoffset] = '/'; /* restore the slash */
-+ }
-+
-+/* Convert the incoming address to binary. */
-+
-+insize = host_aton(host, incoming);
-+
-+/* Convert IPv4 addresses given in IPv6 compatible mode, which represent
-+ connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
-+ ::ffff:<v4address>, to IPv4 format. */
-+
-+if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
-+ incoming[2] == 0xffff)
-+ {
-+ insize = 1;
-+ incoming[0] = incoming[3];
-+ }
-+
-+/* No match if the sizes don't agree. */
-+
-+if (insize != size) return FALSE;
-+
-+/* Else do the masked comparison. */
-+
-+for (i = 0; i < size; i++)
-+ {
-+ int mask;
-+ if (mlen == 0) mask = 0;
-+ else if (mlen < 32)
-+ {
-+ mask = (-1) << (32 - mlen);
-+ mlen = 0;
-+ }
-+ else
-+ {
-+ mask = -1;
-+ mlen -= 32;
-+ }
-+ if ((incoming[i] & mask) != (address[i] & mask)) return FALSE;
-+ }
-+return TRUE;
-+
-+}
-
-
- /*************************************************
-diff -uNr src/lookups/lsearch.c exim-4.32.with-iplsearch/src/lookups/lsearch.c
---- src/lookups/lsearch.c 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/lookups/lsearch.c 2004-04-23 16:31:20.000000000 +0200
-@@ -9,7 +9,12 @@
- #include "lf_functions.h"
- #include "lsearch.h"
-
--
-+enum {
-+ LSEARCH_PLAIN,
-+ LSEARCH_WILD,
-+ LSEARCH_NWILD,
-+ LSEARCH_IP
-+};
-
- /*************************************************
- * Open entry point *
-@@ -61,7 +66,7 @@
-
- static int
- internal_lsearch_find(void *handle, uschar *filename, uschar *keystring,
-- int length, uschar **result, uschar **errmsg, BOOL wild, BOOL expand)
-+ int length, uschar **result, uschar **errmsg, int type)
- {
- FILE *f = (FILE *)handle;
- BOOL last_was_eol = TRUE;
-@@ -136,34 +141,53 @@
- linekeylength = s - buffer;
- }
-
-- /* A wild lsearch treats each key as a possible wildcarded string. */
--
-- if (wild)
-- {
-- int rc;
-- int save = buffer[linekeylength];
-- uschar *list = buffer;
-- buffer[linekeylength] = 0;
-- rc = match_isinlist(keystring,
-- &list,
-- UCHAR_MAX+(expand? 1:2), /* Single-item list, possibly expanded */
-- NULL, /* No anchor */
-- NULL, /* No caching */
-- MCL_STRING,
-- TRUE, /* Caseless */
-- NULL);
-- buffer[linekeylength] = save;
-
-- if (rc == FAIL) continue;
-- if (rc == DEFER) return DEFER;
-- }
--
-- /* A non-wild lsearch treats each key as a litersl */
--
-- else
-+ switch(type)
- {
-+ /* A non-wild lsearch treats each key as a literal */
-+ case LSEARCH_PLAIN:
- if (linekeylength != length || strncmpic(buffer, keystring, length) != 0)
- continue;
-+ break;
-+
-+ /* A wild lsearch treats each key as a possible wildcarded string. */
-+ case LSEARCH_WILD:
-+ /* Like wildlsearch, but without expanding the key */
-+ case LSEARCH_NWILD:
-+ {
-+ int rc;
-+ int save = buffer[linekeylength];
-+ uschar *list = buffer;
-+ buffer[linekeylength] = 0;
-+ rc = match_isinlist(keystring,
-+ &list,
-+ /* Single-item list, possibly expanded */
-+ UCHAR_MAX+(type == LSEARCH_WILD? 1:2),
-+ NULL, /* No anchor */
-+ NULL, /* No caching */
-+ MCL_STRING,
-+ TRUE, /* Caseless */
-+ NULL);
-+ buffer[linekeylength] = save;
-+
-+ if (rc == FAIL) continue;
-+ if (rc == DEFER) return DEFER;
-+ };
-+ break;
-+ /* Compare an ip address against a list of network/ip addresses */
-+ case LSEARCH_IP:
-+ /* Allow * as search-key */
-+ if (!(length == 1 && linekeylength == 1 &&
-+ buffer[0] == '*' && keystring[0] == '*'))
-+ {
-+ /* This was no wildcard, so try to match key and buffer */
-+ int save = buffer[linekeylength];
-+ buffer[linekeylength] = 0;
-+ if (!host_is_in_net(keystring, buffer))
-+ continue;
-+ buffer[linekeylength] = save;
-+ }
-+ break;
- }
-
- /* The key has matched. Skip spaces after the key, and allow an optional
-@@ -245,7 +269,7 @@
- uschar **result, uschar **errmsg)
- {
- return internal_lsearch_find(handle, filename, keystring, length, result,
-- errmsg, FALSE, FALSE);
-+ errmsg, LSEARCH_PLAIN);
- }
-
-
-@@ -261,7 +285,7 @@
- uschar **result, uschar **errmsg)
- {
- return internal_lsearch_find(handle, filename, keystring, length, result,
-- errmsg, TRUE, TRUE);
-+ errmsg, LSEARCH_WILD);
- }
-
-
-@@ -277,7 +301,31 @@
- uschar **result, uschar **errmsg)
- {
- return internal_lsearch_find(handle, filename, keystring, length, result,
-- errmsg, TRUE, FALSE);
-+ errmsg, LSEARCH_NWILD);
-+}
-+
-+
-+/*************************************************
-+* Find entry point for iplsearch *
-+*************************************************/
-+
-+/* See local README for interface description */
-+
-+int
-+iplsearch_find(void *handle, uschar *filename, uschar *keystring, int length,
-+ uschar **result, uschar **errmsg)
-+{
-+if (string_is_ip_address(keystring, NULL)
-+ || (length == 1 && keystring[0] == '*'))
-+ {
-+ return internal_lsearch_find(handle, filename, keystring, length, result,
-+ errmsg, LSEARCH_IP);
-+ }
-+ else
-+ {
-+ *errmsg = string_sprintf("\"%s\" is not a valid iplsearch key", keystring);
-+ return DEFER;
-+ };
- }
-
-
-diff -uNr src/lookups/lsearch.h exim-4.32.with-iplsearch/src/lookups/lsearch.h
---- src/lookups/lsearch.h 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/lookups/lsearch.h 2004-04-23 12:24:32.000000000 +0200
-@@ -15,4 +15,6 @@
- extern int wildlsearch_find(void *, uschar *, uschar *, int, uschar **, uschar **);
- extern int nwildlsearch_find(void *, uschar *, uschar *, int, uschar **, uschar **);
-
-+extern int iplsearch_find(void *, uschar *, uschar *, int, uschar **, uschar **);
-+
- /* End of lookups/lsearch.h */
-diff -uNr src/verify.c exim-4.32.with-iplsearch/src/verify.c
---- src/verify.c 2004-04-15 10:27:01.000000000 +0200
-+++ exim-4.32.with-iplsearch/src/verify.c 2004-04-25 16:09:11.000000000 +0200
-@@ -1683,10 +1683,10 @@
- check_host(void *arg, uschar *ss, uschar **valueptr, uschar **error)
- {
- check_host_block *cb = (check_host_block *)arg;
--int maskoffset;
- BOOL isquery = FALSE;
- uschar *semicolon, *t;
- uschar **aliases;
-+int maskoffset;
-
- /* Optimize for the special case when the pattern is "*". */
-
-@@ -1714,69 +1714,11 @@
- }
- }
-
--/* If the pattern is an IP address, optionally followed by a bitmask count,
--mask it and the current IP address, and do a binary comparison on them.
--The function string_is_ip_address(), when given a non-NULL second argument,
--puts the offset of a '/' in there and clobbers the '/' to a zero. */
-+/* If the pattern is an IP address, use host_is_in_net for checking. */
-
- if (string_is_ip_address(ss, &maskoffset))
-- {
-- int i;
-- int address[4];
-- int incoming[4];
-- int mlen;
-- int size = host_aton(ss, address);
-- int insize;
--
-- /* No mask => all bits to be checked */
--
-- if (maskoffset == 0) mlen = 99999; /* Big number */
-- else
-- {
-- mlen = Uatoi(ss + maskoffset + 1);
-- ss[maskoffset] = '/'; /* restore the slash */
-- }
--
-- /* Convert the incoming address to binary. */
--
-- insize = host_aton(cb->host_address, incoming);
--
-- /* Convert IPv4 addresses given in IPv6 compatible mode, which represent
-- connections from IPv4 hosts to IPv6 hosts, that is, addresses of the form
-- ::ffff:<v4address>, to IPv4 format. */
--
-- if (insize == 4 && incoming[0] == 0 && incoming[1] == 0 &&
-- incoming[2] == 0xffff)
-- {
-- insize = 1;
-- incoming[0] = incoming[3];
-- }
--
-- /* No match if the sizes don't agree. */
--
-- if (insize != size) return FAIL;
--
-- /* Else do the masked comparison. */
--
-- for (i = 0; i < size; i++)
-- {
-- int mask;
-- if (mlen == 0) mask = 0;
-- else if (mlen < 32)
-- {
-- mask = (-1) << (32 - mlen);
-- mlen = 0;
-- }
-- else
-- {
-- mask = -1;
-- mlen -= 32;
-- }
-- if ((incoming[i] & mask) != (address[i] & mask)) return FAIL;
-- }
-- return OK;
-- }
--
-+ return (host_is_in_net(cb->host_address, ss) ? OK : FAIL);
-+
- /* If the item is of the form net[n]-lookup;<file|query> then it is a lookup on
- a masked IP network, in textual form. The net- stuff really only applies to
- single-key lookups where the key is implicit. For query-style lookups the key