Merge branch 'master' of ssh://github.com/OpenSMTPD/OpenSMTPD

4 files changed, 135 insertions, 54 deletions

diff --git a/.builds/freebsd.yml b/.builds/freebsd.yml
index 51993106..4bc386d1 100644
--- a/.builds/freebsd.yml
+++ b/.builds/freebsd.yml
@@ -8,7 +8,7 @@ packages:
 - libressl
 - libasr
 - py37-ansible
-- db6
+- db5
 - python3
 - python37
 - python
diff --git a/README.md b/README.md
index bc35c16b..989c730f 100644
--- a/README.md
+++ b/README.md
@@ -1,66 +1,118 @@
 # OpenSMTPD
 
-[![Version](https://img.shields.io/badge/Version-6.7.1p1-brihtgreen.svg)](https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.7.1p1)
+[![Version](https://img.shields.io/badge/Version-6.8.0p2-brihtgreen.svg)](https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/v6.8.0p2)
 [![Coverity Scan analysis](https://scan.coverity.com/projects/278/badge.svg)](https://scan.coverity.com/projects/opensmtpd-opensmtpd)
 [![Packaging status](https://repology.org/badge/tiny-repos/opensmtpd.svg)](https://repology.org/project/opensmtpd/versions)
 [![License: ISC](https://img.shields.io/badge/License-ISC-blue.svg)](https://www.isc.org/licenses/)
 
 
-
 OpenSMTPD is a FREE implementation of the server-side SMTP protocol as
-defined by [RFC 5321](https://tools.ietf.org/html/rfc5321), with some
+defined by [ RFC 5321 ](https://tools.ietf.org/html/rfc5321), with some
 additional standard extensions.
 
 It allows ordinary machines to exchange e-mails with other systems
 speaking the SMTP protocol.
 
-OpenSMTPD runs on top of the OpenBSD operating system but also has a
-portable version that can build and run on several systems, including:
+OpenSMTPD runs on various [ Unix ](https://en.wikipedia.org/wiki/Unix) 
+and Unix-like operating systems including:
 
-* Linux
-* FreeBSD
-* NetBSD
-* DragonFly
+- Linux
+- [ FreeBSD ](https://www.freebsd.org)
+- [ OpenBSD ](https://www.openbsd.org)
+- [ NetBSD ](https://www.netbsd.org)
+- [ DragonFlyBSD ](https://www.dragonflybsd.org)
+- [ OSX ](https://en.wikipedia.org/wiki/MacOS)
 
 For more information: http://www.opensmtpd.org/portable.html
 
-People interested about OpenSMTPD are encouraged to subscribe to our
-mailing list: http://www.opensmtpd.org/list.html
+If you are looking for a comprehensive manual on how to build your own mail server
+visit our [wiki](https://github.com/OpenSMTPD/OpenSMTPD/wiki).
+
+
+## Get In Touch
+
+If you want to stay up to day with most recent developments or chat about 
+OpenSMTPD you can:
 
-and to join the IRC channel: #OpenSMTPD @ irc.freenode.net
+- subscribe to our mailing list: http://www.opensmtpd.org/list.html
+- join the IRC channel: `#opensmtpd` @ [ irc.freenode.net ](https://freenode.net/)
+- submit a bug report or a feature request here on [ GitHub ](https://github.com/OpenSMTPD/OpenSMTPD)
+- visit GitHub's [discussions page](https://github.com/OpenSMTPD/OpenSMTPD/discussions) 
 
-The manual pages are available online at https://www.opensmtpd.org/manual.html,
+
+## Documentation
+
+The manual pages are available [online](https://www.opensmtpd.org/manual.html),
 which you are encouraged to contribute to.
 
-Cheers!
+
+## Install Via Package Manager
+
+Many distributions already provide a packaged version of opensmtpd. All you need
+to do is install it via your package manager.
+
+> :warning: **Some distributions might ship an old version of opensmtpd** Be
+> careful and check the version number to ensure you are running a secure
+> version
+
+### Ubuntu/Debian
+
+    sudo apt install opensmtpd
+
+### Archlinux
+
+Has a [ dedicated wiki page ](https://wiki.archlinux.org/index.php/OpenSMTPD#Installation)
 
 
-# How to build, configure and use Portable OpenSMTPD
+### Alpine Linux
 
-## Dependencies
+    apk install opensmtpd
 
-Portable OpenSMTPD relies on:
-  * autoconf (http://www.gnu.org/software/autoconf/)
-  * automake (http://www.gnu.org/software/automake/)
-  * bison (http://www.gnu.org/software/bison/)
-    or byacc (http://invisible-island.net/byacc/byacc.html)
-  * libevent (http://libevent.org/)
-  * libtool (http://www.gnu.org/software/libtool/)
-  * libressl (https://www.libressl.org/)
-    or OpenSSL (https://www.openssl.org/)
 
+### Fedora
 
-By default OpenSMTPD expects latest versions of all dependencies unless noted otherwise.
+    yum install opensmtpd
 
-Note that some distributions have different packages for a same library, you should always use the `-dev` or `-devel` package (for example, `libevent-dev` or `libevent-devel`) if you're going to build OpenSMTPD yourself.
 
+## Install From Source
 
-## Get the source
 
-    git clone git://github.com/OpenSMTPD/OpenSMTPD.git opensmtpd
+### Install Dependencies
 
+OpenSMTPD relies on:
+  - [ autoconf ](http://www.gnu.org/software/autoconf/)
+  - [ automake ](http://www.gnu.org/software/automake/)
+  - [ bison ](http://www.gnu.org/software/bison/)
+    or [ byacc ](http://invisible-island.net/byacc/byacc.html)
+  - [ libevent ](http://libevent.org/)
+  - [ libtool ](http://www.gnu.org/software/libtool/)
+  - [ libressl ](https://www.libressl.org/)
+    or [ OpenSSL ](https://www.openssl.org/)
+
+You will also need a C compiler and git if you are cloning the git repository
+
+By default OpenSMTPD expects latest versions of all dependencies unless noted
+otherwise.
+
+Note that some distributions have different packages for a same library, you
+should always use the `-dev` or `-devel` package (for example, `libevent-dev`
+or `libevent-devel`) if you're going to build OpenSMTPD yourself.
+
+### Get The Source Code
+
+Clone from github:
+
+    git clone https://github.com/OpenSMTPD/OpenSMTPD.git
+
+
+[Download tarball](https://github.com/OpenSMTPD/OpenSMTPD/archive/v6.8.0p2.zip)
+
+Latest release can always be found [here](https://github.com/OpenSMTPD/OpenSMTPD/releases/latest)
+
+
+
+### Compile
 
-## Build
 
     cd opensmtpd*
     ./bootstrap  # Only if you build from git sources
@@ -68,28 +120,29 @@ Note that some distributions have different packages for a same library, you sho
     make
     sudo make install
 
-### Special notes for FreeBSD/DragonFlyBSD/Mac OS X:
+
+#### Special notes for FreeBSD/DragonFlyBSD/Mac OS X:
 
 Please launch configure with special directive about libevent and
 libasr directory:
 
-### FreeBSD / DragonFlyBSD:
+#### FreeBSD / DragonFlyBSD:
 
     ./configure --with-libasr=/usr/local
 
-### MacOS:
+#### MacOS:
 
     ./configure --with-libevent=/opt/local
 
 Though MacOS includes a copy of bison in the bases system, you will
 need to install a more recent version from, e.g., MacPorts.
 
-## Install
+### Install
 
     sudo make install
 
 
-## Setup historical interface
+### Setup historical interface
 
 OpenSMTPD provides a single utility `smtpctl` to control the daemon and
 the local submission subsystem.
@@ -119,17 +172,17 @@ setting the appropriate symbolic links:
 
 
 The OpenSMTPD project leaves it up to the package maintainers to setup the
-links in their packages as it is very hard for us to accomodate all systems
-with the prefered method in a clean way.
+links in their packages as it is very hard for us to accommodate all systems
+with the preferred method in a clean way.
 
 
-## Configure /etc/smtpd.conf
+### Configure /etc/smtpd.conf
 
-Please have a look at the complete format description of smtpd.conf
-configuration file (https://man.openbsd.org/smtpd.conf)
+Please have a look at the complete format description of `smtpd.conf`
+[configuration file](https://man.openbsd.org/smtpd.conf)
 
 
-## Add OpenSMTPD users
+### Add OpenSMTPD users
 
 To operate, OpenSMTPD requires at least one user, by default `_smtpd`; and
 preferably two users, by default `_smtpd` and `_smtpq`.
@@ -144,18 +197,18 @@ script allows overriding these using the options:
 `--with-user-smtpd`, `--with-user-queue`, and `--with-group-queue`.
 
 
-### NetBSD, Linux (Debian, Arch Linux, ...)
+#### NetBSD, Linux (Debian, Arch Linux, ...)
 
     mkdir /var/empty
     useradd -c "SMTP Daemon" -d /var/empty -s /sbin/nologin _smtpd
     useradd -c "SMTPD Queue" -d /var/empty -s /sbin/nologin _smtpq
 
-### DragonFlyBSD, FreeBSD
+#### DragonFlyBSD, FreeBSD
 
     pw useradd _smtpd -c "SMTP Daemon" -d /var/empty -s /sbin/nologin
     pw useradd _smtpq -c "SMTPD Queue" -d /var/empty -s /sbin/nologin
 
-### Mac OS X
+#### Mac OS X
 
 First we need a group with an unused GID below `500`, list the current
 ones used:
@@ -188,7 +241,7 @@ Add a user - here we have picked `444`:
 repeat for the `_smtpq` user.
 
 
-## Launch smtpd
+### Launch smtpd
 
 First, kill any running sendmail/exim/qmail/postfix or other.
 
diff --git a/ci/README.md b/ci/README.md
index 2eee08f1..f27a25e4 100644
--- a/ci/README.md
+++ b/ci/README.md
@@ -1,6 +1,6 @@
 # Continuous Integration 
 
-This directory contains CI/CD related scripts and resources
+This directory contains CI/CD related scripts and resources.
 
 CI/CD process leverages GitHub Actions as a primary automation platform since
 up to 20 parallel workflows are available for opensource projects.
@@ -8,7 +8,7 @@ up to 20 parallel workflows are available for opensource projects.
 On high level we have multiple dimensions to test: 
 
  - OS Distribution
- - TLS library implementation: libress, openssl
+ - TLS library implementation: libressl, openssl
  - libc implementations: glibc, musl
  - compiler: gcc, clang (not yet tested)
 
@@ -19,8 +19,8 @@ tests.
 
 ## Directory strucuture
 
-- [docker](#dockerfiles) dockerfiles for various distributions
-- [scripts](#scripts) useful scripts for ci/cd automation
+- [docker](#dockerfiles) dockerfiles for various distributions.
+- [scripts](#scripts) useful scripts for ci/cd automation.
 
 
 ## Design Considerations
diff --git a/contrib/libexec/encrypt/encrypt.c b/contrib/libexec/encrypt/encrypt.c
index 80275921..e525fd27 100644
--- a/contrib/libexec/encrypt/encrypt.c
+++ b/contrib/libexec/encrypt/encrypt.c
@@ -25,11 +25,31 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifndef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX
 #define PASSWORD_LEN	128
+#endif
 #define SALT_LEN	16
 
+struct hashing_method {
+	char           *prefix;
+	unsigned long	count;
+};
+
 static unsigned char itoa64[] =	 /* 0 ... 63 => ascii - 64 */
 	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+static struct hashing_method ids[] = {
+	{"$y$", 8},
+	{"$gy$", 8},
+	{"$7$", 8},
+	{"$2a$", 10},
+	{"$2b$", 10},
+	{"$2y$", 10},
+	{"$6$", 5000},
+	{"$5$", 5000},
+	{"$3$", 1},
+	{"$2$", 10},
+	{"$1$", 1000}
+};
 
 static void to64(char *, long int, int);
 static void print_passwd(const char *);
@@ -66,20 +86,28 @@ main(int argc, char *argv[])
 void
 print_passwd(const char *string)
 {
-	const char     *ids[] = { "2a", "6", "5", "3", "2", "1", NULL };
 	const char     *id;
 	char		salt[SALT_LEN+1];
+#ifndef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX
 	char		buffer[PASSWORD_LEN];
+#else
+	char           *buffer;
+#endif
 	int		n;
 	const char     *p;
+	int		nb_ids = sizeof(ids) / sizeof(ids[0]);
 
 	for (n = 0; n < SALT_LEN; ++n)
 		to64(&salt[n], arc4random_uniform(0xff), 1);
 	salt[SALT_LEN] = '\0';
 
-	for (n = 0; ids[n]; n++) {
-		id = ids[n];
-		(void)snprintf(buffer, sizeof buffer, "$%s$%s$", id, salt);
+	for (n = 0; n < nb_ids; n++) {
+		id = ids[n].prefix;
+#ifndef CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX
+		(void)snprintf(buffer, sizeof buffer, "%s%s$", id, salt);
+#else
+                buffer = crypt_gensalt(id, ids[n].count, NULL, 0);
+#endif
 		if ((p = crypt(string, buffer)) == NULL)
 			continue;
 		if (strncmp(p, buffer, strlen(buffer)) != 0)