Hello,This patch for exim replaces all calls to rand() and random() to the secure OpenBSD version, making the compiler less unhappy. After a discussion with one of the exim devs, this change would not have been accepted in mainstream exim because there is no "need" to use a crypto secure algorithm each time. But we do that anyway on OpenBSD, so here it makes sense.
Regards
Index: mail/exim//patches/patch-src_deliver_c
===================================================================
RCS file: mail/exim//patches/patch-src_deliver_c
diff -N mail/exim//patches/patch-src_deliver_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ mail/exim//patches/patch-src_deliver_c 17 Apr 2018 09:11:29 -0000
@@ -0,0 +1,29 @@
+--- src/deliver.c.orig Tue Apr 17 10:49:10 2018
++++ src/deliver.c Tue Apr 17 10:45:34 2018
+@@ -7277,7 +7277,7 @@
+ debug_printf("sending error message to: %s\n", sender_address);
+
+ /* build unique id for MIME boundary */
+- bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
++ bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), arc4random());
+ DEBUG(D_deliver) debug_printf("DSN: MIME boundary: %s\n", bound);
+
+ if (errors_reply_to)
+@@ -7528,7 +7528,7 @@
+ fprintf(f, "To: %s\n", bounce_recipient);
+
+ /* generate boundary string and output MIME-Headers */
+- bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
++ bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), arc4random());
+
+ fprintf(f, "Content-Type: multipart/report;"
+ " report-type=delivery-status; boundary=%s\n"
+@@ -8148,7 +8148,7 @@
+ fprintf(f, "To: %s\n", recipients);
+
+ /* generated boundary string and output MIME-Headers */
+- bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), rand());
++ bound = string_sprintf(TIME_T_FMT "-eximdsn-%d", time(NULL), arc4random());
+
+ fprintf(f, "Content-Type: multipart/report;"
+ " report-type=delivery-status; boundary=%s\n"
Index: mail/exim//patches/patch-src_spam_c
===================================================================
RCS file: mail/exim//patches/patch-src_spam_c
diff -N mail/exim//patches/patch-src_spam_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ mail/exim//patches/patch-src_spam_c 17 Apr 2018 09:11:29 -0000
@@ -0,0 +1,33 @@
+--- src/spam.c.orig Tue Apr 17 10:56:03 2018
++++ src/spam.c Tue Apr 17 10:56:44 2018
+@@ -139,21 +139,11 @@
+ spamd_address_container * sd;
+ long rnd, weights;
+ unsigned pri;
+-static BOOL srandomed = FALSE;
+
+ /* speedup, if we have only 1 server */
+ if (num_servers == 1)
+ return (spamds[0]->is_failed ? -1 : 0);
+
+-/* init ranmod */
+-if (!srandomed)
+- {
+- struct timeval tv;
+- gettimeofday(&tv, NULL);
+- srandom((unsigned int)(tv.tv_usec/1000));
+- srandomed = TRUE;
+- }
+-
+ /* scan for highest pri */
+ for (pri = 0, i = 0; i < num_servers; i++)
+ {
+@@ -170,7 +160,7 @@
+ if (weights == 0) /* all servers failed */
+ return -1;
+
+-for (rnd = random() % weights, i = 0; i < num_servers; i++)
++for (rnd = arc4random() % weights, i = 0; i < num_servers; i++)
+ {
+ sd = spamds[i];
+ if (!sd->is_failed && sd->priority == pri)
Index: mail/exim//patches/patch-src_transports_smtp_socks_c
===================================================================
RCS file: mail/exim//patches/patch-src_transports_smtp_socks_c
diff -N mail/exim//patches/patch-src_transports_smtp_socks_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ mail/exim//patches/patch-src_transports_smtp_socks_c 17 Apr 2018 09:11:29 -0000
@@ -0,0 +1,32 @@
+--- src/transports/smtp_socks.c.orig Tue Apr 17 10:50:46 2018
++++ src/transports/smtp_socks.c Tue Apr 17 10:51:19 2018
+@@ -161,20 +161,10 @@
+ socks_opts * lim = &proxies[nproxies];
+ long rnd, weights;
+ unsigned pri;
+-static BOOL srandomed = FALSE;
+
+ if (nproxies == 1) /* shortcut, if we have only 1 server */
+ return (proxies[0].is_failed ? -1 : 0);
+
+-/* init random */
+-if (!srandomed)
+- {
+- struct timeval tv;
+- gettimeofday(&tv, NULL);
+- srandom((unsigned int)(tv.tv_usec/1000));
+- srandomed = TRUE;
+- }
+-
+ /* scan for highest pri */
+ for (pri = 0, sd = proxies; sd < lim; sd++)
+ if (!sd->is_failed && sd->priority > pri)
+@@ -187,7 +177,7 @@
+ if (weights == 0) /* all servers failed */
+ return -1;
+
+-for (rnd = random() % weights, i = 0; i < nproxies; i++)
++for (rnd = arc4random() % weights, i = 0; i < nproxies; i++)
+ {
+ sd = &proxies[i];
+ if (!sd->is_failed && sd->priority == pri)
smime.p7s
Description: S/MIME Cryptographic Signature
