Rename blacklist to blocklist

MANIFEST

@@ -600,7 +600,7 @@ lib/xwrite.c                          write that handles partial transfers
 m4                                    Autoconf support macros (Directory)
 m4/aux-libs.m4                        Autoconf macro for extra libraries
 m4/bdb.m4                             Autoconf macros for Berkeley DB
-m4/blacklist.m4                       Autoconf macros for blacklistd (BSD OS)
+m4/blocklist.m4                       Autoconf macros for blocklistd (BSD OS)
 m4/canlock.m4                         Autoconf macros for Cancel-Lock support
 m4/cc-c-o.m4                          Autoconf macro for -c -o compiler support
 m4/cc-flags.m4                        Autoconf macro for compiler flags

Makefile.global.in

@@ -162,12 +162,12 @@ CANLOCK_CPPFLAGS= @CANLOCK_CPPFLAGS@
 CANLOCK_LDFLAGS	= @CANLOCK_LDFLAGS@
 CANLOCK_LIBS	= $(abs_builddir)/lib/canlock$(LIBSUFFIX).o @CANLOCK_LIBS@
 
-##  blacklistd support.  Additional flags and libraries needed to add support
-##  for FreeBSD's and NetBSD's blacklistd daemon.
+##  blocklistd support.  Additional flags and libraries needed to add support
+##  for FreeBSD's and NetBSD's blocklistd daemon.
 
-BLACKLIST_CPPFLAGS	= @BLACKLIST_CPPFLAGS@
-BLACKLIST_LDFLAGS	= @BLACKLIST_LDFLAGS@
-BLACKLIST_LIBS		= @BLACKLIST_LIBS@
+BLOCKLIST_CPPFLAGS	= @BLOCKLIST_CPPFLAGS@
+BLOCKLIST_LDFLAGS	= @BLOCKLIST_LDFLAGS@
+BLOCKLIST_LIBS		= @BLOCKLIST_LIBS@
 
 ##  Missing functions.  If non-empty, configure detected that your system
 ##  was missing some standard functions, and INN will be providing its own

ci/test

@@ -32,7 +32,7 @@ make test
 # Test --enable-keywords and disabling optional dependencies.
 make distclean
 ./configure CC="$COMPILER" --enable-keywords --without-bdb \
-    --without-blacklist --without-canlock --without-krb5 --without-openssl \
+    --without-blocklist --without-canlock --without-krb5 --without-openssl \
     --without-sasl --without-sqlite3 --without-zlib
 make warnings
 make test

configure.ac

@@ -132,7 +132,7 @@ m4_define_default([AM_CONDITIONAL], [:])
 dnl Lots of our macros are stored in separate files for ease of maintenance.
 m4_include([m4/aux-libs.m4])
 m4_include([m4/bdb.m4])
-m4_include([m4/blacklist.m4])
+m4_include([m4/blocklist.m4])
 m4_include([m4/canlock.m4])
 m4_include([m4/cc-c-o.m4])
 m4_include([m4/cc-flags.m4])
@@ -543,7 +543,7 @@ fi
 dnl Handle optional libraries and probing for their locations and component
 dnl libraries if needed.
 INN_LIB_BDB_OPTIONAL
-INN_LIB_BLACKLIST_OPTIONAL
+INN_LIB_BLOCKLIST_OPTIONAL
 INN_LIB_CANLOCK_OPTIONAL
 INN_LIB_KRB5_OPTIONAL
 INN_LIB_OPENSSL_OPTIONAL

doc/pod/hacking.pod

@@ -719,7 +719,7 @@ B<--enable-tagged-hash>, B<--enable-keywords>, B<--enable-largefiles>
 and B<--enable-reduced-depends>).
 
 Ideally, ensure INN builds fine with the latest versions of external libraries
-it has support for (S<Berkeley DB>, blacklistd, Cyrus SASL, libcanlock,
+it has support for (S<Berkeley DB>, blocklistd, Cyrus SASL, libcanlock,
 LibreSSL, MIT S<Kerberos v5>, OpenSSL, Perl, Python, SQLite, zlib).
 
 =item 4.

doc/pod/install.pod

@@ -179,7 +179,7 @@ of configure options enabling optional features and the software and
 versions you'll need:
 
     --with-bdb          Berkeley DB 4.4 or higher, 4.7+ recommended
-    --with-blacklist    blacklistd from FreeBSD 11 or higher base system
+    --with-blocklist    blocklistd from FreeBSD 11 or higher base system
     --with-canlock      libcanlock 3.3.0 or higher
     --with-krb5         MIT Kerberos v5 1.6.1 or higher
     --with-openssl      OpenSSL 1.1.1 or higher, 3.0.0+ recommended
@@ -542,18 +542,18 @@ If the libcanlock library is found at configure time, INN will be built with
 Cancel-Lock support unless the B<--without-canlock> flag is explicitly passed
 to C<configure>.
 
-=item B<--with-blacklist>=PATH
+=item B<--with-blocklist>=PATH
 
-Enables B<nnrpd> integration with FreeBSD's or NetBSD's blacklistd(8)
-for blocking of brute force attacks.  blacklistd and its client library
-libblacklist have been available in the FreeBSD base system since S<FreeBSD
+Enables B<nnrpd> integration with FreeBSD's or NetBSD's blocklistd(8)
+for blocking of brute force attacks.  blocklistd and its client library
+libblocklist have been available in the FreeBSD base system since S<FreeBSD
 11> and should be automatically detected if PATH is not given.  They have also
 been in the NetBSD base system since S<NetBSD 7>.
 
 For this feature to have any effect, B<nnrpd> needs to be started with the
-B<-B> flag, and blacklistd needs to be configured and running.  See the
+B<-B> flag, and blocklistd needs to be configured and running.  See the
 B<nnrpd> documentation for a short configuration snippet and/or read the
-blacklistd(8) documentation.
+blocklistd(8) documentation.
 
 =back
 

doc/pod/news.pod

@@ -671,12 +671,12 @@ inn.conf> in case you're passing that flag to B<innd>).
 
 =item *
 
-Andreas Kempe has implemented blacklistd support in B<nnrpd>.  This daemon,
+Andreas Kempe has implemented blocklistd support in B<nnrpd>.  This daemon,
 available notably in FreeBSD and NetBSD, can be used to prevent brute force
 attacks by blocking attackers after a number of failed login attempts.
 When B<nnrpd> is run with the new B<-B> flag, and INN has been configured
-with the new B<--with-blacklist> option, it will report login attempts to the
-blacklistd daemon for potential blocking.
+with the new B<--with-blocklist> option, it will report login attempts to the
+blocklistd daemon for potential blocking.
 
 =item *
 

doc/pod/nnrpd.pod

@@ -80,11 +80,11 @@ Similar to the B<-4> flag.  B<-b> is kept for backward compatibility.
 
 =item B<-B>
 
-If specified, B<nnrpd> will report login attempts to blacklistd(8)
+If specified, B<nnrpd> will report login attempts to blocklistd(8)
 for automatic blocking after a number of failed attempts.  To use this
-flag, the blacklist library must have been found at configure time, or
-B<--with-blacklist> specified at configure time.  For more information, see
-L<BLACKLISTD SUPPORT> below.
+flag, the blocklist library must have been found at configure time, or
+B<--with-blocklist> specified at configure time.  For more information, see
+L<BLOCKLISTD SUPPORT> below.
 
 =item B<-c> I<configfile>
 
@@ -288,21 +288,21 @@ I<tlsprotocols> parameters in F<inn.conf> to fine-tune the behaviour
 of the TLS/SSL negotiation whenever a new attack on the TLS protocol
 or some supported cipher suite is discovered.
 
-=head1 BLACKLISTD SUPPORT
+=head1 BLOCKLISTD SUPPORT
 
-blacklistd(8) is a FreeBSD/NetBSD daemon for preventing brute force attacks by
+blocklistd(8) is a FreeBSD/NetBSD daemon for preventing brute force attacks by
 blocking attackers after a number of failed login attempts.  When B<nnrpd> is
-built with blacklistd support, it will report login attempts to the blacklistd
+built with blocklistd support, it will report login attempts to the blocklistd
 daemon for potential blocking.
 
-Adding the configuration below to F</etc/blacklistd.conf> under the C<[local]>
+Adding the configuration below to F</etc/blocklistd.conf> under the C<[local]>
 section, assuming B<nnrpd> is listening on port 563, would lead to attackers
 being blocked for 10 minutes after 5 failed login attempts.
 
     # adr/mask:port type    proto owner name nfail disable
     563             stream  *     *     *    5     10m
 
-See the blacklistd(8) documentation for more information.
+See the blocklistd(8) documentation for more information.
 
 =head1 PROTOCOL DIFFERENCES
 
@@ -384,7 +384,7 @@ Febuary 1998.
 
 =head1 SEE ALSO
 
-blacklistd(8), ctlinnd(8), innd(8), inn.conf(5), inn-secrets.conf(5),
+blocklistd(8), ctlinnd(8), innd(8), inn.conf(5), inn-secrets.conf(5),
 libinn_uwildmat(3), nnrpd.track(5), passwd.nntp(5), readers.conf(5),
 signal(2).
 

m4/blocklist.m4

@@ -0,0 +1,76 @@
+dnl Find the compiler and linker flags for the blocklist library on FreeBSD
+dnl which integrates with the blocklistd daemon.
+dnl
+dnl Finds the compiler and linker flags for linking with the blocklist library.
+dnl Provides the --with-blocklist, --with-blocklist-lib, and
+dnl --with-blocklist-include configure options to specify non-standard
+dnl paths to the blocklist library.
+dnl
+dnl Provides the macro INN_LIB_BLOCKLIST and sets the substitution variables
+dnl BLOCKLIST_CPPFLAGS, BLOCKLIST_LDFLAGS, and BLOCKLIST_LIBS.  Also provides
+dnl INN_LIB_BLOCKLIST_SWITCH to set CPPFLAGS, LDFLAGS, and LIBS to include the
+dnl blocklist library, saving the current values first, and
+dnl INN_LIB_BLOCKLIST_RESTORE to restore those settings to before the last
+dnl INN_LIB_BLOCKLIST_SWITCH.  Defines HAVE_BLOCKLIST and sets
+dnl inn_use_BLOCKLIST to true.
+dnl
+dnl Provides the INN_LIB_BLOCKLIST_OPTIONAL macro, which should be used if
+dnl blocklist support is optional.  This macro will still always set the
+dnl substitution variables, but they'll be empty if libblocklist is not found
+dnl or if --without-blocklist is given.  Defines HAVE_BLOCKLIST and sets
+dnl inn_use_BLOCKLIST to true if the blocklist library is found and
+dnl --without-blocklist is not given.
+dnl
+dnl Depends on the lib-helper.m4 framework.
+dnl
+dnl Written in 2022 by Andreas Kempe for the InterNetNews (INN) news server
+dnl
+dnl This file is free software; the authors give unlimited permission to copy
+dnl and/or distribute it, with or without modifications, as long as this
+dnl notice is preserved.
+dnl
+dnl SPDX-License-Identifier: FSFULLR
+
+dnl Save the current CPPFLAGS, LDFLAGS, and LIBS settings and switch to
+dnl versions that include the blocklist flags.  Used as a wrapper, with
+dnl INN_LIB_BLOCKLIST_RESTORE, around tests.
+AC_DEFUN([INN_LIB_BLOCKLIST_SWITCH], [INN_LIB_HELPER_SWITCH([BLOCKLIST])])
+
+dnl Restore CPPFLAGS, LDFLAGS, and LIBS to their previous values (before
+dnl INN_LIB_BLOCKLIST_SWITCH was called).
+AC_DEFUN([INN_LIB_BLOCKLIST_RESTORE], [INN_LIB_HELPER_RESTORE([BLOCKLIST])])
+
+dnl Checks if the blocklist library is present.  The single argument, if
+dnl "true", says to fail if the blocklist library could not be found.
+AC_DEFUN([_INN_LIB_BLOCKLIST_INTERNAL],
+[INN_LIB_HELPER_PATHS([BLOCKLIST])
+ INN_LIB_BLOCKLIST_SWITCH
+ AC_CHECK_HEADER([blocklist.h],
+    [AC_CHECK_LIB([blocklist], [blocklist_r],
+        [BLOCKLIST_LIBS="-lblocklist"],
+        [AS_IF([test x"$1" = xtrue],
+            [AC_MSG_ERROR([cannot find usable blocklist library])])])],
+    [AS_IF([test x"$1" = xtrue],
+        [AC_MSG_ERROR([cannot find usable blocklist header])])])
+ INN_LIB_BLOCKLIST_RESTORE])
+
+dnl The main macro for packages with mandatory blocklist support.
+AC_DEFUN([INN_LIB_BLOCKLIST],
+[INN_LIB_HELPER_VAR_INIT([BLOCKLIST])
+ INN_LIB_HELPER_WITH([blocklist], [blocklist], [BLOCKLIST])
+ _INN_LIB_BLOCKLIST_INTERNAL([true])
+ inn_use_BLOCKLIST=true
+ AC_DEFINE([HAVE_BLOCKLIST], 1, [Define if libblocklist is available.])])
+
+dnl The main macro for packages with optional blocklist support.
+AC_DEFUN([INN_LIB_BLOCKLIST_OPTIONAL],
+[INN_LIB_HELPER_VAR_INIT([BLOCKLIST])
+ INN_LIB_HELPER_WITH_OPTIONAL([blocklist], [blocklist], [BLOCKLIST])
+ AS_IF([test x"$inn_use_BLOCKLIST" != xfalse],
+    [AS_IF([test x"$inn_use_BLOCKLIST" = xtrue],
+        [_INN_LIB_BLOCKLIST_INTERNAL([true])],
+        [_INN_LIB_BLOCKLIST_INTERNAL([false])])])
+ AS_IF([test x"$BLOCKLIST_LIBS" = x],
+    [INN_LIB_HELPER_VAR_CLEAR([BLOCKLIST])],
+    [inn_use_BLOCKLIST=true
+     AC_DEFINE([HAVE_BLOCKLIST], 1, [Define if libblocklist is available.])])])

nnrpd/Makefile

@@ -2,7 +2,7 @@ include ../Makefile.global
 
 top		= ..
 CFLAGS		= $(GCFLAGS) $(SSL_CPPFLAGS) $(SASL_CPPFLAGS) $(ZLIB_CPPFLAGS) \
-		  $(BLACKLIST_CPPFLAGS)
+		  $(BLOCKLIST_CPPFLAGS)
 
 ALL		= nnrpd
 
@@ -36,7 +36,7 @@ NNRPDLIBS	= $(LIBSTORAGE) $(LIBHIST) $(LIBINN) $(STORAGE_LIBS) \
 		  $(SSL_LDFLAGS) $(SSL_LIBS) \
 		  $(CRYPTO_LIBS) $(SASL_LDFLAGS) $(SASL_LIBS) \
 		  $(ZLIB_LDFLAGS) $(ZLIB_LIBS) \
-		  $(BLACKLIST_LDFLAGS) $(BLACKLIST_LIBS) \
+		  $(BLOCKLIST_LDFLAGS) $(BLOCKLIST_LIBS) \
 		  $(PERL_LIBS) $(PYTHON_LIBS) \
 		  $(LIBS)
 

nnrpd/nnrpd.c

@@ -51,10 +51,10 @@ bool encryption_layer_on = false;
 #endif
 
 /* Optional arguments for getopt. */
-#if defined(HAVE_BLACKLIST)
-#    define BLACKLIST_OPT "B"
+#if defined(HAVE_BLOCKLIST)
+#    define BLOCKLIST_OPT "B"
 #else
-#    define BLACKLIST_OPT ""
+#    define BLOCKLIST_OPT ""
 #endif
 
 #if defined(HAVE_OPENSSL)
@@ -1033,7 +1033,7 @@ main(int argc, char *argv[])
 #endif /* HAVE_SASL */
 
     while ((i = getopt(argc, argv,
-                       "4:6:b:" BLACKLIST_OPT "c:Dfi:I:nop:P:r:s:" OPENSSL_OPT
+                       "4:6:b:" BLOCKLIST_OPT "c:Dfi:I:nop:P:r:s:" OPENSSL_OPT
                        "t"))
            != EOF)
         switch (i) {
@@ -1049,11 +1049,11 @@ main(int argc, char *argv[])
         case '6': /* Bind to a certain IPv6 address. */
             ListenAddr6 = xstrdup(optarg);
             break;
-#if defined(HAVE_BLACKLIST)
-        case 'B': /* Enable blacklistd functionality. */
-            BlacklistEnabled = true;
+#if defined(HAVE_BLOCKLIST)
+        case 'B': /* Enable blocklistd functionality. */
+            BlocklistEnabled = true;
             break;
-#endif            /* HAVE_BLACKLIST */
+#endif            /* HAVE_BLOCKLIST */
         case 'c': /* Use alternate readers.conf. */
             ConfFile = concatpath(innconf->pathetc, optarg);
             break;

nnrpd/nnrpd.h

@@ -181,7 +181,7 @@ EXTERN ACCESSGROUP *PERMaccessconf;
 EXTERN bool Tracing;
 EXTERN bool Offlinepost;
 EXTERN bool initialSSL;
-EXTERN bool BlacklistEnabled;
+EXTERN bool BlocklistEnabled;
 EXTERN bool hasSentCapabilities;
 EXTERN char **PERMreadlist;
 EXTERN char **PERMpostlist;