the new Makefile tries to obey sendmail "Build" script better than before.
need checking for solaris build, and ldap build.
TODO: STARTTLS support
--- 8.10.2 -> 8.11.0
8.11.0/8.11.0 2000/07/19
SECURITY: If sendmail is installed as a non-root set-user-ID binary
(not the normal case), some operating systems will still
keep a saved-uid of the effective-uid when sendmail tries
to drop all of its privileges. If sendmail needs to drop
these privileges and the operating system doesn't set the
saved-uid as well, exit with an error. Problem noted by
Kari Hurtta of the Finnish Meteorological Institute.
SECURITY: sendmail depends on snprintf() NUL terminating the string
it populates. It is possible that some broken
implementations of snprintf() exist that do not do this.
Systems in this category should compile with
-DSNPRINTF_IS_BROKEN=1. Use test/t_snprintf.c to test your
system and report broken implementations to
sendmail-bugs@sendmail.org and your OS vendor. Problem
noted by Slawomir Piotrowski of TELSAT GP.
Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
Implementation influenced by the example programs of
OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
Add new STARTTLS related options CACERTPath, CACERTFile,
ClientCertFile, ClientKeyFile, DHParameters, RandFile,
ServerCertFile, and ServerKeyFile. These are documented in
cf/README and doc/op/op.*.
New STARTTLS related macros: ${cert_issuer}, ${cert_subject},
${tls_version}, ${cipher}, ${cipher_bits}, ${verify},
${server_name}, and ${server_addr}. These are documented
in cf/README and doc/op/op.*.
Add support for the Entropy Gathering Daemon (EGD) for better
random data.
New DontBlameSendmail option InsufficientEntropy for systems which
don't properly seed the PRNG for OpenSSL but want to
try to use STARTTLS despite the security problems.
Support the security layer in SMTP AUTH for mechanisms which
support encryption. Based on code contributed by Tim
Martin of CMU.
Add new macro ${auth_ssf} to reflect the SMTP AUTH security
strength factor.
LDAP's -1 (single match only) flag was not honored if the -z
(delimiter) flag was not given. Problem noted by ST Wong of
the Chinese University of Hong Kong. Fix from Mark Adamson
of CMU.
Add more protection from accidentally tripping OpenLDAP 1.X's
ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
Suggested by Kurt Zeilenga of OpenLDAP.
Fix the default family selection for DaemonPortOptions. As
documented, unless a family is specified in a
DaemonPortOptions option, "inet" is the default. It is
also the default if no DaemonPortOptions value is set.
Therefore, IPv6 users should configure additional sockets
by adding DaemonPortOptions settings with Family=inet6 if
they wish to also listen on IPv6 interfaces. Problem noted
by Jun-ichiro itojun Hagino of the KAME Project.
Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
the interface information for an outgoing connection.
Not doing so was creating a mismatch between the socket
family and address used in subsequent connections if the
M=b modifier was set in DaemonPortOptions. Problem noted
by John Beck of Sun Microsystems.
If DaemonPortOptions modifier M=b is used, determine the socket
family based on the IP address. ${if_family} is no longer
persistent (i.e., saved in qf files). Patch from John Beck
of Sun Microsystems.
sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
macros for both the incoming interface address/family and
the outgoing interface address/family. In order for M=b
modifier in DaemonPortOptions to work properly, preserve
the incoming information in the queue file for later
delivery attempts.
Use SMTP error code and enhanced status code from check_relay in
responses to commands. Problem noted by Jeff Wasilko of
smoe.org.
Add more vigilance in checking for putc() errors on output streams
to protect from a bug in Solaris 2.6's putc(). Problem
noted by Graeme Hewson of Oracle.
The LDAP map -n option (return attribute names only) wasn't working.
Problem noted by Ajay Matia.
Under certain circumstances, an address could be listed as deferred
but would be bounced back to the sender as failed to be
delivered when it really should have been queued. Problem
noted by Allan E Johannesen of Worcester Polytechnic Institute.
Prevent a segmentation fault in a child SMTP process from getting
the SMTP transaction out of sync. Problem noted by Per
Hedeland of Ericsson.
Turn off RES_DEBUG if SFIO is defined unless SFIO_STDIO_COMPAT
is defined to avoid a core dump due to incompatibilities
between sfio and stdio. Problem noted by Neil Rickert
of Northern Illinois University.
Don't log useless envelope ID on initial connection log. Problem
noted by Kari Hurtta of the Finnish Meteorological Institute.
Convert the free disk space shown in a control socket status query
to kilobyte units.
If TryNullMXList is True and there is a temporary DNS failure
looking up the hostname, requeue the message for a later
attempt. Problem noted by Ari Heikkinen of Pohjois-Savo
Polytechnic.
Under the proper circumstances, failed connections would be recorded
as "Bad file number" instead of "Connection failed" in the
queue file and persistent host status. Problem noted by
Graeme Hewson of Oracle.
Avoid getting into an endless loop if a non-hoststat directory exists
within the hoststatus directory (e.g., lost+found).
Patch from Valdis Kletnieks of Virginia Tech.
Make sure Timeout.queuereturn=now returns a bounce message to the
sender. Problem noted by Per Hedeland of Ericsson.
If a message data file can't be opened at delivery time, panic and
abort the attempt instead of delivering a message that
states "<<< No Message Collected >>>".
Fixup the GID checking code from 8.10.2 as it was overly
restrictive. Problem noted by Mark G. Thomas of Mark
G. Thomas Consulting.
Preserve source port number instead of replacing it with the ident
port number (113).
Document the queue status characters in the mailq man page.
Suggested by Ulrich Windl of the Universitat Regensburg.
Process queued items in which none of the recipient addresses have
host portions (or there are no recipients). Problem noted
by Valdis Kletnieks of Virginia Tech.
If a cached LDAP connection is used for multiple maps, make sure
only the first to open the connection is allowed to close
it so a later map close doesn't break the connection for
other maps. Problem noted by Wolfgang Hottgenroth of UUNET.
Netscape's LDAP libraries do not support Kerberos V4
authentication. Patch from Rainer Schoepf of the
University of Mainz.
Provide workaround for inconsistent handling of data passed
via callbacks to Cyrus SASL prior to version 1.5.23.
Mention ENHANCEDSTATUSCODES in the SMTP HELP helpfile. Omission
noted by Ulrich Windl of the Universitat Regensburg.
Portability:
Add the ability to read IPv6 interface addresses into class
'w' under FreeBSD (and possibly others). From Jun
Kuriyama of IMG SRC, Inc. and the FreeBSD Project.
Replace code for finding the number of CPUs on HPUX.
NCRUNIX MP-RAS 3.02 SO_REUSEADDR socket option does not
work properly causing problems if the accept()
fails and the socket needs to be reopened. Patch
from Tom Moore of NCR.
NetBSD uses a .0 extension of formatted man pages. From
Andrew Brown of Graffiti World Wide, Inc.
Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
for calls to getipnodebyname(). The Linux
implementation is broken so AI_ADDRCONFIG is stripped
under Linux. From John Beck of Sun Microsystems and
John Kennedy of Cal State University, Chico.
CONFIG: Catch invalid addresses containing a ',' at the wrong place.
Patch from Neil Rickert of Northern Illinois University.
CONFIG: New variables for the new sendmail options:
confCACERT_PATH CACERTPath
confCACERT CACERTFile
confCLIENT_CERT ClientCertFile
confCLIENT_KEY ClientKeyFile
confDH_PARAMETERS DHParameters
confRAND_FILE RandFile
confSERVER_CERT ServerCertFile
confSERVER_KEY ServerKeyFile
CONFIG: Provide basic rulesets for TLS policy control and add new
tags to the access database to support these policies. See
cf/README for more information.
CONFIG: Add TLS information to the Received: header.
CONFIG: Call tls_client ruleset from check_mail in case it wasn't
called due to a STARTTLS command.
CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
instead of temporary.
CONFIG: FEATURE(`relay_hosts_only') didn't work in combination with
the access map and relaying to a domain without using a To:
tag. Problem noted by Mark G. Thomas of Mark G. Thomas
Consulting.
CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
RootsWeb.com.
CONFIG: Make sure FEATURE(`nullclient') doesn't use aliasing and
forwarding to make it as close to the old behavior as
possible. Problem noted by George W. Baltz of the
University of Maryland.
CONFIG: Added OSTYPE(`darwin') for Mac OS X and Darwin users. From
Wilfredo Sanchez of Apple Computer, Inc.
CONFIG: Changed the map names used by FEATURE(`ldap_routing') from
ldap_mailhost and ldap_mailroutingaddress to ldapmh and
ldapmra as underscores in map names cause problems if
underscore is in OperatorChars. Problem noted by Bob Zeitz
of the University of Alberta.
CONFIG: Apply blacklist_recipients also to hosts in class {w}.
Patch from Michael Tratz of Esosoft Corporation.
CONFIG: Use A=TCP ... instead of A=IPC ... in SMTP mailers.
CONTRIB: Add link_hash.sh to create symbolic links to the hash
of X.509 certificates.
CONTRIB: passwd-to-alias.pl: More protection from special characters;
treat special shells as root aliases; skip entries where the
GECOS full name and username match. From Ulrich Windl of the
Universitat Regensburg.
CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
typo. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Improve handling of a race between re-mqueue
and sendmail. Patch from Graeme Hewson of Oracle.
CONTRIB: re-mqueue.pl: Don't exit(0) at end so can be called as
subroutine Patch from Graeme Hewson of Oracle.
CONTRIB: Add movemail.pl (move old mail messages between queues by
calling re-mqueue.pl) and movemail.conf (configuration
script for movemail.pl). From Graeme Hewson of Oracle.
CONTRIB: Add cidrexpand (expands CIDR blocks as a preprocessor to
makemap). From Derek J. Balling of Yahoo,Inc.
DEVTOOLS: INSTALL_RAWMAN installation option mistakenly applied any
extension modifications (e.g., MAN8EXT) to the installation
target. Patch from James Ralston of Carnegie Mellon
University.
DEVTOOLS: Add support for SunOS 5.9.
DEVTOOLS: New option confLN contains the command used to create
links.
LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
reported.
MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
Denman Tire Corporation.
MAIL.LOCAL: Prevent a possible DoS attack when compiled with
-DCONTENTLENGTH. Based on patch from 3APA3A@SECURITY.NNOV.RU.
MAILSTATS: Fix usage statement (-p and -o are optional).
MAKEMAP: Change man page layout as workaround for problem with nroff
and -man on Solaris 7. Patch from Larry Williamson.
RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
Black Diamond Equipment, Limited.
RMAIL: Prevent a segmentation fault if the incoming message does not
have a From line.
VACATION: Read all of the headers before deciding whether or not
to respond instead of stopping after finding recipient.
Added Files:
cf/ostype/darwin.m4
contrib/cidrexpand
contrib/link_hash.sh
contrib/movemail.conf
contrib/movemail.pl
devtools/OS/SunOS.5.9
test/t_snprintf.c
Changes include:
Version 1.4.8
* Detect and remove all-opaque alpha channel.
* Detect and reduce all-gray truecolor images to grayscale.
Version 1.4.7
* Restored the "-ext" option that was inadvertently overridden
with a new "-exit" option in version 1.4.6 ("-exit" is used to
force an "exit" instead of a "return" from the main program).
Version 1.4.6
* Fixed bug in color-counting of noninterlaced images.
* Added capability of processing multiple rows at a time
(disabled by default because it turns out to be no faster).
* Replaced "return" statements in main() with "exit" statements.
User can force exit instead of return with "-exit" argument.
* Added the UCITA disclaimers to the help output.
directories when creating an image. Now works with and requires mkisofs
from cdrtools 1.9a03 and later. Shows verbose info about CDs. -data option
and CDplus options added for multisession. Addition of a busy pointer.
Changes to 1.8.1 are:
All:
- Fallback code to use the USCSI interface on Solaris
This should add ATAPI support on Solaris 8 sparc.
Solaris 8 x86 does support ATAPI with the scg driver
as Sun fixed the structural bug for thw Intel version.
Warning: The USCI interface has several drawbacks:
- Only finds disk type devices with -scanbus
- Cannot open devices that are currently attached
to the volume management system
- The Goldstar ATAPI CD-ROM in a U-10 transfers data
but the DMA residual count shows that there has
been no transfer at all.
Facit: Test by your own if this interface is usable.
Please report problems!
To check the difference:
cdrecord -scanbus uses the scg driver
cdrecord -scanbus dev=USCSI uses the USCSI interface
cdrecord -toc dev=1,6,0 uses the scg driver
cdrecord -toc dev=USCSI:1,6,0 uses the USCSI interface
NOTE: If you are using the USCSI interface you will need
to shut down the volume management for the drives
you like to use.
- Linux code in libscg now tries to use new features of the
Linus sg driver:
- Trying to use more then 32 kB for DMA
The interface for raising the DMA limit from 32 kB
is a real pain. It needs a lot of code to adopt
the interface to libscg.
- Trying to use the new ioctl() interface if present.
This interface now supports:
- SCSI CDB sizes for vendor unique commands
- SCSI status byte
- SCSI command transport status
- More than 16 bytes of sense data
(not yet working!)
- DMA residual count
(not yet working!)
- Arbitrary DMA address pointers !!!
- Trying to use the new RESET ioctl()
(not yet working!)
All items marked (not yet working!) will turn funtional
after the Linux kernel starts to support them.
It seems that my shouting for a better SCSI interface succeeded.
Linux-2.4 supports or at least includes an interface that may
support the needed things in future.
As from now it is unclear whether the code will expose
any portability problems, please test on different Linux
versions from 2.0 ... 2.4 if available and report problems.
- README.macosX added (needed to know how to compile).
As Apple deliveres an inconsistent OS, you need to follow the
instuctions in this README file before you may compile
cdrtools on Mac OS X.
TODO:
- Better BeOS integration
Cdrecord:
- include sys/select.h if needed (AIX)
- Support for Ricoh 9060 CD-RW/DVD-ROM drive
- Support for Plextor PX-W1210TA (with BURN-Proof)
- Printing of new features added to -prcap function
- New Disk manufacturers:
"WEALTH FAIR INVESTMENT LIMITE"
"General Magnetics Ld"
"MPO"
- DAO now should work with pregapsize == 0 when
using Sony or Goldstar drives.
Cdrecord retries with pregaps set to 1
- New options -shorttrack & -noshorttrack
will allow to copy CD's with supershort tracks
in DAO mode if the drive supports it.
- Fix for a buffer overflow with cdrecord dev=
This problem did not exist on sparc systems,
for this reason it has not been detected before.
- ATIP Decoder now decodes disk sub type for High speed CD-RW
- Support for 99 minute CD's.
- Force the user to use -ignsize to allow >= 90 Minutes on CD even
when the current CD is not in the blank capacity database.
Cdda2wav:
- support for cds with illegal leadout (like HIM-CD)
- bugfix for cd-text detection with plextor/Sony command sets
- should compile and run under Mac-OS-X now
- bugfix with the -q (quiet) option
- bugfix use extra libs (like lossaudio for NetBSD)
- bugfix use the correct sound device for Solaris
- hardened cdda2wav against illegal ISRC codes
- more diagnostics for illegal ISRCs
- use setpriority in favor of nice
- updated cdda2mp3 script for lame usage (alpha)
Readcd:
- minor bugfixes with timing
- New options -noerror & retries=#
- restructured to be more flexible
- Support for C2 error pointer scan with MMC drives &
the Plextor U-Plex 40 CD-ROM
Mkisofs:
- Now mkhybrid code is completely integrated into mkisofs.
There is only one binary. To help users of mkhybrid,
make install creates a hard link from mkhybroid to mkisofs.
- man page cleaned up.
- Now mkhybrid code is completely integrated into mkisofs.
There is only one binary. To help users of mkhybrid,
make install creates a hard link from mkhybroid to mkisofs.
- New Option -eltorito-alt-boot allows to specify more
than one Al Torito boot image (up to 63).
Thanks to Egor Duda (deo@logos-m.ru).
- fixed a core dump problem in multi.c
- write.c now uses static buffer to circumvent a problem
with the stone age Metrowerks C found on BeOS/PPC
- Allow printing of percentage ready without floatingpoint code
in printf.
- apple_driver now compiles, but need to call
make -f apple_driver.mk
by hand
- graft pointers are now really usable:
- Graft points are now disabled by default
- To enable, specify the -graft-point option
dir=dir only works if the '=' is not escaped by '\'
'\\' and '=' must be escaped by a '\\' if
-graft-points has been specified.
- Now there is no more a need to specify a command line arg
if -path-list has been specified.
There's no reason to degrade package maintainability just to appease
pkglint.
Also find xpm headers if xpkgwedge is installed. Closes PR#8373 by
Michael South <msouth@scruz.net>.
Package changes:
* Factor out common post-install code from PLIST and package Makefile
into files/INSTALL.
* Enhance files/sshd.sh to handle start/stop/restart/status.
* Check for usable installed version of OpenSSL. This bit possibly
closes the following PRs: 10404, 10501, 10593
Changes from 2.1.1p3:
* allow multiple whitespace but only one '=' between tokens
* close can fail on AFS
* allow leading whitespace in configuration files
* Always create ~/.ssh with mode 700
API changes. This version has bug fixes and several major enhancements
in loading and displaying TrueType fonts. This closes PR#10261 by
ORI Manabu <ori@tahoo.org>.
Fixed the instruction cycle timings in the cpu6502 core.
Cleaned up the per-driver menu interface somewhat.
Started adding support for multilevel per-driver menus.
Started adding menus for the Disk ][ drives (not working yet).
Added preliminary FDS disk write emulation (doesn't save the changed disk,
but whatever).
Added preliminary FDS timer IRQs (still need write support, but most of my
test images are playable now).
Major changes are:
- Some zero-length extractions using \/ could core dump
- Missed a couple possible overflows
- Support delivery to maildir mailboxes
- Support all styles of mailbox for the mail spool
- Avoid renaming over old messages in directory folders
- fsync() mailboxes before closing them
- Overflows at certain times would confuse procmail
- Root owned lockfiles aren't bogus
Full list of changes are in procmail-3.14/HISTORY.
each package before attempting to install it. Fixes a problem if
'make clean-update' was called at the wrong time.
Make the 'clean-update' target warn about a preserved ${DDIR} and usage
of 'make update REINSTALL=YES' if necessary.
