- Fix smrsh man page patch
- Tidy up MESSAGE
- Replace 8.13.1 errata with 8.13.3 errata
- Remove rename of file outside ${PREFIX} on db2 installs
> 8.13.3/8.13.3 2005/01/11
> Enhance handling of I/O errors, especially EOF, when STARTTLS
> is active.
> Make sure a connection is not reused after it has been closed
> due to a 421 error. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Avoid triggering an assertion when sendmail is interrupted while
> closing a connection. Problem found by Allan E Johannesen
> of Worcester Polytechnic Institute.
> Regression: a change in 8.13.2 caused sendmail not to try the
> next MX host (or FallbackMXhost if configured) when, at
> connection open, the current server returns a 4xy or 5xy
> SMTP reply code. Problem noted by Mark Tranchant.
>
> 8.13.2/8.13.2 2004/12/15
> Do not split the first header even if it exceeds the internal
> buffer size. Previously a part of such a header would
> end up in the body of the message. Problem noted by
> Simple Nomad of BindView.
> Do not complain about "cataddr: string too long" when checking
> headers that do not contain RFC 2822 addresses.
> Problem noted by Rich Graves of Brandeis University.
> If a server returns a 421 reply to the RSET command between
> message deliveries, do not attempt to deliver any more
> messages on that connection. This prevents bogus "Bad
> file number" recipient status. Problem noted by
> Allan E Johannesen of Worcester Polytechnic Institute.
> Allow trailing white space in EHLO command as recommended by RFC
> 2821. Problem noted by Ralph Santagato of SBC Services.
> Deal with clients which use AUTH but negotiate a smaller buffer size
> for data exchanges than the value used by sendmail, e.g.,
> Cyrus IMAP lmtp server. Based on patch by Jamie Clark.
> When passing ESMTP arguments for RCPT to a milter, do not cut
> them off at a comma. Problem noted by Krzysztof Oledzki.
> Add more logging to milter change header functions to
> complement existing logging. Based on patch from
> Gurusamy Sarathy of Active State.
> Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
> Patch from Edgar Hoch of the University of Stuttgart.
> Fix DNS lookup if IPv6 is enabled when converting an IP address
> to a hostname for use with SASL. Problem noted by Ken Jones;
> patch from Hajimu UMEMOTO.
> CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
> mailer. Patch from John Beck of Sun Microsystems.
> LIBMILTER: It was possible that xxfi_abort() was called after
> xxfi_eom() for a message if some timeouts were triggered.
> Patch from Alexey Kravchuk.
> LIBMILTER: Slightly rearrange mutex use in listener.c to allow
> different threads to call smfi_opensocket() and smfi_main().
> Patch from Jordan Ritter of Cloudmark.
> MAIL.LOCAL: Properly terminate MBDB before exiting. Problem
> noted by Nelson Fung.
> MAIL.LOCAL: make strip-mail.local used a wrong path to access
> mail.local. Problem noted by William Park.
> VACATION: Properly terminate MBDB before exiting. Problem noted
> by Nelson Fung.
> Portability:
> Add support for DragonFly BSD.
> New Files:
> cf/ostype/dragonfly.m4
> devtools/OS/DragonFly
> include/sm/os/sm_os_dragonfly.h
> Deleted Files:
> libsm/vsscanf.c
pkgsrc changes:
- move to use options.mk framework
- solaris support tidy-up
- fix linux man page extension handling bug
- allow for a user defined smrsh directory
- update MASTER_SITES
- optional SOCKETMAP support and sample script installation
- ok'ed snj@/wiz@
Summary of some of the major changes include:
- New map "socket" to query maps via TCP/IP sockets.
- Connection rate control as well as control over the number of incoming open
connections.
- Several LDAP enhancements such as LDAP recursion and LDAP URI support.
- Message quarantining.
- AUTH EXTERNAL will only be enabled if STARTTLS was successful and the client
has been authenticated, i.e., {verify} is OK.
- Basic support for certificate revocation lists.
- New queue timeouts for DSN messages.
- Experimental support for MTAMark.
For a full list of changes see:
- http://www.sendmail.org/8.13.0.html
- http://www.sendmail.org/8.13.1.html
Changes since version 8.12.10:
Use QueueFileMode when opening qf files. This error was a
regression in 8.12.10. Problem detected and diagnosed
Lech Szychowski of the Polish Power Grid Company.
Properly count the number of queue runners in a work group and
make sure the total limit of MaxQueueChildren is not
exceeded. Based on patch from Takayuki Yoshizawa of
Techfirm, Inc.
Take care of systems that can generate time values where the
seconds can exceed the usual range of 0 to 59.
Problem noted by Randy Diffenderfer of EDS.
Avoid regeneration of identical queue identifiers by processes
whose process id is the same as that of the initial
sendmail process that was used to start the daemon.
Problem noted by Randy Diffenderfer of EDS.
When a milter invokes smfi_delrcpt() compare the supplied
recipient address also against the printable addresses
of the current list to deal with rewritten addresses.
Based on patch from Sean Hanson of The Asylum.
BadRcptThrottle now also works for addresses which return the
error mailer, e.g., virtusertable entries with the
right hand side error:. Patch from Per Hedeland.
Fix printing of 8 bit characters as octals in log messages.
Based on patch by Andrey J. Melnikoff.
Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
text that has been introduced in 8.12.3. There are some
examples where the new code fails, but the old code works.
To get the 8.12.3-8.12.10 version, compile sendmail with
-DMIME7TO8_OLD=0. If you have an example of improper
7 to 8 bit conversion please send it to us.
Return normal error code for unknown SMTP commands instead of
the one specified by check_relay or a milter for a
connection. Problem noted by Andrzej Filip.
Some ident responses contain data after the terminating CRLF which
causes sendmail to log "POSSIBLE ATTACK...newline in string".
To avoid this everything after LF is ignored.
If the operating system supports O_EXLOCK and HASFLOCK is set
then a possible race condition for creating qf files
can be avoided. Note: the race condition does not
exist within sendmail, but between sendmail and an
external application that accesses qf files.
Log the proper options name for TLS related mising files for
the CACertPath, CACertFile, and DHParameters options.
Do not split an envelope if it will be discarded, otherwise df
files could be left behind. Problem found by Wolfgang
Breyha.
The use of the environment variables HOME and HOSTALIASES has been
deprecated and will be removed in version 8.13. This only
effects configuration which preserve those variable via the
'E' command in the cf file as sendmail clears out its entire
environment.
Portability:
Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
Solaris 10 has unsetenv(), patch from Craig Mohrman of
Sun Microsystems.
LIBMILTER: Add extra checks in case a broken MTA sends bogus data
to libmilter. Based on code review by Rob Grzywinski.
SMRSH: Properly assemble commands that contain '&&' or '||'.
Problem noted by Eric Lee of Talking Heads.
New Files:
devtools/OS/Darwin.7.0
that do make it into the binary package. Under the default configuration
on NetBSD these files are erroneous. This fix should resolve PR 20852
Here are the details:
1) /etc/mail/statistics
This file is created like so:
statistics:
${CP} /dev/null statistics
This file is not needed because sendmail is configured to use:
O StatusFile=/var/log/sendmail.st
To avoid creating this file, I added to devtools/OS/NetBSD:
define(`confNO_STATISTICS_INSTALL', `')
2) /etc/mail/submit.cf
This file is not needed because we install it as:
${PREFIX}/share/sendmail/cf/submit.cf
To avoid installing /etc/mail/submit.cf, I added to devtools/OS/NetBSD:
define(`confINST_DEP', `')
If confINST_DEP is undefined, then it will default to:
`${DESTDIR}/etc/mail/submit.cf ${DESTDIR}${MSPQ}'
3) /var/db/pkg/sendmail-8.12.8nb1/+INSTALL
This is now created by pkg_add with the binary package.
It appears the problem is resolved.
4) /var/spool/clientmqueue
This directory is not needed because sendmail is configured to use:
O QueueDirectory=/var/spool/mqueue
To avoid installing this directory, I added to devtools/OS/NetBSD:
define(`confINST_DEP', `')
8.12.10/8.12.10 2003/09/24
SECURITY: Fix a buffer overflow in address parsing. Problem
detected by Michal Zalewski, patch from Todd C. Miller
of Courtesan Consulting.
Fix a potential buffer overflow in ruleset parsing. This problem
is not exploitable in the default sendmail configuration;
only if non-standard rulesets recipient (2), final (4), or
mailer-specific envelope recipients rulesets are used then
a problem may occur. Problem noted by Timo Sirainen.
Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
Problem noted by Thomas Schulz.
Add several checks to avoid (theoretical) buffer over/underflows.
Properly count message size when performing 7->8 or 8->7 bit MIME
conversions. Problem noted by Werner Wiethege.
Properly compute message priority based on size of entire message,
not just header. Problem noted by Axel Holscher.
Reset SevenBitInput to its configured value between SMTP
transactions for broken clients which do not properly
announce 8 bit data. Problem noted by Stefan Roehrich.
Set {addr_type} during queue runs when processing recipients.
Based on patch from Arne Jansen.
Better error handling in case of (very unlikely) queue-id conflicts.
Perform better error recovery for address parsing, e.g., when
encountering a comment that is too long. Problem noted by
Tanel Kokk, Union Bank of Estonia.
Add ':' to the allowed character list for bogus HELO/EHLO
checking. It is used for IPv6 domain literals. Patch from
Iwaizako Takahiro of FreeBit Co., Ltd.
Reset SASL connection context after a failed authentication attempt.
Based on patch from Rob Siemborski of CMU.
Check Berkeley DB compile time version against run time version
to make sure they match.
Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
in the kernel.
When a milter adds recipients and one of them causes an error,
do not ignore the other recipients. Problem noted by
Bart Duchesne.
CONFIG: Use specified SMTP error code in mailertable entries which
lack a DSN, i.e., "error:### Text". Problem noted by
Craig Hunt.
CONFIG: Call Local_trust_auth with the correct argument. Patch
from Jerome Borsboom.
CONTRIB: Better handling of temporary filenames for doublebounce.pl
and expn.pl to avoid file overwrites, etc. Patches from
Richard A. Nelson of Debian and Paul Szabo.
MAIL.LOCAL: Fix obscure race condition that could lead to an
improper mailbox truncation if close() fails after the
mailbox is fsync()'ed and a new message is delivered
after the close() and before the truncate().
MAIL.LOCAL: If mail delivery fails, do not leave behind a
stale lockfile (which is ignored after the lock timeout).
Patch from Oleg Bulyzhin of Cronyx Plus LLC.
Portability:
Port for AIX 5.2. Thanks to Steve Hubert of University
of Washington for providing access to a computer
with AIX 5.2.
setreuid(2) works on OpenBSD 3.3. Patch from
Todd C. Miller of Courtesan Consulting.
Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
on all operating systems. Patch from Robert Harker
of Harker Systems.
Use strerror(3) on Linux. If this causes a problem on
your Linux distribution, compile with
-DHASSTRERROR=0 and tell sendmail.org about it.
Added Files:
devtools/OS/AIX.5.2
update provided by Adrian Portelli in PR pkg/22836.
Also SASL 2 support added and PLIST tuning.
8.12.8/8.12.8 2003/02/11
SECURITY: Fix a remote buffer overflow in header parsing by
dropping sender and recipient header comments if the
comments are too long. Problem noted by Mark Dowd
of ISS X-Force.
Fix a potential non-exploitable buffer overflow in parsing the
.cf queue settings and potential buffer underflow in
parsing ident responses. Problem noted by Yichen Xie of
Stanford University Compilation Group.
Fix ETRN #queuegroup command: actually start a queue run for
the selected queue group. Problem noted by Jos Vos.
If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
log the fixup as "Fixed MIME header" instead of "Truncated
MIME header". Problem noted by Ian J Hart.
CONFIG: Fix regression bug in proto.m4 that caused a bogus
error message: "FEATURE() should be before MAILER()".
MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
a mailbox has more than one link or whether it is not
a regular file. Patch from John Beck of Sun Microsystems.
8.12.7/8.12.7 2002/12/29
Properly clean up macros to avoid persistence of session data
across various connections. This could cause session
oriented restrictions, e.g., STARTTLS requirements,
to erroneously allow a connection. Problem noted
by Tim Maletic of Priority Health.
Do not lookup MX records when sorting the MSP queue. The MSP
only needs to relay all mail to the MTA. Problem found
by Gary Mills of the University of Manitoba.
Do not restrict the length of connection information to 100
characters in some logging statements. Problem noted by
Erik Parker.
When converting an enhanced status code to an exit status, use
EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
is used.
Reset macro $x when receiving another MAIL command. Problem
noted by Vlado Potisk of Wigro s.r.o.
Don't bother setting the permissions on the build area statistics
file, the proper permissions will be put on the file at
install time. This fixes installation over NFS for some
users. Problem noted by Martin J. Dellwo of 3-Dimensional
Pharmaceuticals, Inc.
Fix problem of decoding SASLv2 encrypted data. Problem noted by
Alex Deiter of Mobile TeleSystems, Komi Republic.
Log milter socket open errors at MilterLogLevel 1 or higher instead
of 11 or higher.
Print early system errors to the console instead of silently
exiting. Problem noted by James Jong of IBM.
Do not process a queue group if Runners is set to 0, regardless
of whether F=f or sendmail is run in verbose mode (-v).
The use of -qGname will still force queue group "name"
to be run even if Runners=0.
Change the level for logging the fact that a daemon is refusing
connections due to high load from LOG_INFO to LOG_NOTICE.
Patch from John Beck of Sun Microsystems.
Use location information for submit.cf from NetInfo
(/locations/sendmail/submit.cf) if available.
Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by
Neil Rickert of Northern Illinois University.
Make behavior of /canon in debug mode consistent with usage in
rulesets. Patch from Shigeno Kazutaka of IIJ.
Fix a potential memory leak in envelope splitting. Problem noted
by John Majikes of IBM.
Do not try to share an mailbox database LDAP connection across
different processes. Problem noted by Randy Kunkee.
Fix logging for undelivered recipients when the SMTP connection
times out during message collection. Problem noted by Neil
Rickert of Northern Illinois University.
Avoid problems with QueueSortOrder=random due to problems with
qsort() on Solaris (and maybe some other operating systems).
Problem noted by Stephan Schulz of Gruner+Jahr..
If -f "" is specified, set the sender address to "<>". Problem
noted by Matthias Andree.
Fix formatting problem of footnotes for plain text output on some
versions of tmac. Patch from Per Hedeland.
Portability:
Berkeley DB 4.1 support (requires at least 4.1.25).
Some getopt(3) implementations in GNU/Linux are broken
and pass a NULL pointer to an option which requires
an argument, hence the builtin version of
sendmail is used instead. This can be overridden
by using -DSM_CONF_GETOPT=0. Problem noted by
Vlado Potisk of Wigro s.r.o.
Support for nph-1.2.0 from Mark D. Roth of the University
of Illinois at Urbana-Champaign.
Support for FreeBSD 5.0's MAC labeling from Robert Watson
of the TrustedBSD Project.
Support for reading the number of processors on an IRIX
system from Michel Bourget of SGI.
Support for UnixWare 7.1 based on input from Larry Rosenman.
Interix support from Nedelcho Stanev of Atlantic Sky
Corporation.
Update Mac OS X/Darwin portability from Wilfredo Sanchez.
CONFIG: Enforce tls_client restrictions even if delay_checks
is used. Problem noted by Malte Starostik.
CONFIG: Deal with an empty hostname created via bogus
DNS entries to get around access restrictions.
Problem noted by Kai Schlichting.
CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
to avoid problems with hostname resolution for localhost
which on many systems does not resolve to 127.0.0.1 (or
::1 for IPv6). If you do not use IPv4 but only IPv6 then
you need to change submit.mc accordingly, see the comment
in the file itself.
CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
error messages from initgroups(3) on AIX 4.3 when sending
mail to non-existing users. Problem noted by Mark Roth of
the University of Illinois at Urbana-Champaign.
CONFIG: Allow local_procmail to override local_lmtp settings.
CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
relay.
CONTRIB: cidrexpand: Deal with the prefix tags that may be included
in access_db.
CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
LIBMILTER: On Solaris libmilter may get into an endless loop if
an error in the communication from/to the MTA occurs.
Patch from Gurusamy Sarathy of Active State.
LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
Patch from from Jose Marcio Martins da Cruz of Ecole
Nationale Superieure des Mines de Paris.
MAIL.LOCAL: Fix a truncation race condition if the close() on
the mailbox fails. Problem noted by Tomoko Fukuzawa of
Sun Microsystems.
MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
fails. Patch from John Beck of Sun Microsystems.
SMRSH: SECURITY: Only allow regular files or symbolic links to be
used for a command. Problem noted by David Endler of
iDEFENSE, Inc.
New Files:
devtools/OS/Interix
include/sm/bdb.h
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
Large number of bug fixes and feature enhancements, especially Milter
(Mail Filter) support and by default installation of sendmail does not use
set-user-ID root anymore.
pkgsrc. Instead, a new variable PKGREVISION is invented that can get
bumped independent of DISTNAME and PKGNAME.
Example #1:
DISTNAME= foo-X.Y
PKGREVISION= Z
=> PKGNAME= foo-X.YnbZ
Example #2:
DISTNAME= barthing-X.Y
PKGNAME= bar-X.Y
PKGREVISION= Z
=> PKGNAME= bar=X.YnbZ (!)
On subsequent changes, only PKGREVISION needs to be bumped, no more risk
of getting DISTNAME changed accidentally.
8.11.4/8.11.4 2001/05/28
Clean up signal handling routines to reduce the chances of heap
corruption and other potential race conditions.
Terminating and restarting the daemon may not be
instantaneous due to this change. Also, non-root users can
no longer send out-of-band signals. Problem reported by
Michal Zalewski of BindView.
If LogLevel is greater than 9 and SASL fails to negotiate an
encryption layer, avoid core dump logging the encryption
strength. Problem noted by Miroslav Zubcic of Crol.
If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
different in those two lines, sendmail might not have
recognized (and used) all of the offered mechanisms.
Fix an IP address lookup problem on Solaris 2.0 - 2.3. Patch
from Kenji Miyake.
This time, really don't use the .. directory when expanding
QueueDirectory wildcards.
If a process is interrupted while closing a map, don't try to close
the same map again while exiting.
Allow local mailers (F=l) to contact remote hosts (e.g., via
LMTP). Problem noted by Norbert Klasen of the University
of Tuebingen.
If Timeout.QueueReturn was set to a value less the time it took
to write a new queue file (e.g., 0 seconds), the bounce
message would be lost. Problem noted by Lorraine L Goff of
Oklahoma State University.
Pass map argument vector into map rewriting engine for the regex
and prog map types. Problem noted by Stephen Gildea of
InTouch Systems, Inc.
When closing an LDAP map due to a temporary error, close all of the
other LDAP maps which share the original map's connection
to the LDAP server. Patch from Victor Duchovni of
Morgan Stanley.
To detect changes of NDBM aliases files check the timestamp of the
.pag file instead of the .dir file. Problem noted by Neil
Rickert of Northern Illinois University.
Don't treat temporary hesiod lookup failures as permanent. Patch
from Werner Wiethege.
If ClientPortOptions is set, make sure to create the outgoing socket
with the family set in that option. Patch from Sean Farley.
Avoid a segmentation fault trying to dereference a NULL pointer
when logging a MaxHopCount exceeded error with an empty
recipient list. Problem noted by Chris Adams of HiWAAY
Internet Services.
Fix DSN for "Too many hops" bounces. Problem noticed by Ulrich
Windl of the Universitaet Regensburg.
Fix DSN for "mail loops back to me" bounces. Problem noticed by
Kari Hurtta of the Finnish Meteorological Institute.
Portability:
OpenBSD has a broken setreuid() implementation.
CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
to 553 since it is allowed by DRUMS.
CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
DEVTOOLS: install.sh did not properly handle paths in the source
file name argument. Noted by Kari Hurtta of the Finnish
Meteorological Institute.
DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
since it generates random process ids.
PRALIASES: Add back adaptive algorithm to deal with different endings
of entries in the database (with/without trailing '\0').
Patch from John Beck of Sun Microsystems.
New Files:
cf/ostype/freebsd4.m4
confDELIVERBYMIN and confSHAREDMEMORYKEY have been renamed to
confDELIVER_BY_MIN and confSHARED_MEMORY_KEY, respectively.
The macro {sendmailMTACluster} replaces {LDAPCluster}.
Added FEATURE(`queuegroup') for selecting a queue group in the
access database.
Added OSTYPE(`freebsd4')
sendmail/TUNING gives some hints about performance tuning.
Any IPv6 addresses used in configuration should be prefixed by the
"IPv6:" tag to identify the address properly. For example, if you
want to add the IPv6 address [2002:c0a8:51d2::23f4] to class {w},
you would need to add [IPv6:2002:c0a8:51d2::23f4]; if you want to
use it in the access database, you would need to use
IPv6:2002:c0a8:51d2::23f4 on the left hand side.
8.11.3/8.11.3 2001/02/27
Prevent a segmentation fault when a bogus value was used in the
LDAPDefaultSpec option's -r, -s, or -M flags and if a bogus
option was used. Problem noted by Allan E Johannesen of
Worcester Polytechnic Institute.
Prevent "token too long" message by shortening {currHeader} which
could be too long if the last copied character was a quote.
Problem detected by Jan Krueger of digitalanswers
communications consulting gmbh.
Additional IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Do not ignore the ClientPortOptions setting if DaemonPortOptions
Modifier=b (bind to same interface) is set and the
connection came in from the command line.
Do not bind to the loopback address if DaemonPortOptions
Modifier=b (bind to same interface) is set. Patch from
John Beck of Sun Microsystems.
Properly deal with open failures on non-optional maps used in
check_* rulesets by returning a temporary failure.
Buffered file I/O files were not being properly fsync'ed to disk
when they were committed.
Properly encode '=' for the AUTH= parameter of the MAIL command.
Problem noted by Hadmut Danisch.
Under certain circumstances the macro {server_name} could be set
to the wrong hostname (of a previous connection), which may
cause some rulesets to return wrong results. This would
usually cause mail to be queued up and delivered later on.
Ignore F=z (LMTP) mailer flag if $u is given in the mailer A=
equate. Problem noted by Motonori Nakamura of Kyoto
University.
Work around broken accept() implementations which only partially
fill in the peer address if the socket is closed before
accept() completes.
Return an SMTP "421" temporary failure if the data file can't be
opened where the "354" reply would normally be given.
Prevent a CPU loop in trying to expand a macro which doesn't exist
in a queue run. Problem noted by Gordon Lack of Glaxo
Wellcome.
If delivering via a program and that program exits with EX_TEMPFAIL,
note that fact for the mailq display instead of just showing
"Deferred". Problem noted by Motonori Nakamura of Kyoto
University.
If doing canonification via /etc/hosts, try both the fully
qualified hostname as well as the first portion of the
hostname. Problem noted by David Bremner of the
University of New Brunswick.
Portability:
Fix a compilation problem for mail.local and rmail if SFIO
is in use. Problem noted by Auteria Wally
Winzer Jr. of Champion Nutrition.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
OpenBSD 2.7 and higher has srandomdev(3). OpenBSD 2.8 and
higher has BSDI-style login classes. Patch from
Todd C. Miller of Courtesan Consulting.
Unixware 7.1.1 doesn't allow h_errno to be set directly if
sendmail is being compiled with -kthread. Problem
noted by Orion Poplawski of CQG, Inc.
CONTRIB: buildvirtuser: Substitute current domain for $DOMAIN and
current left hand side for $LHS in virtuser files.
DEVTOOLS: Do not pass make targets to recursive Build invocations.
Problem noted by Jeff Bronson of J.D. Bronson, Inc.
MAIL.LOCAL: In LMTP mode, do not return errors regarding problems
storing the temporary message file until after the remote
side has sent the final DATA termination dot. Problem
noted by Allan E Johannesen of Worcester Polytechnic
Institute.
MAIL.LOCAL: If LMTP mode is set, give a temporary error if users
are also specified on the command line. Patch from
Motonori Nakamura of Kyoto University.
PRALIASES: Skip over AliasFile specifications which aren't based on
database files (i.e., only show dbm, hash, and btree).
Renamed Files:
devtools/OS/OSF1.V5.0 => devtools/OS/OSF1.V5.x
Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced,
not @VARIABLE@, nor @@VARIABLE@@).
By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX,
X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST.
Clean up some packages while I'm there; add RCS tags to most MESSAGEs.
Remove some uninteresting MESSAGEs.
8.11.2/8.11.2 2000/12/29
Prevent a segmentation fault when trying to set a class in
address test mode due to a negative array index. Audit
other array indexing. This bug is not believed to be
exploitable. Noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Add an FFR (for future release) to drop privileges when using
address test mode. This will be turned on in 8.12. It can
be enabled by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
in your devtools/Site/site.config.m4 file. Suggested by
Michal Zalewski of the "Internet for Schools" project (IdS).
Fix potential problem with Cyrus-SASL security layer which may have
caused I/O errors, especially for mechanism DIGEST-MD5.
When QueueSortOrder was set to host, sendmail might not read
enough of the queue file to determine the host, making the
sort sub-optimal. Problem noted by Jeff Earickson of
Colby College.
Don't issue DSNs for addresses which use the NOTIFY parameter (per
RFC 1891) but don't have FAILURE as value.
Initialize Cyrus-SASL library before the SMTP daemon is started.
This implies that every change to SASL related files requires
a restart of the daemon, e.g., Sendmail.conf, new SASL
mechanisms (in form of shared libraries).
Properly set the STARTTLS related macros during a queue run for
a cached connection. Bug reported by Michael Kellen of
NxNetworks, Inc.
Log the server name in relay= for ruleset tls_server instead of the
client name.
Include original length of bad field/header when reporting
MaxMimeHeaderLength problems. Requested by Ulrich Windl of
the Universitat Regensburg.
Fix delivery to set-user-ID files that are expanded from aliases in
DeliveryMode queue. Problem noted by Ric Anderson of the
University of Arizona.
Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
of Collective Technologies.
Avoid using a negative argument for sleep() calls when delaying answers
to EXPN/VRFY commands on systems which respond very slowly.
Problem noted by Mikolaj J. Habryn of Optus Internet
Engineering.
Make sure the F=u flag is set in the default prog mailer
definition. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Fix IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
Meteorological Institute.
Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
of the parameters to find Family= setting before trying to
interpret Addr= and Port=. Problem noted by Valdis
Kletnieks of Virginia Tech.
When delivering to a file directly from an alias, do not call
initgroups(); instead use the DefaultUser group information.
Problem noted by Marc Schaefer of ALPHANET NF.
RunAsUser now overrides the ownership of the control socket, if
created. Otherwise, sendmail can not remove it upon
close. Problem noted by Werner Wiethege.
Fix ConnectionRateThrottle counting as the option is the number of
overall connections, not the number of connections per
socket. A future version may change this to per socket
counting.
Portability:
Clean up libsmdb so it functions properly on platforms
where sizeof(u_int32_t) != sizeof(size_t). Problem
noted by Rein Tollevik of Basefarm AS.
Fix man page formatting for compatibility with Solaris'
whatis. From Stephen Gildea of InTouch Systems, Inc.
UnixWare 7 includes snprintf() support. From Larry
Rosenman.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Avoid a typedef compile conflict with Berkeley DB 3.X and
Solaris 2.5 or earlier. Problem noted by Bob Hughes
of Pacific Access.
Add preliminary support for AIX 5. Contributed by
Valdis Kletnieks of Virginia Tech.
Solaris 9 load average support from Andrew Tucker of Sun
Microsystems.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University.
CONFIG: Change the default DNS based blacklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names.
CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
patch by Motonori Nakamura of Kyoto University.
CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
Virginia Tech.
CONFIG: Pass the illegal header form <list:;> through untouched
instead of making it worse. Problem noted by Motonori
Nakamura of Kyoto University.
CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
by Jan Krueger of digitalanswers communications consulting
gmbh.
CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
Roth of the University of Illinois at Urbana-Champaign.
DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
variables into bldOS, bldREL, and bldARCH to prevent
namespace collisions. Problem noted by Motonori Nakamura
of Kyoto University.
RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
causes some changes in behavior and may break rmail for
installations where sendmail is actually a wrapper to
another MTA. The change will re-appear in a future
version.
SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
and SunOS 5.8. Requested by Jeff A. Earickson of Colby
College and John Beck of Sun Microsystems.
VACATION: Fix pattern matching for addresses to ignore.
VACATION: Don't reply to addresses of the form owner-*
or *-owner.
New Files:
cf/ostype/aix5.m4
contrib/buildvirtuser
devtools/OS/AIX.5.0
