Commit graph

194 commits

Author SHA1 Message Date
jnemeth
c7e3945c29 Get rid of the ugly hacks.mk and always define SM_CONF_STDBOOL_H on
NetBSD.  All supported NetBSD versions (and some unsupported) have it.

XXX  This should not cause any change in functionality, so no revbump.
2009-12-16 13:41:41 +00:00
jnemeth
c7d958e728 Change libmilter to use poll(2) instead of select(2)
unconditionally.  All supported systems should have poll(2).  If
one is found that doesn't then this can be revisited and some way
of making it conditional can be implemented.

     This resolves an issue with applications that have a large
number of open files and want to bump FD_SETSIZE.  Since libmilter
no longer uses select(2), the application is free to monkey with
FD_SETSIZE as it pleases.
2009-12-16 09:46:36 +00:00
zafer
6e38c08981 update master sites. remove dead mirror. 2009-08-15 23:18:11 +00:00
joerg
ce6e8d4701 Convert @exec/@unexec to @pkgdir or drop it. 2009-06-14 20:45:10 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00
wiz
60f460ab01 Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT
block). Uncomment some commented out LICENSE lines while here.
2009-05-19 08:59:00 +00:00
jnemeth
67063bd7fe fix unprivileged builds 2009-03-24 21:05:42 +00:00
jnemeth
133b0f3c6c - various pkglint cleanups
- add user-destdir support

- this should fix PR/41004
2009-03-21 21:30:58 +00:00
jnemeth
bf3f8af8d2 As owner of the package, I have not approved this patch. Having
had a chance to closely examine it, I would prefer it be done
slightly differently.  Also, the patch patches multiple files in
direct contravention of pkgsrc guidelines.  One of the files is
also patched by a different patch.  Having multiple patches applied
to a single file makes maitenance much more difficult.
2009-03-21 21:20:28 +00:00
manu
12170efb93 Fix bad patch checksum 2009-03-10 12:41:14 +00:00
manu
d2931fd38a This patch fixes an important reliability fix when Sendmail performs local
mail delivery with non local NSS passwd source, such as LDAP.

Stock LDAP uses getpwnam(3) to lookup recipients. As mandated by SUSv2,
getpwnam(3) does not set errno, so Sendmail has no way of distinguishing
a non existing user and an error with a remote NSS source. Therefore,
when the LDAP server goes down, Sendmail bounces mail to valid recipients.

A first workround is to remove F=w from Mlocal in sendmail.cf. This will
inhibit local recipient lookups, but it has a two drawbacks
- ~/.forward do not work anymore
- For multi-recipient mails with a single inexistent user, mail.local
cause a DSN reporting an error for all users, whereas all valid users
do get the message.

A better workaround is this patch, which calls getpwnam_r(3). This newer
API do set errno and do return an error code. Sendmail is therefore able
to detect that it had a transcient error in NSS, and it will react by
queuing the message. This is what you really want to happen when LDAP
is down.

I have not been able to get any feedback from Sendmail developers about
this patch.
2009-03-09 21:24:00 +00:00
tron
b38f6faf22 Use "c99" to build under NetBSD if available. This makes "sendmail" build
until PR toolchain/38983 has been fixed.
2008-11-14 14:09:20 +00:00
manu
b9232a223c Enable _FFR_LDAP_NETWORK_TIMEOUT
This feature adds a -c switch to LDAPMAP definitions, which can be used to
specify a connection timeout (the equivalent of ldap.conf's bind_timeout)

Here is an usage example, in sendmail.cf:
O LDAPDefaultSpec=-w 3 -c 1 -l 3
If the server does not connect after 1 second (-c 1), we give up. If it does
not anwer after 3 seconds (-l 3), we give up with a temporary failure.

Using -c is the only way to avoid sendmail getting stuck against a half-dead
slapd, where the TCP port is in listening state but the server will not
serve anything.
2008-08-13 15:41:29 +00:00
jnemeth
68e453d8b8 - add a note that this is used mail/sendmail/Makefile
- change MAINTAINER to OWNER as I prefer to be consulted before changes
  are made
2008-07-15 19:02:11 +00:00
tron
0d3a3bb7af Update "sendmail" and "libmilter" package to version 8.14.3.
Changes since version 8.14.2:
* the MTA accessed storage after it free()d it. This was a regression
  introduced in 8.14.2, but the bug only showed up on a few operating
  systems.
* ruleset processing: the function cataddr() could cause the addition of
  the BlankSub character between some tokens when it should not happen
  and thus failures in rule matching. It seems that none of the default
  rules were affected by this bug and hence the problem did not show up
  for default configurations.
* the libmilter state engine did not deal correctly with milters that
  requested the omission of protocol steps during the negotiation callback.

Approved by John Nemeth.
2008-06-14 08:58:06 +00:00
joerg
a8a3c01339 Explicitly add pax dependency in those Makefiles that use it (or have
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
2008-05-25 21:42:20 +00:00
jnemeth
cf8719c693 Setup BINOWN/BINGRP/SHAREOWN/SHAREGRP for mail/libmilter's benefit. 2008-03-14 03:02:45 +00:00
jnemeth
e9e065357e change comment indicating what uses this file to suggested format 2008-01-04 02:25:36 +00:00
jnemeth
9bf6edb5e3 Update to 8.14.2, a bug fix release:
8.14.2/8.14.2	2007/11/01
	If a message was queued and it contained 8 bit characters in
		a From: or To: header, then those characters could be
		"mistaken" for internal control characters during a queue
		run and trigger various consistency checks.  Problem
		noted by Neil Rickert of Northern Illinois University.
	If MaxMimeHeaderLength is set to a value greater than 0 (which
		it is by default) then even if the Linelimit parameter
		is 0, sendmail corrupted in the non-transfer-encoding
		case every MAXLINE-1 characters.  Patch from John Gardiner
		Myers of Proofpoint.
	Setting the suboption DeliveryMode for DaemonPortOptions did not
		work in earlier 8.14 versions.
	Note: DeliveryMode=interactive is silently converted to
		background if a milter can reject or delete a recipient.
		Prior to 8.14 this happened only if milter could delete
		recipients.
	ClientRate should trigger when the limit was exceeded (as
		documented), not when it was reached.  Patch from
		John Beck of Sun Microsystems.
	Force a queue run for -qGqueuegroup even if no runners are
		specified (R=0) and forking (F=f) is requested.
	When multiple results are requested for a DNS map lookup
		(-z and -Z), return only those that are relevant for
		the query (not also those in the "additional section".)
	If the message transfer time to sendmail (when acting as server)
		exceeds Timeout.queuewarn or Timeout.queuereturn and
		the message is refused (by a milter), sendmail previously
		created a delivery status notification (DSN).  Patch
		from Doug Heath of The Hertz Corporation.
	A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
		the MTA to deal with some input (i.e., "=") itself.
		Problem noted by Eliot Lear.
	sendmail counted a delivery as successful if PIPELINING is
		compiled in but not offered by the server and the
		delivery failed temporarily.  Patch from Werner Wiethege.
	If getting the result of an LDAP query times out then close the
		map so it will be reopened on the next lookup.  This
		should help "failover" configurations that specify more
		than one LDAP server.
	If check_compat returns $#discard then a "savemail panic" could
		be triggered under some circumstances (e.g., requiring
		a system which does not have the compile time flag
		HASFLOCK set). Based on patch by Motonori Nakamura
		of National Institute of Informatics, Japan.
	If a milter rejected a recipient, the count for nrcpts= in the
		logfile entry might have been wrong.  Problem found by
		Petra Humann of TU Dresden.
	If a milter invoked smfi_chgfrom() where ESMTP arguments are not
		NULL, the message body was lost.  Patch from Motonori
		Nakamura of National Institute of Informatics, Japan.
	sendmail(8) had a bogus space in -qGname.  Patch from Peng Haitao.
	CONTRIB: buildvirtuser: Preserve ownership and permissions when
		replacing files.
	CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
		reading the /etc/mail/virtusers/ directory.
	CONTRIB: buildvirtuser: Emit warnings instead of exiting where
		appropriate.
	LIBMILTER: Fix ABI backwards compatibility so milters compiled
		against an older libmilter.so shared library can use an
		8.14 libmilter.so shared library.
	LIBMILTER: smfi_version() did not properly extract the patchlevel
		from the version number, however, the returned value was
		correct for the current libmilter version.
2007-11-02 08:27:36 +00:00
jnemeth
858ea5e600 - create /var/spool/mqueue with mode 0700
- pre-create all directories with INSTALLATION_DIRS+=...
- convert to DESTDIR
2007-10-19 09:11:45 +00:00
jnemeth
bde483c816 add a note about updating mtree files to avoid insecurity complaint 2007-10-16 09:34:18 +00:00
jlam
013d10861d The sendmail and libmilter should have different sets of options. In
particular, libmilter does *not* support "ldap", "sasl", etc. which are
supported by only sendmail.  Do this through the following:

(1) Create libmilter/options.mk with support for the "inet6" option.

(2) Drop inclusion of options.mk from sendmail/Makefile.common and move
    it to libmilter/Makefile and sendmail/Makefile.

While here, properly support IPv6 on FreeBSD, which like DragonFly has
getipnodebyname() in libc.

As a result of these changes, libmilter will no longer depend on
cyrus-sasl or openssl or openldap-client depending on what is set
in PKG_DEFAULT_OPTIONS.

Bump the PKGREVISION of libmilter to 1 due to the changed dependency list.
No change to sendmail as the binary package does not change.
2007-09-25 20:05:23 +00:00
jnemeth
37e75de1aa create manpage directories 2007-06-19 17:10:55 +00:00
jnemeth
2e6905425f Update to sendmail-8.14.1. Major changes since sendmail-8.13.8:
8.14.1/8.14.1	2007/04/03
	Even though a milter rejects a recipient the MTA will still keep
		it in its list of recipients and deliver to it if the
		transaction is accepted. This is a regression introduced
		in 8.14.0 due to the change for SMFIP_RCPT_REJ.  Bug
		found by Andy Fiddaman.
	The new DaemonPortOptions which begin with a lower case character
		could not be set in 8.14.0.
	If a server shut down the connection in response to a STARTTLS
		command, sendmail would log a misleading error message
		due to an internal inconsistency.  Problem found by
		Werner Wiethege.
	Document how some sendmail.cf options change the behavior of mailq.
		Noted by Paul Menchini of the North Carolina School of
		Science and Mathematics.
	CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
	CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
		of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
		m4 options for setting MaxNOOPCommands and
		SharedMemoryKeyFile.
	CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
		options for setting Milter.macros.eoh and Milter.macros.data.
	CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
		Patch from Daniel Carroll of Mesa State College.
	LIBMILTER: Make sure an unknown command does not affect the
		currently available macros.  Problem found by Andy Fiddaman.
	LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
		negotiation.  Problem reported by Bryan Costales.
	LIBMILTER: Fix several minor errors in the documentation.
		Patches from Bryan Costales.
	PORTABILITY FIXES:
		AIX 5.{1,2}: libsm/util.c failed to compile due to
			redefinition of several macros, e.g., SIG_ERR.
			Patch from Jim Pirzyk with assistance by Bob
			Booth, University of Illinois at Urbana-Champaign.
		Add support for QNX.6.  Patch from Sean Boudreau of QNX
			Software Systems.
	New Files:
		devtools/M4/depend/QNX6.m4
		devtools/OS/QNX.6.x
		include/sm/os/sm_os_qnx.h

	New Files added in 8.14.0, but not shown in the release notes entry:
		libmilter/docs/smfi_chgfrom.html
		libmilter/docs/smfi_version.html

8.14.0/8.14.0	2007/01/31
	Header field values are now 8 bit clean.  Notes:
		- header field names are still restricted to 7 bit.
		- RFC 2822 allows only 7 bit (US-ASCII) characters in
		  headers.
	Preserve spaces after the colon in a header.  Previously, any
		number of spaces after the colon would be changed to
		exactly one space.
	In some cases of deeply nested aliases/forwarding, mail can
		be silently lost.  Moreover, the MaxAliasRecursion
		limit may be reached too early, e.g., the counter
		may be off by a factor of 4 in case of a sequence of
		.forward files that refer to others.  Patch from
		Motonori Nakamura of Kyoto University.
	Fix a regression in 8.13.8: if InputMailFilters is set then
		"sendmail -bs" can trigger an assertion because the
		hostname of the client is undefined.  It is now set
		to "localhost" for the xxfi_connect() callback.
	Avoid referencing a freed variable during cleanup when terminating.
		Problem reported and diagnosed by Joe Maimon.
	New option HeloName to set the name for the HELO/EHLO command.
		Patch from Nik Clayton.
	New option SoftBounce to issue temporary errors (4xy) instead of
		permanent errors (5xy).  This can be useful for testing.
	New suboptions for DaemonPortOptions to set them individually
		per daemon socket:
			DeliveryMode	DeliveryMode
			refuseLA	RefuseLA
			delayLA		DelayLA
			queueLA		QueueLA
			children	MaxDaemonChildren
	New option -K for LDAP maps to replace %1 through %9 in the
		lookup key with the LDAP escaped contents of the
		arguments specified in the map lookup.  Loosely based
		on patch from Wolfgang Hottgenroth.
	Log the time after which a greet_pause delay triggered.  Patch
		from Nik Clayton.
	If a client is rejected via TCP wrapper or some other check
		performed by validate_connection() (in conf.c) then do
		not also invoke greet_pause.  Problem noted by Jim Pirzyk
		of the University of Illinois at Urbana-Champaign.
	If a client terminates the SMTP connection during a pause
		introduced by greet_pause, then a misleading message
		was logged previously.  Problem noted by Vernon Schryver
		et.al., patch from Matej Vela.
	New command "mstat" for control socket to provide "machine
		readable" status.
	New named config file rule check_eom which is called at the end
		of a message, its parameter is the size of the message.
	If the macro {addr_type} indicates that the current address
		is a header address it also distinguishes between
		recipient and sender addresses (as it is done for
		envelope addresses).
	When a macro is set in check_relay, then its value is accessible
		by all transactions in the same SMTP session.
	Increase size of key for ldap lookups to 1024 (MAXKEY).
	New option MaxNOOPCommands to override default of 20 for the
		number of "useless" commands before the SMTP server will
		slow down responding.
	New option SharedMemoryKeyFile: if shared memory support is
		enabled, the MTA can be asked to select a shared memory
		key itself by setting SharedMemoryKey to -1 and specifying
		a file where to store the selected key.
	Try to deal with open HTTP proxies that are used to send spam
		by recognizing some commands from them. If the first command
		from the client is GET, POST, CONNECT, or USER, then the
		connection is terminated immediately.
	New PrivacyOptions noactualrecipient to avoid putting
		X-Actual-Recipient lines in DSNs revealing the actual
		account that addresses map to.  Patch from Dan Harkless.
	New options B, z, and Z for DNS maps:
		-B: specify a domain that is always appended to queries.
		-z: specify the delimiter at which to cut off the result of
			a query if it is too long.
		-Z: specify the maximum number of entries to be concatenated
			to form the result of a lookup.
	New target "check" in the Makefile of libsm: instead of running tests
		implicitly while building libsm, they must be explicitly
		started by using "make check".
	Fixed some inconsistent checks for NULL pointers that have been
		reported by the SATURN tool which has been developed by
		Isil Dillig and Thomas Dillig of Stanford University.
	Fix a potential race condition caused by a signal handler for
		terminated child processes.  Problem noted by David F. Skoll.
	When a milter deleted a recipient, that recipient could cause a
		queue group selection. This has been disabled as it was not
		intended.
	New operator 'r' for the arith map to return a random number.
		Patch from Motonori Nakamura of Kyoto University.
	New compile time option MILTER_NO_NAGLE to turn off the Nagle
		algorithm for communication with libmilter ("cork" on Linux),
		which may improve the communication performance on some
		operating systems.  Patch from John Gardiner Myers of
		Proofpoint.
	If sendmail received input that contained a CR without subsequent LF
		(thus violating RFC 2821 (2.3.7)), it could previously
		generate an additional blank line in the output as the last
		line.
	Restarting persistent queue runners by sending a HUP signal to
		the "queue control process" (QCP) works now.
	Increase the length of an input line to 12288 to deal with
		really long lines during SMTP AUTH negotiations.
		Problem noted by Werner Wiethege.
	If ARPANET mode (-ba) was selected STARTTLS would fail (due to
		a missing initialization call for that case).  Problem
		noted by Neil Rickert of Northern Illinois University.
	If sendmail is linked against a library that initializes Cyrus-SASL
		before sendmail did it (such as libnss-ldap), then SMTP AUTH
		could fail for the sendmail client.  A patch by Moritz Both
		works around the API design flaw of Cyrus-SASLv2.
	CONFIG: Make it possible to unset the StatusFile option by
		undefining STATUS_FILE.  By not setting StatusFile,
		the MTA will not attempt to open a statistics file on
		each delivery.
	CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
		clients whose IP address does not have proper reverse DNS.
		Contributed by Neil Rickert of Northern Illinois University
		and John Beck of Sun Microsystems.
	CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
		clients which provide a HELO/EHLO argument which is either
		unqualified, or is one of our own names (i.e., the server
		name instead of the client name).  Contributed by Neil
		Rickert of Northern Illinois University and John Beck of
		Sun Microsystems.
	CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
		(MAIL) whose domain part resolves to a "bad" MX record.
		Based on contribution from William Dell Wisner.
	CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
		the maximum line length of the smtp mailers.
	CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
		to allow entries in the access map to be of the form
			To:user@example.com	RELAY
	CONFIG: New subsuboptions eoh and data to specify the list of
		macros a milter should receive at those stages in the
		SMTP dialogue.
	CONFIG: New option confHELO_NAME for HeloName to set the name
		for the HELO/EHLO command.
	CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
		messages by using those values as second argument.
		Patches from Nelson Fung.
	CONTRIB: cidrexpand uses a hash symbol as comment character and
		ignores everything after it unless it is in quotes or
		preceeded by a backslash.
	DEVTOOLS: New macro confMKDIR: if set to a program that creates
		directories, then it used for "make install" to create
		the required installation directories.
	DEVTOOLS: New macro confCCLINK to specify the linker to use for
		executables (defaults to confCC).
	LIBMILTER: A new version of the milter API has been created that
		has several changes which are listed below and documented
		in the webpages reachable via libmilter/docs/index.html.
	LIBMILTER: The meaning of the version macro SMFI_VERSION has been
		changed.  It now refers only to the version of libmilter,
		not to the protocol version (which is used only internally,
		it is not user/milter-programmer visible).  Additionally,
		a version function smfi_version() has been introduced such
		that a milter program can check the libmilter version also
		at runtime which is useful if a shared library is used.
	LIBMILTER: A new callback xxfi_negotiate() can be used to
		dynamically (i.e., at runtime) determine the available
		protocol actions and features of the MTA and also to
		specify which of these a milter wants to use.  This allows
		for more flexibility than hardcoding these flags in the
		xxfi_flags field of the smfiDesc structure.
	LIBMILTER: A new callback xxfi_data() is available so milters
		can act on the DATA command.
	LIBMILTER: A new callback xxfi_unknown() is available so milters
		can receive also unknown SMTP commands.
	LIBMILTER: A new return code SMFIS_NOREPLY has been added which
		can be used by the xxfi_header() callback provided the
		milter requested the SMFIP_NOHREPL protocol action.
	LIBMILTER: The new return code SMFIS_SKIP can be used in the
		xxfi_body() callback to skip over further body chunks
		and directly advance to the xxfi_eom() callback.  This
		is useful if a milter can make a decision based on the
		body chunks it already received without reading the entire
		rest of the body and the milter wants to invoke functions
		that are only available from the xxfi_eom() callback.
	LIBMILTER: A new function smfi_addrcpt_par() can be used to add
		new recipients including ESMTP parameters.
	LIBMILTER: A new function smfi_chgfrom() can be used to change the
		envelope sender including ESMTP parameters.
	LIBMILTER: A milter can now request to be informed about rejected
		recipients (RCPT) too.  This requires to set the protocol
		flag SMFIP_RCPT_REJ during option negotiation.  Whether
		a RCPT has been rejected can be checked by comparing the
		value of the macro {rcpt_mailer} with "error".
	LIBMILTER: A milter can now override the list of macros that it
		wants to receive from the MTA for each protocol step
		by invoking the function smfi_setsymlist() during option
		negotiation.
	LIBMILTER: A milter can receive header field values with all
		leading spaces by requesting the SMFIP_HDR_LEADSPC
		protocol action.  Also, if the flag is set then the MTA
		does not add a leading space to headers that are added,
		inserted, or replaced.
	LIBMILTER: If a milter sets the reply code to "421" for the HELO
		callback, the SMTP server will terminate the SMTP session
		with that error to match the behavior of all other callbacks.
	New Files:
		cf/feature/badmx.m4
		cf/feature/block_bad_helo.m4
		cf/feature/require_rdns.m4
		devtools/M4/UNIX/check.m4
		include/sm/misc.h
		include/sm/sendmail.h
		include/sm/tailq.h
		libmilter/docs/smfi_addrcpt_par.html
		libmilter/docs/smfi_setsymlist.html
		libmilter/docs/xxfi_data.html
		libmilter/docs/xxfi_negotiate.html
		libmilter/docs/xxfi_unknown.html
		libmilter/example.c
		libmilter/monitor.c
		libmilter/worker.c
		libsm/memstat.c
		libsm/t-memstat.c
		libsm/t-qic.c
		libsm/util.c
		sendmail/daemon.h
		sendmail/map.h
2007-04-26 06:26:27 +00:00
joerg
bcc2486231 Precreate some directories for NO_MTREE. 2007-04-19 19:24:09 +00:00
jnemeth
d1d71ff5fc revert previous, turns out qmail and sendmail don't share any filenames 2007-04-18 01:39:29 +00:00
jnemeth
b7cd7d52f7 add conflict with qmail 2007-04-17 10:35:17 +00:00
jnemeth
af729a761d grammar fix 2007-04-10 07:44:58 +00:00
tv
3c8a1830ee MAINTAINER -> jnemeth@ 2007-04-06 00:20:32 +00:00
wiz
601583c320 Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.
2007-02-22 19:26:05 +00:00
tv
be94bcce23 REPLACE_PERL works even if Perl is not registered as a dependency.
So, compile socketmap support in unconditionally (as the Perl scripts
are actually only examples of socketmap functionality; any language can be
used in reality).  Remove socketmap related OPTIONs completely.
2007-01-20 20:08:31 +00:00
markd
3cff6d1109 Fix rpath for Solaris 10 and 11 so that pkg libraries are found. As per
existing patches for earlier Solaris versions.  Bump PKGREVISION.
2006-12-29 21:44:09 +00:00
tv
a15329a7df Fix thinko in previous that prevented compilation. 2006-10-13 13:58:11 +00:00
tv
bc5d806785 8.13.8nb2:
Don't install .cf files to /etc/mail directly at all; offer a message
about how to install them instead.  Don't create /etc/mail/statistics.
Create mqueue dirs at install via MAKE_DIRS.  Should fix PR pkg/20852.

Make sure SMRSH_CMDDIR gets to the compile defs.  Fixes PR pkg/34513.
2006-10-12 21:04:27 +00:00
tv
5a1a3c06dc nb1: Add patch at http://www.sendmail.org/patches/client_name.assert.p0.
Non-critical, but could cause problems if "sendmail -bs" is used in
conjunction with milters.
2006-09-05 20:01:37 +00:00
tv
d0092bf601 Update to 8.13.8. Changes:
8.13.8/8.13.8   2006/08/09
        Fix a regression in 8.13.7: if shared memory is activated, then
                the server can erroneously report that there is
                insufficient disk space.  Additionally make sure that
                an internal variable is set properly to avoid those
                misleading errors.  Based on patch from Steve Hubert
                of University of Washington.
        Fix a regression in 8.13.7: the PidFile could be removed after
                the process that forks the daemon exited, i.e., if
                sendmail -bd is invoked.  Problem reported by Kan Sasaki
                of Fusion Communications Corp. and Werner Wiethege.
        Avoid opening qf files if QueueSortOrder is "none".  Patch from
                David F. Skoll.
        Avoid a crash when finishing due to referencing a freed variable.
                Problem reported and diagnosed by Moritz Jodeit.
        CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
                range (0..255).
        LIBMILTER: The "hostname" argument of the xxfi_connect() callback
                previously was the equivalent of {client_ptr}.  However,
                this did not match the documentation of the function, hence
                it has been changed to {client_name}.  See doc/op/op.*
                about these macros.
2006-08-09 21:23:00 +00:00
tv
ec008f1b2a Update to 8.13.7; changelog below. (8.13.6nb3 already had the security
fixes by patch.)

While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and
INSTALL definitions into the installed share/sendmail/cf/Makefile.

8.13.7/8.13.7	2006/06/14
	A malformed MIME structure with many parts can cause sendmail to
		crash while trying to send a mail due to a stack overflow,
		e.g., if the stack size is limited (ulimit -s).  This
		happens because the recursion of the function mime8to7()
		was not restricted.  The function is called for MIME 8 to
		7 bit conversion and also to enforce MaxMimeHeaderLength.
		To work around this problem, recursive calls are limited to
		a depth of MAXMIMENESTING (20); message content after this
		limit is treated as opaque and is not checked further.
		Problem noted by Frank Sheiness.
	The changes to the I/O layer in 8.13.6 caused a regression for
		SASL mechanisms that use the security layer, e.g.,
		DIGEST-MD5.  Problem noted by Robert Stampfli.
	If a timeout occurs while reading a message (during the DATA phase)
		a df file might have been left behind in the queue.
		This was another side effect of the changes to the I/O
		layer made in 8.13.6.
	Several minor problems have been fixed that were found by a
		Coverity scan of sendmail 8 as part of the NetBSD
		distribution. See http://scan.coverity.com/
		Note: the scan generated also a lot of "false positives",
		e.g., "error" reports about situations that cannot happen.
		Most of those code places are marked with lint(1) comments
		like NOTREACHED, but Coverity does not understand those.
		Hence an explicit assertion has been added in some cases
		to avoid those false positives.
	If the start of the sendmail daemon fails due to a configuration
		error then in some cases shared memory segments or pid
		files were not removed.
	If DSN support is disabled via access_db, then related ESMTP
		parameters for MAIL and RCPT should be rejected.  Problem
		reported by Akihiro Sagawa.
	Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
		bug work-around.  Hence if sendmail is linked against
		either of these versions and compression is available,
		the padding bug work-around is turned off.  Based on
		patch from Victor Duchovni of Morgan Stanley.
	CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
		blackholes.mail-abuse.org as default domain for lookups,
		however, that list is no longer available.  To avoid
		further problems, no default value is available anymore,
		but an argument must be specified.
	Portability:
		Fix compilation on OSF/1 for sfsasl.c.  Patch from
		Pieter Bowman of the University of Utah.
2006-07-07 18:06:27 +00:00
adrianp
4c9325d865 Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s).  This
happens because the recursion of the function mime8to7()
was not restricted.  The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.
2006-06-14 18:53:53 +00:00
jlam
dbc62d966c Fix names of installed manual pages. The PLIST expects that the pages
are named *.[1-9], so force the pkgsrc installation of sendmail to
always install the manual pages with those names on all platforms.
This fixes the problem noted in:

    http://mail-index.netbsd.org/pkgsrc-users/2006/06/07/0007.html
2006-06-08 02:26:32 +00:00
joerg
a2d78aa426 Prefer PATH_MAX over MAXPATHLEN.
Use a better boundary check, which doesn't depend on PATH_MAX >> NAME_MAX.
Both changes are from DragonFly and have been reported upstream.

Install only man pages, not the catpages. The installation was
inconsistent before.

Bump revision. OK from tv@.
2006-06-07 14:48:28 +00:00
adrianp
347a5c06e7 Add sendmail and smmsp startup files for -current users
Make pkglint happy
Pass MAINTAINERship to tv@
Bump PKGREVISION
2006-06-06 22:03:36 +00:00
ghen
2eca3d9f2c The databases/openldap package has been split in -client and -server component
packages.  Convert LDAP-based applications to depend on openldap-client, and
bump PKGREVISION for those that depend on it by default.
2006-05-31 18:22:23 +00:00
adrianp
f952f726e1 Update to sendmail 8.13.6
> 8.13.6/8.13.6	2006/03/22
> 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> 		and client side of sendmail with timeouts in the libsm I/O
> 		layer and fix problems in that code.  Also fix handling of
> 		a buffer in sm_syslog() which could have been used as an
> 		attack vector to exploit the unsafe handling of
> 		setjmp(3)/longjmp(3) in combination with signals.
> 		Problem detected by Mark Dowd of ISS X-Force.
> 	Handle theoretical integer overflows that could triggered if
> 		the server accepted headers larger than the maximum
> 		(signed) integer value.  This is prevented in the default
> 		configuration by restricting the size of a header, and on
> 		most machines memory allocations would fail before reaching
> 		those values.  Problems found by Phil Brass of ISS.
> 	If a server returns 421 for an RSET command when trying to start
> 		another transaction in a session while sending mail, do
> 		not trigger an internal consistency check.  Problem found
> 		by Allan E Johannesen of Worcester Polytechnic Institute.
> 	If a server returns a 5xy error code (other than 501) in response
> 		to a STARTTLS command despite the fact that it advertised
> 		STARTTLS and that the code is not valid according to RFC
> 		2487 treat it nevertheless as a permanent failure instead
> 		of a protocol error (which has been changed to a
> 		temporary error in 8.13.5).  Problem reported by Jeff
> 		A. Earickson of Colby College.
> 	Clear SMTP state after a HELO/EHLO command.  Patch from John
> 		Myers of Proofpoint.
> 	Observe MinQueueAge option when gathering entries from the queue
> 		for sorting etc instead of waiting until the entries are
> 		processed.  Patch from Brian Fundakowski Feldman.
> 	Set up TLS session cache to properly handle clients that try to
> 		resume a stored TLS session.
> 	Properly count the number of (direct) child processes such that
> 		a configured value (MaxDaemonChildren) is not exceeded.
> 		Based on patch from Attila Bruncsak.
> 	LIBMILTER: Remove superfluous backslash in macro definition
> 		(libmilter.h).  Based on patch from Mike Kupfer of
> 		Sun Microsystems.
> 	LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> 		This generates an error message from libmilter on
> 		Solaris, though other systems appear to just discard the
> 		request silently.
> 	LIBMILTER: Deal with sigwait(2) implementations that return
> 		-1 and set errno instead of returning an error code
> 		directly.  Patch from Chris Adams of HiWAAY Informations
> 		Services.
> 	Portability:
> 		Fix compilation checks for closefrom(3) and statvfs(2)
> 		in NetBSD.  Problem noted by S. Moonesamy, patch from
> 		Andrew Brown.
2006-05-12 22:23:09 +00:00
jlam
6d3e25ffb4 Conflict with courier-mta. 2006-05-01 02:57:03 +00:00
jlam
802ce74fcb Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 00:12:35 +00:00
wiz
0719006c41 Update path from cyrus-sasl2 to cyrus-sasl. 2006-04-13 21:45:12 +00:00
adrianp
46d36588db Add a URL to the new (?) past-releases directory on sendmail.org for fetching
the distfile
2006-03-26 15:58:51 +00:00
adrianp
52c0a606d9 Update sendmail to address the current security issue
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> 		and client side of sendmail with timeouts in the libsm I/O
> 		layer and fix problems in that code.  Also fix handling of
> 		a buffer in sm_syslog() which could have been used as an
> 		attack vector to exploit the unsafe handling of
> 		setjmp(3)/longjmp(3) in combination with signals.
> 		Problem detected by Mark Dowd of ISS X-Force.
> 	Handle theoretical integer overflows that could triggered if
> 		the server accepted headers larger than the maximum
> 		(signed) integer value.  This is prevented in the default
> 		configuration by restricting the size of a header, and on
> 		most machines memory allocations would fail before reaching
> 		those values.  Problems found by Phil Brass of ISS.
2006-03-22 19:56:36 +00:00
tv
84847331e8 Skip ".orig" files in the pax copy, in case local patches (or possible
pkgsrc patches) patch things in cf/.
2006-01-23 17:28:41 +00:00
adrianp
0d86ee2200 Fix build on -HEAD
Identified by Jean-Luc Wasmer in PR# 32527
Fixes from -HEAD by christos@ (setuserenv -> setuserenviron)
Bump to nb1
2006-01-18 21:00:48 +00:00