head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.26 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.24 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.22 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.20 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.18 pkgsrc-2009Q4-base:1.6 pkgsrc-2008Q4:1.6.0.16 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.14 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.12 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.10 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.8 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.6 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.4 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.2 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.5.0.6 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.5.0.4 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.2 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.3.0.2 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.1.0.2 pkgsrc-2006Q1-base:1.1; locks; strict; comment @# @; 1.6 date 2007.04.26.06.26.27; author jnemeth; state dead; branches; next 1.5; 1.5 date 2006.09.05.20.01.37; author tv; state Exp; branches; next 1.4; 1.4 date 2006.07.07.18.06.28; author tv; state dead; branches; next 1.3; 1.3 date 2006.06.14.18.53.53; author adrianp; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2006.05.12.22.23.09; author adrianp; state dead; branches; next 1.1; 1.1 date 2006.01.18.21.00.48; author adrianp; state Exp; branches 1.1.2.1; next ; 1.3.2.1 date 2006.08.29.06.53.23; author ghen; state dead; branches; next ; 1.1.2.1 date 2006.05.22.14.15.27; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.06.14.21.06.26; author salo; state Exp; branches; next ; desc @@ 1.6 log @Update to sendmail-8.14.1. Major changes since sendmail-8.13.8: 8.14.1/8.14.1 2007/04/03 Even though a milter rejects a recipient the MTA will still keep it in its list of recipients and deliver to it if the transaction is accepted. This is a regression introduced in 8.14.0 due to the change for SMFIP_RCPT_REJ. Bug found by Andy Fiddaman. The new DaemonPortOptions which begin with a lower case character could not be set in 8.14.0. If a server shut down the connection in response to a STARTTLS command, sendmail would log a misleading error message due to an internal inconsistency. Problem found by Werner Wiethege. Document how some sendmail.cf options change the behavior of mailq. Noted by Paul Menchini of the North Carolina School of Science and Mathematics. CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce. CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE m4 options for setting MaxNOOPCommands and SharedMemoryKeyFile. CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4 options for setting Milter.macros.eoh and Milter.macros.data. CONTRIB: Use flock() and fcntl() in qtool.pl if necessary. Patch from Daniel Carroll of Mesa State College. LIBMILTER: Make sure an unknown command does not affect the currently available macros. Problem found by Andy Fiddaman. LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option negotiation. Problem reported by Bryan Costales. LIBMILTER: Fix several minor errors in the documentation. Patches from Bryan Costales. PORTABILITY FIXES: AIX 5.{1,2}: libsm/util.c failed to compile due to redefinition of several macros, e.g., SIG_ERR. Patch from Jim Pirzyk with assistance by Bob Booth, University of Illinois at Urbana-Champaign. Add support for QNX.6. Patch from Sean Boudreau of QNX Software Systems. New Files: devtools/M4/depend/QNX6.m4 devtools/OS/QNX.6.x include/sm/os/sm_os_qnx.h New Files added in 8.14.0, but not shown in the release notes entry: libmilter/docs/smfi_chgfrom.html libmilter/docs/smfi_version.html 8.14.0/8.14.0 2007/01/31 Header field values are now 8 bit clean. Notes: - header field names are still restricted to 7 bit. - RFC 2822 allows only 7 bit (US-ASCII) characters in headers. Preserve spaces after the colon in a header. Previously, any number of spaces after the colon would be changed to exactly one space. In some cases of deeply nested aliases/forwarding, mail can be silently lost. Moreover, the MaxAliasRecursion limit may be reached too early, e.g., the counter may be off by a factor of 4 in case of a sequence of .forward files that refer to others. Patch from Motonori Nakamura of Kyoto University. Fix a regression in 8.13.8: if InputMailFilters is set then "sendmail -bs" can trigger an assertion because the hostname of the client is undefined. It is now set to "localhost" for the xxfi_connect() callback. Avoid referencing a freed variable during cleanup when terminating. Problem reported and diagnosed by Joe Maimon. New option HeloName to set the name for the HELO/EHLO command. Patch from Nik Clayton. New option SoftBounce to issue temporary errors (4xy) instead of permanent errors (5xy). This can be useful for testing. New suboptions for DaemonPortOptions to set them individually per daemon socket: DeliveryMode DeliveryMode refuseLA RefuseLA delayLA DelayLA queueLA QueueLA children MaxDaemonChildren New option -K for LDAP maps to replace %1 through %9 in the lookup key with the LDAP escaped contents of the arguments specified in the map lookup. Loosely based on patch from Wolfgang Hottgenroth. Log the time after which a greet_pause delay triggered. Patch from Nik Clayton. If a client is rejected via TCP wrapper or some other check performed by validate_connection() (in conf.c) then do not also invoke greet_pause. Problem noted by Jim Pirzyk of the University of Illinois at Urbana-Champaign. If a client terminates the SMTP connection during a pause introduced by greet_pause, then a misleading message was logged previously. Problem noted by Vernon Schryver et.al., patch from Matej Vela. New command "mstat" for control socket to provide "machine readable" status. New named config file rule check_eom which is called at the end of a message, its parameter is the size of the message. If the macro {addr_type} indicates that the current address is a header address it also distinguishes between recipient and sender addresses (as it is done for envelope addresses). When a macro is set in check_relay, then its value is accessible by all transactions in the same SMTP session. Increase size of key for ldap lookups to 1024 (MAXKEY). New option MaxNOOPCommands to override default of 20 for the number of "useless" commands before the SMTP server will slow down responding. New option SharedMemoryKeyFile: if shared memory support is enabled, the MTA can be asked to select a shared memory key itself by setting SharedMemoryKey to -1 and specifying a file where to store the selected key. Try to deal with open HTTP proxies that are used to send spam by recognizing some commands from them. If the first command from the client is GET, POST, CONNECT, or USER, then the connection is terminated immediately. New PrivacyOptions noactualrecipient to avoid putting X-Actual-Recipient lines in DSNs revealing the actual account that addresses map to. Patch from Dan Harkless. New options B, z, and Z for DNS maps: -B: specify a domain that is always appended to queries. -z: specify the delimiter at which to cut off the result of a query if it is too long. -Z: specify the maximum number of entries to be concatenated to form the result of a lookup. New target "check" in the Makefile of libsm: instead of running tests implicitly while building libsm, they must be explicitly started by using "make check". Fixed some inconsistent checks for NULL pointers that have been reported by the SATURN tool which has been developed by Isil Dillig and Thomas Dillig of Stanford University. Fix a potential race condition caused by a signal handler for terminated child processes. Problem noted by David F. Skoll. When a milter deleted a recipient, that recipient could cause a queue group selection. This has been disabled as it was not intended. New operator 'r' for the arith map to return a random number. Patch from Motonori Nakamura of Kyoto University. New compile time option MILTER_NO_NAGLE to turn off the Nagle algorithm for communication with libmilter ("cork" on Linux), which may improve the communication performance on some operating systems. Patch from John Gardiner Myers of Proofpoint. If sendmail received input that contained a CR without subsequent LF (thus violating RFC 2821 (2.3.7)), it could previously generate an additional blank line in the output as the last line. Restarting persistent queue runners by sending a HUP signal to the "queue control process" (QCP) works now. Increase the length of an input line to 12288 to deal with really long lines during SMTP AUTH negotiations. Problem noted by Werner Wiethege. If ARPANET mode (-ba) was selected STARTTLS would fail (due to a missing initialization call for that case). Problem noted by Neil Rickert of Northern Illinois University. If sendmail is linked against a library that initializes Cyrus-SASL before sendmail did it (such as libnss-ldap), then SMTP AUTH could fail for the sendmail client. A patch by Moritz Both works around the API design flaw of Cyrus-SASLv2. CONFIG: Make it possible to unset the StatusFile option by undefining STATUS_FILE. By not setting StatusFile, the MTA will not attempt to open a statistics file on each delivery. CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP clients whose IP address does not have proper reverse DNS. Contributed by Neil Rickert of Northern Illinois University and John Beck of Sun Microsystems. CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP clients which provide a HELO/EHLO argument which is either unqualified, or is one of our own names (i.e., the server name instead of the client name). Contributed by Neil Rickert of Northern Illinois University and John Beck of Sun Microsystems. CONFIG: New FEATURE(`badmx') to reject envelope sender addresses (MAIL) whose domain part resolves to a "bad" MX record. Based on contribution from William Dell Wisner. CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override the maximum line length of the smtp mailers. CONFIG: New option `relaytofulladdress' for FEATURE(`access_db') to allow entries in the access map to be of the form To:user@@example.com RELAY CONFIG: New subsuboptions eoh and data to specify the list of macros a milter should receive at those stages in the SMTP dialogue. CONFIG: New option confHELO_NAME for HeloName to set the name for the HELO/EHLO command. CONFIG: dnsbl and enhdnsbl can now also discard or quarantine messages by using those values as second argument. Patches from Nelson Fung. CONTRIB: cidrexpand uses a hash symbol as comment character and ignores everything after it unless it is in quotes or preceeded by a backslash. DEVTOOLS: New macro confMKDIR: if set to a program that creates directories, then it used for "make install" to create the required installation directories. DEVTOOLS: New macro confCCLINK to specify the linker to use for executables (defaults to confCC). LIBMILTER: A new version of the milter API has been created that has several changes which are listed below and documented in the webpages reachable via libmilter/docs/index.html. LIBMILTER: The meaning of the version macro SMFI_VERSION has been changed. It now refers only to the version of libmilter, not to the protocol version (which is used only internally, it is not user/milter-programmer visible). Additionally, a version function smfi_version() has been introduced such that a milter program can check the libmilter version also at runtime which is useful if a shared library is used. LIBMILTER: A new callback xxfi_negotiate() can be used to dynamically (i.e., at runtime) determine the available protocol actions and features of the MTA and also to specify which of these a milter wants to use. This allows for more flexibility than hardcoding these flags in the xxfi_flags field of the smfiDesc structure. LIBMILTER: A new callback xxfi_data() is available so milters can act on the DATA command. LIBMILTER: A new callback xxfi_unknown() is available so milters can receive also unknown SMTP commands. LIBMILTER: A new return code SMFIS_NOREPLY has been added which can be used by the xxfi_header() callback provided the milter requested the SMFIP_NOHREPL protocol action. LIBMILTER: The new return code SMFIS_SKIP can be used in the xxfi_body() callback to skip over further body chunks and directly advance to the xxfi_eom() callback. This is useful if a milter can make a decision based on the body chunks it already received without reading the entire rest of the body and the milter wants to invoke functions that are only available from the xxfi_eom() callback. LIBMILTER: A new function smfi_addrcpt_par() can be used to add new recipients including ESMTP parameters. LIBMILTER: A new function smfi_chgfrom() can be used to change the envelope sender including ESMTP parameters. LIBMILTER: A milter can now request to be informed about rejected recipients (RCPT) too. This requires to set the protocol flag SMFIP_RCPT_REJ during option negotiation. Whether a RCPT has been rejected can be checked by comparing the value of the macro {rcpt_mailer} with "error". LIBMILTER: A milter can now override the list of macros that it wants to receive from the MTA for each protocol step by invoking the function smfi_setsymlist() during option negotiation. LIBMILTER: A milter can receive header field values with all leading spaces by requesting the SMFIP_HDR_LEADSPC protocol action. Also, if the flag is set then the MTA does not add a leading space to headers that are added, inserted, or replaced. LIBMILTER: If a milter sets the reply code to "421" for the HELO callback, the SMTP server will terminate the SMTP session with that error to match the behavior of all other callbacks. New Files: cf/feature/badmx.m4 cf/feature/block_bad_helo.m4 cf/feature/require_rdns.m4 devtools/M4/UNIX/check.m4 include/sm/misc.h include/sm/sendmail.h include/sm/tailq.h libmilter/docs/smfi_addrcpt_par.html libmilter/docs/smfi_setsymlist.html libmilter/docs/xxfi_data.html libmilter/docs/xxfi_negotiate.html libmilter/docs/xxfi_unknown.html libmilter/example.c libmilter/monitor.c libmilter/worker.c libsm/memstat.c libsm/t-memstat.c libsm/t-qic.c libsm/util.c sendmail/daemon.h sendmail/map.h @ text @$NetBSD: patch-ak,v 1.5 2006/09/05 20:01:37 tv Exp $ From: http://www.sendmail.org/patches/client_name.assert.p0 (file path fixed to be relative to source top) Index: srvrsmtp.c =================================================================== RCS file: /cvs/sendmail/srvrsmtp.c,v retrieving revision 8.948 diff -u -r8.948 srvrsmtp.c --- sendmail/srvrsmtp.c 15 Aug 2006 23:24:58 -0000 8.948 +++ sendmail/srvrsmtp.c 24 Aug 2006 16:47:19 -0000 @@@@ -945,7 +945,9 @@@@ char *response; q = macvalue(macid("{client_name}"), e); - SM_ASSERT(q != NULL); + SM_ASSERT(q != NULL || OpMode == MD_SMTP); + if (q == NULL) + q = "localhost"; response = milter_connect(q, RealHostAddr, e, &state); switch (state) { @ 1.5 log @nb1: Add patch at http://www.sendmail.org/patches/client_name.assert.p0. Non-critical, but could cause problems if "sendmail -bs" is used in conjunction with milters. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Update to 8.13.7; changelog below. (8.13.6nb3 already had the security fixes by patch.) While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and INSTALL definitions into the installed share/sendmail/cf/Makefile. 8.13.7/8.13.7 2006/06/14 A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. Problem noted by Frank Sheiness. The changes to the I/O layer in 8.13.6 caused a regression for SASL mechanisms that use the security layer, e.g., DIGEST-MD5. Problem noted by Robert Stampfli. If a timeout occurs while reading a message (during the DATA phase) a df file might have been left behind in the queue. This was another side effect of the changes to the I/O layer made in 8.13.6. Several minor problems have been fixed that were found by a Coverity scan of sendmail 8 as part of the NetBSD distribution. See http://scan.coverity.com/ Note: the scan generated also a lot of "false positives", e.g., "error" reports about situations that cannot happen. Most of those code places are marked with lint(1) comments like NOTREACHED, but Coverity does not understand those. Hence an explicit assertion has been added in some cases to avoid those false positives. If the start of the sendmail daemon fails due to a configuration error then in some cases shared memory segments or pid files were not removed. If DSN support is disabled via access_db, then related ESMTP parameters for MAIL and RCPT should be rejected. Problem reported by Akihiro Sagawa. Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding bug work-around. Hence if sendmail is linked against either of these versions and compression is available, the padding bug work-around is turned off. Based on patch from Victor Duchovni of Morgan Stanley. CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used blackholes.mail-abuse.org as default domain for lookups, however, that list is no longer available. To avoid further problems, no default value is available anymore, but an argument must be specified. Portability: Fix compilation on OSF/1 for sfsasl.c. Patch from Pieter Bowman of the University of Utah. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.3 2006/06/14 18:53:53 adrianp Exp $ d3 20 a22 88 --- sendmail/mime.c.orig 2006-03-01 18:07:45.000000000 +0000 +++ sendmail/mime.c @@@@ -80,6 +80,7 @@@@ static bool MapNLtoCRLF; ** boundaries -- the currently pending message boundaries. ** NULL if we are processing the outer portion. ** flags -- to tweak processing. +** level -- recursion level. ** ** Returns: ** An indicator of what terminated the message part: @@@@ -96,12 +97,13 @@@@ struct args }; int -mime8to7(mci, header, e, boundaries, flags) +mime8to7(mci, header, e, boundaries, flags, level) register MCI *mci; HDR *header; register ENVELOPE *e; char **boundaries; int flags; + int level; { register char *p; int linelen; @@@@ -122,6 +124,18 @@@@ mime8to7(mci, header, e, boundaries, fla char pvpbuf[MAXLINE]; extern unsigned char MimeTokenTab[256]; + if (level > MAXMIMENESTING) + { + if (!bitset(EF_TOODEEP, e->e_flags)) + { + if (tTd(43, 4)) + sm_dprintf("mime8to7: too deep, level=%d\n", + level); + usrerr("mime8to7: recursion level %d exceeded", + level); + e->e_flags |= EF_DONT_MIME|EF_TOODEEP; + } + } if (tTd(43, 1)) { sm_dprintf("mime8to7: flags = %x, boundaries =", flags); @@@@ -242,7 +256,9 @@@@ mime8to7(mci, header, e, boundaries, fla */ if (sm_strcasecmp(type, "multipart") == 0 && - (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags))) + (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) && + !bitset(EF_TOODEEP, e->e_flags) + ) { if (sm_strcasecmp(subtype, "digest") == 0) @@@@ -286,10 +302,13 @@@@ mime8to7(mci, header, e, boundaries, fla } if (i >= MAXMIMENESTING) { - usrerr("mime8to7: multipart nesting boundary too deep"); + if (tTd(43, 4)) + sm_dprintf("mime8to7: too deep, i=%d\n", i); + if (!bitset(EF_TOODEEP, e->e_flags)) + usrerr("mime8to7: multipart nesting boundary too deep"); /* avoid bounce loops */ - e->e_flags |= EF_DONT_MIME; + e->e_flags |= EF_DONT_MIME|EF_TOODEEP; } else { @@@@ -333,7 +352,8 @@@@ mime8to7(mci, header, e, boundaries, fla goto writeerr; if (tTd(43, 101)) putline("+++after putheader", mci); - bt = mime8to7(mci, hdr, e, boundaries, flags); + bt = mime8to7(mci, hdr, e, boundaries, flags, + level + 1); if (bt == SM_IO_EOF) goto writeerr; } @@@@ -374,7 +394,8 @@@@ mime8to7(mci, header, e, boundaries, fla if (sm_strcasecmp(type, "message") == 0) { - if (!wordinclass(subtype, 's')) + if (!wordinclass(subtype, 's') || + bitset(EF_TOODEEP, e->e_flags)) a23 12 flags |= M87F_NO8BIT; } @@@@ -397,7 +418,8 @@@@ mime8to7(mci, header, e, boundaries, fla !bitset(M87F_NO8TO7, flags) && !putline("MIME-Version: 1.0", mci)) goto writeerr; - bt = mime8to7(mci, hdr, e, boundaries, flags); + bt = mime8to7(mci, hdr, e, boundaries, flags, + level + 1); mci->mci_flags &= ~MCIF_INMIME; return bt; } @ 1.3 log @Bump PKGREVISION. A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. @ text @d1 1 a1 1 $NetBSD$ @ 1.3.2.1 log @Pullup ticket 1812 - requested by tv security/bugfix update for sendmail Revisions pulled up: - pkgsrc/mail/sendmail/Makefile 1.91 - pkgsrc/mail/sendmail/Makefile.common 1.37-1.38 - pkgsrc/mail/sendmail/distinfo 1.31-1.32 - pkgsrc/mail/sendmail/patches/patch-aj 1.4 - pkgsrc/mail/sendmail/patches/patch-ak removed - pkgsrc/mail/sendmail/patches/patch-al removed - pkgsrc/mail/sendmail/patches/patch-am removed Module Name: pkgsrc Committed By: tv Date: Fri Jul 7 18:06:28 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile Makefile.common distinfo pkgsrc/mail/sendmail/patches: patch-aj Removed Files: pkgsrc/mail/sendmail/patches: patch-ak patch-al patch-am Log Message: Update to 8.13.7; changelog below. (8.13.6nb3 already had the security fixes by patch.) While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and INSTALL definitions into the installed share/sendmail/cf/Makefile. 8.13.7/8.13.7 2006/06/14 A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. Problem noted by Frank Sheiness. The changes to the I/O layer in 8.13.6 caused a regression for SASL mechanisms that use the security layer, e.g., DIGEST-MD5. Problem noted by Robert Stampfli. If a timeout occurs while reading a message (during the DATA phase) a df file might have been left behind in the queue. This was another side effect of the changes to the I/O layer made in 8.13.6. Several minor problems have been fixed that were found by a Coverity scan of sendmail 8 as part of the NetBSD distribution. See http://scan.coverity.com/ Note: the scan generated also a lot of "false positives", e.g., "error" reports about situations that cannot happen. Most of those code places are marked with lint(1) comments like NOTREACHED, but Coverity does not understand those. Hence an explicit assertion has been added in some cases to avoid those false positives. If the start of the sendmail daemon fails due to a configuration error then in some cases shared memory segments or pid files were not removed. If DSN support is disabled via access_db, then related ESMTP parameters for MAIL and RCPT should be rejected. Problem reported by Akihiro Sagawa. Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding bug work-around. Hence if sendmail is linked against either of these versions and compression is available, the padding bug work-around is turned off. Based on patch from Victor Duchovni of Morgan Stanley. CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used blackholes.mail-abuse.org as default domain for lookups, however, that list is no longer available. To avoid further problems, no default value is available anymore, but an argument must be specified. Portability: Fix compilation on OSF/1 for sfsasl.c. Patch from Pieter Bowman of the University of Utah. --- Module Name: pkgsrc Committed By: tv Date: Wed Aug 9 21:23:00 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile.common distinfo Log Message: Update to 8.13.8. Changes: 8.13.8/8.13.8 2006/08/09 Fix a regression in 8.13.7: if shared memory is activated, then the server can erroneously report that there is insufficient disk space. Additionally make sure that an internal variable is set properly to avoid those misleading errors. Based on patch from Steve Hubert of University of Washington. Fix a regression in 8.13.7: the PidFile could be removed after the process that forks the daemon exited, i.e., if sendmail -bd is invoked. Problem reported by Kan Sasaki of Fusion Communications Corp. and Werner Wiethege. Avoid opening qf files if QueueSortOrder is "none". Patch from David F. Skoll. Avoid a crash when finishing due to referencing a freed variable. Problem reported and diagnosed by Moritz Jodeit. CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4 range (0..255). LIBMILTER: The "hostname" argument of the xxfi_connect() callback previously was the equivalent of {client_ptr}. However, this did not match the documentation of the function, hence it has been changed to {client_name}. See doc/op/op.* about these macros. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.3 2006/06/14 18:53:53 adrianp Exp $ @ 1.2 log @Update to sendmail 8.13.6 > 8.13.6/8.13.6 2006/03/22 > SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server > and client side of sendmail with timeouts in the libsm I/O > layer and fix problems in that code. Also fix handling of > a buffer in sm_syslog() which could have been used as an > attack vector to exploit the unsafe handling of > setjmp(3)/longjmp(3) in combination with signals. > Problem detected by Mark Dowd of ISS X-Force. > Handle theoretical integer overflows that could triggered if > the server accepted headers larger than the maximum > (signed) integer value. This is prevented in the default > configuration by restricting the size of a header, and on > most machines memory allocations would fail before reaching > those values. Problems found by Phil Brass of ISS. > If a server returns 421 for an RSET command when trying to start > another transaction in a session while sending mail, do > not trigger an internal consistency check. Problem found > by Allan E Johannesen of Worcester Polytechnic Institute. > If a server returns a 5xy error code (other than 501) in response > to a STARTTLS command despite the fact that it advertised > STARTTLS and that the code is not valid according to RFC > 2487 treat it nevertheless as a permanent failure instead > of a protocol error (which has been changed to a > temporary error in 8.13.5). Problem reported by Jeff > A. Earickson of Colby College. > Clear SMTP state after a HELO/EHLO command. Patch from John > Myers of Proofpoint. > Observe MinQueueAge option when gathering entries from the queue > for sorting etc instead of waiting until the entries are > processed. Patch from Brian Fundakowski Feldman. > Set up TLS session cache to properly handle clients that try to > resume a stored TLS session. > Properly count the number of (direct) child processes such that > a configured value (MaxDaemonChildren) is not exceeded. > Based on patch from Attila Bruncsak. > LIBMILTER: Remove superfluous backslash in macro definition > (libmilter.h). Based on patch from Mike Kupfer of > Sun Microsystems. > LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. > This generates an error message from libmilter on > Solaris, though other systems appear to just discard the > request silently. > LIBMILTER: Deal with sigwait(2) implementations that return > -1 and set errno instead of returning an error code > directly. Patch from Chris Adams of HiWAAY Informations > Services. > Portability: > Fix compilation checks for closefrom(3) and statvfs(2) > in NetBSD. Problem noted by S. Moonesamy, patch from > Andrew Brown. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.1 2006/01/18 21:00:48 adrianp Exp $ d3 12 a14 9 --- sendmail/readcf.c.orig 2005-09-04 07:15:15.000000000 +0100 +++ sendmail/readcf.c @@@@ -679,7 +679,7 @@@@ readcf(cfname, safe, e) p = strchr(bp, '='); if (p != NULL) *p++ = '\0'; - setuserenv(&bp[1], p); + setuserenviron(&bp[1], p); break; d16 88 a103 1 case 'X': /* mail filter */ @ 1.1 log @Fix build on -HEAD Identified by Jean-Luc Wasmer in PR# 32527 Fixes from -HEAD by christos@@ (setuserenv -> setuserenviron) Bump to nb1 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @Pullup ticket 1644 - requested by adrianp sync sendmail with HEAD Revisions pulled up: - pkgsrc/mail/sendmail/Makefile 1.87 - pkgsrc/mail/sendmail/Makefile.common 1.34 - pkgsrc/mail/sendmail/distinfo 1.28 - pkgsrc/mail/sendmail/patches/patch-ag 1.12 - pkgsrc/mail/sendmail/patches/patch-ai removed - pkgsrc/mail/sendmail/patches/patch-aj removed - pkgsrc/mail/sendmail/patches/patch-ak removed - pkgsrc/mail/sendmail/patches/patch-al removed Module Name: pkgsrc Committed By: adrianp Date: Fri May 12 22:23:09 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile Makefile.common distinfo pkgsrc/mail/sendmail/patches: patch-ag Removed Files: pkgsrc/mail/sendmail/patches: patch-ai patch-aj patch-ak patch-al Log Message: Update to sendmail 8.13.6 > 8.13.6/8.13.6 2006/03/22 > SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server > and client side of sendmail with timeouts in the libsm I/O > layer and fix problems in that code. Also fix handling of > a buffer in sm_syslog() which could have been used as an > attack vector to exploit the unsafe handling of > setjmp(3)/longjmp(3) in combination with signals. > Problem detected by Mark Dowd of ISS X-Force. > Handle theoretical integer overflows that could triggered if > the server accepted headers larger than the maximum > (signed) integer value. This is prevented in the default > configuration by restricting the size of a header, and on > most machines memory allocations would fail before reaching > those values. Problems found by Phil Brass of ISS. > If a server returns 421 for an RSET command when trying to start > another transaction in a session while sending mail, do > not trigger an internal consistency check. Problem found > by Allan E Johannesen of Worcester Polytechnic Institute. > If a server returns a 5xy error code (other than 501) in response > to a STARTTLS command despite the fact that it advertised > STARTTLS and that the code is not valid according to RFC > 2487 treat it nevertheless as a permanent failure instead > of a protocol error (which has been changed to a > temporary error in 8.13.5). Problem reported by Jeff > A. Earickson of Colby College. > Clear SMTP state after a HELO/EHLO command. Patch from John > Myers of Proofpoint. > Observe MinQueueAge option when gathering entries from the queue > for sorting etc instead of waiting until the entries are > processed. Patch from Brian Fundakowski Feldman. > Set up TLS session cache to properly handle clients that try to > resume a stored TLS session. > Properly count the number of (direct) child processes such that > a configured value (MaxDaemonChildren) is not exceeded. > Based on patch from Attila Bruncsak. > LIBMILTER: Remove superfluous backslash in macro definition > (libmilter.h). Based on patch from Mike Kupfer of > Sun Microsystems. > LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. > This generates an error message from libmilter on > Solaris, though other systems appear to just discard the > request silently. > LIBMILTER: Deal with sigwait(2) implementations that return > -1 and set errno instead of returning an error code > directly. Patch from Chris Adams of HiWAAY Informations > Services. > Portability: > Fix compilation checks for closefrom(3) and statvfs(2) > in NetBSD. Problem noted by S. Moonesamy, patch from > Andrew Brown. @ text @d1 1 a1 1 $NetBSD: patch-ak,v 1.1 2006/01/18 21:00:48 adrianp Exp $ @ 1.1.2.2 log @Pullup ticket 1700 - requested by adrianp security fix for sendmail Patch provided by the submitter. Module Name: pkgsrc Committed By: adrianp Date: Wed Jun 14 18:53:54 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile distinfo Added Files: pkgsrc/mail/sendmail/patches: patch-aj patch-ak patch-al patch-am Log Message: Bump PKGREVISION. A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. @ text @d1 1 a1 1 $NetBSD$ d3 9 a11 12 --- sendmail/mime.c.orig 2006-03-01 18:07:45.000000000 +0000 +++ sendmail/mime.c @@@@ -80,6 +80,7 @@@@ static bool MapNLtoCRLF; ** boundaries -- the currently pending message boundaries. ** NULL if we are processing the outer portion. ** flags -- to tweak processing. +** level -- recursion level. ** ** Returns: ** An indicator of what terminated the message part: @@@@ -96,12 +97,13 @@@@ struct args }; d13 1 a13 88 int -mime8to7(mci, header, e, boundaries, flags) +mime8to7(mci, header, e, boundaries, flags, level) register MCI *mci; HDR *header; register ENVELOPE *e; char **boundaries; int flags; + int level; { register char *p; int linelen; @@@@ -122,6 +124,18 @@@@ mime8to7(mci, header, e, boundaries, fla char pvpbuf[MAXLINE]; extern unsigned char MimeTokenTab[256]; + if (level > MAXMIMENESTING) + { + if (!bitset(EF_TOODEEP, e->e_flags)) + { + if (tTd(43, 4)) + sm_dprintf("mime8to7: too deep, level=%d\n", + level); + usrerr("mime8to7: recursion level %d exceeded", + level); + e->e_flags |= EF_DONT_MIME|EF_TOODEEP; + } + } if (tTd(43, 1)) { sm_dprintf("mime8to7: flags = %x, boundaries =", flags); @@@@ -242,7 +256,9 @@@@ mime8to7(mci, header, e, boundaries, fla */ if (sm_strcasecmp(type, "multipart") == 0 && - (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags))) + (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) && + !bitset(EF_TOODEEP, e->e_flags) + ) { if (sm_strcasecmp(subtype, "digest") == 0) @@@@ -286,10 +302,13 @@@@ mime8to7(mci, header, e, boundaries, fla } if (i >= MAXMIMENESTING) { - usrerr("mime8to7: multipart nesting boundary too deep"); + if (tTd(43, 4)) + sm_dprintf("mime8to7: too deep, i=%d\n", i); + if (!bitset(EF_TOODEEP, e->e_flags)) + usrerr("mime8to7: multipart nesting boundary too deep"); /* avoid bounce loops */ - e->e_flags |= EF_DONT_MIME; + e->e_flags |= EF_DONT_MIME|EF_TOODEEP; } else { @@@@ -333,7 +352,8 @@@@ mime8to7(mci, header, e, boundaries, fla goto writeerr; if (tTd(43, 101)) putline("+++after putheader", mci); - bt = mime8to7(mci, hdr, e, boundaries, flags); + bt = mime8to7(mci, hdr, e, boundaries, flags, + level + 1); if (bt == SM_IO_EOF) goto writeerr; } @@@@ -374,7 +394,8 @@@@ mime8to7(mci, header, e, boundaries, fla if (sm_strcasecmp(type, "message") == 0) { - if (!wordinclass(subtype, 's')) + if (!wordinclass(subtype, 's') || + bitset(EF_TOODEEP, e->e_flags)) { flags |= M87F_NO8BIT; } @@@@ -397,7 +418,8 @@@@ mime8to7(mci, header, e, boundaries, fla !bitset(M87F_NO8TO7, flags) && !putline("MIME-Version: 1.0", mci)) goto writeerr; - bt = mime8to7(mci, hdr, e, boundaries, flags); + bt = mime8to7(mci, hdr, e, boundaries, flags, + level + 1); mci->mci_flags &= ~MCIF_INMIME; return bt; } @