head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.162 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.4.0.160 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.4.0.158 pkgsrc-2025Q3-base:1.4 pkgsrc-2025Q2:1.4.0.156 pkgsrc-2025Q2-base:1.4 pkgsrc-2025Q1:1.4.0.154 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.4.0.152 pkgsrc-2024Q4-base:1.4 pkgsrc-2024Q3:1.4.0.150 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.148 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.146 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.4.0.144 pkgsrc-2023Q4-base:1.4 pkgsrc-2023Q3:1.4.0.142 pkgsrc-2023Q3-base:1.4 pkgsrc-2023Q2:1.4.0.140 pkgsrc-2023Q2-base:1.4 pkgsrc-2023Q1:1.4.0.138 pkgsrc-2023Q1-base:1.4 pkgsrc-2022Q4:1.4.0.136 pkgsrc-2022Q4-base:1.4 pkgsrc-2022Q3:1.4.0.134 pkgsrc-2022Q3-base:1.4 pkgsrc-2022Q2:1.4.0.132 pkgsrc-2022Q2-base:1.4 pkgsrc-2022Q1:1.4.0.130 pkgsrc-2022Q1-base:1.4 pkgsrc-2021Q4:1.4.0.128 pkgsrc-2021Q4-base:1.4 pkgsrc-2021Q3:1.4.0.126 pkgsrc-2021Q3-base:1.4 pkgsrc-2021Q2:1.4.0.124 pkgsrc-2021Q2-base:1.4 pkgsrc-2021Q1:1.4.0.122 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.120 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.118 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.4.0.114 pkgsrc-2020Q2-base:1.4 pkgsrc-2020Q1:1.4.0.94 pkgsrc-2020Q1-base:1.4 pkgsrc-2019Q4:1.4.0.116 pkgsrc-2019Q4-base:1.4 pkgsrc-2019Q3:1.4.0.112 pkgsrc-2019Q3-base:1.4 pkgsrc-2019Q2:1.4.0.110 pkgsrc-2019Q2-base:1.4 pkgsrc-2019Q1:1.4.0.108 pkgsrc-2019Q1-base:1.4 pkgsrc-2018Q4:1.4.0.106 pkgsrc-2018Q4-base:1.4 pkgsrc-2018Q3:1.4.0.104 pkgsrc-2018Q3-base:1.4 pkgsrc-2018Q2:1.4.0.102 pkgsrc-2018Q2-base:1.4 pkgsrc-2018Q1:1.4.0.100 pkgsrc-2018Q1-base:1.4 pkgsrc-2017Q4:1.4.0.98 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.96 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.92 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.4.0.90 pkgsrc-2017Q1-base:1.4 pkgsrc-2016Q4:1.4.0.88 pkgsrc-2016Q4-base:1.4 pkgsrc-2016Q3:1.4.0.86 pkgsrc-2016Q3-base:1.4 pkgsrc-2016Q2:1.4.0.84 pkgsrc-2016Q2-base:1.4 pkgsrc-2016Q1:1.4.0.82 pkgsrc-2016Q1-base:1.4 pkgsrc-2015Q4:1.4.0.80 pkgsrc-2015Q4-base:1.4 pkgsrc-2015Q3:1.4.0.78 pkgsrc-2015Q3-base:1.4 pkgsrc-2015Q2:1.4.0.76 pkgsrc-2015Q2-base:1.4 pkgsrc-2015Q1:1.4.0.74 pkgsrc-2015Q1-base:1.4 pkgsrc-2014Q4:1.4.0.72 pkgsrc-2014Q4-base:1.4 pkgsrc-2014Q3:1.4.0.70 pkgsrc-2014Q3-base:1.4 pkgsrc-2014Q2:1.4.0.68 pkgsrc-2014Q2-base:1.4 pkgsrc-2014Q1:1.4.0.66 pkgsrc-2014Q1-base:1.4 pkgsrc-2013Q4:1.4.0.64 pkgsrc-2013Q4-base:1.4 pkgsrc-2013Q3:1.4.0.62 pkgsrc-2013Q3-base:1.4 pkgsrc-2013Q2:1.4.0.60 pkgsrc-2013Q2-base:1.4 pkgsrc-2013Q1:1.4.0.58 pkgsrc-2013Q1-base:1.4 pkgsrc-2012Q4:1.4.0.56 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q3:1.4.0.54 pkgsrc-2012Q3-base:1.4 pkgsrc-2012Q2:1.4.0.52 pkgsrc-2012Q2-base:1.4 pkgsrc-2012Q1:1.4.0.50 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.48 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.46 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.44 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.42 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.40 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.38 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.36 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.34 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.32 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.30 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q2:1.4.0.28 pkgsrc-2009Q2-base:1.4 pkgsrc-2009Q1:1.4.0.26 pkgsrc-2009Q1-base:1.4 pkgsrc-2008Q4:1.4.0.24 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.22 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.20 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.18 pkgsrc-2008Q2-base:1.4 cwrapper:1.4.0.16 pkgsrc-2008Q1:1.4.0.14 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.12 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.10 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.8 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.6 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.4 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.2 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.3.0.2 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.1.0.2 pkgsrc-2006Q1-base:1.1; locks; strict; comment @# @; 1.4 date 2006.07.07.18.06.28; author tv; state Exp; branches; next 1.3; 1.3 date 2006.06.14.18.53.53; author adrianp; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2006.05.12.22.23.09; author adrianp; state dead; branches; next 1.1; 1.1 date 2006.01.18.21.00.48; author adrianp; state Exp; branches 1.1.2.1; next ; 1.3.2.1 date 2006.08.29.06.53.23; author ghen; state Exp; branches; next ; 1.1.2.1 date 2006.05.22.14.15.27; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.06.14.21.06.26; author salo; state Exp; branches; next ; desc @@ 1.4 log @Update to 8.13.7; changelog below. (8.13.6nb3 already had the security fixes by patch.) While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and INSTALL definitions into the installed share/sendmail/cf/Makefile. 8.13.7/8.13.7 2006/06/14 A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. Problem noted by Frank Sheiness. The changes to the I/O layer in 8.13.6 caused a regression for SASL mechanisms that use the security layer, e.g., DIGEST-MD5. Problem noted by Robert Stampfli. If a timeout occurs while reading a message (during the DATA phase) a df file might have been left behind in the queue. This was another side effect of the changes to the I/O layer made in 8.13.6. Several minor problems have been fixed that were found by a Coverity scan of sendmail 8 as part of the NetBSD distribution. See http://scan.coverity.com/ Note: the scan generated also a lot of "false positives", e.g., "error" reports about situations that cannot happen. Most of those code places are marked with lint(1) comments like NOTREACHED, but Coverity does not understand those. Hence an explicit assertion has been added in some cases to avoid those false positives. If the start of the sendmail daemon fails due to a configuration error then in some cases shared memory segments or pid files were not removed. If DSN support is disabled via access_db, then related ESMTP parameters for MAIL and RCPT should be rejected. Problem reported by Akihiro Sagawa. Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding bug work-around. Hence if sendmail is linked against either of these versions and compression is available, the padding bug work-around is turned off. Based on patch from Victor Duchovni of Morgan Stanley. CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used blackholes.mail-abuse.org as default domain for lookups, however, that list is no longer available. To avoid further problems, no default value is available anymore, but an argument must be specified. Portability: Fix compilation on OSF/1 for sfsasl.c. Patch from Pieter Bowman of the University of Utah. @ text @$NetBSD$ --- cf/cf/Makefile.orig 2005-06-13 22:16:34.000000000 -0400 +++ cf/cf/Makefile @@@@ -25,10 +25,10 @@@@ CHMOD= chmod ROMODE= 444 RM= rm -f # use our own install program; should be really confINSTALL -INSTALL=../../devtools/bin/install.sh +INSTALL=@@@@INSTALL@@@@ # CF file ownership/permissions -CFOWN=root -CFGRP=bin +CFOWN=@@@@BINOWN@@@@ +CFGRP=@@@@BINGRP@@@@ CFMODE=0444 @ 1.3 log @Bump PKGREVISION. A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. @ text @d3 14 a16 13 --- sendmail/deliver.c.orig 2006-03-02 01:37:39.000000000 +0000 +++ sendmail/deliver.c @@@@ -4623,7 +4623,7 @@@@ putbody(mci, e, separator) /* now do the hard work */ boundaries[0] = NULL; mci->mci_flags |= MCIF_INHEADER; - if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) == + if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) == SM_IO_EOF) goto writeerr; } @@@@ -4654,7 +4654,7 @@@@ putbody(mci, e, separator) SuprErrs = true; a17 4 if (mime8to7(mci, e->e_header, e, boundaries, - M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF) + M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF) goto writeerr; a18 1 /* restore SuprErrs */ @ 1.3.2.1 log @Pullup ticket 1812 - requested by tv security/bugfix update for sendmail Revisions pulled up: - pkgsrc/mail/sendmail/Makefile 1.91 - pkgsrc/mail/sendmail/Makefile.common 1.37-1.38 - pkgsrc/mail/sendmail/distinfo 1.31-1.32 - pkgsrc/mail/sendmail/patches/patch-aj 1.4 - pkgsrc/mail/sendmail/patches/patch-ak removed - pkgsrc/mail/sendmail/patches/patch-al removed - pkgsrc/mail/sendmail/patches/patch-am removed Module Name: pkgsrc Committed By: tv Date: Fri Jul 7 18:06:28 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile Makefile.common distinfo pkgsrc/mail/sendmail/patches: patch-aj Removed Files: pkgsrc/mail/sendmail/patches: patch-ak patch-al patch-am Log Message: Update to 8.13.7; changelog below. (8.13.6nb3 already had the security fixes by patch.) While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and INSTALL definitions into the installed share/sendmail/cf/Makefile. 8.13.7/8.13.7 2006/06/14 A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. Problem noted by Frank Sheiness. The changes to the I/O layer in 8.13.6 caused a regression for SASL mechanisms that use the security layer, e.g., DIGEST-MD5. Problem noted by Robert Stampfli. If a timeout occurs while reading a message (during the DATA phase) a df file might have been left behind in the queue. This was another side effect of the changes to the I/O layer made in 8.13.6. Several minor problems have been fixed that were found by a Coverity scan of sendmail 8 as part of the NetBSD distribution. See http://scan.coverity.com/ Note: the scan generated also a lot of "false positives", e.g., "error" reports about situations that cannot happen. Most of those code places are marked with lint(1) comments like NOTREACHED, but Coverity does not understand those. Hence an explicit assertion has been added in some cases to avoid those false positives. If the start of the sendmail daemon fails due to a configuration error then in some cases shared memory segments or pid files were not removed. If DSN support is disabled via access_db, then related ESMTP parameters for MAIL and RCPT should be rejected. Problem reported by Akihiro Sagawa. Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding bug work-around. Hence if sendmail is linked against either of these versions and compression is available, the padding bug work-around is turned off. Based on patch from Victor Duchovni of Morgan Stanley. CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used blackholes.mail-abuse.org as default domain for lookups, however, that list is no longer available. To avoid further problems, no default value is available anymore, but an argument must be specified. Portability: Fix compilation on OSF/1 for sfsasl.c. Patch from Pieter Bowman of the University of Utah. --- Module Name: pkgsrc Committed By: tv Date: Wed Aug 9 21:23:00 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile.common distinfo Log Message: Update to 8.13.8. Changes: 8.13.8/8.13.8 2006/08/09 Fix a regression in 8.13.7: if shared memory is activated, then the server can erroneously report that there is insufficient disk space. Additionally make sure that an internal variable is set properly to avoid those misleading errors. Based on patch from Steve Hubert of University of Washington. Fix a regression in 8.13.7: the PidFile could be removed after the process that forks the daemon exited, i.e., if sendmail -bd is invoked. Problem reported by Kan Sasaki of Fusion Communications Corp. and Werner Wiethege. Avoid opening qf files if QueueSortOrder is "none". Patch from David F. Skoll. Avoid a crash when finishing due to referencing a freed variable. Problem reported and diagnosed by Moritz Jodeit. CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4 range (0..255). LIBMILTER: The "hostname" argument of the xxfi_connect() callback previously was the equivalent of {client_ptr}. However, this did not match the documentation of the function, hence it has been changed to {client_name}. See doc/op/op.* about these macros. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.4 2006/07/07 18:06:28 tv Exp $ d3 13 a15 14 --- cf/cf/Makefile.orig 2005-06-13 22:16:34.000000000 -0400 +++ cf/cf/Makefile @@@@ -25,10 +25,10 @@@@ CHMOD= chmod ROMODE= 444 RM= rm -f # use our own install program; should be really confINSTALL -INSTALL=../../devtools/bin/install.sh +INSTALL=@@@@INSTALL@@@@ # CF file ownership/permissions -CFOWN=root -CFGRP=bin +CFOWN=@@@@BINOWN@@@@ +CFGRP=@@@@BINGRP@@@@ CFMODE=0444 d17 4 d22 1 @ 1.2 log @Update to sendmail 8.13.6 > 8.13.6/8.13.6 2006/03/22 > SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server > and client side of sendmail with timeouts in the libsm I/O > layer and fix problems in that code. Also fix handling of > a buffer in sm_syslog() which could have been used as an > attack vector to exploit the unsafe handling of > setjmp(3)/longjmp(3) in combination with signals. > Problem detected by Mark Dowd of ISS X-Force. > Handle theoretical integer overflows that could triggered if > the server accepted headers larger than the maximum > (signed) integer value. This is prevented in the default > configuration by restricting the size of a header, and on > most machines memory allocations would fail before reaching > those values. Problems found by Phil Brass of ISS. > If a server returns 421 for an RSET command when trying to start > another transaction in a session while sending mail, do > not trigger an internal consistency check. Problem found > by Allan E Johannesen of Worcester Polytechnic Institute. > If a server returns a 5xy error code (other than 501) in response > to a STARTTLS command despite the fact that it advertised > STARTTLS and that the code is not valid according to RFC > 2487 treat it nevertheless as a permanent failure instead > of a protocol error (which has been changed to a > temporary error in 8.13.5). Problem reported by Jeff > A. Earickson of Colby College. > Clear SMTP state after a HELO/EHLO command. Patch from John > Myers of Proofpoint. > Observe MinQueueAge option when gathering entries from the queue > for sorting etc instead of waiting until the entries are > processed. Patch from Brian Fundakowski Feldman. > Set up TLS session cache to properly handle clients that try to > resume a stored TLS session. > Properly count the number of (direct) child processes such that > a configured value (MaxDaemonChildren) is not exceeded. > Based on patch from Attila Bruncsak. > LIBMILTER: Remove superfluous backslash in macro definition > (libmilter.h). Based on patch from Mike Kupfer of > Sun Microsystems. > LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. > This generates an error message from libmilter on > Solaris, though other systems appear to just discard the > request silently. > LIBMILTER: Deal with sigwait(2) implementations that return > -1 and set errno instead of returning an error code > directly. Patch from Chris Adams of HiWAAY Informations > Services. > Portability: > Fix compilation checks for closefrom(3) and statvfs(2) > in NetBSD. Problem noted by S. Moonesamy, patch from > Andrew Brown. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.1 2006/01/18 21:00:48 adrianp Exp $ d3 10 a12 3 --- sendmail/main.c.orig 2004-06-17 17:39:21.000000000 +0100 +++ sendmail/main.c @@@@ -649,7 +649,7 @@@@ main(argc, argv, envp) d14 2 d17 4 a20 3 /* prime the child environment */ - setuserenv("AGENT", "sendmail"); + setuserenviron("AGENT", "sendmail"); d22 1 a22 40 (void) sm_signal(SIGPIPE, SIG_IGN); OldUmask = umask(022); @@@@ -1318,9 +1318,9 @@@@ main(argc, argv, envp) if (TimeZoneSpec == NULL) unsetenv("TZ"); else if (TimeZoneSpec[0] != '\0') - setuserenv("TZ", TimeZoneSpec); + setuserenviron("TZ", TimeZoneSpec); else - setuserenv("TZ", NULL); + setuserenviron("TZ", NULL); tzset(); /* initialize mailbox database */ @@@@ -3446,14 +3446,14 @@@@ getextenv(envar) ** value -- the value to which it should be set. If ** null, this is extracted from the incoming ** environment. If that is not set, the call -** to setuserenv is ignored. +** to setuserenviron is ignored. ** ** Returns: ** none. */ void -setuserenv(envar, value) +setuserenviron(envar, value) const char *envar; const char *value; { @@@@ -3488,7 +3488,7 @@@@ setuserenv(envar, value) /* make sure it is in our environment as well */ if (putenv(p) < 0) - syserr("setuserenv: putenv(%s) failed", p); + syserr("setuserenviron: putenv(%s) failed", p); } /* ** DUMPSTATE -- dump state @ 1.1 log @Fix build on -HEAD Identified by Jean-Luc Wasmer in PR# 32527 Fixes from -HEAD by christos@@ (setuserenv -> setuserenviron) Bump to nb1 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @Pullup ticket 1644 - requested by adrianp sync sendmail with HEAD Revisions pulled up: - pkgsrc/mail/sendmail/Makefile 1.87 - pkgsrc/mail/sendmail/Makefile.common 1.34 - pkgsrc/mail/sendmail/distinfo 1.28 - pkgsrc/mail/sendmail/patches/patch-ag 1.12 - pkgsrc/mail/sendmail/patches/patch-ai removed - pkgsrc/mail/sendmail/patches/patch-aj removed - pkgsrc/mail/sendmail/patches/patch-ak removed - pkgsrc/mail/sendmail/patches/patch-al removed Module Name: pkgsrc Committed By: adrianp Date: Fri May 12 22:23:09 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile Makefile.common distinfo pkgsrc/mail/sendmail/patches: patch-ag Removed Files: pkgsrc/mail/sendmail/patches: patch-ai patch-aj patch-ak patch-al Log Message: Update to sendmail 8.13.6 > 8.13.6/8.13.6 2006/03/22 > SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server > and client side of sendmail with timeouts in the libsm I/O > layer and fix problems in that code. Also fix handling of > a buffer in sm_syslog() which could have been used as an > attack vector to exploit the unsafe handling of > setjmp(3)/longjmp(3) in combination with signals. > Problem detected by Mark Dowd of ISS X-Force. > Handle theoretical integer overflows that could triggered if > the server accepted headers larger than the maximum > (signed) integer value. This is prevented in the default > configuration by restricting the size of a header, and on > most machines memory allocations would fail before reaching > those values. Problems found by Phil Brass of ISS. > If a server returns 421 for an RSET command when trying to start > another transaction in a session while sending mail, do > not trigger an internal consistency check. Problem found > by Allan E Johannesen of Worcester Polytechnic Institute. > If a server returns a 5xy error code (other than 501) in response > to a STARTTLS command despite the fact that it advertised > STARTTLS and that the code is not valid according to RFC > 2487 treat it nevertheless as a permanent failure instead > of a protocol error (which has been changed to a > temporary error in 8.13.5). Problem reported by Jeff > A. Earickson of Colby College. > Clear SMTP state after a HELO/EHLO command. Patch from John > Myers of Proofpoint. > Observe MinQueueAge option when gathering entries from the queue > for sorting etc instead of waiting until the entries are > processed. Patch from Brian Fundakowski Feldman. > Set up TLS session cache to properly handle clients that try to > resume a stored TLS session. > Properly count the number of (direct) child processes such that > a configured value (MaxDaemonChildren) is not exceeded. > Based on patch from Attila Bruncsak. > LIBMILTER: Remove superfluous backslash in macro definition > (libmilter.h). Based on patch from Mike Kupfer of > Sun Microsystems. > LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets. > This generates an error message from libmilter on > Solaris, though other systems appear to just discard the > request silently. > LIBMILTER: Deal with sigwait(2) implementations that return > -1 and set errno instead of returning an error code > directly. Patch from Chris Adams of HiWAAY Informations > Services. > Portability: > Fix compilation checks for closefrom(3) and statvfs(2) > in NetBSD. Problem noted by S. Moonesamy, patch from > Andrew Brown. @ text @d1 1 a1 1 $NetBSD: patch-aj,v 1.1 2006/01/18 21:00:48 adrianp Exp $ @ 1.1.2.2 log @Pullup ticket 1700 - requested by adrianp security fix for sendmail Patch provided by the submitter. Module Name: pkgsrc Committed By: adrianp Date: Wed Jun 14 18:53:54 UTC 2006 Modified Files: pkgsrc/mail/sendmail: Makefile distinfo Added Files: pkgsrc/mail/sendmail/patches: patch-aj patch-ak patch-al patch-am Log Message: Bump PKGREVISION. A malformed MIME structure with many parts can cause sendmail to crash while trying to send a mail due to a stack overflow, e.g., if the stack size is limited (ulimit -s). This happens because the recursion of the function mime8to7() was not restricted. The function is called for MIME 8 to 7 bit conversion and also to enforce MaxMimeHeaderLength. To work around this problem, recursive calls are limited to a depth of MAXMIMENESTING (20); message content after this limit is treated as opaque and is not checked further. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 10 --- sendmail/deliver.c.orig 2006-03-02 01:37:39.000000000 +0000 +++ sendmail/deliver.c @@@@ -4623,7 +4623,7 @@@@ putbody(mci, e, separator) /* now do the hard work */ boundaries[0] = NULL; mci->mci_flags |= MCIF_INHEADER; - if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) == + if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) == SM_IO_EOF) goto writeerr; a6 2 @@@@ -4654,7 +4654,7 @@@@ putbody(mci, e, separator) SuprErrs = true; d8 3 a10 4 if (mime8to7(mci, e->e_header, e, boundaries, - M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF) + M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF) goto writeerr; d12 40 a51 1 /* restore SuprErrs */ @