head 1.5; access; symbols pkgsrc-2026Q1:1.5.0.2 pkgsrc-2026Q1-base:1.5 pkgsrc-2025Q4:1.4.0.16 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.4.0.14 pkgsrc-2025Q3-base:1.4 pkgsrc-2025Q2:1.4.0.12 pkgsrc-2025Q2-base:1.4 pkgsrc-2025Q1:1.4.0.10 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.4.0.8 pkgsrc-2024Q4-base:1.4 pkgsrc-2024Q3:1.4.0.6 pkgsrc-2024Q3-base:1.4 pkgsrc-2024Q2:1.4.0.4 pkgsrc-2024Q2-base:1.4 pkgsrc-2024Q1:1.4.0.2 pkgsrc-2024Q1-base:1.4 pkgsrc-2023Q4:1.2.0.20 pkgsrc-2023Q4-base:1.2 pkgsrc-2023Q3:1.2.0.18 pkgsrc-2023Q3-base:1.2 pkgsrc-2023Q2:1.2.0.16 pkgsrc-2023Q2-base:1.2 pkgsrc-2023Q1:1.2.0.14 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.12 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.10 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.8 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.6 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.4 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.2 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.1.0.58 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.56 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.54 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.52 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.48 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.28 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.50 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.46 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.44 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.42 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.40 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.38 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.36 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.34 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.32 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.30 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.26 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.24 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.22 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.20 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.18 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.16 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.14 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.12 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.10 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.8 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.6 pkgsrc-2014Q4-base:1.1 pkgsrc-2014Q3:1.1.0.4 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.2 pkgsrc-2014Q2-base:1.1; locks; strict; comment @# @; 1.5 date 2026.03.02.07.39.29; author jnemeth; state Exp; branches; next 1.4; commitid hRaoxTwMYU3L7nwG; 1.4 date 2024.02.12.03.23.06; author jnemeth; state Exp; branches; next 1.3; commitid jhDAzIcn7w9vN5YE; 1.3 date 2024.01.15.04.43.22; author jnemeth; state Exp; branches; next 1.2; commitid ibRTU6YcoLIM7vUE; 1.2 date 2021.07.04.07.57.13; author jnemeth; state Exp; branches; next 1.1; commitid L27iNpThA37ZWDZC; 1.1 date 2014.06.15.20.48.50; author jnemeth; state Exp; branches; next ; commitid y0gYCG4vNLA71FEx; desc @@ 1.5 log @Update to sendmail 8.18.2 pkgsrc changes: - fix one thing related to resn - convert from NetBSD's old blocklistd to blacklistd NOTE: UseBlocklist is now UseBlacklist SENDMAIL RELEASE NOTES This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 8.18.2/8.18.2 2025/12/27 Avoid adding a second To: header to DSNs, instead any additional addresses are appended to an existing To: header (this also applies to Cc: and Bcc:). Fix matching of wildcard SANs in the experimental support for SMTP MTA Strict Transport Security (MTA-STS). Problem reported by Dilyan Palauzo. The experimental support for SMTP MTA Strict Transport Security has been significantly rewritten to handle the problems caused by it being tied to the domain of a RCPT address (instead to an SMTP server for all the domains it handles - compare DANE). The most visible change is that an SMTP transaction where the first RCPT has an STS policy will have only RCPTs with the same domain instead of all RCPTs going to the same servers (MX). Accordingly, MTA-STS can be disabled per RCPT domain by adding access map entries of the form STS:domain NO Successful deliveries to RCPTs which have an STS policy show STS=OK in the to=... stat=Sent log entry. If an STS policy for a RCPT could not be fulfilled then the RCPT is not being sent and an error containing the string "STS" is logged. MaxQueueAge is now observed for all types of QueueSortOrder even those which internally skip some code (including the MaxQueueAge check). On some systems the rejection of a RCPT by a milter could silently be ignored. Increase size for an internal buffer which can contain AUTH data because XOAUTH2 could use very long tokens. Patch from Frank Schmirler. Portability: Add support for Darwin 24 and 25. LIBSM: Fix compilation of vfscanf.c with gcc-15. Problem reported by Jaroslav Škarvada of RedHat. MAILSTATS: Fix compilation with gcc-15. Problem reported by Jaroslav Škarvada of RedHat. New Files: cf/feature/same_domain_only.m4 devtools/OS/Darwin.24.x devtools/OS/Darwin.25.x @ text @$NetBSD$ --- sendmail/domain.c.orig 2025-11-26 16:02:45.000000000 +0000 +++ sendmail/domain.c @@@@ -27,6 +27,7 @@@@ SM_RCSID("@@(#)$Id: domain.c,v 8.205 2013 #endif #if NAMED_BIND +extern struct __res_state sm_res; # include # include "sm_resolve.h" # if DANE @@@@ -51,7 +52,7 @@@@ static char MXHostBuf[MXHOSTBUFSIZE]; # endif # ifndef RES_DNSRCH_VARIABLE -# define RES_DNSRCH_VARIABLE _res.dnsrch +# define RES_DNSRCH_VARIABLE sm_res.dnsrch # endif # ifndef HFIXEDSZ @@@@ -877,9 +878,9 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r # if DANE cname2mx = false; qname[0] = '\0'; - old_options = _res.options; + old_options = sm_res.options; if (ad) - _res.options |= SM_RES_DNSSEC; + sm_res.options |= SM_RES_DNSSEC; # endif if ((fallbackMX != NULL && (flags & DROPLOCALHOST) != 0 && @@@@ -1040,7 +1041,7 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r # endif if (type != T_MX) { - if ((tTd(8, 8) || _res.options & RES_DEBUG) + if ((tTd(8, 8) || sm_res.options & RES_DEBUG) # if DANE && type != T_RRSIG # endif @@@@ -1378,13 +1379,13 @@@@ punt: } done: # if DANE - _res.options = old_options; + sm_res.options = old_options; # endif return nmx; error: # if DANE - _res.options = old_options; + sm_res.options = old_options; # endif return -1; } @@@@ -1454,7 +1455,7 @@@@ bestmx_map_lookup(map, name, av, statp) int *statp; { int nmx; - int saveopts = _res.options; + int saveopts = sm_res.options; int i; ssize_t len = 0; char *result; @@@@ -1466,9 +1467,9 @@@@ bestmx_map_lookup(map, name, av, statp) char buf[PSBUFSIZE / 2]; # endif - _res.options &= ~(RES_DNSRCH|RES_DEFNAMES); + sm_res.options &= ~(RES_DNSRCH|RES_DEFNAMES); nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1, NULL); - _res.options = saveopts; + sm_res.options = saveopts; if (nmx <= 0) return NULL; if (bitset(MF_MATCHONLY, map->map_mflags)) @@@@ -1621,22 +1622,28 @@@@ dns_getcanonname(host, hbsize, trymx, st if (tTd(8, 2)) sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx); - if (!bitset(RES_INIT, _res.options) && res_init() == -1) - { - if (LogLevel > 7) - sm_syslog(LOG_ERR, NOQID, - "res_init()=failed, h_errno=%d", h_errno); - *statp = EX_UNAVAILABLE; -# if _FFR_DNS_ERR_NAME - DNSErrName = sm_strdup(host); + if ((sm_res.options & RES_INIT) == 0) { +# if NAMED_RESN + memset(&sm_res, 0, sizeof(sm_res)); + if (res_ninit(&sm_res) == -1) { +# else + if (res_init() == -1) { # endif - return HOST_NOTFOUND; + if (LogLevel > 7) + sm_syslog(LOG_ERR, NOQID, + "res_init()=failed, h_errno=%d", h_errno); + *statp = EX_UNAVAILABLE; + # if _FFR_DNS_ERR_NAME + DNSErrName = sm_strdup(host); + # endif + return HOST_NOTFOUND; + } } # if DANE - old_options = _res.options; + old_options = sm_res.options; if (DANE_SECURE == Dane) - _res.options |= SM_RES_DNSSEC; + sm_res.options |= SM_RES_DNSSEC; # endif *statp = EX_OK; @@@@ -1686,7 +1693,7 @@@@ cnameloop: searchlist[sli++] = NameSearchList; } # endif - if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options)) + if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, sm_res.options)) { /* make sure there are less than MAXDNSRCH domains */ for (domain = RES_DNSRCH_VARIABLE, ret = 0; @@@@ -1694,10 +1701,10 @@@@ cnameloop: ret++) searchlist[sli++] = *domain++; } - else if (n == 0 && bitset(RES_DEFNAMES, _res.options)) + else if (n == 0 && bitset(RES_DEFNAMES, sm_res.options)) { SM_ASSERT(sli < SLSIZE); - searchlist[sli++] = _res.defdname; + searchlist[sli++] = sm_res.defdname; } else if (*cp == '.') { @@@@ -2003,13 +2010,13 @@@@ nexttype: if (ttl > 0 && pttl != NULL) *pttl = ttl; # if DANE - _res.options = old_options; + sm_res.options = old_options; # endif return ad ? HOST_SECURE : HOST_OK; error: # if DANE - _res.options = old_options; + sm_res.options = old_options; # endif # if _FFR_DNS_ERR_NAME DNSErrName = sm_strdup(host); @ 1.4 log @Update to sendmail 8.18.1. Main changes are: - stricter RFC compliance to close some security issues - FIPS 3 support - full DANE support SENDMAIL RELEASE NOTES This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 8.18.1/8.18.1 2024/01/31 sendmail is now stricter in following the RFCs and rejects some invalid input with respect to line endings and pipelining: - Prevent transaction stuffing by ensuring SMTP clients wait for the HELO/EHLO and DATA response before sending further SMTP commands. This can be disabled using the new srv_features option 'F'. Issue reported by Yepeng Pan and Christian Rossow from CISPA Helmholtz Center for Information Security. - Accept only CRLF . CRLF as end of an SMTP message as required by the RFCs, which can disabled by the new srv_features option 'O'. - Do not accept a CR or LF except in the combination CRLF (as required by the RFCs). These checks can be disabled by the new srv_features options 'U' and 'G', respectively. In this case it is suggested to use 'u2' and 'g2' instead so the server replaces offending bare CR or bare LF with a space. It is recommended to only turn these protections off for trusted networks due to the potential for abuse. Full DANE support is available if OpenSSL versions 1.1.1 or 3.x are used, i.e., TLSA RR 2-x-y and 3-x-y are supported as required by RFC 7672. OpenSSL version 3.0.x is supported. Note: OpenSSL 3 loads by default an openssl.cnf file from a location specified in the library which may cause unwanted behaviour in sendmail. Hence sendmail sets the environment variable OPENSSL_CONF to /etc/mail/sendmail.ossl to override the default. The file name can be changed by defining confOPENSSL_CNF in the mc file; using an empty value prevents setting OPENSSL_CONF. Note: referring to a file which does not exist does not cause an an error. Two new values have been added for {verify}: "DANE_TEMP": DANE verification failed temporarily. "DANE_NOTLS": DANE was required but STARTTLS was not offered by the server. The default rules return a temporary error for these cases, so delivery is not attempted. If the TLS setup code in the client fails and DANE requirements exist then {verify} will be set to "DANE_TEMP" thus preventing delivery by default. DANE related logging has been slightly changed for clarification: "DANE configured in DNS but no STARTTLS available" changed to "DANE configured in DNS but STARTTLS not offered" When the compile time option USE_EAI is enabled, vacation could fail to respond when it should (the code change in 8.17.2 was incomplete). Problem reported by Alex Hautequest. If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command the parsing of UTF8 addresses could fail (USE_EAI). If a reply to a previous RCPT was received while sending another RCPT in pipelining mode then parts of the reply could have been assigned to the wrong RCPT. New DontBlameSendmail option CertOwner to relax requirement for certificate public and private key ownership. Based on suggestion from Marius Strobl of the FreeBSD project. clt_features was not checked for connections via Unix domain sockets. CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies from DNS lookups thus potentially causing random "false negatives". Note: the fix creates an incompatibility: the arguments must not have a trailing dot anymore because the -a. option has been removed (as it only applies to the entire result, not individual values). CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3. VACATION: Add support for Return-Path header to set sender to match OpenBSD and NetBSD functionality. VACATION: Honor RFC3834 and avoid an auto-reply if 'Auto-Submitted: no' is found in the headers to match OpenBSD and NetBSD functionality. VACATION: Avoid an auto-reply if a 'List-Id:' is found in the headers to match OpenBSD functionality. VACATION: Add support for $SUBJECT in .vacation.msg which is replaced with the first line of the subject of the original message to match OpenBSD and NetBSD functionality. Portability: Add support for Darwin 23. New Files: cf/feature/fips3.m4 devtools/OS/Darwin.23.x @ text @d3 1 a3 1 --- sendmail/domain.c.orig 2024-01-31 06:38:32.000000000 +0000 d5 2 a6 2 @@@@ -23,6 +23,7 @@@@ SM_RCSID("@@(#)$Id: domain.c,v 8.205 2013 #include d22 1 a22 1 @@@@ -909,9 +910,9 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r d34 1 a34 1 @@@@ -1072,7 +1073,7 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r d43 1 a43 1 @@@@ -1410,13 +1411,13 @@@@ punt: d59 1 a59 1 @@@@ -1486,7 +1487,7 @@@@ bestmx_map_lookup(map, name, av, statp) d68 1 a68 1 @@@@ -1498,9 +1499,9 @@@@ bestmx_map_lookup(map, name, av, statp) d80 1 a80 1 @@@@ -1650,16 +1651,22 @@@@ dns_getcanonname(host, hbsize, trymx, st d84 1 a84 1 - if ((_res.options & RES_INIT) == 0 && res_init() == -1) d86 3 d90 2 a91 1 - return HOST_NOTFOUND; d98 5 a102 1 +# endif d104 4 a107 1 + return false; d120 1 a120 1 @@@@ -1709,7 +1716,7 @@@@ cnameloop: d129 1 a129 1 @@@@ -1717,10 +1724,10 @@@@ cnameloop: d142 1 a142 1 @@@@ -2026,13 +2033,13 @@@@ nexttype: d156 2 a157 2 return HOST_NOTFOUND; } @ 1.3 log @Update to sendmail 8.17.2: some feature updates and a bunch of bug fixes. pkgsrc changes: - remove some backported patches now included upstream - rename blacklistd option to blacklist to match defaults/mk.conf - accept old opiton blacklistd - add new smtputf8 option to enable SMTP SMTPUTF8 protocol option SENDMAIL RELEASE NOTES This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 8.17.2/8.17.2 2023/06/03 Make sure DANE checks (if enabled) are performed even if CACertPath or CACertFile are not set or unusable. Note: if the code to set up TLS in the client fails, then {verify} will be set to TEMP but DANE requirements will be ignored, i.e., by default mail will be sent without STARTTLS. This can be changed via a LOCAL_TLS_SERVER ruleset. Pass server name to clt_features ruleset instead of client name to account for limitations in macro availability described below in CONFIG section. This may break custom clt_features rulesets which expect to receive the client name as input. Fix a regression introduced in 8.17.1: aliases file which contain continuation lines caused parsing errors. Add an FFR (for future release) compile time option _FFR_LOG_STAGE to log the protocol stage as stage= for some errors during delivery attempts to make troubleshooting simpler. This new logging may be enabled in a future release. When EAI is enabled, milters also got the arguments of MAIL/RCPT commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt() callbacks instead of just the mail address. Problem reported by Dilyan Palauzo. When EAI is enabled, mailq prints UTF-8 addresses as such if SMTPUTF8 was used. When EAI is enabled, the $h macro is now in the correct format. Previously this could cause wrong values for relay= in log entries and the mailer argument vector. When the compile time option USE_EAI is enabled, vacation could fail to respond when it should. Problem reported by Alex Hautequest. When EAI was enabled, header truncation might not have been logged even when it happened. Problem reported by Werner Wiethege. Handle a possible change in an upcoming release of Cyrus-SASL (2.1.28) by changing the definition of an internal flag. Patch from Dilyan Palauzo. Avoid an assertion failure when an smtps connection is made to the server and a milter is unavailable. Problem reported by Dilyan Palauzo. Fixed some spelling errors in documentation and comments, based on a codespell report by Jens Schleusener of fossies.org. The result of try_tls is now logged using status= instead of reject=. If tls_rcpt rejected the delivery of a recipient then a bogus dsn= entry might have been logged under some circumstances. If a server replied with 421 to a RCPT command then a bogus reply= might have been logged. When quoting the value for ${currHeader} avoid causing a syntax error (Unbalanced '"') when truncating a header value which is too long. Problem reported by Werner Wiethege. Reduce the performance impact of a change introduced in 8.12.9: the default for MaxMimeHeaderLength was set to 2048/1024. Problem reported by Tabata Shintaro of Internet Initiative Japan Inc. CONFIG: The default clt_features ruleset tried to access ${server_name} and ${server_addr} which are not set when the ruleset is invoked. Only the server name is available which is passed as an argument. CONFIG: Properly quote host variable to prevent cf build breakage when a hostname contains 'dnl'. Problem reported by Maxim Shalomikhin of Kaspersky. DEVTOOLS: Add configure.sh support for BSD's mandoc as an alternative man page formatting tool. DOC: Document that USAGE is a possible value for {verify}. LIBMILTER: The macros for the EOH and EOM callbacks are sent in reverse order which means accessing macros in the EOM callback got the macro for the EOH callback. Store those macros in the expected order in libmilter. Note: this does not affect sendmail because the macros for both callbacks are the same because the message is sent to libmilter after it is completely read by sendmail. Fix and problem report from David Buergin. Portability: Make use of IN_LOOPBACK, if defined, to determine if using a loopback address. Patch from Mike Karels of FreeBSD. On Linux use gethostbyname2(3) if glibc 2.19 or newer is used to avoid potential problems with IPv6 lookups. Patch from Werner Wiethege. Add support for Darwin 21 and Darwin 22. Solaris 12 has been renamed to Solaris 11.4, hence adapt a condition for sigwait(2) taking one argument. Patch from John Beck. New Files: devtools/M4/UNIX/sharedlib.m4 devtools/OS/Darwin.21.x devtools/OS/Darwin.22.x sendmail/sched.c libsm/notify.h 8.17.1/8.17.1 2021/08/17 Deprecation notice: due to compatibility problems with some third party code, we plan to finally switch from K&R to ANSI C. If you are using sendmail on a system which does not have a compiler for ANSI C contact us with details as soon as possible so we can determine how to proceed. Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533) is available when using the compile time option USE_EAI (see also devtools/Site/site.config.m4.sample for other required settings) and the cf option SMTPUTF8. If a mail submission via the command line requires the use of SMTPUTF8, e.g., because a header uses UTF-8 encoding, but the addresses on the command line are all ASCII, then the new option -U must be used, and the cf option SMTPUTF8 must be set in submit.cf. Please test and provide feedback. Experimental support for SMTP MTA Strict Transport Security (MTA-STS, see RFC 8461) is available when using - the compile time option _FFR_MTA_STS (which requires STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES), - FEATURE(sts), which implicitly sets the cf option StrictTransportSecurity, - postfix-mta-sts-resolver, see https://github.com/Snawoot/postfix-mta-sts-resolver.git New ruleset check_other which is called for all unknown SMTP commands in the server and for commands which do not have specific rulesets, e.g., NOOP and VERB. New ruleset clt_features which can be used to select features in the SMTP client per server. Currently only two flags are available: D/M to disable DANE/MTA-STS, respectively. New compile time option NO_EOH_FIELDS to disable the special meaning of the headers Message: and Text: to denote the end of the message header. Avoid leaking session macros for an envelope between delivery attempts to different servers. This problem could have affected check_compat. Avoid leaking actual SMTP replies between delivery attempts to different servers which could cause bogus logging of reply= entries. Change default SMTP reply code for STARTTLS related problems from 403 to 454 to better match the RFCs. Fix a theoretical buffer overflow when encountering an unknown/unsupported socket address family on an operating system where sa_data is larger than 30 (the standard is 14). Based on patch by Toomas Soome. Several potential memory leaks and other similar problems (mostly in error handling code) have been fixed. Problems reported by Tomas Korbar of RedHat. Previously the commands GET, POST, CONNECT, or USER terminate a connection immediately only if sent as first command. Now this is also done if any of these is sent directly after STARTTLS or if the 'h' option is set via srv_features. CDB map locking has been changed so a sendmail process which does have a CDB map open does not block an in-place update of the map by makemap. The simple workaround for that problem in earlier versions is to create the map under a different name and then move it into place. On some systems the rejection of a RCPT by a milter could silently fail. CONFIG: New FEATURE(`check_other') to provide a default check_other ruleset. CONFIG: FEATURE(`tls_failures') is deprecated and will be removed in future versions because it has a fundamental problem: it is message oriented but STARTTLS is session oriented. For example, having multiple RCPTs in one envelope for different destinations, with different temporary errors, does not work properly, as the persistent macro applies to all RCPTs and hence implicitly to all destinations (servers). The option TLSFallbacktoClear should be used if needed. CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett. CONTRIB: Added cidrexpand -O option for suppressing duplicates from a CIDR expansion that overlaps a later entry and -S option for skipping comments exactly like makemap does. MAIL.LOCAL: Enhance some error messages to simplify troubleshooting. Portability: Add support for Darwin 19 & 20. Use proper FreeBSD version define to allow for cross compiling. Fix from Brooks Davis of the FreeBSD project. NOTE: File locking using fcntl() does not interoperate with Berkeley DB 5.x (and probably later). Use CDB, flock() (-DHASFLOCK), or an earlier Berkeley DB version. Problem noted by Harald Hannelius. New Files: cf/feature/check_other.m4 cf/feature/sts.m4 devtools/OS/Darwin.19.x devtools/OS/Darwin.20.x include/sm/ixlen.h libsm/ilenx.c libsm/lowercase.c libsm/strcaseeq.c libsm/t-ixlen.c libsm/t-ixlen.sh libsm/t-streq.c libsm/t-streq.sh libsm/utf8_valid.c libsm/uxtext_unquote.c libsm/xleni.c libsmutil/t-lockfile.c libsmutil/t-lockfile-0.sh libsmutil/t-maplock-0.sh @ text @d3 1 a3 1 --- sendmail/domain.c.orig 2023-05-31 19:55:42.000000000 +0000 d22 1 a22 1 @@@@ -623,9 +624,9 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r d34 1 a34 1 @@@@ -784,7 +785,7 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r d43 1 a43 1 @@@@ -1102,13 +1103,13 @@@@ punt: d59 1 a59 1 @@@@ -1178,7 +1179,7 @@@@ bestmx_map_lookup(map, name, av, statp) d68 1 a68 1 @@@@ -1190,9 +1191,9 @@@@ bestmx_map_lookup(map, name, av, statp) d74 1 a74 1 nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1); d80 1 a80 1 @@@@ -1342,16 +1343,22 @@@@ dns_getcanonname(host, hbsize, trymx, st d109 1 a109 1 @@@@ -1401,7 +1408,7 @@@@ cnameloop: d118 1 a118 1 @@@@ -1409,10 +1416,10 @@@@ cnameloop: d131 1 a131 1 @@@@ -1718,13 +1725,13 @@@@ nexttype: @ 1.2 log @comms/sendmail: update to 8.16.1 8.16.1/8.16.1 2020/07/05 SECURITY: If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session. One possible consequence was that STARTTLS was not used even if offered. This problem has been fixed by clearing out all relevant status information when a closed session is encountered. OpenSSL versions before 0.9.8 are no longer supported. OpenSSL version 1.1.0 and 1.1.1 are supported. Initial support for DANE (see RFC 7672 et.al.) is available if the compile time option DANE is set. Only TLSA RR 3-1-x is currently implemented. New options SSLEngine and SSLEnginePath to support OpenSSL engines. Note: this feature has so far only been tested with the "chil" engine; please report problems with other engines if you encounter any. New option CRLPath to specify a directory which contains hashes pointing to certificate revocations files. Based on patch from Al Smith. New rulesets tls_srv_features and tls_clt_features which can return a (semicolon separated) list of TLS related options, e.g., CipherList, CertFile, KeyFile, see doc/op/op.me for details. To automatically handle TLS interoperability problems for outgoing mail, sendmail can now immediately try a connection again without STARTTLS after a TLS handshake failure. This can be configured globally via the option TLSFallbacktoClear or per session via the 'C' flag of tls_clt_features. This also adds the new value "CLEAR" for the macro {verify}: STARTTLS has been disabled internally for a clear text delivery attempt. Apply Timeout.starttls also to the server waiting for the TLS handshake to begin. Based on patch from Simon Hradecky. New compile time option TLS_EC to enable the use of elliptic curve cryptography in STARTTLS (previously available as _FFR_TLS_EC). Handle MIME boundaries specified in headers which contain CRLF. Fix detection of loopback net (it was broken when compiled with NETINET6) and only set the macros {if_addr_out} and {if_family_out} if the interface of the outgoing connection does not belong to the loopback net. Fix logic to enable a milter to delete a recipient in DeliveryMode=interactive even if it might be subject to alias expansion. Log name of a milter making changes (this was missing for some functions). Log the actual reply of a server when an SMTP delivery problem occurs in a "reply=" field if possible. Log user= for failed AUTH attempts if possible. Based on patch from Packet Hack, Jim Hranicky, Kevin A. McGrail, and Joe Quinn. Add CDB as map type. Note: CDB is a "Constant DataBase", i.e., no changes can be made after it is created, hence it does not work with vacation(1) nor editmap(8) (except for query mode). Fix some memory leaks (mostly in error cases) and properly handle copied varargs in sm_io_vfprintf(). The issues were found using Coverity Scan and reported (including patches) by Ondřej Lysoněk of Red Hat. Do not override ServerSSLOptions and ClientSSLOptions when they are specified on the command line. Based on patch from Hiroki Sato. Add RFC7505 Null MX support for domains that declare they do not accept mail. New compile time option LDAP_NETWORK_TIMEOUT which is set automatically when LDAPMAP is used and LDAP_OPT_NETWORK_TIMEOUT is available to enable the new -c option for LDAP maps to specify the network timeout. CONFIG: New FEATURE(`tls_session_features') to enable standard rules for tls_srv_features and tls_clt_features; for details see cf/README. CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH for SSLEngine and SSLEnginePath, respectively. CONFIG: New options confDANE to enable DANE support. CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear. CONFIG: New extension CITag: for TLS restrictions, see cf/README for details. CONFIG: FEATURE(`blacklist_recipients') renamed to FEATURE(`blocklist_recipients'). CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to canonicalize IPv6 addresses; if cidrexpand is used with IPv6 addresses then UseCompressedIPv6Addresses must be disabled. DOC: The dns map can return multiple values in a single result if the -z option is used. DOC: Note to set MustQuoteChars=. due to DKIM signatures. LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret of Alcatel-Lucent. LIBMILTER: Fix reference in xxfi_negotiate documentation. Patch from Sven Neuhaus. LIBMILTER: Fix function name in smfi_addrcpt_par documentation. Patch from G.W. Haywood. LIBMILTER: Fix a potential memory leak in smfi_setsymlist(). Patch from Martin Svec. MAKEMAP: New map type "implicit" refers to the first available type, i.e., it depends on the compile time options NEWDB, DBM, and CDB. This can be used in conjunction with the "implicit" map type in sendmail.cf. Note: makemap, libsmdb, and sendmail must be compiled with the same options (and library versions of course). Portability: Add support for Darwin 14-18 (Mac OS X 10.x). New option HAS_GETHOSTBYNAME2: set if your system supports gethostbyname2(2). Set SM_CONF_SEM=2 for FreeBSD 12 and later due to changes in sys/sem.h On Linux set MAXHOSTNAMELEN (the maximum length of a FQHN) to 256 if it is less than that value. Added Files: cf/feature/blocklist_recipients.m4 cf/feature/tls_failures.m4 devtools/OS/Darwin.14.x devtools/OS/Darwin.15.x devtools/OS/Darwin.16.x libsmdb/smcdb.c sendmail/ratectrl.h @ text @d3 1 a3 1 --- sendmail/domain.c.orig 2020-06-02 09:41:43.000000000 +0000 d5 2 a6 1 @@@@ -25,6 +25,8 @@@@ SM_RCSID("@@(#)$Id: domain.c,v 8.205 2013 a8 1 a9 1 + d11 1 a11 1 # include d13 1 a13 1 @@@@ -49,7 +51,7 @@@@ static char MXHostBuf[MXHOSTBUFSIZE]; d21 2 a22 2 # ifndef NO_DATA @@@@ -573,9 +575,9 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r d34 1 a34 1 @@@@ -743,7 +745,7 @@@@ getmxrr(host, mxhosts, mxprefs, flags, r d43 1 a43 1 @@@@ -1042,13 +1044,13 @@@@ punt: d59 1 a59 1 @@@@ -1118,7 +1120,7 @@@@ bestmx_map_lookup(map, name, av, statp) d68 1 a68 1 @@@@ -1130,9 +1132,9 @@@@ bestmx_map_lookup(map, name, av, statp) d80 1 a80 1 @@@@ -1282,16 +1284,22 @@@@ dns_getcanonname(host, hbsize, trymx, st d109 1 a109 1 @@@@ -1341,7 +1349,7 @@@@ cnameloop: d118 1 a118 1 @@@@ -1349,10 +1357,10 @@@@ cnameloop: d131 1 a131 1 @@@@ -1658,13 +1666,13 @@@@ nexttype: @ 1.1 log @Update to sendmail 8.14.9: this fixes a minor potential security issue pkgsrc changes: - consolidate several patches into site.config.m4 - pkgsrc LDFLAGS should always be used - don't bother specifying file owner/group anywhere except in Makefile - create include/sm/os/sm_os_netbsd.h to fix warnings and OS specific stuff - install mail.local and rmail - convert to use res_n* functions - allows for linking against threaded libraries - add a TODO file - PR/35249 - Loren M. Lang - can't find libraries on Linux, this should be fixed by using pkgsrc LDFLAGS - PR/46694 - Makoto Fujiwara - bring back netbsd-proto.mc from when sendmail was part of the base system - PR/47207 - Richard Palo - let pkgsrc infrastructure handle file ownership and group - PR/48566 - Emmanuel Dreyfus - always set _FFR_USE_GETPWNAM_ERRNO on NetBSD - roll ffr_tls_1 and the suggested ffr_tls_ec into one new ffr_tls option - not enabled by default because it changes behaviour 8.14.9/8.14.9 2014/05/21 SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. Fix a misformed comment in conf.c: "/*" within comment which may cause a compilation error on some systems. Problem reported by John Beck of Oracle. DEVTOOLS: Fix regression in auto-detection of libraries when only shared libraries are available. Problem reported by Bryan Costales. @ text @d3 1 a3 1 --- sendmail/domain.c.orig 2014-03-06 17:31:31.000000000 +0000 d5 11 a15 2 @@@@ -39,7 +39,7 @@@@ static char MXHostBuf[MXHOSTBUFSIZE]; # endif /* ! MAXDNSRCH */ d20 1 a20 1 # endif /* ! RES_DNSRCH_VARIABLE */ d23 14 a36 53 @@@@ -58,6 +58,8 @@@@ static char MXHostBuf[MXHOSTBUFSIZE]; # define RES_UNC_T unsigned char * # endif /* defined(__RES) && (__RES >= 19940415) */ +extern struct __res_state sm_res; + static int mxrand __P((char *)); static int fallbackmxrr __P((int, unsigned short *, char **)); @@@@ -205,11 +207,9 @@@@ getmxrr(host, mxhosts, mxprefs, droploca char *fallbackMX = FallbackMX; bool trycanon = false; unsigned short *prefs; - int (*resfunc) __P((const char *, int, int, u_char *, int)); unsigned short prefer[MAXMXHOSTS]; int weight[MAXMXHOSTS]; int ttl = 0; - extern int res_query(), res_search(); if (tTd(8, 2)) sm_dprintf("getmxrr(%s, droplocalhost=%d)\n", @@@@ -246,14 +246,24 @@@@ getmxrr(host, mxhosts, mxprefs, droploca if (!UseNameServer) goto punt; - if (HasWildcardMX && ConfigLevel >= 6) - resfunc = res_query; - else - resfunc = res_search; errno = 0; - n = (*resfunc)(host, C_IN, T_MX, (unsigned char *) &answer, + if (HasWildcardMX && ConfigLevel >= 6) +#if NAMED_RESN + n = res_nquery(&sm_res, host, C_IN, T_MX, + (unsigned char *) &answer, sizeof(answer)); +#else + n = res_query(host, C_IN, T_MX, (unsigned char *) &answer, + sizeof(answer)); +#endif + else +#if NAMED_RESN + n = res_nsearch(&sm_res, host, C_IN, T_MX, + (unsigned char *) &answer, sizeof(answer)); +#else + n = res_search(host, C_IN, T_MX, (unsigned char *) &answer, sizeof(answer)); +#endif if (n < 0) { if (tTd(8, 1)) @@@@ -337,7 +347,7 @@@@ getmxrr(host, mxhosts, mxprefs, droploca GETSHORT(n, cp); /* rdlength */ d39 22 a60 6 - if (tTd(8, 8) || _res.options & RES_DEBUG) + if (tTd(8, 8) || sm_res.options & RES_DEBUG) sm_dprintf("unexpected answer type %d, size %d\n", type, n); cp += n; @@@@ -635,7 +645,7 @@@@ bestmx_map_lookup(map, name, av, statp) d69 1 a69 1 @@@@ -647,9 +657,9 @@@@ bestmx_map_lookup(map, name, av, statp) d71 1 a71 1 #endif /* _FFR_BESTMX_BETTER_TRUNCATION */ d75 1 a75 1 nmx = getmxrr(name, mxhosts, NULL, false, statp, false, NULL); d81 1 a81 1 @@@@ -793,10 +803,15 @@@@ dns_getcanonname(host, hbsize, trymx, st d88 2 a89 2 - return false; + if ((sm_res.options & RES_INIT) == 0) d98 1 d101 8 d110 4 a113 4 @@@@ -834,7 +849,7 @@@@ cnameloop: dp = searchlist; if (n > 0) *dp++ = ""; d119 1 a119 1 @@@@ -842,9 +857,9 @@@@ cnameloop: d121 1 a121 1 *dp++ = *domain++; d126 3 a128 2 - *dp++ = _res.defdname; + *dp++ = sm_res.defdname; d132 16 a147 14 @@@@ -879,8 +894,13 @@@@ cnameloop: qtype == T_MX ? "MX" : "???"); errno = 0; +# if NAMED_RESN + ret = res_nquerydomain(&sm_res, host, *dp, C_IN, qtype, + answer.qb2, sizeof(answer.qb2)); +# else ret = res_querydomain(host, *dp, C_IN, qtype, answer.qb2, sizeof(answer.qb2)); +# endif if (ret <= 0) { int save_errno = errno; @