The NetBSD Project

CVS log for pkgsrc/mail/sendmail/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / mail / sendmail

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.72: download - view: text, markup, annotated - select for diffs
Mon Feb 19 04:12:36 2024 UTC (9 months, 2 weeks ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, HEAD
Diff to: previous 1.71: preferred, colored
Changes since revision 1.71: +2 -2 lines
PR/57936 -- fix build problem on netbsd-9

Revision 1.71: download - view: text, markup, annotated - select for diffs
Mon Feb 12 03:23:05 2024 UTC (9 months, 3 weeks ago) by jnemeth
Branches: MAIN
Diff to: previous 1.70: preferred, colored
Changes since revision 1.70: +6 -6 lines
Update to sendmail 8.18.1.

Main changes are:
- stricter RFC compliance to close some security issues
- FIPS 3 support
- full DANE support

			SENDMAIL RELEASE NOTES


This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.


8.18.1/8.18.1	2024/01/31
	sendmail is now stricter in following the RFCs and rejects
		some invalid input with respect to line endings
		and pipelining:
		- Prevent transaction stuffing by ensuring SMTP clients
		wait for the HELO/EHLO and DATA response before sending
		further SMTP commands.  This can be disabled using
		the new srv_features option 'F'.  Issue reported by
		Yepeng Pan and Christian Rossow from CISPA Helmholtz
		Center for Information Security.
		- Accept only CRLF . CRLF as end of an SMTP message
		as required by the RFCs, which can disabled by the
		new srv_features option 'O'.
		- Do not accept a CR or LF except in the combination
		CRLF (as required by the RFCs).  These checks can
		be disabled by the new srv_features options
		'U' and 'G', respectively.  In this case it is
		suggested to use 'u2' and 'g2' instead so the server
		replaces offending bare CR or bare LF with a space.
		It is recommended to only turn these protections off
		for trusted networks due to the potential for abuse.
	Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
		are used, i.e., TLSA RR 2-x-y and 3-x-y are supported
		as required by RFC 7672.
	OpenSSL version 3.0.x is supported.  Note: OpenSSL 3 loads by
		default an openssl.cnf file from a location specified
		in the library which may cause unwanted behaviour
		in sendmail.  Hence sendmail sets the environment
		variable OPENSSL_CONF to /etc/mail/sendmail.ossl
		to override the default.  The file name can be
		changed by defining confOPENSSL_CNF in the mc file;
		using an empty value prevents setting OPENSSL_CONF.
		Note: referring to a file which does not exist does
		not cause an an error.
	Two new values have been added for {verify}:
		"DANE_TEMP": DANE verification failed temporarily.
		"DANE_NOTLS": DANE was required but STARTTLS was not
		offered by the server.
		The default rules return a temporary error for these
		cases, so delivery is not attempted.
	If the TLS setup code in the client fails and DANE requirements
		exist then {verify} will be set to "DANE_TEMP" thus
		preventing delivery by default.
	DANE related logging has been slightly changed for clarification:
		"DANE configured in DNS but no STARTTLS available"
		changed to
		"DANE configured in DNS but STARTTLS not offered"
	When the compile time option USE_EAI is enabled, vacation could
		fail to respond when it should (the code change in
		8.17.2 was incomplete).  Problem reported by Alex
		Hautequest.
	If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command
		the parsing of UTF8 addresses could fail (USE_EAI).
	If a reply to a previous RCPT was received while sending
		another RCPT in pipelining mode then parts of the
		reply could have been assigned to the wrong RCPT.
	New DontBlameSendmail option CertOwner to relax requirement
		for certificate public and private key ownership.
		Based on suggestion from Marius Strobl of the
		FreeBSD project.
	clt_features was not checked for connections via Unix domain
		sockets.
	CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies
		from DNS lookups thus potentially causing random
		"false negatives".
		Note: the fix creates an incompatibility:
		the arguments must not have a trailing dot anymore
		because the -a. option has been removed (as it only
		applies to the entire result, not individual values).
	CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3.
	VACATION: Add support for Return-Path header to set sender
		to match OpenBSD and NetBSD functionality.
	VACATION: Honor RFC3834 and avoid an auto-reply if
		'Auto-Submitted: no' is found in the headers to
		match OpenBSD and NetBSD functionality.
	VACATION: Avoid an auto-reply if a 'List-Id:' is found in
		the headers to match OpenBSD functionality.
	VACATION: Add support for $SUBJECT in .vacation.msg which
		is replaced with the first line of the subject of the
		original message to match OpenBSD and NetBSD
		functionality.
	Portability:
		Add support for Darwin 23.
	New Files:
		cf/feature/fips3.m4
		devtools/OS/Darwin.23.x

Revision 1.70: download - view: text, markup, annotated - select for diffs
Mon Jan 15 04:43:22 2024 UTC (10 months, 3 weeks ago) by jnemeth
Branches: MAIN
Diff to: previous 1.69: preferred, colored
Changes since revision 1.69: +15 -15 lines
Update to sendmail 8.17.2: some feature updates and a bunch of bug fixes.

pkgsrc changes:
- remove some backported patches now included upstream
- rename blacklistd option to blacklist to match defaults/mk.conf
  - accept old opiton blacklistd
- add new smtputf8 option to enable SMTP SMTPUTF8 protocol option


			SENDMAIL RELEASE NOTES


This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.


8.17.2/8.17.2	2023/06/03
	Make sure DANE checks (if enabled) are performed even if
		CACertPath or CACertFile are not set or unusable.
	Note: if the code to set up TLS in the client fails, then
		{verify} will be set to TEMP but DANE requirements
		will be ignored, i.e., by default mail will be sent
		without STARTTLS.  This can be changed via a
		LOCAL_TLS_SERVER ruleset.
	Pass server name to clt_features ruleset instead of client
		name to account for limitations in macro availability
		described below in CONFIG section.  This may break
		custom clt_features rulesets which expect to receive
		the client name as input.
	Fix a regression introduced in 8.17.1: aliases file which
		contain continuation lines caused parsing errors.
	Add an FFR (for future release) compile time option _FFR_LOG_STAGE
		to log the protocol stage as stage= for some errors during
		delivery attempts to make troubleshooting simpler.  This
		new logging may be enabled in a future release.
	When EAI is enabled, milters also got the arguments of MAIL/RCPT
		commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt()
		callbacks instead of just the mail address.
		Problem reported by Dilyan Palauzo.
	When EAI is enabled, mailq prints UTF-8 addresses as such
		if SMTPUTF8 was used.
	When EAI is enabled, the $h macro is now in the correct format.
		Previously this could cause wrong values for relay=
		in log entries and the mailer argument vector.
	When the compile time option USE_EAI is enabled, vacation could
		fail to respond when it should.  Problem reported by
		Alex Hautequest.
	When EAI was enabled, header truncation might not have been
		logged even when it happened. Problem reported by
		Werner Wiethege.
	Handle a possible change in an upcoming release of Cyrus-SASL
		(2.1.28) by changing the definition of an internal flag.
		Patch from Dilyan Palauzo.
	Avoid an assertion failure when an smtps connection is made
		to the server and a milter is unavailable.
		Problem reported by Dilyan Palauzo.
	Fixed some spelling errors in documentation and comments,
		based on a codespell report by Jens Schleusener
		of fossies.org.
	The result of try_tls is now logged using status= instead
		of reject=.
	If tls_rcpt rejected the delivery of a recipient then a bogus
		dsn= entry might have been logged under some circumstances.
	If a server replied with 421 to a RCPT command then a bogus reply=
		might have been logged.
	When quoting the value for ${currHeader} avoid causing a syntax
		error (Unbalanced '"') when truncating a header value
		which is too long.  Problem reported by Werner Wiethege.
	Reduce the performance impact of a change introduced in
		8.12.9: the default for MaxMimeHeaderLength was
		set to 2048/1024.  Problem reported by Tabata
		Shintaro of Internet Initiative Japan Inc.
	CONFIG: The default clt_features ruleset tried to access
		${server_name} and ${server_addr} which are not set
		when the ruleset is invoked.  Only the server name
		is available which is passed as an argument.
	CONFIG: Properly quote host variable to prevent cf build
		breakage when a hostname contains 'dnl'.  Problem
		reported by Maxim Shalomikhin of Kaspersky.
	DEVTOOLS: Add configure.sh support for BSD's mandoc as an
		alternative man page formatting tool.
	DOC: Document that USAGE is a possible value for {verify}.
	LIBMILTER: The macros for the EOH and EOM callbacks are
		sent in reverse order which means accessing macros
		in the EOM callback got the macro for the EOH
		callback. Store those macros in the expected order
		in libmilter. Note: this does not affect sendmail
		because the macros for both callbacks are the same
		because the message is sent to libmilter after it
		is completely read by sendmail.  Fix and problem
		report from David Buergin.
	Portability:
		Make use of IN_LOOPBACK, if defined, to determine if
		using a loopback address.  Patch from Mike Karels of
		FreeBSD.
		On Linux use gethostbyname2(3) if glibc 2.19 or newer
		is used to avoid potential problems with IPv6 lookups.
		Patch from Werner Wiethege.
		Add support for Darwin 21 and Darwin 22.
		Solaris 12 has been renamed to Solaris 11.4, hence
		adapt a condition for sigwait(2) taking one argument.
		Patch from John Beck.
	New Files:
		devtools/M4/UNIX/sharedlib.m4
		devtools/OS/Darwin.21.x
		devtools/OS/Darwin.22.x
		sendmail/sched.c
		libsm/notify.h

8.17.1/8.17.1	2021/08/17
	Deprecation notice: due to compatibility problems with some
		third party code, we plan to finally switch from K&R
		to ANSI C. If you are using sendmail on a system
		which does not have a compiler for ANSI C contact us
		with details as soon as possible so we can determine
		how to proceed.
	Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
		is available when using the compile time option USE_EAI
		(see also devtools/Site/site.config.m4.sample for other
		required settings) and the cf option SMTPUTF8.
		If a mail submission via the command line requires
		the use of SMTPUTF8, e.g., because a header uses UTF-8
		encoding, but the addresses on the command line are all
		ASCII, then the new option -U must be used, and
		the cf option SMTPUTF8 must be set in submit.cf.
		Please test and provide feedback.
	Experimental support for SMTP MTA Strict Transport Security
		(MTA-STS, see RFC 8461) is available when using
		- the compile time option _FFR_MTA_STS (which requires
		  STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
		- FEATURE(sts), which implicitly sets the cf option
		  StrictTransportSecurity,
		- postfix-mta-sts-resolver, see
		https://github.com/Snawoot/postfix-mta-sts-resolver.git
	New ruleset check_other which is called for all unknown SMTP
		commands in the server and for commands which do not
		have specific rulesets, e.g., NOOP and VERB.
	New ruleset clt_features which can be used to select features
		in the SMTP client per server.  Currently only two
		flags are available: D/M to disable DANE/MTA-STS,
		respectively.
	New compile time option NO_EOH_FIELDS to disable the special
		meaning of the headers Message: and Text: to denote the
		end of the message header.
	Avoid leaking session macros for an envelope between
		delivery attempts to different servers.  This problem
		could have affected check_compat.
	Avoid leaking actual SMTP replies between delivery attempts
		to different servers which could cause bogus logging
		of reply= entries.
	Change default SMTP reply code for STARTTLS related problems
		from 403 to 454 to better match the RFCs.
	Fix a theoretical buffer overflow when encountering an
		unknown/unsupported socket address family on an
		operating system where sa_data is larger than 30
		(the standard is 14).  Based on patch by Toomas Soome.
	Several potential memory leaks and other similar problems
		(mostly in error handling code) have been fixed.
		Problems reported by Tomas Korbar of RedHat.
	Previously the commands GET, POST, CONNECT, or USER terminate
		a connection immediately only if sent as first command.
		Now this is also done if any of these is sent directly
		after STARTTLS or if the 'h' option is set via
		srv_features.
	CDB map locking has been changed so a sendmail process which
		does have a CDB map open does not block an in-place
		update of the map by makemap.  The simple workaround
		for that problem in earlier versions is to create
		the map under a different name and then move it
		into place.
	On some systems the rejection of a RCPT by a milter could
		silently fail.
	CONFIG: New FEATURE(`check_other') to provide a default
		check_other ruleset.
	CONFIG: FEATURE(`tls_failures') is deprecated and will be
		removed in future versions because it has a fundamental
		problem: it is message oriented but STARTTLS is
		session oriented.  For example, having multiple
		RCPTs in one envelope for different destinations,
		with different temporary errors, does not work
		properly, as the persistent macro applies to all
		RCPTs and hence implicitly to all destinations (servers).
		The option TLSFallbacktoClear should be used if needed.
	CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett.
	CONTRIB: Added cidrexpand -O option for suppressing duplicates from
		a CIDR expansion that overlaps a later entry and -S option
		for skipping comments exactly like makemap does.
	MAIL.LOCAL: Enhance some error messages to simplify
		troubleshooting.
	Portability:
		Add support for Darwin 19 & 20.
		Use proper FreeBSD version define to allow for cross
			compiling.  Fix from Brooks Davis of the FreeBSD
			project.
		NOTE: File locking using fcntl() does not interoperate
		  with Berkeley DB 5.x (and probably later).  Use
		  CDB, flock() (-DHASFLOCK), or an earlier Berkeley
		  DB version.  Problem noted by Harald Hannelius.
	New Files:
		cf/feature/check_other.m4
		cf/feature/sts.m4
		devtools/OS/Darwin.19.x
		devtools/OS/Darwin.20.x
		include/sm/ixlen.h
		libsm/ilenx.c
		libsm/lowercase.c
		libsm/strcaseeq.c
		libsm/t-ixlen.c
		libsm/t-ixlen.sh
		libsm/t-streq.c
		libsm/t-streq.sh
		libsm/utf8_valid.c
		libsm/uxtext_unquote.c
		libsm/xleni.c
		libsmutil/t-lockfile.c
		libsmutil/t-lockfile-0.sh
		libsmutil/t-maplock-0.sh

Revision 1.69: download - view: text, markup, annotated - select for diffs
Thu Jan 12 11:09:34 2023 UTC (22 months, 3 weeks ago) by markd
Branches: MAIN
CVS tags: pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1
Diff to: previous 1.68: preferred, colored
Changes since revision 1.68: +2 -1 lines
sendmail: fix build with openssl3

Revision 1.67.4.1: download - view: text, markup, annotated - select for diffs
Fri May 20 12:58:37 2022 UTC (2 years, 6 months ago) by bsiegert
Branches: pkgsrc-2022Q1
Diff to: previous 1.67: preferred, colored; next MAIN 1.68: preferred, colored
Changes since revision 1.67: +2 -2 lines
Pullup ticket #6634 - requested by sborrill
mail/sendmail: bugfix for SMTP AUTH

Revisions pulled up:
- mail/sendmail/Makefile                                        1.141
- mail/sendmail/distinfo                                        1.68
- mail/sendmail/patches/patch-bo                                1.5

---
   Module Name:	pkgsrc
   Committed By:	sborrill
   Date:		Tue May 10 13:46:49 UTC 2022

   Modified Files:
   	pkgsrc/mail/sendmail: Makefile distinfo
   	pkgsrc/mail/sendmail/patches: patch-bo

   Log Message:
   sendmail: fix SMTP AUTH

   Pull in SMTP AUTH fix from 8.17.1.9.
   Bump PKGREVISION

Revision 1.68: download - view: text, markup, annotated - select for diffs
Tue May 10 13:46:49 2022 UTC (2 years, 6 months ago) by sborrill
Branches: MAIN
CVS tags: pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2
Diff to: previous 1.67: preferred, colored
Changes since revision 1.67: +2 -2 lines
sendmail: fix SMTP AUTH

Pull in SMTP AUTH fix from 8.17.1.9.
Bump PKGREVISION

Revision 1.67: download - view: text, markup, annotated - select for diffs
Sun Dec 19 04:01:11 2021 UTC (2 years, 11 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2022Q1-base, pkgsrc-2021Q4-base, pkgsrc-2021Q4
Branch point for: pkgsrc-2022Q1
Diff to: previous 1.66: preferred, colored
Changes since revision 1.66: +1 -2 lines
Fix libmilter build on older systems that don't have gethostbyname2.

Since this is a build fix for systems where it didn't build before,
no revbump is required.

Revision 1.66: download - view: text, markup, annotated - select for diffs
Tue Oct 26 10:54:29 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.65: preferred, colored
Changes since revision 1.65: +2 -2 lines
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched
conditionally?):

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch

Revision 1.65: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:25:47 2021 UTC (3 years, 2 months ago) by nia
Branches: MAIN
Diff to: previous 1.64: preferred, colored
Changes since revision 1.64: +1 -2 lines
mail: Remove SHA1 hashes for distfiles

Revision 1.64: download - view: text, markup, annotated - select for diffs
Sun Jul 4 07:57:13 2021 UTC (3 years, 5 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Diff to: previous 1.63: preferred, colored
Changes since revision 1.63: +23 -24 lines
comms/sendmail: update to 8.16.1


8.16.1/8.16.1	2020/07/05
	SECURITY: If sendmail tried to reuse an SMTP session which had
		already been closed by the server, then the connection
		cache could have invalid information about the session.
		One possible consequence was that STARTTLS was not
		used even if offered.  This problem has been fixed
		by clearing out all relevant status information
		when a closed session is encountered.
	OpenSSL versions before 0.9.8 are no longer supported.
	OpenSSL version 1.1.0 and 1.1.1 are supported.
	Initial support for DANE (see RFC 7672 et.al.) is available if
		the compile time option DANE is set.  Only TLSA RR 3-1-x
		is currently implemented.
	New options SSLEngine and SSLEnginePath to support OpenSSL engines.
		Note: this feature has so far only been tested with the
		"chil" engine; please report problems with other engines
		if you encounter any.
	New option CRLPath to specify a directory which contains
		hashes pointing to certificate revocations files.
		Based on patch from Al Smith.
	New rulesets tls_srv_features and tls_clt_features which
		can return a (semicolon separated) list of TLS related
		options, e.g., CipherList, CertFile, KeyFile,
		see doc/op/op.me for details.
	To automatically handle TLS interoperability problems for outgoing
		mail, sendmail can now immediately try a connection again
		without STARTTLS after a TLS handshake failure.
		This can be configured globally via the option
		TLSFallbacktoClear or per session via the 'C' flag
		of tls_clt_features.
		This also adds the new value "CLEAR" for the macro
		{verify}: STARTTLS has been disabled internally for
		a clear text delivery attempt.
	Apply Timeout.starttls also to the server waiting for the TLS
		handshake to begin.  Based on patch from Simon Hradecky.
	New compile time option TLS_EC to enable the use of elliptic
		curve cryptography in STARTTLS (previously available as
		_FFR_TLS_EC).
	Handle MIME boundaries specified in headers which contain CRLF.
	Fix detection of loopback net (it was broken when compiled
		with NETINET6) and only set the macros {if_addr_out}
		and {if_family_out} if the interface of the outgoing
		connection does not belong to the loopback net.
	Fix logic to enable a milter to delete a recipient in
		DeliveryMode=interactive even if it might be subject
		to alias expansion.
	Log name of a milter making changes (this was missing for
		some functions).
	Log the actual reply of a server when an SMTP delivery problem
		occurs in a "reply=" field if possible.
	Log user= for failed AUTH attempts if possible.  Based on
		patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
		and Joe Quinn.
	Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
		no changes can be made after it is created, hence it
		does not work with vacation(1) nor editmap(8) (except
		for query mode).
	Fix some memory leaks (mostly in error cases) and properly handle
		copied varargs in sm_io_vfprintf(). The issues were found
		using Coverity Scan and reported (including patches) by
		Ondřej Lysoněk of Red Hat.
	Do not override ServerSSLOptions and ClientSSLOptions when they
		are specified on the command line.  Based on patch from
		Hiroki Sato.
	Add RFC7505 Null MX support for domains that declare they do not
		accept mail.
	New compile time option LDAP_NETWORK_TIMEOUT which is set
		automatically when LDAPMAP is used and
		LDAP_OPT_NETWORK_TIMEOUT is available to enable the
		new -c option for LDAP maps to specify the network timeout.
	CONFIG: New FEATURE(`tls_session_features') to enable standard
		rules for tls_srv_features and tls_clt_features; for
		details see cf/README.
	CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
		for SSLEngine and SSLEnginePath, respectively.
	CONFIG: New options confDANE to enable DANE support.
	CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
	CONFIG: New extension CITag: for TLS restrictions, see cf/README
		for details.
	CONFIG: FEATURE(`blacklist_recipients') renamed to
		FEATURE(`blocklist_recipients').
	CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
		canonicalize IPv6 addresses; if cidrexpand is used with IPv6
		addresses then UseCompressedIPv6Addresses must be disabled.
	DOC: The dns map can return multiple values in a single result
		if the -z option is used.
	DOC: Note to set MustQuoteChars=. due to DKIM signatures.
	LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
		of Alcatel-Lucent.
	LIBMILTER: Fix reference in xxfi_negotiate documentation.
		Patch from Sven Neuhaus.
	LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
		Patch from G.W. Haywood.
	LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
		Patch from Martin Svec.
	MAKEMAP: New map type "implicit" refers to the first available type,
		i.e., it depends on the compile time options NEWDB, DBM,
		and CDB. This can be used in conjunction with the
		"implicit" map type in sendmail.cf.
		Note: makemap, libsmdb, and sendmail must be compiled
		with the same options (and library versions of course).
	Portability:
		Add support for Darwin 14-18 (Mac OS X 10.x).
		New option HAS_GETHOSTBYNAME2: set if your system
		supports gethostbyname2(2).
		Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
		changes in sys/sem.h
		On Linux set MAXHOSTNAMELEN (the maximum length
		of a FQHN) to 256 if it is less than that value.
	Added Files:
		cf/feature/blocklist_recipients.m4
		cf/feature/tls_failures.m4
		devtools/OS/Darwin.14.x
		devtools/OS/Darwin.15.x
		devtools/OS/Darwin.16.x
		libsmdb/smcdb.c
		sendmail/ratectrl.h

Revision 1.63: download - view: text, markup, annotated - select for diffs
Fri Apr 24 14:33:08 2020 UTC (4 years, 7 months ago) by manu
Branches: MAIN
CVS tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.62: preferred, colored
Changes since revision 1.62: +2 -1 lines
Bug fix, submitted upstream

Add missing curly brackets that caused res_ninit() to be called
with non-zeroed state structure. In NetBSD, res_ninit() detects
the mistake and quickly calls res_ndestroy(), which will close file
descriptors based on the random data provided in the state structure.
The result at mine is sendmail going mute after the MAIL FROM
command.

Revision 1.62: download - view: text, markup, annotated - select for diffs
Sun Apr 12 09:11:41 2020 UTC (4 years, 7 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.61: preferred, colored
Changes since revision 1.61: +3 -3 lines
Allow the UseBlacklist configuration option, but ignore it, on
systems that don't have blacklistd.  This prevents configuration
errors as the default config files have:

O UseBlacklist=false

Revision 1.61: download - view: text, markup, annotated - select for diffs
Fri Jul 26 19:33:33 2019 UTC (5 years, 4 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.60: preferred, colored
Changes since revision 1.60: +2 -2 lines
Fix build problems on systems that don't have blacklistd.  Since
this is a build fix, no PKGREVISION bump is needed.

Revision 1.60: download - view: text, markup, annotated - select for diffs
Mon Jul 15 05:30:33 2019 UTC (5 years, 4 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.59: preferred, colored
Changes since revision 1.59: +5 -2 lines
Change from using ${OPSYS} to looking for /usr/include/blacklist.h
to determine whether to use the blacklistd feature.  This allows
for automatically picking up new OSes that provide blacklistd as
well as ignoring older versions of NetBSD and FreeBSD that don't
have blacklistd.

Add UseBlacklist to M4 config generator.  This means that you can
turn it on by doing something like:

LOCAL_CONFIG
...
define(`confUSE_BLACKLIST', `True')dnl
...

It is set to false as the feature is experimental having just been
created.

Ride previous PKGREVISION bump as it was less than an hour ago.

Revision 1.59: download - view: text, markup, annotated - select for diffs
Mon Jul 15 04:32:49 2019 UTC (5 years, 4 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.58: preferred, colored
Changes since revision 1.58: +9 -5 lines
Add support for working with blacklistd.  These patches were
originally created for FreeBSD and were ported to pkgsrc by Hauke
Fath with some cleanup by myself.

These patches add a new "UseBlacklist" option to sendmail to have
it send authentication failure notices to blacklistd.

Revision 1.58: download - view: text, markup, annotated - select for diffs
Wed Dec 5 12:10:21 2018 UTC (6 years ago) by bsiegert
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Diff to: previous 1.57: preferred, colored
Changes since revision 1.57: +2 -1 lines
Fix sendmail with OpenSSL 1.1.

"Lightly edited" patch from Debian via PR pkg/53401.

Bump revision.

Revision 1.57: download - view: text, markup, annotated - select for diffs
Tue Nov 3 23:27:20 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.56: preferred, colored
Changes since revision 1.56: +2 -1 lines
Add SHA512 digests for distfiles for mail category

Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.56: download - view: text, markup, annotated - select for diffs
Sat Jul 11 10:08:32 2015 UTC (9 years, 4 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Diff to: previous 1.55: preferred, colored
Changes since revision 1.55: +4 -4 lines
Update sendmail to 8.15.2.

pkgsrc change:  default to enable TLS
- this has been requested a couple of times and most systems are going
  to have a recent enough version of openssl so in most cases there
  won't be additional dependencies

8.15.2/8.15.2	2015/07/03
	If FEATURE(`nopercenthack') is used then some bogus input triggered
		a recursion which was caught and logged as
		SYSERR: rewrite: excessive recursion (max 50) ...
		Fix based on patch from Ondrej Holas.
	DHParameters now by default uses an included 2048 bit prime.
		The value 'none' previously caused a log entry claiming
		there was an error "cannot read or set DH parameters".
		Also note that this option applies to the server side only.
	The U= mailer field didn't accept group names containing hyphens,
		underbars, or periods.  Based on patch from David Gwynne
		of the University of Queensland.
	CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
		Patch from Lars-Johan Liman of Netnod Internet Exchange.
	CONFIG: New option UseCompressedIPv6Addresses to select between
		compressed and uncompressed IPv6 addresses.  The default
		value depends on the compile-time option IPV6_FULL:
		For 1 the default is False, for 0 it is True, thus
		preserving the current behaviour.  Based on patch from
		John Beck of Oracle.
	CONFIG: Account for IPv6 localhost addresses in
		FEATURE(`block_bad_helo').  Suggested by Andrey Chernov
		from FreeBSD and Robert Scheck from the Fedora Project.
	CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
	LIBMILTER: Deal with more invalid protocol data to avoid potential
		crashes.  Problem noted by Dimitri Kirchner.
	LIBMILTER: Allow a milter to specify an empty macro list ("", not
		NULL) in smfi_setsymlist() so no macro is sent for the
		selected stage.
	MAKEMAP: A change to check TrustedUser in fewer cases which was
		made in 2013 caused a potential regression when makemap
		was run as root (which should not be done anyway).
	Note: sendmail often contains options "For Future Releases"
		(prefix _FFR_) which might be enabled in a subsequent
		version or might simply be removed as they turned out not
		to be really useful.  These features are usually not
		documented but if they are, then the required (FFR)
		options are listed in
		- doc/op/op.* for rulesets and macros,
		- cf/README for mc/cf options.

Revision 1.55: download - view: text, markup, annotated - select for diffs
Sat Dec 6 23:22:20 2014 UTC (10 years ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Diff to: previous 1.54: preferred, colored
Changes since revision 1.54: +6 -6 lines
Update sendmail to 8.15.1:  this is mostly a feature/bugfix release.

Note that there was an incompatible config change for IPv6 users.
See the MESSAGE file for details.

pkgsrc change: delete a couple of patches that have been upstreamed

Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.15.1. This release:

   o offers more TLS related features,
   o does not ignore temporary map lookup failures during header rewriting,
   o uses uncompressed IPv6 addresses by default, which is an incompatible
     change that requires to update IPv6 related configuration data.

as well as many other enhancements.  For details see the release
notes below.

                        SENDMAIL RELEASE NOTES


This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.15.1/8.15.1   2014/12/06
        SECURITY: Properly set the close-on-exec flag for file descriptors
                (except stdin, stdout, and stderr) before executing mailers.
        If header rewriting fails due to a temporary map lookup failure,
                queue the mail for later retry instead of sending it
                without rewriting the header.  Note: this is done
                while the mail is being sent and hence the transaction
                is aborted, which only works for SMTP/LMTP mailers
                hence the handling of temporary map failures is
                suppressed for other mailers. SMTP/LMTP servers may
                complain about aborted transactions when this problem
                occurs.
                See also "DNS Lookups" in sendmail/TUNING.
        Incompatible Change: Use uncompressed IPv6 addresses by default,
                i.e., they will not contain "::".  For example,
                instead of ::1 it will be 0:0:0:0:0:0:0:1.  This
                permits a zero subnet to have a more specific match,
                such as different map entries for IPv6:0:0 vs IPv6:0.
                This change requires that configuration data
                (including maps, files, classes, custom ruleset,
                etc) must use the same format, so make certain such
                configuration data is updated before using 8.15.
                As a very simple check search for patterns like
                'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
                the prior format can be retained by compiling with:
                APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
                in your devtools/Site/site.config.m4 file.
        If debugging is turned on (-d0.14) also print the OpenSSL
                versions, both build time and run time
                (provided STARTTLS is compiled in).
        If a connection to the MTA is dropped by the client before its
                hostname can be validated, treat it as "may be forged",
                so that the unvalidated hostname is not passed to a
                milter in xxfi_connect().
        Add a timeout for communication with socket map servers
                which can be specified using the -d option.
        Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
                numeric logins even if HESIOD is enabled.
        The new option CertFingerprintAlgorithm specifies the finger-
                print algorithm (digest) to use for the presented cert.
                If the option is not set, md5 is used and the macro
                {cert_md5} contains the cert fingerprint.
                However, if the option is set, the specified algorithm
                (e.g., sha1) is used and the macro {cert_fp} contains
                the cert fingerprint.
                That is, as long as the option is not set, the behaviour
                does not change, but otherwise, {cert_md5} is superseded
                by {cert_fp} even if you set CertFingerprintAlgorithm
                to md5.
        The options ServerSSLOptions and ClientSSLOptions can be used
                to set SSL options for the server and client side
                respectively. See SSL_CTX_set_options(3) for a list.
                Note: this change turns on SSL_OP_NO_SSLv2 and
                SSL_OP_NO_TICKET for the client. See doc/op/op.me
                for details.
        A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
                address. It returns the string for the PTR lookup, but
                without trailing {ip6,in-addr}.arpa.
        New operation mode  'C' just checks the configuration file, e.g.,
                sendmail -C new.cf -bC
                will perform a basic syntax/consistency check of new.cf.
        The mailer flag 'I' is deprecated and will be removed in a
                future version.
        Allow local (not just TCP) socket connections to the server, e.g.,
                O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
                can be used.
        If the new option MaxQueueAge is set to a value greater than zero,
                entries in the queue will be retried during a queue run
                only if the individual retry time has been reached which
                is doubled for each attempt.  The maximum retry time is
                limited by the specified value.
        New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
                to relax requirement for DefaultAuthInfo file.
        Reset timeout after receiving a message to appropriate value if
                STARTTLS is in use.  Based on patch by Kelsey Cummings
                of Sonic.net.
        Report correct error messages from the LDAP library for a range of
                small negative return values covering those used by OpenLDAP.
        Fix compilation with Berkeley DB 5.0 and 6.0.  Patch from
                Allan E Johannesen of Worcester Polytechnic Institute.
        CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
                nospecial which describes whether to disallow "%" in the
                local part of an address.
        DEVTOOLS: Fix regression in auto-detection of libraries when only
                shared libraries are available.  Problem reported by
                Bryan Costales.
        LIBMILTER: Mark communication socket as close-on-exec in case
                a user's filter starts other applications.
                Based on patch from Paul Howarth.
        Portability:
                SunOS 5.12 has changed the API for sigwait(2) to conform
                with XPG7.  Based on patch from Roger Faulkner of Oracle.
        Deleted Files:
                libsm/path.c

Revision 1.54: download - view: text, markup, annotated - select for diffs
Wed Sep 24 13:27:03 2014 UTC (10 years, 2 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Diff to: previous 1.53: preferred, colored
Changes since revision 1.53: +2 -1 lines
Regen. Hi jnementh@!

Revision 1.53: download - view: text, markup, annotated - select for diffs
Fri Jun 20 16:26:55 2014 UTC (10 years, 5 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Diff to: previous 1.52: preferred, colored
Changes since revision 1.52: +3 -2 lines
Update to sendmail 8.14.9nb2: this is a pkgsrc bugfix update.

This should be the last update during the freeze.

PR/48566 - Emmanuel Dreyfus -- typo in patch-aw leading to build failure
PR/48913 - Matthias Scheler -- libmilter fails on unprivileged builds

Revision 1.52: download - view: text, markup, annotated - select for diffs
Fri Jun 20 05:24:32 2014 UTC (10 years, 5 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.51: preferred, colored
Changes since revision 1.51: +10 -5 lines
Update to sendmail 8.14.9nb1: this is a pkgsrc bugfix update

- remove some HTML cruft from netbsd-proto.mc
- stop trying to set file ownership and group during stage-install
- initialize sm_res earlier and test before calling res_ninit()
- clear SSL_OP_TLSEXT_PADDING by defualt to fix interoperability issues
- eliminate stray call to res_search()
  - verified with nm that all deprecated resolver functions have been eradicated

The above should address the folling PRs:

- PR/47207 - Richard Palo -- attempt to set ownership when unprivileged
- PR/48566 - Emmanuel Dreyfus -- problem with TLS timeouts
- PR/48913 - Matthias Scheler -- attempt to set ownership when unprivileged

Revision 1.51: download - view: text, markup, annotated - select for diffs
Sun Jun 15 20:48:49 2014 UTC (10 years, 5 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.50: preferred, colored
Changes since revision 1.50: +19 -13 lines
Update to sendmail 8.14.9: this fixes a minor potential security issue

pkgsrc changes:

- consolidate several patches into site.config.m4
  - pkgsrc LDFLAGS should always be used
- don't bother specifying file owner/group anywhere except in Makefile
- create include/sm/os/sm_os_netbsd.h to fix warnings and OS specific stuff
- install mail.local and rmail
- convert to use res_n* functions
  - allows for linking against threaded libraries
- add a TODO file
- PR/35249 - Loren M. Lang
  - can't find libraries on Linux, this should be fixed by using pkgsrc LDFLAGS
- PR/46694 - Makoto Fujiwara
  - bring back netbsd-proto.mc from when sendmail was part of the base system
- PR/47207 - Richard Palo
  - let pkgsrc infrastructure handle file ownership and group
- PR/48566 - Emmanuel Dreyfus
  - always set _FFR_USE_GETPWNAM_ERRNO on NetBSD
  - roll ffr_tls_1 and the suggested ffr_tls_ec into one new ffr_tls option
    - not enabled by default because it changes behaviour

8.14.9/8.14.9   2014/05/21
        SECURITY: Properly set the close-on-exec flag for file descriptors
                (except stdin, stdout, and stderr) before executing mailers.
        Fix a misformed comment in conf.c: "/*" within comment
                which may cause a compilation error on some systems.
                Problem reported by John Beck of Oracle.
        DEVTOOLS: Fix regression in auto-detection of libraries when only
                shared libraries are available.  Problem reported by
                Bryan Costales.

Revision 1.50: download - view: text, markup, annotated - select for diffs
Sun Feb 9 02:02:46 2014 UTC (10 years, 9 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Diff to: previous 1.49: preferred, colored
Changes since revision 1.49: +4 -4 lines
Update to sendmail 8.14.8:  this release contains some bug fixes plus some
minor feature additions.

8.14.8/8.14.8	2014/01/26
	Properly initialize all OpenSSL algorithms for versions before
		OpenSSL 0.9.8o. Without this SHA2 algorithms may not
		work properly, causing for example failures for certs
		that use sha256WithRSAEncryption as signature algorithm.
	When looking up hostnames, ensure only to return those records
		for the requested family (AF_INET or AF_INET6).
		On system that have NEEDSGETIPNODE and NETINET6
		this may have failed and cause delivery problems.
		Problem noted by Kees Cook.
	A new mailer flag '!' is available to suppress an MH hack
		that drops an explicit From: header if it is the
		same as what sendmail would generate.
	Add an FFR (for future release) to use uncompressed IPv6 addresses,
		i.e., they will not contain "::".  For example, instead
		of ::1 it will be 0:0:0:0:0:0:0:1.  This means that
		configuration data (including maps, files, classes,
		custom ruleset, etc) have to use the same format.
		This will be turned on in 8.15.  It can be enabled in 8.14
		by compiling with:
		APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL')
		in your devtools/Site/site.config.m4 file.
	Add an additional case for the WorkAroundBrokenAAAA check when
		dealing with broken nameservers by ignoring SERVFAIL
		errors returned on T_AAAA (IPv6) lookups at delivery time.
		Problem noted by Pavel Timofeev of OCS.
	If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
		setusercontext() on deliveries as a different user.
		Patch from Edward Tomasz Napierala from FreeBSD.
	Avoid compiler warnings from a change in Cyrus-SASL 2.1.25.
		Patch from Hajimu UMEMOTO from FreeBSD.
	Add support for DHParameters 2048-bit primes.
	CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
		in FEATURE(`block_bad_helo').  Suggested by Andrey Chernov.
	LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
		Patch from Bill Parker.
	LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
		fail.  Patch from John Beck of Oracle.
	Portability:
		Add support for Darwin 12.x and 13.x (Mac OS X 10.8 and 10.9).
		On Linux use socklen_t as the type for the 3rd argument
		for getsockname/getpeername if the glibc version is at
		least 2.1.
	Added Files:
		devtools/OS/Darwin.12.x
		devtools/OS/Darwin.13.x

Revision 1.49: download - view: text, markup, annotated - select for diffs
Sun May 5 02:36:20 2013 UTC (11 years, 7 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2
Diff to: previous 1.48: preferred, colored
Changes since revision 1.48: +4 -4 lines
Update to sendmail 8.14.7:  this is a bug fix release.

8.14.7/8.14.7	2013/04/21
	Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
		from using a mapped address over a legitimate IPv6 address
		and to enforce the proper semantics over the IPv6
		connection.  Problem noted by Ulrich Sporlein.
	Fix a regression introduced in 8.14.6: the wrong list of
		macros was sent to a milter in the EHLO stage.
		Problem found by Fabrice Bellet, reported via RedHat
		(Jaroslav Skarvada).
	Fix handling of ORCPT parameter for DSNs: xtext decoding
		was not performed and a wrong syntax check was applied
		to the "addr-type" field.  Problem noted by Dan Lukes
		of Obludarium.
	Fix handling of NUL characters in the MIME conversion functions
		so that message bodies containing them will be sent
		on properly. Note: this usually also affects mails
		that are not converted as those functions are used
		for other purposes too.  Problem noted by Elchonon
		Edelson of Lockheed Martin.
	Do not perform "duplicate" elimination of recipients if they
		resolve to the error mailer using a temporary failure
		(4xy) via ruleset 0.  Problem noted by Akira Takahashi
		of IIJ.
	CONTRIB: Updated version of etrn.pl script from John Beck
		of Oracle.
	Portability:
		Unlike gcc, clang doesn't apply full prototypes to K&R
		definitions.

Revision 1.48: download - view: text, markup, annotated - select for diffs
Sat Mar 23 10:06:12 2013 UTC (11 years, 8 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Diff to: previous 1.47: preferred, colored
Changes since revision 1.47: +2 -2 lines
Don't force enable NETISO.

Revision 1.47: download - view: text, markup, annotated - select for diffs
Wed Feb 6 07:42:04 2013 UTC (11 years, 10 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.46: preferred, colored
Changes since revision 1.46: +4 -4 lines
Update to sendmail 8.14.6:  this is a general bug fix release.
- will look at making recently requested changes in a subsequent commit

8.14.6/8.14.6	2012/12/23
	Fix a regression introduced in 8.14.5: if a server offers
		two AUTH lines, the MTA would not read them after
		STARTTLS has been used and hence SMTP AUTH for
		the client side would fail.  Problem noted by Lena.
	Do not cache hostnames internally in a non case sensitive way
		as that may cause addresses to change from lower case
		to upper case or vice versa. These header modifications
		can cause problems with milters that rely on receiving
		headers in the same way as they are being sent out such
		as a DKIM signing milter.
	If MaxQueueChildren is set then it was possible that new queue
		runners could not be started anymore because an
		internal counter was subject to a race condition.
	If a milter decreases the timeout it waits for a communication
		with the MTA, the MTA might experience a write() timeout.
		In some situations, the resulting error might have been
		ignored.  Problem noted by Werner Wiethege.
		Note: decreasing the communication timeout in a milter
		should not be done without considering the potential
		problems.
	smfi_setsymlist() now properly sets the list of macros for
		the milter which invoked it, instead of a global
		list for all milters.  Problem reported by
		David Shrimpton of the University of Queensland.
	If Timeout.resolver.retrans is set to a value larger than 20,
		then resolver.retry was temporarily set to 0 for
		gethostbyaddr() lookups. Now it is set to 1 instead.
		Patch from Peter.
	If sendmail could not lock the statistics file due to a system
		error, and sendmail later sends a DSN for a mail that
		triggered such an error, then sendmail tried to access
		memory that was freed before (causing a crash on some
		systems).  Problem reported by Ryan Stone.
	Do not log negative values for size= nor pri= to avoid confusing
		log parsers, instead limit the values to LONG_MAX.
	Account for an API change in newer versions of Cyrus-SASL.
		Patch from Hajimu UMEMOTO from FreeBSD.
	Do not try to resolve link-local addresses for IPv4 (just as it
		is done for IPv6).  Patch from John Beck of Oracle.
	Improve logging of client and server STARTTLS connection failures
		that may be due to incompatible cipher lists by including
		the reason for the failure in a single log line.  Suggested
		by James Carey of Boeing.
	Portability:
		Add support for Darwin 11.x and 12.x (Mac OS X 10.7 and 10.8).
		Add support for SunOS 5.12 (aka Solaris 12). Patch from
		John Beck of Oracle.

Revision 1.46: download - view: text, markup, annotated - select for diffs
Mon Mar 12 12:53:13 2012 UTC (12 years, 8 months ago) by fhajny
Branches: MAIN
CVS tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1
Diff to: previous 1.45: preferred, colored
Changes since revision 1.45: +2 -2 lines
Work around the assumption that SunOS 5.11 must be Solaris 11, and that
path.h must be present thus.

Revision 1.45: download - view: text, markup, annotated - select for diffs
Sat Jun 11 04:44:08 2011 UTC (13 years, 5 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Diff to: previous 1.44: preferred, colored
Changes since revision 1.44: +4 -4 lines
Update to 8.14.5, a general bugfix release:

8.14.5/8.14.5	2011/05/17
	Do not cache SMTP extensions across connections as the cache
		is based on hostname which may not be a unique identifier
		for a server, i.e., different machines may have the
		same hostname but provide different SMTP extensions.
		Problem noted by Jim Hermann.
	Avoid an out-of-bounds access in case a resolver reply for a DNS
		map lookup returns a size larger than 1K.  Based on a
		patch from Dr. Werner Fink of SuSE.
	If a job is aborted using the interrupt signal (e.g., control-C from
		the keyboard), perform minimal cleanup to avoid invoking
		functions that are not signal-safe. Note: in previous
		versions the mail might have been queued up already
		and would be delivered subsequently, now an interrupt
		will always remove the queue files and thus prevent
		delivery.
	Per RFC 6176, when operating as a TLS client, do not offer SSLv2.
	Since TLS session resumption is never used as a client, disable
		use of RFC 4507-style session tickets.
	Work around gcc4 versions which reverse 25 years of history and
		no longer align char buffers on the stack, breaking calls
		to resolver functions on strict alignment platforms.
		Found by Stuart Henderson of OpenBSD.
	Read at most two AUTH lines from a server greeting (up to two
		lines are read because servers may use "AUTH mechs" and
		"AUTH=mechs"). Otherwise a malicious server may exhaust
		the memory of the client.  Bug report by Nils of MWR
		InfoSecurity.
	Avoid triggering an assertion in the OpenLDAP code when the
		connection to an LDAP server is lost while making a query.
		Problem noted and patch provided by Andy Fiddaman.
	If ConnectOnlyTo is set and sendmail is compiled with NETINET6
		it would try to use an IPv6 address if an IPv4 (or
		unparseable) address is specified.
	If SASLv2 is used, make sure that the macro {auth_authen} is
		stored in xtext format to avoid problems with parsing
		it.  Problem noted by Christophe Wolfhugel.
	CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing
		-T<TMPF> that is required, but failed for some cases
		that did not use LDAP.  This change has been undone
		until a better solution can be implemented.  Problem
		found by Andy Fiddaman.
	CONFIG: Add cf/ostype/solaris11.m4 for Solaris11 support.
		Contributed by Casper Dik of Oracle.
	CONTRIB: qtool.pl: Deal with H entries that do not have a
		letter between the question marks.  Patch from
		Stefan Christensen.
	DOC: Use a better description for the -i option in sendmail.
		Patch from Mitchell Berger.
	Portability:
		Add support for Darwin 10.x (Mac OS X 10.6).
		Enable HAVE_NANOSLEEP for FreeBSD 3 and later.  Patch
		from John Marshall.
		Enable HAVE_NANOSLEEP for OpenBSD 4.3 and later.
		Use new directory "/system/volatile" for PidFile on
		Solaris 11.  Patch from Casper Dik of Oracle.
		Fix compilation on Solaris 11 (and maybe some other
		OSs) when using OpenSSL 1.0.  Based on patch from
		Jan Pechanec of Oracle.
		Set SOCKADDR_LEN_T and SOCKOPT_LEN_T to socklen_t
		for Solaris 11.  Patch from Roger Faulkner of Oracle.
	New Files:
		cf/ostype/solaris11.m4

Revision 1.44: download - view: text, markup, annotated - select for diffs
Sat Jan 16 00:31:13 2010 UTC (14 years, 10 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.43: preferred, colored
Changes since revision 1.43: +4 -5 lines
     Update to 8.14.4:

8.14.4/8.14.4	2009/12/30
	SECURITY: Handle bogus certificates containing NUL characters
		in CNs by placing a string indicating a bad certificate
		in the {cn_subject} or {cn_issuer} macro.  Patch inspired
		by Matthias Andree's changes for fetchmail.
	During the generation of a queue identifier an integer overflow
		could occur which might result in bogus characters
		being used.  Based on patch from John Vannoy of
		Pepperdine University.
	The value of headers, e.g., Precedence, Content-Type, et.al.,
		was not processed correctly.  Patch from Per Hedeland.
	Between 8.11.7 and 8.12.0 the length limitation on a return
		path was erroneously reduced from MAXNAME (256) to
		MAXSHORTSTR (203).  Patch from John Gardiner Myers
		of Proofpoint; the problem was also noted by Steve
		Hubert of University of Washington.
	Prevent a crash when a hostname lookup returns a seemingly
		valid result which contains a NULL pointer (this seems
		to be happening on some Linux versions).
	The process title was missing the current load average when
		the MTA was delaying connections due to DelayLA.
		Patch from Dick St.Peters of NetHeaven.
	Do not reset the number of queue entries in shared memory if
		only some of them are processed.
	Fix overflow of an internal array when parsing some replies
		from a milter.  Problem found by Scott Rotondo
		of Sun Microsystems.
	If STARTTLS is turned off in the server (via M=S) then it
		would not be initialized for use in the client either.
		Patch from Kazuteru Okahashi of IIJ.
	If a Diffie-Hellman cipher is selected for STARTTLS, the
		handshake could fail with some TLS implementations
		because the prime used by the server is not long enough.
		Note: the initialization of the DSA/DH parameters for
		the server can take a significant amount of time on slow
		machines. This can be turned off by setting DHParameters
		to none or a file (see doc/op/op.me).  Patch from
		Petr Lampa of the Brno University of Technology.
	Fix handling of `b' modifier for DaemonPortOptions on little
		endian machines for loopback address.  Patch from
		John Beck of Sun Microsystems.
	Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
		Based on patch from Jonathan Gray of OpenBSD.
	If a milter sets the reply code to "421" during the transfer
		of the body, the SMTP server will terminate the SMTP session
		with that error to match the behavior of the other callbacks.
	Return EX_IOERR (instead of 0) if a mail submission fails due to
		missing disk space in the mail queue.  Based on patch
		from Martin Poole of RedHat.
	CONFIG: Using FEATURE(`ldap_routing')'s `nodomain' argument would
		cause addresses not found in LDAP to be misparsed.
	CONFIG: Using a CN restriction did not work for TLS_Clt as it
		referred to a wrong macro.  Patch from John Gardiner
		Myers of Proofpoint.
	CONFIG: The option relaytofulladdress of FEATURE(`access_db')
		did not work if FEATURE(`relay_hosts_only') is used too.
		Problem noted by Kristian Shaw.
	CONFIG: The internal function lower() was broken and hence
		strcasecmp() did not work either, which could cause
		problems for some FEATURE()s if upper case arguments
		were used.  Patch from Vesa-Matti J Kari of the
		University of Helsinki.
	LIBMILTER: Fix internal check whether a milter application
		is compiled against the same version of libmilter as
		it is linked against (especially useful for dynamic
		libraries).
	LIBMILTER: Fix memory leak that occurred when smfi_setsymlist()
		was used.  Based on patch by Dan Lukes.
	LIBMILTER: Document the effect of SMFIP_HDR_LEADSPC for filters
		which add, insert, or replace headers.  From Benjamin
		Pineau.
	LIBMILTER: Fix error messages which refer to "select()" to be
		correct if SM_CONF_POLL is used.  Based on patch from
		John Nemeth.
	LIBSM: Fix handling of LDAP search failures where the error is
		carried in the search result itself, such as seen with
		OpenLDAP proxy servers.
	VACATION: Do not refer to a local variable outside its scope.
		Based on patch from Mark Costlow of Southwest Cyberport.
	Portability:
		Enable HAVE_NANOSLEEP for SunOS 5.11. Patch from
		John Beck of Sun Microsystems.
		Drop NISPLUS from default SunOS 5.11 map definitions.
		Patch from John Beck of Sun Microsystems.

Revision 1.43: download - view: text, markup, annotated - select for diffs
Wed Dec 16 13:41:41 2009 UTC (14 years, 11 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4
Diff to: previous 1.42: preferred, colored
Changes since revision 1.42: +2 -2 lines
     Get rid of the ugly hacks.mk and always define SM_CONF_STDBOOL_H on
NetBSD.  All supported NetBSD versions (and some unsupported) have it.

XXX  This should not cause any change in functionality, so no revbump.

Revision 1.42: download - view: text, markup, annotated - select for diffs
Wed Dec 16 09:46:36 2009 UTC (14 years, 11 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.41: preferred, colored
Changes since revision 1.41: +2 -1 lines
     Change libmilter to use poll(2) instead of select(2)
unconditionally.  All supported systems should have poll(2).  If
one is found that doesn't then this can be revisited and some way
of making it conditional can be implemented.

     This resolves an issue with applications that have a large
number of open files and want to bump FD_SETSIZE.  Since libmilter
no longer uses select(2), the application is free to monkey with
FD_SETSIZE as it pleases.

Revision 1.41: download - view: text, markup, annotated - select for diffs
Tue Mar 24 21:05:42 2009 UTC (15 years, 8 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Diff to: previous 1.40: preferred, colored
Changes since revision 1.40: +2 -1 lines
fix unprivileged builds

Revision 1.40: download - view: text, markup, annotated - select for diffs
Sat Mar 21 21:20:28 2009 UTC (15 years, 8 months ago) by jnemeth
Branches: MAIN
Diff to: previous 1.39: preferred, colored
Changes since revision 1.39: +1 -2 lines
As owner of the package, I have not approved this patch.  Having
had a chance to closely examine it, I would prefer it be done
slightly differently.  Also, the patch patches multiple files in
direct contravention of pkgsrc guidelines.  One of the files is
also patched by a different patch.  Having multiple patches applied
to a single file makes maitenance much more difficult.

Revision 1.39: download - view: text, markup, annotated - select for diffs
Tue Mar 10 12:41:14 2009 UTC (15 years, 9 months ago) by manu
Branches: MAIN
Diff to: previous 1.38: preferred, colored
Changes since revision 1.38: +2 -2 lines
Fix bad patch checksum

Revision 1.38: download - view: text, markup, annotated - select for diffs
Mon Mar 9 21:24:00 2009 UTC (15 years, 9 months ago) by manu
Branches: MAIN
Diff to: previous 1.37: preferred, colored
Changes since revision 1.37: +2 -1 lines
This patch fixes an important reliability fix when Sendmail performs local
mail delivery with non local NSS passwd source, such as LDAP.

Stock LDAP uses getpwnam(3) to lookup recipients. As mandated by SUSv2,
getpwnam(3) does not set errno, so Sendmail has no way of distinguishing
a non existing user and an error with a remote NSS source. Therefore,
when the LDAP server goes down, Sendmail bounces mail to valid recipients.

A first workround is to remove F=w from Mlocal in sendmail.cf. This will
inhibit local recipient lookups, but it has a two drawbacks
- ~/.forward do not work anymore
- For multi-recipient mails with a single inexistent user, mail.local
cause a DSN reporting an error for all users, whereas all valid users
do get the message.

A better workaround is this patch, which calls getpwnam_r(3). This newer
API do set errno and do return an error code. Sendmail is therefore able
to detect that it had a transcient error in NSS, and it will react by
queuing the message. This is what you really want to happen when LDAP
is down.

I have not been able to get any feedback from Sendmail developers about
this patch.

Revision 1.37: download - view: text, markup, annotated - select for diffs
Sat Jun 14 08:58:06 2008 UTC (16 years, 5 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.36: preferred, colored
Changes since revision 1.36: +5 -5 lines
Update "sendmail" and "libmilter" package to version 8.14.3.
Changes since version 8.14.2:
* the MTA accessed storage after it free()d it. This was a regression
  introduced in 8.14.2, but the bug only showed up on a few operating
  systems.
* ruleset processing: the function cataddr() could cause the addition of
  the BlankSub character between some tokens when it should not happen
  and thus failures in rule matching. It seems that none of the default
  rules were affected by this bug and hence the problem did not show up
  for default configurations.
* the libmilter state engine did not deal correctly with milters that
  requested the omission of protocol steps during the negotiation callback.

Approved by John Nemeth.

Revision 1.36: download - view: text, markup, annotated - select for diffs
Fri Nov 2 08:27:36 2007 UTC (17 years, 1 month ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4
Diff to: previous 1.35: preferred, colored
Changes since revision 1.35: +4 -4 lines
Update to 8.14.2, a bug fix release:

8.14.2/8.14.2	2007/11/01
	If a message was queued and it contained 8 bit characters in
		a From: or To: header, then those characters could be
		"mistaken" for internal control characters during a queue
		run and trigger various consistency checks.  Problem
		noted by Neil Rickert of Northern Illinois University.
	If MaxMimeHeaderLength is set to a value greater than 0 (which
		it is by default) then even if the Linelimit parameter
		is 0, sendmail corrupted in the non-transfer-encoding
		case every MAXLINE-1 characters.  Patch from John Gardiner
		Myers of Proofpoint.
	Setting the suboption DeliveryMode for DaemonPortOptions did not
		work in earlier 8.14 versions.
	Note: DeliveryMode=interactive is silently converted to
		background if a milter can reject or delete a recipient.
		Prior to 8.14 this happened only if milter could delete
		recipients.
	ClientRate should trigger when the limit was exceeded (as
		documented), not when it was reached.  Patch from
		John Beck of Sun Microsystems.
	Force a queue run for -qGqueuegroup even if no runners are
		specified (R=0) and forking (F=f) is requested.
	When multiple results are requested for a DNS map lookup
		(-z and -Z), return only those that are relevant for
		the query (not also those in the "additional section".)
	If the message transfer time to sendmail (when acting as server)
		exceeds Timeout.queuewarn or Timeout.queuereturn and
		the message is refused (by a milter), sendmail previously
		created a delivery status notification (DSN).  Patch
		from Doug Heath of The Hertz Corporation.
	A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
		the MTA to deal with some input (i.e., "=") itself.
		Problem noted by Eliot Lear.
	sendmail counted a delivery as successful if PIPELINING is
		compiled in but not offered by the server and the
		delivery failed temporarily.  Patch from Werner Wiethege.
	If getting the result of an LDAP query times out then close the
		map so it will be reopened on the next lookup.  This
		should help "failover" configurations that specify more
		than one LDAP server.
	If check_compat returns $#discard then a "savemail panic" could
		be triggered under some circumstances (e.g., requiring
		a system which does not have the compile time flag
		HASFLOCK set). Based on patch by Motonori Nakamura
		of National Institute of Informatics, Japan.
	If a milter rejected a recipient, the count for nrcpts= in the
		logfile entry might have been wrong.  Problem found by
		Petra Humann of TU Dresden.
	If a milter invoked smfi_chgfrom() where ESMTP arguments are not
		NULL, the message body was lost.  Patch from Motonori
		Nakamura of National Institute of Informatics, Japan.
	sendmail(8) had a bogus space in -qGname.  Patch from Peng Haitao.
	CONTRIB: buildvirtuser: Preserve ownership and permissions when
		replacing files.
	CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
		reading the /etc/mail/virtusers/ directory.
	CONTRIB: buildvirtuser: Emit warnings instead of exiting where
		appropriate.
	LIBMILTER: Fix ABI backwards compatibility so milters compiled
		against an older libmilter.so shared library can use an
		8.14 libmilter.so shared library.
	LIBMILTER: smfi_version() did not properly extract the patchlevel
		from the version number, however, the returned value was
		correct for the current libmilter version.

Revision 1.35: download - view: text, markup, annotated - select for diffs
Thu Apr 26 06:26:27 2007 UTC (17 years, 7 months ago) by jnemeth
Branches: MAIN
CVS tags: pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2
Diff to: previous 1.34: preferred, colored
Changes since revision 1.34: +7 -8 lines
Update to sendmail-8.14.1.  Major changes since sendmail-8.13.8:

8.14.1/8.14.1	2007/04/03
	Even though a milter rejects a recipient the MTA will still keep
		it in its list of recipients and deliver to it if the
		transaction is accepted. This is a regression introduced
		in 8.14.0 due to the change for SMFIP_RCPT_REJ.  Bug
		found by Andy Fiddaman.
	The new DaemonPortOptions which begin with a lower case character
		could not be set in 8.14.0.
	If a server shut down the connection in response to a STARTTLS
		command, sendmail would log a misleading error message
		due to an internal inconsistency.  Problem found by
		Werner Wiethege.
	Document how some sendmail.cf options change the behavior of mailq.
		Noted by Paul Menchini of the North Carolina School of
		Science and Mathematics.
	CONFIG: Add confSOFT_BOUNCE m4 option for setting SoftBounce.
	CONFIG: 8.14.0's RELEASE_NOTES failed to mention the addition
		of the confMAX_NOOP_COMMANDS and confSHARED_MEMORY_KEY_FILE
		m4 options for setting MaxNOOPCommands and
		SharedMemoryKeyFile.
	CONFIG: Add confMILTER_MACROS_EOH and confMILTER_MACROS_DATA m4
		options for setting Milter.macros.eoh and Milter.macros.data.
	CONTRIB: Use flock() and fcntl() in qtool.pl if necessary.
		Patch from Daniel Carroll of Mesa State College.
	LIBMILTER: Make sure an unknown command does not affect the
		currently available macros.  Problem found by Andy Fiddaman.
	LIBMILTER: The MTA did not offer SMFIF_SETSYMLIST during option
		negotiation.  Problem reported by Bryan Costales.
	LIBMILTER: Fix several minor errors in the documentation.
		Patches from Bryan Costales.
	PORTABILITY FIXES:
		AIX 5.{1,2}: libsm/util.c failed to compile due to
			redefinition of several macros, e.g., SIG_ERR.
			Patch from Jim Pirzyk with assistance by Bob
			Booth, University of Illinois at Urbana-Champaign.
		Add support for QNX.6.  Patch from Sean Boudreau of QNX
			Software Systems.
	New Files:
		devtools/M4/depend/QNX6.m4
		devtools/OS/QNX.6.x
		include/sm/os/sm_os_qnx.h

	New Files added in 8.14.0, but not shown in the release notes entry:
		libmilter/docs/smfi_chgfrom.html
		libmilter/docs/smfi_version.html

8.14.0/8.14.0	2007/01/31
	Header field values are now 8 bit clean.  Notes:
		- header field names are still restricted to 7 bit.
		- RFC 2822 allows only 7 bit (US-ASCII) characters in
		  headers.
	Preserve spaces after the colon in a header.  Previously, any
		number of spaces after the colon would be changed to
		exactly one space.
	In some cases of deeply nested aliases/forwarding, mail can
		be silently lost.  Moreover, the MaxAliasRecursion
		limit may be reached too early, e.g., the counter
		may be off by a factor of 4 in case of a sequence of
		.forward files that refer to others.  Patch from
		Motonori Nakamura of Kyoto University.
	Fix a regression in 8.13.8: if InputMailFilters is set then
		"sendmail -bs" can trigger an assertion because the
		hostname of the client is undefined.  It is now set
		to "localhost" for the xxfi_connect() callback.
	Avoid referencing a freed variable during cleanup when terminating.
		Problem reported and diagnosed by Joe Maimon.
	New option HeloName to set the name for the HELO/EHLO command.
		Patch from Nik Clayton.
	New option SoftBounce to issue temporary errors (4xy) instead of
		permanent errors (5xy).  This can be useful for testing.
	New suboptions for DaemonPortOptions to set them individually
		per daemon socket:
			DeliveryMode	DeliveryMode
			refuseLA	RefuseLA
			delayLA		DelayLA
			queueLA		QueueLA
			children	MaxDaemonChildren
	New option -K for LDAP maps to replace %1 through %9 in the
		lookup key with the LDAP escaped contents of the
		arguments specified in the map lookup.  Loosely based
		on patch from Wolfgang Hottgenroth.
	Log the time after which a greet_pause delay triggered.  Patch
		from Nik Clayton.
	If a client is rejected via TCP wrapper or some other check
		performed by validate_connection() (in conf.c) then do
		not also invoke greet_pause.  Problem noted by Jim Pirzyk
		of the University of Illinois at Urbana-Champaign.
	If a client terminates the SMTP connection during a pause
		introduced by greet_pause, then a misleading message
		was logged previously.  Problem noted by Vernon Schryver
		et.al., patch from Matej Vela.
	New command "mstat" for control socket to provide "machine
		readable" status.
	New named config file rule check_eom which is called at the end
		of a message, its parameter is the size of the message.
	If the macro {addr_type} indicates that the current address
		is a header address it also distinguishes between
		recipient and sender addresses (as it is done for
		envelope addresses).
	When a macro is set in check_relay, then its value is accessible
		by all transactions in the same SMTP session.
	Increase size of key for ldap lookups to 1024 (MAXKEY).
	New option MaxNOOPCommands to override default of 20 for the
		number of "useless" commands before the SMTP server will
		slow down responding.
	New option SharedMemoryKeyFile: if shared memory support is
		enabled, the MTA can be asked to select a shared memory
		key itself by setting SharedMemoryKey to -1 and specifying
		a file where to store the selected key.
	Try to deal with open HTTP proxies that are used to send spam
		by recognizing some commands from them. If the first command
		from the client is GET, POST, CONNECT, or USER, then the
		connection is terminated immediately.
	New PrivacyOptions noactualrecipient to avoid putting
		X-Actual-Recipient lines in DSNs revealing the actual
		account that addresses map to.  Patch from Dan Harkless.
	New options B, z, and Z for DNS maps:
		-B: specify a domain that is always appended to queries.
		-z: specify the delimiter at which to cut off the result of
			a query if it is too long.
		-Z: specify the maximum number of entries to be concatenated
			to form the result of a lookup.
	New target "check" in the Makefile of libsm: instead of running tests
		implicitly while building libsm, they must be explicitly
		started by using "make check".
	Fixed some inconsistent checks for NULL pointers that have been
		reported by the SATURN tool which has been developed by
		Isil Dillig and Thomas Dillig of Stanford University.
	Fix a potential race condition caused by a signal handler for
		terminated child processes.  Problem noted by David F. Skoll.
	When a milter deleted a recipient, that recipient could cause a
		queue group selection. This has been disabled as it was not
		intended.
	New operator 'r' for the arith map to return a random number.
		Patch from Motonori Nakamura of Kyoto University.
	New compile time option MILTER_NO_NAGLE to turn off the Nagle
		algorithm for communication with libmilter ("cork" on Linux),
		which may improve the communication performance on some
		operating systems.  Patch from John Gardiner Myers of
		Proofpoint.
	If sendmail received input that contained a CR without subsequent LF
		(thus violating RFC 2821 (2.3.7)), it could previously
		generate an additional blank line in the output as the last
		line.
	Restarting persistent queue runners by sending a HUP signal to
		the "queue control process" (QCP) works now.
	Increase the length of an input line to 12288 to deal with
		really long lines during SMTP AUTH negotiations.
		Problem noted by Werner Wiethege.
	If ARPANET mode (-ba) was selected STARTTLS would fail (due to
		a missing initialization call for that case).  Problem
		noted by Neil Rickert of Northern Illinois University.
	If sendmail is linked against a library that initializes Cyrus-SASL
		before sendmail did it (such as libnss-ldap), then SMTP AUTH
		could fail for the sendmail client.  A patch by Moritz Both
		works around the API design flaw of Cyrus-SASLv2.
	CONFIG: Make it possible to unset the StatusFile option by
		undefining STATUS_FILE.  By not setting StatusFile,
		the MTA will not attempt to open a statistics file on
		each delivery.
	CONFIG: New FEATURE(`require_rdns') to reject messages from SMTP
		clients whose IP address does not have proper reverse DNS.
		Contributed by Neil Rickert of Northern Illinois University
		and John Beck of Sun Microsystems.
	CONFIG: New FEATURE(`block_bad_helo') to reject messages from SMTP
		clients which provide a HELO/EHLO argument which is either
		unqualified, or is one of our own names (i.e., the server
		name instead of the client name).  Contributed by Neil
		Rickert of Northern Illinois University and John Beck of
		Sun Microsystems.
	CONFIG: New FEATURE(`badmx') to reject envelope sender addresses
		(MAIL) whose domain part resolves to a "bad" MX record.
		Based on contribution from William Dell Wisner.
	CONFIG: New macros SMTP_MAILER_LL and RELAY_MAILER_LL to override
		the maximum line length of the smtp mailers.
	CONFIG: New option `relaytofulladdress' for FEATURE(`access_db')
		to allow entries in the access map to be of the form
			To:user@example.com	RELAY
	CONFIG: New subsuboptions eoh and data to specify the list of
		macros a milter should receive at those stages in the
		SMTP dialogue.
	CONFIG: New option confHELO_NAME for HeloName to set the name
		for the HELO/EHLO command.
	CONFIG: dnsbl and enhdnsbl can now also discard or quarantine
		messages by using those values as second argument.
		Patches from Nelson Fung.
	CONTRIB: cidrexpand uses a hash symbol as comment character and
		ignores everything after it unless it is in quotes or
		preceeded by a backslash.
	DEVTOOLS: New macro confMKDIR: if set to a program that creates
		directories, then it used for "make install" to create
		the required installation directories.
	DEVTOOLS: New macro confCCLINK to specify the linker to use for
		executables (defaults to confCC).
	LIBMILTER: A new version of the milter API has been created that
		has several changes which are listed below and documented
		in the webpages reachable via libmilter/docs/index.html.
	LIBMILTER: The meaning of the version macro SMFI_VERSION has been
		changed.  It now refers only to the version of libmilter,
		not to the protocol version (which is used only internally,
		it is not user/milter-programmer visible).  Additionally,
		a version function smfi_version() has been introduced such
		that a milter program can check the libmilter version also
		at runtime which is useful if a shared library is used.
	LIBMILTER: A new callback xxfi_negotiate() can be used to
		dynamically (i.e., at runtime) determine the available
		protocol actions and features of the MTA and also to
		specify which of these a milter wants to use.  This allows
		for more flexibility than hardcoding these flags in the
		xxfi_flags field of the smfiDesc structure.
	LIBMILTER: A new callback xxfi_data() is available so milters
		can act on the DATA command.
	LIBMILTER: A new callback xxfi_unknown() is available so milters
		can receive also unknown SMTP commands.
	LIBMILTER: A new return code SMFIS_NOREPLY has been added which
		can be used by the xxfi_header() callback provided the
		milter requested the SMFIP_NOHREPL protocol action.
	LIBMILTER: The new return code SMFIS_SKIP can be used in the
		xxfi_body() callback to skip over further body chunks
		and directly advance to the xxfi_eom() callback.  This
		is useful if a milter can make a decision based on the
		body chunks it already received without reading the entire
		rest of the body and the milter wants to invoke functions
		that are only available from the xxfi_eom() callback.
	LIBMILTER: A new function smfi_addrcpt_par() can be used to add
		new recipients including ESMTP parameters.
	LIBMILTER: A new function smfi_chgfrom() can be used to change the
		envelope sender including ESMTP parameters.
	LIBMILTER: A milter can now request to be informed about rejected
		recipients (RCPT) too.  This requires to set the protocol
		flag SMFIP_RCPT_REJ during option negotiation.  Whether
		a RCPT has been rejected can be checked by comparing the
		value of the macro {rcpt_mailer} with "error".
	LIBMILTER: A milter can now override the list of macros that it
		wants to receive from the MTA for each protocol step
		by invoking the function smfi_setsymlist() during option
		negotiation.
	LIBMILTER: A milter can receive header field values with all
		leading spaces by requesting the SMFIP_HDR_LEADSPC
		protocol action.  Also, if the flag is set then the MTA
		does not add a leading space to headers that are added,
		inserted, or replaced.
	LIBMILTER: If a milter sets the reply code to "421" for the HELO
		callback, the SMTP server will terminate the SMTP session
		with that error to match the behavior of all other callbacks.
	New Files:
		cf/feature/badmx.m4
		cf/feature/block_bad_helo.m4
		cf/feature/require_rdns.m4
		devtools/M4/UNIX/check.m4
		include/sm/misc.h
		include/sm/sendmail.h
		include/sm/tailq.h
		libmilter/docs/smfi_addrcpt_par.html
		libmilter/docs/smfi_setsymlist.html
		libmilter/docs/xxfi_data.html
		libmilter/docs/xxfi_negotiate.html
		libmilter/docs/xxfi_unknown.html
		libmilter/example.c
		libmilter/monitor.c
		libmilter/worker.c
		libsm/memstat.c
		libsm/t-memstat.c
		libsm/t-qic.c
		libsm/util.c
		sendmail/daemon.h
		sendmail/map.h

Revision 1.34: download - view: text, markup, annotated - select for diffs
Fri Dec 29 21:44:09 2006 UTC (17 years, 11 months ago) by markd
Branches: MAIN
CVS tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4
Diff to: previous 1.33: preferred, colored
Changes since revision 1.33: +3 -1 lines
Fix rpath for Solaris 10 and 11 so that pkg libraries are found.  As per
existing patches for earlier Solaris versions.  Bump PKGREVISION.

Revision 1.33: download - view: text, markup, annotated - select for diffs
Tue Sep 5 20:01:37 2006 UTC (18 years, 3 months ago) by tv
Branches: MAIN
CVS tags: pkgsrc-2006Q3-base, pkgsrc-2006Q3
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +2 -1 lines
nb1: Add patch at http://www.sendmail.org/patches/client_name.assert.p0.
Non-critical, but could cause problems if "sendmail -bs" is used in
conjunction with milters.

Revision 1.30.2.1: download - view: text, markup, annotated - select for diffs
Tue Aug 29 06:53:23 2006 UTC (18 years, 3 months ago) by ghen
Branches: pkgsrc-2006Q2
Diff to: previous 1.30: preferred, colored; next MAIN 1.31: preferred, colored
Changes since revision 1.30: +5 -8 lines
Pullup ticket 1812 - requested by tv
security/bugfix update for sendmail

Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile				1.91
- pkgsrc/mail/sendmail/Makefile.common			1.37-1.38
- pkgsrc/mail/sendmail/distinfo				1.31-1.32
- pkgsrc/mail/sendmail/patches/patch-aj			1.4
- pkgsrc/mail/sendmail/patches/patch-ak			removed
- pkgsrc/mail/sendmail/patches/patch-al			removed
- pkgsrc/mail/sendmail/patches/patch-am			removed

   Module Name:	pkgsrc
   Committed By:	tv
   Date:		Fri Jul  7 18:06:28 UTC 2006

   Modified Files:
	pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
	pkgsrc/mail/sendmail/patches: patch-aj
   Removed Files:
	pkgsrc/mail/sendmail/patches: patch-ak patch-al patch-am

   Log Message:
   Update to 8.13.7; changelog below.  (8.13.6nb3 already had the security
   fixes by patch.)

   While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and
   INSTALL definitions into the installed share/sendmail/cf/Makefile.

   8.13.7/8.13.7	2006/06/14
	A malformed MIME structure with many parts can cause sendmail to
		crash while trying to send a mail due to a stack overflow,
		e.g., if the stack size is limited (ulimit -s).  This
		happens because the recursion of the function mime8to7()
		was not restricted.  The function is called for MIME 8 to
		7 bit conversion and also to enforce MaxMimeHeaderLength.
		To work around this problem, recursive calls are limited to
		a depth of MAXMIMENESTING (20); message content after this
		limit is treated as opaque and is not checked further.
		Problem noted by Frank Sheiness.
	The changes to the I/O layer in 8.13.6 caused a regression for
		SASL mechanisms that use the security layer, e.g.,
		DIGEST-MD5.  Problem noted by Robert Stampfli.
	If a timeout occurs while reading a message (during the DATA phase)
		a df file might have been left behind in the queue.
		This was another side effect of the changes to the I/O
		layer made in 8.13.6.
	Several minor problems have been fixed that were found by a
		Coverity scan of sendmail 8 as part of the NetBSD
		distribution. See http://scan.coverity.com/
		Note: the scan generated also a lot of "false positives",
		e.g., "error" reports about situations that cannot happen.
		Most of those code places are marked with lint(1) comments
		like NOTREACHED, but Coverity does not understand those.
		Hence an explicit assertion has been added in some cases
		to avoid those false positives.
	If the start of the sendmail daemon fails due to a configuration
		error then in some cases shared memory segments or pid
		files were not removed.
	If DSN support is disabled via access_db, then related ESMTP
		parameters for MAIL and RCPT should be rejected.  Problem
		reported by Akihiro Sagawa.
	Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
		bug work-around.  Hence if sendmail is linked against
		either of these versions and compression is available,
		the padding bug work-around is turned off.  Based on
		patch from Victor Duchovni of Morgan Stanley.
	CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
		blackholes.mail-abuse.org as default domain for lookups,
		however, that list is no longer available.  To avoid
		further problems, no default value is available anymore,
		but an argument must be specified.
	Portability:
		Fix compilation on OSF/1 for sfsasl.c.  Patch from
		Pieter Bowman of the University of Utah.
---
   Module Name:	pkgsrc
   Committed By:	tv
   Date:		Wed Aug  9 21:23:00 UTC 2006

   Modified Files:
	pkgsrc/mail/sendmail: Makefile.common distinfo

   Log Message:
   Update to 8.13.8.  Changes:

   8.13.8/8.13.8   2006/08/09
        Fix a regression in 8.13.7: if shared memory is activated, then
                the server can erroneously report that there is
                insufficient disk space.  Additionally make sure that
                an internal variable is set properly to avoid those
                misleading errors.  Based on patch from Steve Hubert
                of University of Washington.
        Fix a regression in 8.13.7: the PidFile could be removed after
                the process that forks the daemon exited, i.e., if
                sendmail -bd is invoked.  Problem reported by Kan Sasaki
                of Fusion Communications Corp. and Werner Wiethege.
        Avoid opening qf files if QueueSortOrder is "none".  Patch from
                David F. Skoll.
        Avoid a crash when finishing due to referencing a freed variable.
                Problem reported and diagnosed by Moritz Jodeit.
        CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
                range (0..255).
        LIBMILTER: The "hostname" argument of the xxfi_connect() callback
                previously was the equivalent of {client_ptr}.  However,
                this did not match the documentation of the function, hence
                it has been changed to {client_name}.  See doc/op/op.*
                about these macros.

Revision 1.32: download - view: text, markup, annotated - select for diffs
Wed Aug 9 21:23:00 2006 UTC (18 years, 4 months ago) by tv
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +4 -4 lines
Update to 8.13.8.  Changes:

8.13.8/8.13.8   2006/08/09
        Fix a regression in 8.13.7: if shared memory is activated, then
                the server can erroneously report that there is
                insufficient disk space.  Additionally make sure that
                an internal variable is set properly to avoid those
                misleading errors.  Based on patch from Steve Hubert
                of University of Washington.
        Fix a regression in 8.13.7: the PidFile could be removed after
                the process that forks the daemon exited, i.e., if
                sendmail -bd is invoked.  Problem reported by Kan Sasaki
                of Fusion Communications Corp. and Werner Wiethege.
        Avoid opening qf files if QueueSortOrder is "none".  Patch from
                David F. Skoll.
        Avoid a crash when finishing due to referencing a freed variable.
                Problem reported and diagnosed by Moritz Jodeit.
        CONTRIB: cidrexpand now deals with /0 by issuing the entire IPv4
                range (0..255).
        LIBMILTER: The "hostname" argument of the xxfi_connect() callback
                previously was the equivalent of {client_ptr}.  However,
                this did not match the documentation of the function, hence
                it has been changed to {client_name}.  See doc/op/op.*
                about these macros.

Revision 1.31: download - view: text, markup, annotated - select for diffs
Fri Jul 7 18:06:27 2006 UTC (18 years, 5 months ago) by tv
Branches: MAIN
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +5 -8 lines
Update to 8.13.7; changelog below.  (8.13.6nb3 already had the security
fixes by patch.)

While here, fix PR pkg/33821 by substituting pkgsrc's BINOWN, BINGRP, and
INSTALL definitions into the installed share/sendmail/cf/Makefile.

8.13.7/8.13.7	2006/06/14
	A malformed MIME structure with many parts can cause sendmail to
		crash while trying to send a mail due to a stack overflow,
		e.g., if the stack size is limited (ulimit -s).  This
		happens because the recursion of the function mime8to7()
		was not restricted.  The function is called for MIME 8 to
		7 bit conversion and also to enforce MaxMimeHeaderLength.
		To work around this problem, recursive calls are limited to
		a depth of MAXMIMENESTING (20); message content after this
		limit is treated as opaque and is not checked further.
		Problem noted by Frank Sheiness.
	The changes to the I/O layer in 8.13.6 caused a regression for
		SASL mechanisms that use the security layer, e.g.,
		DIGEST-MD5.  Problem noted by Robert Stampfli.
	If a timeout occurs while reading a message (during the DATA phase)
		a df file might have been left behind in the queue.
		This was another side effect of the changes to the I/O
		layer made in 8.13.6.
	Several minor problems have been fixed that were found by a
		Coverity scan of sendmail 8 as part of the NetBSD
		distribution. See http://scan.coverity.com/
		Note: the scan generated also a lot of "false positives",
		e.g., "error" reports about situations that cannot happen.
		Most of those code places are marked with lint(1) comments
		like NOTREACHED, but Coverity does not understand those.
		Hence an explicit assertion has been added in some cases
		to avoid those false positives.
	If the start of the sendmail daemon fails due to a configuration
		error then in some cases shared memory segments or pid
		files were not removed.
	If DSN support is disabled via access_db, then related ESMTP
		parameters for MAIL and RCPT should be rejected.  Problem
		reported by Akihiro Sagawa.
	Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
		bug work-around.  Hence if sendmail is linked against
		either of these versions and compression is available,
		the padding bug work-around is turned off.  Based on
		patch from Victor Duchovni of Morgan Stanley.
	CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
		blackholes.mail-abuse.org as default domain for lookups,
		however, that list is no longer available.  To avoid
		further problems, no default value is available anymore,
		but an argument must be specified.
	Portability:
		Fix compilation on OSF/1 for sfsasl.c.  Patch from
		Pieter Bowman of the University of Utah.

Revision 1.27.2.2: download - view: text, markup, annotated - select for diffs
Wed Jun 14 21:06:26 2006 UTC (18 years, 5 months ago) by salo
Branches: pkgsrc-2006Q1
Diff to: previous 1.27.2.1: preferred, colored; branchpoint 1.27: preferred, colored; next MAIN 1.28: preferred, colored
Changes since revision 1.27.2.1: +5 -1 lines
Pullup ticket 1700 - requested by adrianp
security fix for sendmail

Patch provided by the submitter.

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Wed Jun 14 18:53:54 UTC 2006

   Modified Files:
   	pkgsrc/mail/sendmail: Makefile distinfo
   Added Files:
   	pkgsrc/mail/sendmail/patches: patch-aj patch-ak patch-al patch-am

   Log Message:
   Bump PKGREVISION.
   A malformed MIME structure with many parts can cause sendmail to
   crash while trying to send a mail due to a stack overflow,
   e.g., if the stack size is limited (ulimit -s).  This
   happens because the recursion of the function mime8to7()
   was not restricted.  The function is called for MIME 8 to
   7 bit conversion and also to enforce MaxMimeHeaderLength.
   To work around this problem, recursive calls are limited to
   a depth of MAXMIMENESTING (20); message content after this
   limit is treated as opaque and is not checked further.

Revision 1.30: download - view: text, markup, annotated - select for diffs
Wed Jun 14 18:53:54 2006 UTC (18 years, 5 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2006Q2-base
Branch point for: pkgsrc-2006Q2
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +5 -1 lines
Bump PKGREVISION.
A malformed MIME structure with many parts can cause sendmail to
crash while trying to send a mail due to a stack overflow,
e.g., if the stack size is limited (ulimit -s).  This
happens because the recursion of the function mime8to7()
was not restricted.  The function is called for MIME 8 to
7 bit conversion and also to enforce MaxMimeHeaderLength.
To work around this problem, recursive calls are limited to
a depth of MAXMIMENESTING (20); message content after this
limit is treated as opaque and is not checked further.

Revision 1.29: download - view: text, markup, annotated - select for diffs
Wed Jun 7 14:48:28 2006 UTC (18 years, 6 months ago) by joerg
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +2 -1 lines
Prefer PATH_MAX over MAXPATHLEN.
Use a better boundary check, which doesn't depend on PATH_MAX >> NAME_MAX.
Both changes are from DragonFly and have been reported upstream.

Install only man pages, not the catpages. The installation was
inconsistent before.

Bump revision. OK from tv@.

Revision 1.27.2.1: download - view: text, markup, annotated - select for diffs
Mon May 22 14:15:27 2006 UTC (18 years, 6 months ago) by salo
Branches: pkgsrc-2006Q1
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +5 -12 lines
Pullup ticket 1644 - requested by adrianp
sync sendmail with HEAD

Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile			1.87
- pkgsrc/mail/sendmail/Makefile.common		1.34
- pkgsrc/mail/sendmail/distinfo			1.28
- pkgsrc/mail/sendmail/patches/patch-ag		1.12
- pkgsrc/mail/sendmail/patches/patch-ai		removed
- pkgsrc/mail/sendmail/patches/patch-aj		removed
- pkgsrc/mail/sendmail/patches/patch-ak		removed
- pkgsrc/mail/sendmail/patches/patch-al		removed

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri May 12 22:23:09 UTC 2006

   Modified Files:
   	pkgsrc/mail/sendmail: Makefile Makefile.common distinfo
   	pkgsrc/mail/sendmail/patches: patch-ag
   Removed Files:
   	pkgsrc/mail/sendmail/patches: patch-ai patch-aj patch-ak patch-al

   Log Message:
   Update to sendmail 8.13.6
   > 8.13.6/8.13.6	2006/03/22
   > 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
   > 		and client side of sendmail with timeouts in the libsm I/O
   > 		layer and fix problems in that code.  Also fix handling of
   > 		a buffer in sm_syslog() which could have been used as an
   > 		attack vector to exploit the unsafe handling of
   > 		setjmp(3)/longjmp(3) in combination with signals.
   > 		Problem detected by Mark Dowd of ISS X-Force.
   > 	Handle theoretical integer overflows that could triggered if
   > 		the server accepted headers larger than the maximum
   > 		(signed) integer value.  This is prevented in the default
   > 		configuration by restricting the size of a header, and on
   > 		most machines memory allocations would fail before reaching
   > 		those values.  Problems found by Phil Brass of ISS.
   > 	If a server returns 421 for an RSET command when trying to start
   > 		another transaction in a session while sending mail, do
   > 		not trigger an internal consistency check.  Problem found
   > 		by Allan E Johannesen of Worcester Polytechnic Institute.
   > 	If a server returns a 5xy error code (other than 501) in response
   > 		to a STARTTLS command despite the fact that it advertised
   > 		STARTTLS and that the code is not valid according to RFC
   > 		2487 treat it nevertheless as a permanent failure instead
   > 		of a protocol error (which has been changed to a
   > 		temporary error in 8.13.5).  Problem reported by Jeff
   > 		A. Earickson of Colby College.
   > 	Clear SMTP state after a HELO/EHLO command.  Patch from John
   > 		Myers of Proofpoint.
   > 	Observe MinQueueAge option when gathering entries from the queue
   > 		for sorting etc instead of waiting until the entries are
   > 		processed.  Patch from Brian Fundakowski Feldman.
   > 	Set up TLS session cache to properly handle clients that try to
   > 		resume a stored TLS session.
   > 	Properly count the number of (direct) child processes such that
   > 		a configured value (MaxDaemonChildren) is not exceeded.
   > 		Based on patch from Attila Bruncsak.
   > 	LIBMILTER: Remove superfluous backslash in macro definition
   > 		(libmilter.h).  Based on patch from Mike Kupfer of
   > 		Sun Microsystems.
   > 	LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
   > 		This generates an error message from libmilter on
   > 		Solaris, though other systems appear to just discard the
   > 		request silently.
   > 	LIBMILTER: Deal with sigwait(2) implementations that return
   > 		-1 and set errno instead of returning an error code
   > 		directly.  Patch from Chris Adams of HiWAAY Informations
   > 		Services.
   > 	Portability:
   > 		Fix compilation checks for closefrom(3) and statvfs(2)
   > 		in NetBSD.  Problem noted by S. Moonesamy, patch from
   > 		Andrew Brown.

Revision 1.28: download - view: text, markup, annotated - select for diffs
Fri May 12 22:23:09 2006 UTC (18 years, 6 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +5 -12 lines
Update to sendmail 8.13.6
> 8.13.6/8.13.6	2006/03/22
> 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> 		and client side of sendmail with timeouts in the libsm I/O
> 		layer and fix problems in that code.  Also fix handling of
> 		a buffer in sm_syslog() which could have been used as an
> 		attack vector to exploit the unsafe handling of
> 		setjmp(3)/longjmp(3) in combination with signals.
> 		Problem detected by Mark Dowd of ISS X-Force.
> 	Handle theoretical integer overflows that could triggered if
> 		the server accepted headers larger than the maximum
> 		(signed) integer value.  This is prevented in the default
> 		configuration by restricting the size of a header, and on
> 		most machines memory allocations would fail before reaching
> 		those values.  Problems found by Phil Brass of ISS.
> 	If a server returns 421 for an RSET command when trying to start
> 		another transaction in a session while sending mail, do
> 		not trigger an internal consistency check.  Problem found
> 		by Allan E Johannesen of Worcester Polytechnic Institute.
> 	If a server returns a 5xy error code (other than 501) in response
> 		to a STARTTLS command despite the fact that it advertised
> 		STARTTLS and that the code is not valid according to RFC
> 		2487 treat it nevertheless as a permanent failure instead
> 		of a protocol error (which has been changed to a
> 		temporary error in 8.13.5).  Problem reported by Jeff
> 		A. Earickson of Colby College.
> 	Clear SMTP state after a HELO/EHLO command.  Patch from John
> 		Myers of Proofpoint.
> 	Observe MinQueueAge option when gathering entries from the queue
> 		for sorting etc instead of waiting until the entries are
> 		processed.  Patch from Brian Fundakowski Feldman.
> 	Set up TLS session cache to properly handle clients that try to
> 		resume a stored TLS session.
> 	Properly count the number of (direct) child processes such that
> 		a configured value (MaxDaemonChildren) is not exceeded.
> 		Based on patch from Attila Bruncsak.
> 	LIBMILTER: Remove superfluous backslash in macro definition
> 		(libmilter.h).  Based on patch from Mike Kupfer of
> 		Sun Microsystems.
> 	LIBMILTER: Don't try to set SO_REUSEADDR on UNIX domain sockets.
> 		This generates an error message from libmilter on
> 		Solaris, though other systems appear to just discard the
> 		request silently.
> 	LIBMILTER: Deal with sigwait(2) implementations that return
> 		-1 and set errno instead of returning an error code
> 		directly.  Patch from Chris Adams of HiWAAY Informations
> 		Services.
> 	Portability:
> 		Fix compilation checks for closefrom(3) and statvfs(2)
> 		in NetBSD.  Problem noted by S. Moonesamy, patch from
> 		Andrew Brown.

Revision 1.25.2.1: download - view: text, markup, annotated - select for diffs
Fri Mar 24 16:12:18 2006 UTC (18 years, 8 months ago) by salo
Branches: pkgsrc-2005Q4
Diff to: previous 1.25: preferred, colored; next MAIN 1.26: preferred, colored
Changes since revision 1.25: +4 -1 lines
Pullup ticket 1255 - requested by Todd Vierling
security fix for sendmail

Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile			1.84
- pkgsrc/mail/sendmail/Makefile.common		1.32
- pkgsrc/mail/sendmail/distinfo			1.27

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Wed Mar 22 19:56:37 UTC 2006

   Modified Files:
   	pkgsrc/mail/sendmail: Makefile Makefile.common distinfo

   Log Message:
   Update sendmail to address the current security issue
   Bump to nb2
   This will change the internal version of sendmail to 8.13.5.20060308
   > 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
   > 		and client side of sendmail with timeouts in the libsm I/O
   > 		layer and fix problems in that code.  Also fix handling of
   > 		a buffer in sm_syslog() which could have been used as an
   > 		attack vector to exploit the unsafe handling of
   > 		setjmp(3)/longjmp(3) in combination with signals.
   > 		Problem detected by Mark Dowd of ISS X-Force.
   > 	Handle theoretical integer overflows that could triggered if
   > 		the server accepted headers larger than the maximum
   > 		(signed) integer value.  This is prevented in the default
   > 		configuration by restricting the size of a header, and on
   > 		most machines memory allocations would fail before reaching
   > 		those values.  Problems found by Phil Brass of ISS.

Revision 1.27: download - view: text, markup, annotated - select for diffs
Wed Mar 22 19:56:36 2006 UTC (18 years, 8 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +4 -1 lines
Update sendmail to address the current security issue
Bump to nb2
This will change the internal version of sendmail to 8.13.5.20060308
> 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> 		and client side of sendmail with timeouts in the libsm I/O
> 		layer and fix problems in that code.  Also fix handling of
> 		a buffer in sm_syslog() which could have been used as an
> 		attack vector to exploit the unsafe handling of
> 		setjmp(3)/longjmp(3) in combination with signals.
> 		Problem detected by Mark Dowd of ISS X-Force.
> 	Handle theoretical integer overflows that could triggered if
> 		the server accepted headers larger than the maximum
> 		(signed) integer value.  This is prevented in the default
> 		configuration by restricting the size of a header, and on
> 		most machines memory allocations would fail before reaching
> 		those values.  Problems found by Phil Brass of ISS.

Revision 1.26: download - view: text, markup, annotated - select for diffs
Wed Jan 18 21:00:48 2006 UTC (18 years, 10 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +5 -1 lines
Fix build on -HEAD
Identified by Jean-Luc Wasmer in PR# 32527
Fixes from -HEAD by christos@ (setuserenv -> setuserenviron)
Bump to nb1

Revision 1.22.4.1: download - view: text, markup, annotated - select for diffs
Fri Dec 9 00:30:18 2005 UTC (19 years ago) by salo
Branches: pkgsrc-2005Q3
Diff to: previous 1.22: preferred, colored; next MAIN 1.23: preferred, colored
Changes since revision 1.22: +5 -5 lines
Pullup ticket 933 - requested by Adrian Portelli
sendmail update and build fixes

Revisions pulled up:
- pkgsrc/mail/sendmail/Makefile.common		1.29
- pkgsrc/mail/sendmail/PLIST			1.10
- pkgsrc/mail/sendmail/distinfo			1.23, 1.24, 1.25
pkgsrc/mail/sendmail/patches/patch-ag		1.9, 1.10, 1.11

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Oct 14 08:36:03 UTC 2005

   Modified Files:
   	pkgsrc/mail/sendmail: Makefile.common PLIST distinfo

   Log Message:
   Update sendmail to 8.13.5
   From the CHANGELOG:
   > 	Store the filesystem identifier of the df/ subdirectory (if it
   > 		exists) in an internal structure instead of the base
   > 		directory.  This structure is used decide whether there
   > 		is enough free disk space when selecting a queue, hence
   > 		without this change queue selection could fail if a df/
   > 		subdirectory exists and is on a different filesystem
   > 		than the base directory.
   > 	Use the queue index of the df file (instead of the qf file) for
   > 		checking whether a link(2) operation can be used to split
   > 		an envelope across queue groups.  Problem found by
   > 		Werner Wiethege.
   > 	If the list of items in the queue is larger than the maximum
   > 		number of items to process, sort the queue first and
   > 		then cut the list off instead of the other way around.
   > 		Patch from Matej Vela of Rudjer Boskovic Institute.
   > 	Fix helpfile to show full entry for ETRN.  Problem noted by
   > 		Penelope Fudd, patch from Neil Rickert of Northern Illinois
   > 		University.
   > 	FallbackSmartHost should also be tried on temporary errors.
   > 		From John Beck of Sun Microsystems.
   > 	When a server responds with 421 to the STARTTLS command then treat
   > 		it as a temporary error, not as protocol error.  Problem
   > 		noted by Andrey J. Melnikoff.
   > 	Properly define two functions in libsm as static because their
   > 		prototype used static too.  Patch from Peter Klein.
   > 	Fix syntax errors in helpfile for MAIL and RCPT commands.
   > 	LIBMILTER: When smfi_replacebody() is called with bodylen equals
   > 		zero then do not silently ignore that call.  Patch from
   > 		Gurusamy Sarathy of Active State.
   > 	LIBMILTER: Recognize "421" also in a multi-line reply to terminate
   > 		the SMTP session with that error.  Fix from Brian Kantor.
   > 	Portability: New option HASSNPRINTF which can be set if the OS
   > 			has a properly working snprintf(3) to get rid
   > 			of the last two (safe) sprintf(3) calls in the
   > 			source code.
   > 		Add support for AIX 5.3.
   > 		Add support for SunOS 5.11 (aka Solaris 11).
   > 		Add support for Darwin 8.x.  Patch from Lyndon Nerenberg.
   > 		OpenBSD 3.7 has removed support for NETISO.
   > 	CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.
---
   Module Name:		pkgsrc
   Committed By:	jklos
   Date:		Mon Oct 24 04:33:50 UTC 2005

   Modified Files:
   	pkgsrc/mail/sendmail/patches: patch-ag

   Log Message:
   Updated to properly select statvfs.h and closefrom where appropriate.
---
   Module Name:		pkgsrc
   Committed By:	jklos
   Date:		Mon Oct 24 04:35:24 UTC 2005

   Modified Files:
   	pkgsrc/mail/sendmail/patches: patch-ag

   Log Message:
   Lost cvs tag. Fixed.
---
   Module Name:		pkgsrc
   Committed By:	jklos
   Date:		Mon Oct 24 04:36:59 UTC 2005

   Modified Files:
   	pkgsrc/mail/sendmail: distinfo

   Log Message:
   Updated distinfo for patch-ag, for statvfs and closefrom patch.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Tue Nov 29 15:27:03 UTC 2005

   Modified Files:
   	pkgsrc/mail/sendmail: distinfo
   	pkgsrc/mail/sendmail/patches: patch-ag

   Log Message:
   Fix a bug that crept in when the statvfs and closefrom patch was added.

Revision 1.25: download - view: text, markup, annotated - select for diffs
Tue Nov 29 15:27:03 2005 UTC (19 years ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2005Q4-base
Branch point for: pkgsrc-2005Q4
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +2 -2 lines
Fix a bug that crept in when the statvfs and closefrom patch was added.

Revision 1.24: download - view: text, markup, annotated - select for diffs
Mon Oct 24 04:36:59 2005 UTC (19 years, 1 month ago) by jklos
Branches: MAIN
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -2 lines

Updated distinfo for patch-ag, for statvfs and closefrom patch.

Revision 1.23: download - view: text, markup, annotated - select for diffs
Fri Oct 14 08:36:02 2005 UTC (19 years, 1 month ago) by adrianp
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +4 -4 lines
Update sendmail to 8.13.5
From the CHANGELOG:
> 	Store the filesystem identifier of the df/ subdirectory (if it
> 		exists) in an internal structure instead of the base
> 		directory.  This structure is used decide whether there
> 		is enough free disk space when selecting a queue, hence
> 		without this change queue selection could fail if a df/
> 		subdirectory exists and is on a different filesystem
> 		than the base directory.
> 	Use the queue index of the df file (instead of the qf file) for
> 		checking whether a link(2) operation can be used to split
> 		an envelope across queue groups.  Problem found by
> 		Werner Wiethege.
> 	If the list of items in the queue is larger than the maximum
> 		number of items to process, sort the queue first and
> 		then cut the list off instead of the other way around.
> 		Patch from Matej Vela of Rudjer Boskovic Institute.
> 	Fix helpfile to show full entry for ETRN.  Problem noted by
> 		Penelope Fudd, patch from Neil Rickert of Northern Illinois
> 		University.
> 	FallbackSmartHost should also be tried on temporary errors.
> 		From John Beck of Sun Microsystems.
> 	When a server responds with 421 to the STARTTLS command then treat
> 		it as a temporary error, not as protocol error.  Problem
> 		noted by Andrey J. Melnikoff.
> 	Properly define two functions in libsm as static because their
> 		prototype used static too.  Patch from Peter Klein.
> 	Fix syntax errors in helpfile for MAIL and RCPT commands.
> 	LIBMILTER: When smfi_replacebody() is called with bodylen equals
> 		zero then do not silently ignore that call.  Patch from
> 		Gurusamy Sarathy of Active State.
> 	LIBMILTER: Recognize "421" also in a multi-line reply to terminate
> 		the SMTP session with that error.  Fix from Brian Kantor.
> 	Portability: New option HASSNPRINTF which can be set if the OS
> 			has a properly working snprintf(3) to get rid
> 			of the last two (safe) sprintf(3) calls in the
> 			source code.
> 		Add support for AIX 5.3.
> 		Add support for SunOS 5.11 (aka Solaris 11).
> 		Add support for Darwin 8.x.  Patch from Lyndon Nerenberg.
> 		OpenBSD 3.7 has removed support for NETISO.
> 	CONFIG: Add OSTYPE(freebsd6) for FreeBSD 6.X.

Revision 1.22: download - view: text, markup, annotated - select for diffs
Wed Apr 27 18:57:54 2005 UTC (19 years, 7 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2005Q3-base, pkgsrc-2005Q2-base, pkgsrc-2005Q2
Branch point for: pkgsrc-2005Q3
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +4 -5 lines
- Update to sendmail 8.13.4
- Remove old patch-ai
- From the ChangeLog:
> 	The bug fixes in 8.13.3 for connection handling uncovered a
> 		different error which could result in connections that
> 		stay in CLOSE_WAIT state due to a variable that was not
> 		properly initialized.  Problem noted by Michael Sims.
> 	Deal with empty hostnames in hostsignature().  This bug could lead
> 		to an endless loop when doing LMTP deliveries to another
> 		host.  Problem first reported by Martin Lathoud and
> 		tracked down by Gael Roualland.
> 	Make sure return parameters are initialized in getmxrr().  Problem
> 		found by Gael Roualland using valgrind.
> 	If shared memory is used and the RunAsUser option is set, then the
> 		owner and group of the shared memory segment is set to
> 		the ids specified RunAsUser and the access mode is set
> 		to 0660 to allow for updates by sendmail processes.
> 	The number of queue entries that is (optionally) kept in shared
> 		memory was wrong in some cases, e.g., envelope splitting
> 		and bounce generation.
> 	Undo a change made in 8.13.0 to silently truncate long strings
> 		in address rewriting because the message can be triggered
> 		for header checks where long strings are legitimate.
> 		Problem reported by Mary Verge DeSisto, and tracked
> 		down with the help of John Beck of Sun Microsystems.
> 	The internal stab map did not obey the -m flag.  Patch from
> 		Rob McMahon of Warwick University, England.
> 	The socket map did not obey the -f flag.  Problem noted by
> 		Dan Ringdahl, forwarded by Andrzej Filip.
> 	The addition of LDAP recursion in 8.13.0 broke enforcement of
> 		the LDAP map -1 argument which tells the MTA to only
> 		return success if and only if a single LDAP match is found.
> 	Add additional error checks in the MTA for milter communication
> 		to avoid a possible segmentation fault.  Based on patch
> 		by Joe Maimon.
> 	Do not trigger an assertion if X509_digest() returns success but
> 		does not assign a value to its output parameter.  Based
> 		on patch by Brian Kantor.
> 	Add more checks when resetting internal AUTH data (applies only
> 		to Cyrus SASL version 2).  Otherwise an SMTP session might
> 		be dropped after an AUTH failure.
> 	Portability:
> 		Add LA_LONGLONG as valid LA_TYPE type for systems that use
> 			"long long" to read load average data, e.g.,
> 			AIX 5.1 in 32 bit mode.  Note: this has to be set
> 			"by hand", it is not (yet) automatically detected.
> 			Problem noted by Burak Bilen.
> 		Use socklen_t for accept(), etc. on AIX 5.x.  This should
> 			fix problems when compiling in 64 bit mode.
> 			Problem first reported by Harry Meiert of
> 			University of Bremen.

Revision 1.21: download - view: text, markup, annotated - select for diffs
Thu Feb 24 09:59:29 2005 UTC (19 years, 9 months ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2005Q1-base, pkgsrc-2005Q1
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +2 -1 lines
Add RMD160 digests.

Revision 1.20: download - view: text, markup, annotated - select for diffs
Thu Feb 10 22:17:24 2005 UTC (19 years, 9 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +5 -5 lines
- Update sendmail to 8.13.3
- Fix smrsh man page patch
- Tidy up MESSAGE
- Replace 8.13.1 errata with 8.13.3 errata
- Remove rename of file outside ${PREFIX} on db2 installs

> 8.13.3/8.13.3	2005/01/11
> 	Enhance handling of I/O errors, especially EOF, when STARTTLS
> 		is active.
> 	Make sure a connection is not reused after it has been closed
> 		due to a 421 error.  Problem found by Allan E Johannesen
> 		of Worcester Polytechnic Institute.
> 	Avoid triggering an assertion when sendmail is interrupted while
> 		closing a connection.  Problem found by Allan E Johannesen
> 		of Worcester Polytechnic Institute.
> 	Regression: a change in 8.13.2 caused sendmail not to try the
> 		next MX host (or FallbackMXhost if configured) when, at
> 		connection open, the current server returns a 4xy or 5xy
> 		SMTP reply code.  Problem noted by Mark Tranchant.
>
> 8.13.2/8.13.2	2004/12/15
> 	Do not split the first header even if it exceeds the internal
> 		buffer size.  Previously a part of such a header would
> 		end up in the body of the message.  Problem noted by
> 		Simple Nomad of BindView.
> 	Do not complain about "cataddr: string too long" when checking
> 		headers that do not contain RFC 2822 addresses.
> 		Problem noted by Rich Graves of Brandeis University.
> 	If a server returns a 421 reply to the RSET command between
> 		message deliveries, do not attempt to deliver any more
> 		messages on that connection.  This prevents bogus "Bad
> 		file number" recipient status.  Problem noted by
> 		Allan E Johannesen of Worcester Polytechnic Institute.
> 	Allow trailing white space in EHLO command as recommended by RFC
> 		2821.  Problem noted by Ralph Santagato of SBC Services.
> 	Deal with clients which use AUTH but negotiate a smaller buffer size
> 		for data exchanges than the value used by sendmail, e.g.,
> 		Cyrus IMAP lmtp server.  Based on patch by Jamie Clark.
> 	When passing ESMTP arguments for RCPT to a milter, do not cut
> 		them off at a comma.  Problem noted by Krzysztof Oledzki.
> 	Add more logging to milter change header functions to
> 		complement existing logging.  Based on patch from
> 		Gurusamy Sarathy of Active State.
> 	Include <lber.h> in include/sm/config.h when LDAPMAP is defined.
> 		Patch from Edgar Hoch of the University of Stuttgart.
> 	Fix DNS lookup if IPv6 is enabled when converting an IP address
> 		to a hostname for use with SASL.  Problem noted by Ken Jones;
> 		patch from Hajimu UMEMOTO.
> 	CONFIG: For consistency enable MODIFY_MAILER_FLAGS for the prog
> 		mailer.  Patch from John Beck of Sun Microsystems.
> 	LIBMILTER: It was possible that xxfi_abort() was called after
> 		xxfi_eom() for a message if some timeouts were triggered.
> 		Patch from Alexey Kravchuk.
> 	LIBMILTER: Slightly rearrange mutex use in listener.c to allow
> 		different threads to call smfi_opensocket() and smfi_main().
> 		Patch from Jordan Ritter of Cloudmark.
> 	MAIL.LOCAL: Properly terminate MBDB before exiting.  Problem
> 		noted by Nelson Fung.
> 	MAIL.LOCAL: make strip-mail.local used a wrong path to access
> 		mail.local.  Problem noted by William Park.
> 	VACATION: Properly terminate MBDB before exiting.  Problem noted
> 		by Nelson Fung.
> 	Portability:
> 		Add support for DragonFly BSD.
> 	New Files:
> 		cf/ostype/dragonfly.m4
> 		devtools/OS/DragonFly
> 		include/sm/os/sm_os_dragonfly.h
> 	Deleted Files:
> 		libsm/vsscanf.c

Revision 1.19: download - view: text, markup, annotated - select for diffs
Tue Aug 31 10:51:22 2004 UTC (20 years, 3 months ago) by adrianp
Branches: MAIN
CVS tags: pkgsrc-2004Q4-base, pkgsrc-2004Q4, pkgsrc-2004Q3-base, pkgsrc-2004Q3
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +2 -1 lines
- Add errata patch from sendmail.org - suggestion from Takahiro Kambe <taca@>
- Ok'ed wiz@

http://www.sendmail.org/8.13.1.html#ERRATA
http://www.sendmail.org/patches/parseaddr.c.cataddr.8.379

Revision 1.18: download - view: text, markup, annotated - select for diffs
Mon Aug 30 20:16:28 2004 UTC (20 years, 3 months ago) by adrianp
Branches: MAIN
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +5 -4 lines
Update of sendmail to 8.13.1

pkgsrc changes:
- move to use options.mk framework
- solaris support tidy-up
- fix linux man page extension handling bug
- allow for a user defined smrsh directory
- update MASTER_SITES
- optional SOCKETMAP support and sample script installation
- ok'ed snj@/wiz@

Summary of some of the major changes include:
- New map "socket" to query maps via TCP/IP sockets.
- Connection rate control as well as control over the number of incoming open
  connections.
- Several LDAP enhancements such as LDAP recursion and LDAP URI support.
- Message quarantining.
- AUTH EXTERNAL will only be enabled if STARTTLS was successful and the client
  has been authenticated, i.e., {verify} is OK.
- Basic support for certificate revocation lists.
- New queue timeouts for DSN messages.
- Experimental support for MTAMark.

For a full list of changes see:
- http://www.sendmail.org/8.13.0.html
- http://www.sendmail.org/8.13.1.html

Revision 1.17: download - view: text, markup, annotated - select for diffs
Tue Jul 13 12:27:13 2004 UTC (20 years, 4 months ago) by markd
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
Fix build on recent NetBSD-current (statvfs).

Patch from Julian C. Dunn in PR 25481 slightly modified by me.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Sat Mar 27 22:07:32 2004 UTC (20 years, 8 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2004Q2-base, pkgsrc-2004Q2, pkgsrc-2004Q1-base, pkgsrc-2004Q1
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +3 -3 lines
Update "sendmail" and "libmilter" packages to version 8.12.11.
Changes since version 8.12.10:
Use QueueFileMode when opening qf files.  This error was a
	regression in 8.12.10.  Problem detected and diagnosed
	Lech Szychowski of the Polish Power Grid Company.
Properly count the number of queue runners in a work group and
	make sure the total limit of MaxQueueChildren is not
	exceeded.  Based on patch from Takayuki Yoshizawa of
	Techfirm, Inc.
Take care of systems that can generate time values where the
	seconds can exceed the usual range of 0 to 59.
	Problem noted by Randy Diffenderfer of EDS.
Avoid regeneration of identical queue identifiers by processes
	whose process id is the same as that of the initial
	sendmail process that was used to start the daemon.
	Problem noted by Randy Diffenderfer of EDS.
When a milter invokes smfi_delrcpt() compare the supplied
	recipient address also against the printable addresses
	of the current list to deal with rewritten addresses.
	Based on patch from Sean Hanson of The Asylum.
BadRcptThrottle now also works for addresses which return the
	error mailer, e.g., virtusertable entries with the
	right hand side error:.  Patch from Per Hedeland.
Fix printing of 8 bit characters as octals in log messages.
	Based on patch by Andrey J. Melnikoff.
Undo change of algorithm for MIME 7-bit base64 encoding to 8-bit
	text that has been introduced in 8.12.3.  There are some
	examples where the new code fails, but the old code works.
	To get the 8.12.3-8.12.10 version, compile sendmail with
	-DMIME7TO8_OLD=0.  If you have an example of improper
	7 to 8 bit conversion please send it to us.
Return normal error code for unknown SMTP commands instead of
	the one specified by check_relay or a milter for a
	connection.  Problem noted by Andrzej Filip.
Some ident responses contain data after the terminating CRLF which
	causes sendmail to log "POSSIBLE ATTACK...newline in string".
	To avoid this everything after LF is ignored.
If the operating system supports O_EXLOCK and HASFLOCK is set
	then a possible race condition for creating qf files
	can be avoided.  Note: the race condition does not
	exist within sendmail, but between sendmail and an
	external application that accesses qf files.
Log the proper options name for TLS related mising files for
	the CACertPath, CACertFile, and DHParameters options.
Do not split an envelope if it will be discarded, otherwise df
	files could be left behind.  Problem found by Wolfgang
	Breyha.
The use of the environment variables HOME and HOSTALIASES has been
	deprecated and will be removed in version 8.13.  This only
	effects configuration which preserve those variable via the
	'E' command in the cf file as sendmail clears out its entire
	environment.
Portability:
	Add support for Darwin 7.0/Mac OS X 10.3 (a.k.a. Panther).
	Solaris 10 has unsetenv(), patch from Craig Mohrman of
		Sun Microsystems.
LIBMILTER: Add extra checks in case a broken MTA sends bogus data
	to libmilter.  Based on code review by Rob Grzywinski.
SMRSH: Properly assemble commands that contain '&&' or '||'.
	Problem noted by Eric Lee of Talking Heads.
New Files:
	devtools/OS/Darwin.7.0

Revision 1.15: download - view: text, markup, annotated - select for diffs
Wed Dec 3 03:31:16 2003 UTC (21 years ago) by ben
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2 lines
Masao Uebayashi asked me to back out this change.
My apologies for any inconveniences from the original change.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Tue Dec 2 05:45:12 2003 UTC (21 years ago) by ben
Branches: MAIN
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2 lines
This package would install a directory and two files on the build machine
that do make it into the binary package.  Under the default configuration
on NetBSD these files are erroneous.  This fix should resolve PR 20852
Here are the details:

1) /etc/mail/statistics
        This file is created like so:
                statistics:
                        ${CP} /dev/null statistics

        This file is not needed because sendmail is configured to use:
                O StatusFile=/var/log/sendmail.st

        To avoid creating this file, I added to devtools/OS/NetBSD:
                define(`confNO_STATISTICS_INSTALL', `')

2) /etc/mail/submit.cf
        This file is not needed because we install it as:
                ${PREFIX}/share/sendmail/cf/submit.cf

        To avoid installing /etc/mail/submit.cf, I added to devtools/OS/NetBSD:
                define(`confINST_DEP', `')

        If confINST_DEP is undefined, then it will default to:
                `${DESTDIR}/etc/mail/submit.cf ${DESTDIR}${MSPQ}'

3) /var/db/pkg/sendmail-8.12.8nb1/+INSTALL
        This is now created by pkg_add with the binary package.
        It appears the problem is resolved.

4) /var/spool/clientmqueue
        This directory is not needed because sendmail is configured to use:
                O QueueDirectory=/var/spool/mqueue

        To avoid installing this directory, I added to devtools/OS/NetBSD:
                define(`confINST_DEP', `')

Revision 1.13: download - view: text, markup, annotated - select for diffs
Thu Sep 18 09:01:04 2003 UTC (21 years, 2 months ago) by grant
Branches: MAIN
CVS tags: pkgsrc-2003Q4-base, pkgsrc-2003Q4
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -3 lines
update to sendmail 8.12.10.

8.12.10/8.12.10 2003/09/24
        SECURITY: Fix a buffer overflow in address parsing.  Problem
                detected by Michal Zalewski, patch from Todd C. Miller
                of Courtesan Consulting.
        Fix a potential buffer overflow in ruleset parsing.  This problem
                is not exploitable in the default sendmail configuration;
                only if non-standard rulesets recipient (2), final (4), or
                mailer-specific envelope recipients rulesets are used then
                a problem may occur.  Problem noted by Timo Sirainen.
        Accept 0 (and 0/0) as valid input for set MaxMimeHeaderLength.
                Problem noted by Thomas Schulz.
        Add several checks to avoid (theoretical) buffer over/underflows.
        Properly count message size when performing 7->8 or 8->7 bit MIME
                conversions.  Problem noted by Werner Wiethege.
        Properly compute message priority based on size of entire message,
                not just header.  Problem noted by Axel Holscher.
        Reset SevenBitInput to its configured value between SMTP
                transactions for broken clients which do not properly
                announce 8 bit data.  Problem noted by Stefan Roehrich.
        Set {addr_type} during queue runs when processing recipients.
                Based on patch from Arne Jansen.
        Better error handling in case of (very unlikely) queue-id conflicts.
        Perform better error recovery for address parsing, e.g., when
                encountering a comment that is too long.  Problem noted by
                Tanel Kokk, Union Bank of Estonia.
        Add ':' to the allowed character list for bogus HELO/EHLO
                checking.  It is used for IPv6 domain literals.  Patch from
                Iwaizako Takahiro of FreeBit Co., Ltd.
        Reset SASL connection context after a failed authentication attempt.
                Based on patch from Rob Siemborski of CMU.
        Check Berkeley DB compile time version against run time version
                to make sure they match.
        Do not attempt AAAA (IPv6) DNS lookups if IPv6 is not enabled
                in the kernel.
        When a milter adds recipients and one of them causes an error,
                do not ignore the other recipients.  Problem noted by
                Bart Duchesne.
        CONFIG: Use specified SMTP error code in mailertable entries which
                lack a DSN, i.e., "error:### Text".  Problem noted by
                Craig Hunt.
        CONFIG: Call Local_trust_auth with the correct argument.  Patch
                from Jerome Borsboom.
        CONTRIB: Better handling of temporary filenames for doublebounce.pl
                and expn.pl to avoid file overwrites, etc.  Patches from
                Richard A. Nelson of Debian and Paul Szabo.
        MAIL.LOCAL: Fix obscure race condition that could lead to an
                improper mailbox truncation if close() fails after the
                mailbox is fsync()'ed and a new message is delivered
                after the close() and before the truncate().
        MAIL.LOCAL: If mail delivery fails, do not leave behind a
                stale lockfile (which is ignored after the lock timeout).
                Patch from Oleg Bulyzhin of Cronyx Plus LLC.
        Portability:
                Port for AIX 5.2.  Thanks to Steve Hubert of University
                        of Washington for providing access to a computer
                        with AIX 5.2.
                setreuid(2) works on OpenBSD 3.3.  Patch from
                        Todd C. Miller of Courtesan Consulting.
                Allow for custom definition of SMRSH_CMDDIR and SMRSH_PATH
                        on all operating systems.  Patch from Robert Harker
                        of Harker Systems.
                Use strerror(3) on Linux.  If this causes a problem on
                        your Linux distribution, compile with
                        -DHASSTRERROR=0 and tell sendmail.org about it.
        Added Files:
                devtools/OS/AIX.5.2

update provided by Adrian Portelli in PR pkg/22836.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Mon Sep 15 11:47:28 2003 UTC (21 years, 2 months ago) by markd
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -1 lines
Set smrsh CMDDIR for NetBSD to /usr/libexec/sm.bin to match the in-tree
version.

From PR pkg/21012 from Jim Bernard.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Sat Mar 29 19:55:56 2003 UTC (21 years, 8 months ago) by seb
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +3 -3 lines
Update to version 8.12.9.

This is mostly a security fix release.
See the list of changes since 8.12.8 below.

Package change: always put M4 in MAKE_ENV so we are sure of the one used.
Note: this also update mail/libmilter the same version.

8.12.9/8.12.9   2003/03/29
        SECURITY: Fix a buffer overflow in address parsing due to
                a char to int conversion problem which is potentially
                remotely exploitable.  Problem found by Michal Zalewski.
                Note: an MTA that is not patched might be vulnerable to
                data that it receives from untrusted sources, which
                includes DNS.
        To provide partial protection to internal, unpatched sendmail MTAs,
                8.12.9 changes by default (char)0xff to (char)0x7f in
                headers etc.  To turn off this conversion compile with
                -DALLOW_255 or use the command line option -d82.101.
        To provide partial protection for internal, unpatched MTAs that may be
                performing 7->8 or 8->7 bit MIME conversions, the default
                for MaxMimeHeaderLength has been changed to 2048/1024.
                Note: this does have a performance impact, and it only
                protects against frontal attacks from the outside.
                To disable the checks and return to pre-8.12.9 defaults,
                set MaxMimeHeaderLength to 0/0.
        Do not complain about -ba when submitting mail.  Problem noted
                by Derek Wueppelmann.
        Fix compilation with Berkeley DB 1.85 on systems that do not
                have flock(2).  Problem noted by Andy Harper of Kings
                College London.
        Properly initialize data structure for dns maps to avoid various
                errors, e.g., looping processes.  Problem noted by
                Maurice Makaay.
        CONFIG: Prevent multiple application of rule to add smart host.
                Patch from Andrzej Filip.
        CONFIG: Fix queue group declaration in MAILER(`usenet').
        CONTRIB: buildvirtuser: New option -t builds the virtusertable
                text file instead of the database map.
        Portability:
                Revert wrong change made in 8.12.7 and actually use the
                        builtin getopt() version in sendmail on Linux.
                        This can be overridden by using -DSM_CONF_GETOPT=0
                        in which case the OS supplied version will be used.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Tue Mar 4 00:21:31 2003 UTC (21 years, 9 months ago) by seb
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +3 -4 lines
Update to version 8.12.8. Security related change included.

Also SASL 2 support added and PLIST tuning.

8.12.8/8.12.8	2003/02/11
	SECURITY: Fix a remote buffer overflow in header parsing by
		dropping sender and recipient header comments if the
		comments are too long.  Problem noted by Mark Dowd
		of ISS X-Force.
	Fix a potential non-exploitable buffer overflow in parsing the
		.cf queue settings and potential buffer underflow in
		parsing ident responses.  Problem noted by Yichen Xie of
		Stanford University Compilation Group.
	Fix ETRN #queuegroup command: actually start a queue run for
		the selected queue group.  Problem noted by Jos Vos.
	If MaxMimeHeaderLength is set and a malformed MIME header is fixed,
		log the fixup as "Fixed MIME header" instead of "Truncated
		MIME header".  Problem noted by Ian J Hart.
	CONFIG: Fix regression bug in proto.m4 that caused a bogus
		error message: "FEATURE() should be before MAILER()".
	MAIL.LOCAL: Be more explicit in some error cases, i.e., whether
		a mailbox has more than one link or whether it is not
		a regular file.  Patch from John Beck of Sun Microsystems.

8.12.7/8.12.7	2002/12/29
	Properly clean up macros to avoid persistence of session data
		across various connections.  This could cause session
		oriented restrictions, e.g., STARTTLS requirements,
		to erroneously allow a connection.  Problem noted
		by Tim Maletic of Priority Health.
	Do not lookup MX records when sorting the MSP queue.  The MSP
		only needs to relay all mail to the MTA.  Problem found
		by Gary Mills of the University of Manitoba.
	Do not restrict the length of connection information to 100
		characters in some logging statements.  Problem noted by
		Erik Parker.
	When converting an enhanced status code to an exit status, use
		EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5
		is used.
	Reset macro $x when receiving another MAIL command.  Problem
		noted by Vlado Potisk of Wigro s.r.o.
	Don't bother setting the permissions on the build area statistics
		file, the proper permissions will be put on the file at
		install time.  This fixes installation over NFS for some
		users.  Problem noted by Martin J. Dellwo of 3-Dimensional
		Pharmaceuticals, Inc.
	Fix problem of decoding SASLv2 encrypted data.  Problem noted by
		Alex Deiter of Mobile TeleSystems, Komi Republic.
	Log milter socket open errors at MilterLogLevel 1 or higher instead
		of 11 or higher.
	Print early system errors to the console instead of silently
		exiting.  Problem noted by James Jong of IBM.
	Do not process a queue group if Runners is set to 0, regardless
		of whether F=f or sendmail is run in verbose mode (-v).
		The use of -qGname will still force queue group "name"
		to be run even if Runners=0.
	Change the level for logging the fact that a daemon is refusing
		connections due to high load from LOG_INFO to LOG_NOTICE.
		Patch from John Beck of Sun Microsystems.
	Use location information for submit.cf from NetInfo
		(/locations/sendmail/submit.cf) if available.
	Re-enable ForkEachJob which was lost in 8.12.0.  Problem noted by
		Neil Rickert of Northern Illinois University.
	Make behavior of /canon in debug mode consistent with usage in
		rulesets.  Patch from Shigeno Kazutaka of IIJ.
	Fix a potential memory leak in envelope splitting.  Problem noted
		by John Majikes of IBM.
	Do not try to share an mailbox database LDAP connection across
		different processes.  Problem noted by Randy Kunkee.
	Fix logging for undelivered recipients when the SMTP connection
		times out during message collection.  Problem noted by Neil
		Rickert of Northern Illinois University.
	Avoid problems with QueueSortOrder=random due to problems with
		qsort() on Solaris (and maybe some other operating systems).
		Problem noted by Stephan Schulz of Gruner+Jahr..
	If -f "" is specified, set the sender address to "<>".  Problem
		noted by Matthias Andree.
	Fix formatting problem of footnotes for plain text output on some
		versions of tmac.  Patch from Per Hedeland.
	Portability:
		Berkeley DB 4.1 support (requires at least 4.1.25).
		Some getopt(3) implementations in GNU/Linux are broken
			and pass a NULL pointer to an option which requires
			an argument, hence the builtin version of
			sendmail is used instead.  This can be overridden
			by using -DSM_CONF_GETOPT=0.  Problem noted by
			Vlado Potisk of Wigro s.r.o.
		Support for nph-1.2.0 from Mark D. Roth of the University
			of Illinois at Urbana-Champaign.
		Support for FreeBSD 5.0's MAC labeling from Robert Watson
			of the TrustedBSD Project.
		Support for reading the number of processors on an IRIX
			system from Michel Bourget of SGI.
		Support for UnixWare 7.1 based on input from Larry Rosenman.
		Interix support from Nedelcho Stanev of Atlantic Sky
			Corporation.
		Update Mac OS X/Darwin portability from Wilfredo Sanchez.
	CONFIG: Enforce tls_client restrictions even if delay_checks
		is used.  Problem noted by Malte Starostik.
	CONFIG: Deal with an empty hostname created via bogus
		DNS entries to get around access restrictions.
		Problem noted by Kai Schlichting.
	CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default
		to avoid problems with hostname resolution for localhost
		which on many systems does not resolve to 127.0.0.1 (or
		::1 for IPv6).  If you do not use IPv4 but only IPv6 then
		you need to change submit.mc accordingly, see the comment
		in the file itself.
	CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid
		error messages from initgroups(3) on AIX 4.3 when sending
		mail to non-existing users. Problem noted by Mark Roth of
		the University of Illinois at Urbana-Champaign.
	CONFIG: Allow local_procmail to override local_lmtp settings.
	CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to
		relay.
	CONTRIB: cidrexpand: Deal with the prefix tags that may be included
		in access_db.
	CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell.
	LIBMILTER: On Solaris libmilter may get into an endless loop if
		an error in the communication from/to the MTA occurs.
		Patch from Gurusamy Sarathy of Active State.
	LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64.
		Patch from from Jose Marcio Martins da Cruz of Ecole
		Nationale Superieure des Mines de Paris.
	MAIL.LOCAL: Fix a truncation race condition if the close() on
		the mailbox fails.  Problem noted by Tomoko Fukuzawa of
		Sun Microsystems.
	MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3)
		fails.  Patch from John Beck of Sun Microsystems.
	SMRSH: SECURITY: Only allow regular files or symbolic links to be
		used for a command.  Problem noted by David Endler of
		iDEFENSE, Inc.
	New Files:
		devtools/OS/Interix
		include/sm/bdb.h

Revision 1.9: download - view: text, markup, annotated - select for diffs
Thu Oct 3 03:59:24 2002 UTC (22 years, 2 months ago) by itojun
Branches: MAIN
CVS tags: netbsd-1-6-1-base, netbsd-1-6-1
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -1 lines
http://www.sendmail.org/smrsh.adv.txt

Revision 1.8: download - view: text, markup, annotated - select for diffs
Mon Sep 23 12:56:58 2002 UTC (22 years, 2 months ago) by markd
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +8 -10 lines
Update to sendmail-8.12.6

Large number of bug fixes and feature enhancements, especially Milter
(Mail Filter) support and by default installation of sendmail does not use
set-user-ID root anymore.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sun Sep 9 16:41:40 2001 UTC (23 years, 3 months ago) by taca
Branches: MAIN
CVS tags: pkgviews-base, pkgviews, netbsd-1-6-RELEASE-base, netbsd-1-6, netbsd-1-5-PATCH003, buildlink2-base, buildlink2
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +3 -1 lines
Enable wide patch and make this package sendmail-8.11.6nb1.
Please look at ${WRKSRC}/sendmail/00READ_ME.WIDE file created by
sendmail8.11.6+3.4W.patch.gz for detail of the patch.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Aug 21 06:49:53 2001 UTC (23 years, 3 months ago) by itojun
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +3 -3 lines
upgrade to 8.11.6.  fixes a security problem with command line processing.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Wed Aug 1 02:39:38 2001 UTC (23 years, 4 months ago) by itojun
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +3 -4 lines
upgrade to 8.11.5.  minor bug fixes from 8.11.4.
patch-zz (security patch on signal handling) is now in 8.11.5.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Mon Jun 25 23:22:51 2001 UTC (23 years, 5 months ago) by wiz
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -1 lines
In some cases, SIGHUP may kill sendmail instead of restarting it.
Avoid this by using
http://www.sendmail.org/~ca/email/patches/daemon.c.8.401.4.62
as proposed by Wolfgang Rupprecht in pkg/13267.
(Added as patch-zz, should be removed on next update.)

Revision 1.3: download - view: text, markup, annotated - select for diffs
Tue May 29 03:31:26 2001 UTC (23 years, 6 months ago) by itojun
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +3 -5 lines
update to 8.11.4.  security related change included (no exploit available yet)


8.11.4/8.11.4	2001/05/28
	Clean up signal handling routines to reduce the chances of heap
		corruption and other potential race conditions.
		Terminating and restarting the daemon may not be
		instantaneous due to this change.  Also, non-root users can
		no longer send out-of-band signals.  Problem reported by
		Michal Zalewski of BindView.
	If LogLevel is greater than 9 and SASL fails to negotiate an
		encryption layer, avoid core dump logging the encryption
		strength.  Problem noted by Miroslav Zubcic of Crol.
	If a server offers "AUTH=" and "AUTH " and the list of mechanisms is
		different in those two lines, sendmail might not have
		recognized (and used) all of the offered mechanisms.
	Fix an IP address lookup problem on Solaris 2.0 - 2.3.  Patch
		from Kenji Miyake.
	This time, really don't use the .. directory when expanding
		QueueDirectory wildcards.
	If a process is interrupted while closing a map, don't try to close
		the same map again while exiting.
	Allow local mailers (F=l) to contact remote hosts (e.g., via
		LMTP).  Problem noted by Norbert Klasen of the University
		of Tuebingen.
	If Timeout.QueueReturn was set to a value less the time it took
		to write a new queue file (e.g., 0 seconds), the bounce
		message would be lost.  Problem noted by Lorraine L Goff of
		Oklahoma State University.
	Pass map argument vector into map rewriting engine for the regex
		and prog map types.  Problem noted by Stephen Gildea of
		InTouch Systems, Inc.
	When closing an LDAP map due to a temporary error, close all of the
		other LDAP maps which share the original map's connection
		to the LDAP server.  Patch from Victor Duchovni of
		Morgan Stanley.
	To detect changes of NDBM aliases files check the timestamp of the
		.pag file instead of the .dir file.  Problem noted by Neil
		Rickert of Northern Illinois University.
	Don't treat temporary hesiod lookup failures as permanent.  Patch
		from Werner Wiethege.
	If ClientPortOptions is set, make sure to create the outgoing socket
		with the family set in that option.  Patch from Sean Farley.
	Avoid a segmentation fault trying to dereference a NULL pointer
		when logging a MaxHopCount exceeded error with an empty
		recipient list.  Problem noted by Chris Adams of HiWAAY
		Internet Services.
	Fix DSN for "Too many hops" bounces.  Problem noticed by Ulrich
		Windl of the Universitaet Regensburg.
	Fix DSN for "mail loops back to me" bounces.  Problem noticed by
		Kari Hurtta of the Finnish Meteorological Institute.
	Portability:
		OpenBSD has a broken setreuid() implementation.
	CONFIG: Undo change from 8.11.1: change 501 SMTP reply code back
		to 553 since it is allowed by DRUMS.
	CONFIG: Add OSTYPE(freebsd4) for FreeBSD 4.X.
	DEVTOOLS: install.sh did not properly handle paths in the source
		file name argument.  Noted by Kari Hurtta of the Finnish
		Meteorological Institute.
	DEVTOOLS: Add FAST_PID_RECYCLE to compile time options for OpenBSD
		since it generates random process ids.
	PRALIASES: Add back adaptive algorithm to deal with different endings
		of entries in the database (with/without trailing '\0').
		Patch from John Beck of Sun Microsystems.
	New Files:
		cf/ostype/freebsd4.m4

Revision 1.2: download - view: text, markup, annotated - select for diffs
Fri Apr 20 13:10:03 2001 UTC (23 years, 7 months ago) by agc
Branches: MAIN
CVS tags: netbsd-1-5-PATCH001
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +3 -1 lines
Move to sha1 digests, and add distfile sizes.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Apr 17 11:35:02 2001 UTC (23 years, 7 months ago) by agc
Branches: MAIN
+ move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>