summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorseb <seb>2003-03-04 00:21:31 +0000
committerseb <seb>2003-03-04 00:21:31 +0000
commit906f46a5164488cb44c3b0ba852a9ecc75279b9c (patch)
tree1aace5e165db38ae54d2143263c832a69c2a45f8
parent5e96b6882e35b86280176b36c2f9a21e68e7e8a1 (diff)
downloadpkgsrc-906f46a5164488cb44c3b0ba852a9ecc75279b9c.tar.gz
Update to version 8.12.8. Security related change included.
Also SASL 2 support added and PLIST tuning. 8.12.8/8.12.8 2003/02/11 SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. Fix a potential non-exploitable buffer overflow in parsing the .cf queue settings and potential buffer underflow in parsing ident responses. Problem noted by Yichen Xie of Stanford University Compilation Group. Fix ETRN #queuegroup command: actually start a queue run for the selected queue group. Problem noted by Jos Vos. If MaxMimeHeaderLength is set and a malformed MIME header is fixed, log the fixup as "Fixed MIME header" instead of "Truncated MIME header". Problem noted by Ian J Hart. CONFIG: Fix regression bug in proto.m4 that caused a bogus error message: "FEATURE() should be before MAILER()". MAIL.LOCAL: Be more explicit in some error cases, i.e., whether a mailbox has more than one link or whether it is not a regular file. Patch from John Beck of Sun Microsystems. 8.12.7/8.12.7 2002/12/29 Properly clean up macros to avoid persistence of session data across various connections. This could cause session oriented restrictions, e.g., STARTTLS requirements, to erroneously allow a connection. Problem noted by Tim Maletic of Priority Health. Do not lookup MX records when sorting the MSP queue. The MSP only needs to relay all mail to the MTA. Problem found by Gary Mills of the University of Manitoba. Do not restrict the length of connection information to 100 characters in some logging statements. Problem noted by Erik Parker. When converting an enhanced status code to an exit status, use EX_CONFIG if the first digit is not 2, 4, or 5 or if *.1.5 is used. Reset macro $x when receiving another MAIL command. Problem noted by Vlado Potisk of Wigro s.r.o. Don't bother setting the permissions on the build area statistics file, the proper permissions will be put on the file at install time. This fixes installation over NFS for some users. Problem noted by Martin J. Dellwo of 3-Dimensional Pharmaceuticals, Inc. Fix problem of decoding SASLv2 encrypted data. Problem noted by Alex Deiter of Mobile TeleSystems, Komi Republic. Log milter socket open errors at MilterLogLevel 1 or higher instead of 11 or higher. Print early system errors to the console instead of silently exiting. Problem noted by James Jong of IBM. Do not process a queue group if Runners is set to 0, regardless of whether F=f or sendmail is run in verbose mode (-v). The use of -qGname will still force queue group "name" to be run even if Runners=0. Change the level for logging the fact that a daemon is refusing connections due to high load from LOG_INFO to LOG_NOTICE. Patch from John Beck of Sun Microsystems. Use location information for submit.cf from NetInfo (/locations/sendmail/submit.cf) if available. Re-enable ForkEachJob which was lost in 8.12.0. Problem noted by Neil Rickert of Northern Illinois University. Make behavior of /canon in debug mode consistent with usage in rulesets. Patch from Shigeno Kazutaka of IIJ. Fix a potential memory leak in envelope splitting. Problem noted by John Majikes of IBM. Do not try to share an mailbox database LDAP connection across different processes. Problem noted by Randy Kunkee. Fix logging for undelivered recipients when the SMTP connection times out during message collection. Problem noted by Neil Rickert of Northern Illinois University. Avoid problems with QueueSortOrder=random due to problems with qsort() on Solaris (and maybe some other operating systems). Problem noted by Stephan Schulz of Gruner+Jahr.. If -f "" is specified, set the sender address to "<>". Problem noted by Matthias Andree. Fix formatting problem of footnotes for plain text output on some versions of tmac. Patch from Per Hedeland. Portability: Berkeley DB 4.1 support (requires at least 4.1.25). Some getopt(3) implementations in GNU/Linux are broken and pass a NULL pointer to an option which requires an argument, hence the builtin version of sendmail is used instead. This can be overridden by using -DSM_CONF_GETOPT=0. Problem noted by Vlado Potisk of Wigro s.r.o. Support for nph-1.2.0 from Mark D. Roth of the University of Illinois at Urbana-Champaign. Support for FreeBSD 5.0's MAC labeling from Robert Watson of the TrustedBSD Project. Support for reading the number of processors on an IRIX system from Michel Bourget of SGI. Support for UnixWare 7.1 based on input from Larry Rosenman. Interix support from Nedelcho Stanev of Atlantic Sky Corporation. Update Mac OS X/Darwin portability from Wilfredo Sanchez. CONFIG: Enforce tls_client restrictions even if delay_checks is used. Problem noted by Malte Starostik. CONFIG: Deal with an empty hostname created via bogus DNS entries to get around access restrictions. Problem noted by Kai Schlichting. CONFIG: Use FEATURE(`msp', `[127.0.0.1]') in submit.mc by default to avoid problems with hostname resolution for localhost which on many systems does not resolve to 127.0.0.1 (or ::1 for IPv6). If you do not use IPv4 but only IPv6 then you need to change submit.mc accordingly, see the comment in the file itself. CONFIG: Set confDONT_INIT_GROUPS to True in submit.mc to avoid error messages from initgroups(3) on AIX 4.3 when sending mail to non-existing users. Problem noted by Mark Roth of the University of Illinois at Urbana-Champaign. CONFIG: Allow local_procmail to override local_lmtp settings. CONFIG: Always allow connections from 127.0.0.1 or IPv6:::1 to relay. CONTRIB: cidrexpand: Deal with the prefix tags that may be included in access_db. CONTRIB: New version of doublebounce.pl contributed by Leo Bicknell. LIBMILTER: On Solaris libmilter may get into an endless loop if an error in the communication from/to the MTA occurs. Patch from Gurusamy Sarathy of Active State. LIBMILTER: Ignore EINTR from sigwait(3) which may happen on Tru64. Patch from from Jose Marcio Martins da Cruz of Ecole Nationale Superieure des Mines de Paris. MAIL.LOCAL: Fix a truncation race condition if the close() on the mailbox fails. Problem noted by Tomoko Fukuzawa of Sun Microsystems. MAIL.LOCAL: Fix a potential file descriptor leak if mkstemp(3) fails. Patch from John Beck of Sun Microsystems. SMRSH: SECURITY: Only allow regular files or symbolic links to be used for a command. Problem noted by David Endler of iDEFENSE, Inc. New Files: devtools/OS/Interix include/sm/bdb.h
-rw-r--r--mail/sendmail/Makefile11
-rw-r--r--mail/sendmail/Makefile.common5
-rw-r--r--mail/sendmail/PLIST11
-rw-r--r--mail/sendmail/distinfo7
-rw-r--r--mail/sendmail/files/site.config.m4-sasl25
-rw-r--r--mail/sendmail/patches/patch-ag62
6 files changed, 24 insertions, 77 deletions
diff --git a/mail/sendmail/Makefile b/mail/sendmail/Makefile
index 2d2c18c35aa..e49022b5478 100644
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.55 2003/01/28 22:03:39 jlam Exp $
+# $NetBSD: Makefile,v 1.56 2003/03/04 00:21:31 seb Exp $
.include "../../mail/sendmail/Makefile.common"
@@ -23,7 +23,9 @@ USE_DB2?= NO
.include "../../databases/openldap/buildlink2.mk"
.endif
-.if defined(USE_SASL) && ${USE_SASL} == YES
+.if defined(USE_SASL2) && ${USE_SASL2} == YES
+.include "../../security/cyrus-sasl2/buildlink2.mk"
+.elif defined(USE_SASL) && ${USE_SASL} == YES
.include "../../security/cyrus-sasl/buildlink2.mk"
.endif
@@ -56,7 +58,10 @@ post-patch: make-sendmail-siteconfig
${CAT} ${FILESDIR}/site.config.m4-starttls >>${SITECONFIG}
${ECHO} -n ' STARTTLS' >>${DESCR_SRC}
.endif
-.if defined(USE_SASL) && ${USE_SASL} == YES
+.if defined(USE_SASL2) && ${USE_SASL2} == YES
+ ${CAT} ${FILESDIR}/site.config.m4-sasl2 >>${SITECONFIG}
+ ${ECHO} -n ' SASL2' >>${DESCR_SRC}
+.elif defined(USE_SASL) && ${USE_SASL} == YES
${CAT} ${FILESDIR}/site.config.m4-sasl >>${SITECONFIG}
${ECHO} -n ' SASL' >>${DESCR_SRC}
.endif
diff --git a/mail/sendmail/Makefile.common b/mail/sendmail/Makefile.common
index e6627fcc303..910c15cf3e8 100644
--- a/mail/sendmail/Makefile.common
+++ b/mail/sendmail/Makefile.common
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile.common,v 1.2 2002/10/03 03:59:24 itojun Exp $
+# $NetBSD: Makefile.common,v 1.3 2003/03/04 00:21:31 seb Exp $
#
# Makefile fragment shared with libmilter
#
DISTNAME= sendmail.${DIST_VERS}
CATEGORIES= mail
-PKGREVISION= 1
MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ \
ftp://ftp.fu-berlin.de/pub/unix/mail/sendmail/ \
ftp://ftp.kyoto.wide.ad.jp/pub/mail/sendmail/
@@ -19,7 +18,7 @@ DISTINFO_FILE?= ${.CURDIR}/../../mail/sendmail/distinfo
FILESDIR?= ${.CURDIR}/../../mail/sendmail/files
PATCHDIR?= ${.CURDIR}/../../mail/sendmail/patches
-DIST_VERS= 8.12.6
+DIST_VERS= 8.12.8
MAKE_ENV+= BSD_BINOWN="${BINOWN}" BSD_BINGRP="${BINGRP}" \
BSD_MANOWN="${MANOWN}" BSD_MANGRP="${MANGRP}" \
diff --git a/mail/sendmail/PLIST b/mail/sendmail/PLIST
index 831f7623e9c..840bc3915df 100644
--- a/mail/sendmail/PLIST
+++ b/mail/sendmail/PLIST
@@ -1,7 +1,7 @@
-@comment $NetBSD: PLIST,v 1.3 2002/09/23 12:56:58 markd Exp $
-bin/newaliases
-bin/mailq
+@comment $NetBSD: PLIST,v 1.4 2003/03/04 00:21:31 seb Exp $
bin/hoststat
+bin/mailq
+bin/newaliases
bin/purgestat
bin/vacation
etc/mailer.conf.sendmail
@@ -11,11 +11,12 @@ man/cat1/mailq.0
man/cat1/newaliases.0
man/cat1/vacation.0
man/cat5/aliases.0
-man/cat8/makemap.0
-man/cat8/smrsh.0
+man/cat8/editmap.0
man/cat8/mailstats.0
+man/cat8/makemap.0
man/cat8/praliases.0
man/cat8/sendmail.0
+man/cat8/smrsh.0
sbin/editmap
sbin/mailstats
sbin/makemap
diff --git a/mail/sendmail/distinfo b/mail/sendmail/distinfo
index e6e168c8fd3..f5a09e23c1d 100644
--- a/mail/sendmail/distinfo
+++ b/mail/sendmail/distinfo
@@ -1,11 +1,10 @@
-$NetBSD: distinfo,v 1.9 2002/10/03 03:59:24 itojun Exp $
+$NetBSD: distinfo,v 1.10 2003/03/04 00:21:31 seb Exp $
-SHA1 (sendmail.8.12.6.tar.gz) = 17680259264ba7fd42739ce77cab68dd9e099df9
-Size (sendmail.8.12.6.tar.gz) = 1867436 bytes
+SHA1 (sendmail.8.12.8.tar.gz) = 8fdec57e4c8b91298e5dc757a7b856b3e3f90fc8
+Size (sendmail.8.12.8.tar.gz) = 1881693 bytes
SHA1 (patch-aa) = 8a4563ece8ba8cee01081d49e486393f26ee1484
SHA1 (patch-ab) = a2abf6e78772e257e2a1973e7730159ff24a91aa
SHA1 (patch-ac) = 96c19300b4188dbcbd202768eea912f675dadc27
SHA1 (patch-ad) = 7232cc7ceb46a2dbf631d61185e4c6ca4af18a13
SHA1 (patch-ae) = ae06caa125fe4d4fc85123dc0a5d0016cd099ebd
SHA1 (patch-af) = d26481845328adad6d46fdf797785ec2ad003e28
-SHA1 (patch-ag) = dbc5fc93448239f56471b482818e16668de4aa83
diff --git a/mail/sendmail/files/site.config.m4-sasl2 b/mail/sendmail/files/site.config.m4-sasl2
new file mode 100644
index 00000000000..03e43159124
--- /dev/null
+++ b/mail/sendmail/files/site.config.m4-sasl2
@@ -0,0 +1,5 @@
+# $NetBSD: site.config.m4-sasl2,v 1.1 2003/03/04 00:21:32 seb Exp $
+
+# enable SASL 2
+APPENDDEF(`confENVDEF', `-DSASL=2')
+APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
diff --git a/mail/sendmail/patches/patch-ag b/mail/sendmail/patches/patch-ag
deleted file mode 100644
index a11b100b9cf..00000000000
--- a/mail/sendmail/patches/patch-ag
+++ /dev/null
@@ -1,62 +0,0 @@
-$NetBSD: patch-ag,v 1.4 2002/10/03 03:59:24 itojun Exp $
-
-http://www.sendmail.org/smrsh.adv.txt
-
---- smrsh/smrsh.c.orig Sat May 25 11:41:31 2002
-+++ smrsh/smrsh.c Thu Oct 3 12:56:10 2002
-@@ -57,6 +57,8 @@
- #include <sm/limits.h>
- #include <sm/string.h>
- #include <sys/file.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
- #include <string.h>
- #include <ctype.h>
- #include <errno.h>
-@@ -145,6 +147,7 @@
- char *newenv[2];
- char pathbuf[1000];
- char specialbuf[32];
-+ struct stat st;
-
- #ifndef DEBUG
- # ifndef LOG_MAIL
-@@ -302,6 +305,38 @@
- (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
- "Trying %s\n", cmdbuf);
- #endif /* DEBUG */
-+ if (stat(cmdbuf, &st) < 0)
-+ {
-+ /* can't stat it */
-+ fprintf(stderr,
-+ "%s: %s not available for sendmail programs (stat failed)\n",
-+ prg, cmd);
-+ if (p != NULL)
-+ *p = ' ';
-+#ifndef DEBUG
-+ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
-+ (int) getuid(), cmd);
-+#endif /* ! DEBUG */
-+ exit(EX_UNAVAILABLE);
-+ }
-+ if (!S_ISREG(st.st_mode)
-+#ifdef S_ISLNK
-+ && !S_ISLNK(st.st_mode)
-+#endif /* S_ISLNK */
-+ )
-+ {
-+ /* can't stat it */
-+ fprintf(stderr,
-+ "%s: %s not available for sendmail programs (not a file)\n",
-+ prg, cmd);
-+ if (p != NULL)
-+ *p = ' ';
-+#ifndef DEBUG
-+ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
-+ (int) getuid(), cmd);
-+#endif /* ! DEBUG */
-+ exit(EX_UNAVAILABLE);
-+ }
- if (access(cmdbuf, X_OK) < 0)
- {
- /* oops.... crack attack possiblity */