summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--contrib/doublebounce.pl3
-rwxr-xr-xcontrib/expn.pl3
-rw-r--r--debian/changelog43
-rw-r--r--debian/checksendmail/checksendmail.perl6
-rw-r--r--debian/control1
-rw-r--r--debian/local/site.config.m4.in2
-rw-r--r--debian/patches/Makefile5
-rw-r--r--debian/patches/align.893.p117
-rw-r--r--debian/patches/prescan.8.9.3.patch122
-rw-r--r--debian/patches/proto.m4.8.9.313
-rw-r--r--debian/patches/sendmail.8.9.3.security.cr.patch487
-rw-r--r--debian/patches/src.conf.h.linux54
-rw-r--r--debian/patches/util.c.893.patch48
13 files changed, 799 insertions, 5 deletions
diff --git a/contrib/doublebounce.pl b/contrib/doublebounce.pl
index a853ec1..2a7934e 100644
--- a/contrib/doublebounce.pl
+++ b/contrib/doublebounce.pl
@@ -26,6 +26,7 @@
use Socket;
+use Fcntl;
# look for debug flag
#
@@ -45,7 +46,7 @@ $tmp = "/tmp/doubb$$";
# I thought about reading it into a buffer here, but some messages
# are 10+Mb so a buffer may not be a good idea
#
-if (! open(MSG, "+> $tmp")) {
+if (! sysopen(MSG, "$tmp", O_RDWR|O_CREAT|O_EXCL, 0600)) {
# can't open temp file -- send message to local postmaster
# open(MAIL, "| /usr/sbin/sendmail -oeq postmaster");
print MAIL <STDIN>;
diff --git a/contrib/expn.pl b/contrib/expn.pl
index 57f8515..7e2f730 100755
--- a/contrib/expn.pl
+++ b/contrib/expn.pl
@@ -8,6 +8,7 @@
use 5.001;
use IO::Socket;
+use Fcntl;
# system requirements:
# must have 'nslookup' and 'hostname' programs.
@@ -999,7 +1000,7 @@ sub mxlookup
}
$0 = "$av0 - nslookup of $server";
- open(T,">/tmp/expn$$") || die "open > /tmp/expn$$: $!\n";
+ sysopen(T,"/tmp/expn$$",O_RDWR|O_CREAT|O_EXCL,0600) || die "open > /tmp/expn$$: $!\n";
print T "set querytype=MX\n";
print T "$server\n";
close(T);
diff --git a/debian/changelog b/debian/changelog
index 684ecff..485e1be 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,46 @@
+sendmail (8.9.3-26.1) oldstable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Create temporary files securely
+ Report and patches from Paul Szabo <psz@maths.usyd.edu.au>
+ [debian/checksendmail/checksendmail.perl,
+ contrib/doublebounce.pl,
+ contrib/expn.pl]
+ (Closes: #173243)
+
+ -- Matt Zimmerman <mdz@debian.org> Thu, 24 Apr 2003 12:57:36 -0400
+
+sendmail (8.9.3-26) oldstable-security; urgency=high
+
+ * Buffer overflow in parsing routines closes: #186768
+ Claus Assmann <ca+announce@sendmail.org> writes:
+ > We apologize for releasing this information today (2003-03-29) but
+ > we were forced to do so by an e-mail on a public mailing list (that
+ > has been sent by an irresponsible individual) which contains
+ > information about the security flaw.
+ [...]
+ > SECURITY: Fix a buffer overflow in address parsing due to
+ > a char to int conversion problem which is potentially
+ > remotely exploitable. Problem found by Michal Zalewski.
+ > Note: an MTA that is not patched might be vulnerable to
+ > data that it receives from untrusted sources, which
+ > includes DNS.
+
+ -- Richard A Nelson (Rick) <cowboy@debian.org> Sun, 30 Mar 2003 13:10:00 -0500
+
+sendmail (8.9.3-25) oldstable-security; urgency=high
+
+ * -O0 (to get past ARM)
+ * Remote exploit (CERT Advisory CA-2003-07)
+
+ -- Richard A Nelson (Rick) <cowboy@debian.org> Mon, 03 Mar 2003 19:50:00 -0500
+
+sendmail (8.9.3-24) oldstable-security; urgency=high
+
+ * Remote exploit (CERT Advisory CA-2003-07)
+
+ -- Richard A Nelson (Rick) <cowboy@debian.org> Mon, 03 Mar 2003 18:00:00 -0500
+
sendmail (8.9.3-23) frozen; urgency=low
* Release manager - All these bugs are capable of stopping an upgrade
diff --git a/debian/checksendmail/checksendmail.perl b/debian/checksendmail/checksendmail.perl
index a8e9e11..14f4c14 100644
--- a/debian/checksendmail/checksendmail.perl
+++ b/debian/checksendmail/checksendmail.perl
@@ -24,6 +24,12 @@
$cffile = "/etc/sendmail.cf";
$sendmail = "/usr/sbin/sendmail";
+# Pre-create tmp files (so can use safely)
+use Fcntl;
+foreach ("/tmp/csm$$", "/tmp/csm.in$$") {
+ die "Can't pre-create $_" unless sysopen(T,$_,O_RDWR|O_CREAT|O_EXCL,0600) and close(T);
+}
+
sub usage {
die "Usage: checksendmail [-C cffile.cf] [-r resolve_addrs_file [-T one\@test.addr\n";
}
diff --git a/debian/control b/debian/control
index e82bfae..61fc5c5 100644
--- a/debian/control
+++ b/debian/control
@@ -6,7 +6,6 @@ Standards-Version: 3.1.1
Package: sendmail
Architecture: any
-Build-Depends: debhelper, netbase (<< 3.16-1) | libwrap0-dev, m4
Depends: ${shlibs:Depends}, dpkg (>= 1.4.1.17), m4, awk, procmail | deliver
Recommends: mail-reader, ${perl:Depends} | perl
Conflicts: mail-transport-agent, smail, postfix
diff --git a/debian/local/site.config.m4.in b/debian/local/site.config.m4.in
index 9df1cee..b2eab3e 100644
--- a/debian/local/site.config.m4.in
+++ b/debian/local/site.config.m4.in
@@ -25,7 +25,7 @@ APPENDDEF(`confENVDEF', `-D_PATH_SENDMAIL=\"/usr/sbin/sendmail\"')dnl
#
# compilation
define(`confCC', `gcc')dnl
-define(`confOPTIMIZE', `-O2 -g -Wall')dnl
+define(`confOPTIMIZE', `-O0 -g -Wall')dnl
#
# Database maps, based upon presence of NISPLUS from autoconf
define(`ac_cv_header_rpcsvc_nis_h', `@ac_cv_header_rpcsvc_nis_h@')dnl
diff --git a/debian/patches/Makefile b/debian/patches/Makefile
index b0eff7d..847f7a9 100644
--- a/debian/patches/Makefile
+++ b/debian/patches/Makefile
@@ -27,6 +27,8 @@ patch:
cd src && patch -p0 --version-control=never < ../debian/patches/patch.DOS
patch -p0 --version-control=never -l < debian/patches/cf.mailer.cyrus.m4
patch -p0 --version-control=never -l < debian/patches/patch.mail.local
+ patch -p0 --version-control=never -l < debian/patches/sendmail.8.9.3.security.cr.patch
+ patch -p1 --version-control=never -l < debian/patches/prescan.8.9.3.patch
unpatch:
@@ -41,7 +43,8 @@ unpatch:
cd src && patch -R -p0 --version-control=never < ../debian/patches/patch.DOS
patch -R -p0 --version-control=never -l < debian/patches/cf.mailer.cyrus.m4
patch -R -p0 --version-control=never -l < debian/patches/patch.mail.local
-
+ patch -R -p0 --version-control=never -l < debian/patches/sendmail.8.9.3.security.cr.patch
+ patch -R -p1 --version-control=never -l < debian/patches/prescan.8.9.3.patch
#-------------
binary: binary-indep binary-arch
diff --git a/debian/patches/align.893.p1 b/debian/patches/align.893.p1
new file mode 100644
index 0000000..ff6add3
--- /dev/null
+++ b/debian/patches/align.893.p1
@@ -0,0 +1,17 @@
+--- ./src/main.c.ORIG Sun Jan 10 00:31:13 1999
++++ sendmail-8.9.3/src/main.c Sat Oct 30 04:29:25 1999
+@@ -528,10 +528,12 @@
+ {
+ for (i = 0; hp->h_addr_list[i] != NULL; i++)
+ {
++ struct in_addr ia;
+ char ipbuf[103];
+
++ bcopy(hp->h_addr_list[i], &ia, INADDRSZ);
+ snprintf(ipbuf, sizeof ipbuf, "[%.100s]",
+- inet_ntoa(*((struct in_addr *) hp->h_addr_list[i])));
++ inet_ntoa(ia));
+ if (tTd(0, 4))
+ printf("\ta.k.a.: %s\n", ipbuf);
+ setclass('w', ipbuf);
+
diff --git a/debian/patches/prescan.8.9.3.patch b/debian/patches/prescan.8.9.3.patch
new file mode 100644
index 0000000..03bb80c
--- /dev/null
+++ b/debian/patches/prescan.8.9.3.patch
@@ -0,0 +1,122 @@
+Index: conf.c
+===================================================================
+RCS file: /cvs/sendmail/conf.c,v
+retrieving revision 8.456
+retrieving revision 8.456.2.2
+diff -c -r8.456 -r8.456.2.2
+*** sendmail-8.9.3/src/conf.c 7 Feb 1999 07:26:35 -0000 8.456
+--- conf.c 28 Mar 2003 06:03:22 -0000 8.456.2.2
+***************
+*** 286,291 ****
+--- 286,293 ----
+ DontLockReadFiles = TRUE;
+ DoubleBounceAddr = "postmaster";
+ MaxHeadersLength = MAXHDRSLEN;
++ MaxMimeHeaderLength = MAXLINE;
++ MaxMimeFieldLength = MaxMimeHeaderLength / 2;
+ snprintf(buf, sizeof buf, "%s%sdead.letter",
+ _PATH_VARTMP,
+ _PATH_VARTMP[sizeof _PATH_VARTMP - 2] == '/' ? "" : "/");
+Index: parseaddr.c
+===================================================================
+RCS file: /cvs/sendmail/parseaddr.c,v
+retrieving revision 8.159
+retrieving revision 8.159.2.3
+diff -c -r8.159 -r8.159.2.3
+*** sendmail-8.9.3/src/parseaddr.c 7 Feb 1999 07:26:40 -0000 8.159
+--- parseaddr.c 27 Mar 2003 19:42:23 -0000 8.159.2.3
+***************
+*** 403,409 ****
+ };
+
+
+! # define NOCHAR -1 /* signal nothing in lookahead token */
+
+ char **
+ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
+--- 403,409 ----
+ };
+
+
+! # define NOCHAR (-1) /* signal nothing in lookahead token */
+
+ char **
+ prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
+***************
+*** 486,491 ****
+--- 486,492 ----
+ /* see if there is room */
+ if (q >= &pvpbuf[pvpbsize - 5])
+ {
++ addrtoolong:
+ usrerr("553 Address too long");
+ if (strlen(addr) > (SIZE_T) MAXNAME)
+ addr[MAXNAME] = '\0';
+***************
+*** 497,507 ****
+ }
+
+ /* squirrel it away */
+ *q++ = c;
+ }
+
+ /* read a new input character */
+! c = *p++;
+ if (c == '\0')
+ {
+ /* diagnose and patch up bad syntax */
+--- 498,512 ----
+ }
+
+ /* squirrel it away */
++ #if !ALLOW_255
++ if ((char) c == (char) -1 && !tTd(82, 101))
++ c &= 0x7f;
++ #endif /* !ALLOW_255 */
+ *q++ = c;
+ }
+
+ /* read a new input character */
+! c = (*p++) & 0x00ff;
+ if (c == '\0')
+ {
+ /* diagnose and patch up bad syntax */
+***************
+*** 556,561 ****
+--- 561,569 ----
+ }
+ else if (c != '!' || state == QST)
+ {
++ /* see if there is room */
++ if (q >= &pvpbuf[pvpbsize - 5])
++ goto addrtoolong;
+ *q++ = '\\';
+ continue;
+ }
+***************
+*** 637,642 ****
+--- 645,653 ----
+ /* new token */
+ if (tok != q)
+ {
++ /* see if there is room */
++ if (q >= &pvpbuf[pvpbsize - 5])
++ goto addrtoolong;
+ *q++ = '\0';
+ if (tTd(22, 36))
+ {
+Index: version.c
+===================================================================
+*** sendmail-8.9.3/src/version.c Thu Feb 4 16:38:46 1999
+--- version.c Wed Mar 19 16:33:35 2003
+***************
+*** 14,17 ****
+ static char sccsid[] = "@(#)version.c 8.9.3.1 (Berkeley) 2/4/1999";
+ #endif /* not lint */
+
+! char Version[] = "8.9.3";
+--- 14,17 ----
+ static char sccsid[] = "@(#)version.c 8.9.3.1 (Berkeley) 2/4/1999";
+ #endif /* not lint */
+
+! char Version[] = "8.9.3p2";
diff --git a/debian/patches/proto.m4.8.9.3 b/debian/patches/proto.m4.8.9.3
new file mode 100644
index 0000000..fec4494
--- /dev/null
+++ b/debian/patches/proto.m4.8.9.3
@@ -0,0 +1,13 @@
+*** ./sendmail-8.9.3/cf/m4/proto.m4 Tue Feb 2 15:21:30 1999
+--- proto.m4.n Tue Dec 3 15:32:38 2002
+***************
+*** 1100,1105 ****
+--- 1100,1107 ----
+
+ ifdef(`ACCESS_TABLE', `dnl
+ R$+ $| $+ $: $>LookUpDomain < $1 > <?> < $2 >
++ # empty client_name
++ R $| $+ $: $>LookUpAddress < $1 > <?> < $1 >
+ R<?> < $+ > $: $>LookUpAddress < $1 > <?> < $1 >
+ R<?> < $+ > $: $1
+ R<OK> < $* > $@ OK
diff --git a/debian/patches/sendmail.8.9.3.security.cr.patch b/debian/patches/sendmail.8.9.3.security.cr.patch
new file mode 100644
index 0000000..394ddf6
--- /dev/null
+++ b/debian/patches/sendmail.8.9.3.security.cr.patch
@@ -0,0 +1,487 @@
+Index: headers.c
+===================================================================
+RCS file: /cvs/sendmail/headers.c,v
+retrieving revision 8.139
+retrieving revision 8.139.2.1
+diff -u -w -r8.139 -r8.139.2.1
+--- src/headers.c 7 Feb 1999 07:26:37 -0000 8.139
++++ src/headers.c 20 Jan 2003 18:51:34 -0000 8.139.2.1
+@@ -501,9 +501,10 @@
+ {
+ if (bitset(H_FROM, h->h_flags))
+ {
+- extern char *crackaddr __P((char *));
++ extern char *crackaddr __P((char *, ENVELOPE *));
+
+- expand(crackaddr(buf), buf, sizeof buf, e);
++ expand(crackaddr(buf, e), buf,
++ sizeof buf, e);
+ }
+ h->h_value = newstr(buf);
+ h->h_flags &= ~H_DEFAULT;
+@@ -803,7 +804,11 @@
+ ** it and replaces it with "$g". The parse is totally ad hoc
+ ** and isn't even guaranteed to leave something syntactically
+ ** identical to what it started with. However, it does leave
+-** something semantically identical.
++** something semantically identical if possible, else at least
++** syntactically correct.
++**
++** For example, it changes "Real Name <real@example.com> (Comment)"
++** to "Real Name <$g> (Comment)".
+ **
+ ** This algorithm has been cleaned up to handle a wider range
+ ** of cases -- notably quoted and backslash escaped strings.
+@@ -812,6 +817,7 @@
+ **
+ ** Parameters:
+ ** addr -- the address to be cracked.
++** e -- the current envelope.
+ **
+ ** Returns:
+ ** a pointer to the new version.
+@@ -824,28 +830,50 @@
+ ** be copied if it is to be reused.
+ */
+
++#define SM_HAVE_ROOM ((bp < buflim) && (buflim <= bufend))
++
++/*
++** Append a character to bp if we have room.
++** If not, punt and return $g.
++*/
++
++#define SM_APPEND_CHAR(c) \
++ do \
++ { \
++ if (SM_HAVE_ROOM) \
++ *bp++ = (c); \
++ else \
++ goto returng; \
++ } while (0)
++
++#if MAXNAME < 10
++ERROR MAXNAME must be at least 10
++#endif /* MAXNAME < 10 */
++
+ char *
+-crackaddr(addr)
++crackaddr(addr, e)
+ register char *addr;
++ ENVELOPE *e;
+ {
+ register char *p;
+ register char c;
+- int cmtlev;
+- int realcmtlev;
+- int anglelev, realanglelev;
+- int copylev;
+- int bracklev;
+- bool qmode;
+- bool realqmode;
+- bool skipping;
+- bool putgmac = FALSE;
+- bool quoteit = FALSE;
+- bool gotangle = FALSE;
+- bool gotcolon = FALSE;
++ int cmtlev; /* comment level in input string */
++ int realcmtlev; /* comment level in output string */
++ int anglelev; /* angle level in input string */
++ int copylev; /* 0 == in address, >0 copying */
++ int bracklev; /* bracket level for IPv6 addr check */
++ bool addangle; /* put closing angle in output */
++ bool qmode; /* quoting in original string? */
++ bool realqmode; /* quoting in output string? */
++ bool putgmac = FALSE; /* already wrote $g */
++ bool quoteit = FALSE; /* need to quote next character */
++ bool gotangle = FALSE; /* found first '<' */
++ bool gotcolon = FALSE; /* found a ':' */
+ register char *bp;
+ char *buflim;
+ char *bufhead;
+ char *addrhead;
++ char *bufend;
+ static char buf[MAXNAME + 1];
+
+ if (tTd(33, 1))
+@@ -860,25 +888,22 @@
+ ** adjusted later if we find them.
+ */
+
++ buflim = bufend = &buf[sizeof(buf) - 1];
+ bp = bufhead = buf;
+- buflim = &buf[sizeof buf - 7];
+ p = addrhead = addr;
+- copylev = anglelev = realanglelev = cmtlev = realcmtlev = 0;
++ copylev = anglelev = cmtlev = realcmtlev = 0;
+ bracklev = 0;
+- qmode = realqmode = FALSE;
++ qmode = realqmode = addangle = FALSE;
+
+ while ((c = *p++) != '\0')
+ {
+ /*
+- ** If the buffer is overful, go into a special "skipping"
+- ** mode that tries to keep legal syntax but doesn't actually
+- ** output things.
++ ** Try to keep legal syntax using spare buffer space
++ ** (maintained by buflim).
+ */
+
+- skipping = bp >= buflim;
+-
+- if (copylev > 0 && !skipping)
+- *bp++ = c;
++ if (copylev > 0)
++ SM_APPEND_CHAR(c);
+
+ /* check for backslash escapes */
+ if (c == '\\')
+@@ -893,8 +918,8 @@
+ p--;
+ goto putg;
+ }
+- if (copylev > 0 && !skipping)
+- *bp++ = c;
++ if (copylev > 0)
++ SM_APPEND_CHAR(c);
+ goto putg;
+ }
+
+@@ -902,8 +927,14 @@
+ if (c == '"' && cmtlev <= 0)
+ {
+ qmode = !qmode;
+- if (copylev > 0 && !skipping)
++ if (copylev > 0 && SM_HAVE_ROOM)
++ {
++ if (realqmode)
++ buflim--;
++ else
++ buflim++;
+ realqmode = !realqmode;
++ }
+ continue;
+ }
+ if (qmode)
+@@ -915,15 +946,15 @@
+ cmtlev++;
+
+ /* allow space for closing paren */
+- if (!skipping)
++ if (SM_HAVE_ROOM)
+ {
+ buflim--;
+ realcmtlev++;
+ if (copylev++ <= 0)
+ {
+ if (bp != bufhead)
+- *bp++ = ' ';
+- *bp++ = c;
++ SM_APPEND_CHAR(' ');
++ SM_APPEND_CHAR(c);
+ }
+ }
+ }
+@@ -933,7 +964,7 @@
+ {
+ cmtlev--;
+ copylev--;
+- if (!skipping)
++ if (SM_HAVE_ROOM)
+ {
+ realcmtlev--;
+ buflim++;
+@@ -944,7 +975,7 @@
+ else if (c == ')')
+ {
+ /* syntax error: unmatched ) */
+- if (copylev > 0 && !skipping)
++ if (copylev > 0 && SM_HAVE_ROOM)
+ bp--;
+ }
+
+@@ -962,7 +993,7 @@
+
+ /*
+ ** Check for DECnet phase IV ``::'' (host::user)
+- ** or ** DECnet phase V ``:.'' syntaxes. The latter
++ ** or DECnet phase V ``:.'' syntaxes. The latter
+ ** covers ``user@DEC:.tay.myhost'' and
+ ** ``DEC:.tay.myhost::user'' syntaxes (bletch).
+ */
+@@ -971,10 +1002,10 @@
+ {
+ if (cmtlev <= 0 && !qmode)
+ quoteit = TRUE;
+- if (copylev > 0 && !skipping)
++ if (copylev > 0)
+ {
+- *bp++ = c;
+- *bp++ = *p;
++ SM_APPEND_CHAR(c);
++ SM_APPEND_CHAR(*p);
+ }
+ p++;
+ goto putg;
+@@ -985,41 +1016,43 @@
+ bp = bufhead;
+ if (quoteit)
+ {
+- *bp++ = '"';
++ SM_APPEND_CHAR('"');
+
+ /* back up over the ':' and any spaces */
+ --p;
+- while (isascii(*--p) && isspace(*p))
++ while (p > addr &&
++ isascii(*--p) && isspace(*p))
+ continue;
+ p++;
+ }
+ for (q = addrhead; q < p; )
+ {
+ c = *q++;
+- if (bp < buflim)
+- {
+ if (quoteit && c == '"')
+- *bp++ = '\\';
+- *bp++ = c;
++ {
++ SM_APPEND_CHAR('\\');
++ SM_APPEND_CHAR(c);
+ }
++ else
++ SM_APPEND_CHAR(c);
+ }
+ if (quoteit)
+ {
+ if (bp == &bufhead[1])
+ bp--;
+ else
+- *bp++ = '"';
++ SM_APPEND_CHAR('"');
+ while ((c = *p++) != ':')
+- {
+- if (bp < buflim)
+- *bp++ = c;
+- }
+- *bp++ = c;
++ SM_APPEND_CHAR(c);
++ SM_APPEND_CHAR(c);
+ }
+
+ /* any trailing white space is part of group: */
+- while (isascii(*p) && isspace(*p) && bp < buflim)
+- *bp++ = *p++;
++ while (isascii(*p) && isspace(*p))
++ {
++ SM_APPEND_CHAR(*p);
++ p++;
++ }
+ copylev = 0;
+ putgmac = quoteit = FALSE;
+ bufhead = bp;
+@@ -1028,10 +1061,7 @@
+ }
+
+ if (c == ';' && copylev <= 0 && !ColonOkInAddr)
+- {
+- if (bp < buflim)
+- *bp++ = c;
+- }
++ SM_APPEND_CHAR(c);
+
+ /* check for characters that may have to be quoted */
+ if (strchr(MustQuoteChars, c) != NULL)
+@@ -1059,42 +1089,45 @@
+
+ /* oops -- have to change our mind */
+ anglelev = 1;
+- if (!skipping)
+- realanglelev = 1;
++ if (SM_HAVE_ROOM)
++ {
++ if (!addangle)
++ buflim--;
++ addangle = TRUE;
++ }
+
+ bp = bufhead;
+ if (quoteit)
+ {
+- *bp++ = '"';
++ SM_APPEND_CHAR('"');
+
+ /* back up over the '<' and any spaces */
+ --p;
+- while (isascii(*--p) && isspace(*p))
++ while (p > addr &&
++ isascii(*--p) && isspace(*p))
+ continue;
+ p++;
+ }
+ for (q = addrhead; q < p; )
+ {
+ c = *q++;
+- if (bp < buflim)
+- {
+ if (quoteit && c == '"')
+- *bp++ = '\\';
+- *bp++ = c;
++ {
++ SM_APPEND_CHAR('\\');
++ SM_APPEND_CHAR(c);
+ }
++ else
++ SM_APPEND_CHAR(c);
+ }
+ if (quoteit)
+ {
+ if (bp == &buf[1])
+ bp--;
+ else
+- *bp++ = '"';
++ SM_APPEND_CHAR('"');
+ while ((c = *p++) != '<')
+- {
+- if (bp < buflim)
+- *bp++ = c;
+- }
+- *bp++ = c;
++ SM_APPEND_CHAR(c);
++ SM_APPEND_CHAR(c);
+ }
+ copylev = 0;
+ putgmac = quoteit = FALSE;
+@@ -1106,13 +1139,14 @@
+ if (anglelev > 0)
+ {
+ anglelev--;
+- if (!skipping)
++ if (SM_HAVE_ROOM)
+ {
+- realanglelev--;
++ if (addangle)
+ buflim++;
++ addangle = FALSE;
+ }
+ }
+- else if (!skipping)
++ else if (SM_HAVE_ROOM)
+ {
+ /* syntax error: unmatched > */
+ if (copylev > 0)
+@@ -1121,7 +1155,7 @@
+ continue;
+ }
+ if (copylev++ <= 0)
+- *bp++ = c;
++ SM_APPEND_CHAR(c);
+ continue;
+ }
+
+@@ -1129,30 +1163,42 @@
+ putg:
+ if (copylev <= 0 && !putgmac)
+ {
+- if (bp > bufhead && bp[-1] == ')')
+- *bp++ = ' ';
+- *bp++ = MACROEXPAND;
+- *bp++ = 'g';
++ if (bp > buf && bp[-1] == ')')
++ SM_APPEND_CHAR(' ');
++ SM_APPEND_CHAR(MACROEXPAND);
++ SM_APPEND_CHAR('g');
+ putgmac = TRUE;
+ }
+ }
+
+ /* repair any syntactic damage */
+- if (realqmode)
++ if (realqmode && bp < bufend)
+ *bp++ = '"';
+- while (realcmtlev-- > 0)
++ while (realcmtlev-- > 0 && bp < bufend)
+ *bp++ = ')';
+- while (realanglelev-- > 0)
++ if (addangle && bp < bufend)
+ *bp++ = '>';
+- *bp++ = '\0';
++ *bp = '\0';
++ if (bp < bufend)
++ goto success;
+
++ returng:
++ /* String too long, punt */
++ buf[0] = '<';
++ buf[1] = MACROEXPAND;
++ buf[2]= 'g';
++ buf[3] = '>';
++ buf[4]= '\0';
++ sm_syslog(LOG_ALERT, e->e_id,
++ "Dropped invalid comments from header address");
++
++ success:
+ if (tTd(33, 1))
+ {
+ printf("crackaddr=>`");
+ xputs(buf);
+ printf("'\n");
+ }
+-
+ return (buf);
+ }
+ /*
+Index: main.c
+===================================================================
+RCS file: /cvs/sendmail/main.c,v
+retrieving revision 8.326
+retrieving revision 8.326.2.2
+diff -u -w -r8.326 -r8.326.2.2
+--- src/main.c 7 Feb 1999 07:43:59 -0000 8.326
++++ src/main.c 20 Jan 2003 18:51:34 -0000 8.326.2.2
+@@ -2349,7 +2349,7 @@
+ static int tryflags = RF_COPYNONE;
+ char exbuf[MAXLINE];
+ extern bool invalidaddr __P((char *, char *));
+- extern char *crackaddr __P((char *));
++ extern char *crackaddr __P((char *, ENVELOPE *));
+ extern void dump_class __P((STAB *, int));
+ extern void translate_dollars __P((char *));
+ extern void help __P((char *));
+@@ -2671,7 +2671,7 @@
+ printf("Usage: /parse address\n");
+ return;
+ }
+- q = crackaddr(p);
++ q = crackaddr(p, e);
+ printf("Cracked address = ");
+ xputs(q);
+ printf("\nParsing %s %s address\n",
+Index: parseaddr.c
+===================================================================
+RCS file: /cvs/sendmail/parseaddr.c,v
+retrieving revision 8.159
+retrieving revision 8.159.2.1
+diff -u -w -r8.159 -r8.159.2.1
+--- src/parseaddr.c 7 Feb 1999 07:26:40 -0000 8.159
++++ src/parseaddr.c 20 Jan 2003 18:51:35 -0000 8.159.2.1
+@@ -2053,7 +2053,7 @@
+ static char buf[MAXNAME + 1];
+ char lbuf[MAXNAME + 1];
+ char pvpbuf[PSBUFSIZE];
+- extern char *crackaddr __P((char *));
++ extern char *crackaddr __P((char *, ENVELOPE *));
+
+ if (tTd(12, 1))
+ printf("remotename(%s)\n", name);
+@@ -2076,7 +2076,7 @@
+ if (bitset(RF_CANONICAL, flags) || bitnset(M_NOCOMMENT, m->m_flags))
+ fancy = "\201g";
+ else
+- fancy = crackaddr(name);
++ fancy = crackaddr(name, e);
+
+ /*
+ ** Turn the name into canonical form.
diff --git a/debian/patches/src.conf.h.linux b/debian/patches/src.conf.h.linux
new file mode 100644
index 0000000..745cbce
--- /dev/null
+++ b/debian/patches/src.conf.h.linux
@@ -0,0 +1,54 @@
+diff -c './src/conf.h' 'conf.h'
+Index: ./src/conf.h
+Prereq: 8.385
+*** sendmail-8.9.3/src/conf.h Wed Jul 25 12:23:19 2001
+--- ./src/conf.h Tue Jul 31 16:33:50 2001
+***************
+*** 1274,1280 ****
+
+ #ifdef __linux__
+ # define BSD 1 /* include BSD defines */
+! # define USESETEUID 0 /* Have it due to POSIX, but doesn't work */
+ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */
+ # define HASUNAME 1 /* use System V uname(2) system call */
+ # define HASUNSETENV 1 /* has unsetenv(3) call */
+--- 1274,1280 ----
+
+ #ifdef __linux__
+ # define BSD 1 /* include BSD defines */
+! # define USESETEUID 1 /* Have it due to POSIX, but doesn't work */
+ # define NEEDGETOPT 1 /* need a replacement for getopt(3) */
+ # define HASUNAME 1 /* use System V uname(2) system call */
+ # define HASUNSETENV 1 /* has unsetenv(3) call */
+***************
+*** 1283,1289 ****
+ # endif
+ # define ERRLIST_PREDEFINED /* don't declare sys_errlist */
+ # define GIDSET_T gid_t /* from <linux/types.h> */
+! # define HASGETUSERSHELL 0 /* getusershell(3) broken in Slackware 2.0 */
+ # define IP_SRCROUTE 0 /* linux <= 1.2.8 doesn't support IP_OPTIONS */
+ # define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */
+ # ifndef HASFLOCK
+--- 1283,1289 ----
+ # endif
+ # define ERRLIST_PREDEFINED /* don't declare sys_errlist */
+ # define GIDSET_T gid_t /* from <linux/types.h> */
+! # define HASGETUSERSHELL 1 /* getusershell(3) broken in Slackware 2.0 */
+ # define IP_SRCROUTE 0 /* linux <= 1.2.8 doesn't support IP_OPTIONS */
+ # define USE_SIGLONGJMP 1 /* sigsetjmp needed for signal handling */
+ # ifndef HASFLOCK
+***************
+*** 1307,1312 ****
+--- 1307,1318 ----
+ # endif
+ # include <sys/sysmacros.h>
+ # undef atol /* wounded in <stdlib.h> */
++ # if !defined(KERNEL_VERSION) /* not defined in 2.0.x kernel series */
++ # define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
++ # endif /* !defined(KERNEL_VERSION) */
++ # if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,36))
++ # define HASFCHMOD 1 /* fchmod(2) */
++ # endif /* (LINUX_VERSION_CODE >= KERNEL_VERSION(2,0,36)) */
+ #endif
+
+
diff --git a/debian/patches/util.c.893.patch b/debian/patches/util.c.893.patch
new file mode 100644
index 0000000..fb71fcd
--- /dev/null
+++ b/debian/patches/util.c.893.patch
@@ -0,0 +1,48 @@
+--- ./src/util.c.orig Fri Jan 22 07:18:40 1999
++++ sendmail-8.9.3/src/util.c Thu Apr 29 02:34:21 1999
+@@ -2086,6 +2086,8 @@
+ ProcListVec = npv;
+ }
+ ProcListVec[i].proc_pid = pid;
++ if (ProcListVec[i].proc_task != NULL)
++ free(ProcListVec[i].proc_task);
+ ProcListVec[i].proc_task = newstr(task);
+
+ /* if process adding itself, it's not a child */
+@@ -2142,11 +2144,6 @@
+ if (ProcListVec[i].proc_pid == pid)
+ {
+ ProcListVec[i].proc_pid = NO_PID;
+- if (ProcListVec[i].proc_task != NULL)
+- {
+- free(ProcListVec[i].proc_task);
+- ProcListVec[i].proc_task = NULL;
+- }
+ break;
+ }
+ }
+@@ -2172,11 +2169,6 @@
+ for (i = 1; i < ProcListSize; i++)
+ {
+ ProcListVec[i].proc_pid = NO_PID;
+- if (ProcListVec[i].proc_task != NULL)
+- {
+- free(ProcListVec[i].proc_task);
+- ProcListVec[i].proc_task = NULL;
+- }
+ }
+ CurChildren = 0;
+ }
+@@ -2207,11 +2199,6 @@
+ "proc_list_probe: lost pid %d",
+ (int) ProcListVec[i].proc_pid);
+ ProcListVec[i].proc_pid = NO_PID;
+- if (ProcListVec[i].proc_task != NULL)
+- {
+- free(ProcListVec[i].proc_task);
+- ProcListVec[i].proc_task = NULL;
+- }
+ CurChildren--;
+ }
+ }
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-26 20:44:09 +0000