Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.11.6 and 8.12.0.Beta19.
These new versions fix a security problem reported by SecurityFocus
regarding command line processing. This vulnerability is present in
sendmail open source versions between 8.10.0 and 8.11.5 as well as all
8.12.0.Beta versions. Therefore, sendmail 8.12.0.Beta users should upgrade
to 8.12.0.Beta19.
The problem was not present in 8.10 or earlier versions. However, as
always, we recommend using the latest version. Note that this problem is
not remotely exploitable.
Fix a possible race condition when sending a HUP signal to restart
the daemon. This could terminate the current process without
starting a new daemon. Problem reported by Wolfgang Breyha
of SE Netway Communications.
Only apply MaxHeadersLength when receiving a message via SMTP or
the command line. Problem noted by Andrey J. Melnikoff.
When finding the system's local hostname on an IPv6-enabled system
which doesn't have any IPv6 interface addresses, fall back
to looking up only IPv4 addresses. Problem noted by Tim
Bosserman of EarthLink.
When commands were being rejected due to check_relay or TCP
Wrappers, the ETRN command was not giving a response.
Incoming IPv4 connections on a Family=inet6 daemon (using
IPv4-mapped addresses) were incorrectly labeled as "may be
forged". Problem noted by Per Steinar Iversen of Oslo
University College.
Shutdown address test mode cleanly on SIGTERM. Problem noted by
Greg King of the OAO Corporation.
Restore the original real uid (changed in main() to prevent
out of band signals) before invoking a delivery agent.
Some delivery agents use this for the "From " envelope
"header". Problem noted by Leslie Carroll of the
University at Albany.
Mark closed file descriptors properly to avoid reuse. Problem
noted by Jeff Bronson of J.D. Bronson, Inc.
Setting Timeout options on the command line will also override
their sub-suboptions in the .cf file, e.g., -O
Timeout.queuereturn=2d will set all queuereturn timeouts
to 2 days. Problem noted by Roger B.A. Klorese.
CONFIG: Fix parsing for IPv6 domain literals in addresses
(user@[IPv6:address]). Problem noted by Liyuan Zhou.
- Save more documentation in %%PREFIX%%/share/doc/sendmail
- Update Sendmail package, only libmilter will be installed.
- Bump PORTREVISION
- Cleanup configuration, reduced overhead in "site.config.m4" files
- New option SENDMAIL_WITHOUT_IPV6=yes
- Use global WITH_TLS as well as SENDMAIL_WITH_TLS
- New slave ports: sendmail-sasl, sendmail-ldap
- vbsfilter now build a package
This is a diff to the current port that implements SFIO and SASL
options support in addition to TLS. It makes the sendmail port
conform more closely to the available documentation for such
security enhancements.
ken@nova.org
- renamed option from SENDMAIL_WITH_TSL to SENDMAIL_WITH_TLS
- new option SENDMAIL_WITH_SFIO
- fixed bug in site.config.m4.sasl
PR: 25661
Submitted by: ken@nova.org
- filters has been removed, will reappear in a seperate port
- install additional headers and libs for SENDMAIL_WITH_MILTER=yes
- pkh-commed reduced to make portlint happy
Reviewed by: gshapiro
New Variable in Makefile for shorter Lines.
Patches for Manpages updated.
PATH was already in CCOPTS when needed, config reduced.
PR: 23977
Submitted by: Dirk Meyer <dirk.meyer@dinoex.sub.org> MAINTAINER
removed. Use of macro APPENDDEF to allow confCOPTS. Also add TCPWRAPPER
and IPv6 support for FreeBSD >= 4.0, as well as optional TSL support,
patches for rmail & mail.local, and other changes.
PR: 22619
Submitted by: MAINTAINER