5907884 2000-12-31 13:38 +0100 /173 rader/ Oonk, Patrick <patrick@PINE.NL>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-02 20:23 av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: patrick@PINE.NL
Mottagare: Bugtraq (import) <14568>
Ärende: sendmail 8.11.2 released
------------------------------------------------------------
From: "Oonk, Patrick" <patrick@PINE.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <200012311238.eBVCcxK07827@atro.pine.nl>
-----BEGIN PGP SIGNED MESSAGE-----
Sendmail, Inc. and the Sendmail Consortium are proud to announce the
release of sendmail 8.11.2. This is a maintenance release which
contains bug fixes for problems found after 8.11.1 was released.
The release is available from:
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.2.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.2.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.2.tar.sig
with MD5 signatures:
eee46aa3a3215e02c1aa7f1c49c5e99c sendmail.8.11.2.tar.gz
5926b1c69de31439270c80e39060aeba sendmail.8.11.2.tar.Z
0ac224696ac5492abbf60714f25269f9 sendmail.8.11.2.tar.sig
You only need one of the first two files (either the gzip'ed version
or the compressed version). The .sig file is a PGP signatures of the
tar file (after uncompressing it). It is signed with the Sendmail
Signing Key/2000, available on the web site
(http://www.sendmail.org/) or on the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG
CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST
COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS
ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS
PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST
EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR
OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO
ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS
ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT
IS YOUR RESPONSIBILITY.
8.11.2/8.11.2 2000/12/29
Prevent a segmentation fault when trying to set a class in
address test mode due to a negative array index. Audit
other array indexing. This bug is not believed to be
exploitable. Noted by Michal Zalewski of the "Internet for
Schools" project (IdS).
Add an FFR (for future release) to drop privileges when using
address test mode. This will be turned on in 8.12. It can
be enabled by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_TESTMODE_DROP_PRIVS')
in your devtools/Site/site.config.m4 file. Suggested by
Michal Zalewski of the "Internet for Schools" project (IdS).
Fix potential problem with Cyrus-SASL security layer which may have
caused I/O errors, especially for mechanism DIGEST-MD5.
When QueueSortOrder was set to host, sendmail might not read
enough of the queue file to determine the host, making the
sort sub-optimal. Problem noted by Jeff Earickson of
Colby College.
Don't issue DSNs for addresses which use the NOTIFY parameter (per
RFC 1891) but don't have FAILURE as value.
Initialize Cyrus-SASL library before the SMTP daemon is started.
This implies that every change to SASL related files requires
a restart of the daemon, e.g., Sendmail.conf, new SASL
mechanisms (in form of shared libraries).
Properly set the STARTTLS related macros during a queue run for
a cached connection. Bug reported by Michael Kellen of
NxNetworks, Inc.
Log the server name in relay= for ruleset tls_server instead of the
client name.
Include original length of bad field/header when reporting
MaxMimeHeaderLength problems. Requested by Ulrich Windl of
the Universitat Regensburg.
Fix delivery to set-user-ID files that are expanded from aliases in
DeliveryMode queue. Problem noted by Ric Anderson of the
University of Arizona.
Fix LDAP map -m (match only) flag. Problem noted by Jeff Giuliano
of Collective Technologies.
Avoid using a negative argument for sleep() calls when delaying answers
to EXPN/VRFY commands on systems which respond very slowly.
Problem noted by Mikolaj J. Habryn of Optus Internet
Engineering.
Make sure the F=u flag is set in the default prog mailer
definition. Problem noted by Kari Hurtta of the Finnish
Meteorological Institute.
Fix IPv6 check for unspecified addresses. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Fix return values for IRIX nsd map. From Kari Hurtta of the Finnish
Meteorological Institute.
Fix parsing of DaemonPortOptions and ClientPortOptions. Read all
of the parameters to find Family= setting before trying to
interpret Addr= and Port=. Problem noted by Valdis
Kletnieks of Virginia Tech.
When delivering to a file directly from an alias, do not call
initgroups(); instead use the DefaultUser group information.
Problem noted by Marc Schaefer of ALPHANET NF.
RunAsUser now overrides the ownership of the control socket, if
created. Otherwise, sendmail can not remove it upon
close. Problem noted by Werner Wiethege.
Fix ConnectionRateThrottle counting as the option is the number of
overall connections, not the number of connections per
socket. A future version may change this to per socket
counting.
Portability:
Clean up libsmdb so it functions properly on platforms
where sizeof(u_int32_t) != sizeof(size_t). Problem
noted by Rein Tollevik of Basefarm AS.
Fix man page formatting for compatibility with Solaris'
whatis. From Stephen Gildea of InTouch Systems, Inc.
UnixWare 7 includes snprintf() support. From Larry
Rosenman.
IPv6 changes for platforms using KAME. Patch from
Jun-ichiro itojun Hagino of the KAME Project.
Avoid a typedef compile conflict with Berkeley DB 3.X and
Solaris 2.5 or earlier. Problem noted by Bob Hughes
of Pacific Access.
Add preliminary support for AIX 5. Contributed by
Valdis Kletnieks of Virginia Tech.
Solaris 9 load average support from Andrew Tucker of Sun
Microsystems.
CONFIG: Reject addresses of the form a!b if FEATURE(`nouucp', `r')
is used. Problem noted by Phil Homewood of Asia Online,
patch from Neil Rickert of Northern Illinois University.
CONFIG: Change the default DNS based blacklist server for
FEATURE(`dnsbl') to blackholes.mail-abuse.org.
CONFIG: Deal correctly with the 'C' flag in {daemon_flags}, i.e.,
implicitly assume canonical host names.
CONFIG: Deal with "::" in IPv6 addresses for access_db. Based on
patch by Motonori Nakamura of Kyoto University.
CONFIG: New OSTYPE(`aix5') contributed by Valdis Kletnieks of
Virginia Tech.
CONFIG: Pass the illegal header form <list:;> through untouched
instead of making it worse. Problem noted by Motonori
Nakamura of Kyoto University.
CONTRIB: Added buildvirtuser (see `perldoc contrib/buildvirtuser`).
CONTRIB: qtool.pl: An empty queue is not an error. Problem noted
by Jan Krueger of digitalanswers communications consulting
gmbh.
CONTRIB: domainmap.m4: Handle domains with '-' in them. From Mark
Roth of the University of Illinois at Urbana-Champaign.
DEVTOOLS: Change the internal devtools OS, REL, and ARCH m4
variables into bldOS, bldREL, and bldARCH to prevent
namespace collisions. Problem noted by Motonori Nakamura
of Kyoto University.
RMAIL: Undo the 8.11.1 change to use -G when calling sendmail. It
causes some changes in behavior and may break rmail for
installations where sendmail is actually a wrapper to
another MTA. The change will re-appear in a future
version.
SMRSH: Use the vendor supplied directory on HPUX 10.X, HPUX 11.X,
and SunOS 5.8. Requested by Jeff A. Earickson of Colby
College and John Beck of Sun Microsystems.
VACATION: Fix pattern matching for addresses to ignore.
VACATION: Don't reply to addresses of the form owner-*
or *-owner.
New Files:
cf/ostype/aix5.m4
contrib/buildvirtuser
devtools/OS/AIX.5.0
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
Charset: noconv
iQCVAwUBOk2GO3xLZ22gDhVjAQEzJQP9HAQK3OdoYdctpsVXbkzqusHTCfKXY86A
gHi5ZuKnlC7aJ2q1CCF/FIM4nvG20PeyQATIBb9znFh0/4QdfkzjcPO4udPARNkp
uBBL/YWys7upBWKsq52ZBG9VdNkx8FlMGrc/dATstkd0QiBgAYPOgA9eiGp4r0Kh
E/nD/GfjNoc=
=D7oT
-----END PGP SIGNATURE-----
(5907884) --------------------------------(Ombruten)