pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/mail/sendmail Update sendmail to 8.15.1: this is most...
details: https://anonhg.NetBSD.org/pkgsrc/rev/3fd5a22cd7fc
branches: trunk
changeset: 642893:3fd5a22cd7fc
user: jnemeth <jnemeth%pkgsrc.org@localhost>
date: Sat Dec 06 23:22:20 2014 +0000
description:
Update sendmail to 8.15.1: this is mostly a feature/bugfix release.
Note that there was an incompatible config change for IPv6 users.
See the MESSAGE file for details.
pkgsrc change: delete a couple of patches that have been upstreamed
Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.15.1. This release:
o offers more TLS related features,
o does not ignore temporary map lookup failures during header rewriting,
o uses uncompressed IPv6 addresses by default, which is an incompatible
change that requires to update IPv6 related configuration data.
as well as many other enhancements. For details see the release
notes below.
SENDMAIL RELEASE NOTES
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
8.15.1/8.15.1 2014/12/06
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
If header rewriting fails due to a temporary map lookup failure,
queue the mail for later retry instead of sending it
without rewriting the header. Note: this is done
while the mail is being sent and hence the transaction
is aborted, which only works for SMTP/LMTP mailers
hence the handling of temporary map failures is
suppressed for other mailers. SMTP/LMTP servers may
complain about aborted transactions when this problem
occurs.
See also "DNS Lookups" in sendmail/TUNING.
Incompatible Change: Use uncompressed IPv6 addresses by default,
i.e., they will not contain "::". For example,
instead of ::1 it will be 0:0:0:0:0:0:0:1. This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
This change requires that configuration data
(including maps, files, classes, custom ruleset,
etc) must use the same format, so make certain such
configuration data is updated before using 8.15.
As a very simple check search for patterns like
'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
the prior format can be retained by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
in your devtools/Site/site.config.m4 file.
If debugging is turned on (-d0.14) also print the OpenSSL
versions, both build time and run time
(provided STARTTLS is compiled in).
If a connection to the MTA is dropped by the client before its
hostname can be validated, treat it as "may be forged",
so that the unvalidated hostname is not passed to a
milter in xxfi_connect().
Add a timeout for communication with socket map servers
which can be specified using the -d option.
Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
numeric logins even if HESIOD is enabled.
The new option CertFingerprintAlgorithm specifies the finger-
print algorithm (digest) to use for the presented cert.
If the option is not set, md5 is used and the macro
{cert_md5} contains the cert fingerprint.
However, if the option is set, the specified algorithm
(e.g., sha1) is used and the macro {cert_fp} contains
the cert fingerprint.
That is, as long as the option is not set, the behaviour
does not change, but otherwise, {cert_md5} is superseded
by {cert_fp} even if you set CertFingerprintAlgorithm
to md5.
The options ServerSSLOptions and ClientSSLOptions can be used
to set SSL options for the server and client side
respectively. See SSL_CTX_set_options(3) for a list.
Note: this change turns on SSL_OP_NO_SSLv2 and
SSL_OP_NO_TICKET for the client. See doc/op/op.me
for details.
A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
address. It returns the string for the PTR lookup, but
without trailing {ip6,in-addr}.arpa.
New operation mode 'C' just checks the configuration file, e.g.,
sendmail -C new.cf -bC
will perform a basic syntax/consistency check of new.cf.
The mailer flag 'I' is deprecated and will be removed in a
future version.
Allow local (not just TCP) socket connections to the server, e.g.,
O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
can be used.
If the new option MaxQueueAge is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached which
is doubled for each attempt. The maximum retry time is
limited by the specified value.
New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
to relax requirement for DefaultAuthInfo file.
Reset timeout after receiving a message to appropriate value if
STARTTLS is in use. Based on patch by Kelsey Cummings
of Sonic.net.
Report correct error messages from the LDAP library for a range of
small negative return values covering those used by OpenLDAP.
Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
Allan E Johannesen of Worcester Polytechnic Institute.
CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
nospecial which describes whether to disallow "%" in the
local part of an address.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
LIBMILTER: Mark communication socket as close-on-exec in case
a user's filter starts other applications.
Based on patch from Paul Howarth.
Portability:
SunOS 5.12 has changed the API for sigwait(2) to conform
with XPG7. Based on patch from Roger Faulkner of Oracle.
Deleted Files:
libsm/path.c
diffstat:
mail/sendmail/MESSAGE | 25 ++++++++++++++++++++++++-
mail/sendmail/Makefile | 3 +--
mail/sendmail/Makefile.common | 4 ++--
mail/sendmail/PLIST | 6 +++++-
mail/sendmail/distinfo | 12 ++++++------
mail/sendmail/patches/patch-aw | 31 +++----------------------------
mail/sendmail/patches/patch-az | 8 ++++----
7 files changed, 45 insertions(+), 44 deletions(-)
diffs (202 lines):
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/MESSAGE
--- a/mail/sendmail/MESSAGE Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/MESSAGE Sat Dec 06 23:22:20 2014 +0000
@@ -1,5 +1,28 @@
===========================================================================
-$NetBSD: MESSAGE,v 1.7 2012/12/20 20:38:46 jnemeth Exp $
+$NetBSD: MESSAGE,v 1.8 2014/12/06 23:22:20 jnemeth Exp $
+
+INCOMPATIBLE CONFIG CHANGE
+
+If you are updating from a previous version to 8.15.1 or later,
+note that there has been an incompatible config change for IPv6
+addresses:
+
+ Incompatible Change: Use uncompressed IPv6 addresses by default,
+ i.e., they will not contain "::". For example,
+ instead of ::1 it will be 0:0:0:0:0:0:0:1. This
+ permits a zero subnet to have a more specific match,
+ such as different map entries for IPv6:0:0 vs IPv6:0.
+ This change requires that configuration data
+ (including maps, files, classes, custom ruleset,
+ etc) must use the same format, so make certain such
+ configuration data is updated before using 8.15.
+ As a very simple check search for patterns like
+ 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
+ the prior format can be retained by compiling with:
+ APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
+ in your devtools/Site/site.config.m4 file.
+
+===========================================================================
To use "${PKGNAME}" as the system's mail transport agent you have
to install "${PREFIX}/share/examples/sendmail/mailer.conf" as global
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/Makefile
--- a/mail/sendmail/Makefile Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/Makefile Sat Dec 06 23:22:20 2014 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.126 2014/09/19 21:24:05 jnemeth Exp $
+# $NetBSD: Makefile,v 1.127 2014/12/06 23:22:20 jnemeth Exp $
PKGNAME= sendmail-${DIST_VERS}
-PKGREVISION= 4
COMMENT= The well known Mail Transport Agent
CONFLICTS+= courier-mta-[0-9]* fastforward>=0.51nb2 postfix-[0-9]*
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/Makefile.common
--- a/mail/sendmail/Makefile.common Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/Makefile.common Sat Dec 06 23:22:20 2014 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.61 2014/06/15 20:48:49 jnemeth Exp $
+# $NetBSD: Makefile.common,v 1.62 2014/12/06 23:22:20 jnemeth Exp $
#
# used by mail/libmilter/Makefile
# used by mail/sendmail/Makefile
@@ -22,7 +22,7 @@
USE_LANGUAGES= c99
-DIST_VERS= 8.14.9
+DIST_VERS= 8.15.1
MAKE_ENV+= BSD_BINOWN=${BINOWN} BSD_BINGRP=${BINGRP} \
BSD_MANOWN=${MANOWN} BSD_MANGRP=${MANGRP} \
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/PLIST
--- a/mail/sendmail/PLIST Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/PLIST Sat Dec 06 23:22:20 2014 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.22 2014/06/22 11:42:35 hauke Exp $
+@comment $NetBSD: PLIST,v 1.23 2014/12/06 23:22:20 jnemeth Exp $
bin/hoststat
bin/mailq
bin/newaliases
@@ -96,6 +96,7 @@
share/sendmail/feature/always_add_domain.m4
share/sendmail/feature/authinfo.m4
share/sendmail/feature/badmx.m4
+share/sendmail/feature/bcc.m4
share/sendmail/feature/bestmx_is_local.m4
share/sendmail/feature/bitdomain.m4
share/sendmail/feature/blacklist_recipients.m4
@@ -123,9 +124,11 @@
share/sendmail/feature/mtamark.m4
share/sendmail/feature/no_default_msa.m4
share/sendmail/feature/nocanonify.m4
+share/sendmail/feature/nopercenthack.m4
share/sendmail/feature/notsticky.m4
share/sendmail/feature/nouucp.m4
share/sendmail/feature/nullclient.m4
+share/sendmail/feature/prefixmod.m4
share/sendmail/feature/preserve_local_plus_detail.m4
share/sendmail/feature/preserve_luser_host.m4
share/sendmail/feature/promiscuous_relay.m4
@@ -147,6 +150,7 @@
share/sendmail/feature/virtuser_entire_domain.m4
share/sendmail/feature/virtusertable.m4
share/sendmail/hack/cssubdomain.m4
+share/sendmail/hack/xconnect.m4
share/sendmail/m4/cf.m4
share/sendmail/m4/cfhead.m4
share/sendmail/m4/proto.m4
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/distinfo
--- a/mail/sendmail/distinfo Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/distinfo Sat Dec 06 23:22:20 2014 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.54 2014/09/24 13:27:03 joerg Exp $
+$NetBSD: distinfo,v 1.55 2014/12/06 23:22:20 jnemeth Exp $
-SHA1 (sendmail.8.14.9.tar.gz) = fcf92eb0c119da1593ccda96ee24b4d0b0b21fd7
-RMD160 (sendmail.8.14.9.tar.gz) = da36f900a94c9300521a60bf917ed3e5d6c88d1e
-Size (sendmail.8.14.9.tar.gz) = 2114293 bytes
+SHA1 (sendmail.8.15.1.tar.gz) = ab5a2e80927c52c3621240d6bc424fb4b4d65f99
+RMD160 (sendmail.8.15.1.tar.gz) = 07d76be08fcc9d42480b9aef0799345ed51cda30
+Size (sendmail.8.15.1.tar.gz) = 2186562 bytes
SHA1 (patch-aa) = bd1ab754f7146d002eaf8c0347e114b4049a7776
SHA1 (patch-af) = bd3e26b0e78eadd610713430ae6deac888176442
SHA1 (patch-ag) = f76de45c7e8d16207670e151265b7edbca4c045c
@@ -18,10 +18,10 @@
SHA1 (patch-at) = 7c206df88d29671faef950276a5119ef2f525f4b
SHA1 (patch-au) = 87e907f36482f3ca03754160bc1ee106e17e3aaa
SHA1 (patch-av) = 1b6bd4547930507ab67427bcf8a390c0afce0fb0
-SHA1 (patch-aw) = 76402522b3737c5bde2ee9061f76cdf73f232853
+SHA1 (patch-aw) = 9077b9fc4063bd1a66500b203d246bcddae8eb0f
SHA1 (patch-ax) = adba9177404e10d5f461e1e8f0c4dd5840d78dd1
SHA1 (patch-ay) = 94f9c633c1d15037ddd0a6ed46a4f3aaec236fc2
-SHA1 (patch-az) = e067d46657593348e7df912d1d54c02c0dfd54ed
+SHA1 (patch-az) = 592ec93f700723485a5969ae1f1836c64975d1d0
SHA1 (patch-ba) = c190b11b9874f00a18b9c75b6e734f4a9dd3f68f
SHA1 (patch-bb) = 6c86a60af25b02fc0389f1d40f59c5031d9679f1
SHA1 (patch-bc) = 9e7346342dfe1ca5d84053b913df4be41a979683
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/patches/patch-aw
--- a/mail/sendmail/patches/patch-aw Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/patches/patch-aw Sat Dec 06 23:22:20 2014 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-aw,v 1.3 2014/06/20 16:26:55 jnemeth Exp $
+$NetBSD: patch-aw,v 1.4 2014/12/06 23:22:20 jnemeth Exp $
---- sendmail/readcf.c.orig 2014-05-16 20:40:15.000000000 +0000
+--- sendmail/readcf.c.orig 2014-10-22 16:33:53.000000000 +0000
+++ sendmail/readcf.c
@@ -20,6 +20,10 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013
# include <arpa/inet.h>
@@ -13,32 +13,7 @@
#define SECONDS
#define MINUTES * 60
-@@ -124,6 +128,14 @@ readcf(cfname, safe, e)
- | SSL_OP_NO_TICKET
- #endif
- ;
-+#ifdef SSL_OP_TLSEXT_PADDING
-+ /*
-+ * For now disable SSL_OP_TLSEXT_PADDING: with OpenSSL 1.0.1g
-+ * and 1.0.1h it breaks compatibility with some sites.
-+ */
-+ Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
-+ Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
-+#endif
- #endif /* STARTTLS */
- if (DontLockReadFiles)
- sff |= SFF_NOLOCK;
-@@ -2406,6 +2418,9 @@ static struct ssl_options
- #ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
- { "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
- #endif
-+#ifdef SSL_OP_TLSEXT_PADDING
-+ { "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING },
-+#endif
- { NULL, 0 }
- };
- #endif /* STARTTLS && _FFR_TLS_1 */
-@@ -2810,13 +2825,13 @@ setoption(opt, val, safe, sticky, e)
+@@ -2999,13 +3003,13 @@ setoption(opt, val, safe, sticky, e)
if (rfp->rf_name == NULL)
syserr("readcf: I option value %s unrecognized", q);
else if (clearmode)
diff -r 2855d8d29ba9 -r 3fd5a22cd7fc mail/sendmail/patches/patch-az
--- a/mail/sendmail/patches/patch-az Sat Dec 06 22:35:24 2014 +0000
+++ b/mail/sendmail/patches/patch-az Sat Dec 06 23:22:20 2014 +0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-az,v 1.1 2014/06/15 20:48:50 jnemeth Exp $
+$NetBSD: patch-az,v 1.2 2014/12/06 23:22:20 jnemeth Exp $
---- sendmail/srvrsmtp.c.orig 2014-05-16 20:40:15.000000000 +0000
+--- sendmail/srvrsmtp.c.orig 2014-11-12 03:02:04.000000000 +0000
+++ sendmail/srvrsmtp.c
@@ -46,6 +46,10 @@ static bool tls_ok_srv = false;
static bool NotFirstDelivery = false;
@@ -13,7 +13,7 @@
/* server features */
#define SRV_NONE 0x0000 /* none... */
#define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */
-@@ -3731,8 +3735,8 @@ smtp_data(smtp, e)
+@@ -3983,8 +3987,8 @@ smtp_data(smtp, e)
id = e->e_id;
#if NAMED_BIND
@@ -23,4 +23,4 @@
+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
#endif /* NAMED_BIND */
-
+ #if _FFR_PROXY
Home |
Main Index |
Thread Index |
Old Index