Sendmail 8.12.4
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.4. It contains several bug fixes which are listed in the release notes given below. Please take a look at the new section FILE AND MAP PERMISSIONS in the topmost README file. A corresponding security advisory has been released. The default permissions for database files (including aliases) have been changed from 0644 to 0640.
The version can be found at
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.4.tar.gz ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.4.tar.Z ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.4.tar.sigMD5 signatures:
74121c90862fecafb3db69dc144fc910 sendmail.8.12.4.tar.gz 88549352ff7f17f94faddb885e9b49dd sendmail.8.12.4.tar.Z ec9073daf27242a95f738369ff41723c sendmail.8.12.4.tar.sig
You only need one of the first two files (either the gzip'ed version or the compressed version). The .sig file contains the PGP signature of the tar file (after uncompressing it). The PGP signature was created using the Sendmail Signing Key/2002, available on the web site (http://www.sendmail.org/) or on the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
8.12.4/8.12.4 2002/06/03 SECURITY: Inherent limitations in the UNIX file locking model can leave systems open to a local denial of service attack. Be sure to read the "FILE AND MAP PERMISSIONS" section of the top level README for more information. Problem noted by lumpy. Use TempFileMode (defaults to 0600) for the permissions of PidFile instead of 0644. Change the default file permissions for new alias database files from 0644 to 0640. This can be overridden at compile time by setting the DBMMODE macro. Fix a potential core dump problem if the environment variable NAME is set. Problem noted by Beth A. Chaney of Purdue University. Expand macros before passing them to libmilter. Problem noted by Jose Marcio Martins da Cruz of Ecole Nationale Superieure des Mines de Paris. Rewind the df (message body) before truncating it when libmilter replaces the body of a message. Problem noted by Gisle Aas of Active State. Change SMTP reply code for AUTH failure from 500 to 535 and the initial zero-length response to "=" per RFC 2554. Patches from Kenneth Murchison of Oceana Matrix Ltd. Do not try to fix broken message/rfc822 MIME attachments by inserting a MIME-Version: header when MaxMimeHeaderLength is set and no 8 to 7 bit conversion is needed. Based on patch from Rehor Petr of ICZ (Czech Republic). Do not log "did not issue MAIL/EXPN/VRFY/ETRN" if the connection is rejected anyway. Noted by Chris Loelke. Mention the submission mail queue in the mailq man page. Requested by Bill Fenner of AT&T. Set ${msg_size} macro when reading a message from the command line or the queue. Detach from shared memory before dropping privileges back to user who started sendmail. If AllowBogusHELO is set to false (default) then also complain if the argument to HELO/EHLO contains white space. Suggested by Seva Gluschenko of Cronyx Plus. Allow symbolicly linked forward files in writable directory paths if both ForwardFileInUnsafeDirPath and LinkedForwardFileInWritableDir DontBlameSendmail options are set. Problem noted by Werner Spirk of Leibniz-Rechenzentrum Munich. Portability: Operating systems that lack the ftruncate() call will not be able to use Milter's body replacement feature. This only affects Altos, Maxion, and MPE/iX. Digital UNIX 5.0 has changed flock() semantics to be non-compliant. Problem noted by Martin Mokrejs of Charles University in Prague. The sparc64 port of FreeBSD 5.0 now supports shared memory. CONFIG: FEATURE(`preserve_luser_host') needs the macro map. Problem noted by Andrzej Filip. CONFIG: Using 'local:' as a mailertable value with FEATURE(`preserve_luser_host') and LUSER_RELAY caused mail to be misaddressed. Problem noted by Andrzej Filip. CONFIG: Provide a workaround for DNS based rejection lists that fail for AAAA queries. Problem noted by Chris Boyd. CONFIG: Accept the machine's hostname as resolvable when checking the sender address. This allows locally submitted mail to be accepted if the machine isn't connected to a nameserver and doesn't have an /etc/hosts entry for itself. Problem noted by Robert Watson of the TrustedBSD Project. CONFIG: Use deferred expansion for checking the ${deliveryMode} macro in case the SMTP VERB command is used. Problem noted by Bryan Costales. CONFIG: Avoid a duplicate '@domain' virtusertable lookup if no matches are found. Fix from Andrzej Filip. CONFIG: Fix wording in default dnsbl rejection message. Suggested by Lou Katz of Metron Computerware, Ltd. CONFIG: Add mailer cyrusv2 for Cyrus V2. Contributed by Kenneth Murchison of Oceana Matrix Ltd. CONTRIB: Fix wording in default dnsblaccess rejection message to match dnsbl change. DEVTOOLS: Add new option for access mode of statistics file, confSTMODE, which specifies the permissions when initially installing the sendmail statistics file. LIBMILTER: Mark the listening socket as close-on-exec in case a user's filter starts other applications. LIBSM: Allow the MBDB initialize, lookup, and/or terminate functions in SmMbdbTypes to be set to NULL. MAKEMAP: Change the default file permissions for new databases from 0644 to 0640. This can be overridden at compile time by setting the DBMMODE macro. SMRSH: Fix man page bug: replace SMRSH_CMDBIN with SMRSH_CMDDIR. Problem noted by Dave Alden of Ohio State University. VACATION: When listing the vacation database (-l), don't show bogus timestamps for excluded (-x) addresses. Problem noted by Bryan Costales. New Files: cf/mailer/cyrusv2.m4
