RELEASE_NOTES (77349) | RELEASE_NOTES (80785) |
---|---|
1 SENDMAIL RELEASE NOTES | 1 SENDMAIL RELEASE NOTES |
2 $Id: RELEASE_NOTES,v 8.561.2.5.2.235 2001/05/27 21:39:16 gshapiro Exp $ | 2 $Id: RELEASE_NOTES,v 8.561.2.5.2.254 2001/07/31 22:42:46 gshapiro Exp $ |
3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 | 3 4 5This listing shows the version of the sendmail binary, the version 6of the sendmail configuration files, the date of release, and a 7summary of the changes in that release. 8 |
98.11.5/8.11.5 2001/07/31 10 Fix a possible race condition when sending a HUP signal to restart 11 the daemon. This could terminate the current process without 12 starting a new daemon. Problem reported by Wolfgang Breyha 13 of SE Netway Communications. 14 Only apply MaxHeadersLength when receiving a message via SMTP or 15 the command line. Problem noted by Andrey J. Melnikoff. 16 When finding the system's local hostname on an IPv6-enabled system 17 which doesn't have any IPv6 interface addresses, fall back 18 to looking up only IPv4 addresses. Problem noted by Tim 19 Bosserman of EarthLink. 20 When commands were being rejected due to check_relay or TCP 21 Wrappers, the ETRN command was not giving a response. 22 Incoming IPv4 connections on a Family=inet6 daemon (using 23 IPv4-mapped addresses) were incorrectly labeled as "may be 24 forged". Problem noted by Per Steinar Iversen of Oslo 25 University College. 26 Shutdown address test mode cleanly on SIGTERM. Problem noted by 27 Greg King of the OAO Corporation. 28 Restore the original real uid (changed in main() to prevent 29 out of band signals) before invoking a delivery agent. 30 Some delivery agents use this for the "From " envelope 31 "header". Problem noted by Leslie Carroll of the 32 University at Albany. 33 Mark closed file descriptors properly to avoid reuse. Problem 34 noted by Jeff Bronson of J.D. Bronson, Inc. 35 Setting Timeout options on the command line will also override 36 their sub-suboptions in the .cf file, e.g., -O 37 Timeout.queuereturn=2d will set all queuereturn timeouts 38 to 2 days. Problem noted by Roger B.A. Klorese. 39 Portability: 40 BSD/OS has a broken setreuid() implementation. Problem 41 noted by Vernon Schryver of Rhyolite Software. 42 BSD/OS has /dev/urandom(4) (as of version 4.1/199910 ?). 43 Noted by Vernon Schryver of Rhyolite Software. 44 BSD/OS has fchown(2). Noted by Dave Yadallee of Netline 45 2000 Internet Solutions Inc. 46 Solaris 2.X and later have strerror(3). From Sebastian 47 Hagedorn of Cologne University. 48 CONFIG: Fix parsing for IPv6 domain literals in addresses 49 (user@[IPv6:address]). Problem noted by Liyuan Zhou. 50 |
|
98.11.4/8.11.4 2001/05/28 10 Clean up signal handling routines to reduce the chances of heap 11 corruption and other potential race conditions. 12 Terminating and restarting the daemon may not be 13 instantaneous due to this change. Also, non-root users can 14 no longer send out-of-band signals. Problem reported by 15 Michal Zalewski of BindView. 16 If LogLevel is greater than 9 and SASL fails to negotiate an --- 708 unchanged lines hidden (view full) --- 725 contrib/converting.sun.configs 726 Deleted Directories (already done in 8.10.0 but not listed): 727 doc/intro 728 doc/usenix 729 doc/changes 730 7318.10.0/8.10.0 2000/03/01 732 ************************************************************* | 518.11.4/8.11.4 2001/05/28 52 Clean up signal handling routines to reduce the chances of heap 53 corruption and other potential race conditions. 54 Terminating and restarting the daemon may not be 55 instantaneous due to this change. Also, non-root users can 56 no longer send out-of-band signals. Problem reported by 57 Michal Zalewski of BindView. 58 If LogLevel is greater than 9 and SASL fails to negotiate an --- 708 unchanged lines hidden (view full) --- 767 contrib/converting.sun.configs 768 Deleted Directories (already done in 8.10.0 but not listed): 769 doc/intro 770 doc/usenix 771 doc/changes 772 7738.10.0/8.10.0 2000/03/01 774 ************************************************************* |
733 * The engineering department at Sendmail, Inc. has suffered * 734 * the tragic loss of a key member of our engineering team. * 735 * Julie Van Bourg was the Vice President of Engineering * 736 * at Sendmail, Inc. during the development and deployment * 737 * of this release. It was her vision, dedication, and * 738 * support that has made this release a success. Julie died * 739 * on October 26, 1999 of cancer. We have lost a leader, a * 740 * coach, and a friend. * 741 * * 742 * This release is dedicated to her memory and to the joy, * 743 * strength, ideals, and hope that she brought to all of us. * 744 * Julie, we miss you! * | 775 * The engineering department at Sendmail, Inc. has suffered * 776 * the tragic loss of a key member of our engineering team. * 777 * Julie Van Bourg was the Vice President of Engineering * 778 * at Sendmail, Inc. during the development and deployment * 779 * of this release. It was her vision, dedication, and * 780 * support that has made this release a success. Julie died * 781 * on October 26, 1999 of cancer. We have lost a leader, a * 782 * coach, and a friend. * 783 * * 784 * This release is dedicated to her memory and to the joy, * 785 * strength, ideals, and hope that she brought to all of us. * 786 * Julie, we miss you! * |
745 ************************************************************* 746 SECURITY: The safe file checks now back track through symbolic 747 links to make sure the files can't be compromised due 748 to poor permissions on the parent directories of the 749 symbolic link target. 750 SECURITY: Only root, TrustedUser, and users in class t can rebuild 751 the alias map. Problem noted by Michal Zalewski of the 752 "Internet for Schools" project (IdS). --- 828 unchanged lines hidden (view full) --- 1581 affects a large number of files. See cf/README for more 1582 details. 1583 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 1584 trailing slash) for the mail settings directory. 1585 CONFIG: Increment version number of config file to 9. 1586 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 1587 deprecated and may be removed from a future release. 1588 BSD/OS users should begin using OSTYPE(`bsdi'). | 787 ************************************************************* 788 SECURITY: The safe file checks now back track through symbolic 789 links to make sure the files can't be compromised due 790 to poor permissions on the parent directories of the 791 symbolic link target. 792 SECURITY: Only root, TrustedUser, and users in class t can rebuild 793 the alias map. Problem noted by Michal Zalewski of the 794 "Internet for Schools" project (IdS). --- 828 unchanged lines hidden (view full) --- 1623 affects a large number of files. See cf/README for more 1624 details. 1625 CONFIG: New macro MAIL_SETTINGS_DIR contains the path (including 1626 trailing slash) for the mail settings directory. 1627 CONFIG: Increment version number of config file to 9. 1628 CONFIG: OSTYPE(`bsdi1.0') and OSTYPE(`bsdi2.0') have been 1629 deprecated and may be removed from a future release. 1630 BSD/OS users should begin using OSTYPE(`bsdi'). |
1589 CONFIG: OpenBSD 2.4 installs mail.local non-setuid root. This | 1631 CONFIG: OpenBSD 2.4 installs mail.local non-set-user-id root. This |
1590 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 1591 Courtesan Consulting. 1592 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 1593 CONFIG: A syntax error in check_mail would cause fake top-level 1594 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 1595 be improperly rejected as unresolvable. 1596 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 1597 DNS server, rejection message) and can be included --- 243 unchanged lines hidden (view full) --- 1841 Defaults to "/lib /usr/lib /usr/shlib". 1842 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 1843 how to strip binaries. These are used by the new 1844 install-strip target. 1845 DEVTOOLS: New config file site.post.m4 which is included after 1846 the others (if it exists). 1847 DEVTOOLS: Change order of LIBS: first product specific libraries 1848 then the default ones. | 1632 requires a new OSTYPE(`openbsd'). From Todd C. Miller of 1633 Courtesan Consulting. 1634 CONFIG: New OSTYPE(`hpux11') for HP/UX 11.X. 1635 CONFIG: A syntax error in check_mail would cause fake top-level 1636 domains (.BITNET, .DECNET, .FAX, .USENET, and .UUCP) to 1637 be improperly rejected as unresolvable. 1638 CONFIG: New FEATURE(`dnsbl') takes up to two arguments (name of 1639 DNS server, rejection message) and can be included --- 243 unchanged lines hidden (view full) --- 1883 Defaults to "/lib /usr/lib /usr/shlib". 1884 DEVTOOLS: New variables confSTRIP and confSTRIPOPTS for specifying 1885 how to strip binaries. These are used by the new 1886 install-strip target. 1887 DEVTOOLS: New config file site.post.m4 which is included after 1888 the others (if it exists). 1889 DEVTOOLS: Change order of LIBS: first product specific libraries 1890 then the default ones. |
1849 MAIL.LOCAL: Will not be installed setuid root. To use mail.local | 1891 MAIL.LOCAL: Will not be installed set-user-id root. To use mail.local |
1850 as local delivery agent without LMTP mode, use 1851 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 1852 to set the S flag. 1853 MAIL.LOCAL: Do not reject addresses which would otherwise be 1854 accepted by sendmail. Suggested by Neil Rickert of 1855 Northern Illinois University. 1856 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 1857 8BITMIME in the LHLO response. Suggested by Kari Hurtta of --- 538 unchanged lines hidden (view full) --- 2396 SECURITY: The default value for DefaultUser is now set to the uid and 2397 gid of the first existing user mailnull, sendmail, or daemon 2398 that has a non-zero uid. If none of these exist, sendmail 2399 reverts back to the old behavior of using uid 1 and gid 1. 2400 This is a security problem for Linux which has chosen that 2401 uid and gid for user bin instead of daemon. If DefaultUser 2402 is set in the configuration file, that value overrides this 2403 default. | 1892 as local delivery agent without LMTP mode, use 1893 MODIFY_MAILER_FLAGS(`LOCAL', `+S') 1894 to set the S flag. 1895 MAIL.LOCAL: Do not reject addresses which would otherwise be 1896 accepted by sendmail. Suggested by Neil Rickert of 1897 Northern Illinois University. 1898 MAIL.LOCAL: New -7 option which causes LMTP mode not to advertise 1899 8BITMIME in the LHLO response. Suggested by Kari Hurtta of --- 538 unchanged lines hidden (view full) --- 2438 SECURITY: The default value for DefaultUser is now set to the uid and 2439 gid of the first existing user mailnull, sendmail, or daemon 2440 that has a non-zero uid. If none of these exist, sendmail 2441 reverts back to the old behavior of using uid 1 and gid 1. 2442 This is a security problem for Linux which has chosen that 2443 uid and gid for user bin instead of daemon. If DefaultUser 2444 is set in the configuration file, that value overrides this 2445 default. |
2404 SECURITY: Since 8.8.7, the check for non-setuid binaries | 2446 SECURITY: Since 8.8.7, the check for non-set-user-id binaries |
2405 interfered with setting an alternate group id for the 2406 RunAsUser option. Problem noted by Randall Winchester of 2407 the University of Maryland. 2408 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 2409 of Cal State University, Chico. 2410 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 2411 which previously defined OLD_NEWDB=1 must now upgrade to the 2412 current version of Berkeley DB. --- 651 unchanged lines hidden (view full) --- 3064 gethostbyaddr found no value. Also, ignore any returns 3065 from gethostbyaddr that look like a dotted quad. 3066 If PTR lookup fails when looking up an SMTP peer, don't tag it as 3067 "may be forged", since at the network level we pretty much 3068 have to assume that the information is good. 3069 In some cases, errors during an SMTP session could leave files 3070 open or locked. 3071 Better handling of missing file descriptors (0, 1, 2) on startup. | 2447 interfered with setting an alternate group id for the 2448 RunAsUser option. Problem noted by Randall Winchester of 2449 the University of Maryland. 2450 Add support for Berkeley DB 2.X. Based on patch from John Kennedy 2451 of Cal State University, Chico. 2452 Remove support for OLD_NEWDB (pre-1.5 version of Berkeley DB). Users 2453 which previously defined OLD_NEWDB=1 must now upgrade to the 2454 current version of Berkeley DB. --- 651 unchanged lines hidden (view full) --- 3106 gethostbyaddr found no value. Also, ignore any returns 3107 from gethostbyaddr that look like a dotted quad. 3108 If PTR lookup fails when looking up an SMTP peer, don't tag it as 3109 "may be forged", since at the network level we pretty much 3110 have to assume that the information is good. 3111 In some cases, errors during an SMTP session could leave files 3112 open or locked. 3113 Better handling of missing file descriptors (0, 1, 2) on startup. |
3072 Better handling of non-setuid binaries -- avoids certain obnoxious | 3114 Better handling of non-set-user-id binaries -- avoids certain obnoxious |
3073 errors during testing. 3074 Errors in file locking of NEWDB maps had the incorrect file name 3075 printed in the error message. 3076 If the AllowBogusHELO option were set and an EHLO with a bad or 3077 missing parameter were issued, the EHLO behaved like a HELO. 3078 Load limiting never kicked in for incoming SMTP transactions if the 3079 DeliveryMode=background and any recipient was an alias or 3080 had a .forward file. From Nik Conwell of Boston University. --- 375 unchanged lines hidden (view full) --- 3456 later mailboxes to fail. Also, any partial message would 3457 not be truncated, which could result in repeated deliveries. 3458 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 3459 developers). 3460 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 3461 change to the sendmail map code was made in 8.8.3. Problem 3462 noted by Gregory Neil Shapiro. 3463 MAKEMAP: Give warnings on file problems such as map files that are | 3115 errors during testing. 3116 Errors in file locking of NEWDB maps had the incorrect file name 3117 printed in the error message. 3118 If the AllowBogusHELO option were set and an EHLO with a bad or 3119 missing parameter were issued, the EHLO behaved like a HELO. 3120 Load limiting never kicked in for incoming SMTP transactions if the 3121 DeliveryMode=background and any recipient was an alias or 3122 had a .forward file. From Nik Conwell of Boston University. --- 375 unchanged lines hidden (view full) --- 3498 later mailboxes to fail. Also, any partial message would 3499 not be truncated, which could result in repeated deliveries. 3500 Problem noted by Bruce Evans via Peter Wemm (FreeBSD 3501 developers). 3502 MAKEMAP: Handle cases where O_EXLOCK is #defined to be 0. A similar 3503 change to the sendmail map code was made in 8.8.3. Problem 3504 noted by Gregory Neil Shapiro. 3505 MAKEMAP: Give warnings on file problems such as map files that are |
3464 symbolic links; although makemap is not setuid root, it is | 3506 symbolic links; although makemap is not set-user-id root, it is |
3465 often run as root and hence has the potential for the same 3466 sorts of problems as alias rebuilds. 3467 MAKEMAP: Change compilation so that it will link properly on 3468 NEXTSTEP. 3469 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 3470 Accept an optional list of arguments following the server 3471 name for the ETRN arguments to use (instead of $=w). Other 3472 miscellaneous bug fixes. From Christian von Roques via --- 769 unchanged lines hidden (view full) --- 4242 This causes map lookups that get a temporary failure (e.g., 4243 name server failure) to _not_ defer the delivery of the 4244 message. This should only be used if your configuration file 4245 is prepared to do something sensible in this case. Based on 4246 an idea by Gregory Shapiro of WPI. 4247 Fix problem finding network interface addresses. Patch from 4248 Motonori Nakamura. 4249 Don't reject qf entries that are not owned by your effective uid if | 3507 often run as root and hence has the potential for the same 3508 sorts of problems as alias rebuilds. 3509 MAKEMAP: Change compilation so that it will link properly on 3510 NEXTSTEP. 3511 CONTRIB: etrn.pl: search for Cw as well as Fw lines in sendmail.cf. 3512 Accept an optional list of arguments following the server 3513 name for the ETRN arguments to use (instead of $=w). Other 3514 miscellaneous bug fixes. From Christian von Roques via --- 769 unchanged lines hidden (view full) --- 4284 This causes map lookups that get a temporary failure (e.g., 4285 name server failure) to _not_ defer the delivery of the 4286 message. This should only be used if your configuration file 4287 is prepared to do something sensible in this case. Based on 4288 an idea by Gregory Shapiro of WPI. 4289 Fix problem finding network interface addresses. Patch from 4290 Motonori Nakamura. 4291 Don't reject qf entries that are not owned by your effective uid if |
4250 you are not running setuid; this makes management of certain 4251 kinds of firewall setups difficult. Patch suggested by 4252 Eamonn Coleman of Qualcomm. | 4292 you are not running set-user-id; this makes management of 4293 certain kinds of firewall setups difficult. Patch 4294 suggested by Eamonn Coleman of Qualcomm. |
4253 Add persistent host status. This keeps the information normally 4254 maintained within a single queue run in disk files that are 4255 shared between sendmail instances. The HostStatusDirectory 4256 is the directory in which the information is maintained. If 4257 not set, persistent host status is turned off. If not a full 4258 pathname, it is relative to the queue directory. A common 4259 value is ".hoststat". 4260 There are also two new operation modes: --- 351 unchanged lines hidden (view full) --- 4612 return a temporary failure from the sequence or switch map. 4613 For example, if hosts search ``dns files'' and DNS fails 4614 with a tempfail, the hosts map will go on and search files, 4615 but if it fails the whole thing should be a tempfail, not 4616 a permanent (host unknown) failure, even though that is the 4617 failure in the hosts.files map. This error caused hard 4618 bounces when it should have requeued. 4619 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo | 4295 Add persistent host status. This keeps the information normally 4296 maintained within a single queue run in disk files that are 4297 shared between sendmail instances. The HostStatusDirectory 4298 is the directory in which the information is maintained. If 4299 not set, persistent host status is turned off. If not a full 4300 pathname, it is relative to the queue directory. A common 4301 value is ".hoststat". 4302 There are also two new operation modes: --- 351 unchanged lines hidden (view full) --- 4654 return a temporary failure from the sequence or switch map. 4655 For example, if hosts search ``dns files'' and DNS fails 4656 with a tempfail, the hosts map will go on and search files, 4657 but if it fails the whole thing should be a tempfail, not 4658 a permanent (host unknown) failure, even though that is the 4659 failure in the hosts.files map. This error caused hard 4660 bounces when it should have requeued. 4661 Aliases to files such as /users/bar/foo/inbox, with /users/bar/foo |
4620 owned by bar mode 700 and inbox being setuid bar stopped | 4662 owned by bar mode 700 and inbox being set-user-id bar stopped |
4621 working properly due to excessive paranoia. Pointed out by 4622 John Hawkinson of Panix. 4623 An SMTP RCPT command referencing a host that gave a nameserver 4624 timeout would return a 451 command (8.6 accepted it and 4625 queued it locally). Revert to the 8.6 behavior in order 4626 to simplify queue management for clustered systems. Suggested 4627 by Gregory Neil Shapiro of WPI. The same problem could break 4628 MH, which assumes that the SMTP session will succeed (tsk, tsk --- 657 unchanged lines hidden (view full) --- 5286 also improves the connection cache utilization. 5287 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 5288 the purposes of refusing to send error returns. Suggested 5289 by Motonori Nakamura of Ritsumeikan University. 5290 Relax rules on when a file can be written when referenced from 5291 the aliases file: use the default uid/gid instead of the 5292 real uid/gid. This allows you to create a file owned by 5293 and writable only by the default uid/gid that will work | 4663 working properly due to excessive paranoia. Pointed out by 4664 John Hawkinson of Panix. 4665 An SMTP RCPT command referencing a host that gave a nameserver 4666 timeout would return a 451 command (8.6 accepted it and 4667 queued it locally). Revert to the 8.6 behavior in order 4668 to simplify queue management for clustered systems. Suggested 4669 by Gregory Neil Shapiro of WPI. The same problem could break 4670 MH, which assumes that the SMTP session will succeed (tsk, tsk --- 657 unchanged lines hidden (view full) --- 5328 also improves the connection cache utilization. 5329 Accept "<<>>", "<<<>>>", and so forth as equivalent to "<>" for 5330 the purposes of refusing to send error returns. Suggested 5331 by Motonori Nakamura of Ritsumeikan University. 5332 Relax rules on when a file can be written when referenced from 5333 the aliases file: use the default uid/gid instead of the 5334 real uid/gid. This allows you to create a file owned by 5335 and writable only by the default uid/gid that will work |
5294 all the time (without having the setuid bit set). Change | 5336 all the time (without having the set-user-id bit set). Change |
5295 suggested by Shau-Ping Lo and Andrew Cheng of Sun 5296 Microsystems. 5297 Add "DialDelay" option (no short name) to provide an "extra" 5298 delay for dial on demand systems. If this is non-zero 5299 and a connect fails, sendmail will wait this long and 5300 then try again. If it takes longer than the kernel 5301 timeout interval to establish the connection, this 5302 option can give the network software time to establish --- 2167 unchanged lines hidden --- | 5337 suggested by Shau-Ping Lo and Andrew Cheng of Sun 5338 Microsystems. 5339 Add "DialDelay" option (no short name) to provide an "extra" 5340 delay for dial on demand systems. If this is non-zero 5341 and a connect fails, sendmail will wait this long and 5342 then try again. If it takes longer than the kernel 5343 timeout interval to establish the connection, this 5344 option can give the network software time to establish --- 2167 unchanged lines hidden --- |