sendmail 8.14.2 available

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.14.2 which fixes some problems, e.g.,

- - an important bug in the milter function smfi_chgfrom() which could
cause the loss of a message body.
- - the handling of queued messages with 8 bit characters in From:
or To: header which could be "mistaken" for internal control
characters during a queue run and trigger various consistency checks.
- - the handling of lines longer than MAXLINE-1 characters in certain
cases.

A complete list of changes can be found in the release notes (see
below).

Please send bug reports and general feedback to one of the addresses
listed at: http://www.sendmail.org/email-addresses.html

The version can be found at

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.2.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.2.tar.gz.s ig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.2.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.14.2.tar.Z.si g

MD5 signatures:
cf784b9f20c32949ae1f38f3eae29875 sendmail.8.14.2.tar.Z
f788d6986f12a81ac958195b045a529d sendmail.8.14.2.tar.Z.sig
1c1472365344ca8061d6453c43c9a831 sendmail.8.14.2.tar.gz
2ae4b6175a08e8a6cda992db20141d81 sendmail.8.14.2.tar.gz.sig

You either need the first two files or the third and fourth, i.e.,
the gzip'ed version or the compressed version and the corresponding
sig file. The PGP signature was created using the Sendmail Signing
Key/2007, available on the web site (http://www.sendmail.org/) or
on the public key servers.

Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.


SENDMAIL RELEASE NOTES
$Id: RELEASE_NOTES,v 8.1909 2007/10/31 16:04:13 ca Exp $


This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.14.2/8.14.2 2007/11/01
If a message was queued and it contained 8 bit characters in
a From: or To: header, then those characters could be
"mistaken" for internal control characters during a queue
run and trigger various consistency checks. Problem
noted by Neil Rickert of Northern Illinois University.
If MaxMimeHeaderLength is set to a value greater than 0 (which
it is by default) then even if the Linelimit parameter
is 0, sendmail corrupted in the non-transfer-encoding
case every MAXLINE-1 characters. Patch from John Gardiner
Myers of Proofpoint.
Setting the suboption DeliveryMode for DaemonPortOptions did not
work in earlier 8.14 versions.
Note: DeliveryMode=interactive is silently converted to
background if a milter can reject or delete a recipient.
Prior to 8.14 this happened only if milter could delete
recipients.
ClientRate should trigger when the limit was exceeded (as
documented), not when it was reached. Patch from
John Beck of Sun Microsystems.
Force a queue run for -qGqueuegroup even if no runners are
specified (R=0) and forking (F=f) is requested.
When multiple results are requested for a DNS map lookup
(-z and -Z), return only those that are relevant for
the query (not also those in the "additional section".)
If the message transfer time to sendmail (when acting as server)
exceeds Timeout.queuewarn or Timeout.queuereturn and
the message is refused (by a milter), sendmail previously
created a delivery status notification (DSN). Patch
from Doug Heath of The Hertz Corporation.
A code change in Cyrus-SASL 2.1.22 for sasl_decode64() requires
the MTA to deal with some input (i.e., "=") itself.
Problem noted by Eliot Lear.
sendmail counted a delivery as successful if PIPELINING is
compiled in but not offered by the server and the
delivery failed temporarily. Patch from Werner Wiethege.
If getting the result of an LDAP query times out then close the
map so it will be reopened on the next lookup. This
should help "failover" configurations that specify more
than one LDAP server.
If check_compat returns $#discard then a "savemail panic" could
be triggered under some circumstances (e.g., requiring
a system which does not have the compile time flag
HASFLOCK set). Based on patch by Motonori Nakamura
of National Institute of Informatics, Japan.
If a milter rejected a recipient, the count for nrcpts= in the
logfile entry might have been wrong. Problem found by
Petra Humann of TU Dresden.
If a milter invoked smfi_chgfrom() where ESMTP arguments are not
NULL, the message body was lost. Patch from Motonori
Nakamura of National Institute of Informatics, Japan.
sendmail(8) had a bogus space in -qGname. Patch from Peng Haitao.
CONTRIB: buildvirtuser: Preserve ownership and permissions when
replacing files.
CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
reading the /etc/mail/virtusers/ directory.
CONTRIB: buildvirtuser: Emit warnings instead of exiting where
appropriate.
LIBMILTER: Fix ABI backwards compatibility so milters compiled
against an older libmilter.so shared library can use an
8.14 libmilter.so shared library.
LIBMILTER: smfi_version() did not properly extract the patchlevel
from the version number, however, the returned value was
correct for the current libmilter version.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (OpenBSD)

iQCVAwUBRyqEOs8etQMiMnoBAQKNdQP/cQKfjVP7qTi0Ol/OgR7AnvCaerCx iQ5J
y1uxjwXs2s+RemX0u5a4c0agoLscTKU5Ot6uzOdvKvZd0/unr/IkzuXZBF9L snlZ
X1wS4GXQDXKDfazvwdwOUgxkthMZU1TiVFj/GH5TOfHqVUO5Ho/yRfAQoAn3 taFc
5jeg+A3+M9M=
=DJHS
-----END PGP SIGNATURE-----

Re: sendmail 8.14.2 available

On Nov 1, 10:19 pm, Claus Assmann
wrote:

>
> Sendmail, Inc., and the Sendmail Consortium announce the availability
> of sendmail 8.14.2 which fixes some problems, e.g.,
>...
> CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
> reading the /etc/mail/virtusers/ directory.
>...

I am familiar with the /etc/mail/virtusers FILE, but searching at
sendmail.org or on Google for information about the /etc/mail/
virtusers/ directory doesn't generate any useful hits. Is there some
more information?

Daniel Feenberg
feenberg isat nber dotte org

Re: sendmail 8.14.2 available

In article <1194265007.667225.26270@z9g2000hsf.googlegroups.com>
"drfremove@nber.org" writes:
>On Nov 1, 10:19 pm, Claus Assmann
>wrote:
>
>>
>> Sendmail, Inc., and the Sendmail Consortium announce the availability
>> of sendmail 8.14.2 which fixes some problems, e.g.,
>>...
>> CONTRIB: buildvirtuser: Skip dot-files (e.g., .cvsignore) when
>> reading the /etc/mail/virtusers/ directory.
>>...
>
>I am familiar with the /etc/mail/virtusers FILE, but searching at
>sendmail.org or on Google for information about the /etc/mail/
>virtusers/ directory doesn't generate any useful hits. Is there some
>more information?

Maybe if you look at contrib/buildvirtuser in the distribution instead
of hunting the web...:-)

--Per Hedeland
per@hedeland.org

Re: sendmail 8.14.2 available

Claus Assmann wrote:

>
> Sendmail, Inc., and the Sendmail Consortium announce the availability
> of sendmail 8.14.2 which fixes some problems, e.g.,

First time in 5 years sendmail failed to build on the first try. Haven't had a chance
to look into it yet but thought I'd pass this along:

gcc -o sendmail -L/usr/local/ssl9.8e/lib -R/usr/local/ssl9.8e/lib -R/usr/local/lib
-L/usr/local/lib -L/usr/local/BerkeleyDB.4.1/lib -R/usr/local/BerkeleyDB.4.1/lib
main.o alias.o arpadate.o bf.o collect.o conf.o control.o convtime.o daemon.o
deliver.o domain.o envelope.o err.o headers.o macro.o map.o mci.o milter.o mime.o
parseaddr.o queue.o ratectrl.o readcf.o recipient.o sasl.o savemail.o sfsasl.o
shmticklib.o sm_resolve.o srvrsmtp.o stab.o stats.o sysexits.o timers.o tls.o trace.o
udb.o usersmtp.o util.o version.o -lsasl -lssl -lcrypto
/export/home/admin/apps/build/sendmail-8.14.2/obj.SunOS.5.8. sun4/libsmutil/libsmutil.a
/export/home/admin/apps/build/sendmail-8.14.2/obj.SunOS.5.8. sun4/libsm/libsm.a -ldb
-lresolv -lsocket -lnsl -ldb
Undefined first referenced
symbol in file
dlclose /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
(symbol belongs to implicit dependency /usr/lib/libdl.so.1)
dlsym /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
(symbol belongs to implicit dependency /usr/lib/libdl.so.1)
dlopen /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
(symbol belongs to implicit dependency /usr/lib/libdl.so.1)
dlerror /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
(symbol belongs to implicit dependency /usr/lib/libdl.so.1)
ld: fatal: Symbol referencing errors. No output written to sendmail
collect2: ld returned 1 exit status
make[1]: *** [sendmail] Error 1
make[1]: Leaving directory
`/export/home/admin/apps/build/sendmail-8.14.2/obj.SunOS.5.8 .sun4/sendmail'

dp

Re: sendmail 8.14.2 available

In article <472fe91d$0$505$815e3792@news.qwest.net> dp writes:
>Claus Assmann wrote:
>
>>
>> Sendmail, Inc., and the Sendmail Consortium announce the availability
>> of sendmail 8.14.2 which fixes some problems, e.g.,
>
>First time in 5 years sendmail failed to build on the first try. Haven't
>had a chance
>to look into it yet but thought I'd pass this along:

[snip]

>Undefined first referenced
> symbol in file
>dlclose
>/usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
>(symbol belongs to implicit dependency /usr/lib/libdl.so.1)
>dlsym
>/usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
>(symbol belongs to implicit dependency /usr/lib/libdl.so.1)
....

Hm, so the linker you're using on Solaris has problems resolving
references to standard library functions from your apparently
hand-installed OpenSSL... - a pretty weird problem, but it's hardly
obvious why it requires the immediate attention of the newsgroup.:-)

FWIW, 8.14.2 with STARTTLS (using the "standard contributed" OpenSSL in
/usr/sfw) builds perfectly fine for me on "Solaris 11". If I were to
venture a guess, it would be that you are (somehow, intentionally or
not) attempting to build a statically linked binary, which has never
been possible to combine with usage of dlopen() and friends on Solaris
AFAIK (probably not on other Unices either). But again, it's OpenSSL
that wants dlxxx(), not sendmail.

--Per Hedeland
per@hedeland.org

Re: sendmail 8.14.2 available

Per Hedeland wrote:
> In article <472fe91d$0$505$815e3792@news.qwest.net> dp writes:
>> Claus Assmann wrote:
>>
>>> Sendmail, Inc., and the Sendmail Consortium announce the availability
>>> of sendmail 8.14.2 which fixes some problems, e.g.,
>> First time in 5 years sendmail failed to build on the first try. Haven't
>> had a chance
>> to look into it yet but thought I'd pass this along:
>
> [snip]
>
>> Undefined first referenced
>> symbol in file
>> dlclose
>> /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
>> (symbol belongs to implicit dependency /usr/lib/libdl.so.1)
>> dlsym
>> /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
>> (symbol belongs to implicit dependency /usr/lib/libdl.so.1)
> ...
>
> Hm, so the linker you're using on Solaris has problems resolving
> references to standard library functions from your apparently
> hand-installed OpenSSL... - a pretty weird problem, but it's hardly
> obvious why it requires the immediate attention of the newsgroup.:-)

As I said, I didn't have time to look at it and it was so unusual to not get a clean
compile I thought it odd enough to share. Well, in fact, that's true that it was odd
enough but only because it demonstrates what happens when you get interrupted and
don't get back to a job. That version of openssl was never completely installed and
I'd forgotten about it. Only the static libs had been built.

So if you really want to look like an idiot on the Internet this is the place to do
it :) Thanks for the cluebat.


dp

Re: sendmail 8.14.2 available

In article <47313a07$0$503$815e3792@news.qwest.net> dp
writes:
>Per Hedeland wrote:
>> In article <472fe91d$0$505$815e3792@news.qwest.net> dp
> writes:
>>
>>> Undefined first referenced
>>> symbol in file
>>> dlclose
>>> /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
>>> (symbol belongs to implicit dependency /usr/lib/libdl.so.1)
>>> dlsym
>>> /usr/local/ssl9.8e/lib/libcrypto.a(dso_dlfcn.o)
>>> (symbol belongs to implicit dependency /usr/lib/libdl.so.1)
>> ...
>>
>> Hm, so the linker you're using on Solaris has problems resolving
>> references to standard library functions from your apparently
>> hand-installed OpenSSL... - a pretty weird problem, but it's hardly
>> obvious why it requires the immediate attention of the newsgroup.:-)
>
>As I said, I didn't have time to look at it and it was so unusual to not
>get a clean
>compile I thought it odd enough to share. Well, in fact, that's true
>that it was odd
>enough but only because it demonstrates what happens when you get
>interrupted and
>don't get back to a job. That version of openssl was never completely
>installed and
>I'd forgotten about it. Only the static libs had been built.

Hm, I noticed that, but didn't see it as an explanation of the problem,
since there's no reason you shouldn't be able to access (at least
*link-time*) the dlxxx() functions from a static library, as long as
you're linking the functions from that lib into a "dynamic binary" (just
checked this with a trivial test on Solaris). And I didn't see any
-static or equivalent on your link commandline.

>So if you really want to look like an idiot on the Internet this is the
>place to do
>it :) Thanks for the cluebat.

You're welcome.:-)

--Per