From owner-svn-src-stable-8@freebsd.org Sun Jul 5 19:34:46 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05CDAAF6F; Sun, 5 Jul 2015 19:34:46 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E934612AD; Sun, 5 Jul 2015 19:34:45 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t65JYjM2017910; Sun, 5 Jul 2015 19:34:45 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t65JYjDr017909; Sun, 5 Jul 2015 19:34:45 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201507051934.t65JYjDr017909@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Sun, 5 Jul 2015 19:34:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285176 - stable/8/sys/x86/x86 X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2015 19:34:46 -0000 Author: marius Date: Sun Jul 5 19:34:45 2015 New Revision: 285176 URL: https://svnweb.freebsd.org/changeset/base/285176 Log: MFC: r281751 Refine the workaround for Intel HSD131 [1] added in r269052 (MFCed to stable/8 in r269595): - Use the full mask described by the erratum as with a sufficiently high number of these false-positives, the overflow bit (bit 62) additionally gets set [7]. - HSD131 has been brought into several other Haswell-derived CPUs including to the next generation, i. e. Intel Broadwell. Thus, also skip reporting of these benign errors by default on CPU models affected by HSM142, HSW131 and BDM48 [2 - 5], describing the HSD131 silicon bug for additional models. Also, Celeron 2955U with a CPU ID of 0x45 have been reported to be covered by this fault [6], with the specification update concerned with HSM142 [2] only referring to 0x3c and 0x46. Submitted by: David Froehlich [7] Approved by: re (kib) http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-desktop-specification-update.pdf [1] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-mobile-specification-update.pdf [2] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/5th-gen-core-family-spec-update.pdf [3] http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/core-m-processor-family-spec-update.pdf [4] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e3-1200v3-spec-update.pdf [5] https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046878.html [6] Modified: stable/8/sys/x86/x86/mca.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/x86/ (props changed) Modified: stable/8/sys/x86/x86/mca.c ============================================================================== --- stable/8/sys/x86/x86/mca.c Sun Jul 5 19:33:30 2015 (r285175) +++ stable/8/sys/x86/x86/mca.c Sun Jul 5 19:34:45 2015 (r285176) @@ -253,15 +253,24 @@ mca_mute(const struct mca_record *rec) { /* - * Skip spurious corrected parity errors generated by desktop Haswell - * (see HSD131 erratum) unless reporting is enabled. - * Note that these errors also have been observed with D0-stepping, - * while the revision 014 desktop Haswell specification update only - * talks about C0-stepping. + * Skip spurious corrected parity errors generated by Intel Haswell- + * and Broadwell-based CPUs (see HSD131, HSM142, HSW131 and BDM48 + * erratum respectively), unless reporting is enabled. + * Note that these errors also have been observed with the D0-stepping + * of Haswell, while at least initially the CPU specification updates + * suggested only the C0-stepping to be affected. Similarly, Celeron + * 2955U with a CPU ID of 0x45 apparently are also concerned with the + * same problem, with HSM142 only referring to 0x3c and 0x46. */ - if (rec->mr_cpu_vendor_id == CPU_VENDOR_INTEL && - rec->mr_cpu_id == 0x306c3 && rec->mr_bank == 0 && - rec->mr_status == 0x90000040000f0005 && !intel6h_HSD131) + if (cpu_vendor_id == CPU_VENDOR_INTEL && + CPUID_TO_FAMILY(cpu_id) == 0x6 && + (CPUID_TO_MODEL(cpu_id) == 0x3c || /* HSD131, HSM142, HSW131 */ + CPUID_TO_MODEL(cpu_id) == 0x3d || /* BDM48 */ + CPUID_TO_MODEL(cpu_id) == 0x45 || + CPUID_TO_MODEL(cpu_id) == 0x46) && /* HSM142 */ + rec->mr_bank == 0 && + (rec->mr_status & 0xa0000000ffffffff) == 0x80000000000f0005 && + !intel6h_HSD131) return (1); return (0); From owner-svn-src-stable-8@freebsd.org Sun Jul 5 20:16:53 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 425FEA745; Sun, 5 Jul 2015 20:16:53 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B7DC1E38; Sun, 5 Jul 2015 20:16:52 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t65KGqWl037636; Sun, 5 Jul 2015 20:16:52 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t65KGqWm037633; Sun, 5 Jul 2015 20:16:52 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201507052016.t65KGqWm037633@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Sun, 5 Jul 2015 20:16:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285179 - stable/8/sys/dev/re X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2015 20:16:53 -0000 Author: marius Date: Sun Jul 5 20:16:51 2015 New Revision: 285179 URL: https://svnweb.freebsd.org/changeset/base/285179 Log: MFC: r281337 Don't enable RX and TX before their initial configuration is done, i. e. after setting up interrupt moderation but before turning interrupts on. This matches what Realtek's r8168 Linux driver does as of version 8.039.00 and fixes problems with certain incarnations of certain MAC revisions like the interface requiring an extra up/down-cycle after boot to start working or DMA configuration not being adhered to. PR: 193743, 197535 Modified: stable/8/sys/dev/re/if_re.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/dev/ (props changed) stable/8/sys/dev/re/ (props changed) Modified: stable/8/sys/dev/re/if_re.c ============================================================================== --- stable/8/sys/dev/re/if_re.c Sun Jul 5 20:16:45 2015 (r285178) +++ stable/8/sys/dev/re/if_re.c Sun Jul 5 20:16:51 2015 (r285179) @@ -3109,11 +3109,6 @@ re_init_locked(struct rl_softc *sc) RL_ADDR_LO(sc->rl_ldata.rl_tx_list_addr)); /* - * Enable transmit and receive. - */ - CSR_WRITE_1(sc, RL_COMMAND, RL_CMD_TX_ENB|RL_CMD_RX_ENB); - - /* * Set the initial TX configuration. */ if (sc->rl_testmode) { @@ -3139,6 +3134,11 @@ re_init_locked(struct rl_softc *sc) CSR_WRITE_2(sc, RL_INTRMOD, 0x5100); } + /* + * Enable transmit and receive. + */ + CSR_WRITE_1(sc, RL_COMMAND, RL_CMD_TX_ENB | RL_CMD_RX_ENB); + #ifdef DEVICE_POLLING /* * Disable interrupts if we are polling. @@ -3162,10 +3162,6 @@ re_init_locked(struct rl_softc *sc) /* Start RX/TX process. */ CSR_WRITE_4(sc, RL_MISSEDPKT, 0); -#ifdef notdef - /* Enable receiver and transmitter. */ - CSR_WRITE_1(sc, RL_COMMAND, RL_CMD_TX_ENB|RL_CMD_RX_ENB); -#endif /* * Initialize the timer interrupt register so that From owner-svn-src-stable-8@freebsd.org Tue Jul 7 21:43:25 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65139995E98; Tue, 7 Jul 2015 21:43:25 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 544061A16; Tue, 7 Jul 2015 21:43:25 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t67LhPam035147; Tue, 7 Jul 2015 21:43:25 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t67LhPib035146; Tue, 7 Jul 2015 21:43:25 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201507072143.t67LhPib035146@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 7 Jul 2015 21:43:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285257 - in stable: 8/contrib/bind9/lib/dns 9/contrib/bind9/lib/dns X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 21:43:25 -0000 Author: delphij Date: Tue Jul 7 21:43:23 2015 New Revision: 285257 URL: https://svnweb.freebsd.org/changeset/base/285257 Log: Fix BIND resolver remote denial of service when validating. Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind Modified: stable/8/contrib/bind9/lib/dns/validator.c Changes in other areas also in this revision: Modified: stable/9/contrib/bind9/lib/dns/validator.c Modified: stable/8/contrib/bind9/lib/dns/validator.c ============================================================================== --- stable/8/contrib/bind9/lib/dns/validator.c Tue Jul 7 21:05:20 2015 (r285256) +++ stable/8/contrib/bind9/lib/dns/validator.c Tue Jul 7 21:43:23 2015 (r285257) @@ -1406,7 +1406,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r */ static isc_boolean_t isselfsigned(dns_validator_t *val) { - dns_fixedname_t fixed; dns_rdataset_t *rdataset, *sigrdataset; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_t sigrdata = DNS_RDATA_INIT; @@ -1461,7 +1460,7 @@ isselfsigned(dns_validator_t *val) { result = dns_dnssec_verify2(name, rdataset, dstkey, ISC_TRUE, mctx, &sigrdata, - dns_fixedname_name(&fixed)); + NULL); dst_key_free(&dstkey); if (result != ISC_R_SUCCESS) continue; From owner-svn-src-stable-8@freebsd.org Tue Jul 7 23:37:17 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC31899644D; Tue, 7 Jul 2015 23:37:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DBC6A114E; Tue, 7 Jul 2015 23:37:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t67NbHCF095924; Tue, 7 Jul 2015 23:37:17 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t67NbH1o095923; Tue, 7 Jul 2015 23:37:17 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201507072337.t67NbH1o095923@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 7 Jul 2015 23:37:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285259 - in stable: 8/release/doc/share/xml 9/release/doc/share/xml X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 23:37:18 -0000 Author: gjb Date: Tue Jul 7 23:37:16 2015 New Revision: 285259 URL: https://svnweb.freebsd.org/changeset/base/285259 Log: Document SA-15:11.bind. Sponsored by: The FreeBSD Foundation Modified: stable/8/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/9/release/doc/share/xml/security.xml Modified: stable/8/release/doc/share/xml/security.xml ============================================================================== --- stable/8/release/doc/share/xml/security.xml Tue Jul 7 21:44:01 2015 (r285258) +++ stable/8/release/doc/share/xml/security.xml Tue Jul 7 23:37:16 2015 (r285259) @@ -260,6 +260,13 @@ 16 June 2015 Multiple vulnerabilities + + + FreeBSD-SA-15:11.bind + 7 July 2015 + Resolver remote denial of service + From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:29:05 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6C8929969DF; Sat, 11 Jul 2015 03:29:05 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5C28E1BE0; Sat, 11 Jul 2015 03:29:05 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3T5XV086997; Sat, 11 Jul 2015 03:29:05 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3T5dE086995; Sat, 11 Jul 2015 03:29:05 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110329.t6B3T5dE086995@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:29:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285368 - stable/8/lib/libsm X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:29:05 -0000 Author: gshapiro Date: Sat Jul 11 03:29:04 2015 New Revision: 285368 URL: https://svnweb.freebsd.org/changeset/base/285368 Log: MFC: libsm/path.c is about to disappear in the merge of sendmail 8.15.2. It is an empty file now so it is safe to remove before the merge. Modified: stable/8/lib/libsm/Makefile Directory Properties: stable/8/lib/libsm/ (props changed) Modified: stable/8/lib/libsm/Makefile ============================================================================== --- stable/8/lib/libsm/Makefile Sat Jul 11 03:28:43 2015 (r285367) +++ stable/8/lib/libsm/Makefile Sat Jul 11 03:29:04 2015 (r285368) @@ -27,7 +27,7 @@ SRCS+= assert.c debug.c errstring.c exc. smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c \ vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c \ wbuf.c wsetup.c string.c stringf.c \ - xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c \ + xtrap.c strto.c test.c strcasecmp.c strrevcmp.c \ signal.c clock.c config.c sem.c shm.c mbdb.c strexit.c cf.c ldap.c \ niprop.c mpeix.c memstat.c util.c inet6_ntop.c CLEANFILES+=sm_os.h From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:32:23 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9EA3B996B9F; Sat, 11 Jul 2015 03:32:23 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8A773BD; Sat, 11 Jul 2015 03:32:23 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3WNBC091116; Sat, 11 Jul 2015 03:32:23 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3WNdd091115; Sat, 11 Jul 2015 03:32:23 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110332.t6B3WNdd091115@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:32:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285370 - stable/8/usr.sbin/sendmail X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:32:23 -0000 Author: gshapiro Date: Sat Jul 11 03:32:22 2015 New Revision: 285370 URL: https://svnweb.freebsd.org/changeset/base/285370 Log: By default, sendmail 8.15 uses uncompressed IPv6 addresses. Keep current FreeBSD 10 and earlier behavior of using compressed IPv6 addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and later will use the new default of uncompressed IPv6 addresses.) Modified: stable/8/usr.sbin/sendmail/Makefile Modified: stable/8/usr.sbin/sendmail/Makefile ============================================================================== --- stable/8/usr.sbin/sendmail/Makefile Sat Jul 11 03:32:13 2015 (r285369) +++ stable/8/usr.sbin/sendmail/Makefile Sat Jul 11 03:32:22 2015 (r285370) @@ -40,7 +40,7 @@ CFLAGS+= -I${SMDIR} -I${SENDMAIL_DIR}/in CFLAGS+= ${DBMDEF} ${NIS} -DTCPWRAPPERS ${MAPS} .if ${MK_INET6_SUPPORT} != "no" -CFLAGS+= -DNETINET6 +CFLAGS+= -DNETINET6 -DIPV6_FULL=0 .endif DPADD= ${LIBUTIL} ${LIBWRAP} From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:34:57 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E163D996C92; Sat, 11 Jul 2015 03:34:57 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D0D143CA; Sat, 11 Jul 2015 03:34:57 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3YvKj091580; Sat, 11 Jul 2015 03:34:57 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3YvT6091578; Sat, 11 Jul 2015 03:34:57 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110334.t6B3YvT6091578@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:34:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285372 - stable/8/usr.sbin/sendmail X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:34:58 -0000 Author: gshapiro Date: Sat Jul 11 03:34:57 2015 New Revision: 285372 URL: https://svnweb.freebsd.org/changeset/base/285372 Log: MFC: Temporarily disable WARNS while addressing a non-issue with the upstream code Modified: stable/8/usr.sbin/sendmail/Makefile Directory Properties: stable/8/usr.sbin/sendmail/ (props changed) Modified: stable/8/usr.sbin/sendmail/Makefile ============================================================================== --- stable/8/usr.sbin/sendmail/Makefile Sat Jul 11 03:34:41 2015 (r285371) +++ stable/8/usr.sbin/sendmail/Makefile Sat Jul 11 03:34:57 2015 (r285372) @@ -45,6 +45,7 @@ CFLAGS+= -DNETINET6 -DIPV6_FULL=0 DPADD= ${LIBUTIL} ${LIBWRAP} LDADD= -lutil -lwrap +WARNS?= 0 LIBSMDIR= ${.OBJDIR}/../../lib/libsm LIBSM= ${LIBSMDIR}/libsm.a From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:46:41 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5402996F87; Sat, 11 Jul 2015 03:46:41 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AAA6FC3B; Sat, 11 Jul 2015 03:46:41 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3kfH4096756; Sat, 11 Jul 2015 03:46:41 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3kbM7096740; Sat, 11 Jul 2015 03:46:37 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110346.t6B3kbM7096740@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:46:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285374 - in stable/8/contrib/sendmail: . cf cf/cf cf/feature cf/hack cf/m4 contrib doc/op editmap include/sendmail include/sm libmilter libmilter/docs libsm libsmdb makemap src X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:46:42 -0000 Author: gshapiro Date: Sat Jul 11 03:46:36 2015 New Revision: 285374 URL: https://svnweb.freebsd.org/changeset/base/285374 Log: MFC: Merge sendmail 8.15.2 Added: stable/8/contrib/sendmail/cf/feature/bcc.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/bcc.m4 stable/8/contrib/sendmail/cf/feature/nopercenthack.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/nopercenthack.m4 stable/8/contrib/sendmail/cf/feature/prefixmod.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/prefixmod.m4 stable/8/contrib/sendmail/cf/feature/tls_session_features.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/tls_session_features.m4 stable/8/contrib/sendmail/cf/hack/xconnect.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/hack/xconnect.m4 stable/8/contrib/sendmail/contrib/AuthRealm.p0 - copied unchanged from r285229, head/contrib/sendmail/contrib/AuthRealm.p0 Deleted: stable/8/contrib/sendmail/libsm/path.c Modified: stable/8/contrib/sendmail/CACerts stable/8/contrib/sendmail/FAQ stable/8/contrib/sendmail/INSTALL stable/8/contrib/sendmail/KNOWNBUGS stable/8/contrib/sendmail/PGPKEYS stable/8/contrib/sendmail/README stable/8/contrib/sendmail/RELEASE_NOTES stable/8/contrib/sendmail/cf/README stable/8/contrib/sendmail/cf/cf/Makefile stable/8/contrib/sendmail/cf/cf/submit.cf stable/8/contrib/sendmail/cf/cf/submit.mc stable/8/contrib/sendmail/cf/feature/block_bad_helo.m4 stable/8/contrib/sendmail/cf/feature/ldap_routing.m4 stable/8/contrib/sendmail/cf/m4/cfhead.m4 stable/8/contrib/sendmail/cf/m4/proto.m4 stable/8/contrib/sendmail/cf/m4/version.m4 stable/8/contrib/sendmail/doc/op/op.me stable/8/contrib/sendmail/editmap/editmap.c stable/8/contrib/sendmail/include/sendmail/sendmail.h stable/8/contrib/sendmail/include/sm/bdb.h stable/8/contrib/sendmail/include/sm/cdefs.h stable/8/contrib/sendmail/include/sm/conf.h stable/8/contrib/sendmail/include/sm/errstring.h stable/8/contrib/sendmail/include/sm/fdset.h stable/8/contrib/sendmail/libmilter/docs/smfi_setsymlist.html stable/8/contrib/sendmail/libmilter/engine.c stable/8/contrib/sendmail/libmilter/handler.c stable/8/contrib/sendmail/libmilter/listener.c stable/8/contrib/sendmail/libmilter/signal.c stable/8/contrib/sendmail/libmilter/smfi.c stable/8/contrib/sendmail/libmilter/worker.c stable/8/contrib/sendmail/libsm/Makefile.m4 stable/8/contrib/sendmail/libsm/errstring.c stable/8/contrib/sendmail/libsm/local.h stable/8/contrib/sendmail/libsm/mbdb.c stable/8/contrib/sendmail/libsm/refill.c stable/8/contrib/sendmail/libsm/stdio.c stable/8/contrib/sendmail/libsm/vfprintf.c stable/8/contrib/sendmail/libsmdb/smdb.c stable/8/contrib/sendmail/makemap/makemap.c stable/8/contrib/sendmail/src/README stable/8/contrib/sendmail/src/TRACEFLAGS stable/8/contrib/sendmail/src/TUNING stable/8/contrib/sendmail/src/bf.c stable/8/contrib/sendmail/src/collect.c stable/8/contrib/sendmail/src/conf.c stable/8/contrib/sendmail/src/daemon.c stable/8/contrib/sendmail/src/deliver.c stable/8/contrib/sendmail/src/envelope.c stable/8/contrib/sendmail/src/err.c stable/8/contrib/sendmail/src/headers.c stable/8/contrib/sendmail/src/main.c stable/8/contrib/sendmail/src/map.c stable/8/contrib/sendmail/src/mci.c stable/8/contrib/sendmail/src/milter.c stable/8/contrib/sendmail/src/parseaddr.c stable/8/contrib/sendmail/src/queue.c stable/8/contrib/sendmail/src/readcf.c stable/8/contrib/sendmail/src/recipient.c stable/8/contrib/sendmail/src/savemail.c stable/8/contrib/sendmail/src/sendmail.8 stable/8/contrib/sendmail/src/sendmail.h stable/8/contrib/sendmail/src/sfsasl.c stable/8/contrib/sendmail/src/sm_resolve.c stable/8/contrib/sendmail/src/srvrsmtp.c stable/8/contrib/sendmail/src/tls.c stable/8/contrib/sendmail/src/usersmtp.c stable/8/contrib/sendmail/src/util.c stable/8/contrib/sendmail/src/version.c Directory Properties: stable/8/contrib/sendmail/ (props changed) Modified: stable/8/contrib/sendmail/CACerts ============================================================================== --- stable/8/contrib/sendmail/CACerts Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/CACerts Sat Jul 11 03:46:36 2015 (r285374) @@ -10,6 +10,102 @@ Certificate: Data: Version: 3 (0x2) Serial Number: + 92:91:67:de:e0:ef:2c:e4 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + Validity + Not Before: Mar 2 19:15:29 2015 GMT + Not After : Mar 1 19:15:29 2018 GMT + Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31: + 70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08: + 1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d: + 50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14: + ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6: + fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98: + 15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1: + d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30: + 8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94: + f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55: + d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec: + f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16: + 8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23: + 8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6: + e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33: + a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4: + e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38: + 29:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 + X509v3 Authority Key Identifier: + keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 + DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + serial:92:91:67:DE:E0:EF:2C:E4 + + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + email:ca+ca-rsa2015@esmtp.org + X509v3 Issuer Alternative Name: + email:ca+ca-rsa2015@esmtp.org + Signature Algorithm: sha1WithRSAEncryption + 0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02: + 23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc: + 9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e: + b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df: + 27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72: + 0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce: + b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a: + 40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb: + 99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1: + 49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65: + 97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55: + 49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95: + e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a: + 62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91: + 15:89:f7:8f +-----BEGIN CERTIFICATE----- +MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx +FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs +YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz +YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow +gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC +ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG +A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX +Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q +AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA +mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby +f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf +Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr +2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU +sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8 +WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y +bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK +BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm +MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s +5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu +b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3 +DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb +EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG +vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn +AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX +ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq +qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: f1:41:b3:3d:ba:bd:33:49 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org Modified: stable/8/contrib/sendmail/FAQ ============================================================================== --- stable/8/contrib/sendmail/FAQ Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/FAQ Sat Jul 11 03:46:36 2015 (r285374) @@ -1,8 +1,4 @@ The FAQ is no longer maintained with the sendmail release. It is available at http://www.sendmail.org/faq/ . -A plain-text version of the questions only, with URLs referring to -the answers, is posted to comp.mail.sendmail on the 10th and 25th -of each month. - -$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $ +$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $ Modified: stable/8/contrib/sendmail/INSTALL ============================================================================== --- stable/8/contrib/sendmail/INSTALL Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/INSTALL Sat Jul 11 03:46:36 2015 (r285374) @@ -28,8 +28,9 @@ sendmail/SECURITY for more installation /etc/mail/submit.cf. This can be done in the cf/cf by using "sh ./Build install-cf". - Please read sendmail/SECURITY before continuing; you have to create a - new user smmsp and a new group smmsp for the default installation. + Please read sendmail/SECURITY before continuing; you may have to create + a new user smmsp and a new group smmsp for the default installation + if you are updating from a really old version. Then install the sendmail binary built in step 3 by cd-ing back to sendmail/ and running "sh ./Build install". Modified: stable/8/contrib/sendmail/KNOWNBUGS ============================================================================== --- stable/8/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:46:36 2015 (r285374) @@ -62,9 +62,9 @@ This list is not guaranteed to be comple libmilter and hence the communication fails. This can be avoided by increasing the constant MILTER_CHUNK_SIZE in include/libmilter/mfdef.h and recompiling sendmail, libmilter, and - all (statically linked) milters (or by using an undocumented compile - time option: _FFR_MAXDATASIZE; you have to read the source code in - order to use this properly). + all (statically linked) milters (or by using undocumented compile + time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to + read the source code in order to use these properly). * Sender addresses whose domain part cause a temporary A record lookup failure but have a valid MX record will be temporarily rejected in @@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon Header addresses that have the \231 character (and possibly others in the range \201 - \237) behave in odd and usually unexpected ways. +* AuthRealm for Cyrus SASL may not work as expected. The man page + and the actual usage for sasl_server_new() seem to differ. + Feedback for the "correct" usage is welcome, a patch to match + the description of the man page is in contrib/AuthRealm.p0. + * accept() problem on SVR4. Apparently, the sendmail daemon loop (doing accept()s on the network) @@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon * Race condition for delivery to set-user-ID files - Sendmail will deliver to a fail if the file is owned by the DefaultUser + Sendmail will deliver to a file if the file is owned by the DefaultUser or has the set-user-ID bit set. Unfortunately, some systems clear that bit when a file is modified. Sendmail compensates by resetting the file mode back to it's original settings. Unfortunately, there's still a Modified: stable/8/contrib/sendmail/PGPKEYS ============================================================================== --- stable/8/contrib/sendmail/PGPKEYS Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/PGPKEYS Sat Jul 11 03:46:36 2015 (r285374) @@ -141,6 +141,185 @@ gpExpdV7qPrw9k01j5rod5PjZlG8zV0= =SR28 -----END PGP PUBLIC KEY BLOCK----- + +pub 2048R/0xAAF5B5DE05BDCC53 2015-01-02 +fingerprint: 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53 +uid Sendmail Signing Key/2015 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFSl4rQBCADRCzgFSJkzyoOHw9/9L/+G3mzA1fWR7TgCE0WxGX7PDzyLDaUS +a4XpCDtadjXyr7c5YPo1T7ybxUH39yvUgEHBiPQDssik+bbpOiHL7V0sUDAYfKSq +YC8/MG42Oj/zd+0WUhnI+RckFYPBNDQ+sZC6ErLDxCYDZMYhG4vhJOGqAKpglNTb +w4Fdx4LNmL3e4t3z4IEtnzAqeGVxIZm8MGGFhKkb8ufpgh8Jiz4Q6cOis0ZD9K6f +LvMPRJXSBy9jBtmS2oI2e9Q5LLhmzd1PVyA8jwAlK0QfJLmlRrgRUfHFKhkf+EuW +tTi592OYCZ9bw7QVSiGVQUK+7VACfM+FQR81ABEBAAG0MVNlbmRtYWlsIFNpZ25p +bmcgS2V5LzIwMTUgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlSl +4rQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKr1td4FvcxTTPMH/29J +kNmt6EGNo/eLQySB8HTenfJjZaQxwPRhq22kWgr/7WP1BR2411bopyNk4IZ0rcDr +tnyeJj4UWKJljVuXyTDQPtU8uUlgiOT8QiHEbge7MOzxrn0cy6KIOgKq+vtuxa28 +McaxjENR7XVIDFkesQ7P/yLkcCjlE6jaD4r9OIKpqEVMPs1WUFff+rsgTo7mdcgR +QowQOgYqNil5awQ5Y2Gol71hZ6oRcpqMwSd6w4dEEx2U8rF8oqJuoxeUTgNCSv0n +iFtewLznocmxlrxe1mQAeLfRmUAG4LSL6p5wx1lRjJA3gtyWRjY0404jGxkATLG4 +AtK2OkHj8MbrWLP7PKyJARwEEAECAAYFAlSl5AQACgkQYd4R7OJ2OnPHXAf/Y6Rk +rROF45+SgbsEIiDXQBcBOoO1GKe0nFTc1jfAKUHAQ94fqcDxNeFRA9fNIA2d7XNI +0Lw6W7X3RcEkF58xytIe/Y+EXDmOt/BUbpch9KIz6J9pqBhPdyHvG+ZeyA3A+TGT +ZGnnnAxNFtCjt2IID9lzZSLuWhH8+DNC2Vp15NngDTa1VIk17n5iIvi7r3V5cdIE +MblKLGm+ZaiTeccVLjwMKIUSgrLP87+yF/aaZH2kotuI7f3tD1ycN0sVZJxcFS+c +GFw7uvOarDBSm0Q/FgfhDUOJLy4w5SqVmgPEIAeogz94q0JXxSSr1XWQBD8X9XwF +f3+dPXmgMHXLGRWclYkBHAQQAQIABgUCVKXkPAAKCRA9aLJdUgfK08cnB/96BV+v +xyBx35TPg8eI/WIskdQAIpCQsm6FoO1ejbMzfWn9bImCewOp1UMlowdfQC52Hdp8 +EXnuwCpJ3rtnZctRld5dNM/clbZ+r3lr78wX7hqPUajlvxe+TMpyZbJirLn1f5Ba +yoysE4oICfzJivPfixZd7oFVr9EkftbatYenl0rgf/0lJTKRDIqNGezeeyfxaKdX +qd545wqis7PrrXDOrEq815aosG09KQBhIoPgti2us1R95nSm9z6dVCY/nSDOxL+a +Vyq/XD5KSUqbZVocY+fbR3dNX5haTvawuG0GPvl+YvYb2lW4hhi7Q4aUL7Dd4c9c +vk5+WAvfJwHtbxrgiQEcBBABAgAGBQJUpeREAAoJEI5a6fvO7vQ7OWUH/2NNxhlI +JEtvD+Nj2oPGgVQJrlFI1pbzyMCtD+6iy8Lfnp2DK+qKPMjBw96LUqcXC32VFPQr +17iyZDv26MSb/acmdIfTPpPTwJ6zEmMI8mXradeuoiWxeVHSg7n+D3u0xtikmb9Y +uRKv0yx43fcL70bqV5DzyXQte0chfRnOiwMrImWdgDekkmxE9udbtgK24rifNVGa +TBB6eHJAsFVu5Y38hsZLe10bCKyUCqT6Qywfy3RCMpXYeo6fXOk0fKatG2oi3CZp +LI+AnjmAJ0t2oMkrwUxogkK3LkShJT/aJYIR24eZm0GdzwRHZxXKClGFvdJslIea +TKHSXNK41eEIfreJARwEEAECAAYFAlSl5EgACgkQOaTHfal4hLAXfwf+M0YmlHd4 +1sfvckYhOYf99n1BGnfQx5RJn+X+EBjGyOfPKMBPQuZIlwAI20T+cFnR3WmgrmlO +IBG8qVcSDoValzNPcr0V3WGDrT75fYhf5iYj2ZsZDBUqE1VF3dAVUw40x2c1n+98 +7lbq3NtolSPYk07h5rhEhmkjdNcixv/exVCTGVwaT4X9ZHY8heETmF5tsCtPavpr +i/DjcDQQQ0sQ8um1eX41j2bhrN4MERUC5oadvSULaA2QUoWgCrzVG8zx715Au77N +jLtfA31hJI0GP/dpSREaYlqA0nwVDR5tz1TyTNwPN1ylxjQmjKXtJwx3jUtlT9Zh +qxRf+ngYHpWArokBHAQQAQIABgUCVKXkTAAKCRBgTfvyhUEKvl11B/9aYJBEEQZp +JWAT6HPmQK//i2x4y1euQfaHsjqJALvvPrgiTp/ZE3o6dKHhs+SbawsB57RtootN +maQr7x2drvBojWhJJdaouAh345qOfZYb0bD9klkr6W+Mjl5T0xWIKFEyIZn0Tcbr +8ekHgSIx2trL8LduSJou2bdPMh46PORzEpuQQ4IAyV0uRyBdNFOPwTy2OdXs51fr +M7lp1hJp84+y2a6z3vz3VCs2A9LzlnXKZ6bXljpd5dQfrmrSNXltPKA3jVLkWi8+ +rh9f1rAGsj1e6N1aVF2uJ1Y3u+U0XQ/dwa1vDF3y4KVObxYM9eNGbF4J8lGkUy2a +gZ1s1X8QzEDUiJwEEAECAAYFAlSl5FAACgkQEolum6d/JCmUSQP+KEz6xSvPSbFP +Hip4JiX1Wbvd+t3TyL0u9Fv/POwUrFIHVpTkCwOz6jsBH3TdGGiYOP5F8k/US2jU +3WB0J1mK5Rn3GwLhUGNTEeuaJZCuKE+j3qwMFmDqC/2IxEvlWtrIbTqkgf7cRv/O +O7VNv+EL0axtsrOcwZlUWe6Lc4571oaInAQQAQIABgUCVKXkUwAKCRDYqvDK9rMH +KX7xBACUFTBRCmboY/GRTHMZW1DGfcO2vMxwnYKqWomuzi/YonDCWtoTpeMDaAhY +NnIchC1mlYteIE94/+ZsoYsZeaR3fe7CN6h/deBu4tW/dQ+TW1ZPF6EuVhoviKgz +rd3rb+gcS0f0PgSPyg5LGtoMGMD9/gx1NJOTFec83jmBI95Gb4icBBABAgAGBQJU +peRXAAoJEJdDARhwk7hBAUED/0oyeD2Z4wMQ6IQEprOAWbR+vIRzaThemmCGobRw +UlM44nUXqKSM1+naLEVz/JzBuKWG00zTz6Su3NesWoFzDDUGYcIJggbOm39Pc+V8 +eXV86An64/v3P6gypJc+q9P+FFGGO884wFmYN634Mi4SDBVFUzffcghueAFcxtzt +0mH5iJwEEAECAAYFAlSl5FoACgkQHnuzyK+VliVGdwP/fmdK9MdWIzPD/6eYm6JZ +zbksaGWiqpwgp9IEr/OhSmGkXuwUsP35PFJ8FsJbEV5x/y6pP3UNp6EFRN/116ue +jp5vVM7nnj2K3V8f85J4dXCRbv+kek+Ufo1Qzm5kgvRuBxX1sXpxFX6yBM0Y6WuV +gszdbTVNlS04q6bnPFE9L4uInAQQAQIABgUCVKXkXgAKCRBwoCRNHvmSUZ/7A/9W +yQJrrdrs2SuYtoxov/pL/TVMejbnxsF8Y0dRtM/KiquP57PMQSmLqy4fTRzAMHBv +XK1aKfewTVfGKLcHIzfMfv2XcPpWfwcyMeZKtcSr25lWl9GJZP221rCok76XYwqk +BPPp0pjSwdy0Qq4sd3N3ESZmqAMWJ7ouMmlQ7VWReYicBBABAgAGBQJUpeRhAAoJ +EMjV7SmV9hdxLv0EALX3yjI2KDNG1mo5ctCSYlIlhXHQ6csHuUK9lzj9R1gVEzDU +0dEZH0+a5UXh5xf8nyTDLytUe8PxTtPit3AOP6TvTJlANULh/3MKS6317RwUe2e0 +OitWbhQAOYfpYAkSdXZACzPacxrefkxmSM3Pq+SYoumZTI2N6AvVu8MeCS0GiJwE +EAECAAYFAlSl5GQACgkQIYPhsTlvB4mWJgP/XAlvlBityADJkdN+3mp/OtdYzw04 ++dBdNtmLqWUiMZg6rPPHUQi7dfBKi95FFe2U8hxSRk8oLzSzmh/M/CP72mxKh4pi +PbmEkmKHYlNdyfCCNqXdjkBXFAKXAes/4DaBlZwvLjPtrupEaW2eYdU8cSrdeGuv +1PMLRPxRr3nPCb+InAQQAQIABgUCVKXkaAAKCRCJaWK4Z4wKA3ZVA/4iYD+xrYv0 +8I+0GZJRdEL5f7T97a7Vtf5xSxUhHDww4xC9gs8LzEGWZXoNaZEVl4j+63EnCIbY +o4g+c4m81D5NWFqeJWhWpcyvejo9hfGM3ZK/XbiF+ZTzznU5YJclGaZ7t8TY8gcx +GSWxUzxBJQcSEzAKKi286ielMAXocNx10oicBBABAgAGBQJUpeRrAAoJEDgi20fM +N08tDkwD/2F5j5irsDw+MQyLKpfPv3GRJ5J3ebOPpLQkQ5T34+qeIw4LkcXW9OJA +ohW47JLb7R8zwAlUoqmmNXtxTM0r0FlTYGPOVEnSEkMqqa3KR68B3jWAGXXdqig9 +yBxYRleawQ4ltnegBn8q7gC4MwnIAZxzK+Y8cM0Rk/FjC9+NhwrviJwEEAECAAYF +AlSl5G8ACgkQnBy94uNcVjUfvgQAlQijnoE3de1CanB0JqIN+h+XOLOpalFti+B7 +Swc2ZlnlQ9mofYPK5UHlbsiC7/TilD6xm4YEFKim9sOIMi8FNka8+EH+/d1DmS4M +qVPDssxTG6VOzn7tYOuC9qIw15IpfbHW2bk/YIImwP9nViKCMLIGw+ZgK+uiRQx9 +fT8O1NqInAQQAQIABgUCVKXkcgAKCRBvUpPYo5umVYKeA/9n63K1nF3DNY3Hckvz +tN8OrPmyCIOh+7t4sc5NHhTK0+BQTv+cgG6ig7K2cdI6VBAovs/c/u7+RrcMhp7l +45AVnycfKcNaMHKFyMHDk9FZgpRG/bv1zwDxdh+scUc3IekqkSiQ2wTjDQ5Q/BMK +L5zfOSnTOoltWjpVgsjdM75Ol4icBBABAgAGBQJUpeR2AAoJEO9YlmTUMuGd8R0D +/3mhriMu/cp3DXHnlDykqLJI1q5K4xCHOWwFYZ8DxW116AVjluJYYW1HmWcJrjK3 +cwuN3FUcsIjafanIJWCsdeZaPAyFEfUBEW0YXIIpBXRw2N7jNtrd5X6Zjptd+zW+ +4dUzvT1pqVtdPHjova3fcGLSmcdZYbddotaGi7xi7kXviJwEEAECAAYFAlSl5HoA +CgkQwZwdJRLTRh0iwwP/Y/pwp9ttAMuQUz6oH71BTkUrzu9LiI7vhrYxEquFdzCO +dE4jBNB3LGfwzjhJRtjmQ/gVhjXWWrDYnOXt3gNxb9KzmTHmSDu65cBxX54Un0pZ ++MXjjWOT2l8+GA1lXeICIoZjJL88/zEZAiaH67ch2LEix1fOaJmXJzUSmP1pR3KI +nAQQAQIABgUCVKXkfgAKCRDAKcpAFvTM6XVwA/9Eb+Dwn2lmEFFo64gj8ocpWzP8 +/sD86PP5KkZ+b/HQnGB3lsQTwsGytDvJfutLDa05sS/HWZ9wXPltX/G3omp/A1G5 +qEKzVSe0vEWedpf9wn82Ll6hzaiS5qX7r0+FpyUjY8arNrze5S4Q6Q2kjl8YduXl +wG877igRHkGpAtApxYhGBBARAgAGBQJUpeSHAAoJEBj1A4AkwngCRCMAnjHfd5db +KK6DJxrWVnEbyXs/QJGKAJsErKkiUX55B8k/P3cyzyXIaOujBYicBBABAgAGBQJU +peSOAAoJEHxLZ22gDhVjCDQD/j7DE5wyhpjHrtf0hsQcaQoVHWZb2JTLZUMRAQyj +zKMTSs0GslamlxLZmyV1HqkB+41zuJeBQtRV4gjqa5DQmWDRC2mHl7o9A40v4SDa +O1jmfU5hfJSMecucPyEcfaAG4BIMvBo6TL484uHBi45SN4Ik3f2wc6D1XOluD1vB +gIwpiJwEEAECAAYFAlSl5JMACgkQ1uCh/k++Kt2s6gP/RNcMKtx4u61vz+Aji/Fa +H9q03JxQaRgmN1q2AvZQ/NTWTXU7Y5GnH4kW/8rOoUQiR+agJsvTt4ciM+y33pZ/ +ZZLkAuo0uKelEHhdQhtRbSktKBHSgDWbiqaJJIxazeLpxcSgaoM6RW/7aIFdMtEl +ALAzTACYlTN/nKWWICn8GnGIRgQQEQIABgUCVKXkmAAKCRAh+cW892qb9aWOAKCg +aznvUX8PIvKPzoHld39xWlJ+FgCg76wrEc1h9IiIgUoqH5NWVCxcHneInAQQAQIA +BgUCVKXkngAKCRC92o/WP+p9/ancA/0Z4JHZT7NRBMr47zQvSwE4eLpSE5QDGXi7 +RNmOUgZxrxsFWRZLJCVupXDBQVZEhOBRZYqXPw1eDglOU952oj5OjaHsYnSEu7jz +VUwlp2BxZQ3mnepdUcQz1A3k2cPZ0I6KFP9hP88GU+77nubB7IqRH/Q3QKMgO0eW +yd5kYugyYYkBHAQQAQIABgUCVKXkpwAKCRC9J20ub8+ohR46CADMEvAns+L+BkVN +d9INsiR1rONrNRPT6w4dnBeTLaykkuMjc6+7s+UuXm6AMAelI28pG+fJyt/lZAGx +QLS9zFgREge0lVbOZVeAYeC1YyFsrJE4Lr2quq3fajj23tnsHmCv16znMHrh/E1m +Udm4145NprijrZn+PsjuVWYV+pxiLpLM0YBdGNwCEMi/KCQ1fcaiAZZWSqLmHIe0 +ubWDdqq8/5JRQ22SEnqP2FT/lfOmKTxMNmE0uEr4+C4fG2nd38BvzpHu9eN/4Nwx +IwzK5DhbAj+I57+VDncgkNGe1q4QY/5LaZQh/nHIcmX1ln23f9Lxkr6EYYZ1ptq+ +A8buvD+XiQEcBBABAgAGBQJUp+zrAAoJEBCQryClqlvm6AgIAKAR8HY4G9AD2jDb +ouS4Al4QICagwQ0Y7Rc2/fHyPQEAP714EimakPFVFDbSD6SW569Qtdxr+ggH4wFI +bzd21pCgIUC6nVoDotIjplMdYkNfq8AODpxn3HTBnNQ7e609xnWxFo/+httKoWok +fEP9qZk4MJq7lE75iX+wohjLwoF6v0tCB8CrBFJcfKrDvXQSGvKiaEp4g0sEfyXv +gL6X0xKMflupofdnFLJliV0WqGhBOGUghPdLsA02E3e1utj6WABmudMytRxWB8is +SWGaywaEKLSdCgi+XlQVypKeWNMbZZZcftVZ91r4iNTAkw4cv5Wea+YnngfurGCq +J/jUq7aJAiIEEgEKAAwFAlSn7r4FgweGH4AACgkQZhs61tgqu9C9Aw/+JMTXzwni +NPwBxkbcNWbnWODVEElmDloHNpr3z+ryF1XNgbiOY8dn7uwRnPoeCDhIDwvNkK+x +h4xmjH0970v1ltbzcZv0wnK6UeHQssqN9NGsXM9rbodYRIam4yxbwd1ddOC9QZFM +ToRVWiqCzGOVYL50a24OYKClGjm4ncRznXJrNwYMEjxQ3j5FOkXIn0096z3szWCY +6yDpPzOsl2TPwdjMKZWoMEDh/SvY3AxAXo1XqDCj2/+C8dDwO7kn+QAl3fUGmkI6 +dUHCAJm/WtSyvINdphzhZ1ZdkPhqDUKcR0JTX03QJ6bnu5vmmOncWm2NA7rP74fq +KE9XzT808xP0GBwR1co7Eq+/751j2TA33JSlt/hIgi5aEWc4laCingJ02yaW8tUS +DCoVNITaXcF/B47hjBgovQk8TOTsQ0nkSYvOoh05OYBmzl17G57QuPx1stRJ29QA +VLGem1v1mXAuNdHH0kNE+/Rv0A2vGqauLx9ba84RfbXMM4SJw8CjhX6OxhAM8xoU +tO6T56XZS8qLtWLkNQNZNdNlAo6tYk/cTrjdX1M63nYjoVbuc0nic6Wp+dQk/DEb +wsiIpFoisvMK6EH49v70/c9Gtg6rk5z2yBHMZsjo2Y0TheTKwKIUEz0MuTncH8jD +yB/NtQkrbiBdEqRJUoKKUtS0B4cUYTUyd+SJAhwEEAEKAAYFAlSn8agACgkQ8Ar2 +6sJF0gs2yA//cgc+g1wPRFzJeQGv5UFR3TCAMtS+/bzY3UU/eG2Jmbv2qwPbn+kx +RH5dYlZ72VHXEggBaEweCBrBWsweX5dGEMNDLNlI9ArAjjhBAZFFUQKj55EzIZpp +YTbvgxOD2ENKU2HfeQYCGFYZr3L2DXQ1k0U7VnaElBQV3o88CMi7bIsQq2aWk+c6 +Cy15UVr0niVLm95EUZM4yYm2gOGJXUeaGIExSBtiwuzvAiDEGaqfPGAi1ePkNmLJ +3UzYfgiQumSh1kDVlQkCc8UQiF6ckEma618cmmaHs5vZvHsTX5O2/qPkLpXunA/7 +5yM/Jde8a5VbNGWyZ4rmstlWR5rPd7r3uP85miHn7Arait3aGo8RQeAHzOdTvMqS +n3oCotQlOvBhOo7qA8oYQVlU0+77gOfZZeEXDZG13lU95ptFhdsGstIQH67jPQ6z +TpVnd28ip92ysrwvxPhOzO74yKcYoKtzwLctcvptlKTkrFMHP3wJwqbaSfJGK4JE +rjT8WnnWyHY465nTDN9AKkoH4WQNozniWX8OkF3CpPj7ow8roFXlPOxXH4QsaQu3 +Kk31APn/A925d4xyYuWYHZ7A/FzsHafFHPMoG3iwZyuFhfl1UXVvEd8w9mEcxXoh +2iCy87TdpesG0GDzSmWwEYEPkg20BD2+vdc0EekALDjAGM+lfBxN67KIRgQQEQIA +BgUCVKgM0gAKCRAJp6JK0eWCB94UAJ98O6S6r1hFnCLrbU3GeqrA4DCtBQCfcza/ +WoVLc3/+bOf1jzjJ/eJ20IyJAiIEEwEKAAwFAlSoCRMFgweGH4AACgkQhS2G+DXA +JIrWURAAvgl1LkqB9pRPViK1U+xa3b5zt0O/fLbov59aLhA4uPJ10BgaKptflLim +aE2EsS4Mnk0DQgGEBjlywJ5Ft3aMk3vbRz7lDE3zQ3oWa7+N4fcG7WWsAxmh0NtX +Ak7orN6rQcyGgWgpF7wOau79i4VO7oLHKeS7QNs7X59CW+k64TAJabxi74PRoVMz +843qWPjsuFIYM7n/nF0vdECwhSE8zUgcYG2n5CdA0Lq7XRE+II11VOT2XEXFMyR/ +Qh2m7l+jy12MEzHQfGC1HYBo/Zi/MRIN53Rd2LLJWQdMxz/BDiuSxZhKVeCRe7gT +Mc2k3VrmfViBoaUE0zqMbx0j29XUbNQNU3afE8MOBkmyd6AQjoswBEsgU9uyCJYD +Jq3V1stwSVBm9G7X/l8GFlPawLg/uM9gTYb2JYUYPlphTAwVcL469rKQNMhPj2ww +zT7NzjwFb9XrmyiIrqH5z2ieG+LRjajOPVPwBsqZ3gOA+z9QkU1lRYEJOTlEYCkv +8oA6ZeFm31S4JoeogbCDaMiqDszkFtYGBUgGEbnHoCgXi7aINSb17VZ8LTzpD4V9 +vGdFVuE3vJf2POMERP+buLV8OiG38cBJXb+JVSC+pkpm+32nY0UR5ccDPwAC3cGq +SbI6ftKlQeaYp3UEncFUaB8NNZings3jzRexPjzUzo0vhRkkIs2InAQQAQIABgUC +VKg5iQAKCRBfHshviAyeVbEVBACL9Vve0dF0UqO+DN4PzrTOx2JzRw7ujhcrZ6I/ +TCXjANGLWUheylRWhvxMojvbhZEg2835+9l6tpD7BVnrfkBE+LYIKFTusye+WYre +dAaHFpuN6XfmsXmhXaSodhH9gKS+oftYX61qUmiE7L98nvINNBMnFVkptCQVDl8o +GWiMRYhGBBMRAgAGBQJUqBAmAAoJEMSxB5iFeWojCtoAoLa2/SUyfC5EiKdvEbap +49v6XPyxAJ9mPvhe75aTOU7uWoa+c0wn6fXIcrkBDQRUpeK0AQgA7ctg3cJD4eTw +j4sQ94AtSYjwT+Yp7r2s6h4cHUge6AMZy9ixtyg87JnviRFob2zeo2JFDAwtl7Zs +GHo+py/mJwfQKmUsXUmQqgHJFXDiiux+4+dYOXZyVYKP5bTV0JVlKjRjSWNnh7Bv +yZNUZlrLz5ZKF1NAYKJAw4fx3TFbC4K3hvDwHQW3croPQYq0wNq6as956LHYjUOB +Q5K0uy4TXY2EcIyAy253UX9MAFgacuP1jf3ITEVZpcebzl+gcaB54gXqOfmgQQP5 +PmQDyb96ZxFsKa5UfsS3Kh0PeERa5TDlgiw55O55pUSGKKfYfOXvqpJ/ZKYl+ado +wgsmbq09UwARAQABiQEfBBgBAgAJBQJUpeK0AhsMAAoJEKr1td4FvcxTNO0IAJ2b +V48mulcdCS8G3t8qRHlEXGbxgYBQRa500M9fdgRyIWBxubP7r6/nLFDGiIpdUVmT +g9F3r1JsyK6Q7+VUp9XLirj/gT1kwxXT/UHHIQO8ObtPbfFtqISaBjaklTOUPCud ++nOpzRIfct6CZM0xAVIoqm4kaRFaWefxRiyeosDQ7tCD4lDRwxNJE2deE1WmOeN1 +YCJHa8QaewJXtUvqMq6pRmTlzSn+5/w3gV3XVF+CHjGD/COeSm7CGazLmlypN4n8 +ib9eRg0K2rAqKfUbn+aFwmqSBhBcw/UhOoXnteNQvd9KNdKiHERJEI3qZ2rLAlYf +uYT6oSAR9rPSpsZpyTI= +=Jib4 +-----END PGP PUBLIC KEY BLOCK----- + + Type Bits KeyID Created Expires Algorithm Use pub 2048 E2763A73 2014-01-02 ------- RSA Sign & Encrypt fingerprint: 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73 @@ -2613,4 +2792,3 @@ DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJ =nES8 -----END PGP PUBLIC KEY BLOCK----- -$Revision: 8.46 $, Last updated $Date: 2014-01-18 00:20:24 $ Modified: stable/8/contrib/sendmail/README ============================================================================== --- stable/8/contrib/sendmail/README Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/README Sat Jul 11 03:46:36 2015 (r285374) @@ -211,29 +211,11 @@ There are other files you should read. +--------------+ There are several related RFCs that you may wish to read -- they are -available via anonymous FTP to several sites. For a list of the -primary repositories see: - - http://www.isi.edu/in-notes/rfc-retrieval.txt - -They are also online at: +available from several sites, see + http://www.rfc-editor.org/ http://www.ietf.org/ -They can also be retrieved via electronic mail by sending -email to one of: - - mail-server@nisc.sri.com - Put "send rfcNNN" in message body - nis-info@nis.nsf.net - Put "send RFCnnn.TXT-1" in message body - sendrfc@jvnc.net - Put "RFCnnn" as Subject: line - -For further instructions see: - - http://www.isi.edu/in-notes/rfc-editor/rfc-info - Important RFCs for electronic mail are: RFC821 SMTP protocol Modified: stable/8/contrib/sendmail/RELEASE_NOTES ============================================================================== --- stable/8/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:46:36 2015 (r285374) @@ -5,6 +5,165 @@ This listing shows the version of the se of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.15.2/8.15.2 2015/07/03 + If FEATURE(`nopercenthack') is used then some bogus input triggered + a recursion which was caught and logged as + SYSERR: rewrite: excessive recursion (max 50) ... + Fix based on patch from Ondrej Holas. + DHParameters now by default uses an included 2048 bit prime. + The value 'none' previously caused a log entry claiming + there was an error "cannot read or set DH parameters". + Also note that this option applies to the server side only. + The U= mailer field didn't accept group names containing hyphens, + underbars, or periods. Based on patch from David Gwynne + of the University of Queensland. + CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again. + Patch from Lars-Johan Liman of Netnod Internet Exchange. + CONFIG: New option UseCompressedIPv6Addresses to select between + compressed and uncompressed IPv6 addresses. The default + value depends on the compile-time option IPV6_FULL: + For 1 the default is False, for 0 it is True, thus + preserving the current behaviour. Based on patch from + John Beck of Oracle. + CONFIG: Account for IPv6 localhost addresses in + FEATURE(`block_bad_helo'). Suggested by Andrey Chernov + from FreeBSD and Robert Scheck from the Fedora Project. + CONFIG: Account for IPv6 localhost addresses in check_mail ruleset. + LIBMILTER: Deal with more invalid protocol data to avoid potential + crashes. Problem noted by Dimitri Kirchner. + LIBMILTER: Allow a milter to specify an empty macro list ("", not + NULL) in smfi_setsymlist() so no macro is sent for the + selected stage. + MAKEMAP: A change to check TrustedUser in fewer cases which was + made in 2013 caused a potential regression when makemap + was run as root (which should not be done anyway). + Note: sendmail often contains options "For Future Releases" + (prefix _FFR_) which might be enabled in a subsequent + version or might simply be removed as they turned out not + to be really useful. These features are usually not + documented but if they are, then the required (FFR) + options are listed in + - doc/op/op.* for rulesets and macros, + - cf/README for mc/cf options. + +8.15.1/8.15.1 2014/12/06 + SECURITY: Properly set the close-on-exec flag for file descriptors + (except stdin, stdout, and stderr) before executing mailers. + If header rewriting fails due to a temporary map lookup failure, + queue the mail for later retry instead of sending it + without rewriting the header. Note: this is done + while the mail is being sent and hence the transaction + is aborted, which only works for SMTP/LMTP mailers + hence the handling of temporary map failures is + suppressed for other mailers. SMTP/LMTP servers may + complain about aborted transactions when this problem + occurs. + See also "DNS Lookups" in sendmail/TUNING. + Incompatible Change: Use uncompressed IPv6 addresses by default, + i.e., they will not contain "::". For example, + instead of ::1 it will be 0:0:0:0:0:0:0:1. This + permits a zero subnet to have a more specific match, + such as different map entries for IPv6:0:0 vs IPv6:0. + This change requires that configuration data + (including maps, files, classes, custom ruleset, + etc) must use the same format, so make certain such + configuration data is updated before using 8.15. + As a very simple check search for patterns like + 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary, + the prior format can be retained by compiling with: + APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0') + in your devtools/Site/site.config.m4 file. + If debugging is turned on (-d0.14) also print the OpenSSL + versions, both build time and run time + (provided STARTTLS is compiled in). + If a connection to the MTA is dropped by the client before its + hostname can be validated, treat it as "may be forged", + so that the unvalidated hostname is not passed to a + milter in xxfi_connect(). + Add a timeout for communication with socket map servers + which can be specified using the -d option. + Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow + numeric logins even if HESIOD is enabled. + The new option CertFingerprintAlgorithm specifies the finger- + print algorithm (digest) to use for the presented cert. + If the option is not set, md5 is used and the macro + {cert_md5} contains the cert fingerprint. + However, if the option is set, the specified algorithm + (e.g., sha1) is used and the macro {cert_fp} contains + the cert fingerprint. + That is, as long as the option is not set, the behaviour + does not change, but otherwise, {cert_md5} is superseded + by {cert_fp} even if you set CertFingerprintAlgorithm + to md5. + The options ServerSSLOptions and ClientSSLOptions can be used + to set SSL options for the server and client side + respectively. See SSL_CTX_set_options(3) for a list. + Note: this change turns on SSL_OP_NO_SSLv2 and + SSL_OP_NO_TICKET for the client. See doc/op/op.me + for details. + The option CipherList sets the list of ciphers for STARTTLS. + See ciphers(1) for possible values. + Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" + if a CRLFfile is in use (and LogLevel is 14 or higher.) + Store a more specific TLS protocol version in ${tls_version} + instead of a generic one, e.g., TLSv1 instead of + TLSv1/SSLv3. + Properly set {client_port} value on little endian machines. + Patch from Kelsey Cummings of Sonic.net. + Per RFC 3848, indicate in the Received: header whether SSL or + SMTP AUTH was negotiated by setting the protocol clause + to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP. + If the 'C' flag is listed as TLSSrvOptions the requirement for the + TLS server to have a cert is removed. This only works + under very specific circumstances and should only be used + if the consequences are understood, e.g., clients + may not work with a server using this. + The options ClientCertFile, ClientKeyFile, ServerCertFile, and + ServerKeyFile can take a second file name, which must be + separated from the first with a comma (note: do not use + any spaces) to set up a second cert/key pair. This can + be used to have certs of different types, e.g., RSA + and DSA. + A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) + address. It returns the string for the PTR lookup, but + without trailing {ip6,in-addr}.arpa. + New operation mode 'C' just checks the configuration file, e.g., + sendmail -C new.cf -bC + will perform a basic syntax/consistency check of new.cf. + The mailer flag 'I' is deprecated and will be removed in a + future version. + Allow local (not just TCP) socket connections to the server, e.g., + O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock + can be used. + If the new option MaxQueueAge is set to a value greater than zero, + entries in the queue will be retried during a queue run + only if the individual retry time has been reached which + is doubled for each attempt. The maximum retry time is + limited by the specified value. + New DontBlameSendmail option GroupReadableDefaultAuthInfoFile + to relax requirement for DefaultAuthInfo file. + Reset timeout after receiving a message to appropriate value if + STARTTLS is in use. Based on patch by Kelsey Cummings + of Sonic.net. + Report correct error messages from the LDAP library for a range of + small negative return values covering those used by OpenLDAP. + Fix compilation with Berkeley DB 5.0 and 6.0. Patch from + Allan E Johannesen of Worcester Polytechnic Institute. + CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or + nospecial which describes whether to disallow "%" in the + local part of an address. + DEVTOOLS: Fix regression in auto-detection of libraries when only + shared libraries are available. Problem reported by + Bryan Costales. + LIBMILTER: Mark communication socket as close-on-exec in case + a user's filter starts other applications. + Based on patch from Paul Howarth. + Portability: + SunOS 5.12 has changed the API for sigwait(2) to conform + with XPG7. Based on patch from Roger Faulkner of Oracle. + Deleted Files: + libsm/path.c + 8.14.9/8.14.9 2014/05/21 SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. @@ -681,7 +840,7 @@ summary of the changes in that release. LIBMILTER: The "hostname" argument of the xxfi_connect() callback previously was the equivalent of {client_ptr}. However, this did not match the documentation of the function, hence - it has been changed to {client_name}. See doc/op/op.* + it has been changed to {client_name}. See doc/op/op.me about these macros. 8.13.7/8.13.7 2006/06/14 @@ -3509,11 +3668,11 @@ summary of the changes in that release. Add new STARTTLS related options CACERTPath, CACERTFile, ClientCertFile, ClientKeyFile, DHParameters, RandFile, ServerCertFile, and ServerKeyFile. These are documented in - cf/README and doc/op/op.*. + cf/README and doc/op/op.me. New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, ${server_name}, and ${server_addr}. These are documented - in cf/README and doc/op/op.*. + in cf/README and doc/op/op.me. Add support for the Entropy Gathering Daemon (EGD) for better random data. New DontBlameSendmail option InsufficientEntropy for systems which Modified: stable/8/contrib/sendmail/cf/README ============================================================================== --- stable/8/contrib/sendmail/cf/README Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/cf/README Sat Jul 11 03:46:36 2015 (r285374) @@ -158,6 +158,26 @@ FEATURE(`local_procmail'). ******************************************************************* +Note: +Some rulesets, features, and options are only useful if the sendmail +binary has been compiled with the appropriate options, e.g., the +ruleset tls_server is only invoked if sendmail has been compiled +with STARTTLS. This is usually obvious from the context and hence +not further specified here. +There are also so called "For Future Releases" (FFR) compile time +options which might be included in a subsequent version or might +simply be removed as they turned out not to be really useful. +These are generally not documented but if they are, then the required +compile time options are listed in doc/op/op.* for rulesets and +macros, and for mc/cf specific options they are usually listed here. +In addition to compile time options for the sendmail binary, there +can also be FFRs for mc/cf which in general can be enabled when the +configuration file is generated by defining them at the top of your +.mc file: + +define(`_FFR_NAME_HERE', 1) + + +----------------------------+ | A BRIEF INTRODUCTION TO M4 | +----------------------------+ @@ -397,6 +417,10 @@ SMTP_MAILER_CHARSET [undefined] If defin that ARRIVE from an address that resolves to one of the SMTP mailers and which are converted to MIME will be labeled with this character set. +RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data + that ARRIVE from an address that resolves to the + relay mailers and which are converted to MIME will + be labeled with this character set. SMTP_MAILER_LL [990] The maximum line length for SMTP mailers (except the relay mailer). RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. @@ -743,6 +767,16 @@ nouucp Don't route UUCP addresses. Thi 2. don't remove "!" from OperatorChars if `reject' is given as parameter. +nopercenthack Don't treat % as routing character. This feature takes one + parameter: + `reject': reject addresses which have % in the local + part unless it originates from a system + that is allowed to relay. + `nospecial': don't do anything special with %. + Warnings: 1. See the notice in the anti-spam section. + 2. Don't remove % from OperatorChars if `reject' is + given as parameter. + nocanonify Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this @@ -1441,7 +1475,7 @@ msp Defines config file for Message Sub by default. If you have a machine with IPv6 only, change it to - FEATURE(`msp', `[IPv6:::1]') + FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]') If you want to continue using '[localhost]', (the behavior up to 8.12.6), use @@ -1499,8 +1533,12 @@ block_bad_helo Reject messages from SMTP - connections from IP addresses in class $={R}. Currently access_db lookups can not be used to (selectively) disable this test, moreover, + FEATURE(`delay_checks') - is required. + + is required. Note, the block_bad_helo feature automatically + adds the IPv6 and IPv4 localhost IP addresses to $={w} (local + host names) and $={R} (relay permitted). require_rdns Reject mail from connecting SMTP clients without proper rDNS (reverse DNS), functional gethostbyaddr() resolution. @@ -2442,17 +2480,19 @@ should only be used for sites which have that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly. -NOTICE: It is possible to relay mail through a system which the anti-relay -rules do not prevent: the case of a system that does use FEATURE(`nouucp', -`nospecial') (system A) and relays local messages to a mail hub (e.g., via -LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use -FEATURE(`nouucp') at all, addresses of the form - would be relayed to . -System A doesn't recognize `!' as an address separator and therefore -forwards it to the mail hub which in turns relays it because it came from -a trusted local host. So if a mailserver allows UUCP (bang-format) -addresses, all systems from which it allows relaying should do the same -or reject those addresses. +NOTICE: It is possible to relay mail through a system which the +anti-relay rules do not prevent: the case of a system that does use +FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial') +(system A) and relays local messages to a mail hub (e.g., via +LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the +same feature (nouucp / nopercenthack) at all, addresses of the form + / +would be relayed to . +System A doesn't recognize `!' / `%' as an address separator and +therefore forwards it to the mail hub which in turns relays it +because it came from a trusted local host. So if a mailserver +allows UUCP (bang-format) / %-hack addresses, all systems from which +it allows relaying should do the same or reject those addresses. As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, @@ -3160,17 +3200,49 @@ TLS_Clt:laptop.example.com PERM+VER TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org -Disabling STARTTLS And Setting SMTP Server Features ---------------------------------------------------- +TLS Options per Session +----------------------- By default STARTTLS is used whenever possible. However, there are -some broken MTAs that don't properly implement STARTTLS. To be able -to send to (or receive from) those MTAs, the ruleset try_tls -(srv_features) can be used that work together with the access map. -Entries for the access map must be tagged with Try_TLS (Srv_Features) -and refer to the hostname or IP address of the connecting system. -A default case can be specified by using just the tag. For example, -the following entries in the access map: +MTAs with STARTTLS interoperability issues. To be able to send to +(or receive from) those MTAs several features are available: + +1) Various TLS options be be set per IP/domain. +2) STARTTLS can be turned off for specific IP addresses/domains. + +About 1): the rulesets tls_srv_features and tls_clt_features can +be used to return a (semicolon separated) list of TLS related +options: + +- Options: compare {Server,Client}SSLOptions. +- CipherList: same as the global option. +- CertFile, KeyFile: {Server,Client}{Cert,Key}File + +If FEATURE(`tls_session_features') is used, then default rulesets +are activated which look up entries in the access map with the tags +TLS_Srv_features and TLS_Clt_features, respectively. +For example, these entries: + + TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA; + TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT + +specify a cipherlist with MEDIUM strength ciphers that use RSA +certificates only for the client with the IP address 10.0.2.4, +and turn off TLSv1.2 when connecting to the server with the IP +address 10.1.0.1 as well as setting a specific cipherlist. +If FEATURE(`tls_session_features') is not used the user can provide +their own rulesets which must return the appropriate data. +If the rulesets are not defined or do not return a value, the +default TLS options are not modified. +(These rulesets require the sendmail binary to be built with +_FFR_TLS_SE_OPTS enabled.) + +About 2): the ruleset try_tls (srv_features) can be used that work +together with the access map. Entries for the access map must be +tagged with Try_TLS (Srv_Features) and refer to the hostname or IP +address of the connecting system. A default case can be specified +by using just the tag. For example, the following entries in the +access map: Try_TLS:broken.server NO Srv_Features:my.domain v @@ -3756,6 +3828,12 @@ confSINGLE_THREAD_DELIVERY SingleThread cached but otherwise idle connection to a host will prevent other sendmails from connecting to the other host. +confUSE_COMPRESSED_IPV6_ADDRESSES + UseCompressedIPv6Addresses + [undefined] If set, use the compressed + form of IPv6 addresses, such as + IPV6:::1, instead of the uncompressed + form, such as IPv6:0:0:0:0:0:0:0:1. confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to deliver error messages. This should not be necessary because of general @@ -3990,6 +4068,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: Priority, Host, Filename, Random, Modification, or Time. +confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater + than zero, entries in the queue + will be retried during a queue run + only if the individual retry time + has been reached which is doubled + for each attempt. The maximum retry + time is limited by the specified value. confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the @@ -4208,7 +4293,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSA confAUTH_REALM AuthRealm [undefined] The authentication realm that is passed to the Cyrus SASL library. If no realm is specified, - $j is used. + $j is used. See KNOWNBUGS. confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains authentication information for outgoing connections. This file must @@ -4241,6 +4326,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If thi verification is performed, i.e., the server doesn't ask for a certificate. +confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related + options for server side. See + SSL_CTX_set_options(3) for a list. +confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related + options for client side. See + SSL_CTX_set_options(3) for a list. +confCIPHER_LIST CipherList [undefined] Cipher list for TLS. + See ciphers(1) for possible values. confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map specification for LDAP maps. The value should only contain LDAP @@ -4250,10 +4343,11 @@ confLDAP_DEFAULT_SPEC LDAPDefaultSpec [u maps unless they are specified in the individual map specification ('K' command). -confCACERT_PATH CACertPath [undefined] Path to directory - with certs of CAs. -confCACERT CACertFile [undefined] File containing one CA - cert. +confCACERT_PATH CACertPath [undefined] Path to directory with + certificates of CAs which must contain + their hashes as filenames or links. +confCACERT CACertFile [undefined] File containing at least + one CA certificate. confSERVER_CERT ServerCertFile [undefined] File containing the cert of the server, i.e., this cert is used when sendmail acts as @@ -4281,6 +4375,10 @@ confRAND_FILE RandFile [undefined] File requires this option if the compile flag HASURANDOM is not set (see sendmail/README). +confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm + [undefined] The fingerprint algorithm + (digest) to use for the presented + cert. confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of queue runners is set the given value (nice(3)). Modified: stable/8/contrib/sendmail/cf/cf/Makefile ============================================================================== --- stable/8/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:46:36 2015 (r285374) @@ -100,6 +100,7 @@ M4FILES=\ ${CFDIR}/feature/access_db.m4 \ ${CFDIR}/feature/allmasquerade.m4 \ ${CFDIR}/feature/always_add_domain.m4 \ + ${CFDIR}/feature/bcc.m4 \ ${CFDIR}/feature/bestmx_is_local.m4 \ ${CFDIR}/feature/bitdomain.m4 \ ${CFDIR}/feature/blacklist_recipients.m4 \ @@ -118,9 +119,11 @@ M4FILES=\ ${CFDIR}/feature/masquerade_envelope.m4 \ ${CFDIR}/feature/no_default_msa.m4 \ ${CFDIR}/feature/nocanonify.m4 \ + ${CFDIR}/feature/nopercenthack.m4 \ ${CFDIR}/feature/notsticky.m4 \ ${CFDIR}/feature/nouucp.m4 \ ${CFDIR}/feature/nullclient.m4 \ + ${CFDIR}/feature/prefixmod.m4 \ ${CFDIR}/feature/promiscuous_relay.m4 \ ${CFDIR}/feature/redirect.m4 \ ${CFDIR}/feature/ratecontrol.m4 \ @@ -131,12 +134,14 @@ M4FILES=\ ${CFDIR}/feature/relay_mail_from.m4 \ ${CFDIR}/feature/smrsh.m4 \ ${CFDIR}/feature/stickyhost.m4 \ + ${CFDIR}/feature/tls_session_features.m4 \ ${CFDIR}/feature/use_ct_file.m4 \ ${CFDIR}/feature/use_cw_file.m4 \ ${CFDIR}/feature/uucpdomain.m4 \ ${CFDIR}/feature/virtuser_entire_domain.m4 \ ${CFDIR}/feature/virtusertable.m4 \ ${CFDIR}/hack/cssubdomain.m4 \ + ${CFDIR}/hack/xconnect.m4 \ ${CFDIR}/m4/cf.m4 \ ${CFDIR}/m4/cfhead.m4 \ ${CFDIR}/m4/proto.m4 \ Modified: stable/8/contrib/sendmail/cf/cf/submit.cf ============================================================================== --- stable/8/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:42:01 2015 (r285373) +++ stable/8/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:46:36 2015 (r285374) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015 +##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.14.9/Submit +DZ8.15.2/Submit ############### @@ -202,6 +202,9 @@ O ConnectionCacheTimeout=5m # use Errors-To: header? O UseErrorsTo=False +# use compressed IPv6 address format? +#O UseCompressedIPv6Addresses + # log level O LogLevel=9 @@ -251,6 +254,9 @@ O PrivacyOptions=goaway,noetrn,restrictq # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -501,6 +507,12 @@ O PidFile=/var/spool/clientmqueue/sm-cli # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -524,6 +536,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -531,6 +545,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -645,6 +661,7 @@ R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1 # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. + R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name @@ -781,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -818,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### @@ -1027,6 +1047,10 @@ R$* $| $* $: $2 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > +R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] > + $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] > +R<@> < $* @ [IPv6:::1] > + $: < ? $&{client_name} > < $1 @ [IPv6:::1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > R<@> < $* @ localhost.UUCP > @@ -1141,6 +1165,7 @@ R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally R127.0.0.1 $@ RELAY originated locally +RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: [ $1 ] put brackets around it... @@ -1245,6 +1270,8 @@ STLS_connection RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." + + ###################################################################### ### RelayTLS: allow relaying based on TLS authentication ### @@ -1442,7 +1469,7 @@ Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFrom ### submit.mc ### # divert(-1) # # *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:50:18 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 80BA3997091; Sat, 11 Jul 2015 03:50:18 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6FB1BF00; Sat, 11 Jul 2015 03:50:18 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3oIX3097908; Sat, 11 Jul 2015 03:50:18 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3oIej097907; Sat, 11 Jul 2015 03:50:18 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110350.t6B3oIej097907@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:50:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285376 - stable/8/etc/sendmail X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:50:18 -0000 Author: gshapiro Date: Sat Jul 11 03:50:17 2015 New Revision: 285376 URL: https://svnweb.freebsd.org/changeset/base/285376 Log: MFC: Minor changes to force commit these files so new freebsd*.cf files are built to use the new sendmail-8.15.2/cf tree. Modified: stable/8/etc/sendmail/freebsd.submit.mc Directory Properties: stable/8/etc/ (props changed) Modified: stable/8/etc/sendmail/freebsd.submit.mc ============================================================================== --- stable/8/etc/sendmail/freebsd.submit.mc Sat Jul 11 03:50:06 2015 (r285375) +++ stable/8/etc/sendmail/freebsd.submit.mc Sat Jul 11 03:50:17 2015 (r285376) @@ -7,7 +7,6 @@ divert(-1) # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # -# # # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:53:04 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B28BB997208; Sat, 11 Jul 2015 03:53:04 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A1D82145B; Sat, 11 Jul 2015 03:53:04 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3r4Wj001553; Sat, 11 Jul 2015 03:53:04 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3r4jr001552; Sat, 11 Jul 2015 03:53:04 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110353.t6B3r4jr001552@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:53:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285378 - stable/8/contrib/sendmail X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:53:04 -0000 Author: gshapiro Date: Sat Jul 11 03:53:03 2015 New Revision: 285378 URL: https://svnweb.freebsd.org/changeset/base/285378 Log: MFC: Update for sendmail 8.15.2 import Modified: stable/8/contrib/sendmail/FREEBSD-upgrade Directory Properties: stable/8/contrib/sendmail/ (props changed) Modified: stable/8/contrib/sendmail/FREEBSD-upgrade ============================================================================== --- stable/8/contrib/sendmail/FREEBSD-upgrade Sat Jul 11 03:52:55 2015 (r285377) +++ stable/8/contrib/sendmail/FREEBSD-upgrade Sat Jul 11 03:53:03 2015 (r285378) @@ -1,6 +1,6 @@ $FreeBSD$ -sendmail 8.14.9 +sendmail 8.15.2 originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/ For the import of sendmail, the following directories were renamed: @@ -97,4 +97,4 @@ infrastructure in FreeBSD: usr.sbin/mailwrapper/Makefile gshapiro@FreeBSD.org -21-May-2014 +10-July-2015 From owner-svn-src-stable-8@freebsd.org Sat Jul 11 03:57:37 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D2909972DB; Sat, 11 Jul 2015 03:57:37 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 67F891924; Sat, 11 Jul 2015 03:57:37 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3vbuE002280; Sat, 11 Jul 2015 03:57:37 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3vbj4002279; Sat, 11 Jul 2015 03:57:37 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110357.t6B3vbj4002279@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:57:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285380 - stable/8/etc/sendmail X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:57:37 -0000 Author: gshapiro Date: Sat Jul 11 03:57:36 2015 New Revision: 285380 URL: https://svnweb.freebsd.org/changeset/base/285380 Log: Previous MFC to trigger new .cf builds didn't catch freebsd.mc. Modified: stable/8/etc/sendmail/freebsd.mc Modified: stable/8/etc/sendmail/freebsd.mc ============================================================================== --- stable/8/etc/sendmail/freebsd.mc Sat Jul 11 03:57:11 2015 (r285379) +++ stable/8/etc/sendmail/freebsd.mc Sat Jul 11 03:57:36 2015 (r285380) @@ -33,6 +33,7 @@ divert(-1) # SUCH DAMAGE. # + # # This is a generic configuration file for FreeBSD 6.X and later systems. # If you want to customize it, copy it to a name appropriate for your From owner-svn-src-stable-8@freebsd.org Sat Jul 11 04:55:02 2015 Return-Path: Delivered-To: svn-src-stable-8@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3928D997F02; Sat, 11 Jul 2015 04:55:02 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 285C31C83; Sat, 11 Jul 2015 04:55:02 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B4t25k035434; Sat, 11 Jul 2015 04:55:02 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B4t2kj035433; Sat, 11 Jul 2015 04:55:02 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110455.t6B4t2kj035433@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 04:55:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r285383 - stable/8/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-8@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 8-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 04:55:02 -0000 Author: gshapiro Date: Sat Jul 11 04:55:01 2015 New Revision: 285383 URL: https://svnweb.freebsd.org/changeset/base/285383 Log: Note merge of sendmail 8.15.2 Modified: stable/8/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: stable/8/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- stable/8/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jul 11 04:54:46 2015 (r285382) +++ stable/8/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jul 11 04:55:01 2015 (r285383) @@ -1173,8 +1173,8 @@ OpenSSL has been updated to version 0.9.8q. - sendmail has - been updated to version 8.14.9. + sendmail has + been updated to version 8.15.2. The timezone database has been updated to the tzdata2010o