diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..873620e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/sendmail.8.15.2.tar.gz diff --git a/.sendmail.metadata b/.sendmail.metadata new file mode 100644 index 0000000..ebc2f68 --- /dev/null +++ b/.sendmail.metadata @@ -0,0 +1 @@ +5801d4b06f4e38ef228a5954a44d17636eaa5a16 SOURCES/sendmail.8.15.2.tar.gz diff --git a/SOURCES/Sendmail-sasl2.conf b/SOURCES/Sendmail-sasl2.conf new file mode 100644 index 0000000..74ef83f --- /dev/null +++ b/SOURCES/Sendmail-sasl2.conf @@ -0,0 +1 @@ +pwcheck_method:saslauthd diff --git a/SOURCES/sendmail-8.13.0-cyrus.patch b/SOURCES/sendmail-8.13.0-cyrus.patch new file mode 100644 index 0000000..e296d5b --- /dev/null +++ b/SOURCES/sendmail-8.13.0-cyrus.patch @@ -0,0 +1,11 @@ +--- sendmail-8.13.0/cf/mailer/cyrus.m4.cyrus 2004-06-30 11:47:47.116910591 +0200 ++++ sendmail-8.13.0/cf/mailer/cyrus.m4 2004-06-30 11:49:02.262556546 +0200 +@@ -36,7 +36,7 @@ + # + + _DEFIFNOT(`CYRUS_MAILER_FLAGS', `Ah5@/:|') +-ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/cyrus/bin/deliver)') ++ifdef(`CYRUS_MAILER_PATH',, `define(`CYRUS_MAILER_PATH', /usr/lib/cyrus-imapd/deliver)') + ifdef(`CYRUS_MAILER_ARGS',, `define(`CYRUS_MAILER_ARGS', `deliver -e -m $h -- $u')') + ifdef(`CYRUS_MAILER_USER',, `define(`CYRUS_MAILER_USER', `cyrus:mail')') + _DEFIFNOT(`CYRUS_BB_MAILER_FLAGS', `u') diff --git a/SOURCES/sendmail-8.14.3-sharedmilter.patch b/SOURCES/sendmail-8.14.3-sharedmilter.patch new file mode 100644 index 0000000..29e1851 --- /dev/null +++ b/SOURCES/sendmail-8.14.3-sharedmilter.patch @@ -0,0 +1,50 @@ +diff -up sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 +--- sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4.sharedmilter 2009-01-20 15:19:34.000000000 +0100 ++++ sendmail-8.14.3/devtools/M4/UNIX/sharedlibrary.m4 2009-01-20 15:19:34.000000000 +0100 +@@ -15,22 +15,23 @@ divert(-1) + divert(0)dnl + include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/links.m4')dnl + bldLIST_PUSH_ITEM(`bldC_PRODUCTS', bldCURRENT_PRODUCT)dnl +-bldPUSH_TARGET(bldCURRENT_PRODUCT`.a')dnl ++bldPUSH_TARGET(bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL)dnl + bldPUSH_INSTALL_TARGET(`install-'bldCURRENT_PRODUCT)dnl + bldPUSH_CLEAN_TARGET(bldCURRENT_PRODUCT`-clean')dnl + + include(confBUILDTOOLSDIR`/M4/'bldM4_TYPE_DIR`/defines.m4') + divert(bldTARGETS_SECTION) +-bldCURRENT_PRODUCT.a: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} +- ${AR} ${AROPTS} bldCURRENT_PRODUCT.a ${bldCURRENT_PRODUCT`OBJS'} +- ${RANLIB} ${RANLIBOPTS} bldCURRENT_PRODUCT.a ++bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL: ${BEFORE} ${bldCURRENT_PRODUCT`OBJS'} ++ ${CC} ${CFLAGS} ${LDOPTS_SO} -o bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL `-Wl,'confSONAME`,'bldCURRENT_PRODUCT`.so.'confSOVER ${bldCURRENT_PRODUCT`OBJS'} + ifdef(`bldLINK_SOURCES', `bldMAKE_SOURCE_LINKS(bldLINK_SOURCES)') + +-install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.a ++install-`'bldCURRENT_PRODUCT: bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL + ifdef(`bldINSTALLABLE', ` ifdef(`confMKDIR', `if [ ! -d ${DESTDIR}${bldINSTALL_DIR`'LIBDIR} ]; then confMKDIR -p ${DESTDIR}${bldINSTALL_DIR`'LIBDIR}; else :; fi ') +- ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.a ${DESTDIR}${LIBDIR}') ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER.confSOPLVL ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so.confSOVER ++ ${LN} ${LNOPTS} bldCURRENT_PRODUCT.so.confSOVER ${DESTDIR}${LIBDIR}/bldCURRENT_PRODUCT.so ++ ${INSTALL} -c -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} bldCURRENT_PRODUCT.so.confSOVER`.'confSOPLVL ${DESTDIR}${LIBDIR}') + + bldCURRENT_PRODUCT-clean: +- rm -f ${OBJS} bldCURRENT_PRODUCT.a ${MANPAGES} ++ rm -f ${OBJS} bldCURRENT_PRODUCT.so* ${MANPAGES} + + divert(0) +diff -up sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter sendmail-8.14.3/libmilter/Makefile.m4 +--- sendmail-8.14.3/libmilter/Makefile.m4.sharedmilter 2008-04-08 07:23:44.000000000 +0200 ++++ sendmail-8.14.3/libmilter/Makefile.m4 2009-01-20 15:26:05.000000000 +0100 +@@ -9,7 +9,11 @@ define(`confMT', `true') + SMSRCDIR=ifdef(`confSMSRCDIR', `confSMSRCDIR', `${SRCDIR}/sendmail') + PREPENDDEF(`confINCDIRS', `-I${SMSRCDIR} ') + +-bldPRODUCT_START(`library', `libmilter') ++APPENDDEF(`confOPTIMIZE', `-fno-pie -fPIC') ++define(`runCtest', `esyscmd(`echo -e "#include \n#include \"../include/libmilter/mfapi.h\"\nint main(){'$1`;return 0;}" | gcc -x c -I../include -o ctest - && ./ctest && rm -f ctest')')dnl ++define(`confSOVER', runCtest(`printf(\"%d.%d\", SM_LM_VRS_MAJOR(SMFI_VERSION), SM_LM_VRS_MINOR(SMFI_VERSION))'))dnl ++define(`confSOPLVL', runCtest(`printf(\"%d\", SM_LM_VRS_PLVL(SMFI_VERSION))'))dnl ++bldPRODUCT_START(`sharedlibrary', `libmilter') + define(`bldINSTALLABLE', `true') + define(`LIBMILTER_EXTRAS', `errstring.c strl.c') + APPENDDEF(`confENVDEF', `-DNOT_SENDMAIL -Dsm_snprintf=snprintf') diff --git a/SOURCES/sendmail-8.14.3-smrsh_paths.patch b/SOURCES/sendmail-8.14.3-smrsh_paths.patch new file mode 100644 index 0000000..9240f39 --- /dev/null +++ b/SOURCES/sendmail-8.14.3-smrsh_paths.patch @@ -0,0 +1,182 @@ +diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README +--- sendmail-8.14.3/smrsh/README.smrsh_paths 2008-02-12 17:40:06.000000000 +0100 ++++ sendmail-8.14.3/smrsh/README 2008-07-15 14:40:36.000000000 +0200 +@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie + intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, + and to the software, smrsh.c, written by Eric Allman. + +- ++* Modified by Red Hat, Inc., to reflect different paths. * + + The smrsh(8) program is intended as a replacement for /bin/sh in the + program mailer definition of sendmail(8). This README file describes +@@ -56,15 +56,15 @@ These can be added to the devtools/Site/ + global M4 macro confENVDEF or the smrsh specific M4 macro + conf_smrsh_ENVDEF. + +-As root, install smrsh in /usr/libexec. Using the Build script: ++As root, install smrsh in /usr/sbin. Using the Build script: + + host.domain# sh ./Build install + +-For manual installation: install smrsh in the /usr/libexec ++For manual installation: install smrsh in the /usr/sbin + directory, with mode 511. + +- host.domain# mv smrsh /usr/libexec +- host.domain# chmod 511 /usr/libexec/smrsh ++ host.domain# mv smrsh /usr/sbin ++ host.domain# chmod 511 /usr/sbin/smrsh + + + +@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito + acceptable commands. + + If your platform doesn't have a default SMRSH_CMDDIR setting, you will +-next need to create the directory /usr/adm/sm.bin and populate ++next need to create the directory /etc/smrsh and populate + it with the programs that your site feels are allowable for sendmail + to execute. This directory is explicitly specified in the source + code for smrsh, so changing this directory must be accompanied with +@@ -95,22 +95,22 @@ a change in smrsh.c. + + You will have to be root to make these modifications. + +-After creating the /usr/adm/sm.bin directory, either copy the programs ++After creating the /etc/smrsh directory, either copy the programs + to the directory, or establish links to the allowable programs from +-/usr/adm/sm.bin. Change the file permissions, so that these programs ++/etc/smrsh. Change the file permissions, so that these programs + can not be modified by non-root users. If you use links, you should + ensure that the target programs are not modifiable. + + To allow the popular vacation(1) program by creating a link in the +-/usr/adm/sm.bin directory, you should: ++/etc/smrsh directory, you should: + +- host.domain# cd /usr/adm/sm.bin ++ host.domain# cd /etc/smrsh + host.domain# ln -s /usr/ucb/vacation vacation + + + + +-After populating the /usr/adm/sm.bin directory, you can now configure ++After populating the /etc/smrsh directory, you can now configure + sendmail to use the restricted shell. Save the current sendmail.cf + file prior to modifying it, as a prudent precaution. + +@@ -125,7 +125,7 @@ help to locate it. + + In order to configure sendmail to use smrsh, you must modify the Mprog + definition in the sendmail.cf file, by replacing the /bin/sh specification +-with /usr/libexec/smrsh. ++with /usr/sbin/smrsh. + + As an example: + +@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi + Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u + + which should be changed to: +-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u +- ^^^^^^^^^^^^^^^^^^ ++Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u ++ ^^^^^^^^^^^^^^^^ + + A more generic line may be: + Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u + + and should be changed to; +-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u ++Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u + + + After modifying the Mprog definition in the sendmail.cf file, if a frozen +@@ -151,7 +151,7 @@ or /etc/mail directories. The specific + a search of the strings(1) output of the sendmail binary. + + In order to create a new frozen configuration, if it is required: +- host.domain# /usr/lib/sendmail -bz ++ host.domain# /usr/sbin/sendmail -bz + + Now re-start the sendmail process. An example of how to do this on + a typical system follows: +diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8 +--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200 ++++ sendmail-8.14.3/smrsh/smrsh.8 2008-07-15 14:38:07.000000000 +0200 +@@ -39,7 +39,7 @@ Briefly, + .I smrsh + limits programs to be in a single directory, + by default +-/usr/adm/sm.bin, ++/etc/smrsh, + allowing the system administrator to choose the set of acceptable commands, + and to the shell builtin commands ``exec'', ``exit'', and ``echo''. + It also rejects any commands with the characters +@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'', + and + ``vacation'' + all actually forward to +-``/usr/adm/sm.bin/vacation''. ++``/etc/smrsh/vacation''. + .PP + System administrators should be conservative about populating +-the sm.bin directory. ++the /etc/smrsh directory. + For example, a reasonable additions is + .IR vacation (1), + and the like. +@@ -68,7 +68,7 @@ never include any shell or shell-like pr + (such as + .IR perl (1)) + in the +-sm.bin ++/etc/smrsh + directory. + Note that this does not restrict the use of shell or perl scripts + in the sm.bin directory (using the ``#!'' syntax); +@@ -79,20 +79,7 @@ is a very bad idea. + .IR procmail (1) + allows users to run arbitrary programs in their + .IR procmailrc (5). +-.SH COMPILATION +-Compilation should be trivial on most systems. +-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" +-to adjust the default search path +-(defaults to ``/bin:/usr/bin:/usr/ucb'') +-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" +-to change the default program directory +-(defaults to ``/usr/adm/sm.bin''). + .SH FILES +-/usr/adm/sm.bin \- default directory for restricted programs on most OSs +-.PP +-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris +-.PP +-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD +- ++/etc/smrsh \- directory for restricted programs + .SH SEE ALSO + sendmail(8) +diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c +--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200 ++++ sendmail-8.14.3/smrsh/smrsh.c 2008-07-15 14:38:07.000000000 +0200 +@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20 + # ifdef SMRSH_CMDDIR + # define CMDDIR SMRSH_CMDDIR + # else /* SMRSH_CMDDIR */ +-# define CMDDIR "/usr/adm/sm.bin" ++# define CMDDIR "/etc/smrsh" + # endif /* SMRSH_CMDDIR */ + #endif /* ! CMDDIR */ + +@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20 + # ifdef SMRSH_PATH + # define PATH SMRSH_PATH + # else /* SMRSH_PATH */ +-# define PATH "/bin:/usr/bin:/usr/ucb" ++# define PATH "/bin:/usr/bin" + # endif /* SMRSH_PATH */ + #endif /* ! PATH */ + diff --git a/SOURCES/sendmail-8.14.4-makemapman.patch b/SOURCES/sendmail-8.14.4-makemapman.patch new file mode 100644 index 0000000..7beb0cd --- /dev/null +++ b/SOURCES/sendmail-8.14.4-makemapman.patch @@ -0,0 +1,56 @@ +--- sendmail-8.14.4/cf/cf/Build 1999-03-02 03:37:12.000000000 +0100 ++++ sendmail-8.14.4/cf/cf/Build.makemapman 2010-01-03 22:49:38.000000000 +0100 +@@ -18,7 +18,7 @@ + SMROOT=${SMROOT-../..} + BUILDTOOLS=${BUILDTOOLS-$SMROOT/devtools} + +-M4=`sh $BUILDTOOLS/bin/find_m4.sh` ++M4=/usr/bin/m4 + ret=$? + if [ $ret -ne 0 ] + then +--- sendmail-8.14.4/devtools/OS/Linux 2009-01-22 03:15:42.000000000 +0100 ++++ sendmail-8.14.4/devtools/OS/Linux.makemapman 2010-01-03 22:50:27.000000000 +0100 +@@ -6,7 +6,7 @@ + define(`confDEPEND_TYPE', `CC-M') + define(`confCCOPTS_SO', `-fPIC') + define(`confSM_OS_HEADER', `sm_os_linux') +-define(`confMANROOT', `/usr/man/man') ++define(`confMANROOT', `/usr/share/man/man') + define(`confLIBS', `-ldl') + define(`confEBINDIR', `/usr/sbin') + APPENDDEF(`confLIBSEARCH', `crypt nsl') +@@ -16,6 +16,8 @@ + define(`confMTLDOPTS', `-lpthread') + define(`confLDOPTS_SO', `-shared') + define(`confSONAME',`-soname') ++define('confSBINGRP', 'mail') ++define('confSBINMODE', '6755') + + ifelse(confBLDVARIANT, `DEBUG', + dnl Debug build +--- sendmail-8.14.4/makemap/makemap.8 2008-05-03 01:07:48.000000000 +0200 ++++ sendmail-8.14.4/makemap/makemap.8.makemapman 2010-01-03 22:51:04.000000000 +0100 +@@ -52,12 +52,6 @@ + parameter. + They may be + .TP +-dbm +-DBM format maps. +-This requires the +-ndbm(3) +-library. +-.TP + btree + B-Tree format maps. + This requires the new Berkeley DB +--- sendmail-8.14.4/rmail/rmail.c 2001-09-18 23:45:29.000000000 +0200 ++++ sendmail-8.14.4/rmail/rmail.c.makemapman 2010-01-03 22:51:36.000000000 +0100 +@@ -276,7 +276,6 @@ + args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */ + args[i++] = "-G"; /* relay submission */ + args[i++] = "-oee"; /* No errors, just status. */ +- args[i++] = "-odq"; /* Queue it, don't try to deliver. */ + args[i++] = "-oi"; /* Ignore '.' on a line by itself. */ + + /* set from system and protocol used */ diff --git a/SOURCES/sendmail-8.14.8-sasl2-in-etc.patch b/SOURCES/sendmail-8.14.8-sasl2-in-etc.patch new file mode 100644 index 0000000..fe8f353 --- /dev/null +++ b/SOURCES/sendmail-8.14.8-sasl2-in-etc.patch @@ -0,0 +1,31 @@ +diff --git a/sendmail/usersmtp.c b/sendmail/usersmtp.c +index c217ffa..e4dadd3 100644 +--- a/sendmail/usersmtp.c ++++ b/sendmail/usersmtp.c +@@ -1331,9 +1331,7 @@ safesaslfile(context, file) + { + long sff; + int r; +-#if SASL <= 10515 + size_t len; +-#endif /* SASL <= 10515 */ + char *p; + + if (file == NULL || *file == '\0') +@@ -1369,9 +1367,16 @@ safesaslfile(context, file) + #endif /* SASL <= 10515 */ + + p = (char *) file; ++ len = strlen(p); + if ((r = safefile(p, RunAsUid, RunAsGid, RunAsUserName, sff, + S_IRUSR, NULL)) == 0) + return SASL_OK; ++#if SASL > 10515 ++ /* Expect /usr/lib/sasl2/Sendmail.conf to be missing - config now in /etc/sasl2 */ ++ if (type == SASL_VRFY_CONF && r == ENOENT && ++ len >= 8 && strncmp(p, "/usr/lib", 8) == 0) ++ return SASL_CONTINUE; ++#endif /* SASL > 10515 */ + if (LogLevel > (r != ENOENT ? 8 : 10)) + sm_syslog(LOG_WARNING, NOQID, "error: safesasl(%s) failed: %s", + p, sm_errstring(r)); diff --git a/SOURCES/sendmail-8.14.9-noversion.patch b/SOURCES/sendmail-8.14.9-noversion.patch new file mode 100644 index 0000000..f0ca667 --- /dev/null +++ b/SOURCES/sendmail-8.14.9-noversion.patch @@ -0,0 +1,13 @@ +--- sendmail-8.14.9/sendmail/helpfile 2014-03-06 18:31:31.000000000 +0100 ++++ sendmail-8.14.9/sendmail/helpfile.noversion 2014-05-21 17:25:29.000000000 +0200 +@@ -11,9 +11,7 @@ + cpyr forth in the LICENSE file which can be found at the top level of + cpyr the sendmail distribution. + cpyr +-cpyr $$Id: helpfile,v 8.49 2013-11-22 20:51:55 ca Exp $$ +-cpyr +-smtp This is sendmail version $v ++smtp This is sendmail + smtp Topics: + smtp HELO EHLO MAIL RCPT DATA + smtp RSET NOOP QUIT HELP VRFY diff --git a/SOURCES/sendmail-8.14.9-pid.patch b/SOURCES/sendmail-8.14.9-pid.patch new file mode 100644 index 0000000..6d76959 --- /dev/null +++ b/SOURCES/sendmail-8.14.9-pid.patch @@ -0,0 +1,20 @@ +--- sendmail-8.14.9/cf/cf/submit.mc 2014-03-06 18:31:28.000000000 +0100 ++++ sendmail-8.14.9/cf/cf/submit.mc.pid 2014-05-21 17:20:14.000000000 +0200 +@@ -15,12 +15,16 @@ + # + + divert(0)dnl +-VERSIONID(`$Id: submit.mc,v 8.15 2013-11-22 20:51:08 ca Exp $') ++sinclude(`/usr/share/sendmail-cf/m4/cf.m4')dnl ++VERSIONID(`linux setup')dnl + define(`confCF_VERSION', `Submit')dnl + define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++define(`confPID_FILE', `/run/sm-client.pid')dnl ++dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl ++FEATURE(`use_ct_file')dnl + dnl + dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1] + FEATURE(`msp', `[127.0.0.1]')dnl diff --git a/SOURCES/sendmail-8.14.9-vacation.patch b/SOURCES/sendmail-8.14.9-vacation.patch new file mode 100644 index 0000000..bb031e1 --- /dev/null +++ b/SOURCES/sendmail-8.14.9-vacation.patch @@ -0,0 +1,11 @@ +--- sendmail-8.14.9/vacation/Makefile 2014-03-06 18:31:31.000000000 +0100 ++++ sendmail-8.14.9/vacation/Makefile.vacation 2014-05-21 17:22:47.000000000 +0200 +@@ -1,7 +1,7 @@ + # $Id: Makefile,v 8.5 1999-09-23 22:36:45 ca Exp $ + + SHELL= /bin/sh +-BUILD= ./Build ++BUILD= ./Build -f ../redhat.config.m4 + OPTIONS= $(CONFIG) $(FLAGS) + + all: FRC diff --git a/SOURCES/sendmail-8.15.1-aliases_dir.patch b/SOURCES/sendmail-8.15.1-aliases_dir.patch new file mode 100644 index 0000000..808e298 --- /dev/null +++ b/SOURCES/sendmail-8.15.1-aliases_dir.patch @@ -0,0 +1,126 @@ +diff --git a/cf/m4/cfhead.m4 b/cf/m4/cfhead.m4 +index 714a3ec..3fd6c1c 100644 +--- a/cf/m4/cfhead.m4 ++++ b/cf/m4/cfhead.m4 +@@ -260,7 +260,7 @@ ifdef(`MAIL_SETTINGS_DIR', , `define(`MAIL_SETTINGS_DIR', `/etc/mail/')') + define(`DATABASE_MAP_TYPE', `hash') + + # set up default values for options +-define(`ALIAS_FILE', `MAIL_SETTINGS_DIR`'aliases') ++define(`ALIAS_FILE', `/etc/aliases') + define(`confMAILER_NAME', ``MAILER-DAEMON'') + define(`confFROM_LINE', `From $g $d') + define(`confOPERATORS', `.:%@!^/[]+') +diff --git a/sendmail/aliases.0 b/sendmail/aliases.0 +index cfdbe17..5ea4c28 100644 +--- a/sendmail/aliases.0 ++++ b/sendmail/aliases.0 +@@ -63,7 +63,7 @@ DDEESSCCRRIIPPTTIIOONN + the list of users defined in that file. + + This is only the raw data file; the actual aliasing information is +- placed into a binary format in the file /etc/mail/aliases.db using the ++ placed into a binary format in the file /etc/aliases.db using the + program newaliases(1). A newaliases command should be executed each + time the aliases file is changed for the change to take effect. + +diff --git a/sendmail/aliases.5 b/sendmail/aliases.5 +index f09b49c..7b16db2 100644 +--- a/sendmail/aliases.5 ++++ b/sendmail/aliases.5 +@@ -23,7 +23,7 @@ ID + aliases used by + sendmail. + The file resides in +-/etc/mail ++/etc + and + is formatted as a series of lines of the form + .IP +@@ -96,7 +96,7 @@ list of users defined in that file. + .PP + This is only the raw data file; the actual aliasing information is + placed into a binary format in the file +-/etc/mail/aliases.db ++/etc/aliases.db + using the program + newaliases(1). + A +diff --git a/sendmail/newaliases.0 b/sendmail/newaliases.0 +index c77f401..e2a1670 100644 +--- a/sendmail/newaliases.0 ++++ b/sendmail/newaliases.0 +@@ -10,7 +10,7 @@ SSYYNNOOPPSSIISS + + DDEESSCCRRIIPPTTIIOONN + NNeewwaalliiaasseess rebuilds the random access data base for the mail aliases +- file /etc/mail/aliases. It must be run each time this file is changed ++ file /etc/aliases. It must be run each time this file is changed + in order for the change to take effect. + + NNeewwaalliiaasseess is identical to ``sendmail -bi''. +@@ -22,7 +22,7 @@ DDEESSCCRRIIPPTTIIOONN + sseennddmmaaiill.. + + FFIILLEESS +- /etc/mail/aliases The mail aliases file ++ /etc/aliases The mail aliases file + + SSEEEE AALLSSOO + aliases(5), sendmail(8) +diff --git a/sendmail/newaliases.1 b/sendmail/newaliases.1 +index 59dc0de..9ba8752 100644 +--- a/sendmail/newaliases.1 ++++ b/sendmail/newaliases.1 +@@ -20,7 +20,7 @@ newaliases + .SH DESCRIPTION + .B Newaliases + rebuilds the random access data base for the mail aliases file +-/etc/mail/aliases. It must be run each time this file is changed ++/etc/aliases. It must be run each time this file is changed + in order for the change to take effect. + .PP + .B Newaliases +@@ -40,7 +40,7 @@ puts a special token into the data base that is required by + .B sendmail. + .SH FILES + .TP 2i +-/etc/mail/aliases ++/etc/aliases + The mail aliases file + .SH SEE ALSO + aliases(5), sendmail(8) +diff --git a/sendmail/sendmail.0 b/sendmail/sendmail.0 +index 515d5f7..8236411 100644 +--- a/sendmail/sendmail.0 ++++ b/sendmail/sendmail.0 +@@ -434,10 +434,10 @@ FFIILLEESS + are only approximations. + + +- /etc/mail/aliases ++ /etc/aliases + raw data for alias names + +- /etc/mail/aliases.db ++ /etc/aliases.db + data base of alias names + + /etc/mail/sendmail.cf +diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8 +index 0356839..1258c26 100644 +--- a/sendmail/sendmail.8 ++++ b/sendmail/sendmail.8 +@@ -711,10 +711,10 @@ Thus, + these values are only approximations. + .PP + .TP +- /etc/mail/aliases ++ /etc/aliases + raw data for alias names + .TP +- /etc/mail/aliases.db ++ /etc/aliases.db + data base of alias names + .TP + /etc/mail/sendmail.cf diff --git a/SOURCES/sendmail-8.15.1-dynamic.patch b/SOURCES/sendmail-8.15.1-dynamic.patch new file mode 100644 index 0000000..bf6ceed --- /dev/null +++ b/SOURCES/sendmail-8.15.1-dynamic.patch @@ -0,0 +1,46 @@ +--- sendmail-8.14.4/devtools/OS/Linux 2010-01-03 22:55:35.000000000 +0100 ++++ sendmail-8.14.4/devtools/OS/Linux.dynamic 2010-01-03 22:59:03.000000000 +0100 +@@ -7,7 +7,7 @@ + define(`confCCOPTS_SO', `-fPIC') + define(`confSM_OS_HEADER', `sm_os_linux') + define(`confMANROOT', `/usr/share/man/man') +-define(`confLIBS', `-ldl') ++define(`confLIBS', `-pie -ldl') + define(`confEBINDIR', `/usr/sbin') + APPENDDEF(`confLIBSEARCH', `crypt nsl') + +@@ -22,19 +22,19 @@ + ifelse(confBLDVARIANT, `DEBUG', + dnl Debug build + ` +- define(`confOPTIMIZE',`-g -Wall') ++ define(`confOPTIMIZE',`-g -Wall -fpie') + ', + dnl Optimized build + confBLDVARIANT, `OPTIMIZED', + ` +- define(`confOPTIMIZE',`-O2') ++ define(`confOPTIMIZE',`-O2 -fpie') + ', + dnl Purify build + confBLDVARIANT, `PURIFY', + ` +- define(`confOPTIMIZE',`-g') ++ define(`confOPTIMIZE',`-g -fpie') + ', + dnl default + ` +- define(`confOPTIMIZE',`-O2') ++ define(`confOPTIMIZE',`-O2 -fpie') + ') +--- sendmail-8.14.4/libsm/Makefile.m4 2006-08-16 23:06:31.000000000 +0200 ++++ sendmail-8.14.4/libsm/Makefile.m4.dynamic 2010-01-03 23:01:36.000000000 +0100 +@@ -6,7 +6,7 @@ + define(`confREQUIRE_SM_OS_H', `true') + PREPENDDEF(`confENVDEF', `confMAPDEF') + bldPRODUCT_START(`library', `libsm') +-define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strerror.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ') ++define(`bldSOURCES', ` assert.c debug.c errstring.c exc.c heap.c match.c rpool.c strdup.c strl.c clrerr.c fclose.c feof.c ferror.c fflush.c fget.c fpos.c findfp.c flags.c fopen.c fprintf.c fpurge.c fput.c fread.c fscanf.c fseek.c fvwrite.c fwalk.c fwrite.c get.c makebuf.c put.c refill.c rewind.c setvbuf.c smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c wbuf.c wsetup.c string.c stringf.c xtrap.c strto.c test.c strcasecmp.c strrevcmp.c signal.c clock.c config.c shm.c sem.c mbdb.c strexit.c cf.c ldap.c niprop.c mpeix.c memstat.c util.c inet6_ntop.c ') + bldPRODUCT_END + dnl msg.c + dnl syslogio.c diff --git a/SOURCES/sendmail-8.15.1-manpage.patch b/SOURCES/sendmail-8.15.1-manpage.patch new file mode 100644 index 0000000..4cf5fff --- /dev/null +++ b/SOURCES/sendmail-8.15.1-manpage.patch @@ -0,0 +1,18 @@ +diff --git a/sendmail/sendmail.8 b/sendmail/sendmail.8 +index 9e0b9af..0356839 100644 +--- a/sendmail/sendmail.8 ++++ b/sendmail/sendmail.8 +@@ -729,13 +729,11 @@ collected statistics + /var/spool/mqueue/* + temp files + .SH SEE ALSO +-binmail(1), + mail(1), + rmail(1), + syslog(3), + aliases(5), + mailaddr(7), +-rc(8) + .PP + DARPA + Internet Request For Comments diff --git a/SOURCES/sendmail-8.15.2-format-security.patch b/SOURCES/sendmail-8.15.2-format-security.patch new file mode 100644 index 0000000..5acd75a --- /dev/null +++ b/SOURCES/sendmail-8.15.2-format-security.patch @@ -0,0 +1,127 @@ +diff --git a/sendmail/envelope.c b/sendmail/envelope.c +index bae6b00..beb91a1 100644 +--- a/sendmail/envelope.c ++++ b/sendmail/envelope.c +@@ -323,7 +323,7 @@ dropenvelope(e, fulldrop, split) + + /* don't free, allocated from e_rpool */ + e->e_message = sm_rpool_strdup_x(e->e_rpool, buf); +- message(buf); ++ message("%s", buf); + e->e_flags |= EF_CLRQUEUE; + } + if (msg_timeout == MSG_NOT_BY) +@@ -420,7 +420,7 @@ dropenvelope(e, fulldrop, split) + /* don't free, allocated from e_rpool */ + e->e_message = sm_rpool_strdup_x(e->e_rpool, + buf); +- message(buf); ++ message("%s", buf); + e->e_flags |= EF_WARNING; + } + if (msg_timeout == MSG_WARN_BY) +diff --git a/sendmail/parseaddr.c b/sendmail/parseaddr.c +index 2adb39c..ba99414 100644 +--- a/sendmail/parseaddr.c ++++ b/sendmail/parseaddr.c +@@ -218,7 +218,7 @@ parseaddr(addr, a, flags, delim, delimptr, e, isrcpt) + msg = "Deferring message until queue run"; + if (tTd(20, 1)) + sm_dprintf("parseaddr: queueing message\n"); +- message(msg); ++ message("%s", msg); + if (e->e_message == NULL && e->e_sendmode != SM_DEFER) + e->e_message = sm_rpool_strdup_x(e->e_rpool, msg); + a->q_state = QS_QUEUEUP; +diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +index ba636a8..46c5356 100644 +--- a/sendmail/srvrsmtp.c ++++ b/sendmail/srvrsmtp.c +@@ -122,6 +122,26 @@ extern ENVELOPE BlankEnvelope; + #define SKIP_SPACE(s) while (isascii(*s) && isspace(*s)) \ + (s)++ + ++static inline void ++message1(fmt) ++ char *fmt; ++{ ++ if (strchr(fmt, '%') == NULL) ++ message(fmt, NULL); ++ else ++ message("%s", fmt); ++} ++ ++static inline void ++usrerr1(fmt) ++ char *fmt; ++{ ++ if (strchr(fmt, '%') == NULL) ++ usrerr(fmt, NULL); ++ else ++ usrerr("%s", fmt); ++} ++ + /* + ** PARSE_ESMTP_ARGS -- parse EMSTP arguments (for MAIL, RCPT) + ** +@@ -578,13 +598,13 @@ static bool smtp_data __P((SMTP_T *, ENVELOPE *)); + bool tsave = QuickAbort; \ + \ + QuickAbort = false; \ +- usrerr(response); \ ++ usrerr1(response); \ + QuickAbort = tsave; \ + e->e_sendqueue = NULL; \ + goto doquit; \ + } \ + else \ +- usrerr(response); \ ++ usrerr1(response); \ + break; \ + \ + case SMFIR_REJECT: \ +@@ -931,7 +951,7 @@ smtp(nullserver, d_flags, e) + } + else if (strncmp(nullserver, "421 ", 4) == 0) + { +- message(nullserver); ++ message1(nullserver); + goto doquit; + } + +@@ -1849,7 +1869,7 @@ smtp(nullserver, d_flags, e) + if (nullserver != NULL) + { + if (ISSMTPREPLY(nullserver)) +- usrerr(nullserver); ++ usrerr1(nullserver); + else + usrerr("550 5.0.0 %s", + nullserver); +@@ -2449,7 +2469,7 @@ smtp(nullserver, d_flags, e) + tempfail = true; + smtp.sm_milterize = false; + if (response != NULL) +- usrerr(response); ++ usrerr1(response); + else + message("421 4.7.0 %s closing connection", + MyHostName); +@@ -3656,7 +3676,7 @@ smtp_data(smtp, e) + (void) extenhsc(response + 4, ' ', e->e_enhsc); + #endif /* _FFR_MILTER_ENHSC */ + +- usrerr(response); ++ usrerr1(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + { +@@ -3776,7 +3796,7 @@ smtp_data(smtp, e) + if (ISSMTPCODE(response)) + (void) extenhsc(response + 4, ' ', e->e_enhsc); + #endif /* _FFR_MILTER_ENHSC */ +- usrerr(response); ++ usrerr1(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + rv = false; diff --git a/SOURCES/sendmail-8.15.2-libmilter-socket-activation.patch b/SOURCES/sendmail-8.15.2-libmilter-socket-activation.patch new file mode 100644 index 0000000..e8251bc --- /dev/null +++ b/SOURCES/sendmail-8.15.2-libmilter-socket-activation.patch @@ -0,0 +1,80 @@ +Description: systemd-like socket activation support for libmilter +Author: Mikhail Gusarov {unix|local}:/path/to/file -- A named pipe. +
  • inet:port@{hostname|ip-address} -- An IPV4 socket. +
  • inet6:port@{hostname|ip-address} -- An IPV6 socket. ++
  • fd:number -- Pre-opened file descriptor. + + + +diff --git a/libmilter/listener.c b/libmilter/listener.c +index 11d92bb..2ab533d 100644 +--- a/libmilter/listener.c ++++ b/libmilter/listener.c +@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, name) + L_socksize = sizeof addr.sin6; + } + #endif /* NETINET6 */ ++ else if (strcasecmp(p, "fd") == 0) ++ { ++ addr.sa.sa_family = AF_UNSPEC; ++ L_socksize = sizeof (_SOCK_ADDR); ++ } + else + { + smi_log(SMI_LOG_ERR, "%s: unknown socket type %s", +@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, name) + } + #endif /* NETINET || NETINET6 */ + +- sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); ++ if (addr.sa.sa_family == AF_UNSPEC) ++ { ++ char *end; ++ sock = strtol(colon, &end, 10); ++ if (*end != '\0' || sock < 0) ++ { ++ smi_log(SMI_LOG_ERR, "%s: expected positive integer as fd, got %s", name, colon); ++ return INVALID_SOCKET; ++ } ++ } ++ else ++ { ++ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0); ++ } ++ + if (!ValidSocket(sock)) + { + smi_log(SMI_LOG_ERR, +@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, name) + #if NETUNIX + addr.sa.sa_family != AF_UNIX && + #endif /* NETUNIX */ ++ addr.sa.sa_family != AF_UNSPEC && + setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, + sizeof(sockopt)) == -1) + { +@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, name) + } + #endif /* NETUNIX */ + +- if (bind(sock, &addr.sa, L_socksize) < 0) ++ if (addr.sa.sa_family != AF_UNSPEC && ++ bind(sock, &addr.sa, L_socksize) < 0) + { + smi_log(SMI_LOG_ERR, + "%s: Unable to bind to port %s: %s", +@@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, backlog) + # ifdef BSD4_4_SOCKADDR + cliaddr.sa.sa_len == 0 || + # endif /* BSD4_4_SOCKADDR */ +- cliaddr.sa.sa_family != L_family)) ++ (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family))) + { + (void) closesocket(connfd); + connfd = INVALID_SOCKET; diff --git a/SOURCES/sendmail-8.15.2-localdomain.patch b/SOURCES/sendmail-8.15.2-localdomain.patch new file mode 100644 index 0000000..36ec981 --- /dev/null +++ b/SOURCES/sendmail-8.15.2-localdomain.patch @@ -0,0 +1,13 @@ +diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4 +index 696bf36..5a5963b 100644 +--- a/cf/m4/proto.m4 ++++ b/cf/m4/proto.m4 +@@ -1898,6 +1898,8 @@ R<@> < $* @ [IPv6:::1] > + $: < ? $&{client_name} > < $1 @ [IPv6:::1] > + R<@> < $* @ localhost.$m > + $: < ? $&{client_name} > < $1 @ localhost.$m > ++R<@> < $* @ localhost.localdomain > ++ $: < ? $&{client_name} > < $1 @ localhost.localdomain > + ifdef(`_NO_UUCP_', `dnl', + `R<@> < $* @ localhost.UUCP > + $: < ? $&{client_name} > < $1 @ localhost.UUCP >') diff --git a/SOURCES/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch b/SOURCES/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch new file mode 100644 index 0000000..b470358 --- /dev/null +++ b/SOURCES/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch @@ -0,0 +1,20 @@ +diff --git a/sendmail/tls.c b/sendmail/tls.c +index 16cb93f..9338380 100644 +--- a/sendmail/tls.c ++++ b/sendmail/tls.c +@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar + } + + #if _FFR_TLS_EC +- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); +- if (ecdh != NULL) +- { +- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); +- SSL_CTX_set_tmp_ecdh(*ctx, ecdh); +- EC_KEY_free(ecdh); +- } ++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); ++ SSL_CTX_set_ecdh_auto(*ctx, 1); + #endif /* _FFR_TLS_EC */ + + } diff --git a/SOURCES/sendmail-8.15.2-openssl-1.1.0-fix.patch b/SOURCES/sendmail-8.15.2-openssl-1.1.0-fix.patch new file mode 100644 index 0000000..54a6754 --- /dev/null +++ b/SOURCES/sendmail-8.15.2-openssl-1.1.0-fix.patch @@ -0,0 +1,182 @@ +--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100 ++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100 +@@ -63,14 +63,28 @@ static unsigned char dh512_g[] = + static DH * + get_dh512() + { +- DH *dh = NULL; ++ DH *dh; ++ BIGNUM *p, *g; + + if ((dh = DH_new()) == NULL) + return NULL; +- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); +- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++ if (p == NULL || g == NULL) ++ { ++ BN_free(p); ++ BN_free(g); ++ DH_free(dh); + return NULL; ++ } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + return dh; + } + +@@ -117,16 +131,27 @@ get_dh2048() + }; + static unsigned char dh2048_g[]={ 0x02, }; + DH *dh; ++ BIGNUM *p, *g; + + if ((dh=DH_new()) == NULL) + return(NULL); +- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); ++ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); ++ if (p == NULL || g == NULL) + { ++ BN_free(p); ++ BN_free(g); + DH_free(dh); +- return(NULL); ++ return NULL; + } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + return(dh); + } + # endif /* !NO_DH */ +@@ -715,6 +740,54 @@ static char server_session_id_context[] + # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 + #endif + ++static RSA * ++generate_rsa_key(bits, e) ++ int bits; ++ unsigned long e; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return RSA_generate_key(bits, e, NULL, NULL); ++#else ++ BIGNUM *bne; ++ RSA *rsa = NULL; ++ ++ bne = BN_new(); ++ if (bne && BN_set_word(bne, e) != 1) ++ rsa = RSA_new(); ++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) ++ { ++ RSA_free(rsa); ++ rsa = NULL; ++ } ++ BN_free(bne); ++ return rsa; ++#endif ++} ++ ++static DSA * ++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) ++ int bits; ++ unsigned char *seed; ++ int seed_len; ++ int *counter_ret; ++ unsigned long *h_ret; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret, ++ h_ret, NULL, NULL); ++#else ++ DSA *dsa = DSA_new(); ++ ++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, ++ counter_ret, h_ret, NULL) != 1) ++ { ++ DSA_free(dsa); ++ dsa = NULL; ++ } ++ return dsa; ++#endif ++} ++ + bool + inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) + SSL_CTX **ctx; +@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile + { + /* get a pointer to the current certificate validation store */ + store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ +- crl_file = BIO_new(BIO_s_file_internal()); ++ crl_file = BIO_new(BIO_s_file()); + if (crl_file != NULL) + { + if (BIO_read_filename(crl_file, CRLFile) >= 0) +@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile + if (bitset(TLS_I_RSA_TMP, req) + # if SM_CONF_SHM + && ShmId != SM_SHM_NO_ID && +- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, +- NULL)) == NULL ++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL + # else /* SM_CONF_SHM */ + && 0 /* no shared memory: no need to generate key now */ + # endif /* SM_CONF_SHM */ +@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile + sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); + + /* this takes a while! */ +- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, +- NULL, 0, NULL); ++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL, ++ NULL); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + } +@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength) + + if (rsa_tmp != NULL) + RSA_free(rsa_tmp); +- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); ++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); + if (rsa_tmp == NULL) + { + if (LogLevel > 0) +@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx) + { + if (LogLevel > 13) + tls_verify_log(ok, ctx, "x509"); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (X509_STORE_CTX_get_error(ctx) == ++ X509_V_ERR_UNABLE_TO_GET_CRL) ++ { ++ X509_STORE_CTX_set_error(ctx, 0); ++ return 1; /* override it */ ++ } ++#else + if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) + { + ctx->error = 0; + return 1; /* override it */ + } ++#endif + } + return ok; + } diff --git a/SOURCES/sendmail-8.15.2-qos.patch b/SOURCES/sendmail-8.15.2-qos.patch new file mode 100644 index 0000000..c0b8b6a --- /dev/null +++ b/SOURCES/sendmail-8.15.2-qos.patch @@ -0,0 +1,246 @@ +diff --git a/cf/cf/submit.mc b/cf/cf/submit.mc +index b9dfb16..cb325cc 100644 +--- a/cf/cf/submit.mc ++++ b/cf/cf/submit.mc +@@ -22,6 +22,8 @@ define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining + define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet + define(`confTIME_ZONE', `USE_TZ')dnl + define(`confDONT_INIT_GROUPS', `True')dnl ++dnl # If you're operating in a DSCP/RFC-4594 environment with QoS ++dnl define(`confINET_QOS', `AF11')dnl + define(`confPID_FILE', `/run/sm-client.pid')dnl + dnl define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl + FEATURE(`use_ct_file')dnl +diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4 +index 5a5963b..0df3416 100644 +--- a/cf/m4/proto.m4 ++++ b/cf/m4/proto.m4 +@@ -251,6 +251,9 @@ _OPTION(SevenBitInput, `confSEVEN_BIT_INPUT', `False') + # 8-bit data handling + _OPTION(EightBitMode, `confEIGHT_BIT_HANDLING', `pass8') + ++# DSCP marking of traffic (IP_TOS) ++_OPTION(InetQoS, `confINET_QOS', `none') ++ + # wait for alias file rebuild (default units: minutes) + _OPTION(AliasWait, `confALIAS_WAIT', `5m') + +diff --git a/sendmail/conf.c b/sendmail/conf.c +index cbb9c76..1b55533 100644 +--- a/sendmail/conf.c ++++ b/sendmail/conf.c +@@ -6430,6 +6430,10 @@ char *FFRCompileOptions[] = + #if _FFR_QF_PARANOIA + "_FFR_QF_PARANOIA", + #endif ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ /* QoS */ ++ "_FFR_QOS", ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ + #if _FFR_QUEUE_GROUP_SORTORDER + /* Allow QueueSortOrder per queue group. */ + /* XXX: Still need to actually use qgrp->qg_sortorder */ +diff --git a/sendmail/daemon.c b/sendmail/daemon.c +index 4288365..86fe319 100644 +--- a/sendmail/daemon.c ++++ b/sendmail/daemon.c +@@ -104,6 +104,10 @@ static int NDaemons = 0; /* actual number of daemons */ + + static time_t NextDiskSpaceCheck = 0; + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++int InetQoS = 0; /* none by default */ ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ ++ + /* + ** GETREQUESTS -- open mail IPC port and get requests. + ** +@@ -1139,6 +1143,16 @@ opendaemonsocket(d, firsttime) + (void) setsockopt(d->d_socket, SOL_SOCKET, + SO_KEEPALIVE, (char *)&on, sizeof(on)); + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ if (InetQoS != 0x00 ++ && (d->d_addr.sa.sa_family == AF_INET ++ || (d->d_addr.sin6.sin6_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(d->d_addr.sin6.sin6_addr.s6_addr32)))) { ++ if (setsockopt(d->d_socket, SOL_IP, ++ IP_TOS, (char *)&InetQoS, sizeof(InetQoS)) < 0) ++ syserr("opendaemonsock: daemon %s: setsockopt(IP_TOS)", d->d_name); ++ } ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ ++ + #ifdef SO_RCVBUF + if (d->d_tcprcvbufsize > 0) + { +@@ -2571,6 +2585,16 @@ gothostent: + return EX_TEMPFAIL; + } + ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++ if (InetQoS != 0x00 ++ && (family == AF_INET ++ || (family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(addr.sin6.sin6_addr.s6_addr32)))) ++ { ++ if (setsockopt(s, SOL_IP, IP_TOS, ++ (char *)&InetQoS, sizeof(InetQoS)) < 0) ++ syserr("makeconnection: setsockopt(IP_TOS)"); ++ } ++#endif /* _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) */ + #ifdef SO_SNDBUF + if (ClientSettings[family].d_tcpsndbufsize > 0) + { +diff --git a/sendmail/readcf.c b/sendmail/readcf.c +index 2b0fbf7..86892f5 100644 +--- a/sendmail/readcf.c ++++ b/sendmail/readcf.c +@@ -18,6 +18,7 @@ SM_RCSID("@(#)$Id: readcf.c,v 8.692 2013-11-22 20:51:56 ca Exp $") + + #if NETINET || NETINET6 + # include ++# include + #endif /* NETINET || NETINET6 */ + + +@@ -2888,8 +2889,8 @@ static struct optioninfo + # define O_RCPTTHROTDELAY 0xe6 + { "BadRcptThrottleDelay", O_RCPTTHROTDELAY, OI_SAFE }, + #endif /* _FFR_RCPTTHROTDELAY */ +-#if 0 && _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) +-# define O_INETQOS 0xe7 /* reserved for FFR_QOS */ ++#if _FFR_QOS && defined(SOL_IP) && defined(IP_TOS) ++# define O_INETQOS 0xe7 + { "InetQoS", O_INETQOS, OI_NONE }, + #endif + #if STARTTLS && _FFR_FIPSMODE +@@ -2914,6 +2915,77 @@ static struct optioninfo + { NULL, '\0', OI_NONE } + }; + ++#ifdef O_INETQOS ++static struct qosmap ++{ ++ char *name; /* name of the setting */ ++ int value; /* corresponding setsockopt() value */ ++} QoSMap[] = { ++#ifdef IPTOS_CLASS_CS0 ++ { "CS0", IPTOS_CLASS_CS0 }, ++#endif ++#ifdef IPTOS_CLASS_CS1 ++ { "CS1", IPTOS_CLASS_CS1 }, ++#endif ++#ifdef IPTOS_DSCP_AF11 ++ { "AF11", IPTOS_DSCP_AF11 }, ++#endif ++#ifdef IPTOS_DSCP_AF12 ++ { "AF12", IPTOS_DSCP_AF12 }, ++#endif ++#ifdef IPTOS_DSCP_AF13 ++ { "AF13", IPTOS_DSCP_AF13 }, ++#endif ++#ifdef IPTOS_CLASS_CS2 ++ { "CS2", IPTOS_CLASS_CS2 }, ++#endif ++#ifdef IPTOS_DSCP_AF21 ++ { "AF21", IPTOS_DSCP_AF21 }, ++#endif ++#ifdef IPTOS_DSCP_AF22 ++ { "AF22", IPTOS_DSCP_AF22 }, ++#endif ++#ifdef IPTOS_DSCP_AF23 ++ { "AF23", IPTOS_DSCP_AF23 }, ++#endif ++#ifdef IPTOS_CLASS_CS3 ++ { "CS3", IPTOS_CLASS_CS3 }, ++#endif ++#ifdef IPTOS_DSCP_AF31 ++ { "AF31", IPTOS_DSCP_AF31 }, ++#endif ++#ifdef IPTOS_DSCP_AF32 ++ { "AF32", IPTOS_DSCP_AF32 }, ++#endif ++#ifdef IPTOS_DSCP_AF33 ++ { "AF33", IPTOS_DSCP_AF33 }, ++#endif ++#ifdef IPTOS_CLASS_CS4 ++ { "CS4", IPTOS_CLASS_CS4 }, ++#endif ++#ifdef IPTOS_DSCP_AF41 ++ { "AF41", IPTOS_DSCP_AF41 }, ++#endif ++#ifdef IPTOS_DSCP_AF42 ++ { "AF42", IPTOS_DSCP_AF42 }, ++#endif ++#ifdef IPTOS_DSCP_AF43 ++ { "AF43", IPTOS_DSCP_AF43 }, ++#endif ++#ifdef IPTOS_CLASS_CS5 ++ { "CS5", IPTOS_CLASS_CS5 }, ++#endif ++#ifdef IPTOS_CLASS_CS6 ++ { "CS6", IPTOS_CLASS_CS6 }, ++#endif ++#ifdef IPTOS_CLASS_CS7 ++ { "CS7", IPTOS_CLASS_CS7 }, ++#endif ++ { "none", 0x00 }, ++ { NULL, 0 } ++}; ++#endif ++ + # define CANONIFY(val) + + # define SET_OPT_DEFAULT(opt, val) opt = val +@@ -4540,6 +4612,33 @@ setoption(opt, val, safe, sticky, e) + UseCompressedIPv6Addresses = atobool(val); + break; + ++#ifdef O_INETQOS ++ case O_INETQOS: ++ { ++ struct qosmap *qmp; ++ InetQoS = -1; ++ ++ for (qmp = QoSMap; qmp->name != NULL; ++qmp) { ++ if (!strcmp(val, qmp->name)) { ++ InetQoS = qmp->value; ++ break; ++ } ++ } ++ ++ /* ++ ** we could allow writing it as a hex value, but ++ ** we don't at this time. ++ **/ ++ if (qmp->name == NULL) { ++ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, ++ "Warning: Option: %s unknown parameter '%s'\n", ++ OPTNAME, val); ++ break; ++ } ++ break; ++ } ++#endif ++ + default: + if (tTd(37, 1)) + { +diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h +index b2d0211..3bcc2e2 100644 +--- a/sendmail/sendmail.h ++++ b/sendmail/sendmail.h +@@ -2537,7 +2537,14 @@ EXTERN struct termescape TermEscape; /* terminal escape codes */ + EXTERN SOCKADDR ConnectOnlyTo; /* override connection address (for testing) */ + EXTERN SOCKADDR RealHostAddr; /* address of host we are talking to */ + extern const SM_EXC_TYPE_T EtypeQuickAbort; /* type of a QuickAbort exception */ +- ++#if _FFR_QOS ++# if !defined(SOL_IP) && defined(IPPROTO_IP) ++# define SOL_IP IPPROTO_IP ++# endif ++# if defined(SOL_IP) && defined(IP_TOS) ++EXTERN int InetQoS; /* QoS mapping */ ++# endif ++#endif + + EXTERN int ConnectionRateWindowSize; + #if STARTTLS && USE_OPENSSL_ENGINE diff --git a/SOURCES/sendmail-8.15.2-smtp-session-reuse-fix.patch b/SOURCES/sendmail-8.15.2-smtp-session-reuse-fix.patch new file mode 100644 index 0000000..bc14841 --- /dev/null +++ b/SOURCES/sendmail-8.15.2-smtp-session-reuse-fix.patch @@ -0,0 +1,249 @@ +diff -ru a/sendmail/deliver.c b/sendmail/deliver.c +--- a/sendmail/deliver.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800 +@@ -6274,8 +6274,7 @@ + tlslogerr(LOG_WARNING, "client"); + } + +- SSL_free(clt_ssl); +- clt_ssl = NULL; ++ SM_SSL_FREE(clt_ssl); + return EX_SOFTWARE; + } + mci->mci_ssl = clt_ssl; +@@ -6287,8 +6286,7 @@ + return EX_OK; + + /* failure */ +- SSL_free(clt_ssl); +- clt_ssl = NULL; ++ SM_SSL_FREE(clt_ssl); + return EX_SOFTWARE; + } + /* +@@ -6309,7 +6307,7 @@ + + if (!bitset(MCIF_TLSACT, mci->mci_flags)) + return EX_OK; +- r = endtls(mci->mci_ssl, "client"); ++ r = endtls(&mci->mci_ssl, "client"); + mci->mci_flags &= ~MCIF_TLSACT; + return r; + } +diff -ru a/sendmail/macro.c b/sendmail/macro.c +--- a/sendmail/macro.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800 +@@ -362,6 +362,33 @@ + } + + /* ++** MACTABCLEAR -- clear entire macro table ++** ++** Parameters: ++** mac -- Macro table. ++** ++** Returns: ++** none. ++** ++** Side Effects: ++** clears entire mac structure including rpool pointer! ++*/ ++ ++void ++mactabclear(mac) ++ MACROS_T *mac; ++{ ++ int i; ++ ++ if (mac->mac_rpool == NULL) ++ { ++ for (i = 0; i < MAXMACROID; i++) ++ SM_FREE_CLR(mac->mac_table[i]); ++ } ++ memset((char *) mac, '\0', sizeof(*mac)); ++} ++ ++/* + ** MACDEFINE -- bind a macro name to a value + ** + ** Set a macro to a value, with fancy storage management. +diff -ru a/sendmail/mci.c b/sendmail/mci.c +--- a/sendmail/mci.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800 +@@ -25,6 +25,7 @@ + int, bool)); + static bool mci_load_persistent __P((MCI *)); + static void mci_uncache __P((MCI **, bool)); ++static void mci_clear __P((MCI *)); + static int mci_lock_host_statfile __P((MCI *)); + static int mci_read_persistent __P((SM_FILE_T *, MCI *)); + +@@ -253,6 +254,7 @@ + SM_FREE_CLR(mci->mci_status); + SM_FREE_CLR(mci->mci_rstatus); + SM_FREE_CLR(mci->mci_heloname); ++ mci_clear(mci); + if (mci->mci_rpool != NULL) + { + sm_rpool_free(mci->mci_rpool); +@@ -315,6 +317,41 @@ + } + + /* ++** MCI_CLEAR -- clear mci ++** ++** Parameters: ++** mci -- the connection to clear. ++** ++** Returns: ++** none. ++*/ ++ ++static void ++mci_clear(mci) ++ MCI *mci; ++{ ++ if (mci == NULL) ++ return; ++ ++ mci->mci_maxsize = 0; ++ mci->mci_min_by = 0; ++ mci->mci_deliveries = 0; ++#if SASL ++ if (bitset(MCIF_AUTHACT, mci->mci_flags)) ++ sasl_dispose(&mci->mci_conn); ++#endif ++#if STARTTLS ++ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL) ++ SM_SSL_FREE(mci->mci_ssl); ++#endif ++ ++ /* which flags to preserve? */ ++ mci->mci_flags &= MCIF_CACHED; ++ mactabclear(&mci->mci_macro); ++} ++ ++ ++/* + ** MCI_GET -- get information about a particular host + ** + ** Parameters: +@@ -419,6 +456,7 @@ + mci->mci_errno = 0; + mci->mci_exitstat = EX_OK; + } ++ mci_clear(mci); + } + + return mci; +diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h +--- a/sendmail/sendmail.h 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800 +@@ -1186,6 +1186,7 @@ + #define macid(name) macid_parse(name, NULL) + extern char *macname __P((int)); + extern char *macvalue __P((int, ENVELOPE *)); ++extern void mactabclear __P((MACROS_T *)); + extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **)); + extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int)); + extern void setclass __P((int, char *)); +@@ -2002,7 +2003,15 @@ + extern void setclttls __P((bool)); + extern bool initsrvtls __P((bool)); + extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); +-extern int endtls __P((SSL *, char *)); ++#define SM_SSL_FREE(ssl) \ ++ do { \ ++ if (ssl != NULL) \ ++ { \ ++ SSL_free(ssl); \ ++ ssl = NULL; \ ++ } \ ++ } while (0) ++extern int endtls __P((SSL **, char *)); + extern void tlslogerr __P((int, const char *)); + + +diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +--- a/sendmail/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800 +@@ -2122,8 +2122,7 @@ + if (get_tls_se_options(e, srv_ssl, true) != 0) + { + message("454 4.3.3 TLS not available: error setting options"); +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + goto tls_done; + } + +@@ -2145,8 +2144,7 @@ + SSL_set_wfd(srv_ssl, wfd) <= 0) + { + message("454 4.3.3 TLS not available: error set fd"); +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + goto tls_done; + } + if (!smtps) +@@ -2188,8 +2186,7 @@ + tlslogerr(LOG_WARNING, "server"); + } + tls_ok_srv = false; +- SSL_free(srv_ssl); +- srv_ssl = NULL; ++ SM_SSL_FREE(srv_ssl); + + /* + ** according to the next draft of +@@ -3416,7 +3413,7 @@ + /* shutdown TLS connection */ + if (tls_active) + { +- (void) endtls(srv_ssl, "server"); ++ (void) endtls(&srv_ssl, "server"); + tls_active = false; + } + #endif /* STARTTLS */ +diff -ru a/sendmail/tls.c b/sendmail/tls.c +--- a/sendmail/tls.c 2016-02-29 06:01:55.000000000 -0800 ++++ b/sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800 +@@ -1624,7 +1624,7 @@ + ** ENDTLS -- shutdown secure connection + ** + ** Parameters: +-** ssl -- SSL connection information. ++** pssl -- pointer to TLS session context + ** side -- server/client (for logging). + ** + ** Returns: +@@ -1632,12 +1632,16 @@ + */ + + int +-endtls(ssl, side) +- SSL *ssl; ++endtls(pssl, side) ++ SSL **pssl; + char *side; + { + int ret = EX_OK; ++ SSL *ssl; + ++ SM_REQUIRE(pssl != NULL); ++ ret = EX_OK; ++ ssl = *pssl; + if (ssl != NULL) + { + int r; +@@ -1703,8 +1707,7 @@ + ret = EX_SOFTWARE; + } + # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ +- SSL_free(ssl); +- ssl = NULL; ++ SM_SSL_FREE(*pssl); + } + return ret; + } diff --git a/SOURCES/sendmail-8.15.2-switchfile.patch b/SOURCES/sendmail-8.15.2-switchfile.patch new file mode 100644 index 0000000..940d5a7 --- /dev/null +++ b/SOURCES/sendmail-8.15.2-switchfile.patch @@ -0,0 +1,13 @@ +diff --git a/sendmail/conf.c b/sendmail/conf.c +index c73334e..cbb9c76 100644 +--- a/sendmail/conf.c ++++ b/sendmail/conf.c +@@ -986,7 +986,7 @@ switch_map_find(service, maptype, mapreturn) + if (p != NULL) + *p = '\0'; + #ifndef SM_NSSWITCH_DELIMS +-# define SM_NSSWITCH_DELIMS " \t" ++# define SM_NSSWITCH_DELIMS " \t:" + #endif /* SM_NSSWITCH_DELIMS */ + p = strpbrk(buf, SM_NSSWITCH_DELIMS); + if (p != NULL) diff --git a/SOURCES/sendmail-8.15.2-tlsfallback.patch b/SOURCES/sendmail-8.15.2-tlsfallback.patch new file mode 100644 index 0000000..ff67d73 --- /dev/null +++ b/SOURCES/sendmail-8.15.2-tlsfallback.patch @@ -0,0 +1,204 @@ +commit 72c678024d5f7b97bae8c20cc3fb2e0299778d5b +Author: Tomas Korbar +Date: Mon Sep 7 12:41:05 2020 +0200 + + Backport confTLS_FALLBACK_TO_CLEAR Configuration option + +diff --git a/cf/README b/cf/README +index 91e69a9..e8941ad 100644 +--- a/cf/README ++++ b/cf/README +@@ -4011,6 +4011,10 @@ confUSERDB_SPEC UserDatabaseSpec + confFALLBACK_MX FallbackMXhost [undefined] Fallback MX host. + confFALLBACK_SMARTHOST FallbackSmartHost + [undefined] Fallback smart host. ++confTLS_FALLBACK_TO_CLEAR TLSFallbacktoClear ++ [undefined] If set, immediately try ++ a connection again without STARTTLS ++ after a TLS handshake failure. + confTRY_NULL_MX_LIST TryNullMXList [False] If this host is the best MX + for a host and other arrangements + haven't been made, try connecting +diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4 +index 0df3416..a741d97 100644 +--- a/cf/m4/proto.m4 ++++ b/cf/m4/proto.m4 +@@ -656,6 +656,8 @@ _OPTION(CipherList, `confCIPHER_LIST', `') + _OPTION(ServerSSLOptions, `confSERVER_SSL_OPTIONS', `') + # client side SSL options + _OPTION(ClientSSLOptions, `confCLIENT_SSL_OPTIONS', `') ++# TLS: fall back to clear text after handshake failure? ++_OPTION(TLSFallbacktoClear, `confTLS_FALLBACK_TO_CLEAR', `') + + # Input mail filters + _OPTION(InputMailFilters, `confINPUT_MAIL_FILTERS', `') +@@ -2856,6 +2858,7 @@ R<$-:$+> <$*> FAIL $#error $@ $2 $: $1 " authentication failed" + R<$-:$+> <$*> NO $#error $@ $2 $: $1 " not authenticated" + R<$-:$+> <$*> NOT $#error $@ $2 $: $1 " no authentication requested" + R<$-:$+> <$*> NONE $#error $@ $2 $: $1 " other side does not support STARTTLS" ++R<$-:$+> <$*> CLEAR $#error $@ $2 $: $1 " STARTTLS disabled locally" + dnl some other value for ${verify} + R<$-:$+> <$*> $+ $#error $@ $2 $: $1 " authentication failure " $4 + dnl some level of encryption required: get the maximum level (case 2.) +diff --git a/doc/op/op.me b/doc/op/op.me +index 57e25cd..97d3b9c 100644 +--- a/doc/op/op.me ++++ b/doc/op/op.me +@@ -8340,6 +8340,22 @@ PostMilter is useful only when + .i sendmail + is running as an SMTP server; in all other situations it + acts the same as True. ++.ip TLSFallbacktoClear ++[no short name] ++If set, ++.i sendmail ++immediately tries an outbound connection again without STARTTLS ++after a TLS handshake failure. ++Note: ++this applies to all connections even if TLS specific requirements are set ++(see rulesets ++.i tls_rcpt ++and ++.i tls_client ++). ++Hence such requirements will cause an error on a retry without STARTTLS. ++Therefore they should only trigger a temporary failure so the connection ++is later on tried again. + .ip TLSSrvOptions + [no short name] + List of options for SMTP STARTTLS for the server +diff --git a/sendmail/deliver.c b/sendmail/deliver.c +index 8027a50..af42e8f 100644 +--- a/sendmail/deliver.c ++++ b/sendmail/deliver.c +@@ -1334,6 +1334,10 @@ deliver(e, firstto) + char *pv[MAXPV + 1]; + char buf[MAXNAME + 1]; + char cbuf[MAXPATHLEN]; ++#if STARTTLS ++ /* 0: try TLS, 1: try without TLS again, >1: don't try again */ ++ int tlsstate; ++#endif + + errno = 0; + SM_REQUIRE(firstto != NULL); /* same as to */ +@@ -1349,7 +1353,9 @@ deliver(e, firstto) + e->e_statmsg = NULL; + SmtpError[0] = '\0'; + xstart = curtime(); +- ++#if STARTTLS ++ tlsstate = 0; ++#endif + if (tTd(10, 1)) + sm_dprintf("\n--deliver, id=%s, mailer=%s, host=`%s', first user=`%s'\n", + e->e_id, m->m_name, host, to->q_user); +@@ -2073,6 +2079,9 @@ tryhost: + hostnum++; + if (endp != NULL) + *endp = sep; ++#if STARTTLS ++ tlsstate = 0; ++#endif + + one_last_try: + /* see if we already know that this host is fried */ +@@ -2960,6 +2969,8 @@ reconnect: /* after switching to an encrypted connection */ + usetls = bitset(MCIF_TLS, mci->mci_flags); + if (usetls) + usetls = !iscltflgset(e, D_NOTLS); ++ if (usetls) ++ usetls = tlsstate == 0; + + host = macvalue(macid("{server_name}"), e); + if (usetls) +@@ -3025,8 +3036,11 @@ reconnect: /* after switching to an encrypted connection */ + } + } + else ++ { ++ p = tlsstate == 0 ? "NONE": "CLEAR"; + macdefine(&e->e_macro, A_PERM, +- macid("{verify}"), "NONE"); ++ macid("{verify}"), p); ++ } + olderrors = Errors; + QuickAbort = false; + SuprErrs = true; +@@ -3077,6 +3091,10 @@ reconnect: /* after switching to an encrypted connection */ + } + mci->mci_flags &= ~MCIF_TLSACT; + (void) endmailer(mci, e, pv); ++ if (TLSFallbacktoClear) ++ { ++ ++tlsstate; ++ } + } + else + { +@@ -3119,6 +3137,27 @@ reconnect: /* after switching to an encrypted connection */ + mci_clr_extensions(mci); + goto reconnect; + } ++ if (tlsstate == 1) ++ { ++ if (tTd(11, 1)) ++ { ++ sm_syslog(LOG_DEBUG, NOQID, ++ "STARTTLS=client, relay=%.100s, tlsstate=%d, status=trying_again", ++ mci->mci_host, tlsstate); ++ mci_dump(NULL, mci, true); ++ } ++ ++tlsstate; ++ /* ++ ** Fake the status so a new connection is ++ ** tried, otherwise the TLS error will ++ ** "persist" during this delivery attempt. ++ */ ++ ++ mci->mci_errno = 0; ++ rcode = EX_OK; ++ mci_setstat(mci, rcode, NULL, NULL); ++ goto one_last_try; ++ } + } + # endif /* STARTTLS */ + # if SASL +diff --git a/sendmail/readcf.c b/sendmail/readcf.c +index 86892f5..82660f4 100644 +--- a/sendmail/readcf.c ++++ b/sendmail/readcf.c +@@ -2911,7 +2911,10 @@ static struct optioninfo + #endif + #define O_USECOMPRESSEDIPV6ADDRESSES 0xec + { "UseCompressedIPv6Addresses", O_USECOMPRESSEDIPV6ADDRESSES, OI_NONE }, +- ++#if STARTTLS ++# define O_TLSFB2CLEAR 0xef ++ { "TLSFallbacktoClear", O_TLSFB2CLEAR, OI_NONE }, ++#endif + { NULL, '\0', OI_NONE } + }; + +@@ -4305,6 +4308,9 @@ setoption(opt, val, safe, sticky, e) + #endif /* SASL */ + + #if STARTTLS ++ case O_TLSFB2CLEAR: ++ TLSFallbacktoClear = atobool(val); ++ break; + case O_SRVCERTFILE: + SET_STRING_EXP(SrvCertFile); + case O_SRVKEYFILE: +diff --git a/sendmail/sendmail.h b/sendmail/sendmail.h +index 441399c..9be1e76 100644 +--- a/sendmail/sendmail.h ++++ b/sendmail/sendmail.h +@@ -2032,6 +2032,7 @@ EXTERN char *CRLPath; /* path to CRLs (dir. with hashes) */ + #endif /* _FFR_CRLPATH */ + EXTERN unsigned long TLS_Srv_Opts; /* TLS server options */ + EXTERN unsigned long Srv_SSL_Options, Clt_SSL_Options; /* SSL options */ ++EXTERN bool TLSFallbacktoClear; + #endif /* STARTTLS */ + + /* diff --git a/SOURCES/sendmail-8.16.0.29-fix-covscan-issues.patch b/SOURCES/sendmail-8.16.0.29-fix-covscan-issues.patch new file mode 100644 index 0000000..99f7216 --- /dev/null +++ b/SOURCES/sendmail-8.16.0.29-fix-covscan-issues.patch @@ -0,0 +1,149 @@ +diff --git a/include/sm/varargs.h b/include/sm/varargs.h +index 612858d..2609630 100644 +--- a/include/sm/varargs.h ++++ b/include/sm/varargs.h +@@ -32,6 +32,11 @@ + # define SM_VA_COPY(dst, src) __va_copy((dst), (src)) + # else + # define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst))) ++# define SM_VA_END_COPY(ap) do { } while (0) ++# endif ++ ++# ifndef SM_VA_END_COPY ++# define SM_VA_END_COPY(ap) va_end(ap) + # endif + + /* +diff --git a/libsm/vfprintf.c b/libsm/vfprintf.c +index 87c353c..c99d4e5 100644 +--- a/libsm/vfprintf.c ++++ b/libsm/vfprintf.c +@@ -782,6 +782,7 @@ number: if ((dprec = prec) >= 0) + done: + FLUSH(); + error: ++ SM_VA_END_COPY(orgap); + if ((argtable != NULL) && (argtable != statargtable)) + sm_free(argtable); + return sm_error(fp) ? SM_IO_EOF : ret; +diff --git a/sendmail/milter.c b/sendmail/milter.c +index 462efd2..af6dc66 100644 +--- a/sendmail/milter.c ++++ b/sendmail/milter.c +@@ -2437,8 +2437,7 @@ milter_negotiate(m, e, milters) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): negotiate: returned %c instead of %c", + m->mf_name, rcmd, SMFIC_OPTNEG); +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + milter_error(m, e); + return -1; + } +@@ -2453,8 +2452,7 @@ milter_negotiate(m, e, milters) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): negotiate: did not return valid info", + m->mf_name); +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + milter_error(m, e); + return -1; + } +@@ -2472,8 +2470,7 @@ milter_negotiate(m, e, milters) + sm_syslog(LOG_ERR, e->e_id, + "Milter (%s): negotiate: did not return enough info", + m->mf_name); +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + milter_error(m, e); + return -1; + } +@@ -2589,11 +2586,11 @@ milter_negotiate(m, e, milters) + if (tTd(64, 5)) + sm_dprintf("milter_negotiate(%s): received: version %u, fflags 0x%x, pflags 0x%x\n", + m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags); ++ SM_FREE(response); + return 0; + + error: +- if (response != NULL) +- sm_free(response); /* XXX */ ++ SM_FREE(response); + return -1; + } + +@@ -3230,6 +3227,7 @@ milter_changeheader(m, response, rlen, e) + addheader(newstr(field), mh_value, H_USER, e, + !bitset(SMFIP_HDR_LEADSPC, m->mf_pflags)); + } ++ SM_FREE(mh_value); + return; + } + +@@ -3438,6 +3436,8 @@ milter_chgfrom(response, rlen, e) + { + if (tTd(64, 10)) + sm_dprintf("didn't follow protocol argc=%d\n", argc); ++ if (argv != NULL) ++ free(argv); + return; + } + +@@ -3456,6 +3456,7 @@ milter_chgfrom(response, rlen, e) + mail_esmtp_args); + } + Errors = olderrors; ++ free(argv); + return; + } + +@@ -3503,6 +3504,8 @@ milter_addrcpt_par(response, rlen, e) + { + if (tTd(64, 10)) + sm_dprintf("didn't follow protocol argc=%d\n", argc); ++ if (argv != NULL) ++ free(argv); + return; + } + olderrors = Errors; +@@ -3527,6 +3530,7 @@ milter_addrcpt_par(response, rlen, e) + } + + Errors = olderrors; ++ free(argv); + return; + } + +diff --git a/sendmail/queue.c b/sendmail/queue.c +index 503f296..c9153c8 100644 +--- a/sendmail/queue.c ++++ b/sendmail/queue.c +@@ -8590,6 +8590,7 @@ split_by_recipient(e) + if (split_within_queue(ee) == SM_SPLIT_FAIL) + { + e->e_sibling = firstsibling; ++ SM_FREE(lsplits); + return false; + } + ee->e_flags |= EF_SPLIT; +@@ -8604,8 +8605,7 @@ split_by_recipient(e) + if (p == NULL) + { + /* let's try to get this done */ +- sm_free(lsplits); +- lsplits = NULL; ++ SM_FREE(lsplits); + } + else + lsplits = p; +@@ -8627,7 +8627,7 @@ split_by_recipient(e) + { + sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s", + n - 1, n > 2 ? "s" : "", lsplits); +- sm_free(lsplits); ++ SM_FREE(lsplits); + } + split = split_within_queue(e) != SM_SPLIT_FAIL; + if (split) diff --git a/SOURCES/sendmail-etc-mail-access b/SOURCES/sendmail-etc-mail-access new file mode 100644 index 0000000..31715ef --- /dev/null +++ b/SOURCES/sendmail-etc-mail-access @@ -0,0 +1,12 @@ +# Check the /usr/share/doc/sendmail/README.cf file for a description +# of the format of this file. (search for access_db in that file) +# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc +# package. +# +# If you want to use AuthInfo with "M:PLAIN LOGIN", make sure to have the +# cyrus-sasl-plain package installed. +# +# By default we allow relaying from localhost... +Connect:localhost.localdomain RELAY +Connect:localhost RELAY +Connect:127.0.0.1 RELAY diff --git a/SOURCES/sendmail-etc-mail-domaintable b/SOURCES/sendmail-etc-mail-domaintable new file mode 100644 index 0000000..2dfd1aa --- /dev/null +++ b/SOURCES/sendmail-etc-mail-domaintable @@ -0,0 +1,4 @@ +# The "domain table" can be used to provide domain name mapping. +# Use of this should really be limited to your own domains. +# It may be useful if you change names (e.g., your company +# changes names from oldname.com to newname.com) diff --git a/SOURCES/sendmail-etc-mail-local-host-names b/SOURCES/sendmail-etc-mail-local-host-names new file mode 100644 index 0000000..9248c00 --- /dev/null +++ b/SOURCES/sendmail-etc-mail-local-host-names @@ -0,0 +1 @@ +# local-host-names - include all aliases for your machine here. diff --git a/SOURCES/sendmail-etc-mail-mailertable b/SOURCES/sendmail-etc-mail-mailertable new file mode 100644 index 0000000..0deb307 --- /dev/null +++ b/SOURCES/sendmail-etc-mail-mailertable @@ -0,0 +1,30 @@ +# The "mailer table" can be used to override routing for particular domains +# (which are not in class {w}, i.e. local host names). +# +# hash /etc/mail/mailertable +# +# Keys in this database are fully qualified domain names or partial domains +# preceded by a dot -- for example, "vangogh.CS.Berkeley.EDU" or +# ".CS.Berkeley.EDU". As a special case of the latter, "." matches any domain +# not covered by other keys. Values must be of the form: +# +# mailer:domain +# +# where "mailer" is the internal mailer name, and "domain" is where to send +# the message. These maps are not reflected into the message header. As a +# special case, the forms: +# +# local:user +# +# will forward to the indicated user using the local mailer, +# +# local: +# +# will forward to the original user in the e-mail address using the local +# mailer, and +# +# error:code message +# error:D.S.N:code message +# +# will give an error message with the indicated SMTP reply code and message, +# where D.S.N is an RFC 1893 compliant error code. diff --git a/SOURCES/sendmail-etc-mail-trusted-users b/SOURCES/sendmail-etc-mail-trusted-users new file mode 100644 index 0000000..986184d --- /dev/null +++ b/SOURCES/sendmail-etc-mail-trusted-users @@ -0,0 +1,2 @@ +# trusted-users - users that can send mail as others without a warning +# apache, mailman, majordomo, uucp, are good candidates diff --git a/SOURCES/sendmail-etc-mail-virtusertable b/SOURCES/sendmail-etc-mail-virtusertable new file mode 100644 index 0000000..cc4b545 --- /dev/null +++ b/SOURCES/sendmail-etc-mail-virtusertable @@ -0,0 +1,41 @@ +# A domain-specific form of aliasing, allowing multiple virtual domains to be +# hosted on one machine. +# +# info@foo.com foo-info +# info@bar.com bar-info +# joe@bar.com error:nouser 550 No such user here +# jax@bar.com error:5.7.0:550 Address invalid +# @baz.org jane@example.net +# +# then mail addressed to info@foo.com will be sent to the address foo-info, +# mail addressed to info@bar.com will be delivered to bar-info, and mail +# addressed to anyone at baz.org will be sent to jane@example.net, mail to +# joe@bar.com will be rejected with the specified error message, and mail to +# jax@bar.com will also have a RFC 1893 compliant error code 5.7.0. +# +# The username from the original address is passed as %1 allowing: +# +# @foo.org %1@example.com +# +# Additionally, if the local part consists of "user+detail" then "detail" is +# passed as %2 and "+detail" is passed as %3 when a match against user+* is +# attempted, so entries like +# +# old+*@foo.org new+%2@example.com +# gen+*@foo.org %2@example.com +# +*@foo.org %1%3@example.com +# X++@foo.org Z%3@example.com +# @bar.org %1%3 +# +# Note: to preserve "+detail" for a default case (@domain) %1%3 must be used +# as RHS. There are two wildcards after "+": "+" matches only a non-empty +# detail, "*" matches also empty details, e.g., user+@foo.org matches# +# +*@foo.org but not ++@foo.org. This can be used to ensure that the +# parameters %2 and %3 are not empty. +# +# All the host names on the left hand side (foo.com, bar.com, and baz.org) +# must be in class {w} or class {VirtHost}. The latter can be defined by the +# macros VIRTUSER_DOMAIN or VIRTUSER_DOMAIN_FILE (analogously to +# MASQUERADE_DOMAIN and MASQUERADE_DOMAIN_FILE). If VIRTUSER_DOMAIN or +# VIRTUSER_DOMAIN_FILE is used, then the entries of class {VirtHost} are +# added to class {R}, i.e., relaying is allowed to (and from) those domains. diff --git a/SOURCES/sendmail-redhat.mc b/SOURCES/sendmail-redhat.mc new file mode 100644 index 0000000..dd9bc96 --- /dev/null +++ b/SOURCES/sendmail-redhat.mc @@ -0,0 +1,181 @@ +divert(-1)dnl +dnl # +dnl # This is the sendmail macro config file for m4. If you make changes to +dnl # /etc/mail/sendmail.mc, you will need to regenerate the +dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is +dnl # installed and then performing a +dnl # +dnl # /etc/mail/make +dnl # +include(`@@PATH@@/m4/cf.m4')dnl +VERSIONID(`setup for linux')dnl +OSTYPE(`linux')dnl +dnl # +dnl # Do not advertize sendmail version. +dnl # +dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl +dnl # +dnl # default logging level is 9, you might want to set it higher to +dnl # debug the configuration +dnl # +dnl define(`confLOG_LEVEL', `9')dnl +dnl # +dnl # Uncomment and edit the following line if your outgoing mail needs to +dnl # be sent out through an external mail server: +dnl # +dnl define(`SMART_HOST', `smtp.your.provider')dnl +dnl # +define(`confDEF_USER_ID', ``8:12'')dnl +dnl define(`confAUTO_REBUILD')dnl +define(`confTO_CONNECT', `1m')dnl +define(`confTRY_NULL_MX_LIST', `True')dnl +define(`confDONT_PROBE_INTERFACES', `True')dnl +define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl +define(`ALIAS_FILE', `/etc/aliases')dnl +define(`STATUS_FILE', `/var/log/mail/statistics')dnl +define(`UUCP_MAILER_MAX', `2000000')dnl +define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl +define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl +define(`confAUTH_OPTIONS', `A')dnl +dnl # +dnl # The following allows relaying if the user authenticates, and disallows +dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links +dnl # +dnl define(`confAUTH_OPTIONS', `A p')dnl +dnl # +dnl # which realm to use in SASL database (sasldb2) +dnl # +define(`confAUTH_REALM', `mail')dnl +dnl # +dnl # PLAIN is the preferred plaintext authentication method and used by +dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do +dnl # use LOGIN. Other mechanisms should be used if the connection is not +dnl # guaranteed secure. +dnl # Please remember that saslauthd needs to be running for AUTH. +dnl # +dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +dnl # +dnl # Basic sendmail TLS configuration with self-signed certificate for +dnl # inbound SMTP (and also opportunistic TLS for outbound SMTP). +dnl # +define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl +define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl +define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl +define(`confTLS_SRV_OPTIONS', `V')dnl +dnl # +dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's +dnl # slapd, which requires the file to be readble by group ldap +dnl # +dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl +dnl # +dnl define(`confTO_QUEUEWARN', `4h')dnl +dnl define(`confTO_QUEUERETURN', `5d')dnl +dnl define(`confQUEUE_LA', `12')dnl +dnl define(`confREFUSE_LA', `18')dnl +define(`confTO_IDENT', `0')dnl +dnl # If you're operating in a DSCP/RFC-4594 environment with QoS +dnl define(`confINET_QOS', `AF11')dnl +dnl FEATURE(delay_checks)dnl +FEATURE(`no_default_msa', `dnl')dnl +FEATURE(`smrsh', `/usr/sbin/smrsh')dnl +FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl +FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl +FEATURE(redirect)dnl +FEATURE(always_add_domain)dnl +FEATURE(use_cw_file)dnl +FEATURE(use_ct_file)dnl +dnl # +dnl # The following limits the number of processes sendmail can fork to accept +dnl # incoming messages or process its message queues to 20.) sendmail refuses +dnl # to accept connections once it has reached its quota of child processes. +dnl # +dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl +dnl # +dnl # Limits the number of new connections per second. This caps the overhead +dnl # incurred due to forking new sendmail processes. May be useful against +dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address +dnl # limit would be useful but is not available as an option at this writing.) +dnl # +dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl +dnl # +dnl # The -t option will retry delivery if e.g. the user runs over his quota. +dnl # +FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl +FEATURE(`access_db', `hash -T -o /etc/mail/access.db')dnl +FEATURE(`blacklist_recipients')dnl +EXPOSED_USER(`root')dnl +dnl # +dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment +dnl # the following 2 definitions and activate below in the MAILER section the +dnl # cyrusv2 mailer. +dnl # +dnl define(`confLOCAL_MAILER', `cyrusv2')dnl +dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl +dnl # +dnl # The following causes sendmail to only listen on the IPv4 loopback address +dnl # 127.0.0.1 and not on any other network devices. Remove the loopback +dnl # address restriction to accept email from the internet or intranet. +dnl # +DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl +dnl # +dnl # The following causes sendmail to additionally listen to port 587 for +dnl # mail from MUAs that authenticate. Roaming users who can't reach their +dnl # preferred sendmail daemon due to port 25 being blocked or redirected find +dnl # this useful. +dnl # +dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl +dnl # +dnl # The following causes sendmail to additionally listen to port 465, but +dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed +dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't +dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS +dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps +dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. +dnl # +dnl # For this to work your OpenSSL certificates must be configured. +dnl # +dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl +dnl # +dnl # The following causes sendmail to additionally listen on the IPv6 loopback +dnl # device. Remove the loopback address restriction listen to the network. +dnl # +dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl +dnl # +dnl # enable both ipv6 and ipv4 in sendmail: +dnl # +dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') +dnl # +dnl # We strongly recommend not accepting unresolvable domains if you want to +dnl # protect yourself from spam. However, the laptop and users on computers +dnl # that do not have 24x7 DNS do need this. +dnl # +FEATURE(`accept_unresolvable_domains')dnl +dnl # +dnl FEATURE(`relay_based_on_MX')dnl +dnl # +dnl # Also accept email sent to "localhost.localdomain" as local email. +dnl # +LOCAL_DOMAIN(`localhost.localdomain')dnl +dnl # +dnl # The following example makes mail from this host and any additional +dnl # specified domains appear to be sent from mydomain.com +dnl # +dnl MASQUERADE_AS(`mydomain.com')dnl +dnl # +dnl # masquerade not just the headers, but the envelope as well +dnl # +dnl FEATURE(masquerade_envelope)dnl +dnl # +dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well +dnl # +dnl FEATURE(masquerade_entire_domain)dnl +dnl # +dnl MASQUERADE_DOMAIN(localhost)dnl +dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl +dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl +dnl MASQUERADE_DOMAIN(mydomain.lan)dnl +MAILER(smtp)dnl +MAILER(procmail)dnl +dnl MAILER(cyrusv2)dnl diff --git a/SOURCES/sendmail.etc-mail-Makefile b/SOURCES/sendmail.etc-mail-Makefile new file mode 100644 index 0000000..e80f4a9 --- /dev/null +++ b/SOURCES/sendmail.etc-mail-Makefile @@ -0,0 +1,8 @@ +# Pass everything to the make script + +all: +%: force + @./make $@ +force:; + +$(MAKEFILE_LIST):; diff --git a/SOURCES/sendmail.etc-mail-make b/SOURCES/sendmail.etc-mail-make new file mode 100644 index 0000000..f345b43 --- /dev/null +++ b/SOURCES/sendmail.etc-mail-make @@ -0,0 +1,129 @@ +#!/bin/sh +# Generate db and cf files if necessary. This used to be handled by +# /etc/mail/Makefile. + +teste() { + if ! test -e "$1"; then + echo "$1 doesn't exist" + exit 2 + fi +} + +makedb() { + teste "${1%.db}" + + if [ -z "$SM_FORCE_DBREBUILD" ]; then + test "${1%.db}" -nt "$1" || return 0 + fi + + if [ "$1" = userdb.db ]; then + makemap btree "$1" < "${1%.db}" + else + makemap hash "$1" < "${1%.db}" + fi +} + +makealiasesdb() { + uptodate=1 + + if [ -z "$SM_FORCE_DBREBUILD" ]; then + files=$(grep '^O AliasFile=' sendmail.cf | + while read a; do echo ${a#*=}; done) + + for a in $files; do + if [ "$a" = /etc/aliases ]; then + # /etc/aliases.db may be used by other MTA, make sure nothing + # has touched it since our last newaliases call + test "$a" -nt "${a}.db" || + test aliasesdb-stamp -nt "${a}.db" || + test aliasesdb-stamp -ot "${a}.db" || continue + else + test "$a" -nt "${a}.db" || continue + fi + + uptodate=0 + break + done + else + uptodate=0 + fi + + [ $uptodate = 1 ] && return 0 + + # check if alternatives is configured to sendmail + if [ "$(readlink -e /usr/bin/newaliases)" = /usr/sbin/sendmail.sendmail ] + then + /usr/bin/newaliases > /dev/null + touch -r /etc/aliases.db aliasesdb-stamp 2> /dev/null + else + rm -f aliasesdb-stamp + fi +} + +makecf() { + mc=${1%.cf}.mc + + teste "$mc" + + if [ -z "$SM_FORCE_CFREBUILD" ]; then + test "$mc" -nt "$1" || return 0 + fi + + if test -f /usr/share/sendmail-cf/m4/cf.m4; then + umask 022 + [ -e "$1" ] && mv -f "$1" "$1".bak + m4 "$mc" > "$1" + else + echo "WARNING: '$mc' is modified. Please install package sendmail-cf to update your configuration." + exit 15 + fi +} + +makeall() { + # These could be used by sendmail, but are not part of the default install. + # To use them you will have to generate your own sendmail.cf with + # FEATURE('whatever') + test -f bitdomain && makedb bitdomain.db + test -f uudomain && makedb uudomain.db + test -f genericstable && makedb genericstable.db + test -f userdb && makedb userdb.db + test -f authinfo && makedb authinfo.db + + makedb virtusertable.db + makedb access.db + makedb domaintable.db + makedb mailertable.db + + makecf sendmail.cf + makecf submit.cf +} + +cd /etc/mail || exit 1 + +[ $# -eq 0 ] && makeall + +for target; do + case "$target" in + *.db) + makedb "$target" + ;; + *.cf) + makecf "$target" + ;; + all) + makeall + ;; + aliases) + makealiasesdb + ;; + clean) + rm -f *.db *~ aliasesdb-stamp + ;; + start|stop|restart) + service sendmail "$target" + ;; + *) + echo "Don't know how to make $target" + exit 2 + esac +done diff --git a/SOURCES/sendmail.nm-dispatcher b/SOURCES/sendmail.nm-dispatcher new file mode 100644 index 0000000..b3122e5 --- /dev/null +++ b/SOURCES/sendmail.nm-dispatcher @@ -0,0 +1,7 @@ +#!/bin/sh + +case "$2" in + up|down|vpn-up|vpn-down) + /bin/systemctl --no-block try-restart sendmail.service || : + ;; +esac diff --git a/SOURCES/sendmail.pam b/SOURCES/sendmail.pam new file mode 100644 index 0000000..73e5348 --- /dev/null +++ b/SOURCES/sendmail.pam @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth include password-auth +account include password-auth diff --git a/SOURCES/sendmail.service b/SOURCES/sendmail.service new file mode 100644 index 0000000..c7d35ce --- /dev/null +++ b/SOURCES/sendmail.service @@ -0,0 +1,19 @@ +[Unit] +Description=Sendmail Mail Transport Agent +After=syslog.target network.target +Conflicts=postfix.service exim.service +Wants=sm-client.service +StartLimitIntervalSec=0 + +[Service] +Type=forking +PIDFile=/run/sendmail.pid +Environment=SENDMAIL_OPTS=-q1h +EnvironmentFile=-/etc/sysconfig/sendmail +ExecStartPre=-/etc/mail/make +ExecStartPre=-/etc/mail/make aliases +ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG + +[Install] +WantedBy=multi-user.target +Also=sm-client.service diff --git a/SOURCES/sendmail.sysconfig b/SOURCES/sendmail.sysconfig new file mode 100644 index 0000000..db73530 --- /dev/null +++ b/SOURCES/sendmail.sysconfig @@ -0,0 +1 @@ +SENDMAIL_OPTS="-q1h" diff --git a/SOURCES/sm-client.service b/SOURCES/sm-client.service new file mode 100644 index 0000000..a450b16 --- /dev/null +++ b/SOURCES/sm-client.service @@ -0,0 +1,20 @@ +[Unit] +Description=Sendmail Mail Transport Client +After=syslog.target network.target sendmail.service +Conflicts=postfix.service exim.service +BindTo=sendmail.service +StartLimitIntervalSec=0 + +[Service] +Type=forking +PIDFile=/run/sm-client.pid +Environment=SENDMAIL_OPTS=-q1h +EnvironmentFile=-/etc/sysconfig/sendmail +ExecStartPre=/bin/touch /run/sm-client.pid +ExecStartPre=/bin/chown smmsp:smmsp /run/sm-client.pid +ExecStartPre=-/sbin/restorecon /run/sm-client.pid +ExecStartPre=-/etc/mail/make +ExecStart=/usr/sbin/sendmail -L sm-msp-queue -Ac $SENDMAIL_OPTS $SENDMAIL_OPTARG + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/sendmail.spec b/SPECS/sendmail.spec new file mode 100644 index 0000000..efc6316 --- /dev/null +++ b/SPECS/sendmail.spec @@ -0,0 +1,2008 @@ +# package options +%global with_tls yes +%global with_sasl2 yes +%global with_milter yes +%global with_ldap yes +%global enable_pie yes + +%global sendmailcf %{_datadir}/sendmail-cf +%global stdir %{_localstatedir}/log/mail +%global smshell /sbin/nologin +%global spooldir %{_localstatedir}/spool +%global maildir %{_sysconfdir}/mail +%global sslcert %{_sysconfdir}/pki/tls/certs/sendmail.pem +%global sslkey %{_sysconfdir}/pki/tls/private/sendmail.key + +# hardened build if not overridden +%{!?_hardened_build:%global _hardened_build 1} + +Summary: A widely used Mail Transport Agent (MTA) +Name: sendmail +Version: 8.15.2 +Release: 33%{?dist} +License: Sendmail +Group: System Environment/Daemons +URL: http://www.sendmail.org/ +Source0: ftp://ftp.sendmail.org/pub/sendmail/sendmail.%{version}.tar.gz +# Systemd Service file +Source1: sendmail.service +# NetworkManager dispatch script +Source2: sendmail.nm-dispatcher +# script to generate db and cf files +Source3: sendmail.etc-mail-make +# default sysconfig file +Source4: sendmail.sysconfig +# default /etc/mail/Makefile +Source5: sendmail.etc-mail-Makefile +# default sendmail.mc +Source6: sendmail-redhat.mc +# Systemd Service file +Source7: sm-client.service +# pam config +Source8: sendmail.pam +# sasl2 config +Source11: Sendmail-sasl2.conf +# default /etc/mail/access +Source12: sendmail-etc-mail-access +# default /etc/mail/domaintable +Source13: sendmail-etc-mail-domaintable +# default /etc/mail/local-host-names +Source14: sendmail-etc-mail-local-host-names +# default /etc/mail/mailertable +Source15: sendmail-etc-mail-mailertable +# default /etc/mail/trusted-users +Source16: sendmail-etc-mail-trusted-users +# default /etc/mail/virtusertable +Source17: sendmail-etc-mail-virtusertable +# fix man path and makemap man page +Patch3: sendmail-8.14.4-makemapman.patch +# fix smrsh paths +Patch4: sendmail-8.14.3-smrsh_paths.patch +# fix sm-client.pid path +Patch7: sendmail-8.14.9-pid.patch +# fix sendmail man page +Patch10: sendmail-8.15.1-manpage.patch +# compile with -fpie +Patch11: sendmail-8.15.1-dynamic.patch +# fix cyrus path +Patch12: sendmail-8.13.0-cyrus.patch +# fix aliases.db path +Patch13: sendmail-8.15.1-aliases_dir.patch +# fix vacation Makefile +Patch14: sendmail-8.14.9-vacation.patch +# remove version information from sendmail helpfile +Patch15: sendmail-8.14.9-noversion.patch +# do not accept localhost.localdomain as valid address from SMTP +Patch16: sendmail-8.15.2-localdomain.patch +# build libmilter as DSO +Patch17: sendmail-8.14.3-sharedmilter.patch +# skip colon separator when parsing service name in ServiceSwitchFile +Patch18: sendmail-8.15.2-switchfile.patch +# silence warning about missing sasl2 config in /usr/lib*, now in /etc/sasl2 +Patch23: sendmail-8.14.8-sasl2-in-etc.patch +# add QoS support, patch from Philip Prindeville +# upstream reserved option ID 0xe7 for testing of this new feature, #576643 +Patch25: sendmail-8.15.2-qos.patch +Patch26: sendmail-8.15.2-libmilter-socket-activation.patch +# patch provided by upstream +Patch27: sendmail-8.15.2-smtp-session-reuse-fix.patch +Patch28: sendmail-8.15.2-openssl-1.1.0-fix.patch +# patch taken from Debian +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807258 +Patch29: sendmail-8.15.2-format-security.patch +# rhbz#1473971 +Patch30: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch +# Upstream patch: +Patch31: sendmail-8.16.0.29-fix-covscan-issues.patch +# Enable sendmail to stop using STARTTLS after a certain amount of previous failures +# rhbz#1868041 +Patch32: sendmail-8.15.2-tlsfallback.patch + +Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: libdb-devel +BuildRequires: libnsl2-devel +BuildRequires: groff +BuildRequires: ghostscript +BuildRequires: m4 +BuildRequires: systemd +BuildRequires: gcc +Provides: MTA smtpdaemon server(smtp) +Requires(post): systemd coreutils %{_sbindir}/alternatives %{_bindir}/openssl +Requires(preun): systemd %{_sbindir}/alternatives +Requires(postun): systemd coreutils %{_sbindir}/alternatives +Requires(pre): shadow-utils +Requires: procmail +Requires: bash >= 2.0 +Requires: setup >= 2.5.31-1 +BuildRequires: setup >= 2.5.31-1 +%if "%{with_tls}" == "yes" +BuildRequires: openssl-devel +%endif +%if "%{with_sasl2}" == "yes" +BuildRequires: cyrus-sasl-devel openssl-devel +Requires: %{_sbindir}/saslauthd +%endif +%if "%{with_ldap}" == "yes" +BuildRequires: openldap-devel openssl-devel +%endif + + +%description +The Sendmail program is a very widely used Mail Transport Agent (MTA). +MTAs send mail from one machine to another. Sendmail is not a client +program, which you use to read your email. Sendmail is a +behind-the-scenes program which actually moves your email over +networks or the Internet to where you want it to go. + +If you ever need to reconfigure Sendmail, you will also need to have +the sendmail-cf package installed. If you need documentation on +Sendmail, you can install the sendmail-doc package. + +%package doc +Summary: Documentation about the Sendmail Mail Transport Agent program +Group: Documentation +BuildArch: noarch +Requires: sendmail = %{version}-%{release} + +%description doc +This package contains the Sendmail Installation and Operation Guide (PDF), +text files containing configuration documentation, plus a number of +contributed scripts and tools for use with Sendmail. + +%package milter-devel +Summary: Development files for the sendmail milter library +Group: Development/Libraries +Requires: sendmail-milter%{?_isa} = %{version}-%{release} +# The following Provides: and Obsoletes: can be dropped in f28+ +Provides: sendmail-devel%{?_isa} = %{version}-%{release} +Provides: sendmail-devel = %{version}-%{release} +Obsoletes: sendmail-devel < 8.15.2-8 + +%description milter-devel +Include files and devel libraries for the milter add-ons as part of sendmail. + +%package cf +Summary: The files needed to reconfigure Sendmail +Group: System Environment/Daemons +Requires: sendmail = %{version}-%{release} +BuildArch: noarch +Requires: m4 + +%description cf +This package includes the configuration files you need to generate the +sendmail.cf file distributed with the sendmail package. You will need +the sendmail-cf package if you ever need to reconfigure and rebuild +your sendmail.cf file. + +%package milter +Summary: The sendmail milter library +Group: System Environment/Libraries + +%description milter +The sendmail Mail Filter API (Milter) is designed to allow third-party +programs access to mail messages as they are being processed in order to +filter meta-information and content. + +This package includes the milter shared library. + +%prep +%setup -q + +%patch3 -p1 -b .makemapman +%patch4 -p1 -b .smrsh_paths +%patch7 -p1 -b .pid +%patch10 -p1 -b .manpage +%patch11 -p1 -b .dynamic +%patch12 -p1 -b .cyrus +%patch13 -p1 -b .aliases_dir +%patch14 -p1 -b .vacation +%patch15 -p1 -b .noversion +%patch16 -p1 -b .localdomain + +cp devtools/M4/UNIX/{,shared}library.m4 +%patch17 -p1 -b .sharedmilter + +%patch18 -p1 -b .switchfile +%patch23 -p1 -b .sasl2-in-etc +%patch25 -p1 -b .qos +%patch26 -p1 -b .libmilter-socket-activation +%patch27 -p1 -b .smtp-session-reuse-fix +%patch28 -p1 -b .openssl-1.1.0-fix +%patch29 -p1 -b .format-security +%patch30 -p1 -b .openssl-1.1.0-ecdhe-fix +%patch31 -p1 -b .fix-covscan-issues +%patch32 -p1 + +for f in RELEASE_NOTES contrib/etrn.0; do + iconv -f iso8859-1 -t utf8 -o ${f}{_,} && + touch -r ${f}{,_} && mv -f ${f}{_,} +done + +sed -i 's|/usr/local/bin/perl|%{_bindir}/perl|' contrib/*.pl + +%build +# generate redhat config file +cat > redhat.config.m4 << EOF +define(\`confMAPDEF', \`-DNEWDB -DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') +define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''') +define(\`confENVDEF', \`-I%{_includedir}/libdb -I%{_prefix}/kerberos/include -Wall -DXDEBUG=0 -DNETINET6 -DHES_GETMAILHOST -DUSE_VENDOR_CF_PATH=1 -D_FFR_LINUX_MHNL -D_FFR_QOS -D_FILE_OFFSET_BITS=64') +define(\`confLIBDIRS', \`-L%{_prefix}/kerberos/%{_lib}') +define(\`confLIBS', \`-lnsl -lcrypt -ldb -lresolv') +%{?_hardened_build:define(\`confLDOPTS', \`-Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now')} +define(\`confMANOWN', \`root') +define(\`confMANGRP', \`root') +define(\`confMANMODE', \`644') +define(\`confMAN1SRC', \`1') +define(\`confMAN5SRC', \`5') +define(\`confMAN8SRC', \`8') +define(\`confSTDIR', \`%{stdir}') +define(\`STATUS_FILE', \`%{stdir}/statistics') +define(\`confLIBSEARCH', \`db resolv 44bsd') +EOF +#' + +cat >> redhat.config.m4 << EOF +%ifarch ppc %{power64} s390x +APPENDDEF(\`confOPTIMIZE', \`-DSM_CONF_SHM=0') +%else +APPENDDEF(\`confOPTIMIZE', \`') +%endif +EOF + +%if "%{enable_pie}" == "yes" +%ifarch s390 s390x sparc sparcv9 sparc64 +%global _fpie -fPIE +%else +%global _fpie -fpie +%endif +cat >> redhat.config.m4 << EOF +APPENDDEF(\`confOPTIMIZE', \`%{_fpie}') +APPENDDEF(\`confLIBS', \`-pie') +EOF +%endif + +%if "%{with_tls}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSTARTTLS -D_FFR_TLS_1 -D_FFR_TLS_EC -D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE')dnl +APPENDDEF(\`conf_sendmail_LIBS', \`-lssl -lcrypto')dnl +EOF +%endif + +%if "%{with_sasl2}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`confENVDEF', \`-DSASL=2')dnl +APPENDDEF(\`confLIBS', \`-lsasl2 -lcrypto')dnl +EOF +%endif + +%if "%{with_milter}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`conf_sendmail_ENVDEF', \`-DMILTER')dnl +APPENDDEF(\`confENVDEF', \`-D_FFR_MILTER_CHECK_REJECTIONS_TOO')dnl +EOF +%endif + +%if "%{with_ldap}" == "yes" +cat >> redhat.config.m4 << EOF +APPENDDEF(\`confMAPDEF', \`-DLDAPMAP -DLDAP_DEPRECATED')dnl +APPENDDEF(\`confENVDEF', \`-DSM_CONF_LDAP_MEMFREE=1')dnl +APPENDDEF(\`confLIBS', \`-lldap -llber -lssl -lcrypto')dnl +EOF +%endif + +DIRS="libsmutil sendmail mailstats rmail praliases smrsh makemap editmap" + +%if "%{with_milter}" == "yes" +DIRS="libmilter $DIRS" +%endif + +for i in $DIRS; do + pushd $i + sh Build -f ../redhat.config.m4 + popd +done + +make -C doc/op op.pdf + +%install +rm -rf %{buildroot} + +# create directories +for d in %{_bindir} %{_sbindir} %{_includedir}/libmilter \ + %{_libdir} %{_mandir}/man{1,5,8} %{maildir} %{stdir} %{spooldir} \ + %{_docdir}/sendmail %{sendmailcf} %{_sysconfdir}/smrsh\ + %{spooldir}/clientmqueue %{_sysconfdir}/sysconfig %{_initrddir} \ + %{_sysconfdir}/pam.d %{_docdir}/sendmail/contrib \ + %{_sysconfdir}/NetworkManager/dispatcher.d +do + install -m 755 -d %{buildroot}$d +done +install -m 700 -d %{buildroot}%{spooldir}/mqueue + +# create /usr/lib for 64 bit architectures +%if "%{_libdir}" != "%{_prefix}/lib" +install -m 755 -d %{buildroot}%{_prefix}/lib +%endif + +nameuser=`id -nu` +namegroup=`id -ng` + +Make() { + make $@ \ + DESTDIR=%{buildroot} \ + LIBDIR=%{_libdir} \ + MANROOT=%{_mandir}/man \ + LIBMODE=0755 INCMODE=0644 \ + SBINOWN=${nameuser} SBINGRP=${namegroup} \ + UBINOWN=${nameuser} UBINGRP=${namegroup} \ + MANOWN=${nameuser} MANGRP=${namegroup} \ + INCOWN=${nameuser} INCGRP=${namegroup} \ + LIBOWN=${nameuser} LIBGRP=${namegroup} \ + GBINOWN=${nameuser} GBINGRP=${namegroup} \ + CFOWN=${nameuser} CFGRP=${namegroup} \ + CFMODE=0644 MSPQOWN=${nameuser} +} + +OBJDIR=obj.$(uname -s).$(uname -r).$(uname -m) + +Make install -C $OBJDIR/libmilter +Make install -C $OBJDIR/sendmail +Make install -C $OBJDIR/mailstats +Make force-install -C $OBJDIR/rmail +Make install -C $OBJDIR/praliases +Make install -C $OBJDIR/smrsh +Make install -C $OBJDIR/makemap +Make install -C $OBJDIR/editmap + +# replace absolute with relative symlinks +ln -sf ../sbin/makemap %{buildroot}%{_bindir}/makemap +for f in hoststat mailq newaliases purgestat ; do + ln -sf ../sbin/sendmail.sendmail %{buildroot}%{_bindir}/${f} +done + +# use /usr/lib, even for 64 bit architectures +ln -sf ../sbin/sendmail.sendmail %{buildroot}%{_prefix}/lib/sendmail.sendmail + +# install docs for sendmail +install -p -m 644 FAQ %{buildroot}%{_docdir}/sendmail +install -p -m 644 KNOWNBUGS %{buildroot}%{_docdir}/sendmail +install -p -m 644 LICENSE %{buildroot}%{_docdir}/sendmail +install -p -m 644 README %{buildroot}%{_docdir}/sendmail +install -p -m 644 RELEASE_NOTES %{buildroot}%{_docdir}/sendmail +gzip -9 %{buildroot}%{_docdir}/sendmail/RELEASE_NOTES + +# install docs for sendmail-doc +install -m 644 doc/op/op.pdf %{buildroot}%{_docdir}/sendmail +install -p -m 644 sendmail/README %{buildroot}%{_docdir}/sendmail/README.sendmail +install -p -m 644 sendmail/SECURITY %{buildroot}%{_docdir}/sendmail +install -p -m 644 smrsh/README %{buildroot}%{_docdir}/sendmail/README.smrsh +install -p -m 644 libmilter/README %{buildroot}%{_docdir}/sendmail/README.libmilter +install -p -m 644 cf/README %{buildroot}%{_docdir}/sendmail/README.cf +install -p -m 644 contrib/* %{buildroot}%{_docdir}/sendmail/contrib + +# install the cf files for the sendmail-cf package. +cp -ar cf/* %{buildroot}%{sendmailcf} +# remove patch backup files +rm -rf %{buildroot}%{sendmailcf}/cf/Build.* +rm -rf %{buildroot}%{sendmailcf}/*/*.mc.* +rm -rf %{buildroot}%{sendmailcf}/*/*.m4.* +# remove cf/README file because it is useless for end users +rm -f %{buildroot}%{sendmailcf}/cf/README + +# install sendmail.mc with proper paths +install -m 644 %{SOURCE6} %{buildroot}%{maildir}/sendmail.mc +sed -i -e 's|@@PATH@@|%{sendmailcf}|' %{buildroot}%{maildir}/sendmail.mc +touch -r %{SOURCE6} %{buildroot}%{maildir}/sendmail.mc + +# create sendmail.cf +cp %{buildroot}%{maildir}/sendmail.mc cf/cf/redhat.mc +sed -i -e 's|%{sendmailcf}|\.\.|' cf/cf/redhat.mc +%if "%{stdir}" != "%{maildir}" +sed -i -e 's:%{maildir}/statistics:%{stdir}/statistics:' cf/cf/redhat.mc +%endif +(cd cf/cf && m4 redhat.mc > redhat.cf) +install -m 644 cf/cf/redhat.cf %{buildroot}%{maildir}/sendmail.cf +install -p -m 644 cf/cf/submit.mc %{buildroot}%{maildir}/submit.mc + +# remove our build info as it causes multiarch conflicts +sed -i '/##### built by.*on/,+3d' %{buildroot}%{maildir}/{submit,sendmail}.cf \ + %{buildroot}%{sendmailcf}/cf/submit.cf + +install -p -m 644 %{SOURCE12} %{buildroot}%{maildir}/access +install -p -m 644 %{SOURCE13} %{buildroot}%{maildir}/domaintable +install -p -m 644 %{SOURCE14} %{buildroot}%{maildir}/local-host-names +install -p -m 644 %{SOURCE15} %{buildroot}%{maildir}/mailertable +install -p -m 644 %{SOURCE16} %{buildroot}%{maildir}/trusted-users +install -p -m 644 %{SOURCE17} %{buildroot}%{maildir}/virtusertable + +# create db ghosts +for map in virtusertable access domaintable mailertable ; do + touch %{buildroot}%{maildir}/${map}.db + chmod 0644 %{buildroot}%{maildir}/${map}.db +done + +touch %{buildroot}%{maildir}/aliasesdb-stamp + +touch %{buildroot}%{spooldir}/clientmqueue/sm-client.st + +install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/sendmail +install -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail +install -p -m 755 %{SOURCE3} %{buildroot}%{maildir}/make +install -p -m 644 %{SOURCE5} %{buildroot}%{maildir}/Makefile + +chmod 644 %{buildroot}%{maildir}/helpfile + +# Systemd +mkdir -p %{buildroot}%{_unitdir} +install -m644 %{SOURCE1} %{buildroot}%{_unitdir} +install -m644 %{SOURCE7} %{buildroot}%{_unitdir} + +# fix permissions to allow debuginfo extraction and stripping +chmod 755 %{buildroot}%{_sbindir}/{mailstats,makemap,editmap,praliases,sendmail,smrsh} +chmod 755 %{buildroot}%{_bindir}/rmail + +%if "%{with_sasl2}" == "yes" +install -m 755 -d %{buildroot}%{_sysconfdir}/sasl2 +install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sasl2/Sendmail.conf +%endif +install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/smtp.sendmail + +# fix path for statistics file in man pages +%if "%{stdir}" != "%{maildir}" +sed -i -e 's:%{maildir}/statistics:%{stdir}/statistics:' %{buildroot}%{_mandir}/man*/* +%endif + +# rename files for alternative usage +mv %{buildroot}%{_sbindir}/sendmail %{buildroot}%{_sbindir}/sendmail.sendmail +touch %{buildroot}%{_sbindir}/sendmail +mv %{buildroot}%{_sbindir}/makemap %{buildroot}%{_sbindir}/makemap.sendmail +touch %{buildroot}%{_sbindir}/makemap +mv %{buildroot}%{_sbindir}/editmap %{buildroot}%{_sbindir}/editmap.sendmail +touch %{buildroot}%{_sbindir}/editmap +for i in mailq newaliases rmail; do + mv %{buildroot}%{_bindir}/$i %{buildroot}%{_bindir}/$i.sendmail + touch %{buildroot}%{_bindir}/$i +done +mv %{buildroot}%{_mandir}/man1/mailq.1 %{buildroot}%{_mandir}/man1/mailq.sendmail.1 +touch %{buildroot}%{_mandir}/man1/mailq.1 +mv %{buildroot}%{_mandir}/man1/newaliases.1 %{buildroot}%{_mandir}/man1/newaliases.sendmail.1 +touch %{buildroot}%{_mandir}/man1/newaliases.1 +mv %{buildroot}%{_mandir}/man5/aliases.5 %{buildroot}%{_mandir}/man5/aliases.sendmail.5 +touch %{buildroot}%{_mandir}/man5/aliases.5 +mv %{buildroot}%{_mandir}/man8/sendmail.8 %{buildroot}%{_mandir}/man8/sendmail.sendmail.8 +touch %{buildroot}%{_mandir}/man8/sendmail.8 +mv %{buildroot}%{_mandir}/man8/rmail.8 %{buildroot}%{_mandir}/man8/rmail.sendmail.8 +touch %{buildroot}%{_mandir}/man8/rmail.8 +mv %{buildroot}%{_mandir}/man8/makemap.8 %{buildroot}%{_mandir}/man8/makemap.sendmail.8 +touch %{buildroot}%{_mandir}/man8/makemap.8 +mv %{buildroot}%{_mandir}/man8/editmap.8 %{buildroot}%{_mandir}/man8/editmap.sendmail.8 +touch %{buildroot}%{_mandir}/man8/editmap.8 +touch %{buildroot}%{_prefix}/lib/sendmail +touch %{buildroot}%{_sysconfdir}/pam.d/smtp + +# create stub man pages +for m in man8/hoststat.8 man8/purgestat.8; do + [ -f %{buildroot}%{_mandir}/$m ] || + echo ".so man8/sendmail.8" > %{buildroot}%{_mandir}/$m +done + +%pre +getent group mailnull >/dev/null || \ + %{_sbindir}/groupadd -g 47 -r mailnull >/dev/null 2>&1 +getent passwd mailnull >/dev/null || \ + %{_sbindir}/useradd -u 47 -g mailnull -d %{spooldir}/mqueue -r \ + -s %{smshell} mailnull >/dev/null 2>&1 +getent group smmsp >/dev/null || \ + %{_sbindir}/groupadd -g 51 -r smmsp >/dev/null 2>&1 +getent passwd smmsp >/dev/null || \ + %{_sbindir}/useradd -u 51 -g smmsp -d %{spooldir}/mqueue -r \ + -s %{smshell} smmsp >/dev/null 2>&1 + +# hack to turn sbin/makemap and man8/makemap.8.gz into alternatives symlink +# (part of the rhbz#1219178 fix), this could be probably dropped in f25+ +[ -h %{_sbindir}/makemap ] || rm -f %{_sbindir}/makemap || : +[ -h %{_mandir}/man8/makemap.8.gz ] || rm -f %{_mandir}/man8/makemap.8.gz || : + +exit 0 + +%postun +%systemd_postun_with_restart sendmail.service sm-client.service +if [ $1 -ge 1 ] ; then + mta=`readlink %{_sysconfdir}/alternatives/mta` + if [ "$mta" == "%{_sbindir}/sendmail.sendmail" ]; then + %{_sbindir}/alternatives --set mta %{_sbindir}/sendmail.sendmail + fi +fi +exit 0 + +%post +%systemd_post sendmail.service sm-client.service + +# Set up the alternatives files for MTAs. +%{_sbindir}/alternatives --install %{_sbindir}/sendmail mta %{_sbindir}/sendmail.sendmail 90 \ + --slave %{_sbindir}/makemap mta-makemap %{_sbindir}/makemap.sendmail \ + --slave %{_sbindir}/editmap mta-editmap %{_sbindir}/editmap.sendmail \ + --slave %{_bindir}/mailq mta-mailq %{_bindir}/mailq.sendmail \ + --slave %{_bindir}/newaliases mta-newaliases %{_bindir}/newaliases.sendmail \ + --slave %{_bindir}/rmail mta-rmail %{_bindir}/rmail.sendmail \ + --slave %{_prefix}/lib/sendmail mta-sendmail %{_prefix}/lib/sendmail.sendmail \ + --slave %{_sysconfdir}/pam.d/smtp mta-pam %{_sysconfdir}/pam.d/smtp.sendmail \ + --slave %{_mandir}/man8/sendmail.8.gz mta-sendmailman %{_mandir}/man8/sendmail.sendmail.8.gz \ + --slave %{_mandir}/man1/mailq.1.gz mta-mailqman %{_mandir}/man1/mailq.sendmail.1.gz \ + --slave %{_mandir}/man1/newaliases.1.gz mta-newaliasesman %{_mandir}/man1/newaliases.sendmail.1.gz \ + --slave %{_mandir}/man5/aliases.5.gz mta-aliasesman %{_mandir}/man5/aliases.sendmail.5.gz \ + --slave %{_mandir}/man8/rmail.8.gz mta-rmailman %{_mandir}/man8/rmail.sendmail.8.gz \ + --slave %{_mandir}/man8/makemap.8.gz mta-makemapman %{_mandir}/man8/makemap.sendmail.8.gz \ + --slave %{_mandir}/man8/editmap.8.gz mta-editmapman %{_mandir}/man8/editmap.sendmail.8.gz \ + --initscript sendmail > /dev/null 2>&1 + +# Rebuild maps. +{ + chown root %{_sysconfdir}/aliases.db %{maildir}/access.db \ + %{maildir}/mailertable.db %{maildir}/domaintable.db \ + %{maildir}/virtusertable.db + SM_FORCE_DBREBUILD=1 %{maildir}/make + SM_FORCE_DBREBUILD=1 %{maildir}/make aliases +} > /dev/null 2>&1 + +# Move existing SASL2 config to new location. +%if "%{with_sasl2}" == "yes" +[ -f %{_libdir}/sasl2/Sendmail.conf ] && touch -r %{_sysconfdir}/sasl2/Sendmail.conf \ + %{_libdir}/sasl2/Sendmail.conf ] && mv -f %{_libdir}/sasl2/Sendmail.conf \ + %{_sysconfdir}/sasl2 2>/dev/null || : +%endif + +# Create sm-client.st if it doesn't exist +if [ ! -f %{spooldir}/clientmqueue/sm-client.st ]; then + touch %{spooldir}/clientmqueue/sm-client.st + chown smmsp:smmsp %{spooldir}/clientmqueue/sm-client.st + chmod 0660 %{spooldir}/clientmqueue/sm-client.st +fi + +# Create self-signed SSL certificate +if [ ! -f %{sslkey} ]; then + umask 077 + %{_bindir}/openssl genrsa 4096 > %{sslkey} 2> /dev/null +fi + +if [ ! -f %{sslcert} ]; then + FQDN=`hostname` + if [ "x${FQDN}" = "x" ]; then + FQDN=localhost.localdomain + fi + + %{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \ + -subj "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}" + chmod 644 %{sslcert} +fi + +exit 0 + +%preun +%systemd_preun sendmail.service sm-client.service +if [ $1 = 0 ]; then + %{_sbindir}/alternatives --remove mta %{_sbindir}/sendmail.sendmail +fi +exit 0 + +%post milter -p /sbin/ldconfig + +%postun milter -p /sbin/ldconfig + + +%files +%dir %{_docdir}/sendmail +%doc %{_docdir}/sendmail/FAQ +%doc %{_docdir}/sendmail/KNOWNBUGS +%doc %{_docdir}/sendmail/LICENSE +%doc %{_docdir}/sendmail/README +%doc %{_docdir}/sendmail/RELEASE_NOTES.gz +%{_bindir}/hoststat +%{_bindir}/makemap +%{_bindir}/purgestat +%{_sbindir}/mailstats +%{_sbindir}/makemap.sendmail +%{_sbindir}/editmap.sendmail +%{_sbindir}/praliases +%attr(2755,root,smmsp) %{_sbindir}/sendmail.sendmail +%{_bindir}/rmail.sendmail +%{_bindir}/newaliases.sendmail +%{_bindir}/mailq.sendmail +%{_sbindir}/smrsh +%{_prefix}/lib/sendmail.sendmail + +%{_mandir}/man8/rmail.sendmail.8.gz +%{_mandir}/man8/praliases.8.gz +%{_mandir}/man8/mailstats.8.gz +%{_mandir}/man8/makemap.sendmail.8.gz +%{_mandir}/man8/editmap.sendmail.8.gz +%{_mandir}/man8/sendmail.sendmail.8.gz +%{_mandir}/man8/smrsh.8.gz +%{_mandir}/man8/hoststat.8.gz +%{_mandir}/man8/purgestat.8.gz +%{_mandir}/man5/aliases.sendmail.5.gz +%{_mandir}/man1/newaliases.sendmail.1.gz +%{_mandir}/man1/mailq.sendmail.1.gz + +# dummy attributes for rpmlint +%ghost %attr(0755,-,-) %{_sbindir}/sendmail +%ghost %attr(0755,-,-) %{_sbindir}/makemap +%ghost %attr(0755,-,-) %{_sbindir}/editmap +%ghost %attr(0755,-,-) %{_bindir}/mailq +%ghost %attr(0755,-,-) %{_bindir}/newaliases +%ghost %attr(0755,-,-) %{_bindir}/rmail +%ghost %attr(0755,-,-) %{_prefix}/lib/sendmail + +%ghost %{_sysconfdir}/pam.d/smtp +%ghost %{_mandir}/man8/sendmail.8.gz +%ghost %{_mandir}/man1/mailq.1.gz +%ghost %{_mandir}/man1/newaliases.1.gz +%ghost %{_mandir}/man5/aliases.5.gz +%ghost %{_mandir}/man8/rmail.8.gz +%ghost %{_mandir}/man8/makemap.8.gz +%ghost %{_mandir}/man8/editmap.8.gz + +%dir %{stdir} +%dir %{_sysconfdir}/smrsh +%dir %{maildir} +%attr(0770,smmsp,smmsp) %dir %{spooldir}/clientmqueue +%attr(0700,root,mail) %dir %{spooldir}/mqueue + +%config(noreplace) %verify(not size mtime md5) %{stdir}/statistics +%config(noreplace) %{maildir}/Makefile +%config(noreplace) %{maildir}/make +%config(noreplace) %{maildir}/sendmail.cf +%config(noreplace) %{maildir}/submit.cf +%config(noreplace) %{maildir}/helpfile +%config(noreplace) %{maildir}/sendmail.mc +%config(noreplace) %{maildir}/submit.mc +%config(noreplace) %{maildir}/access +%config(noreplace) %{maildir}/domaintable +%config(noreplace) %{maildir}/local-host-names +%config(noreplace) %{maildir}/mailertable +%config(noreplace) %{maildir}/trusted-users +%config(noreplace) %{maildir}/virtusertable + +%ghost %{maildir}/aliasesdb-stamp +%ghost %{maildir}/virtusertable.db +%ghost %{maildir}/access.db +%ghost %{maildir}/domaintable.db +%ghost %{maildir}/mailertable.db + +%ghost %{spooldir}/clientmqueue/sm-client.st + +%{_unitdir}/sendmail.service +%{_unitdir}/sm-client.service +%config(noreplace) %{_sysconfdir}/sysconfig/sendmail +%config(noreplace) %{_sysconfdir}/pam.d/smtp.sendmail +%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail + +%if "%{with_sasl2}" == "yes" +%config(noreplace) %{_sysconfdir}/sasl2/Sendmail.conf +%endif + +%files cf +%doc %{sendmailcf}/README +%dir %{sendmailcf} +%{sendmailcf}/cf +%{sendmailcf}/domain +%{sendmailcf}/feature +%{sendmailcf}/hack +%{sendmailcf}/m4 +%{sendmailcf}/mailer +%{sendmailcf}/ostype +%{sendmailcf}/sendmail.schema +%{sendmailcf}/sh +%{sendmailcf}/siteconfig + +%files milter-devel +%doc libmilter/docs/* +%dir %{_includedir}/libmilter +%{_includedir}/libmilter/*.h +%{_libdir}/libmilter.so + +%files milter +%doc LICENSE +%doc %{_docdir}/sendmail/README.libmilter +%{_libdir}/libmilter.so.[0-9].[0-9] +%{_libdir}/libmilter.so.[0-9].[0-9].[0-9] + +%files doc +%{_docdir}/sendmail/README.cf +%{_docdir}/sendmail/README.sendmail +%{_docdir}/sendmail/README.smrsh +%{_docdir}/sendmail/SECURITY +%{_docdir}/sendmail/op.pdf +%dir %{_docdir}/sendmail/contrib +%attr(0644,root,root) %{_docdir}/sendmail/contrib/* + + +%changelog +* Tue Sep 08 2020 Tomas Korbar - 8.15.2-33 +- Backport confTLS_FALLBACK_TO_CLEAR option +- Resolves: rhbz#1868041 + +* Fri May 03 2019 Ondřej Lysoněk - 8.15.2-32 +- Fix issues discovered by Coverity scan +- Resolves: rhbz#1602689 + +* Mon Nov 19 2018 Jaroslav Škarvada - 8.15.2-31 +- Used _prefix macro for /usr + Resolves: rhbz#1650256 + +* Thu Nov 15 2018 Jaroslav Škarvada - 8.15.2-30 +- Dropped sysvinit support + Resolves: rhbz#1610287 +- Dropped hesiod support + Resolves: rhbz#1638491 + +* Mon Jul 23 2018 Robert Scheck - 8.15.2-29 +- Add basic sendmail TLS configuration by default (#1607314 #c11) + +* Sat Jul 14 2018 Fedora Release Engineering - 8.15.2-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jun 26 2018 Robert Scheck - 8.15.2-27 +- Use SSL_CTX_use_certificate_chain_file() to handle intermediate + certificates passed additionally in confSERVER_CERT (#1565341) + +* Tue May 29 2018 Jaroslav Škarvada - 8.15.2-26 +- Changed libnsl2 paths + Resolves: rhbz#1543933 + +* Wed Mar 07 2018 Adam Williamson - 8.15.2-25 +- Rebuild to fix GCC 8 mis-compilation + See https://da.gd/YJVwk ("GCC 8 ABI change on x86_64") + +* Mon Feb 19 2018 Ondřej Lysoněk - 8.15.2-24 +- Add gcc to BuildRequires + +* Fri Feb 09 2018 Fedora Release Engineering - 8.15.2-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sun Jan 21 2018 Björn Esser - 8.15.2-22 +- Explicitly BR: libnsl2-devel and add needed paths in build config + +* Sat Jan 20 2018 Björn Esser - 8.15.2-21 +- Rebuilt for switch to libxcrypt + +* Thu Nov 30 2017 Jaroslav Škarvada - 8.15.2-20 +- Dropped tcp_wrappers support + Resolves: rhbz#1518782 + +* Fri Aug 18 2017 Jaroslav Škarvada - 8.15.2-19 +- Replaced compile-fix patch by format-security patch from Debian not to + change status codes + Resolves: rhbz#1482808 + +* Thu Aug 03 2017 Fedora Release Engineering - 8.15.2-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sun Jul 30 2017 Florian Weimer - 8.15.2-17 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Thu Jul 27 2017 Jaroslav Škarvada - 8.15.2-16 +- Fixed ECDHE to work with all curves (openssl-1.1.0-ecdhe-fix patch) + Resolves: rhbz#1473971 + +* Thu Mar 23 2017 Jaroslav Škarvada - 8.15.2-15 +- Explicitly enabled sm-client statistics + Related: rhbz#890585 +- Fixed compilation with -Werror=format-security which seems to be the + default in f27+ + +* Thu Feb 23 2017 Jaroslav Škarvada - 8.15.2-14 +- Also removed the systemd restart limit from the sm-client service + Related: rhbz#1422771 + +* Tue Feb 21 2017 Jaroslav Škarvada - 8.15.2-13 +- Removed systemd limit for sendmail restarts to workaround failure due to + rapid restarts caused by NetworkManager dispatcher script + Resolves: rhbz#1422771 + +* Sat Feb 11 2017 Fedora Release Engineering - 8.15.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Dec 8 2016 Jaroslav Škarvada - 8.15.2-11 +- Added SASL AUTH_REALM into default configuration + Resolves: rhbz#748279 +- Fixed compilation with openssl-1.1.0 + Resolves: rhbz#1400239 + +* Wed Nov 30 2016 Ondřej Lysoněk - 8.15.2-10 +- Enabled _FFR_MILTER_CHECK_REJECTIONS_TOO + Resolves: rhbz#1112340 + +* Mon Aug 08 2016 Ondřej Lysoněk - 8.15.2-9 +- Fixed Provides and Obsoletes in sendmail-milter-devel +- Made 'Requires: sendmail-milter' in sendmail-milter-devel arch specific + +* Thu Jul 28 2016 Ondřej Lysoněk - 8.15.2-8 +- Removed dependency for sendmail in sendmail-devel, renamed sendmail-devel + to sendmail-milter-devel + Resolves: rhbz#891288 + +* Fri Jun 3 2016 Jaroslav Škarvada - 8.15.2-7 +- Enabled editmap + Resolves: rhbz#1342393 + +* Tue Mar 1 2016 Jaroslav Škarvada - 8.15.2-6 +- Fixed SMTP session reuse bug + +* Thu Feb 04 2016 Fedora Release Engineering - 8.15.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Sep 23 2015 Jaroslav Škarvada - 8.15.2-4 +- Compiled all with full RELRO, including libmilter + Resolves: rhbz#1264035 + +* Wed Sep 23 2015 Jaroslav Škarvada - 8.15.2-3 +- Added support for socket activation to libmilter + Resolves: rhbz#1262535 + +* Wed Jul 22 2015 Lubomir Rintel - 8.15.2-2 +- nm-dispacher: don't block the connection activation + Resolves: rhbz#1237070 + +* Tue Jul 7 2015 Jaroslav Škarvada - 8.15.2-1 +- New version + Resolves: rhbz#1239185 +- Dropped ipv6-bad-helo patch (upstreamed) +- Updated/defuzzified patches + +* Fri Jun 19 2015 Fedora Release Engineering - 8.15.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed May 27 2015 Jaroslav Škarvada - 8.15.1-5 +- Added makemap and its manual page into alternatives + Resolves: rhbz#1219178 + +* Fri Mar 20 2015 Robert Scheck - 8.15.1-4 +- Use uncompressed (new) IPv6 address format in block_bad_helo.m4 + +* Tue Mar 10 2015 Adam Jackson 8.15.1-3 +- Drop sysvinit subpackage from F23+ + +* Thu Feb 26 2015 Jaroslav Škarvada - 8.15.1-2 +- Removed code for transition from sysv init to systemd (deprecated) + +* Mon Dec 8 2014 Jaroslav Škarvada - 8.15.1-1 +- New version +- Dropped hesiod patch (not needed) +- Dropped libdb5 patch (upstreamed) +- Rebased patches + +* Thu Aug 21 2014 Kevin Fenzi - 8.14.9-5 +- Rebuild for rpm bug 1131960 + +* Mon Aug 18 2014 Fedora Release Engineering - 8.14.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 8.14.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jun 2 2014 Jaroslav Škarvada - 8.14.9-2 +- Dropped milterfdleaks patch (not needed) + +* Wed May 21 2014 Robert Scheck - 8.14.9-1 +- Upgrade to 8.14.9 + +* Sun Apr 13 2014 Robert Scheck - 8.14.8-2 +- Enable ECDHE support + +* Tue Feb 11 2014 Jaroslav Škarvada - 8.14.8-1 +- New version + Resolves: rhbz#1059665 +- Updated/defuzzified patches + +* Tue Aug 6 2013 Jaroslav Škarvada - 8.14.7-5 +- Used unversioned doc directory + Resolves: rhbz#994090 + +* Sat Aug 03 2013 Petr Pisar - 8.14.7-4 +- Perl 5.18 rebuild + +* Fri Aug 2 2013 Jaroslav Škarvada - 8.14.7-3 +- Rebuilt with -D_FILE_OFFSET_BITS=64 + Related: rhbz#912785 + +* Wed Jul 17 2013 Petr Pisar - 8.14.7-2 +- Perl 5.18 rebuild + +* Sun Apr 21 2013 Robert Scheck - 8.14.7-1 +- Upgrade to 8.14.7 + +* Mon Feb 25 2013 Jaroslav Škarvada - 8.14.6-4 +- Switched to systemd-rpm macros + Resolves: rhbz#850310 + +* Thu Feb 14 2013 Fedora Release Engineering - 8.14.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 16 2013 Jaroslav Škarvada - 8.14.6-2 +- Fixed milter_helo regression (milter-helo-fix patch) + Resolves: rhbz#895552 +- Fixed bogus dates in changelog + +* Mon Dec 24 2012 Robert Scheck - 8.14.6-1 +- Upgrade to 8.14.6 + +* Sat Jul 21 2012 Fedora Release Engineering - 8.14.5-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 25 2012 Jaroslav Škarvada - 8.14.5-14 +- Used power64 macro to support more subarchitectures like ppc64p7 + Resolves: rhbz#834626 + +* Fri Apr 6 2012 Jaroslav Škarvada - 8.14.5-13 +- Rebuilt with libdb-5.2 + +* Sat Jan 14 2012 Fedora Release Engineering - 8.14.5-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Nov 23 2011 Jaroslav Škarvada - 8.14.5-11 +- Added tighter bound to sm-client.service and sendmail.service + Resolves: rhbz#756232 + +* Mon Oct 24 2011 Jaroslav Škarvada - 8.14.5-10 +- The nm-dispatcher now uses try-restart instead of restart + Resolves: rhbz#748416 + +* Tue Sep 13 2011 Jaroslav Škarvada - 8.14.5-9 +- Enabled alternatives --initscript in post section +- Improved sysvinit subpackage - switched to noarch, added scriptlets +- Workarounded sm-client stop on SysV to systemd migration + +* Tue Aug 30 2011 Jaroslav Škarvada - 8.14.5-8 +- Enable override of hardened build settings + +* Tue Aug 30 2011 Jaroslav Škarvada - 8.14.5-7 +- Hardened build with full relro +- Provided SysV initscript in sysvinit subpackage for backward compatibility + +* Mon Jul 25 2011 Jaroslav Škarvada - 8.14.5-6 +- Fixed systemctl disable command in preun section +- Replaced reload by restart, dropped ExecReload from sendmail.service + Resolves: rhbz#719931 +- Switched to systemctl in NetworkManager dispatcher script +- Added ExecStartPre=-/etc/mail/make to sm-client.service +- Hardcoded daemon option (-bd) to sendmail.service, dropped the DAEMON var +- QUEUE var in /etc/sysconfig/sendmail replaced by SENDMAIL_OPTS var +- Added default preset (-q1h) to SENDMAIL_OPTS var + +* Fri Jul 22 2011 Jaroslav Škarvada - 8.14.5-5 +- Fixed SMTP AUTH over TLS in case of two AUTH lines + Resolves: rhbz#716628 + +* Mon Jul 18 2011 Jaroslav Škarvada - 8.14.5-4 +- Removed dots from description (there are no dots in systemd packaging + guidelines) +- Changed service type to forking and explicitly specified PID files +- Fixed creation of sm-client.pid +- Added Wants to sm-client.service and sendmail.service +- Replaced each occurrence of /var/run by /run in config files +- More details are available in rhbz#697636 + +* Thu Jun 30 2011 Jóhann B. Guðmundsson - 8.14.5-3 +- Introduce systemd unit file, drop SysV support + +* Thu Jun 16 2011 Paul Howarth - 8.14.5-2 +- Rebuilt with libdb-5.2 + +* Tue May 17 2011 Jaroslav Škarvada - 8.14.5-1 +- New version 8.14.5 +- Removed m4-ldap-routing, milter-fix-negativeid, man-i-option-fix + patches (upstreamed) + +* Thu Mar 03 2011 Jaroslav Škarvada - 8.14.4-21 +- fix negative ctx_id in milter debug output (#577558) +- fix incomplete description of the -i option in man page (#676824) + +* Wed Feb 09 2011 Fedora Release Engineering - 8.14.4-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 12 2011 Jaroslav Škarvada - 8.14.4-19 +- updated QoS patch, including upstream comments and AF_INET6 4-in-6 support + +* Mon Jan 10 2011 Jaroslav Škarvada - 8.14.4-18 +- add QoS support, patch from Philip Prindeville + upstream reserved option ID 0xe7 for testing of this new feature (#576643) + +* Fri Nov 26 2010 Jaroslav Škarvada - 8.14.4-17 +- change LSB init header to provide $mail-transport-agent (#627413) + +* Mon Nov 08 2010 Jaroslav Škarvada - 8.14.4-16 +- fix m4 ldap routing macro, backport from 8.14.5.Alpha0, (#650366) + +* Wed Sep 29 2010 jkeating - 8.14.4-15 +- Rebuilt for gcc bug 634757 + +* Fri Sep 24 2010 Jaroslav Škarvada - 8.14.4-14 +- fix MAXHOSTNAMELEN (#485380) + +* Mon Sep 13 2010 Jaroslav Škarvada - 8.14.4-13 +- rebuilt with libdb-5.1 + +* Wed Aug 25 2010 Jaroslav Škarvada - 8.14.4-12 +- updated sendmail.nm-dispatcher script to handle VPN connections (#577540) + +* Tue Aug 17 2010 Jaroslav Škarvada - 8.14.4-11 +- README.libmilter moved to milter subpackage +- updated description of doc subpackage +- README.redhat removed (not needed any more) + +* Wed Aug 04 2010 Jaroslav Škarvada - 8.14.4-10 +- added stub man pages for hoststat and purgestat +- rmail man page added to alternatives +- updated subpackages description +- sendmail-cf/cf/README is not packaged - it is useless for end users +- added comments about purpose of files and patches +- removed redundant license tag from milter subpackage + +* Thu Jul 08 2010 Jaroslav Škarvada - 8.14.4-9 +- added license to milter subpackage according to new Licensing + Guidelines + +* Mon Jun 14 2010 Jaroslav Škarvada - 8.14.4-8 +- all 'define' changed to 'global' in spec +- perl interpreter path fixup moved from 'install' to 'prep' + +* Fri Jun 11 2010 Jaroslav Škarvada - 8.14.4-7 +- silenced warning about non-existing config in {_libdir}/sasl2 + +* Tue Jun 08 2010 Jaroslav Škarvada - 8.14.4-6 +- sasl2 config moved from {_libdir}/sasl2 to {_sysconfdir}/sasl2 +- added libdb5 patch for building with libdb-5 +- rebuilt with libdb-5 + +* Mon May 31 2010 Jaroslav Škarvada - 8.14.4-5 +- fixed user/group creation + +* Tue Mar 02 2010 Jaroslav Škarvada - 8.14.4-4 +- used noreplace for sasl config +- used ghost instead of explicit provides +- deffattr changed to (-,root,root,-) + +* Mon Feb 15 2010 Jaroslav Škarvada - 8.14.4-3 +- fixed libresolv implicit DSO linking (#564647) +- fixed initscript LSB compliance (#561040) + +* Thu Feb 04 2010 Jaroslav Škarvada - 8.14.4-2 +- fixed typo in spec file +- fixed aliases_dir patch + +* Tue Feb 02 2010 Jaroslav Škarvada - 8.14.4-1 +- new version 8.14.4 (#552078) +- RPM attributes S, 5, T not recorded for statistics file +- adapted patches: makemapman, dynamic, switchfile (#552078) +- movefiles patch incorporated into aliases_dir patch +- drop exitpanic patch (fixed upstream) + +* Sun Jan 03 2010 Robert Scheck 8.14.3-10 +- handle IPv6:::1 in block_bad_helo.m4 like 127.0.0.1 (#549217) + +* Tue Dec 15 2009 Miroslav Lichvar 8.14.3-9 +- fix milter file descriptors leaks (#485426) +- skip colon separator when parsing service name in ServiceSwitchFile +- return with non-zero exit code when free space is below MinFreeBlocks +- fix service stop/restart when only smclient is running +- fix submit.cf and helpfile permissions +- more merge review fixes (#226407) + +* Wed Sep 16 2009 Tomas Mraz - 8.14.3-8 +- Use password-auth common PAM configuration instead of system-auth + +* Fri Aug 21 2009 Tomas Mraz - 8.14.3-7 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 8.14.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 8.14.3-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jan 20 2009 Miroslav Lichvar 8.14.3-4 +- build shared libmilter (#309281) +- drop static libraries +- convert RELEASE_NOTES to UTF-8 + +* Fri Dec 19 2008 Miroslav Lichvar 8.14.3-3 +- run newaliases only when necessary + +* Wed Dec 03 2008 Miroslav Lichvar 8.14.3-2 +- add NM dispatcher script (#451575) +- print warning on service start when sendmail-cf is required (#447148) +- replace Makefile with shell script to avoid dependency on make (#467841) +- fix multiarch conflicts (#343161) +- preserve timestamps on config files +- gzip RELEASE_NOTES +- defuzz patches +- drop gcc2690 patch + +* Tue Jul 22 2008 Thomas Woerner 8.14.3-1 +- new version 8.14.3 + +* Thu Jul 10 2008 Tom "spot" Callaway 8.14.2-5 +- rebuild against db4-4.7 + +* Sat Mar 29 2008 Dennis Gilmore 8.14.2-4 +- add sparcv9 to the -fPIE list + +* Fri Feb 8 2008 Thomas Woerner 8.14.2-3 +- added server(smtp) provide (rhbz#380621) + +* Wed Dec 05 2007 Release Engineering - 8.14.2-2 + - Rebuild for deps + +* Thu Nov 22 2007 Thomas Woerner 8.14.2-1 +- new version 8.14.2 + +* Mon Sep 17 2007 Thomas Woerner 8.14.1-4.2 +- made init script fully lsb conform + +* Wed Aug 29 2007 Thomas Woerner 8.14.1-4.1 +- fixed condrestart in init script to use exit instead of return + +* Mon Aug 27 2007 Thomas Woerner 8.14.1-4 +- do not remove /etc/aliases.db on package removal (rhbz#223637) +- fixed remaining paths to certs directory in sendmail.mc file +- added contrib scripts to the doc package (rhbz#183723) +- added LSB header to init script (rhbz#247053) +- added plain login information for cyrus-sasl to access file +- fixed compile problem with glibc-2.6.90+ +- fixed reoccuring m4 include problem (now using sinclude) + +* Fri Jul 20 2007 Thomas Woerner 8.14.1-3 +- do not accept localhost.localdomain as valid address from smtp + +* Mon Apr 16 2007 Thomas Woerner 8.14.1-2 +- readded chkconfig add for sendmail in post script +- dropped mysql support (useless without further patching) +- fixed executable permissions for /usr/sbin/makemap and /usr/sbin/smrsh +- dropped FFR_UNSAFE_SASL, because it has no effect anymore + +* Thu Apr 12 2007 Thomas Woerner 8.14.1-1.1 +- replaced prereq tags with requires() tags. + +* Thu Apr 12 2007 Thomas Woerner 8.14.1-1 +- new version 8.14.1 +- spec file cleanup for merge review (rhbz#226407) +- dropped update support for sendmail versions prior to 8.12.0 +- using pdf documentation + +* Tue Feb 6 2007 Thomas Woerner 8.14.0-1 +- new version 8.14.0 +- adapted patches: makemapman, dynamic + +* Tue Jan 23 2007 Florian La Roche +- #205803 add sparc/sparc64 to -fPIE list +- change sendmail.cf reference into sendmail-cf package name + +* Mon Dec 4 2006 Thomas Woerner 8.13.8-3.1 +- tcp_wrappers has a new devel and libs sub package, therefore changing build + requirement for tcp_wrappers to tcp_wrappers-devel + +* Tue Nov 28 2006 Thomas Woerner 8.13.8-3 +- added missing LDAP_DEPRECATED flag (#206288) + +* Mon Sep 04 2006 Florian La Roche +- unify sendmail.mc +- remove version information from sendmail helpfile + +* Fri Sep 1 2006 Thomas Woerner 8.13.8-1 +- new version 8.13.8 fixes CVE-2006-4434 (denial of service via a long header + line) + +* Thu Jul 20 2006 Thomas Woerner 8.13.7-3.1 +- dropped chown of /etc/mail/authinfo.db (#199455) + +* Tue Jul 18 2006 Thomas Woerner 8.13.7-3 +- using new syntax for access database (#177566) +- fixed failure message while shutting down sm-client (#119429) + resolution: stop sm-client before sendmail +- fixed method to specify persistent queue runners (#126760) +- removed patch backup files from sendmail-cf tree (#152955) +- fixed missing dnl on SMART_HOST define (#166680) +- fixed wrong location of aliases and aliases.db file in aliases man page + (#166744) +- enabled CipherList config option for sendmail (#172352) +- added user chowns for /etc/mail/authinfo.db and move check for cf files + (#184341) +- fixed Makefile of vacation (#191396) + vacation is not included in this sendmail package +- /var/log/mail now belongs to sendmail (#192850) + +* Wed Jul 12 2006 Jesse Keating - 8.13.7-2.1 +- rebuild + +* Mon Jun 19 2006 Thomas Woerner 8.13.7-2 +- dropped reference to Red Hat Linux in sendmail-redhat.mc (#176679) + +* Mon Jun 19 2006 Thomas Woerner 8.13.7-1 +- new version 8.13.7 (#195282) +- fixes CVE-2006-1173 (VU#146718): possible denial of service issue caused by + malformed multipart messages (#195776) + +* Wed Mar 22 2006 Thomas Woerner 8.13.6-1 +- new version 8.13.6 (fixes VU#834865) +- dropped libmilter-sigwait patch (fixed in 8.13.6) + +* Fri Feb 17 2006 Thomas Woerner 8.13.5-3 +- fixed selinuxenabled path in initscript +- fixed error handling with sigwait (#137709) + Thanks to Jonathan Kamens for the patch +- fixed prereq for cyrus-sasl: now using /usr/sbin/saslauthd +- appended 'dnl' to cert tags in sendmail.mc + +* Fri Feb 10 2006 Jesse Keating - 8.13.5-2.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 8.13.5-2.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Nov 10 2005 Tomas Mraz 8.13.5-2 +- rebuilt against new openssl + +* Mon Oct 10 2005 Tomas Mraz +- use include instead of pam_stack in pam config + +* Mon Sep 19 2005 Thomas Woerner 8.13.5-1 +- new version 8.13.5 +- fixed email address in changelog + +* Fri May 6 2005 Thomas Woerner 8.13.4-2 +- using new certificates directory /etc/pki/tls/certs + +* Wed Apr 27 2005 Thomas Woerner 8.13.4-1.1 +- added configuration example for Cyrus-IMAPd to sendmail.mc (#142001) + Thanks to Alexander Dalloz + +* Tue Apr 12 2005 Thomas Woerner 8.13.4-1 +- new version 8.13.4 +- added requires for the sendmail base package in sendmail-cf, sendmail-devel + and sendmail-doc +- dropped upstream close_wait.p2 patch + +* Thu Mar 17 2005 Thomas Woerner 8.13.3-2 +- dropped direct support for bind: no bind in confLIBSEARCH anymore, + using libresolv again + +* Thu Mar 10 2005 Jason Vas Dias 8.13.3-1.2 +- fix libbind include path - use /usr/include/bind/netdb.h, no +- /usr/include/netdb.h - bug: 150339 + +* Tue Mar 1 2005 Thomas Woerner 8.13.3-1.1 +- fixed gcc4 build: use double quotes for confOPTIMIZE to avoid m4 confusion + with ',' +- fix for ppc: using tripple-quotes + +* Wed Jan 26 2005 Thomas Woerner 8.13.3-1 +- new version 8.13.3 with closewait.p2 patch + +* Fri Dec 17 2004 Thomas Woerner 8.13.2-1 +- new version 8.13.2 +- thanks to Robert Scheck for adapting the patches + +* Thu Nov 11 2004 Jeff Johnson 8.13.1-2.2 +- rebuild against db-4.3.21. + +* Tue Oct 26 2004 Thomas Woerner 8.13.1-2.1 +- added missing BuildRequires for groff (#134778) +- added socketmap support (#131906) + +* Wed Sep 1 2004 Thomas Woerner 8.13.1-2 +- applied Sendmail Errata (2004-08-24): errata_cataddr (#131179) + +* Mon Aug 2 2004 Thomas Woerner 8.13.1-1 +- new version 1.13.1 + +* Wed Jun 30 2004 Thomas Woerner 8.13.0-1.1 +- fixed init script to not complain missing sendmail-cf package (#126975) +- better message in /etc/mail/Makefile for missing sendmail-cf package. + +* Mon Jun 21 2004 Thomas Woerner 8.13.0-1 +- new version 8.13.0 +- made /etc/mail/Makefile complain missing sendmail-cf package (#123348) +- fixed ownership of %%{_includedir}/libmilter (#73977) +- moved back to /usr/share/ssl/certs as certificate directory (see sendmail.mc) +- extended sendmail.mc for spam protection + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu Apr 15 2004 Dan Walsh 8.12.11-4.6 +- Fix selinuxenabled location + +* Wed Apr 7 2004 Dan Walsh 8.12.11-4.5 +- Fix security context of pid file for selinux + +* Fri Apr 2 2004 Thomas Woerner 8.12.11-4.4 +- fixed alternatives slave for sendmail.sendmail + +* Thu Apr 1 2004 Thomas Woerner 8.12.11-4.3 +- set path to cyrus-imapd deliver + +* Wed Mar 31 2004 Thomas Woerner 8.12.11-4.2 +- fixed spec file + +* Wed Mar 31 2004 Thomas Woerner 8.12.11-4.1 +- added authinfo to possible sendmail maps: /etc/mail/Makefile (#119010) +- fixed minor version in changelog + +* Wed Mar 17 2004 Thomas Woerner 8.12.11-4 +- new slave in alternatives for sendmail man page + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Thu Feb 19 2004 Thomas Woerner 8.12.11-3.2 +- removed buildreq for gdbm-devel + +* Thu Feb 19 2004 Thomas Woerner 8.12.11-3 +- RH3.0E version: sasl1, no pie, old_setup (provide /etc/aliases) +- new switches for pie and old_setup + +* Thu Feb 5 2004 Thomas Woerner 8.12.11-2.1 +- new Sendmail.conf for sasl1 (#114726) + +* Wed Jan 28 2004 Thomas Woerner 8.12.11-2 +- added information for saslauthd and AUTH (#113463) +- fixed STATUS_FILE in sendmail-redhat.mc (#114302) +- reset mta after update if mta was sendmail (#114257) +- enabled pie for ia64 again + +* Mon Jan 26 2004 Thomas Woerner 8.12.11-1.3 +- removed /etc/aliases (now in setup) + +* Thu Jan 22 2004 Thomas Woerner 8.12.11-1.2 +- /usr/lib/sendmail is in alternatives, now +- removed trailing / from stdir +- fixed define for STATUS_FILE + +* Wed Jan 21 2004 Thomas Woerner 8.12.11-1.1 +- disabled pie for ia64 + +* Tue Jan 20 2004 Thomas Woerner 8.12.11-1 +- new version 8.12.11 +- pie + +* Mon Jan 12 2004 Thomas Woerner 8.12.10-7 +- fc2 version (with sasl2) + +* Mon Jan 12 2004 Thomas Woerner 8.12.10-6 +- reverted to sasl1 for 3.0E: added with_sasl1 +- spec file cleanup +- new location for statistics file (/var/log/) + +* Sun Dec 14 2003 Florian La Roche +- Fix download url. + +* Sat Dec 13 2003 Jeff Johnson 8.12.10-5 +- rebuild against db-4.2.52. + +* Thu Dec 11 2003 Florian La Roche +- fix pam alternatives handling +- add patch from Jakub Jelinek for PIE + +* Fri Dec 05 2003 Karsten Hopp 8.12.10-3 +- fix usage of RPM_OPT_FLAGS variable in spec file +- add makecert.sh script to -doc subpackage +- add cert paths to sendmail.mc + +* Wed Nov 26 2003 Karsten Hopp +- fix alternatives (#109313) +- enable TLS + +* Mon Oct 27 2003 Florian La Roche +- add some more system account entries into /etc/aliases +- add example for a mixed IPv6/IPv4 setup + +* Fri Oct 24 2003 Harald Hoyer 8.12.10-2 +- added with_ options + +* Thu Sep 25 2003 Jeff Johnson 8.12.10-1.2 +- rebuild against db-4.2.42. + +* Thu Sep 18 2003 Florian La Roche +- update to 8.12.10 + +* Wed Sep 17 2003 Florian La Roche +- add security patches for CAN-2003-0694 and CAN-2003-0681 + +* Mon Sep 01 2003 Florian La Roche +- move debug information from sendmail into debuginfo rpm +- on %%post make sure /etc/aliases.db and /etc/mail/*.db is correctly + owned by root +- do not set confTRUSTED_USER to smmsp in sendmail-redhat.mc + +* Fri Aug 08 2003 Florian La Roche +- run "make -C /etc/mail" (maybe generating new sendmail.cf, then newaliases +- added $SENDMAIL_OPTARG that could be set by /etc/sysconfig/sendmail #99224 + +* Wed Jul 30 2003 Florian La Roche +- adjust rpm license tag to say "Sendmail" + +* Fri Jul 04 2003 Florian La Roche +- enable pie only for a few archs +- enable full optims for s390 again, compiler seems to be fixed + +* Mon Jun 30 2003 Florian La Roche +- apply patch from Ulrich Drepper to support -pie + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Sat May 31 2003 Florian La Roche +- make init script more robust #91879 + +* Sun May 11 2003 Florian La Roche +- sendmail-cf requires m4, #90513 + +* Fri May 9 2003 Nalin Dahyabhai 8.12.9-6 +- move Sendmail.conf from /usr/lib/sasl to /usr/lib/sasl2 and change the + default pwcheck method to "saslauthd" + +* Mon May 5 2003 Nalin Dahyabhai 8.12.9-5 +- configure to use libsasl2 instead of libsasl to avoid linking with both + (we also link to libldap, which now uses libsasl2) +- link with -ldb instead of -ldb-4.0 on all releases after RHL 7.3 instead + of just 7.3 (all versions of db4-devel thereafter are expected to provide + the right linking setup) + +* Tue Apr 15 2003 Florian La Roche +- add a "umask 022" before building the *.cf files in /etc/mail/Makefile + +* Fri Apr 04 2003 Florian La Roche +- mark /etc/mail/Makefile as config(noreplace) #87688 +- mark /etc/pam.d/smtp as config(noreplace) #87731 + +* Sun Mar 30 2003 Florian La Roche +- update to 8.12.9 + +* Wed Mar 26 2003 Florian La Roche +- call make with the target "all" #86005 +- add start/stop/restart as Makefile targets +- add another security patch + +* Wed Mar 05 2003 Florian La Roche +- add correct db4-devel requirements for newer releases +- completely re-do many ifdef code in the spec-file +- fix some issues building for older RHL releases + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Mon Feb 24 2003 Florian La Roche +- update to 8.12.8 + +* Tue Feb 11 2003 Florian La Roche +- rebuilt + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Jan 22 2003 Florian La Roche +- add a confTRUSTED_USER line into sendmail.mc, submit.mc is already ok +- add patch from sendmail.org for cf/m4/proto.m4 + +* Mon Jan 13 2003 Florian La Roche +- do not reject all numeric login names if hesiod support is + compiled in. #80060 +- remove reference to non-existing man-pages #74552 + +* Sun Jan 12 2003 Florian La Roche +- sendmail-8.12.7-etrn.patch from Jos Vos +- submit.mc: enable "use_ct_file" by default #80519 +- add _FFR_MILTER_ROOT_UNSAFE #78223 + +* Sat Jan 11 2003 Florian La Roche +- update to 8.12.7 +- hack to make lib64 version work +- downgrade s390 optims to make it compile + +* Mon Jan 6 2003 Nalin Dahyabhai +- add openssl-devel as a build-time requirement +- preprocess the config file to add the right version of %%{_lib} +- add kerberos -I and -L flags to build configuration, needed for newer + versions of libssl + +* Wed Dec 11 2002 Florian La Roche +- always have a queue run interval for sm-msp-queue #81424 +- Jos Vos suggests adding another variable for sm-client queue-run + +* Mon Dec 02 2002 Florian La Roche +- add the following changes from Adrian Havill + to our default sendmail.mc file: + - added commented-out-by-default common AUTH/SSL examples + - updated m4 example and rpm reference + - added more comment documentation + - add commented out confAUTO_REBUILD example + - improve description about MASQUERADE_AS + +* Mon Nov 18 2002 Florian La Roche +- add to submit.mc: define(`_MTA_HOST_', `[127.0.0.1]') + to deliver directly to localhost IP instead of going through DNS +- submit.mc: exchange msp and use_ct_file to better enable it +- do not undefine UUCP_RELAY and BITNET_RELAY +- sendmail.mc: use LOCAL_DOMAIN instead of "Cw" directly +- sendmail.mc: add commented out MASQUERADE_AS example +- re-enable DAEMON variable for now + +* Tue Nov 12 2002 Nalin Dahyabhai +- remove absolute path names from the PAM configuration, allowing it to be + used by any arch on a multilib system + +* Sun Nov 03 2002 Florian La Roche +- fix mailman alias #75129 + +* Sat Nov 02 2002 Florian La Roche +- update to 8.12.6 + +* Fri Oct 04 2002 Phil Knirsch 8.12.5-7.2 +- Drop optflags to default to build correctly on s390(x). + +* Thu Sep 12 2002 Than Ngo 8.12.5-7.1 +- Added fix to build on x86_64 + +* Thu Aug 29 2002 Florian La Roche +- clean up some specfile cruft +- add more pseudo accounts to /etc/aliases + +* Thu Jul 25 2002 Phil Knirsch +- Only generate new cf files if the /usr/share/sendmail-cf/m4/cf.m4 exists. + +* Wed Jul 24 2002 Phil Knirsch +- Changed the behaviour in /etc/mail/Makefile to generate the sendmail.cf and + submit.cf from the mc files if they changed. +- Added a small README.redhat that descibed the new mc file behaviour and the + split into sendmail.cf and submit.cf. + +* Wed Jul 24 2002 Florian La Roche +- suggestions form Stephane Lentz: + - add correct include statement into submit.mc (like sendmail.mc) + - add commented out further suggestions into submit.mc + - disable ident lookups + +* Thu Jul 11 2002 Florian La Roche +- fix initscript for the second daemon and pidfile location #67910 + +* Mon Jul 01 2002 Florian La Roche +- update to 8.12.5 + +* Thu Jun 27 2002 Florian La Roche +- add further queue runs, slight spec-file cleanups + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Tue Jun 11 2002 Florian La Roche +- update to 8.12.4, adjust smrsh patch + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Sat Apr 13 2002 Florian La Roche +- update to 8.12.3 + +* Tue Mar 26 2002 Tim Powers +- rebuilt + +* Mon Mar 25 2002 Florian La Roche +- fix alternatives --remove #61737 +- add sendmail/SECURITY as docu #61870, #61545 + +* Wed Mar 20 2002 Florian La Roche +- add libsm.a #61270 +- change from /etc/sendmail.cf to /etc/mail/sendmail.cf +- add milter patch + +* Wed Mar 13 2002 Bill Nottingham +- ignore DAEMON=no; that configuration no longer functions + +* Wed Mar 13 2002 Florian La Roche +- make sure more version information is in the cf file #54418 +- do not use "-b" flag when patching in spec file +- require newer chkconfig version #61035 +- fix preun script #60880 +- add TMPF to access file creation #60956 + +* Sat Mar 09 2002 Florian La Roche +- mv include files to /usr/include/libmilter/ #60795 +- do not use "-f" option to virtusertable #60196 +- ad an example smarthost entry to config file #58298 + +* Fri Mar 8 2002 Bill Nottingham 8.12.2-5 +- use alternatives --initscript support +- run chkconfig --add before alternatives + +* Thu Feb 28 2002 Bill Nottingham 8.12.2-3 +- run alternatives --remove in %%preun +- add some prereqs + +* Mon Feb 25 2002 Nalin Dahyabhai 8.12.2-2 +- fix smmsp useradd invocation in %%pre +- switch back to db3 for storing db files + +* Wed Feb 20 2002 Nalin Dahyabhai 8.12.2-1 +- update to 8.12.2 (adds STARTTLS support without need for sfio) +- don't forcibly strip binaries; let the build root handle it +- add creation of the smmsp account (51/51) in %%pre +- enable hesiod map support +- modify default config to use an MSP +- comment out 'O AutoRebuildAliases' in %%post, otherwise sendmail will + fail to restart on upgrades + +* Wed Feb 20 2002 Florian La Roche +- add proper ifdefs around new alternative stuff to also be able + to build this for older releases + +* Fri Feb 1 2002 Bill Nottingham 8.11.6-12 +- %%triggerpostun on older versions to make sure alternatives work on + upgrades + +* Thu Jan 31 2002 Bill Nottingham 8.11.6-11 +- clean up alternatives somewhat, provide /usr/sbin/sendmail & friends + +* Thu Jan 31 2002 Bernhard Rosenkraenzer 8.11.6-10 +- Use alternatives + +* Tue Jan 22 2002 Florian La Roche +- fix quotation in spec-file + +* Thu Jan 10 2002 Florian La Roche +- integrate ugly logic to compile this src.rpm also on older Red Hat + Linux releases +- clean up spec file and patches a bit +- add db4 support + +* Wed Jan 09 2002 Florian La Roche +- fix another path to correct docu +- include sendmail/README in the docu +- compile with -D_FFR_WORKAROUND_BROKEN_NAMESERVERS, but do not + enable this at runtime +- devel subpackage files owned by root now + +* Fri Dec 07 2001 Florian La Roche +- change "-q" to "-s" as option to make #57216 +- move milter lib into separate "devel" sub-package +- add include files to devel sub-package #56064 +- fix pointer in access file to docu #54351 + +* Mon Sep 10 2001 Florian La Roche +- add libmilter docu +- add support for userdb to /etc/mail/Makefile +- use "btree" database files if a userdb is used +- buildrequires tcp_wrappers + +* Fri Aug 31 2001 Florian La Roche +- fix libmilter support +- fix init script to use /etc/mail/Makefile #52932 + +* Sat Aug 25 2001 Florian La Roche +- add libmilter library + +* Thu Aug 23 2001 Florian La Roche +- update to 8.11.6 +- correctly use /etc/mail/statistics + +* Thu Aug 09 2001 Florian La Roche +- change init script back to older conventions #51297 +- remove DoS patch, not needed anymore #51247 + +* Mon Aug 06 2001 Florian La Roche +- add option '-t' to procmail for local mail delivery + +* Tue Jul 24 2001 Florian La Roche +- point to the map files in sendmail.cf as pointed out by + David Beveridge + +* Mon Jul 23 2001 Florian La Roche +- add build requires #49695 +- do not call "userdel" + +* Tue Jul 10 2001 Florian La Roche +- change sendmail.cf to "noreplace" + +* Thu Jun 07 2001 Florian La Roche +- update to 8.11.4 + +* Wed May 09 2001 Florian La Roche +- update to 8.11.3 +- add "localhost.localdomain" to the list of hostnames accepted + for local delivery "Cw" in /etc/mail/sendmail.mc +- add patches from Pekka Savola + - Enable IPv6 at compile time, patch for glibc 2.2 from PLD + - Add a commented-out IPv6 daemon .mc line to sendmail.mc + - buildrequire: openldap-devel, cyrus-sasl-devel + +* Fri Mar 2 2001 Nalin Dahyabhai +- rebuild in new environment + +* Tue Feb 27 2001 Florian La Roche +- add noreplace for /etc/sysconfig/sendmail and /etc/mail/sendmail.mc + +* Wed Feb 21 2001 Florian La Roche +- add changes from Christopher McCrory : + - prepare /etc/mail/Makefile for more maps not shipped with this rpm + - changed sendmail.mc to include some more commented out options, + so that people are directly pointed at important options + - add /etc/pam.d/smtp for AUTH + - add FEATURE(use_ct_file) and /etc/mail/trusted-users + +* Fri Feb 16 2001 Tim Powers +- don't obsolete postfix and exim, only conflict (for RHN purposes) + +* Thu Feb 15 2001 Trond Eivind Glomsrød +- obsolete and conflict with exim and postfix + +* Wed Feb 14 2001 Florian La Roche +- fix devision by zero bug in #20395 +- mv /usr/lib/sendmail-cf /usr/share/sendmail-cf + +* Wed Feb 7 2001 Trond Eivind Glomsrød +- i18n tweaks to initscript + +* Wed Feb 07 2001 Florian La Roche +- aliases.db should be owned by group root + +* Wed Jan 24 2001 Florian La Roche +- prepare for startup-script translation + +* Tue Jan 23 2001 Florian La Roche +- enable daemon mode again, but only listen to the loopback device + instead of all devices. +- do not include check.tar with old anti-spam rules + +* Fri Jan 12 2001 Florian La Roche +- fix configuration of /etc/aliases + +* Mon Jan 08 2001 Florian La Roche +- fix interoperation problems with communigate pro +- disable msa + +* Thu Jan 04 2001 Florian La Roche +- update to (security release) 8.11.2 +- build also on RHL 6.x #16061 +- include smrsh man-page #17901 +- use the "-f" flag for makemap to preserve case for virtusertable + and userdb in /etc/mail/Makefile - suggested by Harald Hoyer +- fix /usr/doc -> usr/share/doc in docu #20611 +- wrong path in sendmail.mc #20691 +- tcp-wrapper support wasn't enabled correctly #21642 +- do not expose user "root" when masquerading like in older releases #21643 +- disable the VRFY and EXPN smtp commands #21801 +- disable queue-runs for normal users (restrictqrun privacy flag) +- fix typo in sendmail.mc #21880, #22682 +- disable daemon mode to see what needs fixing + +* Mon Oct 02 2000 Florian La Roche +- update to 8.11.1 + +* Fri Sep 08 2000 Nalin Dahyabhai +- rebuild in new environment + +* Tue Aug 22 2000 Nalin Dahyabhai +- apply fixes for LDAP maps being closed too soon + +* Mon Aug 14 2000 Nalin Dahyabhai +- provide /usr/lib/sasl/Sendmail.conf so that people know we can use it (#16064) + +* Mon Aug 7 2000 Florian La Roche +- enable listening on the smtp port again + +* Fri Aug 4 2000 Nalin Dahyabhai +- fix "missing find_m4.sh" problem by defining M4=/usr/bin/m4 (#14767) + +* Mon Jul 31 2000 Nalin Dahyabhai +- okay, enable LDAP support again +- enable SMTP auth support via Cyrus SASL + +* Tue Jul 25 2000 Nalin Dahyabhai +- disable the LDAP support until we can remove the sendmail->OpenLDAP->perl dep +- fix prereq + +* Tue Jul 25 2000 Florian La Roche +- update to sendmail 8.11.0 +- add LDAP support + +* Thu Jul 20 2000 Bill Nottingham +- move initscript back + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Sun Jul 9 2000 Florian La Roche +- require procmail +- add further aliases + +* Sat Jul 8 2000 Florian La Roche +- prereq init.d +- fix typo + +* Tue Jul 4 2000 Florian La Roche +- ignore error from useradd + +* Fri Jun 30 2000 Than Ngo +- FHS fixes +- /etc/rc.d/init.d -> /etc/init.d +- fix initscript + +* Fri Jun 23 2000 Florian La Roche +- change to /usr/share/man + +* Wed Jun 21 2000 Preston Brown +- turn off daemon behaviour by default + +* Sun Jun 18 2000 Bill Nottingham +- rebuild, fix dependencies + +* Sat Jun 10 2000 Bill Nottingham +- prereq /usr/sbin/useradd + +* Fri May 19 2000 Florian La Roche +- enable MAP_REGEX +- enable tcp_wrapper support + +* Thu May 18 2000 Florian La Roche +- fix etc/mail/aliases -> /etc/aliases in sendmail-redhat.mc + +* Wed May 3 2000 Bill Nottingham +- update to 8.10.1 +- fix build without sendmail installed +- add 'mailnull' user + +* Wed Mar 15 2000 Bill Nottingham +- update to 8.10.0 +- remove compatiblity chkconfig links +- add a mailnull user for sendmail to use + +* Thu Feb 17 2000 Cristian Gafton +- break the hard link for makemap and create it as a symlnk (#8223) + +* Thu Feb 17 2000 Bernhard Rosenkränzer +- Fix location of mailertable (Bug #6035) + +* Sat Feb 5 2000 Bill Nottingham +- fixes for non-root builds (#8178) + +* Wed Feb 2 2000 Florian La Roche +- change perms on /etc/sysconfig/sendmail from 0755 to 0644 +- allow compressed man-pages + +* Thu Dec 02 1999 Cristian Gafton +- add patch to prevent the DoS when rebuilding aliases + +* Wed Sep 1 1999 Jeff Johnson +- install man pages, not groff output (#3746). +- use dnl not '#' in m4 comment (#3749). +- add FEATURE(mailtertable) to the config -- example file needs this (#4649). +- use db2 not db1. + +* Tue Aug 31 1999 Jeff Johnson +- add 127.0.0.1 to /etc/mail/access to avoid IDENT: relay problem (#3178). + +* Tue Aug 31 1999 Bill Nottingham +- chkconfig --del in preun, not postun (#3982) + +* Mon Aug 16 1999 Bill Nottingham +- initscript munging + +* Fri Jul 02 1999 Cristian Gafton +- fixed typo bug in comment in the default .mc file (#2812) + +* Mon Apr 19 1999 Cristian Gafton +- fox the awk scripts in the postinstall +- enable FEATURE(accept_unresolvable_domains) by default to make laptop + users happy. + +* Sun Apr 18 1999 Cristian Gafton +- make the redhat.mc be a separate source files. Sanitize patches that used + to touch it. +- install redhat.mc as /etc/sendmail.mc so that people can easily modify + their sendmail.cf configurations. + +* Mon Apr 05 1999 Cristian Gafton +- fixed virtusertable patch +- make smrsh look into /etc/smrsh + +* Mon Mar 29 1999 Jeff Johnson +- remove noreplace attr from sednmail.cf. + +* Thu Mar 25 1999 Cristian Gafton +- provide a more sane /etc/mail/access default config file +- use makemap to initializa the empty databases, not touch +- added a small, but helpful /etc/mail/Makefile + +* Mon Mar 22 1999 Jeff Johnson +- correxct dangling symlinks. +- check for map file existence in %%post. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 3) + +* Fri Mar 19 1999 Jeff Johnson +- improved 8.9.3 config from Mike McHenry + +* Tue Mar 16 1999 Cristian Gafton +- version 8.9.3 + +* Tue Dec 29 1998 Cristian Gafton +- build for 6.0 +- use the libdb1 stuff correctly + +* Mon Sep 21 1998 Michael K. Johnson +- Allow empty QUEUE in /etc/sysconfig/sendmail for those who + want to run sendmail in daemon mode without processing the + queue regularly. + +* Thu Sep 17 1998 Michael K. Johnson +- /etc/sysconfig/sendmail + +* Fri Aug 28 1998 Jeff Johnson +- recompile statically linked binary for 5.2/sparc + +* Tue May 05 1998 Prospector System +- translations modified for de, fr, tr + +* Sat May 02 1998 Cristian Gafton +- enhanced initscripts + +* Fri May 01 1998 Cristian Gafton +- added a rmail patch + +* Wed Oct 29 1997 Donnie Barnes +- argh! Fixed some of the db1 handling that had to be added for glibc 2.1 + +* Fri Oct 24 1997 Donnie Barnes +- added support for db1 on SPARC + +* Thu Oct 16 1997 Donnie Barnes +- added chkconfig support +- various spec file cleanups +- changed group to Networking/Daemons (from Daemons). Sure, it runs on + non networked systems, but who really *needs* it then? + +* Wed Oct 08 1997 Donnie Barnes +- made /etc/mail/deny.db a ghost +- removed preun that used to remove deny.db (ghost handles that now) +- NOTE: upgrading from the sendmail packages in 4.8, 4.8.1, and possibly + 4.9 (all Red Hat betas between 4.2 and 5.0) could cause problems. You + may need to do a makemap in /etc/mail and a newaliases after upgrading + from those packages. Upgrading from 4.2 or prior should be fine. + +* Mon Oct 06 1997 Erik Troan +- made aliases.db a ghost + +* Tue Sep 23 1997 Donnie Barnes +- fixed preuninstall script to handle aliases.db on upgrades properly + +* Mon Sep 15 1997 Donnie Barnes +- fixed post-install output and changed /var/spool/mqueue to 755 + +* Thu Sep 11 1997 Donnie Barnes +- fixed /usr/lib/sendmail-cf paths + +* Tue Sep 09 1997 Donnie Barnes +- updated to 8.8.7 +- added some spam filtration +- combined some makefile patches +- added BuildRoot support + +* Wed Sep 03 1997 Erik Troan +- marked initscript symlinks as missingok +- run newalises after creating /var/spool/mqueue + +* Thu Jun 12 1997 Erik Troan +- built against glibc, udated release to -6 (skipped -5!) + +* Tue Apr 01 1997 Erik Troan +- Added -nsl on the Alpha (for glibc to provide NIS functions). + +* Mon Mar 03 1997 Erik Troan +- Added nis support.