Mon Feb 12 03:23:06 2024 UTC (104d)
Update to sendmail 8.18.1.

Main changes are:
- stricter RFC compliance to close some security issues
- FIPS 3 support
- full DANE support

			SENDMAIL RELEASE NOTES

This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.18.1/8.18.1	2024/01/31
	sendmail is now stricter in following the RFCs and rejects
		some invalid input with respect to line endings
		and pipelining:
		- Prevent transaction stuffing by ensuring SMTP clients
		wait for the HELO/EHLO and DATA response before sending
		further SMTP commands.  This can be disabled using
		the new srv_features option 'F'.  Issue reported by
		Yepeng Pan and Christian Rossow from CISPA Helmholtz
		Center for Information Security.
		- Accept only CRLF . CRLF as end of an SMTP message
		as required by the RFCs, which can disabled by the
		new srv_features option 'O'.
		- Do not accept a CR or LF except in the combination
		CRLF (as required by the RFCs).  These checks can
		be disabled by the new srv_features options
		'U' and 'G', respectively.  In this case it is
		suggested to use 'u2' and 'g2' instead so the server
		replaces offending bare CR or bare LF with a space.
		It is recommended to only turn these protections off
		for trusted networks due to the potential for abuse.
	Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
		are used, i.e., TLSA RR 2-x-y and 3-x-y are supported
		as required by RFC 7672.
	OpenSSL version 3.0.x is supported.  Note: OpenSSL 3 loads by
		default an openssl.cnf file from a location specified
		in the library which may cause unwanted behaviour
		in sendmail.  Hence sendmail sets the environment
		variable OPENSSL_CONF to /etc/mail/sendmail.ossl
		to override the default.  The file name can be
		changed by defining confOPENSSL_CNF in the mc file;
		using an empty value prevents setting OPENSSL_CONF.
		Note: referring to a file which does not exist does
		not cause an an error.
	Two new values have been added for {verify}:
		"DANE_TEMP": DANE verification failed temporarily.
		"DANE_NOTLS": DANE was required but STARTTLS was not
		offered by the server.
		The default rules return a temporary error for these
		cases, so delivery is not attempted.
	If the TLS setup code in the client fails and DANE requirements
		exist then {verify} will be set to "DANE_TEMP" thus
		preventing delivery by default.
	DANE related logging has been slightly changed for clarification:
		"DANE configured in DNS but no STARTTLS available"
		changed to
		"DANE configured in DNS but STARTTLS not offered"
	When the compile time option USE_EAI is enabled, vacation could
		fail to respond when it should (the code change in
		8.17.2 was incomplete).  Problem reported by Alex
		Hautequest.
	If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command
		the parsing of UTF8 addresses could fail (USE_EAI).
	If a reply to a previous RCPT was received while sending
		another RCPT in pipelining mode then parts of the
		reply could have been assigned to the wrong RCPT.
	New DontBlameSendmail option CertOwner to relax requirement
		for certificate public and private key ownership.
		Based on suggestion from Marius Strobl of the
		FreeBSD project.
	clt_features was not checked for connections via Unix domain
		sockets.
	CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies
		from DNS lookups thus potentially causing random
		"false negatives".
		Note: the fix creates an incompatibility:
		the arguments must not have a trailing dot anymore
		because the -a. option has been removed (as it only
		applies to the entire result, not individual values).
	CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3.
	VACATION: Add support for Return-Path header to set sender
		to match OpenBSD and NetBSD functionality.
	VACATION: Honor RFC3834 and avoid an auto-reply if
		'Auto-Submitted: no' is found in the headers to
		match OpenBSD and NetBSD functionality.
	VACATION: Avoid an auto-reply if a 'List-Id:' is found in
		the headers to match OpenBSD functionality.
	VACATION: Add support for $SUBJECT in .vacation.msg which
		is replaced with the first line of the subject of the
		original message to match OpenBSD and NetBSD
		functionality.
	Portability:
		Add support for Darwin 23.
	New Files:
		cf/feature/fips3.m4
		devtools/OS/Darwin.23.x


(jnemeth)
diff -r1.69 -r1.70 pkgsrc/mail/sendmail/Makefile.common
diff -r1.26 -r1.27 pkgsrc/mail/sendmail/PLIST
diff -r1.70 -r1.71 pkgsrc/mail/sendmail/distinfo
diff -r1.3 -r1.4 pkgsrc/mail/sendmail/patches/patch-at
diff -r1.4 -r1.5 pkgsrc/mail/sendmail/patches/patch-az
cvs diff -r1.69 -r1.70 pkgsrc/mail/sendmail/Makefile.common (expand / switch to unified diff)

--- pkgsrc/mail/sendmail/Makefile.common 2024/01/15 04:43:22 1.69
+++ pkgsrc/mail/sendmail/Makefile.common 2024/02/12 03:23:05 1.70
@@ -1,38 +1,38 @@ @@ -1,38 +1,38 @@
1# $NetBSD: Makefile.common,v 1.69 2024/01/15 04:43:22 jnemeth Exp $ 1# $NetBSD: Makefile.common,v 1.70 2024/02/12 03:23:05 jnemeth Exp $
2# 2#
3# used by mail/libmilter/Makefile 3# used by mail/libmilter/Makefile
4# used by mail/sendmail/Makefile 4# used by mail/sendmail/Makefile
5# used by mail/sendmail-qtool/Makefile 5# used by mail/sendmail-qtool/Makefile
6# used by mail/sendmail-cidrexpand/Makefile 6# used by mail/sendmail-cidrexpand/Makefile
7# 7#
8 8
9DISTNAME= sendmail.${DIST_VERS} 9DISTNAME= sendmail.${DIST_VERS}
10CATEGORIES= mail 10CATEGORIES= mail
11MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/ 11MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/
12MASTER_SITES+= ftp://ftp.sendmail.org/pub/sendmail/past-releases/ 12MASTER_SITES+= ftp://ftp.sendmail.org/pub/sendmail/past-releases/
13MASTER_SITES+= ftp://ftp.fu-berlin.de/pub/unix/mail/sendmail/ 13MASTER_SITES+= ftp://ftp.fu-berlin.de/pub/unix/mail/sendmail/
14 14
15MAINTAINER?= jnemeth@NetBSD.org 15MAINTAINER?= jnemeth@NetBSD.org
16HOMEPAGE= http://www.sendmail.org/ 16HOMEPAGE= http://www.sendmail.org/
17LICENSE= sendmail-license 17LICENSE= sendmail-license
18 18
19DISTINFO_FILE= ${.CURDIR}/../../mail/sendmail/distinfo 19DISTINFO_FILE= ${.CURDIR}/../../mail/sendmail/distinfo
20FILESDIR= ${.CURDIR}/../../mail/sendmail/files 20FILESDIR= ${.CURDIR}/../../mail/sendmail/files
21PATCHDIR= ${.CURDIR}/../../mail/sendmail/patches 21PATCHDIR= ${.CURDIR}/../../mail/sendmail/patches
22 22
23USE_CC_FEATURES= c99 23USE_CC_FEATURES= c99
24 24
25DIST_VERS= 8.17.2 25DIST_VERS= 8.18.1
26 26
27MAKE_ENV+= BSD_BINOWN=${BINOWN} BSD_BINGRP=${BINGRP} \ 27MAKE_ENV+= BSD_BINOWN=${BINOWN} BSD_BINGRP=${BINGRP} \
28 BSD_MANOWN=${MANOWN} BSD_MANGRP=${MANGRP} \ 28 BSD_MANOWN=${MANOWN} BSD_MANGRP=${MANGRP} \
29 BUILDLINK_DIR=${BUILDLINK_DIR} \ 29 BUILDLINK_DIR=${BUILDLINK_DIR} \
30 SMRSH_CMDDIR=${SMRSH_CMDDIR} 30 SMRSH_CMDDIR=${SMRSH_CMDDIR}
31SITECONFIG= ${WRKSRC}/devtools/Site/site.config.m4 31SITECONFIG= ${WRKSRC}/devtools/Site/site.config.m4
32 32
33BUILD_DEFS+= SMRSH_CMDDIR 33BUILD_DEFS+= SMRSH_CMDDIR
34 34
35WRKSRC= ${WRKDIR}/sendmail-${DIST_VERS} 35WRKSRC= ${WRKDIR}/sendmail-${DIST_VERS}
36USE_TOOLS+= gm4 36USE_TOOLS+= gm4
37MAKE_ENV+= M4=${TOOLS_M4} 37MAKE_ENV+= M4=${TOOLS_M4}
38 38
cvs diff -r1.26 -r1.27 pkgsrc/mail/sendmail/PLIST (expand / switch to unified diff)

--- pkgsrc/mail/sendmail/PLIST 2024/01/15 04:43:22 1.26
+++ pkgsrc/mail/sendmail/PLIST 2024/02/12 03:23:05 1.27
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.26 2024/01/15 04:43:22 jnemeth Exp $ 1@comment $NetBSD: PLIST,v 1.27 2024/02/12 03:23:05 jnemeth Exp $
2bin/hoststat 2bin/hoststat
3bin/mailq 3bin/mailq
4bin/newaliases 4bin/newaliases
5bin/purgestat 5bin/purgestat
6bin/vacation 6bin/vacation
7lib/libsm.a 7lib/libsm.a
8lib/libsmutil.a 8lib/libsmutil.a
9libexec/sendmail/mail.local 9libexec/sendmail/mail.local
10libexec/sendmail/sendmail 10libexec/sendmail/sendmail
11libexec/sendmail/smrsh 11libexec/sendmail/smrsh
12man/man1/mailq.1 12man/man1/mailq.1
13man/man1/newaliases.1 13man/man1/newaliases.1
14man/man1/vacation.1 14man/man1/vacation.1
@@ -100,26 +100,27 @@ share/sendmail/feature/bcc.m4 @@ -100,26 +100,27 @@ share/sendmail/feature/bcc.m4
100share/sendmail/feature/bestmx_is_local.m4 100share/sendmail/feature/bestmx_is_local.m4
101share/sendmail/feature/bitdomain.m4 101share/sendmail/feature/bitdomain.m4
102share/sendmail/feature/blacklist_recipients.m4 102share/sendmail/feature/blacklist_recipients.m4
103share/sendmail/feature/block_bad_helo.m4 103share/sendmail/feature/block_bad_helo.m4
104share/sendmail/feature/blocklist_recipients.m4 104share/sendmail/feature/blocklist_recipients.m4
105share/sendmail/feature/check_cert_altnames.m4 105share/sendmail/feature/check_cert_altnames.m4
106share/sendmail/feature/check_other.m4 106share/sendmail/feature/check_other.m4
107share/sendmail/feature/compat_check.m4 107share/sendmail/feature/compat_check.m4
108share/sendmail/feature/conncontrol.m4 108share/sendmail/feature/conncontrol.m4
109share/sendmail/feature/delay_checks.m4 109share/sendmail/feature/delay_checks.m4
110share/sendmail/feature/dnsbl.m4 110share/sendmail/feature/dnsbl.m4
111share/sendmail/feature/domaintable.m4 111share/sendmail/feature/domaintable.m4
112share/sendmail/feature/enhdnsbl.m4 112share/sendmail/feature/enhdnsbl.m4
 113share/sendmail/feature/fips3.m4
113share/sendmail/feature/generics_entire_domain.m4 114share/sendmail/feature/generics_entire_domain.m4
114share/sendmail/feature/genericstable.m4 115share/sendmail/feature/genericstable.m4
115share/sendmail/feature/greet_pause.m4 116share/sendmail/feature/greet_pause.m4
116share/sendmail/feature/ldap_routing.m4 117share/sendmail/feature/ldap_routing.m4
117share/sendmail/feature/limited_masquerade.m4 118share/sendmail/feature/limited_masquerade.m4
118share/sendmail/feature/local_lmtp.m4 119share/sendmail/feature/local_lmtp.m4
119share/sendmail/feature/local_no_masquerade.m4 120share/sendmail/feature/local_no_masquerade.m4
120share/sendmail/feature/local_procmail.m4 121share/sendmail/feature/local_procmail.m4
121share/sendmail/feature/lookupdotdomain.m4 122share/sendmail/feature/lookupdotdomain.m4
122share/sendmail/feature/loose_relay_check.m4 123share/sendmail/feature/loose_relay_check.m4
123share/sendmail/feature/mailertable.m4 124share/sendmail/feature/mailertable.m4
124share/sendmail/feature/masquerade_entire_domain.m4 125share/sendmail/feature/masquerade_entire_domain.m4
125share/sendmail/feature/masquerade_envelope.m4 126share/sendmail/feature/masquerade_envelope.m4
cvs diff -r1.70 -r1.71 pkgsrc/mail/sendmail/distinfo (expand / switch to unified diff)

--- pkgsrc/mail/sendmail/distinfo 2024/01/15 04:43:22 1.70
+++ pkgsrc/mail/sendmail/distinfo 2024/02/12 03:23:05 1.71
@@ -1,36 +1,36 @@ @@ -1,36 +1,36 @@
1$NetBSD: distinfo,v 1.70 2024/01/15 04:43:22 jnemeth Exp $ 1$NetBSD: distinfo,v 1.71 2024/02/12 03:23:05 jnemeth Exp $
2 2
3BLAKE2s (sendmail.8.17.2.tar.gz) = 0af32d01e11ef8c414f66903b3f59b5b4dc2bacb9f3ee5a7782a35527dfab2fc 3BLAKE2s (sendmail.8.18.1.tar.gz) = 959e83d47978867cf89f817e51ce16a834998ef94a417ead59ddfdfdf0debff0
4SHA512 (sendmail.8.17.2.tar.gz) = a25d964136a3efeb7737c34aed34804dd61292bd70eaaba724274a862604a6cd5ca3bcac635e445864c23699b1704c3662d262a5694bd26e298fc1c0e8ba817d 4SHA512 (sendmail.8.18.1.tar.gz) = 9ce713b44439d4de6faa9e3cdfa2226b44b4fbeb352a5f81584c062570e9472da244158287e489aabe258d28fe54ca4964565c7b0adc7e1763d212be42f98061
5Size (sendmail.8.17.2.tar.gz) = 2313458 bytes 5Size (sendmail.8.18.1.tar.gz) = 2401566 bytes
6SHA1 (patch-aa) = bd1ab754f7146d002eaf8c0347e114b4049a7776 6SHA1 (patch-aa) = bd1ab754f7146d002eaf8c0347e114b4049a7776
7SHA1 (patch-af) = 8c80610916000dfb4e4e28a64eeb0b283535fc93 7SHA1 (patch-af) = 8c80610916000dfb4e4e28a64eeb0b283535fc93
8SHA1 (patch-ag) = 6dcca8944aa854f1767c7ee12fe14872a4e14d2e 8SHA1 (patch-ag) = 6dcca8944aa854f1767c7ee12fe14872a4e14d2e
9SHA1 (patch-ah) = e6be09008b9230ffdd1560aaacbdbb2ee4fb8028 9SHA1 (patch-ah) = e6be09008b9230ffdd1560aaacbdbb2ee4fb8028
10SHA1 (patch-ai) = 7a306d7239f4036cd8d80d6dbe2a07eb80f02d13 10SHA1 (patch-ai) = 7a306d7239f4036cd8d80d6dbe2a07eb80f02d13
11SHA1 (patch-aj) = e65e6fe44380de2f9c397c1a97677eb4ad285433 11SHA1 (patch-aj) = e65e6fe44380de2f9c397c1a97677eb4ad285433
12SHA1 (patch-an) = 8015196ab361df50cc4a63611f3fe5f1f547cbbe 12SHA1 (patch-an) = 8015196ab361df50cc4a63611f3fe5f1f547cbbe
13SHA1 (patch-ao) = 88dd76b71ad57a8d0efdb6e8518ff01689ecf634 13SHA1 (patch-ao) = 88dd76b71ad57a8d0efdb6e8518ff01689ecf634
14SHA1 (patch-aq) = 5c083d9f9f71bcc42811a3d085e936eaaa404c96 14SHA1 (patch-aq) = 5c083d9f9f71bcc42811a3d085e936eaaa404c96
15SHA1 (patch-ar) = 4e9162c96329716f844c0c64efb9d0a2915ad1cb 15SHA1 (patch-ar) = 4e9162c96329716f844c0c64efb9d0a2915ad1cb
16SHA1 (patch-as) = e5e266d3c488494a12c303b068c15edde24e0504 16SHA1 (patch-as) = e5e266d3c488494a12c303b068c15edde24e0504
17SHA1 (patch-at) = 7bd83d1171f665ed4fb62181dac7c31098a5e2ee 17SHA1 (patch-at) = abb43369d751cf5969db2729da3454c67934b0af
18SHA1 (patch-au) = 08a96e145a9c37ba1ba836457157f1ab781380dc 18SHA1 (patch-au) = 08a96e145a9c37ba1ba836457157f1ab781380dc
19SHA1 (patch-av) = bb6ecd69f6b0db22056b492890d2c6369cd08977 19SHA1 (patch-av) = bb6ecd69f6b0db22056b492890d2c6369cd08977
20SHA1 (patch-aw) = e340bd366ce04c4d5ddd15f964bc4040e715a6c9 20SHA1 (patch-aw) = e340bd366ce04c4d5ddd15f964bc4040e715a6c9
21SHA1 (patch-ax) = 771c9c8a951a09c80eb85233986af1fc7fedbe77 21SHA1 (patch-ax) = 771c9c8a951a09c80eb85233986af1fc7fedbe77
22SHA1 (patch-ay) = 0a043f2ff0028d475ee852b302844626f4ff4609 22SHA1 (patch-ay) = 0a043f2ff0028d475ee852b302844626f4ff4609
23SHA1 (patch-az) = 53738dc9d3618838a6e6fd2f0ec9c4fd1f19ae2e 23SHA1 (patch-az) = c951d7f00b92b1783fc5e633897d33238f1970d9
24SHA1 (patch-ba) = c190b11b9874f00a18b9c75b6e734f4a9dd3f68f 24SHA1 (patch-ba) = c190b11b9874f00a18b9c75b6e734f4a9dd3f68f
25SHA1 (patch-bb) = 6c86a60af25b02fc0389f1d40f59c5031d9679f1 25SHA1 (patch-bb) = 6c86a60af25b02fc0389f1d40f59c5031d9679f1
26SHA1 (patch-bc) = 9e7346342dfe1ca5d84053b913df4be41a979683 26SHA1 (patch-bc) = 9e7346342dfe1ca5d84053b913df4be41a979683
27SHA1 (patch-bd) = 1a6d035c585838e771a1a677892b95bb82000a7b 27SHA1 (patch-bd) = 1a6d035c585838e771a1a677892b95bb82000a7b
28SHA1 (patch-be) = d2f3397b7880f23f8cbd5d3c4eb5ccfe6a6ca75b 28SHA1 (patch-be) = d2f3397b7880f23f8cbd5d3c4eb5ccfe6a6ca75b
29SHA1 (patch-bf) = 9c5faf5b38c18623e5ce4ffafc00a4430965e41a 29SHA1 (patch-bf) = 9c5faf5b38c18623e5ce4ffafc00a4430965e41a
30SHA1 (patch-bg) = 716c90ff76edbdcb223111412bdd011d4a252ca6 30SHA1 (patch-bg) = 716c90ff76edbdcb223111412bdd011d4a252ca6
31SHA1 (patch-bl) = 4fff262691deb2fcacf5013bfeb5aede45783dcd 31SHA1 (patch-bl) = 4fff262691deb2fcacf5013bfeb5aede45783dcd
32SHA1 (patch-bm) = ef40555ed40961f76ceedf58c100ac91ce2b0657 32SHA1 (patch-bm) = ef40555ed40961f76ceedf58c100ac91ce2b0657
33SHA1 (patch-bn) = 8ba1998d579bb7d33ee92bfdf4e4bb2dafab23a0 33SHA1 (patch-bn) = 8ba1998d579bb7d33ee92bfdf4e4bb2dafab23a0
34SHA1 (patch-bo) = 7dc9b24ebcfdf571c5f8428032325e9d55187daf 34SHA1 (patch-bo) = 7dc9b24ebcfdf571c5f8428032325e9d55187daf
35SHA1 (patch-bp) = 9a1daac264aba6c4fc39a63a464b942dd25b06eb 35SHA1 (patch-bp) = 9a1daac264aba6c4fc39a63a464b942dd25b06eb
36SHA1 (patch-bq) = 548bf6d373cb49958437548a65803b6f3c6b35d2 36SHA1 (patch-bq) = 548bf6d373cb49958437548a65803b6f3c6b35d2
cvs diff -r1.3 -r1.4 pkgsrc/mail/sendmail/patches/patch-at (expand / switch to unified diff)

--- pkgsrc/mail/sendmail/patches/patch-at 2024/01/15 04:43:22 1.3
+++ pkgsrc/mail/sendmail/patches/patch-at 2024/02/12 03:23:06 1.4
@@ -1,93 +1,93 @@ @@ -1,93 +1,93 @@
1$NetBSD: patch-at,v 1.3 2024/01/15 04:43:22 jnemeth Exp $ 1$NetBSD: patch-at,v 1.4 2024/02/12 03:23:06 jnemeth Exp $
2 2
3--- sendmail/domain.c.orig 2023-05-31 19:55:42.000000000 +0000 3--- sendmail/domain.c.orig 2024-01-31 06:38:32.000000000 +0000
4+++ sendmail/domain.c 4+++ sendmail/domain.c
5@@ -23,6 +23,7 @@ SM_RCSID("@(#)$Id: domain.c,v 8.205 2013 5@@ -23,6 +23,7 @@ SM_RCSID("@(#)$Id: domain.c,v 8.205 2013
6 #include <sm/sendmail.h> 6 #include <sm/sendmail.h>
7  7
8 #if NAMED_BIND 8 #if NAMED_BIND
9+extern struct __res_state sm_res; 9+extern struct __res_state sm_res;
10 # include <arpa/inet.h> 10 # include <arpa/inet.h>
11 # include "sm_resolve.h" 11 # include "sm_resolve.h"
12 # if DANE 12 # if DANE
13@@ -51,7 +52,7 @@ static char MXHostBuf[MXHOSTBUFSIZE]; 13@@ -51,7 +52,7 @@ static char MXHostBuf[MXHOSTBUFSIZE];
14 # endif 14 # endif
15  15
16 # ifndef RES_DNSRCH_VARIABLE 16 # ifndef RES_DNSRCH_VARIABLE
17-# define RES_DNSRCH_VARIABLE _res.dnsrch 17-# define RES_DNSRCH_VARIABLE _res.dnsrch
18+# define RES_DNSRCH_VARIABLE sm_res.dnsrch 18+# define RES_DNSRCH_VARIABLE sm_res.dnsrch
19 # endif 19 # endif
20  20
21 # ifndef HFIXEDSZ 21 # ifndef HFIXEDSZ
22@@ -623,9 +624,9 @@ getmxrr(host, mxhosts, mxprefs, flags, r 22@@ -909,9 +910,9 @@ getmxrr(host, mxhosts, mxprefs, flags, r
23 # if DANE 23 # if DANE
24 cname2mx = false; 24 cname2mx = false;
25 qname[0] = '\0'; 25 qname[0] = '\0';
26- old_options = _res.options; 26- old_options = _res.options;
27+ old_options = sm_res.options; 27+ old_options = sm_res.options;
28 if (ad) 28 if (ad)
29- _res.options |= SM_RES_DNSSEC; 29- _res.options |= SM_RES_DNSSEC;
30+ sm_res.options |= SM_RES_DNSSEC; 30+ sm_res.options |= SM_RES_DNSSEC;
31 # endif 31 # endif
32  32
33 if ((fallbackMX != NULL && (flags & DROPLOCALHOST) != 0 && 33 if ((fallbackMX != NULL && (flags & DROPLOCALHOST) != 0 &&
34@@ -784,7 +785,7 @@ getmxrr(host, mxhosts, mxprefs, flags, r 34@@ -1072,7 +1073,7 @@ getmxrr(host, mxhosts, mxprefs, flags, r
35 # endif 35 # endif
36 if (type != T_MX) 36 if (type != T_MX)
37 { 37 {
38- if ((tTd(8, 8) || _res.options & RES_DEBUG) 38- if ((tTd(8, 8) || _res.options & RES_DEBUG)
39+ if ((tTd(8, 8) || sm_res.options & RES_DEBUG) 39+ if ((tTd(8, 8) || sm_res.options & RES_DEBUG)
40 # if DANE 40 # if DANE
41 && type != T_RRSIG 41 && type != T_RRSIG
42 # endif 42 # endif
43@@ -1102,13 +1103,13 @@ punt: 43@@ -1410,13 +1411,13 @@ punt:
44 } 44 }
45 done: 45 done:
46 # if DANE 46 # if DANE
47- _res.options = old_options; 47- _res.options = old_options;
48+ sm_res.options = old_options; 48+ sm_res.options = old_options;
49 # endif 49 # endif
50 return nmx; 50 return nmx;
51  51
52 error: 52 error:
53 # if DANE 53 # if DANE
54- _res.options = old_options; 54- _res.options = old_options;
55+ sm_res.options = old_options; 55+ sm_res.options = old_options;
56 # endif 56 # endif
57 return -1; 57 return -1;
58 } 58 }
59@@ -1178,7 +1179,7 @@ bestmx_map_lookup(map, name, av, statp) 59@@ -1486,7 +1487,7 @@ bestmx_map_lookup(map, name, av, statp)
60 int *statp; 60 int *statp;
61 { 61 {
62 int nmx; 62 int nmx;
63- int saveopts = _res.options; 63- int saveopts = _res.options;
64+ int saveopts = sm_res.options; 64+ int saveopts = sm_res.options;
65 int i; 65 int i;
66 ssize_t len = 0; 66 ssize_t len = 0;
67 char *result; 67 char *result;
68@@ -1190,9 +1191,9 @@ bestmx_map_lookup(map, name, av, statp) 68@@ -1498,9 +1499,9 @@ bestmx_map_lookup(map, name, av, statp)
69 char buf[PSBUFSIZE / 2]; 69 char buf[PSBUFSIZE / 2];
70 # endif 70 # endif
71  71
72- _res.options &= ~(RES_DNSRCH|RES_DEFNAMES); 72- _res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
73+ sm_res.options &= ~(RES_DNSRCH|RES_DEFNAMES); 73+ sm_res.options &= ~(RES_DNSRCH|RES_DEFNAMES);
74 nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1); 74 nmx = getmxrr(name, mxhosts, NULL, 0, statp, NULL, -1, NULL);
75- _res.options = saveopts; 75- _res.options = saveopts;
76+ sm_res.options = saveopts; 76+ sm_res.options = saveopts;
77 if (nmx <= 0) 77 if (nmx <= 0)
78 return NULL; 78 return NULL;
79 if (bitset(MF_MATCHONLY, map->map_mflags)) 79 if (bitset(MF_MATCHONLY, map->map_mflags))
80@@ -1342,16 +1343,22 @@ dns_getcanonname(host, hbsize, trymx, st 80@@ -1650,16 +1651,22 @@ dns_getcanonname(host, hbsize, trymx, st
81 if (tTd(8, 2)) 81 if (tTd(8, 2))
82 sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx); 82 sm_dprintf("dns_getcanonname(%s, trymx=%d)\n", host, trymx);
83  83
84- if ((_res.options & RES_INIT) == 0 && res_init() == -1) 84- if ((_res.options & RES_INIT) == 0 && res_init() == -1)
85- { 85- {
86- *statp = EX_UNAVAILABLE; 86- *statp = EX_UNAVAILABLE;
87- return HOST_NOTFOUND; 87- return HOST_NOTFOUND;
88+ if ((sm_res.options & RES_INIT) == 0) { 88+ if ((sm_res.options & RES_INIT) == 0) {
89+# if NAMED_RESN 89+# if NAMED_RESN
90+ memset(&sm_res, 0, sizeof(sm_res)); 90+ memset(&sm_res, 0, sizeof(sm_res));
91+ if (res_ninit(&sm_res) == -1) { 91+ if (res_ninit(&sm_res) == -1) {
92+# else 92+# else
93+ if (res_init() == -1) { 93+ if (res_init() == -1) {
@@ -96,49 +96,49 @@ $NetBSD: patch-at,v 1.3 2024/01/15 04:43 @@ -96,49 +96,49 @@ $NetBSD: patch-at,v 1.3 2024/01/15 04:43
96+ return false; 96+ return false;
97+ } 97+ }
98 } 98 }
99  99
100 # if DANE 100 # if DANE
101- old_options = _res.options; 101- old_options = _res.options;
102+ old_options = sm_res.options; 102+ old_options = sm_res.options;
103 if (DANE_SECURE == Dane) 103 if (DANE_SECURE == Dane)
104- _res.options |= SM_RES_DNSSEC; 104- _res.options |= SM_RES_DNSSEC;
105+ sm_res.options |= SM_RES_DNSSEC; 105+ sm_res.options |= SM_RES_DNSSEC;
106 # endif 106 # endif
107  107
108 *statp = EX_OK; 108 *statp = EX_OK;
109@@ -1401,7 +1408,7 @@ cnameloop: 109@@ -1709,7 +1716,7 @@ cnameloop:
110 searchlist[sli++] = NameSearchList; 110 searchlist[sli++] = NameSearchList;
111 } 111 }
112 # endif 112 # endif
113- if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options)) 113- if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, _res.options))
114+ if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, sm_res.options)) 114+ if (n >= 0 && *--cp != '.' && bitset(RES_DNSRCH, sm_res.options))
115 { 115 {
116 /* make sure there are less than MAXDNSRCH domains */ 116 /* make sure there are less than MAXDNSRCH domains */
117 for (domain = RES_DNSRCH_VARIABLE, ret = 0; 117 for (domain = RES_DNSRCH_VARIABLE, ret = 0;
118@@ -1409,10 +1416,10 @@ cnameloop: 118@@ -1717,10 +1724,10 @@ cnameloop:
119 ret++) 119 ret++)
120 searchlist[sli++] = *domain++; 120 searchlist[sli++] = *domain++;
121 } 121 }
122- else if (n == 0 && bitset(RES_DEFNAMES, _res.options)) 122- else if (n == 0 && bitset(RES_DEFNAMES, _res.options))
123+ else if (n == 0 && bitset(RES_DEFNAMES, sm_res.options)) 123+ else if (n == 0 && bitset(RES_DEFNAMES, sm_res.options))
124 { 124 {
125 SM_ASSERT(sli < SLSIZE); 125 SM_ASSERT(sli < SLSIZE);
126- searchlist[sli++] = _res.defdname; 126- searchlist[sli++] = _res.defdname;
127+ searchlist[sli++] = sm_res.defdname; 127+ searchlist[sli++] = sm_res.defdname;
128 } 128 }
129 else if (*cp == '.') 129 else if (*cp == '.')
130 { 130 {
131@@ -1718,13 +1725,13 @@ nexttype: 131@@ -2026,13 +2033,13 @@ nexttype:
132 if (ttl > 0 && pttl != NULL) 132 if (ttl > 0 && pttl != NULL)
133 *pttl = ttl; 133 *pttl = ttl;
134 # if DANE 134 # if DANE
135- _res.options = old_options; 135- _res.options = old_options;
136+ sm_res.options = old_options; 136+ sm_res.options = old_options;
137 # endif 137 # endif
138 return ad ? HOST_SECURE : HOST_OK; 138 return ad ? HOST_SECURE : HOST_OK;
139  139
140 error: 140 error:
141 # if DANE 141 # if DANE
142- _res.options = old_options; 142- _res.options = old_options;
143+ sm_res.options = old_options; 143+ sm_res.options = old_options;
144 # endif 144 # endif
cvs diff -r1.4 -r1.5 pkgsrc/mail/sendmail/patches/patch-az (expand / switch to unified diff)

--- pkgsrc/mail/sendmail/patches/patch-az 2021/07/04 07:57:13 1.4
+++ pkgsrc/mail/sendmail/patches/patch-az 2024/02/12 03:23:06 1.5
@@ -1,78 +1,78 @@ @@ -1,78 +1,78 @@
1$NetBSD: patch-az,v 1.4 2021/07/04 07:57:13 jnemeth Exp $ 1$NetBSD: patch-az,v 1.5 2024/02/12 03:23:06 jnemeth Exp $
2 2
3--- sendmail/srvrsmtp.c.orig 2020-06-08 08:35:03.000000000 +0000 3--- sendmail/srvrsmtp.c.orig 2024-01-31 06:38:32.000000000 +0000
4+++ sendmail/srvrsmtp.c 4+++ sendmail/srvrsmtp.c
5@@ -48,6 +48,10 @@ static bool tls_ok_srv = false; 5@@ -51,6 +51,10 @@ static bool tls_ok_srv = false;
6 static bool NotFirstDelivery = false; 6 static bool NotFirstDelivery = false;
7 #endif 7 #endif
8  8
9+#if NAMED_BIND 9+#if NAMED_BIND
10+extern struct __res_state sm_res; 10+extern struct __res_state sm_res;
11+#endif 11+#endif
12+ 12+
13 /* server features */ 13 /* server features */
14 #define SRV_NONE 0x0000 /* none... */ 14 #define SRV_NONE 0x00000000 /* none... */
15 #define SRV_OFFER_TLS 0x0001 /* offer STARTTLS */ 15 #define SRV_OFFER_TLS 0x00000001 /* offer STARTTLS */
16@@ -1408,6 +1412,7 @@ smtp(nullserver, d_flags, e) 16@@ -1537,6 +1541,7 @@ smtp(nullserver, d_flags, e)
17 (int) tp.tv_sec + 17 (int) tp->tv_sec +
18 (tp.tv_usec >= 500000 ? 1 : 0) 18 (tp->tv_usec >= 500000 ? 1 : 0)
19 ); 19 );
20+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "pre-greeting traffic"); 20+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, fd, "pre-greeting traffic");
21 } 21 }
22 } 22 }
23 } 23 }
24@@ -1680,7 +1685,12 @@ smtp(nullserver, d_flags, e) 24@@ -1822,7 +1827,12 @@ smtp(nullserver, d_flags, e)
25 /* get an OK if we're done */ 25 /* get an OK if we're done */
26 if (result == SASL_OK) 26 if (result == SASL_OK)
27 { 27 {
28+ int fd; 28+ int fd;
29+ 29+
30 authenticated: 30 authenticated:
31+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); 31+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
32+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, fd, "AUTH OK"); 32+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, fd, "AUTH OK");
33+ 33+
34 message("235 2.0.0 OK Authenticated"); 34 message("235 2.0.0 OK Authenticated");
35 authenticating = SASL_IS_AUTH; 35 authenticating = SASL_IS_AUTH;
36 macdefine(&BlankEnvelope.e_macro, A_TEMP, 36 macdefine(&BlankEnvelope.e_macro, A_TEMP,
37@@ -1825,6 +1835,7 @@ smtp(nullserver, d_flags, e) 37@@ -1967,6 +1977,7 @@ smtp(nullserver, d_flags, e)
38 { \ 38 { \
39 SET_AUTH_USER_CONDITIONALLY \ 39 SET_AUTH_USER_CONDITIONALLY \
40 message("535 5.7.0 authentication failed"); \ 40 message("535 5.7.0 authentication failed"); \
41+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL), "AUTH FAIL"); \ 41+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL), "AUTH FAIL"); \
42 if (LogLevel >= 9) \ 42 if (LogLevel >= 9) \
43 sm_syslog(LOG_WARNING, e->e_id, \ 43 sm_syslog(LOG_WARNING, e->e_id, \
44 "AUTH failure (%s): %s (%d) %s%s%.*s, relay=%.100s", \ 44 "AUTH failure (%s): %s (%d) %s%s%.*s, relay=%.100s", \
45@@ -1940,6 +1951,10 @@ smtp(nullserver, d_flags, e) 45@@ -2082,6 +2093,10 @@ smtp(nullserver, d_flags, e)
46 if (nullserver != NULL && 46 if (nullserver != NULL &&
47 ++n_badcmds > MAXBADCOMMANDS) 47 ++n_badcmds > MAXBADCOMMANDS)
48 { 48 {
49+ int fd; 49+ int fd;
50+ 50+
51+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); 51+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
52+ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands"); 52+ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands");
53 message("421 4.7.0 %s Too many bad commands; closing connection", 53 message("421 4.7.0 %s Too many bad commands; closing connection",
54 MyHostName); 54 MyHostName);
55  55
56@@ -3663,7 +3678,11 @@ doquit: 56@@ -3926,7 +3941,11 @@ smtp(nullserver, d_flags, e)
57 #if MAXBADCOMMANDS > 0 57 #if MAXBADCOMMANDS > 0
58 if (++n_badcmds > MAXBADCOMMANDS) 58 if (++n_badcmds > MAXBADCOMMANDS)
59 { 59 {
60+ int fd; 60+ int fd;
61+ 61+
62 stopattack: 62 stopattack:
63+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL); 63+ fd = sm_io_getinfo(InChannel, SM_IO_WHAT_FD, NULL);
64+ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands"); 64+ BLACKLIST_NOTIFY(BLACKLIST_ABUSIVE_BEHAVIOR, fd, "too many bad commands");
65 message("421 4.7.0 %s Too many bad commands; closing connection", 65 message("421 4.7.0 %s Too many bad commands; closing connection",
66 MyHostName); 66 MyHostName);
67  67
68@@ -4136,8 +4155,8 @@ smtp_data(smtp, e) 68@@ -4422,8 +4441,8 @@ smtp_data(smtp, e, check_stuffing)
69 id = e->e_id; 69 id = e->e_id;
70  70
71 #if NAMED_BIND 71 #if NAMED_BIND
72- _res.retry = TimeOuts.res_retry[RES_TO_FIRST]; 72- _res.retry = TimeOuts.res_retry[RES_TO_FIRST];
73- _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; 73- _res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
74+ sm_res.retry = TimeOuts.res_retry[RES_TO_FIRST]; 74+ sm_res.retry = TimeOuts.res_retry[RES_TO_FIRST];
75+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST]; 75+ sm_res.retrans = TimeOuts.res_retrans[RES_TO_FIRST];
76 #endif 76 #endif
77  77
78 #if _FFR_PROXY 78 #if _FFR_PROXY