NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Sendmail Announce> 2000-q2

Subject: sendmail 8.11.0.Beta1 available for testing
From: Gregory Neil Shapiro (sendmail+gshapiroSendmail.ORG)
Date: Wed May 10 2000 - 15:29:38 CDT

Next message: Sendmail Security: "Sendmail Workaround for Linux Capabilities Bug"
Previous message: Gregory Neil Shapiro: "sendmail 8.10.1 released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----

Yes, you read that subject correctly. Ironically, sendmail 8.10 will go
down in history as not only the largest new feature release in the history
of modern sendmail, but also the shortest lived.

Ever since the easing of crypto export regulations in the United States, we
have been working on releasing the STARTTLS and SMTP Authentication
Security Layer code into the open source. We have finally obtained legal
approval to do so and Sendmail, Inc. has donated the STARTTLS code to the
open source version. We feel it is a worthwhile change to release as a new
version.

Therefore, 8.10.1 will be the final 8.10 release. 8.11.0.Beta1 is a
public beta release with the bug fixes from what would have been 8.10.2 as
well as the two new features which enable encryption in sendmail. No other
new features will be added to 8.11 to keep the release time down.

The release is available from:

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.0.Beta1.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.0.Beta1.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.0.Beta1.tar.sig

with MD5 signatures:

4e6ef61f092f4043a967308cafdd5a92 sendmail.8.11.0.Beta1.tar.Z
1ec1223db0987d1adf23a7cf1153ee9a sendmail.8.11.0.Beta1.tar.gz
87de031b8f4e143b06ff66c320653a1a sendmail.8.11.0.Beta1.tar.sig

You only need one of the first two files (either the gzip'ed version or the
compressed version). The .sig file is a PGP signatures of the tar file
(after uncompressing it). It is signed with the Sendmail Signing Key/2000,
available on the web site (http://www.sendmail.org/) or on the public key
servers.

Since sendmail 8.11 and later releases include hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.

   PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
   SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
   TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
   PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
   COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
   SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
   YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
   AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
   ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

For your convenience, the current release notes for 8.11.0 are included
below.

8.11.0/8.11.0 2000/05/??
        Support SMTP Service Extension for Secure SMTP (RFC 2487) (STARTTLS).
                Implementation influenced by the example programs of
                OpenSSL and the work of Lutz Jaenicke of TU Cottbus.
        New DontBlameSendmail option InsufficientEntropy for systems which
                don't properly seed the PRNG for OpenSSL but want to
                try to use STARTTLS despite the security problems.
        Support the security layer in SMTP AUTH for mechanisms which
                support encryption. Based on code contributed by Tim
                Martin of CMU.
        LDAP's -1 (single match only) flag was not honored if the -z
                (delimiter) flag was not given. Problem noted by ST Wong of
                the Chinese University of Honk Kong. Fix from Mark Adamson
                of CMU.
        Add more protection from accidentally tripping OpenLDAP 1.X's
                ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute().
                Suggested by Kurt Zeilenga of OpenLDAP.
        Fix the default family selection for DaemonPortOptions. As
                documented, unless a family is specified in a
                DaemonPortOptions option, "inet" is the default. It is
                also the default if no DaemonPortOptions value is set.
                Therefore, IPv6 users should configure additional sockets
                by adding DaemonPortOptions settings with Family=inet6 if
                they wish to also listen on IPv6 interfaces. Problem noted
                by Jun-ichiro itojun Hagino of the KAME Project.
        Set ${if_family} when setting ${if_addr} and ${if_name} to reflect
                the interface information for an outgoing connection.
                Not doing so was creating a mismatch between the socket
                family and address used in subsequent connections if the
                M=b modifier was set in DaemonPortOptions. Problem noted
                by John Beck of Sun Microsystems.
        sendmail 8.10 and 8.11 reused the ${if_addr} and ${if_family}
                macros for both the incoming interface address/family and
                the outgoing interface address/family. In order for M=b
                modifier in DaemonPortOptions to work properly, preserve
                the incoming information in the queue file for later
                delivery attempts.
        Use SMTP error code and enhanced status code from check_relay in
                responses to commands. Problem noted by Jeff Wasilko of
                smoe.org.
        Add more vigilance in checking for putc() errors on output streams
                to protect from a bug in Solaris 2.6's putc(). Problem
                noted by Graeme Hewson of Oracle.
        The LDAP map -n option (return attribute names only) wasn't working.
                Problem noted by Ajay Matia.
        Under certain circumstances, an address could be listed as deferred
                but would be bounced back to the sender as failed to be
                delivered when it really should have been queued. Problem
                noted by Allan E Johannesen of Worcester Polytechnic Institute.
        Portability:
                Replace code for finding the number of CPUs on HPUX.
                NetBSD uses a .0 extension of formatted man pages. From
                        Andrew Brown of Graffiti World Wide, Inc.
                Return to using the IPv6 AI_DEFAULT flag instead of AI_V4MAPPED
                        for calls to getipnodebyname(). The Linux
                        implementation is broken so AI_ADDRCONFIG is stripped
                        under Linux. From John Beck of Sun Microsystems and
                        John Kennedy of Cal State University, Chico.
        CONFIG: Catch invalid addresses containing a ',' at the wrong place.
                Patch from Neil Rickert of Northern Illinois University.
        CONFIG: New variables for the new sendmail options:
                confCACERT_PATH CACERTPath
                confCACERT CACERTFile
                confCLIENT_CERT ClientCertFile
                confCLIENT_KEY ClientKeyFile
                confRAND_FILE RandFile
                confSERVER_CERT ServerCertFile
                confSERVER_KEY ServerKeyFile
        CONFIG: Provide basic rulesets for TLS policy control and add new
                tags to the access database to support these policies. See
                cf/README for more information.
        CONFIG: Add TLS information to the Received: header.
        CONFIG: Call tls_client ruleset from check_mail in case it wasn't
                called due to a STARTTLS command.
        CONFIG: If TLS_PERM_ERR is defined, TLS related errors are permanent
                instead of temporary.
        CONFIG: Set confEBINDIR to /usr/sbin to match the devtools entry in
                OSTYPE(`linux') and OSTYPE(`mklinux'). From Tim Pierce of
                RootsWeb.com.
        CONTRIB: Add link_hash.sh to create symbolic links to the hash
                of X.509 certificates.
        CONTRIB: qtool.pl: Add missing last_modified_time method and fix a
                typo. Patch from Graeme Hewson of Oracle.
        CONTRIB: re-mqueue.pl: improve handling of a race between re-mqueue
                and sendmail. Patch from Graeme Hewson of Oracle.
        LIBSMDB: Berkeley DB 2.X and 3.X errors might be lost and not
                reported.
        MAIL.LOCAL: DG/UX portability. Problem noted by Tim Boyer of
                Denman Tire Corporation.
        MAIL.LOCAL: Prevent a possible DoS attack when compiled with
                -DCONTENTLENGTH. Based on patch from 3APA3ASECURITY.NNOV.RU.
        RMAIL: AIX 4.3 has snprintf(). Problem noted by David Hayes of
                Black Diamond Equipment, Limited.
        VACATION: Read all of the headers before deciding whether or not
                to respond instead of stopping after finding recipient.
        Added Files:
                contrib/link_hash.sh

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0 for non-commercial use
Charset: noconv

iQCVAwUBORnBsXxLZ22gDhVjAQHZTgP/T8NEiW9ZNw2Oa6t2rS7xfOpn622FAOAQ
nwMCWrrMrYXIfqt8wEMlIttemxQA/o7VqC+CxRSbVsUO+FU1jl3GOZp53m2LF/gQ
EEO/yxMQJ+2S+45ywFyT2AiUToa7nW/k0mUA9yJ9G2/s3PuzzKg+Z2TgnH8ojng5
K6RZ7VSkaCU=
=14MD
-----END PGP SIGNATURE-----

Next message: Sendmail Security: "Sendmail Workaround for Linux Capabilities Bug"
Previous message: Gregory Neil Shapiro: "sendmail 8.10.1 released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]