Update to sendmail-8.7.4. This fixes a DNS related security vulnerabilty.

usr.sbin/sendmail/RELEASE_NOTES

@@ -1,12 +1,19 @@
 			SENDMAIL RELEASE NOTES
-	     @(#)RELEASE_NOTES	8.7.3.1 (Berkeley) 12/3/95
+	     @(#)RELEASE_NOTES	8.7.4.1 (Berkeley) 2/18/96
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
-8.7.3/8.7.3	95/12/xx
+8.7.4/8.7.3	96/02/18
+	SECURITY: In some cases it was still possible for an attacker to
+		insert newlines into a queue file, thus allowing access to
+		any user (except root).
+	CONFIG: no changes -- it is not a bug that the configuration
+		version number is unchanged.
+
+8.7.3/8.7.3	95/12/03
 	Fix botch in name server timeout in RCPT code; this problem caused
 		two responses in SMTP, which breaks things horribly.  Fix
 		from Gregory Neil Shapiro of WPI.
@@ -1462,6 +1469,13 @@ summary of the changes in that release.
 		contrib/rcpt-streaming
 		src/Makefiles/Makefile.SunOS.5.x
 
+8.6.13/8.6.12	95/01/25
+	SECURITY: In some cases it was still possible for an attacker to
+		insert newlines into a queue file, thus allowing access to
+		any user (except root).
+	CONFIG: no changes -- it is not a bug that the configuration
+		version number is unchanged.
+
 8.6.12/8.6.12	95/03/28
 	Fix to IDENT code (it was getting the size of the reply buffer
 		too small, so nothing was ever accepted).  Fix from several

usr.sbin/sendmail/src/headers.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)headers.c	8.82 (Berkeley) 10/28/95";
+static char sccsid[] = "@(#)headers.c	8.82.1.1 (Berkeley) 2/18/96";
 #endif /* not lint */
 
 # include <errno.h>
@@ -1253,6 +1253,8 @@ putheader(mci, h, e)
 				putline(obuf, mci);
 				p = ++nlp;
 				obp = obuf;
+				if (*p != ' ' && *p != '\t')
+					*obp++ = ' ';
 			}
 			sprintf(obp, "%.*s", sizeof obuf - (obp - obuf) - 1, p);
 			putline(obuf, mci);
@@ -1437,7 +1439,7 @@ commaize(h, p, oldstyle, mci, e)
 		firstone = FALSE;
 		*p = savechar;
 	}
-	(void) strcpy(obp, "\n");
+	*obp = '\0';
 	putline(obuf, mci);
 }
 /*

usr.sbin/sendmail/src/queue.c

@@ -36,9 +36,9 @@
 
 #ifndef lint
 #ifdef QUEUE
-static char sccsid[] = "@(#)queue.c	8.98 (Berkeley) 11/11/95 (with queueing)";
+static char sccsid[] = "@(#)queue.c	8.98.1.1 (Berkeley) 2/18/96 (with queueing)";
 #else
-static char sccsid[] = "@(#)queue.c	8.98 (Berkeley) 11/11/95 (without queueing)";
+static char sccsid[] = "@(#)queue.c	8.98.1.1 (Berkeley) 2/18/96 (without queueing)";
 #endif
 #endif /* not lint */
 
@@ -247,7 +247,7 @@ queueup(e, announce)
 
 	/* output body type */
 	if (e->e_bodytype != NULL)
-		fprintf(tfp, "B%s\n", e->e_bodytype);
+		fprintf(tfp, "B%s\n", denlstring(e->e_bodytype, TRUE, FALSE));
 
 	/* message from envelope, if it exists */
 	if (e->e_message != NULL)
@@ -380,7 +380,9 @@ queueup(e, announce)
 		/* output the header: expand macros, convert addresses */
 		if (bitset(H_DEFAULT, h->h_flags))
 		{
-			fprintf(tfp, "%s: %s\n", h->h_field, buf);
+			fprintf(tfp, "%s: %s\n",
+				h->h_field,
+				denlstring(buf, FALSE, TRUE));
 		}
 		else if (bitset(H_FROM|H_RCPT, h->h_flags))
 		{
@@ -397,7 +399,11 @@ queueup(e, announce)
 			TrafficLogFile = savetrace;
 		}
 		else
-			fprintf(tfp, "%s: %s\n", h->h_field, h->h_value);
+		{
+			fprintf(tfp, "%s: %s\n",
+				h->h_field,
+				denlstring(h->h_value, FALSE, TRUE));
+		}
 	}
 
 	/*

usr.sbin/sendmail/src/util.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)util.c	8.84 (Berkeley) 11/18/95";
+static char sccsid[] = "@(#)util.c	8.84.1.1 (Berkeley) 2/18/96";
 #endif /* not lint */
 
 # include "sendmail.h"
@@ -989,7 +989,14 @@ putxline(l, mci, pxflags)
 			(void) putc(*l, mci->mci_out);
 		fputs(mci->mci_mailer->m_eol, mci->mci_out);
 		if (*l == '\n')
-			++l;
+		{
+			if (*++l != ' ' && *l != '\t' && l[1] != '\0')
+			{
+				(void) putc(' ', mci->mci_out);
+				if (TrafficLogFile != NULL)
+					(void) putc(' ', TrafficLogFile);
+			}
+		}
 	} while (l[0] != '\0');
 }
 /*
@@ -1993,7 +2000,6 @@ denlstring(s, strict, logattacks)
 	for (p = bp; (p = strchr(p, '\n')) != NULL; )
 		*p++ = ' ';
 
-/*
 #ifdef LOG
 	if (logattacks)
 	{
@@ -2002,7 +2008,6 @@ denlstring(s, strict, logattacks)
 			shortenstring(bp, 203));
 	}
 #endif
-*/
 
 	return bp;
 }

usr.sbin/sendmail/src/version.c

@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.7.3.1 (Berkeley) 12/3/95";
+static char sccsid[] = "@(#)version.c	8.7.4.1 (Berkeley) 2/18/96";
 #endif /* not lint */
 
-char	Version[] = "8.7.3";
+char	Version[] = "8.7.4";