This commit was generated by cvs2svn to compensate for changes in r159609,

which included commits to RCS files with non-trunk default branches.

contrib/sendmail/RELEASE_NOTES

@@ -1,11 +1,58 @@
 			SENDMAIL RELEASE NOTES
-      $Id: RELEASE_NOTES,v 8.1765 2006/03/08 02:15:03 ca Exp $
+      $Id: RELEASE_NOTES,v 8.1777.2.6 2006/06/05 22:32:41 ca Exp $
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.13.7/8.13.7	2006/06/14
+	A malformed MIME structure with many parts can cause sendmail to
+		crash while trying to send a mail due to a stack overflow,
+		e.g., if the stack size is limited (ulimit -s).  This
+		happens because the recursion of the function mime8to7()
+		was not restricted.  The function is called for MIME 8 to
+		7 bit conversion and also to enforce MaxMimeHeaderLength.
+		To work around this problem, recursive calls are limited to
+		a depth of MAXMIMENESTING (20); message content after this
+		limit is treated as opaque and is not checked further.
+		Problem noted by Frank Sheiness.
+	The changes to the I/O layer in 8.13.6 caused a regression for
+		SASL mechanisms that use the security layer, e.g.,
+		DIGEST-MD5.  Problem noted by Robert Stampfli.
+	If a timeout occurs while reading a message (during the DATA phase)
+		a df file might have been left behind in the queue.
+		This was another side effect of the changes to the I/O
+		layer made in 8.13.6.
+	Several minor problems have been fixed that were found by a
+		Coverity scan of sendmail 8 as part of the NetBSD
+		distribution. See http://scan.coverity.com/
+		Note: the scan generated also a lot of "false positives",
+		e.g., "error" reports about situations that cannot happen.
+		Most of those code places are marked with lint(1) comments
+		like NOTREACHED, but Coverity does not understand those.
+		Hence an explicit assertion has been added in some cases
+		to avoid those false positives.
+	If the start of the sendmail daemon fails due to a configuration
+		error then in some cases shared memory segments or pid
+		files were not removed.
+	If DSN support is disabled via access_db, then related ESMTP
+		parameters for MAIL and RCPT should be rejected.  Problem
+		reported by Akihiro Sagawa.
+	Enabling zlib compression in OpenSSL 0.9.8[ab] breaks the padding
+		bug work-around.  Hence if sendmail is linked against
+		either of these versions and compression is available,
+		the padding bug work-around is turned off.  Based on
+		patch from Victor Duchovni of Morgan Stanley.
+	CONFIG: FEATURE(`dnsbl') and FEATURE(`enhdnsbl') used
+		blackholes.mail-abuse.org as default domain for lookups,
+		however, that list is no longer available.  To avoid
+		further problems, no default value is available anymore,
+		but an argument must be specified.
+	Portability:
+		Fix compilation on OSF/1 for sfsasl.c.  Patch from
+		Pieter Bowman of the University of Utah.
+
 8.13.6/8.13.6	2006/03/22
 	SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
 		and client side of sendmail with timeouts in the libsm I/O

contrib/sendmail/cf/README

@@ -1242,13 +1242,10 @@ use_client_ptr	If this feature is enabled then check_relay will override
 		about check_relay, {client_name}, and {client_ptr}.
 
 dnsbl		Turns on rejection of hosts found in an DNS based rejection
-		list.  If an argument is provided it is used as the domain
-		in which blocked hosts are listed; otherwise it defaults to
-		blackholes.mail-abuse.org.  An explanation for an DNS based
-		rejection list can be found at http://mail-abuse.org/rbl/.
-		A second argument can be used to change the default error
-		message.  Without that second argument, the error message
-		will be
+		list.  The first is used as the domain in which blocked
+		hosts are listed.  A second argument can be used to change
+		the default error message.  Without that second argument,
+		the error message will be
 			Rejected: IP-ADDRESS listed at SERVER
 		where IP-ADDRESS and SERVER are replaced by the appropriate
 		information.  By default, temporary lookup failures are
@@ -1279,13 +1276,6 @@ dnsbl		Turns on rejection of hosts found in an DNS based rejection
 
 		See below (EDNSBL_TO) for an explanation.
 
-		NOTE: The default DNS blacklist, blackholes.mail-abuse.org,
-		is a service offered by the Mail Abuse Prevention System
-		(MAPS).  As of July 31, 2001, MAPS is a subscription
-		service, so using that network address won't work if you
-		haven't subscribed.  Contact MAPS to subscribe
-		(http://mail-abuse.org/).
-
 enhdnsbl	Enhanced version of dnsbl (see above).  Further arguments
 		(up to 5) can be used to specify specific return values
 		from lookups.  Temporary lookup failures are ignored unless
@@ -2631,22 +2621,16 @@ as value part in the access map.  Taking the example from above:
 Mail can't be sent to spammer@aol.com or anyone at cyberspammer.com.
 That's why tagged entries should be used.
 
-There are several DNS based blacklists, the first of which was
-the RBL (``Realtime Blackhole List'') run by the MAPS project,
-see http://mail-abuse.org/.  These are databases of spammers
+There are several DNS based blacklists which can be found by
+querying a search engine.  These are databases of spammers
 maintained in DNS.  To use such a database, specify
 
-	FEATURE(`dnsbl')
+	FEATURE(`dnsbl', `dnsbl.example.com')
 
-This will cause sendmail to reject mail from any site in the original
-Realtime Blackhole List database.  This default DNS blacklist,
-blackholes.mail-abuse.org, is a service offered by the Mail Abuse
-Prevention System (MAPS).  As of July 31, 2001, MAPS is a subscription
-service, so using that network address won't work if you haven't
-subscribed.  Contact MAPS to subscribe (http://mail-abuse.org/).
-
-You can specify an alternative RBL server to check by specifying an
-argument to the FEATURE.  The default error message is
+This will cause sendmail to reject mail from any site listed in the
+DNS based blacklist.  You must select an DNSB based blacklist domain
+to check by specifying an argument to the FEATURE.  The default
+error message is
 
 	Rejected: IP-ADDRESS listed at SERVER
 
@@ -2668,8 +2652,7 @@ where IP-ADDRESS and SERVER are replaced by the appropriate
 information.
 
 This FEATURE can be included several times to query different
-DNS based rejection lists, e.g., the dial-up user list (see
-http://mail-abuse.org/dul/).
+DNS based rejection lists.
 
 Notice: to avoid checking your own local domains against those
 blacklists, use the access_db feature and add:
@@ -4605,4 +4588,4 @@ M4 DIVERSIONS
    8	DNS based blacklists
    9	special local rulesets (1 and 2)
 
-$Revision: 8.704 $, Last updated $Date: 2006/02/15 05:49:31 $
+$Revision: 8.706 $, Last updated $Date: 2006/04/18 22:31:06 $

contrib/sendmail/cf/cf/submit.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by ca@wiz.smi.sendmail.com on Sun Mar 19 22:37:26 PST 2006
-##### in /extra/home/ca/sm-8.13.6/OpenSource/sendmail-8.13.6/cf/cf
+##### built by ca@nother.smi.sendmail.com on Mon Jun 5 15:34:16 PDT 2006
+##### in /extra/home/ca/sm-8.13.7/OpenSource/sendmail-8.13.7/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -29,13 +29,13 @@
 
 #####  $Id: cfhead.m4,v 8.116 2004/01/28 22:02:22 ca Exp $  #####
 #####  $Id: cf.m4,v 8.32 1999/02/07 07:26:14 gshapiro Exp $  #####
-#####  $Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $  #####
+#####  $Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $  #####
 #####  $Id: msp.m4,v 1.33 2004/02/09 22:32:38 ca Exp $  #####
 
 #####  $Id: no_default_msa.m4,v 8.2 2001/02/14 05:03:22 gshapiro Exp $  #####
 
 
-#####  $Id: proto.m4,v 8.718 2005/08/24 18:07:23 ca Exp $  #####
+#####  $Id: proto.m4,v 8.719 2006/03/30 20:50:13 ca Exp $  #####
 
 # level 10 config file format
 V10/Berkeley
@@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1]
 
 
 # Configuration version number
-DZ8.13.6/Submit
+DZ8.13.7/Submit
 
 
 ###############
@@ -1441,7 +1441,7 @@ Mrelay,		P=[IPC], F=mDFMuXa8k, S=EnvFromSMTP/HdrFromSMTP, R=MasqSMTP, E=\r\n, L=
 # #
 # 
 # divert(0)dnl
-# VERSIONID(`$Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $')
+# VERSIONID(`$Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $')
 # define(`confCF_VERSION', `Submit')dnl
 # define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
 # define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet

contrib/sendmail/cf/cf/submit.mc

@@ -15,7 +15,7 @@ divert(-1)
 #
 
 divert(0)dnl
-VERSIONID(`$Id: submit.mc,v 8.13 2003/09/10 22:12:48 ca Exp $')
+VERSIONID(`$Id: submit.mc,v 8.14 2006/04/05 05:54:41 ca Exp $')
 define(`confCF_VERSION', `Submit')dnl
 define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
 define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet

contrib/sendmail/cf/feature/dnsbl.m4

@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998-2002, 2005 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2002, 2005, 2006 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -12,13 +12,15 @@ divert(-1)
 ifdef(`DNSBL_MAP', `', `define(`DNSBL_MAP', `dns -R A')')
 divert(0)
 ifdef(`_DNSBL_R_',`dnl',`dnl
-VERSIONID(`$Id: dnsbl.m4,v 8.30 2005/07/25 20:56:53 ca Exp $')
+VERSIONID(`$Id: dnsbl.m4,v 8.32 2006/03/29 22:50:16 ca Exp $')
 define(`_DNSBL_R_',`')
+ifelse(defn(`_ARG_'), `', 
+	`errprint(`*** ERROR: missing argument for FEATURE(`dnsbl')')')
 LOCAL_CONFIG
 # map for DNS based blacklist lookups
 Kdnsbl DNSBL_MAP -T<TMP>ifdef(`DNSBL_MAP_OPT',` DNSBL_MAP_OPT')')
 divert(-1)
-define(`_DNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
+define(`_DNSBL_SRV_', `_ARG_')dnl
 define(`_DNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_DNSBL_SRV_`"',`_ARG2_')')dnl
 define(`_DNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_DNSBL_SRV_`"',`_ARG3_')')dnl
 divert(8)

contrib/sendmail/cf/feature/enhdnsbl.m4

@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 2000-2002, 2005 Sendmail, Inc. and its suppliers.
+# Copyright (c) 2000-2002, 2005, 2006 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 #
 # By using this file, you agree to the terms and conditions set
@@ -9,16 +9,18 @@ divert(-1)
 #
 #
 
+ifelse(defn(`_ARG_'), `', 
+	`errprint(`*** ERROR: missing argument for FEATURE(`enhdnsbl')')')
 divert(0)
 ifdef(`_EDNSBL_R_',`dnl',`dnl
-VERSIONID(`$Id: enhdnsbl.m4,v 1.10 2005/07/25 20:56:53 ca Exp $')
+VERSIONID(`$Id: enhdnsbl.m4,v 1.11 2006/03/31 19:56:16 ca Exp $')
 LOCAL_CONFIG
 define(`_EDNSBL_R_',`')dnl
 # map for enhanced DNS based blacklist lookups
 Kednsbl dns -R A -a. -T<TMP> -r`'ifdef(`EDNSBL_TO',`EDNSBL_TO',`5')
 ')
 divert(-1)
-define(`_EDNSBL_SRV_', `ifelse(len(X`'_ARG_),`1',`blackholes.mail-abuse.org',_ARG_)')dnl
+define(`_EDNSBL_SRV_', `_ARG_')dnl
 define(`_EDNSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Rejected: " $`'&{client_addr} " listed at '_EDNSBL_SRV_`"',`_ARG2_')')dnl
 define(`_EDNSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{client_addr} " at '_EDNSBL_SRV_`"',`_ARG3_')')dnl
 define(`_EDNSBL_MATCH_', `ifelse(len(X`'_ARG4_),`1',`$`'+',_ARG4_)')dnl

contrib/sendmail/cf/m4/proto.m4

@@ -1,6 +1,6 @@
 divert(-1)
 #
-# Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
+# Copyright (c) 1998-2006 Sendmail, Inc. and its suppliers.
 #	All rights reserved.
 # Copyright (c) 1983, 1995 Eric P. Allman.  All rights reserved.
 # Copyright (c) 1988, 1993
@@ -13,7 +13,7 @@ divert(-1)
 #
 divert(0)
 
-VERSIONID(`$Id: proto.m4,v 8.718 2005/08/24 18:07:23 ca Exp $')
+VERSIONID(`$Id: proto.m4,v 8.719 2006/03/30 20:50:13 ca Exp $')
 
 # level CF_LEVEL config file format
 V`'CF_LEVEL/ifdef(`VENDOR_NAME', `VENDOR_NAME', `Berkeley')
@@ -1959,7 +1959,7 @@ R<@> < $* @ $+ . $+ >	$: < $1 @ $2 . $3 >
 dnl prepend daemon_flags
 R<@> $*			$: $&{daemon_flags} $| <@> $1
 dnl workspace: ${daemon_flags} $| <@> <address>
-dnl 'r'equire qual.rcpt: ok
+dnl _r_equire qual.rcpt: ok
 R$* r $* $| <@> < $+ @ $+ >	$: < $3 @ $4 >
 dnl do not allow these at all or only from local systems?
 R$* r $* $| <@> < $* >	$: < ? $&{client_name} > < $3 >

contrib/sendmail/cf/m4/version.m4

@@ -11,8 +11,8 @@ divert(-1)
 # the sendmail distribution.
 #
 #
-VERSIONID(`$Id: version.m4,v 8.147 2006/03/08 19:21:23 ca Exp $')
+VERSIONID(`$Id: version.m4,v 8.150.2.4 2006/06/05 22:32:40 ca Exp $')
 #
 divert(0)
 # Configuration version number
-DZ8.13.6`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.13.7`'ifdef(`confCF_VERSION', `/confCF_VERSION')

contrib/sendmail/include/libmilter/mfapi.h

@@ -7,7 +7,7 @@
  * the sendmail distribution.
  *
  *
- *	$Id: mfapi.h,v 8.60 2004/08/20 21:24:14 ca Exp $
+ *	$Id: mfapi.h,v 8.61 2006/05/04 17:02:01 ca Exp $
  */
 
 /*
@@ -134,7 +134,7 @@ struct smfiDesc
 #endif /* SMFI_VERSION > 2 */
 
 #if SMFI_VERSION > 3
-	/* any unrecognized or unimplemented command filter */
+	/* SMTP DATA command filter */
 	sfsistat	(*xxfi_data) SM__P((SMFICTX *));
 #endif /* SMFI_VERSION > 3 */
 };

contrib/sendmail/libmilter/docs/xxfi_header.html

@@ -2,7 +2,7 @@
 <head><title>xxfi_header</title></head>
 <body>
 <!--
-$Id: xxfi_header.html,v 1.10 2003/03/05 19:57:55 ca Exp $
+$Id: xxfi_header.html,v 1.11 2006/04/05 17:10:43 ca Exp $
 -->
 <h1>xxfi_header</h1>
 
@@ -44,10 +44,11 @@ Handle a message header.
 	<td> Header field name.
 	</td></tr>
     <tr valign="top"><td>headerv</td>
-	<td>Header field value.  The
-  content of the header may include folded white space (i.e. multiple
-  lines with following white space).  The trailing line terminator (CR/LF)
-  is removed.
+	<td>Header field value.
+	The content of the header may include folded white space,
+	i.e., multiple lines with following white space
+	where lines are separated by LF (not CR/LF).
+	The trailing line terminator (CR/LF) is removed.
 	</td></tr>
     </table>
 </td></tr>
@@ -67,7 +68,7 @@ RFC <a href="http://www.rfc-editor.org/rfc/rfc822.html">822</a>
 
 <hr size="1">
 <font size="-1">
-Copyright (c) 2000, 2003 Sendmail, Inc. and its suppliers.
+Copyright (c) 2000, 2003, 2006 Sendmail, Inc. and its suppliers.
 All rights reserved.
 <br>
 By using this file, you agree to the terms and conditions set

contrib/sendmail/libmilter/engine.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 1999-2003 Sendmail, Inc. and its suppliers.
+ *  Copyright (c) 1999-2004, 2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -9,7 +9,7 @@
  */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Id: engine.c,v 8.120 2004/10/20 21:09:00 ca Exp $")
+SM_RCSID("@(#)$Id: engine.c,v 8.121 2006/04/18 21:01:46 ca Exp $")
 
 #include "libmilter.h"
 
@@ -166,6 +166,8 @@ static int next_states[] =
 	NX_UNKN
 };
 
+#define SIZE_NEXT_STATES	(sizeof(next_states) / sizeof(next_states[0]))
+
 /* commands received by milter */
 static cmdfct cmds[] =
 {
@@ -1076,6 +1078,8 @@ trans_ok(old, new)
 	int s, n;
 
 	s = old;
+	if (s >= SIZE_NEXT_STATES)
+		return false;
 	do
 	{
 		/* is this state transition allowed? */
@@ -1089,6 +1093,8 @@ trans_ok(old, new)
 		*/
 
 		n = s + 1;
+		if (n >= SIZE_NEXT_STATES)
+			return false;
 
 		/*
 		**  can we actually "skip" this state?
@@ -1100,7 +1106,7 @@ trans_ok(old, new)
 			s = n;
 		else
 			return false;
-	} while (s <= ST_LAST);
+	} while (s < SIZE_NEXT_STATES);
 	return false;
 }
 /*

contrib/sendmail/libsm/t-memstat.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2005, 2006 Sendmail, Inc. and its suppliers.
  *      All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -8,16 +8,20 @@
  */
 
 #include <sm/gen.h>
-SM_IDSTR(id, "@(#)$Id: t-memstat.c,v 1.5 2005/12/22 19:05:42 ca Exp $")
+SM_IDSTR(id, "@(#)$Id: t-memstat.c,v 1.6 2006/03/27 22:34:47 ca Exp $")
 
 /*
-** Simple test program for memstat
+**  Simple test program for memstat
 */
 
 #include <stdlib.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <strings.h>
+#include <string.h>
+
+extern char *optarg;
+extern int optind;
 
 int
 main(argc, argv)

contrib/sendmail/src/README

@@ -9,7 +9,7 @@
 # the sendmail distribution.
 #
 #
-#	$Id: README,v 8.388 2005/07/26 05:45:39 ca Exp $
+#	$Id: README,v 8.389 2006/05/02 16:58:50 ca Exp $
 #
 
 This directory contains the source files for sendmail(TM).
@@ -1716,6 +1716,18 @@ Regular Expressions (MAP_REGEX)
 	Make sure, your compiler reads regex.h from the distribution,
 	not from /usr/include, otherwise sendmail will dump a core.
 
+Fedora Core 5, 64 bit version
+	If the ld stage fails with undefined functions like
+	__res_querydomain, __dn_expand
+	then add these lines to devtools/Site/site.config.m4
+
+	APPENDDEF(`confLIBDIRS', `-L/usr/lib64')
+	APPENDDEF(`confINCDIRS', `-I/usr/include/bind9')
+
+	and rebuild (sh ./Build -c).
+
+	Problem noted by Daniel Krones, solution suggested by
+	Anthony Howe.
 
 +--------------+
 | MANUAL PAGES |
@@ -1832,4 +1844,4 @@ util.c		Some general purpose routines used by sendmail.
 version.c	The version number and information about this
 		version of sendmail.
 
-(Version $Revision: 8.388 $, last update $Date: 2005/07/26 05:45:39 $ )
+(Version $Revision: 8.389 $, last update $Date: 2006/05/02 16:58:50 $ )

contrib/sendmail/src/bf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999-2002, 2004 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1999-2002, 2004, 2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -18,7 +18,7 @@
 */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Id: bf.c,v 8.61 2004/08/03 23:59:02 ca Exp $")
+SM_RCSID("@(#)$Id: bf.c,v 8.62 2006/03/31 18:45:56 ca Exp $")
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -540,13 +540,16 @@ sm_bfwrite(fp, buf, nbytes)
 		if (!bfp->bf_ondisk)
 		{
 			MODE_T omask;
+			int save_errno;
 
 			/* Clear umask as bf_filemode are the true perms */
 			omask = umask(0);
 			retval = OPEN(bfp->bf_filename,
 				      O_RDWR | O_CREAT | O_TRUNC | QF_O_EXTRA,
 				      bfp->bf_filemode, bfp->bf_flags);
+			save_errno = errno;
 			(void) umask(omask);
+			errno = save_errno;
 
 			/* Couldn't create file: failure */
 			if (retval < 0)

contrib/sendmail/src/collect.c

@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: collect.c,v 8.272 2006/03/02 19:09:26 ca Exp $")
+SM_RCSID("@(#)$Id: collect.c,v 8.273 2006/03/31 18:51:47 ca Exp $")
 
 static void	eatfrom __P((char *volatile, ENVELOPE *));
 static void	collect_doheader __P((ENVELOPE *));
@@ -857,6 +857,8 @@ collect(fp, smtpmode, hdrp, e, rsetsize)
 			q->q_state = QS_FATALERR;
 		}
 
+		(void) sm_io_close(df, SM_TIME_DEFAULT);
+		df = NULL;
 		finis(true, true, ExitStat);
 		/* NOTREACHED */
 	}

contrib/sendmail/src/daemon.c

@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: daemon.c,v 8.665 2006/03/02 19:12:00 ca Exp $")
+SM_RCSID("@(#)$Id: daemon.c,v 8.666 2006/04/18 01:23:42 ca Exp $")
 
 #if defined(SOCK_STREAM) || defined(__GNU_LIBRARY__)
 # define USE_SOCK_STREAM	1
@@ -520,18 +520,22 @@ getrequests(e)
 
 			syserr("getrequests: accept");
 
-			/* arrange to re-open the socket next time around */
-			(void) close(Daemons[curdaemon].d_socket);
-			Daemons[curdaemon].d_socket = -1;
+			if (curdaemon >= 0)
+			{
+				/* arrange to re-open socket next time around */
+				(void) close(Daemons[curdaemon].d_socket);
+				Daemons[curdaemon].d_socket = -1;
 #if SO_REUSEADDR_IS_BROKEN
-			/*
-			**  Give time for bound socket to be released.
-			**  This creates a denial-of-service if you can
-			**  force accept() to fail on affected systems.
-			*/
+				/*
+				**  Give time for bound socket to be released.
+				**  This creates a denial-of-service if you can
+				**  force accept() to fail on affected systems.
+				*/
 
-			Daemons[curdaemon].d_refuse_connections_until = curtime() + 15;
+				Daemons[curdaemon].d_refuse_connections_until =
+					curtime() + 15;
 #endif /* SO_REUSEADDR_IS_BROKEN */
+			}
 			continue;
 		}
 
@@ -2083,7 +2087,7 @@ makeconnection(host, port, mci, e, enough)
 	SOCKADDR clt_addr;
 	int save_errno = 0;
 	volatile SOCKADDR_LEN_T addrlen;
-	volatile bool firstconnect;
+	volatile bool firstconnect = true;
 	SM_EVENT *volatile ev = NULL;
 #if NETINET6
 	volatile bool v6found = false;
@@ -2486,7 +2490,6 @@ makeconnection(host, port, mci, e, enough)
 	}
 #endif /* XLA */
 
-	firstconnect = true;
 	for (;;)
 	{
 		if (tTd(16, 1))

contrib/sendmail/src/deliver.c

@@ -14,7 +14,7 @@
 #include <sendmail.h>
 #include <sm/time.h>
 
-SM_RCSID("@(#)$Id: deliver.c,v 8.1000 2006/03/02 01:37:39 ca Exp $")
+SM_RCSID("@(#)$Id: deliver.c,v 8.1003.2.1 2006/05/23 01:32:08 ca Exp $")
 
 #if HASSETUSERCONTEXT
 # include <login_cap.h>
@@ -3127,15 +3127,18 @@ deliver(e, firstto)
 
 				if (result == SASL_OK && *ssf > 0)
 				{
+					int tmo;
+
 					/*
 					**  Convert I/O layer to use SASL.
 					**  If the call fails, the connection
 					**  is aborted.
 					*/
 
+					tmo = DATA_PROGRESS_TIMEOUT * 1000;
 					if (sfdcsasl(&mci->mci_in,
 						     &mci->mci_out,
-						     mci->mci_conn) == 0)
+						     mci->mci_conn, tmo) == 0)
 					{
 						mci->mci_flags &= ~MCIF_EXTENS;
 						mci->mci_flags |= MCIF_AUTHACT|
@@ -3961,7 +3964,11 @@ giveresponse(status, dsn, m, mci, ctladdr, xstart, e, to)
 	char *exmsg;
 
 	if (e == NULL)
+	{
 		syserr("giveresponse: null envelope");
+		/* NOTREACHED */
+		SM_ASSERT(0);
+	}
 
 	/*
 	**  Compute status message from code.
@@ -4623,7 +4630,7 @@ putbody(mci, e, separator)
 		/* now do the hard work */
 		boundaries[0] = NULL;
 		mci->mci_flags |= MCIF_INHEADER;
-		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) ==
+		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) ==
 								SM_IO_EOF)
 			goto writeerr;
 	}
@@ -4654,7 +4661,7 @@ putbody(mci, e, separator)
 			SuprErrs = true;
 
 		if (mime8to7(mci, e->e_header, e, boundaries,
-				M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF)
+				M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF)
 			goto writeerr;
 
 		/* restore SuprErrs */
@@ -5217,8 +5224,14 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		CurrentPid = getpid();
 
 		if (e->e_lockfp != NULL)
-			(void) close(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD,
-				     NULL));
+		{
+			int fd;
+
+			fd = sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL);
+			/* SM_ASSERT(fd >= 0); */
+			if (fd >= 0)
+				(void) close(fd);
+		}
 
 		(void) sm_signal(SIGINT, SIG_DFL);
 		(void) sm_signal(SIGHUP, SIG_DFL);

contrib/sendmail/src/domain.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2004, 2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1986, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -14,9 +14,9 @@
 #include <sendmail.h>
 
 #if NAMED_BIND
-SM_RCSID("@(#)$Id: domain.c,v 8.197 2005/03/04 00:54:42 ca Exp $ (with name server)")
+SM_RCSID("@(#)$Id: domain.c,v 8.199 2006/04/18 00:00:34 ca Exp $ (with name server)")
 #else /* NAMED_BIND */
-SM_RCSID("@(#)$Id: domain.c,v 8.197 2005/03/04 00:54:42 ca Exp $ (without name server)")
+SM_RCSID("@(#)$Id: domain.c,v 8.199 2006/04/18 00:00:34 ca Exp $ (without name server)")
 #endif /* NAMED_BIND */
 
 #if NAMED_BIND
@@ -521,7 +521,7 @@ getmxrr(host, mxhosts, mxprefs, droplocalhost, rcode, tryfallback, pttl)
 			}
 # if NETINET6
 			freehostent(h);
-			hp = NULL;
+			h = NULL;
 # endif /* NETINET6 */
 		}
 		if (strlen(host) >= sizeof MXHostBuf)
@@ -972,11 +972,7 @@ dns_getcanonname(host, hbsize, trymx, statp, pttl)
 		/* avoid problems after truncation in tcp packets */
 		if (ret > sizeof(answer))
 			ret = sizeof(answer);
-		if (ret < 0)
-		{
-			*statp = EX_SOFTWARE;
-			return false;
-		}
+		SM_ASSERT(ret >= 0);
 
 		/*
 		**  Appear to have a match.  Confirm it by searching for A or

contrib/sendmail/src/envelope.c

@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: envelope.c,v 8.295 2005/06/15 20:32:18 ca Exp $")
+SM_RCSID("@(#)$Id: envelope.c,v 8.296 2006/03/31 18:53:50 ca Exp $")
 
 /*
 **  CLRSESSENVELOPE -- clear session oriented data in an envelope
@@ -519,7 +519,14 @@ dropenvelope(e, fulldrop, split)
 			printenvflags(e);
 		}
 		if (!panic)
+		{
+			if (e->e_dfp != NULL)
+			{
+				(void) sm_io_close(e->e_dfp, SM_TIME_DEFAULT);
+				e->e_dfp = NULL;
+			}
 			(void) xunlink(queuename(e, DATAFL_LETTER));
+		}
 		if (panic && QueueMode == QM_LOST)
 		{
 			/*

contrib/sendmail/src/helpfile

@@ -1,6 +1,6 @@
 #vers	2
 cpyr
-cpyr	Copyright (c) 1998-2000, 2002, 2004, 2005 Sendmail, Inc. and its suppliers.
+cpyr	Copyright (c) 1998-2000, 2002, 2004-2006 Sendmail, Inc. and its suppliers.
 cpyr	    All rights reserved.
 cpyr	Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
 cpyr	Copyright (c) 1988, 1993
@@ -11,7 +11,7 @@ cpyr	By using this file, you agree to the terms and conditions set
 cpyr	forth in the LICENSE file which can be found at the top level of
 cpyr	the sendmail distribution.
 cpyr
-cpyr	$$Id: helpfile,v 8.45 2005/09/13 00:05:23 ca Exp $$
+cpyr	$$Id: helpfile,v 8.47 2006/04/26 18:22:54 ca Exp $$
 cpyr
 smtp	This is sendmail version $v
 smtp	Topics:
@@ -20,8 +20,8 @@ smtp		RSET	NOOP	QUIT	HELP	VRFY
 smtp		EXPN	VERB	ETRN	DSN	AUTH
 smtp		STARTTLS
 smtp	For more info use "HELP <topic>".
-smtp	To report bugs in the implementation send email to
-smtp		sendmail-bugs@sendmail.org.
+smtp	To report bugs in the implementation see
+smtp		http://www.sendmail.org/email-addresses.html
 smtp	For local information send email to Postmaster at your site.
 help	HELP [ <topic> ]
 help		The HELP command gives help info.
@@ -77,14 +77,14 @@ expn		Expand an address.  If the address indicates a mailing
 expn		list, return the contents of that list.
 noop	NOOP
 noop		Do nothing.
-send	SEND FROM: <sender>
+send	SEND FROM:<sender>
 send		replaces the MAIL command, and can be used to send
 send		directly to a users terminal.  Not supported in this
 send		implementation.
-soml	SOML FROM: <sender>
+soml	SOML FROM:<sender>
 soml		Send or mail.  If the user is logged in, send directly,
 soml		otherwise mail.  Not supported in this implementation.
-saml	SAML FROM: <sender>
+saml	SAML FROM:<sender>
 saml		Send and mail.  Send directly to the user's terminal,
 saml		and also mail a letter.  Not supported in this
 saml		implementation.
@@ -95,8 +95,8 @@ etrn	ETRN [ <hostname> | @<domain> | \#<queuename> ]
 etrn		Run the queue for the specified <hostname>, or
 etrn		all hosts within a given <domain>, or a specially-named
 etrn		<queuename> (implementation-specific).
-dsn	MAIL FROM: <sender> [ RET={ FULL | HDRS} ] [ ENVID=<envid> ]
-dsn	RCPT TO: <recipient> [ NOTIFY={NEVER,SUCCESS,FAILURE,DELAY} ]
+dsn	MAIL From:<sender> [ RET={ FULL | HDRS} ] [ ENVID=<envid> ]
+dsn	RCPT To:<recipient> [ NOTIFY={NEVER,SUCCESS,FAILURE,DELAY} ]
 dsn			     [ ORCPT=<recipient> ]
 dsn		SMTP Delivery Status Notifications.
 dsn	Descriptions:

contrib/sendmail/src/main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -25,7 +25,7 @@ SM_UNUSED(static char copyright[]) =
 	The Regents of the University of California.  All rights reserved.\n";
 #endif /* ! lint */
 
-SM_RCSID("@(#)$Id: main.c,v 8.942 2005/12/26 04:39:13 ca Exp $")
+SM_RCSID("@(#)$Id: main.c,v 8.944 2006/04/21 23:56:42 ca Exp $")
 
 
 #if NETINET || NETINET6
@@ -516,6 +516,8 @@ main(argc, argv, envp)
 
 	/* reset macro */
 	set_op_mode(OpMode);
+	if (OpMode == MD_DAEMON)
+		DaemonPid = CurrentPid;	/* needed for finis() to work */
 
 	pw = sm_getpwuid(RealUid);
 	if (pw != NULL)
@@ -2319,10 +2321,7 @@ main(argc, argv, envp)
 
 		dtype[0] = '\0';
 		if (OpMode == MD_DAEMON)
-		{
 			(void) sm_strlcat(dtype, "+SMTP", sizeof dtype);
-			DaemonPid = CurrentPid;
-		}
 		if (QueueIntvl > 0)
 		{
 			(void) sm_strlcat2(dtype,
@@ -2874,6 +2873,7 @@ finis(drop, cleanup, exitstat)
 	volatile int exitstat;
 {
 	char pidpath[MAXPATHLEN];
+	pid_t pid;
 
 	/* Still want to process new timeouts added below */
 	sm_clear_events();
@@ -2942,14 +2942,15 @@ finis(drop, cleanup, exitstat)
 
 		/* XXX clean up queues and related data structures */
 		cleanup_queues();
+		pid = getpid();
 #if SM_CONF_SHM
-		cleanup_shm(DaemonPid == getpid());
+		cleanup_shm(DaemonPid == pid);
 #endif /* SM_CONF_SHM */
 
 		/* close locked pid file */
 		close_sendmail_pid();
 
-		if (DaemonPid == getpid() || PidFilePid == getpid())
+		if (DaemonPid == pid || PidFilePid == pid)
 		{
 			/* blow away the pid file */
 			expand(PidFile, pidpath, sizeof pidpath, CurEnv);
@@ -3275,13 +3276,18 @@ disconnect(droplev, e)
 	{
 		fd = open(SM_PATH_DEVNULL, O_WRONLY, 0666);
 		if (fd == -1)
+		{
 			sm_syslog(LOG_ERR, e->e_id,
 				  "disconnect: open(\"%s\") failed: %s",
 				  SM_PATH_DEVNULL, sm_errstring(errno));
+		}
 		(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
-		(void) dup2(fd, STDOUT_FILENO);
-		(void) dup2(fd, STDERR_FILENO);
-		(void) close(fd);
+		if (fd >= 0)
+		{
+			(void) dup2(fd, STDOUT_FILENO);
+			(void) dup2(fd, STDERR_FILENO);
+			(void) close(fd);
+		}
 	}
 
 	/* drop our controlling TTY completely if possible */

contrib/sendmail/src/map.c

@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: map.c,v 8.671 2005/10/25 17:55:50 ca Exp $")
+SM_RCSID("@(#)$Id: map.c,v 8.672 2006/04/18 01:26:41 ca Exp $")
 
 #if LDAPMAP
 # include <sm/ldap.h>
@@ -5992,6 +5992,10 @@ user_map_lookup(map, key, av, statp)
 		  case 7:
 			rwval = user.mbdb_shell;
 			break;
+		  default:
+			syserr("user_map %s: bogus field %d",
+				map->map_mname, map->map_valcolno);
+			return NULL;
 		}
 		return map_rewrite(map, rwval, strlen(rwval), av);
 	}

contrib/sendmail/src/mime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2003 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2003, 2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1994, 1996-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1994
@@ -14,7 +14,7 @@
 #include <sendmail.h>
 #include <string.h>
 
-SM_RCSID("@(#)$Id: mime.c,v 8.139 2006/03/01 18:07:45 ca Exp $")
+SM_RCSID("@(#)$Id: mime.c,v 8.142.2.1 2006/05/23 01:32:08 ca Exp $")
 
 /*
 **  MIME support.
@@ -80,6 +80,7 @@ static bool	MapNLtoCRLF;
 **		boundaries -- the currently pending message boundaries.
 **			NULL if we are processing the outer portion.
 **		flags -- to tweak processing.
+**		level -- recursion level.
 **
 **	Returns:
 **		An indicator of what terminated the message part:
@@ -96,12 +97,13 @@ struct args
 };
 
 int
-mime8to7(mci, header, e, boundaries, flags)
+mime8to7(mci, header, e, boundaries, flags, level)
 	register MCI *mci;
 	HDR *header;
 	register ENVELOPE *e;
 	char **boundaries;
 	int flags;
+	int level;
 {
 	register char *p;
 	int linelen;
@@ -122,6 +124,18 @@ mime8to7(mci, header, e, boundaries, flags)
 	char pvpbuf[MAXLINE];
 	extern unsigned char MimeTokenTab[256];
 
+	if (level > MAXMIMENESTING)
+	{
+		if (!bitset(EF_TOODEEP, e->e_flags))
+		{
+			if (tTd(43, 4))
+				sm_dprintf("mime8to7: too deep, level=%d\n",
+					   level);
+			usrerr("mime8to7: recursion level %d exceeded",
+				level);
+			e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
+		}
+	}
 	if (tTd(43, 1))
 	{
 		sm_dprintf("mime8to7: flags = %x, boundaries =", flags);
@@ -213,7 +227,7 @@ mime8to7(mci, header, e, boundaries, flags)
 	if (subtype == NULL)
 		subtype = "-none-";
 
-	/* don't propogate some flags more than one level into the message */
+	/* don't propagate some flags more than one level into the message */
 	flags &= ~M87F_DIGEST;
 
 	/*
@@ -242,7 +256,9 @@ mime8to7(mci, header, e, boundaries, flags)
 	*/
 
 	if (sm_strcasecmp(type, "multipart") == 0 &&
-	    (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)))
+	    (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) &&
+	    !bitset(EF_TOODEEP, e->e_flags)
+	   )
 	{
 
 		if (sm_strcasecmp(subtype, "digest") == 0)
@@ -286,10 +302,13 @@ mime8to7(mci, header, e, boundaries, flags)
 		}
 		if (i >= MAXMIMENESTING)
 		{
-			usrerr("mime8to7: multipart nesting boundary too deep");
+			if (tTd(43, 4))
+				sm_dprintf("mime8to7: too deep, i=%d\n", i);
+			if (!bitset(EF_TOODEEP, e->e_flags))
+				usrerr("mime8to7: multipart nesting boundary too deep");
 
 			/* avoid bounce loops */
-			e->e_flags |= EF_DONT_MIME;
+			e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
 		}
 		else
 		{
@@ -333,7 +352,8 @@ mime8to7(mci, header, e, boundaries, flags)
 				goto writeerr;
 			if (tTd(43, 101))
 				putline("+++after putheader", mci);
-			bt = mime8to7(mci, hdr, e, boundaries, flags);
+			bt = mime8to7(mci, hdr, e, boundaries, flags,
+				      level + 1);
 			if (bt == SM_IO_EOF)
 				goto writeerr;
 		}
@@ -374,7 +394,8 @@ mime8to7(mci, header, e, boundaries, flags)
 
 	if (sm_strcasecmp(type, "message") == 0)
 	{
-		if (!wordinclass(subtype, 's'))
+		if (!wordinclass(subtype, 's') ||
+		    bitset(EF_TOODEEP, e->e_flags))
 		{
 			flags |= M87F_NO8BIT;
 		}
@@ -397,7 +418,8 @@ mime8to7(mci, header, e, boundaries, flags)
 			    !bitset(M87F_NO8TO7, flags) &&
 			    !putline("MIME-Version: 1.0", mci))
 				goto writeerr;
-			bt = mime8to7(mci, hdr, e, boundaries, flags);
+			bt = mime8to7(mci, hdr, e, boundaries, flags,
+				      level + 1);
 			mci->mci_flags &= ~MCIF_INMIME;
 			return bt;
 		}

contrib/sendmail/src/parseaddr.c

@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: parseaddr.c,v 8.383 2006/02/01 19:46:11 ca Exp $")
+SM_RCSID("@(#)$Id: parseaddr.c,v 8.384 2006/04/18 01:28:47 ca Exp $")
 
 static void	allocaddr __P((ADDRESS *, int, char *, ENVELOPE *));
 static int	callsubr __P((char**, int, ENVELOPE *));
@@ -1442,7 +1442,11 @@ rewrite(pvp, ruleset, reclevel, e, maxatom)
 				endtoken = LOOKUPEND;
 				mapname = *++rvp;
 				if (mapname == NULL)
+				{
 					syserr("554 5.3.0 rewrite: missing mapname");
+					/* NOTREACHED */
+					SM_ASSERT(0);
+				}
 			}
 			map = stab(mapname, ST_MAP, ST_FIND);
 			if (map == NULL)
@@ -1452,8 +1456,12 @@ rewrite(pvp, ruleset, reclevel, e, maxatom)
 			/* extract the match part */
 			key_rvp = ++rvp;
 			if (key_rvp == NULL)
+			{
 				syserr("554 5.3.0 rewrite: missing key for map %s",
 					mapname);
+				/* NOTREACHED */
+				SM_ASSERT(0);
+			}
 			default_rvp = NULL;
 			arg_rvp = argvect;
 			xpvp = NULL;
@@ -1522,7 +1530,8 @@ rewrite(pvp, ruleset, reclevel, e, maxatom)
 			if (replac == NULL && default_rvp != NULL)
 			{
 				/* create the default */
-				cataddr(default_rvp, NULL, cbuf, sizeof cbuf, '\0');
+				cataddr(default_rvp, NULL, cbuf, sizeof cbuf,
+					'\0');
 				replac = cbuf;
 			}
 
@@ -3175,8 +3184,7 @@ rscap(rwset, p1, p2, e, pvp, pvpbuf, size)
 		sm_dprintf("rscap(%s, %s, %s)\n", rwset, p1,
 			p2 == NULL ? "(NULL)" : p2);
 
-	if (pvp != NULL)
-		*pvp = NULL;
+	SM_REQUIRE(pvp != NULL);
 	rsno = strtorwset(rwset, NULL, ST_FIND);
 	if (rsno < 0)
 		return EX_UNAVAILABLE;

contrib/sendmail/src/queue.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998-2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 1998-2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
  * Copyright (c) 1988, 1993
@@ -14,7 +14,7 @@
 #include <sendmail.h>
 #include <sm/sem.h>
 
-SM_RCSID("@(#)$Id: queue.c,v 8.951 2006/03/02 19:13:38 ca Exp $")
+SM_RCSID("@(#)$Id: queue.c,v 8.954 2006/04/22 01:07:00 ca Exp $")
 
 #include <dirent.h>
 
@@ -3902,6 +3902,7 @@ readqf(e, openonly)
 	**  Read and process the file.
 	*/
 
+	bp = NULL;
 	(void) sm_strlcpy(qf, queuename(e, ANYQFL_LETTER), sizeof qf);
 	qfp = sm_io_open(SmFtStdio, SM_TIME_DEFAULT, qf, SM_IO_RDWR_B, NULL);
 	if (qfp == NULL)
@@ -4033,6 +4034,7 @@ readqf(e, openonly)
 		}
 		if (delim != '\0')
 			*bp = delim;
+		bp = NULL;
 	}
 	if (!bogus)
 		bogus = bitset(qsafe, st.st_mode);
@@ -4468,7 +4470,10 @@ readqf(e, openonly)
 		}
 
 		if (bp != buf)
+		{
 			sm_free(bp); /* XXX */
+			bp = NULL;
+		}
 	}
 
 	/*
@@ -4541,6 +4546,11 @@ readqf(e, openonly)
 	**	queueup() with bogus data.
 	*/
 
+	if (bp != NULL && bp != buf)
+	{
+		sm_free(bp); /* XXX */
+		bp = NULL;
+	}
 	if (qfp != NULL)
 		(void) sm_io_close(qfp, SM_TIME_DEFAULT);
 	e->e_lockfp = NULL;
@@ -5180,7 +5190,7 @@ queuename(e, type)
 	else
 	{
 		if (e->e_qgrp == NOQGRP || e->e_qdir == NOQDIR)
-			setnewqueue(e);
+			(void) setnewqueue(e);
 		if (type ==  DATAFL_LETTER)
 		{
 			qd = e->e_dfqdir;
@@ -5194,7 +5204,7 @@ queuename(e, type)
 	}
 
 	/* xf files always have a valid qd and qg picked above */
-	if (e->e_qdir == NOQDIR && type != XSCRPT_LETTER)
+	if ((qd == NOQDIR || qg == NOQGRP) && type != XSCRPT_LETTER)
 		(void) sm_strlcpyn(buf, sizeof buf, 2, pref, e->e_id);
 	else
 	{
@@ -6397,7 +6407,7 @@ filesys_update()
 
 #if SM_CONF_SHM
 	/* only the daemon updates this structure */
-	if (ShmId != SM_SHM_NO_ID && DaemonPid != CurrentPid)
+	if (ShmId == SM_SHM_NO_ID || DaemonPid != CurrentPid)
 		return;
 #endif /* SM_CONF_SHM */
 	now = curtime();

contrib/sendmail/src/sendmail.h

@@ -52,7 +52,7 @@
 
 #ifdef _DEFINE
 # ifndef lint
-SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1006 2006/02/27 17:49:09 ca Exp $";
+SM_UNUSED(static char SmailId[]) = "@(#)$Id: sendmail.h,v 8.1008.2.1 2006/05/23 01:32:07 ca Exp $";
 # endif /* ! lint */
 #endif /* _DEFINE */
 
@@ -942,6 +942,7 @@ struct envelope
 #define EF_TOOBIG	0x02000000L	/* message is too big */
 #define EF_SPLIT	0x04000000L	/* envelope has been split */
 #define EF_UNSAFE	0x08000000L	/* unsafe: read from untrusted source */
+#define EF_TOODEEP	0x10000000L	/* message is nested too deep */
 
 #define DLVR_NOTIFY	0x01
 #define DLVR_RETURN	0x02
@@ -1655,7 +1656,7 @@ EXTERN unsigned long	PrivacyFlags;	/* privacy flags */
 
 /* functions */
 extern bool	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
-extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
+extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int, int));
 
 /*
 **  Flags passed to returntosender.
@@ -2224,7 +2225,7 @@ EXTERN int	MaxNOOPCommands; /* max "noise" commands before slowdown */
 EXTERN int	MaxRcptPerMsg;	/* max recipients per SMTP message */
 EXTERN int	MaxRuleRecursion;	/* maximum depth of ruleset recursion */
 #if _FFR_MSG_ACCEPT
-EXTERN char	*MessageAccept;
+EXTERN char	*MessageAccept; /* "Message accepted for delivery" reply text */
 #endif /* _FFR_MSG_ACCEPT */
 
 EXTERN int	MimeMode;	/* MIME processing mode */

contrib/sendmail/src/sfsasl.c

@@ -9,9 +9,10 @@
  */
 
 #include <sm/gen.h>
-SM_RCSID("@(#)$Id: sfsasl.c,v 8.113 2006/03/02 19:18:27 ca Exp $")
+SM_RCSID("@(#)$Id: sfsasl.c,v 8.115 2006/04/18 21:34:07 ca Exp $")
 #include <stdlib.h>
 #include <sendmail.h>
+#include <sm/time.h>
 #include <errno.h>
 
 /* allow to disable error handling code just in case... */
@@ -326,6 +327,7 @@ sasl_write(fp, buf, size)
 	{
 		while (outlen > 0)
 		{
+			errno = 0;
 			/* XXX result == 0? */
 			ret = sm_io_write(so->fp, SM_TIME_DEFAULT,
 					  &outbuf[total], outlen);
@@ -347,8 +349,9 @@ sasl_write(fp, buf, size)
 **
 **	Parameters:
 **		fin -- the sm_io file encrypted data to be read from
-**		fout -- the sm_io file encrypted data to be writen to
+**		fout -- the sm_io file encrypted data to be written to
 **		conn -- the sasl connection pointer
+**		tmo -- timeout
 **
 **	Returns:
 **		-1 on error
@@ -360,15 +363,16 @@ sasl_write(fp, buf, size)
 */
 
 int
-sfdcsasl(fin, fout, conn)
+sfdcsasl(fin, fout, conn, tmo)
 	SM_FILE_T **fin;
 	SM_FILE_T **fout;
 	sasl_conn_t *conn;
+	int tmo;
 {
 	SM_FILE_T *newin, *newout;
 	SM_FILE_T  SM_IO_SET_TYPE(sasl_vector, "sasl", sasl_open, sasl_close,
 		sasl_read, sasl_write, NULL, sasl_getinfo, NULL,
-		SM_TIME_FOREVER);
+		SM_TIME_DEFAULT);
 	struct sasl_info info;
 
 	if (conn == NULL)
@@ -379,7 +383,7 @@ sfdcsasl(fin, fout, conn)
 
 	SM_IO_INIT_TYPE(sasl_vector, "sasl", sasl_open, sasl_close,
 		sasl_read, sasl_write, NULL, sasl_getinfo, NULL,
-		SM_TIME_FOREVER);
+		SM_TIME_DEFAULT);
 	info.fp = *fin;
 	info.conn = conn;
 	newin = sm_io_open(&sasl_vector, SM_TIME_DEFAULT, &info,
@@ -400,6 +404,9 @@ sfdcsasl(fin, fout, conn)
 	}
 	sm_io_automode(newin, newout);
 
+	sm_io_setinfo(*fin, SM_IO_WHAT_TIMEOUT, &tmo);
+	sm_io_setinfo(*fout, SM_IO_WHAT_TIMEOUT, &tmo);
+
 	*fin = newin;
 	*fout = newout;
 	return 0;

contrib/sendmail/src/sfsasl.h

@@ -6,15 +6,15 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Id: sfsasl.h,v 8.19 2006/02/27 19:53:37 ca Exp $"
+ *	$Id: sfsasl.h,v 8.20 2006/03/27 21:31:00 ca Exp $"
  */
 
 #ifndef SFSASL_H
 # define SFSASL_H
 
-#if SASL
-extern int	sfdcsasl __P((SM_FILE_T **, SM_FILE_T **, sasl_conn_t *));
-#endif /* SASL */
+# if SASL
+extern int	sfdcsasl __P((SM_FILE_T **, SM_FILE_T **, sasl_conn_t *, int));
+# endif /* SASL */
 
 # if STARTTLS
 extern int	tls_retry __P((SSL *, int, int, time_t, int, int,

contrib/sendmail/src/srvrsmtp.c

@@ -17,7 +17,7 @@
 # include <libmilter/mfdef.h>
 #endif /* MILTER */
 
-SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.922 2006/02/28 00:42:13 ca Exp $")
+SM_RCSID("@(#)$Id: srvrsmtp.c,v 8.924.2.2 2006/05/31 20:56:37 ca Exp $")
 
 #include <sm/time.h>
 #include <sm/fdset.h>
@@ -70,9 +70,10 @@ static unsigned int	srvfeatures __P((ENVELOPE *, char *, unsigned int));
 #define	STOP_ATTACK	((time_t) -1)
 static time_t	checksmtpattack __P((volatile unsigned int *, unsigned int,
 				     bool, char *, ENVELOPE *));
-static void	mail_esmtp_args __P((char *, char *, ENVELOPE *));
+static void	mail_esmtp_args __P((char *, char *, ENVELOPE *, unsigned int));
 static void	printvrfyaddr __P((ADDRESS *, bool, bool));
-static void	rcpt_esmtp_args __P((ADDRESS *, char *, char *, ENVELOPE *));
+static void	rcpt_esmtp_args __P((ADDRESS *, char *, char *, ENVELOPE *,
+				unsigned int));
 static char	*skipword __P((char *volatile, char *));
 static void	setup_smtpd_io __P((void));
 
@@ -588,8 +589,8 @@ smtp(nullserver, d_flags, e)
 			: (SRV_OFFER_EXPN
 			  | (bitset(PRIV_NOVERB, PrivacyFlags)
 			     ? SRV_NONE : SRV_OFFER_VERB)))
-		| (bitset(PRIV_NORECEIPTS, PrivacyFlags) ? SRV_NONE
-							 : SRV_OFFER_DSN)
+		| ((bitset(PRIV_NORECEIPTS, PrivacyFlags) || !SendMIMEErrors)
+			 ? SRV_NONE : SRV_OFFER_DSN)
 #if SASL
 		| (bitnset(D_NOAUTH, d_flags) ? SRV_NONE : SRV_OFFER_AUTH)
 		| (bitset(SASL_SEC_NOPLAINTEXT, SASLOpts) ? SRV_REQ_SEC
@@ -1285,14 +1286,17 @@ smtp(nullserver, d_flags, e)
 
 				if (ssf != NULL && *ssf > 0)
 				{
+					int tmo;
+
 					/*
 					**  Convert I/O layer to use SASL.
 					**  If the call fails, the connection
 					**  is aborted.
 					*/
 
+					tmo = TimeOuts.to_datablock * 1000;
 					if (sfdcsasl(&InChannel, &OutChannel,
-						     conn) == 0)
+						     conn, tmo) == 0)
 					{
 						/* restart dialogue */
 						n_helo = 0;
@@ -2017,7 +2021,7 @@ smtp(nullserver, d_flags, e)
 				  case SMFIR_SHUTDOWN:
 					if (MilterLogLevel > 3)
 						sm_syslog(LOG_INFO, e->e_id,
-							  "Milter: Milter: helo=%s, reject=421 4.7.0 %s closing connection",
+							  "Milter: helo=%s, reject=421 4.7.0 %s closing connection",
 							  p, MyHostName);
 					tempfail = true;
 					smtp.sm_milterize = false;
@@ -2296,7 +2300,7 @@ smtp(nullserver, d_flags, e)
 					sm_dprintf("MAIL: got arg %s=\"%s\"\n", kp,
 						vp == NULL ? "<null>" : vp);
 
-				mail_esmtp_args(kp, vp, e);
+				mail_esmtp_args(kp, vp, e, features);
 				if (equal != NULL)
 					*equal = '=';
 				args[argno++] = kp;
@@ -2566,7 +2570,7 @@ smtp(nullserver, d_flags, e)
 					sm_dprintf("RCPT: got arg %s=\"%s\"\n", kp,
 						vp == NULL ? "<null>" : vp);
 
-				rcpt_esmtp_args(a, kp, vp, e);
+				rcpt_esmtp_args(a, kp, vp, e, features);
 				if (equal != NULL)
 					*equal = '=';
 				args[argno++] = kp;
@@ -3848,6 +3852,7 @@ skipword(p, w)
 
 	return p;
 }
+
 /*
 **  MAIL_ESMTP_ARGS -- process ESMTP arguments from MAIL line
 **
@@ -3855,16 +3860,18 @@ skipword(p, w)
 **		kp -- the parameter key.
 **		vp -- the value of that parameter.
 **		e -- the envelope.
+**		features -- current server features
 **
 **	Returns:
 **		none.
 */
 
 static void
-mail_esmtp_args(kp, vp, e)
+mail_esmtp_args(kp, vp, e, features)
 	char *kp;
 	char *vp;
 	ENVELOPE *e;
+	unsigned int features;
 {
 	if (sm_strcasecmp(kp, "size") == 0)
 	{
@@ -3911,7 +3918,7 @@ mail_esmtp_args(kp, vp, e)
 	}
 	else if (sm_strcasecmp(kp, "envid") == 0)
 	{
-		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		if (!bitset(SRV_OFFER_DSN, features))
 		{
 			usrerr("504 5.7.0 Sorry, ENVID not supported, we do not allow DSN");
 			/* NOTREACHED */
@@ -3937,7 +3944,7 @@ mail_esmtp_args(kp, vp, e)
 	}
 	else if (sm_strcasecmp(kp, "ret") == 0)
 	{
-		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		if (!bitset(SRV_OFFER_DSN, features))
 		{
 			usrerr("504 5.7.0 Sorry, RET not supported, we do not allow DSN");
 			/* NOTREACHED */
@@ -4130,23 +4137,25 @@ mail_esmtp_args(kp, vp, e)
 **		kp -- the parameter key.
 **		vp -- the value of that parameter.
 **		e -- the envelope.
+**		features -- current server features
 **
 **	Returns:
 **		none.
 */
 
 static void
-rcpt_esmtp_args(a, kp, vp, e)
+rcpt_esmtp_args(a, kp, vp, e, features)
 	ADDRESS *a;
 	char *kp;
 	char *vp;
 	ENVELOPE *e;
+	unsigned int features;
 {
 	if (sm_strcasecmp(kp, "notify") == 0)
 	{
 		char *p;
 
-		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		if (!bitset(SRV_OFFER_DSN, features))
 		{
 			usrerr("504 5.7.0 Sorry, NOTIFY not supported, we do not allow DSN");
 			/* NOTREACHED */
@@ -4187,7 +4196,7 @@ rcpt_esmtp_args(a, kp, vp, e)
 	}
 	else if (sm_strcasecmp(kp, "orcpt") == 0)
 	{
-		if (bitset(PRIV_NORECEIPTS, PrivacyFlags))
+		if (!bitset(SRV_OFFER_DSN, features))
 		{
 			usrerr("504 5.7.0 Sorry, ORCPT not supported, we do not allow DSN");
 			/* NOTREACHED */

contrib/sendmail/src/tls.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2005 Sendmail, Inc. and its suppliers.
+ * Copyright (c) 2000-2006 Sendmail, Inc. and its suppliers.
  *	All rights reserved.
  *
  * By using this file, you agree to the terms and conditions set
@@ -10,7 +10,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: tls.c,v 8.102 2006/03/02 19:18:27 ca Exp $")
+SM_RCSID("@(#)$Id: tls.c,v 8.105 2006/05/11 22:59:31 ca Exp $")
 
 #if STARTTLS
 #  include <openssl/err.h>
@@ -506,6 +506,13 @@ tls_safe_f(var, sff, srv)
 
 static char server_session_id_context[] = "sendmail8";
 
+/* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
+#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
+# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	1
+#else
+# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	0
+#endif
+
 bool
 inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
 	SSL_CTX **ctx;
@@ -518,7 +525,7 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
 # endif /* !NO_DH */
 	int r;
 	bool ok;
-	long sff, status;
+	long sff, status, options;
 	char *who;
 # if _FFR_TLS_1
 	char *cf2, *kf2;
@@ -531,11 +538,19 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
 	X509_CRL *crl;
 	X509_STORE *store;
 # endif /* OPENSSL_VERSION_NUMBER > 0x00907000L */
+#if SM_SSL_OP_TLS_BLOCK_PADDING_BUG
+	long rt_version;
+	STACK_OF(SSL_COMP) *comp_methods;
+#endif
 
 	status = TLS_S_NONE;
 	who = srv ? "server" : "client";
 	if (ctx == NULL)
+	{
 		syserr("STARTTLS=%s, inittls: ctx == NULL", who);
+		/* NOTREACHED */
+		SM_ASSERT(ctx != NULL);
+	}
 
 	/* already initialized? (we could re-init...) */
 	if (*ctx != NULL)
@@ -895,7 +910,29 @@ inittls(ctx, req, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
 # endif /* _FFR_TLS_1 */
 
 	/* SSL_CTX_set_quiet_shutdown(*ctx, 1); violation of standard? */
-	SSL_CTX_set_options(*ctx, SSL_OP_ALL);	/* XXX bug compatibility? */
+
+	options = SSL_OP_ALL;	/* bug compatibility? */
+#if SM_SSL_OP_TLS_BLOCK_PADDING_BUG
+
+	/*
+	**  In OpenSSL 0.9.8[ab], enabling zlib compression breaks the
+	**  padding bug work-around, leading to false positives and
+	**  failed connections. We may not interoperate with systems
+	**  with the bug, but this is better than breaking on all 0.9.8[ab]
+	**  systems that have zlib support enabled.
+	**  Note: this checks the runtime version of the library, not
+	**  just the compile time version.
+	*/
+
+	rt_version = SSLeay();
+	if (rt_version >= 0x00908000L && rt_version <= 0x0090802fL)
+	{
+		comp_methods = SSL_COMP_get_compression_methods();
+		if (comp_methods != NULL && sk_SSL_COMP_num(comp_methods) > 0)
+			options &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
+	}
+#endif
+	SSL_CTX_set_options(*ctx, options);
 
 # if !NO_DH
 	/* Diffie-Hellman initialization */

contrib/sendmail/src/util.c

@@ -13,7 +13,7 @@
 
 #include <sendmail.h>
 
-SM_RCSID("@(#)$Id: util.c,v 8.392 2006/03/09 19:49:35 ca Exp $")
+SM_RCSID("@(#)$Id: util.c,v 8.394 2006/05/03 23:55:29 ca Exp $")
 
 #include <sysexits.h>
 #include <sm/xtrap.h>
@@ -2044,7 +2044,15 @@ prog_open(argv, pfd, e)
 
 	/* this process has no right to the queue file */
 	if (e->e_lockfp != NULL)
-		(void) close(sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL));
+	{
+		int fd;
+
+		fd = sm_io_getinfo(e->e_lockfp, SM_IO_WHAT_FD, NULL);
+		if (fd >= 0)
+			(void) close(fd);
+		else
+			syserr("%s: lockfp does not have a fd", argv[0]);
+	}
 
 	/* chroot to the program mailer directory, if defined */
 	if (ProgMailer != NULL && ProgMailer->m_rootdir != NULL)
@@ -2737,7 +2745,7 @@ proc_list_probe()
 		CurChildren = 0;
 	if (chldwasblocked == 0)
 		(void) sm_releasesignal(SIGCHLD);
-	if (LogLevel > 10 && children != CurChildren)
+	if (LogLevel > 10 && children != CurChildren && CurrentPid == DaemonPid)
 	{
 		sm_syslog(LOG_ERR, NOQID,
 			  "proc_list_probe: found %d children, expected %d",

contrib/sendmail/src/version.c

@@ -13,6 +13,6 @@
 
 #include <sm/gen.h>
 
-SM_RCSID("@(#)$Id: version.c,v 8.160 2006/03/08 19:21:21 ca Exp $")
+SM_RCSID("@(#)$Id: version.c,v 8.163.2.4 2006/06/05 22:32:40 ca Exp $")
 
-char	Version[] = "8.13.6";
+char	Version[] = "8.13.7";