Sendmail Open Source MTA
Proofpoint,
Inc., and the Sendmail Consortium announce
the availability of sendmail 8.15.2. This
version:
includes various IPv6 related fixes, including a run-time option to select
between compressed and uncompressed IPv6 addresses
changes the default for DHParameters in
response to the WeakDH "LogJam" security vulnerability
rejects more invalid protocol data in libmilter
fixes FEATURE(`nopercenthack')
and has some other
enhancements. For details see the release notes below.
Please
send bug reports and general feedback to one of the addresses listed at:
http://www.sendmail.org/email-addresses.html
The
version can be found at
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz.sig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.Z.sig
SHA256
signatures:
24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439
sendmail.8.15.2.tar.gz
48020a25ca9c2538b2c76d73abe1acf24eab5905e0929b2fc3e7c7d771d93ece
sendmail.8.15.2.tar.gz.sig
6966aaba0adb491b0024a9b4eb9eec9c2f3436bb4b6517e0dea4f55057c48045
sendmail.8.15.2.tar.Z
447bdbe276eb1ae316574fba8da3b99fb0bebe173a0be2d26e9330aa24e43d35
sendmail.8.15.2.tar.Z.sig
You
either need the first two files or the third and fourth, i.e., the gzip'ed version or the compressed version and the
corresponding sig file. The PGP signature was created using the Sendmail Signing Key/2015, available on the web site
(http //www.sendmail.com/sm/open_source/download/) or on the public key
servers.
Since sendmail 8.11 and later includes hooks to
cryptography, the following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG
CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE
WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM
THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE
AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY
EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE
FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
This
listing shows the version of the sendmail binary,
the version of the sendmail configuration
files, the date of release, and a summary of the changes in that release.
8.15.2/8.15.2
2015/07/03
If FEATURE(`nopercenthack') is used then some bogus input triggered
a recursion which was caught and logged as
SYSERR: rewrite:
excessive recursion (max 50) ...
Fix based on patch
from Ondrej Holas.
DHParameters now by default uses an included 2048 bit prime.
The value 'none'
previously caused a log entry claiming
there was an error "cannot read or set DH parameters".
Also note that this
option applies to the server side only.
The U= mailer field
didn't accept group names containing hyphens,
underbars, or periods.
Based on patch from
David Gwynne
of the University of Queensland.
CONFIG: Allow
connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
Patch from Lars-Johan
Liman of Netnod Internet Exchange.
CONFIG: New option
UseCompressedIPv6Addresses to select between
compressed and uncompressed IPv6 addresses. The default
value depends on the compile-time option IPV6_FULL:
For 1 the default is
False, for 0 it is True, thus
preserving the current behaviour. Based on
patch from
John Beck of Oracle.
CONFIG: Account for
IPv6 localhost addresses in
FEATURE(`block_bad_helo'). Suggested by
Andrey Chernov
from FreeBSD and Robert Scheck from the Fedora Project.
CONFIG: Account for
IPv6 localhost addresses in check_mail ruleset.
LIBMILTER: Deal with
more invalid protocol data to avoid potential
crashes. Problem noted by Dimitri Kirchner.
LIBMILTER: Allow a
milter to specify an empty macro list ("", not
NULL) in smfi_setsymlist()
so no macro is sent for the
selected stage.
MAKEMAP: A change to
check TrustedUser in fewer cases which was
made in 2013 caused a potential regression when makemap
was run as root (which should not be done anyway).
Note: sendmail often contains options "For Future
Releases"
(prefix
_FFR_) which might be enabled in a subsequent
version or might simply be removed as they turned out not
to be really useful. These features are usually not
documented but if they are, then the required (FFR)
options are listed in
- doc/op/op.* for
rulesets and macros,
- cf/README for mc/cf options.