|
|
Subscribe / Log in / New account

sendmail 8.15.2

[Posted July 8, 2015 by corbet]

From:  Claus Assmann <donotreply-AT-lists.sendmail.org>
To:  sendmail-announce-AT-sendmail.org
Subject:  sendmail 8.15.2 available
Date:  Fri, 3 Jul 2015 07:57:38 -0700 (PDT)
Message-ID:  <201507031457.t63EvcwB091169@lists.sendmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.15.2. This version:

 o includes various IPv6 related fixes, including a run-time option to
   select between compressed and uncompressed IPv6 addresses
 o changes the default for DHParameters in response to the WeakDH
   "LogJam" security vulnerability
 o rejects more invalid protocol data in libmilter
 o fixes FEATURE(`nopercenthack')

and has some other enhancements.  For details see the release notes
below.

Please send bug reports and general feedback to one of the addresses
listed at: http://www.sendmail.org/email-addresses.html

The version can be found at

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.g...
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.Z...

SHA-256 checksums

24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439 sendmail.8.15.2.tar.gz
48020a25ca9c2538b2c76d73abe1acf24eab5905e0929b2fc3e7c7d771d93ece sendmail.8.15.2.tar.gz.sig
6966aaba0adb491b0024a9b4eb9eec9c2f3436bb4b6517e0dea4f55057c48045 sendmail.8.15.2.tar.Z
447bdbe276eb1ae316574fba8da3b99fb0bebe173a0be2d26e9330aa24e43d35 sendmail.8.15.2.tar.Z.sig


You either need the first two files or the third and fourth,
i.e., the gzip'ed version or the compressed version and the
corresponding sig file. The PGP signature was created using
the Sendmail Signing Key/2015, available on the web site
(http://www.sendmail.com/sm/open_source/download/) or on
the public key servers (keyid 0xAAF5B5DE05BDCC53).

Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.

   PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
   SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
   TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
   PARTS OF THE WORLD.  SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
   COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
   SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
   YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
   AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
   ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.


			SENDMAIL RELEASE NOTES


This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.15.2/8.15.2	2015/07/03
	If FEATURE(`nopercenthack') is used then some bogus input triggered
		a recursion which was caught and logged as
		SYSERR: rewrite: excessive recursion (max 50) ...
		Fix based on patch from Ondrej Holas.
	DHParameters now by default uses an included 2048 bit prime.
		The value 'none' previously caused a log entry claiming
		there was an error "cannot read or set DH parameters".
		Also note that this option applies to the server side only.
	The U= mailer field didn't accept group names containing hyphens,
		underbars, or periods.  Based on patch from David Gwynne
		of the University of Queensland.
	CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
		Patch from Lars-Johan Liman of Netnod Internet Exchange.
	CONFIG: New option UseCompressedIPv6Addresses to select between
		compressed and uncompressed IPv6 addresses.  The default
		value depends on the compile-time option IPV6_FULL:
		For 1 the default is False, for 0 it is True, thus
		preserving the current behaviour.  Based on patch from
		John Beck of Oracle.
	CONFIG: Account for IPv6 localhost addresses in
		FEATURE(`block_bad_helo').  Suggested by Andrey Chernov
		from FreeBSD and Robert Scheck from the Fedora Project.
	CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
	LIBMILTER: Deal with more invalid protocol data to avoid potential
		crashes.  Problem noted by Dimitri Kirchner.
	LIBMILTER: Allow a milter to specify an empty macro list ("", not
		NULL) in smfi_setsymlist() so no macro is sent for the
		selected stage.
	MAKEMAP: A change to check TrustedUser in fewer cases which was
		made in 2013 caused a potential regression when makemap
		was run as root (which should not be done anyway).
	Note: sendmail often contains options "For Future Releases"
		(prefix _FFR_) which might be enabled in a subsequent
		version or might simply be removed as they turned out not
		to be really useful.  These features are usually not
		documented but if they are, then the required (FFR)
		options are listed in
		- doc/op/op.* for rulesets and macros,
		- cf/README for mc/cf options.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEbBAEBAgAGBQJVlpYtAAoJEKr1td4FvcxTwCcH+J0+Jc0QzkG7qJ1f1uol+R62
7NUAlhl26tYiE0/vGOALH68CtVQLo99K431XyMPGhw4GvfnunRaDxvgvwSLd2/KT
LrZO9J66mdlGFOageQpkA+u5Ni86HtptQeEPx3ZaHu1mMpzgqksPb8Mz/ZTW3u/K
vme9XOKMGZLDym3OVCQo957+u0e2pEmTSDgUTD+TM4bT3d66M80jTjbcPUd9cwOz
WyzL/1Hup5g3YZ7RGo4aMJAalkjRSeVp8tlSCU6u0/2OUTvIvSZiGqo4QYnUXbhf
RIZOZqo240cvbQHnqoJkb01GU3z9j5vMevf0+jLx/zdNCwNuhSCfHhaUfHS/Cg==
=vxbC
-----END PGP SIGNATURE-----

to post comments


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds