sendmail (8.15.2-14~deb10u3) buster-security; urgency=medium * LTS Team upload * Enable rejecting mail that include NUL byte by default. -- Bastien Roucariès Mon, 17 Jun 2024 19:31:44 +0000 sendmail (8.15.2-14~deb10u2) buster-security; urgency=medium * LTS Team upload * Fix CVE-2023-51765 (Closes: #1059386): sendmail allowed SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved with 'o' in srv_features. * Enable _FFR_REJECT_NUL_BYTE for rejecting mail that include NUL byte -- Bastien Roucariès Fri, 14 Jun 2024 21:09:08 +0000 sendmail (8.15.2-14~deb10u1) buster; urgency=medium * QA upload. * Rebuild for buster. -- Andreas Beckmann Sun, 25 Aug 2019 15:04:16 +0200 sendmail (8.15.2-14) unstable; urgency=medium * QA upload. * sendmail-bin.prerm: Stop sendmail before removing the alternatives. * sendmail-bin.postinst: Let start-stop-daemon match on pidfile and executable. (Closes: #932598) -- Andreas Beckmann Sun, 25 Aug 2019 14:56:41 +0200 sendmail (8.15.2-13) unstable; urgency=medium * QA upload. * initscript: Let start-stop-daemon match on pidfile and executable. (Closes: #932598, LP: #1822866) -- Andreas Beckmann Tue, 30 Jul 2019 19:22:43 +0200 sendmail (8.15.2-12) unstable; urgency=medium * QA upload. * Fix typos in descriptions. (Closes: #894535) * Fix "update-inetd: error: --group is only relevant with --add" by removing the --group argument where it's irrelevant. (LP: #1792582) * Update to Standards-Version: 4.2.1. * Update Lintian overrides. -- Andreas Beckmann Sun, 16 Sep 2018 00:11:47 +0200 sendmail (8.15.2-11) unstable; urgency=medium * QA upload. * Fix prerm failure on btrfs. (Closes: #893424) * Convert upstream signing key to .asc format. * sendmail-doc: Mark as Multi-Arch: foreign. * libmilter-dev: Mark as Multi-Arch: same. * Fix new Lintian issues. * Update Lintian overrides. * Switch Vcs-* URLs to salsa.debian.org. -- Andreas Beckmann Tue, 20 Mar 2018 00:49:16 +0100 sendmail (8.15.2-10) unstable; urgency=medium * QA upload. * debian/*: Clean up trailing whitespace. * Update to Standards-Version: 4.1.3. * Set Rules-Requires-Root: binary-targets. * Use dpkg makefile snippets instead of manual changelog parsing. * Switch to debhelper compat level 11. * sendmail-doc: Leave the docs in the /u/s/d/sendmail-doc/ directory. * Drop symlink-to-dir transition code predating wheezy. * connect-from-null.patch: New, fix "NOQUEUE: connect from (null)", thanks to Michael Grant and Claus Assmann. * Fix finding the queue runner control process in "split daemon" mode, thanks to Marc Andre Selig. (Closes: #887064) -- Andreas Beckmann Sat, 13 Jan 2018 23:43:05 +0100 sendmail (8.15.2-9) unstable; urgency=medium * QA upload. * rmail: Add exim4 to the list of conflicting MTAs. (Closes: #863567) * Skip hook execution if /usr/share/sendmail/dynamic does not exist. (Closes: #873978) * debian/examples/network/if-post-down.d/sendmail: Generate during build. * Set Priority to optional. * Update to Standards-Version: 4.1.0. -- Andreas Beckmann Mon, 11 Sep 2017 01:46:06 +0200 sendmail (8.15.2-8) unstable; urgency=medium * QA upload. * Use lockfile-create (from lockfile-progs) instead of touch to manage the cronjob lockfiles. (Closes: #847498) * Switch to debhelper compat level 10. -- Andreas Beckmann Thu, 08 Dec 2016 18:43:49 +0100 sendmail (8.15.2-7) unstable; urgency=medium * QA upload. * Fix openssl argument order. (Closes: #843682) * sendmail-bin: Add missing Depends: lsb-base. * Stop using dh_buildinfo in favor of dpkg-buildinfo. * Enable more hardening flags. * debian/examples/db/access: Comment out localhost entries, may be forged. (Closes: #840837) * Only touch files as smmsp:smmsp in /var/run/sendmail/stampdir (writable by group smmsp) to avoid possible privilege escalation. (Closes: #841257) -- Andreas Beckmann Wed, 30 Nov 2016 12:32:49 +0100 sendmail (8.15.2-6) unstable; urgency=medium * QA upload. * openssl-1.1.0.patch: Fix for non-linux platforms, thanks to Sebastian Andrzej Siewior. (Closes: #828540) -- Andreas Beckmann Tue, 13 Sep 2016 11:13:58 +0200 sendmail (8.15.2-5) unstable; urgency=medium * QA upload. * sendmail-base.preinst: Migrate /etc/mail/ssl only if /etc/mail/tls does not exist. (Closes: #820145) * openssl-1.1.0.patch: New, add support for OpenSSL 1.1.0, thanks to Sebastian Andrzej Siewior. (Closes: #828540) * Drop -dbg package in favor of autogenerated -dbgsym packages. * Fix more typos. * Update to Standards-Version: 3.9.8. -- Andreas Beckmann Mon, 12 Sep 2016 14:13:39 +0200 sendmail (8.15.2-4) unstable; urgency=medium * QA upload. * Reinstate SOCKETMAP support (and some more compile time settings that were lost on the 8.14 -> 8.15 switch). (Closes: #816505) * Update Vcs-Git URL. * Update to Standards-Version: 3.9.7. -- Andreas Beckmann Wed, 02 Mar 2016 16:02:10 +0100 sendmail (8.15.2-3) unstable; urgency=medium * QA upload. * format-security.patch: Try a different approach and verify that an (untrusted) non-literal string does not contain formatting codes ('%') before using it as a format string without arguments. (Closes: #807258) -- Andreas Beckmann Thu, 10 Dec 2015 18:02:49 +0100 sendmail (8.15.2-2) unstable; urgency=medium * QA upload. * Merge changes from 8.14.9-4. * Upload to unstable. -- Andreas Beckmann Mon, 09 Nov 2015 11:06:45 +0100 sendmail (8.15.2-1) experimental; urgency=medium * QA upload. * New upstream release. * Merge changes from 8.14.9-3. (Closes: #790968, #792162) * Refresh fuzzy patch 'drac'. * libmilter.symbols: Add new symbol UseCompressedIPv6Addresses. -- Andreas Beckmann Mon, 20 Jul 2015 11:56:02 +0200 sendmail (8.15.1-1) experimental; urgency=medium * QA upload. * New upstream release. * format-security.patch: New, fix FTBFS with -Werror=format-security. * libmilter.symbols: Add new symbol MaxQueueAge. * Use a deterministic object directory for fully reproducible builds. * Upload to experimental. -- Andreas Beckmann Thu, 02 Jul 2015 01:35:29 +0200 sendmail (8.14.9-4) unstable; urgency=medium * QA upload. * debian-mta.m4: Switch between the two spellings of 'GroupReadable{a,}DefaultAuthInfoFile', the typo was only corrected in 8.15. (Closes: #792162) * sendmail-bin: Tighten dependencies on sendmail-{base,cf}. -- Andreas Beckmann Sun, 26 Jul 2015 18:37:21 +0200 sendmail (8.14.9-3) unstable; urgency=medium * QA upload. * Use a deterministic object directory for fully reproducible builds. * update_mc: Insert masquerading options before mailer definitions. (Closes: #293017, #354055) * debian-mta.m4: Fix typo 'GroupReadableaDefaultAuthInfoFile'. (Closes: #790968) * sendmail-base: Add Depends: netbase for /etc/services. * Drop Breaks+Replaces against package versions predating oldstable. -- Andreas Beckmann Fri, 10 Jul 2015 15:37:14 +0200 sendmail (8.14.9-2) unstable; urgency=medium * QA upload. * Preserve changelog timezone for timestamps to make build reproducible in case of changing TZ. * Fix another spelling-error-in-manpage discovered by lintian. * Do not check for invoke-rc.d existence before calling it. * sendmail-bin: Switch from suidregister to dpkg-statoverride. * Add lintian overrides for command-with-path-in-maintainer-script, these are only checks for command availability. -- Andreas Beckmann Wed, 01 Jul 2015 21:40:21 +0200 sendmail (8.14.9-1) unstable; urgency=medium * QA upload. * New upstream release. * Remove sendmail-8.14.9.diff. * manpage-section.patch: Refresh. * Switch from tar-in-tar to regular source layout. * Switch patch application from cdbs to dpkg source format 3.0 (quilt). * d/patches: Convert old-style context diffs to unified diffs. * Finally drop the last bits of cdbs usage. * Perform more checks in /etc/cron.d/sendmail to skip running commands (and failing) if any of the sendmail-base, sendmail-bin packages have been removed. (LP: #645905, #1421329) * Import "Sendmail Signing Key/2015 " from ftp://ftp.sendmail.org/pub/sendmail/PGPKEYS into debian/upstream/signing-key.pgp. * Use the changelog timestamp for @sm_date@ and @sm_time@ substitutions to make the build reproducible. * fhs.patch: New. Move path adjustments in documentation from sed calls in d/rules to a proper patch. * Upload to unstable. -- Andreas Beckmann Mon, 11 May 2015 02:20:56 +0200 sendmail (8.14.8-1) experimental; urgency=medium * QA upload. * Upload to experimental. * *** Dear sendmail users, please give us some feedback if this new upstream *** version of sendmail is working for you s.t. we can consider uploading *** it to unstable. * New upstream release. - Properly initialize all OpenSSL algorithms. (Closes: #579563) - Accept IPv6 literals when evaluating the HELO/EHLO argument in FEATURE(`block_bad_helo'). (Closes: #618570) * Remove patches that were cherry-picked from newer releases: {_ffr_tls_ec, close_on_exec, conf.c-ipv6, libmilter-assert, ssl_op_no_tlsv1_x}.patch * sendmail-8.14.9.diff: New, cherry-pick all code changes from 8.14.9. * Refresh some patches due to context changes. * libmilter.symbols: Add new symbols FipsMode, IntSig. * Update to Standards-Version: 3.9.6. * d/copyright: Update sendmail copyright (Sendmail, Inc. acquired by Proofpoint, Inc.) and license (editorial changes only). * d/rules: Add patch target for non-cdbs mode. -- Andreas Beckmann Fri, 03 Oct 2014 14:48:33 +0200 sendmail (8.14.4-8) unstable; urgency=medium * QA upload. * Move patches from debian/patches/8.14/8.14.4/ to debian/patches/. * Rename the series file to series-quilt since the patches cannot be applied by dpkg-source but are applied by quilt after unpacking the tar-in-tar. * Fix hyphenation errors in manpages. * Remove the m4 step from d/control generation. * Convert most of the build process from cdbs to dh. Only unpacking the tarball and applying the patches is still done with cdbs. * Simplify d/rules. * Convert d/copyright to DEP5 style. * d/changelog.Debian.8.*: Restore Debian changelogs from sendmail 8.8, 8.9, 8.12, 8.13 series. -- Andreas Beckmann Thu, 02 Oct 2014 19:52:50 +0200 sendmail (8.14.4-7) unstable; urgency=medium * QA upload. * Remove timestamp from bug-script. (Closes: #749177) * libmilter.symbols: Mark shm-specific symbols as linux-any and add the !linux-any counterparts. -- Andreas Beckmann Sun, 25 May 2014 01:37:44 +0200 sendmail (8.14.4-6) unstable; urgency=medium * QA upload. * Set maintainer to Debian QA Group. (See: #740070) * Add systemd socket activation support for libmilter, thanks to Mikhail Gusarov. (Closes: #741257) (LP: #1322969) * Add _FFR_TLS_EC support, thanks to Fredrik Pettai. (Closes: #740792) * Add support for OpenSSL options SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 (backported from 8.14.8), thanks to David F. Skoll. (Closes: #747910) * Apply manpage corrections from Ubuntu. (Closes: #747551) * libmilter-assert.patch: Fix an incorrect assertion in libmilter, cherry-picked from sendmail 8.14.7. (LP: #1299571) * close_on_exec.patch: Properly set the close-on-exec flag for file descriptors before executing mailers, cherry-picked from sendmail 8.14.9. CVE-2014-3956 (Closes: #750562) * libmilter: Convert into a 'Multi-Arch: same' package. * libmilter: Add symbols control file. * libmilter-dev: Move static libraries from /usr/lib/libmilter to /usr/lib. * Remove outdated documentation and other cruft. * Don't re-generate d/changelog during build. * Abort build if debian/control got regenerated and differs. * Create directories during 'd/rules install' instead of using .dirs. * Patch sendmail build system to install libraries. * Install files via debian/tmp and use dh_install/dh_installman. * Update to Standards-Version: 3.9.5. * Update Lintian overrides. (Closes: #553293) * Import ftp://ftp.sendmail.org/pub/sendmail/PGPKEYS ($Revision: 8.46 $, $Date: 2014-01-18 00:20:24 $) into debian/upstream/signing-key.pgp. * d/watch: Enable PGP signature checking. -- Andreas Beckmann Sat, 24 May 2014 13:19:14 +0200 sendmail (8.14.4-5) unstable; urgency=low * QA upload. * Switch from deprecated 'find -perm +xxx' to 'find -perm /xxx'. (Closes: #724772) * Start sendmail after bind9 (or any other named) if it is installed. (Closes: #714184) * Update watch file to ignore symbolic links in the ftp directory listing, thanks to Masatake YAMATO. (Closes: #615477) * kFreeBSD: Enable HASURANDOMDEV, thanks to Brian M. Carlson. (Closes: #366087) * Really fix FTBFS on HURD, thanks to Samuel Thibault. (Closes: #608525) * Update logcheck patterns to match high precision timestamps, thanks to Ralf Döblitz (Closes: #638952) * conf.c-ipv6.patch: Fix A-only MX CNAME interface binding issues when using IPv6, thanks to David F. Skoll. (Closes: #737164) (LP: #1223633) * debian/*/Makefile.am: Recover from Makefile.in. * debian/rules: refresh-debian-configure: Refresh all Makefile.in, too. * debian/build/: Update automake helper scripts to automake 1.14. * debian/configure.ac: Fix libdb-dev autodetection. * Simplify managing the bug control files. * Let dh_lintian install the overrides. * Simplify managing generated control files by placing the templates directly in debian/. * sendmail-base.postrm: Do not mess with conffiles and other shipped files during purge. (Closes: #736982) * Switch to debhelper compat level 9. * Use source format 3.0 (quilt). * Fix some problems reported by lintian. * Update Lintian overrides. -- Andreas Beckmann Sun, 16 Feb 2014 00:46:55 +0100 sendmail (8.14.4-4.1) unstable; urgency=low * QA upload. * Fix infinite loop in update_db, thanks to Flo. (Closes: #717951) * Do not ship duplicate sendmail.8 manpage. (Closes: #709895, #597781) * Use [linux-any] instead of hardcoded list. (Closes: #634378) * Fix FTBFS with ld --as-needed, thanks to Firas Kraiem. (Closes: #608011, #609606) * sendmailconfig: Add missing quoting, thanks to Stuart Sheldon. (Closes: #692047) * Raise MAXDAEMONS from 10 to 64, thanks to Kees Cook. (Closes: #720435) * Enable all hardening flags, thanks to Simon Ruderich. (Closes: #687708) * Fix FTBFS on HURD, thanks to Samuel Thibault. (Closes: #608525) * Drop obsolete NEWS entries. * Use canonical Vcs-* URLs. * Fix duplicate and incorrect Section and Homepage settings. * Add missing ${misc:Depends} and predepends. * Update Lintian overrides. -- Andreas Beckmann Fri, 13 Sep 2013 09:58:41 +0200 sendmail (8.14.4-4) unstable; urgency=low * New maintainer. (Closes: #699117) * New patch: lock-mail-local (thanks to Tim Marston) - fix order of fcntl and dotlock in mail.local. (Closes: #684645) -- Jakub Safarik Wed, 06 Feb 2013 17:33:44 +0100 sendmail (8.14.4-3) unstable; urgency=low * QA upload. * Set maintainer to Debian QA Group. (See: #699117) [ Tobias Hansen ] * Directories in /usr/share/doc can only be symlinks for packages depending on the package they link to. (Policy 12.5) This source package builds six sets of packages that can all be installed independently (libmilter1.0.1, rmail, sendmail-base, sendmail-cf, sendmail-doc, sensible-mda and respective dependencies). So using symlinks at all is not practicable. Make all /usr/share/doc/package directories real directories and ship mandatory files (they were already shipped in all packages). Put additional documentation into /usr/share/doc/sendmail-doc and libmilters README.Debian into /usr/share/doc/libmilter-dev. (Closes: #681147, #336391, #211518, #597779) [ Andreas Beckmann ] * debian/rules clean: Run maintainer-clean and stop shipping a lot of generated files in debian/ in the source package. Do not preserve debian/build/autoconf.mk, it's regenerated as well. * debian/build/debian/control.m4.in: Add libdb-dev dependency to preserve it during regeneration, this is no longer picked up automatically. * debian/rules: Add rebuild-debian-configure target. * debian/configure.ac: Remove the deleted maintainer scripts. * Cleanup /usr/share/doc/sendmail after upgrades where possible. * sendmail-base: Remove obsolete conffile /etc/dhcp3/dhclient-exit-hooks.d/sendmail on upgrades. * sendmail-base: Remove /etc/mail/{sendmail,submit}.cf.old on purge. * Cleanup symlinks in /usr/share/bug, too, and ship bug-{control,script} in all packages. (Closes: #587944) * sendmail: add Breaks/Replaces: sendmail-base (<< 8.14.4-2.2~) because of moved bug-{control,script}. * Fix the names of README.Debian.* for installation with dh_installdocs. * debian/configure: Regenerated (via debian/rules refresh-debian-configure). * Import packaging history into a GIT repository on alioth: git://git.debian.org/git/collab-maint/sendmail.git and set Vcs-{Git,Browser} accordingly. (Closes: #689379) -- Andreas Beckmann Tue, 29 Jan 2013 03:37:54 +0100 sendmail (8.14.4-2.1) unstable; urgency=low * Non-maintainer upload * Depend and use generic -ldb to allow binNMUs (Closes: #621447) * Hard code fcntl style locking to mail.local (Closes: #513298) -- Ondřej Surý Wed, 09 May 2012 10:30:18 +0200 sendmail (8.14.4-2) unstable; urgency=high * Actually get the DHCP config files installed :( Closes: #602252 -- Richard A Nelson (Rick) Wed, 03 Nov 2010 22:05:00 -0000 sendmail (8.14.4-1) unstable; urgency=high * Long past due * Re-enable libdb-dev, db4.8 working again * New upstream + Null checking in certificate CN (CVE-2009-4565) + Queue identifier int overflow + Handle malformed DNS replies + milter segfault/Dos fixes * Acknowledge NMUs - thanks ! + rmail conflicts with masqmail + move dhcp hooks from /etc/dhcp3 to /etc/dhcp + CVE-2009-4565 * Correct issues with NMUs + Differing buildinfo.gz (all the same file) Closes: #597779 * Outstanding bugs: + Milter segfaults/Remote DoS? Closes: #527862 + invoke.rc conditional Closes: #553135 + We already harden Closes: #542739 + Queue aging Closes: #583108 + mail.local use of lockf Closes: #513298 + init.d use of ps Closes: #510679 + remove access on purge Closes: #589810 -- Richard A Nelson (Rick) Mon, 11 Sep 2010 17:53:00 -0000 sendmail (8.14.4-0) private; urgency=low * Start of another round of lintian cleanups + remove /var/run files from package (they're created as needed) * Drop back to db4.7 - 4.8 is broken * New upstream + Null checking in certificate CN + Queue identifier int overflow + Handle malformed DNS replices + DSA/DH parm length increase (Debian did that long ago) -- Richard A Nelson (Rick) Thu, 31 Dec 2009 00:20:00 -0000 sendmail (8.14.3-10) unstable; urgency=low * Support parms on runq (Now, Verbose, or any valid sendmail option: -v) * Remove old & uneeded patch ldap_url_search * remove obsolete crap from /usr/share/bug/sendmail/script Closes: #530992 -- Richard A Nelson (Rick) Mon, 09 Mar 2009 18:25:00 -0000 sendmail (8.14.3-9) unstable; urgency=low * Batting 1000, build-depend on quilt Closes: #517676 -- Richard A Nelson (Rick) Sun, 01 Mar 2009 18:45:00 -0000 sendmail (8.14.3-8) unstable; urgency=low * Sigh, move some defines so the patches actually apply -- Richard A Nelson (Rick) Sun, 01 Mar 2009 06:15:00 -0000 sendmail (8.14.3-7) unstable; urgency=low * Use quilt for patch management * Support db2 4.7 * Support null: maps (thanks to Yiorgos [George] Adamopoulos) -- Richard A Nelson (Rick) Sun, 01 Mar 2009 06:15:00 -0000 sendmail (8.14.3-6) unstable; urgency=high * Properly support GSSAPI auth (keep KRB5_KTNAME) * Correct crontab entries for queue aging (-s