Projects / Sendmail / Releases

All releases of Sendmail

  •  22 May 2014 19:15
Avatar

    Release Notes: This release fixes one security related bug by properly closing file descriptors (except stdin, stdout, and stderr) before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery (e.g., via procmail or the prog mailer).

    •  28 Jan 2014 02:53
    Avatar

      Release Notes: This version fixes some problems, mostly related to IPv6. Unfortunately the Build script of 8.14.8 contains a regression, causing it to work improperly on some operating systems. A patch is available.

      •  22 Apr 2013 19:06
      Avatar

        Release Notes: This version fixes the handling of NUL characters ('\0') in mail bodies by the MIME conversion functions, which are used even if no explicit conversion is happening, e.g., if MaxMimeHeaderLength is not zero, as well as some other problems.

        •  22 Jan 2013 01:59
        Avatar

          Release Notes: This release fixed a problem where if a server offered two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Hostnames are no longer cached internally in a non-case sensitive way, as that may cause addresses to change from lower case to upper case or vice versa. An issue where it was possible that new queue runners could not be started if MaxQueueChildren was set was fixed. A 8.14.6.milter.EHLOmacros patch is also available.

          •  30 May 2011 18:25
          Avatar

            Release Notes: SMTP extensions are no longer cached across connections, as the cache is based on hostname, which may not be a unique identifier for a server, i.e. different machines may have the same hostname but provide different SMTP extensions. Out-of-bounds access is avoided in case a resolver reply for a DNS map lookup returns a size larger than 1K. The interrupt signal handler has been cleaned up to avoid invoking functions that are not signal-safe. At most, two AUTH lines are read from a server to avoid a memory exhaustion DoS attack against the client.

            •  09 Jan 2010 02:50
            Avatar

              Release Notes: This version fixed a problem where some certificate authorities do not properly check the requests they are signing and hence allow spoofing via an embedded NUL in the CN entry. A workaround for a Linux resolver problem has been added to avoid core dumps. A bug where the value of headers, e.g., Precedence, Content-Type, et.al., was not extracted correctly thus preventing them from being recognized properly was fixed. An erroneous reduction of the length limitation on a return path was fixed.

              •  05 May 2008 06:36
              Avatar

                Release Notes: The MTA accessed storage after it free()d it. This was a regression introduced in 8.14.2. The libmilter state engine did not deal correctly with milters that requested the omission of protocol steps during the negotiation callback.

                •  02 Nov 2007 10:48
                Avatar

                  Release Notes: This release fixes some problems. For example, fixes were made for a bug in the milter function smfi_chgfrom() which could cause the loss of a message body, the handling of queued messages with 8 bit characters in From: or To: header which could be "mistaken" for internal control characters during a queue run and trigger various consistency checks, and the handling of lines longer than MAXLINE-1 characters in certain cases.

                  •  05 Apr 2007 17:59
                  Avatar

                    Release Notes: If a milter rejected a recipient, the MTA still kept it in its list of recipients, and delivered to it if the transaction was accepted. The new DaemonPortOptions that begin with a lower case character can now be set.

                    •  04 Apr 2007 21:07
                    Avatar

                      Release Notes: Headers are 8-bit "transparent" and the milter API has been extended.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.