subject:"\[mail\/sendmail\] SMTP session reuse bugfix"

Re: [mail/sendmail] SMTP session reuse bugfix

2016-03-22 Thread Jeremie Courreges-Anglas

Jeremie Courreges-Anglas  writes:

> Claus Assmann  writes:
>
>> FYI (I haven't seen this in ports yet):
[...]
>> If sendmail tried to reuse an SMTP session which had already been
>> closed by the server, then the connection cache could have invalid
>> information about the session.  One possible consequence was that
>> STARTTLS was not used even if offered.
>> The problem can be fixed by either:
>> - applying the patch (for 8.15.2) available at
>>   ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0
>>   ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig
>
> The diff below applies your patch to the current tarball.  Build-tested
> only as my setup doesn't involve STARTTLS...  Tests welcome.
[...]
>> - or disabling the connection cache:
>> define(`confMCI_CACHE_SIZE', `0')
>>
>> The problem can be mitigated by setting at least one of these options:
>> - using a very short timeout:
>> define(`confMCI_CACHE_TIMEOUT', `5s')
>> - sorting the queue by hosts:
>> define(`confQUEUE_SORT_ORDER', `Host')
>
> We could patch the m4 bits, but people tend not to regen their .cf often
> so that would not help much in the end.
>
>> Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer)
>> for those who would like to test upcoming releases.

ping

Same diff inline, for convenience.

Index: Makefile
===
RCS file: /cvs/ports/mail/sendmail/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile
--- Makefile7 Mar 2016 14:19:46 -   1.14
+++ Makefile9 Mar 2016 21:52:59 -
@@ -7,9 +7,11 @@ V= 8.15.2
 DISTNAME = sendmail.${V}
 PKGNAME-main = sendmail-${V}
 PKGNAME-libmilter =libmilter-${V}
-REVISION-main =0
+REVISION-main =1
 FULLPKGNAME-libmilter =libmilter-${V}
 FULLPKGPATH-libmilter =mail/sendmail,-libmilter
+
+PATCHFILES =   8.15.2.mci.p0
 
 SHARED_LIBS =  milter  4.0
 
Index: distinfo
===
RCS file: /cvs/ports/mail/sendmail/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo19 Jul 2015 02:25:35 -  1.3
+++ distinfo9 Mar 2016 22:19:18 -
@@ -1,2 +1,4 @@
+SHA256 (8.15.2.mci.p0) = nqS15nJXc76HXnORZGpbj2ssLfuSRqbjR2OvR/tN5uA=
 SHA256 (sendmail.8.15.2.tar.gz) = JPlLX9dnBfFYl6eJMqXyQ5oysaL9w1dpuxpfXZtNtDk=
+SIZE (8.15.2.mci.p0) = 6712
 SIZE (sendmail.8.15.2.tar.gz) = 2207417
Index: pkg/PLIST-libmilter

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: [mail/sendmail] SMTP session reuse bugfix

2016-03-10 Thread Stuart Henderson

On 2016/03/10 12:45, Claus Assmann wrote:
> On Wed, Mar 09, 2016, Jeremie Courreges-Anglas wrote:
> 
> > Claus, in the future would it be possible to prefix the patch file names
> > with "sendmail-"?  It would be a bit safer for us, as we would not have
> 
> Do you mean the patch on the sendmail.org FTP server?  That naming
> scheme is used for about 10 years so it's unlikely to be changed now.
> 
> > to check for possible collisions with other ports.
> 
> Sorry, but I don't understand what "possible collisions with other
> ports" could happen: are the patches "global"?
> 

They would normally be fetched to /usr/ports/distfiles which is
"global", it's easy enough to override with DIST_SUBDIR, it's better
not to use it too much (if everything did, we'd end up with a bunch
more inode use, plus the lazy person's cd /usr/ports/*/pkgname
would then fail ;) but I think it would be reasonable to use in
this case.

Re: [mail/sendmail] SMTP session reuse bugfix

2016-03-10 Thread Claus Assmann

On Wed, Mar 09, 2016, Jeremie Courreges-Anglas wrote:

> Claus, in the future would it be possible to prefix the patch file names
> with "sendmail-"?  It would be a bit safer for us, as we would not have

Do you mean the patch on the sendmail.org FTP server?  That naming
scheme is used for about 10 years so it's unlikely to be changed now.

> to check for possible collisions with other ports.

Sorry, but I don't understand what "possible collisions with other
ports" could happen: are the patches "global"?

Re: [mail/sendmail] SMTP session reuse bugfix

2016-03-09 Thread Jeremie Courreges-Anglas

Claus Assmann  writes:

> FYI (I haven't seen this in ports yet):

Thanks for the heads-up.

> If sendmail tried to reuse an SMTP session which had already been
> closed by the server, then the connection cache could have invalid
> information about the session.  One possible consequence was that
> STARTTLS was not used even if offered.
> The problem can be fixed by either:
> - applying the patch (for 8.15.2) available at
>   ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0
>   ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig

The diff below applies your patch to the current tarball.  Build-tested
only as my setup doesn't involve STARTTLS...  Tests welcome.

Claus, in the future would it be possible to prefix the patch file names
with "sendmail-"?  It would be a bit safer for us, as we would not have
to check for possible collisions with other ports.

> - or disabling the connection cache:
> define(`confMCI_CACHE_SIZE', `0')
>
> The problem can be mitigated by setting at least one of these options:
> - using a very short timeout:
> define(`confMCI_CACHE_TIMEOUT', `5s')
> - sorting the queue by hosts:
> define(`confQUEUE_SORT_ORDER', `Host')

We could patch the m4 bits, but people tend not to regen their .cf often
so that would not help much in the end.

> Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer)
> for those who would like to test upcoming releases.

Index: Makefile
===
RCS file: /cvs/ports/mail/sendmail/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile
--- Makefile7 Mar 2016 14:19:46 -   1.14
+++ Makefile9 Mar 2016 21:52:59 -
@@ -7,9 +7,11 @@ V= 8.15.2
 DISTNAME = sendmail.${V}
 PKGNAME-main = sendmail-${V}
 PKGNAME-libmilter =libmilter-${V}
-REVISION-main =0
+REVISION-main =1
 FULLPKGNAME-libmilter =libmilter-${V}
 FULLPKGPATH-libmilter =mail/sendmail,-libmilter
+
+PATCHFILES =   8.15.2.mci.p0
 
 SHARED_LIBS =  milter  4.0
 
Index: distinfo
===
RCS file: /cvs/ports/mail/sendmail/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo19 Jul 2015 02:25:35 -  1.3
+++ distinfo9 Mar 2016 22:19:18 -
@@ -1,2 +1,4 @@
+SHA256 (8.15.2.mci.p0) = nqS15nJXc76HXnORZGpbj2ssLfuSRqbjR2OvR/tN5uA=
 SHA256 (sendmail.8.15.2.tar.gz) = JPlLX9dnBfFYl6eJMqXyQ5oysaL9w1dpuxpfXZtNtDk=
+SIZE (8.15.2.mci.p0) = 6712
 SIZE (sendmail.8.15.2.tar.gz) = 2207417


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

[mail/sendmail] SMTP session reuse bugfix

2016-03-07 Thread Claus Assmann

FYI (I haven't seen this in ports yet):

If sendmail tried to reuse an SMTP session which had already been
closed by the server, then the connection cache could have invalid
information about the session.  One possible consequence was that
STARTTLS was not used even if offered.
The problem can be fixed by either:
- applying the patch (for 8.15.2) available at
  ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0
  ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig
- or disabling the connection cache:
define(`confMCI_CACHE_SIZE', `0')

The problem can be mitigated by setting at least one of these options:
- using a very short timeout:
define(`confMCI_CACHE_TIMEOUT', `5s')
- sorting the queue by hosts:
define(`confQUEUE_SORT_ORDER', `Host')

Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer)
for those who would like to test upcoming releases.

Re: [mail/sendmail] SMTP session reuse bugfix

Re: [mail/sendmail] SMTP session reuse bugfix

Re: [mail/sendmail] SMTP session reuse bugfix

Re: [mail/sendmail] SMTP session reuse bugfix

[mail/sendmail] SMTP session reuse bugfix

5 matches

Site Navigation

Mail list logo

Footer information