Re: [mail/sendmail] SMTP session reuse bugfix
Jeremie Courreges-Anglaswrites: > Claus Assmann writes: > >> FYI (I haven't seen this in ports yet): [...] >> If sendmail tried to reuse an SMTP session which had already been >> closed by the server, then the connection cache could have invalid >> information about the session. One possible consequence was that >> STARTTLS was not used even if offered. >> The problem can be fixed by either: >> - applying the patch (for 8.15.2) available at >> ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0 >> ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig > > The diff below applies your patch to the current tarball. Build-tested > only as my setup doesn't involve STARTTLS... Tests welcome. [...] >> - or disabling the connection cache: >> define(`confMCI_CACHE_SIZE', `0') >> >> The problem can be mitigated by setting at least one of these options: >> - using a very short timeout: >> define(`confMCI_CACHE_TIMEOUT', `5s') >> - sorting the queue by hosts: >> define(`confQUEUE_SORT_ORDER', `Host') > > We could patch the m4 bits, but people tend not to regen their .cf often > so that would not help much in the end. > >> Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer) >> for those who would like to test upcoming releases. ping Same diff inline, for convenience. Index: Makefile === RCS file: /cvs/ports/mail/sendmail/Makefile,v retrieving revision 1.14 diff -u -p -r1.14 Makefile --- Makefile7 Mar 2016 14:19:46 - 1.14 +++ Makefile9 Mar 2016 21:52:59 - @@ -7,9 +7,11 @@ V= 8.15.2 DISTNAME = sendmail.${V} PKGNAME-main = sendmail-${V} PKGNAME-libmilter =libmilter-${V} -REVISION-main =0 +REVISION-main =1 FULLPKGNAME-libmilter =libmilter-${V} FULLPKGPATH-libmilter =mail/sendmail,-libmilter + +PATCHFILES = 8.15.2.mci.p0 SHARED_LIBS = milter 4.0 Index: distinfo === RCS file: /cvs/ports/mail/sendmail/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo19 Jul 2015 02:25:35 - 1.3 +++ distinfo9 Mar 2016 22:19:18 - @@ -1,2 +1,4 @@ +SHA256 (8.15.2.mci.p0) = nqS15nJXc76HXnORZGpbj2ssLfuSRqbjR2OvR/tN5uA= SHA256 (sendmail.8.15.2.tar.gz) = JPlLX9dnBfFYl6eJMqXyQ5oysaL9w1dpuxpfXZtNtDk= +SIZE (8.15.2.mci.p0) = 6712 SIZE (sendmail.8.15.2.tar.gz) = 2207417 Index: pkg/PLIST-libmilter -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: [mail/sendmail] SMTP session reuse bugfix
On 2016/03/10 12:45, Claus Assmann wrote: > On Wed, Mar 09, 2016, Jeremie Courreges-Anglas wrote: > > > Claus, in the future would it be possible to prefix the patch file names > > with "sendmail-"? It would be a bit safer for us, as we would not have > > Do you mean the patch on the sendmail.org FTP server? That naming > scheme is used for about 10 years so it's unlikely to be changed now. > > > to check for possible collisions with other ports. > > Sorry, but I don't understand what "possible collisions with other > ports" could happen: are the patches "global"? > They would normally be fetched to /usr/ports/distfiles which is "global", it's easy enough to override with DIST_SUBDIR, it's better not to use it too much (if everything did, we'd end up with a bunch more inode use, plus the lazy person's cd /usr/ports/*/pkgname would then fail ;) but I think it would be reasonable to use in this case.
Re: [mail/sendmail] SMTP session reuse bugfix
On Wed, Mar 09, 2016, Jeremie Courreges-Anglas wrote: > Claus, in the future would it be possible to prefix the patch file names > with "sendmail-"? It would be a bit safer for us, as we would not have Do you mean the patch on the sendmail.org FTP server? That naming scheme is used for about 10 years so it's unlikely to be changed now. > to check for possible collisions with other ports. Sorry, but I don't understand what "possible collisions with other ports" could happen: are the patches "global"?
Re: [mail/sendmail] SMTP session reuse bugfix
Claus Assmannwrites: > FYI (I haven't seen this in ports yet): Thanks for the heads-up. > If sendmail tried to reuse an SMTP session which had already been > closed by the server, then the connection cache could have invalid > information about the session. One possible consequence was that > STARTTLS was not used even if offered. > The problem can be fixed by either: > - applying the patch (for 8.15.2) available at > ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0 > ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig The diff below applies your patch to the current tarball. Build-tested only as my setup doesn't involve STARTTLS... Tests welcome. Claus, in the future would it be possible to prefix the patch file names with "sendmail-"? It would be a bit safer for us, as we would not have to check for possible collisions with other ports. > - or disabling the connection cache: > define(`confMCI_CACHE_SIZE', `0') > > The problem can be mitigated by setting at least one of these options: > - using a very short timeout: > define(`confMCI_CACHE_TIMEOUT', `5s') > - sorting the queue by hosts: > define(`confQUEUE_SORT_ORDER', `Host') We could patch the m4 bits, but people tend not to regen their .cf often so that would not help much in the end. > Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer) > for those who would like to test upcoming releases. Index: Makefile === RCS file: /cvs/ports/mail/sendmail/Makefile,v retrieving revision 1.14 diff -u -p -r1.14 Makefile --- Makefile7 Mar 2016 14:19:46 - 1.14 +++ Makefile9 Mar 2016 21:52:59 - @@ -7,9 +7,11 @@ V= 8.15.2 DISTNAME = sendmail.${V} PKGNAME-main = sendmail-${V} PKGNAME-libmilter =libmilter-${V} -REVISION-main =0 +REVISION-main =1 FULLPKGNAME-libmilter =libmilter-${V} FULLPKGPATH-libmilter =mail/sendmail,-libmilter + +PATCHFILES = 8.15.2.mci.p0 SHARED_LIBS = milter 4.0 Index: distinfo === RCS file: /cvs/ports/mail/sendmail/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo19 Jul 2015 02:25:35 - 1.3 +++ distinfo9 Mar 2016 22:19:18 - @@ -1,2 +1,4 @@ +SHA256 (8.15.2.mci.p0) = nqS15nJXc76HXnORZGpbj2ssLfuSRqbjR2OvR/tN5uA= SHA256 (sendmail.8.15.2.tar.gz) = JPlLX9dnBfFYl6eJMqXyQ5oysaL9w1dpuxpfXZtNtDk= +SIZE (8.15.2.mci.p0) = 6712 SIZE (sendmail.8.15.2.tar.gz) = 2207417 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
[mail/sendmail] SMTP session reuse bugfix
FYI (I haven't seen this in ports yet): If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session. One possible consequence was that STARTTLS was not used even if offered. The problem can be fixed by either: - applying the patch (for 8.15.2) available at ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0 ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig - or disabling the connection cache: define(`confMCI_CACHE_SIZE', `0') The problem can be mitigated by setting at least one of these options: - using a very short timeout: define(`confMCI_CACHE_TIMEOUT', `5s') - sorting the queue by hosts: define(`confQUEUE_SORT_ORDER', `Host') Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer) for those who would like to test upcoming releases.