Discussion:
sendmail snapshot 8.18.1.9
Add Reply
Claus Aßmann
2025-02-08 08:52:43 UTC
Reply
Permalink
sendmail snapshot 8.18.1.9 is available for testing. It fixes several
problems:

Avoid adding a second To: header to DSNs, instead any
additional addresses are appended to an existing
To: header (this also applies to Cc: and Bcc:).
Fix matching of wildcard SANs in the experimental support
for SMTP MTA Strict Transport Security (MTA-STS).
Problem reported by Dilyan Palauzo.
MaxQueueAge is now observed for all types of QueueSortOrder
even those which internally skip some code (including
the MaxQueueAge check).
On some systems the rejection of a RCPT by a milter could
silently be ignored.

and adds support for Darwin 24.

SHA256(sendmail.8.18.1.9.tar.gz)= 3e8b517f222d688b332999c42ed76756e8083dd107e77a82cf4a5595683bb7a2
SHA256(sendmail.8.18.1.9.tar.gz.sig)= fd6db75dd687e1b6eac126f8488c88567992cc7dbca145c3ea8011eacb3acd4a

Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.18.1.9.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.18.1.9.tar.gz.sig
HQuest
2025-02-09 13:48:48 UTC
Reply
Permalink
Thank you, Claus, for the Sunday update. A few warnings during build
time (some external to sendmail). Compiled against OpenSSL 3.4.0 on a
Slackware -current (current as of Feb 9, 2025). Apologies if the line
wrapping makes it harder to read.

$ more site.config.m4
APPENDDEF(`confMAPDEF', `-DNEWDB')
APPENDDEF(`confLIBS', `-lnsl -lssl -lcrypto -lsasl2 -lwrap -lm -ldb
-lresolv -licuuc -licui18n -licudata')
APPENDDEF(`conf_libmilter_ENVDEF', `-DMILTER')
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`confENVDEF', `-DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS
-DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC
-DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_
ENGINE -DHAVE_ERR_get_error_all')dnl

cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o main.o main.c
main.c: In function ‘stop_sendmail’:
main.c:3055:16: warning: ignoring return value of ‘setuid’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
3055 | (void) setuid(RealUid);
| ^~~~~~~~~~~~~~~
main.c: In function ‘finis’:
main.c:3199:24: warning: ignoring return value of ‘setuid’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
3199 | (void) setuid(RealUid);
| ^~~~~~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o deliver.o deliver.c
deliver.c: In function ‘deliver’:
deliver.c:3172:40: warning: ignoring return value of ‘nice’ declared
with attribute ‘warn_unused_result’ [-Wunused-result]
3172 | (void) nice(m->m_nice);
| ^~~~~~~~~~~~~~~
deliver.c: In function ‘mailfile’:
deliver.c:6884:32: warning: ignoring return value of ‘ftruncate’
declared with attribute ‘warn_unused_result’ [-Wunused-result]
6884 | (void) ftruncate(sm_io_getinfo(f,
SM_IO_WHAT_FD, NULL),
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6885 | curoff);
| ~~~~~~~
deliver.c:6899:24: warning: ignoring return value of ‘setuid’ declared
with attribute ‘warn_unused_result’ [-Wunused-result]
6899 | (void) setuid(RealUid);
| ^~~~~~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o mci.o mci.c
mci.c: In function ‘mci_store_persistent’:
mci.c:1130:16: warning: ignoring return value of ‘ftruncate’ declared
with attribute ‘warn_unused_result’ [-Wunused-result]
1130 | (void) ftruncate(sm_io_getinfo(mci->mci_statfile,
SM_IO_WHAT_FD, NULL),
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1131 | (off_t) 0);
| ~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o queue.o queue.c
queue.c: In function ‘run_work_group’:
queue.c:2185:24: warning: ignoring return value of ‘nice’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
2185 | (void) nice(Queue[qgrp]->qg_nice);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o readcf.o readcf.c
readcf.c:2821:24: warning: RES_AAONLY is deprecated
2821 | { "aaonly", RES_AAONLY },
| ^~~~~~~~~~~~~~~~~~~~~~~
readcf.c:2823:20: warning: RES_PRIMARY is deprecated
2823 | { "primary", RES_PRIMARY },
| ^~~~~~~~~~~~~~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o stats.o stats.c
stats.c: In function ‘poststats’:
stats.c:192:16: warning: ignoring return value of ‘write’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
192 | (void) write(fd, (char *) &stats, sizeof(stats));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o tls.o tls.c
tls.c: In function ‘get_dh512’:
tls.c:118:9: warning: ‘DH_new’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
118 | if ((dh = DH_new()) == NULL)
| ^~
In file included from /usr/include/openssl/dsa.h:31,
from /usr/include/openssl/x509.h:37,
from /usr/include/openssl/ssl.h:32,
from ./sendmail.h:43,
from tls.c:11:
/usr/include/openssl/dh.h:210:27: note: declared here
210 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
tls.c:123:9: warning: ‘DH_set0_pqg’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
123 | if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh,
dhp_bn, NULL, dhg_bn)) {
| ^~
/usr/include/openssl/dh.h:266:27: note: declared here
266 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM
*q, BIGNUM *g);
| ^~~~~~~~~~~
tls.c:124:17: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
124 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:211:28: note: declared here
211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c: In function ‘get_dh2048’:
tls.c:188:9: warning: ‘DH_new’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
188 | if ((dh=DH_new()) == NULL)
| ^~
/usr/include/openssl/dh.h:210:27: note: declared here
210 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
tls.c:193:9: warning: ‘DH_set0_pqg’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
193 | if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh,
dhp_bn, NULL, dhg_bn)) {
| ^~
/usr/include/openssl/dh.h:266:27: note: declared here
266 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM
*q, BIGNUM *g);
| ^~~~~~~~~~~
tls.c:194:17: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
194 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:211:28: note: declared here
211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c: In function ‘inittls’:
tls.c:1418:33: warning: ‘PEM_read_bio_DHparams’ is deprecated: Since
OpenSSL 3.0 [-Wdeprecated-declarations]
1418 | dh = PEM_read_bio_DHparams(bio,
NULL, NULL, NULL);
| ^~
In file included from /usr/include/openssl/ssl.h:37:
/usr/include/openssl/pem.h:474:1: note: declared here
474 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
| ^~~~~~~~~~~~~~~~~~~
tls.c:1459:25: warning: ‘DSA_new’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
1459 | dsa = DSA_new();
| ^~~
/usr/include/openssl/dsa.h:130:28: note: declared here
130 | OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void);
| ^~~~~~~
tls.c:1462:33: warning: ‘DSA_generate_parameters_ex’ is deprecated:
Since OpenSSL 3.0 [-Wdeprecated-declarations]
1462 | r =
DSA_generate_parameters_ex(dsa, bits, NULL,
| ^
/usr/include/openssl/dsa.h:172:27: note: declared here
172 | OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa,
int bits,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
tls.c:1465:41: warning: ‘DSA_dup_DH’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
1465 | dh = DSA_dup_DH(dsa);
| ^~
/usr/include/openssl/dsa.h:203:27: note: declared here
203 | OSSL_DEPRECATEDIN_3_0 DH *DSA_dup_DH(const DSA *r);
| ^~~~~~~~~~
tls.c:1473:25: warning: ‘DSA_free’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
1473 | DSA_free(dsa);
| ^~~~~~~~
/usr/include/openssl/dsa.h:132:28: note: declared here
132 | OSSL_DEPRECATEDIN_3_0 void DSA_free(DSA *r);
| ^~~~~~~~
tls.c:1511:43: warning: ‘DH_size’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
1511 | who, 8 * DH_size(dh),
*dhparam);
| ^~~
/usr/include/openssl/dh.h:214:27: note: declared here
214 | OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh);
| ^~~~~~~
tls.c:1512:25: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
1512 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:211:28: note: declared here
211 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c:1519:17: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since
OpenSSL 3.0 [-Wdeprecated-declarations]
1519 | ecdh =
EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
| ^~~~
In file included from /usr/include/openssl/x509.h:33:
/usr/include/openssl/ec.h:1017:31: note: declared here
1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
| ^~~~~~~~~~~~~~~~~~~~~~~~
tls.c:1524:25: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0
[-Wdeprecated-declarations]
1524 | EC_KEY_free(ecdh);
| ^~~~~~~~~~~
/usr/include/openssl/ec.h:1022:28: note: declared here
1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
| ^~~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../include -DNEWDB -DNETINET6
-DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS
-DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST
-D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DMILTER -c -o util.o util.c
util.c: In function ‘prog_open’:
util.c:2305:32: warning: ignoring return value of ‘chdir’ declared with
attribute ‘warn_unused_result’ [-Wunused-result]
2305 | (void) chdir("/");
| ^~~~~~~~~~
cc -O2 -fPIC -fhardened -DDANE -I. -I../../sendmail -I../../include
-DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2
-DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI
-DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DOPENSSL_NO_ENGINE
-DHAVE_ERR_get_error_all -DNOT_SENDMAIL -c -o mail.local.o
mail.local.c
mail.local.c: In function ‘deliver’:
mail.local.c:1373:32: warning: ignoring return value of ‘ftruncate’
declared with attribute ‘warn_unused_result’ [-Wunused-result]
1373 | (void) ftruncate(mbfd, curoff);
| ^~~~~~~~~~~~~~~~~~~~~~~
mail.local.c:1380:24: warning: ignoring return value of ‘setreuid’
declared with attribute ‘warn_unused_result’ [-Wunused-result]
1380 | (void) setreuid(0, 0);
| ^~~~~~~~~~~~~~
mail.local.c: In function ‘lockmbox’:
mail.local.c:1540:32: warning: ignoring return value of ‘write’ declared
with attribute ‘warn_unused_result’ [-Wunused-result]
1540 | (void) write(fd, "0", 2);
| ^~~~~~~~~~~~~~~~~
cc -O2 -I. -I../../sendmail -I../../include -DNETINET6 -DIPV6_FULL
-DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX
-DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES
-D_FFR_MTA_STS -DOPENSSL_NO_ENGINE -DHAVE_ERR_get_error_all
-DNOT_SENDMAIL -Dsm_snprintf=snprintf -DMILTER -D_REENTRANT -DXP_MT -c
-o listener.o listener.c
listener.c: In function ‘mi_thread_handle_wrapper’:
listener.c:579:16: warning: cast to pointer from integer of different
size [-Wint-to-pointer-cast]
579 | return (void *) mi_handle_session(arg);
| ^
Claus Aßmann
2025-02-11 19:57:35 UTC
Reply
Permalink
Post by HQuest
Thank you, Claus, for the Sunday update. A few warnings during build
time (some external to sendmail). Compiled against OpenSSL 3.4.0 on a
The warnings are known...
Post by HQuest
3055 | (void) setuid(RealUid);
| ^~~~~~~~~~~~~~~
main.c:3199:24: warning: ignoring return value of `setuid' declared with
attribute `warn_unused_result' [-Wunused-result]
The code uses (void) to tell the compiler to shut up
-- seems the compiler writers ignore that :-(
Post by HQuest
tls.c:118:9: warning: `DH_new' is deprecated: Since OpenSSL 3.0
See the fine documentation: sendmail/README

OpenSSL 3 deprecated a lot of functionality which sendmail uses by
default. However, the code can be disabled via compile time options
if needed:
-DNO_DH: related to DH and DSA.

Loading...