Update to sendmail 8.12.1.

A potential security problem has been uncovered in 8.12.0 which might
be exploited locally by malicious users to gain access to the client
mail queue.  However, as long as the MTA accepts local connections,
the possible consequences of this potential local exploit are small.
Notice: some operating systems don't provide a way to completely drop
privileges from a set-group-ID program.  In that case sendmail refuses
to run if unsafe options are given.

12 files changed, 53 insertions, 155 deletions

diff --git a/gnu/usr.sbin/sendmail/include/sm/bitops.h b/gnu/usr.sbin/sendmail/include/sm/bitops.h
index 20cf5d0337c..a72f5bf5ec7 100644
--- a/gnu/usr.sbin/sendmail/include/sm/bitops.h
+++ b/gnu/usr.sbin/sendmail/include/sm/bitops.h
@@ -10,7 +10,7 @@
  * the sendmail distribution.
  *
  *
- *	$Sendmail: bitops.h,v 1.1 2001/01/29 07:38:16 gshapiro Exp $
+ *	$Sendmail: bitops.h,v 1.2 2001/09/22 22:05:42 ca Exp $
  */
 
 #ifndef	SM_BITOPS_H
@@ -26,10 +26,13 @@
 # define BITMAPBITS	256	/* number of bits in a bit map */
 # define BYTEBITS	8	/* number of bits in a byte */
 # define BITMAPBYTES	(BITMAPBITS / BYTEBITS)	/* number of bytes in bit map */
+# define BITMAPMAX	((BITMAPBYTES / sizeof (int)) - 1)
 
 /* internal macros */
-# define _BITWORD(bit)	((bit) / (BYTEBITS * sizeof (int)))
-# define _BITBIT(bit)	((unsigned int)1 << ((bit) % (BYTEBITS * sizeof (int))))
+
+/* make sure this index never leaves the allowed range: 0 to BITMAPMAX */
+# define _BITWORD(bit)	(((unsigned char)(bit) / (BYTEBITS * sizeof (int))) & BITMAPMAX)
+# define _BITBIT(bit)	((unsigned int)1 << ((unsigned char)(bit) % (BYTEBITS * sizeof (int))))
 
 typedef unsigned int	BITMAP256[BITMAPBYTES / sizeof (int)];
 
diff --git a/gnu/usr.sbin/sendmail/include/sm/conf.h b/gnu/usr.sbin/sendmail/include/sm/conf.h
index 582a383decd..600dabeef49 100644
--- a/gnu/usr.sbin/sendmail/include/sm/conf.h
+++ b/gnu/usr.sbin/sendmail/include/sm/conf.h
@@ -10,7 +10,7 @@
  * the sendmail distribution.
  *
  *
- *	$Sendmail: conf.h,v 1.76 2001/08/31 23:03:11 gshapiro Exp $
+ *	$Sendmail: conf.h,v 1.78 2001/09/23 03:13:09 ca Exp $
  */
 
 /*
@@ -27,7 +27,7 @@
 # include <sm/config.h>
 # include <sm/varargs.h>
 
-/*
+/*
 **  General "standard C" defines.
 **
 **	These may be undone later, to cope with systems that claim to
@@ -59,7 +59,7 @@
 
 #define LOG		1	/* enable logging -- don't turn off */
 
-/**********************************************************************
+/**********************************************************************
 **  Operating system configuration.
 **
 **	Unless you are porting to a new OS, you shouldn't have to
@@ -80,6 +80,7 @@
 #  define HASINITGROUPS	1	/* has initgroups(3) call */
 #  define HASFCHMOD	1	/* has fchmod(2) syscall */
 #  define USESETEUID	1	/* has usable seteuid(2) call */
+#  define HASSETRESGID	1	/* use setresgid(2) to set saved gid */
 #  define BOGUS_O_EXCL	1	/* exclusive open follows symlinks */
 #  define seteuid(e)	setresuid(-1, e, -1)
 #  define IP_SRCROUTE	1	/* can check IP source routing */
@@ -373,6 +374,7 @@ typedef int		pid_t;
 #   endif /* SOLARIS >= 20300 || (SOLARIS < 10000 && SOLARIS >= 203) */
 #   if SOLARIS >= 20500 || (SOLARIS < 10000 && SOLARIS >= 205)
 #    define HASSETREUID	1		/* setreuid works as of 2.5 */
+#    define HASSETREGID	1	/* use setregid(2) to set saved gid */
 #    if SOLARIS < 207 || (SOLARIS > 10000 && SOLARIS < 20700)
 #     ifndef LA_TYPE
 #      define LA_TYPE	LA_KSTAT	/* use kstat(3k) -- may work in < 2.5 */
@@ -882,6 +884,7 @@ typedef int		pid_t;
 #   define SPT_TYPE	SPT_BUILTIN	/* setproctitle is in libc */
 #   define HASSETLOGIN	1	/* has setlogin(2) */
 #   define HASSETREUID	0	/* OpenBSD has broken setreuid(2) emulation */
+#   define HASSETEGID	1	/* use setegid(2) to set saved gid */
 #   define HASURANDOMDEV	1	/* has /dev/urandom(4) */
 #   if OpenBSD >= 200006
 #    define HASSRANDOMDEV	1	/* has srandomdev(3) */
@@ -1281,6 +1284,7 @@ extern void		*malloc();
 #   define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
 #  endif /* !defined(KERNEL_VERSION) */
 #  define BSD		1	/* include BSD defines */
+#  define HASSETREGID	1	/* use setregid(2) to set saved gid */
 #  ifndef REQUIRES_DIR_FSYNC
 #   define REQUIRES_DIR_FSYNC	1	/* requires fsync() on directory */
 #  endif /* REQUIRES_DIR_FSYNC */
@@ -2114,7 +2118,7 @@ typedef struct msgb		mblk_t;
 /**********************************************************************
 **  End of Per-Operating System defines
 **********************************************************************/
-/**********************************************************************
+/**********************************************************************
 **  More general defines
 **********************************************************************/
 
@@ -2214,7 +2218,7 @@ typedef struct msgb		mblk_t;
 #   define USESETEUID	1	/* has usable seteuid(2) call */
 #  endif /* _POSIX_VERSION >= 199500 && !defined(USESETEUID) */
 # endif /* _POSIX_VERSION */
-/*
+/*
 **  Tweaking for systems that (for example) claim to be BSD or POSIX
 **  but don't have all the standard BSD or POSIX routines (boo hiss).
 */
@@ -2353,7 +2357,7 @@ typedef struct msgb		mblk_t;
 # ifndef QUAD_T
 #  define QUAD_T	unsigned long
 # endif /* ! QUAD_T */
-/**********************************************************************
+/**********************************************************************
 **  Remaining definitions should never have to be changed.  They are
 **  primarily to provide back compatibility for older systems -- for
 **  example, it includes some POSIX compatibility definitions
diff --git a/gnu/usr.sbin/sendmail/include/sm/gen.h b/gnu/usr.sbin/sendmail/include/sm/gen.h
index 55bacb593a7..8fdc0aac7d7 100644
--- a/gnu/usr.sbin/sendmail/include/sm/gen.h
+++ b/gnu/usr.sbin/sendmail/include/sm/gen.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: gen.h,v 1.17 2001/07/19 21:13:19 gshapiro Exp $
+ *	$Sendmail: gen.h,v 1.19 2001/09/11 04:04:43 gshapiro Exp $
  */
 
 /*
diff --git a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_aix.h b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_aix.h
index f4472cccbda..faf10acc81a 100644
--- a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_aix.h
+++ b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_aix.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: sm_os_aix.h,v 1.7 2001/04/20 17:04:23 ca Exp $
+ *	$Sendmail: sm_os_aix.h,v 1.8 2001/10/01 15:04:26 ca Exp $
  */
 
 /*
@@ -33,3 +33,8 @@
 #  endif /* SM_CONF_SYSLOG */
 # endif /* ! _AIX4 */
 #endif /* _AIX3 */
+
+/* can't set real gid */
+#ifndef SM_CONF_CANT_SETRGID
+# define SM_CONF_CANT_SETRGID	1
+#endif /* SM_CONF_CANT_SETRGID */
diff --git a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_irix.h b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_irix.h
index 7151c477fc4..0b2a9b4704d 100644
--- a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_irix.h
+++ b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_irix.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: sm_os_irix.h,v 1.5 2001/03/18 18:07:25 ca Exp $
+ *	$Sendmail: sm_os_irix.h,v 1.6 2001/09/30 16:35:29 ca Exp $
  */
 
 /*
@@ -53,3 +53,8 @@
 #ifndef SM_CONF_TEST_LLONG
 # define SM_CONF_TEST_LLONG	0
 #endif /* !SM_CONF_TEST_LLONG */
+
+/* can't set real gid */
+#ifndef SM_CONF_CANT_SETRGID
+# define SM_CONF_CANT_SETRGID	1
+#endif /* SM_CONF_CANT_SETRGID */
diff --git a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_openunix.h b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_openunix.h
index 3fa3721bea5..524d8aaec00 100644
--- a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_openunix.h
+++ b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_openunix.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: sm_os_openunix.h,v 1.1 2001/08/22 17:22:34 ca Exp $
+ *	$Sendmail: sm_os_openunix.h,v 1.2 2001/09/11 23:04:15 ca Exp $
  */
 
 #define SM_OS_NAME	"openunix"
@@ -17,6 +17,9 @@
 /* long long seems to work */
 #define SM_CONF_LONGLONG	1
 
+/* don't use flock() in mail.local.c */
+#define LDA_USE_LOCKF   1
+
 #ifndef SM_CONF_SHM
 # define SM_CONF_SHM	1
 #endif /* SM_CONF_SHM */
diff --git a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_osf1.h b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_osf1.h
index 9d6f76af904..195ec7895cd 100644
--- a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_osf1.h
+++ b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_osf1.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: sm_os_osf1.h,v 1.1 2001/02/22 22:07:14 gshapiro Exp $
+ *	$Sendmail: sm_os_osf1.h,v 1.2 2001/10/01 14:10:45 ca Exp $
  */
 
 /*
@@ -16,3 +16,8 @@
 #define SM_OS_NAME "osf1"
 
 #define SM_CONF_SETITIMER 0
+
+/* can't set real gid */
+#ifndef SM_CONF_CANT_SETRGID
+# define SM_CONF_CANT_SETRGID	1
+#endif /* SM_CONF_CANT_SETRGID */
diff --git a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_ultrix.h b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_ultrix.h
index 17cab48ce9f..19bce8082f3 100644
--- a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_ultrix.h
+++ b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_ultrix.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: sm_os_ultrix.h,v 1.1 2001/01/29 21:07:31 gshapiro Exp $
+ *	$Sendmail: sm_os_ultrix.h,v 1.2 2001/10/01 14:10:45 ca Exp $
  */
 
 /*
@@ -16,3 +16,8 @@
 #define SM_OS_NAME "ultrix"
 
 #define SM_CONF_SSIZE_T	0
+
+/* can't set real gid */
+#ifndef SM_CONF_CANT_SETRGID
+# define SM_CONF_CANT_SETRGID	1
+#endif /* SM_CONF_CANT_SETRGID */
diff --git a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_unixware.h b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_unixware.h
index eb88d532ea3..2fc571fd4f4 100644
--- a/gnu/usr.sbin/sendmail/include/sm/os/sm_os_unixware.h
+++ b/gnu/usr.sbin/sendmail/include/sm/os/sm_os_unixware.h
@@ -6,7 +6,7 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: sm_os_unixware.h,v 1.4 2001/08/22 02:58:20 ca Exp $
+ *	$Sendmail: sm_os_unixware.h,v 1.5 2001/09/24 20:34:36 ca Exp $
  */
 
 #define SM_OS_NAME	"unixware"
@@ -25,3 +25,9 @@
 
 /* size_t seems to be signed */
 #define SM_CONF_BROKEN_SIZE_T	1
+
+/* can't set real gid */
+#ifndef SM_CONF_CANT_SETRGID
+# define SM_CONF_CANT_SETRGID	1
+#endif /* SM_CONF_CANT_SETRGID */
+
diff --git a/gnu/usr.sbin/sendmail/include/sm/stdio.h b/gnu/usr.sbin/sendmail/include/sm/stdio.h
deleted file mode 100644
index d4f5189b724..00000000000
--- a/gnu/usr.sbin/sendmail/include/sm/stdio.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
- *      All rights reserved.
- *
- * By using this file, you agree to the terms and conditions set
- * forth in the LICENSE file which can be found at the top level of
- * the sendmail distribution.
- *
- *	$Sendmail: stdio.h,v 1.16 2001/03/08 03:23:08 ca Exp $
- */
-
-#ifndef SM_STDIO_H
-#define SM_STDIO_H
-
-#include <sm/gen.h>
-#include <sm/io.h>
-
-/*
-**  We include <stdio.h> here for several reasons:
-**  - To force the <stdio.h> idempotency macro to be defined so that
-**    any future includes of <stdio.h> will have no effect;
-**  - To declare functions like rename() which we do not and can not override.
-**  Note that all of the following redefinitions of standard stdio
-**  apis are macros.
-*/
-
-#include <stdio.h>
-#undef FILE
-#undef _IOFBF
-#undef _IOLBF
-#undef EOF
-#undef BUFSIZ
-#undef getc
-#undef putc
-
-/*
-** Temporary for transition from stdio to sm_io.
-*/
-
-#define FILE SM_FILE_T
-#define _IOFBF SM_IO_FBF
-#define _IOLBF SM_IO_LBF
-#define _SMIONBF SM_IO_NBF
-#define EOF SM_IO_EOF
-#define BUFSIZ SM_IO_BUFSIZ
-#define fpos_t off_t
-
-#undef stdin
-#undef stdout
-#undef stderr
-#undef clearerr
-#undef feof
-#undef ferror
-#undef getc_unlocked
-#undef getchar
-#undef putc_unlocked
-#undef putchar
-#undef fileno
-
-#define stdin	smioin
-#define stdout	smioout
-#define stderr	smioerr
-
-#define clearerr(f)	sm_io_clearerr(f)
-#define fclose(f)	sm_io_close(f)
-#define feof(f)	sm_io_eof(f)
-#define ferror(f)	sm_io_error(f)
-#define fflush(f)	sm_io_flush(f)
-#define fgetc(f)	sm_io_fgetc(f)
-#define fgetln(f, x)	sm_io_getln(f, x)
-#define fgetpos(f, p)	sm_io_getpos(f, p)
-#define fgets(b, n, f)	sm_io_fgets(f, b, n)
-#define fpurge(f)	sm_io_purge(f)
-#define fputc(c, f)	sm_io_fputc(f, c)
-#define fread(b, s, c, f)	sm_io_read(f, b, s, c)
-#define fseek(f, o, w)	sm_io_seek(f, o, w)
-#define fsetpos(f, p)	sm_io_setpos(f, p)
-#define ftell(f)	sm_io_tell(f)
-#define fwrite(b, s, c, f)	sm_io_write(f, b, s, c)
-#define getc(f)	sm_io_getc(f)
-#define getc_unlocked(f)	sm_io_getc_unlocked(f)
-#define getchar()	sm_io_getc(smioout)
-#define putc(c, f)	sm_io_putc(f, c)
-#define putc_unlocked(c, f)	sm_io_putc_unlocked(f, c)
-#define putchar(c)	sm_io_putc(smioout, c)
-#define rewind(f)	sm_io_rewind(f)
-#define setbuf(f, b)	(void)sm_io_setvbuf(f, b, b ? SM_IO_FBF : \
-				SM_IO_NBF, SM_IO_BUFSIZ);
-#define setbuffer(f, b, size)	(void)sm_io_setvbuf(f, b, b ? SM_IO_FBF : \
-					SM_IO_NBF, size);
-#define setlinebuf(f)	sm_io_setvbuf(f, (char *)NULL, SM_IO_LBF, (size_t)0);
-#define setvbuf(f, b, m, size)	sm_io_setvbuf(f, b, m, size)
-#define ungetc(c, f)	sm_io_ungetc(f, c)
-
-#define fileno(fp)	sm_io_getinfo(fp, SM_IO_WHAT_FD, NULL)
-#define fopen(path, mode)	((FILE *)sm_io_open(SmFtStdio, (void *)(fd), (strcmp((mode), "r")==0?SM_IO_RDONLY:strcmp((mode), "w")==0?SM_IO_WRONLY:SM_IO_RDWR), NULL))
-#define freopen(path, mode, fp)	((FILE *)sm_io_reopen(SmFtStdio, (path), (strcmp((mode), "w")==0?SM_IO_WRONLY:SM_IO_RDONLY), NULL, (fp))
-#define fdopen(fd, mode)	((FILE *)sm_io_open(SmFtStdiofd, (void *)(fd), (strcmp((mode), "r")==0?SM_IO_RDONLY:strcmp((mode), "w")==0?SM_IO_WRONLY:SM_IO_RDWR), NULL))
-
-/* the following have variable arg counts */
-#define fscanf	sm_io_fscanf
-#define fprintf	sm_io_fprintf
-#define printf(	sm_io_printf(smioout,
-#define snprintf	sm_io_snprintf
-#define vsnprintf	sm_io_vsnprintf
-#define vfprintf	sm_io_vfprintf
-
-#endif /* SM_STDIO_H */
diff --git a/gnu/usr.sbin/sendmail/include/sm/sysstat.h b/gnu/usr.sbin/sendmail/include/sm/sysstat.h
deleted file mode 100644
index 28e1d388a03..00000000000
--- a/gnu/usr.sbin/sendmail/include/sm/sysstat.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2000-2001 Sendmail, Inc. and its suppliers.
- *	All rights reserved.
- *
- * By using this file, you agree to the terms and conditions set
- * forth in the LICENSE file which can be found at the top level of
- * the sendmail distribution.
- *
- *	$Sendmail: sysstat.h,v 1.5 2001/04/03 01:53:01 gshapiro Exp $
- */
-
-/*
-**  This is a wrapper for <sys/stat.h> that fixes portability problems.
-*/
-
-#ifndef SM_SYSSTAT_H
-# define SM_SYSSTAT_H
-
-# include <sys/stat.h>
-
-/*
-**  Some platforms lack lstat()
-*/
-
-# ifndef S_ISLNK
-#  define lstat(fn, st) stat(fn, st)
-# endif /* ! S_ISLNK */
-
-#endif /* ! SM_SYSSTAT_H */
diff --git a/gnu/usr.sbin/sendmail/include/sm/varargs.h b/gnu/usr.sbin/sendmail/include/sm/varargs.h
index 6857b307a6d..4cdb7f32f01 100644
--- a/gnu/usr.sbin/sendmail/include/sm/varargs.h
+++ b/gnu/usr.sbin/sendmail/include/sm/varargs.h
@@ -6,12 +6,11 @@
  * forth in the LICENSE file which can be found at the top level of
  * the sendmail distribution.
  *
- *	$Sendmail: varargs.h,v 1.6 2001/04/23 17:58:27 ca Exp $
+ *	$Sendmail: varargs.h,v 1.7 2001/09/13 16:45:40 ca Exp $
  */
 
 /*
 **  libsm variable argument lists
-**  See libsm/varargs.html for documentation.
 */
 
 #ifndef SM_VARARGS_H