This commit was generated by cvs2svn to compensate for changes in r14182,

which included commits to RCS files with non-trunk default branches.

3 files changed, 29 insertions, 9 deletions

diff --git a/usr.sbin/sendmail/RELEASE_NOTES b/usr.sbin/sendmail/RELEASE_NOTES
index a1bec07..c85c48f 100644
--- a/usr.sbin/sendmail/RELEASE_NOTES
+++ b/usr.sbin/sendmail/RELEASE_NOTES
@@ -1,12 +1,19 @@
 			SENDMAIL RELEASE NOTES
-	     @(#)RELEASE_NOTES	8.7.3.1 (Berkeley) 12/3/95
+	     @(#)RELEASE_NOTES	8.7.4.1 (Berkeley) 2/18/96
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
-8.7.3/8.7.3	95/12/xx
+8.7.4/8.7.3	96/02/18
+	SECURITY: In some cases it was still possible for an attacker to
+		insert newlines into a queue file, thus allowing access to
+		any user (except root).
+	CONFIG: no changes -- it is not a bug that the configuration
+		version number is unchanged.
+
+8.7.3/8.7.3	95/12/03
 	Fix botch in name server timeout in RCPT code; this problem caused
 		two responses in SMTP, which breaks things horribly.  Fix
 		from Gregory Neil Shapiro of WPI.
@@ -1462,6 +1469,13 @@ summary of the changes in that release.
 		contrib/rcpt-streaming
 		src/Makefiles/Makefile.SunOS.5.x
 
+8.6.13/8.6.12	95/01/25
+	SECURITY: In some cases it was still possible for an attacker to
+		insert newlines into a queue file, thus allowing access to
+		any user (except root).
+	CONFIG: no changes -- it is not a bug that the configuration
+		version number is unchanged.
+
 8.6.12/8.6.12	95/03/28
 	Fix to IDENT code (it was getting the size of the reply buffer
 		too small, so nothing was ever accepted).  Fix from several
diff --git a/usr.sbin/sendmail/src/queue.c b/usr.sbin/sendmail/src/queue.c
index 97bf36c..bd89a31 100644
--- a/usr.sbin/sendmail/src/queue.c
+++ b/usr.sbin/sendmail/src/queue.c
@@ -36,9 +36,9 @@
 
 #ifndef lint
 #ifdef QUEUE
-static char sccsid[] = "@(#)queue.c	8.98 (Berkeley) 11/11/95 (with queueing)";
+static char sccsid[] = "@(#)queue.c	8.98.1.1 (Berkeley) 2/18/96 (with queueing)";
 #else
-static char sccsid[] = "@(#)queue.c	8.98 (Berkeley) 11/11/95 (without queueing)";
+static char sccsid[] = "@(#)queue.c	8.98.1.1 (Berkeley) 2/18/96 (without queueing)";
 #endif
 #endif /* not lint */
 
@@ -247,7 +247,7 @@ queueup(e, announce)
 
 	/* output body type */
 	if (e->e_bodytype != NULL)
-		fprintf(tfp, "B%s\n", e->e_bodytype);
+		fprintf(tfp, "B%s\n", denlstring(e->e_bodytype, TRUE, FALSE));
 
 	/* message from envelope, if it exists */
 	if (e->e_message != NULL)
@@ -380,7 +380,9 @@ queueup(e, announce)
 		/* output the header: expand macros, convert addresses */
 		if (bitset(H_DEFAULT, h->h_flags))
 		{
-			fprintf(tfp, "%s: %s\n", h->h_field, buf);
+			fprintf(tfp, "%s: %s\n",
+				h->h_field,
+				denlstring(buf, FALSE, TRUE));
 		}
 		else if (bitset(H_FROM|H_RCPT, h->h_flags))
 		{
@@ -397,7 +399,11 @@ queueup(e, announce)
 			TrafficLogFile = savetrace;
 		}
 		else
-			fprintf(tfp, "%s: %s\n", h->h_field, h->h_value);
+		{
+			fprintf(tfp, "%s: %s\n",
+				h->h_field,
+				denlstring(h->h_value, FALSE, TRUE));
+		}
 	}
 
 	/*
diff --git a/usr.sbin/sendmail/src/version.c b/usr.sbin/sendmail/src/version.c
index 644f1a2..9817429 100644
--- a/usr.sbin/sendmail/src/version.c
+++ b/usr.sbin/sendmail/src/version.c
@@ -33,7 +33,7 @@
  */
 
 #ifndef lint
-static char sccsid[] = "@(#)version.c	8.7.3.1 (Berkeley) 12/3/95";
+static char sccsid[] = "@(#)version.c	8.7.4.1 (Berkeley) 2/18/96";
 #endif /* not lint */
 
-char	Version[] = "8.7.3";
+char	Version[] = "8.7.4";