I diffed 8.6.10 against what I was previously running (8.6.8). Significant changes from bugtraq's point of view are mostly being more paranoid about believing strings coming from possibly-untrustworthy sources. Here's the list: - Truncate df files when collecting, as mentioned in the RELEASE_NOTES. - When processing ident info, call cleanstrcpy() to strip trash from the returned username. - The -B command-line flag argument is checked; it must be 7bit or 8bitmime. (8.6.8 blindly believed whatever was handed to it.) - The -f command-line flag strips newlines from its argument. - The -p command-line flag is a bit more paranoid about what's passed to it; the argument is now length-limited and cleanstrcpy()ed. - FullName (taken from $NAME, or -F command-line flag) is now checked for newlines. - map.c has lots of changes I don't understand; most of them probably are not relevant, but some may be. - When creating a queue file, delete newlines from several things: specifically, the M, $r, $s, $_, S, E, R, and C lines. - A macro defintion will have its argument cleanstrcpy()ed if the source of the string is not safe (eg, command-line). - In sendtolist(), newlines are stripped from something - the list of addresses, I think, but I could be wrong. - When generating a failure letter, the Subject: header is length-limited, apparently to avoid a buffer overflow. - When generating the initial 220 greeting for SMTP, newlines are checked for and the message truncated at the first one if found. cleanstrcpy(), referred to several times above, is like strcpy, but it strips newlines and copies only a restricted set of characters: letters, digits, and !#$%&'*+-./^_`{|}~ - why that set was chosen, there's no indication. In the above, "strips newlines" actually means replacing them with spaces, not deleting them entirely. (If a newline is found, sendmail tries to log a warning.) der Mouse mouse@collatz.mcrcim.mcgill.edu