libmilter-doc-8.15.2-lp150.5.3.1<>,\aݸ/=„EsZCs^-_hpJFdh?yV"Qg8l&5K (Kv=1!ʉ.gޙ/tol{O$jƸvz'hYT*OzӁZAiԆc7;~gL VJ 8Q LQ:c -Vg ;? d # P #,5 Naz5\5 5 05 5 95 p5D5M5V|5P`t(8=9=:=F|G|5H}5I~5X~Y~\~5]5^blcdeflu5vzClibmilter-doc8.15.2lp150.5.3.1BSD Sendmail Content Management API (milter)Sendmail's Content Management API (milter) provides third-party programs to access mail messages as they are being processed by the Mail Transfer Agent (MTA), allowing them to examine and modify message content and meta-information. Filtering policies implemented by Milter-conformant filters may then be centrally configured and composed in an end-user's MTA configuration file. "sendmail" is a trademark of Sendmail, Inc.\acloud127NopenSUSE Leap 15.0openSUSESendmailhttp://bugs.opensuse.orgDocumentation/HTMLhttp://www.sendmail.org/linuxnoarch3SKS Go0@ ~=  @q  * &3 aS  z ;|  ?D  bA큤\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\a\acd39961f83fccabf8eca8961c5352b9c57afa0ce2c8b314b861ee7befe9a3b28b9dcd01e73d9ea7b6487ad9c41774d7e479e278e47245629c7d49bfda2684309e5013ab42fa300827023f78d87267893c81ff4c76c7451de90b2554aaec34c3c906a3f17f5417159a933be4b62fff4bd2ad84e197306c808e32d2e59430d1d7f47005f8297256b0ed99a5cb4907ecd7a4d6438059b7491bdf03778caed55825767949edd6692433034ee10f926d325e0c80b8bbe3f1ac825836d3dcdbb1280a5939f392a09421502c82c8bd28bd8e4fa3d830fb0d6ed786c0d4858b5abf568defbb96a20caee7c0879563835ab14bc8fbeb4cc68cc8feda131541bc147d01b8317f3c80e2df5524d2ab24d948146ac3d7bdebce26b50d709dbf2d010298543f0ff28b740adc9fb795a1c3f91564663630114421100c8fe304bf5723e4e2028cb7d4c598231b8d6c053b8fbfc03b9198771d93d2961745b7e153999c03f6a95782c34997362c5049e75d741b34e79892b553ba136ecaa7058efa1706079305c36ac5468f449480a5bc7df4b34ed8ffe7b14d74dc52ab06197bb80cec4b4b536c9321b3cd1ef8ceb087daa84e14f3c08ea52a192792672489c890357c8f57e21718b6b0b42f3e55d32e3835bbd5158ad80e63f26cee9ac6e4d2e75e48ff366d286a05c811a814d761016979a87ea3fd6ca98044dbc0d8664486eaed139fba2091c6e015040f4e904c54b7ec462c7764ba19301f051b9abf824cf7cae5db827ceff0d2921cddaf222bd36ac297695289ff9c39fcb8f036c83c305b7196d8e6ad0095f25d8a4074f118e14272cce7709b1629f1ff10cabdae83b6b0012646c40c1b691432204ca58a95c1efb1db4ef50af21a1dcc75332e2da041809f5f3acd9212727c8115eaee520cc2918b383897e8b0c797d1c4a7af1838f86a55e67b55138e5165944c3899c9bb8b5b714c8097af3abb2f2eff9231cb1db09ee6bbf6f3a7575f4489aa741c9b01de03286425e80d22f97839c355fa015765a737dcd4061954ddbaffcc562d82fe96f9b8305cd7b3fbceaefec436241d822f517b6c7b64101b5bf0c6f5774db98a640f9efc69514315b6947e0f65c2e536ecfe68d4e455ecaa698b5d91348d904884f5c9e177a6258d3f972c7fe8d63706543c87750324c10ea969d3fe90a8b59d6a59bc0c373a5b431dee36b735ea3184a4f4daa9097c897111ffe71dc66c42845879db8f3e26d5ec47fe0d8f78eef79c3c7d59f865ae413f1edbdb174bbb760a35732f6ef497fbbcd26068fbc0dca0c46167142f04e17bd70ea61ab23598a7f1b37e4a4acd79dcd941d22ca991940ce3c1c7d35bf225888ef637454dc22495b00a8a43ed24d88f447acd94c7d7ce03ad97be248a553ec77d48c39f0124ecc18bcf32bad212755c4c6ef5ffe51ec234f33cbf32140a01763be5f382c74ea05fc1e00aea06b4d13b81b1d9e91fa1bc23194ae8b75b788400b354298094f63778eec52740c627ec7ba16db3db948f6763f17876704bca5fda381ed2e2e0267f226e83a200c681b80ca5191b901bd0bdf65cc34de6e6cb4ccdb8fd11cf075cd3e1a0fc19d67716754218c50e0aef144a2277d011f7af18d0f1b3d007c45b8536c2b91efd253ca680a7445d111eafdedb0e9c5ff199cbf3edbcbafcb01b863616723ca576a168d62c375c31bcc3fa01d67e3b7e8caa21f28892736f8c19ec5832ecf075626f5ef0ba665321c9ede37418159d505cef60a6be69f3cf39e83d9d4a797130ce5bdeac75c1bd645886664512490e6c46ca6b972edaf70ef19ca1afdb2f8e01ff82299b1d44d6cfde311de2c21749e47e9b55036d1c19184e4bb62a0f1036bcc72a9fc1660d6463b075059961895f549c23baa88740cd9088ecf3eb8cb4f0492fc13173600ce3871e53f451e7b303174af509a28944b2fee15576c5e1f0bed1c1ef73faf9f18aa693a9d536f6a223c31a10a743126cdc1866ff73c82afdc390ffd7cc190f4a5e002897cf00c96a4cfb084b2afff290df17718571fe1ae050a6a5e69f78bd807180c12d17cca118afee790909ad2e91a18a89bd295b6d3dd3bdd538a7963539f424fe67f24a38f9d863c0930b7b7db29c42e288e53ffa7c4cc1e90cfacc76053edadb29f1674d393c4d68acc3af82b7cd6fa9e754dd75cf288bb81f30e05f221e1989bdec7e36a7100d0befb71c7128a0441ebc4353fc521b9b4653859866a7240d6ae4aee83760029d3932556b5147b6afa8d0a101cab68ae76e271a2b5160a7a8bbe66f6fb36be4db9f8e8948ba1236947128d37b40ec12acaf3249bd4c3f31284a471aec24bfba1c5e4eba567cdca60rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsendmail-8.15.2-lp150.5.3.1.src.rpmlibmilter-doc    libmilter1_0rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1\/J[[ @[LZ&@Z@Z@ZC@ZY@YoIYR@XXX@XӸXO@X@W W@WbWbW=W@W@V]S,S8@S;S:@S.R@RSRJ@R-@R@Q@QQQ@QvwQvwP{@PvP P P OiOt@O3@N=@NLNENC@N?N;@M@L!L{L@IKl@K`*Dr. Werner Fink jengelh@inai.dewerner@suse.debwiedemann@suse.comwerner@suse.derbrown@suse.comwerner@suse.devcizek@suse.comkukuk@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dejengelh@inai.dewerner@suse.dewerner@suse.dekukuk@suse.dewerner@suse.dedimstar@opensuse.orgtchvatal@suse.comtchvatal@suse.comwerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dejengelh@inai.dejengelh@inai.defcrozat@suse.comwerner@suse.dewerner@suse.decoolo@suse.comcoolo@suse.comwerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.decfarrell@suse.comwerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.decoolo@novell.comrhafer@novell.comwerner@suse.dewerner@suse.dewerner@suse.de- Remove alias to mail-transfer-agent.target (boo#1116675)- Replace exec rm by delete/print.- Remove left over from last patch - Group daemon is required- Add sendmail-8.15.2-reproducible.patch to make package build reproducible- Add _FFR_TLS_EC m4 macro definition for site configuration as well (boo#1070065)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Apply former patches only if openssl 1.1.0+ are installed- support build with openssl 1.1 (bsc#1067222) * add patches from Fedora: sendmail-8.15.2-openssl-1.1.0-fix.patch sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch (rh#1473971)- Add libnsl-devel build requires for glibc obsoleting libnsl- Change requirements for libmilter and sendmail-devel as the library is also used by other MTA like postfix (boo#1049188)- Require user and group mail- Add bitdomain and uudomain to possible targets for refresh- Change spec file name scheme used for getting soname down into libmilter- Replace a find|xargs rm by -delete- New package libmilter1_0 for the shared library version of libmilter, the Sendmail Content Management API - Also new package libmilter-doc for the substantial documentation about Sendmail Content Management API (milter) - Make sendmail-tls a noarch package- Require m4 at build time- Don't use insserv together with systemd- Use _unitdir macro instead asking pkg config of systemd- Fix License: Even https://spdx.org/licenses/Sendmail.html lists "Sendmail" as the valid identifier. Same as http://license.opensuse.org/ does. "Sendmail License" is in the column "Full Name". The License: tag requires the identifier. - Fix some more rpmlint warnings: + sendmail: W: suse-missing-rclink sendmail: - Ship /usr/sbin/rcsendmail symlink to /usr/sbin/service + sendmail: W: suse-missing-rclink sendmail-client - Ship /usr/sbin/rcsendmail-client symlink to /usr/sbin/service + sendmail: W: suse-wrong-suse-capitalisation: - Rename README.SuSE to README.SUSE (fix spelling also inside the file). + sendmail: W: permissions-dir-without-slash - Fix permissions and permissions.paranoid inside sendmail-suse.tar.bz2. + sendmail: W: systemd-service-without-service_del_postun: - Add corresponding macros to postun script when not building with sysvinit support. + sendmail: W: systemd-service-without-service_add_pre: - Add corresponding macros to pre script when not building with sysvinit support.- Drop unused patch: * sendmail-8.14.7-warning.patch- Split uucp to separate package, no technical reason for it to not stand on its own - Drop uucp related patches: + uucp-1.07-contrib.dif + uucp-1.07-cu.patch + uucp-1.07-grade.patch + uucp-1.07-lockdev.patch + uucp-1.07.dif + uucp-texinfo-5.0.patch + drop_ftime.patch- Do not use http://license.opensuse.org/ as reference for the Sendmail license even if stated by rpmlint but https://spdx.org/licenses/Sendmail.html- Avoid warning from chkstat due slash on directory path as last character- Update to sendmail 8.15.2 (boo#975416) * If FEATURE(`nopercenthack') is used then some bogus input triggered a recursion which was caught and logged as SYSERR: rewrite: excessive recursion (max 50) ... Fix based on patch from Ondrej Holas. * DHParameters now by default uses an included 2048 bit prime. The value 'none' previously caused a log entry claiming there was an error "cannot read or set DH parameters". Also note that this option applies to the server side only. * The U= mailer field didn't accept group names containing hyphens, underbars, or periods. Based on patch from David Gwynne of the University of Queensland. * CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again. Patch from Lars-Johan Liman of Netnod Internet Exchange. * CONFIG: New option UseCompressedIPv6Addresses to select between compressed and uncompressed IPv6 addresses. The default value depends on the compile-time option IPV6_FULL: For 1 the default is False, for 0 it is True, thus preserving the current behaviour. Based on patch from John Beck of Oracle. * CONFIG: Account for IPv6 localhost addresses in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov from FreeBSD and Robert Scheck from the Fedora Project. * CONFIG: Account for IPv6 localhost addresses in check_mail ruleset. * LIBMILTER: Deal with more invalid protocol data to avoid potential crashes. Problem noted by Dimitri Kirchner. * LIBMILTER: Allow a milter to specify an empty macro list ("", not NULL) in smfi_setsymlist() so no macro is sent for the selected stage. * MAKEMAP: A change to check TrustedUser in fewer cases which was made in 2013 caused a potential regression when makemap was run as root (which should not be done anyway). * SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. * If header rewriting fails due to a temporary map lookup failure, queue the mail for later retry instead of sending it without rewriting the header. Note: this is done while the mail is being sent and hence the transaction is aborted, which only works for SMTP/LMTP mailers hence the handling of temporary map failures is suppressed for other mailers. SMTP/LMTP servers may complain about aborted transactions when this problem occurs. See also "DNS Lookups" in sendmail/TUNING. * Incompatible Change: Use uncompressed IPv6 addresses by default, i.e., they will not contain "::". For example, instead of ::1 it will be 0:0:0:0:0:0:0:1. This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 vs IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc) must use the same format, so make certain such configuration data is updated before using 8.15. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary, the prior format can be retained by compiling with: APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0') in your devtools/Site/site.config.m4 file. * If a connection to the MTA is dropped by the client before its hostname can be validated, treat it as "may be forged", so that the unvalidated hostname is not passed to a milter in xxfi_connect(). * Add a timeout for communication with socket map servers which can be specified using the -d option. * Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow numeric logins even if HESIOD is enabled. - sendmail 8.15.1 * The new option CertFingerprintAlgorithm specifies the finger- print algorithm (digest) to use for the presented cert. If the option is not set, md5 is used and the macro {cert_md5} contains the cert fingerprint. However, if the option is set, the specified algorithm (e.g., sha1) is used and the macro {cert_fp} contains the cert fingerprint. That is, as long as the option is not set, the behaviour does not change, but otherwise, {cert_md5} is superseded by {cert_fp} even if you set CertFingerprintAlgorithm to md5. * The options ServerSSLOptions and ClientSSLOptions can be used to set SSL options for the server and client side respectively. See SSL_CTX_set_options(3) for a list. Note: this change turns on SSL_OP_NO_SSLv2 and SSL_OP_NO_TICKET for the client. See doc/op/op.me for details. * The option CipherList sets the list of ciphers for STARTTLS. See ciphers(1) for possible values. * Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" if a CRLFfile is in use (and LogLevel is 14 or higher.) * Store a more specific TLS protocol version in ${tls_version} instead of a generic one, e.g., TLSv1 instead of TLSv1/SSLv3. * Properly set {client_port} value on little endian machines. Patch from Kelsey Cummings of Sonic.net. * Per RFC 3848, indicate in the Received: header whether SSL or SMTP AUTH was negotiated by setting the protocol clause to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP. * If the 'C' flag is listed as TLSSrvOptions the requirement for the TLS server to have a cert is removed. This only works under very specific circumstances and should only be used if the consequences are understood, e.g., clients may not work with a server using this. * The options ClientCertFile, ClientKeyFile, ServerCertFile, and ServerKeyFile can take a second file name, which must be separated from the first with a comma (note: do not use any spaces) to set up a second cert/key pair. This can be used to have certs of different types, e.g., RSA and DSA. * A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) address. It returns the string for the PTR lookup, but without trailing {ip6,in-addr}.arpa. * New operation mode 'C' just checks the configuration file, e.g., sendmail -C new.cf -bC will perform a basic syntax/consistency check of new.cf. * The mailer flag 'I' is deprecated and will be removed in a future version. * Allow local (not just TCP) socket connections to the server, e.g., O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock can be used. * If the new option MaxQueueAge is set to a value greater than zero, entries in the queue will be retried during a queue run only if the individual retry time has been reached which is doubled for each attempt. The maximum retry time is limited by the specified value. * New DontBlameSendmail option GroupReadableDefaultAuthInfoFile to relax requirement for DefaultAuthInfo file. * Reset timeout after receiving a message to appropriate value if STARTTLS is in use. Based on patch by Kelsey Cummings of Sonic.net. * Report correct error messages from the LDAP library for a range of small negative return values covering those used by OpenLDAP. * Fix compilation with Berkeley DB 5.0 and 6.0. Patch from Allan E Johannesen of Worcester Polytechnic Institute. * CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or nospecial which describes whether to disallow "%" in the local part of an address. * DEVTOOLS: Fix regression in auto-detection of libraries when only shared libraries are available. Problem reported by Bryan Costales. * LIBMILTER: Mark communication socket as close-on-exec in case a user's filter starts other applications. Based on patch from Paul Howarth. - Modified patches sendmail-8.14.9.dif becomes sendmail-8.15.2.dif sendmail-8.14.7-select.dif sendmail-8.14.8-m4header.patch sendmail-fd-passing-libmilter.patch Removed patches sendmail-db6.diff sendmail-8.14.7-warning.patch- Do not enforce dependencies like for amavis and saslauthd- Add patch sendmail-fd-passing-libmilter.patch from Debian sendmail maintainer Mikhail Gusarov to support systemd socket activation support also in libmilter (bnc#879790) - Be aware that /var/run is a symbolic link to /run a tmpfs file system- Update to sendmail 8.14.9 * Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. * Fix a misformed comment in conf.c: "/*" within comment which may cause a compilation error on some systems. Problem reported by John Beck of Oracle. * Fix regression in auto-detection of libraries when only shared libraries are available. Problem reported by Bryan Costales. - Modify patch sendmail-8.14.8.dif which is now sendmail-8.14.9.dif- In systemd mail-transfer-agent.target is gone even if there are MTAs around which will be started without socket/bus activation- Update to sendmail 8.14.8 (bnc#871258) * Properly initialize all OpenSSL algorithms for versions before OpenSSL 0.9.8o. Without this SHA2 algorithms may not work properly, causing for example failures for certs that use sha256WithRSAEncryption as signature algorithm. * When looking up hostnames, ensure only to return those records for the requested family (AF_INET or AF_INET6). On system that have NEEDSGETIPNODE and NETINET6 this may have failed and cause delivery problems. Problem noted by Kees Cook. * A new mailer flag '!' is available to suppress an MH hack that drops an explicit From: header if it is the same as what sendmail would generate. * Add an FFR (for future release) to use uncompressed IPv6 addresses, i.e., they will not contain "::". For example, instead of ::1 it will be 0:0:0:0:0:0:0:1. This means that configuration data (including maps, files, classes, custom ruleset, etc) have to use the same format. This will be turned on in 8.15. It can be enabled in 8.14 by compiling with: APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_IPV6_FULL') in your devtools/Site/site.config.m4 file. * Add an additional case for the WorkAroundBrokenAAAA check when dealing with broken nameservers by ignoring SERVFAIL errors returned on T_AAAA (IPv6) lookups at delivery time. Problem noted by Pavel Timofeev of OCS. * If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to setusercontext() on deliveries as a different user. Patch from Edward Tomasz Napierala from FreeBSD. * Add support for DHParameters 2048-bit primes. * CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov. * LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c. Patch from Bill Parker. * LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations fail. Patch from John Beck of Oracle. * Portability: On Linux use socklen_t as the type for the 3rd argument for getsockname/getpeername if the glibc version is at least 2.1. - Add patch sendmail-8.14.8-m4header.patch from upstream - Update patch sendmail-8.14.7.dif to sendmail-8.14.8.dif - Modify the service files to be able to restart if a reload fails as well as use sync targets nss-user-lookup.target and nss-lookup.target. Also propagate reload from main service to client service and install both- Use _GNU_SOURCE in CFLAGS and %_smp_mflags at make, maybe related to bnc#865232, that is do not reset signal handler but SA_RESTART- Do not use remote-fs.target but local-fs.target to make sure that failing remote/cifs shares let sendmail fail (bnc#855688)- Add config.starttls script to ask mail/imap server for certificates- Add saslauthd as optional requirement in the systemd service unit - Add SENDMAIL_MTA_MODIFIER and SENDMAIL_MTA_SSL_PORT to configuration - Split off SuSE specific file into a own tar ball - Avoid SysVinit boot scripts on systemd based systems- Edit existing /etc/sysconfig/sendmail to add Command line (bnc#839033) - Add a config.sendmail script which calls the update script verbosely- Use /etc/os-release instead of /etc/SuSE-release (bnc#833953)- New rpm had removed "prereq" flag from installation script bits that is that `Requires(prereq)' is not valid anymore :(((- sendmail-8.14.7.dif forces the use of SSL and SASL libraries, so make sure the BuildRequires are there- Add sendmail-db6.diff to fix compile abort with db >= 5- Fix errors in systemd services (bnc#820858).- Remove FAQ.sendmail-8.14 but use a html link to upstream support- Update to sendmail 8.14.7 * Drop support for IPv4-mapped IPv6 addresses to prevent the MTA from using a mapped address over a legitimate IPv6 address and to enforce the proper semantics over the IPv6 connection. Problem noted by Ulrich Sporlein. * Fix a regression introduced in 8.14.6: the wrong list of macros was sent to a milter in the EHLO stage. Problem found by Fabrice Bellet, reported via RedHat (Jaroslav Skarvada). * Fix handling of ORCPT parameter for DSNs: xtext decoding was not performed and a wrong syntax check was applied to the "addr-type" field. Problem noted by Dan Lukes of Obludarium. * Fix handling of NUL characters in the MIME conversion functions so that message bodies containing them will be sent on properly. Note: this usually also affects mails that are not converted as those functions are used for other purposes too. Problem noted by Elchonon Edelson of Lockheed Martin. * Do not perform "duplicate" elimination of recipients if they resolve to the error mailer using a temporary failure (4xy) via ruleset 0. Problem noted by Akira Takahashi of IIJ. * CONTRIB: Updated version of etrn.pl script from John Beck of Oracle. - Update to sendmail 8.14.6 * Fix a regression introduced in 8.14.5: if a server offers two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Problem noted by Lena. * Do not cache hostnames internally in a non case sensitive way as that may cause addresses to change from lower case to upper case or vice versa. These header modifications can cause problems with milters that rely on receiving headers in the same way as they are being sent out such as a DKIM signing milter. * If MaxQueueChildren is set then it was possible that new queue runners could not be started anymore because an internal counter was subject to a race condition. * If a milter decreases the timeout it waits for a communication with the MTA, the MTA might experience a write() timeout. In some situations, the resulting error might have been ignored. Problem noted by Werner Wiethege. Note: decreasing the communication timeout in a milter should not be done without considering the potential problems. * smfi_setsymlist() now properly sets the list of macros for the milter which invoked it, instead of a global list for all milters. Problem reported by David Shrimpton of the University of Queensland. * If Timeout.resolver.retrans is set to a value larger than 20, then resolver.retry was temporarily set to 0 for gethostbyaddr() lookups. Now it is set to 1 instead. Patch from Peter. * If sendmail could not lock the statistics file due to a system error, and sendmail later sends a DSN for a mail that triggered such an error, then sendmail tried to access memory that was freed before (causing a crash on some systems). Problem reported by Ryan Stone. * Do not log negative values for size= nor pri= to avoid confusing log parsers, instead limit the values to LONG_MAX. * Account for an API change in newer versions of Cyrus-SASL. Patch from Hajimu UMEMOTO from FreeBSD. * Do not try to resolve link-local addresses for IPv4 (just as it is done for IPv6). Patch from John Beck of Oracle. * Improve logging of client and server STARTTLS connection failures that may be due to incompatible cipher lists by including the reason for the failure in a single log line. Suggested by James Carey of Boeing. - Drop sendmail-8.14.5-auth2.patch0 as this is part of 8.14.6 - Add sendmail-8.14.7-warning.patch to avoid useless gcc warning - Refresh sendmail-8.14.7-select.dif - Refresh sendmail-8.14.7.dif- explicit buildrequire on groff, called from spec file- buildrequire netcfg explicitly- Make if build even with older distributions- Use UTF-8 messages- Do not depend on broken umask in rpm scriptlets- Make SuSEconfig.sendmail a standalone update script (fate#313548)- Help to do systemctl the obvoisly (bnc#754544)- license update: SUSE-Sendmail SUSE- proprietary prefix added until Sendmail is accepted as valid SPDX license at http://www.spdx.org/licenses- Allow sendmail to authenticate as client to various mail servers in TLS mode even if servers send 2 headers (bnc#731658)- Expand systemd configuration at build time- Use Pre exec files for configuration on the fly- Socket activation does not work for sendmail even with -bs on the command line of sendmail and StandardInput=socket- The approach of using makefiles requires make for sendmail- Make /var/run a ghost entry in spec as this is a tmpfs now and create it at start of sendmail if it does not exist (bnc#710279) - First try of using systemd unit configration files for both sendmail MTA and sendmail MT client. Try to start them on demand using systemd unit socket files for both local and remote network as well as systemd unit path file for local mail queue- Update to sendmail 8.14.5 * Do not cache SMTP extensions across connections as the cache is based on hostname which may not be a unique identifier for a server, i.e., different machines may have the same hostname but provide different SMTP extensions. Problem noted by Jim Hermann. * Avoid an out-of-bounds access in case a resolver reply for a DNS map lookup returns a size larger than 1K. Based on a patch from Dr. Werner Fink of SuSE. * If a job is aborted using the interrupt signal (e.g., control-C from the keyboard), perform minimal cleanup to avoid invoking functions that are not signal-safe. Note: in previous versions the mail might have been queued up already and would be delivered subsequently, now an interrupt will always remove the queue files and thus prevent delivery. * Per RFC 6176, when operating as a TLS client, do not offer SSLv2. * Since TLS session resumption is never used as a client, disable use of RFC 4507-style session tickets. * Work around gcc4 versions which reverse 25 years of history and no longer align char buffers on the stack, breaking calls to resolver functions on strict alignment platforms. Found by Stuart Henderson of OpenBSD. * Read at most two AUTH lines from a server greeting (up to two lines are read because servers may use "AUTH mechs" and "AUTH=mechs"). Otherwise a malicious server may exhaust the memory of the client. Bug report by Nils of MWR InfoSecurity. * Avoid triggering an assertion in the OpenLDAP code when the connection to an LDAP server is lost while making a query. Problem noted and patch provided by Andy Fiddaman. * If ConnectOnlyTo is set and sendmail is compiled with NETINET6 it would try to use an IPv6 address if an IPv4 (or unparseable) address is specified. * If SASLv2 is used, make sure that the macro {auth_authen} is stored in xtext format to avoid problems with parsing it. Problem noted by Christophe Wolfhugel. * CONFIG: FEATURE(`ldap_routing') in 8.14.4 tried to add a missing - T that is required, but failed for some cases that did not use LDAP. This change has been undone until a better solution can be implemented. Problem found by Andy Fiddaman. * CONTRIB: qtool.pl: Deal with H entries that do not have a letter between the question marks. Patch from Stefan Christensen. * DOC: Use a better description for the -i option in sendmail. Patch from Mitchell Berger. - Add defines for nanaosleep and socklen_t for linux in conf.h- prereq init scripts network and syslog- Removed version-specific libdb-4_5-devel from BuildRequires to be able to build against newer libdb Versions.- Newer killproc sends only SIGTERM as required by LSB if -TERM is specified on the command line. Use the default which is SIGTERM followed by SIGKILL if the timeout of 5 seconds is reached.- Use upstream patch for bnc#559517- Update to bug fix release sendmail 8.14.4 * Handle bogus certificates containing NUL characters in CNs by placing a string indicating a bad certificate in the {cn_subject} or {cn_issuer} macro. Patch inspired by Matthias Andree's changes for fetchmail. * During the generation of a queue identifier an integer overflow could occur which might result in bogus characters being used. Based on patch from John Vannoy of Pepperdine University. * Prevent a crash when a hostname lookup returns a seemingly valid result which contains a NULL pointer (this seems to be happening on some Linux versions). * Fix overflow of an internal array when parsing some replies from a milter. Problem found by Scott Rotondo * Fix handling of `b' modifier for DaemonPortOptions on little endian machines for loopback address. Patch from John Beck of Sun Microsystems. * Fix a potential memory leak in libsmdb/smdb1.c found by parfait. Based on patch from Jonathan Gray of OpenBSD. * Fix memory leak that occurred when smfi_setsymlist() was used. Based on patch by Dan Lukes. - Add patch to avoid overflow of buffer for DNS resolver (bnc#559517)cloud127 1549898461  !"#$%&'()*+,-./0123458.15.2-lp150.5.3.1libmilterapi.htmldesign.htmlfigure1.figfigure1.jpgfigure1.psfigure2.figfigure2.jpgfigure2.psindex.htmlinstallation.htmlother.htmloverview.htmlsample.htmlsmfi_addheader.htmlsmfi_addrcpt.htmlsmfi_addrcpt_par.htmlsmfi_chgfrom.htmlsmfi_chgheader.htmlsmfi_delrcpt.htmlsmfi_getpriv.htmlsmfi_getsymval.htmlsmfi_insheader.htmlsmfi_main.htmlsmfi_opensocket.htmlsmfi_progress.htmlsmfi_quarantine.htmlsmfi_register.htmlsmfi_replacebody.htmlsmfi_setbacklog.htmlsmfi_setconn.htmlsmfi_setconn.html.fdmiltsmfi_setdbg.htmlsmfi_setmlreply.htmlsmfi_setpriv.htmlsmfi_setreply.htmlsmfi_setsymlist.htmlsmfi_settimeout.htmlsmfi_stop.htmlsmfi_version.htmlxxfi_abort.htmlxxfi_body.htmlxxfi_close.htmlxxfi_connect.htmlxxfi_data.htmlxxfi_envfrom.htmlxxfi_envrcpt.htmlxxfi_eoh.htmlxxfi_eom.htmlxxfi_header.htmlxxfi_helo.htmlxxfi_negotiate.htmlxxfi_unknown.html/usr/share/doc/packages/sendmail//usr/share/doc/packages/sendmail/libmilter/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9624/openSUSE_Leap_15.0_Update/5ab701eabb6426314ab84aa482640695-sendmail.openSUSE_Leap_15.0_Updatedrpmxz5x86_64-suse-linuxdirectoryHTML document, ASCII textFIG image text, version 3.2, ASCII textJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Image generated by Aladdin Ghostscript (device=ppmraw)", baseline, precision 8, 301x190, frames 3PostScript document text conforming DSC level 2.0JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "Image generated by Aladdin Ghostscript (device=ppmraw)", baseline, precision 8, 562x305, frames 3C source, ASCII textr@Ql;utf-88664f2fdb5844d050ee8b9cdc54bd7fb51f1c555ef9501e741492363f2307e08?P7zXZ !t/ ]"k%AK嗥|놀uKLH;hƀtB^'s-BLU]O2Pb{sM Ι__+m^q~f /v|7v*Q1sVx5rh;_{J> ) xOH{6N!/Q$O R>4rmM"ւ{plGjK^e(xw)yq@Cn-H `)ddvwA{s zX4P}g:ТE_JA'ֆB& t%\9ZT {/;R32IRW>u<`)SSg7/Eb$%ؙݒ ^1m{vO~AOQʉG+21 X_\|l_;\ /H+ĩZD I|W2 v0)9C=)2jKK;ewJJf l5.7Ck&?Llҁ-[tDn,FЗV^(4g5eL Ui%nf?]R*t6x'|)ϫ(MiV~GIE^r*K(P beqs!wob;ŮX^C1t_C~UZxuEq[r_Tr`u:_+C*帔yZ=a.kK]r)pruL *m[&WĎT{.BD躎|,n lƅ+~{+Z$RC9ṋ&g>AYD~e=[kv6/uyw4C^kTcB$uP_`e ZԳF?m2A7-w[v-YYv(DF%?;/t+F 5[:@yl$cIkVG.f5t(鍨ڙ7 zFzD~f^ HK_PI'o 4( 0kk1 YZ