| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: rmail | Distribution: openSUSE:Factory:zSystems |
| Version: 8.17.2 | Vendor: openSUSE |
| Release: 2.1 | Build date: Tue Dec 26 18:35:16 2023 |
| Group: Productivity/Networking/Email/Servers | Build host: s390zl23 |
| Size: 65827 | Source RPM: sendmail-8.17.2-2.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.sendmail.org/ | |
| Summary: Rmail of the BSD Sendmail | |
Rmail interprets incoming mail received via uucp and passing the processed mail on to the MTA (e.g. sendmail).
Sendmail
* Mon Dec 18 2023 Dr. Werner Fink <werner@suse.de>
- There is no such beast called var-run.mount anymore
* Fri Jun 23 2023 Dr. Werner Fink <werner@suse.de>
- Update to pre version sendmail 8.17.2
* Make sure DANE checks (if enabled) are performed even if
CACertPath or CACertFile are not set or unusable.
* Note: if the code to set up TLS in the client fails, then
{verify} will be set to TEMP but DANE requirements
will be ignored, i.e., by default mail will be sent
without STARTTLS. This can be changed via a
LOCAL_TLS_SERVER ruleset.
* Pass server name to clt_features ruleset instead of client
name to account for limitations in macro availability
described below in CONFIG section. This may break
custom clt_features rulesets which expect to receive
the client name as input.
* Fix a regression introduced in 8.17.1: aliases file which
contain continuation lines caused parsing errors.
* Add an FFR (for future release) compile time option _FFR_LOG_STAGE
to log the protocol stage as stage= for some errors during
delivery attempts to make troubleshooting simpler. This
new logging may be enabled in a future release.
* When EAI is enabled, milters also got the arguments of MAIL/RCPT
commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt()
callbacks instead of just the mail address.
Problem reported by Dilyan Palauzo.
* When EAI is enabled, mailq prints UTF-8 addresses as such
if SMTPUTF8 was used.
* When EAI is enabled, the $h macro is now in the correct format.
Previously this could cause wrong values for relay=
in log entries and the mailer argument vector.
* When the compile time option USE_EAI is enabled, vacation could
fail to respond when it should. Problem reported by
Alex Hautequest.
* When EAI was enabled, header truncation might not have been
logged even when it happened. Problem reported by
Werner Wiethege.
* Handle a possible change in an upcoming release of Cyrus-SASL
(2.1.28) by changing the definition of an internal flag.
Patch from Dilyan Palauzo.
* Avoid an assertion failure when an smtps connection is made
to the server and a milter is unavailable.
Problem reported by Dilyan Palauzo.
* Fixed some spelling errors in documentation and comments,
based on a codespell report by Jens Schleusener
of fossies.org.
* The result of try_tls is now logged using status= instead
of reject=.
* If tls_rcpt rejected the delivery of a recipient then a bogus
dsn= entry might have been logged under some circumstances.
* If a server replied with 421 to a RCPT command then a bogus reply=
might have been logged.
* When quoting the value for ${currHeader} avoid causing a syntax
error (Unbalanced '"') when truncating a header value
which is too long. Problem reported by Werner Wiethege.
* Reduce the performance impact of a change introduced in
8.12.9: the default for MaxMimeHeaderLength was
set to 2048/1024. Problem reported by Tabata
Shintaro of Internet Initiative Japan Inc.
* CONFIG: The default clt_features ruleset tried to access
${server_name} and ${server_addr} which are not set
when the ruleset is invoked. Only the server name
is available which is passed as an argument.
* CONFIG: Properly quote host variable to prevent cf build
breakage when a hostname contains 'dnl'. Problem
reported by Maxim Shalomikhin of Kaspersky.
* DEVTOOLS: Add configure.sh support for BSD's mandoc as an
alternative man page formatting tool.
* DOC: Document that USAGE is a possible value for {verify}.
* LIBMILTER: The macros for the EOH and EOM callbacks are
sent in reverse order which means accessing macros
in the EOM callback got the macro for the EOH
callback. Store those macros in the expected order
in libmilter. Note: this does not affect sendmail
because the macros for both callbacks are the same
because the message is sent to libmilter after it
is completely read by sendmail. Fix and problem
report from David Buergin.
* Portability:
Make use of IN_LOOPBACK, if defined, to determine if
using a loopback address. Patch from Mike Karels of
FreeBSD.
On Linux use gethostbyname2(3) if glibc 2.19 or newer
is used to avoid potential problems with IPv6 lookups.
Patch from Werner Wiethege.
Add support for Darwin 21 and Darwin 22.
Solaris 12 has been renamed to Solaris 11.4, hence
adapt a condition for sigwait(2) taking one argument.
Patch from John Beck.
- Port and rename patch sendmail-8.17.1.dif which is now sendmail-8.17.2.dif
* Thu Jun 01 2023 Werner Fink <werner@suse.de>
- Use the bash intrinsic virtual file /dev/tcp/localhost/<port>
to check for MTA port
* Wed May 31 2023 Dr. Werner Fink <werner@suse.de>
- Avoid fuser for detecting if sendmail is listen on MTA port
* Tue Feb 14 2023 Dr. Werner Fink <werner@suse.de>
- Drop NIS/NISPLUS support for Tumbleweed (boo#1208221)
* Tue Jan 24 2023 Dominique Leuenberger <dimstar@opensuse.org>
- Fix source URLs: ftp.sendmail.com was restructured and the
pub/sendmail directory is now the root directory.
* Tue Jan 24 2023 Dr. Werner Fink <werner@suse.de>
- Switch over to https URLs
* Fri Jan 20 2023 Thorsten Kukuk <kukuk@suse.com>
- Fix wrong "without sysvinit", don't require sysvinit in that case
* Wed Dec 28 2022 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
* Tue Oct 25 2022 Dr. Werner Fink <werner@suse.de>
- Remove maybe perilous shell script code from sm-client.pre (boo#1202937)
* Wed Oct 05 2022 Dr. Werner Fink <werner@suse.de>
- Use group(mail) and user(mail) only on modern distributions
* Fri Sep 16 2022 Dr. Werner Fink <werner@suse.de>
- Do not start sendmail-client as user mail as this one is not
allowed to check port smtp aka 25
- Fix sm-client.pre script as ports are not only numbers but
also alias names
* Fri Sep 16 2022 Dr. Werner Fink <werner@suse.de>
- Rework system service unit files
* sendmail-client now use user and group mail which requires
* /etc/mail/system/ becomes readable by all users e.g. mail
* sendmail now uses -bD to avoid a fork, this requires Type=exec
- Various bug fixes
- Require user and group mail for post and verify scriptlets
- Add a %ghost for /run/sendmail whic his created by
tmpfile systemd configuration of sendmail
* Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de>
- Own /var/spool/mail (boo#1179574)
* Thu Jul 14 2022 Dr. Werner Fink <werner@suse.de>
- Avoid older alias.db
- Avoid that sendmail can not write its pid file
- Allow sendmail and its helper like maildrop and procmail
to write into the users mail folder
* Tue Feb 01 2022 Dr. Werner Fink <werner@suse.de>
- Allow mail delivery below /home again, that is disable
"ProtectHome=read-only" for now
* Tue Jan 25 2022 Dr. Werner Fink <werner@suse.de>
- No snapshots
* Tue Jan 18 2022 Dr. Werner Fink <werner@suse.de>
- Update to final version sendmail 8.17.1
* Several potential memory leaks and other similar problems
(mostly in error handling code) have been fixed.
Problems reported by Tomas Korbar of RedHat.
- Port patches to new version
* sendmail-8.14.7-select.dif
* sendmail-8.17.1.dif
* Tue Nov 16 2021 Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* sendmail-client.service
* sendmail.service
* Tue Jul 06 2021 Dr. Werner Fink <werner@suse.de>
- Require libopenssl-1_1-devel on older SLE-11
* Thu Jul 01 2021 Dr. Werner Fink <werner@suse.de>
- Re-add 'sysvinit(network)' build dependency
* Tue Jun 29 2021 Dr. Werner Fink <werner@suse.de>
- Use %set_permissions on path /var/spool/clientmqueue/ as well (boo#1187809)
* Fri Jun 25 2021 Dr. Werner Fink <werner@suse.de>
- Update to pre version sendmail 8.17.1 (8.17.0.3) (boo#1187688)
* Deprecation notice: due to compatibility problems with some
third party code, we plan to finally switch from K&R
to ANSI C. If you are using sendmail on a system
which does not have a compiler for ANSI C contact us
with details as soon as possible so we can determine
how to proceed.
* Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SMTPUTF8.
If a mail submission via the command line requires
the use of SMTPUTF8, e.g., because a header uses UTF-8
encoding, but the addresses on the command line are all
ASCII, then the new option -U must be used, and
the cf option SMTPUTF8 must be set in submit.cf.
Please test and provide feedback.
* Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS (which requires
STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
* New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
* New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
* Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
* Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
* Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
* Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
* Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
* CDB map locking has been changed so a sendmail process which
does have a CDB map open does not block an in-place
update of the map by makemap. The simple workaround
for that problem in earlier versions is to create
the map under a different name and then move it
into place.
* CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
* CONFIG: FEATURE(`tls_failures') is deprecated and will be
removed in future versions because it has a fundamental
problem: it is message oriented but STARTTLS is
session oriented. For example, having multiple
RCPTs in one envelope for different destinations,
with different temporary errors, does not work
properly, as the persistent macro applies to all
RCPTs and hence implicitly to all destinations (servers).
The option TLSFallbacktoClear should be used if needed.
* MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
* Portability:
Add support for Darwin 19 & 20.
NOTE: File locking using fcntl() does not interoperate
with Berkeley DB 5.x (and probably later). Use
CDB, flock() (-DHASFLOCK), or an earlier Berkeley
DB version. Problem noted by Harald Hannelius.
* New Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x
devtools/OS/Darwin.20.x
include/sm/ixlen.h
libsm/ilenx.c
libsm/lowercase.c
libsm/strcaseeq.c
libsm/t-ixlen.c
libsm/t-ixlen.sh
libsm/t-streq.c
libsm/t-streq.sh
libsm/utf8_valid.c
libsm/uxtext_unquote.c
libsm/xleni.c
libsmutil/t-lockfile.c
libsmutil/t-lockfile-0.sh
libsmutil/t-maplock-0.sh
* New compile time option NO_EOH_FIELDS to disable the special
meaning of the headers Message: and Text: to denote the
end of the message header.
* CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett.
* CONTRIB: Added cidrexpand -O option for suppressing duplicates from
a CIDR expansion that overlaps a later entry and -S option
for skipping comments exactly like makemap does.
* Portability:
Add support for Darwin 19 (Mac OS X 10.15).
Use proper FreeBSD version define to allow for cross
compiling. Fix from Brooks Davis of the FreeBSD
project.
* New Files:
devtools/OS/Darwin.19.x
- Modify patches
* sendmail-8.14.7-select.dif
* sendmail-fd-passing-libmilter.patch
- Modify and renama patch sendmail-8.16.1.dif which is now sendmail-8.17.1.dif
- Enable experimental support for SMTPUTF8 as well
SMTP MTA Strict Transport Security
- Update keyring
- Make it build for older products as well
* Fri Jun 04 2021 Callum Farmer <gmbr3@opensuse.org>
- sendmail-suse.tar.bz2: don't set /var/spool/mail perms, it is
part of filesystem
* Fri May 28 2021 Dr. Werner Fink <werner@suse.de>
- sendmail-suse.tar.bz2: add file tmpfile which will be installed
in tmpfiles.d as sendmail.conf. With this /run/sendmail will
be created at boot.
- Fix locations in permissions files to fit _libexecdir change (boo#1186592)
* Thu May 27 2021 Matthias Gerstner <matthias.gerstner@suse.com>
- sendmail-suse.tar.bz2: add trailing slash to permissions entries for
/var/spool/mail, because it is a directory and `chkstat` expects trailing
slashes for directories.
* Sun May 16 2021 Callum Farmer <gmbr3@opensuse.org>
- Remove /var/mail to /var/spool/mail patch
* Tue Mar 23 2021 Dr. Werner Fink <werner@suse.de>
- Make IPv6 work even with IPv4 in parallel
* Tue Feb 09 2021 Dominique Leuenberger <dimstar@opensuse.org>
- Fix up build dependencies. The construct:
%%if %%{undefined systemd_requires}\n%%global with_sysvinit 1
does not work as intended. The OBS scheduler for example does not
have all the macros coming from 'random' rpmmacro files/packages
(systemd-rpm-macros in this case) present, as such for OBS,
systemd_requires is undefined, which in turn pulls in
insserv_prereq. The build itself then does not use it though, as
at this time, the correct macros are known (inside the build VM).
- As we're at it: replace systemd_requires with systemd_ordering:
people installing sendmail into a container do not require
systemd as a dependency there. But for people installing sendmail
in a transaction together with systemd, we prefer systemd to be
installed first.
* Fri Jan 29 2021 Dr. Werner Fink <werner@suse.de>
- Correct path of update script for older products/distributions
* Wed Jan 27 2021 Dr. Werner Fink <werner@suse.de>
- Add qtool perl script from contrib as this is very handy
- Make GLIBC_VERSION macro work again
* Wed Jan 27 2021 Dr. Werner Fink <werner@suse.de>
- Move SMTPD_LISTEN_REMOTE hack into valid code of update script
- Change location of update script in fillup/sysconfig files
* Tue Jan 26 2021 Dr. Werner Fink <werner@suse.de>
- Add better support for IPv6
- Fix bug in udage of fillup_only macro to get sysconfig file for
sendmail written by fillup
* Tue Oct 27 2020 Matthias Gerstner <matthias.gerstner@suse.com>
- cleanup the sendmail permissions profile:
- /var/run/sendmail was last used in SLE-11 with systemv init, is no longer
required.
- /var/spool/clientmqueue is now owned by the system-user-mail package.
Nobody is calling %set_permissions and %verify_permissions on this
directory anymore, therefore the permissions entry is useless.
- /var/spool/mail is the same for all permissions profiles and also managed
by systemd-tmpfiles via the filesystem package (fs-var.conf).
* Thu Oct 08 2020 Matthias Gerstner <matthias.gerstner@suse.com>
- adjust permissions.d entries to new %libexedir location (bsc#1171164).
* Tue Jul 28 2020 Dr. Werner Fink <werner@suse.de>
- Fix same strange permissions below /usr/share/sendmail
* Tue Jul 28 2020 Dr. Werner Fink <werner@suse.de>
- Update to sendmail 8.16.1 2020/07/05 (boo#1174572)
SECURITY: If sendmail tried to reuse an SMTP session which had
already been closed by the server, then the connection
cache could have invalid information about the session.
One possible consequence was that STARTTLS was not
used even if offered. This problem has been fixed
by clearing out all relevant status information
when a closed session is encountered.
OpenSSL versions before 0.9.8 are no longer supported.
OpenSSL version 1.1.0 and 1.1.1 are supported.
Initial support for DANE (see RFC 7672 et.al.) is available if
the compile time option DANE is set. Only TLSA RR 3-1-x
is currently implemented.
New options SSLEngine and SSLEnginePath to support OpenSSL engines.
Note: this feature has so far only been tested with the
"chil" engine; please report problems with other engines
if you encounter any.
New option CRLPath to specify a directory which contains
hashes pointing to certificate revocations files.
Based on patch from Al Smith.
New rulesets tls_srv_features and tls_clt_features which
can return a (semicolon separated) list of TLS related
options, e.g., CipherList, CertFile, KeyFile,
see doc/op/op.me for details.
To automatically handle TLS interoperability problems for outgoing
mail, sendmail can now immediately try a connection again
without STARTTLS after a TLS handshake failure.
This can be configured globally via the option
TLSFallbacktoClear or per session via the 'C' flag
of tls_clt_features.
This also adds the new value "CLEAR" for the macro
{verify}: STARTTLS has been disabled internally for
a clear text delivery attempt.
Apply Timeout.starttls also to the server waiting for the TLS
handshake to begin. Based on patch from Simon Hradecky.
New compile time option TLS_EC to enable the use of elliptic
curve cryptography in STARTTLS (previously available as
_FFR_TLS_EC).
Handle MIME boundaries specified in headers which contain CRLF.
Fix detection of loopback net (it was broken when compiled
with NETINET6) and only set the macros {if_addr_out}
and {if_family_out} if the interface of the outgoing
connection does not belong to the loopback net.
Fix logic to enable a milter to delete a recipient in
DeliveryMode=interactive even if it might be subject
to alias expansion.
Log name of a milter making changes (this was missing for
some functions).
Log the actual reply of a server when an SMTP delivery problem
occurs in a "reply=" field if possible.
Log user= for failed AUTH attempts if possible. Based on
patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
and Joe Quinn.
Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
no changes can be made after it is created, hence it
does not work with vacation(1) nor editmap(8) (except
for query mode).
Fix some memory leaks (mostly in error cases) and properly handle
copied varargs in sm_io_vfprintf(). The issues were found
using Coverity Scan and reported (including patches) by
Ondřej Lysoněk of Red Hat.
Do not override ServerSSLOptions and ClientSSLOptions when they
are specified on the command line. Based on patch from
Hiroki Sato.
Add RFC7505 Null MX support for domains that declare they do not
accept mail.
New compile time option LDAP_NETWORK_TIMEOUT which is set
automatically when LDAPMAP is used and
LDAP_OPT_NETWORK_TIMEOUT is available to enable the
new -c option for LDAP maps to specify the network timeout.
CONFIG: New FEATURE(`tls_session_features') to enable standard
rules for tls_srv_features and tls_clt_features; for
details see cf/README.
CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
for SSLEngine and SSLEnginePath, respectively.
CONFIG: New options confDANE to enable DANE support.
CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
CONFIG: New extension CITag: for TLS restrictions, see cf/README
for details.
CONFIG: FEATURE(`blacklist_recipients') renamed to
FEATURE(`blocklist_recipients').
CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
canonicalize IPv6 addresses; if cidrexpand is used with IPv6
addresses then UseCompressedIPv6Addresses must be disabled.
DOC: The dns map can return multiple values in a single result
if the -z option is used.
DOC: Note to set MustQuoteChars=. due to DKIM signatures.
LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
of Alcatel-Lucent.
LIBMILTER: Fix reference in xxfi_negotiate documentation.
Patch from Sven Neuhaus.
LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
Patch from G.W. Haywood.
LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
Patch from Martin Svec.
MAKEMAP: New map type "implicit" refers to the first available type,
i.e., it depends on the compile time options NEWDB, DBM,
and CDB. This can be used in conjunction with the
"implicit" map type in sendmail.cf.
Note: makemap, libsmdb, and sendmail must be compiled
with the same options (and library versions of course).
Portability:
Add support for Darwin 14-18 (Mac OS X 10.x).
New option HAS_GETHOSTBYNAME2: set if your system
supports gethostbyname2(2).
Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
changes in sys/sem.h
On Linux set MAXHOSTNAMELEN (the maximum length
of a FQHN) to 256 if it is less than that value.
Added Files:
cf/feature/blocklist_recipients.m4
cf/feature/tls_failures.m4
devtools/OS/Darwin.14.x
devtools/OS/Darwin.15.x
devtools/OS/Darwin.16.x
libsmdb/smcdb.c
sendmail/ratectrl.h
- Add upstream keyring and verify source signature
- Use DANE and TLS_EC
- Remove obsolete patches now solved upstream
* 8.15.2.mci.p0
* sendmail-8.15.2-glibc-2.30.patch
* sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
* sendmail-8.15.2-openssl-1.1.0-fix.patch
- Port patches
* sendmail-8.14.7-select.dif
* sendmail-fd-passing-libmilter.patch
- Port and rename patch sendmail-8.15.2.dif which is now sendmail-8.16.1.dif
* Tue Jun 23 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec
- Spec file cleanups
* Wed Jun 10 2020 Matthias Gerstner <matthias.gerstner@suse.com>
- sendmail-suse.tar.bz2: fix rpmlint warning W: permissions-dir-without-slash
for /var/spool/clientmqueue. This wasn't noticed before, because the
directory is not packaged by sendmail but by system-user-mail.
* Thu Jan 30 2020 Dr. Werner Fink <werner@suse.de>
- Add upstream patch 8.15.2.mci.p0 (boo#1164084)
* If sendmail tried to reuse an SMTP session which had already been
closed by the server, then the connection cache could have invalid
information about the session. One possible consequence was that
STARTTLS was not used even if offered.
/usr/bin/rmail /usr/share/man/man8/rmail.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Mar 9 12:50:11 2024