Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libmilter1_0-8.18.1-2.6 RPM for i586

From OpenSuSE Ports Tumbleweed for i586

Name: libmilter1_0 Distribution: openSUSE Tumbleweed
Version: 8.18.1 Vendor: openSUSE
Release: 2.6 Build date: Mon Feb 26 14:07:48 2024
Group: System/Libraries Build host: reproducible
Size: 75872 Source RPM: sendmail-8.18.1-2.6.src.rpm
Packager: http://bugs.opensuse.org
Url: http://www.sendmail.org/
Summary: BSD Sendmail Content Management API (milter)
Sendmail's Content Management API (milter) provides third-party programs to
access mail messages as they are being processed by the Mail Transfer Agent
(MTA), allowing them to examine and modify message content and
meta-information. Filtering policies implemented by Milter-conformant filters
may then be centrally configured and composed in an end-user's MTA
configuration file.

"sendmail" is a trademark of Sendmail, Inc.

Provides

Requires

License

Sendmail

Changelog

* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Mon Feb 05 2024 Dr. Werner Fink <werner@suse.de>
  - Update to version sendmail 8.18.1 2024/01/31
    * sendmail is now stricter in following the RFCs and rejects
      some invalid input with respect to line endings
      and pipelining:
    - Prevent transaction stuffing by ensuring SMTP clients
      wait for the HELO/EHLO and DATA response before sending
      further SMTP commands.  This can be disabled using
      the new srv_features option 'F'.  Issue reported by
      Yepeng Pan and Christian Rossow from CISPA Helmholtz
      Center for Information Security.
    - Accept only CRLF . CRLF as end of an SMTP message
      as required by the RFCs, which can disabled by the
      new srv_features option 'O'.
    - Do not accept a CR or LF except in the combination
      CRLF (as required by the RFCs).  These checks can
      be disabled by the new srv_features options
      'U' and 'G', respectively.  In this case it is
      suggested to use 'u2' and 'g2' instead so the server
      replaces offending bare CR or bare LF with a space.
      It is recommended to only turn these protections off
      for trusted networks due to the potential for abuse.
    * Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
      are used, i.e., TLSA RR 2-x-y and 3-x-y are supported
      as required by RFC 7672.
    * OpenSSL version 3.0.x is supported.  Note: OpenSSL 3 loads by
      default an openssl.cnf file from a location specified
      in the library which may cause unwanted behaviour
      in sendmail.  Hence sendmail sets the environment
      variable OPENSSL_CONF to /etc/mail/sendmail.ossl
      to override the default.  The file name can be
      changed by defining confOPENSSL_CNF in the mc file;
      using an empty value prevents setting OPENSSL_CONF.
      Note: referring to a file which does not exist does
      not cause an an error.
    * Two new values have been added for {verify}:
      "DANE_TEMP": DANE verification failed temporarily.
      "DANE_NOTLS": DANE was required but STARTTLS was not
      offered by the server.
      The default rules return a temporary error for these
      cases, so delivery is not attempted.
    * If the TLS setup code in the client fails and DANE requirements
      exist then {verify} will be set to "DANE_TEMP" thus
      preventing delivery by default.
    * DANE related logging has been slightly changed for clarification:
      "DANE configured in DNS but no STARTTLS available"
      changed to
      "DANE configured in DNS but STARTTLS not offered"
    * When the compile time option USE_EAI is enabled, vacation could
      fail to respond when it should (the code change in
      8.17.2 was incomplete).  Problem reported by Alex
      Hautequest.
    * If SMTPUTF8 BODY=7BIT are used as parameters for the MAIL command
      the parsing of UTF8 addresses could fail (USE_EAI).
    * If a reply to a previous RCPT was received while sending
      another RCPT in pipelining mode then parts of the
      reply could have been assigned to the wrong RCPT.
    * New DontBlameSendmail option CertOwner to relax requirement
      for certificate public and private key ownership.
      Based on suggestion from Marius Strobl of the
      FreeBSD project.
    * clt_features was not checked for connections via Unix domain
      sockets.
    * CONFIG: FEATURE(`enhdnsbl') did not handle multiple replies
      from DNS lookups thus potentially causing random
      "false negatives".
      Note: the fix creates an incompatibility:
      the arguments must not have a trailing dot anymore
      because the -a. option has been removed (as it only
      applies to the entire result, not individual values).
    * CONFIG: New FEATURE(`fips3') for basic FIPS support in OpenSSL 3.
    * VACATION: Add support for Return-Path header to set sender
      to match OpenBSD and NetBSD functionality.
    * VACATION: Honor RFC3834 and avoid an auto-reply if
      'Auto-Submitted: no' is found in the headers to
      match OpenBSD and NetBSD functionality.
    * VACATION: Avoid an auto-reply if a 'List-Id:' is found in
      the headers to match OpenBSD functionality.
    * VACATION: Add support for $SUBJECT in .vacation.msg which
      is replaced with the first line of the subject of the
      original message to match OpenBSD and NetBSD
      functionality.
    * New Files:
      cf/feature/fips3.m4
      devtools/OS/Darwin.23.x
  - This release fixes CVE-2023-51765 (bsc#1218351)
  - Port and rename patch sendmail-8.17.2.dif which is now sendmail-8.18.1.dif
* Tue Jan 30 2024 Dr. Werner Fink <werner@suse.de>
  - Correct permisson files path to /usr/share/permissions/permissions.d/ (boo#1219339)
* Tue Jan 30 2024 Dr. Werner Fink <werner@suse.de>
  - Fix file provides of openssl and timeout
* Thu Jan 25 2024 Dr. Werner Fink <werner@suse.de>
  - Avoid error messages of chkstat as this tools does not
    accept slashes at the end of directory paths!
  - Move sendmails permissions files to /usr/share/permissions/
* Wed Jan 17 2024 Dr. Werner Fink <werner@suse.de>
  - Work on certificates usage of smart and relay host
  - Work on certificates for running sendmail
* Mon Dec 18 2023 Dr. Werner Fink <werner@suse.de>
  - There is no such beast called var-run.mount anymore
* Fri Jun 23 2023 Dr. Werner Fink <werner@suse.de>
  - Update to pre version sendmail 8.17.2
    * Make sure DANE checks (if enabled) are performed even if
      CACertPath or CACertFile are not set or unusable.
    * Note: if the code to set up TLS in the client fails, then
      {verify} will be set to TEMP but DANE requirements
      will be ignored, i.e., by default mail will be sent
      without STARTTLS.  This can be changed via a
      LOCAL_TLS_SERVER ruleset.
    * Pass server name to clt_features ruleset instead of client
      name to account for limitations in macro availability
      described below in CONFIG section.  This may break
      custom clt_features rulesets which expect to receive
      the client name as input.
    * Fix a regression introduced in 8.17.1: aliases file which
      contain continuation lines caused parsing errors.
    * Add an FFR (for future release) compile time option _FFR_LOG_STAGE
      to log the protocol stage as stage= for some errors during
      delivery attempts to make troubleshooting simpler.  This
      new logging may be enabled in a future release.
    * When EAI is enabled, milters also got the arguments of MAIL/RCPT
      commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt()
      callbacks instead of just the mail address.
      Problem reported by Dilyan Palauzo.
    * When EAI is enabled, mailq prints UTF-8 addresses as such
      if SMTPUTF8 was used.
    * When EAI is enabled, the $h macro is now in the correct format.
      Previously this could cause wrong values for relay=
      in log entries and the mailer argument vector.
    * When the compile time option USE_EAI is enabled, vacation could
      fail to respond when it should.  Problem reported by
      Alex Hautequest.
    * When EAI was enabled, header truncation might not have been
      logged even when it happened. Problem reported by
      Werner Wiethege.
    * Handle a possible change in an upcoming release of Cyrus-SASL
      (2.1.28) by changing the definition of an internal flag.
      Patch from Dilyan Palauzo.
    * Avoid an assertion failure when an smtps connection is made
      to the server and a milter is unavailable.
      Problem reported by Dilyan Palauzo.
    * Fixed some spelling errors in documentation and comments,
      based on a codespell report by Jens Schleusener
      of fossies.org.
    * The result of try_tls is now logged using status= instead
      of reject=.
    * If tls_rcpt rejected the delivery of a recipient then a bogus
      dsn= entry might have been logged under some circumstances.
    * If a server replied with 421 to a RCPT command then a bogus reply=
      might have been logged.
    * When quoting the value for ${currHeader} avoid causing a syntax
      error (Unbalanced '"') when truncating a header value
      which is too long.  Problem reported by Werner Wiethege.
    * Reduce the performance impact of a change introduced in
      8.12.9: the default for MaxMimeHeaderLength was
      set to 2048/1024.  Problem reported by Tabata
      Shintaro of Internet Initiative Japan Inc.
    * CONFIG: The default clt_features ruleset tried to access
      ${server_name} and ${server_addr} which are not set
      when the ruleset is invoked.  Only the server name
      is available which is passed as an argument.
    * CONFIG: Properly quote host variable to prevent cf build
      breakage when a hostname contains 'dnl'.  Problem
      reported by Maxim Shalomikhin of Kaspersky.
    * DEVTOOLS: Add configure.sh support for BSD's mandoc as an
      alternative man page formatting tool.
    * DOC: Document that USAGE is a possible value for {verify}.
    * LIBMILTER: The macros for the EOH and EOM callbacks are
      sent in reverse order which means accessing macros
      in the EOM callback got the macro for the EOH
      callback. Store those macros in the expected order
      in libmilter. Note: this does not affect sendmail
      because the macros for both callbacks are the same
      because the message is sent to libmilter after it
      is completely read by sendmail.  Fix and problem
      report from David Buergin.
    * Portability:
      Make use of IN_LOOPBACK, if defined, to determine if
      using a loopback address.  Patch from Mike Karels of
      FreeBSD.
      On Linux use gethostbyname2(3) if glibc 2.19 or newer
      is used to avoid potential problems with IPv6 lookups.
      Patch from Werner Wiethege.
      Add support for Darwin 21 and Darwin 22.
      Solaris 12 has been renamed to Solaris 11.4, hence
      adapt a condition for sigwait(2) taking one argument.
      Patch from John Beck.
  - Port and rename patch sendmail-8.17.1.dif which is now sendmail-8.17.2.dif
* Thu Jun 01 2023 Werner Fink <werner@suse.de>
  - Use the bash intrinsic virtual file /dev/tcp/localhost/<port>
    to check for MTA port
* Wed May 31 2023 Dr. Werner Fink <werner@suse.de>
  - Avoid fuser for detecting if sendmail is listen on MTA port
* Tue Feb 14 2023 Dr. Werner Fink <werner@suse.de>
  - Drop NIS/NISPLUS support for Tumbleweed (boo#1208221)
* Tue Jan 24 2023 Dominique Leuenberger <dimstar@opensuse.org>
  - Fix source URLs: ftp.sendmail.com was restructured and the
    pub/sendmail directory is now the root directory.
* Tue Jan 24 2023 Dr. Werner Fink <werner@suse.de>
  - Switch over to https URLs
* Fri Jan 20 2023 Thorsten Kukuk <kukuk@suse.com>
  - Fix wrong "without sysvinit", don't require sysvinit in that case
* Wed Dec 28 2022 Stefan Schubert <schubi@suse.com>
  - Migration of PAM settings to /usr/lib/pam.d.
* Tue Oct 25 2022 Dr. Werner Fink <werner@suse.de>
  - Remove maybe perilous shell script code from sm-client.pre (boo#1202937)
* Wed Oct 05 2022 Dr. Werner Fink <werner@suse.de>
  - Use group(mail) and user(mail) only on modern distributions
* Fri Sep 16 2022 Dr. Werner Fink <werner@suse.de>
  - Do not start sendmail-client as user mail as this one is not
    allowed to check port smtp aka 25
  - Fix sm-client.pre script as ports are not only numbers but
    also alias names
* Fri Sep 16 2022 Dr. Werner Fink <werner@suse.de>
  - Rework system service unit files
    * sendmail-client now use user and group mail which requires
    * /etc/mail/system/ becomes readable by all users e.g. mail
    * sendmail now uses -bD to avoid a fork, this requires Type=exec
  - Various bug fixes
  - Require user and group mail for post and verify scriptlets
  - Add a %ghost for /run/sendmail whic his created by
    tmpfile systemd configuration of sendmail
* Tue Sep 06 2022 Ludwig Nussel <lnussel@suse.de>
  - Own /var/spool/mail (boo#1179574)
* Thu Jul 14 2022 Dr. Werner Fink <werner@suse.de>
  - Avoid older alias.db
  - Avoid that sendmail can not write its pid file
  - Allow sendmail and its helper like maildrop and procmail
    to write into the users mail folder
* Tue Feb 01 2022 Dr. Werner Fink <werner@suse.de>
  - Allow mail delivery below /home again, that is disable
    "ProtectHome=read-only" for now
* Tue Jan 25 2022 Dr. Werner Fink <werner@suse.de>
  - No snapshots
* Tue Jan 18 2022 Dr. Werner Fink <werner@suse.de>
  - Update to final version sendmail 8.17.1
    * Several potential memory leaks and other similar problems
      (mostly in error handling code) have been fixed.
      Problems reported by Tomas Korbar of RedHat.
  - Port patches to new version
    * sendmail-8.14.7-select.dif
    * sendmail-8.17.1.dif
* Tue Nov 16 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Modified:
    * sendmail-client.service
    * sendmail.service
* Tue Jul 06 2021 Dr. Werner Fink <werner@suse.de>
  - Require libopenssl-1_1-devel on older SLE-11
* Thu Jul 01 2021 Dr. Werner Fink <werner@suse.de>
  - Re-add 'sysvinit(network)' build dependency
* Tue Jun 29 2021 Dr. Werner Fink <werner@suse.de>
  - Use %set_permissions on path /var/spool/clientmqueue/ as well (boo#1187809)
* Fri Jun 25 2021 Dr. Werner Fink <werner@suse.de>
  - Update to pre version sendmail 8.17.1 (8.17.0.3) (boo#1187688)
    * Deprecation notice: due to compatibility problems with some
      third party code, we plan to finally switch from K&R
      to ANSI C. If you are using sendmail on a system
      which does not have a compiler for ANSI C contact us
      with details as soon as possible so we can determine
      how to proceed.
    * Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
      is available when using the compile time option USE_EAI
      (see also devtools/Site/site.config.m4.sample for other
      required settings) and the cf option SMTPUTF8.
      If a mail submission via the command line requires
      the use of SMTPUTF8, e.g., because a header uses UTF-8
      encoding, but the addresses on the command line are all
      ASCII, then the new option -U must be used, and
      the cf option SMTPUTF8 must be set in submit.cf.
      Please test and provide feedback.
    * Experimental support for SMTP MTA Strict Transport Security
      (MTA-STS, see RFC 8461) is available when using
    - the compile time option _FFR_MTA_STS (which requires
      STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
    - FEATURE(sts), which implicitly sets the cf option
      StrictTransportSecurity,
    - postfix-mta-sts-resolver, see
      https://github.com/Snawoot/postfix-mta-sts-resolver.git
    * New ruleset check_other which is called for all unknown SMTP
      commands in the server and for commands which do not
      have specific rulesets, e.g., NOOP and VERB.
    * New ruleset clt_features which can be used to select features
      in the SMTP client per server.  Currently only two
      flags are available: D/M to disable DANE/MTA-STS,
      respectively.
    * Avoid leaking session macros for an envelope between
      delivery attempts to different servers.  This problem
      could have affected check_compat.
    * Avoid leaking actual SMTP replies between delivery attempts
      to different servers which could cause bogus logging
      of reply= entries.
    * Change default SMTP reply code for STARTTLS related problems
      from 403 to 454 to better match the RFCs.
    * Fix a theoretical buffer overflow when encountering an
      unknown/unsupported socket address family on an
      operating system where sa_data is larger than 30
      (the standard is 14).  Based on patch by Toomas Soome.
    * Previously the commands GET, POST, CONNECT, or USER terminate
      a connection immediately only if sent as first command.
      Now this is also done if any of these is sent directly
      after STARTTLS or if the 'h' option is set via
      srv_features.
    * CDB map locking has been changed so a sendmail process which
      does have a CDB map open does not block an in-place
      update of the map by makemap.  The simple workaround
      for that problem in earlier versions is to create
      the map under a different name and then move it
      into place.
    * CONFIG: New FEATURE(`check_other') to provide a default
      check_other ruleset.
    * CONFIG: FEATURE(`tls_failures') is deprecated and will be
      removed in future versions because it has a fundamental
      problem: it is message oriented but STARTTLS is
      session oriented.  For example, having multiple
      RCPTs in one envelope for different destinations,
      with different temporary errors, does not work
      properly, as the persistent macro applies to all
      RCPTs and hence implicitly to all destinations (servers).
      The option TLSFallbacktoClear should be used if needed.
    * MAIL.LOCAL: Enhance some error messages to simplify
      troubleshooting.
    * Portability:
      Add support for Darwin 19 & 20.
      NOTE: File locking using fcntl() does not interoperate
      with Berkeley DB 5.x (and probably later).  Use
      CDB, flock() (-DHASFLOCK), or an earlier Berkeley
      DB version.  Problem noted by Harald Hannelius.
    * New Files:
      cf/feature/check_other.m4
      cf/feature/sts.m4
      devtools/OS/Darwin.19.x
      devtools/OS/Darwin.20.x
      include/sm/ixlen.h
      libsm/ilenx.c
      libsm/lowercase.c
      libsm/strcaseeq.c
      libsm/t-ixlen.c
      libsm/t-ixlen.sh
      libsm/t-streq.c
      libsm/t-streq.sh
      libsm/utf8_valid.c
      libsm/uxtext_unquote.c
      libsm/xleni.c
      libsmutil/t-lockfile.c
      libsmutil/t-lockfile-0.sh
      libsmutil/t-maplock-0.sh
    * New compile time option NO_EOH_FIELDS to disable the special
      meaning of the headers Message: and Text: to denote the
      end of the message header.
    * CONTRIB: AuthRealm.p0 has been modified for 8.16.1 by Anne Bennett.
    * CONTRIB: Added cidrexpand -O option for suppressing duplicates from
      a CIDR expansion that overlaps a later entry and -S option
      for skipping comments exactly like makemap does.
    * Portability:
      Add support for Darwin 19 (Mac OS X 10.15).
      Use proper FreeBSD version define to allow for cross
      compiling.  Fix from Brooks Davis of the FreeBSD
      project.
    * New Files:
      devtools/OS/Darwin.19.x
  - Modify patches
    * sendmail-8.14.7-select.dif
    * sendmail-fd-passing-libmilter.patch
  - Modify and renama patch sendmail-8.16.1.dif which is now sendmail-8.17.1.dif
  - Enable experimental support for SMTPUTF8 as well
    SMTP MTA Strict Transport Security
  - Update keyring
  - Make it build for older products as well
* Fri Jun 04 2021 Callum Farmer <gmbr3@opensuse.org>
  - sendmail-suse.tar.bz2: don't set /var/spool/mail perms, it is
    part of filesystem
* Fri May 28 2021 Dr. Werner Fink <werner@suse.de>
  - sendmail-suse.tar.bz2: add file tmpfile which will be installed
    in tmpfiles.d as sendmail.conf.  With this /run/sendmail will
    be created at boot.
  - Fix locations in permissions files to fit _libexecdir change (boo#1186592)
* Thu May 27 2021 Matthias Gerstner <matthias.gerstner@suse.com>
  - sendmail-suse.tar.bz2: add trailing slash to permissions entries for
    /var/spool/mail, because it is a directory and `chkstat` expects trailing
    slashes for directories.
* Sun May 16 2021 Callum Farmer <gmbr3@opensuse.org>
  - Remove /var/mail to /var/spool/mail patch
* Tue Mar 23 2021 Dr. Werner Fink <werner@suse.de>
  - Make IPv6 work even with IPv4 in parallel
* Tue Feb 09 2021 Dominique Leuenberger <dimstar@opensuse.org>
  - Fix up build dependencies. The construct:
      %%if %%{undefined systemd_requires}\n%%global with_sysvinit 1
    does not work as intended. The OBS scheduler for example does not
    have all the macros coming from 'random' rpmmacro files/packages
    (systemd-rpm-macros in this case) present, as such for OBS,
    systemd_requires is undefined, which in turn pulls in
    insserv_prereq. The build itself then does not use it though, as
    at this time, the correct macros are known (inside the build VM).
  - As we're at it: replace systemd_requires with systemd_ordering:
    people installing sendmail into a container do not require
    systemd as a dependency there. But for people installing sendmail
    in a transaction together with systemd, we prefer systemd to be
    installed first.
* Fri Jan 29 2021 Dr. Werner Fink <werner@suse.de>
  - Correct path of update script for older products/distributions
* Wed Jan 27 2021 Dr. Werner Fink <werner@suse.de>
  - Add qtool perl script from contrib as this is very handy
  - Make GLIBC_VERSION macro work again
* Wed Jan 27 2021 Dr. Werner Fink <werner@suse.de>
  - Move SMTPD_LISTEN_REMOTE hack into valid code of update script
  - Change location of update script in fillup/sysconfig files
* Tue Jan 26 2021 Dr. Werner Fink <werner@suse.de>
  - Add better support for IPv6
  - Fix bug in udage of fillup_only macro to get sysconfig file for
    sendmail written by fillup

Files

/usr/lib/libmilter.so.1.0
/usr/lib/libmilter.so.1.0.1
/usr/share/doc/packages/sendmail/README.libmilter


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Dec 19 23:52:30 2024