Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

sendmail-starttls-8.16.1-lp152.10.3.1 RPM for noarch

From OpenSuSE Leap 15.2 updates for noarch

Name: sendmail-starttls Distribution: openSUSE Leap 15.2
Version: 8.16.1 Vendor: openSUSE
Release: lp152.10.3.1 Build date: Thu Feb 11 17:16:54 2021
Group: Productivity/Networking/Security Build host: goat17
Size: 0 Source RPM: sendmail-8.16.1-lp152.10.3.1.src.rpm
Summary: BSD Sendmail Starttls helper scripts
This package includes the directory layout as well as some useful
helper scripts for better SSL/TLS support.

"sendmail" is a trademark of Sendmail, Inc.






* Fri Jan 29 2021 Dr. Werner Fink <>
  - Correct path of update script for older products/distributions
* Wed Jan 27 2021 Dr. Werner Fink <>
  - Add qtool perl script from contrib as this is very handy
  - Make GLIBC_VERSION macro work again
* Wed Jan 27 2021 Dr. Werner Fink <>
  - Move SMTPD_LISTEN_REMOTE hack into valid code of update script
  - Change location of update script in fillup/sysconfig files
* Tue Jan 26 2021 Dr. Werner Fink <>
  - Add better support for IPv6
  - Fix bug in udage of fillup_only macro to get sysconfig file for
    sendmail written by fillup
* Tue Oct 27 2020 Matthias Gerstner <>
  - cleanup the sendmail permissions profile:
    - /var/run/sendmail was last used in SLE-11 with systemv init, is no longer
    - /var/spool/clientmqueue is now owned by the system-user-mail package.
      Nobody is calling %set_permissions and %verify_permissions on this
      directory anymore, therefore the permissions entry is useless.
    - /var/spool/mail is the same for all permissions profiles and also managed
      by systemd-tmpfiles via the filesystem package (fs-var.conf).
* Thu Oct 08 2020 Matthias Gerstner <>
  - adjust permissions.d entries to new %libexedir location (bsc#1171164).
* Tue Jul 28 2020 Dr. Werner Fink <>
  - Fix same strange permissions below /usr/share/sendmail
* Tue Jul 28 2020 Dr. Werner Fink <>
  - Update to sendmail 8.16.1 2020/07/05 (boo#1174572)
    SECURITY: If sendmail tried to reuse an SMTP session which had
      already been closed by the server, then the connection
      cache could have invalid information about the session.
      One possible consequence was that STARTTLS was not
      used even if offered.  This problem has been fixed
      by clearing out all relevant status information
      when a closed session is encountered.
    OpenSSL versions before 0.9.8 are no longer supported.
    OpenSSL version 1.1.0 and 1.1.1 are supported.
    Initial support for DANE (see RFC 7672 is available if
      the compile time option DANE is set.  Only TLSA RR 3-1-x
      is currently implemented.
    New options SSLEngine and SSLEnginePath to support OpenSSL engines.
      Note: this feature has so far only been tested with the
      "chil" engine; please report problems with other engines
      if you encounter any.
    New option CRLPath to specify a directory which contains
      hashes pointing to certificate revocations files.
      Based on patch from Al Smith.
    New rulesets tls_srv_features and tls_clt_features which
      can return a (semicolon separated) list of TLS related
      options, e.g., CipherList, CertFile, KeyFile,
      see doc/op/ for details.
    To automatically handle TLS interoperability problems for outgoing
      mail, sendmail can now immediately try a connection again
      without STARTTLS after a TLS handshake failure.
      This can be configured globally via the option
      TLSFallbacktoClear or per session via the 'C' flag
      of tls_clt_features.
      This also adds the new value "CLEAR" for the macro
      {verify}: STARTTLS has been disabled internally for
      a clear text delivery attempt.
    Apply Timeout.starttls also to the server waiting for the TLS
      handshake to begin.  Based on patch from Simon Hradecky.
    New compile time option TLS_EC to enable the use of elliptic
      curve cryptography in STARTTLS (previously available as
    Handle MIME boundaries specified in headers which contain CRLF.
    Fix detection of loopback net (it was broken when compiled
      with NETINET6) and only set the macros {if_addr_out}
      and {if_family_out} if the interface of the outgoing
      connection does not belong to the loopback net.
    Fix logic to enable a milter to delete a recipient in
      DeliveryMode=interactive even if it might be subject
      to alias expansion.
    Log name of a milter making changes (this was missing for
      some functions).
    Log the actual reply of a server when an SMTP delivery problem
      occurs in a "reply=" field if possible.
    Log user= for failed AUTH attempts if possible.  Based on
      patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
      and Joe Quinn.
    Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
      no changes can be made after it is created, hence it
      does not work with vacation(1) nor editmap(8) (except
      for query mode).
    Fix some memory leaks (mostly in error cases) and properly handle
      copied varargs in sm_io_vfprintf(). The issues were found
      using Coverity Scan and reported (including patches) by
      Ondřej Lysoněk of Red Hat.
    Do not override ServerSSLOptions and ClientSSLOptions when they
      are specified on the command line.  Based on patch from
      Hiroki Sato.
    Add RFC7505 Null MX support for domains that declare they do not
      accept mail.
    New compile time option LDAP_NETWORK_TIMEOUT which is set
      automatically when LDAPMAP is used and
      LDAP_OPT_NETWORK_TIMEOUT is available to enable the
      new -c option for LDAP maps to specify the network timeout.
    CONFIG: New FEATURE(`tls_session_features') to enable standard
      rules for tls_srv_features and tls_clt_features; for
      details see cf/README.
    CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
      for SSLEngine and SSLEnginePath, respectively.
    CONFIG: New options confDANE to enable DANE support.
    CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
    CONFIG: New extension CITag: for TLS restrictions, see cf/README
      for details.
    CONFIG: FEATURE(`blacklist_recipients') renamed to
    CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
      canonicalize IPv6 addresses; if cidrexpand is used with IPv6
      addresses then UseCompressedIPv6Addresses must be disabled.
    DOC: The dns map can return multiple values in a single result
      if the -z option is used.
    DOC: Note to set MustQuoteChars=. due to DKIM signatures.
    LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
      of Alcatel-Lucent.
    LIBMILTER: Fix reference in xxfi_negotiate documentation.
      Patch from Sven Neuhaus.
    LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
      Patch from G.W. Haywood.
    LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
      Patch from Martin Svec.
    MAKEMAP: New map type "implicit" refers to the first available type,
      i.e., it depends on the compile time options NEWDB, DBM,
      and CDB. This can be used in conjunction with the
      "implicit" map type in
      Note: makemap, libsmdb, and sendmail must be compiled
      with the same options (and library versions of course).
      Add support for Darwin 14-18 (Mac OS X 10.x).
      New option HAS_GETHOSTBYNAME2: set if your system
      supports gethostbyname2(2).
      Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
      changes in sys/sem.h
      On Linux set MAXHOSTNAMELEN (the maximum length
      of a FQHN) to 256 if it is less than that value.
    Added Files:
  - Add upstream keyring and verify source signature
  - Use DANE and TLS_EC
  - Remove obsolete patches now solved upstream
    * 8.15.2.mci.p0
    * sendmail-8.15.2-glibc-2.30.patch
    * sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
    * sendmail-8.15.2-openssl-1.1.0-fix.patch
  - Port patches
    * sendmail-8.14.7-select.dif
    * sendmail-fd-passing-libmilter.patch
  - Port and rename patch sendmail-8.15.2.dif which is now sendmail-8.16.1.dif
* Tue Jun 23 2020 Callum Farmer <>
  - Fixes for %_libexecdir changing to /usr/libexec
  - Spec file cleanups
* Wed Jun 10 2020 Matthias Gerstner <>
  - sendmail-suse.tar.bz2: fix rpmlint warning W: permissions-dir-without-slash
    for /var/spool/clientmqueue. This wasn't noticed before, because the
    directory is not packaged by sendmail but by system-user-mail.
* Thu Jan 30 2020 Dr. Werner Fink <>
  - Add upstream patch 8.15.2.mci.p0 (boo#1164084)
    * If sendmail tried to reuse an SMTP session which had already been
      closed by the server, then the connection cache could have invalid
      information about the session.  One possible consequence was that
      STARTTLS was not used even if offered.
* Thu Dec 19 2019 Dominique Leuenberger <>
  - BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
    Allow OBS to shortcut through the -mini flavors.
* Mon Oct 14 2019 Dr. Werner Fink <>
  - Avoid recursion trouble in spec file cause by undefined _lto_cflags
* Sat Sep 28 2019 Dr. Werner Fink <>
  - Add patch sendmail-8.15.2-glibc-2.30.patch
    * The former deprecated macro RES_USE_INET6 is gone with glibc 2.30
* Mon Sep 09 2019 Dr. Werner Fink <>
  - Use FAT LTO objects in order to provide proper static library.
* Fri Jul 26 2019
  - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
    firewalld, see [1].
* Fri Jan 04 2019 Dr. Werner Fink <>
  -  Remove alias to (boo#1116675)
* Fri Jul 27 2018
  - Replace exec rm by delete/print.
* Mon Jul 16 2018
  - Remove left over from last patch
  - Group daemon is required
* Tue Dec 05 2017
  - Add sendmail-8.15.2-reproducible.patch to make package build reproducible
* Wed Nov 29 2017
  - Add _FFR_TLS_EC m4 macro definition for site configuration as
    well (boo#1070065)
* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Thu Nov 09 2017
  - Apply former patches only if openssl 1.1.0+ are installed
* Wed Nov 08 2017
  - support build with openssl 1.1 (bsc#1067222)
    * add patches from Fedora:
      sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch (rh#1473971)
* Thu Aug 17 2017
  - Add libnsl-devel build requires for glibc obsoleting libnsl
* Wed Jul 19 2017
  -  Change requirements for libmilter and sendmail-devel as
    the library is also used by other MTA like postfix (boo#1049188)
* Thu May 11 2017
  - Require user and group mail
* Wed Apr 12 2017
  - Add bitdomain and uudomain to possible targets for refresh
* Wed Apr 12 2017
  - Change spec file name scheme used for getting soname down into
* Tue Apr 11 2017
  - Replace a find|xargs rm by -delete
* Thu Mar 23 2017
  - New package libmilter1_0 for the shared library version of
    libmilter, the  Sendmail Content Management API
  - Also new package libmilter-doc for the substantial documentation
    about Sendmail Content Management API (milter)
  - Make sendmail-tls a noarch package
* Mon Mar 06 2017
  - Require m4 at build time
* Mon Feb 20 2017
  - Don't use insserv together with systemd
* Mon Sep 26 2016
  - Use _unitdir macro instead asking pkg config of systemd
* Tue Jul 19 2016
  - Fix License: Even lists
    "Sendmail" as the valid identifier. Same as does. "Sendmail License" is in the
    column "Full Name". The License: tag requires the identifier.
  - Fix some more rpmlint warnings:
    + sendmail: W: suse-missing-rclink sendmail:
    - Ship /usr/sbin/rcsendmail symlink to /usr/sbin/service
    + sendmail: W: suse-missing-rclink sendmail-client
    - Ship /usr/sbin/rcsendmail-client symlink to /usr/sbin/service
    + sendmail: W: suse-wrong-suse-capitalisation:
    - Rename README.SuSE to README.SUSE (fix spelling also inside
      the file).
    + sendmail: W: permissions-dir-without-slash
    - Fix permissions and permissions.paranoid inside
    + sendmail: W: systemd-service-without-service_del_postun:
    - Add corresponding macros to postun script when not building
      with sysvinit support.
    + sendmail: W: systemd-service-without-service_add_pre:
    - Add corresponding macros to pre script when not building
      with sysvinit support.
* Thu Jun 16 2016
  - Drop unused patch:
    * sendmail-8.14.7-warning.patch
* Thu Jun 16 2016
  - Split uucp to separate package, no technical reason for it to not
    stand on its own
  - Drop uucp related patches:
    + uucp-1.07-contrib.dif
    + uucp-1.07-cu.patch
    + uucp-1.07-grade.patch
    + uucp-1.07-lockdev.patch
    + uucp-1.07.dif
    + uucp-texinfo-5.0.patch
    + drop_ftime.patch
* Thu May 19 2016
  - Do not use as reference for the Sendmail
    license even if stated by rpmlint but
* Thu Apr 14 2016
  - Avoid warning from chkstat due slash on directory path as last character
* Thu Apr 14 2016
  - Update to sendmail 8.15.2 (boo#975416)
    * If FEATURE(`nopercenthack') is used then some bogus input triggered
      a recursion which was caught and logged as
      SYSERR: rewrite: excessive recursion (max 50) ...
      Fix based on patch from Ondrej Holas.
    * DHParameters now by default uses an included 2048 bit prime.
      The value 'none' previously caused a log entry claiming
      there was an error "cannot read or set DH parameters".
      Also note that this option applies to the server side only.
    * The U= mailer field didn't accept group names containing hyphens,
      underbars, or periods.  Based on patch from David Gwynne
      of the University of Queensland.
    * CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
      Patch from Lars-Johan Liman of Netnod Internet Exchange.
    * CONFIG: New option UseCompressedIPv6Addresses to select between
      compressed and uncompressed IPv6 addresses.  The default
      value depends on the compile-time option IPV6_FULL:
      For 1 the default is False, for 0 it is True, thus
      preserving the current behaviour.  Based on patch from
      John Beck of Oracle.
    * CONFIG: Account for IPv6 localhost addresses in
      FEATURE(`block_bad_helo').  Suggested by Andrey Chernov
      from FreeBSD and Robert Scheck from the Fedora Project.
    * CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
    * LIBMILTER: Deal with more invalid protocol data to avoid potential
      crashes.  Problem noted by Dimitri Kirchner.
    * LIBMILTER: Allow a milter to specify an empty macro list ("", not
      NULL) in smfi_setsymlist() so no macro is sent for the
      selected stage.
    * MAKEMAP: A change to check TrustedUser in fewer cases which was
      made in 2013 caused a potential regression when makemap
      was run as root (which should not be done anyway).
    * SECURITY: Properly set the close-on-exec flag for file descriptors
      (except stdin, stdout, and stderr) before executing mailers.
    * If header rewriting fails due to a temporary map lookup failure,
      queue the mail for later retry instead of sending it
      without rewriting the header.  Note: this is done
      while the mail is being sent and hence the transaction
      is aborted, which only works for SMTP/LMTP mailers
      hence the handling of temporary map failures is
      suppressed for other mailers. SMTP/LMTP servers may
      complain about aborted transactions when this problem
      See also "DNS Lookups" in sendmail/TUNING.
    * Incompatible Change: Use uncompressed IPv6 addresses by default,
      i.e., they will not contain "::".  For example,
      instead of ::1 it will be 0:0:0:0:0:0:0:1.  This
      permits a zero subnet to have a more specific match,
      such as different map entries for IPv6:0:0 vs IPv6:0.
      This change requires that configuration data
      (including maps, files, classes, custom ruleset,
      etc) must use the same format, so make certain such
      configuration data is updated before using 8.15.
      As a very simple check search for patterns like
      'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
      the prior format can be retained by compiling with:
      APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
      in your devtools/Site/site.config.m4 file.
    * If a connection to the MTA is dropped by the client before its
      hostname can be validated, treat it as "may be forged",
      so that the unvalidated hostname is not passed to a
      milter in xxfi_connect().
    * Add a timeout for communication with socket map servers
      which can be specified using the -d option.
    * Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
      numeric logins even if HESIOD is enabled.
    - sendmail 8.15.1
    * The new option CertFingerprintAlgorithm specifies the finger-
      print algorithm (digest) to use for the presented cert.
      If the option is not set, md5 is used and the macro
      {cert_md5} contains the cert fingerprint.
      However, if the option is set, the specified algorithm
      (e.g., sha1) is used and the macro {cert_fp} contains
      the cert fingerprint.
      That is, as long as the option is not set, the behaviour
      does not change, but otherwise, {cert_md5} is superseded
      by {cert_fp} even if you set CertFingerprintAlgorithm
      to md5.
    * The options ServerSSLOptions and ClientSSLOptions can be used
      to set SSL options for the server and client side
      respectively. See SSL_CTX_set_options(3) for a list.
      Note: this change turns on SSL_OP_NO_SSLv2 and
      SSL_OP_NO_TICKET for the client. See doc/op/
      for details.
    * The option CipherList sets the list of ciphers for STARTTLS.
      See ciphers(1) for possible values.
    * Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL"
      if a CRLFfile is in use (and LogLevel is 14 or higher.)
    * Store a more specific TLS protocol version in ${tls_version}
      instead of a generic one, e.g., TLSv1 instead of
    * Properly set {client_port} value on little endian machines.
      Patch from Kelsey Cummings of
    * Per RFC 3848, indicate in the Received: header whether SSL or
      SMTP AUTH was negotiated by setting the protocol clause
      to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.
    * If the 'C' flag is listed as TLSSrvOptions the requirement for the
      TLS server to have a cert is removed.  This only works
      under very specific circumstances and should only be used
      if the consequences are understood, e.g., clients
      may not work with a server using this.
    * The options ClientCertFile, ClientKeyFile, ServerCertFile, and
      ServerKeyFile can take a second file name, which must be
      separated from the first with a comma (note: do not use
      any spaces) to set up a second cert/key pair. This can
      be used to have certs of different types, e.g., RSA
      and DSA.
    * A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
      address. It returns the string for the PTR lookup, but
      without trailing {ip6,in-addr}.arpa.
    * New operation mode  'C' just checks the configuration file, e.g.,
      sendmail -C -bC
      will perform a basic syntax/consistency check of
    * The mailer flag 'I' is deprecated and will be removed in a
      future version.
    * Allow local (not just TCP) socket connections to the server, e.g.,
      O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
      can be used.
    * If the new option MaxQueueAge is set to a value greater than zero,
      entries in the queue will be retried during a queue run
      only if the individual retry time has been reached which
      is doubled for each attempt.  The maximum retry time is
      limited by the specified value.
    * New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
      to relax requirement for DefaultAuthInfo file.
    * Reset timeout after receiving a message to appropriate value if
      STARTTLS is in use.  Based on patch by Kelsey Cummings
    * Report correct error messages from the LDAP library for a range of
      small negative return values covering those used by OpenLDAP.
    * Fix compilation with Berkeley DB 5.0 and 6.0.  Patch from
      Allan E Johannesen of Worcester Polytechnic Institute.
    * CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
      nospecial which describes whether to disallow "%" in the
      local part of an address.
    * DEVTOOLS: Fix regression in auto-detection of libraries when only
      shared libraries are available.  Problem reported by
      Bryan Costales.
    * LIBMILTER: Mark communication socket as close-on-exec in case
      a user's filter starts other applications.
      Based on patch from Paul Howarth.
  - Modified patches
    sendmail-8.14.9.dif becomes sendmail-8.15.2.dif
    Removed patches
* Tue Dec 01 2015
  -  Do not enforce dependencies like for amavis and saslauthd



Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 9 16:37:30 2022