rmail-8.15.2-150000.8.12.1<>,[Te&p9| i:)+*ϦE'f(qCMq u8`6#PƷ}5/Q$eyP|g&D9XD:4'Qb;qq30ϋ-,fn :wZP᱇藖FryNZRcv qwWbj_ik 9X>- drh- >>9P?9@d  7 ;TZdl p t |  DL`   (8 !9!:!F5G5H5I5X5Y5\6]6 ^6b6<c6d7`e7ef7hl7ju7|v7w8x8y8 z88889<Crmail8.15.2150000.8.12.1Rmail of the BSD SendmailRmail interprets incoming mail received via uucp and passing the processed mail on to the MTA (e.g. sendmail).e&h01-ch4c8SUSE Linux Enterprise 15SUSE LLC Sendmailhttps://www.suse.com/Productivity/Networking/Email/Servershttp://www.sendmail.org/linuxx86_645큤e&e&8dbe3ca2b26a7379e55f9378510960c8125d2f5cce74426e91cbfb7bb7e970ac210aa96aa6acd7aa79a9a3458cfa1bb565cf37f6d751a27bed7d652b6a64f0ccrootrootrootrootsendmail-8.15.2-150000.8.12.1.src.rpmrmailrmail(x86-64)@@@@@@@@@    libc.so.6()(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libldap_r-2.4.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1e@cW^2@]f@]c@]K@]v>]:@\/J[[ @[LZ&@Z@Z@ZC@ZY@YoIYR@XXX@XӸXO@X@W W@WbWbW=W@W@V]werner@suse.dewerner@suse.dewerner@suse.dedimstar@opensuse.orgwerner@suse.dewerner@suse.dewerner@suse.dematthias.gerstner@suse.comwerner@suse.dejengelh@inai.dewerner@suse.debwiedemann@suse.comwerner@suse.derbrown@suse.comwerner@suse.devcizek@suse.comkukuk@suse.dewerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.dejengelh@inai.dewerner@suse.dewerner@suse.dekukuk@suse.dewerner@suse.dedimstar@opensuse.orgtchvatal@suse.comtchvatal@suse.comwerner@suse.dewerner@suse.dewerner@suse.dewerner@suse.de- Port back fix for CVE-2023-51765 (bsc#1218351) for SLE-15- Remove maybe perilous shell script code from sm-client.pre (boo#1202937, bsc#1204696, CVE-2022-31256)- Add upstream patch 8.15.2.mci.p0 (boo#1164084) * If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session. One possible consequence was that STARTTLS was not used even if offered.- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: Allow OBS to shortcut through the -mini flavors.- Avoid recursion trouble in spec file cause by undefined _lto_cflags- Add patch sendmail-8.15.2-glibc-2.30.patch * The former deprecated macro RES_USE_INET6 is gone with glibc 2.30- Use FAT LTO objects in order to provide proper static library.- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html- Remove alias to mail-transfer-agent.target (boo#1116675)- Replace exec rm by delete/print.- Remove left over from last patch - Group daemon is required- Add sendmail-8.15.2-reproducible.patch to make package build reproducible- Add _FFR_TLS_EC m4 macro definition for site configuration as well (boo#1070065)- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Apply former patches only if openssl 1.1.0+ are installed- support build with openssl 1.1 (bsc#1067222) * add patches from Fedora: sendmail-8.15.2-openssl-1.1.0-fix.patch sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch (rh#1473971)- Add libnsl-devel build requires for glibc obsoleting libnsl- Change requirements for libmilter and sendmail-devel as the library is also used by other MTA like postfix (boo#1049188)- Require user and group mail- Add bitdomain and uudomain to possible targets for refresh- Change spec file name scheme used for getting soname down into libmilter- Replace a find|xargs rm by -delete- New package libmilter1_0 for the shared library version of libmilter, the Sendmail Content Management API - Also new package libmilter-doc for the substantial documentation about Sendmail Content Management API (milter) - Make sendmail-tls a noarch package- Require m4 at build time- Don't use insserv together with systemd- Use _unitdir macro instead asking pkg config of systemd- Fix License: Even https://spdx.org/licenses/Sendmail.html lists "Sendmail" as the valid identifier. Same as http://license.opensuse.org/ does. "Sendmail License" is in the column "Full Name". The License: tag requires the identifier. - Fix some more rpmlint warnings: + sendmail: W: suse-missing-rclink sendmail: - Ship /usr/sbin/rcsendmail symlink to /usr/sbin/service + sendmail: W: suse-missing-rclink sendmail-client - Ship /usr/sbin/rcsendmail-client symlink to /usr/sbin/service + sendmail: W: suse-wrong-suse-capitalisation: - Rename README.SuSE to README.SUSE (fix spelling also inside the file). + sendmail: W: permissions-dir-without-slash - Fix permissions and permissions.paranoid inside sendmail-suse.tar.bz2. + sendmail: W: systemd-service-without-service_del_postun: - Add corresponding macros to postun script when not building with sysvinit support. + sendmail: W: systemd-service-without-service_add_pre: - Add corresponding macros to pre script when not building with sysvinit support.- Drop unused patch: * sendmail-8.14.7-warning.patch- Split uucp to separate package, no technical reason for it to not stand on its own - Drop uucp related patches: + uucp-1.07-contrib.dif + uucp-1.07-cu.patch + uucp-1.07-grade.patch + uucp-1.07-lockdev.patch + uucp-1.07.dif + uucp-texinfo-5.0.patch + drop_ftime.patch- Do not use http://license.opensuse.org/ as reference for the Sendmail license even if stated by rpmlint but https://spdx.org/licenses/Sendmail.html- Avoid warning from chkstat due slash on directory path as last character- Update to sendmail 8.15.2 (boo#975416) * If FEATURE(`nopercenthack') is used then some bogus input triggered a recursion which was caught and logged as SYSERR: rewrite: excessive recursion (max 50) ... Fix based on patch from Ondrej Holas. * DHParameters now by default uses an included 2048 bit prime. The value 'none' previously caused a log entry claiming there was an error "cannot read or set DH parameters". Also note that this option applies to the server side only. * The U= mailer field didn't accept group names containing hyphens, underbars, or periods. Based on patch from David Gwynne of the University of Queensland. * CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again. Patch from Lars-Johan Liman of Netnod Internet Exchange. * CONFIG: New option UseCompressedIPv6Addresses to select between compressed and uncompressed IPv6 addresses. The default value depends on the compile-time option IPV6_FULL: For 1 the default is False, for 0 it is True, thus preserving the current behaviour. Based on patch from John Beck of Oracle. * CONFIG: Account for IPv6 localhost addresses in FEATURE(`block_bad_helo'). Suggested by Andrey Chernov from FreeBSD and Robert Scheck from the Fedora Project. * CONFIG: Account for IPv6 localhost addresses in check_mail ruleset. * LIBMILTER: Deal with more invalid protocol data to avoid potential crashes. Problem noted by Dimitri Kirchner. * LIBMILTER: Allow a milter to specify an empty macro list ("", not NULL) in smfi_setsymlist() so no macro is sent for the selected stage. * MAKEMAP: A change to check TrustedUser in fewer cases which was made in 2013 caused a potential regression when makemap was run as root (which should not be done anyway). * SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. * If header rewriting fails due to a temporary map lookup failure, queue the mail for later retry instead of sending it without rewriting the header. Note: this is done while the mail is being sent and hence the transaction is aborted, which only works for SMTP/LMTP mailers hence the handling of temporary map failures is suppressed for other mailers. SMTP/LMTP servers may complain about aborted transactions when this problem occurs. See also "DNS Lookups" in sendmail/TUNING. * Incompatible Change: Use uncompressed IPv6 addresses by default, i.e., they will not contain "::". For example, instead of ::1 it will be 0:0:0:0:0:0:0:1. This permits a zero subnet to have a more specific match, such as different map entries for IPv6:0:0 vs IPv6:0. This change requires that configuration data (including maps, files, classes, custom ruleset, etc) must use the same format, so make certain such configuration data is updated before using 8.15. As a very simple check search for patterns like 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary, the prior format can be retained by compiling with: APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0') in your devtools/Site/site.config.m4 file. * If a connection to the MTA is dropped by the client before its hostname can be validated, treat it as "may be forged", so that the unvalidated hostname is not passed to a milter in xxfi_connect(). * Add a timeout for communication with socket map servers which can be specified using the -d option. * Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow numeric logins even if HESIOD is enabled. - sendmail 8.15.1 * The new option CertFingerprintAlgorithm specifies the finger- print algorithm (digest) to use for the presented cert. If the option is not set, md5 is used and the macro {cert_md5} contains the cert fingerprint. However, if the option is set, the specified algorithm (e.g., sha1) is used and the macro {cert_fp} contains the cert fingerprint. That is, as long as the option is not set, the behaviour does not change, but otherwise, {cert_md5} is superseded by {cert_fp} even if you set CertFingerprintAlgorithm to md5. * The options ServerSSLOptions and ClientSSLOptions can be used to set SSL options for the server and client side respectively. See SSL_CTX_set_options(3) for a list. Note: this change turns on SSL_OP_NO_SSLv2 and SSL_OP_NO_TICKET for the client. See doc/op/op.me for details. * The option CipherList sets the list of ciphers for STARTTLS. See ciphers(1) for possible values. * Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" if a CRLFfile is in use (and LogLevel is 14 or higher.) * Store a more specific TLS protocol version in ${tls_version} instead of a generic one, e.g., TLSv1 instead of TLSv1/SSLv3. * Properly set {client_port} value on little endian machines. Patch from Kelsey Cummings of Sonic.net. * Per RFC 3848, indicate in the Received: header whether SSL or SMTP AUTH was negotiated by setting the protocol clause to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP. * If the 'C' flag is listed as TLSSrvOptions the requirement for the TLS server to have a cert is removed. This only works under very specific circumstances and should only be used if the consequences are understood, e.g., clients may not work with a server using this. * The options ClientCertFile, ClientKeyFile, ServerCertFile, and ServerKeyFile can take a second file name, which must be separated from the first with a comma (note: do not use any spaces) to set up a second cert/key pair. This can be used to have certs of different types, e.g., RSA and DSA. * A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) address. It returns the string for the PTR lookup, but without trailing {ip6,in-addr}.arpa. * New operation mode 'C' just checks the configuration file, e.g., sendmail -C new.cf -bC will perform a basic syntax/consistency check of new.cf. * The mailer flag 'I' is deprecated and will be removed in a future version. * Allow local (not just TCP) socket connections to the server, e.g., O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock can be used. * If the new option MaxQueueAge is set to a value greater than zero, entries in the queue will be retried during a queue run only if the individual retry time has been reached which is doubled for each attempt. The maximum retry time is limited by the specified value. * New DontBlameSendmail option GroupReadableDefaultAuthInfoFile to relax requirement for DefaultAuthInfo file. * Reset timeout after receiving a message to appropriate value if STARTTLS is in use. Based on patch by Kelsey Cummings of Sonic.net. * Report correct error messages from the LDAP library for a range of small negative return values covering those used by OpenLDAP. * Fix compilation with Berkeley DB 5.0 and 6.0. Patch from Allan E Johannesen of Worcester Polytechnic Institute. * CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or nospecial which describes whether to disallow "%" in the local part of an address. * DEVTOOLS: Fix regression in auto-detection of libraries when only shared libraries are available. Problem reported by Bryan Costales. * LIBMILTER: Mark communication socket as close-on-exec in case a user's filter starts other applications. Based on patch from Paul Howarth. - Modified patches sendmail-8.14.9.dif becomes sendmail-8.15.2.dif sendmail-8.14.7-select.dif sendmail-8.14.8-m4header.patch sendmail-fd-passing-libmilter.patch Removed patches sendmail-db6.diff sendmail-8.14.7-warning.patch- Do not enforce dependencies like for amavis and saslauthdh01-ch4c 17066328848.15.2-150000.8.12.18.15.2-150000.8.12.1rmailrmail.8.gz/usr/bin//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:32316/SUSE_SLE-15_Update/459e8a927e6f28d05f588e7f641b75e4-sendmail.SUSE_SLE-15_Updatedrpmxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a2a88d2783c54c9d33dcd1e31398d5ff27e6c0f8, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) RRRRRRRRR taC{{n?utf-87f85a5e0d2d6c0ea918f115cf7375b6e9fbdbb9eee07588728767f2943a12725? 7zXZ !t/3]"k%QT8 mQT>g郗0 Фۮ[4m6:D*H'p,"j؍mG 6'A-z[224@z=+.@UJk$!*G˕v#CNEh$? ]lxhL_~ U-o<k̶C[2$n{ _aU/#F`:XE!\ C8a[)gK*23;v7.V>O6{ȴ`iB.  SGkKly09)[SZh^JͩWG^QnklL2fV)mU+6|._]wƓ]4+JREoxI2߈;eHn.y"qzlkm< }51,1R >@!V{q"L-V,:ln7"Իp t Eu∈{cfEk/Osw葛dhYJgrs#qR~Rf 0<  hO!#=ljʜ*5f'T X4uxlɑY3[SH۞Tmj;M"~Э|}A{]hrƟXq" ȅ7$89V-E D7`3.,r>э&p_EO3 J+ic{! 9UM=lL$l" ҏAO_BqfYS^W#n'Vk?Uep. anTEx牗A1 g#6O2JM&/ռ;bGC$ogdK+zE] gslx d1&-eA 7MLZhO! T;5{Z1E"mE7 P|UZӈj<{ψ9gWX0o<BC˛/y}Η6ts(Dw*脂٧/؈K];WԲ8+uqsgRQkоyVGa&3ʖn@XeY]o do2 Cw9@m3I=a$EG(u[N*.1aa]2 89aO!čVk,߶qזoX)ZȌ{p- )^  u/woWo#߂|>O~p9IbnlX6wT7,M⥅G@1iLc9ZMU8Tfq3Qfh;cXu6RBD^%TCi[TIGwrاyޒm_}$A ~4ƶU|>TTCH&fI)AA=? sī3T_7 笕Ñg<-_X?M j^i=|f,WmN.6}^(#*?TdG>ҹ[V6ͽasf3ew5jDH*t†7o1+!]bP%+2+CoX2z(3"!x36"ЁޟTvѳ[5S!>p# )0Ґ)PɘTVZSʠlv.~Uϙj5ueN"E17u&j?cY]9(LL;`jlnڣ.n2 IN[*_:%KG"{u#g\U~av )"~gV_ u<fEߛx)iMaA47T]5Y=$}\(&Vpw~>Y<< ~"p58!4pl,K%yv'#m*uKgЀv`,?oy^3=|RDt?'XHnHQ 4^:y:@d맭ؘ9y-ն;ijRȘ^:8ݼ:<3~O>Eo^GrY^Y7kbrU( {H5(Х0f }^ Q H#]nu zf(aκie_p|\=vexwr.|~'[Bʘ@~>ˤ`Xs,LrIA׍O_F3͎[1Q$cA,:-# !q)Sb6.¡fJs#:-H~.TOmfA-+lXdQ)&mw몑s̪/Q{L]J/RhdTXݙ.le$~Lũ> мj-H06J/=Anii+)JUu2M=n1;g@ YZ