-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.17.2. It fixes several problems, mostly related to EAI
support. For a complete list see the release notes below.

Please send bug reports and general feedback to one of the addresses
listed at: http://www.sendmail.org/email-addresses.html https://www.proofpoint.com/us/products/email-protection/open-source-email-solution

The version can be found at

https://ftp.sendmail.org/sendmail.8.17.2.tar.gz https://ftp.sendmail.org/sendmail.8.17.2.tar.gz.sig https://ftp.sendmail.org/sendmail.8.17.2.tar.Z https://ftp.sendmail.org/sendmail.8.17.2.tar.Z.sig

(or via ftp://ftp.sendmail.org/pub/sendmail/)

SHA-256 checksums
SHA256 (sendmail.8.17.2.tar.Z) = 2f9efa63764ca2cd8e89967015564de4a2c5794d7f6cdf2de9f29224069be71c
SHA256 (sendmail.8.17.2.tar.Z.sig) = 09b47538cc01a8ce918fdd30643e31c23e280202e9abee6c481c1d730e2941a4
SHA256 (sendmail.8.17.2.tar.gz) = 90f5ae74c35a84808861933ba094201b901b70c6b2903684dcf39bdae8a5a1a2
SHA256 (sendmail.8.17.2.tar.gz.sig) = bd40723fc4af710c8361ddab30a435a1321c963f52f88b4363776049a2653acc

You either need the first two files or the third and fourth,
i.e., the gzip'ed version or the compressed version and the
corresponding sig file. The PGP signature was created using
the Sendmail Signing Key/2020, available on the web site (http://www.sendmail.com/sm/open_source/download/) or on
the public key servers (keyid ).

Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.


SENDMAIL RELEASE NOTES


This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.


8.17.2/8.17.2 2023/06/03
Make sure DANE checks (if enabled) are performed even if
CACertPath or CACertFile are not set or unusable.
Note: if the code to set up TLS in the client fails, then
{verify} will be set to TEMP but DANE requirements
will be ignored, i.e., by default mail will be sent
without STARTTLS. This can be changed via a
LOCAL_TLS_SERVER ruleset.
Pass server name to clt_features ruleset instead of client
name to account for limitations in macro availability
described below in CONFIG section. This may break
custom clt_features rulesets which expect to receive
the client name as input.
Fix a regression introduced in 8.17.1: aliases file which
contain continuation lines caused parsing errors.
Add an FFR (for future release) compile time option _FFR_LOG_STAGE
to log the protocol stage as stage= for some errors during
delivery attempts to make troubleshooting simpler. This
new logging may be enabled in a future release.
When EAI is enabled, milters also got the arguments of MAIL/RCPT
commands in argv[0] for xxfi_envfrom()/xxfi_envrcpt()
callbacks instead of just the mail address.
Problem reported by Dilyan Palauzo.
When EAI is enabled, mailq prints UTF-8 addresses as such
if SMTPUTF8 was used.
When EAI is enabled, the $h macro is now in the correct format.
Previously this could cause wrong values for relay=
in log entries and the mailer argument vector.
When the compile time option USE_EAI is enabled, vacation could
fail to respond when it should. Problem reported by
Alex Hautequest.
When EAI was enabled, header truncation might not have been
logged even when it happened. Problem reported by
Werner Wiethege.
Handle a possible change in an upcoming release of Cyrus-SASL
(2.1.28) by changing the definition of an internal flag.
Patch from Dilyan Palauzo.
Avoid an assertion failure when an smtps connection is made
to the server and a milter is unavailable.
Problem reported by Dilyan Palauzo.
Fixed some spelling errors in documentation and comments,
based on a codespell report by Jens Schleusener
of fossies.org.
The result of try_tls is now logged using status= instead
of reject=.
If tls_rcpt rejected the delivery of a recipient then a bogus
dsn= entry might have been logged under some circumstances.
If a server replied with 421 to a RCPT command then a bogus reply=
might have been logged.
When quoting the value for ${currHeader} avoid causing a syntax
error (Unbalanced '"') when truncating a header value
which is too long. Problem reported by Werner Wiethege.
Reduce the performance impact of a change introduced in
8.12.9: the default for MaxMimeHeaderLength was
set to 2048/1024. Problem reported by Tabata
Shintaro of Internet Initiative Japan Inc.
CONFIG: The default clt_features ruleset tried to access
${server_name} and ${server_addr} which are not set
when the ruleset is invoked. Only the server name
is available which is passed as an argument.
CONFIG: Properly quote host variable to prevent cf build
breakage when a hostname contains 'dnl'. Problem
reported by Maxim Shalomikhin of Kaspersky.
DEVTOOLS: Add configure.sh support for BSD's mandoc as an
alternative man page formatting tool.
DOC: Document that USAGE is a possible value for {verify}.
LIBMILTER: The macros for the EOH and EOM callbacks are
sent in reverse order which means accessing macros
in the EOM callback got the macro for the EOH
callback. Store those macros in the expected order
in libmilter. Note: this does not affect sendmail
because the macros for both callbacks are the same
because the message is sent to libmilter after it
is completely read by sendmail. Fix and problem
report from David Buergin.
Portability:
Make use of IN_LOOPBACK, if defined, to determine if
using a loopback address. Patch from Mike Karels of
FreeBSD.
On Linux use gethostbyname2(3) if glibc 2.19 or newer
is used to avoid potential problems with IPv6 lookups.
Patch from Werner Wiethege.
Add support for Darwin 21 and Darwin 22.
Solaris 12 has been renamed to Solaris 11.4, hence
adapt a condition for sigwait(2) taking one argument.
Patch from John Beck.
New Files:
devtools/M4/UNIX/sharedlib.m4
devtools/OS/Darwin.21.x
devtools/OS/Darwin.22.x
sendmail/sched.c
libsm/notify.h

-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJkeuPwAAoJEM/5+WdA7ZVQv6wQAJOwxVlachZjQCYcgNGMDJxs mMpox590lv4tjzHZKSuYh1JqxL5CR5WJ0QJ3szFGU9Kki8q2+XPCOCz9Yh5mMRZO /Yubkzl3PB8QU4r1FI0F1oJPISpEsIpib+V4O69WHSWF+xrdOJybHRpkQol792WP gDNm+1cObNx3jUOmsdO8IZE4y+rjTcIB0d0KhdtMhb22jK16DyqpNFalthjjKIUc cYJADC+JFGRTBgVE2C+pZqc5iUyMmJA2k6NFfHsiVlkcMFbY1X/gC7W7jep48Yns GGx62Zo5NU0y5swBPAYW0A8HwZ/6UPemRXW32dWdVfQm+mSStUOvS+FAwxxHChar wLfG9GuaTelczyCJAQe//R2awLzGl+3Qc4tCGaI4x/PXXaiUjmIrVNqbn4J0qP8e dUnzAtHZ0X7InC4R6qRsOFg7vdUAHNu7K6NiIlA2+0aRyqCrknJeFV7a8YIrKwZE o6atA64PrCAm4Ygp0YYSCEMJGJlixyZowHovY7GrPrs+OMcpuGSrQvoKiZ+xOgqS +oZGLS5hv+kB+g4Sy6JWuzL+Ke1+qszZ7w0BtxQsqyAVFFr93ULCJnHQJWpmkdOO Lg98EVEDwIZ8Pv6Et93r512pr9cz/tgUcsYeFPWk56m8ouNY7H2vPJFZMAqiF8NR ZTt0dhXwdCxCCu7xwKc3
=v3cK
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)