-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sendmail snapshot 8.17.0.2 is available for testing. This version
fixes some problems related to the EAI code. It also has all the
changes from the 8.16 development version.

8.17.1/8.17.1 202X/XX/XX
Deprecation notice: due to compatibility problems with some
third party code, we plan to finally switch from K&R
to ANSI C. If you are using sendmail on a system
which does not have a compiler for ANSI C contact us
with details as soon as possible so we can determine
how to proceed.
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SMTPUTF8.
For mail submission the new command line option -U must
be used to specify SMTPUTF8 and the cf option SMTPUTF8
must be set in submit.cf.
Please test and provide feedback.
Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS (which requires
STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
CDB map locking has been changed so a sendmail process which
does have a CDB map open does not block an in-place
update of the map by makemap. The simple workaround
for that problem in earlier versions is to create
the map under a different name and then move it
into place.
CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
CONFIG: FEATURE(`tls_failures') is deprecated and will be
removed in future versions because it has a fundamental
problem: it is message oriented but STARTTLS is
session oriented. For example, having multiple
RCPTs in one envelope for different destinations,
with different temporary errors, does not work
properly, as the persistent macro applies to all
RCPTs and hence implicitly to all destinations (servers).
The option TLSFallbacktoClear should be used if needed.
MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
Portability:
Add support for Darwin 19 & 20.
NOTE: File locking using fcntl() does not interoperate
with Berkeley DB 5.x (and probably later). Use
CDB, flock() (-DHASFLOCK), or an earlier Berkeley
DB version. Problem noted by Harald Hannelius.
New Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x
devtools/OS/Darwin.20.x
include/sm/ixlen.h
libsm/ilenx.c
libsm/lowercase.c
libsm/strcaseeq.c
libsm/t-ixlen.c
libsm/t-ixlen.sh
libsm/t-streq.c
libsm/t-streq.sh
libsm/utf8_valid.c
libsm/uxtext_unquote.c
libsm/xleni.c
libsmutil/t-lockfile.c
libsmutil/t-lockfile-0.sh
libsmutil/t-maplock-0.sh

Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.2.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.2.tar.gz.sig

SHA256 (sendmail.8.17.0.2.tar.gz) = cff89f7c66a81ac1f8aeec8f05879707d6d2a525d5aaff4dae8f63b7a48a764d
SHA256 (sendmail.8.17.0.2.tar.gz.sig) = cc9d9034aaa418802fec48fa41d0aac4e235ad86ae5754d26eb5651d55b25f68
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJgwGySAAoJEExm6o1L7hvuHnIP/RaxghSqPNeEfC6/eiA4bBaZ
vv3pp7XR4keBp3vr1lWQDikBHjVeq1aFFRtI3EvbpmBgJUK5Vq5PAVbOBXpmT7lo
eQKuh6hS4NDFQvcjKDRjYdY7cvZgqMxBmVi8hDBa+onccJXt52gQnej6rlcVOLef
Xqhk7siwNrFOqIuQihSnnfzVMt+uUNo9d4EN+AIZx1G9+Z8ZFuPly97HFbUQNnWt
LwZ4wFGmJEMDq/D0ngeIWH6rccFHbMuDGdsuTZZcxV/84QcVncqlx+0pIhPn1+9e
vtkWGlU4TSkQwK9KCldXczyM9WvB2gBzTC8RRdoOC7ydXAi3r8CUvqQXWtzal9xC
tUDtiZpKUda1mI/DUy7DrqHhtQwXjIpSk/LXPJ1hcteJgO4lDbbiphIDKnduu7nh
C67VqKd6KwibD8v9ly4jHDjRne6lgJF6KziKbPZ4QvhgcD2XpcIYQK0LWEeR94Xv
8lS5mKA0nIPpO9Xig54Y37u3QpPmhctwy8dfjaXWCnI9iFGKbHfg3xcq8nBPkEdM
8hXi01jSN86a5qfvc3iRHjYdwCT+SDsA+sxKly83e0IamqvZTEPRMs1pyhbkdl46
NIrDBUj6HEq5qUNMTd+6yXKv0P6ryv/SO4TNHRDId3utZRgRb09OW4kDnNUdqaMx
VVynXFu/YSVU/4/rrF4n
=3YML
-----END PGP SIGNATURE-----

I reran the EAI tests on 8.17.0.2 and got the same results I did on patched 8.17.0.0.

All of the important ones patched so you are in good shape.

--
Regards,
John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly