-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sendmail snapshot 8.17.0.5 is available for testing. It fixes a problem
introduced during the development of 8.17 which caused the length of
some strings to be miscalculated (but without overflowing a buffer).
This version also avoids that on some systems the rejection of a RCPT
by a milter could silently fail.

8.17.1/8.17.1 2021/XX/XX
Deprecation notice: due to compatibility problems with some
third party code, we plan to finally switch from K&R
to ANSI C. If you are using sendmail on a system
which does not have a compiler for ANSI C contact us
with details as soon as possible so we can determine
how to proceed.
Experimental support for SMTPUTF8 (EAI, see RFC 6530-6533)
is available when using the compile time option USE_EAI
(see also devtools/Site/site.config.m4.sample for other
required settings) and the cf option SMTPUTF8.
If a mail submission via the command line requires
the use of SMTPUTF8, e.g., because a header uses UTF-8
encoding, but the addresses on the command line are all
ASCII, then the new option -U must be used, and
the cf option SMTPUTF8 must be set in submit.cf.
Please test and provide feedback.
Experimental support for SMTP MTA Strict Transport Security
(MTA-STS, see RFC 8461) is available when using
- the compile time option _FFR_MTA_STS (which requires
STARTTLS, MAP_REGEX, SOCKETMAP, and _FFR_TLS_ALTNAMES),
- FEATURE(sts), which implicitly sets the cf option
StrictTransportSecurity,
- postfix-mta-sts-resolver, see
https://github.com/Snawoot/postfix-mta-sts-resolver.git
New ruleset check_other which is called for all unknown SMTP
commands in the server and for commands which do not
have specific rulesets, e.g., NOOP and VERB.
New ruleset clt_features which can be used to select features
in the SMTP client per server. Currently only two
flags are available: D/M to disable DANE/MTA-STS,
respectively.
Avoid leaking session macros for an envelope between
delivery attempts to different servers. This problem
could have affected check_compat.
Avoid leaking actual SMTP replies between delivery attempts
to different servers which could cause bogus logging
of reply= entries.
Change default SMTP reply code for STARTTLS related problems
from 403 to 454 to better match the RFCs.
Fix a theoretical buffer overflow when encountering an
unknown/unsupported socket address family on an
operating system where sa_data is larger than 30
(the standard is 14). Based on patch by Toomas Soome.
Several potential memory leaks and other similar problems
(mostly in error handling code) have been fixed.
Problems reported by Tomas Korbar of RedHat.
Previously the commands GET, POST, CONNECT, or USER terminate
a connection immediately only if sent as first command.
Now this is also done if any of these is sent directly
after STARTTLS or if the 'h' option is set via
srv_features.
CDB map locking has been changed so a sendmail process which
does have a CDB map open does not block an in-place
update of the map by makemap. The simple workaround
for that problem in earlier versions is to create
the map under a different name and then move it
into place.
On some systems the rejection of a RCPT by a milter could
silently fail.
CONFIG: New FEATURE(`check_other') to provide a default
check_other ruleset.
CONFIG: FEATURE(`tls_failures') is deprecated and will be
removed in future versions because it has a fundamental
problem: it is message oriented but STARTTLS is
session oriented. For example, having multiple
RCPTs in one envelope for different destinations,
with different temporary errors, does not work
properly, as the persistent macro applies to all
RCPTs and hence implicitly to all destinations (servers).
The option TLSFallbacktoClear should be used if needed.
MAIL.LOCAL: Enhance some error messages to simplify
troubleshooting.
Portability:
Add support for Darwin 19 & 20.
NOTE: File locking using fcntl() does not interoperate
with Berkeley DB 5.x (and probably later). Use
CDB, flock() (-DHASFLOCK), or an earlier Berkeley
DB version. Problem noted by Harald Hannelius.
New Files:
cf/feature/check_other.m4
cf/feature/sts.m4
devtools/OS/Darwin.19.x
devtools/OS/Darwin.20.x
include/sm/ixlen.h
libsm/ilenx.c
libsm/lowercase.c
libsm/strcaseeq.c
libsm/t-ixlen.c
libsm/t-ixlen.sh
libsm/t-streq.c
libsm/t-streq.sh
libsm/utf8_valid.c
libsm/uxtext_unquote.c
libsm/xleni.c
libsmutil/t-lockfile.c
libsmutil/t-lockfile-0.sh
libsmutil/t-maplock-0.sh

Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.5.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.17.0.5.tar.gz.sig

SHA256 (sendmail.8.17.0.5.tar.gz) = 29874f76583953dd7fe39c83fb2dd501650d5a30404735f7bd9a25974e08609e
SHA256 (sendmail.8.17.0.5.tar.gz.sig) = a1675dff751b3b14f2fb0a991d9c0528d56107bde2457a1881025953b8f17128
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJhCmtxAAoJEExm6o1L7hvuymYP/iwen8BJUqYy+nMN9bm55W9T
QG6W0NkWC5tgnAe53Sl4pTIgYpALwPD/vuew4hkL1o3ajZ5foDN3Rfw7TUBAUe+p
RD+Mc9i8gPU/hzWX8tsSY3xBV9Mp8sXajN/DHRhtixTCBx86RL8Ty6O6MQOdA04A
naXT7Ww8yMk+LdzysI+z1qzCeOMg/xt8C79f/kEHJU7YE3E6XX/RaqKA1pMbtCn4
jsOTbzOboGVyjSBcCAbORlTFdk5q6DpHDtXGkY+r74MZmdFri62HNcq1GTkhT7O+
sc7PQ/n5NtwGg3xjlMEPVezyMIGs+D+2CRaV6u6hd3UjoYgh3FMiYuHIHc4+9Zc1
x8B2iNM3K4sp+gDpR6QT6B2OCCs7r0kuvgMgFV5QI62SvTgtqSJqnv5NtD6V3kR+
zWp1oRD7e3amkh5WPhQ2U5rbRJbHuWg63YsfUltlHFesCGKVDQN8galz3GCZXzjN
s5obQs0a5OSjPlA6itEbvvz5Ifpn82Q3u8vnAyZMMH4c72zyj/YJvcL0+k3VFLPK
9nxkO1z3Jn2BH9dBL8ecChUvHKMKFakz/VM1KpesPmcUPLDvWOo6gDDRqAnme3zR
ll5eCZI54keSpoPMm980CIQOen5jXRFV/s8rpaUNWeetjjA9BIeBzGNXS4dIGpoH
Z0oJRKVsTae28W/B4fmO
=TFRd
-----END PGP SIGNATURE-----

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.