SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sendmail-starttls-8.15.2-1.2.x86_64.rpm :
Mon Feb 20 13:00:00 2017 kukukAATTsuse.de
- Don\'t use insserv together with systemd

Mon Sep 26 14:00:00 2016 wernerAATTsuse.de
- Use _unitdir macro instead asking pkg config of systemd

Tue Jul 19 14:00:00 2016 dimstarAATTopensuse.org
- Fix License: Even https://spdx.org/licenses/Sendmail.html lists
\"Sendmail\" as the valid identifier. Same as
http://license.opensuse.org/ does. \"Sendmail License\" is in the
column \"Full Name\". The License: tag requires the identifier.
- Fix some more rpmlint warnings:
+ sendmail: W: suse-missing-rclink sendmail:
- Ship /usr/sbin/rcsendmail symlink to /usr/sbin/service
+ sendmail: W: suse-missing-rclink sendmail-client
- Ship /usr/sbin/rcsendmail-client symlink to /usr/sbin/service
+ sendmail: W: suse-wrong-suse-capitalisation:
- Rename README.SuSE to README.SUSE (fix spelling also inside
the file).
+ sendmail: W: permissions-dir-without-slash
- Fix permissions and permissions.paranoid inside
sendmail-suse.tar.bz2.
+ sendmail: W: systemd-service-without-service_del_postun:
- Add corresponding macros to postun script when not building
with sysvinit support.
+ sendmail: W: systemd-service-without-service_add_pre:
- Add corresponding macros to pre script when not building
with sysvinit support.

Thu Jun 16 14:00:00 2016 tchvatalAATTsuse.com
- Drop unused patch:

* sendmail-8.14.7-warning.patch

Thu Jun 16 14:00:00 2016 tchvatalAATTsuse.com
- Split uucp to separate package, no technical reason for it to not
stand on its own
- Drop uucp related patches:
+ uucp-1.07-contrib.dif
+ uucp-1.07-cu.patch
+ uucp-1.07-grade.patch
+ uucp-1.07-lockdev.patch
+ uucp-1.07.dif
+ uucp-texinfo-5.0.patch
+ drop_ftime.patch

Thu May 19 14:00:00 2016 wernerAATTsuse.de
- Do not use http://license.opensuse.org/ as reference for the Sendmail
license even if stated by rpmlint but https://spdx.org/licenses/Sendmail.html

Thu Apr 14 14:00:00 2016 wernerAATTsuse.de
- Avoid warning from chkstat due slash on directory path as last character

Thu Apr 14 14:00:00 2016 wernerAATTsuse.de
- Update to sendmail 8.15.2 (boo#975416)

* If FEATURE(`nopercenthack\') is used then some bogus input triggered
a recursion which was caught and logged as
SYSERR: rewrite: excessive recursion (max 50) ...
Fix based on patch from Ondrej Holas.

* DHParameters now by default uses an included 2048 bit prime.
The value \'none\' previously caused a log entry claiming
there was an error \"cannot read or set DH parameters\".
Also note that this option applies to the server side only.

* The U= mailer field didn\'t accept group names containing hyphens,
underbars, or periods. Based on patch from David Gwynne
of the University of Queensland.

* CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
Patch from Lars-Johan Liman of Netnod Internet Exchange.

* CONFIG: New option UseCompressedIPv6Addresses to select between
compressed and uncompressed IPv6 addresses. The default
value depends on the compile-time option IPV6_FULL:
For 1 the default is False, for 0 it is True, thus
preserving the current behaviour. Based on patch from
John Beck of Oracle.

* CONFIG: Account for IPv6 localhost addresses in
FEATURE(`block_bad_helo\'). Suggested by Andrey Chernov
from FreeBSD and Robert Scheck from the Fedora Project.

* CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.

* LIBMILTER: Deal with more invalid protocol data to avoid potential
crashes. Problem noted by Dimitri Kirchner.

* LIBMILTER: Allow a milter to specify an empty macro list (\"\", not
NULL) in smfi_setsymlist() so no macro is sent for the
selected stage.

* MAKEMAP: A change to check TrustedUser in fewer cases which was
made in 2013 caused a potential regression when makemap
was run as root (which should not be done anyway).

* SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.

* If header rewriting fails due to a temporary map lookup failure,
queue the mail for later retry instead of sending it
without rewriting the header. Note: this is done
while the mail is being sent and hence the transaction
is aborted, which only works for SMTP/LMTP mailers
hence the handling of temporary map failures is
suppressed for other mailers. SMTP/LMTP servers may
complain about aborted transactions when this problem
occurs.
See also \"DNS Lookups\" in sendmail/TUNING.

* Incompatible Change: Use uncompressed IPv6 addresses by default,
i.e., they will not contain \"::\". For example,
instead of ::1 it will be 0:0:0:0:0:0:0:1. This
permits a zero subnet to have a more specific match,
such as different map entries for IPv6:0:0 vs IPv6:0.
This change requires that configuration data
(including maps, files, classes, custom ruleset,
etc) must use the same format, so make certain such
configuration data is updated before using 8.15.
As a very simple check search for patterns like
\'IPv6:[0-9a-fA-F:]
*::\' and \'IPv6::\'. If necessary,
the prior format can be retained by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF\', `-DIPV6_FULL=0\')
in your devtools/Site/site.config.m4 file.

* If a connection to the MTA is dropped by the client before its
hostname can be validated, treat it as \"may be forged\",
so that the unvalidated hostname is not passed to a
milter in xxfi_connect().

* Add a timeout for communication with socket map servers
which can be specified using the -d option.

* Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
numeric logins even if HESIOD is enabled.
- sendmail 8.15.1

* The new option CertFingerprintAlgorithm specifies the finger-
print algorithm (digest) to use for the presented cert.
If the option is not set, md5 is used and the macro
{cert_md5} contains the cert fingerprint.
However, if the option is set, the specified algorithm
(e.g., sha1) is used and the macro {cert_fp} contains
the cert fingerprint.
That is, as long as the option is not set, the behaviour
does not change, but otherwise, {cert_md5} is superseded
by {cert_fp} even if you set CertFingerprintAlgorithm
to md5.

* The options ServerSSLOptions and ClientSSLOptions can be used
to set SSL options for the server and client side
respectively. See SSL_CTX_set_options(3) for a list.
Note: this change turns on SSL_OP_NO_SSLv2 and
SSL_OP_NO_TICKET for the client. See doc/op/op.me
for details.

* The option CipherList sets the list of ciphers for STARTTLS.
See ciphers(1) for possible values.

* Do not log \"STARTTLS: internal error: tls_verify_cb: ssl == NULL\"
if a CRLFfile is in use (and LogLevel is 14 or higher.)

* Store a more specific TLS protocol version in ${tls_version}
instead of a generic one, e.g., TLSv1 instead of
TLSv1/SSLv3.

* Properly set {client_port} value on little endian machines.
Patch from Kelsey Cummings of Sonic.net.

* Per RFC 3848, indicate in the Received: header whether SSL or
SMTP AUTH was negotiated by setting the protocol clause
to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP.

* If the \'C\' flag is listed as TLSSrvOptions the requirement for the
TLS server to have a cert is removed. This only works
under very specific circumstances and should only be used
if the consequences are understood, e.g., clients
may not work with a server using this.

* The options ClientCertFile, ClientKeyFile, ServerCertFile, and
ServerKeyFile can take a second file name, which must be
separated from the first with a comma (note: do not use
any spaces) to set up a second cert/key pair. This can
be used to have certs of different types, e.g., RSA
and DSA.

* A new map type \"arpa\" is available to reverse an IP (IPv4 or IPv6)
address. It returns the string for the PTR lookup, but
without trailing {ip6,in-addr}.arpa.

* New operation mode \'C\' just checks the configuration file, e.g.,
sendmail -C new.cf -bC
will perform a basic syntax/consistency check of new.cf.

* The mailer flag \'I\' is deprecated and will be removed in a
future version.

* Allow local (not just TCP) socket connections to the server, e.g.,
O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
can be used.

* If the new option MaxQueueAge is set to a value greater than zero,
entries in the queue will be retried during a queue run
only if the individual retry time has been reached which
is doubled for each attempt. The maximum retry time is
limited by the specified value.

* New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
to relax requirement for DefaultAuthInfo file.

* Reset timeout after receiving a message to appropriate value if
STARTTLS is in use. Based on patch by Kelsey Cummings
of Sonic.net.

* Report correct error messages from the LDAP library for a range of
small negative return values covering those used by OpenLDAP.

* Fix compilation with Berkeley DB 5.0 and 6.0. Patch from
Allan E Johannesen of Worcester Polytechnic Institute.

* CONFIG: FEATURE(`nopercenthack\') takes one parameter: reject or
nospecial which describes whether to disallow \"%\" in the
local part of an address.

* DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.

* LIBMILTER: Mark communication socket as close-on-exec in case
a user\'s filter starts other applications.
Based on patch from Paul Howarth.
- Modified patches
sendmail-8.14.9.dif becomes sendmail-8.15.2.dif
sendmail-8.14.7-select.dif
sendmail-8.14.8-m4header.patch
sendmail-fd-passing-libmilter.patch
Removed patches
sendmail-db6.diff
sendmail-8.14.7-warning.patch

Tue Dec 1 13:00:00 2015 wernerAATTsuse.de
- Do not enforce dependencies like for amavis and saslauthd

Mon May 26 14:00:00 2014 wernerAATTsuse.de
- Add patch sendmail-fd-passing-libmilter.patch from Debian sendmail
maintainer Mikhail Gusarov to support systemd socket activation
support also in libmilter (bnc#879790)
- Be aware that /var/run is a symbolic link to /run a tmpfs file
system

Fri May 23 14:00:00 2014 wernerAATTsuse.de
- Update to sendmail 8.14.9

* Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.

* Fix a misformed comment in conf.c: \"/
*\" within comment
which may cause a compilation error on some systems.
Problem reported by John Beck of Oracle.

* Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Bryan Costales.
- Modify patch sendmail-8.14.8.dif which is now sendmail-8.14.9.dif

Wed Apr 2 14:00:00 2014 wernerAATTsuse.de
- In systemd mail-transfer-agent.target is gone even if there are
MTAs around which will be started without socket/bus activation

Tue Apr 1 14:00:00 2014 wernerAATTsuse.de
- Update to sendmail 8.14.8 (bnc#871258)

* Properly initialize all OpenSSL algorithms for versions before
OpenSSL 0.9.8o. Without this SHA2 algorithms may not
work properly, causing for example failures for certs
that use sha256WithRSAEncryption as signature algorithm.

* When looking up hostnames, ensure only to return those records
for the requested family (AF_INET or AF_INET6).
On system that have NEEDSGETIPNODE and NETINET6
this may have failed and cause delivery problems.
Problem noted by Kees Cook.

* A new mailer flag \'!\' is available to suppress an MH hack
that drops an explicit From: header if it is the
same as what sendmail would generate.

* Add an FFR (for future release) to use uncompressed IPv6 addresses,
i.e., they will not contain \"::\". For example, instead
of ::1 it will be 0:0:0:0:0:0:0:1. This means that
configuration data (including maps, files, classes,
custom ruleset, etc) have to use the same format.
This will be turned on in 8.15. It can be enabled in 8.14
by compiling with:
APPENDDEF(`conf_sendmail_ENVDEF\', `-D_FFR_IPV6_FULL\')
in your devtools/Site/site.config.m4 file.

* Add an additional case for the WorkAroundBrokenAAAA check when
dealing with broken nameservers by ignoring SERVFAIL
errors returned on T_AAAA (IPv6) lookups at delivery time.
Problem noted by Pavel Timofeev of OCS.

* If available, pass LOGIN_SETCPUMASK and LOGIN_SETLOGINCLASS to
setusercontext() on deliveries as a different user.
Patch from Edward Tomasz Napierala from FreeBSD.

* Add support for DHParameters 2048-bit primes.

* CONFIG: Accept IPv6 literals when evaluating the HELO/EHLO argument
in FEATURE(`block_bad_helo\'). Suggested by Andrey Chernov.

* LIBSMDB: Add a missing check for malloc() in libsmdb/smndbm.c.
Patch from Bill Parker.

* LIBSMDB: Fix minor memory leaks in libsmdb/ if allocations
fail. Patch from John Beck of Oracle.

* Portability:
On Linux use socklen_t as the type for the 3rd argument
for getsockname/getpeername if the glibc version is at
least 2.1.
- Add patch sendmail-8.14.8-m4header.patch from upstream
- Update patch sendmail-8.14.7.dif to sendmail-8.14.8.dif
- Modify the service files to be able to restart if a reload fails
as well as use sync targets nss-user-lookup.target and
nss-lookup.target. Also propagate reload from main service to
client service and install both

Sun Mar 23 13:00:00 2014 wernerAATTsuse.de
- Use _GNU_SOURCE in CFLAGS and %_smp_mflags at make, maybe related
to bnc#865232, that is do not reset signal handler but SA_RESTART

Wed Dec 18 13:00:00 2013 wernerAATTsuse.de
- Do not use remote-fs.target but local-fs.target to make sure that
failing remote/cifs shares let sendmail fail (bnc#855688)

Tue Oct 8 14:00:00 2013 wernerAATTsuse.de
- Add config.starttls script to ask mail/imap server for certificates

Tue Oct 1 14:00:00 2013 wernerAATTsuse.de
- Add saslauthd as optional requirement in the systemd service unit
- Add SENDMAIL_MTA_MODIFIER and SENDMAIL_MTA_SSL_PORT to configuration
- Split off SuSE specific file into a own tar ball
- Avoid SysVinit boot scripts on systemd based systems

Mon Sep 9 14:00:00 2013 wernerAATTsuse.de
- Edit existing /etc/sysconfig/sendmail to add Command line (bnc#839033)
- Add a config.sendmail script which calls the update script verbosely

Thu Aug 8 14:00:00 2013 wernerAATTsuse.de
- Use /etc/os-release instead of /etc/SuSE-release (bnc#833953)

Mon Jul 15 14:00:00 2013 wernerAATTsuse.de
- New rpm had removed \"prereq\" flag from installation script bits
that is that `Requires(prereq)\' is not valid anymore :(((

Sun Jun 16 14:00:00 2013 jengelhAATTinai.de
- sendmail-8.14.7.dif forces the use of SSL and SASL libraries,
so make sure the BuildRequires are there

Fri Jun 14 14:00:00 2013 jengelhAATTinai.de
- Add sendmail-db6.diff to fix compile abort with db >= 5

Tue May 28 14:00:00 2013 fcrozatAATTsuse.com
- Fix errors in systemd services (bnc#820858).

Tue Apr 23 14:00:00 2013 wernerAATTsuse.de
- Remove FAQ.sendmail-8.14 but use a html link to upstream support

Tue Apr 23 14:00:00 2013 wernerAATTsuse.de
- Update to sendmail 8.14.7

* Drop support for IPv4-mapped IPv6 addresses to prevent the MTA
from using a mapped address over a legitimate IPv6 address
and to enforce the proper semantics over the IPv6
connection. Problem noted by Ulrich Sporlein.

* Fix a regression introduced in 8.14.6: the wrong list of
macros was sent to a milter in the EHLO stage.
Problem found by Fabrice Bellet, reported via RedHat
(Jaroslav Skarvada).

* Fix handling of ORCPT parameter for DSNs: xtext decoding
was not performed and a wrong syntax check was applied
to the \"addr-type\" field. Problem noted by Dan Lukes
of Obludarium.

* Fix handling of NUL characters in the MIME conversion functions
so that message bodies containing them will be sent
on properly. Note: this usually also affects mails
that are not converted as those functions are used
for other purposes too. Problem noted by Elchonon
Edelson of Lockheed Martin.

* Do not perform \"duplicate\" elimination of recipients if they
resolve to the error mailer using a temporary failure
(4xy) via ruleset 0. Problem noted by Akira Takahashi
of IIJ.

* CONTRIB: Updated version of etrn.pl script from John Beck
of Oracle.
- Update to sendmail 8.14.6

* Fix a regression introduced in 8.14.5: if a server offers
two AUTH lines, the MTA would not read them after
STARTTLS has been used and hence SMTP AUTH for
the client side would fail. Problem noted by Lena.

* Do not cache hostnames internally in a non case sensitive way
as that may cause addresses to change from lower case
to upper case or vice versa. These header modifications
can cause problems with milters that rely on receiving
headers in the same way as they are being sent out such
as a DKIM signing milter.

* If MaxQueueChildren is set then it was possible that new queue
runners could not be started anymore because an
internal counter was subject to a race condition.

* If a milter decreases the timeout it waits for a communication
with the MTA, the MTA might experience a write() timeout.
In some situations, the resulting error might have been
ignored. Problem noted by Werner Wiethege.
Note: decreasing the communication timeout in a milter
should not be done without considering the potential
problems.

* smfi_setsymlist() now properly sets the list of macros for
the milter which invoked it, instead of a global
list for all milters. Problem reported by
David Shrimpton of the University of Queensland.

* If Timeout.resolver.retrans is set to a value larger than 20,
then resolver.retry was temporarily set to 0 for
gethostbyaddr() lookups. Now it is set to 1 instead.
Patch from Peter.

* If sendmail could not lock the statistics file due to a system
error, and sendmail later sends a DSN for a mail that
triggered such an error, then sendmail tried to access
memory that was freed before (causing a crash on some
systems). Problem reported by Ryan Stone.

* Do not log negative values for size= nor pri= to avoid confusing
log parsers, instead limit the values to LONG_MAX.

* Account for an API change in newer versions of Cyrus-SASL.
Patch from Hajimu UMEMOTO from FreeBSD.

* Do not try to resolve link-local addresses for IPv4 (just as it
is done for IPv6). Patch from John Beck of Oracle.

* Improve logging of client and server STARTTLS connection failures
that may be due to incompatible cipher lists by including
the reason for the failure in a single log line. Suggested
by James Carey of Boeing.
- Drop sendmail-8.14.5-auth2.patch0 as this is part of 8.14.6
- Add sendmail-8.14.7-warning.patch to avoid useless gcc warning
- Refresh sendmail-8.14.7-select.dif
- Refresh sendmail-8.14.7.dif

Fri Oct 26 14:00:00 2012 cooloAATTsuse.com
- explicit buildrequire on groff, called from spec file

Thu Oct 11 14:00:00 2012 cooloAATTsuse.com
- buildrequire netcfg explicitly

Fri Jul 13 14:00:00 2012 wernerAATTsuse.de
- Make if build even with older distributions

Fri Jul 13 14:00:00 2012 wernerAATTsuse.de
- Use UTF-8 messages

Fri Jul 13 14:00:00 2012 wernerAATTsuse.de
- Do not depend on broken umask in rpm scriptlets

Tue Jun 19 14:00:00 2012 wernerAATTsuse.de
- Make SuSEconfig.sendmail a standalone update script (fate#313548)

Fri May 25 14:00:00 2012 wernerAATTsuse.de
- Help to do systemctl the obvoisly (bnc#754544)

Thu Feb 9 13:00:00 2012 cfarrellAATTsuse.com
- license update: SUSE-Sendmail
SUSE- proprietary prefix added until Sendmail is accepted as valid SPDX
license at http://www.spdx.org/licenses

Mon Nov 21 13:00:00 2011 wernerAATTsuse.de
- Allow sendmail to authenticate as client to various mail servers
in TLS mode even if servers send 2 headers (bnc#731658)

Thu Aug 18 14:00:00 2011 wernerAATTsuse.de
- Expand systemd configuration at build time

Fri Aug 12 14:00:00 2011 wernerAATTsuse.de
- Use Pre exec files for configuration on the fly

Thu Aug 11 14:00:00 2011 wernerAATTsuse.de
- Socket activation does not work for sendmail even with -bs
on the command line of sendmail and StandardInput=socket

Mon Aug 8 14:00:00 2011 wernerAATTsuse.de
- The approach of using makefiles requires make for sendmail

Fri Aug 5 14:00:00 2011 wernerAATTsuse.de
- Make /var/run a ghost entry in spec as this is a tmpfs now and
create it at start of sendmail if it does not exist (bnc#710279)
- First try of using systemd unit configration files for both
sendmail MTA and sendmail MT client. Try to start them on
demand using systemd unit socket files for both local and remote
network as well as systemd unit path file for local mail queue

Tue May 31 14:00:00 2011 wernerAATTsuse.de
- Update to sendmail 8.14.5

* Do not cache SMTP extensions across connections as the cache is
based on hostname which may not be a unique identifier for a
server, i.e., different machines may have the same hostname but
provide different SMTP extensions. Problem noted by Jim Hermann.

* Avoid an out-of-bounds access in case a resolver reply for a DNS
map lookup returns a size larger than 1K. Based on a patch
from Dr. Werner Fink of SuSE.

* If a job is aborted using the interrupt signal (e.g., control-C
from the keyboard), perform minimal cleanup to avoid invoking
functions that are not signal-safe. Note: in previous versions
the mail might have been queued up already and would be
delivered subsequently, now an interrupt will always remove the
queue files and thus prevent delivery.

* Per RFC 6176, when operating as a TLS client, do not offer SSLv2.

* Since TLS session resumption is never used as a client, disable
use of RFC 4507-style session tickets.

* Work around gcc4 versions which reverse 25 years of history and
no longer align char buffers on the stack, breaking calls to
resolver functions on strict alignment platforms.
Found by Stuart Henderson of OpenBSD.

* Read at most two AUTH lines from a server greeting (up to two
lines are read because servers may use \"AUTH mechs\" and
\"AUTH=mechs\"). Otherwise a malicious server may exhaust the
memory of the client. Bug report by Nils of MWR InfoSecurity.

* Avoid triggering an assertion in the OpenLDAP code when the
connection to an LDAP server is lost while making a query.
Problem noted and patch provided by Andy Fiddaman.

* If ConnectOnlyTo is set and sendmail is compiled with NETINET6
it would try to use an IPv6 address if an IPv4 (or unparseable)
address is specified.

* If SASLv2 is used, make sure that the macro {auth_authen} is
stored in xtext format to avoid problems with parsing it.
Problem noted by Christophe Wolfhugel.

* CONFIG: FEATURE(`ldap_routing\') in 8.14.4 tried to add a missing
- T that is required, but failed for some cases that did
not use LDAP. This change has been undone until a better
solution can be implemented. Problem found by Andy Fiddaman.

* CONTRIB: qtool.pl: Deal with H entries that do not have a letter
between the question marks. Patch from Stefan Christensen.

* DOC: Use a better description for the -i option in sendmail.
Patch from Mitchell Berger.
- Add defines for nanaosleep and socklen_t for linux in conf.h

Tue Dec 7 13:00:00 2010 cooloAATTnovell.com
- prereq init scripts network and syslog

Thu Sep 30 14:00:00 2010 rhaferAATTnovell.com
- Removed version-specific libdb-4_5-devel from BuildRequires to be
able to build against newer libdb Versions.

Fri Jul 16 14:00:00 2010 wernerAATTsuse.de
- Newer killproc sends only SIGTERM as required by LSB if -TERM is
specified on the command line. Use the default which is SIGTERM
followed by SIGKILL if the timeout of 5 seconds is reached.

Fri Feb 5 13:00:00 2010 wernerAATTsuse.de
- Use upstream patch for bnc#559517

Wed Jan 27 13:00:00 2010 wernerAATTsuse.de
- Update to bug fix release sendmail 8.14.4

* Handle bogus certificates containing NUL characters
in CNs by placing a string indicating a bad certificate
in the {cn_subject} or {cn_issuer} macro. Patch inspired
by Matthias Andree\'s changes for fetchmail.

* During the generation of a queue identifier an integer overflow
could occur which might result in bogus characters
being used. Based on patch from John Vannoy of
Pepperdine University.

* Prevent a crash when a hostname lookup returns a seemingly
valid result which contains a NULL pointer (this seems
to be happening on some Linux versions).

* Fix overflow of an internal array when parsing some replies
from a milter. Problem found by Scott Rotondo

* Fix handling of `b\' modifier for DaemonPortOptions on little
endian machines for loopback address. Patch from
John Beck of Sun Microsystems.

* Fix a potential memory leak in libsmdb/smdb1.c found by parfait.
Based on patch from Jonathan Gray of OpenBSD.

* Fix memory leak that occurred when smfi_setsymlist()
was used. Based on patch by Dan Lukes.
- Add patch to avoid overflow of buffer for DNS resolver (bnc#559517)


  
ICM