postfix-bdb-3.8.4-150600.3.3.1<>,DfTRpp9|)o1 Mڅi1$I0.s8/s`3UĿH`oLq6|ߦ wOP$V2 EhR|JhVɴg'x QO1`lJm&{_eձ-l,!5qaM 䱗l?pAWRs 9+},WoLCDMnKQ揱PO12|߂x_x1M>2wZRf>QP?@d ! E 9PV\3@  "J # 'T S UY]eaae0 f,9g9k39kkk(k7k8m89o:|i=4><?D@LCTF\GpHI(X Y0 \t]^Ƕbɴc]defluvd8w4xyz<Cpostfix-bdb3.8.4150600.3.3.1A fast, secure, and flexible mailerPostfix aims to be an alternative to the widely-used sendmail program with bdb supportfTRps390zl34:+SUSE Linux Enterprise 15SUSE LLC EPL-2.0 OR IPL-1.0https://www.suse.com/Productivity/Networking/Email/Servershttp://www.postfix.orglinuxs390x if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : for service in postfix.service ; do sysv_service=${service%.*} if [ ! -e /usr/lib/systemd/system/$service ] && [ ! -e /etc/init.d/$sysv_service ]; then mkdir -p /run/systemd/rpm/needs-preset touch /run/systemd/rpm/needs-preset/$service elif [ -e /etc/init.d/$sysv_service ] && [ ! -e /var/lib/systemd/migrated/$sysv_service ]; then /usr/sbin/systemd-sysv-convert --save $sysv_service || : mkdir -p /run/systemd/rpm/needs-sysv-convert touch /run/systemd/rpm/needs-sysv-convert/$service fi done fi VERSIONTEST=$(test -x usr/sbin/postconf && usr/sbin/postconf proxy_read_maps 2>/dev/null || :) if [ -z "$VERSIONTEST" -a -f var/spool/postfix/pid/master.pid ]; then if checkproc -p var/spool/postfix/pid/master.pid usr/lib/postfix/master; then echo "postfix is still running. You have to stop postfix in order to" echo "install a newer version." exit 1 fi fi # --------------------------------------------------------------------------- /usr/sbin/sysusers2shadow postfix-user.conf <<"EOF" || [ -f /.buildenv ] g postfix 51 - - g maildrop 59 - - u postfix 51 "Postfix Daemon" /var/spool/postfix m postfix maildrop m postfix mail EOF # We never have to run suseconfig for postfix after installation # We only start postfix own upgrade-configuration by update if [ ${1:-0} -gt 1 ]; then touch /var/adm/postfix.configured echo "Executing upgrade-configuration." /usr/sbin/postfix set-permissions upgrade-configuration setgid_group=maildrop || : if [ "$(/usr/sbin/postconf -h daemon_directory)" != "/usr/lib/postfix/bin/" ]; then /usr/sbin/postconf daemon_directory=/usr/lib/postfix/bin/ fi fi if [ -x /usr/bin/systemctl ]; then test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" ]; then /usr/bin/systemctl daemon-reload || : fi for service in postfix.service ; do sysv_service=${service%.*} if [ -e /run/systemd/rpm/needs-preset/$service ]; then /usr/bin/systemctl preset $service || : rm "/run/systemd/rpm/needs-preset/$service" || : elif [ -e /run/systemd/rpm/needs-sysv-convert/$service ]; then /usr/sbin/systemd-sysv-convert --apply $sysv_service || : rm "/run/systemd/rpm/needs-sysv-convert/$service" || : touch /var/lib/systemd/migrated/$sysv_service || : fi done fi if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/sbin/postdrop fi if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/sbin/postlog fi if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/sbin/postqueue fi if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /etc/postfix/sasl_passwd fi if [ -x /usr/bin/chkstat ]; then /usr/bin/chkstat -n --set --system /usr/sbin/sendmail fi PNAME=postfix-bdb SUBPNAME= SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi PNAME=mail SUBPNAME=-postfix-bdb SYSC_TEMPLATE=/usr/share/fillup-templates/sysconfig.$PNAME$SUBPNAME # If template not in new /usr/share/fillup-templates, fallback to old TEMPLATE_DIR if [ ! -f $SYSC_TEMPLATE ] ; then TEMPLATE_DIR=/var/adm/fillup-templates SYSC_TEMPLATE=$TEMPLATE_DIR/sysconfig.$PNAME$SUBPNAME fi SD_NAME="" if [ -x /bin/fillup ] ; then if [ -f $SYSC_TEMPLATE ] ; then echo "Updating /etc/sysconfig/$SD_NAME$PNAME ..." mkdir -p /etc/sysconfig/$SD_NAME touch /etc/sysconfig/$SD_NAME$PNAME /bin/fillup -q /etc/sysconfig/$SD_NAME$PNAME $SYSC_TEMPLATE fi else echo "ERROR: fillup not found. This should not happen. Please compare" echo "/etc/sysconfig/$PNAME and $TEMPLATE_DIR/sysconfig.$PNAME and" echo "update by hand." fi /sbin/ldconfig test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable postfix || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop postfix ) || : fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable postfix.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop postfix.service ) || : fi # --------------------------------------------------------------------------- test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ $1 -eq 0 ]; then # Package removal for service in postfix.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done fi if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart postfix.service ) || : fi fi /sbin/ldconfig # ---------------------------------------------------------------------------~g}]Rw) 3(\{}D"tV~*p$N%461H@9'(@'HHPP8@@H@Yht*p(@$NXH`8@h@8@8m(@Y(@H@@ z" GX^R<p(WH(-@H`8@''(WyPX@hHxphqAg}](( J W>9  -  vH ; z  ~ &q $ `|T 6 +7 Z d& ` A큤聤聤AA큤A큀AA큤AAAA큤A큤AACAAAAAAAAAAAAAAAfTRjfTRjfTRjfTRjfTRgfTRgfTRgfTRgfTRgfTRgfTRjfTRgfTRgfTRjfTRjfTRgfTRgfTRgfTRjfTRgfTRgfTRgfTRgfTRgfTRgfTRjfTRjfTRgfTRjfTRjfTRgfTRgfTRgfTRgfTRgfTRjfTRjfTRlfTRlfTRlfTRjfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRifTRifTRifTRifTRkfTRifTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRifTRifTRlfTRlfTRlfTRlfTRlfTRifTRifTRifTRjfTRifTRkfTRjfTRjfTRjfTRjfTRjfTRjfTRjfTRjfTRjfTRkfTRkfTRkfTRkfTRkfTRjfTRjfTRjfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRkfTRlfTRkfTRkfTRkfTRlefTRjfTRjfTRlZeXfTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRjfTRjfTRjfTRjfTRjfTRjfTRjfTRjfTRifTRjfTRjfTRjfTRjfTRifTRjfTRjfTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRifTRi2a578b63978d4658a4982a6cd6cdc8b123eb297be639937a6febed1ab696868d6233f37dc93ae05d476bbeb03ffa6de4d006893a9d5c91d38afb66506d224e9dd5e51380e7ec868a42d336c868fc012ab95cac771d95361504cc6040b8d86221c00a478a7c120c4ef2ad0851c0fbd50d3cba2739d5ecb1be16e6bc4c75792d56d7c000b62ab236b5c5c4db8ad7edec232b2afe95d85c8e064a5c9f6d5308620f7fdf5c3b79ba13d9c264e20742b88ec15b3b9ca7abf400e24691fefddcf54feca4c54b9b97bc6b865151049bd5ede329db3e7eac7c5dec5e25613b00c3a8cfdd0346aaf4bc296be09477b038c780641b4b074c9bafa94b3b556cdc3f77c17f17e3fe120264875113f86595e8310867a188e65f52c3f039c4e2c3554910e4562fd1f8ccc0f7e3d745cf87893b9d1feec45b6e806db6b67180be55e3bf269a399b1a1282cd3e245ea1bc32c901f715dc8f0c0b3392a9263dacf39fb65badb85932e523e826b0192c39b42d71597caa8b3e5e166d1e6af98528f046f1ebe67279257987a8bb5574dc385076dc07254f804116424358cc8bdb9a9b53a15a83735def0585e97bb821968db6b42984cd293a9917eb2d99d55eaa83972db7acc063f7ca33e6050e0dcb644748786bfc37b32e7332c19b1d25f20382cf50490a4e19e8663af462c4091687ce98ca5ae13641d93b1197d091b6e040b4eb3170a0fc705de5d37145f699e9e518a1191c3380be10af0843ff326aa415c48eef995bcc06e14942fac085b0a420236276365e4f84728f8a970d6fb5b22ded860610d0612a52ac7b2f8f9147b41c7e47df9b97c22831afb23be7141818614ec2370210e460c9d16ba0e633486a939f44dc97f1edcb5bd066f3ac8b60681de9f40a82a79a0317c6560bc84823e7d8248afc1422f5941ec1daf6e1933fb13b04650684ce8f0a6de54daa64637ea7e8e3e1e8c265d11032f4166c243eef8f734774f4f9b01bc261f88eb8534a7cc6a2ea42c5b4be1c455279de3a10fe62a9a86b2f6e752331a873e16308e79a80563130e95d899567daf677329fd128b07339cecfadd6ad48d1cae5399c61c8aa9b4928006339bd1dbebd59081f7ea0bf20381936d55bcfcad72642fdf3be782f4cce5b80154b8c0973317c625378b858dc436fa13d058a683b575daf1bc2712e7b9014e9d3d5f0d879c477ce63e3daac584259f7e38205e93330c7ed12c4a05ddf1e305d7155fd9a68b5c948290c05538aedf58e88ddac2a7488aecd6ff7ab94a92159da177b67105cee1625528dbfc9787b25479a83f205e783d0bfa404aea7145bd715d44008f4e95b3cef31c4509f7afd6391012b05c459f6d7a94245dfa21ef9e2ec5524d82d5d8008dd083dd10d93df0c31d9cf88257cb1876617c2faa6edec2450a9cfe004b09f3c37a2ccb4cd6fd2cb945bb95790f963759d82e7dd627206b7cbf2dfcebb85e51e300eeefa8fc44553502f2ca65905eb591e96951b9f9c475c5561b4ae98b09bd78f4793662c2a601a56f9a7d05f2384ba3fa6ba0128f80a379ae6ff5105c2d78ca913d54a5fed1e9eef221167f32f5b384c2a61a850a81207446fd07614132a31eb1a55e40e7933a0822bcc89a931422bc621868fd77b933ded20ac7275f449cffd37bdea944e10a6843ed5faf59c4bc61bd3f8731d5f84d3ec8afdc3dec84e6f3281480c8e154703499a6e7b488db487ad60f23ce7d9c854bc1bdda7ca2334dd03ba7e2f382ab7613991825b5438da73dd0d470292a40511f9cafd7af300a3092cba5cfa11f202c63dac4fd3232c8acbb417edf0c4fe45fcab25fdfc4d1ccde5c6645d40081d50e0413dacd0f28a7f70b2a1afbbc0521ba5b1da4f3a7c5ffb0943b37ea7597092ade4b15152ca402b5e27d0f2e628d1366a0f15df1783dab177bcd5b615f1db3550a305e8be1fcc7240072ecec1e9034ee56ac8dfb8efacfb23f39c5e3e9b1895f4e53a609a65c61e58f55e6a07fc8771ba17da1c244d3962287c6f643bfb496d3def54e21004f7214e371db677398fbd02c848fe92a07a5d2991446f6fb872dd3d2e293146051aff2b7b2f8f9147b41c7e47df9b97c22831afb23be7141818614ec2370210e460c9d1560bc84823e7d8248afc1422f5941ec1daf6e1933fb13b04650684ce8f0a6de54daa64637ea7e8e3e1e8c265d11032f4166c243eef8f734774f4f9b01bc261f88eb8534a7cc6a2ea42c5b4be1c455279de3a10fe62a9a86b2f6e752331a873e15e4b0a341ef65fd14c4ece8d49cfae7e2a158a0b2702db2d88273da02b060d916308e79a80563130e95d899567daf677329fd128b07339cecfadd6ad48d1cae51ed6c4abb8889ba858c3b3eeceeeccb4e87250d780e75602a35be8b50bbd958e485ac19e664b4ec7621a251f19306f65b9ad40a2bc4db0183119ee7eb62cdb6227d0f2e628d1366a0f15df1783dab177bcd5b615f1db3550a305e8be1fcc7240d48bce45abe95e31195753f6b545d86f59960d20857fb8e7e626226ef88063bf948dac41442d3b091b5f7b2907cc0fdeadbfcf4bf9da63be7582398f95a73759350f1608814e9c161ee9a1871984330b9cb921d298d7964d86a76833611f1135dd0d470292a40511f9cafd7af300a3092cba5cfa11f202c63dac4fd3232c8acbde88c6f67b99fe14e48796be618433e9d93062ddc19fb6d24bb53111fa138459d1009a6262993e53ca530c90eedda5e4388cc56ecb92e9cfd47bae72884a02a37a4532391ad26830e87f8f40fdf9575bac77e0d553fb5669b8c51e4f19e6c89c83ecdddf2223b6c2848186e4804ded8e4ba28702850ebf2d4f0310f1a7602d6a376186d02296fbbe319eebbabcd357c662851cb7db0d083bf2adb3110cdcd8816d0c6b99b6672d28e8c7fb4d8697d1b583eb03c809a113fe3d6449e24a4e3ff93d95fc2163b9104e99816aff48dc41e912512126118aa00de8cd2005a9420bba41a6b9cacd3e22c49310814f117f11e39d70232d0d4041e4a4193678819164ff6e2955c58a3d8d9aa2642a3a40bff0072a2129464151b2aa6bb38ed6624bfcfe15056a7049ad8b95be5bec22a2e72201d2ed1f468b3bba72d21ea79b90430786d37145f699e9e518a1191c3380be10af0843ff326aa415c48eef995bcc06e149e90c1827f029ffd9ebf7dd02e6ed11b6638148b902d43298359b0ba0745369c25f1bf70003f41bcd3e067d2330af133148537e44edfd21200535ce48d26fb1ba89020c1ea194e7b3b5593f895c17826a054df54aa2b05ed2a27fe25e39950ee85acd39bc6ab523fc65209ca3eb9b9ba0aa262ac4126165e92f7e50d4b1828e8e629ecacfee9b825e544e77664b580fd3a4b79683a569522ba9664678d1ea909e02099711cb382237b7d12f13b839c0e470b2d51a6b3f5d053b5c496fce83f1956d9961cfc75d9f200710be2c198fe66dac6fe7d2204377f9e073b52a488616ec7ecb2e4304ef211696f3d3bbbfe881ff1a2c0bdada93ca2856d2f954134790b9948fc901134b90a69d20bef55e0ded2fcf96c688f6a931141bb9557014aa8174de2ec4fcfbc86af78a2d0dea9096960962e98e20f2fbf58befe9b9edc152351e42bb37bc5b3a0095278d32640c073d98d9a14976373d92f3244c467daf7b2ed75e8e509b3b61e04c3fde0d57adfba16cddea6975f5549ad6192a9b023048af07e6d5ad8b569f9b7c691676b0d2eda21dc3b1f393657667de87f14e928aa47b0f8795c2e84cb3bd518c950fe008bdab9a8d8ccf89dc1adf78e8df083ef97fb81e5d07ce83280dbfd59c64fff72dd8e9b1b7c9befe7824f010f9fd8372c1467b79ef4b813d4a346ed51ee680d74a731884d28f9d6585fab3b7df7a7274259f22abd1c96dd1a5566d34d280012af856ab10a74114a48c1efc15e016b6f8ca91005d974281743237803ced6bf222cc731288e5f3132411a6a29ff8720ccbacd00d7591235510f052a316db7a188811771c4045ff80b482b0a55268cba4de9cb73567b8912b96d1bbbfd0127a1f43d1244ff4a17fd632a010451a733385822ce6edfda98893580768d9767e42945968dbfae37fef5b1e654f0957163c2394eabbdf59d14e0a7f93e64588dc79c14e8f366239b005da1dade4d436c8f7ce53c7d8eff4b8a3cf8f82ba720392ec425a8748f38736b604505a8dd46c477c166b4db31b35bd42d8d664254569228037298c5c8b6a0d3026314131f49008fb631ab8cc9b08dc0dbef9d24e7c71fe5fba4390c2a8340eb5b0d2e9b8f86dace440eb2e721704041e3befacf7508670c9e26c33ad0be96bd8b9d0c822a25f701ca69e7a1ae532de08e610c4412cb0c46e14c9f140c089b6276237d4a7ce0210dff020f6cbf7df9fa4b856862723f124623d770c5f05a3a86dbfebad71af55a574828a4d301a7d67f4bfc991266117406bfc695b3dff2c179aaab05afb35478507a6223e91d7bd4fe3f74fe96d88f6210fe33751a64f1245a9ba11bb78d4ef238c475b64a21d21eaf64962f6f6c7a04855443684268451f8177493c2b56f24b35ebebeecd07c188f0bc4f8ca6fb07102404208ec330166c49c86b5924135fc8f4ccbe04be1fe4dd5f81df3101e7ae233136c760d594b96ca7577a393f1951778b76bb16fef91b018f594897368fc0de6c5a52fddd9a54dfb650a68e982607b6e36783d5268f17571e1bf3bb15fa706ad0043403f7cfa3ddcf18c0fda1819510b3eed675626f93c9e8f419f25f0f53e6bfed867bb7bcbeb8ae50fd6c066623751c197814061d4a2c00a478a7c120c4ef2ad0851c0fbd50d3cba2739d5ecb1be16e6bc4c75792d56d7c000b62ab236b5c5c4db8ad7edec232b2afe95d85c8e064a5c9f6d5308620fcf9ff922f5df74332d8bff719d3aa03ecdf3eec02db5dc4ea6760379fda5dae5cf9ff922f5df74332d8bff719d3aa03ecdf3eec02db5dc4ea6760379fda5dae506c7369d042f41d4b180606e671693360b5039d5adbc66ce7023f8fca51fe77c12c0a752512a2fa449962c8ad6485bcf18b77b25d1ca510f617d22acd541bd3676a9757ad897490efcbb2930e4df2c4825e357fd837b0b4edb593dbfb929c890c0a551e468e51ab954609f7cba8d90a690592424021dd4172b6d503f61f16f2aa92fabdc037c07a783b49c983c0142ab4a316c8df0e292011a3681385e7237a53eb5369b4b5d7c7ff5230ccd2066f1a81491f65a2e8aa494b86c4b031252dee450ea672e2974dfb23a0ba943c154b168d873da4fe620a591b7dd1bca4b50e680add3e1d9b2ecf4ef4719a9375251264af81ac483191bb175bb6cc2e153186446c7127517747c8abe8eb960a551365032e12e45ce5563c3360cdc656044b14aa33631915eae3490f530f777479e38e575bd1c47af45e5b4fc705f6e2cbb27172f2ad9e16472f2fd41d9b935a51124bd23255942bb31b87baa5032abaea63464b6ea65f1cdc177d6f795bb05121406736c81ff2f1f260b70a88ea1215ece86f5b93f44dd6a18a2642f15dbfa4bbd9996afcf754ee21f219cfecd9769b10165e815302e6af00d997abd1c007293c1c5dd39394f2d26646cefd3daa55d03baee41680615045b43a6f34d23521e5ca1dcbc98d96417a751822c79b88cb8cc439fe6b1b875119b844110b22040cf493903a8ecfdf22a140891e9a1395b8d707117ae20579aaa2cd24c8086d371fa5c1dd21aabf5a38581a43048414c49f9f1f7b442e64ed17e39efb4a8119815dff22e6d0c0ad06d759a86b1ccb8c500dbc2fb0b3edba89bf354cde01ee2fb2aef1f7a42fc208e9dc394dfc29c5ddb81070ff23342f624e88638c27fc73a75517c56acf621471ebf09c3106f64394b915bab1f82ddf98dcc538be9ca147cdefe2a8aebc2fc112206782be0463bc7b56b59f25e0e03103c128651d6800935396d82ea8d9ba8fbdcc21fbcb2143b53f137396e1c3cbe0de9bcfa5cd19bd9c7efa18b4881572e613c971c7ebb4a5c4f02c8d16d7994624295e9a149ba17b04192f87ca8f461a7341279d6d29a0c34a416132ee9809885539e952420b13295663dcddbca6542a3b15c466d07b06c4c1d4bcb3193e25c95f14529d88798349598e5c3587571198018972af5ab12521f15154755a25f194ed19cedca96c1d21d92fae176079aaefb1030734ac05db2244b2e9b4d3f5627c569615119b8ff1b7e2aaf71c62ff67847d3c8a8f477521b749c4e07f9a7bbb478b733c5a7012b950463249e9c306824d1bb4f38a7437a7b2c1576a1467880650d02973a903a028483a52502c3421baf32b2bf06df249be5c07ec6169cfcf5e9e059b52718c89b2a31f7067eb143d505d7de1bf9325ed759018eb9f78de3c03a8b78fbfbcbc0f9cc6ff1a2608a5cfd2361e19bfbb42d470ab38205b89f1a492cc3949e080a63a9abc97ce080a0a43c3a2706f4a4b0a45a7ccfd782962e230511068e48f019236073cd43b84ba5191117707b2ffe29d5662f1a3db751fd3d202beba4296d6b3350a09b98e8155712e397065a758fca33a8f742b8ffdc6644ea899aaeb23436e690ddba82f337aa0e605fa2e9602a48920dc557838f611467178c2da9473b18cb2dd09bba11700177c4c1f78d050403e9b6ae3a3afea5e5c3e8aa40f08fee2e03fc6b368c57fed43874ca64dd0d3ea495c1be3968adb5f355ce2ac4a2e65c7c6e3b910b3fa131f12565b9bb1b200a0491a74e09a50a169b4ce8cb46cf1ee17f559410830a74bcda186e544e50aad24d52353072ba67d3744e87a5da9ba8e978995d78535f862b96ba2d46576a8ef0f9fedf761c1a3cc98f365e76e647bff739951fd551d2826dc6cad3bfbb767db18c4b80feb1c8cf5eecd16f4d03e183072bfc4b441c6355b69dc7200436daf39be2d3e01d8957a3206a5781a6cce023203dfed04846ed6cb2dd23b7f8dd879084c267e9b3f9aec297c69c11bf56086088e06d4dda57bd3ff3408d7cee78fb9ba89c273f6647013b3801039f5cc0fa06aabdc85825ed9d073031c5ce8a1cc44a2ab7d0463d2cd3c0f4478040801bd5de8903f4452cae0ba5c70c22c8f6bdd6c589f63bd7a904e7869db9cc8ce162eca1bf811f96179634a94f7a2e855206161bfeb34718ed81e00af747d86afdfa5be3a04377a06261211b9526160f29621a4d98efd74aad74c8673267d6bbed65bd73c9501197d9f714ef980c3dcafd5d367e29ac91a087cfbcbeb58f1bf778a7f9da06c32217565ac9e93d691431ecd8723e0bf5f88132e607ce048eddf43552e76461074eab17a8248b5392791c54e752097c91a40d5506cf436124471e622aa36b1a54dc7d363ee6f158e7674ecf53f1acc71f759a420397820e7a07e914c1f7bca267ec2a3f11ff73810482162a4b096b9fb57dce4ecb1a5c88414eb44c42b122287b5b0d119a4c8e1e0c31b2d2067e8cfce481dab413b8114adeedb4d2e6a3655713755ac205b888a8047eb1e04e06a72505b27d86e904911767c59b13dea1dd968944a0b745d2b4d405218e9af9018418c3cd1dc30016b10f99ace3357f307f8cce88e83e008d42ef57acdd29a6f741a7d42be777b951b11bde58a75d4112fe8e770f2abf3cd7772d1ab298b73efbe9e92b2cb03380aadc0f1798749cea8d68282df5de4adde2de334f568a7514e3b32fa4467212bde04c41790afe9b82a22d3d973baaf012b4c7aec079b417ea7851f89daac48069a824b9a665b653d564e65c7c6e3b910b3fa131f12565b9bb1b200a0491a74e09a50a169b4ce8cb46cf360308d57a23d8e3159088bd528c14d2231870549d27e28ef814a6bbccd890cfc75ee98d76e7ba9b49b2941e5db0c9655b261deed9e6215bf43851a54dd8feb9399fa1d276d9b336bf42890d530aacc70dbefcc9a3f6c1c098df056cc8f8f841../../ssl/certs../sbin/sendmail../sbin/sendmail../../lib64/libpostfix-dns.so../../lib64/libpostfix-global.so../../lib64/libpostfix-master.so../../lib64/libpostfix-tls.so../../lib64/libpostfix-util.so../sbin/sendmailservicespool/mailrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpostfixrootrootrootpostfixpostfixpostfixpostfixpostfixpostfixpostfixpostfixpostfixrootpostfixpostfixpostfixpostfixrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmaildroprootrootrootmaildroprootrootmaildroprootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootmaildroprootrootmaildroprootrootpostfix-bdb-3.8.4-150600.3.3.1.src.rpmconfig(postfix-bdb)group(maildrop)group(postfix)libpostfix-dns.so()(64bit)libpostfix-global.so()(64bit)libpostfix-master.so()(64bit)libpostfix-tls.so()(64bit)libpostfix-util.so()(64bit)postfix-bdbpostfix-bdb(s390-64)smtp_daemonuser(postfix)@ !@@@@@@@@@@@@@@@@@@@@@@@@@@@      /bin/bash/bin/sh/bin/sh/bin/sh/bin/sh/bin/sh/bin/shconfig(postfix-bdb)coreutilsdiffutilsededededfillupgrepgroup(mail)iproute2libc.so.6()(64bit)libc.so.6(GLIBC_2.11)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcrypto.so.3()(64bit)libcrypto.so.3(OPENSSL_3.0.0)(64bit)libdb-4.8.so()(64bit)libicuuc.so.suse65.1()(64bit)libnsl.so.2()(64bit)libnsl.so.2(LIBNSL_1.0)(64bit)libpcre2-8.so.0()(64bit)libpostfix-dns.so()(64bit)libpostfix-global.so()(64bit)libpostfix-master.so()(64bit)libpostfix-tls.so()(64bit)libpostfix-util.so()(64bit)libsasl2.so.3()(64bit)libssl.so.3()(64bit)libssl.so.3(OPENSSL_3.0.0)(64bit)perlperlperlperlpermissionspermissionsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PartialHardlinkSets)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)sysuser-shadowuser(nobody)3.8.4-150600.3.3.13.0.4-14.6.0-14.0.4-14.0-15.2-13.2eximpostfixsendmail4.14.3 /usr/bin/chkstat -n --warn --system -e /usr/sbin/postdrop 1>&2 /usr/bin/chkstat -n --warn --system -e /usr/sbin/postlog 1>&2 /usr/bin/chkstat -n --warn --system -e /usr/sbin/postqueue 1>&2 /usr/bin/chkstat -n --warn --system -e /etc/postfix/sasl_passwd 1>&2 /usr/bin/chkstat -n --warn --system -e /usr/sbin/sendmail 1>&2fGFf3@ec@ez@eDe6`@e;dhdd>@c@c@ccr-cBc6@bbbzSbq@bobf@b]RbJbBb4t@b/.@baa@araraqV@a^@a'@a$@a ``R@``E`"@`̊`D``r`!@`t6@`H`B@`3@`U`__@_@_@__j___L@_D@_?@_/@_p@_A@^^^b^'@^>@^=@^ku^=Q@^:@^8 @]e@]@]b@]m]M`@]:@]9]4S]]^@]@\@\\\@\~d\}@\zp@\y\\\LK\I[[=@[ͻ[[[[ZZUZZkZ@Z)-@Z@ZY@Y@YMY@Y@YY@YyYC@XQ@Xh@XX@XO@XO@X7@XM@Xv@Xk@X9y@X)@X lW1@W WPWJWDB@WDB@WVVVV@VhVU5@U@U@UUlI@UXU6;U3Tء@TOT@TTT@To)@TeTN3TD@varkoly@suse.comvarkoly@suse.comdmueller@suse.comsuse+build@de-korte.orgsuse+build@de-korte.orgvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comsuse+build@de-korte.orgsuse+build@de-korte.orgotto.hollmann@suse.comvarkoly@suse.comkukuk@suse.comvarkoly@suse.commichael@stroeder.comlnussel@suse.dechris@computersalat.dechris@computersalat.dechris@computersalat.dechris@computersalat.dedimstar@opensuse.orgmrueckert@suse.demichael@stroeder.comvarkoly@suse.comilya@ilya.cfmichael@stroeder.comvarkoly@suse.comvarkoly@suse.commichael@stroeder.commichael@stroeder.comopensuse@dstoecker.dejsegitz@suse.comjsegitz@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comchris@computersalat.devarkoly@suse.commichael@stroeder.comvarkoly@suse.comchris@computersalat.dechris@computersalat.degmbr3@opensuse.orgmichael@stroeder.comchris@computersalat.demrueckert@suse.devarkoly@suse.commichael@stroeder.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.comvarkoly@suse.cominfo@paolostivanin.comsuse+build@de-korte.orgvarkoly@suse.comsuse+build@de-korte.orgsuse+build@de-korte.orgsuse+build@de-korte.orgvarkoly@suse.comvarkoly@suse.commichael@stroeder.commichael@stroeder.comkukuk@suse.comkukuk@suse.comsuse+build@de-korte.orgmichael@stroeder.comsuse+build@de-korte.orgkukuk@suse.commichael@stroeder.commichael@stroeder.commichael@stroeder.comsuse+build@de-korte.orgmichael@stroeder.commichael@stroeder.comvarkoly@suse.comvarkoly@suse.commichael@stroeder.commichael@stroeder.commliska@suse.czmichael@stroeder.comvarkoly@suse.comchris@computersalat.devarkoly@suse.commatthias.gerstner@suse.comchris@computersalat.demichael@stroeder.comvarkoly@suse.comdimstar@opensuse.orgtchvatal@suse.comvarkoly@suse.commichael@stroeder.comvarkoly@suse.comjslaby@suse.commrueckert@suse.demichael@stroeder.commax@suse.comchris@computersalat.dechris@computersalat.demalte.kraus@suse.commichael@stroeder.comchris@computersalat.dechris@computersalat.devarkoly@suse.comtchvatal@suse.comvarkoly@suse.commichael@stroeder.comlnussel@suse.deadam.majer@suse.devarkoly@suse.comilya@ilya.pp.uavarkoly@suse.comdimstar@opensuse.orgrbrown@suse.comkukuk@suse.demichael@stroeder.comvarkoly@suse.comchris@computersalat.devarkoly@suse.comvarkoly@suse.commichael@stroeder.comkukuk@suse.devarkoly@suse.commichael@stroeder.comchris@computersalat.dewerner@suse.dechris@computersalat.dekukuk@suse.demrueckert@suse.dewr@rosenauer.orgkukuk@suse.comchris@computersalat.devarkoly@suse.comvarkoly@suse.comchris@computersalat.dechris@computersalat.dechris@computersalat.demichael@stroeder.commichael@stroeder.comschwab@suse.dechris@computersalat.devarkoly@suse.comvarkoly@suse.comopensuse@dstoecker.demrueckert@suse.demrueckert@suse.demrueckert@suse.devarkoly@suse.comvarkoly@suse.commichael@stroeder.comjkeil@suse.demeissner@suse.commeissner@suse.commichael@stroeder.comcrrodriguez@opensuse.orgmpluskal@suse.commrueckert@suse.demrueckert@suse.demichael@stroeder.comvarkoly@suse.comvarkoly@suse.commpluskal@suse.comvarkoly@suse.comvarkoly@suse.comtchvatal@suse.comdimstar@opensuse.orgdmueller@suse.commichael@stroeder.com- config.postfix needs updating (bsc#1224207) * chkconfig -> systemctl * Link Cyrus lmtp only if this exsists * /usr/lib64/sasl2 does not need to exist * Fetch timezone via readlink from /etc/localtime- Set inet_interfaces to loopback-only instead of localhost as proposed in man 5 postconf. (bsc#1223264)- update default configuration to enable the long-term fix for bsc#1218304, bsc#1218314 CVE-2023-51764, SMTP smuggling attack: * smtpd_forbid_bare_newline = yes * smtpd_forbid_bare_newline_exclusions = $mynetworks- update to 3.8.4 * Security: this release adds support to defend against an email spoofing attack (SMTP smuggling) on recipients at a Postfix server. For background, see https://www.postfix.org/smtp-smuggling.html.- update to 3.8.3 * Bugfix (defect introduced Postfix 2.5, date 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler. * Usability: the Postfix SMTP server (finally) attempts to log the SASL username after authentication failure. In Postfix logging, this appends ", sasl_username=xxx" after the reason for SASL authentication failure. The logging replaces an unavailable reason with "(reason unavailable)", and replaces an unavailable sasl_username with "(unavailable)". Based on code by Jozsef Kadlecsik. * Compatibility bugfix (defect introduced: Postfix 2.11, date 20130405): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. The compatibility fix is to use a configured recipient delimiter value instead. Reported by Tod A. Sandman.- Syntax error in update_postmaps script (bsc#1216061)- postfix: config.postfix causes too tight permission on main.cf (bsc#1215372)- CVE-2023-32182: postfix: config_postfix SUSE specific script potentially bad /tmp file usage (bsc#1211196) Use temp file created by mktemp- update to 3.8.1 * Optional: harden a Postfix SMTP server against remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. With "smtpd_forbid_unauth_pipelining = yes", the server disconnects a client immediately, after responding with "554 5.5.0 Error: SMTP protocol synchronization" and after logging "improper command pipelining" with the unexpected remote SMTP client input. This feature is disabled by default in Postfix 3.5-3.8 to avoid breaking home-grown utilities, but it is enabled by default in Postfix 3.9. A similar feature is enabled by default in the Exim SMTP server. * Optional: some OS distributions crank up TLS security to 11, and in doing so increase the number of plaintext email deliveries. This introduces basic OpenSSL configuration file support that may be used to override OS-level settings. Details are in the postconf(5) manpage under tls_config_file and tls_config_name. * Bugfix (defect introduced: Postfix 1.0): the command "postconf .. name=v1 .. name=v2 .." (multiple instances of the same parameter name) created multiple main.cf name=value entries with the same parameter name. It now logs a warning and skips the earlier name(s) and value(s). Found during code maintenance. * Bugfix (defect introduced: Postfix 3.3): the command "postconf - M name1/type1='name2 type2 ...'" died with a segmentation violation when the request matched multiple master.cf entries. The master.cf file was not damaged. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 2.11): the command "postconf - M name1/type1='name2 type2 ...'" could add a service definition to master.cf that conflicted with an already existing service definition. It now replaces all existing service definitions that match the service pattern 'name1/type1' or the service name and type in 'name2 type2 ...' with a single service definition 'name2 type2 ...'. Problem reported by SATOH Fumiyasu. * Bugfix (defect introduced: Postfix 3.8) the posttls-finger command could access uninitialized memory when reconnecting. This also fixes a malformed warning message when a destination contains ":service" information. Reported by Thomas Korbar. * Bugfix (defect introduced: Postfix 3.2): the MySQL client could return "not found" instead of "error" (for example, resulting in a 5XX SMTP status instead of 4XX) during the time that all MySQL server connections were turned down after error. Found during code maintenance. File: global/dict_mysql.c. This was already fixed in Postfix 3.4-3.7.- update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. - rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch- update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. * Rebased postfix-linux45.patch- SELinux: postfix denied to access /var/spool/postfix/pid/master.pid (bsc#1207177) Apply proposed changes in postfix.service - remove patch included into the source: harden_postfix.service.patch- Disable NIS support on Factory (deprecated and will be removed)- postfix default main.cf myhostname default causes conflict (bsc#1192173) Use the postfix build in defaults for myhostname and mydestination- update to 3.7.3 * Fixed a bug where some messages were not delivered after "warning: Unexpected record type 'X'. (bsc#1213515) * Workaround: in a TLS server disable Postfix's 1-element internal session cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) introduced a missing msg_panic() argument (in code that never executes). * Code health: Postfix 3.3.0 introduced an uninitialized verify_append() request status in case of a null original recipient address. * Postfix 3.5.0 introduced debug logging noise in map_search_create().- own /var/spool/mail (boo#1179574)- use correct source signature file (gpg2)- update to 3.7.2 https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES - rebase patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-main.cf.patch * postfix-master.cf.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch * postfix-vda-v14-3.0.3.patch * set-default-db-type.patch - build against libpcre2- remove *.swp from postfix-SUSE.tar.gz- fix config.postfix 'hash' leftover with relay_recipients - update postfix-main.cf.patch about * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls) * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls) - rebase/refresh patches * harden_postfix.service.patch * postfix-avoid-infinit-loop-if-no-permission.patch * postfix-master.cf.patch * postfix-vda-v14-3.0.3.patch * set-default-db-type.patch- Change ed requires to /usr/bin/ed: allow busybox-ed to be used inside containers.- add missing requires for config.postfix and the postfix postinstall script: perl and ed- update to 3.6.6 * (problem introduced: Postfix 2.7) The milter_header_checks maps are now opened before the cleanup(8) server enters the chroot jail. * In an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error, just like a failure to connect. * The proxy_read_maps default value was missing up to 27 parameter names. The corresponding lookup tables were not automatically authorized for use with the proxymap(8) service. The parameter names were ending in _checks, _reply_footer, _reply_filter, _command_filter, and _delivery_status_filter. * (problem introduced: Postfix 3.0) With dynamic map loading enabled, an attempt to create a map with "postmap regexp:path" would result in a bogus error message "Is the postfix-regexp package installed?" instead of "unsupported map type for this operation". This happened with all non-dynamic map types (static, cidr, etc.) that have no 'bulk create' support.- config.postfix fails to set smtp_tls_security_level (bsc#1192314)- Refreshed spec-file via spec-cleaner and manual optimizated. * Added -p flag to all install commands. * Removed -f flag from all ln commands. - Changed file harden_postfix.service.patch (boo#1191988).- update to 3.6.5 * Glibc 2.34 implements closefrom(). This was causing a conflict with Postfix's implementation for systems that have no closefrom() implementation. * Support for Berkeley DB version 18. - removed obsolete postfix-3.6.2-glibc-234-build-fix.patch- Postfix on start don't run postalias /etc/postfix/aliases (error open database /etc/postfix/aliases.lmdb). (bsc#1197041) Apply proposed patch- config.postfix can't handle symlink'd /etc/resolv.cof (bsc#1195019) Adapt proposed change: using "cp -afL" by copying.- Update to 3.6.4 * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient entries in postconf output. This was caused by an incomplete fix to send SMTP session transcripts to $bounce_notice_recipient. * Bug introduced in Postfix 3.0: the proxymap daemon did not automatically authorize proxied maps inside pipemap (example: pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. * Bug introduced in Postfix 2.5: off-by-one error while writing a string terminator. This code passed all memory corruption tests, presumably because it wrote over an alignment padding byte, or over an adjacent character byte that was never read. * The proxymap daemon did not automatically authorize map features added after Postfix 3.3, caused by missing *_maps parameter names in the proxy_read_maps default value. Found during code maintenance.- Update to 3.6.3 * (problem introduced in Postfix 2.4, released in 2007): queue file corruption after a Milter (for example, MIMEDefang) made a request to replace the message body with a copy of that message body plus additional text (for example, a SpamAssassin report). * (problem introduced in Postfix 2.10, released in 2012): The postconf "-x" option could produce incorrect output, because multiple functions were implicitly sharing a buffer for intermediate results. Problem report by raf, root cause analysis by Viktor Dukhovni. * (problem introduced in Postfix 2.11, released in 2013): The check_ccert_access feature worked as expected, but produced a spurious warning when Postfix was built without SASL support. Fix by Brad Barden. * Fix for a compiler warning due to a missing 'const' qualifier when compiling Postfix with OpenSSL 3. Depending on compiler settings this could cause the build to fail. * The known_tcp_ports settings had no effect. It also wasn't fully implemented. Problem report by Peter. * Fix for missing space between a hostname and warning text.- Ensure postfix can write to home directory or server side filtering wont work (sieve)- Ensure service can write to /etc/postfix- Added hardening to systemd service (bsc#1181400). Added harden_postfix.service.patch- config.postfix not updatet after lmdb switch (bsc#1190945) Adapt config.postfix- postfix master.cf: to include "submissions" service (bsc#1189684) Adapt master.cf patch- postfix fails with glibc 2.34 Define HAS_CLOSEFROM (bsc#1189101) add patch - postfix-3.6.2-glibc-234-build-fix.patch- fix config.postfix (follow up of bsc#1188477)- Syntax error in config.postfix (bsc#1188477)- Update to 3.6.2 * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal error in the compatibility_level parser, because there was no 'errno = 0' statement before an strtol() call. * (problem introduced in Postfix 3.3) "Null pointer read" error in the cleanup daemon when "header_from_format = standard" (the default as of Postfix 3.3), and email was submitted with /usr/sbin/sendmail without From: header, and an all-space full name was specified in 1) the password file, 2) with "sendmail - F", or 3) with the NAME environment variable. Found by Renaud Metrich. * (problem introduced in Postfix 2.4) False "too many reverse jump" warnings in the showq daemon, because loop detection code was comparing memory addresses instead of queue file names. Reported by Mehmet Avcioglu. * (problem introduced in 1999) The Postfix SMTP server was sending all session transcripts to the error_notice_recipient (default: postmaster), instead of sending transcripts of bounced mail to the bounce_notice_recipient (default: postmaster). Reported by Hans van Zijst. * The texthash: map implementation broke tls_server_sni_maps, because it did not support multi-file inputs. Reported by Christopher Gurnee, who also found an instance of the missing code in the "postmap -F" source code. File: util/dict_thash.c.- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist (bsc#1066854)- postfix-SUSE * rework sysconfig.postfix, add - POSTFIX_WITH_DKIM - POSTFIX_DKIM_CONN * rework config.postfix for main.cf - with_dkim - update postfix-main.cf.patch * add OpenDKIM settings- postfix-mysql * add mysql_relay_recipient_maps.cf - postfix-SUSE * rework sysconfig.postfix, add - POSTFIX_RELAY_RECIPIENTS - POSTFIX_BACKUPMX * add relay_recipients * rework config.postfix for main.cf - is_backupmx - relay_recipient_maps- Add now working CONFIG parameter to sysusers generator - Remove unnecessary group line from postfix-vmail-user.conf- Update to 3.6.1 * Bugfix (introduced: Postfix 2.11): the command "postmap lmdb:/file/name" (create LMDB database from textfile) handled duplicate input keys ungracefully, discarding entries stored up to and including the duplicate key, and causing a double free() call with lmdb versions 0.9.17 and later. Reported by Adi Prasaja; double free() root cause analysis by Howard Chu. * Typo (introduced: Postfix 3.4): silent_discard should be silent-discard in BDAT_README.- fix postfix-master.cf.patch * set correct indentation (again) for options of - submission (needs 3 spaces) - smtps (needs 4 spaces) to make config.postfix work nicely again- Update to 3.6.0 - Major changes - internal protocol identification Internal protocols have changed. You need to "postfix stop" before updating, or before backing out to an earlier release, otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen) may fail to communicate with the rest of Postfix, causing mail delivery delays until Postfix is restarted. For more see /usr/share/doc/packages/postfix/RELEASE_NOTES - refreshed patches to apply cleanly again: fix-postfix-script.patch ipv6_disabled.patch pointer_to_literals.patch postfix-linux45.patch postfix-main.cf.patch postfix-master.cf.patch postfix-no-md5.patch postfix-ssl-release-buffers.patch postfix-vda-v14-3.0.3.patch set-default-db-type.patch- (bsc#1186669) - postfix.service has "Requires=var-run.mount" Remove bad requirements- Update to 3.5.10 with security fixes: * Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. * Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in main.cf or master.cf. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni. * Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. * Missing null pointer check (introduced: Postfix alpha) after null argv[0] value.- (bsc#1183305) - config.postfix uses db as suffix for postmaps Depending on DEF_DB_TYPE uses lmdb or db- (bsc#1182833) - /usr/share/fillup-templates/sysconfig.postfix still refers to /etc/services Use getent to detect if smtps is already defined.- (bsc#1180473) [Build 20201230] postfix has invalid default config (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt - postfix broken: "queue file write error" and "error: unsupported dictionary type: hash" Export DEF_DB_TYPE before starting the perl script.- bsc#1180473 - [Build 20201230] postfix has invalid default config Fixing config.postfix and sysconfig.postfix- Update to 3.5.9 * improves the reporting of DNSSEC problems that may affect DANE security- Only do the conversion from the hash/btree databases to lmdb when the default database type changes from hash to lmdb and do not stop and start the service (the old compiled databases can live together with the new ones) - convert-bdb-to-lmdb.sh - Clean up the specfile * Remove < 1330 conditional builds * Use generated postfix-files instead of the obsolete one from postfix-SUSE.tar.gz * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon (de)installation of optional mysql, pgsql and ldap subpackages * Use default location for post-install, postfix-tls-script, postfix-wrapper and postmulti-script- Set lmdb to be the default db. - Convert btree tables to lmdb too. Stop postfix before converting from bdb to lmdb - This package is without bdb support. That's why convert must be done without any suse release condition. o remove patch postfix-no-btree.patch o add set-default-db-type.patch- Set database type for address_verify_map and postscreen_cache_map to lmdb (btree requires Berkeley DB) o add postfix-no-btree.patch- Set default database type to lmdb and fix update_postmaps script- Use variable substition instead of sed to remove .db suffix and substitute hash: for lmdb: in /etc/postfix/master.cf as well. Check before substitution if there is something to do (to keep rpmcheck happy).- bsc#1176650 L3: What is regularly triggering the "fillup" command and changing modify-time of /etc/sysconfig/postfix? o Remove miss placed fillup_only call from %verifyscript- Remove Berkeley DB dependency (JIRA#SLE-12191) The pacakges postfix is build without Berkely DB support. lmdb will be used instead of BDB. The pacakges postfix-bdb is build with Berkely DB support. o add patch for main.cf for postfix-bdb package postfix-bdb-main.cf.patch- Update to 3.5.8 * The Postfix SMTP client inserted into message headers longer than $line_length_limit (default: 2048), causing all subsequent header content to become message body content. * The postscreen daemon did not save a copy of the postscreen_dnsbl_reply_map lookup result. This has no effect when the recommended texthash: look table is used, but it could result in stale data with other lookup tables. * After deleting a recipient with a Milter, the Postfix recipient duplicate filter was not updated; the filter suppressed requests to add the recipient back. * Memory leak: the static: maps did not free their casefolding buffer. * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a TLS handshake, after processing an XCLIENT command. * The smtp_sasl_mechanism_filter implementation ignored table lookup errors, treating them as 'not found'. * The code that looks for Delivered-To: headers ignored headers longer than $line_length_limit (default: 2048).- Update to 3.5.7 * Fixed random certificate verification failures with "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using the wrong global TLS context for connections that use DANE or non-DANE trust anchors.- Move ldap into an own sub-package like all other databases - Move manual pages to correct sub-package- Use sysusers.d to create system accounts - Remove wrong %config for systemd directory content- Use the correct signature file for source verification - Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to prevent confusion, as the signature file from upstream with .sig extension is incompatible with the build service)- Update to 3.5.6 with following fixes: * Workaround for unexpected TLS interoperability problems when Postfix runs on OS distributions with system-wide OpenSSL configurations. * Memory leaks in the Postfix TLS library, the largest one involving multiple kBytes per peer certificate.- Add source verification (add postfix.keyring)- Use systemd_ordering instead of systemd_require. - Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] - Drop /var/adm/SuSEconfig from %post, it does nothing. - Rename postfix-SuSE to postfix-SUSE - Delete postfix-SUSE/README.SuSE, company name spelled wrong, completly outdated and not used. - Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name spelled wrong, outdated and not used. - sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, SuSEconfig is gone since ages. - update_chroot.systemd: Remove advice to run SuSEconfig. - Remove rc.postfix, not used, outdated. - mkpostfixcert: Remove advice to run SuSEconfig.- Update to 3.5.4: * The connection_reuse attribute in smtp_tls_policy_maps always resulted in an "invalid attribute name" error. * SMTP over TLS connection reuse always failed for Postfix SMTP client configurations that specify explicit trust anchors (remote SMTP server certificates or public keys). * The Postfix SMTP client's DANE implementation would always send an SNI option with the name in a destination's MX record, even if the MX record pointed to a CNAME record. MX records that point to CNAME records are not conformant with RFC5321, and so are rare. Based on the DANE survey of ~2 million hosts it was found that with the corrected SMTP client behavior, sending SNI with the CNAME-expanded name, the SMTP server would not send a different certificate. This fix should therefore be safe.- Update to 3.5.3: * TLS handshake failure in the Postfix SMTP server during SNI processing, after the server-side TLS engine sent a TLSv1.3 HelloRetryRequest (HRR) to a remote SMTP client. * The command "postfix tls deploy-server-cert" did not handle a missing optional argument. This bug was introduced in Postfix 3.1.- Update to 3.5.2: * A TLS error for a database client caused a false 'lost connection' error for an SMTP over TLS session in the same Postfix process. This bug was introduced with Postfix 2.2. * The same bug existed in the tlsproxy(8) daemon, where a TLS error for one TLS session could cause a false 'lost connection' error for a concurrent TLS session in the same process. This bug was introduced with Postfix 2.8. * The Postfix build now disables DANE support on Linux systems with libc-musl such as Alpine, because libc-musl provides no indication whether DNS responses are authentic. This broke DANE support without a clear explanation. * Due to implementation changes in the ICU library, some Postfix daemons reported file access errrors (U_FILE_ACCESS_ERROR) after chroot(). This was fixed by initializing the ICU library before making the chroot() call. * Minor code changes to silence a compiler that special-cases string literals. * Segfault (null pointer) in the tlsproxy(8) client role when the server role was disabled. This typically happened on systems that do not receive mail, after configuring connection reuse for outbound SMTP over TLS. * The date portion of the maillog_file_rotate_suffix default value used the minute (%M) instead of the month (%m).- boo#1106004 fix incorrect locations for files in postfix-files- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured lookups and DANE mail transport work again - Update to 3.5.1: * Support for the haproxy v2 protocol. The Postfix implementation supports TCP over IPv4 and IPv6, as well as non-proxied connections; the latter are typically used for heartbeat tests. * Support to force-expire email messages. This introduces new postsuper(1) command-line options to request expiration, and additional information in mailq(1) or postqueue(1) output. * The Postfix SMTP and LMTP client support a list of nexthop destinations separated by comma or whitespace. These destinations will be tried in the specified order. * Incompatible changes: * Logging: Postfix daemon processes now log the from= and to= addresses in external (quoted) form in non-debug logging (info, warning, etc.). This means that when an address localpart contains spaces or other special characters, the localpart will be quoted, for example: from=<"name with spaces"@example.com> Specify "info_log_address_format = internal" for backwards compatibility. * Postfix now normalizes IP addresses received with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency with direct connections to Postfix. This may change the appearance of logging, and the way that check_client_access will match subnets of an IPv6 address.- Update to 3.4.10: * Bug (introduced: Postfix 2.3): Postfix Milter client state was not properly reset after one Milter in a multi-Milter configuration failed during MAIL FROM, resulting in a Postfix Milter client panic during the next MAIL FROM command in the same SMTP session.- bsc#1162891 server:mail/postfix: cond_slp bug on TW after moving /etc/services to /usr/etc/services- bsc#1160413 postfix fails with -fno-common- Update to 3.4.9: * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were broken while adding support for negative DNS response caching in postscreen. Postfix was inadvertently changed to call res_query() instead of res_search(). * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro overrides from a Milter application. Postfix now evaluates the Milter macros for an SMTP CONNECT event after the Postfix-to-Milter connection is negotiated. * Bug (introduced: Postfix 3.0): sanitize (remote) server responses before storing them in the verify database, to avoid Postfix warnings about malformed UTF8. Found during code maintenance.- Update to 3.4.8: * Fix for an Exim interoperability problem when postscreen after-220 checks are enabled. Bug introduced in Postfix 3.4: the code that detected "PIPELINING after BDAT" looked at the wrong variable. The warning now says "BDAT without valid RCPT", and the error is no longer treated as a command PIPELINING error, thus allowing mail to be delivered. Meanwhile, Exim has been fixed to stop sending BDAT commands when postscreen rejects all RCPT commands. * Usability bug, introduced in Postfix 3.4: the parser for key/certificate chain files rejected inputs that contain an EC PARAMETERS object. While this is technically correct (the documentation says what types are allowed) this is surprising behavior because the legacy cert/key parameters will accept such inputs. For now, the parser skips object types that it does not know about for usability, and logs a warning because ignoring inputs is not kosher. * Bug introduced in Postfix 2.8: don't gratuitously enable all after-220 tests when only one such test is enabled. This made selective tests impossible with 'good' clients. This will be fixed in older Postfix versions at some later time.- Backport deprecated-RES_INSECURE1.patch in order to fix boo#1149705.- Update to 3.4.7: * Robustness: the tlsproxy(8) daemon could go into a loop, logging a flood of error messages. Problem reported by Andreas Schulze after enabling SMTP/TLS connection reuse. * Workaround: OpenSSL changed an SSL_Shutdown() non-error result value into an error result value, causing logfile noise. * Configuration: the new 'TLS fast shutdown' parameter name was implemented incorrectly. The documentation said "tls_fast_shutdown_enable", but the code said "tls_fast_shutdown". This was fixed by changing the code, because no-one is expected to override the default. * Performance: workaround for poor TCP loopback performance on LINUX, where getsockopt(..., TCP_MAXSEG, ...) reports a bogus TCP maximal segment size that is 1/2 to 1/3 of the real MSS. To avoid client-side Nagle delays or server-side delayed ACKs caused by multiple smaller-than-MSS writes, Postfix chooses a VSTREAM buffer size that is a small multiple of the reported bogus MSS. This workaround increases the multiplier from 2x to 4x. * Robustness: the Postfix Dovecot client could segfault (null pointer read) or cause an SMTP server assertion to fail when talking to a fake Dovecot server. The Postfix Dovecot client now logs a proper error instead.- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang Break loop if postfix has no permission in spool directory. - add postfix-avoid-infinit-loop-if-no-permission.patch- fix for boo#1144946 mydestination - missing default localhost * update config.postfix- bsc#1142881 - mkpostfixcert from Postfix still uses md- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html- update example POSTFIX_BASIC_SPAM_PREVENTION: permit_mynetworks for * POSTFIX_SMTPD_HELO_RESTRICTIONS * POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS - fix for: Can't connect to local MySQL server through socket '/run/mysql/mysql.sock' * update config.postfix * update update_chroot.systemd- Update to 3.4.6: * Workaround for implementations that hang Postfix while shutting down a TLS session, until Postfix times out. With "tls_fast_shutdown_enable = yes" (the default), Postfix no longer waits for the TLS peer to respond to a TLS 'close' request. This is recommended with TLSv1.0 and later. * Fixed a too-strict censoring filter that broke multiline Milter responses for header/body events. Problem report by Andreas Thienemann. * The code to reset Postfix SMTP server command counts was not called after a HaProxy handshake failure, causing stale numbers to be reported. Problem report by Joseph Ward. * postconf(5) documentation: tlsext_padding is not a tls_ssl_options feature. * smtp(8) documentation: updated the BUGS section text about Postfix support to reuse open TLS connections. * Portability: added "#undef sun" to util/unix_dgram_connect.c.- Ensure that postfix is member of all groups as before.- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini- Drop the omc config fate#301838: * it is obsolete since SLE11- bsc#1104543 config.postfix does not start tlsmgr in master.cf when using POSTFIX_SMTP_TLS_CLIENT="must". Applyed the proposed patch.- Update to 3.4.5: Bugfix (introduced: Postfix 3.0): LMTP connections over UNIX-domain sockets were cached but not reused, due to a cache lookup key mismatch. Therefore, idle cached connections could exhaust LMTP server resources, resulting in two-second pauses between email deliveries. This problem was investigated by Juliana Rodrigueiro. File: smtp/smtp_connect.c.- Update to 3.4.4 o Incompatible changes - The Postfix SMTP server announces CHUNKING (BDAT command) by default. In the unlikely case that this breaks some important remote SMTP client, disable the feature as follows: /etc/postfix/main.cf: [#] The logging alternative: smtpd_discard_ehlo_keywords = chunking [#] The non-logging alternative: smtpd_discard_ehlo_keywords = chunking, silent_discard - This introduces a new master.cf service 'postlog' with type 'unix-dgram' that is used by the new postlogd(8) daemon. Before backing out to an older Postfix version, edit the master.cf file and remove the postlog entry. - Postfix 3.4 drops support for OpenSSL 1.0.1 - To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). By default, a tlsproxy(8) process will retire after several hours. - To set the tlsproxy process limit to zero: postconf -F tlsproxy/unix/process_limit=0 postfix reload o Major changes - Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions, and smtpd_proxy_filter. See BDAT_README for more. - Support for logging to file or stdout, instead of using syslog. - Logging to file solves a usability problem for MacOS, and eliminates multiple problems with systemd-based systems. - Logging to stdout is useful when Postfix runs in a container, as it eliminates a syslogd dependency. - Better handling of undocumented(!) Linux behavior whether or not signals are delivered to a PID=1 process. - Support for (key, list of filenames) in map source text. Currently, this feature is used only by tls_server_sni_maps. - Automatic retirement: dnsblog(8) and tlsproxy(8) process will now voluntarily retire after after max_idle*max_use, or some sane limit if either limit is disabled. Without this, a process could stay busy for days or more. - Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. This feature is enabled with "smtp_tls_connection_reuse=yes" in main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. It supports all Postfix TLS security levels including dane and dane-only. - SNI support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles). See the postconf(5) documentation for the new tls_server_sni_maps and smtp_tls_servername parameters. - Support for files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on. - Support for smtpd_reject_footer_maps (as well as the postscreen variant postscreen_reject_footer_maps) for more informative reject messages. This is indexed with the Postfix SMTP server response text, and overrides the footer specified with smtpd_reject_footer. One will want to use a pcre: or regexp: map with this. o Bugfixes - Andreas Schulze discovered that reject_multi_recipient_bounce was producing false rejects with BDAT commands. This problem already existed with Postfix 2.2 smtpd_end_of_data_restrictons. Postfix 3.4.4 fixes both.- postfix-linux45.patch: support also newer kernels -- pretend we are still at kernel 3. Note that there are no conditionals for LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the code which caused build failures.- skip set -x and fix version update changes entry- Update to 3.3.3 * When the master daemon runs with PID=1 (init mode), it will now reap child processes from non-Postfix code running in the same container, instead of terminating with a panic. * Bugfix (introduced: postfix-2.11): with posttls-finger, connections to unix-domain servers always resulted in "Failed to establish session" even after a connection was established. Jaroslav Skarva. File: posttls-finger/posttls-finger.c. * Bugfix (introduced: Postfix 3.0): with smtputf8_enable=yes, table lookups could casefold the search string when searching a lookup table that does not use fixed-string keys (regexp, pcre, tcp, etc.). Historically, Postfix would not case-fold the search string with such tables. File: util/dict_utf8.c.- PostrgeSQL's pg_config is meant for linking server extensions, use libpq's pkg-config instead, if available. This is needed to fix build with PostgreSQL 11.- rework config.postfix * disable commenting of smtpd_sasl_path/smtpd_sasl_type no need to comment, cause it is set to default anyway and 'uncommenting' would place it at end of file then which is not wanted- rework postfix-main.cf.patch * disable virtual_alias_domains cause (default: $virtual_alias_maps) - rework config.postfix * disable PCONF of virtual_alias_domains virtual_alias_maps will be set anyway to the correct value * extend virtual_alias_maps with - mysql_virtual_alias_domain_maps.cf - mysql_virtual_alias_domain_catchall_maps.cf - rework postfix-mysql, added * mysql_virtual_alias_domain_maps.cf * mysql_virtual_alias_domain_catchall_maps.cf needed for reject_unverified_recipient- binary hardening: link with full RELRO- Update to 3.3.2 * Support for OpenSSL 1.1.1 and TLSv1.3. * Bugfixes: - smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because some lookup table was using "EHLO_MASK_SMTPUTF8" instead. - minor memory leak in DANE support when minting issuer certs. - The Postfix build did not abort if the m4 command was not installed, resulting in a broken postconf command.- add POSTFIX_RELAY_DOMAINS * more flexibility to add to relay_domains without breaking config.postfix * rework restriction examples in sysconf.postfix based on postfix-buch.com (2. edtion by Hildebrandt, Koetter) - disable weak cipher: RC4 after check with https://ssl-tools.net/mailservers- update config.postfix * don't reject mail from authenticated users even if reject_unknown_client_hostname would match, add permit_sasl_authenticated to all restrictions requires smtpd_delay_reject = yes - update postfix-main.cf.patch * recover removed setting smtpd_sasl_path and smtpd_sasl_type, set to default value config.postfix will not 'enable' (remove #) var, but place modified (enabled) var at end of file, far away from place where it should be - rebase patches * fix-postfix-script.patch * postfix-vda-v14-3.0.3.patch * postfix-linux45.patch * postfix-master.cf.patch * pointer_to_literals.patch * postfix-no-md5.patch- bsc#1092939 - Postfixes postconf gives a lot of LDAP related warnings o add m4 as buildrequires, as proposed.- Add zlib-devel as buildrequires, previously included from openssl-devel- bsc#1087471 Unreleased Postfix update breaks SUSE Manager o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty- Update to 3.3.1 * Postfix did not support running as a PID=1 process, which complicated Postfix deployment in containers. The "postfix start-fg" command will now run the Postfix master daemon as a PID=1 process if possible. Thanks for inputs from Andreas Schulze, Eray Aslan, and Viktor Dukhovni. * Segfault in the postconf(1) command after it could not open a Postfix database configuration file due to a file permission error (dereferencing a null pointer). Reported by Andreas Hasenack, fixed by Viktor Dukhovni. * The luser_relay feature became a black hole, when the luser_relay parameter was set to a non-existent local address (i.e. mail disappeared silently). Reported by J?rgen Thomsen. * Missing error propagation in the tlsproxy(8) daemon could result in a segfault after TLS handshake error (dereferencing a 0xffff...ffff pointer). This daemon handles the TLS protocol when a non-whitelisted client sends a STARTTLS command to postscreen(8).- remove pre-requirements on sysvinit(network) and sysvinit(syslog). There seems to be no good reason for that other than blowing up the dependencies (bsc#1092408).- bsc#1071807 postfix-SuSE/config.postfix: only reload postfix if the actual service is running. This prevents spurious and irrelevant error messages in system logs.- bsc#1082514 autoyast: postfix gets not set myhostname properly - set to localhost- Refresh spec-file via spec-cleaner and manual optinizations. * Add %license macro. * Set license to IPL-1.0 OR EPL-2.0. - Update to 3.3.0 * http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.3.0.RELEASE_NOTES * Dual license: in addition to the historical IBM Public License 1.0, Postfix is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. * The postconf command now warns about unknown parameter names in a Postfix database configuration file. As with other unknown parameter names, these warnings can help to find typos early. * Container support: Postfix 3.3 will run in the foreground with "postfix start-fg". This requires that Postfix multi-instance support is disabled (the default). To collect Postfix syslog information on the container's host, mount the host's /dev/log socket into the container, for example with "docker run -v /dev/log:/dev/log ...other options...", and specify a distinct Postfix syslog_name setting in the container (for example with "postconf syslog_name=the-name-here"). * Milter support: applications can now send RET and ENVID parameters in SMFIR_CHGFROM (change envelope sender) requests. * Postfix-generated From: headers with 'full name' information are now formatted as "From: name
" by default. Specify "header_from_format = obsolete" to get the earlier form "From: address (name)". * Interoperability: when Postfix IPv6 and IPv4 support are both enabled, the Postfix SMTP client will now relax MX preferences and attempt to schedule similar numbers of IPv4 and IPv6 addresses. This works around mail delivery problems when a destination announces lots of primary MX addresses on IPv6, but is reachable only over IPv4 (or vice versa). The new behavior is controlled with the smtp_balance_mx_inet_protocols parameter. * Compatibility safety net: with compatibility_level < 1, the Postfix SMTP server now warns for mail that would be blocked by the Postfix 2.10 smtpd_relay_restrictions feature, without blocking that mail. There still is a steady trickle of sites that upgrade from an earlier Postfix version.- bsc#1065411 Package postfix should require package system-user-nobody - bsc#1080772 postfix smtpd throttle getting "hello" if no sasl auth was configured- Fix usage of fillup_only:-y is not a valid option to this macro.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- Don't mark postfix.service as config file, this is no config file. - Some of the Requires(pre) are needed for post-install and at runtime, fix the requires.- update to 3.2.4 * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS records associated with an intermediate CA certificate. Problem report and initial fix by Erwan Legrand. * Missing dynamicmaps support in the Postfix sendmail command. This broke authorized_submit_users settings that use a dynamically-loaded map type. Problem reported by Ulrich Zehl.- bnc#1059512 L3: Postfix Problem The applied changes breaks existing postfix configurations because daemon_directory was not adapted to the new value.- fix build for SLE * nothing provides libnsl-devel * add bcond_with libnsl- bnc#1059512 L3: Postfix Problem To manage multiple Postfix instances on a single host requires that daemon_directory and shlib_directory is different to avoid use of the shared directories also as per-instance directories. For this reason daemon_directory was set to /usr/lib/postfix/bin/. shlib_directory stands /usr/lib/postfix/.- bnc#1016491 postfix raported to log "warning: group or other writable:" on each symlink in config. * Add fix-postfix-script.patch- update to 3.2.3 * Extension propagation was broken with "recipient_delimiter = .". This change reverts a change that was trying to be too clever. * The postqueue command would abort with a panic message after it experienced an output write error while listing the mail queue. This change restores a write error check that was lost with the Postfix 3.2 rewrite of the vbuf_print formatter. * Restored sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter.- Add libnsl-devel build requires for glibc obsoleting libnsl- bnc#1045264 L3: postmap problem * Applying proposed patch of leen.meyer@ziggo.nl in bnc#771811- update to 3.2.2 * Security: Berkeley DB versions 2 and later try to read settings from a file DB_CONFIG in the current directory. This undocumented feature may introduce undisclosed vulnerabilities resulting in privilege escalation with Postfix set-gid programs (postdrop, postqueue) before they chdir to the Postfix queue directory, and with the postmap and postalias commands depending on whether the user's current directory is writable by other users. This fix does not change Postfix behavior for Berkeley DB versions < 3, but it does reduce postmap and postalias 'create' performance with Berkeley DB versions 3.0 .. 4.6. * The SMTP server receive_override_options were not restored at the end of an SMTP session, after the options were modified by an smtpd_milter_maps setting of "DISABLE". Milter support remained disabled for the life time of the smtpd process. * After the Postfix 3.2 address/domain table lookup overhaul, the check_sender_access and check_recipient_access features ignored a non-default parent_domain_matches_subdomains setting.- revert changes of postfix-main.cf.patch from rev=261 * config.postfix will not 'enable' (remove #) var, but place modified (enabled) var at end of file, far away from place where it should be * keep vars enabled but empty- Some cleanups * Fix SUSE postfix-files to avoid chown errors (anyway this file seems to be obsolete) * Avoid installing shared libraries twice * Refresh patch postfix-linux45.patch- update postfix-master.cf.patch * recover lost (with 3.2.0 update) submission, smtps sections * merge with upstream update - update config.postfix * update master.cf generation for submission - rebase patches against 3.2.0 * pointer_to_literals.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch * postfix-vda-v14-3.0.3.patch- Require system group mail - Use mail group name instead of GID- update to 3.2.0 - [Feature 20170128] Postfix 3.2 fixes the handling of address extensions with email addresses that contain spaces. For example, the virtual_alias_maps, canonical_maps, and smtp_generic_maps features now correctly propagate an address extension from "aa bb+ext"@example.com to "cc dd+ext"@other.example, instead of producing broken output. - [Feature 20161008] "PASS" and "STRIP" actions in header/body_checks. "STRIP" is similar to "IGNORE" but also logs the action, and "PASS" disables header, body, and Milter inspection for the remainder of the message content. Contributed by Hobbit. - [Feature 20160330] The collate.pl script by Viktor Dukhovni for grouping Postfix logfile records into "sessions" based on queue ID and process ID information. It's in the auxiliary/collate directory of the Postfix source tree. - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and negation (by prepending ! to a pattern), just like regexp and pcre tables. The primarily purpose is to improve readability of complex tables. See the cidr_table(5) manpage for syntax details. - [Incompat 20160925] In the Postfix MySQL database client, the default option_group value has changed to "client", to enable reading of "client" option group settings in the MySQL options file. This fixes a "not found" problem with Postfix queries that contain UTF8-encoded non-ASCII text. Specify an empty option_group value (option_group =) to get backwards-compatible behavior. - [Feature 20161217] Stored-procedure support for MySQL databases. Contributed by John Fawcett. See mysql_table(5) for instructions. - [Feature 20170128] The postmap command, and the inline: and texthash: maps now support spaces in left-hand field of the lookup table "source text". Use double quotes (") around a left-hand field that contains spaces, and use backslash (\) to protect embedded quotes in a left-hand field. There is no change in the processing of the right-hand field. - [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - [Feature 20161024] smtpd_milter_maps support for per-client Milter configuration that overrides smtpd_milters, and that has the same syntax. A lookup result of "DISABLE" turns off Milter support. See MILTER_README.html for details. - [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - [Incompat 20170129] The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment (this override is not recommended, as it affects all Postfix utities and daemons). - [Incompat 20161227] For safety reasons, the sendmail -C option must specify an authorized directory: the default configuration directory, a directory that is listed in the default main.cf file with alternate_config_directories or multi_instance_directories, or the command must be invoked with root privileges (UID 0 and EUID 0). This mitigates a recurring problem with the PHP mail() function. - [Feature 20160625] The Postfix SMTP server now passes remote client and local server network address and port information to the Cyrus SASL library. Build with ``make makefiles "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards compatibility. - [Feature 20161103] Postfix 3.2 disables the 'transitional' compatibility between the IDNA2003 and IDNA2008 standards for internationalized domain names (domain names beyond the limits of US-ASCII). This change makes Postfix behavior consistent with contemporary web browsers. It affects the handling of some corner cases such as German sz and Greek zeta. See http://unicode.org/cldr/utility/idna.jsp for more examples. Specify "enable_idna2003_compatibility = yes" to restore historical behavior (but keep in mind that the rest of the world may not make that same choice). - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API features, so that Postfix will build without depending on backwards-compatibility support. [Incompat 20161204] Postfix 3.2 removes tentative features that were implemented before the DANE spec was finalized: - Support for certificate usage PKIX-EE(1), - The ability to disable digest agility (Postfix now behaves as if "tls_dane_digest_agility = on"), and - The ability to disable support for "TLSA 2 [01] [12]" records that specify the digest of a trust anchor (Postfix now behaves as if "tls_dane_trust_anchor_digest_enable = yes). - [Feature 20161217] Postfix 3.2 enables elliptic curve negotiation with OpenSSL >= 1.0.2. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter tls_eecdh_auto_curves with the names of curves that may be negotiated. The default tls_eecdh_auto_curves setting is determined at compile time, and depends on the Postfix and OpenSSL versions. At runtime, Postfix will skip curve names that aren't supported by the OpenSSL library. - [Feature 20160611] The Postfix SMTP server local IP address and port are available in the policy delegation protocol (attribute names: server_address, server_port), in the Milter protocol (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol (attribute names: DESTADDR, DESTPORT). - refresh postfix-master.cf.patch- make sure that system users can be created in %pre- Fix requires: - shadow is needed for postfix-mysql pre-install section - insserv is not needed if systemd is used- update postfix-mysql * update mysql_*.cf files * update postfix-mysql.sql (INNODB, utf8) - update postfix-main.cf.patch * uncomment smtpd_sasl_path, smtpd_sasl_type can be changed via POSTFIX_SMTP_AUTH_SERVICE=(cyrus,dovecot) * add option for smtp_tls_policy_maps (commented) - update postfix-master.cf.patch * fix indentation of submission, smtps options for correct enabling via config.postfix - update config.postfix * fix sync of CA certificates * fix master.cf generation for submission, smtps - rebase postfix-vda-v14-3.0.3.patch- FATE#322322 Update postfix to version 3.X Merging changes with SLES12-SP2 Removeved patches: add_missed_library.patch bnc#947707.diff dynamic_maps.patch postfix-db6.diff postfix-opensslconfig.patch bnc#947519.diff dynamic_maps_pie.patch postfix-post-install.patch These are included in the new version of postfix - Remove references to SuSEconfig.postfix from sysconfig docs. (bsc#871575) - bnc#947519 SuSEconfig.postfix should enforce umask 022 - bnc#947707 mail generated by Amavis being prevented from being re-adressed by /etc/postfix/virtual - bnc#972346 /usr/sbin/SuSEconfig.postfix is wrong - postfix-linux45.patch: handle Linux 4.x and Linux 5.x (used by aarch64) (bsc#940289)- update to 3.1.4 * The postscreen daemon did not merge the client test status information for concurrent sessions from the same IP address. * The Postfix SMTP server falsely rejected a sender address when validating a sender address with "smtpd_reject_unlisted_recipient = yes" or with "reject_unlisted_sender". Cause: the address validation code did not query sender_canonical_maps. * The virtual delivery agent did not detect failure to skip to the end of a mailbox file, so that mail would be delivered to the beginning of the file. This could happen when a mailbox file was already larger than the virtual mailbox size limit. * The postsuper logged an incorrect rename operation count after creating a missing directory. * The Postfix SMTP server falsely rejected mail when a sender-dependent "error" transport was configured. Cause: the SMTP server address validation code was not updated when the sender_dependent_default_transport_maps feature was introduced. * The Postfix SMTP server falsely rejected an SMTPUTF8 sender address, when "smtpd_delay_reject = no". * The "postfix tls deploy-server-cert" command used the wrong certificate and key file. This was caused by a cut-and-paste error in the postfix-tls-script file.- improve config.postfix * improve SASL stuff * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot)- improve config.postfix * improve with MySQL stuff- update vda patch to latest available * remove postfix-vda-v13-3.10.0.patch * add postfix-vda-v14-3.0.3.patch - rebase patches (and to be p0) * pointer_to_literals.patch * postfix-main.cf.patch * postfix-master.cf.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch - add /etc/postfix/ssl as default DIR for SSL stuff * cacerts -> ../../ssl/certs/ * certs/ - revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' - improve config.postfix * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a symlink to /etc/ssl/certs Without reverting, 'gen_CA' would create files which would then be on the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' which is not a good idea. * mkchroot: sync '/etc/postfix/ssl' to chroot * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from main.cf, show warning if enabled and file is missing- update to 3.1.3: * The Postfix SMTP server did not reset a previous session's failed/total command counts before rejecting a client that exceeds request or concurrency rates. This resulted in incorrect failed/total command counts being logged at the end of the rejected session. * The unionmap multi-table interface did not propagate table lookup errors, resulting in false "user unknown" responses. * The documentation was updated with a workaround for false "not found" errors with MySQL map queries that contain UTF8-encoded text. The workaround is to specify "option_group = client" in Postfix MySQL configuration files. This will be the default setting with Postfix 3.2 and later.- update to 3.1.2: * Changes to make Postfix build with OpenSSL 1.1.0. * The makedefs script ignored readme_directory=pathname overrides. Fix by Todd C. Olson. * The tls_session_ticket_cipher documentation says that the default cipher for TLS session tickets is aes-256-cbc, but the implemented default was aes-128-cbc. Note that TLS session ticket keys are rotated after 1/2 hour, to limit the impact of attacks on session ticket keys.- postfix-post-install.patch: remove empty patch- fix Changelog cause of Factory decline- Fix typo in config.postfix- bnc#981097 config.postfix creates broken main.cf for tls client configuration - bnc#981099 /etc/sysconfig/postfix: POSTFIX_SMTP_TLS_CLIENT incomplete - update to 3.1.1: - The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. - Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). - The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. - Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. smtp_transport_rate_delay = 20s - Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two configuration parameters: postscreen_dnsbl_min_ttl (default: 60 seconds). postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) The postscreen_dnsbl_ttl parameter is now obsolete, and has become the default value for the new postscreen_dnsbl_max_ttl parameter. - New "smtpd_client_auth_rate_limit" feature, to enforce an optional rate limit on AUTH commands per SMTP client IP address. Similar to other smtpd_client_*_rate_limit features, this enforces a limit on the number of requests per $anvil_rate_time_unit. - New SMTPD policy service attribute "policy_context", with a corresponding "smtpd_policy_service_policy_context" configuration parameter. Originally, this was implemented to share the same SMTPD policy service endpoint among multiple check_policy_service clients. - A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE.- build with working support for SMTPUTF8- fix build on sle11 by pointing _libexecdir to /usr/lib all the time.- some distros did not pull pkgconfig indirectly. pull it directly.- fix building the dynamic maps: the old build had postgresql e.g. with missing symbols. - convert to AUXLIBS_* instead of plain AUXLIBS which is needed for proper dynamic maps. - reordered the CCARGS and AUXLIBS* lines to group by feature - use pkgconfig or *_config tools where possible - picked up signed char from fedora spec file - enable lmdb support: new BR lmdb-devel, new subpackage postfix-lmdb. - don't delete vmail user/groups- update to 3.1.0 - Since version 3.0 postfix supports dynamic loading of cdb:, ldap:, lmdb:, mysql:, pcre:, pgsql:, sdbm:, and sqlite: database clients. Thats why the patches dynamic_maps.patch and dynamic_maps_pie.patch could be removed. - Adapting all the patches to postfix 3.1.0 - remove obsolete patches * add_missed_library.patch * postfix-opensslconfig.patch - update vda patch * remove postfix-vda-v13-2.10.0.patch * add postfix-vda-v13-3.10.0.patch - The patch postfix-db6.diff is not more neccessary - Backwards-compatibility safety net. With NEW Postfix installs, you MUST install a main.cf file with the setting "compatibility_level = 2". See conf/main.cf for an example. With UPGRADES of existing Postfix systems, you MUST NOT change the main.cf compatibility_level setting, nor add this setting if it does not exist. Several Postfix default settings have changed with Postfix 3.0. To avoid massive frustration with existing Postfix installations, Postfix 3.0 comes with a safety net that forces Postfix to keep running with backwards-compatible main.cf and master.cf default settings. This safety net depends on the main.cf compatibility_level setting (default: 0). Details are in COMPATIBILITY_README. - Major changes - tls * [Feature 20160207] A new "postfix tls" command to quickly enable opportunistic TLS in the Postfix SMTP client or server, and to manage SMTP server keys and certificates, including certificate signing requests and TLSA DNS records for DANE. * As of the middle of 2015, all supported Postfix releases no longer nable "export" grade ciphers for opportunistic TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for mandatory or opportunistic TLS. * [Incompat 20150719] The default Diffie-Hellman non-export prime was updated from 1024 to 2048 bits, because SMTP clients are starting to reject TLS handshakes with primes smaller than 2048 bits. * [Feature 20160103] The Postfix SMTP client by default enables DANE policies when an MX host has a (DNSSEC) secure TLSA DNS record, even if the MX DNS record was obtained with insecure lookups. The existence of a secure TLSA record implies that the host wants to talk TLS and not plaintext. For details see the smtp_tls_dane_insecure_mx_policy configuration parameter. - Major changes - default settings [Incompat 20141009] The default settings have changed for relay_domains (new: empty, old: $mydestination) and mynetworks_style (new: host, old: subnet). However the backwards-compatibility safety net will prevent these changes from taking effect, giving the system administrator the option to make an old default setting permanent in main.cf or to adopt the new default setting, before turning off backwards compatibility. See COMPATIBILITY_README for details. [Incompat 20141001] A new backwards-compatibility safety net forces Postfix to run with backwards-compatible main.cf and master.cf default settings after an upgrade to a newer but incompatible Postfix version. See COMPATIBILITY_README for details. While the backwards-compatible default settings are in effect, Postfix logs what services or what email would be affected by the incompatible change. Based on this the administrator can make some backwards-compatibility settings permanent in main.cf or master.cf, before turning off backwards compatibility. - Major changes - address verification safety [Feature 20151227] The new address_verify_pending_request_limit parameter introduces a safety limit for the number of address verification probes in the active queue. The default limit is 1/4 of the active queue maximum size. The queue manager enforces the limit by tempfailing probe messages that exceed the limit. This design avoids dependencies on global counters that get out of sync after a process or system crash. Tempfailing verify requests is not as bad as one might think. The Postfix verify cache proactively updates active addresses weeks before they expire. The address_verify_pending_request_limit affects only unknown addresses, and inactive addresses that have expired from the address verify cache (by default, after 31 days). - Major changes - json support [Feature 20151129] Machine-readable, JSON-formatted queue listing with "postqueue -j" (no "mailq" equivalent). The output is a stream of JSON objects, one per queue file. To simplify parsing, each JSON object is formatted as one text line followed by one newline character. See the postqueue(1) manpage for a detailed description of the output format. - Major changes - milter support [Feature 20150523] The milter_macro_defaults feature provides an optional list of macro name=value pairs. These specify default values for Milter macros when no value is available from the SMTP session context. For example, with "milter_macro_defaults = auth_type=TLS", the Postfix SMTP server will send an auth_type of "TLS" to a Milter, unless the remote client authenticates with SASL. This feature was originally implemented for a submission service that may authenticate clients with a TLS certificate, without having to make changes to the code that implements TLS support. - Major changes - output rate control [Feature 20150710] Destination-independent delivery rate delay Support to enforce a destination-independent delay between email deliveries. The following example inserts 20 seconds of delay between all deliveries with the SMTP transport, limiting the delivery rate to at most three messages per minute. /etc/postfix/main.cf: smtp_transport_rate_delay = 20s For details, see the description of default_transport_rate_delay and transport_transport_rate_delay in the postconf(5) manpage. - Major changes - postscreen dnsbl [Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL lookup results Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes that a "not found" result from a DNSBL server will be valid for one hour. This may have been adequate five years ago when postscreen was first implemented, but nowadays, that one hour can result in missed opportunities to block new spambots. To address this, postscreen now respects the TTL of DNSBL "not found" replies, as well as the TTL of DNSWL replies (both "found" and "not found"). The TTL for a "not found" reply is determined according to RFC 2308 (the TTL of an SOA record in the reply). Support for DNSBL or DNSWL reply TTL values is controlled by two configuration parameters: postscreen_dnsbl_min_ttl (default: 60 seconds). This parameter specifies a minimum for the amount of time that a DNSBL or DNSWL result will be cached in the postscreen_cache_map. This prevents an excessive number of postscreen cache updates when a DNSBL or DNSWL server specifies a very small reply TTL. postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) This parameter specifies a maximum for the amount of time that a DNSBL or DNSWL result will be cached in the postscreen_cache_map. This prevents cache pollution when a DNSBL or DNSWL server specifies a very large reply TTL. The postscreen_dnsbl_ttl parameter is now obsolete, and has become the default value for the new postscreen_dnsbl_max_ttl parameter. - Major changes - sasl auth safety [Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to enforce an optional rate limit on AUTH commands per SMTP client IP address. Similar to other smtpd_client_*_rate_limit features, this enforces a limit on the number of requests per $anvil_rate_time_unit. - Major changes - smtpd policy [Feature 20150913] New SMTPD policy service attribute "policy_context", with a corresponding "smtpd_policy_service_policy_context" configuration parameter. Originally, this was implemented to share the same SMTPD policy service endpoint among multiple check_policy_service clients.- bnc#958329 postfix fails to start when openslp is not installed- upstream update postfix 2.11.7: * The Postfix Milter client aborted with a panic while adding a message header, after adding a short message header with the header_checks PREPEND action. Fixed by invoking the header output function while PREPENDing a message header. * False alarms while scanning the Postfix queue. Fixed by resetting errno before calling readdir(). This defect was introduced 19970309. * The postmulti command produced an incorrect error message. * The postmulti command now refuses to create a new MTA instance when the template main.cf or master.cf file are missing. This is a common problem on Debian-like systems. * Turning on Postfix SMTP server HAProxy support broke TLS wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer to read the HAProxy connection hand-off information. * The xtext_unquote() function did not propagate error reports from xtext_unquote_append(), causing the decoder to return partial output, instead of rejecting malformed input. The Postfix SMTP server uses this function to parse input for the ENVID and ORCPT parameters, and for XFORWARD and XCLIENT command parameters.- boo#934060: Remove quirky hostname logic from config.postfix * /etc/hostname doesn't contain anything useful * linux.local is no good either * postfix will use `hostname`.localdomain as fallback- postfix-no-md5.patch: replace fingerprint defaults by sha1. bsc#928885- %verifyscript is a new section, move it out of the %ifdef so the fillups are run afterwards.- upstream update postfix 2.11.6: Default settings have been updated so that they no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. - removed postfix-2.11.5_linux4.patch because it's obsolete - Bugfix (introduced: Postfix 2.11): with connection caching enabled (the default), recipients could be given to the wrong mail server. (bsc#944722)- postfix-SuSE.tar.gz/postfix.service: None of nss-lookup.target network.target local-fs.target time-sync.target should be Wanted or Required except by the services the implement the relevant functionality i.e network.target is wanted/required by networkmanager, wicked, systemd-network. other software must be ordered After them, see systemd.special(7)- Fix library symlink generation (boo#928662)- added postfix-2.11.5_linux4.patch: Allow building on kernel 4. Patch taken from: https://groups.google.com/forum/#!topic/mailing.postfix.users/fufS22sMGWY- update to postfix 2.11.5 - Bugfix (introduced: Postfix 2.6): sender_dependent_relayhost_maps ignored the relayhost setting in the case of a DUNNO lookup result. It would use the recipient domain instead. Viktor Dukhovni. Wietse took the pieces of code that enforce the precedence of a sender-dependent relayhost, the global relayhost, and the recipient domain, and put that code together in once place so that it is easier to maintain. File: trivial-rewrite/resolve.c. - Bitrot: prepare for future changes in OpenSSL API. Viktor Dukhovni. File: tls_dane.c. - Incompatibility: specifying "make makefiles" with "CC=command" will no longer override the default WARN setting.- upstream update postfix 2.11.4: Postfix 2.11.4 only: * Fix a core dump when smtp_policy_maps specifies an invalid TLS level. * Fix a missing " in \%s\", in postconf(1) fatal error messages, which violated the C language spec. Reported by Iain Hibbert. All supported releases: * Stop excessive recursion in the cleanup server while recovering from a virtual alias expansion loop. Problem found at Two Sigma. * Stop exponential memory allocation with virtual alias expansion loops. This came to light after fixing the previous problem.- correct pf_daemon_directory in spec. This must be /usr/lib/- bnc#914086 syntax error in config.postfix - Adapt config.postfix to be able to run on SLE11 too.- Don't install sysvinit script when systemd is used - Make explicit PreReq dependencies conditional only for older systems - Don't try to set explicit attributes to symlinks - Cleanup spec file vith spec-cleaner- bnc#912594 config.postfix creates config based on old options- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot - bnc#910265 config.postfix does not upgrade the chroot - bnc#908003 wrong access rights on /usr/sbin/postdrop causes permission denied when trying to send a mail as non root user - bnc#729154 wrong permissions for some postfix components- Remove keyring and things as it is md5 based one no longer accepted by gpg 2.1- No longer perform gpg validation; osc source_validator does it implicit: + Drop gpg-offline BuildRequires. + No longer execute gpg_verify.- restore previously lost fix: Fri Oct 11 13:32:32 UTC 2013 - matz@suse.de - Ignore errors in %pre/%post.- postfix 2.11.3: * Fix for configurations that prepend message headers with Postfix access maps, policy servers or Milter applications. Postfix now hides its own Received: header from Milters and exposes prepended headers to Milters, regardless of the mechanism used to prepend a header. This fix reverts a partial solution that was released on October 13, 2014, and replaces it with a complete solution. * Portability fix for MacOS X 10.7.x (Darwin 11.x) build procedure. - postfix 2.11.2: * Fix for DMARC implementations based on SPF policy plus DKIM Milter. The PREPEND access/policy action added headers ABOVE Postfix's own Received: header, exposing Postfix's own Received: header to Milters (protocol violation) and hiding the PREPENDed header from Milters. PREPENDed headers are now added BELOW Postfix's own Received: header and remain visible to Milters. * The Postfix SMTP server logged an incorrect client name in reject messages for check_reverse_client_hostname_access and check_reverse_client_hostname_{mx,ns}_access. They replied with the verified client name, instead of the name that was rejected. * The qmqpd daemon crashed with null pointer bug when logging a lost connection while not in a mail transaction./bin/sh/bin/sh/bin/sh/bin/sh/bin/shs390zl34 1716802160  !"#$%&'()*+,-./0123456789:;<=>?@ABCD9FGH6JKLMNOPQRSTUVWXYZ[\]^`bdfhjklmnopqrsuvwxyz{|}~3.8.4-150600.3.3.13.8.4-150600.3.3.13.8.4-150600.3.3.1   smtppostfixpostfix.paranoidpostfixLICENSETLS_LICENSEaccessaliasesbounce.cf.defaultcanonicaldynamicmaps.cfgenericheader_checkshelo_accessmain.cfmain.cf.defaultmakedefs.outmaster.cfopenssl_postfix.conf.inpost-installpostfix-filespostfix-scriptpostfix-tls-scriptpostfix-wrapperpostmulti-scriptrelayrelay_ccertsrelocatedsasl_passwdsender_canonicalsslcacertscertstransportvirtualsasl2smtpd.confmailqnewaliasespostfixbinanvilbouncecleanupdiscarddnsblogerrorflushlmtplocalmasternqmgroqmgrpickuppipepost-installpostfix-scriptpostfix-tls-scriptpostfix-wrapperpostlogdpostmulti-scriptpostscreenproxymapqmgrqmqpdscacheshowqsmtpsmtpdspawntlsmgrtlsproxytrivial-rewriteverifyvirtualdynamicmaps.cfdynamicmaps.cf.dlibpostfix-dns.solibpostfix-global.solibpostfix-master.solibpostfix-tls.solibpostfix-util.somain.cf.protomakedefs.outmaster.cf.protopostfix-filespostfix-files.dpostfix-pcre.sosystemdcond_slpconfig_postfixupdate_chrootupdate_postmapswait_qmgrsendmailpostfix.servicepostfix-user.conflibpostfix-dns.solibpostfix-global.solibpostfix-master.solibpostfix-tls.solibpostfix-util.socheck_mail_queueconfig.postfixmkpostfixcertpostaliaspostcatpostconfpostdroppostfixpostkickpostlockpostlogpostmappostmultipostqueuepostsuperqmqp-sourcercpostfixsendmailsmtp-sinksmtp-sourcepostfix-bdbRELEASE_NOTESsysconfig.mail-postfixsysconfig.postfixpostfix-bdbLICENSETLS_LICENSEmailq.1.gznewaliases.1.gzpostalias.1.gzpostcat.1.gzpostconf.1.gzpostdrop.1.gzpostfix-tls.1.gzpostfix.1.gzpostkick.1.gzpostlock.1.gzpostlog.1.gzpostmap.1.gzpostmulti.1.gzpostqueue.1.gzpostsuper.1.gzsendmail.1.gzaccess.5.gzaliases.5.gzbody_checks.5.gzbounce.5.gzcanonical.5.gzcidr_table.5.gzgeneric.5.gzheader_checks.5.gzmaster.5.gzmemcache_table.5.gznisplus_table.5.gzpcre_table.5.gzpostconf.5.gzpostfix-wrapper.5.gzregexp_table.5.gzrelocated.5.gzsocketmap_table.5.gzsqlite_table.5.gztcp_table.5.gztransport.5.gzvirtual.5.gzanvil.8.gzbounce.8.gzcleanup.8.gzdefer.8.gzdiscard.8.gzdnsblog.8.gzerror.8.gzflush.8.gzlmtp.8.gzlocal.8.gzmaster.8.gzoqmgr.8.gzpickup.8.gzpipe.8.gzpostlogd.8.gzpostscreen.8.gzproxymap.8.gzqmgr.8.gzqmqpd.8.gzscache.8.gzshowq.8.gzsmtp.8.gzsmtpd.8.gzspawn.8.gztlsmgr.8.gztlsproxy.8.gztrace.8.gztrivial-rewrite.8.gzverify.8.gzvirtual.8.gzpostfixpostfixmailmailpostfixactivebouncecorruptdeferdeferredflushholdincomingmaildroppidprivatepublicsavedtrace/etc/pam.d//etc/permissions.d//etc//etc/postfix//etc/postfix/ssl//etc/sasl2//usr/bin//usr/lib//usr/lib/postfix//usr/lib/postfix/bin//usr/lib/postfix/systemd//usr/lib/systemd/system//usr/lib/sysusers.d//usr/lib64//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/postfix-bdb//usr/share/fillup-templates//usr/share/licenses//usr/share/licenses/postfix-bdb//usr/share/man/man1//usr/share/man/man5//usr/share/man/man8//var/adm/backup//var/lib//var//var/spool//var/spool/postfix/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34050/SUSE_SLE-15-SP6_Update/ad4cfd137dddc64726a1a18523ff82d6-postfix.SUSE_SLE-15-SP6_Update:postfix-bdbdrpmxz5s390x-suse-linux   !!!!!"#$%&!!!'()*+,-./01234567777777777777777777777777777777777777777777777777777777777777777777ASCII textdirectoryASCII text, with very long linesPOSIX shell script, ASCII text executableELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=41b538c3558d97477868090b5b39ad7f15d544f3, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=ed5112002a66ff02e6eff47138c5fbdf445ef267, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=8b7bd0adf2e6570e02a45af7125dd28280f16d4c, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=499088a072ec430f686f2823777695bad8ec6250, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=45fcc90c797837e204ae65c0bd208bb746866ac7, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=95db53e91e8847f6fcaaf5276b5f41067a09ba48, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=8b0050c1ba95a16278efbc236028c94bef35cbae, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=493ecb9173100f9a3fc8e0d89dc9324444d3c20f, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=38d8f4729389c3a696afecf4294f55dafa0edba0, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=5ec268651cc6ffec8c38cadedfacb3595848d5d6, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=9073e280f896167ca8f63dfe21c2f617813ddc2e, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=b14d165d38ffd67393cb322c2bf9382cfb0bd319, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=057cee68600d96dbf6db86c35334c282c61a54c2, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=548bb64624a14528be177d2b0fa7bf70aa3c0ddb, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=82639398410ca19c795a59659af469a397baa3b7, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=59f2e58562dea42cd13616fcdbff54806a000eab, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=584f25ddf786e229ac01b9a8516dd151d74d3099, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=3e5851cef3dc42eb8c1ece935a57d361b03f5827, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=52ac700049acbb4a2ba2b35e75e421b0e078d447, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=90288ec600c1e79ce974b7b5999a2387c0b55635, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=e6b506b04499b3af5917615ece6cdd359792e1fe, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=72e37598b588f1d7b9fd0ab0f470cd119511b22e, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=173d6495c85a3bdccbd141005b44596296f7ab3a, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=83c691e440272c8d5788e14117e721488c31d16f, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=6861e16176415d3f89e691fc48c99701238e4f18, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=f8422537af7bba54fc11a6a6a554bb7579a2eb80, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=a1f73310f28d6b5d6c88cb4c6b5903c7c2944808, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=56ca5bf3f78db117edcd467aeed467196f6014be, strippedBourne-Again shell script, ASCII text executableELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=9237e60768d1c39721d104a59fa1385cb1fb3011, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=53d103de7d668ab395e0387f773c8506fcde2ba8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d951447756d0c30bcf18f4f191b97e6c81cd6a9c, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3d8f43a0b8d75fd97ab9cadc196384edb860f572, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=473860f09599c23f5e8e05cd72eaaa1aad620973, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=e702181f47bf9cad5f54a479296cd0fe2d1d7d64, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=632f392ea504951e623e18aba22c6a930a23a686, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=7b8c1279168ef0ff2699ac73a215740faef35732, for GNU/Linux 3.2.0, strippedsetgid ELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=2b1fef3c53feb22a1014799cbe22f1117a7b7622, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=653cd3c718b28f5fe447068b6b477c6a39265144, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=83244ce11b8cbd50cc82bc3761112693da6bd22e, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=cdcb6da0605ba86c2c5df1b533ae330b7be38d55, for GNU/Linux 3.2.0, strippedsetgid ELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=b05e1c42efce4137b241461964944243b2796a84, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=9e7996ba0c0633ce633fce6ad1d9cac078cedad3, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=7a1e89993f600c0dcc0ec2e8bd1ff83b08a486db, for GNU/Linux 3.2.0, strippedsetgid ELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=c337a3c7549c9b96fa3ce1e7a353815a1caa9469, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=136f8c1c94528a35574ef84e2f78e3eedf7996d5, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=355f5e5dc28833553361e30aa3216fe916f346e6, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=d4d48ac2319d184a02040855bbc6db727fe5a15c, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=3d8f241d7df3ea24782b6577b4c0fe1e59f402f6, for GNU/Linux 3.2.0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, interpreter /lib/ld64.so.1, BuildID[sha1]=dbbe2515d4afc41bb78d7bc0e0a8c7403a09ccf2, for GNU/Linux 3.2.0, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix) (/7GOV`jqxyz{|   #(1ABCDJR^chmrw~          RRRR&R%R(RRRRRRR&R%R(RRRRRRR&R%R(RRRRR&R%R(RRRRR$R&R%R(RRRRR&R%R(RRRRRR&R%R(RRRRRRRRRR&R'R$R%R(RR)RRRRRR&R%R(RRRRRR%R(RRRRRRRR&R%R(RRRRRRRR&R%R(RRRRR&R%R(RRRRR&R%R(RRRRRRRRR&R%R(RRRRRRR&R'R$R%R(RRRRR&R%R(RRRRRRRR&R%R(RRRRRR&R%R(RRRRR&R%R(RRRRR&R%R(RRRRRRRRRR&R'R$R%R(RR)RRRRRRRR&R'R$R%R(R)RRRR&R%R(RRRRRR&R'R$R%R(RRRR+RRRR&R'R$R%R(R*RRRRR&R%R(RRRRR&R%R(RRRRRRR&R%R(RRRRR#RRRRRRPPP PPRRRRRPRRRRRRRRPRRRRPRRRRR+R*RRPR"RRRRRRRRRRRR!R RRRRRRRR%R(RRRRRRR%R(RRRRRRRR'R$R%R(R)RRRR%R(RRRR%R(RRRR%R(RRRR%R(RRRR%R(RRRRRR%R(RRRRRR%R(RRRRRR%R(RRRRR%R(RRRRRR%R(RRRRRR%R(RRRRRR%R(RRRRRRR%R(R$ɕ&"vsystemdsystemdsystemd-sysvcompatutf-8a23feb8def0a06d6b94f111e0f4e2d56cc48545375e72a3453788526217544a3?7zXZ !t/ȏ{]"k%ܮGX ²|>rA]S ہz4=Vkx q$)maH3ñL"t ܏4}Bj.z0 5id+t`ҡz^?&ZU8~hZ;h&F7O(/-{#j޽uP1hvW8W3yAՠ"Џ< yWϸTb;R(-jfM nK0!t.ܦvBWW+(Vqbf019_P@j NCP, 0nj;|0=xݙjƋdLvr#rjI/Zy-J s;C $E~ Qv[p>Kc0[϶o ݏ|rVMTIR7w|rP>۳^XiRRYIq 3ܳXȜ :Yq>ai̓>_6RA4SxI1]o(n*L'IJLRZwJ}B]B"BlS-bk?t:xp{Ԏ(ZsJFI {&-#ƞ:u玷Z[xpbebkGw9hn<::+յDjB*f2&0Dɳ5* &Ɉ<;7ڢR#汥\5.L3R/*AMs~u*P%.TUX".hvtF! n \4c@3b@?ULͲzu2~c;?!t,>NDoZ}".ys`ϝ4^'bJ˄ΠbS K) Y[p 9fzyZq0ժ}6T*@&iYf%񧴬7c $AZ$@r S&S̿.R e޵/;:& D3ڭ^a3f-0NrCW4pɤ7_c.*4 pʴ u mTt.PHzX[9W,Я~917_*W`950{n;t)%Ï f2rPrOWN^DIC`p& "0sSB{wˎ2uLBnƃEwz= q"rQ6}&чË *,my~EH4Yvӓlzp 8~B Z@nWh>, M.r"S?08!bE;@@Lֹu1SY 5csۇ;99wɁp0ZsP?{+\-(6`y_9+\zЃQEP23P7@NXn\c2[*c3b8#JlgV]]ñ.{! L3B}vx)H^-N\U\\5;_2w{5 Bs~jSּf' پ5H_0^pUL-ݐ<VV }oVY;YEfiREx?b,p؝h|G_ LٻCo KҔ.cou(X-yΰR .Law<ިvcRn|#oBV"6ӸCN >/lICn+(8>OZPFb_mfED2G4#vԝ1fr+fzm?[Uj%AûקM]$)?U{߈+ YLy܋[ *CycN3=D!8\ &D-TA'0b"P-~d<(1ʍKT 39xw%  i,[*0q@F)YC)jeS+S 񲅰'ކ!5h䮺@hі9S.m - 6 Nx?VPC{.A"1,T0mFdu}S0DvDuѳ/:su=(Cm++:\ B-_)((y%TN-4؀\ JgЩ~5۔igEtsf+ХYǯCڳl}pn9YG+gi2D-5Ym 5S#6+l eeso-Ǝ4#dŦV4 f\|}a/Yv,á [wA͞I;^4}:mM[ݓ/n~C.qݭµa yhd7-u4_ `?$lC&Ee?q'iC'/B"'[:w %1:5 +v^-ߥj}\ hI˦)pdչo|9D acX? &*>VI5uU|Gn0va G XZթNf0%zW9۷~iZ4E":SuAs(A|pijpHq&iǐOý_{''.=}biQXQ#A6ne˱Ɲfc)Ѥ`?:H0+ 'jUUc}EqSE:gmNoWPU$@XE=>38ֳr{7nīWv .*=oeATj Ul|ÞtЧ>Tҹ% JďSuPO76dӚ)Mѳ#,hJt%<0F@z;&] 5|L53߽ nmϜqAwF$vIK0pI&pqᆎ\`*]om ʤpa]8'%vkG仌T9٥ ï]REpVC. E/įfV-y;Pȴ x qC7u=HUcAՈ@WHC mz +tiN#Jf(=r<0\Nlcwr _f"G*2l aY0"6SD'#c^@7QHm"yĸ2)xs\rihRWы!€4"hL=y",]2ٰŀ2P/nj0*W-eCOH N >g6]ah'bLЕr`eJV>] ,;Go~7]cv&؞yfv/qw4=`d1$}'O=?e˨RP-J7yK QT򪎃?_yB>K+6 |R4$ED0,2|q?-˿$Р̲Z gN7*zjt,ट!$T tڹHX]`_8`Wo+xT5JEjq- ǟͶ;8z/6Bm4^-+7bpTv֕{0M^ g:d·4=bՉꙌuBOqѤC榋J@&mL=1muk u @sުZhܪ24T8rOd\$͸u/Tɖľvݱcr p9bQj9wΩ_P.^3n: 4r- +` LE1"O(Υ) 73<ύġFʮ_oHjQdg1~K\igpcL"˯4>%c_j8tb$7p&E23 AV/@a@H mcRa pˆmTCtWN 7"c2uU1d~xIt6 i0=bHY@:o p6D=-'-Ѭۉ4c=v۾]'QkV'GW):cYDc}9Lob%,i &0w[Un9t^a~W *ʢktʇ°>kIru8Su㮑# W}oJ>@GS m 0^7)#X Tb椧ynl!ĭ]L追 =~a)\j~˖m lF.=bc ǬЭEAF27+ <ƄYtI\Љҳ=&5r:#4qW&z!PyȊncD:V1?YԿ"DtyW3Ji::!VSrU_CV)Η[őW8G_N̎s;dj+{%Y,bA }J?L7z}[$HG4p(W)Xy.#@ :Nr~ˀ$ʠ` R,Y6eN jpڜ@U9EWSn_J]1*+젍û&RoB ɪΐ`h@ۭnT%ruZbxo흇0⯠!t5wһc05S0(jwz?I!Kn}/W^-’3W g$g?e=|o.lyaZ,n2:۹{EP"_Y.'ݙ^@8ݡ<_ }p$<"UI~w=jCu_>jh`9?wdtk;߀9Glv?723л`eNjŒ `7;QMe+t`K[L4T ~-w3{o.>dacj5|ثxu*RԪH[#3է}׍/ܾxGHz\綤4Hf94^ \3G+3|n :M;GSymH RJKc2gvLZVǡPZKТ]یQaI /{wf>,O Fږ(ґw.k㳨j&e!+dIOdh;S~ M(EQop|Gs2mM = / / nq  ϱ/91!U۞_„`0Zvjy:>TͰy@Zx^3] <'r<3:4 X> 91zc| ԴB_I0_pi9A ҕДWV7^HTœCj4a9{_V|/Y]Z9X]Yn3͎&i_*"YT&Gټ~ТiԵ]O!JdwHbh$^ZR9ư87˳K+:1WAAGwًzWD&]\[~=:[V qAusbw^_N5UC`$ZKvcOX%ohTo0zѿyl$>YE}Zc;Db'"0vjzWIc GU8x/=)閯'@g5[M%ņܝiQI{󻫻Yzb)\}R&7%`YxonKnC;cVdwOGľpbX:sBM{XqiXR AK>yV t6\߾Ғ-Ǎׂ,.nP#FH:٨ ztʥ{ɾ>1YNlOV;C-̌0xU/ʥ36(#Wl\Ӻ#T1\(X"e'EKOfJ3XꬱBa"]-+闏=U氍_,~)JII%t%)\HM5S5IbQfGŹX1XQF}8٩Q8rpxUVr_IX6G Bb匏5Z}uRcCܹE"w2wf461;ԌNIDS6|j1DUUy/au8 OP$5(40xfAO rTQbLw :1I)zXGMS<rL rvBqxswL-1R-Ofb/@Uܿ+(?ow6X]tA0j;'l1jh+O~(n&յ"Yk9m,@RAdj(OHAo ꖆ},@E8tq5!BK0r9)SpwґlmwgGBuYlI2EWi ˬ*~5WEk}l`E9J >5j۔ !">JGcC髿V7*>^@%,;XE3\US_}i~W䑊dIE*3c94]G+p_TmU4,_" (P<5srh~:"dOme\w zl!mFFv*/tzUa{Ke=KMAEDI#cj.2UbItTq!Waiu]]D2(6.e"5[mP q` q.궸r*_ =k$ g و8տxF{f62΋Ү;9Xcq * ^[RO:ݫ"0̳edQ,Q76҅;@>q'õ.o`|&@w4ɴ:-G*9dB|(ތkknr%y,M`"Hy_3sޱgtGxE>2Z1阀rӯũ"A2chzZOȆdyVǖ4h{n 0`` }w$ۅC85ʼnL=PS%g (W Keʰ5VCCwkG7GXy%H ݙz#H΄u 7tKGH{(`M4$~DҀcN}^dJ')7*͢DH5WG,p~~~㧃䩀2ֵeTe|ʸ9eʃ?4&Fޓ^izt`#~KKAHPf7@{ZI9QB^fO$XGbL~IYpzp{SWS\ԳӃedb~V<o#::JD_ڧRHv4n#55iN,w .Ucvz%|_JjpG-wt#) ƲAl>;3relh#OimYw!,soPlY(EHTIH_~\%)+5rOZdh3(SwkWmnU``U?M8h1_t[+bm䢴V % x^,} ^0tP_d72e<_x"-o _%52 |P w#\r6pPmY*'ِE3p>C|ED8z<nUqǮ+:Viu蝷 nŃoB]m΢1KAzeAx̻r$pbo=$ujoC1 y4:*I~,Uq|Be CfX!T<*sBW2TZ^m7Tğڶސio""}̷0uOb$w/.$A)-!iD$4\-Ü~ 竝 QD\hqM^\|YPCi)Q&9Ƌ$?&Ysјԛ $~ʶcb|A/fTt8З*m 멐'/nG#+H¸<tRC.U7ii 5F4mQA?֟.WQZ2Klkb#wD8m: oR++MOU)ͮ}0m,w5.I_}HOo@u(AQ5yl |TͿ8!]K\-n{Ub v[4vCGzle1Pmgwׇ*Mu~.pePxiw~"w#os.t9P_,m iE;W“gFd%D͚'Zz.᭯$rABB <8ӷ-d dO=u`ϳRRD|sƛlB6d8QPL]kttG>ڂ5m{y=Q7-*w+2q>0*Y9@ƻlH]sg>RJ&\{WD9{S_CQŘ`5ffkm]`vXY9~HC.Z@Y%nyo^ sP]Xg(xZE`Ĝ .{WL)n|J$qQnGfG L vD0/g|+e8~Ғ>Jт=B"!hxXRDhiD?I;<=aoMD΄%cr}ƛ]U/<+R#`::utKX2u,;J.ˀZg>uX .k2`)AW÷[ɐL(؜[ք+ З4`a;|öE 6s|Hcp:|L/v[W 4Ԣ% %yOBH bз-!LӜr@m)vruugBݴKg1b+SoelD;& e1SI8q?/ٍJ{{MC PnIr`RQsхC7CEXlVt`'"QA6AR8,#(:҇օYt_s_%|'^˓7N{XԌZ3cՠ؀f~RhW GMn%A33hʓO72Drtzۓ''*Fi_G-Cp[<7?iQ~wVlՇәz/כsv w=Q([ qnvVq6l ꉻ*P"uT<=)ϓ䧎aaq{o:eƞLzCT_Y)5?0@\"qi;̻h!B v߻=`_ vc*|e^FI<)jًYaXseij_N 1BGG/PMȐǮ:m̵oq#wd[EqOflf}I>Gh`[<="wHx${BY} !D5EŦ,&DG*CrÿOωu1 &.\+v3 .\NQeL-Lc3>צɐTV?4(dI:z=OWx0':bI?<)ś)Zx:D[ĸCuWaWHja%o2rT*Wi#oʂ e_V P>%3ֵJ^ߑrƒL-Tdp[s(y%<'j:tuE6coxZjyw?oM9PS>77qeğuFt(V 7@=:")/6* %/4ƺ I7^rk$oĦ,[){ǰ?2>DpiNp0^L"g@3JvuiCZke8`#=Gm׽Ĭ)uZH'( Ai.XR R,8%JCfƻ͸vzW {kTčH) 1v0Cs\ɻR-!ϯf+ѴLR=,4g_N2ž 3ã`Fz f4*d wQ1 1G0Oz Nsi|Dl:,,M{Wf榱E~r &LZ˫|H!$7@$\0H@JwIwvg bּVX9YYޢ JhxŃ@V\ep 32ϒ%9=Y%s9D%չs@cgq1x_+[jhMݔ> -;S#\h,`I 㖌 uጡS _U|ۥ0& u}9j1}gTeHv8D2m rYG@#,ȱGbSH5$MPV&UmħĕCk-ĪW]OL|*N\ .*_Qfk'#TqXaJXiD=ڛʻD9&ʖ9E HZwR?p򜩡ݝVڪ"^wD5AbT*FJ()]Kƛ)gq<(!-nF9y7Mwdkp kC49B0U1AT{J7Vc_y;G~Zt'p6ɴ;㚢=&LjMxrySV٬I+NljF)zVb6MJΘ)!wIļoGzV$`Pŧ`vb>Bg8?h-#Gm"Yehc C@ $Ʌ뒮}X(o_@}Nxx.[Lźt׾l l 7}eDL6COD]됾q b@J8iXTZ]_'MScn%_˴~ oaA 9S#w 6xt-">:MW|t*qg#G: HabfNa;t%#R ;9}.܄&7C~02l* HLuY7-Oe$UZ=ck#ϞP%)YͩNz8O 7OݿEJfz JӏvuuNTˡôV;z2† ʓt!;km 5+֎+Bffb'Dxb*_J b'0^dgg&?KWNps=B٪}AIkd%;6m/ѥR R[1b;#" ?A}> ؎t&Ͳ@?=a`D.@n)}!EWl. ߬86>-W tbT9@I9=lؤ=5K~![ G?ꥶADy (Z[v\-ٲƣ>QHŨSه=`: $!y5PB <дDnWF[27nQ7l`_Tt{^cV|\ks= L N'1ŭ6=m@t7Eam6Bvޏ 3)D)H!4)6 Ѡ ln+2o 6dV4K.[r㑇5 /!EBX\,2#6q'xYυh}e.~c8ai +)l"Z pҚ3 !jn {8 GAҸGnM^p:v`~8"4QB|:ӒaЕ R A`!Dv{r5d2y*kŋǎ÷5K~G+_3j4.tn*OY먋Ble K7:'j,?:wvy\"/b)l+Kr_# O"xe=|=` &Nxaܳ1Xڰ[8H9W$V%"s9PxYa*^B+~7w\2[ /Gq\SQ-f/׽hU@v\mg(rZIwá-Kxg#zRڪ|[bZR8"\wעa36F跰 e fF&i&Jfk&Mb.kPK )5Pe0m&8'BNHK[YKxa ,qyߴ{45d=(=*ȞSG*+_40x3&v]i呑|'„JCGl%n{\?[$m,R!&f, .C|^K޼1g~-o= E%eKB@mWM/r˜3 ]h*mE nzM]"@ t]R~A-)SD1W!5)At\Z{@TU>-yF,9{[rl։% ?ץ׌3pRedς?nÚesI-g%gFSvi U#2UnrB()l,2Q,=P8Na ?.>РS|r|7zUaG*zEdNأ"_JoPV/yeh2 &E2=/SZZٿZ9A壭G7*A{ ?Gh)YrqJ>nry$ưtT_|%Yn'띝 {W:cu84'x)Z&;AEau};Qc- 3=`dž9)UmBGÖ@+:6Dl/@-)hҫ_q sqeɷ:uw ! p`` +Ƨs.{r= mB,LZk=<@=٭@TNKɃ?]*еZG8B4WڿvS֘ w݌o$8Y6M܏RVv屨X }/p\<仳qQe U~ UHba)Z,,Ts͖Fo=MYC &&uvҋJζ 6aM(M!r7pzkէ 4ܭ vHf]ܪ^U%zA6 #͐*󐊥gUk$ЌqZu>/G[Ë> {.݉^]>Nh~JPzG|c*]f 5 oߚ3u3N@lŏ= osvİ79k'H<Ԣ_1>wZ8t eq$_̡=XMqͮOj 'mGuLb]B gri{:ࣈ7(da \$o9#yi IuVs7]~3 6F)a:׫Lo{ٵEe|-ਁ] ߺ`";%uJUme('&ڶ 9Zq'P|^gWP|n3Oh#߱A K:P"%U KPv/` A|aUI*q/ctj߾YC̐D/CaMewNyb1=%'V gKpB&Œ#piu^ 'DceceՂ5 ,%/ugBJO|,>n9uGmRN쪗hΡ2ᬝN| Ļ$R3l c޿:ʝڼJ|kЌ~eҭ -L/%M4R=9: W.<-`&"ߘpSDWs Z8x!*t:zKI/נznGy}+#HJ2yEv";H~$tDgƝss;=8~X$Rf$ $wr崣L:O)r贰)@CvXhZkXJl ʿOegA_UU)>n.?,PMp3>"׿CVӪipܣ~]?OAh7e܀?o%n`:.w;Cλlf)NYS2t>?l ä(4#-s,3)I:|2tcH[`C`T!WZWr!?F9k^ŗS`l S[p>M):_3G#'=}ѝL~|X[,-4ZVu?}#*aԚ4]DzW/9k>s܇ڨ!5Toi# 1vvgVx%dus#ƒM˳3GBdYV{ԺL &l ;Kk|^%ƻ?T/ pP:xL5]@I"lr6;;k)`cvԸc^0VZ̅ NR? gy2@i;h[I؈p%&NҸax=rޝl}[*PM>8J1+:rNtƤxQ𰌊iUx3D<H 2U7u.(o ӭ;_^w-k=p]r+g Fzz-WP4РƓM*q1'pcw?e",K#=ؤdP7塟#4VFzc:?PQ WR&XE9s) !Avj$JJ8\h40&B}bӦߏ"C`4N#f85D *E9Kf*]y3VU=6 㱤hMlF8/~1:fHpvai3Ŵ 5~{n'bia3@E /mƤ?yK#:4BJ(NUAVrJ3}Ym_ FџG$ұg ?%Լn5y.jhU嫐E˾فh7<uP؜/ ;5a@{M [˟4j#nK YBaΤcϽ`GWY.DoHBg1X@dݯ3MlZصRdtgM I+v\~;v@3N)3o ΫR b}\g (کV8J)`Bөz/4Coz-&J4Nמ g]-ǟ-Nw)JciO Ų0>):4"M3X4S3V1PSD'^%qY\ =fգ#p_;Wu\_@ÈUVbVjbKDn%7-&úZ a5"SPn",ߴCKɒa'w-_7wKoBhH6sqi لמ$k_pq1˵%6Ko 8){#,1j.>8v:HKgB;|LH- v| H&MAUiMnvmMaOUw*;#.p|iSȼ{s gHCֽx,-, + mѲ}INcKlAf_&|beG$ע|;ru:GODُ"=*GZT4lg+GM./ryE . 3n~M)u-fFD2jHb>9+ʾ , +7O/@q/Au,^BٳR ! -U$Ul'Is}Lu6Y[1?*4uilz=~>KǠš -Y+ .a3IKi[4!GQu$funwVSjh@O&܊G2,p$쇺ḄƬM~f> d5F;]zn,6]*{MI.oLS+ncOxX iɹ:TX+!cAF!LVf0qAqE</jUVb)T;7 hf9xd!6-Z;V,H*jY-C3һ4ͣLxf٣xs[d껱+Fĸ)U0Yʷ6-4 ̕*2 ˌOoG6xW<^;lE[et,]Qif *N,u"J~Գd/N\ГA[ߝ%nxdCdcD$a&_d8[*HJ}4{- G<ӭ;OlKH,%[G)%Xȶʷ<-Pcє_ƒM}1^s'Gڅ5l<{B 2w(R؂_‰<>l/Q Gݫ[ +13̰MscG3%粅 k-v_/1^ *Ks/nT`:/2_–Vx0_ w}i"4T [UN3Reڋ >O//hx2&Mˆ8[:`ƒ>iMco|RLd&ruZT v%]gy5Q+ "l_kV-yح=aBIdK4oƭ8zMAu0"}$7\O3RtD򋑼X Rc6=6@[ #HrisPdooX=<`T=5J!-wX',KWB oe|nfTV5CҰcp?F껻5N ] *f"QP2HKxq$83K`Y5Ub7v'܍Vo*=@Kڂ_9:H!V'_qs3J7EO%m̡9 tևl^ϋp;$ $5@͹ItkatsMG(xbvW Go\t=}3r-9y8 !9 }<~YM澈wHE 44wLev~ "s/k"O$UgE}RAXgzE+֝AhA68ydHqAR?=v0u$`;l&oY`Ruц㛋&8-m3l` cDŽVt!ؤM N!\pı_GɢbWq5?uJ[Ф\GQR6( HuqԬ aCQ }A\ߺeq߮<4QMrnvҾ"2oX;B T^^s|70w0o_="2;N<;ՆIJTGjx.Eȧv W)d L,b 2"і¿*HS6׹جkmn|ƌGȤtVDC 2*Zn :C&(1|1~˚^Pxkפr`$p Mis?CQzɼV&w:^vQ=^v) KO&Rۆz<)as^BZyh#ccb,sG#=iZ{^:z;\ej"oĕЂXR2Ao?ʫ72"ȅ,$yE8ȚLX6K!H IgɼI>ʐ(?y~N ŘBHXAvhAj/n8>`$4,ҩ`ɞM %Dd%rsb hNB,/q mi%_KrWŚkloϮzzdƦ'.gU7(9eʯժ):HGtEp?<v'6N Jc[JOvidVGWgS@ .!UCf8 |oXAC~G̠zt4뤴|WSRvU//]}*1<”W~ #XP4$Te ZKxJ,7:2>jLC乸X,9E|FKi_Aܺ^4+L͇>-mk$i%1)exZDbytʪIk+iVSvrt??fsJ++^-%!,yMo^Y9g !XyD7Si3QTe)^?J*THdI`P(9tR>' nOoxG׷)s+:=ScE0{r mPYk9r w䡦ʻk^ 3. me]d`B- |BL@OE݂~U4de=uOS0T 2 ʆa첶Wk^fHz& snqku A3-ZKo5jVmib~rv(nuZ'~mcW(Vb_% p :!(Ӫs7t4"hOd2F5MDxo1x&Qwpx X0!5UXKjll|ů2z3 ְ@UHCԢ߀ F.Wd϶Z"F Po6TSg8K~\.-)bb.-Ʀh},\5_ʠIX*7G8  4l)awy)ѭm:" U@y{ĨhNHCQ{QX uI.o؅X-䜔Z%z o:03SHL-WV"~斛42:knS|g̺*@/ȊpAԕ,+@ДCլqQ)ݦh[}c''t/=l4lKGhcr?WIπΠ(\ʜ-]ĬBQ?vt>!\ܩ}!C}Ջvb2JY A=ɓFQc[T @-dp r=}HdjabQ[Fd.؎Ws:HZGUl8M)[ 8+G2ҀzRqɵ *il b[ b j=ЩLFK93q(e9Sɔ qmXj-L"$2APapu"+q! l4y.+s</IUjW. CCXW-)?v"9_F>$D-IjH I{\j?~}:e;=IJK:.fi`\a۰$ՁJ{?!k/S^Ng?Wa዗L^,aC# ljH$ o^ۤ#&Pjc+tbfNՆ$3rckDG&;t.  󽺖pmiOxPRwR+x&4^OeYG-ztFθ{x씩>%!/} V Zg!pMɻ);`բvAtlRf3y'w}Jn\bOum;e!g&62wS2 0C[24og + m鍶jvð 3ߛSU/EE L0O/xOgAD=[jx,Gˎ7= d%i*h{h$x\2%U;Eu:a\xZT ,vE3AGyޗuHu\-/J c.7~D  Nݸ_ټE>l9F-MA73n[E=AB/$, ' 3.xg0 q͖=G)B=AC4auN2h [9:V[S˳@HO5w0 (ʘq㽞,_W4 .!S:׈#A9)>Cfnr,# CHV|E^jZ.w9_E2IߓG`V"GaxYB/٘z Q&R5bOdZIȃAm2ڽӠߟ߬XJߴjIxqՁ:rc[ []G(*P29n/cù \P@+!Pf82sJ.>VQ͏0?1*J^ b \CϟmAR LyBu1]N Z`w# ꗭd;3c酥+q 7ka'=~:&+J}mr`VSՌt x>^M3s }ot:]v tc\{|XW(4Ҭ-NjנLy6':- 鴠p'4,A03F"WVgn{QA-F9lU.aQ5[Fwggg"o=VS33vk= pӨAZ]cEP)r UDr}\ ?T .Յ7haey Uhnb87]~U"3pXnm2IɆV͌ P|w;5;ťjR'q*=?d d'7"RwFX⫆gz%'kQbA׋}|wKZK tRhǨudnB9Bͺ0ZFz ORqE`K(mP峪iܬ.`|,E=3eh gM tFly'!$fNu sxOz; iFmw-|S[&3NVlv,8'rnz6\qisQ]G{2{^;9|`YVY ̈́ǥ`E`gPv7qê ukD '1 $0;4k3{y1^ӄȍH!F2~mX TaZD&e< lHT a&P3%^k6 ΗNK8/eK216NGhyi}yA0_ n5eG X烖 /}[Si P  t_cxDI35v8O͡ I* s.O˵?>J ʳc#;M;h^(n 4[d`3We :0 !WGW;7$;h .ʠa^d&rA16j;J\;y3/qS3ֲ;`c<^ur>(J8n:7eU3GLPI CZS 9=9 VQed:n+\BB19M~bvV!={9t($jYFw,tnsۓ#FU1,_J ]crYY05IrX c] B:{>={`+K8fxx.g0QɢzW8R065Ҡ?Sp?Lh0$#t 9rwr'/q5 m"ڈΒrp&b݋B/}e>UшFy;+J$|)F0VO(`K=pe+YŽfp: VlzB)\2VĔحgIa3OZN.+6)+#܆~D?o;l4Xe:\*{yVKSI^3w:=NX Hm/=PZ(n_Wgia|0&.Dz4Gƅ6MkM8bB\_;H-I&a*ި:Ğ Pc+op5f^חnӨ;@ ($te#Wߟt~Q}-iBc#&{Q>i>s Ʌ2呫ή;e\?.66 F|3ZX|x9jK,-Օ^Cbגx@¾b?:3` Q=o\=,GZ;Iq2HrFHK!ѓ2\)vfg8wIk 9iFZ81i/W_]WQw8ix(SQF)bPK_z0\^M6I^e&DUs%'Kb:L?)-ULkAB?+5jTEDG]έ]/ex-9C9CI$/H@!t7F܇+{ W+- ^Zxpw8\ܠPLS)mX*%,%mC>r6S@kZ5e9J(S?H!K9T|k6}NM^˂7U.^A#=v 1P'ƱKLD$'amu2{V蕈[^ u/?Rt0h i~~p|̸]ӈUx2U"g$0Jc>}ILÝ!]PaAW7Dk(IXbw _]떖azI5R"n=0iofRwf^ XllDp5؆1/2)MnVB-Bb7H.\A뾋֝EsPL>vM~M${W~2p]sHǟ*lC~tڛ[_)[MUtpQq\R^De6fc4ޏbybN@bl|]Hq]8ɋg5}|(1 -]:DZ M~h# #{@tqP!ZeF%"8૾!d{{%= -1g+Z$I5hIbTwtx~6P6_fFz̯y{gg#-B $y dM#tp=ASA]w3I"E*q% fpW#O.V,n( igx{HhMfߕB l I_mF+2.cL[鵿3B{2P]½)#'`I>W+PLgilVJbɭ*vnGKZċ"tId! dz}Oql5[998l42H]`ԉM0(#I8ԦS@_}fFm7<p>QrIE8ܻ(I+똈fR[ Kv=٨H@bM|N+U |53{Yo#r!'c<]5X/ ӫD-]cs4aqaJ4MGQਕD$0>q "$BDj+Bl3f:g44BcؚN/m*`i<'qPֵ_%+d)\Zk`\שum]8à]BG'IQVoM66״ף&RӅVòtyxxt8cuF6ZXʠ ͻ +c*kdZ?#3.w!)7u )uz[%r|keh"|C\^bEΉ @|w-Y$]X94~tkF@XZ^ͲxZkJ;l\jOK\Ne˚nmK-,8Imt|=n; ԴRcV 6WhW u h xs<.phUtp/cGܖN j6ow𘥈j` ˷Wf JDrQOi"͘|ږTq.oLC8CTWbڪJ˧`6 >tE/5a@t{JDi-yc/mߠ y'x8z,,4OP2"&_kon2._iOlFoVӊRy@Rrr\}1 P!\|   qrWMq߂GMQaR! , ך)e [l)r}lŸNc/23¶+h=(ApzmU0NS`HRIЩi/X150+[zIRg҇uwfyt4C#*T}Ņ~ |s7;z #426咯׿{O9 Ϯq{L&"Q<ystsڇCR7XQ 91ab+38w#ԧ[?d Hc&JR Ŧx?w ^AaPi? gd23+Kqݺaa$1B.֎,-0ŒY[4=Wn-@t<8L mjtL+rQA$DcAXӅ/3;S s-!y[mJ`EµPw:>)~;S#"@9QA9#)_U2xO@:ȿWr~zVH#SkW.RI32Id-~wERtU+Ȣ"ɯ u-H齃1K<f_zA]ߤ{`Ja43wR  _&vc%CL\0fRu!K7+QD 0@7X1K %|Z9X˷Il5%V<VmZ/~+`j:8%ܻÜX{V* \πAB@+,.AG:79K~Ⱦ[=c3-ޓ/T6s\Q./yI<~y:f?/ğzY^6ᥓ^^7& F#8^tSݓI8`TGD'? 2t[ޟ֋2 " [Y;S#d5:bw$:4m['$;nW X6zK g{@K42hep/Уն0Ume Os[% YZ