Log message:
Bump PKGREVISION for security/openssl ABI bump.

Log message:
Add SHA512 digests for distfiles for mail category

Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Log message:
Update sendmail to 8.15.2.

pkgsrc change:  default to enable TLS
- this has been requested a couple of times and most systems are going
  to have a recent enough version of openssl so in most cases there
  won't be additional dependencies

8.15.2/8.15.2	2015/07/03
	If FEATURE(`nopercenthack') is used then some bogus input triggered
		a recursion which was caught and logged as
		SYSERR: rewrite: excessive recursion (max 50) ...
		Fix based on patch from Ondrej Holas.
	DHParameters now by default uses an included 2048 bit prime.
		The value 'none' previously caused a log entry claiming
		there was an error "cannot read or set DH parameters".
		Also note that this option applies to the server side only.
	The U= mailer field didn't accept group names containing hyphens,
		underbars, or periods.  Based on patch from David Gwynne
		of the University of Queensland.
	CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
		Patch from Lars-Johan Liman of Netnod Internet Exchange.
	CONFIG: New option UseCompressedIPv6Addresses to select between
		compressed and uncompressed IPv6 addresses.  The default
		value depends on the compile-time option IPV6_FULL:
		For 1 the default is False, for 0 it is True, thus
		preserving the current behaviour.  Based on patch from
		John Beck of Oracle.
	CONFIG: Account for IPv6 localhost addresses in
		FEATURE(`block_bad_helo').  Suggested by Andrey Chernov
		from FreeBSD and Robert Scheck from the Fedora Project.
	CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
	LIBMILTER: Deal with more invalid protocol data to avoid potential
		crashes.  Problem noted by Dimitri Kirchner.
	LIBMILTER: Allow a milter to specify an empty macro list ("", not
		NULL) in smfi_setsymlist() so no macro is sent for the
		selected stage.
	MAKEMAP: A change to check TrustedUser in fewer cases which was
		made in 2013 caused a potential regression when makemap
		was run as root (which should not be done anyway).
	Note: sendmail often contains options "For Future Releases"
		(prefix _FFR_) which might be enabled in a subsequent
		version or might simply be removed as they turned out not
		to be really useful.  These features are usually not
		documented but if they are, then the required (FFR)
		options are listed in
		- doc/op/op.* for rulesets and macros,
		- cf/README for mc/cf options.

Log message:
Update sendmail to 8.15.1:  this is mostly a feature/bugfix release.

Note that there was an incompatible config change for IPv6 users.
See the MESSAGE file for details.

pkgsrc change: delete a couple of patches that have been upstreamed

Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.15.1. This release:

   o offers more TLS related features,
   o does not ignore temporary map lookup failures during header rewriting,
   o uses uncompressed IPv6 addresses by default, which is an incompatible
     change that requires to update IPv6 related configuration data.

as well as many other enhancements.  For details see the release
notes below.

                        SENDMAIL RELEASE NOTES

This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.

8.15.1/8.15.1   2014/12/06
        SECURITY: Properly set the close-on-exec flag for file descriptors
                (except stdin, stdout, and stderr) before executing mailers.
        If header rewriting fails due to a temporary map lookup failure,
                queue the mail for later retry instead of sending it
                without rewriting the header.  Note: this is done
                while the mail is being sent and hence the transaction
                is aborted, which only works for SMTP/LMTP mailers
                hence the handling of temporary map failures is
                suppressed for other mailers. SMTP/LMTP servers may
                complain about aborted transactions when this problem
                occurs.
                See also "DNS Lookups" in sendmail/TUNING.
        Incompatible Change: Use uncompressed IPv6 addresses by default,
                i.e., they will not contain "::".  For example,
                instead of ::1 it will be 0:0:0:0:0:0:0:1.  This
                permits a zero subnet to have a more specific match,
                such as different map entries for IPv6:0:0 vs IPv6:0.
                This change requires that configuration data
                (including maps, files, classes, custom ruleset,
                etc) must use the same format, so make certain such
                configuration data is updated before using 8.15.
                As a very simple check search for patterns like
                'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary,
                the prior format can be retained by compiling with:
                APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0')
                in your devtools/Site/site.config.m4 file.
        If debugging is turned on (-d0.14) also print the OpenSSL
                versions, both build time and run time
                (provided STARTTLS is compiled in).
        If a connection to the MTA is dropped by the client before its
                hostname can be validated, treat it as "may be forged",
                so that the unvalidated hostname is not passed to a
                milter in xxfi_connect().
        Add a timeout for communication with socket map servers
                which can be specified using the -d option.
        Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow
                numeric logins even if HESIOD is enabled.
        The new option CertFingerprintAlgorithm specifies the finger-
                print algorithm (digest) to use for the presented cert.
                If the option is not set, md5 is used and the macro
                {cert_md5} contains the cert fingerprint.
                However, if the option is set, the specified algorithm
                (e.g., sha1) is used and the macro {cert_fp} contains
                the cert fingerprint.
                That is, as long as the option is not set, the behaviour
                does not change, but otherwise, {cert_md5} is superseded
                by {cert_fp} even if you set CertFingerprintAlgorithm
                to md5.
        The options ServerSSLOptions and ClientSSLOptions can be used
                to set SSL options for the server and client side
                respectively. See SSL_CTX_set_options(3) for a list.
                Note: this change turns on SSL_OP_NO_SSLv2 and
                SSL_OP_NO_TICKET for the client. See doc/op/op.me
                for details.
        A new map type "arpa" is available to reverse an IP (IPv4 or IPv6)
                address. It returns the string for the PTR lookup, but
                without trailing {ip6,in-addr}.arpa.
        New operation mode  'C' just checks the configuration file, e.g.,
                sendmail -C new.cf -bC
                will perform a basic syntax/consistency check of new.cf.
        The mailer flag 'I' is deprecated and will be removed in a
                future version.
        Allow local (not just TCP) socket connections to the server, e.g.,
                O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock
                can be used.
        If the new option MaxQueueAge is set to a value greater than zero,
                entries in the queue will be retried during a queue run
                only if the individual retry time has been reached which
                is doubled for each attempt.  The maximum retry time is
                limited by the specified value.
        New DontBlameSendmail option GroupReadableDefaultAuthInfoFile
                to relax requirement for DefaultAuthInfo file.
        Reset timeout after receiving a message to appropriate value if
                STARTTLS is in use.  Based on patch by Kelsey Cummings
                of Sonic.net.
        Report correct error messages from the LDAP library for a range of
                small negative return values covering those used by OpenLDAP.
        Fix compilation with Berkeley DB 5.0 and 6.0.  Patch from
                Allan E Johannesen of Worcester Polytechnic Institute.
        CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or
                nospecial which describes whether to disallow "%" in the
                local part of an address.
        DEVTOOLS: Fix regression in auto-detection of libraries when only
                shared libraries are available.  Problem reported by
                Bryan Costales.
        LIBMILTER: Mark communication socket as close-on-exec in case
                a user's filter starts other applications.
                Based on patch from Paul Howarth.
        Portability:
                SunOS 5.12 has changed the API for sigwait(2) to conform
                with XPG7.  Based on patch from Roger Faulkner of Oracle.
        Deleted Files:
                libsm/path.c

Log message:
Regen. Hi jnementh@!

Log message:
build fix for clang

Log message:
No, we don't install rmail{,.8}.

Log message:
Bah!  Don't bother installing rmail as it comes with the UUCP package

Log message:
Update to sendmail 8.14.9nb2: this is a pkgsrc bugfix update.

This should be the last update during the freeze.

PR/48566 - Emmanuel Dreyfus -- typo in patch-aw leading to build failure
PR/48913 - Matthias Scheler -- libmilter fails on unprivileged builds

Log message:
Update to sendmail 8.14.9nb1: this is a pkgsrc bugfix update

- remove some HTML cruft from netbsd-proto.mc
- stop trying to set file ownership and group during stage-install
- initialize sm_res earlier and test before calling res_ninit()
- clear SSL_OP_TLSEXT_PADDING by defualt to fix interoperability issues
- eliminate stray call to res_search()
  - verified with nm that all deprecated resolver functions have been eradicated

The above should address the folling PRs:

- PR/47207 - Richard Palo -- attempt to set ownership when unprivileged
- PR/48566 - Emmanuel Dreyfus -- problem with TLS timeouts
- PR/48913 - Matthias Scheler -- attempt to set ownership when unprivileged