Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2026-05-21 18:24:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Thu May 21 18:24:51 2026 rev:273 rq:1354034 version:3.11.3 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2026-05-13 17:20:20.457795034 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new.2084/postfix-bdb.changes 2026-05-21 18:24:55.668618728 +0200 @@ -1,0 +2,16 @@ +Sun May 17 18:49:21 UTC 2026 - Arjen de Korte <[email protected]> + +- update to 3.11.3 + * Bitrot: builds with musl libc broke, because they were using an + obsolete NO_SNPRINTF code path that had not been updated for Claude + Code findings. + * Two fixes for a signed integer overshift condition (a left shift into + the sign bit). This "works" on contemporary CPUs, but may break in + the future. One reported by Kamil Frankowicz, and one by Robert Sayre. + * Viktor Dukhovni fixed an 'uninitialized value' error in the + 'collate.pl' script. + * Test code fixes by Viktor Dukhovni for a deprecation warning with + OpenSSL 4.0, and for a race condition that caused a test script + to fail. + +------------------------------------------------------------------- postfix.changes: same change Old: ---- postfix-3.11.2.tar.gz postfix-3.11.2.tar.gz.asc New: ---- postfix-3.11.3.tar.gz postfix-3.11.3.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix-bdb.spec ++++++ --- /var/tmp/diff_new_pack.P0czlD/_old 2026-05-21 18:24:57.364688348 +0200 +++ /var/tmp/diff_new_pack.P0czlD/_new 2026-05-21 18:24:57.368688512 +0200 @@ -61,7 +61,7 @@ %endif %bcond_without ldap Name: postfix-bdb -Version: 3.11.2 +Version: 3.11.3 Release: 0 Summary: A fast, secure, and flexible mailer License: EPL-2.0 OR IPL-1.0 postfix.spec: same change ++++++ postfix-3.11.2.tar.gz -> postfix-3.11.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/HISTORY new/postfix-3.11.3/HISTORY --- old/postfix-3.11.2/HISTORY 2026-05-02 01:45:50.000000000 +0200 +++ new/postfix-3.11.3/HISTORY 2026-05-15 19:47:50.000000000 +0200 @@ -30661,3 +30661,37 @@ Missing or incomplete guards for ssize_t or int overflow, found by Claude Opus 4.6. Files: util/argv.c, util/netstring.c, util/vbuf_print.c. + +20260507 + + Fix for 'uninitialized value' error. Viktor Dukhovni. File: + auxiliary/collate/collate.pl. + +20260508 + + Claude AI finding: signed integer overshift (util/vstring.h). + Brought to our attention by Robert Sayre. + +20260509 + + Bitrot fixes: deprecation warning with OpenSSL 4.0 + (tls/tls_dane.c); race condition fix in a test script + (tls/tls_dane.sh). Viktor Dukhovni. + +20260513 + + Bitrot: builds with musl libc were using the obsolete + NO_SNPRINTF code path in vbuf_print.c. File: util/sys_defs.h. + +20260514 + + Bitrot: the obsolete NO_SNPRINTF code path in vbuf_print.c + wasn't updated for Claude Code findings. File: util/vbuf_print.c. + +20250515 + + Portability: The __MAXINT__(T) macro, to determine the + maximal signed value for objects of type T, was using + implementation-defined behavior (shift one bit into the + sign position). This works today but may break later. + Reported by Kamil Frankowicz. File: util/sys_defs.h. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/auxiliary/collate/collate.pl new/postfix-3.11.3/auxiliary/collate/collate.pl --- old/postfix-3.11.2/auxiliary/collate/collate.pl 2022-02-11 22:56:54.000000000 +0100 +++ new/postfix-3.11.3/auxiliary/collate/collate.pl 2026-05-15 19:41:33.000000000 +0200 @@ -122,8 +122,7 @@ if (defined($transaction{$qid})) { $transaction{$qid} .= $_; } - $transaction{$newid} = - $_ . $transaction{$newid}; + $transaction{$newid} = $_ . ($transaction{$newid} // ""); $seqno{$newid} = ++$i if (! exists $seqno{$newid}); } next; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/src/global/mail_version.h new/postfix-3.11.3/src/global/mail_version.h --- old/postfix-3.11.2/src/global/mail_version.h 2026-05-01 20:59:09.000000000 +0200 +++ new/postfix-3.11.3/src/global/mail_version.h 2026-05-15 20:26:45.000000000 +0200 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20260501" -#define MAIL_VERSION_NUMBER "3.11.2" +#define MAIL_RELEASE_DATE "20260515" +#define MAIL_VERSION_NUMBER "3.11.3" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/src/tls/tls_dane.c new/postfix-3.11.3/src/tls/tls_dane.c --- old/postfix-3.11.2/src/tls/tls_dane.c 2025-11-13 22:15:08.000000000 +0100 +++ new/postfix-3.11.3/src/tls/tls_dane.c 2026-05-15 19:43:35.000000000 +0200 @@ -1356,7 +1356,7 @@ SSL_dane_set_flags(tctx->con, DANE_FLAG_NO_DANE_EE_NAMECHECKS); SSL_dane_set_flags(tctx->con, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); for (i = 7; i < argc; ++i) - if (!SSL_add1_host(tctx->con, argv[i])) + if (!TLS_ADD1_HOST(tctx->con, argv[i])) msg_fatal("error adding hostname: %s", argv[i]); load_tlsa_args(tctx->con, argv); SSL_set_connect_state(tctx->con); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/src/tls/tls_dane.sh new/postfix-3.11.3/src/tls/tls_dane.sh --- old/postfix-3.11.2/src/tls/tls_dane.sh 2025-11-13 22:07:13.000000000 +0100 +++ new/postfix-3.11.3/src/tls/tls_dane.sh 2026-05-15 19:43:35.000000000 +0200 @@ -51,6 +51,7 @@ local akid=$1; shift exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true") + key "$key" req "$key" "$cn" | cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days 30 } @@ -65,6 +66,7 @@ local cakey=$1; shift exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true") + key "$key" req "$key" "$cn" | cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ -set_serial 2 -days 30 "$@" @@ -83,6 +85,7 @@ "basicConstraints = CA:false" \ "extendedKeyUsage = serverAuth" \ "subjectAltName = @alts" "DNS=${cn}") + key "$key" req "$key" "$cn" | cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ -set_serial 2 -days 30 "$@" @@ -99,6 +102,7 @@ "basicConstraints = CA:true" \ "extendedKeyUsage = serverAuth" \ "subjectAltName = @alts" "DNS=${cn}") + key "$key" req "$key" "$cn" | cert "$cert" "$exts" -set_serial 1 -days 30 -signkey "${key}.pem" "$@" } @@ -107,8 +111,9 @@ local key=$1; shift local cert=$1; shift + key "$key" req_nocn "$key" | - cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@" + cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days 0 "$@" } runtest() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/src/util/sys_defs.h new/postfix-3.11.3/src/util/sys_defs.h --- old/postfix-3.11.2/src/util/sys_defs.h 2026-05-01 20:55:47.000000000 +0200 +++ new/postfix-3.11.3/src/util/sys_defs.h 2026-05-15 19:31:55.000000000 +0200 @@ -797,8 +797,6 @@ #if HAVE_GLIBC_API_VERSION_SUPPORT(2, 1) #define SOCKADDR_SIZE socklen_t #define SOCKOPT_SIZE socklen_t -#else -#define NO_SNPRINTF #endif #ifndef NO_IPV6 #define HAS_IPV6 @@ -1709,13 +1707,15 @@ /* * Bit banging!! There is no official constant that defines the INT_MAX - * equivalent for off_t, ssize_t, etc. Wietse came up with the following - * macro that works as long as off_t, ssize_t, etc. use one's or two's - * complement logic (that is, the maximum value is binary 01...1). Don't use - * right-shift for signed types: the result is implementation-defined. + * equivalent for off_t, ssize_t, etc. Decades ago, Wietse came up with a + * macro that worked on one's or two's complement logic (that is, the + * maximum value is binary 01...1). As Kamil Frankowicz pointed out, that + * code relied on shifting into the sign bit, which is not defined in the + * language standard. The current version still works on one's and two's + * complement logic, but avoids the undefined behavior. */ #include <limits.h> -#define __MAXINT__(T) ((T) ~(((T) 1) << ((sizeof(T) * CHAR_BIT) - 1))) +#define __MAXINT__(T) ((((T) 1 << (sizeof(T) * CHAR_BIT - 2)) - 1) * 2 + 1) #ifndef OFF_T_MAX #define OFF_T_MAX __MAXINT__(off_t) #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/src/util/vbuf_print.c new/postfix-3.11.3/src/util/vbuf_print.c --- old/postfix-3.11.2/src/util/vbuf_print.c 2026-05-01 20:53:40.000000000 +0200 +++ new/postfix-3.11.3/src/util/vbuf_print.c 2026-05-15 19:31:55.000000000 +0200 @@ -129,8 +129,11 @@ VBUF_SKIP(bp); \ } while (0) #else -#define VBUF_SNPRINTF(bp, sz, fmt, arg) do { \ - if (VBUF_SPACE((bp), (sz)) != 0) \ +#define VBUF_SNPRINTF(bp, width_or_prec, type_space, fmt, arg) do { \ + if ((width_or_prec) > INT_MAX - (type_space)) \ + msg_panic("vbuf_print: field width (%d + %lu) > INT_MAX", \ + (width_or_prec), (unsigned long) (type_space)); \ + if (VBUF_SPACE((bp), (width_or_prec) + (type_space)) != 0) \ return (bp); \ sprintf((char *) (bp)->ptr, (fmt), (arg)); \ VBUF_SKIP(bp); \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.11.2/src/util/vstring.h new/postfix-3.11.3/src/util/vstring.h --- old/postfix-3.11.2/src/util/vstring.h 2020-09-25 22:41:00.000000000 +0200 +++ new/postfix-3.11.3/src/util/vstring.h 2026-05-15 19:34:48.000000000 +0200 @@ -62,7 +62,7 @@ /* Flags 24..31 are reserved for VSTRING. */ #define VSTRING_FLAG_EXACT (1<<24) /* exact allocation for tests */ -#define VSTRING_FLAG_MASK (255 << 24) +#define VSTRING_FLAG_MASK (255U << 24) /* * Macros. Unsafe macros have UPPERCASE names.
