Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2017-10-31 15:43:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Tue Oct 31 15:43:06 2017 rev:149 rq:537613 version:3.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2017-10-21 20:21:05.340930057 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2017-10-31 15:43:06.407716872 +0100 @@ -1,0 +2,12 @@ +Mon Oct 30 12:12:08 UTC 2017 - [email protected] + +- update to 3.2.4 + * DANE interoperability. Postfix builds with OpenSSL 1.0.0 or + 1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS + records associated with an intermediate CA certificate. Problem + report and initial fix by Erwan Legrand. + * Missing dynamicmaps support in the Postfix sendmail command. + This broke authorized_submit_users settings that use a + dynamically-loaded map type. Problem reported by Ulrich Zehl. + +------------------------------------------------------------------- Old: ---- postfix-3.2.3.tar.gz New: ---- postfix-3.2.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.MhpAJu/_old 2017-10-31 15:43:07.359682363 +0100 +++ /var/tmp/diff_new_pack.MhpAJu/_new 2017-10-31 15:43:07.363682218 +0100 @@ -62,7 +62,7 @@ %define _unitdir /lib/systemd %endif Name: postfix -Version: 3.2.3 +Version: 3.2.4 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 ++++++ postfix-3.2.3.tar.gz -> postfix-3.2.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.3/HISTORY new/postfix-3.2.4/HISTORY --- old/postfix-3.2.3/HISTORY 2017-09-24 14:30:07.000000000 +0200 +++ new/postfix-3.2.4/HISTORY 2017-10-28 14:30:16.000000000 +0200 @@ -23004,7 +23004,7 @@ Safety: restore sanity checks for dynamically-specified width and precision in format strings (%*, %.*, and %*.*). - These checks were lost with the Postfix 3.2.2 rewrite of + These checks were lost with the Postfix 3.2 rewrite of the vbuf_print formatter. File: vbuf_print.c. 20170923 @@ -23012,5 +23012,19 @@ Bugfix (introduced: Postfix 3.2): panic in the postqueue command after output write error while listing the queue. This change restores a write error check that was lost with - the Postfix 3.2.2 rewrite of the vbuf_print formatter. + the Postfix 3.2 rewrite of the vbuf_print formatter. Problem reported by Andreas Schulze. File: util/vbuf_print.c. + +20171009 + + Bugfix (introduced: Postfix 3.1): DANE support. Postfix + builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to + some sites with "TLSA 2 X X" records associated with an + intermediate CA certificate. Problem report and initial + fix by Erwan Legrand. File: src/tls/tls_dane.c. + +20171024 + + Bugfix (introduced: Postfix 3.0) missing dynamicmaps support + in the Postfix sendmail command broke authorized_submit_users + with a dynamically-loaded map type. File: sendmail/sendmail.c. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.3/src/global/mail_version.h new/postfix-3.2.4/src/global/mail_version.h --- old/postfix-3.2.3/src/global/mail_version.h 2017-09-24 14:21:50.000000000 +0200 +++ new/postfix-3.2.4/src/global/mail_version.h 2017-10-28 16:12:12.000000000 +0200 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170924" -#define MAIL_VERSION_NUMBER "3.2.3" +#define MAIL_RELEASE_DATE "20171028" +#define MAIL_VERSION_NUMBER "3.2.4" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.3/src/sendmail/Makefile.in new/postfix-3.2.4/src/sendmail/Makefile.in --- old/postfix-3.2.3/src/sendmail/Makefile.in 2017-02-06 00:36:30.000000000 +0100 +++ new/postfix-3.2.4/src/sendmail/Makefile.in 2017-10-24 16:42:16.000000000 +0200 @@ -73,6 +73,7 @@ sendmail.o: ../../include/htable.h sendmail.o: ../../include/iostuff.h sendmail.o: ../../include/mail_conf.h +sendmail.o: ../../include/mail_dict.h sendmail.o: ../../include/mail_flush.h sendmail.o: ../../include/mail_params.h sendmail.o: ../../include/mail_parm_split.h diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.3/src/sendmail/sendmail.c new/postfix-3.2.4/src/sendmail/sendmail.c --- old/postfix-3.2.3/src/sendmail/sendmail.c 2017-02-06 01:05:04.000000000 +0100 +++ new/postfix-3.2.4/src/sendmail/sendmail.c 2017-10-24 16:35:52.000000000 +0200 @@ -495,6 +495,7 @@ #include <deliver_request.h> #include <mime_state.h> #include <header_opts.h> +#include <mail_dict.h> #include <user_acl.h> #include <dsn_mask.h> #include <mail_parm_split.h> @@ -1114,6 +1115,8 @@ msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY); get_mail_conf_str_table(str_table); + mail_dict_init(); + if (chdir(var_queue_dir)) msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.3/src/tls/tls_dane.c new/postfix-3.2.4/src/tls/tls_dane.c --- old/postfix-3.2.3/src/tls/tls_dane.c 2017-02-19 02:58:21.000000000 +0100 +++ new/postfix-3.2.4/src/tls/tls_dane.c 2017-10-09 17:06:02.000000000 +0200 @@ -1450,7 +1450,7 @@ /* set_issuer - set issuer DN to match akid if specified */ -static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid) +static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) { X509_NAME *name = akid_issuer_name(akid); @@ -1460,7 +1460,7 @@ */ if (name) return (X509_set_issuer_name(cert, name)); - return (X509_set_issuer_name(cert, X509_get_subject_name(cert))); + return (X509_set_issuer_name(cert, subj)); } /* grow_chain - add certificate to trusted or untrusted chain */ @@ -1522,7 +1522,7 @@ */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) - || !set_issuer_name(cert, akid) + || !set_issuer_name(cert, akid, name) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) @@ -1798,6 +1798,10 @@ #include <mail_conf.h> #include <msg_vstream.h> +#if OPENSSL_VERSION_NUMBER < 0x10002000L +#define SSL_get0_param(s) ((s)->param) +#endif + static int verify_chain(SSL *ssl, x509_stack_t *chain, TLS_SESS_STATE *tctx) { int ret;
