Hello community, here is the log from the commit of package sendmail for openSUSE:Leap:15.2 checked in at 2020-01-31 17:19:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/sendmail (Old) and /work/SRC/openSUSE:Leap:15.2/.sendmail.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sendmail" Fri Jan 31 17:19:39 2020 rev:27 rq:768564 version:8.15.2 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/sendmail/sendmail.changes 2020-01-15 16:01:54.227877232 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.sendmail.new.26092/sendmail.changes 2020-01-31 17:19:41.428496714 +0100 @@ -1,0 +2,39 @@ +Thu Jan 30 10:36:21 UTC 2020 - Dr. Werner Fink <[email protected]> + +- Add upstream patch 8.15.2.mci.p0 + * If sendmail tried to reuse an SMTP session which had already been + closed by the server, then the connection cache could have invalid + information about the session. One possible consequence was that + STARTTLS was not used even if offered. + +------------------------------------------------------------------- +Thu Dec 19 14:47:17 UTC 2019 - Dominique Leuenberger <[email protected]> + +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. + +------------------------------------------------------------------- +Mon Oct 14 10:25:24 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Avoid recursion trouble in spec file cause by undefined _lto_cflags + +------------------------------------------------------------------- +Sat Sep 28 07:32:14 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Add patch sendmail-8.15.2-glibc-2.30.patch + * The former deprecated macro RES_USE_INET6 is gone with glibc 2.30 + +------------------------------------------------------------------- +Mon Sep 9 08:00:18 UTC 2019 - Dr. Werner Fink <[email protected]> + +- Use FAT LTO objects in order to provide proper static library. + +------------------------------------------------------------------- +Fri Jul 26 09:37:21 UTC 2019 - [email protected] + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- New: ---- 8.15.2.mci.p0 sendmail-8.15.2-glibc-2.30.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sendmail.spec ++++++ --- /var/tmp/diff_new_pack.2LFKzk/_old 2020-01-31 17:19:43.244497697 +0100 +++ /var/tmp/diff_new_pack.2LFKzk/_new 2020-01-31 17:19:43.248497700 +0100 @@ -1,7 +1,7 @@ # # spec file for package sendmail # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -49,9 +49,9 @@ %if 0%{?suse_version} > 1140 BuildRequires: libnsl-devel BuildRequires: pkg-config -BuildRequires: systemd-devel +BuildRequires: pkgconfig(libsystemd) %endif -Url: http://www.sendmail.org/ +URL: http://www.sendmail.org/ %define SUBDIRS libsmutil libsmdb sendmail mail.local mailstats makemap praliases rmail smrsh libmilter libsm editmap Provides: sendcf Provides: sendmail-tls @@ -106,6 +106,8 @@ Patch0: sendmail-8.15.2.dif # PATCH-FIX-OPENSUSE: if select(2) is interrupted the timeout become undefined Patch1: sendmail-8.14.7-select.dif +# PATCH-FIX-UPSTREAM: SMTP session reuse bugfix (boo#1162204) +Patch2: 8.15.2.mci.p0 # PATCH-FIX-UPSTREAM: Detect shared libraries Patch4: sendmail-8.14.8-m4header.patch # PATCH-FIX-DEBIAN: systemd socket activation support for libmilter @@ -114,6 +116,8 @@ Patch7: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch # PATCH-FIX-OPENSUSE: make build result reproducible Patch8: sendmail-8.15.2-reproducible.patch +# PATCH-FIX-OPENSUSE: The former deprecated macro RES_USE_INET6 is gone with glibc 2.30 +Patch9: sendmail-8.15.2-glibc-2.30.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir %{_sysconfdir} %global _mailcnfdir %{_sysconfdir}/mail @@ -206,6 +210,7 @@ %prep %setup -n sendmail-%{version} %patch1 -p0 -b .select +%patch2 -p0 -b .reuse %patch4 -p0 -b .m4head %patch5 -p1 -b .fdmilt if pkg-config --atleast-version=1.1.0 openssl; then @@ -214,6 +219,7 @@ fi %patch0 -p0 -b .p0 %patch8 -p1 -b .reproducible +%patch9 -p0 -b .use_inet6 tar --strip-components=1 -xf %{S:1} set -f cat <<-EOF > file-list @@ -246,6 +252,7 @@ set +f %build +%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects # ID=$(id -u) RPM_OPT_FLAGS="%{optflags} -fno-strict-aliasing -D_GNU_SOURCE" @@ -303,7 +310,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d %endif mkdir -p %{buildroot}%{_sysconfdir}/pam.d - mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services mkdir -p %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_libexecdir}/sendmail.d/bin mkdir -p %{buildroot}%{_datadir}/sendmail @@ -429,7 +435,6 @@ sed -ri '\@/etc/init.d/sendmail@d' %{buildroot}%{_sysconfdir}/permissions.d/sendmail.paranoid %endif install -m 0644 smtp %{buildroot}%{_sysconfdir}/pam.d/smtp - install -m 0644 fw %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/sendmail install update.sendmail %{buildroot}%{_libexecdir}/sendmail.d/update %if 0%{?suse_version} <= 1140 sed -ri 's/,,//g' %{buildroot}%{_libexecdir}/sendmail.d/update @@ -651,7 +656,6 @@ %{_fillupdir}/sysconfig.sendmail %{_fillupdir}/sysconfig.mail-sendmail %config %attr(0644,root,root) %{_sysconfdir}/pam.d/smtp -%config %attr(0644,root,root) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/sendmail %if %{with sysvinit} %config %attr(0744,root,root) %{_sysconfdir}/init.d/sendmail %endif ++++++ 8.15.2.mci.p0 ++++++ If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session. One possible consequence was that STARTTLS was not used even if offered. The problem can be fixed by either: - applying this patch (for 8.15.2) - or disabling the connection cache: define(`confMCI_CACHE_SIZE', `0') The problem can be mitigated by setting at least one of these options: - using a very short timeout: define(`confMCI_CACHE_TIMEOUT', `5s') - sorting the queue by hosts: define(`confQUEUE_SORT_ORDER', `Host') To apply this patch, cd to the source code directory, then rebuild and reinstall sendmail. cd sendmail-8.15.2 patch < 8.15.2.mci.p0 Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer) for those who would like to test upcoming releases. diff -ru sendmail-/deliver.c sendmail/deliver.c --- sendmail-/deliver.c 2016-02-29 06:01:55.000000000 -0800 +++ sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800 @@ -6274,8 +6274,7 @@ tlslogerr(LOG_WARNING, "client"); } - SSL_free(clt_ssl); - clt_ssl = NULL; + SM_SSL_FREE(clt_ssl); return EX_SOFTWARE; } mci->mci_ssl = clt_ssl; @@ -6287,8 +6286,7 @@ return EX_OK; /* failure */ - SSL_free(clt_ssl); - clt_ssl = NULL; + SM_SSL_FREE(clt_ssl); return EX_SOFTWARE; } /* @@ -6309,7 +6307,7 @@ if (!bitset(MCIF_TLSACT, mci->mci_flags)) return EX_OK; - r = endtls(mci->mci_ssl, "client"); + r = endtls(&mci->mci_ssl, "client"); mci->mci_flags &= ~MCIF_TLSACT; return r; } diff -ru sendmail-/macro.c sendmail/macro.c --- sendmail-/macro.c 2016-02-29 06:01:55.000000000 -0800 +++ sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800 @@ -362,6 +362,33 @@ } /* +** MACTABCLEAR -- clear entire macro table +** +** Parameters: +** mac -- Macro table. +** +** Returns: +** none. +** +** Side Effects: +** clears entire mac structure including rpool pointer! +*/ + +void +mactabclear(mac) + MACROS_T *mac; +{ + int i; + + if (mac->mac_rpool == NULL) + { + for (i = 0; i < MAXMACROID; i++) + SM_FREE_CLR(mac->mac_table[i]); + } + memset((char *) mac, '\0', sizeof(*mac)); +} + +/* ** MACDEFINE -- bind a macro name to a value ** ** Set a macro to a value, with fancy storage management. diff -ru sendmail-/mci.c sendmail/mci.c --- sendmail-/mci.c 2016-02-29 06:01:55.000000000 -0800 +++ sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800 @@ -25,6 +25,7 @@ int, bool)); static bool mci_load_persistent __P((MCI *)); static void mci_uncache __P((MCI **, bool)); +static void mci_clear __P((MCI *)); static int mci_lock_host_statfile __P((MCI *)); static int mci_read_persistent __P((SM_FILE_T *, MCI *)); @@ -253,6 +254,7 @@ SM_FREE_CLR(mci->mci_status); SM_FREE_CLR(mci->mci_rstatus); SM_FREE_CLR(mci->mci_heloname); + mci_clear(mci); if (mci->mci_rpool != NULL) { sm_rpool_free(mci->mci_rpool); @@ -315,6 +317,41 @@ } /* +** MCI_CLEAR -- clear mci +** +** Parameters: +** mci -- the connection to clear. +** +** Returns: +** none. +*/ + +static void +mci_clear(mci) + MCI *mci; +{ + if (mci == NULL) + return; + + mci->mci_maxsize = 0; + mci->mci_min_by = 0; + mci->mci_deliveries = 0; +#if SASL + if (bitset(MCIF_AUTHACT, mci->mci_flags)) + sasl_dispose(&mci->mci_conn); +#endif +#if STARTTLS + if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL) + SM_SSL_FREE(mci->mci_ssl); +#endif + + /* which flags to preserve? */ + mci->mci_flags &= MCIF_CACHED; + mactabclear(&mci->mci_macro); +} + + +/* ** MCI_GET -- get information about a particular host ** ** Parameters: @@ -419,6 +456,7 @@ mci->mci_errno = 0; mci->mci_exitstat = EX_OK; } + mci_clear(mci); } return mci; diff -ru sendmail-/sendmail.h sendmail/sendmail.h --- sendmail-/sendmail.h 2016-02-29 06:01:55.000000000 -0800 +++ sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800 @@ -1186,6 +1186,7 @@ #define macid(name) macid_parse(name, NULL) extern char *macname __P((int)); extern char *macvalue __P((int, ENVELOPE *)); +extern void mactabclear __P((MACROS_T *)); extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **)); extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int)); extern void setclass __P((int, char *)); @@ -2002,7 +2003,15 @@ extern void setclttls __P((bool)); extern bool initsrvtls __P((bool)); extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); -extern int endtls __P((SSL *, char *)); +#define SM_SSL_FREE(ssl) \ + do { \ + if (ssl != NULL) \ + { \ + SSL_free(ssl); \ + ssl = NULL; \ + } \ + } while (0) +extern int endtls __P((SSL **, char *)); extern void tlslogerr __P((int, const char *)); diff -ru sendmail-/srvrsmtp.c sendmail/srvrsmtp.c --- sendmail-/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800 +++ sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800 @@ -2122,8 +2122,7 @@ if (get_tls_se_options(e, srv_ssl, true) != 0) { message("454 4.3.3 TLS not available: error setting options"); - SSL_free(srv_ssl); - srv_ssl = NULL; + SM_SSL_FREE(srv_ssl); goto tls_done; } @@ -2145,8 +2144,7 @@ SSL_set_wfd(srv_ssl, wfd) <= 0) { message("454 4.3.3 TLS not available: error set fd"); - SSL_free(srv_ssl); - srv_ssl = NULL; + SM_SSL_FREE(srv_ssl); goto tls_done; } if (!smtps) @@ -2188,8 +2186,7 @@ tlslogerr(LOG_WARNING, "server"); } tls_ok_srv = false; - SSL_free(srv_ssl); - srv_ssl = NULL; + SM_SSL_FREE(srv_ssl); /* ** according to the next draft of @@ -3416,7 +3413,7 @@ /* shutdown TLS connection */ if (tls_active) { - (void) endtls(srv_ssl, "server"); + (void) endtls(&srv_ssl, "server"); tls_active = false; } #endif /* STARTTLS */ diff -ru sendmail-/tls.c sendmail/tls.c --- sendmail-/tls.c 2016-02-29 06:01:55.000000000 -0800 +++ sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800 @@ -1624,7 +1624,7 @@ ** ENDTLS -- shutdown secure connection ** ** Parameters: -** ssl -- SSL connection information. +** pssl -- pointer to TLS session context ** side -- server/client (for logging). ** ** Returns: @@ -1632,12 +1632,16 @@ */ int -endtls(ssl, side) - SSL *ssl; +endtls(pssl, side) + SSL **pssl; char *side; { int ret = EX_OK; + SSL *ssl; + SM_REQUIRE(pssl != NULL); + ret = EX_OK; + ssl = *pssl; if (ssl != NULL) { int r; @@ -1703,8 +1707,7 @@ ret = EX_SOFTWARE; } # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ - SSL_free(ssl); - ssl = NULL; + SM_SSL_FREE(*pssl); } return ret; } ++++++ sendmail-8.15.2-glibc-2.30.patch ++++++ The former deprecated macro RES_USE_INET6 is gone with glibc 2.30 --- libmilter/sm_gethost.c | 6 ++++-- sendmail/conf.c | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) --- libmilter/sm_gethost.c +++ libmilter/sm_gethost.c 2019-09-28 07:27:46.512228011 +0000 @@ -51,18 +51,20 @@ sm_getipnodebyname(name, family, flags, { bool resv6 = true; struct hostent *h; - +#ifdef RES_USE_INET6 if (family == AF_INET6) { /* From RFC2133, section 6.1 */ resv6 = bitset(RES_USE_INET6, _res.options); _res.options |= RES_USE_INET6; } +#endif SM_SET_H_ERRNO(0); h = gethostbyname(name); +#ifdef RES_USE_INET6 if (family == AF_INET6 && !resv6) _res.options &= ~RES_USE_INET6; - +#endif /* the function is supposed to return only the requested family */ if (h != NULL && h->h_addrtype != family) { --- sendmail/conf.c +++ sendmail/conf.c 2019-09-28 07:28:39.103245002 +0000 @@ -4242,18 +4242,20 @@ sm_getipnodebyname(name, family, flags, # else /* HAS_GETHOSTBYNAME2 */ bool resv6 = true; - +#ifdef RES_USE_INET6 if (family == AF_INET6) { /* From RFC2133, section 6.1 */ resv6 = bitset(RES_USE_INET6, _res.options); _res.options |= RES_USE_INET6; } +#endif SM_SET_H_ERRNO(0); h = gethostbyname(name); +#ifdef RES_USE_INET6 if (!resv6) _res.options &= ~RES_USE_INET6; - +#endif /* the function is supposed to return only the requested family */ if (h != NULL && h->h_addrtype != family) { ++++++ sendmail-suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sendmail-suse/suse/fw new/sendmail-suse/suse/fw --- old/sendmail-suse/suse/fw 2013-10-01 11:50:11.000000000 +0200 +++ new/sendmail-suse/suse/fw 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -## Name: SMTP with sendmail -## Description: Firewall Configuration file for sendmail - -# space separated list of allowed TCP ports -TCP="25 587" - -# space separated list of allowed UDP ports -UDP="" - -# space separated list of allowed RPC services -RPC="" - -# space separated list of allowed IP protocols -IP="" - -# space separated list of allowed UDP broadcast ports -BROADCAST="" -
