Hello community,
here is the log from the commit of package sendmail.12068 for
openSUSE:Leap:15.1:Update checked in at 2020-03-08 16:12:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/sendmail.12068 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.sendmail.12068.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sendmail.12068"
Sun Mar 8 16:12:53 2020 rev:1 rq:781215 version:8.15.2
Changes:
--------
New Changes file:
--- /dev/null 2019-12-19 10:12:34.003146842 +0100
+++
/work/SRC/openSUSE:Leap:15.1:Update/.sendmail.12068.new.26092/sendmail.changes
2020-03-08 16:12:55.538374638 +0100
@@ -0,0 +1,2174 @@
+-------------------------------------------------------------------
+Thu Jan 30 10:36:21 UTC 2020 - Dr. Werner Fink <[email protected]>
+
+- Add upstream patch 8.15.2.mci.p0 (boo#1164084)
+ * If sendmail tried to reuse an SMTP session which had already been
+ closed by the server, then the connection cache could have invalid
+ information about the session. One possible consequence was that
+ STARTTLS was not used even if offered.
+
+-------------------------------------------------------------------
+Thu Dec 19 14:47:17 UTC 2019 - Dominique Leuenberger <[email protected]>
+
+- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
+ Allow OBS to shortcut through the -mini flavors.
+
+-------------------------------------------------------------------
+Mon Oct 14 10:25:24 UTC 2019 - Dr. Werner Fink <[email protected]>
+
+- Avoid recursion trouble in spec file cause by undefined _lto_cflags
+
+-------------------------------------------------------------------
+Sat Sep 28 07:32:14 UTC 2019 - Dr. Werner Fink <[email protected]>
+
+- Add patch sendmail-8.15.2-glibc-2.30.patch
+ * The former deprecated macro RES_USE_INET6 is gone with glibc 2.30
+
+-------------------------------------------------------------------
+Mon Sep 9 08:00:18 UTC 2019 - Dr. Werner Fink <[email protected]>
+
+- Use FAT LTO objects in order to provide proper static library.
+
+-------------------------------------------------------------------
+Fri Jul 26 09:37:21 UTC 2019 - [email protected]
+
+- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
+ firewalld, see [1].
+
+ [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
+
+-------------------------------------------------------------------
+Fri Jan 4 11:53:28 UTC 2019 - Dr. Werner Fink <[email protected]>
+
+- Remove alias to mail-transfer-agent.target (boo#1116675)
+
+-------------------------------------------------------------------
+Fri Jul 27 07:56:17 UTC 2018 - [email protected]
+
+- Replace exec rm by delete/print.
+
+-------------------------------------------------------------------
+Mon Jul 16 08:09:53 UTC 2018 - [email protected]
+
+- Remove left over from last patch
+- Group daemon is required
+
+-------------------------------------------------------------------
+Tue Dec 5 05:30:57 UTC 2017 - [email protected]
+
+- Add sendmail-8.15.2-reproducible.patch to make package build reproducible
+
+-------------------------------------------------------------------
+Wed Nov 29 10:55:02 UTC 2017 - [email protected]
+
+- Add _FFR_TLS_EC m4 macro definition for site configuration as
+ well (boo#1070065)
+
+-------------------------------------------------------------------
+Thu Nov 23 13:43:24 UTC 2017 - [email protected]
+
+- Replace references to /var/adm/fillup-templates with new
+ %_fillupdir macro (boo#1069468)
+
+-------------------------------------------------------------------
+Thu Nov 9 10:21:44 UTC 2017 - [email protected]
+
+- Apply former patches only if openssl 1.1.0+ are installed
+
+-------------------------------------------------------------------
+Wed Nov 8 15:42:28 UTC 2017 - [email protected]
+
+- support build with openssl 1.1 (bsc#1067222)
+ * add patches from Fedora:
+ sendmail-8.15.2-openssl-1.1.0-fix.patch
+ sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch (rh#1473971)
+
+-------------------------------------------------------------------
+Thu Aug 17 09:01:30 CEST 2017 - [email protected]
+
+- Add libnsl-devel build requires for glibc obsoleting libnsl
+
+-------------------------------------------------------------------
+Wed Jul 19 10:53:07 UTC 2017 - [email protected]
+
+- Change requirements for libmilter and sendmail-devel as
+ the library is also used by other MTA like postfix (boo#1049188)
+
+-------------------------------------------------------------------
+Thu May 11 06:14:34 UTC 2017 - [email protected]
+
+- Require user and group mail
+
+-------------------------------------------------------------------
+Wed Apr 12 13:36:38 UTC 2017 - [email protected]
+
+- Add bitdomain and uudomain to possible targets for refresh
+
+-------------------------------------------------------------------
+Wed Apr 12 08:43:12 UTC 2017 - [email protected]
+
+- Change spec file name scheme used for getting soname down into
+ libmilter
+
+-------------------------------------------------------------------
+Tue Apr 11 11:33:02 UTC 2017 - [email protected]
+
+- Replace a find|xargs rm by -delete
+
+-------------------------------------------------------------------
+Thu Mar 23 09:34:38 UTC 2017 - [email protected]
+
+- New package libmilter1_0 for the shared library version of
+ libmilter, the Sendmail Content Management API
+- Also new package libmilter-doc for the substantial documentation
+ about Sendmail Content Management API (milter)
+- Make sendmail-tls a noarch package
+
+-------------------------------------------------------------------
+Mon Mar 6 10:08:23 UTC 2017 - [email protected]
+
+- Require m4 at build time
+
+-------------------------------------------------------------------
+Mon Feb 20 10:55:11 CET 2017 - [email protected]
+
+- Don't use insserv together with systemd
+
+-------------------------------------------------------------------
+Mon Sep 26 13:54:13 UTC 2016 - [email protected]
+
+- Use _unitdir macro instead asking pkg config of systemd
+
+-------------------------------------------------------------------
+Tue Jul 19 13:50:21 UTC 2016 - [email protected]
+
+- Fix License: Even https://spdx.org/licenses/Sendmail.html lists
+ "Sendmail" as the valid identifier. Same as
+ http://license.opensuse.org/ does. "Sendmail License" is in the
+ column "Full Name". The License: tag requires the identifier.
+- Fix some more rpmlint warnings:
+ + sendmail: W: suse-missing-rclink sendmail:
+ - Ship /usr/sbin/rcsendmail symlink to /usr/sbin/service
+ + sendmail: W: suse-missing-rclink sendmail-client
+ - Ship /usr/sbin/rcsendmail-client symlink to /usr/sbin/service
+ + sendmail: W: suse-wrong-suse-capitalisation:
+ - Rename README.SuSE to README.SUSE (fix spelling also inside
+ the file).
+ + sendmail: W: permissions-dir-without-slash
+ - Fix permissions and permissions.paranoid inside
+ sendmail-suse.tar.bz2.
+ + sendmail: W: systemd-service-without-service_del_postun:
+ - Add corresponding macros to postun script when not building
+ with sysvinit support.
+ + sendmail: W: systemd-service-without-service_add_pre:
+ - Add corresponding macros to pre script when not building
+ with sysvinit support.
+
+-------------------------------------------------------------------
+Thu Jun 16 13:46:21 UTC 2016 - [email protected]
+
+- Drop unused patch:
+ * sendmail-8.14.7-warning.patch
+
+-------------------------------------------------------------------
+Thu Jun 16 13:45:25 UTC 2016 - [email protected]
+
+- Split uucp to separate package, no technical reason for it to not
+ stand on its own
+- Drop uucp related patches:
+ + uucp-1.07-contrib.dif
+ + uucp-1.07-cu.patch
+ + uucp-1.07-grade.patch
+ + uucp-1.07-lockdev.patch
+ + uucp-1.07.dif
+ + uucp-texinfo-5.0.patch
+ + drop_ftime.patch
+
+-------------------------------------------------------------------
+Thu May 19 12:40:21 UTC 2016 - [email protected]
+
+- Do not use http://license.opensuse.org/ as reference for the Sendmail
+ license even if stated by rpmlint but
https://spdx.org/licenses/Sendmail.html
+
+-------------------------------------------------------------------
+Thu Apr 14 14:49:20 UTC 2016 - [email protected]
+
+- Avoid warning from chkstat due slash on directory path as last character
+
++++ 1977 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.1:Update/.sendmail.12068.new.26092/sendmail.changes
New:
----
8.15.2.mci.p0
sendmail-8.14.7-select.dif
sendmail-8.14.8-m4header.patch
sendmail-8.15.2-glibc-2.30.patch
sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
sendmail-8.15.2-openssl-1.1.0-fix.patch
sendmail-8.15.2-reproducible.patch
sendmail-8.15.2.dif
sendmail-client.path
sendmail-client.service
sendmail-client.systemd
sendmail-fd-passing-libmilter.patch
sendmail-rpmlintrc
sendmail-suse.tar.bz2
sendmail.8.15.2.tar.gz
sendmail.changes
sendmail.service
sendmail.spec
sendmail.systemd
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sendmail.spec ++++++
++++ 741 lines (skipped)
++++++ 8.15.2.mci.p0 ++++++
If sendmail tried to reuse an SMTP session which had already been
closed by the server, then the connection cache could have invalid
information about the session. One possible consequence was that
STARTTLS was not used even if offered.
The problem can be fixed by either:
- applying this patch (for 8.15.2)
- or disabling the connection cache:
define(`confMCI_CACHE_SIZE', `0')
The problem can be mitigated by setting at least one of these options:
- using a very short timeout:
define(`confMCI_CACHE_TIMEOUT', `5s')
- sorting the queue by hosts:
define(`confQUEUE_SORT_ORDER', `Host')
To apply this patch, cd to the source code directory, then rebuild
and reinstall sendmail.
cd sendmail-8.15.2
patch < 8.15.2.mci.p0
Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer)
for those who would like to test upcoming releases.
diff -ru sendmail-/deliver.c sendmail/deliver.c
--- sendmail-/deliver.c 2016-02-29 06:01:55.000000000 -0800
+++ sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800
@@ -6274,8 +6274,7 @@
tlslogerr(LOG_WARNING, "client");
}
- SSL_free(clt_ssl);
- clt_ssl = NULL;
+ SM_SSL_FREE(clt_ssl);
return EX_SOFTWARE;
}
mci->mci_ssl = clt_ssl;
@@ -6287,8 +6286,7 @@
return EX_OK;
/* failure */
- SSL_free(clt_ssl);
- clt_ssl = NULL;
+ SM_SSL_FREE(clt_ssl);
return EX_SOFTWARE;
}
/*
@@ -6309,7 +6307,7 @@
if (!bitset(MCIF_TLSACT, mci->mci_flags))
return EX_OK;
- r = endtls(mci->mci_ssl, "client");
+ r = endtls(&mci->mci_ssl, "client");
mci->mci_flags &= ~MCIF_TLSACT;
return r;
}
diff -ru sendmail-/macro.c sendmail/macro.c
--- sendmail-/macro.c 2016-02-29 06:01:55.000000000 -0800
+++ sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800
@@ -362,6 +362,33 @@
}
/*
+** MACTABCLEAR -- clear entire macro table
+**
+** Parameters:
+** mac -- Macro table.
+**
+** Returns:
+** none.
+**
+** Side Effects:
+** clears entire mac structure including rpool pointer!
+*/
+
+void
+mactabclear(mac)
+ MACROS_T *mac;
+{
+ int i;
+
+ if (mac->mac_rpool == NULL)
+ {
+ for (i = 0; i < MAXMACROID; i++)
+ SM_FREE_CLR(mac->mac_table[i]);
+ }
+ memset((char *) mac, '\0', sizeof(*mac));
+}
+
+/*
** MACDEFINE -- bind a macro name to a value
**
** Set a macro to a value, with fancy storage management.
diff -ru sendmail-/mci.c sendmail/mci.c
--- sendmail-/mci.c 2016-02-29 06:01:55.000000000 -0800
+++ sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800
@@ -25,6 +25,7 @@
int, bool));
static bool mci_load_persistent __P((MCI *));
static void mci_uncache __P((MCI **, bool));
+static void mci_clear __P((MCI *));
static int mci_lock_host_statfile __P((MCI *));
static int mci_read_persistent __P((SM_FILE_T *, MCI *));
@@ -253,6 +254,7 @@
SM_FREE_CLR(mci->mci_status);
SM_FREE_CLR(mci->mci_rstatus);
SM_FREE_CLR(mci->mci_heloname);
+ mci_clear(mci);
if (mci->mci_rpool != NULL)
{
sm_rpool_free(mci->mci_rpool);
@@ -315,6 +317,41 @@
}
/*
+** MCI_CLEAR -- clear mci
+**
+** Parameters:
+** mci -- the connection to clear.
+**
+** Returns:
+** none.
+*/
+
+static void
+mci_clear(mci)
+ MCI *mci;
+{
+ if (mci == NULL)
+ return;
+
+ mci->mci_maxsize = 0;
+ mci->mci_min_by = 0;
+ mci->mci_deliveries = 0;
+#if SASL
+ if (bitset(MCIF_AUTHACT, mci->mci_flags))
+ sasl_dispose(&mci->mci_conn);
+#endif
+#if STARTTLS
+ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL)
+ SM_SSL_FREE(mci->mci_ssl);
+#endif
+
+ /* which flags to preserve? */
+ mci->mci_flags &= MCIF_CACHED;
+ mactabclear(&mci->mci_macro);
+}
+
+
+/*
** MCI_GET -- get information about a particular host
**
** Parameters:
@@ -419,6 +456,7 @@
mci->mci_errno = 0;
mci->mci_exitstat = EX_OK;
}
+ mci_clear(mci);
}
return mci;
diff -ru sendmail-/sendmail.h sendmail/sendmail.h
--- sendmail-/sendmail.h 2016-02-29 06:01:55.000000000 -0800
+++ sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800
@@ -1186,6 +1186,7 @@
#define macid(name) macid_parse(name, NULL)
extern char *macname __P((int));
extern char *macvalue __P((int, ENVELOPE *));
+extern void mactabclear __P((MACROS_T *));
extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char
*, char *, ADDRESS *, char **));
extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char
*, int));
extern void setclass __P((int, char *));
@@ -2002,7 +2003,15 @@
extern void setclttls __P((bool));
extern bool initsrvtls __P((bool));
extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool));
-extern int endtls __P((SSL *, char *));
+#define SM_SSL_FREE(ssl) \
+ do { \
+ if (ssl != NULL) \
+ { \
+ SSL_free(ssl); \
+ ssl = NULL; \
+ } \
+ } while (0)
+extern int endtls __P((SSL **, char *));
extern void tlslogerr __P((int, const char *));
diff -ru sendmail-/srvrsmtp.c sendmail/srvrsmtp.c
--- sendmail-/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800
+++ sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800
@@ -2122,8 +2122,7 @@
if (get_tls_se_options(e, srv_ssl, true) != 0)
{
message("454 4.3.3 TLS not available: error
setting options");
- SSL_free(srv_ssl);
- srv_ssl = NULL;
+ SM_SSL_FREE(srv_ssl);
goto tls_done;
}
@@ -2145,8 +2144,7 @@
SSL_set_wfd(srv_ssl, wfd) <= 0)
{
message("454 4.3.3 TLS not available: error set
fd");
- SSL_free(srv_ssl);
- srv_ssl = NULL;
+ SM_SSL_FREE(srv_ssl);
goto tls_done;
}
if (!smtps)
@@ -2188,8 +2186,7 @@
tlslogerr(LOG_WARNING,
"server");
}
tls_ok_srv = false;
- SSL_free(srv_ssl);
- srv_ssl = NULL;
+ SM_SSL_FREE(srv_ssl);
/*
** according to the next draft of
@@ -3416,7 +3413,7 @@
/* shutdown TLS connection */
if (tls_active)
{
- (void) endtls(srv_ssl, "server");
+ (void) endtls(&srv_ssl, "server");
tls_active = false;
}
#endif /* STARTTLS */
diff -ru sendmail-/tls.c sendmail/tls.c
--- sendmail-/tls.c 2016-02-29 06:01:55.000000000 -0800
+++ sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800
@@ -1624,7 +1624,7 @@
** ENDTLS -- shutdown secure connection
**
** Parameters:
-** ssl -- SSL connection information.
+** pssl -- pointer to TLS session context
** side -- server/client (for logging).
**
** Returns:
@@ -1632,12 +1632,16 @@
*/
int
-endtls(ssl, side)
- SSL *ssl;
+endtls(pssl, side)
+ SSL **pssl;
char *side;
{
int ret = EX_OK;
+ SSL *ssl;
+ SM_REQUIRE(pssl != NULL);
+ ret = EX_OK;
+ ssl = *pssl;
if (ssl != NULL)
{
int r;
@@ -1703,8 +1707,7 @@
ret = EX_SOFTWARE;
}
# endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER >
0x0090602fL */
- SSL_free(ssl);
- ssl = NULL;
+ SM_SSL_FREE(*pssl);
}
return ret;
}
++++++ sendmail-8.14.7-select.dif ++++++
---
libmilter/comm.c | 16 +++++++++++++---
libmilter/listener.c | 6 +++---
libsm/local.h | 5 ++++-
libsm/refill.c | 5 ++++-
sendmail/sfsasl.c | 6 ++++--
5 files changed, 28 insertions(+), 10 deletions(-)
--- libmilter/comm.c
+++ libmilter/comm.c 2016-04-14 07:25:09.745910028 +0000
@@ -78,8 +78,11 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
i = 0;
for (;;)
{
+ struct timeval tv;
+ tv.tv_sec = timeout->tv_sec;
+ tv.tv_usec = timeout->tv_usec;
FD_RD_INIT(sd, rds, excs);
- ret = FD_RD_READY(sd, rds, excs, timeout);
+ ret = FD_RD_READY(sd, rds, excs, &tv);
if (ret == 0)
break;
else if (ret < 0)
@@ -151,8 +154,11 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
i = 0;
for (;;)
{
+ struct timeval tv;
+ tv.tv_sec = timeout->tv_sec;
+ tv.tv_usec = timeout->tv_usec;
FD_RD_INIT(sd, rds, excs);
- ret = FD_RD_READY(sd, rds, excs, timeout);
+ ret = FD_RD_READY(sd, rds, excs, &tv);
if (ret == 0)
break;
else if (ret < 0)
@@ -251,6 +257,8 @@ retry_writev(fd, iov, iovcnt, timeout)
written = 0;
for (;;)
{
+ struct timeval tv;
+
while (iovcnt > 0 && iov[0].iov_len == 0)
{
iov++;
@@ -267,8 +275,10 @@ retry_writev(fd, iov, iovcnt, timeout)
** FD_SETSIZE is checked when socket is created.
*/
+ tv.tv_sec = timeout->tv_sec;
+ tv.tv_usec = timeout->tv_usec;
FD_WR_INIT(fd, wrs);
- i = FD_WR_READY(fd, wrs, timeout);
+ i = FD_WR_READY(fd, wrs, &tv);
if (i == 0)
return MI_FAILURE;
if (i < 0)
--- libmilter/listener.c
+++ libmilter/listener.c 2016-04-14 07:25:09.745910028 +0000
@@ -685,12 +685,12 @@ mi_closener()
int rs = 0; \
struct timeval st; \
\
- st.tv_sec = (s); \
- st.tv_usec = 0; \
- if (st.tv_sec > 0) \
+ if ((s) > 0) \
{ \
for (;;) \
{ \
+ st.tv_sec = (s); \
+ st.tv_usec = 0; \
rs = select(0, NULL, NULL, NULL, &st); \
if (rs < 0 && errno == EINTR) \
continue; \
--- libsm/local.h
+++ libsm/local.h 2016-04-14 07:25:09.773909514 +0000
@@ -258,8 +258,11 @@ int sm_flags __P((int));
return SM_IO_EOF; \
do \
{ \
+ struct timeval tv; \
+ tv.tv_sec = sm_io_to.tv_sec; \
+ tv.tv_usec = sm_io_to.tv_usec; \
sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, \
- &sm_io_x_mask, &sm_io_to); \
+ &sm_io_x_mask, &tv); \
} while (sm_io_to_sel < 0 && errno == EINTR); \
if (sm_io_to_sel < 0) \
{ \
--- libsm/refill.c
+++ libsm/refill.c 2016-04-14 07:25:09.773909514 +0000
@@ -79,8 +79,11 @@ static int sm_lflush __P((SM_FILE_T *, i
return SM_IO_EOF; \
do \
{ \
+ struct timeval tv; \
+ tv.tv_sec = (to)->tv_sec; \
+ tv.tv_usec = (to)->tv_usec; \
(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL, \
- &sm_io_x_mask, (to)); \
+ &sm_io_x_mask, &tv); \
} while ((sel_ret) < 0 && errno == EINTR); \
if ((sel_ret) < 0) \
{ \
--- sendmail/sfsasl.c
+++ sendmail/sfsasl.c 2016-04-14 07:25:09.777909439 +0000
@@ -609,8 +609,6 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo
left = timeout - (now - tlsstart);
if (left <= 0)
return 0; /* timeout */
- tv.tv_sec = left;
- tv.tv_usec = 0;
if (LogLevel > 14)
{
@@ -643,6 +641,8 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo
FD_SET(rfd, &ssl_maskx);
do
{
+ tv.tv_sec = left;
+ tv.tv_usec = 0;
ret = select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx,
&tv);
} while (ret < 0 && errno == EINTR);
@@ -661,6 +661,8 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo
FD_SET(rfd, &ssl_maskx);
do
{
+ tv.tv_sec = left;
+ tv.tv_usec = 0;
ret = select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx,
&tv);
} while (ret < 0 && errno == EINTR);
++++++ sendmail-8.14.8-m4header.patch ++++++
---
devtools/M4/header.m4 | 4 ++++
1 file changed, 4 insertions(+)
--- devtools/M4/header.m4
+++ devtools/M4/header.m4 2016-04-14 07:36:39.329213548 +0000
@@ -31,7 +31,11 @@ define(`confSHAREDLIB_EXT', `.so')
define(`confSITECONFIG', `site.config')
define(`confBUILDBIN', `${SRCDIR}/devtools/bin')
define(`confRANLIB', `echo')
+define(`confSHAREDLIB_EXT', `.so')
define(`PUSHDIVERT', `pushdef(`__D__', divnum)divert($1)')
define(`POPDIVERT', `divert(__D__)popdef(`__D__')')
define(`APPENDDEF', `define(`$1', ifdef(`$1', `$1 $2', `$2'))')
define(`PREPENDDEF', `define(`$1', ifdef(`$1', `$2 $1', `$2'))')
+define(`REPLACEDEF', `define(`_$1', `esyscmd(`x='$1`;echo -n ${x//$2/$3}')')dnl
+define(`$1', _$1)dnl
+undefine(`_$1')')
++++++ sendmail-8.15.2-glibc-2.30.patch ++++++
The former deprecated macro RES_USE_INET6 is gone with glibc 2.30
---
libmilter/sm_gethost.c | 6 ++++--
sendmail/conf.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
--- libmilter/sm_gethost.c
+++ libmilter/sm_gethost.c 2019-09-28 07:27:46.512228011 +0000
@@ -51,18 +51,20 @@ sm_getipnodebyname(name, family, flags,
{
bool resv6 = true;
struct hostent *h;
-
+#ifdef RES_USE_INET6
if (family == AF_INET6)
{
/* From RFC2133, section 6.1 */
resv6 = bitset(RES_USE_INET6, _res.options);
_res.options |= RES_USE_INET6;
}
+#endif
SM_SET_H_ERRNO(0);
h = gethostbyname(name);
+#ifdef RES_USE_INET6
if (family == AF_INET6 && !resv6)
_res.options &= ~RES_USE_INET6;
-
+#endif
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
{
--- sendmail/conf.c
+++ sendmail/conf.c 2019-09-28 07:28:39.103245002 +0000
@@ -4242,18 +4242,20 @@ sm_getipnodebyname(name, family, flags,
# else /* HAS_GETHOSTBYNAME2 */
bool resv6 = true;
-
+#ifdef RES_USE_INET6
if (family == AF_INET6)
{
/* From RFC2133, section 6.1 */
resv6 = bitset(RES_USE_INET6, _res.options);
_res.options |= RES_USE_INET6;
}
+#endif
SM_SET_H_ERRNO(0);
h = gethostbyname(name);
+#ifdef RES_USE_INET6
if (!resv6)
_res.options &= ~RES_USE_INET6;
-
+#endif
/* the function is supposed to return only the requested family */
if (h != NULL && h->h_addrtype != family)
{
++++++ sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch ++++++
diff --git a/sendmail/tls.c b/sendmail/tls.c
index 16cb93f..9338380 100644
--- a/sendmail/tls.c
+++ b/sendmail/tls.c
@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile,
cacertpath, cacertfile, dhpar
}
#if _FFR_TLS_EC
- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
- if (ecdh != NULL)
- {
- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
- SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
- EC_KEY_free(ecdh);
- }
+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_ecdh_auto(*ctx, 1);
#endif /* _FFR_TLS_EC */
}
++++++ sendmail-8.15.2-openssl-1.1.0-fix.patch ++++++
---
sendmail-8.15.2/sendmail/tls.c | 109 +++++++++++++++++++++++++++++++++++------
1 file changed, 95 insertions(+), 14 deletions(-)
--- sendmail-8.15.2/sendmail/tls.c
+++ sendmail-8.15.2/sendmail/tls.c 2017-11-29 08:52:15.305299693 +0000
@@ -63,14 +63,28 @@ static unsigned char dh512_g[] =
static DH *
get_dh512()
{
- DH *dh = NULL;
+ DH *dh;
+ BIGNUM *p, *g;
if ((dh = DH_new()) == NULL)
return NULL;
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if (p == NULL || g == NULL)
+ {
+ BN_free(p);
+ BN_free(g);
+ DH_free(dh);
return NULL;
+ }
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ DH_set0_pqg(dh, p, NULL, g);
+#else
+ dh->p = p;
+ dh->g = g;
+#endif
+
return dh;
}
@@ -117,16 +131,27 @@ get_dh2048()
};
static unsigned char dh2048_g[]={ 0x02, };
DH *dh;
+ BIGNUM *p, *g;
if ((dh=DH_new()) == NULL)
return(NULL);
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+ if (p == NULL || g == NULL)
{
+ BN_free(p);
+ BN_free(g);
DH_free(dh);
- return(NULL);
+ return NULL;
}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ DH_set0_pqg(dh, p, NULL, g);
+#else
+ dh->p = p;
+ dh->g = g;
+#endif
+
return(dh);
}
# endif /* !NO_DH */
@@ -715,6 +740,54 @@ static char server_session_id_context[]
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0
#endif
+static RSA *
+generate_rsa_key(bits, e)
+ int bits;
+ unsigned long e;
+{
+#if OPENSSL_VERSION_NUMBER < 0x00908000L
+ return RSA_generate_key(bits, e, NULL, NULL);
+#else
+ BIGNUM *bne;
+ RSA *rsa = NULL;
+
+ bne = BN_new();
+ if (bne && BN_set_word(bne, e) != 1)
+ rsa = RSA_new();
+ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)
+ {
+ RSA_free(rsa);
+ rsa = NULL;
+ }
+ BN_free(bne);
+ return rsa;
+#endif
+}
+
+static DSA *
+generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)
+ int bits;
+ unsigned char *seed;
+ int seed_len;
+ int *counter_ret;
+ unsigned long *h_ret;
+{
+#if OPENSSL_VERSION_NUMBER < 0x00908000L
+ return DSA_generate_parameters(bits, seed, seed_len, counter_ret,
+ h_ret, NULL, NULL);
+#else
+ DSA *dsa = DSA_new();
+
+ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,
+ counter_ret, h_ret, NULL) != 1)
+ {
+ DSA_free(dsa);
+ dsa = NULL;
+ }
+ return dsa;
+#endif
+}
+
bool
inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile,
dhparam)
SSL_CTX **ctx;
@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile
{
/* get a pointer to the current certificate validation store */
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
- crl_file = BIO_new(BIO_s_file_internal());
+ crl_file = BIO_new(BIO_s_file());
if (crl_file != NULL)
{
if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile
if (bitset(TLS_I_RSA_TMP, req)
# if SM_CONF_SHM
&& ShmId != SM_SHM_NO_ID &&
- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
- NULL)) == NULL
+ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL
# else /* SM_CONF_SHM */
&& 0 /* no shared memory: no need to generate key now */
# endif /* SM_CONF_SHM */
@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile
sm_dprintf("inittls: Generating %d bit DH
parameters\n", bits);
/* this takes a while! */
- dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
- NULL, 0, NULL);
+ dsa = generate_dsa_parameters(bits, NULL, 0, NULL,
+ NULL);
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
}
@@ -1744,7 +1816,7 @@ tmp_rsa_key(s, export, keylength)
if (rsa_tmp != NULL)
RSA_free(rsa_tmp);
- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
+ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);
if (rsa_tmp == NULL)
{
if (LogLevel > 0)
@@ -1971,11 +2043,20 @@ x509_verify_cb(ok, ctx)
{
if (LogLevel > 13)
tls_verify_log(ok, ctx, "x509");
+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ if (X509_STORE_CTX_get_error(ctx) ==
+ X509_V_ERR_UNABLE_TO_GET_CRL)
+ {
+ X509_STORE_CTX_set_error(ctx, 0);
+ return 1; /* override it */
+ }
+#else
if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL)
{
ctx->error = 0;
return 1; /* override it */
}
+#endif
}
return ok;
}
++++++ sendmail-8.15.2-reproducible.patch ++++++
Index: sendmail-8.15.2/cf/sh/makeinfo.sh
===================================================================
--- sendmail-8.15.2.orig/cf/sh/makeinfo.sh
+++ sendmail-8.15.2/cf/sh/makeinfo.sh
@@ -54,7 +54,11 @@ then
else
host=`uname -n`
fi
-echo '#####' built by $user@$host on `date`
+if [ "$user" = abuild ] ; then
+ echo '#####' built by OBS
+else
+ echo '#####' built by $user@$host on `date`
+fi
if [ -r /etc/os-release ] ; then
. /etc/os-release
echo '#####' on $PRETTY_NAME
++++++ sendmail-8.15.2.dif ++++++
++++ 1527 lines (skipped)
++++++ sendmail-client.path ++++++
# This file is part of package sendmail.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
# Watch out if any mail will be stored below the
# directory /var/spool/clientmqueue/ and start the
# sendmail client service if any.
#
[Unit]
Description=Sendmail Client Mail Queue Watcher
Before=mail-transfer-agent.target
[Path]
DirectoryNotEmpty=/var/spool/clientmqueue
[Install]
WantedBy=multi-user.target
++++++ sendmail-client.service ++++++
# This file is part of package sendmail.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
# Used to start the sendmail Mail Transport Client service
# which handles all mails stored at /var/spool/clientmqueue/
#
[Unit]
Description=Sendmail Mail Transport Client
Requires=sendmail.service
After=sendmail.service
Wants=mail-transfer-agent.target
Before=mail-transfer-agent.target
ConditionDirectoryNotEmpty=|/var/spool/clientmqueue
[Service]
Type=forking
Restart=on-success
PIDFile=/var/spool/clientmqueue/sm-client.pid
ExecStartPre=-/etc/mail/system/sm-client.pre
Environment="SENDMAIL_CLIENT_ARGS=-L sendmail-client -Ac -qp30m"
EnvironmentFile=-/etc/sysconfig/mail
EnvironmentFile=-/etc/sysconfig/sendmail
ExecStart=/usr/sbin/sendmail $SENDMAIL_CLIENT_ARGS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
Also=sendmail.service
++++++ sendmail-client.systemd ++++++
#!/bin/bash
#
# /etc/mail/system/sm-client.pre
#
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback/
#
# Description:
#
# Helper script to set up the environment for sendmail
# Mail Transport Client if started by systemd
#
pidfile=/var/spool/clientmqueue/sm-client.pid
typeset -i timeout=1000
typeset -i port=25
for cfg in /etc/sendmail.cf /etc/mail/sendmail.cf ; do
test -s $cfg && break
done
for sed in /bin/sed /usr/bin/sed ; do
test -x $sed && break
done
for fuser in /bin/fuser /usr/bin/fuser ; do
test -x $fuser && break
done
for usleep in /bin/usleep /usr/bin/usleep ; do
test -x $usleep && break
done
#
# Create /var/run/sendmail if not exit
#
if test ! -d /var/run ; then
if test -d /run ; then
/bin/ln -sf /run /var/run
else
/bin/mkdir -m 0755 /var/run
fi
fi
test -d /var/run/sendmail || /bin/mkdir --mode 1750 /var/run/sendmail
test -x /usr/bin/chkstat && /usr/bin/chkstat -n --set --system
/var/run/sendmail
#
# Some default permissions
#
/bin/touch $pidfile
/bin/chown mail:mail $pidfile
/bin/chmod 0600 $pidfile
#
# Make sure that configuration is uptodate
#
test -x /usr/bin/make && /usr/bin/make -C /etc/mail > /dev/null 2>&1
#
# Check for DaemonPortOptions
#
PortOpts=$($sed -rn '/^O[[:blank:]]+DaemonPortOptions=.*Name=MTA.*$/I {
s/[[:blank:]]+//g
s/^O[^=]+=(.*)/\1/p
}' $cfg)
#
# Seek for port beside 25 aka smtp
#
for opt in ${PortOpts//,/ } ; do
case "${opt%=*}" in
[Pp]ort) port=${opt#*=}
esac
done
unset opt
#
# Now wait that sendmail MTA is becoming ready
#
while ! $fuser -sn tcp $port > /dev/null 2>&1 ; do
((timeout-- <= 0)) && break
$usleep 10000
done
#
# end of /etc/mail/system/sm-client.pre
++++++ sendmail-fd-passing-libmilter.patch ++++++
Description: systemd-like socket activation support for libmilter
Author: Mikhail Gusarov <[email protected]
diff --git a/sendmail-8.15.2/libmilter/docs/smfi_setconn.html
b/sendmail-8.15.2/libmilter/docs/smfi_setconn.html
--- a/libmilter/docs/smfi_setconn.html
+++ b/libmilter/docs/smfi_setconn.html
@@ -43,6 +43,7 @@ Set the socket through which this filter
<LI><CODE>{unix|local}:/path/to/file</CODE> -- A named pipe.
<LI><CODE>inet:port@{hostname|ip-address}</CODE> -- An IPV4 socket.
<LI><CODE>inet6:port@{hostname|ip-address}</CODE> -- An IPV6 socket.
+ <LI><CODE>fd:number</CODE> -- Pre-opened file descriptor.
</UL>
</TD></TR>
</TABLE>
diff --git a/sendmail-8.15.2/libmilter/listener.c
b/sendmail-8.15.2/libmilter/listener.c
--- a/libmilter/listener.c
+++ b/libmilter/listener.c
@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, n
L_socksize = sizeof addr.sin6;
}
#endif /* NETINET6 */
+ else if (strcasecmp(p, "fd") == 0)
+ {
+ addr.sa.sa_family = AF_UNSPEC;
+ L_socksize = sizeof (_SOCK_ADDR);
+ }
else
{
smi_log(SMI_LOG_ERR, "%s: unknown socket type %s",
@@ -443,7 +448,21 @@ mi_milteropen(conn, backlog, rmsocket, n
}
#endif /* NETINET || NETINET6 */
- sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
+ if (addr.sa.sa_family == AF_UNSPEC)
+ {
+ char *end;
+ sock = strtol(colon, &end, 10);
+ if (*end != '\0' || sock < 0)
+ {
+ smi_log(SMI_LOG_ERR, "%s: expected positive integer as
fd, got %s", name, colon);
+ return INVALID_SOCKET;
+ }
+ }
+ else
+ {
+ sock = socket(addr.sa.sa_family, SOCK_STREAM, 0);
+ }
+
if (!ValidSocket(sock))
{
smi_log(SMI_LOG_ERR,
@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, n
#if NETUNIX
addr.sa.sa_family != AF_UNIX &&
#endif /* NETUNIX */
+ addr.sa.sa_family != AF_UNSPEC &&
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
sizeof(sockopt)) == -1)
{
@@ -511,7 +531,8 @@ mi_milteropen(conn, backlog, rmsocket, n
}
#endif /* NETUNIX */
- if (bind(sock, &addr.sa, L_socksize) < 0)
+ if (addr.sa.sa_family != AF_UNSPEC &&
+ bind(sock, &addr.sa, L_socksize) < 0)
{
smi_log(SMI_LOG_ERR,
"%s: Unable to bind to port %s: %s",
@@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, ba
# ifdef BSD4_4_SOCKADDR
cliaddr.sa.sa_len == 0 ||
# endif /* BSD4_4_SOCKADDR */
- cliaddr.sa.sa_family != L_family))
+ (L_family != AF_UNSPEC && cliaddr.sa.sa_family !=
L_family)))
{
(void) closesocket(connfd);
connfd = INVALID_SOCKET;
++++++ sendmail-rpmlintrc ++++++
addFilter(".*hidden-file-or-dir.*/var/spool/mqueue/\.hoststat.*")
addFilter(".*executable-sourced-script.*/sbin/conf\.d/SuSEconfig\.sendmail.*")
addFilter(".*non-etc-or-var-file-marked-as-conffile.*/sbin/conf\.d/SuSEconfig\.sendmail.*")
addFilter(".*non-etc-or-var-file-marked-as-conffile.*/lib/systemd/system/.*")
addFilter(".*sourced-script-with-shebang.*/sbin/conf\.d/SuSEconfig\.sendmail.*")
addFilter(".*zero-length.*/var/spool/clientmqueue/sm-client\.st.*")
addFilter(".*zero-length.*/var/lib/sendmail/statistics.*")
addFilter(".*no-manual-page-for-binary.*hoststat.*")
addFilter(".*no-manual-page-for-binary.*rcsendmail.*")
addFilter(".*no-manual-page-for-binary.*purgestat.*")
addFilter(".*no-manual-page-for-binary.*sendmail.nissl.*")
addFilter(".*macro-in-comment.*")
addFilter(".*self-obsoletion.*")
addFilter(".*non-conffile-in-etc.*/etc/mail/README.*")
addFilter(".*no-manual-page-for-binary.*config.sendmail.*")
addFilter(".*name-repeated-in-summary.*")
addFilter(".*binary-or-shlib-calls-gethostbyname.*")
addFilter(".*sendmail-devel.*no-dependency-on.*sendmail.*")
addFilter(".*explicit-lib-dependency.*libmilter1_0.*")
++++++ sendmail.service ++++++
# This file is part of package sendmail.
#
# Copyright (c) 2011 SuSE LINUX Products GmbH, Germany.
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback
#
# Description:
#
# Used to start the sendmail Mail Transport Agent service
# which handles all mails stored at /var/spool/mqueue/ and
# all connections on port 25 aka smtp at localhost as well
# as on all other network interfaces.
#
[Unit]
Description=Sendmail Mail Transport Agent
Requires=var-run.mount nss-lookup.target network.target local-fs.target
After=var-run.mount nss-lookup.target network.target local-fs.target
Wants=time-sync.target nss-user-lookup.target
After=time-sync.target nss-user-lookup.target
After=amavis.service cyrus.service ldap.service nscd.service ypbind.service
saslauthd.service
Wants=sendmail-client.service
Before=sendmail-client.service
PropagatesReloadTo=sendmail-client.service
Conflicts=postfix.service exim.service
[Service]
Type=forking
Restart=on-success
PIDFile=/var/run/sendmail.pid
ExecStartPre=-/bin/echo 'Initializing SMTP port (sendmail)'
ExecStartPre=-/etc/mail/system/sm.pre
Environment="SENDMAIL_ARGS=-L sendmail -Am -bd -q30m -om"
Environment=SENDMAIL_PORT_OPTS=
EnvironmentFile=-/etc/sysconfig/mail
EnvironmentFile=-/etc/sysconfig/sendmail
EnvironmentFile=-/var/run/sendmail/port
ExecStart=/usr/sbin/sendmail $SENDMAIL_PORT_OPTS $SENDMAIL_ARGS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
Also=sendmail-client.service
++++++ sendmail.systemd ++++++
#!/bin/bash
#
# /etc/mail/system/sm.pre
#
# Author: Werner Fink
# Please send feedback to http://www.suse.de/feedback/
#
# Description:
#
# Helper script to set up the environment for sendmail
# Mail Transport Agent (MTA) if started by systemd
#
sysconf=/etc/sysconfig/mail
port=/var/run/sendmail/port
for cfg in /etc/sendmail.cf /etc/mail/sendmail.cf ; do
test -s $cfg && break
done
for sed in /bin/sed /usr/bin/sed ; do
test -x $sed && break
done
#
# Make sure that configuration is uptodate
#
if test -x /usr/bin/make ; then
/usr/bin/make -C /etc/mail > /dev/null 2>&1
fi
#
# Create /var/run/sendmail if not exit
#
test -d /var/run || /bin/mkdir --mode 0755 /var/run
test -d /var/run/sendmail || /bin/mkdir --mode 1750 /var/run/sendmail
#
# Handle SMTPD_LISTEN_REMOTE from /etc/sysconfig/sendmail
# that is write out environment file to be read by the
# systemd service unit file for sendmail MTA.
#
if test ! -s $port -o $cfg -nt $port -o $sysconf -nt $port ; then
. $sysconf
umask 066
if test "$SMTPD_LISTEN_REMOTE" != "yes" ; then
PortOpts=$($sed -rn '/^O[[:blank:]]+DaemonPortOptions=.*Name=MTA.*$/I {
s/[[:blank:]]+//g
s/^O[^=]+=(.*)/\1/p
}' $cfg)
PortOpts="${PortOpts:+${PortOpts},}Addr=127.0.0.1"
echo SENDMAIL_PORT_OPTS="\"-O DaemonPortOptions=${PortOpts}\""
else
echo SENDMAIL_PORT_OPTS="\"\""
fi > $port
fi
#
# end of /etc/mail/system/sm.pre
