Hello community, here is the log from the commit of package sendmail for openSUSE:Factory checked in at 2020-07-31 15:52:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sendmail (Old) and /work/SRC/openSUSE:Factory/.sendmail.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sendmail" Fri Jul 31 15:52:58 2020 rev:97 rq:823136 version:8.16.1 Changes: -------- --- /work/SRC/openSUSE:Factory/sendmail/sendmail.changes 2020-06-27 23:21:13.241554083 +0200 +++ /work/SRC/openSUSE:Factory/.sendmail.new.3592/sendmail.changes 2020-07-31 15:53:51.100161324 +0200 @@ -1,0 +2,137 @@ +Tue Jul 28 11:20:52 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Fix same strange permissions below /usr/share/sendmail + +------------------------------------------------------------------- +Tue Jul 28 07:54:33 UTC 2020 - Dr. Werner Fink <wer...@suse.de> + +- Update to sendmail 8.16.1 2020/07/05 (boo#1174572) + SECURITY: If sendmail tried to reuse an SMTP session which had + already been closed by the server, then the connection + cache could have invalid information about the session. + One possible consequence was that STARTTLS was not + used even if offered. This problem has been fixed + by clearing out all relevant status information + when a closed session is encountered. + OpenSSL versions before 0.9.8 are no longer supported. + OpenSSL version 1.1.0 and 1.1.1 are supported. + Initial support for DANE (see RFC 7672 et.al.) is available if + the compile time option DANE is set. Only TLSA RR 3-1-x + is currently implemented. + New options SSLEngine and SSLEnginePath to support OpenSSL engines. + Note: this feature has so far only been tested with the + "chil" engine; please report problems with other engines + if you encounter any. + New option CRLPath to specify a directory which contains + hashes pointing to certificate revocations files. + Based on patch from Al Smith. + New rulesets tls_srv_features and tls_clt_features which + can return a (semicolon separated) list of TLS related + options, e.g., CipherList, CertFile, KeyFile, + see doc/op/op.me for details. + To automatically handle TLS interoperability problems for outgoing + mail, sendmail can now immediately try a connection again + without STARTTLS after a TLS handshake failure. + This can be configured globally via the option + TLSFallbacktoClear or per session via the 'C' flag + of tls_clt_features. + This also adds the new value "CLEAR" for the macro + {verify}: STARTTLS has been disabled internally for + a clear text delivery attempt. + Apply Timeout.starttls also to the server waiting for the TLS + handshake to begin. Based on patch from Simon Hradecky. + New compile time option TLS_EC to enable the use of elliptic + curve cryptography in STARTTLS (previously available as + _FFR_TLS_EC). + Handle MIME boundaries specified in headers which contain CRLF. + Fix detection of loopback net (it was broken when compiled + with NETINET6) and only set the macros {if_addr_out} + and {if_family_out} if the interface of the outgoing + connection does not belong to the loopback net. + Fix logic to enable a milter to delete a recipient in + DeliveryMode=interactive even if it might be subject + to alias expansion. + Log name of a milter making changes (this was missing for + some functions). + Log the actual reply of a server when an SMTP delivery problem + occurs in a "reply=" field if possible. + Log user= for failed AUTH attempts if possible. Based on + patch from Packet Hack, Jim Hranicky, Kevin A. McGrail, + and Joe Quinn. + Add CDB as map type. Note: CDB is a "Constant DataBase", i.e., + no changes can be made after it is created, hence it + does not work with vacation(1) nor editmap(8) (except + for query mode). + Fix some memory leaks (mostly in error cases) and properly handle + copied varargs in sm_io_vfprintf(). The issues were found + using Coverity Scan and reported (including patches) by + Ondřej Lysoněk of Red Hat. + Do not override ServerSSLOptions and ClientSSLOptions when they + are specified on the command line. Based on patch from + Hiroki Sato. + Add RFC7505 Null MX support for domains that declare they do not + accept mail. + New compile time option LDAP_NETWORK_TIMEOUT which is set + automatically when LDAPMAP is used and + LDAP_OPT_NETWORK_TIMEOUT is available to enable the + new -c option for LDAP maps to specify the network timeout. + CONFIG: New FEATURE(`tls_session_features') to enable standard + rules for tls_srv_features and tls_clt_features; for + details see cf/README. + CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH + for SSLEngine and SSLEnginePath, respectively. + CONFIG: New options confDANE to enable DANE support. + CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear. + CONFIG: New extension CITag: for TLS restrictions, see cf/README + for details. + CONFIG: FEATURE(`blacklist_recipients') renamed to + FEATURE(`blocklist_recipients'). + CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to + canonicalize IPv6 addresses; if cidrexpand is used with IPv6 + addresses then UseCompressedIPv6Addresses must be disabled. + DOC: The dns map can return multiple values in a single result + if the -z option is used. + DOC: Note to set MustQuoteChars=. due to DKIM signatures. + LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret + of Alcatel-Lucent. + LIBMILTER: Fix reference in xxfi_negotiate documentation. + Patch from Sven Neuhaus. + LIBMILTER: Fix function name in smfi_addrcpt_par documentation. + Patch from G.W. Haywood. + LIBMILTER: Fix a potential memory leak in smfi_setsymlist(). + Patch from Martin Svec. + MAKEMAP: New map type "implicit" refers to the first available type, + i.e., it depends on the compile time options NEWDB, DBM, + and CDB. This can be used in conjunction with the + "implicit" map type in sendmail.cf. + Note: makemap, libsmdb, and sendmail must be compiled + with the same options (and library versions of course). + Portability: + Add support for Darwin 14-18 (Mac OS X 10.x). + New option HAS_GETHOSTBYNAME2: set if your system + supports gethostbyname2(2). + Set SM_CONF_SEM=2 for FreeBSD 12 and later due to + changes in sys/sem.h + On Linux set MAXHOSTNAMELEN (the maximum length + of a FQHN) to 256 if it is less than that value. + Added Files: + cf/feature/blocklist_recipients.m4 + cf/feature/tls_failures.m4 + devtools/OS/Darwin.14.x + devtools/OS/Darwin.15.x + devtools/OS/Darwin.16.x + libsmdb/smcdb.c + sendmail/ratectrl.h +- Add upstream keyring and verify source signature +- Use DANE and TLS_EC +- Remove obsolete patches now solved upstream + * 8.15.2.mci.p0 + * sendmail-8.15.2-glibc-2.30.patch + * sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch + * sendmail-8.15.2-openssl-1.1.0-fix.patch +- Port patches + * sendmail-8.14.7-select.dif + * sendmail-fd-passing-libmilter.patch +- Port and rename patch sendmail-8.15.2.dif which is now sendmail-8.16.1.dif + +------------------------------------------------------------------- Old: ---- 8.15.2.mci.p0 sendmail-8.15.2-glibc-2.30.patch sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch sendmail-8.15.2-openssl-1.1.0-fix.patch sendmail-8.15.2.dif sendmail.8.15.2.tar.gz New: ---- sendmail-8.16.1.dif sendmail.8.16.1.tar.gz sendmail.8.16.1.tar.gz.sig sendmail.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sendmail.spec ++++++ --- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.676190454 +0200 +++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.680190468 +0200 @@ -89,12 +89,12 @@ %{?systemd_requires} Conflicts: smail postfix postfix-tls Obsoletes: sendmail-tls -Version: 8.15.2 +Version: 8.16.1 Release: 0 Summary: BSD Sendmail License: Sendmail Group: Productivity/Networking/Email/Servers -Source0: ftp://ftp.sendmail.org/pub/sendmail/sendmail.%{version}.tar.gz +Source0: ftp://ftp.sendmail.org/pub/sendmail/%{name}.%{version}.tar.gz Source1: sendmail-suse.tar.bz2 Source2: sendmail-rpmlintrc Source3: sendmail-client.path @@ -102,22 +102,18 @@ Source5: sendmail-client.service Source6: sendmail.systemd Source7: sendmail-client.systemd +Source42: ftp://ftp.sendmail.org/pub/sendmail/PGPKEYS#/%{name}.keyring +Source43: ftp://ftp.sendmail.org/pub/sendmail/%{name}.%{version}.tar.gz.sig # PATCH-FIX-OPENSUSE: Add our m4 extensions and maintenance scripts -Patch0: sendmail-8.15.2.dif +Patch0: sendmail-8.16.1.dif # PATCH-FIX-OPENSUSE: if select(2) is interrupted the timeout become undefined Patch1: sendmail-8.14.7-select.dif -# PATCH-FIX-UPSTREAM: SMTP session reuse bugfix (boo#1162204) -Patch2: 8.15.2.mci.p0 # PATCH-FIX-UPSTREAM: Detect shared libraries Patch4: sendmail-8.14.8-m4header.patch # PATCH-FIX-DEBIAN: systemd socket activation support for libmilter Patch5: sendmail-fd-passing-libmilter.patch -Patch6: sendmail-8.15.2-openssl-1.1.0-fix.patch -Patch7: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch # PATCH-FIX-OPENSUSE: make build result reproducible Patch8: sendmail-8.15.2-reproducible.patch -# PATCH-FIX-OPENSUSE: The former deprecated macro RES_USE_INET6 is gone with glibc 2.30 -Patch9: sendmail-8.15.2-glibc-2.30.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %global _sysconfdir %{_sysconfdir} %global _mailcnfdir %{_sysconfdir}/mail @@ -210,16 +206,10 @@ %prep %setup -n sendmail-%{version} %patch1 -p0 -b .select -%patch2 -p0 -b .reuse %patch4 -p0 -b .m4head %patch5 -p1 -b .fdmilt -if pkg-config --atleast-version=1.1.0 openssl; then -%patch6 -p1 -b .openssl11 -%patch7 -p1 -b .ecdhe -fi %patch0 -p0 -b .p0 %patch8 -p1 -b .reproducible -%patch9 -p0 -b .use_inet6 tar --strip-components=1 -xf %{S:1} set -f cat <<-EOF > file-list @@ -406,6 +396,8 @@ tar cfC - cf . | tar xfC - %{buildroot}%{_datadir}/sendmail/ test "$ID" -ne 0 || \ chown root:root -R %{buildroot}%{_datadir}/sendmail/ + find %{buildroot}%{_datadir}/sendmail/ -type d -exec chmod g+x,o+x '{}' \+ + chmod g+r,o+r -R %{buildroot}%{_datadir}/sendmail/ chmod 0755 %{buildroot}%{_datadir}/sendmail/sh/makeinfo.sh rm -f %{buildroot}%{_datadir}/sendmail/cf/Build rm -f %{buildroot}%{_datadir}/sendmail/cf/README ++++++ sendmail-8.14.7-select.dif ++++++ --- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.704190549 +0200 +++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.708190562 +0200 @@ -7,7 +7,7 @@ 5 files changed, 28 insertions(+), 10 deletions(-) --- libmilter/comm.c -+++ libmilter/comm.c 2016-04-14 07:25:09.745910028 +0000 ++++ libmilter/comm.c 2020-07-28 06:16:36.425638839 +0000 @@ -78,8 +78,11 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name) i = 0; for (;;) @@ -56,7 +56,7 @@ return MI_FAILURE; if (i < 0) --- libmilter/listener.c -+++ libmilter/listener.c 2016-04-14 07:25:09.745910028 +0000 ++++ libmilter/listener.c 2020-07-28 06:16:36.425638839 +0000 @@ -685,12 +685,12 @@ mi_closener() int rs = 0; \ struct timeval st; \ @@ -74,7 +74,7 @@ if (rs < 0 && errno == EINTR) \ continue; \ --- libsm/local.h -+++ libsm/local.h 2016-04-14 07:25:09.773909514 +0000 ++++ libsm/local.h 2020-07-28 06:16:36.453638343 +0000 @@ -258,8 +258,11 @@ int sm_flags __P((int)); return SM_IO_EOF; \ do \ @@ -89,7 +89,7 @@ if (sm_io_to_sel < 0) \ { \ --- libsm/refill.c -+++ libsm/refill.c 2016-04-14 07:25:09.773909514 +0000 ++++ libsm/refill.c 2020-07-28 06:22:31.359355018 +0000 @@ -79,8 +79,11 @@ static int sm_lflush __P((SM_FILE_T *, i return SM_IO_EOF; \ do \ @@ -98,14 +98,14 @@ + tv.tv_sec = (to)->tv_sec; \ + tv.tv_usec = (to)->tv_usec; \ (sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL, \ -- &sm_io_x_mask, (to)); \ -+ &sm_io_x_mask, &tv); \ +- &sm_io_x_mask, (to)); \ ++ &sm_io_x_mask, &tv); \ } while ((sel_ret) < 0 && errno == EINTR); \ if ((sel_ret) < 0) \ { \ --- sendmail/sfsasl.c -+++ sendmail/sfsasl.c 2016-04-14 07:25:09.777909439 +0000 -@@ -609,8 +609,6 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo ++++ sendmail/sfsasl.c 2020-07-28 06:16:36.453638343 +0000 +@@ -610,8 +610,6 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo left = timeout - (now - tlsstart); if (left <= 0) return 0; /* timeout */ ++++++ sendmail-8.15.2.dif -> sendmail-8.16.1.dif ++++++ ++++ 906 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/sendmail/sendmail-8.15.2.dif ++++ and /work/SRC/openSUSE:Factory/.sendmail.new.3592/sendmail-8.16.1.dif ++++++ sendmail-fd-passing-libmilter.patch ++++++ --- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.764190753 +0200 +++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.768190766 +0200 @@ -1,10 +1,12 @@ -Description: systemd-like socket activation support for libmilter -Author: Mikhail Gusarov <dotted...@debian.org +--- + libmilter/docs/smfi_setconn.html | 1 + + libmilter/listener.c | 27 ++++++++++++++++++++++++--- + 2 files changed, 25 insertions(+), 3 deletions(-) -diff --git a/sendmail-8.15.2/libmilter/docs/smfi_setconn.html b/sendmail-8.15.2/libmilter/docs/smfi_setconn.html +diff --git a/libmilter/docs/smfi_setconn.html b/libmilter/docs/smfi_setconn.html --- a/libmilter/docs/smfi_setconn.html +++ b/libmilter/docs/smfi_setconn.html -@@ -43,6 +43,7 @@ Set the socket through which this filter +@@ -44,6 +44,7 @@ Set the socket through which this filter <LI><CODE>{unix|local}:/path/to/file</CODE> -- A named pipe. <LI><CODE>inet:port@{hostname|ip-address}</CODE> -- An IPV4 socket. <LI><CODE>inet6:port@{hostname|ip-address}</CODE> -- An IPV6 socket. @@ -12,7 +14,7 @@ </UL> </TD></TR> </TABLE> -diff --git a/sendmail-8.15.2/libmilter/listener.c b/sendmail-8.15.2/libmilter/listener.c +diff --git a/libmilter/listener.c b/libmilter/listener.c --- a/libmilter/listener.c +++ b/libmilter/listener.c @@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, n @@ -53,7 +55,7 @@ @@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, n #if NETUNIX addr.sa.sa_family != AF_UNIX && - #endif /* NETUNIX */ + #endif + addr.sa.sa_family != AF_UNSPEC && setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt, sizeof(sockopt)) == -1) @@ -71,7 +73,7 @@ @@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, ba # ifdef BSD4_4_SOCKADDR cliaddr.sa.sa_len == 0 || - # endif /* BSD4_4_SOCKADDR */ + # endif - cliaddr.sa.sa_family != L_family)) + (L_family != AF_UNSPEC && cliaddr.sa.sa_family != L_family))) { ++++++ sendmail-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.788190834 +0200 +++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.788190834 +0200 @@ -17,3 +17,4 @@ addFilter(".*binary-or-shlib-calls-gethostbyname.*") addFilter(".*sendmail-devel.*no-dependency-on.*sendmail.*") addFilter(".*explicit-lib-dependency.*libmilter1_0.*") +addFilter(".*W:.*explicit-lib-dependency.*libnss_usrfiles2.*") ++++++ sendmail-suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sendmail-suse/devtools/Site/site.config.m4 new/sendmail-suse/devtools/Site/site.config.m4 --- old/sendmail-suse/devtools/Site/site.config.m4 2017-11-29 11:59:59.559581162 +0100 +++ new/sendmail-suse/devtools/Site/site.config.m4 2020-07-28 10:15:44.250162398 +0200 @@ -109,7 +109,8 @@ appdef(`conf_sendmail_ENVDEF', `-D_FFR_SKIP_DOMAINS')dnl dnl appdef(`conf_sendmail_ENVDEF', `-DPICKY_HELO_CHECK')dnl appdef(`conf_sendmail_ENVDEF', `-D_PATH_SENDMAILPID=\"/var/run/sendmail.pid\"')dnl -appdef(`conf_sendmail_ENVDEF', `-DSTARTTLS -DEGD -DSASL=2')dnl +appdef(`conf_sendmail_ENVDEF', `-DDANE -DSTARTTLS -DEGD -DSASL=2')dnl +appdef(`conf_sendmail_ENVDEF', `-DTLS_EC')dnl appdef(`conf_sendmail_ENVDEF', `-D_FFR_TLS_EC')dnl appdef(`conf_sendmail_ENVDEF', `-D_FFR_TLS_SE_OPTS')dnl appdef(`conf_sendmail_ENVDEF', `-DSM_CONF_SHM')dnl ++++++ sendmail.8.15.2.tar.gz -> sendmail.8.16.1.tar.gz ++++++ ++++ 63370 lines of diff (skipped) ++++++ sendmail.keyring ++++++ ++++ 3718 lines (skipped)