Hello community,
here is the log from the commit of package sendmail for openSUSE:Factory
checked in at 2020-07-31 15:52:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sendmail (Old)
and /work/SRC/openSUSE:Factory/.sendmail.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sendmail"
Fri Jul 31 15:52:58 2020 rev:97 rq:823136 version:8.16.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/sendmail/sendmail.changes 2020-06-27
23:21:13.241554083 +0200
+++ /work/SRC/openSUSE:Factory/.sendmail.new.3592/sendmail.changes
2020-07-31 15:53:51.100161324 +0200
@@ -1,0 +2,137 @@
+Tue Jul 28 11:20:52 UTC 2020 - Dr. Werner Fink <wer...@suse.de>
+
+- Fix same strange permissions below /usr/share/sendmail
+
+-------------------------------------------------------------------
+Tue Jul 28 07:54:33 UTC 2020 - Dr. Werner Fink <wer...@suse.de>
+
+- Update to sendmail 8.16.1 2020/07/05 (boo#1174572)
+ SECURITY: If sendmail tried to reuse an SMTP session which had
+ already been closed by the server, then the connection
+ cache could have invalid information about the session.
+ One possible consequence was that STARTTLS was not
+ used even if offered. This problem has been fixed
+ by clearing out all relevant status information
+ when a closed session is encountered.
+ OpenSSL versions before 0.9.8 are no longer supported.
+ OpenSSL version 1.1.0 and 1.1.1 are supported.
+ Initial support for DANE (see RFC 7672 et.al.) is available if
+ the compile time option DANE is set. Only TLSA RR 3-1-x
+ is currently implemented.
+ New options SSLEngine and SSLEnginePath to support OpenSSL engines.
+ Note: this feature has so far only been tested with the
+ "chil" engine; please report problems with other engines
+ if you encounter any.
+ New option CRLPath to specify a directory which contains
+ hashes pointing to certificate revocations files.
+ Based on patch from Al Smith.
+ New rulesets tls_srv_features and tls_clt_features which
+ can return a (semicolon separated) list of TLS related
+ options, e.g., CipherList, CertFile, KeyFile,
+ see doc/op/op.me for details.
+ To automatically handle TLS interoperability problems for outgoing
+ mail, sendmail can now immediately try a connection again
+ without STARTTLS after a TLS handshake failure.
+ This can be configured globally via the option
+ TLSFallbacktoClear or per session via the 'C' flag
+ of tls_clt_features.
+ This also adds the new value "CLEAR" for the macro
+ {verify}: STARTTLS has been disabled internally for
+ a clear text delivery attempt.
+ Apply Timeout.starttls also to the server waiting for the TLS
+ handshake to begin. Based on patch from Simon Hradecky.
+ New compile time option TLS_EC to enable the use of elliptic
+ curve cryptography in STARTTLS (previously available as
+ _FFR_TLS_EC).
+ Handle MIME boundaries specified in headers which contain CRLF.
+ Fix detection of loopback net (it was broken when compiled
+ with NETINET6) and only set the macros {if_addr_out}
+ and {if_family_out} if the interface of the outgoing
+ connection does not belong to the loopback net.
+ Fix logic to enable a milter to delete a recipient in
+ DeliveryMode=interactive even if it might be subject
+ to alias expansion.
+ Log name of a milter making changes (this was missing for
+ some functions).
+ Log the actual reply of a server when an SMTP delivery problem
+ occurs in a "reply=" field if possible.
+ Log user= for failed AUTH attempts if possible. Based on
+ patch from Packet Hack, Jim Hranicky, Kevin A. McGrail,
+ and Joe Quinn.
+ Add CDB as map type. Note: CDB is a "Constant DataBase", i.e.,
+ no changes can be made after it is created, hence it
+ does not work with vacation(1) nor editmap(8) (except
+ for query mode).
+ Fix some memory leaks (mostly in error cases) and properly handle
+ copied varargs in sm_io_vfprintf(). The issues were found
+ using Coverity Scan and reported (including patches) by
+ Ondřej Lysoněk of Red Hat.
+ Do not override ServerSSLOptions and ClientSSLOptions when they
+ are specified on the command line. Based on patch from
+ Hiroki Sato.
+ Add RFC7505 Null MX support for domains that declare they do not
+ accept mail.
+ New compile time option LDAP_NETWORK_TIMEOUT which is set
+ automatically when LDAPMAP is used and
+ LDAP_OPT_NETWORK_TIMEOUT is available to enable the
+ new -c option for LDAP maps to specify the network timeout.
+ CONFIG: New FEATURE(`tls_session_features') to enable standard
+ rules for tls_srv_features and tls_clt_features; for
+ details see cf/README.
+ CONFIG: New options confSSL_ENGINE and confSSL_ENGINE_PATH
+ for SSLEngine and SSLEnginePath, respectively.
+ CONFIG: New options confDANE to enable DANE support.
+ CONFIG: New option confTLS_FALLBACK_TO_CLEAR for TLSFallbacktoClear.
+ CONFIG: New extension CITag: for TLS restrictions, see cf/README
+ for details.
+ CONFIG: FEATURE(`blacklist_recipients') renamed to
+ FEATURE(`blocklist_recipients').
+ CONTRIB: cidrexpand updated to support IPv6 CIDR ranges and to
+ canonicalize IPv6 addresses; if cidrexpand is used with IPv6
+ addresses then UseCompressedIPv6Addresses must be disabled.
+ DOC: The dns map can return multiple values in a single result
+ if the -z option is used.
+ DOC: Note to set MustQuoteChars=. due to DKIM signatures.
+ LIBMILTER: Fix typo in a macro. Patch from Ignacio Goyret
+ of Alcatel-Lucent.
+ LIBMILTER: Fix reference in xxfi_negotiate documentation.
+ Patch from Sven Neuhaus.
+ LIBMILTER: Fix function name in smfi_addrcpt_par documentation.
+ Patch from G.W. Haywood.
+ LIBMILTER: Fix a potential memory leak in smfi_setsymlist().
+ Patch from Martin Svec.
+ MAKEMAP: New map type "implicit" refers to the first available type,
+ i.e., it depends on the compile time options NEWDB, DBM,
+ and CDB. This can be used in conjunction with the
+ "implicit" map type in sendmail.cf.
+ Note: makemap, libsmdb, and sendmail must be compiled
+ with the same options (and library versions of course).
+ Portability:
+ Add support for Darwin 14-18 (Mac OS X 10.x).
+ New option HAS_GETHOSTBYNAME2: set if your system
+ supports gethostbyname2(2).
+ Set SM_CONF_SEM=2 for FreeBSD 12 and later due to
+ changes in sys/sem.h
+ On Linux set MAXHOSTNAMELEN (the maximum length
+ of a FQHN) to 256 if it is less than that value.
+ Added Files:
+ cf/feature/blocklist_recipients.m4
+ cf/feature/tls_failures.m4
+ devtools/OS/Darwin.14.x
+ devtools/OS/Darwin.15.x
+ devtools/OS/Darwin.16.x
+ libsmdb/smcdb.c
+ sendmail/ratectrl.h
+- Add upstream keyring and verify source signature
+- Use DANE and TLS_EC
+- Remove obsolete patches now solved upstream
+ * 8.15.2.mci.p0
+ * sendmail-8.15.2-glibc-2.30.patch
+ * sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
+ * sendmail-8.15.2-openssl-1.1.0-fix.patch
+- Port patches
+ * sendmail-8.14.7-select.dif
+ * sendmail-fd-passing-libmilter.patch
+- Port and rename patch sendmail-8.15.2.dif which is now sendmail-8.16.1.dif
+
+-------------------------------------------------------------------
Old:
----
8.15.2.mci.p0
sendmail-8.15.2-glibc-2.30.patch
sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
sendmail-8.15.2-openssl-1.1.0-fix.patch
sendmail-8.15.2.dif
sendmail.8.15.2.tar.gz
New:
----
sendmail-8.16.1.dif
sendmail.8.16.1.tar.gz
sendmail.8.16.1.tar.gz.sig
sendmail.keyring
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sendmail.spec ++++++
--- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.676190454 +0200
+++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.680190468 +0200
@@ -89,12 +89,12 @@
%{?systemd_requires}
Conflicts: smail postfix postfix-tls
Obsoletes: sendmail-tls
-Version: 8.15.2
+Version: 8.16.1
Release: 0
Summary: BSD Sendmail
License: Sendmail
Group: Productivity/Networking/Email/Servers
-Source0: ftp://ftp.sendmail.org/pub/sendmail/sendmail.%{version}.tar.gz
+Source0: ftp://ftp.sendmail.org/pub/sendmail/%{name}.%{version}.tar.gz
Source1: sendmail-suse.tar.bz2
Source2: sendmail-rpmlintrc
Source3: sendmail-client.path
@@ -102,22 +102,18 @@
Source5: sendmail-client.service
Source6: sendmail.systemd
Source7: sendmail-client.systemd
+Source42: ftp://ftp.sendmail.org/pub/sendmail/PGPKEYS#/%{name}.keyring
+Source43:
ftp://ftp.sendmail.org/pub/sendmail/%{name}.%{version}.tar.gz.sig
# PATCH-FIX-OPENSUSE: Add our m4 extensions and maintenance scripts
-Patch0: sendmail-8.15.2.dif
+Patch0: sendmail-8.16.1.dif
# PATCH-FIX-OPENSUSE: if select(2) is interrupted the timeout become undefined
Patch1: sendmail-8.14.7-select.dif
-# PATCH-FIX-UPSTREAM: SMTP session reuse bugfix (boo#1162204)
-Patch2: 8.15.2.mci.p0
# PATCH-FIX-UPSTREAM: Detect shared libraries
Patch4: sendmail-8.14.8-m4header.patch
# PATCH-FIX-DEBIAN: systemd socket activation support for libmilter
Patch5: sendmail-fd-passing-libmilter.patch
-Patch6: sendmail-8.15.2-openssl-1.1.0-fix.patch
-Patch7: sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch
# PATCH-FIX-OPENSUSE: make build result reproducible
Patch8: sendmail-8.15.2-reproducible.patch
-# PATCH-FIX-OPENSUSE: The former deprecated macro RES_USE_INET6 is gone with
glibc 2.30
-Patch9: sendmail-8.15.2-glibc-2.30.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%global _sysconfdir %{_sysconfdir}
%global _mailcnfdir %{_sysconfdir}/mail
@@ -210,16 +206,10 @@
%prep
%setup -n sendmail-%{version}
%patch1 -p0 -b .select
-%patch2 -p0 -b .reuse
%patch4 -p0 -b .m4head
%patch5 -p1 -b .fdmilt
-if pkg-config --atleast-version=1.1.0 openssl; then
-%patch6 -p1 -b .openssl11
-%patch7 -p1 -b .ecdhe
-fi
%patch0 -p0 -b .p0
%patch8 -p1 -b .reproducible
-%patch9 -p0 -b .use_inet6
tar --strip-components=1 -xf %{S:1}
set -f
cat <<-EOF > file-list
@@ -406,6 +396,8 @@
tar cfC - cf . | tar xfC - %{buildroot}%{_datadir}/sendmail/
test "$ID" -ne 0 || \
chown root:root -R %{buildroot}%{_datadir}/sendmail/
+ find %{buildroot}%{_datadir}/sendmail/ -type d -exec chmod g+x,o+x '{}' \+
+ chmod g+r,o+r -R %{buildroot}%{_datadir}/sendmail/
chmod 0755 %{buildroot}%{_datadir}/sendmail/sh/makeinfo.sh
rm -f %{buildroot}%{_datadir}/sendmail/cf/Build
rm -f %{buildroot}%{_datadir}/sendmail/cf/README
++++++ sendmail-8.14.7-select.dif ++++++
--- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.704190549 +0200
+++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.708190562 +0200
@@ -7,7 +7,7 @@
5 files changed, 28 insertions(+), 10 deletions(-)
--- libmilter/comm.c
-+++ libmilter/comm.c 2016-04-14 07:25:09.745910028 +0000
++++ libmilter/comm.c 2020-07-28 06:16:36.425638839 +0000
@@ -78,8 +78,11 @@ mi_rd_cmd(sd, timeout, cmd, rlen, name)
i = 0;
for (;;)
@@ -56,7 +56,7 @@
return MI_FAILURE;
if (i < 0)
--- libmilter/listener.c
-+++ libmilter/listener.c 2016-04-14 07:25:09.745910028 +0000
++++ libmilter/listener.c 2020-07-28 06:16:36.425638839 +0000
@@ -685,12 +685,12 @@ mi_closener()
int rs = 0; \
struct timeval st; \
@@ -74,7 +74,7 @@
if (rs < 0 && errno == EINTR) \
continue; \
--- libsm/local.h
-+++ libsm/local.h 2016-04-14 07:25:09.773909514 +0000
++++ libsm/local.h 2020-07-28 06:16:36.453638343 +0000
@@ -258,8 +258,11 @@ int sm_flags __P((int));
return SM_IO_EOF; \
do \
@@ -89,7 +89,7 @@
if (sm_io_to_sel < 0) \
{ \
--- libsm/refill.c
-+++ libsm/refill.c 2016-04-14 07:25:09.773909514 +0000
++++ libsm/refill.c 2020-07-28 06:22:31.359355018 +0000
@@ -79,8 +79,11 @@ static int sm_lflush __P((SM_FILE_T *, i
return SM_IO_EOF; \
do \
@@ -98,14 +98,14 @@
+ tv.tv_sec = (to)->tv_sec; \
+ tv.tv_usec = (to)->tv_usec; \
(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL, \
-- &sm_io_x_mask, (to)); \
-+ &sm_io_x_mask, &tv); \
+- &sm_io_x_mask, (to)); \
++ &sm_io_x_mask, &tv); \
} while ((sel_ret) < 0 && errno == EINTR); \
if ((sel_ret) < 0) \
{ \
--- sendmail/sfsasl.c
-+++ sendmail/sfsasl.c 2016-04-14 07:25:09.777909439 +0000
-@@ -609,8 +609,6 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo
++++ sendmail/sfsasl.c 2020-07-28 06:16:36.453638343 +0000
+@@ -610,8 +610,6 @@ tls_retry(ssl, rfd, wfd, tlsstart, timeo
left = timeout - (now - tlsstart);
if (left <= 0)
return 0; /* timeout */
++++++ sendmail-8.15.2.dif -> sendmail-8.16.1.dif ++++++
++++ 906 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/sendmail/sendmail-8.15.2.dif
++++ and /work/SRC/openSUSE:Factory/.sendmail.new.3592/sendmail-8.16.1.dif
++++++ sendmail-fd-passing-libmilter.patch ++++++
--- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.764190753 +0200
+++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.768190766 +0200
@@ -1,10 +1,12 @@
-Description: systemd-like socket activation support for libmilter
-Author: Mikhail Gusarov <dotted...@debian.org
+---
+ libmilter/docs/smfi_setconn.html | 1 +
+ libmilter/listener.c | 27 ++++++++++++++++++++++++---
+ 2 files changed, 25 insertions(+), 3 deletions(-)
-diff --git a/sendmail-8.15.2/libmilter/docs/smfi_setconn.html
b/sendmail-8.15.2/libmilter/docs/smfi_setconn.html
+diff --git a/libmilter/docs/smfi_setconn.html
b/libmilter/docs/smfi_setconn.html
--- a/libmilter/docs/smfi_setconn.html
+++ b/libmilter/docs/smfi_setconn.html
-@@ -43,6 +43,7 @@ Set the socket through which this filter
+@@ -44,6 +44,7 @@ Set the socket through which this filter
<LI><CODE>{unix|local}:/path/to/file</CODE> -- A named pipe.
<LI><CODE>inet:port@{hostname|ip-address}</CODE> -- An IPV4 socket.
<LI><CODE>inet6:port@{hostname|ip-address}</CODE> -- An IPV6 socket.
@@ -12,7 +14,7 @@
</UL>
</TD></TR>
</TABLE>
-diff --git a/sendmail-8.15.2/libmilter/listener.c
b/sendmail-8.15.2/libmilter/listener.c
+diff --git a/libmilter/listener.c b/libmilter/listener.c
--- a/libmilter/listener.c
+++ b/libmilter/listener.c
@@ -197,6 +197,11 @@ mi_milteropen(conn, backlog, rmsocket, n
@@ -53,7 +55,7 @@
@@ -466,6 +485,7 @@ mi_milteropen(conn, backlog, rmsocket, n
#if NETUNIX
addr.sa.sa_family != AF_UNIX &&
- #endif /* NETUNIX */
+ #endif
+ addr.sa.sa_family != AF_UNSPEC &&
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *) &sockopt,
sizeof(sockopt)) == -1)
@@ -71,7 +73,7 @@
@@ -818,7 +839,7 @@ mi_listener(conn, dbg, smfi, timeout, ba
# ifdef BSD4_4_SOCKADDR
cliaddr.sa.sa_len == 0 ||
- # endif /* BSD4_4_SOCKADDR */
+ # endif
- cliaddr.sa.sa_family != L_family))
+ (L_family != AF_UNSPEC && cliaddr.sa.sa_family !=
L_family)))
{
++++++ sendmail-rpmlintrc ++++++
--- /var/tmp/diff_new_pack.uxnYft/_old 2020-07-31 15:53:59.788190834 +0200
+++ /var/tmp/diff_new_pack.uxnYft/_new 2020-07-31 15:53:59.788190834 +0200
@@ -17,3 +17,4 @@
addFilter(".*binary-or-shlib-calls-gethostbyname.*")
addFilter(".*sendmail-devel.*no-dependency-on.*sendmail.*")
addFilter(".*explicit-lib-dependency.*libmilter1_0.*")
+addFilter(".*W:.*explicit-lib-dependency.*libnss_usrfiles2.*")
++++++ sendmail-suse.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sendmail-suse/devtools/Site/site.config.m4
new/sendmail-suse/devtools/Site/site.config.m4
--- old/sendmail-suse/devtools/Site/site.config.m4 2017-11-29
11:59:59.559581162 +0100
+++ new/sendmail-suse/devtools/Site/site.config.m4 2020-07-28
10:15:44.250162398 +0200
@@ -109,7 +109,8 @@
appdef(`conf_sendmail_ENVDEF', `-D_FFR_SKIP_DOMAINS')dnl
dnl appdef(`conf_sendmail_ENVDEF', `-DPICKY_HELO_CHECK')dnl
appdef(`conf_sendmail_ENVDEF',
`-D_PATH_SENDMAILPID=\"/var/run/sendmail.pid\"')dnl
-appdef(`conf_sendmail_ENVDEF', `-DSTARTTLS -DEGD -DSASL=2')dnl
+appdef(`conf_sendmail_ENVDEF', `-DDANE -DSTARTTLS -DEGD -DSASL=2')dnl
+appdef(`conf_sendmail_ENVDEF', `-DTLS_EC')dnl
appdef(`conf_sendmail_ENVDEF', `-D_FFR_TLS_EC')dnl
appdef(`conf_sendmail_ENVDEF', `-D_FFR_TLS_SE_OPTS')dnl
appdef(`conf_sendmail_ENVDEF', `-DSM_CONF_SHM')dnl
++++++ sendmail.8.15.2.tar.gz -> sendmail.8.16.1.tar.gz ++++++
++++ 63370 lines of diff (skipped)
++++++ sendmail.keyring ++++++
++++ 3718 lines (skipped)
