postfix/postfix-linux45.patch

---
 makedefs |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: makedefs
===================================================================
--- makedefs.orig
+++ makedefs
@@ -631,8 +631,8 @@ EOF
 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
 		: ${PLUGIN_LD="${CC-gcc} -shared"}
 		;;
-    Linux.[3456].*)
-		SYSTYPE=LINUX$RELEASE_MAJOR
+    Linux.[3-9].*|Linux.[1-9][0-9].*)
+		SYSTYPE=LINUX3
 		case "$CCARGS" in
 		 *-DNO_DB*) ;;
 		 *-DHAS_DB*) ;;
Accepting request 1067720 from home:ohollmann:branches:server:mail - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. * Rebased postfix-linux45.patch - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound OBS-URL: https://build.opensuse.org/request/show/1067720 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=453 2023-03-06 15:29:24 +01:00			`---`
			`makedefs \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

Accepting request 1143513 from home:computersalat:devel:mail rework fix for bsc#1192173, rework SMTP Smuggling defaults, sync main.cf patches, sync changes files OBS-URL: https://build.opensuse.org/request/show/1143513 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=472 2024-02-08 21:14:21 +01:00			`Index: makedefs`
			`===================================================================`
Accepting request 896790 from home:darix:playground This is work in progress: Do not accept yet How do we plan to handle the section from the RELEASE_NOTES about the internal process updates? https://de.postfix.org/ftpmirror/official/postfix-3.6.0.RELEASE_NOTES do we just hope that the restart will be fast enough? OBS-URL: https://build.opensuse.org/request/show/896790 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=413 2021-06-02 12:12:35 +02:00			`--- makedefs.orig`
			`+++ makedefs`
Accepting request 1080180 from home:adkorte:branches:server:mail - update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client__rate and smtpd_client__count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. - rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch OBS-URL: https://build.opensuse.org/request/show/1080180 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454 2023-04-27 23:59:58 +02:00			`@@ -631,8 +631,8 @@ EOF`
- bnc#830818 - yast2-mail does not set amavis configuration correctly OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=260 2017-04-09 20:32:47 +02:00			: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
			`: ${PLUGIN_LD="${CC-gcc} -shared"}`
			`;;`
Accepting request 1080180 from home:adkorte:branches:server:mail - update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client__rate and smtpd_client__count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. - rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch OBS-URL: https://build.opensuse.org/request/show/1080180 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454 2023-04-27 23:59:58 +02:00			`- Linux.[3456].*)`
			`- SYSTYPE=LINUX$RELEASE_MAJOR`
			`+ Linux.[3-9].\|Linux.[1-9][0-9].)`
			`+ SYSTYPE=LINUX3`
Accepting request 1067720 from home:ohollmann:branches:server:mail - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound handles for digest implementations. In sufficiently hostile configurations, Postfix could mistakenly believe that a digest algorithm is available, and fail when it is not. A similar workaround may be needed for EVP_get_cipherbyname(). * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate the argument only if there was no prior error. * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation violation when postscreen_dnsbl_threshold < 1. It should reject such input with a fatal error instead. * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions. * Portability: Linux 6 support. * Added missing documentation that cidr:, pcre: and regexp: tables support inline specification only in Postfix 3.7 and later. * Rebased postfix-linux45.patch - update to 3.7.4 * Workaround: with OpenSSL 3 and later always turn on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed opportunities for TLS session reuse. This is safe because the SMTP protocol implements application-level framing, and is therefore not affected by TLS truncation attacks. * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound OBS-URL: https://build.opensuse.org/request/show/1067720 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=453 2023-03-06 15:29:24 +01:00			`case "$CCARGS" in`
- bnc#830818 - yast2-mail does not set amavis configuration correctly OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=260 2017-04-09 20:32:47 +02:00			`-DNO_DB) ;;`
			`-DHAS_DB) ;;`