Accepting request 795485 from home:stroeder:branches:server:mail

Update to 3.5.1 fixing DNSSEC and DANE. Successfully tested on Tumbleweed x86_64 with dane-only TLS policy. OBS-URL: https://build.opensuse.org/request/show/795485 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=363
2020-04-20 18:33:45 +00:00 · 2020-04-20 18:33:45 +00:00 · 08ff5cea88
commit 08ff5cea88
parent 14375c8ad9
6 changed files with 43 additions and 49 deletions
--- a/deprecated-RES_INSECURE1.patch
+++ b/deprecated-RES_INSECURE1.patch
@ -1,33 +0,0 @@
-diff --git a/postfix/src/dns/dns_str_resflags.c b/postfix/src/dns/dns_str_resflags.c
-index 5f2cce5e0..472394c3a 100644
--- a/postfix/src/dns/dns_str_resflags.c
-+++ b/postfix/src/dns/dns_str_resflags.c
-@@ -52,18 +52,28 @@
- static const LONG_NAME_MASK resflag_table[] = {
-     "RES_INIT", RES_INIT,
-     "RES_DEBUG", RES_DEBUG,
-+#ifdef RES_AAONLY
-     "RES_AAONLY", RES_AAONLY,
-+#endif
-     "RES_USEVC", RES_USEVC,
-+#ifdef RES_PRIMARY
-     "RES_PRIMARY", RES_PRIMARY,
-+#endif
-     "RES_IGNTC", RES_IGNTC,
-     "RES_RECURSE", RES_RECURSE,
-     "RES_DEFNAMES", RES_DEFNAMES,
-     "RES_STAYOPEN", RES_STAYOPEN,
-     "RES_DNSRCH", RES_DNSRCH,
-+#ifdef RES_INSECURE1
-     "RES_INSECURE1", RES_INSECURE1,
-+#endif
-+#ifdef RES_INSECURE2
-     "RES_INSECURE2", RES_INSECURE2,
-+#endif
-     "RES_NOALIASES", RES_NOALIASES,
-+#ifdef RES_USE_INET6
-     "RES_USE_INET6", RES_USE_INET6,
-+#endif
- #ifdef RES_ROTATE
-     "RES_ROTATE", RES_ROTATE,
- #endif
--- a/postfix-3.4.10.tar.gz
+++ b/postfix-3.4.10.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:908a66fc38537a0047e8561e1bc0ef096c53357ffad16d2d728cd4fc8ae56654
-size 4573370
--- a/postfix-3.5.1.tar.gz
+++ b/postfix-3.5.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dbce092db23253c0e990c082da2ef1d7921e6896c0a2991d2a8fd9443abb41d4
+size 4609587
--- a/postfix-master.cf.patch
+++ b/postfix-master.cf.patch
@ -1,5 +1,5 @@
--- conf/master.cf.orig	2019-03-11 13:45:38.792457629 +0100
-+++ conf/master.cf	2019-03-11 13:50:08.312456601 +0100
+--- conf/master.cf.orig	2020-04-19 12:30:46.108385239 +0200
+++ conf/master.cf	2020-04-19 12:33:14.899620955 +0200
@@ -10,6 +10,11 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
@ -12,14 +12,14 @@
 #smtp      inet  n       -       n       -       1       postscreen
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
-@@ -29,6 +34,7 @@
- #smtps     inet  n       -       n       -       -       smtpd
- #  -o syslog_name=postfix/smtps
- #  -o smtpd_tls_wrappermode=yes
+@@ -17,6 +22,7 @@
+ #submission inet n       -       n       -       -       smtpd
+ #  -o syslog_name=postfix/submission
+ #  -o smtpd_tls_security_level=encrypt
 +#  -o content_filter=smtp:[127.0.0.1]:10024
 #  -o smtpd_sasl_auth_enable=yes
+ #  -o smtpd_tls_auth_only=yes
 #  -o smtpd_reject_unlisted_recipient=no
- #  -o smtpd_client_restrictions=$mua_client_restrictions
@@ -65,6 +71,26 @@
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache
@ -51,14 +51,14 @@
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 #
 #cyrus     unix  -       n       n       -       -       pipe
-#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-+#  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+-#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#  flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
 #
 # ====================================================================
 #
@@ -131,3 +157,10 @@
 #mailman   unix  -       n       n       -       -       pipe
- #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ #  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
 +#
 +#procmail  unix  -       n       n       -       -       pipe
--- a/postfix.changes
+++ b/postfix.changes
@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
+  lookups and DANE mail transport work again
+- Update to 3.5.1:
+  * Support for the haproxy v2 protocol. The Postfix implementation
+    supports TCP over IPv4 and IPv6, as well as non-proxied
+    connections; the latter are typically used for heartbeat tests.
+  * Support to force-expire email messages. This introduces new
+    postsuper(1) command-line options to request expiration, and
+    additional information in mailq(1) or postqueue(1) output.
+  * The Postfix SMTP and LMTP client support a list of nexthop
+    destinations separated by comma or whitespace. These destinations
+    will be tried in the specified order.
+  * Incompatible changes:
+    * Logging: Postfix daemon processes now log the from= and to=
+      addresses in external (quoted) form in non-debug logging (info,
+      warning, etc.). This means that when an address localpart
+      contains spaces or other special characters, the localpart will
+      be quoted, for example:
+      from=<"name with spaces"@example.com>
+      Specify "info_log_address_format = internal" for backwards compatibility.
+    * Postfix now normalizes IP addresses received with XCLIENT,
+      XFORWARD, or with the HaProxy protocol, for consistency with
+      direct connections to Postfix. This may change the appearance
+      of logging, and the way that check_client_access will match
+      subnets of an IPv6 address.
+
 -------------------------------------------------------------------
 Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder <michael@stroeder.com>

--- a/postfix.spec
+++ b/postfix.spec
@ -53,7 +53,7 @@
 %bcond_with    libnsl
 %endif
 Name:           postfix
-Version:        3.4.10
+Version:        3.5.1
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0
@ -74,7 +74,6 @@ Patch7:         %{name}-ssl-release-buffers.patch
 Patch8:         %{name}-vda-v14-3.0.3.patch
 Patch9:         fix-postfix-script.patch
 Patch10:        %{name}-avoid-infinit-loop-if-no-permission.patch
-Patch11:        deprecated-RES_INSECURE1.patch
 BuildRequires:  ca-certificates
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  db-devel
@ -176,7 +175,6 @@ PostgreSQL.
 %patch8
 %patch9
 %patch10
-%patch11 -p2

 # ---------------------------------------------------------------------------