From 08ff5cea88f5232bdbcbd10732bf439d80e5f5cddb94bca1e1ab8a0ce61b14e4 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Mon, 20 Apr 2020 18:33:45 +0000
Subject: [PATCH] Accepting request 795485 from
 home:stroeder:branches:server:mail

Update to 3.5.1 fixing DNSSEC and DANE. Successfully tested on Tumbleweed x86_64 with dane-only TLS policy.

OBS-URL: https://build.opensuse.org/request/show/795485
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=363
---
 deprecated-RES_INSECURE1.patch | 33 ---------------------------------
 postfix-3.4.10.tar.gz          |  3 ---
 postfix-3.5.1.tar.gz           |  3 +++
 postfix-master.cf.patch        | 20 ++++++++++----------
 postfix.changes                | 29 +++++++++++++++++++++++++++++
 postfix.spec                   |  4 +---
 6 files changed, 43 insertions(+), 49 deletions(-)
 delete mode 100644 deprecated-RES_INSECURE1.patch
 delete mode 100644 postfix-3.4.10.tar.gz
 create mode 100644 postfix-3.5.1.tar.gz

diff --git a/deprecated-RES_INSECURE1.patch b/deprecated-RES_INSECURE1.patch
deleted file mode 100644
index 02faf94..0000000
--- a/deprecated-RES_INSECURE1.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff --git a/postfix/src/dns/dns_str_resflags.c b/postfix/src/dns/dns_str_resflags.c
-index 5f2cce5e0..472394c3a 100644
---- a/postfix/src/dns/dns_str_resflags.c
-+++ b/postfix/src/dns/dns_str_resflags.c
-@@ -52,18 +52,28 @@
- static const LONG_NAME_MASK resflag_table[] = {
-     "RES_INIT", RES_INIT,
-     "RES_DEBUG", RES_DEBUG,
-+#ifdef RES_AAONLY
-     "RES_AAONLY", RES_AAONLY,
-+#endif
-     "RES_USEVC", RES_USEVC,
-+#ifdef RES_PRIMARY
-     "RES_PRIMARY", RES_PRIMARY,
-+#endif
-     "RES_IGNTC", RES_IGNTC,
-     "RES_RECURSE", RES_RECURSE,
-     "RES_DEFNAMES", RES_DEFNAMES,
-     "RES_STAYOPEN", RES_STAYOPEN,
-     "RES_DNSRCH", RES_DNSRCH,
-+#ifdef RES_INSECURE1
-     "RES_INSECURE1", RES_INSECURE1,
-+#endif
-+#ifdef RES_INSECURE2
-     "RES_INSECURE2", RES_INSECURE2,
-+#endif
-     "RES_NOALIASES", RES_NOALIASES,
-+#ifdef RES_USE_INET6
-     "RES_USE_INET6", RES_USE_INET6,
-+#endif
- #ifdef RES_ROTATE
-     "RES_ROTATE", RES_ROTATE,
- #endif
diff --git a/postfix-3.4.10.tar.gz b/postfix-3.4.10.tar.gz
deleted file mode 100644
index 7531c9c..0000000
--- a/postfix-3.4.10.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:908a66fc38537a0047e8561e1bc0ef096c53357ffad16d2d728cd4fc8ae56654
-size 4573370
diff --git a/postfix-3.5.1.tar.gz b/postfix-3.5.1.tar.gz
new file mode 100644
index 0000000..d79c143
--- /dev/null
+++ b/postfix-3.5.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dbce092db23253c0e990c082da2ef1d7921e6896c0a2991d2a8fd9443abb41d4
+size 4609587
diff --git a/postfix-master.cf.patch b/postfix-master.cf.patch
index 0ca7485..53996bf 100644
--- a/postfix-master.cf.patch
+++ b/postfix-master.cf.patch
@@ -1,5 +1,5 @@
---- conf/master.cf.orig	2019-03-11 13:45:38.792457629 +0100
-+++ conf/master.cf	2019-03-11 13:50:08.312456601 +0100
+--- conf/master.cf.orig	2020-04-19 12:30:46.108385239 +0200
++++ conf/master.cf	2020-04-19 12:33:14.899620955 +0200
 @@ -10,6 +10,11 @@
  #               (yes)   (yes)   (no)    (never) (100)
  # ==========================================================================
@@ -12,14 +12,14 @@
  #smtp      inet  n       -       n       -       1       postscreen
  #smtpd     pass  -       -       n       -       -       smtpd
  #dnsblog   unix  -       -       n       -       0       dnsblog
-@@ -29,6 +34,7 @@
- #smtps     inet  n       -       n       -       -       smtpd
- #  -o syslog_name=postfix/smtps
- #  -o smtpd_tls_wrappermode=yes
+@@ -17,6 +22,7 @@
+ #submission inet n       -       n       -       -       smtpd
+ #  -o syslog_name=postfix/submission
+ #  -o smtpd_tls_security_level=encrypt
 +#  -o content_filter=smtp:[127.0.0.1]:10024
  #  -o smtpd_sasl_auth_enable=yes
+ #  -o smtpd_tls_auth_only=yes
  #  -o smtpd_reject_unlisted_recipient=no
- #  -o smtpd_client_restrictions=$mua_client_restrictions
 @@ -65,6 +71,26 @@
  anvil     unix  -       -       n       -       1       anvil
  scache    unix  -       -       n       -       1       scache
@@ -51,14 +51,14 @@
  # Also specify in main.cf: cyrus_destination_recipient_limit=1
  #
  #cyrus     unix  -       n       n       -       -       pipe
--#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
-+#  user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+-#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
++#  flags=DRX user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
  #
  # ====================================================================
  #
 @@ -131,3 +157,10 @@
  #mailman   unix  -       n       n       -       -       pipe
- #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+ #  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  #  ${nexthop} ${user}
 +#
 +#procmail  unix  -       n       n       -       -       pipe
diff --git a/postfix.changes b/postfix.changes
index d3ec38f..d713b71 100644
--- a/postfix.changes
+++ b/postfix.changes
@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Sun Apr 19 10:22:12 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured
+  lookups and DANE mail transport work again
+- Update to 3.5.1:
+  * Support for the haproxy v2 protocol. The Postfix implementation
+    supports TCP over IPv4 and IPv6, as well as non-proxied
+    connections; the latter are typically used for heartbeat tests.
+  * Support to force-expire email messages. This introduces new
+    postsuper(1) command-line options to request expiration, and
+    additional information in mailq(1) or postqueue(1) output.
+  * The Postfix SMTP and LMTP client support a list of nexthop
+    destinations separated by comma or whitespace. These destinations
+    will be tried in the specified order.
+  * Incompatible changes:
+    * Logging: Postfix daemon processes now log the from= and to=
+      addresses in external (quoted) form in non-debug logging (info,
+      warning, etc.). This means that when an address localpart
+      contains spaces or other special characters, the localpart will
+      be quoted, for example:
+      from=<"name with spaces"@example.com>
+      Specify "info_log_address_format = internal" for backwards compatibility.
+    * Postfix now normalizes IP addresses received with XCLIENT,
+      XFORWARD, or with the HaProxy protocol, for consistency with
+      direct connections to Postfix. This may change the appearance
+      of logging, and the way that check_client_access will match
+      subnets of an IPv6 address.
+
 -------------------------------------------------------------------
 Fri Mar 13 14:29:32 UTC 2020 - Michael Ströder <michael@stroeder.com>
 
diff --git a/postfix.spec b/postfix.spec
index f784b80..dced9d0 100644
--- a/postfix.spec
+++ b/postfix.spec
@@ -53,7 +53,7 @@
 %bcond_with    libnsl
 %endif
 Name:           postfix
-Version:        3.4.10
+Version:        3.5.1
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0
@@ -74,7 +74,6 @@ Patch7:         %{name}-ssl-release-buffers.patch
 Patch8:         %{name}-vda-v14-3.0.3.patch
 Patch9:         fix-postfix-script.patch
 Patch10:        %{name}-avoid-infinit-loop-if-no-permission.patch
-Patch11:        deprecated-RES_INSECURE1.patch
 BuildRequires:  ca-certificates
 BuildRequires:  cyrus-sasl-devel
 BuildRequires:  db-devel
@@ -176,7 +175,6 @@ PostgreSQL.
 %patch8
 %patch9
 %patch10
-%patch11 -p2
 
 # ---------------------------------------------------------------------------