Accepting request 1069659 from server:mail

OBS-URL: https://build.opensuse.org/request/show/1069659
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postfix?expand=0&rev=224

postfix-3.7.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d22f3d37ef75613d5d573b56fc51ef097f2c0d0b0e407923711f71c1fb72911b
-size 4825380

postfix-3.7.3.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (FreeBSD)
-
-iFcDBQBjQKxEDAtZDoDKFacRCnU6APwI1eWviqhWfHGeA3GdG8TiuXfiBTll5q+e
-Zq3cdSf4GAD/TMKLnv1XLzvVY4hm8r+D9TwrhVrWDubm7cNjMCfbl/Q=
-=T+nU
------END PGP SIGNATURE-----

postfix-3.7.4.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4c137a2303448f25993836837deeae87fac5d4d03af11ade8e9bead806328645
+size 4833834

postfix-3.7.4.tar.gz.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iFcDBQBjzFvcDAtZDoDKFacRCi65AP9HiQ6xU2JlaR+OuYh3ZRvMZhGjkHuJhXNP
+6WYbr48pHwD+If3p4MRLiehbNxK3uSWyaOC3ztV6NTEbk1rwfbdBGGI=
+=nQt/
+-----END PGP SIGNATURE-----

postfix-bdb.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- update to 3.7.4
+  * Workaround: with OpenSSL 3 and later always turn on
+    SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
+    opportunities for TLS session reuse. This is safe because the SMTP protocol
+    implements application-level framing, and is therefore not affected by TLS
+    truncation attacks.
+  * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
+    handles for digest implementations. In sufficiently hostile configurations,
+    Postfix could mistakenly believe that a digest algorithm is available, and
+    fail when it is not. A similar workaround may be needed for
+    EVP_get_cipherbyname().
+  * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
+    tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
+    the argument only if there was no prior error.
+  * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
+    violation when postscreen_dnsbl_threshold < 1. It should reject such input
+    with a fatal error instead.
+  * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
+  * Portability: Linux 6 support.
+  * Added missing documentation that cidr:, pcre: and regexp: tables support
+    inline specification only in Postfix 3.7 and later.
+  * Rebased postfix-linux45.patch
+
 -------------------------------------------------------------------
 Thu Feb  9 20:13:42 UTC 2023 - Peter Varkoly <varkoly@suse.com>
 

postfix-bdb.spec

@@ -59,7 +59,7 @@
 %endif
 %bcond_without ldap
 Name:           postfix-bdb
-Version: 3.7.3
+Version:        3.7.4
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0

postfix-linux45.patch

@@ -1,15 +1,15 @@
-Index: makedefs
+---
-===================================================================
+ makedefs |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
 --- makedefs.orig
 +++ makedefs
-@@ -627,8 +627,8 @@ EOF
+@@ -627,7 +627,7 @@ EOF
  		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
  		: ${PLUGIN_LD="${CC-gcc} -shared"}
  		;;
-- Linux.[345].*)	SYSTYPE=LINUX$RELEASE_MAJOR
+-Linux.[3456].*)	SYSTYPE=LINUX$RELEASE_MAJOR
--		case "$CCARGS" in
++Linux.[3-9].*|Linux.[1-9][0-9].*)    SYSTYPE=LINUX3
-+ Linux.[3-9].*|Linux.[1-9][0-9].*)    SYSTYPE=LINUX3
+ 		case "$CCARGS" in
-+   case "$CCARGS" in
  		 *-DNO_DB*) ;;
  		 *-DHAS_DB*) ;;
- 		 *) if [ -f /usr/include/db.h ]

postfix.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- update to 3.7.4
+  * Workaround: with OpenSSL 3 and later always turn on
+    SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
+    opportunities for TLS session reuse. This is safe because the SMTP protocol
+    implements application-level framing, and is therefore not affected by TLS
+    truncation attacks.
+  * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
+    handles for digest implementations. In sufficiently hostile configurations,
+    Postfix could mistakenly believe that a digest algorithm is available, and
+    fail when it is not. A similar workaround may be needed for
+    EVP_get_cipherbyname().
+  * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
+    tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
+    the argument only if there was no prior error.
+  * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
+    violation when postscreen_dnsbl_threshold < 1. It should reject such input
+    with a fatal error instead.
+  * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
+  * Portability: Linux 6 support.
+  * Added missing documentation that cidr:, pcre: and regexp: tables support
+    inline specification only in Postfix 3.7 and later.
+  * Rebased postfix-linux45.patch
+
 -------------------------------------------------------------------
 Thu Feb  9 20:13:42 UTC 2023 - Peter Varkoly <varkoly@suse.com>
 

postfix.spec

@@ -46,7 +46,7 @@
 %endif
 %bcond_without ldap
 Name:           postfix
-Version:        3.7.3
+Version:        3.7.4
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0