pool/postfix
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1067720 from home:ohollmann:branches:server:mail

Browse Source 
- update to 3.7.4
  * Workaround: with OpenSSL 3 and later always turn on
    SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
    opportunities for TLS session reuse. This is safe because the SMTP protocol
    implements application-level framing, and is therefore not affected by TLS
    truncation attacks.
  * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
    handles for digest implementations. In sufficiently hostile configurations,
    Postfix could mistakenly believe that a digest algorithm is available, and
    fail when it is not. A similar workaround may be needed for
    EVP_get_cipherbyname().
  * Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
    tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
    the argument only if there was no prior error.
  * Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
    violation when postscreen_dnsbl_threshold < 1. It should reject such input
    with a fatal error instead.
  * Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
  * Portability: Linux 6 support.
  * Added missing documentation that cidr:, pcre: and regexp: tables support
    inline specification only in Postfix 3.7 and later.
  * Rebased postfix-linux45.patch

- update to 3.7.4
  * Workaround: with OpenSSL 3 and later always turn on
    SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
    opportunities for TLS session reuse. This is safe because the SMTP protocol
    implements application-level framing, and is therefore not affected by TLS
    truncation attacks.
  * Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound

OBS-URL: https://build.opensuse.org/request/show/1067720
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=453
This commit is contained in:
Dirk Mueller 2023-03-06 14:29:24 +00:00 committed by Git OBS Bridge
parent d13927abf8
commit 8d5a3b42e3
9 changed files with 72 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
postfix-3.7.3.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d22f3d37ef75613d5d573b56fc51ef097f2c0d0b0e407923711f71c1fb72911b
size 4825380

7
postfix-3.7.3.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iFcDBQBjQKxEDAtZDoDKFacRCnU6APwI1eWviqhWfHGeA3GdG8TiuXfiBTll5q+e
Zq3cdSf4GAD/TMKLnv1XLzvVY4hm8r+D9TwrhVrWDubm7cNjMCfbl/Q=
=T+nU
-----END PGP SIGNATURE-----

3
postfix-3.7.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4c137a2303448f25993836837deeae87fac5d4d03af11ade8e9bead806328645
size 4833834

7
postfix-3.7.4.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iFcDBQBjzFvcDAtZDoDKFacRCi65AP9HiQ6xU2JlaR+OuYh3ZRvMZhGjkHuJhXNP
6WYbr48pHwD+If3p4MRLiehbNxK3uSWyaOC3ztV6NTEbk1rwfbdBGGI=
=nQt/
-----END PGP SIGNATURE-----

26
postfix-bdb.changes
View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- update to 3.7.4
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP protocol
implements application-level framing, and is therefore not affected by TLS
truncation attacks.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
handles for digest implementations. In sufficiently hostile configurations,
Postfix could mistakenly believe that a digest algorithm is available, and
fail when it is not. A similar workaround may be needed for
EVP_get_cipherbyname().
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
the argument only if there was no prior error.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
violation when postscreen_dnsbl_threshold < 1. It should reject such input
with a fatal error instead.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables support
inline specification only in Postfix 3.7 and later.
* Rebased postfix-linux45.patch
-------------------------------------------------------------------
Thu Feb 9 20:13:42 UTC 2023 - Peter Varkoly <varkoly@suse.com>

2
postfix-bdb.spec
View File

@ -59,7 +59,7 @@
%endif
%bcond_without ldap
Name: postfix-bdb
Version: 3.7.3
Version: 3.7.4
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0 OR EPL-2.0

16
postfix-linux45.patch
View File

@ -1,15 +1,15 @@
Index: makedefs
===================================================================
---
makedefs | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- makedefs.orig
+++ makedefs
@@ -627,8 +627,8 @@ EOF
@@ -627,7 +627,7 @@ EOF
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
;;
- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
- case "$CCARGS" in
+ Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3
+ case "$CCARGS" in
-Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MAJOR
+Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3
case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
*) if [ -f /usr/include/db.h ]

26
postfix.changes
View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- update to 3.7.4
* Workaround: with OpenSSL 3 and later always turn on
SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages and missed
opportunities for TLS session reuse. This is safe because the SMTP protocol
implements application-level framing, and is therefore not affected by TLS
truncation attacks.
* Workaround: OpenSSL 3.x EVP_get_digestbyname() can return lazily-bound
handles for digest implementations. In sufficiently hostile configurations,
Postfix could mistakenly believe that a digest algorithm is available, and
fail when it is not. A similar workaround may be needed for
EVP_get_cipherbyname().
* Bugfix (bug introduced in Postfix 2.11): the checkok() macro in
tls/tls_fprint.c evaluated its argument unconditionally; it should evaluate
the argument only if there was no prior error.
* Bugfix (bug introduced in Postfix 2.8): postscreen died with a segmentation
violation when postscreen_dnsbl_threshold < 1. It should reject such input
with a fatal error instead.
* Bitrot: fixes for linker warnings from newer Darwin (MacOS) versions.
* Portability: Linux 6 support.
* Added missing documentation that cidr:, pcre: and regexp: tables support
inline specification only in Postfix 3.7 and later.
* Rebased postfix-linux45.patch
-------------------------------------------------------------------
Thu Feb 9 20:13:42 UTC 2023 - Peter Varkoly <varkoly@suse.com>

2
postfix.spec
View File

@ -46,7 +46,7 @@
%endif
%bcond_without ldap
Name: postfix
Version: 3.7.3
Version: 3.7.4
Release: 0
Summary: A fast, secure, and flexible mailer
License: IPL-1.0 OR EPL-2.0