Accepting request 1135431 from server:mail

- update default configuration to enable the long-term fix for
  bsc#1218304, CVE-2023-51764, SMTP smuggling attack:
  * smtpd_forbid_bare_newline = yes
  * smtpd_forbid_bare_newline_exclusions = $mynetworks

- update to 3.8.4 (bsc#1218304, CVE-2023-51764):
    https://www.postfix.org/smtp-smuggling.html
- Syntax error in update_postmaps script (bsc#1216061)
  (bsc#1215372)
  (bsc#1192314)
  Adapt proposed change: using "cp -afL" by copying.
  Define HAS_CLOSEFROM
  (bsc#1189101)
  (bsc#1188477)
  (bsc#1066854)
  For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
  (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt -
  postfix broken: "queue file write error" and "error: unsupported
- bsc#1176650 L3: What is regularly triggering the "fillup"
  o add patch for main.cf for postfix-bdb package
- Delete postfix-SUSE/README.SuSE, company name spelled wrong,
- bsc#1162891 server:mail/postfix: cond_slp bug on TW after
- bsc#1160413 postfix fails with -fno-common
- bsc#1142881 - mkpostfixcert from Postfix still uses md
  o Major changes
      Postfix 3.4.4 fixes both.
  o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty
- Replace references to /var/adm/fillup-templates with new
- bnc#1059512 L3: Postfix Problem
    seems to be obsolete)

OBS-URL: https://build.opensuse.org/request/show/1135431
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/postfix?expand=0&rev=231

postfix-bdb.spec

@@ -62,7 +62,7 @@ Name:           postfix-bdb
 Version:        3.8.4
 Release:        0
 Summary:        A fast, secure, and flexible mailer
-License:        IPL-1.0 OR EPL-2.0
+License:        EPL-2.0 OR IPL-1.0
 Group:          Productivity/Networking/Email/Servers
 URL:            http://www.postfix.org
 Source0:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz
@@ -108,8 +108,8 @@ Requires(post): permissions
 Requires(pre):  %fillup_prereq
 Requires(pre):  permissions
 Conflicts:      exim
-Conflicts:      sendmail
 Conflicts:      postfix
+Conflicts:      sendmail
 Provides:       smtp_daemon
 %{?systemd_ordering}
 %if %{with lmdb}
@@ -127,15 +127,15 @@ Requires(pre):  group(%{mail_group})
 Requires(pre):  shadow
 %endif
 # /usr/lib/postfix/bin//post-install: line 667: ed: command not found
-Requires(pre):    ed
-Requires(preun):  ed
-Requires(post):   ed
-Requires(postun): ed
+Requires(pre):  ed
+Requires(preun):ed
+Requires(post): ed
+Requires(postun):ed
 # /usr/sbin/config.postfix needs perl
-Requires(pre):    perl
-Requires(preun):  perl
-Requires(post):   perl
-Requires(postun): perl
+Requires(pre):  perl
+Requires(preun):perl
+Requires(post): perl
+Requires(postun):perl
 
 %description
 Postfix aims to be an alternative to the widely-used sendmail program with bdb support
@@ -395,6 +395,7 @@ rm -rf %{buildroot}/%{_includedir}/postfix/
 %if 0%{?suse_version} >= 1330
 %pre -f postfix.pre
 %else
+
 %pre
 getent group postfix >/dev/null || groupadd -g %{pf_gid} -o -r postfix
 getent group maildrop >/dev/null || groupadd -g %{maildrop_gid} -o -r maildrop

postfix-main.cf.patch

@@ -1,5 +1,7 @@
---- conf/main.cf.orig	2022-11-14 15:57:24.689108581 +0100
-+++ conf/main.cf	2022-11-14 16:02:33.255317483 +0100
+Index: conf/main.cf
+===================================================================
+--- conf/main.cf.orig
++++ conf/main.cf
 @@ -285,7 +285,7 @@ unknown_local_recipient_reject_code = 55
  #
  #mynetworks = 168.100.3.0/28, 127.0.0.0/8
@@ -48,7 +50,7 @@
  
  # PARALLEL DELIVERY TO THE SAME DESTINATION
  #
-@@ -682,4 +683,149 @@ sample_directory =
+@@ -682,4 +683,155 @@ sample_directory =
  # readme_directory: The location of the Postfix README files.
  #
  readme_directory =
@@ -105,6 +107,12 @@
 +
 +smtpd_recipient_restrictions = 
 +
++# mitigation for CVE-2023-51764 - SMTP smuggling attack
++# but allow local clients with non-standard SMTP implementations
++# such as netcat, fax machines, or load balancer health checks.
++#
++smtpd_forbid_bare_newline = yes
++smtpd_forbid_bare_newline_exclusions = $mynetworks
 +
 +############################################################
 +# SASL stuff

postfix.spec

@@ -42,14 +42,14 @@
 %if 0%{?suse_version} < 1599
 %bcond_without libnsl
 %else
-%bcond_with libnsl 
+%bcond_with libnsl
 %endif
 %bcond_without ldap
 Name:           postfix
 Version:        3.8.4
 Release:        0
 Summary:        A fast, secure, and flexible mailer
-License:        IPL-1.0 OR EPL-2.0
+License:        EPL-2.0 OR IPL-1.0
 Group:          Productivity/Networking/Email/Servers
 URL:            http://www.postfix.org
 Source0:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz
@@ -109,15 +109,15 @@ BuildRequires:  openldap2-devel
 BuildRequires:  libnsl-devel
 %endif
 # /usr/lib/postfix/bin//post-install: line 667: ed: command not found
-Requires(pre):    /usr/bin/ed
-Requires(preun):  /usr/bin/ed
-Requires(post):   /usr/bin/ed
-Requires(postun): /usr/bin/ed
+Requires(pre):  /usr/bin/ed
+Requires(preun):/usr/bin/ed
+Requires(post): /usr/bin/ed
+Requires(postun):/usr/bin/ed
 # /usr/sbin/config.postfix needs perl
-Requires(pre):    perl
-Requires(preun):  perl
-Requires(post):   perl
-Requires(postun): perl
+Requires(pre):  perl
+Requires(preun):perl
+Requires(post): perl
+Requires(postun):perl
 
 %description
 Postfix aims to be an alternative to the widely-used sendmail program.