Accepting request 1080180 from home:adkorte:branches:server:mail

- update to 3.8.0 * Support to look up DNS SRV records in the Postfix SMTP/LMTP client, Based on code by Tomas Korbar (Red Hat). For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records. * TLS obsolescence: Postfix now treats the "export" and "low" cipher grade settings as "medium". The "export" and "low" grades are no longer supported in OpenSSL 1.1.1, the minimum version required in Postfix 3.6.0 and later. Also, Postfix default settings now exclude deprecated or unused ciphers (SEED, IDEA, 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms (DH, ECDH), and public key algorithm (DSS). * Attack resistance: the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block instead of by IP address, to raise the bar against a memory exhaustion attack in the anvil(8) server; Postfix TLS support unconditionally disables TLS renegotiation in the middle of an SMTP connection, to avoid a CPU exhaustion attack. * The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1", which is not useful in the context of SMTP. * The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input. - rebase/refresh patches * pointer_to_literals.patch * postfix-linux45.patch * postfix-master.cf.patch * postfix-ssl-release-buffers.patch * set-default-db-type.patch OBS-URL: https://build.opensuse.org/request/show/1080180 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=454
2023-04-27 21:59:58 +00:00 · 2023-04-27 21:59:58 +00:00 · e9b4a7071e
commit e9b4a7071e
parent 8d5a3b42e3
13 changed files with 113 additions and 30 deletions
--- a/pointer_to_literals.patch
+++ b/pointer_to_literals.patch
@ -28,7 +28,7 @@ Index: src/smtpd/smtpd_check.c
 ===================================================================
 --- src/smtpd/smtpd_check.c.orig
 +++ src/smtpd/smtpd_check.c
-@@ -383,6 +383,10 @@ static STRING_LIST *smtpd_acl_perm_log;
+@@ -384,6 +384,10 @@ static STRING_LIST *smtpd_acl_perm_log;
 #define CONST_STR(x)	((const char *) vstring_str(x))
 #define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); }
 
@ -39,7 +39,7 @@ Index: src/smtpd/smtpd_check.c
  /*
   * If some decision can't be made due to a temporary error, then change
   * other decisions into deferrals.
-@@ -2394,8 +2398,6 @@ static int check_table_result(SMTPD_STAT
+@@ -2395,8 +2399,6 @@ static int check_table_result(SMTPD_STAT
     if (msg_verbose)
 	msg_info("%s: %s %s %s", myname, table, value, datum);
 
@ -48,7 +48,7 @@ Index: src/smtpd/smtpd_check.c
     /*
      * DUNNO means skip this table. Silently ignore optional text.
      */
-@@ -3482,8 +3484,6 @@ static const char *rbl_expand_lookup(con
+@@ -3483,8 +3485,6 @@ static const char *rbl_expand_lookup(con
     SMTPD_RBL_EXPAND_CONTEXT *rbl_exp = (SMTPD_RBL_EXPAND_CONTEXT *) context;
     SMTPD_STATE *state = rbl_exp->state;
 
--- a/postfix-3.7.4.tar.gz
+++ b/postfix-3.7.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4c137a2303448f25993836837deeae87fac5d4d03af11ade8e9bead806328645
-size 4833834
--- a/postfix-3.7.4.tar.gz.asc
+++ b/postfix-3.7.4.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (FreeBSD)
-
-iFcDBQBjzFvcDAtZDoDKFacRCi65AP9HiQ6xU2JlaR+OuYh3ZRvMZhGjkHuJhXNP
-6WYbr48pHwD+If3p4MRLiehbNxK3uSWyaOC3ztV6NTEbk1rwfbdBGGI=
-=nQt/
-----END PGP SIGNATURE-----
--- a/postfix-3.8.0.tar.gz
+++ b/postfix-3.8.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a3ad8029bd2c6b0c576477a0f77bf9d2c0b761cbaa0efbfef47969efea6eade9
+size 4851893
--- a/postfix-3.8.0.tar.gz.asc
+++ b/postfix-3.8.0.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iFcDBQBkPGrxDAtZDoDKFacRCg/AAPwNXQ/mbp1mtpkHvt4IznBvn/YxlNW1qwnL
+N4rUESsQHQD/R0bN2WGvAS2pgStoRdM2Tgf0tx3JzCUqwN1fA58vxSA=
+=JS+i
+-----END PGP SIGNATURE-----
--- a/postfix-bdb.changes
+++ b/postfix-bdb.changes
@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 3.8.0
+  * Support to look up DNS SRV records in the Postfix SMTP/LMTP
+    client, Based on code by Tomas Korbar (Red Hat). For example,
+    with "use_srv_lookup = submission" and "relayhost =
+    example.com:submission", the Postfix SMTP client will look up
+    DNS SRV records for _submission._tcp.example.com, and will relay
+    email through the hosts and ports that are specified with those
+    records.
+  * TLS obsolescence: Postfix now treats the "export" and "low"
+    cipher grade settings as "medium". The "export" and "low" grades
+    are no longer supported in OpenSSL 1.1.1, the minimum version
+    required in Postfix 3.6.0 and later. Also, Postfix default
+    settings now exclude deprecated or unused ciphers (SEED, IDEA,
+    3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
+    (DH, ECDH), and public key algorithm (DSS).
+  * Attack resistance: the Postfix SMTP server can now aggregate
+    smtpd_client_*_rate and smtpd_client_*_count statistics by
+    network block instead of by IP address, to raise the bar against
+    a memory exhaustion attack in the anvil(8) server; Postfix TLS
+    support unconditionally disables TLS renegotiation in the middle
+    of an SMTP connection, to avoid a CPU exhaustion attack.
+  * The PostgreSQL client encoding is now configurable with the
+    "encoding" Postfix configuration file attribute. The default
+    is "UTF8". Previously the encoding was hard-coded as "LATIN1",
+    which is not useful in the context of SMTP.
+  * The postconf command now warns for #comment in or after a Postfix
+    parameter value. Postfix programs do not support #comment after
+    other text, and treat that as input.
+- rebase/refresh patches
+  * pointer_to_literals.patch
+  * postfix-linux45.patch
+  * postfix-master.cf.patch
+  * postfix-ssl-release-buffers.patch
+  * set-default-db-type.patch
+
 -------------------------------------------------------------------
 Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/postfix-bdb.spec
+++ b/postfix-bdb.spec
@ -1,7 +1,7 @@
 #
 # spec file for package postfix-bdb
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -59,7 +59,7 @@
 %endif
 %bcond_without ldap
 Name:           postfix-bdb
-Version:        3.7.4
+Version:        3.8.0
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0
--- a/postfix-linux45.patch
+++ b/postfix-linux45.patch
@ -4,12 +4,14 @@

 --- makedefs.orig
 +++ makedefs
-@@ -627,7 +627,7 @@ EOF
+@@ -631,8 +631,8 @@ EOF
 		: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
 		: ${PLUGIN_LD="${CC-gcc} -shared"}
 		;;
-Linux.[3456].*)	SYSTYPE=LINUX$RELEASE_MAJOR
-+Linux.[3-9].*|Linux.[1-9][0-9].*)    SYSTYPE=LINUX3
+-    Linux.[3456].*)
+-		SYSTYPE=LINUX$RELEASE_MAJOR
+    Linux.[3-9].*|Linux.[1-9][0-9].*)
+		SYSTYPE=LINUX3
 		case "$CCARGS" in
 		 *-DNO_DB*) ;;
 		 *-DHAS_DB*) ;;
--- a/postfix-master.cf.patch
+++ b/postfix-master.cf.patch
@ -14,7 +14,7 @@ Index: conf/master.cf
 #smtp      inet  n       -       n       -       1       postscreen
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
-@@ -17,38 +22,40 @@ smtp      inet  n       -       n
+@@ -17,40 +22,42 @@ smtp      inet  n       -       n
 # Choose one: enable submission for loopback clients only, or for any client.
 #127.0.0.1:submission inet n -   n       -       -       smtpd
 #submission inet n       -       n       -       -       smtpd
@ -22,12 +22,14 @@ Index: conf/master.cf
 -#  -o smtpd_tls_security_level=encrypt
 -#  -o smtpd_sasl_auth_enable=yes
 -#  -o smtpd_tls_auth_only=yes
+-#  -o local_header_rewrite_clients=static:all
 -#  -o smtpd_reject_unlisted_recipient=no
 +#   -o syslog_name=postfix/submission
 +#   -o smtpd_tls_security_level=encrypt
 +#   -o content_filter=smtp:[127.0.0.1]:10024
 +#   -o smtpd_sasl_auth_enable=yes
 +#   -o smtpd_tls_auth_only=yes
+#   -o local_header_rewrite_clients=static:all
 +#   -o smtpd_reject_unlisted_recipient=no
 #     Instead of specifying complex smtpd_<xxx>_restrictions here,
 #     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
@ -51,11 +53,13 @@ Index: conf/master.cf
 -#  -o syslog_name=postfix/submissions
 -#  -o smtpd_tls_wrappermode=yes
 -#  -o smtpd_sasl_auth_enable=yes
+-#  -o local_header_rewrite_clients=static:all
 -#  -o smtpd_reject_unlisted_recipient=no
 +#    -o syslog_name=postfix/submissions
 +#    -o smtpd_tls_wrappermode=yes
 +#    -o content_filter=smtp:[127.0.0.1]:10024
 +#    -o smtpd_sasl_auth_enable=yes
+#    -o local_header_rewrite_clients=static:all
 +#    -o smtpd_reject_unlisted_recipient=no
 #     Instead of specifying complex smtpd_<xxx>_restrictions here,
 #     specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
@ -76,7 +80,7 @@ Index: conf/master.cf
 #628       inet  n       -       n       -       -       qmqpd
 pickup    unix  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
-@@ -77,6 +84,26 @@ lmtp      unix  -       -       n
+@@ -79,6 +86,26 @@ lmtp      unix  -       -       n
 anvil     unix  -       -       n       -       1       anvil
 scache    unix  -       -       n       -       1       scache
 postlog   unix-dgram n  -       n       -       1       postlogd
@ -103,7 +107,7 @@ Index: conf/master.cf
 #
 # ====================================================================
 # Interfaces to non-Postfix software. Be sure to examine the manual
-@@ -110,7 +137,7 @@ postlog   unix-dgram n  -       n
+@@ -112,7 +139,7 @@ postlog   unix-dgram n  -       n
 # Also specify in main.cf: cyrus_destination_recipient_limit=1
 #
 #cyrus     unix  -       n       n       -       -       pipe
@ -112,7 +116,7 @@ Index: conf/master.cf
 #
 # ====================================================================
 #
-@@ -143,3 +170,10 @@ postlog   unix-dgram n  -       n
+@@ -145,3 +172,10 @@ postlog   unix-dgram n  -       n
 #mailman   unix  -       n       n       -       -       pipe
 #  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
--- a/postfix-ssl-release-buffers.patch
+++ b/postfix-ssl-release-buffers.patch
@ -18,7 +18,7 @@ Index: src/tls/tls_server.c
 ===================================================================
 --- src/tls/tls_server.c.orig
 +++ src/tls/tls_server.c
-@@ -490,6 +490,10 @@ TLS_APPL_STATE *tls_server_init(const TL
+@@ -493,6 +493,10 @@ TLS_APPL_STATE *tls_server_init(const TL
     SSL_CTX_set_security_level(sni_ctx, 0);
 #endif
 
--- a/postfix.changes
+++ b/postfix.changes
@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 3.8.0
+  * Support to look up DNS SRV records in the Postfix SMTP/LMTP
+    client, Based on code by Tomas Korbar (Red Hat). For example,
+    with "use_srv_lookup = submission" and "relayhost =
+    example.com:submission", the Postfix SMTP client will look up
+    DNS SRV records for _submission._tcp.example.com, and will relay
+    email through the hosts and ports that are specified with those
+    records.
+  * TLS obsolescence: Postfix now treats the "export" and "low"
+    cipher grade settings as "medium". The "export" and "low" grades
+    are no longer supported in OpenSSL 1.1.1, the minimum version
+    required in Postfix 3.6.0 and later. Also, Postfix default
+    settings now exclude deprecated or unused ciphers (SEED, IDEA,
+    3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms
+    (DH, ECDH), and public key algorithm (DSS).
+  * Attack resistance: the Postfix SMTP server can now aggregate
+    smtpd_client_*_rate and smtpd_client_*_count statistics by
+    network block instead of by IP address, to raise the bar against
+    a memory exhaustion attack in the anvil(8) server; Postfix TLS
+    support unconditionally disables TLS renegotiation in the middle
+    of an SMTP connection, to avoid a CPU exhaustion attack.
+  * The PostgreSQL client encoding is now configurable with the
+    "encoding" Postfix configuration file attribute. The default
+    is "UTF8". Previously the encoding was hard-coded as "LATIN1",
+    which is not useful in the context of SMTP.
+  * The postconf command now warns for #comment in or after a Postfix
+    parameter value. Postfix programs do not support #comment after
+    other text, and treat that as input.
+- rebase/refresh patches
+  * pointer_to_literals.patch
+  * postfix-linux45.patch
+  * postfix-master.cf.patch
+  * postfix-ssl-release-buffers.patch
+  * set-default-db-type.patch
+
 -------------------------------------------------------------------
 Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/postfix.spec
+++ b/postfix.spec
@ -1,7 +1,7 @@
 #
 # spec file for package postfix
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -46,7 +46,7 @@
 %endif
 %bcond_without ldap
 Name:           postfix
-Version:        3.7.4
+Version:        3.8.0
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0 OR EPL-2.0
@ -126,6 +126,7 @@ Postfix aims to be an alternative to the widely-used sendmail program.
 Summary:        Development headers for the %{name} package
 Group:          Development/Libraries/C and C++
 Requires(pre):  %{name} = %{version}
+BuildArch:      noarch

 %description devel
 Postfix aims to be an alternative to the widely-used sendmail program.
--- a/set-default-db-type.patch
+++ b/set-default-db-type.patch
@ -29,7 +29,7 @@ Index: src/util/sys_defs.h
 #define ALIAS_DB_MAP	DEF_DB_TYPE ":/etc/aliases"
 #else
 #define HAS_DBM
-@@ -763,7 +763,7 @@ extern int initgroups(const char *, int)
+@@ -775,7 +775,7 @@ extern int initgroups(const char *, int)
 #define DEF_MAILBOX_LOCK "fcntl, dotlock"	/* RedHat >= 4.x */
 #define HAS_FSYNC
 #define HAS_DB
@ -38,7 +38,7 @@ Index: src/util/sys_defs.h
 #define ALIAS_DB_MAP	DEF_DB_TYPE ":/etc/aliases"
 #ifndef NO_NIS
 #define HAS_NIS
-@@ -846,7 +846,7 @@ extern int initgroups(const char *, int)
+@@ -851,7 +851,7 @@ extern int initgroups(const char *, int)
 #define DEF_MAILBOX_LOCK "dotlock"	/* verified RedHat 3.03 */
 #define HAS_FSYNC
 #define HAS_DB
@ -47,7 +47,7 @@ Index: src/util/sys_defs.h
 #define ALIAS_DB_MAP	DEF_DB_TYPE ":/etc/aliases"
 #ifndef NO_NIS
 #define HAS_NIS
-@@ -879,7 +879,7 @@ extern int initgroups(const char *, int)
+@@ -884,7 +884,7 @@ extern int initgroups(const char *, int)
 #define DEF_MAILBOX_LOCK "fcntl, dotlock"	/* RedHat >= 4.x */
 #define HAS_FSYNC
 #define HAS_DB
@ -56,7 +56,7 @@ Index: src/util/sys_defs.h
 #define ALIAS_DB_MAP	DEF_DB_TYPE ":/etc/aliases"
 #ifndef NO_NIS
 #define HAS_NIS
-@@ -1204,7 +1204,7 @@ extern int opterr;			/* XXX use <getopt.
+@@ -1209,7 +1209,7 @@ extern int opterr;			/* XXX use <getopt.
 #define INTERNAL_LOCK	MYFLOCK_STYLE_FCNTL
 #define DEF_MAILBOX_LOCK "fcntl, dotlock"
 #define HAS_FSYNC
@ -78,7 +78,7 @@ Index: src/global/mail_params.h
 extern char *var_verify_map;
 
 #define VAR_VERIFY_POS_EXP		"address_verify_positive_expire_time"
-@@ -3728,7 +3728,7 @@ extern char *var_multi_cntrl_cmds;
+@@ -3762,7 +3762,7 @@ extern char *var_multi_cntrl_cmds;
   * postscreen(8)
   */
 #define VAR_PSC_CACHE_MAP	"postscreen_cache_map"