diff --git a/pointer_to_literals.patch b/pointer_to_literals.patch index dec95c8..727f60a 100644 --- a/pointer_to_literals.patch +++ b/pointer_to_literals.patch @@ -28,7 +28,7 @@ Index: src/smtpd/smtpd_check.c =================================================================== --- src/smtpd/smtpd_check.c.orig +++ src/smtpd/smtpd_check.c -@@ -383,6 +383,10 @@ static STRING_LIST *smtpd_acl_perm_log; +@@ -384,6 +384,10 @@ static STRING_LIST *smtpd_acl_perm_log; #define CONST_STR(x) ((const char *) vstring_str(x)) #define UPDATE_STRING(ptr,val) { if (ptr) myfree(ptr); ptr = mystrdup(val); } @@ -39,7 +39,7 @@ Index: src/smtpd/smtpd_check.c /* * If some decision can't be made due to a temporary error, then change * other decisions into deferrals. -@@ -2394,8 +2398,6 @@ static int check_table_result(SMTPD_STAT +@@ -2395,8 +2399,6 @@ static int check_table_result(SMTPD_STAT if (msg_verbose) msg_info("%s: %s %s %s", myname, table, value, datum); @@ -48,7 +48,7 @@ Index: src/smtpd/smtpd_check.c /* * DUNNO means skip this table. Silently ignore optional text. */ -@@ -3482,8 +3484,6 @@ static const char *rbl_expand_lookup(con +@@ -3483,8 +3485,6 @@ static const char *rbl_expand_lookup(con SMTPD_RBL_EXPAND_CONTEXT *rbl_exp = (SMTPD_RBL_EXPAND_CONTEXT *) context; SMTPD_STATE *state = rbl_exp->state; diff --git a/postfix-3.7.4.tar.gz b/postfix-3.7.4.tar.gz deleted file mode 100644 index 43ae678..0000000 --- a/postfix-3.7.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4c137a2303448f25993836837deeae87fac5d4d03af11ade8e9bead806328645 -size 4833834 diff --git a/postfix-3.7.4.tar.gz.asc b/postfix-3.7.4.tar.gz.asc deleted file mode 100644 index f1cb0e0..0000000 --- a/postfix-3.7.4.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.18 (FreeBSD) - -iFcDBQBjzFvcDAtZDoDKFacRCi65AP9HiQ6xU2JlaR+OuYh3ZRvMZhGjkHuJhXNP -6WYbr48pHwD+If3p4MRLiehbNxK3uSWyaOC3ztV6NTEbk1rwfbdBGGI= -=nQt/ ------END PGP SIGNATURE----- diff --git a/postfix-3.8.0.tar.gz b/postfix-3.8.0.tar.gz new file mode 100644 index 0000000..00c1246 --- /dev/null +++ b/postfix-3.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3ad8029bd2c6b0c576477a0f77bf9d2c0b761cbaa0efbfef47969efea6eade9 +size 4851893 diff --git a/postfix-3.8.0.tar.gz.asc b/postfix-3.8.0.tar.gz.asc new file mode 100644 index 0000000..76acc9e --- /dev/null +++ b/postfix-3.8.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iFcDBQBkPGrxDAtZDoDKFacRCg/AAPwNXQ/mbp1mtpkHvt4IznBvn/YxlNW1qwnL +N4rUESsQHQD/R0bN2WGvAS2pgStoRdM2Tgf0tx3JzCUqwN1fA58vxSA= +=JS+i +-----END PGP SIGNATURE----- diff --git a/postfix-bdb.changes b/postfix-bdb.changes index dab4c1f..c85d9ce 100644 --- a/postfix-bdb.changes +++ b/postfix-bdb.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte + +- update to 3.8.0 + * Support to look up DNS SRV records in the Postfix SMTP/LMTP + client, Based on code by Tomas Korbar (Red Hat). For example, + with "use_srv_lookup = submission" and "relayhost = + example.com:submission", the Postfix SMTP client will look up + DNS SRV records for _submission._tcp.example.com, and will relay + email through the hosts and ports that are specified with those + records. + * TLS obsolescence: Postfix now treats the "export" and "low" + cipher grade settings as "medium". The "export" and "low" grades + are no longer supported in OpenSSL 1.1.1, the minimum version + required in Postfix 3.6.0 and later. Also, Postfix default + settings now exclude deprecated or unused ciphers (SEED, IDEA, + 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms + (DH, ECDH), and public key algorithm (DSS). + * Attack resistance: the Postfix SMTP server can now aggregate + smtpd_client_*_rate and smtpd_client_*_count statistics by + network block instead of by IP address, to raise the bar against + a memory exhaustion attack in the anvil(8) server; Postfix TLS + support unconditionally disables TLS renegotiation in the middle + of an SMTP connection, to avoid a CPU exhaustion attack. + * The PostgreSQL client encoding is now configurable with the + "encoding" Postfix configuration file attribute. The default + is "UTF8". Previously the encoding was hard-coded as "LATIN1", + which is not useful in the context of SMTP. + * The postconf command now warns for #comment in or after a Postfix + parameter value. Postfix programs do not support #comment after + other text, and treat that as input. +- rebase/refresh patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * postfix-ssl-release-buffers.patch + * set-default-db-type.patch + ------------------------------------------------------------------- Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann diff --git a/postfix-bdb.spec b/postfix-bdb.spec index 1e5ffc4..04497a6 100644 --- a/postfix-bdb.spec +++ b/postfix-bdb.spec @@ -1,7 +1,7 @@ # # spec file for package postfix-bdb # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,7 +59,7 @@ %endif %bcond_without ldap Name: postfix-bdb -Version: 3.7.4 +Version: 3.8.0 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0 diff --git a/postfix-linux45.patch b/postfix-linux45.patch index ee1f6f4..80d9f86 100644 --- a/postfix-linux45.patch +++ b/postfix-linux45.patch @@ -4,12 +4,14 @@ --- makedefs.orig +++ makedefs -@@ -627,7 +627,7 @@ EOF +@@ -631,8 +631,8 @@ EOF : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC-gcc} -shared"} ;; --Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MAJOR -+Linux.[3-9].*|Linux.[1-9][0-9].*) SYSTYPE=LINUX3 +- Linux.[3456].*) +- SYSTYPE=LINUX$RELEASE_MAJOR ++ Linux.[3-9].*|Linux.[1-9][0-9].*) ++ SYSTYPE=LINUX3 case "$CCARGS" in *-DNO_DB*) ;; *-DHAS_DB*) ;; diff --git a/postfix-master.cf.patch b/postfix-master.cf.patch index d76430b..92be2b9 100644 --- a/postfix-master.cf.patch +++ b/postfix-master.cf.patch @@ -14,7 +14,7 @@ Index: conf/master.cf #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog -@@ -17,38 +22,40 @@ smtp inet n - n +@@ -17,40 +22,42 @@ smtp inet n - n # Choose one: enable submission for loopback clients only, or for any client. #127.0.0.1:submission inet n - n - - smtpd #submission inet n - n - - smtpd @@ -22,12 +22,14 @@ Index: conf/master.cf -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_tls_auth_only=yes +-# -o local_header_rewrite_clients=static:all -# -o smtpd_reject_unlisted_recipient=no +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o content_filter=smtp:[127.0.0.1]:10024 +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_tls_auth_only=yes ++# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd__restrictions here, # specify "smtpd__restrictions=$mua__restrictions" @@ -51,11 +53,13 @@ Index: conf/master.cf -# -o syslog_name=postfix/submissions -# -o smtpd_tls_wrappermode=yes -# -o smtpd_sasl_auth_enable=yes +-# -o local_header_rewrite_clients=static:all -# -o smtpd_reject_unlisted_recipient=no +# -o syslog_name=postfix/submissions +# -o smtpd_tls_wrappermode=yes +# -o content_filter=smtp:[127.0.0.1]:10024 +# -o smtpd_sasl_auth_enable=yes ++# -o local_header_rewrite_clients=static:all +# -o smtpd_reject_unlisted_recipient=no # Instead of specifying complex smtpd__restrictions here, # specify "smtpd__restrictions=$mua__restrictions" @@ -76,7 +80,7 @@ Index: conf/master.cf #628 inet n - n - - qmqpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup -@@ -77,6 +84,26 @@ lmtp unix - - n +@@ -79,6 +86,26 @@ lmtp unix - - n anvil unix - - n - 1 anvil scache unix - - n - 1 scache postlog unix-dgram n - n - 1 postlogd @@ -103,7 +107,7 @@ Index: conf/master.cf # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual -@@ -110,7 +137,7 @@ postlog unix-dgram n - n +@@ -112,7 +139,7 @@ postlog unix-dgram n - n # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe @@ -112,7 +116,7 @@ Index: conf/master.cf # # ==================================================================== # -@@ -143,3 +170,10 @@ postlog unix-dgram n - n +@@ -145,3 +172,10 @@ postlog unix-dgram n - n #mailman unix - n n - - pipe # flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} diff --git a/postfix-ssl-release-buffers.patch b/postfix-ssl-release-buffers.patch index 1a66b5d..262292f 100644 --- a/postfix-ssl-release-buffers.patch +++ b/postfix-ssl-release-buffers.patch @@ -18,7 +18,7 @@ Index: src/tls/tls_server.c =================================================================== --- src/tls/tls_server.c.orig +++ src/tls/tls_server.c -@@ -490,6 +490,10 @@ TLS_APPL_STATE *tls_server_init(const TL +@@ -493,6 +493,10 @@ TLS_APPL_STATE *tls_server_init(const TL SSL_CTX_set_security_level(sni_ctx, 0); #endif diff --git a/postfix.changes b/postfix.changes index d7c2386..a111173 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,41 @@ +------------------------------------------------------------------- +Tue Apr 18 18:14:49 UTC 2023 - Arjen de Korte + +- update to 3.8.0 + * Support to look up DNS SRV records in the Postfix SMTP/LMTP + client, Based on code by Tomas Korbar (Red Hat). For example, + with "use_srv_lookup = submission" and "relayhost = + example.com:submission", the Postfix SMTP client will look up + DNS SRV records for _submission._tcp.example.com, and will relay + email through the hosts and ports that are specified with those + records. + * TLS obsolescence: Postfix now treats the "export" and "low" + cipher grade settings as "medium". The "export" and "low" grades + are no longer supported in OpenSSL 1.1.1, the minimum version + required in Postfix 3.6.0 and later. Also, Postfix default + settings now exclude deprecated or unused ciphers (SEED, IDEA, + 3DES, RC2, RC4, RC5), digest (MD5), key exchange algorithms + (DH, ECDH), and public key algorithm (DSS). + * Attack resistance: the Postfix SMTP server can now aggregate + smtpd_client_*_rate and smtpd_client_*_count statistics by + network block instead of by IP address, to raise the bar against + a memory exhaustion attack in the anvil(8) server; Postfix TLS + support unconditionally disables TLS renegotiation in the middle + of an SMTP connection, to avoid a CPU exhaustion attack. + * The PostgreSQL client encoding is now configurable with the + "encoding" Postfix configuration file attribute. The default + is "UTF8". Previously the encoding was hard-coded as "LATIN1", + which is not useful in the context of SMTP. + * The postconf command now warns for #comment in or after a Postfix + parameter value. Postfix programs do not support #comment after + other text, and treat that as input. +- rebase/refresh patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-master.cf.patch + * postfix-ssl-release-buffers.patch + * set-default-db-type.patch + ------------------------------------------------------------------- Sat Feb 25 15:15:58 UTC 2023 - Otto Hollmann diff --git a/postfix.spec b/postfix.spec index ee13a93..bbf7f3f 100644 --- a/postfix.spec +++ b/postfix.spec @@ -1,7 +1,7 @@ # # spec file for package postfix # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -46,7 +46,7 @@ %endif %bcond_without ldap Name: postfix -Version: 3.7.4 +Version: 3.8.0 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 OR EPL-2.0 @@ -126,6 +126,7 @@ Postfix aims to be an alternative to the widely-used sendmail program. Summary: Development headers for the %{name} package Group: Development/Libraries/C and C++ Requires(pre): %{name} = %{version} +BuildArch: noarch %description devel Postfix aims to be an alternative to the widely-used sendmail program. diff --git a/set-default-db-type.patch b/set-default-db-type.patch index c8a6675..b4e7998 100644 --- a/set-default-db-type.patch +++ b/set-default-db-type.patch @@ -29,7 +29,7 @@ Index: src/util/sys_defs.h #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" #else #define HAS_DBM -@@ -763,7 +763,7 @@ extern int initgroups(const char *, int) +@@ -775,7 +775,7 @@ extern int initgroups(const char *, int) #define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */ #define HAS_FSYNC #define HAS_DB @@ -38,7 +38,7 @@ Index: src/util/sys_defs.h #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" #ifndef NO_NIS #define HAS_NIS -@@ -846,7 +846,7 @@ extern int initgroups(const char *, int) +@@ -851,7 +851,7 @@ extern int initgroups(const char *, int) #define DEF_MAILBOX_LOCK "dotlock" /* verified RedHat 3.03 */ #define HAS_FSYNC #define HAS_DB @@ -47,7 +47,7 @@ Index: src/util/sys_defs.h #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" #ifndef NO_NIS #define HAS_NIS -@@ -879,7 +879,7 @@ extern int initgroups(const char *, int) +@@ -884,7 +884,7 @@ extern int initgroups(const char *, int) #define DEF_MAILBOX_LOCK "fcntl, dotlock" /* RedHat >= 4.x */ #define HAS_FSYNC #define HAS_DB @@ -56,7 +56,7 @@ Index: src/util/sys_defs.h #define ALIAS_DB_MAP DEF_DB_TYPE ":/etc/aliases" #ifndef NO_NIS #define HAS_NIS -@@ -1204,7 +1204,7 @@ extern int opterr; /* XXX use