From 9152b407e924b9553562b4c0892d223295eaf9e79f3e63ae91541b45cad33bb3 Mon Sep 17 00:00:00 2001
From: Christian Wittmer <chris@computersalat.de>
Date: Wed, 6 Mar 2024 14:51:10 +0000
Subject: [PATCH] Accepting request 1155290 from
 home:adkorte:branches:server:mail

- update to 3.8.6
  * Bugfix (defect introduced: Postfix 2.3, date 20051222): the
    Dovecot auth client did not reset the 'reason' from a previous
    Dovecot auth service response, before parsing the next Dovecot
    auth server response in the same SMTP session, resulting in a
    nonsensical "authentication failed" warning message. Reported
    by Stephan Bosch.
  * Bugfix (defect introduced: Postfix 3.1, date: 20151128):
    "postqueue -j" produced broken JSON when escaping a control
    character as \uXXXX. Found during code maintenance.
  * Cleanup: this fixes posttls-finger certificate match expectations
    for all TLS security levels, including warnings for levels that
    don't implement certificate matching. By Viktor Dukhovni.
  * Bugfix (defect introduced: Postfix 2.3): after prepending a
    header at the top of a message (with an access(5), header_checks(5)
    or Milter action), the Postfix Milter "delete header" or "update
    header" action was skipping the prepended header, instead of
    skipping the Postfix-generated Received: header. Problem report
    by Carlos Velasco.
  * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under
    load: it says that a socket is readable, then it says that the
    socket has unread data, and then it says that read returns EOF,
    causing Postfix to spam the log with a warning message.
  * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT
    command handler could be tricked to read $message_size_limit
    bytes into memory. Found during code maintenance.
  * Safety: limit the total size of DNS lookup results to 100
    records; drop the excess records, and log a warning. This limit
    is 20x larger than the number of server addresses that the
    Postfix SMTP client is willing to consider when delivering mail,
    and is far below the number of records that could cause a tail
    recursion crash in dns_rr_append() as reported by Toshifumi
    Sakaguchi. This fix also limits the number of DNS requests that
    a check_*_*_access restriction can make.
  * Performance, related to the previous problem: eliminate worst-case
    behavior where the queue manager could defer delivery to all
    destinations over a specific delivery transport, after only a
    single delivery agent crash. The scheduler now throttles
    deliveries to one destination, and allows other deliveries to
    keep making progress.
- change to functioning mirror (http://cdn.postfix.johnriley.me/
  has been dead for a while although it is still listed upstream)
- make output of %setup less verbose by restoring -q option

OBS-URL: https://build.opensuse.org/request/show/1155290
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=477
---
 postfix-3.8.5.tar.gz     |  3 ---
 postfix-3.8.5.tar.gz.asc |  7 ------
 postfix-3.8.6.tar.gz     |  3 +++
 postfix-3.8.6.tar.gz.asc |  7 ++++++
 postfix-bdb.changes      | 47 ++++++++++++++++++++++++++++++++++++++++
 postfix-bdb.spec         |  8 +++----
 postfix.changes          | 47 ++++++++++++++++++++++++++++++++++++++++
 postfix.spec             |  8 +++----
 8 files changed, 112 insertions(+), 18 deletions(-)
 delete mode 100644 postfix-3.8.5.tar.gz
 delete mode 100644 postfix-3.8.5.tar.gz.asc
 create mode 100644 postfix-3.8.6.tar.gz
 create mode 100644 postfix-3.8.6.tar.gz.asc

diff --git a/postfix-3.8.5.tar.gz b/postfix-3.8.5.tar.gz
deleted file mode 100644
index 5b17265..0000000
--- a/postfix-3.8.5.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f3e827a2b2e410359ad25d31341970434ab07e36139f9a2ef93981b0ec564c85
-size 4871284
diff --git a/postfix-3.8.5.tar.gz.asc b/postfix-3.8.5.tar.gz.asc
deleted file mode 100644
index 3995ea5..0000000
--- a/postfix-3.8.5.tar.gz.asc
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (FreeBSD)
-
-iFcDBQBlradJDAtZDoDKFacRClupAP9JjaFccevkBz/VVFI5sRZtqXX1U/L4POL+
-67DeiaTf1QD+NW7/pXF26ttt16c0FS9ZC01fEFxBjhhX/GDmKNRrL7M=
-=sCQw
------END PGP SIGNATURE-----
diff --git a/postfix-3.8.6.tar.gz b/postfix-3.8.6.tar.gz
new file mode 100644
index 0000000..fdd358c
--- /dev/null
+++ b/postfix-3.8.6.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4b6e17c826cc438cc3016a9c0a55ea7e77c6cbafba7dd57241d81b690b0e9774
+size 4873054
diff --git a/postfix-3.8.6.tar.gz.asc b/postfix-3.8.6.tar.gz.asc
new file mode 100644
index 0000000..ffabfc4
--- /dev/null
+++ b/postfix-3.8.6.tar.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iFcDBQBl5ietDAtZDoDKFacRCohlAP9+xzfCths5ZTBLzZJwDMI8hFS+1oDXOC4C
+1z1Zh0OKtgD/T7DfIIG3MjyGAC/oqUD7ssjUZapz6XRu/fhSiOK1NU8=
+=v0k3
+-----END PGP SIGNATURE-----
diff --git a/postfix-bdb.changes b/postfix-bdb.changes
index 8b6fdd8..c5d76bc 100644
--- a/postfix-bdb.changes
+++ b/postfix-bdb.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Tue Mar  5 16:46:16 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 3.8.6
+  * Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+    Dovecot auth client did not reset the 'reason' from a previous
+    Dovecot auth service response, before parsing the next Dovecot
+    auth server response in the same SMTP session, resulting in a
+    nonsensical "authentication failed" warning message. Reported
+    by Stephan Bosch.
+  * Bugfix (defect introduced: Postfix 3.1, date: 20151128):
+    "postqueue -j" produced broken JSON when escaping a control
+    character as \uXXXX. Found during code maintenance.
+  * Cleanup: this fixes posttls-finger certificate match expectations
+    for all TLS security levels, including warnings for levels that
+    don't implement certificate matching. By Viktor Dukhovni.
+  * Bugfix (defect introduced: Postfix 2.3): after prepending a
+    header at the top of a message (with an access(5), header_checks(5)
+    or Milter action), the Postfix Milter "delete header" or "update
+    header" action was skipping the prepended header, instead of
+    skipping the Postfix-generated Received: header. Problem report
+    by Carlos Velasco.
+  * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under
+    load: it says that a socket is readable, then it says that the
+    socket has unread data, and then it says that read returns EOF,
+    causing Postfix to spam the log with a warning message.
+  * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT
+    command handler could be tricked to read $message_size_limit
+    bytes into memory. Found during code maintenance.
+  * Safety: limit the total size of DNS lookup results to 100
+    records; drop the excess records, and log a warning. This limit
+    is 20x larger than the number of server addresses that the
+    Postfix SMTP client is willing to consider when delivering mail,
+    and is far below the number of records that could cause a tail
+    recursion crash in dns_rr_append() as reported by Toshifumi
+    Sakaguchi. This fix also limits the number of DNS requests that
+    a check_*_*_access restriction can make.
+  * Performance, related to the previous problem: eliminate worst-case
+    behavior where the queue manager could defer delivery to all
+    destinations over a specific delivery transport, after only a
+    single delivery agent crash. The scheduler now throttles
+    deliveries to one destination, and allows other deliveries to
+    keep making progress.
+- change to functioning mirror (http://cdn.postfix.johnriley.me/ 
+  has been dead for a while although it is still listed upstream)
+- make output of %setup less verbose by restoring -q option
+
 -------------------------------------------------------------------
 Tue Mar  5 12:19:01 UTC 2024 - Peter Varkoly <varkoly@suse.com>
 
diff --git a/postfix-bdb.spec b/postfix-bdb.spec
index 306d3cd..6cf8eb0 100644
--- a/postfix-bdb.spec
+++ b/postfix-bdb.spec
@@ -59,14 +59,14 @@
 %endif
 %bcond_without ldap
 Name:           postfix-bdb
-Version:        3.8.5
+Version:        3.8.6
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        EPL-2.0 OR IPL-1.0
 Group:          Productivity/Networking/Email/Servers
 URL:            http://www.postfix.org
-Source0:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz
-Source1:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc
+Source0:        https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz
+Source1:        https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc
 Source2:        postfix-SUSE.tar.gz
 Source3:        postfix-mysql.tar.bz2
 #Source4:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/wietse.pgp#/postfix.keyring
@@ -157,7 +157,7 @@ lmdb.
 %endif
 
 %prep
-%setup -n postfix-%{version} -a 2 -a 3
+%setup -q -n postfix-%{version} -a 2 -a 3
 %autopatch -p0
 
 # ---------------------------------------------------------------------------
diff --git a/postfix.changes b/postfix.changes
index 8b6fdd8..07cdfb1 100644
--- a/postfix.changes
+++ b/postfix.changes
@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Tue Mar  5 16:46:16 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
+
+- update to 3.8.6
+  * Bugfix (defect introduced: Postfix 2.3, date 20051222): the
+    Dovecot auth client did not reset the 'reason' from a previous
+    Dovecot auth service response, before parsing the next Dovecot
+    auth server response in the same SMTP session, resulting in a
+    nonsensical "authentication failed" warning message. Reported
+    by Stephan Bosch.
+  * Bugfix (defect introduced: Postfix 3.1, date: 20151128):
+    "postqueue -j" produced broken JSON when escaping a control
+    character as \uXXXX. Found during code maintenance.
+  * Cleanup: this fixes posttls-finger certificate match expectations
+    for all TLS security levels, including warnings for levels that
+    don't implement certificate matching. By Viktor Dukhovni.
+  * Bugfix (defect introduced: Postfix 2.3): after prepending a
+    header at the top of a message (with an access(5), header_checks(5)
+    or Milter action), the Postfix Milter "delete header" or "update
+    header" action was skipping the prepended header, instead of
+    skipping the Postfix-generated Received: header. Problem report
+    by Carlos Velasco.
+  * Workaround: tlsmgr logfile spam. Reportedly, some OS lies under
+    load: it says that a socket is readable, then it says that the
+    socket has unread data, and then it says that read returns EOF,
+    causing Postfix to spam the log with a warning message.
+  * Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT
+    command handler could be tricked to read $message_size_limit
+    bytes into memory. Found during code maintenance.
+  * Safety: limit the total size of DNS lookup results to 100
+    records; drop the excess records, and log a warning. This limit
+    is 20x larger than the number of server addresses that the
+    Postfix SMTP client is willing to consider when delivering mail,
+    and is far below the number of records that could cause a tail
+    recursion crash in dns_rr_append() as reported by Toshifumi
+    Sakaguchi. This fix also limits the number of DNS requests that
+    a check_*_*_access restriction can make.
+  * Performance, related to the previous problem: eliminate worst-case
+    behavior where the queue manager could defer delivery to all
+    destinations over a specific delivery transport, after only a
+    single delivery agent crash. The scheduler now throttles
+    deliveries to one destination, and allows other deliveries to
+    keep making progress.
+- change to functioning mirror (http://cdn.postfix.johnriley.me/
+  has been dead for a while although it is still listed upstream)
+- make output of %setup less verbose by restoring -q option
+
 -------------------------------------------------------------------
 Tue Mar  5 12:19:01 UTC 2024 - Peter Varkoly <varkoly@suse.com>
 
diff --git a/postfix.spec b/postfix.spec
index 9089b1e..40ecdb0 100644
--- a/postfix.spec
+++ b/postfix.spec
@@ -46,14 +46,14 @@
 %endif
 %bcond_without ldap
 Name:           postfix
-Version:        3.8.5
+Version:        3.8.6
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        EPL-2.0 OR IPL-1.0
 Group:          Productivity/Networking/Email/Servers
 URL:            http://www.postfix.org
-Source0:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz
-Source1:        http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc
+Source0:        https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz
+Source1:        https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc
 Source2:        %{name}-SUSE.tar.gz
 Source3:        %{name}-mysql.tar.bz2
 Source4:        postfix.keyring
@@ -176,7 +176,7 @@ maps with Postfix, you need this.
 %endif
 
 %prep
-%setup -a 2 -a 3
+%setup -q -a 2 -a 3
 %autopatch -p0
 
 # ---------------------------------------------------------------------------