diff options
author | Amish | 2020-07-06 15:11:18 +0530 |
---|---|---|
committer | Amish | 2020-07-06 15:11:18 +0530 |
commit | 2cb076853120d56219d2f8fefe60f31f589baa52 (patch) | |
tree | 90b5c1a2020084245b01393da31bd3d0c50bbbec | |
parent | 11186a5bf92831c19e73c2d80ca8c25a57d69d57 (diff) | |
download | aur-2cb076853120d56219d2f8fefe60f31f589baa52.tar.gz |
Update to 8.16.1 with DANE support
-rw-r--r-- | .SRCINFO | 24 | ||||
-rw-r--r-- | PKGBUILD | 27 | ||||
-rw-r--r-- | sendmail-8.14.8-sasl2-in-etc.patch | 6 | ||||
-rw-r--r-- | sendmail-8.15.2-fix-covscan-issues.patch | 149 | ||||
-rw-r--r-- | sendmail-8.15.2-gethostbyname2.patch | 39 | ||||
-rw-r--r-- | sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch | 20 | ||||
-rw-r--r-- | sendmail-8.15.2-openssl-1.1.0-fix.patch | 182 | ||||
-rw-r--r-- | sendmail-8.15.2-smtp-session-reuse-fix.patch | 249 | ||||
-rw-r--r-- | site.config.m4 | 4 |
9 files changed, 18 insertions, 682 deletions
@@ -1,13 +1,13 @@ pkgbase = sendmail pkgdesc = A general purpose internetwork email routing MTA - pkgver = 8.15.2 - pkgrel = 9 + pkgver = 8.16.1 + pkgrel = 1 url = http://www.sendmail.org arch = x86_64 license = custom:sendmail depends = db depends = cyrus-sasl - provides = sendmail=8.15 + provides = sendmail=8.16 provides = smtp-server provides = smtp-forwarder conflicts = msmtp-mta @@ -18,28 +18,18 @@ pkgbase = sendmail backup = etc/mail/aliases backup = etc/mail/sendmail.cf backup = etc/sasl2/Sendmail.conf - source = https://ftp.sendmail.org/sendmail.8.15.2.tar.gz + source = https://ftp.sendmail.org/sendmail.8.16.1.tar.gz source = site.config.m4 source = sendmail-8.14.8-sasl2-in-etc.patch - source = sendmail-8.15.2-smtp-session-reuse-fix.patch - source = sendmail-8.15.2-openssl-1.1.0-fix.patch - source = sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch - source = sendmail-8.15.2-gethostbyname2.patch - source = sendmail-8.15.2-fix-covscan-issues.patch source = sendmail.conf source = sasl2.conf source = sendmail.sysusers source = sendmail.tmpfiles source = sendmail.service source = sm-client.service - sha256sums = 24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439 - sha256sums = 01dc50a378f134e9e3a91f98a5a002a8fa6a0c69b32ceddf6fc29b40e0fb8be9 - sha256sums = 03169f8983d200adf2422677bd4adce3b5887f33724778f16d7f58506eac0e05 - sha256sums = bc5a0de6c5434d8d46467f93d07b2bb5c7acd62f9dbce2490e0005d21b673250 - sha256sums = 9991dd85428778cec0c2030bf49e6ddf6d3db6026c651f858d72891973537b0e - sha256sums = 746d8ae8dea54cb2599c02181c2ea28ab15b26ba5e1e3b0f9cfe907a0e7a1d22 - sha256sums = 656c76d42281afbb43fa628e03c4d725e94e6f34a16802427d3314e504086033 - sha256sums = 11e9dfe0881f9b9077cd538faf8eeb84fdbfe8d0b190582e753936f6548558dd + sha256sums = 7886d5dc4b436b86175f32b5b9c7305c80787749847e2909bf99123ecc4e64ba + sha256sums = 3e744a9ac002c9a3a347785788038f34d8fc09fb10a104f2d7d126b72cdde948 + sha256sums = aac157c4751087638c255e5c2ac3b119f9a0a45e836c864acfffcfa147b444cb sha256sums = 39730f2be66bb1f1e6bc7fff61911db632ecf4b891d348df525abe2020274580 sha256sums = 9b4d2d141191f6c9a18538f7acf65243cceb26359f88b64c92c1c4e8407398f0 sha256sums = 95531a87d42e30742ca71f7d7197403eb9d703a407a50c9fda1f909ed21e1010 @@ -6,13 +6,13 @@ # Contributor: doze_worm <shuimao@gmail.com> the original port. pkgname=sendmail -pkgver=8.15.2 -pkgrel=9 +pkgver=8.16.1 +pkgrel=1 pkgdesc="A general purpose internetwork email routing MTA" url="http://www.sendmail.org" arch=('x86_64') license=('custom:sendmail') -provides=('sendmail=8.15' 'smtp-server' 'smtp-forwarder') +provides=('sendmail=8.16' 'smtp-server' 'smtp-forwarder') conflicts=('msmtp-mta' 'postfix' 'exim' 'opensmtpd') backup=('etc/conf.d/sendmail' 'etc/mail/aliases' @@ -21,11 +21,6 @@ backup=('etc/conf.d/sendmail' source=("https://ftp.sendmail.org/${pkgname}.${pkgver}.tar.gz" 'site.config.m4' 'sendmail-8.14.8-sasl2-in-etc.patch' - 'sendmail-8.15.2-smtp-session-reuse-fix.patch' - 'sendmail-8.15.2-openssl-1.1.0-fix.patch' - 'sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch' - 'sendmail-8.15.2-gethostbyname2.patch' - 'sendmail-8.15.2-fix-covscan-issues.patch' 'sendmail.conf' 'sasl2.conf' 'sendmail.sysusers' @@ -33,14 +28,9 @@ source=("https://ftp.sendmail.org/${pkgname}.${pkgver}.tar.gz" 'sendmail.service' 'sm-client.service') depends=('db' 'cyrus-sasl') -sha256sums=('24f94b5fd76705f15897a78932a5f2439a32b1a2fdc35769bb1a5f5d9b4db439' - '01dc50a378f134e9e3a91f98a5a002a8fa6a0c69b32ceddf6fc29b40e0fb8be9' - '03169f8983d200adf2422677bd4adce3b5887f33724778f16d7f58506eac0e05' - 'bc5a0de6c5434d8d46467f93d07b2bb5c7acd62f9dbce2490e0005d21b673250' - '9991dd85428778cec0c2030bf49e6ddf6d3db6026c651f858d72891973537b0e' - '746d8ae8dea54cb2599c02181c2ea28ab15b26ba5e1e3b0f9cfe907a0e7a1d22' - '656c76d42281afbb43fa628e03c4d725e94e6f34a16802427d3314e504086033' - '11e9dfe0881f9b9077cd538faf8eeb84fdbfe8d0b190582e753936f6548558dd' +sha256sums=('7886d5dc4b436b86175f32b5b9c7305c80787749847e2909bf99123ecc4e64ba' + '3e744a9ac002c9a3a347785788038f34d8fc09fb10a104f2d7d126b72cdde948' + 'aac157c4751087638c255e5c2ac3b119f9a0a45e836c864acfffcfa147b444cb' '39730f2be66bb1f1e6bc7fff61911db632ecf4b891d348df525abe2020274580' '9b4d2d141191f6c9a18538f7acf65243cceb26359f88b64c92c1c4e8407398f0' '95531a87d42e30742ca71f7d7197403eb9d703a407a50c9fda1f909ed21e1010' @@ -52,11 +42,6 @@ prepare() { # patches picked from Fedora cd "${srcdir}/${pkgname}-${pkgver}" patch -p1 < "${srcdir}"/sendmail-8.14.8-sasl2-in-etc.patch - patch -p1 < "${srcdir}"/sendmail-8.15.2-smtp-session-reuse-fix.patch - patch -p1 < "${srcdir}"/sendmail-8.15.2-openssl-1.1.0-fix.patch - patch -p1 < "${srcdir}"/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch - patch -p1 < "${srcdir}"/sendmail-8.15.2-gethostbyname2.patch - patch -p1 < "${srcdir}"/sendmail-8.15.2-fix-covscan-issues.patch sed -i -e 's/CFGRP=bin/CFGRP=root/g' cf/cf/Makefile install -m644 -t devtools/Site "${srcdir}"/site.config.m4 } diff --git a/sendmail-8.14.8-sasl2-in-etc.patch b/sendmail-8.14.8-sasl2-in-etc.patch index fe8f353f3725..64657bf76b7d 100644 --- a/sendmail-8.14.8-sasl2-in-etc.patch +++ b/sendmail-8.14.8-sasl2-in-etc.patch @@ -2,17 +2,17 @@ diff --git a/sendmail/usersmtp.c b/sendmail/usersmtp.c index c217ffa..e4dadd3 100644 --- a/sendmail/usersmtp.c +++ b/sendmail/usersmtp.c -@@ -1331,9 +1331,7 @@ safesaslfile(context, file) +@@ -1346,9 +1346,7 @@ safesaslfile(context, file) { long sff; int r; -#if SASL <= 10515 size_t len; --#endif /* SASL <= 10515 */ +-#endif char *p; if (file == NULL || *file == '\0') -@@ -1369,9 +1367,16 @@ safesaslfile(context, file) +@@ -1386,9 +1384,16 @@ safesaslfile(context, file) #endif /* SASL <= 10515 */ p = (char *) file; diff --git a/sendmail-8.15.2-fix-covscan-issues.patch b/sendmail-8.15.2-fix-covscan-issues.patch deleted file mode 100644 index 9cb1f3487574..000000000000 --- a/sendmail-8.15.2-fix-covscan-issues.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff --git a/include/sm/varargs.h b/include/sm/varargs.h -index 612858d..2609630 100644 ---- a/include/sm/varargs.h -+++ b/include/sm/varargs.h -@@ -32,6 +32,11 @@ - # define SM_VA_COPY(dst, src) __va_copy((dst), (src)) - # else - # define SM_VA_COPY(dst, src) memcpy(&(dst), &(src), sizeof((dst))) -+# define SM_VA_END_COPY(ap) do { } while (0) -+# endif -+ -+# ifndef SM_VA_END_COPY -+# define SM_VA_END_COPY(ap) va_end(ap) - # endif - - /* -diff --git a/libsm/vfprintf.c b/libsm/vfprintf.c -index 87c353c..c99d4e5 100644 ---- a/libsm/vfprintf.c -+++ b/libsm/vfprintf.c -@@ -782,6 +782,7 @@ number: if ((dprec = prec) >= 0) - done: - FLUSH(); - error: -+ SM_VA_END_COPY(orgap); - if ((argtable != NULL) && (argtable != statargtable)) - sm_free(argtable); - return sm_error(fp) ? SM_IO_EOF : ret; -diff --git a/sendmail/milter.c b/sendmail/milter.c -index 9b3667d..190bf9f 100644 ---- a/sendmail/milter.c -+++ b/sendmail/milter.c -@@ -2441,8 +2441,7 @@ milter_negotiate(m, e, milters) - sm_syslog(LOG_ERR, e->e_id, - "Milter (%s): negotiate: returned %c instead of %c", - m->mf_name, rcmd, SMFIC_OPTNEG); -- if (response != NULL) -- sm_free(response); /* XXX */ -+ SM_FREE(response); - milter_error(m, e); - return -1; - } -@@ -2457,8 +2456,7 @@ milter_negotiate(m, e, milters) - sm_syslog(LOG_ERR, e->e_id, - "Milter (%s): negotiate: did not return valid info", - m->mf_name); -- if (response != NULL) -- sm_free(response); /* XXX */ -+ SM_FREE(response); - milter_error(m, e); - return -1; - } -@@ -2476,8 +2474,7 @@ milter_negotiate(m, e, milters) - sm_syslog(LOG_ERR, e->e_id, - "Milter (%s): negotiate: did not return enough info", - m->mf_name); -- if (response != NULL) -- sm_free(response); /* XXX */ -+ SM_FREE(response); - milter_error(m, e); - return -1; - } -@@ -2593,11 +2590,11 @@ milter_negotiate(m, e, milters) - if (tTd(64, 5)) - sm_dprintf("milter_negotiate(%s): received: version %u, fflags 0x%x, pflags 0x%x\n", - m->mf_name, m->mf_fvers, m->mf_fflags, m->mf_pflags); -+ SM_FREE(response); - return 0; - - error: -- if (response != NULL) -- sm_free(response); /* XXX */ -+ SM_FREE(response); - return -1; - } - -@@ -3233,6 +3230,7 @@ milter_changeheader(m, response, rlen, e) - addheader(newstr(field), mh_value, H_USER, e, - !bitset(SMFIP_HDR_LEADSPC, m->mf_pflags)); - } -+ SM_FREE(mh_value); - return; - } - -@@ -3441,6 +3439,8 @@ milter_chgfrom(response, rlen, e) - { - if (tTd(64, 10)) - sm_dprintf("didn't follow protocol argc=%d\n", argc); -+ if (argv != NULL) -+ free(argv); - return; - } - -@@ -3459,6 +3459,7 @@ milter_chgfrom(response, rlen, e) - mail_esmtp_args); - } - Errors = olderrors; -+ free(argv); - return; - } - -@@ -3506,6 +3507,8 @@ milter_addrcpt_par(response, rlen, e) - { - if (tTd(64, 10)) - sm_dprintf("didn't follow protocol argc=%d\n", argc); -+ if (argv != NULL) -+ free(argv); - return; - } - olderrors = Errors; -@@ -3530,6 +3533,7 @@ milter_addrcpt_par(response, rlen, e) - } - - Errors = olderrors; -+ free(argv); - return; - } - -diff --git a/sendmail/queue.c b/sendmail/queue.c -index a323301..d61f626 100644 ---- a/sendmail/queue.c -+++ b/sendmail/queue.c -@@ -8433,6 +8433,7 @@ split_by_recipient(e) - if (split_within_queue(ee) == SM_SPLIT_FAIL) - { - e->e_sibling = firstsibling; -+ SM_FREE(lsplits); - return false; - } - ee->e_flags |= EF_SPLIT; -@@ -8447,8 +8448,7 @@ split_by_recipient(e) - if (p == NULL) - { - /* let's try to get this done */ -- sm_free(lsplits); -- lsplits = NULL; -+ SM_FREE(lsplits); - } - else - lsplits = p; -@@ -8470,7 +8470,7 @@ split_by_recipient(e) - { - sm_syslog(LOG_NOTICE, e->e_id, "split: count=%d, id%s=%s", - n - 1, n > 2 ? "s" : "", lsplits); -- sm_free(lsplits); -+ SM_FREE(lsplits); - } - split = split_within_queue(e) != SM_SPLIT_FAIL; - if (split) diff --git a/sendmail-8.15.2-gethostbyname2.patch b/sendmail-8.15.2-gethostbyname2.patch deleted file mode 100644 index 03ff909d320a..000000000000 --- a/sendmail-8.15.2-gethostbyname2.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/libmilter/sm_gethost.c b/libmilter/sm_gethost.c -index a025c8f..cd0ef31 100644 ---- a/libmilter/sm_gethost.c -+++ b/libmilter/sm_gethost.c -@@ -49,8 +49,16 @@ sm_getipnodebyname(name, family, flags, err) - int flags; - int *err; - { -- bool resv6 = true; - struct hostent *h; -+# if HAS_GETHOSTBYNAME2 -+ -+ h = gethostbyname2(name, family); -+ if (h == NULL) -+ *err = h_errno; -+ return h; -+ -+# else /* HAS_GETHOSTBYNAME2 */ -+ bool resv6 = true; - - if (family == AF_INET6) - { -@@ -60,7 +68,7 @@ sm_getipnodebyname(name, family, flags, err) - } - SM_SET_H_ERRNO(0); - h = gethostbyname(name); -- if (family == AF_INET6 && !resv6) -+ if (!resv6) - _res.options &= ~RES_USE_INET6; - - /* the function is supposed to return only the requested family */ -@@ -75,6 +83,7 @@ sm_getipnodebyname(name, family, flags, err) - else - *err = h_errno; - return h; -+# endif /* HAS_GETHOSTBYNAME2 */ - } - - void diff --git a/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch b/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch deleted file mode 100644 index b470358a7f4b..000000000000 --- a/sendmail-8.15.2-openssl-1.1.0-ecdhe-fix.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/sendmail/tls.c b/sendmail/tls.c -index 16cb93f..9338380 100644 ---- a/sendmail/tls.c -+++ b/sendmail/tls.c -@@ -1329,13 +1329,8 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar - } - - #if _FFR_TLS_EC -- ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); -- if (ecdh != NULL) -- { -- SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); -- SSL_CTX_set_tmp_ecdh(*ctx, ecdh); -- EC_KEY_free(ecdh); -- } -+ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE); -+ SSL_CTX_set_ecdh_auto(*ctx, 1); - #endif /* _FFR_TLS_EC */ - - } diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch deleted file mode 100644 index 54a67548941d..000000000000 --- a/sendmail-8.15.2-openssl-1.1.0-fix.patch +++ /dev/null @@ -1,182 +0,0 @@ ---- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100 -+++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100 -@@ -63,14 +63,28 @@ static unsigned char dh512_g[] = - static DH * - get_dh512() - { -- DH *dh = NULL; -+ DH *dh; -+ BIGNUM *p, *g; - - if ((dh = DH_new()) == NULL) - return NULL; -- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); -- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); -- if ((dh->p == NULL) || (dh->g == NULL)) -+ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); -+ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); -+ if (p == NULL || g == NULL) -+ { -+ BN_free(p); -+ BN_free(g); -+ DH_free(dh); - return NULL; -+ } -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100005L -+ DH_set0_pqg(dh, p, NULL, g); -+#else -+ dh->p = p; -+ dh->g = g; -+#endif -+ - return dh; - } - -@@ -117,16 +131,27 @@ get_dh2048() - }; - static unsigned char dh2048_g[]={ 0x02, }; - DH *dh; -+ BIGNUM *p, *g; - - if ((dh=DH_new()) == NULL) - return(NULL); -- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); -- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); -- if ((dh->p == NULL) || (dh->g == NULL)) -+ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); -+ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); -+ if (p == NULL || g == NULL) - { -+ BN_free(p); -+ BN_free(g); - DH_free(dh); -- return(NULL); -+ return NULL; - } -+ -+#if OPENSSL_VERSION_NUMBER >= 0x10100005L -+ DH_set0_pqg(dh, p, NULL, g); -+#else -+ dh->p = p; -+ dh->g = g; -+#endif -+ - return(dh); - } - # endif /* !NO_DH */ -@@ -715,6 +740,54 @@ static char server_session_id_context[] - # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 - #endif - -+static RSA * -+generate_rsa_key(bits, e) -+ int bits; -+ unsigned long e; -+{ -+#if OPENSSL_VERSION_NUMBER < 0x00908000L -+ return RSA_generate_key(bits, e, NULL, NULL); -+#else -+ BIGNUM *bne; -+ RSA *rsa = NULL; -+ -+ bne = BN_new(); -+ if (bne && BN_set_word(bne, e) != 1) -+ rsa = RSA_new(); -+ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) -+ { -+ RSA_free(rsa); -+ rsa = NULL; -+ } -+ BN_free(bne); -+ return rsa; -+#endif -+} -+ -+static DSA * -+generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) -+ int bits; -+ unsigned char *seed; -+ int seed_len; -+ int *counter_ret; -+ unsigned long *h_ret; -+{ -+#if OPENSSL_VERSION_NUMBER < 0x00908000L -+ return DSA_generate_parameters(bits, seed, seed_len, counter_ret, -+ h_ret, NULL, NULL); -+#else -+ DSA *dsa = DSA_new(); -+ -+ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, -+ counter_ret, h_ret, NULL) != 1) -+ { -+ DSA_free(dsa); -+ dsa = NULL; -+ } -+ return dsa; -+#endif -+} -+ - bool - inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) - SSL_CTX **ctx; -@@ -926,7 +999,7 @@ inittls(ctx, req, options, srv, certfile - { - /* get a pointer to the current certificate validation store */ - store = SSL_CTX_get_cert_store(*ctx); /* does not fail */ -- crl_file = BIO_new(BIO_s_file_internal()); -+ crl_file = BIO_new(BIO_s_file()); - if (crl_file != NULL) - { - if (BIO_read_filename(crl_file, CRLFile) >= 0) -@@ -1003,8 +1076,7 @@ inittls(ctx, req, options, srv, certfile - if (bitset(TLS_I_RSA_TMP, req) - # if SM_CONF_SHM - && ShmId != SM_SHM_NO_ID && -- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, -- NULL)) == NULL -+ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL - # else /* SM_CONF_SHM */ - && 0 /* no shared memory: no need to generate key now */ - # endif /* SM_CONF_SHM */ -@@ -1210,8 +1282,8 @@ inittls(ctx, req, options, srv, certfile - sm_dprintf("inittls: Generating %d bit DH parameters\n", bits); - - /* this takes a while! */ -- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, -- NULL, 0, NULL); -+ dsa = generate_dsa_parameters(bits, NULL, 0, NULL, -+ NULL); - dh = DSA_dup_DH(dsa); - DSA_free(dsa); - } -@@ -1747,7 +1819,7 @@ tmp_rsa_key(s, export, keylength) - - if (rsa_tmp != NULL) - RSA_free(rsa_tmp); -- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); -+ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); - if (rsa_tmp == NULL) - { - if (LogLevel > 0) -@@ -1974,11 +2046,20 @@ x509_verify_cb(ok, ctx) - { - if (LogLevel > 13) - tls_verify_log(ok, ctx, "x509"); -+#if OPENSSL_VERSION_NUMBER >= 0x10100005L -+ if (X509_STORE_CTX_get_error(ctx) == -+ X509_V_ERR_UNABLE_TO_GET_CRL) -+ { -+ X509_STORE_CTX_set_error(ctx, 0); -+ return 1; /* override it */ -+ } -+#else - if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) - { - ctx->error = 0; - return 1; /* override it */ - } -+#endif - } - return ok; - } diff --git a/sendmail-8.15.2-smtp-session-reuse-fix.patch b/sendmail-8.15.2-smtp-session-reuse-fix.patch deleted file mode 100644 index bc148419532b..000000000000 --- a/sendmail-8.15.2-smtp-session-reuse-fix.patch +++ /dev/null @@ -1,249 +0,0 @@ -diff -ru a/sendmail/deliver.c b/sendmail/deliver.c ---- a/sendmail/deliver.c 2016-02-29 06:01:55.000000000 -0800 -+++ b/sendmail/deliver.c 2016-02-29 06:02:06.000000000 -0800 -@@ -6274,8 +6274,7 @@ - tlslogerr(LOG_WARNING, "client"); - } - -- SSL_free(clt_ssl); -- clt_ssl = NULL; -+ SM_SSL_FREE(clt_ssl); - return EX_SOFTWARE; - } - mci->mci_ssl = clt_ssl; -@@ -6287,8 +6286,7 @@ - return EX_OK; - - /* failure */ -- SSL_free(clt_ssl); -- clt_ssl = NULL; -+ SM_SSL_FREE(clt_ssl); - return EX_SOFTWARE; - } - /* -@@ -6309,7 +6307,7 @@ - - if (!bitset(MCIF_TLSACT, mci->mci_flags)) - return EX_OK; -- r = endtls(mci->mci_ssl, "client"); -+ r = endtls(&mci->mci_ssl, "client"); - mci->mci_flags &= ~MCIF_TLSACT; - return r; - } -diff -ru a/sendmail/macro.c b/sendmail/macro.c ---- a/sendmail/macro.c 2016-02-29 06:01:55.000000000 -0800 -+++ b/sendmail/macro.c 2016-02-29 06:02:06.000000000 -0800 -@@ -362,6 +362,33 @@ - } - - /* -+** MACTABCLEAR -- clear entire macro table -+** -+** Parameters: -+** mac -- Macro table. -+** -+** Returns: -+** none. -+** -+** Side Effects: -+** clears entire mac structure including rpool pointer! -+*/ -+ -+void -+mactabclear(mac) -+ MACROS_T *mac; -+{ -+ int i; -+ -+ if (mac->mac_rpool == NULL) -+ { -+ for (i = 0; i < MAXMACROID; i++) -+ SM_FREE_CLR(mac->mac_table[i]); -+ } -+ memset((char *) mac, '\0', sizeof(*mac)); -+} -+ -+/* - ** MACDEFINE -- bind a macro name to a value - ** - ** Set a macro to a value, with fancy storage management. -diff -ru a/sendmail/mci.c b/sendmail/mci.c ---- a/sendmail/mci.c 2016-02-29 06:01:55.000000000 -0800 -+++ b/sendmail/mci.c 2016-02-29 06:02:06.000000000 -0800 -@@ -25,6 +25,7 @@ - int, bool)); - static bool mci_load_persistent __P((MCI *)); - static void mci_uncache __P((MCI **, bool)); -+static void mci_clear __P((MCI *)); - static int mci_lock_host_statfile __P((MCI *)); - static int mci_read_persistent __P((SM_FILE_T *, MCI *)); - -@@ -253,6 +254,7 @@ - SM_FREE_CLR(mci->mci_status); - SM_FREE_CLR(mci->mci_rstatus); - SM_FREE_CLR(mci->mci_heloname); -+ mci_clear(mci); - if (mci->mci_rpool != NULL) - { - sm_rpool_free(mci->mci_rpool); -@@ -315,6 +317,41 @@ - } - - /* -+** MCI_CLEAR -- clear mci -+** -+** Parameters: -+** mci -- the connection to clear. -+** -+** Returns: -+** none. -+*/ -+ -+static void -+mci_clear(mci) -+ MCI *mci; -+{ -+ if (mci == NULL) -+ return; -+ -+ mci->mci_maxsize = 0; -+ mci->mci_min_by = 0; -+ mci->mci_deliveries = 0; -+#if SASL -+ if (bitset(MCIF_AUTHACT, mci->mci_flags)) -+ sasl_dispose(&mci->mci_conn); -+#endif -+#if STARTTLS -+ if (bitset(MCIF_TLSACT, mci->mci_flags) && mci->mci_ssl != NULL) -+ SM_SSL_FREE(mci->mci_ssl); -+#endif -+ -+ /* which flags to preserve? */ -+ mci->mci_flags &= MCIF_CACHED; -+ mactabclear(&mci->mci_macro); -+} -+ -+ -+/* - ** MCI_GET -- get information about a particular host - ** - ** Parameters: -@@ -419,6 +456,7 @@ - mci->mci_errno = 0; - mci->mci_exitstat = EX_OK; - } -+ mci_clear(mci); - } - - return mci; -diff -ru a/sendmail/sendmail.h b/sendmail/sendmail.h ---- a/sendmail/sendmail.h 2016-02-29 06:01:55.000000000 -0800 -+++ b/sendmail/sendmail.h 2016-02-29 06:02:06.000000000 -0800 -@@ -1186,6 +1186,7 @@ - #define macid(name) macid_parse(name, NULL) - extern char *macname __P((int)); - extern char *macvalue __P((int, ENVELOPE *)); -+extern void mactabclear __P((MACROS_T *)); - extern int rscheck __P((char *, char *, char *, ENVELOPE *, int, int, char *, char *, ADDRESS *, char **)); - extern int rscap __P((char *, char *, char *, ENVELOPE *, char ***, char *, int)); - extern void setclass __P((int, char *)); -@@ -2002,7 +2003,15 @@ - extern void setclttls __P((bool)); - extern bool initsrvtls __P((bool)); - extern int tls_get_info __P((SSL *, bool, char *, MACROS_T *, bool)); --extern int endtls __P((SSL *, char *)); -+#define SM_SSL_FREE(ssl) \ -+ do { \ -+ if (ssl != NULL) \ -+ { \ -+ SSL_free(ssl); \ -+ ssl = NULL; \ -+ } \ -+ } while (0) -+extern int endtls __P((SSL **, char *)); - extern void tlslogerr __P((int, const char *)); - - -diff -ru a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c ---- a/sendmail/srvrsmtp.c 2016-02-29 06:01:55.000000000 -0800 -+++ b/sendmail/srvrsmtp.c 2016-02-29 06:02:06.000000000 -0800 -@@ -2122,8 +2122,7 @@ - if (get_tls_se_options(e, srv_ssl, true) != 0) - { - message("454 4.3.3 TLS not available: error setting options"); -- SSL_free(srv_ssl); -- srv_ssl = NULL; -+ SM_SSL_FREE(srv_ssl); - goto tls_done; - } - -@@ -2145,8 +2144,7 @@ - SSL_set_wfd(srv_ssl, wfd) <= 0) - { - message("454 4.3.3 TLS not available: error set fd"); -- SSL_free(srv_ssl); -- srv_ssl = NULL; -+ SM_SSL_FREE(srv_ssl); - goto tls_done; - } - if (!smtps) -@@ -2188,8 +2186,7 @@ - tlslogerr(LOG_WARNING, "server"); - } - tls_ok_srv = false; -- SSL_free(srv_ssl); -- srv_ssl = NULL; -+ SM_SSL_FREE(srv_ssl); - - /* - ** according to the next draft of -@@ -3416,7 +3413,7 @@ - /* shutdown TLS connection */ - if (tls_active) - { -- (void) endtls(srv_ssl, "server"); -+ (void) endtls(&srv_ssl, "server"); - tls_active = false; - } - #endif /* STARTTLS */ -diff -ru a/sendmail/tls.c b/sendmail/tls.c ---- a/sendmail/tls.c 2016-02-29 06:01:55.000000000 -0800 -+++ b/sendmail/tls.c 2016-02-29 06:02:06.000000000 -0800 -@@ -1624,7 +1624,7 @@ - ** ENDTLS -- shutdown secure connection - ** - ** Parameters: --** ssl -- SSL connection information. -+** pssl -- pointer to TLS session context - ** side -- server/client (for logging). - ** - ** Returns: -@@ -1632,12 +1632,16 @@ - */ - - int --endtls(ssl, side) -- SSL *ssl; -+endtls(pssl, side) -+ SSL **pssl; - char *side; - { - int ret = EX_OK; -+ SSL *ssl; - -+ SM_REQUIRE(pssl != NULL); -+ ret = EX_OK; -+ ssl = *pssl; - if (ssl != NULL) - { - int r; -@@ -1703,8 +1707,7 @@ - ret = EX_SOFTWARE; - } - # endif /* !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER > 0x0090602fL */ -- SSL_free(ssl); -- ssl = NULL; -+ SM_SSL_FREE(*pssl); - } - return ret; - } diff --git a/site.config.m4 b/site.config.m4 index e8e300d3d761..ac920691e17b 100644 --- a/site.config.m4 +++ b/site.config.m4 @@ -13,6 +13,6 @@ define(`confEBINDIR', `/usr/bin') define(`confMBINDIR', `/usr/bin') define(`confSBINDIR', `/usr/bin') define(`confMANROOT', `/usr/share/man/man') -APPENDDEF(`confENVDEF', `-DNETINET6 -DHAS_GETHOSTBYNAME2 -D_FFR_LINUX_MHNL -D_FFR_MILTER_CHECK_REJECTIONS_TOO') -APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DSASL=2 -D_FFR_TLS_EC -D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE') +APPENDDEF(`confENVDEF', `-DNETINET6 -DHAS_GETHOSTBYNAME2 -D_FFR_MILTER_CHECK_REJECTIONS_TOO') +APPENDDEF(`conf_sendmail_ENVDEF', `-DSTARTTLS -DSASL=2 -DDANE -DTLS_EC=2 -D_FFR_TLS_USE_CERTIFICATE_CHAIN_FILE') APPENDDEF(`conf_sendmail_LIBS', `-lssl -lcrypto -lresolv -lsasl2') |