sendmail/0001-remove-libdb-dependency.patch

From 2736cf77113b65b2fe34eea70347e923b9c02af5 Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Fri, 15 Jan 2021 16:30:34 +0800
Subject: [PATCH] remove libdb dependency

---
 sendmail-8.15.2-format-security.patch   |  92 ++++++++++++
 sendmail-8.15.2-openssl-1.1.0-fix.patch | 183 ++++++++++++++++++++++++
 sendmail.spec                           |  20 ++-
 3 files changed, 289 insertions(+), 6 deletions(-)
 create mode 100644 sendmail-8.15.2-format-security.patch
 create mode 100644 sendmail-8.15.2-openssl-1.1.0-fix.patch

diff --git a/sendmail-8.15.2-format-security.patch b/sendmail-8.15.2-format-security.patch
new file mode 100644
index 0000000..d4ff443
--- /dev/null
+++ b/sendmail-8.15.2-format-security.patch
@@ -0,0 +1,92 @@
+diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c
+index ba636a8..46c5356 100644
+--- a/sendmail/srvrsmtp.c
++++ b/sendmail/srvrsmtp.c
+@@ -159,6 +159,26 @@
+ #define SKIP_SPACE(s)	while (SM_ISSPACE(*s))	\
+ 				(s)++
+ 
++static inline void
++message1(fmt)
++       char *fmt;
++{
++       if (strchr(fmt, '%') == NULL)
++               message(fmt, NULL);
++       else
++               message("%s", fmt);
++}
++
++static inline void
++usrerr1(fmt)
++       char *fmt;
++{
++       if (strchr(fmt, '%') == NULL)
++               usrerr(fmt, NULL);
++       else
++               usrerr("%s", fmt);
++}
++
+ #if _FFR_EAI
+ /*
+ **  ADDR_IS_ASCII -- check whether an address is 100% printable ASCII
+@@ -638,13 +658,13 @@
+ 				bool tsave = QuickAbort;		\
+ 									\
+ 				QuickAbort = false;			\
+-				usrerr(response);			\
++				usrerr1(response);			\
+ 				QuickAbort = tsave;			\
+ 				e->e_sendqueue = NULL;			\
+ 				goto doquit;				\
+ 			}						\
+ 			else						\
+-				usrerr(response);			\
++				usrerr1(response);			\
+ 			break;						\
+ 									\
+ 		  case SMFIR_REJECT:					\
+@@ -1011,7 +1031,7 @@
+ 	else if (strncmp(nullserver, "421 ", 4) == 0)
+ 	{
+ 		/* Can't use ("%s", ...) due to message() requirements */
+-		message(nullserver);
++		message1(nullserver);
+ 		goto doquit;
+ 	}
+ 
+@@ -1953,7 +1973,7 @@
+ 					if (ISSMTPREPLY(nullserver))
+ 					{
+ 						/* Can't use ("%s", ...) due to usrerr() requirements */
+-						usrerr(nullserver);
++						usrerr1(nullserver);
+ 					}
+ 					else
+ 					{
+@@ -2561,7 +2581,7 @@
+ 					if (response != NULL)
+ 					{
+ 						/* Can't use ("%s", ...) due to usrerr() requirements */
+-						usrerr(response);
++						usrerr1(response);
+ 					}
+ 					else
+ 					{
+@@ -3800,7 +3820,7 @@
+ #endif
+ 
+ 			/* Can't use ("%s", ...) due to usrerr() requirements */
+-			usrerr(response);
++			usrerr1(response);
+ 			if (strncmp(response, "421 ", 4) == 0
+ 			    || strncmp(response, "421-", 4) == 0)
+ 			{
+@@ -3922,7 +3942,7 @@
+ 				(void) extenhsc(response + 4, ' ', e->e_enhsc);
+ #endif
+ 			/* Can't use ("%s", ...) due to usrerr() requirements */
+-			usrerr(response);
++			usrerr1(response);
+ 			if (strncmp(response, "421 ", 4) == 0
+ 			    || strncmp(response, "421-", 4) == 0)
+ 				rv = false;
diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch
new file mode 100644
index 0000000..c0023b1
--- /dev/null
+++ b/sendmail-8.15.2-openssl-1.1.0-fix.patch
@@ -0,0 +1,183 @@
+--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100
++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100
+@@ -79,7 +79,8 @@
+ static DH *
+ get_dh512()
+ {
+-	DH *dh = NULL;
++	DH *dh;
++       BIGNUM *p, *g;
+ #  if MTA_HAVE_DH_set0_pqg
+ 	BIGNUM *dhp_bn, *dhg_bn;
+ #  endif
+@@ -96,13 +97,23 @@
+ 		return NULL;
+ 	}
+ #  else
+-	dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+-	dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL))
++	p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
++	g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
++	if (p == NULL || g == NULL)
+ 	{
++               BN_free(p);
++               BN_free(g);
+ 		DH_free(dh);
+ 		return NULL;
+ 	}
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++       DH_set0_pqg(dh, p, NULL, g);
++#else
++       dh->p = p;
++       dh->g = g;
++#endif
++
+ #  endif
+ 	return dh;
+ }
+@@ -150,6 +161,8 @@
+ 		};
+ 	static unsigned char dh2048_g[]={ 0x02, };
+ 	DH *dh;
++	BIGNUM *p, *g;
++
+ #  if MTA_HAVE_DH_set0_pqg
+ 	BIGNUM *dhp_bn, *dhg_bn;
+ #  endif
+@@ -166,13 +179,23 @@
+ 		return NULL;
+ 	}
+ #  else
+-	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL))
++	p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++	g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++	if (p == NULL || g == NULL)
+ 	{
++               BN_free(p);
++               BN_free(g);
+ 		DH_free(dh);
+-		return(NULL);
++		return NULL;
+ 	}
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++       DH_set0_pqg(dh, p, NULL, g);
++#else
++       dh->p = p;
++       dh->g = g;
++#endif
++
+ #  endif
+ 	return(dh);
+ }
+@@ -929,6 +952,54 @@
+ #  define SM_SSL_OP_TLS_BLOCK_PADDING_BUG	0
+ # endif
+ 
++static RSA *
++generate_rsa_key(bits, e)
++       int bits;
++       unsigned long e;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++       return RSA_generate_key(bits, e, NULL, NULL);
++#else
++       BIGNUM *bne;
++       RSA *rsa = NULL;
++
++       bne = BN_new();
++       if (bne && BN_set_word(bne, e) != 1)
++               rsa = RSA_new();
++       if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)
++       {
++               RSA_free(rsa);
++               rsa = NULL;
++       }
++       BN_free(bne);
++       return rsa;
++#endif
++}
++
++static DSA *
++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)
++       int bits;
++       unsigned char *seed;
++       int seed_len;
++       int *counter_ret;
++       unsigned long *h_ret;
++{
++#if OPENSSL_VERSION_NUMBER < 0x00908000L
++       return DSA_generate_parameters(bits, seed, seed_len, counter_ret,
++                                      h_ret, NULL, NULL);
++#else
++       DSA *dsa = DSA_new();
++
++       if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,
++                                             counter_ret, h_ret, NULL) != 1)
++       {
++               DSA_free(dsa);
++               dsa = NULL;
++       }
++       return dsa;
++#endif
++}
++
+ bool
+ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)
+ 	SSL_CTX **ctx;
+@@ -1183,8 +1254,7 @@
+ 	if (bitset(TLS_I_RSA_TMP, req)
+ #  if SM_CONF_SHM
+ 	    && ShmId != SM_SHM_NO_ID &&
+-	    (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,
+-					NULL)) == NULL
++	    (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL
+ #  else /* SM_CONF_SHM */
+ 	    && 0	/* no shared memory: no need to generate key now */
+ #  endif /* SM_CONF_SHM */
+@@ -1391,8 +1461,8 @@
+ 			}
+ #  else
+ 			/* this takes a while! */
+-			dsa = DSA_generate_parameters(bits, NULL, 0, NULL,
+-						      NULL, 0, NULL);
++                       dsa = generate_dsa_parameters(bits, NULL, 0, NULL,
++                                                     NULL);
+ 			dh = DSA_dup_DH(dsa);
+ #  endif
+ 			DSA_free(dsa);
+@@ -2081,7 +2151,7 @@
+ 
+ 	if (rsa_tmp != NULL)
+ 		RSA_free(rsa_tmp);
+-	rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);
++	rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);
+ 	if (rsa_tmp == NULL)
+ 	{
+ 		if (LogLevel > 0)
+@@ -2526,12 +2596,21 @@
+ 	SM_GETTLSI;
+ 	if (LogLevel > 13)
+ 		tls_verify_log(ok, ctx, "X509");
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++               if (X509_STORE_CTX_get_error(ctx) ==
++                   X509_V_ERR_UNABLE_TO_GET_CRL)
++               {
++                       X509_STORE_CTX_set_error(ctx, 0);
++                       return 1;       /* override it */
++               }
++#else
+ 	if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL &&
+ 	    !SM_TLSI_IS(tlsi_ctx, TLSI_FL_CRLREQ))
+ 	{
+ 		X509_STORE_CTX_set_error(ctx, 0);
+ 		return 1;	/* override it */
+ 	}
++#endif
+ 	return ok;
+ }
+ 
diff --git a/sendmail.spec b/sendmail.spec
index eb15495..273cca2 100644
--- a/sendmail.spec
+++ b/sendmail.spec
@@ -1,6 +1,6 @@
 Name:          sendmail
 Version:       8.16.1
-Release:       2
+Release:       3
 Summary:       A classic mail transfer agent from the Unix world
 License:       Sendmail
 URL:           http://www.sendmail.org/
@@ -21,7 +21,7 @@ Source13:      sendmail-etc-mail-local-host-names
 Source14:      sendmail-etc-mail-mailertable
 Source15:      sendmail-etc-mail-trusted-users
 
-BuildRequires: openssl-devel openldap-devel libdb-devel libnsl2-devel
+BuildRequires: openssl-devel openldap-devel libnsl2-devel
 BuildRequires: cyrus-sasl-devel groff ghostscript m4 systemd setup >= 2.5.31-1
 Requires:      bash >= 2.0 setup >= 2.5.31-1 %{_sbindir}/saslauthd 
 Requires(pre): shadow-utils
@@ -46,6 +46,8 @@ Patch9:        sendmail-8.15.2-switchfile.patch
 Patch10:       sendmail-8.14.8-sasl2-in-etc.patch
 Patch11:       sendmail-8.16.1-qos.patch
 Patch12:       sendmail-8.15.2-libmilter-socket-activation.patch
+Patch13:       sendmail-8.15.2-openssl-1.1.0-fix.patch
+Patch14:       sendmail-8.15.2-format-security.patch
 
 %description
 Sendmail is a general purpose internetwork email routing facility that
@@ -94,21 +96,21 @@ cp devtools/M4/UNIX/library.m4 devtools/M4/UNIX/sharedlibrary.m4
 export CFLAGS="${RPM_OPT_FLAGS}"
 
 cat << EOF > config.m4
-define(\`confMAPDEF', \`-DNEWDB -DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1')
+define(\`confMAPDEF', \`-DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1')
 define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''')
-define(\`confLIBS', \`-lnsl -lcrypt -ldb -lresolv')
+define(\`confLIBS', \`-lnsl -lcrypt -lresolv')
 define(\`confSTDIR', \`%{_localstatedir}/log/mail')
 define(\`confLDOPTS', \`-Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now')
 define(\`confMANOWN', \`root')
 define(\`confMANGRP', \`root')
-define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0')
+define(\`confENVDEF', \`-I/usr/kerberos/include -Wall -DXDEBUG=0')
 define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}')
 define(\`confMANMODE', \`644')
 define(\`confMAN1SRC', \`1')
 define(\`confMAN5SRC', \`5')
 define(\`confMAN8SRC', \`8')
 define(\`STATUS_FILE', \`%{_localstatedir}/log/mail/statistics')
-define(\`confLIBSEARCH', \`db resolv 44bsd')
+define(\`confLIBSEARCH', \`resolv 44bsd')
 EOF
 #'
 
-- 
2.23.0
remove libdb dependency 2022-02-23 11:26:33 +08:00			`From 2736cf77113b65b2fe34eea70347e923b9c02af5 Mon Sep 17 00:00:00 2001`
			`From: eaglegai <eaglegai@163.com>`
			`Date: Fri, 15 Jan 2021 16:30:34 +0800`
			`Subject: [PATCH] remove libdb dependency`

			`---`
			`sendmail-8.15.2-format-security.patch \| 92 ++++++++++++`
			`sendmail-8.15.2-openssl-1.1.0-fix.patch \| 183 ++++++++++++++++++++++++`
			`sendmail.spec \| 20 ++-`
			`3 files changed, 289 insertions(+), 6 deletions(-)`
			`create mode 100644 sendmail-8.15.2-format-security.patch`
			`create mode 100644 sendmail-8.15.2-openssl-1.1.0-fix.patch`

			`diff --git a/sendmail-8.15.2-format-security.patch b/sendmail-8.15.2-format-security.patch`
			`new file mode 100644`
			`index 0000000..d4ff443`
			`--- /dev/null`
			`+++ b/sendmail-8.15.2-format-security.patch`
			`@@ -0,0 +1,92 @@`
			`+diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c`
			`+index ba636a8..46c5356 100644`
			`+--- a/sendmail/srvrsmtp.c`
			`++++ b/sendmail/srvrsmtp.c`
			`+@@ -159,6 +159,26 @@`
			`+ #define SKIP_SPACE(s) while (SM_ISSPACE(*s)) \`
			`+ (s)++`
			`+`
			`++static inline void`
			`++message1(fmt)`
			`++ char *fmt;`
			`++{`
			`++ if (strchr(fmt, '%') == NULL)`
			`++ message(fmt, NULL);`
			`++ else`
			`++ message("%s", fmt);`
			`++}`
			`++`
			`++static inline void`
			`++usrerr1(fmt)`
			`++ char *fmt;`
			`++{`
			`++ if (strchr(fmt, '%') == NULL)`
			`++ usrerr(fmt, NULL);`
			`++ else`
			`++ usrerr("%s", fmt);`
			`++}`
			`++`
			`+ #if _FFR_EAI`
			`+ /*`
			`+ ** ADDR_IS_ASCII -- check whether an address is 100% printable ASCII`
			`+@@ -638,13 +658,13 @@`
			`+ bool tsave = QuickAbort; \`
			`+ \`
			`+ QuickAbort = false; \`
			`+- usrerr(response); \`
			`++ usrerr1(response); \`
			`+ QuickAbort = tsave; \`
			`+ e->e_sendqueue = NULL; \`
			`+ goto doquit; \`
			`+ } \`
			`+ else \`
			`+- usrerr(response); \`
			`++ usrerr1(response); \`
			`+ break; \`
			`+ \`
			`+ case SMFIR_REJECT: \`
			`+@@ -1011,7 +1031,7 @@`
			`+ else if (strncmp(nullserver, "421 ", 4) == 0)`
			`+ {`
			`+ /* Can't use ("%s", ...) due to message() requirements */`
			`+- message(nullserver);`
			`++ message1(nullserver);`
			`+ goto doquit;`
			`+ }`
			`+`
			`+@@ -1953,7 +1973,7 @@`
			`+ if (ISSMTPREPLY(nullserver))`
			`+ {`
			`+ /* Can't use ("%s", ...) due to usrerr() requirements */`
			`+- usrerr(nullserver);`
			`++ usrerr1(nullserver);`
			`+ }`
			`+ else`
			`+ {`
			`+@@ -2561,7 +2581,7 @@`
			`+ if (response != NULL)`
			`+ {`
			`+ /* Can't use ("%s", ...) due to usrerr() requirements */`
			`+- usrerr(response);`
			`++ usrerr1(response);`
			`+ }`
			`+ else`
			`+ {`
			`+@@ -3800,7 +3820,7 @@`
			`+ #endif`
			`+`
			`+ /* Can't use ("%s", ...) due to usrerr() requirements */`
			`+- usrerr(response);`
			`++ usrerr1(response);`
			`+ if (strncmp(response, "421 ", 4) == 0`
			`+ \|\| strncmp(response, "421-", 4) == 0)`
			`+ {`
			`+@@ -3922,7 +3942,7 @@`
			`+ (void) extenhsc(response + 4, ' ', e->e_enhsc);`
			`+ #endif`
			`+ /* Can't use ("%s", ...) due to usrerr() requirements */`
			`+- usrerr(response);`
			`++ usrerr1(response);`
			`+ if (strncmp(response, "421 ", 4) == 0`
			`+ \|\| strncmp(response, "421-", 4) == 0)`
			`+ rv = false;`
			`diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch`
			`new file mode 100644`
			`index 0000000..c0023b1`
			`--- /dev/null`
			`+++ b/sendmail-8.15.2-openssl-1.1.0-fix.patch`
			`@@ -0,0 +1,183 @@`
			`+--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100`
			`++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100`
			`+@@ -79,7 +79,8 @@`
			`+ static DH *`
			`+ get_dh512()`
			`+ {`
			`+- DH *dh = NULL;`
			`++ DH *dh;`
			`++ BIGNUM p, g;`
			`+ # if MTA_HAVE_DH_set0_pqg`
			`+ BIGNUM dhp_bn, dhg_bn;`
			`+ # endif`
			`+@@ -96,13 +97,23 @@`
			`+ return NULL;`
			`+ }`
			`+ # else`
			`+- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);`
			`+- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);`
			`+- if ((dh->p == NULL) \|\| (dh->g == NULL))`
			`++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);`
			`++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);`
			`++ if (p == NULL \|\| g == NULL)`
			`+ {`
			`++ BN_free(p);`
			`++ BN_free(g);`
			`+ DH_free(dh);`
			`+ return NULL;`
			`+ }`
			`++`
			`++#if OPENSSL_VERSION_NUMBER >= 0x10100005L`
			`++ DH_set0_pqg(dh, p, NULL, g);`
			`++#else`
			`++ dh->p = p;`
			`++ dh->g = g;`
			`++#endif`
			`++`
			`+ # endif`
			`+ return dh;`
			`+ }`
			`+@@ -150,6 +161,8 @@`
			`+ };`
			`+ static unsigned char dh2048_g[]={ 0x02, };`
			`+ DH *dh;`
			`++ BIGNUM p, g;`
			`++`
			`+ # if MTA_HAVE_DH_set0_pqg`
			`+ BIGNUM dhp_bn, dhg_bn;`
			`+ # endif`
			`+@@ -166,13 +179,23 @@`
			`+ return NULL;`
			`+ }`
			`+ # else`
			`+- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);`
			`+- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);`
			`+- if ((dh->p == NULL) \|\| (dh->g == NULL))`
			`++ p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);`
			`++ g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);`
			`++ if (p == NULL \|\| g == NULL)`
			`+ {`
			`++ BN_free(p);`
			`++ BN_free(g);`
			`+ DH_free(dh);`
			`+- return(NULL);`
			`++ return NULL;`
			`+ }`
			`++`
			`++#if OPENSSL_VERSION_NUMBER >= 0x10100005L`
			`++ DH_set0_pqg(dh, p, NULL, g);`
			`++#else`
			`++ dh->p = p;`
			`++ dh->g = g;`
			`++#endif`
			`++`
			`+ # endif`
			`+ return(dh);`
			`+ }`
			`+@@ -929,6 +952,54 @@`
			`+ # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0`
			`+ # endif`
			`+`
			`++static RSA *`
			`++generate_rsa_key(bits, e)`
			`++ int bits;`
			`++ unsigned long e;`
			`++{`
			`++#if OPENSSL_VERSION_NUMBER < 0x00908000L`
			`++ return RSA_generate_key(bits, e, NULL, NULL);`
			`++#else`
			`++ BIGNUM *bne;`
			`++ RSA *rsa = NULL;`
			`++`
			`++ bne = BN_new();`
			`++ if (bne && BN_set_word(bne, e) != 1)`
			`++ rsa = RSA_new();`
			`++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1)`
			`++ {`
			`++ RSA_free(rsa);`
			`++ rsa = NULL;`
			`++ }`
			`++ BN_free(bne);`
			`++ return rsa;`
			`++#endif`
			`++}`
			`++`
			`++static DSA *`
			`++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret)`
			`++ int bits;`
			`++ unsigned char *seed;`
			`++ int seed_len;`
			`++ int *counter_ret;`
			`++ unsigned long *h_ret;`
			`++{`
			`++#if OPENSSL_VERSION_NUMBER < 0x00908000L`
			`++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret,`
			`++ h_ret, NULL, NULL);`
			`++#else`
			`++ DSA *dsa = DSA_new();`
			`++`
			`++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len,`
			`++ counter_ret, h_ret, NULL) != 1)`
			`++ {`
			`++ DSA_free(dsa);`
			`++ dsa = NULL;`
			`++ }`
			`++ return dsa;`
			`++#endif`
			`++}`
			`++`
			`+ bool`
			`+ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam)`
			`+ SSL_CTX **ctx;`
			`+@@ -1183,8 +1254,7 @@`
			`+ if (bitset(TLS_I_RSA_TMP, req)`
			`+ # if SM_CONF_SHM`
			`+ && ShmId != SM_SHM_NO_ID &&`
			`+- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL,`
			`+- NULL)) == NULL`
			`++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL`
			`+ # else /* SM_CONF_SHM */`
			`+ && 0 /* no shared memory: no need to generate key now */`
			`+ # endif /* SM_CONF_SHM */`
			`+@@ -1391,8 +1461,8 @@`
			`+ }`
			`+ # else`
			`+ /* this takes a while! */`
			`+- dsa = DSA_generate_parameters(bits, NULL, 0, NULL,`
			`+- NULL, 0, NULL);`
			`++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL,`
			`++ NULL);`
			`+ dh = DSA_dup_DH(dsa);`
			`+ # endif`
			`+ DSA_free(dsa);`
			`+@@ -2081,7 +2151,7 @@`
			`+`
			`+ if (rsa_tmp != NULL)`
			`+ RSA_free(rsa_tmp);`
			`+- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL);`
			`++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4);`
			`+ if (rsa_tmp == NULL)`
			`+ {`
			`+ if (LogLevel > 0)`
			`+@@ -2526,12 +2596,21 @@`
			`+ SM_GETTLSI;`
			`+ if (LogLevel > 13)`
			`+ tls_verify_log(ok, ctx, "X509");`
			`++#if OPENSSL_VERSION_NUMBER >= 0x10100005L`
			`++ if (X509_STORE_CTX_get_error(ctx) ==`
			`++ X509_V_ERR_UNABLE_TO_GET_CRL)`
			`++ {`
			`++ X509_STORE_CTX_set_error(ctx, 0);`
			`++ return 1; /* override it */`
			`++ }`
			`++#else`
			`+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL &&`
			`+ !SM_TLSI_IS(tlsi_ctx, TLSI_FL_CRLREQ))`
			`+ {`
			`+ X509_STORE_CTX_set_error(ctx, 0);`
			`+ return 1; /* override it */`
			`+ }`
			`++#endif`
			`+ return ok;`
			`+ }`
			`+`
			`diff --git a/sendmail.spec b/sendmail.spec`
			`index eb15495..273cca2 100644`
			`--- a/sendmail.spec`
			`+++ b/sendmail.spec`
			`@@ -1,6 +1,6 @@`
			`Name: sendmail`
			`Version: 8.16.1`
			`-Release: 2`
			`+Release: 3`
			`Summary: A classic mail transfer agent from the Unix world`
			`License: Sendmail`
			`URL: http://www.sendmail.org/`
			`@@ -21,7 +21,7 @@ Source13: sendmail-etc-mail-local-host-names`
			`Source14: sendmail-etc-mail-mailertable`
			`Source15: sendmail-etc-mail-trusted-users`

			`-BuildRequires: openssl-devel openldap-devel libdb-devel libnsl2-devel`
			`+BuildRequires: openssl-devel openldap-devel libnsl2-devel`
			`BuildRequires: cyrus-sasl-devel groff ghostscript m4 systemd setup >= 2.5.31-1`
			`Requires: bash >= 2.0 setup >= 2.5.31-1 %{_sbindir}/saslauthd`
			`Requires(pre): shadow-utils`
			`@@ -46,6 +46,8 @@ Patch9: sendmail-8.15.2-switchfile.patch`
			`Patch10: sendmail-8.14.8-sasl2-in-etc.patch`
			`Patch11: sendmail-8.16.1-qos.patch`
			`Patch12: sendmail-8.15.2-libmilter-socket-activation.patch`
			`+Patch13: sendmail-8.15.2-openssl-1.1.0-fix.patch`
			`+Patch14: sendmail-8.15.2-format-security.patch`

			`%description`
			`Sendmail is a general purpose internetwork email routing facility that`
			`@@ -94,21 +96,21 @@ cp devtools/M4/UNIX/library.m4 devtools/M4/UNIX/sharedlibrary.m4`
			`export CFLAGS="${RPM_OPT_FLAGS}"`

			`cat << EOF > config.m4`
			-define(\`confMAPDEF', \`-DNEWDB -DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1')
			+define(\`confMAPDEF', \`-DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1')
			define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''')
			-define(\`confLIBS', \`-lnsl -lcrypt -ldb -lresolv')
			+define(\`confLIBS', \`-lnsl -lcrypt -lresolv')
			define(\`confSTDIR', \`%{_localstatedir}/log/mail')
			define(\`confLDOPTS', \`-Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now')
			define(\`confMANOWN', \`root')
			define(\`confMANGRP', \`root')
			-define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0')
			+define(\`confENVDEF', \`-I/usr/kerberos/include -Wall -DXDEBUG=0')
			define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}')
			define(\`confMANMODE', \`644')
			define(\`confMAN1SRC', \`1')
			define(\`confMAN5SRC', \`5')
			define(\`confMAN8SRC', \`8')
			define(\`STATUS_FILE', \`%{_localstatedir}/log/mail/statistics')
			-define(\`confLIBSEARCH', \`db resolv 44bsd')
			+define(\`confLIBSEARCH', \`resolv 44bsd')
			`EOF`
			`#'`

			`--`
			`2.23.0`