From d52f27be5e84e50d3318f99c15c8771cbbd3b7b4 Mon Sep 17 00:00:00 2001 From: haochenstar Date: Wed, 23 Feb 2022 11:26:33 +0800 Subject: [PATCH] remove libdb dependency --- 0001-remove-libdb-dependency.patch | 359 ++++++++++++++++++++++++ sendmail-8.15.2-format-security.patch | 92 ++++++ sendmail-8.15.2-openssl-1.1.0-fix.patch | 183 ++++++++++++ sendmail.spec | 20 +- 4 files changed, 648 insertions(+), 6 deletions(-) create mode 100644 0001-remove-libdb-dependency.patch create mode 100644 sendmail-8.15.2-format-security.patch create mode 100644 sendmail-8.15.2-openssl-1.1.0-fix.patch diff --git a/0001-remove-libdb-dependency.patch b/0001-remove-libdb-dependency.patch new file mode 100644 index 0000000..f5daec7 --- /dev/null +++ b/0001-remove-libdb-dependency.patch @@ -0,0 +1,359 @@ +From 2736cf77113b65b2fe34eea70347e923b9c02af5 Mon Sep 17 00:00:00 2001 +From: eaglegai +Date: Fri, 15 Jan 2021 16:30:34 +0800 +Subject: [PATCH] remove libdb dependency + +--- + sendmail-8.15.2-format-security.patch | 92 ++++++++++++ + sendmail-8.15.2-openssl-1.1.0-fix.patch | 183 ++++++++++++++++++++++++ + sendmail.spec | 20 ++- + 3 files changed, 289 insertions(+), 6 deletions(-) + create mode 100644 sendmail-8.15.2-format-security.patch + create mode 100644 sendmail-8.15.2-openssl-1.1.0-fix.patch + +diff --git a/sendmail-8.15.2-format-security.patch b/sendmail-8.15.2-format-security.patch +new file mode 100644 +index 0000000..d4ff443 +--- /dev/null ++++ b/sendmail-8.15.2-format-security.patch +@@ -0,0 +1,92 @@ ++diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c ++index ba636a8..46c5356 100644 ++--- a/sendmail/srvrsmtp.c +++++ b/sendmail/srvrsmtp.c ++@@ -159,6 +159,26 @@ ++ #define SKIP_SPACE(s) while (SM_ISSPACE(*s)) \ ++ (s)++ ++ +++static inline void +++message1(fmt) +++ char *fmt; +++{ +++ if (strchr(fmt, '%') == NULL) +++ message(fmt, NULL); +++ else +++ message("%s", fmt); +++} +++ +++static inline void +++usrerr1(fmt) +++ char *fmt; +++{ +++ if (strchr(fmt, '%') == NULL) +++ usrerr(fmt, NULL); +++ else +++ usrerr("%s", fmt); +++} +++ ++ #if _FFR_EAI ++ /* ++ ** ADDR_IS_ASCII -- check whether an address is 100% printable ASCII ++@@ -638,13 +658,13 @@ ++ bool tsave = QuickAbort; \ ++ \ ++ QuickAbort = false; \ ++- usrerr(response); \ +++ usrerr1(response); \ ++ QuickAbort = tsave; \ ++ e->e_sendqueue = NULL; \ ++ goto doquit; \ ++ } \ ++ else \ ++- usrerr(response); \ +++ usrerr1(response); \ ++ break; \ ++ \ ++ case SMFIR_REJECT: \ ++@@ -1011,7 +1031,7 @@ ++ else if (strncmp(nullserver, "421 ", 4) == 0) ++ { ++ /* Can't use ("%s", ...) due to message() requirements */ ++- message(nullserver); +++ message1(nullserver); ++ goto doquit; ++ } ++ ++@@ -1953,7 +1973,7 @@ ++ if (ISSMTPREPLY(nullserver)) ++ { ++ /* Can't use ("%s", ...) due to usrerr() requirements */ ++- usrerr(nullserver); +++ usrerr1(nullserver); ++ } ++ else ++ { ++@@ -2561,7 +2581,7 @@ ++ if (response != NULL) ++ { ++ /* Can't use ("%s", ...) due to usrerr() requirements */ ++- usrerr(response); +++ usrerr1(response); ++ } ++ else ++ { ++@@ -3800,7 +3820,7 @@ ++ #endif ++ ++ /* Can't use ("%s", ...) due to usrerr() requirements */ ++- usrerr(response); +++ usrerr1(response); ++ if (strncmp(response, "421 ", 4) == 0 ++ || strncmp(response, "421-", 4) == 0) ++ { ++@@ -3922,7 +3942,7 @@ ++ (void) extenhsc(response + 4, ' ', e->e_enhsc); ++ #endif ++ /* Can't use ("%s", ...) due to usrerr() requirements */ ++- usrerr(response); +++ usrerr1(response); ++ if (strncmp(response, "421 ", 4) == 0 ++ || strncmp(response, "421-", 4) == 0) ++ rv = false; +diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch +new file mode 100644 +index 0000000..c0023b1 +--- /dev/null ++++ b/sendmail-8.15.2-openssl-1.1.0-fix.patch +@@ -0,0 +1,183 @@ ++--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100 +++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100 ++@@ -79,7 +79,8 @@ ++ static DH * ++ get_dh512() ++ { ++- DH *dh = NULL; +++ DH *dh; +++ BIGNUM *p, *g; ++ # if MTA_HAVE_DH_set0_pqg ++ BIGNUM *dhp_bn, *dhg_bn; ++ # endif ++@@ -96,13 +97,23 @@ ++ return NULL; ++ } ++ # else ++- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++- if ((dh->p == NULL) || (dh->g == NULL)) +++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); +++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); +++ if (p == NULL || g == NULL) ++ { +++ BN_free(p); +++ BN_free(g); ++ DH_free(dh); ++ return NULL; ++ } +++ +++#if OPENSSL_VERSION_NUMBER >= 0x10100005L +++ DH_set0_pqg(dh, p, NULL, g); +++#else +++ dh->p = p; +++ dh->g = g; +++#endif +++ ++ # endif ++ return dh; ++ } ++@@ -150,6 +161,8 @@ ++ }; ++ static unsigned char dh2048_g[]={ 0x02, }; ++ DH *dh; +++ BIGNUM *p, *g; +++ ++ # if MTA_HAVE_DH_set0_pqg ++ BIGNUM *dhp_bn, *dhg_bn; ++ # endif ++@@ -166,13 +179,23 @@ ++ return NULL; ++ } ++ # else ++- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ++- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ++- if ((dh->p == NULL) || (dh->g == NULL)) +++ p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +++ g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +++ if (p == NULL || g == NULL) ++ { +++ BN_free(p); +++ BN_free(g); ++ DH_free(dh); ++- return(NULL); +++ return NULL; ++ } +++ +++#if OPENSSL_VERSION_NUMBER >= 0x10100005L +++ DH_set0_pqg(dh, p, NULL, g); +++#else +++ dh->p = p; +++ dh->g = g; +++#endif +++ ++ # endif ++ return(dh); ++ } ++@@ -929,6 +952,54 @@ ++ # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 ++ # endif ++ +++static RSA * +++generate_rsa_key(bits, e) +++ int bits; +++ unsigned long e; +++{ +++#if OPENSSL_VERSION_NUMBER < 0x00908000L +++ return RSA_generate_key(bits, e, NULL, NULL); +++#else +++ BIGNUM *bne; +++ RSA *rsa = NULL; +++ +++ bne = BN_new(); +++ if (bne && BN_set_word(bne, e) != 1) +++ rsa = RSA_new(); +++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) +++ { +++ RSA_free(rsa); +++ rsa = NULL; +++ } +++ BN_free(bne); +++ return rsa; +++#endif +++} +++ +++static DSA * +++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) +++ int bits; +++ unsigned char *seed; +++ int seed_len; +++ int *counter_ret; +++ unsigned long *h_ret; +++{ +++#if OPENSSL_VERSION_NUMBER < 0x00908000L +++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret, +++ h_ret, NULL, NULL); +++#else +++ DSA *dsa = DSA_new(); +++ +++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, +++ counter_ret, h_ret, NULL) != 1) +++ { +++ DSA_free(dsa); +++ dsa = NULL; +++ } +++ return dsa; +++#endif +++} +++ ++ bool ++ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) ++ SSL_CTX **ctx; ++@@ -1183,8 +1254,7 @@ ++ if (bitset(TLS_I_RSA_TMP, req) ++ # if SM_CONF_SHM ++ && ShmId != SM_SHM_NO_ID && ++- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, ++- NULL)) == NULL +++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL ++ # else /* SM_CONF_SHM */ ++ && 0 /* no shared memory: no need to generate key now */ ++ # endif /* SM_CONF_SHM */ ++@@ -1391,8 +1461,8 @@ ++ } ++ # else ++ /* this takes a while! */ ++- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, ++- NULL, 0, NULL); +++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL, +++ NULL); ++ dh = DSA_dup_DH(dsa); ++ # endif ++ DSA_free(dsa); ++@@ -2081,7 +2151,7 @@ ++ ++ if (rsa_tmp != NULL) ++ RSA_free(rsa_tmp); ++- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); +++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); ++ if (rsa_tmp == NULL) ++ { ++ if (LogLevel > 0) ++@@ -2526,12 +2596,21 @@ ++ SM_GETTLSI; ++ if (LogLevel > 13) ++ tls_verify_log(ok, ctx, "X509"); +++#if OPENSSL_VERSION_NUMBER >= 0x10100005L +++ if (X509_STORE_CTX_get_error(ctx) == +++ X509_V_ERR_UNABLE_TO_GET_CRL) +++ { +++ X509_STORE_CTX_set_error(ctx, 0); +++ return 1; /* override it */ +++ } +++#else ++ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL && ++ !SM_TLSI_IS(tlsi_ctx, TLSI_FL_CRLREQ)) ++ { ++ X509_STORE_CTX_set_error(ctx, 0); ++ return 1; /* override it */ ++ } +++#endif ++ return ok; ++ } ++ +diff --git a/sendmail.spec b/sendmail.spec +index eb15495..273cca2 100644 +--- a/sendmail.spec ++++ b/sendmail.spec +@@ -1,6 +1,6 @@ + Name: sendmail + Version: 8.16.1 +-Release: 2 ++Release: 3 + Summary: A classic mail transfer agent from the Unix world + License: Sendmail + URL: http://www.sendmail.org/ +@@ -21,7 +21,7 @@ Source13: sendmail-etc-mail-local-host-names + Source14: sendmail-etc-mail-mailertable + Source15: sendmail-etc-mail-trusted-users + +-BuildRequires: openssl-devel openldap-devel libdb-devel libnsl2-devel ++BuildRequires: openssl-devel openldap-devel libnsl2-devel + BuildRequires: cyrus-sasl-devel groff ghostscript m4 systemd setup >= 2.5.31-1 + Requires: bash >= 2.0 setup >= 2.5.31-1 %{_sbindir}/saslauthd + Requires(pre): shadow-utils +@@ -46,6 +46,8 @@ Patch9: sendmail-8.15.2-switchfile.patch + Patch10: sendmail-8.14.8-sasl2-in-etc.patch + Patch11: sendmail-8.16.1-qos.patch + Patch12: sendmail-8.15.2-libmilter-socket-activation.patch ++Patch13: sendmail-8.15.2-openssl-1.1.0-fix.patch ++Patch14: sendmail-8.15.2-format-security.patch + + %description + Sendmail is a general purpose internetwork email routing facility that +@@ -94,21 +96,21 @@ cp devtools/M4/UNIX/library.m4 devtools/M4/UNIX/sharedlibrary.m4 + export CFLAGS="${RPM_OPT_FLAGS}" + + cat << EOF > config.m4 +-define(\`confMAPDEF', \`-DNEWDB -DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') ++define(\`confMAPDEF', \`-DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') + define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''') +-define(\`confLIBS', \`-lnsl -lcrypt -ldb -lresolv') ++define(\`confLIBS', \`-lnsl -lcrypt -lresolv') + define(\`confSTDIR', \`%{_localstatedir}/log/mail') + define(\`confLDOPTS', \`-Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now') + define(\`confMANOWN', \`root') + define(\`confMANGRP', \`root') +-define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0') ++define(\`confENVDEF', \`-I/usr/kerberos/include -Wall -DXDEBUG=0') + define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}') + define(\`confMANMODE', \`644') + define(\`confMAN1SRC', \`1') + define(\`confMAN5SRC', \`5') + define(\`confMAN8SRC', \`8') + define(\`STATUS_FILE', \`%{_localstatedir}/log/mail/statistics') +-define(\`confLIBSEARCH', \`db resolv 44bsd') ++define(\`confLIBSEARCH', \`resolv 44bsd') + EOF + #' + +-- +2.23.0 + diff --git a/sendmail-8.15.2-format-security.patch b/sendmail-8.15.2-format-security.patch new file mode 100644 index 0000000..d4ff443 --- /dev/null +++ b/sendmail-8.15.2-format-security.patch @@ -0,0 +1,92 @@ +diff --git a/sendmail/srvrsmtp.c b/sendmail/srvrsmtp.c +index ba636a8..46c5356 100644 +--- a/sendmail/srvrsmtp.c ++++ b/sendmail/srvrsmtp.c +@@ -159,6 +159,26 @@ + #define SKIP_SPACE(s) while (SM_ISSPACE(*s)) \ + (s)++ + ++static inline void ++message1(fmt) ++ char *fmt; ++{ ++ if (strchr(fmt, '%') == NULL) ++ message(fmt, NULL); ++ else ++ message("%s", fmt); ++} ++ ++static inline void ++usrerr1(fmt) ++ char *fmt; ++{ ++ if (strchr(fmt, '%') == NULL) ++ usrerr(fmt, NULL); ++ else ++ usrerr("%s", fmt); ++} ++ + #if _FFR_EAI + /* + ** ADDR_IS_ASCII -- check whether an address is 100% printable ASCII +@@ -638,13 +658,13 @@ + bool tsave = QuickAbort; \ + \ + QuickAbort = false; \ +- usrerr(response); \ ++ usrerr1(response); \ + QuickAbort = tsave; \ + e->e_sendqueue = NULL; \ + goto doquit; \ + } \ + else \ +- usrerr(response); \ ++ usrerr1(response); \ + break; \ + \ + case SMFIR_REJECT: \ +@@ -1011,7 +1031,7 @@ + else if (strncmp(nullserver, "421 ", 4) == 0) + { + /* Can't use ("%s", ...) due to message() requirements */ +- message(nullserver); ++ message1(nullserver); + goto doquit; + } + +@@ -1953,7 +1973,7 @@ + if (ISSMTPREPLY(nullserver)) + { + /* Can't use ("%s", ...) due to usrerr() requirements */ +- usrerr(nullserver); ++ usrerr1(nullserver); + } + else + { +@@ -2561,7 +2581,7 @@ + if (response != NULL) + { + /* Can't use ("%s", ...) due to usrerr() requirements */ +- usrerr(response); ++ usrerr1(response); + } + else + { +@@ -3800,7 +3820,7 @@ + #endif + + /* Can't use ("%s", ...) due to usrerr() requirements */ +- usrerr(response); ++ usrerr1(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + { +@@ -3922,7 +3942,7 @@ + (void) extenhsc(response + 4, ' ', e->e_enhsc); + #endif + /* Can't use ("%s", ...) due to usrerr() requirements */ +- usrerr(response); ++ usrerr1(response); + if (strncmp(response, "421 ", 4) == 0 + || strncmp(response, "421-", 4) == 0) + rv = false; diff --git a/sendmail-8.15.2-openssl-1.1.0-fix.patch b/sendmail-8.15.2-openssl-1.1.0-fix.patch new file mode 100644 index 0000000..c0023b1 --- /dev/null +++ b/sendmail-8.15.2-openssl-1.1.0-fix.patch @@ -0,0 +1,183 @@ +--- sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 15:20:59.953546417 +0100 ++++ sendmail-8.15.2.orig/sendmail/tls.c 2016-12-01 17:26:43.868521378 +0100 +@@ -79,7 +79,8 @@ + static DH * + get_dh512() + { +- DH *dh = NULL; ++ DH *dh; ++ BIGNUM *p, *g; + # if MTA_HAVE_DH_set0_pqg + BIGNUM *dhp_bn, *dhg_bn; + # endif +@@ -96,13 +97,23 @@ + return NULL; + } + # else +- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); +- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ++ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ++ if (p == NULL || g == NULL) + { ++ BN_free(p); ++ BN_free(g); + DH_free(dh); + return NULL; + } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + # endif + return dh; + } +@@ -150,6 +161,8 @@ + }; + static unsigned char dh2048_g[]={ 0x02, }; + DH *dh; ++ BIGNUM *p, *g; ++ + # if MTA_HAVE_DH_set0_pqg + BIGNUM *dhp_bn, *dhg_bn; + # endif +@@ -166,13 +179,23 @@ + return NULL; + } + # else +- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); +- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); +- if ((dh->p == NULL) || (dh->g == NULL)) ++ p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ++ g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ++ if (p == NULL || g == NULL) + { ++ BN_free(p); ++ BN_free(g); + DH_free(dh); +- return(NULL); ++ return NULL; + } ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh, p, NULL, g); ++#else ++ dh->p = p; ++ dh->g = g; ++#endif ++ + # endif + return(dh); + } +@@ -929,6 +952,54 @@ + # define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 0 + # endif + ++static RSA * ++generate_rsa_key(bits, e) ++ int bits; ++ unsigned long e; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return RSA_generate_key(bits, e, NULL, NULL); ++#else ++ BIGNUM *bne; ++ RSA *rsa = NULL; ++ ++ bne = BN_new(); ++ if (bne && BN_set_word(bne, e) != 1) ++ rsa = RSA_new(); ++ if (rsa && RSA_generate_key_ex(rsa, bits, bne, NULL) != 1) ++ { ++ RSA_free(rsa); ++ rsa = NULL; ++ } ++ BN_free(bne); ++ return rsa; ++#endif ++} ++ ++static DSA * ++generate_dsa_parameters(bits, seed, seed_len, counter_ret, h_ret) ++ int bits; ++ unsigned char *seed; ++ int seed_len; ++ int *counter_ret; ++ unsigned long *h_ret; ++{ ++#if OPENSSL_VERSION_NUMBER < 0x00908000L ++ return DSA_generate_parameters(bits, seed, seed_len, counter_ret, ++ h_ret, NULL, NULL); ++#else ++ DSA *dsa = DSA_new(); ++ ++ if (dsa && DSA_generate_parameters_ex(dsa, bits, seed, seed_len, ++ counter_ret, h_ret, NULL) != 1) ++ { ++ DSA_free(dsa); ++ dsa = NULL; ++ } ++ return dsa; ++#endif ++} ++ + bool + inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhparam) + SSL_CTX **ctx; +@@ -1183,8 +1254,7 @@ + if (bitset(TLS_I_RSA_TMP, req) + # if SM_CONF_SHM + && ShmId != SM_SHM_NO_ID && +- (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, +- NULL)) == NULL ++ (rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4)) == NULL + # else /* SM_CONF_SHM */ + && 0 /* no shared memory: no need to generate key now */ + # endif /* SM_CONF_SHM */ +@@ -1391,8 +1461,8 @@ + } + # else + /* this takes a while! */ +- dsa = DSA_generate_parameters(bits, NULL, 0, NULL, +- NULL, 0, NULL); ++ dsa = generate_dsa_parameters(bits, NULL, 0, NULL, ++ NULL); + dh = DSA_dup_DH(dsa); + # endif + DSA_free(dsa); +@@ -2081,7 +2151,7 @@ + + if (rsa_tmp != NULL) + RSA_free(rsa_tmp); +- rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); ++ rsa_tmp = generate_rsa_key(RSA_KEYLENGTH, RSA_F4); + if (rsa_tmp == NULL) + { + if (LogLevel > 0) +@@ -2526,12 +2596,21 @@ + SM_GETTLSI; + if (LogLevel > 13) + tls_verify_log(ok, ctx, "X509"); ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ if (X509_STORE_CTX_get_error(ctx) == ++ X509_V_ERR_UNABLE_TO_GET_CRL) ++ { ++ X509_STORE_CTX_set_error(ctx, 0); ++ return 1; /* override it */ ++ } ++#else + if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_CRL && + !SM_TLSI_IS(tlsi_ctx, TLSI_FL_CRLREQ)) + { + X509_STORE_CTX_set_error(ctx, 0); + return 1; /* override it */ + } ++#endif + return ok; + } + diff --git a/sendmail.spec b/sendmail.spec index 663d782..f9ed301 100644 --- a/sendmail.spec +++ b/sendmail.spec @@ -1,6 +1,6 @@ Name: sendmail Version: 8.16.1 -Release: 5 +Release: 6 Summary: A classic mail transfer agent from the Unix world License: Sendmail URL: http://www.sendmail.org/ @@ -21,7 +21,7 @@ Source13: sendmail-etc-mail-local-host-names Source14: sendmail-etc-mail-mailertable Source15: sendmail-etc-mail-trusted-users -BuildRequires: openssl-devel openldap-devel libdb-devel libnsl2-devel +BuildRequires: openssl-devel openldap-devel libnsl2-devel BuildRequires: cyrus-sasl-devel groff ghostscript m4 systemd setup >= 2.5.31-1 BuildRequires: gcc Requires: bash >= 2.0 setup >= 2.5.31-1 %{_sbindir}/saslauthd @@ -47,6 +47,8 @@ Patch0012: sendmail-8.15.2-switchfile.patch Patch0013: sendmail-8.14.8-sasl2-in-etc.patch Patch0014: sendmail-8.16.1-qos.patch Patch0015: sendmail-8.15.2-libmilter-socket-activation.patch +Patch0016: sendmail-8.15.2-openssl-1.1.0-fix.patch +Patch0017: sendmail-8.15.2-format-security.patch %description Sendmail is a general purpose internetwork email routing facility that @@ -95,21 +97,21 @@ cp devtools/M4/UNIX/library.m4 devtools/M4/UNIX/sharedlibrary.m4 export CFLAGS="${RPM_OPT_FLAGS}" cat << EOF > config.m4 -define(\`confMAPDEF', \`-DNEWDB -DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') +define(\`confMAPDEF', \`-DNIS -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1') define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''') -define(\`confLIBS', \`-lnsl -lcrypt -ldb -lresolv') +define(\`confLIBS', \`-lnsl -lcrypt -lresolv') define(\`confSTDIR', \`%{_localstatedir}/log/mail') define(\`confLDOPTS', \`-Xlinker -z -Xlinker relro -Xlinker -z -Xlinker now') define(\`confMANOWN', \`root') define(\`confMANGRP', \`root') -define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0') +define(\`confENVDEF', \`-I/usr/kerberos/include -Wall -DXDEBUG=0') define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}') define(\`confMANMODE', \`644') define(\`confMAN1SRC', \`1') define(\`confMAN5SRC', \`5') define(\`confMAN8SRC', \`8') define(\`STATUS_FILE', \`%{_localstatedir}/log/mail/statistics') -define(\`confLIBSEARCH', \`db resolv 44bsd') +define(\`confLIBSEARCH', \`resolv 44bsd') EOF #' @@ -467,6 +469,12 @@ exit 0 %changelog +* Wed Feb 23 2022 xihaochen - 8.16.1-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:remove libdb dependency + * Thu May 27 2021 lijingyuan - 8.16.1-5 - Type:bugfix - ID:NA