diff --git a/SOURCES/sendmail-8.14.7-add-ec-support.patch b/SOURCES/sendmail-8.14.7-add-ec-support.patch
new file mode 100644
index 0000000..6de9851
--- /dev/null
+++ b/SOURCES/sendmail-8.14.7-add-ec-support.patch
@@ -0,0 +1,32 @@
+diff --git a/sendmail/tls.c b/sendmail/tls.c
+index 60d408e..72da987 100644
+--- a/sendmail/tls.c
++++ b/sendmail/tls.c
+@@ -970,6 +970,9 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ /* Diffie-Hellman initialization */
+ if (bitset(TLS_I_TRY_DH, req))
+ {
++#if _FFR_TLS_EC
++ EC_KEY *ecdh;
++#endif /* _FFR_TLS_EC */
+ if (bitset(TLS_S_DHPAR_OK, status))
+ {
+ BIO *bio;
+@@ -1044,6 +1047,17 @@ inittls(ctx, req, options, srv, certfile, keyfile, cacertpath, cacertfile, dhpar
+ who, 8 * DH_size(dh), *dhparam);
+ DH_free(dh);
+ }
++
++#if _FFR_TLS_EC
++ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++ if (ecdh != NULL)
++ {
++ SSL_CTX_set_options(*ctx, SSL_OP_SINGLE_ECDH_USE);
++ SSL_CTX_set_tmp_ecdh(*ctx, ecdh);
++ EC_KEY_free(ecdh);
++ }
++#endif /* _FFR_TLS_EC */
++
+ }
+ # endif /* !NO_DH */
+
diff --git a/SOURCES/sendmail-8.14.7-client-port.patch b/SOURCES/sendmail-8.14.7-client-port.patch
new file mode 100644
index 0000000..6f3f3f9
--- /dev/null
+++ b/SOURCES/sendmail-8.14.7-client-port.patch
@@ -0,0 +1,20 @@
+diff --git a/sendmail/main.c b/sendmail/main.c
+index 021262c..7769148 100644
+--- a/sendmail/main.c
++++ b/sendmail/main.c
+@@ -2620,13 +2620,13 @@ main(argc, argv, envp)
+ #if NETINET
+ case AF_INET:
+ (void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
+- RealHostAddr.sin.sin_port);
++ ntohs(RealHostAddr.sin.sin_port));
+ break;
+ #endif /* NETINET */
+ #if NETINET6
+ case AF_INET6:
+ (void) sm_snprintf(pbuf, sizeof(pbuf), "%d",
+- RealHostAddr.sin6.sin6_port);
++ ntohs(RealHostAddr.sin6.sin6_port));
+ break;
+ #endif /* NETINET6 */
+ default:
diff --git a/SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch b/SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch
new file mode 100644
index 0000000..47ce904
--- /dev/null
+++ b/SOURCES/sendmail-8.14.7-ipv6-mx-cname-fix.patch
@@ -0,0 +1,88 @@
+--- sendmail-8.14.7/sendmail/conf.c.orig 2015-12-30 14:24:10.000000000 -0800
++++ sendmail-8.14.7/sendmail/conf.c 2015-12-30 14:30:32.000000000 -0800
+@@ -4234,7 +4234,18 @@
+ h = gethostbyname(name);
+ if (!resv6)
+ _res.options &= ~RES_USE_INET6;
+- *err = h_errno;
++
++ /* the function is supposed to return only the requested family */
++ if (h != NULL && h->h_addrtype != family)
++ {
++# if NETINET6
++ freehostent(h);
++# endif /* NETINET6 */
++ h = NULL;
++ *err = NO_DATA;
++ }
++ else
++ *err = h_errno;
+ return h;
+ }
+
+@@ -4363,6 +4374,17 @@
+ }
+ }
+ #endif /* (SOLARIS > 10000 && SOLARIS < 20400) || (defined(SOLARIS) && SOLARIS < 204) || (defined(sony_news) && defined(__svr4)) */
++
++ /* the function is supposed to return only the requested family */
++ if (h != NULL && h->h_addrtype != family)
++ {
++# if NETINET6
++ freehostent(h);
++# endif /* NETINET6 */
++ h = NULL;
++ SM_SET_H_ERRNO(NO_DATA);
++ }
++
+ if (tTd(61, 10))
+ {
+ if (h == NULL)
+@@ -4372,13 +4394,12 @@
+ sm_dprintf("%s\n", h->h_name);
+ if (tTd(61, 11))
+ {
++ struct in_addr ia;
++ size_t i;
+ #if NETINET6
+ struct in6_addr ia6;
+ char buf6[INET6_ADDRSTRLEN];
+-#else /* NETINET6 */
+- struct in_addr ia;
+ #endif /* NETINET6 */
+- size_t i;
+
+ if (h->h_aliases != NULL)
+ for (i = 0; h->h_aliases[i] != NULL;
+@@ -4389,16 +4410,23 @@
+ {
+ char *addr;
+
++ addr = NULL;
+ #if NETINET6
+- memmove(&ia6, h->h_addr_list[i],
+- IN6ADDRSZ);
+- addr = anynet_ntop(&ia6,
+- buf6, sizeof(buf6));
+-#else /* NETINET6 */
+- memmove(&ia, h->h_addr_list[i],
+- INADDRSZ);
+- addr = (char *) inet_ntoa(ia);
++ if (h->h_addrtype == AF_INET6)
++ {
++ memmove(&ia6, h->h_addr_list[i],
++ IN6ADDRSZ);
++ addr = anynet_ntop(&ia6,
++ buf6, sizeof(buf6));
++ }
++ else
+ #endif /* NETINET6 */
++ /* "else" in #if code above */
++ {
++ memmove(&ia, h->h_addr_list[i],
++ INADDRSZ);
++ addr = (char *) inet_ntoa(ia);
++ }
+ if (addr != NULL)
+ sm_dprintf("\taddr: %s\n", addr);
+ }
diff --git a/SOURCES/sendmail-8.14.7-tls11-12-config-options.patch b/SOURCES/sendmail-8.14.7-tls11-12-config-options.patch
new file mode 100644
index 0000000..6cdbc2f
--- /dev/null
+++ b/SOURCES/sendmail-8.14.7-tls11-12-config-options.patch
@@ -0,0 +1,17 @@
+diff --git a/sendmail/readcf.c b/sendmail/readcf.c
+index b749e1f..140f4b0 100644
+--- a/sendmail/readcf.c
++++ b/sendmail/readcf.c
+@@ -2374,6 +2374,12 @@ static struct ssl_options
+ #ifdef SSL_OP_NO_TLSv1
+ { "SSL_OP_NO_TLSv1", SSL_OP_NO_TLSv1 },
+ #endif
++#ifdef SSL_OP_NO_TLSv1_1
++ { "SSL_OP_NO_TLSv1_1", SSL_OP_NO_TLSv1_1 },
++#endif /* SSL_OP_NO_TLSv1_1 */
++#ifdef SSL_OP_NO_TLSv1_2
++ { "SSL_OP_NO_TLSv1_2", SSL_OP_NO_TLSv1_2 },
++#endif /* SSL_OP_NO_TLSv1_2 */
+ #ifdef SSL_OP_PKCS1_CHECK_1
+ { "SSL_OP_PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1 },
+ #endif
diff --git a/SOURCES/sendmail.nm-dispatcher b/SOURCES/sendmail.nm-dispatcher
index 3922a4f..b3122e5 100644
--- a/SOURCES/sendmail.nm-dispatcher
+++ b/SOURCES/sendmail.nm-dispatcher
@@ -2,6 +2,6 @@
case "$2" in
up|down|vpn-up|vpn-down)
- /bin/systemctl try-restart sendmail.service || :
+ /bin/systemctl --no-block try-restart sendmail.service || :
;;
esac
diff --git a/SOURCES/sendmail.service b/SOURCES/sendmail.service
index 1926882..4181a32 100644
--- a/SOURCES/sendmail.service
+++ b/SOURCES/sendmail.service
@@ -6,6 +6,7 @@ Wants=sm-client.service
[Service]
Type=forking
+StartLimitInterval=0
PIDFile=/run/sendmail.pid
Environment=SENDMAIL_OPTS=-q1h
EnvironmentFile=-/etc/sysconfig/sendmail
diff --git a/SOURCES/sm-client.service b/SOURCES/sm-client.service
index df66425..c2f7bf7 100644
--- a/SOURCES/sm-client.service
+++ b/SOURCES/sm-client.service
@@ -6,6 +6,7 @@ BindTo=sendmail.service
[Service]
Type=forking
+StartLimitInterval=0
PIDFile=/run/sm-client.pid
Environment=SENDMAIL_OPTS=-q1h
EnvironmentFile=-/etc/sysconfig/sendmail
diff --git a/SPECS/sendmail.spec b/SPECS/sendmail.spec
index 9b9fd05..0b2e194 100644
--- a/SPECS/sendmail.spec
+++ b/SPECS/sendmail.spec
@@ -26,7 +26,7 @@
Summary: A widely used Mail Transport Agent (MTA)
Name: sendmail
Version: 8.14.7
-Release: 4%{?dist}
+Release: 5%{?dist}
License: Sendmail
Group: System Environment/Daemons
URL: http://www.sendmail.org/
@@ -100,6 +100,18 @@ Patch23: sendmail-8.14.4-sasl2-in-etc.patch
# add QoS support, patch from Philip Prindeville <philipp@fedoraproject.org>
# upstream reserved option ID 0xe7 for testing of this new feature, #576643
Patch25: sendmail-8.14.7-qos.patch
+# add support for EC ciphers, #1124827
+Patch26: sendmail-8.14.7-add-ec-support.patch
+# properly set {client_port} value on little endian machines,
+# patch by Kelsey Cumminngs <kgc@corp.sonic.net>
+Patch27: sendmail-8.14.7-client-port.patch
+# add support for config options disabling TLS 1.1/2
+# patch backported from upstream
+Patch28: sendmail-8.14.7-tls11-12-config-options.patch
+# fix for IPv6 enabled server to correctly send mails to servers which
+# have MX record pointing to the CNAME
+# patch backported from upstream
+Patch29: sendmail-8.14.7-ipv6-mx-cname-fix.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcp_wrappers-devel
BuildRequires: libdb-devel
@@ -221,6 +233,10 @@ cp devtools/M4/UNIX/{,shared}library.m4
%patch22 -p1 -b .libdb5
%patch23 -p1 -b .sasl2-in-etc
%patch25 -p1 -b .qos
+%patch26 -p1 -b .ec-support
+%patch27 -p1 -b .client-port
+%patch28 -p1 -b .tls11-12-config-options
+%patch29 -p1 -b .ipv6-mx-cname-fix
for f in RELEASE_NOTES contrib/etrn.0; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@@ -234,7 +250,7 @@ sed -i 's|/usr/local/bin/perl|%{_bindir}/perl|' contrib/*.pl
cat > redhat.config.m4 << EOF
define(\`confMAPDEF', \`-DNEWDB -DNIS -DHESIOD -DMAP_REGEX -DSOCKETMAP -DNAMED_BIND=1')
define(\`confOPTIMIZE', \`\`\`\`${RPM_OPT_FLAGS}'''')
-define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0 -DTCPWRAPPERS -DNETINET6 -DHES_GETMAILHOST -DUSE_VENDOR_CF_PATH=1 -D_FFR_TLS_1 -D_FFR_LINUX_MHNL -D_FFR_QOS')
+define(\`confENVDEF', \`-I%{_includedir}/libdb -I/usr/kerberos/include -Wall -DXDEBUG=0 -DTCPWRAPPERS -DNETINET6 -DHES_GETMAILHOST -DUSE_VENDOR_CF_PATH=1 -D_FFR_TLS_1 -D_FFR_LINUX_MHNL -D_FFR_QOS -D_FFR_TLS_EC')
define(\`confLIBDIRS', \`-L/usr/kerberos/%{_lib}')
define(\`confLIBS', \`-lnsl -lwrap -lhesiod -lcrypt -ldb -lresolv %{?relro:%{relro}}')
define(\`confMANOWN', \`root')
@@ -297,7 +313,7 @@ APPENDDEF(\`confLIBS', \`-lldap -llber -lssl -lcrypto')dnl
EOF
%endif
-DIRS="libsmutil sendmail mailstats rmail praliases smrsh makemap"
+DIRS="libsmutil sendmail mailstats rmail praliases smrsh makemap editmap"
%if "%{with_milter}" == "yes"
DIRS="libmilter $DIRS"
@@ -359,6 +375,7 @@ Make force-install -C $OBJDIR/rmail
Make install -C $OBJDIR/praliases
Make install -C $OBJDIR/smrsh
Make install -C $OBJDIR/makemap
+Make install -C $OBJDIR/editmap
# replace absolute with relative symlinks
ln -sf ../sbin/makemap %{buildroot}%{_bindir}/makemap
@@ -429,6 +446,8 @@ done
touch %{buildroot}%{maildir}/aliasesdb-stamp
+touch %{buildroot}%{spooldir}/clientmqueue/sm-client.st
+
install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/sendmail
install -p -m 755 %{SOURCE9} %{buildroot}%{_initrddir}/sendmail
install -p -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail
@@ -443,7 +462,7 @@ install -m644 %{SOURCE1} %{buildroot}%{_unitdir}
install -m644 %{SOURCE7} %{buildroot}%{_unitdir}
# fix permissions to allow debuginfo extraction and stripping
-chmod 755 %{buildroot}%{_sbindir}/{mailstats,makemap,praliases,sendmail,smrsh}
+chmod 755 %{buildroot}%{_sbindir}/{mailstats,makemap,editmap,praliases,sendmail,smrsh}
chmod 755 %{buildroot}%{_bindir}/rmail
%if "%{with_sasl2}" == "yes"
@@ -460,6 +479,10 @@ sed -i -e 's:%{maildir}/statistics:%{stdir}/statistics:' %{buildroot}%{_mandir}/
# rename files for alternative usage
mv %{buildroot}%{_sbindir}/sendmail %{buildroot}%{_sbindir}/sendmail.sendmail
touch %{buildroot}%{_sbindir}/sendmail
+mv %{buildroot}%{_sbindir}/makemap %{buildroot}%{_sbindir}/makemap.sendmail
+touch %{buildroot}%{_sbindir}/makemap
+mv %{buildroot}%{_sbindir}/editmap %{buildroot}%{_sbindir}/editmap.sendmail
+touch %{buildroot}%{_sbindir}/editmap
for i in mailq newaliases rmail; do
mv %{buildroot}%{_bindir}/$i %{buildroot}%{_bindir}/$i.sendmail
touch %{buildroot}%{_bindir}/$i
@@ -474,6 +497,10 @@ mv %{buildroot}%{_mandir}/man8/sendmail.8 %{buildroot}%{_mandir}/man8/sendmail.s
touch %{buildroot}%{_mandir}/man8/sendmail.8
mv %{buildroot}%{_mandir}/man8/rmail.8 %{buildroot}%{_mandir}/man8/rmail.sendmail.8
touch %{buildroot}%{_mandir}/man8/rmail.8
+mv %{buildroot}%{_mandir}/man8/makemap.8 %{buildroot}%{_mandir}/man8/makemap.sendmail.8
+touch %{buildroot}%{_mandir}/man8/makemap.8
+mv %{buildroot}%{_mandir}/man8/editmap.8 %{buildroot}%{_mandir}/man8/editmap.sendmail.8
+touch %{buildroot}%{_mandir}/man8/editmap.8
touch %{buildroot}/usr/lib/sendmail
touch %{buildroot}%{_sysconfdir}/pam.d/smtp
@@ -497,6 +524,11 @@ getent group smmsp >/dev/null || \
getent passwd smmsp >/dev/null || \
%{_sbindir}/useradd -u 51 -g smmsp -d %{spooldir}/mqueue -r \
-s %{smshell} smmsp >/dev/null 2>&1
+
+# hack to turn sbin/makemap and man8/makemap.8.gz into alternatives symlink
+[ -h %{_sbindir}/makemap ] || rm -f %{_sbindir}/makemap || :
+[ -h %{_mandir}/man8/makemap.8.gz ] || rm -f %{_mandir}/man8/makemap.8.gz || :
+
exit 0
%postun
@@ -514,6 +546,8 @@ exit 0
# Set up the alternatives files for MTAs.
%{_sbindir}/alternatives --install %{_sbindir}/sendmail mta %{_sbindir}/sendmail.sendmail 90 \
+ --slave %{_sbindir}/makemap mta-makemap %{_sbindir}/makemap.sendmail \
+ --slave %{_sbindir}/editmap mta-editmap %{_sbindir}/editmap.sendmail \
--slave %{_bindir}/mailq mta-mailq %{_bindir}/mailq.sendmail \
--slave %{_bindir}/newaliases mta-newaliases %{_bindir}/newaliases.sendmail \
--slave %{_bindir}/rmail mta-rmail %{_bindir}/rmail.sendmail \
@@ -524,6 +558,8 @@ exit 0
--slave %{_mandir}/man1/newaliases.1.gz mta-newaliasesman %{_mandir}/man1/newaliases.sendmail.1.gz \
--slave %{_mandir}/man5/aliases.5.gz mta-aliasesman %{_mandir}/man5/aliases.sendmail.5.gz \
--slave %{_mandir}/man8/rmail.8.gz mta-rmailman %{_mandir}/man8/rmail.sendmail.8.gz \
+ --slave %{_mandir}/man8/makemap.8.gz mta-makemapman %{_mandir}/man8/makemap.sendmail.8.gz \
+ --slave %{_mandir}/man8/editmap.8.gz mta-editmapman %{_mandir}/man8/editmap.sendmail.8.gz \
--initscript sendmail > /dev/null 2>&1
# Rebuild maps.
@@ -541,6 +577,14 @@ exit 0
%{_libdir}/sasl2/Sendmail.conf ] && mv -f %{_libdir}/sasl2/Sendmail.conf \
%{_sysconfdir}/sasl2 2>/dev/null || :
%endif
+
+# Create sm-client.st if it doesn't exist
+if [ ! -f %{spooldir}/clientmqueue/sm-client.st ]; then
+ touch %{spooldir}/clientmqueue/sm-client.st
+ chown smmsp:smmsp %{spooldir}/clientmqueue/sm-client.st
+ chmod 0660 %{spooldir}/clientmqueue/sm-client.st
+fi
+
exit 0
%preun
@@ -593,7 +637,8 @@ fi
%{_bindir}/makemap
%{_bindir}/purgestat
%{_sbindir}/mailstats
-%{_sbindir}/makemap
+%{_sbindir}/makemap.sendmail
+%{_sbindir}/editmap.sendmail
%{_sbindir}/praliases
%attr(2755,root,smmsp) %{_sbindir}/sendmail.sendmail
%{_bindir}/rmail.sendmail
@@ -605,7 +650,8 @@ fi
%{_mandir}/man8/rmail.sendmail.8.gz
%{_mandir}/man8/praliases.8.gz
%{_mandir}/man8/mailstats.8.gz
-%{_mandir}/man8/makemap.8.gz
+%{_mandir}/man8/makemap.sendmail.8.gz
+%{_mandir}/man8/editmap.sendmail.8.gz
%{_mandir}/man8/sendmail.sendmail.8.gz
%{_mandir}/man8/smrsh.8.gz
%{_mandir}/man8/hoststat.8.gz
@@ -616,6 +662,8 @@ fi
# dummy attributes for rpmlint
%ghost %attr(0755,-,-) %{_sbindir}/sendmail
+%ghost %attr(0755,-,-) %{_sbindir}/makemap
+%ghost %attr(0755,-,-) %{_sbindir}/editmap
%ghost %attr(0755,-,-) %{_bindir}/mailq
%ghost %attr(0755,-,-) %{_bindir}/newaliases
%ghost %attr(0755,-,-) %{_bindir}/rmail
@@ -627,6 +675,8 @@ fi
%ghost %{_mandir}/man1/newaliases.1.gz
%ghost %{_mandir}/man5/aliases.5.gz
%ghost %{_mandir}/man8/rmail.8.gz
+%ghost %{_mandir}/man8/makemap.8.gz
+%ghost %{_mandir}/man8/editmap.8.gz
%dir %{stdir}
%dir %{_sysconfdir}/smrsh
@@ -655,6 +705,8 @@ fi
%ghost %{maildir}/domaintable.db
%ghost %{maildir}/mailertable.db
+%ghost %{spooldir}/clientmqueue/sm-client.st
+
%{_unitdir}/sendmail.service
%{_unitdir}/sm-client.service
%config(noreplace) %{_sysconfdir}/sysconfig/sendmail
@@ -709,6 +761,32 @@ fi
%{_initrddir}/sendmail
%changelog
+* Thu Mar 23 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 8.14.7-5
+- Explicitly enabled sm-client statistics
+ Resolves: rhbz#890585
+- Enable ECDHE support
+ Resolves: rhbz#1124827
+- Properly set {client_port} value on little endian machines,
+ patch by Kelsey Cumminngs <kgc@corp.sonic.net>
+ Resolves: rhbz#1210914
+- Added makemap and its manual page into alternatives
+ Resolves: rhbz#1225891
+- Modified nm-dispatcher script to asynchronously restart sendmail and
+ not block the connection activation
+ Resolves: rhbz#1237070
+- Added config options allowing disablement of TLS 1.1/2
+ Resolves: rhbz#1281476
+- Fixed problem with e-mails not sending from IPv6 enabled server
+ to servers with MX record pointing to CNAME
+ Resolves: rhbz#1294870
+- Added editmap
+ Resolves: rhbz#1342393
+- Removed systemd limit for sendmail restarts to workaround failure due to
+ rapid restarts caused by NetworkManager dispatcher script
+ Resolves: rhbz#1395102
+- Fixed op.pdf
+ Resolves: rhbz#1401070
+
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 8.14.7-4
- Mass rebuild 2014-01-24