Bug#1009078: Version 8.17.1-2 does not work again

Sun, 12 Jun 2022 06:57:15 -0700 

Hello Andreas,

On Sun, Jun 12, 2022 at 03:13:34PM +0200, Andreas Beckmann wrote:
> On 12/06/2022 09.03, Joerg Dorchain wrote:
> > reopen 1009078 =
> > thanks
> > 
> > Hi,
> > 
> > I am sorry to say that the newly arrived version 8.17.1-2 in testing shows 
> > the same behaviour as the
> > originally reported version 8.16.1-2, no auth mechanisms offered after 
> > starttls.
> > 
> > Downgrading to version 8.17.1-1 helps, though.
> 
> The only relevant difference is that -2 is built against openssl 3 while
> -1 was built against openssl 1.1. Do other distros have patches for
> 8.17.1 and openssl 3?

The freebsd folks have(had) a similiar bug 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263287 and
a patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=233346&action=diff

They say the patch is from sendmail 8.17.1.9. A version of the patch for 
inclusion in the patch subdir
is also attached.

If you could create a package with either the patch applied or from the 
mentioned source version (or
newer) I'd be happy to test.

Bye,

Joerg

--- patch-zsasl2	1970-01-01 01:00:00.000000000 +0100
+++ patch-zsasl2	
@@ -0,0 +1,21 @@ 
+--- sendmail/sendmail.h.orig	2022-04-19 21:07:42 UTC
++++ sendmail/sendmail.h
+@@ -760,7 +760,7 @@ extern bool	filesys_free __P((long));
+ # define SASL_IS_AUTH	2		/* authenticated */
+ 
+ /* SASL options */
+-# define SASL_AUTH_AUTH	0x1000		/* use auth= only if authenticated */
++# define SASL_AUTH_AUTH	0x10000		/* use auth= only if authenticated */
+ # if SASL >= 20101
+ #  define SASL_SEC_MASK	SASL_SEC_MAXIMUM /* mask for SASL_SEC_* values: sasl.h */
+ # else /* SASL >= 20101 */
+@@ -775,6 +775,9 @@ extern bool	filesys_free __P((long));
+ #  endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */
+ # endif /* SASL >= 20101 */
+ # define MAXOUTLEN 8192	/* length of output buffer, should be 2^n */
++# if (SASL_AUTH_AUTH & SASL_SEC_MASK) != 0
++#  ERROR "change SASL_AUTH_AUTH notify sendmail.org!"
++# endif
+ 
+ /* functions */
+ extern char	*intersect __P((char *, char *, SM_RPOOL_T *));

Attachment: signature.asc
Description: PGP signature

Reply via email to