Bug#1086178: sendmail: FEATURE(`sts') fails to validate some SANs, causing temp rejects
Package: sendmail
Version: 8.17.1.9-2+deb12u2
Followup-For: Bug #1086178
Control: tags -1 upstream patch
The attached patch fixes this issue for me. It has been submitted
upstream to sendmail- (at) support.sendmail.org. Don't know if
patches sent to address is tracked anywhere.
BjÃrn
From a43bb19d2f26267f7098a114edc2c191f45e4286 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Mork?=
Date: Tue, 29 Oct 2024 12:17:04 +0100
Subject: [PATCH] cf: fix wildcard handling in STS_SAN rule
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
MXes with wildcard certificates would be rejected with a bogus
"not listed in SANs" error. Fix by rewriting the MX hostname
to its wildcard alternative, and then reattempt the SAN class
match.
Link:
https://www.novabbs.com/computers/article-flat.php?id=1120&group=comp.mail.sendmail
Signed-off-by: Bjørn Mork
---
cf/m4/proto.m4 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cf/m4/proto.m4 b/cf/m4/proto.m4
index ff7eb0bedc2a..d143b42fbae9 100644
--- a/cf/m4/proto.m4
+++ b/cf/m4/proto.m4
@@ -2748,9 +2748,9 @@ R$* $: $&{server_name}
dnl exact match
R$={cert_altnames} $@ ok
# strip only one level (no recursion!)
-R$-.$+ $: $2
+R$-.$+ $: *.$2
dnl wildcard: *. or just .?
-R *.$={cert_altnames} $@ ok
+R$={cert_altnames} $@ ok
dnl R .$={cert_altnames} $@ ok
dnl always temporary error? make it an option (of the feature)?
R$*$#error $@ 4.7.0 $: 450 $&{server_name} not listed in
SANs', `dnl')
--
2.39.5
Processed: Re: sendmail: FEATURE(`sts') fails to validate some SANs, causing temp rejects
Processing control commands: > tags -1 upstream patch Bug #1086178 [sendmail] sendmail: FEATURE(`sts') fails to validate some SANs, causing temp rejects Added tag(s) upstream and patch. -- 1086178: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086178 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1086290: log4c: FTBFS: psnup: page width and height must be set
Package: src:log4c Version: 1.2.4-4 Severity: serious Tags: ftbfs Dear maintainer: During a rebuild of all packages in unstable, your package failed to build: [...] debian/rules build dh build dh_update_autotools_config dh_autoreconf autoreconf: warning: autoconf input should be named 'configure.ac', not 'configure.in' aclocal: warning: autoconf input should be named 'configure.ac', not 'configure.in' libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'config'. libtoolize: copying file 'config/ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'config'. libtoolize: copying file 'config/libtool.m4' libtoolize: copying file 'config/ltoptions.m4' libtoolize: copying file 'config/ltsugar.m4' libtoolize: copying file 'config/ltversion.m4' libtoolize: copying file 'config/lt~obsolete.m4' [... snipped ...] (/usr/share/texlive/texmf-dist/tex/latex/tools/verbatim.sty) (/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty (/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg) (/usr/share/texlive/texmf-dist/tex/latex/graphics-def/dvips.def) (/usr/share/texlive/texmf-dist/tex/latex/graphics/mathcolor.ltx)) (/usr/share/texlive/texmf-dist/tex/latex/colortbl/colortbl.sty) (./longtable_doxygen.sty) (./tabu_doxygen.sty (/usr/share/texlive/texmf-dist/tex/latex/varwidth/varwidth.sty)) (/usr/share/texlive/texmf-dist/tex/latex/fancyvrb/fancyvrb.sty (/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty)) (/usr/share/texlive/texmf-dist/tex/latex/tools/tabularx.sty) (/usr/share/texlive/texmf-dist/tex/latex/tools/multicol.sty) (/usr/share/texlive/texmf-dist/tex/latex/multirow/multirow.sty) (/usr/share/texlive/texmf-dist/tex/latex/hanging/hanging.sty) (/usr/share/texlive/texmf-dist/tex/generic/iftex/ifpdf.sty (/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty)) (/usr/share/texlive/texmf-dist/tex/latex/adjustbox/adjustbox.sty (/usr/share/texlive/texmf-dist/tex/latex/xkeyval/xkeyval.sty (/usr/share/texlive/texmf-dist/tex/generic/xkeyval/xkeyval.tex (/usr/share/texlive/texmf-dist/tex/generic/xkeyval/xkvutils.tex))) (/usr/share/texlive/texmf-dist/tex/latex/adjustbox/adjcalc.sty) (/usr/share/texlive/texmf-dist/tex/latex/adjustbox/trimclip.sty (/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty (/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty (/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty) (/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/graphics.cfg))) (/usr/share/texlive/texmf-dist/tex/latex/collectbox/collectbox.sty) (/usr/share/texlive/texmf-dist/tex/latex/adjustbox/tc-dvips.def)) (/usr/share/texlive/texmf-dist/tex/latex/ifoddpage/ifoddpage.sty)) (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amssymb.sty (/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amsfonts.sty)) (/usr/share/texlive/texmf-dist/tex/latex/stackengine/stackengine.sty (/usr/share/texlive/texmf-dist/tex/latex/etoolbox/etoolbox.sty) (/usr/share/texlive/texmf-dist/tex/generic/listofitems/listofitems.sty (/usr/share/texlive/texmf-dist/tex/generic/listofitems/listofitems.tex))) (/usr/share/texlive/texmf-dist/tex/latex/enumitem/enumitem.sty) (/usr/share/texlive/texmf-dist/tex/generic/alphalph/alphalph.sty (/usr/share/texlive/texmf-dist/tex/generic/intcalc/intcalc.sty)) (/usr/share/texlive/texmf-dist/tex/generic/ulem/ulem.sty)) (/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty) (/usr/share/texlive/texmf-dist/tex/latex/base/makeidx.sty) (/usr/share/texlive/texmf-dist/tex/latex/base/textcomp.sty) (/usr/share/texlive/texmf-dist/tex/latex/wasysym/wasysym.sty) (/usr/share/texlive/texmf-dist/tex/generic/iftex/ifxetex.sty) (/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty) (/usr/share/texlive/texmf-dist/tex/latex/psnfss/helvet.sty) (/usr/share/texlive/texmf-dist/tex/latex/psnfss/courier.sty) (/usr/share/texlive/texmf-dist/tex/latex/geometry/geometry.sty (/usr/share/texlive/texmf-dist/tex/generic/iftex/ifvtex.sty)) (/usr/share/texlive/texmf-dist/tex/latex/changepage/changepage.sty) (/usr/share/texlive/texmf-dist/tex/latex/fancyhdr/fancyhdr.sty) (/usr/share/texlive/texmf-dist/tex/latex/natbib/natbib.sty) (/usr/share/texlive/texmf-dist/tex/latex/tocloft/tocloft.sty) Writing index file refman.idx (/usr/share/texlive/texmf-dist/tex/latex/newunicodechar/newunicodechar.sty) (/usr/share/texlive/texmf-dist/tex/latex/caption/caption.sty (/usr/share/texlive/texmf-dist/tex/latex/caption/caption3.sty) (/usr/share/texlive/texmf-dist/tex/latex/caption/ltcaption.sty)) (/usr/share/texlive/texmf-dist/tex/latex/etoc/etoc.sty (/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty (/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty) (/usr/share/texlive/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty))) (/usr/share/texlive/texmf-dist/tex/latex/psnfss/t1phv.fd) (/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-dvips.def) (./refman.aux) *geometry* driver: auto-detecting *
Bug#1086304: neatvnc: FTBFS: ../src/h264-encoder.c:550:58: error: ‘AVFilterLink’ has no member named ‘hw_frames_ctx’
Package: src:neatvnc Version: 0.8.0+dfsg-2 Severity: serious Tags: ftbfs Dear maintainer: During a rebuild of all packages in unstable, your package failed to build: [...] debian/rules binary dh binary dh_update_autotools_config dh_autoreconf debian/rules override_dh_auto_configure make[1]: Entering directory '/<>' dh_auto_configure -- \ -Dtests=true \ cd obj-x86_64-linux-gnu && DEB_PYTHON_INSTALL_LAYOUT=deb LC_ALL=C.UTF-8 meson setup .. --wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=lib/x86_64-linux-gnu -Dpython.bytecompile=-1 -Dtests=true The Meson build system Version: 1.6.0 Source dir: /<> Build dir: /<>/obj-x86_64-linux-gnu Build type: native build Project name: neatvnc Project version: 0.8.0 C compiler for the host machine: cc (gcc 14.2.0 "cc (Debian 14.2.0-7) 14.2.0") C linker for the host machine: cc ld.bfd 2.43.1 Host machine cpu family: x86_64 Host machine cpu: x86_64 Program git found: NO Found pkg-config: YES (/usr/bin/pkg-config) 1.8.1 Run-time dependency libdrm found: YES 2.4.123 Library m found: YES Run-time dependency pixman-1 found: YES 0.42.2 Run-time dependency libturbojpeg found: YES 2.1.5 Run-time dependency gnutls found: YES 3.8.6 Run-time dependency nettle found: YES 3.10 Run-time dependency hogweed found: YES 3.10 Run-time dependency gmp found: YES 6.3.0 Run-time dependency zlib found: YES 1.3.1 Run-time dependency gbm found: YES 24.2.4-1 Dependency libdrm found: YES 2.4.123 (cached) Run-time dependency libavcodec found: YES 61.19.100 Run-time dependency libavfilter found: YES 10.4.100 Run-time dependency libavutil found: YES 59.39.100 Neither a subproject directory nor a aml.wrap file was found. Subproject aml is buildable: NO (disabling) Run-time dependency aml found: YES 0.3.0 Configuring config.h using configuration Build targets in project: 3 neatvnc 0.8.0 Subprojects aml : NO Neither a subproject directory nor a aml.wrap file was found. User defined options buildtype : plain libdir: lib/x86_64-linux-gnu localstatedir : /var prefix: /usr python.bytecompile: -1 sysconfdir: /etc tests : true wrap_mode : nodownload Found ninja-1.12.1 at /usr/bin/ninja make[1]: Leaving directory '/<>' dh_auto_build cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 ninja -j1 -v [1/39] cc -Ilibneatvnc.so.0.0.0.p -I. -I.. -I../include -I/usr/include/pixman-1 -I/usr/include/libdrm -I/usr/include/p11-kit-1 -I/usr/include/x86_64-linux-gnu -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 '-DPROJECT_VERSION="0.8.0"' -D_GNU_SOURCE -fvisibility=hidden -DAML_UNSTABLE_API=1 -Wmissing-prototypes -Wno-unused-parameter -Wno-format-truncation -DNDEBUG -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ libneatvnc.so.0.0.0.p/src_server.c.o -MF libneatvnc.so.0.0.0.p/src_server.c.o.d -o libneatvnc.so.0.0.0.p/src_server.c.o -c ../src/server.c [2/39] cc -Ilibneatvnc.so.0.0.0.p -I. -I.. -I../include -I/usr/include/pixman-1 -I/usr/include/libdrm -I/usr/include/p11-kit-1 -I/usr/include/x86_64-linux-gnu -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 '-DPROJECT_VERSION="0.8.0"' -D_GNU_SOURCE -fvisibility=hidden -DAML_UNSTABLE_API=1 -Wmissing-prototypes -Wno-unused-parameter -Wno-format-truncation -DNDEBUG -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ libneatvnc.so.0.0.0.p/src_vec.c.o -MF libneatvnc.so.0.0.0.p/src_vec.c.o.d -o libneatvnc.so.0.0.0.p/src_vec.c.o -c ../src/vec.c [3/39] cc -Ilibneatvnc.so.0.0.0.p -I. -I.. -I../include -I/usr/include/pixman-1 -I/usr/include/libdrm -I/usr/include/p11-kit-1 -I/usr/include/x86_64-linux-gnu -fdiagnostics-color=always -D_FILE_OFFSET_BITS=64 -Wall -Winvalid-pch -Wextra -std=gnu11 '-DPROJECT_VERSION="0.8.0"' -D_GNU_SOURCE -fvisibility=hidden -DAML_UNSTABLE_API=1 -Wmissing-prototypes -Wno-unused-parameter -Wno-format-truncation -DNDEBUG -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -MD -MQ libneatvnc.so.0.0.0.p/src_zrle.c.o -MF libneatvnc.so.0.0.0.p/src_zrle.c.o.d -o libneatvnc.so.0.0.0.p/src_zrle.c.o -c ../src/zrle.c ../src/zrle.c: In function ‘zrle_encoder_do_work’: ../src/zrle.c:338:13: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable] 338 | int rc;
Bug#1086301: RM: mathtex -- RoQA; orphaned, dead upstream, open security issues
Package: ftp.debian.org Severity: normal Tags: security X-Debbugs-Cc: math...@packages.debian.org, Debian Security Team Control: affects -1 + src:mathtex User: ftp.debian@packages.debian.org Usertags: remove Please remove mathtex. It's dead upstream and there are open security issues. Cheers, Moritz
