Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

I was attacked by dselect as a small child and have since avoided debian. -- Andrew Morton


computers / comp.mail.sendmail / Re: sendmail snapshot 8.18.0.2

SubjectAuthor
* sendmail snapshot 8.18.0.2Claus Aßmann
`* Re: sendmail snapshot 8.18.0.2Alex H
 +* Re: sendmail snapshot 8.18.0.2Alex H
 |`* Re: sendmail snapshot 8.18.0.2Claus Aßmann
 | `- Re: sendmail snapshot 8.18.0.2HQuest
 +* Re: sendmail snapshot 8.18.0.2Claus Aßmann
 |`* Re: sendmail snapshot 8.18.0.2Jan Sørensen
 | `- Re: OpenSSL 3: deprecated functions: DH*Claus Aßmann
 `* Re: sendmail snapshot 8.18.0.2Claus Aßmann
  `- Re: sendmail snapshot 8.18.0.2HQuest

1
sendmail snapshot 8.18.0.2

<ulslg6$pds$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=889&group=comp.mail.sendmail#889

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: sendmail snapshot 8.18.0.2
Date: Tue, 19 Dec 2023 12:56:22 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <ulslg6$pds$1@news.misty.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 19 Dec 2023 17:56:22 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="26044"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Tue, 19 Dec 2023 17:56 UTC

sendmail snapshot 8.18.0.2 is available for testing. It offers the
new srv_features option 'o' to require CR LF . CR LF as end of an
SMTP message and fixes parsing of UTF8 addresses when
SMTPUTF8 BODY=3D7BIT are used as parameters for the MAIL command.

SHA256 (sendmail.8.18.0.2.tar.gz) =3D b8f64c67f94dc6ff0f65498636f8f90b794e58ded15a05650a98115167b60773
SHA256 (sendmail.8.18.0.2.tar.gz.sig) =3D 95c3f2845f0d099d6e2d4662f73a0e1afe83f028b69e3c62a9fdf12bbdaccdec

Available at:
https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz
https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz.sig

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: sendmail snapshot 8.18.0.2

<dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=890&group=comp.mail.sendmail#890

 copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:a05:6214:ac2:b0:67f:2899:4857 with SMTP id g2-20020a0562140ac200b0067f28994857mr970703qvi.10.1703010319612;
Tue, 19 Dec 2023 10:25:19 -0800 (PST)
X-Received: by 2002:a05:622a:182a:b0:427:5c6d:ebe0 with SMTP id
t42-20020a05622a182a00b004275c6debe0mr494442qtc.9.1703010319327; Tue, 19 Dec
2023 10:25:19 -0800 (PST)
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fdn.fr!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Tue, 19 Dec 2023 10:25:18 -0800 (PST)
In-Reply-To: <ulslg6$pds$1@news.misty.com>
Injection-Info: google-groups.googlegroups.com; posting-host=74.103.45.242; posting-account=Ql-QGQoAAAAKArkTQ9b8iVcz0j7SpopW
NNTP-Posting-Host: 74.103.45.242
References: <ulslg6$pds$1@news.misty.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>
Subject: Re: sendmail snapshot 8.18.0.2
From: hqu...@gmail.com (Alex H)
Injection-Date: Tue, 19 Dec 2023 18:25:19 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
 by: Alex H - Tue, 19 Dec 2023 18:25 UTC

FYI - not sure you want to add a check against OpenSSL 3.2.0 and disable DANE, or let us to remove DANE for the time being until this is fixed. Plus, a few deprecations here and there.

cc -M -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DMILTER main.c alias.c arpadate.c bf.c collect.c conf.c control.c convtime.c daemon.c deliver.c domain.c envelope.c err.c headers.c macro.c map.c mci.c milter.c mime.c parseaddr.c queue.c ratectrl.c readcf.c recipient.c sasl.c savemail.c sched.c sfsasl.c shmticklib.c sm_resolve.c srvrsmtp.c stab.c stats.c sysexits.c timers.c tlsh.c tls.c trace.c udb.c usersmtp.c util.c version.c >> Makefile
tls.c:33:4: error: #error OpenSSL 3.2.0 has a bug related to DANE
33 | # error OpenSSL 3.2.0 has a bug related to DANE
| ^~~~~
tls.c:34:4: error: #error see https:
34 | # error see https://github.com/openssl/openssl/pull/22821
| ^~~~~
make[1]: *** [Makefile:403: depend] Error 1

cc -O2 -fPIC -DDANE -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DMILTER -c -o readcf.o readcf.c
readcf.c:2821:24: warning: RES_AAONLY is deprecated
2821 | { "aaonly", RES_AAONLY },
| ^~~~~~~~~~~~~~~~~~~~~~~
readcf.c:2823:20: warning: RES_PRIMARY is deprecated
2823 | { "primary", RES_PRIMARY },
| ^~~~~~~~~~~~~~~~~~~~~~~

cc -O2 -fPIC -DDANE -I. -I../../include -DNEWDB -DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOCKETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS -DMILTER -c -o tls.o tls.c
tls.c:33:4: error: #error OpenSSL 3.2.0 has a bug related to DANE
33 | # error OpenSSL 3.2.0 has a bug related to DANE
| ^~~~~
tls.c:34:4: error: #error see https:
34 | # error see https://github.com/openssl/openssl/pull/22821
| ^~~~~
tls.c: In function ‘get_dh512’:
tls.c:114:9: warning: ‘DH_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
114 | if ((dh = DH_new()) == NULL)
| ^~
In file included from /usr/include/openssl/dsa.h:31,
from /usr/include/openssl/x509.h:37,
from /usr/include/openssl/ssl.h:32,
from ./sendmail.h:43,
from tls.c:11:
/usr/include/openssl/dh.h:206:27: note: declared here
206 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
tls.c:119:9: warning: ‘DH_set0_pqg’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
119 | if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
| ^~
/usr/include/openssl/dh.h:262:27: note: declared here
262 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
| ^~~~~~~~~~~
tls.c:120:17: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
120 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:207:28: note: declared here
207 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c: In function ‘get_dh2048’:
tls.c:184:9: warning: ‘DH_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
184 | if ((dh=DH_new()) == NULL)
| ^~
/usr/include/openssl/dh.h:206:27: note: declared here
206 | OSSL_DEPRECATEDIN_3_0 DH *DH_new(void);
| ^~~~~~
tls.c:189:9: warning: ‘DH_set0_pqg’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
189 | if (dhp_bn == NULL || dhg_bn == NULL || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
| ^~
/usr/include/openssl/dh.h:262:27: note: declared here
262 | OSSL_DEPRECATEDIN_3_0 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
| ^~~~~~~~~~~
tls.c:190:17: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
190 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:207:28: note: declared here
207 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c: In function ‘inittls’:
tls.c:1400:33: warning: ‘PEM_read_bio_DHparams’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1400 | dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
| ^~
In file included from /usr/include/openssl/ssl.h:37:
/usr/include/openssl/pem.h:473:1: note: declared here
473 | DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, DHparams, DH)
| ^~~~~~~~~~~~~~~~~~~
tls.c:1441:25: warning: ‘DSA_new’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1441 | dsa = DSA_new();
| ^~~
/usr/include/openssl/dsa.h:130:28: note: declared here
130 | OSSL_DEPRECATEDIN_3_0 DSA *DSA_new(void);
| ^~~~~~~
tls.c:1444:33: warning: ‘DSA_generate_parameters_ex’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1444 | r = DSA_generate_parameters_ex(dsa, bits, NULL,
| ^
/usr/include/openssl/dsa.h:172:27: note: declared here
172 | OSSL_DEPRECATEDIN_3_0 int DSA_generate_parameters_ex(DSA *dsa, int bits,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
tls.c:1447:41: warning: ‘DSA_dup_DH’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1447 | dh = DSA_dup_DH(dsa);
| ^~
/usr/include/openssl/dsa.h:203:27: note: declared here
203 | OSSL_DEPRECATEDIN_3_0 DH *DSA_dup_DH(const DSA *r);
| ^~~~~~~~~~
tls.c:1455:25: warning: ‘DSA_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1455 | DSA_free(dsa);
| ^~~~~~~~
/usr/include/openssl/dsa.h:132:28: note: declared here
132 | OSSL_DEPRECATEDIN_3_0 void DSA_free(DSA *r);
| ^~~~~~~~
tls.c:1493:43: warning: ‘DH_size’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1493 | who, 8 * DH_size(dh), *dhparam);
| ^~~
/usr/include/openssl/dh.h:210:27: note: declared here
210 | OSSL_DEPRECATEDIN_3_0 int DH_size(const DH *dh);
| ^~~~~~~
tls.c:1494:25: warning: ‘DH_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1494 | DH_free(dh);
| ^~~~~~~
/usr/include/openssl/dh.h:207:28: note: declared here
207 | OSSL_DEPRECATEDIN_3_0 void DH_free(DH *dh);
| ^~~~~~~
tls.c:1501:17: warning: ‘EC_KEY_new_by_curve_name’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1501 | ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
| ^~~~
In file included from /usr/include/openssl/x509.h:33:
/usr/include/openssl/ec.h:1017:31: note: declared here
1017 | OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_by_curve_name(int nid);
| ^~~~~~~~~~~~~~~~~~~~~~~~
tls.c:1506:25: warning: ‘EC_KEY_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
1506 | EC_KEY_free(ecdh);
| ^~~~~~~~~~~
/usr/include/openssl/ec.h:1022:28: note: declared here
1022 | OSSL_DEPRECATEDIN_3_0 void EC_KEY_free(EC_KEY *key);
| ^~~~~~~~~~~
tls.c: In function ‘tlslogerr’:
tls.c:2917:9: warning: ‘ERR_get_error_line_data’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
2917 | while ((l = MTA_SSL_ERR_get((const char **) &file, &line,
| ^~~~~
In file included from tls.c:16:
/usr/include/openssl/err.h:425:15: note: declared here
425 | unsigned long ERR_get_error_line_data(const char **file, int *line,
| ^~~~~~~~~~~~~~~~~~~~~~~
tls.c: In function ‘TLS_set_engine’:
tls.c:3010:9: warning: ‘ENGINE_load_builtin_engines’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3010 | ENGINE_load_builtin_engines();
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tls.c:22:
/usr/include/openssl/engine.h:358:28: note: declared here
358 | OSSL_DEPRECATEDIN_3_0 void ENGINE_load_builtin_engines(void);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
tls.c:3014:17: warning: ‘ENGINE_by_id’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3014 | if ((e = ENGINE_by_id("dynamic")) == NULL)
| ^~
/usr/include/openssl/engine.h:336:31: note: declared here
336 | OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
| ^~~~~~~~~~~~
tls.c:3024:17: warning: ‘ENGINE_ctrl_cmd_string’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3024 | if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", enginepath, 0))
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
| ^~~~~~~~~~~~~~~~~~~~~~
tls.c:3033:17: warning: ‘ENGINE_ctrl_cmd_string’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3033 | if (!ENGINE_ctrl_cmd_string(e, "ID", id, 0))
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
| ^~~~~~~~~~~~~~~~~~~~~~
tls.c:3041:17: warning: ‘ENGINE_ctrl_cmd_string’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3041 | if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
| ^~
/usr/include/openssl/engine.h:479:5: note: declared here
479 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
| ^~~~~~~~~~~~~~~~~~~~~~
tls.c:3049:9: warning: ‘ENGINE_by_id’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3049 | else if ((e = ENGINE_by_id(id)) == NULL)
| ^~~~
/usr/include/openssl/engine.h:336:31: note: declared here
336 | OSSL_DEPRECATEDIN_3_0 ENGINE *ENGINE_by_id(const char *id);
| ^~~~~~~~~~~~
tls.c:3057:9: warning: ‘ENGINE_init’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3057 | if (!ENGINE_init(e))
| ^~
/usr/include/openssl/engine.h:620:27: note: declared here
620 | OSSL_DEPRECATEDIN_3_0 int ENGINE_init(ENGINE *e);
| ^~~~~~~~~~~
tls.c:3063:9: warning: ‘ENGINE_set_default’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3063 | if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
| ^~
/usr/include/openssl/engine.h:708:27: note: declared here
708 | OSSL_DEPRECATEDIN_3_0 int ENGINE_set_default(ENGINE *e, unsigned int flags);
| ^~~~~~~~~~~~~~~~~~
tls.c:3072:17: warning: ‘ENGINE_ctrl’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3072 | ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
| ^~~~~~~~~~~
/usr/include/openssl/engine.h:429:27: note: declared here
429 | OSSL_DEPRECATEDIN_3_0 int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p,
| ^~~~~~~~~~~
tls.c:3076:9: warning: ‘ENGINE_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3076 | ENGINE_free(e);
| ^~~~~~~~~~~
/usr/include/openssl/engine.h:493:27: note: declared here
493 | OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e);
| ^~~~~~~~~~~
tls.c:3085:17: warning: ‘ENGINE_free’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
3085 | ENGINE_free(e);
| ^~~~~~~~~~~
/usr/include/openssl/engine.h:493:27: note: declared here
493 | OSSL_DEPRECATEDIN_3_0 int ENGINE_free(ENGINE *e);
| ^~~~~~~~~~~
make[1]: *** [<builtin>: tls.o] Error 1
make[1]: Leaving directory '/tmp/sendmail-8.18.0.2/obj.Linux.6.1.66.x86_64/sendmail'


Click here to read the complete article
Re: sendmail snapshot 8.18.0.2

<60a78798-ded6-4f3e-a73a-0ec21b8aa4a2n@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=891&group=comp.mail.sendmail#891

 copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:a05:6214:202f:b0:67f:27b6:9ba8 with SMTP id 15-20020a056214202f00b0067f27b69ba8mr1089551qvf.3.1703011257556;
Tue, 19 Dec 2023 10:40:57 -0800 (PST)
X-Received: by 2002:a05:620a:31aa:b0:77b:c0ee:2d3e with SMTP id
bi42-20020a05620a31aa00b0077bc0ee2d3emr248678qkb.10.1703011257362; Tue, 19
Dec 2023 10:40:57 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!border-2.nntp.ord.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Tue, 19 Dec 2023 10:40:57 -0800 (PST)
In-Reply-To: <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=74.103.45.242; posting-account=Ql-QGQoAAAAKArkTQ9b8iVcz0j7SpopW
NNTP-Posting-Host: 74.103.45.242
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <60a78798-ded6-4f3e-a73a-0ec21b8aa4a2n@googlegroups.com>
Subject: Re: sendmail snapshot 8.18.0.2
From: hqu...@gmail.com (Alex H)
Injection-Date: Tue, 19 Dec 2023 18:40:57 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 6
 by: Alex H - Tue, 19 Dec 2023 18:40 UTC

.... or maybe add this to the Known bugs and/or to the Release notes files. While I see you reported this DANE bug to the OpenSSL team, there is no mention about this version limitation on sendmail supporting files. Since it looks like they put the fix into the master tree, guess I'll be downloading the current OpenSSL tree and praying nothing else gets broken - assuming I can compile sendmail with the -master version and it pass your version check.

Re: sendmail snapshot 8.18.0.2

<ulv410$oeq$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=893&group=comp.mail.sendmail#893

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: sendmail snapshot 8.18.0.2
Date: Wed, 20 Dec 2023 11:16:32 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <ulv410$oeq$1@news.misty.com>
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 20 Dec 2023 16:16:32 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="25050"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 20 Dec 2023 16:16 UTC

Alex H wrote:
> FYI - not sure you want to add a check against OpenSSL 3.2.0 and disable
> DANE, or let us to remove DANE for the time being until this is fixed.

Just use OpenSSL 3.0.x instead for DANE support until OpenSSL fixes
their stuff (1 committer + 3 reviewers - and still such common error).

> DH_new is deprecated: Since OpenSSL 3.0

-DNO_DH

> 2917 | while ((l = MTA_SSL_ERR_get((const char **) &file, &line,

Try
-DHAVE_ERR_get_error_all
?

> 3010 | ENGINE_load_builtin_engines();

-DUSE_OPENSSL_ENGINE=0
or
-DOPENSSL_NO_ENGINE

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: sendmail snapshot 8.18.0.2

<ulv8m0$uhs$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=894&group=comp.mail.sendmail#894

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: sendmail snapshot 8.18.0.2
Date: Wed, 20 Dec 2023 12:36:00 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <ulv8m0$uhs$1@news.misty.com>
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com> <60a78798-ded6-4f3e-a73a-0ec21b8aa4a2n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 20 Dec 2023 17:36:00 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="31292"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Wed, 20 Dec 2023 17:36 UTC

Alex H wrote:
> ... or maybe add this to the Known bugs and/or to the Release notes

8.18.1/8.18.1 202X/XX/XX
OpenSSL version 3.0.x is supported. Note: OpenSSL 3 loads by
....

Neither OpenSSL 3.1 nor 3.2 are mentioned as supported (yet),
which means they may or may not work...

> is no mention about this version limitation on sendmail supporting

Nobody reads the documentation... but a compilation error
is hard to ignore :-)

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: sendmail snapshot 8.18.0.2

<7638d164b43689c0d29a3c9b74ef153d@news.novabbs.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=896&group=comp.mail.sendmail#896

 copy link   Newsgroups: comp.mail.sendmail
Date: Thu, 21 Dec 2023 13:44:11 +0000
Subject: Re: sendmail snapshot 8.18.0.2
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on novalink.us
From: hqu...@hquest.pro.br (HQuest)
Newsgroups: comp.mail.sendmail
X-Rslight-Site: $2y$10$GqZ05KVqNHiAsGYDlOJx5On0iGGzBfjZibytT5f1NHgdO2tIZlt0m
X-Rslight-Posting-User: 0a150940d9dd42a0cd99369fff2a0e83cb21abec
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
User-Agent: Rocksolid Light
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com> <60a78798-ded6-4f3e-a73a-0ec21b8aa4a2n@googlegroups.com> <ulv8m0$uhs$1@news.misty.com>
Organization: novaBBS
Message-ID: <7638d164b43689c0d29a3c9b74ef153d@news.novabbs.com>
 by: HQuest - Thu, 21 Dec 2023 13:44 UTC

Well, I'm the exception then since I usually read it (had my hand slapped by you once), and while I see where you are coming from official vs unofficial support, the Release notes are slightly confusing:

8.18.1/8.18.1 202X/XX/XX
Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
are used
OpenSSL version 3.0.x is supported.

If DANE support is provided via OpenSSL 3.x (!= 3.0.x), I would think 3.2 would too be supported - even though the line below says version 3.0.x is supported and with the fact previous versions up to 8.18.0.Alpha3 did compile against OpenSSL 3.2 with no errors (just the usual DH deprecation warnings). I suppose this error via the DANE bug you reported was added just in time for this snapshot. Anyhow, thanks to the magic of containers, I managed to get OpenSSL v3.3.0-dev deployed, compiled 8.18.0.2 against it, and during the first 24h, things look absolutely fine so far. However, I'm just a small fish so surely large-scale tests are necessary. Appreciate all you do, and happy holiday season.

Re: sendmail snapshot 8.18.0.2

<um1h2j$mu7$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=897&group=comp.mail.sendmail#897

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!1.us.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: sendmail snapshot 8.18.0.2
Date: Thu, 21 Dec 2023 09:11:31 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <um1h2j$mu7$1@news.misty.com>
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 21 Dec 2023 14:11:31 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="23495"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Thu, 21 Dec 2023 14:11 UTC

Alex H wrote:
> Plus, a few deprecations here and there.

Which configuration options do you use for OpenSSL 3.2?
I'm trying to reproduce this locally.

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

Re: sendmail snapshot 8.18.0.2

<4dac3fd5fd57580d6ae164c0ab80d09c@news.novabbs.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=898&group=comp.mail.sendmail#898

 copy link   Newsgroups: comp.mail.sendmail
Date: Thu, 21 Dec 2023 14:32:18 +0000
Subject: Re: sendmail snapshot 8.18.0.2
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on novalink.us
From: hqu...@hquest.pro.br (HQuest)
Newsgroups: comp.mail.sendmail
X-Rslight-Site: $2y$10$vlpCBSB5kwCx3DR6JMQwIewODD2jo4GUnKk1bO0uJXX79zmeD/3sS
X-Rslight-Posting-User: 0a150940d9dd42a0cd99369fff2a0e83cb21abec
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
User-Agent: Rocksolid Light
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com> <um1h2j$mu7$1@news.misty.com>
Organization: novaBBS
Message-ID: <4dac3fd5fd57580d6ae164c0ab80d09c@news.novabbs.com>
 by: HQuest - Thu, 21 Dec 2023 14:32 UTC

OpenSSL 3.2 settings are the default ones from Slackware -current. Pat builds it as of below. I reused it with the git clone of yesterday's 3.3.0-dev tree.

./config
--prefix=/usr
--openssldir=/etc/ssl
zlib
enable-camellia
enable-seed
enable-rfc3779
enable-cms
enable-md2
enable-rc5
enable-ssl3
enable-ssl3-method
no-weak-ssl-ciphers
no-mdc2
no-ec2m
no-sm2
no-sm4
no-sse2
shared

On the sendmail side, my site.config.m4 looks like

APPENDDEF(`confMAPDEF', `-DNEWDB')
APPENDDEF(`confLIBS', `-lnsl -lssl -lcrypto -lsasl2 -lwrap -lm -ldb -lresolv -licuuc -licui18n -licudata')
APPENDDEF(`conf_libmilter_ENVDEF', `-DMILTER')
APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
APPENDDEF(`confENVDEF', `-DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOC
KETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS')dnl

Re: sendmail snapshot 8.18.0.2

<841694f4-0bf3-46bf-9a67-0f9b15c640b0n@googlegroups.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=910&group=comp.mail.sendmail#910

 copy link   Newsgroups: comp.mail.sendmail
X-Received: by 2002:a37:e316:0:b0:783:dbc:38d5 with SMTP id y22-20020a37e316000000b007830dbc38d5mr3qki.11.1704449807175;
Fri, 05 Jan 2024 02:16:47 -0800 (PST)
X-Received: by 2002:a05:620a:1909:b0:781:5a79:ee0f with SMTP id
bj9-20020a05620a190900b007815a79ee0fmr89774qkb.8.1704449806991; Fri, 05 Jan
2024 02:16:46 -0800 (PST)
Path: i2pn2.org!i2pn.org!nntp.comgw.net!weretis.net!feeder8.news.weretis.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mail.sendmail
Date: Fri, 5 Jan 2024 02:16:46 -0800 (PST)
In-Reply-To: <ulv410$oeq$1@news.misty.com>
Injection-Info: google-groups.googlegroups.com; posting-host=2a06:4000:8076:3:0:0:0:4444;
posting-account=npPChwoAAAAO2LaXAmYRL0XiKTYqjO1P
NNTP-Posting-Host: 2a06:4000:8076:3:0:0:0:4444
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com>
<ulv410$oeq$1@news.misty.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <841694f4-0bf3-46bf-9a67-0f9b15c640b0n@googlegroups.com>
Subject: Re: sendmail snapshot 8.18.0.2
From: bistruph...@gmail.com (Jan Sørensen)
Injection-Date: Fri, 05 Jan 2024 10:16:47 +0000
Content-Type: text/plain; charset="UTF-8"
 by: Jan Sørensen - Fri, 5 Jan 2024 10:16 UTC

> > DH_new is deprecated: Since OpenSSL 3.0
> -DNO_DH

I gives me

conf.c:6040:4: error: #error "NO_DH disables TLS_EC"
6040 | # error "NO_DH disables TLS_EC"

Re: OpenSSL 3: deprecated functions: DH*

<un9c7b$9ep$1@news.misty.com>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=911&group=comp.mail.sendmail#911

 copy link   Newsgroups: comp.mail.sendmail
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!.POSTED.veps.esmtp.org!not-for-mail
From: INVALID_...@esmtp.org (Claus Aßmann)
Newsgroups: comp.mail.sendmail
Subject: Re: OpenSSL 3: deprecated functions: DH*
Date: Fri, 5 Jan 2024 11:54:03 -0500 (EST)
Organization: MGT Consulting
Sender: <ml+sendmail(-no-copies-please)@esmtp.org>
Message-ID: <un9c7b$9ep$1@news.misty.com>
References: <ulslg6$pds$1@news.misty.com> <dd4871d6-8a61-4893-861a-6bd428bbccfcn@googlegroups.com> <ulv410$oeq$1@news.misty.com> <841694f4-0bf3-46bf-9a67-0f9b15c640b0n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Injection-Date: Fri, 5 Jan 2024 16:54:03 -0000 (UTC)
Injection-Info: news.misty.com; posting-host="veps.esmtp.org:155.138.203.148";
logging-data="9689"; mail-complaints-to="abuse@misty.com"
Mail-Copies-To: never
X-Newsreader: trn 4.0-test77 (Sep 1, 2010)
Originator: ca@x2.esmtp.org (Claus Assmann)
 by: Claus Aßmann - Fri, 5 Jan 2024 16:54 UTC

Jan Sørensen wrote:

> > > DH_new is deprecated: Since OpenSSL 3.0
> > -DNO_DH

> I gives me

> conf.c:6040:4: error: #error "NO_DH disables TLS_EC"
> 6040 | # error "NO_DH disables TLS_EC"

You use -DTLS_EC, right?
Currently the code for TLS_EC is not independent of the DH code,
so you have to use DH + EC or neither -- until someone writes
a patch to "separate" those two features...

--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor