My guess is: get both source RPMs, extract both spec files, diff my spec against .22 and then apply those changes to .23 and follow the rest of the steps?
I don’t remember what I changed in the spec file, or if that even mattered, but that would give you what is needed to replicate for .23 I believe. Brian > On Jun 29, 2018, at 03:51, Peter Peltonen <peter.pelto...@gmail.com> wrote: > > Great, thanks for sharing! > > One question: > > Eric had produced an RPM for qmail 1.03-1.3.23.i386 with the CNAME > lookups removed. > > Yours is 1.03-1.3.22 and with CNAME lookups enabled I assume. > > How would one migrate the changes you did to Eric's version, as I > would like to have both: newer TLS support + CNAME lookups removed? > > Best, > Peter > >> On Fri, Jun 29, 2018 at 10:34 AM, Eric Broch <ebr...@whitehorsetc.com> wrote: >> Thanks, Brian!!! >> >> >> On 6/29/2018 1:32 AM, Brian Ghidinelli wrote: >> >> Good news - I seemed to have solved this. It's a combo of these old notes >> from 2011 and an upgraded openssl: >> >> http://www.ghidinelli.com/2011/10/20/october-qmail-follow-up >> >> I'm attaching my modified qmail-toaster.spec from 1.3.21. I installed >> openssl-1.0.2o from source on CentOS 5 and linked: >> >> /usr/include/openssl -> /usr/local/ssl/include/openssl/ >> >> Then I rebuilt the RPM: >> >> rpmbuild -bb --target i686 --with cnt50 >> /usr/src/redhat/SPECS/qmail-toaster.spec >> >> This generated the RPM. I extracted the files: >> >> rpm2cpio qmail-toaster-1.03-1.3.22.i686.rpm | cpio -idmv >> >> I backed up my existing qmail-smtpd and qmail-remote.orig, and copied >> the new binaries over (from /usr/src/redhat/RPMS/i686/var/qmail/bin >> where cpio extracted them to) >> >> And then tested with checktls.com and everything shows TLS 1.2 now. *whew* >> >> This buys us a little time to complete a migration. Hope this helps someone >> else! >> >> >> Brian >> >> >> On 6/27/18 09:09, Eric Broch wrote: >> >> Have a look at this thread: >> >> https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41029.html >> >> IMHO, there were to many packages that were dependent on openssl-9.8 on the >> CentOS 5 box to make this practical. >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> >> -- >> Eric Broch >> White Horse Technical Consulting (WHTC) > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
