Here's the patch:
<qmail-rm-cname.patch>
diff -rNu qmailqmt/dns.c qmailqmt-new/dns.c
--- qmailqmt/dns.c 2018-01-21 09:03:56.201694493 -0700
+++ qmailqmt-new/dns.c 2018-01-21 09:06:40.696619489 -0700
@@ -249,32 +249,7 @@
int dns_cname(sa)
stralloc *sa;
{
- int r;
- int loop;
- for (loop = 0;loop < 10;++loop)
- {
- if (!sa->len) return loop;
- if (sa->s[sa->len - 1] == ']') return loop;
- if (sa->s[sa->len - 1] == '.') { --sa->len; continue; }
- switch(resolve(sa,T_CNAME))
- {
- case DNS_MEM: return DNS_MEM;
- case DNS_SOFT: return DNS_SOFT;
- case DNS_HARD: return loop;
- default:
- while ((r = findname(T_CNAME)) != 2)
- {
- if (r == DNS_SOFT) return DNS_SOFT;
- if (r == 1)
- {
- if (!stralloc_copys(sa,name)) return DNS_MEM;
- break;
- }
- }
- if (r == 2) return loop;
- }
- }
- return DNS_HARD; /* alias loop */
+ return 0;
}
#define FMT_IAA 40
</qmail-rm-cname.patch>
On 6/29/2018 9:01 AM, Brian Ghidinelli wrote:
My guess is: get both source RPMs, extract both spec files, diff my spec
against .22 and then apply those changes to .23 and follow the rest of the
steps?
I don’t remember what I changed in the spec file, or if that even mattered, but
that would give you what is needed to replicate for .23 I believe.
Brian
On Jun 29, 2018, at 03:51, Peter Peltonen <peter.pelto...@gmail.com> wrote:
Great, thanks for sharing!
One question:
Eric had produced an RPM for qmail 1.03-1.3.23.i386 with the CNAME
lookups removed.
Yours is 1.03-1.3.22 and with CNAME lookups enabled I assume.
How would one migrate the changes you did to Eric's version, as I
would like to have both: newer TLS support + CNAME lookups removed?
Best,
Peter
On Fri, Jun 29, 2018 at 10:34 AM, Eric Broch <ebr...@whitehorsetc.com> wrote:
Thanks, Brian!!!
On 6/29/2018 1:32 AM, Brian Ghidinelli wrote:
Good news - I seemed to have solved this. It's a combo of these old notes
from 2011 and an upgraded openssl:
http://www.ghidinelli.com/2011/10/20/october-qmail-follow-up
I'm attaching my modified qmail-toaster.spec from 1.3.21. I installed
openssl-1.0.2o from source on CentOS 5 and linked:
/usr/include/openssl -> /usr/local/ssl/include/openssl/
Then I rebuilt the RPM:
rpmbuild -bb --target i686 --with cnt50
/usr/src/redhat/SPECS/qmail-toaster.spec
This generated the RPM. I extracted the files:
rpm2cpio qmail-toaster-1.03-1.3.22.i686.rpm | cpio -idmv
I backed up my existing qmail-smtpd and qmail-remote.orig, and copied
the new binaries over (from /usr/src/redhat/RPMS/i686/var/qmail/bin
where cpio extracted them to)
And then tested with checktls.com and everything shows TLS 1.2 now. *whew*
This buys us a little time to complete a migration. Hope this helps someone
else!
Brian
On 6/27/18 09:09, Eric Broch wrote:
Have a look at this thread:
https://www.mail-archive.com/qmailtoaster-list@qmailtoaster.com/msg41029.html
IMHO, there were to many packages that were dependent on openssl-9.8 on the
CentOS 5 box to make this practical.
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
--
Eric Broch
White Horse Technical Consulting (WHTC)
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
