Bug#1009078: Version 8.17.1-2 does not work again

To: Andreas Beckmann <anbe@debian.org>
Cc: 1009078@bugs.debian.org
Subject: Bug#1009078: Version 8.17.1-2 does not work again
From: Joerg Dorchain <joerg@dorchain.net>
Date: Sun, 12 Jun 2022 15:53:12 +0200
Message-id: <[🔎] 20220612135312.m5baym2dlrlwa57r@Redstar.dorchain.net>
Reply-to: Joerg Dorchain <joerg@dorchain.net>, 1009078@bugs.debian.org
In-reply-to: <[🔎] 6abef03c-07d5-1c5c-ec4e-9149b3f82294@debian.org>
References: <20220407001557.zin3mosizehplyqj@Redstar.dorchain.net> <[🔎] 20220612070352.76ngkezpxgbfeewf@Redstar.dorchain.net> <[🔎] 6abef03c-07d5-1c5c-ec4e-9149b3f82294@debian.org> <20220407001557.zin3mosizehplyqj@Redstar.dorchain.net>

Hello Andreas,

On Sun, Jun 12, 2022 at 03:13:34PM +0200, Andreas Beckmann wrote:
> On 12/06/2022 09.03, Joerg Dorchain wrote:
> > reopen 1009078 =
> > thanks
> > 
> > Hi,
> > 
> > I am sorry to say that the newly arrived version 8.17.1-2 in testing shows the same behaviour as the
> > originally reported version 8.16.1-2, no auth mechanisms offered after starttls.
> > 
> > Downgrading to version 8.17.1-1 helps, though.
> 
> The only relevant difference is that -2 is built against openssl 3 while
> -1 was built against openssl 1.1. Do other distros have patches for
> 8.17.1 and openssl 3?

The freebsd folks have(had) a similiar bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263287 and
a patch https://bugs.freebsd.org/bugzilla/attachment.cgi?id=233346&action=diff

They say the patch is from sendmail 8.17.1.9. A version of the patch for inclusion in the patch subdir
is also attached.

If you could create a package with either the patch applied or from the mentioned source version (or
newer) I'd be happy to test.

Bye,

Joerg

--- patch-zsasl2	1970-01-01 01:00:00.000000000 +0100
+++ patch-zsasl2	
@@ -0,0 +1,21 @@ 
+--- sendmail/sendmail.h.orig	2022-04-19 21:07:42 UTC
++++ sendmail/sendmail.h
+@@ -760,7 +760,7 @@ extern bool	filesys_free __P((long));
+ # define SASL_IS_AUTH	2		/* authenticated */
+ 
+ /* SASL options */
+-# define SASL_AUTH_AUTH	0x1000		/* use auth= only if authenticated */
++# define SASL_AUTH_AUTH	0x10000		/* use auth= only if authenticated */
+ # if SASL >= 20101
+ #  define SASL_SEC_MASK	SASL_SEC_MAXIMUM /* mask for SASL_SEC_* values: sasl.h */
+ # else /* SASL >= 20101 */
+@@ -775,6 +775,9 @@ extern bool	filesys_free __P((long));
+ #  endif /* SASL_SEC_NOPLAINTEXT & SASL_SEC_MASK) == 0 ... */
+ # endif /* SASL >= 20101 */
+ # define MAXOUTLEN 8192	/* length of output buffer, should be 2^n */
++# if (SASL_AUTH_AUTH & SASL_SEC_MASK) != 0
++#  ERROR "change SASL_AUTH_AUTH notify sendmail.org!"
++# endif
+ 
+ /* functions */
+ extern char	*intersect __P((char *, char *, SM_RPOOL_T *));

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#1009078: Version 8.17.1-2 does not work again
  - From: Joerg Dorchain <joerg@dorchain.net>

References:
- Bug#1009078: Version 8.17.1-2 does not work again
  - From: Joerg Dorchain <joerg@dorchain.net>
- Bug#1009078: Version 8.17.1-2 does not work again
  - From: Andreas Beckmann <anbe@debian.org>

Prev by Date: Bug#954884: marked as done (Please make autopkgtests cross-test-friendly)
Next by Date: Bug#1009078: marked as done (sasl auth via saslauthd does not work anymore)
Previous by thread: Bug#1009078: Version 8.17.1-2 does not work again
Next by thread: Bug#1009078: Version 8.17.1-2 does not work again
Index(es):
- Date
- Thread