opendkim-2.11.0-bp155.3.15

- Add fix-RSA_sign-call.patch
  * Fix bsc#1216117
  * Fix call of RSA sign on big endian systems, patch origin:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012506

- Added hardening to systemd service (bsc#1181400). Added patch:
  * harden_opendkim.service.patch
  Modified:
  * opendkim.service

- Add cve-2020-12272.patch (CVE-2020-12272)
  * Confirm that the value of "d=" is properly formed, fixed
    upstream in commit 14d54524e0a97d3fe9b80441907d7e356c9ded04
- Add unbound-fix.patch
  * Plug memory leak in Unbound callback
    https://github.com/trusteddomainproject/OpenDKIM/pull/57

- add opendkim to Group unbound to be able to read TrustAnchorFile
- add postfix to Group opendkim to be able to read/write to opendkim.sock
- add %{_sysconfdir}/%{name}/keys dir
- change /var/run to /run wherever used
- rework opendkim-2.9.2_default_config.patch and renamed it to
  opendkim-default_config.patch

- Fix usage of %{_libexecdir} when %{_tmpfilesdir} was meant to be
  used.

- opendkim calls openssl, make sure the command is there

- Use systemd_ordering instead of systemd_requires for container
- Update to opendkim 2.11.0-Beta2
  - Add support for ED25519 keys
  - Add compatibility with openssl-1.1.0
  - Feature request #190: Reject signature object requests
    where the domain name or selector includes non-printable
    characters.
  - Feature requrest #187: Add option to match subdomains when
    generating zone files.
  - Many bug fixes
  - Obsoletes opendkim.ticket35+37.patch
- Disable erlang, new erlang version seems to miss required files

- https://src.fedoraproject.org/rpms/opendkim/raw/master/f/opendkim.ticket35+37.patch
  allow building on newer distros (openssl 1.1 support)

- fix the previous change:
  source files got added but the renumbering was not applied to the
  reference to the source files -> signature file was installed as
  services file

- Applied spec-cleaner to spec file
- Removed conditionals around %license macro
- Used OpenPGP signature provided upstream
- Added opendkim.keyring containing the key used to sign official
  releases.

- enable DNSSEC support (requires unbound library)
  ATTENTION: The file /var/lib/unbound/root.key must be readable by
  user opendkim, which is not the fact for older unbound packages

- Remove some idempotent %if blocks.

- Implemented shared-library-packaging-policy
  * Splitted shared libraries
- Some spec file cleanup
- Splitted autobuild and miltertest programs into own subpackages

- require main package from devel package
- fix conditional for sql support. it was mixed with sql and
  opendkim_sql
- make RRD support optional pulls a lot of things.
- use correct license for the sendmail part

- update to 2.10.3
  - LIBOPENDKIM: Make strict header checking non-destructive. The
    last change to this code resulted in failing signatures.
    Reported by Pedro Morales and Wez Furlong.
- changes from 2.10.2
  - Fix bug #221: Report a DKIM result of "policy" if
    MinimumKeyBits or UnprotectedKey cause the signature to result
    in a "pass" override.  Reported by Kurt Roeckx.
  - Fix bug #227: Revert removal of SenderHeaders configuration
    setting.  Document that it is now limited to signature
    selection.
  - LIBOPENDKIM: Fix bug #226: Deal with header fields that are
    wrapped before there's any content.  Reported by Alessandro
    Vesely.
  - CONTRIB: Update to contrib/systemd/opendkim.service.in from
    Steve Jenkins.
- refreshed opendkim-2.9.2_default_config.patch to apply cleanly
  again

- cleanup build requires

- update to 2.10.1
  Make DB_SIGNINGTABLE symbol available in Lua scripts.  Problem noted
    by Klaus Heinrich.
  Fix bug #214: Handle arbitrarily large From: fields.  Reported by
    Tomohiko Sasaki.
  LIBOPENDKIM: Fix bug #213: Remove "dkim_default_senderhdrs" from
    dkim.h.  Problem noted by Daniel J. Luke.
  LIBOPENDKIM: Fix bug #219: Unresolved CNAMEs are not failures,
    according to the DNS (see RFC6604), so report them as
    NXDOMAIN or similar.  Reported by Alessandro Vesely.
- changes from 2.10.0
  Feature request #182: Remove "AddAllSignatureResults".  All signature
    results will now be added via Authentication-Results header
    fields.  Requested by Tomki Camp.
  Feature request #180: Rename "LDAPSoftStart" to "SoftStart" and apply
    it to SQL connections as well.  Requested by Daniel Kauffman.
  Feature request #179: Add "IgnoreMalformedMail" option.
  Fix bug #183: Discontinue support for ADSP.  This removes the
    following configuration file items:
    AddAllSignatureResults  LocalADSP
    ADSPAction    NoDiscardableMailTo
    ADSPNoSuchDomain  On-PolicyError
    BogusPolicy   SendADSPReports
    DisableADSP   SenderHeaders
    LDAPSoftStart   UnprotectedPolicy
  Make "rrvs" and "smime" recognized Authentication-Results methods.
  LIBOPENDKIM: Feature request #157: Add dkim_mail_parse_multi().
    Suggested by Alessandro Vesely.
  LIBOPENDKIM: Feature request #185: Add dkim_set_dnssec().  Patch
    from Alec Peterson.
  LIBOPENDKIM: Fix bug #183: Discontinue support for ADSP.  This
    means all of the following:
  - the dkim_policy_t type has been removed
  - the DKIM_POLICY_* constants have been removed
  - the DKIM_PRESULT_* constants have been removed
  - passing DKIM_OPTS_SENDERHDRS to dkim_options() now
    results in an error
  - the DKIM_PSTATE structure has been removed
  - all of the following functions have been removed:
    dkim_policy(), dkim_policy_dnssec(),
    dkim_policy_getqueries(), dkim_policy_getreportinfo(),
    dkim_policy_state_free(), dkim_policy_state_new(),
    dkim_policy_syntax(), dkim_getpolicystr(),
    dkim_getpresult(), dkim_getpresultstr(),
    dkim_set_policy_lookup(), dkim_test_adsp()
  LIBOPENDKIM: DKIM_LIBFLAGS_STRICTHDRS now also confirms syntactical
    validity of the From field before proceeding with a signing or
    verifying operation.  Suggested by Wez Furlong.
  CONTRIB: Fix bug #207: Clean up the "stats" directory.
  CONTRIB: Add "repute" directory which could eventually replace the
    PHP implementation.  Submitted by Daniel Black.
  CONTRIB: Patches to systemd and init/redhat from Steve Jenkins.
- changes from 2.9.3
  Fix bug #177: Plug leaking "result" structures when OpenLDAP is in use.
  Truncate configuration file lines at carriage return.
  Replace overlapping strlcpy() with memmove() in dkim_get_key_file().
    Reported by Daniel J. Luke.
  Patch #32: Re-arrange the execution logic to drop privileges in
    proper order.
  LIBOPENDKIM: dkim_header() is now a lot more strict about the input
    it will accept (see RFC5322 Section 2.2).
  LIBOPENDKIM: Tighten relaxed modes to break on only DKIM-defined
    whitespace characters.  Problem noted by Elizabeth Zwicky.
  LIBOPENDKIM: Fix bug #208: If a signature fails to verify for either
    reason (header hash mismatched or body hash mismatched), set
    DKIM_SIGERROR_BADSIG so that Authentication-Results doesn't
    report a failure with "no signature error".
  TOOLS: Feature request #178: Add "-F" flag to opendkim-genzone so
    records are created with the FQDN.  Patch from Andreas Schulze.
  REPUTATION: Handle parameters safely in repute.php.  Reported by
    Daniel Black.
- refreshed patches to apply cleanly again:
  opendkim-2.9.2_compiler_warnings.patch
  opendkim-2.9.2_default_config.patch
- use the correct signal for reloading the config
- make sure that all the buildrequires we added are actually used
  by adding the needed --with-* options

- more work on integration with the distribution
  - added init system support (systemd,sysvinit)
  - adapt the default config to change some defaults
    new patch: opendkim-2.9.2_default_config.patch
- a few more buildrequires:
  libevent-devel, tre-devel, unbound-devel, erlang

- initial package