Merge branch 'master' into epel8

4 files changed, 1025 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..a8b620b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,27 @@
+/opendkim-2.4.2.tar.gz
+/opendkim-2.6.7.tar.gz
+/opendkim-2.7.1.tar.gz
+/opendkim-2.7.2.tar.gz
+/opendkim-2.7.3.tar.gz
+/opendkim-2.7.4.tar.gz
+/opendkim-2.8.0.tar.gz
+/opendkim-libdb.patch
+/opendkim-2.8.1.tar.gz
+/opendkim-2.8.2.tar.gz
+/opendkim-2.8.3.tar.gz
+/opendkim-2.8.4.tar.gz
+/opendkim-2.9.0.tar.gz
+<<<<<<< HEAD
+=======
+/opendkim.add-user-group.patch
+>>>>>>> origin/master
+/opendkim-2.9.2.tar.gz
+/opendkim.autocreate-keys-no.patch
+/opendkim.keygen-permissions.patch
+/opendkim.systemd-no-default-genkey.patch
+/opendkim-2.10.1.tar.gz
+/opendkim.init.patch
+/opendkim-2.10.2.tar.gz
+/opendkim-2.10.3.tar.gz
+/opendkim.ticket226.patch
+/opendkim-2.11.0.Alpha0.tar.gz
diff --git a/opendkim.spec b/opendkim.spec
new file mode 100644
index 0000000..d58ae0b
--- /dev/null
+++ b/opendkim.spec
@@ -0,0 +1,824 @@
+%global systemd (0%{?fedora} >= 18) || (0%{?rhel} >= 7)
+%global upname OpenDKIM
+%global bigname OPENDKIM
+
+Summary: A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
+Name: opendkim
+Version: 2.11.0
+Release: 0.9%{?dist}
+License: BSD and Sendmail
+URL: http://%{name}.org/
+Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.Alpha0.tar.gz
+
+# https://sourceforge.net/p/opendkim/patches/35/
+# https://sourceforge.net/p/opendkim/patches/37/
+# Patches rediffed and combined (both modify configure)
+Patch0: %{name}.ticket35+37.patch
+
+# Required for all versions
+Requires: lib%{name}%{?_isa} = %{version}-%{release}
+BuildRequires: openssl-devel, libtool, pkgconfig, libbsd, libbsd-devel, opendbx-devel
+Requires(pre): shadow-utils
+
+%if %systemd
+# Required for systemd
+%{?systemd_requires}
+BuildRequires: systemd
+BuildRequires: libdb-devel, libmemcached-devel
+%else
+# Required for SysV
+Requires(post): chkconfig
+Requires(preun): chkconfig, initscripts
+Requires(postun): initscripts
+BuildRequires: db4-devel
+%endif
+
+# sendmail-devel renamed for F26+
+%if 0%{?fedora} > 25
+BuildRequires: sendmail-milter-devel
+%else
+BuildRequires: sendmail-devel
+%endif
+
+%if 0%{?rhel} == 5
+Requires(post): policycoreutils
+%else
+BuildRequires: openldap-devel
+%endif
+
+
+%description
+%{upname} allows signing and/or verification of email through an open source
+library that implements the DKIM service, plus a milter-based filter
+application that can plug in to any milter-aware MTA, including sendmail,
+Postfix, or any other MTA that supports the milter protocol.
+
+%package -n lib%{name}
+Summary: An open source DKIM library
+Obsoletes: %{name}-sysvinit < 2.10.1-5
+
+%description -n lib%{name}
+This package contains the library files required for running services built
+using libopendkim.
+
+%package -n lib%{name}-devel
+Summary: Development files for lib%{name}
+Requires: lib%{name}%{?_isa} = %{version}-%{release}
+
+%description -n lib%{name}-devel
+This package contains the static libraries, headers, and other support files
+required for developing applications against libopendkim.
+
+%prep
+%autosetup -p1
+
+%build
+# Always use system libtool instead of pacakge-provided one to
+# properly handle 32 versus 64 bit detection and settings
+%define LIBTOOL LIBTOOL=`which libtool`
+
+%if %systemd
+# Configure with options available to systemd
+%configure --with-odbx --with-db --with-libmemcached --with-openldap --enable-query_cache
+%else
+# Configure with options available to SysV
+%configure --with-odbx --with-db --with-openldap --enable-query_cache
+%endif
+
+# Remove rpath
+sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
+sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+%install
+make DESTDIR=%{buildroot} install %{?_smp_mflags}
+install -d %{buildroot}%{_sysconfdir}
+install -d %{buildroot}%{_sysconfdir}/sysconfig
+install -m 0755 contrib/init/redhat/%{name}-default-keygen %{buildroot}%{_sbindir}/%{name}-default-keygen
+
+%if %systemd
+install -d -m 0755 %{buildroot}%{_unitdir}
+install -m 0644 contrib/systemd/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
+%else
+install -d %{buildroot}%{_initrddir}
+install -m 0755 contrib/init/redhat/%{name} %{buildroot}%{_initrddir}/%{name}
+%endif
+
+cat > %{buildroot}%{_sysconfdir}/%{name}.conf << 'EOF'
+## BASIC %{bigname} CONFIGURATION FILE
+## See %{name}.conf(5) or %{_defaultdocdir}/%{name}/%{name}.conf.sample for more
+
+## BEFORE running %{upname} you must:
+
+## - make your MTA (Postfix, Sendmail, etc.) aware of %{upname}
+## - generate keys for your domain (if signing)
+## - edit your DNS records to publish your public keys (if signing)
+
+## See %{_defaultdocdir}/%{name}/INSTALL for detailed instructions.
+
+## DEPRECATED CONFIGURATION OPTIONS
+## 
+## The following configuration options are no longer valid.  They should be
+## removed from your existing configuration file to prevent potential issues.
+## Failure to do so may result in %{name} being unable to start.
+## 
+## Removed in 2.10.0:
+##   AddAllSignatureResults
+##   ADSPAction
+##   ADSPNoSuchDomain
+##   BogusPolicy
+##   DisableADSP
+##   LDAPSoftStart
+##   LocalADSP
+##   NoDiscardableMailTo
+##   On-PolicyError
+##   SendADSPReports
+##   UnprotectedPolicy
+
+## CONFIGURATION OPTIONS
+
+##  Specifies the path to the process ID file.
+PidFile	%{_localstatedir}/run/%{name}/%{name}.pid
+
+##  Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
+##  Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
+##  messages.
+Mode	v
+
+##  Log activity to the system log.
+Syslog	yes
+
+##  Log additional entries indicating successful signing or verification of messages.
+SyslogSuccess	yes
+
+##  If logging is enabled, include detailed logging about why or why not a message was
+##  signed or verified. This causes an increase in the amount of log data generated
+##  for each message, so set this to No (or comment it out) if it gets too noisy.
+LogWhy	yes
+
+##  Attempt to become the specified user before starting operations.
+UserID	%{name}:%{name}
+
+##  Create a socket through which your MTA can communicate.
+Socket	inet:8891@localhost
+
+##  Required to use local socket with MTAs that access the socket as a non-
+##  privileged user (e.g. Postfix)
+Umask	002
+
+##  This specifies a text file in which to store DKIM transaction statistics.
+##  %{upname} must be manually compiled with --enable-stats to enable this feature.
+# Statistics	%{_localstatedir}/spool/%{name}/stats.dat
+
+##  Specifies whether or not the filter should generate report mail back
+##  to senders when verification fails and an address for such a purpose
+##  is provided. See opendkim.conf(5) for details.
+SendReports	yes
+
+##  Specifies the sending address to be used on From: headers of outgoing
+##  failure reports.  By default, the e-mail address of the user executing
+##  the filter is used (executing_user@hostname).
+# ReportAddress	"Example.com Postmaster" <postmaster@example.com>
+
+##  Add a DKIM-Filter header field to messages passing through this filter
+##  to identify messages it has processed.
+SoftwareHeader	yes
+
+## SIGNING OPTIONS
+
+##  Selects the canonicalization method(s) to be used when signing messages.
+Canonicalization	relaxed/relaxed
+
+##  Domain(s) whose mail should be signed by this filter. Mail from other domains will
+##  be verified rather than being signed. Uncomment and use your domain name.
+##  This parameter is not required if a SigningTable is in use.
+# Domain	example.com
+
+##  Defines the name of the selector to be used when signing messages.
+Selector	default
+
+##  Specifies the minimum number of key bits for acceptable keys and signatures.
+MinimumKeyBits	1024
+
+##  Gives the location of a private key to be used for signing ALL messages. This
+##  directive is ignored if KeyTable is enabled.
+KeyFile	%{_sysconfdir}/%{name}/keys/default.private
+
+##  Gives the location of a file mapping key names to signing keys. In simple terms,
+##  this tells %{upname} where to find your keys. If present, overrides any KeyFile
+##  directive in the configuration file. Requires SigningTable be enabled.
+# KeyTable	%{_sysconfdir}/%{name}/KeyTable
+
+##  Defines a table used to select one or more signatures to apply to a message based
+##  on the address found in the From: header field. In simple terms, this tells
+##  %{upname} how to use your keys. Requires KeyTable be enabled.
+# SigningTable	refile:%{_sysconfdir}/%{name}/SigningTable
+
+##  Identifies a set of "external" hosts that may send mail through the server as one
+##  of the signing domains without credentials as such.
+# ExternalIgnoreList	refile:%{_sysconfdir}/%{name}/TrustedHosts
+
+##  Identifies a set "internal" hosts whose mail should be signed rather than verified.
+# InternalHosts	refile:%{_sysconfdir}/%{name}/TrustedHosts
+
+##  Contains a list of IP addresses, CIDR blocks, hostnames or domain names
+##  whose mail should be neither signed nor verified by this filter.  See man
+##  page for file format.
+# PeerList	X.X.X.X
+
+##  Always oversign From (sign using actual From and a null From to prevent
+##  malicious signatures header fields (From and/or others) between the signer
+##  and the verifier.  From is oversigned by default in the Fedora package
+##  because it is often the identity key used by reputation systems and thus
+##  somewhat security sensitive.
+OversignHeaders	From
+
+##  Instructs the DKIM library to maintain its own local cache of keys and
+##  policies retrieved from DNS, rather than relying on the nameserver for
+##  caching service. Useful if the nameserver being used by the filter is
+##  not local.
+# QueryCache	yes
+EOF
+
+%{__cat} > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF'
+# Set the necessary startup options
+OPTIONS="-x %{_sysconfdir}/%{name}.conf -P %{_localstatedir}/run/%{name}/%{name}.pid"
+
+# Set the default DKIM selector
+DKIM_SELECTOR=default
+
+# Set the default DKIM key location
+DKIM_KEYDIR=%{_sysconfdir}/%{name}/keys
+EOF
+
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}
+cat > %{buildroot}%{_sysconfdir}/%{name}/SigningTable << 'EOF'
+# %{bigname} SIGNING TABLE
+# This table controls how to apply one or more signatures to outgoing messages based
+# on the address found in the From: header field. In simple terms, this tells
+# %{upname} "how" to apply your keys.
+
+# To use this file, uncomment the SigningTable option in %{_sysconfdir}/%{name}.conf,
+# then uncomment one of the usage examples below and replace example.com with your
+# domain name, then restart %{upname}.
+
+# WILDCARD EXAMPLE
+# Enables signing for any address on the listed domain(s), but will work only if
+# "refile:%{_sysconfdir}/%{name}/SigningTable" is included in %{_sysconfdir}/%{name}.conf.
+# Create additional lines for additional domains.
+
+#*@example.com default._domainkey.example.com
+
+# NON-WILDCARD EXAMPLE
+# If "file:" (instead of "refile:") is specified in %{_sysconfdir}/%{name}.conf, then
+# wildcards will not work. Instead, full user@host is checked first, then simply host,
+# then user@.domain (with all superdomains checked in sequence, so "foo.example.com"
+# would first check "user@foo.example.com", then "user@.example.com", then "user@.com"),
+# then .domain, then user@*, and finally *. See the %{name}.conf(5) man page under
+# "SigningTable" for more details.
+
+#example.com default._domainkey.example.com
+EOF
+
+cat > %{buildroot}%{_sysconfdir}/%{name}/KeyTable << 'EOF'
+# %{bigname} KEY TABLE
+# To use this file, uncomment the #KeyTable option in %{_sysconfdir}/%{name}.conf,
+# then uncomment the following line and replace example.com with your domain
+# name, then restart %{upname}. Additional keys may be added on separate lines.
+
+#default._domainkey.example.com example.com:default:%{_sysconfdir}/%{name}/keys/default.private
+EOF
+
+cat > %{buildroot}%{_sysconfdir}/%{name}/TrustedHosts << 'EOF'
+# %{bigname} TRUSTED HOSTS
+# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
+# option in %{_sysconfdir}/%{name}.conf then restart %{upname}. Additional hosts
+# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
+# The localhost IP (127.0.0.1) should always be the first entry in this file.
+127.0.0.1
+::1
+#host.example.com
+#192.168.1.0/24
+EOF
+
+cat > README.fedora << 'EOF'
+#####################################
+#FEDORA-SPECIFIC README FOR %{bigname}#
+#####################################
+Last updated: Apr 30, 2015 by Steve Jenkins (steve@stevejenkins.com)
+
+Generating keys for %{upname}
+============================
+After installing the %{name} package, you MUST generate a pair of keys (public and private) before
+attempting to start the %{name} service.
+
+A valid private key must exist in the location expected by %{_sysconfdir}/%{name}.conf before the service will start.
+
+A matching public key must be included in your domain's DNS records before remote systems can validate
+your outgoing mail's DKIM signature.
+
+
+Generating Keys Automatically
+=============================
+To automatically create a pair of default keys for the local domain, do:
+
+% sudo %{_sbindir}/%{name}-default-keygen
+
+The default keygen script will attempt to fetch the local domain name, generate a private and public key for
+the domain, then save them in %{_sysconfdir}/%{name}/keys as default.private and default.txt with the proper
+ownership and permissions.
+
+NOTE: The default key generation script MUST be run by a privileged user (or root). Otherwise, the resulting
+private key ownership and permissions will not be correct.
+
+
+Generating Keys Manually
+========================
+A privileged user (or root) can manually generate a set of keys by doing the following:
+
+1) Create a directory to store the new keys:
+
+% sudo mkdir %{_sysconfdir}/%{name}/keys/example.com
+
+2) Generate keys in that directory for a specific domain name and selector:
+
+% sudo %{_sbindir}/%{name}-genkey -D %{_sysconfdir}/%{name}/keys/example.com/ -d example.com -s default
+
+3) Set the proper ownership for the directory and private key:
+
+% sudo chown -R root:%{name} %{_sysconfdir}/%{name}/keys/example.com
+
+4) Set secure permissions for the private key:
+
+% sudo chmod 640 %{_sysconfdir}/%{name}/keys/example.com/default.private
+
+5) Set standard permissions for the public key:
+
+% sudo chmod 644 %{_sysconfdir}/%{name}/keys/example.com/default.txt
+
+
+Updating Key Location(s) in Configuration Files
+===============================================
+If you run the %{name}-default-keygen script, the default keys will be saved in %{_sysconfdir}/%{name}/keys as
+default.private and default.txt, which is the location expected by the default %{_sysconfdir}/%{name}.conf file.
+
+If you manually generate your own keys, you must update the key location and name in %{_sysconfdir}/%{name}.conf
+before attempting to start the %{name} service.
+
+
+Using %upname with SQL Datasets
+================================
+%upname on RedHat-based systems relies on OpenDBX for database access. Depending on which database you use,
+you may have to manually install one of the following OpenDBX subpackages (all of which are available via yum):
+
+- opendbx-firebird
+- opendbx-mssql
+- opendbx-mysql
+- opendbx-postgresql
+- opendbx-sqlite 
+- opendbx-sqlite2
+- opendbx-sybase
+
+If you have %upname configured to use SQL datasets on a systemd-based server, it might also be necessary to start
+the %name service after the database servers by referencing your database unit file(s) in the "After" section of
+the %upname unit file.
+
+For example, if using both MariaDB and PostgreSQL, in %{_unitdir}/%{name}.service change:
+
+After=network.target nss-lookup.target syslog.target
+
+to:
+
+After=network.target nss-lookup.target syslog.target mariadb.service postgresql.service
+
+
+Additional Configuration Help
+=============================
+For help configuring your MTA (Postfix, Sendmail, etc.) with %{upname}, setting up DNS records with your
+public DKIM key, as well as instructions on configuring %{upname} to sign outgoing mail for multiple
+domains, follow the how-to at:
+
+http://wp.me/p1iGgP-ou
+
+Official documentation for %{upname} is available at http://%{name}.org/
+
+%{upname} mailing lists are available at http://lists.%{name}.org/
+
+###
+EOF
+
+install -p -d %{buildroot}%{_sysconfdir}/tmpfiles.d
+cat > %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf <<'EOF'
+D %{_localstatedir}/run/%{name} 0700 %{name} %{name} -
+EOF
+
+rm -r %{buildroot}%{_prefix}/share/doc/%{name}
+rm %{buildroot}%{_libdir}/*.a
+rm %{buildroot}%{_libdir}/*.la
+
+mkdir -p %{buildroot}%{_localstatedir}/spool/%{name}
+mkdir -p %{buildroot}%{_localstatedir}/run/%{name}
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}
+mkdir %{buildroot}%{_sysconfdir}/%{name}/keys
+
+install -m 0755 stats/%{name}-reportstats %{buildroot}%{_prefix}/sbin/%{name}-reportstats
+sed -i 's|^%{bigname}STATSDIR="/var/db/%{name}"|%{bigname}STATSDIR="%{_localstatedir}/spool/%{name}"|g' %{buildroot}%{_prefix}/sbin/%{name}-reportstats
+sed -i 's|^%{bigname}DATOWNER="mailnull:mailnull"|%{bigname}DATOWNER="%{name}:%{name}"|g' %{buildroot}%{_prefix}/sbin/%{name}-reportstats
+
+chmod 0644 contrib/convert/convert_keylist.sh
+
+%pre
+getent group %{name} >/dev/null || groupadd -r %{name}
+getent passwd %{name} >/dev/null || \
+	useradd -r -g %{name} -G mail -d %{_localstatedir}/run/%{name} -s /sbin/nologin \
+	-c "%{upname} Milter" %{name}
+exit 0
+
+%post
+%if %systemd
+%systemd_post %{name}.service
+%else
+/sbin/chkconfig --add %{name} || :
+%endif
+
+%preun
+%if %systemd
+%systemd_preun %{name}.service
+%else
+if [ $1 -eq 0 ]; then
+	service %{name} stop >/dev/null || :
+	/sbin/chkconfig --del %{name} || :
+fi
+exit 0
+%endif
+
+%postun
+%if %systemd
+%systemd_postun_with_restart %{name}.service
+%else
+if [ "$1" -ge "1" ] ; then
+	/sbin/service %{name} condrestart >/dev/null 2>&1 || :
+fi
+exit 0
+%endif
+
+%if %systemd
+# For the switchover from initscript to service file
+%triggerun -- %{name} < 2.8.0-1
+%systemd_post %{name}.service
+/sbin/chkconfig --del %{name} >/dev/null 2>&1 || :
+%systemd_postun_with_restart %{name}.service
+%endif
+
+%ldconfig_scriptlets -n libopendkim
+
+%files
+%license LICENSE LICENSE.Sendmail
+%doc FEATURES KNOWNBUGS RELEASE_NOTES RELEASE_NOTES.Sendmail INSTALL
+%doc contrib/convert/convert_keylist.sh %{name}/*.sample
+%doc %{name}/%{name}.conf.simple-verify %{name}/%{name}.conf.simple
+%doc %{name}/README contrib/lua/*.lua
+%doc README.fedora
+%config(noreplace) %{_sysconfdir}/%{name}.conf
+%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
+%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/SigningTable
+%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/KeyTable
+%config(noreplace) %attr(0640,%{name},%{name}) %{_sysconfdir}/%{name}/TrustedHosts
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%{_sbindir}/*
+%{_mandir}/*/*
+%dir %attr(-,%{name},%{name}) %{_localstatedir}/spool/%{name}
+%dir %attr(0775,%{name},%{name}) %{_localstatedir}/run/%{name}
+%dir %attr(-,root,%{name}) %{_sysconfdir}/%{name}
+%dir %attr(0750,%name,%{name}) %{_sysconfdir}/%{name}/keys
+%attr(0755,root,root) %{_sbindir}/%{name}-default-keygen
+
+%if %systemd
+%attr(0644,root,root) %{_unitdir}/%{name}.service
+%else
+%attr(0755,root,root) %{_initrddir}/%{name}
+%endif
+
+%files -n libopendkim
+%if 0%{?_licensedir:1}
+%license LICENSE LICENSE.Sendmail
+%else
+%doc LICENSE LICENSE.Sendmail
+%endif
+%doc README
+%{_libdir}/lib%{name}.so.*
+
+%files -n libopendkim-devel
+%if 0%{?_licensedir:1}
+%license LICENSE LICENSE.Sendmail
+%else
+%doc LICENSE LICENSE.Sendmail
+%endif
+%doc lib%{name}/docs/*.html
+%{_includedir}/%{name}
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+
+%changelog
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.11.0-0.6
+- Escape macros in %%changelog
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-0.2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Dec 20 2016 Steve Jenkins <steve@stevejenkins.com> - 2.11.0-0.1
+- Updated to 2.11.0.Alpha0 upstream source
+- Rediffed, combined, and applied patch for SF #35 + #37
+- Modernized spec slightly (thanks to EPEL 5 getting a bit more modern)
+
+* Mon Aug 01 2016 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-9
+- Changed sendmail-milter-devel BuildRequires to > F25
+
+* Mon Aug 01 2016 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-8
+- Updated BuildRequires to sendmail-milter-devel for F25+ (RH Bugzilla #891288)
+
+* Mon Aug 01 2016 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-7
+- Added compile-time support for QUERY_CACHE (RH Bugzilla #1361038)
+
+* Fri Jul 22 2016 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-6
+- Patched for From: field wrapping issue (SF Ticket #226)
+
+* Wed Jul 20 2016 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-5
+- Fixed OpenLDAP support for all targets except EL5 (required version not available)
+- Updated spec file to more modern conventions
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.10.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Dec 25 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-3
+- Added OpenLDAP support for systemd branches in response to RH Bugzilla #1293279
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.10.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue May 12 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.3-1
+- Updated to use newer upstream 2.10.3 source code
+
+* Mon May 11 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.2-1
+- Updated to use newer upstream 2.10.2 source code
+- Removed patches for bugs fixed in upstream source
+- Included support for systemd macros
+- Added deprecated options notice to default configuration file
+- Added new options to default configuration file
+- Updated README.fedora with additional SQL useage info
+
+* Mon Apr 13 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-13
+- Obsoleted sysvinit subpackage via libopendkim subpackage
+- Added more macros
+- Updated README.fedora
+
+* Mon Apr 06 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-12
+- BuildRequires opendbx-devel instead of opendbx
+- Fixed typo in configure flag
+
+* Mon Apr 06 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-11
+- All branches now require opendbx
+- All branches now configure with --with-obdx flag
+- Added comments to README.Fedora to address Bug #1209009
+- Cleaned up some spacing
+
+* Fri Apr 03 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-10
+- policycoreutils now only required for EL5
+
+* Thu Apr 02 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-9
+- policycoreutils* now only required for Fedora and EL6+
+- Added --with-obdx configure support for Fedora builds
+- Changed a few macros
+- Added additional %%license support
+
+* Sun Mar 29 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-8
+- removed unecessary Requires packages
+- moved libbsd back to BuildRequires
+- removed unecessary %%defattr
+- added support for %%license in place of %%doc
+- Changed some %%{name} macro usages
+
+* Sat Mar 28 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-7
+- added %%{?_isa} to Requires where necessary
+- added sendmail-milter to Requires
+- added libtool to BuildRequires
+- moved libbsd from BuildRequires to Requires
+- added policycoreutils and policycoreutils-python to Requires(post)
+
+* Sat Mar 28 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-6
+- Remove global _pkgdocdir variable
+- Use defaultdocdir variable in default config file
+- Setting permissions special mode bit explicitly in all cases for consistency
+- Change /var/run/opendkim permissions to group writable for Bug #1120080
+
+* Wed Mar 25 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-5
+- Combined systemd and SysV spec files using conditionals
+- Drop sysvinit subpackage completely
+
+* Tue Mar 24 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-4
+- Fixed typo in Group name
+- Added updated libtool definition
+- Additional comments in spec file
+- Patch SysV initscript to stop default key generation on startup
+
+* Thu Mar 05 2015 Adam Jackson <ajax@redhat.com> 2.10.1-3
+- Drop sysvinit subpackage from F23+
+
+* Tue Mar 03 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-2
+- Added IPv6 ::1 support to TrustedHosts (RH Bugzilla #1049204)
+
+* Tue Mar 03 2015 Steve Jenkins <steve@stevejenkins.com> - 2.10.1-1
+- Updated to use newer upstream 2.10.1 source code
+
+* Tue Dec 09 2014 Steve Jenkins <steve@stevejenkins.com> - 2.10.0-1
+- Updated to use newer upstream 2.10.0 source code
+- Removed unbound compile option due to orphaned upstream dependency
+- Removed AUTOCREATE_DKIM_KEYS option
+- Added README.fedora with basic key generation and config instructions
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Mon Aug 04 2014 Steve Jenkins <steve@stevejenkins.com> - 2.9.2-2
+- Change file ownerships/permissions to fix https://bugzilla.redhat.com/show_bug.cgi?id=891292
+- Default keys no longer created on startup. Privileged user must run opendkim-default-keygen or create manually (after install)
+
+* Wed Jul 30 2014 Steve Jenkins <steve@stevejenkins.com> - 2.9.2-1
+- Updated to use newer upstream 2.9.2 source code
+- Fixed invalid date in changelog
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.9.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Dec 18 2013 Steve Jenkins <steve stevejenkins com> - 2.9.0-2
+- Patch adds user and group to systemd service file (Thx jcosta@redhat.com)
+- Changed default ownership of /etc/opendkim/keys directory to opendkim user
+
+* Wed Dec 18 2013 Steve Jenkins <steve stevejenkins com> - 2.9.0-1
+- Updated to use newer upstream 2.9.0 source code
+- Added libbsd-devel to Build Requires
+- Removed listrl references from libopendkim files section (handled by libbsd-devel)
+
+* Sun Nov 3 2013 Steve Jenkins <steve stevejenkins com> - 2.8.4-4
+- Rebuild of all release packages to sync version numbers
+
+* Sun Nov 3 2013 Ville Skytta ville.skytta@iki.fi> - 2.8.4-3
+- Fix path to docs in sample config when doc dir is unversioned (#993997).
+
+* Sat Aug 03 2013 Petr Pisar <ppisar@redhat.com> - 2.8.4-2
+- Perl 5.18 rebuild
+
+* Tue Jul 23 2013 Steve Jenkins <steve stevejenkins com> 2.8.4-1
+- Updated to use newer upstream 2.8.4 source code
+- Added libbsd build requirement
+
+* Thu Jul 18 2013 Petr Pisar <ppisar@redhat.com> - 2.8.3-3
+- Perl 5.18 rebuild
+
+* Fri May 17 2013 Steve Jenkins <steve stevejenkins com> 2.8.3-2
+- Removed libmemcached support from SysV version (requires > v0.36)
+
+* Sun May 12 2013 Steve Jenkins <steve stevejenkins com> 2.8.3-1
+- Updated to use newer upstream 2.8.3 source code
+- Added unbound, libmcached, and db support on configure
+
+* Mon Apr 29 2013 Steve Jenkins <steve stevejenkins com> 2.8.2-1
+- Updated to use newer upstream 2.8.2 source code
+
+* Tue Mar 19 2013 Steve Jenkins <steve stevejenkins com> 2.8.1-1
+- Updated to use newer upstream 2.8.1 source code
+- Removed patches for bugs fixed in upstream source
+
+* Wed Feb 27 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-4
+- Added patch from upstream to fix libdb compatibility issues
+
+* Tue Feb 26 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-3
+- Split into two spec files: systemd (F17+) and SysV (EL5-6)
+- Removed leading / from unitdir variables
+- Removed commented source lines
+- Created comment sections for easy switching between systemd and SysV
+
+* Mon Feb 25 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-2
+- Added / in front of unitdir variables
+
+* Thu Feb 21 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-1
+- Happy Birthday to me! :)
+- Updated to use newer upstream 2.8.0 source code
+- Migration from SysV initscript to systemd unit file
+- Added systemd build requirement
+- Edited comments in default configuration files
+- Changed default Canonicalization to relaxed/relaxed in config file
+- Changed default values in EnvironmentFile
+- Moved program startup options into EnvironmentFile
+- Moved default key check and generation on startup to external script
+- Removed AutoRestart directives from default config (systemd will handle)
+- Incorporated additional variable names throughout spec file
+- Added support for new opendkim-sysvinit package for legacy SysV systems
+
+* Tue Jan 08 2013 Steve Jenkins <steve stevejenkins com> 2.7.4-1
+- Updated to use newer upstream 2.7.4 source code
+- Added AutoRestart and AutoRestartRate directives to default configuration
+- Changed default SigningTable directive to include refile: for wildcard support
+
+* Tue Dec 04 2012 Steve Jenkins <steve stevejenkins com> 2.7.3-2
+- Set /etc/opendkim/keys default permissions to 750 (Thanks patrick at puzzled.xs4al.nl)
+
+* Thu Nov 29 2012 Steve Jenkins <steve stevejenkins com> 2.7.3-1
+- Updated to use newer upstream 2.7.3 source code
+
+* Mon Nov 19 2012 Steve Jenkins <steve stevejenkins com> 2.7.2-1
+- Updated to use newer upstream 2.7.2 source code
+
+* Tue Oct 30 2012 Steve Jenkins <steve stevejenkins com> 2.7.1-1
+- Updated to use newer upstream 2.7.1 source code
+- Updated to reflect source code move of files from /usr/bin to /usr/sbin
+- Removed --enable-stats configure option to avoid additional dependencies
+- Added support for strlcat() and strlcopy() previously in libopendkim
+- Added new MinimumKeyBits configuration option with default of 1024
+
+* Wed Aug 22 2012 Steve Jenkins <steve stevejenkins com> 2.6.7-1
+- Updated to use newer upstream 2.6.7 source code
+- Removed patches from 2.4.2 which were incorporated upstream
+- Updated install directory of opendkim-reportstats
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.4.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Sep 22 2011 Steve Jenkins <steve stevejenkins com> 2.4.2-5
+- Changed ownernship of directories to comply with selinux-policy
+- Added default KeyTable and TrustedHosts files
+- Added config(noreplace) to sysconfig file
+
+* Mon Sep 19 2011 Steve Jenkins <steve stevejenkins com> 2.4.2-4
+- Use Fedora standard method to fix pkg supplied libtool (Todd Lyons)
+- Updated Summary and Description
+- Fixed default stats file location in sample config file
+- Install opendkim-reportstats and README.opendkim-reportstats
+- Changed default stop priority in init script
+- Added example SigningTable
+- Added sysconfig support for AUTOCREATE_DKIM_KEYS, DKIM_SELECTOR, DKIM_KEYDIR
+- Enabled SysLogSuccess and LogWhy by default
+
+* Mon Aug 22 2011 Steve Jenkins <steve stevejenkins com> 2.4.2-3
+- Mad props to Matt Domsch for sponsoring and providing feedback
+- Removed {?OSshort} variable in Release: header
+- Removed explicit Requires: in header
+- Added support for tmpfiles.d
+- Replaced opendkim with {name} variable throughout
+- Replaced RPM_BUILD_ROOT with {buildroot}
+- Moved changelog to bottom of file
+- Removed "All Rights Reserved" from top of spec file
+- Removed Prefix: line in header
+- Pointed Source*: to the upstream tarballs
+- Changed BuildRoot: format
+- Changed makeinstall to make install
+- Moved creation of working dirs to install
+- Moved ownership of working dirs to files
+- Moved user and group creation to pre
+- Moved permissions setting to files with attr
+- Created directory for user keys
+- Removed testing for working directories; mkdir -p will suffice
+- Revised Summary
+- Removed static libraries from -devel package
+- Removed extra spaces
+- Removed usermod command to add opendkim to mail group
+- Removed echo in post
+- General tidying up
+- Moved INSTALL readme information into patch
+- Removed CPPFLAGS from configure
+- Added _smp_mflags to make
+- Changed which README from source is written to doc directory
+- Added licenses to all subpackages
+- Changed default runlevel in init script
+
+* Tue Aug 16 2011  Steve Jenkins <steve stevejenkins com> 2.4.2-2
+- Added -q to setup -a 1
+- Added x86_64 libtool support (Mad props to Todd Lyons)
+- Added {?dist} variable support in Release: header
+- Changed Statistics storage location
+- Statistics option now commented in opendkim.conf by default
+- Check for existing private key before attempting to build keys
+- Check for domain name before attempting to build keys
+
+* Mon Aug 15 2011  Steve Jenkins <steve stevejenkins com> 2.4.2-1
+- Initial Packaging of opendkim
diff --git a/opendkim.ticket35+37.patch b/opendkim.ticket35+37.patch
new file mode 100644
index 0000000..68115a1
--- /dev/null
+++ b/opendkim.ticket35+37.patch
@@ -0,0 +1,173 @@
+diff -Naur -x opendkim-2.11.0.orig/configure opendkim-2.11.0/configure
+--- opendkim-2.11.0.orig/configure	2015-10-07 16:17:48.000000000 -0700
++++ opendkim-2.11.0/configure	2016-12-20 18:47:51.662158143 -0800
+@@ -14700,13 +14700,13 @@
+ 
+ 	for d in $strldirs
+ 	do
+-		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strl.h in $d/strl" >&5
+-$as_echo_n "checking for strl.h in $d/strl... " >&6; }
+-		if test -f $d/strl/strl.h
++		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strl.h in $d" >&5
++$as_echo_n "checking for strl.h in $d... " >&6; }
++		if test -f $d/strl.h
+ 		then
+ 			unset ac_cv_header_strl_h
+ 			saved_CPPFLAGS="$CPPFLAGS"
+-			CPPFLAGS="$CPPFLAGS -I$d/strl"
++			CPPFLAGS="$CPPFLAGS -I$d"
+ 			for ac_header in strl.h
+ do :
+   ac_fn_c_check_header_mongrel "$LINENO" "strl.h" "ac_cv_header_strl_h" "$ac_includes_default"
+@@ -14724,7 +14724,7 @@
+ 
+ 		if test x"$strl_h_found" = x"yes"
+ 		then
+-			CPPFLAGS="$CPPFLAGS -I$d/strl"
++			CPPFLAGS="$CPPFLAGS -I$d"
+ 			break
+ 		fi
+ 	done
+@@ -16795,77 +16795,39 @@
+ fi
+ 
+ 
+-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_library_init" >&5
+-$as_echo_n "checking for library containing SSL_library_init... " >&6; }
+-if ${ac_cv_search_SSL_library_init+:} false; then :
+-  $as_echo_n "(cached) " >&6
+-else
+-  ac_func_search_save_LIBS=$LIBS
+-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+-/* end confdefs.h.  */
+ 
+-/* Override any GCC internal prototype to avoid an error.
+-   Use char because int might match the return type of a GCC
+-   builtin and then its argument prototype would still apply.  */
+-#ifdef __cplusplus
+-extern "C"
+-#endif
+-char SSL_library_init ();
++	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++#include <openssl/ssl.h>
+ int
+ main ()
+ {
+-return SSL_library_init ();
++SSL_library_init();
+   ;
+   return 0;
+ }
+ _ACEOF
+-for ac_lib in '' ssl; do
+-  if test -z "$ac_lib"; then
+-    ac_res="none required"
+-  else
+-    ac_res=-l$ac_lib
+-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+-  fi
+-  if ac_fn_c_try_link "$LINENO"; then :
+-  ac_cv_search_SSL_library_init=$ac_res
+-fi
+-rm -f core conftest.err conftest.$ac_objext \
+-    conftest$ac_exeext
+-  if ${ac_cv_search_SSL_library_init+:} false; then :
+-  break
+-fi
+-done
+-if ${ac_cv_search_SSL_library_init+:} false; then :
+-
++if ac_fn_c_try_link "$LINENO"; then :
++  od_have_ossl="yes";
+ else
+-  ac_cv_search_SSL_library_init=no
++  od_have_ossl="no";
+ fi
+-rm conftest.$ac_ext
+-LIBS=$ac_func_search_save_LIBS
+-fi
+-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_SSL_library_init" >&5
+-$as_echo "$ac_cv_search_SSL_library_init" >&6; }
+-ac_res=$ac_cv_search_SSL_library_init
+-if test "$ac_res" != no; then :
+-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+-
+-else
+-
+-			if test x"$enable_shared" = x"yes"
+-			then
+-				as_fn_error $? "Cannot build shared opendkim
+-				              against static openssl libraries.
+-				              Configure with --disable-shared
+-				              to get this working or obtain a
+-				              shared libssl library for
+-				              opendkim to use." "$LINENO" 5
+-			fi
++rm -f core conftest.err conftest.$ac_objext \
++    conftest$ac_exeext conftest.$ac_ext
++	if test x"$od_have_ossl" = x"no"
++	then
++		if test x"$enable_shared" = x"yes"
++		then
++			as_fn_error $? "Cannot build shared opendkim
++			              against static openssl libraries.
++			              Configure with --disable-shared
++			              to get this working or obtain a
++			              shared libssl library for
++			              opendkim to use." "$LINENO" 5
++		fi
+ 
+-			# avoid caching issue - last result of SSL_library_init
+-			# shouldn't be cached for this next check
+-			unset ac_cv_search_SSL_library_init
+-			LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
+-			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_library_init" >&5
++		LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
++		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing SSL_library_init" >&5
+ $as_echo_n "checking for library containing SSL_library_init... " >&6; }
+ if ${ac_cv_search_SSL_library_init+:} false; then :
+   $as_echo_n "(cached) " >&6
+@@ -16923,10 +16885,7 @@
+   as_fn_error $? "libssl not found" "$LINENO" 5
+ fi
+ 
+-
+-
+-fi
+-
++	fi
+ 
+ 	ac_fn_c_check_decl "$LINENO" "SHA256_DIGEST_LENGTH" "ac_cv_have_decl_SHA256_DIGEST_LENGTH" "
+ #include <sys/types.h>
+diff -Naur -x opendkim-2.11.0.orig/opendkim/opendkim-crypto.c opendkim-2.11.0/opendkim/opendkim-crypto.c
+--- opendkim-2.11.0.orig/opendkim/opendkim-crypto.c	2013-02-25 13:02:41.000000000 -0800
++++ opendkim-2.11.0/opendkim/opendkim-crypto.c	2016-12-20 18:47:03.477027225 -0800
+@@ -222,7 +222,11 @@
+ 	{
+ 		assert(pthread_setspecific(id_key, ptr) == 0);
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++		OPENSSL_thread_stop();
++#else
+ 		ERR_remove_state(0);
++#endif
+ 
+ 		free(ptr);
+ 
+@@ -392,11 +396,15 @@
+ {
+ 	if (crypto_init_done)
+ 	{
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++		OPENSSL_thread_stop();
++#else
+ 		CRYPTO_cleanup_all_ex_data();
+ 		CONF_modules_free();
+ 		EVP_cleanup();
+ 		ERR_free_strings();
+ 		ERR_remove_state(0);
++#endif
+ 
+ 		if (nmutexes > 0)
+ 		{
diff --git a/sources b/sources
index e69de29..58e6a1b 100644
--- a/sources
+++ b/sources
@@ -0,0 +1 @@
+SHA512 (opendkim-2.11.0.Alpha0.tar.gz) = d370fa0ab5f335338f86ce5afb0b8c13cce80c4ac5da18d0f6af6e5227e909adacd0d0e7766c0cb6ecc30803a27cd469a9e22a8b7b37f4dee47d632dbce5f832