From 47efd56ae6995dec18502f4669422f496ee56ace Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 20 Nov 2008 14:06:08 +0000 Subject: [PATCH] - enable Large file support on 32-bit archs (#428996) - fix mailq(1) and newaliases(1) man pages (#429501) - move pflogsumm and qshape to -perl-scripts subpackage (#467529) - update pflogsumm to 1.1.1 - fix large-fs patch - drop open_define patch - add -Wno-comment to CFLAGS --- .cvsignore | 13 +----- postfix-2.4.5-open_define.patch | 71 ----------------------------- postfix-CVE-2008-2936.patch | 59 ------------------------ postfix-large-fs.patch | 24 ++++------ postfix.spec | 81 +++++++++++++++++++-------------- sources | 2 +- 6 files changed, 57 insertions(+), 193 deletions(-) delete mode 100644 postfix-2.4.5-open_define.patch delete mode 100644 postfix-CVE-2008-2936.patch diff --git a/.cvsignore b/.cvsignore index 66b14c7..fa747f5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,13 +1,2 @@ -pflogsumm-1.1.0.tar.gz -postfix-2.2.10.tar.gz -postfix-2.3.0.tar.gz -postfix-2.3.1.tar.gz -postfix-2.3.2.tar.gz -postfix-2.3.3.tar.gz -postfix-2.3.4.tar.gz -postfix-2.3.6.tar.gz -postfix-2.4.3.tar.gz -postfix-2.4.5.tar.gz -postfix-2.4.6.tar.gz -postfix-2.5.1.tar.gz +pflogsumm-1.1.1.tar.gz postfix-2.5.5.tar.gz diff --git a/postfix-2.4.5-open_define.patch b/postfix-2.4.5-open_define.patch deleted file mode 100644 index 8777ce7..0000000 --- a/postfix-2.4.5-open_define.patch +++ /dev/null @@ -1,71 +0,0 @@ -diff -up postfix-2.5.1/src/global/mail_dict.c.open_define postfix-2.5.1/src/global/mail_dict.c ---- postfix-2.5.1/src/global/mail_dict.c.open_define 2008-01-08 16:07:47.000000000 -0500 -+++ postfix-2.5.1/src/global/mail_dict.c 2008-08-28 17:26:30.000000000 -0400 -@@ -64,5 +64,5 @@ void mail_dict_init(void) - const DICT_OPEN_INFO *dp; - - for (dp = dict_open_info; dp->type; dp++) -- dict_open_register(dp->type, dp->open); -+ dict_open_register(dp->type, (dp->open)); - } -diff -up postfix-2.5.1/src/global/mkmap_cdb.c.open_define postfix-2.5.1/src/global/mkmap_cdb.c ---- postfix-2.5.1/src/global/mkmap_cdb.c.open_define 2004-12-08 18:58:05.000000000 -0500 -+++ postfix-2.5.1/src/global/mkmap_cdb.c 2008-08-28 17:25:23.000000000 -0400 -@@ -56,7 +56,7 @@ - MKMAP *mkmap_cdb_open(const char *unused_path) - { - MKMAP *mkmap = (MKMAP *) mymalloc(sizeof(*mkmap)); -- mkmap->open = dict_cdb_open; -+ (mkmap->open) = dict_cdb_open; - mkmap->after_open = 0; - mkmap->after_close = 0; - return (mkmap); -diff -up postfix-2.5.1/src/global/mkmap_open.c.open_define postfix-2.5.1/src/global/mkmap_open.c ---- postfix-2.5.1/src/global/mkmap_open.c.open_define 2008-01-08 17:08:45.000000000 -0500 -+++ postfix-2.5.1/src/global/mkmap_open.c 2008-08-28 17:25:23.000000000 -0400 -@@ -181,7 +181,7 @@ MKMAP *mkmap_open(const char *type, con - * Truncate the database upon open, and update it. Read-write mode is - * needed because the underlying routines read as well as write. - */ -- mkmap->dict = mkmap->open(path, open_flags, dict_flags); -+ mkmap->dict = (mkmap->open)(path, open_flags, dict_flags); - mkmap->dict->lock_fd = -1; /* XXX just in case */ - mkmap->dict->stat_fd = -1; /* XXX just in case */ - mkmap->dict->flags |= DICT_FLAG_DUP_WARN; -diff -up postfix-2.5.1/src/util/dict_db.c.open_define postfix-2.5.1/src/util/dict_db.c ---- postfix-2.5.1/src/util/dict_db.c.open_define 2007-01-04 09:06:07.000000000 -0500 -+++ postfix-2.5.1/src/util/dict_db.c 2008-08-28 17:25:23.000000000 -0400 -@@ -665,10 +665,10 @@ static DICT *dict_db_open(const char *cl - if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) - msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); - #if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0) -- if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0) -+ if ((errno = (db->open)(db, 0, db_path, 0, type, db_flags, 0644)) != 0) - msg_fatal("open database %s: %m", db_path); - #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4) -- if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0) -+ if ((errno = (db->open)(db, db_path, 0, type, db_flags, 0644)) != 0) - msg_fatal("open database %s: %m", db_path); - #else - #error "Unsupported Berkeley DB version" -diff -up postfix-2.5.1/src/util/dict_open.c.open_define postfix-2.5.1/src/util/dict_open.c ---- postfix-2.5.1/src/util/dict_open.c.open_define 2008-01-08 16:05:20.000000000 -0500 -+++ postfix-2.5.1/src/util/dict_open.c 2008-08-28 17:25:23.000000000 -0400 -@@ -305,7 +305,7 @@ DICT *dict_open3(const char *dict_type - dict_open_init(); - if ((dp = (DICT_OPEN_INFO *) htable_find(dict_open_hash, dict_type)) == 0) - msg_fatal("unsupported dictionary type: %s", dict_type); -- if ((dict = dp->open(dict_name, open_flags, dict_flags)) == 0) -+ if ((dict = (dp->open)(dict_name, open_flags, dict_flags)) == 0) - msg_fatal("opening %s:%s %m", dict_type, dict_name); - if (msg_verbose) - msg_info("%s: %s:%s", myname, dict_type, dict_name); -@@ -326,7 +326,7 @@ void dict_open_register(const char *t - msg_panic("%s: dictionary type exists: %s", myname, type); - dp = (DICT_OPEN_INFO *) mymalloc(sizeof(*dp)); - dp->type = mystrdup(type); -- dp->open = open; -+ (dp->open) = open; - htable_enter(dict_open_hash, dp->type, (char *) dp); - } - diff --git a/postfix-CVE-2008-2936.patch b/postfix-CVE-2008-2936.patch deleted file mode 100644 index 55f8400..0000000 --- a/postfix-CVE-2008-2936.patch +++ /dev/null @@ -1,59 +0,0 @@ - -*** postfix/src/util/safe_open.c.orig Sun Jun 4 19:04:49 2006 -- --- postfix/src/util/safe_open.c Mon Aug 4 16:47:18 2008 -*************** -*** 83,88 **** -- --- 83,89 ---- - #include - #include - #include -+ #include - #include - - /* safe_open_exist - open existing file */ -*************** -*** 138,150 **** - * for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks - * owned by a non-root user. This would open a security hole when - * delivering mail to a world-writable mailbox directory. - */ - else if (lstat(path, &lstat_st) < 0) { - vstring_sprintf(why, "file status changed unexpectedly: %m"); - errno = EPERM; - } else if (S_ISLNK(lstat_st.st_mode)) { -! if (lstat_st.st_uid == 0) -! return (fp); - vstring_sprintf(why, "file is a symbolic link"); - errno = EPERM; - } else if (fstat_st->st_dev != lstat_st.st_dev -- --- 139,167 ---- - * for symlinks owned by root. NEVER, NEVER, make exceptions for symlinks - * owned by a non-root user. This would open a security hole when - * delivering mail to a world-writable mailbox directory. -+ * -+ * Sebastian Krahmer of SuSE brought to my attention that some systems have -+ * changed their semantics of link(symlink, newpath), such that the -+ * result is a hardlink to the symlink. For this reason, we now also -+ * require that the symlink's parent directory is writable only by root. - */ - else if (lstat(path, &lstat_st) < 0) { - vstring_sprintf(why, "file status changed unexpectedly: %m"); - errno = EPERM; - } else if (S_ISLNK(lstat_st.st_mode)) { -! if (lstat_st.st_uid == 0) { -! VSTRING *parent_buf = vstring_alloc(100); -! const char *parent_path = sane_dirname(parent_buf, path); -! struct stat parent_st; -! int parent_ok; -! -! parent_ok = (stat(parent_path, &parent_st) == 0 /* not lstat */ -! && parent_st.st_uid == 0 -! && (parent_st.st_mode & (S_IWGRP | S_IWOTH)) == 0); -! vstring_free(parent_buf); -! if (parent_ok) -! return (fp); -! } - vstring_sprintf(why, "file is a symbolic link"); - errno = EPERM; - } else if (fstat_st->st_dev != lstat_st.st_dev - diff --git a/postfix-large-fs.patch b/postfix-large-fs.patch index 40a9e46..0721c02 100644 --- a/postfix-large-fs.patch +++ b/postfix-large-fs.patch @@ -1,6 +1,7 @@ ---- postfix-2.2.2/src/util/sys_defs.h.large-fs 2005-02-04 01:07:44.000000000 +0100 -+++ postfix-2.2.2/src/util/sys_defs.h 2005-04-20 16:36:55.621279565 +0200 -@@ -618,8 +618,8 @@ +diff -up postfix-2.5.5/src/util/sys_defs.h.large-fs postfix-2.5.5/src/util/sys_defs.h +--- postfix-2.5.5/src/util/sys_defs.h.large-fs 2008-01-15 01:51:44.000000000 +0100 ++++ postfix-2.5.5/src/util/sys_defs.h 2008-10-21 17:55:29.000000000 +0200 +@@ -709,8 +709,8 @@ extern int initgroups(const char *, int) #define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0) #define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin" #define FIONREAD_IN_TERMIOS_H @@ -8,20 +9,13 @@ -#define STATFS_IN_SYS_VFS_H +#define USE_STATVFS +#define STATVFS_IN_SYS_STATVFS_H - #define UNIX_DOMAIN_CONNECT_BLOCKS_FOR_ACCEPT #define PREPEND_PLUS_TO_OPTSTRING #define HAS_POSIX_REGEXP ---- postfix-2.2.2/src/util/fsspace.c.large-fs 1999-06-25 02:06:14.000000000 +0200 -+++ postfix-2.2.2/src/util/fsspace.c 2005-04-20 16:53:28.777232112 +0200 -@@ -38,6 +38,7 @@ - /*--*/ - - /* System library. */ -+#define _FILE_OFFSET_BITS 64 - - #include - -@@ -91,8 +92,15 @@ + #define NATIVE_SENDMAIL_PATH "/usr/sbin/sendmail" +diff -up postfix-2.5.5/src/util/fsspace.c.large-fs postfix-2.5.5/src/util/fsspace.c +--- postfix-2.5.5/src/util/fsspace.c.large-fs 2006-06-15 20:07:16.000000000 +0200 ++++ postfix-2.5.5/src/util/fsspace.c 2008-10-21 17:56:29.000000000 +0200 +@@ -91,8 +91,15 @@ void fsspace(const char *path, struct if (statvfs(path, &fsbuf) < 0) msg_fatal("statvfs %s: %m", path); diff --git a/postfix.spec b/postfix.spec index 67704c5..65a2857 100644 --- a/postfix.spec +++ b/postfix.spec @@ -14,7 +14,7 @@ %endif %if %{PFLOGSUMM} -%define pflogsumm_ver 1.1.0 +%define pflogsumm_ver 1.1.1 %endif # Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own @@ -40,7 +40,7 @@ Name: postfix Summary: Postfix Mail Transport Agent Version: 2.5.5 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 2 Group: System Environment/Daemons URL: http://www.postfix.org @@ -80,7 +80,6 @@ Patch6: postfix-2.1.1-obsolete.patch Patch7: postfix-2.1.5-aliases.patch Patch8: postfix-large-fs.patch Patch9: postfix-2.4.0-cyrus.patch -Patch10: postfix-2.4.5-open_define.patch # Optional patches - set the appropriate environment variables to include # them when building the package/spec file @@ -129,6 +128,27 @@ Provides: /usr/sbin/sendmail /usr/bin/mailq /usr/bin/rmail Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS +%package perl-scripts +Summary: Postfix utilities written in perl +Group: Applications/System +Requires: %{name} = %{epoch}:%{version}-%{release} +# perl-scripts introduced in 2:2.5.5-2 +Obsoletes: postfix < 2:2.5.5-2 +%if %{PFLOGSUMM} +Provides: postfix-pflogsumm = %{epoch}:%{version}-%{release} +Obsoletes: postfix-pflogsumm < 2:2.5.5-2 +%endif +%description perl-scripts +This package contains perl scripts pflogsumm and qshape. + +Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is +designed to provide an over-view of Postfix activity. Pflogsumm +generates summaries and, in some cases, detailed reports of mail +server traffic volumes, rejected and bounced email, and server +warnings, errors and panics. + +qshape prints Postfix queue domain and age distribution. + %prep %setup -q # Apply obligatory patches @@ -138,31 +158,12 @@ TLS %patch7 -p1 -b .aliases %patch8 -p1 -b .large-fs %patch9 -p1 -b .cyrus -%patch10 -p1 -b .open_define # resolve multilib conflict for makedefs.out: rename to makedefs.out-%{_arch} perl -pi -e "s/makedefs.out/makedefs.out-%{_arch}/g" conf/postfix-files Makefile.in */Makefile.in */*/Makefile.in HISTORY %if %{PFLOGSUMM} gzip -dc %{SOURCE53} | tar xf - -pushd pflogsumm-%{pflogsumm_ver} -patch -p0 < ../pflogsumm-conn-delays-dsn-patch -popd -%endif - -# pflogsumm subpackage -%if %{PFLOGSUMM} -%package pflogsumm -Group: System Environment/Daemons -Summary: A Log Summarizer/Analyzer for the Postfix MTA -Requires: postfix = %{epoch}:%{version}-%{release} -%description pflogsumm -Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is -designed to provide an over-view of Postfix activity. Pflogsumm -generates summaries and, in some cases, detailed reports of mail -server traffic volumes, rejected and bounced email, and server -warnings, errors and panics. - %endif %build @@ -222,7 +223,7 @@ export CCARGS AUXLIBS make -f Makefile.init makefiles unset CCARGS AUXLIBS -make %{?_smp_mflags} DEBUG="" OPT="$RPM_OPT_FLAGS" +make %{?_smp_mflags} DEBUG="" OPT="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -Wno-comment" %install /bin/rm -rf $RPM_BUILD_ROOT @@ -231,10 +232,11 @@ make %{?_smp_mflags} DEBUG="" OPT="$RPM_OPT_FLAGS" # install postfix into $RPM_BUILD_ROOT # Move stuff around so we don't conflict with sendmail -mv man/man1/mailq.1 man/man1/mailq.postfix.1 -mv man/man1/newaliases.1 man/man1/newaliases.postfix.1 -mv man/man1/sendmail.1 man/man1/sendmail.postfix.1 -mv man/man5/aliases.5 man/man5/aliases.postfix.5 +for i in man1/mailq.1 man1/newaliases.1 man1/sendmail.1 man5/aliases.5; do + dest=$(echo $i | sed 's|\.[1-9]$|.postfix\0|') + mv man/$i man/$dest + sed -i "s|^\.so $i|\.so $dest|" man/man?/*.[1-9] +done sh postfix-install -non-interactive \ install_root=$RPM_BUILD_ROOT \ @@ -402,7 +404,6 @@ exit 0 %attr(0755, root, root) %{postfix_command_dir}/smtp-sink %attr(0755, root, root) %{postfix_command_dir}/smtp-source -%attr(0755, root, root) %{postfix_command_dir}/qshape %attr(0755, root, root) /usr/lib/sendmail.postfix %dir %attr(0755, root, root) %{postfix_doc_dir} @@ -433,7 +434,7 @@ exit 0 %attr(0644, root, root) %{_mandir}/man1/[a-n]* %attr(0644, root, root) %{_mandir}/man1/post* -%attr(0644, root, root) %{_mandir}/man1/[q-z]* +%attr(0644, root, root) %{_mandir}/man1/[s-z]* %attr(0644, root, root) %{_mandir}/man5/* %attr(0644, root, root) %{_mandir}/man8/* @@ -470,16 +471,26 @@ exit 0 %attr(0755, root, root) %{_bindir}/newaliases.postfix %attr(0755, root, root) %{_sbindir}/sendmail.postfix -%if %{PFLOGSUMM} -%files pflogsumm +%files perl-scripts %defattr(-, root, root) - %doc %{postfix_doc_dir}/pflogsumm-faq.txt - %{_mandir}/man1/pflogsumm.1.gz - %attr(0755, root , root) %{postfix_command_dir}/pflogsumm +%attr(0755, root, root) %{postfix_command_dir}/qshape +%attr(0644, root, root) %{_mandir}/man1/qshape* +%if %{PFLOGSUMM} +%doc %{postfix_doc_dir}/pflogsumm-faq.txt +%attr(0644, root, root) %{_mandir}/man1/pflogsumm.1.gz +%attr(0755, root, root) %{postfix_command_dir}/pflogsumm %endif - %changelog +* Thu Nov 20 2008 Miroslav Lichvar 2:2.5.5-2 +- enable Large file support on 32-bit archs (#428996) +- fix mailq(1) and newaliases(1) man pages (#429501) +- move pflogsumm and qshape to -perl-scripts subpackage (#467529) +- update pflogsumm to 1.1.1 +- fix large-fs patch +- drop open_define patch +- add -Wno-comment to CFLAGS + * Wed Sep 17 2008 Thomas Woerner 2:2.5.5-1 - new version 2.5.5 fixes CVE-2008-2936, CVE-2008-2937 and CVE-2008-3889 (rhbz#459101) diff --git a/sources b/sources index 2bda7dc..a710966 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -1f78fcaf2a36ec3520ecff286a45251a pflogsumm-1.1.0.tar.gz +2f570477b2e205f9dfc1df13f00b5c0d pflogsumm-1.1.1.tar.gz 6b4b848bdd2239dddfc9d385e57e19ef postfix-2.5.5.tar.gz