import postfix-3.5.8-1.el8
This commit is contained in:
parent
0eb74d990a
commit
dba6bbfa52
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/pflogsumm-1.1.5.tar.gz
|
||||
SOURCES/postfix-3.3.1.tar.gz
|
||||
SOURCES/postfix-3.5.8.tar.gz
|
||||
|
@ -1,2 +1,2 @@
|
||||
d18daa19d725e64c2b7e6c8da458b2d563272645 SOURCES/pflogsumm-1.1.5.tar.gz
|
||||
1b56e682298abf947be4921a5c0d50ba8012eee1 SOURCES/postfix-3.3.1.tar.gz
|
||||
1dfb10729498be5d387dc730117c2a845dd93ac0 SOURCES/postfix-3.5.8.tar.gz
|
||||
|
65
SOURCES/README-RedHat.txt
Normal file
65
SOURCES/README-RedHat.txt
Normal file
@ -0,0 +1,65 @@
|
||||
This Postfix build behaves differently from the upstream postfix-3.5.8.
|
||||
It's because in RHEL-8 backward compatibility is kept to postfix-3.3.1.
|
||||
|
||||
For the upstream postfix-3.5.8 behavior either run the following commands:
|
||||
|
||||
# postconf info_log_address_format=external
|
||||
# postconf smtpd_discard_ehlo_keywords=
|
||||
# postconf rhel_ipv6_normalize=yes
|
||||
|
||||
Or go through the following steps:
|
||||
|
||||
1. Change the configuration option 'info_log_address_format' to 'external'.
|
||||
In RHEL-8 it's by default set to 'internal' to mitigate [Incompat 20191109].
|
||||
|
||||
2. Change the configuration option 'smtpd_discard_ehlo_keywords' to ''.
|
||||
In RHEL-8 it's by default set to 'chunking' to mitigate [Incompat 20180826].
|
||||
|
||||
3. Add RHEL-8 specific configuration option 'rhel_ipv6_normalize' and set it
|
||||
to 'yes'. In RHEL-8 this option was added to mitigate [Incompat 20190427].
|
||||
|
||||
Details from the upstream RELEASE_NOTES:
|
||||
|
||||
[Incompat 20191109]
|
||||
Postfix daemon processes now log the from= and
|
||||
to= addresses in external (quoted) form in non-debug logging (info,
|
||||
warning, etc.). This means that when an address localpart contains
|
||||
spaces or other special characters, the localpart will be quoted,
|
||||
for example:
|
||||
|
||||
from=<"name with spaces"@example.com>
|
||||
|
||||
Older Postfix versions would log the internal (unquoted) form:
|
||||
|
||||
from=<name with spaces@example.com>
|
||||
|
||||
The external and internal forms are identical for the vast majority
|
||||
of email addresses that contain no spaces or other special characters
|
||||
in the localpart.
|
||||
|
||||
Specify "info_log_address_format = internal" for backwards
|
||||
compatibility.
|
||||
|
||||
The logging in external form is consistent with the address form
|
||||
that Postfix 3.2 and later prefer for table lookups. It is therefore
|
||||
the more useful form for non-debug logging.
|
||||
|
||||
[Incompat 20180826]
|
||||
The Postfix SMTP server announces CHUNKING (BDAT
|
||||
command) by default. In the unlikely case that this breaks some
|
||||
important remote SMTP client, disable the feature as follows:
|
||||
|
||||
/etc/postfix/main.cf:
|
||||
# The logging alternative:
|
||||
smtpd_discard_ehlo_keywords = chunking
|
||||
# The non-logging alternative:
|
||||
smtpd_discard_ehlo_keywords = chunking, silent_discard
|
||||
|
||||
See BDAT_README for more.
|
||||
|
||||
[Incompat 20190427]
|
||||
Postfix now normalizes IP addresses received
|
||||
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
|
||||
with direct connections to Postfix. This may change the appearance
|
||||
of logging, and the way that check_client_access will match subnets
|
||||
of an IPv6 address.
|
@ -1,13 +0,0 @@
|
||||
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
|
||||
index 5f559b4..86a8b01 100644
|
||||
--- a/src/posttls-finger/posttls-finger.c
|
||||
+++ b/src/posttls-finger/posttls-finger.c
|
||||
@@ -1409,7 +1409,7 @@ static int connect_dest(STATE *state)
|
||||
*/
|
||||
if (state->smtp == 0) {
|
||||
if (strncmp(dest, "unix:", 5) == 0) {
|
||||
- connect_unix(state, dest + 5);
|
||||
+ state->stream = connect_unix(state, dest + 5);
|
||||
if (!state->stream)
|
||||
msg_info("Failed to establish session to %s: %s",
|
||||
dest, vstring_str(state->why->reason));
|
@ -1,13 +0,0 @@
|
||||
diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
|
||||
index 1ea98b3..1bfeb7e 100644
|
||||
--- a/src/dns/dns_lookup.c
|
||||
+++ b/src/dns/dns_lookup.c
|
||||
@@ -396,7 +396,7 @@ static int dns_res_search(const char *name, int class, int type,
|
||||
if (keep_notfound)
|
||||
/* Prepare for returning a null-padded server reply. */
|
||||
memset(answer, 0, anslen);
|
||||
- len = res_query(name, class, type, answer, anslen);
|
||||
+ len = res_search(name, class, type, answer, anslen);
|
||||
/* Begin API creep workaround. */
|
||||
if (len < 0 && h_errno == 0) {
|
||||
SET_H_ERRNO(TRY_AGAIN);
|
@ -1,124 +0,0 @@
|
||||
--- postfix-3.3.1/man/man5/postconf.5
|
||||
+++ postfix-3.3.2/man/man5/postconf.5
|
||||
@@ -8076,6 +8077,9 @@
|
||||
"SSLv3"). The latest patch levels of Postfix >= 2.6, and all
|
||||
versions of Postfix >= 2.10 can explicitly disable support for
|
||||
"TLSv1.1" or "TLSv1.2".
|
||||
+.PP
|
||||
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3".
|
||||
.PP
|
||||
At the dane and
|
||||
dane\-only security
|
||||
@@ -8391,6 +8397,9 @@
|
||||
and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
|
||||
versions of Postfix >= 2.10 can explicitly disable support for
|
||||
"TLSv1.1" or "TLSv1.2"
|
||||
+.PP
|
||||
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3".
|
||||
.PP
|
||||
To include a protocol list its name, to exclude it, prefix the name
|
||||
with a "!" character. To exclude SSLv2 for opportunistic TLS set
|
||||
@@ -11669,6 +11679,9 @@
|
||||
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
|
||||
"TLSv1.2".
|
||||
.PP
|
||||
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3".
|
||||
+.PP
|
||||
Example:
|
||||
.PP
|
||||
.nf
|
||||
@@ -11697,6 +11711,9 @@
|
||||
and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
|
||||
versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
|
||||
"TLSv1.2".
|
||||
+.PP
|
||||
+OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3".
|
||||
.PP
|
||||
To include a protocol list its name, to exclude it, prefix the name
|
||||
with a "!" character. To exclude SSLv2 for opportunistic TLS set
|
||||
--- postfix-3.3.1/proto/postconf.proto
|
||||
+++ postfix-3.3.2/proto/postconf.proto
|
||||
@@ -11208,6 +11210,9 @@
|
||||
"SSLv3"). The latest patch levels of Postfix ≥ 2.6, and all
|
||||
versions of Postfix ≥ 2.10 can explicitly disable support for
|
||||
"TLSv1.1" or "TLSv1.2". </p>
|
||||
+
|
||||
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3". </p>
|
||||
|
||||
<p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
|
||||
<a href="TLS_README.html#client_tls_dane">dane-only</a> security
|
||||
@@ -11405,6 +11411,9 @@
|
||||
disabled. The latest patch levels of Postfix ≥ 2.6, and all
|
||||
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
|
||||
"TLSv1.2". </p>
|
||||
+
|
||||
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3". </p>
|
||||
|
||||
<p> Example: </p>
|
||||
|
||||
@@ -12561,6 +12573,9 @@
|
||||
and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
|
||||
versions of Postfix ≥ 2.10 can explicitly disable support for
|
||||
"TLSv1.1" or "TLSv1.2"</p>
|
||||
+
|
||||
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3". </p>
|
||||
|
||||
<p> To include a protocol list its name, to exclude it, prefix the name
|
||||
with a "!" character. To exclude SSLv2 for opportunistic TLS set
|
||||
@@ -12593,6 +12609,9 @@
|
||||
and "TLSv1.2". The latest patch levels of Postfix ≥ 2.6, and all
|
||||
versions of Postfix ≥ 2.10 can disable support for "TLSv1.1" or
|
||||
"TLSv1.2". </p>
|
||||
+
|
||||
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3". With Postfix
|
||||
+this can be disabled, if need be, via "!TLSv1.3". </p>
|
||||
|
||||
<p> To include a protocol list its name, to exclude it, prefix the name
|
||||
with a "!" character. To exclude SSLv2 for opportunistic TLS set
|
||||
--- postfix-3.3.1/src/tls/tls.h
|
||||
+++ postfix-3.3.2/src/tls/tls.h
|
||||
@@ -372,10 +415,15 @@
|
||||
#define SSL_OP_NO_TLSv1_2 0L /* Noop */
|
||||
#endif
|
||||
|
||||
-#ifdef SSL_TXT_TLSV1_3
|
||||
+ /*
|
||||
+ * OpenSSL 1.1.1 does not define a TXT macro for TLS 1.3, so we roll our
|
||||
+ * own.
|
||||
+ */
|
||||
+#define TLS_PROTOCOL_TXT_TLSV1_3 "TLSv1.3"
|
||||
+
|
||||
+#if defined(TLS1_3_VERSION) && defined(SSL_OP_NO_TLSv1_3)
|
||||
#define TLS_PROTOCOL_TLSv1_3 (1<<5) /* TLSv1_3 */
|
||||
#else
|
||||
-#define SSL_TXT_TLSV1_3 "TLSv1.3"
|
||||
#define TLS_PROTOCOL_TLSv1_3 0 /* Unknown */
|
||||
#undef SSL_OP_NO_TLSv1_3
|
||||
#define SSL_OP_NO_TLSv1_3 0L /* Noop */
|
||||
@@ -383,7 +431,7 @@
|
||||
|
||||
#define TLS_KNOWN_PROTOCOLS \
|
||||
( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
|
||||
- | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 )
|
||||
+ | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 )
|
||||
#define TLS_SSL_OP_PROTOMASK(m) \
|
||||
((((m) & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L) \
|
||||
| (((m) & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) \
|
||||
--- postfix-3.3.1/src/tls/tls_misc.c
|
||||
+++ postfix-3.3.2/src/tls/tls_misc.c
|
||||
@@ -279,7 +306,7 @@
|
||||
SSL_TXT_TLSV1, TLS_PROTOCOL_TLSv1,
|
||||
SSL_TXT_TLSV1_1, TLS_PROTOCOL_TLSv1_1,
|
||||
SSL_TXT_TLSV1_2, TLS_PROTOCOL_TLSv1_2,
|
||||
- SSL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
|
||||
+ TLS_PROTOCOL_TXT_TLSV1_3, TLS_PROTOCOL_TLSv1_3,
|
||||
0, TLS_PROTOCOL_INVALID,
|
||||
};
|
||||
|
@ -1,8 +1,8 @@
|
||||
diff --git a/conf/post-install b/conf/post-install
|
||||
index 904cefa..5f1039b 100644
|
||||
index 25ef7e6..4fd6434 100644
|
||||
--- a/conf/post-install
|
||||
+++ b/conf/post-install
|
||||
@@ -532,6 +532,17 @@ test -n "$create" && {
|
||||
@@ -537,6 +537,17 @@ test -n "$create" && {
|
||||
case $path in
|
||||
no|no/*) continue;;
|
||||
esac
|
@ -1,5 +1,5 @@
|
||||
diff --git a/conf/postfix-files b/conf/postfix-files
|
||||
index a433f4f..3ecdb5b 100644
|
||||
index 4ed9d1f..19711d2 100644
|
||||
--- a/conf/postfix-files
|
||||
+++ b/conf/postfix-files
|
||||
@@ -83,7 +83,6 @@ $shlib_directory/${LIB_PREFIX}sqlite${LIB_SUFFIX}:f:root:-:755
|
||||
@ -10,7 +10,7 @@ index a433f4f..3ecdb5b 100644
|
||||
$meta_directory/master.cf.proto:f:root:-:644
|
||||
$meta_directory/postfix-files.d:d:root:-:755
|
||||
$meta_directory/postfix-files:f:root:-:644
|
||||
@@ -140,18 +139,13 @@ $command_directory/postqueue:f:root:$setgid_group:2755:u
|
||||
@@ -141,18 +140,13 @@ $command_directory/postqueue:f:root:$setgid_group:2755:u
|
||||
$sendmail_path:f:root:-:755
|
||||
$newaliases_path:l:$sendmail_path
|
||||
$mailq_path:l:$sendmail_path
|
||||
@ -29,7 +29,7 @@ index a433f4f..3ecdb5b 100644
|
||||
$config_directory/main.cf:f:root:-:644:p
|
||||
$config_directory/master.cf:f:root:-:644:p
|
||||
$config_directory/pcre_table:f:root:-:644:o
|
||||
@@ -164,8 +158,8 @@ $config_directory/postfix-script:f:root:-:755:o
|
||||
@@ -165,8 +159,8 @@ $config_directory/postfix-script:f:root:-:755:o
|
||||
$config_directory/postfix-script-sgid:f:root:-:755:o
|
||||
$config_directory/postfix-script-nosgid:f:root:-:755:o
|
||||
$config_directory/post-install:f:root:-:755:o
|
||||
@ -40,7 +40,7 @@ index a433f4f..3ecdb5b 100644
|
||||
$manpage_directory/man1/postalias.1:f:root:-:644
|
||||
$manpage_directory/man1/postcat.1:f:root:-:644
|
||||
$manpage_directory/man1/postconf.1:f:root:-:644
|
||||
@@ -179,9 +173,9 @@ $manpage_directory/man1/postmap.1:f:root:-:644
|
||||
@@ -180,9 +174,9 @@ $manpage_directory/man1/postmap.1:f:root:-:644
|
||||
$manpage_directory/man1/postmulti.1:f:root:-:644
|
||||
$manpage_directory/man1/postqueue.1:f:root:-:644
|
||||
$manpage_directory/man1/postsuper.1:f:root:-:644
|
||||
@ -52,7 +52,7 @@ index a433f4f..3ecdb5b 100644
|
||||
$manpage_directory/man5/body_checks.5:f:root:-:644
|
||||
$manpage_directory/man5/bounce.5:f:root:-:644
|
||||
$manpage_directory/man5/canonical.5:f:root:-:644
|
||||
@@ -228,7 +222,7 @@ $manpage_directory/man8/qmqpd.8:f:root:-:644
|
||||
@@ -230,7 +224,7 @@ $manpage_directory/man8/qmqpd.8:f:root:-:644
|
||||
$manpage_directory/man8/scache.8:f:root:-:644
|
||||
$manpage_directory/man8/showq.8:f:root:-:644
|
||||
$manpage_directory/man8/smtp.8:f:root:-:644
|
@ -21,10 +21,10 @@ index 50a4aa7..beef3db 100644
|
||||
if (msg_verbose)
|
||||
msg_info("%s: %s: block size %lu, blocks free %lu",
|
||||
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
|
||||
index 3f570c4..611d9cd 100644
|
||||
index a8d2571..ad07498 100644
|
||||
--- a/src/util/sys_defs.h
|
||||
+++ b/src/util/sys_defs.h
|
||||
@@ -768,8 +768,8 @@ extern int initgroups(const char *, int);
|
||||
@@ -769,8 +769,8 @@ extern int initgroups(const char *, int);
|
||||
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
|
||||
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
|
||||
#define FIONREAD_IN_TERMIOS_H
|
35
SOURCES/postfix-3.4.4-chroot-example-fix.patch
Normal file
35
SOURCES/postfix-3.4.4-chroot-example-fix.patch
Normal file
@ -0,0 +1,35 @@
|
||||
--- a/examples/chroot-setup/LINUX2 2006-01-01 15:53:58.000000000 -0800
|
||||
+++ b/examples/chroot-setup/LINUX2 2016-11-27 00:45:52.145301784 -0800
|
||||
@@ -45,14 +45,14 @@
|
||||
# 20060101 /lib64 support by Keith Owens.
|
||||
#
|
||||
|
||||
-CP="cp -p"
|
||||
+CP="cp -p -Z"
|
||||
|
||||
cond_copy() {
|
||||
# find files as per pattern in $1
|
||||
# if any, copy to directory $2
|
||||
dir=`dirname "$1"`
|
||||
pat=`basename "$1"`
|
||||
- lr=`find "$dir" -maxdepth 1 -name "$pat"`
|
||||
+ lr=`find "$dir/" -maxdepth 1 -name "$pat"`
|
||||
if test ! -d "$2" ; then exit 1 ; fi
|
||||
if test "x$lr" != "x" ; then $CP $1 "$2" ; fi
|
||||
}
|
||||
@@ -63,8 +63,8 @@
|
||||
POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix}
|
||||
cd ${POSTFIX_DIR}
|
||||
|
||||
-mkdir -p etc lib usr/lib/zoneinfo
|
||||
-test -d /lib64 && mkdir -p lib64
|
||||
+mkdir -p -Z etc lib usr/lib/zoneinfo
|
||||
+test -d /lib64 && mkdir -p -Z lib64
|
||||
|
||||
# find localtime (SuSE 5.3 does not have /etc/localtime)
|
||||
lt=/etc/localtime
|
||||
@@ -88,4 +88,3 @@
|
||||
cond_copy '/lib64/libdb.so*' lib64
|
||||
fi
|
||||
|
||||
-postfix reload
|
@ -1,5 +1,5 @@
|
||||
diff --git a/conf/main.cf b/conf/main.cf
|
||||
index 7af8bde..fbe5c62 100644
|
||||
index 7af8bde..495e346 100644
|
||||
--- a/conf/main.cf
|
||||
+++ b/conf/main.cf
|
||||
@@ -132,6 +132,10 @@ mail_owner = postfix
|
||||
@ -123,15 +123,15 @@ index 7af8bde..fbe5c62 100644
|
||||
+#
|
||||
+smtp_tls_security_level = may
|
||||
diff --git a/conf/master.cf b/conf/master.cf
|
||||
index b67ed59..a9633ba 100644
|
||||
index c0f2508..05c5d07 100644
|
||||
--- a/conf/master.cf
|
||||
+++ b/conf/master.cf
|
||||
@@ -96,14 +96,14 @@ scache unix - - n - 1 scache
|
||||
@@ -98,14 +98,14 @@ postlog unix-dgram n - n - 1 postlogd
|
||||
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||
#
|
||||
#cyrus unix - n n - - pipe
|
||||
-# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
+# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
-# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
+# flags=DRX user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||
#
|
||||
# ====================================================================
|
||||
#
|
158
SOURCES/postfix-3.5.8-back-compat-3.3.1.patch
Normal file
158
SOURCES/postfix-3.5.8-back-compat-3.3.1.patch
Normal file
@ -0,0 +1,158 @@
|
||||
diff --git a/src/global/mail_params.c b/src/global/mail_params.c
|
||||
index 91c70f7..483613c 100644
|
||||
--- a/src/global/mail_params.c
|
||||
+++ b/src/global/mail_params.c
|
||||
@@ -379,6 +379,8 @@ int warn_compat_break_smtputf8_enable;
|
||||
int warn_compat_break_chroot;
|
||||
int warn_compat_break_relay_restrictions;
|
||||
|
||||
+bool var_rhel_ipv6_normalize;
|
||||
+
|
||||
/* check_myhostname - lookup hostname and validate */
|
||||
|
||||
static const char *check_myhostname(void)
|
||||
@@ -825,6 +827,7 @@ void mail_params_init()
|
||||
VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
|
||||
VAR_STRICT_SMTPUTF8, DEF_STRICT_SMTPUTF8, &var_strict_smtputf8,
|
||||
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
|
||||
+ VAR_RHEL_IPV6_NORMALIZE, DEF_RHEL_IPV6_NORMALIZE, &var_rhel_ipv6_normalize,
|
||||
0,
|
||||
};
|
||||
const char *cp;
|
||||
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
|
||||
index e4358ca..74459d9 100644
|
||||
--- a/src/global/mail_params.h
|
||||
+++ b/src/global/mail_params.h
|
||||
@@ -3153,7 +3153,7 @@ extern char *var_local_rwr_clients;
|
||||
* EHLO keyword filter.
|
||||
*/
|
||||
#define VAR_SMTPD_EHLO_DIS_WORDS "smtpd_discard_ehlo_keywords"
|
||||
-#define DEF_SMTPD_EHLO_DIS_WORDS ""
|
||||
+#define DEF_SMTPD_EHLO_DIS_WORDS "chunking"
|
||||
extern char *var_smtpd_ehlo_dis_words;
|
||||
|
||||
#define VAR_SMTPD_EHLO_DIS_MAPS "smtpd_discard_ehlo_keyword_address_maps"
|
||||
@@ -4199,9 +4199,13 @@ extern int var_postlogd_watchdog;
|
||||
#define INFO_LOG_ADDR_FORM_NAME_INTERNAL "internal"
|
||||
|
||||
#define VAR_INFO_LOG_ADDR_FORM "info_log_address_format"
|
||||
-#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_EXTERNAL
|
||||
+#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_INTERNAL
|
||||
extern char *var_info_log_addr_form;
|
||||
|
||||
+#define VAR_RHEL_IPV6_NORMALIZE "rhel_ipv6_normalize"
|
||||
+#define DEF_RHEL_IPV6_NORMALIZE 0
|
||||
+extern bool var_rhel_ipv6_normalize;
|
||||
+
|
||||
/* LICENSE
|
||||
/* .ad
|
||||
/* .fi
|
||||
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
|
||||
index da7227f..53e640e 100644
|
||||
--- a/src/smtpd/smtpd.c
|
||||
+++ b/src/smtpd/smtpd.c
|
||||
@@ -4334,6 +4334,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
||||
SMTPD_TOKEN *argp;
|
||||
char *raw_value;
|
||||
char *attr_value;
|
||||
+ const char *bare_value;
|
||||
char *attr_name;
|
||||
int update_namaddr = 0;
|
||||
int name_status;
|
||||
@@ -4481,15 +4482,31 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
||||
UPDATE_STR(state->addr, attr_value);
|
||||
UPDATE_STR(state->rfc_addr, attr_value);
|
||||
} else {
|
||||
- neuter(attr_value, NEUTER_CHARACTERS, '?');
|
||||
- if (normalize_mailhost_addr(attr_value, &state->rfc_addr,
|
||||
+ if (var_rhel_ipv6_normalize) {
|
||||
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
|
||||
+ }
|
||||
+ if ((var_rhel_ipv6_normalize &&
|
||||
+ normalize_mailhost_addr(attr_value, &state->rfc_addr,
|
||||
&state->addr,
|
||||
- &state->addr_family) < 0) {
|
||||
+ &state->addr_family) < 0) ||
|
||||
+ (!var_rhel_ipv6_normalize &&
|
||||
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
|
||||
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
||||
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
|
||||
XCLIENT_ADDR, attr_value);
|
||||
return (-1);
|
||||
}
|
||||
+ if (!var_rhel_ipv6_normalize) {
|
||||
+ UPDATE_STR(state->addr, bare_value);
|
||||
+ UPDATE_STR(state->rfc_addr, attr_value);
|
||||
+#ifdef HAS_IPV6
|
||||
+ if (strncasecmp(attr_value, INET_PROTO_NAME_IPV6 ":",
|
||||
+ sizeof(INET_PROTO_NAME_IPV6 ":") - 1) == 0)
|
||||
+ state->addr_family = AF_INET6;
|
||||
+ else
|
||||
+#endif
|
||||
+ state->addr_family = AF_INET;
|
||||
+ }
|
||||
}
|
||||
update_namaddr = 1;
|
||||
}
|
||||
@@ -4569,17 +4586,25 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
||||
attr_value = SERVER_ADDR_UNKNOWN;
|
||||
UPDATE_STR(state->dest_addr, attr_value);
|
||||
} else {
|
||||
+ if (var_rhel_ipv6_normalize) {
|
||||
#define NO_NORM_RFC_ADDR ((char **) 0)
|
||||
#define NO_NORM_ADDR_FAMILY ((int *) 0)
|
||||
- neuter(attr_value, NEUTER_CHARACTERS, '?');
|
||||
- if (normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
|
||||
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
|
||||
+ }
|
||||
+ if ((var_rhel_ipv6_normalize &&
|
||||
+ normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
|
||||
&state->dest_addr,
|
||||
- NO_NORM_ADDR_FAMILY) < 0) {
|
||||
+ NO_NORM_ADDR_FAMILY) < 0) ||
|
||||
+ (!var_rhel_ipv6_normalize &&
|
||||
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
|
||||
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
||||
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
|
||||
XCLIENT_DESTADDR, attr_value);
|
||||
return (-1);
|
||||
}
|
||||
+ if (!var_rhel_ipv6_normalize) {
|
||||
+ UPDATE_STR(state->dest_addr, bare_value);
|
||||
+ }
|
||||
}
|
||||
/* XXX Require same address family as client address. */
|
||||
}
|
||||
@@ -4690,6 +4715,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
||||
SMTPD_TOKEN *argp;
|
||||
char *raw_value;
|
||||
char *attr_value;
|
||||
+ const char *bare_value;
|
||||
char *attr_name;
|
||||
int updated = 0;
|
||||
static const NAME_CODE xforward_flags[] = {
|
||||
@@ -4808,15 +4834,22 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
|
||||
UPDATE_STR(state->xforward.addr, attr_value);
|
||||
} else {
|
||||
neuter(attr_value, NEUTER_CHARACTERS, '?');
|
||||
- if (normalize_mailhost_addr(attr_value,
|
||||
+ if ((var_rhel_ipv6_normalize &&
|
||||
+ normalize_mailhost_addr(attr_value,
|
||||
&state->xforward.rfc_addr,
|
||||
&state->xforward.addr,
|
||||
- NO_NORM_ADDR_FAMILY) < 0) {
|
||||
+ NO_NORM_ADDR_FAMILY) < 0) ||
|
||||
+ (!var_rhel_ipv6_normalize &&
|
||||
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
|
||||
state->error_mask |= MAIL_ERROR_PROTOCOL;
|
||||
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
|
||||
XFORWARD_ADDR, attr_value);
|
||||
return (-1);
|
||||
}
|
||||
+ if (!var_rhel_ipv6_normalize) {
|
||||
+ UPDATE_STR(state->xforward.addr, bare_value);
|
||||
+ UPDATE_STR(state->xforward.rfc_addr, attr_value);
|
||||
+ }
|
||||
}
|
||||
break;
|
||||
|
@ -6,6 +6,7 @@
|
||||
%bcond_without sqlite
|
||||
%bcond_without cdb
|
||||
%bcond_without ldap
|
||||
%bcond_without lmdb
|
||||
%bcond_without pcre
|
||||
%bcond_without sasl
|
||||
%bcond_without tls
|
||||
@ -47,13 +48,13 @@
|
||||
|
||||
Name: postfix
|
||||
Summary: Postfix Mail Transport Agent
|
||||
Version: 3.3.1
|
||||
Release: 12%{?dist}.1
|
||||
Version: 3.5.8
|
||||
Release: 1%{?dist}
|
||||
Epoch: 2
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.postfix.org
|
||||
License: (IBM and GPLv2+) or (EPL-2.0 and GPLv2+)
|
||||
Requires(post): systemd
|
||||
Requires(post): systemd hostname
|
||||
Requires(post): %{_sbindir}/alternatives
|
||||
Requires(post): %{_bindir}/openssl
|
||||
Requires(post): %{_bindir}/hostname
|
||||
@ -63,7 +64,7 @@ Requires(preun): %{_sbindir}/alternatives
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
# Required by /usr/libexec/postfix/postfix-script
|
||||
Requires: diffutils
|
||||
Requires: diffutils, findutils
|
||||
Provides: MTA smtpd smtpdaemon server(smtp)
|
||||
|
||||
Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz
|
||||
@ -71,6 +72,7 @@ Source2: postfix.service
|
||||
Source3: README-Postfix-SASL-RedHat.txt
|
||||
Source4: postfix.aliasesdb
|
||||
Source5: postfix-chroot-update
|
||||
Source6: README-RedHat.txt
|
||||
|
||||
# Sources 50-99 are upstream [patch] contributions
|
||||
|
||||
@ -86,17 +88,15 @@ Source101: postfix-pam.conf
|
||||
|
||||
# Patches
|
||||
|
||||
Patch1: postfix-3.2.0-config.patch
|
||||
Patch2: postfix-3.1.0-files.patch
|
||||
Patch3: postfix-3.1.0-alternatives.patch
|
||||
Patch4: postfix-3.2.0-large-fs.patch
|
||||
Patch5: postfix-3.3.1-posttls-finger-unix-fix.patch
|
||||
Patch1: postfix-3.5.0-config.patch
|
||||
Patch2: postfix-3.4.0-files.patch
|
||||
Patch3: postfix-3.3.3-alternatives.patch
|
||||
Patch4: postfix-3.4.0-large-fs.patch
|
||||
Patch9: pflogsumm-1.1.5-datecalc.patch
|
||||
# rhbz#1384871, sent upstream
|
||||
Patch10: pflogsumm-1.1.5-ipv6-warnings-fix.patch
|
||||
# rhbz#1723950, included upstream
|
||||
Patch11: postfix-3.3.1-ref-search-fix.patch
|
||||
Patch12: postfix-3.3.1-tlsv13.patch
|
||||
Patch11: postfix-3.4.4-chroot-example-fix.patch
|
||||
Patch12: postfix-3.5.8-back-compat-3.3.1.patch
|
||||
|
||||
# Optional patches - set the appropriate environment variables to include
|
||||
# them when building the package/spec file
|
||||
@ -105,9 +105,10 @@ Patch12: postfix-3.3.1-tlsv13.patch
|
||||
# Determine the different packages required for building postfix
|
||||
BuildRequires: libdb-devel, perl-generators, pkgconfig, zlib-devel
|
||||
BuildRequires: systemd-units, libicu-devel, libnsl2-devel
|
||||
BuildRequires: gcc, m4
|
||||
BuildRequires: gcc, m4, findutils
|
||||
|
||||
%{?with_ldap:BuildRequires: openldap-devel}
|
||||
%{?with_lmdb:BuildRequires: lmdb-devel}
|
||||
%{?with_sasl:BuildRequires: cyrus-sasl-devel}
|
||||
%{?with_pcre:BuildRequires: pcre-devel}
|
||||
%{?with_mysql:BuildRequires: mariadb-connector-c-devel}
|
||||
@ -190,6 +191,16 @@ This provides support for LDAP maps in Postfix. If you plan to use LDAP
|
||||
maps with Postfix, you need this.
|
||||
%endif
|
||||
|
||||
%if %{with lmdb}
|
||||
%package lmdb
|
||||
Summary: Postfix LDMB map support
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description lmdb
|
||||
This provides support for LMDB maps in Postfix. If you plan to use LMDB
|
||||
maps with Postfix, you need this.
|
||||
%endif
|
||||
|
||||
%if %{with pcre}
|
||||
%package pcre
|
||||
Summary: Postfix PCRE map support
|
||||
@ -207,7 +218,6 @@ maps with Postfix, you need this.
|
||||
%patch2 -p1 -b .files
|
||||
%patch3 -p1 -b .alternatives
|
||||
%patch4 -p1 -b .large-fs
|
||||
%patch5 -p1 -b .posttls-finger-unix-fix
|
||||
|
||||
# Change DEF_SHLIB_DIR according to build host
|
||||
sed -i \
|
||||
@ -221,8 +231,10 @@ pushd pflogsumm-%{pflogsumm_ver}
|
||||
%patch10 -p1 -b .ipv6-warnings-fix
|
||||
popd
|
||||
%endif
|
||||
%patch11 -p1 -b .ref-search-fix
|
||||
%patch12 -p1 -b .tlsv13
|
||||
%patch11 -p1 -b .chroot-example-fix
|
||||
# Improve backward compatibility with postfix-3.3.1,
|
||||
# for details see rhbz#1688389
|
||||
%patch12 -p1 -b .back-compat-3.3.1
|
||||
|
||||
for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
|
||||
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
|
||||
@ -230,8 +242,8 @@ for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
|
||||
done
|
||||
|
||||
%build
|
||||
unset AUXLIBS AUXLIBS_LDAP AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB
|
||||
CCARGS="-fPIC"
|
||||
unset AUXLIBS AUXLIBS_LDAP AUXLIBS_LMDB AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB
|
||||
CCARGS="-fPIC -fcommon"
|
||||
AUXLIBS="-lnsl"
|
||||
|
||||
%ifarch s390 s390x ppc
|
||||
@ -242,6 +254,10 @@ CCARGS="${CCARGS} -fsigned-char"
|
||||
CCARGS="${CCARGS} -DHAS_LDAP -DLDAP_DEPRECATED=1 %{?with_sasl:-DUSE_LDAP_SASL}"
|
||||
AUXLIBS_LDAP="-lldap -llber"
|
||||
%endif
|
||||
%if %{with lmdb}
|
||||
CCARGS="${CCARGS} -DHAS_LMDB"
|
||||
AUXLIBS_LMDB="-llmdb"
|
||||
%endif
|
||||
%if %{with pcre}
|
||||
# -I option required for pcre 3.4 (and later?)
|
||||
CCARGS="${CCARGS} -DHAS_PCRE -I%{_includedir}/pcre"
|
||||
@ -292,19 +308,17 @@ LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-Wl,-z,relro,-z,now}"
|
||||
# way how to get them in
|
||||
make -f Makefile.init makefiles shared=yes dynamicmaps=yes \
|
||||
%{?_hardened_build:pie=yes} CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}" \
|
||||
AUXLIBS_LDAP="${AUXLIBS_LDAP}" AUXLIBS_PCRE="${AUXLIBS_PCRE}" \
|
||||
AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" \
|
||||
AUXLIBS_SQLITE="${AUXLIBS_SQLITE}" AUXLIBS_CDB="${AUXLIBS_CDB}"\
|
||||
AUXLIBS_LDAP="${AUXLIBS_LDAP}" AUXLIBS_LMDB="${AUXLIBS_LMDB}" \
|
||||
AUXLIBS_PCRE="${AUXLIBS_PCRE}" AUXLIBS_MYSQL="${AUXLIBS_MYSQL}" \
|
||||
AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" AUXLIBS_SQLITE="${AUXLIBS_SQLITE}" \
|
||||
AUXLIBS_CDB="${AUXLIBS_CDB}" \
|
||||
DEBUG="" SHLIB_RPATH="-Wl,-rpath,%{postfix_shlib_dir} $LDFLAGS" \
|
||||
OPT="$RPM_OPT_FLAGS -fno-strict-aliasing -Wno-comment" \
|
||||
POSTFIX_INSTALL_OPTS=-keep-build-mtime
|
||||
|
||||
make %{?_smp_mflags}
|
||||
%make_build
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT
|
||||
|
||||
# install postfix into $RPM_BUILD_ROOT
|
||||
|
||||
# Move stuff around so we don't conflict with sendmail
|
||||
@ -344,8 +358,8 @@ for i in active bounce corrupt defer deferred flush incoming private saved maild
|
||||
mkdir -p $RPM_BUILD_ROOT%{postfix_queue_dir}/$i
|
||||
done
|
||||
|
||||
# install performance benchmark tools by hand
|
||||
for i in smtp-sink smtp-source ; do
|
||||
# install performance benchmark and test tools by hand
|
||||
for i in smtp-sink smtp-source posttls-finger ; do
|
||||
install -c -m 755 bin/$i $RPM_BUILD_ROOT%{postfix_command_dir}/
|
||||
install -c -m 755 man/man1/$i.1 $RPM_BUILD_ROOT%{_mandir}/man1/
|
||||
done
|
||||
@ -367,7 +381,7 @@ install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix
|
||||
|
||||
# prepare documentation
|
||||
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}
|
||||
cp -p %{SOURCE3} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
|
||||
cp -p %{SOURCE3} %{SOURCE6} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}/examples{,/chroot-setup}
|
||||
cp -pr examples/{qmail-local,smtpd-policy} $RPM_BUILD_ROOT%{postfix_doc_dir}/examples
|
||||
@ -422,7 +436,7 @@ function split_file
|
||||
# split global dynamic maps configuration to individual sub-packages
|
||||
pushd $RPM_BUILD_ROOT%{postfix_config_dir}
|
||||
for map in %{?with_mysql:mysql} %{?with_pgsql:pgsql} %{?with_sqlite:sqlite} \
|
||||
%{?with_cdb:cdb} %{?with_ldap:ldap} %{?with_pcre:pcre}; do
|
||||
%{?with_cdb:cdb} %{?with_ldap:ldap} %{?with_lmdb:lmdb} %{?with_pcre:pcre}; do
|
||||
rm -f dynamicmaps.cf.d/"$map" "postfix-files.d/$map"
|
||||
split_file "^\s*$map\b" "$map" dynamicmaps.cf
|
||||
sed -i "s|postfix-$map\\.so|%{postfix_shlib_dir}/\\0|" "dynamicmaps.cf.d/$map"
|
||||
@ -557,6 +571,8 @@ exit 0
|
||||
%exclude %{postfix_doc_dir}/README_FILES/CDB_README
|
||||
%exclude %{_mandir}/man5/ldap_table.5*
|
||||
%exclude %{postfix_doc_dir}/README_FILES/LDAP_README
|
||||
%exclude %{_mandir}/man5/lmdb_table.5*
|
||||
%exclude %{postfix_doc_dir}/README_FILES/LMDB_README
|
||||
%exclude %{_mandir}/man5/pcre_table.5*
|
||||
%exclude %{postfix_doc_dir}/README_FILES/PCRE_README
|
||||
|
||||
@ -597,6 +613,7 @@ exit 0
|
||||
|
||||
%attr(0755, root, root) %{postfix_command_dir}/smtp-sink
|
||||
%attr(0755, root, root) %{postfix_command_dir}/smtp-source
|
||||
%attr(0755, root, root) %{postfix_command_dir}/posttls-finger
|
||||
|
||||
%attr(0755, root, root) %{postfix_command_dir}/postalias
|
||||
%attr(0755, root, root) %{postfix_command_dir}/postcat
|
||||
@ -633,6 +650,7 @@ exit 0
|
||||
%attr(0755, root, root) %{postfix_daemon_dir}/postfix-wrapper
|
||||
%attr(0755, root, root) %{postfix_daemon_dir}/postmulti-script
|
||||
%attr(0755, root, root) %{postfix_daemon_dir}/postscreen
|
||||
%attr(0755, root, root) %{postfix_daemon_dir}/postlogd
|
||||
%attr(0755, root, root) %{postfix_daemon_dir}/proxymap
|
||||
%attr(0755, root, root) %{postfix_shlib_dir}/libpostfix-*.so
|
||||
%{_bindir}/mailq.postfix
|
||||
@ -711,6 +729,15 @@ exit 0
|
||||
%attr(0644, root, root) %{postfix_doc_dir}/README_FILES/LDAP_README
|
||||
%endif
|
||||
|
||||
%if %{with lmdb}
|
||||
%files lmdb
|
||||
%attr(0644, root, root) %{postfix_config_dir}/dynamicmaps.cf.d/lmdb
|
||||
%attr(0644, root, root) %{postfix_config_dir}/postfix-files.d/lmdb
|
||||
%attr(0755, root, root) %{postfix_shlib_dir}/postfix-lmdb.so
|
||||
%attr(0644, root, root) %{_mandir}/man5/lmdb_table.5*
|
||||
%attr(0644, root, root) %{postfix_doc_dir}/README_FILES/LMDB_README
|
||||
%endif
|
||||
|
||||
%if %{with pcre}
|
||||
%files pcre
|
||||
%attr(0644, root, root) %{postfix_config_dir}/dynamicmaps.cf.d/pcre
|
||||
@ -721,9 +748,9 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jan 26 2021 Jan Zerdik <jzerdik@redhat.com> - 2:3.3.1-12.1
|
||||
- Backported support for disabling of TLSv1.3
|
||||
Resolves: rhbz#1919233
|
||||
* Fri Nov 13 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
|
||||
- New version
|
||||
Resolves: rhbz#1688389
|
||||
|
||||
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-12
|
||||
- Fixed DNS resolver to use ref_search instead of ref_query
|
||||
|
Loading…
Reference in New Issue
Block a user