Compare commits

..

No commits in common. "c10s-rhel-104882" and "c8" have entirely different histories.

35 changed files with 2009 additions and 904 deletions

View File

@ -1 +0,0 @@
1

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
/pflogsumm-*.tar.gz
/postfix-*.tar.gz
SOURCES/pflogsumm-1.1.5.tar.gz
SOURCES/postfix-3.5.8.tar.gz

2
.postfix.metadata Normal file
View File

@ -0,0 +1,2 @@
d18daa19d725e64c2b7e6c8da458b2d563272645 SOURCES/pflogsumm-1.1.5.tar.gz
1dfb10729498be5d387dc730117c2a845dd93ac0 SOURCES/postfix-3.5.8.tar.gz

65
SOURCES/README-RedHat.txt Normal file
View File

@ -0,0 +1,65 @@
This Postfix build behaves differently from the upstream postfix-3.5.8.
It's because in RHEL-8 backward compatibility is kept to postfix-3.3.1.
For the upstream postfix-3.5.8 behavior either run the following commands:
# postconf info_log_address_format=external
# postconf smtpd_discard_ehlo_keywords=
# postconf rhel_ipv6_normalize=yes
Or go through the following steps:
1. Change the configuration option 'info_log_address_format' to 'external'.
In RHEL-8 it's by default set to 'internal' to mitigate [Incompat 20191109].
2. Change the configuration option 'smtpd_discard_ehlo_keywords' to ''.
In RHEL-8 it's by default set to 'chunking' to mitigate [Incompat 20180826].
3. Add RHEL-8 specific configuration option 'rhel_ipv6_normalize' and set it
to 'yes'. In RHEL-8 this option was added to mitigate [Incompat 20190427].
Details from the upstream RELEASE_NOTES:
[Incompat 20191109]
Postfix daemon processes now log the from= and
to= addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart contains
spaces or other special characters, the localpart will be quoted,
for example:
from=<"name with spaces"@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=<name with spaces@example.com>
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
[Incompat 20180826]
The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
See BDAT_README for more.
[Incompat 20190427]
Postfix now normalizes IP addresses received
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
with direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match subnets
of an IPv6 address.

View File

@ -21,10 +21,10 @@ index 50a4aa7..beef3db 100644
if (msg_verbose)
msg_info("%s: %s: block size %lu, blocks free %lu",
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
index 1fb449d..bcaac27 100644
index a8d2571..ad07498 100644
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -783,8 +783,8 @@ extern int initgroups(const char *, int);
@@ -769,8 +769,8 @@ extern int initgroups(const char *, int);
#define GETTIMEOFDAY(t) gettimeofday(t,(struct timezone *) 0)
#define ROOT_PATH "/bin:/usr/bin:/sbin:/usr/sbin"
#define FIONREAD_IN_TERMIOS_H

View File

@ -1,8 +1,8 @@
diff --git a/conf/main.cf b/conf/main.cf
index 2ee7996..336bd7b 100644
index 7af8bde..495e346 100644
--- a/conf/main.cf
+++ b/conf/main.cf
@@ -136,6 +136,10 @@ mail_owner = postfix
@@ -132,6 +132,10 @@ mail_owner = postfix
#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
@ -13,7 +13,7 @@ index 2ee7996..336bd7b 100644
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
@@ -180,7 +184,7 @@ mail_owner = postfix
@@ -176,7 +180,7 @@ mail_owner = postfix
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
@ -22,7 +22,7 @@ index 2ee7996..336bd7b 100644
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
@@ -407,7 +411,7 @@ unknown_local_recipient_reject_code = 550
@@ -398,7 +402,7 @@ unknown_local_recipient_reject_code = 550
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
@ -31,7 +31,7 @@ index 2ee7996..336bd7b 100644
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
@@ -418,7 +422,7 @@ unknown_local_recipient_reject_code = 550
@@ -409,7 +413,7 @@ unknown_local_recipient_reject_code = 550
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
@ -40,7 +40,7 @@ index 2ee7996..336bd7b 100644
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
@@ -488,7 +492,27 @@ unknown_local_recipient_reject_code = 550
@@ -479,7 +483,27 @@ unknown_local_recipient_reject_code = 550
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
@ -69,7 +69,7 @@ index 2ee7996..336bd7b 100644
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
@@ -508,8 +532,7 @@ unknown_local_recipient_reject_code = 550
@@ -499,8 +523,7 @@ unknown_local_recipient_reject_code = 550
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
@ -79,7 +79,7 @@ index 2ee7996..336bd7b 100644
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
@@ -682,4 +705,41 @@ sample_directory =
@@ -673,4 +696,41 @@ sample_directory =
# readme_directory: The location of the Postfix README files.
#
readme_directory =
@ -123,10 +123,10 @@ index 2ee7996..336bd7b 100644
+#
+smtp_tls_security_level = may
diff --git a/conf/master.cf b/conf/master.cf
index fd282dd..8d969c6 100644
index c0f2508..05c5d07 100644
--- a/conf/master.cf
+++ b/conf/master.cf
@@ -112,14 +112,14 @@ postlog unix-dgram n - n - 1 postlogd
@@ -98,14 +98,14 @@ postlog unix-dgram n - n - 1 postlogd
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,158 @@
diff --git a/src/global/mail_params.c b/src/global/mail_params.c
index 91c70f7..483613c 100644
--- a/src/global/mail_params.c
+++ b/src/global/mail_params.c
@@ -379,6 +379,8 @@ int warn_compat_break_smtputf8_enable;
int warn_compat_break_chroot;
int warn_compat_break_relay_restrictions;
+bool var_rhel_ipv6_normalize;
+
/* check_myhostname - lookup hostname and validate */
static const char *check_myhostname(void)
@@ -825,6 +827,7 @@ void mail_params_init()
VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
VAR_STRICT_SMTPUTF8, DEF_STRICT_SMTPUTF8, &var_strict_smtputf8,
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
+ VAR_RHEL_IPV6_NORMALIZE, DEF_RHEL_IPV6_NORMALIZE, &var_rhel_ipv6_normalize,
0,
};
const char *cp;
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index e4358ca..74459d9 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -3153,7 +3153,7 @@ extern char *var_local_rwr_clients;
* EHLO keyword filter.
*/
#define VAR_SMTPD_EHLO_DIS_WORDS "smtpd_discard_ehlo_keywords"
-#define DEF_SMTPD_EHLO_DIS_WORDS ""
+#define DEF_SMTPD_EHLO_DIS_WORDS "chunking"
extern char *var_smtpd_ehlo_dis_words;
#define VAR_SMTPD_EHLO_DIS_MAPS "smtpd_discard_ehlo_keyword_address_maps"
@@ -4199,9 +4199,13 @@ extern int var_postlogd_watchdog;
#define INFO_LOG_ADDR_FORM_NAME_INTERNAL "internal"
#define VAR_INFO_LOG_ADDR_FORM "info_log_address_format"
-#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_EXTERNAL
+#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_INTERNAL
extern char *var_info_log_addr_form;
+#define VAR_RHEL_IPV6_NORMALIZE "rhel_ipv6_normalize"
+#define DEF_RHEL_IPV6_NORMALIZE 0
+extern bool var_rhel_ipv6_normalize;
+
/* LICENSE
/* .ad
/* .fi
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
index da7227f..53e640e 100644
--- a/src/smtpd/smtpd.c
+++ b/src/smtpd/smtpd.c
@@ -4334,6 +4334,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
SMTPD_TOKEN *argp;
char *raw_value;
char *attr_value;
+ const char *bare_value;
char *attr_name;
int update_namaddr = 0;
int name_status;
@@ -4481,15 +4482,31 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
UPDATE_STR(state->addr, attr_value);
UPDATE_STR(state->rfc_addr, attr_value);
} else {
- neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value, &state->rfc_addr,
+ if (var_rhel_ipv6_normalize) {
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
+ }
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value, &state->rfc_addr,
&state->addr,
- &state->addr_family) < 0) {
+ &state->addr_family) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XCLIENT_ADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->addr, bare_value);
+ UPDATE_STR(state->rfc_addr, attr_value);
+#ifdef HAS_IPV6
+ if (strncasecmp(attr_value, INET_PROTO_NAME_IPV6 ":",
+ sizeof(INET_PROTO_NAME_IPV6 ":") - 1) == 0)
+ state->addr_family = AF_INET6;
+ else
+#endif
+ state->addr_family = AF_INET;
+ }
}
update_namaddr = 1;
}
@@ -4569,17 +4586,25 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
attr_value = SERVER_ADDR_UNKNOWN;
UPDATE_STR(state->dest_addr, attr_value);
} else {
+ if (var_rhel_ipv6_normalize) {
#define NO_NORM_RFC_ADDR ((char **) 0)
#define NO_NORM_ADDR_FAMILY ((int *) 0)
- neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
+ }
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
&state->dest_addr,
- NO_NORM_ADDR_FAMILY) < 0) {
+ NO_NORM_ADDR_FAMILY) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XCLIENT_DESTADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->dest_addr, bare_value);
+ }
}
/* XXX Require same address family as client address. */
}
@@ -4690,6 +4715,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
SMTPD_TOKEN *argp;
char *raw_value;
char *attr_value;
+ const char *bare_value;
char *attr_name;
int updated = 0;
static const NAME_CODE xforward_flags[] = {
@@ -4808,15 +4834,22 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
UPDATE_STR(state->xforward.addr, attr_value);
} else {
neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value,
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value,
&state->xforward.rfc_addr,
&state->xforward.addr,
- NO_NORM_ADDR_FAMILY) < 0) {
+ NO_NORM_ADDR_FAMILY) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XFORWARD_ADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->xforward.addr, bare_value);
+ UPDATE_STR(state->xforward.rfc_addr, attr_value);
+ }
}
break;

View File

@ -0,0 +1,32 @@
commit 9c7bcf991e2dd69d517be84d9594411c47e04562
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Fri May 5 12:48:21 2023 +0200
Fix build with kernel 6
diff --git a/makedefs b/makedefs
index aea15d6..ad93a5f 100644
--- a/makedefs
+++ b/makedefs
@@ -557,7 +557,7 @@ EOF
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
;;
- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
+ Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MAJOR
case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
index f3a3b26..e9d3546 100644
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -749,7 +749,7 @@ extern int initgroups(const char *, int);
/*
* LINUX.
*/
-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6)
#define SUPPORTED
#define UINT32_TYPE unsigned int
#define UINT16_TYPE unsigned short

View File

@ -0,0 +1,13 @@
diff --git a/src/cleanup/cleanup_message.c b/src/cleanup/cleanup_message.c
index 391c711..be5ce42 100644
--- a/src/cleanup/cleanup_message.c
+++ b/src/cleanup/cleanup_message.c
@@ -773,6 +773,8 @@ static void cleanup_header_done_callback(void *context)
/* Normalize whitespace. */
token = tok822_scan_limit(state->fullname, &dummy_token,
var_token_limit);
+ if (!token)
+ token = tok822_alloc(TOK822_QSTRING, state->fullname);
} else {
token = tok822_alloc(TOK822_QSTRING, state->fullname);
}

20
SOURCES/postfix.aliasesdb Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
make_aliasesdb() {
if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ]
then
# /etc/aliases.db may be used by other MTA, make sure nothing
# has touched it since our last newaliases call
[ /etc/aliases -nt /etc/aliases.db ] ||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] ||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] || return 0
/usr/bin/newaliases
touch -r /etc/aliases.db "$ALIASESDB_STAMP"
else
/usr/bin/newaliases
fi
}
make_aliasesdb

View File

@ -11,16 +11,12 @@ PrivateTmp=true
CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
ProtectSystem=true
PrivateDevices=true
ExecStartPre=!-/usr/sbin/restorecon -R /var/spool/postfix/pid
ExecStartPre=!-/usr/libexec/postfix/aliasesdb
ExecStartPre=!-/usr/libexec/postfix/chroot-update
ExecStart=!/usr/sbin/postfix start
ExecReload=!/usr/sbin/postfix reload
ExecStop=!/usr/sbin/postfix stop
User=postfix
Group=root
StateDirectory=postfix
StateDirectoryMode=0700
ExecStartPre=-/usr/sbin/restorecon -R /var/spool/postfix/pid
ExecStartPre=-/usr/libexec/postfix/aliasesdb
ExecStartPre=-/usr/libexec/postfix/chroot-update
ExecStart=/usr/sbin/postfix start
ExecReload=/usr/sbin/postfix reload
ExecStop=/usr/sbin/postfix stop
[Install]
WantedBy=multi-user.target

View File

@ -1,11 +1,6 @@
# plugins have unresolvable symbols in compile time
%undefine _strict_symbol_defs_build
%if 0%{?rhel} < 10
%bcond_without db
%else
%bcond_with db
%endif
%bcond_without mysql
%bcond_without pgsql
%bcond_without sqlite
@ -18,12 +13,6 @@
%bcond_without ipv6
%bcond_without pflogsumm
%if %{without db} && %{with lmdb}
%global defmap_lmdb 1
%else
%global defmap_lmdb 0
%endif
%global sysv2systemdnvr 2.8.12-2
# hardened build if not overrided
@ -32,9 +21,12 @@
# Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own
# use. Let me know if the second gid collides with another package.
# Be careful: Redhat's 'mail' user & group isn't unique!
# It's now handled by systemd-sysusers.
%define postfix_uid 89
%define postfix_user postfix
%define postfix_gid 89
%define postfix_group postfix
%define maildrop_group postdrop
%define maildrop_gid 90
%define postfix_config_dir %{_sysconfdir}/postfix
%define postfix_daemon_dir %{_libexecdir}/postfix
@ -56,14 +48,18 @@
Name: postfix
Summary: Postfix Mail Transport Agent
Version: 3.8.5
Release: 11%{?dist}
Version: 3.5.8
Release: 8%{?dist}
Epoch: 2
Group: System Environment/Daemons
URL: http://www.postfix.org
License: (IPL-1.0 OR EPL-2.0) AND GPL-2.0-or-later AND BSD-4-Clause-UC
Requires(post): systemd systemd-sysv hostname
License: (IBM and GPLv2+) or (EPL-2.0 and GPLv2+)
Requires(post): systemd hostname
Requires(post): %{_sbindir}/alternatives
Requires(post): %{_bindir}/openssl
Requires(post): %{_bindir}/hostname
Requires(pre): %{_sbindir}/groupadd
Requires(pre): %{_sbindir}/useradd
Requires(preun): %{_sbindir}/alternatives
Requires(preun): systemd
Requires(postun): systemd
@ -75,13 +71,11 @@ Requires: policycoreutils
Provides: MTA smtpd smtpdaemon server(smtp)
Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz
Source1: postfix-etc-init.d-postfix
Source2: postfix.service
Source3: README-Postfix-SASL-RedHat.txt
Source4: postfix.aliasesdb
Source5: postfix-chroot-update
Source6: postfix.sysusers
Source7: postfix.tmpfiles
Source6: README-RedHat.txt
# Sources 50-99 are upstream [patch] contributions
@ -97,75 +91,51 @@ Source101: postfix-pam.conf
# Patches
Patch1: postfix-3.8.0-config.patch
Patch1: postfix-3.5.0-config.patch
Patch2: postfix-3.4.0-files.patch
Patch3: postfix-3.3.3-alternatives.patch
# probably rhbz#428996
Patch4: postfix-3.8.0-large-fs.patch
Patch4: postfix-3.4.0-large-fs.patch
Patch9: pflogsumm-1.1.5-datecalc.patch
# rhbz#1384871, sent upstream
Patch10: pflogsumm-1.1.5-ipv6-warnings-fix.patch
Patch11: postfix-3.4.4-chroot-example-fix.patch
Patch12: postfix-3.5.8-back-compat-3.3.1.patch
Patch13: postfix-3.5.8-whitespace-name-fix.patch
# rhbz#1931403, sent upstream
Patch13: pflogsumm-1.1.5-syslog-name-underscore-fix.patch
Patch14: postfix-3.8.5-openssl-no-engine.patch
Patch15: postfix-3.8.5-rhel-remove-version-mismatch-warning.patch
# https://redhat.atlassian.net/browse/RHEL-176554
Patch14: pflogsumm-1.1.5-syslog-name-underscore-fix.patch
# rhbz#1787010, patch backported from upstream
Patch15: postfix-3.5.8-SRV-resolve.patch
# rhbz#2196577, ZUUL CI uses kernel 6 and we have to add this to postfix
Patch16: postfix-3.5.8-makedefs.patch
# https://redhat.atlassian.net/browse/RHEL-176548
# https://www.mail-archive.com/postfix-announce@postfix.org/msg00110.html
Patch16: postfix-3.8.16-CVE-2026-43964.patch
Patch17: postfix-3.8.16-CVE-2026-43964.patch
# Optional patches - set the appropriate environment variables to include
# them when building the package/spec file
# Determine the different packages required for building postfix
BuildRequires: make
BuildRequires: perl-generators
BuildRequires: pkgconfig
BuildRequires: zlib-devel
BuildRequires: systemd-units
BuildRequires: libicu-devel
BuildRequires: gcc
BuildRequires: m4
BuildRequires: findutils
BuildRequires: systemd-rpm-macros
BuildRequires: sed
%if 0%{?rhel} < 9
BuildRequires: libnsl2-devel
%endif
BuildRequires: libdb-devel, perl-generators, pkgconfig, zlib-devel
BuildRequires: systemd-units, libicu-devel, libnsl2-devel
BuildRequires: gcc, m4, findutils
%{?with_db:BuildRequires: libdb-devel}
%{?with_ldap:BuildRequires: openldap-devel}
%{?with_lmdb:BuildRequires: lmdb-devel}
%{?with_sasl:BuildRequires: cyrus-sasl-devel}
%{?with_pcre:BuildRequires: pcre2-devel}
%{?with_pcre:BuildRequires: pcre-devel}
%{?with_mysql:BuildRequires: mariadb-connector-c-devel}
%{?with_pgsql:BuildRequires: libpq-devel}
%{?with_pgsql:BuildRequires: postgresql-devel}
%{?with_sqlite:BuildRequires: sqlite-devel}
%{?with_cdb:BuildRequires: tinycdb-devel}
%{?with_tls:BuildRequires: openssl-devel}
%if 0%{?defmap_lmdb}
Requires: %{name}-lmdb%{?_isa} = %{epoch}:%{version}-%{release}
%endif
%description
Postfix is a Mail Transport Agent (MTA).
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%package sysvinit
Summary: SysV initscript for postfix
BuildArch: noarch
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires(preun): chkconfig
Requires(post): chkconfig
%description sysvinit
This package contains the SysV initscript.
%endif
%package perl-scripts
Summary: Postfix utilities written in perl
Group: Applications/System
Requires: %{name} = %{epoch}:%{version}-%{release}
# perl-scripts introduced in 2:2.5.5-2
Obsoletes: postfix < 2:2.5.5-2
@ -275,41 +245,25 @@ pushd pflogsumm-%{pflogsumm_ver}
popd
%endif
%patch11 -p1 -b .chroot-example-fix
%patch13 -p1 -b .pflogsumm-1.1.5-syslog-name-underscore-fix
%patch14 -p1 -b .openssl-no-engine
%patch15 -p1 -b .warning
%patch16 -p1 -b .cve-2026-43964
# Backport 3.8-20221006 fix for uname -r detection
sed -i makedefs -e '\@Linux\.@s|345|3456|'
sed -i src/util/sys_defs.h -e 's@defined(LINUX5)@defined(LINUX5) || defined(LINUX6)@'
# Improve backward compatibility with postfix-3.3.1,
# for details see rhbz#1688389
%patch12 -p1 -b .back-compat-3.3.1
# rhbz#1977732, sent upstream
%patch13 -p1 -b .whitespace-name-fix
%patch14 -p1 -b .pflogsumm-1.1.5-syslog-name-underscore-fix
%patch15 -p1 -b .SRV-resolve
%patch16 -p1 -b .makedefs
%patch17 -p1 -b .cve-2026-43964
for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
touch -r ${f}{,_} && mv -f ${f}{_,}
done
# fix default maps
%if 0%{?defmap_lmdb}
sed -i '/^\s*alias_maps\s*=\s*hash:\/etc\/aliases/ s|hash:|lmdb:|g' conf/main.cf
sed -i '/^\s*alias_database\s*=\s*hash:\/etc\/aliases/ s|hash:|lmdb:|g' conf/main.cf
echo >> conf/main.cf
echo "default_database_type = lmdb" >> conf/main.cf
%endif
%build
%set_build_flags
unset AUXLIBS AUXLIBS_LDAP AUXLIBS_LMDB AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB
CCARGS="-fPIC -fcommon"
%if 0%{?rhel} >= 9
AUXLIBS=""
%else
AUXLIBS="-lnsl"
%endif
%if %{without db}
CCARGS="${CCARGS} -DNO_DB"
%endif
%ifarch s390 s390x ppc
CCARGS="${CCARGS} -fsigned-char"
@ -324,8 +278,9 @@ CCARGS="${CCARGS} -fsigned-char"
AUXLIBS_LMDB="-llmdb"
%endif
%if %{with pcre}
CCARGS="${CCARGS} -DHAS_PCRE=2 `pcre2-config --cflags`"
AUXLIBS_PCRE=`pcre2-config --libs8`
# -I option required for pcre 3.4 (and later?)
CCARGS="${CCARGS} -DHAS_PCRE -I%{_includedir}/pcre"
AUXLIBS_PCRE="-lpcre"
%endif
%if %{with mysql}
CCARGS="${CCARGS} -DHAS_MYSQL -I%{_includedir}/mysql"
@ -363,10 +318,8 @@ CCARGS="${CCARGS} -fsigned-char"
CCARGS="${CCARGS} -DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\""
CCARGS="${CCARGS} $(getconf LFS_CFLAGS)"
%if 0%{?rhel} >= 9
CCARGS="${CCARGS} -DNO_NIS"
%endif
LDFLAGS="$LDFLAGS %{?_hardened_build:-Wl,-z,relro,-z,now}"
LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-Wl,-z,relro,-z,now}"
# SHLIB_RPATH is needed to find private libraries
# LDFLAGS are added to SHLIB_RPATH because the postfix build system
@ -379,7 +332,7 @@ make -f Makefile.init makefiles shared=yes dynamicmaps=yes \
AUXLIBS_PGSQL="${AUXLIBS_PGSQL}" AUXLIBS_SQLITE="${AUXLIBS_SQLITE}" \
AUXLIBS_CDB="${AUXLIBS_CDB}" \
DEBUG="" SHLIB_RPATH="-Wl,-rpath,%{postfix_shlib_dir} $LDFLAGS" \
OPT="$CFLAGS -fno-strict-aliasing -Wno-comment" \
OPT="$RPM_OPT_FLAGS -fno-strict-aliasing -Wno-comment" \
POSTFIX_INSTALL_OPTS=-keep-build-mtime
%make_build
@ -412,24 +365,12 @@ make non-interactive-package \
sample_directory=%{postfix_sample_dir} \
readme_directory=%{postfix_readme_dir} || exit 1
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
# This installs into the /etc/rc.d/init.d directory
mkdir -p $RPM_BUILD_ROOT%{_initrddir}
install -c %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/postfix
%endif
# Systemd
mkdir -p %{buildroot}%{_unitdir}
install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}
install -m 755 %{SOURCE4} %{buildroot}%{postfix_daemon_dir}/aliasesdb
install -m 755 %{SOURCE5} %{buildroot}%{postfix_daemon_dir}/chroot-update
# systemd-sysusers
install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/postfix.conf
# systemd-tmpfiles
install -p -D -m 0644 %{SOURCE7} %{buildroot}%{_tmpfilesdir}/postfix.conf
install -c auxiliary/rmail/rmail $RPM_BUILD_ROOT%{_bindir}/rmail.postfix
for i in active bounce corrupt defer deferred flush incoming private saved maildrop public pid saved trace; do
@ -459,7 +400,7 @@ install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix
# prepare documentation
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}
cp -p %{SOURCE3} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
cp -p %{SOURCE3} %{SOURCE6} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}/examples{,/chroot-setup}
cp -pr examples/{qmail-local,smtpd-policy} $RPM_BUILD_ROOT%{postfix_doc_dir}/examples
@ -565,7 +506,7 @@ fi
# Create self-signed SSL certificate
if [ ! -f %{sslkey} ]; then
umask 077
%{_bindir}/openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out %{sslkey} 2>/dev/null || echo "openssl genpkey failed"
%{_bindir}/openssl genrsa 4096 > %{sslkey} 2> /dev/null
fi
if [ ! -f %{sslcert} ]; then
@ -574,10 +515,8 @@ if [ ! -f %{sslcert} ]; then
FQDN=localhost.localdomain
fi
req_cmd="%{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
-subj /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
# openssl-3.0 and fallback for backward compatibility with openssl < 3.0
$req_cmd -noenc -copy_extensions none 2>/dev/null || $req_cmd 2>/dev/null || echo "openssl req failed"
%{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
-subj "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
chmod 644 %{sslcert}
fi
@ -585,7 +524,10 @@ exit 0
%pre
# Add user and groups if necessary
%sysusers_create_compat %{SOURCE6}
%{_sbindir}/groupadd -g %{maildrop_gid} -r %{maildrop_group} 2>/dev/null
%{_sbindir}/groupadd -g %{postfix_gid} -r %{postfix_group} 2>/dev/null
%{_sbindir}/groupadd -g 12 -r mail 2>/dev/null
%{_sbindir}/useradd -d %{postfix_queue_dir} -s /sbin/nologin -g %{postfix_group} -G mail -M -r -u %{postfix_uid} %{postfix_user} 2>/dev/null
# hack, to turn man8/smtpd.8.gz into alternatives symlink (part of the rhbz#1051180 fix)
# this could be probably dropped in f23+
@ -606,23 +548,6 @@ exit 0
%postun
%systemd_postun_with_restart %{name}.service
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%post sysvinit
/sbin/chkconfig --add postfix >/dev/null 2>&1 ||:
%preun sysvinit
if [ "$1" = 0 ]; then
%{_initrddir}/postfix stop >/dev/null 2>&1 ||:
/sbin/chkconfig --del postfix >/dev/null 2>&1 ||:
fi
%postun sysvinit
[ "$1" -ge 1 ] && %{_initrddir}/postfix condrestart >/dev/null 2>&1 ||:
%triggerpostun -n postfix-sysvinit -- postfix < %{sysv2systemdnvr}
/sbin/chkconfig --add postfix >/dev/null 2>&1 || :
%endif
%triggerun -- postfix < %{sysv2systemdnvr}
%{_bindir}/systemd-sysv-convert --save postfix >/dev/null 2>&1 ||:
%{_bindir}/systemd-sysv-convert --apply postfix >/dev/null 2>&1 ||:
@ -646,7 +571,6 @@ fi
%config(noreplace) %{sasl_config_dir}/smtpd.conf
%endif
%config(noreplace) %{_sysconfdir}/pam.d/smtp.postfix
%{_tmpfilesdir}/postfix.conf
%{_unitdir}/postfix.service
# Documentation
@ -675,23 +599,23 @@ fi
%dir %attr(0755, root, root) %{postfix_config_dir}
%dir %attr(0755, root, root) %{postfix_daemon_dir}
%ghost %dir %attr(0755, root, root) %{postfix_queue_dir}
%dir %attr(0755, root, root) %{postfix_queue_dir}
%dir %attr(0755, root, root) %{postfix_shlib_dir}
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/active
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/bounce
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/corrupt
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/defer
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/deferred
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/flush
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/hold
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/incoming
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/saved
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/trace
%ghost %dir %attr(0730, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/maildrop
%ghost %dir %attr(0755, root, root) %{postfix_queue_dir}/pid
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/private
%ghost %dir %attr(0710, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/public
%ghost %dir %attr(0700, %{postfix_user}, root) %{postfix_data_dir}
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/active
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/bounce
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/corrupt
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/defer
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/deferred
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/flush
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/hold
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/incoming
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/saved
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/trace
%dir %attr(0730, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/maildrop
%dir %attr(0755, root, root) %{postfix_queue_dir}/pid
%dir %attr(0700, %{postfix_user}, root) %{postfix_queue_dir}/private
%dir %attr(0710, %{postfix_user}, %{maildrop_group}) %{postfix_queue_dir}/public
%dir %attr(0700, %{postfix_user}, root) %{postfix_data_dir}
%dir %attr(0755, root, root) %{postfix_config_dir}/dynamicmaps.cf.d
%dir %attr(0755, root, root) %{postfix_config_dir}/postfix-files.d
@ -717,7 +641,7 @@ fi
%attr(0755, root, root) %{postfix_command_dir}/postfix
%attr(0755, root, root) %{postfix_command_dir}/postkick
%attr(0755, root, root) %{postfix_command_dir}/postlock
%attr(2755, root, %{maildrop_group}) %{postfix_command_dir}/postlog
%attr(0755, root, root) %{postfix_command_dir}/postlog
%attr(0755, root, root) %{postfix_command_dir}/postmap
%attr(0755, root, root) %{postfix_command_dir}/postmulti
%attr(2755, root, %{maildrop_group}) %{postfix_command_dir}/postqueue
@ -770,14 +694,6 @@ fi
%ghost %attr(0644, root, root) %{_var}/lib/misc/postfix.aliasesdb-stamp
# systemd-sysusers
%{_sysusersdir}/postfix.conf
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%files sysvinit
%{_initrddir}/postfix
%endif
%files perl-scripts
%attr(0755, root, root) %{postfix_command_dir}/qshape
%attr(0644, root, root) %{_mandir}/man1/qshape*
@ -851,362 +767,72 @@ fi
%endif
%changelog
* Thu Jun 25 2026 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.5-11
- Used workarounds for /var to support Image mode
Resolves: RHEL-104882
* Thu May 21 2026 Fedor Vorobev <fvorobev@redhat.com> - 2:3.8.5-10
* Thu May 21 2026 Fedor Vorobev <fvorobev@redhat.com> - 2:3.5.8-8
- Fix for CVE-2026-43964: buffer over-read via malformed enhanced status code.
Resolves: RHEL-176547
Resolves: RHEL-176548
* Tue Jan 06 2026 Fedor Vorobev <fvorobev@redhat.com> - 2:3.8.5-9
- Added a RHEL-specific patch to remove an OpenSSL version mismatch warning.
Resolves: RHEL-138726
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2:3.8.5-8
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Sun Aug 25 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.5-7
- Dropped mail group configuration / creation, it is provided by setup
Resolves: RHEL-27174
* Thu Jul 25 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.5-6
- Fixed postlog RPM verification
Resolves: RHEL-50584
* Thu Jul 25 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.5-5
- Explicitly set default_database_type if lmdb map is used
Resolves: RHEL-50557
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2:3.8.5-4
- Bump release for June 2024 mass rebuild
* Thu Feb 01 2024 Pete Walter <pwalter@fedoraproject.org> - 2:3.8.5-3
- Rebuild for ICU 74
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.8.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.5-1
- New version
Resolves: rhbz#2259469
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.8.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jan 2 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.4-1
- New version
Resolves: rhbz#2255641
- Fixed SMTP smuggling vulnerability
Resolves: CVE-2023-51764
* Tue Dec 12 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.3-2
- Converted license tag to SPDX
* Thu Nov 2 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.3-1
- New version
Resolves: rhbz#2247553
* Mon Oct 9 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.2-2
- Drop libdb for RHEL>9
Related: rhbz#1788480
* Tue Sep 5 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.2-1
- New version
Resolves: rhbz#2236828
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.1-5
- Use systemd-sysusers, original patch by
Jonathan Wright <jonathan@almalinux.org>
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.8.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 11 2023 František Zatloukal <fzatlouk@redhat.com> - 2:3.8.1-3
- Rebuilt for ICU 73.2
* Tue Jul 11 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.1-2
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-7
- Fixed possible warning when postfix is restarted
Resolves: rhbz#2218058
Resolves: rhbz#2162659
* Tue Jun 6 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.1-1
- New version
Resolves: rhbz#2212596
* Wed May 17 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.8-6
- Fix patch for SRV record resolution feature
Related: rhbz#1787010
* Thu May 25 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.8.0-3
- Fix freed memory access
* Thu May 04 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.8-5
- Backport dns SRV record resolution feature (RFC6186)
Resolves: rhbz#1787010
- Fix building in ZUUL CI
Resolves: rhbz#2196577
* Wed Apr 26 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.0-2
- Dropped whitespace-name-fix patch, not needed
* Thu Feb 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-4
- Added SELinux workound for systemd service to work after 'postfix start'
Resolves: rhbz#2028015
* Wed Apr 26 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.8.0-1
- New version
Resolves: rhbz#2187121
* Wed Jan 25 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.7.4-1
- New version
Resolves: rhbz#2162932
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.7.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Dec 31 2022 Mamoru TASAKA <mtasaka@fedoraproject.org> - 2:3.7.3-3
- Backport upstream fix for uname -r detection with kernel 6.x
* Sat Dec 31 2022 Pete Walter <pwalter@fedoraproject.org> - 2:3.7.3-2
- Rebuild for ICU 72
* Mon Oct 10 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.7.3-1
- New version
Resolves: rhbz#2133120
* Mon Aug 01 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 2:3.7.2-4
- Rebuilt for ICU 71.1
* Sat Jul 23 2022 Stewart Smith <trawets@amazon.com> - 2:3.7.2-3
- Build with pcre2 instead of the deprecated pcre library
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr 28 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.7.2-1
- New version
Resolves: rhbz#2079634
* Tue Apr 19 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.7.1-1
- New version
Resolves: rhbz#2076317
* Tue Feb 22 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.7.0-1
- New version
Resolves: rhbz#2051046
* Thu Jan 20 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.4-1
- New version
Resolves: rhbz#2040977
- Suppressed openssl output during SSL certificates generation
Resolves: rhbz#2041589
* Mon Jan 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.3-5
* Mon Jan 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-3
- Fixed pflogsumm to allow underscores in the syslog_name
Resolves: rhbz#1931403
* Tue Dec 14 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.3-4
- Added SELinux workound for systemd service to work after 'postfix start'
* Wed Dec 08 2021 Timm Bäder <tbaeder@redhat.com> - 2:3.6.3-3
- Use %%set_build_flags to set all build flags
* Fri Nov 12 2021 Björn Esser <besser82@fedoraproject.org> - 2:3.6.3-2
- Rebuild(libnsl2)
* Wed Nov 10 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.3-1
- New version
Resolves: rhbz#2020984
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2:3.6.2-6
- Rebuilt with OpenSSL 3.0.0
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.2-5
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-2
- Fixed cleanup crash when processing messages with whitespace only fullname
- Fixed whitespaces in the glibc-234-build-fix patch
Resolves: rhbz#1977732
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.2-4
- Updated patch fixing FTBFS with the glibc-2.34
* Tue Aug 3 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.2-3
- Fixed openssl req parameters
* Mon Aug 2 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.2-2
- Fixed scriptlets to work with openssl-3.0
* Thu Jul 29 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.2-1
* Fri Nov 13 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
- New version
Resolves: rhbz#1985778
Resolves: rhbz#1688389
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jul 2 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.1-2
- Fixed build on rhel < 9
* Mon Jun 14 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.1-1
- New version
Resolves: rhbz#1971363
* Thu May 20 2021 Pete Walter <pwalter@fedoraproject.org> - 2:3.6.0-3
- Rebuild for ICU 69
* Wed May 19 2021 Pete Walter <pwalter@fedoraproject.org> - 2:3.6.0-2
- Rebuild for ICU 69
* Fri Apr 30 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.6.0-1
- New version
Resolves: rhbz#1955369
* Thu Apr 22 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.10-2
- Fixed NIS build requirements
* Mon Apr 12 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.10-1
- New version
Resolves: rhbz#1948306
* Thu Mar 25 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-7
- Simplified macros related to NIS
* Wed Mar 24 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-6
- Disable NIS support for RHEL9+ (patch from fjanus@redhat.com)
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2:3.5.9-5
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Fri Feb 19 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-4
- Fixed sysvinit conditionals for RHEL
Resolves: rhbz#1930709
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 2:3.5.9-3
- rebuild for libpq ABI fix rhbz#1908268
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.5.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-1
- New version
Resolves: rhbz#1917155
* Mon Nov 9 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
- New version
Resolves: rhbz#1895644
* Mon Aug 31 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.7-1
- New version
Resolves: rhbz#1873857
* Thu Aug 6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.6-2
- Minor spec cleanup
- Added posttls-finger test tool
Resolves: rhbz#1865701
* Tue Jul 28 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.6-1
- New version
Resolves: rhbz#1860547
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2:3.5.4-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jul 8 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.4-2
- Added support for LMDB maps
* Mon Jun 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.4-1
- New version
Resolves: rhbz#1851650
* Mon Jun 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.3-1
- New version
Resolves: rhbz#1846939
* Tue May 19 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.2-1
- New version
Resolves: rhbz#1836653
* Fri May 15 2020 Pete Walter <pwalter@fedoraproject.org> - 2:3.5.1-2
- Rebuild for ICU 67
* Mon Apr 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.1-1
- New version
Resolves: rhbz#1825547
* Mon Mar 16 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.0-1
- New version
Resolves: rhbz#1813740
* Thu Mar 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.10-1
- New version
Resolves: rhbz#1812987
* Mon Feb 3 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.9-1
- New version
Resolves: rhbz#1797383
- Dropped ref-search patch (upstreamed)
- Built with -fcommon to overcome FTBFS with gcc-10, problem reported upstream
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.4.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.8-2
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-12
- Fixed DNS resolver to use ref_search instead of ref_query
Resolves: rhbz#1723950
* Mon Nov 25 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.8-1
- New version
Resolves: rhbz#1776033
* Tue Dec 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-11
- Added hostname requirement
Resolves: rhbz#1666244
* Fri Nov 01 2019 Pete Walter <pwalter@fedoraproject.org> - 2:3.4.7-3
- Rebuild for ICU 65
* Wed Nov 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-10
- Release bump and rebuild for relengs to be able to ship postfix-pcre,
postfix-cdb, postfix-sqlite
Resolves: rhbz#1745321
* Wed Sep 25 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.7-2
- Added hostname as explicit requirement for the post scriptlet
* Tue Aug 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-9
- Release bump and rebuild for relengs to be able to ship postfix-ldap
Resolves: rhbz#1686721
* Mon Sep 23 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.7-1
- New version
Resolves: rhbz#1754198
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 8 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.6-1
- New version
Resolves: rhbz#1726462
* Fri May 3 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-4
- Fixed FTBFS with new glibc due to dropped RES macros
* Fri May 3 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-3
- Added findutils as explicit requirement
Resolves: rhbz#1629057
* Tue Mar 26 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-2
- Fixed example chroot-update script
Resolves: rhbz#1398910
* Fri Mar 15 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-1
- New version
Resolves: rhbz#1689029
* Mon Mar 11 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.3-1
- New version
Resolves: rhbz#1687208
* Fri Mar 8 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.1-1
- New version
Resolves: rhbz#1686673
* Fri Mar 1 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.0-1
- New version
Resolves: rhbz#1683855
* Wed Feb 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.3-1
- New version
Resolves: rhbz#1683487
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.3.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Pete Walter <pwalter@fedoraproject.org> - 2:3.3.1-8
- Rebuild for ICU 63
* Mon Dec 3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-7
* Tue Dec 4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-8
- Fixed posttls-finger to work with unix domains
Resolves: rhbz#1602663
* Mon Nov 19 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-6
- Used _prefix macro for /usr and _includedir macro for /usr/include
* Mon Aug 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-5
* Wed Nov 28 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-7
- Added m4 to BuildRequires
Resolves: rhbz#1619111
Resolves: rhbz#1619187
* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-6
- Used _prefix macro for /usr and _includedir macro for /usr/include
Resolves: rhbz#1645239
* Thu Nov 1 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-5
- Dropped sysv support from the spec
Resolves: rhbz#1636961
* Tue Jul 24 2018 Robert Scheck <robert@fedoraproject.org> - 2:3.3.1-4
- Add basic postfix TLS configuration by default (#1608050)

1
ci.fmf
View File

@ -1 +0,0 @@
resultsdb-testcase: separate

View File

@ -1,25 +0,0 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
#Rawhide
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_stable
subject_type: koji_build
rules:
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
#gating rhel
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}

View File

@ -1,36 +0,0 @@
/tier1-internal:
plan:
import:
url: https://gitlab.com/redhat/centos-stream/tests/postfix.git
name: /plans/tier1/internal
/tier1-public:
plan:
import:
url: https://gitlab.com/redhat/centos-stream/tests/postfix.git
name: /plans/tier1/public
/tier2-tier3-internal:
plan:
import:
url: https://gitlab.com/redhat/centos-stream/tests/postfix.git
name: /plans/tier2-tier3/internal
/tier2-tier3-public:
plan:
import:
url: https://gitlab.com/redhat/centos-stream/tests/postfix.git
name: /plans/tier2-tier3/public
/others-internal:
plan:
import:
url: https://gitlab.com/redhat/centos-stream/tests/postfix.git
name: /plans/others/internal
/others-public:
plan:
import:
url: https://gitlab.com/redhat/centos-stream/tests/postfix.git
name: /plans/others/public

View File

@ -1,12 +0,0 @@
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
index b9a4699..29e6ec1 100644
--- a/src/posttls-finger/posttls-finger.c
+++ b/src/posttls-finger/posttls-finger.c
@@ -405,7 +405,6 @@
#ifdef USE_TLS
#include <tls_proxy.h>
-#include <openssl/engine.h>
#endif
/*

View File

@ -1,16 +0,0 @@
diff --git a/src/tls/tls_misc.c b/src/tls/tls_misc.c
index b7acd1d..83f4d85 100644
--- a/src/tls/tls_misc.c
+++ b/src/tls/tls_misc.c
@@ -1402,10 +1402,7 @@ void tls_check_version(void)
&& (lib_info.micro < hdr_info.micro
|| hdr_info.major == 0
|| (hdr_info.major == 1 && hdr_info.minor == 0))))
- msg_warn("run-time library vs. compile-time header version mismatch: "
- "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d",
- lib_info.major, lib_info.minor, lib_info.micro,
- hdr_info.major, hdr_info.minor, hdr_info.micro);
+ ; // Nothing. Warning output removed.
}
/* tls_compile_version - compile-time OpenSSL version */

View File

@ -1,87 +0,0 @@
# Default aliases file for postfix
#
# this file should be in /etc or in /etc/postfix but if you want it in
# /etc/postfix you'll have to adjust your /etc/postfix/main.cf file accordingly
#
# Aliases in this file will NOT be expanded in the header from
# mail, but WILL be visible over networks or from /bin/mail.
#
# Following alias is required by the mail protocol, RFC 822 (and by RFC2142)
# Set it to the address of a HUMAN who deals with this system's mail problems.
#
# For various security reasons, postfix WILL NOT deliver mail as root, so
# ensure that the root alias is aliased to a HUMAN user, as otherwise
# mail may get delivered to the $default_privs user (nobody).
postmaster: root
# Many mailers use this address to represent the empty SMTP return
# path
MAILER-DAEMON: postmaster
# Common aliases for system accounts.
bin: root
daemon: root
games: root
ingres: root
nobody: root
system: root
toor: root
foo: root
falken: root
# Well-known aliases.
admin: root
manager: root
dumper: root
operator: root
# traps to catch security attacks
decode: root
moof: root
moog: root
# The following aliases are required by RFC 2142
info: staff
marketing: staff
sales: staff
support: staff
# Standard aliases also defined by RFC 2142
abuse: postmaster
# reports of network infrastructure difficulties
noc: root
# address to report secuirty problems
security: root
# DNS administrator (DNS soa records should use this)
hostmaster: root
# Usenet news service administrator
news: usenet
usenet: root
# http/web service administrator
www: webmaster
webmaster: root
# UUCP service administrator
uucp: root
# FTP administrator (especially anonymouse FTP)
ftp: root
# Commonly used group aliases:
#
staff: postmaster
office: postmaster
all: postmaster
tech: postmaster
ops: postmaster
# Person who should get root's mail. This alias
# must exist.
# CHANGE THIS LINE to an account of a HUMAN
root: postfix
# Note to the user: You must create the alias above!
# The root alias *must* exist under postfix because
# postfix runs as a non-privileged user and cannot
# touch a spool file which is UID/GID root
# The mapping to the postfix user is to ensure that root's mail
# doesn't get lost on a system installed out of the box.

View File

@ -1,169 +0,0 @@
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: - 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
#
# Based on startup script from Simon J Mudd <sjmudd@pobox.com>
# 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin <jam@jamux.com>
# 23/11/00: Changes & suggestions by Ajay Ramaswamy <ajayr@bigfoot.com>
# 20/01/01: Changes to fall in line with RedHat 7.0 style
# 23/02/01: Fix a few untidy problems with help from Daniel Roesen.
### BEGIN INIT INFO
# Provides: postfix $mail-transfer-agent
# Required-Start: $local_fs $network $remote_fs
# Required-Stop: $local_fs $network $remote_fs
# Short-Description: start and stop postfix
# Description: Postfix is a Mail Transport Agent, which is the program that
# moves mail from one machine to another.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
RETVAL=0
prog="postfix"
lockfile=/var/lock/subsys/$prog
pidfile=/var/spool/postfix/pid/master.pid
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
# Script to update chroot environment
CHROOT_UPDATE=/etc/postfix/chroot-update
status -p $pidfile -l $(basename $lockfile) master >/dev/null 2>&1
running=$?
conf_check() {
[ -x /usr/sbin/postfix ] || exit 5
[ -d /etc/postfix ] || exit 6
[ -d /var/spool/postfix ] || exit 5
}
make_aliasesdb() {
local MAP=""
local ALIASESDB="$(/usr/sbin/postconf -h alias_database)"
[ "$ALIASESDB" = "hash:/etc/aliases" ] && MAP="db"
[ "$ALIASESDB" = "lmdb:/etc/aliases" ] && MAP="lmdb"
if [ "$MAP" = "db" -o "$MAP" = "lmdb" ]
then
# /etc/aliases.db|lmdb may be used by other MTA, make sure nothing
# has touched it since our last newaliases call
[ /etc/aliases -nt /etc/aliases.$MAP ] ||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.$MAP ] ||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.$MAP ] || return
/usr/bin/newaliases
touch -r /etc/aliases.$MAP "$ALIASESDB_STAMP"
else
/usr/bin/newaliases
fi
}
start() {
[ "$EUID" != "0" ] && exit 4
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
conf_check
# Start daemons.
echo -n $"Starting postfix: "
make_aliasesdb >/dev/null 2>&1
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $lockfile
echo
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
conf_check
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile
echo
return $RETVAL
}
reload() {
conf_check
echo -n $"Reloading postfix: "
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
conf_check
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
conf_check
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
conf_check
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
# See how we were called.
case "$1" in
start)
[ $running -eq 0 ] && exit 0
start
;;
stop)
[ $running -eq 0 ] || exit 0
stop
;;
restart|force-reload)
stop
start
;;
reload)
[ $running -eq 0 ] || exit 7
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status -p $pidfile -l $(basename $lockfile) master
;;
condrestart)
[ $running -eq 0 ] || exit 0
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 2
esac
exit $?

View File

@ -1,25 +0,0 @@
#!/bin/bash
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
make_aliasesdb() {
local MAP=""
local ALIASESDB="$(/usr/sbin/postconf -h alias_database)"
[ "$ALIASESDB" = "hash:/etc/aliases" ] && MAP="db"
[ "$ALIASESDB" = "lmdb:/etc/aliases" ] && MAP="lmdb"
if [ "$MAP" = "db" -o "$MAP" = "lmdb" ]
then
# /etc/aliases.db|lmdb may be used by other MTA, make sure nothing
# has touched it since our last newaliases call
[ /etc/aliases -nt /etc/aliases.$MAP ] ||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.$MAP ] ||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.$MAP ] || return 0
/usr/bin/newaliases
touch -r /etc/aliases.$MAP "$ALIASESDB_STAMP"
else
/usr/bin/newaliases
fi
}
make_aliasesdb

View File

@ -1,3 +0,0 @@
u postfix 89 - /var/spool/postfix /sbin/nologin
g postdrop 90
m postfix mail

View File

@ -1,16 +0,0 @@
# postfix spool
d /var/spool/postfix 0755 root root -
d /var/spool/postfix/active 0700 postfix root -
d /var/spool/postfix/bounce 0700 postfix root -
d /var/spool/postfix/corrupt 0700 postfix root -
d /var/spool/postfix/defer 0700 postfix root -
d /var/spool/postfix/deferred 0700 postfix root -
d /var/spool/postfix/flush 0700 postfix root -
d /var/spool/postfix/hold 0700 postfix root -
d /var/spool/postfix/incoming 0700 postfix root -
d /var/spool/postfix/saved 0700 postfix root -
d /var/spool/postfix/trace 0700 postfix root -
d /var/spool/postfix/maildrop 0730 postfix postdrop -
d /var/spool/postfix/pid 0755 root root -
d /var/spool/postfix/private 0700 postfix root -
d /var/spool/postfix/public 0710 postfix postdrop -

View File

@ -1,2 +0,0 @@
SHA512 (postfix-3.8.5.tar.gz) = 26005da5750e7af742f4fc7596ae8320467176e069546c3487418c663b54f56734b4a6541665b8d72d94df2e0fd4f68a2bcc44c50a6d950334d5a5fb2293dff4
SHA512 (pflogsumm-1.1.5.tar.gz) = 994d660692dfea38a1dd9866d15f15035657e85131c1f5a2cd82baa5bd4ad987a00939cb5233f316d2090014c52ae68ef20db0c893f8634969484e0e74678f4d