Compare commits

...

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

11 changed files with 553 additions and 422 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/pflogsumm-1.1.5.tar.gz
SOURCES/postfix-3.5.8.tar.gz
SOURCES/postfix-3.5.25.tar.gz

View File

@ -1,2 +1,2 @@
d18daa19d725e64c2b7e6c8da458b2d563272645 SOURCES/pflogsumm-1.1.5.tar.gz
1dfb10729498be5d387dc730117c2a845dd93ac0 SOURCES/postfix-3.5.8.tar.gz
f4113ea664e9b240ec11e64799c06f9e0650e2d5 SOURCES/postfix-3.5.25.tar.gz

View File

@ -1,65 +0,0 @@
This Postfix build behaves differently from the upstream postfix-3.5.8.
It's because in RHEL-8 backward compatibility is kept to postfix-3.3.1.
For the upstream postfix-3.5.8 behavior either run the following commands:
# postconf info_log_address_format=external
# postconf smtpd_discard_ehlo_keywords=
# postconf rhel_ipv6_normalize=yes
Or go through the following steps:
1. Change the configuration option 'info_log_address_format' to 'external'.
In RHEL-8 it's by default set to 'internal' to mitigate [Incompat 20191109].
2. Change the configuration option 'smtpd_discard_ehlo_keywords' to ''.
In RHEL-8 it's by default set to 'chunking' to mitigate [Incompat 20180826].
3. Add RHEL-8 specific configuration option 'rhel_ipv6_normalize' and set it
to 'yes'. In RHEL-8 this option was added to mitigate [Incompat 20190427].
Details from the upstream RELEASE_NOTES:
[Incompat 20191109]
Postfix daemon processes now log the from= and
to= addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart contains
spaces or other special characters, the localpart will be quoted,
for example:
from=<"name with spaces"@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=<name with spaces@example.com>
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
[Incompat 20180826]
The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
See BDAT_README for more.
[Incompat 20190427]
Postfix now normalizes IP addresses received
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
with direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match subnets
of an IPv6 address.

View File

@ -1,14 +1,8 @@
commit 4b486868473462f9b65cc3ad44c48c2e68ee45ee
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Wed May 17 13:17:30 2023 +0200
Backport SRV record resolution feature
diff --git a/mantools/postlink b/mantools/postlink
index 46f187e..f738fd3 100755
index 41fa110..ef005e0 100755
--- a/mantools/postlink
+++ b/mantools/postlink
@@ -1128,6 +1128,10 @@ while (<>) {
@@ -1136,6 +1136,10 @@ while (<>) {
s;\bpostlog_service_name\b;<a href="postconf.5.html#postlog_service_name">$&</a>;g;
s;\bpostlogd_watchdog_timeout\b;<a href="postconf.5.html#postlogd_watchdog_timeout">$&</a>;g;
@ -20,14 +14,13 @@ index 46f187e..f738fd3 100755
s;\bpolicy_time_limit\b;<a href="postconf.5.html#transport_time_limit">$&</a>;g;
diff --git a/proto/postconf.proto b/proto/postconf.proto
index 3d53657..29d0aa5 100644
index 844d248..2c04326 100644
--- a/proto/postconf.proto
+++ b/proto/postconf.proto
@@ -17698,3 +17698,111 @@ with quotes and backslashes. An attacker should not be able to use
such games to circumvent Postfix access policies. </p>
@@ -18039,3 +18039,111 @@ to enable. This feature is enabled by default with Postfix &ge;
<p> This feature is available in Postfix 3.5 and later. </p>
+
<p> This feature is available in Postfix &ge; 3.9, 3.8.1, 3.7.6,
3.6.10, and 3.5.20. </p>
+
+%PARAM use_srv_lookup
+
@ -135,11 +128,12 @@ index 3d53657..29d0aa5 100644
+to MX or IP address lookup as if SRV record lookup was not enabled. <p>
+
+<p> This feature was backported from Postfix 3.8. </p>
+
diff --git a/src/dns/dns.h b/src/dns/dns.h
index b8c4c4a..aac3ca9 100644
index 27d2ab9..be2cb67 100644
--- a/src/dns/dns.h
+++ b/src/dns/dns.h
@@ -147,10 +147,12 @@ typedef struct DNS_RR {
@@ -147,12 +147,14 @@ typedef struct DNS_RR {
unsigned short class; /* C_IN, etc. */
unsigned int ttl; /* always */
unsigned int dnssec_valid; /* DNSSEC validated */
@ -147,14 +141,16 @@ index b8c4c4a..aac3ca9 100644
+ unsigned short pref; /* T_MX and T_SRV record related */
+ unsigned short weight; /* T_SRV related, defined in rfc2782 */
+ unsigned short port; /* T_SRV related, defined in rfc2782 */
/* Assume that flags lives in what was previously padding */
unsigned short flags; /* DNS_RR_FLAG_XX, see below */
struct DNS_RR *next; /* linkage */
size_t data_len; /* actual data size */
- char data[1]; /* actually a bunch of data */
+ char *data; /* a bunch of data */
} DNS_RR;
/*
@@ -172,14 +174,29 @@ extern char *dns_strrecord(VSTRING *, DNS_RR *);
#define DNS_RR_FLAG_TRUNCATED (1<<0)
@@ -178,14 +180,29 @@ extern char *dns_strrecord(VSTRING *, DNS_RR *);
/*
* dns_rr.c
*/
@ -184,7 +180,7 @@ index b8c4c4a..aac3ca9 100644
extern int dns_rr_compare_pref_ipv6(DNS_RR *, DNS_RR *);
extern int dns_rr_compare_pref_ipv4(DNS_RR *, DNS_RR *);
extern int dns_rr_compare_pref_any(DNS_RR *, DNS_RR *);
@@ -278,8 +295,9 @@ extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *,
@@ -290,8 +307,9 @@ extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *,
* Below is the precedence order. The order between DNS_RETRY and DNS_NOTFOUND
* is arbitrary.
*/
@ -197,10 +193,10 @@ index b8c4c4a..aac3ca9 100644
#define DNS_FAIL (-4) /* query failed, don't retry */
#define DNS_INVAL (-3) /* query ok, malformed reply */
diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
index 11c9281..1aa97a4 100644
index 30bfc9e..f62ca54 100644
--- a/src/dns/dns_lookup.c
+++ b/src/dns/dns_lookup.c
@@ -688,6 +688,8 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
@@ -691,6 +691,8 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
int comp_len;
ssize_t data_len;
unsigned pref = 0;
@ -209,7 +205,7 @@ index 11c9281..1aa97a4 100644
unsigned char *src;
unsigned char *dst;
int ch;
@@ -713,6 +715,18 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
@@ -716,6 +718,18 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
return (DNS_INVAL);
data_len = strlen(temp) + 1;
break;
@ -228,7 +224,7 @@ index 11c9281..1aa97a4 100644
case T_MX:
GETSHORT(pref, pos);
if (dn_expand(reply->buf, reply->end, pos, temp, sizeof(temp)) < 0)
@@ -808,7 +822,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
@@ -811,7 +825,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
break;
}
*list = dns_rr_create(orig_name, rr_name, fixed->type, fixed->class,
@ -237,16 +233,16 @@ index 11c9281..1aa97a4 100644
return (DNS_OK);
}
@@ -906,7 +920,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
resource_found++;
rr->dnssec_valid = *maybe_secure ? reply->dnssec_ad : 0;
@@ -913,7 +927,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
*rrlist = dns_rr_append(*rrlist, rr);
if (DNS_RR_IS_TRUNCATED(*rrlist))
break;
- } else if (status == DNS_NULLMX) {
+ } else if (status == DNS_NULLMX || status == DNS_NULLSRV) {
CORRUPT(status); /* TODO: use better name */
} else if (not_found_status != DNS_RETRY)
not_found_status = status;
@@ -1032,6 +1046,12 @@ int dns_lookup_x(const char *name, unsigned type, unsigned flags,
@@ -1047,6 +1061,12 @@ int dns_lookup_x(const char *name, unsigned type, unsigned flags,
name);
SET_H_ERRNO(NO_DATA);
return (status);
@ -260,7 +256,7 @@ index 11c9281..1aa97a4 100644
if (rrlist && dns_rr_filter_maps) {
if (dns_rr_filter_execute(rrlist) < 0) {
diff --git a/src/dns/dns_rr.c b/src/dns/dns_rr.c
index b550788..15b5dee 100644
index cf82f9f..c99fd4d 100644
--- a/src/dns/dns_rr.c
+++ b/src/dns/dns_rr.c
@@ -7,13 +7,15 @@
@ -280,10 +276,10 @@ index b550788..15b5dee 100644
/* const char *data;
/* size_t data_len;
/*
@@ -49,6 +51,30 @@
/* DNS_RR *dns_rr_remove(list, record)
/* DNS_RR *list;
@@ -51,6 +53,30 @@
/* DNS_RR *record;
/*
/* int var_dns_rr_list_limit;
+/*
+/* DNS_RR *dns_srv_rr_sort(list)
+/* DNS_RR *list;
@ -311,7 +307,7 @@ index b550788..15b5dee 100644
/* DESCRIPTION
/* The routines in this module maintain memory for DNS resource record
/* information, and maintain lists of DNS resource records.
@@ -56,10 +82,14 @@
@@ -58,10 +84,14 @@
/* dns_rr_create() creates and initializes one resource record.
/* The \fIqname\fR field specifies the query name.
/* The \fIrname\fR field specifies the reply name.
@ -327,7 +323,7 @@ index b550788..15b5dee 100644
/* dns_rr_free() releases the resource used by of zero or more
/* resource records.
/*
@@ -81,6 +111,9 @@
@@ -91,6 +121,9 @@
/* dns_rr_remove() removes the specified record from the specified list.
/* The updated list is the result value.
/* The record MUST be a list member.
@ -337,7 +333,7 @@ index b550788..15b5dee 100644
/* LICENSE
/* .ad
/* .fi
@@ -113,11 +146,15 @@
@@ -133,11 +166,15 @@ int var_dns_rr_list_limit = 100;
DNS_RR *dns_rr_create(const char *qname, const char *rname,
ushort type, ushort class,
unsigned int ttl, unsigned pref,
@ -354,7 +350,7 @@ index b550788..15b5dee 100644
rr->qname = mystrdup(qname);
rr->rname = mystrdup(rname);
rr->type = type;
@@ -125,8 +162,14 @@ DNS_RR *dns_rr_create(const char *qname, const char *rname,
@@ -145,8 +182,14 @@ DNS_RR *dns_rr_create(const char *qname, const char *rname,
rr->ttl = ttl;
rr->dnssec_valid = 0;
rr->pref = pref;
@ -369,8 +365,8 @@ index b550788..15b5dee 100644
+ }
rr->data_len = data_len;
rr->next = 0;
return (rr);
@@ -141,6 +184,8 @@ void dns_rr_free(DNS_RR *rr)
rr->flags = 0;
@@ -162,6 +205,8 @@ void dns_rr_free(DNS_RR *rr)
dns_rr_free(rr->next);
myfree(rr->qname);
myfree(rr->rname);
@ -379,7 +375,7 @@ index b550788..15b5dee 100644
myfree((void *) rr);
}
}
@@ -149,16 +194,17 @@ void dns_rr_free(DNS_RR *rr)
@@ -170,16 +215,17 @@ void dns_rr_free(DNS_RR *rr)
DNS_RR *dns_rr_copy(DNS_RR *src)
{
@ -401,7 +397,7 @@ index b550788..15b5dee 100644
dst->next = 0;
return (dst);
}
@@ -247,6 +293,12 @@ DNS_RR *dns_rr_sort(DNS_RR *list, int (*compar) (DNS_RR *, DNS_RR *))
@@ -312,6 +358,12 @@ DNS_RR *dns_rr_sort(DNS_RR *list, int (*compar) (DNS_RR *, DNS_RR *))
int len;
int i;
@ -414,7 +410,7 @@ index b550788..15b5dee 100644
/*
* Save state and initialize.
*/
@@ -293,6 +345,12 @@ DNS_RR *dns_rr_shuffle(DNS_RR *list)
@@ -358,6 +410,12 @@ DNS_RR *dns_rr_shuffle(DNS_RR *list)
int i;
int r;
@ -427,7 +423,7 @@ index b550788..15b5dee 100644
/*
* Build linear array with pointers to each list element.
*/
@@ -345,3 +403,141 @@ DNS_RR *dns_rr_remove(DNS_RR *list, DNS_RR *record)
@@ -410,3 +468,141 @@ DNS_RR *dns_rr_remove(DNS_RR *list, DNS_RR *record)
}
return (list);
}
@ -633,12 +629,12 @@ index 70e59ac..7eebe3c 100644
/* dns_strtype - translate DNS query type to string */
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index 74459d9..f8bb550 100644
index f61227c..963db5d 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -4206,6 +4206,21 @@ extern char *var_info_log_addr_form;
#define DEF_RHEL_IPV6_NORMALIZE 0
extern bool var_rhel_ipv6_normalize;
@@ -4267,6 +4267,21 @@ extern char *var_info_log_addr_form;
#define DEF_DNSSEC_PROBE "ns:."
extern char *var_dnssec_probe;
+ /*
+ * SRV lookup support.
@ -659,7 +655,7 @@ index 74459d9..f8bb550 100644
/* .ad
/* .fi
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
index a3a9946..b428cb3 100644
index ce5d2c0..3cd11ec 100644
--- a/src/posttls-finger/posttls-finger.c
+++ b/src/posttls-finger/posttls-finger.c
@@ -236,6 +236,8 @@
@ -709,7 +705,7 @@ index a3a9946..b428cb3 100644
addr_list = dns_rr_append(addr_list, addr);
return (addr_list);
default:
@@ -1277,15 +1284,15 @@ static DNS_RR *mx_addr_list(STATE *state, DNS_RR *mx_names)
@@ -1279,17 +1286,17 @@ static DNS_RR *mx_addr_list(STATE *state, DNS_RR *mx_names)
#endif
for (rr = mx_names; rr; rr = rr->next) {
@ -719,6 +715,8 @@ index a3a9946..b428cb3 100644
addr_list = addr_one(state, addr_list, (char *) rr->data, res_opt,
- rr->pref);
+ rr->pref, rr->port);
if (addr_list && DNS_RR_IS_TRUNCATED(addr_list))
break;
}
return (addr_list);
}
@ -728,7 +726,7 @@ index a3a9946..b428cb3 100644
static DNS_RR *domain_addr(STATE *state, char *domain)
{
@@ -1350,6 +1357,74 @@ static DNS_RR *domain_addr(STATE *state, char *domain)
@@ -1354,6 +1361,74 @@ static DNS_RR *domain_addr(STATE *state, char *domain)
return (addr_list);
}
@ -803,7 +801,7 @@ index a3a9946..b428cb3 100644
/* host_addr - direct host lookup */
static DNS_RR *host_addr(STATE *state, const char *host)
@@ -1376,7 +1451,8 @@ static DNS_RR *host_addr(STATE *state, const char *host)
@@ -1380,7 +1455,8 @@ static DNS_RR *host_addr(STATE *state, const char *host)
ahost = host;
#define PREF0 0
@ -813,7 +811,7 @@ index a3a9946..b428cb3 100644
if (addr_list && addr_list->next) {
addr_list = dns_rr_shuffle(addr_list);
if (inet_proto_info()->ai_family_list[1] != 0)
@@ -1465,7 +1541,8 @@ static int dane_host_level(STATE *state, DNS_RR *addr)
@@ -1469,7 +1545,8 @@ static int dane_host_level(STATE *state, DNS_RR *addr)
/* parse_destination - parse host/port destination */
static char *parse_destination(char *destination, char *def_service,
@ -823,7 +821,7 @@ index a3a9946..b428cb3 100644
{
char *buf = mystrdup(destination);
char *service;
@@ -1481,12 +1558,13 @@ static char *parse_destination(char *destination, char *def_service,
@@ -1485,12 +1562,13 @@ static char *parse_destination(char *destination, char *def_service,
* Parse the host/port information. We're working with a copy of the
* destination argument so the parsing can be destructive.
*/
@ -838,7 +836,7 @@ index a3a9946..b428cb3 100644
if (alldig(service)) {
if ((port = atoi(service)) >= 65536 || port == 0)
msg_fatal("bad network port in destination: %s", destination);
@@ -1507,17 +1585,21 @@ static char *parse_destination(char *destination, char *def_service,
@@ -1511,17 +1589,21 @@ static char *parse_destination(char *destination, char *def_service,
static void connect_remote(STATE *state, char *dest)
{
DNS_RR *addr;
@ -847,9 +845,9 @@ index a3a9946..b428cb3 100644
/* When reconnecting use IP address of previous session */
if (state->addr == 0) {
+ char *buf;
+ char *domain;
+ char *service;
+ char *buf;
+ char *domain;
+ char *service;
+
buf = parse_destination(dest, state->smtp ? "smtp" : "24",
- &domain, &state->port);
@ -863,7 +861,7 @@ index a3a9946..b428cb3 100644
else
state->addr = domain_addr(state, domain);
myfree(buf);
@@ -1531,10 +1613,14 @@ static void connect_remote(STATE *state, char *dest)
@@ -1535,10 +1617,14 @@ static void connect_remote(STATE *state, char *dest)
for (addr = state->addr; addr; addr = addr->next) {
int level = dane_host_level(state, addr);
@ -874,13 +872,13 @@ index a3a9946..b428cb3 100644
|| (state->stream = connect_addr(state, addr)) == 0) {
- msg_info("Failed to establish session to %s via %s: %s",
- dest, HNAME(addr), vstring_str(state->why->reason));
+ msg_info("Failed to establish session to %s via %s:%u: %s",
+ dest, HNAME(addr), addr->port,
+ msg_info("Failed to establish session to %s via %s:%u: %s",
+ dest, HNAME(addr), addr->port,
+ vstring_str(state->why->reason));
continue;
}
/* We have a connection */
@@ -1819,6 +1905,7 @@ static void parse_options(STATE *state, int argc, char *argv[])
@@ -1823,6 +1909,7 @@ static void parse_options(STATE *state, int argc, char *argv[])
state->smtp = 1;
state->pass = 1;
@ -888,7 +886,7 @@ index a3a9946..b428cb3 100644
state->reconnect = -1;
state->max_reconnect = 5;
state->wrapper_mode = 0;
@@ -1829,7 +1916,7 @@ static void parse_options(STATE *state, int argc, char *argv[])
@@ -1833,7 +1920,7 @@ static void parse_options(STATE *state, int argc, char *argv[])
memset((void *) &state->options, 0, sizeof(state->options));
state->options.host_lookup = mystrdup("dns");
@ -897,7 +895,7 @@ index a3a9946..b428cb3 100644
#ifdef USE_TLS
#define TLSOPTS "A:Cd:fF:g:H:k:K:l:L:m:M:p:P:r:s:wX"
@@ -1868,6 +1955,9 @@ static void parse_options(STATE *state, int argc, char *argv[])
@@ -1872,6 +1959,9 @@ static void parse_options(STATE *state, int argc, char *argv[])
case 'o':
override(optarg);
break;
@ -928,7 +926,7 @@ index 973cb5d..ff074cd 100644
0,
};
diff --git a/src/smtp/smtp.c b/src/smtp/smtp.c
index 6ca2d5c..f402876 100644
index 9a28cc2..29b17fc 100644
--- a/src/smtp/smtp.c
+++ b/src/smtp/smtp.c
@@ -146,6 +146,7 @@
@ -939,10 +937,10 @@ index 6ca2d5c..f402876 100644
/* RFC 2920 (SMTP Pipelining)
/* RFC 3207 (STARTTLS command)
/* RFC 3461 (SMTP DSN Extension)
@@ -330,6 +331,17 @@
/* .IP "\fBinfo_log_address_format (external)\fR"
/* The email address form that will be used in non-debug logging
/* (info, warning, etc.).
@@ -336,6 +337,17 @@
/* The DNS query type (default: "ns") and DNS query name (default:
/* ".") that Postfix may use to determine whether DNSSEC validation
/* is available.
+/* .PP
+/* Backported from Postfix version 3.8:
+/* .IP "\fBuse_srv_lookup (empty)\fR"
@ -957,7 +955,7 @@ index 6ca2d5c..f402876 100644
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
@@ -1046,6 +1058,9 @@ bool var_smtp_dummy_mail_auth;
@@ -1059,6 +1071,9 @@ bool var_smtp_dummy_mail_auth;
char *var_smtp_dsn_filter;
char *var_smtp_dns_re_filter;
bool var_smtp_balance_inet_proto;
@ -967,7 +965,7 @@ index 6ca2d5c..f402876 100644
/* Special handling of 535 AUTH errors. */
char *var_smtp_sasl_auth_cache_name;
@@ -1068,6 +1083,7 @@ MAPS *smtp_pix_bug_maps;
@@ -1081,6 +1096,7 @@ MAPS *smtp_pix_bug_maps;
HBC_CHECKS *smtp_header_checks; /* limited header checks */
HBC_CHECKS *smtp_body_checks; /* limited body checks */
SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */
@ -975,7 +973,7 @@ index 6ca2d5c..f402876 100644
#ifdef USE_TLS
@@ -1351,6 +1367,14 @@ static void post_init(char *unused_name, char **argv)
@@ -1364,6 +1380,14 @@ static void post_init(char *unused_name, char **argv)
* the process lifetime.
*/
get_cli_attr(&smtp_cli_attr, argv);
@ -991,7 +989,7 @@ index 6ca2d5c..f402876 100644
/* pre_init - pre-jail initialization */
diff --git a/src/smtp/smtp.h b/src/smtp/smtp.h
index 281cfe4..3f4c209 100644
index 4fea37a..ab91b7e 100644
--- a/src/smtp/smtp.h
+++ b/src/smtp/smtp.h
@@ -84,6 +84,14 @@ typedef struct SMTP_ITERATOR {
@ -1027,7 +1025,7 @@ index 281cfe4..3f4c209 100644
extern TLS_APPL_STATE *smtp_tls_ctx; /* client-side TLS engine */
diff --git a/src/smtp/smtp_addr.c b/src/smtp/smtp_addr.c
index 2210ff7..7f20838 100644
index 7509edc..d39f970 100644
--- a/src/smtp/smtp_addr.c
+++ b/src/smtp/smtp_addr.c
@@ -17,6 +17,15 @@
@ -1107,7 +1105,7 @@ index 2210ff7..7f20838 100644
addr_list = dns_rr_append(addr_list, addr);
return (addr_list);
default:
@@ -283,10 +309,10 @@ static DNS_RR *smtp_addr_list(DNS_RR *mx_names, DSN_BUF *why)
@@ -285,10 +311,10 @@ static DNS_RR *smtp_addr_list(DNS_RR *mx_names, DSN_BUF *why)
* tweaking the in-process resolver flags.
*/
for (rr = mx_names; rr; rr = rr->next) {
@ -1117,10 +1115,10 @@ index 2210ff7..7f20838 100644
addr_list = smtp_addr_one(addr_list, (char *) rr->data, res_opt,
- rr->pref, why);
+ rr->pref, rr->port, why);
if (addr_list && DNS_RR_IS_TRUNCATED(addr_list))
break;
}
return (addr_list);
}
@@ -669,7 +695,7 @@ DNS_RR *smtp_host_addr(const char *host, int misc_flags, DSN_BUF *why)
@@ -680,7 +706,7 @@ DNS_RR *smtp_host_addr(const char *host, int misc_flags, DSN_BUF *why)
* address to internal form. Otherwise, the host is specified by name.
*/
#define PREF0 0
@ -1129,7 +1127,7 @@ index 2210ff7..7f20838 100644
if (addr_list
&& (misc_flags & SMTP_MISC_FLAG_LOOP_DETECT)
&& smtp_find_self(addr_list) != 0) {
@@ -691,3 +717,135 @@ DNS_RR *smtp_host_addr(const char *host, int misc_flags, DSN_BUF *why)
@@ -702,3 +728,135 @@ DNS_RR *smtp_host_addr(const char *host, int misc_flags, DSN_BUF *why)
smtp_print_addr(host, addr_list);
return (addr_list);
}
@ -1527,10 +1525,10 @@ index 1b3a20e..3ac4ccc 100644
msg_warn("smtp_session_passivate: bad cached dest properties");
SMTP_SESSION_ACTIVATE_ERR_RETURN();
diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
index 85d5944..a60e878 100644
index 69119ad..2af9e98 100644
--- a/src/smtpd/smtpd_check.c
+++ b/src/smtpd/smtpd_check.c
@@ -3056,8 +3056,8 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
@@ -3067,8 +3067,8 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
|| type == T_AAAA
#endif
) {
@ -1541,7 +1539,7 @@ index 85d5944..a60e878 100644
} else {
dns_status = dns_lookup(domain, type, 0, &server_list,
(VSTRING *) 0, (VSTRING *) 0);
@@ -3065,8 +3065,8 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
@@ -3076,8 +3076,8 @@ static int check_server_access(SMTPD_STATE *state, const char *table,
return (SMTPD_CHECK_DUNNO);
if (dns_status == DNS_NOTFOUND /* Not: h_errno == NO_DATA */ ) {
if (type == T_MX) {

View File

@ -1,158 +0,0 @@
diff --git a/src/global/mail_params.c b/src/global/mail_params.c
index 91c70f7..483613c 100644
--- a/src/global/mail_params.c
+++ b/src/global/mail_params.c
@@ -379,6 +379,8 @@ int warn_compat_break_smtputf8_enable;
int warn_compat_break_chroot;
int warn_compat_break_relay_restrictions;
+bool var_rhel_ipv6_normalize;
+
/* check_myhostname - lookup hostname and validate */
static const char *check_myhostname(void)
@@ -825,6 +827,7 @@ void mail_params_init()
VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
VAR_STRICT_SMTPUTF8, DEF_STRICT_SMTPUTF8, &var_strict_smtputf8,
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
+ VAR_RHEL_IPV6_NORMALIZE, DEF_RHEL_IPV6_NORMALIZE, &var_rhel_ipv6_normalize,
0,
};
const char *cp;
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index e4358ca..74459d9 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -3153,7 +3153,7 @@ extern char *var_local_rwr_clients;
* EHLO keyword filter.
*/
#define VAR_SMTPD_EHLO_DIS_WORDS "smtpd_discard_ehlo_keywords"
-#define DEF_SMTPD_EHLO_DIS_WORDS ""
+#define DEF_SMTPD_EHLO_DIS_WORDS "chunking"
extern char *var_smtpd_ehlo_dis_words;
#define VAR_SMTPD_EHLO_DIS_MAPS "smtpd_discard_ehlo_keyword_address_maps"
@@ -4199,9 +4199,13 @@ extern int var_postlogd_watchdog;
#define INFO_LOG_ADDR_FORM_NAME_INTERNAL "internal"
#define VAR_INFO_LOG_ADDR_FORM "info_log_address_format"
-#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_EXTERNAL
+#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_INTERNAL
extern char *var_info_log_addr_form;
+#define VAR_RHEL_IPV6_NORMALIZE "rhel_ipv6_normalize"
+#define DEF_RHEL_IPV6_NORMALIZE 0
+extern bool var_rhel_ipv6_normalize;
+
/* LICENSE
/* .ad
/* .fi
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
index da7227f..53e640e 100644
--- a/src/smtpd/smtpd.c
+++ b/src/smtpd/smtpd.c
@@ -4334,6 +4334,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
SMTPD_TOKEN *argp;
char *raw_value;
char *attr_value;
+ const char *bare_value;
char *attr_name;
int update_namaddr = 0;
int name_status;
@@ -4481,15 +4482,31 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
UPDATE_STR(state->addr, attr_value);
UPDATE_STR(state->rfc_addr, attr_value);
} else {
- neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value, &state->rfc_addr,
+ if (var_rhel_ipv6_normalize) {
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
+ }
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value, &state->rfc_addr,
&state->addr,
- &state->addr_family) < 0) {
+ &state->addr_family) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XCLIENT_ADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->addr, bare_value);
+ UPDATE_STR(state->rfc_addr, attr_value);
+#ifdef HAS_IPV6
+ if (strncasecmp(attr_value, INET_PROTO_NAME_IPV6 ":",
+ sizeof(INET_PROTO_NAME_IPV6 ":") - 1) == 0)
+ state->addr_family = AF_INET6;
+ else
+#endif
+ state->addr_family = AF_INET;
+ }
}
update_namaddr = 1;
}
@@ -4569,17 +4586,25 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
attr_value = SERVER_ADDR_UNKNOWN;
UPDATE_STR(state->dest_addr, attr_value);
} else {
+ if (var_rhel_ipv6_normalize) {
#define NO_NORM_RFC_ADDR ((char **) 0)
#define NO_NORM_ADDR_FAMILY ((int *) 0)
- neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
+ }
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
&state->dest_addr,
- NO_NORM_ADDR_FAMILY) < 0) {
+ NO_NORM_ADDR_FAMILY) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XCLIENT_DESTADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->dest_addr, bare_value);
+ }
}
/* XXX Require same address family as client address. */
}
@@ -4690,6 +4715,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
SMTPD_TOKEN *argp;
char *raw_value;
char *attr_value;
+ const char *bare_value;
char *attr_name;
int updated = 0;
static const NAME_CODE xforward_flags[] = {
@@ -4808,15 +4834,22 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
UPDATE_STR(state->xforward.addr, attr_value);
} else {
neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value,
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value,
&state->xforward.rfc_addr,
&state->xforward.addr,
- NO_NORM_ADDR_FAMILY) < 0) {
+ NO_NORM_ADDR_FAMILY) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XFORWARD_ADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->xforward.addr, bare_value);
+ UPDATE_STR(state->xforward.rfc_addr, attr_value);
+ }
}
break;

View File

@ -1,32 +0,0 @@
commit 9c7bcf991e2dd69d517be84d9594411c47e04562
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Fri May 5 12:48:21 2023 +0200
Fix build with kernel 6
diff --git a/makedefs b/makedefs
index aea15d6..ad93a5f 100644
--- a/makedefs
+++ b/makedefs
@@ -557,7 +557,7 @@ EOF
: ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"}
: ${PLUGIN_LD="${CC-gcc} -shared"}
;;
- Linux.[345].*) SYSTYPE=LINUX$RELEASE_MAJOR
+ Linux.[3456].*) SYSTYPE=LINUX$RELEASE_MAJOR
case "$CCARGS" in
*-DNO_DB*) ;;
*-DHAS_DB*) ;;
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
index f3a3b26..e9d3546 100644
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -749,7 +749,7 @@ extern int initgroups(const char *, int);
/*
* LINUX.
*/
-#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5)
+#if defined(LINUX2) || defined(LINUX3) || defined(LINUX4) || defined(LINUX5) || defined(LINUX6)
#define SUPPORTED
#define UINT32_TYPE unsigned int
#define UINT16_TYPE unsigned short

View File

@ -0,0 +1,12 @@
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
index 99bec9b..95c78ec 100644
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -802,6 +803,7 @@ extern int initgroups(const char *, int);
#define _PATH_PROCNET_IFINET6 "/proc/net/if_inet6"
#endif
#endif
+#define HAS_CLOSEFROM
#include <linux/version.h>
#if !defined(KERNEL_VERSION)
#define KERNEL_VERSION(a,b,c) (LINUX_VERSION_CODE + 1)

View File

@ -0,0 +1,164 @@
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: - 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
#
# Based on startup script from Simon J Mudd <sjmudd@pobox.com>
# 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin <jam@jamux.com>
# 23/11/00: Changes & suggestions by Ajay Ramaswamy <ajayr@bigfoot.com>
# 20/01/01: Changes to fall in line with RedHat 7.0 style
# 23/02/01: Fix a few untidy problems with help from Daniel Roesen.
### BEGIN INIT INFO
# Provides: postfix $mail-transfer-agent
# Required-Start: $local_fs $network $remote_fs
# Required-Stop: $local_fs $network $remote_fs
# Short-Description: start and stop postfix
# Description: Postfix is a Mail Transport Agent, which is the program that
# moves mail from one machine to another.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
RETVAL=0
prog="postfix"
lockfile=/var/lock/subsys/$prog
pidfile=/var/spool/postfix/pid/master.pid
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
# Script to update chroot environment
CHROOT_UPDATE=/etc/postfix/chroot-update
status -p $pidfile -l $(basename $lockfile) master >/dev/null 2>&1
running=$?
conf_check() {
[ -x /usr/sbin/postfix ] || exit 5
[ -d /etc/postfix ] || exit 6
[ -d /var/spool/postfix ] || exit 5
}
make_aliasesdb() {
if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ]
then
# /etc/aliases.db may be used by other MTA, make sure nothing
# has touched it since our last newaliases call
[ /etc/aliases -nt /etc/aliases.db ] ||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] ||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] || return
/usr/bin/newaliases
touch -r /etc/aliases.db "$ALIASESDB_STAMP"
else
/usr/bin/newaliases
fi
}
start() {
[ "$EUID" != "0" ] && exit 4
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
conf_check
# Start daemons.
echo -n $"Starting postfix: "
make_aliasesdb >/dev/null 2>&1
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $lockfile
echo
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
conf_check
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile
echo
return $RETVAL
}
reload() {
conf_check
echo -n $"Reloading postfix: "
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
conf_check
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
conf_check
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
conf_check
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
# See how we were called.
case "$1" in
start)
[ $running -eq 0 ] && exit 0
start
;;
stop)
[ $running -eq 0 ] || exit 0
stop
;;
restart|force-reload)
stop
start
;;
reload)
[ $running -eq 0 ] || exit 7
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status -p $pidfile -l $(basename $lockfile) master
;;
condrestart)
[ $running -eq 0 ] || exit 0
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 2
esac
exit $?

4
SOURCES/postfix.sysusers Normal file
View File

@ -0,0 +1,4 @@
u postfix 89 - /var/spool/postfix /sbin/nologin
g postdrop 90
g mail 12
m postfix mail

View File

@ -21,12 +21,9 @@
# Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own
# use. Let me know if the second gid collides with another package.
# Be careful: Redhat's 'mail' user & group isn't unique!
%define postfix_uid 89
# It's now handled by systemd-sysusers.
%define postfix_user postfix
%define postfix_gid 89
%define postfix_group postfix
%define maildrop_group postdrop
%define maildrop_gid 90
%define postfix_config_dir %{_sysconfdir}/postfix
%define postfix_daemon_dir %{_libexecdir}/postfix
@ -48,18 +45,14 @@
Name: postfix
Summary: Postfix Mail Transport Agent
Version: 3.5.8
Release: 7%{?dist}
Version: 3.5.25
Release: 1%{?dist}
Epoch: 2
Group: System Environment/Daemons
URL: http://www.postfix.org
License: (IBM and GPLv2+) or (EPL-2.0 and GPLv2+)
Requires(post): systemd hostname
Requires(post): systemd systemd-sysv hostname
Requires(post): %{_sbindir}/alternatives
Requires(post): %{_bindir}/openssl
Requires(post): %{_bindir}/hostname
Requires(pre): %{_sbindir}/groupadd
Requires(pre): %{_sbindir}/useradd
Requires(preun): %{_sbindir}/alternatives
Requires(preun): systemd
Requires(postun): systemd
@ -71,11 +64,12 @@ Requires: policycoreutils
Provides: MTA smtpd smtpdaemon server(smtp)
Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz
Source1: postfix-etc-init.d-postfix
Source2: postfix.service
Source3: README-Postfix-SASL-RedHat.txt
Source4: postfix.aliasesdb
Source5: postfix-chroot-update
Source6: README-RedHat.txt
Source6: postfix.sysusers
# Sources 50-99 are upstream [patch] contributions
@ -99,30 +93,36 @@ Patch9: pflogsumm-1.1.5-datecalc.patch
# rhbz#1384871, sent upstream
Patch10: pflogsumm-1.1.5-ipv6-warnings-fix.patch
Patch11: postfix-3.4.4-chroot-example-fix.patch
Patch12: postfix-3.5.8-back-compat-3.3.1.patch
Patch13: postfix-3.5.8-whitespace-name-fix.patch
# rhbz#1931403, sent upstream
# unconditional glibc-2.34 API assumption, because it seems
# in RHEL-9 this feature was also backported to 2.33,
# upstream uses conditional check for 2.34 API
Patch12: postfix-3.5.9-glibc-234-build-fix.patch
# rhbz#1978901, sent upstream
Patch13: postfix-3.5.9-whitespace-name-fix.patch
Patch14: pflogsumm-1.1.5-syslog-name-underscore-fix.patch
# rhbz#1787010, patch backported from upstream
Patch15: postfix-3.5.8-SRV-resolve.patch
# rhbz#2196577, ZUUL CI uses kernel 6 and we have to add this to postfix
Patch16: postfix-3.5.8-makedefs.patch
# rhbz#2134789, backported feature from upstream
Patch15: postfix-3.5.25-SRV-resolve.patch
# Optional patches - set the appropriate environment variables to include
# them when building the package/spec file
# Determine the different packages required for building postfix
BuildRequires: make
BuildRequires: libdb-devel, perl-generators, pkgconfig, zlib-devel
BuildRequires: systemd-units, libicu-devel, libnsl2-devel
BuildRequires: systemd-units, libicu-devel
BuildRequires: gcc, m4, findutils
BuildRequires: systemd-rpm-macros
%if 0%{?rhel} < 9
BuildRequires: libnsl2-devel
%endif
%{?with_ldap:BuildRequires: openldap-devel}
%{?with_lmdb:BuildRequires: lmdb-devel}
%{?with_sasl:BuildRequires: cyrus-sasl-devel}
%{?with_pcre:BuildRequires: pcre-devel}
%{?with_mysql:BuildRequires: mariadb-connector-c-devel}
%{?with_pgsql:BuildRequires: postgresql-devel}
%{?with_pgsql:BuildRequires: libpq-devel}
%{?with_sqlite:BuildRequires: sqlite-devel}
%{?with_cdb:BuildRequires: tinycdb-devel}
%{?with_tls:BuildRequires: openssl-devel}
@ -130,9 +130,20 @@ BuildRequires: gcc, m4, findutils
%description
Postfix is a Mail Transport Agent (MTA).
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%package sysvinit
Summary: SysV initscript for postfix
BuildArch: noarch
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires(preun): chkconfig
Requires(post): chkconfig
%description sysvinit
This package contains the SysV initscript.
%endif
%package perl-scripts
Summary: Postfix utilities written in perl
Group: Applications/System
Requires: %{name} = %{epoch}:%{version}-%{release}
# perl-scripts introduced in 2:2.5.5-2
Obsoletes: postfix < 2:2.5.5-2
@ -242,14 +253,10 @@ pushd pflogsumm-%{pflogsumm_ver}
popd
%endif
%patch11 -p1 -b .chroot-example-fix
# Improve backward compatibility with postfix-3.3.1,
# for details see rhbz#1688389
%patch12 -p1 -b .back-compat-3.3.1
# rhbz#1977732, sent upstream
%patch12 -p1 -b .glibc-234-build-fix
%patch13 -p1 -b .whitespace-name-fix
%patch14 -p1 -b .pflogsumm-1.1.5-syslog-name-underscore-fix
%patch15 -p1 -b .SRV-resolve
%patch16 -p1 -b .makedefs
%patch15 -p1 -b .SRV-resolution
for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@ -259,7 +266,11 @@ done
%build
unset AUXLIBS AUXLIBS_LDAP AUXLIBS_LMDB AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB
CCARGS="-fPIC -fcommon"
%if 0%{?rhel} >= 9
AUXLIBS=""
%else
AUXLIBS="-lnsl"
%endif
%ifarch s390 s390x ppc
CCARGS="${CCARGS} -fsigned-char"
@ -314,7 +325,9 @@ CCARGS="${CCARGS} -fsigned-char"
CCARGS="${CCARGS} -DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\""
CCARGS="${CCARGS} $(getconf LFS_CFLAGS)"
%if 0%{?rhel} >= 9
CCARGS="${CCARGS} -DNO_NIS"
%endif
LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-Wl,-z,relro,-z,now}"
# SHLIB_RPATH is needed to find private libraries
@ -367,6 +380,9 @@ install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}
install -m 755 %{SOURCE4} %{buildroot}%{postfix_daemon_dir}/aliasesdb
install -m 755 %{SOURCE5} %{buildroot}%{postfix_daemon_dir}/chroot-update
# systemd-sysusers
install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/postfix.conf
install -c auxiliary/rmail/rmail $RPM_BUILD_ROOT%{_bindir}/rmail.postfix
for i in active bounce corrupt defer deferred flush incoming private saved maildrop public pid saved trace; do
@ -396,7 +412,7 @@ install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix
# prepare documentation
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}
cp -p %{SOURCE3} %{SOURCE6} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
cp -p %{SOURCE3} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}/examples{,/chroot-setup}
cp -pr examples/{qmail-local,smtpd-policy} $RPM_BUILD_ROOT%{postfix_doc_dir}/examples
@ -502,7 +518,7 @@ fi
# Create self-signed SSL certificate
if [ ! -f %{sslkey} ]; then
umask 077
%{_bindir}/openssl genrsa 4096 > %{sslkey} 2> /dev/null
%{_bindir}/openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out %{sslkey} 2>/dev/null || echo "openssl genpkey failed"
fi
if [ ! -f %{sslcert} ]; then
@ -511,8 +527,10 @@ if [ ! -f %{sslcert} ]; then
FQDN=localhost.localdomain
fi
%{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
-subj "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
req_cmd="%{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
-subj /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
# openssl-3.0 and fallback for backward compatibility with openssl < 3.0
$req_cmd -noenc -copy_extensions none 2>/dev/null || $req_cmd 2>/dev/null || echo "openssl req failed"
chmod 644 %{sslcert}
fi
@ -520,10 +538,7 @@ exit 0
%pre
# Add user and groups if necessary
%{_sbindir}/groupadd -g %{maildrop_gid} -r %{maildrop_group} 2>/dev/null
%{_sbindir}/groupadd -g %{postfix_gid} -r %{postfix_group} 2>/dev/null
%{_sbindir}/groupadd -g 12 -r mail 2>/dev/null
%{_sbindir}/useradd -d %{postfix_queue_dir} -s /sbin/nologin -g %{postfix_group} -G mail -M -r -u %{postfix_uid} %{postfix_user} 2>/dev/null
%sysusers_create_compat %{SOURCE6}
# hack, to turn man8/smtpd.8.gz into alternatives symlink (part of the rhbz#1051180 fix)
# this could be probably dropped in f23+
@ -544,6 +559,23 @@ exit 0
%postun
%systemd_postun_with_restart %{name}.service
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%post sysvinit
/sbin/chkconfig --add postfix >/dev/null 2>&1 ||:
%preun sysvinit
if [ "$1" = 0 ]; then
%{_initrddir}/postfix stop >/dev/null 2>&1 ||:
/sbin/chkconfig --del postfix >/dev/null 2>&1 ||:
fi
%postun sysvinit
[ "$1" -ge 1 ] && %{_initrddir}/postfix condrestart >/dev/null 2>&1 ||:
%triggerpostun -n postfix-sysvinit -- postfix < %{sysv2systemdnvr}
/sbin/chkconfig --add postfix >/dev/null 2>&1 || :
%endif
%triggerun -- postfix < %{sysv2systemdnvr}
%{_bindir}/systemd-sysv-convert --save postfix >/dev/null 2>&1 ||:
%{_bindir}/systemd-sysv-convert --apply postfix >/dev/null 2>&1 ||:
@ -690,6 +722,14 @@ exit 0
%ghost %attr(0644, root, root) %{_var}/lib/misc/postfix.aliasesdb-stamp
# systemd-sysusers
%{_sysusersdir}/postfix.conf
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%files sysvinit
%{_initrddir}/postfix
%endif
%files perl-scripts
%attr(0755, root, root) %{postfix_command_dir}/qshape
%attr(0644, root, root) %{_mandir}/man1/qshape*
@ -763,68 +803,236 @@ exit 0
%endif
%changelog
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-7
- Fixed possible warning when postfix is restarted
Resolves: rhbz#2162659
* Wed May 17 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.8-6
- Fix patch for SRV record resolution feature
Related: rhbz#1787010
* Thu May 04 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.8-5
- Backport dns SRV record resolution feature (RFC6186)
Resolves: rhbz#1787010
- Fix building in ZUUL CI
Resolves: rhbz#2196577
* Thu Feb 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-4
- Added SELinux workound for systemd service to work after 'postfix start'
Resolves: rhbz#2028015
* Mon Jan 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-3
- Fixed pflogsumm to allow underscores in the syslog_name
Resolves: rhbz#1931403
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-2
- Fixed cleanup crash when processing messages with whitespace only fullname
Resolves: rhbz#1977732
* Fri Nov 13 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
* Thu Jul 18 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.25-1
- New version
Resolves: rhbz#1688389
Resolves: RHEL-20023
- Dropped upstreamed patches
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-12
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-24
- Fixed possible warning when postfix is restarted
Resolves: rhbz#2075571
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-23
- Spec cleanup
Related: rhbz#2095454
* Wed Jul 05 2023 Jonathan Wright <jonathan@almalinux.org> - 2:3.5.9-22
- Use systemd-sysusers
Resolves: rhbz#2095454
* Wed May 17 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.9-21
- Fix patch for SRV record resolution feature
Related: rhbz#2134789
* Thu May 04 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.9-20
- Backport dns SRV record resolution feature (RFC6186)
Resolves: rhbz#2134789
- Fix building in ZUUL CI
Resolves: rhbz#2193363
* Fri Aug 19 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-19
- Suppressed openssl output during SSL certificates generation
Resolves: rhbz#2041589
* Tue Feb 22 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-18
- Added SELinux workound for systemd service to work after 'postfix start'
Resolves: rhbz#2055915
* Tue Feb 15 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-17
- Fixed problem in the dict_inline found by coverity
Resolves: rhbz#1938847
* Fri Jan 28 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-16
- Fixed pflogsumm to allow underscores in the syslog_name
Resolves: rhbz#2043059
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2:3.5.9-15
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-14
- Fixed cleanup crash when processing messages with whitespace only fullname
Resolves: rhbz#1978901
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-13
- Used upstream patch for fixing FTBFS with glibc-2.34
Related: rhbz#1984045
* Tue Aug 3 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-12
- Fixed openssl req command parameter
Related: rhbz#1985918
* Tue Aug 3 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-11
- Fixed FTBFS with glibc-2.34
Resolves: rhbz#1984045
* Mon Aug 2 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-10
- Fixed scriptlets to work with openssl-3.0
Resolves: rhbz#1985918
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:3.5.9-9
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Apr 22 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-8
- Fixed NIS build requirements
Resolves: rhbz#1942369
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:3.5.9-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 24 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-6
- Disable NIS support for RHEL9+ (patch from fjanus@redhat.com)
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2:3.5.9-5
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Fri Feb 19 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-4
- Fixed sysvinit conditionals for RHEL
Resolves: rhbz#1930709
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 2:3.5.9-3
- rebuild for libpq ABI fix rhbz#1908268
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.5.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-1
- New version
Resolves: rhbz#1917155
* Mon Nov 9 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
- New version
Resolves: rhbz#1895644
* Mon Aug 31 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.7-1
- New version
Resolves: rhbz#1873857
* Thu Aug 6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.6-2
- Minor spec cleanup
- Added posttls-finger test tool
Resolves: rhbz#1865701
* Tue Jul 28 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.6-1
- New version
Resolves: rhbz#1860547
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2:3.5.4-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jul 8 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.4-2
- Added support for LMDB maps
* Mon Jun 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.4-1
- New version
Resolves: rhbz#1851650
* Mon Jun 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.3-1
- New version
Resolves: rhbz#1846939
* Tue May 19 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.2-1
- New version
Resolves: rhbz#1836653
* Fri May 15 2020 Pete Walter <pwalter@fedoraproject.org> - 2:3.5.1-2
- Rebuild for ICU 67
* Mon Apr 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.1-1
- New version
Resolves: rhbz#1825547
* Mon Mar 16 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.0-1
- New version
Resolves: rhbz#1813740
* Thu Mar 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.10-1
- New version
Resolves: rhbz#1812987
* Mon Feb 3 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.9-1
- New version
Resolves: rhbz#1797383
- Dropped ref-search patch (upstreamed)
- Built with -fcommon to overcome FTBFS with gcc-10, problem reported upstream
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.4.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.8-2
- Fixed DNS resolver to use ref_search instead of ref_query
Resolves: rhbz#1723950
* Tue Dec 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-11
- Added hostname requirement
Resolves: rhbz#1666244
* Mon Nov 25 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.8-1
- New version
Resolves: rhbz#1776033
* Wed Nov 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-10
- Release bump and rebuild for relengs to be able to ship postfix-pcre,
postfix-cdb, postfix-sqlite
Resolves: rhbz#1745321
* Fri Nov 01 2019 Pete Walter <pwalter@fedoraproject.org> - 2:3.4.7-3
- Rebuild for ICU 65
* Tue Aug 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-9
- Release bump and rebuild for relengs to be able to ship postfix-ldap
Resolves: rhbz#1686721
* Wed Sep 25 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.7-2
- Added hostname as explicit requirement for the post scriptlet
* Tue Dec 4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-8
* Mon Sep 23 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.7-1
- New version
Resolves: rhbz#1754198
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 8 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.6-1
- New version
Resolves: rhbz#1726462
* Fri May 3 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-4
- Fixed FTBFS with new glibc due to dropped RES macros
* Fri May 3 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-3
- Added findutils as explicit requirement
Resolves: rhbz#1629057
* Tue Mar 26 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-2
- Fixed example chroot-update script
Resolves: rhbz#1398910
* Fri Mar 15 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-1
- New version
Resolves: rhbz#1689029
* Mon Mar 11 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.3-1
- New version
Resolves: rhbz#1687208
* Fri Mar 8 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.1-1
- New version
Resolves: rhbz#1686673
* Fri Mar 1 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.0-1
- New version
Resolves: rhbz#1683855
* Wed Feb 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.3-1
- New version
Resolves: rhbz#1683487
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.3.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Pete Walter <pwalter@fedoraproject.org> - 2:3.3.1-8
- Rebuild for ICU 63
* Mon Dec 3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-7
- Fixed posttls-finger to work with unix domains
Resolves: rhbz#1602663
* Wed Nov 28 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-7
- Added m4 to BuildRequires
Resolves: rhbz#1619187
* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-6
* Mon Nov 19 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-6
- Used _prefix macro for /usr and _includedir macro for /usr/include
Resolves: rhbz#1645239
* Thu Nov 1 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-5
- Dropped sysv support from the spec
Resolves: rhbz#1636961
* Mon Aug 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-5
- Added m4 to BuildRequires
Resolves: rhbz#1619111
* Tue Jul 24 2018 Robert Scheck <robert@fedoraproject.org> - 2:3.3.1-4
- Add basic postfix TLS configuration by default (#1608050)