rpms
/
postfix
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:c9s
rpms:c8s
rpms:imports/c8/postfix-3.5.8-7.el8
rpms:imports/c9/postfix-3.5.9-24.el9
rpms:imports/c8-beta/postfix-3.5.8-7.el8
rpms:imports/c9-beta/postfix-3.5.9-24.el9
rpms:imports/c9/postfix-3.5.9-19.el9
rpms:imports/c9-beta/postfix-3.5.9-19.el9
rpms:imports/c9/postfix-3.5.9-18.el9
rpms:imports/c8/postfix-3.5.8-4.el8
rpms:imports/c8-beta/postfix-3.5.8-4.el8
rpms:imports/c9-beta/postfix-3.5.9-18.el9
rpms:imports/c8s/postfix-3.5.8-4.el8
rpms:imports/c8s/postfix-3.5.8-3.el8
rpms:imports/c9-beta/postfix-3.5.9-15.el9
rpms:imports/c8/postfix-3.5.8-2.el8
rpms:imports/c8-beta/postfix-3.5.8-2.el8
rpms:imports/c8-beta/postfix-3.5.8-1.el8
rpms:imports/c8-beta/postfix-3.3.1-12.el8
rpms:imports/c8-beta/postfix-3.3.1-8.el8
rpms:imports/c8s/postfix-3.5.8-2.el8
rpms:imports/c8s/postfix-3.5.8-1.el8
rpms:imports/c8s/postfix-3.3.1-12.el8
rpms:imports/c8/postfix-3.5.8-1.el8
rpms:imports/c8/postfix-3.3.1-12.el8_3.1
rpms:imports/c8/postfix-3.3.1-12.el8
rpms:imports/c8/postfix-3.3.1-9.el8
rpms:imports/c8/postfix-3.3.1-8.el8
...
pull from: rpms:c9s
Branches Tags
rpms:c8
rpms:c9
rpms:c8-beta
rpms:c9-beta
rpms:c9s
rpms:c8s
rpms:imports/c8/postfix-3.5.8-7.el8
rpms:imports/c9/postfix-3.5.9-24.el9
rpms:imports/c8-beta/postfix-3.5.8-7.el8
rpms:imports/c9-beta/postfix-3.5.9-24.el9
rpms:imports/c9/postfix-3.5.9-19.el9
rpms:imports/c9-beta/postfix-3.5.9-19.el9
rpms:imports/c9/postfix-3.5.9-18.el9
rpms:imports/c8/postfix-3.5.8-4.el8
rpms:imports/c8-beta/postfix-3.5.8-4.el8
rpms:imports/c9-beta/postfix-3.5.9-18.el9
rpms:imports/c8s/postfix-3.5.8-4.el8
rpms:imports/c8s/postfix-3.5.8-3.el8
rpms:imports/c9-beta/postfix-3.5.9-15.el9
rpms:imports/c8/postfix-3.5.8-2.el8
rpms:imports/c8-beta/postfix-3.5.8-2.el8
rpms:imports/c8-beta/postfix-3.5.8-1.el8
rpms:imports/c8-beta/postfix-3.3.1-12.el8
rpms:imports/c8-beta/postfix-3.3.1-8.el8
rpms:imports/c8s/postfix-3.5.8-2.el8
rpms:imports/c8s/postfix-3.5.8-1.el8
rpms:imports/c8s/postfix-3.3.1-12.el8
rpms:imports/c8/postfix-3.5.8-1.el8
rpms:imports/c8/postfix-3.3.1-12.el8_3.1
rpms:imports/c8/postfix-3.3.1-12.el8
rpms:imports/c8/postfix-3.3.1-9.el8
rpms:imports/c8/postfix-3.3.1-8.el8

No commits in common. "c8" and "c9s" have entirely different histories.
c8 ... c9s

33 changed files with 638 additions and 336 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/pflogsumm-1.1.5.tar.gz
SOURCES/postfix-3.5.8.tar.gz
pflogsumm-*.tar.gz
postfix-*.tar.gz

4
.postfix.metadata
View File

@ -1,2 +1,2 @@
d18daa19d725e64c2b7e6c8da458b2d563272645 SOURCES/pflogsumm-1.1.5.tar.gz
1dfb10729498be5d387dc730117c2a845dd93ac0 SOURCES/postfix-3.5.8.tar.gz
d18daa19d725e64c2b7e6c8da458b2d563272645 pflogsumm-1.1.5.tar.gz
f7caa483ebbb7f7b4f912dcfb879a5f1017c327e postfix-3.5.9.tar.gz

0
SOURCES/README-Postfix-SASL-RedHat.txt → README-Postfix-SASL-RedHat.txt
View File

65
SOURCES/README-RedHat.txt
View File

@ -1,65 +0,0 @@
This Postfix build behaves differently from the upstream postfix-3.5.8.
It's because in RHEL-8 backward compatibility is kept to postfix-3.3.1.
For the upstream postfix-3.5.8 behavior either run the following commands:
# postconf info_log_address_format=external
# postconf smtpd_discard_ehlo_keywords=
# postconf rhel_ipv6_normalize=yes
Or go through the following steps:
1. Change the configuration option 'info_log_address_format' to 'external'.
In RHEL-8 it's by default set to 'internal' to mitigate [Incompat 20191109].
2. Change the configuration option 'smtpd_discard_ehlo_keywords' to ''.
In RHEL-8 it's by default set to 'chunking' to mitigate [Incompat 20180826].
3. Add RHEL-8 specific configuration option 'rhel_ipv6_normalize' and set it
to 'yes'. In RHEL-8 this option was added to mitigate [Incompat 20190427].
Details from the upstream RELEASE_NOTES:
[Incompat 20191109]
Postfix daemon processes now log the from= and
to= addresses in external (quoted) form in non-debug logging (info,
warning, etc.). This means that when an address localpart contains
spaces or other special characters, the localpart will be quoted,
for example:
from=<"name with spaces"@example.com>
Older Postfix versions would log the internal (unquoted) form:
from=<name with spaces@example.com>
The external and internal forms are identical for the vast majority
of email addresses that contain no spaces or other special characters
in the localpart.
Specify "info_log_address_format = internal" for backwards
compatibility.
The logging in external form is consistent with the address form
that Postfix 3.2 and later prefer for table lookups. It is therefore
the more useful form for non-debug logging.
[Incompat 20180826]
The Postfix SMTP server announces CHUNKING (BDAT
command) by default. In the unlikely case that this breaks some
important remote SMTP client, disable the feature as follows:
/etc/postfix/main.cf:
# The logging alternative:
smtpd_discard_ehlo_keywords = chunking
# The non-logging alternative:
smtpd_discard_ehlo_keywords = chunking, silent_discard
See BDAT_README for more.
[Incompat 20190427]
Postfix now normalizes IP addresses received
with XCLIENT, XFORWARD, or with the HaProxy protocol, for consistency
with direct connections to Postfix. This may change the appearance
of logging, and the way that check_client_access will match subnets
of an IPv6 address.

158
SOURCES/postfix-3.5.8-back-compat-3.3.1.patch
View File

@ -1,158 +0,0 @@
diff --git a/src/global/mail_params.c b/src/global/mail_params.c
index 91c70f7..483613c 100644
--- a/src/global/mail_params.c
+++ b/src/global/mail_params.c
@@ -379,6 +379,8 @@ int warn_compat_break_smtputf8_enable;
int warn_compat_break_chroot;
int warn_compat_break_relay_restrictions;
+bool var_rhel_ipv6_normalize;
+
/* check_myhostname - lookup hostname and validate */
static const char *check_myhostname(void)
@@ -825,6 +827,7 @@ void mail_params_init()
VAR_LONG_QUEUE_IDS, DEF_LONG_QUEUE_IDS, &var_long_queue_ids,
VAR_STRICT_SMTPUTF8, DEF_STRICT_SMTPUTF8, &var_strict_smtputf8,
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
+ VAR_RHEL_IPV6_NORMALIZE, DEF_RHEL_IPV6_NORMALIZE, &var_rhel_ipv6_normalize,
0,
};
const char *cp;
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index e4358ca..74459d9 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -3153,7 +3153,7 @@ extern char *var_local_rwr_clients;
* EHLO keyword filter.
*/
#define VAR_SMTPD_EHLO_DIS_WORDS "smtpd_discard_ehlo_keywords"
-#define DEF_SMTPD_EHLO_DIS_WORDS ""
+#define DEF_SMTPD_EHLO_DIS_WORDS "chunking"
extern char *var_smtpd_ehlo_dis_words;
#define VAR_SMTPD_EHLO_DIS_MAPS "smtpd_discard_ehlo_keyword_address_maps"
@@ -4199,9 +4199,13 @@ extern int var_postlogd_watchdog;
#define INFO_LOG_ADDR_FORM_NAME_INTERNAL "internal"
#define VAR_INFO_LOG_ADDR_FORM "info_log_address_format"
-#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_EXTERNAL
+#define DEF_INFO_LOG_ADDR_FORM INFO_LOG_ADDR_FORM_NAME_INTERNAL
extern char *var_info_log_addr_form;
+#define VAR_RHEL_IPV6_NORMALIZE "rhel_ipv6_normalize"
+#define DEF_RHEL_IPV6_NORMALIZE 0
+extern bool var_rhel_ipv6_normalize;
+
/* LICENSE
/* .ad
/* .fi
diff --git a/src/smtpd/smtpd.c b/src/smtpd/smtpd.c
index da7227f..53e640e 100644
--- a/src/smtpd/smtpd.c
+++ b/src/smtpd/smtpd.c
@@ -4334,6 +4334,7 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
SMTPD_TOKEN *argp;
char *raw_value;
char *attr_value;
+ const char *bare_value;
char *attr_name;
int update_namaddr = 0;
int name_status;
@@ -4481,15 +4482,31 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
UPDATE_STR(state->addr, attr_value);
UPDATE_STR(state->rfc_addr, attr_value);
} else {
- neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value, &state->rfc_addr,
+ if (var_rhel_ipv6_normalize) {
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
+ }
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value, &state->rfc_addr,
&state->addr,
- &state->addr_family) < 0) {
+ &state->addr_family) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XCLIENT_ADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->addr, bare_value);
+ UPDATE_STR(state->rfc_addr, attr_value);
+#ifdef HAS_IPV6
+ if (strncasecmp(attr_value, INET_PROTO_NAME_IPV6 ":",
+ sizeof(INET_PROTO_NAME_IPV6 ":") - 1) == 0)
+ state->addr_family = AF_INET6;
+ else
+#endif
+ state->addr_family = AF_INET;
+ }
}
update_namaddr = 1;
}
@@ -4569,17 +4586,25 @@ static int xclient_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
attr_value = SERVER_ADDR_UNKNOWN;
UPDATE_STR(state->dest_addr, attr_value);
} else {
+ if (var_rhel_ipv6_normalize) {
#define NO_NORM_RFC_ADDR ((char **) 0)
#define NO_NORM_ADDR_FAMILY ((int *) 0)
- neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
+ neuter(attr_value, NEUTER_CHARACTERS, '?');
+ }
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value, NO_NORM_RFC_ADDR,
&state->dest_addr,
- NO_NORM_ADDR_FAMILY) < 0) {
+ NO_NORM_ADDR_FAMILY) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XCLIENT_DESTADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->dest_addr, bare_value);
+ }
}
/* XXX Require same address family as client address. */
}
@@ -4690,6 +4715,7 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
SMTPD_TOKEN *argp;
char *raw_value;
char *attr_value;
+ const char *bare_value;
char *attr_name;
int updated = 0;
static const NAME_CODE xforward_flags[] = {
@@ -4808,15 +4834,22 @@ static int xforward_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
UPDATE_STR(state->xforward.addr, attr_value);
} else {
neuter(attr_value, NEUTER_CHARACTERS, '?');
- if (normalize_mailhost_addr(attr_value,
+ if ((var_rhel_ipv6_normalize &&
+ normalize_mailhost_addr(attr_value,
&state->xforward.rfc_addr,
&state->xforward.addr,
- NO_NORM_ADDR_FAMILY) < 0) {
+ NO_NORM_ADDR_FAMILY) < 0) ||
+ (!var_rhel_ipv6_normalize &&
+ (bare_value = valid_mailhost_addr(attr_value, DONT_GRIPE)) == 0)) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 5.5.4 Bad %s syntax: %s",
XFORWARD_ADDR, attr_value);
return (-1);
}
+ if (!var_rhel_ipv6_normalize) {
+ UPDATE_STR(state->xforward.addr, bare_value);
+ UPDATE_STR(state->xforward.rfc_addr, attr_value);
+ }
}
break;

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

10
gating.yaml Normal file
View File

@ -0,0 +1,10 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.acceptance-tier.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/public.functional}

0
SOURCES/pflogsumm-1.1.5-datecalc.patch → pflogsumm-1.1.5-datecalc.patch
View File

0
SOURCES/pflogsumm-1.1.5-ipv6-warnings-fix.patch → pflogsumm-1.1.5-ipv6-warnings-fix.patch
View File

0
SOURCES/pflogsumm-1.1.5-syslog-name-underscore-fix.patch → pflogsumm-1.1.5-syslog-name-underscore-fix.patch
View File

6
plans/public.fmf Normal file
View File

@ -0,0 +1,6 @@
summary: Test plan with all Fedora tests
discover:
how: fmf
url: https://src.fedoraproject.org/tests/postfix.git
execute:
how: tmt

12
plans/tier1-internal.fmf Normal file
View File

@ -0,0 +1,12 @@
summary: CI plan, picks internal Tier1 tests, runs in beakerlib.
discover:
- name: rhel
how: fmf
filter: 'tier: 1'
url: git://pkgs.devel.redhat.com/tests/postfix
execute:
how: tmt
adjust:
enabled: false
when: distro == centos-stream or distro == fedora
because: They don't have access to internal repos.

0
SOURCES/postfix-3.3.3-alternatives.patch → postfix-3.3.3-alternatives.patch
View File

0
SOURCES/postfix-3.4.0-files.patch → postfix-3.4.0-files.patch
View File

0
SOURCES/postfix-3.4.0-large-fs.patch → postfix-3.4.0-large-fs.patch
View File

0
SOURCES/postfix-3.4.4-chroot-example-fix.patch → postfix-3.4.4-chroot-example-fix.patch
View File

0
SOURCES/postfix-3.5.0-config.patch → postfix-3.5.0-config.patch
View File

70
SOURCES/postfix-3.5.8-SRV-resolve.patch → postfix-3.5.9-SRV-resolve.patch
View File

@ -1,14 +1,14 @@
commit 4b486868473462f9b65cc3ad44c48c2e68ee45ee
commit 3a64b35100aa150ce80957dc56f0db7fbdb07017
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Wed May 17 13:17:30 2023 +0200
Date: Wed May 17 10:01:21 2023 +0200
Backport SRV record resolution feature
diff --git a/mantools/postlink b/mantools/postlink
index 46f187e..f738fd3 100755
index 490d028..a093c0a 100755
--- a/mantools/postlink
+++ b/mantools/postlink
@@ -1128,6 +1128,10 @@ while (<>) {
@@ -1129,6 +1129,10 @@ while (<>) {
s;\bpostlog_service_name\b;<a href="postconf.5.html#postlog_service_name">$&</a>;g;
s;\bpostlogd_watchdog_timeout\b;<a href="postconf.5.html#postlogd_watchdog_timeout">$&</a>;g;
@ -20,14 +20,13 @@ index 46f187e..f738fd3 100755
s;\bpolicy_time_limit\b;<a href="postconf.5.html#transport_time_limit">$&</a>;g;
diff --git a/proto/postconf.proto b/proto/postconf.proto
index 3d53657..29d0aa5 100644
index 89f9e9b..ca8899f 100644
--- a/proto/postconf.proto
+++ b/proto/postconf.proto
@@ -17698,3 +17698,111 @@ with quotes and backslashes. An attacker should not be able to use
such games to circumvent Postfix access policies. </p>
@@ -17760,3 +17760,111 @@ value to disable the feature. </p>
<p> This feature is available in Postfix 3.5 and later. </p>
+
<p> This feature was backported from Postfix 3.6 to Postfix versions
3.5.9, 3.4.19, 3.3.16. 3.2.21. </p>
+
+%PARAM use_srv_lookup
+
@ -135,8 +134,9 @@ index 3d53657..29d0aa5 100644
+to MX or IP address lookup as if SRV record lookup was not enabled. <p>
+
+<p> This feature was backported from Postfix 3.8. </p>
+
diff --git a/src/dns/dns.h b/src/dns/dns.h
index b8c4c4a..aac3ca9 100644
index 3631d23..2af1ee2 100644
--- a/src/dns/dns.h
+++ b/src/dns/dns.h
@@ -147,10 +147,12 @@ typedef struct DNS_RR {
@ -184,7 +184,7 @@ index b8c4c4a..aac3ca9 100644
extern int dns_rr_compare_pref_ipv6(DNS_RR *, DNS_RR *);
extern int dns_rr_compare_pref_ipv4(DNS_RR *, DNS_RR *);
extern int dns_rr_compare_pref_any(DNS_RR *, DNS_RR *);
@@ -278,8 +295,9 @@ extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *,
@@ -283,8 +300,9 @@ extern int dns_lookup_rv(const char *, unsigned, DNS_RR **, VSTRING *,
* Below is the precedence order. The order between DNS_RETRY and DNS_NOTFOUND
* is arbitrary.
*/
@ -197,10 +197,10 @@ index b8c4c4a..aac3ca9 100644
#define DNS_FAIL (-4) /* query failed, don't retry */
#define DNS_INVAL (-3) /* query ok, malformed reply */
diff --git a/src/dns/dns_lookup.c b/src/dns/dns_lookup.c
index 11c9281..1aa97a4 100644
index 4e3e647..93694d9 100644
--- a/src/dns/dns_lookup.c
+++ b/src/dns/dns_lookup.c
@@ -688,6 +688,8 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
@@ -691,6 +691,8 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
int comp_len;
ssize_t data_len;
unsigned pref = 0;
@ -209,7 +209,7 @@ index 11c9281..1aa97a4 100644
unsigned char *src;
unsigned char *dst;
int ch;
@@ -713,6 +715,18 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
@@ -716,6 +718,18 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
return (DNS_INVAL);
data_len = strlen(temp) + 1;
break;
@ -228,7 +228,7 @@ index 11c9281..1aa97a4 100644
case T_MX:
GETSHORT(pref, pos);
if (dn_expand(reply->buf, reply->end, pos, temp, sizeof(temp)) < 0)
@@ -808,7 +822,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
@@ -811,7 +825,7 @@ static int dns_get_rr(DNS_RR **list, const char *orig_name, DNS_REPLY *reply,
break;
}
*list = dns_rr_create(orig_name, rr_name, fixed->type, fixed->class,
@ -237,7 +237,7 @@ index 11c9281..1aa97a4 100644
return (DNS_OK);
}
@@ -906,7 +920,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
@@ -911,7 +925,7 @@ static int dns_get_answer(const char *orig_name, DNS_REPLY *reply, int type,
resource_found++;
rr->dnssec_valid = *maybe_secure ? reply->dnssec_ad : 0;
*rrlist = dns_rr_append(*rrlist, rr);
@ -246,7 +246,7 @@ index 11c9281..1aa97a4 100644
CORRUPT(status); /* TODO: use better name */
} else if (not_found_status != DNS_RETRY)
not_found_status = status;
@@ -1032,6 +1046,12 @@ int dns_lookup_x(const char *name, unsigned type, unsigned flags,
@@ -1045,6 +1059,12 @@ int dns_lookup_x(const char *name, unsigned type, unsigned flags,
name);
SET_H_ERRNO(NO_DATA);
return (status);
@ -633,12 +633,12 @@ index 70e59ac..7eebe3c 100644
/* dns_strtype - translate DNS query type to string */
diff --git a/src/global/mail_params.h b/src/global/mail_params.h
index 74459d9..f8bb550 100644
index 27b17d5..e8d9c28 100644
--- a/src/global/mail_params.h
+++ b/src/global/mail_params.h
@@ -4206,6 +4206,21 @@ extern char *var_info_log_addr_form;
#define DEF_RHEL_IPV6_NORMALIZE 0
extern bool var_rhel_ipv6_normalize;
@@ -4209,6 +4209,21 @@ extern char *var_info_log_addr_form;
#define DEF_DNSSEC_PROBE "ns:."
extern char *var_dnssec_probe;
+ /*
+ * SRV lookup support.
@ -659,7 +659,7 @@ index 74459d9..f8bb550 100644
/* .ad
/* .fi
diff --git a/src/posttls-finger/posttls-finger.c b/src/posttls-finger/posttls-finger.c
index a3a9946..b428cb3 100644
index a3a9946..60bf047 100644
--- a/src/posttls-finger/posttls-finger.c
+++ b/src/posttls-finger/posttls-finger.c
@@ -236,6 +236,8 @@
@ -847,9 +847,9 @@ index a3a9946..b428cb3 100644
/* When reconnecting use IP address of previous session */
if (state->addr == 0) {
+ char *buf;
+ char *domain;
+ char *service;
+ char *buf;
+ char *domain;
+ char *service;
+
buf = parse_destination(dest, state->smtp ? "smtp" : "24",
- &domain, &state->port);
@ -874,8 +874,8 @@ index a3a9946..b428cb3 100644
|| (state->stream = connect_addr(state, addr)) == 0) {
- msg_info("Failed to establish session to %s via %s: %s",
- dest, HNAME(addr), vstring_str(state->why->reason));
+ msg_info("Failed to establish session to %s via %s:%u: %s",
+ dest, HNAME(addr), addr->port,
+ msg_info("Failed to establish session to %s via %s:%u: %s",
+ dest, HNAME(addr), addr->port,
+ vstring_str(state->why->reason));
continue;
}
@ -928,7 +928,7 @@ index 973cb5d..ff074cd 100644
0,
};
diff --git a/src/smtp/smtp.c b/src/smtp/smtp.c
index 6ca2d5c..f402876 100644
index e46ebd6..2cc9e2f 100644
--- a/src/smtp/smtp.c
+++ b/src/smtp/smtp.c
@@ -146,6 +146,7 @@
@ -939,10 +939,10 @@ index 6ca2d5c..f402876 100644
/* RFC 2920 (SMTP Pipelining)
/* RFC 3207 (STARTTLS command)
/* RFC 3461 (SMTP DSN Extension)
@@ -330,6 +331,17 @@
/* .IP "\fBinfo_log_address_format (external)\fR"
/* The email address form that will be used in non-debug logging
/* (info, warning, etc.).
@@ -336,6 +337,17 @@
/* The DNS query type (default: "ns") and DNS query name (default:
/* ".") that Postfix may use to determine whether DNSSEC validation
/* is available.
+/* .PP
+/* Backported from Postfix version 3.8:
+/* .IP "\fBuse_srv_lookup (empty)\fR"
@ -957,7 +957,7 @@ index 6ca2d5c..f402876 100644
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi
@@ -1046,6 +1058,9 @@ bool var_smtp_dummy_mail_auth;
@@ -1052,6 +1064,9 @@ bool var_smtp_dummy_mail_auth;
char *var_smtp_dsn_filter;
char *var_smtp_dns_re_filter;
bool var_smtp_balance_inet_proto;
@ -967,7 +967,7 @@ index 6ca2d5c..f402876 100644
/* Special handling of 535 AUTH errors. */
char *var_smtp_sasl_auth_cache_name;
@@ -1068,6 +1083,7 @@ MAPS *smtp_pix_bug_maps;
@@ -1074,6 +1089,7 @@ MAPS *smtp_pix_bug_maps;
HBC_CHECKS *smtp_header_checks; /* limited header checks */
HBC_CHECKS *smtp_body_checks; /* limited body checks */
SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */
@ -975,7 +975,7 @@ index 6ca2d5c..f402876 100644
#ifdef USE_TLS
@@ -1351,6 +1367,14 @@ static void post_init(char *unused_name, char **argv)
@@ -1357,6 +1373,14 @@ static void post_init(char *unused_name, char **argv)
* the process lifetime.
*/
get_cli_attr(&smtp_cli_attr, argv);

17
postfix-3.5.9-coverity-fix.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/src/util/dict_inline.c b/src/util/dict_inline.c
index a416d7c..72339b2 100644
--- a/src/util/dict_inline.c
+++ b/src/util/dict_inline.c
@@ -113,9 +113,9 @@ DICT *dict_inline_open(const char *name, int open_flags, int dict_flags)
dict = dict_open3(DICT_TYPE_HT, name, open_flags, dict_flags);
dict_type_override(dict, DICT_TYPE_INLINE);
while ((nameval = mystrtokq(&cp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
- if ((nameval[0] != CHARS_BRACE[0]
- || (err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP)) == 0)
- && (err = split_qnameval(nameval, &vname, &value)) != 0)
+ if (nameval[0] == CHARS_BRACE[0])
+ err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP);
+ if (err != 0 || (err = split_qnameval(nameval, &vname, &value)) != 0)
break;
if ((dict->flags & DICT_FLAG_SRC_RHS_IS_FILE) != 0) {

12
postfix-3.5.9-glibc-234-build-fix.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/src/util/sys_defs.h b/src/util/sys_defs.h
index 99bec9b..95c78ec 100644
--- a/src/util/sys_defs.h
+++ b/src/util/sys_defs.h
@@ -802,6 +803,7 @@ extern int initgroups(const char *, int);
#define _PATH_PROCNET_IFINET6 "/proc/net/if_inet6"
#endif
#endif
+#define HAS_CLOSEFROM
#include <linux/version.h>
#if !defined(KERNEL_VERSION)
#define KERNEL_VERSION(a,b,c) (LINUX_VERSION_CODE + 1)

0
SOURCES/postfix-3.5.8-makedefs.patch → postfix-3.5.9-makedefs.patch
View File

0
SOURCES/postfix-3.5.8-whitespace-name-fix.patch → postfix-3.5.9-whitespace-name-fix.patch
View File

87
postfix-aliases Normal file
View File

@ -0,0 +1,87 @@
# Default aliases file for postfix
#
# this file should be in /etc or in /etc/postfix but if you want it in
# /etc/postfix you'll have to adjust your /etc/postfix/main.cf file accordingly
#
# Aliases in this file will NOT be expanded in the header from
# mail, but WILL be visible over networks or from /bin/mail.
#
# Following alias is required by the mail protocol, RFC 822 (and by RFC2142)
# Set it to the address of a HUMAN who deals with this system's mail problems.
#
# For various security reasons, postfix WILL NOT deliver mail as root, so
# ensure that the root alias is aliased to a HUMAN user, as otherwise
# mail may get delivered to the $default_privs user (nobody).
postmaster: root
# Many mailers use this address to represent the empty SMTP return
# path
MAILER-DAEMON: postmaster
# Common aliases for system accounts.
bin: root
daemon: root
games: root
ingres: root
nobody: root
system: root
toor: root
foo: root
falken: root
# Well-known aliases.
admin: root
manager: root
dumper: root
operator: root
# traps to catch security attacks
decode: root
moof: root
moog: root
# The following aliases are required by RFC 2142
info: staff
marketing: staff
sales: staff
support: staff
# Standard aliases also defined by RFC 2142
abuse: postmaster
# reports of network infrastructure difficulties
noc: root
# address to report secuirty problems
security: root
# DNS administrator (DNS soa records should use this)
hostmaster: root
# Usenet news service administrator
news: usenet
usenet: root
# http/web service administrator
www: webmaster
webmaster: root
# UUCP service administrator
uucp: root
# FTP administrator (especially anonymouse FTP)
ftp: root
# Commonly used group aliases:
#
staff: postmaster
office: postmaster
all: postmaster
tech: postmaster
ops: postmaster
# Person who should get root's mail. This alias
# must exist.
# CHANGE THIS LINE to an account of a HUMAN
root: postfix
# Note to the user: You must create the alias above!
# The root alias *must* exist under postfix because
# postfix runs as a non-privileged user and cannot
# touch a spool file which is UID/GID root
# The mapping to the postfix user is to ensure that root's mail
# doesn't get lost on a system installed out of the box.

0
SOURCES/postfix-chroot-update → postfix-chroot-update
View File

164
postfix-etc-init.d-postfix Normal file
View File

@ -0,0 +1,164 @@
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: - 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
#
# Based on startup script from Simon J Mudd <sjmudd@pobox.com>
# 25/02/99: Mostly s/sendmail/postfix/g by John A. Martin <jam@jamux.com>
# 23/11/00: Changes & suggestions by Ajay Ramaswamy <ajayr@bigfoot.com>
# 20/01/01: Changes to fall in line with RedHat 7.0 style
# 23/02/01: Fix a few untidy problems with help from Daniel Roesen.
### BEGIN INIT INFO
# Provides: postfix $mail-transfer-agent
# Required-Start: $local_fs $network $remote_fs
# Required-Stop: $local_fs $network $remote_fs
# Short-Description: start and stop postfix
# Description: Postfix is a Mail Transport Agent, which is the program that
# moves mail from one machine to another.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
RETVAL=0
prog="postfix"
lockfile=/var/lock/subsys/$prog
pidfile=/var/spool/postfix/pid/master.pid
ALIASESDB_STAMP=/var/lib/misc/postfix.aliasesdb-stamp
# Script to update chroot environment
CHROOT_UPDATE=/etc/postfix/chroot-update
status -p $pidfile -l $(basename $lockfile) master >/dev/null 2>&1
running=$?
conf_check() {
[ -x /usr/sbin/postfix ] || exit 5
[ -d /etc/postfix ] || exit 6
[ -d /var/spool/postfix ] || exit 5
}
make_aliasesdb() {
if [ "$(/usr/sbin/postconf -h alias_database)" == "hash:/etc/aliases" ]
then
# /etc/aliases.db may be used by other MTA, make sure nothing
# has touched it since our last newaliases call
[ /etc/aliases -nt /etc/aliases.db ] ||
[ "$ALIASESDB_STAMP" -nt /etc/aliases.db ] ||
[ "$ALIASESDB_STAMP" -ot /etc/aliases.db ] || return
/usr/bin/newaliases
touch -r /etc/aliases.db "$ALIASESDB_STAMP"
else
/usr/bin/newaliases
fi
}
start() {
[ "$EUID" != "0" ] && exit 4
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 1
conf_check
# Start daemons.
echo -n $"Starting postfix: "
make_aliasesdb >/dev/null 2>&1
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $lockfile
echo
return $RETVAL
}
stop() {
[ "$EUID" != "0" ] && exit 4
conf_check
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f $lockfile $pidfile
echo
return $RETVAL
}
reload() {
conf_check
echo -n $"Reloading postfix: "
[ -x $CHROOT_UPDATE ] && $CHROOT_UPDATE
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
conf_check
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
conf_check
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
conf_check
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
# See how we were called.
case "$1" in
start)
[ $running -eq 0 ] && exit 0
start
;;
stop)
[ $running -eq 0 ] || exit 0
stop
;;
restart|force-reload)
stop
start
;;
reload)
[ $running -eq 0 ] || exit 7
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status -p $pidfile -l $(basename $lockfile) master
;;
condrestart)
[ $running -eq 0 ] || exit 0
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 2
esac
exit $?

0
SOURCES/postfix-pam.conf → postfix-pam.conf
View File

0
SOURCES/postfix-sasl.conf → postfix-sasl.conf
View File

0
SOURCES/postfix.aliasesdb → postfix.aliasesdb
View File

0
SOURCES/postfix.service → postfix.service
View File

357
SPECS/postfix.spec → postfix.spec
View File

@ -21,12 +21,9 @@
# Postfix requires one exlusive uid/gid and a 2nd exclusive gid for its own
# use. Let me know if the second gid collides with another package.
# Be careful: Redhat's 'mail' user & group isn't unique!
%define postfix_uid 89
# It's now handled by systemd-sysusers.
%define postfix_user postfix
%define postfix_gid 89
%define postfix_group postfix
%define maildrop_group postdrop
%define maildrop_gid 90
%define postfix_config_dir %{_sysconfdir}/postfix
%define postfix_daemon_dir %{_libexecdir}/postfix
@ -48,18 +45,14 @@
Name: postfix
Summary: Postfix Mail Transport Agent
Version: 3.5.8
Release: 7%{?dist}
Version: 3.5.9
Release: 24%{?dist}
Epoch: 2
Group: System Environment/Daemons
URL: http://www.postfix.org
License: (IBM and GPLv2+) or (EPL-2.0 and GPLv2+)
Requires(post): systemd hostname
Requires(post): systemd systemd-sysv hostname
Requires(post): %{_sbindir}/alternatives
Requires(post): %{_bindir}/openssl
Requires(post): %{_bindir}/hostname
Requires(pre): %{_sbindir}/groupadd
Requires(pre): %{_sbindir}/useradd
Requires(preun): %{_sbindir}/alternatives
Requires(preun): systemd
Requires(postun): systemd
@ -71,11 +64,12 @@ Requires: policycoreutils
Provides: MTA smtpd smtpdaemon server(smtp)
Source0: ftp://ftp.porcupine.org/mirrors/postfix-release/official/%{name}-%{version}.tar.gz
Source1: postfix-etc-init.d-postfix
Source2: postfix.service
Source3: README-Postfix-SASL-RedHat.txt
Source4: postfix.aliasesdb
Source5: postfix-chroot-update
Source6: README-RedHat.txt
Source6: postfix.sysusers
# Sources 50-99 are upstream [patch] contributions
@ -99,30 +93,40 @@ Patch9: pflogsumm-1.1.5-datecalc.patch
# rhbz#1384871, sent upstream
Patch10: pflogsumm-1.1.5-ipv6-warnings-fix.patch
Patch11: postfix-3.4.4-chroot-example-fix.patch
Patch12: postfix-3.5.8-back-compat-3.3.1.patch
Patch13: postfix-3.5.8-whitespace-name-fix.patch
# rhbz#1931403, sent upstream
# unconditional glibc-2.34 API assumption, because it seems
# in RHEL-9 this feature was also backported to 2.33,
# upstream uses conditional check for 2.34 API
Patch12: postfix-3.5.9-glibc-234-build-fix.patch
# rhbz#1978901, sent upstream
Patch13: postfix-3.5.9-whitespace-name-fix.patch
Patch14: pflogsumm-1.1.5-syslog-name-underscore-fix.patch
# rhbz#1787010, patch backported from upstream
Patch15: postfix-3.5.8-SRV-resolve.patch
# rhbz#2196577, ZUUL CI uses kernel 6 and we have to add this to postfix
Patch16: postfix-3.5.8-makedefs.patch
# rhbz#1938847, backported from upstream
Patch15: postfix-3.5.9-coverity-fix.patch
# rhbz#2134789, backported feature from upstream
Patch16: postfix-3.5.9-SRV-resolve.patch
# rhbz#2193363 ZUUL CI uses kernel 6 and we have to add this to postfix
Patch17: postfix-3.5.9-makedefs.patch
# Optional patches - set the appropriate environment variables to include
# them when building the package/spec file
# Determine the different packages required for building postfix
BuildRequires: make
BuildRequires: libdb-devel, perl-generators, pkgconfig, zlib-devel
BuildRequires: systemd-units, libicu-devel, libnsl2-devel
BuildRequires: systemd-units, libicu-devel
BuildRequires: gcc, m4, findutils
BuildRequires: systemd-rpm-macros
%if 0%{?rhel} < 9
BuildRequires: libnsl2-devel
%endif
%{?with_ldap:BuildRequires: openldap-devel}
%{?with_lmdb:BuildRequires: lmdb-devel}
%{?with_sasl:BuildRequires: cyrus-sasl-devel}
%{?with_pcre:BuildRequires: pcre-devel}
%{?with_mysql:BuildRequires: mariadb-connector-c-devel}
%{?with_pgsql:BuildRequires: postgresql-devel}
%{?with_pgsql:BuildRequires: libpq-devel}
%{?with_sqlite:BuildRequires: sqlite-devel}
%{?with_cdb:BuildRequires: tinycdb-devel}
%{?with_tls:BuildRequires: openssl-devel}
@ -130,9 +134,20 @@ BuildRequires: gcc, m4, findutils
%description
Postfix is a Mail Transport Agent (MTA).
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%package sysvinit
Summary: SysV initscript for postfix
BuildArch: noarch
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires(preun): chkconfig
Requires(post): chkconfig
%description sysvinit
This package contains the SysV initscript.
%endif
%package perl-scripts
Summary: Postfix utilities written in perl
Group: Applications/System
Requires: %{name} = %{epoch}:%{version}-%{release}
# perl-scripts introduced in 2:2.5.5-2
Obsoletes: postfix < 2:2.5.5-2
@ -242,14 +257,12 @@ pushd pflogsumm-%{pflogsumm_ver}
popd
%endif
%patch11 -p1 -b .chroot-example-fix
# Improve backward compatibility with postfix-3.3.1,
# for details see rhbz#1688389
%patch12 -p1 -b .back-compat-3.3.1
# rhbz#1977732, sent upstream
%patch12 -p1 -b .glibc-234-build-fix
%patch13 -p1 -b .whitespace-name-fix
%patch14 -p1 -b .pflogsumm-1.1.5-syslog-name-underscore-fix
%patch15 -p1 -b .SRV-resolve
%patch16 -p1 -b .makedefs
%patch15 -p1 -b .coverity-fix
%patch16 -p1 -b .SRV-resolution
%patch17 -p1 -b .makedefs
for f in README_FILES/TLS_{LEGACY_,}README TLS_ACKNOWLEDGEMENTS; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
@ -259,7 +272,11 @@ done
%build
unset AUXLIBS AUXLIBS_LDAP AUXLIBS_LMDB AUXLIBS_PCRE AUXLIBS_MYSQL AUXLIBS_PGSQL AUXLIBS_SQLITE AUXLIBS_CDB
CCARGS="-fPIC -fcommon"
%if 0%{?rhel} >= 9
AUXLIBS=""
%else
AUXLIBS="-lnsl"
%endif
%ifarch s390 s390x ppc
CCARGS="${CCARGS} -fsigned-char"
@ -314,7 +331,9 @@ CCARGS="${CCARGS} -fsigned-char"
CCARGS="${CCARGS} -DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\""
CCARGS="${CCARGS} $(getconf LFS_CFLAGS)"
%if 0%{?rhel} >= 9
CCARGS="${CCARGS} -DNO_NIS"
%endif
LDFLAGS="%{?__global_ldflags} %{?_hardened_build:-Wl,-z,relro,-z,now}"
# SHLIB_RPATH is needed to find private libraries
@ -367,6 +386,9 @@ install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}
install -m 755 %{SOURCE4} %{buildroot}%{postfix_daemon_dir}/aliasesdb
install -m 755 %{SOURCE5} %{buildroot}%{postfix_daemon_dir}/chroot-update
# systemd-sysusers
install -p -D -m 0644 %{SOURCE6} %{buildroot}%{_sysusersdir}/postfix.conf
install -c auxiliary/rmail/rmail $RPM_BUILD_ROOT%{_bindir}/rmail.postfix
for i in active bounce corrupt defer deferred flush incoming private saved maildrop public pid saved trace; do
@ -396,7 +418,7 @@ install -m 644 %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/smtp.postfix
# prepare documentation
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}
cp -p %{SOURCE3} %{SOURCE6} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
cp -p %{SOURCE3} COMPATIBILITY LICENSE TLS_ACKNOWLEDGEMENTS TLS_LICENSE $RPM_BUILD_ROOT%{postfix_doc_dir}
mkdir -p $RPM_BUILD_ROOT%{postfix_doc_dir}/examples{,/chroot-setup}
cp -pr examples/{qmail-local,smtpd-policy} $RPM_BUILD_ROOT%{postfix_doc_dir}/examples
@ -502,7 +524,7 @@ fi
# Create self-signed SSL certificate
if [ ! -f %{sslkey} ]; then
umask 077
%{_bindir}/openssl genrsa 4096 > %{sslkey} 2> /dev/null
%{_bindir}/openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out %{sslkey} 2>/dev/null || echo "openssl genpkey failed"
fi
if [ ! -f %{sslcert} ]; then
@ -511,8 +533,10 @@ if [ ! -f %{sslcert} ]; then
FQDN=localhost.localdomain
fi
%{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
-subj "/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
req_cmd="%{_bindir}/openssl req -new -key %{sslkey} -x509 -sha256 -days 365 -set_serial $RANDOM -out %{sslcert} \
-subj /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=${FQDN}/emailAddress=root@${FQDN}"
# openssl-3.0 and fallback for backward compatibility with openssl < 3.0
$req_cmd -noenc -copy_extensions none 2>/dev/null || $req_cmd 2>/dev/null || echo "openssl req failed"
chmod 644 %{sslcert}
fi
@ -520,10 +544,7 @@ exit 0
%pre
# Add user and groups if necessary
%{_sbindir}/groupadd -g %{maildrop_gid} -r %{maildrop_group} 2>/dev/null
%{_sbindir}/groupadd -g %{postfix_gid} -r %{postfix_group} 2>/dev/null
%{_sbindir}/groupadd -g 12 -r mail 2>/dev/null
%{_sbindir}/useradd -d %{postfix_queue_dir} -s /sbin/nologin -g %{postfix_group} -G mail -M -r -u %{postfix_uid} %{postfix_user} 2>/dev/null
%sysusers_create_compat %{SOURCE6}
# hack, to turn man8/smtpd.8.gz into alternatives symlink (part of the rhbz#1051180 fix)
# this could be probably dropped in f23+
@ -544,6 +565,23 @@ exit 0
%postun
%systemd_postun_with_restart %{name}.service
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%post sysvinit
/sbin/chkconfig --add postfix >/dev/null 2>&1 ||:
%preun sysvinit
if [ "$1" = 0 ]; then
%{_initrddir}/postfix stop >/dev/null 2>&1 ||:
/sbin/chkconfig --del postfix >/dev/null 2>&1 ||:
fi
%postun sysvinit
[ "$1" -ge 1 ] && %{_initrddir}/postfix condrestart >/dev/null 2>&1 ||:
%triggerpostun -n postfix-sysvinit -- postfix < %{sysv2systemdnvr}
/sbin/chkconfig --add postfix >/dev/null 2>&1 || :
%endif
%triggerun -- postfix < %{sysv2systemdnvr}
%{_bindir}/systemd-sysv-convert --save postfix >/dev/null 2>&1 ||:
%{_bindir}/systemd-sysv-convert --apply postfix >/dev/null 2>&1 ||:
@ -690,6 +728,14 @@ exit 0
%ghost %attr(0644, root, root) %{_var}/lib/misc/postfix.aliasesdb-stamp
# systemd-sysusers
%{_sysusersdir}/postfix.conf
%if 0%{?fedora} < 23 && 0%{?rhel} < 9
%files sysvinit
%{_initrddir}/postfix
%endif
%files perl-scripts
%attr(0755, root, root) %{postfix_command_dir}/qshape
%attr(0644, root, root) %{_mandir}/man1/qshape*
@ -763,68 +809,231 @@ exit 0
%endif
%changelog
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-7
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-24
- Fixed possible warning when postfix is restarted
Resolves: rhbz#2162659
Resolves: rhbz#2075571
* Wed May 17 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.8-6
* Mon Aug 14 2023 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-23
- Spec cleanup
Related: rhbz#2095454
* Wed Jul 05 2023 Jonathan Wright <jonathan@almalinux.org> - 2:3.5.9-22
- Use systemd-sysusers
Resolves: rhbz#2095454
* Wed May 17 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.9-21
- Fix patch for SRV record resolution feature
Related: rhbz#1787010
Related: rhbz#2134789
* Thu May 04 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.8-5
* Thu May 04 2023 Tomas Korbar <tkorbar@redhat.com> - 2:3.5.9-20
- Backport dns SRV record resolution feature (RFC6186)
Resolves: rhbz#1787010
Resolves: rhbz#2134789
- Fix building in ZUUL CI
Resolves: rhbz#2196577
Resolves: rhbz#2193363
* Thu Feb 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-4
* Fri Aug 19 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-19
- Suppressed openssl output during SSL certificates generation
Resolves: rhbz#2041589
* Tue Feb 22 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-18
- Added SELinux workound for systemd service to work after 'postfix start'
Resolves: rhbz#2028015
Resolves: rhbz#2055915
* Mon Jan 17 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-3
* Tue Feb 15 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-17
- Fixed problem in the dict_inline found by coverity
Resolves: rhbz#1938847
* Fri Jan 28 2022 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-16
- Fixed pflogsumm to allow underscores in the syslog_name
Resolves: rhbz#1931403
Resolves: rhbz#2043059
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-2
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2:3.5.9-15
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-14
- Fixed cleanup crash when processing messages with whitespace only fullname
Resolves: rhbz#1977732
Resolves: rhbz#1978901
* Fri Nov 13 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
* Thu Aug 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-13
- Used upstream patch for fixing FTBFS with glibc-2.34
Related: rhbz#1984045
* Tue Aug 3 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-12
- Fixed openssl req command parameter
Related: rhbz#1985918
* Tue Aug 3 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-11
- Fixed FTBFS with glibc-2.34
Resolves: rhbz#1984045
* Mon Aug 2 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-10
- Fixed scriptlets to work with openssl-3.0
Resolves: rhbz#1985918
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:3.5.9-9
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Apr 22 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-8
- Fixed NIS build requirements
Resolves: rhbz#1942369
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:3.5.9-7
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Mar 24 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-6
- Disable NIS support for RHEL9+ (patch from fjanus@redhat.com)
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2:3.5.9-5
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Fri Feb 19 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-4
- Fixed sysvinit conditionals for RHEL
Resolves: rhbz#1930709
* Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 2:3.5.9-3
- rebuild for libpq ABI fix rhbz#1908268
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.5.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.9-1
- New version
Resolves: rhbz#1688389
Resolves: rhbz#1917155
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-12
* Mon Nov 9 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.8-1
- New version
Resolves: rhbz#1895644
* Mon Aug 31 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.7-1
- New version
Resolves: rhbz#1873857
* Thu Aug 6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.6-2
- Minor spec cleanup
- Added posttls-finger test tool
Resolves: rhbz#1865701
* Tue Jul 28 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.6-1
- New version
Resolves: rhbz#1860547
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 2:3.5.4-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Wed Jul 8 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.4-2
- Added support for LMDB maps
* Mon Jun 29 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.4-1
- New version
Resolves: rhbz#1851650
* Mon Jun 15 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.3-1
- New version
Resolves: rhbz#1846939
* Tue May 19 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.2-1
- New version
Resolves: rhbz#1836653
* Fri May 15 2020 Pete Walter <pwalter@fedoraproject.org> - 2:3.5.1-2
- Rebuild for ICU 67
* Mon Apr 20 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.1-1
- New version
Resolves: rhbz#1825547
* Mon Mar 16 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.5.0-1
- New version
Resolves: rhbz#1813740
* Thu Mar 12 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.10-1
- New version
Resolves: rhbz#1812987
* Mon Feb 3 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.9-1
- New version
Resolves: rhbz#1797383
- Dropped ref-search patch (upstreamed)
- Built with -fcommon to overcome FTBFS with gcc-10, problem reported upstream
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.4.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 16 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.8-2
- Fixed DNS resolver to use ref_search instead of ref_query
Resolves: rhbz#1723950
* Tue Dec 10 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-11
- Added hostname requirement
Resolves: rhbz#1666244
* Mon Nov 25 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.8-1
- New version
Resolves: rhbz#1776033
* Wed Nov 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-10
- Release bump and rebuild for relengs to be able to ship postfix-pcre,
postfix-cdb, postfix-sqlite
Resolves: rhbz#1745321
* Fri Nov 01 2019 Pete Walter <pwalter@fedoraproject.org> - 2:3.4.7-3
- Rebuild for ICU 65
* Tue Aug 6 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-9
- Release bump and rebuild for relengs to be able to ship postfix-ldap
Resolves: rhbz#1686721
* Wed Sep 25 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.7-2
- Added hostname as explicit requirement for the post scriptlet
* Tue Dec 4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-8
* Mon Sep 23 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.7-1
- New version
Resolves: rhbz#1754198
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 8 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.6-1
- New version
Resolves: rhbz#1726462
* Fri May 3 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-4
- Fixed FTBFS with new glibc due to dropped RES macros
* Fri May 3 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-3
- Added findutils as explicit requirement
Resolves: rhbz#1629057
* Tue Mar 26 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-2
- Fixed example chroot-update script
Resolves: rhbz#1398910
* Fri Mar 15 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.4-1
- New version
Resolves: rhbz#1689029
* Mon Mar 11 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.3-1
- New version
Resolves: rhbz#1687208
* Fri Mar 8 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.1-1
- New version
Resolves: rhbz#1686673
* Fri Mar 1 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.4.0-1
- New version
Resolves: rhbz#1683855
* Wed Feb 27 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.3-1
- New version
Resolves: rhbz#1683487
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2:3.3.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Pete Walter <pwalter@fedoraproject.org> - 2:3.3.1-8
- Rebuild for ICU 63
* Mon Dec 3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-7
- Fixed posttls-finger to work with unix domains
Resolves: rhbz#1602663
* Wed Nov 28 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-7
- Added m4 to BuildRequires
Resolves: rhbz#1619187
* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-6
* Mon Nov 19 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-6
- Used _prefix macro for /usr and _includedir macro for /usr/include
Resolves: rhbz#1645239
* Thu Nov 1 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-5
- Dropped sysv support from the spec
Resolves: rhbz#1636961
* Mon Aug 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.3.1-5
- Added m4 to BuildRequires
Resolves: rhbz#1619111
* Tue Jul 24 2018 Robert Scheck <robert@fedoraproject.org> - 2:3.3.1-4
- Add basic postfix TLS configuration by default (#1608050)

4
postfix.sysusers Normal file
View File

@ -0,0 +1,4 @@
u postfix 89 - /var/spool/postfix /sbin/nologin
g postdrop 90
g mail 12
m postfix mail

2
sources Normal file
View File

@ -0,0 +1,2 @@
SHA512 (pflogsumm-1.1.5.tar.gz) = 994d660692dfea38a1dd9866d15f15035657e85131c1f5a2cd82baa5bd4ad987a00939cb5233f316d2090014c52ae68ef20db0c893f8634969484e0e74678f4d
SHA512 (postfix-3.5.9.tar.gz) = 9ff3a33cdd5811e470d5c6cfa896fa76e4d3257b139deec5f420d18e34232f327b7c8496c5d13566c6f9ae1fdf8719feb9981372b2869b0208a2eb3a1daaeadd