Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2012-06-13 12:42:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2012-05-09 18:32:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2012-06-13 12:42:35.000000000 +0200 @@ -1,0 +2,18 @@ +Mon Jun 11 09:51:22 UTC 2012 - [email protected] + +- Bugfix (introduced Postfix 2.4): the event_drain() function + was comparing bitmasks incorrectly causing the program to + always wait for the full time limit. This error affected + the unused postkick command, but only after s/fifo/unix/ + in master.cf. File: util/events.c. + +- Cleanup: laptop users have always been able to avoid + unnecessary disk spin-up by doing s/fifo/unix/ in master.cf + (this is currently not supported on Solaris systems). + However, to make this work reliably, the "postqueue -f" + command must wait until its requests have reached the pickup + and qmgr servers before closing the UNIX-domain request + sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. + + +------------------------------------------------------------------- Old: ---- postfix-2.8.10.tar.bz2 New: ---- postfix-2.8.11.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.ol8eM6/_old 2012-06-13 12:42:38.000000000 +0200 +++ /var/tmp/diff_new_pack.ol8eM6/_new 2012-06-13 12:42:38.000000000 +0200 @@ -20,7 +20,7 @@ Summary: A fast, secure, and flexible mailer License: IPL-1.0 Group: Productivity/Networking/Email/Servers -Version: 2.8.10 +Version: 2.8.11 Release: 0 Url: http://www.postfix.org/ Source: %{name}-%{version}.tar.bz2 @@ -403,10 +403,6 @@ ln -s /usr/sbin/SuSEconfig.postfix /sbin/conf.d/SuSEconfig.postfix fi fi -# before fillup we need to fix something -[ \! -f %{_sysconfdir}/sysconfig/%{name} ] || %{__sed} -i \ - -e "s/POSTFIX_SMTPD_SENDERNT_RESTRICTIONS/POSTFIX_SMTPD_SENDER_RESTRICTIONS/" \ - %{_sysconfdir}/sysconfig/%{name} %{fillup_and_insserv -y postfix} %{fillup_only -an mail} %if %suse_version > 1140 ++++++ postfix-2.8.10.tar.bz2 -> postfix-2.8.11.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/HISTORY new/postfix-2.8.11/HISTORY --- old/postfix-2.8.10/HISTORY 2012-04-24 19:35:34.000000000 +0200 +++ new/postfix-2.8.11/HISTORY 2012-05-21 00:06:35.000000000 +0200 @@ -16781,3 +16781,51 @@ a patch by Victor Duchovni. Files: proto/TLS_README.html, proto/postconf.proto, tls/tls.h, tls/tls_misc.c, tls/tls_client.c, tls/tls_server.c. + +20120425 + + Workaround: bugs in 10-year old gcc versions break compilation + with #ifdef inside a macro invocation (NOT: definition). + Files: tls/tls.h, tls/tls_client.c, tls/tls_server.c. + +20120516 + + Workaround: apparently, FreeBSD 8.3 kqueue notifications + sometimes break when a dnsblog(8) process loses an accept() + race on a shared socket, resulting in repeated "connect to + private/dnsblog service: Connection refused" warnings. This + condition is unique to dnsblog(8). The postscreen(8) daemon + closes a postscreen-to-dnsblog connection as soon as it + receives a dnsblog(8) reply, resulting in hundreds or + thousands of connection requests per second. All other + multi-server daemons such as anvil(8) or proxymap(8) have + connection lifetimes ranging from 5s to 1000s depending on + server load. The workaround is for dnsblog to use the + single_server driver instead of the multi_server driver. + This one-line code change eliminates the accept() race + without any Postfix performance impact. Problem reported + by Sahil Tandon. File: dnsblog/dnsblog.c. + +20120517 + + Workaround: to avoid crashes when the OpenSSL library is + updated without "postfix reload", the Postfix TLS session + cache ID now includes the OpenSSL library version number. + Note: this problem cannot be fixed in tlsmgr(8). Code by + Victor Duchovni. Files: tls/tls_server.c, tls_client.c. + +20120520 + + Bugfix (introduced Postfix 2.4): the event_drain() function + was comparing bitmasks incorrectly causing the program to + always wait for the full time limit. This error affected + the unused postkick command, but only after s/fifo/unix/ + in master.cf. File: util/events.c. + + Cleanup: laptop users have always been able to avoid + unnecessary disk spin-up by doing s/fifo/unix/ in master.cf + (this is currently not supported on Solaris systems). + However, to make this work reliably, the "postqueue -f" + command must wait until its requests have reached the pickup + and qmgr servers before closing the UNIX-domain request + sockets. Files: postqueue/postqueue.c, postqueue/Makefile.in. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/dnsblog/dnsblog.c new/postfix-2.8.11/src/dnsblog/dnsblog.c --- old/postfix-2.8.10/src/dnsblog/dnsblog.c 2011-03-13 21:14:57.000000000 +0100 +++ new/postfix-2.8.11/src/dnsblog/dnsblog.c 2012-05-20 03:14:57.000000000 +0200 @@ -257,6 +257,7 @@ query = vstring_alloc(100); why = vstring_alloc(100); result = vstring_alloc(100); + var_use_limit = 0; } MAIL_VERSION_STAMP_DECLARE; @@ -275,9 +276,9 @@ */ MAIL_VERSION_STAMP_ALLOCATE; - multi_server_main(argc, argv, dnsblog_service, - MAIL_SERVER_TIME_TABLE, time_table, - MAIL_SERVER_POST_INIT, post_jail_init, - MAIL_SERVER_UNLIMITED, - 0); + single_server_main(argc, argv, dnsblog_service, + MAIL_SERVER_TIME_TABLE, time_table, + MAIL_SERVER_POST_INIT, post_jail_init, + MAIL_SERVER_UNLIMITED, + 0); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/global/mail_version.h new/postfix-2.8.11/src/global/mail_version.h --- old/postfix-2.8.10/src/global/mail_version.h 2012-04-24 19:27:06.000000000 +0200 +++ new/postfix-2.8.11/src/global/mail_version.h 2012-05-21 00:20:59.000000000 +0200 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120424" -#define MAIL_VERSION_NUMBER "2.8.10" +#define MAIL_RELEASE_DATE "20120520" +#define MAIL_VERSION_NUMBER "2.8.11" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/postqueue/Makefile.in new/postfix-2.8.11/src/postqueue/Makefile.in --- old/postfix-2.8.10/src/postqueue/Makefile.in 2011-01-09 23:12:07.000000000 +0100 +++ new/postfix-2.8.11/src/postqueue/Makefile.in 2012-05-21 00:04:28.000000000 +0200 @@ -61,6 +61,7 @@ postqueue.o: ../../include/attr.h postqueue.o: ../../include/clean_env.h postqueue.o: ../../include/connect.h +postqueue.o: ../../include/events.h postqueue.o: ../../include/flush_clnt.h postqueue.o: ../../include/iostuff.h postqueue.o: ../../include/mail_conf.h diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/postqueue/postqueue.c new/postfix-2.8.11/src/postqueue/postqueue.c --- old/postfix-2.8.10/src/postqueue/postqueue.c 2010-02-02 13:08:19.000000000 +0100 +++ new/postfix-2.8.11/src/postqueue/postqueue.c 2012-05-21 00:05:49.000000000 +0200 @@ -186,6 +186,7 @@ #include <safe.h> #include <connect.h> #include <valid_hostname.h> +#include <events.h> /* Global library. */ @@ -351,6 +352,7 @@ if (mail_flush_maildrop() < 0) msg_fatal_status(EX_UNAVAILABLE, "Cannot flush mail queue - mail system is down"); + event_drain(2); } /* flush_site - flush mail for site */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/tls/tls.h new/postfix-2.8.11/src/tls/tls.h --- old/postfix-2.8.10/src/tls/tls.h 2012-04-24 19:25:28.000000000 +0200 +++ new/postfix-2.8.11/src/tls/tls.h 2012-05-20 15:47:18.000000000 +0200 @@ -159,11 +159,15 @@ #define TLS_PROTOCOL_TLSv1_1 (1<<3) /* TLSv1_1 */ #else #define TLS_PROTOCOL_TLSv1_1 0 /* Unknown */ +#undef SSL_OP_NO_TLSv1_1 +#define SSL_OP_NO_TLSv1_1 0L /* Noop */ #endif #ifdef SSL_TXT_TLSV1_2 #define TLS_PROTOCOL_TLSv1_2 (1<<4) /* TLSv1_2 */ #else #define TLS_PROTOCOL_TLSv1_2 0 /* Unknown */ +#undef SSL_OP_NO_TLSv1_2 +#define SSL_OP_NO_TLSv1_2 0L /* Noop */ #endif #define TLS_KNOWN_PROTOCOLS \ ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/tls/tls_client.c new/postfix-2.8.11/src/tls/tls_client.c --- old/postfix-2.8.10/src/tls/tls_client.c 2012-04-24 19:25:28.000000000 +0200 +++ new/postfix-2.8.11/src/tls/tls_client.c 2012-05-20 15:51:01.000000000 +0200 @@ -784,6 +784,12 @@ vstring_sprintf_append(myserverid, "&c=%s", cipher_list); /* + * Finally, salt the session key with the OpenSSL library version, + * (run-time, rather than compile-time, just in case that matters). + */ + vstring_sprintf_append(myserverid, "&l=%ld", (long) SSLeay()); + + /* * Allocate a new TLScontext for the new connection and get an SSL * structure. Add the location of TLScontext to the SSL to later retrieve * the information inside the tls_verify_certificate_callback(). @@ -815,12 +821,8 @@ if (protomask != 0) SSL_set_options(TLScontext->con, ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) -#ifdef SSL_OP_NO_TLSv1_1 | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) -#endif -#ifdef SSL_OP_NO_TLSv1_2 | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) -#endif | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/tls/tls_server.c new/postfix-2.8.11/src/tls/tls_server.c --- old/postfix-2.8.10/src/tls/tls_server.c 2012-04-24 19:25:28.000000000 +0200 +++ new/postfix-2.8.11/src/tls/tls_server.c 2012-05-20 15:51:01.000000000 +0200 @@ -181,9 +181,10 @@ #define GEN_CACHE_ID(buf, id, len, service) \ do { \ - buf = vstring_alloc(2 * (len) + 1 + strlen(service) + 3); \ + buf = vstring_alloc(2 * (len + strlen(service))); \ hex_encode(buf, (char *) (id), (len)); \ vstring_sprintf_append(buf, "&s=%s", (service)); \ + vstring_sprintf_append(buf, "&l=%ld", (long) SSLeay()); \ } while (0) @@ -397,12 +398,8 @@ if (protomask != 0) SSL_CTX_set_options(server_ctx, ((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L) -#ifdef SSL_OP_NO_TLSv1_1 | ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L) -#endif -#ifdef SSL_OP_NO_TLSv1_2 | ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L) -#endif | ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L) | ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.8.10/src/util/events.c new/postfix-2.8.11/src/util/events.c --- old/postfix-2.8.10/src/util/events.c 2010-10-06 21:25:28.000000000 +0200 +++ new/postfix-2.8.11/src/util/events.c 2012-05-20 22:46:56.000000000 +0200 @@ -180,6 +180,7 @@ #define EVENT_MASK_SET(fd, mask) FD_SET((fd), (mask)) #define EVENT_MASK_ISSET(fd, mask) FD_ISSET((fd), (mask)) #define EVENT_MASK_CLR(fd, mask) FD_CLR((fd), (mask)) +#define EVENT_MASK_CMP(m1, m2) memcmp((m1), (m2), EVENT_MASK_BYTE_COUNT(m1)) #else /* @@ -226,6 +227,8 @@ (EVENT_MASK_FD_BYTE((fd), (mask)) & EVENT_MASK_FD_BIT(fd)) #define EVENT_MASK_CLR(fd, mask) \ (EVENT_MASK_FD_BYTE((fd), (mask)) &= ~EVENT_MASK_FD_BIT(fd)) +#define EVENT_MASK_CMP(m1, m2) \ + memcmp((m1)->data, (m2)->data, EVENT_MASK_BYTE_COUNT(m1)) #endif /* @@ -664,8 +667,7 @@ max_time = event_present + time_limit; while (event_present < max_time && (event_timer_head.pred != &event_timer_head - || memcmp(&zero_mask, &event_xmask, - EVENT_MASK_BYTE_COUNT(&zero_mask)) != 0)) { + || EVENT_MASK_CMP(&zero_mask, &event_xmask) != 0)) { event_loop(1); #if (EVENTS_STYLE != EVENTS_STYLE_SELECT) if (EVENT_MASK_BYTE_COUNT(&zero_mask) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
