Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2026-02-27 17:03:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new.29461 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Fri Feb 27 17:03:24 2026 rev:267 rq:1335249 version:3.10.8 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2026-02-13 12:45:29.579156229 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new.29461/postfix-bdb.changes 2026-02-27 17:07:52.535055534 +0100 @@ -1,0 +2,30 @@ +Tue Feb 24 20:29:28 UTC 2026 - Arjen de Korte <[email protected]> + +- update to 3.10.8 + * Improved Milter error handling for messages that arrive over a + long-lived SMTP connection, by changing the default + milter_default_action from "tempfail" to the new "shutdown" + action (i.e. disconnect the remote SMTP client). + * Bugfix (defect introduced: Postfix 2.11): "posttls-finger -v + -v -v" terminated with a panic, caused by recursive logging. + +------------------------------------------------------------------- +Mon Feb 16 20:38:07 UTC 2026 - Peter Varkoly <[email protected]> + +- (bsc#1258068) postfix main.cf.rpmnew now contains hash instead of lmdb + Adapt main.cf in %install +- (bsc#1258264) /var/spool/mail no longer 1777 +- (bsc#1258160) [QE][Build 20260212] postfix fails to deliver email + Provide missed directory and symlink as tmpfile +- (bsc#1257523) [QE][Build 20260129] postfix: missing tmpfiles + configuration for /var/spool/postfix/trace + +------------------------------------------------------------------- +Wed Jan 28 02:01:50 UTC 2026 - Peter Varkoly <[email protected]> + +- (bsc#1257199) [SELinux] postalias denied - fatal: open database /etc/aliases.lmdb: Permission denied + Add proposed ExecStartPre. +- (jsc#PED-14859) Fix packages for Immutable Mode - postfix + Pack /var/spool/postfix/* /var/lib/postfix using tmpfiles.d + +------------------------------------------------------------------- postfix.changes: same change Old: ---- postfix-3.10.7.tar.gz postfix-3.10.7.tar.gz.asc New: ---- postfix-3.10.8.tar.gz postfix-3.10.8.tar.gz.asc tmpfiles.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix-bdb.spec ++++++ --- /var/tmp/diff_new_pack.PT8hMx/_old 2026-02-27 17:07:54.067119029 +0100 +++ /var/tmp/diff_new_pack.PT8hMx/_new 2026-02-27 17:07:54.071119194 +0100 @@ -54,14 +54,14 @@ %endif %bcond_without ldap Name: postfix-bdb -Version: 3.10.7 +Version: 3.10.8 Release: 0 Summary: A fast, secure, and flexible mailer License: EPL-2.0 OR IPL-1.0 Group: Productivity/Networking/Email/Servers -URL: http://www.postfix.org -Source0: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz -Source1: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc +URL: https://www.postfix.org/ +Source0: http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-%{version}.tar.gz +Source1: http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc Source2: postfix-SUSE.tar.gz Source3: postfix-mysql.tar.bz2 #Source4: http://cdn.postfix.johnriley.me/mirrors/postfix-release/wietse.pgp#/postfix.keyring @@ -70,6 +70,7 @@ Source11: check_mail_queue Source12: postfix-user.conf Source13: postfix-vmail-user.conf +Source14: tmpfiles.conf Patch1: postfix-no-md5.patch Patch2: pointer_to_literals.patch Patch3: ipv6_disabled.patch @@ -335,11 +336,11 @@ done # --------------------------------------------------------------------------- install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ -%if 0%{?suse_version} >= 1330 mkdir -p %{buildroot}%{_sysusersdir} +mkdir -p %{buildroot}%{_tmpfilesdir}/ install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ -%endif +install -m 644 %{SOURCE14} %{buildroot}%{_tmpfilesdir}/postfix.conf #Clean up for postfix-bdb rm -rf %{buildroot}/usr/lib/debug/usr/lib/postfix/postfix-ldap.so-3.5.8-2.11.1.x86_64.debug @@ -385,18 +386,17 @@ # --------------------------------------------------------------------------- %post +%tmpfiles_create %{_tmpfilesdir}/postfix.conf %service_add_post postfix.service /sbin/ldconfig %set_permissions %{_sbindir}/postdrop %set_permissions %{_sbindir}/postlog %set_permissions %{_sbindir}/postqueue -%set_permissions /var/spool/mail/ %verifyscript -%verify_permissions %{_sbindir}/postdrop -%verify_permissions %{_sbindir}/postlog -%verify_permissions %{_sbindir}/postqueue -%verify_permissions -e /var/spool/mail/ +%verify_permissions -e %{_sbindir}/postdrop +%verify_permissions -e %{_sbindir}/postlog +%verify_permissions -e %{_sbindir}/postqueue %postun %service_del_postun postfix.service @@ -435,6 +435,8 @@ %dir %{pf_shlib_directory}/systemd %attr(0755,root,root) %{pf_shlib_directory}/systemd/* %{_unitdir}/postfix.service +%{_tmpfilesdir}/postfix.conf +%{_sysusersdir}/postfix-user.conf %{_bindir}/mailq %{_bindir}/newaliases %verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop @@ -478,24 +480,10 @@ %exclude %{_mandir}/man5/mysql_table.5* %exclude %{_mandir}/man5/pgsql_table.5* %{_mandir}/man?/*%{?ext_man} -%dir %attr(0755,root,root) /%{pf_queue_directory} -%dir %attr(0755,root,root) /%{pf_queue_directory}/pid -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/active -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/bounce -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/corrupt -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/defer -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/deferred -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/flush -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/hold -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/incoming -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/private -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/saved -%dir %attr(0700,postfix,root) /%{pf_queue_directory}/trace -%dir %attr(0730,postfix,maildrop) /%{pf_queue_directory}/maildrop -%dir %attr(0710,postfix,maildrop) /%{pf_queue_directory}/public -%if 0%{?suse_version} >= 1330 -%{_sysusersdir}/postfix-user.conf -%endif +%ghost /var/lib/postfix +%ghost /var/spool/postfix +%ghost /var/mail +%ghost %dir /var/spool/mail %if %{with lmdb} %files lmdb ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.PT8hMx/_old 2026-02-27 17:07:54.127121516 +0100 +++ /var/tmp/diff_new_pack.PT8hMx/_new 2026-02-27 17:07:54.131121681 +0100 @@ -33,7 +33,6 @@ %define pf_html_directory %{_docdir}/%{name}-doc/html %define pf_sample_directory %{_docdir}/%{name}-doc/samples %define pf_data_directory %{_localstatedir}/lib/%{name} -%define pf_database_convert %{_rundir}/%{name}-needs-convert %define mail_group mail %define unitdir %{_prefix}/lib/systemd %if 0%{?suse_version} < 1599 @@ -43,14 +42,14 @@ %endif %bcond_without ldap Name: postfix -Version: 3.10.7 +Version: 3.10.8 Release: 0 Summary: A fast, secure, and flexible mailer License: EPL-2.0 OR IPL-1.0 Group: Productivity/Networking/Email/Servers -URL: http://www.postfix.org -Source0: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz -Source1: https://de.postfix.org/ftpmirror/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc +URL: https://www.postfix.org/ +Source0: http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-%{version}.tar.gz +Source1: http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-%{version}.tar.gz.gpg2#/postfix-%{version}.tar.gz.asc Source2: %{name}-SUSE.tar.gz Source3: %{name}-mysql.tar.bz2 Source4: postfix.keyring @@ -58,6 +57,7 @@ Source11: check_mail_queue Source12: postfix-user.conf Source13: postfix-vmail-user.conf +Source14: tmpfiles.conf Patch1: %{name}-no-md5.patch Patch2: pointer_to_literals.patch Patch3: ipv6_disabled.patch @@ -293,8 +293,6 @@ install -pm 0644 %{name}-SUSE/smtp %{buildroot}%{_sysconfdir}/pam.d/smtp %endif mkdir -p %{buildroot}/%{pf_queue_directory} -mkdir -p %{buildroot}/var/spool/mail -ln -s spool/mail %{buildroot}/var/mail mkdir -p %{buildroot}%{_sysconfdir}/sasl2 install -pm 0600 %{name}-SUSE/smtpd.conf %{buildroot}%{_sysconfdir}/sasl2/smtpd.conf %{buildroot}%{_sbindir}/postconf -c %{buildroot}%{_sysconfdir}/%{name} \ @@ -372,11 +370,14 @@ install -m 755 %{SOURCE11} %{buildroot}%{_sbindir}/ mkdir -p %{buildroot}%{_sysusersdir} +mkdir -p %{buildroot}%{_tmpfilesdir}/ install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ install -m 644 %{SOURCE13} %{buildroot}%{_sysusersdir}/ - +install -m 644 %{SOURCE14} %{buildroot}%{_tmpfilesdir}/postfix.conf # posttls-finger is built but not installed install -m 755 bin/posttls-finger %{buildroot}%{_sbindir}/ + +sed -i 's/hash:/lmdb:/g' %{buildroot}%{_sysconfdir}/%{name}/main.cf # --------------------------------------------------------------------------- %pre -f postfix.pre @@ -386,15 +387,16 @@ %service_del_preun %{name}.service %post +%tmpfiles_create %{_tmpfilesdir}/postfix.conf %service_add_post %{name}.service %set_permissions %{_sbindir}/postdrop %set_permissions %{_sbindir}/postlog %set_permissions %{_sbindir}/postqueue %verifyscript -%verify_permissions %{_sbindir}/postdrop -%verify_permissions %{_sbindir}/postlog -%verify_permissions %{_sbindir}/postqueue +%verify_permissions -e %{_sbindir}/postdrop +%verify_permissions -e %{_sbindir}/postlog +%verify_permissions -e %{_sbindir}/postqueue %postun %service_del_postun %{name}.service @@ -439,6 +441,8 @@ %attr(0755,root,root) %{pf_systemd_directory}/* %{_unitdir}/%{name}.service %{_unitdir}/mail-transfer-agent.target.wants +%{_tmpfilesdir}/postfix.conf +%{_sysusersdir}/postfix-user.conf %{_bindir}/mailq %{_bindir}/newaliases %verify(not mode) %attr(2755,root,%{pf_setgid_group}) %{_sbindir}/postdrop @@ -481,27 +485,12 @@ %{pf_daemon_directory}/* %dir %{pf_meta_directory}/dynamicmaps.cf.d %dir %{pf_meta_directory}/postfix-files.d +%ghost /var/lib/postfix +%ghost /var/spool/postfix +%ghost /var/mail +%ghost %dir /var/spool/mail -%dir %attr(0700,%{name},root) %{pf_data_directory} %{_mandir}/man?/*%{?ext_man} -%dir %attr(0755,root,root) /%{pf_queue_directory} -%dir %attr(0755,root,root) /%{pf_queue_directory}/pid -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/active -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/bounce -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/corrupt -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/defer -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/deferred -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/flush -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/hold -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/incoming -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/private -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/saved -%dir %attr(0700,%{name},root) /%{pf_queue_directory}/trace -%dir %attr(0730,%{name},maildrop) /%{pf_queue_directory}/maildrop -%dir %attr(0710,%{name},maildrop) /%{pf_queue_directory}/public -%{_sysusersdir}/postfix-user.conf -/var/mail -/var/spool/mail %files devel %{_includedir}/%{name}/ ++++++ postfix-3.10.7.tar.gz -> postfix-3.10.8.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/HISTORY new/postfix-3.10.8/HISTORY --- old/postfix-3.10.7/HISTORY 2025-12-05 21:02:01.000000000 +0100 +++ new/postfix-3.10.8/HISTORY 2026-02-18 17:53:15.000000000 +0100 @@ -29258,3 +29258,24 @@ large for the stable releases. Instead, the command "make makefiles" will figure out how to make the compiler backwards-compatible. File: makedefs. + +20251208 + + Improved Milter error handling for messages that arrive + over a long-lived SMTP connection, by changing the default + milter_default_action from "tempfail" to the new "shutdown" + action (i.e. disconnect the remote SMTP client). + + The problem was that after a single Milter error, Postfix + could tempfail all messages that the client sends over a + long-lived connection, even if the Milter error was only + temporary. This problem was reported by Ankit Kulkarni. + + Files: proto/postconf.proto global/mail_params.h milter/milter8.c. + +20260217 + + Bugfix: (defect introduced: Postfix 2.11): panic() after + recursive logging loop with "posttls-finger -v -v -v". + Reported by Geert Hendrickx, diagnosed by Viktor Dukhovni, + and fixed by Wietse. Files: util/vstream.[hc], util/msg_vstream.c. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/html/postconf.5.html new/postfix-3.10.8/html/postconf.5.html --- old/postfix-3.10.7/html/postconf.5.html 2025-11-25 18:31:07.000000000 +0100 +++ new/postfix-3.10.8/html/postconf.5.html 2026-02-18 20:20:01.000000000 +0100 @@ -7363,7 +7363,7 @@ </DD> <DT><b><a name="milter_default_action">milter_default_action</a> -(default: tempfail)</b></DT><DD> +(default: see 'postconf -d <a href="postconf.5.html#milter_default_action">milter_default_action</a>' output)</b></DT><DD> <p> The default action when a Milter (mail filter) response is unavailable (for example, bad Postfix configuration or Milter @@ -7380,11 +7380,20 @@ <dt>tempfail</dt> <dd>Reject all further commands in this session with a temporary status code. </dd> +<dt>shutdown</dt> <dd>Close the SMTP connection after sending a 421 +SMTP reply. Available in Postfix 3.11, 3.10.8, 3.9.9, 3.8.15, 3.7.20, +and later. </dd> + <dt>quarantine</dt> <dd>Like "accept", but freeze the message in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd> </dl> +<p> The current default action is "shutdown", i.e. disconnect the +SMTP client. With the old "tempfail" default, Postfix could tempfail +all messages that the client sends over a long-lived connection, +even if a Milter failure is only temporary. </p> + <p> This feature is available in Postfix 2.3 and later. </p> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/man/man5/postconf.5 new/postfix-3.10.8/man/man5/postconf.5 --- old/postfix-3.10.7/man/man5/postconf.5 2025-11-25 18:31:07.000000000 +0100 +++ new/postfix-3.10.8/man/man5/postconf.5 2026-02-18 20:20:01.000000000 +0100 @@ -4496,7 +4496,7 @@ for a list of available macro names and their meanings. .PP This feature is available in Postfix 2.3 and later. -.SH milter_default_action (default: tempfail) +.SH milter_default_action (default: see 'postconf \-d milter_default_action' output) The default action when a Milter (mail filter) response is unavailable (for example, bad Postfix configuration or Milter failure). Specify one of the following: @@ -4511,12 +4511,22 @@ Reject all further commands in this session with a temporary status code. .br +.IP "shutdown" +Close the SMTP connection after sending a 421 +SMTP reply. Available in Postfix 3.11, 3.10.8, 3.9.9, 3.8.15, 3.7.20, +and later. +.br .IP "quarantine" Like "accept", but freeze the message in the "hold" queue. Available with Postfix 2.6 and later. .br .br .PP +The current default action is "shutdown", i.e. disconnect the +SMTP client. With the old "tempfail" default, Postfix could tempfail +all messages that the client sends over a long\-lived connection, +even if a Milter failure is only temporary. +.PP This feature is available in Postfix 2.3 and later. .SH milter_end_of_data_macros (default: see "postconf \-d" output) The macros that are sent to Milter (mail filter) applications diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/proto/postconf.proto new/postfix-3.10.8/proto/postconf.proto --- old/postfix-3.10.7/proto/postconf.proto 2025-11-25 18:19:06.000000000 +0100 +++ new/postfix-3.10.8/proto/postconf.proto 2026-02-18 17:51:40.000000000 +0100 @@ -12274,7 +12274,7 @@ <p> This feature is available in Postfix 2.3 and later. </p> -%PARAM milter_default_action tempfail +%PARAM milter_default_action see 'postconf -d milter_default_action' output <p> The default action when a Milter (mail filter) response is unavailable (for example, bad Postfix configuration or Milter @@ -12291,11 +12291,20 @@ <dt>tempfail</dt> <dd>Reject all further commands in this session with a temporary status code. </dd> +<dt>shutdown</dt> <dd>Close the SMTP connection after sending a 421 +SMTP reply. Available in Postfix 3.11, 3.10.8, 3.9.9, 3.8.15, 3.7.20, +and later. </dd> + <dt>quarantine</dt> <dd>Like "accept", but freeze the message in the "hold" queue. Available with Postfix 2.6 and later. </dd> </dl> +<p> The current default action is "shutdown", i.e. disconnect the +SMTP client. With the old "tempfail" default, Postfix could tempfail +all messages that the client sends over a long-lived connection, +even if a Milter failure is only temporary. </p> + <p> This feature is available in Postfix 2.3 and later. </p> %PARAM milter_connect_timeout 30s diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/src/global/mail_params.h new/postfix-3.10.8/src/global/mail_params.h --- old/postfix-3.10.7/src/global/mail_params.h 2025-10-24 16:41:15.000000000 +0200 +++ new/postfix-3.10.8/src/global/mail_params.h 2026-02-18 17:40:51.000000000 +0100 @@ -3516,7 +3516,7 @@ extern char *var_cleanup_milters; #define VAR_MILT_DEF_ACTION "milter_default_action" -#define DEF_MILT_DEF_ACTION "tempfail" +#define DEF_MILT_DEF_ACTION "shutdown" extern char *var_milt_def_action; #define VAR_MILT_CONN_MACROS "milter_connect_macros" @@ -3571,10 +3571,6 @@ #define DEF_MILT_PROTOCOL "6" extern char *var_milt_protocol; -#define VAR_MILT_DEF_ACTION "milter_default_action" -#define DEF_MILT_DEF_ACTION "tempfail" -extern char *var_milt_def_action; - #define VAR_MILT_DAEMON_NAME "milter_macro_daemon_name" #define DEF_MILT_DAEMON_NAME "$" VAR_MYHOSTNAME extern char *var_milt_daemon_name; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/src/global/mail_version.h new/postfix-3.10.8/src/global/mail_version.h --- old/postfix-3.10.7/src/global/mail_version.h 2025-12-05 21:02:59.000000000 +0100 +++ new/postfix-3.10.8/src/global/mail_version.h 2026-02-18 20:24:21.000000000 +0100 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20251205" -#define MAIL_VERSION_NUMBER "3.10.7" +#define MAIL_RELEASE_DATE "20260218" +#define MAIL_VERSION_NUMBER "3.10.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/src/milter/milter8.c new/postfix-3.10.8/src/milter/milter8.c --- old/postfix-3.10.7/src/milter/milter8.c 2025-01-07 23:25:43.000000000 +0100 +++ new/postfix-3.10.8/src/milter/milter8.c 2026-02-18 17:40:51.000000000 +0100 @@ -523,6 +523,8 @@ } if (strcasecmp(milter->def_action, "accept") == 0) { reply = 0; + } else if (strcasecmp(milter->def_action, "shutdown") == 0) { + reply = "421 4.3.5 Server configuration problem - try again later"; } else if (strcasecmp(milter->def_action, "quarantine") == 0) { reply = "Hdefault_action"; } else { @@ -557,6 +559,8 @@ reply = "550 5.5.0 Service unavailable"; } else if (strcasecmp(milter->def_action, "tempfail") == 0) { reply = "451 4.7.1 Service unavailable - try again later"; + } else if (strcasecmp(milter->def_action, "shutdown") == 0) { + reply = "421 4.7.1 Service unavailable - try again later"; } else if (strcasecmp(milter->def_action, "quarantine") == 0) { reply = "Hdefault_action"; } else { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/src/util/msg_vstream.c new/postfix-3.10.8/src/util/msg_vstream.c --- old/postfix-3.10.7/src/util/msg_vstream.c 2006-06-15 20:07:16.000000000 +0200 +++ new/postfix-3.10.8/src/util/msg_vstream.c 2026-02-18 17:52:29.000000000 +0100 @@ -80,6 +80,7 @@ msg_tag = name; msg_stream = vp; + vstream_no_debug(vp); if (first_call) { first_call = 0; msg_output(msg_vstream_print); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/src/util/vstream.c new/postfix-3.10.8/src/util/vstream.c --- old/postfix-3.10.7/src/util/vstream.c 2023-05-16 16:12:59.000000000 +0200 +++ new/postfix-3.10.8/src/util/vstream.c 2026-02-18 17:52:29.000000000 +0100 @@ -166,6 +166,9 @@ /* int vstream_fstat(stream, flags) /* VSTREAM *stream; /* int flags; +/* +/* void vstream_no_debug(stream) +/* VSTREAM *stream; /* DESCRIPTION /* The \fIvstream\fR module implements light-weight buffered I/O /* similar to the standard I/O routines. @@ -494,6 +497,10 @@ /* .IP VSTREAM_FLAG_OWN_VSTRING /* The stream 'owns' the VSTRING buffer, and is responsible /* for cleaning up when the stream is closed. +/* +/* vstream_no_debug() disables 'spontaneous' logging of output +/* activity on the last specified VSTREAM, to prevent recursive +/* logging. /* DIAGNOSTICS /* Panics: interface violations. Fatal errors: out of memory. /* SEE ALSO @@ -674,6 +681,8 @@ } \ } while (0) +static VSTREAM *vstream_log_veto; + /* vstream_buf_init - initialize buffer */ static void vstream_buf_init(VBUF *bp, int flags) @@ -771,7 +780,7 @@ used = bp->len - bp->cnt; left_over = used - to_flush; - if (msg_verbose > 2 && stream != VSTREAM_ERR) + if (msg_verbose > 2 && stream != vstream_log_veto) msg_info("%s: fd %d flush %ld", myname, stream->fd, (long) to_flush); if (to_flush < 0 || left_over < 0) msg_panic("%s: bad to_flush %ld", myname, (long) to_flush); @@ -834,7 +843,7 @@ } } } - if (msg_verbose > 2 && stream != VSTREAM_ERR && n != to_flush) + if (msg_verbose > 2 && stream != vstream_log_veto && n != to_flush) msg_info("%s: %d flushed %ld/%ld", myname, stream->fd, (long) n, (long) to_flush); } @@ -1890,6 +1899,13 @@ return (stream); } +/* vstream_no_debug - debug logging lockout */ + +void vstream_no_debug(VSTREAM *stream) +{ + vstream_log_veto = stream; +} + #ifdef TEST static void copy_line(ssize_t bufsize) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.10.7/src/util/vstream.h new/postfix-3.10.8/src/util/vstream.h --- old/postfix-3.10.7/src/util/vstream.h 2021-08-08 14:25:14.000000000 +0200 +++ new/postfix-3.10.8/src/util/vstream.h 2026-02-18 17:52:29.000000000 +0100 @@ -274,6 +274,11 @@ vstream_memreopen((VSTREAM *) 0, (string), (flags)) VSTREAM *vstream_memreopen(VSTREAM *, struct VSTRING *, int); + /* + * Debug logging lockout. + */ +extern void vstream_no_debug(VSTREAM *); + /* LICENSE /* .ad /* .fi ++++++ postfix-SUSE.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SUSE/postfix.service new/postfix-SUSE/postfix.service --- old/postfix-SUSE/postfix.service 2026-01-22 11:11:34.284777038 +0100 +++ new/postfix-SUSE/postfix.service 2026-01-28 02:57:29.346861171 +0100 @@ -40,6 +40,7 @@ Type=forking PIDFile=/var/spool/postfix/pid/master.pid ExecStartPre=-/bin/echo 'Starting mail service (Postfix)' +ExecStartPre=-/sbin/restorecon -Rv /etc/aliases* ExecStartPre=/usr/sbin/postalias /etc/aliases ExecStartPre=-/usr/bin/touch /var/spool/postfix/pid/master.pid ExecStartPre=-/sbin/restorecon -Rv /var/spool/postfix/pid/master.pid ++++++ postfix-rpmlintrc ++++++ --- /var/tmp/diff_new_pack.PT8hMx/_old 2026-02-27 17:07:57.867276522 +0100 +++ /var/tmp/diff_new_pack.PT8hMx/_new 2026-02-27 17:07:57.875276854 +0100 @@ -1,3 +1,5 @@ addFilter("W: no-%check-section") addFilter(".*[WE]:.*filelist-forbidden-fhs23.*/var/mail.*") +addFilter("W: zero-perms-ghost") +addFilter("W: binary-or-shlib-calls-gethostbyname") ++++++ tmpfiles.conf ++++++ # Type Path Mode UID GID Age Argument d /var/spool/mail 1777 root root - - L /var/mail - - - - /var/spool/mail d /var/lib/postfix 0700 postfix root - - d /var/spool/postfix 0755 root root - - d /var/spool/postfix/pid 0755 root root - - d /var/spool/postfix/active 0700 postfix root - - d /var/spool/postfix/bounce 0700 postfix root - - d /var/spool/postfix/corrupt 0700 postfix root - - d /var/spool/postfix/defer 0700 postfix root - - d /var/spool/postfix/deferred 0700 postfix root - - d /var/spool/postfix/flush 0700 postfix root - - d /var/spool/postfix/hold 0700 postfix root - - d /var/spool/postfix/incoming 0700 postfix root - - d /var/spool/postfix/private 0700 postfix root - - d /var/spool/postfix/saved 0700 postfix root - - d /var/spool/postfix/trace 0700 postfix root - - d /var/spool/postfix/maildrop 0730 postfix maildrop - - d /var/spool/postfix/public 0710 postfix maildrop - -
