Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2026-04-23 17:04:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postfix" Thu Apr 23 17:04:12 2026 rev:270 rq:1348605 version:3.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix-bdb.changes 2026-03-11 20:50:19.741631055 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix-bdb.changes 2026-04-23 17:04:15.339864946 +0200 @@ -1,0 +2,7 @@ +Tue Apr 21 16:30:07 UTC 2026 - Peter Varkoly <[email protected]> + +- Yet another AVC denial from procmail ... (bsc#1261933) + Set FD_CLOEXEC on the file descriptor of the db file + o avoid-inherited-file-descriptor.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2026-03-11 20:50:19.765632028 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix.changes 2026-04-23 17:04:15.763882415 +0200 @@ -1,0 +2,7 @@ +Tue Apr 21 16:30:07 UTC 2026 - Peter Varkoly <[email protected]> + +- Yet another AVC denial from procmail ... (bsc#1261933) + Set FD_CLOEXEC on the file descriptor of the db file + o avoid-inherited-file-descriptor.patch + +------------------------------------------------------------------- New: ---- avoid-inherited-file-descriptor.patch ----------(New B)---------- New:/work/SRC/openSUSE:Factory/.postfix.new.11940/postfix-bdb.changes- Set FD_CLOEXEC on the file descriptor of the db file /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix-bdb.changes: o avoid-inherited-file-descriptor.patch /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix-bdb.changes- -- /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix.changes- Set FD_CLOEXEC on the file descriptor of the db file /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix.changes: o avoid-inherited-file-descriptor.patch /work/SRC/openSUSE:Factory/.postfix.new.11940/postfix.changes- ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix-bdb.spec ++++++ --- /var/tmp/diff_new_pack.sA4rkf/_old 2026-04-23 17:04:17.359948168 +0200 +++ /var/tmp/diff_new_pack.sA4rkf/_new 2026-04-23 17:04:17.363948333 +0200 @@ -79,6 +79,7 @@ Patch8: postfix-vda-v14-3.0.3.patch Patch9: fix-postfix-script.patch Patch10: postfix-avoid-infinit-loop-if-no-permission.patch +Patch11: avoid-inherited-file-descriptor.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel BuildRequires: db-devel ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.sA4rkf/_old 2026-04-23 17:04:17.435951299 +0200 +++ /var/tmp/diff_new_pack.sA4rkf/_new 2026-04-23 17:04:17.435951299 +0200 @@ -67,6 +67,7 @@ Patch9: fix-postfix-script.patch Patch10: %{name}-avoid-infinit-loop-if-no-permission.patch Patch11: set-default-db-type.patch +Patch12: avoid-inherited-file-descriptor.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel BuildRequires: diffutils @@ -233,6 +234,8 @@ export PIE=-pie # using SHLIB_RPATH to specify unrelated linker flags, because LDFLAGS is # ignored +export default_database_type=lmdb +export default_cache_db_type=lmdb %make_build makefiles pie=yes shared=yes dynamicmaps=yes \ daemon_directory=%{pf_daemon_directory} \ shlib_directory=%{_prefix}/lib/%{name} \ ++++++ avoid-inherited-file-descriptor.patch ++++++ --- src/util/slmdb.c.orig 2026-04-21 17:40:10.113564729 +0200 +++ src/util/slmdb.c 2026-04-21 17:45:12.880250346 +0200 @@ -929,6 +929,11 @@ int slmdb_open(SLMDB *slmdb, const c slmdb->cb_context = 0; slmdb->txn = txn; + /* + * Do not let open file descriptor after fork/exec + */ + int flags = fcntl(db_fd, F_GETFD); + fcntl(db_fd, F_SETFD, flags | FD_CLOEXEC); if ((status = slmdb_prepare(slmdb)) != 0) mdb_env_close(env);
