From dfac6ec4c2ad7b069b67fcc3f117b9d91329c37a711d39ea4119b90ac8526e7c Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Mon, 6 Mar 2017 18:50:16 +0000 Subject: [PATCH 1/2] Accepting request 477282 from home:wrosenauer:devel Current Postfix breaks other packages' builds if they are relying on a working postfix configuration in buildroot (e.g. mailman). Postfix tries to add users and groups w/o the proper requires. I've converted the current lines with the ones documented currently here: https://en.opensuse.org/openSUSE:Packaging_guidelines#Users_and_Groups OBS-URL: https://build.opensuse.org/request/show/477282 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=254 --- postfix.changes | 5 +++++ postfix.spec | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/postfix.changes b/postfix.changes index 8a8692a..9dd8401 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org + +- make sure that system users can be created in %pre + ------------------------------------------------------------------- Sat Feb 18 14:01:35 UTC 2017 - kukuk@suse.com diff --git a/postfix.spec b/postfix.spec index 86a8f3e..d92a59b 100644 --- a/postfix.spec +++ b/postfix.spec @@ -92,9 +92,11 @@ BuildRequires: openldap2-devel BuildRequires: pcre-devel BuildRequires: pkgconfig BuildRequires: postgresql-devel +BuildRequires: shadow Requires: iproute2 Requires(pre): permissions Requires(pre): %fillup_prereq +Requires(pre): shadow Provides: smtp_daemon BuildRoot: %{_tmppath}/%{name}-%{version}-build Conflicts: sendmail exim @@ -396,10 +398,10 @@ if [ -z "$VERSIONTEST" -a -f %{pf_queue_directory}/pid/master.pid ]; then exit 1 fi fi -%{_sbindir}/groupadd -g %{pf_gid} -o -r %{name} 2> /dev/null || : -%{_sbindir}/groupadd -g %{maildrop_gid} -o -r maildrop 2> /dev/null || : -%{_sbindir}/useradd -r -o -g %{name} -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} %{name} 2> /dev/null || : -%{_sbindir}/usermod -G %{maildrop_gid},%{mail_gid} %{name} 2> /dev/null || : +getent group %{name} >/dev/null || groupadd -g %{pf_gid} -o -r %{name} +getent group maildrop >/dev/null || groupadd -g %{maildrop_gid} -o -r maildrop +getent passwd %{name} >/dev/null || useradd -r -o -g %{name} -u %{pf_uid} -s /bin/false -c "Postfix Daemon" -d /%{pf_queue_directory} %{name} +usermod -G %{maildrop_gid},%{mail_gid} %{name} # --------------------------------------------------------------------------- %pre mysql From 9d961d0071add30b7c855b3d434392e0d7eba7e78f4d4993b56461cd73937b63 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Wed, 8 Mar 2017 19:37:21 +0000 Subject: [PATCH 2/2] Accepting request 477732 from home:darix:playground - update to 3.2.0 - refresh postfix-master.cf.patch OBS-URL: https://build.opensuse.org/request/show/477732 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=255 --- postfix-3.1.4.tar.gz | 3 -- postfix-3.2.0.tar.gz | 3 ++ postfix-master.cf.patch | 55 ++----------------- postfix.changes | 116 ++++++++++++++++++++++++++++++++++++++++ postfix.spec | 2 +- 5 files changed, 124 insertions(+), 55 deletions(-) delete mode 100644 postfix-3.1.4.tar.gz create mode 100644 postfix-3.2.0.tar.gz diff --git a/postfix-3.1.4.tar.gz b/postfix-3.1.4.tar.gz deleted file mode 100644 index ea06f1c..0000000 --- a/postfix-3.1.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f33b470c47ae8b4ff199ab55dc42e86031ff0c535ccbc83069c8cff69b5bd027 -size 4340102 diff --git a/postfix-3.2.0.tar.gz b/postfix-3.2.0.tar.gz new file mode 100644 index 0000000..272d3e6 --- /dev/null +++ b/postfix-3.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:420726e79622620394fd17799e49268dada7041ea067ca3aa1c8bf155b9aa487 +size 4389547 diff --git a/postfix-master.cf.patch b/postfix-master.cf.patch index e5e2d4b..d3fbec0 100644 --- a/postfix-master.cf.patch +++ b/postfix-master.cf.patch @@ -2,7 +2,7 @@ Index: conf/master.cf =================================================================== --- conf/master.cf.orig +++ conf/master.cf -@@ -10,32 +10,38 @@ +@@ -10,6 +10,11 @@ # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - n - - smtpd @@ -14,54 +14,7 @@ Index: conf/master.cf #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd #dnsblog unix - - n - 0 dnsblog - #tlsproxy unix - - n - 0 tlsproxy - #submission inet n - n - - smtpd --# -o syslog_name=postfix/submission --# -o smtpd_tls_security_level=encrypt --# -o smtpd_sasl_auth_enable=yes --# -o smtpd_reject_unlisted_recipient=no --# -o smtpd_client_restrictions=$mua_client_restrictions --# -o smtpd_helo_restrictions=$mua_helo_restrictions --# -o smtpd_sender_restrictions=$mua_sender_restrictions --# -o smtpd_recipient_restrictions= --# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject --# -o milter_macro_daemon_name=ORIGINATING -+# -o syslog_name=postfix/submission -+# -o smtpd_tls_security_level=encrypt -+# -o smtpd_sasl_auth_enable=yes -+# -o smtpd_reject_unlisted_recipient=no -+# -o smtpd_client_restrictions=$mua_client_restrictions -+# -o smtpd_helo_restrictions=$mua_helo_restrictions -+# -o smtpd_sender_restrictions=$mua_sender_restrictions -+# -o smtpd_recipient_restrictions= -+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -+# -o milter_macro_daemon_name=ORIGINATING - #smtps inet n - n - - smtpd --# -o syslog_name=postfix/smtps --# -o smtpd_tls_wrappermode=yes --# -o smtpd_sasl_auth_enable=yes --# -o smtpd_reject_unlisted_recipient=no --# -o smtpd_client_restrictions=$mua_client_restrictions --# -o smtpd_helo_restrictions=$mua_helo_restrictions --# -o smtpd_sender_restrictions=$mua_sender_restrictions --# -o smtpd_recipient_restrictions= --# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject --# -o milter_macro_daemon_name=ORIGINATING -+# -o syslog_name=postfix/smtps -+# -o smtpd_tls_wrappermode=yes -+# -o content_filter=smtp:[127.0.0.1]:10024 -+# -o smtpd_sasl_auth_enable=yes -+# -o smtpd_reject_unlisted_recipient=no -+# -o smtpd_client_restrictions=$mua_client_restrictions -+# -o smtpd_helo_restrictions=$mua_helo_restrictions -+# -o smtpd_sender_restrictions=$mua_sender_restrictions -+# -o smtpd_recipient_restrictions= -+# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -+# -o milter_macro_daemon_name=ORIGINATING - #628 inet n - n - - qmqpd - pickup unix n - n 60 1 pickup - cleanup unix n - n - 0 cleanup -@@ -62,6 +68,27 @@ virtual unix - n n +@@ -63,6 +68,27 @@ virtual unix - n n lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache @@ -89,7 +42,7 @@ Index: conf/master.cf # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual -@@ -95,7 +122,7 @@ scache unix - - n +@@ -96,7 +122,7 @@ scache unix - - n # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe @@ -98,7 +51,7 @@ Index: conf/master.cf # # ==================================================================== # -@@ -128,3 +155,10 @@ scache unix - - n +@@ -129,3 +155,10 @@ scache unix - - n #mailman unix - n n - - pipe # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # ${nexthop} ${user} diff --git a/postfix.changes b/postfix.changes index 9dd8401..36f2993 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,119 @@ +------------------------------------------------------------------- +Mon Mar 6 21:27:38 UTC 2017 - mrueckert@suse.de + +- update to 3.2.0 + - [Feature 20170128] Postfix 3.2 fixes the handling of address + extensions with email addresses that contain spaces. For + example, the virtual_alias_maps, canonical_maps, and + smtp_generic_maps features now correctly propagate an address + extension from "aa bb+ext"@example.com to "cc + dd+ext"@other.example, instead of producing broken output. + - [Feature 20161008] "PASS" and "STRIP" actions in + header/body_checks. "STRIP" is similar to "IGNORE" but also + logs the action, and "PASS" disables header, body, and Milter + inspection for the remainder of the message content. + Contributed by Hobbit. + - [Feature 20160330] The collate.pl script by Viktor Dukhovni for + grouping Postfix logfile records into "sessions" based on queue + ID and process ID information. It's in the auxiliary/collate + directory of the Postfix source tree. + - [Feature 20160527] Postfix 3.2 cidr tables support if/endif and + negation (by prepending ! to a pattern), just like regexp and + pcre tables. The primarily purpose is to improve readability + of complex tables. See the cidr_table(5) manpage for syntax + details. + - [Incompat 20160925] In the Postfix MySQL database client, the + default option_group value has changed to "client", to enable + reading of "client" option group settings in the MySQL options + file. This fixes a "not found" problem with Postfix queries + that contain UTF8-encoded non-ASCII text. Specify an empty + option_group value (option_group =) to get backwards-compatible + behavior. + - [Feature 20161217] Stored-procedure support for MySQL + databases. Contributed by John Fawcett. See mysql_table(5) for + instructions. + - [Feature 20170128] The postmap command, and the inline: and + texthash: maps now support spaces in left-hand field of the + lookup table "source text". Use double quotes (") around a + left-hand field that contains spaces, and use backslash (\) to + protect embedded quotes in a left-hand field. There is no + change in the processing of the right-hand field. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Feature 20161024] smtpd_milter_maps support for per-client + Milter configuration that overrides smtpd_milters, and that has + the same syntax. A lookup result of "DISABLE" turns off Milter + support. See MILTER_README.html for details. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). + - [Incompat 20170129] The postqueue command no longer forces all + message arrival times to be reported in UTC. To get the old + behavior, set TZ=UTC in main.cf:import_environment (this + override is not recommended, as it affects all Postfix utities + and daemons). + - [Incompat 20161227] For safety reasons, the sendmail -C option + must specify an authorized directory: the default configuration + directory, a directory that is listed in the default main.cf + file with alternate_config_directories or + multi_instance_directories, or the command must be invoked with + root privileges (UID 0 and EUID 0). This mitigates a recurring + problem with the PHP mail() function. + - [Feature 20160625] The Postfix SMTP server now passes remote + client and local server network address and port information to + the Cyrus SASL library. Build with ``make makefiles + "CCARGS=$CCARGS -DNO_IP_CYRUS_SASL_AUTH"'' for backwards + compatibility. + - [Feature 20161103] Postfix 3.2 disables the 'transitional' + compatibility between the IDNA2003 and IDNA2008 standards for + internationalized domain names (domain names beyond the limits + of US-ASCII). + + This change makes Postfix behavior consistent with contemporary + web browsers. It affects the handling of some corner cases such + as German sz and Greek zeta. See + http://unicode.org/cldr/utility/idna.jsp for more examples. + + Specify "enable_idna2003_compatibility = yes" to restore + historical behavior (but keep in mind that the rest of the + world may not make that same choice). + - [Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API + features, so that Postfix will build without depending on + backwards-compatibility support. + + [Incompat 20161204] Postfix 3.2 removes tentative features that + were implemented before the DANE spec was finalized: + + - Support for certificate usage PKIX-EE(1), + + - The ability to disable digest agility (Postfix now behaves as + if "tls_dane_digest_agility = on"), and + + - The ability to disable support for "TLSA 2 [01] [12]" records + that specify the digest of a trust anchor (Postfix now + behaves as if "tls_dane_trust_anchor_digest_enable = yes). + - [Feature 20161217] Postfix 3.2 enables elliptic curve + negotiation with OpenSSL >= 1.0.2. This changes the default + smtpd_tls_eecdh_grade setting to "auto", and introduces a new + parameter tls_eecdh_auto_curves with the names of curves that + may be negotiated. + + The default tls_eecdh_auto_curves setting is determined at + compile time, and depends on the Postfix and OpenSSL versions. + At runtime, Postfix will skip curve names that aren't supported + by the OpenSSL library. + - [Feature 20160611] The Postfix SMTP server local IP address and + port are available in the policy delegation protocol (attribute + names: server_address, server_port), in the Milter protocol + (macro names: {daemon_addr}, {daemon_port}), and in the XCLIENT + protocol (attribute names: DESTADDR, DESTPORT). +- refresh postfix-master.cf.patch + ------------------------------------------------------------------- Mon Mar 6 14:04:13 UTC 2017 - wr@rosenauer.org diff --git a/postfix.spec b/postfix.spec index d92a59b..4a893c0 100644 --- a/postfix.spec +++ b/postfix.spec @@ -59,7 +59,7 @@ %define _unitdir /lib/systemd %endif Name: postfix -Version: 3.1.4 +Version: 3.2.0 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0