From 566b0da6bdad7bd139f047d7d6c62aac615a1c26a3d87b3ddd546867d17a37bb Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Thu, 19 Sep 2019 06:21:01 +0000 Subject: [PATCH 1/2] - bsc#1120757 L3: File Permissions->Paranoid can cause a system hang Break loop if postfix has no permission in spool directory. - add postfix-avoid-infinit-loop-if-no-permission.patch OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=349 --- ...ix-avoid-infinit-loop-if-no-permission.patch | 17 +++++++++++++++++ postfix.changes | 7 +++++++ postfix.spec | 2 ++ 3 files changed, 26 insertions(+) create mode 100644 postfix-avoid-infinit-loop-if-no-permission.patch diff --git a/postfix-avoid-infinit-loop-if-no-permission.patch b/postfix-avoid-infinit-loop-if-no-permission.patch new file mode 100644 index 0000000..d2a5d2b --- /dev/null +++ b/postfix-avoid-infinit-loop-if-no-permission.patch @@ -0,0 +1,17 @@ +--- src/global/mail_queue.c-orig 2019-04-01 14:37:54.136169772 +0200 ++++ src/global/mail_queue.c 2019-04-01 14:42:35.191382999 +0200 +@@ -363,6 +363,14 @@ + break; + if (errno == EEXIST || errno == EISDIR) + continue; ++ /* ++ * Avoid getting into an infinite loop when we don't have permission to ++ * read temp_path ++ */ ++ if (errno == EACCES) { ++ msg_fatal("%s: create file %s: no permission", myname, STR(temp_path)); ++ break; ++ } + msg_warn("%s: create file %s: %m", myname, STR(temp_path)); + sleep(10); + } diff --git a/postfix.changes b/postfix.changes index 366dadf..60e4e8c 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly + +- bsc#1120757 L3: File Permissions->Paranoid can cause a system hang + Break loop if postfix has no permission in spool directory. + - add postfix-avoid-infinit-loop-if-no-permission.patch + ------------------------------------------------------------------- Fri Aug 9 14:50:12 UTC 2019 - chris@computersalat.de diff --git a/postfix.spec b/postfix.spec index ca01f14..f507171 100644 --- a/postfix.spec +++ b/postfix.spec @@ -73,6 +73,7 @@ Patch6: %{name}-linux45.patch Patch7: %{name}-ssl-release-buffers.patch Patch8: %{name}-vda-v14-3.0.3.patch Patch9: fix-postfix-script.patch +Patch10: %{name}-avoid-infinit-loop-if-no-permission.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -173,6 +174,7 @@ PostgreSQL. %patch7 %patch8 %patch9 +%patch10 # --------------------------------------------------------------------------- From f801426f8b62ba4bd58e9946efd8b2b0fd2aacd797fd8562dc708b2d6710acd2 Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Wed, 25 Sep 2019 09:37:32 +0000 Subject: [PATCH 2/2] Accepting request 732857 from home:marxin:branches:server:mail - Backport deprecated-RES_INSECURE1.patch in order to fix boo#1149705. OBS-URL: https://build.opensuse.org/request/show/732857 OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=350 --- deprecated-RES_INSECURE1.patch | 33 +++++++++++++++++++++++++++++++++ postfix.changes | 6 ++++++ postfix.spec | 2 ++ 3 files changed, 41 insertions(+) create mode 100644 deprecated-RES_INSECURE1.patch diff --git a/deprecated-RES_INSECURE1.patch b/deprecated-RES_INSECURE1.patch new file mode 100644 index 0000000..02faf94 --- /dev/null +++ b/deprecated-RES_INSECURE1.patch @@ -0,0 +1,33 @@ +diff --git a/postfix/src/dns/dns_str_resflags.c b/postfix/src/dns/dns_str_resflags.c +index 5f2cce5e0..472394c3a 100644 +--- a/postfix/src/dns/dns_str_resflags.c ++++ b/postfix/src/dns/dns_str_resflags.c +@@ -52,18 +52,28 @@ + static const LONG_NAME_MASK resflag_table[] = { + "RES_INIT", RES_INIT, + "RES_DEBUG", RES_DEBUG, ++#ifdef RES_AAONLY + "RES_AAONLY", RES_AAONLY, ++#endif + "RES_USEVC", RES_USEVC, ++#ifdef RES_PRIMARY + "RES_PRIMARY", RES_PRIMARY, ++#endif + "RES_IGNTC", RES_IGNTC, + "RES_RECURSE", RES_RECURSE, + "RES_DEFNAMES", RES_DEFNAMES, + "RES_STAYOPEN", RES_STAYOPEN, + "RES_DNSRCH", RES_DNSRCH, ++#ifdef RES_INSECURE1 + "RES_INSECURE1", RES_INSECURE1, ++#endif ++#ifdef RES_INSECURE2 + "RES_INSECURE2", RES_INSECURE2, ++#endif + "RES_NOALIASES", RES_NOALIASES, ++#ifdef RES_USE_INET6 + "RES_USE_INET6", RES_USE_INET6, ++#endif + #ifdef RES_ROTATE + "RES_ROTATE", RES_ROTATE, + #endif diff --git a/postfix.changes b/postfix.changes index 60e4e8c..2414080 100644 --- a/postfix.changes +++ b/postfix.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Sep 24 07:59:04 UTC 2019 - Martin Liška + +- Backport deprecated-RES_INSECURE1.patch in order to fix + boo#1149705. + ------------------------------------------------------------------- Thu Sep 19 06:20:48 UTC 2019 - Peter Varkoly diff --git a/postfix.spec b/postfix.spec index f507171..2fa29bb 100644 --- a/postfix.spec +++ b/postfix.spec @@ -74,6 +74,7 @@ Patch7: %{name}-ssl-release-buffers.patch Patch8: %{name}-vda-v14-3.0.3.patch Patch9: fix-postfix-script.patch Patch10: %{name}-avoid-infinit-loop-if-no-permission.patch +Patch11: deprecated-RES_INSECURE1.patch BuildRequires: ca-certificates BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -175,6 +176,7 @@ PostgreSQL. %patch8 %patch9 %patch10 +%patch11 -p2 # ---------------------------------------------------------------------------