Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2015-01-22 21:47:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "postfix" Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2014-12-09 09:13:23.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2015-01-22 21:48:05.000000000 +0100 @@ -1,0 +2,14 @@ +Tue Jan 13 07:04:52 UTC 2015 - varkoly@suse.com + +- bnc#912594 config.postfix creates config based on old options + +------------------------------------------------------------------- +Tue Jan 6 14:26:51 UTC 2015 - varkoly@suse.com + +- bnc#911806 config.postfix does not set up correct saslauthd socket directory for chroot +- bnc#910265 config.postfix does not upgrade the chroot +- bnc#908003 wrong access rights on /usr/sbin/postdrop causes + permission denied when trying to send a mail as non root user +- bnc#729154 wrong permissions for some postfix components + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.M5QJTK/_old 2015-01-22 21:48:06.000000000 +0100 +++ /var/tmp/diff_new_pack.M5QJTK/_new 2015-01-22 21:48:06.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package postfix # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,7 @@ PreReq: /usr/sbin/useradd /usr/sbin/groupadd /usr/sbin/usermod PreReq: /bin/sed /bin/awk /bin/grep PreReq: textutils sh-utils fileutils pcre netcfg +PreReq: permissions %if 0%{?suse_version} > 1130 PreReq: sysvinit(syslog) sysvinit(network) %endif @@ -443,6 +444,10 @@ %{fillup_only -an mail} %if 0%{?suse_version} > 1140 %service_add_post %{name}.service +%set_permissions /usr/sbin/postqueue +%set_permissions /usr/sbin/postdrop +%verifyscript +%verify_permissions -e /usr/sbin/postqueue -e /usr/sbin/postdrop %endif /sbin/ldconfig # --------------------------------------------------------------------------- @@ -520,17 +525,28 @@ %config %attr(0755,root,root) /etc/postfix/system/* %config %{_unitdir}/system/postfix.service %endif -/usr/bin/mailq -/usr/bin/newaliases -%attr(0755, root, root) /usr/sbin/sendmail -/usr/sbin/qmqp-source -/usr/sbin/smtp-sink -/usr/sbin/smtp-source -/usr/sbin/mk%{name}cert -/usr/sbin/check_mail_queue -/usr/sbin/config.postfix -%verify(not mode group) /usr/sbin/post* -/sbin/rc%{name} +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) /usr/sbin/postdrop +%verify(not mode) %attr(2755,root,%{pf_setgid_group}) /usr/sbin/postqueue +%attr(0755,root,root) /usr/bin/mailq +%attr(0755,root,root) /usr/bin/newaliases +%attr(0755,root,root) /usr/sbin/sendmail +%attr(0755,root,root) /usr/sbin/postalias +%attr(0755,root,root) /usr/sbin/postcat +%attr(0755,root,root) /usr/sbin/postconf +%attr(0755,root,root) /usr/sbin/postfix +%attr(0755,root,root) /usr/sbin/postkick +%attr(0755,root,root) /usr/sbin/postlock +%attr(0755,root,root) /usr/sbin/postlog +%attr(0755,root,root) /usr/sbin/postmap +%attr(0755,root,root) /usr/sbin/postmulti +%attr(0755,root,root) /usr/sbin/postsuper +%attr(0755,root,root) /usr/sbin/qmqp-source +%attr(0755,root,root) /usr/sbin/smtp-sink +%attr(0755,root,root) /usr/sbin/smtp-source +%attr(0755,root,root) /usr/sbin/mkpostfixcert +%attr(0755,root,root) /usr/sbin/check_mail_queue +%attr(0755,root,root) /usr/sbin/config.postfix +%attr(0755,root,root) /sbin/rc%{name} %{_libdir}/lib* /usr/lib/sendmail %dir /usr/lib/%{name} ++++++ postfix-SuSE.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/config.postfix new/postfix-SuSE/config.postfix --- old/postfix-SuSE/config.postfix 2014-06-28 01:16:07.000000000 +0200 +++ new/postfix-SuSE/config.postfix 2015-01-13 08:04:07.000000000 +0100 @@ -92,32 +92,31 @@ fi fi if [ "$(echo "$POSTFIX_SMTP_AUTH_SERVER" | tr 'A-Z' 'a-z' )" != "no" ]; then - SASL_SOCKET_DIR="/var/run/sasl2" - CHR_SASL_SOCKET_DIR="var/run/sasl2" + SASL_SOCKET_DIR="/run/sasl2" + CHR_SASL_SOCKET_DIR="run/sasl2" fi if [ "$(echo "$POSTFIX_CHROOT" | tr 'A-Z' 'a-z' )" != "yes" ]; then # tidy-up in any case, to be safe (bnc#837561) if grep '[[:blank:]]/var/spool/postfix/proc[[:blank:]]' /proc/mounts &> /dev/null; then umount /var/spool/postfix/proc fi - if [ "$(echo "$POSTFIX_CHROOT" | tr 'A-Z' 'a-z' )" != "yes" ] ; then - if [ -d etc ]; then - echo "removing postfix chroot environment..." - fi - - if [ -n "$CHR_MYSQL_SOCKET_DIR" ]; then - if grep "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then - umount "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR - fi - fi - - if [ -n "$CHR_SASL_SOCKET_DIR" ]; then - if grep "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR /proc/mounts &> /dev/null; then - umount "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR - fi - fi - - rm -rvf etc @lib@ usr var proc + if [ -d etc ]; then + echo "removing postfix chroot environment..." + fi + + if [ -n "$CHR_MYSQL_SOCKET_DIR" ]; then + if grep "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR /proc/mounts &> /dev/null; then + umount "$PF_CHROOT"/$CHR_MYSQL_SOCKET_DIR + fi + fi + + if [ -n "$CHR_SASL_SOCKET_DIR" ]; then + if grep "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR /proc/mounts &> /dev/null; then + umount "$PF_CHROOT"/$CHR_SASL_SOCKET_DIR + fi + fi + + rm -rvf etc @lib@ usr var proc else echo "checking postfix chroot environment..." @@ -448,11 +447,11 @@ clnt_restrictions="$clnt_restrictions, reject_rbl_client $i" fi done - $PCONF -e "smtpd_client_restrictions = permit_mynetworks, $clnt_restrictions, reject_unknown_client" + $PCONF -e "smtpd_client_restrictions = permit_mynetworks, $clnt_restrictions, reject_unknown_client_hostname" else $PCONF -e \ - "smtpd_client_restrictions = permit_mynetworks, reject_unknown_client" + "smtpd_client_restrictions = permit_mynetworks, reject_unknown_reverse_client_hostname" fi $PCONF -e "smtpd_helo_required = yes" $PCONF -e "smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname" @@ -467,7 +466,7 @@ s_clnt_restrictions=$(echo ${POSTFIX_SMTPD_CLIENT_RESTRICTIONS/\ \+/,/ }) else echo 1>&2 "No smtpd_client_restrictions defined ... setting to medium ..." - s_clnt_restrictions="reject_unauth_pipelining, reject_unknown_client" + s_clnt_restrictions="reject_unauth_pipelining, reject_unknown_reverse_client_hostname" fi if [ -n "$POSTFIX_RBL_HOSTS" ]; then rblhosts=$(echo ${POSTFIX_RBL_HOSTS//,/ }) @@ -487,7 +486,7 @@ helo_restrictions=$(echo ${POSTFIX_SMTPD_HELO_RESTRICTIONS/\ \+/,/ }) $PCONF -e "smtpd_helo_restrictions = $helo_restrictions" else - $PCONF -e "smtpd_helo_restrictions = reject_unauth_pipelining, reject_unknown_client" + $PCONF -e "smtpd_helo_restrictions = reject_unauth_pipelining, reject_unknown_reverse_client_hostname" fi if [ -n "$POSTFIX_SMTPD_SENDER_RESTRICTIONS" ]; then sender_restrictions=$(echo ${POSTFIX_SMTPD_SENDER_RESTRICTIONS/\ \+/,/ }) @@ -533,14 +532,14 @@ if test "$POSTFIX_SMTP_AUTH_SERVER" == "yes"; then if [ -f /etc/sasl2/smtpd.conf ]; then grep saslauthd /etc/sasl2/smtpd.conf >/dev/null && { - checkproc -p /var/run/sasl2/saslauthd.pid /usr/sbin/saslauthd || { + checkproc -p /run/sasl2/saslauthd.pid /usr/sbin/saslauthd || { warn_user 1>&2 "You are using saslauthd as pwcheck_method in /etc/sasl2/smtpd.conf,\n\ but saslauthd is not running." } } elif [ -f /usr/@lib@/sasl2/smtpd.conf ]; then grep saslauthd /usr/@lib@/sasl2/smtpd.conf >/dev/null && { - checkproc -p /var/run/sasl2/saslauthd.pid /usr/sbin/saslauthd || { + checkproc -p /run/sasl2/saslauthd.pid /usr/sbin/saslauthd || { warn_user 1>&2 "You are using saslauthd as pwcheck_method in /usr/@lib@/sasl2/smtpd.conf,\n\ but saslauthd is not running." } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-SuSE/permissions new/postfix-SuSE/permissions --- old/postfix-SuSE/permissions 2004-04-15 18:46:30.000000000 +0200 +++ new/postfix-SuSE/permissions 2015-01-06 15:26:38.000000000 +0100 @@ -1,3 +1,6 @@ /usr/sbin/sendmail root:root 0755 /etc/postfix/sasl_passwd root:root 0600 /etc/postfix/sasl_passwd.db root:root 0600 +/usr/sbin/postqueue root:maildrop 2755 +/usr/sbin/postdrop root:maildrop 2755 + -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org