diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:46:31 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:46:31 +0000 |
commit | 32afea41ba8b7328e252ae97ca32c56f98d42a90 (patch) | |
tree | 11b25ffd59d9190c8316cd48ace4e198531d0e7d /debian/patches | |
parent | Adding upstream version 3.4.23. (diff) | |
download | postfix-32afea41ba8b7328e252ae97ca32c56f98d42a90.tar.xz postfix-32afea41ba8b7328e252ae97ca32c56f98d42a90.zip |
Adding debian version 3.4.23-0+deb10u1.debian/3.4.23-0+deb10u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
20 files changed, 1826 insertions, 0 deletions
diff --git a/debian/patches/02_kfreebsd_support.diff b/debian/patches/02_kfreebsd_support.diff new file mode 100644 index 0000000..4bce5bc --- /dev/null +++ b/debian/patches/02_kfreebsd_support.diff @@ -0,0 +1,15 @@ +Index: postfix/makedefs +=================================================================== +--- postfix.orig/makedefs ++++ postfix/makedefs +@@ -595,8 +595,8 @@ EOF + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC-gcc} -shared"} + ;; +- GNU.0*|GNU/kFreeBSD.[567]*) +- SYSTYPE=GNU0 ++ GNU.0*|GNU/kFreeBSD.*) ++ SYSTYPE=GNU0 + case "$CCARGS" in + *-DNO_DB*) ;; + *) if [ -f /usr/include/db.h ] diff --git a/debian/patches/03_ldap3_by_default.diff b/debian/patches/03_ldap3_by_default.diff new file mode 100644 index 0000000..e63ce8c --- /dev/null +++ b/debian/patches/03_ldap3_by_default.diff @@ -0,0 +1,47 @@ +Index: postfix/src/global/dict_ldap.c +=================================================================== +--- postfix.orig/src/global/dict_ldap.c 2018-02-23 02:37:11.468712118 -0500 ++++ postfix/src/global/dict_ldap.c 2018-02-23 02:37:11.460712118 -0500 +@@ -102,7 +102,7 @@ + /* How to handle LDAP aliases. See ldap.h or ldap_open(3) man page. + /* .IP version + /* Specifies the LDAP protocol version to use. Default is version +-/* \fI2\fR. ++/* \fI3\fR. + /* .IP "\fBsasl_mechs (empty)\fR" + /* Specifies a space-separated list of LDAP SASL Mechanisms. + /* .IP "\fBsasl_realm (empty)\fR" +@@ -1669,7 +1669,7 @@ + /* + * Define LDAP Protocol Version. + */ +- dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 2, 2, 0); ++ dict_ldap->version = cfg_get_int(dict_ldap->parser, "version", 3, 2, 0); + switch (dict_ldap->version) { + case 2: + dict_ldap->version = LDAP_VERSION2; +@@ -1678,9 +1678,9 @@ + dict_ldap->version = LDAP_VERSION3; + break; + default: +- msg_warn("%s: %s Unknown version %d, using 2.", myname, ldapsource, ++ msg_warn("%s: %s Unknown version %d, using 3.", myname, ldapsource, + dict_ldap->version); +- dict_ldap->version = LDAP_VERSION2; ++ dict_ldap->version = LDAP_VERSION3; + } + + #if defined(LDAP_API_FEATURE_X_OPENLDAP) +Index: postfix/man/man5/ldap_table.5 +=================================================================== +--- postfix.orig/man/man5/ldap_table.5 2018-02-23 02:37:11.468712118 -0500 ++++ postfix/man/man5/ldap_table.5 2018-02-23 02:37:11.464712118 -0500 +@@ -501,7 +501,7 @@ + .IP "\fBchase_referrals (default: 0)\fR" + Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version + 3 support). +-.IP "\fBversion (default: 2)\fR" ++.IP "\fBversion (default: 3)\fR" + Specifies the LDAP protocol version to use. + .IP "\fBdebuglevel (default: 0)\fR" + What level to set for debugging in the OpenLDAP libraries. diff --git a/debian/patches/04_remove_gdbm_support.diff b/debian/patches/04_remove_gdbm_support.diff new file mode 100644 index 0000000..e4e240b --- /dev/null +++ b/debian/patches/04_remove_gdbm_support.diff @@ -0,0 +1,13 @@ +--- a/src/util/dict_dbm.c ++++ b/src/util/dict_dbm.c +@@ -417,6 +417,10 @@ + char *dbm_path = 0; + int lock_fd; + ++#ifdef HAVE_GDBM ++ msg_fatal("%s: gdbm maps use locking that is incompatible with postfix. Use a hash map instead.", ++ path); ++#endif + /* + * Let the optimizer worry about eliminating redundant code. + */ diff --git a/debian/patches/05_debian_defaults.diff b/debian/patches/05_debian_defaults.diff new file mode 100644 index 0000000..b7bf6dd --- /dev/null +++ b/debian/patches/05_debian_defaults.diff @@ -0,0 +1,118 @@ +Index: postfix-dev/conf/main.cf +=================================================================== +--- postfix-dev.orig/conf/main.cf 2019-03-01 11:06:55.849697457 -0500 ++++ postfix-dev/conf/main.cf 2019-03-01 11:06:55.841697457 -0500 +@@ -75,7 +75,7 @@ + # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED + # USER. + # +-mail_owner = postfix ++#mail_owner = postfix + + # The default_privs parameter specifies the default rights used by + # the local delivery agent for delivery to external file or command. +@@ -114,6 +114,11 @@ + # myorigin also specifies the default domain name that is appended + # to recipient addresses that have no @domain part. + # ++# Debian GNU/Linux specific: Specifying a file name will cause the ++# first line of that file to be used as the name. The Debian default ++# is /etc/mailname. ++# ++#myorigin = /etc/mailname + #myorigin = $myhostname + #myorigin = $mydomain + +@@ -279,6 +284,7 @@ + #mynetworks = 168.100.189.0/28, 127.0.0.0/8 + #mynetworks = $config_directory/mynetworks + #mynetworks = hash:/etc/postfix/network_table ++mynetworks = 127.0.0.0/8 + + # The relay_domains parameter restricts what destinations this system will + # relay mail to. See the smtpd_recipient_restrictions description in +@@ -567,6 +573,8 @@ + # + #smtpd_banner = $myhostname ESMTP $mail_name + #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ++smtpd_banner = $myhostname ESMTP $mail_name (@@DISTRO@@) ++ + + # PARALLEL DELIVERY TO THE SAME DESTINATION + # +@@ -591,7 +599,7 @@ + # logging level when an SMTP client or server host name or address + # matches a pattern in the debug_peer_list parameter. + # +-debug_peer_level = 2 ++#debug_peer_level = 2 + + # The debug_peer_list parameter specifies an optional list of domain + # or network patterns, /file/name patterns or type:name tables. When +Index: postfix-dev/conf/main.cf.tls +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ postfix-dev/conf/main.cf.tls 2019-03-01 11:06:55.841697457 -0500 +@@ -0,0 +1,11 @@ ++ ++# TLS parameters ++smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem ++smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ++smtpd_use_tls=yes ++smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache ++smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ++ ++# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for ++# information on enabling SSL in the smtp client. ++ +Index: postfix-dev/conf/postfix-files +=================================================================== +--- postfix-dev.orig/conf/postfix-files 2019-03-01 11:06:55.849697457 -0500 ++++ postfix-dev/conf/postfix-files 2019-03-01 11:06:55.845697457 -0500 +@@ -143,27 +143,28 @@ + $mailq_path:l:$sendmail_path + $config_directory/LICENSE:f:root:-:644:1 + $config_directory/TLS_LICENSE:f:root:-:644:1 +-$config_directory/access:f:root:-:644:p1 +-$config_directory/aliases:f:root:-:644:p1 +-$config_directory/bounce.cf.default:f:root:-:644:1 +-$config_directory/canonical:f:root:-:644:p1 +-$config_directory/cidr_table:f:root:-:644:o +-$config_directory/generic:f:root:-:644:p1 +-$config_directory/generics:f:root:-:644:o +-$config_directory/header_checks:f:root:-:644:p1 +-$config_directory/install.cf:f:root:-:644:o +-$config_directory/main.cf.default:f:root:-:644:1 ++# Empty files not shipped in Debian ++#$config_directory/access:f:root:-:644:p1 ++#$config_directory/aliases:f:root:-:644:p1 ++#$config_directory/bounce.cf.default:f:root:-:644:1 ++#$config_directory/canonical:f:root:-:644:p1 ++#$config_directory/cidr_table:f:root:-:644:o ++#$config_directory/generic:f:root:-:644:p1 ++#$config_directory/generics:f:root:-:644:o ++#$config_directory/header_checks:f:root:-:644:p1 ++#$config_directory/install.cf:f:root:-:644:o ++#$config_directory/main.cf.default:f:root:-:644:1 + $config_directory/main.cf:f:root:-:644:p + $config_directory/master.cf:f:root:-:644:p +-$config_directory/pcre_table:f:root:-:644:o +-$config_directory/regexp_table:f:root:-:644:o +-$config_directory/relocated:f:root:-:644:p1 +-$config_directory/tcp_table:f:root:-:644:o +-$config_directory/transport:f:root:-:644:p1 +-$config_directory/virtual:f:root:-:644:p1 ++#$config_directory/pcre_table:f:root:-:644:o ++#$config_directory/regexp_table:f:root:-:644:o ++#$config_directory/relocated:f:root:-:644:p1 ++#$config_directory/tcp_table:f:root:-:644:o ++#$config_directory/transport:f:root:-:644:p1 ++#$config_directory/virtual:f:root:-:644:p1 + $config_directory/postfix-script:f:root:-:755:o +-$config_directory/postfix-script-sgid:f:root:-:755:o +-$config_directory/postfix-script-nosgid:f:root:-:755:o ++#$config_directory/postfix-script-sgid:f:root:-:755:o ++#$config_directory/postfix-script-nosgid:f:root:-:755:o + $config_directory/post-install:f:root:-:755:o + $manpage_directory/man1/mailq.1:f:root:-:644 + $manpage_directory/man1/newaliases.1:f:root:-:644 diff --git a/debian/patches/05_debian_manpage_differences.diff b/debian/patches/05_debian_manpage_differences.diff new file mode 100644 index 0000000..f387ab9 --- /dev/null +++ b/debian/patches/05_debian_manpage_differences.diff @@ -0,0 +1,159 @@ +Index: postfix-dev/conf/postfix-files +=================================================================== +--- postfix-dev.orig/conf/postfix-files 2019-03-01 11:07:21.045697994 -0500 ++++ postfix-dev/conf/postfix-files 2019-03-01 11:17:55.721711534 -0500 +@@ -166,79 +166,81 @@ + #$config_directory/postfix-script-sgid:f:root:-:755:o + #$config_directory/postfix-script-nosgid:f:root:-:755:o + $config_directory/post-install:f:root:-:755:o +-$manpage_directory/man1/mailq.1:f:root:-:644 +-$manpage_directory/man1/newaliases.1:f:root:-:644 +-$manpage_directory/man1/postalias.1:f:root:-:644 +-$manpage_directory/man1/postcat.1:f:root:-:644 +-$manpage_directory/man1/postconf.1:f:root:-:644 +-$manpage_directory/man1/postdrop.1:f:root:-:644 +-$manpage_directory/man1/postfix.1:f:root:-:644 +-$manpage_directory/man1/postfix-tls.1:f:root:-:644 +-$manpage_directory/man1/postkick.1:f:root:-:644 +-$manpage_directory/man1/postlock.1:f:root:-:644 +-$manpage_directory/man1/postlog.1:f:root:-:644 +-$manpage_directory/man1/postmap.1:f:root:-:644 +-$manpage_directory/man1/postmulti.1:f:root:-:644 +-$manpage_directory/man1/postqueue.1:f:root:-:644 +-$manpage_directory/man1/postsuper.1:f:root:-:644 +-$manpage_directory/man1/sendmail.1:f:root:-:644 +-$manpage_directory/man5/access.5:f:root:-:644 +-$manpage_directory/man5/aliases.5:f:root:-:644 +-$manpage_directory/man5/body_checks.5:f:root:-:644 +-$manpage_directory/man5/bounce.5:f:root:-:644 +-$manpage_directory/man5/canonical.5:f:root:-:644 +-$manpage_directory/man5/cidr_table.5:f:root:-:644 +-$manpage_directory/man5/generics.5:f:root:-:644:o +-$manpage_directory/man5/generic.5:f:root:-:644 +-$manpage_directory/man5/header_checks.5:f:root:-:644 +-$manpage_directory/man5/ldap_table.5:f:root:-:644 +-$manpage_directory/man5/lmdb_table.5:f:root:-:644 +-$manpage_directory/man5/master.5:f:root:-:644 +-$manpage_directory/man5/memcache_table.5:f:root:-:644 +-$manpage_directory/man5/mysql_table.5:f:root:-:644 +-$manpage_directory/man5/socketmap_table.5:f:root:-:644 +-$manpage_directory/man5/sqlite_table.5:f:root:-:644 +-$manpage_directory/man5/nisplus_table.5:f:root:-:644 +-$manpage_directory/man5/pcre_table.5:f:root:-:644 +-$manpage_directory/man5/pgsql_table.5:f:root:-:644 +-$manpage_directory/man5/postconf.5:f:root:-:644 +-$manpage_directory/man5/postfix-wrapper.5:f:root:-:644 +-$manpage_directory/man5/regexp_table.5:f:root:-:644 +-$manpage_directory/man5/relocated.5:f:root:-:644 +-$manpage_directory/man5/tcp_table.5:f:root:-:644 +-$manpage_directory/man5/transport.5:f:root:-:644 +-$manpage_directory/man5/virtual.5:f:root:-:644 +-$manpage_directory/man8/bounce.8:f:root:-:644 +-$manpage_directory/man8/cleanup.8:f:root:-:644 +-$manpage_directory/man8/anvil.8:f:root:-:644 +-$manpage_directory/man8/defer.8:f:root:-:644 +-$manpage_directory/man8/discard.8:f:root:-:644 +-$manpage_directory/man8/dnsblog.8:f:root:-:644 +-$manpage_directory/man8/error.8:f:root:-:644 +-$manpage_directory/man8/flush.8:f:root:-:644 +-$manpage_directory/man8/lmtp.8:f:root:-:644 +-$manpage_directory/man8/local.8:f:root:-:644 +-$manpage_directory/man8/master.8:f:root:-:644 +-$manpage_directory/man8/nqmgr.8:f:root:-:644:o +-$manpage_directory/man8/oqmgr.8:f:root:-:644: +-$manpage_directory/man8/pickup.8:f:root:-:644 +-$manpage_directory/man8/pipe.8:f:root:-:644 +-$manpage_directory/man8/postlogd.8:f:root:-:644 +-$manpage_directory/man8/postscreen.8:f:root:-:644 +-$manpage_directory/man8/proxymap.8:f:root:-:644 +-$manpage_directory/man8/qmgr.8:f:root:-:644 +-$manpage_directory/man8/qmqpd.8:f:root:-:644 +-$manpage_directory/man8/scache.8:f:root:-:644 +-$manpage_directory/man8/showq.8:f:root:-:644 +-$manpage_directory/man8/smtp.8:f:root:-:644 +-$manpage_directory/man8/smtpd.8:f:root:-:644 +-$manpage_directory/man8/spawn.8:f:root:-:644 +-$manpage_directory/man8/tlsproxy.8:f:root:-:644 +-$manpage_directory/man8/tlsmgr.8:f:root:-:644 +-$manpage_directory/man8/trace.8:f:root:-:644 +-$manpage_directory/man8/trivial-rewrite.8:f:root:-:644 +-$manpage_directory/man8/verify.8:f:root:-:644 +-$manpage_directory/man8/virtual.8:f:root:-:644 ++$manpage_directory/man1/mailq.1.gz:f:root:-:644 ++$manpage_directory/man1/newaliases.1.gz:f:root:-:644 ++$manpage_directory/man1/postalias.1.gz:f:root:-:644 ++$manpage_directory/man1/postcat.1.gz:f:root:-:644 ++$manpage_directory/man1/postconf.1.gz:f:root:-:644 ++$manpage_directory/man1/postdrop.1.gz:f:root:-:644 ++$manpage_directory/man1/postfix.1.gz:f:root:-:644 ++$manpage_directory/man1/postfix-tls.1.gz:f:root:-:644 ++$manpage_directory/man1/postkick.1.gz:f:root:-:644 ++$manpage_directory/man1/postlock.1.gz:f:root:-:644 ++$manpage_directory/man1/postlog.1.gz:f:root:-:644 ++$manpage_directory/man1/postmap.1.gz:f:root:-:644 ++$manpage_directory/man1/postmulti.1.gz:f:root:-:644 ++$manpage_directory/man1/postqueue.1.gz:f:root:-:644 ++$manpage_directory/man1/postsuper.1.gz:f:root:-:644 ++$manpage_directory/man1/sendmail.1.gz:f:root:-:644 ++$manpage_directory/man5/access.5.gz:f:root:-:644 ++$manpage_directory/man5/aliases.5.gz:f:root:-:644 ++$manpage_directory/man5/body_checks.5.gz:f:root:-:644 ++$manpage_directory/man5/bounce.5.gz:f:root:-:644 ++$manpage_directory/man5/canonical.5.gz:f:root:-:644 ++$manpage_directory/man5/cidr_table.5.gz:f:root:-:644 ++$manpage_directory/man5/generics.5.gz:f:root:-:644:o ++$manpage_directory/man5/generic.5.gz:f:root:-:644 ++$manpage_directory/man5/header_checks.5.gz:f:root:-:644 ++$manpage_directory/man5/ldap_table.5.gz:f:root:-:644 ++$manpage_directory/man5/lmdb_table.5.gz:f:root:-:644 ++$manpage_directory/man5/master.5.gz:f:root:-:644 ++$manpage_directory/man5/memcache_table.5.gz:f:root:-:644 ++$manpage_directory/man5/mysql_table.5.gz:f:root:-:644 ++$manpage_directory/man5/socketmap_table.5.gz:f:root:-:644 ++$manpage_directory/man5/sqlite_table.5.gz:f:root:-:644 ++$manpage_directory/man5/nisplus_table.5.gz:f:root:-:644 ++$manpage_directory/man5/pcre_table.5.gz:f:root:-:644 ++$manpage_directory/man5/pgsql_table.5.gz:f:root:-:644 ++$manpage_directory/man5/postconf.5.gz:f:root:-:644 ++$manpage_directory/man5/postfix-wrapper.5.gz:f:root:-:644 ++$manpage_directory/man5/regexp_table.5.gz:f:root:-:644 ++$manpage_directory/man5/relocated.5.gz:f:root:-:644 ++$manpage_directory/man5/tcp_table.5.gz:f:root:-:644 ++$manpage_directory/man5/transport.5.gz:f:root:-:644 ++$manpage_directory/man5/virtual.5.gz:f:root:-:644 ++$manpage_directory/man8/bounce.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/cleanup.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/anvil.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/defer.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/discard.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/dnsblog.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/error.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/flush.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/lmtp.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/local.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/master.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/nqmgr.8postfix.gz:f:root:-:644:o ++$manpage_directory/man8/oqmgr.8postfix.gz:f:root:-:644: ++$manpage_directory/man8/pickup.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/pipe.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/postlogd.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/postfix-add-filter.8.gz:f:root:-:644 ++$manpage_directory/man8/postfix-add-policy.8.gz:f:root:-:644 ++$manpage_directory/man8/postscreen.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/proxymap.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/qmgr.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/qmqpd.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/scache.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/showq.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/smtp.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/smtpd.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/spawn.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/tlsproxy.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/tlsmgr.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/trace.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/trivial-rewrite.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/verify.8postfix.gz:f:root:-:644 ++$manpage_directory/man8/virtual.8postfix.gz:f:root:-:644 + $sample_directory/sample-aliases.cf:f:root:-:644:o + $sample_directory/sample-auth.cf:f:root:-:644:o + $sample_directory/sample-canonical.cf:f:root:-:644:o diff --git a/debian/patches/05_debian_readme_differences.diff b/debian/patches/05_debian_readme_differences.diff new file mode 100644 index 0000000..4e594e1 --- /dev/null +++ b/debian/patches/05_debian_readme_differences.diff @@ -0,0 +1,120 @@ +Index: postfix-dev/conf/postfix-files +=================================================================== +--- postfix-dev.orig/conf/postfix-files 2019-03-01 11:19:12.133713164 -0500 ++++ postfix-dev/conf/postfix-files 2019-03-01 11:19:12.129713164 -0500 +@@ -273,65 +273,65 @@ + $sample_directory/sample-transport.cf:f:root:-:644:o + $sample_directory/sample-verify.cf:f:root:-:644:o + $sample_directory/sample-virtual.cf:f:root:-:644:o +-$readme_directory/AAAREADME:f:root:-:644 +-$readme_directory/ADDRESS_CLASS_README:f:root:-:644 +-$readme_directory/ADDRESS_REWRITING_README:f:root:-:644 +-$readme_directory/ADDRESS_VERIFICATION_README:f:root:-:644 +-$readme_directory/BACKSCATTER_README:f:root:-:644 +-$readme_directory/BASIC_CONFIGURATION_README:f:root:-:644 +-$readme_directory/BUILTIN_FILTER_README:f:root:-:644 ++$readme_directory/README.gz:f:root:-:644 ++$readme_directory/ADDRESS_CLASS_README.gz:f:root:-:644 ++$readme_directory/ADDRESS_REWRITING_README.gz:f:root:-:644 ++$readme_directory/ADDRESS_VERIFICATION_README.gz:f:root:-:644 ++$readme_directory/BACKSCATTER_README.gz:f:root:-:644 ++$readme_directory/BASIC_CONFIGURATION_README.gz:f:root:-:644 ++$readme_directory/BUILTIN_FILTER_README.gz:f:root:-:644 + $readme_directory/CDB_README:f:root:-:644 +-$readme_directory/COMPATIBILITY_README:f:root:-:644 +-$readme_directory/CONNECTION_CACHE_README:f:root:-:644 ++$readme_directory/COMPATIBILITY_README.gz:f:root:-:644 ++$readme_directory/CONNECTION_CACHE_README.gz:f:root:-:644 + $readme_directory/CONTENT_INSPECTION_README:f:root:-:644 +-$readme_directory/DATABASE_README:f:root:-:644 +-$readme_directory/DB_README:f:root:-:644 +-$readme_directory/DEBUG_README:f:root:-:644 +-$readme_directory/DSN_README:f:root:-:644 +-$readme_directory/ETRN_README:f:root:-:644 +-$readme_directory/FILTER_README:f:root:-:644 +-$readme_directory/FORWARD_SECRECY_README:f:root:-:644 +-$readme_directory/HOSTING_README:f:root:-:644:o +-$readme_directory/INSTALL:f:root:-:644 +-$readme_directory/IPV6_README:f:root:-:644 +-$readme_directory/LDAP_README:f:root:-:644 ++$readme_directory/DATABASE_README.gz:f:root:-:644 ++$readme_directory/DB_README.gz:f:root:-:644 ++$readme_directory/DEBUG_README.gz:f:root:-:644 ++$readme_directory/DSN_README.gz:f:root:-:644 ++$readme_directory/ETRN_README.gz:f:root:-:644 ++$readme_directory/FILTER_README.gz:f:root:-:644 ++$readme_directory/FORWARD_SECRECY_README.gz:f:root:-:644 ++#$readme_directory/HOSTING_README:f:root:-:644:o ++#$readme_directory/INSTALL:f:root:-:644 ++$readme_directory/IPV6_README.gz:f:root:-:644 ++$readme_directory/LDAP_README.gz:f:root:-:644 + $readme_directory/LINUX_README:f:root:-:644 +-$readme_directory/LMDB_README:f:root:-:644 +-$readme_directory/LOCAL_RECIPIENT_README:f:root:-:644 ++$readme_directory/LMDB_README.gz:f:root:-:644 ++$readme_directory/LOCAL_RECIPIENT_README.gz:f:root:-:644 + $readme_directory/MACOSX_README:f:root:-:644:o +-$readme_directory/MAILDROP_README:f:root:-:644 ++$readme_directory/MAILDROP_README.gz:f:root:-:644 + $readme_directory/MEMCACHE_README:f:root:-:644 +-$readme_directory/MILTER_README:f:root:-:644 +-$readme_directory/MULTI_INSTANCE_README:f:root:-:644 +-$readme_directory/MYSQL_README:f:root:-:644 ++$readme_directory/MILTER_README.gz:f:root:-:644 ++$readme_directory/MULTI_INSTANCE_README.gz:f:root:-:644 ++$readme_directory/MYSQL_README.gz:f:root:-:644 + $readme_directory/SQLITE_README:f:root:-:644 +-$readme_directory/NFS_README:f:root:-:644 +-$readme_directory/OVERVIEW:f:root:-:644 +-$readme_directory/PACKAGE_README:f:root:-:644 ++$readme_directory/NFS_README.gz:f:root:-:644 ++$readme_directory/OVERVIEW.gz:f:root:-:644 ++$readme_directory/PACKAGE_README.gz:f:root:-:644 + $readme_directory/PCRE_README:f:root:-:644 +-$readme_directory/PGSQL_README:f:root:-:644 +-$readme_directory/POSTSCREEN_README:f:root:-:644 ++$readme_directory/PGSQL_README.gz:f:root:-:644 ++$readme_directory/POSTSCREEN_README.gz:f:root:-:644 + $readme_directory/QMQP_README:f:root:-:644:o +-$readme_directory/QSHAPE_README:f:root:-:644 +-$readme_directory/RELEASE_NOTES:f:root:-:644 +-$readme_directory/RESTRICTION_CLASS_README:f:root:-:644 +-$readme_directory/SASL_README:f:root:-:644 +-$readme_directory/SCHEDULER_README:f:root:-:644 +-$readme_directory/SMTPD_ACCESS_README:f:root:-:644 +-$readme_directory/SMTPD_POLICY_README:f:root:-:644 +-$readme_directory/SMTPD_PROXY_README:f:root:-:644 +-$readme_directory/SOHO_README:f:root:-:644 +-$readme_directory/STANDARD_CONFIGURATION_README:f:root:-:644 +-$readme_directory/STRESS_README:f:root:-:644 +-$readme_directory/TLS_LEGACY_README:f:root:-:644 +-$readme_directory/TLS_README:f:root:-:644 +-$readme_directory/TUNING_README:f:root:-:644 ++$readme_directory/QSHAPE_README.gz:f:root:-:644 ++$readme_directory/RELEASE_NOTES.gz:f:root:-:644 ++$readme_directory/RESTRICTION_CLASS_README.gz:f:root:-:644 ++$readme_directory/SASL_README.gz:f:root:-:644 ++$readme_directory/SCHEDULER_README.gz:f:root:-:644 ++$readme_directory/SMTPD_ACCESS_README.gz:f:root:-:644 ++$readme_directory/SMTPD_POLICY_README.gz:f:root:-:644 ++$readme_directory/SMTPD_PROXY_README.gz:f:root:-:644 ++$readme_directory/SOHO_README.gz:f:root:-:644 ++$readme_directory/STANDARD_CONFIGURATION_README.gz:f:root:-:644 ++$readme_directory/STRESS_README.gz:f:root:-:644 ++$readme_directory/TLS_LEGACY_README.gz:f:root:-:644 ++$readme_directory/TLS_README.gz:f:root:-:644 ++$readme_directory/TUNING_README.gz:f:root:-:644 + $readme_directory/ULTRIX_README:f:root:-:644 +-$readme_directory/UUCP_README:f:root:-:644 +-$readme_directory/VERP_README:f:root:-:644 +-$readme_directory/VIRTUAL_README:f:root:-:644 +-$readme_directory/XCLIENT_README:f:root:-:644 +-$readme_directory/XFORWARD_README:f:root:-:644 ++$readme_directory/UUCP_README.gz:f:root:-:644 ++$readme_directory/VERP_README.gz:f:root:-:644 ++$readme_directory/VIRTUAL_README.gz:f:root:-:644 ++$readme_directory/XCLIENT_README.gz:f:root:-:644 ++$readme_directory/XFORWARD_README.gz:f:root:-:644 + $html_directory/ADDRESS_CLASS_README.html:f:root:-:644 + $html_directory/ADDRESS_REWRITING_README.html:f:root:-:644 + $html_directory/ADDRESS_VERIFICATION_README.html:f:root:-:644 diff --git a/debian/patches/06_debian_paths.diff b/debian/patches/06_debian_paths.diff new file mode 100644 index 0000000..3a71195 --- /dev/null +++ b/debian/patches/06_debian_paths.diff @@ -0,0 +1,110 @@ +Index: postfix-dev/conf/main.cf +=================================================================== +--- postfix-dev.orig/conf/main.cf 2019-03-01 11:19:20.961713352 -0500 ++++ postfix-dev/conf/main.cf 2019-03-01 11:19:20.953713352 -0500 +@@ -47,7 +47,7 @@ + # See the files in examples/chroot-setup for setting up Postfix chroot + # environments on different UNIX systems. + # +-queue_directory = /var/spool/postfix ++#queue_directory = /var/spool/postfix + + # The command_directory parameter specifies the location of all + # postXXX commands. +@@ -58,7 +58,7 @@ + # daemon programs (i.e. programs listed in the master.cf file). This + # directory must be owned by root. + # +-daemon_directory = /usr/libexec/postfix ++daemon_directory = /usr/lib/postfix/sbin + + # The data_directory parameter specifies the location of Postfix-writable + # data files (caches, random numbers). This directory must be owned +@@ -465,8 +465,8 @@ + # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN + # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER. + # +-#mailbox_command = /some/where/procmail +-#mailbox_command = /some/where/procmail -a "$EXTENSION" ++#mailbox_command = /usr/bin/procmail ++#mailbox_command = /usr/bin/procmail -a "$EXTENSION" + + # The mailbox_transport specifies the optional transport in master.cf + # to use after processing aliases and .forward files. This parameter +Index: postfix-dev/examples/smtpd-policy/greylist.pl +=================================================================== +--- postfix-dev.orig/examples/smtpd-policy/greylist.pl 2019-03-01 11:19:20.961713352 -0500 ++++ postfix-dev/examples/smtpd-policy/greylist.pl 2019-03-01 11:19:20.953713352 -0500 +@@ -73,7 +73,7 @@ + # In case of database corruption, this script saves the database as + # $database_name.time(), so that the mail system does not get stuck. + # +-$database_name="/var/mta/greylist.db"; ++$database_name="/var/lib/postfix/greylist.db"; + $greylist_delay=60; + + # +Index: postfix-dev/makedefs +=================================================================== +--- postfix.orig/makedefs ++++ postfix/makedefs +@@ -496,11 +496,18 @@ case "$SYSTEM.$RELEASE" in + exit 1 + fi + SYSLIBS="-ldb" ++ SEARCHDIRS=$(${CC-gcc} -print-search-dirs 2>/dev/null | ++ sed -n '/^libraries: =/s/libraries: =//p' | ++ sed -e 's/:/\n/g' | xargs -n1 readlink -f | ++ grep -v 'gcc\|/[0-9.]\+$' | sort -u) ++ if [ -z "$SEARCHDIRS" ]; then ++ SEARCHDIRS="/usr/lib64 /lib64 /usr/lib /lib" ++ fi + ;; + esac + for name in nsl resolv $GDBM_LIBS + do +- for lib in /usr/lib64 /lib64 /usr/lib /lib ++ for lib in $SEARCHDIRS + do + test -e $lib/lib$name.a -o -e $lib/lib$name.so && { + SYSLIBS="$SYSLIBS -l$name" +@@ -575,11 +582,18 @@ EOF + exit 1 + fi + SYSLIBS="-ldb" ++ SEARCHDIRS=$(${CC-gcc} -print-search-dirs 2>/dev/null | ++ sed -n '/^libraries: =/s/libraries: =//p' | ++ sed -e 's/:/\n/g' | xargs -n1 readlink -f | ++ grep -v 'gcc\|/[0-9.]\+$' | sort -u) ++ if [ -z "$SEARCHDIRS" ]; then ++ SEARCHDIRS="/usr/lib64 /lib64 /usr/lib /lib" ++ fi + ;; + esac + for name in nsl resolv + do +- for lib in /usr/lib64 /lib64 /usr/lib /usr/lib/* /lib /lib/* ++ for lib in $SEARCHDIRS + do + test -e $lib/lib$name.a -o -e $lib/lib$name.so && { + SYSLIBS="$SYSLIBS -l$name" +@@ -613,11 +627,18 @@ EOF + exit 1 + fi + SYSLIBS="-ldb" ++ SEARCHDIRS=$(${CC-gcc} -print-search-dirs 2>/dev/null | ++ sed -n '/^libraries: =/s/libraries: =//p' | ++ sed -e 's/:/\n/g' | xargs -n1 readlink -f | ++ grep -v 'gcc\|/[0-9.]\+$' | sort -u) ++ if [ -z "$SEARCHDIRS" ]; then ++ SEARCHDIRS="/usr/lib64 /lib64 /usr/lib /lib" ++ fi + ;; + esac + for name in nsl resolv + do +- for lib in /usr/lib64 /lib64 /usr/lib /lib ++ for lib in $SEARCHDIRS + do + test -e $lib/lib$name.a -o -e $lib/lib$name.so && { + SYSLIBS="$SYSLIBS -l$name" diff --git a/debian/patches/07_sasl_config.diff b/debian/patches/07_sasl_config.diff new file mode 100644 index 0000000..ecdcbdd --- /dev/null +++ b/debian/patches/07_sasl_config.diff @@ -0,0 +1,95 @@ +Index: postfix-dev/src/xsasl/xsasl_cyrus_client.c +=================================================================== +--- postfix-dev.orig/src/xsasl/xsasl_cyrus_client.c 2019-03-01 11:19:26.777713476 -0500 ++++ postfix-dev/src/xsasl/xsasl_cyrus_client.c 2019-03-01 11:19:26.769713476 -0500 +@@ -229,6 +229,9 @@ + */ + static sasl_callback_t callbacks[] = { + {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, 0}, ++#ifdef SASL_CB_GETCONFPATH ++ {SASL_CB_GETCONFPATH,&xsasl_getconfpath, 0}, ++#endif + {SASL_CB_LIST_END, 0, 0} + }; + +Index: postfix-dev/src/xsasl/xsasl_cyrus_common.h +=================================================================== +--- postfix-dev.orig/src/xsasl/xsasl_cyrus_common.h 2019-03-01 11:19:26.777713476 -0500 ++++ postfix-dev/src/xsasl/xsasl_cyrus_common.h 2019-03-01 11:19:26.769713476 -0500 +@@ -16,12 +16,18 @@ + */ + #if defined(USE_SASL_AUTH) && defined(USE_CYRUS_SASL) + ++#include <sasl.h> ++ + #define NO_SASL_LANGLIST ((const char *) 0) + #define NO_SASL_OUTLANG ((const char **) 0) + #define xsasl_cyrus_strerror(status) \ + sasl_errstring((status), NO_SASL_LANGLIST, NO_SASL_OUTLANG) + extern int xsasl_cyrus_log(void *, int, const char *); + extern int xsasl_cyrus_security_parse_opts(const char *); ++extern int xsasl_getpath(void * context, char ** path); ++#ifdef SASL_CB_GETCONFPATH ++extern int xsasl_getconfpath(void * context, char ** path); ++#endif + + #endif + +Index: postfix-dev/src/xsasl/xsasl_cyrus_log.c +=================================================================== +--- postfix-dev.orig/src/xsasl/xsasl_cyrus_log.c 2019-03-01 11:19:26.777713476 -0500 ++++ postfix-dev/src/xsasl/xsasl_cyrus_log.c 2019-03-01 11:19:26.769713476 -0500 +@@ -28,10 +28,16 @@ + /* System library. */ + + #include <sys_defs.h> ++#include <string.h> + + /* Utility library. */ + + #include <msg.h> ++#include <stringops.h> ++ ++/* Global library. */ ++ ++#include <mail_params.h> + + /* Application-specific */ + +@@ -101,4 +107,22 @@ + return (SASL_OK); + } + ++int xsasl_getpath(void * context, char ** path) ++{ ++#if SASL_VERSION_MAJOR >= 2 ++ *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl2", (char *) 0); ++#else ++ *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0); ++#endif ++ return SASL_OK; ++} ++ ++#ifdef SASL_CB_GETCONFPATH ++int xsasl_getconfpath(void * context, char ** path) ++{ ++ *path = concatenate(var_config_dir, "/", "sasl:/usr/lib/sasl", (char *) 0); ++ return SASL_OK; ++} ++#endif ++ + #endif +Index: postfix-dev/src/xsasl/xsasl_cyrus_server.c +=================================================================== +--- postfix-dev.orig/src/xsasl/xsasl_cyrus_server.c 2019-03-01 11:19:26.777713476 -0500 ++++ postfix-dev/src/xsasl/xsasl_cyrus_server.c 2019-03-01 11:19:26.773713476 -0500 +@@ -181,6 +181,9 @@ + + static sasl_callback_t callbacks[] = { + {SASL_CB_LOG, (XSASL_CYRUS_CB) &xsasl_cyrus_log, NO_CALLBACK_CONTEXT}, ++#ifdef SASL_CB_GETCONFPATH ++ {SASL_CB_GETCONFPATH,&xsasl_getconfpath, 0}, ++#endif + {SASL_CB_LIST_END, 0, 0} + }; + diff --git a/debian/patches/09_quiet_startup.diff b/debian/patches/09_quiet_startup.diff new file mode 100644 index 0000000..f87388e --- /dev/null +++ b/debian/patches/09_quiet_startup.diff @@ -0,0 +1,86 @@ +Index: postfix-dev/conf/postfix-script +=================================================================== +--- postfix-dev.orig/conf/postfix-script 2019-03-01 11:19:36.053713674 -0500 ++++ postfix-dev/conf/postfix-script 2019-03-01 11:19:36.049713674 -0500 +@@ -47,6 +47,13 @@ + FATAL="$LOGGER -p fatal" + PANIC="$LOGGER -p panic" + ++if [ "X${1#quiet-}" != "X${1}" ]; then ++ INFO=: ++ x=${1#quiet-} ++ shift ++ set -- $x "$@" ++fi ++ + umask 022 + SHELL=/bin/sh + +@@ -122,6 +129,20 @@ + echo "Stop postfix" + ;; + ++quick-start) ++ ++ $daemon_directory/master -t 2>/dev/null || { ++ $FATAL the Postfix mail system is already running ++ exit 1 ++ } ++ $daemon_directory/postfix-script quick-check || { ++ $FATAL Postfix integrity check failed! ++ exit 1 ++ } ++ $INFO starting the Postfix mail system ++ $daemon_directory/master & ++ ;; ++ + start|start-fg) + + $daemon_directory/master -t 2>/dev/null || { +@@ -189,7 +210,7 @@ + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running +- exit 1 ++ exit 0 + } + $INFO stopping the Postfix mail system + kill `sed 1q pid/master.pid` +@@ -208,7 +229,7 @@ + + $daemon_directory/master -t 2>/dev/null && { + $FATAL the Postfix mail system is not running +- exit 1 ++ exit 0 + } + $INFO aborting the Postfix mail system + kill `sed 1q pid/master.pid` +@@ -252,12 +273,11 @@ + exit 0 + ;; + +- +-check-fatal) ++quick-check) + # This command is NOT part of the public interface. + + $SHELL $daemon_directory/post-install create-missing || { +- $FATAL unable to create missing queue directories ++ $WARN unable to create missing queue directories + exit 1 + } + +@@ -267,6 +287,13 @@ + $FATAL no $config_directory/master.cf file found + exit 1 + } ++ exit 0 ++ ;; ++ ++check-fatal) ++ # This command is NOT part of the public interface. ++ ++ $daemon_directory/postfix-script quick-check + + maillog_file=`$command_directory/postconf -h maillog_file` || { + $FATAL cannot execute $command_directory/postconf! diff --git a/debian/patches/10_openssl_version_check.diff b/debian/patches/10_openssl_version_check.diff new file mode 100644 index 0000000..b282f81 --- /dev/null +++ b/debian/patches/10_openssl_version_check.diff @@ -0,0 +1,32 @@ +Index: postfix/src/tls/tls_misc.c +=================================================================== +--- postfix.orig/src/tls/tls_misc.c ++++ postfix/src/tls/tls_misc.c +@@ -1258,26 +1258,7 @@ static void tls_version_split(unsigned l + + void tls_check_version(void) + { +- TLS_VINFO hdr_info; +- TLS_VINFO lib_info; +- +- tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info); +- tls_version_split(OpenSSL_version_num(), &lib_info); +- +- /* +- * Warn if run-time library is different from compile-time library, +- * allowing later run-time "micro" versions starting with 1.1.0. +- */ +- if (lib_info.major != hdr_info.major +- || lib_info.minor != hdr_info.minor +- || (lib_info.micro != hdr_info.micro +- && (lib_info.micro < hdr_info.micro +- || hdr_info.major == 0 +- || (hdr_info.major == 1 && hdr_info.minor == 0)))) +- msg_warn("run-time library vs. compile-time header version mismatch: " +- "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d", +- lib_info.major, lib_info.minor, lib_info.micro, +- hdr_info.major, hdr_info.minor, hdr_info.micro); ++ /* Debian will change the soname if openssl is ever incompatible. */ + } + + /* tls_compile_version - compile-time OpenSSL version */ diff --git a/debian/patches/12_add_bind_now_and_relro_to_pie.diff b/debian/patches/12_add_bind_now_and_relro_to_pie.diff new file mode 100644 index 0000000..214d4d7 --- /dev/null +++ b/debian/patches/12_add_bind_now_and_relro_to_pie.diff @@ -0,0 +1,26 @@ +Subject: add immediate binding and relro when enabling position independent + executables +Author: Steve Beattie <steve.beattie@canonical.com> + +When enabling position independent executables (-pie) to get better +Address Space Layout Protection, using immediate binding (linking with +"-z now") gives better protection as well. Added relro to the patch as well +since it seems to have gotten lost somewhere (ScottK/2016-07-29). + +--- + makedefs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: postfix-dev/makedefs +=================================================================== +--- postfix.orig/makedefs ++++ postfix/makedefs +@@ -1213,7 +1213,7 @@ case "$pie" in + case " $CCARGS " in + *" $CCARGS_PIE "*) CCARGS_PIE=;; + esac +- SYSLIBS_PIE="-pie";; ++ SYSLIBS_PIE="-pie -z relro -z now";; + ""|no) ;; + *) error "Specify \"pie=yes\" or \"pie=no\"";; + esac diff --git a/debian/patches/30_shared_libs.diff b/debian/patches/30_shared_libs.diff new file mode 100644 index 0000000..801c090 --- /dev/null +++ b/debian/patches/30_shared_libs.diff @@ -0,0 +1,54 @@ +Index: postfix/src/dns/Makefile.in +=================================================================== +--- postfix.orig/src/dns/Makefile.in ++++ postfix/src/dns/Makefile.in +@@ -63,7 +63,7 @@ root_tests: + $(LIB): $(OBJS) + $(AR) $(ARFL) $(LIB) $? + $(RANLIB) $(LIB) +- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) ++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) -L../../lib -lpostfix-util -lpostfix-global + + $(LIB_DIR)/$(LIB): $(LIB) + cp $(LIB) $(LIB_DIR) +Index: postfix/src/global/Makefile.in +=================================================================== +--- postfix.orig/src/global/Makefile.in ++++ postfix/src/global/Makefile.in +@@ -144,7 +144,7 @@ test: $(TESTPROG) + $(LIB): $(OBJS) + $(AR) $(ARFL) $(LIB) $? + $(RANLIB) $(LIB) +- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) ++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) -L../../lib -lpostfix-util + + $(LIB_DIR)/$(LIB): $(LIB) + cp $(LIB) $(LIB_DIR) +Index: postfix/src/master/Makefile.in +=================================================================== +--- postfix.orig/src/master/Makefile.in ++++ postfix/src/master/Makefile.in +@@ -44,7 +44,8 @@ root_tests: + $(LIB): $(LIB_OBJ) + $(AR) $(ARFL) $(LIB) $? + $(RANLIB) $(LIB) +- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(LIB_OBJ) $(SHLIB_SYSLIBS) ++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(LIB_OBJ) $(SHLIB_SYSLIBS) \ ++ -L../../lib -lpostfix-global -lpostfix-util + + $(LIB_DIR)/$(LIB): $(LIB) + cp $(LIB) $(LIB_DIR)/$(LIB) +Index: postfix/src/tls/Makefile.in +=================================================================== +--- postfix.orig/src/tls/Makefile.in ++++ postfix/src/tls/Makefile.in +@@ -81,7 +81,8 @@ root_tests: + $(LIB): $(OBJS) + $(AR) $(ARFL) $(LIB) $? + $(RANLIB) $(LIB) +- $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) ++ $(SHLIB_LD) $(SHLIB_RPATH) -o $(LIB) $(OBJS) $(SHLIB_SYSLIBS) \ ++ -L../../lib -lpostfix-dns -lpostfix-global -lpostfix-util + + $(LIB_DIR)/$(LIB): $(LIB) + cp $(LIB) $(LIB_DIR) diff --git a/debian/patches/40_chroot_by_default.diff b/debian/patches/40_chroot_by_default.diff new file mode 100644 index 0000000..0d62c87 --- /dev/null +++ b/debian/patches/40_chroot_by_default.diff @@ -0,0 +1,131 @@ +Index: postfix-dev/conf/master.cf +=================================================================== +--- postfix-dev.orig/conf/master.cf 2019-03-01 11:42:37.729743149 -0500 ++++ postfix-dev/conf/master.cf 2019-03-01 11:46:07.493747624 -0500 +@@ -9,12 +9,12 @@ + # service type private unpriv chroot wakeup maxproc command + args + # (yes) (yes) (no) (never) (100) + # ========================================================================== +-smtp inet n - n - - smtpd +-#smtp inet n - n - 1 postscreen +-#smtpd pass - - n - - smtpd +-#dnsblog unix - - n - 0 dnsblog +-#tlsproxy unix - - n - 0 tlsproxy +-#submission inet n - n - - smtpd ++smtp inet n - y - - smtpd ++#smtp inet n - y - 1 postscreen ++#smtpd pass - - y - - smtpd ++#dnsblog unix - - y - 0 dnsblog ++#tlsproxy unix - - y - 0 tlsproxy ++#submission inet n - y - - smtpd + # -o syslog_name=postfix/submission + # -o smtpd_tls_security_level=encrypt + # -o smtpd_sasl_auth_enable=yes +@@ -26,7 +26,7 @@ + # -o smtpd_recipient_restrictions= + # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING +-#smtps inet n - n - - smtpd ++#smtps inet n - y - - smtpd + # -o syslog_name=postfix/smtps + # -o smtpd_tls_wrappermode=yes + # -o smtpd_sasl_auth_enable=yes +@@ -37,33 +37,33 @@ + # -o smtpd_recipient_restrictions= + # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject + # -o milter_macro_daemon_name=ORIGINATING +-#628 inet n - n - - qmqpd +-pickup unix n - n 60 1 pickup +-cleanup unix n - n - 0 cleanup ++#628 inet n - y - - qmqpd ++pickup unix n - y 60 1 pickup ++cleanup unix n - y - 0 cleanup + qmgr unix n - n 300 1 qmgr + #qmgr unix n - n 300 1 oqmgr +-tlsmgr unix - - n 1000? 1 tlsmgr +-rewrite unix - - n - - trivial-rewrite +-bounce unix - - n - 0 bounce +-defer unix - - n - 0 bounce +-trace unix - - n - 0 bounce +-verify unix - - n - 1 verify +-flush unix n - n 1000? 0 flush ++tlsmgr unix - - y 1000? 1 tlsmgr ++rewrite unix - - y - - trivial-rewrite ++bounce unix - - y - 0 bounce ++defer unix - - y - 0 bounce ++trace unix - - y - 0 bounce ++verify unix - - y - 1 verify ++flush unix n - y 1000? 0 flush + proxymap unix - - n - - proxymap + proxywrite unix - - n - 1 proxymap +-smtp unix - - n - - smtp +-relay unix - - n - - smtp ++smtp unix - - y - - smtp ++relay unix - - y - - smtp + -o syslog_name=postfix/$service_name + # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +-showq unix n - n - - showq +-error unix - - n - - error +-retry unix - - n - - error +-discard unix - - n - - discard ++showq unix n - y - - showq ++error unix - - y - - error ++retry unix - - y - - error ++discard unix - - y - - discard + local unix - n n - - local + virtual unix - n n - - virtual +-lmtp unix - - n - - lmtp +-anvil unix - - n - 1 anvil +-scache unix - - n - 1 scache ++lmtp unix - - y - - lmtp ++anvil unix - - y - 1 anvil ++scache unix - - y - 1 scache + postlog unix-dgram n - n - 1 postlogd + # + # ==================================================================== +@@ -78,8 +78,8 @@ + # maildrop. See the Postfix MAILDROP_README file for details. + # Also specify in main.cf: maildrop_destination_recipient_limit=1 + # +-#maildrop unix - n n - - pipe +-# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} ++maildrop unix - n n - - pipe ++ flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} + # + # ==================================================================== + # +@@ -101,7 +101,6 @@ + # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} + # + # ==================================================================== +-# + # Old example of delivery via Cyrus. + # + #old-cyrus unix - n n - - pipe +@@ -118,16 +117,13 @@ + # + # Other external delivery methods. + # +-#ifmail unix - n n - - pipe +-# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +-# +-#bsmtp unix - n n - - pipe +-# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +-# +-#scalemail-backend unix - n n - 2 pipe +-# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store +-# ${nexthop} ${user} ${extension} +-# +-#mailman unix - n n - - pipe +-# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py +-# ${nexthop} ${user} ++ifmail unix - n n - - pipe ++ flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) ++bsmtp unix - n n - - pipe ++ flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient ++scalemail-backend unix - n n - 2 pipe ++ flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} ++mailman unix - n n - - pipe ++ flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ++ ${nexthop} ${user} ++ diff --git a/debian/patches/41_rmail.diff b/debian/patches/41_rmail.diff new file mode 100644 index 0000000..8664065 --- /dev/null +++ b/debian/patches/41_rmail.diff @@ -0,0 +1,708 @@ +Index: postfix-dev/Makefile.in +=================================================================== +--- postfix-dev.orig/Makefile.in 2019-03-01 11:47:11.561748990 -0500 ++++ postfix-dev/Makefile.in 2019-03-01 11:47:11.553748990 -0500 +@@ -8,6 +8,7 @@ + src/pipe src/showq src/postalias src/postcat src/postconf src/postdrop \ + src/postkick src/postlock src/postlog src/postmap src/postqueue \ + src/postsuper src/qmqpd src/spawn src/flush src/verify \ ++ rmail \ + src/virtual src/proxymap src/anvil src/scache src/discard src/tlsmgr \ + src/postmulti src/postscreen src/dnsblog src/tlsproxy \ + src/posttls-finger src/postlogd +Index: postfix-dev/conf/master.cf +=================================================================== +--- postfix-dev.orig/conf/master.cf 2019-03-01 11:47:11.561748990 -0500 ++++ postfix-dev/conf/master.cf 2019-03-01 11:47:11.553748990 -0500 +@@ -110,10 +110,8 @@ + # + # See the Postfix UUCP_README file for configuration details. + # +-#uucp unix - n n - - pipe +-# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +-# +-# ==================================================================== ++uucp unix - n n - - pipe ++ flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) + # + # Other external delivery methods. + # +Index: postfix-dev/rmail/LICENSE +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ postfix-dev/rmail/LICENSE 2019-03-01 11:47:11.553748990 -0500 +@@ -0,0 +1,79 @@ ++ SENDMAIL LICENSE ++ ++The following license terms and conditions apply, unless a different ++license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, ++Emeryville, CA 94608, or by electronic mail at license@sendmail.com. ++ ++License Terms: ++ ++Use, Modification and Redistribution (including distribution of any ++modified or derived work) in source and binary forms is permitted only if ++each of the following conditions is met: ++ ++1. Redistributions qualify as "freeware" or "Open Source Software" under ++ one of the following terms: ++ ++ (a) Redistributions are made at no charge beyond the reasonable cost of ++ materials and delivery. ++ ++ (b) Redistributions are accompanied by a copy of the Source Code or by an ++ irrevocable offer to provide a copy of the Source Code for up to three ++ years at the cost of materials and delivery. Such redistributions ++ must allow further use, modification, and redistribution of the Source ++ Code under substantially the same terms as this license. For the ++ purposes of redistribution "Source Code" means the complete compilable ++ and linkable source code of sendmail including all modifications. ++ ++2. Redistributions of source code must retain the copyright notices as they ++ appear in each source code file, these license terms, and the ++ disclaimer/limitation of liability set forth as paragraph 6 below. ++ ++3. Redistributions in binary form must reproduce the Copyright Notice, ++ these license terms, and the disclaimer/limitation of liability set ++ forth as paragraph 6 below, in the documentation and/or other materials ++ provided with the distribution. For the purposes of binary distribution ++ the "Copyright Notice" refers to the following language: ++ "Copyright (c) 1998-2000 Sendmail, Inc. All rights reserved." ++ ++4. Neither the name of Sendmail, Inc. nor the University of California nor ++ the names of their contributors may be used to endorse or promote ++ products derived from this software without specific prior written ++ permission. The name "sendmail" is a trademark of Sendmail, Inc. ++ ++5. All redistributions must comply with the conditions imposed by the ++ University of California on certain embedded code, whose copyright ++ notice and conditions for redistribution are as follows: ++ ++ (a) Copyright (c) 1988, 1993 The Regents of the University of ++ California. All rights reserved. ++ ++ (b) Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ ++ (i) Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ ++ (ii) Redistributions in binary form must reproduce the above ++ copyright notice, this list of conditions and the following ++ disclaimer in the documentation and/or other materials provided ++ with the distribution. ++ ++ (iii) Neither the name of the University nor the names of its ++ contributors may be used to endorse or promote products derived ++ from this software without specific prior written permission. ++ ++6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY ++ SENDMAIL, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED ++ WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ++ MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN ++ NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF ++ CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, ++ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ++ USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ++ ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. ++ ++$Revision: 1.1.2.1 $, Last updated $Date: 2004/12/28 05:34:15 $ +Index: postfix-dev/rmail/Makefile.in +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ postfix-dev/rmail/Makefile.in 2019-03-01 11:47:11.553748990 -0500 +@@ -0,0 +1,56 @@ ++SHELL = /bin/sh ++SRCS = rmail.c ++OBJS = rmail.o ++HDRS = ++TESTSRC = ++WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \ ++ -Wparentheses -Wstrict-prototypes -Wswitch -Wuninitialized \ ++ -Wunused ++DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE) -DHASSNPRINTF -DHASSTRERROR ++CFLAGS = $(DEBUG) $(OPT) $(DEFS) ++TESTPROG= ++PROG = rmail ++INC_DIR = ++LIBS = ++ ++.c.o:; $(CC) $(CFLAGS) -c $*.c ++ ++$(PROG): $(OBJS) $(LIBS) ++ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS) ++ ++Makefile: Makefile.in ++ cat ../conf/makedefs.out $? >$@ ++ ++test: $(TESTPROG) ++ ++update: ../bin/$(PROG) ++ ++../bin/$(PROG): $(PROG) ++ cp $(PROG) ../bin ++ ++printfck: $(OBJS) $(PROG) ++ rm -rf printfck ++ mkdir printfck ++ sed '1,/^# do not edit/!d' Makefile >printfck/Makefile ++ set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done ++ cd printfck; make "INC_DIR=../../include" `cd ..; ls *.o` ++ ++lint: ++ lint $(DEFS) $(SRCS) $(LINTFIX) ++ ++clean: ++ rm -f *.o *core $(PROG) $(TESTPROG) junk ++ rm -rf printfck ++ ++tidy: clean ++ ++depend: $(MAKES) ++ (sed '1,/^# do not edit/!d' Makefile.in; \ ++ set -e; for i in [a-z][a-z0-9]*.c; do \ ++ $(CC) -E $(DEFS) $(INCL) $$i | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \ ++ -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' -e 'p' -e '}'; \ ++ done) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in ++ @make -f Makefile.in Makefile ++ ++# do not edit below this line - it is generated by 'make depend' ++rmail.o: rmail.c +Index: postfix-dev/rmail/rmail.8 +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ postfix-dev/rmail/rmail.8 2019-03-01 11:47:11.553748990 -0500 +@@ -0,0 +1,49 @@ ++.\" Copyright (c) 1998, 1999 Sendmail, Inc. and its suppliers. ++.\" All rights reserved. ++.\" Copyright (c) 1983, 1990 ++.\" The Regents of the University of California. All rights reserved. ++.\" ++.\" By using this file, you agree to the terms and conditions set ++.\" forth in the LICENSE file which can be found at the top level of ++.\" the sendmail distribution. ++.\" ++.\" ++.\" $Id: 10rmail.dpatch,v 1.1.2.1 2004/12/28 05:34:15 lamont Exp $ ++.\" ++.TH RMAIL 8 "$Date: 2004/12/28 05:34:15 $" ++.SH NAME ++.B rmail ++\- handle remote mail received via uucp ++.SH SYNOPSIS ++.B rmail ++.I ++user ... ++.SH DESCRIPTION ++.B Rmail ++interprets incoming mail received via ++uucp(1), ++collapsing ``From'' lines in the form generated ++by ++mail.local(8) ++into a single line of the form ``return-path!sender'', ++and passing the processed mail on to ++sendmail(8). ++.PP ++.B Rmail ++is explicitly designed for use with ++uucp ++and ++sendmail. ++.SH SEE ALSO ++uucp(1), ++mail.local(8), ++sendmail(8) ++.SH HISTORY ++The ++.B rmail ++program appeared in ++4.2BSD. ++.SH BUGS ++.B Rmail ++should not reside in ++/bin. +Index: postfix-dev/rmail/rmail.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ postfix-dev/rmail/rmail.c 2019-03-01 11:47:11.553748990 -0500 +@@ -0,0 +1,475 @@ ++/* ++ * Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers. ++ * All rights reserved. ++ * Copyright (c) 1988, 1993 ++ * The Regents of the University of California. All rights reserved. ++ * ++ * By using this file, you agree to the terms and conditions set ++ * forth in the LICENSE file which can be found at the top level of ++ * the sendmail distribution. ++ * ++ */ ++ ++#ifndef lint ++static char copyright[] = ++"@(#) Copyright (c) 1998-2000 Sendmail, Inc. and its suppliers.\n\ ++ All rights reserved.\n\ ++ Copyright (c) 1988, 1993\n\ ++ The Regents of the University of California. All rights reserved.\n"; ++#endif /* ! lint */ ++ ++#ifndef lint ++static char id[] = "@(#)$Id: 10rmail.dpatch,v 1.1.2.1 2004/12/28 05:34:15 lamont Exp $"; ++#endif /* ! lint */ ++ ++/* ++ * RMAIL -- UUCP mail server. ++ * ++ * This program reads the >From ... remote from ... lines that UUCP is so ++ * fond of and turns them into something reasonable. It then execs sendmail ++ * with various options built from these lines. ++ * ++ * The expected syntax is: ++ * ++ * <user> := [-a-z0-9]+ ++ * <date> := ctime format ++ * <site> := [-a-z0-9!]+ ++ * <blank line> := "^\n$" ++ * <from> := "From" <space> <user> <space> <date> ++ * [<space> "remote from" <space> <site>] ++ * <forward> := ">" <from> ++ * msg := <from> <forward>* <blank-line> <body> ++ * ++ * The output of rmail(8) compresses the <forward> lines into a single ++ * from path. ++ * ++ * The err(3) routine is included here deliberately to make this code ++ * a bit more portable. ++ */ ++ ++#include <sys/types.h> ++#include <sys/param.h> ++#include <sys/stat.h> ++#include <sys/wait.h> ++ ++#include <ctype.h> ++#include <fcntl.h> ++#ifdef BSD4_4 ++# define FORK vfork ++# include <paths.h> ++#else /* BSD4_4 */ ++# define FORK fork ++# ifndef _PATH_SENDMAIL ++# define _PATH_SENDMAIL "/usr/lib/sendmail" ++# endif /* ! _PATH_SENDMAIL */ ++#endif /* BSD4_4 */ ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <unistd.h> ++#ifdef EX_OK ++# undef EX_OK /* unistd.h may have another use for this */ ++#endif /* EX_OK */ ++#include <sysexits.h> ++ ++#ifndef MAX ++# define MAX(a, b) ((a) < (b) ? (b) : (a)) ++#endif /* ! MAX */ ++ ++#ifndef __P ++# ifdef __STDC__ ++# define __P(protos) protos ++# else /* __STDC__ */ ++# define __P(protos) () ++# define const ++# endif /* __STDC__ */ ++#endif /* ! __P */ ++ ++#ifndef STDIN_FILENO ++# define STDIN_FILENO 0 ++#endif /* ! STDIN_FILENO */ ++ ++#if defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 || defined(HPUX11) ++# define HASSNPRINTF 1 ++#endif /* defined(BSD4_4) || defined(linux) || SOLARIS >= 20600 || (SOLARIS < 10000 && SOLARIS >= 206) || _AIX4 >= 40300 || defined(HPUX11) */ ++ ++#if defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4) ++# define memmove(d, s, l) (bcopy((s), (d), (l))) ++#endif /* defined(sun) && !defined(BSD) && !defined(SOLARIS) && !defined(__svr4__) && !defined(__SVR4) */ ++ ++#if !HASSNPRINTF ++extern int snprintf __P((char *, size_t, const char *, ...)); ++#endif /* !HASSNPRINTF */ ++ ++#if defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || defined(IRIX64) || defined(IRIX5) || defined(IRIX6) ++# ifndef HASSTRERROR ++# define HASSTRERROR 1 ++# endif /* ! HASSTRERROR */ ++#endif /* defined(BSD4_4) || defined(__osf__) || defined(__GNU_LIBRARY__) || ++ defined(IRIX64) || defined(IRIX5) || defined(IRIX6) */ ++ ++#if defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__) ++# undef WIFEXITED ++# undef WEXITSTATUS ++# define WIFEXITED(st) (((st) & 0377) == 0) ++# define WEXITSTATUS(st) (((st) >> 8) & 0377) ++#endif /* defined(SUNOS403) || defined(NeXT) || (defined(MACH) && defined(i386) && !defined(__GNU__)) || defined(oldBSD43) || defined(MORE_BSD) || defined(umipsbsd) || defined(ALTOS_SYSTEM_V) || defined(RISCOS) || defined(_AUX_SOURCE) || defined(UMAXV) || defined(titan) || defined(UNIXWARE) || defined(sony_news) || defined(luna) || defined(nec_ews_svr4) || defined(_nec_ews_svr4) || defined(__MAXION__) */ ++ ++#include <errno.h> ++ ++static void err __P((int, const char *, ...)); ++static void usage __P((void)); ++static char *xalloc __P((int)); ++ ++#define newstr(s) strcpy(xalloc(strlen(s) + 1), s) ++ ++static char * ++xalloc(sz) ++ register int sz; ++{ ++ register char *p; ++ ++ /* some systems can't handle size zero mallocs */ ++ if (sz <= 0) ++ sz = 1; ++ ++ p = malloc((unsigned) sz); ++ if (p == NULL) ++ err(EX_TEMPFAIL, "out of memory"); ++ return (p); ++} ++ ++int ++main(argc, argv) ++ int argc; ++ char *argv[]; ++{ ++ int ch, debug, i, pdes[2], pid, status; ++ size_t fplen = 0, fptlen = 0, len; ++ off_t offset; ++ FILE *fp; ++ char *addrp = NULL, *domain, *p, *t; ++ char *from_path, *from_sys, *from_user; ++ char **args, buf[2048], lbuf[2048]; ++ struct stat sb; ++ extern char *optarg; ++ extern int optind; ++ ++ debug = 0; ++ domain = "UUCP"; /* Default "domain". */ ++ while ((ch = getopt(argc, argv, "D:T")) != -1) ++ { ++ switch (ch) ++ { ++ case 'T': ++ debug = 1; ++ break; ++ ++ case 'D': ++ domain = optarg; ++ break; ++ ++ case '?': ++ default: ++ usage(); ++ } ++ } ++ ++ argc -= optind; ++ argv += optind; ++ ++ if (argc < 1) ++ usage(); ++ ++ from_path = from_sys = from_user = NULL; ++ for (offset = 0; ; ) ++ { ++ /* Get and nul-terminate the line. */ ++ if (fgets(lbuf, sizeof(lbuf), stdin) == NULL) ++ exit(EX_DATAERR); ++ if ((p = strchr(lbuf, '\n')) == NULL) ++ err(EX_DATAERR, "line too long"); ++ *p = '\0'; ++ ++ /* Parse lines until reach a non-"From" line. */ ++ if (!strncmp(lbuf, "From ", 5)) ++ addrp = lbuf + 5; ++ else if (!strncmp(lbuf, ">From ", 6)) ++ addrp = lbuf + 6; ++ else if (offset == 0) ++ err(EX_DATAERR, ++ "missing or empty From line: %s", lbuf); ++ else ++ { ++ *p = '\n'; ++ break; ++ } ++ ++ if (addrp == NULL || *addrp == '\0') ++ err(EX_DATAERR, "corrupted From line: %s", lbuf); ++ ++ /* Use the "remote from" if it exists. */ ++ for (p = addrp; (p = strchr(p + 1, 'r')) != NULL; ) ++ { ++ if (!strncmp(p, "remote from ", 12)) ++ { ++ for (t = p += 12; *t != '\0'; ++t) ++ { ++ if (isascii(*t) && isspace(*t)) ++ break; ++ } ++ *t = '\0'; ++ if (debug) ++ fprintf(stderr, "remote from: %s\n", p); ++ break; ++ } ++ } ++ ++ /* Else use the string up to the last bang. */ ++ if (p == NULL) ++ { ++ if (*addrp == '!') ++ err(EX_DATAERR, "bang starts address: %s", ++ addrp); ++ else if ((t = strrchr(addrp, '!')) != NULL) ++ { ++ *t = '\0'; ++ p = addrp; ++ addrp = t + 1; ++ if (*addrp == '\0') ++ err(EX_DATAERR, ++ "corrupted From line: %s", lbuf); ++ if (debug) ++ fprintf(stderr, "bang: %s\n", p); ++ } ++ } ++ ++ /* 'p' now points to any system string from this line. */ ++ if (p != NULL) ++ { ++ /* Nul terminate it as necessary. */ ++ for (t = p; *t != '\0'; ++t) ++ { ++ if (isascii(*t) && isspace(*t)) ++ break; ++ } ++ *t = '\0'; ++ ++ /* If the first system, copy to the from_sys string. */ ++ if (from_sys == NULL) ++ { ++ from_sys = newstr(p); ++ if (debug) ++ fprintf(stderr, "from_sys: %s\n", ++ from_sys); ++ } ++ ++ /* Concatenate to the path string. */ ++ len = t - p; ++ if (from_path == NULL) ++ { ++ fplen = 0; ++ if ((from_path = malloc(fptlen = 256)) == NULL) ++ err(EX_TEMPFAIL, NULL); ++ } ++ if (fplen + len + 2 > fptlen) ++ { ++ fptlen += MAX(fplen + len + 2, 256); ++ if ((from_path = realloc(from_path, ++ fptlen)) == NULL) ++ err(EX_TEMPFAIL, NULL); ++ } ++ memmove(from_path + fplen, p, len); ++ fplen += len; ++ from_path[fplen++] = '!'; ++ from_path[fplen] = '\0'; ++ } ++ ++ /* Save off from user's address; the last one wins. */ ++ for (p = addrp; *p != '\0'; ++p) ++ { ++ if (isascii(*p) && isspace(*p)) ++ break; ++ } ++ *p = '\0'; ++ if (*addrp == '\0') ++ addrp = "<>"; ++ if (from_user != NULL) ++ free(from_user); ++ from_user = newstr(addrp); ++ ++ if (debug) ++ { ++ if (from_path != NULL) ++ fprintf(stderr, "from_path: %s\n", from_path); ++ fprintf(stderr, "from_user: %s\n", from_user); ++ } ++ ++ if (offset != -1) ++ offset = (off_t)ftell(stdin); ++ } ++ ++ ++ /* Allocate args (with room for sendmail args as well as recipients */ ++ args = (char **)xalloc(sizeof(*args) * (10 + argc)); ++ ++ i = 0; ++ args[i++] = _PATH_SENDMAIL; /* Build sendmail's argument list. */ ++ args[i++] = "-G"; /* relay submission */ ++ args[i++] = "-oee"; /* No errors, just status. */ ++ args[i++] = "-odq"; /* Queue it, don't try to deliver. */ ++ args[i++] = "-oi"; /* Ignore '.' on a line by itself. */ ++ ++ /* set from system and protocol used */ ++ if (from_sys == NULL) ++ snprintf(buf, sizeof(buf), "-p%s", domain); ++ else if (strchr(from_sys, '.') == NULL) ++ snprintf(buf, sizeof(buf), "-p%s:%s.%s", ++ domain, from_sys, domain); ++ else ++ snprintf(buf, sizeof(buf), "-p%s:%s", domain, from_sys); ++ args[i++] = newstr(buf); ++ ++ /* Set name of ``from'' person. */ ++ snprintf(buf, sizeof(buf), "-f%s%s", ++ from_path ? from_path : "", from_user); ++ args[i++] = newstr(buf); ++ ++ /* ++ ** Don't copy arguments beginning with - as they will be ++ ** passed to sendmail and could be interpreted as flags. ++ ** To prevent confusion of sendmail wrap < and > around ++ ** the address (helps to pass addrs like @gw1,@gw2:aa@bb) ++ */ ++ ++ while (*argv != NULL) ++ { ++ if (**argv == '-') ++ err(EX_USAGE, "dash precedes argument: %s", *argv); ++ ++ if (strchr(*argv, ',') == NULL || strchr(*argv, '<') != NULL) ++ args[i++] = *argv; ++ else ++ { ++ len = strlen(*argv) + 3; ++ if ((args[i] = malloc(len)) == NULL) ++ err(EX_TEMPFAIL, "Cannot malloc"); ++ snprintf(args[i++], len, "<%s>", *argv); ++ } ++ argv++; ++ argc--; ++ ++ /* Paranoia check, argc used for args[] bound */ ++ if (argc < 0) ++ err(EX_SOFTWARE, "Argument count mismatch"); ++ } ++ args[i] = NULL; ++ ++ if (debug) ++ { ++ fprintf(stderr, "Sendmail arguments:\n"); ++ for (i = 0; args[i] != NULL; i++) ++ fprintf(stderr, "\t%s\n", args[i]); ++ } ++ ++ /* ++ ** If called with a regular file as standard input, seek to the right ++ ** position in the file and just exec sendmail. Could probably skip ++ ** skip the stat, but it's not unreasonable to believe that a failed ++ ** seek will cause future reads to fail. ++ */ ++ ++ if (!fstat(STDIN_FILENO, &sb) && S_ISREG(sb.st_mode)) ++ { ++ if (lseek(STDIN_FILENO, offset, SEEK_SET) != offset) ++ err(EX_TEMPFAIL, "stdin seek"); ++ (void) execv(_PATH_SENDMAIL, args); ++ err(EX_OSERR, "%s", _PATH_SENDMAIL); ++ } ++ ++ if (pipe(pdes) < 0) ++ err(EX_OSERR, NULL); ++ ++ switch (pid = FORK()) ++ { ++ case -1: /* Err. */ ++ err(EX_OSERR, NULL); ++ /* NOTREACHED */ ++ ++ case 0: /* Child. */ ++ if (pdes[0] != STDIN_FILENO) ++ { ++ (void) dup2(pdes[0], STDIN_FILENO); ++ (void) close(pdes[0]); ++ } ++ (void) close(pdes[1]); ++ (void) execv(_PATH_SENDMAIL, args); ++ _exit(127); ++ /* NOTREACHED */ ++ } ++ ++ if ((fp = fdopen(pdes[1], "w")) == NULL) ++ err(EX_OSERR, NULL); ++ (void) close(pdes[0]); ++ ++ /* Copy the file down the pipe. */ ++ do ++ { ++ (void) fprintf(fp, "%s", lbuf); ++ } while (fgets(lbuf, sizeof(lbuf), stdin) != NULL); ++ ++ if (ferror(stdin)) ++ err(EX_TEMPFAIL, "stdin: %s", strerror(errno)); ++ ++ if (fclose(fp)) ++ err(EX_OSERR, NULL); ++ ++ if ((waitpid(pid, &status, 0)) == -1) ++ err(EX_OSERR, "%s", _PATH_SENDMAIL); ++ ++ if (!WIFEXITED(status)) ++ err(EX_OSERR, "%s: did not terminate normally", _PATH_SENDMAIL); ++ ++ if (WEXITSTATUS(status)) ++ err(status, "%s: terminated with %d (non-zero) status", ++ _PATH_SENDMAIL, WEXITSTATUS(status)); ++ exit(EX_OK); ++ /* NOTREACHED */ ++ return EX_OK; ++} ++ ++static void ++usage() ++{ ++ (void) fprintf(stderr, "usage: rmail [-T] [-D domain] user ...\n"); ++ exit(EX_USAGE); ++} ++ ++#ifdef __STDC__ ++# include <stdarg.h> ++#else /* __STDC__ */ ++# include <varargs.h> ++#endif /* __STDC__ */ ++ ++static void ++#ifdef __STDC__ ++err(int eval, const char *fmt, ...) ++#else /* __STDC__ */ ++err(eval, fmt, va_alist) ++ int eval; ++ const char *fmt; ++ va_dcl ++#endif /* __STDC__ */ ++{ ++ va_list ap; ++#ifdef __STDC__ ++ va_start(ap, fmt); ++#else /* __STDC__ */ ++ va_start(ap); ++#endif /* __STDC__ */ ++ (void) fprintf(stderr, "rmail: "); ++ (void) vfprintf(stderr, fmt, ap); ++ va_end(ap); ++ (void) fprintf(stderr, "\n"); ++ exit(eval); ++} diff --git a/debian/patches/50_LANG.diff b/debian/patches/50_LANG.diff new file mode 100644 index 0000000..647601b --- /dev/null +++ b/debian/patches/50_LANG.diff @@ -0,0 +1,13 @@ +Index: postfix/html/Makefile.in +=================================================================== +--- postfix.orig/html/Makefile.in 2016-02-16 13:57:02.847893144 -0700 ++++ postfix/html/Makefile.in 2016-02-16 17:51:31.873418586 -0700 +@@ -25,7 +25,7 @@ + postfix-wrapper.5.html sqlite_table.5.html socketmap_table.5.html + OTHER = postfix-manuals.html + AWK = awk '{ print; if (NR == 2) print ".pl 99999\n.ll 78" }' +-MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`" ++MAN2HTML = LANG=C man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`" + NROFF = LANG=C GROFF_NO_SGR=1 nroff + + update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(OTHER) diff --git a/debian/patches/70_postfix-check.diff b/debian/patches/70_postfix-check.diff new file mode 100644 index 0000000..6d1951c --- /dev/null +++ b/debian/patches/70_postfix-check.diff @@ -0,0 +1,23 @@ +Index: postfix/conf/postfix-script +=================================================================== +--- postfix.orig/conf/postfix-script ++++ postfix/conf/postfix-script +@@ -341,9 +341,17 @@ check-warn) + find $todo ! -user root \ + -exec $WARN not owned by root: {} \; + +- find $todo \( -perm -020 -o -perm -002 \) \ ++ # Handle symlinks separately ++ find -L $todo \( -perm -020 -o -perm -002 \) \ + -exec $WARN group or other writable: {} \; + ++ find $todo -type l | while read f; do \ ++ # makedefs out known to be a symlink and OK ++ if [ "$f" != "/etc/postfix/./makedefs.out" ]; then \ ++ readlink "$f" | grep -q / && $WARN symlink leaves directory: "$f"; \ ++ fi \ ++ done; \ ++ + # Check Postfix mail_owner-owned directory tree owner/permissions. + + find $data_directory/. ! -user $mail_owner \ diff --git a/debian/patches/debian-man-name.diff b/debian/patches/debian-man-name.diff new file mode 100644 index 0000000..c3153b0 --- /dev/null +++ b/debian/patches/debian-man-name.diff @@ -0,0 +1,9 @@ +In Debian, Postfix's smtp(8) uses a different name to avoid naming conflicts. +Need to point lmtp(8) to the right file. See #920356. +Index: postfix-dev/man/man8/lmtp.8 +=================================================================== +--- postfix-dev.orig/man/man8/lmtp.8 2015-01-29 17:21:00.000000000 -0500 ++++ postfix-dev/man/man8/lmtp.8 2019-02-16 02:46:57.254292885 -0500 +@@ -1 +1 @@ +-.so man8/smtp.8 ++.so man8/smtp.8postfix diff --git a/debian/patches/postfix-dup-postconf.patch b/debian/patches/postfix-dup-postconf.patch new file mode 100644 index 0000000..2531bb1 --- /dev/null +++ b/debian/patches/postfix-dup-postconf.patch @@ -0,0 +1,20 @@ +Description: Fix duplicate bounce_notice_recipient entries in postconf output. + Bug introduced on 2021-07-08. Reported by Vincent Lefevre. + https://marc.info/?l=postfix-users&m=163698504624352&w=2 +Bug-Debian: https://bugs.debian.org/999694 +Author: Wietse Venema <wietse@porcupine.org> +Last-Update: 2021-11-15 + +Index: postfix/src/smtpd/smtpd.c +=================================================================== +--- postfix.orig/src/smtpd/smtpd.c ++++ postfix/src/smtpd/smtpd.c +@@ -6391,7 +6391,7 @@ int main(int argc, char **argv) + VAR_EOD_CHECKS, DEF_EOD_CHECKS, &var_eod_checks, 0, 0, + VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, 0, 0, + VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, 0, 0, +- VAR_BOUNCE_RCPT, DEF_ERROR_RCPT, &var_bounce_rcpt, 1, 0, ++ VAR_BOUNCE_RCPT, DEF_BOUNCE_RCPT, &var_bounce_rcpt, 1, 0, + VAR_ERROR_RCPT, DEF_ERROR_RCPT, &var_error_rcpt, 1, 0, + VAR_REST_CLASSES, DEF_REST_CLASSES, &var_rest_classes, 0, 0, + VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..bb1d7f4 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,19 @@ +postfix-dup-postconf.patch +02_kfreebsd_support.diff +03_ldap3_by_default.diff +04_remove_gdbm_support.diff +05_debian_defaults.diff +05_debian_manpage_differences.diff +05_debian_readme_differences.diff +06_debian_paths.diff +07_sasl_config.diff +09_quiet_startup.diff +10_openssl_version_check.diff +12_add_bind_now_and_relro_to_pie.diff +30_shared_libs.diff +40_chroot_by_default.diff +41_rmail.diff +50_LANG.diff +70_postfix-check.diff +tls_version.diff +debian-man-name.diff diff --git a/debian/patches/tls_version.diff b/debian/patches/tls_version.diff new file mode 100644 index 0000000..f028d24 --- /dev/null +++ b/debian/patches/tls_version.diff @@ -0,0 +1,28 @@ +Index: postfix/src/tls/tls_client.c +=================================================================== +--- postfix.orig/src/tls/tls_client.c ++++ postfix/src/tls/tls_client.c +@@ -414,6 +414,9 @@ TLS_APPL_STATE *tls_client_init(const TL + SSL_CTX_set_min_proto_version(client_ctx, 0); + #endif + ++ /* Enable all supported protocols */ ++ SSL_CTX_set_min_proto_version(client_ctx, 0); ++ + /* + * Set the call-back routine for verbose logging. + */ +Index: postfix/src/tls/tls_server.c +=================================================================== +--- postfix.orig/src/tls/tls_server.c ++++ postfix/src/tls/tls_server.c +@@ -539,6 +539,9 @@ TLS_APPL_STATE *tls_server_init(const TL + if (protomask != 0) + SSL_CTX_set_options(server_ctx, TLS_SSL_OP_PROTOMASK(protomask)); + ++ /* Enable all supported protocols */ ++ SSL_CTX_set_min_proto_version(server_ctx, 0); ++ + /* + * Some sites may want to give the client less rope. On the other hand, + * this could trigger inter-operability issues, the client should not |