Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package postsrsd for openSUSE:Factory checked in at 2023-07-17 19:23:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postsrsd (Old) and /work/SRC/openSUSE:Factory/.postsrsd.new.3193 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "postsrsd" Mon Jul 17 19:23:44 2023 rev:10 rq:1098853 version:2.0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/postsrsd/postsrsd.changes 2023-06-27 23:17:00.463512038 +0200 +++ /work/SRC/openSUSE:Factory/.postsrsd.new.3193/postsrsd.changes 2023-07-17 19:24:01.861996232 +0200 @@ -1,0 +2,8 @@ +Sat Jul 15 20:33:43 UTC 2023 - Jan Engelhardt <jeng...@inai.de> + +- Update to release 2.0.6 + * New configuration option debug to increase log verbosity + * Reduced default log verbosity: PostSRSd no longer prints + messages for mail addresses which need no rewrite + +------------------------------------------------------------------- Old: ---- 2.0.5.tar.gz New: ---- 2.0.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postsrsd.spec ++++++ --- /var/tmp/diff_new_pack.uvZ4w1/_old 2023-07-17 19:24:02.634000705 +0200 +++ /var/tmp/diff_new_pack.uvZ4w1/_new 2023-07-17 19:24:02.638000727 +0200 @@ -17,7 +17,7 @@ Name: postsrsd -Version: 2.0.5 +Version: 2.0.6 Release: 0 Summary: Sender Rewriting Support for postfix License: GPL-2.0-only ++++++ 2.0.5.tar.gz -> 2.0.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/CHANGELOG.rst new/postsrsd-2.0.6/CHANGELOG.rst --- old/postsrsd-2.0.5/CHANGELOG.rst 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/CHANGELOG.rst 2023-07-15 20:53:41.000000000 +0200 @@ -7,6 +7,21 @@ Changelog ######### +2.0.6 +===== + +Added +----- + +* New configuration option ``debug`` to increase log verbosity. + +Changed +------- + +* Reduced default log verbosity: PostSRSd no longer prints + messages for mail addresses which need no rewrite + (`#149 <https://github.com/roehling/postsrsd/issues/149>`_) + 2.0.5 ===== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/CMakeLists.txt new/postsrsd-2.0.6/CMakeLists.txt --- old/postsrsd-2.0.5/CMakeLists.txt 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/CMakeLists.txt 2023-07-15 20:53:41.000000000 +0200 @@ -17,7 +17,7 @@ cmake_minimum_required(VERSION 3.14...3.26) project( postsrsd - VERSION 2.0.5 + VERSION 2.0.6 LANGUAGES C DESCRIPTION "Sender Rewriting Scheme daemon for Postfix" HOMEPAGE_URL "https://github.com/roehling/postsrsd"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/README.rst new/postsrsd-2.0.6/README.rst --- old/postsrsd-2.0.5/README.rst 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/README.rst 2023-07-15 20:53:41.000000000 +0200 @@ -113,7 +113,7 @@ connection, e.g. ``inet:localhost:10003``, you need to change the mapping to something like ``socketmap:inet:localhost:10003:forward``. -.. _example: data/postsrsd.conf.in +.. _example: doc/postsrsd.conf Experimental Milter Support ~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/data/postsrsd.conf.in new/postsrsd-2.0.6/data/postsrsd.conf.in --- old/postsrsd-2.0.5/data/postsrsd.conf.in 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/data/postsrsd.conf.in 2023-07-15 20:53:41.000000000 +0200 @@ -176,3 +176,9 @@ # will also send all messages to the syslog mail facility. # syslog = off + +# Debug +# This option makes PostSRSd more verbose in its logging, which can be useful +# to hunt down configuration problems. +# +debug = off diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/doc/postsrsd.conf new/postsrsd-2.0.6/doc/postsrsd.conf --- old/postsrsd-2.0.5/doc/postsrsd.conf 1970-01-01 01:00:00.000000000 +0100 +++ new/postsrsd-2.0.6/doc/postsrsd.conf 2023-07-15 20:53:41.000000000 +0200 @@ -0,0 +1,184 @@ +# PostSRSd example configuration file +# Copyright 2022 Timo Röhling +# SPDX-License-Identifier: FSFUL +# +# The copyright holder gives unlimited permission to copy, distribute and modify +# this file. + +# Local domains +# Your local domains need not be rewritten, so PostSRSd has to know about them. +# +# Example: +# domains = { "example.com", "example.org", "example.net" } +# +domains = {} + +# Local domains (file storage) +# Instead of listing your local domains directly, you can also write them to a +# file and have PostSRSd read it. This is particularly useful if you have a +# large number of domains for which you need to act as mail forwarder. +# +# Example: +# domains-file = "/usr/local/etc/postsrsd.domains" +# +#domains-file = + +# Dedicated SRS rewrite domain. +# The local domain which is used to create the ephemeral SRS envelope +# addresses. It is recommended that you use a dedicated mail domain for SRS if +# you serve multiple unrelated domains (e.g. for your customers), to prevent +# privacy issues. If unset, the first configured local domain is used. +# +# Example: +# srs-domain = "srs.example.com" +# +#srs-domain = + +# Socketmap lookup table for Postfix integration. +# Traditionally, PostSRSd interacts with Postfix through the canonicalization +# lookup tables of the cleanup daemon. If you use a unix socket, be aware that +# most Postfix instances will jail their cleanup daemon in a /var/spool/postfix +# chroot, so no other path will be visible to them. +# +# Examples: +# socketmap = unix:/var/spool/postfix/srs +# socketmap = inet:localhost:10003 +# +socketmap = unix:/var/spool/postfix/srs + +# Socketmap connection keep-alive timeout. +# After PostSRSd has served a socketmap request, it will keep the connection +# open for a while longer, in case Postfix has additional queries. PostSRSd +# will close the connection after the configured time (in seconds) has expired. +# +# Examples: +# keep-alive = 30 +# +keep-alive = 30 + +# Milter endpoint for MTA integration. +# PostSRSd can act as a milter to rewrite envelope addresses if it has been +# built with milter support. +# +# Examples: +# milter = unix:/var/spool/postfix/srs_milter +# milter = inet:localhost:9997 +# +#milter = + +# Original envelope sender handling. +# When the envelope sender is rewritten, the original address can either be +# embedded in the rewritten address, or stored in a local database. Embedding +# makes PostSRSd work fully stateless, but the full sender address needs to fit +# into the localpart of the embedded address, effectively limiting the length +# of forwardable sender addresses to 51 octets. Storing the sender address in a +# database circumvents this problem, but makes PostSRSd vulnerable to an +# attacker sending vast amounts of emails with fake sender addresses, all of +# which need to be stored in the database. +# +# If you are unsure which option suits your use-case best, the vast majority of +# mail addresses will be relatively short, so you should pick "embedded". +# +# Examples: +# original-envelope = embedded +# original-envelope = database +# +original-envelope = embedded + +# Database for envelope sender storage. +# If you decide to store envelope senders in a database, this database will be +# used. The option is ignored if original-envelope is set to "embedded". Also +# note that PostSRSd needs to be built with SQLite or Redis support for this. +# +# Also note that you need to put the SQLite database into the chroot directory +# if you jail PostSRSd; otherwise, the database file will not be accessible. +# +# Examples: +# envelope-database = "sqlite:./senders.db" +# envelope-database = "redis:localhost:6379" +# +#envelope-database = "sqlite:./senders.db" + +# Secret keys for signing and verifying SRS addresses. +# Rewritten addresses are tagged with a truncated HMAC-SHA1 signature, to +# prevent tampering and forged envelope addresses. You can have more than +# one signing secret; each line of the secrets file is considered one secret +# key. If an incoming signature matches any key, it is accepted. Outgoing +# signatures will always be generated with the first configured secret. +# +# For security reasons, you should also make sure that the file is owned and +# only accessible by root (chmod 600). +# +# Example: +# secrets-file = "/usr/local/etc/postsrsd.secret" +# +secrets-file = "/usr/local/etc/postsrsd.secret" + +# SRS tag separator +# This is the character following the initial SRS0 or SRS1 tag of a generated +# sender address. Valid separators are "=", "+", and "-". Unless you have a +# very good reason, you should leave this setting at its default. +# +separator = "=" + +# SRS hash signature length +# Any SRS address will be signed with a truncated hash to prevent tampering and +# ensure that only legitimate email bounces will be returned to sender. The +# default length provides adequate security without taking up too much valuable +# space. Unless you know what you are doing, you should leave this setting at +# its default. +# +# WARNING: You can break your mail server (or worse, turn it into a spam relay) +# if you mess up this setting. +# +hash-length = 4 + +# SRS minimum acceptable hash signature length +# This is the mininum signature length that PostSRSd considers valid. It is a +# separate setting because if you decide to increase the hash length, you may +# want to keep accepting the shorter hashes for a 24 hour grace period. Again, +# Unless you know what you are doing, you should leave this setting at its +# default. +# +# WARNING: You can break your mail server (or worse, turn it into a spam relay) +# if you mess up this setting. +# +hash-minimum = 4 + +# Always rewrite sender addresses +# You can force PostSRSd to rewrite any sender address, even if it has been +# rewritten already. You probably do not want to do this, though. +# +always-rewrite = off + +# Execute PostSRSd as unprivileged user +# If you set this highly recommended option, PostSRSd will drop root +# privileges and switch to the configured user before it enters the main loop +# to handle untrusted input. +# +# Example: +# unprivileged-user = "nobody" +# +unprivileged-user = "nobody" + +# Execute PostSRSd in chroot jail +# If you set this highly recommended option, PostSRSd will jail itself +# in the given directory, which adds an additional layer of protection +# against the exploitation of security bugs in PostSRSd. +# +# Example: +# chroot-dir = "/usr/local/var/lib/postsrsd" +# +chroot-dir = "/usr/local/var/lib/postsrsd" + +# Syslog +# PostSRSd writes log messages to stderr. If you enable this option, PostSRSd +# will also send all messages to the syslog mail facility. +# +syslog = off + +# Debug +# This option makes PostSRSd more verbose in its logging, which can be useful +# to hunt down configuration problems. +# +debug = off diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/src/config.c new/postsrsd-2.0.6/src/config.c --- old/postsrsd-2.0.5/src/config.c 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/src/config.c 2023-07-15 20:53:41.000000000 +0200 @@ -163,6 +163,7 @@ CFG_STR("chroot-dir", DEFAULT_CHROOT_DIR, CFGF_NONE), CFG_BOOL("daemonize", cfg_false, CFGF_NONE), CFG_BOOL("syslog", cfg_false, CFGF_NONE), + CFG_BOOL("debug", cfg_false, CFGF_NONE), CFG_END(), }; cfg_t* cfg = cfg_init(opts, CFGF_NONE); @@ -282,6 +283,12 @@ return NULL; } } + if (srs->numsecrets == 0 || srs->secrets == NULL || srs->secrets[0] == NULL) + { + log_error("need at least one secret"); + srs_free(srs); + return NULL; + } char* faketime = getenv("POSTSRSD_FAKETIME"); if (faketime) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/src/main.c new/postsrsd-2.0.6/src/main.c --- old/postsrsd-2.0.5/src/main.c 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/src/main.c 2023-07-15 20:53:41.000000000 +0200 @@ -187,8 +187,12 @@ break; if (!request) { - netstring_write(fp_write, "PERM Invalid query.", 19); - fflush(fp_write); + if (!feof(fp_read) && !ferror(fp_read)) + { + netstring_write(fp_write, "PERM Invalid query.", 19); + fflush(fp_write); + log_error("invalid socketmap query, closing connection"); + } break; } alarm(0); @@ -197,12 +201,14 @@ { netstring_write(fp_write, "PERM Invalid query.", 19); fflush(fp_write); + log_error("invalid socketmap query, closing connection"); break; } if (len > 512 + (size_t)(addr - request)) { netstring_write(fp_write, "PERM Too big.", 13); fflush(fp_write); + log_warn("socketmap query is too big"); continue; } char* rewritten = NULL; @@ -220,6 +226,7 @@ { error = true; info = "Invalid map."; + log_warn("invalid key in socketmap query"); } if (rewritten) { @@ -269,6 +276,8 @@ goto shutdown; if (cfg_getbool(cfg, "syslog")) log_enable_syslog(); + if (cfg_getbool(cfg, "debug")) + log_set_verbosity(LogDebug); srs = srs_from_config(cfg); if (!srs) goto shutdown; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/src/srs.c new/postsrsd-2.0.6/src/srs.c --- old/postsrsd-2.0.5/src/srs.c 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/src/srs.c 2023-07-15 20:53:41.000000000 +0200 @@ -35,7 +35,7 @@ { if (info) *info = "No domain."; - log_info("<%s> not rewritten: no domain", addr); + log_debug("<%s> not rewritten: no domain", addr); return NULL; } const char* input_domain = at + 1; @@ -43,7 +43,7 @@ { if (info) *info = "Need not rewrite local domain."; - log_info("<%s> not rewritten: local domain", addr); + log_debug("<%s> not rewritten: local domain", addr); return NULL; } char db_alias_buf[35]; @@ -102,7 +102,14 @@ { if (info) *info = srs_strerror(result); - log_info("<%s> not reversed: %s", addr, srs_strerror(result)); + if (result != SRS_ENOTSRSADDRESS) + { + log_info("<%s> not reversed: %s", addr, srs_strerror(result)); + } + else + { + log_debug("<%s> not reversed: %s", addr, srs_strerror(result)); + } return NULL; } const char* at = strchr(buffer, '@'); @@ -138,7 +145,7 @@ } else { - log_info("<%s> not reversed: no database for alias", addr); + log_warn("<%s> not reversed: no database for alias", addr); if (error) *error = true; if (info) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/src/util.c new/postsrsd-2.0.6/src/util.c --- old/postsrsd-2.0.5/src/util.c 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/src/util.c 2023-07-15 20:53:41.000000000 +0200 @@ -469,14 +469,7 @@ return strndup(s, colon - s); } -enum priority -{ - LogDebug, - LogInfo, - LogWarn, - LogError, -}; - +static enum log_priority log_prio = LogInfo; static const char* priority_labels[] = {"debug: ", "", "warn: ", "error: "}; #ifdef HAVE_SYSLOG_H @@ -484,8 +477,10 @@ static int syslog_priorities[] = {LOG_DEBUG, LOG_INFO, LOG_WARNING, LOG_ERR}; #endif -static void vlog(enum priority prio, const char* fmt, va_list ap) +static void vlog(enum log_priority prio, const char* fmt, va_list ap) { + if (prio < log_prio) + return; char buffer[1088]; size_t prefix_len = snprintf(buffer, sizeof(buffer), "postsrsd: %s", priority_labels[prio]); @@ -515,6 +510,19 @@ #endif } +void log_set_verbosity(enum log_priority prio) +{ + log_prio = prio; +} + +void log_debug(const char* fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vlog(LogDebug, fmt, ap); + va_end(ap); +} + void log_info(const char* fmt, ...) { va_list ap; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/src/util.h new/postsrsd-2.0.6/src/util.h --- old/postsrsd-2.0.5/src/util.h 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/src/util.h 2023-07-15 20:53:41.000000000 +0200 @@ -22,6 +22,12 @@ #define MAYBE_UNUSED(x) (void)(x) +#ifdef __GNUC__ +# define ATTRIBUTE(x) __attribute__((x)) +#else +# define ATTRIBUTE(x) +#endif + struct domain_set; typedef struct domain_set domain_set_t; struct list; @@ -59,12 +65,21 @@ char* endpoint_for_milter(const char* s); char* endpoint_for_redis(const char* s, int* port); +enum log_priority +{ + LogDebug, + LogInfo, + LogWarn, + LogError, +}; + void log_enable_syslog(); -void log_debug(const char* fmt, ...); -void log_info(const char* fmt, ...); -void log_warn(const char* fmt, ...); -void log_error(const char* fmt, ...); +void log_set_verbosity(enum log_priority prio); +void log_debug(const char* fmt, ...) ATTRIBUTE(format(printf, 1, 2)); +void log_info(const char* fmt, ...) ATTRIBUTE(format(printf, 1, 2)); +void log_warn(const char* fmt, ...) ATTRIBUTE(format(printf, 1, 2)); +void log_error(const char* fmt, ...) ATTRIBUTE(format(printf, 1, 2)); void log_perror(int errno, const char* prefix); -void log_fatal(const char* fmt, ...) __attribute__((noreturn)); +void log_fatal(const char* fmt, ...) ATTRIBUTE(noreturn); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postsrsd-2.0.5/tests/unit/CMakeLists.txt new/postsrsd-2.0.6/tests/unit/CMakeLists.txt --- old/postsrsd-2.0.5/tests/unit/CMakeLists.txt 2023-06-26 21:56:02.000000000 +0200 +++ new/postsrsd-2.0.6/tests/unit/CMakeLists.txt 2023-07-15 20:53:41.000000000 +0200 @@ -19,6 +19,10 @@ target_include_directories( ${name}_executable PRIVATE ${CMAKE_BINARY_DIR} ${CMAKE_SOURCE_DIR}/src ) + target_compile_definitions( + ${name}_executable PRIVATE _GNU_SOURCE _POSIX_C_SOURCE + _FILE_OFFSET_BITS=64 + ) target_link_libraries(${name}_executable PRIVATE Check::check) target_compile_features(${name}_executable PRIVATE c_std_99) if(TESTS_WITH_ASAN)
