Module Name: src
Committed By: riz
Date: Thu Mar 24 19:54:09 UTC 2011
Modified Files:
src/external/ibm-public/postfix/dist [netbsd-5]: HISTORY makedefs
src/external/ibm-public/postfix/dist/src/cleanup [netbsd-5]:
cleanup_map1n.c
src/external/ibm-public/postfix/dist/src/global [netbsd-5]:
mail_version.h
src/external/ibm-public/postfix/dist/src/local [netbsd-5]: recipient.c
src/external/ibm-public/postfix/dist/src/master [netbsd-5]:
master_sig.c
src/external/ibm-public/postfix/dist/src/smtp [netbsd-5]: smtp_proto.c
src/external/ibm-public/postfix/dist/src/smtpd [netbsd-5]: smtpd.c
src/external/ibm-public/postfix/dist/src/util [netbsd-5]: host_port.c
make_dirs.c sys_defs.h watchdog.c
Log Message:
Apply patches (requested by tron in ticket #1576):
Update postfix to version 2.7.3:
- Fix for CVE-2011-0411: discard buffered plaintext input, after
reading the SMTP "STARTTLS" command or response.
- Fix to the local delivery agent: look up the "unextended" address
in the local aliases database, when that address has a malformed
address extension.
- Fix to virtual alias expansion: report a tempfail error, instead of
silently ignoring recipients that exceed the
virtual_alias_expansion_limit or the virtual_alias_recursion_limit.
- Fix for BSD-ish mkdir() to prevent maildir directories from
inheriting their group ownership from the parent directory.
- Fix to the SMTP client: missing support for mail to [ipv6:ipv6addr]
address literal destinations.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.2.2.4 -r1.1.1.2.2.5 \
src/external/ibm-public/postfix/dist/HISTORY
cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \
src/external/ibm-public/postfix/dist/makedefs
cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \
src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c
cvs rdiff -u -r1.1.1.2.2.4 -r1.1.1.2.2.5 \
src/external/ibm-public/postfix/dist/src/global/mail_version.h
cvs rdiff -u -r1.1.1.1.2.4 -r1.1.1.1.2.5 \
src/external/ibm-public/postfix/dist/src/local/recipient.c
cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \
src/external/ibm-public/postfix/dist/src/master/master_sig.c
cvs rdiff -u -r1.1.1.1.2.4 -r1.1.1.1.2.5 \
src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c
cvs rdiff -u -r1.2.2.4 -r1.2.2.5 \
src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c
cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \
src/external/ibm-public/postfix/dist/src/util/host_port.c \
src/external/ibm-public/postfix/dist/src/util/make_dirs.c \
src/external/ibm-public/postfix/dist/src/util/watchdog.c
cvs rdiff -u -r1.1.1.1.2.4 -r1.1.1.1.2.5 \
src/external/ibm-public/postfix/dist/src/util/sys_defs.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/external/ibm-public/postfix/dist/HISTORY
diff -u src/external/ibm-public/postfix/dist/HISTORY:1.1.1.2.2.4 src/external/ibm-public/postfix/dist/HISTORY:1.1.1.2.2.5
--- src/external/ibm-public/postfix/dist/HISTORY:1.1.1.2.2.4 Fri Jan 7 01:23:55 2011
+++ src/external/ibm-public/postfix/dist/HISTORY Thu Mar 24 19:54:07 2011
@@ -15730,6 +15730,18 @@
The last protocol change was in Postfix 2.1. File:
util/dict_open.c.
+20100422
+
+ Workaround (introduced: postfix-19990906 a.k.a. Postfix
+ 0.8.0). The Postfix local delivery agent did not properly
+ distinguish between "address has no extension" and "address
+ has an extension, but the extension is invalid". In both
+ cases it would run only the full recipient local-part through
+ the alias maps. Instead, it now drops the faulty extension
+ from the recipient address local-part (it would be too
+ error-prone to replace all tests for "no extension" by tests
+ for "no valid extension". File: local/recipient.c.
+
20100515
Bugfix (introduced Postfix 2.6): the Postfix SMTP client
@@ -15816,3 +15828,59 @@
compliance. We now make an exception for "final" replies,
as permitted by RFC. Solution by Victor Duchovni. File:
smtpd/smtpd.c.
+
+20101201
+
+ Workaround: BSD-ish mkdir() ignores the effective GID and
+ copies group ownership from the parent directory. File:
+ util/make_dirs.c.
+
+20101202
+
+ Cleanup: the cleanup server now reports a temporary delivery
+ error when it reaches the virtual_alias_expansion_limit or
+ virtual_alias_recursion_limit. Previously, it would silently
+ ignore the excess recipients and deliver the message. File:
+ cleanup/cleanup_map1n.c.
+
+20110105
+
+ Bugfix (introduced with the Postfix TLS patch): discard
+ plaintext following the STARTTLS command or response. This
+ matters only for the minority of SMTP clients that actually
+ verify server certificates. Files: smtpd/smtpd.c,
+ smtp/smtp_proto.c.
+
+ This vulnerability is also known as CVE-2011-0411.
+
+20110109
+
+ Bugfix (introduced Postfix 2.4): on Solaris the Postfix
+ event engine was deaf for SIGHUP and SIGALRM signals after
+ the switch to /dev/poll. Symptoms were delayed "postfix
+ reload" response, and killed processes when the watchdog
+ timeout was less than max_idle. The fix is to set up SIGHUP
+ and SIGALRM handlers that write to a pipe, and to monitor
+ that pipe for read events via the Postfix event engine.
+ Files: master/master_sig.c, util/watchdog.c, util/sys_defs.h.
+
+20110117
+
+ Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX
+ the Postfix event engine was deaf for SIGALRM signals.
+ Symptoms were killed processes when the watchdog timeout
+ was less than max_idle. The fix is the same as Solaris fix
+ 20110109. Since we can't know what other systems need this,
+ the workaround is enabled by default. Files: util/sys_defs.h.
+
+20110225
+
+ Workaround (problem introduced with IPv6 support in Postfix
+ 2.2): the SMTP client did not support mail to [ipv6:ipv6addr].
+ Fix based on a patch by Gurusamy Sarathy (Sophos). File:
+ util/host_port.c and regression test files.
+
+20110227
+
+ Portability: FreeBSD closefrom() support time window. Sahil
+ Tandon. File: util/sys_defs.h.
Index: src/external/ibm-public/postfix/dist/makedefs
diff -u src/external/ibm-public/postfix/dist/makedefs:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/makedefs:1.1.1.1.2.4
--- src/external/ibm-public/postfix/dist/makedefs:1.1.1.1.2.3 Sun Nov 21 18:31:22 2010
+++ src/external/ibm-public/postfix/dist/makedefs Thu Mar 24 19:54:07 2011
@@ -228,6 +228,12 @@
done
;;
AIX.*) case "`uname -v`" in
+ 6) SYSTYPE=AIX6
+ case "$CC" in
+ cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
+ esac
+ CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
+ ;;
5) SYSTYPE=AIX5
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
Index: src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c
diff -u src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c:1.1.1.1.2.4
--- src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c:1.1.1.1.2.3 Fri Jan 7 01:24:00 2011
+++ src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c Thu Mar 24 19:54:07 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: cleanup_map1n.c,v 1.1.1.1.2.3 2011/01/07 01:24:00 riz Exp $ */
+/* $NetBSD: cleanup_map1n.c,v 1.1.1.1.2.4 2011/03/24 19:54:07 riz Exp $ */
/*++
/* NAME
@@ -17,13 +17,18 @@
/* This module implements one-to-many table mapping via table lookup.
/* Table lookups are done with quoted (externalized) address forms.
/* The process is recursive. The recursion terminates when the
-/* left-hand side appears in its own expansion, or when a maximal
-/* nesting level is reached.
+/* left-hand side appears in its own expansion.
/*
/* cleanup_map1n_internal() is the interface for addresses in
/* internal (unquoted) form.
/* DIAGNOSTICS
-/* Recoverable errors: the global \fIcleanup_errs\fR flag is updated.
+/* When the maximal expansion or recursion limit is reached,
+/* the alias is not expanded and the CLEANUP_STAT_DEFER error
+/* is raised with reason "4.6.0 Alias expansion error".
+/*
+/* When table lookup fails, the alias is not expanded and the
+/* CLEANUP_STAT_WRITE error is raised with reason "4.6.0 Alias
+/* expansion error".
/* SEE ALSO
/* mail_addr_map(3) address mappings
/* mail_addr_find(3) address lookups
@@ -95,15 +100,26 @@
* must index the array explicitly, instead of running along it with a
* pointer.
*/
-#define UPDATE(ptr,new) { myfree(ptr); ptr = mystrdup(new); }
+#define UPDATE(ptr,new) do { \
+ if (ptr) myfree(ptr); ptr = mystrdup(new); \
+ } while (0)
#define STR vstring_str
-#define RETURN(x) { been_here_free(been_here); return (x); }
+#define RETURN(x) do { \
+ been_here_free(been_here); return (x); \
+ } while (0)
+#define UNEXPAND(argv, addr) do { \
+ argv_truncate((argv), 0); argv_add((argv), (addr), (char *) 0); \
+ } while (0)
for (arg = 0; arg < argv->argc; arg++) {
if (argv->argc > var_virt_expan_limit) {
- msg_warn("%s: unreasonable %s map expansion size for %s",
+ msg_warn("%s: unreasonable %s map expansion size for %s -- "
+ "deferring delivery",
state->queue_id, maps->title, addr);
- break;
+ state->errs |= CLEANUP_STAT_DEFER;
+ UPDATE(state->reason, "4.6.0 Alias expansion error");
+ UNEXPAND(argv, addr);
+ RETURN(argv);
}
for (count = 0; /* void */ ; count++) {
@@ -113,9 +129,13 @@
if (been_here_check_fixed(been_here, argv->argv[arg]) != 0)
break;
if (count >= var_virt_recur_limit) {
- msg_warn("%s: unreasonable %s map nesting for %s",
+ msg_warn("%s: unreasonable %s map nesting for %s -- "
+ "deferring delivery",
state->queue_id, maps->title, addr);
- break;
+ state->errs |= CLEANUP_STAT_DEFER;
+ UPDATE(state->reason, "4.6.0 Alias expansion error");
+ UNEXPAND(argv, addr);
+ RETURN(argv);
}
quote_822_local(state->temp1, argv->argv[arg]);
if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) {
@@ -138,9 +158,12 @@
myfree(saved_lhs);
argv_free(lookup);
} else if (dict_errno != 0) {
- msg_warn("%s: %s map lookup problem for %s",
+ msg_warn("%s: %s map lookup problem for %s -- "
+ "deferring delivery",
state->queue_id, maps->title, addr);
state->errs |= CLEANUP_STAT_WRITE;
+ UPDATE(state->reason, "4.6.0 Alias expansion error");
+ UNEXPAND(argv, addr);
RETURN(argv);
} else {
break;
Index: src/external/ibm-public/postfix/dist/src/global/mail_version.h
diff -u src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.1.1.2.2.4 src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.1.1.2.2.5
--- src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.1.1.2.2.4 Fri Jan 7 01:24:04 2011
+++ src/external/ibm-public/postfix/dist/src/global/mail_version.h Thu Mar 24 19:54:07 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_version.h,v 1.1.1.2.2.4 2011/01/07 01:24:04 riz Exp $ */
+/* $NetBSD: mail_version.h,v 1.1.1.2.2.5 2011/03/24 19:54:07 riz Exp $ */
#ifndef _MAIL_VERSION_H_INCLUDED_
#define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20101123"
-#define MAIL_VERSION_NUMBER "2.7.2"
+#define MAIL_RELEASE_DATE "20110303"
+#define MAIL_VERSION_NUMBER "2.7.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
Index: src/external/ibm-public/postfix/dist/src/local/recipient.c
diff -u src/external/ibm-public/postfix/dist/src/local/recipient.c:1.1.1.1.2.4 src/external/ibm-public/postfix/dist/src/local/recipient.c:1.1.1.1.2.5
--- src/external/ibm-public/postfix/dist/src/local/recipient.c:1.1.1.1.2.4 Fri Jan 7 01:24:06 2011
+++ src/external/ibm-public/postfix/dist/src/local/recipient.c Thu Mar 24 19:54:08 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: recipient.c,v 1.1.1.1.2.4 2011/01/07 01:24:06 riz Exp $ */
+/* $NetBSD: recipient.c,v 1.1.1.1.2.5 2011/03/24 19:54:08 riz Exp $ */
/*++
/* NAME
@@ -252,6 +252,10 @@
/*
* Address extension management.
+ *
+ * XXX Fix 20100422, finalized 20100529: it is too error-prone to
+ * distinguish between "no extension" and "no valid extension", so we
+ * drop an invalid extension from the recipient address local-part.
*/
state.msg_attr.user = mystrdup(state.msg_attr.local);
if (*var_rcpt_delim) {
@@ -261,6 +265,9 @@
msg_warn("%s: address with illegal extension: %s",
state.msg_attr.queue_id, state.msg_attr.local);
state.msg_attr.extension = 0;
+ /* XXX Can't myfree + mystrdup, must truncate instead. */
+ state.msg_attr.local[strlen(state.msg_attr.user)] = 0;
+ /* Truncating is safe. The code below rejects null usernames. */
}
} else
state.msg_attr.extension = 0;
Index: src/external/ibm-public/postfix/dist/src/master/master_sig.c
diff -u src/external/ibm-public/postfix/dist/src/master/master_sig.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/master/master_sig.c:1.1.1.1.2.4
--- src/external/ibm-public/postfix/dist/src/master/master_sig.c:1.1.1.1.2.3 Fri Jan 7 01:24:07 2011
+++ src/external/ibm-public/postfix/dist/src/master/master_sig.c Thu Mar 24 19:54:08 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: master_sig.c,v 1.1.1.1.2.3 2011/01/07 01:24:07 riz Exp $ */
+/* $NetBSD: master_sig.c,v 1.1.1.1.2.4 2011/03/24 19:54:08 riz Exp $ */
/*++
/* NAME
@@ -55,9 +55,8 @@
#ifdef USE_SIG_RETURN
#include <sys/syscall.h>
-#endif
-
-#ifndef USE_SIG_RETURN
+#undef USE_SIG_PIPE
+#else
#define USE_SIG_PIPE
#endif
@@ -78,6 +77,8 @@
int master_gotsigchld;
int master_gotsighup;
+#ifdef USE_SIG_RETURN
+
/* master_sighup - register arrival of hangup signal */
static void master_sighup(int sig)
@@ -94,8 +95,6 @@
/* master_sigchld - register arrival of child death signal */
-#ifdef USE_SIG_RETURN
-
static void master_sigchld(int sig, int code, struct sigcontext * scp)
{
@@ -118,7 +117,25 @@
#else
-#ifdef USE_SIG_PIPE
+/* master_sighup - register arrival of hangup signal */
+
+static void master_sighup(int sig)
+{
+ int saved_errno = errno;
+
+ /*
+ * WARNING WARNING WARNING.
+ *
+ * This code runs at unpredictable moments, as a signal handler. Don't put
+ * any code here other than for setting a global flag, or code that is
+ * intended to be run within a signal handler. Restore errno in case we
+ * are interrupting the epilog of a failed system call.
+ */
+ master_gotsighup = sig;
+ if (write(SIG_PIPE_WRITE_FD, "", 1) != 1)
+ msg_warn("write to SIG_PIPE_WRITE_FD failed: %m");
+ errno = saved_errno;
+}
/* master_sigchld - force wakeup from select() */
@@ -134,6 +151,7 @@
* intended to be run within a signal handler. Restore errno in case we
* are interrupting the epilog of a failed system call.
*/
+ master_gotsigchld = 1;
if (write(SIG_PIPE_WRITE_FD, "", 1) != 1)
msg_warn("write to SIG_PIPE_WRITE_FD failed: %m");
errno = saved_errno;
@@ -147,24 +165,8 @@
while (read(SIG_PIPE_READ_FD, c, 1) > 0)
/* void */ ;
- master_gotsigchld = 1;
}
-#else
-
-static void master_sigchld(int sig)
-{
-
- /*
- * WARNING WARNING WARNING.
- *
- * This code runs at unpredictable moments, as a signal handler. Don't put
- * any code here other than for setting a global flag.
- */
- master_gotsigchld = sig;
-}
-
-#endif
#endif
/* master_sigdeath - die, women and children first */
Index: src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c
diff -u src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c:1.1.1.1.2.4 src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c:1.1.1.1.2.5
--- src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c:1.1.1.1.2.4 Fri Jan 7 01:24:13 2011
+++ src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c Thu Mar 24 19:54:08 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: smtp_proto.c,v 1.1.1.1.2.4 2011/01/07 01:24:13 riz Exp $ */
+/* $NetBSD: smtp_proto.c,v 1.1.1.1.2.5 2011/03/24 19:54:08 riz Exp $ */
/*++
/* NAME
@@ -814,6 +814,9 @@
SMTP_RESP_FAKE(&fake, "4.7.5"),
"Server certificate not verified"));
+ /* At this point there must not be any pending plaintext. */
+ vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH);
+
/*
* At this point we have to re-negotiate the "EHLO" to reget the
* feature-list.
Index: src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c
diff -u src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c:1.2.2.4 src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c:1.2.2.5
--- src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c:1.2.2.4 Fri Jan 7 01:24:13 2011
+++ src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c Thu Mar 24 19:54:08 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: smtpd.c,v 1.2.2.4 2011/01/07 01:24:13 riz Exp $ */
+/* $NetBSD: smtpd.c,v 1.2.2.5 2011/03/24 19:54:08 riz Exp $ */
/*++
/* NAME
@@ -4098,6 +4098,8 @@
smtpd_chat_reply(state, "220 2.0.0 Ready to start TLS");
/* Flush before we switch the stream's read/write routines. */
smtp_flush(state->client);
+ /* At this point there must not be any pending plaintext. */
+ vstream_fpurge(state->client, VSTREAM_PURGE_BOTH);
/*
* Reset all inputs to the initial state.
Index: src/external/ibm-public/postfix/dist/src/util/host_port.c
diff -u src/external/ibm-public/postfix/dist/src/util/host_port.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/util/host_port.c:1.1.1.1.2.4
--- src/external/ibm-public/postfix/dist/src/util/host_port.c:1.1.1.1.2.3 Fri Jan 7 01:24:17 2011
+++ src/external/ibm-public/postfix/dist/src/util/host_port.c Thu Mar 24 19:54:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: host_port.c,v 1.1.1.1.2.3 2011/01/07 01:24:17 riz Exp $ */
+/* $NetBSD: host_port.c,v 1.1.1.1.2.4 2011/03/24 19:54:09 riz Exp $ */
/*++
/* NAME
@@ -97,22 +97,41 @@
#include <host_port.h>
+ /*
+ * Point-fix workaround. The libutil library should be email agnostic, but
+ * we can't rip up the library APIs in the stable releases.
+ */
+#include <string.h>
+#ifdef STRCASECMP_IN_STRINGS_H
+#include <strings.h>
+#endif
+#define IPV6_COL "IPv6:" /* RFC 2821 */
+#define IPV6_COL_LEN (sizeof(IPV6_COL) - 1)
+#define HAS_IPV6_COL(str) (strncasecmp((str), IPV6_COL, IPV6_COL_LEN) == 0)
+
/* host_port - parse string into host and port, destroy string */
const char *host_port(char *buf, char **host, char *def_host,
char **port, char *def_service)
{
char *cp = buf;
+ int ipv6 = 0;
/*
* [host]:port, [host]:, [host].
+ * [ipv6:ipv6addr]:port, [ipv6:ipv6addr]:, [ipv6:ipv6addr].
*/
if (*cp == '[') {
- *host = ++cp;
+ ++cp;
+ if ((ipv6 = HAS_IPV6_COL(cp)) != 0)
+ cp += IPV6_COL_LEN;
+ *host = cp;
if ((cp = split_at(cp, ']')) == 0)
return ("missing \"]\"");
if (*cp && *cp++ != ':')
return ("garbage after \"]\"");
+ if (ipv6 && !valid_ipv6_hostaddr(*host, DONT_GRIPE))
+ return ("malformed IPv6 address");
*port = *cp ? cp : def_service;
}
Index: src/external/ibm-public/postfix/dist/src/util/make_dirs.c
diff -u src/external/ibm-public/postfix/dist/src/util/make_dirs.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/util/make_dirs.c:1.1.1.1.2.4
--- src/external/ibm-public/postfix/dist/src/util/make_dirs.c:1.1.1.1.2.3 Fri Jan 7 01:24:18 2011
+++ src/external/ibm-public/postfix/dist/src/util/make_dirs.c Thu Mar 24 19:54:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: make_dirs.c,v 1.1.1.1.2.3 2011/01/07 01:24:18 riz Exp $ */
+/* $NetBSD: make_dirs.c,v 1.1.1.1.2.4 2011/03/24 19:54:09 riz Exp $ */
/*++
/* NAME
@@ -39,6 +39,7 @@
#include <sys/stat.h>
#include <errno.h>
#include <string.h>
+#include <unistd.h>
/* Utility library. */
@@ -51,12 +52,14 @@
int make_dirs(const char *path, int perms)
{
+ const char *myname = "make_dirs";
char *saved_path;
unsigned char *cp;
int saved_ch;
struct stat st;
int ret;
mode_t saved_mode = 0;
+ gid_t egid = -1;
/*
* Initialize. Make a copy of the path that we can safely clobber.
@@ -119,6 +122,21 @@
break;
}
}
+
+ /*
+ * Fix directory ownership when mkdir() ignores the effective
+ * GID. Don't change the effective UID for doing this.
+ */
+ if ((ret = stat(saved_path, &st)) < 0) {
+ msg_warn("%s: stat %s: %m", myname, saved_path);
+ break;
+ }
+ if (egid == -1)
+ egid = getegid();
+ if (st.st_gid != egid && (ret = chown(saved_path, -1, egid)) < 0) {
+ msg_warn("%s: chgrp %s: %m", myname, saved_path);
+ break;
+ }
}
if (saved_ch != 0)
*cp = saved_ch;
Index: src/external/ibm-public/postfix/dist/src/util/watchdog.c
diff -u src/external/ibm-public/postfix/dist/src/util/watchdog.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/util/watchdog.c:1.1.1.1.2.4
--- src/external/ibm-public/postfix/dist/src/util/watchdog.c:1.1.1.1.2.3 Fri Jan 7 01:24:21 2011
+++ src/external/ibm-public/postfix/dist/src/util/watchdog.c Thu Mar 24 19:54:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: watchdog.c,v 1.1.1.1.2.3 2011/01/07 01:24:21 riz Exp $ */
+/* $NetBSD: watchdog.c,v 1.1.1.1.2.4 2011/03/24 19:54:09 riz Exp $ */
/*++
/* NAME
@@ -121,6 +121,31 @@
*/
static WATCHDOG *watchdog_curr;
+ /*
+ * Workaround for systems where the alarm signal does not wakeup the event
+ * machinery, and therefore does not restart the watchdog timer in the
+ * single_server etc. skeletons. The symptom is that programs abort when the
+ * watchdog timeout is less than the max_idle time.
+ */
+#ifdef USE_WATCHDOG_PIPE
+#include <errno.h>
+#include <iostuff.h>
+#include <events.h>
+
+static int watchdog_pipe[2];
+
+/* watchdog_read - read event pipe */
+
+static void watchdog_read(int unused_event, char *unused_context)
+{
+ char ch;
+
+ while (read(watchdog_pipe[0], &ch, 1) > 0)
+ /* void */ ;
+}
+
+#endif /* USE_WATCHDOG_PIPE */
+
/* watchdog_event - handle timeout event */
static void watchdog_event(int unused_sig)
@@ -139,6 +164,14 @@
if (msg_verbose > 1)
msg_info("%s: %p %d", myname, (void *) wp, wp->trip_run);
if (++(wp->trip_run) < WATCHDOG_STEPS) {
+#ifdef USE_WATCHDOG_PIPE
+ int saved_errno = errno;
+
+ /* Wake up the events(3) engine. */
+ if (write(watchdog_pipe[1], "", 1) != 1)
+ msg_warn("%s: write watchdog_pipe: %m", myname);
+ errno = saved_errno;
+#endif
alarm(wp->timeout);
} else {
if (wp->action)
@@ -179,6 +212,15 @@
msg_fatal("%s: sigaction(SIGALRM): %m", myname);
if (msg_verbose > 1)
msg_info("%s: %p %d", myname, (void *) wp, timeout);
+#ifdef USE_WATCHDOG_PIPE
+ if (watchdog_curr == 0) {
+ if (pipe(watchdog_pipe) < 0)
+ msg_fatal("%s: pipe: %m", myname);
+ non_blocking(watchdog_pipe[0], NON_BLOCKING);
+ non_blocking(watchdog_pipe[1], NON_BLOCKING);
+ event_enable_read(watchdog_pipe[0], watchdog_read, (char *) 0);
+ }
+#endif
return (watchdog_curr = wp);
}
@@ -195,6 +237,13 @@
if (wp->saved_time)
alarm(wp->saved_time);
myfree((char *) wp);
+#ifdef USE_WATCHDOG_PIPE
+ if (watchdog_curr == 0) {
+ event_disable_readwrite(watchdog_pipe[0]);
+ (void) close(watchdog_pipe[0]);
+ (void) close(watchdog_pipe[1]);
+ }
+#endif
if (msg_verbose > 1)
msg_info("%s: %p", myname, (void *) wp);
}
Index: src/external/ibm-public/postfix/dist/src/util/sys_defs.h
diff -u src/external/ibm-public/postfix/dist/src/util/sys_defs.h:1.1.1.1.2.4 src/external/ibm-public/postfix/dist/src/util/sys_defs.h:1.1.1.1.2.5
--- src/external/ibm-public/postfix/dist/src/util/sys_defs.h:1.1.1.1.2.4 Fri Jan 7 01:24:20 2011
+++ src/external/ibm-public/postfix/dist/src/util/sys_defs.h Thu Mar 24 19:54:09 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_defs.h,v 1.1.1.1.2.4 2011/01/07 01:24:20 riz Exp $ */
+/* $NetBSD: sys_defs.h,v 1.1.1.1.2.5 2011/03/24 19:54:09 riz Exp $ */
#ifndef _SYS_DEFS_H_INCLUDED_
#define _SYS_DEFS_H_INCLUDED_
@@ -113,7 +113,8 @@
#define HAS_DUPLEX_PIPE /* 4.1 breaks with kqueue(2) */
#endif
-#if __FreeBSD_version >= 800107 /* safe; don't believe the experts */
+#if (__FreeBSD_version >= 702104 && __FreeBSD_version <= 800000) \
+ || __FreeBSD_version >= 800100
#define HAS_CLOSEFROM
#endif
@@ -515,7 +516,7 @@
* AIX: a SYSV-flavored hybrid. NB: fcntl() and flock() access the same
* underlying locking primitives.
*/
-#ifdef AIX5
+#if defined(AIX5) || defined(AIX6)
#define SUPPORTED
#include <sys/types.h>
#define UINT32_TYPE unsigned int
@@ -1279,6 +1280,17 @@
#endif
/*
+ * Workaround: after a watchdog alarm signal, wake up from select/poll/etc.
+ * by writing to a pipe. Solaris needs this, and HP-UX apparently, too. The
+ * run-time cost is negligible so we just turn it on for all systems. As a
+ * side benefit, making this code system-independent will simplify the
+ * detection of bit-rot problems.
+ */
+#ifndef NO_WATCHDOG_PIPE
+#define USE_WATCHDOG_PIPE
+#endif
+
+ /*
* Defaults for systems without kqueue, /dev/poll or epoll support.
* master/multi-server.c and *qmgr/qmgr_transport.c depend on this.
*/
