Module Name: src Committed By: riz Date: Thu Mar 24 19:54:09 UTC 2011
Modified Files: src/external/ibm-public/postfix/dist [netbsd-5]: HISTORY makedefs src/external/ibm-public/postfix/dist/src/cleanup [netbsd-5]: cleanup_map1n.c src/external/ibm-public/postfix/dist/src/global [netbsd-5]: mail_version.h src/external/ibm-public/postfix/dist/src/local [netbsd-5]: recipient.c src/external/ibm-public/postfix/dist/src/master [netbsd-5]: master_sig.c src/external/ibm-public/postfix/dist/src/smtp [netbsd-5]: smtp_proto.c src/external/ibm-public/postfix/dist/src/smtpd [netbsd-5]: smtpd.c src/external/ibm-public/postfix/dist/src/util [netbsd-5]: host_port.c make_dirs.c sys_defs.h watchdog.c Log Message: Apply patches (requested by tron in ticket #1576): Update postfix to version 2.7.3: - Fix for CVE-2011-0411: discard buffered plaintext input, after reading the SMTP "STARTTLS" command or response. - Fix to the local delivery agent: look up the "unextended" address in the local aliases database, when that address has a malformed address extension. - Fix to virtual alias expansion: report a tempfail error, instead of silently ignoring recipients that exceed the virtual_alias_expansion_limit or the virtual_alias_recursion_limit. - Fix for BSD-ish mkdir() to prevent maildir directories from inheriting their group ownership from the parent directory. - Fix to the SMTP client: missing support for mail to [ipv6:ipv6addr] address literal destinations. To generate a diff of this commit: cvs rdiff -u -r1.1.1.2.2.4 -r1.1.1.2.2.5 \ src/external/ibm-public/postfix/dist/HISTORY cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \ src/external/ibm-public/postfix/dist/makedefs cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \ src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c cvs rdiff -u -r1.1.1.2.2.4 -r1.1.1.2.2.5 \ src/external/ibm-public/postfix/dist/src/global/mail_version.h cvs rdiff -u -r1.1.1.1.2.4 -r1.1.1.1.2.5 \ src/external/ibm-public/postfix/dist/src/local/recipient.c cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \ src/external/ibm-public/postfix/dist/src/master/master_sig.c cvs rdiff -u -r1.1.1.1.2.4 -r1.1.1.1.2.5 \ src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c cvs rdiff -u -r1.2.2.4 -r1.2.2.5 \ src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c cvs rdiff -u -r1.1.1.1.2.3 -r1.1.1.1.2.4 \ src/external/ibm-public/postfix/dist/src/util/host_port.c \ src/external/ibm-public/postfix/dist/src/util/make_dirs.c \ src/external/ibm-public/postfix/dist/src/util/watchdog.c cvs rdiff -u -r1.1.1.1.2.4 -r1.1.1.1.2.5 \ src/external/ibm-public/postfix/dist/src/util/sys_defs.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/external/ibm-public/postfix/dist/HISTORY diff -u src/external/ibm-public/postfix/dist/HISTORY:1.1.1.2.2.4 src/external/ibm-public/postfix/dist/HISTORY:1.1.1.2.2.5 --- src/external/ibm-public/postfix/dist/HISTORY:1.1.1.2.2.4 Fri Jan 7 01:23:55 2011 +++ src/external/ibm-public/postfix/dist/HISTORY Thu Mar 24 19:54:07 2011 @@ -15730,6 +15730,18 @@ The last protocol change was in Postfix 2.1. File: util/dict_open.c. +20100422 + + Workaround (introduced: postfix-19990906 a.k.a. Postfix + 0.8.0). The Postfix local delivery agent did not properly + distinguish between "address has no extension" and "address + has an extension, but the extension is invalid". In both + cases it would run only the full recipient local-part through + the alias maps. Instead, it now drops the faulty extension + from the recipient address local-part (it would be too + error-prone to replace all tests for "no extension" by tests + for "no valid extension". File: local/recipient.c. + 20100515 Bugfix (introduced Postfix 2.6): the Postfix SMTP client @@ -15816,3 +15828,59 @@ compliance. We now make an exception for "final" replies, as permitted by RFC. Solution by Victor Duchovni. File: smtpd/smtpd.c. + +20101201 + + Workaround: BSD-ish mkdir() ignores the effective GID and + copies group ownership from the parent directory. File: + util/make_dirs.c. + +20101202 + + Cleanup: the cleanup server now reports a temporary delivery + error when it reaches the virtual_alias_expansion_limit or + virtual_alias_recursion_limit. Previously, it would silently + ignore the excess recipients and deliver the message. File: + cleanup/cleanup_map1n.c. + +20110105 + + Bugfix (introduced with the Postfix TLS patch): discard + plaintext following the STARTTLS command or response. This + matters only for the minority of SMTP clients that actually + verify server certificates. Files: smtpd/smtpd.c, + smtp/smtp_proto.c. + + This vulnerability is also known as CVE-2011-0411. + +20110109 + + Bugfix (introduced Postfix 2.4): on Solaris the Postfix + event engine was deaf for SIGHUP and SIGALRM signals after + the switch to /dev/poll. Symptoms were delayed "postfix + reload" response, and killed processes when the watchdog + timeout was less than max_idle. The fix is to set up SIGHUP + and SIGALRM handlers that write to a pipe, and to monitor + that pipe for read events via the Postfix event engine. + Files: master/master_sig.c, util/watchdog.c, util/sys_defs.h. + +20110117 + + Bugfix (introduced Postfix alpha, or thereabouts): on HP-UX + the Postfix event engine was deaf for SIGALRM signals. + Symptoms were killed processes when the watchdog timeout + was less than max_idle. The fix is the same as Solaris fix + 20110109. Since we can't know what other systems need this, + the workaround is enabled by default. Files: util/sys_defs.h. + +20110225 + + Workaround (problem introduced with IPv6 support in Postfix + 2.2): the SMTP client did not support mail to [ipv6:ipv6addr]. + Fix based on a patch by Gurusamy Sarathy (Sophos). File: + util/host_port.c and regression test files. + +20110227 + + Portability: FreeBSD closefrom() support time window. Sahil + Tandon. File: util/sys_defs.h. Index: src/external/ibm-public/postfix/dist/makedefs diff -u src/external/ibm-public/postfix/dist/makedefs:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/makedefs:1.1.1.1.2.4 --- src/external/ibm-public/postfix/dist/makedefs:1.1.1.1.2.3 Sun Nov 21 18:31:22 2010 +++ src/external/ibm-public/postfix/dist/makedefs Thu Mar 24 19:54:07 2011 @@ -228,6 +228,12 @@ done ;; AIX.*) case "`uname -v`" in + 6) SYSTYPE=AIX6 + case "$CC" in + cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; + esac + CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" + ;; 5) SYSTYPE=AIX5 case "$CC" in cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; Index: src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c diff -u src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c:1.1.1.1.2.4 --- src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c:1.1.1.1.2.3 Fri Jan 7 01:24:00 2011 +++ src/external/ibm-public/postfix/dist/src/cleanup/cleanup_map1n.c Thu Mar 24 19:54:07 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: cleanup_map1n.c,v 1.1.1.1.2.3 2011/01/07 01:24:00 riz Exp $ */ +/* $NetBSD: cleanup_map1n.c,v 1.1.1.1.2.4 2011/03/24 19:54:07 riz Exp $ */ /*++ /* NAME @@ -17,13 +17,18 @@ /* This module implements one-to-many table mapping via table lookup. /* Table lookups are done with quoted (externalized) address forms. /* The process is recursive. The recursion terminates when the -/* left-hand side appears in its own expansion, or when a maximal -/* nesting level is reached. +/* left-hand side appears in its own expansion. /* /* cleanup_map1n_internal() is the interface for addresses in /* internal (unquoted) form. /* DIAGNOSTICS -/* Recoverable errors: the global \fIcleanup_errs\fR flag is updated. +/* When the maximal expansion or recursion limit is reached, +/* the alias is not expanded and the CLEANUP_STAT_DEFER error +/* is raised with reason "4.6.0 Alias expansion error". +/* +/* When table lookup fails, the alias is not expanded and the +/* CLEANUP_STAT_WRITE error is raised with reason "4.6.0 Alias +/* expansion error". /* SEE ALSO /* mail_addr_map(3) address mappings /* mail_addr_find(3) address lookups @@ -95,15 +100,26 @@ * must index the array explicitly, instead of running along it with a * pointer. */ -#define UPDATE(ptr,new) { myfree(ptr); ptr = mystrdup(new); } +#define UPDATE(ptr,new) do { \ + if (ptr) myfree(ptr); ptr = mystrdup(new); \ + } while (0) #define STR vstring_str -#define RETURN(x) { been_here_free(been_here); return (x); } +#define RETURN(x) do { \ + been_here_free(been_here); return (x); \ + } while (0) +#define UNEXPAND(argv, addr) do { \ + argv_truncate((argv), 0); argv_add((argv), (addr), (char *) 0); \ + } while (0) for (arg = 0; arg < argv->argc; arg++) { if (argv->argc > var_virt_expan_limit) { - msg_warn("%s: unreasonable %s map expansion size for %s", + msg_warn("%s: unreasonable %s map expansion size for %s -- " + "deferring delivery", state->queue_id, maps->title, addr); - break; + state->errs |= CLEANUP_STAT_DEFER; + UPDATE(state->reason, "4.6.0 Alias expansion error"); + UNEXPAND(argv, addr); + RETURN(argv); } for (count = 0; /* void */ ; count++) { @@ -113,9 +129,13 @@ if (been_here_check_fixed(been_here, argv->argv[arg]) != 0) break; if (count >= var_virt_recur_limit) { - msg_warn("%s: unreasonable %s map nesting for %s", + msg_warn("%s: unreasonable %s map nesting for %s -- " + "deferring delivery", state->queue_id, maps->title, addr); - break; + state->errs |= CLEANUP_STAT_DEFER; + UPDATE(state->reason, "4.6.0 Alias expansion error"); + UNEXPAND(argv, addr); + RETURN(argv); } quote_822_local(state->temp1, argv->argv[arg]); if ((lookup = mail_addr_map(maps, STR(state->temp1), propagate)) != 0) { @@ -138,9 +158,12 @@ myfree(saved_lhs); argv_free(lookup); } else if (dict_errno != 0) { - msg_warn("%s: %s map lookup problem for %s", + msg_warn("%s: %s map lookup problem for %s -- " + "deferring delivery", state->queue_id, maps->title, addr); state->errs |= CLEANUP_STAT_WRITE; + UPDATE(state->reason, "4.6.0 Alias expansion error"); + UNEXPAND(argv, addr); RETURN(argv); } else { break; Index: src/external/ibm-public/postfix/dist/src/global/mail_version.h diff -u src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.1.1.2.2.4 src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.1.1.2.2.5 --- src/external/ibm-public/postfix/dist/src/global/mail_version.h:1.1.1.2.2.4 Fri Jan 7 01:24:04 2011 +++ src/external/ibm-public/postfix/dist/src/global/mail_version.h Thu Mar 24 19:54:07 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: mail_version.h,v 1.1.1.2.2.4 2011/01/07 01:24:04 riz Exp $ */ +/* $NetBSD: mail_version.h,v 1.1.1.2.2.5 2011/03/24 19:54:07 riz Exp $ */ #ifndef _MAIL_VERSION_H_INCLUDED_ #define _MAIL_VERSION_H_INCLUDED_ @@ -22,8 +22,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20101123" -#define MAIL_VERSION_NUMBER "2.7.2" +#define MAIL_RELEASE_DATE "20110303" +#define MAIL_VERSION_NUMBER "2.7.3" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE Index: src/external/ibm-public/postfix/dist/src/local/recipient.c diff -u src/external/ibm-public/postfix/dist/src/local/recipient.c:1.1.1.1.2.4 src/external/ibm-public/postfix/dist/src/local/recipient.c:1.1.1.1.2.5 --- src/external/ibm-public/postfix/dist/src/local/recipient.c:1.1.1.1.2.4 Fri Jan 7 01:24:06 2011 +++ src/external/ibm-public/postfix/dist/src/local/recipient.c Thu Mar 24 19:54:08 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: recipient.c,v 1.1.1.1.2.4 2011/01/07 01:24:06 riz Exp $ */ +/* $NetBSD: recipient.c,v 1.1.1.1.2.5 2011/03/24 19:54:08 riz Exp $ */ /*++ /* NAME @@ -252,6 +252,10 @@ /* * Address extension management. + * + * XXX Fix 20100422, finalized 20100529: it is too error-prone to + * distinguish between "no extension" and "no valid extension", so we + * drop an invalid extension from the recipient address local-part. */ state.msg_attr.user = mystrdup(state.msg_attr.local); if (*var_rcpt_delim) { @@ -261,6 +265,9 @@ msg_warn("%s: address with illegal extension: %s", state.msg_attr.queue_id, state.msg_attr.local); state.msg_attr.extension = 0; + /* XXX Can't myfree + mystrdup, must truncate instead. */ + state.msg_attr.local[strlen(state.msg_attr.user)] = 0; + /* Truncating is safe. The code below rejects null usernames. */ } } else state.msg_attr.extension = 0; Index: src/external/ibm-public/postfix/dist/src/master/master_sig.c diff -u src/external/ibm-public/postfix/dist/src/master/master_sig.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/master/master_sig.c:1.1.1.1.2.4 --- src/external/ibm-public/postfix/dist/src/master/master_sig.c:1.1.1.1.2.3 Fri Jan 7 01:24:07 2011 +++ src/external/ibm-public/postfix/dist/src/master/master_sig.c Thu Mar 24 19:54:08 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: master_sig.c,v 1.1.1.1.2.3 2011/01/07 01:24:07 riz Exp $ */ +/* $NetBSD: master_sig.c,v 1.1.1.1.2.4 2011/03/24 19:54:08 riz Exp $ */ /*++ /* NAME @@ -55,9 +55,8 @@ #ifdef USE_SIG_RETURN #include <sys/syscall.h> -#endif - -#ifndef USE_SIG_RETURN +#undef USE_SIG_PIPE +#else #define USE_SIG_PIPE #endif @@ -78,6 +77,8 @@ int master_gotsigchld; int master_gotsighup; +#ifdef USE_SIG_RETURN + /* master_sighup - register arrival of hangup signal */ static void master_sighup(int sig) @@ -94,8 +95,6 @@ /* master_sigchld - register arrival of child death signal */ -#ifdef USE_SIG_RETURN - static void master_sigchld(int sig, int code, struct sigcontext * scp) { @@ -118,7 +117,25 @@ #else -#ifdef USE_SIG_PIPE +/* master_sighup - register arrival of hangup signal */ + +static void master_sighup(int sig) +{ + int saved_errno = errno; + + /* + * WARNING WARNING WARNING. + * + * This code runs at unpredictable moments, as a signal handler. Don't put + * any code here other than for setting a global flag, or code that is + * intended to be run within a signal handler. Restore errno in case we + * are interrupting the epilog of a failed system call. + */ + master_gotsighup = sig; + if (write(SIG_PIPE_WRITE_FD, "", 1) != 1) + msg_warn("write to SIG_PIPE_WRITE_FD failed: %m"); + errno = saved_errno; +} /* master_sigchld - force wakeup from select() */ @@ -134,6 +151,7 @@ * intended to be run within a signal handler. Restore errno in case we * are interrupting the epilog of a failed system call. */ + master_gotsigchld = 1; if (write(SIG_PIPE_WRITE_FD, "", 1) != 1) msg_warn("write to SIG_PIPE_WRITE_FD failed: %m"); errno = saved_errno; @@ -147,24 +165,8 @@ while (read(SIG_PIPE_READ_FD, c, 1) > 0) /* void */ ; - master_gotsigchld = 1; } -#else - -static void master_sigchld(int sig) -{ - - /* - * WARNING WARNING WARNING. - * - * This code runs at unpredictable moments, as a signal handler. Don't put - * any code here other than for setting a global flag. - */ - master_gotsigchld = sig; -} - -#endif #endif /* master_sigdeath - die, women and children first */ Index: src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c diff -u src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c:1.1.1.1.2.4 src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c:1.1.1.1.2.5 --- src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c:1.1.1.1.2.4 Fri Jan 7 01:24:13 2011 +++ src/external/ibm-public/postfix/dist/src/smtp/smtp_proto.c Thu Mar 24 19:54:08 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: smtp_proto.c,v 1.1.1.1.2.4 2011/01/07 01:24:13 riz Exp $ */ +/* $NetBSD: smtp_proto.c,v 1.1.1.1.2.5 2011/03/24 19:54:08 riz Exp $ */ /*++ /* NAME @@ -814,6 +814,9 @@ SMTP_RESP_FAKE(&fake, "4.7.5"), "Server certificate not verified")); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH); + /* * At this point we have to re-negotiate the "EHLO" to reget the * feature-list. Index: src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c diff -u src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c:1.2.2.4 src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c:1.2.2.5 --- src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c:1.2.2.4 Fri Jan 7 01:24:13 2011 +++ src/external/ibm-public/postfix/dist/src/smtpd/smtpd.c Thu Mar 24 19:54:08 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: smtpd.c,v 1.2.2.4 2011/01/07 01:24:13 riz Exp $ */ +/* $NetBSD: smtpd.c,v 1.2.2.5 2011/03/24 19:54:08 riz Exp $ */ /*++ /* NAME @@ -4098,6 +4098,8 @@ smtpd_chat_reply(state, "220 2.0.0 Ready to start TLS"); /* Flush before we switch the stream's read/write routines. */ smtp_flush(state->client); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(state->client, VSTREAM_PURGE_BOTH); /* * Reset all inputs to the initial state. Index: src/external/ibm-public/postfix/dist/src/util/host_port.c diff -u src/external/ibm-public/postfix/dist/src/util/host_port.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/util/host_port.c:1.1.1.1.2.4 --- src/external/ibm-public/postfix/dist/src/util/host_port.c:1.1.1.1.2.3 Fri Jan 7 01:24:17 2011 +++ src/external/ibm-public/postfix/dist/src/util/host_port.c Thu Mar 24 19:54:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: host_port.c,v 1.1.1.1.2.3 2011/01/07 01:24:17 riz Exp $ */ +/* $NetBSD: host_port.c,v 1.1.1.1.2.4 2011/03/24 19:54:09 riz Exp $ */ /*++ /* NAME @@ -97,22 +97,41 @@ #include <host_port.h> + /* + * Point-fix workaround. The libutil library should be email agnostic, but + * we can't rip up the library APIs in the stable releases. + */ +#include <string.h> +#ifdef STRCASECMP_IN_STRINGS_H +#include <strings.h> +#endif +#define IPV6_COL "IPv6:" /* RFC 2821 */ +#define IPV6_COL_LEN (sizeof(IPV6_COL) - 1) +#define HAS_IPV6_COL(str) (strncasecmp((str), IPV6_COL, IPV6_COL_LEN) == 0) + /* host_port - parse string into host and port, destroy string */ const char *host_port(char *buf, char **host, char *def_host, char **port, char *def_service) { char *cp = buf; + int ipv6 = 0; /* * [host]:port, [host]:, [host]. + * [ipv6:ipv6addr]:port, [ipv6:ipv6addr]:, [ipv6:ipv6addr]. */ if (*cp == '[') { - *host = ++cp; + ++cp; + if ((ipv6 = HAS_IPV6_COL(cp)) != 0) + cp += IPV6_COL_LEN; + *host = cp; if ((cp = split_at(cp, ']')) == 0) return ("missing \"]\""); if (*cp && *cp++ != ':') return ("garbage after \"]\""); + if (ipv6 && !valid_ipv6_hostaddr(*host, DONT_GRIPE)) + return ("malformed IPv6 address"); *port = *cp ? cp : def_service; } Index: src/external/ibm-public/postfix/dist/src/util/make_dirs.c diff -u src/external/ibm-public/postfix/dist/src/util/make_dirs.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/util/make_dirs.c:1.1.1.1.2.4 --- src/external/ibm-public/postfix/dist/src/util/make_dirs.c:1.1.1.1.2.3 Fri Jan 7 01:24:18 2011 +++ src/external/ibm-public/postfix/dist/src/util/make_dirs.c Thu Mar 24 19:54:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: make_dirs.c,v 1.1.1.1.2.3 2011/01/07 01:24:18 riz Exp $ */ +/* $NetBSD: make_dirs.c,v 1.1.1.1.2.4 2011/03/24 19:54:09 riz Exp $ */ /*++ /* NAME @@ -39,6 +39,7 @@ #include <sys/stat.h> #include <errno.h> #include <string.h> +#include <unistd.h> /* Utility library. */ @@ -51,12 +52,14 @@ int make_dirs(const char *path, int perms) { + const char *myname = "make_dirs"; char *saved_path; unsigned char *cp; int saved_ch; struct stat st; int ret; mode_t saved_mode = 0; + gid_t egid = -1; /* * Initialize. Make a copy of the path that we can safely clobber. @@ -119,6 +122,21 @@ break; } } + + /* + * Fix directory ownership when mkdir() ignores the effective + * GID. Don't change the effective UID for doing this. + */ + if ((ret = stat(saved_path, &st)) < 0) { + msg_warn("%s: stat %s: %m", myname, saved_path); + break; + } + if (egid == -1) + egid = getegid(); + if (st.st_gid != egid && (ret = chown(saved_path, -1, egid)) < 0) { + msg_warn("%s: chgrp %s: %m", myname, saved_path); + break; + } } if (saved_ch != 0) *cp = saved_ch; Index: src/external/ibm-public/postfix/dist/src/util/watchdog.c diff -u src/external/ibm-public/postfix/dist/src/util/watchdog.c:1.1.1.1.2.3 src/external/ibm-public/postfix/dist/src/util/watchdog.c:1.1.1.1.2.4 --- src/external/ibm-public/postfix/dist/src/util/watchdog.c:1.1.1.1.2.3 Fri Jan 7 01:24:21 2011 +++ src/external/ibm-public/postfix/dist/src/util/watchdog.c Thu Mar 24 19:54:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: watchdog.c,v 1.1.1.1.2.3 2011/01/07 01:24:21 riz Exp $ */ +/* $NetBSD: watchdog.c,v 1.1.1.1.2.4 2011/03/24 19:54:09 riz Exp $ */ /*++ /* NAME @@ -121,6 +121,31 @@ */ static WATCHDOG *watchdog_curr; + /* + * Workaround for systems where the alarm signal does not wakeup the event + * machinery, and therefore does not restart the watchdog timer in the + * single_server etc. skeletons. The symptom is that programs abort when the + * watchdog timeout is less than the max_idle time. + */ +#ifdef USE_WATCHDOG_PIPE +#include <errno.h> +#include <iostuff.h> +#include <events.h> + +static int watchdog_pipe[2]; + +/* watchdog_read - read event pipe */ + +static void watchdog_read(int unused_event, char *unused_context) +{ + char ch; + + while (read(watchdog_pipe[0], &ch, 1) > 0) + /* void */ ; +} + +#endif /* USE_WATCHDOG_PIPE */ + /* watchdog_event - handle timeout event */ static void watchdog_event(int unused_sig) @@ -139,6 +164,14 @@ if (msg_verbose > 1) msg_info("%s: %p %d", myname, (void *) wp, wp->trip_run); if (++(wp->trip_run) < WATCHDOG_STEPS) { +#ifdef USE_WATCHDOG_PIPE + int saved_errno = errno; + + /* Wake up the events(3) engine. */ + if (write(watchdog_pipe[1], "", 1) != 1) + msg_warn("%s: write watchdog_pipe: %m", myname); + errno = saved_errno; +#endif alarm(wp->timeout); } else { if (wp->action) @@ -179,6 +212,15 @@ msg_fatal("%s: sigaction(SIGALRM): %m", myname); if (msg_verbose > 1) msg_info("%s: %p %d", myname, (void *) wp, timeout); +#ifdef USE_WATCHDOG_PIPE + if (watchdog_curr == 0) { + if (pipe(watchdog_pipe) < 0) + msg_fatal("%s: pipe: %m", myname); + non_blocking(watchdog_pipe[0], NON_BLOCKING); + non_blocking(watchdog_pipe[1], NON_BLOCKING); + event_enable_read(watchdog_pipe[0], watchdog_read, (char *) 0); + } +#endif return (watchdog_curr = wp); } @@ -195,6 +237,13 @@ if (wp->saved_time) alarm(wp->saved_time); myfree((char *) wp); +#ifdef USE_WATCHDOG_PIPE + if (watchdog_curr == 0) { + event_disable_readwrite(watchdog_pipe[0]); + (void) close(watchdog_pipe[0]); + (void) close(watchdog_pipe[1]); + } +#endif if (msg_verbose > 1) msg_info("%s: %p", myname, (void *) wp); } Index: src/external/ibm-public/postfix/dist/src/util/sys_defs.h diff -u src/external/ibm-public/postfix/dist/src/util/sys_defs.h:1.1.1.1.2.4 src/external/ibm-public/postfix/dist/src/util/sys_defs.h:1.1.1.1.2.5 --- src/external/ibm-public/postfix/dist/src/util/sys_defs.h:1.1.1.1.2.4 Fri Jan 7 01:24:20 2011 +++ src/external/ibm-public/postfix/dist/src/util/sys_defs.h Thu Mar 24 19:54:09 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: sys_defs.h,v 1.1.1.1.2.4 2011/01/07 01:24:20 riz Exp $ */ +/* $NetBSD: sys_defs.h,v 1.1.1.1.2.5 2011/03/24 19:54:09 riz Exp $ */ #ifndef _SYS_DEFS_H_INCLUDED_ #define _SYS_DEFS_H_INCLUDED_ @@ -113,7 +113,8 @@ #define HAS_DUPLEX_PIPE /* 4.1 breaks with kqueue(2) */ #endif -#if __FreeBSD_version >= 800107 /* safe; don't believe the experts */ +#if (__FreeBSD_version >= 702104 && __FreeBSD_version <= 800000) \ + || __FreeBSD_version >= 800100 #define HAS_CLOSEFROM #endif @@ -515,7 +516,7 @@ * AIX: a SYSV-flavored hybrid. NB: fcntl() and flock() access the same * underlying locking primitives. */ -#ifdef AIX5 +#if defined(AIX5) || defined(AIX6) #define SUPPORTED #include <sys/types.h> #define UINT32_TYPE unsigned int @@ -1279,6 +1280,17 @@ #endif /* + * Workaround: after a watchdog alarm signal, wake up from select/poll/etc. + * by writing to a pipe. Solaris needs this, and HP-UX apparently, too. The + * run-time cost is negligible so we just turn it on for all systems. As a + * side benefit, making this code system-independent will simplify the + * detection of bit-rot problems. + */ +#ifndef NO_WATCHDOG_PIPE +#define USE_WATCHDOG_PIPE +#endif + + /* * Defaults for systems without kqueue, /dev/poll or epoll support. * master/multi-server.c and *qmgr/qmgr_transport.c depend on this. */