rpms/sendmail/devel sendmail-8.14.3-exitpanic.patch, NONE, 1.1 sendmail-8.14.3-milterfdleaks.patch, NONE, 1.1 sendmail-8.14.3-switchfile.patch, NONE, 1.1 sendmail.init, 1.20, 1.21 sendmail.spec, 1.103, 1.104 Sendmail-sasl1.conf, 1.1, NONE
Miroslav Lichvar
mlichvar at fedoraproject.org
Tue Dec 15 14:40:42 UTC 2009
Author: mlichvar
Update of /cvs/pkgs/rpms/sendmail/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28393
Modified Files:
sendmail.init sendmail.spec
Added Files:
sendmail-8.14.3-exitpanic.patch
sendmail-8.14.3-milterfdleaks.patch
sendmail-8.14.3-switchfile.patch
Removed Files:
Sendmail-sasl1.conf
Log Message:
- fix milter file descriptors leaks (#485426)
- skip colon separator when parsing service name in ServiceSwitchFile
- return with non-zero exit code when free space is below MinFreeBlocks
- fix service stop/restart when only smclient is running
- fix submit.cf and helpfile permissions
- more merge review fixes (#226407)
sendmail-8.14.3-exitpanic.patch:
envelope.c | 8 +++++---
main.c | 4 +++-
sendmail.h | 2 +-
3 files changed, 9 insertions(+), 5 deletions(-)
--- NEW FILE sendmail-8.14.3-exitpanic.patch ---
diff -up sendmail-8.14.3/sendmail/envelope.c.exitpanic sendmail-8.14.3/sendmail/envelope.c
--- sendmail-8.14.3/sendmail/envelope.c.exitpanic 2008-03-31 18:32:13.000000000 +0200
+++ sendmail-8.14.3/sendmail/envelope.c 2009-12-15 13:55:52.000000000 +0100
@@ -163,14 +163,14 @@ newenvelope(e, parent, rpool)
** split -- if true, split by recipient if message is queued up
**
** Returns:
-** none.
+** true if savemail panic'ed.
**
** Side Effects:
** housekeeping necessary to dispose of an envelope.
** Unlocks this queue file.
*/
-void
+bool
dropenvelope(e, fulldrop, split)
register ENVELOPE *e;
bool fulldrop;
@@ -209,7 +209,7 @@ dropenvelope(e, fulldrop, split)
/* we must have an id to remove disk files */
if (id == NULL)
- return;
+ return panic;
/* if verify-only mode, we can skip most of this */
if (OpMode == MD_VERIFY)
@@ -618,6 +618,8 @@ simpledrop:
}
e->e_id = NULL;
e->e_flags &= ~EF_HAS_DF;
+
+ return panic;
}
/*
** CLEARENVELOPE -- clear an envelope without unlocking
diff -up sendmail-8.14.3/sendmail/main.c.exitpanic sendmail-8.14.3/sendmail/main.c
--- sendmail-8.14.3/sendmail/main.c.exitpanic 2008-03-31 18:32:13.000000000 +0200
+++ sendmail-8.14.3/sendmail/main.c 2009-12-15 13:55:52.000000000 +0100
@@ -2952,7 +2952,9 @@ finis(drop, cleanup, exitstat)
{
if (CurEnv->e_id != NULL)
{
- dropenvelope(CurEnv, true, false);
+ if (dropenvelope(CurEnv, true, false))
+ /* exit with OS error if savemail panic'ed */
+ exitstat = EX_OSERR;
sm_rpool_free(CurEnv->e_rpool);
CurEnv->e_rpool = NULL;
diff -up sendmail-8.14.3/sendmail/sendmail.h.exitpanic sendmail-8.14.3/sendmail/sendmail.h
--- sendmail-8.14.3/sendmail/sendmail.h.exitpanic 2008-02-16 00:19:58.000000000 +0100
+++ sendmail-8.14.3/sendmail/sendmail.h 2009-12-15 13:55:52.000000000 +0100
@@ -982,7 +982,7 @@ extern ENVELOPE BlankEnvelope;
/* functions */
extern void clearenvelope __P((ENVELOPE *, bool, SM_RPOOL_T *));
-extern void dropenvelope __P((ENVELOPE *, bool, bool));
+extern bool dropenvelope __P((ENVELOPE *, bool, bool));
extern ENVELOPE *newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *));
extern void clrsessenvelope __P((ENVELOPE *));
extern void printenvflags __P((ENVELOPE *));
sendmail-8.14.3-milterfdleaks.patch:
libmilter/listener.c | 14 ++++++++++++++
sendmail/milter.c | 19 +++++++++++++++++++
2 files changed, 33 insertions(+)
--- NEW FILE sendmail-8.14.3-milterfdleaks.patch ---
Patches by Paul Howarth
https://bugzilla.redhat.com/show_bug.cgi?id=485426
--- sendmail-8.14.3/sendmail/milter.c 2008-09-19 15:51:03.000000000 +0100
+++ sendmail-8.14.3/sendmail/milter.c 2008-09-19 16:37:57.000000000 +0100
@@ -30,6 +30,9 @@
# include <sm/fdset.h>
+# include <unistd.h>
+# include <fcntl.h>
+
static void milter_connect_timeout __P((int));
static void milter_error __P((struct milter *, ENVELOPE *));
static int milter_open __P((struct milter *, bool, ENVELOPE *));
@@ -650,6 +653,7 @@
SOCKADDR_LEN_T addrlen = 0;
int addrno = 0;
int save_errno;
+ int fdflags;
char *p;
char *colon;
char *at;
@@ -1186,6 +1190,21 @@
(char *)&nodelay, sizeof(nodelay));
}
# endif /* MILTER_NO_NAGLE && !defined(TCP_CORK) */
+
+ /*
+ ** Need to set close-on-exec for sock to prevent it
+ ** leaking to the local delivery process
+ */
+ if ((fdflags = fcntl(sock, F_GETFD, 0)) == -1 ||
+ fcntl(sock, F_SETFD, fdflags | FD_CLOEXEC) == -1)
+ {
+ save_errno = errno;
+ if (MilterLogLevel > 0)
+ sm_syslog(LOG_WARNING, e->e_id,
+ "Milter (%s): Unable to set close-on-exec on sock (%s)",
+ m->mf_name, sm_errstring(save_errno = errno));
+ }
+
return sock;
}
--- sendmail-8.14.3/libmilter/listener.c 2007-04-23 23:22:50.000000000 +0100
+++ sendmail-8.14.3/libmilter/listener.c 2008-06-18 16:36:38.000000000 +0100
@@ -728,6 +728,7 @@
int acnt = 0; /* error count for accept() failures */
int scnt = 0; /* error count for select() failures */
int save_errno = 0;
+ int fdflags;
#if !_FFR_WORKERS_POOL
sthread_t thread_id;
#endif /* !_FFR_WORKERS_POOL */
@@ -807,6 +808,19 @@
(void) smutex_unlock(&L_Mutex);
/*
+ ** Need to set close-on-exec for connfd in case a user's
+ ** filter starts other applications
+ */
+ if ((fdflags = fcntl(connfd, F_GETFD, 0)) == -1 ||
+ fcntl(connfd, F_SETFD, fdflags | FD_CLOEXEC) == -1)
+ {
+ smi_log(SMI_LOG_WARN,
+ "%s: Unable to set close-on-exec on connfd (%s)",
+ smfi->xxfi_name, sm_errstring(errno));
+ /* XXX: continue? */
+ }
+
+ /*
** If remote side closes before accept() finishes,
** sockaddr might not be fully filled in.
*/
sendmail-8.14.3-switchfile.patch:
conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE sendmail-8.14.3-switchfile.patch ---
diff -up sendmail-8.14.3/sendmail/conf.c.switchfile sendmail-8.14.3/sendmail/conf.c
--- sendmail-8.14.3/sendmail/conf.c.switchfile 2008-04-14 04:09:35.000000000 +0200
+++ sendmail-8.14.3/sendmail/conf.c 2009-12-15 13:32:55.000000000 +0100
@@ -968,7 +968,7 @@ switch_map_find(service, maptype, mapret
p = strpbrk(buf, "#\n");
if (p != NULL)
*p = '\0';
- p = strpbrk(buf, " \t");
+ p = strpbrk(buf, " \t:");
if (p != NULL)
*p++ = '\0';
if (buf[0] == '\0')
Index: sendmail.init
===================================================================
RCS file: /cvs/pkgs/rpms/sendmail/devel/sendmail.init,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -p -r1.20 -r1.21
--- sendmail.init 19 Dec 2008 13:23:41 -0000 1.20
+++ sendmail.init 15 Dec 2009 14:40:42 -0000 1.21
@@ -116,7 +116,7 @@ stop() {
return $RETVAL
}
-status -p /var/run/sendmail.pid >/dev/null && status -p /var/run/sm-client.pid >/dev/null
+status -p /var/run/sendmail.pid >/dev/null || status -p /var/run/sm-client.pid >/dev/null
running=$?
# See how we were called.
Index: sendmail.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sendmail/devel/sendmail.spec,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -p -r1.103 -r1.104
--- sendmail.spec 16 Sep 2009 18:48:51 -0000 1.103
+++ sendmail.spec 15 Dec 2009 14:40:42 -0000 1.104
@@ -1,6 +1,5 @@
# package options
%define with_tls yes
-%define with_sasl1 no
%define with_sasl2 yes
%define with_milter yes
%define with_ldap yes
@@ -15,11 +14,10 @@
Summary: A widely used Mail Transport Agent (MTA)
Name: sendmail
Version: 8.14.3
-Release: 8%{?dist}
+Release: 9%{?dist}
License: Sendmail
Group: System Environment/Daemons
URL: http://www.sendmail.org/
-Provides: MTA smtpdaemon server(smtp)
Source0: ftp://ftp.sendmail.org/pub/sendmail/sendmail.%{version}.tar.gz
Source1: sendmail.init
Source2: sendmail.nm-dispatcher
@@ -27,7 +25,6 @@ Source3: sendmail.etc-mail-make
Source4: sendmail.sysconfig
Source5: sendmail.etc-mail-Makefile
Source6: sendmail-redhat.mc
-Source7: Sendmail-sasl1.conf
Source8: sendmail.pam
Source9: sendmail-8.12.5-newconfig.readme
Source11: Sendmail-sasl2.conf
@@ -50,6 +47,9 @@ Patch14: sendmail-8.13.7-vacation.patch
Patch15: sendmail-8.14.1-noversion.patch
Patch16: sendmail-8.13.1-localdomain.patch
Patch17: sendmail-8.14.3-sharedmilter.patch
+Patch18: sendmail-8.14.3-switchfile.patch
+Patch19: sendmail-8.14.3-exitpanic.patch
+Patch20: sendmail-8.14.3-milterfdleaks.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: tcp_wrappers-devel
BuildRequires: db4-devel
@@ -57,6 +57,7 @@ BuildRequires: hesiod-devel
BuildRequires: groff
BuildRequires: ghostscript
BuildRequires: m4
+Provides: MTA smtpdaemon server(smtp)
Provides: %{_sbindir}/sendmail %{_bindir}/mailq %{_bindir}/newaliases
Provides: %{_bindir}/rmail /usr/lib/sendmail
Provides: %{_sysconfdir}/pam.d/smtp
@@ -65,22 +66,21 @@ Provides: %{_mandir}/man5/aliases.5.gz %
Requires(pre): shadow-utils
Requires(preun): %{_sbindir}/alternatives chkconfig
Requires(post): %{_sbindir}/alternatives chkconfig coreutils
-Requires(postun): %{_sbindir}/alternatives chkconfig coreutils
+Requires(postun): %{_sbindir}/alternatives coreutils
+Requires: initscripts
Requires: procmail
Requires: bash >= 2.0
Requires: setup >= 2.5.31-1
BuildRequires: setup >= 2.5.31-1
%if "%{with_tls}" == "yes"
BuildRequires: openssl-devel
-Requires: openssl
%endif
-%if "%{with_sasl1}" == "yes" || "%{with_sasl2}" == "yes"
+%if "%{with_sasl2}" == "yes"
BuildRequires: cyrus-sasl-devel openssl-devel
-Requires: %{_sbindir}/saslauthd openssl
+Requires: %{_sbindir}/saslauthd
%endif
%if "%{with_ldap}" == "yes"
BuildRequires: openldap-devel openssl-devel
-Requires: openldap openssl
%endif
@@ -98,13 +98,14 @@ Sendmail, you can install the sendmail-d
%package doc
Summary: Documentation about the Sendmail Mail Transport Agent program
Group: Documentation
+BuildArch: noarch
Requires: sendmail = %{version}-%{release}
%description doc
The sendmail-doc package contains documentation about the Sendmail
Mail Transport Agent (MTA) program, including release notes, the
Sendmail FAQ, and a few papers written about Sendmail. The papers are
-provided in PostScript(TM) and troff formats.
+provided in PDF and troff formats.
%package devel
Summary: Extra development include files and development files
@@ -120,6 +121,7 @@ of sendmail.
Summary: The files needed to reconfigure Sendmail
Group: System Environment/Daemons
Requires: sendmail = %{version}-%{release}
+BuildArch: noarch
Requires: m4
%description cf
@@ -158,7 +160,11 @@ This package includes the milter shared
cp devtools/M4/UNIX/{,shared}library.m4
%patch17 -p1 -b .sharedmilter
-for f in RELEASE_NOTES; do
+%patch18 -p1 -b .switchfile
+%patch19 -p1 -b .exitpanic
+%patch20 -p1 -b .milterfdleaks
+
+for f in RELEASE_NOTES contrib/etrn.0; do
iconv -f iso8859-1 -t utf8 -o ${f}{_,} &&
touch -r ${f}{,_} && mv -f ${f}{_,}
done
@@ -210,13 +216,6 @@ APPENDDEF(\`conf_sendmail_LIBS', \`-lssl
EOF
%endif
-%if "%{with_sasl1}" == "yes"
-cat >> redhat.config.m4 << EOF
-APPENDDEF(\`confENVDEF', \`-DSASL=1')dnl
-APPENDDEF(\`confLIBS', \`-lsasl -lcrypto')dnl
-EOF
-%endif
-
%if "%{with_sasl2}" == "yes"
cat >> redhat.config.m4 << EOF
APPENDDEF(\`confENVDEF', \`-DSASL=2')dnl
@@ -288,7 +287,7 @@ Make() {
LIBOWN=${nameuser} LIBGRP=${namegroup} \
GBINOWN=${nameuser} GBINGRP=${namegroup} \
CFOWN=${nameuser} CFGRP=${namegroup} \
- MSPQOWN=${nameuser}
+ CFMODE=0644 MSPQOWN=${nameuser}
}
OBJDIR=obj.$(uname -s).$(uname -r).$(uname -m)
@@ -327,6 +326,7 @@ install -p -m 644 libmilter/README %{bui
install -p -m 644 cf/README %{buildroot}%{_docdir}/sendmail-%{version}/README.cf
install -m 644 %{SOURCE9} %{buildroot}%{_docdir}/sendmail-%{version}/README.redhat
install -p -m 644 contrib/* %{buildroot}%{_docdir}/sendmail-%{version}/contrib
+sed -i 's|/usr/local/bin/perl|%{_bindir}/perl|' %{buildroot}%{_docdir}/sendmail-%{version}/contrib/*.pl
# install the cf files for the sendmail-cf package.
cp -ar cf/* %{buildroot}%{sendmailcf}
@@ -375,14 +375,12 @@ install -p -m 755 %{SOURCE2} %{buildroot
install -p -m 755 %{SOURCE3} %{buildroot}%{maildir}/make
install -p -m 644 %{SOURCE5} %{buildroot}%{maildir}/Makefile
+chmod 644 %{buildroot}%{maildir}/helpfile
+
# fix permissions to allow debuginfo extraction and stripping
chmod 755 %{buildroot}%{_sbindir}/{mailstats,makemap,praliases,sendmail,smrsh}
chmod 755 %{buildroot}%{_bindir}/rmail
-%if "%{with_sasl1}" == "yes"
-install -m 755 -d %{buildroot}%{_libdir}/sasl
-install -m 644 %{SOURCE7} %{buildroot}%{_libdir}/sasl/Sendmail.conf
-%endif
%if "%{with_sasl2}" == "yes"
install -m 755 -d %{buildroot}%{_libdir}/sasl2
install -m 644 %{SOURCE11} %{buildroot}%{_libdir}/sasl2/Sendmail.conf
@@ -518,7 +516,7 @@ exit 0
%ghost %{maildir}/domaintable.db
%ghost %{maildir}/mailertable.db
-%attr(0755,root,root) %{_initrddir}/sendmail
+%{_initrddir}/sendmail
%config(noreplace) %{_sysconfdir}/sysconfig/sendmail
%config(noreplace) %{_sysconfdir}/pam.d/smtp.sendmail
%{_sysconfdir}/NetworkManager/dispatcher.d/10-sendmail
@@ -566,6 +564,14 @@ exit 0
%changelog
+* Tue Dec 15 2009 Miroslav Lichvar <mlichvar at redhat.com> 8.14.3-9
+- fix milter file descriptors leaks (#485426)
+- skip colon separator when parsing service name in ServiceSwitchFile
+- return with non-zero exit code when free space is below MinFreeBlocks
+- fix service stop/restart when only smclient is running
+- fix submit.cf and helpfile permissions
+- more merge review fixes (#226407)
+
* Wed Sep 16 2009 Tomas Mraz <tmraz at redhat.com> - 8.14.3-8
- Use password-auth common PAM configuration instead of system-auth
@@ -970,7 +976,7 @@ exit 0
* Mon Jan 13 2003 Florian La Roche <Florian.LaRoche at redhat.de>
- do not reject all numeric login names if hesiod support is
- compiled in. #80060
+ compiled in. #80060
- remove reference to non-existing man-pages #74552
* Sun Jan 12 2003 Florian La Roche <Florian.LaRoche at redhat.de>
@@ -1075,7 +1081,7 @@ exit 0
- add sendmail/SECURITY as docu #61870, #61545
* Wed Mar 20 2002 Florian La Roche <Florian.LaRoche at redhat.de>
-- add libsm.a #61270
+- add libsm.a #61270
- change from /etc/sendmail.cf to /etc/mail/sendmail.cf
- add milter patch
--- Sendmail-sasl1.conf DELETED ---
More information about the scm-commits
mailing list