From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E46511381F3 for ; Mon, 27 May 2013 00:46:00 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 93F4BE0C85; Mon, 27 May 2013 00:45:55 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 11F94E0C85 for ; Mon, 27 May 2013 00:45:54 +0000 (UTC) Received: from flycatcher.gentoo.org (flycatcher.gentoo.org [81.93.255.6]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 0634B33DEE1 for ; Mon, 27 May 2013 00:45:54 +0000 (UTC) Received: by flycatcher.gentoo.org (Postfix, from userid 544) id 9E1BE2171D; Mon, 27 May 2013 00:45:52 +0000 (UTC) From: "Robin H. Johnson (robbat2)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, robbat2@gentoo.org Subject: [gentoo-commits] gentoo-x86 commit in mail-mta/netqmail/files: conf-smtpd conf-common servercert.cnf genqmail-20080406-ldflags.patch conf-qmtpd conf-qmqpd X-VCS-Repository: gentoo-x86 X-VCS-Files: conf-smtpd conf-common servercert.cnf genqmail-20080406-ldflags.patch conf-qmtpd conf-qmqpd X-VCS-Directories: mail-mta/netqmail/files X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Message-Id: <20130527004552.9E1BE2171D@flycatcher.gentoo.org> Date: Mon, 27 May 2013 00:45:52 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 20037d16-8d87-4b83-a53b-ae3474c7562b X-Archives-Hash: e3079acb679d0d3e61ebb1f1c5fe6501 robbat2 13/05/27 00:45:52 Modified: conf-smtpd conf-common servercert.cnf conf-qmtpd conf-qmqpd Added: genqmail-20080406-ldflags.patch Log: Fix security bug #372967. Also fixes bugs #335077, #331901, #370611, #403893, #404225. (Portage version: 2.2.0_alpha177/cvs/Linux x86_64, unsigned Manifest commit) Revision Changes Path 1.2 mail-mta/netqmail/files/conf-smtpd file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-smtpd?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-smtpd?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-smtpd?r1=1.1&r2=1.2 Index: conf-smtpd =================================================================== RCS file: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-smtpd,v retrieving revision 1.1 retrieving revision 1.2 diff -p -w -b -B -u -u -r1.1 -r1.2 --- conf-smtpd 12 Feb 2006 18:42:33 -0000 1.1 +++ conf-smtpd 27 May 2013 00:45:52 -0000 1.2 @@ -1,5 +1,5 @@ # Configuration file for qmail-smtpd -# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-smtpd,v 1.1 2006/02/12 18:42:33 hansmi Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-smtpd,v 1.2 2013/05/27 00:45:52 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" @@ -8,9 +8,6 @@ # Stuff to after qmail-smtpd #QMAIL_SMTP_POST="" -# this turns off the IDENT grab attempt on connecting -TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" - # fixcrio inserts missing CRs at the ends of lines. See: # http://cr.yp.to/ucspi-tcp/fixcrio.html # http://cr.yp.to/docs/smtplf.html 1.2 mail-mta/netqmail/files/conf-common file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-common?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-common?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-common?r1=1.1&r2=1.2 Index: conf-common =================================================================== RCS file: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-common,v retrieving revision 1.1 retrieving revision 1.2 diff -p -w -b -B -u -u -r1.1 -r1.2 --- conf-common 12 Feb 2006 18:42:33 -0000 1.1 +++ conf-common 27 May 2013 00:45:52 -0000 1.2 @@ -1,6 +1,6 @@ #!/bin/bash # Common Configuration file for all qmail daemons -# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-common,v 1.1 2006/02/12 18:42:33 hansmi Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-common,v 1.2 2013/05/27 00:45:52 robbat2 Exp $ # Qmail User IDS to run daemons as QMAILDUID=$(id -u qmaild) @@ -17,7 +17,7 @@ TCPSERVER_PORT=${SERVICE} # you do not need to specify -x, -c, -u or -g in this variable as those are # added later -TCPSERVER_OPTS="-p -v" +TCPSERVER_OPTS="-p -v -R" # This tells tcpserver where to file the rules cdb file [[ -d /etc/tcprules.d/ ]] && \ @@ -25,9 +25,10 @@ TCPSERVER_OPTS="-p -v" [[ ! -f "${TCPSERVER_RULESCDB}" ]] && \ TCPSERVER_RULESCDB=/etc/tcp.${SERVICE}.cdb -# we limit data and stack segments to 8mbytes, you may need to raise this if -# you are using a filter in QMAILQUEUE -SOFTLIMIT_OPTS="-m 16000000" +# we limit data and stack segments to 32mbytes, you may need to raise this if +# you are using a filter in QMAILQUEUE. +# Per bug #403893 amd64 needs a higher limit. +SOFTLIMIT_OPTS="-m 32000000" # We don't have anything to set QMAILQUEUE to at the moment, so we leave it # alone. Generally it is best to add this in your appropriate (usually SMTP) 1.2 mail-mta/netqmail/files/servercert.cnf file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/servercert.cnf?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/servercert.cnf?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/servercert.cnf?r1=1.1&r2=1.2 Index: servercert.cnf =================================================================== RCS file: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/servercert.cnf,v retrieving revision 1.1 retrieving revision 1.2 diff -p -w -b -B -u -u -r1.1 -r1.2 --- servercert.cnf 12 Feb 2006 18:42:33 -0000 1.1 +++ servercert.cnf 27 May 2013 00:45:52 -0000 1.2 @@ -1,4 +1,4 @@ -# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/servercert.cnf,v 1.1 2006/02/12 18:42:33 hansmi Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/servercert.cnf,v 1.2 2013/05/27 00:45:52 robbat2 Exp $ # This is the openssl config file to generate keys for qmail [ req ] @@ -6,7 +6,7 @@ # this should be a power of 2! default_bits = 1024 # leave the rest of these alone! -encrypt_key = yes +encrypt_key = no distinguished_name = req_dn x509_extensions = cert_type prompt = no 1.2 mail-mta/netqmail/files/conf-qmtpd file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-qmtpd?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-qmtpd?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-qmtpd?r1=1.1&r2=1.2 Index: conf-qmtpd =================================================================== RCS file: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-qmtpd,v retrieving revision 1.1 retrieving revision 1.2 diff -p -w -b -B -u -u -r1.1 -r1.2 --- conf-qmtpd 12 Feb 2006 18:42:33 -0000 1.1 +++ conf-qmtpd 27 May 2013 00:45:52 -0000 1.2 @@ -1,5 +1,5 @@ # Configuration file for qmail-qmtpd -# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-qmtpd,v 1.1 2006/02/12 18:42:33 hansmi Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-qmtpd,v 1.2 2013/05/27 00:45:52 robbat2 Exp $ # For more information on making your servers talk QMTP # see http://cr.yp.to/im/mxps.html @@ -11,8 +11,5 @@ # Stuff to after qmail-qmtpd #QMAIL_QMTP_POST="" -# this turns off the IDENT grab attempt on connecting -TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" - # I don't trust /etc/services to have obscure ports TCPSERVER_PORT=209 1.2 mail-mta/netqmail/files/conf-qmqpd file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-qmqpd?rev=1.2&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-qmqpd?rev=1.2&content-type=text/plain diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/conf-qmqpd?r1=1.1&r2=1.2 Index: conf-qmqpd =================================================================== RCS file: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-qmqpd,v retrieving revision 1.1 retrieving revision 1.2 diff -p -w -b -B -u -u -r1.1 -r1.2 --- conf-qmqpd 12 Feb 2006 18:42:33 -0000 1.1 +++ conf-qmqpd 27 May 2013 00:45:52 -0000 1.2 @@ -1,5 +1,5 @@ # Configuration file for qmail-qmqpd -# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-qmqpd,v 1.1 2006/02/12 18:42:33 hansmi Exp $ +# $Header: /var/cvsroot/gentoo-x86/mail-mta/netqmail/files/conf-qmqpd,v 1.2 2013/05/27 00:45:52 robbat2 Exp $ # Stuff to run before tcpserver #QMAIL_TCPSERVER_PRE="" @@ -8,8 +8,5 @@ # Stuff to after qmail-qmqpd #QMAIL_QMQP_POST="" -# this turns off the IDENT grab attempt on connecting -TCPSERVER_OPTS="${TCPSERVER_OPTS} -R" - # I don't trust /etc/services to have obscure ports TCPSERVER_PORT=628 1.1 mail-mta/netqmail/files/genqmail-20080406-ldflags.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/genqmail-20080406-ldflags.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/mail-mta/netqmail/files/genqmail-20080406-ldflags.patch?rev=1.1&content-type=text/plain Index: genqmail-20080406-ldflags.patch =================================================================== diff -Nuar genqmail-20080406.orig/spp/Makefile genqmail-20080406/spp/Makefile --- genqmail-20080406.orig/spp/Makefile 2008-04-06 15:44:14.000000000 +0000 +++ genqmail-20080406/spp/Makefile 2013-05-27 00:37:58.687763457 +0000 @@ -14,7 +14,7 @@ rm -f $(TARGETS) $(RESOLV_OBJS): - $(CC) $(CFLAGS) -o $@ $@.c -lresolv + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $@.c -lresolv $(SIMPLE_OBJS): - $(CC) $(CFLAGS) -o $@ $@.c + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $@.c