Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 201671

Summary: Stabilise mail-mta/postfix-2.2.11-r1, 2.3.8-r1 and 2.4.6-r2 (was: use install_cert in pkg_postinst)
Product: Gentoo Linux Reporter: Robert Buchholz (RETIRED) <rbu>
Component: New packagesAssignee: Net-Mail Packages <net-mail+disabled>
Status: RESOLVED FIXED    
Severity: major CC: ulm
Priority: High Keywords: SECURITY, STABLEREQ
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 174759    

Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-08 14:33:50 UTC
Installation of SSL certificates in src_install might expose the secret
keys when building binary packages (bug 174759).

Please update the package mentioned in this bug's title to use the new
"install_cert" function of ssl-cert.eclass, and use it only in
your pkg_postinst or pkg_config.

This bug is for keeping track of specific changes to your ebuilds
and stabling, general questions about this should be discussed in
bug 174759.

Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise
we will commit this minor change. Stabling should be done two weeks after the
commit, at last around Jan, 6th.
Comment 1 Ulrich Müller gentoo-dev 2007-12-23 11:15:53 UTC
> Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise
> we will commit this minor change.

Just a reminder; I would prefer if package maintainers fixed this for their packages. So I'll wait for another week before committing the change myself.
Comment 2 Ulrich Müller gentoo-dev 2008-01-29 09:10:12 UTC
> Just a reminder; I would prefer if package maintainers fixed this for their
> packages. So I'll wait for another week before committing the change myself.

@chtekk, net-mail: Please advise what versions should be kept. Can we drop 2.1 and 2.2 at least?

Keywords for mail-mta/postfix:

          |                           s     |   
          |                 p         p     |   
          |                 p         a   x |   
          |                 c         r   8 |   
          |                 -         c   6 | u 
          | a a             m p     s -   - | n 
          | l m   h i m m   a p s   p f   f | u s
          | p d a p a 6 i p c c 3   a b x b | s l
          | h 6 r p 6 8 p p o 6 9 s r s 8 s | e o
          | a 4 m a 4 k s c s 4 0 h c d 6 d | d t
----------+---------------------------------+----
2.1.5-r2  | + + + + +   + +   + + + +   +   | * 0
2.2.10    | + + + + +   + +   + + + +   +   |   
2.2.10-r1 | ~ ~ ~ ~ ~   ~ ~   ~ ~ ~ ~   ~   |   
2.2.11    | ~ ~ ~ ~ ~     ~   ~ ~ ~ ~   ~   | * 
2.3.6     | + + + + +     +   + + + +   +   | * 
2.3.8     | ~ ~ ~ ~ ~     ~   ~ ~ ~ ~   ~ ~ | * 
2.4.5     | + + + + +     +   + + + +   + ~ |   
2.4.6-r1  | ~ ~ ~ ~ ~     ~   ~ ~ ~ ~   ~ ~ |   
Comment 3 Ulrich Müller gentoo-dev 2008-02-03 11:57:28 UTC
I have committed fixed revisions 2.4.6-r2, 2.3.8-r1 and 2.2.11-r1 today.

@mips: I had to used forced commit because of DEPEND.bad for versions <=2.2.10-r1.  Any objections against your keyword being dropped from this package?
Comment 4 Ulrich Müller gentoo-dev 2008-02-10 19:56:26 UTC
Arch teams, please stabilise 2.4.6-r2, 2.3.8-r1 and 2.2.11-r1.
Comment 5 Brent Baude (RETIRED) gentoo-dev 2008-02-11 03:34:12 UTC
ppc64 stable.  In comment #2 you had 2.4.5 for all archs but not in the stablization request in comment 4.  Re-add ppc64 if that was an omission.
Comment 6 Ulrich Müller gentoo-dev 2008-02-11 07:20:22 UTC
(In reply to comment #5)
> In comment #2 you had 2.4.5 for all archs but not in the stablization request
> in comment 4.

Comment 2 shows the current state (at the time), comment 4 (and the summary) the target revisions for keywording. Sorry if this caused was any confusion.

@mips: Please add your keyword to 2.2.11-r1 at least.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2008-02-13 10:18:20 UTC
Stable for HPPA.
Comment 8 Markus Meier gentoo-dev 2008-02-13 21:01:45 UTC
x86 stable
Comment 9 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2008-02-16 19:10:32 UTC
1. Emerges on SPARC.
2. No collisions.
3. No tests.

Got the following warning for postfix-2.3.8-r1 built with (ipv6 mbox mysql pam sasl ssl vda)
* maildir.c:138: warning: incompatible implicit declaration of built-in function 'sscanf'

Tested with:
mail-mta/postfix-2.2.11-r1 (mysql pam sasl ssl)
mail-mta/postfix-2.2.11-r1 (ipv6 mbox mysql pam sasl ssl vda)
mail-mta/postfix-2.3.8-r1 (mysql pam sasl ssl)
mail-mta/postfix-2.3.8-r1 (ipv6 mbox mysql pam sasl ssl vda)
mail-mta/postfix-2.4.6-r2 (mysql pam sasl ssl)
mail-mta/postfix-2.4.6-r2 (ipv6 mbox mysql pam sasl ssl vda)

emerge --info:
Portage 2.1.3.19 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.17-gentoo-r8 sparc64)
=================================================================
System uname: 2.6.17-gentoo-r8 sparc64 sun4u
Timestamp of tree: Tue, 12 Feb 2008 18:46:01 +0000
app-shells/bash:     3.2_p17-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.7.9-r1, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="sparc"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=ultrasparc3 -pipe"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -mcpu=ultrasparc3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protection distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.gentoo-pt.org/pub/gentoo ftp://mirrors1.netvisao.pt/gentoo/ http://trumpetti.tut.atm.fi/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /home/overlays/genkde4svn-dev"
SYNC="rsync://atl64.acores.pt/gentoo-portage"
USE="bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv isdnlog midi mudflap nls nptl nptlonly openmp pam pcre ppds pppd reflection session sparc spl tcpd test truetype-fonts type1-fonts unicode vhosts xorg" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="dummy fbdev glint mach64 mga r128 radeon sunbw2 suncg14 suncg3 suncg6 sunffb sunleo tdfx v4l voodoo"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2008-02-17 12:26:20 UTC
alpha/ia64/sparc stable, thanks Jorge
Comment 11 nixnut (RETIRED) gentoo-dev 2008-02-17 13:55:47 UTC
ppc stable
Comment 12 Steve Dibb (RETIRED) gentoo-dev 2008-03-14 01:12:09 UTC
amd64 stable
Comment 13 Ulrich Müller gentoo-dev 2008-03-14 13:38:08 UTC
Target keywords remaining:
   2.2.11-r1: arm s390 sh ~mips
   2.3.8-r1:  arm s390 sh
   2.4.6-r2:  arm s390 sh
Comment 14 Ryan Hill (RETIRED) gentoo-dev 2008-03-16 04:36:11 UTC
i've keyworded 2.4.6-r2 for mips.
Comment 15 Ulrich Müller gentoo-dev 2008-04-13 23:08:11 UTC
arm/s390/sh are stable, thanks Mike.