Prereq: "2.4.8" diff -cr /var/tmp/postfix-2.4.8/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-2.4.8/src/global/mail_version.h Fri Jul 25 20:44:31 2008 --- ./src/global/mail_version.h Fri Aug 29 13:58:12 2008 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20080814" ! #define MAIL_VERSION_NUMBER "2.4.8" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20080902" ! #define MAIL_VERSION_NUMBER "2.4.9" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr /var/tmp/postfix-2.4.8/HISTORY ./HISTORY *** /var/tmp/postfix-2.4.8/HISTORY Tue Aug 5 14:05:12 2008 --- ./HISTORY Sun Aug 31 19:43:26 2008 *************** *** 13647,13649 **** --- 13647,13659 ---- legitimate configurations that deliver mail to a symbolic link in a directory with less restrictive permissions. + 20080826 + + Bugfix (introduced Postfix 2.4): epoll file descriptor leak. + With Postfix >= 2.4 on Linux >= 2.6, Postfix has an epoll + file descriptor leak when it executes non-Postfix commands + in, for example, user-controlled $HOME/.forward files. A + local user can access a leaked epoll file descriptor to + implement a denial of service attack on Postfix. Data + confidentiality and integrity are not affected. File: + util/events.c. diff -cr /var/tmp/postfix-2.4.8/src/util/events.c ./src/util/events.c *** /var/tmp/postfix-2.4.8/src/util/events.c Wed Oct 17 11:28:52 2007 --- ./src/util/events.c Tue Aug 26 19:30:37 2008 *************** *** 354,359 **** --- 354,360 ---- #define EVENT_REG_INIT_HANDLE(er, n) do { \ er = event_pollfd = open("/dev/poll", O_RDWR); \ + if (event_pollfd >= 0) close_on_exec(event_pollfd, CLOSE_ON_EXEC); \ } while (0) #define EVENT_REG_INIT_TEXT "open /dev/poll" *************** *** 425,430 **** --- 426,432 ---- #define EVENT_REG_INIT_HANDLE(er, n) do { \ er = event_epollfd = epoll_create(n); \ + if (event_epollfd >= 0) close_on_exec(event_epollfd, CLOSE_ON_EXEC); \ } while (0) #define EVENT_REG_INIT_TEXT "epoll_create"