diff --git a/postfix/HISTORY b/postfix/HISTORY index 11f035d93..492df0f29 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -19793,3 +19793,28 @@ Apologies for any names omitted. by other users. This fix does not change Postfix behavior for Berkeley DB < 3, but reduces file create performance for Berkeley DB 3 .. 4.6. File: util/dict_db.c. + +20171116 + + Bugfix (introduced: Postfix 2.1): don't log warnings + that some restriction returns OK, when the access map + DISCARD feature is in effect. File: smtpd/smtpd_check.c. + +20171215 + + Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke + Berkeley DB configurations with a relative pathname. File: + util/dict_db.c. + +20171226 + + Documentation patches by Sven Neuhaus. Files: + proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html. + +20180106 + + Cleanup: missing mailbox seek-to-end error check in the + local(8) delivery agent. File: local/mailbox.c. + + Cleanup: incorrect mailbox seek-to-end error message in the + virtual(8) delivery agent. File: virtual/mailbox.c. diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html index af0f53d15..d738a29e0 100644 --- a/postfix/html/FORWARD_SECRECY_README.html +++ b/postfix/html/FORWARD_SECRECY_README.html @@ -313,9 +313,9 @@ few seconds to a few minutes): 

 # cd /etc/postfix
 # umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
 # chmod 644 dh512.pem dh1024.pem dh2048.pem
diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html index 3c4f5975c..49d7c857c 100644 --- a/postfix/html/SMTPD_ACCESS_README.html +++ b/postfix/html/SMTPD_ACCESS_README.html @@ -250,7 +250,7 @@ Reject MAIL FROM information relay policy Reject RCPT TO information - < 2.10 Not available + < 2.10 Not available smtpd_recipient_restrictions ≥ @@ -258,7 +258,7 @@ relay policy relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html index ec30b2fb3..657fbea29 100644 --- a/postfix/proto/FORWARD_SECRECY_README.html +++ b/postfix/proto/FORWARD_SECRECY_README.html @@ -313,9 +313,9 @@ few seconds to a few minutes): 

 # cd /etc/postfix
 # umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
 # chmod 644 dh512.pem dh1024.pem dh2048.pem
diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html index 0e68b0d5e..c7964f57c 100644 --- a/postfix/proto/SMTPD_ACCESS_README.html +++ b/postfix/proto/SMTPD_ACCESS_README.html @@ -250,7 +250,7 @@ Reject MAIL FROM information relay policy Reject RCPT TO information - < 2.10 Not available + < 2.10 Not available smtpd_recipient_restrictions ≥ @@ -258,7 +258,7 @@ relay policy relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 2f918db54..a4520cd0d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170613" -#define MAIL_VERSION_NUMBER "2.11.10" +#define MAIL_RELEASE_DATE "20180127" +#define MAIL_VERSION_NUMBER "2.11.11" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/mailbox.c b/postfix/src/local/mailbox.c index b46018e9e..a3a199189 100644 --- a/postfix/src/local/mailbox.c +++ b/postfix/src/local/mailbox.c @@ -97,7 +97,7 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) int deliver_status; int copy_flags; VSTRING *biff; - long end; + off_t end; struct stat st; uid_t spool_uid; gid_t spool_gid; @@ -202,7 +202,8 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", VAR_STRICT_MBOX_OWNER); } else { - end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); + if ((end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END)) < 0) + msg_fatal("seek mailbox file %s: %m", mailbox); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why); } diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 1b08f0811..6796762f8 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -3707,7 +3707,7 @@ static int is_map_command(SMTPD_STATE *state, const char *name, static void forbid_whitelist(SMTPD_STATE *state, const char *name, int status, const char *target) { - if (status == SMTPD_CHECK_OK) { + if (state->discard == 0 && status == SMTPD_CHECK_OK) { msg_warn("restriction %s returns OK for %s", name, target); msg_warn("this is not allowed for security reasons"); msg_warn("use DUNNO instead of OK if you want to make an exception"); diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c index 9a3c53dd0..cea9c00e3 100644 --- a/postfix/src/util/dict_db.c +++ b/postfix/src/util/dict_db.c @@ -620,6 +620,7 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, struct stat st; DB *db = 0; char *db_path = 0; + VSTRING *db_base_buf = 0; int lock_fd = -1; int dbfd; @@ -675,6 +676,7 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, #define LOCK_OPEN_FLAGS(f) ((f) & ~(O_CREAT|O_TRUNC)) #define FREE_RETURN(e) do { \ DICT *_dict = (e); if (db) DICT_DB_CLOSE(db); \ + if (db_base_buf) vstring_free(db_base_buf); \ if (db_path) myfree(db_path); return (_dict); \ } while (0) @@ -739,17 +741,21 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, msg_panic("db_create null result"); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); + db_base_buf = vstring_alloc(100); #if DB_VERSION_MAJOR == 5 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0) - if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0) + if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path), + 0, type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4) - if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0) + if ((errno = db->open(db, sane_basename(db_base_buf, db_path), 0, + type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #else #error "Unsupported Berkeley DB version" #endif + vstring_free(db_base_buf); if ((errno = db->fd(db, &dbfd)) != 0) msg_fatal("get database file descriptor: %m"); #endif diff --git a/postfix/src/virtual/mailbox.c b/postfix/src/virtual/mailbox.c index 51e646de7..a8042f200 100644 --- a/postfix/src/virtual/mailbox.c +++ b/postfix/src/virtual/mailbox.c @@ -132,7 +132,7 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) VAR_STRICT_MBOX_OWNER); } else { if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0) - msg_fatal("%s: seek queue file %s: %m", + msg_fatal("%s: seek mailbox file %s: %m", myname, VSTREAM_PATH(mp->fp)); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why);