postfix-2.3.7-RC2

postfix/HISTORY

@@ -12918,3 +12918,17 @@ Apologies for any names omitted.
 	types and to the proxymap protocol, which is too much change
 	for a stable release.  Files: postalias/postalias.c,
 	util/dict_db.c, util/dict_dbm.c, util/dict_cdb.c.
+
+20070112
+
+	Bugfix (introduced 20011008): after return from a nested
+	access restriction, possible longjump into exited stack
+	frame upon configuration error or table lookup error.  Victor
+	Duchovni.  Files: smtpd/smtpd_check.c.
+
+	Workaround: don't insert header/body blank line separator
+	in malformed attachments, to avoid breaking digital signatures.
+	Switch from header to body state, for robust MIME parsing.
+	People concerned about MIME evasion can use a MIME normalizer
+	to corrupt their user's legitimate email.  File:
+	global/mime_state.c.

postfix/conf/post-install

@@ -685,8 +685,9 @@ test -n "$first_install_reminder" && {
     Warning: you still need to edit myorigin/mydestination/mynetworks
     parameter settings in $config_directory/main.cf.
 
-    See also http://www.postfix.org/faq.html for information about
+    See also http://www.postfix.org/STANDARD_CONFIGURATION_README.html
-    dialup sites or about sites inside a firewalled network.
+    for information about dialup sites or about sites inside a
+    firewalled network.
 
     BTW: Check your $ALIASES file and be sure to set up aliases
     that send mail for root and postmaster to a real person, then

postfix/src/global/mail_version.h

@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20070104"
+#define MAIL_RELEASE_DATE	"20070113"
-#define MAIL_VERSION_NUMBER	"2.3.7-RC1"
+#define MAIL_VERSION_NUMBER	"2.3.7-RC2"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE

postfix/src/global/mime_state.c

@@ -182,6 +182,13 @@
 /* .IP state
 /*	MIME parser state created with mime_state_alloc().
 /* BUGS
+/*	NOTE: when the end of headers is reached, mime_state_update()
+/*	may execute up to three call-backs before returning to the
+/*	caller: head_out(), head_end(), and body_out() or body_end().
+/*	As long as call-backs return no result, it is up to the
+/*	call-back routines to check if a previous call-back experienced
+/*	an error.
+/*
 /*	Different mail user agents treat malformed message boundary
 /*	strings in different ways. The Postfix MIME processor cannot
 /*	be bug-compatible with everything.
@@ -959,10 +966,32 @@ int     mime_state_update(MIME_STATE *state, int rec_type,
 	    /*
 	     * Invalid input. Force output of one blank line and jump to the
 	     * body state, leaving all other state alone.
+	     * 
+	     * We don't break legitimate mail by inserting a blank line
+	     * separator between primary headers and a non-empty body. Many
+	     * MTA's don't even record the presence or absence of this
+	     * separator, nor does the Milter protocol pass it on to Milter
+	     * applications.
+	     * 
+	     * XXX We don't insert a blank line separator with attachments, as
+	     * this breaks digital signatures. Postfix shall not do a worse
+	     * mail delivery job than crappy MTAs that can't even parse MIME.
+	     * But we switch to the body state anyway.
+	     * 
+	     * People who worry about MIME evasion can use a MIME normalizer,
+	     * and knowlingly corrupt legitimate email for their users.
+	     * Postfix has a different mission.
 	     */
 	    else {
-		SET_CURR_STATE(state, MIME_STATE_BODY);
+		if (msg_verbose)
+		    msg_info("garbage in %s header",
+		    state->curr_state == MIME_STATE_MULTIPART ? "multipart" :
+		       state->curr_state == MIME_STATE_PRIMARY ? "primary" :
+			 state->curr_state == MIME_STATE_NESTED ? "nested" :
+			     "other");
+		if (state->curr_state == MIME_STATE_PRIMARY)
 		    BODY_OUT(state, REC_TYPE_NORM, "", 0);
+		SET_CURR_STATE(state, MIME_STATE_BODY);
 	    }
 	}
 

postfix/src/smtpd/smtpd_check.c

@@ -2245,6 +2245,7 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
 				reply_class, def_acl);
     }
     argv_free(restrictions);
+    memcpy(ADDROF(smtpd_check_buf), ADDROF(savebuf), sizeof(smtpd_check_buf));
     return (status);
 }
 

postfix/src/util/msg_output.c

@@ -150,6 +150,9 @@ void    msg_vprintf(int level, const char *format, va_list ap)
 {
     if (msg_vprintf_lock == 0) {
 	msg_vprintf_lock = 1;
+	/* On-the-fly initialization for debugging test programs only. */
+	if (msg_output_fn_count == 0)
+	    msg_vstream_init("unknown", VSTREAM_ERR);
 	/* OK if terminating signal handler hijacks control before next stmt. */
 	vstring_vsprintf(msg_buffer, percentm(format, errno), ap);
 	msg_text(level, vstring_str(msg_buffer));