From 1c0ef7d69f7b7c0dea0781d2376a448808dd123c Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Thu, 13 Dec 2012 00:00:00 -0500 Subject: [PATCH] postfix-2.9.5 --- postfix/HISTORY | 38 +++++++++++++++++++++++++++++++ postfix/makedefs | 2 ++ postfix/src/global/dict_ldap.c | 5 +++- postfix/src/global/mail_version.h | 4 ++-- postfix/src/global/server_acl.c | 4 ++-- postfix/src/oqmgr/qmgr_message.c | 2 +- postfix/src/util/ip_match.c | 2 +- postfix/src/util/ip_match.in | 4 ++++ postfix/src/util/ip_match.ref | 14 ++++++++++++ postfix/src/util/myaddrinfo.c | 18 ++++++++++----- postfix/src/util/sys_defs.h | 2 +- 11 files changed, 81 insertions(+), 14 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 50733a479..b8fe6db19 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17718,3 +17718,41 @@ Apologies for any names omitted. Bugfix (introduced: 20000314): AUTH is not allowed after MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. + +20121003 + + Bugfix: the postscreen_access_list feature was case-sensitive + in the first character of permit, reject, etc. Reported by + Francis Picabia. File: global/server_acl.c. + +20121010 + + Bugfix (introduced: Postfix 2.5): memory leak in program + initialization. Reported by Coverity. File: tls/tls_misc.c. + + Bugfix (introduced: Postfix 2.3): memory leak in the unused + oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. + +20121013 + + Cleanup: to compute the LDAP connection cache lookup key, + join the numeric fields with null, just like string fields. + Viktor Dukhovni. File: global/dict_ldap.c. + +20121029 + + Workaround: strip datalink suffix from IPv6 addresses + returned by the system getaddrinfo() routine. Such suffixes + mess up the default mynetworks value, host name/address + verification and possibly more. This change obsoletes the + 20101108 change that removes datalink suffixes in the SMTP + and QMQP servers, but we leave that code alone. File: + util/myaddrinfo.c. + +20121210 + + Bugfix (introduced: Postfix 2.9) nesting count error while + stripping the optional [] around a DNS[BW]L address pattern. + This part of the code is not documented and had escaped + testing. Files: util/ip_match.c, util/ip_match.in, + util/ip_match.ref. diff --git a/postfix/makedefs b/postfix/makedefs index ae143d638..79933986e 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -153,6 +153,8 @@ case "$SYSTEM.$RELEASE" in ;; FreeBSD.8*) SYSTYPE=FREEBSD8 ;; + FreeBSD.9*) SYSTYPE=FREEBSD9 + ;; OpenBSD.2*) SYSTYPE=OPENBSD2 ;; OpenBSD.3*) SYSTYPE=OPENBSD3 diff --git a/postfix/src/global/dict_ldap.c b/postfix/src/global/dict_ldap.c index 7038e050a..6ce691588 100644 --- a/postfix/src/global/dict_ldap.c +++ b/postfix/src/global/dict_ldap.c @@ -930,8 +930,11 @@ static void dict_ldap_conn_find(DICT_LDAP *dict_ldap) #endif LDAP_CONN *conn; + /* + * Join key fields with null characters. + */ #define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1) -#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i)) +#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu%c", (unsigned long)(i), 0) ADDSTR(keybuf, dict_ldap->server_host); ADDINT(keybuf, dict_ldap->server_port); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index ea529ff74..8743bc6f3 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120801" -#define MAIL_VERSION_NUMBER "2.9.4" +#define MAIL_RELEASE_DATE "20121213" +#define MAIL_VERSION_NUMBER "2.9.5" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/global/server_acl.c b/postfix/src/global/server_acl.c index 4ef0eec69..3855c6fe0 100644 --- a/postfix/src/global/server_acl.c +++ b/postfix/src/global/server_acl.c @@ -112,8 +112,8 @@ SERVER_ACL *server_acl_parse(const char *extern_acl, const char *origin) char *bp = saved_acl; char *acl; -#define STREQ(x,y) ((*x) == (*y) && strcasecmp((x), (y)) == 0) -#define STRNE(x,y) ((*x) != (*y) || strcasecmp((x), (y)) != 0) +#define STREQ(x,y) (strcasecmp((x), (y)) == 0) +#define STRNE(x,y) (strcasecmp((x), (y)) != 0) /* * Nested tables are not allowed. Tables are opened before entering the diff --git a/postfix/src/oqmgr/qmgr_message.c b/postfix/src/oqmgr/qmgr_message.c index a773d9981..71955d4f3 100644 --- a/postfix/src/oqmgr/qmgr_message.c +++ b/postfix/src/oqmgr/qmgr_message.c @@ -749,7 +749,7 @@ static int qmgr_message_read(QMGR_MESSAGE *message) if (rec_type > 0) msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>", message->queue_id, dsn_orcpt); - myfree(orig_rcpt); + myfree(dsn_orcpt); } if (orig_rcpt != 0) { if (rec_type > 0) diff --git a/postfix/src/util/ip_match.c b/postfix/src/util/ip_match.c index 1cf1b78d8..aeea799f4 100644 --- a/postfix/src/util/ip_match.c +++ b/postfix/src/util/ip_match.c @@ -445,7 +445,7 @@ char *ip_match_parse(VSTRING *byte_codes, char *pattern) * Simplify this if we change to {} for wildcard notation. */ #define FIND_TERMINATOR(start, cp) do { \ - int _level = 1; \ + int _level = 0; \ for (cp = (start) ; *cp; cp++) { \ if (*cp == '[') _level++; \ if (*cp != ']') continue; \ diff --git a/postfix/src/util/ip_match.in b/postfix/src/util/ip_match.in index bca0d6e67..eec13e3b1 100644 --- a/postfix/src/util/ip_match.in +++ b/postfix/src/util/ip_match.in @@ -20,3 +20,7 @@ a 1.2.3.4x 1.2.[3..11].5 1.2.3.5 1.2.2.5 1.2.11.5 1.2.12.5 1.2.11.6 1.2.[3;5;7;9;11].5 1.2.3.5 1.2.2.5 1.2.4.5 1.2.11.5 1.2.12.5 1.2.11.6 +[1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5 +[[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5 +[[1;2].3.4.5 +1;2].3.4.5 diff --git a/postfix/src/util/ip_match.ref b/postfix/src/util/ip_match.ref index 22c823edf..04b291f0e 100644 --- a/postfix/src/util/ip_match.ref +++ b/postfix/src/util/ip_match.ref @@ -53,3 +53,17 @@ Match 1.2.4.5: no Match 1.2.11.5: yes Match 1.2.12.5: no Match 1.2.11.6: no +> [1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5 +Code: [1;2].3.4.5 +Match 1.3.4.5: yes +Match 2.3.4.5: yes +Match 3.3.4.5: no +> [[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5 +Code: [1;2].3.4.5 +Match 1.3.4.5: yes +Match 2.3.4.5: yes +Match 3.3.4.5: no +> [[1;2].3.4.5 +Error: missing "]" character +> 1;2].3.4.5 +Error: need "." at "1>;<2].3.4.5" diff --git a/postfix/src/util/myaddrinfo.c b/postfix/src/util/myaddrinfo.c index d4a6938c7..f1588ae23 100644 --- a/postfix/src/util/myaddrinfo.c +++ b/postfix/src/util/myaddrinfo.c @@ -78,6 +78,7 @@ /* into printable form. The result buffers should be large /* enough to hold the printable address or port including the /* null terminator. +/* This function strips off the IPv6 datalink suffix. /* /* sockaddr_to_hostname() converts a binary network address /* into a hostname or service. The result buffer should be @@ -202,6 +203,7 @@ #include #include #include +#include /* Application-specific. */ @@ -607,16 +609,20 @@ int sockaddr_to_hostaddr(const struct sockaddr * sa, SOCKADDR_SIZE salen, } return (0); #else + int ret; /* * Native getnameinfo(3) version. */ - return (getnameinfo(sa, salen, - hostaddr ? hostaddr->buf : (char *) 0, - hostaddr ? sizeof(hostaddr->buf) : 0, - portnum ? portnum->buf : (char *) 0, - portnum ? sizeof(portnum->buf) : 0, - NI_NUMERICHOST | NI_NUMERICSERV)); + ret = getnameinfo(sa, salen, + hostaddr ? hostaddr->buf : (char *) 0, + hostaddr ? sizeof(hostaddr->buf) : 0, + portnum ? portnum->buf : (char *) 0, + portnum ? sizeof(portnum->buf) : 0, + NI_NUMERICHOST | NI_NUMERICSERV); + if (hostaddr != 0 && ret == 0 && sa->sa_family == AF_INET6) + (void) split_at(hostaddr->buf, '%'); + return (ret); #endif } diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index b6af7cfea..482fa7327 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -25,7 +25,7 @@ */ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ - || defined(FREEBSD8) \ + || defined(FREEBSD8) || defined(FREEBSD9) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(OPENBSD5) \