From 3828e1ddd977b0d248bead5ca6983e3bc2523f85 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Fri, 10 Dec 2010 00:00:00 -0500 Subject: [PATCH] postfix-2.8-20101210 --- postfix/HISTORY | 18 ++++- postfix/RELEASE_NOTES | 15 +++++ postfix/html/postconf.5.html | 15 ++++- postfix/html/postscreen.8.html | 12 ++-- postfix/man/man5/postconf.5 | 19 +++++- postfix/man/man8/postscreen.8 | 5 +- postfix/proto/postconf.proto | 15 ++++- postfix/src/global/cfg_parser.c | 10 ++- postfix/src/global/conv_time.c | 81 +++++++++++------------ postfix/src/global/mail_conf_int.c | 18 +++-- postfix/src/global/mail_conf_long.c | 9 ++- postfix/src/global/mail_conf_nint.c | 10 ++- postfix/src/global/mail_conf_time.c | 2 +- postfix/src/global/mail_params.h | 2 +- postfix/src/global/mail_version.h | 2 +- postfix/src/postscreen/postscreen.c | 5 +- postfix/src/postscreen/postscreen_send.c | 3 +- postfix/src/postscreen/postscreen_state.c | 2 +- 18 files changed, 158 insertions(+), 85 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index f4a568d66..b7461ec9d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -16220,7 +16220,7 @@ Apologies for any names omitted. ignore the excess recipients and deliver the message. File: cleanup/cleanup_map1n.c. -20101204 +20101205 Cleanup: sache_clnt_create() had an unnecessary data dependency on the non-library var_scache_service variable, @@ -16236,5 +16236,17 @@ Apologies for any names omitted. 20101206 - postscreen hung up due to incorrect output error test. File: - postscreen/postscreen_send.c. + Bugfix (introduced 20101205): postscreen hung up due to + incorrect output error test. File: postscreen/postscreen_send.c. + +20101207 + + Cleanup: the undisclosed_recipients_header default value + is now the empty string. The Internet mail RFCs have supported + messages without recipient header for almost 10 years now. + File: global/mail_params.h. + + Cleanup: use strtol() instead of sscanf() for consistent + handling of out-of-range numbers. Files: global/cfg_parser.c, + global/conv_time.c, global/mail_conf_int.c, + global/mail_conf_long.c, global/mail_conf_nint.c. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index defa8bcd9..506400c79 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -33,6 +33,21 @@ This is supported only when the default value is stress-dependent postscreen parameters always evaluate as if the stress value is equal to the empty string. +Incompatibility with snapshot 20101206 +====================================== + +Postfix by default no longer adds a "To: undisclosed-recipients:;" +header when no recipient specified in the message header. The +Internet mail RFCs have supported messages without recipient header +for almost 10 years now. + +For backwards compatibility, specify: + +/etc/postfix/main.cf + To: undisclosed-recipients:; + +Note: both the ":" and ";" are required. + Incompatibility with snapshot 20101202 ====================================== diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index eb1501396..447473d1a 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -15224,12 +15224,21 @@ The default time unit is s (seconds).
undisclosed_recipients_header -(default: To: undisclosed-recipients:;)
+(default: see "postconf -d" output)

Message header that the Postfix cleanup(8) server inserts when a -message contains no To: or Cc: message header. With Postfix 2.4 -and later, specify an empty value to disable this feature.

+message contains no To: or Cc: message header. With Postfix 2.8 +and later, the default value is empty. With Postfix 2.4-2.7, +specify an empty value to disable this feature.

+ +

Example:

+ +
+# Default value before Postfix 2.8.
+# Note: the ":" and ";" are both required.
+undisclosed_recipients_header = To: undisclosed-recipients:;
+
diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index f7d22359d..0e11c16c6 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -55,12 +55,12 @@ POSTSCREEN(8) POSTSCREEN(8) Problems and transactions are logged to syslogd(8). BUGS - The postscreen(8) built-in SMTP protocol engine does not - announce support for STARTTLS, AUTH, XCLIENT or XFORWARD. - Support for STARTTLS and AUTH may be added in the future. - In the mean time, if you need to make these services - available on port 25, then do not enable the optional - "after 220 server greeting" tests. + The postscreen(8) built-in SMTP protocol engine currently + does not announce support for STARTTLS, AUTH, XCLIENT or + XFORWARD. Support for STARTTLS and AUTH may be added in + the future. In the mean time, if you need to make these + services available on port 25, then do not enable the + optional "after 220 server greeting" tests. The optional "after 220 server greeting" tests involve postscreen(8)'s built-in SMTP protocol engine. When these diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index f46bab9d2..3e7023f9e 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -9656,10 +9656,23 @@ load. .PP Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). -.SH undisclosed_recipients_header (default: To: undisclosed-recipients:;) +.SH undisclosed_recipients_header (default: see "postconf -d" output) Message header that the Postfix \fBcleanup\fR(8) server inserts when a -message contains no To: or Cc: message header. With Postfix 2.4 -and later, specify an empty value to disable this feature. +message contains no To: or Cc: message header. With Postfix 2.8 +and later, the default value is empty. With Postfix 2.4-2.7, +specify an empty value to disable this feature. +.PP +Example: +.PP +.nf +.na +.ft C +# Default value before Postfix 2.8. +# Note: the ":" and ";" are both required. +undisclosed_recipients_header = To: undisclosed-recipients:; +.fi +.ad +.ft R .SH unknown_address_reject_code (default: 450) The numerical Postfix SMTP server response code when a sender or recipient address is rejected by the reject_unknown_sender_domain diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index b4cebec67..7ff72096d 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -60,8 +60,9 @@ Problems and transactions are logged to \fBsyslogd\fR(8). .SH BUGS .ad .fi -The \fBpostscreen\fR(8) built-in SMTP protocol engine does -not announce support for STARTTLS, AUTH, XCLIENT or XFORWARD. +The \fBpostscreen\fR(8) built-in SMTP protocol engine +currently does not announce support for STARTTLS, AUTH, +XCLIENT or XFORWARD. Support for STARTTLS and AUTH may be added in the future. In the mean time, if you need to make these services available on port 25, then do not enable the optional "after 220 diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5e2b9f216..cb9fe1bf4 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -8150,12 +8150,21 @@ delivery is requested with "sendmail -v". This feature is available in Postfix 2.1 and later.

-%PARAM undisclosed_recipients_header To: undisclosed-recipients:; +%PARAM undisclosed_recipients_header see "postconf -d" output

Message header that the Postfix cleanup(8) server inserts when a -message contains no To: or Cc: message header. With Postfix 2.4 -and later, specify an empty value to disable this feature.

+message contains no To: or Cc: message header. With Postfix 2.8 +and later, the default value is empty. With Postfix 2.4-2.7, +specify an empty value to disable this feature.

+ +

Example:

+ +
+# Default value before Postfix 2.8.
+# Note: the ":" and ";" are both required.
+undisclosed_recipients_header = To: undisclosed-recipients:;
+
%PARAM unknown_relay_recipient_reject_code 550 diff --git a/postfix/src/global/cfg_parser.c b/postfix/src/global/cfg_parser.c index 525294889..5495c2994 100644 --- a/postfix/src/global/cfg_parser.c +++ b/postfix/src/global/cfg_parser.c @@ -82,7 +82,8 @@ #include "sys_defs.h" -#include +#include +#include #include #ifdef STRCASECMP_IN_STRINGS_H @@ -146,11 +147,14 @@ static int get_dict_int(const struct CFG_PARSER *parser, const char *name, int defval, int min, int max) { const char *strval; + char *end; int intval; - char junk; + long longval; if ((strval = (char *) dict_lookup(parser->name, name)) != 0) { - if (sscanf(strval, "%d%c", &intval, &junk) != 1) + errno = 0; + intval = longval = strtol(strval, &end, 10); + if (*strval == 0 || *end != 0 || errno == ERANGE || longval != intval) msg_fatal("%s: bad numerical configuration: %s = %s", parser->name, name, strval); } else diff --git a/postfix/src/global/conv_time.c b/postfix/src/global/conv_time.c index cbd8050e3..4c0c8c506 100644 --- a/postfix/src/global/conv_time.c +++ b/postfix/src/global/conv_time.c @@ -41,7 +41,8 @@ #include #include /* INT_MAX */ -#include /* sscanf() */ +#include +#include /* Utility library. */ @@ -60,50 +61,48 @@ int conv_time(const char *strval, int *timval, int def_unit) { - char unit; - char junk; + char *end; int intval; + long longval; - switch (sscanf(strval, "%d%c%c", &intval, &unit, &junk)) { - case 1: - unit = def_unit; - /* FALLTHROUGH */ - case 2: - if (intval < 0) - return (0); - switch (unit) { - case 'w': - if (intval < INT_MAX / WEEK) { - *timval = intval * WEEK; - return (1); - } else { - return (0); - } - case 'd': - if (intval < INT_MAX / DAY) { - *timval = intval * DAY; - return (1); - } else { - return (0); - } - case 'h': - if (intval < INT_MAX / HOUR) { - *timval = intval * HOUR; - return (1); - } else { - return (0); - } - case 'm': - if (intval < INT_MAX / MINUTE) { - *timval = intval * MINUTE; - return (1); - } else { - return (0); - } - case 's': - *timval = intval; + errno = 0; + intval = longval = strtol(strval, &end, 10); + if (*strval == 0 || errno == ERANGE || longval != intval || intval < 0 + || (*end != 0 && end[1] != 0)) + return (0); + + switch (*end ? *end : def_unit) { + case 'w': + if (intval < INT_MAX / WEEK) { + *timval = intval * WEEK; return (1); + } else { + return (0); } + case 'd': + if (intval < INT_MAX / DAY) { + *timval = intval * DAY; + return (1); + } else { + return (0); + } + case 'h': + if (intval < INT_MAX / HOUR) { + *timval = intval * HOUR; + return (1); + } else { + return (0); + } + case 'm': + if (intval < INT_MAX / MINUTE) { + *timval = intval * MINUTE; + return (1); + } else { + return (0); + } + case 's': + *timval = intval; + return (1); } return (0); } diff --git a/postfix/src/global/mail_conf_int.c b/postfix/src/global/mail_conf_int.c index 1c2dcba43..7e944a436 100644 --- a/postfix/src/global/mail_conf_int.c +++ b/postfix/src/global/mail_conf_int.c @@ -79,7 +79,8 @@ #include #include -#include /* sscanf() */ +#include /* BUFSIZ */ +#include /* Utility library. */ @@ -97,10 +98,13 @@ static int convert_mail_conf_int(const char *name, int *intval) { const char *strval; - char junk; + char *end; + long longval; if ((strval = mail_conf_lookup_eval(name)) != 0) { - if (sscanf(strval, "%d%c", intval, &junk) != 1) + errno = 0; + *intval = longval = strtol(strval, &end, 10); + if (*strval == 0 || *end != 0 || errno == ERANGE || longval != *intval) msg_fatal("bad numerical configuration: %s = %s", name, strval); return (1); } @@ -132,7 +136,7 @@ int get_mail_conf_int(const char *name, int defval, int min, int max) /* get_mail_conf_int2 - evaluate integer-valued configuration variable */ int get_mail_conf_int2(const char *name1, const char *name2, int defval, - int min, int max) + int min, int max) { int intval; char *name; @@ -150,7 +154,7 @@ int get_mail_conf_int2(const char *name1, const char *name2, int defval, typedef int (*stupid_indent_int) (void); int get_mail_conf_int_fn(const char *name, stupid_indent_int defval, - int min, int max) + int min, int max) { int intval; @@ -176,7 +180,7 @@ void get_mail_conf_int_table(const CONFIG_INT_TABLE *table) { while (table->name) { table->target[0] = get_mail_conf_int(table->name, table->defval, - table->min, table->max); + table->min, table->max); table++; } } @@ -187,7 +191,7 @@ void get_mail_conf_int_fn_table(const CONFIG_INT_FN_TABLE *table) { while (table->name) { table->target[0] = get_mail_conf_int_fn(table->name, table->defval, - table->min, table->max); + table->min, table->max); table++; } } diff --git a/postfix/src/global/mail_conf_long.c b/postfix/src/global/mail_conf_long.c index e9feaa3ad..96d2e0d0f 100644 --- a/postfix/src/global/mail_conf_long.c +++ b/postfix/src/global/mail_conf_long.c @@ -79,7 +79,8 @@ #include #include -#include /* sscanf() */ +#include /* BUFSIZ */ +#include /* Utility library. */ @@ -97,10 +98,12 @@ static int convert_mail_conf_long(const char *name, long *longval) { const char *strval; - char junk; + char *end; if ((strval = mail_conf_lookup_eval(name)) != 0) { - if (sscanf(strval, "%ld%c", longval, &junk) != 1) + errno = 0; + *longval = strtol(strval, &end, 10); + if (*strval == 0 || *end != 0 || errno == ERANGE) msg_fatal("bad numerical configuration: %s = %s", name, strval); return (1); } diff --git a/postfix/src/global/mail_conf_nint.c b/postfix/src/global/mail_conf_nint.c index 0a2c50ab6..a14f41784 100644 --- a/postfix/src/global/mail_conf_nint.c +++ b/postfix/src/global/mail_conf_nint.c @@ -84,7 +84,8 @@ #include #include -#include /* sscanf() */ +#include /* BUFSIZ */ +#include /* Utility library. */ @@ -102,10 +103,13 @@ static int convert_mail_conf_nint(const char *name, int *intval) { const char *strval; - char junk; + char *end; + long longval; if ((strval = mail_conf_lookup_eval(name)) != 0) { - if (sscanf(strval, "%d%c", intval, &junk) != 1) + errno = 0; + *intval = longval = strtol(strval, &end, 10); + if (*strval == 0 || *end != 0 || errno == ERANGE || longval != *intval) msg_fatal("bad numerical configuration: %s = %s", name, strval); return (1); } diff --git a/postfix/src/global/mail_conf_time.c b/postfix/src/global/mail_conf_time.c index 64523e9da..a8fa72f3e 100644 --- a/postfix/src/global/mail_conf_time.c +++ b/postfix/src/global/mail_conf_time.c @@ -75,7 +75,7 @@ #include #include -#include /* sscanf() */ +#include /* BUFSIZ */ #include /* Utility library. */ diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 09b4a7d58..c88067ebd 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -338,7 +338,7 @@ extern char *var_always_bcc; * MTAs routinely strip Bcc: headers from message headers. */ #define VAR_RCPT_WITHELD "undisclosed_recipients_header" -#define DEF_RCPT_WITHELD "To: undisclosed-recipients:;" +#define DEF_RCPT_WITHELD "" extern char *var_rcpt_witheld; /* diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 8398072a6..24aa548ef 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20101206" +#define MAIL_RELEASE_DATE "20101210" #define MAIL_VERSION_NUMBER "2.8" #ifdef SNAPSHOT diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 88d513343..958e57f8f 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -46,8 +46,9 @@ /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8). /* BUGS -/* The \fBpostscreen\fR(8) built-in SMTP protocol engine does -/* not announce support for STARTTLS, AUTH, XCLIENT or XFORWARD. +/* The \fBpostscreen\fR(8) built-in SMTP protocol engine +/* currently does not announce support for STARTTLS, AUTH, +/* XCLIENT or XFORWARD. /* Support for STARTTLS and AUTH may be added in the future. /* In the mean time, if you need to make these services available /* on port 25, then do not enable the optional "after 220 diff --git a/postfix/src/postscreen/postscreen_send.c b/postfix/src/postscreen/postscreen_send.c index 4a7b24e31..0974537b0 100644 --- a/postfix/src/postscreen/postscreen_send.c +++ b/postfix/src/postscreen/postscreen_send.c @@ -21,8 +21,7 @@ /* ps_send_reply() sends the specified text to the specified /* remote SMTP client. In case of an immediate error, it logs /* a warning (except EPIPE) with the client address and port, -/* and returns -1 (including EPIPE). Otherwise, the result -/* value is the number of bytes sent. +/* and returns a non-zero result (all errors including EPIPE). /* /* PS_SEND_REPLY() is a convenience wrapper for ps_send_reply(). /* It is an unsafe macro that evaluates its arguments multiple diff --git a/postfix/src/postscreen/postscreen_state.c b/postfix/src/postscreen/postscreen_state.c index 729800494..9e092d800 100644 --- a/postfix/src/postscreen/postscreen_state.c +++ b/postfix/src/postscreen/postscreen_state.c @@ -180,7 +180,7 @@ PS_STATE *ps_new_session_state(VSTREAM *stream, if ((ht = htable_locate(ps_client_concurrency, addr)) == 0) ht = htable_enter(ps_client_concurrency, addr, (char *) 0); ht->value += 1; - state->client_concurrency = (int) ht->value; + state->client_concurrency = CAST_CHAR_PTR_TO_INT(ht->value); return (state); }