postfix-1.1.6-20020330

2025-08-29 13:18:12 +00:00 · 2002-03-30 00:00:00 -05:00 · 2002-03-30 00:00:00 -05:00 · e10da5f89b
commit e10da5f89b
parent fddaffebfb
7 changed files with 37 additions and 22 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -6136,10 +6136,6 @@ Apologies for any names omitted.
 	accepted in SMTP mail, but they could appear within locally
 	submitted mail.  File: bounce/bounce_append_service.c.

-	Workaround: exempt processes running with the real userid
-	of root from safe_getenv() restrictions. The super-user
-	is supposed to know what she is doing.
-
 20020318

 	Workaround: Berkeley DB can't handle null key lookups,
@ -6215,11 +6211,20 @@ Apologies for any names omitted.
 	whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
 	cleanup/cleanup_map1n.c.

-	Feature: configurable service name for the cleanup service.
-	Files: global/mail_params.[hc].
+	Feature: configurable service name for the internal services:
+	bounce, cleanup, defer, error, flush, pickup, queue, rewrite,
+	showq.  Files: global/mail_params.[hc].

 	Feature: SASL version 2 support by Jason Hoos.

+20020330
+
+	Bugfix: postqueue did not pass on configuration directory
+	settings when running showq while the mail system is down.
+	The super-user is now exempted from environment stripping
+	in postqueue/postqueue.c. Problem reported by Victor
+	Duchovni, Morgan Stanley.
+
 Open problems:

 	Low: sendmail does not store null command-line recipients.
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@ -37,6 +37,11 @@ exceeded $line_length_limit characters (default: 2048).  Both
 behaviors broke MIME encapsulation, causing MIME attachments to
 "disappear" with all previous Postfix versions.

+Major changes with Postfix version x.x.x
+========================================
+
+Support for the Cyrus SASL version 2 library.
+
 Incompatible changes with Postfix version 1.1.3 (released 20020201)
 ===================================================================

--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -21,18 +21,14 @@
  * release date only, unless they include the same bugfix as a patch release.
  */
 #define VAR_MAIL_VERSION	"mail_version"
-#ifdef SNAPSHOT
-#define DEF_MAIL_VERSION	"1.1.5-$mail_release_date"
-#else
-#define DEF_MAIL_VERSION	"1.1.5"
-#endif
+#define DEF_MAIL_VERSION	"1.1.6-$mail_release_date"
 extern char *var_mail_version;

 /*
  * Release date.
  */
 #define VAR_MAIL_RELEASE	"mail_release_date"
-#define DEF_MAIL_RELEASE	"20020311"
+#define DEF_MAIL_RELEASE	"20020330"
 extern char *var_mail_release;

 /* LICENSE
--- a/postfix/src/postqueue/postqueue.c
+++ b/postfix/src/postqueue/postqueue.c
@ -340,12 +340,17 @@ int     main(int argc, char **argv)
    mail_conf_read();

    /*
-     * Strip the environment so we don't have to trust the C library.
+     * This program is designed to be set-gid, which makes it a potential
+     * target for attack. If not running as root, strip the environment so we
+     * don't have to trust the C library. If running as root, don't strip the
+     * environment so that showq can receive non-default configuration
+     * directory info when the mail system is down.
     */
-    import_env = argv_split(var_import_environ, ", \t\r\n");
-    clean_env(import_env->argv);
-    argv_free(import_env);
-
+    if (geteuid() != 0) {
+	import_env = argv_split(var_import_environ, ", \t\r\n");
+	clean_env(import_env->argv);
+	argv_free(import_env);
+    }
    if (chdir(var_queue_dir))
 	msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);

--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@ -1399,7 +1399,7 @@ static void smtpd_proto(SMTPD_STATE *state)
 	    }
 	    if (cmdp->flags & SMTPD_CMD_FLAG_HEADER) {
 		msg_warn("%s sent %s header instead of SMTP command: %.100s",
-		    cmdp->name, state->namaddr, vstring_str(state->buffer));
+		    state->namaddr, cmdp->name, vstring_str(state->buffer));
 		smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye.");
 		break;
 	    }
--- a/postfix/src/smtpd/smtpd_sasl_glue.c
+++ b/postfix/src/smtpd/smtpd_sasl_glue.c
@ -225,7 +225,13 @@ void    smtpd_sasl_initialize(void)

 void    smtpd_sasl_connect(SMTPD_STATE *state)
 {
+#if SASL_VERSION_MAJOR < 2
    unsigned sasl_mechanism_count;
+
+#else
+    int     sasl_mechanism_count;
+
+#endif
    sasl_security_properties_t sec_props;
    char   *server_address;
    char   *client_address;
--- a/postfix/src/util/safe_getenv.c
+++ b/postfix/src/util/safe_getenv.c
@ -10,8 +10,7 @@
 /*	char	*name;
 /* DESCRIPTION
 /*	The \fBsafe_getenv\fR() routine reads the named variable from the
-/*	environment, provided that either the process runs with the real
-/*	and effective user ID of root, or that the unsafe() routine agrees.
+/*	environment, provided that the unsafe() routine agrees.
 /* SEE ALSO
 /*	unsafe(3), detect non-user privileges
 /* LICENSE
@ -38,6 +37,5 @@

 char   *safe_getenv(const char *name)
 {
-    return ((getuid() == 0 && geteuid() == 0) || unsafe() == 0 ?
-	    getenv(name) : 0);
+    return (unsafe() == 0 ? getenv(name) : 0);
 }