From e10da5f89bd1c87ce243e5b4ae35fcfb8740b96e Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sat, 30 Mar 2002 00:00:00 -0500 Subject: [PATCH] postfix-1.1.6-20020330 --- postfix/HISTORY | 17 +++++++++++------ postfix/RELEASE_NOTES | 5 +++++ postfix/src/global/mail_version.h | 8 ++------ postfix/src/postqueue/postqueue.c | 15 ++++++++++----- postfix/src/smtpd/smtpd.c | 2 +- postfix/src/smtpd/smtpd_sasl_glue.c | 6 ++++++ postfix/src/util/safe_getenv.c | 6 ++---- 7 files changed, 37 insertions(+), 22 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 5051f742a..be56a6a27 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -6136,10 +6136,6 @@ Apologies for any names omitted. accepted in SMTP mail, but they could appear within locally submitted mail. File: bounce/bounce_append_service.c. - Workaround: exempt processes running with the real userid - of root from safe_getenv() restrictions. The super-user - is supposed to know what she is doing. - 20020318 Workaround: Berkeley DB can't handle null key lookups, @@ -6215,11 +6211,20 @@ Apologies for any names omitted. whitespace. Fix by Victor Duchovni, Morgan Stanley. File: cleanup/cleanup_map1n.c. - Feature: configurable service name for the cleanup service. - Files: global/mail_params.[hc]. + Feature: configurable service name for the internal services: + bounce, cleanup, defer, error, flush, pickup, queue, rewrite, + showq. Files: global/mail_params.[hc]. Feature: SASL version 2 support by Jason Hoos. +20020330 + + Bugfix: postqueue did not pass on configuration directory + settings when running showq while the mail system is down. + The super-user is now exempted from environment stripping + in postqueue/postqueue.c. Problem reported by Victor + Duchovni, Morgan Stanley. + Open problems: Low: sendmail does not store null command-line recipients. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 714eeb993..5090e587d 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -37,6 +37,11 @@ exceeded $line_length_limit characters (default: 2048). Both behaviors broke MIME encapsulation, causing MIME attachments to "disappear" with all previous Postfix versions. +Major changes with Postfix version x.x.x +======================================== + +Support for the Cyrus SASL version 2 library. + Incompatible changes with Postfix version 1.1.3 (released 20020201) =================================================================== diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 6210db5e5..ba770aec2 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -21,18 +21,14 @@ * release date only, unless they include the same bugfix as a patch release. */ #define VAR_MAIL_VERSION "mail_version" -#ifdef SNAPSHOT -#define DEF_MAIL_VERSION "1.1.5-$mail_release_date" -#else -#define DEF_MAIL_VERSION "1.1.5" -#endif +#define DEF_MAIL_VERSION "1.1.6-$mail_release_date" extern char *var_mail_version; /* * Release date. */ #define VAR_MAIL_RELEASE "mail_release_date" -#define DEF_MAIL_RELEASE "20020311" +#define DEF_MAIL_RELEASE "20020330" extern char *var_mail_release; /* LICENSE diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index 62107bf2f..80a97aed7 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -340,12 +340,17 @@ int main(int argc, char **argv) mail_conf_read(); /* - * Strip the environment so we don't have to trust the C library. + * This program is designed to be set-gid, which makes it a potential + * target for attack. If not running as root, strip the environment so we + * don't have to trust the C library. If running as root, don't strip the + * environment so that showq can receive non-default configuration + * directory info when the mail system is down. */ - import_env = argv_split(var_import_environ, ", \t\r\n"); - clean_env(import_env->argv); - argv_free(import_env); - + if (geteuid() != 0) { + import_env = argv_split(var_import_environ, ", \t\r\n"); + clean_env(import_env->argv); + argv_free(import_env); + } if (chdir(var_queue_dir)) msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir); diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 38d688727..1e68eaa4a 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -1399,7 +1399,7 @@ static void smtpd_proto(SMTPD_STATE *state) } if (cmdp->flags & SMTPD_CMD_FLAG_HEADER) { msg_warn("%s sent %s header instead of SMTP command: %.100s", - cmdp->name, state->namaddr, vstring_str(state->buffer)); + state->namaddr, cmdp->name, vstring_str(state->buffer)); smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye."); break; } diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index 8bf54dc55..a112245e9 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -225,7 +225,13 @@ void smtpd_sasl_initialize(void) void smtpd_sasl_connect(SMTPD_STATE *state) { +#if SASL_VERSION_MAJOR < 2 unsigned sasl_mechanism_count; + +#else + int sasl_mechanism_count; + +#endif sasl_security_properties_t sec_props; char *server_address; char *client_address; diff --git a/postfix/src/util/safe_getenv.c b/postfix/src/util/safe_getenv.c index a769d08ed..04ca65935 100644 --- a/postfix/src/util/safe_getenv.c +++ b/postfix/src/util/safe_getenv.c @@ -10,8 +10,7 @@ /* char *name; /* DESCRIPTION /* The \fBsafe_getenv\fR() routine reads the named variable from the -/* environment, provided that either the process runs with the real -/* and effective user ID of root, or that the unsafe() routine agrees. +/* environment, provided that the unsafe() routine agrees. /* SEE ALSO /* unsafe(3), detect non-user privileges /* LICENSE @@ -38,6 +37,5 @@ char *safe_getenv(const char *name) { - return ((getuid() == 0 && geteuid() == 0) || unsafe() == 0 ? - getenv(name) : 0); + return (unsafe() == 0 ? getenv(name) : 0); }