mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.11.7

Browse Source
This commit is contained in:
Wietse Venema 2015-10-10 00:00:00 -05:00 committed by Viktor Dukhovni
parent 8a74f34720
commit ead337a3e4
13 changed files with 115 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
postfix/HISTORY
View File

@ -19684,3 +19684,47 @@ Apologies for any names omitted.
SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
20150903
Workaround: disable DNSSEC support for AIX 7x and earlier.
The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
proto/INSTALL.html, dns/dns.h.
20150923
Bugfix (introduced: 20120531-617): the Postfix SMTP server
used a larger-than-1 VSTREAM buffer to read the HAProxy
connection hand-off information. This broke TLS wrappermode,
as the TLS helo packet would end up in the plaintext VSTREAM
buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
20150924
Bugfix (introduced: 20090216-24): incorrect postmulti error
message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
File: postmulti/postmulti.c.
Workaround: don't create a new instance when the template
main.cf and master.cf files are missing, as happens on
Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
20150925
Bugfix (introduced: 19970309, fixed 20150421 in development
release): reset errno before calling readdir(), in order
to distinguish between an end-of-directory and an error
condition. File: scandir.c.
20150930
Bugfix (introduced: 20040124): Milter client panic while
adding a header, because the PREPEND action used the same
output function for header_checks and body_checks. Viktor
Dukhovni and Wietse. File: cleanup/cleanup_message.c.
Bugfix (introduced: 20031128): xtext_unquote() did not
propagate error reports from xtext_unquote_append(), causing
the decoder to return partial ouput, instead of rejecting
malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.

3
postfix/README_FILES/INSTALL
View File

@ -255,6 +255,9 @@ The following is an extensive list of names and values.
|| |probably should also override DEF_DB_TYPE as |
|| |described in section 4.4. |
|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
||-DNO_DNSSEC |Do not build with DNSSEC support, even if the |
|| |resolver library appears to support it. |
|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
|| |Do not build with Solaris /dev/poll support. |
||-DNO_DEVPOLL |By default, /dev/poll support is compiled in |
|| |on Solaris versions that are known to support |

5
postfix/conf/postmulti-script
View File

@ -127,6 +127,11 @@ create|import)
fatal "'$config_directory' lacks a master.cf file"
}
test -f $daemon_directory/main.cf ||
fatal "Missing main.cf prototype: $daemon_directory/main.cf"
test -f $daemon_directory/master.cf ||
fatal "Missing master.cf prototype: $daemon_directory/master.cf"
# Create instance-specific directories
#
test -d $config_directory ||

4
postfix/html/INSTALL.html
View File

@ -383,6 +383,10 @@ platforms that are known to support this feature. If you override
this, then you probably should also override DEF_DB_TYPE as described
in section 4.4. </td> </tr>
<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
support, even if the resolver library appears to support it. </td>
</tr>
<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
support is compiled in on Solaris versions that are known to support

6
postfix/makedefs
View File

@ -31,6 +31,9 @@
# Do not build with Solaris /dev/poll support.
# By default, /dev/poll support is compiled in on platforms that
# are known to support it.
# .IP \fB-DNO_DNSSEC\fR
# Do not build with DNSSEC support, even if the resolver
# library appears to support it.
# .IP \fB-DNO_EPOLL\fR
# Do not build with Linux EPOLL support.
# By default, EPOLL support is compiled in on platforms that
@ -259,18 +262,21 @@ case "$SYSTEM.$RELEASE" in
;;
AIX.*) case "`uname -v`" in
6) SYSTYPE=AIX6
CCARGS="$CCARGS -DNO_DNSSEC"
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
esac
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
5) SYSTYPE=AIX5
CCARGS="$CCARGS -DNO_DNSSEC"
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
esac
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
4) SYSTYPE=AIX4
CCARGS="$CCARGS -DNO_DNSSEC"
# How embarrassing...
case "$CC" in
cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;

4
postfix/proto/INSTALL.html
View File

@ -383,6 +383,10 @@ platforms that are known to support this feature. If you override
this, then you probably should also override DEF_DB_TYPE as described
in section 4.4. </td> </tr>
<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
support, even if the resolver library appears to support it. </td>
</tr>
<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
support is compiled in on Solaris versions that are known to support

19
postfix/src/cleanup/cleanup_message.c
View File

@ -385,11 +385,20 @@ static const char *cleanup_act(CLEANUP_STATE *state, char *context,
if (STREQUAL(value, "PREPEND", command_len)) {
if (*optional_text == 0) {
msg_warn("PREPEND action without text in %s map", map_class);
} else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0
&& !is_header(optional_text)) {
msg_warn("bad PREPEND header text \"%s\" in %s map -- "
"need \"headername: headervalue\"",
optional_text, map_class);
} else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) {
if (!is_header(optional_text)) {
msg_warn("bad PREPEND header text \"%s\" in %s map -- "
"need \"headername: headervalue\"",
optional_text, map_class);
} else {
VSTRING *temp;
cleanup_act_log(state, "prepend", context, buf, optional_text);
temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
optional_text);
cleanup_out_header(state, temp);
vstring_free(temp);
}
} else {
cleanup_act_log(state, "prepend", context, buf, optional_text);
cleanup_out_string(state, REC_TYPE_NORM, optional_text);

7
postfix/src/dns/dns.h
View File

@ -52,6 +52,13 @@
(cp) += 4; \
}
#endif
/*
* Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
*/
#ifdef NO_DNSSEC
#undef RES_USE_DNSSEC
#endif
/*

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20150720"
#define MAIL_VERSION_NUMBER "2.11.6"
#define MAIL_RELEASE_DATE "20151010"
#define MAIL_VERSION_NUMBER "2.11.7"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE

3
postfix/src/global/xtext.c
View File

@ -134,8 +134,7 @@ VSTRING *xtext_unquote_append(VSTRING *unquoted, const char *quoted)
VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted)
{
VSTRING_RESET(unquoted);
xtext_unquote_append(unquoted, quoted);
return (unquoted);
return (xtext_unquote_append(unquoted, quoted) ? unquoted : 0);
}
#ifdef TEST

5
postfix/src/postmulti/postmulti.c
View File

@ -1689,7 +1689,7 @@ int main(int argc, char **argv)
case 'e':
if ((code = EDIT_CMD_CODE(optarg)) < 0)
msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', "
"'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
"'%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
optarg,
EDIT_CMD_STR(EDIT_CMD_CREATE),
EDIT_CMD_STR(EDIT_CMD_DESTROY),
@ -1698,8 +1698,7 @@ int main(int argc, char **argv)
EDIT_CMD_STR(EDIT_CMD_ENABLE),
EDIT_CMD_STR(EDIT_CMD_DISABLE),
EDIT_CMD_STR(EDIT_CMD_ASSIGN),
EDIT_CMD_STR(EDIT_CMD_INIT),
optarg);
EDIT_CMD_STR(EDIT_CMD_INIT));
if (cmd_mode != code)
command_mode_count++;
cmd_mode = code;

15
postfix/src/smtpd/smtpd_haproxy.c
View File

@ -95,6 +95,14 @@ int smtpd_peer_from_haproxy(SMTPD_STATE *state)
int io_err;
VSTRING *escape_buf;
/*
* While reading HAProxy handshake information, don't buffer input beyond
* the end-of-line. That would break the TLS wrappermode handshake.
*/
vstream_control(state->client,
VSTREAM_CTL_BUFSIZE, 1,
VSTREAM_CTL_END);
/*
* Note: the haproxy_srvr_parse() routine performs address protocol
* checks, address and port syntax checks, and converts IPv4-in-IPv6
@ -142,6 +150,13 @@ int smtpd_peer_from_haproxy(SMTPD_STATE *state)
* Avoid surprises in the Dovecot authentication server.
*/
state->dest_addr = mystrdup(smtp_server_addr.buf);
/*
* Enable normal buffering.
*/
vstream_control(state->client,
VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
VSTREAM_CTL_END);
return (0);
}
}

8
postfix/src/util/scan_dir.c
View File

@ -78,6 +78,7 @@
#endif
#endif
#include <string.h>
#include <errno.h>
/* Utility library. */
@ -177,6 +178,13 @@ char *scan_dir_next(SCAN_DIR *scan)
#define STREQ(x,y) (strcmp((x),(y)) == 0)
if (info) {
/*
* Fix 20150421: readdir() does not reset errno after reaching the
* end-of-directory. This dates back all the way to the initial
* implementation of 19970309.
*/
errno = 0;
while ((dp = readdir(info->dir)) != 0) {
if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) {
if (msg_verbose > 1)