SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get
the old settings back. Files: global/mail_params.h,
proto/postconf.proto, and files derived from those.
+
+20150722
+
+ The COMPATIBILITY_README text and HTML files were not
+ installed. File: conf/postfix-files.
+
+20150903
+
+ Workaround: disable DNSSEC support for AIX 7x and earlier.
+ The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
+ defining the "ad" bit. Viktor Dukhovni. Files: makedefs,
+ proto/INSTALL.html, dns/dns.h.
+
+20150923
+
+ Bugfix (introduced: 20120531-617): the Postfix SMTP server
+ used a larger-than-1 VSTREAM buffer to read the HAProxy
+ connection hand-off information. This broke TLS wrappermode,
+ as the TLS helo packet would end up in the plaintext VSTREAM
+ buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c.
+
+20150924
+
+ Bugfix (introduced: 20090216-24): incorrect postmulti error
+ message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
+ File: postmulti/postmulti.c.
+
+ Workaround: don't create a new instance when the template
+ main.cf and master.cf files are missing, as happens on
+ Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
+
+20150925
+
+ Bugfix (introduced: 19970309, fixed 20150421 in development
+ release): reset errno before calling readdir(), in order
+ to distinguish between an end-of-directory and an error
+ condition. File: scandir.c.
+
+20150930
+
+ Bugfix (introduced: 20040124): Milter client panic while
+ adding a header, because the PREPEND action used the same
+ output function for header_checks and body_checks. Viktor
+ Dukhovni and Wietse. File: cleanup/cleanup_message.c.
+
+ Bugfix (introduced: 20031128): xtext_unquote() did not
+ propagate error reports from xtext_unquote_append(), causing
+ the decoder to return partial ouput, instead of rejecting
+ malformed input. Fix by Krzysztof Wojta. File: global/xtext.c.
+
+20151003
+
+ Bugfix (copied from xtext): uxtext_unquote() did not propagate
+ error reports from uxtext_unquote_append(), causing the
+ decoder to return partial output, instead of rejecting
+ malformed input. Found by searching the code for similar
+ error patterns as with xtext_unquote(). File: global/uxtext.c.
+
+ Bugfix (introduced: 20141130, fixed around 20150607 in
+ development release): the DNS multi-query clients forgot
+ to save and restore h_errno when evaluating the aggregate
+ result. File: dns/dns_lookup.c.
|| |probably should also override DEF_DB_TYPE as |
|| |described in section 4.6. |
||_____________________________|______________________________________________|
+||-DNO_DNSSEC |Do not build with DNSSEC support, even if the |
+|| |resolver library appears to support it. |
+||_____________________________|______________________________________________|
|| |Do not build with Solaris /dev/poll support. |
||-DNO_DEVPOLL |By default, /dev/poll support is compiled in |
|| |on Solaris versions that are known to support |
|| |probably should also override DEF_DB_TYPE as |
|| |described in section 4.6. |
|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
+||-DNO_DNSSEC |Do not build with DNSSEC support, even if the |
+|| |resolver library appears to support it. |
+|_\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b|_\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b _\b |
|| |Do not build with Solaris /dev/poll support. |
||-DNO_DEVPOLL |By default, /dev/poll support is compiled in |
|| |on Solaris versions that are known to support |
$readme_directory/BASIC_CONFIGURATION_README:f:root:-:644
$readme_directory/BUILTIN_FILTER_README:f:root:-:644
$readme_directory/CDB_README:f:root:-:644
+$readme_directory/COMPATIBILITY_README:f:root:-:644
$readme_directory/CONNECTION_CACHE_README:f:root:-:644
$readme_directory/CONTENT_INSPECTION_README:f:root:-:644
$readme_directory/DATABASE_README:f:root:-:644
$html_directory/BASIC_CONFIGURATION_README.html:f:root:-:644
$html_directory/BUILTIN_FILTER_README.html:f:root:-:644
$html_directory/CDB_README.html:f:root:-:644
+$html_directory/COMPATIBILITY_README.html:f:root:-:644
$html_directory/CONNECTION_CACHE_README.html:f:root:-:644
$html_directory/CONTENT_INSPECTION_README.html:f:root:-:644
$html_directory/CYRUS_README.html:f:root:-:644:o
fatal "'$config_directory' lacks a master.cf file"
}
+ test -f $meta_directory/main.cf.proto ||
+ fatal "Missing main.cf prototype: $meta_directory/main.cf.proto"
+ test -f $meta_directory/master.cf.proto ||
+ fatal "Missing master.cf prototype: $meta_directory/master.cf.proto"
+
# Create instance-specific directories
#
test -d $config_directory ||
this, then you probably should also override DEF_DB_TYPE as described
in section 4.6. </td> </tr>
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
support is compiled in on Solaris versions that are known to support
# Do not build with Solaris /dev/poll support.
# By default, /dev/poll support is compiled in on platforms that
# are known to support it.
+# .IP \fB-DNO_DNSSEC\fR
+# Do not build with DNSSEC support, even if the resolver
+# library appears to support it.
# .IP \fB-DNO_EPOLL\fR
# Do not build with Linux EPOLL support.
# By default, EPOLL support is compiled in on platforms that
;;
AIX.*) case "`uname -v`" in
6) SYSTYPE=AIX6
+ CCARGS="$CCARGS -DNO_DNSSEC"
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
esac
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
5) SYSTYPE=AIX5
+ CCARGS="$CCARGS -DNO_DNSSEC"
case "$CC" in
cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
esac
CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
;;
4) SYSTYPE=AIX4
+ CCARGS="$CCARGS -DNO_DNSSEC"
# How embarrassing...
case "$CC" in
cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";;
this, then you probably should also override DEF_DB_TYPE as described
in section 4.6. </td> </tr>
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
support is compiled in on Solaris versions that are known to support
if (STREQUAL(value, "PREPEND", command_len)) {
if (*optional_text == 0) {
msg_warn("PREPEND action without text in %s map", map_class);
- } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0
- && !is_header(optional_text)) {
- msg_warn("bad PREPEND header text \"%s\" in %s map -- "
- "need \"headername: headervalue\"",
- optional_text, map_class);
+ } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) {
+ if (!is_header(optional_text)) {
+ msg_warn("bad PREPEND header text \"%s\" in %s map -- "
+ "need \"headername: headervalue\"",
+ optional_text, map_class);
+ } else {
+ VSTRING *temp;
+
+ cleanup_act_log(state, "prepend", context, buf, optional_text);
+ temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
+ optional_text);
+ cleanup_out_header(state, temp);
+ vstring_free(temp);
+ }
} else {
cleanup_act_log(state, "prepend", context, buf, optional_text);
cleanup_out_string(state, REC_TYPE_NORM, optional_text);
(cp) += 4; \
}
+#endif
+
+/*
+ * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
+ */
+#ifdef NO_DNSSEC
+#undef RES_USE_DNSSEC
#endif
/*
int hpref_status = INT_MIN;
VSTRING *hpref_rtext = 0;
int hpref_rcode;
+ int hpref_h_errno;
DNS_RR *rr;
/* Save intermediate highest-priority result. */
vstring_strcpy(hpref_rtext ? hpref_rtext : \
(hpref_rtext = vstring_alloc(VSTRING_LEN(why))), \
vstring_str(why)); \
+ hpref_h_errno = h_errno; \
} while (0)
/* Restore intermediate highest-priority result. */
*rcode = hpref_rcode; \
if (why && status != DNS_OK) \
vstring_strcpy(why, vstring_str(hpref_rtext)); \
+ SET_H_ERRNO(hpref_h_errno); \
} while (0)
if (rrlist)
int hpref_status = INT_MIN;
VSTRING *hpref_rtext = 0;
int hpref_rcode;
+ int hpref_h_errno;
DNS_RR *rr;
if (rrlist)
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20150720"
-#define MAIL_VERSION_NUMBER "3.0.2"
+#define MAIL_RELEASE_DATE "20151010"
+#define MAIL_VERSION_NUMBER "3.0.3"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
VSTRING *uxtext_unquote(VSTRING *unquoted, const char *quoted)
{
VSTRING_RESET(unquoted);
- uxtext_unquote_append(unquoted, quoted);
- return (unquoted);
+ return (uxtext_unquote_append(unquoted, quoted) ? unquoted : 0);
}
#ifdef TEST
VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted)
{
VSTRING_RESET(unquoted);
- xtext_unquote_append(unquoted, quoted);
- return (unquoted);
+ return (xtext_unquote_append(unquoted, quoted) ? unquoted : 0);
}
#ifdef TEST
case 'e':
if ((code = EDIT_CMD_CODE(optarg)) < 0)
msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', "
- "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
+ "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
optarg,
EDIT_CMD_STR(EDIT_CMD_CREATE),
EDIT_CMD_STR(EDIT_CMD_DESTROY),
EDIT_CMD_STR(EDIT_CMD_ENABLE),
EDIT_CMD_STR(EDIT_CMD_DISABLE),
EDIT_CMD_STR(EDIT_CMD_ASSIGN),
- EDIT_CMD_STR(EDIT_CMD_INIT),
- optarg);
+ EDIT_CMD_STR(EDIT_CMD_INIT));
if (cmd_mode != code)
command_mode_count++;
cmd_mode = code;
int io_err;
VSTRING *escape_buf;
+ /*
+ * While reading HAProxy handshake information, don't buffer input beyond
+ * the end-of-line. That would break the TLS wrappermode handshake.
+ */
+ vstream_control(state->client,
+ VSTREAM_CTL_BUFSIZE, 1,
+ VSTREAM_CTL_END);
+
/*
* Note: the haproxy_srvr_parse() routine performs address protocol
* checks, address and port syntax checks, and converts IPv4-in-IPv6
* Avoid surprises in the Dovecot authentication server.
*/
state->dest_addr = mystrdup(smtp_server_addr.buf);
+
+ /*
+ * Enable normal buffering.
+ */
+ vstream_control(state->client,
+ VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
+ VSTREAM_CTL_END);
return (0);
}
}
#endif
#endif
#include <string.h>
+#include <errno.h>
/* Utility library. */
#define STREQ(x,y) (strcmp((x),(y)) == 0)
if (info) {
+
+ /*
+ * Fix 20150421: readdir() does not reset errno after reaching the
+ * end-of-directory. This dates back all the way to the initial
+ * implementation of 19970309.
+ */
+ errno = 0;
while ((dp = readdir(info->dir)) != 0) {
if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) {
if (msg_verbose > 1)
projects / thirdparty / postfix.git / commitdiff
