postfix-2.10.3

diff --git a/postfix/HISTORY b/postfix/HISTORY
index a9d01ab4912110aa0323a7f9abdf63d648085fd9..2111c8a49e75a7e6b2a19f49eff5f012d3c5b74f 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -18306,3 +18306,36 @@ Apologies for any names omitted.
        encryption key for each smtpd(8) process.  The workaround
        turns off session tickets. In 2.11 we'll enable session
        tickets properly.  Viktor Dukhovni. File: tls/tls_server.c.
+
+20131026
+
+       Future proofing: API changes in the PCRE library.  File:
+       util/dict_pcre.c.
+
+20131127
+
+       Bugfix (introduced: 20090106): the postconf '-#' option
+       erased prior options. File: postconf/postconf.c.
+
+20131129
+
+       Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
+       Dukhovni. File: proto/MULTI_INSTANCE_README.html.
+
+20131216
+
+       OpenSSL future proofing: tolerate disappearance of named
+       bug-workaround bits without invalidating tls_disable_workarounds
+       configurations.  When support for a bug workaround is removed
+       from OpenSSL, the corresponding bit is defined as zero (i.e.
+       NOOP) instead of causing programs to break. Viktor Dukhovni.
+       File: tls/tls_misc.c.
+
+20131220
+
+       Documentation: typo in SASL_README. Patrick Ben Koetter.
+       File: proto/SASL_README.html.
+
+20140104
+
+       Bugfix: malformed error message. File: conf/post-install.

diff --git a/postfix/README_FILES/MULTI_INSTANCE_README b/postfix/README_FILES/MULTI_INSTANCE_README
index 6186d59cbbe95dc25c636bacd259ccdbe5de45e8..6ba96322667418b45fec6ffcd26c9a72b1e5f346 100644 (file)
--- a/postfix/README_FILES/MULTI_INSTANCE_README
+++ b/postfix/README_FILES/MULTI_INSTANCE_README
@@ -177,7 +177,7 @@ database when none exists.
         generic: Makefile
            @echo Creating $@
            @rm -f $@.tmp
-           @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
+           @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
            @mv $@.tmp generic
 
         %.cdb: %

diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index c35481991adcd142ef711198234eede25735ec80..83ccd683ce54a009697f4bc773935ef169eac970 100644 (file)
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -478,7 +478,7 @@ to a PostgreSQL server:
         sql_user: username
         sql_passwd: secret
         sql_database: dbname
-        sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+        sql_select: SELECT password FROM users WHERE user = '%u@%r'
 
     N\bNo\bot\bte\be
 

diff --git a/postfix/conf/post-install b/postfix/conf/post-install
index 91ff4a6772ff6ecb9a467ce57248eb3914cc36c9..cb27920145aa06fc85b4e49c46ab2efc8421b86d 100644 (file)
--- a/postfix/conf/post-install
+++ b/postfix/conf/post-install
@@ -464,7 +464,7 @@ test -n "$create" && {
        case $type in
        [hl]) continue;;
        [df]) ;;
-          *) echo unknown type $type for $path in $daemon_directory/postfix-files1>&2; exit 1;;
+          *) echo unknown type $type for $path in $daemon_directory/postfix-files 1>&2; exit 1;;
        esac
        # Expand $name, and canonicalize null fields.
        for name in path owner group flags

diff --git a/postfix/html/MULTI_INSTANCE_README.html b/postfix/html/MULTI_INSTANCE_README.html
index 37a708577ae982532b2b4025c20e1830761ce260..15587af70c02eb43ec4100938fac07319377192b 100644 (file)
--- a/postfix/html/MULTI_INSTANCE_README.html
+++ b/postfix/html/MULTI_INSTANCE_README.html
@@ -233,7 +233,7 @@ creates a "generic" database when none exists. </p>
     generic: Makefile
            @echo Creating $@
            @rm -f $@.tmp
-           @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
+           @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` &gt; $@.tmp
            @mv $@.tmp generic
 
     %.<a href="CDB_README.html">cdb</a>: %

diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index f39feefcd7803b2a02c8e6fa14990018befdcf13..9c36ab9b52f2d423e140aab2b1c57f23e6c1d51f 100644 (file)
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -784,7 +784,7 @@ and connects it to a PostgreSQL server: </p>
     sql_user: username
     sql_passwd: secret
     sql_database: dbname
-    sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+    sql_select: SELECT password FROM users WHERE user = '%u@%r'
 </pre>
 </blockquote>
 

diff --git a/postfix/proto/MULTI_INSTANCE_README.html b/postfix/proto/MULTI_INSTANCE_README.html
index 2b72d1b45b1376aa83c54c5a569b5387942c08e0..60064dfabbde2d9e300d00f3eb9967bb2e584cb3 100644 (file)
--- a/postfix/proto/MULTI_INSTANCE_README.html
+++ b/postfix/proto/MULTI_INSTANCE_README.html
@@ -233,7 +233,7 @@ creates a "generic" database when none exists. </p>
     generic: Makefile
            @echo Creating $@
            @rm -f $@.tmp
-           @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
+           @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` &gt; $@.tmp
            @mv $@.tmp generic
 
     %.cdb: %

diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index 1146a36a1a0011a4d576813afbb3e72f15fdcd96..278ddee19c4694429a50b74d7de7ff3f1ce92563 100644 (file)
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -784,7 +784,7 @@ and connects it to a PostgreSQL server: </p>
     sql_user: username
     sql_passwd: secret
     sql_database: dbname
-    sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+    sql_select: SELECT password FROM users WHERE user = '%u@%r'
 </pre>
 </blockquote>
 

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index b40eb482029fb43c98fb88334e9a3d633ccf7482..bee76810d1b8d2fc7af39986ac2b751d1f15ebd3 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20130905"
-#define MAIL_VERSION_NUMBER    "2.10.2"
+#define MAIL_RELEASE_DATE      "20140116"
+#define MAIL_VERSION_NUMBER    "2.10.3"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE     "-" MAIL_RELEASE_DATE

diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index 95bea170272464a9f210a01fdc420d5b076d1de6..9876d0fc831c3b46db1a64488538b3d7118169d4 100644 (file)
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -474,7 +474,7 @@ int     main(int argc, char **argv)
            cmd_mode |= FOLD_LINE;
            break;
        case '#':
-           cmd_mode = COMMENT_OUT;
+           cmd_mode |= COMMENT_OUT;
            break;
        case 'h':
            cmd_mode &= ~SHOW_NAME;

diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index d09bb3225dc0708e8901a6b8f35c58bece75977c..e7fe6b63008998f5a24ed63c0c5b3471b6a808fe 100644 (file)
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -241,59 +241,72 @@ static const NAME_CODE protocol_table[] = {
 #define NAMEBUG(x)     #x, SSL_OP_##x
 static const LONG_NAME_MASK ssl_bug_tweaks[] = {
 
-#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
-    NAMEBUG(MICROSOFT_SESS_ID_BUG),    /* 0x00000001L */
+#ifndef SSL_OP_MICROSOFT_SESS_ID_BUG
+#define SSL_OP_MICROSOFT_SESS_ID_BUG           0
 #endif
+    NAMEBUG(MICROSOFT_SESS_ID_BUG),
 
-#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
-    NAMEBUG(NETSCAPE_CHALLENGE_BUG),   /* 0x00000002L */
+#ifndef SSL_OP_NETSCAPE_CHALLENGE_BUG
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG          0
 #endif
+    NAMEBUG(NETSCAPE_CHALLENGE_BUG),
 
-#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
-    NAMEBUG(LEGACY_SERVER_CONNECT),    /* 0x00000004L */
+#ifndef SSL_OP_LEGACY_SERVER_CONNECT
+#define SSL_OP_LEGACY_SERVER_CONNECT           0
 #endif
+    NAMEBUG(LEGACY_SERVER_CONNECT),
 
-#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
-    NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG), /* 0x00000008L */
-    "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
+#ifndef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0
 #endif
+    NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG),
+    "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
 
-#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
-    NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG),      /* 0x00000010L */
+#ifndef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG     0
 #endif
+    NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG),
 
-#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-    NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),/* 0x00000020L  */
+#ifndef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER      0
 #endif
+    NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),
 
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
-    NAMEBUG(MSIE_SSLV2_RSA_PADDING),   /* 0x00000040L */
-    "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
+#ifndef SSL_OP_MSIE_SSLV2_RSA_PADDING
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING          0
 #endif
+    NAMEBUG(MSIE_SSLV2_RSA_PADDING),
+    "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
 
-#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
-    NAMEBUG(SSLEAY_080_CLIENT_DH_BUG), /* 0x00000080L */
+#ifndef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                0
 #endif
+    NAMEBUG(SSLEAY_080_CLIENT_DH_BUG),
 
-#if defined(SSL_OP_TLS_D5_BUG)
-    NAMEBUG(TLS_D5_BUG),               /* 0x00000100L   */
+#ifndef SSL_OP_TLS_D5_BUG
+#define SSL_OP_TLS_D5_BUG                      0
 #endif
+    NAMEBUG(TLS_D5_BUG),
 
-#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
-    NAMEBUG(TLS_BLOCK_PADDING_BUG),    /* 0x00000200L */
+#ifndef SSL_OP_TLS_BLOCK_PADDING_BUG
+#define SSL_OP_TLS_BLOCK_PADDING_BUG           0
 #endif
+    NAMEBUG(TLS_BLOCK_PADDING_BUG),
 
-#if defined(SSL_OP_TLS_ROLLBACK_BUG)
-    NAMEBUG(TLS_ROLLBACK_BUG),         /* 0x00000400L */
+#ifndef SSL_OP_TLS_ROLLBACK_BUG
+#define SSL_OP_TLS_ROLLBACK_BUG                        0
 #endif
+    NAMEBUG(TLS_ROLLBACK_BUG),
 
-#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
-    NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS),      /* 0x00000800L */
+#ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS     0
 #endif
+    NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS),
 
-#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
-    NAMEBUG(CRYPTOPRO_TLSEXT_BUG),     /* 0x80000000L */
+#ifndef SSL_OP_CRYPTOPRO_TLSEXT_BUG
+#define SSL_OP_CRYPTOPRO_TLSEXT_BUG            0
 #endif
+    NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
     0, 0,
 };
 
@@ -869,7 +882,8 @@ long    tls_bug_bits(void)
 {
     long    bits = SSL_OP_ALL;         /* Work around all known bugs */
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
+       OPENSSL_VERSION_NUMBER < 0x10000000L
     long    lib_version = SSLeay();
 
     /*
@@ -895,6 +909,10 @@ long    tls_bug_bits(void)
        bits &= ~long_name_mask_opt(VAR_TLS_BUG_TWEAKS, ssl_bug_tweaks,
                                    var_tls_bug_tweaks, NAME_MASK_ANY_CASE |
                                    NAME_MASK_NUMBER | NAME_MASK_WARN);
+#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+       /* Not relevant to SMTP */
+       bits &= ~SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
+#endif
     }
     return (bits);
 }

diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c
index 060019ec5c937f0d24b9553abee5df30ca41f7ce..3ae2104b9624d3942c4dc6ef341384485c5cf850 100644 (file)
--- a/postfix/src/util/dict_pcre.c
+++ b/postfix/src/util/dict_pcre.c
@@ -61,6 +61,15 @@
 #include "pcre.h"
 #include "warn_stat.h"
 
+ /*
+  * Backwards compatibility.
+  */
+#ifdef PCRE_STUDY_JIT_COMPILE
+#define DICT_PCRE_FREE_STUDY(x)        pcre_free_study(x)
+#else
+#define DICT_PCRE_FREE_STUDY(x)        pcre_free((char *) (x))
+#endif
+
  /*
   * Support for IF/ENDIF based on an idea by Bert Driehuis.
   */
@@ -389,7 +398,7 @@ static void dict_pcre_close(DICT *dict)
            if (match_rule->pattern)
                myfree((char *) match_rule->pattern);
            if (match_rule->hints)
-               myfree((char *) match_rule->hints);
+               DICT_PCRE_FREE_STUDY(match_rule->hints);
            if (match_rule->replacement)
                myfree((char *) match_rule->replacement);
            break;
@@ -398,7 +407,7 @@ static void dict_pcre_close(DICT *dict)
            if (if_rule->pattern)
                myfree((char *) if_rule->pattern);
            if (if_rule->hints)
-               myfree((char *) if_rule->hints);
+               DICT_PCRE_FREE_STUDY(if_rule->hints);
            break;
        case DICT_PCRE_OP_ENDIF:
            break;
@@ -679,7 +688,7 @@ static DICT_PCRE_RULE *dict_pcre_parse_rule(const char *mapname, int lineno,
            if (engine.pattern)
                myfree((char *) engine.pattern);
            if (engine.hints)
-               myfree((char *) engine.hints);
+               DICT_PCRE_FREE_STUDY(engine.hints);
            CREATE_MATCHOP_ERROR_RETURN(0);
        }
 #endif