quoting routine returned the unquoted result instead of the
quoted text. The opportunities for misuse are limited,
because Postfix sqlite files are usually owned by root, and
- because Postfix daemons usually run with non-root privileges.
- File: global/dict_sqlite.c.
+ Postfix daemons usually run with non-root privileges so
+ they can't corrupt the database. Problem reported by Rob
+ McGee (rob0). File: global/dict_sqlite.c.
20120130
Bugfix (introduced: Postfix 2.3): the trace service did not
distinguish between notifications for a non-bounce or a
- single-bounce message. This code pre-dates DSN support and
- should have been updated when it was re-purposed to handle
- DSN SUCCESS notifications. Problem reported by Sabahattin
+ bounce message. This code pre-dates DSN support and should
+ have been updated when it was re-purposed to handle DSN
+ SUCCESS notifications. Problem reported by Sabahattin
Gucukoglu. File: bounce/bounce_trace_service.c.
+
+20120202
+
+ Bugfix (introduced: Postfix 2.3): the "change header" milter
+ request could replace the wrong header. A long header name
+ could match a shorter one, because a length check was done
+ on the wrong string. Reported by Vladimir Vassiliev. File:
+ cleanup/cleanup_milter.c.
Things to do after the stable release:
+ The discussion of postscreen cache configuration is in the
+ wrong place (how whitelisting works). Move it to the section
+ about configuring postscreen.
+
Before proxymap can be exposed to the network to share,
e.g., postscreen or verify caches, need to enforce limits
on attribute string length in IPC protocols. 10-20KB seems
#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) {
- msg_info("%s: not sending notification for double-bounce message",
- queue_id);
+ msg_info("%s: not sending trace/success notification for "
+ "double-bounce message", queue_id);
return (0);
} else if (*recipient == 0) {
if ((notify_mask & MAIL_ERROR_2BOUNCE) != 0) {
recipient = var_2bounce_rcpt;
sender = mail_addr_double_bounce();
} else {
- msg_info("%s: not sending notification for single-bounce message",
- queue_id);
+ msg_info("%s: not sending trace/success notification "
+ "for single-bounce message", queue_id);
if (mail_queue_remove(service, queue_id) && errno != ENOENT)
msg_fatal("remove %s %s: %m", service, queue_id);
return (0);
diff cleanup_masq.ref cleanup_masq.tmp
rm -f cleanup_masq.tmp
-bug_tests: bug1_test bug2_test
+bug_tests: bug1_test bug2_test bug3_test
../postcat/postcat:
cd ../postcat; make
diff bug2.text.ref bug2.tmp
rm -f bug2.file.tmp bug2.tmp
+bug3_test: cleanup_milter bug3.file bug3.in bug3.ref bug3.text.ref \
+ ../postcat/postcat
+ cp bug3.file bug3.file.tmp
+ chmod u+w bug3.file.tmp
+ ./cleanup_milter <bug3.in
+ ../postcat/postcat -ov bug3.file.tmp 2>/dev/null >bug3.tmp
+ diff bug3.ref bug3.tmp
+ ../postcat/postcat bug3.file.tmp 2>/dev/null >bug3.tmp
+ diff bug3.text.ref bug3.tmp
+ rm -f bug3.file.tmp bug3.tmp
+
# Test queue file editing routines.
cleanup_milter_test: cleanup_milter test-queue-file cleanup_milter.in1 \
--- /dev/null
+#verbose on
+open bug3.file.tmp
+
+# This was a problem with a length check in the wrong place, causing
+# a short header name to match a longer one. After successful
+# substring match, the "change header" code checked the length of
+# the header name that was found, instead of the header name that
+# was wanted.
+
+#add_header X-SpamTest-Envelope-From wietse@porcupine.org
+#upd_header 1 X-SpamTest-Envelope-From wietse@porcupine.org
+#add_header X-SpamTest-Group-ID 00000000
+#upd_header 1 X-SpamTest-Group-ID 00000000
+#add_header X-SpamTest-Info Profiles 29362 [Feb 02 2012]
+#upd_header 1 X-SpamTest-Info Profiles 29362 [Feb 02 2012]
+#add_header X-SpamTest-Method none
+#upd_header 1 X-SpamTest-Method none
+#add_header X-SpamTest-Rate 0
+#upd_header 1 X-SpamTest-Rate 0
+#add_header X-SpamTest-SPF none
+#upd_header 1 X-SpamTest-SPF none
+add_header X-SpamTest-Status Not detected
+#upd_header 1 X-SpamTest-Status Not detected
+add_header X-SpamTest-Status-Extended not_detected
+upd_header 1 X-SpamTest-Status-Extended not_detected
+#add_header X-SpamTest-Version SMTP-Filter Version 3.0.0 [0284], KAS30/Release
+#upd_header 1 X-SpamTest-Version SMTP-Filter Version 3.0.0 [0284], KAS30/Release
+
+close
--- /dev/null
+*** ENVELOPE RECORDS bug3.file.tmp ***
+ 0 message_size: 307 237 1 0 307
+ 81 message_arrival_time: Thu Feb 2 09:02:07 2012
+ 100 create_time: Thu Feb 2 09:02:07 2012
+ 124 named_attribute: rewrite_context=local
+ 147 sender_fullname: Wietse Venema
+ 162 sender: me@porcupine.org
+ 180 original_recipient: you@porcupine.org
+ 199 recipient: you@porcupine.org
+ 218 pointer_record: 0
+ 235 *** MESSAGE CONTENTS bug3.file.tmp ***
+ 237 regular_text: Received: by hades.porcupine.org (Postfix, from userid 1001)
+ 299 regular_text: id 9210192461E; Thu, 2 Feb 2012 09:02:07 -0500 (EST)
+ 355 regular_text: Message-Id: <20120202140207.9210192461E@hades.porcupine.org>
+ 417 regular_text: Date: Thu, 2 Feb 2012 09:02:07 -0500 (EST)
+ 462 regular_text: From: me@porcupine.org (Wietse Venema)
+ 502 pointer_record: 565
+ 565 regular_text: X-SpamTest-Status: Not detected
+ 598 pointer_record: 615
+ 615 pointer_record: 674
+ 674 regular_text: X-SpamTest-Status-Extended: not_detected
+ 716 pointer_record: 657
+ 657 pointer_record: 519
+ 519 regular_text:
+ 521 regular_text: test
+ 527 pointer_record: 0
+ 544 *** HEADER EXTRACTED bug3.file.tmp ***
+ 546 pointer_record: 0
+ 563 *** MESSAGE FILE END bug3.file.tmp ***
--- /dev/null
+*** ENVELOPE RECORDS bug3.file.tmp ***
+message_size: 307 237 1 0 307
+message_arrival_time: Thu Feb 2 09:02:07 2012
+create_time: Thu Feb 2 09:02:07 2012
+named_attribute: rewrite_context=local
+sender_fullname: Wietse Venema
+sender: me@porcupine.org
+original_recipient: you@porcupine.org
+recipient: you@porcupine.org
+*** MESSAGE CONTENTS bug3.file.tmp ***
+Received: by hades.porcupine.org (Postfix, from userid 1001)
+ id 9210192461E; Thu, 2 Feb 2012 09:02:07 -0500 (EST)
+Message-Id: <20120202140207.9210192461E@hades.porcupine.org>
+Date: Thu, 2 Feb 2012 09:02:07 -0500 (EST)
+From: me@porcupine.org (Wietse Venema)
+X-SpamTest-Status: Not detected
+X-SpamTest-Status-Extended: not_detected
+
+test
+*** HEADER EXTRACTED bug3.file.tmp ***
+*** MESSAGE FILE END bug3.file.tmp ***
/* Reset the saved PTR record and update last_type. */ ;
else if ((header_label == 0
|| (strncasecmp(header_label, STR(buf), len) == 0
- && (IS_SPACE_TAB(STR(buf)[len])
- || STR(buf)[len] == ':')))
+ && (strlen(header_label) == len)))
&& --index == 0) {
/* If we have a saved PTR record, it points to start of header. */
break;
char *passwd;
char *realm;
char *authzid;
-} bind_props;
+} bind_props;
static int ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter)
{
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20120130"
+#define MAIL_RELEASE_DATE "20120202"
#define MAIL_VERSION_NUMBER "2.10"
#ifdef SNAPSHOT
projects / thirdparty / postfix.git / commitdiff
