]> git.ipfire.org Git - thirdparty/postfix.git/commitdiff
projects / thirdparty / postfix.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 040861c)
postfix-2.9.9 v2.9.9
authorWietse Venema <wietse@porcupine.org>
Thu, 16 Jan 2014 05:00:00 +0000 (00:00 -0500)
committerViktor Dukhovni <postfix-users@dukhovni.org>
Sat, 10 Feb 2018 17:55:12 +0000 (12:55 -0500)
12 files changed:
postfix/HISTORY patch | blob | blame | history
postfix/README_FILES/MULTI_INSTANCE_README patch | blob | blame | history
postfix/README_FILES/SASL_README patch | blob | blame | history
postfix/conf/post-install patch | blob | blame | history
postfix/html/MULTI_INSTANCE_README.html patch | blob | blame | history
postfix/html/SASL_README.html patch | blob | blame | history
postfix/proto/MULTI_INSTANCE_README.html patch | blob | blame | history
postfix/proto/SASL_README.html patch | blob | blame | history
postfix/src/global/mail_version.h patch | blob | blame | history
postfix/src/postconf/postconf.c patch | blob | blame | history
postfix/src/tls/tls_misc.c patch | blob | blame | history
postfix/src/util/dict_pcre.c patch | blob | blame | history

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 53d3826adfedd927de0fedb7e0909289b23561cc..d4efeec4d2cc414003d5a23b7f69d86e98038ef2 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -17834,3 +17834,36 @@ Apologies for any names omitted.
        each smtpd(8) process.  The workaround turns off session
        tickets. In 2.11 we'll enable session tickets properly.
        Viktor Dukhovni. File: tls/tls_server.c.
+
+20131026
+
+       Future proofing: API changes in the PCRE library.  File:
+       util/dict_pcre.c.
+
+20131127
+
+       Bugfix (introduced: 20090106): the postconf '-#' option
+       erased prior options. File: postconf/postconf.c.
+
+20131129
+
+       Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor
+       Dukhovni. File: proto/MULTI_INSTANCE_README.html.
+
+20131216
+
+       OpenSSL future proofing: tolerate disappearance of named
+       bug-workaround bits without invalidating tls_disable_workarounds
+       configurations.  When support for a bug workaround is removed
+       from OpenSSL, the corresponding bit is defined as zero (i.e.
+       NOOP) instead of causing programs to break. Viktor Dukhovni.
+       File: tls/tls_misc.c.
+
+20131220
+
+       Documentation: typo in SASL_README. Patrick Ben Koetter.
+       File: proto/SASL_README.html.
+
+20140104
+
+       Bugfix: malformed error message. File: conf/post-install.
diff --git a/postfix/README_FILES/MULTI_INSTANCE_README b/postfix/README_FILES/MULTI_INSTANCE_README
index b6e15d2e33a9fbe9df812eb24180cc8b4b0a9c4c..8756a9d6fb26e62a550c929ac984c12f703ff74f 100644 (file)
--- a/postfix/README_FILES/MULTI_INSTANCE_README
+++ b/postfix/README_FILES/MULTI_INSTANCE_README
@@ -177,7 +177,7 @@ database when none exists.
         generic: Makefile
            @echo Creating $@
            @rm -f $@.tmp
-           @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp
+           @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp
            @mv $@.tmp generic
 
         %.cdb: %
diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README
index 282edc1d494cfc3d6c1d8d917077020c084b1b69..601ebb7c274444fdfe91e57480645b5f5b81cb84 100644 (file)
--- a/postfix/README_FILES/SASL_README
+++ b/postfix/README_FILES/SASL_README
@@ -477,7 +477,7 @@ to a PostgreSQL server:
         sql_user: username
         sql_passwd: secret
         sql_database: dbname
-        sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+        sql_select: SELECT password FROM users WHERE user = '%u@%r'
 
     N\bNo\bot\bte\be
 
diff --git a/postfix/conf/post-install b/postfix/conf/post-install
index 63ad8a0bd3bbc37cbd67f50d7fb83c00539addc2..d56b8151b8df531d3bdec86dee4554fa289e3d6e 100644 (file)
--- a/postfix/conf/post-install
+++ b/postfix/conf/post-install
@@ -464,7 +464,7 @@ test -n "$create" && {
        case $type in
        [hl]) continue;;
        [df]) ;;
-          *) echo unknown type $type for $path in $daemon_directory/postfix-files1>&2; exit 1;;
+          *) echo unknown type $type for $path in $daemon_directory/postfix-files 1>&2; exit 1;;
        esac
        # Expand $name, and canonicalize null fields.
        for name in path owner group flags
diff --git a/postfix/html/MULTI_INSTANCE_README.html b/postfix/html/MULTI_INSTANCE_README.html
index f224338747b45c6054fe75efae6d00c78f02963d..c5e5f7e1d131c49b0a1e0936b2b07ff3a1e42f74 100644 (file)
--- a/postfix/html/MULTI_INSTANCE_README.html
+++ b/postfix/html/MULTI_INSTANCE_README.html
@@ -233,7 +233,7 @@ creates a "generic" database when none exists. </p>
     generic: Makefile
            @echo Creating $@
            @rm -f $@.tmp
-           @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
+           @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` &gt; $@.tmp
            @mv $@.tmp generic
 
     %.<a href="CDB_README.html">cdb</a>: %
diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html
index f76ca860f0dbadadf5069dbfb7afced09d16de43..3ab30a1fed4ee00f615df153c35eacb82638d451 100644 (file)
--- a/postfix/html/SASL_README.html
+++ b/postfix/html/SASL_README.html
@@ -784,7 +784,7 @@ and connects it to a PostgreSQL server: </p>
     sql_user: username
     sql_passwd: secret
     sql_database: dbname
-    sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+    sql_select: SELECT password FROM users WHERE user = '%u@%r'
 </pre>
 </blockquote>
 
diff --git a/postfix/proto/MULTI_INSTANCE_README.html b/postfix/proto/MULTI_INSTANCE_README.html
index fe6fc7c6df44813f14f19e790ed18a5717bdf8af..e6812e7b5fcb8c170924e040c3c7021416ffbfe3 100644 (file)
--- a/postfix/proto/MULTI_INSTANCE_README.html
+++ b/postfix/proto/MULTI_INSTANCE_README.html
@@ -233,7 +233,7 @@ creates a "generic" database when none exists. </p>
     generic: Makefile
            @echo Creating $@
            @rm -f $@.tmp
-           @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` &gt; $@.tmp
+           @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` &gt; $@.tmp
            @mv $@.tmp generic
 
     %.cdb: %
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html
index a3320be86e6e755e6c9d16a06f330e8eb43117a3..11f4cc24e8c2107d6d170f1db37954659eaba0b6 100644 (file)
--- a/postfix/proto/SASL_README.html
+++ b/postfix/proto/SASL_README.html
@@ -784,7 +784,7 @@ and connects it to a PostgreSQL server: </p>
     sql_user: username
     sql_passwd: secret
     sql_database: dbname
-    sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
+    sql_select: SELECT password FROM users WHERE user = '%u@%r'
 </pre>
 </blockquote>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 4e18c453733bcc8419b6c478dfbd4cf520c782cd..1ae1520ff1a925aceb3fb1058b7693861a479aad 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20130905"
-#define MAIL_VERSION_NUMBER    "2.9.8"
+#define MAIL_RELEASE_DATE      "20140116"
+#define MAIL_VERSION_NUMBER    "2.9.9"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE     "-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index becede83455c0300a1a12f41d9cd422881bf787c..f6ee455225ce0b79a6afdb5db330b33e6ed56627 100644 (file)
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -456,7 +456,7 @@ int     main(int argc, char **argv)
            break;
 #endif
        case '#':
-           cmd_mode = COMMENT_OUT;
+           cmd_mode |= COMMENT_OUT;
            break;
 
        case 'h':
diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c
index 5fef95920882678a9ab253600fe04f5c37e59988..1555efcdd255c0634783ed85918211070812fa92 100644 (file)
--- a/postfix/src/tls/tls_misc.c
+++ b/postfix/src/tls/tls_misc.c
@@ -241,59 +241,72 @@ static const NAME_CODE protocol_table[] = {
 #define NAMEBUG(x)     #x, SSL_OP_##x
 static const LONG_NAME_MASK ssl_bug_tweaks[] = {
 
-#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
-    NAMEBUG(MICROSOFT_SESS_ID_BUG),    /* 0x00000001L */
+#ifndef SSL_OP_MICROSOFT_SESS_ID_BUG
+#define SSL_OP_MICROSOFT_SESS_ID_BUG           0
 #endif
+    NAMEBUG(MICROSOFT_SESS_ID_BUG),
 
-#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
-    NAMEBUG(NETSCAPE_CHALLENGE_BUG),   /* 0x00000002L */
+#ifndef SSL_OP_NETSCAPE_CHALLENGE_BUG
+#define SSL_OP_NETSCAPE_CHALLENGE_BUG          0
 #endif
+    NAMEBUG(NETSCAPE_CHALLENGE_BUG),
 
-#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
-    NAMEBUG(LEGACY_SERVER_CONNECT),    /* 0x00000004L */
+#ifndef SSL_OP_LEGACY_SERVER_CONNECT
+#define SSL_OP_LEGACY_SERVER_CONNECT           0
 #endif
+    NAMEBUG(LEGACY_SERVER_CONNECT),
 
-#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
-    NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG), /* 0x00000008L */
-    "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
+#ifndef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0
 #endif
+    NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG),
+    "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
 
-#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
-    NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG),      /* 0x00000010L */
+#ifndef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG     0
 #endif
+    NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG),
 
-#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-    NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),/* 0x00000020L  */
+#ifndef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER      0
 #endif
+    NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),
 
-#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
-    NAMEBUG(MSIE_SSLV2_RSA_PADDING),   /* 0x00000040L */
-    "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
+#ifndef SSL_OP_MSIE_SSLV2_RSA_PADDING
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING          0
 #endif
+    NAMEBUG(MSIE_SSLV2_RSA_PADDING),
+    "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING,
 
-#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
-    NAMEBUG(SSLEAY_080_CLIENT_DH_BUG), /* 0x00000080L */
+#ifndef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                0
 #endif
+    NAMEBUG(SSLEAY_080_CLIENT_DH_BUG),
 
-#if defined(SSL_OP_TLS_D5_BUG)
-    NAMEBUG(TLS_D5_BUG),               /* 0x00000100L   */
+#ifndef SSL_OP_TLS_D5_BUG
+#define SSL_OP_TLS_D5_BUG                      0
 #endif
+    NAMEBUG(TLS_D5_BUG),
 
-#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
-    NAMEBUG(TLS_BLOCK_PADDING_BUG),    /* 0x00000200L */
+#ifndef SSL_OP_TLS_BLOCK_PADDING_BUG
+#define SSL_OP_TLS_BLOCK_PADDING_BUG           0
 #endif
+    NAMEBUG(TLS_BLOCK_PADDING_BUG),
 
-#if defined(SSL_OP_TLS_ROLLBACK_BUG)
-    NAMEBUG(TLS_ROLLBACK_BUG),         /* 0x00000400L */
+#ifndef SSL_OP_TLS_ROLLBACK_BUG
+#define SSL_OP_TLS_ROLLBACK_BUG                        0
 #endif
+    NAMEBUG(TLS_ROLLBACK_BUG),
 
-#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
-    NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS),      /* 0x00000800L */
+#ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS     0
 #endif
+    NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS),
 
-#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
-    NAMEBUG(CRYPTOPRO_TLSEXT_BUG),     /* 0x80000000L */
+#ifndef SSL_OP_CRYPTOPRO_TLSEXT_BUG
+#define SSL_OP_CRYPTOPRO_TLSEXT_BUG            0
 #endif
+    NAMEBUG(CRYPTOPRO_TLSEXT_BUG),
     0, 0,
 };
 
@@ -866,7 +879,8 @@ long    tls_bug_bits(void)
 {
     long    bits = SSL_OP_ALL;         /* Work around all known bugs */
 
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
+#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
+       OPENSSL_VERSION_NUMBER < 0x10000000L
     long    lib_version = SSLeay();
 
     /*
@@ -892,6 +906,10 @@ long    tls_bug_bits(void)
        bits &= ~long_name_mask_opt(VAR_TLS_BUG_TWEAKS, ssl_bug_tweaks,
                                    var_tls_bug_tweaks, NAME_MASK_ANY_CASE |
                                    NAME_MASK_NUMBER | NAME_MASK_WARN);
+#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+       /* Not relevant to SMTP */
+       bits &= ~SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
+#endif
     }
     return (bits);
 }
diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c
index 060019ec5c937f0d24b9553abee5df30ca41f7ce..3ae2104b9624d3942c4dc6ef341384485c5cf850 100644 (file)
--- a/postfix/src/util/dict_pcre.c
+++ b/postfix/src/util/dict_pcre.c
@@ -61,6 +61,15 @@
 #include "pcre.h"
 #include "warn_stat.h"
 
+ /*
+  * Backwards compatibility.
+  */
+#ifdef PCRE_STUDY_JIT_COMPILE
+#define DICT_PCRE_FREE_STUDY(x)        pcre_free_study(x)
+#else
+#define DICT_PCRE_FREE_STUDY(x)        pcre_free((char *) (x))
+#endif
+
  /*
   * Support for IF/ENDIF based on an idea by Bert Driehuis.
   */
@@ -389,7 +398,7 @@ static void dict_pcre_close(DICT *dict)
            if (match_rule->pattern)
                myfree((char *) match_rule->pattern);
            if (match_rule->hints)
-               myfree((char *) match_rule->hints);
+               DICT_PCRE_FREE_STUDY(match_rule->hints);
            if (match_rule->replacement)
                myfree((char *) match_rule->replacement);
            break;
@@ -398,7 +407,7 @@ static void dict_pcre_close(DICT *dict)
            if (if_rule->pattern)
                myfree((char *) if_rule->pattern);
            if (if_rule->hints)
-               myfree((char *) if_rule->hints);
+               DICT_PCRE_FREE_STUDY(if_rule->hints);
            break;
        case DICT_PCRE_OP_ENDIF:
            break;
@@ -679,7 +688,7 @@ static DICT_PCRE_RULE *dict_pcre_parse_rule(const char *mapname, int lineno,
            if (engine.pattern)
                myfree((char *) engine.pattern);
            if (engine.hints)
-               myfree((char *) engine.hints);
+               DICT_PCRE_FREE_STUDY(engine.hints);
            CREATE_MATCHOP_ERROR_RETURN(0);
        }
 #endif
Mirror of https://github.com/vdukhovni/postfix.git