Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
in the Postfix sendmail command broke authorized_submit_users
with a dynamically-loaded map type. File: sendmail/sendmail.c.
+
+20171116
+
+ Bugfix (introduced: Postfix 2.1): don't log warnings
+ that some restriction returns OK, when the access map
+ DISCARD feature is in effect. File: smtpd/smtpd_check.c.
+
+20171215
+
+ Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke
+ Berkeley DB configurations with a relative pathname. File:
+ util/dict_db.c.
+
+20171218
+
+ Workaround: reportedly, some res_query(3) implementation
+ can return -1 with h_errno==0. Instead of terminating with
+ a panic, the Postfix DNS client now logs a warning and sets
+ h_errno to TRY_AGAIN. File: dns/dns_lookup.c.
+
+20171226
+
+ Documentation patches by Sven Neuhaus. Files:
+ proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html.
+
+20180106
+
+ Cleanup: missing mailbox seek-to-end error check in the
+ local(8) delivery agent. File: local/mailbox.c.
+
+ Cleanup: incorrect mailbox seek-to-end error message in the
+ virtual(8) delivery agent. File: virtual/mailbox.c.
<pre>
# cd /etc/postfix
# umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
# chmod 644 dh512.pem dh1024.pem dh2048.pem
</pre>
</blockquote>
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Not available </td>
+<tr> <td> < 2.10</td> <td> Not available </td>
</tr>
<tr> <td rowspan="2"> <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> </td> <td> ≥
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Required </td> </tr>
+<tr> <td> < 2.10</td> <td> Required </td> </tr>
<tr> <td> <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> </td> <td> ≥ 2.0 </td> <td>
Optional </td> <td>
<pre>
# cd /etc/postfix
# umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
# chmod 644 dh512.pem dh1024.pem dh2048.pem
</pre>
</blockquote>
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Not available </td>
+<tr> <td> < 2.10</td> <td> Not available </td>
</tr>
<tr> <td rowspan="2"> smtpd_recipient_restrictions </td> <td> ≥
relay policy</td>
<td rowspan="2"> Reject RCPT TO information </td> </tr>
-<tr> <td> < 2.10</td> <td> Required </td> </tr>
+<tr> <td> < 2.10</td> <td> Required </td> </tr>
<tr> <td> smtpd_data_restrictions </td> <td> ≥ 2.0 </td> <td>
Optional </td> <td>
/* Prepare for returning a null-padded server reply. */
memset(answer, 0, anslen);
len = res_query(name, class, type, answer, anslen);
+ /* Begin API creep workaround. */
+ if (len < 0 && h_errno == 0) {
+ SET_H_ERRNO(TRY_AGAIN);
+ msg_warn("res_query(\"%s\", %d, %d, %p, %d) returns %d with h_errno==0"
+ " -- setting h_errno=TRY_AGAIN",
+ name, class, type, answer, anslen, len);
+ }
+ /* End API creep workaround. */
if (len > 0) {
SET_H_ERRNO(0);
} else if (keep_notfound && NOT_FOUND_H_ERRNO(h_errno)) {
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20171028"
-#define MAIL_VERSION_NUMBER "3.1.7"
+#define MAIL_RELEASE_DATE "20180127"
+#define MAIL_VERSION_NUMBER "3.1.8"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
int deliver_status;
int copy_flags;
VSTRING *biff;
- long end;
+ off_t end;
struct stat st;
uid_t spool_uid;
gid_t spool_gid;
msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch",
VAR_STRICT_MBOX_OWNER);
} else {
- end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END);
+ if ((end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END)) < 0)
+ msg_fatal("seek mailbox file %s: %m", mailbox);
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
copy_flags, "\n", why);
}
static void forbid_whitelist(SMTPD_STATE *state, const char *name,
int status, const char *target)
{
- if (status == SMTPD_CHECK_OK) {
+ if (state->discard == 0 && status == SMTPD_CHECK_OK) {
msg_warn("restriction %s returns OK for %s", name, target);
msg_warn("this is not allowed for security reasons");
msg_warn("use DUNNO instead of OK if you want to make an exception");
struct stat st;
DB *db = 0;
char *db_path = 0;
+ VSTRING *db_base_buf = 0;
int lock_fd = -1;
int dbfd;
#define FREE_RETURN(e) do { \
DICT *_dict = (e); if (db) DICT_DB_CLOSE(db); \
if (lock_fd >= 0) (void) close(lock_fd); \
+ if (db_base_buf) vstring_free(db_base_buf); \
if (db_path) myfree(db_path); return (_dict); \
} while (0)
msg_panic("db_create null result");
if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
+ db_base_buf = vstring_alloc(100);
#if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
(DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
- if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
+ if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path),
+ 0, type, db_flags, 0644)) != 0)
FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags,
"open database %s: %m", db_path));
#elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4)
- if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0)
+ if ((errno = db->open(db, sane_basename(db_base_buf, db_path), 0,
+ type, db_flags, 0644)) != 0)
FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags,
"open database %s: %m", db_path));
#else
#error "Unsupported Berkeley DB version"
#endif
+ vstring_free(db_base_buf);
if ((errno = db->fd(db, &dbfd)) != 0)
msg_fatal("get database file descriptor: %m");
#endif
VAR_STRICT_MBOX_OWNER);
} else {
if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0)
- msg_fatal("%s: seek queue file %s: %m",
+ msg_fatal("%s: seek mailbox file %s: %m",
myname, VSTREAM_PATH(mp->fp));
mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp,
copy_flags, "\n", why);
projects / thirdparty / postfix.git / commitdiff
