postfix-3.1.5

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 5a52f1c2ba12eacd8950fa7ea253527f0c003aec..d012df121654083d30430a7ab63e91c573d52943 100644 (file)
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -22317,3 +22317,25 @@ Apologies for any names omitted.
        senders with "smtpd_reject_unlisted_recipient = yes" or
        with reject_unlisted_sender.  Stephen R. van den Berg (Mr.
        procmail).  Files: smtpd/smtpd.c, smtpd/smtpd_check.c.
+
+20170221
+
+       Compatibility fix (introduced: Postfix 3.1): some Milter
+       applications do not recognize macros sent as {name} when
+       macros have single-character names. Postfix now sends such
+       macros without {} as it has done historically. Viktor
+       Dukhovni. File: milter/milter.c.
+
+20170430
+
+       Safety net: append a null byte to vstring buffers, so that
+       C-style string operations won't scribble past the end. File:
+       vstring.c.
+
+20170610
+
+       Workaround (introduced: Postfix 3.0 20140718): prevent MIME
+       downgrade of Postfix-generated message/delivery status.
+       It's supposed to be 7bit, therefore quoted-printable encoding
+       is not expected. Problem reported by Griff. File:
+       bounce/bounce_notify_util.c.

diff --git a/postfix/Makefile b/postfix/Makefile
index e93de9fbf35540673d6903935024f6ac9fc436d0..bf0bad878555c935292f32042f588ca226fc41ca 100644 (file)
--- a/postfix/Makefile
+++ b/postfix/Makefile
@@ -1,7 +1,8 @@
 # Usage: 
-#      make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags]
+#      make makefiles [name=value]...
 #
-# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples:
+# See makedefs for a descripton of available options.
+# Examples:
 #
 #      make makefiles
 #      make makefiles CC="purify cc"

diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c
index fbcda18d4d7c96665a5d5db0b368c2d78aaf7215..65a874d9db1279ab7c86630f1fc4bf6564aea950 100644 (file)
--- a/postfix/src/bounce/bounce_notify_util.c
+++ b/postfix/src/bounce/bounce_notify_util.c
@@ -637,7 +637,9 @@ int     bounce_header_dsn(VSTREAM *bounce, BOUNCE_INFO *bounce_info)
                      (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ?
                      "global-" : "");
     /* Fix 20140709: addresses may be 8bit. */
-    if (NOT_7BIT_MIME(bounce_info))
+    if (NOT_7BIT_MIME(bounce_info)
+    /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */
+       && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED))
        post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s",
                          bounce_info->mime_encoding);
 

diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index db527e5dd01dd86c30acded9aa3be4d8fe05f9c5..e42e1c56d3d7260b2fafbfe2bbbd6e89fa5c95c6 100644 (file)
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20170101"
-#define MAIL_VERSION_NUMBER    "3.1.4"
+#define MAIL_RELEASE_DATE      "20170610"
+#define MAIL_VERSION_NUMBER    "3.1.5"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE      "-" MAIL_RELEASE_DATE

diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c
index 64836d46313662c9597d5f0fa8681c54539a7750..ac2baaf7762445a527db60c2d2be3ff48c1f0156 100644 (file)
--- a/postfix/src/milter/milter.c
+++ b/postfix/src/milter/milter.c
@@ -333,18 +333,21 @@ static ARGV *milter_macro_lookup(MILTERS *milters, const char *macro_names)
     VSTRING *canon_buf = vstring_alloc(20);
     const char *value;
     const char *name;
+    const char *cname;
 
     while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
        if (msg_verbose)
            msg_info("%s: \"%s\"", myname, name);
        if (*name != '{')                       /* } */
-           name = STR(vstring_sprintf(canon_buf, "{%s}", name));
-       if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
+           cname = STR(vstring_sprintf(canon_buf, "{%s}", name));
+       else
+           cname = name;
+       if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) {
            if (msg_verbose)
                msg_info("%s: result \"%s\"", myname, value);
            argv_add(argv, name, value, (char *) 0);
        } else if (milters->macro_defaults != 0
-            && (value = htable_find(milters->macro_defaults, name)) != 0) {
+           && (value = htable_find(milters->macro_defaults, cname)) != 0) {
            if (msg_verbose)
                msg_info("%s: using default \"%s\"", myname, value);
            argv_add(argv, name, value, (char *) 0);

diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c
index 9e404b21326b80afea31f9b1b4f0d37ddf48c53c..c11b18c2824f9c0ede42d5cdbba50b68255ac413 100644 (file)
--- a/postfix/src/util/vstring.c
+++ b/postfix/src/util/vstring.c
@@ -280,6 +280,10 @@
 #include "vbuf_print.h"
 #include "vstring.h"
 
+#ifndef SSIZE_T_MAX
+#define SSIZE_T_MAX __MAXINT__(ssize_t)
+#endif
+
 /* vstring_extend - variable-length string buffer extension policy */
 
 static void vstring_extend(VBUF *bp, ssize_t incr)
@@ -299,10 +303,13 @@ static void vstring_extend(VBUF *bp, ssize_t incr)
      * (The tests are redundant as long as mymalloc() and myrealloc() reject
      * negative length parameters).
      */
-    new_len = bp->len + (bp->len > incr ? bp->len : incr);
-    if (new_len <= bp->len)
+    if (bp->len > incr)
+       incr = bp->len;
+    if (bp->len > SSIZE_T_MAX - incr - 1)
        msg_fatal("vstring_extend: length overflow");
-    bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len);
+    new_len = bp->len + incr;
+    bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1);
+    bp->data[new_len] = 0;
     bp->len = new_len;
     bp->ptr = bp->data + used;
     bp->cnt = bp->len - used;
@@ -342,12 +349,13 @@ VSTRING *vstring_alloc(ssize_t len)
 {
     VSTRING *vp;
 
-    if (len < 1)
+    if (len < 1 || len > SSIZE_T_MAX - 1)
        msg_panic("vstring_alloc: bad length %ld", (long) len);
     vp = (VSTRING *) mymalloc(sizeof(*vp));
     vp->vbuf.flags = 0;
     vp->vbuf.len = 0;
-    vp->vbuf.data = (unsigned char *) mymalloc(len);
+    vp->vbuf.data = (unsigned char *) mymalloc(len + 1);
+    vp->vbuf.data[len] = 0;
     vp->vbuf.len = len;
     VSTRING_RESET(vp);
     vp->vbuf.data[0] = 0;