xsasl/xsasl.h, xsasl/xsasl*client.c, smtp/smtp_sasl_glue.c.
More postlink fixes. File: mantools/postlink.
+
+20090419
+
+ Bugfix: don't re-enable SIGHUP if it is ignored in the
+ parent. This may cause random "Postfix integrity check
+ failed" errors at boot time (POSIX SIGHUP death), causing
+ Postfix not to start. We duplicate code from postdrop and
+ thus avoid past mistakes. File: postsuper/postsuper.c.
+
+ Robustness: don't re-enable SIGTERM if it is ignored in the
+ parent. Files: postsuper/postsuper.c, postdrop/postdrop.c.
by naive software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a>
daemon executes a command such as:
- command -f$sender -- $recipient (<i>bad</i>)
+ <i>Wrong</i>: command -f$sender -- $recipient
the command will mis-parse the -f option value when
the sender address is a null string. For correct
parsing, specify <b>$sender</b> as an argument by itself:
- command -f $sender -- $recipient (<i>good</i>)
+ <i>Right</i>: command -f $sender -- $recipient
This feature is available as of Postfix 2.3.
executes a command such as:
.sp
.nf
- command -f$sender -- $recipient (\fIbad\fR)
+ \fIWrong\fR: command -f$sender -- $recipient
.fi
.IP
the command will mis-parse the -f option value when the
specify \fB$sender\fR as an argument by itself:
.sp
.nf
- command -f $sender -- $recipient (\fIgood\fR)
+ \fIRight\fR: command -f $sender -- $recipient
.fi
.IP
This feature is available as of Postfix 2.3.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20090418"
+#define MAIL_RELEASE_DATE "20090419"
#define MAIL_VERSION_NUMBER "2.7"
#ifdef SNAPSHOT
/* executes a command such as:
/* .sp
/* .nf
-/* command -f$sender -- $recipient (\fIbad\fR)
+/* \fIWrong\fR: command -f$sender -- $recipient
/* .fi
/* .IP
/* the command will mis-parse the -f option value when the
/* specify \fB$sender\fR as an argument by itself:
/* .sp
/* .nf
-/* command -f $sender -- $recipient (\fIgood\fR)
+/* \fIRight\fR: command -f $sender -- $recipient
/* .fi
/* .IP
/* This feature is available as of Postfix 2.3.
signal(SIGINT, postdrop_sig);
signal(SIGQUIT, postdrop_sig);
- signal(SIGTERM, postdrop_sig);
+ if (signal(SIGTERM, SIG_IGN) == SIG_DFL)
+ signal(SIGTERM, postdrop_sig);
if (signal(SIGHUP, SIG_IGN) == SIG_DFL)
signal(SIGHUP, postdrop_sig);
msg_cleanup(postdrop_cleanup);
/*
* This commands requires root privileges. We therefore do not worry
* about hostile signals, and report problems via msg_warn().
+ *
+ * We use the in-kernel SIGINT handler address as an atomic variable to
+ * prevent nested interrupted() calls. For this reason, main() must
+ * configure interrupted() as SIGINT handler before other signal handlers
+ * are allowed to invoke interrupted(). See also similar code in
+ * postdrop.
*/
- if (signal(SIGHUP, SIG_IGN) != SIG_IGN) {
- (void) signal(SIGINT, SIG_IGN);
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
(void) signal(SIGQUIT, SIG_IGN);
(void) signal(SIGTERM, SIG_IGN);
+ (void) signal(SIGHUP, SIG_IGN);
if (inode_mismatch > 0 || inode_fixed > 0 || position_mismatch > 0)
msg_warn("OPERATION INCOMPLETE -- RERUN COMMAND TO FIX THE QUEUE FIRST");
if (sig)
*
* Set up signal handlers after permanently dropping super-user privileges,
* so that signal handlers will always run with the correct privileges.
+ *
+ * XXX Don't enable SIGHUP or SIGTERM if it was ignored by the parent.
+ *
+ * interrupted() uses the in-kernel SIGINT handler address as an atomic
+ * variable to prevent nested interrupted() calls. For this reason, the
+ * SIGINT handler must be configured before other signal handlers are
+ * allowed to invoke interrupted(). See also similar code in postdrop.
*/
- signal(SIGHUP, interrupted);
signal(SIGINT, interrupted);
signal(SIGQUIT, interrupted);
- signal(SIGTERM, interrupted);
+ if (signal(SIGTERM, SIG_IGN) == SIG_DFL)
+ signal(SIGTERM, interrupted);
+ if (signal(SIGHUP, SIG_IGN) == SIG_DFL)
+ signal(SIGHUP, interrupted);
msg_cleanup(fatal_warning);
/*
projects / thirdparty / postfix.git / commitdiff
