accepted in SMTP mail, but they could appear within locally
submitted mail. File: bounce/bounce_append_service.c.
- Workaround: exempt processes running with the real userid
- of root from safe_getenv() restrictions. The super-user
- is supposed to know what she is doing.
-
20020318
Workaround: Berkeley DB can't handle null key lookups,
whitespace. Fix by Victor Duchovni, Morgan Stanley. File:
cleanup/cleanup_map1n.c.
- Feature: configurable service name for the cleanup service.
- Files: global/mail_params.[hc].
+ Feature: configurable service name for the internal services:
+ bounce, cleanup, defer, error, flush, pickup, queue, rewrite,
+ showq. Files: global/mail_params.[hc].
Feature: SASL version 2 support by Jason Hoos.
+20020330
+
+ Bugfix: postqueue did not pass on configuration directory
+ settings when running showq while the mail system is down.
+ The super-user is now exempted from environment stripping
+ in postqueue/postqueue.c. Problem reported by Victor
+ Duchovni, Morgan Stanley.
+
Open problems:
Low: sendmail does not store null command-line recipients.
behaviors broke MIME encapsulation, causing MIME attachments to
"disappear" with all previous Postfix versions.
+Major changes with Postfix version x.x.x
+========================================
+
+Support for the Cyrus SASL version 2 library.
+
Incompatible changes with Postfix version 1.1.3 (released 20020201)
===================================================================
* release date only, unless they include the same bugfix as a patch release.
*/
#define VAR_MAIL_VERSION "mail_version"
-#ifdef SNAPSHOT
-#define DEF_MAIL_VERSION "1.1.5-$mail_release_date"
-#else
-#define DEF_MAIL_VERSION "1.1.5"
-#endif
+#define DEF_MAIL_VERSION "1.1.6-$mail_release_date"
extern char *var_mail_version;
/*
* Release date.
*/
#define VAR_MAIL_RELEASE "mail_release_date"
-#define DEF_MAIL_RELEASE "20020311"
+#define DEF_MAIL_RELEASE "20020330"
extern char *var_mail_release;
/* LICENSE
mail_conf_read();
/*
- * Strip the environment so we don't have to trust the C library.
+ * This program is designed to be set-gid, which makes it a potential
+ * target for attack. If not running as root, strip the environment so we
+ * don't have to trust the C library. If running as root, don't strip the
+ * environment so that showq can receive non-default configuration
+ * directory info when the mail system is down.
*/
- import_env = argv_split(var_import_environ, ", \t\r\n");
- clean_env(import_env->argv);
- argv_free(import_env);
-
+ if (geteuid() != 0) {
+ import_env = argv_split(var_import_environ, ", \t\r\n");
+ clean_env(import_env->argv);
+ argv_free(import_env);
+ }
if (chdir(var_queue_dir))
msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
}
if (cmdp->flags & SMTPD_CMD_FLAG_HEADER) {
msg_warn("%s sent %s header instead of SMTP command: %.100s",
- cmdp->name, state->namaddr, vstring_str(state->buffer));
+ state->namaddr, cmdp->name, vstring_str(state->buffer));
smtpd_chat_reply(state, "221 Error: I can break rules, too. Goodbye.");
break;
}
void smtpd_sasl_connect(SMTPD_STATE *state)
{
+#if SASL_VERSION_MAJOR < 2
unsigned sasl_mechanism_count;
+
+#else
+ int sasl_mechanism_count;
+
+#endif
sasl_security_properties_t sec_props;
char *server_address;
char *client_address;
/* char *name;
/* DESCRIPTION
/* The \fBsafe_getenv\fR() routine reads the named variable from the
-/* environment, provided that either the process runs with the real
-/* and effective user ID of root, or that the unsafe() routine agrees.
+/* environment, provided that the unsafe() routine agrees.
/* SEE ALSO
/* unsafe(3), detect non-user privileges
/* LICENSE
char *safe_getenv(const char *name)
{
- return ((getuid() == 0 && geteuid() == 0) || unsafe() == 0 ?
- getenv(name) : 0);
+ return (unsafe() == 0 ? getenv(name) : 0);
}
projects / thirdparty / postfix.git / commitdiff
