Safety: restore sanity checks for dynamically-specified
width and precision in format strings (%*, %.*, and %*.*).
- These checks were lost with the Postfix 3.2.2 rewrite of
+ These checks were lost with the Postfix 3.2 rewrite of
the vbuf_print formatter. File: vbuf_print.c.
20170923
Bugfix (introduced: Postfix 3.2): panic in the postqueue
command after output write error while listing the queue.
This change restores a write error check that was lost with
- the Postfix 3.2.2 rewrite of the vbuf_print formatter.
+ the Postfix 3.2 rewrite of the vbuf_print formatter.
Problem reported by Andreas Schulze. File: util/vbuf_print.c.
+
+20171009
+
+ Bugfix (introduced: Postfix 3.1): DANE support. Postfix
+ builds with OpenSSL 1.0.0 or 1.0.1 failed to send email to
+ some sites with "TLSA 2 X X" records associated with an
+ intermediate CA certificate. Problem report and initial
+ fix by Erwan Legrand. File: src/tls/tls_dane.c.
+
+20171024
+
+ Bugfix (introduced: Postfix 3.0) missing dynamicmaps support
+ in the Postfix sendmail command broke authorized_submit_users
+ with a dynamically-loaded map type. File: sendmail/sendmail.c.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20170924"
-#define MAIL_VERSION_NUMBER "3.2.3"
+#define MAIL_RELEASE_DATE "20171028"
+#define MAIL_VERSION_NUMBER "3.2.4"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
sendmail.o: ../../include/htable.h
sendmail.o: ../../include/iostuff.h
sendmail.o: ../../include/mail_conf.h
+sendmail.o: ../../include/mail_dict.h
sendmail.o: ../../include/mail_flush.h
sendmail.o: ../../include/mail_params.h
sendmail.o: ../../include/mail_parm_split.h
#include <deliver_request.h>
#include <mime_state.h>
#include <header_opts.h>
+#include <mail_dict.h>
#include <user_acl.h>
#include <dsn_mask.h>
#include <mail_parm_split.h>
msg_syslog_init(mail_task("sendmail"), LOG_PID, LOG_FACILITY);
get_mail_conf_str_table(str_table);
+ mail_dict_init();
+
if (chdir(var_queue_dir))
msg_fatal_status(EX_UNAVAILABLE, "chdir %s: %m", var_queue_dir);
/* set_issuer - set issuer DN to match akid if specified */
-static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
+static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
{
X509_NAME *name = akid_issuer_name(akid);
*/
if (name)
return (X509_set_issuer_name(cert, name));
- return (X509_set_issuer_name(cert, X509_get_subject_name(cert)));
+ return (X509_set_issuer_name(cert, subj));
}
/* grow_chain - add certificate to trusted or untrusted chain */
*/
if (!X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !set_issuer_name(cert, akid)
+ || !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
#include <mail_conf.h>
#include <msg_vstream.h>
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#define SSL_get0_param(s) ((s)->param)
+#endif
+
static int verify_chain(SSL *ssl, x509_stack_t *chain, TLS_SESS_STATE *tctx)
{
int ret;
projects / thirdparty / postfix.git / commitdiff
