From: Wietse Venema Date: Sun, 15 May 2016 05:00:00 +0000 (-0500) Subject: postfix-3.1.1 X-Git-Tag: v3.1.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a81a00d10ac524fd3f354cc3af69a7ce8544c00;p=thirdparty%2Fpostfix.git postfix-3.1.1 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index e9c8bfa12..67b856e32 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -22186,3 +22186,33 @@ Apologies for any names omitted. complicating troubleshooting. The fix is to log additional context to clarify that this "no match" condition is for smtpd_log_access_permit_actions. File: smtpd/smtpd_check.c. + +20160228 + + Documentation: typos in postfix-tls-script(1) manpage. + +20160327 + + Documentation: line wrapping in postconf(1) manpage. + +20160310 + + Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM + (replace sender) request lost the sender_bcc_maps address. + Fixed by moving some record keeping to the sender output + function. Files: cleanup/cleanup_envelope.c, + cleanup/cleanup_addr.c, cleanup/cleanup_milter.c, + cleanup/cleanup.h, regression tests. + +20160410 + + Bugfix (introduced: Postfix 2.6): the "bad filetype" + header_checks pattern falsely rejected Content-Mumble headers + with ``name="example"; x-apple-part-url="example.com"''. + Fixed by respecting the ";" separator between content + attribute values. Reported by Cedric Knight. File: + proto/header_checks. + +20160515 + + Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h. diff --git a/postfix/conf/header_checks b/postfix/conf/header_checks index 0029f321f..d5984370f 100644 --- a/postfix/conf/header_checks +++ b/postfix/conf/header_checks @@ -470,7 +470,7 @@ # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: -# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( +# /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff --git a/postfix/conf/postfix-tls-script b/postfix/conf/postfix-tls-script index c43ed10dc..0e1f790fb 100644 --- a/postfix/conf/postfix-tls-script +++ b/postfix/conf/postfix-tls-script @@ -155,14 +155,14 @@ # This is typically used as follows: # .sp # \fBpostfix tls all-default-client && -# postfix tls enable-tls-client\fR +# postfix tls enable-client\fR # .IP "\fBall-default-server\fR" # Exit with status 0 (success) if all SMTP server TLS settings are # at their default values. Otherwise, exit with a non-zero status. # This is typically used as follows: # .sp # \fBpostfix tls all-default-server && -# postfix tls enable-tls-server\fR +# postfix tls enable-server\fR # CONFIGURATION PARAMETERS # .ad # .fi diff --git a/postfix/html/header_checks.5.html b/postfix/html/header_checks.5.html index 25fd023d1..dce6f7cc6 100644 --- a/postfix/html/header_checks.5.html +++ b/postfix/html/header_checks.5.html @@ -417,7 +417,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5) header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: - /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( + /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index 06cd292a3..969f0955f 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -503,9 +503,9 @@ POSTCONF(1) POSTCONF(1) /etc/postfix/master.cf, Postfix master daemon configuration SEE ALSO - bounce(5), bounce template file format master(5), master.cf - configuration file syntax postconf(5), main.cf configuration - file syntax + bounce(5), bounce template file format + master(5), master.cf configuration file syntax + postconf(5), main.cf configuration file syntax README FILES DATABASE_README, Postfix lookup table overview diff --git a/postfix/html/postfix-tls.1.html b/postfix/html/postfix-tls.1.html index d34989dc9..099284e58 100644 --- a/postfix/html/postfix-tls.1.html +++ b/postfix/html/postfix-tls.1.html @@ -154,7 +154,7 @@ POSTFIX-TLS(1) POSTFIX-TLS(1) This is typically used as follows: postfix tls all-default-client && - postfix tls enable-tls-client + postfix tls enable-client all-default-server Exit with status 0 (success) if all SMTP server TLS settings are @@ -162,7 +162,7 @@ POSTFIX-TLS(1) POSTFIX-TLS(1) This is typically used as follows: postfix tls all-default-server && - postfix tls enable-tls-server + postfix tls enable-server CONFIGURATION PARAMETERS The "postfix tls subcommand" feature reads or updates the following diff --git a/postfix/html/postscreen.8.html b/postfix/html/postscreen.8.html index 6bdb0e248..3f6d3a2db 100644 --- a/postfix/html/postscreen.8.html +++ b/postfix/html/postscreen.8.html @@ -81,10 +81,10 @@ POSTSCREEN(8) POSTSCREEN(8) The optional "after 220 server greeting" tests involve postscreen(8)'s built-in SMTP protocol engine. When these tests succeed, postscreen(8) - adds the client to the temporary whitelist, but it cannot not hand off - the "live" connection to a Postfix SMTP server process in the middle of - a session. Instead, postscreen(8) defers attempts to deliver mail with - a 4XX status, and waits for the client to disconnect. When the client + adds the client to the temporary whitelist, but it cannot hand off the + "live" connection to a Postfix SMTP server process in the middle of a + session. Instead, postscreen(8) defers attempts to deliver mail with a + 4XX status, and waits for the client to disconnect. When the client connects again, postscreen(8) will allow the client to talk to a Post- fix SMTP server process (provided that the whitelist status has not expired). postscreen(8) mitigates the impact of this limitation by diff --git a/postfix/makedefs b/postfix/makedefs index 7c0f22694..a21cd9f7f 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -289,6 +289,15 @@ case "$SYSTEM.$RELEASE" in : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${PLUGIN_LD="${CC} -shared"} ;; + OpenBSD.6*) SYSTYPE=OPENBSD6 + : ${CC=cc} + : ${SHLIB_SUFFIX=.so.1.0} + : ${SHLIB_CFLAGS=-fPIC} + : ${SHLIB_LD="${CC} -shared"' -Wl,-soname,${LIB}'} + : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} + : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} + : ${PLUGIN_LD="${CC} -shared"} + ;; ekkoBSD.1*) SYSTYPE=EKKOBSD1 ;; NetBSD.1*) SYSTYPE=NETBSD1 diff --git a/postfix/man/man1/postconf.1 b/postfix/man/man1/postconf.1 index e8eb1316f..3772b926d 100644 --- a/postfix/man/man1/postconf.1 +++ b/postfix/man/man1/postconf.1 @@ -536,9 +536,9 @@ Pathname of a configuration file with bounce message templates. .SH "SEE ALSO" .na .nf -bounce(5), bounce template file format master(5), master.cf -configuration file syntax postconf(5), main.cf configuration -file syntax +bounce(5), bounce template file format +master(5), master.cf configuration file syntax +postconf(5), main.cf configuration file syntax .SH "README FILES" .na .nf diff --git a/postfix/man/man1/postfix-tls.1 b/postfix/man/man1/postfix-tls.1 index 3569f503e..1c96799d0 100644 --- a/postfix/man/man1/postfix-tls.1 +++ b/postfix/man/man1/postfix-tls.1 @@ -161,14 +161,14 @@ at their default values. Otherwise, exit with a non\-zero status. This is typically used as follows: .sp \fBpostfix tls all\-default\-client && - postfix tls enable\-tls\-client\fR + postfix tls enable\-client\fR .IP "\fBall\-default\-server\fR" Exit with status 0 (success) if all SMTP server TLS settings are at their default values. Otherwise, exit with a non\-zero status. This is typically used as follows: .sp \fBpostfix tls all\-default\-server && - postfix tls enable\-tls\-server\fR + postfix tls enable\-server\fR .SH "CONFIGURATION PARAMETERS" .na .nf diff --git a/postfix/man/man5/header_checks.5 b/postfix/man/man5/header_checks.5 index e3d1c24cb..68b452ffa 100644 --- a/postfix/man/man5/header_checks.5 +++ b/postfix/man/man5/header_checks.5 @@ -443,7 +443,7 @@ sub\-expressions is to recognize Windows CLSID strings. header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: - /^Content\-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( + /^Content\-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff --git a/postfix/man/man8/postscreen.8 b/postfix/man/man8/postscreen.8 index 020529481..4a4dc3fa9 100644 --- a/postfix/man/man8/postscreen.8 +++ b/postfix/man/man8/postscreen.8 @@ -93,7 +93,7 @@ traffic from dial\-up and residential networks. The optional "after 220 server greeting" tests involve \fBpostscreen\fR(8)'s built\-in SMTP protocol engine. When these tests succeed, \fBpostscreen\fR(8) adds the client -to the temporary whitelist, but it cannot not hand off the +to the temporary whitelist, but it cannot hand off the "live" connection to a Postfix SMTP server process in the middle of a session. Instead, \fBpostscreen\fR(8) defers attempts to deliver mail with a 4XX status, and waits for @@ -430,9 +430,9 @@ POSTSCREEN_README, Postfix Postscreen Howto .ad .fi The Secure Mailer license must be distributed with this software. -.SH "HISTORY" -.na -.nf +.SH HISTORY +.ad +.fi .ad .fi This service was introduced with Postfix version 2.8. diff --git a/postfix/proto/header_checks b/postfix/proto/header_checks index d0b802dba..e78ea0815 100644 --- a/postfix/proto/header_checks +++ b/postfix/proto/header_checks @@ -442,7 +442,7 @@ # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: -# /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( +# /^Content-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| diff --git a/postfix/src/cleanup/cleanup.h b/postfix/src/cleanup/cleanup.h index a0dc9fbc9..51c551b08 100644 --- a/postfix/src/cleanup/cleanup.h +++ b/postfix/src/cleanup/cleanup.h @@ -290,7 +290,7 @@ extern void cleanup_out_recipient(CLEANUP_STATE *, const char *, int, const char /* * cleanup_addr.c. */ -extern void cleanup_addr_sender(CLEANUP_STATE *, const char *); +extern off_t cleanup_addr_sender(CLEANUP_STATE *, const char *); extern void cleanup_addr_recipient(CLEANUP_STATE *, const char *); extern void cleanup_addr_bcc_dsn(CLEANUP_STATE *, const char *, const char *, int); diff --git a/postfix/src/cleanup/cleanup_addr.c b/postfix/src/cleanup/cleanup_addr.c index f889e1a60..b6396ada8 100644 --- a/postfix/src/cleanup/cleanup_addr.c +++ b/postfix/src/cleanup/cleanup_addr.c @@ -6,7 +6,7 @@ /* SYNOPSIS /* #include /* -/* void cleanup_addr_sender(state, addr) +/* off_t cleanup_addr_sender(state, addr) /* CLEANUP_STATE *state; /* const char *addr; /* @@ -29,7 +29,8 @@ /* sender/recipient auto bcc address generation. /* /* cleanup_addr_sender() processes sender envelope information and updates -/* state->sender. +/* state->sender. The result value is the offset of the record that +/* follows the sender record if milters are enabled, otherwise zero. /* /* cleanup_addr_recipient() processes recipient envelope information /* and updates state->recip. @@ -81,6 +82,7 @@ /* Global library. */ #include +#include #include #include #include @@ -101,10 +103,13 @@ /* cleanup_addr_sender - process envelope sender record */ -void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) +off_t cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) { + const char myname[] = "cleanup_addr_sender"; VSTRING *clean_addr = vstring_alloc(100); + off_t after_sender_offs = 0; const char *bcc; + size_t len; /* * Note: an unqualified envelope address is for all practical purposes @@ -148,6 +153,15 @@ void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) if (state->sender) /* XXX Can't happen */ myfree(state->sender); state->sender = mystrdup(STR(clean_addr)); /* Used by Milter client */ + /* Fix 20160310: Moved from cleanup_envelope.c. */ + if (state->milters || cleanup_milters) { + /* Make room to replace sender. */ + if ((len = LEN(clean_addr)) < REC_TYPE_PTR_PAYL_SIZE) + rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len); + /* Remember the after-sender record offset. */ + if ((after_sender_offs = vstream_ftell(state->dst)) < 0) + msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); + } if ((state->flags & CLEANUP_FLAG_BCC_OK) && *STR(clean_addr) && cleanup_send_bcc_maps) { @@ -162,6 +176,7 @@ void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) } } vstring_free(clean_addr); + return after_sender_offs; } /* cleanup_addr_recipient - process envelope recipient */ diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c index abdc8f5d0..4c7a9ede5 100644 --- a/postfix/src/cleanup/cleanup_envelope.c +++ b/postfix/src/cleanup/cleanup_envelope.c @@ -380,6 +380,8 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, return; } if (type == REC_TYPE_FROM) { + off_t after_sender_offs; + /* Allow only one instance. */ if (state->sender != 0) { msg_warn("%s: message rejected: multiple envelope sender records", @@ -392,14 +394,10 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, if ((state->sender_pt_offset = vstream_ftell(state->dst)) < 0) msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); } - cleanup_addr_sender(state, buf); + after_sender_offs = cleanup_addr_sender(state, buf); if (state->milters || cleanup_milters) { - /* Make room to replace sender. */ - if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE) - rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len); /* Remember the after-sender record offset. */ - if ((state->sender_pt_target = vstream_ftell(state->dst)) < 0) - msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); + state->sender_pt_target = after_sender_offs; } if (cleanup_milters != 0 && state->milters == 0 diff --git a/postfix/src/cleanup/cleanup_milter.c b/postfix/src/cleanup/cleanup_milter.c index b7a279e97..c349e72c6 100644 --- a/postfix/src/cleanup/cleanup_milter.c +++ b/postfix/src/cleanup/cleanup_milter.c @@ -1330,6 +1330,7 @@ static const char *cleanup_chg_from(void *context, const char *ext_from, const char *myname = "cleanup_chg_from"; CLEANUP_STATE *state = (CLEANUP_STATE *) context; off_t new_sender_offset; + off_t after_sender_offs; int addr_count; TOK822 *tree; TOK822 *tp; @@ -1393,10 +1394,11 @@ static const char *cleanup_chg_from(void *context, const char *ext_from, } } tok822_free_tree(tree); - cleanup_addr_sender(state, STR(int_sender_buf)); + after_sender_offs = cleanup_addr_sender(state, STR(int_sender_buf)); vstring_free(int_sender_buf); cleanup_out_format(state, REC_TYPE_PTR, REC_TYPE_PTR_FORMAT, (long) state->sender_pt_target); + state->sender_pt_target = after_sender_offs; /* * Overwrite the original sender record with the pointer to the new @@ -2562,6 +2564,20 @@ int main(int unused_argc, char **argv) var_milt_head_checks = mystrdup(argv->argv[1]); cleanup_milter_header_checks_init(state); } + } else if (strcmp(argv->argv[0], "sender_bcc_maps") == 0) { + if (argv->argc != 2) { + msg_warn("bad sender_bcc_maps argument count: %ld", + (long) argv->argc); + } else { + if (cleanup_send_bcc_maps) + maps_free(cleanup_send_bcc_maps); + cleanup_send_bcc_maps = + maps_create("sender_bcc_maps", argv->argv[1], + DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX + | DICT_FLAG_UTF8_REQUEST); + state->flags |= CLEANUP_FLAG_BCC_OK; + var_rcpt_delim = ""; + } } else { msg_warn("bad command: %s", argv->argv[0]); } diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4838f79b5..1c74fb5d1 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20160224" -#define MAIL_VERSION_NUMBER "3.1.0" +#define MAIL_RELEASE_DATE "20160515" +#define MAIL_VERSION_NUMBER "3.1.1" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index 09397e161..a3fc6a236 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -520,9 +520,9 @@ /* /etc/postfix/main.cf, Postfix configuration parameters /* /etc/postfix/master.cf, Postfix master daemon configuration /* SEE ALSO -/* bounce(5), bounce template file format master(5), master.cf -/* configuration file syntax postconf(5), main.cf configuration -/* file syntax +/* bounce(5), bounce template file format +/* master(5), master.cf configuration file syntax +/* postconf(5), main.cf configuration file syntax /* README FILES /* .ad /* .fi diff --git a/postfix/src/postscreen/postscreen.c b/postfix/src/postscreen/postscreen.c index 3eca2d44d..b5a422426 100644 --- a/postfix/src/postscreen/postscreen.c +++ b/postfix/src/postscreen/postscreen.c @@ -79,7 +79,7 @@ /* The optional "after 220 server greeting" tests involve /* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When /* these tests succeed, \fBpostscreen\fR(8) adds the client -/* to the temporary whitelist, but it cannot not hand off the +/* to the temporary whitelist, but it cannot hand off the /* "live" connection to a Postfix SMTP server process in the /* middle of a session. Instead, \fBpostscreen\fR(8) defers /* attempts to deliver mail with a 4XX status, and waits for diff --git a/postfix/src/util/sys_defs.h b/postfix/src/util/sys_defs.h index a33fa94fe..f720e2a45 100644 --- a/postfix/src/util/sys_defs.h +++ b/postfix/src/util/sys_defs.h @@ -28,7 +28,7 @@ || defined(FREEBSD8) || defined(FREEBSD9) || defined(FREEBSD10) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ - || defined(OPENBSD5) \ + || defined(OPENBSD5) || defined(OPENBSD6) \ || defined(NETBSD1) || defined(NETBSD2) || defined(NETBSD3) \ || defined(NETBSD4) || defined(NETBSD5) || defined(NETBSD6) \ || defined(NETBSD7) \