From: Wietse Venema Date: Thu, 17 Jul 2014 07:54:17 +0000 (+1000) Subject: postfix-2.12-20140716 X-Git-Tag: v3.0.0-RC1~42 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14d1b2133a20e2ab16420d8383be71aaa1ba5a2f;p=thirdparty%2Fpostfix.git postfix-2.12-20140716 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 35bf8d42c..51ea7b184 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -20246,3 +20246,18 @@ Apologies for any names omitted. Cleanup: shared-library build fixes. Viktor Dukhovni. Files: makedefs, dns/Makefile.in, global/Makefile.in, master/Makefile.in, tls/Makefile.in, util/Makefile.in. + + First general release with SMTPUTF8 support; see RELEASE_NOTES + for an initial writeup. The last pre-SMTPUTF8 release is + postfix-2.12-20140713. + +20140716 + + Paranoia: validate UTF8 before exposing it to libicuuc. + File: util/midna.c. + + Typo: Postfix did not warn when smtputf8_enable=yes while + UTF-8 support is not compiled in. File: global/mail_params.c. + + Cleanup: hard-coded GCC dependencies. Eray Aslan. File: + makedefs. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index cf1daa574..6bb54ce32 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -54,7 +54,7 @@ Major changes with snapshot 20140715 ==================================== Support for Internationalized Email, also known as EAI or SMTPUTF8, -defined in RFC 6530..6533. This supports UTF8 in SMTP/LMTP sender +defined in RFC 6531..6533. This supports UTF-8 in SMTP/LMTP sender addresses, recipient addresses, and message header values. The implementation is based on initial work by Arnt Gulbrandsen that was funded by CNNIC. @@ -69,28 +69,27 @@ This text describes: Compatibility with pre-SMTPUTF8 environments -------------------------------------------- -Mailing list friendliness +Mailing lists with UTF-8 and non-UTF-8 subscribers -In the future, mailing lists will have a mix of UTF8 and non-UTF8 -subscribers. With Postfix, there is no need to split the lists -into UTF8 and non-UTF8 members. Postfix will try to deliver the -non-UTF8 subscribers over "traditional" non-SMTPUTF8 sessions, as -long as the message has an ASCII envelope sender address and all -ASCII header values (the mailing list manager may have to apply RFC -2047 encoding to satisfy the second condition). +With Postfix, there is no need to split mailing lists into UTF-8 and +non-UTF-8 members. Postfix will try to deliver the non-UTF8 subscribers +over "traditional" non-SMTPUTF8 sessions, as long as the message +has an ASCII envelope sender address and all-ASCII header values. +The mailing list manager will have to apply RFC 2047 encoding to +satisfy that last condition. Pre-existing non-ASCII mail flows -In pre-SMTPUTF8 environments, mail with UTF8 in address localparts +In pre-SMTPUTF8 environments, mail with UTF-8 in address localparts (and in headers) works just fine because the vast majority of mail software including Postfix is perfectly capable of handling such mail, even if pre-SMTPUTF8 standards do not support this. Therefore, when Postfix SMTPUTF8 support is turned on, Postfix must -not suddenly start to break pre-existing mail flows with UTF8 in +not suddenly start to break pre-existing mail flows with UTF-8 in addres localparts (and in headers). -Thus, Postfix continues to permit UTF8 in address localparts (and +Thus, Postfix continues to permit UTF-8 in address localparts (and in headers) in mail from and to pre-SMTPUTF8 systems. At least, that is the default. @@ -108,7 +107,7 @@ and by issuing the "postfix reload" command. With SMTPUTF8 support enabled, Postfix changes behavior as follows: -- UTF8 is permitted in the myorigin parameter value. However, the +- UTF-8 is permitted in the myorigin parameter value. However, the myhostname and mydomain parameters must specify ASCII-only domain names. This limitation may be removed later. @@ -136,11 +135,11 @@ With SMTPUTF8 support enabled, Postfix changes behavior as follows: - The Postfix SMTP client may issue the SMTPUTF8 request in MAIL FROM commands. -- UTF8 is supported anywhere in an email address, not just silently +- UTF-8 is supported anywhere in an email address, not just silently permitted in the localpart, but only after the client issues MAIL FROM or VRFY as shown above. -- UTF8 was already silently permitted in message header values. +- UTF-8 was already silently permitted in message header values. SMTP-based content filters (Amavisd) and LMTP servers (Dovecot) will need to be updated to support SMTPUTF8. A notice has been @@ -152,7 +151,7 @@ Using Postfix SMTPUTF8 support - When the Postfix SMTP server receives a message WITHOUT the SMTPUTF8 request, Postfix handles the message as it has always done (at least that is the default, see autodetection below). - Specifically, the Postfix SMTP server does not accept UTF8 in the + Specifically, the Postfix SMTP server does not accept UTF-8 in the envelope sender domain name or envelope recipient domain name, and the Postfix SMTP client does not issue the SMTPUTF8 request when delivering that message an SMTP or LMTP server that announces @@ -166,15 +165,15 @@ Using Postfix SMTPUTF8 support - When a message is received with the SMTPUTF8 request, Postfix will deliver the message to a non-SMTPUTF8 server ONLY if: - - No message header value contains UTF8. + - No message header value contains UTF-8. - - The envelope sender address contains no UTF8, + - The envelope sender address contains no UTF-8, - No envelope recipient address for that specific SMTP/LMTP - delivery transaction contains UTF8. + delivery transaction contains UTF-8. NOTE: Recipients in other mail delivery transactions for - that same message may still contain UTF8. + that same message may still contain UTF-8. Otherwise, Postfix will return the recipient(s) for that mail delivery transaction as undeliverable. The delivery status @@ -190,7 +189,7 @@ SMTPUTF8 autodetection By default, Postfix sets the "SMTPUTF8 requested" bit on address verification probes and on Postfix sendmail submissions that contain -UTF8 in the sender address, UTF8 in a recipient address, or UTF8 +UTF-8 in the sender address, UTF-8 in a recipient address, or UTF-8 in a message header value. smtputf8_autodetect_classes = sendmail, verify @@ -204,13 +203,13 @@ client may not be able to deliver it to a non-SMTPUTF8 server. However, if you have a non-ASCII myorigin or mydomain setting, or if you have virtual aliases, canonical mappings, or BCC mappings -that introduce UTF8 addresses, then you may have to apply SMTPUTF8 +that introduce UTF-8 addresses, then you may have to apply SMTPUTF8 autodetection to all mail: smtputf8_autodetect_classes = all This will, of course, also flag mail that was received without -SMTPUTF8 request, but that contains UTF8 in a sender address +SMTPUTF8 request, but that contains UTF-8 in a sender address localpart, receiver address localpart, or message header value. Such mail was not standards-compliant, but Postfix would have delivered it if SMTPUTF8 support was disabled. @@ -218,16 +217,16 @@ delivered it if SMTPUTF8 support was disabled. Limitations of Postfix SMTPUTF8 support --------------------------------------- -"Internationalized" domain names can appear in two forms: the UTF8 +"Internationalized" domain names can appear in two forms: the UTF-8 form, and the ASCII (xn--mumble) form. No characterset canonicalization for non-ASCII domain names. -Postfix currently does not translate domain names from UTF8 into -ASCII (or ASCII into UTF8) before looking up the domain name in +Postfix currently does not translate domain names from UTF-8 into +ASCII (or ASCII into UTF-8) before looking up the domain name in mydestination, relay_domains, access tables, etc., before logging the domain name, or before using the domain name in a policy daemon -or Milter request. You will have to configure both UTF8 and ASCII +or Milter request. You will have to configure both UTF-8 and ASCII forms in Postfix configuration files; and both forms will have to be handled by logfile tools, policy daemons and Milters. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 9751ca319..90a52c4fa 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -16412,10 +16412,13 @@ daemon.
qmqpd
Mail received with the qmqpd(8) daemon.
-
forward
Local forwarding or aliasing. -
+
forward
Local forwarding or aliasing. When +a message is received with "SMTPUTF8 requested", then the forwarded +(aliased) message automatically has "SMTPUTF8 requested".
bounce
Submission by the bounce(8) daemon. +When a message is received with "SMTPUTF8 requested", then the +delivery status notification automatically has "SMTPUTF8 requested".
notify
Postmaster notification from the diff --git a/postfix/makedefs b/postfix/makedefs index 770b098a5..827e1ff81 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -202,18 +202,18 @@ case "$SYSTEM.$RELEASE" in FreeBSD.8*) SYSTYPE=FREEBSD8 : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD='gcc -shared -Wl,-soname,${LIB}'} + : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD='gcc -shared'} + : ${PLUGIN_LD="${CC-gcc} -shared"} ;; FreeBSD.9*) SYSTYPE=FREEBSD9 : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD='gcc -shared -Wl,-soname,${LIB}'} + : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} : ${SHLIB_RPATH='-Wl,-rpath,${SHLIB_DIR}'} : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD='gcc -shared'} + : ${PLUGIN_LD="${CC-gcc} -shared"} ;; DragonFly.*) SYSTYPE=DRAGONFLY ;; @@ -261,10 +261,10 @@ case "$SYSTEM.$RELEASE" in SYSLIBS="-lresolv -lsocket -lnsl -ldl" : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD='gcc -shared -Wl,-h,${LIB}'} + : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-h,${LIB}'} : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} : ${SHLIB_RPATH='-Wl,-R,${SHLIB_DIR}'} - : ${PLUGIN_LD='gcc -shared'} + : ${PLUGIN_LD="${CC-gcc} -shared"} # Stock awk breaks with >10 files. test -x /usr/xpg4/bin/awk && AWK=/usr/xpg4/bin/awk # Solaris 2.5 added usleep(), POSIX regexp, POSIX getpwnam/uid_r @@ -427,10 +427,10 @@ EOF SYSLIBS="$SYSLIBS -ldl" : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD='gcc -shared -Wl,-soname,${LIB}'} + : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} : ${SHLIB_RPATH='-Wl,--enable-new-dtags -Wl,-rpath,${SHLIB_DIR}'} : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD='gcc -shared'} + : ${PLUGIN_LD="${CC-gcc} -shared"} ;; Linux.3*) SYSTYPE=LINUX3 case "$CCARGS" in @@ -465,10 +465,10 @@ EOF SYSLIBS="$SYSLIBS -ldl" : ${SHLIB_SUFFIX=.so} : ${SHLIB_CFLAGS=-fPIC} - : ${SHLIB_LD='gcc -shared -Wl,-soname,${LIB}'} + : ${SHLIB_LD="${CC-gcc} -shared"' -Wl,-soname,${LIB}'} : ${SHLIB_RPATH='-Wl,--enable-new-dtags -Wl,-rpath,${SHLIB_DIR}'} : ${SHLIB_ENV="LD_LIBRARY_PATH=`pwd`/lib"} - : ${PLUGIN_LD='gcc -shared'} + : ${PLUGIN_LD="${CC-gcc} -shared"} ;; GNU.0*|GNU/kFreeBSD.[567]*) SYSTYPE=GNU0 diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index ae33675b8..7c73e1d07 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -11228,10 +11228,14 @@ Mail received with the \fBqmqpd\fR(8) daemon. .br .IP "\fB forward \fR" -Local forwarding or aliasing. +Local forwarding or aliasing. When +a message is received with "SMTPUTF8 requested", then the forwarded +(aliased) message automatically has "SMTPUTF8 requested". .br .IP "\fB bounce \fR" Submission by the \fBbounce\fR(8) daemon. +When a message is received with "SMTPUTF8 requested", then the +delivery status notification automatically has "SMTPUTF8 requested". .br .IP "\fB notify \fR" Postmaster notification from the diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 45d49c092..98a82e2f0 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -16096,10 +16096,13 @@ daemon.
qmqpd
Mail received with the qmqpd(8) daemon.
-
forward
Local forwarding or aliasing. -
+
forward
Local forwarding or aliasing. When +a message is received with "SMTPUTF8 requested", then the forwarded +(aliased) message automatically has "SMTPUTF8 requested".
bounce
Submission by the bounce(8) daemon. +When a message is received with "SMTPUTF8 requested", then the +delivery status notification automatically has "SMTPUTF8 requested".
notify
Postmaster notification from the diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index a6e479ff3..67953414b 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -748,7 +748,7 @@ void mail_params_init() /* * Report run-time versus compile-time discrepancies. */ -#ifdef NO_IDNA +#ifdef NO_EAI if (var_smtputf8_enable) msg_warn("%s is true, but EAI support is not compiled in", VAR_SMTPUTF8_ENABLE); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 55be80417..beb6e6c49 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20140715" +#define MAIL_RELEASE_DATE "20140716" #define MAIL_VERSION_NUMBER "2.12" #ifdef SNAPSHOT diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 70278fcb3..b6c7d5795 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -1597,7 +1597,10 @@ midna.o: midna.c midna.o: midna.h midna.o: msg.h midna.o: mymalloc.h +midna.o: stringops.h midna.o: sys_defs.h +midna.o: vbuf.h +midna.o: vstring.h msg.o: msg.c msg.o: msg.h msg.o: msg_output.h diff --git a/postfix/src/util/midna.c b/postfix/src/util/midna.c index 320f2d4a1..87f71e676 100644 --- a/postfix/src/util/midna.c +++ b/postfix/src/util/midna.c @@ -54,6 +54,7 @@ #include #include #include +#include #include /* @@ -61,7 +62,7 @@ */ #define DEF_MIDNA_CACHE_SIZE 100 -int midna_cache_size = DEF_MIDNA_CACHE_SIZE; +int midna_cache_size = DEF_MIDNA_CACHE_SIZE; /* midna_utf8_to_ascii_create - convert UTF8 domain to ASCII */ @@ -74,6 +75,14 @@ static void *midna_utf8_to_ascii_create(const char *name, void *unused_context) UIDNA *idna; int anl; + /* + * Paranoia: do not expose uidna_*() to unfiltered network data. + */ + if (valid_utf8_string(name, strlen(name)) == 0) { + msg_warn("%s: Problem translating domain \"%s\" to IDNA form: %s", + myname, name, "malformed UTF-8"); + return (0); + } idna = uidna_openUTS46(UIDNA_DEFAULT, &error); anl = uidna_nameToASCII_UTF8(idna, name, strlen(name),