From: Wietse Venema <wietse@porcupine.org>
Date: Sat, 10 Oct 2015 05:00:00 +0000 (-0500)
Subject: postfix-2.10.9
X-Git-Tag: v2.10.9^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2588f1ef6be8cd7e3c09c072af40825f437573e6;p=thirdparty%2Fpostfix.git

postfix-2.10.9
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index deaa19bb1..9346a519e 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -18440,3 +18440,35 @@ Apologies for any names omitted.
 	SSLv2 or SSLv3.  See the RELEASE_NOTES file for how to get
 	the old settings back. Files: global/mail_params.h,
 	proto/postconf.proto, and files derived from those.
+
+20150923
+
+	Bugfix (introduced: 20120531-617): the Postfix SMTP server
+	used a larger-than-1 VSTREAM buffer to read the HAProxy
+	connection hand-off information. This broke TLS wrappermode,
+	as the TLS helo packet would end up in the plaintext VSTREAM
+	buffer. Reported by Lukas Erlacher.  File: smtpd/smtpd_haproxy.c.
+
+20150924
+
+	Bugfix (introduced: 20090216-24): incorrect postmulti error
+	message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
+	File: postmulti/postmulti.c.
+
+	Workaround: don't create a new instance when the template
+	main.cf and master.cf files are missing, as happens on
+	Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
+
+20150925
+
+	Bugfix (introduced: 19970309, fixed 20150421 in development
+	release): reset errno before calling readdir(), in order
+	to distinguish between an end-of-directory and an error
+	condition. File: scandir.c.
+
+20150930
+
+	Bugfix (introduced: 20040124): Milter client panic while
+	adding a header, because the PREPEND action used the same
+	output function for header_checks and body_checks.  Viktor
+	Dukhovni and Wietse. File: cleanup/cleanup_message.c.
diff --git a/postfix/conf/postmulti-script b/postfix/conf/postmulti-script
index 417a8718a..c68bd0ce8 100644
--- a/postfix/conf/postmulti-script
+++ b/postfix/conf/postmulti-script
@@ -127,6 +127,11 @@ create|import)
 		fatal "'$config_directory' lacks a master.cf file"
 	}
 
+	test -f $daemon_directory/main.cf ||
+	    fatal "Missing main.cf prototype: $daemon_directory/main.cf"
+	test -f $daemon_directory/master.cf ||
+	    fatal "Missing master.cf prototype: $daemon_directory/master.cf"
+
 	# Create instance-specific directories
 	#
 	test -d $config_directory ||
diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c
index 0227a69af..64fc6e615 100644
--- a/postfix/src/cleanup/cleanup_message.c
+++ b/postfix/src/cleanup/cleanup_message.c
@@ -385,11 +385,20 @@ static const char *cleanup_act(CLEANUP_STATE *state, char *context,
     if (STREQUAL(value, "PREPEND", command_len)) {
 	if (*optional_text == 0) {
 	    msg_warn("PREPEND action without text in %s map", map_class);
-	} else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0
-		   && !is_header(optional_text)) {
-	    msg_warn("bad PREPEND header text \"%s\" in %s map -- "
-		     "need \"headername: headervalue\"",
-		     optional_text, map_class);
+	} else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) {
+	    if (!is_header(optional_text)) {
+		msg_warn("bad PREPEND header text \"%s\" in %s map -- "
+			 "need \"headername: headervalue\"",
+			 optional_text, map_class);
+	    } else {
+		VSTRING *temp;
+
+		cleanup_act_log(state, "prepend", context, buf, optional_text);
+		temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
+                                                    optional_text);
+		cleanup_out_header(state, temp);
+		vstring_free(temp);
+	    }
 	} else {
 	    cleanup_act_log(state, "prepend", context, buf, optional_text);
 	    cleanup_out_string(state, REC_TYPE_NORM, optional_text);
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0648dd8a6..7393b5ece 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20150720"
-#define MAIL_VERSION_NUMBER	"2.10.8"
+#define MAIL_RELEASE_DATE	"20151010"
+#define MAIL_VERSION_NUMBER	"2.10.9"
 
 #ifdef SNAPSHOT
 # define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c
index fcf66008c..170cff87c 100644
--- a/postfix/src/postmulti/postmulti.c
+++ b/postfix/src/postmulti/postmulti.c
@@ -1685,7 +1685,7 @@ int     main(int argc, char **argv)
 	case 'e':
 	    if ((code = EDIT_CMD_CODE(optarg)) < 0)
 		msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', "
-			  "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
+			  "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
 			  optarg,
 			  EDIT_CMD_STR(EDIT_CMD_CREATE),
 			  EDIT_CMD_STR(EDIT_CMD_DESTROY),
@@ -1694,8 +1694,7 @@ int     main(int argc, char **argv)
 			  EDIT_CMD_STR(EDIT_CMD_ENABLE),
 			  EDIT_CMD_STR(EDIT_CMD_DISABLE),
 			  EDIT_CMD_STR(EDIT_CMD_ASSIGN),
-			  EDIT_CMD_STR(EDIT_CMD_INIT),
-			  optarg);
+			  EDIT_CMD_STR(EDIT_CMD_INIT));
 	    if (cmd_mode != code)
 		command_mode_count++;
 	    cmd_mode = code;
diff --git a/postfix/src/smtpd/smtpd_haproxy.c b/postfix/src/smtpd/smtpd_haproxy.c
index 599e3ed42..a4c527ce3 100644
--- a/postfix/src/smtpd/smtpd_haproxy.c
+++ b/postfix/src/smtpd/smtpd_haproxy.c
@@ -95,6 +95,14 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
     int     io_err;
     VSTRING *escape_buf;
 
+    /*
+     * While reading HAProxy handshake information, don't buffer input beyond
+     * the end-of-line. That would break the TLS wrappermode handshake.
+     */
+    vstream_control(state->client,
+		    VSTREAM_CTL_BUFSIZE, 1,
+		    VSTREAM_CTL_END);
+
     /*
      * Note: the haproxy_srvr_parse() routine performs address protocol
      * checks, address and port syntax checks, and converts IPv4-in-IPv6
@@ -142,6 +150,13 @@ int     smtpd_peer_from_haproxy(SMTPD_STATE *state)
 	 * Avoid surprises in the Dovecot authentication server.
 	 */
 	state->dest_addr = mystrdup(smtp_server_addr.buf);
+
+	/*
+	 * Enable normal buffering.
+	 */
+	vstream_control(state->client,
+			VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
+			VSTREAM_CTL_END);
 	return (0);
     }
 }
diff --git a/postfix/src/util/scan_dir.c b/postfix/src/util/scan_dir.c
index de124df55..c2d47bbb3 100644
--- a/postfix/src/util/scan_dir.c
+++ b/postfix/src/util/scan_dir.c
@@ -78,6 +78,7 @@
 #endif
 #endif
 #include <string.h>
+#include <errno.h>
 
 /* Utility library. */
 
@@ -177,6 +178,13 @@ char   *scan_dir_next(SCAN_DIR *scan)
 #define STREQ(x,y)	(strcmp((x),(y)) == 0)
 
     if (info) {
+
+	/*
+	 * Fix 20150421: readdir() does not reset errno after reaching the
+	 * end-of-directory. This dates back all the way to the initial
+	 * implementation of 19970309.
+	 */
+	errno = 0;
 	while ((dp = readdir(info->dir)) != 0) {
 	    if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) {
 		if (msg_verbose > 1)