From: Wietse Venema Date: Fri, 2 Sep 2011 05:00:00 +0000 (-0500) Subject: postfix-2.5.15 X-Git-Tag: v2.5.15^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25e756f98bbb832285b0bd7b5f5762c2a1b36fae;p=thirdparty%2Fpostfix.git postfix-2.5.15 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index db434c13f..3c853f8f3 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14721,3 +14721,22 @@ Apologies for any names omitted. IP queries" even if the name has an alphanumerical prefix. We play safe, and skip RHSBL queries for names ending in a numerical suffix. File: smtpd/smtpd_check.c. + +20110811 + + Workaround: report a {client_connections} Milter macro value + of zero instead of garbage, when the remote SMTP client is + not subject to any smtpd_client_* limits. Problem reported + by Christian Roessner. File: smtpd/smtpd_state.c, + proto/MILTER_README.html. + +20110831 + + Bugfix: allow for Milters that send an SMTP server reply + without RFC 3463 enhanced status code. Reported by Vladimir + Vassiliev. File: milter/milter8.c. + +20110902 + + Bitrot: OpenSSL const-ified some function result value. + Files: tls/tls_client.c, tls/tls_server.c. diff --git a/postfix/README_FILES/MILTER_README b/postfix/README_FILES/MILTER_README index a67fa044d..05d0776c8 100644 --- a/postfix/README_FILES/MILTER_README +++ b/postfix/README_FILES/MILTER_README @@ -333,8 +333,11 @@ Sendmail. See the workarounds section below for solutions. |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |{client_addr} |Always |Client IP address | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |{client_connections}|CONNECT |Connection concurrency for| - | | |this client | + | | |Connection concurrency for| + | | |this client (zero if the | + |{client_connections}|CONNECT |client is excluded from | + | | |all smtpd_client_* | + | | |limits). | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | | |Client hostname, "unknown"| |{client_name} |Always |when lookup or | diff --git a/postfix/html/MILTER_README.html b/postfix/html/MILTER_README.html index ce06e5ca2..b6eb07dca 100644 --- a/postfix/html/MILTER_README.html +++ b/postfix/html/MILTER_README.html @@ -547,7 +547,8 @@ login method address {client_connections} CONNECT -Connection concurrency for this client +Connection concurrency for this client (zero if the client is +excluded from all smtpd_client_* limits). {client_name} Always Client hostname, "unknown" when lookup or verification fails diff --git a/postfix/proto/MILTER_README.html b/postfix/proto/MILTER_README.html index 5085ed8a0..34a05fea3 100644 --- a/postfix/proto/MILTER_README.html +++ b/postfix/proto/MILTER_README.html @@ -547,7 +547,8 @@ login method address {client_connections} CONNECT -Connection concurrency for this client +Connection concurrency for this client (zero if the client is +excluded from all smtpd_client_* limits). {client_name} Always Client hostname, "unknown" when lookup or verification fails diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4d11674be..ded3e42c6 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20110707" -#define MAIL_VERSION_NUMBER "2.5.14" +#define MAIL_RELEASE_DATE "20110902" +#define MAIL_VERSION_NUMBER "2.5.15" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c index aa1a75c7e..a49d608ed 100644 --- a/postfix/src/milter/milter8.c +++ b/postfix/src/milter/milter8.c @@ -1248,11 +1248,13 @@ static const char *milter8_event(MILTER8 *milter, int event, MILTER8_DATA_BUFFER, milter->buf, MILTER8_DATA_END) != 0) MILTER8_EVENT_BREAK(milter->def_reply); + /* XXX Enforce this for each line of a multi-line reply. */ if ((STR(milter->buf)[0] != '4' && STR(milter->buf)[0] != '5') || !ISDIGIT(STR(milter->buf)[1]) || !ISDIGIT(STR(milter->buf)[2]) || (STR(milter->buf)[3] != ' ' && STR(milter->buf)[3] != '-') - || STR(milter->buf)[4] != STR(milter->buf)[0]) { + || (ISDIGIT(STR(milter->buf)[4]) + && (STR(milter->buf)[4] != STR(milter->buf)[0]))) { msg_warn("milter %s: malformed reply: %s", milter->m.name, STR(milter->buf)); milter8_conf_error(milter); diff --git a/postfix/src/smtpd/smtpd_state.c b/postfix/src/smtpd/smtpd_state.c index a104a1174..3357d6e2e 100644 --- a/postfix/src/smtpd/smtpd_state.c +++ b/postfix/src/smtpd/smtpd_state.c @@ -84,6 +84,7 @@ void smtpd_state_init(SMTPD_STATE *state, VSTREAM *stream, state->service = mystrdup(service); state->buffer = vstring_alloc(100); state->addr_buf = vstring_alloc(100); + state->conn_count = state->conn_rate = 0; state->error_count = 0; state->error_mask = 0; state->notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks, diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 04d186c36..ccee0bce3 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -721,7 +721,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) int protomask; const char *cipher_list; SSL_SESSION *session; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; X509 *peercert; TLS_SESS_STATE *TLScontext; TLS_APPL_STATE *app_ctx = props->ctx; diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index efca6be42..6d2d6410f 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -545,7 +545,7 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props) { int sts; TLS_SESS_STATE *TLScontext; - SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; X509 *peer; char buf[CCERT_BUFSIZ]; const char *cipher_list;