From: Wietse Venema Date: Sun, 16 Mar 2008 05:00:00 +0000 (-0500) Subject: postfix-2.6-20080316 X-Git-Tag: v2.6.0-RC1~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=49e96a5ff306be818764bad394563bb3674a5c34;p=thirdparty%2Fpostfix.git postfix-2.6-20080316 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 22b7bc5ce..b74f0828a 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14355,3 +14355,31 @@ Apologies for any names omitted. would corrupt files that rely on single-writer updates (examples: verify(8) cache, tlsmgr(8) caches, etc.). File: master/master.c. + +20080226 + + Cleanup: the postfix command did not set argv[0] to a sane + value when invoking postfix-script. Reported by Victor + Duchovni. File: postfix/postfix.c. + +20080228 + + Bugfix: bounce(8) segfault on one-line template text. + Problem found by Sacha Chlytor. File: bounce/bounce_template.c. + +20080310 + + Safety: the SMTP server's Dovecot authentication client now + enforces the SASL mechanism output filter also on client + command input. File: src/xsasl/xsasl_dovecot_server.c. + +20080311 + + Bugfix (introduced 20070811): the MAIL and RCPT Milter + application call-backs no longer received {mail_addr} or + {rcpt_addr} information. Problem reported by Anton Yuzhaninov. + File: smtpd/smtpd.c. + + Bugfix (introduced 20080207): "cleanup -v" panic because + the new "SMTP reply" request flag did not have a printable + name. File: global/cleanup_strflags.c. diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 28a5a5d31..658a5c1ec 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,5 +1,14 @@ Wish list: + Encapsulate time_t comparisons so that they can be made + system dependent (use difftime() where available). + + Encapsulate time_t conversions (e.g. REC_TYPE_TIME) so that + they can be made system dependent. + + Make "AUTH=<>" appendage to MAIL FROM configurable, enabled + by default. + To support ternary operator without a huge parsing effort, consider ${value?{xxx}:{yyy}} where ${name} is existing syntax, and where ?{text} and :{text} are new syntax that diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index 15009baf5..ce6de4e40 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -37,9 +37,18 @@ SENDMAIL(1) SENDMAIL(1) file ID, message size, arrival time, sender, and the recipients that still need to be delivered. If mail could not be delivered upon the last attempt, - the reason for failure is shown. This mode of oper- - ation is implemented by executing the postqueue(1) - command. + the reason for failure is shown. The queue ID + string is followed by an optional status character: + + * The message is in the active queue, i.e. the + message is selected for delivery. + + ! The message is in the hold queue, i.e. no + further delivery attempt will be made until + the mail is taken off hold. + + This mode of operation is implemented by executing + the postqueue(1) command. newaliases Initialize the alias database. If no input file is diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index 15009baf5..ce6de4e40 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -37,9 +37,18 @@ SENDMAIL(1) SENDMAIL(1) file ID, message size, arrival time, sender, and the recipients that still need to be delivered. If mail could not be delivered upon the last attempt, - the reason for failure is shown. This mode of oper- - ation is implemented by executing the postqueue(1) - command. + the reason for failure is shown. The queue ID + string is followed by an optional status character: + + * The message is in the active queue, i.e. the + message is selected for delivery. + + ! The message is in the hold queue, i.e. no + further delivery attempt will be made until + the mail is taken off hold. + + This mode of operation is implemented by executing + the postqueue(1) command. newaliases Initialize the alias database. If no input file is diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index 15009baf5..ce6de4e40 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -37,9 +37,18 @@ SENDMAIL(1) SENDMAIL(1) file ID, message size, arrival time, sender, and the recipients that still need to be delivered. If mail could not be delivered upon the last attempt, - the reason for failure is shown. This mode of oper- - ation is implemented by executing the postqueue(1) - command. + the reason for failure is shown. The queue ID + string is followed by an optional status character: + + * The message is in the active queue, i.e. the + message is selected for delivery. + + ! The message is in the hold queue, i.e. no + further delivery attempt will be made until + the mail is taken off hold. + + This mode of operation is implemented by executing + the postqueue(1) command. newaliases Initialize the alias database. If no input file is diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index c3873cd7c..ed7bc5aca 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -36,8 +36,19 @@ operation: List the mail queue. Each entry shows the queue file ID, message size, arrival time, sender, and the recipients that still need to be delivered. If mail could not be delivered upon the last attempt, -the reason for failure is shown. This mode of operation is implemented -by executing the \fBpostqueue\fR(1) command. +the reason for failure is shown. The queue ID string is +followed by an optional status character: +.RS +.IP \fB*\fR +The message is in the \fBactive\fR queue, i.e. the message is +selected for delivery. +.IP \fB!\fR +The message is in the \fBhold\fR queue, i.e. no further delivery +attempt will be made until the mail is taken off hold. +.RE +.IP +This mode of operation is implemented by executing the +\fBpostqueue\fR(1) command. .IP \fBnewaliases\fR Initialize the alias database. If no input file is specified (with the \fB-oA\fR option, see below), the program processes the file(s) diff --git a/postfix/src/bounce/bounce_template.c b/postfix/src/bounce/bounce_template.c index 352944b59..ed67c81e5 100644 --- a/postfix/src/bounce/bounce_template.c +++ b/postfix/src/bounce/bounce_template.c @@ -343,7 +343,7 @@ static void bounce_template_parse_buffer(BOUNCE_TEMPLATE *tp) * Is this 7bit or 8bit text? If the character set is US-ASCII, then * don't allow 8bit text. Don't assume 8bit when charset was changed. */ -#define NON_ASCII(p) (*(p) && !allascii((p))) +#define NON_ASCII(p) ((p) && *(p) && !allascii((p))) if (NON_ASCII(cp) || NON_ASCII(tval)) { if (strcasecmp(tp->mime_charset, "us-ascii") == 0) { diff --git a/postfix/src/global/cleanup_strflags.c b/postfix/src/global/cleanup_strflags.c index 4853782ec..d2a687c83 100644 --- a/postfix/src/global/cleanup_strflags.c +++ b/postfix/src/global/cleanup_strflags.c @@ -52,6 +52,7 @@ static struct cleanup_flag_map cleanup_flag_map[] = { CLEANUP_FLAG_BCC_OK, "enable_automatic_bcc", CLEANUP_FLAG_MAP_OK, "enable_address_mapping", CLEANUP_FLAG_MILTER, "enable_milters", + CLEANUP_FLAG_SMTP_REPLY, "enable_smtp_reply", }; /* cleanup_strflags - map flags code to printable string */ diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index b2977c82f..8dc0f388b 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20080221" +#define MAIL_RELEASE_DATE "20080316" #define MAIL_VERSION_NUMBER "2.6" #ifdef SNAPSHOT diff --git a/postfix/src/postfix/postfix.c b/postfix/src/postfix/postfix.c index 78d3945b9..0d1c8bf33 100644 --- a/postfix/src/postfix/postfix.c +++ b/postfix/src/postfix/postfix.c @@ -477,9 +477,12 @@ int main(int argc, char **argv) msg_fatal("chdir(%s): %m", var_queue_dir); /* - * Run the management script with as process name ourself. + * Run the management script. */ script = concatenate(var_daemon_dir, "/postfix-script", (char *) 0); + if (optind < 1) + msg_panic("bad optind value"); + argv[optind - 1] = script; execvp(script, argv + optind - 1); msg_fatal("%s: %m", script); } diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 7c1d6e805..e5b147248 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -30,8 +30,19 @@ /* List the mail queue. Each entry shows the queue file ID, message /* size, arrival time, sender, and the recipients that still need to /* be delivered. If mail could not be delivered upon the last attempt, -/* the reason for failure is shown. This mode of operation is implemented -/* by executing the \fBpostqueue\fR(1) command. +/* the reason for failure is shown. The queue ID string is +/* followed by an optional status character: +/* .RS +/* .IP \fB*\fR +/* The message is in the \fBactive\fR queue, i.e. the message is +/* selected for delivery. +/* .IP \fB!\fR +/* The message is in the \fBhold\fR queue, i.e. no further delivery +/* attempt will be made until the mail is taken off hold. +/* .RE +/* .IP +/* This mode of operation is implemented by executing the +/* \fBpostqueue\fR(1) command. /* .IP \fBnewaliases\fR /* Initialize the alias database. If no input file is specified (with /* the \fB-oA\fR option, see below), the program processes the file(s) diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 35d1cf045..266064a84 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -2108,14 +2108,14 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) if (smtpd_milters != 0 && SMTPD_STAND_ALONE(state) == 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { + PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf)); err = milter_mail_event(smtpd_milters, milter_argv(state, argc - 2, argv + 2)); if (err != 0) { /* Log reject etc. with correct sender information. */ - PUSH_STRING(saved_sender, state->sender, STR(state->addr_buf)); err = check_milter_reply(state, err); - POP_STRING(saved_sender, state->sender); } + POP_STRING(saved_sender, state->sender); if (err != 0) { /* XXX Reset access map side effects. */ mail_reset(state); @@ -2362,14 +2362,14 @@ static int rcpt_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv) } if (smtpd_milters != 0 && (state->saved_flags & MILTER_SKIP_FLAGS) == 0) { + PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf)); err = milter_rcpt_event(smtpd_milters, milter_argv(state, argc - 2, argv + 2)); if (err != 0) { /* Log reject etc. with correct recipient information. */ - PUSH_STRING(saved_rcpt, state->recipient, STR(state->addr_buf)); err = check_milter_reply(state, err); - POP_STRING(saved_rcpt, state->recipient); } + POP_STRING(saved_rcpt, state->recipient); if (err != 0) { smtpd_chat_reply(state, "%s", err); return (-1); diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c index 8abfcb0c9..87bc902b3 100644 --- a/postfix/src/smtpd/smtpd_peer.c +++ b/postfix/src/smtpd/smtpd_peer.c @@ -25,7 +25,7 @@ /* The verified client hostname. This name is represented by /* the string "unknown" when 1) the address->name lookup failed, /* 2) the name->address mapping fails, or 3) the name->address -/* does not produce the client IP address. +/* mapping does not produce the client IP address. /* .IP reverse_name /* The unverified client hostname as found with address->name /* lookup; it is not verified for consistency with the client diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c index 36bed9e7d..810cb8c7f 100644 --- a/postfix/src/xsasl/xsasl_dovecot_server.c +++ b/postfix/src/xsasl/xsasl_dovecot_server.c @@ -50,6 +50,10 @@ #include #include +#ifdef STRCASECMP_IN_STRINGS_H +#include +#endif + /* Utility library. */ #include @@ -60,6 +64,7 @@ #include #include #include +#include /* Global library. */ @@ -156,6 +161,7 @@ typedef struct { VSTRING *sasl_line; unsigned int sec_props; /* Postfix mechanism filter */ char *mechanism_list; /* filtered mechanism list */ + ARGV *mechanism_argv; /* ditto */ } XSASL_DOVECOT_SERVER; /* @@ -208,7 +214,8 @@ static void xsasl_dovecot_server_mech_free(XSASL_DCSRV_MECH *mech_list) /* xsasl_dovecot_server_mech_filter - filter server mechanism list */ -static char *xsasl_dovecot_server_mech_filter(XSASL_DCSRV_MECH *mechanism_list, +static char *xsasl_dovecot_server_mech_filter(ARGV *mechanism_argv, + XSASL_DCSRV_MECH *mechanism_list, unsigned int conf_props) { const char *myname = "xsasl_dovecot_server_mech_filter"; @@ -226,6 +233,7 @@ static char *xsasl_dovecot_server_mech_filter(XSASL_DCSRV_MECH *mechanism_list, if (VSTRING_LEN(mechanisms_str) > 0) VSTRING_ADDCH(mechanisms_str, ' '); vstring_strcat(mechanisms_str, mp->mech_name); + argv_add(mechanism_argv, mp->mech_name, (char *) 0); if (msg_verbose) msg_info("%s: keep mechanism: %s", myname, mp->mech_name); } else { @@ -400,6 +408,7 @@ static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl, server->service = mystrdup(service); server->last_request_id = 0; server->mechanism_list = 0; + server->mechanism_argv = 0; server->sec_props = name_mask_opt(myname, xsasl_dovecot_conf_sec_props, sec_props, NAME_MASK_ANY_CASE | NAME_MASK_FATAL); @@ -417,10 +426,13 @@ static const char *xsasl_dovecot_server_get_mechanism_list(XSASL_SERVER *xp) if (xsasl_dovecot_server_connect(server->impl) < 0) return (0); } - if (server->mechanism_list == 0) + if (server->mechanism_list == 0) { + server->mechanism_argv = argv_alloc(2); server->mechanism_list = - xsasl_dovecot_server_mech_filter(server->impl->mechanism_list, + xsasl_dovecot_server_mech_filter(server->mechanism_argv, + server->impl->mechanism_list, server->sec_props); + } return (server->mechanism_list[0] ? server->mechanism_list : 0); } @@ -433,8 +445,10 @@ static void xsasl_dovecot_server_free(XSASL_SERVER *xp) vstring_free(server->sasl_line); if (server->username) myfree(server->username); - if (server->mechanism_list) + if (server->mechanism_list) { myfree(server->mechanism_list); + argv_free(server->mechanism_argv); + } myfree(server->service); myfree((char *) server); } @@ -558,6 +572,7 @@ int xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method, const char *myname = "xsasl_dovecot_server_first"; XSASL_DOVECOT_SERVER *server = (XSASL_DOVECOT_SERVER *) xp; int i; + char **cpp; #define IFELSE(e1,e2,e3) ((e1) ? (e2) : (e3)) @@ -566,6 +581,17 @@ int xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method, IFELSE(init_response, ", init_response ", ""), IFELSE(init_response, init_response, "")); + if (server->mechanism_argv == 0) + msg_panic("%s: no mechanism list", myname); + + for (cpp = server->mechanism_argv->argv; /* see below */ ; cpp++) { + if (*cpp == 0) { + vstring_strcpy(reply, "Invalid authentication mechanism"); + return XSASL_AUTH_FAIL; + } + if (strcasecmp(sasl_method, *cpp) == 0) + break; + } if (init_response) if (!is_valid_base64(init_response)) { vstring_strcpy(reply, "Invalid base64 data in initial response");