From: Wietse Venema <wietse@porcupine.org>
Date: Mon, 3 Feb 2020 05:00:00 +0000 (-0500)
Subject: postfix-3.5-20200203
X-Git-Tag: v3.5.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7747625a8c715f2bdde6ccc0a8a6c8be92ae4ff5;p=thirdparty%2Fpostfix.git

postfix-3.5-20200203
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index c9cdfc58d..1cb5c95c4 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -24619,6 +24619,20 @@ Apologies for any names omitted.
 	of day) to reach completion, in case a message is submitted
 	by a really long-running program. File: postsuper/postsuper.c.
 
-	[initially released as part of postfix-2020XXXX-nonprod]
 	Cleanup: postsuper manpage indentation, word abbreviation.
 	Files: mantools/postlink, postsuper/postsuper.c.
+
+20200202
+
+	Cleanup: nags about strcpy()/sprintf() from naive checkers.
+	Files: global/mail_conf_int.c, global/mail_conf_long.c,
+	global/mail_conf_nint.c, global/mail_conf_time.c,
+	global/maillog_client.c, util/mymalloc.c.
+
+	Documentation: rephrased the postconf(5) manual page entry
+	for milter_default_action. File: proto/postconf.proto.
+
+	Bugfix (introduced: Postfix 2.5): Milter SMTP connect event
+	macros were evaluated before the Postfix-to-Milter connection
+	had been negotiated. Problem reported by David Bürgin.
+	Files: milter/milter.h, milter/milter.c, milter/milter8.c
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 88889883b..4136a4a36 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -30,7 +30,7 @@ Major changes with snapshot 20200202
 
 Support to force-expire email messages. This introduces new
 postsuper(1) command-line options to request expiration, and 
-additional information in mailq command output.
+additional information in mailq(1) or postqueue(1) output.
 
 The forced-to-expire status is stored in a queue file attribute.
 An expired message is returned to the sender when the queue manager
@@ -42,10 +42,10 @@ queue file attribute. The difference is that -f will also release
 a message if it is in the hold queue. With -e, such a message would
 not be returned to the sender until it is released with -f or -H.
 
-In the mailq(1) default output, a forced-to-expire message is
-indicated with # after the queue name. In mailq(1) JSON output there
-is a new per-message field "forced_expire" with the value true or
-false.
+In the mailq(1) or postqueue(1) -p output, a forced-to-expire message
+is indicated with # after the queue name. In postqueue(1) JSON
+output, there is a new per-message field "forced_expire" (with 
+value true or false) that shows the forced-to-expire status.
 
 Incompatible changes with snapshot 20191109
 ===========================================
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index df102822d..2d927e61d 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -6803,8 +6803,9 @@ for a list of available macro names and their meanings.  </p>
 <DT><b><a name="milter_default_action">milter_default_action</a>
 (default: tempfail)</b></DT><DD>
 
-<p> The default action when a Milter (mail filter) application is
-unavailable or mis-configured. Specify one of the following: </p>
+<p> The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure). Specify one of the following: </p>
 
 <dl compact>
 
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 32e0f22bb..ee76f61d7 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -4127,8 +4127,9 @@ for a list of available macro names and their meanings.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH milter_default_action (default: tempfail)
-The default action when a Milter (mail filter) application is
-unavailable or mis\-configured. Specify one of the following:
+The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure). Specify one of the following:
 .IP "accept"
 Proceed as if the mail filter was not present.
 .br
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index 53a72cd01..555cdb16e 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -11727,8 +11727,9 @@ will not reply for each individual message header.</dd>
 
 %PARAM milter_default_action tempfail
 
-<p> The default action when a Milter (mail filter) application is
-unavailable or mis-configured. Specify one of the following: </p>
+<p> The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure). Specify one of the following: </p>
 
 <dl compact>
 
diff --git a/postfix/src/global/mail_conf_int.c b/postfix/src/global/mail_conf_int.c
index 882e01cde..9017183bc 100644
--- a/postfix/src/global/mail_conf_int.c
+++ b/postfix/src/global/mail_conf_int.c
@@ -82,6 +82,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -177,9 +182,21 @@ int     get_mail_conf_int_fn(const char *name, stupid_indent_int defval,
 
 void    set_mail_conf_int(const char *name, int value)
 {
+    const char myname[] = "set_mail_conf_int";
     char    buf[BUFSIZ];		/* yeah! crappy code! */
 
+#ifndef NO_SNPRINTF
+    ssize_t ret;
+
+    ret = snprintf(buf, sizeof(buf), "%d", value);
+    if (ret < 0)
+	msg_panic("%s: output error for %%d", myname);
+    if (ret >= sizeof(buf))
+	msg_panic("%s: output for %%d exceeds space %ld",
+		  myname, (long) sizeof(buf));
+#else
     sprintf(buf, "%d", value);			/* yeah! more crappy code! */
+#endif
     mail_conf_update(name, buf);
 }
 
diff --git a/postfix/src/global/mail_conf_long.c b/postfix/src/global/mail_conf_long.c
index 96d2e0d0f..c702000f2 100644
--- a/postfix/src/global/mail_conf_long.c
+++ b/postfix/src/global/mail_conf_long.c
@@ -73,6 +73,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -167,9 +172,21 @@ long    get_mail_conf_long_fn(const char *name, stupid_indent_long defval,
 
 void    set_mail_conf_long(const char *name, long value)
 {
+    const char myname[] = "set_mail_conf_long";
     char    buf[BUFSIZ];		/* yeah! crappy code! */
 
+#ifndef NO_SNPRINTF
+    ssize_t ret;
+
+    ret = snprintf(buf, sizeof(buf), "%ld", value);
+    if (ret < 0)
+	msg_panic("%s: output error for %%ld", myname);
+    if (ret >= sizeof(buf))
+	msg_panic("%s: output for %%ld exceeds space %ld",
+		  myname, (long) sizeof(buf));
+#else
     sprintf(buf, "%ld", value);			/* yeah! more crappy code! */
+#endif
     mail_conf_update(name, buf);
 }
 
diff --git a/postfix/src/global/mail_conf_nint.c b/postfix/src/global/mail_conf_nint.c
index a14f41784..e0bd7a10c 100644
--- a/postfix/src/global/mail_conf_nint.c
+++ b/postfix/src/global/mail_conf_nint.c
@@ -78,6 +78,11 @@
 /*	IBM T.J. Watson Research
 /*	P.O. Box 704
 /*	Yorktown Heights, NY 10598, USA
+/*
+/*	Wietse Venema
+/*	Google, Inc.
+/*	111 8th Avenue
+/*	New York, NY 10011, USA
 /*--*/
 
 /* System library. */
@@ -186,9 +191,21 @@ void    set_mail_conf_nint(const char *name, const char *value)
 
 void    set_mail_conf_nint_int(const char *name, int value)
 {
+    const char myname[] = "set_mail_conf_nint_int";
     char    buf[BUFSIZ];		/* yeah! crappy code! */
 
+#ifndef NO_SNPRINTF
+    ssize_t ret;
+
+    ret = snprintf(buf, sizeof(buf), "%d", value);
+    if (ret < 0)
+	msg_panic("%s: output error for %%d", myname);
+    if (ret >= sizeof(buf))
+	msg_panic("%s: output for %%d exceeds space %ld",
+		  myname, (long) sizeof(buf));
+#else
     sprintf(buf, "%d", value);			/* yeah! more crappy code! */
+#endif
     mail_conf_update(name, buf);
 }
 
diff --git a/postfix/src/global/mail_conf_time.c b/postfix/src/global/mail_conf_time.c
index 7829c8929..5961dfe3c 100644
--- a/postfix/src/global/mail_conf_time.c
+++ b/postfix/src/global/mail_conf_time.c
@@ -193,9 +193,21 @@ void    set_mail_conf_time(const char *name, const char *value)
 
 void    set_mail_conf_time_int(const char *name, int value)
 {
+    const char myname[] = "set_mail_conf_time_int";
     char    buf[BUFSIZ];		/* yeah! crappy code! */
 
+#ifndef NO_SNPRINTF
+    ssize_t ret;
+
+    ret = snprintf(buf, sizeof(buf), "%ds", value);
+    if (ret < 0)
+	msg_panic("%s: output error for %%ds", myname);
+    if (ret >= sizeof(buf))
+	msg_panic("%s: output for %%ds exceeds space %ld",
+		  myname, (long) sizeof(buf));
+#else
     sprintf(buf, "%ds", value);			/* yeah! more crappy code! */
+#endif
     mail_conf_update(name, buf);
 }
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 5ee91ae0c..4d68518dd 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20200202"
+#define MAIL_RELEASE_DATE	"20200203"
 #define MAIL_VERSION_NUMBER	"3.5"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/global/maillog_client.c b/postfix/src/global/maillog_client.c
index 6d6a52884..50bfbeb7e 100644
--- a/postfix/src/global/maillog_client.c
+++ b/postfix/src/global/maillog_client.c
@@ -81,6 +81,7 @@
   * System library.
   */
 #include <sys_defs.h>
+#include <stdlib.h>
 #include <string.h>
 
  /*
diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c
index ac2baaf77..cee169cb4 100644
--- a/postfix/src/milter/milter.c
+++ b/postfix/src/milter/milter.c
@@ -417,6 +417,8 @@ const char *milter_conn_event(MILTERS *milters,
     if (msg_verbose)
 	msg_info("report connect to all milters");
     for (resp = 0, m = milters->milter_list; resp == 0 && m != 0; m = m->next) {
+	if (m->connect_on_demand != 0)
+	    m->connect_on_demand(m);
 	any_macros = MILTER_MACRO_EVAL(global_macros, m, milters, conn_macros);
 	resp = m->conn_event(m, client_name, client_addr, client_port,
 			     addr_family, any_macros);
diff --git a/postfix/src/milter/milter.h b/postfix/src/milter/milter.h
index f744910d7..951744fdb 100644
--- a/postfix/src/milter/milter.h
+++ b/postfix/src/milter/milter.h
@@ -35,6 +35,7 @@ typedef struct MILTER {
     struct MILTER *next;		/* linkage */
     struct MILTERS *parent;		/* parent information */
     struct MILTER_MACROS *macros;	/* private macros */
+    void    (*connect_on_demand) (struct MILTER *);
     const char *(*conn_event) (struct MILTER *, const char *, const char *, const char *, unsigned, ARGV *);
     const char *(*helo_event) (struct MILTER *, const char *, int, ARGV *);
     const char *(*mail_event) (struct MILTER *, const char **, ARGV *);
diff --git a/postfix/src/milter/milter8.c b/postfix/src/milter/milter8.c
index 57abc3b21..892c38721 100644
--- a/postfix/src/milter/milter8.c
+++ b/postfix/src/milter/milter8.c
@@ -1917,15 +1917,6 @@ static const char *milter8_conn_event(MILTER *m,
 #define STR_EQ(x,y)	(strcmp((x), (y)) == 0)
 #define STR_NE(x,y)	(strcmp((x), (y)) != 0)
 
-    /*
-     * XXX Sendmail 8 libmilter closes the MTA-to-filter socket when it finds
-     * out that the SMTP client has disconnected. Because of this, Postfix
-     * has to open a new MTA-to-filter socket for each SMTP client.
-     */
-#ifdef LIBMILTER_AUTO_DISCONNECT
-    milter8_connect(milter);
-#endif
-
     /*
      * Report the event.
      */
@@ -2835,6 +2826,10 @@ static MILTER8 *milter8_alloc(const char *name, int conn_timeout,
 
     /*
      * Fill in the structure. Note: all strings must be copied.
+     * 
+     * XXX Sendmail 8 libmilter closes the MTA-to-filter socket when it finds
+     * out that the SMTP client has disconnected. Because of this, Postfix
+     * has to open a new MTA-to-filter socket for each SMTP client.
      */
     milter = (MILTER8 *) mymalloc(sizeof(*milter));
     milter->m.name = mystrdup(name);
@@ -2842,6 +2837,11 @@ static MILTER8 *milter8_alloc(const char *name, int conn_timeout,
     milter->m.next = 0;
     milter->m.parent = parent;
     milter->m.macros = 0;
+#ifdef LIBMILTER_AUTO_DISCONNECT
+    milter->m.connect_on_demand = (void (*) (struct MILTER *)) milter8_connect;
+#else
+    milter->m.connect_on_demand = 0;
+#endif
     milter->m.conn_event = milter8_conn_event;
     milter->m.helo_event = milter8_helo_event;
     milter->m.mail_event = milter8_mail_event;
diff --git a/postfix/src/util/mymalloc.c b/postfix/src/util/mymalloc.c
index 1c8199e80..b5ec37d06 100644
--- a/postfix/src/util/mymalloc.c
+++ b/postfix/src/util/mymalloc.c
@@ -234,7 +234,7 @@ char   *mystrdup(const char *str)
 #endif
     if ((len = strlen(str) + 1) > SSIZE_T_MAX)
 	msg_panic("mystrdup: string length >= SSIZE_T_MAX");
-    return (strcpy(mymalloc(len), str));
+    return (memcpy(mymalloc(len), str, len));
 }
 
 /* mystrndup - save substring to heap */