From: Wietse Venema <wietse@porcupine.org>
Date: Tue, 24 Jan 2006 05:00:00 +0000 (-0500)
Subject: postfix-2.3-20060124
X-Git-Tag: v2.3-RC1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=941f189e65af40ba2d59b9e3cb4d051dfea5bace;p=thirdparty%2Fpostfix.git

postfix-2.3-20060124
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 7d3de16e4..2aa4a85b4 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -11873,6 +11873,9 @@ Apologies for any names omitted.
 	options are specified.  Files: postmap/postmap.c,
 	postalias/postalias.c.
 
+	Safety: don't allow $number substitution in transport maps
+	or sender-dependent relayhost maps.
+
 	Cleanup: smtp_sasl_passwd_maps lookup keys are folded to
 	lowercase before searching tables such as btree:, dbm: or
 	hash: that have fixed-case fields. File: smtp/smtp_sasl_glue.c.
@@ -11920,6 +11923,12 @@ Apologies for any names omitted.
 	Bugfix: change 20051208 broke when a connection could not
 	be established. File: util/auto_clnt.c.
 
+20060124
+
+	Bugfix: the virtual(8) delivery agent did not insist on
+	privileged operation; this broke change 20060117. File:
+	virtual/virtual.c.
+
 Open problems:
 
 	Centralize main.cf parameter input so that defaults work
diff --git a/postfix/README_FILES/SMTPD_PROXY_README b/postfix/README_FILES/SMTPD_PROXY_README
index 353d9ceec..e04902637 100644
--- a/postfix/README_FILES/SMTPD_PROXY_README
+++ b/postfix/README_FILES/SMTPD_PROXY_README
@@ -145,8 +145,8 @@ master.cf file:
 
   * Postfix 2.3 supports both TCP and UNIX-domain filters. The above filter
     could be specified as "inet:127.0.0.1:10025". To specify a UNIX-domain
-    filter, specify "unix:pathame". A relative pathname is interpreted relative
-    to the Postfix queue directory.
+    filter, specify "unix:pathname". A relative pathname is interpreted
+    relative to the Postfix queue directory.
 
 The after-filter SMTP server is a new master.cf entry:
 
diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README
index e30f9fbbe..c1d290724 100644
--- a/postfix/README_FILES/TLS_README
+++ b/postfix/README_FILES/TLS_README
@@ -784,10 +784,12 @@ summarized as follows:
 
 CClloossiinngg aa DDNNSS lloooopphhoollee wwiitthh  ppeerr--ssiittee TTLLSS ppoolliicciieess
 
-As long as no secure DNS lookup mechanism is available, false hostnames may
-appear in MX or CNAME responses. Even with a perfect match between the server
-hostname and the server certificate, there is no guarantee that Postfix is
-connected to the right server. To avoid this loophole take the following steps:
+As long as no secure DNS lookup mechanism is available, false hostnames in MX
+or CNAME responses can change the server hostname that Postfix uses for TLS
+policy lookup and server certificate verification. Even with a perfect match
+between the server hostname and the server certificate, there is no guarantee
+that Postfix is connected to the right server. To avoid this loophole take the
+following steps:
 
   * Eliminate MX lookups. Specify local transport(5) table entries for
     sensitive domains with explicit smtp:[mailhost] or smtp:[mailhost]:port
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index 4dde0c609..32b9f2279 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -22,8 +22,9 @@ Incompatibility with snapshot 20060123
 
 Postfix now preserves uppercase information while mapping addresses
 with canonical, virtual, relocated or generic maps; this happens
-even with lookups from regular expression maps. However, the local(8)
-and virtual(8) delivery agents still fold addresses to lower case.
+even with $number substitutions in regular expression maps. However,
+the local(8) and virtual(8) delivery agents still fold addresses
+to lower case.
 
 By default, Postfix now folds the search string to lowercase only
 with tables that have fixed-case lookup fields such as btree:,
@@ -48,7 +49,7 @@ better job at being case insensitive where it should, for example
 while searching per-host TLS policies or SASL passwords.
 
 Some obscure behavior was eliminated from the smtp_tls_per_site
-feature, without changes to the user interface. some Postfix internals
+feature, without changes to the user interface. Some Postfix internals
 had to be re-structured in preparation for a more general TLS policy
 mechanism; this required that smtp_tls_per_site be re-implemented
 from scratch.
diff --git a/postfix/html/SMTPD_PROXY_README.html b/postfix/html/SMTPD_PROXY_README.html
index 486daa3d9..1cca5e59d 100644
--- a/postfix/html/SMTPD_PROXY_README.html
+++ b/postfix/html/SMTPD_PROXY_README.html
@@ -220,11 +220,11 @@ PERL/SMTP content filtering framework. See:
 
 </blockquote>
 
-<p> This is configured by editing the master.cf file: </p>
+<p> This is configured by editing the <a href="master.5.html">master.cf</a> file: </p>
 
 <blockquote>
 <pre>
-/etc/postfix/master.cf:
+/etc/postfix/<a href="master.5.html">master.cf</a>:
     # =============================================================
     # service type  private unpriv  chroot  wakeup  maxproc command
     #               (yes)   (yes)   (yes)   (never) (100)
@@ -256,7 +256,7 @@ PERL/SMTP content filtering framework. See:
 
 <p> The before-filter SMTP server entry is a modified version of the
 default Postfix SMTP server entry that is normally configured at
-the top of the master.cf file: </p>
+the top of the <a href="master.5.html">master.cf</a> file: </p>
 
 <ul>
 
@@ -279,13 +279,13 @@ the top of the master.cf file: </p>
 
     <li> <p> Postfix 2.3 supports both TCP and UNIX-domain filters.
     The above filter could be specified as "inet:127.0.0.1:10025".
-    To specify a UNIX-domain filter, specify "unix:<i>pathame</i>".
+    To specify a UNIX-domain filter, specify "unix:<i>pathname</i>".
     A relative pathname is interpreted relative to the Postfix queue
     directory. </p>
 
 </ul>
 
-<p> The after-filter SMTP server is a new master.cf entry: </p>
+<p> The after-filter SMTP server is a new <a href="master.5.html">master.cf</a> entry: </p>
 
 <ul>
 
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 29d77edff..c975669b1 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -1165,10 +1165,12 @@ parameter.  </p>
 <!-- legacy --> per-site TLS policies </a> </h3>
 
 <p> As long as no secure DNS lookup mechanism is available, false
-hostnames may appear in MX or CNAME responses. Even with a perfect
-match between the server hostname and the server certificate, there
-is no guarantee that Postfix is connected to the right server.  To
-avoid this loophole take the following steps: </p>
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname
+and the server certificate, there is no guarantee that Postfix is
+connected to the right server.  To avoid this loophole take the
+following steps: </p>
 
 <ul>
 
diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html
index 804da530c..cd0987131 100644
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -2386,6 +2386,9 @@ is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">ma
 <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
 <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>.  </p>
 
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p> This feature is available in Postfix 2.3 and later. </p>
 
 
@@ -3543,7 +3546,7 @@ to the remote host.
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -4412,6 +4415,9 @@ is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">ma
 <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
 <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>.  </p>
 
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p> This feature is available in Postfix 2.3 and later. </p>
 
 
@@ -6266,6 +6272,9 @@ setting. The tables are searched by the sender address and by the
 @domain. This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
 <a href="postconf.5.html#default_transport">default_transport</a> and with the <a href="transport.5.html">transport(5)</a> table. </p>
 
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p>
 This feature is available in Postfix 2.3 and later.
 </p>
@@ -7167,7 +7176,7 @@ chroot jail, so you can leave the password file in /etc/postfix.
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -9308,7 +9317,7 @@ Examples:
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -10319,6 +10328,9 @@ Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tabl
 feature with local files, run "<b>postmap /etc/postfix/transport</b>"
 after making a change.  </p>
 
+<p> For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps. </p>
+
 <p>
 Examples:
 </p>
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 509579503..e36825ec2 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1287,6 +1287,9 @@ is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.
 .PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH fast_flush_domains (default: $relay_domains)
 Optional list of destinations that are eligible for per-destination
@@ -1886,7 +1889,7 @@ to the remote host.
 Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 \fBlmtp_sasl_type\fR.  Typically this specifies the name of a
-configuration file or rendez-vous point.
+configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH lmtp_sasl_security_options (default: noplaintext, noanonymous)
@@ -2398,6 +2401,9 @@ is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.
 .PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH mailq_path (default: see "postconf -d" output)
 Sendmail compatibility feature that specifies where the Postfix
@@ -3496,6 +3502,9 @@ setting. The tables are searched by the sender address and by the
 @domain. This information is overruled with relay_transport,
 default_transport and with the \fBtransport\fR(5) table.
 .PP
+For safety reasons, this feature does not allow $number
+substitutions in regular expression maps.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH sendmail_path (default: see "postconf -d" output)
 A Sendmail compatibility feature that specifies the location of
@@ -4000,7 +4009,7 @@ chroot jail, so you can leave the password file in /etc/postfix.
 Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 \fBsmtp_sasl_type\fR.  Typically this specifies the name of a
-configuration file or rendez-vous point.
+configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtp_sasl_security_options (default: noplaintext, noanonymous)
@@ -5391,7 +5400,7 @@ smtpd_sasl_local_domain = $myhostname
 Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 \fBsmtpd_sasl_type\fR.  Typically this specifies the name of a
-configuration file or rendez-vous point.
+configuration file or rendezvous point.
 .PP
 This feature is available in Postfix 2.3 and later.
 .SH smtpd_sasl_security_options (default: noanonymous)
@@ -6019,6 +6028,9 @@ Specify zero or more "type:table" lookup tables.  If you use this
 feature with local files, run "\fBpostmap /etc/postfix/transport\fR"
 after making a change.
 .PP
+For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps.
+.PP
 Examples:
 .PP
 .nf
diff --git a/postfix/proto/SMTPD_PROXY_README.html b/postfix/proto/SMTPD_PROXY_README.html
index 23a8899b5..aeb8871a8 100644
--- a/postfix/proto/SMTPD_PROXY_README.html
+++ b/postfix/proto/SMTPD_PROXY_README.html
@@ -279,7 +279,7 @@ the top of the master.cf file: </p>
 
     <li> <p> Postfix 2.3 supports both TCP and UNIX-domain filters.
     The above filter could be specified as "inet:127.0.0.1:10025".
-    To specify a UNIX-domain filter, specify "unix:<i>pathame</i>".
+    To specify a UNIX-domain filter, specify "unix:<i>pathname</i>".
     A relative pathname is interpreted relative to the Postfix queue
     directory. </p>
 
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index 3888598e4..b16479898 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -1165,10 +1165,12 @@ parameter.  </p>
 <!-- legacy --> per-site TLS policies </a> </h3>
 
 <p> As long as no secure DNS lookup mechanism is available, false
-hostnames may appear in MX or CNAME responses. Even with a perfect
-match between the server hostname and the server certificate, there
-is no guarantee that Postfix is connected to the right server.  To
-avoid this loophole take the following steps: </p>
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname
+and the server certificate, there is no guarantee that Postfix is
+connected to the right server.  To avoid this loophole take the
+following steps: </p>
 
 <ul>
 
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index e9502a3ae..ab8812b9b 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -5842,6 +5842,9 @@ Specify zero or more "type:table" lookup tables.  If you use this
 feature with local files, run "<b>postmap /etc/postfix/transport</b>"
 after making a change.  </p>
 
+<p> For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps. </p>
+
 <p>
 Examples:
 </p>
@@ -8819,6 +8822,9 @@ setting. The tables are searched by the sender address and by the
 @domain. This information is overruled with relay_transport,
 default_transport and with the transport(5) table. </p>
 
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
 <p>
 This feature is available in Postfix 2.3 and later.
 </p>
@@ -9130,7 +9136,7 @@ for authentication.  The available types are listed with the
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b>smtpd_sasl_type</b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -9139,7 +9145,7 @@ configuration file or rendez-vous point. </p>
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b>smtp_sasl_type</b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -9148,7 +9154,7 @@ configuration file or rendez-vous point. </p>
 <p> Implementation-specific information that is passed through to
 the SASL plug-in implementation that is selected with
 <b>lmtp_sasl_type</b>.  Typically this specifies the name of a
-configuration file or rendez-vous point. </p>
+configuration file or rendezvous point. </p>
 
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -9178,6 +9184,9 @@ recipients are found in the UNIX passwd database. </p>
 is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.  </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
  
 <p> This feature is available in Postfix 2.3 and later. </p>
 
@@ -9191,6 +9200,9 @@ not find in the aliases(5) or UNIX password database. </p>
 is: aliases, .forward files, mailbox_transport_maps, mailbox_transport,
 mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory,
 fallback_transport_maps, fallback_transport and luser_relay.  </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
  
 <p> This feature is available in Postfix 2.3 and later. </p>
 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index eb592a07d..bf49a45ae 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20060123"
+#define MAIL_RELEASE_DATE	"20060124"
 #define MAIL_VERSION_NUMBER	"2.3"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c
index 0d636796e..ce09c8954 100644
--- a/postfix/src/virtual/virtual.c
+++ b/postfix/src/virtual/virtual.c
@@ -501,5 +501,6 @@ int     main(int argc, char **argv)
 		       MAIL_SERVER_PRE_INIT, pre_init,
 		       MAIL_SERVER_POST_INIT, post_init,
 		       MAIL_SERVER_PRE_ACCEPT, pre_accept,
+		       MAIL_SERVER_PRIVILEGED,
 		       0);
 }