From: Wietse Venema Date: Sat, 10 Jun 2017 05:00:00 +0000 (-0500) Subject: postfix-3.1.5 X-Git-Tag: v3.1.5^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac926e6291a21b4a8ad0d4d304ac9bc24ea8f3b8;p=thirdparty%2Fpostfix.git postfix-3.1.5 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 5a52f1c2b..d012df121 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -22317,3 +22317,25 @@ Apologies for any names omitted. senders with "smtpd_reject_unlisted_recipient = yes" or with reject_unlisted_sender. Stephen R. van den Berg (Mr. procmail). Files: smtpd/smtpd.c, smtpd/smtpd_check.c. + +20170221 + + Compatibility fix (introduced: Postfix 3.1): some Milter + applications do not recognize macros sent as {name} when + macros have single-character names. Postfix now sends such + macros without {} as it has done historically. Viktor + Dukhovni. File: milter/milter.c. + +20170430 + + Safety net: append a null byte to vstring buffers, so that + C-style string operations won't scribble past the end. File: + vstring.c. + +20170610 + + Workaround (introduced: Postfix 3.0 20140718): prevent MIME + downgrade of Postfix-generated message/delivery status. + It's supposed to be 7bit, therefore quoted-printable encoding + is not expected. Problem reported by Griff. File: + bounce/bounce_notify_util.c. diff --git a/postfix/Makefile b/postfix/Makefile index e93de9fbf..bf0bad878 100644 --- a/postfix/Makefile +++ b/postfix/Makefile @@ -1,7 +1,8 @@ # Usage: -# make makefiles [CC=compiler] [OPT=compiler-flags] [DEBUG=debug-flags] +# make makefiles [name=value]... # -# The defaults are: CC=gcc, OPT=-O, and DEBUG=-g. Examples: +# See makedefs for a descripton of available options. +# Examples: # # make makefiles # make makefiles CC="purify cc" diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c index fbcda18d4..65a874d9d 100644 --- a/postfix/src/bounce/bounce_notify_util.c +++ b/postfix/src/bounce/bounce_notify_util.c @@ -637,7 +637,9 @@ int bounce_header_dsn(VSTREAM *bounce, BOUNCE_INFO *bounce_info) (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ? "global-" : ""); /* Fix 20140709: addresses may be 8bit. */ - if (NOT_7BIT_MIME(bounce_info)) + if (NOT_7BIT_MIME(bounce_info) + /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */ + && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED)) post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s", bounce_info->mime_encoding); diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index db527e5dd..e42e1c56d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170101" -#define MAIL_VERSION_NUMBER "3.1.4" +#define MAIL_RELEASE_DATE "20170610" +#define MAIL_VERSION_NUMBER "3.1.5" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/milter/milter.c b/postfix/src/milter/milter.c index 64836d463..ac2baaf77 100644 --- a/postfix/src/milter/milter.c +++ b/postfix/src/milter/milter.c @@ -333,18 +333,21 @@ static ARGV *milter_macro_lookup(MILTERS *milters, const char *macro_names) VSTRING *canon_buf = vstring_alloc(20); const char *value; const char *name; + const char *cname; while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) { if (msg_verbose) msg_info("%s: \"%s\"", myname, name); if (*name != '{') /* } */ - name = STR(vstring_sprintf(canon_buf, "{%s}", name)); - if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) { + cname = STR(vstring_sprintf(canon_buf, "{%s}", name)); + else + cname = name; + if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) { if (msg_verbose) msg_info("%s: result \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); } else if (milters->macro_defaults != 0 - && (value = htable_find(milters->macro_defaults, name)) != 0) { + && (value = htable_find(milters->macro_defaults, cname)) != 0) { if (msg_verbose) msg_info("%s: using default \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); diff --git a/postfix/src/util/vstring.c b/postfix/src/util/vstring.c index 9e404b213..c11b18c28 100644 --- a/postfix/src/util/vstring.c +++ b/postfix/src/util/vstring.c @@ -280,6 +280,10 @@ #include "vbuf_print.h" #include "vstring.h" +#ifndef SSIZE_T_MAX +#define SSIZE_T_MAX __MAXINT__(ssize_t) +#endif + /* vstring_extend - variable-length string buffer extension policy */ static void vstring_extend(VBUF *bp, ssize_t incr) @@ -299,10 +303,13 @@ static void vstring_extend(VBUF *bp, ssize_t incr) * (The tests are redundant as long as mymalloc() and myrealloc() reject * negative length parameters). */ - new_len = bp->len + (bp->len > incr ? bp->len : incr); - if (new_len <= bp->len) + if (bp->len > incr) + incr = bp->len; + if (bp->len > SSIZE_T_MAX - incr - 1) msg_fatal("vstring_extend: length overflow"); - bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len); + new_len = bp->len + incr; + bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1); + bp->data[new_len] = 0; bp->len = new_len; bp->ptr = bp->data + used; bp->cnt = bp->len - used; @@ -342,12 +349,13 @@ VSTRING *vstring_alloc(ssize_t len) { VSTRING *vp; - if (len < 1) + if (len < 1 || len > SSIZE_T_MAX - 1) msg_panic("vstring_alloc: bad length %ld", (long) len); vp = (VSTRING *) mymalloc(sizeof(*vp)); vp->vbuf.flags = 0; vp->vbuf.len = 0; - vp->vbuf.data = (unsigned char *) mymalloc(len); + vp->vbuf.data = (unsigned char *) mymalloc(len + 1); + vp->vbuf.data[len] = 0; vp->vbuf.len = len; VSTRING_RESET(vp); vp->vbuf.data[0] = 0;