From: Wietse Venema Date: Thu, 16 Jan 2014 05:00:00 +0000 (-0500) Subject: postfix-2.9.9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c87d18233352796033573f434f2e44db1c38e6e5;p=thirdparty%2Fpostfix.git postfix-2.9.9 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 53d3826ad..d4efeec4d 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -17834,3 +17834,36 @@ Apologies for any names omitted. each smtpd(8) process. The workaround turns off session tickets. In 2.11 we'll enable session tickets properly. Viktor Dukhovni. File: tls/tls_server.c. + +20131026 + + Future proofing: API changes in the PCRE library. File: + util/dict_pcre.c. + +20131127 + + Bugfix (introduced: 20090106): the postconf '-#' option + erased prior options. File: postconf/postconf.c. + +20131129 + + Bugfix: Makefile example in MULTI_INSTANCE_README. Viktor + Dukhovni. File: proto/MULTI_INSTANCE_README.html. + +20131216 + + OpenSSL future proofing: tolerate disappearance of named + bug-workaround bits without invalidating tls_disable_workarounds + configurations. When support for a bug workaround is removed + from OpenSSL, the corresponding bit is defined as zero (i.e. + NOOP) instead of causing programs to break. Viktor Dukhovni. + File: tls/tls_misc.c. + +20131220 + + Documentation: typo in SASL_README. Patrick Ben Koetter. + File: proto/SASL_README.html. + +20140104 + + Bugfix: malformed error message. File: conf/post-install. diff --git a/postfix/README_FILES/MULTI_INSTANCE_README b/postfix/README_FILES/MULTI_INSTANCE_README index b6e15d2e3..8756a9d6f 100644 --- a/postfix/README_FILES/MULTI_INSTANCE_README +++ b/postfix/README_FILES/MULTI_INSTANCE_README @@ -177,7 +177,7 @@ database when none exists. generic: Makefile @echo Creating $@ @rm -f $@.tmp - @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp + @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp @mv $@.tmp generic %.cdb: % diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index 282edc1d4..601ebb7c2 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -477,7 +477,7 @@ to a PostgreSQL server: sql_user: username sql_passwd: secret sql_database: dbname - sql_select: SELECT password FROM users WHERE user = '%u'@'%r' + sql_select: SELECT password FROM users WHERE user = '%u@%r' NNoottee diff --git a/postfix/conf/post-install b/postfix/conf/post-install index 63ad8a0bd..d56b8151b 100644 --- a/postfix/conf/post-install +++ b/postfix/conf/post-install @@ -464,7 +464,7 @@ test -n "$create" && { case $type in [hl]) continue;; [df]) ;; - *) echo unknown type $type for $path in $daemon_directory/postfix-files1>&2; exit 1;; + *) echo unknown type $type for $path in $daemon_directory/postfix-files 1>&2; exit 1;; esac # Expand $name, and canonicalize null fields. for name in path owner group flags diff --git a/postfix/html/MULTI_INSTANCE_README.html b/postfix/html/MULTI_INSTANCE_README.html index f22433874..c5e5f7e1d 100644 --- a/postfix/html/MULTI_INSTANCE_README.html +++ b/postfix/html/MULTI_INSTANCE_README.html @@ -233,7 +233,7 @@ creates a "generic" database when none exists.

generic: Makefile @echo Creating $@ @rm -f $@.tmp - @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp + @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp @mv $@.tmp generic %.cdb: % diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index f76ca860f..3ab30a1fe 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -784,7 +784,7 @@ and connects it to a PostgreSQL server:

sql_user: username sql_passwd: secret sql_database: dbname - sql_select: SELECT password FROM users WHERE user = '%u'@'%r' + sql_select: SELECT password FROM users WHERE user = '%u@%r' diff --git a/postfix/proto/MULTI_INSTANCE_README.html b/postfix/proto/MULTI_INSTANCE_README.html index fe6fc7c6d..e6812e7b5 100644 --- a/postfix/proto/MULTI_INSTANCE_README.html +++ b/postfix/proto/MULTI_INSTANCE_README.html @@ -233,7 +233,7 @@ creates a "generic" database when none exists.

generic: Makefile @echo Creating $@ @rm -f $@.tmp - @printf '%s\t%s+root=%s\n' root $MTAADMIN `uname -n` > $@.tmp + @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` > $@.tmp @mv $@.tmp generic %.cdb: % diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index a3320be86..11f4cc24e 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -784,7 +784,7 @@ and connects it to a PostgreSQL server:

sql_user: username sql_passwd: secret sql_database: dbname - sql_select: SELECT password FROM users WHERE user = '%u'@'%r' + sql_select: SELECT password FROM users WHERE user = '%u@%r' diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 4e18c4537..1ae1520ff 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20130905" -#define MAIL_VERSION_NUMBER "2.9.8" +#define MAIL_RELEASE_DATE "20140116" +#define MAIL_VERSION_NUMBER "2.9.9" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c index becede834..f6ee45522 100644 --- a/postfix/src/postconf/postconf.c +++ b/postfix/src/postconf/postconf.c @@ -456,7 +456,7 @@ int main(int argc, char **argv) break; #endif case '#': - cmd_mode = COMMENT_OUT; + cmd_mode |= COMMENT_OUT; break; case 'h': diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 5fef95920..1555efcdd 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -241,59 +241,72 @@ static const NAME_CODE protocol_table[] = { #define NAMEBUG(x) #x, SSL_OP_##x static const LONG_NAME_MASK ssl_bug_tweaks[] = { -#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG) - NAMEBUG(MICROSOFT_SESS_ID_BUG), /* 0x00000001L */ +#ifndef SSL_OP_MICROSOFT_SESS_ID_BUG +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0 #endif + NAMEBUG(MICROSOFT_SESS_ID_BUG), -#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG) - NAMEBUG(NETSCAPE_CHALLENGE_BUG), /* 0x00000002L */ +#ifndef SSL_OP_NETSCAPE_CHALLENGE_BUG +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0 #endif + NAMEBUG(NETSCAPE_CHALLENGE_BUG), -#if defined(SSL_OP_LEGACY_SERVER_CONNECT) - NAMEBUG(LEGACY_SERVER_CONNECT), /* 0x00000004L */ +#ifndef SSL_OP_LEGACY_SERVER_CONNECT +#define SSL_OP_LEGACY_SERVER_CONNECT 0 #endif + NAMEBUG(LEGACY_SERVER_CONNECT), -#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) - NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG), /* 0x00000008L */ - "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, +#ifndef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0 #endif + NAMEBUG(NETSCAPE_REUSE_CIPHER_CHANGE_BUG), + "CVE-2010-4180", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG, -#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG) - NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG), /* 0x00000010L */ +#ifndef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0 #endif + NAMEBUG(SSLREF2_REUSE_CERT_TYPE_BUG), -#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER),/* 0x00000020L */ +#ifndef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0 #endif + NAMEBUG(MICROSOFT_BIG_SSLV3_BUFFER), -#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING) - NAMEBUG(MSIE_SSLV2_RSA_PADDING), /* 0x00000040L */ - "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING, +#ifndef SSL_OP_MSIE_SSLV2_RSA_PADDING +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0 #endif + NAMEBUG(MSIE_SSLV2_RSA_PADDING), + "CVE-2005-2969", SSL_OP_MSIE_SSLV2_RSA_PADDING, -#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG) - NAMEBUG(SSLEAY_080_CLIENT_DH_BUG), /* 0x00000080L */ +#ifndef SSL_OP_SSLEAY_080_CLIENT_DH_BUG +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0 #endif + NAMEBUG(SSLEAY_080_CLIENT_DH_BUG), -#if defined(SSL_OP_TLS_D5_BUG) - NAMEBUG(TLS_D5_BUG), /* 0x00000100L */ +#ifndef SSL_OP_TLS_D5_BUG +#define SSL_OP_TLS_D5_BUG 0 #endif + NAMEBUG(TLS_D5_BUG), -#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG) - NAMEBUG(TLS_BLOCK_PADDING_BUG), /* 0x00000200L */ +#ifndef SSL_OP_TLS_BLOCK_PADDING_BUG +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0 #endif + NAMEBUG(TLS_BLOCK_PADDING_BUG), -#if defined(SSL_OP_TLS_ROLLBACK_BUG) - NAMEBUG(TLS_ROLLBACK_BUG), /* 0x00000400L */ +#ifndef SSL_OP_TLS_ROLLBACK_BUG +#define SSL_OP_TLS_ROLLBACK_BUG 0 #endif + NAMEBUG(TLS_ROLLBACK_BUG), -#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) - NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS), /* 0x00000800L */ +#ifndef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0 #endif + NAMEBUG(DONT_INSERT_EMPTY_FRAGMENTS), -#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG) - NAMEBUG(CRYPTOPRO_TLSEXT_BUG), /* 0x80000000L */ +#ifndef SSL_OP_CRYPTOPRO_TLSEXT_BUG +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0 #endif + NAMEBUG(CRYPTOPRO_TLSEXT_BUG), 0, 0, }; @@ -866,7 +879,8 @@ long tls_bug_bits(void) { long bits = SSL_OP_ALL; /* Work around all known bugs */ -#if OPENSSL_VERSION_NUMBER >= 0x00908000L +#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ + OPENSSL_VERSION_NUMBER < 0x10000000L long lib_version = SSLeay(); /* @@ -892,6 +906,10 @@ long tls_bug_bits(void) bits &= ~long_name_mask_opt(VAR_TLS_BUG_TWEAKS, ssl_bug_tweaks, var_tls_bug_tweaks, NAME_MASK_ANY_CASE | NAME_MASK_NUMBER | NAME_MASK_WARN); +#ifdef SSL_OP_SAFARI_ECDHE_ECDSA_BUG + /* Not relevant to SMTP */ + bits &= ~SSL_OP_SAFARI_ECDHE_ECDSA_BUG; +#endif } return (bits); } diff --git a/postfix/src/util/dict_pcre.c b/postfix/src/util/dict_pcre.c index 060019ec5..3ae2104b9 100644 --- a/postfix/src/util/dict_pcre.c +++ b/postfix/src/util/dict_pcre.c @@ -61,6 +61,15 @@ #include "pcre.h" #include "warn_stat.h" + /* + * Backwards compatibility. + */ +#ifdef PCRE_STUDY_JIT_COMPILE +#define DICT_PCRE_FREE_STUDY(x) pcre_free_study(x) +#else +#define DICT_PCRE_FREE_STUDY(x) pcre_free((char *) (x)) +#endif + /* * Support for IF/ENDIF based on an idea by Bert Driehuis. */ @@ -389,7 +398,7 @@ static void dict_pcre_close(DICT *dict) if (match_rule->pattern) myfree((char *) match_rule->pattern); if (match_rule->hints) - myfree((char *) match_rule->hints); + DICT_PCRE_FREE_STUDY(match_rule->hints); if (match_rule->replacement) myfree((char *) match_rule->replacement); break; @@ -398,7 +407,7 @@ static void dict_pcre_close(DICT *dict) if (if_rule->pattern) myfree((char *) if_rule->pattern); if (if_rule->hints) - myfree((char *) if_rule->hints); + DICT_PCRE_FREE_STUDY(if_rule->hints); break; case DICT_PCRE_OP_ENDIF: break; @@ -679,7 +688,7 @@ static DICT_PCRE_RULE *dict_pcre_parse_rule(const char *mapname, int lineno, if (engine.pattern) myfree((char *) engine.pattern); if (engine.hints) - myfree((char *) engine.hints); + DICT_PCRE_FREE_STUDY(engine.hints); CREATE_MATCHOP_ERROR_RETURN(0); } #endif