From: Wietse Venema Date: Sat, 19 May 2018 05:00:00 +0000 (-0500) Subject: postfix-3.2.6 X-Git-Tag: v3.2.6^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f86f44b424ff1277fc5e3655319be54d4c22d51e;p=thirdparty%2Fpostfix.git postfix-3.2.6 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 8c3c0eba7..5397ee80e 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -23070,3 +23070,25 @@ Apologies for any names omitted. to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. File: LICENSE. + +20180218 + + Cleanup: added 22 missing *_maps parameters to the default + proxy_read_maps setting. Files: global/mail_params.h. + + Bugfix (introduced: 20120117): postconf should scan only + built-in or service-defined parameters for ldap, *sql, etc. + database names. Files: postconf/postconf_user.c. + +20180306 + + Bugfix (introduced: 19990302): when luser_relay specifies + a non-existent local address, the luser_relay feature becomes + a black hole. Reported by Jørgen Thomsen. File: local/unknown.c. + +20180422 + + Bugfix (introduced: Postfix 2.8): missing tls_server_start() + error propagation in tlsproxy(8) resulting in segfault after + TLS handshake error. Found during code maintenance. File: + tlsproxy/tlsproxy.c. diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 3cc94a02b..fd5fd551c 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2363,7 +2363,29 @@ extern int var_local_rcpt_code; " $" VAR_HELO_CHECKS \ " $" VAR_MAIL_CHECKS \ " $" VAR_RELAY_CHECKS \ - " $" VAR_RCPT_CHECKS + " $" VAR_RCPT_CHECKS \ + " $" VAR_VRFY_SND_DEF_XPORT_MAPS \ + " $" VAR_VRFY_RELAY_MAPS \ + " $" VAR_VRFY_XPORT_MAPS \ + " $" VAR_FBCK_TRANSP_MAPS \ + " $" VAR_LMTP_EHLO_DIS_MAPS \ + " $" VAR_LMTP_PIX_BUG_MAPS \ + " $" VAR_LMTP_SASL_PASSWD \ + " $" VAR_LMTP_TLS_POLICY \ + " $" VAR_MAILBOX_CMD_MAPS \ + " $" VAR_MBOX_TRANSP_MAPS \ + " $" VAR_PSC_EHLO_DIS_MAPS \ + " $" VAR_RBL_REPLY_MAPS \ + " $" VAR_SND_DEF_XPORT_MAPS \ + " $" VAR_SND_RELAY_MAPS \ + " $" VAR_SMTP_EHLO_DIS_MAPS \ + " $" VAR_SMTP_PIX_BUG_MAPS \ + " $" VAR_SMTP_SASL_PASSWD \ + " $" VAR_SMTP_TLS_POLICY \ + " $" VAR_SMTPD_EHLO_DIS_MAPS \ + " $" VAR_SMTPD_MILTER_MAPS \ + " $" VAR_VIRT_GID_MAPS \ + " $" VAR_VIRT_UID_MAPS extern char *var_proxy_read_maps; #define VAR_PROXY_WRITE_MAPS "proxy_write_maps" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 21949388f..b84dd3978 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20180127" -#define MAIL_VERSION_NUMBER "3.2.5" +#define MAIL_RELEASE_DATE "20180519" +#define MAIL_VERSION_NUMBER "3.2.6" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/unknown.c b/postfix/src/local/unknown.c index 733aa1350..c97cef39b 100644 --- a/postfix/src/local/unknown.c +++ b/postfix/src/local/unknown.c @@ -73,11 +73,14 @@ #include #include #include +#include /* Application-specific. */ #include "local.h" +#define STREQ(x,y) (strcasecmp((x),(y)) == 0) + /* deliver_unknown - delivery for unknown recipients */ int deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr) @@ -85,6 +88,7 @@ int deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr) const char *myname = "deliver_unknown"; int status; VSTRING *expand_luser; + VSTRING *canon_luser; static MAPS *transp_maps; const char *map_transport; @@ -139,8 +143,20 @@ int deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr) if (*var_luser_relay) { state.msg_attr.unmatched = 0; expand_luser = vstring_alloc(100); + canon_luser = vstring_alloc(100); local_expand(expand_luser, var_luser_relay, &state, &usr_attr, (void *) 0); - status = deliver_resolve_addr(state, usr_attr, STR(expand_luser)); + /* In case luser_relay specifies a domain-less address. */ + canon_addr_external(canon_luser, vstring_str(expand_luser)); + /* Assumes that the address resolver won't change the address. */ + if (STREQ(vstring_str(canon_luser), state.msg_attr.rcpt.address)) { + dsb_simple(state.msg_attr.why, "5.1.1", + "unknown user: \"%s\"", state.msg_attr.user); + status = bounce_append(BOUNCE_FLAGS(state.request), + BOUNCE_ATTR(state.msg_attr)); + } else { + status = deliver_resolve_addr(state, usr_attr, STR(expand_luser)); + } + vstring_free(canon_luser); vstring_free(expand_luser); return (status); } @@ -149,8 +165,6 @@ int deliver_unknown(LOCAL_STATE state, USER_ATTR usr_attr) * If no alias was found for a required reserved name, toss the message * into the bit bucket, and issue a warning instead. */ -#define STREQ(x,y) (strcasecmp(x,y) == 0) - if (STREQ(state.msg_attr.user, MAIL_ADDR_MAIL_DAEMON) || STREQ(state.msg_attr.user, MAIL_ADDR_POSTMASTER)) { msg_warn("required alias not found: %s", state.msg_attr.user); diff --git a/postfix/src/postconf/postconf_user.c b/postfix/src/postconf/postconf_user.c index b638ab3b6..cf5102e85 100644 --- a/postfix/src/postconf/postconf_user.c +++ b/postfix/src/postconf/postconf_user.c @@ -290,8 +290,13 @@ static void pcf_scan_user_parameter_namespace(const char *dict_name, } SCAN_USER_PARAMETER_VALUE(cparam_value, PCF_PARAM_FLAG_USER, local_scope); #ifdef LEGACY_DBMS_SUPPORT - pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter, - local_scope); +#define PCF_BUILTIN_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_BUILTIN) +#define PCF_SERVICE_PARAMETER(node) ((node)->flags & PCF_PARAM_FLAG_SERVICE) + + if (node != 0 + && (PCF_BUILTIN_PARAMETER(node) || PCF_SERVICE_PARAMETER(node))) + pcf_register_dbms_parameters(cparam_value, pcf_flag_user_parameter, + local_scope); #endif } } diff --git a/postfix/src/postconf/test28.ref b/postfix/src/postconf/test28.ref index a16ae5e02..031fa613a 100644 --- a/postfix/src/postconf/test28.ref +++ b/postfix/src/postconf/test28.ref @@ -1,10 +1,10 @@ config_directory = . db = memcache -foo_domain = bar header_checks = ldap:hh hh_domain = whatever yy = aap zz_domain = whatever +./postconf: warning: ./main.cf: unused parameter: foo_domain=bar ./postconf: warning: ./main.cf: unused parameter: zz=$yy ./postconf: warning: ./main.cf: unused parameter: aa_domain=whatever ./postconf: warning: ./main.cf: unused parameter: xx=proxy:ldap:foo diff --git a/postfix/src/postconf/test29.ref b/postfix/src/postconf/test29.ref index 75a2efafd..d44e38dcb 100644 --- a/postfix/src/postconf/test29.ref +++ b/postfix/src/postconf/test29.ref @@ -1,16 +1,16 @@ config_directory = . -ldapfoo_domain = bar -memcachefoo_domain = bar -mysqlfoo_domain = bar -pgsqlfoo_domain = bar -sqlitefoo_domain = bar ./postconf: warning: ./main.cf: unused parameter: sqlitexx=proxy:sqlite:sqlitefoo ./postconf: warning: ./main.cf: unused parameter: pgsqlxx=proxy:pgsql:pgsqlfoo +./postconf: warning: ./main.cf: unused parameter: ldapfoo_domain=bar ./postconf: warning: ./main.cf: unused parameter: memcachefoo_domainx=bar ./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domainx=bar +./postconf: warning: ./main.cf: unused parameter: sqlitefoo_domain=bar ./postconf: warning: ./main.cf: unused parameter: memcachexx=proxy:memcache:memcachefoo ./postconf: warning: ./main.cf: unused parameter: mysqlxx=proxy:mysql:mysqlfoo ./postconf: warning: ./main.cf: unused parameter: ldapxx=proxy:ldap:ldapfoo ./postconf: warning: ./main.cf: unused parameter: ldapfoo_domainx=bar +./postconf: warning: ./main.cf: unused parameter: memcachefoo_domain=bar ./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domainx=bar ./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domainx=bar +./postconf: warning: ./main.cf: unused parameter: mysqlfoo_domain=bar +./postconf: warning: ./main.cf: unused parameter: pgsqlfoo_domain=bar diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 383ba0d60..0796dd200 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -659,7 +659,7 @@ static void tlsp_ciphertext_event(int event, void *context) /* tlsp_start_tls - turn on TLS or force disconnect */ -static void tlsp_start_tls(TLSP_STATE *state) +static int tlsp_start_tls(TLSP_STATE *state) { TLS_SERVER_START_PROPS props; static char *cipher_grade; @@ -712,7 +712,7 @@ static void tlsp_start_tls(TLSP_STATE *state) if (state->tls_context == 0) { tlsp_state_free(state); - return; + return (-1); } /* @@ -725,6 +725,7 @@ static void tlsp_start_tls(TLSP_STATE *state) * XXX Do we care about certificate verification results? Not as long as * postscreen(8) doesn't actually receive email. */ + return (0); } /* tlsp_get_fd_event - receive final postscreen(8) hand-off information */ @@ -772,7 +773,8 @@ static void tlsp_get_fd_event(int event, void *context) * Perform the TLS layer before-handshake initialization. We perform the * remainder after the TLS handshake completes. */ - tlsp_start_tls(state); + if (tlsp_start_tls(state) < 0) + return; /* * Trigger the initial proxy server I/Os.