From 66a6dfee94dc3cabbcae5e3f772e78b1041c3a41 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Sat, 27 Jan 2018 00:00:00 -0500 Subject: [PATCH] postfix-3.0.12 --- postfix/HISTORY | 25 +++++++++++++++++++++++ postfix/html/FORWARD_SECRECY_README.html | 6 +++--- postfix/html/SMTPD_ACCESS_README.html | 4 ++-- postfix/proto/FORWARD_SECRECY_README.html | 6 +++--- postfix/proto/SMTPD_ACCESS_README.html | 4 ++-- postfix/src/global/mail_version.h | 4 ++-- postfix/src/local/mailbox.c | 5 +++-- postfix/src/smtpd/smtpd_check.c | 2 +- postfix/src/util/dict_db.c | 10 +++++++-- postfix/src/virtual/mailbox.c | 2 +- 10 files changed, 50 insertions(+), 18 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index d72fc35dc..b2108b5f2 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -21876,3 +21876,28 @@ Apologies for any names omitted. Bugfix (introduced: Postfix 3.0) missing dynamicmaps support in the Postfix sendmail command broke authorized_submit_users with a dynamically-loaded map type. File: sendmail/sendmail.c. + +20171116 + + Bugfix (introduced: Postfix 2.1): don't log warnings + that some restriction returns OK, when the access map + DISCARD feature is in effect. File: smtpd/smtpd_check.c. + +20171215 + + Bugfix (introduced: 20170611): the DB_CONFIG bugfix broke + Berkeley DB configurations with a relative pathname. File: + util/dict_db.c. + +20171226 + + Documentation patches by Sven Neuhaus. Files: + proto/FORWARD_SECRECY_README.html, proto/SMTPD_ACCESS_README.html. + +20180106 + + Cleanup: missing mailbox seek-to-end error check in the + local(8) delivery agent. File: local/mailbox.c. + + Cleanup: incorrect mailbox seek-to-end error message in the + virtual(8) delivery agent. File: virtual/mailbox.c. diff --git a/postfix/html/FORWARD_SECRECY_README.html b/postfix/html/FORWARD_SECRECY_README.html index 1e0adc0e1..d395344a9 100644 --- a/postfix/html/FORWARD_SECRECY_README.html +++ b/postfix/html/FORWARD_SECRECY_README.html @@ -317,9 +317,9 @@ few seconds to a few minutes): 

 # cd /etc/postfix
 # umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
 # chmod 644 dh512.pem dh1024.pem dh2048.pem
diff --git a/postfix/html/SMTPD_ACCESS_README.html b/postfix/html/SMTPD_ACCESS_README.html index 411440c7a..83235574a 100644 --- a/postfix/html/SMTPD_ACCESS_README.html +++ b/postfix/html/SMTPD_ACCESS_README.html @@ -251,7 +251,7 @@ Reject MAIL FROM information relay policy Reject RCPT TO information - < 2.10 Not available + < 2.10 Not available smtpd_recipient_restrictions ≥ @@ -259,7 +259,7 @@ relay policy relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/proto/FORWARD_SECRECY_README.html b/postfix/proto/FORWARD_SECRECY_README.html index 99f303361..faf6a7b35 100644 --- a/postfix/proto/FORWARD_SECRECY_README.html +++ b/postfix/proto/FORWARD_SECRECY_README.html @@ -317,9 +317,9 @@ few seconds to a few minutes): 

 # cd /etc/postfix
 # umask 022
-# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
-# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
-# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
+# openssl dhparam -out dh512.tmp 512 && mv dh512.tmp dh512.pem
+# openssl dhparam -out dh1024.tmp 1024 && mv dh1024.tmp dh1024.pem
+# openssl dhparam -out dh2048.tmp 2048 && mv dh2048.tmp dh2048.pem
 # chmod 644 dh512.pem dh1024.pem dh2048.pem
diff --git a/postfix/proto/SMTPD_ACCESS_README.html b/postfix/proto/SMTPD_ACCESS_README.html index ef45e1dd4..5952bb278 100644 --- a/postfix/proto/SMTPD_ACCESS_README.html +++ b/postfix/proto/SMTPD_ACCESS_README.html @@ -251,7 +251,7 @@ Reject MAIL FROM information relay policy Reject RCPT TO information - < 2.10 Not available + < 2.10 Not available smtpd_recipient_restrictions ≥ @@ -259,7 +259,7 @@ relay policy relay policy Reject RCPT TO information - < 2.10 Required + < 2.10 Required smtpd_data_restrictions ≥ 2.0 Optional diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index cbcf003a5..3b9a0ae86 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20171028" -#define MAIL_VERSION_NUMBER "3.0.11" +#define MAIL_RELEASE_DATE "20180127" +#define MAIL_VERSION_NUMBER "3.0.12" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/mailbox.c b/postfix/src/local/mailbox.c index 887333c62..d4f01bf71 100644 --- a/postfix/src/local/mailbox.c +++ b/postfix/src/local/mailbox.c @@ -97,7 +97,7 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) int deliver_status; int copy_flags; VSTRING *biff; - long end; + off_t end; struct stat st; uid_t spool_uid; gid_t spool_gid; @@ -202,7 +202,8 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) msg_warn("specify \"%s = no\" to ignore mailbox ownership mismatch", VAR_STRICT_MBOX_OWNER); } else { - end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END); + if ((end = vstream_fseek(mp->fp, (off_t) 0, SEEK_END)) < 0) + msg_fatal("seek mailbox file %s: %m", mailbox); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why); } diff --git a/postfix/src/smtpd/smtpd_check.c b/postfix/src/smtpd/smtpd_check.c index 28ee1287e..7f1a46942 100644 --- a/postfix/src/smtpd/smtpd_check.c +++ b/postfix/src/smtpd/smtpd_check.c @@ -4034,7 +4034,7 @@ static int is_map_command(SMTPD_STATE *state, const char *name, static void forbid_whitelist(SMTPD_STATE *state, const char *name, int status, const char *target) { - if (status == SMTPD_CHECK_OK) { + if (state->discard == 0 && status == SMTPD_CHECK_OK) { msg_warn("restriction %s returns OK for %s", name, target); msg_warn("this is not allowed for security reasons"); msg_warn("use DUNNO instead of OK if you want to make an exception"); diff --git a/postfix/src/util/dict_db.c b/postfix/src/util/dict_db.c index e3d341060..956d2c3f5 100644 --- a/postfix/src/util/dict_db.c +++ b/postfix/src/util/dict_db.c @@ -615,6 +615,7 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, struct stat st; DB *db = 0; char *db_path = 0; + VSTRING *db_base_buf = 0; int lock_fd = -1; int dbfd; @@ -671,6 +672,7 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, #define FREE_RETURN(e) do { \ DICT *_dict = (e); if (db) DICT_DB_CLOSE(db); \ if (lock_fd >= 0) (void) close(lock_fd); \ + if (db_base_buf) vstring_free(db_base_buf); \ if (db_path) myfree(db_path); return (_dict); \ } while (0) @@ -735,18 +737,22 @@ static DICT *dict_db_open(const char *class, const char *path, int open_flags, msg_panic("db_create null result"); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); + db_base_buf = vstring_alloc(100); #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \ (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0) - if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0) + if ((errno = db->open(db, 0, sane_basename(db_base_buf, db_path), + 0, type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #elif (DB_VERSION_MAJOR == 3 || DB_VERSION_MAJOR == 4) - if ((errno = db->open(db, db_path, 0, type, db_flags, 0644)) != 0) + if ((errno = db->open(db, sane_basename(db_base_buf, db_path), 0, + type, db_flags, 0644)) != 0) FREE_RETURN(dict_surrogate(class, path, open_flags, dict_flags, "open database %s: %m", db_path)); #else #error "Unsupported Berkeley DB version" #endif + vstring_free(db_base_buf); if ((errno = db->fd(db, &dbfd)) != 0) msg_fatal("get database file descriptor: %m"); #endif diff --git a/postfix/src/virtual/mailbox.c b/postfix/src/virtual/mailbox.c index 51e646de7..a8042f200 100644 --- a/postfix/src/virtual/mailbox.c +++ b/postfix/src/virtual/mailbox.c @@ -132,7 +132,7 @@ static int deliver_mailbox_file(LOCAL_STATE state, USER_ATTR usr_attr) VAR_STRICT_MBOX_OWNER); } else { if (vstream_fseek(mp->fp, (off_t) 0, SEEK_END) < 0) - msg_fatal("%s: seek queue file %s: %m", + msg_fatal("%s: seek mailbox file %s: %m", myname, VSTREAM_PATH(mp->fp)); mail_copy_status = mail_copy(COPY_ATTR(state.msg_attr), mp->fp, copy_flags, "\n", why); -- 2.47.3