commit postfix for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2015-10-17 16:36:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "postfix" Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2015-09-16 10:36:50.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2015-10-17 16:36:44.000000000 +0200 @@ -1,0 +2,24 @@ +Mon Oct 12 20:49:27 UTC 2015 - michael@stroeder.com + +- upstream update postfix 2.11.7: + * The Postfix Milter client aborted with a panic while adding a + message header, after adding a short message header with the + header_checks PREPEND action. Fixed by invoking the header + output function while PREPENDing a message header. + * False alarms while scanning the Postfix queue. Fixed by resetting + errno before calling readdir(). This defect was introduced + 19970309. + * The postmulti command produced an incorrect error message. + * The postmulti command now refuses to create a new MTA instance + when the template main.cf or master.cf file are missing. This + is a common problem on Debian-like systems. + * Turning on Postfix SMTP server HAProxy support broke TLS + wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer + to read the HAProxy connection hand-off information. + * The xtext_unquote() function did not propagate error reports + from xtext_unquote_append(), causing the decoder to return + partial output, instead of rejecting malformed input. The Postfix + SMTP server uses this function to parse input for the ENVID and + ORCPT parameters, and for XFORWARD and XCLIENT command parameters. + +------------------------------------------------------------------- Old: ---- postfix-2.11.6.tar.gz New: ---- postfix-2.11.7.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.WyC4eX/_old 2015-10-17 16:36:45.000000000 +0200 +++ /var/tmp/diff_new_pack.WyC4eX/_new 2015-10-17 16:36:45.000000000 +0200 @@ -52,7 +52,7 @@ %define _unitdir /lib/systemd %endif Name: postfix -Version: 2.11.6 +Version: 2.11.7 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 ++++++ postfix-2.11.6.tar.gz -> postfix-2.11.7.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/HISTORY new/postfix-2.11.7/HISTORY --- old/postfix-2.11.6/HISTORY 2015-07-20 00:39:31.000000000 +0200 +++ new/postfix-2.11.7/HISTORY 2015-10-10 17:07:12.000000000 +0200 @@ -19684,3 +19684,47 @@ SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get the old settings back. Files: global/mail_params.h, proto/postconf.proto, and files derived from those. + +20150903 + + Workaround: disable DNSSEC support for AIX 7x and earlier. + The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without + defining the "ad" bit. Viktor Dukhovni. Files: makedefs, + proto/INSTALL.html, dns/dns.h. + +20150923 + + Bugfix (introduced: 20120531-617): the Postfix SMTP server + used a larger-than-1 VSTREAM buffer to read the HAProxy + connection hand-off information. This broke TLS wrappermode, + as the TLS helo packet would end up in the plaintext VSTREAM + buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c. + +20150924 + + Bugfix (introduced: 20090216-24): incorrect postmulti error + message. Reported by Patrik Koetter. Fix by Viktor Dukhovni. + File: postmulti/postmulti.c. + + Workaround: don't create a new instance when the template + main.cf and master.cf files are missing, as happens on + Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script. + +20150925 + + Bugfix (introduced: 19970309, fixed 20150421 in development + release): reset errno before calling readdir(), in order + to distinguish between an end-of-directory and an error + condition. File: scandir.c. + +20150930 + + Bugfix (introduced: 20040124): Milter client panic while + adding a header, because the PREPEND action used the same + output function for header_checks and body_checks. Viktor + Dukhovni and Wietse. File: cleanup/cleanup_message.c. + + Bugfix (introduced: 20031128): xtext_unquote() did not + propagate error reports from xtext_unquote_append(), causing + the decoder to return partial ouput, instead of rejecting + malformed input. Fix by Krzysztof Wojta. File: global/xtext.c. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/README_FILES/INSTALL new/postfix-2.11.7/README_FILES/INSTALL --- old/postfix-2.11.6/README_FILES/INSTALL 2013-09-29 23:49:46.000000000 +0200 +++ new/postfix-2.11.7/README_FILES/INSTALL 2015-10-10 17:01:41.000000000 +0200 @@ -255,6 +255,9 @@ || |probably should also override DEF_DB_TYPE as | || |described in section 4.4. | |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | +||-DNO_DNSSEC |Do not build with DNSSEC support, even if the | +|| |resolver library appears to support it. | +|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | || |Do not build with Solaris /dev/poll support. | ||-DNO_DEVPOLL |By default, /dev/poll support is compiled in | || |on Solaris versions that are known to support | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/conf/postmulti-script new/postfix-2.11.7/conf/postmulti-script --- old/postfix-2.11.6/conf/postmulti-script 2009-08-03 01:02:59.000000000 +0200 +++ new/postfix-2.11.7/conf/postmulti-script 2015-10-10 16:35:48.000000000 +0200 @@ -127,6 +127,11 @@ fatal "'$config_directory' lacks a master.cf file" } + test -f $daemon_directory/main.cf || + fatal "Missing main.cf prototype: $daemon_directory/main.cf" + test -f $daemon_directory/master.cf || + fatal "Missing master.cf prototype: $daemon_directory/master.cf" + # Create instance-specific directories # test -d $config_directory || diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/html/INSTALL.html new/postfix-2.11.7/html/INSTALL.html --- old/postfix-2.11.6/html/INSTALL.html 2013-09-29 23:49:46.000000000 +0200 +++ new/postfix-2.11.7/html/INSTALL.html 2015-10-10 17:01:41.000000000 +0200 @@ -383,6 +383,10 @@ this, then you probably should also override DEF_DB_TYPE as described in section 4.4. </td> </tr> +<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC +support, even if the resolver library appears to support it. </td> +</tr> + <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt> support is compiled in on Solaris versions that are known to support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/makedefs new/postfix-2.11.7/makedefs --- old/postfix-2.11.6/makedefs 2015-07-19 16:24:10.000000000 +0200 +++ new/postfix-2.11.7/makedefs 2015-10-10 16:35:48.000000000 +0200 @@ -31,6 +31,9 @@ # Do not build with Solaris /dev/poll support. # By default, /dev/poll support is compiled in on platforms that # are known to support it. +# .IP \fB-DNO_DNSSEC\fR +# Do not build with DNSSEC support, even if the resolver +# library appears to support it. # .IP \fB-DNO_EPOLL\fR # Do not build with Linux EPOLL support. # By default, EPOLL support is compiled in on platforms that @@ -259,18 +262,21 @@ ;; AIX.*) case "`uname -v`" in 6) SYSTYPE=AIX6 + CCARGS="$CCARGS -DNO_DNSSEC" case "$CC" in cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; esac CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" ;; 5) SYSTYPE=AIX5 + CCARGS="$CCARGS -DNO_DNSSEC" case "$CC" in cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; esac CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" ;; 4) SYSTYPE=AIX4 + CCARGS="$CCARGS -DNO_DNSSEC" # How embarrassing... case "$CC" in cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/proto/INSTALL.html new/postfix-2.11.7/proto/INSTALL.html --- old/postfix-2.11.6/proto/INSTALL.html 2013-09-29 22:52:42.000000000 +0200 +++ new/postfix-2.11.7/proto/INSTALL.html 2015-10-10 16:35:48.000000000 +0200 @@ -383,6 +383,10 @@ this, then you probably should also override DEF_DB_TYPE as described in section 4.4. </td> </tr> +<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC +support, even if the resolver library appears to support it. </td> +</tr> + <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt> support is compiled in on Solaris versions that are known to support diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/cleanup/cleanup_message.c new/postfix-2.11.7/src/cleanup/cleanup_message.c --- old/postfix-2.11.6/src/cleanup/cleanup_message.c 2014-10-18 23:23:26.000000000 +0200 +++ new/postfix-2.11.7/src/cleanup/cleanup_message.c 2015-10-10 16:35:48.000000000 +0200 @@ -385,11 +385,20 @@ if (STREQUAL(value, "PREPEND", command_len)) { if (*optional_text == 0) { msg_warn("PREPEND action without text in %s map", map_class); - } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0 - && !is_header(optional_text)) { - msg_warn("bad PREPEND header text \"%s\" in %s map -- " - "need \"headername: headervalue\"", - optional_text, map_class); + } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) { + if (!is_header(optional_text)) { + msg_warn("bad PREPEND header text \"%s\" in %s map -- " + "need \"headername: headervalue\"", + optional_text, map_class); + } else { + VSTRING *temp; + + cleanup_act_log(state, "prepend", context, buf, optional_text); + temp = vstring_strcpy(vstring_alloc(strlen(optional_text)), + optional_text); + cleanup_out_header(state, temp); + vstring_free(temp); + } } else { cleanup_act_log(state, "prepend", context, buf, optional_text); cleanup_out_string(state, REC_TYPE_NORM, optional_text); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/dns/dns.h new/postfix-2.11.7/src/dns/dns.h --- old/postfix-2.11.6/src/dns/dns.h 2013-11-28 00:23:06.000000000 +0100 +++ new/postfix-2.11.7/src/dns/dns.h 2015-10-10 16:35:48.000000000 +0200 @@ -54,6 +54,13 @@ #endif +/* + * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available + */ +#ifdef NO_DNSSEC +#undef RES_USE_DNSSEC +#endif + /* * Compatibility with systems that lack RES_USE_DNSSEC and RES_USE_EDNS0 */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/global/mail_version.h new/postfix-2.11.7/src/global/mail_version.h --- old/postfix-2.11.6/src/global/mail_version.h 2015-07-21 01:18:59.000000000 +0200 +++ new/postfix-2.11.7/src/global/mail_version.h 2015-10-10 17:35:58.000000000 +0200 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20150720" -#define MAIL_VERSION_NUMBER "2.11.6" +#define MAIL_RELEASE_DATE "20151010" +#define MAIL_VERSION_NUMBER "2.11.7" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/global/xtext.c new/postfix-2.11.7/src/global/xtext.c --- old/postfix-2.11.6/src/global/xtext.c 2013-11-24 01:44:42.000000000 +0100 +++ new/postfix-2.11.7/src/global/xtext.c 2015-10-10 16:35:48.000000000 +0200 @@ -134,8 +134,7 @@ VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted) { VSTRING_RESET(unquoted); - xtext_unquote_append(unquoted, quoted); - return (unquoted); + return (xtext_unquote_append(unquoted, quoted) ? unquoted : 0); } #ifdef TEST diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/postmulti/postmulti.c new/postfix-2.11.7/src/postmulti/postmulti.c --- old/postfix-2.11.6/src/postmulti/postmulti.c 2013-12-21 00:03:10.000000000 +0100 +++ new/postfix-2.11.7/src/postmulti/postmulti.c 2015-10-10 16:35:48.000000000 +0200 @@ -1689,7 +1689,7 @@ case 'e': if ((code = EDIT_CMD_CODE(optarg)) < 0) msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', " - "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'", + "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'", optarg, EDIT_CMD_STR(EDIT_CMD_CREATE), EDIT_CMD_STR(EDIT_CMD_DESTROY), @@ -1698,8 +1698,7 @@ EDIT_CMD_STR(EDIT_CMD_ENABLE), EDIT_CMD_STR(EDIT_CMD_DISABLE), EDIT_CMD_STR(EDIT_CMD_ASSIGN), - EDIT_CMD_STR(EDIT_CMD_INIT), - optarg); + EDIT_CMD_STR(EDIT_CMD_INIT)); if (cmd_mode != code) command_mode_count++; cmd_mode = code; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/smtpd/smtpd_haproxy.c new/postfix-2.11.7/src/smtpd/smtpd_haproxy.c --- old/postfix-2.11.6/src/smtpd/smtpd_haproxy.c 2012-06-30 23:12:00.000000000 +0200 +++ new/postfix-2.11.7/src/smtpd/smtpd_haproxy.c 2015-10-10 16:35:48.000000000 +0200 @@ -96,6 +96,14 @@ VSTRING *escape_buf; /* + * While reading HAProxy handshake information, don't buffer input beyond + * the end-of-line. That would break the TLS wrappermode handshake. + */ + vstream_control(state->client, + VSTREAM_CTL_BUFSIZE, 1, + VSTREAM_CTL_END); + + /* * Note: the haproxy_srvr_parse() routine performs address protocol * checks, address and port syntax checks, and converts IPv4-in-IPv6 * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted @@ -142,6 +150,13 @@ * Avoid surprises in the Dovecot authentication server. */ state->dest_addr = mystrdup(smtp_server_addr.buf); + + /* + * Enable normal buffering. + */ + vstream_control(state->client, + VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE, + VSTREAM_CTL_END); return (0); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-2.11.6/src/util/scan_dir.c new/postfix-2.11.7/src/util/scan_dir.c --- old/postfix-2.11.6/src/util/scan_dir.c 2006-06-26 14:59:19.000000000 +0200 +++ new/postfix-2.11.7/src/util/scan_dir.c 2015-10-10 15:59:27.000000000 +0200 @@ -78,6 +78,7 @@ #endif #endif #include <string.h> +#include <errno.h> /* Utility library. */ @@ -177,6 +178,13 @@ #define STREQ(x,y) (strcmp((x),(y)) == 0) if (info) { + + /* + * Fix 20150421: readdir() does not reset errno after reaching the + * end-of-directory. This dates back all the way to the initial + * implementation of 19970309. + */ + errno = 0; while ((dp = readdir(info->dir)) != 0) { if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) { if (msg_verbose > 1)
participants (1)
-
root@hilbert.suse.de