commit postfix for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package postfix for openSUSE:Factory checked in at 2017-06-23 09:17:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/postfix (Old) and /work/SRC/openSUSE:Factory/.postfix.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "postfix" Fri Jun 23 09:17:04 2017 rev:144 rq:504273 version:3.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/postfix/postfix.changes 2017-06-13 16:08:31.159176603 +0200 +++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes 2017-06-23 09:17:13.960033505 +0200 @@ -1,0 +2,22 @@ +Fri Jun 16 17:45:55 UTC 2017 - michael@stroeder.com + +- update to 3.2.2 + * Security: Berkeley DB versions 2 and later try to read settings + from a file DB_CONFIG in the current directory. This undocumented + feature may introduce undisclosed vulnerabilities resulting in + privilege escalation with Postfix set-gid programs (postdrop, + postqueue) before they chdir to the Postfix queue directory, + and with the postmap and postalias commands depending on whether + the user's current directory is writable by other users. This + fix does not change Postfix behavior for Berkeley DB versions + < 3, but it does reduce postmap and postalias 'create' performance + with Berkeley DB versions 3.0 .. 4.6. + * The SMTP server receive_override_options were not restored at + the end of an SMTP session, after the options were modified by + an smtpd_milter_maps setting of "DISABLE". Milter support + remained disabled for the life time of the smtpd process. + * After the Postfix 3.2 address/domain table lookup overhaul, the + check_sender_access and check_recipient_access features ignored + a non-default parent_domain_matches_subdomains setting. + +------------------------------------------------------------------- Old: ---- postfix-3.2.0.tar.gz New: ---- postfix-3.2.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ postfix.spec ++++++ --- /var/tmp/diff_new_pack.d3ePnA/_old 2017-06-23 09:17:14.963891660 +0200 +++ /var/tmp/diff_new_pack.d3ePnA/_new 2017-06-23 09:17:14.967891095 +0200 @@ -59,7 +59,7 @@ %define _unitdir /lib/systemd %endif Name: postfix -Version: 3.2.0 +Version: 3.2.2 Release: 0 Summary: A fast, secure, and flexible mailer License: IPL-1.0 ++++++ postfix-3.2.0.tar.gz -> postfix-3.2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/HISTORY new/postfix-3.2.2/HISTORY --- old/postfix-3.2.0/HISTORY 2017-02-19 03:08:40.000000000 +0100 +++ new/postfix-3.2.2/HISTORY 2017-06-13 19:30:40.000000000 +0200 @@ -22923,7 +22923,7 @@ 20170206 - Bugfix (introduced: Postfix 3.0): when check_mumble_a_access + Bugfix (introduced: Postfix 3.0): check_mumble_a_access did not handle [ipaddress], unlike check_mumble_mx_access. When check_mumble_a_access was introduced, some condition was not updated. Reported by James (postfix_tracker). File: @@ -22940,5 +22940,55 @@ 20170218 Cleanup: typofixes from klemens. The only change in compiled - code is in one identical mysql error message that also - appears in the pgsql client. Files: about 50. + code is in one mysql error message that also appears in the + pgsql client. Files: about 50. + +20170221 + + Compatibility fix (introduced: Postfix 3.1): some Milter + applications do not recognize macros sent as {name} when + macros have single-character names. Postfix now sends such + macros without {} as it has done historically. Viktor + Dukhovni. File: milter/milter.c. + +20170402 + + Bugfix (introduced: Postfix 3.2): restore the SMTP server + receive override options at the end of an SMTP session, + after the options may have been modified by an smtpd_milter_maps + setting of "DISABLE". Problem report by Christian Rößner, + root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c. + +20170430 + + Safety net: append a null byte to vstring buffers, so that + C-style string operations won't scribble past the end. File: + vstring.c. + +20170531 + + Bugfix (introduced: Postfix 3.2): after the table lookup + overhaul, the check_sender_access and check_recipient_access + features ignored the parent_domain_matches_subdomains + setting. Reported by Henrik Larsson. File: smtpd/smtpd_check.c. + +20170610 + + Workaround (introduced: Postfix 3.0 20140718): prevent MIME + downgrade of Postfix-generated message/delivery status. + It's supposed to be 7bit, therefore quoted-printable encoding + is not expected. Problem reported by Griff. File: + bounce/bounce_notify_util.c. + +20170611 + + Security: Berkeley DB 2 and later try to read settings from + a file DB_CONFIG in the current directory. This undocumented + feature may introduce undisclosed vulnerabilities resulting + in privilege escalation with Postfix set-gid programs + (postdrop, postqueue) before they chdir to the Postfix queue + directory, and with the postmap and postalias commands + depending on whether the user's current directory is writable + by other users. This fix does not change Postfix behavior + for Berkeley DB < 3, but reduces file create performance + for Berkeley DB 3 .. 4.6. File: util/dict_db.c. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/INSTALL new/postfix-3.2.2/INSTALL --- old/postfix-3.2.0/INSTALL 2016-12-18 00:22:25.000000000 +0100 +++ new/postfix-3.2.2/INSTALL 2017-05-03 01:24:43.000000000 +0200 @@ -612,7 +612,7 @@ |_______________________________|_____________________________________________| | |Specifies options for the postfix-install | |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, | -| |the only supported option is "-keep-new- | +| |the only supported option is "-keep-build- | | |mtime". | |_______________________________|_____________________________________________| | |Specifies non-default compiler options for | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/README_FILES/INSTALL new/postfix-3.2.2/README_FILES/INSTALL --- old/postfix-3.2.0/README_FILES/INSTALL 2016-12-18 00:22:24.000000000 +0100 +++ new/postfix-3.2.2/README_FILES/INSTALL 2017-05-03 01:24:43.000000000 +0200 @@ -612,7 +612,7 @@ |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies options for the postfix-install | |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, | -| |the only supported option is "-keep-new- | +| |the only supported option is "-keep-build- | | |mtime". | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | |Specifies non-default compiler options for | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/html/INSTALL.html new/postfix-3.2.2/html/INSTALL.html --- old/postfix-3.2.0/html/INSTALL.html 2016-12-18 00:22:21.000000000 +0100 +++ new/postfix-3.2.2/html/INSTALL.html 2017-05-03 01:24:43.000000000 +0200 @@ -883,7 +883,7 @@ <tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td> Specifies options for the <tt>postfix-install</tt> command, separated by whitespace. Currently, the only supported option is -"<tt>-keep-new-mtime</tt>". </td> </tr> +"<tt>-keep-build-mtime</tt>". </td> </tr> <tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies non-default compiler options for building Postfix dynamically-linked diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/proto/INSTALL.html new/postfix-3.2.2/proto/INSTALL.html --- old/postfix-3.2.0/proto/INSTALL.html 2016-12-11 20:03:42.000000000 +0100 +++ new/postfix-3.2.2/proto/INSTALL.html 2017-03-02 12:38:26.000000000 +0100 @@ -883,7 +883,7 @@ <tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td> Specifies options for the <tt>postfix-install</tt> command, separated by whitespace. Currently, the only supported option is -"<tt>-keep-new-mtime</tt>". </td> </tr> +"<tt>-keep-build-mtime</tt>". </td> </tr> <tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies non-default compiler options for building Postfix dynamically-linked diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/bounce/bounce_notify_util.c new/postfix-3.2.2/src/bounce/bounce_notify_util.c --- old/postfix-3.2.0/src/bounce/bounce_notify_util.c 2015-01-26 21:00:13.000000000 +0100 +++ new/postfix-3.2.2/src/bounce/bounce_notify_util.c 2017-06-10 20:47:25.000000000 +0200 @@ -637,7 +637,9 @@ (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ? "global-" : ""); /* Fix 20140709: addresses may be 8bit. */ - if (NOT_7BIT_MIME(bounce_info)) + if (NOT_7BIT_MIME(bounce_info) + /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */ + && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED)) post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s", bounce_info->mime_encoding); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/global/mail_version.h new/postfix-3.2.2/src/global/mail_version.h --- old/postfix-3.2.0/src/global/mail_version.h 2017-03-01 01:39:43.000000000 +0100 +++ new/postfix-3.2.2/src/global/mail_version.h 2017-06-13 19:28:36.000000000 +0200 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20170228" -#define MAIL_VERSION_NUMBER "3.2.0" +#define MAIL_RELEASE_DATE "20170613" +#define MAIL_VERSION_NUMBER "3.2.2" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/milter/milter.c new/postfix-3.2.2/src/milter/milter.c --- old/postfix-3.2.0/src/milter/milter.c 2016-01-24 01:42:19.000000000 +0100 +++ new/postfix-3.2.2/src/milter/milter.c 2017-02-21 23:32:57.000000000 +0100 @@ -333,18 +333,21 @@ VSTRING *canon_buf = vstring_alloc(20); const char *value; const char *name; + const char *cname; while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) { if (msg_verbose) msg_info("%s: \"%s\"", myname, name); if (*name != '{') /* } */ - name = STR(vstring_sprintf(canon_buf, "{%s}", name)); - if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) { + cname = STR(vstring_sprintf(canon_buf, "{%s}", name)); + else + cname = name; + if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) { if (msg_verbose) msg_info("%s: result \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); } else if (milters->macro_defaults != 0 - && (value = htable_find(milters->macro_defaults, name)) != 0) { + && (value = htable_find(milters->macro_defaults, cname)) != 0) { if (msg_verbose) msg_info("%s: using default \"%s\"", myname, value); argv_add(argv, name, value, (char *) 0); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/smtpd/smtpd.c new/postfix-3.2.2/src/smtpd/smtpd.c --- old/postfix-3.2.0/src/smtpd/smtpd.c 2017-02-19 02:58:21.000000000 +0100 +++ new/postfix-3.2.2/src/smtpd/smtpd.c 2017-04-03 23:58:06.000000000 +0200 @@ -5396,6 +5396,8 @@ milter_free(state->milters); state->milters = 0; } + smtpd_input_transp_mask = + input_transp_mask(VAR_INPUT_TRANSP, var_input_transp); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/smtpd/smtpd_check.c new/postfix-3.2.2/src/smtpd/smtpd_check.c --- old/postfix-3.2.0/src/smtpd/smtpd_check.c 2017-02-05 21:55:35.000000000 +0100 +++ new/postfix-3.2.2/src/smtpd/smtpd_check.c 2017-05-31 23:29:46.000000000 +0200 @@ -3174,6 +3174,7 @@ const char *myname = "check_mail_access"; const RESOLVE_REPLY *reply; const char *value; + int lookup_strategy; int status; MAPS *maps; @@ -3213,8 +3214,10 @@ * Look up user+foo@domain if the address has an extension, user@domain * otherwise. */ -#define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \ - | MA_FIND_PDMS | MA_FIND_LOCALPART_AT) + lookup_strategy = MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN + | MA_FIND_LOCALPART_AT + | (access_parent_style == MATCH_FLAG_PARENT ? + MA_FIND_PDMS : MA_FIND_PDDMDS); if ((maps = (MAPS *) htable_find(map_command_table, table)) == 0) { msg_warn("%s: unexpected dictionary: %s", myname, table); @@ -3225,7 +3228,7 @@ def_acl)); } if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient), - (char **) 0, LOOKUP_STRATEGY)) != 0) { + (char **) 0, lookup_strategy)) != 0) { *found = 1; status = check_table_result(state, table, value, CONST_STR(reply->recipient), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/util/dict_db.c new/postfix-3.2.2/src/util/dict_db.c --- old/postfix-3.2.0/src/util/dict_db.c 2014-12-07 02:35:33.000000000 +0100 +++ new/postfix-3.2.2/src/util/dict_db.c 2017-06-13 18:12:21.000000000 +0200 @@ -122,6 +122,9 @@ typedef struct { DICT dict; /* generic members */ DB *db; /* open db file */ +#if DB_VERSION_MAJOR > 2 + DB_ENV *dbenv; +#endif #if DB_VERSION_MAJOR > 1 DBC *cursor; /* dict_db_sequence() */ #endif @@ -553,6 +556,9 @@ if (DICT_DB_CLOSE(dict_db->db) < 0) msg_info("close database %s: %m (possible Berkeley DB bug)", dict_db->dict.name); +#if DB_VERSION_MAJOR > 2 + dict_db->dbenv->close(dict_db->dbenv, 0); +#endif if (dict_db->key_buf) vstring_free(dict_db->key_buf); if (dict_db->val_buf) @@ -562,6 +568,44 @@ dict_free(dict); } +#if DB_VERSION_MAJOR > 2 + +/* dict_db_new_env - workaround for undocumented ./DB_CONFIG read */ + +static DB_ENV *dict_db_new_env(const char *db_path) +{ + VSTRING *db_home_buf; + DB_ENV *dbenv; + u_int32_t cache_size_gbytes; + u_int32_t cache_size_bytes; + int ncache; + + if ((errno = db_env_create(&dbenv, 0)) != 0) + msg_fatal("create DB environment: %m"); +#if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 7) + if ((errno = dbenv->get_cachesize(dbenv, &cache_size_gbytes, + &cache_size_bytes, &ncache)) != 0) + msg_fatal("get DB cache size: %m"); + if (cache_size_gbytes == 0 && cache_size_bytes < dict_db_cache_size) { + if ((errno = dbenv->set_cache_max(dbenv, cache_size_gbytes, + dict_db_cache_size)) != 0) + msg_fatal("set DB max cache size %d: %m", dict_db_cache_size); + if ((errno = dbenv->set_cachesize(dbenv, cache_size_gbytes, + dict_db_cache_size, ncache)) != 0) + msg_fatal("set DB cache size %d: %m", dict_db_cache_size); + } +#endif + /* XXX db_home is also the default directory for the .db file. */ + db_home_buf = vstring_alloc(100); + if ((errno = dbenv->open(dbenv, sane_dirname(db_home_buf, db_path), + DB_INIT_MPOOL | DB_CREATE | DB_PRIVATE, 0)) != 0) + msg_fatal("open DB environment: %m"); + vstring_free(db_home_buf); + return (dbenv); +} + +#endif + /* dict_db_open - open data base */ static DICT *dict_db_open(const char *class, const char *path, int open_flags, @@ -578,6 +622,10 @@ int db_flags; #endif +#if DB_VERSION_MAJOR > 2 + DB_ENV *dbenv; + +#endif /* * Mismatches between #include file and library are a common cause for @@ -681,12 +729,10 @@ db_flags |= DB_CREATE; if (open_flags & O_TRUNC) db_flags |= DB_TRUNCATE; - if ((errno = db_create(&db, 0, 0)) != 0) + if ((errno = db_create(&db, dbenv = dict_db_new_env(db_path), 0)) != 0) msg_fatal("create DB database: %m"); if (db == 0) msg_panic("db_create null result"); - if ((errno = db->set_cachesize(db, 0, dict_db_cache_size, 0)) != 0) - msg_fatal("set DB cache size %d: %m", dict_db_cache_size); if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0) msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM); #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \ @@ -743,6 +789,9 @@ if (dict_flags & DICT_FLAG_FOLD_FIX) dict_db->dict.fold_buf = vstring_alloc(10); dict_db->db = db; +#if DB_VERSION_MAJOR > 2 + dict_db->dbenv = dbenv; +#endif #if DB_VERSION_MAJOR > 1 dict_db->cursor = 0; #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/postfix-3.2.0/src/util/vstring.c new/postfix-3.2.2/src/util/vstring.c --- old/postfix-3.2.0/src/util/vstring.c 2016-03-20 01:20:38.000000000 +0100 +++ new/postfix-3.2.2/src/util/vstring.c 2017-06-10 21:35:51.000000000 +0200 @@ -307,10 +307,11 @@ */ if ((bp->flags & VSTRING_FLAG_EXACT) == 0 && bp->len > incr) incr = bp->len; - if (bp->len > SSIZE_T_MAX - incr) + if (bp->len > SSIZE_T_MAX - incr - 1) msg_fatal("vstring_extend: length overflow"); new_len = bp->len + incr; - bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len); + bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1); + bp->data[new_len] = 0; bp->len = new_len; bp->ptr = bp->data + used; bp->cnt = bp->len - used; @@ -350,12 +351,13 @@ { VSTRING *vp; - if (len < 1) + if (len < 1 || len > SSIZE_T_MAX - 1) msg_panic("vstring_alloc: bad length %ld", (long) len); vp = (VSTRING *) mymalloc(sizeof(*vp)); vp->vbuf.flags = 0; vp->vbuf.len = 0; - vp->vbuf.data = (unsigned char *) mymalloc(len); + vp->vbuf.data = (unsigned char *) mymalloc(len + 1); + vp->vbuf.data[len] = 0; vp->vbuf.len = len; VSTRING_RESET(vp); vp->vbuf.data[0] = 0;
participants (1)
-
root@hilbert.suse.de