Download: https://www.courier-mta.org/download.html
New development builds of all packages. Changes:- all: add build scripts that create installable deb packages, directly from source .tar.bz2 files, similar to how rpm packages get built. This was implemented on Ubuntu 20 and may or may not work on other Debian-derived distributions (the most likely determining factor is going to be names of build requirements). The instructions are found in each package's INSTALL and are mostly the same for all packages.
- sqwebmail: Fix minor use after free bugs: when showing links to decoded PGP attachments, and if the calendar module is enabled, and the calendaring server runs out of disk space; when updating the index file. Freed memory was read before any additional allocations took place, this reduces potential exposure. A diff patch is attached for earlier versions, if an immediate update is not possible (this patch should apply to the libs subdirectory of courier and sqwebmail packages).
- all: updates for gcc 12, autotools, and OpenSSL 3.0. - sqwebmail: remove duplicate manpages from standalone sqwebmail install. - cone: fixes an incompatibility with OpenSSL 3.0- sysconftool: add sysconftoolize man page, clean up the hierarchy, eliminating the docbook symlink.
- courier-imap: fix csh profile script's adjustment of env variables. Fix RPM packages' installation script to automatically create temporary self- signed certs.
- courier-authlib: remove obsolete configure script code for migrating from pre-courier-authlib versions of courier packages. Remove obsolete userdb- test-md5 script.
- courier: remove obsolete initialization of /etc/courier/userdb*, this was moved to courier-authlib. Replace the webadmin suid binary with a socket- based daemon, like sqwebmail.
- courier-analog: add --journal option to read logs from the system journal. - courier, courier-imap's configure script will run correctly as root.- courier: Removed fixed uid and gid values that get determined at compile time and baked into Courier. courier/mail's uid and gid gets looked up at runtime, with minimal cost.
- courier: Fix obscure SASL authentication breakage. - courier, courier-imap: Additional internal automated tests.
diff --git a/pcp/pcpdir.c b/pcp/pcpdir.c
index ba8aad73..aa3298fc 100644
--- a/pcp/pcpdir.c
+++ b/pcp/pcpdir.c
@@ -403,9 +403,9 @@ static char *acquire_dotlock(struct PCPdir *pd)
if (!tmpname)
{
- free(n);
fprintf(stderr, "ALERT: Failed to create dotlock: %s - %s\n",
n, strerror(errno));
+ free(n);
return (NULL);
}
strcat(strcat(strcat(strcpy(tmpname, pd->dirname), "/."),
@@ -416,9 +416,9 @@ static char *acquire_dotlock(struct PCPdir *pd)
if (!fp)
{
free(tmpname);
- free(n);
fprintf(stderr, "ALERT: Failed to create dotlock: %s - %s\n",
n, strerror(errno));
+ free(n);
return (NULL);
}
@@ -428,9 +428,9 @@ static char *acquire_dotlock(struct PCPdir *pd)
fclose(fp);
unlink(tmpname);
free(tmpname);
- free(n);
fprintf(stderr, "ALERT: Failed to create dotlock: %s - %s\n",
n, strerror(errno));
+ free(n);
return (NULL);
}
@@ -438,9 +438,9 @@ static char *acquire_dotlock(struct PCPdir *pd)
{
unlink(tmpname);
free(tmpname);
- free(n);
fprintf(stderr, "ALERT: Failed to create dotlock: %s - %s\n",
n, strerror(errno));
+ free(n);
return (NULL);
}
diff --git a/rfc1035/testlookup.c b/rfc1035/testlookup.c
index 869e8066..29faafcd 100644
--- a/rfc1035/testlookup.c
+++ b/rfc1035/testlookup.c
@@ -332,7 +332,7 @@ char ptrbuf[RFC1035_MAXNAMESIZE+1];
replyp=rfc1035_resolve(&res, RFC1035_OPCODE_QUERY,
q_name, q_type[0], q_class);
}
- free(q_type);
+
if (!replyp)
{
perror(argv[0]);
@@ -358,5 +358,6 @@ char ptrbuf[RFC1035_MAXNAMESIZE+1];
}
rfc1035_replyfree(replyp);
rfc1035_destroy_resolv(&res);
+ free(q_type);
return (0);
}
diff --git a/sqwebmail/maildir.c b/sqwebmail/maildir.c
index fd121824..f22062e3 100644
--- a/sqwebmail/maildir.c
+++ b/sqwebmail/maildir.c
@@ -927,6 +927,7 @@ static int do_msgmove(const char *from,
{
free(destdir);
enomem();
+ exit(0); /* gcc warning fix */
}
strcat(strcpy(p, destdir), "/shared");
free(destdir);
@@ -3046,23 +3047,24 @@ static void maildir_save_start(const char *folder,
save_time=t;
#if 1
{
- int f = -1;
- char *tmpfname = alloc_filename(maildir,
- "", MAILDIRCURCACHE ".nfshack");
- if (tmpfname) {
- f = open(tmpfname, O_CREAT|O_WRONLY, 0600);
- free(tmpfname);
- }
- if (f != -1) {
- struct stat s;
- if (write(f, ".", 1) != 1)
- ; /* ignore */
- fsync(f);
- if (fstat(f, &s) == 0)
- save_time = s.st_mtime;
- close(f);
- unlink(tmpfname);
- }
+ int f = -1;
+ char *tmpfname = alloc_filename(maildir,
+ "", MAILDIRCURCACHE ".nfshack");
+ if (tmpfname) {
+ f = open(tmpfname, O_CREAT|O_WRONLY, 0600);
+
+ if (f != -1) {
+ struct stat s;
+ if (write(f, ".", 1) != 1)
+ ; /* ignore */
+ fsync(f);
+ if (fstat(f, &s) == 0)
+ save_time = s.st_mtime;
+ close(f);
+ unlink(tmpfname);
+ }
+ free(tmpfname);
+ }
}
#endif
diff --git a/sqwebmail/msg2html.c b/sqwebmail/msg2html.c
index 74ecfb69..a3bb4daa 100644
--- a/sqwebmail/msg2html.c
+++ b/sqwebmail/msg2html.c
@@ -1066,12 +1066,12 @@ static char *convertcid(const char *cidurl, void *voidp)
else
p=(*cid_info->info->get_url_to_mime_part)(mimeid,
cid_info->info);
- free(mimeid);
-
if (*mimegpgfilename && rfc->parent &&
libmail_gpgmime_is_decoded(rfc->parent, &dummy))
add_decoded_link(rfc->parent, mimeid, dummy);
+ free(mimeid);
+
return p;
}
pgpIndvHhKeE9.pgp
Description: PGP signature
_______________________________________________ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
