commit postfix for openSUSE:Factory

Sat, 17 Oct 2015 07:37:52 -0700 

Hello community,

here is the log from the commit of package postfix for openSUSE:Factory checked 
in at 2015-10-17 16:36:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
 and      /work/SRC/openSUSE:Factory/.postfix.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "postfix"

Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes  2015-09-16 
10:36:50.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes     2015-10-17 
16:36:44.000000000 +0200
@@ -1,0 +2,24 @@
+Mon Oct 12 20:49:27 UTC 2015 - [email protected]
+
+- upstream update postfix 2.11.7:
+  * The Postfix Milter client aborted with a panic while adding a
+    message header, after adding a short message header with the
+    header_checks PREPEND action. Fixed by invoking the header
+    output function while PREPENDing a message header.
+  * False alarms while scanning the Postfix queue. Fixed by resetting
+    errno before calling readdir(). This defect was introduced
+    19970309.
+  * The postmulti command produced an incorrect error message.
+  * The postmulti command now refuses to create a new MTA instance
+    when the template main.cf or master.cf file are missing. This
+    is a common problem on Debian-like systems.
+  * Turning on Postfix SMTP server HAProxy support broke TLS
+    wrappermode. Fixed by temporarily using a 1-byte VSTREAM buffer
+    to read the HAProxy connection hand-off information.
+  * The xtext_unquote() function did not propagate error reports
+    from xtext_unquote_append(), causing the decoder to return
+    partial output, instead of rejecting malformed input. The Postfix
+    SMTP server uses this function to parse input for the ENVID and
+    ORCPT parameters, and for XFORWARD and XCLIENT command parameters.
+
+-------------------------------------------------------------------

Old:
----
  postfix-2.11.6.tar.gz

New:
----
  postfix-2.11.7.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.WyC4eX/_old  2015-10-17 16:36:45.000000000 +0200
+++ /var/tmp/diff_new_pack.WyC4eX/_new  2015-10-17 16:36:45.000000000 +0200
@@ -52,7 +52,7 @@
 %define         _unitdir /lib/systemd
 %endif
 Name:           postfix
-Version:        2.11.6
+Version:        2.11.7
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0

++++++ postfix-2.11.6.tar.gz -> postfix-2.11.7.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/HISTORY new/postfix-2.11.7/HISTORY
--- old/postfix-2.11.6/HISTORY  2015-07-20 00:39:31.000000000 +0200
+++ new/postfix-2.11.7/HISTORY  2015-10-10 17:07:12.000000000 +0200
@@ -19684,3 +19684,47 @@
        SSLv2 or SSLv3.  See the RELEASE_NOTES file for how to get
        the old settings back. Files: global/mail_params.h,
        proto/postconf.proto, and files derived from those.
+
+20150903
+
+       Workaround: disable DNSSEC support for AIX 7x and earlier.
+       The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without
+       defining the "ad" bit.  Viktor Dukhovni.  Files: makedefs,
+       proto/INSTALL.html, dns/dns.h.
+
+20150923
+
+       Bugfix (introduced: 20120531-617): the Postfix SMTP server
+       used a larger-than-1 VSTREAM buffer to read the HAProxy
+       connection hand-off information. This broke TLS wrappermode,
+       as the TLS helo packet would end up in the plaintext VSTREAM
+       buffer. Reported by Lukas Erlacher.  File: smtpd/smtpd_haproxy.c.
+
+20150924
+
+       Bugfix (introduced: 20090216-24): incorrect postmulti error
+       message. Reported by Patrik Koetter. Fix by Viktor Dukhovni.
+       File: postmulti/postmulti.c.
+
+       Workaround: don't create a new instance when the template
+       main.cf and master.cf files are missing, as happens on
+       Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script.
+
+20150925
+
+       Bugfix (introduced: 19970309, fixed 20150421 in development
+       release): reset errno before calling readdir(), in order
+       to distinguish between an end-of-directory and an error
+       condition. File: scandir.c.
+
+20150930
+
+       Bugfix (introduced: 20040124): Milter client panic while
+       adding a header, because the PREPEND action used the same
+       output function for header_checks and body_checks.  Viktor
+       Dukhovni and Wietse. File: cleanup/cleanup_message.c.
+
+       Bugfix (introduced: 20031128): xtext_unquote() did not
+       propagate error reports from xtext_unquote_append(), causing
+       the decoder to return partial ouput, instead of rejecting
+       malformed input. Fix by Krzysztof Wojta.  File: global/xtext.c.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/README_FILES/INSTALL 
new/postfix-2.11.7/README_FILES/INSTALL
--- old/postfix-2.11.6/README_FILES/INSTALL     2013-09-29 23:49:46.000000000 
+0200
+++ new/postfix-2.11.7/README_FILES/INSTALL     2015-10-10 17:01:41.000000000 
+0200
@@ -255,6 +255,9 @@
 ||                             |probably should also override DEF_DB_TYPE as  |
 ||                             |described in section 4.4.                     |
 |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
+||-DNO_DNSSEC                  |Do not build with DNSSEC support, even if the |
+||                             |resolver library appears to support it.       |
+|_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 ||                             |Do not build with Solaris /dev/poll support.  |
 ||-DNO_DEVPOLL                 |By default, /dev/poll support is compiled in  |
 ||                             |on Solaris versions that are known to support |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/conf/postmulti-script 
new/postfix-2.11.7/conf/postmulti-script
--- old/postfix-2.11.6/conf/postmulti-script    2009-08-03 01:02:59.000000000 
+0200
+++ new/postfix-2.11.7/conf/postmulti-script    2015-10-10 16:35:48.000000000 
+0200
@@ -127,6 +127,11 @@
                fatal "'$config_directory' lacks a master.cf file"
        }
 
+       test -f $daemon_directory/main.cf ||
+           fatal "Missing main.cf prototype: $daemon_directory/main.cf"
+       test -f $daemon_directory/master.cf ||
+           fatal "Missing master.cf prototype: $daemon_directory/master.cf"
+
        # Create instance-specific directories
        #
        test -d $config_directory ||
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/html/INSTALL.html 
new/postfix-2.11.7/html/INSTALL.html
--- old/postfix-2.11.6/html/INSTALL.html        2013-09-29 23:49:46.000000000 
+0200
+++ new/postfix-2.11.7/html/INSTALL.html        2015-10-10 17:01:41.000000000 
+0200
@@ -383,6 +383,10 @@
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.4.  </td> </tr>
 
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/makedefs new/postfix-2.11.7/makedefs
--- old/postfix-2.11.6/makedefs 2015-07-19 16:24:10.000000000 +0200
+++ new/postfix-2.11.7/makedefs 2015-10-10 16:35:48.000000000 +0200
@@ -31,6 +31,9 @@
 #      Do not build with Solaris /dev/poll support.
 #      By default, /dev/poll support is compiled in on platforms that
 #      are known to support it.
+# .IP \fB-DNO_DNSSEC\fR
+#      Do not build with DNSSEC support, even if the resolver
+#      library appears to support it.
 # .IP \fB-DNO_EPOLL\fR
 #      Do not build with Linux EPOLL support.
 #      By default, EPOLL support is compiled in on platforms that
@@ -259,18 +262,21 @@
                ;;
        AIX.*)  case "`uname -v`" in
                6)      SYSTYPE=AIX6
+                       CCARGS="$CCARGS -DNO_DNSSEC"
                        case "$CC" in
                        cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w 
-blibpath:/usr/lib:/lib:/usr/local/lib";;
                        esac
                        CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
                        ;;
                5)      SYSTYPE=AIX5
+                       CCARGS="$CCARGS -DNO_DNSSEC"
                        case "$CC" in
                        cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w 
-blibpath:/usr/lib:/lib:/usr/local/lib";;
                        esac
                        CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP"
                        ;;
                4)      SYSTYPE=AIX4
+                       CCARGS="$CCARGS -DNO_DNSSEC"
                        # How embarrassing...
                        case "$CC" in
                        cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w 
-blibpath:/usr/lib:/lib:/usr/local/lib";;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/proto/INSTALL.html 
new/postfix-2.11.7/proto/INSTALL.html
--- old/postfix-2.11.6/proto/INSTALL.html       2013-09-29 22:52:42.000000000 
+0200
+++ new/postfix-2.11.7/proto/INSTALL.html       2015-10-10 16:35:48.000000000 
+0200
@@ -383,6 +383,10 @@
 this, then you probably should also override DEF_DB_TYPE as described
 in section 4.4.  </td> </tr>
 
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
 <tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
 Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
 support is compiled in on Solaris versions that are known to support
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/cleanup/cleanup_message.c 
new/postfix-2.11.7/src/cleanup/cleanup_message.c
--- old/postfix-2.11.6/src/cleanup/cleanup_message.c    2014-10-18 
23:23:26.000000000 +0200
+++ new/postfix-2.11.7/src/cleanup/cleanup_message.c    2015-10-10 
16:35:48.000000000 +0200
@@ -385,11 +385,20 @@
     if (STREQUAL(value, "PREPEND", command_len)) {
        if (*optional_text == 0) {
            msg_warn("PREPEND action without text in %s map", map_class);
-       } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0
-                  && !is_header(optional_text)) {
-           msg_warn("bad PREPEND header text \"%s\" in %s map -- "
-                    "need \"headername: headervalue\"",
-                    optional_text, map_class);
+       } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) {
+           if (!is_header(optional_text)) {
+               msg_warn("bad PREPEND header text \"%s\" in %s map -- "
+                        "need \"headername: headervalue\"",
+                        optional_text, map_class);
+           } else {
+               VSTRING *temp;
+
+               cleanup_act_log(state, "prepend", context, buf, optional_text);
+               temp = vstring_strcpy(vstring_alloc(strlen(optional_text)),
+                                                    optional_text);
+               cleanup_out_header(state, temp);
+               vstring_free(temp);
+           }
        } else {
            cleanup_act_log(state, "prepend", context, buf, optional_text);
            cleanup_out_string(state, REC_TYPE_NORM, optional_text);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/dns/dns.h 
new/postfix-2.11.7/src/dns/dns.h
--- old/postfix-2.11.6/src/dns/dns.h    2013-11-28 00:23:06.000000000 +0100
+++ new/postfix-2.11.7/src/dns/dns.h    2015-10-10 16:35:48.000000000 +0200
@@ -54,6 +54,13 @@
 
 #endif
 
+/*
+ * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available
+ */
+#ifdef NO_DNSSEC
+#undef RES_USE_DNSSEC
+#endif
+
  /*
   * Compatibility with systems that lack RES_USE_DNSSEC and RES_USE_EDNS0
   */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/global/mail_version.h 
new/postfix-2.11.7/src/global/mail_version.h
--- old/postfix-2.11.6/src/global/mail_version.h        2015-07-21 
01:18:59.000000000 +0200
+++ new/postfix-2.11.7/src/global/mail_version.h        2015-10-10 
17:35:58.000000000 +0200
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20150720"
-#define MAIL_VERSION_NUMBER    "2.11.6"
+#define MAIL_RELEASE_DATE      "20151010"
+#define MAIL_VERSION_NUMBER    "2.11.7"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE      "-" MAIL_RELEASE_DATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/global/xtext.c 
new/postfix-2.11.7/src/global/xtext.c
--- old/postfix-2.11.6/src/global/xtext.c       2013-11-24 01:44:42.000000000 
+0100
+++ new/postfix-2.11.7/src/global/xtext.c       2015-10-10 16:35:48.000000000 
+0200
@@ -134,8 +134,7 @@
 VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted)
 {
     VSTRING_RESET(unquoted);
-    xtext_unquote_append(unquoted, quoted);
-    return (unquoted);
+    return (xtext_unquote_append(unquoted, quoted) ? unquoted : 0);
 }
 
 #ifdef TEST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/postmulti/postmulti.c 
new/postfix-2.11.7/src/postmulti/postmulti.c
--- old/postfix-2.11.6/src/postmulti/postmulti.c        2013-12-21 
00:03:10.000000000 +0100
+++ new/postfix-2.11.7/src/postmulti/postmulti.c        2015-10-10 
16:35:48.000000000 +0200
@@ -1689,7 +1689,7 @@
        case 'e':
            if ((code = EDIT_CMD_CODE(optarg)) < 0)
                msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', "
-                         "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
+                         "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'",
                          optarg,
                          EDIT_CMD_STR(EDIT_CMD_CREATE),
                          EDIT_CMD_STR(EDIT_CMD_DESTROY),
@@ -1698,8 +1698,7 @@
                          EDIT_CMD_STR(EDIT_CMD_ENABLE),
                          EDIT_CMD_STR(EDIT_CMD_DISABLE),
                          EDIT_CMD_STR(EDIT_CMD_ASSIGN),
-                         EDIT_CMD_STR(EDIT_CMD_INIT),
-                         optarg);
+                         EDIT_CMD_STR(EDIT_CMD_INIT));
            if (cmd_mode != code)
                command_mode_count++;
            cmd_mode = code;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/smtpd/smtpd_haproxy.c 
new/postfix-2.11.7/src/smtpd/smtpd_haproxy.c
--- old/postfix-2.11.6/src/smtpd/smtpd_haproxy.c        2012-06-30 
23:12:00.000000000 +0200
+++ new/postfix-2.11.7/src/smtpd/smtpd_haproxy.c        2015-10-10 
16:35:48.000000000 +0200
@@ -96,6 +96,14 @@
     VSTRING *escape_buf;
 
     /*
+     * While reading HAProxy handshake information, don't buffer input beyond
+     * the end-of-line. That would break the TLS wrappermode handshake.
+     */
+    vstream_control(state->client,
+                   VSTREAM_CTL_BUFSIZE, 1,
+                   VSTREAM_CTL_END);
+
+    /*
      * Note: the haproxy_srvr_parse() routine performs address protocol
      * checks, address and port syntax checks, and converts IPv4-in-IPv6
      * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted
@@ -142,6 +150,13 @@
         * Avoid surprises in the Dovecot authentication server.
         */
        state->dest_addr = mystrdup(smtp_server_addr.buf);
+
+       /*
+        * Enable normal buffering.
+        */
+       vstream_control(state->client,
+                       VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE,
+                       VSTREAM_CTL_END);
        return (0);
     }
 }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-2.11.6/src/util/scan_dir.c 
new/postfix-2.11.7/src/util/scan_dir.c
--- old/postfix-2.11.6/src/util/scan_dir.c      2006-06-26 14:59:19.000000000 
+0200
+++ new/postfix-2.11.7/src/util/scan_dir.c      2015-10-10 15:59:27.000000000 
+0200
@@ -78,6 +78,7 @@
 #endif
 #endif
 #include <string.h>
+#include <errno.h>
 
 /* Utility library. */
 
@@ -177,6 +178,13 @@
 #define STREQ(x,y)     (strcmp((x),(y)) == 0)
 
     if (info) {
+
+       /*
+        * Fix 20150421: readdir() does not reset errno after reaching the
+        * end-of-directory. This dates back all the way to the initial
+        * implementation of 19970309.
+        */
+       errno = 0;
        while ((dp = readdir(info->dir)) != 0) {
            if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) {
                if (msg_verbose > 1)

Reply via email to