Hi LaMont, Release Team, I've taken a look at this RC bug in Postfix. Looking at the diff between 2.9.3-2.1 (testing) and 2.9.6-1 (sid), t
I've attached the debdiff between testing and unstable removing changes to po files, documentation and tests. The changes for this bug are the majority, and the rest is isolated fixes for actual, welldocumented bugs (and the bulk of the documentation changes also relates to this bug as well). I've also attached the relevant HISTORY entries describing the changes between the versions. The only complication I see is the inadvertent maintainer address change: already reported as #699877. I've known the Postfix stable releases to be of high quality and bugfix only. Much like the PostgresQL microreleases we accept into stable. Therefore, I propose that LaMont fixes the maintainer address bug in unstable (which is already pending according to the bug), after which the release team decides whether this can be unblocked. Is this a feasible approach? Cheers, Thijs
diff -Nru postfix-2.9.3/debian/init.d postfix-2.9.6/debian/init.d --- postfix-2.9.3/debian/init.d 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/debian/init.d 2013-03-02 12:33:11.000000000 +0100 @@ -156,12 +156,12 @@ if [ -f ${file} ]; then chmod a+rX ${file}; fi done # ldaps needs this. debian bug 572841 - echo -e /dev/random\\n/dev/urandom | cpio -pdL --quiet . 2>/dev/null || true + (echo /dev/random; echo /dev/urandom) | cpio -pdL --quiet . 2>/dev/null || true rm -f usr/lib/zoneinfo/localtime mkdir -p usr/lib/zoneinfo ln -sf /etc/localtime usr/lib/zoneinfo/localtime - LIBLIST=$(for name in gcc_s nss; do + LIBLIST=$(for name in gcc_s nss resolv; do for f in /lib/*/lib${name}*.so* /lib/lib${name}*.so*; do if [ -f "$f" ]; then echo ${f#/}; fi; done; diff -Nru postfix-2.9.3/debian/rules postfix-2.9.6/debian/rules --- postfix-2.9.3/debian/rules 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/debian/rules 2013-03-02 12:33:11.000000000 +0100 @@ -46,7 +46,7 @@ endif CCARGS=-DDEBIAN -DMAX_DYNAMIC_MAPS -DHAS_PCRE -DHAS_LDAP -DHAS_SQLITE \ - -DMYORIGIN_FROM_FILE -DNO_NIS \ + -DMYORIGIN_FROM_FILE \ $(shell getconf LFS_CFLAGS) \ -DHAS_CDB \ -DHAS_MYSQL -I/usr/include/mysql \ @@ -158,7 +158,7 @@ install -m 0444 debian/lintian-override ${base}/usr/share/lintian/overrides/${package} if dpkg-vendor --is ubuntu; then \ - install -m 644 -D debian/postfix.apport debian/bind9/usr/share/apport/package-hooks/postfix.py; \ + install -m 644 -D debian/postfix.apport ${base}/usr/share/apport/package-hooks/postfix.py; \ fi debian/vars: diff -Nru postfix-2.9.3/makedefs postfix-2.9.6/makedefs --- postfix-2.9.3/makedefs 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/makedefs 2013-03-02 12:33:11.000000000 +0100 @@ -153,6 +153,8 @@ ;; FreeBSD.8*) SYSTYPE=FREEBSD8 ;; + FreeBSD.9*) SYSTYPE=FREEBSD9 + ;; OpenBSD.2*) SYSTYPE=OPENBSD2 ;; OpenBSD.3*) SYSTYPE=OPENBSD3 diff -Nru postfix-2.9.3/src/global/dict_ldap.c postfix-2.9.6/src/global/dict_ldap.c --- postfix-2.9.3/src/global/dict_ldap.c 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/src/global/dict_ldap.c 2013-03-02 12:33:11.000000000 +0100 @@ -930,8 +930,11 @@ #endif LDAP_CONN *conn; + /* + * Join key fields with null characters. + */ #define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1) -#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i)) +#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu%c", (unsigned long)(i), 0) ADDSTR(keybuf, dict_ldap->server_host); ADDINT(keybuf, dict_ldap->server_port); diff -Nru postfix-2.9.3/src/global/mail_dict.c postfix-2.9.6/src/global/mail_dict.c --- postfix-2.9.3/src/global/mail_dict.c 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/src/global/mail_dict.c 2013-03-02 12:33:11.000000000 +0100 @@ -60,8 +60,8 @@ #ifdef HAS_SQLITE DICT_TYPE_SQLITE, dict_sqlite_open, #endif - DICT_TYPE_MEMCACHE, dict_memcache_open, #endif /* MAX_DYNAMIC_MAPS */ + DICT_TYPE_MEMCACHE, dict_memcache_open, 0, }; diff -Nru postfix-2.9.3/src/global/mail_params.h postfix-2.9.6/src/global/mail_params.h --- postfix-2.9.3/src/global/mail_params.h 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/src/global/mail_params.h 2013-03-02 12:33:11.000000000 +0100 @@ -3034,6 +3034,10 @@ #define DEF_TLS_BUG_TWEAKS TLS_BUG_TWEAKS extern char *var_tls_bug_tweaks; +#define VAR_TLS_BC_PKEY_FPRINT "tls_legacy_public_key_fingerprints" +#define DEF_TLS_BC_PKEY_FPRINT 0 +extern bool var_tls_bc_pkey_fprint; + /* * Sendmail-style mail filter support. */ diff -Nru postfix-2.9.3/src/global/mail_version.h postfix-2.9.6/src/global/mail_version.h --- postfix-2.9.3/src/global/mail_version.h 2012-05-21 00:24:22.000000000 +0200 +++ postfix-2.9.6/src/global/mail_version.h 2013-02-03 21:46:53.000000000 +0100 @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20120520" -#define MAIL_VERSION_NUMBER "2.9.3" +#define MAIL_RELEASE_DATE "20130203" +#define MAIL_VERSION_NUMBER "2.9.6" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -Nru postfix-2.9.3/src/global/server_acl.c postfix-2.9.6/src/global/server_acl.c --- postfix-2.9.3/src/global/server_acl.c 2011-12-24 03:13:31.000000000 +0100 +++ postfix-2.9.6/src/global/server_acl.c 2012-10-03 16:04:58.000000000 +0200 @@ -112,8 +112,8 @@ char *bp = saved_acl; char *acl; -#define STREQ(x,y) ((*x) == (*y) && strcasecmp((x), (y)) == 0) -#define STRNE(x,y) ((*x) != (*y) || strcasecmp((x), (y)) != 0) +#define STREQ(x,y) (strcasecmp((x), (y)) == 0) +#define STRNE(x,y) (strcasecmp((x), (y)) != 0) /* * Nested tables are not allowed. Tables are opened before entering the diff -Nru postfix-2.9.3/src/local/biff_notify.c postfix-2.9.6/src/local/biff_notify.c --- postfix-2.9.3/src/local/biff_notify.c 2005-07-13 22:46:18.000000000 +0200 +++ postfix-2.9.6/src/local/biff_notify.c 2012-07-05 18:56:30.000000000 +0200 @@ -43,6 +43,7 @@ /* Utility library. */ #include <msg.h> +#include <iostuff.h> /* Application-specific. */ @@ -81,9 +82,12 @@ /* * Open a socket, or re-use an existing one. */ - if (sock < 0 && (sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - msg_warn("socket: %m"); - return; + if (sock < 0) { + if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { + msg_warn("socket: %m"); + return; + } + close_on_exec(sock, CLOSE_ON_EXEC); } /* diff -Nru postfix-2.9.3/src/oqmgr/qmgr_message.c postfix-2.9.6/src/oqmgr/qmgr_message.c --- postfix-2.9.3/src/oqmgr/qmgr_message.c 2010-07-24 22:50:03.000000000 +0200 +++ postfix-2.9.6/src/oqmgr/qmgr_message.c 2012-10-10 23:54:16.000000000 +0200 @@ -749,7 +749,7 @@ if (rec_type > 0) msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>", message->queue_id, dsn_orcpt); - myfree(orig_rcpt); + myfree(dsn_orcpt); } if (orig_rcpt != 0) { if (rec_type > 0) diff -Nru postfix-2.9.3/src/postconf/postconf_master.c postfix-2.9.6/src/postconf/postconf_master.c --- postfix-2.9.3/src/postconf/postconf_master.c 2012-01-21 22:11:38.000000000 +0100 +++ postfix-2.9.6/src/postconf/postconf_master.c 2012-12-31 22:23:52.000000000 +0100 @@ -74,6 +74,8 @@ { int field; char *arg; + char *cp; + char *junk; /* * Normalize options to simplify later processing. @@ -82,6 +84,16 @@ arg = argv->argv[field]; if (arg[0] != '-' || strcmp(arg, "--") == 0) break; + for (cp = arg + 1; *cp; cp++) { + if (*cp == 'o' && cp > arg + 1) { + /* Split "-stuffo" into "-stuff" and "-o". */ + junk = concatenate("-", cp, (char *) 0); + argv_insert_one(argv, field + 1, junk); + myfree(junk); + *cp = 0; + break; + } + } if (strncmp(arg, "-o", 2) == 0) { if (arg[2] != 0) { /* Split "-oname=value" into "-o" "name=value". */ diff -Nru postfix-2.9.3/src/smtpd/smtpd_sasl_proto.c postfix-2.9.6/src/smtpd/smtpd_sasl_proto.c --- postfix-2.9.3/src/smtpd/smtpd_sasl_proto.c 2011-12-19 02:22:45.000000000 +0100 +++ postfix-2.9.6/src/smtpd/smtpd_sasl_proto.c 2012-08-01 23:23:15.000000000 +0200 @@ -164,6 +164,12 @@ smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled"); return (-1); } +#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0) + if (IN_MAIL_TRANSACTION(state)) { + state->error_mask |= MAIL_ERROR_PROTOCOL; + smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress"); + return (-1); + } if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) { if (err[0] == '5') { state->error_mask |= MAIL_ERROR_POLICY; diff -Nru postfix-2.9.3/src/tls/Makefile.in postfix-2.9.6/src/tls/Makefile.in --- postfix-2.9.3/src/tls/Makefile.in 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/src/tls/Makefile.in 2013-03-02 12:33:11.000000000 +0100 @@ -317,6 +317,7 @@ tls_stream.o: tls.h tls_stream.o: tls_stream.c tls_verify.o: ../../include/argv.h +tls_verify.o: ../../include/mail_params.h tls_verify.o: ../../include/msg.h tls_verify.o: ../../include/mymalloc.h tls_verify.o: ../../include/name_code.h diff -Nru postfix-2.9.3/src/tls/tls_misc.c postfix-2.9.6/src/tls/tls_misc.c --- postfix-2.9.3/src/tls/tls_misc.c 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/src/tls/tls_misc.c 2013-03-02 12:33:11.000000000 +0100 @@ -17,6 +17,7 @@ /* int var_tls_daemon_rand_bytes; /* bool var_tls_append_def_CA; /* bool var_tls_preempt_clist; +/* bool var_tls_bc_pkey_fprint; /* /* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask) /* SSL_CTX *ssl_ctx; @@ -205,6 +206,7 @@ char *var_tls_eecdh_ultra; bool var_tls_append_def_CA; char *var_tls_bug_tweaks; +bool var_tls_bc_pkey_fprint; #ifdef VAR_TLS_PREEMPT_CLIST bool var_tls_preempt_clist; @@ -510,8 +512,10 @@ else include |= code = name_code(protocol_table, NAME_CODE_FLAG_NONE, tok); - if (code == TLS_PROTOCOL_INVALID) + if (code == TLS_PROTOCOL_INVALID) { + myfree(save); return TLS_PROTOCOL_INVALID; + } } myfree(save); @@ -546,6 +550,7 @@ }; static const CONFIG_BOOL_TABLE bool_table[] = { VAR_TLS_APPEND_DEF_CA, DEF_TLS_APPEND_DEF_CA, &var_tls_append_def_CA, + VAR_TLS_BC_PKEY_FPRINT, DEF_TLS_BC_PKEY_FPRINT, &var_tls_bc_pkey_fprint, #if OPENSSL_VERSION_NUMBER >= 0x0090700fL /* OpenSSL 0.9.7 and later */ VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist, #endif diff -Nru postfix-2.9.3/src/tls/tls_verify.c postfix-2.9.6/src/tls/tls_verify.c --- postfix-2.9.3/src/tls/tls_verify.c 2011-12-05 22:03:07.000000000 +0100 +++ postfix-2.9.6/src/tls/tls_verify.c 2013-02-03 20:49:54.000000000 +0100 @@ -23,6 +23,10 @@ /* X509 *peercert; /* const char *dgst; /* +/* char *tls_pkey_fprint(peercert, dgst) +/* X509 *peercert; +/* const char *dgst; +/* /* int tls_verify_certificate_callback(ok, ctx) /* int ok; /* X509_STORE_CTX *ctx; @@ -50,6 +54,11 @@ /* value is dynamically allocated with mymalloc(), and the caller /* must eventually free it with myfree(). /* +/* tls_pkey_fprint() returns a public-key fingerprint; in all +/* other respects the function behaves as tls_fingerprint(). +/* The var_tls_bc_pkey_fprint variable enables an incorrect +/* algorithm that was used in Postfix versions 2.9.[0-5]. +/* /* tls_verify_callback() is called several times (directly or /* indirectly) from crypto/x509/x509_vfy.c. It is called as /* a final check, and if it returns "0", the handshake is @@ -140,6 +149,10 @@ #include <mymalloc.h> #include <stringops.h> +/* Global library. */ + +#include <mail_params.h> + /* TLS library. */ #define TLS_INTERNAL @@ -490,14 +503,12 @@ return (cn ? cn : mystrdup("")); } -typedef int (*x509_dgst_cb) (const X509 *, const EVP_MD *, unsigned char *, unsigned int *); - -/* tls_fprint - extract cert or pkey fingerprint from certificate */ +/* tls_fprint - compute and encode digest of DER-encoded object */ -static char *tls_fprint(X509 *peercert, x509_dgst_cb x509_dgst, - const char *dgst) +static char *tls_fprint(const char *buf, int len, const char *dgst) { - const char *myname = "tls_fingerprint"; + const char *myname = "tls_fprint"; + EVP_MD_CTX *mdctx; const EVP_MD *md_alg; unsigned char md_buf[EVP_MAX_MD_SIZE]; unsigned int md_len; @@ -508,10 +519,12 @@ if ((md_alg = EVP_get_digestbyname(dgst)) == 0) msg_panic("%s: digest algorithm \"%s\" not found", myname, dgst); - /* Fails when serialization to ASN.1 runs out of memory */ - if (x509_dgst(peercert, md_alg, md_buf, &md_len) == 0) - msg_fatal("%s: error computing certificate %s digest (out of memory?)", - myname, dgst); + mdctx = EVP_MD_CTX_create(); + if (EVP_DigestInit_ex(mdctx, md_alg, NULL) == 0 + || EVP_DigestUpdate(mdctx, buf, len) == 0 + || EVP_DigestFinal_ex(mdctx, md_buf, &md_len) == 0) + msg_fatal("%s: error computing %s message digest", myname, dgst); + EVP_MD_CTX_destroy(mdctx); /* Check for OpenSSL contract violation */ if (md_len > EVP_MAX_MD_SIZE || md_len >= INT_MAX / 3) @@ -531,14 +544,55 @@ char *tls_fingerprint(X509 *peercert, const char *dgst) { - return (tls_fprint(peercert, X509_digest, dgst)); + int len; + char *buf; + char *buf2; + char *result; + + len = i2d_X509(peercert, NULL); + buf2 = buf = mymalloc(len); + i2d_X509(peercert, (unsigned char **)&buf2); + if (buf2 - buf != len) + msg_panic("i2d_X509 invalid result length"); + + result = tls_fprint(buf, len, dgst); + myfree(buf); + + return (result); } /* tls_pkey_fprint - extract public key fingerprint from certificate */ char *tls_pkey_fprint(X509 *peercert, const char *dgst) { - return (tls_fprint(peercert, X509_pubkey_digest, dgst)); + if (var_tls_bc_pkey_fprint) { + const char *myname = "tls_pkey_fprint"; + ASN1_BIT_STRING *key; + char *result; + + key = X509_get0_pubkey_bitstr(peercert); + if (key == 0) + msg_fatal("%s: error extracting legacy public-key fingerprint: %m", + myname); + + result = tls_fprint((char *) key->data, key->length, dgst); + return (result); + } else { + int len; + char *buf; + char *buf2; + char *result; + + len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), NULL); + buf2 = buf = mymalloc(len); + i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), (unsigned char **) &buf2); + if (buf2 - buf != len) + msg_panic("i2d_X509_PUBKEY invalid result length"); + + result = tls_fprint(buf, len, dgst); + myfree(buf); + return (result); + } } #endif diff -Nru postfix-2.9.3/src/util/exec_command.c postfix-2.9.6/src/util/exec_command.c --- postfix-2.9.3/src/util/exec_command.c 2005-01-19 02:22:18.000000000 +0100 +++ postfix-2.9.6/src/util/exec_command.c 2013-02-01 22:52:30.000000000 +0100 @@ -63,7 +63,8 @@ /* * See if this command contains any shell magic characters. */ - if (command[strspn(command, ok_chars)] == 0) { + if (command[strspn(command, ok_chars)] == 0 + && command[strspn(command, SPACE_TAB)] != 0) { /* * No shell meta characters found, so we can try to avoid the overhead diff -Nru postfix-2.9.3/src/util/ip_match.c postfix-2.9.6/src/util/ip_match.c --- postfix-2.9.3/src/util/ip_match.c 2011-01-18 22:35:17.000000000 +0100 +++ postfix-2.9.6/src/util/ip_match.c 2012-12-10 14:50:27.000000000 +0100 @@ -445,7 +445,7 @@ * Simplify this if we change to {} for wildcard notation. */ #define FIND_TERMINATOR(start, cp) do { \ - int _level = 1; \ + int _level = 0; \ for (cp = (start) ; *cp; cp++) { \ if (*cp == '[') _level++; \ if (*cp != ']') continue; \ diff -Nru postfix-2.9.3/src/util/ip_match.in postfix-2.9.6/src/util/ip_match.in --- postfix-2.9.3/src/util/ip_match.in 2011-01-18 22:36:34.000000000 +0100 +++ postfix-2.9.6/src/util/ip_match.in 2012-12-12 23:41:41.000000000 +0100 @@ -20,3 +20,7 @@ 1.2.3.4x 1.2.[3..11].5 1.2.3.5 1.2.2.5 1.2.11.5 1.2.12.5 1.2.11.6 1.2.[3;5;7;9;11].5 1.2.3.5 1.2.2.5 1.2.4.5 1.2.11.5 1.2.12.5 1.2.11.6 +[1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5 +[[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5 +[[1;2].3.4.5 +1;2].3.4.5 diff -Nru postfix-2.9.3/src/util/ip_match.ref postfix-2.9.6/src/util/ip_match.ref --- postfix-2.9.3/src/util/ip_match.ref 2011-01-18 22:36:34.000000000 +0100 +++ postfix-2.9.6/src/util/ip_match.ref 2012-12-12 23:41:47.000000000 +0100 @@ -53,3 +53,17 @@ Match 1.2.11.5: yes Match 1.2.12.5: no Match 1.2.11.6: no +> [1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5 +Code: [1;2].3.4.5 +Match 1.3.4.5: yes +Match 2.3.4.5: yes +Match 3.3.4.5: no +> [[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5 +Code: [1;2].3.4.5 +Match 1.3.4.5: yes +Match 2.3.4.5: yes +Match 3.3.4.5: no +> [[1;2].3.4.5 +Error: missing "]" character +> 1;2].3.4.5 +Error: need "." at "1>;<2].3.4.5" diff -Nru postfix-2.9.3/src/util/myaddrinfo.c postfix-2.9.6/src/util/myaddrinfo.c --- postfix-2.9.3/src/util/myaddrinfo.c 2011-02-01 21:04:28.000000000 +0100 +++ postfix-2.9.6/src/util/myaddrinfo.c 2012-10-31 22:21:03.000000000 +0100 @@ -78,6 +78,7 @@ /* into printable form. The result buffers should be large /* enough to hold the printable address or port including the /* null terminator. +/* This function strips off the IPv6 datalink suffix. /* /* sockaddr_to_hostname() converts a binary network address /* into a hostname or service. The result buffer should be @@ -202,6 +203,7 @@ #include <msg.h> #include <inet_proto.h> #include <myaddrinfo.h> +#include <split_at.h> /* Application-specific. */ @@ -607,16 +609,20 @@ } return (0); #else + int ret; /* * Native getnameinfo(3) version. */ - return (getnameinfo(sa, salen, - hostaddr ? hostaddr->buf : (char *) 0, - hostaddr ? sizeof(hostaddr->buf) : 0, - portnum ? portnum->buf : (char *) 0, - portnum ? sizeof(portnum->buf) : 0, - NI_NUMERICHOST | NI_NUMERICSERV)); + ret = getnameinfo(sa, salen, + hostaddr ? hostaddr->buf : (char *) 0, + hostaddr ? sizeof(hostaddr->buf) : 0, + portnum ? portnum->buf : (char *) 0, + portnum ? sizeof(portnum->buf) : 0, + NI_NUMERICHOST | NI_NUMERICSERV); + if (hostaddr != 0 && ret == 0 && sa->sa_family == AF_INET6) + (void) split_at(hostaddr->buf, '%'); + return (ret); #endif } diff -Nru postfix-2.9.3/src/util/sys_defs.h postfix-2.9.6/src/util/sys_defs.h --- postfix-2.9.3/src/util/sys_defs.h 2013-03-02 12:33:08.000000000 +0100 +++ postfix-2.9.6/src/util/sys_defs.h 2013-03-02 12:33:11.000000000 +0100 @@ -25,7 +25,7 @@ */ #if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \ || defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \ - || defined(FREEBSD8) \ + || defined(FREEBSD8) || defined(FREEBSD9) \ || defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \ || defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \ || defined(OPENBSD5) \ diff -Nru postfix-2.9.3/src/util/unix_pass_trigger.c postfix-2.9.6/src/util/unix_pass_trigger.c --- postfix-2.9.3/src/util/unix_pass_trigger.c 2011-01-10 01:43:52.000000000 +0100 +++ postfix-2.9.6/src/util/unix_pass_trigger.c 2012-06-21 15:41:58.000000000 +0200 @@ -63,7 +63,7 @@ struct unix_pass_trigger { int fd; char *service; - int *pair; + int pair[2]; }; /* unix_pass_trigger_event - disconnect from peer */ @@ -129,7 +129,8 @@ up = (struct unix_pass_trigger *) mymalloc(sizeof(*up)); up->fd = fd; up->service = mystrdup(service); - up->pair = pair; + up->pair[0] = pair[0]; + up->pair[1] = pair[1]; /* * Write the request...
20120621 Bugfix (introduced: Postfix 2.8): the unused "pass" trigger client could close the wrong file descriptors. File: util/unix_pass_trigger.c. 20120702 Bugfix (introduced: 19990127): the BIFF client leaked an unprivileged UDP socket. Fix by Jaroslav Skarvada. File: local/biff_notify.c. 20120730 Bugfix (introduced: 20000314): AUTH is not allowed after MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c. 20121003 Bugfix: the postscreen_access_list feature was case-sensitive in the first character of permit, reject, etc. Reported by Francis Picabia. File: global/server_acl.c. 20121010 Bugfix (introduced: Postfix 2.5): memory leak in program initialization. Reported by Coverity. File: tls/tls_misc.c. Bugfix (introduced: Postfix 2.3): memory leak in the unused oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c. 20121013 Cleanup: to compute the LDAP connection cache lookup key, join the numeric fields with null, just like string fields. Viktor Dukhovni. File: global/dict_ldap.c. 20121029 Workaround: strip datalink suffix from IPv6 addresses returned by the system getaddrinfo() routine. Such suffixes mess up the default mynetworks value, host name/address verification and possibly more. This change obsoletes the 20101108 change that removes datalink suffixes in the SMTP and QMQP servers, but we leave that code alone. File: util/myaddrinfo.c. 20121210 Bugfix (introduced: Postfix 2.9) nesting count error while stripping the optional [] around a DNS[BW]L address pattern. This part of the code is not documented and had escaped testing. Files: util/ip_match.c, util/ip_match.in, util/ip_match.ref. 20121230 Bugfix (omission in feature 20111106): the postconf(1) master.cf options parser didn't support "clusters" of command-line option letters. File: postconf/postconf_master.c, postconf/test40.ref. 20130131 Bugfix: the local(8) delivery agent dereferenced a null pointer while delivering to null command (for example, "|" in a .forward file). Reported by Gilles Chehade. 20130203 Bugfix: the undocumented OpenSSL X509_pubkey_digest() function is unsuitable for computing certificate PUBLIC KEY fingerprints. Postfix now provides a correct procedure that accounts for the algorithm and parameters in addition to the key data. Specify "tls_legacy_public_key_fingerprints = yes" if you need backwards compatibility. Fix by Victor Duchovni, BC added by Wietse. Files: tls/tls_verify.c, tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h. Bugfix: the 20121010 fix for tls_misc.c was documented but not included.
signature.asc
Description: This is a digitally signed message part.