Hi LaMont, Release Team, I've taken a look at this RC bug in Postfix. Looking at the diff between 2.9.3-2.1 (testing) and 2.9.6-1 (sid), t
I've attached the debdiff between testing and unstable removing changes to po files, documentation and tests. The changes for this bug are the majority, and the rest is isolated fixes for actual, welldocumented bugs (and the bulk of the documentation changes also relates to this bug as well). I've also attached the relevant HISTORY entries describing the changes between the versions. The only complication I see is the inadvertent maintainer address change: already reported as #699877. I've known the Postfix stable releases to be of high quality and bugfix only. Much like the PostgresQL microreleases we accept into stable. Therefore, I propose that LaMont fixes the maintainer address bug in unstable (which is already pending according to the bug), after which the release team decides whether this can be unblocked. Is this a feasible approach? Cheers, Thijs
diff -Nru postfix-2.9.3/debian/init.d postfix-2.9.6/debian/init.d
--- postfix-2.9.3/debian/init.d 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/debian/init.d 2013-03-02 12:33:11.000000000 +0100
@@ -156,12 +156,12 @@
if [ -f ${file} ]; then chmod a+rX ${file}; fi
done
# ldaps needs this. debian bug 572841
- echo -e /dev/random\\n/dev/urandom | cpio -pdL --quiet . 2>/dev/null || true
+ (echo /dev/random; echo /dev/urandom) | cpio -pdL --quiet . 2>/dev/null || true
rm -f usr/lib/zoneinfo/localtime
mkdir -p usr/lib/zoneinfo
ln -sf /etc/localtime usr/lib/zoneinfo/localtime
- LIBLIST=$(for name in gcc_s nss; do
+ LIBLIST=$(for name in gcc_s nss resolv; do
for f in /lib/*/lib${name}*.so* /lib/lib${name}*.so*; do
if [ -f "$f" ]; then echo ${f#/}; fi;
done;
diff -Nru postfix-2.9.3/debian/rules postfix-2.9.6/debian/rules
--- postfix-2.9.3/debian/rules 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/debian/rules 2013-03-02 12:33:11.000000000 +0100
@@ -46,7 +46,7 @@
endif
CCARGS=-DDEBIAN -DMAX_DYNAMIC_MAPS -DHAS_PCRE -DHAS_LDAP -DHAS_SQLITE \
- -DMYORIGIN_FROM_FILE -DNO_NIS \
+ -DMYORIGIN_FROM_FILE \
$(shell getconf LFS_CFLAGS) \
-DHAS_CDB \
-DHAS_MYSQL -I/usr/include/mysql \
@@ -158,7 +158,7 @@
install -m 0444 debian/lintian-override ${base}/usr/share/lintian/overrides/${package}
if dpkg-vendor --is ubuntu; then \
- install -m 644 -D debian/postfix.apport debian/bind9/usr/share/apport/package-hooks/postfix.py; \
+ install -m 644 -D debian/postfix.apport ${base}/usr/share/apport/package-hooks/postfix.py; \
fi
debian/vars:
diff -Nru postfix-2.9.3/makedefs postfix-2.9.6/makedefs
--- postfix-2.9.3/makedefs 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/makedefs 2013-03-02 12:33:11.000000000 +0100
@@ -153,6 +153,8 @@
;;
FreeBSD.8*) SYSTYPE=FREEBSD8
;;
+ FreeBSD.9*) SYSTYPE=FREEBSD9
+ ;;
OpenBSD.2*) SYSTYPE=OPENBSD2
;;
OpenBSD.3*) SYSTYPE=OPENBSD3
diff -Nru postfix-2.9.3/src/global/dict_ldap.c postfix-2.9.6/src/global/dict_ldap.c
--- postfix-2.9.3/src/global/dict_ldap.c 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/src/global/dict_ldap.c 2013-03-02 12:33:11.000000000 +0100
@@ -930,8 +930,11 @@
#endif
LDAP_CONN *conn;
+ /*
+ * Join key fields with null characters.
+ */
#define ADDSTR(vp, s) vstring_memcat((vp), (s), strlen((s))+1)
-#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu", (unsigned long)(i))
+#define ADDINT(vp, i) vstring_sprintf_append((vp), "%lu%c", (unsigned long)(i), 0)
ADDSTR(keybuf, dict_ldap->server_host);
ADDINT(keybuf, dict_ldap->server_port);
diff -Nru postfix-2.9.3/src/global/mail_dict.c postfix-2.9.6/src/global/mail_dict.c
--- postfix-2.9.3/src/global/mail_dict.c 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/src/global/mail_dict.c 2013-03-02 12:33:11.000000000 +0100
@@ -60,8 +60,8 @@
#ifdef HAS_SQLITE
DICT_TYPE_SQLITE, dict_sqlite_open,
#endif
- DICT_TYPE_MEMCACHE, dict_memcache_open,
#endif /* MAX_DYNAMIC_MAPS */
+ DICT_TYPE_MEMCACHE, dict_memcache_open,
0,
};
diff -Nru postfix-2.9.3/src/global/mail_params.h postfix-2.9.6/src/global/mail_params.h
--- postfix-2.9.3/src/global/mail_params.h 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/src/global/mail_params.h 2013-03-02 12:33:11.000000000 +0100
@@ -3034,6 +3034,10 @@
#define DEF_TLS_BUG_TWEAKS TLS_BUG_TWEAKS
extern char *var_tls_bug_tweaks;
+#define VAR_TLS_BC_PKEY_FPRINT "tls_legacy_public_key_fingerprints"
+#define DEF_TLS_BC_PKEY_FPRINT 0
+extern bool var_tls_bc_pkey_fprint;
+
/*
* Sendmail-style mail filter support.
*/
diff -Nru postfix-2.9.3/src/global/mail_version.h postfix-2.9.6/src/global/mail_version.h
--- postfix-2.9.3/src/global/mail_version.h 2012-05-21 00:24:22.000000000 +0200
+++ postfix-2.9.6/src/global/mail_version.h 2013-02-03 21:46:53.000000000 +0100
@@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20120520"
-#define MAIL_VERSION_NUMBER "2.9.3"
+#define MAIL_RELEASE_DATE "20130203"
+#define MAIL_VERSION_NUMBER "2.9.6"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -Nru postfix-2.9.3/src/global/server_acl.c postfix-2.9.6/src/global/server_acl.c
--- postfix-2.9.3/src/global/server_acl.c 2011-12-24 03:13:31.000000000 +0100
+++ postfix-2.9.6/src/global/server_acl.c 2012-10-03 16:04:58.000000000 +0200
@@ -112,8 +112,8 @@
char *bp = saved_acl;
char *acl;
-#define STREQ(x,y) ((*x) == (*y) && strcasecmp((x), (y)) == 0)
-#define STRNE(x,y) ((*x) != (*y) || strcasecmp((x), (y)) != 0)
+#define STREQ(x,y) (strcasecmp((x), (y)) == 0)
+#define STRNE(x,y) (strcasecmp((x), (y)) != 0)
/*
* Nested tables are not allowed. Tables are opened before entering the
diff -Nru postfix-2.9.3/src/local/biff_notify.c postfix-2.9.6/src/local/biff_notify.c
--- postfix-2.9.3/src/local/biff_notify.c 2005-07-13 22:46:18.000000000 +0200
+++ postfix-2.9.6/src/local/biff_notify.c 2012-07-05 18:56:30.000000000 +0200
@@ -43,6 +43,7 @@
/* Utility library. */
#include <msg.h>
+#include <iostuff.h>
/* Application-specific. */
@@ -81,9 +82,12 @@
/*
* Open a socket, or re-use an existing one.
*/
- if (sock < 0 && (sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
- msg_warn("socket: %m");
- return;
+ if (sock < 0) {
+ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ msg_warn("socket: %m");
+ return;
+ }
+ close_on_exec(sock, CLOSE_ON_EXEC);
}
/*
diff -Nru postfix-2.9.3/src/oqmgr/qmgr_message.c postfix-2.9.6/src/oqmgr/qmgr_message.c
--- postfix-2.9.3/src/oqmgr/qmgr_message.c 2010-07-24 22:50:03.000000000 +0200
+++ postfix-2.9.6/src/oqmgr/qmgr_message.c 2012-10-10 23:54:16.000000000 +0200
@@ -749,7 +749,7 @@
if (rec_type > 0)
msg_warn("%s: ignoring out-of-order DSN original recipient <%.200s>",
message->queue_id, dsn_orcpt);
- myfree(orig_rcpt);
+ myfree(dsn_orcpt);
}
if (orig_rcpt != 0) {
if (rec_type > 0)
diff -Nru postfix-2.9.3/src/postconf/postconf_master.c postfix-2.9.6/src/postconf/postconf_master.c
--- postfix-2.9.3/src/postconf/postconf_master.c 2012-01-21 22:11:38.000000000 +0100
+++ postfix-2.9.6/src/postconf/postconf_master.c 2012-12-31 22:23:52.000000000 +0100
@@ -74,6 +74,8 @@
{
int field;
char *arg;
+ char *cp;
+ char *junk;
/*
* Normalize options to simplify later processing.
@@ -82,6 +84,16 @@
arg = argv->argv[field];
if (arg[0] != '-' || strcmp(arg, "--") == 0)
break;
+ for (cp = arg + 1; *cp; cp++) {
+ if (*cp == 'o' && cp > arg + 1) {
+ /* Split "-stuffo" into "-stuff" and "-o". */
+ junk = concatenate("-", cp, (char *) 0);
+ argv_insert_one(argv, field + 1, junk);
+ myfree(junk);
+ *cp = 0;
+ break;
+ }
+ }
if (strncmp(arg, "-o", 2) == 0) {
if (arg[2] != 0) {
/* Split "-oname=value" into "-o" "name=value". */
diff -Nru postfix-2.9.3/src/smtpd/smtpd_sasl_proto.c postfix-2.9.6/src/smtpd/smtpd_sasl_proto.c
--- postfix-2.9.3/src/smtpd/smtpd_sasl_proto.c 2011-12-19 02:22:45.000000000 +0100
+++ postfix-2.9.6/src/smtpd/smtpd_sasl_proto.c 2012-08-01 23:23:15.000000000 +0200
@@ -164,6 +164,12 @@
smtpd_chat_reply(state, "503 5.5.1 Error: authentication not enabled");
return (-1);
}
+#define IN_MAIL_TRANSACTION(state) ((state)->sender != 0)
+ if (IN_MAIL_TRANSACTION(state)) {
+ state->error_mask |= MAIL_ERROR_PROTOCOL;
+ smtpd_chat_reply(state, "503 5.5.1 Error: MAIL transaction in progress");
+ return (-1);
+ }
if (smtpd_milters != 0 && (err = milter_other_event(smtpd_milters)) != 0) {
if (err[0] == '5') {
state->error_mask |= MAIL_ERROR_POLICY;
diff -Nru postfix-2.9.3/src/tls/Makefile.in postfix-2.9.6/src/tls/Makefile.in
--- postfix-2.9.3/src/tls/Makefile.in 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/src/tls/Makefile.in 2013-03-02 12:33:11.000000000 +0100
@@ -317,6 +317,7 @@
tls_stream.o: tls.h
tls_stream.o: tls_stream.c
tls_verify.o: ../../include/argv.h
+tls_verify.o: ../../include/mail_params.h
tls_verify.o: ../../include/msg.h
tls_verify.o: ../../include/mymalloc.h
tls_verify.o: ../../include/name_code.h
diff -Nru postfix-2.9.3/src/tls/tls_misc.c postfix-2.9.6/src/tls/tls_misc.c
--- postfix-2.9.3/src/tls/tls_misc.c 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/src/tls/tls_misc.c 2013-03-02 12:33:11.000000000 +0100
@@ -17,6 +17,7 @@
/* int var_tls_daemon_rand_bytes;
/* bool var_tls_append_def_CA;
/* bool var_tls_preempt_clist;
+/* bool var_tls_bc_pkey_fprint;
/*
/* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
/* SSL_CTX *ssl_ctx;
@@ -205,6 +206,7 @@
char *var_tls_eecdh_ultra;
bool var_tls_append_def_CA;
char *var_tls_bug_tweaks;
+bool var_tls_bc_pkey_fprint;
#ifdef VAR_TLS_PREEMPT_CLIST
bool var_tls_preempt_clist;
@@ -510,8 +512,10 @@
else
include |= code =
name_code(protocol_table, NAME_CODE_FLAG_NONE, tok);
- if (code == TLS_PROTOCOL_INVALID)
+ if (code == TLS_PROTOCOL_INVALID) {
+ myfree(save);
return TLS_PROTOCOL_INVALID;
+ }
}
myfree(save);
@@ -546,6 +550,7 @@
};
static const CONFIG_BOOL_TABLE bool_table[] = {
VAR_TLS_APPEND_DEF_CA, DEF_TLS_APPEND_DEF_CA, &var_tls_append_def_CA,
+ VAR_TLS_BC_PKEY_FPRINT, DEF_TLS_BC_PKEY_FPRINT, &var_tls_bc_pkey_fprint,
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL /* OpenSSL 0.9.7 and later */
VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist,
#endif
diff -Nru postfix-2.9.3/src/tls/tls_verify.c postfix-2.9.6/src/tls/tls_verify.c
--- postfix-2.9.3/src/tls/tls_verify.c 2011-12-05 22:03:07.000000000 +0100
+++ postfix-2.9.6/src/tls/tls_verify.c 2013-02-03 20:49:54.000000000 +0100
@@ -23,6 +23,10 @@
/* X509 *peercert;
/* const char *dgst;
/*
+/* char *tls_pkey_fprint(peercert, dgst)
+/* X509 *peercert;
+/* const char *dgst;
+/*
/* int tls_verify_certificate_callback(ok, ctx)
/* int ok;
/* X509_STORE_CTX *ctx;
@@ -50,6 +54,11 @@
/* value is dynamically allocated with mymalloc(), and the caller
/* must eventually free it with myfree().
/*
+/* tls_pkey_fprint() returns a public-key fingerprint; in all
+/* other respects the function behaves as tls_fingerprint().
+/* The var_tls_bc_pkey_fprint variable enables an incorrect
+/* algorithm that was used in Postfix versions 2.9.[0-5].
+/*
/* tls_verify_callback() is called several times (directly or
/* indirectly) from crypto/x509/x509_vfy.c. It is called as
/* a final check, and if it returns "0", the handshake is
@@ -140,6 +149,10 @@
#include <mymalloc.h>
#include <stringops.h>
+/* Global library. */
+
+#include <mail_params.h>
+
/* TLS library. */
#define TLS_INTERNAL
@@ -490,14 +503,12 @@
return (cn ? cn : mystrdup(""));
}
-typedef int (*x509_dgst_cb) (const X509 *, const EVP_MD *, unsigned char *, unsigned int *);
-
-/* tls_fprint - extract cert or pkey fingerprint from certificate */
+/* tls_fprint - compute and encode digest of DER-encoded object */
-static char *tls_fprint(X509 *peercert, x509_dgst_cb x509_dgst,
- const char *dgst)
+static char *tls_fprint(const char *buf, int len, const char *dgst)
{
- const char *myname = "tls_fingerprint";
+ const char *myname = "tls_fprint";
+ EVP_MD_CTX *mdctx;
const EVP_MD *md_alg;
unsigned char md_buf[EVP_MAX_MD_SIZE];
unsigned int md_len;
@@ -508,10 +519,12 @@
if ((md_alg = EVP_get_digestbyname(dgst)) == 0)
msg_panic("%s: digest algorithm \"%s\" not found", myname, dgst);
- /* Fails when serialization to ASN.1 runs out of memory */
- if (x509_dgst(peercert, md_alg, md_buf, &md_len) == 0)
- msg_fatal("%s: error computing certificate %s digest (out of memory?)",
- myname, dgst);
+ mdctx = EVP_MD_CTX_create();
+ if (EVP_DigestInit_ex(mdctx, md_alg, NULL) == 0
+ || EVP_DigestUpdate(mdctx, buf, len) == 0
+ || EVP_DigestFinal_ex(mdctx, md_buf, &md_len) == 0)
+ msg_fatal("%s: error computing %s message digest", myname, dgst);
+ EVP_MD_CTX_destroy(mdctx);
/* Check for OpenSSL contract violation */
if (md_len > EVP_MAX_MD_SIZE || md_len >= INT_MAX / 3)
@@ -531,14 +544,55 @@
char *tls_fingerprint(X509 *peercert, const char *dgst)
{
- return (tls_fprint(peercert, X509_digest, dgst));
+ int len;
+ char *buf;
+ char *buf2;
+ char *result;
+
+ len = i2d_X509(peercert, NULL);
+ buf2 = buf = mymalloc(len);
+ i2d_X509(peercert, (unsigned char **)&buf2);
+ if (buf2 - buf != len)
+ msg_panic("i2d_X509 invalid result length");
+
+ result = tls_fprint(buf, len, dgst);
+ myfree(buf);
+
+ return (result);
}
/* tls_pkey_fprint - extract public key fingerprint from certificate */
char *tls_pkey_fprint(X509 *peercert, const char *dgst)
{
- return (tls_fprint(peercert, X509_pubkey_digest, dgst));
+ if (var_tls_bc_pkey_fprint) {
+ const char *myname = "tls_pkey_fprint";
+ ASN1_BIT_STRING *key;
+ char *result;
+
+ key = X509_get0_pubkey_bitstr(peercert);
+ if (key == 0)
+ msg_fatal("%s: error extracting legacy public-key fingerprint: %m",
+ myname);
+
+ result = tls_fprint((char *) key->data, key->length, dgst);
+ return (result);
+ } else {
+ int len;
+ char *buf;
+ char *buf2;
+ char *result;
+
+ len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), NULL);
+ buf2 = buf = mymalloc(len);
+ i2d_X509_PUBKEY(X509_get_X509_PUBKEY(peercert), (unsigned char **) &buf2);
+ if (buf2 - buf != len)
+ msg_panic("i2d_X509_PUBKEY invalid result length");
+
+ result = tls_fprint(buf, len, dgst);
+ myfree(buf);
+ return (result);
+ }
}
#endif
diff -Nru postfix-2.9.3/src/util/exec_command.c postfix-2.9.6/src/util/exec_command.c
--- postfix-2.9.3/src/util/exec_command.c 2005-01-19 02:22:18.000000000 +0100
+++ postfix-2.9.6/src/util/exec_command.c 2013-02-01 22:52:30.000000000 +0100
@@ -63,7 +63,8 @@
/*
* See if this command contains any shell magic characters.
*/
- if (command[strspn(command, ok_chars)] == 0) {
+ if (command[strspn(command, ok_chars)] == 0
+ && command[strspn(command, SPACE_TAB)] != 0) {
/*
* No shell meta characters found, so we can try to avoid the overhead
diff -Nru postfix-2.9.3/src/util/ip_match.c postfix-2.9.6/src/util/ip_match.c
--- postfix-2.9.3/src/util/ip_match.c 2011-01-18 22:35:17.000000000 +0100
+++ postfix-2.9.6/src/util/ip_match.c 2012-12-10 14:50:27.000000000 +0100
@@ -445,7 +445,7 @@
* Simplify this if we change to {} for wildcard notation.
*/
#define FIND_TERMINATOR(start, cp) do { \
- int _level = 1; \
+ int _level = 0; \
for (cp = (start) ; *cp; cp++) { \
if (*cp == '[') _level++; \
if (*cp != ']') continue; \
diff -Nru postfix-2.9.3/src/util/ip_match.in postfix-2.9.6/src/util/ip_match.in
--- postfix-2.9.3/src/util/ip_match.in 2011-01-18 22:36:34.000000000 +0100
+++ postfix-2.9.6/src/util/ip_match.in 2012-12-12 23:41:41.000000000 +0100
@@ -20,3 +20,7 @@
1.2.3.4x
1.2.[3..11].5 1.2.3.5 1.2.2.5 1.2.11.5 1.2.12.5 1.2.11.6
1.2.[3;5;7;9;11].5 1.2.3.5 1.2.2.5 1.2.4.5 1.2.11.5 1.2.12.5 1.2.11.6
+[1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5
+[[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5
+[[1;2].3.4.5
+1;2].3.4.5
diff -Nru postfix-2.9.3/src/util/ip_match.ref postfix-2.9.6/src/util/ip_match.ref
--- postfix-2.9.3/src/util/ip_match.ref 2011-01-18 22:36:34.000000000 +0100
+++ postfix-2.9.6/src/util/ip_match.ref 2012-12-12 23:41:47.000000000 +0100
@@ -53,3 +53,17 @@
Match 1.2.11.5: yes
Match 1.2.12.5: no
Match 1.2.11.6: no
+> [1;2].3.4.5 1.3.4.5 2.3.4.5 3.3.4.5
+Code: [1;2].3.4.5
+Match 1.3.4.5: yes
+Match 2.3.4.5: yes
+Match 3.3.4.5: no
+> [[1;2].3.4.5] 1.3.4.5 2.3.4.5 3.3.4.5
+Code: [1;2].3.4.5
+Match 1.3.4.5: yes
+Match 2.3.4.5: yes
+Match 3.3.4.5: no
+> [[1;2].3.4.5
+Error: missing "]" character
+> 1;2].3.4.5
+Error: need "." at "1>;<2].3.4.5"
diff -Nru postfix-2.9.3/src/util/myaddrinfo.c postfix-2.9.6/src/util/myaddrinfo.c
--- postfix-2.9.3/src/util/myaddrinfo.c 2011-02-01 21:04:28.000000000 +0100
+++ postfix-2.9.6/src/util/myaddrinfo.c 2012-10-31 22:21:03.000000000 +0100
@@ -78,6 +78,7 @@
/* into printable form. The result buffers should be large
/* enough to hold the printable address or port including the
/* null terminator.
+/* This function strips off the IPv6 datalink suffix.
/*
/* sockaddr_to_hostname() converts a binary network address
/* into a hostname or service. The result buffer should be
@@ -202,6 +203,7 @@
#include <msg.h>
#include <inet_proto.h>
#include <myaddrinfo.h>
+#include <split_at.h>
/* Application-specific. */
@@ -607,16 +609,20 @@
}
return (0);
#else
+ int ret;
/*
* Native getnameinfo(3) version.
*/
- return (getnameinfo(sa, salen,
- hostaddr ? hostaddr->buf : (char *) 0,
- hostaddr ? sizeof(hostaddr->buf) : 0,
- portnum ? portnum->buf : (char *) 0,
- portnum ? sizeof(portnum->buf) : 0,
- NI_NUMERICHOST | NI_NUMERICSERV));
+ ret = getnameinfo(sa, salen,
+ hostaddr ? hostaddr->buf : (char *) 0,
+ hostaddr ? sizeof(hostaddr->buf) : 0,
+ portnum ? portnum->buf : (char *) 0,
+ portnum ? sizeof(portnum->buf) : 0,
+ NI_NUMERICHOST | NI_NUMERICSERV);
+ if (hostaddr != 0 && ret == 0 && sa->sa_family == AF_INET6)
+ (void) split_at(hostaddr->buf, '%');
+ return (ret);
#endif
}
diff -Nru postfix-2.9.3/src/util/sys_defs.h postfix-2.9.6/src/util/sys_defs.h
--- postfix-2.9.3/src/util/sys_defs.h 2013-03-02 12:33:08.000000000 +0100
+++ postfix-2.9.6/src/util/sys_defs.h 2013-03-02 12:33:11.000000000 +0100
@@ -25,7 +25,7 @@
*/
#if defined(FREEBSD2) || defined(FREEBSD3) || defined(FREEBSD4) \
|| defined(FREEBSD5) || defined(FREEBSD6) || defined(FREEBSD7) \
- || defined(FREEBSD8) \
+ || defined(FREEBSD8) || defined(FREEBSD9) \
|| defined(BSDI2) || defined(BSDI3) || defined(BSDI4) \
|| defined(OPENBSD2) || defined(OPENBSD3) || defined(OPENBSD4) \
|| defined(OPENBSD5) \
diff -Nru postfix-2.9.3/src/util/unix_pass_trigger.c postfix-2.9.6/src/util/unix_pass_trigger.c
--- postfix-2.9.3/src/util/unix_pass_trigger.c 2011-01-10 01:43:52.000000000 +0100
+++ postfix-2.9.6/src/util/unix_pass_trigger.c 2012-06-21 15:41:58.000000000 +0200
@@ -63,7 +63,7 @@
struct unix_pass_trigger {
int fd;
char *service;
- int *pair;
+ int pair[2];
};
/* unix_pass_trigger_event - disconnect from peer */
@@ -129,7 +129,8 @@
up = (struct unix_pass_trigger *) mymalloc(sizeof(*up));
up->fd = fd;
up->service = mystrdup(service);
- up->pair = pair;
+ up->pair[0] = pair[0];
+ up->pair[1] = pair[1];
/*
* Write the request...
20120621
Bugfix (introduced: Postfix 2.8): the unused "pass" trigger
client could close the wrong file descriptors. File:
util/unix_pass_trigger.c.
20120702
Bugfix (introduced: 19990127): the BIFF client leaked an
unprivileged UDP socket. Fix by Jaroslav Skarvada. File:
local/biff_notify.c.
20120730
Bugfix (introduced: 20000314): AUTH is not allowed after
MAIL. Timo Sirainen. File: smtpd/smtpd_sasl_proto.c.
20121003
Bugfix: the postscreen_access_list feature was case-sensitive
in the first character of permit, reject, etc. Reported by
Francis Picabia. File: global/server_acl.c.
20121010
Bugfix (introduced: Postfix 2.5): memory leak in program
initialization. Reported by Coverity. File: tls/tls_misc.c.
Bugfix (introduced: Postfix 2.3): memory leak in the unused
oqmgr program. Reported by Coverity. File: oqmgr/qmgr_message.c.
20121013
Cleanup: to compute the LDAP connection cache lookup key,
join the numeric fields with null, just like string fields.
Viktor Dukhovni. File: global/dict_ldap.c.
20121029
Workaround: strip datalink suffix from IPv6 addresses
returned by the system getaddrinfo() routine. Such suffixes
mess up the default mynetworks value, host name/address
verification and possibly more. This change obsoletes the
20101108 change that removes datalink suffixes in the SMTP
and QMQP servers, but we leave that code alone. File:
util/myaddrinfo.c.
20121210
Bugfix (introduced: Postfix 2.9) nesting count error while
stripping the optional [] around a DNS[BW]L address pattern.
This part of the code is not documented and had escaped
testing. Files: util/ip_match.c, util/ip_match.in,
util/ip_match.ref.
20121230
Bugfix (omission in feature 20111106): the postconf(1)
master.cf options parser didn't support "clusters" of
command-line option letters. File: postconf/postconf_master.c,
postconf/test40.ref.
20130131
Bugfix: the local(8) delivery agent dereferenced a null
pointer while delivering to null command (for example, "|"
in a .forward file). Reported by Gilles Chehade.
20130203
Bugfix: the undocumented OpenSSL X509_pubkey_digest()
function is unsuitable for computing certificate PUBLIC KEY
fingerprints. Postfix now provides a correct procedure
that accounts for the algorithm and parameters in addition
to the key data. Specify "tls_legacy_public_key_fingerprints
= yes" if you need backwards compatibility. Fix by Victor
Duchovni, BC added by Wietse. Files: tls/tls_verify.c,
tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.
Bugfix: the 20121010 fix for tls_misc.c was documented but
not included.
signature.asc
Description: This is a digitally signed message part.
