commit postfix for openSUSE:Factory

Fri, 23 Jun 2017 00:18:08 -0700 

Hello community,

here is the log from the commit of package postfix for openSUSE:Factory checked 
in at 2017-06-23 09:17:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/postfix (Old)
 and      /work/SRC/openSUSE:Factory/.postfix.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "postfix"

Fri Jun 23 09:17:04 2017 rev:144 rq:504273 version:3.2.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/postfix/postfix.changes  2017-06-13 
16:08:31.159176603 +0200
+++ /work/SRC/openSUSE:Factory/.postfix.new/postfix.changes     2017-06-23 
09:17:13.960033505 +0200
@@ -1,0 +2,22 @@
+Fri Jun 16 17:45:55 UTC 2017 - [email protected]
+
+- update to 3.2.2
+  * Security: Berkeley DB versions 2 and later try to read settings
+    from a file DB_CONFIG in the current directory. This undocumented
+    feature may introduce undisclosed vulnerabilities resulting in
+    privilege escalation with Postfix set-gid programs (postdrop,
+    postqueue) before they chdir to the Postfix queue directory,
+    and with the postmap and postalias commands depending on whether
+    the user's current directory is writable by other users. This
+    fix does not change Postfix behavior for Berkeley DB versions
+    < 3, but it does reduce postmap and postalias 'create' performance
+    with Berkeley DB versions 3.0 .. 4.6.
+  * The SMTP server receive_override_options were not restored at
+    the end of an SMTP session, after the options were modified by
+    an smtpd_milter_maps setting of "DISABLE". Milter support
+    remained disabled for the life time of the smtpd process.
+  * After the Postfix 3.2 address/domain table lookup overhaul, the
+    check_sender_access and check_recipient_access features ignored
+    a non-default parent_domain_matches_subdomains setting.
+
+-------------------------------------------------------------------

Old:
----
  postfix-3.2.0.tar.gz

New:
----
  postfix-3.2.2.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ postfix.spec ++++++
--- /var/tmp/diff_new_pack.d3ePnA/_old  2017-06-23 09:17:14.963891660 +0200
+++ /var/tmp/diff_new_pack.d3ePnA/_new  2017-06-23 09:17:14.967891095 +0200
@@ -59,7 +59,7 @@
 %define         _unitdir /lib/systemd
 %endif
 Name:           postfix
-Version:        3.2.0
+Version:        3.2.2
 Release:        0
 Summary:        A fast, secure, and flexible mailer
 License:        IPL-1.0

++++++ postfix-3.2.0.tar.gz -> postfix-3.2.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/HISTORY new/postfix-3.2.2/HISTORY
--- old/postfix-3.2.0/HISTORY   2017-02-19 03:08:40.000000000 +0100
+++ new/postfix-3.2.2/HISTORY   2017-06-13 19:30:40.000000000 +0200
@@ -22923,7 +22923,7 @@
 
 20170206
 
-       Bugfix (introduced: Postfix 3.0): when check_mumble_a_access
+       Bugfix (introduced: Postfix 3.0): check_mumble_a_access
        did not handle [ipaddress], unlike check_mumble_mx_access.
        When check_mumble_a_access was introduced, some condition
        was not updated.  Reported by James (postfix_tracker). File:
@@ -22940,5 +22940,55 @@
 20170218
 
        Cleanup: typofixes from klemens. The only change in compiled
-       code is in one identical mysql error message that also
-       appears in the pgsql client.  Files: about 50.
+       code is in one mysql error message that also appears in the
+       pgsql client. Files: about 50.
+
+20170221
+
+       Compatibility fix (introduced: Postfix 3.1): some Milter
+       applications do not recognize macros sent as {name} when
+       macros have single-character names. Postfix now sends such
+       macros without {} as it has done historically. Viktor
+       Dukhovni. File: milter/milter.c.
+
+20170402
+
+       Bugfix (introduced: Postfix 3.2): restore the SMTP server
+       receive override options at the end of an SMTP session,
+       after the options may have been modified by an smtpd_milter_maps
+       setting of "DISABLE". Problem report by Christian Rößner,
+       root cause analysis by Viktor Dukhovni. File: smtpd/smtpd.c.
+
+20170430
+
+       Safety net: append a null byte to vstring buffers, so that
+       C-style string operations won't scribble past the end. File:
+       vstring.c.
+
+20170531
+
+       Bugfix (introduced: Postfix 3.2): after the table lookup
+       overhaul, the check_sender_access and check_recipient_access
+       features ignored the parent_domain_matches_subdomains
+       setting. Reported by Henrik Larsson. File: smtpd/smtpd_check.c.
+
+20170610
+
+       Workaround (introduced: Postfix 3.0 20140718): prevent MIME
+       downgrade of Postfix-generated message/delivery status.
+       It's supposed to be 7bit, therefore quoted-printable encoding
+       is not expected. Problem reported by Griff. File:
+       bounce/bounce_notify_util.c.
+
+20170611
+
+       Security: Berkeley DB 2 and later try to read settings from
+       a file DB_CONFIG in the current directory.  This undocumented
+       feature may introduce undisclosed vulnerabilities resulting
+       in privilege escalation with Postfix set-gid programs
+       (postdrop, postqueue) before they chdir to the Postfix queue
+       directory, and with the postmap and postalias commands
+       depending on whether the user's current directory is writable
+       by other users. This fix does not change Postfix behavior
+       for Berkeley DB < 3, but reduces file create performance
+       for Berkeley DB 3 .. 4.6.  File: util/dict_db.c.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/INSTALL new/postfix-3.2.2/INSTALL
--- old/postfix-3.2.0/INSTALL   2016-12-18 00:22:25.000000000 +0100
+++ new/postfix-3.2.2/INSTALL   2017-05-03 01:24:43.000000000 +0200
@@ -612,7 +612,7 @@
 |_______________________________|_____________________________________________|
 |                              |Specifies options for the postfix-install    |
 |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, |
-|                              |the only supported option is "-keep-new-     |
+|                              |the only supported option is "-keep-build-   |
 |                              |mtime".                                      |
 |_______________________________|_____________________________________________|
 |                              |Specifies non-default compiler options for   |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/README_FILES/INSTALL 
new/postfix-3.2.2/README_FILES/INSTALL
--- old/postfix-3.2.0/README_FILES/INSTALL      2016-12-18 00:22:24.000000000 
+0100
+++ new/postfix-3.2.2/README_FILES/INSTALL      2017-05-03 01:24:43.000000000 
+0200
@@ -612,7 +612,7 @@
 |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 |                               |Specifies options for the postfix-install    |
 |POSTFIX_INSTALL_OPTS=-option...|command, separated by whitespace. Currently, |
-|                               |the only supported option is "-keep-new-     |
+|                               |the only supported option is "-keep-build-   |
 |                               |mtime".                                      |
 |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
 |                               |Specifies non-default compiler options for   |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/html/INSTALL.html 
new/postfix-3.2.2/html/INSTALL.html
--- old/postfix-3.2.0/html/INSTALL.html 2016-12-18 00:22:21.000000000 +0100
+++ new/postfix-3.2.2/html/INSTALL.html 2017-05-03 01:24:43.000000000 +0200
@@ -883,7 +883,7 @@
 <tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
 Specifies options for the <tt>postfix-install</tt> command, separated
 by whitespace. Currently, the only supported option is
-"<tt>-keep-new-mtime</tt>". </td> </tr>
+"<tt>-keep-build-mtime</tt>". </td> </tr>
 
 <tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
 non-default compiler options for building Postfix dynamically-linked
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/proto/INSTALL.html 
new/postfix-3.2.2/proto/INSTALL.html
--- old/postfix-3.2.0/proto/INSTALL.html        2016-12-11 20:03:42.000000000 
+0100
+++ new/postfix-3.2.2/proto/INSTALL.html        2017-03-02 12:38:26.000000000 
+0100
@@ -883,7 +883,7 @@
 <tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
 Specifies options for the <tt>postfix-install</tt> command, separated
 by whitespace. Currently, the only supported option is
-"<tt>-keep-new-mtime</tt>". </td> </tr>
+"<tt>-keep-build-mtime</tt>". </td> </tr>
 
 <tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
 non-default compiler options for building Postfix dynamically-linked
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/bounce/bounce_notify_util.c 
new/postfix-3.2.2/src/bounce/bounce_notify_util.c
--- old/postfix-3.2.0/src/bounce/bounce_notify_util.c   2015-01-26 
21:00:13.000000000 +0100
+++ new/postfix-3.2.2/src/bounce/bounce_notify_util.c   2017-06-10 
20:47:25.000000000 +0200
@@ -637,7 +637,9 @@
                      (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED) ?
                      "global-" : "");
     /* Fix 20140709: addresses may be 8bit. */
-    if (NOT_7BIT_MIME(bounce_info))
+    if (NOT_7BIT_MIME(bounce_info)
+    /* BC Fix 20170610: prevent MIME downgrade of message/delivery-status. */
+       && (bounce_info->smtputf8 & SMTPUTF8_FLAG_REQUESTED))
        post_mail_fprintf(bounce, "Content-Transfer-Encoding: %s",
                          bounce_info->mime_encoding);
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/global/mail_version.h 
new/postfix-3.2.2/src/global/mail_version.h
--- old/postfix-3.2.0/src/global/mail_version.h 2017-03-01 01:39:43.000000000 
+0100
+++ new/postfix-3.2.2/src/global/mail_version.h 2017-06-13 19:28:36.000000000 
+0200
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE      "20170228"
-#define MAIL_VERSION_NUMBER    "3.2.0"
+#define MAIL_RELEASE_DATE      "20170613"
+#define MAIL_VERSION_NUMBER    "3.2.2"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE      "-" MAIL_RELEASE_DATE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/milter/milter.c 
new/postfix-3.2.2/src/milter/milter.c
--- old/postfix-3.2.0/src/milter/milter.c       2016-01-24 01:42:19.000000000 
+0100
+++ new/postfix-3.2.2/src/milter/milter.c       2017-02-21 23:32:57.000000000 
+0100
@@ -333,18 +333,21 @@
     VSTRING *canon_buf = vstring_alloc(20);
     const char *value;
     const char *name;
+    const char *cname;
 
     while ((name = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
        if (msg_verbose)
            msg_info("%s: \"%s\"", myname, name);
        if (*name != '{')                       /* } */
-           name = STR(vstring_sprintf(canon_buf, "{%s}", name));
-       if ((value = milters->mac_lookup(name, milters->mac_context)) != 0) {
+           cname = STR(vstring_sprintf(canon_buf, "{%s}", name));
+       else
+           cname = name;
+       if ((value = milters->mac_lookup(cname, milters->mac_context)) != 0) {
            if (msg_verbose)
                msg_info("%s: result \"%s\"", myname, value);
            argv_add(argv, name, value, (char *) 0);
        } else if (milters->macro_defaults != 0
-            && (value = htable_find(milters->macro_defaults, name)) != 0) {
+           && (value = htable_find(milters->macro_defaults, cname)) != 0) {
            if (msg_verbose)
                msg_info("%s: using default \"%s\"", myname, value);
            argv_add(argv, name, value, (char *) 0);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/smtpd/smtpd.c 
new/postfix-3.2.2/src/smtpd/smtpd.c
--- old/postfix-3.2.0/src/smtpd/smtpd.c 2017-02-19 02:58:21.000000000 +0100
+++ new/postfix-3.2.2/src/smtpd/smtpd.c 2017-04-03 23:58:06.000000000 +0200
@@ -5396,6 +5396,8 @@
        milter_free(state->milters);
        state->milters = 0;
     }
+    smtpd_input_transp_mask =
+       input_transp_mask(VAR_INPUT_TRANSP, var_input_transp);
 }
 
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/smtpd/smtpd_check.c 
new/postfix-3.2.2/src/smtpd/smtpd_check.c
--- old/postfix-3.2.0/src/smtpd/smtpd_check.c   2017-02-05 21:55:35.000000000 
+0100
+++ new/postfix-3.2.2/src/smtpd/smtpd_check.c   2017-05-31 23:29:46.000000000 
+0200
@@ -3174,6 +3174,7 @@
     const char *myname = "check_mail_access";
     const RESOLVE_REPLY *reply;
     const char *value;
+    int     lookup_strategy;
     int     status;
     MAPS   *maps;
 
@@ -3213,8 +3214,10 @@
      * Look up user+foo@domain if the address has an extension, user@domain
      * otherwise.
      */
-#define LOOKUP_STRATEGY (MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN \
-                        | MA_FIND_PDMS | MA_FIND_LOCALPART_AT)
+    lookup_strategy = MA_FIND_FULL | MA_FIND_NOEXT | MA_FIND_DOMAIN
+       | MA_FIND_LOCALPART_AT
+       | (access_parent_style == MATCH_FLAG_PARENT ?
+          MA_FIND_PDMS : MA_FIND_PDDMDS);
 
     if ((maps = (MAPS *) htable_find(map_command_table, table)) == 0) {
        msg_warn("%s: unexpected dictionary: %s", myname, table);
@@ -3225,7 +3228,7 @@
                                   def_acl));
     }
     if ((value = mail_addr_find_strategy(maps, CONST_STR(reply->recipient),
-                                     (char **) 0, LOOKUP_STRATEGY)) != 0) {
+                                     (char **) 0, lookup_strategy)) != 0) {
        *found = 1;
        status = check_table_result(state, table, value,
                                    CONST_STR(reply->recipient),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/util/dict_db.c 
new/postfix-3.2.2/src/util/dict_db.c
--- old/postfix-3.2.0/src/util/dict_db.c        2014-12-07 02:35:33.000000000 
+0100
+++ new/postfix-3.2.2/src/util/dict_db.c        2017-06-13 18:12:21.000000000 
+0200
@@ -122,6 +122,9 @@
 typedef struct {
     DICT    dict;                      /* generic members */
     DB     *db;                                /* open db file */
+#if DB_VERSION_MAJOR > 2
+    DB_ENV *dbenv;
+#endif
 #if DB_VERSION_MAJOR > 1
     DBC    *cursor;                    /* dict_db_sequence() */
 #endif
@@ -553,6 +556,9 @@
     if (DICT_DB_CLOSE(dict_db->db) < 0)
        msg_info("close database %s: %m (possible Berkeley DB bug)",
                 dict_db->dict.name);
+#if DB_VERSION_MAJOR > 2
+    dict_db->dbenv->close(dict_db->dbenv, 0);
+#endif
     if (dict_db->key_buf)
        vstring_free(dict_db->key_buf);
     if (dict_db->val_buf)
@@ -562,6 +568,44 @@
     dict_free(dict);
 }
 
+#if DB_VERSION_MAJOR > 2
+
+/* dict_db_new_env - workaround for undocumented ./DB_CONFIG read */
+
+static DB_ENV *dict_db_new_env(const char *db_path)
+{
+    VSTRING *db_home_buf;
+    DB_ENV *dbenv;
+    u_int32_t cache_size_gbytes;
+    u_int32_t cache_size_bytes;
+    int     ncache;
+
+    if ((errno = db_env_create(&dbenv, 0)) != 0)
+       msg_fatal("create DB environment: %m");
+#if DB_VERSION_MAJOR > 4 || (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 7)
+    if ((errno = dbenv->get_cachesize(dbenv, &cache_size_gbytes,
+                                     &cache_size_bytes, &ncache)) != 0)
+       msg_fatal("get DB cache size: %m");
+    if (cache_size_gbytes == 0 && cache_size_bytes < dict_db_cache_size) {
+       if ((errno = dbenv->set_cache_max(dbenv, cache_size_gbytes,
+                                         dict_db_cache_size)) != 0)
+           msg_fatal("set DB max cache size %d: %m", dict_db_cache_size);
+       if ((errno = dbenv->set_cachesize(dbenv, cache_size_gbytes,
+                                         dict_db_cache_size, ncache)) != 0)
+           msg_fatal("set DB cache size %d: %m", dict_db_cache_size);
+    }
+#endif
+    /* XXX db_home is also the default directory for the .db file. */
+    db_home_buf = vstring_alloc(100);
+    if ((errno = dbenv->open(dbenv, sane_dirname(db_home_buf, db_path),
+                          DB_INIT_MPOOL | DB_CREATE | DB_PRIVATE, 0)) != 0)
+       msg_fatal("open DB environment: %m");
+    vstring_free(db_home_buf);
+    return (dbenv);
+}
+
+#endif
+
 /* dict_db_open - open data base */
 
 static DICT *dict_db_open(const char *class, const char *path, int open_flags,
@@ -578,6 +622,10 @@
     int     db_flags;
 
 #endif
+#if DB_VERSION_MAJOR > 2
+    DB_ENV *dbenv;
+
+#endif
 
     /*
      * Mismatches between #include file and library are a common cause for
@@ -681,12 +729,10 @@
        db_flags |= DB_CREATE;
     if (open_flags & O_TRUNC)
        db_flags |= DB_TRUNCATE;
-    if ((errno = db_create(&db, 0, 0)) != 0)
+    if ((errno = db_create(&db, dbenv = dict_db_new_env(db_path), 0)) != 0)
        msg_fatal("create DB database: %m");
     if (db == 0)
        msg_panic("db_create null result");
-    if ((errno = db->set_cachesize(db, 0, dict_db_cache_size, 0)) != 0)
-       msg_fatal("set DB cache size %d: %m", dict_db_cache_size);
     if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
        msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
 #if DB_VERSION_MAJOR == 6 || DB_VERSION_MAJOR == 5 || \
@@ -743,6 +789,9 @@
     if (dict_flags & DICT_FLAG_FOLD_FIX)
        dict_db->dict.fold_buf = vstring_alloc(10);
     dict_db->db = db;
+#if DB_VERSION_MAJOR > 2
+    dict_db->dbenv = dbenv;
+#endif
 #if DB_VERSION_MAJOR > 1
     dict_db->cursor = 0;
 #endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/postfix-3.2.0/src/util/vstring.c 
new/postfix-3.2.2/src/util/vstring.c
--- old/postfix-3.2.0/src/util/vstring.c        2016-03-20 01:20:38.000000000 
+0100
+++ new/postfix-3.2.2/src/util/vstring.c        2017-06-10 21:35:51.000000000 
+0200
@@ -307,10 +307,11 @@
      */
     if ((bp->flags & VSTRING_FLAG_EXACT) == 0 && bp->len > incr)
        incr = bp->len;
-    if (bp->len > SSIZE_T_MAX - incr)
+    if (bp->len > SSIZE_T_MAX - incr - 1)
        msg_fatal("vstring_extend: length overflow");
     new_len = bp->len + incr;
-    bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len);
+    bp->data = (unsigned char *) myrealloc((void *) bp->data, new_len + 1);
+    bp->data[new_len] = 0;
     bp->len = new_len;
     bp->ptr = bp->data + used;
     bp->cnt = bp->len - used;
@@ -350,12 +351,13 @@
 {
     VSTRING *vp;
 
-    if (len < 1)
+    if (len < 1 || len > SSIZE_T_MAX - 1)
        msg_panic("vstring_alloc: bad length %ld", (long) len);
     vp = (VSTRING *) mymalloc(sizeof(*vp));
     vp->vbuf.flags = 0;
     vp->vbuf.len = 0;
-    vp->vbuf.data = (unsigned char *) mymalloc(len);
+    vp->vbuf.data = (unsigned char *) mymalloc(len + 1);
+    vp->vbuf.data[len] = 0;
     vp->vbuf.len = len;
     VSTRING_RESET(vp);
     vp->vbuf.data[0] = 0;

Reply via email to