Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/gnu/dist/postfix Apply patch (requested by ghen in ticket...
details: https://anonhg.NetBSD.org/src/rev/7e30a614d23b
branches: netbsd-3
changeset: 578257:7e30a614d23b
user: tron <tron%NetBSD.org@localhost>
date: Mon Jul 31 19:16:53 2006 +0000
description:
Apply patch (requested by ghen in ticket #1444):
Update Postfix to version 2.2.11.
diffstat:
gnu/dist/postfix/HISTORY | 92 ++++++++
gnu/dist/postfix/README_FILES/PGSQL_README | 3 +
gnu/dist/postfix/README_FILES/SMTPD_POLICY_README | 11 +-
gnu/dist/postfix/RELEASE_NOTES | 14 +
gnu/dist/postfix/html/PGSQL_README.html | 4 +
gnu/dist/postfix/html/SMTPD_POLICY_README.html | 13 +-
gnu/dist/postfix/proto/PGSQL_README.html | 4 +
gnu/dist/postfix/proto/SMTPD_POLICY_README.html | 13 +-
gnu/dist/postfix/src/global/dict_pgsql.c | 247 +++++++++++++++++----
gnu/dist/postfix/src/global/hold_message.c | 5 +-
gnu/dist/postfix/src/global/mail_proto.h | 3 +-
gnu/dist/postfix/src/global/mail_version.h | 6 +-
gnu/dist/postfix/src/global/tok822_parse.c | 3 +-
gnu/dist/postfix/src/smtp/smtp_proto.c | 135 ++++++-----
gnu/dist/postfix/src/smtp/smtp_reuse.c | 29 ++-
gnu/dist/postfix/src/smtpd/smtpd.c | 12 +-
gnu/dist/postfix/src/smtpd/smtpd_check.c | 55 +++-
gnu/dist/postfix/src/tls/tls_prng_exch.c | 6 +-
gnu/dist/postfix/src/util/safe_open.c | 16 +-
gnu/dist/postfix/src/util/sys_defs.h | 6 +-
20 files changed, 514 insertions(+), 163 deletions(-)
diffs (truncated from 1117 to 300 lines):
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/HISTORY
--- a/gnu/dist/postfix/HISTORY Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/HISTORY Mon Jul 31 19:16:53 2006 +0000
@@ -10920,3 +10920,95 @@
sick that you would have more serious problems than a file
descriptor leak. Found by Coverity. Files: local/maildir.c,
virtual/maildir.c.
+
+20060411
+
+ Bugfix: the SMTP server logged no warning when for some
+ reason the TLS engine was unavailable in wrappermode. Victor
+ Duchovni. File: smtpd/smtpd.c.
+
+20060430
+
+ Bugfix: dangling pointer in a function that has no caller.
+ Found by Coverity. File: tls/tls_prng_exch.c.
+
+ Bugfix: the workaround for CA-2003-07 (Sendmail) did not
+ null terminate the address before logging a warning. Reported
+ by Kris Kennaway. File: global/tok822_parse.c.
+
+20060516
+
+ Portability: __float80 alignment, by Albert Chin. File:
+ util/sys_defs.h.
+
+20060524
+
+ Cleanup: send ETRN command parameter when using check_policy
+ in the context of an ETRN command. Joshua Goodall. File:
+ smtpd/smtpd_check.c.
+
+20060604
+
+ Bugfix: the HOLD feature in access or header/body_checks
+ tables didn't properly report subdirectory create errors
+ (which don't happen because the hold queue isn't hashed by
+ default). Found with the BEAM code scanner. File:
+ global/hold_message.c.
+
+ Cleanup: minor fluff found with the BEAM source code analyzer.
+ File: util/safe_open.c.
+
+20060611
+
+ Security: the PostgreSQL client was updated after major
+ database API changes in response to PostgreSQL security
+ issues. This breaks support for PGSQL versions prior to
+ 8.1.4, 8.0.8, 7.4.13, and 7.3.15. Support for these requires
+ major code changes which are not possible in the time that
+ is left for the Postfix 2.3 stable release.
+
+ Specific PostgreSQL client changes: use connection-aware
+ quoting, and more robust PQexec() result handling. Previous
+ versions of the dict_pgsql driver didn't check the status
+ of the result pointer, and certain exceptional events can
+ be mis-interpreted as an empty result set. Fixes by Leandro
+ Santi. File: global/dict_pgsql.c.
+
+20060626
+
+ Workaround: disable SMTP connection cache lookup by server
+ IP address when the tls_per_site policy table is enabled.
+ Different server names may resolve to the same IP address,
+ and we don't want to use the wrong TLS policy. File:
+ smtp/smtp_reuse.c.
+
+20060706
+
+ Workaround: disable SMTP connection cache lookup by server
+ IP address when the smtp_sasl_password_maps password feature
+ is enabled. Different server names may resolve to the same
+ IP address, and we don't want to use the wrong SASL
+ credentials. File: smtp/smtp_reuse.c.
+
+ Bugfix: don't reuse a plaintext connection when the TLS
+ policy requires encryption. This can happen because we have
+ to search the connection cache before we know the
+ server-dependent TLS policy. It does not eliminate the
+ problem that we may still be using the wrong policy because
+ the cached server name was obtained in an insecure manner.
+
+20060707
+
+ Robustness: the SMTPD policy client now encodes the
+ ccert_subject and ccert_issuer attributes as xtext. Some
+ characters are replaced by +XX, where XX is the two-digit
+ hexadecimal code for the character value. File:
+ smtpd/smtpd_check.c.
+
+20060716
+
+ Bugfix: the Postfix SMTP client enforced Mandatory TLS only
+ when talking to an ESMTP server; enforcement did not happen
+ if Postfix could somehow be forced to send HELO instead of
+ EHLO. Victor Duchovni. File: src/smtp/smtp_proto.c.
+
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/README_FILES/PGSQL_README
--- a/gnu/dist/postfix/README_FILES/PGSQL_README Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/README_FILES/PGSQL_README Mon Jul 31 19:16:53 2006 +0000
@@ -102,4 +102,7 @@
* Liviu Daia with further refinements from Jose Luis Tallon and Victor
Duchovni developed the common query, result_format, domain and
expansion_limit interface for LDAP, MySQL and PosgreSQL.
+ * Leandro Santi updated the PostgreSQL client to reflect PostgreSQL security
+ issues with respect to quoting which resulted in major database API
+ changes, and made PQexec() handling more robust.
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/README_FILES/SMTPD_POLICY_README
--- a/gnu/dist/postfix/README_FILES/SMTPD_POLICY_README Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/README_FILES/SMTPD_POLICY_README Mon Jul 31 19:16:53 2006 +0000
@@ -53,9 +53,10 @@
sasl_username=you
sasl_sender=
ccert_subject=solaris9.porcupine.org
- ccert_issuer=Wietse Venema
+ ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
size=12345
+ etrn_domain=
[empty line]
Notes:
@@ -90,7 +91,13 @@
how the client was authenticated via SASL.
* The "ccert_*" attributes (Postfix 2.2 and later) specify information about
- how the client was authenticated via TLS.
+ how the client was authenticated via TLS. As of Postfix 2.2.11 these
+ attribute values are encoded as xtext: some characters are represented by
+ +XX, where XX is the two-digit hecadecimal representation of the character
+ value.
+
+ * The "etrn_domain" attribute is defined only in the context of the ETRN
+ command, and specifies the ETRN command parameter.
The following is specific to SMTPD delegated policy requests:
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/RELEASE_NOTES
--- a/gnu/dist/postfix/RELEASE_NOTES Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/RELEASE_NOTES Mon Jul 31 19:16:53 2006 +0000
@@ -11,6 +11,20 @@
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
+Incompatible changes with Postfix version 2.2.11
+------------------------------------------------
+
+The SMTPD policy client now encodes the ccert_subject and ccert_issuer
+attributes as xtext. Some characters are represented by +XX, where
+XX is the two-digit hecadecimal representation of the character
+value.
+
+The PostgreSQL client was updated after major database API changes
+in response to PostgreSQL security issues. This breaks support for
+PGSQL versions prior to 8.1.4, 8.0.8, 7.4.13, and 7.3.15. Support
+for these requires major code changes which are not possible in a
+stable release.
+
Main changes with Postfix version 2.2
-------------------------------------
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/html/PGSQL_README.html
--- a/gnu/dist/postfix/html/PGSQL_README.html Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/html/PGSQL_README.html Mon Jul 31 19:16:53 2006 +0000
@@ -139,6 +139,10 @@
Victor Duchovni developed the common query, result_format, domain and
expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
+<li> Leandro Santi updated the PostgreSQL client to reflect PostgreSQL
+security issues with respect to quoting which resulted in major
+database API changes, and made PQexec() handling more robust. </li>
+
</ul>
</body>
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/html/SMTPD_POLICY_README.html
--- a/gnu/dist/postfix/html/SMTPD_POLICY_README.html Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/html/SMTPD_POLICY_README.html Mon Jul 31 19:16:53 2006 +0000
@@ -85,9 +85,10 @@
sasl_username=you
sasl_sender=
ccert_subject=solaris9.porcupine.org
-ccert_issuer=Wietse Venema
+ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
size=12345
+etrn_domain=
[empty line]
</pre>
</blockquote>
@@ -133,8 +134,14 @@
</p>
<li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
- information about how the client was authenticated via TLS.
- </p>
+ information about how the client was authenticated via TLS. As
+ of Postfix 2.2.11 these attribute values are encoded as xtext:
+ some characters are represented by +XX, where XX is the two-digit
+ hecadecimal representation of the character value. </p>
+
+ <li> <p> The "etrn_domain" attribute is defined only in the
+ context of the ETRN command, and specifies the ETRN command
+ parameter. </p>
</ul>
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/proto/PGSQL_README.html
--- a/gnu/dist/postfix/proto/PGSQL_README.html Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/proto/PGSQL_README.html Mon Jul 31 19:16:53 2006 +0000
@@ -139,6 +139,10 @@
Victor Duchovni developed the common query, result_format, domain and
expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
+<li> Leandro Santi updated the PostgreSQL client to reflect PostgreSQL
+security issues with respect to quoting which resulted in major
+database API changes, and made PQexec() handling more robust. </li>
+
</ul>
</body>
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/proto/SMTPD_POLICY_README.html
--- a/gnu/dist/postfix/proto/SMTPD_POLICY_README.html Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/proto/SMTPD_POLICY_README.html Mon Jul 31 19:16:53 2006 +0000
@@ -85,9 +85,10 @@
sasl_username=you
sasl_sender=
ccert_subject=solaris9.porcupine.org
-ccert_issuer=Wietse Venema
+ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
size=12345
+etrn_domain=
[empty line]
</pre>
</blockquote>
@@ -133,8 +134,14 @@
</p>
<li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
- information about how the client was authenticated via TLS.
- </p>
+ information about how the client was authenticated via TLS. As
+ of Postfix 2.2.11 these attribute values are encoded as xtext:
+ some characters are represented by +XX, where XX is the two-digit
+ hecadecimal representation of the character value. </p>
+
+ <li> <p> The "etrn_domain" attribute is defined only in the
+ context of the ETRN command, and specifies the ETRN command
+ parameter. </p>
</ul>
diff -r 73bf03133c07 -r 7e30a614d23b gnu/dist/postfix/src/global/dict_pgsql.c
--- a/gnu/dist/postfix/src/global/dict_pgsql.c Mon Jul 31 16:35:50 2006 +0000
+++ b/gnu/dist/postfix/src/global/dict_pgsql.c Mon Jul 31 19:16:53 2006 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dict_pgsql.c,v 1.1.1.2.2.1 2006/07/12 15:06:39 tron Exp $ */
+/* $NetBSD: dict_pgsql.c,v 1.1.1.2.2.2 2006/07/31 19:16:53 tron Exp $ */
/*++
/* NAME
@@ -219,6 +219,7 @@
char *table;
ARGV *hosts;
PLPGSQL *pldb;
+ HOST *active_host;
} DICT_PGSQL;
@@ -227,7 +228,8 @@
/* internal function declarations */
static PLPGSQL *plpgsql_init(ARGV *);
-static PGSQL_RES *plpgsql_query(PLPGSQL *, const char *, char *, char *, char *);
+static PGSQL_RES *plpgsql_query(DICT_PGSQL *, const char *, VSTRING *, char *,
+ char *, char *);
static void plpgsql_dealloc(PLPGSQL *);
static void plpgsql_close_host(HOST *);
static void plpgsql_down_host(HOST *);
@@ -237,41 +239,83 @@
static void dict_pgsql_close(DICT *);
static HOST *host_init(const char *);
-
/* dict_pgsql_quote - escape SQL metacharacters in input string */
-static void dict_pgsql_quote(DICT *unused, const char *name, VSTRING *result)
+static void dict_pgsql_quote(DICT *dict, const char *name, VSTRING *result)
{
- const char *sub;
+ DICT_PGSQL *dict_pgsql = (DICT_PGSQL *) dict;
+ HOST *active_host = dict_pgsql->active_host;
+ char *myname = "dict_pgsql_quote";
+ size_t len = strlen(name);
+ size_t buflen = 2*len + 1;
+ int err = 1;
Home |
Main Index |
Thread Index |
Old Index