Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/ibm-public/postfix/dist Import Postfix 2.8.3:
details: https://anonhg.NetBSD.org/src/rev/af1e150a2b2b
branches: trunk
changeset: 764903:af1e150a2b2b
user: tron <tron%NetBSD.org@localhost>
date: Wed May 11 09:10:01 2011 +0000
description:
Import Postfix 2.8.3:
Postfix releases 2.8.3, 2.7.4, 2.6.10 and 2.5.13 are available. These contain
a fix for CVE-2011-1720 which affects Postfix SMTP server configurations that
use Cyrus SASL authentication. Besides full releases, patches are available
for Postfix 1.1 and later.
This defect was introduced with the Postfix SASL patch, and is present in all
Postfix versions where the command "postconf mail_release_date" reports a
value of 20000314 (March 14, 2000) or greater.
Note: CVE-2011-1720 does not affect Postfix SMTP servers that use Dovecot
SASL authentication. It also does not affect the common Postfix SMTP server
configurations that use only Cyrus SASL mechanisms PLAIN and LOGIN.
More details will be available at http://www.postfix.org/CVE-2011-1720.html.
diffstat:
external/ibm-public/postfix/dist/HISTORY | 16 +++++++-
external/ibm-public/postfix/dist/html/postconf.1.html | 4 +-
external/ibm-public/postfix/dist/man/man1/postconf.1 | 4 +-
external/ibm-public/postfix/dist/src/global/mail_version.h | 6 +-
external/ibm-public/postfix/dist/src/postconf/postconf.c | 4 +-
external/ibm-public/postfix/dist/src/postscreen/postscreen.c | 5 +-
external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c | 23 ++++++++++-
external/ibm-public/postfix/dist/src/util/Makefile.in | 6 +-
external/ibm-public/postfix/dist/src/util/dict.h | 3 +-
external/ibm-public/postfix/dist/src/util/dict_open.c | 17 +++++++-
external/ibm-public/postfix/dist/src/verify/verify.c | 5 +-
11 files changed, 73 insertions(+), 20 deletions(-)
diffs (274 lines):
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/HISTORY
--- a/external/ibm-public/postfix/dist/HISTORY Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/HISTORY Wed May 11 09:10:01 2011 +0000
@@ -15616,7 +15616,7 @@
for the "virtual:" transport to "/etc/postfix/virtual:".
Symptom reported by Christoph Anton Mitterer.
-20200102
+20100102
Workaround: don't report bogus Berkeley DB close errors as
fatal errors. All operations before close are already error
@@ -16569,3 +16569,17 @@
expression of the form ``("text1" "text2") + constant'' so
we don't try to be so clever. Fix by Victor Duchovni. File:
global/mail_params.h.
+
+20110411
+
+ Cleanup: postscreen(8) and verify(8) daemons now lock their
+ respective cache file exclusively upon open, to avoid massive
+ cache corruption by unsupported sharing. Files: util/dict.h,
+ util/dict_open.c, verify/verify.c, postscreen/postscreen.c.
+
+20110414
+
+ Bugfix (introduced with Postfix SASL patch 20000314): don't
+ reuse a server SASL handle after authentication failure.
+ Problem reported by Thomas Jarosch of Intra2net AG. File:
+ smtpd/smtpd_proto.c.
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/html/postconf.1.html
--- a/external/ibm-public/postfix/dist/html/postconf.1.html Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/html/postconf.1.html Wed May 11 09:10:01 2011 +0000
@@ -88,8 +88,8 @@
With Postfix version 2.8 and later, the <b>-e</b> is no
longer needed.
- <b>-h</b> Show parameter values only, not the "<i>name = " label</i>
- <i>that normally precedes the value.</i>
+ <b>-h</b> Show parameter values only, not the "<i>name =</i> " label
+ that normally precedes the value.
<b>-l</b> List the names of all supported mailbox locking
methods. Postfix supports the following methods:
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/man/man1/postconf.1
--- a/external/ibm-public/postfix/dist/man/man1/postconf.1 Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/man/man1/postconf.1 Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: postconf.1,v 1.1.1.3 2011/03/02 19:31:49 tron Exp $
+.\" $NetBSD: postconf.1,v 1.1.1.4 2011/05/11 09:10:32 tron Exp $
.\"
.TH POSTCONF 1
.ad
@@ -85,7 +85,7 @@
With Postfix version 2.8 and later, the \fB-e\fR is no
longer needed.
.IP \fB-h\fR
-Show parameter values only, not the "\fIname = " label
+Show parameter values only, not the "\fIname = \fR" label
that normally precedes the value.
.IP \fB-l\fR
List the names of all supported mailbox locking methods.
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/global/mail_version.h
--- a/external/ibm-public/postfix/dist/src/global/mail_version.h Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/global/mail_version.h Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: mail_version.h,v 1.1.1.7 2011/03/23 19:07:40 tron Exp $ */
+/* $NetBSD: mail_version.h,v 1.1.1.8 2011/05/11 09:10:58 tron Exp $ */
#ifndef _MAIL_VERSION_H_INCLUDED_
#define _MAIL_VERSION_H_INCLUDED_
@@ -22,8 +22,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110321"
-#define MAIL_VERSION_NUMBER "2.8.2"
+#define MAIL_RELEASE_DATE "20110509"
+#define MAIL_VERSION_NUMBER "2.8.3"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/postconf/postconf.c
--- a/external/ibm-public/postfix/dist/src/postconf/postconf.c Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/postconf/postconf.c Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: postconf.c,v 1.1.1.3 2011/03/02 19:32:24 tron Exp $ */
+/* $NetBSD: postconf.c,v 1.1.1.4 2011/05/11 09:11:06 tron Exp $ */
/*++
/* NAME
@@ -79,7 +79,7 @@
/* With Postfix version 2.8 and later, the \fB-e\fR is no
/* longer needed.
/* .IP \fB-h\fR
-/* Show parameter values only, not the "\fIname = " label
+/* Show parameter values only, not the "\fIname = \fR" label
/* that normally precedes the value.
/* .IP \fB-l\fR
/* List the names of all supported mailbox locking methods.
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/postscreen/postscreen.c
--- a/external/ibm-public/postfix/dist/src/postscreen/postscreen.c Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/postscreen/postscreen.c Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: postscreen.c,v 1.1.1.1 2011/03/02 19:32:26 tron Exp $ */
+/* $NetBSD: postscreen.c,v 1.1.1.2 2011/05/11 09:11:07 tron Exp $ */
/*++
/* NAME
@@ -825,7 +825,8 @@
*
* Start the cache maintenance pseudo thread after dropping privileges.
*/
-#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
+#define PSC_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | \
+ DICT_FLAG_OPEN_LOCK)
if (*var_psc_cache_map)
psc_cache_map =
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c
--- a/external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/smtpd/smtpd_sasl_proto.c Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: smtpd_sasl_proto.c,v 1.1.1.2 2011/03/02 19:32:38 tron Exp $ */
+/* $NetBSD: smtpd_sasl_proto.c,v 1.1.1.3 2011/05/11 09:11:19 tron Exp $ */
/*++
/* NAME
@@ -186,6 +186,27 @@
return (-1);
}
+ /* Don't reuse the SASL handle after authentication failure. */
+#ifndef SMTPD_FLAG_AUTH_USED
+#define SMTPD_FLAG_AUTH_USED (1<<15)
+#endif
+#ifndef XSASL_TYPE_CYRUS
+#define XSASL_TYPE_CYRUS "cyrus"
+#endif
+ if (state->flags & SMTPD_FLAG_AUTH_USED) {
+ smtpd_sasl_deactivate(state);
+#ifdef USE_TLS
+ if (state->tls_context != 0)
+ smtpd_sasl_activate(state, VAR_SMTPD_SASL_TLS_OPTS,
+ var_smtpd_sasl_tls_opts);
+ else
+#endif
+ smtpd_sasl_activate(state, VAR_SMTPD_SASL_OPTS,
+ var_smtpd_sasl_opts);
+ } else if (strcmp(var_smtpd_sasl_type, XSASL_TYPE_CYRUS) == 0) {
+ state->flags |= SMTPD_FLAG_AUTH_USED;
+ }
+
/*
* All authentication failures shall be logged. The 5xx reply code from
* the SASL authentication routine triggers tar-pit delays, which help to
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/util/Makefile.in
--- a/external/ibm-public/postfix/dist/src/util/Makefile.in Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/util/Makefile.in Wed May 11 09:10:01 2011 +0000
@@ -948,6 +948,7 @@
dict_open.o: dict_unix.h
dict_open.o: htable.h
dict_open.o: msg.h
+dict_open.o: myflock.h
dict_open.o: mymalloc.h
dict_open.o: split_at.h
dict_open.o: stringops.h
@@ -1309,7 +1310,6 @@
mask_addr.o: sys_defs.h
match_list.o: argv.h
match_list.o: dict.h
-match_list.o: htable.h
match_list.o: match_list.c
match_list.o: match_list.h
match_list.o: match_ops.h
@@ -1324,8 +1324,6 @@
match_ops.o: argv.h
match_ops.o: cidr_match.h
match_ops.o: dict.h
-match_ops.o: htable.h
-match_ops.o: match_list.h
match_ops.o: match_ops.c
match_ops.o: match_ops.h
match_ops.o: msg.h
@@ -1788,6 +1786,8 @@
vstring_vstream.o: vstring.h
vstring_vstream.o: vstring_vstream.c
vstring_vstream.o: vstring_vstream.h
+watchdog.o: events.h
+watchdog.o: iostuff.h
watchdog.o: killme_after.h
watchdog.o: msg.h
watchdog.o: mymalloc.h
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/util/dict.h
--- a/external/ibm-public/postfix/dist/src/util/dict.h Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/util/dict.h Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dict.h,v 1.1.1.1 2009/06/23 10:08:59 tron Exp $ */
+/* $NetBSD: dict.h,v 1.1.1.2 2011/05/11 09:11:22 tron Exp $ */
#ifndef _DICT_H_INCLUDED_
#define _DICT_H_INCLUDED_
@@ -69,6 +69,7 @@
#define DICT_FLAG_FOLD_FIX (1<<14) /* case-fold key with fixed-case map */
#define DICT_FLAG_FOLD_MUL (1<<15) /* case-fold key with multi-case map */
#define DICT_FLAG_FOLD_ANY (DICT_FLAG_FOLD_FIX | DICT_FLAG_FOLD_MUL)
+#define DICT_FLAG_OPEN_LOCK (1<<16) /* open file with exclusive lock */
/* IMPORTANT: Update the dict_mask[] table when the above changes */
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/util/dict_open.c
--- a/external/ibm-public/postfix/dist/src/util/dict_open.c Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/util/dict_open.c Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dict_open.c,v 1.1.1.3 2011/03/02 19:32:42 tron Exp $ */
+/* $NetBSD: dict_open.c,v 1.1.1.4 2011/05/11 09:11:23 tron Exp $ */
/*++
/* NAME
@@ -82,6 +82,10 @@
/* .IP DICT_FLAG_LOCK
/* With maps where this is appropriate, acquire an exclusive lock
/* before writing, and acquire a shared lock before reading.
+/* .IP DICT_FLAG_OPEN_LOCK
+/* With maps where this is appropriate, acquire an exclusive
+/* lock upon open, and report a fatal run-time error if the
+/* table is already locked.
/* .IP DICT_FLAG_FOLD_FIX
/* With databases whose lookup fields are fixed-case strings,
/* fold the search key to lower case before accessing the
@@ -212,6 +216,7 @@
#include <stringops.h>
#include <split_at.h>
#include <htable.h>
+#include <myflock.h>
/*
* lookup table for available map types.
@@ -315,6 +320,16 @@
msg_fatal("opening %s:%s %m", dict_type, dict_name);
if (msg_verbose)
msg_info("%s: %s:%s", myname, dict_type, dict_name);
+ /* XXX the choice between wait-for-lock or no-wait is hard-coded. */
+ if (dict->lock_fd >= 0 && (dict_flags & DICT_FLAG_OPEN_LOCK) != 0) {
+ if (dict_flags & DICT_FLAG_LOCK)
+ msg_panic("%s: attempt to open %s:%s with both \"open\" lock and \"access\" lock",
+ myname, dict_type, dict_name);
+ if (myflock(dict->lock_fd, INTERNAL_LOCK,
+ MYFLOCK_OP_EXCLUSIVE | MYFLOCK_OP_NOWAIT) < 0)
+ msg_fatal("%s:%s: unable to get exclusive lock: %m",
+ dict_type, dict_name);
+ }
return (dict);
}
diff -r 1894bd668bd8 -r af1e150a2b2b external/ibm-public/postfix/dist/src/verify/verify.c
--- a/external/ibm-public/postfix/dist/src/verify/verify.c Wed May 11 08:11:36 2011 +0000
+++ b/external/ibm-public/postfix/dist/src/verify/verify.c Wed May 11 09:10:01 2011 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: verify.c,v 1.1.1.2 2010/06/17 18:07:17 tron Exp $ */
+/* $NetBSD: verify.c,v 1.1.1.3 2011/05/11 09:11:28 tron Exp $ */
/*++
/* NAME
@@ -666,7 +666,8 @@
*
* Start the cache cleanup thread after permanently dropping privileges.
*/
-#define VERIFY_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE)
+#define VERIFY_DICT_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE \
+ | DICT_FLAG_OPEN_LOCK)
saved_mask = umask(022);
verify_map =
Home |
Main Index |
Thread Index |
Old Index