Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/ibm-public/postfix/dist Import Postfix 2.8.8. Chang...
details: https://anonhg.NetBSD.org/src/rev/abd0e4ade5ac
branches: trunk
changeset: 777394:abd0e4ade5ac
user: tron <tron%NetBSD.org@localhost>
date: Fri Feb 17 08:35:39 2012 +0000
description:
Import Postfix 2.8.8. Changes since Postfix 2.8.7:
- The Postfix sqlite client, introduced with Postfix 2.8, had an
embarassing bug in its quoting routine. As the result of a
last-minute code cleanup before release, this routine returned the
unquoted text instead of the quoted text. The opportunities for
mis-use are limited: Postfix sqlite database files are usually owned
by root, and Postfix daemons usually run with non-root privileges so
they can't corrupt the database. This problem was reported by Rob
McGee (rob0).
- The Postfix 2.8.4 fix for local delivery agent database lookup
errors was incomplete. The fix correctly added new code to detect
database lookup errors with mailbox_transport_maps,
mailbox_command_maps or fallback_transport_maps, but it failed to
log the problem, and to produce a defer logfile record which is
needed for "delayed mail" and "mail too old" delivery status
notifications.
- The trace(8) service, used for DSN SUCCESS notifications, did not
distinguish between notifications for a non-bounce or a bounce
message, causing it to "reply" to mail with the null sender
address. Problem reported by Sabahattin Gucukoglu.
- Support for Dovecot auth over TCP sockets, using code that already
existed for testing purposes. Patrick Koetter kindly provided an
update for the SASL_README file.
- Workaround in the LDAP client for changes in the under-documented
OpenLDAP API, by Victor Duchovni.
diffstat:
external/ibm-public/postfix/dist/HISTORY | 52 ++++++++
external/ibm-public/postfix/dist/mantools/get_anchors.pl | 6 +-
external/ibm-public/postfix/dist/src/bounce/bounce_trace_service.c | 39 +++++-
external/ibm-public/postfix/dist/src/global/dict_ldap.c | 65 +++++----
external/ibm-public/postfix/dist/src/global/dict_sqlite.c | 15 ++-
external/ibm-public/postfix/dist/src/global/mail_version.h | 6 +-
external/ibm-public/postfix/dist/src/global/maps.c | 8 +-
external/ibm-public/postfix/dist/src/local/mailbox.c | 8 +-
external/ibm-public/postfix/dist/src/local/unknown.c | 5 +-
external/ibm-public/postfix/dist/src/tlsproxy/tlsproxy.c | 4 +-
external/ibm-public/postfix/dist/src/util/dict.c | 4 +-
external/ibm-public/postfix/dist/src/xsasl/xsasl_dovecot_server.c | 7 +-
12 files changed, 164 insertions(+), 55 deletions(-)
diffs (truncated from 520 to 300 lines):
diff -r 509f62101d80 -r abd0e4ade5ac external/ibm-public/postfix/dist/HISTORY
--- a/external/ibm-public/postfix/dist/HISTORY Fri Feb 17 08:28:36 2012 +0000
+++ b/external/ibm-public/postfix/dist/HISTORY Fri Feb 17 08:35:39 2012 +0000
@@ -16695,3 +16695,55 @@
Portability: OpenBSD 5.x is supported. Files: makedefs,
util/sys_defs.h.
+
+ Portability: Dovecot now officially supports more socket
+ types for its authentication server. File:
+ xsasl/xsasl_dovecot_server.c.
+
+20111126
+
+ Bitrot: changes in error reporting to the under-documented
+ OpenLDAP API. Problem reported by Quanah Gibson-Mount. Fix
+ by Viktor Dukhovni. File: global/dict_ldap.c.
+
+20111205
+
+ Bugfix: tlsproxy(8) stored TLS sessions with a serverID of
+ "tlsproxy" instead of "smtpd", wasting an opportunity for
+ session reuse. File: tlsproxy/tlsproxy.c.
+
+20111211
+
+ Bugfix: missing lookup table entry and terminator, causing
+ proxymap server segfault when postscreen(8) or verify(8)
+ attempted to access their cache via the proxymap server.
+ This could never have worked anyway, because the Postfix
+ 2.8 proxymap protocol does not support cache cleanup. File
+ util/dict.c.
+
+20111226
+
+ Bugfix (introduced 20110426): after lookup error with
+ mailbox_transport_maps, mailbox_command_maps or
+ fallback_transport_maps, the local delivery agent did not
+ log the problem before deferring mail, and produced no defer
+ logfile record. Files: local/mailbox.c, local/unknown.c.
+
+20120127
+
+ Bugfix (introduced: Postfix 2.8): the Postfix client sqlite
+ quoting routine returned the unquoted result instead of the
+ quoted text. The opportunities for misuse are limited,
+ because Postfix sqlite files are usually owned by root, and
+ Postfix daemons usually run with non-root privileges so
+ they can't corrupt the database. Problem reported by Rob
+ McGee (rob0). File: global/dict_sqlite.c.
+
+20120130
+
+ Bugfix (introduced: Postfix 2.3): the trace service did not
+ distinguish between notifications for a non-bounce or a
+ bounce message. This code pre-dates DSN support and should
+ have been updated when it was re-purposed to handle DSN
+ SUCCESS notifications. Problem reported by Sabahattin
+ Gucukoglu. File: bounce/bounce_trace_service.c.
diff -r 509f62101d80 -r abd0e4ade5ac external/ibm-public/postfix/dist/mantools/get_anchors.pl
--- a/external/ibm-public/postfix/dist/mantools/get_anchors.pl Fri Feb 17 08:28:36 2012 +0000
+++ b/external/ibm-public/postfix/dist/mantools/get_anchors.pl Fri Feb 17 08:35:39 2012 +0000
@@ -3,9 +3,9 @@
# Copyright (c) 2004 Liviu Daia <Liviu.Daia%imar.ro@localhost>
# All rights reserved.
#
-# $Revision: 1.1.1.1 $
-# $Id: get_anchors.pl,v 1.1.1.1 2009/06/23 10:08:36 tron Exp $
-# $Source: /cvsroot/src/external/ibm-public/postfix/dist/mantools/get_anchors.pl,v $
+# Revision
+# Id
+# Source
#
use HTML::Parser;
diff -r 509f62101d80 -r abd0e4ade5ac external/ibm-public/postfix/dist/src/bounce/bounce_trace_service.c
--- a/external/ibm-public/postfix/dist/src/bounce/bounce_trace_service.c Fri Feb 17 08:28:36 2012 +0000
+++ b/external/ibm-public/postfix/dist/src/bounce/bounce_trace_service.c Fri Feb 17 08:35:39 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bounce_trace_service.c,v 1.1.1.1 2009/06/23 10:08:42 tron Exp $ */
+/* $NetBSD: bounce_trace_service.c,v 1.1.1.2 2012/02/17 08:36:04 tron Exp $ */
/*++
/* NAME
@@ -85,8 +85,39 @@
BOUNCE_INFO *bounce_info;
int bounce_status = 1;
VSTREAM *bounce;
- VSTRING *new_id = vstring_alloc(10);
+ int notify_mask = name_mask(VAR_NOTIFY_CLASSES, mail_error_masks,
+ var_notify_classes);
+ VSTRING *new_id;
int count;
+ const char *sender;
+
+ /*
+ * For consistency with fail/delay notifications, send notification for a
+ * non-bounce message as a single-bounce message, send notification for a
+ * single-bounce message as a double-bounce message, and drop requests to
+ * send notification for a double-bounce message.
+ */
+#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
+
+ if (strcasecmp(recipient, mail_addr_double_bounce()) == 0) {
+ msg_info("%s: not sending trace/success notification for "
+ "double-bounce message", queue_id);
+ return (0);
+ } else if (*recipient == 0) {
+ if ((notify_mask & MAIL_ERROR_2BOUNCE) != 0) {
+ recipient = var_2bounce_rcpt;
+ sender = mail_addr_double_bounce();
+ } else {
+ msg_info("%s: not sending trace/success notification "
+ "for single-bounce message", queue_id);
+ if (mail_queue_remove(service, queue_id) && errno != ENOENT)
+ msg_fatal("remove %s %s: %m", service, queue_id);
+ return (0);
+ }
+ } else {
+ /* Always send notification for non-bounce message. */
+ sender = NULL_SENDER;
+ }
/*
* Initialize. Open queue file, bounce log, etc.
@@ -128,7 +159,6 @@
bounce_mail_free(bounce_info);
return (0);
}
-#define NULL_SENDER MAIL_ADDR_EMPTY /* special address */
#define NULL_TRACE_FLAGS 0
/*
@@ -141,7 +171,8 @@
* there are fewer potential left-over files to remove up when we create
* a new queue file.
*/
- if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
+ new_id = vstring_alloc(10);
+ if ((bounce = post_mail_fopen_nowait(sender, recipient,
INT_FILT_MASK_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
diff -r 509f62101d80 -r abd0e4ade5ac external/ibm-public/postfix/dist/src/global/dict_ldap.c
--- a/external/ibm-public/postfix/dist/src/global/dict_ldap.c Fri Feb 17 08:28:36 2012 +0000
+++ b/external/ibm-public/postfix/dist/src/global/dict_ldap.c Fri Feb 17 08:35:39 2012 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dict_ldap.c,v 1.1.1.3 2011/03/02 19:32:14 tron Exp $ */
+/* $NetBSD: dict_ldap.c,v 1.1.1.4 2012/02/17 08:36:07 tron Exp $ */
/*++
/* NAME
@@ -227,6 +227,7 @@
#include "mail_conf.h"
#if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP)
+
/*
* SASL headers, for sasl_interact_t. Either SASL v1 or v2 should be fine.
*/
@@ -244,13 +245,13 @@
#define DICT_LDAP_DO_SASL(d) ((d)->bind == DICT_LDAP_BIND_SASL)
static const NAME_CODE bindopt_table[] = {
- CONFIG_BOOL_NO, DICT_LDAP_BIND_NONE,
- "none", DICT_LDAP_BIND_NONE,
- CONFIG_BOOL_YES, DICT_LDAP_BIND_SIMPLE,
- "simple", DICT_LDAP_BIND_SIMPLE,
+ CONFIG_BOOL_NO, DICT_LDAP_BIND_NONE,
+ "none", DICT_LDAP_BIND_NONE,
+ CONFIG_BOOL_YES, DICT_LDAP_BIND_SIMPLE,
+ "simple", DICT_LDAP_BIND_SIMPLE,
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
- "sasl", DICT_LDAP_BIND_SASL,
+ "sasl", DICT_LDAP_BIND_SASL,
#endif
#endif
0, -1,
@@ -294,9 +295,9 @@
#ifdef LDAP_API_FEATURE_X_OPENLDAP
#if defined(USE_LDAP_SASL)
int sasl;
- char *sasl_mechs;
- char *sasl_realm;
- char *sasl_authz;
+ char *sasl_mechs;
+ char *sasl_realm;
+ char *sasl_authz;
int sasl_minssf;
#endif
int ldap_ssl;
@@ -453,28 +454,26 @@
}
#if defined(USE_LDAP_SASL) && defined(LDAP_API_FEATURE_X_OPENLDAP)
+
/*
* Context structure for SASL property callback.
*/
typedef struct bind_props {
- char *authcid;
- char *passwd;
- char *realm;
- char *authzid;
+ char *authcid;
+ char *passwd;
+ char *realm;
+ char *authzid;
} bind_props;
-static int
-ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter)
+static int ldap_b2_interact(LDAP *ld, unsigned flags, void *props, void *inter)
{
sasl_interact_t *in;
- bind_props *ctx = (bind_props *)props;
+ bind_props *ctx = (bind_props *) props;
- for (in = inter; in->id != SASL_CB_LIST_END; in++)
- {
+ for (in = inter; in->id != SASL_CB_LIST_END; in++) {
in->result = NULL;
- switch(in->id)
- {
+ switch (in->id) {
case SASL_CB_GETREALM:
in->result = ctx->realm;
break;
@@ -493,6 +492,7 @@
}
return LDAP_SUCCESS;
}
+
#endif
/* dict_ldap_result - Read and parse LDAP result */
@@ -500,6 +500,7 @@
static int dict_ldap_result(LDAP *ld, int msgid, int timeout, LDAPMessage **res)
{
struct timeval mytimeval;
+ int err;
mytimeval.tv_sec = timeout;
mytimeval.tv_usec = 0;
@@ -508,9 +509,12 @@
if (ldap_result(ld, msgid, GET_ALL, &mytimeval, res) == -1)
return (dict_ldap_get_errno(ld));
- if (dict_ldap_get_errno(ld) == LDAP_TIMEOUT) {
- (void) dict_ldap_abandon(ld, msgid);
- return (dict_ldap_set_errno(ld, LDAP_TIMEOUT));
+ if ((err = dict_ldap_get_errno(ld)) != LDAP_SUCCESS) {
+ if (err == LDAP_TIMEOUT) {
+ (void) dict_ldap_abandon(ld, msgid);
+ return (dict_ldap_set_errno(ld, LDAP_TIMEOUT));
+ }
+ return err;
}
return LDAP_SUCCESS;
}
@@ -531,7 +535,7 @@
vstring_sprintf(minssf, "minssf=%d", dict_ldap->sasl_minssf);
if ((rc = ldap_set_option(dict_ldap->ld, LDAP_OPT_X_SASL_SECPROPS,
- (char *) minssf)) != LDAP_OPT_SUCCESS)
+ (char *) minssf)) != LDAP_OPT_SUCCESS)
return (rc);
props.authcid = dict_ldap->bind_dn;
@@ -540,13 +544,14 @@
props.authzid = dict_ldap->sasl_authz;
if ((rc = ldap_sasl_interactive_bind_s(dict_ldap->ld, NULL,
- dict_ldap->sasl_mechs, NULL, NULL,
- LDAP_SASL_QUIET, ldap_b2_interact,
- &props)) != LDAP_SUCCESS)
+ dict_ldap->sasl_mechs, NULL, NULL,
+ LDAP_SASL_QUIET, ldap_b2_interact,
+ &props)) != LDAP_SUCCESS)
return (rc);
return (LDAP_SUCCESS);
}
+
#endif
/* dict_ldap_bind_st - Synchronous simple auth with timeout */
@@ -554,6 +559,7 @@
static int dict_ldap_bind_st(DICT_LDAP *dict_ldap)
{
int rc;
+ int err = LDAP_SUCCESS;
int msgid;
LDAPMessage *res;
struct berval cred;
@@ -569,7 +575,8 @@
return (rc);
Home |
Main Index |
Thread Index |
Old Index