Prereq: "3.0.2" diff -cr --new-file /var/tmp/postfix-3.0.2/src/global/mail_version.h ./src/global/mail_version.h *** /var/tmp/postfix-3.0.2/src/global/mail_version.h 2015-07-20 19:18:59.000000000 -0400 --- ./src/global/mail_version.h 2015-10-10 11:36:36.000000000 -0400 *************** *** 20,27 **** * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20150720" ! #define MAIL_VERSION_NUMBER "3.0.2" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE --- 20,27 ---- * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ ! #define MAIL_RELEASE_DATE "20151010" ! #define MAIL_VERSION_NUMBER "3.0.3" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff -cr --new-file /var/tmp/postfix-3.0.2/HISTORY ./HISTORY *** /var/tmp/postfix-3.0.2/HISTORY 2015-07-19 18:24:25.000000000 -0400 --- ./HISTORY 2015-10-10 09:38:08.000000000 -0400 *************** *** 21665,21667 **** --- 21665,21729 ---- SSLv2 or SSLv3. See the RELEASE_NOTES file for how to get the old settings back. Files: global/mail_params.h, proto/postconf.proto, and files derived from those. + + 20150722 + + The COMPATIBILITY_README text and HTML files were not + installed. File: conf/postfix-files. + + 20150903 + + Workaround: disable DNSSEC support for AIX 7x and earlier. + The AIX 6/7 resolver(5) API defines RES_USE_DNSSEC without + defining the "ad" bit. Viktor Dukhovni. Files: makedefs, + proto/INSTALL.html, dns/dns.h. + + 20150923 + + Bugfix (introduced: 20120531-617): the Postfix SMTP server + used a larger-than-1 VSTREAM buffer to read the HAProxy + connection hand-off information. This broke TLS wrappermode, + as the TLS helo packet would end up in the plaintext VSTREAM + buffer. Reported by Lukas Erlacher. File: smtpd/smtpd_haproxy.c. + + 20150924 + + Bugfix (introduced: 20090216-24): incorrect postmulti error + message. Reported by Patrik Koetter. Fix by Viktor Dukhovni. + File: postmulti/postmulti.c. + + Workaround: don't create a new instance when the template + main.cf and master.cf files are missing, as happens on + Debian-like systems. Viktor Dukhovni. File: conf/postmulti-script. + + 20150925 + + Bugfix (introduced: 19970309, fixed 20150421 in development + release): reset errno before calling readdir(), in order + to distinguish between an end-of-directory and an error + condition. File: scandir.c. + + 20150930 + + Bugfix (introduced: 20040124): Milter client panic while + adding a header, because the PREPEND action used the same + output function for header_checks and body_checks. Viktor + Dukhovni and Wietse. File: cleanup/cleanup_message.c. + + Bugfix (introduced: 20031128): xtext_unquote() did not + propagate error reports from xtext_unquote_append(), causing + the decoder to return partial ouput, instead of rejecting + malformed input. Fix by Krzysztof Wojta. File: global/xtext.c. + + 20151003 + + Bugfix (copied from xtext): uxtext_unquote() did not propagate + error reports from uxtext_unquote_append(), causing the + decoder to return partial output, instead of rejecting + malformed input. Found by searching the code for similar + error patterns as with xtext_unquote(). File: global/uxtext.c. + + Bugfix (introduced: 20141130, fixed around 20150607 in + development release): the DNS multi-query clients forgot + to save and restore h_errno when evaluating the aggregate + result. File: dns/dns_lookup.c. diff -cr --new-file /var/tmp/postfix-3.0.2/INSTALL ./INSTALL *** /var/tmp/postfix-3.0.2/INSTALL 2015-02-08 15:08:47.000000000 -0500 --- ./INSTALL 2015-10-10 09:49:29.000000000 -0400 *************** *** 539,544 **** --- 539,547 ---- || |probably should also override DEF_DB_TYPE as | || |described in section 4.6. | ||_____________________________|______________________________________________| + ||-DNO_DNSSEC |Do not build with DNSSEC support, even if the | + || |resolver library appears to support it. | + ||_____________________________|______________________________________________| || |Do not build with Solaris /dev/poll support. | ||-DNO_DEVPOLL |By default, /dev/poll support is compiled in | || |on Solaris versions that are known to support | diff -cr --new-file /var/tmp/postfix-3.0.2/README_FILES/INSTALL ./README_FILES/INSTALL *** /var/tmp/postfix-3.0.2/README_FILES/INSTALL 2015-02-08 15:08:47.000000000 -0500 --- ./README_FILES/INSTALL 2015-10-10 09:49:29.000000000 -0400 *************** *** 539,544 **** --- 539,547 ---- || |probably should also override DEF_DB_TYPE as | || |described in section 4.6. | |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + ||-DNO_DNSSEC |Do not build with DNSSEC support, even if the | + || |resolver library appears to support it. | + |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | || |Do not build with Solaris /dev/poll support. | ||-DNO_DEVPOLL |By default, /dev/poll support is compiled in | || |on Solaris versions that are known to support | diff -cr --new-file /var/tmp/postfix-3.0.2/conf/postfix-files ./conf/postfix-files *** /var/tmp/postfix-3.0.2/conf/postfix-files 2014-06-25 16:06:00.000000000 -0400 --- ./conf/postfix-files 2015-07-22 17:22:59.000000000 -0400 *************** *** 274,279 **** --- 274,280 ---- $readme_directory/BASIC_CONFIGURATION_README:f:root:-:644 $readme_directory/BUILTIN_FILTER_README:f:root:-:644 $readme_directory/CDB_README:f:root:-:644 + $readme_directory/COMPATIBILITY_README:f:root:-:644 $readme_directory/CONNECTION_CACHE_README:f:root:-:644 $readme_directory/CONTENT_INSPECTION_README:f:root:-:644 $readme_directory/DATABASE_README:f:root:-:644 *************** *** 331,336 **** --- 332,338 ---- $html_directory/BASIC_CONFIGURATION_README.html:f:root:-:644 $html_directory/BUILTIN_FILTER_README.html:f:root:-:644 $html_directory/CDB_README.html:f:root:-:644 + $html_directory/COMPATIBILITY_README.html:f:root:-:644 $html_directory/CONNECTION_CACHE_README.html:f:root:-:644 $html_directory/CONTENT_INSPECTION_README.html:f:root:-:644 $html_directory/CYRUS_README.html:f:root:-:644:o diff -cr --new-file /var/tmp/postfix-3.0.2/conf/postmulti-script ./conf/postmulti-script *** /var/tmp/postfix-3.0.2/conf/postmulti-script 2014-06-24 20:30:51.000000000 -0400 --- ./conf/postmulti-script 2015-09-24 19:24:12.000000000 -0400 *************** *** 142,147 **** --- 142,152 ---- fatal "'$config_directory' lacks a master.cf file" } + test -f $meta_directory/main.cf.proto || + fatal "Missing main.cf prototype: $meta_directory/main.cf.proto" + test -f $meta_directory/master.cf.proto || + fatal "Missing master.cf prototype: $meta_directory/master.cf.proto" + # Create instance-specific directories # test -d $config_directory || diff -cr --new-file /var/tmp/postfix-3.0.2/html/INSTALL.html ./html/INSTALL.html *** /var/tmp/postfix-3.0.2/html/INSTALL.html 2015-02-08 15:08:47.000000000 -0500 --- ./html/INSTALL.html 2015-10-10 09:49:29.000000000 -0400 *************** *** 810,815 **** --- 810,819 ---- this, then you probably should also override DEF_DB_TYPE as described in section 4.6. + -DNO_DNSSEC Do not build with DNSSEC + support, even if the resolver library appears to support it. + + -DNO_DEVPOLL Do not build with Solaris /dev/poll support. By default, /dev/poll support is compiled in on Solaris versions that are known to support diff -cr --new-file /var/tmp/postfix-3.0.2/makedefs ./makedefs *** /var/tmp/postfix-3.0.2/makedefs 2015-07-19 10:24:25.000000000 -0400 --- ./makedefs 2015-10-10 09:40:48.000000000 -0400 *************** *** 45,50 **** --- 45,53 ---- # Do not build with Solaris /dev/poll support. # By default, /dev/poll support is compiled in on platforms that # are known to support it. + # .IP \fB-DNO_DNSSEC\fR + # Do not build with DNSSEC support, even if the resolver + # library appears to support it. # .IP \fB-DNO_EPOLL\fR # Do not build with Linux EPOLL support. # By default, EPOLL support is compiled in on platforms that *************** *** 387,404 **** --- 390,410 ---- ;; AIX.*) case "`uname -v`" in 6) SYSTYPE=AIX6 + CCARGS="$CCARGS -DNO_DNSSEC" case "$CC" in cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; esac CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" ;; 5) SYSTYPE=AIX5 + CCARGS="$CCARGS -DNO_DNSSEC" case "$CC" in cc|*/cc|xlc|*/xlc) CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; esac CCARGS="$CCARGS -D_ALL_SOURCE -DHAS_POSIX_REGEXP" ;; 4) SYSTYPE=AIX4 + CCARGS="$CCARGS -DNO_DNSSEC" # How embarrassing... case "$CC" in cc|*/cc|xlc|*/xlc) OPT=; CCARGS="$CCARGS -w -blibpath:/usr/lib:/lib:/usr/local/lib";; diff -cr --new-file /var/tmp/postfix-3.0.2/proto/INSTALL.html ./proto/INSTALL.html *** /var/tmp/postfix-3.0.2/proto/INSTALL.html 2015-02-08 15:08:45.000000000 -0500 --- ./proto/INSTALL.html 2015-10-10 09:49:16.000000000 -0400 *************** *** 810,815 **** --- 810,819 ---- this, then you probably should also override DEF_DB_TYPE as described in section 4.6. + -DNO_DNSSEC Do not build with DNSSEC + support, even if the resolver library appears to support it. + + -DNO_DEVPOLL Do not build with Solaris /dev/poll support. By default, /dev/poll support is compiled in on Solaris versions that are known to support diff -cr --new-file /var/tmp/postfix-3.0.2/src/cleanup/cleanup_message.c ./src/cleanup/cleanup_message.c *** /var/tmp/postfix-3.0.2/src/cleanup/cleanup_message.c 2014-12-06 20:35:33.000000000 -0500 --- ./src/cleanup/cleanup_message.c 2015-10-04 18:29:37.000000000 -0400 *************** *** 385,395 **** if (STREQUAL(value, "PREPEND", command_len)) { if (*optional_text == 0) { msg_warn("PREPEND action without text in %s map", map_class); ! } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0 ! && !is_header(optional_text)) { ! msg_warn("bad PREPEND header text \"%s\" in %s map -- " ! "need \"headername: headervalue\"", ! optional_text, map_class); } else { cleanup_act_log(state, "prepend", context, buf, optional_text); cleanup_out_string(state, REC_TYPE_NORM, optional_text); --- 385,404 ---- if (STREQUAL(value, "PREPEND", command_len)) { if (*optional_text == 0) { msg_warn("PREPEND action without text in %s map", map_class); ! } else if (strcmp(context, CLEANUP_ACT_CTXT_HEADER) == 0) { ! if (!is_header(optional_text)) { ! msg_warn("bad PREPEND header text \"%s\" in %s map -- " ! "need \"headername: headervalue\"", ! optional_text, map_class); ! } else { ! VSTRING *temp; ! ! cleanup_act_log(state, "prepend", context, buf, optional_text); ! temp = vstring_strcpy(vstring_alloc(strlen(optional_text)), ! optional_text); ! cleanup_out_header(state, temp); ! vstring_free(temp); ! } } else { cleanup_act_log(state, "prepend", context, buf, optional_text); cleanup_out_string(state, REC_TYPE_NORM, optional_text); diff -cr --new-file /var/tmp/postfix-3.0.2/src/dns/dns.h ./src/dns/dns.h *** /var/tmp/postfix-3.0.2/src/dns/dns.h 2014-12-02 17:44:03.000000000 -0500 --- ./src/dns/dns.h 2015-10-10 09:44:53.000000000 -0400 *************** *** 54,59 **** --- 54,66 ---- #endif + /* + * Disable DNSSEC at compile-time even if RES_USE_DNSSEC is available + */ + #ifdef NO_DNSSEC + #undef RES_USE_DNSSEC + #endif + /* * Compatibility with systems that lack RES_USE_DNSSEC and RES_USE_EDNS0 */ diff -cr --new-file /var/tmp/postfix-3.0.2/src/dns/dns_lookup.c ./src/dns/dns_lookup.c *** /var/tmp/postfix-3.0.2/src/dns/dns_lookup.c 2014-12-06 20:35:33.000000000 -0500 --- ./src/dns/dns_lookup.c 2015-10-03 17:01:51.000000000 -0400 *************** *** 790,795 **** --- 790,796 ---- int hpref_status = INT_MIN; VSTRING *hpref_rtext = 0; int hpref_rcode; + int hpref_h_errno; DNS_RR *rr; /* Save intermediate highest-priority result. */ *************** *** 801,806 **** --- 802,808 ---- vstring_strcpy(hpref_rtext ? hpref_rtext : \ (hpref_rtext = vstring_alloc(VSTRING_LEN(why))), \ vstring_str(why)); \ + hpref_h_errno = h_errno; \ } while (0) /* Restore intermediate highest-priority result. */ *************** *** 810,815 **** --- 812,818 ---- *rcode = hpref_rcode; \ if (why && status != DNS_OK) \ vstring_strcpy(why, vstring_str(hpref_rtext)); \ + SET_H_ERRNO(hpref_h_errno); \ } while (0) if (rrlist) *************** *** 862,867 **** --- 865,871 ---- int hpref_status = INT_MIN; VSTRING *hpref_rtext = 0; int hpref_rcode; + int hpref_h_errno; DNS_RR *rr; if (rrlist) diff -cr --new-file /var/tmp/postfix-3.0.2/src/global/uxtext.c ./src/global/uxtext.c *** /var/tmp/postfix-3.0.2/src/global/uxtext.c 2014-12-13 17:49:36.000000000 -0500 --- ./src/global/uxtext.c 2015-10-03 19:35:09.000000000 -0400 *************** *** 214,221 **** VSTRING *uxtext_unquote(VSTRING *unquoted, const char *quoted) { VSTRING_RESET(unquoted); ! uxtext_unquote_append(unquoted, quoted); ! return (unquoted); } #ifdef TEST --- 214,220 ---- VSTRING *uxtext_unquote(VSTRING *unquoted, const char *quoted) { VSTRING_RESET(unquoted); ! return (uxtext_unquote_append(unquoted, quoted) ? unquoted : 0); } #ifdef TEST diff -cr --new-file /var/tmp/postfix-3.0.2/src/global/xtext.c ./src/global/xtext.c *** /var/tmp/postfix-3.0.2/src/global/xtext.c 2014-07-17 09:00:44.000000000 -0400 --- ./src/global/xtext.c 2015-10-03 19:35:21.000000000 -0400 *************** *** 134,141 **** VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted) { VSTRING_RESET(unquoted); ! xtext_unquote_append(unquoted, quoted); ! return (unquoted); } #ifdef TEST --- 134,140 ---- VSTRING *xtext_unquote(VSTRING *unquoted, const char *quoted) { VSTRING_RESET(unquoted); ! return (xtext_unquote_append(unquoted, quoted) ? unquoted : 0); } #ifdef TEST diff -cr --new-file /var/tmp/postfix-3.0.2/src/postmulti/postmulti.c ./src/postmulti/postmulti.c *** /var/tmp/postfix-3.0.2/src/postmulti/postmulti.c 2015-02-08 12:38:30.000000000 -0500 --- ./src/postmulti/postmulti.c 2015-09-24 19:24:12.000000000 -0400 *************** *** 1711,1717 **** case 'e': if ((code = EDIT_CMD_CODE(optarg)) < 0) msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', " ! "'%s', '%s', '%s', '%s', '%s', '%s', '%s' or '%s'", optarg, EDIT_CMD_STR(EDIT_CMD_CREATE), EDIT_CMD_STR(EDIT_CMD_DESTROY), --- 1711,1717 ---- case 'e': if ((code = EDIT_CMD_CODE(optarg)) < 0) msg_fatal("Invalid '-e' edit action '%s'. Specify '%s', " ! "'%s', '%s', '%s', '%s', '%s', '%s' or '%s'", optarg, EDIT_CMD_STR(EDIT_CMD_CREATE), EDIT_CMD_STR(EDIT_CMD_DESTROY), *************** *** 1720,1727 **** EDIT_CMD_STR(EDIT_CMD_ENABLE), EDIT_CMD_STR(EDIT_CMD_DISABLE), EDIT_CMD_STR(EDIT_CMD_ASSIGN), ! EDIT_CMD_STR(EDIT_CMD_INIT), ! optarg); if (cmd_mode != code) command_mode_count++; cmd_mode = code; --- 1720,1726 ---- EDIT_CMD_STR(EDIT_CMD_ENABLE), EDIT_CMD_STR(EDIT_CMD_DISABLE), EDIT_CMD_STR(EDIT_CMD_ASSIGN), ! EDIT_CMD_STR(EDIT_CMD_INIT)); if (cmd_mode != code) command_mode_count++; cmd_mode = code; diff -cr --new-file /var/tmp/postfix-3.0.2/src/smtpd/smtpd_haproxy.c ./src/smtpd/smtpd_haproxy.c *** /var/tmp/postfix-3.0.2/src/smtpd/smtpd_haproxy.c 2012-06-30 17:12:00.000000000 -0400 --- ./src/smtpd/smtpd_haproxy.c 2015-10-03 19:36:38.000000000 -0400 *************** *** 96,101 **** --- 96,109 ---- VSTRING *escape_buf; /* + * While reading HAProxy handshake information, don't buffer input beyond + * the end-of-line. That would break the TLS wrappermode handshake. + */ + vstream_control(state->client, + VSTREAM_CTL_BUFSIZE, 1, + VSTREAM_CTL_END); + + /* * Note: the haproxy_srvr_parse() routine performs address protocol * checks, address and port syntax checks, and converts IPv4-in-IPv6 * address string syntax (:ffff::1.2.3.4) to IPv4 syntax where permitted *************** *** 142,147 **** --- 150,162 ---- * Avoid surprises in the Dovecot authentication server. */ state->dest_addr = mystrdup(smtp_server_addr.buf); + + /* + * Enable normal buffering. + */ + vstream_control(state->client, + VSTREAM_CTL_BUFSIZE, VSTREAM_BUFSIZE, + VSTREAM_CTL_END); return (0); } } diff -cr --new-file /var/tmp/postfix-3.0.2/src/util/scan_dir.c ./src/util/scan_dir.c *** /var/tmp/postfix-3.0.2/src/util/scan_dir.c 2014-12-06 20:35:33.000000000 -0500 --- ./src/util/scan_dir.c 2015-04-22 20:43:34.000000000 -0400 *************** *** 78,83 **** --- 78,84 ---- #endif #endif #include + #include /* Utility library. */ *************** *** 177,182 **** --- 178,190 ---- #define STREQ(x,y) (strcmp((x),(y)) == 0) if (info) { + + /* + * Fix 20150421: readdir() does not reset errno after reaching the + * end-of-directory. This dates back all the way to the initial + * implementation of 19970309. + */ + errno = 0; while ((dp = readdir(info->dir)) != 0) { if (STREQ(dp->d_name, ".") || STREQ(dp->d_name, "..")) { if (msg_verbose > 1)