Changes of Revision 62
| [-] [+] | Changed | postfix.spec |
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/HISTORY ^ |
| @@ -19728,3 +19728,25 @@ propagate error reports from xtext_unquote_append(), causing the decoder to return partial ouput, instead of rejecting malformed input. Fix by Krzysztof Wojta. File: global/xtext.c. + +20160310 + + Bugfix (introduced: Postfix 2.6): the Milter SMFIR_CHGFROM + (replace sender) request lost the sender_bcc_maps address. + Fixed by moving some record keeping to the sender output + function. Files: cleanup/cleanup_envelope.c, + cleanup/cleanup_addr.c, cleanup/cleanup_milter.c, + cleanup/cleanup.h, regression tests. + +20160410 + + Bugfix (introduced: Postfix 2.6): the "bad filetype" + header_checks pattern falsely rejected Content-Mumble headers + with ``name="example"; x-apple-part-url="example.com"''. + Fixed by respecting the ";" separator between content + attribute values. Reported by Cedric Knight. File: + proto/header_checks. + +20160515 + + Portability: OpenBSD 6.0. Files: makedefs, util/sys_defs.h. | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/conf/header_checks ^ |
| @@ -445,7 +445,7 @@ # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: -# /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( +# /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/html/header_checks.5.html ^ |
| @@ -26,7 +26,7 @@ <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i> <b>DESCRIPTION</b> - This document describes access control on the content of message head- + This document describes access control on the content of message head‐ ers and message body lines; it is implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server before mail is queued. See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client information. @@ -37,14 +37,14 @@ message body line. Note: message headers are examined one logical header at a time, even - when a message header spans multiple lines. Body lines are always exam- + when a message header spans multiple lines. Body lines are always exam‐ ined one line at a time. For examples, see the EXAMPLES section at the end of this manual page. Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood of mail from worms or viruses; they do not decode attachments, and they do not unzip - archives. See the documents referenced below in the README FILES sec- + archives. See the documents referenced below in the README FILES sec‐ tion if you need more sophisticated content analysis. <b>FILTERS WHILE RECEIVING MAIL</b> @@ -79,7 +79,7 @@ after the message is received: <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> (default: empty) - These are applied to headers that are added with Milter applica- + These are applied to headers that are added with Milter applica‐ tions. This feature is available in Postfix 2.7 and later. @@ -105,7 +105,7 @@ <b>TABLE FORMAT</b> This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules are specified in the form of Postfix regular expression lookup tables. Usually the - best performance is obtained with <b>pcre</b> (Perl Compatible Regular Expres- + best performance is obtained with <b>pcre</b> (Perl Compatible Regular Expres‐ sion) tables. The <b>regexp</b> (POSIX regular expressions) tables are usually slower, but more widely available. Use the command "<b>postconf -m</b>" to find out what lookup table types your Postfix system supports. @@ -115,17 +115,17 @@ or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respectively. <b>/</b><i>pattern</i><b>/</b><i>flags action</i> - When /<i>pattern</i>/ matches the input string, execute the correspond- + When /<i>pattern</i>/ matches the input string, execute the correspond‐ ing <i>action</i>. See below for a list of possible actions. <b>!/</b><i>pattern</i><b>/</b><i>flags action</i> - When /<i>pattern</i>/ does <b>not</b> match the input string, execute the cor- + When /<i>pattern</i>/ does <b>not</b> match the input string, execute the cor‐ responding <i>action</i>. <b>if /</b><i>pattern</i><b>/</b><i>flags</i> <b>endif</b> Match the input string against the patterns between <b>if</b> and - <b>endif</b>, if and only if the same input string also matches /<i>pat-</i> + <b>endif</b>, if and only if the same input string also matches /<i>pat‐</i> <i>tern</i>/. The <b>if</b>..<b>endif</b> can nest. Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>. @@ -133,7 +133,7 @@ <b>if !/</b><i>pattern</i><b>/</b><i>flags</i> <b>endif</b> Match the input string against the patterns between <b>if</b> and - <b>endif</b>, if and only if the same input string does <b>not</b> match /<i>pat-</i> + <b>endif</b>, if and only if the same input string does <b>not</b> match /<i>pat‐</i> <i>tern</i>/. The <b>if</b>..<b>endif</b> can nest. blank lines and comments @@ -168,10 +168,10 @@ Claim successful delivery and silently discard the message. Log the optional text if specified, otherwise log a generic message. - Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec- - tion of the current message and affects all recipients. To dis- + Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec‐ + tion of the current message and affects all recipients. To dis‐ card only one recipient without discarding the entire message, - use the <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> ser- + use the <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> ser‐ vice. This feature is available in Postfix 2.0 and later. @@ -190,8 +190,8 @@ <b>FILTER</b> <i>transport:destination</i> After the message is queued, send the entire message through the specified external content filter. The <i>transport</i> name specifies - the first field of a mail delivery agent definition in <a href="master.5.html">mas- - ter.cf</a>; the syntax of the next-hop <i>destination</i> is described in + the first field of a mail delivery agent definition in mas‐ + ter.cf; the syntax of the next-hop <i>destination</i> is described in the manual page of the corresponding delivery agent. More information about external content filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file. @@ -200,19 +200,19 @@ <i>transport</i> or <i>destination</i> unless you know that the information has a trusted origin. - Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set- + Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set‐ ting, and affects all recipients of the message. In the case - that multiple <b>FILTER</b> actions fire, only the last one is exe- + that multiple <b>FILTER</b> actions fire, only the last one is exe‐ cuted. Note 3: the purpose of the FILTER command is to override message routing. To override the recipient's <i>transport</i> but not the - next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post- + next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post‐ fix 2.7 and later), or specify a <i>transport:destination</i> that delivers through a different Postfix instance (Postfix 2.6 and - earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b> - <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b> - <b>_transport_maps</a></b> features. + earlier). Other options are using the recipient-dependent <b>trans</b>‐‐ + <b>port_maps</b> or the sender-dependent <b>sender_dependent_default</b>‐‐ + <b>_transport_maps</b> features. This feature is available in Postfix 2.0 and later. @@ -255,19 +255,19 @@ Notes: - <b>o</b> The prepended text is output on a separate line, immedi- + · The prepended text is output on a separate line, immedi‐ ately before the input that triggered the <b>PREPEND</b> action. - <b>o</b> The prepended text is not considered part of the input + · The prepended text is not considered part of the input stream: it is not subject to header/body checks or address rewriting, and it does not affect the way that Postfix adds missing message headers. - <b>o</b> When prepending text before a message header line, the + · When prepending text before a message header line, the prepended text must begin with a valid message header label. - <b>o</b> This action cannot be used to prepend multi-line text. + · This action cannot be used to prepend multi-line text. This feature is available in Postfix 2.1 and later. @@ -291,15 +291,15 @@ Replace the current line with the specified text, and inspect the next input line. - This feature is available in Postfix 2.2 and later. The descrip- + This feature is available in Postfix 2.2 and later. The descrip‐ tion below applies to Postfix 2.2.2 and later. Notes: - <b>o</b> When replacing a message header line, the replacement + · When replacing a message header line, the replacement text must begin with a valid header label. - <b>o</b> The replaced text remains part of the input stream. + · The replaced text remains part of the input stream. Unlike the result from the <b>PREPEND</b> action, a replaced message header may be subject to address rewriting and may affect the way that Postfix adds missing message @@ -310,7 +310,7 @@ optional text is specified, otherwise reply with a generic error message. - Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec- + Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec‐ tion of the current message and affects all recipients. Postfix version 2.3 and later support enhanced status codes. @@ -333,14 +333,14 @@ Many people overlook the main limitations of header and <a href="postconf.5.html#body_checks">body_checks</a> rules. - <b>o</b> These rules operate on one logical message header or one body + · These rules operate on one logical message header or one body line at a time. A decision made for one line is not carried over to the next line. - <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules + · If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules need to be specified for the encoded form. - <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the + · Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the rules need to be specified for the encoded form. Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are excluded from @@ -368,13 +368,13 @@ <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>) Lookup tables with content filter rules for message header lines: respectively, these are applied to the initial message - headers (not including MIME headers), to the MIME headers any- + headers (not including MIME headers), to the MIME headers any‐ where in the message, and to the initial headers of attached messages. Note: these filters see one logical message header at a time, even when a message header spans multiple lines. Message headers - that are longer than <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are trun- + that are longer than <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are trun‐ cated. <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b> @@ -397,7 +397,7 @@ <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>: - /^Content-(Disposition|Type).*name\s*=\s*"?(.*(\.|=2E)( + /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/html/postscreen.8.html ^ |
| @@ -81,10 +81,10 @@ The optional "after 220 server greeting" tests involve <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> - adds the client to the temporary whitelist, but it cannot not hand off - the "live" connection to a Postfix SMTP server process in the middle of - a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to deliver mail with - a 4XX status, and waits for the client to disconnect. When the client + adds the client to the temporary whitelist, but it cannot hand off the + "live" connection to a Postfix SMTP server process in the middle of a + session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to deliver mail with a + 4XX status, and waits for the client to disconnect. When the client connects again, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Post- fix SMTP server process (provided that the whitelist status has not expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of this limitation by | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/man/man5/header_checks.5 ^ |
| @@ -422,7 +422,7 @@ header_checks = pcre:/etc/postfix/header_checks.pcre /etc/postfix/header_checks.pcre: - /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( + /^Content-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| hlp|ht[at]| inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/man/man8/postscreen.8 ^ |
| @@ -93,7 +93,7 @@ The optional "after 220 server greeting" tests involve \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When these tests succeed, \fBpostscreen\fR(8) adds the client -to the temporary whitelist, but it cannot not hand off the +to the temporary whitelist, but it cannot hand off the "live" connection to a Postfix SMTP server process in the middle of a session. Instead, \fBpostscreen\fR(8) defers attempts to deliver mail with a 4XX status, and waits for | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/proto/Makefile.in ^ |
| @@ -98,7 +98,7 @@ SRCTOMAN= ../mantools/srctoman POSTLINK= ../mantools/postlink DETAB = pr -tre -NROFF = GROFF_NO_SGR=1 nroff +NROFF = LANG=C GROFF_NO_SGR=1 nroff HT2READ = ../mantools/html2readme MAKEAAA = ../mantools/makereadme MAKESOHO= ../mantools/make_soho_readme | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/proto/header_checks ^ |
| @@ -421,7 +421,7 @@ # header_checks = pcre:/etc/postfix/header_checks.pcre # # /etc/postfix/header_checks.pcre: -# /^Content-(Disposition|Type).*name\es*=\es*"?(.*(\e.|=2E)( +# /^Content-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( # ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| # hlp|ht[at]| # inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/src/cleanup/cleanup.h ^ |
| @@ -284,7 +284,7 @@ /* * cleanup_addr.c. */ -extern void cleanup_addr_sender(CLEANUP_STATE *, const char *); +extern off_t cleanup_addr_sender(CLEANUP_STATE *, const char *); extern void cleanup_addr_recipient(CLEANUP_STATE *, const char *); extern void cleanup_addr_bcc_dsn(CLEANUP_STATE *, const char *, const char *, int); | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/src/cleanup/cleanup_addr.c ^ |
| @@ -6,7 +6,7 @@ /* SYNOPSIS /* #include <cleanup.h> /* -/* void cleanup_addr_sender(state, addr) +/* off_t cleanup_addr_sender(state, addr) /* CLEANUP_STATE *state; /* const char *addr; /* @@ -29,7 +29,8 @@ /* sender/recipient auto bcc address generation. /* /* cleanup_addr_sender() processes sender envelope information and updates -/* state->sender. +/* state->sender. The result value is the offset of the record that +/* follows the sender record if milters are enabled, otherwise zero. /* /* cleanup_addr_recipient() processes recipient envelope information /* and updates state->recip. @@ -85,6 +86,7 @@ /* Global library. */ #include <rec_type.h> +#include <record.h> #include <cleanup_user.h> #include <mail_params.h> #include <ext_prop.h> @@ -99,14 +101,18 @@ #include "cleanup.h" #define STR vstring_str +#define LEN VSTRING_LEN #define IGNORE_EXTENSION (char **) 0 /* cleanup_addr_sender - process envelope sender record */ -void cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) +off_t cleanup_addr_sender(CLEANUP_STATE *state, const char *buf) { + const char myname[] = "cleanup_addr_sender"; VSTRING *clean_addr = vstring_alloc(100); + off_t after_sender_offs = 0; const char *bcc; + size_t len; /* * Note: an unqualified envelope address is for all practical purposes @@ -142,6 +148,15 @@ if (state->sender) /* XXX Can't happen */ myfree(state->sender); state->sender = mystrdup(STR(clean_addr)); /* Used by Milter client */ + /* Fix 20160310: Moved from cleanup_envelope.c. */ + if (state->milters || cleanup_milters) { + /* Make room to replace sender. */ + if ((len = LEN(clean_addr)) < REC_TYPE_PTR_PAYL_SIZE) + rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len); + /* Remember the after-sender record offset. */ + if ((after_sender_offs = vstream_ftell(state->dst)) < 0) + msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); + } if ((state->flags & CLEANUP_FLAG_BCC_OK) && *STR(clean_addr) && cleanup_send_bcc_maps) { @@ -156,6 +171,7 @@ } } vstring_free(clean_addr); + return after_sender_offs; } /* cleanup_addr_recipient - process envelope recipient */ | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/src/cleanup/cleanup_envelope.c ^ |
| @@ -370,6 +370,8 @@ return; } if (type == REC_TYPE_FROM) { + off_t after_sender_offs; + /* Allow only one instance. */ if (state->sender != 0) { msg_warn("%s: message rejected: multiple envelope sender records", @@ -382,14 +384,10 @@ if ((state->sender_pt_offset = vstream_ftell(state->dst)) < 0) msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); } - cleanup_addr_sender(state, buf); + after_sender_offs = cleanup_addr_sender(state, buf); if (state->milters || cleanup_milters) { - /* Make room to replace sender. */ - if ((len = strlen(state->sender)) < REC_TYPE_PTR_PAYL_SIZE) - rec_pad(state->dst, REC_TYPE_PTR, REC_TYPE_PTR_PAYL_SIZE - len); /* Remember the after-sender record offset. */ - if ((state->sender_pt_target = vstream_ftell(state->dst)) < 0) - msg_fatal("%s: vstream_ftell %s: %m:", myname, cleanup_path); + state->sender_pt_target = after_sender_offs; } if (cleanup_milters != 0 && state->milters == 0 | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/src/cleanup/cleanup_milter.c ^ |
| @@ -1304,6 +1304,7 @@ const char *myname = "cleanup_chg_from"; CLEANUP_STATE *state = (CLEANUP_STATE *) context; off_t new_sender_offset; + off_t after_sender_offs; int addr_count; TOK822 *tree; TOK822 *tp; @@ -1367,10 +1368,11 @@ } } tok822_free_tree(tree); - cleanup_addr_sender(state, STR(int_sender_buf)); + after_sender_offs = cleanup_addr_sender(state, STR(int_sender_buf)); vstring_free(int_sender_buf); cleanup_out_format(state, REC_TYPE_PTR, REC_TYPE_PTR_FORMAT, (long) state->sender_pt_target); + state->sender_pt_target = after_sender_offs; /* * Overwrite the original sender record with the pointer to the new @@ -2517,6 +2519,19 @@ var_milt_head_checks = mystrdup(argv->argv[1]); cleanup_milter_header_checks_init(state); } + } else if (strcmp(argv->argv[0], "sender_bcc_maps") == 0) { + if (argv->argc != 2) { + msg_warn("bad sender_bcc_maps argument count: %ld", + (long) argv->argc); + } else { + if (cleanup_send_bcc_maps) + maps_free(cleanup_send_bcc_maps); + cleanup_send_bcc_maps = + maps_create("sender_bcc_maps", argv->argv[1], + DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); + state->flags |= CLEANUP_FLAG_BCC_OK; + var_rcpt_delim = ""; + } } else { msg_warn("bad command: %s", argv->argv[0]); } | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/src/global/mail_version.h ^ |
| @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20151010" -#define MAIL_VERSION_NUMBER "2.11.7" +#define MAIL_RELEASE_DATE "20150515" +#define MAIL_VERSION_NUMBER "2.11.8" #ifdef SNAPSHOT #define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE | ||
| [-] [+] | Changed | _service:download_files:postfix-2.11.8.tar.gz/src/postscreen/postscreen.c ^ |
| @@ -79,7 +79,7 @@ /* The optional "after 220 server greeting" tests involve /* \fBpostscreen\fR(8)'s built-in SMTP protocol engine. When /* these tests succeed, \fBpostscreen\fR(8) adds the client -/* to the temporary whitelist, but it cannot not hand off the +/* to the temporary whitelist, but it cannot hand off the /* "live" connection to a Postfix SMTP server process in the /* middle of a session. Instead, \fBpostscreen\fR(8) defers /* attempts to deliver mail with a 4XX status, and waits for | ||